1 /* 2 * Copyright (c) 2007, Cameron Rich 3 * 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions are met: 8 * 9 * * Redistributions of source code must retain the above copyright notice, 10 * this list of conditions and the following disclaimer. 11 * * Redistributions in binary form must reproduce the above copyright notice, 12 * this list of conditions and the following disclaimer in the documentation 13 * and/or other materials provided with the distribution. 14 * * Neither the name of the axTLS project nor the names of its contributors 15 * may be used to endorse or promote products derived from this software 16 * without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR 22 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 23 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 25 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 26 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 27 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 28 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 /** 32 * @file crypto_misc.h 33 */ 34 35 #ifndef HEADER_CRYPTO_MISC_H 36 #define HEADER_CRYPTO_MISC_H 37 38 #ifdef __cplusplus 39 extern "C" { 40 #endif 41 42 #include "crypto.h" 43 #include "bigint.h" 44 45 /************************************************************************** 46 * X509 declarations 47 **************************************************************************/ 48 #define X509_OK 0 49 #define X509_NOT_OK -1 50 #define X509_VFY_ERROR_NO_TRUSTED_CERT -2 51 #define X509_VFY_ERROR_BAD_SIGNATURE -3 52 #define X509_VFY_ERROR_NOT_YET_VALID -4 53 #define X509_VFY_ERROR_EXPIRED -5 54 #define X509_VFY_ERROR_SELF_SIGNED -6 55 #define X509_VFY_ERROR_INVALID_CHAIN -7 56 #define X509_VFY_ERROR_UNSUPPORTED_DIGEST -8 57 #define X509_INVALID_PRIV_KEY -9 58 59 /* 60 * The Distinguished Name 61 */ 62 #define X509_NUM_DN_TYPES 3 63 #define X509_COMMON_NAME 0 64 #define X509_ORGANIZATION 1 65 #define X509_ORGANIZATIONAL_UNIT 2 66 67 struct _x509_ctx 68 { 69 char *ca_cert_dn[X509_NUM_DN_TYPES]; 70 char *cert_dn[X509_NUM_DN_TYPES]; 71 char **subject_alt_dnsnames; 72 time_t not_before; 73 time_t not_after; 74 uint8_t *signature; 75 uint16_t sig_len; 76 uint8_t sig_type; 77 RSA_CTX *rsa_ctx; 78 bigint *digest; 79 struct _x509_ctx *next; 80 }; 81 82 typedef struct _x509_ctx X509_CTX; 83 84 #ifdef CONFIG_SSL_CERT_VERIFICATION 85 typedef struct 86 { 87 X509_CTX *cert[CONFIG_X509_MAX_CA_CERTS]; 88 } CA_CERT_CTX; 89 #endif 90 91 int x509_new(const uint8_t *cert, int *len, X509_CTX **ctx); 92 void x509_free(X509_CTX *x509_ctx); 93 #ifdef CONFIG_SSL_CERT_VERIFICATION 94 int x509_verify(const CA_CERT_CTX *ca_cert_ctx, const X509_CTX *cert); 95 #endif 96 #ifdef CONFIG_SSL_FULL_MODE 97 void x509_print(const X509_CTX *cert, CA_CERT_CTX *ca_cert_ctx); 98 const char * x509_display_error(int error); 99 #endif 100 101 /************************************************************************** 102 * ASN1 declarations 103 **************************************************************************/ 104 #define ASN1_INTEGER 0x02 105 #define ASN1_BIT_STRING 0x03 106 #define ASN1_OCTET_STRING 0x04 107 #define ASN1_NULL 0x05 108 #define ASN1_PRINTABLE_STR2 0x0C 109 #define ASN1_OID 0x06 110 #define ASN1_PRINTABLE_STR2 0x0C 111 #define ASN1_PRINTABLE_STR 0x13 112 #define ASN1_TELETEX_STR 0x14 113 #define ASN1_IA5_STR 0x16 114 #define ASN1_UTC_TIME 0x17 115 #define ASN1_UNICODE_STR 0x1e 116 #define ASN1_SEQUENCE 0x30 117 #define ASN1_CONTEXT_DNSNAME 0x82 118 #define ASN1_SET 0x31 119 #define ASN1_V3_DATA 0xa3 120 #define ASN1_IMPLICIT_TAG 0x80 121 #define ASN1_CONTEXT_DNSNAME 0x82 122 #define ASN1_EXPLICIT_TAG 0xa0 123 #define ASN1_V3_DATA 0xa3 124 125 #define SIG_TYPE_MD2 0x02 126 #define SIG_TYPE_MD5 0x04 127 #define SIG_TYPE_SHA1 0x05 128 129 int get_asn1_length(const uint8_t *buf, int *offset); 130 int asn1_get_private_key(const uint8_t *buf, int len, RSA_CTX **rsa_ctx); 131 int asn1_next_obj(const uint8_t *buf, int *offset, int obj_type); 132 int asn1_skip_obj(const uint8_t *buf, int *offset, int obj_type); 133 int asn1_get_int(const uint8_t *buf, int *offset, uint8_t **object); 134 int asn1_version(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); 135 int asn1_validity(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); 136 int asn1_name(const uint8_t *cert, int *offset, char *dn[]); 137 int asn1_public_key(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); 138 #ifdef CONFIG_SSL_CERT_VERIFICATION 139 int asn1_signature(const uint8_t *cert, int *offset, X509_CTX *x509_ctx); 140 int asn1_find_subjectaltname(const uint8_t* cert, int offset); 141 int asn1_compare_dn(char * const dn1[], char * const dn2[]); 142 #endif /* CONFIG_SSL_CERT_VERIFICATION */ 143 int asn1_signature_type(const uint8_t *cert, 144 int *offset, X509_CTX *x509_ctx); 145 146 /************************************************************************** 147 * MISC declarations 148 **************************************************************************/ 149 #define SALT_SIZE 8 150 151 extern const char * const unsupported_str; 152 153 typedef void (*crypt_func)(void *, const uint8_t *, uint8_t *, int); 154 typedef void (*hmac_func)(const uint8_t *msg, int length, const uint8_t *key, 155 int key_len, uint8_t *digest); 156 157 int get_file(const char *filename, uint8_t **buf); 158 159 #if defined(CONFIG_SSL_FULL_MODE) || defined(WIN32) || defined(CONFIG_DEBUG) 160 EXP_FUNC void STDCALL print_blob(const char *format, const uint8_t *data, int size, ...); 161 #else 162 #define print_blob(...) 163 #endif 164 165 EXP_FUNC int STDCALL base64_decode(const char *in, int len, 166 uint8_t *out, int *outlen); 167 168 #ifdef __cplusplus 169 } 170 #endif 171 172 #endif 173