xref: /freebsd/crypto/openssl/include/openssl/crmf.h.in (revision e7be843b4a162e68651d3911f0357ed464915629) 
1/*-
2 * {- join("\n * ", @autowarntext) -}
3 *
4 * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
5 * Copyright Nokia 2007-2019
6 * Copyright Siemens AG 2015-2019
7 *
8 * Licensed under the Apache License 2.0 (the "License").  You may not use
9 * this file except in compliance with the License.  You can obtain a copy
10 * in the file LICENSE in the source distribution or at
11 * https://www.openssl.org/source/license.html
12 *
13 * CRMF (RFC 4211) implementation by M. Peylo, M. Viljanen, and D. von Oheimb.
14 */
15
16{-
17use OpenSSL::stackhash qw(generate_stack_macros);
18-}
19
20#ifndef OPENSSL_CRMF_H
21# define OPENSSL_CRMF_H
22
23# include <openssl/opensslconf.h>
24
25# ifndef OPENSSL_NO_CRMF
26#  include <openssl/opensslv.h>
27#  include <openssl/safestack.h>
28#  include <openssl/crmferr.h>
29#  include <openssl/x509v3.h> /* for GENERAL_NAME etc. */
30#  include <openssl/cms.h>
31
32/* explicit #includes not strictly needed since implied by the above: */
33#  include <openssl/types.h>
34#  include <openssl/x509.h>
35
36#  ifdef __cplusplus
37extern "C" {
38#  endif
39
40#  define OSSL_CRMF_POPOPRIVKEY_THISMESSAGE          0
41#  define OSSL_CRMF_POPOPRIVKEY_SUBSEQUENTMESSAGE    1
42#  define OSSL_CRMF_POPOPRIVKEY_DHMAC                2
43#  define OSSL_CRMF_POPOPRIVKEY_AGREEMAC             3
44#  define OSSL_CRMF_POPOPRIVKEY_ENCRYPTEDKEY         4
45
46#  define OSSL_CRMF_SUBSEQUENTMESSAGE_ENCRCERT       0
47#  define OSSL_CRMF_SUBSEQUENTMESSAGE_CHALLENGERESP  1
48typedef struct ossl_crmf_encryptedvalue_st OSSL_CRMF_ENCRYPTEDVALUE;
49DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
50
51typedef struct ossl_crmf_encryptedkey_st OSSL_CRMF_ENCRYPTEDKEY;
52DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDKEY)
53
54typedef struct ossl_crmf_msg_st OSSL_CRMF_MSG;
55DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
56DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG)
57{-
58    generate_stack_macros("OSSL_CRMF_MSG");
59-}
60typedef struct ossl_crmf_attributetypeandvalue_st OSSL_CRMF_ATTRIBUTETYPEANDVALUE;
61void OSSL_CRMF_ATTRIBUTETYPEANDVALUE_free(OSSL_CRMF_ATTRIBUTETYPEANDVALUE *v);
62DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
63{-
64    generate_stack_macros("OSSL_CRMF_ATTRIBUTETYPEANDVALUE");
65-}
66
67typedef struct ossl_crmf_pbmparameter_st OSSL_CRMF_PBMPARAMETER;
68DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
69typedef struct ossl_crmf_poposigningkey_st OSSL_CRMF_POPOSIGNINGKEY;
70typedef struct ossl_crmf_certrequest_st OSSL_CRMF_CERTREQUEST;
71typedef struct ossl_crmf_certid_st OSSL_CRMF_CERTID;
72DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTID)
73DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID)
74{-
75    generate_stack_macros("OSSL_CRMF_CERTID");
76-}
77
78typedef struct ossl_crmf_pkipublicationinfo_st OSSL_CRMF_PKIPUBLICATIONINFO;
79DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO)
80typedef struct ossl_crmf_singlepubinfo_st OSSL_CRMF_SINGLEPUBINFO;
81DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO)
82typedef struct ossl_crmf_certtemplate_st OSSL_CRMF_CERTTEMPLATE;
83DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE)
84DECLARE_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTTEMPLATE)
85typedef STACK_OF(OSSL_CRMF_MSG) OSSL_CRMF_MSGS;
86DECLARE_ASN1_FUNCTIONS(OSSL_CRMF_MSGS)
87
88typedef struct ossl_crmf_optionalvalidity_st OSSL_CRMF_OPTIONALVALIDITY;
89
90/* crmf_pbm.c */
91OSSL_CRMF_PBMPARAMETER *OSSL_CRMF_pbmp_new(OSSL_LIB_CTX *libctx, size_t slen,
92                                           int owfnid, size_t itercnt,
93                                           int macnid);
94int OSSL_CRMF_pbm_new(OSSL_LIB_CTX *libctx, const char *propq,
95                      const OSSL_CRMF_PBMPARAMETER *pbmp,
96                      const unsigned char *msg, size_t msglen,
97                      const unsigned char *sec, size_t seclen,
98                      unsigned char **mac, size_t *maclen);
99
100/* crmf_lib.c */
101int OSSL_CRMF_MSG_set1_regCtrl_regToken(OSSL_CRMF_MSG *msg,
102                                        const ASN1_UTF8STRING *tok);
103ASN1_UTF8STRING
104*OSSL_CRMF_MSG_get0_regCtrl_regToken(const OSSL_CRMF_MSG *msg);
105int OSSL_CRMF_MSG_set1_regCtrl_authenticator(OSSL_CRMF_MSG *msg,
106                                             const ASN1_UTF8STRING *auth);
107ASN1_UTF8STRING
108*OSSL_CRMF_MSG_get0_regCtrl_authenticator(const OSSL_CRMF_MSG *msg);
109int
110OSSL_CRMF_MSG_PKIPublicationInfo_push0_SinglePubInfo(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
111                                                     OSSL_CRMF_SINGLEPUBINFO *spi);
112#  define OSSL_CRMF_PUB_METHOD_DONTCARE 0
113#  define OSSL_CRMF_PUB_METHOD_X500     1
114#  define OSSL_CRMF_PUB_METHOD_WEB      2
115#  define OSSL_CRMF_PUB_METHOD_LDAP     3
116int OSSL_CRMF_MSG_set0_SinglePubInfo(OSSL_CRMF_SINGLEPUBINFO *spi,
117                                     int method, GENERAL_NAME *nm);
118#  define OSSL_CRMF_PUB_ACTION_DONTPUBLISH   0
119#  define OSSL_CRMF_PUB_ACTION_PLEASEPUBLISH 1
120int OSSL_CRMF_MSG_set_PKIPublicationInfo_action(OSSL_CRMF_PKIPUBLICATIONINFO *pi,
121                                                int action);
122int OSSL_CRMF_MSG_set1_regCtrl_pkiPublicationInfo(OSSL_CRMF_MSG *msg,
123                                                  const OSSL_CRMF_PKIPUBLICATIONINFO *pi);
124OSSL_CRMF_PKIPUBLICATIONINFO
125*OSSL_CRMF_MSG_get0_regCtrl_pkiPublicationInfo(const OSSL_CRMF_MSG *msg);
126int OSSL_CRMF_MSG_set1_regCtrl_protocolEncrKey(OSSL_CRMF_MSG *msg,
127                                               const X509_PUBKEY *pubkey);
128X509_PUBKEY
129*OSSL_CRMF_MSG_get0_regCtrl_protocolEncrKey(const OSSL_CRMF_MSG *msg);
130int OSSL_CRMF_MSG_set1_regCtrl_oldCertID(OSSL_CRMF_MSG *msg,
131                                         const OSSL_CRMF_CERTID *cid);
132OSSL_CRMF_CERTID
133*OSSL_CRMF_MSG_get0_regCtrl_oldCertID(const OSSL_CRMF_MSG *msg);
134OSSL_CRMF_CERTID *OSSL_CRMF_CERTID_gen(const X509_NAME *issuer,
135                                       const ASN1_INTEGER *serial);
136
137int OSSL_CRMF_MSG_set1_regInfo_utf8Pairs(OSSL_CRMF_MSG *msg,
138                                         const ASN1_UTF8STRING *utf8pairs);
139ASN1_UTF8STRING
140*OSSL_CRMF_MSG_get0_regInfo_utf8Pairs(const OSSL_CRMF_MSG *msg);
141int OSSL_CRMF_MSG_set1_regInfo_certReq(OSSL_CRMF_MSG *msg,
142                                       const OSSL_CRMF_CERTREQUEST *cr);
143OSSL_CRMF_CERTREQUEST
144*OSSL_CRMF_MSG_get0_regInfo_certReq(const OSSL_CRMF_MSG *msg);
145
146int OSSL_CRMF_MSG_set0_validity(OSSL_CRMF_MSG *crm,
147                                ASN1_TIME *notBefore, ASN1_TIME *notAfter);
148int OSSL_CRMF_MSG_set_certReqId(OSSL_CRMF_MSG *crm, int rid);
149int OSSL_CRMF_MSG_get_certReqId(const OSSL_CRMF_MSG *crm);
150int OSSL_CRMF_MSG_set0_extensions(OSSL_CRMF_MSG *crm, X509_EXTENSIONS *exts);
151
152int OSSL_CRMF_MSG_push0_extension(OSSL_CRMF_MSG *crm, X509_EXTENSION *ext);
153#  define OSSL_CRMF_POPO_NONE       -1
154#  define OSSL_CRMF_POPO_RAVERIFIED 0
155#  define OSSL_CRMF_POPO_SIGNATURE  1
156#  define OSSL_CRMF_POPO_KEYENC     2
157#  define OSSL_CRMF_POPO_KEYAGREE   3
158int OSSL_CRMF_MSG_create_popo(int meth, OSSL_CRMF_MSG *crm,
159                              EVP_PKEY *pkey, const EVP_MD *digest,
160                              OSSL_LIB_CTX *libctx, const char *propq);
161int OSSL_CRMF_MSGS_verify_popo(const OSSL_CRMF_MSGS *reqs,
162                               int rid, int acceptRAVerified,
163                               OSSL_LIB_CTX *libctx, const char *propq);
164OSSL_CRMF_CERTTEMPLATE *OSSL_CRMF_MSG_get0_tmpl(const OSSL_CRMF_MSG *crm);
165X509_PUBKEY
166*OSSL_CRMF_CERTTEMPLATE_get0_publicKey(const OSSL_CRMF_CERTTEMPLATE *tmpl);
167const X509_NAME
168*OSSL_CRMF_CERTTEMPLATE_get0_subject(const OSSL_CRMF_CERTTEMPLATE *tmpl);
169const X509_NAME
170*OSSL_CRMF_CERTTEMPLATE_get0_issuer(const OSSL_CRMF_CERTTEMPLATE *tmpl);
171const ASN1_INTEGER
172*OSSL_CRMF_CERTTEMPLATE_get0_serialNumber(const OSSL_CRMF_CERTTEMPLATE *tmpl);
173X509_EXTENSIONS
174*OSSL_CRMF_CERTTEMPLATE_get0_extensions(const OSSL_CRMF_CERTTEMPLATE *tmpl);
175const X509_NAME
176*OSSL_CRMF_CERTID_get0_issuer(const OSSL_CRMF_CERTID *cid);
177const ASN1_INTEGER
178*OSSL_CRMF_CERTID_get0_serialNumber(const OSSL_CRMF_CERTID *cid);
179int OSSL_CRMF_CERTTEMPLATE_fill(OSSL_CRMF_CERTTEMPLATE *tmpl,
180                                EVP_PKEY *pubkey,
181                                const X509_NAME *subject,
182                                const X509_NAME *issuer,
183                                const ASN1_INTEGER *serial);
184X509 *OSSL_CRMF_ENCRYPTEDVALUE_get1_encCert(const OSSL_CRMF_ENCRYPTEDVALUE *ecert,
185                                            OSSL_LIB_CTX *libctx, const char *propq,
186                                            EVP_PKEY *pkey);
187X509 *OSSL_CRMF_ENCRYPTEDKEY_get1_encCert(const OSSL_CRMF_ENCRYPTEDKEY *ecert,
188                                          OSSL_LIB_CTX *libctx, const char *propq,
189                                          EVP_PKEY *pkey, unsigned int flags);
190unsigned char
191*OSSL_CRMF_ENCRYPTEDVALUE_decrypt(const OSSL_CRMF_ENCRYPTEDVALUE *enc,
192                                  OSSL_LIB_CTX *libctx, const char *propq,
193                                  EVP_PKEY *pkey, int *outlen);
194EVP_PKEY *OSSL_CRMF_ENCRYPTEDKEY_get1_pkey(const OSSL_CRMF_ENCRYPTEDKEY *encryptedKey,
195                                           X509_STORE *ts, STACK_OF(X509) *extra, EVP_PKEY *pkey,
196                                           X509 *cert, ASN1_OCTET_STRING *secret,
197                                           OSSL_LIB_CTX *libctx, const char *propq);
198int OSSL_CRMF_MSG_centralkeygen_requested(const OSSL_CRMF_MSG *crm, const X509_REQ *p10cr);
199#  ifndef OPENSSL_NO_CMS
200OSSL_CRMF_ENCRYPTEDKEY *OSSL_CRMF_ENCRYPTEDKEY_init_envdata(CMS_EnvelopedData *envdata);
201#  endif
202
203#  ifdef __cplusplus
204}
205#  endif
206# endif /* !defined(OPENSSL_NO_CRMF) */
207#endif /* !defined(OPENSSL_CRMF_H) */
208