/* * Copyright (C) 2003, 2004, 2005, 2007, 2008, 2009, 2010 Free Software * Foundation, Inc. * * Author: Nikos Mavrogiannopoulos * * This file is part of GnuTLS. * * The GnuTLS is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public License * as published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This library is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 * USA * */ /* This file contains the types and prototypes for the X.509 * certificate and CRL handling functions. */ #ifndef GNUTLS_X509_H #define GNUTLS_X509_H #include #ifdef __cplusplus extern "C" { #endif /* Some OIDs usually found in Distinguished names, or * in Subject Directory Attribute extensions. */ #define GNUTLS_OID_X520_COUNTRY_NAME "2.5.4.6" #define GNUTLS_OID_X520_ORGANIZATION_NAME "2.5.4.10" #define GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11" #define GNUTLS_OID_X520_COMMON_NAME "2.5.4.3" #define GNUTLS_OID_X520_LOCALITY_NAME "2.5.4.7" #define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8" #define GNUTLS_OID_X520_INITIALS "2.5.4.43" #define GNUTLS_OID_X520_GENERATION_QUALIFIER "2.5.4.44" #define GNUTLS_OID_X520_SURNAME "2.5.4.4" #define GNUTLS_OID_X520_GIVEN_NAME "2.5.4.42" #define GNUTLS_OID_X520_TITLE "2.5.4.12" #define GNUTLS_OID_X520_DN_QUALIFIER "2.5.4.46" #define GNUTLS_OID_X520_PSEUDONYM "2.5.4.65" #define GNUTLS_OID_X520_POSTALCODE "2.5.4.17" #define GNUTLS_OID_X520_NAME "2.5.4.41" #define GNUTLS_OID_LDAP_DC "0.9.2342.19200300.100.1.25" #define GNUTLS_OID_LDAP_UID "0.9.2342.19200300.100.1.1" /* The following should not be included in DN. */ #define GNUTLS_OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" #define GNUTLS_OID_PKIX_DATE_OF_BIRTH "1.3.6.1.5.5.7.9.1" #define GNUTLS_OID_PKIX_PLACE_OF_BIRTH "1.3.6.1.5.5.7.9.2" #define GNUTLS_OID_PKIX_GENDER "1.3.6.1.5.5.7.9.3" #define GNUTLS_OID_PKIX_COUNTRY_OF_CITIZENSHIP "1.3.6.1.5.5.7.9.4" #define GNUTLS_OID_PKIX_COUNTRY_OF_RESIDENCE "1.3.6.1.5.5.7.9.5" /* Key purpose Object Identifiers. */ #define GNUTLS_KP_TLS_WWW_SERVER "1.3.6.1.5.5.7.3.1" #define GNUTLS_KP_TLS_WWW_CLIENT "1.3.6.1.5.5.7.3.2" #define GNUTLS_KP_CODE_SIGNING "1.3.6.1.5.5.7.3.3" #define GNUTLS_KP_EMAIL_PROTECTION "1.3.6.1.5.5.7.3.4" #define GNUTLS_KP_TIME_STAMPING "1.3.6.1.5.5.7.3.8" #define GNUTLS_KP_OCSP_SIGNING "1.3.6.1.5.5.7.3.9" #define GNUTLS_KP_IPSEC_IKE "1.3.6.1.5.5.7.3.17" #define GNUTLS_KP_ANY "2.5.29.37.0" #define GNUTLS_FSAN_SET 0 #define GNUTLS_FSAN_APPEND 1 /* Certificate handling functions. */ /** * gnutls_certificate_import_flags: * @GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED: Fail if the * certificates in the buffer are more than the space allocated for * certificates. The error code will be %GNUTLS_E_SHORT_MEMORY_BUFFER. * @GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED: Fail if the certificates * in the buffer are not ordered starting from subject to issuer. * The error code will be %GNUTLS_E_CERTIFICATE_LIST_UNSORTED. * * Enumeration of different certificate import flags. */ typedef enum gnutls_certificate_import_flags { GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1, GNUTLS_X509_CRT_LIST_FAIL_IF_UNSORTED = 2 } gnutls_certificate_import_flags; int gnutls_x509_crt_init (gnutls_x509_crt_t * cert); void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert); int gnutls_x509_crt_import (gnutls_x509_crt_t cert, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format); int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs, unsigned int *cert_max, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, unsigned int flags); int gnutls_x509_crt_export (gnutls_x509_crt_t cert, gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size); int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf, size_t * sizeof_buf); int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx, void *oid, size_t * sizeof_oid); int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert, const char *oid, int indx, unsigned int raw_flag, void *buf, size_t * sizeof_buf); int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf, size_t * sizeof_buf); int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx, void *oid, size_t * sizeof_oid); int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert, const char *oid, int indx, unsigned int raw_flag, void *buf, size_t * sizeof_buf); int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert, const char *hostname); int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert); int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert, char *sig, size_t * sizeof_sig); int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert); int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt, unsigned int flags, unsigned char *output_data, size_t * output_data_size); int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert, const void *id, size_t id_size); int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert, void *ret, size_t * ret_size, unsigned int *critical); int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert, void *ret, size_t * ret_size, unsigned int *critical); int gnutls_x509_crt_get_subject_unique_id (gnutls_x509_crt_t crt, char *buf, size_t * sizeof_buf); int gnutls_x509_crt_get_issuer_unique_id (gnutls_x509_crt_t crt, char *buf, size_t * sizeof_buf); #define GNUTLS_CRL_REASON_UNUSED 128 #define GNUTLS_CRL_REASON_KEY_COMPROMISE 64 #define GNUTLS_CRL_REASON_CA_COMPROMISE 32 #define GNUTLS_CRL_REASON_AFFILIATION_CHANGED 16 #define GNUTLS_CRL_REASON_SUPERSEDED 8 #define GNUTLS_CRL_REASON_SUPERSEEDED GNUTLS_CRL_REASON_SUPERSEDED #define GNUTLS_CRL_REASON_CESSATION_OF_OPERATION 4 #define GNUTLS_CRL_REASON_CERTIFICATE_HOLD 2 #define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1 #define GNUTLS_CRL_REASON_AA_COMPROMISE 32768 int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert, unsigned int seq, void *ret, size_t * ret_size, unsigned int *reason_flags, unsigned int *critical); int gnutls_x509_crt_set_crl_dist_points2 (gnutls_x509_crt_t crt, gnutls_x509_subject_alt_name_t type, const void *data, unsigned int data_size, unsigned int reason_flags); int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt, gnutls_x509_subject_alt_name_t type, const void *data_string, unsigned int reason_flags); int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst, gnutls_x509_crt_t src); time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert); time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert); int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result, size_t * result_size); int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert, unsigned int *bits); int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt, gnutls_datum_t * m, gnutls_datum_t * e); int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt, gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g, gnutls_datum_t * y); int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert, unsigned int seq, void *ret, size_t * ret_size, unsigned int *critical); int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert, unsigned int seq, void *ret, size_t * ret_size, unsigned int *ret_type, unsigned int *critical); int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert, unsigned int seq, void *ret, size_t * ret_size); int gnutls_x509_crt_get_issuer_alt_name (gnutls_x509_crt_t cert, unsigned int seq, void *ret, size_t * ret_size, unsigned int *critical); int gnutls_x509_crt_get_issuer_alt_name2 (gnutls_x509_crt_t cert, unsigned int seq, void *ret, size_t * ret_size, unsigned int *ret_type, unsigned int *critical); int gnutls_x509_crt_get_issuer_alt_othername_oid (gnutls_x509_crt_t cert, unsigned int seq, void *ret, size_t * ret_size); int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert, unsigned int *critical); int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert, unsigned int *critical, int *ca, int *pathlen); /* The key_usage flags are defined in gnutls.h. They are the * GNUTLS_KEY_* definitions. */ int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert, unsigned int *key_usage, unsigned int *critical); int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt, unsigned int usage); int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert, unsigned int *critical, int *pathlen, char **policyLanguage, char **policy, size_t * sizeof_policy); int gnutls_x509_dn_oid_known (const char *oid); /* Read extensions by OID. */ int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx, void *oid, size_t * sizeof_oid); int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert, const char *oid, int indx, void *buf, size_t * sizeof_buf, unsigned int *critical); /* Read extensions by sequence number. */ int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx, void *oid, size_t * sizeof_oid, int *critical); int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx, void *data, size_t * sizeof_data); int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt, const char *oid, const void *buf, size_t sizeof_buf, unsigned int critical); /* X.509 Certificate writing. */ int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt, const char *oid, unsigned int raw_flag, const void *name, unsigned int sizeof_name); int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt, const char *oid, unsigned int raw_flag, const void *name, unsigned int sizeof_name); int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt, unsigned int version); int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt, gnutls_x509_privkey_t key); int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca); int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt, unsigned int ca, int pathLenConstraint); int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt, gnutls_x509_subject_alt_name_t type, const char *data_string); int gnutls_x509_crt_set_subject_alt_name (gnutls_x509_crt_t crt, gnutls_x509_subject_alt_name_t type, const void *data, unsigned int data_size, unsigned int flags); int gnutls_x509_crt_sign (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, gnutls_x509_privkey_t issuer_key); int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt, gnutls_x509_crt_t issuer, gnutls_x509_privkey_t issuer_key, gnutls_digest_algorithm_t dig, unsigned int flags); int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert, time_t act_time); int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert, time_t exp_time); int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert, const void *serial, size_t serial_size); int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert, const void *id, size_t id_size); int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt, gnutls_x509_crt_t eecrt, unsigned int raw_flag, const void *name, unsigned int sizeof_name); int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt, int pathLenConstraint, const char *policyLanguage, const char *policy, size_t sizeof_policy); int gnutls_x509_crt_print (gnutls_x509_crt_t cert, gnutls_certificate_print_formats_t format, gnutls_datum_t * out); int gnutls_x509_crl_print (gnutls_x509_crl_t crl, gnutls_certificate_print_formats_t format, gnutls_datum_t * out); /* Access to internal Certificate fields. */ int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert, gnutls_datum_t * start); int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert, gnutls_datum_t * start); /* RDN handling. */ int gnutls_x509_rdn_get (const gnutls_datum_t * idn, char *buf, size_t * sizeof_buf); int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn, int indx, void *buf, size_t * sizeof_buf); int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn, const char *oid, int indx, unsigned int raw_flag, void *buf, size_t * sizeof_buf); typedef void *gnutls_x509_dn_t; typedef struct gnutls_x509_ava_st { gnutls_datum_t oid; gnutls_datum_t value; unsigned long value_tag; } gnutls_x509_ava_st; int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn); int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert, gnutls_x509_dn_t * dn); int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, int irdn, int iava, gnutls_x509_ava_st * ava); int gnutls_x509_dn_init (gnutls_x509_dn_t * dn); int gnutls_x509_dn_import (gnutls_x509_dn_t dn, const gnutls_datum_t * data); int gnutls_x509_dn_export (gnutls_x509_dn_t dn, gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size); void gnutls_x509_dn_deinit (gnutls_x509_dn_t dn); /* CRL handling functions. */ int gnutls_x509_crl_init (gnutls_x509_crl_t * crl); void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl); int gnutls_x509_crl_import (gnutls_x509_crl_t crl, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format); int gnutls_x509_crl_export (gnutls_x509_crl_t crl, gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size); int gnutls_x509_crl_get_raw_issuer_dn (gnutls_x509_crl_t crl, gnutls_datum_t * dn); int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl, char *buf, size_t * sizeof_buf); int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl, const char *oid, int indx, unsigned int raw_flag, void *buf, size_t * sizeof_buf); int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, int indx, void *oid, size_t * sizeof_oid); int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl); int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl, char *sig, size_t * sizeof_sig); int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl); time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl); time_t gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl); int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl); int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx, unsigned char *serial, size_t * serial_size, time_t * t); #define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count #define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl, gnutls_x509_crt_t issuer); /* CRL writing. */ int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl, unsigned int version); int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl, time_t act_time); int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl, time_t exp_time); int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl, const void *serial, size_t serial_size, time_t revocation_time); int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl, gnutls_x509_crt_t crt, time_t revocation_time); int gnutls_x509_crl_get_authority_key_id (gnutls_x509_crl_t crl, void *ret, size_t * ret_size, unsigned int *critical); int gnutls_x509_crl_get_number (gnutls_x509_crl_t crl, void *ret, size_t * ret_size, unsigned int *critical); int gnutls_x509_crl_get_extension_oid (gnutls_x509_crl_t crl, int indx, void *oid, size_t * sizeof_oid); int gnutls_x509_crl_get_extension_info (gnutls_x509_crl_t crl, int indx, void *oid, size_t * sizeof_oid, int *critical); int gnutls_x509_crl_get_extension_data (gnutls_x509_crl_t crl, int indx, void *data, size_t * sizeof_data); int gnutls_x509_crl_set_authority_key_id (gnutls_x509_crl_t crl, const void *id, size_t id_size); int gnutls_x509_crl_set_number (gnutls_x509_crl_t crl, const void *nr, size_t nr_size); /* PKCS7 structures handling */ struct gnutls_pkcs7_int; typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t; int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7); void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7); int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format); int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size); int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7); int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, int indx, void *certificate, size_t * certificate_size); int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crt); int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt); int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx); int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7, int indx, void *crl, size_t * crl_size); int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7); int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7, const gnutls_datum_t * crl); int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl); int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx); /* X.509 Certificate verification functions. */ /** * gnutls_certificate_verify_flags: * @GNUTLS_VERIFY_DISABLE_CA_SIGN: If set a signer does not have to be * a certificate authority. This flag should normaly be disabled, * unless you know what this means. * @GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS: If set a signer in the trusted * list is never checked for expiration or activation. * @GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT: Allow trusted CA * certificates that have version 1. This is the default. * @GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT: Do not allow trusted CA * certificates that have version 1. This option is to be used * to deprecate all V1 certificates. * @GNUTLS_VERIFY_DO_NOT_ALLOW_SAME: If a certificate is not signed by * anyone trusted but exists in the trusted CA list do not treat it * as trusted. * @GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT: Allow CA certificates that * have version 1 (both root and intermediate). This might be * dangerous since those haven't the basicConstraints * extension. Must be used in combination with * %GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT. * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2: Allow certificates to be signed * using the broken MD2 algorithm. * @GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5: Allow certificates to be signed * using the broken MD5 algorithm. * @GNUTLS_VERIFY_DISABLE_TIME_CHECKS: Disable checking of activation * and expiration validity periods of certificate chains. Don't set * this unless you understand the security implications. * * Enumeration of different certificate verify flags. */ typedef enum gnutls_certificate_verify_flags { GNUTLS_VERIFY_DISABLE_CA_SIGN = 1, GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2, GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4, GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16, GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32, GNUTLS_VERIFY_DISABLE_TIME_CHECKS = 64, GNUTLS_VERIFY_DISABLE_TRUSTED_TIME_CHECKS = 128, GNUTLS_VERIFY_DO_NOT_ALLOW_X509_V1_CA_CRT = 256 } gnutls_certificate_verify_flags; int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert, gnutls_x509_crt_t issuer); int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list, int cert_list_length, const gnutls_x509_crt_t * CA_list, int CA_list_length, const gnutls_x509_crl_t * CRL_list, int CRL_list_length, unsigned int flags, unsigned int *verify); int gnutls_x509_crt_verify (gnutls_x509_crt_t cert, const gnutls_x509_crt_t * CA_list, int CA_list_length, unsigned int flags, unsigned int *verify); int gnutls_x509_crl_verify (gnutls_x509_crl_t crl, const gnutls_x509_crt_t * CA_list, int CA_list_length, unsigned int flags, unsigned int *verify); int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert, const gnutls_x509_crl_t * crl_list, int crl_list_length); int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert, gnutls_digest_algorithm_t algo, void *buf, size_t * sizeof_buf); int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert, int indx, void *oid, size_t * sizeof_oid, unsigned int *critical); int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert, const void *oid, unsigned int critical); /* Private key handling. */ /* Flags for the gnutls_x509_privkey_export_pkcs8() function. */ /** * gnutls_pkcs_encrypt_flags_t: * @GNUTLS_PKCS_PLAIN: Unencrypted private key. * @GNUTLS_PKCS8_PLAIN: Same as %GNUTLS_PKCS_PLAIN. * @GNUTLS_PKCS_USE_PKCS12_3DES: PKCS-12 3DES. * @GNUTLS_PKCS8_USE_PKCS12_3DES: Same as %GNUTLS_PKCS_USE_PKCS12_3DES. * @GNUTLS_PKCS_USE_PKCS12_ARCFOUR: PKCS-12 ARCFOUR. * @GNUTLS_PKCS8_USE_PKCS12_ARCFOUR: Same as %GNUTLS_PKCS_USE_PKCS12_ARCFOUR. * @GNUTLS_PKCS_USE_PKCS12_RC2_40: PKCS-12 RC2-40. * @GNUTLS_PKCS8_USE_PKCS12_RC2_40: Same as %GNUTLS_PKCS_USE_PKCS12_RC2_40. * @GNUTLS_PKCS_USE_PBES2_3DES: PBES2 3DES. * @GNUTLS_PKCS_USE_PBES2_AES_128: PBES2 AES-128. * @GNUTLS_PKCS_USE_PBES2_AES_192: PBES2 AES-192. * @GNUTLS_PKCS_USE_PBES2_AES_256: PBES2 AES-256. * * Enumeration of different PKCS encryption flags. */ typedef enum gnutls_pkcs_encrypt_flags_t { GNUTLS_PKCS_PLAIN = 1, GNUTLS_PKCS8_PLAIN = GNUTLS_PKCS_PLAIN, GNUTLS_PKCS_USE_PKCS12_3DES = 2, GNUTLS_PKCS8_USE_PKCS12_3DES = GNUTLS_PKCS_USE_PKCS12_3DES, GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4, GNUTLS_PKCS8_USE_PKCS12_ARCFOUR = GNUTLS_PKCS_USE_PKCS12_ARCFOUR, GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8, GNUTLS_PKCS8_USE_PKCS12_RC2_40 = GNUTLS_PKCS_USE_PKCS12_RC2_40, GNUTLS_PKCS_USE_PBES2_3DES = 16, GNUTLS_PKCS_USE_PBES2_AES_128 = 32, GNUTLS_PKCS_USE_PBES2_AES_192 = 64, GNUTLS_PKCS_USE_PBES2_AES_256 = 128 } gnutls_pkcs_encrypt_flags_t; int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key); void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key); gnutls_sec_param_t gnutls_x509_privkey_sec_param (gnutls_x509_privkey_t key); int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst, gnutls_x509_privkey_t src); int gnutls_x509_privkey_import (gnutls_x509_privkey_t key, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format); int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format, const char *password, unsigned int flags); int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key, const gnutls_datum_t * m, const gnutls_datum_t * e, const gnutls_datum_t * d, const gnutls_datum_t * p, const gnutls_datum_t * q, const gnutls_datum_t * u); int gnutls_x509_privkey_import_rsa_raw2 (gnutls_x509_privkey_t key, const gnutls_datum_t * m, const gnutls_datum_t * e, const gnutls_datum_t * d, const gnutls_datum_t * p, const gnutls_datum_t * q, const gnutls_datum_t * u, const gnutls_datum_t * e1, const gnutls_datum_t * e2); int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key); int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key, gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * g, gnutls_datum_t * y, gnutls_datum_t * x); int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key, const gnutls_datum_t * p, const gnutls_datum_t * q, const gnutls_datum_t * g, const gnutls_datum_t * y, const gnutls_datum_t * x); int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key); int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key, unsigned int flags, unsigned char *output_data, size_t * output_data_size); int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key, gnutls_pk_algorithm_t algo, unsigned int bits, unsigned int flags); int gnutls_x509_privkey_export (gnutls_x509_privkey_t key, gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size); int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key, gnutls_x509_crt_fmt_t format, const char *password, unsigned int flags, void *output_data, size_t * output_data_size); int gnutls_x509_privkey_export_rsa_raw2 (gnutls_x509_privkey_t key, gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u, gnutls_datum_t * e1, gnutls_datum_t * e2); int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key, gnutls_datum_t * m, gnutls_datum_t * e, gnutls_datum_t * d, gnutls_datum_t * p, gnutls_datum_t * q, gnutls_datum_t * u); /* Certificate request stuff. */ int gnutls_x509_crq_print (gnutls_x509_crq_t crq, gnutls_certificate_print_formats_t format, gnutls_datum_t * out); int gnutls_x509_crq_verify (gnutls_x509_crq_t crq, unsigned int flags); int gnutls_x509_crq_init (gnutls_x509_crq_t * crq); void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq); int gnutls_x509_crq_import (gnutls_x509_crq_t crq, const gnutls_datum_t * data, gnutls_x509_crt_fmt_t format); int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf, size_t * sizeof_buf); int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx, void *oid, size_t * sizeof_oid); int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq, const char *oid, int indx, unsigned int raw_flag, void *buf, size_t * sizeof_buf); int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq, const char *oid, unsigned int raw_flag, const void *data, unsigned int sizeof_data); int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq, unsigned int version); int gnutls_x509_crq_get_version (gnutls_x509_crq_t crq); int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key); int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq, const char *pass); int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq, char *pass, size_t * sizeof_pass); int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq, const char *oid, void *buf, size_t sizeof_buf); int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq, const char *oid, int indx, void *buf, size_t * sizeof_buf); int gnutls_x509_crq_export (gnutls_x509_crq_t crq, gnutls_x509_crt_fmt_t format, void *output_data, size_t * output_data_size); int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq); int gnutls_x509_crt_set_crq_extensions (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq); int gnutls_x509_crq_set_key_rsa_raw (gnutls_x509_crq_t crq, const gnutls_datum_t * m, const gnutls_datum_t * e); int gnutls_x509_crq_set_subject_alt_name (gnutls_x509_crq_t crq, gnutls_x509_subject_alt_name_t nt, const void *data, unsigned int data_size, unsigned int flags); int gnutls_x509_crq_set_key_usage (gnutls_x509_crq_t crq, unsigned int usage); int gnutls_x509_crq_set_basic_constraints (gnutls_x509_crq_t crq, unsigned int ca, int pathLenConstraint); int gnutls_x509_crq_set_key_purpose_oid (gnutls_x509_crq_t crq, const void *oid, unsigned int critical); int gnutls_x509_crq_get_key_purpose_oid (gnutls_x509_crq_t crq, int indx, void *oid, size_t * sizeof_oid, unsigned int *critical); int gnutls_x509_crq_get_extension_data (gnutls_x509_crq_t crq, int indx, void *data, size_t * sizeof_data); int gnutls_x509_crq_get_extension_info (gnutls_x509_crq_t crq, int indx, void *oid, size_t * sizeof_oid, int *critical); int gnutls_x509_crq_get_attribute_data (gnutls_x509_crq_t crq, int indx, void *data, size_t * sizeof_data); int gnutls_x509_crq_get_attribute_info (gnutls_x509_crq_t crq, int indx, void *oid, size_t * sizeof_oid); int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq, unsigned int *bits); int gnutls_x509_crq_get_key_id (gnutls_x509_crq_t crq, unsigned int flags, unsigned char *output_data, size_t * output_data_size); int gnutls_x509_crq_get_key_rsa_raw (gnutls_x509_crq_t crq, gnutls_datum_t * m, gnutls_datum_t * e); int gnutls_x509_crq_get_key_usage (gnutls_x509_crq_t crq, unsigned int *key_usage, unsigned int *critical); int gnutls_x509_crq_get_basic_constraints (gnutls_x509_crq_t crq, unsigned int *critical, int *ca, int *pathlen); int gnutls_x509_crq_get_subject_alt_name (gnutls_x509_crq_t crq, unsigned int seq, void *ret, size_t * ret_size, unsigned int *ret_type, unsigned int *critical); int gnutls_x509_crq_get_subject_alt_othername_oid (gnutls_x509_crq_t crq, unsigned int seq, void *ret, size_t * ret_size); int gnutls_x509_crq_get_extension_by_oid (gnutls_x509_crq_t crq, const char *oid, int indx, void *buf, size_t * sizeof_buf, unsigned int *critical); #ifdef __cplusplus } #endif #endif /* GNUTLS_X509_H */