Streamlined security for mobile and embedded devices
|
| RSA BSAFE Micro Edition Suite |
Streamlined security for mobile and embedded devices |
|
|
00001 /* $Id: cert_sm.h,v 1.97.4.3 2005/10/12 05:45:47 hpriddle Exp $ */
00002 /*
00003 * Copyright (C) 2001-2002 RSA Security Inc. All rights reserved. This
00004 * work contains proprietary information of RSA Security. Distribution
00005 * is limited to authorized licensees of RSA Security. Any unauthorized
00006 * reproduction, distribution or modification of this work is strictly
00007 * prohibited.
00008 */
00009
00018 #ifndef HEADER_CERT_SM_H
00019 #define HEADER_CERT_SM_H
00020
00021 #ifdef __cplusplus
00022 extern "C" {
00023 #endif
00024
00025 /*
00026 * Include files
00027 */
00028
00029 #include "stack.h"
00030 #ifndef NO_PEM
00031 #include "pem.h"
00032 #endif
00033 #include "x509tc.h"
00034
00035 #ifdef INCLUDE_MHP_SSLSIGN_API
00036 #include "sslsign.h"
00037 #endif
00038
00039 /*
00040 * Exported macro constants
00041 */
00042
00043 /*
00044 * numeric identifiers for public key types that may be used for signing.
00045 * we need to have a definition for a PKEY type for SSLCERT_PKEY_from_binary
00046 * These values could be returned by SSLCERT_get_signature_type.
00047 */
00048 #ifndef EVP_PKEY_RSA
00049 #define EVP_PKEY_RSA 6
00050 #endif
00051
00052 #ifndef EVP_PKEY_DSA
00053 #define EVP_PKEY_DSA 116
00054 #endif
00055
00056 /* These values could be returned by SSLCERT_get_signature_digest_type
00057 * NOTE: These *must* be the same values as the X509_DIGEST_TYPE_* defines
00058 * in xtc_locl.h
00059 */
00076 #define SSLCERT_DIGEST_TYPE_MD2 1
00077
00080 #define SSLCERT_DIGEST_TYPE_MD5 2
00081
00084 #define SSLCERT_DIGEST_TYPE_SHA1 3
00085
00101 #define SSLCERT_TIME_NOTBEFORE TC_X509_TIME_NOTBEFORE
00102
00104 #define SSLCERT_TIME_NOTAFTER TC_X509_TIME_NOTAFTER
00105 /* END: SSLCERT_VALIDITY_TIME_IDS */
00110 /*
00111 * Exported types
00112 */
00113
00114 /* make sure we have a definition (safe) for EVP_PKEY and EVP_MD */
00115 #if !defined(HEADER_COMMON_EVP_H) && !defined(HEADER_SSL_H)
00116 #ifndef HEADER_COMMON_EVP_H_TYPEDEF_DEF
00117 #define HEADER_COMMON_EVP_H_TYPEDEF_DEF
00118 typedef struct evp_pkey_st EVP_PKEY; /* EVP asymmetric key type */
00119 typedef struct evp_md_st EVP_MD; /* EVP message digest type */
00120 typedef struct evp_md_ctx_st EVP_MD_CTX; /* EVP message digest ctx type */
00121 typedef struct evp_cipher_st EVP_CIPHER; /* EVP cipher type */
00122 typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; /* EVP cipher ctx type */
00123 typedef struct evp_encode_ctx_st EVP_ENCODE_CTX; /* EVP Base64 ctx type */
00124 /* To remove a dependence of the old evp on ASN.1 definitions */
00125 typedef void EVP_ASN1_TYPE; /* EVP general ASN.1 object type */
00126 #endif /* HEADER_COMMON_EVP_H_TYPEDEF_DEF */
00127 #endif /* !defined(HEADER_COMMON_EVP_H) && !defined(HEADER_SSL_H) */
00128
00129 /* we declare opaque data types for those things for which we can
00130 * switch the implementation routines - hence they do not really have
00131 * a known type as it can change at runtime
00132 */
00133
00137 typedef TC_X509 SSLCERT; /* X509 certificate type */
00138
00143 typedef TC_X509_NAME SSLCERT_NAME; /* X509 NAME type */
00144
00149 typedef TC_X509_NAME_ENTRY SSLCERT_NAME_ENTRY; /* X509 NAME_ENTRY type */
00150
00158 typedef EVP_PKEY SSLCERT_PKEY; /* Asymmetric key type */
00159
00164 typedef void SSLCERT_STORE_CTX; /* Certificate store instance type */
00165
00170 typedef void SSLCERT_STORE; /* Certificate store type */
00171
00172 /* Some functions from EVP layer are public APIs */
00173 void R_CDECL EVP_PKEY_free(EVP_PKEY *pkey);
00174 void R_CDECL EVP_PKEY_reference_inc(EVP_PKEY *pkey);
00175 EVP_PKEY * R_CDECL EVP_PKEY_new(void);
00176
00177 /* make sure we have a definition (safe) for SSL */
00178 #ifndef HEADER_SSL_H_TYPEDEF_DEF
00179 #define HEADER_SSL_H_TYPEDEF_DEF
00180 typedef struct ssl_st SSL; /* SSL structure type */
00181 #endif /* HEADER_SSL_H_TYPEDEF_DEF*/
00182
00183 /*
00184 * Exported macro functions
00185 */
00186
00187 /* Much of the SSLCERT API for a SSL-C small code build is defined to
00188 * call directly to TC_X509 functions for certificate handling. Because
00189 * this implementation is limited some of the API macros are undefined.
00190 * The list follows:
00191 * void *SSLCERT_from_binary_bio(BIO *bio, SSLCERT *cert),
00192 * SSLCERT_STORE_new(), SSLCERT_STORE_free(),
00193 * SSLCERT_STORE_load_locations(), SSLCERT_STORE_set_default_paths(s),
00194 * SSLCERT_STORE_set_verify_cb(s,cb),SSLCERT_STORE_get_by_subject(sc,t,n,r),
00195 * SSLCERT_STORE_CTX_new(), SSLCERT_STORE_CTX_free(sc),
00196 * SSLCERT_STORE_CTX_init(sc,s,c,ch), SSLCERT_STORE_CTX_cleanup(sc),
00197 * SSLCERT_STORE_get_ex_new_index(l,p,nf,df,ff),
00198 * SSLCERT_STORE_cleanup_ex_data(), SSLCERT_STORE_set_ex_data(c,i,d),
00199 * SSLCERT_STORE_get_ex_data(sc,i), SSLCERT_STORE_CTX_get_error(sc),
00200 * SSLCERT_STORE_CTX_set_error(sc,err),
00201 * SSLCERT_STORE_CTX_get_error_depth(sc),
00202 * SSLCERT_STORE_CTX_get_current_cert(sc)
00203 *
00204 */
00205
00216 #define SSLCERT_tinycode_setup()
00217
00218
00228 #define SSLCERT_normal_setup()
00229
00254 #define SSLCERT_new TC_X509_new
00255
00271 #define SSLCERT_free TC_X509_free
00272
00283 #define SSLCERT_set_meth_data TC_X509_set_meth_data
00284
00296 #define SSLCERT_get_meth_data TC_X509_get_meth_data
00297
00313 #define SSLCERT_set_info TC_X509_set_info
00314
00331 #define SSLCERT_get_info TC_X509_get_info
00332
00340 #define SSLCERT_dup TC_X509_dup
00341
00361 #define SSLCERT_verify TC_X509_verify
00362
00380 #define SSLCERT_digest TC_X509_digest
00381
00404 #define SSLCERT_to_binary i2d_TC_X509
00405
00423 #define SSLCERT_from_binary d2i_TC_X509
00424
00440 #define SSLCERT_reference_inc TC_X509_reference_inc
00441
00447 #define SSLCERT_get_signature_type TC_X509_get_signature_type
00448
00454 #define SSLCERT_get_signature_digest_type TC_X509_get_signature_digest_type
00455
00473 #define SSLCERT_get_signature_data(cert,len,data) \
00474 TC_X509_get_signature_data((cert),(len),(data))
00475
00481 #define SSLCERT_get_version TC_X509_get_version
00482
00488 #define SSLCERT_get_version_string TC_X509_get_version_string
00489
00510 #define SSLCERT_subject_name_cmp TC_X509_subject_name_cmp
00511
00523 #define SSLCERT_get_issuer_name TC_X509_get_issuer_name
00524
00535 #define SSLCERT_get_subject_name TC_X509_get_subject_name
00536
00551 #define SSLCERT_get_pubkey TC_X509_get_pubkey
00552
00568 #define SSLCERT_get_pubkey_info(cert,pp,length) \
00569 TC_X509_get_pubkey_info_data((cert),(pp),(length))
00570
00581 #define SSLCERT_check_private_key TC_X509_check_private_key
00582
00591 #define SSLCERT_do_application_cb(s,sk,cb,cbarg,vr) \
00592 ((cb) != NULL)?((cb)((s),(SSLCERT **)(sk_data(sk)),\
00593 sk_num((sk)),(cbarg),(vr))):0
00594
00603 #define SSLCERT_do_verify_cb(s,sk,sc,cb,cbarg,vr) \
00604 ((*(vr)=X509_V_ERR_APPLICATION_VERIFICATION), 0)
00605
00614 #define SSLCERT_NAME_new TC_X509_NAME_new
00615
00625 #define SSLCERT_NAME_free TC_X509_NAME_free
00626
00638 #define SSLCERT_NAME_dup TC_X509_NAME_dup
00639
00649 #define SSLCERT_NAME_hash TC_X509_NAME_hash
00650
00665 #define SSLCERT_NAME_cmp TC_X509_NAME_cmp
00666
00689 #define SSLCERT_NAME_from_binary d2i_TC_X509_NAME
00690
00708 #define SSLCERT_NAME_to_binary i2d_TC_X509_NAME
00709
00721 #define SSLCERT_NAME_oneline TC_X509_NAME_oneline
00722
00735 #define SSLCERT_NAME_get_entry_count TC_X509_NAME_get_entry_count
00736
00756 #define SSLCERT_NAME_get_entry TC_X509_NAME_get_entry
00757
00781 #define SSLCERT_NAME_ENTRY_get_oid_info(cne,oidtype,oidpp,oidlen) \
00782 SSLCERT_NAME_ENTRY_get_info \
00783 ((cne),(oidtype),(oidpp),(oidlen),NULL,NULL,NULL)
00784
00804 #define SSLCERT_NAME_ENTRY_get_data_info(cne,datatype,datapp,datalen) \
00805 SSLCERT_NAME_ENTRY_get_info \
00806 ((cne),NULL,NULL,NULL,(datatype),(datapp),(datalen))
00807
00808
00809 #ifndef NO_PEM
00810
00812 #define SSLCERT_PEM_read_bio_SSLCERT(bp,c,cb) \
00813 PEM_ASN1_read_bio((char *(*)())d2i_TC_X509,PEM_STRING_X509,(bp),(c),cb)
00814
00815 #endif /* NO_PEM */
00816
00827 #define SSLCERT_PKEY_new EVP_PKEY_new
00828
00838 #define SSLCERT_PKEY_free EVP_PKEY_free
00839
00865 #define SSLCERT_PKEY_from_PUBKEY_binary(type,ppkey,pp,length) \
00866 d2i_TC_PublicKey((type),(ppkey),(pp),(length))
00867
00885 #define SSLCERT_verify_signature TC_X509_verify_signature
00886
00900 #define SSLCERT_PKEY_reference_inc EVP_PKEY_reference_inc
00901
00924 #define SSLCERT_PKEY_from_binary(type,ppkey,pp,length) \
00925 d2i_TC_PrivateKey((type),(ppkey),(pp),(length))
00926
00946 #define SSLCERT_PKEY_to_binary(ppkey,pp) \
00947 i2d_TC_PrivateKey((ppkey),(pp))
00948
00968 #define SSLCERT_PKEY_to_PUBKEY_binary(ppkey,pp) \
00969 i2d_TC_PublicKey((ppkey),(pp))
00970
00988 #define SSLCERT_verify_signature TC_X509_verify_signature
00989
01007 #define SSLCERT_get_serialNumber_info(cert,type,pp,length) \
01008 TC_X509_get_serialNumber_info((cert),(type),(pp),(length))
01009
01022 #define SSLCERT_get_serialNumber_int(cert,snump) \
01023 TC_X509_get_serialNumber_int((cert),(snump))
01024
01051 #define SSLCERT_get_notAfter(cert,type,pp,length) \
01052 TC_X509_get_notAfter_info((cert),(type),(pp),(length))
01053
01081 #define SSLCERT_get_notBefore(cert,type,pp,length) \
01082 TC_X509_get_notBefore_info((cert),(type),(pp),(length))
01083
01100 #define SSLCERT_NAME_get_info(xn,pp,length) \
01101 TC_X509_NAME_get_info_data((xn),(pp),(length))
01102
01135 #define SSLCERT_NAME_ENTRY_get_info(cne,oidtype,oidpp,oidlen,datatype,datapp, \
01136 datalen) \
01137 TC_X509_NAME_ENTRY_get_info_data((cne),(oidtype),(oidpp),(oidlen), \
01138 (datatype),(datapp),(datalen))
01139
01156 #define SSLCERT_get_TBSCertificate_data(cert,len,data) \
01157 TC_X509_get_TBSCertificate_data((cert),(len),(data))
01158
01172 #define SSLCERT_get_validity_seconds(cert,id,pseconds) \
01173 TC_X509_get_validity_seconds((cert),(id),(pseconds))
01174
01196 #define SSLCERT_get_basic_constraints_int(cert,crit,constraints,is_ca) \
01197 TC_X509_get_basic_constraints_int(cert,crit,constraints,is_ca)
01198
01214 #define SSLCERT_get_key_usage_int(cert,crit,usage) \
01215 TC_X509_get_key_usage_int(cert,crit,usage)
01216
01239 #define SSLCERT_get_crl_distribution_points(cert,index,what,crit,len,data) \
01240 TC_X509_get_crl_distribution_points(cert,index,what,crit,len,data)
01241
01242 /*
01243 * Function prototypes
01244 */
01245
01246 char * R_CDECL SSLCERT_OID_to_string(unsigned char *data,long len,int flag);
01247 int R_CDECL SSLCERT_fingerprint(SSLCERT *cert,unsigned char *buf,unsigned int *plen);
01248 int R_CDECL SSLCERT_compare_ASN1_time(int time_encoding, unsigned char *cert_time,
01249 unsigned int now_time, int *result);
01250
01251 /*
01252 * These macros are defined to be backward compatibile with SSL-C ME 1.0.1
01253 */
01254 #define SSLCERT_get_cRLDistributionPoints \
01255 SSLCERT_get_crl_distribution_points
01256
01257 #define SSLCERT_get_key_Usage_int SSLCERT_get_key_usage_int
01258
01259 /* end group SSL_CERT_HAND_FUNCS */
01263 void R_CDECL ERR_load_SSLCERT_strings(void);
01264
01265
01266
01267 /* BEGIN ERROR CODES */
01268 /* Error codes for the SSLCERT functions. */
01269
01270 /* Function codes. */
01271 #define SSLCERT_F_FINGERPRINT 101
01272 #define SSLCERT_F_FROM_BINARY_BIO 113
01273 #define SSLCERT_F_GET_VERSION 154
01274 #define SSLCERT_F_PKEY_FROM_BINARY 107
01275 #define SSLCERT_F_STORE_CTX_CLEANUP 137
01276 #define SSLCERT_F_STORE_CTX_CLEANUP_EX_DATA 138
01277 #define SSLCERT_F_STORE_CTX_FREE 152
01278 #define SSLCERT_F_STORE_CTX_GET_CURRENT_CERT 139
01279 #define SSLCERT_F_STORE_CTX_GET_ERROR 140
01280 #define SSLCERT_F_STORE_CTX_GET_ERROR_DEPTH 141
01281 #define SSLCERT_F_STORE_CTX_GET_EX_DATA 142
01282 #define SSLCERT_F_STORE_CTX_GET_EX_NEW_INDEX 102
01283 #define SSLCERT_F_STORE_CTX_INIT 143
01284 #define SSLCERT_F_STORE_CTX_NEW 153
01285 #define SSLCERT_F_STORE_CTX_SET_ERROR 144
01286 #define SSLCERT_F_STORE_CTX_SET_EX_DATA 145
01287 #define SSLCERT_F_STORE_GET_BY_SUBJECT 147
01288 #define SSLCERT_F_STORE_LOAD_LOCATIONS 103
01289 #define SSLCERT_F_STORE_SET_DEFAULT_PATHS 104
01290 #define SSLCERT_F_STORE_SET_VERIFY_CB 155
01291 #define SSLCERT_F_PKEY_TO_BINARY 174
01292 #define SSLCERT_F_PKEY_TO_PUBKEY_BINARY 175
01293
01294 /* Reason codes. */
01295
01296 #ifdef __cplusplus
01297 }
01298 #endif
01299
01300 #endif /* HEADER_CERT_SM_H */
01301