1238384Sjkim/* crypto/ts/ts.h */ 2238384Sjkim/* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL 3238384Sjkim * project 2002, 2003, 2004. 4238384Sjkim */ 5238384Sjkim/* ==================================================================== 6238384Sjkim * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7238384Sjkim * 8238384Sjkim * Redistribution and use in source and binary forms, with or without 9238384Sjkim * modification, are permitted provided that the following conditions 10238384Sjkim * are met: 11238384Sjkim * 12238384Sjkim * 1. Redistributions of source code must retain the above copyright 13238384Sjkim * notice, this list of conditions and the following disclaimer. 14238384Sjkim * 15238384Sjkim * 2. Redistributions in binary form must reproduce the above copyright 16238384Sjkim * notice, this list of conditions and the following disclaimer in 17238384Sjkim * the documentation and/or other materials provided with the 18238384Sjkim * distribution. 19238384Sjkim * 20238384Sjkim * 3. All advertising materials mentioning features or use of this 21238384Sjkim * software must display the following acknowledgment: 22238384Sjkim * "This product includes software developed by the OpenSSL Project 23238384Sjkim * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24238384Sjkim * 25238384Sjkim * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26238384Sjkim * endorse or promote products derived from this software without 27238384Sjkim * prior written permission. For written permission, please contact 28238384Sjkim * licensing@OpenSSL.org. 29238384Sjkim * 30238384Sjkim * 5. Products derived from this software may not be called "OpenSSL" 31238384Sjkim * nor may "OpenSSL" appear in their names without prior written 32238384Sjkim * permission of the OpenSSL Project. 33238384Sjkim * 34238384Sjkim * 6. Redistributions of any form whatsoever must retain the following 35238384Sjkim * acknowledgment: 36238384Sjkim * "This product includes software developed by the OpenSSL Project 37238384Sjkim * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38238384Sjkim * 39238384Sjkim * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40238384Sjkim * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41238384Sjkim * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42238384Sjkim * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43238384Sjkim * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44238384Sjkim * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45238384Sjkim * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46238384Sjkim * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47238384Sjkim * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48238384Sjkim * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49238384Sjkim * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50238384Sjkim * OF THE POSSIBILITY OF SUCH DAMAGE. 51238384Sjkim * ==================================================================== 52238384Sjkim * 53238384Sjkim * This product includes cryptographic software written by Eric Young 54238384Sjkim * (eay@cryptsoft.com). This product includes software written by Tim 55238384Sjkim * Hudson (tjh@cryptsoft.com). 56238384Sjkim * 57238384Sjkim */ 58238384Sjkim 59238384Sjkim#ifndef HEADER_TS_H 60238384Sjkim#define HEADER_TS_H 61238384Sjkim 62238384Sjkim#include <openssl/opensslconf.h> 63238384Sjkim#include <openssl/symhacks.h> 64238384Sjkim#ifndef OPENSSL_NO_BUFFER 65238384Sjkim#include <openssl/buffer.h> 66238384Sjkim#endif 67238384Sjkim#ifndef OPENSSL_NO_EVP 68238384Sjkim#include <openssl/evp.h> 69238384Sjkim#endif 70238384Sjkim#ifndef OPENSSL_NO_BIO 71238384Sjkim#include <openssl/bio.h> 72238384Sjkim#endif 73238384Sjkim#include <openssl/stack.h> 74238384Sjkim#include <openssl/asn1.h> 75238384Sjkim#include <openssl/safestack.h> 76238384Sjkim 77238384Sjkim#ifndef OPENSSL_NO_RSA 78238384Sjkim#include <openssl/rsa.h> 79238384Sjkim#endif 80238384Sjkim 81238384Sjkim#ifndef OPENSSL_NO_DSA 82238384Sjkim#include <openssl/dsa.h> 83238384Sjkim#endif 84238384Sjkim 85238384Sjkim#ifndef OPENSSL_NO_DH 86238384Sjkim#include <openssl/dh.h> 87238384Sjkim#endif 88238384Sjkim 89238384Sjkim#ifdef __cplusplus 90238384Sjkimextern "C" { 91238384Sjkim#endif 92238384Sjkim 93238384Sjkim#ifdef WIN32 94238384Sjkim/* Under Win32 this is defined in wincrypt.h */ 95238384Sjkim#undef X509_NAME 96238384Sjkim#endif 97238384Sjkim 98238384Sjkim#include <openssl/x509.h> 99238384Sjkim#include <openssl/x509v3.h> 100238384Sjkim 101238384Sjkim/* 102238384SjkimMessageImprint ::= SEQUENCE { 103238384Sjkim hashAlgorithm AlgorithmIdentifier, 104238384Sjkim hashedMessage OCTET STRING } 105238384Sjkim*/ 106238384Sjkim 107238384Sjkimtypedef struct TS_msg_imprint_st 108238384Sjkim { 109238384Sjkim X509_ALGOR *hash_algo; 110238384Sjkim ASN1_OCTET_STRING *hashed_msg; 111238384Sjkim } TS_MSG_IMPRINT; 112238384Sjkim 113238384Sjkim/* 114238384SjkimTimeStampReq ::= SEQUENCE { 115238384Sjkim version INTEGER { v1(1) }, 116238384Sjkim messageImprint MessageImprint, 117238384Sjkim --a hash algorithm OID and the hash value of the data to be 118238384Sjkim --time-stamped 119238384Sjkim reqPolicy TSAPolicyId OPTIONAL, 120238384Sjkim nonce INTEGER OPTIONAL, 121238384Sjkim certReq BOOLEAN DEFAULT FALSE, 122238384Sjkim extensions [0] IMPLICIT Extensions OPTIONAL } 123238384Sjkim*/ 124238384Sjkim 125238384Sjkimtypedef struct TS_req_st 126238384Sjkim { 127238384Sjkim ASN1_INTEGER *version; 128238384Sjkim TS_MSG_IMPRINT *msg_imprint; 129238384Sjkim ASN1_OBJECT *policy_id; /* OPTIONAL */ 130238384Sjkim ASN1_INTEGER *nonce; /* OPTIONAL */ 131238384Sjkim ASN1_BOOLEAN cert_req; /* DEFAULT FALSE */ 132238384Sjkim STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */ 133238384Sjkim } TS_REQ; 134238384Sjkim 135238384Sjkim/* 136238384SjkimAccuracy ::= SEQUENCE { 137238384Sjkim seconds INTEGER OPTIONAL, 138238384Sjkim millis [0] INTEGER (1..999) OPTIONAL, 139238384Sjkim micros [1] INTEGER (1..999) OPTIONAL } 140238384Sjkim*/ 141238384Sjkim 142238384Sjkimtypedef struct TS_accuracy_st 143238384Sjkim { 144238384Sjkim ASN1_INTEGER *seconds; 145238384Sjkim ASN1_INTEGER *millis; 146238384Sjkim ASN1_INTEGER *micros; 147238384Sjkim } TS_ACCURACY; 148238384Sjkim 149238384Sjkim/* 150238384SjkimTSTInfo ::= SEQUENCE { 151238384Sjkim version INTEGER { v1(1) }, 152238384Sjkim policy TSAPolicyId, 153238384Sjkim messageImprint MessageImprint, 154238384Sjkim -- MUST have the same value as the similar field in 155238384Sjkim -- TimeStampReq 156238384Sjkim serialNumber INTEGER, 157238384Sjkim -- Time-Stamping users MUST be ready to accommodate integers 158238384Sjkim -- up to 160 bits. 159238384Sjkim genTime GeneralizedTime, 160238384Sjkim accuracy Accuracy OPTIONAL, 161238384Sjkim ordering BOOLEAN DEFAULT FALSE, 162238384Sjkim nonce INTEGER OPTIONAL, 163238384Sjkim -- MUST be present if the similar field was present 164238384Sjkim -- in TimeStampReq. In that case it MUST have the same value. 165238384Sjkim tsa [0] GeneralName OPTIONAL, 166238384Sjkim extensions [1] IMPLICIT Extensions OPTIONAL } 167238384Sjkim*/ 168238384Sjkim 169238384Sjkimtypedef struct TS_tst_info_st 170238384Sjkim { 171238384Sjkim ASN1_INTEGER *version; 172238384Sjkim ASN1_OBJECT *policy_id; 173238384Sjkim TS_MSG_IMPRINT *msg_imprint; 174238384Sjkim ASN1_INTEGER *serial; 175238384Sjkim ASN1_GENERALIZEDTIME *time; 176238384Sjkim TS_ACCURACY *accuracy; 177238384Sjkim ASN1_BOOLEAN ordering; 178238384Sjkim ASN1_INTEGER *nonce; 179238384Sjkim GENERAL_NAME *tsa; 180238384Sjkim STACK_OF(X509_EXTENSION) *extensions; 181238384Sjkim } TS_TST_INFO; 182238384Sjkim 183238384Sjkim/* 184238384SjkimPKIStatusInfo ::= SEQUENCE { 185238384Sjkim status PKIStatus, 186238384Sjkim statusString PKIFreeText OPTIONAL, 187238384Sjkim failInfo PKIFailureInfo OPTIONAL } 188238384Sjkim 189238384SjkimFrom RFC 1510 - section 3.1.1: 190238384SjkimPKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String 191238384Sjkim -- text encoded as UTF-8 String (note: each UTF8String SHOULD 192238384Sjkim -- include an RFC 1766 language tag to indicate the language 193238384Sjkim -- of the contained text) 194238384Sjkim*/ 195238384Sjkim 196238384Sjkim/* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ 197238384Sjkim 198238384Sjkim#define TS_STATUS_GRANTED 0 199238384Sjkim#define TS_STATUS_GRANTED_WITH_MODS 1 200238384Sjkim#define TS_STATUS_REJECTION 2 201238384Sjkim#define TS_STATUS_WAITING 3 202238384Sjkim#define TS_STATUS_REVOCATION_WARNING 4 203238384Sjkim#define TS_STATUS_REVOCATION_NOTIFICATION 5 204238384Sjkim 205238384Sjkim/* Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c */ 206238384Sjkim 207238384Sjkim#define TS_INFO_BAD_ALG 0 208238384Sjkim#define TS_INFO_BAD_REQUEST 2 209238384Sjkim#define TS_INFO_BAD_DATA_FORMAT 5 210238384Sjkim#define TS_INFO_TIME_NOT_AVAILABLE 14 211238384Sjkim#define TS_INFO_UNACCEPTED_POLICY 15 212238384Sjkim#define TS_INFO_UNACCEPTED_EXTENSION 16 213238384Sjkim#define TS_INFO_ADD_INFO_NOT_AVAILABLE 17 214238384Sjkim#define TS_INFO_SYSTEM_FAILURE 25 215238384Sjkim 216238384Sjkimtypedef struct TS_status_info_st 217238384Sjkim { 218238384Sjkim ASN1_INTEGER *status; 219238384Sjkim STACK_OF(ASN1_UTF8STRING) *text; 220238384Sjkim ASN1_BIT_STRING *failure_info; 221238384Sjkim } TS_STATUS_INFO; 222238384Sjkim 223238384SjkimDECLARE_STACK_OF(ASN1_UTF8STRING) 224238384SjkimDECLARE_ASN1_SET_OF(ASN1_UTF8STRING) 225238384Sjkim 226238384Sjkim/* 227238384SjkimTimeStampResp ::= SEQUENCE { 228238384Sjkim status PKIStatusInfo, 229238384Sjkim timeStampToken TimeStampToken OPTIONAL } 230238384Sjkim*/ 231238384Sjkim 232238384Sjkimtypedef struct TS_resp_st 233238384Sjkim { 234238384Sjkim TS_STATUS_INFO *status_info; 235238384Sjkim PKCS7 *token; 236238384Sjkim TS_TST_INFO *tst_info; 237238384Sjkim } TS_RESP; 238238384Sjkim 239238384Sjkim/* The structure below would belong to the ESS component. */ 240238384Sjkim 241238384Sjkim/* 242238384SjkimIssuerSerial ::= SEQUENCE { 243238384Sjkim issuer GeneralNames, 244238384Sjkim serialNumber CertificateSerialNumber 245238384Sjkim } 246238384Sjkim*/ 247238384Sjkim 248238384Sjkimtypedef struct ESS_issuer_serial 249238384Sjkim { 250238384Sjkim STACK_OF(GENERAL_NAME) *issuer; 251238384Sjkim ASN1_INTEGER *serial; 252238384Sjkim } ESS_ISSUER_SERIAL; 253238384Sjkim 254238384Sjkim/* 255238384SjkimESSCertID ::= SEQUENCE { 256238384Sjkim certHash Hash, 257238384Sjkim issuerSerial IssuerSerial OPTIONAL 258238384Sjkim} 259238384Sjkim*/ 260238384Sjkim 261238384Sjkimtypedef struct ESS_cert_id 262238384Sjkim { 263238384Sjkim ASN1_OCTET_STRING *hash; /* Always SHA-1 digest. */ 264238384Sjkim ESS_ISSUER_SERIAL *issuer_serial; 265238384Sjkim } ESS_CERT_ID; 266238384Sjkim 267238384SjkimDECLARE_STACK_OF(ESS_CERT_ID) 268238384SjkimDECLARE_ASN1_SET_OF(ESS_CERT_ID) 269238384Sjkim 270238384Sjkim/* 271238384SjkimSigningCertificate ::= SEQUENCE { 272238384Sjkim certs SEQUENCE OF ESSCertID, 273238384Sjkim policies SEQUENCE OF PolicyInformation OPTIONAL 274238384Sjkim} 275238384Sjkim*/ 276238384Sjkim 277238384Sjkimtypedef struct ESS_signing_cert 278238384Sjkim { 279238384Sjkim STACK_OF(ESS_CERT_ID) *cert_ids; 280238384Sjkim STACK_OF(POLICYINFO) *policy_info; 281238384Sjkim } ESS_SIGNING_CERT; 282238384Sjkim 283238384Sjkim 284238384SjkimTS_REQ *TS_REQ_new(void); 285238384Sjkimvoid TS_REQ_free(TS_REQ *a); 286238384Sjkimint i2d_TS_REQ(const TS_REQ *a, unsigned char **pp); 287238384SjkimTS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length); 288238384Sjkim 289238384SjkimTS_REQ *TS_REQ_dup(TS_REQ *a); 290238384Sjkim 291238384SjkimTS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a); 292238384Sjkimint i2d_TS_REQ_fp(FILE *fp, TS_REQ *a); 293238384SjkimTS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a); 294238384Sjkimint i2d_TS_REQ_bio(BIO *fp, TS_REQ *a); 295238384Sjkim 296238384SjkimTS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void); 297238384Sjkimvoid TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a); 298238384Sjkimint i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp); 299238384SjkimTS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a, 300238384Sjkim const unsigned char **pp, long length); 301238384Sjkim 302238384SjkimTS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a); 303238384Sjkim 304238384SjkimTS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a); 305238384Sjkimint i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a); 306238384SjkimTS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a); 307238384Sjkimint i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a); 308238384Sjkim 309238384SjkimTS_RESP *TS_RESP_new(void); 310238384Sjkimvoid TS_RESP_free(TS_RESP *a); 311238384Sjkimint i2d_TS_RESP(const TS_RESP *a, unsigned char **pp); 312238384SjkimTS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length); 313238384SjkimTS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token); 314238384SjkimTS_RESP *TS_RESP_dup(TS_RESP *a); 315238384Sjkim 316238384SjkimTS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a); 317238384Sjkimint i2d_TS_RESP_fp(FILE *fp, TS_RESP *a); 318238384SjkimTS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a); 319238384Sjkimint i2d_TS_RESP_bio(BIO *fp, TS_RESP *a); 320238384Sjkim 321238384SjkimTS_STATUS_INFO *TS_STATUS_INFO_new(void); 322238384Sjkimvoid TS_STATUS_INFO_free(TS_STATUS_INFO *a); 323238384Sjkimint i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp); 324238384SjkimTS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a, 325238384Sjkim const unsigned char **pp, long length); 326238384SjkimTS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a); 327238384Sjkim 328238384SjkimTS_TST_INFO *TS_TST_INFO_new(void); 329238384Sjkimvoid TS_TST_INFO_free(TS_TST_INFO *a); 330238384Sjkimint i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp); 331238384SjkimTS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp, 332238384Sjkim long length); 333238384SjkimTS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a); 334238384Sjkim 335238384SjkimTS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a); 336238384Sjkimint i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a); 337238384SjkimTS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a); 338238384Sjkimint i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a); 339238384Sjkim 340238384SjkimTS_ACCURACY *TS_ACCURACY_new(void); 341238384Sjkimvoid TS_ACCURACY_free(TS_ACCURACY *a); 342238384Sjkimint i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp); 343238384SjkimTS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp, 344238384Sjkim long length); 345238384SjkimTS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a); 346238384Sjkim 347238384SjkimESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void); 348238384Sjkimvoid ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a); 349238384Sjkimint i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, 350238384Sjkim unsigned char **pp); 351238384SjkimESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a, 352238384Sjkim const unsigned char **pp, long length); 353238384SjkimESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a); 354238384Sjkim 355238384SjkimESS_CERT_ID *ESS_CERT_ID_new(void); 356238384Sjkimvoid ESS_CERT_ID_free(ESS_CERT_ID *a); 357238384Sjkimint i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp); 358238384SjkimESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp, 359238384Sjkim long length); 360238384SjkimESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a); 361238384Sjkim 362238384SjkimESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void); 363238384Sjkimvoid ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a); 364238384Sjkimint i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, 365238384Sjkim unsigned char **pp); 366238384SjkimESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a, 367238384Sjkim const unsigned char **pp, long length); 368238384SjkimESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a); 369238384Sjkim 370238384Sjkimvoid ERR_load_TS_strings(void); 371238384Sjkim 372238384Sjkimint TS_REQ_set_version(TS_REQ *a, long version); 373238384Sjkimlong TS_REQ_get_version(const TS_REQ *a); 374238384Sjkim 375238384Sjkimint TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint); 376238384SjkimTS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a); 377238384Sjkim 378238384Sjkimint TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg); 379238384SjkimX509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a); 380238384Sjkim 381238384Sjkimint TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len); 382238384SjkimASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a); 383238384Sjkim 384238384Sjkimint TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy); 385238384SjkimASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a); 386238384Sjkim 387238384Sjkimint TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce); 388238384Sjkimconst ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a); 389238384Sjkim 390238384Sjkimint TS_REQ_set_cert_req(TS_REQ *a, int cert_req); 391238384Sjkimint TS_REQ_get_cert_req(const TS_REQ *a); 392238384Sjkim 393238384SjkimSTACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a); 394238384Sjkimvoid TS_REQ_ext_free(TS_REQ *a); 395238384Sjkimint TS_REQ_get_ext_count(TS_REQ *a); 396238384Sjkimint TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos); 397238384Sjkimint TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos); 398238384Sjkimint TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos); 399238384SjkimX509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc); 400238384SjkimX509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc); 401238384Sjkimint TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc); 402238384Sjkimvoid *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx); 403238384Sjkim 404238384Sjkim/* Function declarations for TS_REQ defined in ts/ts_req_print.c */ 405238384Sjkim 406238384Sjkimint TS_REQ_print_bio(BIO *bio, TS_REQ *a); 407238384Sjkim 408238384Sjkim/* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ 409238384Sjkim 410238384Sjkimint TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info); 411238384SjkimTS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a); 412238384Sjkim 413238384Sjkim/* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ 414238384Sjkimvoid TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info); 415238384SjkimPKCS7 *TS_RESP_get_token(TS_RESP *a); 416238384SjkimTS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a); 417238384Sjkim 418238384Sjkimint TS_TST_INFO_set_version(TS_TST_INFO *a, long version); 419238384Sjkimlong TS_TST_INFO_get_version(const TS_TST_INFO *a); 420238384Sjkim 421238384Sjkimint TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id); 422238384SjkimASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a); 423238384Sjkim 424238384Sjkimint TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint); 425238384SjkimTS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a); 426238384Sjkim 427238384Sjkimint TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial); 428238384Sjkimconst ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a); 429238384Sjkim 430238384Sjkimint TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime); 431238384Sjkimconst ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a); 432238384Sjkim 433238384Sjkimint TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy); 434238384SjkimTS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a); 435238384Sjkim 436238384Sjkimint TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds); 437238384Sjkimconst ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a); 438238384Sjkim 439238384Sjkimint TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis); 440238384Sjkimconst ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a); 441238384Sjkim 442238384Sjkimint TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros); 443238384Sjkimconst ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a); 444238384Sjkim 445238384Sjkimint TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering); 446238384Sjkimint TS_TST_INFO_get_ordering(const TS_TST_INFO *a); 447238384Sjkim 448238384Sjkimint TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce); 449238384Sjkimconst ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a); 450238384Sjkim 451238384Sjkimint TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa); 452238384SjkimGENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a); 453238384Sjkim 454238384SjkimSTACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a); 455238384Sjkimvoid TS_TST_INFO_ext_free(TS_TST_INFO *a); 456238384Sjkimint TS_TST_INFO_get_ext_count(TS_TST_INFO *a); 457238384Sjkimint TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos); 458238384Sjkimint TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos); 459238384Sjkimint TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos); 460238384SjkimX509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc); 461238384SjkimX509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc); 462238384Sjkimint TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc); 463238384Sjkimvoid *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx); 464238384Sjkim 465238384Sjkim/* Declarations related to response generation, defined in ts/ts_resp_sign.c. */ 466238384Sjkim 467238384Sjkim/* Optional flags for response generation. */ 468238384Sjkim 469238384Sjkim/* Don't include the TSA name in response. */ 470238384Sjkim#define TS_TSA_NAME 0x01 471238384Sjkim 472238384Sjkim/* Set ordering to true in response. */ 473238384Sjkim#define TS_ORDERING 0x02 474238384Sjkim 475238384Sjkim/* 476238384Sjkim * Include the signer certificate and the other specified certificates in 477238384Sjkim * the ESS signing certificate attribute beside the PKCS7 signed data. 478238384Sjkim * Only the signer certificates is included by default. 479238384Sjkim */ 480238384Sjkim#define TS_ESS_CERT_ID_CHAIN 0x04 481238384Sjkim 482238384Sjkim/* Forward declaration. */ 483238384Sjkimstruct TS_resp_ctx; 484238384Sjkim 485238384Sjkim/* This must return a unique number less than 160 bits long. */ 486238384Sjkimtypedef ASN1_INTEGER *(*TS_serial_cb)(struct TS_resp_ctx *, void *); 487238384Sjkim 488238384Sjkim/* This must return the seconds and microseconds since Jan 1, 1970 in 489238384Sjkim the sec and usec variables allocated by the caller. 490238384Sjkim Return non-zero for success and zero for failure. */ 491238384Sjkimtypedef int (*TS_time_cb)(struct TS_resp_ctx *, void *, long *sec, long *usec); 492238384Sjkim 493238384Sjkim/* This must process the given extension. 494238384Sjkim * It can modify the TS_TST_INFO object of the context. 495238384Sjkim * Return values: !0 (processed), 0 (error, it must set the 496238384Sjkim * status info/failure info of the response). 497238384Sjkim */ 498238384Sjkimtypedef int (*TS_extension_cb)(struct TS_resp_ctx *, X509_EXTENSION *, void *); 499238384Sjkim 500238384Sjkimtypedef struct TS_resp_ctx 501238384Sjkim { 502238384Sjkim X509 *signer_cert; 503238384Sjkim EVP_PKEY *signer_key; 504238384Sjkim STACK_OF(X509) *certs; /* Certs to include in signed data. */ 505238384Sjkim STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */ 506238384Sjkim ASN1_OBJECT *default_policy; /* It may appear in policies, too. */ 507238384Sjkim STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */ 508238384Sjkim ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */ 509238384Sjkim ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */ 510238384Sjkim ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */ 511238384Sjkim unsigned clock_precision_digits; /* fraction of seconds in 512238384Sjkim time stamp token. */ 513238384Sjkim unsigned flags; /* Optional info, see values above. */ 514238384Sjkim 515238384Sjkim /* Callback functions. */ 516238384Sjkim TS_serial_cb serial_cb; 517238384Sjkim void *serial_cb_data; /* User data for serial_cb. */ 518238384Sjkim 519238384Sjkim TS_time_cb time_cb; 520238384Sjkim void *time_cb_data; /* User data for time_cb. */ 521238384Sjkim 522238384Sjkim TS_extension_cb extension_cb; 523238384Sjkim void *extension_cb_data; /* User data for extension_cb. */ 524238384Sjkim 525238384Sjkim /* These members are used only while creating the response. */ 526238384Sjkim TS_REQ *request; 527238384Sjkim TS_RESP *response; 528238384Sjkim TS_TST_INFO *tst_info; 529238384Sjkim } TS_RESP_CTX; 530238384Sjkim 531238384SjkimDECLARE_STACK_OF(EVP_MD) 532238384SjkimDECLARE_ASN1_SET_OF(EVP_MD) 533238384Sjkim 534238384Sjkim/* Creates a response context that can be used for generating responses. */ 535238384SjkimTS_RESP_CTX *TS_RESP_CTX_new(void); 536238384Sjkimvoid TS_RESP_CTX_free(TS_RESP_CTX *ctx); 537238384Sjkim 538238384Sjkim/* This parameter must be set. */ 539238384Sjkimint TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer); 540238384Sjkim 541238384Sjkim/* This parameter must be set. */ 542238384Sjkimint TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key); 543238384Sjkim 544238384Sjkim/* This parameter must be set. */ 545238384Sjkimint TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy); 546238384Sjkim 547238384Sjkim/* No additional certs are included in the response by default. */ 548238384Sjkimint TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs); 549238384Sjkim 550238384Sjkim/* Adds a new acceptable policy, only the default policy 551238384Sjkim is accepted by default. */ 552238384Sjkimint TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy); 553238384Sjkim 554238384Sjkim/* Adds a new acceptable message digest. Note that no message digests 555238384Sjkim are accepted by default. The md argument is shared with the caller. */ 556238384Sjkimint TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md); 557238384Sjkim 558238384Sjkim/* Accuracy is not included by default. */ 559238384Sjkimint TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, 560238384Sjkim int secs, int millis, int micros); 561238384Sjkim 562238384Sjkim/* Clock precision digits, i.e. the number of decimal digits: 563238384Sjkim '0' means sec, '3' msec, '6' usec, and so on. Default is 0. */ 564238384Sjkimint TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx, 565238384Sjkim unsigned clock_precision_digits); 566238384Sjkim/* At most we accept usec precision. */ 567238384Sjkim#define TS_MAX_CLOCK_PRECISION_DIGITS 6 568238384Sjkim 569238384Sjkim/* No flags are set by default. */ 570238384Sjkimvoid TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags); 571238384Sjkim 572238384Sjkim/* Default callback always returns a constant. */ 573238384Sjkimvoid TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data); 574238384Sjkim 575238384Sjkim/* Default callback uses the gettimeofday() and gmtime() system calls. */ 576238384Sjkimvoid TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data); 577238384Sjkim 578238384Sjkim/* Default callback rejects all extensions. The extension callback is called 579238384Sjkim * when the TS_TST_INFO object is already set up and not signed yet. */ 580238384Sjkim/* FIXME: extension handling is not tested yet. */ 581238384Sjkimvoid TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx, 582238384Sjkim TS_extension_cb cb, void *data); 583238384Sjkim 584238384Sjkim/* The following methods can be used in the callbacks. */ 585238384Sjkimint TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, 586238384Sjkim int status, const char *text); 587238384Sjkim 588238384Sjkim/* Sets the status info only if it is still TS_STATUS_GRANTED. */ 589238384Sjkimint TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx, 590238384Sjkim int status, const char *text); 591238384Sjkim 592238384Sjkimint TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure); 593238384Sjkim 594238384Sjkim/* The get methods below can be used in the extension callback. */ 595238384SjkimTS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx); 596238384Sjkim 597238384SjkimTS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx); 598238384Sjkim 599238384Sjkim/* 600238384Sjkim * Creates the signed TS_TST_INFO and puts it in TS_RESP. 601238384Sjkim * In case of errors it sets the status info properly. 602238384Sjkim * Returns NULL only in case of memory allocation/fatal error. 603238384Sjkim */ 604238384SjkimTS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio); 605238384Sjkim 606238384Sjkim/* 607238384Sjkim * Declarations related to response verification, 608238384Sjkim * they are defined in ts/ts_resp_verify.c. 609238384Sjkim */ 610238384Sjkim 611238384Sjkimint TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, 612238384Sjkim X509_STORE *store, X509 **signer_out); 613238384Sjkim 614238384Sjkim/* Context structure for the generic verify method. */ 615238384Sjkim 616238384Sjkim/* Verify the signer's certificate and the signature of the response. */ 617238384Sjkim#define TS_VFY_SIGNATURE (1u << 0) 618238384Sjkim/* Verify the version number of the response. */ 619238384Sjkim#define TS_VFY_VERSION (1u << 1) 620238384Sjkim/* Verify if the policy supplied by the user matches the policy of the TSA. */ 621238384Sjkim#define TS_VFY_POLICY (1u << 2) 622238384Sjkim/* Verify the message imprint provided by the user. This flag should not be 623238384Sjkim specified with TS_VFY_DATA. */ 624238384Sjkim#define TS_VFY_IMPRINT (1u << 3) 625238384Sjkim/* Verify the message imprint computed by the verify method from the user 626238384Sjkim provided data and the MD algorithm of the response. This flag should not be 627238384Sjkim specified with TS_VFY_IMPRINT. */ 628238384Sjkim#define TS_VFY_DATA (1u << 4) 629238384Sjkim/* Verify the nonce value. */ 630238384Sjkim#define TS_VFY_NONCE (1u << 5) 631238384Sjkim/* Verify if the TSA name field matches the signer certificate. */ 632238384Sjkim#define TS_VFY_SIGNER (1u << 6) 633238384Sjkim/* Verify if the TSA name field equals to the user provided name. */ 634238384Sjkim#define TS_VFY_TSA_NAME (1u << 7) 635238384Sjkim 636238384Sjkim/* You can use the following convenience constants. */ 637238384Sjkim#define TS_VFY_ALL_IMPRINT (TS_VFY_SIGNATURE \ 638238384Sjkim | TS_VFY_VERSION \ 639238384Sjkim | TS_VFY_POLICY \ 640238384Sjkim | TS_VFY_IMPRINT \ 641238384Sjkim | TS_VFY_NONCE \ 642238384Sjkim | TS_VFY_SIGNER \ 643238384Sjkim | TS_VFY_TSA_NAME) 644238384Sjkim#define TS_VFY_ALL_DATA (TS_VFY_SIGNATURE \ 645238384Sjkim | TS_VFY_VERSION \ 646238384Sjkim | TS_VFY_POLICY \ 647238384Sjkim | TS_VFY_DATA \ 648238384Sjkim | TS_VFY_NONCE \ 649238384Sjkim | TS_VFY_SIGNER \ 650238384Sjkim | TS_VFY_TSA_NAME) 651238384Sjkim 652238384Sjkimtypedef struct TS_verify_ctx 653238384Sjkim { 654238384Sjkim /* Set this to the union of TS_VFY_... flags you want to carry out. */ 655238384Sjkim unsigned flags; 656238384Sjkim 657238384Sjkim /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ 658238384Sjkim X509_STORE *store; 659238384Sjkim STACK_OF(X509) *certs; 660238384Sjkim 661238384Sjkim /* Must be set only with TS_VFY_POLICY. */ 662238384Sjkim ASN1_OBJECT *policy; 663238384Sjkim 664238384Sjkim /* Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, 665238384Sjkim the algorithm from the response is used. */ 666238384Sjkim X509_ALGOR *md_alg; 667238384Sjkim unsigned char *imprint; 668238384Sjkim unsigned imprint_len; 669238384Sjkim 670238384Sjkim /* Must be set only with TS_VFY_DATA. */ 671238384Sjkim BIO *data; 672238384Sjkim 673238384Sjkim /* Must be set only with TS_VFY_TSA_NAME. */ 674238384Sjkim ASN1_INTEGER *nonce; 675238384Sjkim 676238384Sjkim /* Must be set only with TS_VFY_TSA_NAME. */ 677238384Sjkim GENERAL_NAME *tsa_name; 678238384Sjkim } TS_VERIFY_CTX; 679238384Sjkim 680238384Sjkimint TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response); 681238384Sjkimint TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token); 682238384Sjkim 683238384Sjkim/* 684238384Sjkim * Declarations related to response verification context, 685238384Sjkim * they are defined in ts/ts_verify_ctx.c. 686238384Sjkim */ 687238384Sjkim 688238384Sjkim/* Set all fields to zero. */ 689238384SjkimTS_VERIFY_CTX *TS_VERIFY_CTX_new(void); 690238384Sjkimvoid TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx); 691238384Sjkimvoid TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx); 692238384Sjkimvoid TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx); 693238384Sjkim 694238384Sjkim/* 695238384Sjkim * If ctx is NULL, it allocates and returns a new object, otherwise 696238384Sjkim * it returns ctx. It initialises all the members as follows: 697238384Sjkim * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE) 698238384Sjkim * certs = NULL 699238384Sjkim * store = NULL 700238384Sjkim * policy = policy from the request or NULL if absent (in this case 701238384Sjkim * TS_VFY_POLICY is cleared from flags as well) 702238384Sjkim * md_alg = MD algorithm from request 703238384Sjkim * imprint, imprint_len = imprint from request 704238384Sjkim * data = NULL 705238384Sjkim * nonce, nonce_len = nonce from the request or NULL if absent (in this case 706238384Sjkim * TS_VFY_NONCE is cleared from flags as well) 707238384Sjkim * tsa_name = NULL 708238384Sjkim * Important: after calling this method TS_VFY_SIGNATURE should be added! 709238384Sjkim */ 710238384SjkimTS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx); 711238384Sjkim 712238384Sjkim/* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ 713238384Sjkim 714238384Sjkimint TS_RESP_print_bio(BIO *bio, TS_RESP *a); 715238384Sjkimint TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a); 716238384Sjkimint TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a); 717238384Sjkim 718238384Sjkim/* Common utility functions defined in ts/ts_lib.c */ 719238384Sjkim 720238384Sjkimint TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num); 721238384Sjkimint TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj); 722238384Sjkimint TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions); 723238384Sjkimint TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg); 724238384Sjkimint TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg); 725238384Sjkim 726238384Sjkim/* Function declarations for handling configuration options, 727238384Sjkim defined in ts/ts_conf.c */ 728238384Sjkim 729238384SjkimX509 *TS_CONF_load_cert(const char *file); 730238384SjkimSTACK_OF(X509) *TS_CONF_load_certs(const char *file); 731238384SjkimEVP_PKEY *TS_CONF_load_key(const char *file, const char *pass); 732238384Sjkimconst char *TS_CONF_get_tsa_section(CONF *conf, const char *section); 733238384Sjkimint TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb, 734238384Sjkim TS_RESP_CTX *ctx); 735238384Sjkimint TS_CONF_set_crypto_device(CONF *conf, const char *section, 736238384Sjkim const char *device); 737238384Sjkimint TS_CONF_set_default_engine(const char *name); 738238384Sjkimint TS_CONF_set_signer_cert(CONF *conf, const char *section, 739238384Sjkim const char *cert, TS_RESP_CTX *ctx); 740238384Sjkimint TS_CONF_set_certs(CONF *conf, const char *section, const char *certs, 741238384Sjkim TS_RESP_CTX *ctx); 742238384Sjkimint TS_CONF_set_signer_key(CONF *conf, const char *section, 743238384Sjkim const char *key, const char *pass, TS_RESP_CTX *ctx); 744238384Sjkimint TS_CONF_set_def_policy(CONF *conf, const char *section, 745238384Sjkim const char *policy, TS_RESP_CTX *ctx); 746238384Sjkimint TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); 747238384Sjkimint TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); 748238384Sjkimint TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); 749238384Sjkimint TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, 750238384Sjkim TS_RESP_CTX *ctx); 751238384Sjkimint TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); 752238384Sjkimint TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx); 753238384Sjkimint TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section, 754238384Sjkim TS_RESP_CTX *ctx); 755238384Sjkim 756238384Sjkim/* -------------------------------------------------- */ 757238384Sjkim/* BEGIN ERROR CODES */ 758238384Sjkim/* The following lines are auto generated by the script mkerr.pl. Any changes 759238384Sjkim * made after this point may be overwritten when the script is next run. 760238384Sjkim */ 761238384Sjkimvoid ERR_load_TS_strings(void); 762238384Sjkim 763238384Sjkim/* Error codes for the TS functions. */ 764238384Sjkim 765238384Sjkim/* Function codes. */ 766238384Sjkim#define TS_F_D2I_TS_RESP 147 767238384Sjkim#define TS_F_DEF_SERIAL_CB 110 768238384Sjkim#define TS_F_DEF_TIME_CB 111 769238384Sjkim#define TS_F_ESS_ADD_SIGNING_CERT 112 770238384Sjkim#define TS_F_ESS_CERT_ID_NEW_INIT 113 771238384Sjkim#define TS_F_ESS_SIGNING_CERT_NEW_INIT 114 772238384Sjkim#define TS_F_INT_TS_RESP_VERIFY_TOKEN 149 773238384Sjkim#define TS_F_PKCS7_TO_TS_TST_INFO 148 774238384Sjkim#define TS_F_TS_ACCURACY_SET_MICROS 115 775238384Sjkim#define TS_F_TS_ACCURACY_SET_MILLIS 116 776238384Sjkim#define TS_F_TS_ACCURACY_SET_SECONDS 117 777238384Sjkim#define TS_F_TS_CHECK_IMPRINTS 100 778238384Sjkim#define TS_F_TS_CHECK_NONCES 101 779238384Sjkim#define TS_F_TS_CHECK_POLICY 102 780238384Sjkim#define TS_F_TS_CHECK_SIGNING_CERTS 103 781238384Sjkim#define TS_F_TS_CHECK_STATUS_INFO 104 782238384Sjkim#define TS_F_TS_COMPUTE_IMPRINT 145 783238384Sjkim#define TS_F_TS_CONF_SET_DEFAULT_ENGINE 146 784238384Sjkim#define TS_F_TS_GET_STATUS_TEXT 105 785238384Sjkim#define TS_F_TS_MSG_IMPRINT_SET_ALGO 118 786238384Sjkim#define TS_F_TS_REQ_SET_MSG_IMPRINT 119 787238384Sjkim#define TS_F_TS_REQ_SET_NONCE 120 788238384Sjkim#define TS_F_TS_REQ_SET_POLICY_ID 121 789238384Sjkim#define TS_F_TS_RESP_CREATE_RESPONSE 122 790238384Sjkim#define TS_F_TS_RESP_CREATE_TST_INFO 123 791238384Sjkim#define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO 124 792238384Sjkim#define TS_F_TS_RESP_CTX_ADD_MD 125 793238384Sjkim#define TS_F_TS_RESP_CTX_ADD_POLICY 126 794238384Sjkim#define TS_F_TS_RESP_CTX_NEW 127 795238384Sjkim#define TS_F_TS_RESP_CTX_SET_ACCURACY 128 796238384Sjkim#define TS_F_TS_RESP_CTX_SET_CERTS 129 797238384Sjkim#define TS_F_TS_RESP_CTX_SET_DEF_POLICY 130 798238384Sjkim#define TS_F_TS_RESP_CTX_SET_SIGNER_CERT 131 799238384Sjkim#define TS_F_TS_RESP_CTX_SET_STATUS_INFO 132 800238384Sjkim#define TS_F_TS_RESP_GET_POLICY 133 801238384Sjkim#define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION 134 802238384Sjkim#define TS_F_TS_RESP_SET_STATUS_INFO 135 803238384Sjkim#define TS_F_TS_RESP_SET_TST_INFO 150 804238384Sjkim#define TS_F_TS_RESP_SIGN 136 805238384Sjkim#define TS_F_TS_RESP_VERIFY_SIGNATURE 106 806238384Sjkim#define TS_F_TS_RESP_VERIFY_TOKEN 107 807238384Sjkim#define TS_F_TS_TST_INFO_SET_ACCURACY 137 808238384Sjkim#define TS_F_TS_TST_INFO_SET_MSG_IMPRINT 138 809238384Sjkim#define TS_F_TS_TST_INFO_SET_NONCE 139 810238384Sjkim#define TS_F_TS_TST_INFO_SET_POLICY_ID 140 811238384Sjkim#define TS_F_TS_TST_INFO_SET_SERIAL 141 812238384Sjkim#define TS_F_TS_TST_INFO_SET_TIME 142 813238384Sjkim#define TS_F_TS_TST_INFO_SET_TSA 143 814238384Sjkim#define TS_F_TS_VERIFY 108 815238384Sjkim#define TS_F_TS_VERIFY_CERT 109 816238384Sjkim#define TS_F_TS_VERIFY_CTX_NEW 144 817238384Sjkim 818238384Sjkim/* Reason codes. */ 819238384Sjkim#define TS_R_BAD_PKCS7_TYPE 132 820238384Sjkim#define TS_R_BAD_TYPE 133 821238384Sjkim#define TS_R_CERTIFICATE_VERIFY_ERROR 100 822238384Sjkim#define TS_R_COULD_NOT_SET_ENGINE 127 823238384Sjkim#define TS_R_COULD_NOT_SET_TIME 115 824238384Sjkim#define TS_R_D2I_TS_RESP_INT_FAILED 128 825238384Sjkim#define TS_R_DETACHED_CONTENT 134 826238384Sjkim#define TS_R_ESS_ADD_SIGNING_CERT_ERROR 116 827238384Sjkim#define TS_R_ESS_SIGNING_CERTIFICATE_ERROR 101 828238384Sjkim#define TS_R_INVALID_NULL_POINTER 102 829238384Sjkim#define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE 117 830238384Sjkim#define TS_R_MESSAGE_IMPRINT_MISMATCH 103 831238384Sjkim#define TS_R_NONCE_MISMATCH 104 832238384Sjkim#define TS_R_NONCE_NOT_RETURNED 105 833238384Sjkim#define TS_R_NO_CONTENT 106 834238384Sjkim#define TS_R_NO_TIME_STAMP_TOKEN 107 835238384Sjkim#define TS_R_PKCS7_ADD_SIGNATURE_ERROR 118 836238384Sjkim#define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR 119 837238384Sjkim#define TS_R_PKCS7_TO_TS_TST_INFO_FAILED 129 838238384Sjkim#define TS_R_POLICY_MISMATCH 108 839238384Sjkim#define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 120 840238384Sjkim#define TS_R_RESPONSE_SETUP_ERROR 121 841238384Sjkim#define TS_R_SIGNATURE_FAILURE 109 842238384Sjkim#define TS_R_THERE_MUST_BE_ONE_SIGNER 110 843238384Sjkim#define TS_R_TIME_SYSCALL_ERROR 122 844238384Sjkim#define TS_R_TOKEN_NOT_PRESENT 130 845238384Sjkim#define TS_R_TOKEN_PRESENT 131 846238384Sjkim#define TS_R_TSA_NAME_MISMATCH 111 847238384Sjkim#define TS_R_TSA_UNTRUSTED 112 848238384Sjkim#define TS_R_TST_INFO_SETUP_ERROR 123 849238384Sjkim#define TS_R_TS_DATASIGN 124 850238384Sjkim#define TS_R_UNACCEPTABLE_POLICY 125 851238384Sjkim#define TS_R_UNSUPPORTED_MD_ALGORITHM 126 852238384Sjkim#define TS_R_UNSUPPORTED_VERSION 113 853238384Sjkim#define TS_R_WRONG_CONTENT_TYPE 114 854238384Sjkim 855238384Sjkim#ifdef __cplusplus 856238384Sjkim} 857238384Sjkim#endif 858238384Sjkim#endif 859