00001 00004 #ifndef XYSSL_X509_H 00005 #define XYSSL_X509_H 00006 00007 #include "xyssl/rsa.h" 00008 00009 #define XYSSL_ERR_ASN1_OUT_OF_DATA -0x0014 00010 #define XYSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016 00011 #define XYSSL_ERR_ASN1_INVALID_LENGTH -0x0018 00012 #define XYSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A 00013 #define XYSSL_ERR_ASN1_INVALID_DATA -0x001C 00014 00015 #define XYSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020 00016 #define XYSSL_ERR_X509_CERT_INVALID_PEM -0x0040 00017 #define XYSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060 00018 #define XYSSL_ERR_X509_CERT_INVALID_VERSION -0x0080 00019 #define XYSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0 00020 #define XYSSL_ERR_X509_CERT_INVALID_ALG -0x00C0 00021 #define XYSSL_ERR_X509_CERT_INVALID_NAME -0x00E0 00022 #define XYSSL_ERR_X509_CERT_INVALID_DATE -0x0100 00023 #define XYSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120 00024 #define XYSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140 00025 #define XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160 00026 #define XYSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180 00027 #define XYSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0 00028 #define XYSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 00029 #define XYSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 00030 #define XYSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 00031 #define XYSSL_ERR_X509_KEY_INVALID_PEM -0x0220 00032 #define XYSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 00033 #define XYSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 00034 #define XYSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280 00035 #define XYSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0 00036 #define XYSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0 00037 #define XYSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0 00038 #define XYSSL_ERR_X509_POINT_ERROR -0x0300 00039 #define XYSSL_ERR_X509_VALUE_TO_LENGTH -0x0320 00040 00041 #define BADCERT_EXPIRED 1 00042 #define BADCERT_REVOKED 2 00043 #define BADCERT_CN_MISMATCH 4 00044 #define BADCERT_NOT_TRUSTED 8 00045 00046 /* 00047 * DER constants 00048 */ 00049 #define ASN1_BOOLEAN 0x01 00050 #define ASN1_INTEGER 0x02 00051 #define ASN1_BIT_STRING 0x03 00052 #define ASN1_OCTET_STRING 0x04 00053 #define ASN1_NULL 0x05 00054 #define ASN1_OID 0x06 00055 #define ASN1_UTF8_STRING 0x0C 00056 #define ASN1_SEQUENCE 0x10 00057 #define ASN1_SET 0x11 00058 #define ASN1_PRINTABLE_STRING 0x13 00059 #define ASN1_T61_STRING 0x14 00060 #define ASN1_IA5_STRING 0x16 00061 #define ASN1_UTC_TIME 0x17 00062 #define ASN1_UNIVERSAL_STRING 0x1C 00063 #define ASN1_BMP_STRING 0x1E 00064 #define ASN1_PRIMITIVE 0x00 00065 #define ASN1_CONSTRUCTED 0x20 00066 #define ASN1_CONTEXT_SPECIFIC 0x80 00067 00068 /* 00069 * various object identifiers 00070 */ 00071 #define X520_COMMON_NAME 3 00072 #define X520_COUNTRY 6 00073 #define X520_LOCALITY 7 00074 #define X520_STATE 8 00075 #define X520_ORGANIZATION 10 00076 #define X520_ORG_UNIT 11 00077 #define PKCS9_EMAIL 1 00078 00079 #define X509_OUTPUT_DER 0x01 00080 #define X509_OUTPUT_PEM 0x02 00081 #define PEM_LINE_LENGTH 72 00082 #define X509_ISSUER 0x01 00083 #define X509_SUBJECT 0x02 00084 00085 #define OID_X520 "\x55\x04" 00086 #define OID_CN "\x55\x04\x03" 00087 #define OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01" 00088 #define OID_PKCS1_RSA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01" 00089 #define OID_PKCS1_RSA_SHA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05" 00090 #define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09" 00091 #define OID_PKCS9_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01" 00092 00093 /* 00094 * Structures for parsing X.509 certificates 00095 */ 00096 typedef struct _x509_buf 00097 { 00098 int tag; 00099 int len; 00100 unsigned char *p; 00101 } 00102 x509_buf; 00103 00104 typedef struct _x509_name 00105 { 00106 x509_buf oid; 00107 x509_buf val; 00108 struct _x509_name *next; 00109 } 00110 x509_name; 00111 00112 typedef struct _x509_time 00113 { 00114 int year, mon, day; 00115 int hour, min, sec; 00116 } 00117 x509_time; 00118 00119 typedef struct _x509_cert 00120 { 00121 x509_buf raw; 00122 x509_buf tbs; 00123 00124 int version; 00125 x509_buf serial; 00126 x509_buf sig_oid1; 00127 00128 x509_buf issuer_raw; 00129 x509_buf subject_raw; 00130 00131 x509_name issuer; 00132 x509_name subject; 00133 00134 x509_time valid_from; 00135 x509_time valid_to; 00136 00137 x509_buf pk_oid; 00138 rsa_context rsa; 00139 00140 x509_buf issuer_id; 00141 x509_buf subject_id; 00142 x509_buf v3_ext; 00143 00144 int ca_istrue; 00145 int max_pathlen; 00146 00147 x509_buf sig_oid2; 00148 x509_buf sig; 00149 00150 struct _x509_cert *next; 00151 } 00152 x509_cert; 00153 00154 /* 00155 * Structures for writing X.509 certificates 00156 */ 00157 typedef struct _x509_node 00158 { 00159 unsigned char *data; 00160 unsigned char *p; 00161 unsigned char *end; 00162 00163 size_t len; 00164 } 00165 x509_node; 00166 00167 typedef struct _x509_raw 00168 { 00169 x509_node raw; 00170 x509_node tbs; 00171 00172 x509_node version; 00173 x509_node serial; 00174 x509_node tbs_signalg; 00175 x509_node issuer; 00176 x509_node validity; 00177 x509_node subject; 00178 x509_node subpubkey; 00179 00180 x509_node signalg; 00181 x509_node sign; 00182 } 00183 x509_raw; 00184 00185 #ifdef __cplusplus 00186 extern "C" { 00187 #endif 00188 00199 int x509parse_crt( x509_cert *crt, unsigned char *buf, int buflen ); 00200 00210 int x509parse_crtfile( x509_cert *crt, char *path ); 00211 00223 int x509parse_key( rsa_context *rsa, 00224 unsigned char *buf, int buflen, 00225 unsigned char *pwd, int pwdlen ); 00226 00236 int x509parse_keyfile( rsa_context *rsa, char *path, char *password ); 00237 00242 int x509parse_dn_gets( char *buf, char *end, x509_name *dn ); 00243 00248 char *x509parse_cert_info( char *prefix, x509_cert *crt ); 00249 00254 int x509parse_expired( x509_cert *crt ); 00255 00275 int x509parse_verify( x509_cert *crt, 00276 x509_cert *trust_ca, 00277 char *cn, int *flags ); 00278 00282 void x509_free( x509_cert *crt ); 00283 00289 int x509_self_test( int verbose ); 00290 00291 #ifdef __cplusplus 00292 } 00293 #endif 00294 00295 #endif /* x509.h */