2 * Copyright (C) 2002, 2003, 2004, 2005, 2007, 2008, 2010 Free Software
5 * Author: Nikos Mavrogiannopoulos
7 * This file is part of GnuTLS.
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
28 #include "gnutls_cert.h"
29 #include "gnutls_auth.h"
30 #include "auth_dh_common.h"
31 #include "x509/x509_int.h"
32 #include "openpgp/openpgp_int.h"
33 #include <gnutls/abstract.h>
34 #include <gnutls/compat.h>
36 /* This structure may be complex, but it's the only way to
37 * support a server that has multiple certificates
39 typedef struct gnutls_certificate_credentials_st
41 gnutls_dh_params_t dh_params
;
42 gnutls_rsa_params_t rsa_params
;
43 /* this callback is used to retrieve the DH or RSA
46 gnutls_params_function
*params_func
;
48 gnutls_cert
**cert_list
;
49 /* contains a list of a list of certificates.
50 * eg (X509): [0] certificate1, certificate11, certificate111
51 * (if more than one, one certificate certifies the one before)
52 * [1] certificate2, certificate22, ...
54 unsigned *cert_list_length
;
55 /* contains the number of the certificates in a
56 * row (should be 1 for OpenPGP keys).
58 unsigned ncerts
; /* contains the number of columns in cert_list.
59 * This is the same with the number of pkeys.
62 gnutls_privkey_t
*pkey
;
63 /* private keys. It contains ncerts private
64 * keys. pkey[i] corresponds to certificate in
69 /* OpenPGP specific stuff */
70 gnutls_openpgp_keyring_t keyring
;
73 /* X509 specific stuff */
75 gnutls_x509_crt_t
*x509_ca_list
;
76 unsigned x509_ncas
; /* number of CAs in the ca_list
79 gnutls_x509_crl_t
*x509_crl_list
;
80 unsigned x509_ncrls
; /* number of CRLs in the crl_list
83 unsigned int verify_flags
; /* flags to be used at
84 * certificate verification.
86 unsigned int verify_depth
;
87 unsigned int verify_bits
;
89 /* holds a sequence of the
90 * RDNs of the CAs above.
92 * generating on every handshake.
94 gnutls_datum_t x509_rdn_sequence
;
96 gnutls_certificate_client_retrieve_function
*client_get_cert_callback
; /* deprecated */
97 gnutls_certificate_server_retrieve_function
*server_get_cert_callback
; /* deprecated */
98 gnutls_certificate_verify_function
*verify_callback
;
100 gnutls_certificate_retrieve_function
*get_cert_callback
;
101 } certificate_credentials_st
;
103 typedef struct rsa_info_st
105 gnutls_datum_t modulus
;
106 gnutls_datum_t exponent
;
109 /* This is the information we keep for the peer
112 typedef struct cert_auth_info_st
114 /* These (dh/rsa) are just copies from the credentials_t structure.
115 * They must be freed.
118 rsa_info_st rsa_export
;
120 gnutls_datum_t
*raw_certificate_list
; /* holds the raw certificate of the
123 unsigned int ncerts
; /* holds the size of the list above */
125 gnutls_certificate_type_t cert_type
;
126 #ifdef ENABLE_OPENPGP
128 uint8_t subkey_id
[GNUTLS_OPENPGP_KEYID_SIZE
];
132 typedef struct cert_auth_info_st cert_auth_info_st
;
134 void _gnutls_free_rsa_info (rsa_info_st
* rsa
);
136 /* AUTH X509 functions */
137 int _gnutls_gen_cert_server_certificate (gnutls_session_t
, opaque
**);
138 int _gnutls_gen_cert_client_certificate (gnutls_session_t
, opaque
**);
139 int _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t
, opaque
**);
140 int _gnutls_gen_cert_server_cert_req (gnutls_session_t
, opaque
**);
141 int _gnutls_proc_cert_cert_req (gnutls_session_t
, opaque
*, size_t);
142 int _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t
, opaque
*, size_t);
143 int _gnutls_proc_cert_server_certificate (gnutls_session_t
, opaque
*, size_t);
144 int _gnutls_get_selected_cert (gnutls_session_t session
,
145 gnutls_cert
** apr_cert_list
,
146 int *apr_cert_list_length
,
147 gnutls_privkey_t
* apr_pkey
);
149 int _gnutls_server_select_cert (struct gnutls_session_int
*,
150 gnutls_pk_algorithm_t
);
151 void _gnutls_selected_certs_deinit (gnutls_session_t session
);
152 void _gnutls_selected_certs_set (gnutls_session_t session
,
153 gnutls_cert
* certs
, int ncerts
,
154 gnutls_privkey_t key
, int need_free
);
156 #define _gnutls_proc_cert_client_certificate _gnutls_proc_cert_server_certificate
158 gnutls_rsa_params_t
_gnutls_certificate_get_rsa_params (gnutls_rsa_params_t
160 gnutls_params_function
164 int _gnutls_get_auth_info_gcert (gnutls_cert
* gcert
,
165 gnutls_certificate_type_t type
,
166 cert_auth_info_t info
,
167 int flags
/* OR of ConvFlags */ );
169 int certificate_credential_append_crt_list (gnutls_certificate_credentials_t
170 res
, gnutls_cert
* crt
, int nr
);
171 int certificate_credentials_append_pkey (gnutls_certificate_credentials_t res
,
172 gnutls_privkey_t pkey
);