2 * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * MessageImprint ::= SEQUENCE {
12 * hashAlgorithm AlgorithmIdentifier,
13 * hashedMessage OCTET STRING }
15 struct TS_msg_imprint_st {
16 X509_ALGOR *hash_algo;
17 ASN1_OCTET_STRING *hashed_msg;
21 * TimeStampResp ::= SEQUENCE {
22 * status PKIStatusInfo,
23 * timeStampToken TimeStampToken OPTIONAL }
26 TS_STATUS_INFO *status_info;
28 TS_TST_INFO *tst_info;
32 * TimeStampReq ::= SEQUENCE {
33 * version INTEGER { v1(1) },
34 * messageImprint MessageImprint,
35 * --a hash algorithm OID and the hash value of the data to be
37 * reqPolicy TSAPolicyId OPTIONAL,
38 * nonce INTEGER OPTIONAL,
39 * certReq BOOLEAN DEFAULT FALSE,
40 * extensions [0] IMPLICIT Extensions OPTIONAL }
43 ASN1_INTEGER *version;
44 TS_MSG_IMPRINT *msg_imprint;
45 ASN1_OBJECT *policy_id;
47 ASN1_BOOLEAN cert_req;
48 STACK_OF(X509_EXTENSION) *extensions;
52 * Accuracy ::= SEQUENCE {
53 * seconds INTEGER OPTIONAL,
54 * millis [0] INTEGER (1..999) OPTIONAL,
55 * micros [1] INTEGER (1..999) OPTIONAL }
57 struct TS_accuracy_st {
58 ASN1_INTEGER *seconds;
64 * TSTInfo ::= SEQUENCE {
65 * version INTEGER { v1(1) },
67 * messageImprint MessageImprint,
68 * -- MUST have the same value as the similar field in
70 * serialNumber INTEGER,
71 * -- Time-Stamping users MUST be ready to accommodate integers
73 * genTime GeneralizedTime,
74 * accuracy Accuracy OPTIONAL,
75 * ordering BOOLEAN DEFAULT FALSE,
76 * nonce INTEGER OPTIONAL,
77 * -- MUST be present if the similar field was present
78 * -- in TimeStampReq. In that case it MUST have the same value.
79 * tsa [0] GeneralName OPTIONAL,
80 * extensions [1] IMPLICIT Extensions OPTIONAL }
82 struct TS_tst_info_st {
83 ASN1_INTEGER *version;
84 ASN1_OBJECT *policy_id;
85 TS_MSG_IMPRINT *msg_imprint;
87 ASN1_GENERALIZEDTIME *time;
88 TS_ACCURACY *accuracy;
89 ASN1_BOOLEAN ordering;
92 STACK_OF(X509_EXTENSION) *extensions;
95 struct TS_status_info_st {
97 STACK_OF(ASN1_UTF8STRING) *text;
98 ASN1_BIT_STRING *failure_info;
103 EVP_PKEY *signer_key;
104 const EVP_MD *signer_md;
105 const EVP_MD *ess_cert_id_digest;
106 STACK_OF(X509) *certs; /* Certs to include in signed data. */
107 STACK_OF(ASN1_OBJECT) *policies; /* Acceptable policies. */
108 ASN1_OBJECT *default_policy; /* It may appear in policies, too. */
109 STACK_OF(EVP_MD) *mds; /* Acceptable message digests. */
110 ASN1_INTEGER *seconds; /* accuracy, 0 means not specified. */
111 ASN1_INTEGER *millis; /* accuracy, 0 means not specified. */
112 ASN1_INTEGER *micros; /* accuracy, 0 means not specified. */
113 unsigned clock_precision_digits; /* fraction of seconds in time stamp
115 unsigned flags; /* Optional info, see values above. */
116 /* Callback functions. */
117 TS_serial_cb serial_cb;
118 void *serial_cb_data; /* User data for serial_cb. */
120 void *time_cb_data; /* User data for time_cb. */
121 TS_extension_cb extension_cb;
122 void *extension_cb_data; /* User data for extension_cb. */
123 /* These members are used only while creating the response. */
126 TS_TST_INFO *tst_info;
129 struct TS_verify_ctx {
130 /* Set this to the union of TS_VFY_... flags you want to carry out. */
132 /* Must be set only with TS_VFY_SIGNATURE. certs is optional. */
134 STACK_OF(X509) *certs;
135 /* Must be set only with TS_VFY_POLICY. */
138 * Must be set only with TS_VFY_IMPRINT. If md_alg is NULL, the
139 * algorithm from the response is used.
142 unsigned char *imprint;
143 unsigned imprint_len;
144 /* Must be set only with TS_VFY_DATA. */
146 /* Must be set only with TS_VFY_TSA_NAME. */
148 /* Must be set only with TS_VFY_TSA_NAME. */
149 GENERAL_NAME *tsa_name;