lib/gnutls_cert.h

   1 /*
   2  * Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
   3  *
   4  * Author: Nikos Mavroyanopoulos
   5  *
   6  * This file is part of GNUTLS.
   7  *
   8  * The GNUTLS library is free software; you can redistribute it and/or
   9  * modify it under the terms of the GNU Lesser General Public License
  10  * as published by the Free Software Foundation; either version 2.1 of
  11  * the License, or (at your option) any later version.
  12  *
  13  * This library is distributed in the hope that it will be useful, but
  14  * WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16  * Lesser General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU Lesser General Public
  19  * License along with this library; if not, write to the Free Software
  20  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  21  * USA
  22  *
  23  */
  24
  25 #ifndef GNUTLS_CERT_H
  26 # define GNUTLS_CERT_H
  27
  28 #include <gnutls_pk.h>
  29 #include <libtasn1.h>
  30 #include "x509/x509.h"
  31
  32 #define MAX_PUBLIC_PARAMS_SIZE 4        /* ok for RSA and DSA */
  33
  34 /* parameters should not be larger than this limit */
  35 #define DSA_PUBLIC_PARAMS 4
  36 #define RSA_PUBLIC_PARAMS 2
  37
  38 /* For key Usage, test as:
  39  * if (st.key_usage & KEY_DIGITAL_SIGNATURE) ...
  40  */
  41 #define KEY_DIGITAL_SIGNATURE           128
  42 #define KEY_NON_REPUDIATION             64
  43 #define KEY_KEY_ENCIPHERMENT            32
  44 #define KEY_DATA_ENCIPHERMENT           16
  45 #define KEY_KEY_AGREEMENT               8
  46 #define KEY_KEY_CERT_SIGN               4
  47 #define KEY_CRL_SIGN                    2
  48 #define KEY_ENCIPHER_ONLY               1
  49 #define KEY_DECIPHER_ONLY               32768
  50
  51 typedef struct gnutls_cert
  52 {
  53   mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; /* the size of params depends on the public
  54                                          * key algorithm
  55                                          * RSA: [0] is modulus
  56                                          *      [1] is public exponent
  57                                          * DSA: [0] is p
  58                                          *      [1] is q
  59                                          *      [2] is g
  60                                          *      [3] is public key
  61                                          */
  62   int params_size;              /* holds the size of MPI params */
  63
  64   gnutls_pk_algorithm_t subject_pk_algorithm;
  65
  66   unsigned int key_usage;       /* bits from KEY_*
  67                                  */
  68
  69   unsigned int version;
  70   /* holds the type (PGP, X509)
  71    */
  72   gnutls_certificate_type_t cert_type;
  73
  74   gnutls_datum_t raw;
  75
  76 } gnutls_cert;
  77
  78 typedef struct gnutls_privkey_int
  79 {
  80   mpi_t params[MAX_PRIV_PARAMS_SIZE];   /* the size of params depends on the public
  81                                          * key algorithm
  82                                          */
  83   /*
  84    * RSA: [0] is modulus
  85    *      [1] is public exponent
  86    *      [2] is private exponent
  87    *      [3] is prime1 (p)
  88    *      [4] is prime2 (q)
  89    *      [5] is coefficient (u == inverse of p mod q)
  90    * DSA: [0] is p
  91    *      [1] is q
  92    *      [2] is g
  93    *      [3] is y (public key)
  94    *      [4] is x (private key)
  95    */
  96   int params_size;              /* holds the number of params */
  97
  98   gnutls_pk_algorithm_t pk_algorithm;
  99 } gnutls_privkey;
 100
 101 struct gnutls_session_int;      /* because gnutls_session_t is not defined when this file is included */
 102
 103 typedef enum ConvFlags
 104 {
 105   CERT_NO_COPY = 2,
 106   CERT_ONLY_PUBKEY = 4,
 107   CERT_ONLY_EXTENSIONS = 16
 108 } ConvFlags;
 109
 110 int _gnutls_x509_raw_cert_to_gcert (gnutls_cert * gcert,
 111                                     const gnutls_datum_t * derCert,
 112                                     int flags);
 113 int _gnutls_x509_crt_to_gcert (gnutls_cert * gcert, gnutls_x509_crt_t cert,
 114                                unsigned int flags);
 115
 116 void _gnutls_gkey_deinit (gnutls_privkey * key);
 117 void _gnutls_gcert_deinit (gnutls_cert * cert);
 118
 119 int _gnutls_selected_cert_supported_kx (struct gnutls_session_int *session,
 120                                         gnutls_kx_algorithm_t ** alg,
 121                                         int *alg_size);
 122
 123 int _gnutls_raw_cert_to_gcert (gnutls_cert * gcert,
 124                                gnutls_certificate_type_t type,
 125                                const gnutls_datum_t * raw_cert,
 126                                int flags /* OR of ConvFlags */ );
 127 int _gnutls_raw_privkey_to_gkey (gnutls_privkey * key,
 128                                  gnutls_certificate_type_t type,
 129                                  const gnutls_datum_t * raw_key,
 130                                  int key_enc /* DER or PEM */ );
 131
 132 #endif