cmp_asn.c@ 108669

Last change on this file since 108669 was 108206, checked in by vboxsync, 3 months ago
openssl-3.3.2: Exported all files to OSE and removed .scm-settings bugref:10757
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 23.0 KB

Line
1	/*
2	* Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
3	* Copyright Nokia 2007-2019
4	* Copyright Siemens AG 2015-2019
5	*
6	* Licensed under the Apache License 2.0 (the "License"). You may not use
7	* this file except in compliance with the License. You can obtain a copy
8	* in the file LICENSE in the source distribution or at
9	* https://www.openssl.org/source/license.html
10	*/
11
12	#include <openssl/asn1t.h>
13
14	#include "cmp_local.h"
15
16	/* explicit #includes not strictly needed since implied by the above: */
17	#include <openssl/cmp.h>
18	#include <openssl/crmf.h>
19
20	/* ASN.1 declarations from RFC4210 */
21	ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = {
22	/* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */
23	ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, status, ASN1_INTEGER),
24	ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, certId, OSSL_CRMF_CERTID),
25	ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, willBeRevokedAt, ASN1_GENERALIZEDTIME),
26	ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, badSinceDate, ASN1_GENERALIZEDTIME),
27	ASN1_OPT(OSSL_CMP_REVANNCONTENT, crlDetails, X509_EXTENSIONS)
28	} ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT)
29	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT)
30
31	ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = {
32	ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR),
33	ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING),
34	ASN1_SIMPLE(OSSL_CMP_CHALLENGE, challenge, ASN1_OCTET_STRING)
35	} ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE)
36	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE)
37
38	ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) =
39	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
40	OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE)
41	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT)
42
43	ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) =
44	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
45	OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER)
46	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT)
47
48	ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = {
49	/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
50	ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509),
51	/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
52	ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithOld, X509),
53	/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
54	ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithNew, X509)
55	} ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT)
56	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT)
57
58	ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = {
59	ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI),
60	ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER),
61	/* OSSL_CMP_PKIFREETEXT is a ASN1_UTF8STRING sequence, so used directly */
62	ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ERRORMSGCONTENT, errorDetails,
63	ASN1_UTF8STRING)
64	} ASN1_SEQUENCE_END(OSSL_CMP_ERRORMSGCONTENT)
65	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT)
66
67	ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV,
68	infoValue.other,
69	ASN1_ANY);
70	/* ITAV means InfoTypeAndValue */
71	ASN1_ADB(OSSL_CMP_ITAV) = {
72	/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
73	ADB_ENTRY(NID_id_it_caProtEncCert, ASN1_OPT(OSSL_CMP_ITAV,
74	infoValue.caProtEncCert, X509)),
75	ADB_ENTRY(NID_id_it_signKeyPairTypes,
76	ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
77	infoValue.signKeyPairTypes, X509_ALGOR)),
78	ADB_ENTRY(NID_id_it_encKeyPairTypes,
79	ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
80	infoValue.encKeyPairTypes, X509_ALGOR)),
81	ADB_ENTRY(NID_id_it_preferredSymmAlg,
82	ASN1_OPT(OSSL_CMP_ITAV, infoValue.preferredSymmAlg,
83	X509_ALGOR)),
84	ADB_ENTRY(NID_id_it_caKeyUpdateInfo,
85	ASN1_OPT(OSSL_CMP_ITAV, infoValue.caKeyUpdateInfo,
86	OSSL_CMP_CAKEYUPDANNCONTENT)),
87	ADB_ENTRY(NID_id_it_currentCRL,
88	ASN1_OPT(OSSL_CMP_ITAV, infoValue.currentCRL, X509_CRL)),
89	ADB_ENTRY(NID_id_it_unsupportedOIDs,
90	ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV,
91	infoValue.unsupportedOIDs, ASN1_OBJECT)),
92	ADB_ENTRY(NID_id_it_keyPairParamReq,
93	ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamReq,
94	ASN1_OBJECT)),
95	ADB_ENTRY(NID_id_it_keyPairParamRep,
96	ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamRep,
97	X509_ALGOR)),
98	ADB_ENTRY(NID_id_it_revPassphrase,
99	ASN1_OPT(OSSL_CMP_ITAV, infoValue.revPassphrase,
100	OSSL_CRMF_ENCRYPTEDVALUE)),
101	ADB_ENTRY(NID_id_it_implicitConfirm,
102	ASN1_OPT(OSSL_CMP_ITAV, infoValue.implicitConfirm,
103	ASN1_NULL)),
104	ADB_ENTRY(NID_id_it_confirmWaitTime,
105	ASN1_OPT(OSSL_CMP_ITAV, infoValue.confirmWaitTime,
106	ASN1_GENERALIZEDTIME)),
107	ADB_ENTRY(NID_id_it_origPKIMessage,
108	ASN1_OPT(OSSL_CMP_ITAV, infoValue.origPKIMessage,
109	OSSL_CMP_MSGS)),
110	ADB_ENTRY(NID_id_it_suppLangTags,
111	ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.suppLangTagsValue,
112	ASN1_UTF8STRING)),
113	ADB_ENTRY(NID_id_it_caCerts,
114	ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.caCerts, X509)),
115	ADB_ENTRY(NID_id_it_rootCaCert,
116	ASN1_OPT(OSSL_CMP_ITAV, infoValue.rootCaCert, X509)),
117	ADB_ENTRY(NID_id_it_rootCaKeyUpdate,
118	ASN1_OPT(OSSL_CMP_ITAV, infoValue.rootCaKeyUpdate,
119	OSSL_CMP_ROOTCAKEYUPDATE)),
120	ADB_ENTRY(NID_id_it_certProfile,
121	ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.certProfile,
122	ASN1_UTF8STRING)),
123	} ASN1_ADB_END(OSSL_CMP_ITAV, 0, infoType, 0,
124	&infotypeandvalue_default_tt, NULL);
125
126	ASN1_SEQUENCE(OSSL_CMP_ITAV) = {
127	ASN1_SIMPLE(OSSL_CMP_ITAV, infoType, ASN1_OBJECT),
128	ASN1_ADB_OBJECT(OSSL_CMP_ITAV)
129	} ASN1_SEQUENCE_END(OSSL_CMP_ITAV)
130	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ITAV)
131	IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV)
132
133	ASN1_SEQUENCE(OSSL_CMP_ROOTCAKEYUPDATE) = {
134	/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
135	ASN1_SIMPLE(OSSL_CMP_ROOTCAKEYUPDATE, newWithNew, X509),
136	ASN1_EXP_OPT(OSSL_CMP_ROOTCAKEYUPDATE, newWithOld, X509, 0),
137	ASN1_EXP_OPT(OSSL_CMP_ROOTCAKEYUPDATE, oldWithNew, X509, 1)
138	} ASN1_SEQUENCE_END(OSSL_CMP_ROOTCAKEYUPDATE)
139	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ROOTCAKEYUPDATE)
140
141	OSSL_CMP_ITAV OSSL_CMP_ITAV_create(ASN1_OBJECT type, ASN1_TYPE *value)
142	{
143	OSSL_CMP_ITAV *itav;
144
145	if (type == NULL \|\| (itav = OSSL_CMP_ITAV_new()) == NULL)
146	return NULL;
147	OSSL_CMP_ITAV_set0(itav, type, value);
148	return itav;
149	}
150
151	void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV itav, ASN1_OBJECT type,
152	ASN1_TYPE *value)
153	{
154	itav->infoType = type;
155	itav->infoValue.other = value;
156	}
157
158	ASN1_OBJECT OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV itav)
159	{
160	if (itav == NULL)
161	return NULL;
162	return itav->infoType;
163	}
164
165	ASN1_TYPE OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV itav)
166	{
167	if (itav == NULL)
168	return NULL;
169	return itav->infoValue.other;
170	}
171
172	int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p,
173	OSSL_CMP_ITAV *itav)
174	{
175	int created = 0;
176
177	if (itav_sk_p == NULL \|\| itav == NULL) {
178	ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
179	goto err;
180	}
181
182	if (*itav_sk_p == NULL) {
183	if ((*itav_sk_p = sk_OSSL_CMP_ITAV_new_null()) == NULL)
184	goto err;
185	created = 1;
186	}
187	if (!sk_OSSL_CMP_ITAV_push(*itav_sk_p, itav))
188	goto err;
189	return 1;
190
191	err:
192	if (created) {
193	sk_OSSL_CMP_ITAV_free(*itav_sk_p);
194	*itav_sk_p = NULL;
195	}
196	return 0;
197	}
198
199	OSSL_CMP_ITAV
200	OSSL_CMP_ITAV_new0_certProfile(STACK_OF(ASN1_UTF8STRING) certProfile)
201	{
202	OSSL_CMP_ITAV *itav;
203
204	if ((itav = OSSL_CMP_ITAV_new()) == NULL)
205	return NULL;
206	itav->infoType = OBJ_nid2obj(NID_id_it_certProfile);
207	itav->infoValue.certProfile = certProfile;
208	return itav;
209	}
210
211	int OSSL_CMP_ITAV_get0_certProfile(const OSSL_CMP_ITAV *itav,
212	STACK_OF(ASN1_UTF8STRING) **out)
213	{
214	if (itav == NULL \|\| out == NULL) {
215	ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_NULL_PARAMETER);
216	return 0;
217	}
218	if (OBJ_obj2nid(itav->infoType) != NID_id_it_certProfile) {
219	ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
220	return 0;
221	}
222	*out = itav->infoValue.certProfile;
223	return 1;
224	}
225
226	OSSL_CMP_ITAV OSSL_CMP_ITAV_new_caCerts(const STACK_OF(X509) caCerts)
227	{
228	OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new();
229
230	if (itav == NULL)
231	return NULL;
232	if (sk_X509_num(caCerts) > 0
233	&& (itav->infoValue.caCerts =
234	sk_X509_deep_copy(caCerts, X509_dup, X509_free)) == NULL) {
235	OSSL_CMP_ITAV_free(itav);
236	return NULL;
237	}
238	itav->infoType = OBJ_nid2obj(NID_id_it_caCerts);
239	return itav;
240	}
241
242	int OSSL_CMP_ITAV_get0_caCerts(const OSSL_CMP_ITAV itav, STACK_OF(X509) *out)
243	{
244	if (itav == NULL \|\| out == NULL) {
245	ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_NULL_PARAMETER);
246	return 0;
247	}
248	if (OBJ_obj2nid(itav->infoType) != NID_id_it_caCerts) {
249	ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
250	return 0;
251	}
252	*out = sk_X509_num(itav->infoValue.caCerts) > 0
253	? itav->infoValue.caCerts : NULL;
254	return 1;
255	}
256
257	OSSL_CMP_ITAV OSSL_CMP_ITAV_new_rootCaCert(const X509 rootCaCert)
258	{
259	OSSL_CMP_ITAV *itav = OSSL_CMP_ITAV_new();
260
261	if (itav == NULL)
262	return NULL;
263	if (rootCaCert != NULL
264	&& (itav->infoValue.rootCaCert = X509_dup(rootCaCert)) == NULL) {
265	OSSL_CMP_ITAV_free(itav);
266	return NULL;
267	}
268	itav->infoType = OBJ_nid2obj(NID_id_it_rootCaCert);
269	return itav;
270	}
271
272	int OSSL_CMP_ITAV_get0_rootCaCert(const OSSL_CMP_ITAV itav, X509 *out)
273	{
274	if (itav == NULL \|\| out == NULL) {
275	ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_NULL_PARAMETER);
276	return 0;
277	}
278	if (OBJ_obj2nid(itav->infoType) != NID_id_it_rootCaCert) {
279	ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
280	return 0;
281	}
282	*out = itav->infoValue.rootCaCert;
283	return 1;
284	}
285	OSSL_CMP_ITAV OSSL_CMP_ITAV_new_rootCaKeyUpdate(const X509 newWithNew,
286	const X509 *newWithOld,
287	const X509 *oldWithNew)
288	{
289	OSSL_CMP_ITAV *itav;
290	OSSL_CMP_ROOTCAKEYUPDATE *upd = NULL;
291
292	if (newWithNew != NULL) {
293	upd = OSSL_CMP_ROOTCAKEYUPDATE_new();
294	if (upd == NULL)
295	return NULL;
296
297	if ((upd->newWithNew = X509_dup(newWithNew)) == NULL)
298	goto err;
299	if (newWithOld != NULL
300	&& (upd->newWithOld = X509_dup(newWithOld)) == NULL)
301	goto err;
302	if (oldWithNew != NULL
303	&& (upd->oldWithNew = X509_dup(oldWithNew)) == NULL)
304	goto err;
305	}
306
307	if ((itav = OSSL_CMP_ITAV_new()) == NULL)
308	goto err;
309	itav->infoType = OBJ_nid2obj(NID_id_it_rootCaKeyUpdate);
310	itav->infoValue.rootCaKeyUpdate = upd;
311	return itav;
312
313	err:
314	OSSL_CMP_ROOTCAKEYUPDATE_free(upd);
315	return NULL;
316	}
317
318	int OSSL_CMP_ITAV_get0_rootCaKeyUpdate(const OSSL_CMP_ITAV *itav,
319	X509 **newWithNew,
320	X509 **newWithOld,
321	X509 **oldWithNew)
322	{
323	OSSL_CMP_ROOTCAKEYUPDATE *upd;
324
325	if (itav == NULL \|\| newWithNew == NULL) {
326	ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_NULL_PARAMETER);
327	return 0;
328	}
329	if (OBJ_obj2nid(itav->infoType) != NID_id_it_rootCaKeyUpdate) {
330	ERR_raise(ERR_LIB_CMP, ERR_R_PASSED_INVALID_ARGUMENT);
331	return 0;
332	}
333	upd = itav->infoValue.rootCaKeyUpdate;
334	*newWithNew = upd != NULL ? upd->newWithNew : NULL;
335	if (newWithOld != NULL)
336	*newWithOld = upd != NULL ? upd->newWithOld : NULL;
337	if (oldWithNew != NULL)
338	*oldWithNew = upd != NULL ? upd->oldWithNew : NULL;
339	return 1;
340	}
341
342	/* get ASN.1 encoded integer, return -2 on error; -1 is valid for certReqId */
343	int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a)
344	{
345	int64_t res;
346
347	if (!ASN1_INTEGER_get_int64(&res, a)) {
348	ERR_raise(ERR_LIB_CMP, ASN1_R_INVALID_NUMBER);
349	return -2;
350	}
351	if (res < INT_MIN) {
352	ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_SMALL);
353	return -2;
354	}
355	if (res > INT_MAX) {
356	ERR_raise(ERR_LIB_CMP, ASN1_R_TOO_LARGE);
357	return -2;
358	}
359	return (int)res;
360	}
361
362	static int ossl_cmp_msg_cb(int operation, ASN1_VALUE **pval,
363	ossl_unused const ASN1_ITEM it, void exarg)
364	{
365	OSSL_CMP_MSG msg = (OSSL_CMP_MSG )*pval;
366
367	switch (operation) {
368	case ASN1_OP_FREE_POST:
369	OPENSSL_free(msg->propq);
370	break;
371
372	case ASN1_OP_DUP_POST:
373	{
374	OSSL_CMP_MSG *old = exarg;
375
376	if (!ossl_cmp_msg_set0_libctx(msg, old->libctx, old->propq))
377	return 0;
378	}
379	break;
380	case ASN1_OP_GET0_LIBCTX:
381	{
382	OSSL_LIB_CTX **libctx = exarg;
383
384	*libctx = msg->libctx;
385	}
386	break;
387	case ASN1_OP_GET0_PROPQ:
388	{
389	const char **propq = exarg;
390
391	*propq = msg->propq;
392	}
393	break;
394	default:
395	break;
396	}
397
398	return 1;
399	}
400
401	ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = {
402	/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
403	ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0),
404	ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.encryptedCert,
405	OSSL_CRMF_ENCRYPTEDVALUE, 1),
406	} ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT)
407	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT)
408
409	ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = {
410	ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert,
411	OSSL_CMP_CERTORENCCERT),
412	ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, privateKey,
413	OSSL_CRMF_ENCRYPTEDVALUE, 0),
414	ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, publicationInfo,
415	OSSL_CRMF_PKIPUBLICATIONINFO, 1)
416	} ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR)
417	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR)
418
419	ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = {
420	ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE),
421	ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS)
422	} ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS)
423	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS)
424
425	ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) =
426	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT,
427	OSSL_CMP_REVDETAILS)
428	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT)
429
430	ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = {
431	ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI),
432	ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID,
433	0),
434	ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, crls, X509_CRL, 1)
435	} ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT)
436	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT)
437
438	ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = {
439	ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI),
440	ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0),
441	ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, caCerts, X509, 1),
442	ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, keyPairHist,
443	OSSL_CMP_CERTIFIEDKEYPAIR, 2)
444	} ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT)
445	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT)
446
447	ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) =
448	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER)
449	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS)
450
451	ASN1_SEQUENCE(OSSL_CMP_PKISI) = {
452	ASN1_SIMPLE(OSSL_CMP_PKISI, status, OSSL_CMP_PKISTATUS),
453	/* OSSL_CMP_PKIFREETEXT is a ASN1_UTF8STRING sequence, so used directly */
454	ASN1_SEQUENCE_OF_OPT(OSSL_CMP_PKISI, statusString, ASN1_UTF8STRING),
455	/* OSSL_CMP_PKIFAILUREINFO is effectively ASN1_BIT_STRING, used directly */
456	ASN1_OPT(OSSL_CMP_PKISI, failInfo, ASN1_BIT_STRING)
457	} ASN1_SEQUENCE_END(OSSL_CMP_PKISI)
458	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKISI)
459	IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI)
460
461	ASN1_SEQUENCE(OSSL_CMP_CERTSTATUS) = {
462	ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certHash, ASN1_OCTET_STRING),
463	ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certReqId, ASN1_INTEGER),
464	ASN1_OPT(OSSL_CMP_CERTSTATUS, statusInfo, OSSL_CMP_PKISI),
465	ASN1_EXP_OPT(OSSL_CMP_CERTSTATUS, hashAlg, X509_ALGOR, 0)
466	} ASN1_SEQUENCE_END(OSSL_CMP_CERTSTATUS)
467	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS)
468
469	ASN1_ITEM_TEMPLATE(OSSL_CMP_CERTCONFIRMCONTENT) =
470	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_CERTCONFIRMCONTENT,
471	OSSL_CMP_CERTSTATUS)
472	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CERTCONFIRMCONTENT)
473
474	ASN1_SEQUENCE(OSSL_CMP_CERTRESPONSE) = {
475	ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, certReqId, ASN1_INTEGER),
476	ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, status, OSSL_CMP_PKISI),
477	ASN1_OPT(OSSL_CMP_CERTRESPONSE, certifiedKeyPair,
478	OSSL_CMP_CERTIFIEDKEYPAIR),
479	ASN1_OPT(OSSL_CMP_CERTRESPONSE, rspInfo, ASN1_OCTET_STRING)
480	} ASN1_SEQUENCE_END(OSSL_CMP_CERTRESPONSE)
481	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE)
482
483	ASN1_SEQUENCE(OSSL_CMP_POLLREQ) = {
484	ASN1_SIMPLE(OSSL_CMP_POLLREQ, certReqId, ASN1_INTEGER)
485	} ASN1_SEQUENCE_END(OSSL_CMP_POLLREQ)
486	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ)
487
488	ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREQCONTENT) =
489	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POLLREQCONTENT,
490	OSSL_CMP_POLLREQ)
491	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREQCONTENT)
492
493	ASN1_SEQUENCE(OSSL_CMP_POLLREP) = {
494	ASN1_SIMPLE(OSSL_CMP_POLLREP, certReqId, ASN1_INTEGER),
495	ASN1_SIMPLE(OSSL_CMP_POLLREP, checkAfter, ASN1_INTEGER),
496	ASN1_SEQUENCE_OF_OPT(OSSL_CMP_POLLREP, reason, ASN1_UTF8STRING),
497	} ASN1_SEQUENCE_END(OSSL_CMP_POLLREP)
498	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREP)
499
500	ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREPCONTENT) =
501	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
502	OSSL_CMP_POLLREPCONTENT,
503	OSSL_CMP_POLLREP)
504	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREPCONTENT)
505
506	ASN1_SEQUENCE(OSSL_CMP_CERTREPMESSAGE) = {
507	/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
508	ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_CERTREPMESSAGE, caPubs, X509, 1),
509	ASN1_SEQUENCE_OF(OSSL_CMP_CERTREPMESSAGE, response, OSSL_CMP_CERTRESPONSE)
510	} ASN1_SEQUENCE_END(OSSL_CMP_CERTREPMESSAGE)
511	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE)
512
513	ASN1_ITEM_TEMPLATE(OSSL_CMP_GENMSGCONTENT) =
514	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENMSGCONTENT,
515	OSSL_CMP_ITAV)
516	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENMSGCONTENT)
517
518	ASN1_ITEM_TEMPLATE(OSSL_CMP_GENREPCONTENT) =
519	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENREPCONTENT,
520	OSSL_CMP_ITAV)
521	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENREPCONTENT)
522
523	ASN1_ITEM_TEMPLATE(OSSL_CMP_CRLANNCONTENT) =
524	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
525	OSSL_CMP_CRLANNCONTENT, X509_CRL)
526	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CRLANNCONTENT)
527
528	ASN1_CHOICE(OSSL_CMP_PKIBODY) = {
529	ASN1_EXP(OSSL_CMP_PKIBODY, value.ir, OSSL_CRMF_MSGS, 0),
530	ASN1_EXP(OSSL_CMP_PKIBODY, value.ip, OSSL_CMP_CERTREPMESSAGE, 1),
531	ASN1_EXP(OSSL_CMP_PKIBODY, value.cr, OSSL_CRMF_MSGS, 2),
532	ASN1_EXP(OSSL_CMP_PKIBODY, value.cp, OSSL_CMP_CERTREPMESSAGE, 3),
533	ASN1_EXP(OSSL_CMP_PKIBODY, value.p10cr, X509_REQ, 4),
534	ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecc,
535	OSSL_CMP_POPODECKEYCHALLCONTENT, 5),
536	ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecr,
537	OSSL_CMP_POPODECKEYRESPCONTENT, 6),
538	ASN1_EXP(OSSL_CMP_PKIBODY, value.kur, OSSL_CRMF_MSGS, 7),
539	ASN1_EXP(OSSL_CMP_PKIBODY, value.kup, OSSL_CMP_CERTREPMESSAGE, 8),
540	ASN1_EXP(OSSL_CMP_PKIBODY, value.krr, OSSL_CRMF_MSGS, 9),
541	ASN1_EXP(OSSL_CMP_PKIBODY, value.krp, OSSL_CMP_KEYRECREPCONTENT, 10),
542	ASN1_EXP(OSSL_CMP_PKIBODY, value.rr, OSSL_CMP_REVREQCONTENT, 11),
543	ASN1_EXP(OSSL_CMP_PKIBODY, value.rp, OSSL_CMP_REVREPCONTENT, 12),
544	ASN1_EXP(OSSL_CMP_PKIBODY, value.ccr, OSSL_CRMF_MSGS, 13),
545	ASN1_EXP(OSSL_CMP_PKIBODY, value.ccp, OSSL_CMP_CERTREPMESSAGE, 14),
546	ASN1_EXP(OSSL_CMP_PKIBODY, value.ckuann, OSSL_CMP_CAKEYUPDANNCONTENT, 15),
547	ASN1_EXP(OSSL_CMP_PKIBODY, value.cann, X509, 16),
548	ASN1_EXP(OSSL_CMP_PKIBODY, value.rann, OSSL_CMP_REVANNCONTENT, 17),
549	ASN1_EXP(OSSL_CMP_PKIBODY, value.crlann, OSSL_CMP_CRLANNCONTENT, 18),
550	ASN1_EXP(OSSL_CMP_PKIBODY, value.pkiconf, ASN1_ANY, 19),
551	ASN1_EXP(OSSL_CMP_PKIBODY, value.nested, OSSL_CMP_MSGS, 20),
552	ASN1_EXP(OSSL_CMP_PKIBODY, value.genm, OSSL_CMP_GENMSGCONTENT, 21),
553	ASN1_EXP(OSSL_CMP_PKIBODY, value.genp, OSSL_CMP_GENREPCONTENT, 22),
554	ASN1_EXP(OSSL_CMP_PKIBODY, value.error, OSSL_CMP_ERRORMSGCONTENT, 23),
555	ASN1_EXP(OSSL_CMP_PKIBODY, value.certConf, OSSL_CMP_CERTCONFIRMCONTENT, 24),
556	ASN1_EXP(OSSL_CMP_PKIBODY, value.pollReq, OSSL_CMP_POLLREQCONTENT, 25),
557	ASN1_EXP(OSSL_CMP_PKIBODY, value.pollRep, OSSL_CMP_POLLREPCONTENT, 26),
558	} ASN1_CHOICE_END(OSSL_CMP_PKIBODY)
559	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY)
560
561	ASN1_SEQUENCE(OSSL_CMP_PKIHEADER) = {
562	ASN1_SIMPLE(OSSL_CMP_PKIHEADER, pvno, ASN1_INTEGER),
563	ASN1_SIMPLE(OSSL_CMP_PKIHEADER, sender, GENERAL_NAME),
564	ASN1_SIMPLE(OSSL_CMP_PKIHEADER, recipient, GENERAL_NAME),
565	ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, messageTime, ASN1_GENERALIZEDTIME, 0),
566	ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, protectionAlg, X509_ALGOR, 1),
567	ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderKID, ASN1_OCTET_STRING, 2),
568	ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipKID, ASN1_OCTET_STRING, 3),
569	ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, transactionID, ASN1_OCTET_STRING, 4),
570	ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderNonce, ASN1_OCTET_STRING, 5),
571	ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipNonce, ASN1_OCTET_STRING, 6),
572	/* OSSL_CMP_PKIFREETEXT is a ASN1_UTF8STRING sequence, so used directly */
573	ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, freeText, ASN1_UTF8STRING, 7),
574	ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, generalInfo,
575	OSSL_CMP_ITAV, 8)
576	} ASN1_SEQUENCE_END(OSSL_CMP_PKIHEADER)
577	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER)
578
579	ASN1_SEQUENCE(OSSL_CMP_PROTECTEDPART) = {
580	ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER),
581	ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY)
582	} ASN1_SEQUENCE_END(OSSL_CMP_PROTECTEDPART)
583	IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PROTECTEDPART)
584
585	ASN1_SEQUENCE_cb(OSSL_CMP_MSG, ossl_cmp_msg_cb) = {
586	ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER),
587	ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY),
588	ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0),
589	/* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */
590	ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1)
591	} ASN1_SEQUENCE_END_cb(OSSL_CMP_MSG, OSSL_CMP_MSG)
592	IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG)
593
594	ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) =
595	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_MSGS,
596	OSSL_CMP_MSG)
597	ASN1_ITEM_TEMPLATE_END(OSSL_CMP_MSGS)

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.3.2/crypto/cmp/cmp_asn.c@ 108669

Download in other formats: