lib/x509/x509_int.h

   1 /*
   2  * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software
   3  * Foundation, Inc.
   4  *
   5  * Author: Nikos Mavrogiannopoulos
   6  *
   7  * This file is part of GnuTLS.
   8  *
   9  * The GnuTLS is free software; you can redistribute it and/or
  10  * modify it under the terms of the GNU Lesser General Public License
  11  * as published by the Free Software Foundation; either version 2.1 of
  12  * the License, or (at your option) any later version.
  13  *
  14  * This library is distributed in the hope that it will be useful, but
  15  * WITHOUT ANY WARRANTY; without even the implied warranty of
  16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17  * Lesser General Public License for more details.
  18  *
  19  * You should have received a copy of the GNU Lesser General Public
  20  * License along with this library; if not, write to the Free Software
  21  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
  22  * USA
  23  *
  24  */
  25
  26 #ifndef X509_H
  27 #define X509_H
  28
  29 #include <gnutls/x509.h>
  30 #include <gnutls/abstract.h>
  31
  32 #include <libtasn1.h>
  33
  34 /* Remove these when we require libtasn1 v1.6 or later. */
  35 #ifndef ASN1_MAX_NAME_SIZE
  36 #define ASN1_MAX_NAME_SIZE MAX_NAME_SIZE
  37 #endif
  38 #ifndef ASN1_MAX_ERROR_DESCRIPTION_SIZE
  39 #define ASN1_MAX_ERROR_DESCRIPTION_SIZE MAX_ERROR_DESCRIPTION_SIZE
  40 #endif
  41
  42 #define MAX_CRQ_EXTENSIONS_SIZE 8*1024
  43 #define MAX_OID_SIZE 128
  44
  45 #define HASH_OID_SHA1 "1.3.14.3.2.26"
  46 #define HASH_OID_MD5 "1.2.840.113549.2.5"
  47 #define HASH_OID_MD2 "1.2.840.113549.2.2"
  48 #define HASH_OID_RMD160 "1.3.36.3.2.1"
  49 #define HASH_OID_SHA256 "2.16.840.1.101.3.4.2.1"
  50 #define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2"
  51 #define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3"
  52
  53 typedef struct gnutls_x509_crl_int
  54 {
  55   ASN1_TYPE crl;
  56   int use_extensions;
  57 } gnutls_x509_crl_int;
  58
  59 typedef struct gnutls_x509_crt_int
  60 {
  61   ASN1_TYPE cert;
  62   int use_extensions;
  63 } gnutls_x509_crt_int;
  64
  65 typedef struct gnutls_x509_crq_int
  66 {
  67   ASN1_TYPE crq;
  68 } gnutls_x509_crq_int;
  69
  70 typedef struct gnutls_pkcs7_int
  71 {
  72   ASN1_TYPE pkcs7;
  73 } gnutls_pkcs7_int;
  74
  75 #define MAX_PRIV_PARAMS_SIZE GNUTLS_MAX_PK_PARAMS       /* ok for RSA and DSA */
  76
  77 /* parameters should not be larger than this limit */
  78 #define DSA_PRIVATE_PARAMS 5
  79 #define DSA_PUBLIC_PARAMS 4
  80 #define RSA_PRIVATE_PARAMS 8
  81 #define RSA_PUBLIC_PARAMS 2
  82
  83 #if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0
  84 #error INCREASE MAX_PRIV_PARAMS
  85 #endif
  86
  87 #if MAX_PRIV_PARAMS_SIZE - DSA_PRIVATE_PARAMS < 0
  88 #error INCREASE MAX_PRIV_PARAMS
  89 #endif
  90
  91 typedef struct gnutls_x509_privkey_int
  92 {
  93   /* the size of params depends on the public
  94    * key algorithm
  95    */
  96   bigint_t params[MAX_PRIV_PARAMS_SIZE];
  97
  98   /*
  99    * RSA: [0] is modulus
 100    *      [1] is public exponent
 101    *      [2] is private exponent
 102    *      [3] is prime1 (p)
 103    *      [4] is prime2 (q)
 104    *      [5] is coefficient (u == inverse of p mod q)
 105    *          note that other packages used inverse of q mod p,
 106    *          so we need to perform conversions on import/export
 107    *          using fixup.
 108    *      The following two are also not always available thus fixup
 109    *      will generate them.
 110    *      [6] e1 == d mod (p-1)
 111    *      [7] e2 == d mod (q-1)
 112    * DSA: [0] is p
 113    *      [1] is q
 114    *      [2] is g
 115    *      [3] is y (public key)
 116    *      [4] is x (private key)
 117    */
 118   int params_size;              /* holds the number of params */
 119
 120   gnutls_pk_algorithm_t pk_algorithm;
 121
 122   ASN1_TYPE key;
 123 } gnutls_x509_privkey_int;
 124
 125 int _gnutls_x509_crt_cpy (gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
 126
 127
 128 int _gnutls_x509_compare_raw_dn (const gnutls_datum_t * dn1,
 129                                  const gnutls_datum_t * dn2);
 130
 131
 132 int _gnutls_x509_crl_cpy (gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
 133 int _gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl,
 134                                         gnutls_datum_t * dn);
 135
 136 /* sign.c */
 137 int _gnutls_x509_get_tbs (ASN1_TYPE cert, const char *tbs_name,
 138                           gnutls_datum_t * tbs);
 139 int _gnutls_x509_pkix_sign (ASN1_TYPE src, const char *src_name,
 140                             gnutls_digest_algorithm_t,
 141                             gnutls_x509_crt_t issuer,
 142                             gnutls_privkey_t issuer_key);
 143
 144 /* dn.c */
 145 #define OID_X520_COUNTRY_NAME           "2.5.4.6"
 146 #define OID_X520_ORGANIZATION_NAME      "2.5.4.10"
 147 #define OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11"
 148 #define OID_X520_COMMON_NAME            "2.5.4.3"
 149 #define OID_X520_LOCALITY_NAME          "2.5.4.7"
 150 #define OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8"
 151 #define OID_LDAP_DC                     "0.9.2342.19200300.100.1.25"
 152 #define OID_LDAP_UID                    "0.9.2342.19200300.100.1.1"
 153 #define OID_PKCS9_EMAIL                 "1.2.840.113549.1.9.1"
 154
 155 int _gnutls_x509_parse_dn (ASN1_TYPE asn1_struct,
 156                            const char *asn1_rdn_name, char *buf,
 157                            size_t * sizeof_buf);
 158
 159 int _gnutls_x509_parse_dn_oid (ASN1_TYPE asn1_struct,
 160                                const char *asn1_rdn_name, const char *oid,
 161                                int indx, unsigned int raw_flag, void *buf,
 162                                size_t * sizeof_buf);
 163
 164 int _gnutls_x509_set_dn_oid (ASN1_TYPE asn1_struct,
 165                              const char *asn1_rdn_name, const char *oid,
 166                              int raw_flag, const char *name, int sizeof_name);
 167
 168 int _gnutls_x509_get_dn_oid (ASN1_TYPE asn1_struct,
 169                              const char *asn1_rdn_name,
 170                              int indx, void *_oid, size_t * sizeof_oid);
 171
 172 int _gnutls_parse_general_name (ASN1_TYPE src, const char *src_name,
 173                                 int seq, void *name, size_t * name_size,
 174                                 unsigned int *ret_type, int othername_oid);
 175
 176 /* dsa.c */
 177
 178
 179 /* verify.c */
 180 int gnutls_x509_crt_is_issuer (gnutls_x509_crt_t cert,
 181                                gnutls_x509_crt_t issuer);
 182
 183 int
 184 _gnutls_x509_verify_algorithm (gnutls_mac_algorithm_t * hash,
 185                                const gnutls_datum_t * signature,
 186                                gnutls_pk_algorithm_t pk,
 187                                bigint_t * issuer_params,
 188                                unsigned int issuer_params_size);
 189
 190 int _gnutls_x509_verify_signature (const gnutls_datum_t * tbs,
 191                                    const gnutls_datum_t * hash,
 192                                    const gnutls_datum_t * signature,
 193                                    gnutls_x509_crt_t issuer);
 194 int _gnutls_x509_privkey_verify_signature (const gnutls_datum_t * tbs,
 195                                            const gnutls_datum_t * signature,
 196                                            gnutls_x509_privkey_t issuer);
 197
 198 /* privkey.h */
 199 ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key (const gnutls_datum_t *
 200                                                 raw_key,
 201                                                 gnutls_x509_privkey_t pkey);
 202 int _gnutls_asn1_encode_dsa (ASN1_TYPE * c2, bigint_t * params);
 203
 204 /* extensions.c */
 205 int _gnutls_x509_crl_get_extension (gnutls_x509_crl_t crl,
 206                                     const char *extension_id, int indx,
 207                                     gnutls_datum_t * ret,
 208                                     unsigned int *_critical);
 209
 210 int _gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl,
 211                                         int indx, void *oid,
 212                                         size_t * sizeof_oid);
 213
 214 int _gnutls_x509_crl_set_extension (gnutls_x509_crl_t crl,
 215                                     const char *ext_id,
 216                                     const gnutls_datum_t * ext_data,
 217                                     unsigned int critical);
 218
 219 int _gnutls_x509_crt_get_extension (gnutls_x509_crt_t cert,
 220                                     const char *extension_id, int indx,
 221                                     gnutls_datum_t * ret,
 222                                     unsigned int *critical);
 223 int _gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert,
 224                                         int indx, void *ret,
 225                                         size_t * ret_size);
 226 int _gnutls_x509_ext_extract_keyUsage (uint16_t * keyUsage,
 227                                        opaque * extnValue, int extnValueLen);
 228 int _gnutls_x509_ext_extract_basicConstraints (int *CA,
 229                                                int *pathLenConstraint,
 230                                                opaque * extnValue,
 231                                                int extnValueLen);
 232 int _gnutls_x509_crt_set_extension (gnutls_x509_crt_t cert,
 233                                     const char *extension_id,
 234                                     const gnutls_datum_t * ext_data,
 235                                     unsigned int critical);
 236
 237 int
 238 _gnutls_x509_ext_extract_number (opaque * number,
 239                                  size_t * nr_size,
 240                                  opaque * extnValue, int extnValueLen);
 241 int
 242 _gnutls_x509_ext_gen_number (const opaque * nuber, size_t nr_size,
 243                              gnutls_datum_t * der_ext);
 244
 245
 246 int _gnutls_x509_ext_gen_basicConstraints (int CA, int pathLenConstraint,
 247                                            gnutls_datum_t * der_ext);
 248 int _gnutls_x509_ext_gen_keyUsage (uint16_t usage, gnutls_datum_t * der_ext);
 249 int _gnutls_x509_ext_gen_subject_alt_name (gnutls_x509_subject_alt_name_t
 250                                            type, const void *data,
 251                                            unsigned int data_size,
 252                                            gnutls_datum_t * prev_der_ext,
 253                                            gnutls_datum_t * der_ext);
 254 int _gnutls_x509_ext_gen_crl_dist_points (gnutls_x509_subject_alt_name_t type,
 255                                           const void *data,
 256                                           unsigned int data_size,
 257                                           unsigned int reason_flags,
 258                                           gnutls_datum_t * der_ext);
 259 int _gnutls_x509_ext_gen_key_id (const void *id, size_t id_size,
 260                                  gnutls_datum_t * der_data);
 261 int _gnutls_x509_ext_gen_auth_key_id (const void *id, size_t id_size,
 262                                       gnutls_datum_t * der_data);
 263 int _gnutls_x509_ext_extract_proxyCertInfo (int *pathLenConstraint,
 264                                             char **policyLanguage,
 265                                             char **policy,
 266                                             size_t * sizeof_policy,
 267                                             opaque * extnValue,
 268                                             int extnValueLen);
 269 int _gnutls_x509_ext_gen_proxyCertInfo (int pathLenConstraint,
 270                                         const char *policyLanguage,
 271                                         const char *policy,
 272                                         size_t sizeof_policy,
 273                                         gnutls_datum_t * der_ext);
 274
 275 /* mpi.c */
 276 int _gnutls_x509_crq_get_mpis (gnutls_x509_crq_t cert,
 277                                bigint_t * params, int *params_size);
 278
 279 int _gnutls_x509_crt_get_mpis (gnutls_x509_crt_t cert,
 280                                bigint_t * params, int *params_size);
 281 int _gnutls_x509_read_rsa_params (opaque * der, int dersize,
 282                                   bigint_t * params);
 283 int _gnutls_x509_read_dsa_pubkey (opaque * der, int dersize,
 284                                   bigint_t * params);
 285 int _gnutls_x509_read_dsa_params (opaque * der, int dersize,
 286                                   bigint_t * params);
 287
 288 int _gnutls_x509_write_rsa_params (bigint_t * params, int params_size,
 289                                    gnutls_datum_t * der);
 290 int _gnutls_x509_write_dsa_params (bigint_t * params, int params_size,
 291                                    gnutls_datum_t * der);
 292 int _gnutls_x509_write_dsa_public_key (bigint_t * params, int params_size,
 293                                        gnutls_datum_t * der);
 294
 295 int _gnutls_x509_read_uint (ASN1_TYPE node, const char *value,
 296                             unsigned int *ret);
 297
 298 int _gnutls_x509_read_der_int (opaque * der, int dersize, bigint_t * out);
 299
 300 int _gnutls_x509_read_int (ASN1_TYPE node, const char *value,
 301                            bigint_t * ret_mpi);
 302 int _gnutls_x509_write_int (ASN1_TYPE node, const char *value, bigint_t mpi,
 303                             int lz);
 304 int _gnutls_x509_write_uint32 (ASN1_TYPE node, const char *value,
 305                                uint32_t num);
 306
 307 int _gnutls_x509_write_sig_params (ASN1_TYPE dst, const char *dst_name,
 308                                    gnutls_pk_algorithm_t pk_algorithm,
 309                                    gnutls_digest_algorithm_t);
 310
 311 /* pkcs12.h */
 312 #include <gnutls/pkcs12.h>
 313
 314 typedef struct gnutls_pkcs12_int
 315 {
 316   ASN1_TYPE pkcs12;
 317 } gnutls_pkcs12_int;
 318
 319 #define MAX_BAG_ELEMENTS 32
 320
 321 struct bag_element
 322 {
 323   gnutls_datum_t data;
 324   gnutls_pkcs12_bag_type_t type;
 325   gnutls_datum_t local_key_id;
 326   char *friendly_name;
 327 };
 328
 329 typedef struct gnutls_pkcs12_bag_int
 330 {
 331   struct bag_element element[MAX_BAG_ELEMENTS];
 332   int bag_elements;
 333 } gnutls_pkcs12_bag_int;
 334
 335 #define BAG_PKCS8_KEY "1.2.840.113549.1.12.10.1.1"
 336 #define BAG_PKCS8_ENCRYPTED_KEY "1.2.840.113549.1.12.10.1.2"
 337 #define BAG_CERTIFICATE "1.2.840.113549.1.12.10.1.3"
 338 #define BAG_CRL "1.2.840.113549.1.12.10.1.4"
 339 #define BAG_SECRET "1.2.840.113549.1.12.10.1.5"
 340
 341 /* PKCS #7
 342  */
 343 #define DATA_OID "1.2.840.113549.1.7.1"
 344 #define ENC_DATA_OID "1.2.840.113549.1.7.6"
 345
 346 /* Bag attributes
 347  */
 348 #define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20"
 349 #define KEY_ID_OID "1.2.840.113549.1.9.21"
 350
 351 int
 352 _gnutls_pkcs12_string_to_key (unsigned int id, const opaque * salt,
 353                               unsigned int salt_size, unsigned int iter,
 354                               const char *pw, unsigned int req_keylen,
 355                               opaque * keybuf);
 356
 357 int _gnutls_pkcs7_decrypt_data (const gnutls_datum_t * data,
 358                                 const char *password, gnutls_datum_t * dec);
 359
 360 typedef enum schema_id
 361 {
 362   PBES2_GENERIC,                /* when the algorithm is unknown, temporal use when reading only */
 363   PBES2_3DES,                   /* the stuff in PKCS #5 */
 364   PBES2_AES_128,
 365   PBES2_AES_192,
 366   PBES2_AES_256,
 367   PKCS12_3DES_SHA1,             /* the stuff in PKCS #12 */
 368   PKCS12_ARCFOUR_SHA1,
 369   PKCS12_RC2_40_SHA1
 370 } schema_id;
 371
 372 int _gnutls_pkcs_flags_to_schema (unsigned int flags);
 373 int _gnutls_pkcs7_encrypt_data (schema_id schema,
 374                                 const gnutls_datum_t * data,
 375                                 const char *password, gnutls_datum_t * enc);
 376 int _pkcs12_decode_safe_contents (const gnutls_datum_t * content,
 377                                   gnutls_pkcs12_bag_t bag);
 378
 379 int
 380 _pkcs12_encode_safe_contents (gnutls_pkcs12_bag_t bag, ASN1_TYPE * content,
 381                               int *enc);
 382
 383 int _pkcs12_decode_crt_bag (gnutls_pkcs12_bag_type_t type,
 384                             const gnutls_datum_t * in, gnutls_datum_t * out);
 385 int _pkcs12_encode_crt_bag (gnutls_pkcs12_bag_type_t type,
 386                             const gnutls_datum_t * raw, gnutls_datum_t * out);
 387
 388 /* crq */
 389 int _gnutls_x509_crq_set_extension (gnutls_x509_crq_t crq,
 390                                     const char *ext_id,
 391                                     const gnutls_datum_t * ext_data,
 392                                     unsigned int critical);
 393
 394 #endif