summaryrefslogtreecommitdiff
path: root/lib/auth_cert.h
blob: d7a0ebcb333876e8eed43f0cec83216c20a31f5e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161

#ifndef AUTH_X509_H
# define AUTH_X509_H
# include "gnutls_cert.h"
# include "gnutls_auth.h"
# include "auth_dh_common.h"
# include "x509/x509.h"
#include "../libextra/openpgp/openpgp.h"

typedef struct retr_st {
    gnutls_certificate_type type;
    union cert {
	gnutls_x509_crt *x509;
	gnutls_openpgp_key pgp;
    } cert;
    uint ncerts;

    union key {
	gnutls_x509_privkey x509;
	gnutls_openpgp_privkey pgp;
    } key;

    uint deinit_all;
} gnutls_retr_st;

typedef int gnutls_certificate_client_retrieve_function(gnutls_session,
							const gnutls_datum
							* req_ca_rdn,
							int nreqs,
							const
							gnutls_pk_algorithm
							* pk_algos,
							int
							pk_algos_length,
							gnutls_retr_st *);

typedef int gnutls_certificate_server_retrieve_function(struct
							gnutls_session_int
							*,
							gnutls_retr_st *);

/* This structure may be complex, but it's the only way to
 * support a server that has multiple certificates
 */
typedef struct {
    gnutls_dh_params dh_params;
    gnutls_rsa_params rsa_params;
    /* this callback is used to retrieve the DH or RSA
     * parameters.
     */
    gnutls_params_function *params_func;

    gnutls_cert **cert_list;
    /* contains a list of a list of certificates.
     * eg (X509): [0] certificate1, certificate11, certificate111 
     * (if more than one, one certificate certifies the one before)
     *       [1] certificate2, certificate22, ...
     */
    uint *cert_list_length;
    /* contains the number of the certificates in a
     * row (should be 1 for OpenPGP keys).
     */
    uint ncerts;		/* contains the number of columns in cert_list.
				   * This is the same with the number of pkeys.
				 */

    gnutls_privkey *pkey;
    /* private keys. It contains ncerts private
     * keys. pkey[i] corresponds to certificate in
     * cert_list[i][0].
     */

    /* OpenPGP specific stuff */

    gnutls_datum keyring;
    char *pgp_key_server;
    int pgp_key_server_port;

    char *pgp_trustdb;

    /* X509 specific stuff */

    gnutls_x509_crt *x509_ca_list;
    uint x509_ncas;		/* number of CAs in the ca_list 
				 */

    gnutls_x509_crl *x509_crl_list;
    uint x509_ncrls;		/* number of CRLs in the crl_list 
				 */

    unsigned int verify_flags;	/* flags to be used at 
				 * certificate verification.
				 */

    /* holds a sequence of the
     * RDNs of the CAs above.
     * This is better than
     * generating on every handshake.
     */
    gnutls_datum x509_rdn_sequence;

    gnutls_certificate_client_retrieve_function *client_get_cert_callback;
    gnutls_certificate_server_retrieve_function *server_get_cert_callback;
} certificate_credentials_st;

#define gnutls_certificate_credentials certificate_credentials_st*

typedef struct rsa_info_st {
    opaque modulus[65];
    size_t modulus_size;
    opaque exponent[65];
    size_t exponent_size;
} rsa_info_t;

typedef struct cert_auth_info_st {
    int certificate_requested;	/* if the peer requested certificate
				 * this is non zero;
				 */
    dh_info_t dh;

    rsa_info_t rsa_export;
    gnutls_datum *raw_certificate_list;	/* holds the raw certificate of the
					 * peer.
					 */
    unsigned int ncerts;	/* holds the size of the list above */
} *cert_auth_info_t;

typedef struct cert_auth_info_st cert_auth_info_st;

/* AUTH X509 functions */
int _gnutls_gen_cert_server_certificate(gnutls_session, opaque **);
int _gnutls_gen_cert_client_certificate(gnutls_session, opaque **);
int _gnutls_gen_cert_client_cert_vrfy(gnutls_session, opaque **);
int _gnutls_gen_cert_server_cert_req(gnutls_session, opaque **);
int _gnutls_proc_cert_cert_req(gnutls_session, opaque *, size_t);
int _gnutls_proc_cert_client_cert_vrfy(gnutls_session, opaque *, size_t);
int _gnutls_proc_cert_server_certificate(gnutls_session, opaque *, size_t);
int _gnutls_get_selected_cert(gnutls_session session,
			      gnutls_cert ** apr_cert_list,
			      int *apr_cert_list_length,
			      gnutls_privkey ** apr_pkey);

int _gnutls_server_select_cert(struct gnutls_session_int *,
			       gnutls_pk_algorithm);
void _gnutls_selected_certs_deinit(gnutls_session session);
void _gnutls_selected_certs_set(gnutls_session session,
				gnutls_cert * certs, int ncerts,
				gnutls_privkey * key, int need_free);

#define _gnutls_proc_cert_client_certificate _gnutls_proc_cert_server_certificate

gnutls_rsa_params _gnutls_certificate_get_rsa_params(const
						     gnutls_certificate_credentials
						     sc,
						     gnutls_session
						     session);
gnutls_dh_params _gnutls_certificate_get_dh_params(const
						   gnutls_certificate_credentials
						   sc,
						   gnutls_session session);

#endif
View Lorry Controller Status