search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Corrected bugs in record parsing.
[gnutls.git] / lib / x509 / x509_int.h
blob6c5b33c0a5ec8ff999dcf6ad5ef43f261c270e5f
1 /*
2 * Copyright (C) 2003-2012 Free Software Foundation, Inc.
3 *
4 * Author: Nikos Mavrogiannopoulos
5 *
6 * This file is part of GnuTLS.
7 *
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
12 *
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
17 *
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
20 *
21 */
22
23 #ifndef X509_H
24 #define X509_H
25
26 #include <gnutls/x509.h>
27 #include <gnutls/abstract.h>
28
29 #include <libtasn1.h>
30
31 #define MAX_CRQ_EXTENSIONS_SIZE 8*1024
32 #define MAX_OID_SIZE 128
33
34 #define HASH_OID_SHA1 "1.3.14.3.2.26"
35 #define HASH_OID_MD5 "1.2.840.113549.2.5"
36 #define HASH_OID_MD2 "1.2.840.113549.2.2"
37 #define HASH_OID_RMD160 "1.3.36.3.2.1"
38 #define HASH_OID_SHA224 "2.16.840.1.101.3.4.2.4"
39 #define HASH_OID_SHA256 "2.16.840.1.101.3.4.2.1"
40 #define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2"
41 #define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3"
42
43 typedef struct gnutls_x509_crl_int
44 {
45 ASN1_TYPE crl;
46 int use_extensions;
47 } gnutls_x509_crl_int;
48
49 typedef struct gnutls_x509_crt_int
50 {
51 ASN1_TYPE cert;
52 int use_extensions;
53 int expanded; /* a certificate has been expanded */
54
55 struct pin_info_st pin;
56 } gnutls_x509_crt_int;
57
58 typedef struct gnutls_x509_crq_int
59 {
60 ASN1_TYPE crq;
61 } gnutls_x509_crq_int;
62
63 typedef struct gnutls_pkcs7_int
64 {
65 ASN1_TYPE pkcs7;
66 } gnutls_pkcs7_int;
67
68 typedef struct gnutls_x509_privkey_int
69 {
70 /* the size of params depends on the public
71 * key algorithm
72 */
73 gnutls_pk_params_st params;
74
75 gnutls_pk_algorithm_t pk_algorithm;
76
77 ASN1_TYPE key;
78 } gnutls_x509_privkey_int;
79
80 int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
81
82
83 int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
84 const gnutls_datum_t * dn2);
85
86
87 int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
88 int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
89 gnutls_datum_t * dn);
90
91 /* sign.c */
92 int _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
93 gnutls_datum_t * tbs);
94 int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
95 gnutls_digest_algorithm_t,
96 gnutls_x509_crt_t issuer,
97 gnutls_privkey_t issuer_key);
98
99 /* dn.c */
100 #define OID_X520_COUNTRY_NAME "2.5.4.6"
101 #define OID_X520_ORGANIZATION_NAME "2.5.4.10"
102 #define OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11"
103 #define OID_X520_COMMON_NAME "2.5.4.3"
104 #define OID_X520_LOCALITY_NAME "2.5.4.7"
105 #define OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8"
106 #define OID_LDAP_DC "0.9.2342.19200300.100.1.25"
107 #define OID_LDAP_UID "0.9.2342.19200300.100.1.1"
108 #define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
109
110 int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
111 const char *asn1_rdn_name, char *buf,
112 size_t * sizeof_buf);
113
114 int
115 _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
116 const char *asn1_rdn_name,
117 const char *given_oid, int indx,
118 unsigned int raw_flag,
119 gnutls_datum_t* out);
120
121 int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
122 const char *asn1_rdn_name, const char *oid,
123 int raw_flag, const char *name, int sizeof_name);
124
125 int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
126 const char *asn1_rdn_name,
127 int indx, void *_oid, size_t * sizeof_oid);
128
129 int _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
130 int seq, void *name, size_t * name_size,
131 unsigned int *ret_type, int othername_oid);
132
133 /* dsa.c */
134
135
136 /* verify.c */
137 int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert,
138 gnutls_x509_crt_t issuer);
139
140 int
141 _gnutls_x509_verify_algorithm (gnutls_digest_algorithm_t * hash,
142 const gnutls_datum_t * signature,
143 gnutls_pk_algorithm_t pk,
144 gnutls_pk_params_st * issuer_params);
145
146 int _gnutls_x509_verify_data (gnutls_digest_algorithm_t algo,
147 const gnutls_datum_t * data,
148 const gnutls_datum_t * signature,
149 gnutls_x509_crt_t issuer);
150
151 /* privkey.h */
152 ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t *
153 raw_key,
154 gnutls_x509_privkey_t pkey);
155 ASN1_TYPE _gnutls_privkey_decode_ecc_key (const gnutls_datum_t *
156 raw_key,
157 gnutls_x509_privkey_t pkey);
158
159 int
160 _gnutls_x509_read_ecc_params (uint8_t * der, int dersize, gnutls_pk_params_st * params);
161
162 int _gnutls_asn1_encode_privkey (gnutls_pk_algorithm_t pk, ASN1_TYPE * c2, gnutls_pk_params_st * params);
163
164 /* extensions.c */
165 int _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
166 const char *extension_id, int indx,
167 gnutls_datum_t * ret,
168 unsigned int *_critical);
169
170 int _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
171 int indx, void *oid,
172 size_t * sizeof_oid);
173
174 int _gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
175 const char *ext_id,
176 const gnutls_datum_t * ext_data,
177 unsigned int critical);
178
179 int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
180 const char *extension_id, int indx,
181 gnutls_datum_t * ret,
182 unsigned int *critical);
183 int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
184 int indx, void *ret,
185 size_t * ret_size);
186 int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
187 uint8_t * extnValue, int extnValueLen);
188 int _gnutls_x509_ext_extract_basicConstraints (unsigned int *CA,
189 int *pathLenConstraint,
190 uint8_t * extnValue,
191 int extnValueLen);
192 int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
193 const char *extension_id,
194 const gnutls_datum_t * ext_data,
195 unsigned int critical);
196
197 int
198 _gnutls_x509_ext_extract_number (uint8_t * number,
199 size_t * nr_size,
200 uint8_t * extnValue, int extnValueLen);
201 int
202 _gnutls_x509_ext_gen_number (const uint8_t * nuber, size_t nr_size,
203 gnutls_datum_t * der_ext);
204
205
206 int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint,
207 gnutls_datum_t * der_ext);
208 int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext);
209 int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
210 type, const void *data,
211 unsigned int data_size,
212 gnutls_datum_t * prev_der_ext,
213 gnutls_datum_t * der_ext);
214 int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t type,
215 const void *data,
216 unsigned int data_size,
217 unsigned int reason_flags,
218 gnutls_datum_t * der_ext);
219 int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
220 gnutls_datum_t * der_data);
221 int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
222 gnutls_datum_t * der_data);
223 int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
224 char **policyLanguage,
225 char **policy,
226 size_t * sizeof_policy,
227 uint8_t * extnValue,
228 int extnValueLen);
229 int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
230 const char *policyLanguage,
231 const char *policy,
232 size_t sizeof_policy,
233 gnutls_datum_t * der_ext);
234
235 /* mpi.c */
236 int _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
237 gnutls_pk_params_st*);
238
239 int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
240 gnutls_pk_params_st * params);
241
242 int _gnutls_x509_read_pubkey_params (gnutls_pk_algorithm_t, uint8_t * der, int dersize,
243 gnutls_pk_params_st * params);
244
245 int _gnutls_x509_read_pubkey (gnutls_pk_algorithm_t, uint8_t * der, int dersize,
246 gnutls_pk_params_st * params);
247
248 int _gnutls_x509_write_ecc_params (gnutls_pk_params_st * params,
249 gnutls_datum_t * der);
250 int _gnutls_x509_write_ecc_pubkey (gnutls_pk_params_st * params,
251 gnutls_datum_t * der);
252
253 int
254 _gnutls_x509_write_pubkey_params (gnutls_pk_algorithm_t algo,
255 gnutls_pk_params_st* params,
256 gnutls_datum_t * der);
257 int _gnutls_x509_write_pubkey (gnutls_pk_algorithm_t, gnutls_pk_params_st * params,
258 gnutls_datum_t * der);
259
260 int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
261 unsigned int *ret);
262
263 int _gnutls_x509_read_der_int (uint8_t * der, int dersize, bigint_t * out);
264
265 int _gnutls_x509_read_int (ASN1_TYPE node, const char *value,
266 bigint_t * ret_mpi);
267 int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi,
268 int lz);
269 int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value,
270 uint32_t num);
271
272 int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
273 gnutls_pk_algorithm_t pk_algorithm,
274 gnutls_digest_algorithm_t);
275
276 /* pkcs12.h */
277 #include <gnutls/pkcs12.h>
278
279 typedef struct gnutls_pkcs12_int
280 {
281 ASN1_TYPE pkcs12;
282 } gnutls_pkcs12_int;
283
284 #define MAX_BAG_ELEMENTS 32
285
286 struct bag_element
287 {
288 gnutls_datum_t data;
289 gnutls_pkcs12_bag_type_t type;
290 gnutls_datum_t local_key_id;
291 char *friendly_name;
292 };
293
294 typedef struct gnutls_pkcs12_bag_int
295 {
296 struct bag_element element[MAX_BAG_ELEMENTS];
297 int bag_elements;
298 } gnutls_pkcs12_bag_int;
299
300 #define BAG_PKCS8_KEY "1.2.840.113549.1.12.10.1.1"
301 #define BAG_PKCS8_ENCRYPTED_KEY "1.2.840.113549.1.12.10.1.2"
302 #define BAG_CERTIFICATE "1.2.840.113549.1.12.10.1.3"
303 #define BAG_CRL "1.2.840.113549.1.12.10.1.4"
304 #define BAG_SECRET "1.2.840.113549.1.12.10.1.5"
305
306 /* PKCS #7
307 */
308 #define DATA_OID "1.2.840.113549.1.7.1"
309 #define ENC_DATA_OID "1.2.840.113549.1.7.6"
310
311 /* Bag attributes
312 */
313 #define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20"
314 #define KEY_ID_OID "1.2.840.113549.1.9.21"
315
316 int
317 _gnutls_pkcs12_string_to_key (unsigned int id, const uint8_t * salt,
318 unsigned int salt_size, unsigned int iter,
319 const char *pw, unsigned int req_keylen,
320 uint8_t * keybuf);
321
322 int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
323 const char *password, gnutls_datum_t * dec);
324
325 typedef enum schema_id
326 {
327 PBES2_GENERIC, /* when the algorithm is unknown, temporal use when reading only */
328 PBES2_3DES, /* the stuff in PKCS #5 */
329 PBES2_AES_128,
330 PBES2_AES_192,
331 PBES2_AES_256,
332 PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */
333 PKCS12_ARCFOUR_SHA1,
334 PKCS12_RC2_40_SHA1
335 } schema_id;
336
337 int _gnutls_pkcs_flags_to_schema (unsigned int flags);
338 int _gnutls_pkcs7_encrypt_data (schema_id schema,
339 const gnutls_datum_t * data,
340 const char *password, gnutls_datum_t * enc);
341 int _pkcs12_decode_safe_contents (const gnutls_datum_t * content,
342 gnutls_pkcs12_bag_t bag);
343
344 int
345 _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * content,
346 int *enc);
347
348 int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
349 const gnutls_datum_t * in, gnutls_datum_t * out);
350 int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
351 const gnutls_datum_t * raw, gnutls_datum_t * out);
352
353 /* crq */
354 int _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
355 const char *ext_id,
356 const gnutls_datum_t * ext_data,
357 unsigned int critical);
358
359 unsigned int
360 _gnutls_x509_verify_certificate (const gnutls_x509_crt_t * certificate_list,
361 int clist_size,
362 const gnutls_x509_crt_t * trusted_cas,
363 int tcas_size,
364 unsigned int flags,
365 gnutls_verify_output_function func);
366
367 int
368 _gnutls_is_same_dn (gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2);
369
370 int
371 _gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
372 const gnutls_x509_crl_t * crl_list,
373 int crl_list_length,
374 gnutls_verify_output_function func);
375
376 #endif
Implementation of the SSL/TLS protocol