|
Packit |
aea12f |
/*
|
|
Packit |
aea12f |
* Copyright (C) 2003-2012 Free Software Foundation, Inc.
|
|
Packit |
aea12f |
* Copyright (C) 2017 Red Hat, Inc.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* Author: Nikos Mavrogiannopoulos
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This file is part of GnuTLS.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* The GnuTLS is free software; you can redistribute it and/or
|
|
Packit |
aea12f |
* modify it under the terms of the GNU Lesser General Public License
|
|
Packit |
aea12f |
* as published by the Free Software Foundation; either version 2.1 of
|
|
Packit |
aea12f |
* the License, or (at your option) any later version.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* This library is distributed in the hope that it will be useful, but
|
|
Packit |
aea12f |
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
aea12f |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
aea12f |
* Lesser General Public License for more details.
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
* You should have received a copy of the GNU Lesser General Public License
|
|
Packit |
aea12f |
* along with this program. If not, see <https://www.gnu.org/licenses/>
|
|
Packit |
aea12f |
*
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#ifndef GNUTLS_LIB_X509_X509_INT_H
|
|
Packit |
aea12f |
#define GNUTLS_LIB_X509_X509_INT_H
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include <gnutls/x509.h>
|
|
Packit |
aea12f |
#include <gnutls/x509-ext.h>
|
|
Packit |
aea12f |
#include <gnutls/abstract.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#include <libtasn1.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#define MAX_CRQ_EXTENSIONS_SIZE 8*1024
|
|
Packit |
aea12f |
#define MAX_OID_SIZE 128
|
|
Packit |
aea12f |
#define MAX_KEY_ID_SIZE 128
|
|
Packit |
aea12f |
#define MAX_SALT_SIZE 256
|
|
Packit |
aea12f |
#define MAX_NAME_SIZE (3*ASN1_MAX_NAME_SIZE)
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#define HASH_OID_SHA1 "1.3.14.3.2.26"
|
|
Packit |
aea12f |
#define HASH_OID_MD5 "1.2.840.113549.2.5"
|
|
Packit |
aea12f |
#define HASH_OID_MD2 "1.2.840.113549.2.2"
|
|
Packit |
aea12f |
#define HASH_OID_RMD160 "1.3.36.3.2.1"
|
|
Packit |
aea12f |
#define HASH_OID_SHA224 "2.16.840.1.101.3.4.2.4"
|
|
Packit |
aea12f |
#define HASH_OID_SHA256 "2.16.840.1.101.3.4.2.1"
|
|
Packit |
aea12f |
#define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2"
|
|
Packit |
aea12f |
#define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3"
|
|
Packit |
aea12f |
#define HASH_OID_SHA3_224 "2.16.840.1.101.3.4.2.7"
|
|
Packit |
aea12f |
#define HASH_OID_SHA3_256 "2.16.840.1.101.3.4.2.8"
|
|
Packit |
aea12f |
#define HASH_OID_SHA3_384 "2.16.840.1.101.3.4.2.9"
|
|
Packit |
aea12f |
#define HASH_OID_SHA3_512 "2.16.840.1.101.3.4.2.10"
|
|
Packit Service |
991b93 |
#define HASH_OID_SHAKE_128 "2.16.840.1.101.3.4.2.11"
|
|
Packit Service |
991b93 |
#define HASH_OID_SHAKE_256 "2.16.840.1.101.3.4.2.12"
|
|
Packit |
aea12f |
#define HASH_OID_GOST_R_3411_94 "1.2.643.2.2.9"
|
|
Packit |
aea12f |
#define HASH_OID_STREEBOG_256 "1.2.643.7.1.1.2.2"
|
|
Packit |
aea12f |
#define HASH_OID_STREEBOG_512 "1.2.643.7.1.1.2.3"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#define HASH_OID_GOST_R_3411_94_CRYPTOPRO_PARAMS "1.2.643.2.2.30.1"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* from rfc8479 */
|
|
Packit |
aea12f |
#define OID_ATTR_PROV_SEED "1.3.6.1.4.1.2312.18.8.1"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
struct gnutls_x509_crl_iter {
|
|
Packit |
aea12f |
/* This is used to optimize reads by gnutls_x509_crl_iter_crt_serial() */
|
|
Packit |
aea12f |
ASN1_TYPE rcache;
|
|
Packit |
aea12f |
unsigned rcache_idx;
|
|
Packit |
aea12f |
};
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
typedef struct gnutls_x509_crl_int {
|
|
Packit |
aea12f |
ASN1_TYPE crl;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
unsigned expanded;
|
|
Packit |
aea12f |
/* This is used to optimize reads by gnutls_x509_crl_get_crt_serial2() */
|
|
Packit |
aea12f |
ASN1_TYPE rcache;
|
|
Packit |
aea12f |
unsigned rcache_idx;
|
|
Packit |
aea12f |
int use_extensions;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_datum_t der;
|
|
Packit |
aea12f |
gnutls_datum_t raw_issuer_dn;
|
|
Packit |
aea12f |
} gnutls_x509_crl_int;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
typedef struct gnutls_x509_dn_st {
|
|
Packit |
aea12f |
ASN1_TYPE asn;
|
|
Packit |
aea12f |
} gnutls_x509_dn_st;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
typedef struct gnutls_x509_crt_int {
|
|
Packit |
aea12f |
ASN1_TYPE cert;
|
|
Packit |
aea12f |
int use_extensions;
|
|
Packit |
aea12f |
unsigned expanded; /* a certificate has been expanded */
|
|
Packit |
aea12f |
unsigned modified; /* the cached values below may no longer be valid */
|
|
Packit |
aea12f |
unsigned flags;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
struct pin_info_st pin;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* These two cached values allow fast calls to
|
|
Packit |
aea12f |
* get_raw_*_dn(). */
|
|
Packit |
aea12f |
gnutls_datum_t raw_dn;
|
|
Packit |
aea12f |
gnutls_datum_t raw_issuer_dn;
|
|
Packit |
aea12f |
gnutls_datum_t raw_spki;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_datum_t der;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* this cached value allows fast access to alt names */
|
|
Packit |
aea12f |
gnutls_subject_alt_names_t san;
|
|
Packit |
aea12f |
gnutls_subject_alt_names_t ian;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* backwards compatibility for gnutls_x509_crt_get_subject()
|
|
Packit |
aea12f |
* and gnutls_x509_crt_get_issuer() */
|
|
Packit |
aea12f |
gnutls_x509_dn_st dn;
|
|
Packit |
aea12f |
gnutls_x509_dn_st idn;
|
|
Packit |
aea12f |
} gnutls_x509_crt_int;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#define MODIFIED(crt) crt->modified=1
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
typedef struct gnutls_x509_crq_int {
|
|
Packit |
aea12f |
ASN1_TYPE crq;
|
|
Packit |
aea12f |
} gnutls_x509_crq_int;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
typedef struct gnutls_pkcs7_attrs_st {
|
|
Packit |
aea12f |
char *oid;
|
|
Packit |
aea12f |
gnutls_datum_t data;
|
|
Packit |
aea12f |
struct gnutls_pkcs7_attrs_st *next;
|
|
Packit |
aea12f |
} gnutls_pkcs7_attrs_st;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
typedef struct gnutls_pkcs7_int {
|
|
Packit |
aea12f |
ASN1_TYPE pkcs7;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
char encap_data_oid[MAX_OID_SIZE];
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
gnutls_datum_t der_signed_data;
|
|
Packit |
aea12f |
ASN1_TYPE signed_data;
|
|
Packit |
aea12f |
unsigned expanded;
|
|
Packit |
aea12f |
} gnutls_pkcs7_int;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
struct pbkdf2_params {
|
|
Packit |
aea12f |
uint8_t salt[MAX_SALT_SIZE];
|
|
Packit |
aea12f |
int salt_size;
|
|
Packit |
aea12f |
unsigned iter_count;
|
|
Packit |
aea12f |
unsigned key_size;
|
|
Packit |
aea12f |
gnutls_mac_algorithm_t mac;
|
|
Packit |
aea12f |
};
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
typedef struct gnutls_x509_privkey_int {
|
|
Packit |
aea12f |
/* the size of params depends on the public
|
|
Packit |
aea12f |
* key algorithm
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
gnutls_pk_params_st params;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
unsigned expanded;
|
|
Packit |
aea12f |
unsigned flags;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ASN1_TYPE key;
|
|
Packit |
aea12f |
struct pin_info_st pin;
|
|
Packit |
aea12f |
} gnutls_x509_privkey_int;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_crt_cpy(gnutls_x509_crt_t dest, gnutls_x509_crt_t src);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_compare_raw_dn(const gnutls_datum_t * dn1,
|
|
Packit |
aea12f |
const gnutls_datum_t * dn2);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_crl_cpy(gnutls_x509_crl_t dest, gnutls_x509_crl_t src);
|
|
Packit |
aea12f |
int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl_t crl,
|
|
Packit |
aea12f |
gnutls_datum_t * dn);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* sign.c */
|
|
Packit |
aea12f |
int _gnutls_x509_get_tbs(ASN1_TYPE cert, const char *tbs_name,
|
|
Packit |
aea12f |
gnutls_datum_t * tbs);
|
|
Packit |
aea12f |
int _gnutls_x509_pkix_sign(ASN1_TYPE src, const char *src_name,
|
|
Packit |
aea12f |
gnutls_digest_algorithm_t,
|
|
Packit |
aea12f |
unsigned int flags,
|
|
Packit |
aea12f |
gnutls_x509_crt_t issuer,
|
|
Packit |
aea12f |
gnutls_privkey_t issuer_key);
|
|
Packit |
aea12f |
int _gnutls_x509_crt_get_spki_params(gnutls_x509_crt_t issuer,
|
|
Packit |
aea12f |
const gnutls_x509_spki_st *key_params,
|
|
Packit |
aea12f |
gnutls_x509_spki_st *params);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#define map_errs_to_zero(x) ((x)<0?0:(x))
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* dn.c */
|
|
Packit |
aea12f |
#define OID_X520_COUNTRY_NAME "2.5.4.6"
|
|
Packit |
aea12f |
#define OID_X520_ORGANIZATION_NAME "2.5.4.10"
|
|
Packit |
aea12f |
#define OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11"
|
|
Packit |
aea12f |
#define OID_X520_COMMON_NAME "2.5.4.3"
|
|
Packit |
aea12f |
#define OID_X520_LOCALITY_NAME "2.5.4.7"
|
|
Packit |
aea12f |
#define OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8"
|
|
Packit |
aea12f |
#define OID_LDAP_DC "0.9.2342.19200300.100.1.25"
|
|
Packit |
aea12f |
#define OID_LDAP_UID "0.9.2342.19200300.100.1.1"
|
|
Packit |
aea12f |
#define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct,
|
|
Packit |
aea12f |
const char *asn1_rdn_name, char *buf,
|
|
Packit |
aea12f |
size_t * sizeof_buf,
|
|
Packit |
aea12f |
unsigned flags);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_x509_get_dn(ASN1_TYPE asn1_struct,
|
|
Packit |
aea12f |
const char *asn1_rdn_name, gnutls_datum_t * dn,
|
|
Packit |
aea12f |
unsigned flags);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct,
|
|
Packit |
aea12f |
const char *asn1_rdn_name,
|
|
Packit |
aea12f |
const char *given_oid, int indx,
|
|
Packit |
aea12f |
unsigned int raw_flag, gnutls_datum_t * out);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_set_dn_oid(ASN1_TYPE asn1_struct,
|
|
Packit |
aea12f |
const char *asn1_rdn_name, const char *oid,
|
|
Packit |
aea12f |
int raw_flag, const char *name,
|
|
Packit |
aea12f |
int sizeof_name);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_get_dn_oid(ASN1_TYPE asn1_struct,
|
|
Packit |
aea12f |
const char *asn1_rdn_name,
|
|
Packit |
aea12f |
int indx, void *_oid, size_t * sizeof_oid);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_encode_othername_data(unsigned flags, const void *data, unsigned data_size, gnutls_datum_t *output);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_parse_general_name(ASN1_TYPE src, const char *src_name,
|
|
Packit |
aea12f |
int seq, void *name, size_t * name_size,
|
|
Packit |
aea12f |
unsigned int *ret_type, int othername_oid);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_parse_general_name2(ASN1_TYPE src, const char *src_name,
|
|
Packit |
aea12f |
int seq, gnutls_datum_t *dname,
|
|
Packit |
aea12f |
unsigned int *ret_type, int othername_oid);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_write_new_general_name(ASN1_TYPE ext, const char *ext_name,
|
|
Packit |
aea12f |
gnutls_x509_subject_alt_name_t type,
|
|
Packit |
aea12f |
const void *data, unsigned int data_size);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_write_new_othername(ASN1_TYPE ext, const char *ext_name,
|
|
Packit |
aea12f |
const char *oid,
|
|
Packit |
aea12f |
const void *data, unsigned int data_size);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* dsa.c */
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* verify.c */
|
|
Packit |
aea12f |
int gnutls_x509_crt_is_issuer(gnutls_x509_crt_t cert,
|
|
Packit |
aea12f |
gnutls_x509_crt_t issuer);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_x509_verify_algorithm(gnutls_digest_algorithm_t * hash,
|
|
Packit |
aea12f |
const gnutls_datum_t * signature,
|
|
Packit |
aea12f |
gnutls_pk_algorithm_t pk,
|
|
Packit |
aea12f |
gnutls_pk_params_st * issuer_params);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* privkey.h */
|
|
Packit |
aea12f |
void _gnutls_x509_privkey_reinit(gnutls_x509_privkey_t key);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
ASN1_TYPE _gnutls_privkey_decode_pkcs1_rsa_key(const gnutls_datum_t *
|
|
Packit |
aea12f |
raw_key,
|
|
Packit |
aea12f |
gnutls_x509_privkey_t pkey);
|
|
Packit |
aea12f |
int _gnutls_privkey_decode_ecc_key(ASN1_TYPE* pkey_asn, const gnutls_datum_t *
|
|
Packit |
aea12f |
raw_key,
|
|
Packit |
aea12f |
gnutls_x509_privkey_t pkey,
|
|
Packit |
aea12f |
gnutls_ecc_curve_t curve);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_privkey_decode_eddsa_key(ASN1_TYPE* pkey_asn,
|
|
Packit |
aea12f |
const gnutls_datum_t *raw_key,
|
|
Packit |
aea12f |
gnutls_x509_privkey_t pkey,
|
|
Packit |
aea12f |
gnutls_ecc_curve_t curve);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_x509_read_ecc_params(uint8_t * der, int dersize,
|
|
Packit |
aea12f |
unsigned int *curve);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_x509_read_gost_params(uint8_t * der, int dersize,
|
|
Packit |
aea12f |
gnutls_pk_params_st * params,
|
|
Packit |
aea12f |
gnutls_pk_algorithm_t algo);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_asn1_encode_privkey(ASN1_TYPE * c2,
|
|
Packit |
aea12f |
gnutls_pk_params_st * params);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
void _gnutls_x509_privkey_get_spki_params(gnutls_x509_privkey_t key,
|
|
Packit |
aea12f |
gnutls_x509_spki_st * params);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_read_rsa_pss_params(uint8_t * der, int dersize,
|
|
Packit |
aea12f |
gnutls_x509_spki_st * params);
|
|
Packit Service |
991b93 |
int _gnutls_x509_write_rsa_pss_params(const gnutls_x509_spki_st * params,
|
|
Packit |
aea12f |
gnutls_datum_t * der);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* extensions.c */
|
|
Packit |
aea12f |
int _gnutls_x509_crl_get_extension_oid(gnutls_x509_crl_t crl,
|
|
Packit |
aea12f |
int indx, void *oid,
|
|
Packit |
aea12f |
size_t * sizeof_oid);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_crl_set_extension(gnutls_x509_crl_t crl,
|
|
Packit |
aea12f |
const char *ext_id,
|
|
Packit |
aea12f |
const gnutls_datum_t * ext_data,
|
|
Packit |
aea12f |
unsigned int critical);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_x509_crl_get_extension(gnutls_x509_crl_t crl,
|
|
Packit |
aea12f |
const char *extension_id, int indx,
|
|
Packit |
aea12f |
gnutls_datum_t * data,
|
|
Packit |
aea12f |
unsigned int *critical);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_x509_crt_get_extension(gnutls_x509_crt_t cert,
|
|
Packit |
aea12f |
const char *extension_id, int indx,
|
|
Packit |
aea12f |
gnutls_datum_t * data, unsigned int *critical);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_crt_get_extension_oid(gnutls_x509_crt_t cert,
|
|
Packit |
aea12f |
int indx, void *ret,
|
|
Packit |
aea12f |
size_t * ret_size);
|
|
Packit |
aea12f |
int _gnutls_x509_crt_set_extension(gnutls_x509_crt_t cert,
|
|
Packit |
aea12f |
const char *extension_id,
|
|
Packit |
aea12f |
const gnutls_datum_t * ext_data,
|
|
Packit |
aea12f |
unsigned int critical);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_x509_ext_extract_number(uint8_t * number,
|
|
Packit |
aea12f |
size_t * nr_size,
|
|
Packit |
aea12f |
uint8_t * extnValue, int extnValueLen);
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_x509_ext_gen_number(const uint8_t * number, size_t nr_size,
|
|
Packit |
aea12f |
gnutls_datum_t * der_ext);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_write_general_name(ASN1_TYPE ext, const char *ext_name,
|
|
Packit |
aea12f |
gnutls_x509_subject_alt_name_t type,
|
|
Packit |
aea12f |
const void *data, unsigned int data_size);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_ext_gen_subject_alt_name(gnutls_x509_subject_alt_name_t
|
|
Packit |
aea12f |
type,
|
|
Packit |
aea12f |
const char *othername_oid,
|
|
Packit |
aea12f |
const void *data,
|
|
Packit |
aea12f |
unsigned int data_size,
|
|
Packit |
aea12f |
const gnutls_datum_t * prev_der_ext,
|
|
Packit |
aea12f |
gnutls_datum_t * der_ext);
|
|
Packit |
aea12f |
int _gnutls_x509_ext_gen_auth_key_id(const void *id, size_t id_size,
|
|
Packit |
aea12f |
gnutls_datum_t * der_data);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* mpi.c */
|
|
Packit |
aea12f |
int _gnutls_x509_crq_get_mpis(gnutls_x509_crq_t cert,
|
|
Packit |
aea12f |
gnutls_pk_params_st *);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_crt_get_mpis(gnutls_x509_crt_t cert,
|
|
Packit |
aea12f |
gnutls_pk_params_st * params);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_read_pubkey_params(gnutls_pk_algorithm_t, uint8_t * der,
|
|
Packit |
aea12f |
int dersize,
|
|
Packit |
aea12f |
gnutls_pk_params_st * params);
|
|
Packit |
aea12f |
int _gnutls_x509_check_pubkey_params(gnutls_pk_params_st * params);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_read_pubkey(gnutls_pk_algorithm_t, uint8_t * der,
|
|
Packit |
aea12f |
int dersize, gnutls_pk_params_st * params);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_read_pubkey_signature_params(gnutls_pk_algorithm_t algo,
|
|
Packit |
aea12f |
uint8_t * der, int dersize,
|
|
Packit |
aea12f |
gnutls_pk_params_st * params);
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
int _gnutls_x509_write_ecc_params(const gnutls_ecc_curve_t curve,
|
|
Packit |
aea12f |
gnutls_datum_t * der);
|
|
Packit Service |
991b93 |
int _gnutls_x509_write_ecc_pubkey(const gnutls_pk_params_st * params,
|
|
Packit |
aea12f |
gnutls_datum_t * der);
|
|
Packit |
aea12f |
|
|
Packit Service |
991b93 |
int _gnutls_x509_write_eddsa_pubkey(const gnutls_pk_params_st * params,
|
|
Packit |
aea12f |
gnutls_datum_t * der);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit Service |
991b93 |
_gnutls_x509_write_pubkey_params(const gnutls_pk_params_st * params,
|
|
Packit |
aea12f |
gnutls_datum_t * der);
|
|
Packit Service |
991b93 |
int _gnutls_x509_write_pubkey(const gnutls_pk_params_st * params,
|
|
Packit |
aea12f |
gnutls_datum_t * der);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_read_uint(ASN1_TYPE node, const char *value,
|
|
Packit |
aea12f |
unsigned int *ret);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_read_der_int(uint8_t * der, int dersize, bigint_t * out);
|
|
Packit |
aea12f |
int _gnutls_x509_read_der_uint(uint8_t * der, int dersize, unsigned int *out);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_read_int(ASN1_TYPE node, const char *value,
|
|
Packit |
aea12f |
bigint_t * ret_mpi);
|
|
Packit |
aea12f |
int _gnutls_x509_write_int(ASN1_TYPE node, const char *value, bigint_t mpi,
|
|
Packit |
aea12f |
int lz);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_write_uint32(ASN1_TYPE node, const char *value,
|
|
Packit |
aea12f |
uint32_t num);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_read_key_int(ASN1_TYPE node, const char *value,
|
|
Packit |
aea12f |
bigint_t * ret_mpi);
|
|
Packit |
aea12f |
int _gnutls_x509_write_key_int(ASN1_TYPE node, const char *value, bigint_t mpi,
|
|
Packit |
aea12f |
int lz);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_read_key_int_le(ASN1_TYPE node, const char *value,
|
|
Packit |
aea12f |
bigint_t * ret_mpi);
|
|
Packit |
aea12f |
int _gnutls_x509_write_key_int_le(ASN1_TYPE node, const char *value,
|
|
Packit |
aea12f |
bigint_t mpi);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_x509_read_pkalgo_params(ASN1_TYPE src, const char *src_name,
|
|
Packit |
aea12f |
gnutls_x509_spki_st *params, unsigned is_sig);
|
|
Packit |
aea12f |
int _gnutls_x509_write_sign_params(ASN1_TYPE dst, const char *dst_name,
|
|
Packit |
aea12f |
const gnutls_sign_entry_st *se, gnutls_x509_spki_st *params);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#define _gnutls_x509_read_sign_params(src,name,params) _gnutls_x509_read_pkalgo_params(src,name,params,1)
|
|
Packit |
aea12f |
#define _gnutls_x509_read_spki_params(src,name,params) _gnutls_x509_read_pkalgo_params(src,name,params,0)
|
|
Packit |
aea12f |
int _gnutls_x509_write_spki_params(ASN1_TYPE dst, const char *dst_name,
|
|
Packit |
aea12f |
gnutls_x509_spki_st *params);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
inline static int
|
|
Packit |
aea12f |
_gnutls_x509_crt_read_spki_params(gnutls_x509_crt_t crt,
|
|
Packit |
aea12f |
gnutls_x509_spki_st *params)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
return _gnutls_x509_read_spki_params(crt->cert,
|
|
Packit |
aea12f |
"tbsCertificate."
|
|
Packit |
aea12f |
"subjectPublicKeyInfo."
|
|
Packit |
aea12f |
"algorithm",
|
|
Packit |
aea12f |
params);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
inline static int
|
|
Packit |
aea12f |
_gnutls_x509_crq_read_spki_params(gnutls_x509_crq_t crt,
|
|
Packit |
aea12f |
gnutls_x509_spki_st *params)
|
|
Packit |
aea12f |
{
|
|
Packit |
aea12f |
return _gnutls_x509_read_spki_params(crt->crq,
|
|
Packit |
aea12f |
"certificationRequestInfo."
|
|
Packit |
aea12f |
"subjectPKInfo."
|
|
Packit |
aea12f |
"algorithm",
|
|
Packit |
aea12f |
params);
|
|
Packit |
aea12f |
}
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* pkcs12.h */
|
|
Packit |
aea12f |
#include <gnutls/pkcs12.h>
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
typedef struct gnutls_pkcs12_int {
|
|
Packit |
aea12f |
ASN1_TYPE pkcs12;
|
|
Packit |
aea12f |
unsigned expanded;
|
|
Packit |
aea12f |
} gnutls_pkcs12_int;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#define MAX_BAG_ELEMENTS 32
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
struct bag_element {
|
|
Packit |
aea12f |
gnutls_datum_t data;
|
|
Packit |
aea12f |
gnutls_pkcs12_bag_type_t type;
|
|
Packit |
aea12f |
gnutls_datum_t local_key_id;
|
|
Packit |
aea12f |
char *friendly_name;
|
|
Packit |
aea12f |
};
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
typedef struct gnutls_pkcs12_bag_int {
|
|
Packit |
aea12f |
struct bag_element element[MAX_BAG_ELEMENTS];
|
|
Packit |
aea12f |
unsigned bag_elements;
|
|
Packit |
aea12f |
} gnutls_pkcs12_bag_int;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#define BAG_PKCS8_KEY "1.2.840.113549.1.12.10.1.1"
|
|
Packit |
aea12f |
#define BAG_PKCS8_ENCRYPTED_KEY "1.2.840.113549.1.12.10.1.2"
|
|
Packit |
aea12f |
#define BAG_CERTIFICATE "1.2.840.113549.1.12.10.1.3"
|
|
Packit |
aea12f |
#define BAG_CRL "1.2.840.113549.1.12.10.1.4"
|
|
Packit |
aea12f |
#define BAG_SECRET "1.2.840.113549.1.12.10.1.5"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* Bag attributes
|
|
Packit |
aea12f |
*/
|
|
Packit |
aea12f |
#define FRIENDLY_NAME_OID "1.2.840.113549.1.9.20"
|
|
Packit |
aea12f |
#define KEY_ID_OID "1.2.840.113549.1.9.21"
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_pkcs12_string_to_key(const mac_entry_st * me,
|
|
Packit |
aea12f |
unsigned int id, const uint8_t * salt,
|
|
Packit |
aea12f |
unsigned int salt_size, unsigned int iter,
|
|
Packit |
aea12f |
const char *pw, unsigned int req_keylen,
|
|
Packit |
aea12f |
uint8_t * keybuf);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _pkcs12_decode_safe_contents(const gnutls_datum_t * content,
|
|
Packit |
aea12f |
gnutls_pkcs12_bag_t bag);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_pkcs12_encode_safe_contents(gnutls_pkcs12_bag_t bag, ASN1_TYPE * content,
|
|
Packit |
aea12f |
int *enc);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type,
|
|
Packit |
aea12f |
const gnutls_datum_t * in,
|
|
Packit |
aea12f |
gnutls_datum_t * out);
|
|
Packit |
aea12f |
int _pkcs12_encode_crt_bag(gnutls_pkcs12_bag_type_t type,
|
|
Packit |
aea12f |
const gnutls_datum_t * raw,
|
|
Packit |
aea12f |
gnutls_datum_t * out);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
/* crq */
|
|
Packit |
aea12f |
int _gnutls_x509_crq_set_extension(gnutls_x509_crq_t crq,
|
|
Packit |
aea12f |
const char *ext_id,
|
|
Packit |
aea12f |
const gnutls_datum_t * ext_data,
|
|
Packit |
aea12f |
unsigned int critical);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
gnutls_x509_crt_verify_data3(gnutls_x509_crt_t crt,
|
|
Packit |
aea12f |
gnutls_sign_algorithm_t algo,
|
|
Packit |
aea12f |
gnutls_typed_vdata_st *vdata,
|
|
Packit |
aea12f |
unsigned int vdata_size,
|
|
Packit |
aea12f |
const gnutls_datum_t *data,
|
|
Packit |
aea12f |
const gnutls_datum_t *signature,
|
|
Packit |
aea12f |
unsigned int flags);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
unsigned int
|
|
Packit |
aea12f |
_gnutls_verify_crt_status(const gnutls_x509_crt_t * certificate_list,
|
|
Packit |
aea12f |
int clist_size,
|
|
Packit |
aea12f |
const gnutls_x509_crt_t * trusted_cas,
|
|
Packit |
aea12f |
int tcas_size,
|
|
Packit |
aea12f |
unsigned int flags,
|
|
Packit |
aea12f |
const char *purpose,
|
|
Packit |
aea12f |
gnutls_verify_output_function func);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#ifdef ENABLE_PKCS11
|
|
Packit |
aea12f |
unsigned int
|
|
Packit |
aea12f |
_gnutls_pkcs11_verify_crt_status(const char* url,
|
|
Packit |
aea12f |
const gnutls_x509_crt_t * certificate_list,
|
|
Packit |
aea12f |
unsigned clist_size,
|
|
Packit |
aea12f |
const char *purpose,
|
|
Packit |
aea12f |
unsigned int flags,
|
|
Packit |
aea12f |
gnutls_verify_output_function func);
|
|
Packit |
aea12f |
#endif
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_check_cert_sanity(gnutls_x509_crt_t cert);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int
|
|
Packit |
aea12f |
_gnutls_x509_crt_check_revocation(gnutls_x509_crt_t cert,
|
|
Packit |
aea12f |
const gnutls_x509_crl_t * crl_list,
|
|
Packit |
aea12f |
int crl_list_length,
|
|
Packit |
aea12f |
gnutls_verify_output_function func);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
typedef struct gnutls_name_constraints_st {
|
|
Packit |
aea12f |
struct name_constraints_node_st * permitted;
|
|
Packit |
aea12f |
struct name_constraints_node_st * excluded;
|
|
Packit |
aea12f |
} gnutls_name_constraints_st;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
typedef struct name_constraints_node_st {
|
|
Packit |
aea12f |
unsigned type;
|
|
Packit |
aea12f |
gnutls_datum_t name;
|
|
Packit |
aea12f |
struct name_constraints_node_st *next;
|
|
Packit |
aea12f |
} name_constraints_node_st;
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
int _gnutls_extract_name_constraints(ASN1_TYPE c2, const char *vstr,
|
|
Packit |
aea12f |
name_constraints_node_st ** _nc);
|
|
Packit |
aea12f |
void _gnutls_name_constraints_node_free (name_constraints_node_st *node);
|
|
Packit |
aea12f |
int _gnutls_x509_name_constraints_merge(gnutls_x509_name_constraints_t nc,
|
|
Packit |
aea12f |
gnutls_x509_name_constraints_t nc2);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
void _gnutls_x509_policies_erase(gnutls_x509_policies_t policies, unsigned int seq);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
struct gnutls_x509_tlsfeatures_st {
|
|
Packit |
aea12f |
uint16_t feature[MAX_EXT_TYPES];
|
|
Packit |
aea12f |
unsigned int size;
|
|
Packit |
aea12f |
};
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
unsigned _gnutls_is_broken_sig_allowed(const gnutls_sign_entry_st *se, unsigned int flags);
|
|
Packit |
aea12f |
|
|
Packit |
aea12f |
#endif /* GNUTLS_LIB_X509_X509_INT_H */
|