1 /*- 2 * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * Copyright Nokia 2007-2019 4 * Copyright Siemens AG 2015-2019 5 * 6 * Licensed under the Apache License 2.0 (the "License"). You may not use 7 * this file except in compliance with the License. You can obtain a copy 8 * in the file LICENSE in the source distribution or at 9 * https://www.openssl.org/source/license.html 10 * 11 * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb. 12 */ 13 14 #include <openssl/asn1t.h> 15 16 #include "crmf_local.h" 17 18 /* explicit #includes not strictly needed since implied by the above: */ 19 #include <openssl/crmf.h> 20 21 ASN1_SEQUENCE(OSSL_CRMF_PRIVATEKEYINFO) = { 22 ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO, version, ASN1_INTEGER), 23 ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO, privateKeyAlgorithm, X509_ALGOR), 24 ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO, privateKey, ASN1_OCTET_STRING), 25 ASN1_IMP_SET_OF_OPT(OSSL_CRMF_PRIVATEKEYINFO, attributes, X509_ATTRIBUTE, 0) 26 } ASN1_SEQUENCE_END(OSSL_CRMF_PRIVATEKEYINFO) 27 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PRIVATEKEYINFO) 28 29 30 ASN1_CHOICE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) = { 31 ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER, value.string, ASN1_UTF8STRING), 32 ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER, value.generalName, GENERAL_NAME) 33 } ASN1_CHOICE_END(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) 34 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) 35 36 37 ASN1_SEQUENCE(OSSL_CRMF_ENCKEYWITHID) = { 38 ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID, privateKey, OSSL_CRMF_PRIVATEKEYINFO), 39 ASN1_OPT(OSSL_CRMF_ENCKEYWITHID, identifier, 40 OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) 41 } ASN1_SEQUENCE_END(OSSL_CRMF_ENCKEYWITHID) 42 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID) 43 44 45 ASN1_SEQUENCE(OSSL_CRMF_CERTID) = { 46 ASN1_SIMPLE(OSSL_CRMF_CERTID, issuer, GENERAL_NAME), 47 ASN1_SIMPLE(OSSL_CRMF_CERTID, serialNumber, ASN1_INTEGER) 48 } ASN1_SEQUENCE_END(OSSL_CRMF_CERTID) 49 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTID) 50 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID) 51 52 53 ASN1_SEQUENCE(OSSL_CRMF_ENCRYPTEDVALUE) = { 54 ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, intendedAlg, X509_ALGOR, 0), 55 ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, symmAlg, X509_ALGOR, 1), 56 ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, encSymmKey, ASN1_BIT_STRING, 2), 57 ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, keyAlg, X509_ALGOR, 3), 58 ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, valueHint, ASN1_OCTET_STRING, 4), 59 ASN1_SIMPLE(OSSL_CRMF_ENCRYPTEDVALUE, encValue, ASN1_BIT_STRING) 60 } ASN1_SEQUENCE_END(OSSL_CRMF_ENCRYPTEDVALUE) 61 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE) 62 63 ASN1_SEQUENCE(OSSL_CRMF_SINGLEPUBINFO) = { 64 ASN1_SIMPLE(OSSL_CRMF_SINGLEPUBINFO, pubMethod, ASN1_INTEGER), 65 ASN1_SIMPLE(OSSL_CRMF_SINGLEPUBINFO, pubLocation, GENERAL_NAME) 66 } ASN1_SEQUENCE_END(OSSL_CRMF_SINGLEPUBINFO) 67 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO) 68 69 70 ASN1_SEQUENCE(OSSL_CRMF_PKIPUBLICATIONINFO) = { 71 ASN1_SIMPLE(OSSL_CRMF_PKIPUBLICATIONINFO, action, ASN1_INTEGER), 72 ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_PKIPUBLICATIONINFO, pubInfos, 73 OSSL_CRMF_SINGLEPUBINFO) 74 } ASN1_SEQUENCE_END(OSSL_CRMF_PKIPUBLICATIONINFO) 75 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO) 76 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_PKIPUBLICATIONINFO) 77 78 79 ASN1_SEQUENCE(OSSL_CRMF_PKMACVALUE) = { 80 ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, algId, X509_ALGOR), 81 ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, value, ASN1_BIT_STRING) 82 } ASN1_SEQUENCE_END(OSSL_CRMF_PKMACVALUE) 83 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKMACVALUE) 84 85 86 ASN1_CHOICE(OSSL_CRMF_POPOPRIVKEY) = { 87 ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.thisMessage, ASN1_BIT_STRING, 0), 88 ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.subsequentMessage, ASN1_INTEGER, 1), 89 ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.dhMAC, ASN1_BIT_STRING, 2), 90 ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.agreeMAC, OSSL_CRMF_PKMACVALUE, 3), 91 ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.encryptedKey, ASN1_NULL, 4), 92 } ASN1_CHOICE_END(OSSL_CRMF_POPOPRIVKEY) 93 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOPRIVKEY) 94 95 96 ASN1_SEQUENCE(OSSL_CRMF_PBMPARAMETER) = { 97 ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, salt, ASN1_OCTET_STRING), 98 ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, owf, X509_ALGOR), 99 ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, iterationCount, ASN1_INTEGER), 100 ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, mac, X509_ALGOR) 101 } ASN1_SEQUENCE_END(OSSL_CRMF_PBMPARAMETER) 102 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER) 103 104 105 ASN1_CHOICE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) = { 106 ASN1_EXP(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO, value.sender, 107 GENERAL_NAME, 0), 108 ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO, value.publicKeyMAC, 109 OSSL_CRMF_PKMACVALUE) 110 } ASN1_CHOICE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) 111 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) 112 113 114 ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEYINPUT) = { 115 ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT, authInfo, 116 OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO), 117 ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT, publicKey, X509_PUBKEY) 118 } ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT) 119 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT) 120 121 122 ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEY) = { 123 ASN1_IMP_OPT(OSSL_CRMF_POPOSIGNINGKEY, poposkInput, 124 OSSL_CRMF_POPOSIGNINGKEYINPUT, 0), 125 ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEY, algorithmIdentifier, X509_ALGOR), 126 ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEY, signature, ASN1_BIT_STRING) 127 } ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEY) 128 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEY) 129 130 131 ASN1_CHOICE(OSSL_CRMF_POPO) = { 132 ASN1_IMP(OSSL_CRMF_POPO, value.raVerified, ASN1_NULL, 0), 133 ASN1_IMP(OSSL_CRMF_POPO, value.signature, OSSL_CRMF_POPOSIGNINGKEY, 1), 134 ASN1_EXP(OSSL_CRMF_POPO, value.keyEncipherment, OSSL_CRMF_POPOPRIVKEY, 2), 135 ASN1_EXP(OSSL_CRMF_POPO, value.keyAgreement, OSSL_CRMF_POPOPRIVKEY, 3) 136 } ASN1_CHOICE_END(OSSL_CRMF_POPO) 137 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPO) 138 139 140 ASN1_ADB_TEMPLATE(attributetypeandvalue_default) = 141 ASN1_OPT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY); 142 ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = { 143 ADB_ENTRY(NID_id_regCtrl_regToken, 144 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 145 value.regToken, ASN1_UTF8STRING)), 146 ADB_ENTRY(NID_id_regCtrl_authenticator, 147 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 148 value.authenticator, ASN1_UTF8STRING)), 149 ADB_ENTRY(NID_id_regCtrl_pkiPublicationInfo, 150 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 151 value.pkiPublicationInfo, 152 OSSL_CRMF_PKIPUBLICATIONINFO)), 153 ADB_ENTRY(NID_id_regCtrl_oldCertID, 154 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 155 value.oldCertID, OSSL_CRMF_CERTID)), 156 ADB_ENTRY(NID_id_regCtrl_protocolEncrKey, 157 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 158 value.protocolEncrKey, X509_PUBKEY)), 159 ADB_ENTRY(NID_id_regInfo_utf8Pairs, 160 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 161 value.utf8Pairs, ASN1_UTF8STRING)), 162 ADB_ENTRY(NID_id_regInfo_certReq, 163 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 164 value.certReq, OSSL_CRMF_CERTREQUEST)), 165 } ASN1_ADB_END(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 0, type, 0, 166 &attributetypeandvalue_default_tt, NULL); 167 168 169 ASN1_SEQUENCE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = { 170 ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, type, ASN1_OBJECT), 171 ASN1_ADB_OBJECT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) 172 } ASN1_SEQUENCE_END(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) 173 174 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) 175 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) 176 177 178 ASN1_SEQUENCE(OSSL_CRMF_OPTIONALVALIDITY) = { 179 ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notBefore, ASN1_TIME, 0), 180 ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notAfter, ASN1_TIME, 1) 181 } ASN1_SEQUENCE_END(OSSL_CRMF_OPTIONALVALIDITY) 182 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY) 183 184 185 ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = { 186 ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, version, ASN1_INTEGER, 0), 187 /* 188 * serialNumber MUST be omitted. This field is assigned by the CA 189 * during certificate creation. 190 */ 191 ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, serialNumber, ASN1_INTEGER, 1), 192 /* 193 * signingAlg MUST be omitted. This field is assigned by the CA 194 * during certificate creation. 195 */ 196 ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, signingAlg, X509_ALGOR, 2), 197 ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, issuer, X509_NAME, 3), 198 ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, validity, 199 OSSL_CRMF_OPTIONALVALIDITY, 4), 200 ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, subject, X509_NAME, 5), 201 ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, publicKey, X509_PUBKEY, 6), 202 /* issuerUID is deprecated in version 2 */ 203 ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, issuerUID, ASN1_BIT_STRING, 7), 204 /* subjectUID is deprecated in version 2 */ 205 ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, subjectUID, ASN1_BIT_STRING, 8), 206 ASN1_IMP_SEQUENCE_OF_OPT(OSSL_CRMF_CERTTEMPLATE, extensions, 207 X509_EXTENSION, 9), 208 } ASN1_SEQUENCE_END(OSSL_CRMF_CERTTEMPLATE) 209 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE) 210 211 212 ASN1_SEQUENCE(OSSL_CRMF_CERTREQUEST) = { 213 ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certReqId, ASN1_INTEGER), 214 ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certTemplate, OSSL_CRMF_CERTTEMPLATE), 215 ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_CERTREQUEST, controls, 216 OSSL_CRMF_ATTRIBUTETYPEANDVALUE) 217 } ASN1_SEQUENCE_END(OSSL_CRMF_CERTREQUEST) 218 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST) 219 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST) 220 221 222 ASN1_SEQUENCE(OSSL_CRMF_MSG) = { 223 ASN1_SIMPLE(OSSL_CRMF_MSG, certReq, OSSL_CRMF_CERTREQUEST), 224 ASN1_OPT(OSSL_CRMF_MSG, popo, OSSL_CRMF_POPO), 225 ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_MSG, regInfo, 226 OSSL_CRMF_ATTRIBUTETYPEANDVALUE) 227 } ASN1_SEQUENCE_END(OSSL_CRMF_MSG) 228 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_MSG) 229 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG) 230 231 ASN1_ITEM_TEMPLATE(OSSL_CRMF_MSGS) = 232 ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, 233 OSSL_CRMF_MSGS, OSSL_CRMF_MSG) 234 ASN1_ITEM_TEMPLATE_END(OSSL_CRMF_MSGS) 235 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_MSGS) 236