1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
|
/*
* pkiInternal.h
* Release $Name: MATRIXSSL_1_8_8_OPEN $
*
* Public header file for MatrixSSL PKI extension
* Implementations interacting with the PKI portion of the
* matrixssl library should only use the APIs and definitions
* used in this file.
*/
/*
* Copyright (c) PeerSec Networks, 2002-2009. All Rights Reserved.
* The latest version of this code is available at http://www.matrixssl.org
*
* This software is open source; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This General Public License does NOT permit incorporating this software
* into proprietary programs. If you are unable to comply with the GPL, a
* commercial license for this software may be purchased from PeerSec Networks
* at http://www.peersec.com
*
* This program is distributed in WITHOUT ANY WARRANTY; without even the
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
* http://www.gnu.org/copyleft/gpl.html
*/
/******************************************************************************/
#ifndef _h_PSPKI_INTERNAL
#define _h_PSPKI_INTERNAL
#define _h_EXPORT_SYMBOLS
#ifdef __cplusplus
extern "C" {
#endif
/*
Require OS for PeerSec malloc and crypto to determine what we include here
*/
#include "../../matrixCommon.h"
#include "../os/osLayer.h"
#include "../crypto/cryptoLayer.h"
/******************************************************************************/
/*
ASN defines
8 bit bit masks for ASN.1 tag field
*/
#define ASN_PRIMITIVE 0x0
#define ASN_CONSTRUCTED 0x20
#define ASN_UNIVERSAL 0x0
#define ASN_APPLICATION 0x40
#define ASN_CONTEXT_SPECIFIC 0x80
#define ASN_PRIVATE 0xC0
/*
ASN.1 primitive data types
*/
enum {
ASN_BOOLEAN = 1,
ASN_INTEGER,
ASN_BIT_STRING,
ASN_OCTET_STRING,
ASN_NULL,
ASN_OID,
ASN_UTF8STRING = 12,
ASN_SEQUENCE = 16,
ASN_SET,
ASN_PRINTABLESTRING = 19,
ASN_T61STRING,
ASN_IA5STRING = 22,
ASN_UTCTIME,
ASN_GENERALIZEDTIME,
ASN_GENERAL_STRING = 27,
ASN_BMPSTRING = 30
};
extern int32 getBig(psPool_t *pool, unsigned char **pp, int32 len, mp_int *big);
extern int32 getSerialNum(psPool_t *pool, unsigned char **pp, int32 len,
unsigned char **sn, int32 *snLen);
extern int32 getInteger(unsigned char **pp, int32 len, int32 *val);
extern int32 getSequence(unsigned char **pp, int32 len, int32 *outLen);
extern int32 getSet(unsigned char **pp, int32 len, int32 *outLen);
extern int32 getExplicitVersion(unsigned char **pp, int32 len, int32 expVal,
int32 *outLen);
extern int32 getAlgorithmIdentifier(unsigned char **pp, int32 len, int32 *oi,
int32 isPubKey);
extern int32 getValidity(psPool_t *pool, unsigned char **pp, int32 len,
char **notBefore, char **notAfter);
extern int32 getSignature(psPool_t *pool, unsigned char **pp, int32 len,
unsigned char **sig, int32 *sigLen);
extern int32 getImplicitBitString(psPool_t *pool, unsigned char **pp, int32 len,
int32 impVal, unsigned char **bitString, int32 *bitLen);
/*
Define to enable more extension parsing
*/
#define USE_FULL_CERT_PARSE
/******************************************************************************/
/*
The USE_RSA define is primarily for future compat when more key exchange
protocols are added. Crypto should always define this for now.
*/
#define OID_RSA_MD2 646
#define OID_RSA_MD5 648
#define OID_RSA_SHA1 649
/*
DN attributes are used outside the X509 area for cert requests,
which have been included in the RSA portions of the code
*/
typedef struct {
char *country;
char *state;
char *locality;
char *organization;
char *orgUnit;
char *commonName;
char hash[SSL_SHA1_HASH_SIZE];
} DNattributes_t;
#ifdef USE_X509
typedef struct {
int32 ca;
int32 pathLenConstraint;
} extBasicConstraints_t;
typedef struct {
int32 len;
unsigned char *id;
} extSubjectKeyId_t;
typedef struct {
int32 keyLen;
unsigned char *keyId;
DNattributes_t attribs;
int32 serialNumLen;
unsigned char *serialNum;
} extAuthKeyId_t;
/*
FUTURE: add support for the other extensions
*/
typedef struct {
extBasicConstraints_t bc;
sslSubjectAltName_t *san;
#ifdef USE_FULL_CERT_PARSE
extSubjectKeyId_t sk;
extAuthKeyId_t ak;
unsigned char *keyUsage;
int32 keyUsageLen;
#endif /* USE_FULL_CERT_PARSE */
} v3extensions_t;
typedef struct sslCert {
int32 version;
int32 valid;
unsigned char *serialNumber;
int32 serialNumberLen;
DNattributes_t issuer;
DNattributes_t subject;
char *notBefore;
char *notAfter;
sslRsaKey_t publicKey;
int32 certAlgorithm;
int32 sigAlgorithm;
int32 pubKeyAlgorithm;
unsigned char *signature;
int32 signatureLen;
unsigned char sigHash[SSL_SHA1_HASH_SIZE];
unsigned char *uniqueUserId;
int32 uniqueUserIdLen;
unsigned char *uniqueSubjectId;
int32 uniqueSubjectIdLen;
v3extensions_t extensions;
struct sslCert *next;
} sslCert_t;
typedef struct sslLocalCert {
sslRsaKey_t *privKey;
unsigned char *certBin;
uint32 certLen;
struct sslLocalCert *next;
} sslLocalCert_t;
typedef struct {
sslLocalCert_t cert;
#ifdef USE_CLIENT_SIDE_SSL
sslCert_t *caCerts;
#endif /* USE_CLIENT_SIDE_SSL */
} sslKeys_t;
#endif /* USE_X509 */
/*
Helpers for inter-pki communications
*/
extern int32 asnParseLength(unsigned char **p, int32 size, int32 *valLen);
extern int32 psAsnConfirmSignature(unsigned char *sigHash,
unsigned char *sigOut, int32 sigLen);
extern int32 getDNAttributes(psPool_t *pool, unsigned char **pp, int32 len,
DNattributes_t *attribs);
extern int32 getPubKey(psPool_t *pool, unsigned char **pp, int32 len,
sslRsaKey_t *pubKey);
extern void psFreeDNStruct(DNattributes_t *dn);
#ifdef USE_FILE_SYSTEM
extern int32 readCertChain(psPool_t *pool, const char *certFiles,
sslLocalCert_t *lkeys);
extern int32 psGetFileBin(psPool_t *pool, const char *fileName,
unsigned char **bin, int32 *binLen);
extern int32 base64encodeAndWrite(psPool_t *pool, const char *fileName,
unsigned char *bin, int32 binLen, int32 fileType,
char *hexCipherIV, int32 hexCipherIVLen);
#endif /* USE_FILE_SYSTEM */
/*
Finally, include the public header
*/
#include "matrixPki.h"
#ifdef __cplusplus
}
#endif
#endif /* _h_PSPKI_INTERNAL */
|
