summaryrefslogtreecommitdiff
path: root/lib/x509/x509.h
blob: 2f0e0867ad597be2cfd9489f186f637e802cd6cc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
#ifndef X509_H
# define X509_H

#define OID_SHA1 "1.3.14.3.2.26"
#define OID_MD5 "1.2.840.113549.2.5"

typedef struct gnutls_x509_crl_int {
    ASN1_TYPE crl;
} gnutls_x509_crl_int;

typedef struct gnutls_x509_crt_int {
    ASN1_TYPE cert;
    int use_extensions;
} gnutls_x509_crt_int;


#define MAX_PRIV_PARAMS_SIZE 6	/* ok for RSA and DSA */

/* parameters should not be larger than this limit */
#define DSA_PRIVATE_PARAMS 5
#define DSA_PUBLIC_PARAMS 4
#define RSA_PRIVATE_PARAMS 6
#define RSA_PUBLIC_PARAMS 2

#if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0
# error INCREASE MAX_PRIV_PARAMS
#endif

#if MAX_PRIV_PARAMS_SIZE - DSA_PRIVATE_PARAMS < 0
# error INCREASE MAX_PRIV_PARAMS
#endif

typedef struct gnutls_x509_privkey_int {
    mpi_t params[MAX_PRIV_PARAMS_SIZE];	/* the size of params depends on the public 
					 * key algorithm 
					 */
    /*
     * RSA: [0] is modulus
     *      [1] is public exponent
     *      [2] is private exponent
     *      [3] is prime1 (p)
     *      [4] is prime2 (q)
     *      [5] is coefficient (u == inverse of p mod q)
     * DSA: [0] is p
     *      [1] is q
     *      [2] is g
     *      [3] is y (public key)
     *      [4] is x (private key)
     */
    int params_size;		/* holds the number of params */

    gnutls_pk_algorithm_t pk_algorithm;

    int crippled;		/* The crippled keys will not use the ASN1_TYPE key.
				 * The encoding will only be performed at the export
				 * phase, to optimize copying etc. Cannot be used with
				 * the exported API (used internally only).
				 */
    ASN1_TYPE key;
} gnutls_x509_privkey_int;

typedef struct gnutls_x509_crt_int *gnutls_x509_crt_t;
typedef struct gnutls_x509_crl_int *gnutls_x509_crl_t;
typedef struct gnutls_x509_privkey_int *gnutls_x509_privkey_t;

int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt_t cert,
					 const char *oid, int indx,
					 unsigned int raw_flag, void *buf,
					 size_t * sizeof_buf);
int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt_t cert,
					 unsigned int seq, void *ret,
					 size_t * ret_size,
					 unsigned int *critical);
int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt_t cert, const char *oid,
				  int indx, unsigned int raw_flag,
				  void *buf, size_t * sizeof_buf);
int gnutls_x509_crt_get_ca_status(gnutls_x509_crt_t cert,
				  unsigned int *critical);
int gnutls_x509_crt_get_pk_algorithm(gnutls_x509_crt_t cert,
				     unsigned int *bits);

int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
int _gnutls_x509_crt_get_raw_issuer_dn(gnutls_x509_crt_t cert,
				       gnutls_datum_t * start);
int _gnutls_x509_crt_get_raw_dn(gnutls_x509_crt_t cert,
				gnutls_datum_t * start);

int gnutls_x509_crt_get_serial(gnutls_x509_crt_t cert, void *result,
			       size_t * result_size);

int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1,
				const gnutls_datum_t * dn2);

int gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
				     const gnutls_x509_crl_t * crl_list,
				     int crl_list_length);


int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl,
				       gnutls_datum_t * dn);
int gnutls_x509_crl_get_crt_count(gnutls_x509_crl_t crl);
int gnutls_x509_crl_get_crt_serial(gnutls_x509_crl_t crl, int index,
				   unsigned char *serial,
				   size_t * serial_size, time_t * time);

void gnutls_x509_crl_deinit(gnutls_x509_crl_t crl);
int gnutls_x509_crl_init(gnutls_x509_crl_t * crl);
int gnutls_x509_crl_import(gnutls_x509_crl_t crl,
			   const gnutls_datum_t * data,
			   gnutls_x509_crt_fmt_t format);
int gnutls_x509_crl_export(gnutls_x509_crl_t crl,
			   gnutls_x509_crt_fmt_t format, void *output_data,
			   size_t * output_data_size);

int gnutls_x509_crt_init(gnutls_x509_crt_t * cert);
void gnutls_x509_crt_deinit(gnutls_x509_crt_t cert);
int gnutls_x509_crt_import(gnutls_x509_crt_t cert,
			   const gnutls_datum_t * data,
			   gnutls_x509_crt_fmt_t format);
int gnutls_x509_crt_export(gnutls_x509_crt_t cert,
			   gnutls_x509_crt_fmt_t format, void *output_data,
			   size_t * output_data_size);

int gnutls_x509_crt_get_key_usage(gnutls_x509_crt_t cert,
				  unsigned int *key_usage,
				  unsigned int *critical);
int gnutls_x509_crt_get_version(gnutls_x509_crt_t cert);

int gnutls_x509_privkey_init(gnutls_x509_privkey_t * key);
void gnutls_x509_privkey_deinit(gnutls_x509_privkey_t key);

int gnutls_x509_privkey_generate(gnutls_x509_privkey_t key,
				 gnutls_pk_algorithm_t algo,
				 unsigned int bits, unsigned int flags);

int gnutls_x509_privkey_import(gnutls_x509_privkey_t key,
			       const gnutls_datum_t * data,
			       gnutls_x509_crt_fmt_t format);
int gnutls_x509_privkey_get_pk_algorithm(gnutls_x509_privkey_t key);
int gnutls_x509_privkey_import_rsa_raw(gnutls_x509_privkey_t key,
				       const gnutls_datum_t * m,
				       const gnutls_datum_t * e,
				       const gnutls_datum_t * d,
				       const gnutls_datum_t * p,
				       const gnutls_datum_t * q,
				       const gnutls_datum_t * u);
int gnutls_x509_privkey_export_rsa_raw(gnutls_x509_privkey_t key,
				       gnutls_datum_t * m,
				       gnutls_datum_t * e,
				       gnutls_datum_t * d,
				       gnutls_datum_t * p,
				       gnutls_datum_t * q,
				       gnutls_datum_t * u);
int gnutls_x509_privkey_export(gnutls_x509_privkey_t key,
			       gnutls_x509_crt_fmt_t format,
			       void *output_data,
			       size_t * output_data_size);

#define GNUTLS_CRL_REASON_UNUSED 128
#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
#define GNUTLS_CRL_REASON_CA_COMPROMISE 32
#define GNUTLS_CRL_REASON_AFFILIATION_CHANGED 16
#define GNUTLS_CRL_REASON_SUPERSEEDED 8
#define GNUTLS_CRL_REASON_CESSATION_OF_OPERATION 4
#define GNUTLS_CRL_REASON_CERTIFICATE_HOLD 2
#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1
#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768

#endif