1 /**************************************************************************** 2 * * 3 * Certificate DN Header File * 4 * Copyright Peter Gutmann 1996-2008 * 5 * * 6 ****************************************************************************/ 7 8 #ifndef _DN_DEFINED 9 10 #define _DN_DEFINED 11 12 /* DN component information flags. These are: 13 14 FLAG_CONTINUED: Some implementations may place more than one AVA into 15 an RDN, this flag indicates that the RDN continues in the next DN 16 component structure. 17 18 FLAG_LOCKED: If the RDN/DN was set by specifying the entire DN at once 19 using a free-format text DN string it's not a good idea to allow 20 random changes to it so this flag marks the components as locked. 21 22 FLAG_NOCHECK: If we're reading data from an external source the DN can 23 contain all sorts of strange stuff so we use this flag to tell the 24 DN component-handling code not to perform any validity checking on 25 the components as they're added */ 26 27 #define DN_FLAG_NONE 0x00 /* No DN flag */ 28 #define DN_FLAG_CONTINUED 0x01 /* RDN continues with another AVA */ 29 #define DN_FLAG_LOCKED 0x02 /* RDN can't be modified */ 30 #define DN_FLAG_NOCHECK 0x08 /* Don't check validity of components */ 31 #define DN_FLAG_MAX 0x0F /* Maximum possible flag value */ 32 33 /* When comparing DN fields we only want to compare relevant data and not 34 incidental flags related to parsing or encoding actions. The following 35 mask defines the attribute flags that we want to compare */ 36 37 #define DN_FLAGS_COMPARE_MASK ( DN_FLAG_CONTINUED ) 38 39 /* The structure to hold a DN component */ 40 41 typedef struct DC { 42 /* DN component type and type information */ 43 int type; /* cryptlib component type, either a 44 CRYPT_ATTRIBUTE_TYPE or an integer ID */ 45 const void *typeInfo; /* Type information for this component, a 46 pointer to the DN_COMPONENT_INFO tbl */ 47 int flags; 48 49 /* DN component data */ 50 BUFFER_FIXED( valueLength ) \ 51 void *value; /* DN component value */ 52 int valueLength; /* DN component value length */ 53 int valueStringType; /* DN component native string type, 54 encoded as a cookie used by dnstring.c */ 55 56 /* Encoding information: The ASN.1 encoded string type as a 57 BER_STRING_xyz, the overall size of the RDN data (without the tag and 58 length) if this is the first or only component of an RDN, and the size 59 of the AVA containing this component. If it's the first component of 60 a multi-AVA RDN then the DN_FLAG_CONTINUED flag will be set in the 61 flags field */ 62 int asn1EncodedStringType, encodedRDNdataSize, encodedAVAdataSize; 63 64 /* The next and previous list element in the linked list of DN 65 components */ 66 struct DC *next, *prev; 67 68 /* Variable-length storage for the DN data */ 69 DECLARE_VARSTRUCT_VARS; 70 } DN_COMPONENT; 71 72 /* Type information for DN components */ 73 74 typedef struct { 75 const int type; /* cryptlib attribute type, or index 76 value for non-cryptlib attributes */ 77 const BYTE *oid; /* OID for this type */ 78 ARRAY_FIXED( nameLen ) \ 79 const char *name; /* Name for this type */ 80 const int nameLen; 81 ARRAY_FIXED( nameLen ) \ 82 const char *altName; /* Alt. name for this type */ 83 const int altNameLen; 84 const int maxLength; /* Maximum allowed length for this type */ 85 const BOOLEAN ia5OK; /* Whether IA5 is allowed for this comp.*/ 86 const BOOLEAN wcsOK; /* Whether widechar is allowed for comp.*/ 87 } DN_COMPONENT_INFO; 88 89 /* Prototypes for functions in dn.c */ 90 91 CHECK_RETVAL_PTR STDC_NONNULL_ARG( ( 1 ) ) \ 92 const DN_COMPONENT_INFO *findDNInfoByOID( IN_BUFFER( oidLength ) const BYTE *oid, 93 IN_LENGTH_OID const int oidLength ); 94 #ifdef USE_CERT_DNSTRING 95 CHECK_RETVAL_PTR STDC_NONNULL_ARG( ( 1 ) ) \ 96 const DN_COMPONENT_INFO *findDNInfoByLabel( IN_BUFFER( labelLength ) const char *label, 97 IN_LENGTH_SHORT const int labelLength ); 98 #endif /* USE_CERT_DNSTRING */ 99 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 7 ) ) \ 100 int insertDNstring( INOUT DN_COMPONENT **dnComponentListPtrPtr, 101 IN_INT const int type, 102 IN_BUFFER( valueLength ) const void *value, 103 IN_LENGTH_SHORT const int valueLength, 104 IN_RANGE( 1, 20 ) const int valueStringType, 105 IN_FLAGS_Z( DN ) const int flags, 106 OUT_ENUM_OPT( CRYPT_ERRTYPE ) \ 107 CRYPT_ERRTYPE_TYPE *errorType ); 108 109 /* Prototypes for functions in dnstring.c */ 110 111 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 4 ) ) \ 112 int copyToAsn1String( OUT_BUFFER( destMaxLen, *destLen ) void *dest, 113 IN_LENGTH_SHORT const int destMaxLen, 114 OUT_LENGTH_BOUNDED_Z( destMaxLen ) int *destLen, 115 IN_BUFFER( sourceLen ) const void *source, 116 IN_LENGTH_SHORT const int sourceLen, 117 IN_RANGE( 0, 20 ) const int stringType ); 118 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 3, 4, 5 ) ) \ 119 int copyFromAsn1String( OUT_BUFFER( destMaxLen, *destLen ) void *dest, 120 IN_LENGTH_SHORT const int destMaxLen, 121 OUT_LENGTH_BOUNDED_Z( destMaxLen ) int *destLen, 122 OUT_RANGE( 0, 20 ) int *destStringType, 123 IN_BUFFER( sourceLen ) const void *source, 124 IN_LENGTH_SHORT const int sourceLen, 125 IN_TAG_ENCODED const int stringTag ); 126 127 #endif /* _DN_DEFINED */ 128