2 * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
5 * Author: Nikos Mavrogiannopoulos
7 * This file is part of GnuTLS.
9 * The GnuTLS is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU Lesser General Public License
11 * as published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
14 * This library is distributed in the hope that it will be useful, but
15 * WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this library; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
29 #include <gnutls/x509.h>
30 #include <gnutls/abstract.h>
34 /* Remove these when we require libtasn1 v1.6 or later. */
35 #ifndef ASN1_MAX_NAME_SIZE
36 #define ASN1_MAX_NAME_SIZE MAX_NAME_SIZE
38 #ifndef ASN1_MAX_ERROR_DESCRIPTION_SIZE
39 #define ASN1_MAX_ERROR_DESCRIPTION_SIZE MAX_ERROR_DESCRIPTION_SIZE
42 #define MAX_CRQ_EXTENSIONS_SIZE 8*1024
43 #define MAX_OID_SIZE 128
45 #define HASH_OID_SHA1 "1.3.14.3.2.26"
46 #define HASH_OID_MD5 "1.2.840.113549.2.5"
47 #define HASH_OID_MD2 "1.2.840.113549.2.2"
48 #define HASH_OID_RMD160 "1.3.36.3.2.1"
49 #define HASH_OID_SHA256 "2.16.840.1.101.3.4.2.1"
50 #define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2"
51 #define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3"
53 typedef struct gnutls_x509_crl_int
57 } gnutls_x509_crl_int;
59 typedef struct gnutls_x509_crt_int
63 } gnutls_x509_crt_int;
65 typedef struct gnutls_x509_crq_int
68 } gnutls_x509_crq_int;
70 typedef struct gnutls_pkcs7_int
75 #define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS /* ok for RSA and DSA */
77 /* parameters should not be larger than this limit */
78 #define DSA_PRIVATE_PARAMS 5
79 #define DSA_PUBLIC_PARAMS 4
80 #define RSA_PRIVATE_PARAMS 8
81 #define RSA_PUBLIC_PARAMS 2
83 #if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0
84 #error INCREASE MAX_PRIV_PARAMS
87 #if MAX_PRIV_PARAMS_SIZE - DSA_PRIVATE_PARAMS < 0
88 #error INCREASE MAX_PRIV_PARAMS
91 typedef struct gnutls_x509_privkey_int
93 /* the size of params depends on the public
96 bigint_t params[MAX_PRIV_PARAMS_SIZE];
100 * [1] is public exponent
101 * [2] is private exponent
104 * [5] is coefficient (u == inverse of p mod q)
105 * note that other packages used inverse of q mod p,
106 * so we need to perform conversions on import/export
108 * The following two are also not always available thus fixup
109 * will generate them.
110 * [6] e1 == d mod (p-1)
111 * [7] e2 == d mod (q-1)
115 * [3] is y (public key)
116 * [4] is x (private key)
118 int params_size; /* holds the number of params */
120 gnutls_pk_algorithm_t pk_algorithm;
123 } gnutls_x509_privkey_int;
125 int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
128 int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
129 const gnutls_datum_t * dn2);
132 int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
133 int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
134 gnutls_datum_t * dn);
137 int _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
138 gnutls_datum_t * tbs);
139 int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
140 gnutls_digest_algorithm_t,
141 gnutls_x509_crt_t issuer,
142 gnutls_privkey_t issuer_key);
145 #define OID_X520_COUNTRY_NAME "2.5.4.6"
146 #define OID_X520_ORGANIZATION_NAME "2.5.4.10"
147 #define OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11"
148 #define OID_X520_COMMON_NAME "2.5.4.3"
149 #define OID_X520_LOCALITY_NAME "2.5.4.7"
150 #define OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8"
151 #define OID_LDAP_DC "0.9.2342.19200300.100.1.25"
152 #define OID_LDAP_UID "0.9.2342.19200300.100.1.1"
153 #define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
155 int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
156 const char *asn1_rdn_name, char *buf,
157 size_t * sizeof_buf);
159 int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
160 const char *asn1_rdn_name, const char *oid,
161 int indx, unsigned int raw_flag, void *buf,
162 size_t * sizeof_buf);
164 int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
165 const char *asn1_rdn_name, const char *oid,
166 int raw_flag, const char *name, int sizeof_name);
168 int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
169 const char *asn1_rdn_name,
170 int indx, void *_oid, size_t * sizeof_oid);
172 int _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
173 int seq, void *name, size_t * name_size,
174 unsigned int *ret_type, int othername_oid);
180 int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert,
181 gnutls_x509_crt_t issuer);
184 _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
185 const gnutls_datum_t * signature,
186 gnutls_pk_algorithm_t pk,
187 bigint_t * issuer_params,
188 unsigned int issuer_params_size);
190 int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
191 const gnutls_datum_t * hash,
192 const gnutls_datum_t * signature,
193 gnutls_x509_crt_t issuer);
194 int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
195 const gnutls_datum_t * signature,
196 gnutls_x509_privkey_t issuer);
199 ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t *
201 gnutls_x509_privkey_t pkey);
202 int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, bigint_t * params);
205 int _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
206 const char *extension_id, int indx,
207 gnutls_datum_t * ret,
208 unsigned int *_critical);
210 int _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
212 size_t * sizeof_oid);
214 int _gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
216 const gnutls_datum_t * ext_data,
217 unsigned int critical);
219 int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
220 const char *extension_id, int indx,
221 gnutls_datum_t * ret,
222 unsigned int *critical);
223 int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
226 int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
227 opaque * extnValue, int extnValueLen);
228 int _gnutls_x509_ext_extract_basicConstraints (int *CA,
229 int *pathLenConstraint,
232 int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
233 const char *extension_id,
234 const gnutls_datum_t * ext_data,
235 unsigned int critical);
238 _gnutls_x509_ext_extract_number (opaque * number,
240 opaque * extnValue, int extnValueLen);
242 _gnutls_x509_ext_gen_number (const opaque * nuber, size_t nr_size,
243 gnutls_datum_t * der_ext);
246 int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint,
247 gnutls_datum_t * der_ext);
248 int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext);
249 int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
250 type, const void *data,
251 unsigned int data_size,
252 gnutls_datum_t * prev_der_ext,
253 gnutls_datum_t * der_ext);
254 int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t type,
256 unsigned int data_size,
257 unsigned int reason_flags,
258 gnutls_datum_t * der_ext);
259 int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
260 gnutls_datum_t * der_data);
261 int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
262 gnutls_datum_t * der_data);
263 int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
264 char **policyLanguage,
266 size_t * sizeof_policy,
269 int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
270 const char *policyLanguage,
272 size_t sizeof_policy,
273 gnutls_datum_t * der_ext);
276 int _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
277 bigint_t * params, int *params_size);
279 int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
280 bigint_t * params, int *params_size);
281 int _gnutls_x509_read_rsa_params (opaque * der, int dersize,
283 int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize,
285 int _gnutls_x509_read_dsa_params (opaque * der, int dersize,
288 int _gnutls_x509_write_rsa_params (bigint_t * params, int params_size,
289 gnutls_datum_t * der);
290 int _gnutls_x509_write_dsa_params (bigint_t * params, int params_size,
291 gnutls_datum_t * der);
292 int _gnutls_x509_write_dsa_public_key (bigint_t * params, int params_size,
293 gnutls_datum_t * der);
295 int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
298 int _gnutls_x509_read_der_int (opaque * der, int dersize, bigint_t * out);
300 int _gnutls_x509_read_int (ASN1_TYPE node, const char *value,
302 int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi,
304 int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value,
307 int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
308 gnutls_pk_algorithm_t pk_algorithm,
309 gnutls_digest_algorithm_t);
312 #include <gnutls/pkcs12.h>
314 typedef struct gnutls_pkcs12_int
319 #define MAX_BAG_ELEMENTS 32
324 gnutls_pkcs12_bag_type_t type;
325 gnutls_datum_t local_key_id;
329 typedef struct gnutls_pkcs12_bag_int
331 struct bag_element element[MAX_BAG_ELEMENTS];
333 } gnutls_pkcs12_bag_int;
335 #define BAG_PKCS8_KEY "1.2.840.113549.1.12.10.1.1"
336 #define BAG_PKCS8_ENCRYPTED_KEY "1.2.840.113549.1.12.10.1.2"
337 #define BAG_CERTIFICATE "1.2.840.113549.1.12.10.1.3"
338 #define BAG_CRL "1.2.840.113549.1.12.10.1.4"
339 #define BAG_SECRET "1.2.840.113549.1.12.10.1.5"
343 #define DATA_OID "1.2.840.113549.1.7.1"
344 #define ENC_DATA_OID "1.2.840.113549.1.7.6"
348 #define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20"
349 #define KEY_ID_OID "1.2.840.113549.1.9.21"
352 _gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt,
353 unsigned int salt_size, unsigned int iter,
354 const char *pw, unsigned int req_keylen,
357 int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
358 const char *password, gnutls_datum_t * dec);
360 typedef enum schema_id
362 PBES2_GENERIC, /* when the algorithm is unknown, temporal use when reading only */
363 PBES2_3DES, /* the stuff in PKCS #5 */
367 PKCS12_3DES_SHA1, /* the stuff in PKCS #12 */
372 int _gnutls_pkcs_flags_to_schema (unsigned int flags);
373 int _gnutls_pkcs7_encrypt_data (schema_id schema,
374 const gnutls_datum_t * data,
375 const char *password, gnutls_datum_t * enc);
376 int _pkcs12_decode_safe_contents (const gnutls_datum_t * content,
377 gnutls_pkcs12_bag_t bag);
380 _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * content,
383 int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
384 const gnutls_datum_t * in, gnutls_datum_t * out);
385 int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
386 const gnutls_datum_t * raw, gnutls_datum_t * out);
389 int _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
391 const gnutls_datum_t * ext_data,
392 unsigned int critical);