1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
/*
* Copyright (C) 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation
*
* Author: Nikos Mavroyanopoulos
*
* This file is part of GNUTLS.
*
* The GNUTLS library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public License
* as published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
* USA
*
*/
#ifndef GNUTLS_CERT_H
# define GNUTLS_CERT_H
#include <gnutls_pk.h>
#include <libtasn1.h>
#include "x509/x509.h"
#define MAX_PUBLIC_PARAMS_SIZE 4 /* ok for RSA and DSA */
/* parameters should not be larger than this limit */
#define DSA_PUBLIC_PARAMS 4
#define RSA_PUBLIC_PARAMS 2
/* For key Usage, test as:
* if (st.key_usage & KEY_DIGITAL_SIGNATURE) ...
*/
#define KEY_DIGITAL_SIGNATURE 128
#define KEY_NON_REPUDIATION 64
#define KEY_KEY_ENCIPHERMENT 32
#define KEY_DATA_ENCIPHERMENT 16
#define KEY_KEY_AGREEMENT 8
#define KEY_KEY_CERT_SIGN 4
#define KEY_CRL_SIGN 2
#define KEY_ENCIPHER_ONLY 1
#define KEY_DECIPHER_ONLY 32768
typedef struct gnutls_cert
{
mpi_t params[MAX_PUBLIC_PARAMS_SIZE]; /* the size of params depends on the public
* key algorithm
* RSA: [0] is modulus
* [1] is public exponent
* DSA: [0] is p
* [1] is q
* [2] is g
* [3] is public key
*/
int params_size; /* holds the size of MPI params */
gnutls_pk_algorithm_t subject_pk_algorithm;
unsigned int key_usage; /* bits from KEY_*
*/
unsigned int version;
/* holds the type (PGP, X509)
*/
gnutls_certificate_type_t cert_type;
gnutls_datum_t raw;
} gnutls_cert;
typedef struct gnutls_privkey_int
{
mpi_t params[MAX_PRIV_PARAMS_SIZE]; /* the size of params depends on the public
* key algorithm
*/
/*
* RSA: [0] is modulus
* [1] is public exponent
* [2] is private exponent
* [3] is prime1 (p)
* [4] is prime2 (q)
* [5] is coefficient (u == inverse of p mod q)
* DSA: [0] is p
* [1] is q
* [2] is g
* [3] is y (public key)
* [4] is x (private key)
*/
int params_size; /* holds the number of params */
gnutls_pk_algorithm_t pk_algorithm;
} gnutls_privkey;
struct gnutls_session_int; /* because gnutls_session_t is not defined when this file is included */
typedef enum ConvFlags
{
CERT_NO_COPY = 2,
CERT_ONLY_PUBKEY = 4,
CERT_ONLY_EXTENSIONS = 16
} ConvFlags;
int _gnutls_x509_raw_cert_to_gcert (gnutls_cert * gcert,
const gnutls_datum_t * derCert,
int flags);
int _gnutls_x509_crt_to_gcert (gnutls_cert * gcert, gnutls_x509_crt_t cert,
unsigned int flags);
void _gnutls_gkey_deinit (gnutls_privkey * key);
void _gnutls_gcert_deinit (gnutls_cert * cert);
int _gnutls_selected_cert_supported_kx (struct gnutls_session_int *session,
gnutls_kx_algorithm_t ** alg,
int *alg_size);
int _gnutls_raw_cert_to_gcert (gnutls_cert * gcert,
gnutls_certificate_type_t type,
const gnutls_datum_t * raw_cert,
int flags /* OR of ConvFlags */ );
int _gnutls_raw_privkey_to_gkey (gnutls_privkey * key,
gnutls_certificate_type_t type,
const gnutls_datum_t * raw_key,
int key_enc /* DER or PEM */ );
#endif
|
