summaryrefslogtreecommitdiff
path: root/lib/auth_cert.h
blob: 73a05d5295a02a5c7137c7457ee33ccf84b5940f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#ifndef AUTH_X509_H
# define AUTH_X509_H
# include "gnutls_cert.h"
# include "gnutls_auth.h"

/* This structure may be complex but, it's the only way to
 * support a server that has multiple certificates
 */
typedef struct {
	GNUTLS_DH_PARAMS dh_params;
	GNUTLS_RSA_PARAMS rsa_params;

	gnutls_cert ** cert_list; 
			/* contains a list of a list of certificates.
			 * eg (X509): [0] certificate1, certificate11, certificate111 
			 * (if more than one, one certificate certifies the one before)
			 *       [1] certificate2, certificate22, ...
			 */
	int * cert_list_length;
			/* contains the number of the certificates in a
			 * row (should be 1 for OpenPGP keys).
			 */
	int ncerts;     /* contains the number of columns in cert_list.
	                 * This is the same with the number of pkeys.
			 */

	gnutls_private_key * pkey; 
			       /* private keys. It contains ncerts private
				* keys. pkey[i] corresponds to certificate in
				* cert_list[i][0].
				*/

	/* OpenPGP specific stuff */

	gnutls_datum keyring;
	char *	     pgp_key_server;
	int	     pgp_key_server_port;

	char *	     pgp_trustdb;
	    
	/* X509 specific stuff */

	gnutls_cert * x509_ca_list;
	int x509_ncas;	/* number of CAs in the ca_list 
			 */

			/* holds a sequence of the
			 * RDNs of the CAs above.
			 * This is better than
			 * generating on every handshake.
			 */
	gnutls_datum	x509_rdn_sequence;
} CERTIFICATE_CREDENTIALS_INT;

/* typedef CERTIFICATE_CREDENTIALS_INT * CERTIFICATE_CREDENTIALS; */
#define GNUTLS_CERTIFICATE_CREDENTIALS CERTIFICATE_CREDENTIALS_INT*

typedef struct CERTIFICATE_AUTH_INFO_INT {
	int		  certificate_requested; /* if the peer requested certificate
						  * this is non zero;
						  */
	int		  dh_secret_bits; /* bits of the DH (if DHE_RSA is used) */
	int		  dh_prime_bits;
	int		  dh_peer_public_bits; 

	int		  rsa_export_modulus_bits;
	gnutls_datum*	  raw_certificate_list; /* holds the raw certificate of the
					         * peer.
					         */
	int 		  ncerts; /* holds the size of the list above */
} *CERTIFICATE_AUTH_INFO;

typedef struct CERTIFICATE_AUTH_INFO_INT CERTIFICATE_AUTH_INFO_INT;

/* AUTH X509 functions */
int _gnutls_gen_cert_server_certificate(GNUTLS_STATE, opaque **);
int _gnutls_gen_cert_client_certificate(GNUTLS_STATE, opaque **);
int _gnutls_gen_cert_client_cert_vrfy(GNUTLS_STATE, opaque **);
int _gnutls_gen_cert_server_cert_req(GNUTLS_STATE, opaque **);
int _gnutls_proc_cert_cert_req(GNUTLS_STATE, opaque *, int);
int _gnutls_proc_cert_client_cert_vrfy(GNUTLS_STATE, opaque *, int);
int _gnutls_proc_cert_server_certificate(GNUTLS_STATE, opaque *, int);
int _gnutls_find_apr_cert( GNUTLS_STATE state, gnutls_cert** apr_cert_list, int *apr_cert_list_length, gnutls_private_key** apr_pkey);
int _gnutls_find_dn( gnutls_datum* odn, gnutls_cert* cert);
const gnutls_cert* _gnutls_server_find_cert( struct GNUTLS_STATE_INT*, PKAlgorithm);
int _gnutls_server_find_cert_list_index( struct GNUTLS_STATE_INT*, gnutls_cert ** cert_list, int cert_list_length, PKAlgorithm);

#define _gnutls_proc_cert_client_certificate _gnutls_proc_cert_server_certificate

#endif