SKEYID derivation based on libstrongswan
[strongswan.git] / src / pluto / x509.h
1 /* Support of X.509 certificates
2 * Copyright (C) 2000 Andreas Hess, Patric Lichtsteiner, Roger Wegmann
3 * Copyright (C) 2001 Marco Bertossa, Andreas Schleiss
4 * Copyright (C) 2002 Mario Strasser
5 * Copyright (C) 2000-2004 Andreas Steffen, Zuercher Hochschule Winterthur
6 *
7 * This program is free software; you can redistribute it and/or modify it
8 * under the terms of the GNU General Public License as published by the
9 * Free Software Foundation; either version 2 of the License, or (at your
10 * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
11 *
12 * This program is distributed in the hope that it will be useful, but
13 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
14 * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
15 * for more details.
16 */
17
18 #ifndef _X509_H
19 #define _X509_H
20
21 #include "constants.h"
22 #include "pkcs1.h"
23 #include "id.h"
24
25 /* Definition of generalNames kinds */
26
27 typedef enum {
28 GN_OTHER_NAME = 0,
29 GN_RFC822_NAME = 1,
30 GN_DNS_NAME = 2,
31 GN_X400_ADDRESS = 3,
32 GN_DIRECTORY_NAME = 4,
33 GN_EDI_PARTY_NAME = 5,
34 GN_URI = 6,
35 GN_IP_ADDRESS = 7,
36 GN_REGISTERED_ID = 8
37 } generalNames_t;
38
39 /* access structure for a GeneralName */
40
41 typedef struct generalName generalName_t;
42
43 struct generalName {
44 generalName_t *next;
45 generalNames_t kind;
46 chunk_t name;
47 };
48
49 /* access structure for an X.509v3 certificate */
50
51 typedef struct x509cert x509cert_t;
52
53 struct x509cert {
54 x509cert_t *next;
55 time_t installed;
56 int count;
57 bool smartcard;
58 u_char authority_flags;
59 chunk_t certificate;
60 chunk_t tbsCertificate;
61 u_int version;
62 chunk_t serialNumber;
63 /* signature */
64 int sigAlg;
65 chunk_t issuer;
66 /* validity */
67 time_t notBefore;
68 time_t notAfter;
69 chunk_t subject;
70 /* subjectPublicKeyInfo */
71 enum pubkey_alg subjectPublicKeyAlgorithm;
72 chunk_t subjectPublicKey;
73 chunk_t modulus;
74 chunk_t publicExponent;
75 /* issuerUniqueID */
76 /* subjectUniqueID */
77 /* v3 extensions */
78 /* extension */
79 /* extension */
80 /* extnID */
81 /* critical */
82 /* extnValue */
83 bool isCA;
84 bool isOcspSigner; /* ocsp */
85 chunk_t subjectKeyID;
86 chunk_t authKeyID;
87 chunk_t authKeySerialNumber;
88 chunk_t accessLocation; /* ocsp */
89 generalName_t *subjectAltName;
90 generalName_t *crlDistributionPoints;
91 /* signatureAlgorithm */
92 int algorithm;
93 chunk_t signature;
94 };
95
96 /* used for initialization */
97 extern const x509cert_t empty_x509cert;
98
99 extern bool same_serial(chunk_t a, chunk_t b);
100 extern bool same_keyid(chunk_t a, chunk_t b);
101 extern bool same_dn(chunk_t a, chunk_t b);
102 extern bool match_dn(chunk_t a, chunk_t b, int *wildcards);
103 extern bool same_x509cert(const x509cert_t *a, const x509cert_t *b);
104 extern void hex_str(chunk_t bin, chunk_t *str);
105 extern int dn_count_wildcards(chunk_t dn);
106 extern int dntoa(char *dst, size_t dstlen, chunk_t dn);
107 extern int dntoa_or_null(char *dst, size_t dstlen, chunk_t dn
108 , const char* null_dn);
109 extern err_t atodn(char *src, chunk_t *dn);
110 extern void gntoid(struct id *id, const generalName_t *gn);
111 extern bool compute_subjectKeyID(x509cert_t *cert, chunk_t subjectKeyID);
112 extern void select_x509cert_id(x509cert_t *cert, struct id *end_id);
113 extern bool parse_x509cert(chunk_t blob, u_int level0, x509cert_t *cert);
114 extern time_t parse_time(chunk_t blob, int level0);
115 extern void parse_authorityKeyIdentifier(chunk_t blob, int level0
116 , chunk_t *authKeyID, chunk_t *authKeySerialNumber);
117 extern chunk_t get_directoryName(chunk_t blob, int level, bool implicit);
118 extern err_t check_validity(const x509cert_t *cert, time_t *until);
119 extern bool check_signature(chunk_t tbs, chunk_t sig, int digest_alg
120 , int enc_alg, const x509cert_t *issuer_cert);
121 extern bool verify_x509cert(const x509cert_t *cert, bool strict, time_t *until);
122 extern x509cert_t* add_x509cert(x509cert_t *cert);
123 extern x509cert_t* get_x509cert(chunk_t issuer, chunk_t serial, chunk_t keyid
124 , x509cert_t* chain);
125 extern void build_x509cert(x509cert_t *cert, const RSA_public_key_t *cert_key
126 , const RSA_private_key_t *signer_key);
127 extern chunk_t build_subjectAltNames(generalName_t *subjectAltNames);
128 extern void share_x509cert(x509cert_t *cert);
129 extern void release_x509cert(x509cert_t *cert);
130 extern void free_x509cert(x509cert_t *cert);
131 extern void store_x509certs(x509cert_t **firstcert, bool strict);
132 extern void list_x509cert_chain(const char *caption, x509cert_t* cert
133 , u_char auth_flags, bool utc);
134 extern void list_x509_end_certs(bool utc);
135 extern void free_generalNames(generalName_t* gn, bool free_name);
136
137 #endif /* _X509_H */