1 /* 2 * x509.h 3 * Release $Name: MATRIXSSL-3-3-0-OPEN $ 4 */ 5 /* 6 * Copyright (c) AuthenTec, Inc. 2011-2012 7 * Copyright (c) PeerSec Networks, 2002-2011 8 * All Rights Reserved 9 * 10 * The latest version of this code is available at http://www.matrixssl.org 11 * 12 * This software is open source; you can redistribute it and/or modify 13 * it under the terms of the GNU General Public License as published by 14 * the Free Software Foundation; either version 2 of the License, or 15 * (at your option) any later version. 16 * 17 * This General Public License does NOT permit incorporating this software 18 * into proprietary programs. If you are unable to comply with the GPL, a 19 * commercial license for this software may be purchased from AuthenTec at 20 * http://www.authentec.com/Products/EmbeddedSecurity/SecurityToolkits.aspx 21 * 22 * This program is distributed in WITHOUT ANY WARRANTY; without even the 23 * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 24 * See the GNU General Public License for more details. 25 * 26 * You should have received a copy of the GNU General Public License 27 * along with this program; if not, write to the Free Software 28 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 29 * http://www.gnu.org/copyleft/gpl.html 30 */ 31 /******************************************************************************/ 32 33 #ifndef _h_PS_X509 34 #define _h_PS_X509 35 36 /******************************************************************************/ 37 #ifdef USE_X509 38 /******************************************************************************/ 39 40 /* ClientCertificateType */ 41 enum { 42 RSA_SIGN = 1, 43 DSS_SIGN, 44 RSA_FIXED_DH, 45 DSS_FIXED_DH, 46 ECDSA_SIGN = 64, 47 RSA_FIXED_ECDH, 48 ECDSA_FIXED_ECDH 49 }; 50 51 /* 52 Parsing flags 53 */ 54 #define CERT_STORE_UNPARSED_BUFFER 0x1 55 #define CERT_STORE_DN_BUFFER 0x2 56 57 #ifdef USE_CERT_PARSE 58 /* 59 DN attributes are used outside the X509 area for cert requests, 60 which have been included in the RSA portions of the code 61 */ 62 typedef struct { 63 char *country; 64 char *state; 65 char *locality; 66 char *organization; 67 char *orgUnit; 68 char *commonName; 69 char hash[SHA1_HASH_SIZE]; 70 char *dnenc; /* CERT_STORE_DN_BUFFER */ 71 uint32 dnencLen; 72 short countryType; 73 short countryLen; 74 short stateType; 75 short stateLen; 76 short localityType; 77 short localityLen; 78 short organizationType; 79 short organizationLen; 80 short orgUnitType; 81 short orgUnitLen; 82 short commonNameType; 83 short commonNameLen; 84 } x509DNattributes_t; 85 86 typedef struct { 87 int32 cA; 88 int32 pathLenConstraint; 89 } x509extBasicConstraints_t; 90 91 typedef struct psGeneralNameEntry { 92 int32 id; 93 unsigned char name[16]; 94 unsigned char *data; 95 uint32 dataLen; 96 struct psGeneralNameEntry *next; 97 } x509GeneralName_t; 98 99 #ifdef USE_FULL_CERT_PARSE 100 typedef struct { 101 uint32 len; 102 unsigned char *id; 103 } x509extSubjectKeyId_t; 104 105 typedef struct { 106 uint32 keyLen; 107 unsigned char *keyId; 108 x509DNattributes_t attribs; 109 uint32 serialNumLen; 110 unsigned char *serialNum; 111 } x509extAuthKeyId_t; 112 #endif /* USE_FULL_CERT_PARSE */ 113 114 typedef struct { 115 x509extBasicConstraints_t bc; 116 x509GeneralName_t *san; 117 #ifdef USE_FULL_CERT_PARSE 118 x509extSubjectKeyId_t sk; 119 x509extAuthKeyId_t ak; 120 unsigned char *keyUsage; 121 int32 keyUsageLen; 122 #endif /* USE_FULL_CERT_PARSE */ 123 } x509v3extensions_t; 124 125 #endif /* USE_CERT_PARSE */ 126 127 typedef struct psCert { 128 #ifdef USE_CERT_PARSE 129 int32 version; 130 unsigned char *serialNumber; 131 uint32 serialNumberLen; 132 x509DNattributes_t issuer; 133 x509DNattributes_t subject; 134 int32 timeType; 135 char *notBefore; 136 char *notAfter; 137 psPubKey_t publicKey; 138 int32 pubKeyAlgorithm; /* public key algorithm OID */ 139 int32 certAlgorithm; /* signature algorithm OID */ 140 int32 sigAlgorithm; /* signature algorithm OID */ 141 unsigned char *signature; 142 uint32 signatureLen; 143 unsigned char sigHash[MAX_HASH_SIZE]; 144 unsigned char *uniqueIssuerId; 145 uint32 uniqueIssuerIdLen; 146 unsigned char *uniqueSubjectId; 147 uint32 uniqueSubjectIdLen; 148 x509v3extensions_t extensions; 149 int32 authStatus; /* See psX509AuthenticateCert doc */ 150 #endif /* USE_CERT_PARSE */ 151 unsigned char *unparsedBin; /* see psX509ParseCertFile */ 152 uint32 binLen; 153 struct psCert *next; 154 } psX509Cert_t; 155 156 157 #ifdef USE_CERT_PARSE 158 extern int32 psX509GetSignature(psPool_t *pool, unsigned char **pp, uint32 len, 159 unsigned char **sig, uint32 *sigLen); 160 extern int32 psX509GetDNAttributes(psPool_t *pool, unsigned char **pp, 161 uint32 len, x509DNattributes_t *attribs, int32 flags); 162 extern void psX509FreeDNStruct(x509DNattributes_t *dn); 163 #endif /* USE_CERT_PARSE */ 164 165 #endif /* USE_X509 */ 166 /******************************************************************************/ 167 168 #endif /* _h_PS_X509 */ 169 170