OpenPACE
cv_cert.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2010-2012 Dominik Oepen and Frank Morgner
3  *
4  * This file is part of OpenPACE.
5  *
6  * OpenPACE is free software: you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License as published by the Free
8  * Software Foundation, either version 3 of the License, or (at your option)
9  * any later version.
10  *
11  * OpenPACE is distributed in the hope that it will be useful, but WITHOUT ANY
12  * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
13  * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
14  * details.
15  *
16  * You should have received a copy of the GNU General Public License along with
17  * OpenPACE. If not, see <http://www.gnu.org/licenses/>.
18  */
19 
28 #ifndef CVC_CERT_H_
29 #define CVC_CERT_H_
30 
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34 
35 #include <eac/objects.h>
36 #include <openssl/asn1.h>
37 #include <openssl/asn1t.h>
38 #include <openssl/bio.h>
39 
40 struct eac_ctx;
41 
42 #ifndef ASN1_APP_IMP
43 
44 #define ASN1_APP_IMP(stname, field, type, tag) ASN1_EX_TYPE(ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION, tag, stname, field, type)
45 #endif
46 #ifndef ASN1_APP_IMP_OPT
47 
48 #define ASN1_APP_IMP_OPT(stname, field, type, tag) ASN1_EX_TYPE(ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION|ASN1_TFLG_OPTIONAL, tag, stname, field, type)
49 #endif
50 #ifndef ASN1_APP_EXP_OPT
51 
52 #define ASN1_APP_EXP_OPT(stname, field, type, tag) ASN1_EX_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION|ASN1_TFLG_OPTIONAL, tag, stname, field, type)
53 #endif
54 #ifndef ASN1_APP_IMP_SEQUENCE_OF_OPT
55 #define ASN1_APP_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
56  ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION|ASN1_TFLG_OPTIONAL, tag, stname, field, type)
57 #endif
58 
66  CVC_DocVer, /* XXX Ugly */
69 };
70 
71 /* Number of bits and bytes of the relative authorization field in the CHAT.
72  * See TR-03110 pp. 85 */
73 #define EAC_AT_CHAT_BYTES 5
74 #define EAC_AT_CHAT_BITS 38
75 #define EAC_IS_CHAT_BYTES 1
76 #define EAC_IS_CHAT_BITS 6
77 #define EAC_ST_CHAT_BYTES 1
78 #define EAC_ST_CHAT_BITS 6
79 
83 typedef struct cvc_chat_seq_st {
86  ASN1_OBJECT *terminal_type;
88  ASN1_OCTET_STRING *relative_authorization;
89 } CVC_CHAT_SEQ;
92 DECLARE_ASN1_FUNCTIONS(CVC_CHAT)
93 
94 
102 typedef struct cvc_pubkey_st {
104  ASN1_OBJECT *oid;
106  ASN1_OCTET_STRING *cont1;
108  ASN1_OCTET_STRING *cont2;
110  ASN1_OCTET_STRING *cont3;
112  ASN1_OCTET_STRING *cont4;
114  ASN1_OCTET_STRING *cont5;
116  ASN1_OCTET_STRING *cont6;
118  ASN1_OCTET_STRING *cont7;
121 DECLARE_ASN1_FUNCTIONS(CVC_PUBKEY)
122 DECLARE_ASN1_ITEM(CVC_PUBKEY)
123 
124 
132  ASN1_OBJECT *type;
134  ASN1_OCTET_STRING *discretionary_data1;
136  ASN1_OCTET_STRING *discretionary_data2;
138  ASN1_OCTET_STRING *discretionary_data3;
142 DECLARE_ASN1_FUNCTIONS(CVC_DISCRETIONARY_DATA_TEMPLATE)
143 DECLARE_ASN1_ITEM(CVC_DISCRETIONARY_DATA_TEMPLATE)
144 
145 
146 
150 typedef struct cvc_cert_body_seq_st {
162  CVC_PUBKEY *public_key;
168  CVC_CHAT *chat;
172  ASN1_OCTET_STRING *certificate_effective_date;
176  ASN1_OCTET_STRING *certificate_expiration_date;
180  STACK_OF(CVC_DISCRETIONARY_DATA_TEMPLATE) *certificate_extensions;
184 DECLARE_ASN1_FUNCTIONS(CVC_CERT_BODY)
185 DECLARE_ASN1_ITEM(CVC_CERT_BODY)
186 
187 
191 typedef struct cvc_cert_seq_st {
193  CVC_CERT_BODY *body;
195  ASN1_OCTET_STRING *signature;
196 } CVC_CERT_SEQ;
199 
200 typedef struct cvc_commcert_seq_st {
203  STACK_OF(ASN1_OCTET_STRING) *values;
217  ASN1_OBJECT *descriptionType;
219  ASN1_UTF8STRING *issuerName;
222  ASN1_PRINTABLESTRING *issuerURL;
224  ASN1_UTF8STRING *subjectName;
227  ASN1_PRINTABLESTRING *subjectURL;
230  union {
231 #ifdef HAVE_PATCHED_OPENSSL
232 
233  ASN1_UTF8STRING *plainTerms;
235  ASN1_IA5STRING *htmlTerms;
237  ASN1_OCTET_STRING *pdfTerms;
238 #else
239 
240  ASN1_OCTET_STRING *unused;
241 #endif
242 
243  ASN1_TYPE *other;
244  } termsOfUsage;
245 
247  ASN1_PRINTABLESTRING *redirectURL;
252 DECLARE_ASN1_FUNCTIONS(CVC_CERTIFICATE_DESCRIPTION)
253 
254 
255 
271  CVC_PUBKEY *public_key;
279  STACK_OF(CVC_DISCRETIONARY_DATA_TEMPLATE) *certificate_extensions;
283 DECLARE_ASN1_FUNCTIONS(CVC_CERT_REQUEST_BODY)
284 
285 
289 typedef struct cvc_cert_request_seq_st {
291  CVC_CERT_REQUEST_BODY *body;
293  ASN1_OCTET_STRING *inner_signature;
297 DECLARE_ASN1_FUNCTIONS(CVC_CERT_REQUEST)
298 
299 
305  CVC_CERT_REQUEST *request;
311  ASN1_OCTET_STRING *outer_signature;
315 DECLARE_ASN1_FUNCTIONS(CVC_CERT_AUTHENTICATION_REQUEST)
316 
317 
330 CVC_CERT *CVC_d2i_CVC_CERT(CVC_CERT **cert, const unsigned char **in, long len);
331 
341 int i2d_CVC_CERT(CVC_CERT *a, unsigned char **out);
342 
350 #define CVC_CERT_dup(x) ASN1_dup_of(CVC_CERT, i2d_CVC_CERT, CVC_d2i_CVC_CERT, x)
351 
359 #define CVC_PUBKEY_dup(x) ASN1_dup_of(CVC_PUBKEY, i2d_CVC_PUBKEY, d2i_CVC_PUBKEY, x)
360 
368 #define CVC_CHAT_dup(x) ASN1_dup_of(CVC_CHAT, i2d_CVC_CHAT, d2i_CVC_CHAT, x)
369 
375 CVC_CERT *CVC_CERT_new(void);
381 void CVC_CERT_free(CVC_CERT *a);
382 
394 CVC_CERT *d2i_CVC_CERT_bio(BIO *bp, CVC_CERT **cvc);
395 
407 EVP_PKEY *
408 CVC_pubkey2pkey(const CVC_CERT *cert, BN_CTX *bn_ctx, EVP_PKEY *out);
409 
410 CVC_PUBKEY *
411 CVC_pkey2pubkey(int all_parameters, int protocol, EVP_PKEY *key,
412  BN_CTX *bn_ctx, CVC_PUBKEY *out);
413 
414 
415 
431 int certificate_description_print(BIO *bio,
432  const CVC_CERTIFICATE_DESCRIPTION *desc, int indent);
433 
443 int
444 cvc_chat_print(BIO *bio, const CVC_CHAT *chat, int indent);
445 
456 int
457 cvc_chat_print_authorizations(BIO *bio, const CVC_CHAT *chat, int indent);
458 
468 int
469 CVC_print(BIO *bio, const CVC_CERT *cv, int indent);
470 
480 int certificate_request_print(BIO *bio,
481  const CVC_CERT_REQUEST *request, int indent);
482 
493  const CVC_CERT_AUTHENTICATION_REQUEST *authentication, int indent);
494 
504 const CVC_CHAT *
505 cvc_get_chat(const CVC_CERT *cvc);
506 
519 CVC_get_role(const CVC_CHAT *chat);
520 
528 short
529 CVC_get_profile_identifier(const CVC_CERT *cert);
539 char *
540 CVC_get_car(const CVC_CERT *cert);
550 char *
551 CVC_get_chr(const CVC_CERT *cert);
562 char *
563 CVC_get_effective_date(const CVC_CERT *cert);
574 char *
575 CVC_get_expiration_date(const CVC_CERT *cert);
576 
588 int
589 CVC_verify_signature(const CVC_CERT *cert, int protocol, EVP_PKEY *key);
590 
599 int
600 CVC_verify_request_signature(const CVC_CERT_REQUEST *request);
601 
611 int
613  const CVC_CERT_AUTHENTICATION_REQUEST *authentication);
614 
626 int
627 CVC_check_description(const CVC_CERT *cv, const unsigned char *cert_desc_in,
628  const unsigned int cert_desc_in_len);
629 
639 BUF_MEM *CVC_hash_description(const CVC_CERT *cv,
640  const unsigned char *cert_desc, size_t cert_desc_len);
641 
642 #ifdef __cplusplus
643 }
644 #endif
645 #endif /* CVC_CERT_H_ */
EVP_PKEY * CVC_pubkey2pkey(const CVC_CERT *cert, BN_CTX *bn_ctx, EVP_PKEY *out)
Extract the public key from a CV certificate. Since EC domain parameters are only included in CVCA ce...
ASN1_OCTET_STRING * cont5
Public value (DH)/order of the base point (EC)
Definition: cv_cert.h:114
int i2d_CVC_CERT(CVC_CERT *a, unsigned char **out)
Convert a CV certificate description to its ASN1 representation.
Country Verifying Certificate Authority.
Definition: cv_cert.h:68
int CVC_print(BIO *bio, const CVC_CERT *cv, int indent)
Print CV certificate in human readable form.
CVC_CERT_REQUEST_SEQ CVC_CERT_REQUEST
Short name for CVC_CERT_REQUEST_SEQ.
Definition: cv_cert.h:296
The body of the CV certificate (without signature)
Definition: cv_cert.h:150
CVC_CERT_SEQ CVC_CERT
Short name for CVC_CERT_SEQ.
Definition: cv_cert.h:198
ASN1_OCTET_STRING * discretionary_data3
holds descretionary data
Definition: cv_cert.h:138
ASN1_INTEGER * certificate_profile_identifier
Certificate Profile of this certificate (must be 0).
Definition: cv_cert.h:154
ASN1_UTF8STRING * certificate_holder_reference
Reference to the holder of this certificate (in Latin1)
Definition: cv_cert.h:166
ASN1_OCTET_STRING * cont6
Public point (EC)
Definition: cv_cert.h:116
ASN1_OCTET_STRING * discretionary_data2
holds descretionary data
Definition: cv_cert.h:136
ASN1_OBJECT * type
OID which specifies the type of the extension.
Definition: cv_cert.h:132
ASN1_OCTET_STRING * unused
just a placeholder
Definition: cv_cert.h:240
CVC_CERT_REQUEST * request
certificate request
Definition: cv_cert.h:305
struct cvc_discretionary_data_template_seq_st CVC_DISCRETIONARY_DATA_TEMPLATE_SEQ
Discretionary data template, used to encode certificate extensions.
ASN1_UTF8STRING * certificate_holder_reference
Reference to the holder of this certificate request (in Latin1)
Definition: cv_cert.h:275
char * CVC_get_car(const CVC_CERT *cert)
Return the CAR of a CV certificate as a string.
ASN1_OCTET_STRING * outer_signature
Signature calculated over the hash of the certificate request.
Definition: cv_cert.h:311
int cvc_chat_print(BIO *bio, const CVC_CHAT *chat, int indent)
Print CHAT in human readable form.
ASN1_OCTET_STRING * certificate_expiration_date
Date until which the certicate is valid (YYMMDD, BCD encoded)
Definition: cv_cert.h:176
CVC_CERT * CVC_CERT_new(void)
Allocate memory for a CV certificate.
The actual certifcate request, consisting of the body and inner signature.
Definition: cv_cert.h:289
ASN1_OCTET_STRING * relative_authorization
Access rights of the terminal to which this certificate belongs.
Definition: cv_cert.h:88
This structure holds further information about a card verifiable certificate in human readable form...
Definition: cv_cert.h:215
char * CVC_get_expiration_date(const CVC_CERT *cert)
Convert the expiration date of a certificate to a string.
CVC_CERT_AUTHENTICATION_REQUEST_SEQ CVC_CERT_AUTHENTICATION_REQUEST
Short name for CVC_CERT_AUTHENTICATION_REQUEST_SEQ.
Definition: cv_cert.h:314
int CVC_verify_authentication_request_signatures(struct eac_ctx *ctx, const CVC_CERT_AUTHENTICATION_REQUEST *authentication)
Verify the inner and outer signature of a CV certificate request.
struct cvc_cert_request_body_seq_st CVC_CERT_REQUEST_BODY_SEQ
The body of the CV certificate request (without signature)
ASN1_PRINTABLESTRING * issuerURL
Optional URL that points to informations about the issuer of this certificate.
Definition: cv_cert.h:222
int CVC_verify_request_signature(const CVC_CERT_REQUEST *request)
Verify the inner signature of a CV certificate request.
Certificate Holder Authentication Template.
Definition: cv_cert.h:83
ASN1_PRINTABLESTRING * redirectURL
Not used.
Definition: cv_cert.h:247
ASN1_OCTET_STRING * cont3
Order of the subgroup (DH)/second coefficient (EC)
Definition: cv_cert.h:110
struct cvc_certificate_description_st CVC_CERTIFICATE_DESCRIPTION
This structure holds further information about a card verifiable certificate in human readable form...
CVC_CERT_BODY * body
Body of the certificate.
Definition: cv_cert.h:193
ASN1_INTEGER * certificate_profile_identifier
Certificate Profile of this certificate request (must be 0).
Definition: cv_cert.h:263
enum cvc_terminal_role CVC_get_role(const CVC_CHAT *chat)
Extract the terminal-type (terminal, DV, CVCA) from the CHAT.
ASN1_OCTET_STRING * cont2
Public exponent (RSA)/order of the Subgroup (DH)/first coefficient (EC)
Definition: cv_cert.h:108
CVC_CERT * CVC_d2i_CVC_CERT(CVC_CERT **cert, const unsigned char **in, long len)
Convert ASN1 formatted CV certificate to the internal structure.
CVC_CERT * d2i_CVC_CERT_bio(BIO *bp, CVC_CERT **cvc)
Load a CV certificate from a BIO object.
ASN1_OCTET_STRING * signature
Signature calculated over the hash of the certificate body.
Definition: cv_cert.h:195
ASN1_OCTET_STRING * cont4
Generator (DH)/base point (EC)
Definition: cv_cert.h:112
CVC_DISCRETIONARY_DATA_TEMPLATE_SEQ CVC_DISCRETIONARY_DATA_TEMPLATE
Short name for CVC_CERT_BODY_SEQ.
Definition: cv_cert.h:141
struct cvc_pubkey_st CVC_PUBKEY_BODY
Public key data object which may contain domain parameters.
ASN1_UTF8STRING * certificate_authority_reference
Reference to certificate authority that issued this certificate (in Latin1)
Definition: cv_cert.h:158
CVC_CHAT * chat
Certificate Holder Authorisation Template.
Definition: cv_cert.h:168
ASN1_OBJECT * oid
Object Identifier which specifies the exact protocol to be used during TA.
Definition: cv_cert.h:104
CVC_CERT_BODY_SEQ CVC_CERT_BODY
Short name for CVC_CERT_BODY_SEQ.
Definition: cv_cert.h:183
struct cvc_chat_seq_st CVC_CHAT_SEQ
Certificate Holder Authentication Template.
ASN1_OCTET_STRING * cont7
Cofactor (EC)
Definition: cv_cert.h:118
void CVC_CERT_free(CVC_CERT *a)
Free a CV certificate.
struct cvc_cert_request_seq_st CVC_CERT_REQUEST_SEQ
The actual certifcate request, consisting of the body and inner signature.
struct cvc_cert_seq_st CVC_CERT_SEQ
The actual certifcate, consisting of the body and a signature.
ASN1_OBJECT * terminal_type
Role of terminal to which this certificate belongs (Inspection System, Authentication Terminal or Sig...
Definition: cv_cert.h:86
ASN1_OCTET_STRING * inner_signature
Signature calculated over the hash of the certificate request body.
Definition: cv_cert.h:293
Discretionary data template, used to encode certificate extensions.
Definition: cv_cert.h:130
int certificate_request_print(BIO *bio, const CVC_CERT_REQUEST *request, int indent)
Print CV certificate request in human readable form.
CVC_CERT_REQUEST_BODY_SEQ CVC_CERT_REQUEST_BODY
Short name for CVC_CERT_REQUEST_BODY_SEQ.
Definition: cv_cert.h:282
int certificate_authentication_request_print(BIO *bio, const CVC_CERT_AUTHENTICATION_REQUEST *authentication, int indent)
Print CV certificate authentication request in human readable form.
Document Verifier (official domestic)
Definition: cv_cert.h:64
The actual certifcate, consisting of the body and a signature.
Definition: cv_cert.h:191
ASN1_OBJECT * descriptionType
Format of the description (Plain Text, PDF or HTML)
Definition: cv_cert.h:217
Context for the Extended Access Control protocol.
Definition: eac.h:324
int CVC_verify_signature(const CVC_CERT *cert, int protocol, EVP_PKEY *key)
Verify the signature of a CV certificate using the public key of the certificate issuer.
ASN1_UTF8STRING * issuerName
Human readable name of the issuer of this certificate.
Definition: cv_cert.h:219
CVC_CHAT_SEQ CVC_CHAT
Short name for CVC_CHAT_SEQ.
Definition: cv_cert.h:91
int certificate_description_print(BIO *bio, const CVC_CERTIFICATE_DESCRIPTION *desc, int indent)
Print CV certificate description in human readable form.
cvc_terminal_role
Effective role of the certificate holder.
Definition: cv_cert.h:60
CVC_CERT_REQUEST_BODY * body
Body of the certificate request.
Definition: cv_cert.h:291
ASN1_TYPE * other
Otherwise formatted Terms of Usage (not specified)
Definition: cv_cert.h:243
ASN1_PRINTABLESTRING * subjectURL
Optional URL that points to informations about the holder of this certificate.
Definition: cv_cert.h:227
ASN1_OCTET_STRING * certificate_effective_date
Date the certificate was issued (YYMMDD, BCD encoded)
Definition: cv_cert.h:172
short CVC_get_profile_identifier(const CVC_CERT *cert)
Return the profile identifier of a CV certificate as an integer.
int CVC_check_description(const CVC_CERT *cv, const unsigned char *cert_desc_in, const unsigned int cert_desc_in_len)
Check whether or not the certificate contains the correct hash of the CV certificate description...
ASN1_UTF8STRING * certificate_authority_reference
Reference to certificate authority that issued this certificate request (in Latin1) ...
Definition: cv_cert.h:267
Definitions of object identifiers.
struct cvc_cert_body_seq_st CVC_CERT_BODY_SEQ
The body of the CV certificate (without signature)
CVC_PUBKEY * public_key
Public key associated with this certificate.
Definition: cv_cert.h:162
int cvc_chat_print_authorizations(BIO *bio, const CVC_CHAT *chat, int indent)
Print the relative authorization contained in a CHAT in human readable form.
ASN1_OCTET_STRING * discretionary_data1
holds descretionary data
Definition: cv_cert.h:134
const CVC_CHAT * cvc_get_chat(const CVC_CERT *cvc)
Get the CHAT contained in a CV certifcate.
The authentication request, consisting of the certificate request, certificate authority reference an...
Definition: cv_cert.h:303
char * CVC_get_effective_date(const CVC_CERT *cert)
Convert the effective date and expiration date, of a certificate to a string.
char * CVC_get_chr(const CVC_CERT *cert)
Return the CAR of a CV certificate as a string.
CVC_PUBKEY * public_key
Public key associated with this certificate request.
Definition: cv_cert.h:271
Public key data object which may contain domain parameters.
Definition: cv_cert.h:102
CVC_COMMCERT_SEQ * commCertificates
Contains hash values of admissible X.509 certificates of the remote terminal (optional) ...
Definition: cv_cert.h:250
ASN1_UTF8STRING * subjectName
Human readable name of the holder of this certificate.
Definition: cv_cert.h:224
Terminal (inspection system/authentication terminal/signature terminal)
Definition: cv_cert.h:62
Document Verifier (non-official/foreign)
Definition: cv_cert.h:66
The body of the CV certificate request (without signature)
Definition: cv_cert.h:259
struct cvc_cert_authentication_request_seq_st CVC_CERT_AUTHENTICATION_REQUEST_SEQ
The authentication request, consisting of the certificate request, certificate authority reference an...
ASN1_UTF8STRING * certificate_authority_reference
Reference to certificate authority that issued this authentication request (in Latin1) ...
Definition: cv_cert.h:309
BUF_MEM * CVC_hash_description(const CVC_CERT *cv, const unsigned char *cert_desc, size_t cert_desc_len)
Create a hash over a certificate&#39;s description.
ASN1_OCTET_STRING * cont1
Composite modulus (RSA)/prime modulus (DH, EC)
Definition: cv_cert.h:106