search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
avoid duplicate asn1 structure initialization.
[gnutls.git] / lib / x509 / x509_int.h
blob95aa3a30f1cbcffa232994525d9b2881ff9a4f6a
1 /*
2 * Copyright (C) 2003-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #ifndef X509_H
24 #define X509_H
25
26 #include <gnutls/x509.h>
27 #include <gnutls/abstract.h>
28
29 #include <libtasn1.h>
30
31 #define MAX_CRQ_EXTENSIONS_SIZE 8*1024
32 #define MAX_OID_SIZE 128
33
34 #define HASH_OID_SHA1 "1.3.14.3.2.26"
35 #define HASH_OID_MD5 "1.2.840.113549.2.5"
36 #define HASH_OID_MD2 "1.2.840.113549.2.2"
37 #define HASH_OID_RMD160 "1.3.36.3.2.1"
38 #define HASH_OID_SHA224 "2.16.840.1.101.3.4.2.4"
39 #define HASH_OID_SHA256 "2.16.840.1.101.3.4.2.1"
40 #define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2"
41 #define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3"
42
43 typedef struct gnutls_x509_crl_int
44 {
45 ASN1_TYPE crl;
46 int use_extensions;
47 } gnutls_x509_crl_int;
48
49 typedef struct gnutls_x509_crt_int
50 {
51 ASN1_TYPE cert;
52 int use_extensions;
53 int expanded; /* a certificate has been expanded */
54 } gnutls_x509_crt_int;
55
56 typedef struct gnutls_x509_crq_int
57 {
58 ASN1_TYPE crq;
59 } gnutls_x509_crq_int;
60
61 typedef struct gnutls_pkcs7_int
62 {
63 ASN1_TYPE pkcs7;
64 } gnutls_pkcs7_int;
65
66 typedef struct gnutls_x509_privkey_int
67 {
68 /* the size of params depends on the public
69 * key algorithm
70 */
71 gnutls_pk_params_st params;
72
73 gnutls_pk_algorithm_t pk_algorithm;
74
75 ASN1_TYPE key;
76 } gnutls_x509_privkey_int;
77
78 int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
79
80
81 int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
82 const gnutls_datum_t * dn2);
83
84
85 int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
86 int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
87 gnutls_datum_t * dn);
88
89 /* sign.c */
90 int _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
91 gnutls_datum_t * tbs);
92 int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
93 gnutls_digest_algorithm_t,
94 gnutls_x509_crt_t issuer,
95 gnutls_privkey_t issuer_key);
96
97 /* dn.c */
98 #define OID_X520_COUNTRY_NAME "2.5.4.6"
99 #define OID_X520_ORGANIZATION_NAME "2.5.4.10"
100 #define OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11"
101 #define OID_X520_COMMON_NAME "2.5.4.3"
102 #define OID_X520_LOCALITY_NAME "2.5.4.7"
103 #define OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8"
104 #define OID_LDAP_DC "0.9.2342.19200300.100.1.25"
105 #define OID_LDAP_UID "0.9.2342.19200300.100.1.1"
106 #define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
107
108 int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
109 const char *asn1_rdn_name, char *buf,
110 size_t * sizeof_buf);
111
112 int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
113 const char *asn1_rdn_name, const char *oid,
114 int indx, unsigned int raw_flag, void *buf,
115 size_t * sizeof_buf);
116
117 int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
118 const char *asn1_rdn_name, const char *oid,
119 int raw_flag, const char *name, int sizeof_name);
120
121 int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
122 const char *asn1_rdn_name,
123 int indx, void *_oid, size_t * sizeof_oid);
124
125 int _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
126 int seq, void *name, size_t * name_size,
127 unsigned int *ret_type, int othername_oid);
128
129 /* dsa.c */
130
131
132 /* verify.c */
133 int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert,
134 gnutls_x509_crt_t issuer);
135
136 int
137 _gnutls_x509_verify_algorithm (gnutls_digest_algorithm_t * hash,
138 const gnutls_datum_t * signature,
139 gnutls_pk_algorithm_t pk,
140 gnutls_pk_params_st * issuer_params);
141
142 int _gnutls_x509_verify_data (gnutls_digest_algorithm_t algo,
143 const gnutls_datum_t * data,
144 const gnutls_datum_t * signature,
145 gnutls_x509_crt_t issuer);
146
147 /* privkey.h */
148 ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t *
149 raw_key,
150 gnutls_x509_privkey_t pkey);
151 ASN1_TYPE _gnutls_privkey_decode_ecc_key (const gnutls_datum_t *
152 raw_key,
153 gnutls_x509_privkey_t pkey);
154
155 int
156 _gnutls_x509_read_ecc_params (uint8_t * der, int dersize, gnutls_pk_params_st * params);
157
158 int _gnutls_asn1_encode_privkey (gnutls_pk_algorithm_t pk, ASN1_TYPE * c2, gnutls_pk_params_st * params);
159
160 /* extensions.c */
161 int _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
162 const char *extension_id, int indx,
163 gnutls_datum_t * ret,
164 unsigned int *_critical);
165
166 int _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
167 int indx, void *oid,
168 size_t * sizeof_oid);
169
170 int _gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
171 const char *ext_id,
172 const gnutls_datum_t * ext_data,
173 unsigned int critical);
174
175 int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
176 const char *extension_id, int indx,
177 gnutls_datum_t * ret,
178 unsigned int *critical);
179 int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
180 int indx, void *ret,
181 size_t * ret_size);
182 int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
183 uint8_t * extnValue, int extnValueLen);
184 int _gnutls_x509_ext_extract_basicConstraints (unsigned int *CA,
185 int *pathLenConstraint,
186 uint8_t * extnValue,
187 int extnValueLen);
188 int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
189 const char *extension_id,
190 const gnutls_datum_t * ext_data,
191 unsigned int critical);
192
193 int
194 _gnutls_x509_ext_extract_number (uint8_t * number,
195 size_t * nr_size,
196 uint8_t * extnValue, int extnValueLen);
197 int
198 _gnutls_x509_ext_gen_number (const uint8_t * nuber, size_t nr_size,
199 gnutls_datum_t * der_ext);
200
201
202 int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint,
203 gnutls_datum_t * der_ext);
204 int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext);
205 int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
206 type, const void *data,
207 unsigned int data_size,
208 gnutls_datum_t * prev_der_ext,
209 gnutls_datum_t * der_ext);
210 int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t type,
211 const void *data,
212 unsigned int data_size,
213 unsigned int reason_flags,
214 gnutls_datum_t * der_ext);
215 int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
216 gnutls_datum_t * der_data);
217 int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
218 gnutls_datum_t * der_data);
219 int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
220 char **policyLanguage,
221 char **policy,
222 size_t * sizeof_policy,
223 uint8_t * extnValue,
224 int extnValueLen);
225 int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
226 const char *policyLanguage,
227 const char *policy,
228 size_t sizeof_policy,
229 gnutls_datum_t * der_ext);
230
231 /* mpi.c */
232 int _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
233 gnutls_pk_params_st*);
234
235 int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
236 gnutls_pk_params_st * params);
237
238 int _gnutls_x509_read_pubkey_params (gnutls_pk_algorithm_t, uint8_t * der, int dersize,
239 gnutls_pk_params_st * params);
240
241 int _gnutls_x509_read_pubkey (gnutls_pk_algorithm_t, uint8_t * der, int dersize,
242 gnutls_pk_params_st * params);
243
244 int _gnutls_x509_write_ecc_params (gnutls_pk_params_st * params,
245 gnutls_datum_t * der);
246 int _gnutls_x509_write_ecc_pubkey (gnutls_pk_params_st * params,
247 gnutls_datum_t * der);
248
249 int
250 _gnutls_x509_write_pubkey_params (gnutls_pk_algorithm_t algo,
251 gnutls_pk_params_st* params,
252 gnutls_datum_t * der);
253 int _gnutls_x509_write_pubkey (gnutls_pk_algorithm_t, gnutls_pk_params_st * params,
254 gnutls_datum_t * der);
255
256 int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
257 unsigned int *ret);
258
259 int _gnutls_x509_read_der_int (uint8_t * der, int dersize, bigint_t * out);
260
261 int _gnutls_x509_read_int (ASN1_TYPE node, const char *value,
262 bigint_t * ret_mpi);
263 int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi,
264 int lz);
265 int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value,
266 uint32_t num);
267
268 int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
269 gnutls_pk_algorithm_t pk_algorithm,
270 gnutls_digest_algorithm_t);
271
272 /* pkcs12.h */
273 #include <gnutls/pkcs12.h>
274
275 typedef struct gnutls_pkcs12_int
276 {
277 ASN1_TYPE pkcs12;
278 } gnutls_pkcs12_int;
279
280 #define MAX_BAG_ELEMENTS 32
281
282 struct bag_element
283 {
284 gnutls_datum_t data;
285 gnutls_pkcs12_bag_type_t type;
286 gnutls_datum_t local_key_id;
287 char *friendly_name;
288 };
289
290 typedef struct gnutls_pkcs12_bag_int
291 {
292 struct bag_element element[MAX_BAG_ELEMENTS];
293 int bag_elements;
294 } gnutls_pkcs12_bag_int;
295
296 #define BAG_PKCS8_KEY "1.2.840.113549.1.12.10.1.1"
297 #define BAG_PKCS8_ENCRYPTED_KEY "1.2.840.113549.1.12.10.1.2"
298 #define BAG_CERTIFICATE "1.2.840.113549.1.12.10.1.3"
299 #define BAG_CRL "1.2.840.113549.1.12.10.1.4"
300 #define BAG_SECRET "1.2.840.113549.1.12.10.1.5"
301
302 /* PKCS #7
303 */
304 #define DATA_OID "1.2.840.113549.1.7.1"
305 #define ENC_DATA_OID "1.2.840.113549.1.7.6"
306
307 /* Bag attributes
308 */
309 #define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20"
310 #define KEY_ID_OID "1.2.840.113549.1.9.21"
311
312 int
313 _gnutls_pkcs12_string_to_key (unsigned int id, const uint8_t * salt,
314 unsigned int salt_size, unsigned int iter,
315 const char *pw, unsigned int req_keylen,
316 uint8_t * keybuf);
317
318 int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
319 const char *password, gnutls_datum_t * dec);
320
321 typedef enum schema_id
322 {
323 PBES2_GENERIC, /* when the algorithm is unknown, temporal use when reading only */
324 PBES2_3DES, /* the stuff in PKCS #5 */
325 PBES2_AES_128,
326 PBES2_AES_192,
327 PBES2_AES_256,
328 PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */
329 PKCS12_ARCFOUR_SHA1,
330 PKCS12_RC2_40_SHA1
331 } schema_id;
332
333 int _gnutls_pkcs_flags_to_schema (unsigned int flags);
334 int _gnutls_pkcs7_encrypt_data (schema_id schema,
335 const gnutls_datum_t * data,
336 const char *password, gnutls_datum_t * enc);
337 int _pkcs12_decode_safe_contents (const gnutls_datum_t * content,
338 gnutls_pkcs12_bag_t bag);
339
340 int
341 _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * content,
342 int *enc);
343
344 int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
345 const gnutls_datum_t * in, gnutls_datum_t * out);
346 int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
347 const gnutls_datum_t * raw, gnutls_datum_t * out);
348
349 /* crq */
350 int _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
351 const char *ext_id,
352 const gnutls_datum_t * ext_data,
353 unsigned int critical);
354
355 unsigned int
356 _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
357 int clist_size,
358 const gnutls_x509_crt_t * trusted_cas,
359 int tcas_size,
360 unsigned int flags,
361 gnutls_verify_output_function func);
362
363 int
364 _gnutls_is_same_dn (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2);
365
366 int
367 _gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
368 const gnutls_x509_crl_t * crl_list,
369 int crl_list_length,
370 gnutls_verify_output_function func);
371
372 #endif
Implementation of the SSL/TLS protocol