2
* Copyright (C) 2003, 2004, 2005, 2007 Free Software Foundation
4
* Author: Nikos Mavrogiannopoulos
6
* This file is part of GNUTLS.
8
* The GNUTLS library is free software; you can redistribute it and/or
9
* modify it under the terms of the GNU Lesser General Public License
10
* as published by the Free Software Foundation; either version 2.1 of
11
* the License, or (at your option) any later version.
13
* This library is distributed in the hope that it will be useful, but
14
* WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16
* Lesser General Public License for more details.
18
* You should have received a copy of the GNU Lesser General Public
19
* License along with this library; if not, write to the Free Software
20
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
25
/* This file contains the types and prototypes for the X.509
26
* certificate and CRL handling functions.
30
# define GNUTLS_X509_H
37
#include <gnutls/gnutls.h>
39
/* Some OIDs usually found in Distinguished names, or
40
* in Subject Directory Attribute extensions.
42
#define GNUTLS_OID_X520_COUNTRY_NAME "2.5.4.6"
43
#define GNUTLS_OID_X520_ORGANIZATION_NAME "2.5.4.10"
44
#define GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11"
45
#define GNUTLS_OID_X520_COMMON_NAME "2.5.4.3"
46
#define GNUTLS_OID_X520_LOCALITY_NAME "2.5.4.7"
47
#define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8"
49
#define GNUTLS_OID_X520_INITIALS "2.5.4.43"
50
#define GNUTLS_OID_X520_GENERATION_QUALIFIER "2.5.4.44"
51
#define GNUTLS_OID_X520_SURNAME "2.5.4.4"
52
#define GNUTLS_OID_X520_GIVEN_NAME "2.5.4.42"
53
#define GNUTLS_OID_X520_TITLE "2.5.4.12"
54
#define GNUTLS_OID_X520_DN_QUALIFIER "2.5.4.46"
55
#define GNUTLS_OID_X520_PSEUDONYM "2.5.4.65"
57
#define GNUTLS_OID_LDAP_DC "0.9.2342.19200300.100.1.25"
58
#define GNUTLS_OID_LDAP_UID "0.9.2342.19200300.100.1.1"
60
/* The following should not be included in DN.
62
#define GNUTLS_OID_PKCS9_EMAIL "1.2.840.113549.1.9.1"
64
#define GNUTLS_OID_PKIX_DATE_OF_BIRTH "1.3.6.1.5.5.7.9.1"
65
#define GNUTLS_OID_PKIX_PLACE_OF_BIRTH "1.3.6.1.5.5.7.9.2"
66
#define GNUTLS_OID_PKIX_GENDER "1.3.6.1.5.5.7.9.3"
67
#define GNUTLS_OID_PKIX_COUNTRY_OF_CITIZENSHIP "1.3.6.1.5.5.7.9.4"
68
#define GNUTLS_OID_PKIX_COUNTRY_OF_RESIDENCE "1.3.6.1.5.5.7.9.5"
70
/* Key purpose Object Identifiers.
72
#define GNUTLS_KP_TLS_WWW_SERVER "1.3.6.1.5.5.7.3.1"
73
#define GNUTLS_KP_TLS_WWW_CLIENT "1.3.6.1.5.5.7.3.2"
74
#define GNUTLS_KP_CODE_SIGNING "1.3.6.1.5.5.7.3.3"
75
#define GNUTLS_KP_EMAIL_PROTECTION "1.3.6.1.5.5.7.3.4"
76
#define GNUTLS_KP_TIME_STAMPING "1.3.6.1.5.5.7.3.8"
77
#define GNUTLS_KP_OCSP_SIGNING "1.3.6.1.5.5.7.3.9"
78
#define GNUTLS_KP_ANY "2.5.29.37.0"
80
/* Certificate handling functions.
82
typedef enum gnutls_certificate_import_flags
84
/* Fail if the certificates in the buffer are more than the space
85
* allocated for certificates. The error code will be
86
* GNUTLS_E_SHORT_MEMORY_BUFFER.
88
GNUTLS_X509_CRT_LIST_IMPORT_FAIL_IF_EXCEED = 1
89
} gnutls_certificate_import_flags;
91
int gnutls_x509_crt_init (gnutls_x509_crt_t * cert);
92
void gnutls_x509_crt_deinit (gnutls_x509_crt_t cert);
93
int gnutls_x509_crt_import (gnutls_x509_crt_t cert,
94
const gnutls_datum_t * data,
95
gnutls_x509_crt_fmt_t format);
96
int gnutls_x509_crt_list_import (gnutls_x509_crt_t * certs,
97
unsigned int *cert_max,
98
const gnutls_datum_t * data,
99
gnutls_x509_crt_fmt_t format,
101
int gnutls_x509_crt_export (gnutls_x509_crt_t cert,
102
gnutls_x509_crt_fmt_t format,
103
void *output_data, size_t * output_data_size);
104
int gnutls_x509_crt_get_issuer_dn (gnutls_x509_crt_t cert, char *buf,
105
size_t * sizeof_buf);
106
int gnutls_x509_crt_get_issuer_dn_oid (gnutls_x509_crt_t cert, int indx,
107
void *oid, size_t * sizeof_oid);
108
int gnutls_x509_crt_get_issuer_dn_by_oid (gnutls_x509_crt_t cert,
109
const char *oid, int indx,
110
unsigned int raw_flag,
111
void *buf, size_t * sizeof_buf);
112
int gnutls_x509_crt_get_dn (gnutls_x509_crt_t cert, char *buf,
113
size_t * sizeof_buf);
114
int gnutls_x509_crt_get_dn_oid (gnutls_x509_crt_t cert, int indx,
115
void *oid, size_t * sizeof_oid);
116
int gnutls_x509_crt_get_dn_by_oid (gnutls_x509_crt_t cert,
117
const char *oid, int indx,
118
unsigned int raw_flag, void *buf,
119
size_t * sizeof_buf);
120
int gnutls_x509_crt_check_hostname (gnutls_x509_crt_t cert,
121
const char *hostname);
123
int gnutls_x509_crt_get_signature_algorithm (gnutls_x509_crt_t cert);
124
int gnutls_x509_crt_get_signature (gnutls_x509_crt_t cert,
125
char *sig, size_t *sizeof_sig);
126
int gnutls_x509_crt_get_version (gnutls_x509_crt_t cert);
127
int gnutls_x509_crt_get_key_id (gnutls_x509_crt_t crt,
129
unsigned char *output_data,
130
size_t * output_data_size);
132
int gnutls_x509_crt_set_authority_key_id (gnutls_x509_crt_t cert,
133
const void *id, size_t id_size);
134
int gnutls_x509_crt_get_authority_key_id (gnutls_x509_crt_t cert,
135
void *ret, size_t * ret_size,
136
unsigned int *critical);
138
int gnutls_x509_crt_get_subject_key_id (gnutls_x509_crt_t cert,
139
void *ret, size_t * ret_size,
140
unsigned int *critical);
142
#define GNUTLS_CRL_REASON_UNUSED 128
143
#define GNUTLS_CRL_REASON_KEY_COMPROMISE 64
144
#define GNUTLS_CRL_REASON_CA_COMPROMISE 32
145
#define GNUTLS_CRL_REASON_AFFILIATION_CHANGED 16
146
#define GNUTLS_CRL_REASON_SUPERSEEDED 8
147
#define GNUTLS_CRL_REASON_CESSATION_OF_OPERATION 4
148
#define GNUTLS_CRL_REASON_CERTIFICATE_HOLD 2
149
#define GNUTLS_CRL_REASON_PRIVILEGE_WITHDRAWN 1
150
#define GNUTLS_CRL_REASON_AA_COMPROMISE 32768
152
int gnutls_x509_crt_get_crl_dist_points (gnutls_x509_crt_t cert,
153
unsigned int seq, void *ret,
155
unsigned int *reason_flags,
156
unsigned int *critical);
157
int gnutls_x509_crt_set_crl_dist_points (gnutls_x509_crt_t crt,
158
gnutls_x509_subject_alt_name_t
159
type, const void *data_string,
160
unsigned int reason_flags);
161
int gnutls_x509_crt_cpy_crl_dist_points (gnutls_x509_crt_t dst,
162
gnutls_x509_crt_t src);
164
time_t gnutls_x509_crt_get_activation_time (gnutls_x509_crt_t cert);
165
time_t gnutls_x509_crt_get_expiration_time (gnutls_x509_crt_t cert);
166
int gnutls_x509_crt_get_serial (gnutls_x509_crt_t cert, void *result,
167
size_t * result_size);
169
int gnutls_x509_crt_get_pk_algorithm (gnutls_x509_crt_t cert,
171
int gnutls_x509_crt_get_pk_rsa_raw (gnutls_x509_crt_t crt,
172
gnutls_datum_t * m, gnutls_datum_t * e);
173
int gnutls_x509_crt_get_pk_dsa_raw (gnutls_x509_crt_t crt,
176
gnutls_datum_t * g, gnutls_datum_t * y);
178
int gnutls_x509_crt_get_subject_alt_name (gnutls_x509_crt_t cert,
179
unsigned int seq, void *ret,
181
unsigned int *critical);
182
int gnutls_x509_crt_get_subject_alt_name2 (gnutls_x509_crt_t cert,
183
unsigned int seq, void *ret, size_t * ret_size,
184
unsigned int* ret_type, unsigned int *critical);
186
int gnutls_x509_crt_get_subject_alt_othername_oid (gnutls_x509_crt_t cert,
191
int gnutls_x509_crt_get_ca_status (gnutls_x509_crt_t cert,
192
unsigned int *critical);
193
int gnutls_x509_crt_get_basic_constraints (gnutls_x509_crt_t cert,
194
unsigned int *critical,
198
/* The key_usage flags are defined in gnutls.h. They are the
199
* GNUTLS_KEY_* definitions.
201
int gnutls_x509_crt_get_key_usage (gnutls_x509_crt_t cert,
202
unsigned int *key_usage,
203
unsigned int *critical);
204
int gnutls_x509_crt_set_key_usage (gnutls_x509_crt_t crt,
207
int gnutls_x509_crt_get_proxy (gnutls_x509_crt_t cert,
208
unsigned int *critical,
210
char **policyLanguage,
212
size_t *sizeof_policy);
214
int gnutls_x509_dn_oid_known (const char *oid);
216
/* Read extensions by OID. */
217
int gnutls_x509_crt_get_extension_oid (gnutls_x509_crt_t cert, int indx,
218
void *oid, size_t * sizeof_oid);
219
int gnutls_x509_crt_get_extension_by_oid (gnutls_x509_crt_t cert,
220
const char *oid, int indx,
223
unsigned int *critical);
225
/* Read extensions by sequence number. */
226
int gnutls_x509_crt_get_extension_info (gnutls_x509_crt_t cert, int indx,
227
void *oid, size_t * sizeof_oid,
229
int gnutls_x509_crt_get_extension_data (gnutls_x509_crt_t cert, int indx,
230
void *data, size_t * sizeof_data);
232
int gnutls_x509_crt_set_extension_by_oid (gnutls_x509_crt_t crt,
236
unsigned int critical);
238
/* X.509 Certificate writing.
240
int gnutls_x509_crt_set_dn_by_oid (gnutls_x509_crt_t crt,
242
unsigned int raw_flag,
244
unsigned int sizeof_name);
245
int gnutls_x509_crt_set_issuer_dn_by_oid (gnutls_x509_crt_t crt,
247
unsigned int raw_flag,
249
unsigned int sizeof_name);
250
int gnutls_x509_crt_set_version (gnutls_x509_crt_t crt,
251
unsigned int version);
252
int gnutls_x509_crt_set_key (gnutls_x509_crt_t crt,
253
gnutls_x509_privkey_t key);
254
int gnutls_x509_crt_set_ca_status (gnutls_x509_crt_t crt, unsigned int ca);
255
int gnutls_x509_crt_set_basic_constraints (gnutls_x509_crt_t crt,
257
int pathLenConstraint);
258
int gnutls_x509_crt_set_subject_alternative_name (gnutls_x509_crt_t crt,
259
gnutls_x509_subject_alt_name_t
261
const char *data_string);
262
int gnutls_x509_crt_sign (gnutls_x509_crt_t crt,
263
gnutls_x509_crt_t issuer,
264
gnutls_x509_privkey_t issuer_key);
265
int gnutls_x509_crt_sign2 (gnutls_x509_crt_t crt,
266
gnutls_x509_crt_t issuer,
267
gnutls_x509_privkey_t issuer_key,
268
gnutls_digest_algorithm_t, unsigned int flags);
269
int gnutls_x509_crt_set_activation_time (gnutls_x509_crt_t cert,
271
int gnutls_x509_crt_set_expiration_time (gnutls_x509_crt_t cert,
273
int gnutls_x509_crt_set_serial (gnutls_x509_crt_t cert,
274
const void *serial, size_t serial_size);
276
int gnutls_x509_crt_set_subject_key_id (gnutls_x509_crt_t cert,
277
const void *id, size_t id_size);
279
int gnutls_x509_crt_set_proxy_dn (gnutls_x509_crt_t crt,
280
gnutls_x509_crt_t eecrt,
281
unsigned int raw_flag,
283
unsigned int sizeof_name);
284
int gnutls_x509_crt_set_proxy (gnutls_x509_crt_t crt,
285
int pathLenConstraint,
286
const char *policyLanguage,
288
size_t sizeof_policy);
290
typedef enum gnutls_certificate_print_formats
292
GNUTLS_X509_CRT_FULL,
293
GNUTLS_X509_CRT_ONELINE,
294
GNUTLS_X509_CRT_UNSIGNED_FULL
295
} gnutls_certificate_print_formats_t;
297
int gnutls_x509_crt_print (gnutls_x509_crt_t cert,
298
gnutls_certificate_print_formats_t format,
299
gnutls_datum_t *out);
300
int gnutls_x509_crl_print (gnutls_x509_crl_t crl,
301
gnutls_certificate_print_formats_t format,
302
gnutls_datum_t *out);
304
/* Access to internal Certificate fields.
306
int gnutls_x509_crt_get_raw_issuer_dn (gnutls_x509_crt_t cert,
307
gnutls_datum_t * start);
308
int gnutls_x509_crt_get_raw_dn (gnutls_x509_crt_t cert,
309
gnutls_datum_t * start);
313
int gnutls_x509_rdn_get (const gnutls_datum_t * idn,
314
char *buf, size_t * sizeof_buf);
315
int gnutls_x509_rdn_get_oid (const gnutls_datum_t * idn,
316
int indx, void *buf, size_t * sizeof_buf);
318
int gnutls_x509_rdn_get_by_oid (const gnutls_datum_t * idn,
319
const char *oid, int indx,
320
unsigned int raw_flag, void *buf,
321
size_t * sizeof_buf);
323
typedef void *gnutls_x509_dn_t;
325
typedef struct gnutls_x509_ava_st {
327
gnutls_datum_t value;
328
unsigned long value_tag;
329
} gnutls_x509_ava_st;
331
int gnutls_x509_crt_get_subject (gnutls_x509_crt_t cert,
332
gnutls_x509_dn_t *dn);
333
int gnutls_x509_crt_get_issuer (gnutls_x509_crt_t cert,
334
gnutls_x509_dn_t *dn);
335
int gnutls_x509_dn_get_rdn_ava (gnutls_x509_dn_t dn, int irdn,
336
int iava, gnutls_x509_ava_st *avast);
338
/* CRL handling functions.
340
int gnutls_x509_crl_init (gnutls_x509_crl_t * crl);
341
void gnutls_x509_crl_deinit (gnutls_x509_crl_t crl);
343
int gnutls_x509_crl_import (gnutls_x509_crl_t crl,
344
const gnutls_datum_t * data,
345
gnutls_x509_crt_fmt_t format);
346
int gnutls_x509_crl_export (gnutls_x509_crl_t crl,
347
gnutls_x509_crt_fmt_t format,
348
void *output_data, size_t * output_data_size);
350
int gnutls_x509_crl_get_issuer_dn (const gnutls_x509_crl_t crl,
351
char *buf, size_t * sizeof_buf);
352
int gnutls_x509_crl_get_issuer_dn_by_oid (gnutls_x509_crl_t crl,
353
const char *oid, int indx,
354
unsigned int raw_flag,
355
void *buf, size_t * sizeof_buf);
356
int gnutls_x509_crl_get_dn_oid (gnutls_x509_crl_t crl, int indx,
357
void *oid, size_t * sizeof_oid);
359
int gnutls_x509_crl_get_signature_algorithm (gnutls_x509_crl_t crl);
360
int gnutls_x509_crl_get_signature (gnutls_x509_crl_t crl,
361
char *sig, size_t *sizeof_sig);
362
int gnutls_x509_crl_get_version (gnutls_x509_crl_t crl);
364
time_t gnutls_x509_crl_get_this_update (gnutls_x509_crl_t crl);
365
time_t gnutls_x509_crl_get_next_update (gnutls_x509_crl_t crl);
367
int gnutls_x509_crl_get_crt_count (gnutls_x509_crl_t crl);
368
int gnutls_x509_crl_get_crt_serial (gnutls_x509_crl_t crl, int indx,
369
unsigned char *serial,
370
size_t * serial_size, time_t * t);
371
#define gnutls_x509_crl_get_certificate_count gnutls_x509_crl_get_crt_count
372
#define gnutls_x509_crl_get_certificate gnutls_x509_crl_get_crt_serial
374
int gnutls_x509_crl_check_issuer (gnutls_x509_crl_t crl,
375
gnutls_x509_crt_t issuer);
379
int gnutls_x509_crl_set_version (gnutls_x509_crl_t crl,
380
unsigned int version);
381
int gnutls_x509_crl_sign (gnutls_x509_crl_t crl,
382
gnutls_x509_crt_t issuer,
383
gnutls_x509_privkey_t issuer_key);
384
int gnutls_x509_crl_sign2 (gnutls_x509_crl_t crl,
385
gnutls_x509_crt_t issuer,
386
gnutls_x509_privkey_t issuer_key,
387
gnutls_digest_algorithm_t, unsigned int flags);
388
int gnutls_x509_crl_set_this_update (gnutls_x509_crl_t crl,
390
int gnutls_x509_crl_set_next_update (gnutls_x509_crl_t crl,
392
int gnutls_x509_crl_set_crt_serial (gnutls_x509_crl_t crl,
395
time_t revocation_time);
396
int gnutls_x509_crl_set_crt (gnutls_x509_crl_t crl,
397
gnutls_x509_crt_t crt, time_t revocation_time);
400
/* PKCS7 structures handling
402
struct gnutls_pkcs7_int;
403
typedef struct gnutls_pkcs7_int *gnutls_pkcs7_t;
405
int gnutls_pkcs7_init (gnutls_pkcs7_t * pkcs7);
406
void gnutls_pkcs7_deinit (gnutls_pkcs7_t pkcs7);
407
int gnutls_pkcs7_import (gnutls_pkcs7_t pkcs7,
408
const gnutls_datum_t * data,
409
gnutls_x509_crt_fmt_t format);
410
int gnutls_pkcs7_export (gnutls_pkcs7_t pkcs7,
411
gnutls_x509_crt_fmt_t format,
412
void *output_data, size_t * output_data_size);
414
int gnutls_pkcs7_get_crt_count (gnutls_pkcs7_t pkcs7);
415
int gnutls_pkcs7_get_crt_raw (gnutls_pkcs7_t pkcs7, int indx,
416
void *certificate, size_t * certificate_size);
418
int gnutls_pkcs7_set_crt_raw (gnutls_pkcs7_t pkcs7,
419
const gnutls_datum_t * crt);
420
int gnutls_pkcs7_set_crt (gnutls_pkcs7_t pkcs7, gnutls_x509_crt_t crt);
421
int gnutls_pkcs7_delete_crt (gnutls_pkcs7_t pkcs7, int indx);
423
int gnutls_pkcs7_get_crl_raw (gnutls_pkcs7_t pkcs7,
424
int indx, void *crl, size_t * crl_size);
425
int gnutls_pkcs7_get_crl_count (gnutls_pkcs7_t pkcs7);
427
int gnutls_pkcs7_set_crl_raw (gnutls_pkcs7_t pkcs7,
428
const gnutls_datum_t * crt);
429
int gnutls_pkcs7_set_crl (gnutls_pkcs7_t pkcs7, gnutls_x509_crl_t crl);
430
int gnutls_pkcs7_delete_crl (gnutls_pkcs7_t pkcs7, int indx);
432
/* X.509 Certificate verification functions.
434
typedef enum gnutls_certificate_verify_flags
436
/* If set a signer does not have to be a certificate authority. This
437
* flag should normaly be disabled, unless you know what this means.
439
GNUTLS_VERIFY_DISABLE_CA_SIGN = 1,
441
/* Allow only trusted CA certificates that have version 1. This is
442
* safer than GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT, and should be
443
* used instead. That way only signers in your trusted list will be
444
* allowed to have certificates of version 1.
446
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT = 2,
448
/* If a certificate is not signed by anyone trusted but exists in
449
* the trusted CA list do not treat it as trusted.
451
GNUTLS_VERIFY_DO_NOT_ALLOW_SAME = 4,
453
/* Allow CA certificates that have version 1 (both root and
454
* intermediate). This might be dangerous since those haven't the
455
* basicConstraints extension. Must be used in combination with
456
* GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT.
458
GNUTLS_VERIFY_ALLOW_ANY_X509_V1_CA_CRT = 8,
460
/* Allow certificates to be signed using the broken MD2 algorithm.
462
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2 = 16,
464
/* Allow certificates to be signed using the broken MD5 algorithm.
466
GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5 = 32
467
} gnutls_certificate_verify_flags;
469
int gnutls_x509_crt_check_issuer (gnutls_x509_crt_t cert,
470
gnutls_x509_crt_t issuer);
472
int gnutls_x509_crt_list_verify (const gnutls_x509_crt_t * cert_list,
473
int cert_list_length,
474
const gnutls_x509_crt_t * CA_list,
476
const gnutls_x509_crl_t * CRL_list,
478
unsigned int flags, unsigned int *verify);
480
int gnutls_x509_crt_verify (gnutls_x509_crt_t cert,
481
const gnutls_x509_crt_t * CA_list,
482
int CA_list_length, unsigned int flags,
483
unsigned int *verify);
484
int gnutls_x509_crl_verify (gnutls_x509_crl_t crl,
485
const gnutls_x509_crt_t * CA_list,
486
int CA_list_length, unsigned int flags,
487
unsigned int *verify);
489
int gnutls_x509_crt_check_revocation (gnutls_x509_crt_t cert,
490
const gnutls_x509_crl_t *
491
crl_list, int crl_list_length);
493
int gnutls_x509_crt_get_fingerprint (gnutls_x509_crt_t cert,
494
gnutls_digest_algorithm_t algo,
495
void *buf, size_t * sizeof_buf);
497
int gnutls_x509_crt_get_key_purpose_oid (gnutls_x509_crt_t cert,
500
unsigned int *critical);
501
int gnutls_x509_crt_set_key_purpose_oid (gnutls_x509_crt_t cert,
503
unsigned int critical);
505
/* Private key handling.
508
/* Flags for the gnutls_x509_privkey_export_pkcs8() function.
510
typedef enum gnutls_pkcs_encrypt_flags_t
512
GNUTLS_PKCS_PLAIN = 1, /* if set the private key will not
515
GNUTLS_PKCS_USE_PKCS12_3DES = 2,
516
GNUTLS_PKCS_USE_PKCS12_ARCFOUR = 4,
517
GNUTLS_PKCS_USE_PKCS12_RC2_40 = 8,
518
GNUTLS_PKCS_USE_PBES2_3DES = 16
519
} gnutls_pkcs_encrypt_flags_t;
521
#define GNUTLS_PKCS8_PLAIN GNUTLS_PKCS_PLAIN
522
#define GNUTLS_PKCS8_USE_PKCS12_3DES GNUTLS_PKCS_USE_PKCS12_3DES
523
#define GNUTLS_PKCS8_USE_PKCS12_ARCFOUR GNUTLS_PKCS_USE_PKCS12_ARCFOUR
524
#define GNUTLS_PKCS8_USE_PKCS12_RC2_40 GNUTLS_PKCS_USE_PKCS12_RC2_40
526
int gnutls_x509_privkey_init (gnutls_x509_privkey_t * key);
527
void gnutls_x509_privkey_deinit (gnutls_x509_privkey_t key);
528
int gnutls_x509_privkey_cpy (gnutls_x509_privkey_t dst,
529
gnutls_x509_privkey_t src);
530
int gnutls_x509_privkey_import (gnutls_x509_privkey_t key,
531
const gnutls_datum_t * data,
532
gnutls_x509_crt_fmt_t format);
533
int gnutls_x509_privkey_import_pkcs8 (gnutls_x509_privkey_t key,
534
const gnutls_datum_t * data,
535
gnutls_x509_crt_fmt_t format,
536
const char *pass, unsigned int flags);
537
int gnutls_x509_privkey_import_rsa_raw (gnutls_x509_privkey_t key,
538
const gnutls_datum_t * m,
539
const gnutls_datum_t * e,
540
const gnutls_datum_t * d,
541
const gnutls_datum_t * p,
542
const gnutls_datum_t * q,
543
const gnutls_datum_t * u);
544
int gnutls_x509_privkey_fix (gnutls_x509_privkey_t key);
546
int gnutls_x509_privkey_export_dsa_raw (gnutls_x509_privkey_t key,
552
int gnutls_x509_privkey_import_dsa_raw (gnutls_x509_privkey_t key,
553
const gnutls_datum_t * p,
554
const gnutls_datum_t * q,
555
const gnutls_datum_t * g,
556
const gnutls_datum_t * y,
557
const gnutls_datum_t * x);
559
int gnutls_x509_privkey_get_pk_algorithm (gnutls_x509_privkey_t key);
560
int gnutls_x509_privkey_get_key_id (gnutls_x509_privkey_t key,
562
unsigned char *output_data,
563
size_t * output_data_size);
565
int gnutls_x509_privkey_generate (gnutls_x509_privkey_t key,
566
gnutls_pk_algorithm_t algo,
567
unsigned int bits, unsigned int flags);
569
int gnutls_x509_privkey_export (gnutls_x509_privkey_t key,
570
gnutls_x509_crt_fmt_t format,
572
size_t * output_data_size);
573
int gnutls_x509_privkey_export_pkcs8 (gnutls_x509_privkey_t key,
574
gnutls_x509_crt_fmt_t format,
575
const char *password,
578
size_t * output_data_size);
579
int gnutls_x509_privkey_export_rsa_raw (gnutls_x509_privkey_t key,
589
int gnutls_x509_privkey_sign_data (gnutls_x509_privkey_t key,
590
gnutls_digest_algorithm_t digest,
592
const gnutls_datum_t * data,
594
size_t * signature_size);
595
int gnutls_x509_privkey_verify_data (gnutls_x509_privkey_t key,
597
const gnutls_datum_t * data,
598
const gnutls_datum_t * signature);
599
int gnutls_x509_crt_verify_data (gnutls_x509_crt_t crt,
601
const gnutls_datum_t * data,
602
const gnutls_datum_t * signature);
604
int gnutls_x509_privkey_sign_hash (gnutls_x509_privkey_t key,
605
const gnutls_datum_t * hash,
606
gnutls_datum_t * signature);
609
/* Certificate request stuff.
611
struct gnutls_x509_crq_int;
612
typedef struct gnutls_x509_crq_int *gnutls_x509_crq_t;
614
int gnutls_x509_crq_init (gnutls_x509_crq_t * crq);
615
void gnutls_x509_crq_deinit (gnutls_x509_crq_t crq);
616
int gnutls_x509_crq_import (gnutls_x509_crq_t crq,
617
const gnutls_datum_t * data,
618
gnutls_x509_crt_fmt_t format);
619
int gnutls_x509_crq_get_pk_algorithm (gnutls_x509_crq_t crq,
621
int gnutls_x509_crq_get_dn (gnutls_x509_crq_t crq, char *buf,
622
size_t * sizeof_buf);
623
int gnutls_x509_crq_get_dn_oid (gnutls_x509_crq_t crq, int indx,
624
void *oid, size_t * sizeof_oid);
625
int gnutls_x509_crq_get_dn_by_oid (gnutls_x509_crq_t crq,
626
const char *oid, int indx,
627
unsigned int raw_flag, void *buf,
628
size_t * sizeof_buf);
629
int gnutls_x509_crq_set_dn_by_oid (gnutls_x509_crq_t crq,
631
unsigned int raw_flag,
633
unsigned int sizeof_name);
634
int gnutls_x509_crq_set_version (gnutls_x509_crq_t crq,
635
unsigned int version);
636
int gnutls_x509_crq_set_key (gnutls_x509_crq_t crq,
637
gnutls_x509_privkey_t key);
638
int gnutls_x509_crq_sign2 (gnutls_x509_crq_t crq,
639
gnutls_x509_privkey_t key,
640
gnutls_digest_algorithm_t, unsigned int flags);
641
int gnutls_x509_crq_sign (gnutls_x509_crq_t crq, gnutls_x509_privkey_t key);
643
int gnutls_x509_crq_set_challenge_password (gnutls_x509_crq_t crq,
645
int gnutls_x509_crq_get_challenge_password (gnutls_x509_crq_t crq,
647
size_t * sizeof_pass);
649
int gnutls_x509_crq_set_attribute_by_oid (gnutls_x509_crq_t crq,
650
const char *oid, void *buf,
652
int gnutls_x509_crq_get_attribute_by_oid (gnutls_x509_crq_t crq,
653
const char *oid, int indx,
654
void *buf, size_t * sizeof_buf);
656
int gnutls_x509_crq_export (gnutls_x509_crq_t crq,
657
gnutls_x509_crt_fmt_t format,
658
void *output_data, size_t * output_data_size);
660
int gnutls_x509_crt_set_crq (gnutls_x509_crt_t crt, gnutls_x509_crq_t crq);
667
#endif /* GNUTLS_X509_H */