LTKCPP-- LLRP Toolkit C Plus Plus Library
ts.h
00001 /* crypto/ts/ts.h */
00002 /*
00003  * Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL project
00004  * 2002, 2003, 2004.
00005  */
00006 /* ====================================================================
00007  * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
00008  *
00009  * Redistribution and use in source and binary forms, with or without
00010  * modification, are permitted provided that the following conditions
00011  * are met:
00012  *
00013  * 1. Redistributions of source code must retain the above copyright
00014  *    notice, this list of conditions and the following disclaimer.
00015  *
00016  * 2. Redistributions in binary form must reproduce the above copyright
00017  *    notice, this list of conditions and the following disclaimer in
00018  *    the documentation and/or other materials provided with the
00019  *    distribution.
00020  *
00021  * 3. All advertising materials mentioning features or use of this
00022  *    software must display the following acknowledgment:
00023  *    "This product includes software developed by the OpenSSL Project
00024  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
00025  *
00026  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
00027  *    endorse or promote products derived from this software without
00028  *    prior written permission. For written permission, please contact
00029  *    licensing@OpenSSL.org.
00030  *
00031  * 5. Products derived from this software may not be called "OpenSSL"
00032  *    nor may "OpenSSL" appear in their names without prior written
00033  *    permission of the OpenSSL Project.
00034  *
00035  * 6. Redistributions of any form whatsoever must retain the following
00036  *    acknowledgment:
00037  *    "This product includes software developed by the OpenSSL Project
00038  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
00039  *
00040  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
00041  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
00042  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
00043  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
00044  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
00045  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
00046  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
00047  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
00048  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
00049  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
00050  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
00051  * OF THE POSSIBILITY OF SUCH DAMAGE.
00052  * ====================================================================
00053  *
00054  * This product includes cryptographic software written by Eric Young
00055  * (eay@cryptsoft.com).  This product includes software written by Tim
00056  * Hudson (tjh@cryptsoft.com).
00057  *
00058  */
00059 
00060 #ifndef HEADER_TS_H
00061 # define HEADER_TS_H
00062 
00063 # include <openssl/opensslconf.h>
00064 # include <openssl/symhacks.h>
00065 # ifndef OPENSSL_NO_BUFFER
00066 #  include <openssl/buffer.h>
00067 # endif
00068 # ifndef OPENSSL_NO_EVP
00069 #  include <openssl/evp.h>
00070 # endif
00071 # ifndef OPENSSL_NO_BIO
00072 #  include <openssl/bio.h>
00073 # endif
00074 # include <openssl/stack.h>
00075 # include <openssl/asn1.h>
00076 # include <openssl/safestack.h>
00077 
00078 # ifndef OPENSSL_NO_RSA
00079 #  include <openssl/rsa.h>
00080 # endif
00081 
00082 # ifndef OPENSSL_NO_DSA
00083 #  include <openssl/dsa.h>
00084 # endif
00085 
00086 # ifndef OPENSSL_NO_DH
00087 #  include <openssl/dh.h>
00088 # endif
00089 
00090 #ifdef  __cplusplus
00091 extern "C" {
00092 #endif
00093 
00094 # ifdef WIN32
00095 /* Under Win32 this is defined in wincrypt.h */
00096 #  undef X509_NAME
00097 # endif
00098 
00099 # include <openssl/x509.h>
00100 # include <openssl/x509v3.h>
00101 
00102 /*-
00103 MessageImprint ::= SEQUENCE  {
00104      hashAlgorithm                AlgorithmIdentifier,
00105      hashedMessage                OCTET STRING  }
00106 */
00107 
00108 typedef struct TS_msg_imprint_st {
00109     X509_ALGOR *hash_algo;
00110     ASN1_OCTET_STRING *hashed_msg;
00111 } TS_MSG_IMPRINT;
00112 
00113 /*-
00114 TimeStampReq ::= SEQUENCE  {
00115    version                  INTEGER  { v1(1) },
00116    messageImprint           MessageImprint,
00117      --a hash algorithm OID and the hash value of the data to be
00118      --time-stamped
00119    reqPolicy                TSAPolicyId                OPTIONAL,
00120    nonce                    INTEGER                    OPTIONAL,
00121    certReq                  BOOLEAN                    DEFAULT FALSE,
00122    extensions               [0] IMPLICIT Extensions    OPTIONAL  }
00123 */
00124 
00125 typedef struct TS_req_st {
00126     ASN1_INTEGER *version;
00127     TS_MSG_IMPRINT *msg_imprint;
00128     ASN1_OBJECT *policy_id;     /* OPTIONAL */
00129     ASN1_INTEGER *nonce;        /* OPTIONAL */
00130     ASN1_BOOLEAN cert_req;      /* DEFAULT FALSE */
00131     STACK_OF(X509_EXTENSION) *extensions; /* [0] OPTIONAL */
00132 } TS_REQ;
00133 
00134 /*-
00135 Accuracy ::= SEQUENCE {
00136                 seconds        INTEGER           OPTIONAL,
00137                 millis     [0] INTEGER  (1..999) OPTIONAL,
00138                 micros     [1] INTEGER  (1..999) OPTIONAL  }
00139 */
00140 
00141 typedef struct TS_accuracy_st {
00142     ASN1_INTEGER *seconds;
00143     ASN1_INTEGER *millis;
00144     ASN1_INTEGER *micros;
00145 } TS_ACCURACY;
00146 
00147 /*-
00148 TSTInfo ::= SEQUENCE  {
00149     version                      INTEGER  { v1(1) },
00150     policy                       TSAPolicyId,
00151     messageImprint               MessageImprint,
00152       -- MUST have the same value as the similar field in
00153       -- TimeStampReq
00154     serialNumber                 INTEGER,
00155      -- Time-Stamping users MUST be ready to accommodate integers
00156      -- up to 160 bits.
00157     genTime                      GeneralizedTime,
00158     accuracy                     Accuracy                 OPTIONAL,
00159     ordering                     BOOLEAN             DEFAULT FALSE,
00160     nonce                        INTEGER                  OPTIONAL,
00161       -- MUST be present if the similar field was present
00162       -- in TimeStampReq.  In that case it MUST have the same value.
00163     tsa                          [0] GeneralName          OPTIONAL,
00164     extensions                   [1] IMPLICIT Extensions  OPTIONAL   }
00165 */
00166 
00167 typedef struct TS_tst_info_st {
00168     ASN1_INTEGER *version;
00169     ASN1_OBJECT *policy_id;
00170     TS_MSG_IMPRINT *msg_imprint;
00171     ASN1_INTEGER *serial;
00172     ASN1_GENERALIZEDTIME *time;
00173     TS_ACCURACY *accuracy;
00174     ASN1_BOOLEAN ordering;
00175     ASN1_INTEGER *nonce;
00176     GENERAL_NAME *tsa;
00177     STACK_OF(X509_EXTENSION) *extensions;
00178 } TS_TST_INFO;
00179 
00180 /*-
00181 PKIStatusInfo ::= SEQUENCE {
00182     status        PKIStatus,
00183     statusString  PKIFreeText     OPTIONAL,
00184     failInfo      PKIFailureInfo  OPTIONAL  }
00185 
00186 From RFC 1510 - section 3.1.1:
00187 PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
00188         -- text encoded as UTF-8 String (note:  each UTF8String SHOULD
00189         -- include an RFC 1766 language tag to indicate the language
00190         -- of the contained text)
00191 */
00192 
00193 /* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */
00194 
00195 # define TS_STATUS_GRANTED                       0
00196 # define TS_STATUS_GRANTED_WITH_MODS             1
00197 # define TS_STATUS_REJECTION                     2
00198 # define TS_STATUS_WAITING                       3
00199 # define TS_STATUS_REVOCATION_WARNING            4
00200 # define TS_STATUS_REVOCATION_NOTIFICATION       5
00201 
00202 /*
00203  * Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c
00204  */
00205 
00206 # define TS_INFO_BAD_ALG                 0
00207 # define TS_INFO_BAD_REQUEST             2
00208 # define TS_INFO_BAD_DATA_FORMAT         5
00209 # define TS_INFO_TIME_NOT_AVAILABLE      14
00210 # define TS_INFO_UNACCEPTED_POLICY       15
00211 # define TS_INFO_UNACCEPTED_EXTENSION    16
00212 # define TS_INFO_ADD_INFO_NOT_AVAILABLE  17
00213 # define TS_INFO_SYSTEM_FAILURE          25
00214 
00215 typedef struct TS_status_info_st {
00216     ASN1_INTEGER *status;
00217     STACK_OF(ASN1_UTF8STRING) *text;
00218     ASN1_BIT_STRING *failure_info;
00219 } TS_STATUS_INFO;
00220 
00221 DECLARE_STACK_OF(ASN1_UTF8STRING)
00222 DECLARE_ASN1_SET_OF(ASN1_UTF8STRING)
00223 
00224 /*-
00225 TimeStampResp ::= SEQUENCE  {
00226      status                  PKIStatusInfo,
00227      timeStampToken          TimeStampToken     OPTIONAL }
00228 */
00229 
00230 typedef struct TS_resp_st {
00231     TS_STATUS_INFO *status_info;
00232     PKCS7 *token;
00233     TS_TST_INFO *tst_info;
00234 } TS_RESP;
00235 
00236 /* The structure below would belong to the ESS component. */
00237 
00238 /*-
00239 IssuerSerial ::= SEQUENCE {
00240         issuer                   GeneralNames,
00241         serialNumber             CertificateSerialNumber
00242         }
00243 */
00244 
00245 typedef struct ESS_issuer_serial {
00246     STACK_OF(GENERAL_NAME) *issuer;
00247     ASN1_INTEGER *serial;
00248 } ESS_ISSUER_SERIAL;
00249 
00250 /*-
00251 ESSCertID ::=  SEQUENCE {
00252         certHash                 Hash,
00253         issuerSerial             IssuerSerial OPTIONAL
00254 }
00255 */
00256 
00257 typedef struct ESS_cert_id {
00258     ASN1_OCTET_STRING *hash;    /* Always SHA-1 digest. */
00259     ESS_ISSUER_SERIAL *issuer_serial;
00260 } ESS_CERT_ID;
00261 
00262 DECLARE_STACK_OF(ESS_CERT_ID)
00263 DECLARE_ASN1_SET_OF(ESS_CERT_ID)
00264 
00265 /*-
00266 SigningCertificate ::=  SEQUENCE {
00267        certs        SEQUENCE OF ESSCertID,
00268        policies     SEQUENCE OF PolicyInformation OPTIONAL
00269 }
00270 */
00271 
00272 typedef struct ESS_signing_cert {
00273     STACK_OF(ESS_CERT_ID) *cert_ids;
00274     STACK_OF(POLICYINFO) *policy_info;
00275 } ESS_SIGNING_CERT;
00276 
00277 TS_REQ *TS_REQ_new(void);
00278 void TS_REQ_free(TS_REQ *a);
00279 int i2d_TS_REQ(const TS_REQ *a, unsigned char **pp);
00280 TS_REQ *d2i_TS_REQ(TS_REQ **a, const unsigned char **pp, long length);
00281 
00282 TS_REQ *TS_REQ_dup(TS_REQ *a);
00283 
00284 TS_REQ *d2i_TS_REQ_fp(FILE *fp, TS_REQ **a);
00285 int i2d_TS_REQ_fp(FILE *fp, TS_REQ *a);
00286 TS_REQ *d2i_TS_REQ_bio(BIO *fp, TS_REQ **a);
00287 int i2d_TS_REQ_bio(BIO *fp, TS_REQ *a);
00288 
00289 TS_MSG_IMPRINT *TS_MSG_IMPRINT_new(void);
00290 void TS_MSG_IMPRINT_free(TS_MSG_IMPRINT *a);
00291 int i2d_TS_MSG_IMPRINT(const TS_MSG_IMPRINT *a, unsigned char **pp);
00292 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT(TS_MSG_IMPRINT **a,
00293                                    const unsigned char **pp, long length);
00294 
00295 TS_MSG_IMPRINT *TS_MSG_IMPRINT_dup(TS_MSG_IMPRINT *a);
00296 
00297 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT **a);
00298 int i2d_TS_MSG_IMPRINT_fp(FILE *fp, TS_MSG_IMPRINT *a);
00299 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT **a);
00300 int i2d_TS_MSG_IMPRINT_bio(BIO *fp, TS_MSG_IMPRINT *a);
00301 
00302 TS_RESP *TS_RESP_new(void);
00303 void TS_RESP_free(TS_RESP *a);
00304 int i2d_TS_RESP(const TS_RESP *a, unsigned char **pp);
00305 TS_RESP *d2i_TS_RESP(TS_RESP **a, const unsigned char **pp, long length);
00306 TS_TST_INFO *PKCS7_to_TS_TST_INFO(PKCS7 *token);
00307 TS_RESP *TS_RESP_dup(TS_RESP *a);
00308 
00309 TS_RESP *d2i_TS_RESP_fp(FILE *fp, TS_RESP **a);
00310 int i2d_TS_RESP_fp(FILE *fp, TS_RESP *a);
00311 TS_RESP *d2i_TS_RESP_bio(BIO *fp, TS_RESP **a);
00312 int i2d_TS_RESP_bio(BIO *fp, TS_RESP *a);
00313 
00314 TS_STATUS_INFO *TS_STATUS_INFO_new(void);
00315 void TS_STATUS_INFO_free(TS_STATUS_INFO *a);
00316 int i2d_TS_STATUS_INFO(const TS_STATUS_INFO *a, unsigned char **pp);
00317 TS_STATUS_INFO *d2i_TS_STATUS_INFO(TS_STATUS_INFO **a,
00318                                    const unsigned char **pp, long length);
00319 TS_STATUS_INFO *TS_STATUS_INFO_dup(TS_STATUS_INFO *a);
00320 
00321 TS_TST_INFO *TS_TST_INFO_new(void);
00322 void TS_TST_INFO_free(TS_TST_INFO *a);
00323 int i2d_TS_TST_INFO(const TS_TST_INFO *a, unsigned char **pp);
00324 TS_TST_INFO *d2i_TS_TST_INFO(TS_TST_INFO **a, const unsigned char **pp,
00325                              long length);
00326 TS_TST_INFO *TS_TST_INFO_dup(TS_TST_INFO *a);
00327 
00328 TS_TST_INFO *d2i_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO **a);
00329 int i2d_TS_TST_INFO_fp(FILE *fp, TS_TST_INFO *a);
00330 TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO **a);
00331 int i2d_TS_TST_INFO_bio(BIO *fp, TS_TST_INFO *a);
00332 
00333 TS_ACCURACY *TS_ACCURACY_new(void);
00334 void TS_ACCURACY_free(TS_ACCURACY *a);
00335 int i2d_TS_ACCURACY(const TS_ACCURACY *a, unsigned char **pp);
00336 TS_ACCURACY *d2i_TS_ACCURACY(TS_ACCURACY **a, const unsigned char **pp,
00337                              long length);
00338 TS_ACCURACY *TS_ACCURACY_dup(TS_ACCURACY *a);
00339 
00340 ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_new(void);
00341 void ESS_ISSUER_SERIAL_free(ESS_ISSUER_SERIAL *a);
00342 int i2d_ESS_ISSUER_SERIAL(const ESS_ISSUER_SERIAL *a, unsigned char **pp);
00343 ESS_ISSUER_SERIAL *d2i_ESS_ISSUER_SERIAL(ESS_ISSUER_SERIAL **a,
00344                                          const unsigned char **pp,
00345                                          long length);
00346 ESS_ISSUER_SERIAL *ESS_ISSUER_SERIAL_dup(ESS_ISSUER_SERIAL *a);
00347 
00348 ESS_CERT_ID *ESS_CERT_ID_new(void);
00349 void ESS_CERT_ID_free(ESS_CERT_ID *a);
00350 int i2d_ESS_CERT_ID(const ESS_CERT_ID *a, unsigned char **pp);
00351 ESS_CERT_ID *d2i_ESS_CERT_ID(ESS_CERT_ID **a, const unsigned char **pp,
00352                              long length);
00353 ESS_CERT_ID *ESS_CERT_ID_dup(ESS_CERT_ID *a);
00354 
00355 ESS_SIGNING_CERT *ESS_SIGNING_CERT_new(void);
00356 void ESS_SIGNING_CERT_free(ESS_SIGNING_CERT *a);
00357 int i2d_ESS_SIGNING_CERT(const ESS_SIGNING_CERT *a, unsigned char **pp);
00358 ESS_SIGNING_CERT *d2i_ESS_SIGNING_CERT(ESS_SIGNING_CERT **a,
00359                                        const unsigned char **pp, long length);
00360 ESS_SIGNING_CERT *ESS_SIGNING_CERT_dup(ESS_SIGNING_CERT *a);
00361 
00362 void ERR_load_TS_strings(void);
00363 
00364 int TS_REQ_set_version(TS_REQ *a, long version);
00365 long TS_REQ_get_version(const TS_REQ *a);
00366 
00367 int TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint);
00368 TS_MSG_IMPRINT *TS_REQ_get_msg_imprint(TS_REQ *a);
00369 
00370 int TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg);
00371 X509_ALGOR *TS_MSG_IMPRINT_get_algo(TS_MSG_IMPRINT *a);
00372 
00373 int TS_MSG_IMPRINT_set_msg(TS_MSG_IMPRINT *a, unsigned char *d, int len);
00374 ASN1_OCTET_STRING *TS_MSG_IMPRINT_get_msg(TS_MSG_IMPRINT *a);
00375 
00376 int TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy);
00377 ASN1_OBJECT *TS_REQ_get_policy_id(TS_REQ *a);
00378 
00379 int TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce);
00380 const ASN1_INTEGER *TS_REQ_get_nonce(const TS_REQ *a);
00381 
00382 int TS_REQ_set_cert_req(TS_REQ *a, int cert_req);
00383 int TS_REQ_get_cert_req(const TS_REQ *a);
00384 
00385 STACK_OF(X509_EXTENSION) *TS_REQ_get_exts(TS_REQ *a);
00386 void TS_REQ_ext_free(TS_REQ *a);
00387 int TS_REQ_get_ext_count(TS_REQ *a);
00388 int TS_REQ_get_ext_by_NID(TS_REQ *a, int nid, int lastpos);
00389 int TS_REQ_get_ext_by_OBJ(TS_REQ *a, ASN1_OBJECT *obj, int lastpos);
00390 int TS_REQ_get_ext_by_critical(TS_REQ *a, int crit, int lastpos);
00391 X509_EXTENSION *TS_REQ_get_ext(TS_REQ *a, int loc);
00392 X509_EXTENSION *TS_REQ_delete_ext(TS_REQ *a, int loc);
00393 int TS_REQ_add_ext(TS_REQ *a, X509_EXTENSION *ex, int loc);
00394 void *TS_REQ_get_ext_d2i(TS_REQ *a, int nid, int *crit, int *idx);
00395 
00396 /* Function declarations for TS_REQ defined in ts/ts_req_print.c */
00397 
00398 int TS_REQ_print_bio(BIO *bio, TS_REQ *a);
00399 
00400 /* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */
00401 
00402 int TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *info);
00403 TS_STATUS_INFO *TS_RESP_get_status_info(TS_RESP *a);
00404 
00405 /* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */
00406 void TS_RESP_set_tst_info(TS_RESP *a, PKCS7 *p7, TS_TST_INFO *tst_info);
00407 PKCS7 *TS_RESP_get_token(TS_RESP *a);
00408 TS_TST_INFO *TS_RESP_get_tst_info(TS_RESP *a);
00409 
00410 int TS_TST_INFO_set_version(TS_TST_INFO *a, long version);
00411 long TS_TST_INFO_get_version(const TS_TST_INFO *a);
00412 
00413 int TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy_id);
00414 ASN1_OBJECT *TS_TST_INFO_get_policy_id(TS_TST_INFO *a);
00415 
00416 int TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint);
00417 TS_MSG_IMPRINT *TS_TST_INFO_get_msg_imprint(TS_TST_INFO *a);
00418 
00419 int TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial);
00420 const ASN1_INTEGER *TS_TST_INFO_get_serial(const TS_TST_INFO *a);
00421 
00422 int TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime);
00423 const ASN1_GENERALIZEDTIME *TS_TST_INFO_get_time(const TS_TST_INFO *a);
00424 
00425 int TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy);
00426 TS_ACCURACY *TS_TST_INFO_get_accuracy(TS_TST_INFO *a);
00427 
00428 int TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds);
00429 const ASN1_INTEGER *TS_ACCURACY_get_seconds(const TS_ACCURACY *a);
00430 
00431 int TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis);
00432 const ASN1_INTEGER *TS_ACCURACY_get_millis(const TS_ACCURACY *a);
00433 
00434 int TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros);
00435 const ASN1_INTEGER *TS_ACCURACY_get_micros(const TS_ACCURACY *a);
00436 
00437 int TS_TST_INFO_set_ordering(TS_TST_INFO *a, int ordering);
00438 int TS_TST_INFO_get_ordering(const TS_TST_INFO *a);
00439 
00440 int TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce);
00441 const ASN1_INTEGER *TS_TST_INFO_get_nonce(const TS_TST_INFO *a);
00442 
00443 int TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa);
00444 GENERAL_NAME *TS_TST_INFO_get_tsa(TS_TST_INFO *a);
00445 
00446 STACK_OF(X509_EXTENSION) *TS_TST_INFO_get_exts(TS_TST_INFO *a);
00447 void TS_TST_INFO_ext_free(TS_TST_INFO *a);
00448 int TS_TST_INFO_get_ext_count(TS_TST_INFO *a);
00449 int TS_TST_INFO_get_ext_by_NID(TS_TST_INFO *a, int nid, int lastpos);
00450 int TS_TST_INFO_get_ext_by_OBJ(TS_TST_INFO *a, ASN1_OBJECT *obj, int lastpos);
00451 int TS_TST_INFO_get_ext_by_critical(TS_TST_INFO *a, int crit, int lastpos);
00452 X509_EXTENSION *TS_TST_INFO_get_ext(TS_TST_INFO *a, int loc);
00453 X509_EXTENSION *TS_TST_INFO_delete_ext(TS_TST_INFO *a, int loc);
00454 int TS_TST_INFO_add_ext(TS_TST_INFO *a, X509_EXTENSION *ex, int loc);
00455 void *TS_TST_INFO_get_ext_d2i(TS_TST_INFO *a, int nid, int *crit, int *idx);
00456 
00457 /*
00458  * Declarations related to response generation, defined in ts/ts_resp_sign.c.
00459  */
00460 
00461 /* Optional flags for response generation. */
00462 
00463 /* Don't include the TSA name in response. */
00464 # define TS_TSA_NAME             0x01
00465 
00466 /* Set ordering to true in response. */
00467 # define TS_ORDERING             0x02
00468 
00469 /*
00470  * Include the signer certificate and the other specified certificates in
00471  * the ESS signing certificate attribute beside the PKCS7 signed data.
00472  * Only the signer certificates is included by default.
00473  */
00474 # define TS_ESS_CERT_ID_CHAIN    0x04
00475 
00476 /* Forward declaration. */
00477 struct TS_resp_ctx;
00478 
00479 /* This must return a unique number less than 160 bits long. */
00480 typedef ASN1_INTEGER *(*TS_serial_cb) (struct TS_resp_ctx *, void *);
00481 
00482 /*
00483  * This must return the seconds and microseconds since Jan 1, 1970 in the sec
00484  * and usec variables allocated by the caller. Return non-zero for success
00485  * and zero for failure.
00486  */
00487 typedef int (*TS_time_cb) (struct TS_resp_ctx *, void *, long *sec,
00488                            long *usec);
00489 
00490 /*
00491  * This must process the given extension. It can modify the TS_TST_INFO
00492  * object of the context. Return values: !0 (processed), 0 (error, it must
00493  * set the status info/failure info of the response).
00494  */
00495 typedef int (*TS_extension_cb) (struct TS_resp_ctx *, X509_EXTENSION *,
00496                                 void *);
00497 
00498 typedef struct TS_resp_ctx {
00499     X509 *signer_cert;
00500     EVP_PKEY *signer_key;
00501     STACK_OF(X509) *certs;      /* Certs to include in signed data. */
00502     STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
00503     ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
00504     STACK_OF(EVP_MD) *mds;      /* Acceptable message digests. */
00505     ASN1_INTEGER *seconds;      /* accuracy, 0 means not specified. */
00506     ASN1_INTEGER *millis;       /* accuracy, 0 means not specified. */
00507     ASN1_INTEGER *micros;       /* accuracy, 0 means not specified. */
00508     unsigned clock_precision_digits; /* fraction of seconds in time stamp
00509                                       * token. */
00510     unsigned flags;             /* Optional info, see values above. */
00511     /* Callback functions. */
00512     TS_serial_cb serial_cb;
00513     void *serial_cb_data;       /* User data for serial_cb. */
00514     TS_time_cb time_cb;
00515     void *time_cb_data;         /* User data for time_cb. */
00516     TS_extension_cb extension_cb;
00517     void *extension_cb_data;    /* User data for extension_cb. */
00518     /* These members are used only while creating the response. */
00519     TS_REQ *request;
00520     TS_RESP *response;
00521     TS_TST_INFO *tst_info;
00522 } TS_RESP_CTX;
00523 
00524 DECLARE_STACK_OF(EVP_MD)
00525 DECLARE_ASN1_SET_OF(EVP_MD)
00526 
00527 /* Creates a response context that can be used for generating responses. */
00528 TS_RESP_CTX *TS_RESP_CTX_new(void);
00529 void TS_RESP_CTX_free(TS_RESP_CTX *ctx);
00530 
00531 /* This parameter must be set. */
00532 int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer);
00533 
00534 /* This parameter must be set. */
00535 int TS_RESP_CTX_set_signer_key(TS_RESP_CTX *ctx, EVP_PKEY *key);
00536 
00537 /* This parameter must be set. */
00538 int TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy);
00539 
00540 /* No additional certs are included in the response by default. */
00541 int TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs);
00542 
00543 /*
00544  * Adds a new acceptable policy, only the default policy is accepted by
00545  * default.
00546  */
00547 int TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy);
00548 
00549 /*
00550  * Adds a new acceptable message digest. Note that no message digests are
00551  * accepted by default. The md argument is shared with the caller.
00552  */
00553 int TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md);
00554 
00555 /* Accuracy is not included by default. */
00556 int TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx,
00557                              int secs, int millis, int micros);
00558 
00559 /*
00560  * Clock precision digits, i.e. the number of decimal digits: '0' means sec,
00561  * '3' msec, '6' usec, and so on. Default is 0.
00562  */
00563 int TS_RESP_CTX_set_clock_precision_digits(TS_RESP_CTX *ctx,
00564                                            unsigned clock_precision_digits);
00565 /* At most we accept usec precision. */
00566 # define TS_MAX_CLOCK_PRECISION_DIGITS   6
00567 
00568 /* No flags are set by default. */
00569 void TS_RESP_CTX_add_flags(TS_RESP_CTX *ctx, int flags);
00570 
00571 /* Default callback always returns a constant. */
00572 void TS_RESP_CTX_set_serial_cb(TS_RESP_CTX *ctx, TS_serial_cb cb, void *data);
00573 
00574 /* Default callback uses the gettimeofday() and gmtime() system calls. */
00575 void TS_RESP_CTX_set_time_cb(TS_RESP_CTX *ctx, TS_time_cb cb, void *data);
00576 
00577 /*
00578  * Default callback rejects all extensions. The extension callback is called
00579  * when the TS_TST_INFO object is already set up and not signed yet.
00580  */
00581 /* FIXME: extension handling is not tested yet. */
00582 void TS_RESP_CTX_set_extension_cb(TS_RESP_CTX *ctx,
00583                                   TS_extension_cb cb, void *data);
00584 
00585 /* The following methods can be used in the callbacks. */
00586 int TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx,
00587                                 int status, const char *text);
00588 
00589 /* Sets the status info only if it is still TS_STATUS_GRANTED. */
00590 int TS_RESP_CTX_set_status_info_cond(TS_RESP_CTX *ctx,
00591                                      int status, const char *text);
00592 
00593 int TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure);
00594 
00595 /* The get methods below can be used in the extension callback. */
00596 TS_REQ *TS_RESP_CTX_get_request(TS_RESP_CTX *ctx);
00597 
00598 TS_TST_INFO *TS_RESP_CTX_get_tst_info(TS_RESP_CTX *ctx);
00599 
00600 /*
00601  * Creates the signed TS_TST_INFO and puts it in TS_RESP.
00602  * In case of errors it sets the status info properly.
00603  * Returns NULL only in case of memory allocation/fatal error.
00604  */
00605 TS_RESP *TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio);
00606 
00607 /*
00608  * Declarations related to response verification,
00609  * they are defined in ts/ts_resp_verify.c.
00610  */
00611 
00612 int TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs,
00613                              X509_STORE *store, X509 **signer_out);
00614 
00615 /* Context structure for the generic verify method. */
00616 
00617 /* Verify the signer's certificate and the signature of the response. */
00618 # define TS_VFY_SIGNATURE        (1u << 0)
00619 /* Verify the version number of the response. */
00620 # define TS_VFY_VERSION          (1u << 1)
00621 /* Verify if the policy supplied by the user matches the policy of the TSA. */
00622 # define TS_VFY_POLICY           (1u << 2)
00623 /*
00624  * Verify the message imprint provided by the user. This flag should not be
00625  * specified with TS_VFY_DATA.
00626  */
00627 # define TS_VFY_IMPRINT          (1u << 3)
00628 /*
00629  * Verify the message imprint computed by the verify method from the user
00630  * provided data and the MD algorithm of the response. This flag should not
00631  * be specified with TS_VFY_IMPRINT.
00632  */
00633 # define TS_VFY_DATA             (1u << 4)
00634 /* Verify the nonce value. */
00635 # define TS_VFY_NONCE            (1u << 5)
00636 /* Verify if the TSA name field matches the signer certificate. */
00637 # define TS_VFY_SIGNER           (1u << 6)
00638 /* Verify if the TSA name field equals to the user provided name. */
00639 # define TS_VFY_TSA_NAME         (1u << 7)
00640 
00641 /* You can use the following convenience constants. */
00642 # define TS_VFY_ALL_IMPRINT      (TS_VFY_SIGNATURE       \
00643                                  | TS_VFY_VERSION       \
00644                                  | TS_VFY_POLICY        \
00645                                  | TS_VFY_IMPRINT       \
00646                                  | TS_VFY_NONCE         \
00647                                  | TS_VFY_SIGNER        \
00648                                  | TS_VFY_TSA_NAME)
00649 # define TS_VFY_ALL_DATA         (TS_VFY_SIGNATURE       \
00650                                  | TS_VFY_VERSION       \
00651                                  | TS_VFY_POLICY        \
00652                                  | TS_VFY_DATA          \
00653                                  | TS_VFY_NONCE         \
00654                                  | TS_VFY_SIGNER        \
00655                                  | TS_VFY_TSA_NAME)
00656 
00657 typedef struct TS_verify_ctx {
00658     /* Set this to the union of TS_VFY_... flags you want to carry out. */
00659     unsigned flags;
00660     /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
00661     X509_STORE *store;
00662     STACK_OF(X509) *certs;
00663     /* Must be set only with TS_VFY_POLICY. */
00664     ASN1_OBJECT *policy;
00665     /*
00666      * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
00667      * algorithm from the response is used.
00668      */
00669     X509_ALGOR *md_alg;
00670     unsigned char *imprint;
00671     unsigned imprint_len;
00672     /* Must be set only with TS_VFY_DATA. */
00673     BIO *data;
00674     /* Must be set only with TS_VFY_TSA_NAME. */
00675     ASN1_INTEGER *nonce;
00676     /* Must be set only with TS_VFY_TSA_NAME. */
00677     GENERAL_NAME *tsa_name;
00678 } TS_VERIFY_CTX;
00679 
00680 int TS_RESP_verify_response(TS_VERIFY_CTX *ctx, TS_RESP *response);
00681 int TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token);
00682 
00683 /*
00684  * Declarations related to response verification context,
00685  * they are defined in ts/ts_verify_ctx.c.
00686  */
00687 
00688 /* Set all fields to zero. */
00689 TS_VERIFY_CTX *TS_VERIFY_CTX_new(void);
00690 void TS_VERIFY_CTX_init(TS_VERIFY_CTX *ctx);
00691 void TS_VERIFY_CTX_free(TS_VERIFY_CTX *ctx);
00692 void TS_VERIFY_CTX_cleanup(TS_VERIFY_CTX *ctx);
00693 
00694 /*-
00695  * If ctx is NULL, it allocates and returns a new object, otherwise
00696  * it returns ctx. It initialises all the members as follows:
00697  * flags = TS_VFY_ALL_IMPRINT & ~(TS_VFY_TSA_NAME | TS_VFY_SIGNATURE)
00698  * certs = NULL
00699  * store = NULL
00700  * policy = policy from the request or NULL if absent (in this case
00701  *      TS_VFY_POLICY is cleared from flags as well)
00702  * md_alg = MD algorithm from request
00703  * imprint, imprint_len = imprint from request
00704  * data = NULL
00705  * nonce, nonce_len = nonce from the request or NULL if absent (in this case
00706  *      TS_VFY_NONCE is cleared from flags as well)
00707  * tsa_name = NULL
00708  * Important: after calling this method TS_VFY_SIGNATURE should be added!
00709  */
00710 TS_VERIFY_CTX *TS_REQ_to_TS_VERIFY_CTX(TS_REQ *req, TS_VERIFY_CTX *ctx);
00711 
00712 /* Function declarations for TS_RESP defined in ts/ts_resp_print.c */
00713 
00714 int TS_RESP_print_bio(BIO *bio, TS_RESP *a);
00715 int TS_STATUS_INFO_print_bio(BIO *bio, TS_STATUS_INFO *a);
00716 int TS_TST_INFO_print_bio(BIO *bio, TS_TST_INFO *a);
00717 
00718 /* Common utility functions defined in ts/ts_lib.c */
00719 
00720 int TS_ASN1_INTEGER_print_bio(BIO *bio, const ASN1_INTEGER *num);
00721 int TS_OBJ_print_bio(BIO *bio, const ASN1_OBJECT *obj);
00722 int TS_ext_print_bio(BIO *bio, const STACK_OF(X509_EXTENSION) *extensions);
00723 int TS_X509_ALGOR_print_bio(BIO *bio, const X509_ALGOR *alg);
00724 int TS_MSG_IMPRINT_print_bio(BIO *bio, TS_MSG_IMPRINT *msg);
00725 
00726 /*
00727  * Function declarations for handling configuration options, defined in
00728  * ts/ts_conf.c
00729  */
00730 
00731 X509 *TS_CONF_load_cert(const char *file);
00732 STACK_OF(X509) *TS_CONF_load_certs(const char *file);
00733 EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
00734 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
00735 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
00736                        TS_RESP_CTX *ctx);
00737 int TS_CONF_set_crypto_device(CONF *conf, const char *section,
00738                               const char *device);
00739 int TS_CONF_set_default_engine(const char *name);
00740 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
00741                             const char *cert, TS_RESP_CTX *ctx);
00742 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
00743                       TS_RESP_CTX *ctx);
00744 int TS_CONF_set_signer_key(CONF *conf, const char *section,
00745                            const char *key, const char *pass,
00746                            TS_RESP_CTX *ctx);
00747 int TS_CONF_set_def_policy(CONF *conf, const char *section,
00748                            const char *policy, TS_RESP_CTX *ctx);
00749 int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
00750 int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx);
00751 int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx);
00752 int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
00753                                        TS_RESP_CTX *ctx);
00754 int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx);
00755 int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx);
00756 int TS_CONF_set_ess_cert_id_chain(CONF *conf, const char *section,
00757                                   TS_RESP_CTX *ctx);
00758 
00759 /* -------------------------------------------------- */
00760 /* BEGIN ERROR CODES */
00761 /*
00762  * The following lines are auto generated by the script mkerr.pl. Any changes
00763  * made after this point may be overwritten when the script is next run.
00764  */
00765 void ERR_load_TS_strings(void);
00766 
00767 /* Error codes for the TS functions. */
00768 
00769 /* Function codes. */
00770 # define TS_F_D2I_TS_RESP                                 147
00771 # define TS_F_DEF_SERIAL_CB                               110
00772 # define TS_F_DEF_TIME_CB                                 111
00773 # define TS_F_ESS_ADD_SIGNING_CERT                        112
00774 # define TS_F_ESS_CERT_ID_NEW_INIT                        113
00775 # define TS_F_ESS_SIGNING_CERT_NEW_INIT                   114
00776 # define TS_F_INT_TS_RESP_VERIFY_TOKEN                    149
00777 # define TS_F_PKCS7_TO_TS_TST_INFO                        148
00778 # define TS_F_TS_ACCURACY_SET_MICROS                      115
00779 # define TS_F_TS_ACCURACY_SET_MILLIS                      116
00780 # define TS_F_TS_ACCURACY_SET_SECONDS                     117
00781 # define TS_F_TS_CHECK_IMPRINTS                           100
00782 # define TS_F_TS_CHECK_NONCES                             101
00783 # define TS_F_TS_CHECK_POLICY                             102
00784 # define TS_F_TS_CHECK_SIGNING_CERTS                      103
00785 # define TS_F_TS_CHECK_STATUS_INFO                        104
00786 # define TS_F_TS_COMPUTE_IMPRINT                          145
00787 # define TS_F_TS_CONF_SET_DEFAULT_ENGINE                  146
00788 # define TS_F_TS_GET_STATUS_TEXT                          105
00789 # define TS_F_TS_MSG_IMPRINT_SET_ALGO                     118
00790 # define TS_F_TS_REQ_SET_MSG_IMPRINT                      119
00791 # define TS_F_TS_REQ_SET_NONCE                            120
00792 # define TS_F_TS_REQ_SET_POLICY_ID                        121
00793 # define TS_F_TS_RESP_CREATE_RESPONSE                     122
00794 # define TS_F_TS_RESP_CREATE_TST_INFO                     123
00795 # define TS_F_TS_RESP_CTX_ADD_FAILURE_INFO                124
00796 # define TS_F_TS_RESP_CTX_ADD_MD                          125
00797 # define TS_F_TS_RESP_CTX_ADD_POLICY                      126
00798 # define TS_F_TS_RESP_CTX_NEW                             127
00799 # define TS_F_TS_RESP_CTX_SET_ACCURACY                    128
00800 # define TS_F_TS_RESP_CTX_SET_CERTS                       129
00801 # define TS_F_TS_RESP_CTX_SET_DEF_POLICY                  130
00802 # define TS_F_TS_RESP_CTX_SET_SIGNER_CERT                 131
00803 # define TS_F_TS_RESP_CTX_SET_STATUS_INFO                 132
00804 # define TS_F_TS_RESP_GET_POLICY                          133
00805 # define TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION          134
00806 # define TS_F_TS_RESP_SET_STATUS_INFO                     135
00807 # define TS_F_TS_RESP_SET_TST_INFO                        150
00808 # define TS_F_TS_RESP_SIGN                                136
00809 # define TS_F_TS_RESP_VERIFY_SIGNATURE                    106
00810 # define TS_F_TS_RESP_VERIFY_TOKEN                        107
00811 # define TS_F_TS_TST_INFO_SET_ACCURACY                    137
00812 # define TS_F_TS_TST_INFO_SET_MSG_IMPRINT                 138
00813 # define TS_F_TS_TST_INFO_SET_NONCE                       139
00814 # define TS_F_TS_TST_INFO_SET_POLICY_ID                   140
00815 # define TS_F_TS_TST_INFO_SET_SERIAL                      141
00816 # define TS_F_TS_TST_INFO_SET_TIME                        142
00817 # define TS_F_TS_TST_INFO_SET_TSA                         143
00818 # define TS_F_TS_VERIFY                                   108
00819 # define TS_F_TS_VERIFY_CERT                              109
00820 # define TS_F_TS_VERIFY_CTX_NEW                           144
00821 
00822 /* Reason codes. */
00823 # define TS_R_BAD_PKCS7_TYPE                              132
00824 # define TS_R_BAD_TYPE                                    133
00825 # define TS_R_CERTIFICATE_VERIFY_ERROR                    100
00826 # define TS_R_COULD_NOT_SET_ENGINE                        127
00827 # define TS_R_COULD_NOT_SET_TIME                          115
00828 # define TS_R_D2I_TS_RESP_INT_FAILED                      128
00829 # define TS_R_DETACHED_CONTENT                            134
00830 # define TS_R_ESS_ADD_SIGNING_CERT_ERROR                  116
00831 # define TS_R_ESS_SIGNING_CERTIFICATE_ERROR               101
00832 # define TS_R_INVALID_NULL_POINTER                        102
00833 # define TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE          117
00834 # define TS_R_MESSAGE_IMPRINT_MISMATCH                    103
00835 # define TS_R_NONCE_MISMATCH                              104
00836 # define TS_R_NONCE_NOT_RETURNED                          105
00837 # define TS_R_NO_CONTENT                                  106
00838 # define TS_R_NO_TIME_STAMP_TOKEN                         107
00839 # define TS_R_PKCS7_ADD_SIGNATURE_ERROR                   118
00840 # define TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR                 119
00841 # define TS_R_PKCS7_TO_TS_TST_INFO_FAILED                 129
00842 # define TS_R_POLICY_MISMATCH                             108
00843 # define TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE      120
00844 # define TS_R_RESPONSE_SETUP_ERROR                        121
00845 # define TS_R_SIGNATURE_FAILURE                           109
00846 # define TS_R_THERE_MUST_BE_ONE_SIGNER                    110
00847 # define TS_R_TIME_SYSCALL_ERROR                          122
00848 # define TS_R_TOKEN_NOT_PRESENT                           130
00849 # define TS_R_TOKEN_PRESENT                               131
00850 # define TS_R_TSA_NAME_MISMATCH                           111
00851 # define TS_R_TSA_UNTRUSTED                               112
00852 # define TS_R_TST_INFO_SETUP_ERROR                        123
00853 # define TS_R_TS_DATASIGN                                 124
00854 # define TS_R_UNACCEPTABLE_POLICY                         125
00855 # define TS_R_UNSUPPORTED_MD_ALGORITHM                    126
00856 # define TS_R_UNSUPPORTED_VERSION                         113
00857 # define TS_R_WRONG_CONTENT_TYPE                          114
00858 
00859 #ifdef  __cplusplus
00860 }
00861 #endif
00862 #endif