tc.h

vc环境下的pgp源码

/****************************************************************************
 *
 * Copyright (c) 1998, Network Associates, Inc. and its affiliated Companies
 *
 ****************************************************************************/

#ifndef _tc_h_
#define _tc_h_

#if PGP_MACINTOSH
#include <unix.h>
#else
#include <sys/types.h>
#endif
#include <stdlib.h>

#include "cert_asn.h"
#include "cert_oid.h"

/* ----- X.509 Certificate Version Numbers ----- */

#define TC_X509_VERSION_1    0
#define TC_X509_VERSION_2    1
#define TC_X509_VERSION_3    2

/* true and false */
#define TC_TRUE PKITRUE
#define TC_FALSE PKIFALSE

/* ----- CMS Error Messages ----- */

#define TC_E_INVARGS	-1	/* invalid arguments to function */
#define TC_E_PARSE	-2	/* error parsing block of data */
#define TC_E_NOMEMORY	-3      /* ran out of memory */
#define TC_E_NOISSUER	-4	/* could not find issuer cert */
#define TC_E_INVSIG	-5	/* signature is invalid */
#define TC_E_INVDATE	-6      /* current time is not withing validity date */
#define TC_E_EXTENSION	-7	/* error while handling extension */
#define TC_E_FILE	-8	/* error reading/writing to a file */
#define TC_E_CRITICAL	-9	/* unhandled critical extension */
#define TC_E_DNAMEPARSE -10	/* error parsing distinguished name string */
#define TC_E_NOTFOUND	-11	/* certificate not found */
#define TC_E_INVSUBJ	-12	/* alt-subject not critical, and no subject */
#define TC_E_INVISSU	-13	/* alt-issuer not critical, and no issuer */
#define TC_E_CERTREVOKED -14	/* certificate is revoked by issuer */
#define TC_E_NOCRL	-15	/* issuer CRL is not present */
#define TC_E_PQG	-16	/* unable to find PQG values for key */
#define TC_E_NOSERIAL   -17	/* could not find serial number in cert */
#define TC_E_SIGNFAIL	-18	/* could not sign the provided data */
#define TC_E_NOTASCII  -19	/* processed Name data is not ascii */
#define TC_E_INVDATECRL -20     /* CRL's nextDate past "now" */
#define TC_E_OTHER	-21     /* other error we can't classify */
#define TC_E_EXTNOTSUPPORTED -22 /* extension not currently supported */
#define TC_E_NAMETOOLONG -23    /* too many components in string dname */
#define TC_E_BADNUMERICSTRING -24 /* disallowed chars in string */
#define TC_E_BADPRINTABLESTRING -25 /* disallowed chars in string */
#define TC_E_BADDNAMESTRINGTYPE -26 /* string type not allowed in AVA */
#define TC_E_INVALIDPERIOD -27 /* notBefore and notAfter must not both be
								  missing in privateKeyUsagePeriod */
#define TC_E_COPYNOTSUPPORTED -28 /* GeneralName contains subtype not
									 supported by CMS */
#define TC_E_COMPARENOTSUPPORTED -29 /* GeneralName conaints subtype not
										supported by CMS */
#define TC_E_INVALIDCRL -30 /* bad crl */
#define TC_E_NOTV2CRL -31 /* CRL is not V2 */
#define TC_E_MISSINGNEXTUPDATE -32 /* CRL is missing nextUpdate field */
#define TC_E_MISSINGAUTHKEYIDEXT -33 /* crl is missing AuthorityKeyIdentifier
										extension */
#define TC_E_MISSINGCRLNUMBEREXT -34 /* crl is missing cRLNumber extension */
#define TC_E_WRONGCRL -35 /* crl issuer and cert issuer don't match */
#define TC_E_INVALIDURI -36 /* GeneralName containts invalue URI value */
#define TC_E_INVALIDIPCONSTRAINT -36 /* malformed iPAddress constraint */
#define TC_E_WRONGNAMETYPE -37 /* GeneralName type does not match
								  GeneralSubtree base type */
#define TC_E_NAMETYPEUNSUPPORTED -38 /* not supported */
#define TC_E_CONSTRAINTFAIL -39 /* name constraints were not satisfied */
#define TC_E_MISSINGPOLICY -40 /* certificate is missing required policy
								  extension */
#define TC_E_INVALIDPOLICY -41 /* policy doesn't match acceptable use */
#define TC_E_NOTCA -42 /* certificate is not a CA */
#define TC_E_NOTSIGNINGKEY -43 /* CA key does not have keyCertSign bit set
								  in its keyUsage extension */
#define TC_E_PATHCONSTRAINT -44 /* certificate path length is longer than
								   constraint set by CAs */
#define TC_E_POLICYMAPPED -45 /* policy mapping illegal due to CA constraint */
#define TC_E_POLICYMISMATCH -46 /* initial policies and acceptable policies
								   do not overlap */

#define tc_strerror(n) TC_errlist[-(n+1)]

/* error definitions for the PKIX compliance checking routines */
#define TC_E_SigAlgSignatureMismatch (-5000)
#define TC_E_VersionShouldBe3        (-5001)
#define TC_E_VersionShouldBe2        (-5002)
#define TC_E_VersionShouldBeNULL     (-5003)
#define TC_E_EmptyIssuerName         (-5004)
#define TC_E_ValidityNotUTCTime      (-5005)
#define TC_E_CantHandleCurrentTimeValue (-5006)
#define TC_E_IssuerSubjectNotSameInRootCert (-5007)
#define TC_E_RSAParametersMissing    (-5008)
#define TC_E_RSAParametersNotASN1NULL (-5009)
#define TC_E_DSAParametersArePresent (-5010)
#define TC_E_IssuerUniqueIDPresent   (-5011)
#define TC_E_SubjectUniqueIDPresent  (-5012)
#define TC_E_DuplicateExtensionEntry (-5013)
#define TC_E_KeyUsageNotMarkedCritical (-5014)
#define TC_E_DontUsePrivateKeyUsage  (-5015)
#define TC_E_PolicyMappingMarkedCritical (-5016)
#define TC_E_IssuerAltNameMarkedCritical (-5017)
#define TC_E_SubjectDirAttrMarkedCritical (-5018)
#define TC_E_BasicConstraintsMarkedCritical (-5019)
#define TC_E_NonCACertWithNameConstraints (-5020)
#define TC_E_NameConstraintsNotMarkedCritical (-5021)
#define TC_E_PolicyConstraintsMarkedCritical (-5022)
#define TC_E_UnknownExtensionMarkedCritical (-5023)
#define TC_E_EECertWithBasicConstraints (-5024)
#define TC_E_SubjectKeyIDMarkedCritical (-5025)
#define TC_E_AuthKeyIDMarkedCritical (-5026)


/***** Memory Mgmt callbacks *****/

/* we are going to use the same memory mgmt. prototypes and structure
   as used for the compiler.  See cert_util.h for the details. */

typedef PKIMemoryMgr TC_MemoryMgr;  

typedef PKIMemoryMgrAllocationProc TC_MemoryMgrAllocationProc;

typedef PKIMemoryMgrReallocationProc TC_MemoryMgrReallocationProc;

typedef PKIMemoryMgrDeallocationProc TC_MemoryMgrDeallocationProc;

#define TC_Alloc(mgr, size) (*(mgr)->allocProc)(mgr, size)
#define TC_Realloc(mgr, ptr, newsize) \
              (*(mgr)->reallocProc)(mgr, ptr, newsize)
#define TC_Free(mgr, ptr) (*(mgr)->deallocProc)(mgr, ptr)


/* rename the compiler generated stuff to isolate its name
   from user */
typedef PKIXCertificate TC_XCertificate;
typedef PKITBSCertificate TC_TBSCertificate;
typedef PKIExtension TC_Extension;
typedef PKIExtensions TC_ExtensionList;
typedef PKIAlgorithmIdentifier TC_AlgorithmIdentifier;
typedef PKIBIT_STRING TC_BIT_STRING;
typedef PKISubjectPublicKeyInfo TC_SubjectPublicKeyInfo;
typedef PKIName TC_Name;
typedef PKIINTEGER TC_INTEGER;
typedef PKIAttributes TC_Attributes;
typedef PKICertificate TC_Certificate;
typedef PKICertificationRequest TC_CertificationRequest;
typedef PKICertificateList TC_CertificateList;
typedef PKIUTCTime TC_UTCTime;
typedef PKIGeneralizedTime TC_GeneralizedTime;
typedef PKITime TC_Time;
typedef PKIValidity TC_Validity;
typedef PKICertificateSerialNumber TC_SerialNumber;
typedef PKIRevokedCertificate TC_RevokedCertificate;
typedef PKICertificatePolicies TC_CertificatePolicies;
typedef PKIOCTET_STRING TC_OCTET_STRING;

enum
{
  TC_EXTRACT_SUBJECT,
  TC_EXTRACT_ISSUER,
  TC_EXTRACT_CRLISSUER,
  TC_EXTRACT_REQ_NAME
};

#define TC_NAME_LEN 3

#define TC_F_ERRNOCRL	0x01	/* generate error if issuer CRL is missing */
#define TC_F_NOERRDATE	0x02	/* don't generate error on invalid date */
#define TC_F_ENFCRLDATE 0x04    /* generate error if CRL nextUpdate past */
#define TC_F_PKIX		0x08	/* enable strict PKIX compliance checks */

typedef struct list_t
{
  void *data;
  struct list_t *next;
} TC_LIST;

typedef struct cert_t
{
  TC_XCertificate	*cert;
  TC_TBSCertificate	*tbsCertificate;
  TC_Certificate        *asnCertificate;
} TC_CERT;


typedef struct tc_ava_entry_t TC_AVA_ENTRY;
typedef struct tc_context_t TC_CONTEXT;

/*****
 *
 * prototype for user supplied handler functions
 *
 * ext - the extension to check
 * cert - void pointer to the cert or CRL containing the extension
 * ctx - a CMS context
 *
 *****/
typedef int tc_handler_t (TC_Extension *ext,
			  void *cert,
			  TC_CONTEXT *ctx);

/*****
*
* prototype for user supplied callback function to verify a signature
*
* block		- data to verify
* blockLen	- length of data to verify
* sigalg	- the signature algorithm (hash + enc), from the signed
*                 entity
* algLen        - length of alg
* param         - DER block of parameters from issuer cert, if any
* paramLen      - length of param
* signature	- the signature from certificate/request
* sigLen        - length of signature
* pubkey        - the public key of the signer
* pubkeyLen     - length of pubkey
* signingCert   - the signer's certificate, if available
* verData       - verification data registered into context
* ctx           - the CMS context value provided to the calling CMS routine
*
*****/
typedef int tc_verify_t (unsigned char *block,
			 size_t blockLen,
			 unsigned char *sigalg,
			 size_t algLen,
			 unsigned char *params,
			 size_t paramLen,
			 unsigned char *signature,
			 size_t sigLen,
			 unsigned char *pubkey,
			 size_t pubkeyLen,
			 TC_CERT *issuer,
			 void *verData,
			 TC_CONTEXT *ctx);

/*****
*
* prototype for signing call-back function
*
* sig		- the returned signature
* sigLen	- length of sig
* block		- the block of data (eg., cert) to sign
* blockLen	- length of block
* alg           - the signature algorithm (hash + enc), supplied by the user
* algLen        - length of alg
* sigData	- signing data registered into context
* ctx           - the CMS context value provided to the calling CMS routine
*
*****/
typedef int tc_sign_t	(unsigned char **sig,
			 size_t *sigLen,
			 unsigned char *block,
			 size_t blockLen,
			 const unsigned char *alg,
			 size_t algLen,
			 void *sigData,
			 TC_CONTEXT *ctx);

/* TODO: hide this structure from the user...*/
/*****
*
* context structure
*
* memMgr        - the memory mgmt callbacks provided by the user
* certasnctx    - the context for the ASN.1 generated code
* roots		- list of parent certificates 
* handlers	- list of handlers for X.509v3 extensions
* crl		- list of certificate revocations lists
* avaList       - a list of ava OID and default ASN type definitions
* verify	- call-back function to perform a sig. check on cert.
* sign		- call-back function to sign a cert., request, or crl
* sigfuncdata	- a pointer to data used by sign function
* verfuncdata	- a pointer to data used by verify function
*
*****/
struct tc_context_t
{
  TC_MemoryMgr *memMgr;
  PKICONTEXT *certasnctx;
  TC_LIST *roots;
  TC_LIST *handlers;
  TC_LIST *crl;
  TC_AVA_ENTRY *avaList;
  tc_verify_t *verify;
  tc_sign_t *sign;
  void *sigfuncdata;
  void *verfuncdata;
};


/************************************
 * Library Functions
 ************************************/

/* 
-----
context
----- 
*/
int tc_init_context (TC_CONTEXT **context,
		     TC_MemoryMgr *memMgr,
		     tc_sign_t *signFunc, 
		     void *signFuncData, 
		     tc_verify_t *verifyFunc,
		     void *verifyFuncData);

int tc_free_context (TC_CONTEXT *);

int tc_change_ava_entry(
        unsigned char *oid,
        size_t oidlen,
        int newASNType,
        TC_CONTEXT *context);

int tc_add_avatype(
        unsigned char *oid,
        size_t oidlen,
        const char *printableAttrName,
        int asnType,
        TC_CONTEXT *context);

/* 
-----
extensions
----- 
*/

#ifndef boolean
#define boolean unsigned int
#endif

int tc_setextval(TC_ExtensionList *ext, 
	     const unsigned char *oid, 
	     size_t oidlen,
	     int criticality,
	     const void *value,
	     TC_CONTEXT *);

int tc_getextval(void **value,
		 boolean *criticality,
		 const unsigned char *oid, 
		 size_t oidlen,
		 const TC_ExtensionList *extlist,
		 TC_CONTEXT *);

int tc_create_extlist(TC_ExtensionList **, TC_CONTEXT *);

void tc_free_extlist(TC_ExtensionList *, TC_CONTEXT *);

/* allow the user to specify callback functions for specific extensions */
int tc_register_handler (const unsigned char *,	/* OID of extension */
			 size_t,		/* len of OID */
			 tc_handler_t *,	/* function to handle data */
			 TC_CONTEXT *);

int tc_add_extension (TC_ExtensionList *exts, 
		const unsigned char *oid, 
		size_t oidlen,
		int critical, 
		unsigned char *der, 
		size_t derlen,
		TC_CONTEXT *);

int tc_find_extension (TC_Extension **ext,
		const TC_ExtensionList *extList, /* array of exts from cert/crl */
		const unsigned char *,	/* type to look for */
		size_t,
		TC_CONTEXT *);		/* len of type */

int tc_certExtensionList(
    TC_ExtensionList **extList,