1 /*
2  * Copyright (c) 2007, Cameron Rich
3  *
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions are met:
8  *
9  * * Redistributions of source code must retain the above copyright notice,
10  *   this list of conditions and the following disclaimer.
11  * * Redistributions in binary form must reproduce the above copyright notice,
12  *   this list of conditions and the following disclaimer in the documentation
13  *   and/or other materials provided with the distribution.
14  * * Neither the name of the axTLS project nor the names of its contributors
15  *   may be used to endorse or promote products derived from this software
16  *   without specific prior written permission.
17  *
18  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR
22  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
23  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
25  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
26  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
27  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
28  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30 
31 /**
32  * @file crypto_misc.h
33  */
34 
35 #ifndef HEADER_CRYPTO_MISC_H
36 #define HEADER_CRYPTO_MISC_H
37 
38 #ifdef __cplusplus
39 extern "C" {
40 #endif
41 
42 #include "crypto.h"
43 #include "bigint.h"
44 
45 /**************************************************************************
46  * X509 declarations
47  **************************************************************************/
48 #define X509_OK                             0
49 #define X509_NOT_OK                         -1
50 #define X509_VFY_ERROR_NO_TRUSTED_CERT      -2
51 #define X509_VFY_ERROR_BAD_SIGNATURE        -3
52 #define X509_VFY_ERROR_NOT_YET_VALID        -4
53 #define X509_VFY_ERROR_EXPIRED              -5
54 #define X509_VFY_ERROR_SELF_SIGNED          -6
55 #define X509_VFY_ERROR_INVALID_CHAIN        -7
56 #define X509_VFY_ERROR_UNSUPPORTED_DIGEST   -8
57 #define X509_INVALID_PRIV_KEY               -9
58 
59 /*
60  * The Distinguished Name
61  */
62 #define X509_NUM_DN_TYPES                   3
63 #define X509_COMMON_NAME                    0
64 #define X509_ORGANIZATION                   1
65 #define X509_ORGANIZATIONAL_UNIT            2
66 
67 struct _x509_ctx
68 {
69     char *ca_cert_dn[X509_NUM_DN_TYPES];
70     char *cert_dn[X509_NUM_DN_TYPES];
71     char **subject_alt_dnsnames;
72     time_t not_before;
73     time_t not_after;
74     uint8_t *signature;
75     uint16_t sig_len;
76     uint8_t sig_type;
77     RSA_CTX *rsa_ctx;
78     bigint *digest;
79     struct _x509_ctx *next;
80 };
81 
82 typedef struct _x509_ctx X509_CTX;
83 
84 #ifdef CONFIG_SSL_CERT_VERIFICATION
85 typedef struct
86 {
87     X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS];
88 } CA_CERT_CTX;
89 #endif
90 
91 int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx);
92 void x509_free(X509_CTX *x509_ctx);
93 #ifdef CONFIG_SSL_CERT_VERIFICATION
94 int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert);
95 #endif
96 #ifdef CONFIG_SSL_FULL_MODE
97 void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx);
98 const char * x509_display_error(int error);
99 #endif
100 
101 /**************************************************************************
102  * ASN1 declarations
103  **************************************************************************/
104 #define ASN1_INTEGER            0x02
105 #define ASN1_BIT_STRING         0x03
106 #define ASN1_OCTET_STRING       0x04
107 #define ASN1_NULL               0x05
108 #define ASN1_PRINTABLE_STR2     0x0C
109 #define ASN1_OID                0x06
110 #define ASN1_PRINTABLE_STR2     0x0C
111 #define ASN1_PRINTABLE_STR      0x13
112 #define ASN1_TELETEX_STR        0x14
113 #define ASN1_IA5_STR            0x16
114 #define ASN1_UTC_TIME           0x17
115 #define ASN1_UNICODE_STR        0x1e
116 #define ASN1_SEQUENCE           0x30
117 #define ASN1_CONTEXT_DNSNAME	0x82
118 #define ASN1_SET                0x31
119 #define ASN1_V3_DATA			0xa3
120 #define ASN1_IMPLICIT_TAG       0x80
121 #define ASN1_CONTEXT_DNSNAME	0x82
122 #define ASN1_EXPLICIT_TAG       0xa0
123 #define ASN1_V3_DATA			0xa3
124 
125 #define SIG_TYPE_MD2            0x02
126 #define SIG_TYPE_MD5            0x04
127 #define SIG_TYPE_SHA1           0x05
128 
129 int get_asn1_length(const uint8_t *buf, int *offset);
130 int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx);
131 int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type);
132 int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type);
133 int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object);
134 int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
135 int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
136 int asn1_name(const uint8_t *cert, int *offset, char *dn[]);
137 int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
138 #ifdef CONFIG_SSL_CERT_VERIFICATION
139 int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx);
140 int asn1_find_subjectaltname(const uint8_t* cert, int offset);
141 int asn1_compare_dn(char * const dn1[], char * const dn2[]);
142 #endif /* CONFIG_SSL_CERT_VERIFICATION */
143 int asn1_signature_type(const uint8_t *cert,
144                                 int *offset, X509_CTX *x509_ctx);
145 
146 /**************************************************************************
147  * MISC declarations
148  **************************************************************************/
149 #define SALT_SIZE               8
150 
151 extern const char * const unsupported_str;
152 
153 typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int);
154 typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key,
155         int key_len, uint8_t *digest);
156 
157 int get_file(const char *filename, uint8_t **buf);
158 
159 #if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG)
160 EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...);
161 #else
162     #define print_blob(...)
163 #endif
164 
165 EXP_FUNC int STDCALL base64_decode(const char *in,  int len,
166                     uint8_t *out, int *outlen);
167 
168 #ifdef __cplusplus
169 }
170 #endif
171 
172 #endif
173