RetroShare/libretroshare/src/pqi/sslfns.h

142 lines
5.7 KiB
C++

#ifndef RS_PQI_SSL_HELPER_H
#define RS_PQI_SSL_HELPER_H
/*
* libretroshare/src/pqi: sslfns.cc
*
* 3P/PQI network interface for RetroShare.
*
* Copyright 2004-2008 by Robert Fernie.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License Version 2 as published by the Free Software Foundation.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA.
*
* Please report all bugs and problems to "retroshare@lunamutt.com".
*
*/
/* Functions in this file are SSL only,
* and have no dependence on SSLRoot() etc.
* might need SSL_Init() to be called - thats it!
*/
/******************** notify of new Cert **************************/
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <inttypes.h>
#include <retroshare/rstypes.h>
#include <string>
/****
* #define AUTHSSL_DEBUG 1
***/
/********************************************************************************/
/********************************************************************************/
/********************************************************************************/
// IF we are compiling against ssl0.9.7 - these functions don't exist.
#if (OPENSSL_VERSION_NUMBER & 0xfffff000) < 0x00908000
#define SSLFNS_ADD_CIPHER_CTX_RAND_KEY 1
#endif
#if defined(SSLFNS_ADD_CIPHER_CTX_RAND_KEY)
int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key);
#endif
// Certificates serial number is used to store the protocol version for the handshake. (*) means current version.
//
// 06_0000: < Nov.2017.
// * 06_0001: > Nov 2017. SSL id is computed by hashing the entire signature of the cert instead of simply picking up the last bytes.
// 07_0001: Signatures are performed using SHA256+RSA instead of SHA1+RSA
static const uint32_t RS_CERTIFICATE_VERSION_NUMBER_06_0000 = 0x00060000 ; // means version RS-0.6, certificate version 0. Default version before patch.
static const uint32_t RS_CERTIFICATE_VERSION_NUMBER_06_0001 = 0x00060001 ; // means version RS-0.6, certificate version 1.
static const uint32_t RS_CERTIFICATE_VERSION_NUMBER_07_0001 = 0x00070001 ; // means version RS-0.7, certificate version 1.
X509_REQ *GenerateX509Req(
std::string pkey_file, std::string passwd,
std::string name, std::string email, std::string org,
std::string loc, std::string state, std::string country,
int nbits_in, std::string &errString);
X509 *SignX509Certificate(X509_NAME *issuer, EVP_PKEY *privkey, X509_REQ *req, long days);
/********************************************************************************/
/********************************************************************************/
/********************************************************************************/
/********************************************************************************/
/********************************************************************************/
/* Sign / Encrypt / Verify Data */
bool SSL_SignDataBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int *signlen, EVP_PKEY *pkey);
bool SSL_VerifySignBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int signlen, X509 *cert);
bool SSL_VerifySignBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int signlen, EVP_PKEY *peerkey);
/********************************************************************************/
/********************************************************************************/
/********************************************************************************/
/********************************************************************************/
/********************************************************************************/
X509 *loadX509FromPEM(std::string pem);
std::string saveX509ToPEM(X509* x509);
X509 *loadX509FromDER(const uint8_t *ptr, uint32_t len);
bool saveX509ToDER(X509 *x509, uint8_t **ptr, uint32_t *len);
bool getX509id(X509 *x509, RsPeerId &xid);
/********************************************************************************/
/********************************************************************************/
/********************************************************************************/
/********************************************************************************/
/********************************************************************************/
int pem_passwd_cb(char *buf, int size, int rwflag, void *password);
bool CheckX509Certificate(X509 *x509);
// Not dependent on sslroot. load, and detroys the X509 memory.
int LoadCheckX509(const char *cert_file, RsPgpId& issuer, std::string &location, RsPeerId& userId);
std::string getX509NameString(X509_NAME *name);
std::string getX509CNString(X509_NAME *name);
std::string getX509TypeString(X509_NAME *name, const char *type, int len);
std::string getX509LocString(X509_NAME *name);
std::string getX509OrgString(X509_NAME *name);
std::string getX509CountryString(X509_NAME *name);
std::string getX509Info(X509 *cert);
uint64_t getX509SerialNumber(X509 *cert);
uint32_t getX509RetroshareCertificateVersion(X509 *cert) ;
/********** SSL ERROR STUFF ******************************************/
int printSSLError(SSL *ssl, int retval, int err, unsigned long err2, std::string &out);
#endif /* RS_PQI_SSL_HELPER_H */