00001
00004 #ifndef XYSSL_X509_H
00005 #define XYSSL_X509_H
00006
00007 #include "xyssl/rsa.h"
00008
00009 #define XYSSL_ERR_ASN1_OUT_OF_DATA -0x0014
00010 #define XYSSL_ERR_ASN1_UNEXPECTED_TAG -0x0016
00011 #define XYSSL_ERR_ASN1_INVALID_LENGTH -0x0018
00012 #define XYSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A
00013 #define XYSSL_ERR_ASN1_INVALID_DATA -0x001C
00014
00015 #define XYSSL_ERR_X509_FEATURE_UNAVAILABLE -0x0020
00016 #define XYSSL_ERR_X509_CERT_INVALID_PEM -0x0040
00017 #define XYSSL_ERR_X509_CERT_INVALID_FORMAT -0x0060
00018 #define XYSSL_ERR_X509_CERT_INVALID_VERSION -0x0080
00019 #define XYSSL_ERR_X509_CERT_INVALID_SERIAL -0x00A0
00020 #define XYSSL_ERR_X509_CERT_INVALID_ALG -0x00C0
00021 #define XYSSL_ERR_X509_CERT_INVALID_NAME -0x00E0
00022 #define XYSSL_ERR_X509_CERT_INVALID_DATE -0x0100
00023 #define XYSSL_ERR_X509_CERT_INVALID_PUBKEY -0x0120
00024 #define XYSSL_ERR_X509_CERT_INVALID_SIGNATURE -0x0140
00025 #define XYSSL_ERR_X509_CERT_INVALID_EXTENSIONS -0x0160
00026 #define XYSSL_ERR_X509_CERT_UNKNOWN_VERSION -0x0180
00027 #define XYSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG -0x01A0
00028 #define XYSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0
00029 #define XYSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0
00030 #define XYSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200
00031 #define XYSSL_ERR_X509_KEY_INVALID_PEM -0x0220
00032 #define XYSSL_ERR_X509_KEY_INVALID_VERSION -0x0240
00033 #define XYSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260
00034 #define XYSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280
00035 #define XYSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0
00036 #define XYSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0
00037 #define XYSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0
00038 #define XYSSL_ERR_X509_POINT_ERROR -0x0300
00039 #define XYSSL_ERR_X509_VALUE_TO_LENGTH -0x0320
00040
00041 #define BADCERT_EXPIRED 1
00042 #define BADCERT_REVOKED 2
00043 #define BADCERT_CN_MISMATCH 4
00044 #define BADCERT_NOT_TRUSTED 8
00045
00046
00047
00048
00049 #define ASN1_BOOLEAN 0x01
00050 #define ASN1_INTEGER 0x02
00051 #define ASN1_BIT_STRING 0x03
00052 #define ASN1_OCTET_STRING 0x04
00053 #define ASN1_NULL 0x05
00054 #define ASN1_OID 0x06
00055 #define ASN1_UTF8_STRING 0x0C
00056 #define ASN1_SEQUENCE 0x10
00057 #define ASN1_SET 0x11
00058 #define ASN1_PRINTABLE_STRING 0x13
00059 #define ASN1_T61_STRING 0x14
00060 #define ASN1_IA5_STRING 0x16
00061 #define ASN1_UTC_TIME 0x17
00062 #define ASN1_UNIVERSAL_STRING 0x1C
00063 #define ASN1_BMP_STRING 0x1E
00064 #define ASN1_PRIMITIVE 0x00
00065 #define ASN1_CONSTRUCTED 0x20
00066 #define ASN1_CONTEXT_SPECIFIC 0x80
00067
00068
00069
00070
00071 #define X520_COMMON_NAME 3
00072 #define X520_COUNTRY 6
00073 #define X520_LOCALITY 7
00074 #define X520_STATE 8
00075 #define X520_ORGANIZATION 10
00076 #define X520_ORG_UNIT 11
00077 #define PKCS9_EMAIL 1
00078
00079 #define X509_OUTPUT_DER 0x01
00080 #define X509_OUTPUT_PEM 0x02
00081 #define PEM_LINE_LENGTH 72
00082 #define X509_ISSUER 0x01
00083 #define X509_SUBJECT 0x02
00084
00085 #define OID_X520 "\x55\x04"
00086 #define OID_CN "\x55\x04\x03"
00087 #define OID_PKCS1 "\x2A\x86\x48\x86\xF7\x0D\x01\x01"
00088 #define OID_PKCS1_RSA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01"
00089 #define OID_PKCS1_RSA_SHA "\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05"
00090 #define OID_PKCS9 "\x2A\x86\x48\x86\xF7\x0D\x01\x09"
00091 #define OID_PKCS9_EMAIL "\x2A\x86\x48\x86\xF7\x0D\x01\x09\x01"
00092
00093
00094
00095
00096 typedef struct _x509_buf
00097 {
00098 int tag;
00099 int len;
00100 unsigned char *p;
00101 }
00102 x509_buf;
00103
00104 typedef struct _x509_name
00105 {
00106 x509_buf oid;
00107 x509_buf val;
00108 struct _x509_name *next;
00109 }
00110 x509_name;
00111
00112 typedef struct _x509_time
00113 {
00114 int year, mon, day;
00115 int hour, min, sec;
00116 }
00117 x509_time;
00118
00119 typedef struct _x509_cert
00120 {
00121 x509_buf raw;
00122 x509_buf tbs;
00123
00124 int version;
00125 x509_buf serial;
00126 x509_buf sig_oid1;
00127
00128 x509_buf issuer_raw;
00129 x509_buf subject_raw;
00130
00131 x509_name issuer;
00132 x509_name subject;
00133
00134 x509_time valid_from;
00135 x509_time valid_to;
00136
00137 x509_buf pk_oid;
00138 rsa_context rsa;
00139
00140 x509_buf issuer_id;
00141 x509_buf subject_id;
00142 x509_buf v3_ext;
00143
00144 int ca_istrue;
00145 int max_pathlen;
00146
00147 x509_buf sig_oid2;
00148 x509_buf sig;
00149
00150 struct _x509_cert *next;
00151 }
00152 x509_cert;
00153
00154
00155
00156
00157 typedef struct _x509_node
00158 {
00159 unsigned char *data;
00160 unsigned char *p;
00161 unsigned char *end;
00162
00163 size_t len;
00164 }
00165 x509_node;
00166
00167 typedef struct _x509_raw
00168 {
00169 x509_node raw;
00170 x509_node tbs;
00171
00172 x509_node version;
00173 x509_node serial;
00174 x509_node tbs_signalg;
00175 x509_node issuer;
00176 x509_node validity;
00177 x509_node subject;
00178 x509_node subpubkey;
00179
00180 x509_node signalg;
00181 x509_node sign;
00182 }
00183 x509_raw;
00184
00185 #ifdef __cplusplus
00186 extern "C" {
00187 #endif
00188
00199 int x509parse_crt( x509_cert *crt, unsigned char *buf, int buflen );
00200
00210 int x509parse_crtfile( x509_cert *crt, char *path );
00211
00223 int x509parse_key( rsa_context *rsa,
00224 unsigned char *buf, int buflen,
00225 unsigned char *pwd, int pwdlen );
00226
00236 int x509parse_keyfile( rsa_context *rsa, char *path, char *password );
00237
00242 int x509parse_dn_gets( char *buf, char *end, x509_name *dn );
00243
00248 char *x509parse_cert_info( char *prefix, x509_cert *crt );
00249
00254 int x509parse_expired( x509_cert *crt );
00255
00275 int x509parse_verify( x509_cert *crt,
00276 x509_cert *trust_ca,
00277 char *cn, int *flags );
00278
00282 void x509_free( x509_cert *crt );
00283
00289 int x509_self_test( int verbose );
00290
00291 #ifdef __cplusplus
00292 }
00293 #endif
00294
00295 #endif
