2 * Copyright (C) 2003-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
26 #include <gnutls/x509.h>
27 #include <gnutls/abstract.h>
31 #define MAX_CRQ_EXTENSIONS_SIZE 8*1024
32 #define MAX_OID_SIZE 128
34 #define HASH_OID_SHA1 "1.3.14.3.2.26"
35 #define HASH_OID_MD5 "1.2.840.113549.2.5"
36 #define HASH_OID_MD2 "1.2.840.113549.2.2"
37 #define HASH_OID_RMD160 "1.3.36.3.2.1"
38 #define HASH_OID_SHA224 "2.16.840.1.101.3.4.2.4"
39 #define HASH_OID_SHA256 "2.16.840.1.101.3.4.2.1"
40 #define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2"
41 #define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3"
43 typedef struct gnutls_x509_crl_int
47 } gnutls_x509_crl_int
;
49 typedef struct gnutls_x509_crt_int
53 int expanded
; /* a certificate has been expanded */
54 } gnutls_x509_crt_int
;
56 typedef struct gnutls_x509_crq_int
59 } gnutls_x509_crq_int
;
61 typedef struct gnutls_pkcs7_int
66 typedef struct gnutls_x509_privkey_int
68 /* the size of params depends on the public
71 gnutls_pk_params_st params
;
73 gnutls_pk_algorithm_t pk_algorithm
;
76 } gnutls_x509_privkey_int
;
78 int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest
, gnutls_x509_crt_t src
);
81 int _gnutls_x509_compare_raw_dn (const gnutls_datum_t
* dn1
,
82 const gnutls_datum_t
* dn2
);
85 int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest
, gnutls_x509_crl_t src
);
86 int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl
,
90 int _gnutls_x509_get_tbs (ASN1_TYPE cert
, const char *tbs_name
,
91 gnutls_datum_t
* tbs
);
92 int _gnutls_x509_pkix_sign (ASN1_TYPE src
, const char *src_name
,
93 gnutls_digest_algorithm_t
,
94 gnutls_x509_crt_t issuer
,
95 gnutls_privkey_t issuer_key
);
98 #define OID_X520_COUNTRY_NAME "2.5.4.6"
99 #define OID_X520_ORGANIZATION_NAME "2.5.4.10"
100 #define OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11"
101 #define OID_X520_COMMON_NAME "2.5.4.3"
102 #define OID_X520_LOCALITY_NAME "2.5.4.7"
103 #define OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8"
104 #define OID_LDAP_DC "0.9.2342.19200300.100.1.25"
105 #define OID_LDAP_UID "0.9.2342.19200300.100.1.1"
106 #define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
108 int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct
,
109 const char *asn1_rdn_name
, char *buf
,
110 size_t * sizeof_buf
);
112 int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct
,
113 const char *asn1_rdn_name
, const char *oid
,
114 int indx
, unsigned int raw_flag
, void *buf
,
115 size_t * sizeof_buf
);
117 int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct
,
118 const char *asn1_rdn_name
, const char *oid
,
119 int raw_flag
, const char *name
, int sizeof_name
);
121 int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct
,
122 const char *asn1_rdn_name
,
123 int indx
, void *_oid
, size_t * sizeof_oid
);
125 int _gnutls_parse_general_name (ASN1_TYPE src
, const char *src_name
,
126 int seq
, void *name
, size_t * name_size
,
127 unsigned int *ret_type
, int othername_oid
);
133 int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert
,
134 gnutls_x509_crt_t issuer
);
137 _gnutls_x509_verify_algorithm (gnutls_digest_algorithm_t
* hash
,
138 const gnutls_datum_t
* signature
,
139 gnutls_pk_algorithm_t pk
,
140 gnutls_pk_params_st
* issuer_params
);
142 int _gnutls_x509_verify_data (gnutls_digest_algorithm_t algo
,
143 const gnutls_datum_t
* data
,
144 const gnutls_datum_t
* signature
,
145 gnutls_x509_crt_t issuer
);
148 ASN1_TYPE
_gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t
*
150 gnutls_x509_privkey_t pkey
);
151 ASN1_TYPE
_gnutls_privkey_decode_ecc_key (const gnutls_datum_t
*
153 gnutls_x509_privkey_t pkey
);
156 _gnutls_x509_read_ecc_params (uint8_t * der
, int dersize
, gnutls_pk_params_st
* params
);
158 int _gnutls_asn1_encode_privkey (gnutls_pk_algorithm_t pk
, ASN1_TYPE
* c2
, gnutls_pk_params_st
* params
);
161 int _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl
,
162 const char *extension_id
, int indx
,
163 gnutls_datum_t
* ret
,
164 unsigned int *_critical
);
166 int _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl
,
168 size_t * sizeof_oid
);
170 int _gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl
,
172 const gnutls_datum_t
* ext_data
,
173 unsigned int critical
);
175 int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert
,
176 const char *extension_id
, int indx
,
177 gnutls_datum_t
* ret
,
178 unsigned int *critical
);
179 int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert
,
182 int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage
,
183 uint8_t * extnValue
, int extnValueLen
);
184 int _gnutls_x509_ext_extract_basicConstraints (unsigned int *CA
,
185 int *pathLenConstraint
,
188 int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert
,
189 const char *extension_id
,
190 const gnutls_datum_t
* ext_data
,
191 unsigned int critical
);
194 _gnutls_x509_ext_extract_number (uint8_t * number
,
196 uint8_t * extnValue
, int extnValueLen
);
198 _gnutls_x509_ext_gen_number (const uint8_t * nuber
, size_t nr_size
,
199 gnutls_datum_t
* der_ext
);
202 int _gnutls_x509_ext_gen_basicConstraints (int CA
, int pathLenConstraint
,
203 gnutls_datum_t
* der_ext
);
204 int _gnutls_x509_ext_gen_keyUsage (uint16_t usage
, gnutls_datum_t
* der_ext
);
205 int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
206 type
, const void *data
,
207 unsigned int data_size
,
208 gnutls_datum_t
* prev_der_ext
,
209 gnutls_datum_t
* der_ext
);
210 int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t type
,
212 unsigned int data_size
,
213 unsigned int reason_flags
,
214 gnutls_datum_t
* der_ext
);
215 int _gnutls_x509_ext_gen_key_id (const void *id
, size_t id_size
,
216 gnutls_datum_t
* der_data
);
217 int _gnutls_x509_ext_gen_auth_key_id (const void *id
, size_t id_size
,
218 gnutls_datum_t
* der_data
);
219 int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint
,
220 char **policyLanguage
,
222 size_t * sizeof_policy
,
225 int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint
,
226 const char *policyLanguage
,
228 size_t sizeof_policy
,
229 gnutls_datum_t
* der_ext
);
232 int _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert
,
233 gnutls_pk_params_st
*);
235 int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert
,
236 gnutls_pk_params_st
* params
);
238 int _gnutls_x509_read_pubkey_params (gnutls_pk_algorithm_t
, uint8_t * der
, int dersize
,
239 gnutls_pk_params_st
* params
);
241 int _gnutls_x509_read_pubkey (gnutls_pk_algorithm_t
, uint8_t * der
, int dersize
,
242 gnutls_pk_params_st
* params
);
244 int _gnutls_x509_write_ecc_params (gnutls_pk_params_st
* params
,
245 gnutls_datum_t
* der
);
246 int _gnutls_x509_write_ecc_pubkey (gnutls_pk_params_st
* params
,
247 gnutls_datum_t
* der
);
250 _gnutls_x509_write_pubkey_params (gnutls_pk_algorithm_t algo
,
251 gnutls_pk_params_st
* params
,
252 gnutls_datum_t
* der
);
253 int _gnutls_x509_write_pubkey (gnutls_pk_algorithm_t
, gnutls_pk_params_st
* params
,
254 gnutls_datum_t
* der
);
256 int _gnutls_x509_read_uint (ASN1_TYPE node
, const char *value
,
259 int _gnutls_x509_read_der_int (uint8_t * der
, int dersize
, bigint_t
* out
);
261 int _gnutls_x509_read_int (ASN1_TYPE node
, const char *value
,
263 int _gnutls_x509_write_int (ASN1_TYPE node
, const char *value
, bigint_t mpi
,
265 int _gnutls_x509_write_uint32 (ASN1_TYPE node
, const char *value
,
268 int _gnutls_x509_write_sig_params (ASN1_TYPE dst
, const char *dst_name
,
269 gnutls_pk_algorithm_t pk_algorithm
,
270 gnutls_digest_algorithm_t
);
273 #include <gnutls/pkcs12.h>
275 typedef struct gnutls_pkcs12_int
280 #define MAX_BAG_ELEMENTS 32
285 gnutls_pkcs12_bag_type_t type
;
286 gnutls_datum_t local_key_id
;
290 typedef struct gnutls_pkcs12_bag_int
292 struct bag_element element
[MAX_BAG_ELEMENTS
];
294 } gnutls_pkcs12_bag_int
;
296 #define BAG_PKCS8_KEY "1.2.840.113549.1.12.10.1.1"
297 #define BAG_PKCS8_ENCRYPTED_KEY "1.2.840.113549.1.12.10.1.2"
298 #define BAG_CERTIFICATE "1.2.840.113549.1.12.10.1.3"
299 #define BAG_CRL "1.2.840.113549.1.12.10.1.4"
300 #define BAG_SECRET "1.2.840.113549.1.12.10.1.5"
304 #define DATA_OID "1.2.840.113549.1.7.1"
305 #define ENC_DATA_OID "1.2.840.113549.1.7.6"
309 #define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20"
310 #define KEY_ID_OID "1.2.840.113549.1.9.21"
313 _gnutls_pkcs12_string_to_key (unsigned int id
, const uint8_t * salt
,
314 unsigned int salt_size
, unsigned int iter
,
315 const char *pw
, unsigned int req_keylen
,
318 int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t
* data
,
319 const char *password
, gnutls_datum_t
* dec
);
321 typedef enum schema_id
323 PBES2_GENERIC
, /* when the algorithm is unknown, temporal use when reading only */
324 PBES2_3DES
, /* the stuff in PKCS #5 */
328 PKCS12_3DES_SHA1
, /* the stuff in PKCS #12 */
333 int _gnutls_pkcs_flags_to_schema (unsigned int flags
);
334 int _gnutls_pkcs7_encrypt_data (schema_id schema
,
335 const gnutls_datum_t
* data
,
336 const char *password
, gnutls_datum_t
* enc
);
337 int _pkcs12_decode_safe_contents (const gnutls_datum_t
* content
,
338 gnutls_pkcs12_bag_t bag
);
341 _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag
, ASN1_TYPE
* content
,
344 int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type
,
345 const gnutls_datum_t
* in
, gnutls_datum_t
* out
);
346 int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type
,
347 const gnutls_datum_t
* raw
, gnutls_datum_t
* out
);
350 int _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq
,
352 const gnutls_datum_t
* ext_data
,
353 unsigned int critical
);
356 _gnutls_x509_verify_certificate (const gnutls_x509_crt_t
* certificate_list
,
358 const gnutls_x509_crt_t
* trusted_cas
,
361 gnutls_verify_output_function func
);
364 _gnutls_is_same_dn (gnutls_x509_crt_t cert1
, gnutls_x509_crt_t cert2
);
367 _gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert
,
368 const gnutls_x509_crl_t
* crl_list
,
370 gnutls_verify_output_function func
);