search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Simplified certificate verification by adding gnutls_certificate_verify_peers3().
[gnutls.git] / lib / x509 / x509_int.h
blob59475e75e782d9c901a0c148c0cc9b93bbbe6b6c
1 /*
2 * Copyright (C) 2003-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #ifndef X509_H
24 #define X509_H
25
26 #include <gnutls/x509.h>
27 #include <gnutls/abstract.h>
28
29 #include <libtasn1.h>
30
31 #define MAX_CRQ_EXTENSIONS_SIZE 8*1024
32 #define MAX_OID_SIZE 128
33
34 #define HASH_OID_SHA1 "1.3.14.3.2.26"
35 #define HASH_OID_MD5 "1.2.840.113549.2.5"
36 #define HASH_OID_MD2 "1.2.840.113549.2.2"
37 #define HASH_OID_RMD160 "1.3.36.3.2.1"
38 #define HASH_OID_SHA224 "2.16.840.1.101.3.4.2.4"
39 #define HASH_OID_SHA256 "2.16.840.1.101.3.4.2.1"
40 #define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2"
41 #define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3"
42
43 typedef struct gnutls_x509_crl_int
44 {
45 ASN1_TYPE crl;
46 int use_extensions;
47 } gnutls_x509_crl_int;
48
49 typedef struct gnutls_x509_crt_int
50 {
51 ASN1_TYPE cert;
52 int use_extensions;
53 int expanded; /* a certificate has been expanded */
54
55 struct pin_info_st pin;
56 } gnutls_x509_crt_int;
57
58 typedef struct gnutls_x509_crq_int
59 {
60 ASN1_TYPE crq;
61 } gnutls_x509_crq_int;
62
63 typedef struct gnutls_pkcs7_int
64 {
65 ASN1_TYPE pkcs7;
66 } gnutls_pkcs7_int;
67
68 typedef struct gnutls_x509_privkey_int
69 {
70 /* the size of params depends on the public
71 * key algorithm
72 */
73 gnutls_pk_params_st params;
74
75 gnutls_pk_algorithm_t pk_algorithm;
76
77 ASN1_TYPE key;
78 } gnutls_x509_privkey_int;
79
80 int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
81
82
83 int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
84 const gnutls_datum_t * dn2);
85
86
87 int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
88 int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
89 gnutls_datum_t * dn);
90
91 /* sign.c */
92 int _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
93 gnutls_datum_t * tbs);
94 int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
95 gnutls_digest_algorithm_t,
96 gnutls_x509_crt_t issuer,
97 gnutls_privkey_t issuer_key);
98
99 /* dn.c */
100 #define OID_X520_COUNTRY_NAME "2.5.4.6"
101 #define OID_X520_ORGANIZATION_NAME "2.5.4.10"
102 #define OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11"
103 #define OID_X520_COMMON_NAME "2.5.4.3"
104 #define OID_X520_LOCALITY_NAME "2.5.4.7"
105 #define OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8"
106 #define OID_LDAP_DC "0.9.2342.19200300.100.1.25"
107 #define OID_LDAP_UID "0.9.2342.19200300.100.1.1"
108 #define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
109
110 int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
111 const char *asn1_rdn_name, char *buf,
112 size_t * sizeof_buf);
113
114 int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
115 const char *asn1_rdn_name, const char *oid,
116 int indx, unsigned int raw_flag, void *buf,
117 size_t * sizeof_buf);
118
119 int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
120 const char *asn1_rdn_name, const char *oid,
121 int raw_flag, const char *name, int sizeof_name);
122
123 int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
124 const char *asn1_rdn_name,
125 int indx, void *_oid, size_t * sizeof_oid);
126
127 int _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
128 int seq, void *name, size_t * name_size,
129 unsigned int *ret_type, int othername_oid);
130
131 /* dsa.c */
132
133
134 /* verify.c */
135 int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert,
136 gnutls_x509_crt_t issuer);
137
138 int
139 _gnutls_x509_verify_algorithm (gnutls_digest_algorithm_t * hash,
140 const gnutls_datum_t * signature,
141 gnutls_pk_algorithm_t pk,
142 gnutls_pk_params_st * issuer_params);
143
144 int _gnutls_x509_verify_data (gnutls_digest_algorithm_t algo,
145 const gnutls_datum_t * data,
146 const gnutls_datum_t * signature,
147 gnutls_x509_crt_t issuer);
148
149 /* privkey.h */
150 ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t *
151 raw_key,
152 gnutls_x509_privkey_t pkey);
153 ASN1_TYPE _gnutls_privkey_decode_ecc_key (const gnutls_datum_t *
154 raw_key,
155 gnutls_x509_privkey_t pkey);
156
157 int
158 _gnutls_x509_read_ecc_params (uint8_t * der, int dersize, gnutls_pk_params_st * params);
159
160 int _gnutls_asn1_encode_privkey (gnutls_pk_algorithm_t pk, ASN1_TYPE * c2, gnutls_pk_params_st * params);
161
162 /* extensions.c */
163 int _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
164 const char *extension_id, int indx,
165 gnutls_datum_t * ret,
166 unsigned int *_critical);
167
168 int _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
169 int indx, void *oid,
170 size_t * sizeof_oid);
171
172 int _gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
173 const char *ext_id,
174 const gnutls_datum_t * ext_data,
175 unsigned int critical);
176
177 int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
178 const char *extension_id, int indx,
179 gnutls_datum_t * ret,
180 unsigned int *critical);
181 int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
182 int indx, void *ret,
183 size_t * ret_size);
184 int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
185 uint8_t * extnValue, int extnValueLen);
186 int _gnutls_x509_ext_extract_basicConstraints (unsigned int *CA,
187 int *pathLenConstraint,
188 uint8_t * extnValue,
189 int extnValueLen);
190 int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
191 const char *extension_id,
192 const gnutls_datum_t * ext_data,
193 unsigned int critical);
194
195 int
196 _gnutls_x509_ext_extract_number (uint8_t * number,
197 size_t * nr_size,
198 uint8_t * extnValue, int extnValueLen);
199 int
200 _gnutls_x509_ext_gen_number (const uint8_t * nuber, size_t nr_size,
201 gnutls_datum_t * der_ext);
202
203
204 int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint,
205 gnutls_datum_t * der_ext);
206 int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext);
207 int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
208 type, const void *data,
209 unsigned int data_size,
210 gnutls_datum_t * prev_der_ext,
211 gnutls_datum_t * der_ext);
212 int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t type,
213 const void *data,
214 unsigned int data_size,
215 unsigned int reason_flags,
216 gnutls_datum_t * der_ext);
217 int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
218 gnutls_datum_t * der_data);
219 int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
220 gnutls_datum_t * der_data);
221 int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
222 char **policyLanguage,
223 char **policy,
224 size_t * sizeof_policy,
225 uint8_t * extnValue,
226 int extnValueLen);
227 int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
228 const char *policyLanguage,
229 const char *policy,
230 size_t sizeof_policy,
231 gnutls_datum_t * der_ext);
232
233 /* mpi.c */
234 int _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
235 gnutls_pk_params_st*);
236
237 int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
238 gnutls_pk_params_st * params);
239
240 int _gnutls_x509_read_pubkey_params (gnutls_pk_algorithm_t, uint8_t * der, int dersize,
241 gnutls_pk_params_st * params);
242
243 int _gnutls_x509_read_pubkey (gnutls_pk_algorithm_t, uint8_t * der, int dersize,
244 gnutls_pk_params_st * params);
245
246 int _gnutls_x509_write_ecc_params (gnutls_pk_params_st * params,
247 gnutls_datum_t * der);
248 int _gnutls_x509_write_ecc_pubkey (gnutls_pk_params_st * params,
249 gnutls_datum_t * der);
250
251 int
252 _gnutls_x509_write_pubkey_params (gnutls_pk_algorithm_t algo,
253 gnutls_pk_params_st* params,
254 gnutls_datum_t * der);
255 int _gnutls_x509_write_pubkey (gnutls_pk_algorithm_t, gnutls_pk_params_st * params,
256 gnutls_datum_t * der);
257
258 int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
259 unsigned int *ret);
260
261 int _gnutls_x509_read_der_int (uint8_t * der, int dersize, bigint_t * out);
262
263 int _gnutls_x509_read_int (ASN1_TYPE node, const char *value,
264 bigint_t * ret_mpi);
265 int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi,
266 int lz);
267 int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value,
268 uint32_t num);
269
270 int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
271 gnutls_pk_algorithm_t pk_algorithm,
272 gnutls_digest_algorithm_t);
273
274 /* pkcs12.h */
275 #include <gnutls/pkcs12.h>
276
277 typedef struct gnutls_pkcs12_int
278 {
279 ASN1_TYPE pkcs12;
280 } gnutls_pkcs12_int;
281
282 #define MAX_BAG_ELEMENTS 32
283
284 struct bag_element
285 {
286 gnutls_datum_t data;
287 gnutls_pkcs12_bag_type_t type;
288 gnutls_datum_t local_key_id;
289 char *friendly_name;
290 };
291
292 typedef struct gnutls_pkcs12_bag_int
293 {
294 struct bag_element element[MAX_BAG_ELEMENTS];
295 int bag_elements;
296 } gnutls_pkcs12_bag_int;
297
298 #define BAG_PKCS8_KEY "1.2.840.113549.1.12.10.1.1"
299 #define BAG_PKCS8_ENCRYPTED_KEY "1.2.840.113549.1.12.10.1.2"
300 #define BAG_CERTIFICATE "1.2.840.113549.1.12.10.1.3"
301 #define BAG_CRL "1.2.840.113549.1.12.10.1.4"
302 #define BAG_SECRET "1.2.840.113549.1.12.10.1.5"
303
304 /* PKCS #7
305 */
306 #define DATA_OID "1.2.840.113549.1.7.1"
307 #define ENC_DATA_OID "1.2.840.113549.1.7.6"
308
309 /* Bag attributes
310 */
311 #define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20"
312 #define KEY_ID_OID "1.2.840.113549.1.9.21"
313
314 int
315 _gnutls_pkcs12_string_to_key (unsigned int id, const uint8_t * salt,
316 unsigned int salt_size, unsigned int iter,
317 const char *pw, unsigned int req_keylen,
318 uint8_t * keybuf);
319
320 int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
321 const char *password, gnutls_datum_t * dec);
322
323 typedef enum schema_id
324 {
325 PBES2_GENERIC, /* when the algorithm is unknown, temporal use when reading only */
326 PBES2_3DES, /* the stuff in PKCS #5 */
327 PBES2_AES_128,
328 PBES2_AES_192,
329 PBES2_AES_256,
330 PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */
331 PKCS12_ARCFOUR_SHA1,
332 PKCS12_RC2_40_SHA1
333 } schema_id;
334
335 int _gnutls_pkcs_flags_to_schema (unsigned int flags);
336 int _gnutls_pkcs7_encrypt_data (schema_id schema,
337 const gnutls_datum_t * data,
338 const char *password, gnutls_datum_t * enc);
339 int _pkcs12_decode_safe_contents (const gnutls_datum_t * content,
340 gnutls_pkcs12_bag_t bag);
341
342 int
343 _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * content,
344 int *enc);
345
346 int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
347 const gnutls_datum_t * in, gnutls_datum_t * out);
348 int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
349 const gnutls_datum_t * raw, gnutls_datum_t * out);
350
351 /* crq */
352 int _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
353 const char *ext_id,
354 const gnutls_datum_t * ext_data,
355 unsigned int critical);
356
357 unsigned int
358 _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
359 int clist_size,
360 const gnutls_x509_crt_t * trusted_cas,
361 int tcas_size,
362 unsigned int flags,
363 gnutls_verify_output_function func);
364
365 int
366 _gnutls_is_same_dn (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2);
367
368 int
369 _gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
370 const gnutls_x509_crl_t * crl_list,
371 int crl_list_length,
372 gnutls_verify_output_function func);
373
374 #endif
Implementation of the SSL/TLS protocol