VirtualBox

source: vbox/trunk/include/iprt/crypto/taf.h@ 103224

Last change on this file since 103224 was 98103, checked in by vboxsync, 22 months ago

Copyright year updates by scm.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 7.5 KB
Line 
1/** @file
2 * IPRT - Crypto - Trust Anchor Format (RFC-5914).
3 */
4
5/*
6 * Copyright (C) 2006-2023 Oracle and/or its affiliates.
7 *
8 * This file is part of VirtualBox base platform packages, as
9 * available from https://www.virtualbox.org.
10 *
11 * This program is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU General Public License
13 * as published by the Free Software Foundation, in version 3 of the
14 * License.
15 *
16 * This program is distributed in the hope that it will be useful, but
17 * WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 * General Public License for more details.
20 *
21 * You should have received a copy of the GNU General Public License
22 * along with this program; if not, see <https://www.gnu.org/licenses>.
23 *
24 * The contents of this file may alternatively be used under the terms
25 * of the Common Development and Distribution License Version 1.0
26 * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
27 * in the VirtualBox distribution, in which case the provisions of the
28 * CDDL are applicable instead of those of the GPL.
29 *
30 * You may elect to license modified versions of this file under the
31 * terms and conditions of either the GPL or the CDDL or both.
32 *
33 * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
34 */
35
36#ifndef IPRT_INCLUDED_crypto_taf_h
37#define IPRT_INCLUDED_crypto_taf_h
38#ifndef RT_WITHOUT_PRAGMA_ONCE
39# pragma once
40#endif
41
42#include <iprt/asn1.h>
43#include <iprt/crypto/x509.h>
44
45
46RT_C_DECLS_BEGIN
47
48/** @defgroup grp_rt_crtaf RTCrTaf - Trust Anchor Format (RFC-5914)
49 * @ingroup grp_rt_crypto
50 * @{
51 */
52
53
54/**
55 * RFC-5914 CertPathControls (IPRT representation).
56 */
57typedef struct RTCRTAFCERTPATHCONTROLS
58{
59 /** Sequence core. */
60 RTASN1SEQUENCECORE SeqCore;
61 /** The trust anchor subject. For use in path construction. */
62 RTCRX509NAME TaName;
63 /** Certificate, optional, implicit tag 0. */
64 RTCRX509CERTIFICATE Certificate;
65 /** Certificate policies, optional, implicit tag 1.
66 * @remarks This is an ASN.1 SEQUENCE, not an ASN.1 SET as the name
67 * mistakenly might be taken to indicate. */
68 RTCRX509CERTIFICATEPOLICIES PolicySet;
69 /** Policy flags, optional, implicit tag 2. */
70 RTASN1BITSTRING PolicyFlags;
71 /** Name constraints, optional, implicit tag 3. */
72 RTCRX509NAMECONSTRAINTS NameConstr;
73 /** Path length constraints, optional, implicit tag 4. */
74 RTASN1INTEGER PathLenConstraint;
75} RTCRTAFCERTPATHCONTROLS;
76/** Pointer to the IPRT representation of a RFC-5914 CertPathControls. */
77typedef RTCRTAFCERTPATHCONTROLS *PRTCRTAFCERTPATHCONTROLS;
78/** Pointer to the const IPRT representation of a RFC-5914 CertPathControls. */
79typedef RTCRTAFCERTPATHCONTROLS const *PCRTCRTAFCERTPATHCONTROLS;
80RTASN1TYPE_STANDARD_PROTOTYPES(RTCRTAFCERTPATHCONTROLS, RTDECL, RTCrTafCertPathControls, SeqCore.Asn1Core);
81
82/** @name Bit definitions for RTCRTAFCERTPATHCONTROL::PolicyFlags
83 * @{ */
84#define RTCRTAFCERTPOLICYFLAGS_INHIBIT_POLICY_MAPPING 0
85#define RTCRTAFCERTPOLICYFLAGS_REQUIRE_EXPLICIT_POLICY 1
86#define RTCRTAFCERTPOLICYFLAGS_INHIBIT_ANY_POLICY 2
87/** @} */
88
89
90/**
91 * RFC-5914 TrustAnchorInfo (IPRT representation).
92 */
93typedef struct RTCRTAFTRUSTANCHORINFO
94{
95 /** Sequence core. */
96 RTASN1SEQUENCECORE SeqCore;
97 /** The version number (defaults to v1). */
98 RTASN1INTEGER Version;
99 /** The public key of the trust anchor. */
100 RTCRX509SUBJECTPUBLICKEYINFO PubKey;
101 /** Key identifier. */
102 RTASN1OCTETSTRING KeyIdentifier;
103 /** Trust anchor title, optional, size 1 to 64. */
104 RTASN1STRING TaTitle;
105 /** Certificate path controls, optional. */
106 RTCRTAFCERTPATHCONTROLS CertPath;
107 /** Extensions, explicit optional, context tag 1. */
108 struct
109 {
110 /** Context tag 1. */
111 RTASN1CONTEXTTAG1 CtxTag1;
112 /** The extensions. */
113 RTCRX509EXTENSIONS Exts;
114 } T1;
115 /** Title language tag, implicit optional, context tag 2.
116 * Defaults to "en". */
117 RTASN1STRING TaTitleLangTag;
118} RTCRTAFTRUSTANCHORINFO;
119/** Pointer to the IPRT representation of a RFC-5914 TrustAnchorInfo. */
120typedef RTCRTAFTRUSTANCHORINFO *PRTCRTAFTRUSTANCHORINFO;
121/** Pointer to the const IPRT representation of a RFC-5914 TrustAnchorInfo. */
122typedef RTCRTAFTRUSTANCHORINFO const *PCRTCRTAFTRUSTANCHORINFO;
123RTASN1TYPE_STANDARD_PROTOTYPES(RTCRTAFTRUSTANCHORINFO, RTDECL, RTCrTafTrustAnchorInfo, SeqCore.Asn1Core);
124
125/** TrustAnchorInfo version 1. */
126#define RTCRTAFTRUSTANCHORINFO_V1 1
127
128
129/** Indicates what kind of value a TrustAnchorChoice structure contains. */
130typedef enum RTCRTAFTRUSTANCHORCHOICEVAL
131{
132 /** Invalid zero value. */
133 RTCRTAFTRUSTANCHORCHOICEVAL_INVALID = 0,
134 /** RTCRTAFTRUSTANCHORCHOICE::u.pCertificate. */
135 RTCRTAFTRUSTANCHORCHOICEVAL_CERTIFICATE,
136 /** RTCRTAFTRUSTANCHORCHOICE::u.pT1. */
137 RTCRTAFTRUSTANCHORCHOICEVAL_TBS_CERTIFICATE,
138 /** RTCRTAFTRUSTANCHORCHOICE::u.pT2. */
139 RTCRTAFTRUSTANCHORCHOICEVAL_TRUST_ANCHOR_INFO,
140 /** End of valid choices. */
141 RTCRTAFTRUSTANCHORCHOICEVAL_END,
142 /** Make sure it's (at least) 32-bit wide. */
143 RTCRTAFTRUSTANCHORCHOICEVAL_32BIT_HACK = 0x7fffffff
144} RTCRTAFTRUSTANCHORCHOICEVAL;
145
146
147/**
148 * RFC-5914 TrustAnchorChoice (IPRT representation).
149 */
150typedef struct RTCRTAFTRUSTANCHORCHOICE
151{
152 /** Dummy object for simplifying everything. */
153 RTASN1DUMMY Dummy;
154 /** Allocation for the valid member (to optimize space usage). */
155 RTASN1ALLOCATION Allocation;
156 /** Indicates which of the pointers are valid. */
157 RTCRTAFTRUSTANCHORCHOICEVAL enmChoice;
158 /** Choice union. */
159 union
160 {
161 /** Generic ASN.1 core pointer for the choice. */
162 PRTASN1CORE pAsn1Core;
163 /** Choice 0: X509 certificate. */
164 PRTCRX509CERTIFICATE pCertificate;
165 /** Choice 1: To-be-signed certificate part. This may differ from the
166 * TBSCertificate member of the original certificate. */
167 struct
168 {
169 /** Explicit context tag. */
170 RTASN1CONTEXTTAG1 CtxTag1;
171 /** Pointer to the TBS certificate structure. */
172 RTCRX509TBSCERTIFICATE TbsCert;
173 } *pT1;
174
175 /** Choice 2: To-be-signed certificate part. This may differ from the
176 * TBSCertificate member of the original certificate. */
177 struct
178 {
179 /** Explicit context tag. */
180 RTASN1CONTEXTTAG2 CtxTag2;
181 /** Pointer to the trust anchor infomration structure. */
182 RTCRTAFTRUSTANCHORINFO TaInfo;
183 } *pT2;
184 } u;
185} RTCRTAFTRUSTANCHORCHOICE;
186/** Pointer to the IPRT representation of a RFC-5914 TrustAnchorChoice. */
187typedef RTCRTAFTRUSTANCHORCHOICE *PRTCRTAFTRUSTANCHORCHOICE;
188/** Pointer to the const IPRT representation of a RFC-5914 TrustAnchorChoice. */
189typedef RTCRTAFTRUSTANCHORCHOICE const *PCRTCRTAFTRUSTANCHORCHOICE;
190RTASN1TYPE_STANDARD_PROTOTYPES(RTCRTAFTRUSTANCHORCHOICE, RTDECL, RTCrTafTrustAnchorChoice, Dummy.Asn1Core);
191
192/*
193 * RFC-5914 TrustAnchorList (IPRT representation).
194 */
195RTASN1_IMPL_GEN_SEQ_OF_TYPEDEFS_AND_PROTOS(RTCRTAFTRUSTANCHORLIST, RTCRTAFTRUSTANCHORCHOICE, RTDECL, RTCrTafTrustAnchorList);
196
197/** @} */
198
199RT_C_DECLS_END
200
201#endif /* !IPRT_INCLUDED_crypto_taf_h */
202
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette