lib/x509/x509.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196

/*
 * Copyright (C) 2003, 2004, 2005 Free Software Foundation
 *
 * Author: Nikos Mavroyanopoulos
 *
 * This file is part of GNUTLS.
 *
 * The GNUTLS library is free software; you can redistribute it and/or
 * modify it under the terms of the GNU Lesser General Public License
 * as published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This library is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this library; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
 * USA
 *
 */

#ifndef X509_H
# define X509_H

#define HASH_OID_SHA1 "1.3.14.3.2.26"
#define HASH_OID_MD5 "1.2.840.113549.2.5"
#define HASH_OID_MD2 "1.2.840.113549.2.2"
#define HASH_OID_RMD160 "1.3.36.3.2.1"

typedef struct gnutls_x509_crl_int {
    ASN1_TYPE crl;
} gnutls_x509_crl_int;

typedef struct gnutls_x509_crt_int {
    ASN1_TYPE cert;
    int use_extensions;
} gnutls_x509_crt_int;


#define MAX_PRIV_PARAMS_SIZE 6	/* ok for RSA and DSA */

/* parameters should not be larger than this limit */
#define DSA_PRIVATE_PARAMS 5
#define DSA_PUBLIC_PARAMS 4
#define RSA_PRIVATE_PARAMS 6
#define RSA_PUBLIC_PARAMS 2

#if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0
# error INCREASE MAX_PRIV_PARAMS
#endif

#if MAX_PRIV_PARAMS_SIZE - DSA_PRIVATE_PARAMS < 0
# error INCREASE MAX_PRIV_PARAMS
#endif

typedef struct gnutls_x509_privkey_int {
    mpi_t params[MAX_PRIV_PARAMS_SIZE];	/* the size of params depends on the public 
					 * key algorithm 
					 */
    /*
     * RSA: [0] is modulus
     *      [1] is public exponent
     *      [2] is private exponent
     *      [3] is prime1 (p)
     *      [4] is prime2 (q)
     *      [5] is coefficient (u == inverse of p mod q)
     * DSA: [0] is p
     *      [1] is q
     *      [2] is g
     *      [3] is y (public key)
     *      [4] is x (private key)
     */
    int params_size;		/* holds the number of params */

    gnutls_pk_algorithm_t pk_algorithm;

    int crippled;		/* The crippled keys will not use the ASN1_TYPE key.
				 * The encoding will only be performed at the export
				 * phase, to optimize copying etc. Cannot be used with
				 * the exported API (used internally only).
				 */
    ASN1_TYPE key;
} gnutls_x509_privkey_int;

typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t;
typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t;
typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t;

int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert,
					 const char *oid, int indx,
					 unsigned int raw_flag, void *buf,
					 size_t * sizeof_buf);
int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert,
					 unsigned int seq, void *ret,
					 size_t * ret_size,
					 unsigned int *critical);
int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char *oid,
				  int indx, unsigned int raw_flag,
				  void *buf, size_t * sizeof_buf);
int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert,
				  unsigned int *critical);
int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert,
				     unsigned int *bits);

int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
int _gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert,
				       gnutls_datum_t * start);
int _gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert,
				gnutls_datum_t * start);

int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void *result,
			       size_t * result_size);

int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1,
				const gnutls_datum_t * dn2);

int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
				     const gnutls_x509_crl_t * crl_list,
				     int crl_list_length);


int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl,
				       gnutls_datum_t * dn);
int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl);
int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, int index,
				   unsigned char *serial,
				   size_t * serial_size, time_t * time);

void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl);
int gnutls_x509_crl_init(gnutls_x509_crl_t * crl);
int gnutls_x509_crl_import(gnutls_x509_crl_t crl,
			   const gnutls_datum_t * data,
			   gnutls_x509_crt_fmt_t format);
int gnutls_x509_crl_export(gnutls_x509_crl_t crl,
			   gnutls_x509_crt_fmt_t format, void *output_data,
			   size_t * output_data_size);

int gnutls_x509_crt_init(gnutls_x509_crt_t * cert);
void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert);
int gnutls_x509_crt_import(gnutls_x509_crt_t cert,
			   const gnutls_datum_t * data,
			   gnutls_x509_crt_fmt_t format);
int gnutls_x509_crt_export(gnutls_x509_crt_t cert,
			   gnutls_x509_crt_fmt_t format, void *output_data,
			   size_t * output_data_size);

int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert,
				  unsigned int *key_usage,
				  unsigned int *critical);
int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert);

int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key);
void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key);

int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key,
				 gnutls_pk_algorithm_t algo,
				 unsigned int bits, unsigned int flags);

int gnutls_x509_privkey_import(gnutls_x509_privkey_t key,
			       const gnutls_datum_t * data,
			       gnutls_x509_crt_fmt_t format);
int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key);
int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key,
				       const gnutls_datum_t * m,
				       const gnutls_datum_t * e,
				       const gnutls_datum_t * d,
				       const gnutls_datum_t * p,
				       const gnutls_datum_t * q,
				       const gnutls_datum_t * u);
int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key,
				       gnutls_datum_t * m,
				       gnutls_datum_t * e,
				       gnutls_datum_t * d,
				       gnutls_datum_t * p,
				       gnutls_datum_t * q,
				       gnutls_datum_t * u);
int gnutls_x509_privkey_export(gnutls_x509_privkey_t key,
			       gnutls_x509_crt_fmt_t format,
			       void *output_data,
			       size_t * output_data_size);

#define GNUTLS_CRL_REASON_UNUSED 128
#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
#define GNUTLS_CRL_REASON_CA_COMPROMISE 32
#define GNUTLS_CRL_REASON_AFFILIATION_CHANGED 16
#define GNUTLS_CRL_REASON_SUPERSEEDED 8
#define GNUTLS_CRL_REASON_CESSATION_OF_OPERATION 4
#define GNUTLS_CRL_REASON_CERTIFICATE_HOLD 2
#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1
#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768

#endif