corrected copyright notices
[gnutls.git] / lib / auth / cert.h
blob93f7e52e6bc725154ef15d646b19b0b213547f8f
1 /*
2 * Copyright (C) 2002-2012 Free Software Foundation, Inc.
4 * Author: Nikos Mavrogiannopoulos
6 * This file is part of GnuTLS.
8 * The GnuTLS is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public License
10 * as published by the Free Software Foundation; either version 3 of
11 * the License, or (at your option) any later version.
13 * This library is distributed in the hope that it will be useful, but
14 * WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 * Lesser General Public License for more details.
18 * You should have received a copy of the GNU Lesser General Public License
19 * along with this program. If not, see <http://www.gnu.org/licenses/>
23 #ifndef AUTH_CERT_H
24 #define AUTH_CERT_H
25 #include "gnutls_auth.h"
26 #include <auth/dh_common.h>
27 #include <x509/x509_int.h>
28 #include <openpgp/openpgp_int.h>
29 #include <gnutls/abstract.h>
30 #include <gnutls/compat.h>
31 #include <gnutls_str_array.h>
33 typedef struct {
34 gnutls_pcert_st * cert_list; /* a certificate chain */
35 unsigned int cert_list_length; /* its length */
36 gnutls_str_array_t names; /* the names in the first certificate */
37 } certs_st;
39 /* This structure may be complex, but it's the only way to
40 * support a server that has multiple certificates
42 typedef struct gnutls_certificate_credentials_st
44 gnutls_dh_params_t dh_params;
45 gnutls_rsa_params_t rsa_params;
46 /* this callback is used to retrieve the DH or RSA
47 * parameters.
49 gnutls_params_function *params_func;
51 certs_st *certs;
52 unsigned ncerts; /* the number of certs */
54 gnutls_privkey_t *pkey;
55 /* private keys. It contains ncerts private
56 * keys. pkey[i] corresponds to certificate in
57 * cert_list[i][0].
60 #ifdef ENABLE_OPENPGP
61 /* OpenPGP specific stuff */
62 gnutls_openpgp_keyring_t keyring;
63 #endif
65 /* X509 specific stuff */
66 gnutls_x509_trust_list_t tlist;
67 unsigned int verify_flags; /* flags to be used at
68 * certificate verification.
70 unsigned int verify_depth;
71 unsigned int verify_bits;
73 /* holds a sequence of the
74 * RDNs of the CAs above.
75 * This is better than
76 * generating on every handshake.
78 gnutls_datum_t x509_rdn_sequence;
80 /* It's a mess here. However we need to keep the old 3 functions
81 * for compatibility */
82 gnutls_certificate_retrieve_function *get_cert_callback; /* deprecated */
83 gnutls_certificate_client_retrieve_function *client_get_cert_callback; /* deprecated */
84 gnutls_certificate_server_retrieve_function *server_get_cert_callback; /* deprecated */
85 gnutls_certificate_retrieve_function2 *get_cert_callback2;
87 gnutls_certificate_verify_function *verify_callback;
89 struct pin_info_st pin;
91 /* OCSP */
92 gnutls_status_request_ocsp_func ocsp_func;
93 void *ocsp_func_ptr;
94 char *ocsp_response_file;
95 } certificate_credentials_st;
97 typedef struct rsa_info_st
99 gnutls_datum_t modulus;
100 gnutls_datum_t exponent;
101 } rsa_info_st;
103 /* This is the information we keep for the peer
104 * certificate.
106 typedef struct cert_auth_info_st
108 /* These (dh/rsa) are just copies from the credentials_t structure.
109 * They must be freed.
111 dh_info_st dh;
112 rsa_info_st rsa_export;
114 gnutls_datum_t *raw_certificate_list; /* holds the raw certificate of the
115 * peer.
117 unsigned int ncerts; /* holds the size of the list above */
119 gnutls_certificate_type_t cert_type;
120 #ifdef ENABLE_OPENPGP
121 uint8_t subkey_id[GNUTLS_OPENPGP_KEYID_SIZE];
122 #endif
123 } *cert_auth_info_t;
125 typedef struct cert_auth_info_st cert_auth_info_st;
127 void _gnutls_free_rsa_info (rsa_info_st * rsa);
129 /* AUTH X509 functions */
130 int _gnutls_gen_cert_server_crt (gnutls_session_t, gnutls_buffer_st *);
131 int _gnutls_gen_cert_client_crt (gnutls_session_t, gnutls_buffer_st *);
132 int _gnutls_gen_cert_client_crt_vrfy (gnutls_session_t, gnutls_buffer_st *);
133 int _gnutls_gen_cert_server_cert_req (gnutls_session_t, gnutls_buffer_st *);
134 int _gnutls_proc_cert_cert_req (gnutls_session_t, uint8_t *, size_t);
135 int _gnutls_proc_cert_client_crt_vrfy (gnutls_session_t, uint8_t *, size_t);
136 int _gnutls_proc_crt (gnutls_session_t, uint8_t *, size_t);
137 int _gnutls_get_selected_cert (gnutls_session_t session,
138 gnutls_pcert_st ** apr_cert_list,
139 int *apr_cert_list_length,
140 gnutls_privkey_t * apr_pkey);
142 int _gnutls_server_select_cert (struct gnutls_session_int *,
143 gnutls_pk_algorithm_t*, size_t);
144 void _gnutls_selected_certs_deinit (gnutls_session_t session);
145 void _gnutls_selected_certs_set (gnutls_session_t session,
146 gnutls_pcert_st * certs, int ncerts,
147 gnutls_privkey_t key, int need_free);
149 gnutls_rsa_params_t _gnutls_certificate_get_rsa_params (gnutls_rsa_params_t
150 rsa_params,
151 gnutls_params_function
152 * func,
153 gnutls_session_t);
155 int _gnutls_get_auth_info_pcert (gnutls_pcert_st* gcert,
156 gnutls_certificate_type_t type,
157 cert_auth_info_t info);
159 int certificate_credential_append_crt_list (gnutls_certificate_credentials_t
160 res, gnutls_str_array_t names,
161 gnutls_pcert_st* crt, int nr);
162 int certificate_credentials_append_pkey (gnutls_certificate_credentials_t res,
163 gnutls_privkey_t pkey);
165 int _gnutls_selected_cert_supported_kx (struct gnutls_session_int *session,
166 gnutls_kx_algorithm_t * alg,
167 int *alg_size);
170 _gnutls_check_key_cert_match (gnutls_certificate_credentials_t res);
172 #endif