1 /* $OpenBSD: ts.h,v 1.10 2018/05/13 15:35:46 tb Exp $ */ 2 /* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL 3 * project 2002, 2003, 2004. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 module libressl_d.openssl.ts; 59 60 61 private static import core.stdc.config; 62 private static import libressl_d.compat.stdio; 63 private static import libressl_d.compat.time; 64 private static import libressl_d.openssl.ossl_typ; 65 private static import libressl_d.openssl.pkcs7; 66 public import libressl_d.openssl.asn1; 67 public import libressl_d.openssl.bio; 68 public import libressl_d.openssl.opensslconf; 69 public import libressl_d.openssl.safestack; 70 public import libressl_d.openssl.stack; 71 public import libressl_d.openssl.x509; 72 public import libressl_d.openssl.x509v3; 73 74 version (OPENSSL_NO_BUFFER) { 75 } else { 76 public import libressl_d.openssl.buffer; 77 } 78 79 version (OPENSSL_NO_EVP) { 80 } else { 81 public import libressl_d.openssl.evp; 82 } 83 84 version (OPENSSL_NO_BIO) { 85 } else { 86 public import libressl_d.openssl.bio; 87 } 88 89 version (OPENSSL_NO_RSA) { 90 } else { 91 public import libressl_d.openssl.rsa; 92 } 93 94 version (OPENSSL_NO_DSA) { 95 } else { 96 public import libressl_d.openssl.dsa; 97 } 98 99 version (OPENSSL_NO_DH) { 100 } else { 101 public import libressl_d.openssl.dh; 102 } 103 104 extern (C): 105 nothrow @nogc: 106 107 /* 108 * MessageImprint ::= SEQUENCE { 109 * hashAlgorithm AlgorithmIdentifier, 110 * hashedMessage OCTET STRING } 111 */ 112 113 struct TS_msg_imprint_st 114 { 115 libressl_d.openssl.ossl_typ.X509_ALGOR* hash_algo; 116 libressl_d.openssl.ossl_typ.ASN1_OCTET_STRING* hashed_msg; 117 } 118 119 alias TS_MSG_IMPRINT = .TS_msg_imprint_st; 120 121 /* 122 * TimeStampReq ::= SEQUENCE { 123 * version INTEGER { v1(1) }, 124 * messageImprint MessageImprint, 125 * --a hash algorithm OID and the hash value of the data to be 126 * --time-stamped 127 * reqPolicy TSAPolicyId OPTIONAL, 128 * nonce INTEGER OPTIONAL, 129 * certReq BOOLEAN DEFAULT FALSE, 130 * extensions [0] IMPLICIT Extensions OPTIONAL } 131 */ 132 133 struct TS_req_st 134 { 135 libressl_d.openssl.ossl_typ.ASN1_INTEGER* version_; 136 .TS_MSG_IMPRINT* msg_imprint; 137 138 /** 139 * OPTIONAL 140 */ 141 libressl_d.openssl.asn1.ASN1_OBJECT* policy_id; 142 143 ///Ditto 144 libressl_d.openssl.ossl_typ.ASN1_INTEGER* nonce; 145 146 /** 147 * DEFAULT FALSE 148 */ 149 libressl_d.openssl.ossl_typ.ASN1_BOOLEAN cert_req; 150 151 /** 152 * [0] OPTIONAL 153 */ 154 libressl_d.openssl.x509.stack_st_X509_EXTENSION* extensions; 155 } 156 157 alias TS_REQ = .TS_req_st; 158 159 /* 160 * Accuracy ::= SEQUENCE { 161 * seconds INTEGER OPTIONAL, 162 * millis [0] INTEGER (1..999) OPTIONAL, 163 * micros [1] INTEGER (1..999) OPTIONAL } 164 */ 165 166 struct TS_accuracy_st 167 { 168 libressl_d.openssl.ossl_typ.ASN1_INTEGER* seconds; 169 libressl_d.openssl.ossl_typ.ASN1_INTEGER* millis; 170 libressl_d.openssl.ossl_typ.ASN1_INTEGER* micros; 171 } 172 173 alias TS_ACCURACY = .TS_accuracy_st; 174 175 /* 176 * TSTInfo ::= SEQUENCE { 177 * version INTEGER { v1(1) }, 178 * policy TSAPolicyId, 179 * messageImprint MessageImprint, 180 * -- MUST have the same value as the similar field in 181 * -- TimeStampReq 182 * serialNumber INTEGER, 183 * -- Time-Stamping users MUST be ready to accommodate integers 184 * -- up to 160 bits. 185 * genTime GeneralizedTime, 186 * accuracy Accuracy OPTIONAL, 187 * ordering BOOLEAN DEFAULT FALSE, 188 * nonce INTEGER OPTIONAL, 189 * -- MUST be present if the similar field was present 190 * -- in TimeStampReq. In that case it MUST have the same value. 191 * tsa [0] GeneralName OPTIONAL, 192 * extensions [1] IMPLICIT Extensions OPTIONAL } 193 */ 194 195 struct TS_tst_info_st 196 { 197 libressl_d.openssl.ossl_typ.ASN1_INTEGER* version_; 198 libressl_d.openssl.asn1.ASN1_OBJECT* policy_id; 199 .TS_MSG_IMPRINT* msg_imprint; 200 libressl_d.openssl.ossl_typ.ASN1_INTEGER* serial; 201 libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME* time; 202 .TS_ACCURACY* accuracy; 203 libressl_d.openssl.ossl_typ.ASN1_BOOLEAN ordering; 204 libressl_d.openssl.ossl_typ.ASN1_INTEGER* nonce; 205 libressl_d.openssl.x509v3.GENERAL_NAME* tsa; 206 libressl_d.openssl.x509.stack_st_X509_EXTENSION* extensions; 207 } 208 209 alias TS_TST_INFO = .TS_tst_info_st; 210 211 /* 212 * PKIStatusInfo ::= SEQUENCE { 213 * status PKIStatus, 214 * statusString PKIFreeText OPTIONAL, 215 * failInfo PKIFailureInfo OPTIONAL } 216 * 217 * From RFC 1510 - section 3.1.1: 218 * PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String 219 * -- text encoded as UTF-8 String (note: each UTF8String SHOULD 220 * -- include an RFC 1766 language tag to indicate the language 221 * -- of the contained text) 222 */ 223 224 /* Possible values for status. See ts_resp_print.c && ts_resp_verify.c. */ 225 226 enum TS_STATUS_GRANTED = 0; 227 enum TS_STATUS_GRANTED_WITH_MODS = 1; 228 enum TS_STATUS_REJECTION = 2; 229 enum TS_STATUS_WAITING = 3; 230 enum TS_STATUS_REVOCATION_WARNING = 4; 231 enum TS_STATUS_REVOCATION_NOTIFICATION = 5; 232 233 /* Possible values for failure_info. See ts_resp_print.c && ts_resp_verify.c */ 234 235 enum TS_INFO_BAD_ALG = 0; 236 enum TS_INFO_BAD_REQUEST = 2; 237 enum TS_INFO_BAD_DATA_FORMAT = 5; 238 enum TS_INFO_TIME_NOT_AVAILABLE = 14; 239 enum TS_INFO_UNACCEPTED_POLICY = 15; 240 enum TS_INFO_UNACCEPTED_EXTENSION = 16; 241 enum TS_INFO_ADD_INFO_NOT_AVAILABLE = 17; 242 enum TS_INFO_SYSTEM_FAILURE = 25; 243 244 struct TS_status_info_st 245 { 246 libressl_d.openssl.ossl_typ.ASN1_INTEGER* status; 247 .stack_st_ASN1_UTF8STRING* text; 248 libressl_d.openssl.ossl_typ.ASN1_BIT_STRING* failure_info; 249 } 250 251 alias TS_STATUS_INFO = .TS_status_info_st; 252 253 //DECLARE_STACK_OF(ASN1_UTF8STRING) 254 struct stack_st_ASN1_UTF8STRING 255 { 256 libressl_d.openssl.stack._STACK stack; 257 } 258 259 /* 260 * TimeStampResp ::= SEQUENCE { 261 * status PKIStatusInfo, 262 * timeStampToken TimeStampToken OPTIONAL } 263 */ 264 265 struct TS_resp_st 266 { 267 .TS_STATUS_INFO* status_info; 268 libressl_d.openssl.pkcs7.PKCS7* token; 269 .TS_TST_INFO* tst_info; 270 } 271 272 alias TS_RESP = .TS_resp_st; 273 274 /* The structure below would belong to the ESS component. */ 275 276 /* 277 * IssuerSerial ::= SEQUENCE { 278 * issuer GeneralNames, 279 * serialNumber CertificateSerialNumber 280 * } 281 */ 282 283 struct ESS_issuer_serial 284 { 285 libressl_d.openssl.x509v3.stack_st_GENERAL_NAME* issuer; 286 libressl_d.openssl.ossl_typ.ASN1_INTEGER* serial; 287 } 288 289 alias ESS_ISSUER_SERIAL = .ESS_issuer_serial; 290 291 /* 292 * ESSCertID ::= SEQUENCE { 293 * certHash Hash, 294 * issuerSerial IssuerSerial OPTIONAL 295 * } 296 */ 297 298 struct ESS_cert_id 299 { 300 /** 301 * Always SHA-1 digest. 302 */ 303 libressl_d.openssl.ossl_typ.ASN1_OCTET_STRING* hash; 304 305 .ESS_ISSUER_SERIAL* issuer_serial; 306 } 307 308 alias ESS_CERT_ID = .ESS_cert_id; 309 310 //DECLARE_STACK_OF(ESS_CERT_ID) 311 struct stack_st_ESS_CERT_ID 312 { 313 libressl_d.openssl.stack._STACK stack; 314 } 315 316 /* 317 * SigningCertificate ::= SEQUENCE { 318 * certs SEQUENCE OF ESSCertID, 319 * policies SEQUENCE OF PolicyInformation OPTIONAL 320 * } 321 */ 322 323 struct ESS_signing_cert 324 { 325 .stack_st_ESS_CERT_ID* cert_ids; 326 libressl_d.openssl.x509v3.stack_st_POLICYINFO* policy_info; 327 } 328 329 alias ESS_SIGNING_CERT = .ESS_signing_cert; 330 331 .TS_REQ* TS_REQ_new(); 332 void TS_REQ_free(.TS_REQ* a); 333 int i2d_TS_REQ(const (.TS_REQ)* a, ubyte** pp); 334 .TS_REQ* d2i_TS_REQ(.TS_REQ** a, const (ubyte)** pp, core.stdc.config.c_long length_); 335 336 .TS_REQ* TS_REQ_dup(.TS_REQ* a); 337 338 .TS_REQ* d2i_TS_REQ_fp(libressl_d.compat.stdio.FILE* fp, .TS_REQ** a); 339 int i2d_TS_REQ_fp(libressl_d.compat.stdio.FILE* fp, .TS_REQ* a); 340 .TS_REQ* d2i_TS_REQ_bio(libressl_d.openssl.bio.BIO* fp, .TS_REQ** a); 341 int i2d_TS_REQ_bio(libressl_d.openssl.bio.BIO* fp, .TS_REQ* a); 342 343 .TS_MSG_IMPRINT* TS_MSG_IMPRINT_new(); 344 void TS_MSG_IMPRINT_free(.TS_MSG_IMPRINT* a); 345 int i2d_TS_MSG_IMPRINT(const (.TS_MSG_IMPRINT)* a, ubyte** pp); 346 .TS_MSG_IMPRINT* d2i_TS_MSG_IMPRINT(.TS_MSG_IMPRINT** a, const (ubyte)** pp, core.stdc.config.c_long length_); 347 348 .TS_MSG_IMPRINT* TS_MSG_IMPRINT_dup(.TS_MSG_IMPRINT* a); 349 350 .TS_MSG_IMPRINT* d2i_TS_MSG_IMPRINT_fp(libressl_d.compat.stdio.FILE* fp, .TS_MSG_IMPRINT** a); 351 int i2d_TS_MSG_IMPRINT_fp(libressl_d.compat.stdio.FILE* fp, .TS_MSG_IMPRINT* a); 352 .TS_MSG_IMPRINT* d2i_TS_MSG_IMPRINT_bio(libressl_d.openssl.bio.BIO* fp, .TS_MSG_IMPRINT** a); 353 int i2d_TS_MSG_IMPRINT_bio(libressl_d.openssl.bio.BIO* fp, .TS_MSG_IMPRINT* a); 354 355 .TS_RESP* TS_RESP_new(); 356 void TS_RESP_free(.TS_RESP* a); 357 int i2d_TS_RESP(const (.TS_RESP)* a, ubyte** pp); 358 .TS_RESP* d2i_TS_RESP(.TS_RESP** a, const (ubyte)** pp, core.stdc.config.c_long length_); 359 .TS_TST_INFO* PKCS7_to_TS_TST_INFO(libressl_d.openssl.pkcs7.PKCS7* token); 360 .TS_RESP* TS_RESP_dup(.TS_RESP* a); 361 362 .TS_RESP* d2i_TS_RESP_fp(libressl_d.compat.stdio.FILE* fp, .TS_RESP** a); 363 int i2d_TS_RESP_fp(libressl_d.compat.stdio.FILE* fp, .TS_RESP* a); 364 .TS_RESP* d2i_TS_RESP_bio(libressl_d.openssl.bio.BIO* fp, .TS_RESP** a); 365 int i2d_TS_RESP_bio(libressl_d.openssl.bio.BIO* fp, .TS_RESP* a); 366 367 .TS_STATUS_INFO* TS_STATUS_INFO_new(); 368 void TS_STATUS_INFO_free(.TS_STATUS_INFO* a); 369 int i2d_TS_STATUS_INFO(const (.TS_STATUS_INFO)* a, ubyte** pp); 370 .TS_STATUS_INFO* d2i_TS_STATUS_INFO(.TS_STATUS_INFO** a, const (ubyte)** pp, core.stdc.config.c_long length_); 371 .TS_STATUS_INFO* TS_STATUS_INFO_dup(.TS_STATUS_INFO* a); 372 373 .TS_TST_INFO* TS_TST_INFO_new(); 374 void TS_TST_INFO_free(.TS_TST_INFO* a); 375 int i2d_TS_TST_INFO(const (.TS_TST_INFO)* a, ubyte** pp); 376 .TS_TST_INFO* d2i_TS_TST_INFO(.TS_TST_INFO** a, const (ubyte)** pp, core.stdc.config.c_long length_); 377 .TS_TST_INFO* TS_TST_INFO_dup(.TS_TST_INFO* a); 378 379 .TS_TST_INFO* d2i_TS_TST_INFO_fp(libressl_d.compat.stdio.FILE* fp, .TS_TST_INFO** a); 380 int i2d_TS_TST_INFO_fp(libressl_d.compat.stdio.FILE* fp, .TS_TST_INFO* a); 381 .TS_TST_INFO* d2i_TS_TST_INFO_bio(libressl_d.openssl.bio.BIO* fp, .TS_TST_INFO** a); 382 int i2d_TS_TST_INFO_bio(libressl_d.openssl.bio.BIO* fp, .TS_TST_INFO* a); 383 384 .TS_ACCURACY* TS_ACCURACY_new(); 385 void TS_ACCURACY_free(.TS_ACCURACY* a); 386 int i2d_TS_ACCURACY(const (.TS_ACCURACY)* a, ubyte** pp); 387 .TS_ACCURACY* d2i_TS_ACCURACY(.TS_ACCURACY** a, const (ubyte)** pp, core.stdc.config.c_long length_); 388 .TS_ACCURACY* TS_ACCURACY_dup(.TS_ACCURACY* a); 389 390 .ESS_ISSUER_SERIAL* ESS_ISSUER_SERIAL_new(); 391 void ESS_ISSUER_SERIAL_free(.ESS_ISSUER_SERIAL* a); 392 int i2d_ESS_ISSUER_SERIAL(const (.ESS_ISSUER_SERIAL)* a, ubyte** pp); 393 .ESS_ISSUER_SERIAL* d2i_ESS_ISSUER_SERIAL(.ESS_ISSUER_SERIAL** a, const (ubyte)** pp, core.stdc.config.c_long length_); 394 .ESS_ISSUER_SERIAL* ESS_ISSUER_SERIAL_dup(.ESS_ISSUER_SERIAL* a); 395 396 .ESS_CERT_ID* ESS_CERT_ID_new(); 397 void ESS_CERT_ID_free(.ESS_CERT_ID* a); 398 int i2d_ESS_CERT_ID(const (.ESS_CERT_ID)* a, ubyte** pp); 399 .ESS_CERT_ID* d2i_ESS_CERT_ID(.ESS_CERT_ID** a, const (ubyte)** pp, core.stdc.config.c_long length_); 400 .ESS_CERT_ID* ESS_CERT_ID_dup(.ESS_CERT_ID* a); 401 402 .ESS_SIGNING_CERT* ESS_SIGNING_CERT_new(); 403 void ESS_SIGNING_CERT_free(.ESS_SIGNING_CERT* a); 404 int i2d_ESS_SIGNING_CERT(const (.ESS_SIGNING_CERT)* a, ubyte** pp); 405 .ESS_SIGNING_CERT* d2i_ESS_SIGNING_CERT(.ESS_SIGNING_CERT** a, const (ubyte)** pp, core.stdc.config.c_long length_); 406 .ESS_SIGNING_CERT* ESS_SIGNING_CERT_dup(.ESS_SIGNING_CERT* a); 407 408 void ERR_load_TS_strings(); 409 410 int TS_REQ_set_version(.TS_REQ* a, core.stdc.config.c_long version_); 411 core.stdc.config.c_long TS_REQ_get_version(const (.TS_REQ)* a); 412 413 int TS_REQ_set_msg_imprint(.TS_REQ* a, .TS_MSG_IMPRINT* msg_imprint); 414 .TS_MSG_IMPRINT* TS_REQ_get_msg_imprint(.TS_REQ* a); 415 416 int TS_MSG_IMPRINT_set_algo(.TS_MSG_IMPRINT* a, libressl_d.openssl.ossl_typ.X509_ALGOR* alg); 417 libressl_d.openssl.ossl_typ.X509_ALGOR* TS_MSG_IMPRINT_get_algo(.TS_MSG_IMPRINT* a); 418 419 int TS_MSG_IMPRINT_set_msg(.TS_MSG_IMPRINT* a, ubyte* d, int len); 420 libressl_d.openssl.ossl_typ.ASN1_OCTET_STRING* TS_MSG_IMPRINT_get_msg(.TS_MSG_IMPRINT* a); 421 422 int TS_REQ_set_policy_id(.TS_REQ* a, const (libressl_d.openssl.asn1.ASN1_OBJECT)* policy); 423 libressl_d.openssl.asn1.ASN1_OBJECT* TS_REQ_get_policy_id(.TS_REQ* a); 424 425 int TS_REQ_set_nonce(.TS_REQ* a, const (libressl_d.openssl.ossl_typ.ASN1_INTEGER)* nonce); 426 const (libressl_d.openssl.ossl_typ.ASN1_INTEGER)* TS_REQ_get_nonce(const (.TS_REQ)* a); 427 428 int TS_REQ_set_cert_req(.TS_REQ* a, int cert_req); 429 int TS_REQ_get_cert_req(const (.TS_REQ)* a); 430 431 libressl_d.openssl.x509.stack_st_X509_EXTENSION* TS_REQ_get_exts(.TS_REQ* a); 432 void TS_REQ_ext_free(.TS_REQ* a); 433 int TS_REQ_get_ext_count(.TS_REQ* a); 434 int TS_REQ_get_ext_by_NID(.TS_REQ* a, int nid, int lastpos); 435 int TS_REQ_get_ext_by_OBJ(.TS_REQ* a, const (libressl_d.openssl.asn1.ASN1_OBJECT)* obj, int lastpos); 436 int TS_REQ_get_ext_by_critical(.TS_REQ* a, int crit, int lastpos); 437 libressl_d.openssl.x509.X509_EXTENSION* TS_REQ_get_ext(.TS_REQ* a, int loc); 438 libressl_d.openssl.x509.X509_EXTENSION* TS_REQ_delete_ext(.TS_REQ* a, int loc); 439 int TS_REQ_add_ext(.TS_REQ* a, libressl_d.openssl.x509.X509_EXTENSION* ex, int loc); 440 void* TS_REQ_get_ext_d2i(.TS_REQ* a, int nid, int* crit, int* idx); 441 442 /* Function declarations for TS_REQ defined in ts/ts_req_print.c */ 443 444 int TS_REQ_print_bio(libressl_d.openssl.bio.BIO* bio, .TS_REQ* a); 445 446 /* Function declarations for TS_RESP defined in ts/ts_resp_utils.c */ 447 448 int TS_RESP_set_status_info(.TS_RESP* a, .TS_STATUS_INFO* info); 449 .TS_STATUS_INFO* TS_RESP_get_status_info(.TS_RESP* a); 450 451 /* Caller loses ownership of PKCS7 and TS_TST_INFO objects. */ 452 void TS_RESP_set_tst_info(.TS_RESP* a, libressl_d.openssl.pkcs7.PKCS7* p7, .TS_TST_INFO* tst_info); 453 libressl_d.openssl.pkcs7.PKCS7* TS_RESP_get_token(.TS_RESP* a); 454 .TS_TST_INFO* TS_RESP_get_tst_info(.TS_RESP* a); 455 456 int TS_TST_INFO_set_version(.TS_TST_INFO* a, core.stdc.config.c_long version_); 457 core.stdc.config.c_long TS_TST_INFO_get_version(const (.TS_TST_INFO)* a); 458 459 int TS_TST_INFO_set_policy_id(.TS_TST_INFO* a, libressl_d.openssl.asn1.ASN1_OBJECT* policy_id); 460 libressl_d.openssl.asn1.ASN1_OBJECT* TS_TST_INFO_get_policy_id(.TS_TST_INFO* a); 461 462 int TS_TST_INFO_set_msg_imprint(.TS_TST_INFO* a, .TS_MSG_IMPRINT* msg_imprint); 463 .TS_MSG_IMPRINT* TS_TST_INFO_get_msg_imprint(.TS_TST_INFO* a); 464 465 int TS_TST_INFO_set_serial(.TS_TST_INFO* a, const (libressl_d.openssl.ossl_typ.ASN1_INTEGER)* serial); 466 const (libressl_d.openssl.ossl_typ.ASN1_INTEGER)* TS_TST_INFO_get_serial(const (.TS_TST_INFO)* a); 467 468 int TS_TST_INFO_set_time(.TS_TST_INFO* a, const (libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME)* gtime); 469 const (libressl_d.openssl.ossl_typ.ASN1_GENERALIZEDTIME)* TS_TST_INFO_get_time(const (.TS_TST_INFO)* a); 470 471 int TS_TST_INFO_set_accuracy(.TS_TST_INFO* a, .TS_ACCURACY* accuracy); 472 .TS_ACCURACY* TS_TST_INFO_get_accuracy(.TS_TST_INFO* a); 473 474 int TS_ACCURACY_set_seconds(.TS_ACCURACY* a, const (libressl_d.openssl.ossl_typ.ASN1_INTEGER)* seconds); 475 const (libressl_d.openssl.ossl_typ.ASN1_INTEGER)* TS_ACCURACY_get_seconds(const (.TS_ACCURACY)* a); 476 477 int TS_ACCURACY_set_millis(.TS_ACCURACY* a, const (libressl_d.openssl.ossl_typ.ASN1_INTEGER)* millis); 478 const (libressl_d.openssl.ossl_typ.ASN1_INTEGER)* TS_ACCURACY_get_millis(const (.TS_ACCURACY)* a); 479 480 int TS_ACCURACY_set_micros(.TS_ACCURACY* a, const (libressl_d.openssl.ossl_typ.ASN1_INTEGER)* micros); 481 const (libressl_d.openssl.ossl_typ.ASN1_INTEGER)* TS_ACCURACY_get_micros(const (.TS_ACCURACY)* a); 482 483 int TS_TST_INFO_set_ordering(.TS_TST_INFO* a, int ordering); 484 int TS_TST_INFO_get_ordering(const (.TS_TST_INFO)* a); 485 486 int TS_TST_INFO_set_nonce(.TS_TST_INFO* a, const (libressl_d.openssl.ossl_typ.ASN1_INTEGER)* nonce); 487 const (libressl_d.openssl.ossl_typ.ASN1_INTEGER)* TS_TST_INFO_get_nonce(const (.TS_TST_INFO)* a); 488 489 int TS_TST_INFO_set_tsa(.TS_TST_INFO* a, libressl_d.openssl.x509v3.GENERAL_NAME* tsa); 490 libressl_d.openssl.x509v3.GENERAL_NAME* TS_TST_INFO_get_tsa(.TS_TST_INFO* a); 491 492 libressl_d.openssl.x509.stack_st_X509_EXTENSION* TS_TST_INFO_get_exts(.TS_TST_INFO* a); 493 void TS_TST_INFO_ext_free(.TS_TST_INFO* a); 494 int TS_TST_INFO_get_ext_count(.TS_TST_INFO* a); 495 int TS_TST_INFO_get_ext_by_NID(.TS_TST_INFO* a, int nid, int lastpos); 496 int TS_TST_INFO_get_ext_by_OBJ(.TS_TST_INFO* a, const (libressl_d.openssl.asn1.ASN1_OBJECT)* obj, int lastpos); 497 int TS_TST_INFO_get_ext_by_critical(.TS_TST_INFO* a, int crit, int lastpos); 498 libressl_d.openssl.x509.X509_EXTENSION* TS_TST_INFO_get_ext(.TS_TST_INFO* a, int loc); 499 libressl_d.openssl.x509.X509_EXTENSION* TS_TST_INFO_delete_ext(.TS_TST_INFO* a, int loc); 500 int TS_TST_INFO_add_ext(.TS_TST_INFO* a, libressl_d.openssl.x509.X509_EXTENSION* ex, int loc); 501 void* TS_TST_INFO_get_ext_d2i(.TS_TST_INFO* a, int nid, int* crit, int* idx); 502 503 /* Declarations related to response generation, defined in ts/ts_resp_sign.c. */ 504 505 /* Optional flags for response generation. */ 506 507 /** 508 * Don't include the TSA name in response. 509 */ 510 enum TS_TSA_NAME = 0x01; 511 512 /** 513 * Set ordering to true in response. 514 */ 515 enum TS_ORDERING = 0x02; 516 517 /** 518 * Include the signer certificate and the other specified certificates in 519 * the ESS signing certificate attribute beside the PKCS7 signed data. 520 * Only the signer certificates is included by default. 521 */ 522 enum TS_ESS_CERT_ID_CHAIN = 0x04; 523 524 /** 525 * This must return a unique number less than 160 bits core.stdc.config.c_long. 526 */ 527 alias TS_serial_cb = extern (C) nothrow @nogc libressl_d.openssl.ossl_typ.ASN1_INTEGER* function(.TS_resp_ctx*, void*); 528 529 /** 530 * This must return the seconds and microseconds since Jan 1, 1970 in 531 * the sec and usec variables allocated by the caller. 532 * Return non-zero for success and zero for failure. 533 */ 534 alias TS_time_cb = extern (C) nothrow @nogc int function(.TS_resp_ctx*, void*, libressl_d.compat.time.time_t* sec, core.stdc.config.c_long* usec); 535 536 /** 537 * This must process the given extension. 538 * It can modify the TS_TST_INFO object of the context. 539 * Return values: !0 (processed), 0 (error, it must set the 540 * status info/failure info of the response). 541 */ 542 alias TS_extension_cb = extern (C) nothrow @nogc int function(.TS_resp_ctx*, libressl_d.openssl.x509.X509_EXTENSION*, void*); 543 544 struct TS_resp_ctx 545 { 546 libressl_d.openssl.ossl_typ.X509* signer_cert; 547 libressl_d.openssl.ossl_typ.EVP_PKEY* signer_key; 548 549 /** 550 * Certs to include in signed data. 551 */ 552 libressl_d.openssl.x509.stack_st_X509* certs; 553 554 /** 555 * Acceptable policies. 556 */ 557 libressl_d.openssl.asn1.stack_st_ASN1_OBJECT* policies; 558 559 /** 560 * It may appear in policies, too. 561 */ 562 libressl_d.openssl.asn1.ASN1_OBJECT* default_policy; 563 564 /** 565 * Acceptable message digests. 566 */ 567 .stack_st_EVP_MD* mds; 568 569 /** 570 * accuracy, 0 means not specified. 571 */ 572 libressl_d.openssl.ossl_typ.ASN1_INTEGER* seconds; 573 574 ///Ditto 575 libressl_d.openssl.ossl_typ.ASN1_INTEGER* millis; 576 577 ///Ditto 578 libressl_d.openssl.ossl_typ.ASN1_INTEGER* micros; 579 580 /** 581 * fraction of seconds in time stamp token. 582 */ 583 uint clock_precision_digits; 584 585 /** 586 * Optional info, see values above. 587 */ 588 uint flags; 589 590 /** 591 * Callback functions. 592 */ 593 .TS_serial_cb serial_cb; 594 595 /** 596 * User data for serial_cb. 597 */ 598 void* serial_cb_data; 599 600 .TS_time_cb time_cb; 601 602 /** 603 * User data for time_cb. 604 */ 605 void* time_cb_data; 606 607 .TS_extension_cb extension_cb; 608 609 /** 610 * User data for extension_cb. 611 */ 612 void* extension_cb_data; 613 614 /* These members are used only while creating the response. */ 615 .TS_REQ* request; 616 .TS_RESP* response; 617 .TS_TST_INFO* tst_info; 618 } 619 620 alias TS_RESP_CTX = .TS_resp_ctx; 621 622 //DECLARE_STACK_OF(EVP_MD) 623 struct stack_st_EVP_MD 624 { 625 libressl_d.openssl.stack._STACK stack; 626 } 627 628 /* Creates a response context that can be used for generating responses. */ 629 .TS_RESP_CTX* TS_RESP_CTX_new(); 630 void TS_RESP_CTX_free(.TS_RESP_CTX* ctx); 631 632 /** 633 * This parameter must be set. 634 */ 635 int TS_RESP_CTX_set_signer_cert(.TS_RESP_CTX* ctx, libressl_d.openssl.ossl_typ.X509* signer); 636 637 ///Ditto 638 int TS_RESP_CTX_set_signer_key(.TS_RESP_CTX* ctx, libressl_d.openssl.ossl_typ.EVP_PKEY* key); 639 640 ///Ditto 641 int TS_RESP_CTX_set_def_policy(.TS_RESP_CTX* ctx, const (libressl_d.openssl.asn1.ASN1_OBJECT)* def_policy); 642 643 /** 644 * No additional certs are included in the response by default. 645 */ 646 int TS_RESP_CTX_set_certs(.TS_RESP_CTX* ctx, libressl_d.openssl.x509.stack_st_X509* certs); 647 648 /** 649 * Adds a new acceptable policy, only the default policy 650 * is accepted by default. 651 */ 652 int TS_RESP_CTX_add_policy(.TS_RESP_CTX* ctx, const (libressl_d.openssl.asn1.ASN1_OBJECT)* policy); 653 654 /** 655 * Adds a new acceptable message digest. Note that no message digests 656 * are accepted by default. The md argument is shared with the caller. 657 */ 658 int TS_RESP_CTX_add_md(.TS_RESP_CTX* ctx, const (libressl_d.openssl.ossl_typ.EVP_MD)* md); 659 660 /** 661 * Accuracy is not included by default. 662 */ 663 int TS_RESP_CTX_set_accuracy(.TS_RESP_CTX* ctx, int secs, int millis, int micros); 664 665 /** 666 * Clock precision digits, i.e. the number of decimal digits: 667 * '0' means sec, '3' msec, '6' usec, and so on. Default is 0. 668 */ 669 int TS_RESP_CTX_set_clock_precision_digits(.TS_RESP_CTX* ctx, uint clock_precision_digits); 670 671 /** 672 * At most we accept usec precision. 673 */ 674 enum TS_MAX_CLOCK_PRECISION_DIGITS = 6; 675 676 /** 677 * No flags are set by default. 678 */ 679 void TS_RESP_CTX_add_flags(.TS_RESP_CTX* ctx, int flags); 680 681 /** 682 * Default callback always returns a constant. 683 */ 684 void TS_RESP_CTX_set_serial_cb(.TS_RESP_CTX* ctx, .TS_serial_cb cb, void* data); 685 686 /** 687 * Default callback rejects all extensions. The extension callback is called 688 * when the TS_TST_INFO object is already set up and not signed yet. 689 */ 690 /* FIXME: extension handling is not tested yet. */ 691 void TS_RESP_CTX_set_extension_cb(.TS_RESP_CTX* ctx, .TS_extension_cb cb, void* data); 692 693 /** 694 * The following methods can be used in the callbacks. 695 */ 696 int TS_RESP_CTX_set_status_info(.TS_RESP_CTX* ctx, int status, const (char)* text); 697 698 /** 699 * Sets the status info only if it is still TS_STATUS_GRANTED. 700 */ 701 int TS_RESP_CTX_set_status_info_cond(.TS_RESP_CTX* ctx, int status, const (char)* text); 702 703 int TS_RESP_CTX_add_failure_info(.TS_RESP_CTX* ctx, int failure); 704 705 /** 706 * The get methods below can be used in the extension callback. 707 */ 708 .TS_REQ* TS_RESP_CTX_get_request(.TS_RESP_CTX* ctx); 709 710 .TS_TST_INFO* TS_RESP_CTX_get_tst_info(.TS_RESP_CTX* ctx); 711 712 /** 713 * Creates the signed TS_TST_INFO and puts it in TS_RESP. 714 * In case of errors it sets the status info properly. 715 * Returns null only in case of memory allocation/fatal error. 716 */ 717 .TS_RESP* TS_RESP_create_response(.TS_RESP_CTX* ctx, libressl_d.openssl.bio.BIO* req_bio); 718 719 /* 720 * Declarations related to response verification, 721 * they are defined in ts/ts_resp_verify.c. 722 */ 723 724 int TS_RESP_verify_signature(libressl_d.openssl.pkcs7.PKCS7* token, libressl_d.openssl.x509.stack_st_X509* certs, libressl_d.openssl.ossl_typ.X509_STORE* store, libressl_d.openssl.ossl_typ.X509** signer_out); 725 726 /* Context structure for the generic verify method. */ 727 728 /** 729 * Verify the signer's certificate and the signature of the response. 730 */ 731 enum TS_VFY_SIGNATURE = 1u << 0; 732 733 /** 734 * Verify the version number of the response. 735 */ 736 enum TS_VFY_VERSION = 1u << 1; 737 738 /** 739 * Verify if the policy supplied by the user matches the policy of the TSA. 740 */ 741 enum TS_VFY_POLICY = 1u << 2; 742 743 /** 744 * Verify the message imprint provided by the user. This flag should not be 745 * specified with TS_VFY_DATA. 746 */ 747 enum TS_VFY_IMPRINT = 1u << 3; 748 749 /** 750 * Verify the message imprint computed by the verify method from the user 751 * provided data and the MD algorithm of the response. This flag should not be 752 * specified with TS_VFY_IMPRINT. 753 */ 754 enum TS_VFY_DATA = 1u << 4; 755 756 /** 757 * Verify the nonce value. 758 */ 759 enum TS_VFY_NONCE = 1u << 5; 760 761 /** 762 * Verify if the TSA name field matches the signer certificate. 763 */ 764 enum TS_VFY_SIGNER = 1u << 6; 765 766 /** 767 * Verify if the TSA name field equals to the user provided name. 768 */ 769 enum TS_VFY_TSA_NAME = 1u << 7; 770 771 /* You can use the following convenience constants. */ 772 enum TS_VFY_ALL_IMPRINT = .TS_VFY_SIGNATURE | .TS_VFY_VERSION | .TS_VFY_POLICY | .TS_VFY_IMPRINT | .TS_VFY_NONCE | .TS_VFY_SIGNER | .TS_VFY_TSA_NAME; 773 enum TS_VFY_ALL_DATA = .TS_VFY_SIGNATURE | .TS_VFY_VERSION | .TS_VFY_POLICY | .TS_VFY_DATA | .TS_VFY_NONCE | .TS_VFY_SIGNER | .TS_VFY_TSA_NAME; 774 775 struct TS_verify_ctx 776 { 777 /** 778 * Set this to the union of TS_VFY_... flags you want to carry out. 779 */ 780 uint flags; 781 782 /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */ 783 libressl_d.openssl.ossl_typ.X509_STORE* store; 784 libressl_d.openssl.x509.stack_st_X509* certs; 785 786 /* Must be set only with TS_VFY_POLICY. */ 787 libressl_d.openssl.asn1.ASN1_OBJECT* policy; 788 789 /* 790 * Must be set only with TS_VFY_IMPRINT. If md_alg is null, 791 * the algorithm from the response is used. 792 */ 793 libressl_d.openssl.ossl_typ.X509_ALGOR* md_alg; 794 ubyte* imprint; 795 uint imprint_len; 796 797 /** 798 * Must be set only with TS_VFY_DATA. 799 */ 800 libressl_d.openssl.bio.BIO* data; 801 802 /** 803 * Must be set only with TS_VFY_TSA_NAME. 804 */ 805 libressl_d.openssl.ossl_typ.ASN1_INTEGER* nonce; 806 807 /** 808 * Must be set only with TS_VFY_TSA_NAME. 809 */ 810 libressl_d.openssl.x509v3.GENERAL_NAME* tsa_name; 811 } 812 813 alias TS_VERIFY_CTX = .TS_verify_ctx; 814 815 int TS_RESP_verify_response(.TS_VERIFY_CTX* ctx, .TS_RESP* response); 816 int TS_RESP_verify_token(.TS_VERIFY_CTX* ctx, libressl_d.openssl.pkcs7.PKCS7* token); 817 818 /* 819 * Declarations related to response verification context, 820 * they are defined in ts/ts_verify_ctx.c. 821 */ 822 823 /* Set all fields to zero. */ 824 .TS_VERIFY_CTX* TS_VERIFY_CTX_new(); 825 void TS_VERIFY_CTX_init(.TS_VERIFY_CTX* ctx); 826 void TS_VERIFY_CTX_free(.TS_VERIFY_CTX* ctx); 827 void TS_VERIFY_CTX_cleanup(.TS_VERIFY_CTX* ctx); 828 829 /** 830 * If ctx is null, it allocates and returns a new object, otherwise 831 * it returns ctx. It initialises all the members as follows: 832 * flags = TS_VFY_ALL_IMPRINT & ~(.TS_VFY_TSA_NAME | .TS_VFY_SIGNATURE) 833 * certs = null 834 * store = null 835 * policy = policy from the request or null if absent (in this case 836 * TS_VFY_POLICY is cleared from flags as well) 837 * md_alg = MD algorithm from request 838 * imprint, imprint_len = imprint from request 839 * data = null 840 * nonce, nonce_len = nonce from the request or null if absent (in this case 841 * TS_VFY_NONCE is cleared from flags as well) 842 * tsa_name = null 843 * Important: after calling this method TS_VFY_SIGNATURE should be added! 844 */ 845 .TS_VERIFY_CTX* TS_REQ_to_TS_VERIFY_CTX(.TS_REQ* req, .TS_VERIFY_CTX* ctx); 846 847 /* Function declarations for TS_RESP defined in ts/ts_resp_print.c */ 848 849 int TS_RESP_print_bio(libressl_d.openssl.bio.BIO* bio, .TS_RESP* a); 850 int TS_STATUS_INFO_print_bio(libressl_d.openssl.bio.BIO* bio, .TS_STATUS_INFO* a); 851 int TS_TST_INFO_print_bio(libressl_d.openssl.bio.BIO* bio, .TS_TST_INFO* a); 852 853 /* Common utility functions defined in ts/ts_lib.c */ 854 855 int TS_ASN1_INTEGER_print_bio(libressl_d.openssl.bio.BIO* bio, const (libressl_d.openssl.ossl_typ.ASN1_INTEGER)* num); 856 int TS_OBJ_print_bio(libressl_d.openssl.bio.BIO* bio, const (libressl_d.openssl.asn1.ASN1_OBJECT)* obj); 857 int TS_ext_print_bio(libressl_d.openssl.bio.BIO* bio, const (libressl_d.openssl.x509.stack_st_X509_EXTENSION)* extensions); 858 int TS_X509_ALGOR_print_bio(libressl_d.openssl.bio.BIO* bio, const (libressl_d.openssl.ossl_typ.X509_ALGOR)* alg); 859 int TS_MSG_IMPRINT_print_bio(libressl_d.openssl.bio.BIO* bio, .TS_MSG_IMPRINT* msg); 860 861 /* 862 * Function declarations for handling configuration options, 863 * defined in ts/ts_conf.c 864 */ 865 866 libressl_d.openssl.ossl_typ.X509* TS_CONF_load_cert(const (char)* file); 867 libressl_d.openssl.x509.stack_st_X509* TS_CONF_load_certs(const (char)* file); 868 libressl_d.openssl.ossl_typ.EVP_PKEY* TS_CONF_load_key(const (char)* file, const (char)* pass); 869 const (char)* TS_CONF_get_tsa_section(libressl_d.openssl.ossl_typ.CONF* conf, const (char)* section); 870 int TS_CONF_set_serial(libressl_d.openssl.ossl_typ.CONF* conf, const (char)* section, .TS_serial_cb cb, .TS_RESP_CTX* ctx); 871 int TS_CONF_set_crypto_device(libressl_d.openssl.ossl_typ.CONF* conf, const (char)* section, const (char)* device); 872 int TS_CONF_set_default_engine(const (char)* name); 873 int TS_CONF_set_signer_cert(libressl_d.openssl.ossl_typ.CONF* conf, const (char)* section, const (char)* cert, .TS_RESP_CTX* ctx); 874 int TS_CONF_set_certs(libressl_d.openssl.ossl_typ.CONF* conf, const (char)* section, const (char)* certs, .TS_RESP_CTX* ctx); 875 int TS_CONF_set_signer_key(libressl_d.openssl.ossl_typ.CONF* conf, const (char)* section, const (char)* key, const (char)* pass, .TS_RESP_CTX* ctx); 876 int TS_CONF_set_def_policy(libressl_d.openssl.ossl_typ.CONF* conf, const (char)* section, const (char)* policy, .TS_RESP_CTX* ctx); 877 int TS_CONF_set_policies(libressl_d.openssl.ossl_typ.CONF* conf, const (char)* section, .TS_RESP_CTX* ctx); 878 int TS_CONF_set_digests(libressl_d.openssl.ossl_typ.CONF* conf, const (char)* section, .TS_RESP_CTX* ctx); 879 int TS_CONF_set_accuracy(libressl_d.openssl.ossl_typ.CONF* conf, const (char)* section, .TS_RESP_CTX* ctx); 880 int TS_CONF_set_clock_precision_digits(libressl_d.openssl.ossl_typ.CONF* conf, const (char)* section, .TS_RESP_CTX* ctx); 881 int TS_CONF_set_ordering(libressl_d.openssl.ossl_typ.CONF* conf, const (char)* section, .TS_RESP_CTX* ctx); 882 int TS_CONF_set_tsa_name(libressl_d.openssl.ossl_typ.CONF* conf, const (char)* section, .TS_RESP_CTX* ctx); 883 int TS_CONF_set_ess_cert_id_chain(libressl_d.openssl.ossl_typ.CONF* conf, const (char)* section, .TS_RESP_CTX* ctx); 884 885 /* -------------------------------------------------- */ 886 /* BEGIN ERROR CODES */ 887 /* 888 * The following lines are auto generated by the script mkerr.pl. Any changes 889 * made after this point may be overwritten when the script is next run. 890 */ 891 void ERR_load_TS_strings(); 892 893 /* Error codes for the TS functions. */ 894 895 /* Function codes. */ 896 enum TS_F_D2I_TS_RESP = 147; 897 enum TS_F_DEF_SERIAL_CB = 110; 898 enum TS_F_DEF_TIME_CB = 111; 899 enum TS_F_ESS_ADD_SIGNING_CERT = 112; 900 enum TS_F_ESS_CERT_ID_NEW_INIT = 113; 901 enum TS_F_ESS_SIGNING_CERT_NEW_INIT = 114; 902 enum TS_F_INT_TS_RESP_VERIFY_TOKEN = 149; 903 enum TS_F_PKCS7_TO_TS_TST_INFO = 148; 904 enum TS_F_TS_ACCURACY_SET_MICROS = 115; 905 enum TS_F_TS_ACCURACY_SET_MILLIS = 116; 906 enum TS_F_TS_ACCURACY_SET_SECONDS = 117; 907 enum TS_F_TS_CHECK_IMPRINTS = 100; 908 enum TS_F_TS_CHECK_NONCES = 101; 909 enum TS_F_TS_CHECK_POLICY = 102; 910 enum TS_F_TS_CHECK_SIGNING_CERTS = 103; 911 enum TS_F_TS_CHECK_STATUS_INFO = 104; 912 enum TS_F_TS_COMPUTE_IMPRINT = 145; 913 enum TS_F_TS_CONF_SET_DEFAULT_ENGINE = 146; 914 enum TS_F_TS_GET_STATUS_TEXT = 105; 915 enum TS_F_TS_MSG_IMPRINT_SET_ALGO = 118; 916 enum TS_F_TS_REQ_SET_MSG_IMPRINT = 119; 917 enum TS_F_TS_REQ_SET_NONCE = 120; 918 enum TS_F_TS_REQ_SET_POLICY_ID = 121; 919 enum TS_F_TS_RESP_CREATE_RESPONSE = 122; 920 enum TS_F_TS_RESP_CREATE_TST_INFO = 123; 921 enum TS_F_TS_RESP_CTX_ADD_FAILURE_INFO = 124; 922 enum TS_F_TS_RESP_CTX_ADD_MD = 125; 923 enum TS_F_TS_RESP_CTX_ADD_POLICY = 126; 924 enum TS_F_TS_RESP_CTX_NEW = 127; 925 enum TS_F_TS_RESP_CTX_SET_ACCURACY = 128; 926 enum TS_F_TS_RESP_CTX_SET_CERTS = 129; 927 enum TS_F_TS_RESP_CTX_SET_DEF_POLICY = 130; 928 enum TS_F_TS_RESP_CTX_SET_SIGNER_CERT = 131; 929 enum TS_F_TS_RESP_CTX_SET_STATUS_INFO = 132; 930 enum TS_F_TS_RESP_GET_POLICY = 133; 931 enum TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION = 134; 932 enum TS_F_TS_RESP_SET_STATUS_INFO = 135; 933 enum TS_F_TS_RESP_SET_TST_INFO = 150; 934 enum TS_F_TS_RESP_SIGN = 136; 935 enum TS_F_TS_RESP_VERIFY_SIGNATURE = 106; 936 enum TS_F_TS_RESP_VERIFY_TOKEN = 107; 937 enum TS_F_TS_TST_INFO_SET_ACCURACY = 137; 938 enum TS_F_TS_TST_INFO_SET_MSG_IMPRINT = 138; 939 enum TS_F_TS_TST_INFO_SET_NONCE = 139; 940 enum TS_F_TS_TST_INFO_SET_POLICY_ID = 140; 941 enum TS_F_TS_TST_INFO_SET_SERIAL = 141; 942 enum TS_F_TS_TST_INFO_SET_TIME = 142; 943 enum TS_F_TS_TST_INFO_SET_TSA = 143; 944 enum TS_F_TS_VERIFY = 108; 945 enum TS_F_TS_VERIFY_CERT = 109; 946 enum TS_F_TS_VERIFY_CTX_NEW = 144; 947 948 /* Reason codes. */ 949 enum TS_R_BAD_PKCS7_TYPE = 132; 950 enum TS_R_BAD_TYPE = 133; 951 enum TS_R_CERTIFICATE_VERIFY_ERROR = 100; 952 enum TS_R_COULD_NOT_SET_ENGINE = 127; 953 enum TS_R_COULD_NOT_SET_TIME = 115; 954 enum TS_R_D2I_TS_RESP_INT_FAILED = 128; 955 enum TS_R_DETACHED_CONTENT = 134; 956 enum TS_R_ESS_ADD_SIGNING_CERT_ERROR = 116; 957 enum TS_R_ESS_SIGNING_CERTIFICATE_ERROR = 101; 958 enum TS_R_INVALID_NULL_POINTER = 102; 959 enum TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE = 117; 960 enum TS_R_MESSAGE_IMPRINT_MISMATCH = 103; 961 enum TS_R_NONCE_MISMATCH = 104; 962 enum TS_R_NONCE_NOT_RETURNED = 105; 963 enum TS_R_NO_CONTENT = 106; 964 enum TS_R_NO_TIME_STAMP_TOKEN = 107; 965 enum TS_R_PKCS7_ADD_SIGNATURE_ERROR = 118; 966 enum TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR = 119; 967 enum TS_R_PKCS7_TO_TS_TST_INFO_FAILED = 129; 968 enum TS_R_POLICY_MISMATCH = 108; 969 enum TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE = 120; 970 enum TS_R_RESPONSE_SETUP_ERROR = 121; 971 enum TS_R_SIGNATURE_FAILURE = 109; 972 enum TS_R_THERE_MUST_BE_ONE_SIGNER = 110; 973 enum TS_R_TIME_SYSCALL_ERROR = 122; 974 enum TS_R_TOKEN_NOT_PRESENT = 130; 975 enum TS_R_TOKEN_PRESENT = 131; 976 enum TS_R_TSA_NAME_MISMATCH = 111; 977 enum TS_R_TSA_UNTRUSTED = 112; 978 enum TS_R_TST_INFO_SETUP_ERROR = 123; 979 enum TS_R_TS_DATASIGN = 124; 980 enum TS_R_UNACCEPTABLE_POLICY = 125; 981 enum TS_R_UNSUPPORTED_MD_ALGORITHM = 126; 982 enum TS_R_UNSUPPORTED_VERSION = 113; 983 enum TS_R_WRONG_CONTENT_TYPE = 114;