cryptlib  3.4.1
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros
asn1_ext.h
Go to the documentation of this file.
1 /****************************************************************************
2 * *
3 * ASN.1 Supplementary Constants and Structures *
4 * Copyright Peter Gutmann 1992-2009 *
5 * *
6 ****************************************************************************/
7 
8 #ifndef _ASN1OID_DEFINED
9 
10 #define _ASN1OID_DEFINED
11 
12 /* The cryptlib (strictly speaking DDS) OID arc is as follows:
13 
14  1 3 6 1 4 1 3029 = dds
15  1 = algorithm
16  1 = symmetric encryption
17  1 = blowfishECB
18  2 = blowfishCBC
19  3 = blowfishCFB
20  4 = blowfishOFB
21  2 = public-key encryption
22  1 = elgamal
23  3 = hash
24  4 = MAC
25  2 = mechanism
26  3 = attribute
27  1 = PKIX fixes
28  1 = cryptlibPresenceCheck
29  2 = pkiBoot
30  (3 unused)
31  4 = cRLExtReason
32  5 = keyFeatures
33  4 = content-type
34  1 = cryptlib
35  1 = cryptlibConfigData
36  2 = cryptlibUserIndex
37  3 = cryptlibUserInfo
38  4 = cryptlibRtcsRequest
39  5 = cryptlibRtcsResponse
40  6 = cryptlibRtcsResponseExt
41  x58 x59 x5A x5A x59 = XYZZY cert policy */
42 
43 /* Attribute OIDs */
44 
45 #define OID_CRYPTLIB_PRESENCECHECK MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x03\x01\x01" )
46 #define OID_ESS_CERTID MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0C" )
47 #define OID_TSP_TSTOKEN MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x02\x0E" )
48 #define OID_PKCS9_FRIENDLYNAME MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x14" )
49 #define OID_PKCS9_LOCALKEYID MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x15" )
50 #define OID_PKCS9_X509CERTIFICATE MKOID( "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x09\x16\x01" )
51 
52 /* The PKCS #9 OID for cert extensions in a certification request, from the
53  CMMF draft. Naturally MS had to define their own incompatible OID for
54  this, so we check for this as well */
55 
56 #define OID_PKCS9_EXTREQ MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x09\x0E" )
57 #define OID_MS_EXTREQ MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x0E" )
58 
59 /* Content-type OIDs */
60 
61 #define OID_CMS_DATA MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x01" )
62 #define OID_CMS_SIGNEDDATA MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x02" )
63 #define OID_CMS_ENVELOPEDDATA MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x03" )
64 #define OID_CMS_DIGESTEDDATA MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x05" )
65 #define OID_CMS_ENCRYPTEDDATA MKOID( "\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x07\x06" )
66 #define OID_CMS_AUTHDATA MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x02" )
67 #define OID_CMS_TSTOKEN MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x04" )
68 #define OID_CMS_COMPRESSEDDATA MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x09" )
69 #define OID_CMS_AUTHENVDATA MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x01\x17" )
70 #define OID_CRYPTLIB_CONTENTTYPE MKOID( "\x06\x09\x2B\x06\x01\x04\x01\x97\x55\x04\x01" )
71 #define OID_CRYPTLIB_CONFIGDATA MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x04\x01\x01" )
72 #define OID_CRYPTLIB_USERINDEX MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x04\x01\x02" )
73 #define OID_CRYPTLIB_USERINFO MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x04\x01\x03" )
74 #define OID_CRYPTLIB_RTCSREQ MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x04\x01\x04" )
75 #define OID_CRYPTLIB_RTCSRESP MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x04\x01\x05" )
76 #define OID_CRYPTLIB_RTCSRESP_EXT MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x04\x01\x06" )
77 #define OID_MS_SPCINDIRECTDATACONTEXT MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x82\x37\x02\x01\x04" )
78 #define OID_NS_CERTSEQ MKOID( "\x06\x09\x60\x86\x48\x01\x86\xF8\x42\x02\x05" )
79 #define OID_OCSP_RESPONSE_OCSP MKOID( "\x06\x09\x2B\x06\x01\x05\x05\x07\x30\x01\x01" )
80 #define OID_PKIBOOT MKOID( "\x06\x0A\x2B\x06\x01\x04\x01\x97\x55\x03\x01\x02" )
81 #define OID_PKCS12_SHROUDEDKEYBAG MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x02" )
82 #define OID_PKCS12_CERTBAG MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x0A\x01\x03" )
83 #define OID_PKCS15_CONTENTTYPE MKOID( "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x0F\x03\x01" )
84 
85 /* Misc OIDs */
86 
87 #define OID_ANYPOLICY MKOID( "\x06\x04\x55\x1D\x20\x00" )
88 #define OID_CRYPTLIB_XYZZYCERT MKOID( "\x06\x0C\x2B\x06\x01\x04\x01\x97\x55\x58\x59\x5A\x5A\x59" )
89 #define OID_PKCS12_PBEWITHSHAAND3KEYTRIPLEDESCBC MKOID( "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x03" )
90 #define OID_PKCS12_PBEWITHSHAAND2KEYTRIPLEDESCBC MKOID( "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x04" )
91 #define OID_PKCS12_PBEWITHSHAAND40BITRC2CBC MKOID( "\x06\x0A\x2A\x86\x48\x86\xF7\x0D\x01\x0C\x01\x06" )
92 #define OID_RPKI_POLICY MKOID( "\x06\x08\x2B\x06\x01\x05\x05\x07\x0E\x02" )
93 #define OID_ZLIB MKOID( "\x06\x0B\x2A\x86\x48\x86\xF7\x0D\x01\x09\x10\x03\x08" )
94 
95 /* Additional information required when reading a CMS header. This is
96  pointed to by the extraInfo member of the ASN.1 OID_INFO structure and
97  contains CMS version number information */
98 
99 typedef struct {
100  const int minVersion; /* Minimum version number for content type */
101  const int maxVersion; /* Maximum version number for content type */
102  } CMS_CONTENT_INFO;
103 
104 /* AlgorithmIdentifier routines. The reason for the apparently redundant
105  CHECK_RETVAL specifiers on some of the write functions is because they
106  won't necessarily set the stream error state if they encounter an error
107  obtaining algorithm parameters or during some other non-stream-related
108  operation.
109 
110  The difference between read/writeAlgoID() and read/writeAlgoIDparam() is
111  that the latter take an additional length parameter for when the
112  AlgorithmIdentifier contains additional parameters beyond the OID */
113 
114 typedef enum {
115  ALGOID_CLASS_NONE, /* No AlgoID class */
116  ALGOID_CLASS_CRYPT, /* Encryption algorithms */
117  ALGOID_CLASS_HASH, /* Hash/MAC algorithm */
118  ALGOID_CLASS_AUTHENC, /* Authenticated-encryption algorithm */
119  ALGOID_CLASS_PKC, /* Generic PKC algorithm */
120  ALGOID_CLASS_PKCSIG, /* PKC signature algorithm (+ hash algorithm) */
121  ALGOID_CLASS_LAST /* Last possible AlgoID class */
122  } ALGOID_CLASS_TYPE;
123 
124 CHECK_RETVAL_BOOL \
125 BOOLEAN checkAlgoID( IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo,
126  IN_MODE const CRYPT_MODE_TYPE cryptMode );
127 CHECK_RETVAL_LENGTH \
128 int sizeofAlgoID( IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo );
129 CHECK_RETVAL_LENGTH \
130 int sizeofAlgoIDex( IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo,
131  IN_RANGE( 0, 999 ) const int parameter,
132  IN_LENGTH_SHORT_Z const int extraLength );
133 RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
134 int writeAlgoID( INOUT STREAM *stream,
135  IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo );
136 RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
137 int writeAlgoIDparam( INOUT STREAM *stream,
138  IN_ALGO const CRYPT_ALGO_TYPE cryptAlgo,
139  IN_LENGTH_SHORT_Z const int paramLength );
140 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2) ) \
141 int readAlgoID( INOUT STREAM *stream,
142  OUT_ALGO_Z CRYPT_ALGO_TYPE *cryptAlgo,
143  IN_ENUM( ALGOID_CLASS ) const ALGOID_CLASS_TYPE type );
144 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 4 ) ) \
145 int readAlgoIDex( INOUT STREAM *stream,
146  OUT_ALGO_Z CRYPT_ALGO_TYPE *cryptAlgo,
147  OUT_ALGO_Z CRYPT_ALGO_TYPE *altCryptAlgo,
148  OUT_INT_Z int *parameter,
149  IN_ENUM( ALGOID_CLASS ) const ALGOID_CLASS_TYPE type );
150 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
151 int readAlgoIDparam( INOUT STREAM *stream,
152  OUT_ALGO_Z CRYPT_ALGO_TYPE *cryptAlgo,
153  OUT_LENGTH_SHORT_Z int *paramLength,
154  IN_ENUM( ALGOID_CLASS ) const ALGOID_CLASS_TYPE type );
155 
156 /* Alternative versions that read/write various algorithm ID types (algo and
157  mode only or full details depending on the option parameter) from contexts */
158 
159 CHECK_RETVAL_LENGTH \
160 int sizeofContextAlgoID( IN_HANDLE const CRYPT_CONTEXT iCryptContext,
161  IN_RANGE( 0, 999 ) const int parameter );
162 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
163 int readContextAlgoID( INOUT STREAM *stream,
164  OUT_OPT_HANDLE_OPT CRYPT_CONTEXT *iCryptContext,
165  OUT_OPT QUERY_INFO *queryInfo,
166  IN_TAG const int tag,
167  IN_ENUM( ALGOID_CLASS ) const ALGOID_CLASS_TYPE type );
168 RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
169 int writeContextAlgoID( INOUT STREAM *stream,
170  IN_HANDLE const CRYPT_CONTEXT iCryptContext,
171  IN_ALGO_OPT const int associatedAlgo );
172 CHECK_RETVAL_LENGTH \
173 int sizeofCryptContextAlgoID( IN_HANDLE const CRYPT_CONTEXT iCryptContext );
174 RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
175 int writeCryptContextAlgoID( INOUT STREAM *stream,
176  IN_HANDLE const CRYPT_CONTEXT iCryptContext );
177 
178 /* Another alternative that reads/writes a non-crypto algorithm identifier,
179  used for things like content types. This just wraps the given OID up
180  in the AlgorithmIdentifier and writes it */
181 
182 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
183 int readGenericAlgoID( INOUT STREAM *stream,
184  IN_BUFFER( oidLength ) \
185  const BYTE *oid,
186  IN_LENGTH_OID const int oidLength );
187 RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
188 int writeGenericAlgoID( INOUT STREAM *stream,
189  IN_BUFFER( oidLength ) \
190  const BYTE *oid,
191  IN_LENGTH_OID const int oidLength );
192 
193 /* Read/write a message digest */
194 
195 CHECK_RETVAL_LENGTH \
196 int sizeofMessageDigest( IN_ALGO const CRYPT_ALGO_TYPE hashAlgo,
197  IN_LENGTH_HASH const int hashSize );
198 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3, 5 ) ) \
199 int readMessageDigest( INOUT STREAM *stream,
200  OUT_ALGO_Z CRYPT_ALGO_TYPE *hashAlgo,
201  OUT_BUFFER( hashMaxLen, *hashSize ) void *hash,
202  IN_LENGTH_HASH const int hashMaxLen,
203  OUT_LENGTH_SHORT_Z int *hashSize );
204 RETVAL STDC_NONNULL_ARG( ( 1, 3 ) ) \
205 int writeMessageDigest( INOUT STREAM *stream,
206  IN_ALGO const CRYPT_ALGO_TYPE hashAlgo,
207  IN_BUFFER( hashSize ) \
208  const void *hash, IN_LENGTH_HASH const int hashSize );
209 
210 /* Read/write CMS headers. The readCMSheader() flags are:
211 
212  READCMS_FLAG_AUTHENC: The content uses authenticated encryption, which
213  has a different set of permitted content-encryption algorithms
214  than standard encryption.
215 
216  READCMS_FLAG_DEFINITELENGTH: Try and obtain a definite length from
217  somewhere in the CMS header rather than returning CRYPT_UNUSED
218  for the length, return an error if there's no definite length
219  available. Note that this changes processing in the calling
220  code because it can no longer use the length to determine
221  whether it should perform EOC checks if there's an indefinite
222  length somwwhere in the header.
223 
224  READCMS_FLAG_DEFINITELENGTH_OPT: As READCMS_FLAG_DEFINITELENGTH but
225  return a length of CRYPT_UNUSED if there's no definite length
226  information available.
227 
228  READCMS_FLAG_INNERHEADER: This is an inner header, the content wrapper
229  can be an OCTET STRING as well as the more usual SEQUENCE.
230 
231  READCMS_FLAG_WRAPPERONLY: Only read the outer SEQUENCE, OID, [0] wrapper
232  without reading the final layer of inner encapsulation, used
233  when one CMS content type is redundantly nested directly inside
234  another (Microsoft did this for PKCS #12) */
235 
236 #define READCMS_FLAG_NONE 0x00 /* No CMS read flag */
237 #define READCMS_FLAG_INNERHEADER 0x01 /* Inner CMS header */
238 #define READCMS_FLAG_AUTHENC 0x02 /* Content uses auth.enc */
239 #define READCMS_FLAG_WRAPPERONLY 0x04 /* Only read wrapper */
240 #define READCMS_FLAG_DEFINITELENGTH 0x08 /* Try and get definte len */
241 #define READCMS_FLAG_DEFINITELENGTH_OPT 0x10/* Opt.try and get def.len */
242 #define READCMS_FLAG_MAX 0x1F /* Maximum possible flag value */
243 
244 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
245 int readCMSheader( INOUT STREAM *stream,
246  IN_ARRAY( noOidInfoEntries ) \
247  const OID_INFO *oidInfo,
248  IN_RANGE( 1, 50 ) const int noOidInfoEntries,
249  OUT_OPT_LENGTH_INDEF long *dataSize,
250  IN_FLAGS_Z( READCMS ) const int flags );
251 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
252 int writeCMSheader( INOUT STREAM *stream,
253  IN_BUFFER( contentOIDlength ) \
254  const BYTE *contentOID,
255  IN_LENGTH_OID const int contentOIDlength,
256  IN_LENGTH_INDEF const long dataSize,
257  const BOOLEAN isInnerHeader );
258 CHECK_RETVAL_LENGTH STDC_NONNULL_ARG( ( 1 ) ) \
259 int sizeofCMSencrHeader( IN_BUFFER( contentOIDlength ) \
260  const BYTE *contentOID,
261  IN_LENGTH_OID const int contentOIDlength,
262  IN_LENGTH_INDEF const long dataSize,
263  IN_HANDLE const CRYPT_CONTEXT iCryptContext );
264 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
265 int readCMSencrHeader( INOUT STREAM *stream,
266  IN_ARRAY( noOidInfoEntries ) \
267  const OID_INFO *oidInfo,
268  IN_RANGE( 1, 50 ) const int noOidInfoEntries,
269  OUT_OPT_HANDLE_OPT CRYPT_CONTEXT *iCryptContext,
270  OUT_OPT QUERY_INFO *queryInfo,
271  IN_FLAGS_Z( READCMS ) const int flags );
272 RETVAL STDC_NONNULL_ARG( ( 1, 2 ) ) \
273 int writeCMSencrHeader( INOUT STREAM *stream,
274  IN_BUFFER( contentOIDlength ) \
275  const BYTE *contentOID,
276  IN_LENGTH_OID const int contentOIDlength,
277  IN_LENGTH_INDEF const long dataSize,
278  IN_HANDLE const CRYPT_CONTEXT iCryptContext );
279 
280 #endif /* _ASN1OID_DEFINED */
Generated on Thu Jan 10 2013 10:00:47 for cryptlib by   doxygen 1.8.2