tc.h

PGP—Pretty Good Privacy

    const TC_CERT *cert,
    TC_CONTEXT *);

int tc_crlExtensionList(
    TC_ExtensionList **extList,
    const TC_CertificateList *crl,
    TC_CONTEXT *);

int tc_crlEntryExtList(
    TC_ExtensionList **extList,
    const TC_CertificateList *crl,
    TC_SerialNumber *serialNumber,
    TC_CONTEXT *);

/* ----- Basic Constraints defns for application program usage ----- */

typedef struct tc_basic_constraint_
{
  boolean cA;
  int pathLength;
} TC_BASIC_CONSTRAINT;

#define TC_PATH_LENGTH_UNDEFINED -1

/* ----- Key Usage definitions for application program usage ----- */

#define TC_DIGITAL_SIGNATURE   PKIKeyUsage_digitalSignature
#define TC_NON_REPUDIATION     PKIKeyUsage_nonRepudiation
#define TC_KEY_ENCIPHERMENT    PKIKeyUsage_keyEncipherment
#define TC_DATA_ENCIPHERMENT   PKIKeyUsage_dataEncipherment
#define TC_KEY_AGREEMENT       PKIKeyUsage_keyAgreement
#define TC_KEY_CERT_SIGN       PKIKeyUsage_keyCertSign
#define TC_CRL_SIGN            PKIKeyUsage_cRLSign
#define TC_ENCIPHER_ONLY       PKIKeyUsage_encipherOnly
#define TC_DECIPHER_ONLY       PKIKeyUsage_decipherOnly

/* ----- Subject & Issuer Alternative Name  ----- */

typedef struct _gen_name_ {
    void   *name;    /* actual data depends on values used for nameType */
    size_t nameLen;
    int    nameType; /* one of below */
} TC_GEN_NAME_T;

#define TC_rfc822Name    1
#define TC_dNSName       2
#define TC_directoryName 3
#define TC_uniformResourceIdentifier 4
#define TC_iPAddress     5
#define TC_registeredID  6

typedef struct _gen_name_list_ {
    TC_GEN_NAME_T *names[PKIMAX_GeneralNames];   /* list of names */
    int           numberOfNames;
} TC_GEN_NAMES_LIST_T;

int tc_free_gennamelist(TC_GEN_NAMES_LIST_T *, TC_CONTEXT *);
void tc_free_genname(TC_GEN_NAME_T *, TC_CONTEXT *);

/* ----- Authority Key Identifier definitions for application
         program usage ----- */
typedef struct tc_authority_key_identifier_t
{
    unsigned char	    *keyIdentifier;
    size_t		     keyIdentifier_len;
    TC_GEN_NAMES_LIST_T	    *authorityCertIssuer;
    unsigned char	    *authorityCertSerialNumber;
    size_t		     authorityCertSerialNumber_len;
} TC_AUTHORITY_KEY_IDENTIFIER_T;

typedef TC_OCTET_STRING TC_SUBJECT_KEY_IDENTIFIER_T;

/* ----- PrivateKeyUsagePeriod ----- */

typedef struct tc_private_key_usage_period_t
{
	time_t notBefore;
	time_t notAfter;
} TC_PRIVATE_KEY_USAGE_PERIOD_T;

/* ----- CertificatePolicies ----- */

typedef enum
{
	TC_POLICY_QUALIFIER_ID_CPS,
	TC_POLICY_QUALIFIER_ID_UNOTICE
} TC_POLICY_QUALIFIER_ID_T;

typedef struct tc_notice_reference_t
{
	char *organization;
	int numNoticeNumbers;
	int *noticeNumber[PKIMAX_noticeNumbers_SEQ_OF];
} TC_NOTICE_REFERENCE_T;

typedef struct tc_user_notice_t
{
	TC_NOTICE_REFERENCE_T *noticeRef; /* optional */
	unsigned char *explicitText; /* optional */
} TC_USER_NOTICE_T;

typedef struct tc_policy_qualifier_info_t
{
	TC_POLICY_QUALIFIER_ID_T type;
	/* if type==TC_POLICY_QUALIFIER_ID_CPS, then qualifier points to a "char *"
	   string containing the URI of the policy.
	   if type==TC_POLICY_QUALIFIER_ID_UNOTICE, then qualifier points to a
	   "TC_USER_NOTICE_T *" as described above. */
	void *qualifier;
} TC_POLICY_QUALIFIER_INFO_T;

typedef struct tc_policy_information_t
{
	unsigned char *policyOid;
	size_t policyOidLen;
	int numQualifiers;
	TC_POLICY_QUALIFIER_INFO_T *qualifier[PKIMAX_policyQualifiers_SEQ_OF];
} TC_POLICY_INFORMATION_T;

typedef struct tc_certificate_policies_t
{
	int numPolicies;
	TC_POLICY_INFORMATION_T *policy[PKIMAX_CertificatePolicies];
} TC_CERTIFICATE_POLICIES_T;

/* ----- PolicyMappings ----- */

typedef struct tc_policy_mapping_t
{
	unsigned char *issuerDomainPolicyOid;
	size_t issuerDomainPolicyOidLen;
	unsigned char *subjectDomainPolicyOid;
	size_t subjectDomainPolicyOidLen;
} TC_POLICY_MAPPING_T;

typedef struct tc_policy_mappings_t
{
	int numPolicyMappings;
	TC_POLICY_MAPPING_T *policyMapping[PKIMAX_PolicyMappings];
} TC_POLICY_MAPPINGS_T;

/* ----- SubjectDirectoryAttributes ----- */

typedef struct tc_attribute_t
{
	unsigned char *oid;
	size_t oidsize;

	int numValues;
	unsigned char *val[PKIMAX_values_SET_OF];
	size_t valsize[PKIMAX_values_SET_OF];
} TC_ATTRIBUTE_T;

typedef struct tc_subject_directory_attributes_t
{
	int numAttributes;
	TC_ATTRIBUTE_T *attribute[PKIMAX_SubjectDirectoryAttributes];
} TC_SUBJECT_DIRECTORY_ATTRIBUTES_T;

/* ----- NameConstraints ----- */

typedef struct tc_general_subtress_t
{
	int numSubtrees;
	TC_GEN_NAME_T *base[PKIMAX_GeneralSubtrees];

	/* RFC2459 sec 4.2.1.11 specifies that the following fields should not
	   be used for certificates in the PKIX profile.  As such, information in
	   them is ignored when creating certificate extensions. */
	int minimum[PKIMAX_GeneralSubtrees];
	int maximum[PKIMAX_GeneralSubtrees];
} TC_GENERAL_SUBTREES_T;

typedef struct tc_name_constraints_t
{
	TC_GENERAL_SUBTREES_T *permit;
	TC_GENERAL_SUBTREES_T *deny;
} TC_NAME_CONSTRAINTS_T;
 
void tc_FreeNameConstraints (TC_CONTEXT *, TC_NAME_CONSTRAINTS_T *);

/* ----- PolicyConstraints ----- */

typedef struct tc_policy_constraints_t
{
	/* One of `require' and `inhibit' is required to be set (RFC2459
	   sect. 4.2.1.12).

	   Since 0 is a valid value, a value of -1 is used to indicate the field
	   is not set. */

	int require; /* optional */
	int inhibit; /* optional */
} TC_POLICY_CONSTRAINTS_T;

/* ----- ExtKeyUsageSyntax ----- */

typedef enum
{
	TC_KEY_PURPOSE_ID_UNKNOWN,

	/*these are the currently defined key purpose OIDs defined in RFC2459*/
	TC_KEY_PURPOSE_ID_SERVER_AUTH,
	TC_KEY_PURPOSE_ID_CLIENT_AUTH,
	TC_KEY_PURPOSE_ID_CODE_SIGNING,
	TC_KEY_PURPOSE_ID_EMAIL_PROTECTION,
	TC_KEY_PURPOSE_ID_TIME_STAMPING
} TC_KEY_PURPOSE_ID_T;

typedef struct tc_ext_key_usage_syntax_t
{
	int numPurposes;
	TC_KEY_PURPOSE_ID_T purpose[PKIMAX_ExtKeyUsageSyntax];
} TC_EXT_KEY_USAGE_SYNTAX_T;

/* ----- cRLDistributionPoints ----- */

#define TC_REASON_UNUSED PKIReasonFlags_unused
#define TC_REASON_KEY_COMPROMISE PKIReasonFlags_keyCompromise
#define TC_REASON_CA_COMPROMISE PKIReasonFlags_cACompromise
#define TC_REASON_AFFILIATION_CHANGED PKIReasonFlags_affiliationChanged
#define TC_REASON_SUPERSEDED PKIReasonFlags_superseded
#define TC_REASON_CESSATION_OF_OPERATION PKIReasonFlags_cessationOfOperation
#define TC_REASON_CERTIFICATE_HOLD PKIReasonFlags_certificateHold

typedef enum
{
	TC_DISTRIBUTION_POINT_NAME_TYPE_GEN_NAMES,
	TC_DISTRIBUTION_POINT_NAME_TYPE_RDN
} TC_DISTRIBUTION_POINT_NAME_TYPE_T;

typedef struct
{
	TC_DISTRIBUTION_POINT_NAME_TYPE_T type;
	void *name;/* either TC_GEN_NAMES_LIST_T or char*,depending
				 on `type'*/
} TC_DISTRIBUTION_POINT_NAME_T;

typedef struct tc_distribution_point_t
{
	TC_DISTRIBUTION_POINT_NAME_T *name;/*optional*/
	int reasonFlags; /*optional*/
	TC_GEN_NAMES_LIST_T *issuer;/*optional*/
} TC_DISTRIBUTION_POINT_T;

typedef struct tc_crl_dist_points_t
{
	int numDistPoints;
	TC_DISTRIBUTION_POINT_T *distPoint[PKIMAX_CRLDistPointsSyntax];
} TC_CRL_DISTRIBUTION_POINTS_T;

void tc_FreeDistributionPointName(TC_DISTRIBUTION_POINT_NAME_T *,
								  TC_CONTEXT *);

void tc_FreeCRLDistributionPoints (TC_CRL_DISTRIBUTION_POINTS_T *,
								   TC_CONTEXT *);

/* ----- AuthorityInfoAccess ----- */

typedef struct tc_access_description_t
{
	/* OID describing the access type */
	unsigned char *method;
	size_t methodsize;

	/* URI specifying the description of the access method */
	TC_GEN_NAME_T *location;
} TC_ACCESS_DESCRIPTION_T;

typedef struct tc_authority_info_access_t
{
	int numDescrips;
	TC_ACCESS_DESCRIPTION_T *descrip[PKIMAX_AuthorityInfoAccessSyntax];
} TC_AUTHORITY_INFO_ACCESS_T;

void tc_FreeAuthorityInfoAccess (TC_CONTEXT *ctx,
								 TC_AUTHORITY_INFO_ACCESS_T *info);

/* -----
   CRL Extensions
   ----- */

/* ----- IssuingDistributionPoint ----- */

typedef struct
{
	TC_DISTRIBUTION_POINT_NAME_T *name;/*optional*/
	boolean onlyContainsUserCerts;/*default false*/
	boolean onlyContainsCACerts;/*default false*/
	int onlySomeReasons; /*optional,bitmask of ReasonFlags as described above*/
	boolean indirectCRL;/*default false*/
} TC_ISSUING_DISTRIBUTION_POINT_T;

void tc_FreeIssuingDistributionPoint (TC_ISSUING_DISTRIBUTION_POINT_T *,
									  TC_CONTEXT *);

/* -----
   CRL Entry Extensions
   ----- */

/* ----- cRLReason ----- */

typedef enum
{
	TC_CRL_REASON_UNSPECIFIED,
	TC_CRL_REASON_KEY_COMPROMISE,
	TC_CRL_REASON_CA_COMPROMISE,
	TC_CRL_REASON_AFFLICATION_CHANGED,
	TC_CRL_REASON_SUPERSEDED,
	TC_CRL_REASON_CESSATION_OF_OPERATION,
	TC_CRL_REASON_CERTIFICATE_HOLD,
	TC_CRL_REASON_REMOVE_FROM_CRL
} TC_CRL_REASON_T;

/* ----- holdInstructionCode ----- */

typedef enum
{
	TC_HOLD_INSTRUCTION_NONE,
	TC_HOLD_INSTRUCTION_CALL_ISSUER,
	TC_HOLD_INSTRUCTION_REJECT
} TC_HOLD_INSTRUCTION_T;

/* 
-----
certificates
----- 
*/
int tc_unpack_cert (TC_CERT **cert,
		    unsigned char *,	/* DER encoded cert */
		    const size_t,
		    TC_CONTEXT *ctx);	

int tc_pack_cert (unsigned char **, 
		size_t *, 
		TC_CERT *,
		  TC_CONTEXT *ctx);

int tc_read_cert(TC_CERT **cert, 
		const char *fname,
		 TC_CONTEXT *ctx);

int tc_write_cert(TC_CERT *cert, 
		  const char *fname,
		  TC_CONTEXT *ctx);

int tc_create_cert (TC_CERT **cert,
		    int version,
		    unsigned char *serial,
		    size_t serialLen,
		    const unsigned char *sigoid,
		    size_t sigoidlen,
		    const unsigned char *sigparm,
		    size_t sigparmlen,
		    TC_Name *issuerName,
		    time_t notBefore,
		    time_t notAfter,
		    TC_Name *subjectName,
		    TC_ExtensionList *extensions,
		    const unsigned char *keyoid,
		    size_t keyoidlen,
		    const unsigned char *pubkey,
		    size_t pubkeylen,
		    const unsigned char *keyparm,
		    size_t keyparmlen,
		    TC_CONTEXT *ctx);

void tc_free_cert (TC_CERT *, TC_CONTEXT *);

int tc_validate_cert (TC_CERT *,		/* certificate to verify */
		      int flags,
		      TC_CONTEXT *ctx);

int tc_validate_path (TC_CERT *eecert,
					  TC_CertificatePolicies *initialPolicies,
					  time_t when,
					  int flags,
					  TC_CONTEXT *ctx);