diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:33:12 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-28 07:33:12 +0000 |
commit | 36082a2fe36ecd800d784ae44c14f1f18c66a7e9 (patch) | |
tree | 6c68e0c0097987aff85a01dabddd34b862309a7c /lib/x509/common.h | |
parent | Initial commit. (diff) | |
download | gnutls28-36082a2fe36ecd800d784ae44c14f1f18c66a7e9.tar.xz gnutls28-36082a2fe36ecd800d784ae44c14f1f18c66a7e9.zip |
Adding upstream version 3.7.9.upstream/3.7.9upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/x509/common.h')
-rw-r--r-- | lib/x509/common.h | 308 |
1 files changed, 308 insertions, 0 deletions
diff --git a/lib/x509/common.h b/lib/x509/common.h new file mode 100644 index 0000000..457d4c4 --- /dev/null +++ b/lib/x509/common.h @@ -0,0 +1,308 @@ +/* + * Copyright (C) 2003-2012 Free Software Foundation, Inc. + * Copyright (C) 2017 Red Hat, Inc. + * + * Author: Nikos Mavrogiannopoulos + * + * This file is part of GnuTLS. + * + * The GnuTLS is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with this program. If not, see <https://www.gnu.org/licenses/> + * + */ + +#ifndef GNUTLS_LIB_X509_COMMON_H +#define GNUTLS_LIB_X509_COMMON_H + +#include <algorithms.h> +#include <abstract_int.h> +#include <x509/x509_int.h> +#include <fips.h> + +#define MAX_STRING_LEN 512 + +#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) +# define MAX_ITER_COUNT 10*1024 +#else +/* Set a maximum iteration count over which we refuse to + * decode a file. That is to prevent DoS. */ +# define MAX_ITER_COUNT (10*1024*1024) +#endif + +#define GNUTLS_XML_SHOW_ALL 1 + +#define PEM_CRL "X509 CRL" +#define PEM_X509_CERT "X509 CERTIFICATE" +#define PEM_X509_CERT2 "CERTIFICATE" +#define PEM_PKCS7 "PKCS7" +#define PEM_PKCS12 "PKCS12" +#define PEM_PK "PUBLIC KEY" + +/* public key algorithm's OIDs + */ +#define PK_PKIX1_RSA_OID "1.2.840.113549.1.1.1" +#define PK_PKIX1_RSA_PSS_OID "1.2.840.113549.1.1.10" +#define PK_X509_RSA_OID "2.5.8.1.1" +#define PK_DSA_OID "1.2.840.10040.4.1" +#define PK_GOST_R3410_94_OID "1.2.643.2.2.20" +#define PK_GOST_R3410_2001_OID "1.2.643.2.2.19" +#define PK_GOST_R3410_2012_256_OID "1.2.643.7.1.1.1.1" +#define PK_GOST_R3410_2012_512_OID "1.2.643.7.1.1.1.2" + +/* signature OIDs + */ +#define SIG_DSA_SHA1_OID "1.2.840.10040.4.3" +/* those two from draft-ietf-pkix-sha2-dsa-ecdsa-06 */ +#define SIG_DSA_SHA224_OID "2.16.840.1.101.3.4.3.1" +#define SIG_DSA_SHA256_OID "2.16.840.1.101.3.4.3.2" +#define SIG_DSA_SHA384_OID "2.16.840.1.101.3.4.3.3" +#define SIG_DSA_SHA512_OID "2.16.840.1.101.3.4.3.4" + +#define SIG_RSA_MD5_OID "1.2.840.113549.1.1.4" +#define SIG_RSA_MD2_OID "1.2.840.113549.1.1.2" +#define SIG_RSA_SHA1_OID "1.2.840.113549.1.1.5" +#define SIG_RSA_SHA224_OID "1.2.840.113549.1.1.14" +#define SIG_RSA_SHA256_OID "1.2.840.113549.1.1.11" +#define SIG_RSA_SHA384_OID "1.2.840.113549.1.1.12" +#define SIG_RSA_SHA512_OID "1.2.840.113549.1.1.13" +#define SIG_RSA_RMD160_OID "1.3.36.3.3.1.2" +#define SIG_GOST_R3410_94_OID "1.2.643.2.2.4" +#define SIG_GOST_R3410_2001_OID "1.2.643.2.2.3" +#define SIG_GOST_R3410_2012_256_OID "1.2.643.7.1.1.3.2" +#define SIG_GOST_R3410_2012_512_OID "1.2.643.7.1.1.3.3" +#define ISO_SIG_RSA_SHA1_OID "1.3.14.3.2.29" + +#define SIG_DSA_SHA3_224_OID "2.16.840.1.101.3.4.3.5" +#define SIG_DSA_SHA3_256_OID "2.16.840.1.101.3.4.3.6" +#define SIG_DSA_SHA3_384_OID "2.16.840.1.101.3.4.3.7" +#define SIG_DSA_SHA3_512_OID "2.16.840.1.101.3.4.3.8" + +#define SIG_ECDSA_SHA3_224_OID "2.16.840.1.101.3.4.3.9" +#define SIG_ECDSA_SHA3_256_OID "2.16.840.1.101.3.4.3.10" +#define SIG_ECDSA_SHA3_384_OID "2.16.840.1.101.3.4.3.11" +#define SIG_ECDSA_SHA3_512_OID "2.16.840.1.101.3.4.3.12" + +#define SIG_RSA_SHA3_224_OID "2.16.840.1.101.3.4.3.13" +#define SIG_RSA_SHA3_256_OID "2.16.840.1.101.3.4.3.14" +#define SIG_RSA_SHA3_384_OID "2.16.840.1.101.3.4.3.15" +#define SIG_RSA_SHA3_512_OID "2.16.840.1.101.3.4.3.16" + +#define ECDH_X25519_OID "1.3.101.110" +#define ECDH_X448_OID "1.3.101.111" + +#define SIG_EDDSA_SHA512_OID "1.3.101.112" +#define SIG_ED448_OID "1.3.101.113" + +#define XMPP_OID "1.3.6.1.5.5.7.8.5" +#define KRB5_PRINCIPAL_OID "1.3.6.1.5.2.2" +#define MSUSER_PRINCIPAL_NAME_OID "1.3.6.1.4.1.311.20.2.3" +#define PKIX1_RSA_PSS_MGF1_OID "1.2.840.113549.1.1.8" + +#define GOST28147_89_OID "1.2.643.2.2.21" +#define GOST28147_89_TC26Z_OID "1.2.643.7.1.2.5.1.1" +#define GOST28147_89_CPA_OID "1.2.643.2.2.31.1" +#define GOST28147_89_CPB_OID "1.2.643.2.2.31.2" +#define GOST28147_89_CPC_OID "1.2.643.2.2.31.3" +#define GOST28147_89_CPD_OID "1.2.643.2.2.31.4" + +#define ASN1_NULL "\x05\x00" +#define ASN1_NULL_SIZE 2 + +struct oid_to_string { + const char *oid; + unsigned oid_size; + const char *name_desc; + unsigned name_desc_size; + const char *asn_desc; /* description in the pkix file if complex type */ + unsigned int etype; /* the libtasn1 ASN1_ETYPE or INVALID + * if cannot be simply parsed */ +}; + +const struct oid_to_string *_gnutls_oid_get_entry(const struct oid_to_string *ots, const char *oid); + +const char *_gnutls_oid_get_asn_desc(const char *oid); + +int _gnutls_x509_set_time(asn1_node c2, const char *where, time_t tim, + int force_general); +int +_gnutls_x509_set_raw_time(asn1_node c2, const char *where, time_t tim); + +int _gnutls_x509_decode_string(unsigned int etype, + const uint8_t * der, size_t der_size, + gnutls_datum_t * output, + unsigned allow_ber); + +int _gnutls_x509_encode_string(unsigned int etype, + const void *input_data, size_t input_size, + gnutls_datum_t * output); + +int _gnutls_x509_dn_to_string(const char *OID, void *value, + int value_size, gnutls_datum_t * out); +const char *_gnutls_ldap_string_to_oid(const char *str, unsigned str_len); + +time_t _gnutls_x509_get_time(asn1_node c2, const char *when, int general); + +gnutls_x509_subject_alt_name_t _gnutls_x509_san_find_type(char *str_type); + +int _gnutls_x509_der_encode_and_copy(asn1_node src, const char *src_name, + asn1_node dest, const char *dest_name, + int str); +int _gnutls_x509_der_encode(asn1_node src, const char *src_name, + gnutls_datum_t * res, int str); + +#define _gnutls_x509_export_int(asn1, format, header, out, out_size) \ + _gnutls_x509_export_int_named(asn1, "", format, header, out, out_size) + +int _gnutls_x509_export_int_named(asn1_node asn1_data, const char *name, + gnutls_x509_crt_fmt_t format, + const char *pem_header, + unsigned char *output_data, + size_t * output_data_size); + +#define _gnutls_x509_export_int2(asn1, format, header, out) \ + _gnutls_x509_export_int_named2(asn1, "", format, header, out) +int _gnutls_x509_export_int_named2(asn1_node asn1_data, const char *name, + gnutls_x509_crt_fmt_t format, + const char *pem_header, + gnutls_datum_t * out); + +int _gnutls_x509_read_value(asn1_node c, const char *root, + gnutls_datum_t * ret); +int _gnutls_x509_read_null_value(asn1_node c, const char *root, + gnutls_datum_t * ret); +int _gnutls_x509_read_string(asn1_node c, const char *root, + gnutls_datum_t * ret, unsigned int etype, + unsigned allow_ber); +int _gnutls_x509_write_value(asn1_node c, const char *root, + const gnutls_datum_t * data); + +int _gnutls_x509_write_string(asn1_node c, const char *root, + const gnutls_datum_t * data, + unsigned int etype); + +int _gnutls_x509_encode_and_write_attribute(const char *given_oid, + asn1_node asn1_struct, + const char *where, + const void *data, + int sizeof_data, int multi); +int _gnutls_x509_decode_and_read_attribute(asn1_node asn1_struct, + const char *where, char *oid, + int oid_size, + gnutls_datum_t * value, + int multi, int octet); + +int _gnutls_x509_get_pk_algorithm(asn1_node src, const char *src_name, + gnutls_ecc_curve_t *curve, + unsigned int *bits); + +int +_gnutls_x509_get_signature_algorithm(asn1_node src, const char *src_name); + +int _gnutls_x509_encode_and_copy_PKI_params(asn1_node dst, + const char *dst_name, + const gnutls_pk_params_st * params); +int _gnutls_x509_encode_PKI_params(gnutls_datum_t * der, + const gnutls_pk_params_st * params); +int _gnutls_asn1_copy_node(asn1_node * dst, const char *dst_name, + asn1_node src, const char *src_name); + +int _gnutls_x509_get_signed_data(asn1_node src, const gnutls_datum_t *der, + const char *src_name, + gnutls_datum_t * signed_data); +int _gnutls_x509_get_signature(asn1_node src, const char *src_name, + gnutls_datum_t * signature); + + +int _gnutls_get_asn_mpis(asn1_node asn, const char *root, + gnutls_pk_params_st * params); + +int _gnutls_get_key_id(gnutls_pk_params_st *, + unsigned char *output_data, + size_t * output_data_size, unsigned flags); + +void _asnstr_append_name(char *name, size_t name_size, const char *part1, + const char *part2); + +/* Given a @c2 which it returns an allocated DER encoding of @whom in @out */ +inline static int +_gnutls_x509_get_raw_field(asn1_node c2, const char *whom, gnutls_datum_t *out) +{ + return _gnutls_x509_der_encode(c2, whom, out, 0); +} + +int +_gnutls_x509_get_raw_field2(asn1_node c2, const gnutls_datum_t * raw, + const char *whom, gnutls_datum_t * dn); + +unsigned +_gnutls_check_if_same_key(gnutls_x509_crt_t cert1, + gnutls_x509_crt_t cert2, + unsigned is_ca); + +unsigned +_gnutls_check_if_same_key2(gnutls_x509_crt_t cert1, + gnutls_datum_t *cert2bin); + +unsigned +_gnutls_check_valid_key_id(const gnutls_datum_t *key_id, + gnutls_x509_crt_t cert, time_t now, + unsigned *has_ski); + +unsigned _gnutls_check_key_purpose(gnutls_x509_crt_t cert, const char *purpose, unsigned no_any); + +time_t _gnutls_x509_generalTime2gtime(const char *ttime); + +int _gnutls_get_extension(asn1_node asn, const char *root, + const char *extension_id, int indx, + gnutls_datum_t * ret, unsigned int *_critical); + +int _gnutls_set_extension(asn1_node asn, const char *root, + const char *ext_id, + const gnutls_datum_t * ext_data, unsigned int critical); + +int _gnutls_strdatum_to_buf(gnutls_datum_t * d, void *buf, + size_t * sizeof_buf); + +unsigned _gnutls_is_same_dn(gnutls_x509_crt_t cert1, gnutls_x509_crt_t cert2); + +int _gnutls_copy_string(const gnutls_datum_t* str, uint8_t *out, size_t *out_size); +int _gnutls_copy_data(const gnutls_datum_t* str, uint8_t *out, size_t *out_size); + +int _gnutls_x509_decode_ext(const gnutls_datum_t *der, gnutls_x509_ext_st *out); +int _gnutls_x509_raw_crt_to_raw_pubkey(const gnutls_datum_t * cert, + gnutls_datum_t * rpubkey); + +int _gnutls_x509_get_version(asn1_node root, const char *name); + +int x509_crt_to_raw_pubkey(gnutls_x509_crt_t crt, + gnutls_datum_t * rpubkey); + +typedef void (*gnutls_cert_vfunc)(gnutls_x509_crt_t); + +unsigned int _gnutls_sort_clist(gnutls_x509_crt_t *clist, + unsigned int clist_size); + +int _gnutls_check_if_sorted(gnutls_x509_crt_t * crt, int nr); + +inline static int _asn1_strict_der_decode (asn1_node * element, const void *ider, + int len, char *errorDescription) +{ +#if defined(STRICT_DER_TIME) || !defined(ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME) +# define _ASN1_DER_FLAGS ASN1_DECODE_FLAG_STRICT_DER +#else +# define _ASN1_DER_FLAGS (ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME|ASN1_DECODE_FLAG_STRICT_DER) +#endif + return asn1_der_decoding2(element, ider, &len, _ASN1_DER_FLAGS, errorDescription); +} + +#endif /* GNUTLS_LIB_X509_COMMON_H */ |