diff options
author | Damian Hobson-Garcia <dhobsong@igel.co.jp> | 2021-05-13 11:53:59 +0900 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2024-04-24 14:05:32 +0100 |
commit | 7dcee34c8f921ad65277e9a75fca4a7337fbed6d (patch) | |
tree | 199b3280d344f059004f29c144bfc9364f3bc13b /include | |
parent | 0339382abad578ccb3989799ea2fb99dfb2d099b (diff) |
Add RFC 5755 attribute certificate support
Add support for attribute certificates (v2) as described
in RFC 5755 profile.
Attribute certificates provide a mechanism to manage authorization
information separately from the identity information provided by
public key certificates.
This initial patch adds the ASN.1 definitions
and I/O API. Accessor functions for the certificate fields
will be added in subsequent patches.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Diffstat (limited to 'include')
-rw-r--r-- | include/crypto/x509_acert.h | 66 | ||||
-rw-r--r-- | include/openssl/pem.h | 1 | ||||
-rw-r--r-- | include/openssl/x509_acert.h.in | 48 |
3 files changed, 115 insertions, 0 deletions
diff --git a/include/crypto/x509_acert.h b/include/crypto/x509_acert.h new file mode 100644 index 0000000000..3223bf6234 --- /dev/null +++ b/include/crypto/x509_acert.h @@ -0,0 +1,66 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_CRYPTO_X509_ACERT_H +# define OSSL_CRYPTO_X509_ACERT_H +# pragma once + +# include <openssl/x509_acert.h> + +struct ossl_object_digest_info_st { + ASN1_ENUMERATED digestedObjectType; + ASN1_OBJECT *otherObjectTypeID; + X509_ALGOR digestAlgorithm; + ASN1_BIT_STRING objectDigest; +}; + +struct ossl_issuer_serial_st { + STACK_OF(GENERAL_NAME) *issuer; + ASN1_INTEGER serial; + ASN1_BIT_STRING *issuerUID; +}; + +struct X509_acert_issuer_v2form_st { + STACK_OF(GENERAL_NAME) *issuerName; + OSSL_ISSUER_SERIAL *baseCertificateId; + OSSL_OBJECT_DIGEST_INFO *objectDigestInfo; +}; + +typedef struct X509_acert_issuer_st { + int type; + union { + STACK_OF(GENERAL_NAME) *v1Form; + X509_ACERT_ISSUER_V2FORM *v2Form; + } u; +} X509_ACERT_ISSUER; + +typedef struct X509_holder_st { + OSSL_ISSUER_SERIAL *baseCertificateID; + STACK_OF(GENERAL_NAME) *entityName; + OSSL_OBJECT_DIGEST_INFO *objectDigestInfo; +} X509_HOLDER; + +struct X509_acert_info_st { + ASN1_INTEGER version; /* default of v2 */ + X509_HOLDER holder; + X509_ACERT_ISSUER issuer; + X509_ALGOR signature; + ASN1_INTEGER serialNumber; + X509_VAL validityPeriod; + STACK_OF(X509_ATTRIBUTE) *attributes; + ASN1_BIT_STRING *issuerUID; + X509_EXTENSIONS *extensions; +}; + +struct X509_acert_st { + X509_ACERT_INFO *acinfo; + X509_ALGOR sig_alg; + ASN1_BIT_STRING signature; +}; +#endif diff --git a/include/openssl/pem.h b/include/openssl/pem.h index 0446c77019..6ea1a49a69 100644 --- a/include/openssl/pem.h +++ b/include/openssl/pem.h @@ -58,6 +58,7 @@ extern "C" { # define PEM_STRING_PARAMETERS "PARAMETERS" # define PEM_STRING_CMS "CMS" # define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS" +# define PEM_STRING_ACERT "ATTRIBUTE CERTIFICATE" # define PEM_TYPE_ENCRYPTED 10 # define PEM_TYPE_MIC_ONLY 20 diff --git a/include/openssl/x509_acert.h.in b/include/openssl/x509_acert.h.in new file mode 100644 index 0000000000..1d66af9545 --- /dev/null +++ b/include/openssl/x509_acert.h.in @@ -0,0 +1,48 @@ +/* + * {- join("\n * ", @autowarntext) -} + * + * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +{- +use OpenSSL::stackhash qw(generate_stack_macros); +-} + +#ifndef OPENSSL_X509_ACERT_H +# define OPENSSL_X509_ACERT_H +# pragma once + +# include <openssl/x509v3.h> +# include <openssl/x509.h> +# include <openssl/pem.h> + +typedef struct X509_acert_st X509_ACERT; +typedef struct X509_acert_info_st X509_ACERT_INFO; +typedef struct ossl_object_digest_info_st OSSL_OBJECT_DIGEST_INFO; +typedef struct ossl_issuer_serial_st OSSL_ISSUER_SERIAL; +typedef struct X509_acert_issuer_v2form_st X509_ACERT_ISSUER_V2FORM; + +DECLARE_ASN1_FUNCTIONS(X509_ACERT) +DECLARE_ASN1_DUP_FUNCTION(X509_ACERT) +DECLARE_ASN1_ITEM(X509_ACERT_INFO) +DECLARE_ASN1_ALLOC_FUNCTIONS(X509_ACERT_INFO) +DECLARE_ASN1_ALLOC_FUNCTIONS(OSSL_OBJECT_DIGEST_INFO) +DECLARE_ASN1_ALLOC_FUNCTIONS(OSSL_ISSUER_SERIAL) +DECLARE_ASN1_ALLOC_FUNCTIONS(X509_ACERT_ISSUER_V2FORM) + +# ifndef OPENSSL_NO_STDIO +X509_ACERT *d2i_X509_ACERT_fp(FILE *fp, X509_ACERT **acert); +int i2d_X509_ACERT_fp(FILE *fp, const X509_ACERT *acert); +# endif + +DECLARE_PEM_rw(X509_ACERT, X509_ACERT) + +X509_ACERT *d2i_X509_ACERT_bio(BIO *bp, X509_ACERT **acert); +int i2d_X509_ACERT_bio(BIO *bp, const X509_ACERT *acert); + +#endif |