00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025 #ifndef X509_H
00026 #define X509_H
00027
00028 #ifndef MIN
00029 #define MIN(X,Y) ((X) > (Y) ? (Y) : (X));
00030 #endif
00031
00032 #ifdef __cplusplus
00033 extern "C"
00034 {
00035 #endif
00036
00037 #include <gnutls.h>
00038 #include <libtasn1.h>
00039 #include "gnutls_mpi.h"
00040
00041
00042
00043
00044 #define GNUTLS_OID_X520_COUNTRY_NAME "2.5.4.6"
00045 #define GNUTLS_OID_X520_ORGANIZATION_NAME "2.5.4.10"
00046 #define GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11"
00047 #define GNUTLS_OID_X520_COMMON_NAME "2.5.4.3"
00048 #define GNUTLS_OID_X520_LOCALITY_NAME "2.5.4.7"
00049 #define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8"
00050
00051 #define GNUTLS_OID_X520_INITIALS "2.5.4.43"
00052 #define GNUTLS_OID_X520_GENERATION_QUALIFIER "2.5.4.44"
00053 #define GNUTLS_OID_X520_SURNAME "2.5.4.4"
00054 #define GNUTLS_OID_X520_GIVEN_NAME "2.5.4.42"
00055 #define GNUTLS_OID_X520_TITLE "2.5.4.12"
00056 #define GNUTLS_OID_X520_DN_QUALIFIER "2.5.4.46"
00057 #define GNUTLS_OID_X520_PSEUDONYM "2.5.4.65"
00058
00059 #define GNUTLS_OID_LDAP_DC "0.9.2342.19200300.100.1.25"
00060 #define GNUTLS_OID_LDAP_UID "0.9.2342.19200300.100.1.1"
00061
00062
00063
00064 #define GNUTLS_OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
00065
00066 #define GNUTLS_OID_PKIX_DATE_OF_BIRTH "1.3.6.1.5.5.7.9.1"
00067 #define GNUTLS_OID_PKIX_PLACE_OF_BIRTH "1.3.6.1.5.5.7.9.2"
00068 #define GNUTLS_OID_PKIX_GENDER "1.3.6.1.5.5.7.9.3"
00069 #define GNUTLS_OID_PKIX_COUNTRY_OF_CITIZENSHIP "1.3.6.1.5.5.7.9.4"
00070 #define GNUTLS_OID_PKIX_COUNTRY_OF_RESIDENCE "1.3.6.1.5.5.7.9.5"
00071
00072
00073
00074 #define GNUTLS_KP_TLS_WWW_SERVER "1.3.6.1.5.5.7.3.1"
00075 #define GNUTLS_KP_TLS_WWW_CLIENT "1.3.6.1.5.5.7.3.2"
00076 #define GNUTLS_KP_CODE_SIGNING "1.3.6.1.5.5.7.3.3"
00077 #define GNUTLS_KP_EMAIL_PROTECTION "1.3.6.1.5.5.7.3.4"
00078 #define GNUTLS_KP_TIME_STAMPING "1.3.6.1.5.5.7.3.8"
00079 #define GNUTLS_KP_OCSP_SIGNING "1.3.6.1.5.5.7.3.9"
00080 #define GNUTLS_KP_ANY "2.5.29.37.0"
00081
00082
00083
00084 typedef enum MHD_gnutls_certificate_import_flags
00085 {
00086
00087
00088
00089
00090 GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1
00091 } MHD_gnutls_certificate_import_flags;
00092
00093 int MHD_gnutls_x509_crt_init (MHD_gnutls_x509_crt_t * cert);
00094 void MHD_gnutls_x509_crt_deinit (MHD_gnutls_x509_crt_t cert);
00095 int MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert,
00096 const MHD_gnutls_datum_t * data,
00097 MHD_gnutls_x509_crt_fmt_t format);
00098 int MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert,
00099 MHD_gnutls_x509_crt_fmt_t format,
00100 void *output_data,
00101 size_t * output_data_size);
00102 int MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert);
00103
00104 #define GNUTLS_CRL_REASON_UNUSED 128
00105 #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
00106 #define GNUTLS_CRL_REASON_CA_COMPROMISE 32
00107 #define GNUTLS_CRL_REASON_AFFILIATION_CHANGED 16
00108 #define GNUTLS_CRL_REASON_SUPERSEEDED 8
00109 #define GNUTLS_CRL_REASON_CESSATION_OF_OPERATION 4
00110 #define GNUTLS_CRL_REASON_CERTIFICATE_HOLD 2
00111 #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1
00112 #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768
00113
00114 int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert,
00115 unsigned int *bits);
00116 int MHD_gnutls_x509_crt_get_ca_status (MHD_gnutls_x509_crt_t cert,
00117 unsigned int *critical);
00118
00119
00120
00121 int MHD_gnutls_x509_crt_get_key_usage (MHD_gnutls_x509_crt_t cert,
00122 unsigned int *key_usage,
00123 unsigned int *critical);
00124 int MHD_gnutls_x509_crt_set_key_usage (MHD_gnutls_x509_crt_t crt,
00125 unsigned int usage);
00126
00127
00128 int MHD_gnutls_x509_crt_set_extension_by_oid (MHD_gnutls_x509_crt_t crt,
00129 const char *oid,
00130 const void *buf,
00131 size_t sizeof_buf,
00132 unsigned int critical);
00133
00134
00135
00136 int MHD_gnutls_x509_crt_set_dn_by_oid (MHD_gnutls_x509_crt_t crt,
00137 const char *oid,
00138 unsigned int raw_flag,
00139 const void *name,
00140 unsigned int sizeof_name);
00141 int MHD_gnutls_x509_crt_set_issuer_dn_by_oid (MHD_gnutls_x509_crt_t crt,
00142 const char *oid,
00143 unsigned int raw_flag,
00144 const void *name,
00145 unsigned int sizeof_name);
00146 int MHD_gnutls_x509_crt_set_version (MHD_gnutls_x509_crt_t crt,
00147 unsigned int version);
00148 int MHD_gnutls_x509_crt_set_key (MHD_gnutls_x509_crt_t crt,
00149 MHD_gnutls_x509_privkey_t key);
00150 int MHD_gnutls_x509_crt_set_ca_status (MHD_gnutls_x509_crt_t crt,
00151 unsigned int ca);
00152 int MHD_gnutls_x509_crt_set_basic_constraints (MHD_gnutls_x509_crt_t crt,
00153 unsigned int ca,
00154 int pathLenConstraint);
00155 int MHD_gnutls_x509_crt_set_subject_alternative_name (MHD_gnutls_x509_crt_t
00156 crt,
00157 MHD_gnutls_x509_subject_alt_name_t
00158 type,
00159 const char
00160 *data_string);
00161 int MHD_gnutls_x509_crt_sign (MHD_gnutls_x509_crt_t crt,
00162 MHD_gnutls_x509_crt_t issuer,
00163 MHD_gnutls_x509_privkey_t issuer_key);
00164 int MHD_gnutls_x509_crt_sign2 (MHD_gnutls_x509_crt_t crt,
00165 MHD_gnutls_x509_crt_t issuer,
00166 MHD_gnutls_x509_privkey_t issuer_key,
00167 enum MHD_GNUTLS_HashAlgorithm,
00168 unsigned int flags);
00169 int MHD_gnutls_x509_crt_set_serial (MHD_gnutls_x509_crt_t cert,
00170 const void *serial, size_t serial_size);
00171
00172 int MHD_gnutls_x509_crt_set_subject_key_id (MHD_gnutls_x509_crt_t cert,
00173 const void *id, size_t id_size);
00174
00175 int MHD_gnutls_x509_crt_set_proxy_dn (MHD_gnutls_x509_crt_t crt,
00176 MHD_gnutls_x509_crt_t eecrt,
00177 unsigned int raw_flag,
00178 const void *name,
00179 unsigned int sizeof_name);
00180 int MHD_gnutls_x509_crt_set_proxy (MHD_gnutls_x509_crt_t crt,
00181 int pathLenConstraint,
00182 const char *policyLanguage,
00183 const char *policy,
00184 size_t sizeof_policy);
00185
00186 typedef enum MHD_gnutls_certificate_print_formats
00187 {
00188 GNUTLS_X509_CRT_FULL,
00189 GNUTLS_X509_CRT_ONELINE,
00190 GNUTLS_X509_CRT_UNSIGNED_FULL
00191 } MHD_gnutls_certificate_print_formats_t;
00192
00193 int MHD_gnutls_x509_crt_print (MHD_gnutls_x509_crt_t cert,
00194 MHD_gnutls_certificate_print_formats_t
00195 format, MHD_gnutls_datum_t * out);
00196
00197
00198
00199 typedef void *MHD_gnutls_x509_dn_t;
00200
00201
00202
00203 typedef enum MHD_gnutls_certificate_verify_flags
00204 {
00205
00206
00207
00208 GNUTLS_VERIFY_DISABLE_CA_SIGN = 1,
00209
00210
00211
00212
00213
00214
00215 GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2,
00216
00217
00218
00219
00220 GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4,
00221
00222
00223
00224
00225
00226
00227 GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8,
00228
00229
00230
00231 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16,
00232
00233
00234
00235 GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32
00236 } MHD_gnutls_certificate_verify_flags;
00237
00238
00239
00240
00241 typedef enum MHD_gnutls_pkcs_encrypt_flags_t
00242 {
00243 GNUTLS_PKCS_PLAIN = 1,
00244
00245
00246 GNUTLS_PKCS_USE_PKCS12_3DES = 2,
00247 GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
00248 GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
00249 GNUTLS_PKCS_USE_PBES2_3DES = 16
00250 } MHD_gnutls_pkcs_encrypt_flags_t;
00251
00252 #define GNUTLS_PKCS8_PLAIN GNUTLS_PKCS_PLAIN
00253 #define GNUTLS_PKCS8_USE_PKCS12_3DES GNUTLS_PKCS_USE_PKCS12_3DES
00254 #define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR
00255 #define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40
00256
00257 int MHD_gnutls_x509_privkey_init (MHD_gnutls_x509_privkey_t * key);
00258 void MHD_gnutls_x509_privkey_deinit (MHD_gnutls_x509_privkey_t key);
00259 int MHD_gnutls_x509_privkey_import (MHD_gnutls_x509_privkey_t key,
00260 const MHD_gnutls_datum_t * data,
00261 MHD_gnutls_x509_crt_fmt_t format);
00262 int MHD_gnutls_x509_privkey_get_key_id (MHD_gnutls_x509_privkey_t key,
00263 unsigned int flags,
00264 unsigned char *output_data,
00265 size_t * output_data_size);
00266
00267 int MHD_gnutls_x509_privkey_export (MHD_gnutls_x509_privkey_t key,
00268 MHD_gnutls_x509_crt_fmt_t format,
00269 void *output_data,
00270 size_t * output_data_size);
00271 int MHD_gnutls_x509_privkey_export_pkcs8 (MHD_gnutls_x509_privkey_t key,
00272 MHD_gnutls_x509_crt_fmt_t format,
00273 const char *password,
00274 unsigned int flags,
00275 void *output_data,
00276 size_t * output_data_size);
00277 int MHD_gnutls_x509_privkey_export_rsa_raw (MHD_gnutls_x509_privkey_t key,
00278 MHD_gnutls_datum_t * m,
00279 MHD_gnutls_datum_t * e,
00280 MHD_gnutls_datum_t * d,
00281 MHD_gnutls_datum_t * p,
00282 MHD_gnutls_datum_t * q,
00283 MHD_gnutls_datum_t * u);
00284
00285 int MHD_gnutls_x509_privkey_verify_data (MHD_gnutls_x509_privkey_t key,
00286 unsigned int flags,
00287 const MHD_gnutls_datum_t * data,
00288 const MHD_gnutls_datum_t *
00289 signature);
00290
00291 #ifdef __cplusplus
00292 }
00293 #endif
00294
00295 #define HASH_OID_SHA1 "1.3.14.3.2.26"
00296 #define HASH_OID_MD5 "1.2.840.113549.2.5"
00297 #define HASH_OID_MD2 "1.2.840.113549.2.2"
00298 #define HASH_OID_RMD160 "1.3.36.3.2.1"
00299 #define HASH_OID_SHA256 "2.16.840.1.101.3.4.2.1"
00300 #define HASH_OID_SHA384 "2.16.840.1.101.3.4.2.2"
00301 #define HASH_OID_SHA512 "2.16.840.1.101.3.4.2.3"
00302
00303 typedef struct MHD_gnutls_x509_crt_int
00304 {
00305 ASN1_TYPE cert;
00306 int use_extensions;
00307 } MHD_gnutls_x509_crt_int;
00308
00309 #define MAX_PRIV_PARAMS_SIZE 6
00310
00311
00312 #define DSA_PRIVATE_PARAMS 5
00313 #define DSA_PUBLIC_PARAMS 4
00314 #define RSA_PRIVATE_PARAMS 6
00315 #define RSA_PUBLIC_PARAMS 2
00316
00317 #if MAX_PRIV_PARAMS_SIZE - RSA_PRIVATE_PARAMS < 0
00318 # error INCREASE MAX_PRIV_PARAMS
00319 #endif
00320
00321 #if MAX_PRIV_PARAMS_SIZE - DSA_PRIVATE_PARAMS < 0
00322 # error INCREASE MAX_PRIV_PARAMS
00323 #endif
00324
00325 typedef struct MHD_gtls_x509_privkey_int
00326 {
00327 mpi_t params[MAX_PRIV_PARAMS_SIZE];
00328
00329
00330
00331
00332
00333
00334
00335
00336
00337
00338
00339
00340
00341
00342
00343
00344
00345 int params_size;
00346
00347 enum MHD_GNUTLS_PublicKeyAlgorithm pk_algorithm;
00348
00349 int crippled;
00350
00351
00352
00353
00354 ASN1_TYPE key;
00355 } MHD_gnutls_x509_privkey_int;
00356
00357 int MHD_gnutls_x509_crt_get_pk_algorithm (MHD_gnutls_x509_crt_t cert,
00358 unsigned int *bits);
00359
00360 int MHD_gnutls_x509_crt_get_serial (MHD_gnutls_x509_crt_t cert,
00361 void *result, size_t * result_size);
00362
00363 int MHD_gnutls_x509_crt_init (MHD_gnutls_x509_crt_t * cert);
00364 void MHD_gnutls_x509_crt_deinit (MHD_gnutls_x509_crt_t cert);
00365 int MHD_gnutls_x509_crt_import (MHD_gnutls_x509_crt_t cert,
00366 const MHD_gnutls_datum_t * data,
00367 MHD_gnutls_x509_crt_fmt_t format);
00368 int MHD_gnutls_x509_crt_export (MHD_gnutls_x509_crt_t cert,
00369 MHD_gnutls_x509_crt_fmt_t format,
00370 void *output_data, size_t * output_data_size);
00371
00372 int MHD_gnutls_x509_crt_get_key_usage (MHD_gnutls_x509_crt_t cert,
00373 unsigned int *key_usage,
00374 unsigned int *critical);
00375 int MHD_gnutls_x509_crt_get_version (MHD_gnutls_x509_crt_t cert);
00376
00377 int MHD_gnutls_x509_privkey_init (MHD_gnutls_x509_privkey_t * key);
00378 void MHD_gnutls_x509_privkey_deinit (MHD_gnutls_x509_privkey_t key);
00379
00380 int MHD_gnutls_x509_privkey_generate (MHD_gnutls_x509_privkey_t key,
00381 enum MHD_GNUTLS_PublicKeyAlgorithm algo,
00382 unsigned int bits, unsigned int flags);
00383
00384 int MHD_gnutls_x509_privkey_import (MHD_gnutls_x509_privkey_t key,
00385 const MHD_gnutls_datum_t * data,
00386 MHD_gnutls_x509_crt_fmt_t format);
00387 int MHD_gnutls_x509_privkey_export_rsa_raw (MHD_gnutls_x509_privkey_t key,
00388 MHD_gnutls_datum_t * m,
00389 MHD_gnutls_datum_t * e,
00390 MHD_gnutls_datum_t * d,
00391 MHD_gnutls_datum_t * p,
00392 MHD_gnutls_datum_t * q,
00393 MHD_gnutls_datum_t * u);
00394 int MHD_gnutls_x509_privkey_export (MHD_gnutls_x509_privkey_t key,
00395 MHD_gnutls_x509_crt_fmt_t format,
00396 void *output_data,
00397 size_t * output_data_size);
00398
00399 #define GNUTLS_CRL_REASON_UNUSED 128
00400 #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
00401 #define GNUTLS_CRL_REASON_CA_COMPROMISE 32
00402 #define GNUTLS_CRL_REASON_AFFILIATION_CHANGED 16
00403 #define GNUTLS_CRL_REASON_SUPERSEEDED 8
00404 #define GNUTLS_CRL_REASON_CESSATION_OF_OPERATION 4
00405 #define GNUTLS_CRL_REASON_CERTIFICATE_HOLD 2
00406 #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1
00407 #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768
00408
00409 #endif