From 4aca87515a5083ae0e31ce3177189fd43b6d05ac Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Sat, 3 Jan 2015 13:58:15 +0100 Subject: patch to Vanilla Tomato 1.28 --- release/src/router/matrixssl/src/pki/pkiInternal.h | 240 +++++++++++++++++++++ 1 file changed, 240 insertions(+) create mode 100644 release/src/router/matrixssl/src/pki/pkiInternal.h (limited to 'release/src/router/matrixssl/src/pki/pkiInternal.h') diff --git a/release/src/router/matrixssl/src/pki/pkiInternal.h b/release/src/router/matrixssl/src/pki/pkiInternal.h new file mode 100644 index 00000000..ef89feb3 --- /dev/null +++ b/release/src/router/matrixssl/src/pki/pkiInternal.h @@ -0,0 +1,240 @@ +/* + * pkiInternal.h + * Release $Name: MATRIXSSL_1_8_8_OPEN $ + * + * Public header file for MatrixSSL PKI extension + * Implementations interacting with the PKI portion of the + * matrixssl library should only use the APIs and definitions + * used in this file. + */ +/* + * Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved. + * The latest version of this code is available at http://www.matrixssl.org + * + * This software is open source; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This General Public License does NOT permit incorporating this software + * into proprietary programs. If you are unable to comply with the GPL, a + * commercial license for this software may be purchased from PeerSec Networks + * at http://www.peersec.com + * + * This program is distributed in WITHOUT ANY WARRANTY; without even the + * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * See the GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * http://www.gnu.org/copyleft/gpl.html + */ +/******************************************************************************/ + +#ifndef _h_PSPKI_INTERNAL +#define _h_PSPKI_INTERNAL +#define _h_EXPORT_SYMBOLS + +#ifdef __cplusplus +extern "C" { +#endif + +/* + Require OS for PeerSec malloc and crypto to determine what we include here +*/ +#include "../../matrixCommon.h" +#include "../os/osLayer.h" +#include "../crypto/cryptoLayer.h" + +/******************************************************************************/ +/* + ASN defines + + 8 bit bit masks for ASN.1 tag field +*/ +#define ASN_PRIMITIVE 0x0 +#define ASN_CONSTRUCTED 0x20 + +#define ASN_UNIVERSAL 0x0 +#define ASN_APPLICATION 0x40 +#define ASN_CONTEXT_SPECIFIC 0x80 +#define ASN_PRIVATE 0xC0 + +/* + ASN.1 primitive data types +*/ +enum { + ASN_BOOLEAN = 1, + ASN_INTEGER, + ASN_BIT_STRING, + ASN_OCTET_STRING, + ASN_NULL, + ASN_OID, + ASN_UTF8STRING = 12, + ASN_SEQUENCE = 16, + ASN_SET, + ASN_PRINTABLESTRING = 19, + ASN_T61STRING, + ASN_IA5STRING = 22, + ASN_UTCTIME, + ASN_GENERALIZEDTIME, + ASN_GENERAL_STRING = 27, + ASN_BMPSTRING = 30 +}; + + +extern int32 getBig(psPool_t *pool, unsigned char **pp, int32 len, mp_int *big); +extern int32 getSerialNum(psPool_t *pool, unsigned char **pp, int32 len, + unsigned char **sn, int32 *snLen); +extern int32 getInteger(unsigned char **pp, int32 len, int32 *val); +extern int32 getSequence(unsigned char **pp, int32 len, int32 *outLen); +extern int32 getSet(unsigned char **pp, int32 len, int32 *outLen); +extern int32 getExplicitVersion(unsigned char **pp, int32 len, int32 expVal, + int32 *outLen); +extern int32 getAlgorithmIdentifier(unsigned char **pp, int32 len, int32 *oi, + int32 isPubKey); +extern int32 getValidity(psPool_t *pool, unsigned char **pp, int32 len, + char **notBefore, char **notAfter); +extern int32 getSignature(psPool_t *pool, unsigned char **pp, int32 len, + unsigned char **sig, int32 *sigLen); +extern int32 getImplicitBitString(psPool_t *pool, unsigned char **pp, int32 len, + int32 impVal, unsigned char **bitString, int32 *bitLen); + +/* + Define to enable more extension parsing +*/ +#define USE_FULL_CERT_PARSE + +/******************************************************************************/ +/* + The USE_RSA define is primarily for future compat when more key exchange + protocols are added. Crypto should always define this for now. +*/ +#define OID_RSA_MD2 646 +#define OID_RSA_MD5 648 +#define OID_RSA_SHA1 649 + +/* + DN attributes are used outside the X509 area for cert requests, + which have been included in the RSA portions of the code +*/ +typedef struct { + char *country; + char *state; + char *locality; + char *organization; + char *orgUnit; + char *commonName; + char hash[SSL_SHA1_HASH_SIZE]; +} DNattributes_t; + + +#ifdef USE_X509 + +typedef struct { + int32 ca; + int32 pathLenConstraint; +} extBasicConstraints_t; + +typedef struct { + int32 len; + unsigned char *id; +} extSubjectKeyId_t; + +typedef struct { + int32 keyLen; + unsigned char *keyId; + DNattributes_t attribs; + int32 serialNumLen; + unsigned char *serialNum; +} extAuthKeyId_t; +/* + FUTURE: add support for the other extensions +*/ +typedef struct { + extBasicConstraints_t bc; + sslSubjectAltName_t *san; +#ifdef USE_FULL_CERT_PARSE + extSubjectKeyId_t sk; + extAuthKeyId_t ak; + unsigned char *keyUsage; + int32 keyUsageLen; +#endif /* USE_FULL_CERT_PARSE */ +} v3extensions_t; + +typedef struct sslCert { + int32 version; + int32 valid; + unsigned char *serialNumber; + int32 serialNumberLen; + DNattributes_t issuer; + DNattributes_t subject; + char *notBefore; + char *notAfter; + sslRsaKey_t publicKey; + int32 certAlgorithm; + int32 sigAlgorithm; + int32 pubKeyAlgorithm; + unsigned char *signature; + int32 signatureLen; + unsigned char sigHash[SSL_SHA1_HASH_SIZE]; + unsigned char *uniqueUserId; + int32 uniqueUserIdLen; + unsigned char *uniqueSubjectId; + int32 uniqueSubjectIdLen; + v3extensions_t extensions; + struct sslCert *next; +} sslCert_t; + +typedef struct sslLocalCert { + sslRsaKey_t *privKey; + unsigned char *certBin; + uint32 certLen; + struct sslLocalCert *next; +} sslLocalCert_t; + +typedef struct { + sslLocalCert_t cert; +#ifdef USE_CLIENT_SIDE_SSL + sslCert_t *caCerts; +#endif /* USE_CLIENT_SIDE_SSL */ +} sslKeys_t; + +#endif /* USE_X509 */ + + + +/* + Helpers for inter-pki communications +*/ +extern int32 asnParseLength(unsigned char **p, int32 size, int32 *valLen); +extern int32 psAsnConfirmSignature(unsigned char *sigHash, + unsigned char *sigOut, int32 sigLen); +extern int32 getDNAttributes(psPool_t *pool, unsigned char **pp, int32 len, + DNattributes_t *attribs); +extern int32 getPubKey(psPool_t *pool, unsigned char **pp, int32 len, + sslRsaKey_t *pubKey); +extern void psFreeDNStruct(DNattributes_t *dn); + +#ifdef USE_FILE_SYSTEM +extern int32 readCertChain(psPool_t *pool, const char *certFiles, + sslLocalCert_t *lkeys); +extern int32 psGetFileBin(psPool_t *pool, const char *fileName, + unsigned char **bin, int32 *binLen); +extern int32 base64encodeAndWrite(psPool_t *pool, const char *fileName, + unsigned char *bin, int32 binLen, int32 fileType, + char *hexCipherIV, int32 hexCipherIVLen); +#endif /* USE_FILE_SYSTEM */ + +/* + Finally, include the public header +*/ +#include "matrixPki.h" + +#ifdef __cplusplus +} +#endif + +#endif /* _h_PSPKI_INTERNAL */ + -- cgit v1.2.3-54-g00ecf