-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathx509cert.h
165 lines (144 loc) · 4.47 KB
/
x509cert.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
#ifndef X509CERT_H
#define X509CERT_H
#include <bearssl.h>
#include <time.h>
struct x509cert_item;
typedef size_t x509cert_encoder(const struct x509cert_item *, unsigned char *);
enum {
X509CERT_ASN1_INTEGER = 0x02,
X509CERT_ASN1_BITSTRING = 0x03,
X509CERT_ASN1_OCTETSTRING = 0x04,
X509CERT_ASN1_NULL = 0x05,
X509CERT_ASN1_OID = 0x06,
X509CERT_ASN1_UTF8STRING = 0x0c,
X509CERT_ASN1_PRINTABLESTRING = 0x13,
X509CERT_ASN1_IA5STRING = 0x16,
X509CERT_ASN1_UTCTIME = 0x17,
X509CERT_ASN1_GENERALIZEDTIME = 0x18,
X509CERT_ASN1_SEQUENCE = 0x30,
X509CERT_ASN1_SET = 0x31,
};
/* ASN.1 item */
struct x509cert_item {
int tag;
size_t len;
const void *val;
x509cert_encoder *enc;
};
/*
* DER-encode an ASN.1 item into a buffer.
*
* If the buffer is NULL, the encoded length of the item is returned.
*
* Otherwise, if enc is NULL, the item tag, length, and value (if
* it is not NULL) are encoded into the buffer and the number of
* bytes encoded is returned.
*
* If enc is not NULL, a custom encoder function is used to encode
* the value.
*/
size_t x509cert_encode(const struct x509cert_item *, unsigned char *);
struct x509cert_skey {
int type;
union {
const br_rsa_private_key *rsa;
const br_ec_private_key *ec;
} u;
};
/* X.501 RelativeDistinguishedName */
struct x509cert_rdn {
const unsigned char *oid;
struct x509cert_item val;
};
/* X.501 DistinguishedName */
struct x509cert_dn {
struct x509cert_rdn *rdn;
size_t rdn_len;
};
/* subjectAltName GeneralName tags (RFC 5280 4.2.1.6) */
enum {
X509CERT_SAN_OTHERNAME = 0xa0, /* SEQUENCE { OID, ANY } */
X509CERT_SAN_RFC822NAME = 0x81, /* IA5String */
X509CERT_SAN_DNSNAME = 0x82, /* IA5String */
X509CERT_SAN_URI = 0x86, /* IA5String */
X509CERT_SAN_IPADDRESS = 0x87, /* OCTET STRING */
};
/* PKCS#10 CertificateRequestInfo */
struct x509cert_req {
struct x509cert_item subject;
br_x509_pkey pkey;
struct x509cert_item *alts;
size_t alts_len;
};
/* X.509 TBSCertificate */
struct x509cert_cert {
struct x509cert_req *req;
unsigned char serial[20];
int key_type; /* BR_KEYTYPE_* */
int hash_id; /* br_*_ID */
struct x509cert_item issuer;
time_t notbefore, notafter;
int ca;
};
extern x509cert_encoder x509cert_dn_encoder;
extern x509cert_encoder x509cert_req_encoder;
extern x509cert_encoder x509cert_cert_encoder;
extern const unsigned char x509cert_oid_CN[];
extern const unsigned char x509cert_oid_L[];
extern const unsigned char x509cert_oid_ST[];
extern const unsigned char x509cert_oid_O[];
extern const unsigned char x509cert_oid_OU[];
extern const unsigned char x509cert_oid_C[];
extern const unsigned char x509cert_oid_STREET[];
extern const unsigned char x509cert_oid_DC[];
extern const unsigned char x509cert_oid_UID[];
/*
* DER-encode a DistinguishedName into a buffer (if it is not NULL).
*
* The encoded length of the DN is returned.
*/
size_t x509cert_encode_dn(const struct x509cert_dn *, unsigned char *);
/*
* Determine the number of RDN components in an RFC 4514 string
* representation of a DistinguishedName.
*/
size_t x509cert_dn_string_rdn_len(const char *);
/*
* Parse an RFC 4514 string representation of a DistinguishedName.
*
* The given string is rewritten in-place store the encoded OIDs
* and RDN values.
*
* The RDN array is populated and must be large enough to accomodate
* all RDN components.
*
* Returns 1 on success, or 0 on parse error.
*/
int x509cert_parse_dn_string(struct x509cert_rdn *, char *);
/*
* DER-encode a PKCS#10 CertificateRequestInfo into a buffer (if
* it is not NULL).
*
* The encoded length of the CertificateRequestInfo is returned.
*/
size_t x509cert_encode_req(const struct x509cert_req *, unsigned char *);
/*
* DER-encode an X.509 TBSCertificate into a buffer (if it is not
* NULL).
*
* The encoded length of the TBSCertificate is returned.
*/
size_t x509cert_encode_cert(const struct x509cert_cert *, unsigned char *);
/*
* Sign an ASN.1 item, and DER-encode the item and its signature
* as an X.509 SIGNED{...} item into a buffer (if it is not NULL).
*
* If the buffer is NULL, the signature is not computed and the
* *maximum* length of the SIGNED item is returned. The actual
* length may be slightly smaller, depending on the signature.
*
* If the key is not supported or there is an error computing the
* signature, 0 is returned.
*/
size_t x509cert_sign(const struct x509cert_item *, const struct x509cert_skey *, const br_hash_class *, unsigned char *);
#endif