1 | /* |
2 | * Copyright 2007-2019 The OpenSSL Project Authors. All Rights Reserved. |
3 | * Copyright Nokia 2007-2019 |
4 | * Copyright Siemens AG 2015-2019 |
5 | * |
6 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
7 | * this file except in compliance with the License. You can obtain a copy |
8 | * in the file LICENSE in the source distribution or at |
9 | * https://www.openssl.org/source/license.html |
10 | */ |
11 | |
12 | #include <openssl/asn1t.h> |
13 | |
14 | #include "cmp_local.h" |
15 | |
16 | /* explicit #includes not strictly needed since implied by the above: */ |
17 | #include <openssl/cmp.h> |
18 | #include <openssl/crmf.h> |
19 | |
20 | /* ASN.1 declarations from RFC4210 */ |
21 | ASN1_SEQUENCE(OSSL_CMP_REVANNCONTENT) = { |
22 | /* OSSL_CMP_PKISTATUS is effectively ASN1_INTEGER so it is used directly */ |
23 | ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, status, ASN1_INTEGER), |
24 | ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, certId, OSSL_CRMF_CERTID), |
25 | ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, willBeRevokedAt, ASN1_GENERALIZEDTIME), |
26 | ASN1_SIMPLE(OSSL_CMP_REVANNCONTENT, badSinceDate, ASN1_GENERALIZEDTIME), |
27 | ASN1_OPT(OSSL_CMP_REVANNCONTENT, crlDetails, X509_EXTENSIONS) |
28 | } ASN1_SEQUENCE_END(OSSL_CMP_REVANNCONTENT) |
29 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVANNCONTENT) |
30 | |
31 | |
32 | ASN1_SEQUENCE(OSSL_CMP_CHALLENGE) = { |
33 | ASN1_OPT(OSSL_CMP_CHALLENGE, owf, X509_ALGOR), |
34 | ASN1_SIMPLE(OSSL_CMP_CHALLENGE, witness, ASN1_OCTET_STRING), |
35 | ASN1_SIMPLE(OSSL_CMP_CHALLENGE, challenge, ASN1_OCTET_STRING) |
36 | } ASN1_SEQUENCE_END(OSSL_CMP_CHALLENGE) |
37 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CHALLENGE) |
38 | |
39 | |
40 | ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYCHALLCONTENT) = |
41 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, |
42 | OSSL_CMP_POPODECKEYCHALLCONTENT, OSSL_CMP_CHALLENGE) |
43 | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYCHALLCONTENT) |
44 | |
45 | |
46 | ASN1_ITEM_TEMPLATE(OSSL_CMP_POPODECKEYRESPCONTENT) = |
47 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, |
48 | OSSL_CMP_POPODECKEYRESPCONTENT, ASN1_INTEGER) |
49 | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POPODECKEYRESPCONTENT) |
50 | |
51 | |
52 | ASN1_SEQUENCE(OSSL_CMP_CAKEYUPDANNCONTENT) = { |
53 | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
54 | ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, oldWithNew, X509), |
55 | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
56 | ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithOld, X509), |
57 | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
58 | ASN1_SIMPLE(OSSL_CMP_CAKEYUPDANNCONTENT, newWithNew, X509) |
59 | } ASN1_SEQUENCE_END(OSSL_CMP_CAKEYUPDANNCONTENT) |
60 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CAKEYUPDANNCONTENT) |
61 | |
62 | |
63 | ASN1_SEQUENCE(OSSL_CMP_ERRORMSGCONTENT) = { |
64 | ASN1_SIMPLE(OSSL_CMP_ERRORMSGCONTENT, pKIStatusInfo, OSSL_CMP_PKISI), |
65 | ASN1_OPT(OSSL_CMP_ERRORMSGCONTENT, errorCode, ASN1_INTEGER), |
66 | /* |
67 | * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING |
68 | * so it is used directly |
69 | * |
70 | */ |
71 | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ERRORMSGCONTENT, errorDetails, ASN1_UTF8STRING) |
72 | } ASN1_SEQUENCE_END(OSSL_CMP_ERRORMSGCONTENT) |
73 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ERRORMSGCONTENT) |
74 | |
75 | ASN1_ADB_TEMPLATE(infotypeandvalue_default) = ASN1_OPT(OSSL_CMP_ITAV, |
76 | infoValue.other, ASN1_ANY); |
77 | /* ITAV means InfoTypeAndValue */ |
78 | ASN1_ADB(OSSL_CMP_ITAV) = { |
79 | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
80 | ADB_ENTRY(NID_id_it_caProtEncCert, ASN1_OPT(OSSL_CMP_ITAV, |
81 | infoValue.caProtEncCert, X509)), |
82 | ADB_ENTRY(NID_id_it_signKeyPairTypes, |
83 | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, |
84 | infoValue.signKeyPairTypes, X509_ALGOR)), |
85 | ADB_ENTRY(NID_id_it_encKeyPairTypes, |
86 | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, |
87 | infoValue.encKeyPairTypes, X509_ALGOR)), |
88 | ADB_ENTRY(NID_id_it_preferredSymmAlg, |
89 | ASN1_OPT(OSSL_CMP_ITAV, infoValue.preferredSymmAlg, |
90 | X509_ALGOR)), |
91 | ADB_ENTRY(NID_id_it_caKeyUpdateInfo, |
92 | ASN1_OPT(OSSL_CMP_ITAV, infoValue.caKeyUpdateInfo, |
93 | OSSL_CMP_CAKEYUPDANNCONTENT)), |
94 | ADB_ENTRY(NID_id_it_currentCRL, |
95 | ASN1_OPT(OSSL_CMP_ITAV, infoValue.currentCRL, X509_CRL)), |
96 | ADB_ENTRY(NID_id_it_unsupportedOIDs, |
97 | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, |
98 | infoValue.unsupportedOIDs, ASN1_OBJECT)), |
99 | ADB_ENTRY(NID_id_it_keyPairParamReq, |
100 | ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamReq, |
101 | ASN1_OBJECT)), |
102 | ADB_ENTRY(NID_id_it_keyPairParamRep, |
103 | ASN1_OPT(OSSL_CMP_ITAV, infoValue.keyPairParamRep, |
104 | X509_ALGOR)), |
105 | ADB_ENTRY(NID_id_it_revPassphrase, |
106 | ASN1_OPT(OSSL_CMP_ITAV, infoValue.revPassphrase, |
107 | OSSL_CRMF_ENCRYPTEDVALUE)), |
108 | ADB_ENTRY(NID_id_it_implicitConfirm, |
109 | ASN1_OPT(OSSL_CMP_ITAV, infoValue.implicitConfirm, |
110 | ASN1_NULL)), |
111 | ADB_ENTRY(NID_id_it_confirmWaitTime, |
112 | ASN1_OPT(OSSL_CMP_ITAV, infoValue.confirmWaitTime, |
113 | ASN1_GENERALIZEDTIME)), |
114 | ADB_ENTRY(NID_id_it_origPKIMessage, |
115 | ASN1_OPT(OSSL_CMP_ITAV, infoValue.origPKIMessage, |
116 | OSSL_CMP_MSGS)), |
117 | ADB_ENTRY(NID_id_it_suppLangTags, |
118 | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_ITAV, infoValue.suppLangTagsValue, |
119 | ASN1_UTF8STRING)), |
120 | } ASN1_ADB_END(OSSL_CMP_ITAV, 0, infoType, 0, |
121 | &infotypeandvalue_default_tt, NULL); |
122 | |
123 | |
124 | ASN1_SEQUENCE(OSSL_CMP_ITAV) = { |
125 | ASN1_SIMPLE(OSSL_CMP_ITAV, infoType, ASN1_OBJECT), |
126 | ASN1_ADB_OBJECT(OSSL_CMP_ITAV) |
127 | } ASN1_SEQUENCE_END(OSSL_CMP_ITAV) |
128 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_ITAV) |
129 | IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_ITAV) |
130 | |
131 | OSSL_CMP_ITAV *OSSL_CMP_ITAV_create(ASN1_OBJECT *type, ASN1_TYPE *value) |
132 | { |
133 | OSSL_CMP_ITAV *itav; |
134 | |
135 | if (type == NULL || (itav = OSSL_CMP_ITAV_new()) == NULL) |
136 | return NULL; |
137 | OSSL_CMP_ITAV_set0(itav, type, value); |
138 | return itav; |
139 | } |
140 | |
141 | void OSSL_CMP_ITAV_set0(OSSL_CMP_ITAV *itav, ASN1_OBJECT *type, |
142 | ASN1_TYPE *value) |
143 | { |
144 | itav->infoType = type; |
145 | itav->infoValue.other = value; |
146 | } |
147 | |
148 | ASN1_OBJECT *OSSL_CMP_ITAV_get0_type(const OSSL_CMP_ITAV *itav) |
149 | { |
150 | if (itav == NULL) |
151 | return NULL; |
152 | return itav->infoType; |
153 | } |
154 | |
155 | ASN1_TYPE *OSSL_CMP_ITAV_get0_value(const OSSL_CMP_ITAV *itav) |
156 | { |
157 | if (itav == NULL) |
158 | return NULL; |
159 | return itav->infoValue.other; |
160 | } |
161 | |
162 | int OSSL_CMP_ITAV_push0_stack_item(STACK_OF(OSSL_CMP_ITAV) **itav_sk_p, |
163 | OSSL_CMP_ITAV *itav) |
164 | { |
165 | int created = 0; |
166 | |
167 | if (itav_sk_p == NULL || itav == NULL) { |
168 | CMPerr(0, CMP_R_NULL_ARGUMENT); |
169 | goto err; |
170 | } |
171 | |
172 | if (*itav_sk_p == NULL) { |
173 | if ((*itav_sk_p = sk_OSSL_CMP_ITAV_new_null()) == NULL) |
174 | goto err; |
175 | created = 1; |
176 | } |
177 | if (!sk_OSSL_CMP_ITAV_push(*itav_sk_p, itav)) |
178 | goto err; |
179 | return 1; |
180 | |
181 | err: |
182 | if (created != 0) { |
183 | sk_OSSL_CMP_ITAV_free(*itav_sk_p); |
184 | *itav_sk_p = NULL; |
185 | } |
186 | return 0; |
187 | } |
188 | |
189 | /* get ASN.1 encoded integer, return -1 on error */ |
190 | int ossl_cmp_asn1_get_int(const ASN1_INTEGER *a) |
191 | { |
192 | int64_t res; |
193 | |
194 | if (!ASN1_INTEGER_get_int64(&res, a)) { |
195 | CMPerr(0, ASN1_R_INVALID_NUMBER); |
196 | return -1; |
197 | } |
198 | if (res < INT_MIN) { |
199 | CMPerr(0, ASN1_R_TOO_SMALL); |
200 | return -1; |
201 | } |
202 | if (res > INT_MAX) { |
203 | CMPerr(0, ASN1_R_TOO_LARGE); |
204 | return -1; |
205 | } |
206 | return (int)res; |
207 | } |
208 | |
209 | ASN1_CHOICE(OSSL_CMP_CERTORENCCERT) = { |
210 | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
211 | ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.certificate, X509, 0), |
212 | ASN1_EXP(OSSL_CMP_CERTORENCCERT, value.encryptedCert, |
213 | OSSL_CRMF_ENCRYPTEDVALUE, 1), |
214 | } ASN1_CHOICE_END(OSSL_CMP_CERTORENCCERT) |
215 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTORENCCERT) |
216 | |
217 | |
218 | ASN1_SEQUENCE(OSSL_CMP_CERTIFIEDKEYPAIR) = { |
219 | ASN1_SIMPLE(OSSL_CMP_CERTIFIEDKEYPAIR, certOrEncCert, |
220 | OSSL_CMP_CERTORENCCERT), |
221 | ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, privateKey, |
222 | OSSL_CRMF_ENCRYPTEDVALUE, 0), |
223 | ASN1_EXP_OPT(OSSL_CMP_CERTIFIEDKEYPAIR, publicationInfo, |
224 | OSSL_CRMF_PKIPUBLICATIONINFO, 1) |
225 | } ASN1_SEQUENCE_END(OSSL_CMP_CERTIFIEDKEYPAIR) |
226 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTIFIEDKEYPAIR) |
227 | |
228 | |
229 | ASN1_SEQUENCE(OSSL_CMP_REVDETAILS) = { |
230 | ASN1_SIMPLE(OSSL_CMP_REVDETAILS, certDetails, OSSL_CRMF_CERTTEMPLATE), |
231 | ASN1_OPT(OSSL_CMP_REVDETAILS, crlEntryDetails, X509_EXTENSIONS) |
232 | } ASN1_SEQUENCE_END(OSSL_CMP_REVDETAILS) |
233 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVDETAILS) |
234 | |
235 | |
236 | ASN1_ITEM_TEMPLATE(OSSL_CMP_REVREQCONTENT) = |
237 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_REVREQCONTENT, |
238 | OSSL_CMP_REVDETAILS) |
239 | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_REVREQCONTENT) |
240 | |
241 | |
242 | ASN1_SEQUENCE(OSSL_CMP_REVREPCONTENT) = { |
243 | ASN1_SEQUENCE_OF(OSSL_CMP_REVREPCONTENT, status, OSSL_CMP_PKISI), |
244 | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, revCerts, OSSL_CRMF_CERTID, |
245 | 0), |
246 | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_REVREPCONTENT, crls, X509_CRL, 1) |
247 | } ASN1_SEQUENCE_END(OSSL_CMP_REVREPCONTENT) |
248 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_REVREPCONTENT) |
249 | |
250 | |
251 | ASN1_SEQUENCE(OSSL_CMP_KEYRECREPCONTENT) = { |
252 | ASN1_SIMPLE(OSSL_CMP_KEYRECREPCONTENT, status, OSSL_CMP_PKISI), |
253 | ASN1_EXP_OPT(OSSL_CMP_KEYRECREPCONTENT, newSigCert, X509, 0), |
254 | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, caCerts, X509, 1), |
255 | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_KEYRECREPCONTENT, keyPairHist, |
256 | OSSL_CMP_CERTIFIEDKEYPAIR, 2) |
257 | } ASN1_SEQUENCE_END(OSSL_CMP_KEYRECREPCONTENT) |
258 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_KEYRECREPCONTENT) |
259 | |
260 | |
261 | ASN1_ITEM_TEMPLATE(OSSL_CMP_PKISTATUS) = |
262 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_UNIVERSAL, 0, status, ASN1_INTEGER) |
263 | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_PKISTATUS) |
264 | |
265 | ASN1_SEQUENCE(OSSL_CMP_PKISI) = { |
266 | ASN1_SIMPLE(OSSL_CMP_PKISI, status, OSSL_CMP_PKISTATUS), |
267 | /* |
268 | * CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING |
269 | * so it is used directly |
270 | */ |
271 | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_PKISI, statusString, ASN1_UTF8STRING), |
272 | /* |
273 | * OSSL_CMP_PKIFAILUREINFO is effectively ASN1_BIT_STRING so used directly |
274 | */ |
275 | ASN1_OPT(OSSL_CMP_PKISI, failInfo, ASN1_BIT_STRING) |
276 | } ASN1_SEQUENCE_END(OSSL_CMP_PKISI) |
277 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKISI) |
278 | IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_PKISI) |
279 | |
280 | ASN1_SEQUENCE(OSSL_CMP_CERTSTATUS) = { |
281 | ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certHash, ASN1_OCTET_STRING), |
282 | ASN1_SIMPLE(OSSL_CMP_CERTSTATUS, certReqId, ASN1_INTEGER), |
283 | ASN1_OPT(OSSL_CMP_CERTSTATUS, statusInfo, OSSL_CMP_PKISI) |
284 | } ASN1_SEQUENCE_END(OSSL_CMP_CERTSTATUS) |
285 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTSTATUS) |
286 | |
287 | ASN1_ITEM_TEMPLATE(OSSL_CMP_CERTCONFIRMCONTENT) = |
288 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_CERTCONFIRMCONTENT, |
289 | OSSL_CMP_CERTSTATUS) |
290 | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CERTCONFIRMCONTENT) |
291 | |
292 | ASN1_SEQUENCE(OSSL_CMP_CERTRESPONSE) = { |
293 | ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, certReqId, ASN1_INTEGER), |
294 | ASN1_SIMPLE(OSSL_CMP_CERTRESPONSE, status, OSSL_CMP_PKISI), |
295 | ASN1_OPT(OSSL_CMP_CERTRESPONSE, certifiedKeyPair, |
296 | OSSL_CMP_CERTIFIEDKEYPAIR), |
297 | ASN1_OPT(OSSL_CMP_CERTRESPONSE, rspInfo, ASN1_OCTET_STRING) |
298 | } ASN1_SEQUENCE_END(OSSL_CMP_CERTRESPONSE) |
299 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTRESPONSE) |
300 | |
301 | ASN1_SEQUENCE(OSSL_CMP_POLLREQ) = { |
302 | ASN1_SIMPLE(OSSL_CMP_POLLREQ, certReqId, ASN1_INTEGER) |
303 | } ASN1_SEQUENCE_END(OSSL_CMP_POLLREQ) |
304 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREQ) |
305 | |
306 | ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREQCONTENT) = |
307 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_POLLREQCONTENT, |
308 | OSSL_CMP_POLLREQ) |
309 | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREQCONTENT) |
310 | |
311 | ASN1_SEQUENCE(OSSL_CMP_POLLREP) = { |
312 | ASN1_SIMPLE(OSSL_CMP_POLLREP, certReqId, ASN1_INTEGER), |
313 | ASN1_SIMPLE(OSSL_CMP_POLLREP, checkAfter, ASN1_INTEGER), |
314 | ASN1_SEQUENCE_OF_OPT(OSSL_CMP_POLLREP, reason, ASN1_UTF8STRING), |
315 | } ASN1_SEQUENCE_END(OSSL_CMP_POLLREP) |
316 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_POLLREP) |
317 | |
318 | ASN1_ITEM_TEMPLATE(OSSL_CMP_POLLREPCONTENT) = |
319 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, |
320 | OSSL_CMP_POLLREPCONTENT, |
321 | OSSL_CMP_POLLREP) |
322 | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_POLLREPCONTENT) |
323 | |
324 | ASN1_SEQUENCE(OSSL_CMP_CERTREPMESSAGE) = { |
325 | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
326 | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_CERTREPMESSAGE, caPubs, X509, 1), |
327 | ASN1_SEQUENCE_OF(OSSL_CMP_CERTREPMESSAGE, response, OSSL_CMP_CERTRESPONSE) |
328 | } ASN1_SEQUENCE_END(OSSL_CMP_CERTREPMESSAGE) |
329 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_CERTREPMESSAGE) |
330 | |
331 | ASN1_ITEM_TEMPLATE(OSSL_CMP_GENMSGCONTENT) = |
332 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENMSGCONTENT, |
333 | OSSL_CMP_ITAV) |
334 | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENMSGCONTENT) |
335 | |
336 | ASN1_ITEM_TEMPLATE(OSSL_CMP_GENREPCONTENT) = |
337 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_GENREPCONTENT, |
338 | OSSL_CMP_ITAV) |
339 | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_GENREPCONTENT) |
340 | |
341 | ASN1_ITEM_TEMPLATE(OSSL_CMP_CRLANNCONTENT) = |
342 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, |
343 | OSSL_CMP_CRLANNCONTENT, X509_CRL) |
344 | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_CRLANNCONTENT) |
345 | |
346 | ASN1_CHOICE(OSSL_CMP_PKIBODY) = { |
347 | ASN1_EXP(OSSL_CMP_PKIBODY, value.ir, OSSL_CRMF_MSGS, 0), |
348 | ASN1_EXP(OSSL_CMP_PKIBODY, value.ip, OSSL_CMP_CERTREPMESSAGE, 1), |
349 | ASN1_EXP(OSSL_CMP_PKIBODY, value.cr, OSSL_CRMF_MSGS, 2), |
350 | ASN1_EXP(OSSL_CMP_PKIBODY, value.cp, OSSL_CMP_CERTREPMESSAGE, 3), |
351 | ASN1_EXP(OSSL_CMP_PKIBODY, value.p10cr, X509_REQ, 4), |
352 | ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecc, OSSL_CMP_POPODECKEYCHALLCONTENT, 5), |
353 | ASN1_EXP(OSSL_CMP_PKIBODY, value.popdecr, OSSL_CMP_POPODECKEYRESPCONTENT, 6), |
354 | ASN1_EXP(OSSL_CMP_PKIBODY, value.kur, OSSL_CRMF_MSGS, 7), |
355 | ASN1_EXP(OSSL_CMP_PKIBODY, value.kup, OSSL_CMP_CERTREPMESSAGE, 8), |
356 | ASN1_EXP(OSSL_CMP_PKIBODY, value.krr, OSSL_CRMF_MSGS, 9), |
357 | ASN1_EXP(OSSL_CMP_PKIBODY, value.krp, OSSL_CMP_KEYRECREPCONTENT, 10), |
358 | ASN1_EXP(OSSL_CMP_PKIBODY, value.rr, OSSL_CMP_REVREQCONTENT, 11), |
359 | ASN1_EXP(OSSL_CMP_PKIBODY, value.rp, OSSL_CMP_REVREPCONTENT, 12), |
360 | ASN1_EXP(OSSL_CMP_PKIBODY, value.ccr, OSSL_CRMF_MSGS, 13), |
361 | ASN1_EXP(OSSL_CMP_PKIBODY, value.ccp, OSSL_CMP_CERTREPMESSAGE, 14), |
362 | ASN1_EXP(OSSL_CMP_PKIBODY, value.ckuann, OSSL_CMP_CAKEYUPDANNCONTENT, 15), |
363 | ASN1_EXP(OSSL_CMP_PKIBODY, value.cann, X509, 16), |
364 | ASN1_EXP(OSSL_CMP_PKIBODY, value.rann, OSSL_CMP_REVANNCONTENT, 17), |
365 | ASN1_EXP(OSSL_CMP_PKIBODY, value.crlann, OSSL_CMP_CRLANNCONTENT, 18), |
366 | ASN1_EXP(OSSL_CMP_PKIBODY, value.pkiconf, ASN1_ANY, 19), |
367 | ASN1_EXP(OSSL_CMP_PKIBODY, value.nested, OSSL_CMP_MSGS, 20), |
368 | ASN1_EXP(OSSL_CMP_PKIBODY, value.genm, OSSL_CMP_GENMSGCONTENT, 21), |
369 | ASN1_EXP(OSSL_CMP_PKIBODY, value.genp, OSSL_CMP_GENREPCONTENT, 22), |
370 | ASN1_EXP(OSSL_CMP_PKIBODY, value.error, OSSL_CMP_ERRORMSGCONTENT, 23), |
371 | ASN1_EXP(OSSL_CMP_PKIBODY, value.certConf, OSSL_CMP_CERTCONFIRMCONTENT, 24), |
372 | ASN1_EXP(OSSL_CMP_PKIBODY, value.pollReq, OSSL_CMP_POLLREQCONTENT, 25), |
373 | ASN1_EXP(OSSL_CMP_PKIBODY, value.pollRep, OSSL_CMP_POLLREPCONTENT, 26), |
374 | } ASN1_CHOICE_END(OSSL_CMP_PKIBODY) |
375 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIBODY) |
376 | |
377 | ASN1_SEQUENCE(OSSL_CMP_PKIHEADER) = { |
378 | ASN1_SIMPLE(OSSL_CMP_PKIHEADER, pvno, ASN1_INTEGER), |
379 | ASN1_SIMPLE(OSSL_CMP_PKIHEADER, sender, GENERAL_NAME), |
380 | ASN1_SIMPLE(OSSL_CMP_PKIHEADER, recipient, GENERAL_NAME), |
381 | ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, messageTime, ASN1_GENERALIZEDTIME, 0), |
382 | ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, protectionAlg, X509_ALGOR, 1), |
383 | ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderKID, ASN1_OCTET_STRING, 2), |
384 | ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipKID, ASN1_OCTET_STRING, 3), |
385 | ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, transactionID, ASN1_OCTET_STRING, 4), |
386 | ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, senderNonce, ASN1_OCTET_STRING, 5), |
387 | ASN1_EXP_OPT(OSSL_CMP_PKIHEADER, recipNonce, ASN1_OCTET_STRING, 6), |
388 | /* |
389 | * OSSL_CMP_PKIFREETEXT is effectively a sequence of ASN1_UTF8STRING |
390 | * so it is used directly |
391 | */ |
392 | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, freeText, ASN1_UTF8STRING, 7), |
393 | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_PKIHEADER, generalInfo, |
394 | OSSL_CMP_ITAV, 8) |
395 | } ASN1_SEQUENCE_END(OSSL_CMP_PKIHEADER) |
396 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_PKIHEADER) |
397 | |
398 | ASN1_SEQUENCE(CMP_PROTECTEDPART) = { |
399 | ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER), |
400 | ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY) |
401 | } ASN1_SEQUENCE_END(CMP_PROTECTEDPART) |
402 | IMPLEMENT_ASN1_FUNCTIONS(CMP_PROTECTEDPART) |
403 | |
404 | ASN1_SEQUENCE(OSSL_CMP_MSG) = { |
405 | ASN1_SIMPLE(OSSL_CMP_MSG, header, OSSL_CMP_PKIHEADER), |
406 | ASN1_SIMPLE(OSSL_CMP_MSG, body, OSSL_CMP_PKIBODY), |
407 | ASN1_EXP_OPT(OSSL_CMP_MSG, protection, ASN1_BIT_STRING, 0), |
408 | /* OSSL_CMP_CMPCERTIFICATE is effectively X509 so it is used directly */ |
409 | ASN1_EXP_SEQUENCE_OF_OPT(OSSL_CMP_MSG, extraCerts, X509, 1) |
410 | } ASN1_SEQUENCE_END(OSSL_CMP_MSG) |
411 | IMPLEMENT_ASN1_FUNCTIONS(OSSL_CMP_MSG) |
412 | IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CMP_MSG) |
413 | |
414 | ASN1_ITEM_TEMPLATE(OSSL_CMP_MSGS) = |
415 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_CMP_MSGS, |
416 | OSSL_CMP_MSG) |
417 | ASN1_ITEM_TEMPLATE_END(OSSL_CMP_MSGS) |
418 | |