diff options
author | Simon Josefsson <simon@josefsson.org> | 2005-08-24 09:55:21 +0000 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2005-08-24 09:55:21 +0000 |
commit | 995acebed420303d148a4f1f97cdc9e77a6155f4 (patch) | |
tree | 55672b659915a24c250b1978e6e350f55efef1b7 /includes | |
parent | a41ee31cdd1cadbebbbfb70eef3762896c979ca0 (diff) | |
download | gnutls-995acebed420303d148a4f1f97cdc9e77a6155f4.tar.gz |
Indent.
Diffstat (limited to 'includes')
-rw-r--r-- | includes/gnutls/x509.h | 817 |
1 files changed, 464 insertions, 353 deletions
diff --git a/includes/gnutls/x509.h b/includes/gnutls/x509.h index 5b29e38925..c6565d0319 100644 --- a/includes/gnutls/x509.h +++ b/includes/gnutls/x509.h @@ -30,7 +30,8 @@ # define GNUTLS_X509_H #ifdef __cplusplus -extern "C" { +extern "C" +{ #endif #include <gnutls/gnutls.h> @@ -41,24 +42,24 @@ extern "C" { #define GNUTLS_OID_X520_COUNTRY_NAME "2.5.4.6" #define GNUTLS_OID_X520_ORGANIZATION_NAME "2.5.4.10" #define GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11" -#define GNUTLS_OID_X520_COMMON_NAME "2.5.4.3" -#define GNUTLS_OID_X520_LOCALITY_NAME "2.5.4.7" -#define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8" +#define GNUTLS_OID_X520_COMMON_NAME "2.5.4.3" +#define GNUTLS_OID_X520_LOCALITY_NAME "2.5.4.7" +#define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8" -#define GNUTLS_OID_X520_INITIALS "2.5.4.43" +#define GNUTLS_OID_X520_INITIALS "2.5.4.43" #define GNUTLS_OID_X520_GENERATION_QUALIFIER "2.5.4.44" -#define GNUTLS_OID_X520_SURNAME "2.5.4.4" -#define GNUTLS_OID_X520_GIVEN_NAME "2.5.4.42" -#define GNUTLS_OID_X520_TITLE "2.5.4.12" -#define GNUTLS_OID_X520_DN_QUALIFIER "2.5.4.46" -#define GNUTLS_OID_X520_PSEUDONYM "2.5.4.65" +#define GNUTLS_OID_X520_SURNAME "2.5.4.4" +#define GNUTLS_OID_X520_GIVEN_NAME "2.5.4.42" +#define GNUTLS_OID_X520_TITLE "2.5.4.12" +#define GNUTLS_OID_X520_DN_QUALIFIER "2.5.4.46" +#define GNUTLS_OID_X520_PSEUDONYM "2.5.4.65" #define GNUTLS_OID_LDAP_DC "0.9.2342.19200300.100.1.25" #define GNUTLS_OID_LDAP_UID "0.9.2342.19200300.100.1.1" /* The following should not be included in DN. */ -#define GNUTLS_OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" +#define GNUTLS_OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" #define GNUTLS_OID_PKIX_DATE_OF_BIRTH "1.3.6.1.5.5.7.9.1" #define GNUTLS_OID_PKIX_PLACE_OF_BIRTH "1.3.6.1.5.5.7.9.2" @@ -76,53 +77,65 @@ extern "C" { #define GNUTLS_KP_OCSP_SIGNING "1.3.6.1.5.5.7.3.9" #define GNUTLS_KP_ANY "2.5.29.37.0" -/* Certificate handling functions +/* Certificate handling functions. */ - -typedef enum gnutls_certificate_import_flags { - GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED=1 - /* Fail if the certificates in the buffer are more than - * the space allocated for certificates. The error code - * will be GNUTLS_E_SHORT_MEMORY_BUFFER. - */ -} gnutls_certificate_import_flags; - -int gnutls_x509_crt_init(gnutls_x509_crt_t * cert); -void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert); -int gnutls_x509_crt_import(gnutls_x509_crt_t cert, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_x509_crt_list_import(gnutls_x509_crt_t *certs, unsigned int *cert_max, - const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, unsigned int flags); -int gnutls_x509_crt_export( gnutls_x509_crt_t cert, - gnutls_x509_crt_fmt_t format, void* output_data, size_t* output_data_size); -int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt_t cert, char *buf, - size_t *sizeof_buf); -int gnutls_x509_crt_get_issuer_dn_oid(gnutls_x509_crt_t cert, - int indx, void *oid, size_t *sizeof_oid); -int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert, - const char* oid, int indx, unsigned int raw_flag, - void *buf, size_t *sizeof_buf); -int gnutls_x509_crt_get_dn(gnutls_x509_crt_t cert, char *buf, - size_t *sizeof_buf); -int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt_t cert, - int indx, void *oid, size_t *sizeof_oid); -int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char* oid, - int indx, unsigned int raw_flag, void *buf, size_t *sizeof_buf); -int gnutls_x509_crt_check_hostname(gnutls_x509_crt_t cert, - const char *hostname); - -int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt_t cert); -int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert); -int gnutls_x509_crt_get_key_id( gnutls_x509_crt_t crt, unsigned int flags, - unsigned char* output_data, size_t* output_data_size); - -int gnutls_x509_crt_set_authority_key_id(gnutls_x509_crt_t cert, const void* id, - size_t id_size); -int gnutls_x509_crt_get_authority_key_id(gnutls_x509_crt_t cert, void* ret, - size_t* ret_size, unsigned int* critical); - -int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, void* ret, - size_t* ret_size, unsigned int* critical); + typedef enum gnutls_certificate_import_flags + { + /* Fail if the certificates in the buffer are more than the space + * allocated for certificates. The error code will be + * GNUTLS_E_SHORT_MEMORY_BUFFER. + */ + GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1 + } gnutls_certificate_import_flags; + + int gnutls_x509_crt_init (gnutls_x509_crt_t * cert); + void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert); + int gnutls_x509_crt_import (gnutls_x509_crt_t cert, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, + unsigned int *cert_max, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + unsigned int flags); + int gnutls_x509_crt_export (gnutls_x509_crt_t cert, + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); + int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf, + size_t * sizeof_buf); + int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx, + void *oid, size_t * sizeof_oid); + int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, + const char *oid, int indx, + unsigned int raw_flag, + void *buf, size_t * sizeof_buf); + int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf, + size_t * sizeof_buf); + int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx, + void *oid, size_t * sizeof_oid); + int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * sizeof_buf); + int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, + const char *hostname); + + int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert); + int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert); + int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, + unsigned int flags, + unsigned char *output_data, + size_t * output_data_size); + + int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert, + const void *id, size_t id_size); + int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, + void *ret, size_t * ret_size, + unsigned int *critical); + + int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, + void *ret, size_t * ret_size, + unsigned int *critical); #define GNUTLS_CRL_REASON_UNUSED 128 #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 @@ -134,337 +147,435 @@ int gnutls_x509_crt_get_subject_key_id(gnutls_x509_crt_t cert, void* ret, #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 -int gnutls_x509_crt_get_crl_dist_points(gnutls_x509_crt_t cert, - unsigned int seq, void *ret, size_t *ret_size, unsigned int* reason_flags, - unsigned int *critical); -int gnutls_x509_crt_set_crl_dist_points(gnutls_x509_crt_t crt, gnutls_x509_subject_alt_name_t type, - const void* data_string, unsigned int reason_flags); -int gnutls_x509_crt_cpy_crl_dist_points(gnutls_x509_crt_t dst, - gnutls_x509_crt_t src); - -time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt_t cert); -time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt_t cert); -int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void* result, size_t* result_size); - -int gnutls_x509_crt_get_pk_algorithm( gnutls_x509_crt_t cert, unsigned int* bits); -int gnutls_x509_crt_get_pk_rsa_raw(gnutls_x509_crt_t crt, - gnutls_datum_t * m, gnutls_datum_t *e); -int gnutls_x509_crt_get_pk_dsa_raw(gnutls_x509_crt_t crt, - gnutls_datum_t * p, gnutls_datum_t *q, - gnutls_datum_t *g, gnutls_datum_t *y); - -int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert, - unsigned int seq, void *ret, size_t *ret_size, unsigned int* critical); -int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert, unsigned int* critical); - -/* The key_usage flags are defined in gnutls.h. They are - * the GNUTLS_KEY_* definitions. + int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *reason_flags, + unsigned int *critical); + int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, + gnutls_x509_subject_alt_name_t + type, const void *data_string, + unsigned int reason_flags); + int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst, + gnutls_x509_crt_t src); + + time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert); + time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert); + int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result, + size_t * result_size); + + int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, + unsigned int *bits); + int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt, + gnutls_datum_t * m, gnutls_datum_t * e); + int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, gnutls_datum_t * y); + + int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, + unsigned int seq, void *ret, + size_t * ret_size, + unsigned int *critical); + int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, + unsigned int *critical); + +/* The key_usage flags are defined in gnutls.h. They are the + * GNUTLS_KEY_* definitions. */ -int gnutls_x509_crt_get_key_usage( gnutls_x509_crt_t cert, unsigned int* key_usage, - unsigned int* critical); -int gnutls_x509_crt_set_key_usage(gnutls_x509_crt_t crt, unsigned int usage); - -int gnutls_x509_dn_oid_known(const char* oid); - -int gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert, int indx, - void* oid, size_t * sizeof_oid); -int gnutls_x509_crt_get_extension_by_oid(gnutls_x509_crt_t cert, - const char* oid, int indx, - void* buf, size_t * sizeof_buf, unsigned int * critical); -int gnutls_x509_crt_set_extension_by_oid(gnutls_x509_crt_t crt, - const char *oid, const void *buf, size_t sizeof_buf, - unsigned int critical); - -int gnutls_x509_crt_to_xml(gnutls_x509_crt_t cert, gnutls_datum_t* res, int detail); - -/* possible values for detail. + int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, + unsigned int *key_usage, + unsigned int *critical); + int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, + unsigned int usage); + + int gnutls_x509_dn_oid_known (const char *oid); + + int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx, + void *oid, size_t * sizeof_oid); + int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, + const char *oid, int indx, + void *buf, + size_t * sizeof_buf, + unsigned int *critical); + int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt, + const char *oid, + const void *buf, + size_t sizeof_buf, + unsigned int critical); + + int gnutls_x509_crt_to_xml (gnutls_x509_crt_t cert, + gnutls_datum_t * res, int detail); + +/* Possible values for gnutls_x509_crt_to_xml() detail. */ #define GNUTLS_XML_SHOW_ALL 1 #define GNUTLS_XML_NORMAL 0 /* X.509 Certificate writing. */ -int gnutls_x509_crt_set_dn_by_oid(gnutls_x509_crt_t crt, const char* oid, - unsigned int raw_flag, const void *name, unsigned int sizeof_name); -int gnutls_x509_crt_set_issuer_dn_by_oid(gnutls_x509_crt_t crt, const char* oid, - unsigned int raw_flag, const void *name, unsigned int sizeof_name); -int gnutls_x509_crt_set_version(gnutls_x509_crt_t crt, unsigned int version); -int gnutls_x509_crt_set_key(gnutls_x509_crt_t crt, gnutls_x509_privkey_t key); -int gnutls_x509_crt_set_ca_status(gnutls_x509_crt_t crt, unsigned int ca); -int gnutls_x509_crt_set_subject_alternative_name(gnutls_x509_crt_t crt, gnutls_x509_subject_alt_name_t type, - const char* data_string); -int gnutls_x509_crt_sign(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key); -int gnutls_x509_crt_sign2(gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key, gnutls_digest_algorithm_t, unsigned int flags); -int gnutls_x509_crt_set_activation_time(gnutls_x509_crt_t cert, time_t act_time); -int gnutls_x509_crt_set_expiration_time(gnutls_x509_crt_t cert, time_t exp_time); -int gnutls_x509_crt_set_serial(gnutls_x509_crt_t cert, const void* serial, - size_t serial_size); - -int gnutls_x509_crt_set_subject_key_id(gnutls_x509_crt_t cert, const void* id, - size_t id_size); - - -/* RDN handling + int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, + const char *oid, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name); + int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt, + const char *oid, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name); + int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, + unsigned int version); + int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, + gnutls_x509_privkey_t key); + int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca); + int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, + gnutls_x509_subject_alt_name_t + type, + const char *data_string); + int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key); + int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key, + gnutls_digest_algorithm_t, unsigned int flags); + int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert, + time_t act_time); + int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, + time_t exp_time); + int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, + const void *serial, size_t serial_size); + + int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert, + const void *id, size_t id_size); + + +/* RDN handling. */ -int gnutls_x509_rdn_get(const gnutls_datum_t * idn, - char *buf, size_t *sizeof_buf); -int gnutls_x509_rdn_get_oid(const gnutls_datum_t * idn, - int indx, void *buf, size_t * sizeof_buf); - -int gnutls_x509_rdn_get_by_oid(const gnutls_datum_t * idn, const char* oid, - int indx, unsigned int raw_flag, void *buf, size_t *sizeof_buf); - - -/* CRL handling functions */ - - -int gnutls_x509_crl_init(gnutls_x509_crl_t * crl); -void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl); - -int gnutls_x509_crl_import(gnutls_x509_crl_t crl, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_x509_crl_export( gnutls_x509_crl_t crl, - gnutls_x509_crt_fmt_t format, void* output_data, size_t* output_data_size); - -int gnutls_x509_crl_get_issuer_dn(const gnutls_x509_crl_t crl, - char *buf, size_t *sizeof_buf); -int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl_t crl, - const char* oid, int indx, - unsigned int raw_flag, void *buf, size_t *sizeof_buf); -int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl_t crl, - int indx, void *oid, size_t *sizeof_oid); - -int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl_t crl); -int gnutls_x509_crl_get_version(gnutls_x509_crl_t crl); + int gnutls_x509_rdn_get (const gnutls_datum_t * idn, + char *buf, size_t * sizeof_buf); + int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn, + int indx, void *buf, size_t * sizeof_buf); -time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl_t crl); -time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl_t crl); + int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * sizeof_buf); -int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl); -int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, int indx, - unsigned char* serial, size_t* serial_size, - time_t* t); +/* CRL handling functions. + */ + int gnutls_x509_crl_init (gnutls_x509_crl_t * crl); + void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl); + + int gnutls_x509_crl_import (gnutls_x509_crl_t crl, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + int gnutls_x509_crl_export (gnutls_x509_crl_t crl, + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); + + int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, + char *buf, size_t * sizeof_buf); + int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, + const char *oid, int indx, + unsigned int raw_flag, + void *buf, size_t * sizeof_buf); + int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, int indx, + void *oid, size_t * sizeof_oid); + + int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl); + int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl); + + time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl); + time_t gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl); + + int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl); + int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx, + unsigned char *serial, + size_t * serial_size, time_t * t); #define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count #define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial -int gnutls_x509_crl_check_issuer( gnutls_x509_crl_t crl, - gnutls_x509_crt_t issuer); + int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl, + gnutls_x509_crt_t issuer); /* CRL writing. */ -int gnutls_x509_crl_set_version(gnutls_x509_crl_t crl, unsigned int version); -int gnutls_x509_crl_sign(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key); -int gnutls_x509_crl_sign2(gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer, - gnutls_x509_privkey_t issuer_key, gnutls_digest_algorithm_t, unsigned int flags); -int gnutls_x509_crl_set_this_update(gnutls_x509_crl_t crl, time_t act_time); -int gnutls_x509_crl_set_next_update(gnutls_x509_crl_t crl, time_t exp_time); -int gnutls_x509_crl_set_crt_serial(gnutls_x509_crl_t crl, const void* serial, - size_t serial_size, time_t revocation_time); -int gnutls_x509_crl_set_crt(gnutls_x509_crl_t crl, gnutls_x509_crt_t crt, - time_t revocation_time); - - -/* PKCS7 structures handling + int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, + unsigned int version); + int gnutls_x509_crl_sign (gnutls_x509_crl_t crl, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key); + int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl, + gnutls_x509_crt_t issuer, + gnutls_x509_privkey_t issuer_key, + gnutls_digest_algorithm_t, unsigned int flags); + int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, + time_t act_time); + int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, + time_t exp_time); + int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, + const void *serial, + size_t serial_size, + time_t revocation_time); + int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, + gnutls_x509_crt_t crt, time_t revocation_time); + + +/* PKCS7 structures handling */ - -struct gnutls_pkcs7_int; -typedef struct gnutls_pkcs7_int* gnutls_pkcs7_t; - - -int gnutls_pkcs7_init(gnutls_pkcs7_t * pkcs7); -void gnutls_pkcs7_deinit(gnutls_pkcs7_t pkcs7); -int gnutls_pkcs7_import(gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_pkcs7_export( gnutls_pkcs7_t pkcs7, - gnutls_x509_crt_fmt_t format, void* output_data, size_t* output_data_size); - -int gnutls_pkcs7_get_crt_count( gnutls_pkcs7_t pkcs7); -int gnutls_pkcs7_get_crt_raw(gnutls_pkcs7_t pkcs7, int indx, - void* certificate, size_t* certificate_size); - -int gnutls_pkcs7_set_crt_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t* crt); -int gnutls_pkcs7_set_crt(gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt); -int gnutls_pkcs7_delete_crt(gnutls_pkcs7_t pkcs7, int indx); - -int gnutls_pkcs7_get_crl_raw(gnutls_pkcs7_t pkcs7, - int indx, void* crl, size_t* crl_size); -int gnutls_pkcs7_get_crl_count(gnutls_pkcs7_t pkcs7); - -int gnutls_pkcs7_set_crl_raw(gnutls_pkcs7_t pkcs7, const gnutls_datum_t* crt); -int gnutls_pkcs7_set_crl(gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl); -int gnutls_pkcs7_delete_crl(gnutls_pkcs7_t pkcs7, int indx); + struct gnutls_pkcs7_int; + typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t; + + int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7); + void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7); + int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7, + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); + + int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7); + int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, int indx, + void *certificate, size_t * certificate_size); + + int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7, + const gnutls_datum_t * crt); + int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt); + int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx); + + int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7, + int indx, void *crl, size_t * crl_size); + int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7); + + int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7, + const gnutls_datum_t * crt); + int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl); + int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx); /* X.509 Certificate verification functions. */ - -typedef enum gnutls_certificate_verify_flags { - /* If set a signer does not have to be a certificate authority. This - * flag should normaly be disabled, unless you know what this means. - */ - GNUTLS_VERIFY_DISABLE_CA_SIGN=1, - - /* Allow only trusted CA certificates that have version 1. This is - * safer than GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT, and should be - * used instead. That way only signers in your trusted list will be - * allowed to have certificates of version 1. - */ - GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT=2, - - /* If a certificate is not signed by anyone trusted but exists in - * the trusted CA list do not treat it as trusted. - */ - GNUTLS_VERIFY_DO_NOT_ALLOW_SAME=4, - - /* Allow CA certificates that have version 1 (both root and - * intermediate). This might be dangerous since those haven't the - * basicConstraints extension. Must be used in combination with - * GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT. - */ - GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT=8 -} gnutls_certificate_verify_flags; - -int gnutls_x509_crt_check_issuer( gnutls_x509_crt_t cert, - gnutls_x509_crt_t issuer); - -int gnutls_x509_crt_list_verify( gnutls_x509_crt_t* cert_list, int cert_list_length, - const gnutls_x509_crt_t * CA_list, int CA_list_length, - const gnutls_x509_crl_t* CRL_list, int CRL_list_length, - unsigned int flags, unsigned int *verify); - -int gnutls_x509_crt_verify( gnutls_x509_crt_t cert, - const gnutls_x509_crt_t *CA_list, int CA_list_length, - unsigned int flags, unsigned int *verify); -int gnutls_x509_crl_verify( gnutls_x509_crl_t crl, - const gnutls_x509_crt_t *CA_list, int CA_list_length, - unsigned int flags, unsigned int *verify); - -int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert, - const gnutls_x509_crl_t * crl_list, - int crl_list_length); - -int gnutls_x509_crt_get_fingerprint(gnutls_x509_crt_t cert, - gnutls_digest_algorithm_t algo, void *buf, - size_t *sizeof_buf); - -int gnutls_x509_crt_get_key_purpose_oid(gnutls_x509_crt_t cert, - int indx, void *oid, size_t *sizeof_oid, unsigned int* critical); -int gnutls_x509_crt_set_key_purpose_oid(gnutls_x509_crt_t cert, - const void *oid, unsigned int critical); - -/* Private key handling + typedef enum gnutls_certificate_verify_flags + { + /* If set a signer does not have to be a certificate authority. This + * flag should normaly be disabled, unless you know what this means. + */ + GNUTLS_VERIFY_DISABLE_CA_SIGN = 1, + + /* Allow only trusted CA certificates that have version 1. This is + * safer than GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT, and should be + * used instead. That way only signers in your trusted list will be + * allowed to have certificates of version 1. + */ + GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2, + + /* If a certificate is not signed by anyone trusted but exists in + * the trusted CA list do not treat it as trusted. + */ + GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4, + + /* Allow CA certificates that have version 1 (both root and + * intermediate). This might be dangerous since those haven't the + * basicConstraints extension. Must be used in combination with + * GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT. + */ + GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8 + } gnutls_certificate_verify_flags; + + int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert, + gnutls_x509_crt_t issuer); + + int gnutls_x509_crt_list_verify (gnutls_x509_crt_t * cert_list, + int cert_list_length, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, + const gnutls_x509_crl_t * CRL_list, + int CRL_list_length, + unsigned int flags, unsigned int *verify); + + int gnutls_x509_crt_verify (gnutls_x509_crt_t cert, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, unsigned int flags, + unsigned int *verify); + int gnutls_x509_crl_verify (gnutls_x509_crl_t crl, + const gnutls_x509_crt_t * CA_list, + int CA_list_length, unsigned int flags, + unsigned int *verify); + + int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, + const gnutls_x509_crl_t * + crl_list, int crl_list_length); + + int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert, + gnutls_digest_algorithm_t algo, + void *buf, size_t * sizeof_buf); + + int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, + int indx, void *oid, + size_t * sizeof_oid, + unsigned int *critical); + int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, + const void *oid, + unsigned int critical); + +/* Private key handling. */ /* Flags for the gnutls_x509_privkey_export_pkcs8() function. */ -typedef enum gnutls_pkcs_encrypt_flags_t { - GNUTLS_PKCS_PLAIN=1, /* if set the private key will not - * be encrypted. - */ - GNUTLS_PKCS_USE_PKCS12_3DES=2, - GNUTLS_PKCS_USE_PKCS12_ARCFOUR=4, - GNUTLS_PKCS_USE_PKCS12_RC2_40=8, - GNUTLS_PKCS_USE_PBES2_3DES=16 -} gnutls_pkcs_encrypt_flags_t; + typedef enum gnutls_pkcs_encrypt_flags_t + { + GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not + * be encrypted. + */ + GNUTLS_PKCS_USE_PKCS12_3DES = 2, + GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, + GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, + GNUTLS_PKCS_USE_PBES2_3DES = 16 + } gnutls_pkcs_encrypt_flags_t; #define GNUTLS_PKCS8_PLAIN GNUTLS_PKCS_PLAIN #define GNUTLS_PKCS8_USE_PKCS12_3DES GNUTLS_PKCS_USE_PKCS12_3DES #define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR #define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40 -int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key); -void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key); -int gnutls_x509_privkey_cpy(gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src); -int gnutls_x509_privkey_import(gnutls_x509_privkey_t key, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_x509_privkey_import_pkcs8(gnutls_x509_privkey_t key, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format, const char * pass, unsigned int flags); -int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key, - const gnutls_datum_t *m, const gnutls_datum_t *e, - const gnutls_datum_t *d, const gnutls_datum_t *p, const gnutls_datum_t *q, - const gnutls_datum_t *u); -int gnutls_x509_privkey_fix(gnutls_x509_privkey_t key); - -int gnutls_x509_privkey_export_dsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * p, gnutls_datum_t *q, - gnutls_datum_t *g, gnutls_datum_t *y, gnutls_datum_t* x); -int gnutls_x509_privkey_import_dsa_raw(gnutls_x509_privkey_t key, - const gnutls_datum_t* p, const gnutls_datum_t* q, - const gnutls_datum_t* g, const gnutls_datum_t* y, - const gnutls_datum_t* x); - -int gnutls_x509_privkey_get_pk_algorithm( gnutls_x509_privkey_t key); -int gnutls_x509_privkey_get_key_id( gnutls_x509_privkey_t key, unsigned int flags, - unsigned char* output_data, size_t* output_data_size); - -int gnutls_x509_privkey_generate( gnutls_x509_privkey_t key, gnutls_pk_algorithm_t algo, - unsigned int bits, unsigned int flags); - -int gnutls_x509_privkey_export( gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, void* output_data, size_t* output_data_size); -int gnutls_x509_privkey_export_pkcs8( gnutls_x509_privkey_t key, - gnutls_x509_crt_fmt_t format, const char* password, unsigned int flags, - void* output_data, size_t* output_data_size); -int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key, - gnutls_datum_t * m, gnutls_datum_t *e, - gnutls_datum_t *d, gnutls_datum_t *p, gnutls_datum_t* q, - gnutls_datum_t* u); - -/* signing stuff. + int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key); + void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key); + int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, + gnutls_x509_privkey_t src); + int gnutls_x509_privkey_import (gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format, + const char *pass, unsigned int flags); + int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, + const gnutls_datum_t * m, + const gnutls_datum_t * e, + const gnutls_datum_t * d, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * u); + int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key); + + int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * g, + gnutls_datum_t * y, + gnutls_datum_t * x); + int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key, + const gnutls_datum_t * p, + const gnutls_datum_t * q, + const gnutls_datum_t * g, + const gnutls_datum_t * y, + const gnutls_datum_t * x); + + int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key); + int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key, + unsigned int flags, + unsigned char *output_data, + size_t * output_data_size); + + int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, + gnutls_pk_algorithm_t algo, + unsigned int bits, unsigned int flags); + + int gnutls_x509_privkey_export (gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + void *output_data, + size_t * output_data_size); + int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, + gnutls_x509_crt_fmt_t format, + const char *password, + unsigned int flags, + void *output_data, + size_t * output_data_size); + int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, + gnutls_datum_t * m, + gnutls_datum_t * e, + gnutls_datum_t * d, + gnutls_datum_t * p, + gnutls_datum_t * q, + gnutls_datum_t * u); + +/* Signing stuff. */ -int gnutls_x509_privkey_sign_data( gnutls_x509_privkey_t key, gnutls_digest_algorithm_t digest, - unsigned int flags, const gnutls_datum_t* data, - void* signature, size_t* signature_size); -int gnutls_x509_privkey_verify_data( gnutls_x509_privkey_t key, unsigned int flags, - const gnutls_datum_t* data, const gnutls_datum_t* signature); -int gnutls_x509_crt_verify_data( gnutls_x509_crt_t crt, unsigned int flags, - const gnutls_datum_t* data, const gnutls_datum_t* signature); - - -/* Certificate request stuff + int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key, + gnutls_digest_algorithm_t digest, + unsigned int flags, + const gnutls_datum_t * data, + void *signature, + size_t * signature_size); + int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key, + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature); + int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt, + unsigned int flags, + const gnutls_datum_t * data, + const gnutls_datum_t * signature); + + +/* Certificate request stuff. */ -struct gnutls_x509_crq_int; -typedef struct gnutls_x509_crq_int* gnutls_x509_crq_t; - -int gnutls_x509_crq_init(gnutls_x509_crq_t * crq); -void gnutls_x509_crq_deinit(gnutls_x509_crq_t crq); -int gnutls_x509_crq_import(gnutls_x509_crq_t crq, const gnutls_datum_t * data, - gnutls_x509_crt_fmt_t format); -int gnutls_x509_crq_get_pk_algorithm( gnutls_x509_crq_t crq, unsigned int* bits); -int gnutls_x509_crq_get_dn(gnutls_x509_crq_t crq, char *buf, - size_t *sizeof_buf); -int gnutls_x509_crq_get_dn_oid(gnutls_x509_crq_t crq, - int indx, void *oid, size_t *sizeof_oid); -int gnutls_x509_crq_get_dn_by_oid(gnutls_x509_crq_t crq, const char* oid, - int indx, unsigned int raw_flag, void *buf, size_t *sizeof_buf); -int gnutls_x509_crq_set_dn_by_oid(gnutls_x509_crq_t crq, const char* oid, - unsigned int raw_flag, const void *name, unsigned int sizeof_name); -int gnutls_x509_crq_set_version(gnutls_x509_crq_t crq, unsigned int version); -int gnutls_x509_crq_set_key(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key); -int gnutls_x509_crq_sign2(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key, - gnutls_digest_algorithm_t, unsigned int flags); -int gnutls_x509_crq_sign(gnutls_x509_crq_t crq, gnutls_x509_privkey_t key); - -int gnutls_x509_crq_set_challenge_password(gnutls_x509_crq_t crq, const char* pass); -int gnutls_x509_crq_get_challenge_password(gnutls_x509_crq_t crq, - const char* pass, size_t* sizeof_pass); - -int gnutls_x509_crq_set_attribute_by_oid(gnutls_x509_crq_t crq, - const char* oid, void* buf, size_t sizeof_buf); -int gnutls_x509_crq_get_attribute_by_oid(gnutls_x509_crq_t crq, - const char* oid, int indx, void* buf, size_t* sizeof_buf); - -int gnutls_x509_crq_export( gnutls_x509_crq_t crq, - gnutls_x509_crt_fmt_t format, void* output_data, size_t* output_data_size); - -int gnutls_x509_crt_set_crq(gnutls_x509_crt_t crt, gnutls_x509_crq_t crq); + struct gnutls_x509_crq_int; + typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t; + + int gnutls_x509_crq_init (gnutls_x509_crq_t * crq); + void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq); + int gnutls_x509_crq_import (gnutls_x509_crq_t crq, + const gnutls_datum_t * data, + gnutls_x509_crt_fmt_t format); + int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq, + unsigned int *bits); + int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, + size_t * sizeof_buf); + int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx, + void *oid, size_t * sizeof_oid); + int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, + const char *oid, int indx, + unsigned int raw_flag, void *buf, + size_t * sizeof_buf); + int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, + const char *oid, + unsigned int raw_flag, + const void *name, + unsigned int sizeof_name); + int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, + unsigned int version); + int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, + gnutls_x509_privkey_t key); + int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq, + gnutls_x509_privkey_t key, + gnutls_digest_algorithm_t, unsigned int flags); + int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key); + + int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, + const char *pass); + int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq, + const char *pass, + size_t * sizeof_pass); + + int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, + const char *oid, void *buf, + size_t sizeof_buf); + int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq, + const char *oid, int indx, + void *buf, size_t * sizeof_buf); + + int gnutls_x509_crq_export (gnutls_x509_crq_t crq, + gnutls_x509_crt_fmt_t format, + void *output_data, size_t * output_data_size); + + int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq); #ifdef __cplusplus } #endif -#endif /* GNUTLS_X509_H */ - +#endif /* GNUTLS_X509_H */ |