lib/auth_cert.h

   1 /*
   2  * Copyright (C) 2002, 2003, 2004, 2005, 2007, 2008, 2010 Free Software
   3  * Foundation, Inc.
   4  *
   5  * Author: Nikos Mavrogiannopoulos
   6  *
   7  * This file is part of GnuTLS.
   8  *
   9  * The GnuTLS is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public License
  11  * as published by the Free Software Foundation; either version 2.1 of
  12  * the License, or (at your option) any later version.
  13  *
  14  * This library is distributed in the hope that it will be useful, but
  15  * WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * Lesser General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Lesser General Public
  20  * License along with this library; if not, write to the Free Software
  21  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  22  * USA
  23  *
  24  */
  25
  26 #ifndef AUTH_CERT_H
  27 #define AUTH_CERT_H
  28 #include "gnutls_cert.h"
  29 #include "gnutls_auth.h"
  30 #include "auth_dh_common.h"
  31 #include "x509/x509_int.h"
  32 #include "openpgp/openpgp_int.h"
  33 #include <gnutls/abstract.h>
  34 #include <gnutls/compat.h>
  35
  36 /* This structure may be complex, but it's the only way to
  37  * support a server that has multiple certificates
  38  */
  39 typedef struct gnutls_certificate_credentials_st
  40 {
  41   gnutls_dh_params_t dh_params;
  42   gnutls_rsa_params_t rsa_params;
  43   /* this callback is used to retrieve the DH or RSA
  44    * parameters.
  45    */
  46   gnutls_params_function *params_func;
  47
  48   gnutls_cert **cert_list;
  49   /* contains a list of a list of certificates.
  50    * eg (X509): [0] certificate1, certificate11, certificate111
  51    * (if more than one, one certificate certifies the one before)
  52    *       [1] certificate2, certificate22, ...
  53    */
  54   unsigned *cert_list_length;
  55   /* contains the number of the certificates in a
  56    * row (should be 1 for OpenPGP keys).
  57    */
  58   unsigned ncerts;              /* contains the number of columns in cert_list.
  59                                  * This is the same with the number of pkeys.
  60                                  */
  61
  62   gnutls_privkey_t *pkey;
  63   /* private keys. It contains ncerts private
  64    * keys. pkey[i] corresponds to certificate in
  65    * cert_list[i][0].
  66    */
  67
  68 #ifdef ENABLE_OPENPGP
  69   /* OpenPGP specific stuff */
  70   gnutls_openpgp_keyring_t keyring;
  71 #endif
  72
  73   /* X509 specific stuff */
  74
  75   gnutls_x509_crt_t *x509_ca_list;
  76   unsigned x509_ncas;           /* number of CAs in the ca_list
  77                                  */
  78
  79   gnutls_x509_crl_t *x509_crl_list;
  80   unsigned x509_ncrls;          /* number of CRLs in the crl_list
  81                                  */
  82
  83   unsigned int verify_flags;    /* flags to be used at
  84                                  * certificate verification.
  85                                  */
  86   unsigned int verify_depth;
  87   unsigned int verify_bits;
  88
  89   /* holds a sequence of the
  90    * RDNs of the CAs above.
  91    * This is better than
  92    * generating on every handshake.
  93    */
  94   gnutls_datum_t x509_rdn_sequence;
  95
  96   gnutls_certificate_client_retrieve_function *client_get_cert_callback;        /* deprecated */
  97   gnutls_certificate_server_retrieve_function *server_get_cert_callback;        /* deprecated */
  98   gnutls_certificate_verify_function *verify_callback;
  99
 100   gnutls_certificate_retrieve_function *get_cert_callback;
 101 } certificate_credentials_st;
 102
 103 typedef struct rsa_info_st
 104 {
 105   gnutls_datum_t modulus;
 106   gnutls_datum_t exponent;
 107 } rsa_info_st;
 108
 109 /* This is the information we keep for the peer
 110  * certificate.
 111  */
 112 typedef struct cert_auth_info_st
 113 {
 114   /* These (dh/rsa) are just copies from the credentials_t structure.
 115    * They must be freed.
 116    */
 117   dh_info_st dh;
 118   rsa_info_st rsa_export;
 119
 120   gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the
 121                                          * peer.
 122                                          */
 123   unsigned int ncerts;          /* holds the size of the list above */
 124
 125   gnutls_certificate_type_t cert_type;
 126 #ifdef ENABLE_OPENPGP
 127   int use_subkey;
 128   uint8_t subkey_id[GNUTLS_OPENPGP_KEYID_SIZE];
 129 #endif
 130 } *cert_auth_info_t;
 131
 132 typedef struct cert_auth_info_st cert_auth_info_st;
 133
 134 void _gnutls_free_rsa_info (rsa_info_st * rsa);
 135
 136 /* AUTH X509 functions */
 137 int _gnutls_gen_cert_server_certificate (gnutls_session_t, opaque **);
 138 int _gnutls_gen_cert_client_certificate (gnutls_session_t, opaque **);
 139 int _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t, opaque **);
 140 int _gnutls_gen_cert_server_cert_req (gnutls_session_t, opaque **);
 141 int _gnutls_proc_cert_cert_req (gnutls_session_t, opaque *, size_t);
 142 int _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t, opaque *, size_t);
 143 int _gnutls_proc_cert_server_certificate (gnutls_session_t, opaque *, size_t);
 144 int _gnutls_get_selected_cert (gnutls_session_t session,
 145                                gnutls_cert ** apr_cert_list,
 146                                int *apr_cert_list_length,
 147                                gnutls_privkey_t * apr_pkey);
 148
 149 int _gnutls_server_select_cert (struct gnutls_session_int *,
 150                                 gnutls_pk_algorithm_t);
 151 void _gnutls_selected_certs_deinit (gnutls_session_t session);
 152 void _gnutls_selected_certs_set (gnutls_session_t session,
 153                                  gnutls_cert * certs, int ncerts,
 154                                  gnutls_privkey_t key, int need_free);
 155
 156 #define _gnutls_proc_cert_client_certificate _gnutls_proc_cert_server_certificate
 157
 158 gnutls_rsa_params_t _gnutls_certificate_get_rsa_params (gnutls_rsa_params_t
 159                                                         rsa_params,
 160                                                         gnutls_params_function
 161                                                         * func,
 162                                                         gnutls_session_t);
 163
 164 int _gnutls_get_auth_info_gcert (gnutls_cert * gcert,
 165                                  gnutls_certificate_type_t type,
 166                                  cert_auth_info_t info,
 167                                  int flags /* OR of ConvFlags */ );
 168
 169 int certificate_credential_append_crt_list (gnutls_certificate_credentials_t
 170                                             res, gnutls_cert * crt, int nr);
 171 int certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
 172                                          gnutls_privkey_t pkey);
 173
 174 #endif