/* * Copyright (C) 2003-2012 Free Software Foundation, Inc. * Copyright (C) 2017 Red Hat, Inc. * * This file is part of GnuTLS. * * GnuTLS is free software: you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * GnuTLS is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see * . */ #ifndef CERTTOOL_COMMON_H #define CERTTOOL_COMMON_H #include #include #include #define TYPE_CRT 1 #define TYPE_CRQ 2 #define SERIAL_MAX_BYTES 20 void certtool_version(void); #include #include typedef struct common_info { const char *secret_key; const char *privkey; const char *pubkey; int pkcs8; int incert_format; int outcert_format; int outtext; const char *cert; const char *request; const char *crl; const char *ca; const char *data_file; const char *ca_privkey; unsigned bits; const char *sec_param; const char *pkcs_cipher; const char *password; int null_password; int empty_password; int ask_pass; unsigned int crq_extensions; unsigned int v1_cert; /* for key generation */ unsigned provable; unsigned char *seed; unsigned seed_size; const char *pin; const char *so_pin; gnutls_digest_algorithm_t hash; int cprint; unsigned key_usage; unsigned int batch; /* when printing PKCS #11 objects, only print urls */ unsigned int only_urls; unsigned int verbose; unsigned rsa_pss_sign; unsigned sort_chain; } common_info_st; static inline void switch_to_pkcs8_when_needed(common_info_st *cinfo, gnutls_x509_privkey_t key, unsigned key_type) { if (cinfo->pkcs8) return; if (key_type == GNUTLS_PK_RSA_PSS || key_type == GNUTLS_PK_EDDSA_ED25519 || key_type == GNUTLS_PK_GOST_01 || key_type == GNUTLS_PK_GOST_12_256 || key_type == GNUTLS_PK_GOST_12_512) { if (cinfo->verbose) fprintf(stderr, "Assuming --pkcs8 is given; %s private keys can only be exported in PKCS#8 format\n", gnutls_pk_algorithm_get_name(key_type)); cinfo->pkcs8 = 1; if (cinfo->password == NULL) cinfo->password = ""; } if (gnutls_x509_privkey_get_seed(key, NULL, NULL, 0) != GNUTLS_E_INVALID_REQUEST) { if (cinfo->verbose) fprintf(stderr, "Assuming --pkcs8 is given; provable private keys can only be exported in PKCS#8 format\n"); cinfo->pkcs8 = 1; if (cinfo->password == NULL) cinfo->password = ""; } } /* this must be provided by the app */ const char *get_pass(void); const char *get_confirmed_pass(bool empty_ok); void app_exit(int val) #ifdef __GNUC__ __attribute__ ((noreturn)) #endif ; int cipher_to_flags(const char *cipher); void print_private_key(FILE *outfile, common_info_st * cinfo, gnutls_x509_privkey_t key); gnutls_pubkey_t load_public_key_or_import(int mand, gnutls_privkey_t privkey, common_info_st * info); gnutls_privkey_t load_private_key(int mand, common_info_st * info); gnutls_x509_privkey_t load_x509_private_key(int mand, common_info_st * info); gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size, common_info_st * info); gnutls_x509_crq_t load_request(common_info_st * info); gnutls_privkey_t load_ca_private_key(common_info_st * info); gnutls_x509_crt_t load_ca_cert(unsigned mand, common_info_st * info); gnutls_x509_crt_t load_cert(int mand, common_info_st * info); gnutls_datum_t *load_secret_key(int mand, common_info_st * info); gnutls_pubkey_t load_pubkey(int mand, common_info_st * info); gnutls_x509_crt_t *load_cert_list(int mand, size_t * size, common_info_st * info); gnutls_x509_crl_t *load_crl_list(int mand, size_t * size, common_info_st * info); int get_bits(gnutls_pk_algorithm_t key_type, int info_bits, const char *info_sec_param, int warn); gnutls_sec_param_t str_to_sec_param(const char *str); gnutls_ecc_curve_t str_to_curve(const char *str); /* prime.c */ int generate_prime(FILE * outfile, int how, common_info_st * info); void dh_info(FILE * infile, FILE * outfile, common_info_st * ci); gnutls_x509_privkey_t *load_privkey_list(int mand, size_t * privkey_size, common_info_st * info); void print_pubkey_info(gnutls_pubkey_t pubkey, FILE *outfile, gnutls_certificate_print_formats_t format, gnutls_x509_crt_fmt_t outcert_format, unsigned int outtext); void print_ecc_pkey(FILE * outfile, gnutls_ecc_curve_t curve, gnutls_datum_t * k, gnutls_datum_t * x, gnutls_datum_t * y, int cprint); void print_gost_pkey(FILE * outfile, gnutls_ecc_curve_t curve, gnutls_digest_algorithm_t digest, gnutls_gost_paramset_t paramset, gnutls_datum_t * k, gnutls_datum_t * x, gnutls_datum_t * y, int cprint); void print_rsa_pkey(FILE * outfile, gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u, gnutls_datum_t * exp1, gnutls_datum_t * exp2, int cprint); void print_dsa_pkey(FILE * outfile, gnutls_datum_t * x, gnutls_datum_t * y, gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g, int cprint); FILE *safe_open_rw(const char *file, int privkey_op); const char *get_password(common_info_st * cinfo, unsigned int *flags, int confirm); extern unsigned char *lbuffer; extern unsigned long lbuffer_size; void fix_lbuffer(unsigned long); void decode_seed(gnutls_datum_t *seed, const char *hex, unsigned hex_size); #define GNUTLS_PK_IS_RSA(pk) ((pk) == GNUTLS_PK_RSA || (pk) == GNUTLS_PK_RSA_PSS) gnutls_pk_algorithm_t figure_key_type(const char *key_type); gnutls_digest_algorithm_t hash_to_id(const char *hash); void sign_params_to_flags(common_info_st *cinfo, const char *params); #endif