ITU X.509/RFC 3281 Attribute Certificate Toolkit for OpenSSL Daniel Díaz-Sánchez http://www.it.uc3m.es/dds Universidad Carlos III de Madrid dds it.uc3m.es Andrés Marín López http://www.it.uc3m.es/amarin Universidad Carlos III de Madrid amarin it.uc3m.es Florina Almenarez http://www.it.uc3m.es/florina Universidad Carlos III de Madrid florina it.uc3m.es 09/10/2006 Released v.0.1 <par id="0">This source code provides a toolkit to issue attribute certificates as defined in ITU X.509 Recommendation and RFC3281</par> <par id="1">The library has been tested with OpenSSL 0.9.8a and some earlier versions and it works. The Zip files of section Downloads contains also a test program that demonstrates the library. </par> <par id="2">Note that this is a BETA version and any help and collaboration is welcomed. Thanks to OpenSSL people for the answers in the mailing list.</par> <par id="3">Now we are working on a Privilege verifier that will be available soon!</par> </plainText> <htmlText></htmlText> </overView> <license> <plainText> <par id="0">Please read OpenSSL license.</par> </plainText> <htmlText></htmlText> </license> <documentation> <plainText> <par id="0">The code has been developed under Windows using Visual Studio 2005. But it can be used in Linux also.</par> </plainText> <htmlText></htmlText> <apiDesc> <functionSet id="0"> <functionSetName>Functions to get information</functionSetName> <function id="0"> <functionDeclaration>#define PEM_read_X509AC(fp,x,cb,u) (X509AC *)PEM_ASN1_read( \ (char *(*)())d2i_X509AC,PEM_STRING_X509AC,fp,(char **)x,cb,u)</functionDeclaration> <functionDescription>Reads an attribute certificate in PEM format from a file pointer.</functionDescription> </function> <function id="1"> <functionDeclaration>X509AC_ISSUER_SERIAL* X509_get_basecertID(X509 *x)</functionDeclaration> <functionDescription>Takes a X509 certificate and extracts the X509AC_ISSUER_SERIAL structure (or base cert ID)</functionDescription> </function> <function id="2"> <functionDeclaration>X509_NAME *X509AC_get_issuer_name(X509AC *a)</functionDeclaration> <functionDescription>Obtains the X509_NAME of the issuer placed in a-info-&gt;issuer-&gt;d.v1Form when the attribute certificate is version 1, and from a-&gt;info-&gt;issuer-&gt;d.v2Form-&gt;issuer when the attribute certificate is version 2.</functionDescription> </function> <function id="3"> <functionDeclaration>X509_NAME *X509AC_get_holder_entity_name(X509AC *a)</functionDeclaration> <functionDescription>Searches a-info-&gt;holder-&gt;entity (stack of GENERAL_NAME) for a valid Directory Name</functionDescription> </function> <function id="4"> <functionDeclaration>X509AC_ISSUER_SERIAL *X509AC_get_holder_baseCertID(X509AC *a)</functionDeclaration> <functionDescription>Returns a-&gt;info-&gt;holder-&gt;baseCertID structure of type X509AC_ISSUER_SERIAL.</functionDescription> </function> <function id="5"> <functionDeclaration>ASN1_BIT_STRING *X509AC_get_holder_objectDigestInfo(X509AC *a)</functionDeclaration> <functionDescription>Returns a-&gt;info-&gt;holder-&gt;objectDigestInfo structure of type ASN1_BIT_STRING.</functionDescription> </function> <function id="6"> <functionDeclaration>X509AC_ISSUER_SERIAL *X509AC_get_issuer_baseCertID(X509AC *a)</functionDeclaration> <functionDescription>Returns a-&gt;info-&gt;issuer-&gt;d.v2Form-&gt;baseCertID. This parameter is only available when the certificate is of version 2. For version 1 this parameter is not present.</functionDescription> </function> <function id="7"> <functionDeclaration>ASN1_BIT_STRING *X509AC_get_issuer_objectDigestInfo(X509AC *a)</functionDeclaration> <functionDescription>Returns a-&gt;info-&gt;issuer-&gt;d.v2Form-&gt;digest. This parameter is only available when the certificate is of version 2. For version 1 this parameter is not present.</functionDescription> </function> <function id="8"> <functionDeclaration>long X509AC_get_version(X509AC *a); int X509AC_set_version(X509AC *a, long version)</functionDeclaration> <functionDescription>Get and set the version of the certificate.</functionDescription> </function> </functionSet> <functionSet id="1"> <functionSetName>Functions to set information</functionSetName> <function id="0"> <functionDeclaration>int X509AC_set_holder_entity_name(X509AC* a, X509_NAME *name)</functionDeclaration> <functionDescription>Places a X509_NAME into a-&gt;info-&gt;holder-&gt;entity.</functionDescription> </function> <function id="1"> <functionDeclaration>int X509AC_set_holder_serialNumber(X509AC *x, ASN1_INTEGER *serial)</functionDeclaration> <functionDescription>Sets the serial number in x-&gt;info-&gt;holder-&gt;baseCertID-&gt;serial.</functionDescription> </function> <function id="2"> <functionDeclaration>int X509AC_set_holder_name(X509AC* a, X509_NAME *name)</functionDeclaration> <functionDescription>Sets the name into a-&gt;info-&gt;holder-&gt;baseCertID-&gt;issuer structure.</functionDescription> </function> <function id="3"> <functionDeclaration>int X509AC_set_holder_objectDigestInfo(X509AC *a, X509AC_OBJECT_DIGESTINFO *odig)</functionDeclaration> <functionDescription>Sets the object digest info of the basecertID structure for the holder of the attribute certificate.</functionDescription> </function> <function id="4"> <functionDeclaration>int X509AC_set_holder_baseCertID(X509AC* a, X509AC_ISSUER_SERIAL *bci)</functionDeclaration> <functionDescription>Sets the whole Base Cert ID structure.</functionDescription> </function> <function id="5"> <functionDeclaration>int X509AC_set_issuer_baseCertID(X509AC* a, X509AC_ISSUER_SERIAL *bci)</functionDeclaration> <functionDescription>Takes a baseCertID structure and sets the issuer info of the attribute certificate.</functionDescription> </function> <function id="6"> <functionDeclaration>int X509AC_set_issuer_name(X509AC* a, X509_NAME *name)</functionDeclaration> <functionDescription>Sets the name into the issuer information space. Depending on the version of the certificate it will be inserted in v1Form or in v2From-&gt;issuer.</functionDescription> </function> </functionSet> <functionSet id="2"> <functionSetName>General tools to fill up some of the necessary structures:</functionSetName> <function id="0"> <functionDeclaration>int X509AC_set_GENERAL_NAME_name(GENERAL_NAMES *gens, X509_NAME *name)</functionDeclaration> <functionDescription>Puts a X509_NAME into a GENERAL_NAMES structure.</functionDescription> </function> <function id="1"> <functionDeclaration>int X509AC_set_baseCertID_name(X509AC_ISSUER_SERIAL *bci, X509_NAME *name)</functionDeclaration> <functionDescription>Puts a X509_NAME into a BaseCertId structure.</functionDescription> </function> <function id="2"> <functionDeclaration>int X509AC_set_baseCertID_serial(X509AC_ISSUER_SERIAL *bci, ASN1_INTEGER *serial)</functionDeclaration> <functionDescription>Puts the serial number into a BaseCertId structure.</functionDescription> </function> <function id="3"> <functionDeclaration>int X509AC_set_baseCertID_issuerUniqueID(X509AC_ISSUER_SERIAL *bci, ASN1_BIT_STRING *uid)</functionDeclaration> <functionDescription>Sets an unique id into a BaseCertId structure.</functionDescription> </function> </functionSet> <functionSet> <functionSetName>Attribute functions</functionSetName> <function id="0"> <functionDeclaration>X509_ATTRIBUTE * X509AC_get_attr( X509AC *a, int idx )</functionDeclaration> <functionDescription>Gets the X509_ATTRIBUTE that occupies the position idx in the stack.</functionDescription> </function> <function id="1"> <functionDeclaration>int X509AC_add_attribute_by_NID(X509AC *a, int nid, int atrtype, void *value)</functionDeclaration> <functionDescription>Creates and add an attribute based in its NID.</functionDescription> </function> <function id="2"> <functionDeclaration>int X509AC_add_attribute(X509AC *a, X509_ATTRIBUTE *attr); int X509AC_add_X509_ATTRIBUTE(X509AC *a, X509_ATTRIBUTE *attr)</functionDeclaration> <functionDescription>Adds an attribute to the stack in the attribute certificate.</functionDescription> </function> <function id="3"> <functionDeclaration>ASN1_TYPE *X509AC_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx)</functionDeclaration> <functionDescription>Get a pointer to the ASN1_TYPE structure of the first attribute value of the attribute placed in the position idx.</functionDescription> </function> <function id="4"> <functionDeclaration>void *X509AC_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, int atrtype, void *data)</functionDeclaration> <functionDescription>Gets a pointer to the data of the first attribute value of the attribute placed in the position idx.</functionDescription> </function> <function id="5"> <functionDeclaration>int X509AC_get_attributecount(X509AC *a)</functionDeclaration> <functionDescription>Gets the number of attributes present in a attribute certificate.</functionDescription> </function> </functionSet> <functionSet> <functionSetName>Extensions</functionSetName> <function id="0"> <functionDeclaration>int X509AC_add_extension(X509AC *a, X509_EXTENSION *ex, int loc)</functionDeclaration> <functionDescription>Adds a X509_EXTENSION to the certificate X509_EXTENSION stack.</functionDescription> </function> </functionSet> <functionSet> <functionSetName>Signature</functionSetName> <function id="0"> <functionDeclaration>int X509AC_sign_rsa(X509AC *a, RSA *rsa, EVP_MD *md); int X509AC_sign_pkey(X509AC *a, EVP_PKEY *pkey, EVP_MD *md)</functionDeclaration> <functionDescription>These functions sign the attribute certificate using a RSA key or a EVP_PKEY.</functionDescription> </function> </functionSet> <functionSet> <functionSetName>Presentation</functionSetName> <function id="0"> <functionDeclaration>void X509AC_print(X509AC *ac)</functionDeclaration> <functionDescription>Prints to stdout the information present in a attribute certificate.</functionDescription> </function> <function id="1"> <functionDeclaration>int GENERAL_NAMES_print(FILE *out, GENERAL_NAMES *gens)</functionDeclaration> <functionDescription>Prints GENERAL_NAMES structures.</functionDescription> </function> <function id="2"> <functionDeclaration>int GENERAL_NAME_print(FILE *out, GENERAL_NAME *gen)</functionDeclaration> <functionDescription>Prints GENERAL_NAME structures.</functionDescription> </function> </functionSet> <functionSet> <functionSetName>Misc</functionSetName> <function id="0"> <functionDeclaration>int X509AC_X509_NAME_dup(X509_NAME **xn, X509_NAME *name)</functionDeclaration> <functionDescription>Duplicates a X509_NAME structure.</functionDescription> </function> </functionSet> <functionSet> <functionSetName>Support for RFC3281 attributes</functionSetName> <function id="0"> <functionDeclaration>xxx* xxx_new(); xxx* xxx_dup(xxx*); void xxx_free(xxx*); d2i_xxx(...); i2d_xxx(...);</functionDeclaration> <functionDescription>General functions to alloc, free... attributes described in RFC3281. With xxx: SvceAuthInfo (for Service Authentication Information [id-aca-authenticationInfo] and Acess Identity [id-aca-accessIdentity]) , IetfAttrSyntax (for Charging Identity [id-aca-chargingIdentity] and Group [id-aca-group]) and RoleSyntax (for Role [id-at-role])</functionDescription> </function> <function id="1"> <functionDeclaration>X509attr_xxx_add_value(...)</functionDeclaration> <functionDescription>Functions to add values to attributes. With xxx: SvceAuthInfo, IetfAttrSyntax, RoleSyntax and attribute (GENERAL).</functionDescription> </function> </functionSet> </apiDesc> </documentation> <externalLinks> <link id="0"> <linkText>OpenSSL project</linkText> <linkURL>www.openssl.org</linkURL> </link> <link id="1"> <linkText>Blog of Daniel Diaz</linkText> <linkURL>http://rubinstein.gast.it.uc3m.es/research/dds</linkURL> </link> </externalLinks> <downloads> <download id="0"> <downloadName>Attribute Certificates Toolkit Windows Version (Visual Studio 2005) (version 0.1)</downloadName> <file id="0"> <displayName>Attribute Certificates Toolkit (Zip file)</displayName> <link> <fileName>AC.PMI.it.uc3m.es.zip</fileName> <url>http://www.it.uc3m.es/dds/swRelease/pmi/AC.PMI.it.uc3m.es.v.0.1.zip</url> </link> <version>v0.1 Beta</version> </file> </download> <download id="1"> <downloadName>Attribute Certificates Toolkit for Linux</downloadName> <file id="0"> <displayName>Attribute Certificates Toolkit (tar.gz) (version 0.1)</displayName> <link> <fileName>openSSLAC.tar.gz</fileName> <url>http://www.it.uc3m.es/dds/swRelease/pmi/openSSLAC.tar.gz</url> </link> <version>v0.1 Beta</version> </file> </download> <download id="2"> <downloadName>Attribute Certificates Toolkit Windows Version 0.2 (Visual Studio 2005) Includes ISSUING PROGRAM</downloadName> <file id="0"> <displayName>Attribute Certificates Toolkit and issuing program (zip) (version 0.2). API changes not covered in documentation yet</displayName> <link> <fileName>AC.PMI.it.uc3m.es.v.0.2.zip</fileName> <url>http://www.it.uc3m.es/dds/swRelease/pmi/AC.PMI.it.uc3m.es.v.0.2.zip</url> </link> <version>v0.2 Beta</version> </file> </download> </downloads> </softwareRelease>