xref: /openssl/crypto/crmf/crmf_asn.c (revision 7ed6de99) 
1 /*-
2  * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
3  * Copyright Nokia 2007-2019
4  * Copyright Siemens AG 2015-2019
5  *
6  * Licensed under the Apache License 2.0 (the "License").  You may not use
7  * this file except in compliance with the License.  You can obtain a copy
8  * in the file LICENSE in the source distribution or at
9  * https://www.openssl.org/source/license.html
10  *
11  * CRMF implementation by Martin Peylo, Miikka Viljanen, and David von Oheimb.
12  */
13 
14 #include <openssl/asn1t.h>
15 
16 #include "crmf_local.h"
17 
18 /* explicit #includes not strictly needed since implied by the above: */
19 #include <openssl/crmf.h>
20 
21 ASN1_SEQUENCE(OSSL_CRMF_PRIVATEKEYINFO) = {
22     ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO, version, ASN1_INTEGER),
23     ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO, privateKeyAlgorithm, X509_ALGOR),
24     ASN1_SIMPLE(OSSL_CRMF_PRIVATEKEYINFO, privateKey, ASN1_OCTET_STRING),
25     ASN1_IMP_SET_OF_OPT(OSSL_CRMF_PRIVATEKEYINFO, attributes, X509_ATTRIBUTE, 0)
26 } ASN1_SEQUENCE_END(OSSL_CRMF_PRIVATEKEYINFO)
27 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PRIVATEKEYINFO)
28 
29 ASN1_CHOICE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER) = {
30     ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER,
31                 value.string, ASN1_UTF8STRING),
32     ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER,
33                 value.generalName, GENERAL_NAME)
34 } ASN1_CHOICE_END(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER)
35 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID_IDENTIFIER)
36 
37 ASN1_SEQUENCE(OSSL_CRMF_ENCKEYWITHID) = {
38     ASN1_SIMPLE(OSSL_CRMF_ENCKEYWITHID, privateKey, OSSL_CRMF_PRIVATEKEYINFO),
39     ASN1_OPT(OSSL_CRMF_ENCKEYWITHID, identifier,
40              OSSL_CRMF_ENCKEYWITHID_IDENTIFIER)
41 } ASN1_SEQUENCE_END(OSSL_CRMF_ENCKEYWITHID)
42 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCKEYWITHID)
43 
44 ASN1_SEQUENCE(OSSL_CRMF_CERTID) = {
45     ASN1_SIMPLE(OSSL_CRMF_CERTID, issuer, GENERAL_NAME),
46     ASN1_SIMPLE(OSSL_CRMF_CERTID, serialNumber, ASN1_INTEGER)
47 } ASN1_SEQUENCE_END(OSSL_CRMF_CERTID)
48 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTID)
49 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTID)
50 
51 ASN1_SEQUENCE(OSSL_CRMF_ENCRYPTEDVALUE) = {
52     ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, intendedAlg, X509_ALGOR, 0),
53     ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, symmAlg, X509_ALGOR, 1),
54     ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, encSymmKey, ASN1_BIT_STRING, 2),
55     ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, keyAlg, X509_ALGOR, 3),
56     ASN1_IMP_OPT(OSSL_CRMF_ENCRYPTEDVALUE, valueHint, ASN1_OCTET_STRING, 4),
57     ASN1_SIMPLE(OSSL_CRMF_ENCRYPTEDVALUE, encValue, ASN1_BIT_STRING)
58 } ASN1_SEQUENCE_END(OSSL_CRMF_ENCRYPTEDVALUE)
59 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ENCRYPTEDVALUE)
60 
61 ASN1_SEQUENCE(OSSL_CRMF_SINGLEPUBINFO) = {
62     ASN1_SIMPLE(OSSL_CRMF_SINGLEPUBINFO, pubMethod, ASN1_INTEGER),
63     ASN1_SIMPLE(OSSL_CRMF_SINGLEPUBINFO, pubLocation, GENERAL_NAME)
64 } ASN1_SEQUENCE_END(OSSL_CRMF_SINGLEPUBINFO)
65 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_SINGLEPUBINFO)
66 
67 ASN1_SEQUENCE(OSSL_CRMF_PKIPUBLICATIONINFO) = {
68     ASN1_SIMPLE(OSSL_CRMF_PKIPUBLICATIONINFO, action, ASN1_INTEGER),
69     ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_PKIPUBLICATIONINFO, pubInfos,
70                          OSSL_CRMF_SINGLEPUBINFO)
71 } ASN1_SEQUENCE_END(OSSL_CRMF_PKIPUBLICATIONINFO)
72 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKIPUBLICATIONINFO)
73 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_PKIPUBLICATIONINFO)
74 
75 ASN1_SEQUENCE(OSSL_CRMF_PKMACVALUE) = {
76     ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, algId, X509_ALGOR),
77     ASN1_SIMPLE(OSSL_CRMF_PKMACVALUE, value, ASN1_BIT_STRING)
78 } ASN1_SEQUENCE_END(OSSL_CRMF_PKMACVALUE)
79 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PKMACVALUE)
80 
81 ASN1_CHOICE(OSSL_CRMF_POPOPRIVKEY) = {
82     ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.thisMessage, ASN1_BIT_STRING, 0),
83     ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.subsequentMessage, ASN1_INTEGER, 1),
84     ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.dhMAC, ASN1_BIT_STRING, 2),
85     ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.agreeMAC, OSSL_CRMF_PKMACVALUE, 3),
86     ASN1_IMP(OSSL_CRMF_POPOPRIVKEY, value.encryptedKey, ASN1_NULL, 4),
87     /* When supported, ASN1_NULL needs to be replaced by CMS_ENVELOPEDDATA */
88 } ASN1_CHOICE_END(OSSL_CRMF_POPOPRIVKEY)
89 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOPRIVKEY)
90 
91 ASN1_SEQUENCE(OSSL_CRMF_PBMPARAMETER) = {
92     ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, salt, ASN1_OCTET_STRING),
93     ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, owf, X509_ALGOR),
94     ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, iterationCount, ASN1_INTEGER),
95     ASN1_SIMPLE(OSSL_CRMF_PBMPARAMETER, mac, X509_ALGOR)
96 } ASN1_SEQUENCE_END(OSSL_CRMF_PBMPARAMETER)
97 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_PBMPARAMETER)
98 
99 ASN1_CHOICE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO) = {
100     ASN1_EXP(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO, value.sender,
101              GENERAL_NAME, 0),
102     ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO, value.publicKeyMAC,
103                 OSSL_CRMF_PKMACVALUE)
104 } ASN1_CHOICE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO)
105 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO)
106 
107 ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEYINPUT) = {
108     ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT, authInfo,
109                 OSSL_CRMF_POPOSIGNINGKEYINPUT_AUTHINFO),
110     ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEYINPUT, publicKey, X509_PUBKEY)
111 } ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEYINPUT)
112 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEYINPUT)
113 
114 ASN1_SEQUENCE(OSSL_CRMF_POPOSIGNINGKEY) = {
115     ASN1_IMP_OPT(OSSL_CRMF_POPOSIGNINGKEY, poposkInput,
116                  OSSL_CRMF_POPOSIGNINGKEYINPUT, 0),
117     ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEY, algorithmIdentifier, X509_ALGOR),
118     ASN1_SIMPLE(OSSL_CRMF_POPOSIGNINGKEY, signature, ASN1_BIT_STRING)
119 } ASN1_SEQUENCE_END(OSSL_CRMF_POPOSIGNINGKEY)
120 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPOSIGNINGKEY)
121 
122 ASN1_CHOICE(OSSL_CRMF_POPO) = {
123     ASN1_IMP(OSSL_CRMF_POPO, value.raVerified, ASN1_NULL, 0),
124     ASN1_IMP(OSSL_CRMF_POPO, value.signature, OSSL_CRMF_POPOSIGNINGKEY, 1),
125     ASN1_EXP(OSSL_CRMF_POPO, value.keyEncipherment, OSSL_CRMF_POPOPRIVKEY, 2),
126     ASN1_EXP(OSSL_CRMF_POPO, value.keyAgreement, OSSL_CRMF_POPOPRIVKEY, 3)
127 } ASN1_CHOICE_END(OSSL_CRMF_POPO)
128 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_POPO)
129 
130 ASN1_ADB_TEMPLATE(attributetypeandvalue_default) =
131     ASN1_OPT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, value.other, ASN1_ANY);
132 ASN1_ADB(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = {
133     ADB_ENTRY(NID_id_regCtrl_regToken,
134               ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE,
135                           value.regToken, ASN1_UTF8STRING)),
136     ADB_ENTRY(NID_id_regCtrl_authenticator,
137               ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE,
138                           value.authenticator, ASN1_UTF8STRING)),
139     ADB_ENTRY(NID_id_regCtrl_pkiPublicationInfo,
140               ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE,
141                           value.pkiPublicationInfo,
142                           OSSL_CRMF_PKIPUBLICATIONINFO)),
143     ADB_ENTRY(NID_id_regCtrl_oldCertID,
144               ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE,
145                           value.oldCertID, OSSL_CRMF_CERTID)),
146     ADB_ENTRY(NID_id_regCtrl_protocolEncrKey,
147               ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE,
148                           value.protocolEncrKey, X509_PUBKEY)),
149     ADB_ENTRY(NID_id_regCtrl_algId,
150               ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE,
151                           value.algId, X509_ALGOR)),
152     ADB_ENTRY(NID_id_regCtrl_rsaKeyLen,
153               ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE,
154                           value.rsaKeyLen, ASN1_INTEGER)),
155     ADB_ENTRY(NID_id_regInfo_utf8Pairs,
156               ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE,
157                           value.utf8Pairs, ASN1_UTF8STRING)),
158     ADB_ENTRY(NID_id_regInfo_certReq,
159               ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE,
160                           value.certReq, OSSL_CRMF_CERTREQUEST)),
161 } ASN1_ADB_END(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, 0, type, 0,
162                &attributetypeandvalue_default_tt, NULL);
163 
164 ASN1_SEQUENCE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE) = {
165     ASN1_SIMPLE(OSSL_CRMF_ATTRIBUTETYPEANDVALUE, type, ASN1_OBJECT),
166     ASN1_ADB_OBJECT(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
167 } ASN1_SEQUENCE_END(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
168 
169 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
170 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
171 
172 ASN1_SEQUENCE(OSSL_CRMF_OPTIONALVALIDITY) = {
173     ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notBefore, ASN1_TIME, 0),
174     ASN1_EXP_OPT(OSSL_CRMF_OPTIONALVALIDITY, notAfter,  ASN1_TIME, 1)
175 } ASN1_SEQUENCE_END(OSSL_CRMF_OPTIONALVALIDITY)
176 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_OPTIONALVALIDITY)
177 
178 ASN1_SEQUENCE(OSSL_CRMF_CERTTEMPLATE) = {
179     ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, version, ASN1_INTEGER, 0),
180     /*
181      * serialNumber MUST be omitted. This field is assigned by the CA
182      * during certificate creation.
183      */
184     ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, serialNumber, ASN1_INTEGER, 1),
185     /*
186      * signingAlg MUST be omitted. This field is assigned by the CA
187      * during certificate creation.
188      */
189     ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, signingAlg, X509_ALGOR, 2),
190     ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, issuer, X509_NAME, 3),
191     ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, validity,
192                  OSSL_CRMF_OPTIONALVALIDITY, 4),
193     ASN1_EXP_OPT(OSSL_CRMF_CERTTEMPLATE, subject, X509_NAME, 5),
194     ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, publicKey, X509_PUBKEY, 6),
195     /* issuerUID is deprecated in version 2 */
196     ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, issuerUID, ASN1_BIT_STRING, 7),
197     /* subjectUID is deprecated in version 2 */
198     ASN1_IMP_OPT(OSSL_CRMF_CERTTEMPLATE, subjectUID, ASN1_BIT_STRING, 8),
199     ASN1_IMP_SEQUENCE_OF_OPT(OSSL_CRMF_CERTTEMPLATE, extensions,
200                              X509_EXTENSION, 9),
201 } ASN1_SEQUENCE_END(OSSL_CRMF_CERTTEMPLATE)
202 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTTEMPLATE)
203 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTTEMPLATE)
204 
205 ASN1_SEQUENCE(OSSL_CRMF_CERTREQUEST) = {
206     ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certReqId, ASN1_INTEGER),
207     ASN1_SIMPLE(OSSL_CRMF_CERTREQUEST, certTemplate, OSSL_CRMF_CERTTEMPLATE),
208     ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_CERTREQUEST, controls,
209                          OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
210 } ASN1_SEQUENCE_END(OSSL_CRMF_CERTREQUEST)
211 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_CERTREQUEST)
212 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_CERTREQUEST)
213 
214 ASN1_SEQUENCE(OSSL_CRMF_MSG) = {
215     ASN1_SIMPLE(OSSL_CRMF_MSG, certReq, OSSL_CRMF_CERTREQUEST),
216     ASN1_OPT(OSSL_CRMF_MSG, popo, OSSL_CRMF_POPO),
217     ASN1_SEQUENCE_OF_OPT(OSSL_CRMF_MSG, regInfo,
218                          OSSL_CRMF_ATTRIBUTETYPEANDVALUE)
219 } ASN1_SEQUENCE_END(OSSL_CRMF_MSG)
220 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_MSG)
221 IMPLEMENT_ASN1_DUP_FUNCTION(OSSL_CRMF_MSG)
222 
223 ASN1_ITEM_TEMPLATE(OSSL_CRMF_MSGS) =
224     ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0,
225                           OSSL_CRMF_MSGS, OSSL_CRMF_MSG)
226 ASN1_ITEM_TEMPLATE_END(OSSL_CRMF_MSGS)
227 IMPLEMENT_ASN1_FUNCTIONS(OSSL_CRMF_MSGS)
228