54#include <openssl/asn1.h>
55#include <openssl/asn1t.h>
56#include <openssl/bio.h>
62#define ASN1_APP_IMP(stname, field, type, tag) ASN1_EX_TYPE(ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION, tag, stname, field, type)
64#ifndef ASN1_APP_IMP_OPT
66#define ASN1_APP_IMP_OPT(stname, field, type, tag) ASN1_EX_TYPE(ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION|ASN1_TFLG_OPTIONAL, tag, stname, field, type)
68#ifndef ASN1_APP_EXP_OPT
70#define ASN1_APP_EXP_OPT(stname, field, type, tag) ASN1_EX_TYPE(ASN1_TFLG_EXPTAG|ASN1_TFLG_APPLICATION|ASN1_TFLG_OPTIONAL, tag, stname, field, type)
72#ifndef ASN1_APP_IMP_SEQUENCE_OF_OPT
73#define ASN1_APP_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
74 ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_IMPTAG|ASN1_TFLG_APPLICATION|ASN1_TFLG_OPTIONAL, tag, stname, field, type)
91#define EAC_AT_CHAT_BYTES 5
92#define EAC_AT_CHAT_BITS 38
93#define EAC_IS_CHAT_BYTES 1
94#define EAC_IS_CHAT_BITS 6
95#define EAC_ST_CHAT_BYTES 1
96#define EAC_ST_CHAT_BITS 6
345#if OPENSSL_VERSION_NUMBER >= 0x30000000L
357#define CVC_CERT_dup(x) ASN1_dup_of(CVC_CERT, i2d_CVC_CERT, CVC_d2i_CVC_CERT, x)
366#define CVC_PUBKEY_dup(x) ASN1_dup_of(CVC_PUBKEY, i2d_CVC_PUBKEY, d2i_CVC_PUBKEY, x)
375#define CVC_CHAT_dup(x) ASN1_dup_of(CVC_CHAT, i2d_CVC_CHAT, d2i_CVC_CHAT, x)
418CVC_pkey2pubkey(
int all_parameters,
int protocol, EVP_PKEY *key,
635 const unsigned int cert_desc_in_len);
647 const unsigned char *cert_desc,
size_t cert_desc_len);
cvc_terminal_role
Effective role of the certificate holder.
@ CVC_CVCA
Country Verifying Certificate Authority.
@ CVC_Terminal
Terminal (inspection system/authentication terminal/signature terminal)
@ CVC_DocVer
Document Verifier (non-official/foreign)
@ CVC_DV
Document Verifier (official domestic)
CVC_DISCRETIONARY_DATA_TEMPLATE_SEQ CVC_DISCRETIONARY_DATA_TEMPLATE
Short name for CVC_CERT_BODY_SEQ.
BUF_MEM * CVC_hash_description(const CVC_CERT *cv, const unsigned char *cert_desc, size_t cert_desc_len)
Create a hash over a certificate's description.
struct cvc_discretionary_data_template_seq_st CVC_DISCRETIONARY_DATA_TEMPLATE_SEQ
Discretionary data template, used to encode certificate extensions.
struct cvc_cert_request_seq_st CVC_CERT_REQUEST_SEQ
The actual certifcate request, consisting of the body and inner signature.
CVC_CHAT_SEQ CVC_CHAT
Short name for CVC_CHAT_SEQ.
struct cvc_cert_seq_st CVC_CERT_SEQ
The actual certifcate, consisting of the body and a signature.
CVC_CERT_REQUEST_SEQ CVC_CERT_REQUEST
Short name for CVC_CERT_REQUEST_SEQ.
char * CVC_get_car(const CVC_CERT *cert)
Return the CAR of a CV certificate as a string.
enum cvc_terminal_role CVC_get_role(const CVC_CHAT *chat)
Extract the terminal-type (terminal, DV, CVCA) from the CHAT.
int CVC_verify_request_signature(const CVC_CERT_REQUEST *request)
Verify the inner signature of a CV certificate request.
struct cvc_certificate_description_st CVC_CERTIFICATE_DESCRIPTION
This structure holds further information about a card verifiable certificate in human readable form.
struct cvc_cert_request_body_seq_st CVC_CERT_REQUEST_BODY_SEQ
The body of the CV certificate request (without signature)
char * CVC_get_chr(const CVC_CERT *cert)
Return the CAR of a CV certificate as a string.
struct cvc_pubkey_st CVC_PUBKEY_BODY
Public key data object which may contain domain parameters.
int CVC_check_description(const CVC_CERT *cv, const unsigned char *cert_desc_in, const unsigned int cert_desc_in_len)
Check whether or not the certificate contains the correct hash of the CV certificate description.
struct cvc_cert_authentication_request_seq_st CVC_CERT_AUTHENTICATION_REQUEST_SEQ
The authentication request, consisting of the certificate request, certificate authority reference an...
CVC_CERT_BODY_SEQ CVC_CERT_BODY
Short name for CVC_CERT_BODY_SEQ.
int CVC_verify_authentication_request_signatures(struct eac_ctx *ctx, const CVC_CERT_AUTHENTICATION_REQUEST *authentication)
Verify the inner and outer signature of a CV certificate request.
short CVC_get_profile_identifier(const CVC_CERT *cert)
Return the profile identifier of a CV certificate as an integer.
struct cvc_cert_body_seq_st CVC_CERT_BODY_SEQ
The body of the CV certificate (without signature)
CVC_CERT_AUTHENTICATION_REQUEST_SEQ CVC_CERT_AUTHENTICATION_REQUEST
Short name for CVC_CERT_AUTHENTICATION_REQUEST_SEQ.
const CVC_CHAT * cvc_get_chat(const CVC_CERT *cvc)
Get the CHAT contained in a CV certifcate.
CVC_CERT_REQUEST_BODY_SEQ CVC_CERT_REQUEST_BODY
Short name for CVC_CERT_REQUEST_BODY_SEQ.
struct cvc_chat_seq_st CVC_CHAT_SEQ
Certificate Holder Authentication Template.
CVC_CERT_SEQ CVC_CERT
Short name for CVC_CERT_SEQ.
char * CVC_get_expiration_date(const CVC_CERT *cert)
Convert the expiration date of a certificate to a string.
int CVC_verify_signature(const CVC_CERT *cert, int protocol, EVP_PKEY *key)
Verify the signature of a CV certificate using the public key of the certificate issuer.
char * CVC_get_effective_date(const CVC_CERT *cert)
Convert the effective date and expiration date, of a certificate to a string.
void CVC_CERT_free(CVC_CERT *a)
Free a CV certificate.
CVC_CERT * d2i_CVC_CERT_bio(BIO *bp, CVC_CERT **cvc)
Load a CV certificate from a BIO object.
int i2d_CVC_CERT(CVC_CERT *a, unsigned char **out)
Convert a CV certificate description to its ASN1 representation.
CVC_CERT * CVC_d2i_CVC_CERT(CVC_CERT **cert, const unsigned char **in, long len)
Convert ASN1 formatted CV certificate to the internal structure.
EVP_PKEY * CVC_pubkey2pkey(const CVC_CERT *cert, BN_CTX *bn_ctx, EVP_PKEY *out)
Extract the public key from a CV certificate. Since EC domain parameters are only included in CVCA ce...
CVC_CERT * CVC_CERT_new(void)
Allocate memory for a CV certificate.
int certificate_authentication_request_print(BIO *bio, const CVC_CERT_AUTHENTICATION_REQUEST *authentication, int indent)
Print CV certificate authentication request in human readable form.
int CVC_print(BIO *bio, const CVC_CERT *cv, int indent)
Print CV certificate in human readable form.
int certificate_description_print(BIO *bio, const CVC_CERTIFICATE_DESCRIPTION *desc, int indent)
Print CV certificate description in human readable form.
int cvc_chat_print(BIO *bio, const CVC_CHAT *chat, int indent)
Print CHAT in human readable form.
int certificate_request_print(BIO *bio, const CVC_CERT_REQUEST *request, int indent)
Print CV certificate request in human readable form.
int cvc_chat_print_authorizations(BIO *bio, const CVC_CHAT *chat, int indent)
Print the relative authorization contained in a CHAT in human readable form.
Definitions of object identifiers.
The authentication request, consisting of the certificate request, certificate authority reference an...
CVC_CERT_REQUEST * request
certificate request
ASN1_UTF8STRING * certificate_authority_reference
Reference to certificate authority that issued this authentication request (in Latin1)
ASN1_OCTET_STRING * outer_signature
Signature calculated over the hash of the certificate request.
The body of the CV certificate (without signature)
ASN1_OCTET_STRING * certificate_effective_date
Date the certificate was issued (YYMMDD, BCD encoded)
CVC_CHAT * chat
Certificate Holder Authorisation Template.
ASN1_INTEGER * certificate_profile_identifier
Certificate Profile of this certificate (must be 0).
ASN1_UTF8STRING * certificate_holder_reference
Reference to the holder of this certificate (in Latin1)
CVC_PUBKEY * public_key
Public key associated with this certificate.
ASN1_OCTET_STRING * certificate_expiration_date
Date until which the certicate is valid (YYMMDD, BCD encoded)
STACK_OF(CVC_DISCRETIONARY_DATA_TEMPLATE) *certificate_extensions
Optional extensions.
ASN1_UTF8STRING * certificate_authority_reference
Reference to certificate authority that issued this certificate (in Latin1)
The body of the CV certificate request (without signature)
ASN1_UTF8STRING * certificate_authority_reference
Reference to certificate authority that issued this certificate request (in Latin1)
ASN1_INTEGER * certificate_profile_identifier
Certificate Profile of this certificate request (must be 0).
CVC_PUBKEY * public_key
Public key associated with this certificate request.
ASN1_UTF8STRING * certificate_holder_reference
Reference to the holder of this certificate request (in Latin1)
STACK_OF(CVC_DISCRETIONARY_DATA_TEMPLATE) *certificate_extensions
Optional extensions.
The actual certifcate request, consisting of the body and inner signature.
CVC_CERT_REQUEST_BODY * body
Body of the certificate request.
ASN1_OCTET_STRING * inner_signature
Signature calculated over the hash of the certificate request body.
The actual certifcate, consisting of the body and a signature.
ASN1_OCTET_STRING * signature
Signature calculated over the hash of the certificate body.
CVC_CERT_BODY * body
Body of the certificate.
This structure holds further information about a card verifiable certificate in human readable form.
ASN1_OCTET_STRING * termsOfUsage
Terms of Usage of the Service holding the certificate. May be formatted as either plain text,...
ASN1_OBJECT * descriptionType
Format of the description (Plain Text, PDF or HTML)
ASN1_PRINTABLESTRING * redirectURL
Not used.
ASN1_PRINTABLESTRING * subjectURL
Optional URL that points to informations about the holder of this certificate.
ASN1_UTF8STRING * subjectName
Human readable name of the holder of this certificate.
CVC_COMMCERT_SEQ * commCertificates
Contains hash values of admissible X.509 certificates of the remote terminal (optional)
ASN1_PRINTABLESTRING * issuerURL
Optional URL that points to informations about the issuer of this certificate.
ASN1_UTF8STRING * issuerName
Human readable name of the issuer of this certificate.
Certificate Holder Authentication Template.
ASN1_OCTET_STRING * relative_authorization
Access rights of the terminal to which this certificate belongs.
ASN1_OBJECT * terminal_type
Role of terminal to which this certificate belongs (Inspection System, Authentication Terminal or Sig...
STACK_OF(ASN1_OCTET_STRING) *values
Contains hash values of admissible X.509 certificates of the remote terminal (optional)
Discretionary data template, used to encode certificate extensions.
ASN1_OCTET_STRING * discretionary_data3
holds descretionary data
ASN1_OBJECT * type
OID which specifies the type of the extension.
ASN1_OCTET_STRING * discretionary_data1
holds descretionary data
ASN1_OCTET_STRING * discretionary_data2
holds descretionary data
Public key data object which may contain domain parameters.
ASN1_OCTET_STRING * cont6
Public point (EC)
ASN1_OBJECT * oid
Object Identifier which specifies the exact protocol to be used during TA.
ASN1_OCTET_STRING * cont2
Public exponent (RSA)/order of the Subgroup (DH)/first coefficient (EC)
ASN1_OCTET_STRING * cont5
Public value (DH)/order of the base point (EC)
ASN1_OCTET_STRING * cont3
Order of the subgroup (DH)/second coefficient (EC)
ASN1_OCTET_STRING * cont7
Cofactor (EC)
ASN1_OCTET_STRING * cont4
Generator (DH)/base point (EC)
ASN1_OCTET_STRING * cont1
Composite modulus (RSA)/prime modulus (DH, EC)
Context for the Extended Access Control protocol.
