search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync with TP.
[gnutls.git] / lib / auth_cert.h
blobf982bc7a18b859baf4294a35a55de8ae35a9b628
1 /*
2 * Copyright (C) 2002, 2003, 2004, 2005, 2007, 2008 Free Software Foundation
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GNUTLS.
7 *
8 * The GNUTLS library is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 2.1 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public
19 * License along with this library; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
21 * USA
22 *
23 */
24
25 #ifndef AUTH_CERT_H
26 # define AUTH_CERT_H
27 # include "gnutls_cert.h"
28 # include "gnutls_auth.h"
29 # include "auth_dh_common.h"
30 # include "x509/x509_int.h"
31 # include "openpgp/openpgp_int.h"
32
33 /* This structure may be complex, but it's the only way to
34 * support a server that has multiple certificates
35 */
36 typedef struct gnutls_certificate_credentials_st
37 {
38 gnutls_dh_params_t dh_params;
39 gnutls_rsa_params_t rsa_params;
40 /* this callback is used to retrieve the DH or RSA
41 * parameters.
42 */
43 gnutls_params_function *params_func;
44
45 gnutls_cert **cert_list;
46 /* contains a list of a list of certificates.
47 * eg (X509): [0] certificate1, certificate11, certificate111
48 * (if more than one, one certificate certifies the one before)
49 * [1] certificate2, certificate22, ...
50 */
51 unsigned *cert_list_length;
52 /* contains the number of the certificates in a
53 * row (should be 1 for OpenPGP keys).
54 */
55 unsigned ncerts; /* contains the number of columns in cert_list.
56 * This is the same with the number of pkeys.
57 */
58
59 gnutls_privkey *pkey;
60 /* private keys. It contains ncerts private
61 * keys. pkey[i] corresponds to certificate in
62 * cert_list[i][0].
63 */
64
65 #ifdef ENABLE_OPENPGP
66 /* OpenPGP specific stuff */
67 gnutls_openpgp_keyring_t keyring;
68 #endif
69
70 /* X509 specific stuff */
71
72 gnutls_x509_crt_t *x509_ca_list;
73 unsigned x509_ncas; /* number of CAs in the ca_list
74 */
75
76 gnutls_x509_crl_t *x509_crl_list;
77 unsigned x509_ncrls; /* number of CRLs in the crl_list
78 */
79
80 unsigned int verify_flags; /* flags to be used at
81 * certificate verification.
82 */
83 unsigned int verify_depth;
84 unsigned int verify_bits;
85
86 /* holds a sequence of the
87 * RDNs of the CAs above.
88 * This is better than
89 * generating on every handshake.
90 */
91 gnutls_datum_t x509_rdn_sequence;
92
93 gnutls_certificate_client_retrieve_function *client_get_cert_callback;
94 gnutls_certificate_server_retrieve_function *server_get_cert_callback;
95 } certificate_credentials_st;
96
97 typedef struct rsa_info_st
98 {
99 gnutls_datum_t modulus;
100 gnutls_datum_t exponent;
101 } rsa_info_st;
102
103 /* This is the information we keep for the peer
104 * certificate.
105 */
106 typedef struct cert_auth_info_st
107 {
108 /* These (dh/rsa) are just copies from the credentials_t structure.
109 * They must be freed.
110 */
111 dh_info_st dh;
112 rsa_info_st rsa_export;
113
114 gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the
115 * peer.
116 */
117 unsigned int ncerts; /* holds the size of the list above */
118
119 gnutls_certificate_type_t cert_type;
120 gnutls_sign_algorithm_t sign_algo;
121 #ifdef ENABLE_OPENPGP
122 int use_subkey;
123 gnutls_openpgp_keyid_t subkey_id;
124 #endif
125 } *cert_auth_info_t;
126
127 typedef struct cert_auth_info_st cert_auth_info_st;
128
129 void _gnutls_free_rsa_info (rsa_info_st * rsa);
130
131 /* AUTH X509 functions */
132 int _gnutls_gen_cert_server_certificate (gnutls_session_t, opaque **);
133 int _gnutls_gen_cert_client_certificate (gnutls_session_t, opaque **);
134 int _gnutls_gen_cert_client_cert_vrfy (gnutls_session_t, opaque **);
135 int _gnutls_gen_cert_server_cert_req (gnutls_session_t, opaque **);
136 int _gnutls_proc_cert_cert_req (gnutls_session_t, opaque *, size_t);
137 int _gnutls_proc_cert_client_cert_vrfy (gnutls_session_t, opaque *, size_t);
138 int _gnutls_proc_cert_server_certificate (gnutls_session_t, opaque *, size_t);
139 int _gnutls_get_selected_cert (gnutls_session_t session,
140 gnutls_cert ** apr_cert_list,
141 int *apr_cert_list_length,
142 gnutls_privkey ** apr_pkey);
143
144 int _gnutls_server_select_cert (struct gnutls_session_int *,
145 gnutls_pk_algorithm_t);
146 void _gnutls_selected_certs_deinit (gnutls_session_t session);
147 void _gnutls_selected_certs_set (gnutls_session_t session,
148 gnutls_cert * certs, int ncerts,
149 gnutls_privkey * key, int need_free);
150
151 #define _gnutls_proc_cert_client_certificate _gnutls_proc_cert_server_certificate
152
153 gnutls_rsa_params_t _gnutls_certificate_get_rsa_params (gnutls_rsa_params_t
154 rsa_params,
155 gnutls_params_function
156 * func,
157 gnutls_session_t);
158
159 int _gnutls_get_auth_info_gcert (gnutls_cert * gcert,
160 gnutls_certificate_type_t type,
161 cert_auth_info_t info,
162 int flags /* OR of ConvFlags */ );
163
164 #endif
Implementation of the SSL/TLS protocol