1/*-
2 * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
3 * Copyright Nokia 2007-2019
4 * Copyright Siemens AG 2015-2019
5 *
6 * Licensed under the Apache License 2.0 (the "License").  You may not use
7 * this file except in compliance with the License.  You can obtain a copy
8 * in the file LICENSE in the source distribution or at
9 * https://www.openssl.org/source/license.html
10 *
11 * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb.
12 */
13
14#ifndef OSSL_CRYPTO_CRMF_LOCAL_H
15# define OSSL_CRYPTO_CRMF_LOCAL_H
16
17# include <openssl/crmf.h>
18# include <openssl/err.h>
19
20/* explicit #includes not strictly needed since implied by the above: */
21# include <openssl/types.h>
22# include <openssl/safestack.h>
23# include <openssl/x509.h>
24# include <openssl/x509v3.h>
25
26/*-
27 * EncryptedValue ::= SEQUENCE {
28 * intendedAlg   [0] AlgorithmIdentifier  OPTIONAL,
29 *                  -- the intended algorithm for which the value will be used
30 * symmAlg       [1] AlgorithmIdentifier  OPTIONAL,
31 *                  -- the symmetric algorithm used to encrypt the value
32 * encSymmKey    [2] BIT STRING           OPTIONAL,
33 *                  -- the (encrypted) symmetric key used to encrypt the value
34 * keyAlg        [3] AlgorithmIdentifier  OPTIONAL,
35 *                  -- algorithm used to encrypt the symmetric key
36 * valueHint     [4] OCTET STRING         OPTIONAL,
37 *                  -- a brief description or identifier of the encValue content
38 *                  -- (may be meaningful only to the sending entity, and
39 *                  --  used only if EncryptedValue might be re-examined
40 *                  --  by the sending entity in the future)
41 * encValue      BIT STRING
42 *                  -- the encrypted value itself
43 * }
44 */
45struct ossl_crmf_encryptedvalue_st {
46    X509_ALGOR *intendedAlg;      /* 0 */
47    X509_ALGOR *symmAlg;          /* 1 */
48    ASN1_BIT_STRING *encSymmKey;  /* 2 */
49    X509_ALGOR *keyAlg;           /* 3 */
50    ASN1_OCTET_STRING *valueHint; /* 4 */
51    ASN1_BIT_STRING *encValue;
52} /* OSSL_CRMF_ENCRYPTEDVALUE */;
53
54/*-
55 *  Attributes ::= SET OF Attribute
56 *  => X509_ATTRIBUTE
57 *
58 *  PrivateKeyInfo ::= SEQUENCE {
59 *     version                       INTEGER,
60 *     privateKeyAlgorithm           AlgorithmIdentifier,
61 *     privateKey                    OCTET STRING,
62 *     attributes                    [0] IMPLICIT Attributes OPTIONAL
63 *  }
64 */
65typedef struct ossl_crmf_privatekeyinfo_st {
66    ASN1_INTEGER *version;
67    X509_ALGOR *privateKeyAlgorithm;
68    ASN1_OCTET_STRING *privateKey;
69    STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
70} OSSL_CRMF_PRIVATEKEYINFO;
71DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PRIVATEKEYINFO)
72
73/*-
74 * section 4.2.1 Private Key Info Content Type
75 * id-ct-encKeyWithID OBJECT IDENTIFIER ::= {id-ct 21}
76 *
77 * EncKeyWithID ::= SEQUENCE {
78 * privateKey     PrivateKeyInfo,
79 * identifier     CHOICE {
80 *                      string         UTF8String,
81 *                      generalName    GeneralName
82 *                } OPTIONAL
83 * }
84 */
85typedef struct ossl_crmf_enckeywithid_identifier_st {
86    int type;
87    union {
88        ASN1_UTF8STRING *string;
89        GENERAL_NAME *generalName;
90    } value;
91} OSSL_CRMF_ENCKEYWITHID_IDENTIFIER;
92DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER)
93
94typedef struct ossl_crmf_enckeywithid_st {
95    OSSL_CRMF_PRIVATEKEYINFO *privateKey;
96    /* [0] */
97    OSSL_CRMF_ENCKEYWITHID_IDENTIFIER *identifier;
98} OSSL_CRMF_ENCKEYWITHID;
99DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID)
100
101/*-
102 * CertId ::= SEQUENCE {
103 *      issuer           GeneralName,
104 *      serialNumber     INTEGER
105 * }
106 */
107struct ossl_crmf_certid_st {
108    GENERAL_NAME *issuer;
109    ASN1_INTEGER *serialNumber;
110} /* OSSL_CRMF_CERTID */;
111
112/*-
113 * SinglePubInfo ::= SEQUENCE {
114 *  pubMethod        INTEGER {
115 *      dontCare        (0),
116 *      x500            (1),
117 *      web             (2),
118 *      ldap            (3) },
119 *  pubLocation  GeneralName OPTIONAL
120 * }
121 */
122struct ossl_crmf_singlepubinfo_st {
123    ASN1_INTEGER *pubMethod;
124    GENERAL_NAME *pubLocation;
125} /* OSSL_CRMF_SINGLEPUBINFO */;
126DEFINE_STACK_OF(OSSL_CRMF_SINGLEPUBINFO)
127typedef STACK_OF(OSSL_CRMF_SINGLEPUBINFO) OSSL_CRMF_PUBINFOS;
128
129
130/*-
131 * PKIPublicationInfo ::= SEQUENCE {
132 *      action     INTEGER {
133 *                   dontPublish (0),
134 *                   pleasePublish (1) },
135 *      pubInfos   SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL
136 *      -- pubInfos MUST NOT be present if action is "dontPublish"
137 *      -- (if action is "pleasePublish" and pubInfos is omitted,
138 *      -- "dontCare" is assumed)
139 * }
140 */
141struct ossl_crmf_pkipublicationinfo_st {
142    ASN1_INTEGER *action;
143    OSSL_CRMF_PUBINFOS *pubInfos;
144} /* OSSL_CRMF_PKIPUBLICATIONINFO */;
145DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_PKIPUBLICATIONINFO)
146
147/*-
148 * PKMACValue ::= SEQUENCE {
149 * algId  AlgorithmIdentifier,
150 * -- algorithm value shall be PasswordBasedMac {1 2 840 113533 7 66 13}
151 * -- parameter value is PBMParameter
152 * value  BIT STRING
153 * }
154 */
155typedef struct ossl_crmf_pkmacvalue_st {
156    X509_ALGOR *algId;
157    ASN1_BIT_STRING *value;
158} OSSL_CRMF_PKMACVALUE;
159DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKMACVALUE)
160
161/*-
162 * SubsequentMessage ::= INTEGER {
163 * encrCert (0),
164 * -- requests that resulting certificate be encrypted for the
165 * -- end entity (following which, POP will be proven in a
166 * -- confirmation message)
167 * challengeResp (1)
168 * -- requests that CA engage in challenge-response exchange with
169 * -- end entity in order to prove private key possession
170 * }
171 *
172 * POPOPrivKey ::= CHOICE {
173 * thisMessage       [0] BIT STRING,                 -- Deprecated
174 * -- possession is proven in this message (which contains the private
175 * -- key itself (encrypted for the CA))
176 * subsequentMessage [1] SubsequentMessage,
177 * -- possession will be proven in a subsequent message
178 * dhMAC             [2] BIT STRING,                 -- Deprecated
179 * agreeMAC          [3] PKMACValue,
180 * encryptedKey      [4] EnvelopedData
181 * }
182 */
183
184typedef struct ossl_crmf_popoprivkey_st {
185    int type;
186    union {
187        ASN1_BIT_STRING *thisMessage; /* 0 */ /* Deprecated */
188        ASN1_INTEGER *subsequentMessage; /* 1 */
189        ASN1_BIT_STRING *dhMAC; /* 2 */ /* Deprecated */
190        OSSL_CRMF_PKMACVALUE *agreeMAC; /* 3 */
191        ASN1_NULL *encryptedKey; /* 4 */
192    } value;
193} OSSL_CRMF_POPOPRIVKEY;
194DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_POPOPRIVKEY)
195
196/*-
197 * PBMParameter ::= SEQUENCE {
198 *    salt                    OCTET STRING,
199 *    owf                     AlgorithmIdentifier,
200 *    -- AlgId for a One-Way Function (SHA-1 recommended)
201 *    iterationCount          INTEGER,
202 *    -- number of times the OWF is applied
203 *    mac                     AlgorithmIdentifier
204 *    -- the MAC AlgId (e.g., DES-MAC, Triple-DES-MAC [PKCS11],
205 *    -- or HMAC [HMAC, RFC2202])
206 * }
207 */
208struct ossl_crmf_pbmparameter_st {
209    ASN1_OCTET_STRING *salt;
210    X509_ALGOR *owf;
211    ASN1_INTEGER *iterationCount;
212    X509_ALGOR *mac;
213} /* OSSL_CRMF_PBMPARAMETER */;
214# define OSSL_CRMF_PBM_MAX_ITERATION_COUNT 100000 /* if too large allows DoS */
215
216/*-
217 * POPOSigningKeyInput ::= SEQUENCE {
218 * authInfo       CHOICE {
219 *     sender                 [0] GeneralName,
220 *   -- used only if an authenticated identity has been
221 *   -- established for the sender (e.g., a DN from a
222 *   -- previously-issued and currently-valid certificate)
223 *     publicKeyMAC           PKMACValue },
224 *   -- used if no authenticated GeneralName currently exists for
225 *   -- the sender; publicKeyMAC contains a password-based MAC
226 *   -- on the DER-encoded value of publicKey
227 * publicKey      SubjectPublicKeyInfo  -- from CertTemplate
228 * }
229 */
230typedef struct ossl_crmf_poposigningkeyinput_authinfo_st {
231    int type;
232    union {
233        /* 0 */ GENERAL_NAME *sender;
234        /* 1 */ OSSL_CRMF_PKMACVALUE *publicKeyMAC;
235    } value;
236} OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO;
237DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO)
238
239typedef struct ossl_crmf_poposigningkeyinput_st {
240    OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO *authInfo;
241    X509_PUBKEY *publicKey;
242} OSSL_CRMF_POPOSIGNINGKEYINPUT;
243DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT)
244
245/*-
246 * POPOSigningKey ::= SEQUENCE {
247 *  poposkInput           [0] POPOSigningKeyInput OPTIONAL,
248 *  algorithmIdentifier   AlgorithmIdentifier,
249 *  signature             BIT STRING
250 * }
251 */
252struct ossl_crmf_poposigningkey_st {
253    OSSL_CRMF_POPOSIGNINGKEYINPUT *poposkInput;
254    X509_ALGOR *algorithmIdentifier;
255    ASN1_BIT_STRING *signature;
256} /* OSSL_CRMF_POPOSIGNINGKEY */;
257DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEY)
258
259/*-
260 * ProofOfPossession ::= CHOICE {
261 *  raVerified        [0] NULL,
262 *  -- used if the RA has already verified that the requester is in
263 *  -- possession of the private key
264 *  signature         [1] POPOSigningKey,
265 *  keyEncipherment   [2] POPOPrivKey,
266 *  keyAgreement      [3] POPOPrivKey
267 * }
268 */
269typedef struct ossl_crmf_popo_st {
270    int type;
271    union {
272        ASN1_NULL *raVerified; /* 0 */
273        OSSL_CRMF_POPOSIGNINGKEY *signature; /* 1 */
274        OSSL_CRMF_POPOPRIVKEY *keyEncipherment; /* 2 */
275        OSSL_CRMF_POPOPRIVKEY *keyAgreement; /* 3 */
276    } value;
277} OSSL_CRMF_POPO;
278DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_POPO)
279
280/*-
281 * OptionalValidity ::= SEQUENCE {
282 *  notBefore      [0] Time OPTIONAL,
283 *  notAfter       [1] Time OPTIONAL  -- at least one MUST be present
284 * }
285 */
286struct ossl_crmf_optionalvalidity_st {
287    /* 0 */ ASN1_TIME *notBefore;
288    /* 1 */ ASN1_TIME *notAfter;
289} /* OSSL_CRMF_OPTIONALVALIDITY */;
290DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY)
291
292/*-
293 * CertTemplate ::= SEQUENCE {
294 * version          [0] Version                   OPTIONAL,
295 * serialNumber     [1] INTEGER                   OPTIONAL,
296 * signingAlg       [2] AlgorithmIdentifier       OPTIONAL,
297 * issuer           [3] Name                      OPTIONAL,
298 * validity         [4] OptionalValidity          OPTIONAL,
299 * subject          [5] Name                      OPTIONAL,
300 * publicKey        [6] SubjectPublicKeyInfo      OPTIONAL,
301 * issuerUID        [7] UniqueIdentifier          OPTIONAL,
302 * subjectUID       [8] UniqueIdentifier          OPTIONAL,
303 * extensions       [9] Extensions                OPTIONAL
304 * }
305 */
306struct ossl_crmf_certtemplate_st {
307    ASN1_INTEGER *version;
308    ASN1_INTEGER *serialNumber; /* serialNumber MUST be omitted */
309    /* This field is assigned by the CA during certificate creation */
310    X509_ALGOR *signingAlg; /* signingAlg MUST be omitted */
311    /* This field is assigned by the CA during certificate creation */
312    const X509_NAME *issuer;
313    OSSL_CRMF_OPTIONALVALIDITY *validity;
314    const X509_NAME *subject;
315    X509_PUBKEY *publicKey;
316    ASN1_BIT_STRING *issuerUID; /* deprecated in version 2 */
317    /* According to rfc 3280: UniqueIdentifier ::= BIT STRING */
318    ASN1_BIT_STRING *subjectUID; /* deprecated in version 2 */
319    /* Could be X509_EXTENSION*S*, but that's only cosmetic */
320    STACK_OF(X509_EXTENSION) *extensions;
321} /* OSSL_CRMF_CERTTEMPLATE */;
322
323/*-
324 * CertRequest ::= SEQUENCE {
325 *  certReqId        INTEGER,          -- ID for matching request and reply
326 *  certTemplate     CertTemplate,     -- Selected fields of cert to be issued
327 *  controls         Controls OPTIONAL -- Attributes affecting issuance
328 * }
329 */
330struct ossl_crmf_certrequest_st {
331    ASN1_INTEGER *certReqId;
332    OSSL_CRMF_CERTTEMPLATE *certTemplate;
333    STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *controls;
334} /* OSSL_CRMF_CERTREQUEST */;
335DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST)
336DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST)
337
338struct ossl_crmf_attributetypeandvalue_st {
339    ASN1_OBJECT *type;
340    union {
341        /* NID_id_regCtrl_regToken */
342        ASN1_UTF8STRING *regToken;
343
344        /* NID_id_regCtrl_authenticator */
345        ASN1_UTF8STRING *authenticator;
346
347        /* NID_id_regCtrl_pkiPublicationInfo */
348        OSSL_CRMF_PKIPUBLICATIONINFO *pkiPublicationInfo;
349
350        /* NID_id_regCtrl_oldCertID */
351        OSSL_CRMF_CERTID *oldCertID;
352
353        /* NID_id_regCtrl_protocolEncrKey */
354        X509_PUBKEY *protocolEncrKey;
355
356        /* NID_id_regInfo_utf8Pairs */
357        ASN1_UTF8STRING *utf8Pairs;
358
359        /* NID_id_regInfo_certReq */
360        OSSL_CRMF_CERTREQUEST *certReq;
361
362        ASN1_TYPE *other;
363    } value;
364} /* OSSL_CRMF_ATTRIBUTETYPEANDVALUE */;
365DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
366DEFINE_STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
367DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
368
369/*-
370 * CertReqMessages ::= SEQUENCE SIZE (1..MAX) OF CertReqMsg
371 * CertReqMsg ::= SEQUENCE {
372 *  certReq        CertRequest,
373 *  popo           ProofOfPossession  OPTIONAL,
374 * -- content depends upon key type
375 *  regInfo   SEQUENCE SIZE(1..MAX) OF AttributeTypeAndValue OPTIONAL
376 * }
377 */
378struct ossl_crmf_msg_st {
379    OSSL_CRMF_CERTREQUEST *certReq;
380    /* 0 */
381    OSSL_CRMF_POPO *popo;
382    /* 1 */
383    STACK_OF(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) *regInfo;
384} /* OSSL_CRMF_MSG */;
385#endif
386