x509-ada.git
12 months agoDrop unneeded use type clauses master
Adrian-Ken Rueegsegger [Fri, 6 Oct 2017 10:01:16 +0000 (12:01 +0200)]
Drop unneeded use type clauses

4 years agoAdjust cert validity check in Load_Cert test v0.1.1
Reto Buerki [Wed, 17 Sep 2014 12:25:14 +0000 (14:25 +0200)]
Adjust cert validity check in Load_Cert test

The reference certificate has expired, adjust the Load_Cert test
accordingly: Assert that the cert is detected as non valid.

5 years agoAdd AUTHORS file v0.1
Adrian-Ken Rueegsegger [Thu, 31 Jan 2013 11:34:11 +0000 (12:34 +0100)]
Add AUTHORS file

5 years agoAdd TODO file
Adrian-Ken Rueegsegger [Tue, 29 Jan 2013 13:16:09 +0000 (14:16 +0100)]
Add TODO file

5 years agoAdd License pragma
Reto Buerki [Thu, 24 Jan 2013 16:22:38 +0000 (17:22 +0100)]
Add License pragma

5 years agoAdd COPYING file
Reto Buerki [Thu, 24 Jan 2013 16:21:55 +0000 (17:21 +0100)]
Add COPYING file

5 years agoMakefile: Enable parallel build
Reto Buerki [Thu, 24 Jan 2013 10:26:38 +0000 (11:26 +0100)]
Makefile: Enable parallel build

5 years agoMake validity period 'inclusive'
Reto Buerki [Fri, 14 Dec 2012 14:51:38 +0000 (15:51 +0100)]
Make validity period 'inclusive'

See RFC 5280, section 4.1.2.5.

5 years agoAdd copyright headers
Reto Buerki [Thu, 8 Nov 2012 16:37:45 +0000 (17:37 +0100)]
Add copyright headers

5 years agoUse extended return in Validity.To_Ada function
Adrian-Ken Rueegsegger [Tue, 6 Nov 2012 12:45:17 +0000 (13:45 +0100)]
Use extended return in Validity.To_Ada function

5 years agoAvoid usage of access in Names.To_Ada function
Reto Buerki [Tue, 6 Nov 2012 12:37:09 +0000 (13:37 +0100)]
Avoid usage of access in Names.To_Ada function

5 years agoAvoid usage of access in Validity.To_Ada function
Reto Buerki [Tue, 6 Nov 2012 12:36:42 +0000 (13:36 +0100)]
Avoid usage of access in Validity.To_Ada function

5 years agoAvoid usage of access in OID.To_Ada function
Adrian-Ken Rueegsegger [Mon, 5 Nov 2012 23:04:54 +0000 (00:04 +0100)]
Avoid usage of access in OID.To_Ada function

5 years agoFix some typos
Adrian-Ken Rueegsegger [Mon, 5 Nov 2012 23:02:35 +0000 (00:02 +0100)]
Fix some typos

5 years agoCerts: Return signature as byte array
Reto Buerki [Wed, 31 Oct 2012 13:21:35 +0000 (14:21 +0100)]
Certs: Return signature as byte array

5 years agoUtils: Export Byte_Array-based To_Hex_String function
Reto Buerki [Wed, 31 Oct 2012 13:18:14 +0000 (14:18 +0100)]
Utils: Export Byte_Array-based To_Hex_String function

5 years agoAdd Get_Tbs_Data getter to Certificate_Type
Reto Buerki [Wed, 31 Oct 2012 10:55:42 +0000 (11:55 +0100)]
Add Get_Tbs_Data getter to Certificate_Type

This getter returns the DER encoded TBSCertificate data.

5 years agoAdd Null_Byte_Array constant
Reto Buerki [Wed, 31 Oct 2012 10:54:53 +0000 (11:54 +0100)]
Add Null_Byte_Array constant

5 years agoAdd thin binding for ASN.1 DER encoder
Reto Buerki [Wed, 31 Oct 2012 09:44:59 +0000 (10:44 +0100)]
Add thin binding for ASN.1 DER encoder

5 years agoFree BasicConstraints structure after use
Reto Buerki [Tue, 30 Oct 2012 13:25:12 +0000 (14:25 +0100)]
Free BasicConstraints structure after use

5 years agoImplement To_Bytes function
Reto Buerki [Tue, 30 Oct 2012 13:24:32 +0000 (14:24 +0100)]
Implement To_Bytes function

This function converts a buffer given by address and size to byte array.

5 years agoCerts: Add buffer-based Load procedure
Reto Buerki [Tue, 30 Oct 2012 11:26:29 +0000 (12:26 +0100)]
Certs: Add buffer-based Load procedure

This Load procedure loads an X.509 certificate from a given byte arrray
buffer.

5 years agoExtend validity test
Reto Buerki [Tue, 30 Oct 2012 09:28:29 +0000 (10:28 +0100)]
Extend validity test

Load CA certificate with expired validity and assert that the Is_Valid
function returns False.

5 years agoMake thin binding a separate library project
Reto Buerki [Tue, 30 Oct 2012 08:51:54 +0000 (09:51 +0100)]
Make thin binding a separate library project

5 years agoDrop duplicate asn_application.h source file
Reto Buerki [Tue, 30 Oct 2012 08:37:39 +0000 (09:37 +0100)]
Drop duplicate asn_application.h source file

5 years agoExtract CA status from certificate
Reto Buerki [Mon, 29 Oct 2012 17:48:49 +0000 (18:48 +0100)]
Extract CA status from certificate

5 years agoImplement X509.Extensions package
Reto Buerki [Mon, 29 Oct 2012 17:45:09 +0000 (18:45 +0100)]
Implement X509.Extensions package

This package provides the Is_Ca function which can be used to check if a
given ASN.1 Extensions_t array contains a X509v3 basic constraint which
is set to TRUE.

5 years agoAdd thin binding for BasicConstraints
Reto Buerki [Mon, 29 Oct 2012 17:15:26 +0000 (18:15 +0100)]
Add thin binding for BasicConstraints

5 years agoAdd cRLDistributionPoints OID
Reto Buerki [Mon, 29 Oct 2012 17:12:06 +0000 (18:12 +0100)]
Add cRLDistributionPoints OID

5 years agoAdd subjectAltName OID
Reto Buerki [Mon, 29 Oct 2012 17:10:55 +0000 (18:10 +0100)]
Add subjectAltName OID

5 years agoAdd authorityKeyIdentifier OID
Reto Buerki [Mon, 29 Oct 2012 17:09:53 +0000 (18:09 +0100)]
Add authorityKeyIdentifier OID

5 years agoAdd subjectKeyIdentifier OID
Reto Buerki [Mon, 29 Oct 2012 17:08:43 +0000 (18:08 +0100)]
Add subjectKeyIdentifier OID

5 years agoAdd keyUsage OID
Reto Buerki [Mon, 29 Oct 2012 17:07:00 +0000 (18:07 +0100)]
Add keyUsage OID

5 years agoAdd basicConstraints OID
Reto Buerki [Mon, 29 Oct 2012 17:03:31 +0000 (18:03 +0100)]
Add basicConstraints OID

5 years agoUpdate generated X.509 code
Reto Buerki [Mon, 29 Oct 2012 16:57:45 +0000 (17:57 +0100)]
Update generated X.509 code

No significant changes.

5 years agoUpdate X.509 ASN.1 specification to RFC 5280
Reto Buerki [Mon, 29 Oct 2012 16:55:19 +0000 (17:55 +0100)]
Update X.509 ASN.1 specification to RFC 5280

Extracted from RFC 5280 using the following commands:
$ wget https://www.ietf.org/rfc/rfc5280.txt
$ crfc2asn1.pl rfc5280.txt

The definitions of 'AlgorithmIdentifier' and 'Version' have been renamed
to 'XAlgorithmIdentifier' and 'XVersion' to avoid clashes with the
PKCS#1 specification.

Furthermore, the definition of 'Time' has been renamed to 'XTime' to
avoid clashes with the system-wide time.h header file
(/usr/include/time.h).

5 years agoOids: Use anonymous access type as To_Ada argument
Reto Buerki [Mon, 29 Oct 2012 16:32:48 +0000 (17:32 +0100)]
Oids: Use anonymous access type as To_Ada argument

This enforces a runtime access check and avoids Unchecked_Access
attribute usage.

5 years agoExtract validity period from certificate
Reto Buerki [Mon, 29 Oct 2012 15:50:32 +0000 (16:50 +0100)]
Extract validity period from certificate

5 years agoImplement X509.Validity package
Reto Buerki [Mon, 29 Oct 2012 15:48:10 +0000 (16:48 +0100)]
Implement X509.Validity package

This package provides the To_Ada function which can be used to convert
an ASN.1 Validity_t structure to Ada Validity_Type.

5 years agoMove Conversion_Error to top-level package
Reto Buerki [Mon, 29 Oct 2012 14:28:40 +0000 (15:28 +0100)]
Move Conversion_Error to top-level package

5 years agoIntroduce Decode_X520 function
Reto Buerki [Mon, 29 Oct 2012 13:44:46 +0000 (14:44 +0100)]
Introduce Decode_X520 function

Move the X520 Oid case statement into a separate function.

5 years agoExtract subject from certificate
Reto Buerki [Mon, 29 Oct 2012 11:36:07 +0000 (12:36 +0100)]
Extract subject from certificate

5 years agoSupport teletex string X520CommonName
Reto Buerki [Mon, 29 Oct 2012 11:35:27 +0000 (12:35 +0100)]
Support teletex string X520CommonName

5 years agoImplement X520OrganizationalUnitName decoding
Reto Buerki [Mon, 29 Oct 2012 11:34:31 +0000 (12:34 +0100)]
Implement X520OrganizationalUnitName decoding

5 years agoAdd thin binding for X520OrganizationalUnitName
Reto Buerki [Mon, 29 Oct 2012 11:12:46 +0000 (12:12 +0100)]
Add thin binding for X520OrganizationalUnitName

5 years agoDecoder: Make buffer size argument Positive
Reto Buerki [Mon, 29 Oct 2012 11:10:47 +0000 (12:10 +0100)]
Decoder: Make buffer size argument Positive

5 years agoAdd organizationalUnitName OID
Reto Buerki [Mon, 29 Oct 2012 11:02:31 +0000 (12:02 +0100)]
Add organizationalUnitName OID

5 years agoExtract issuer from certificate
Reto Buerki [Mon, 29 Oct 2012 10:56:19 +0000 (11:56 +0100)]
Extract issuer from certificate

5 years agoImplement X509.Names package
Reto Buerki [Mon, 29 Oct 2012 10:55:04 +0000 (11:55 +0100)]
Implement X509.Names package

This package provides the To_Ada function which can be used to convert
an ASN.1 Name_t structure to String.

5 years agoAdd thin binding for X520countryName
Reto Buerki [Mon, 29 Oct 2012 10:06:27 +0000 (11:06 +0100)]
Add thin binding for X520countryName

5 years agoAdd thin binding for X520OrganizationName
Reto Buerki [Mon, 29 Oct 2012 10:00:35 +0000 (11:00 +0100)]
Add thin binding for X520OrganizationName

5 years agoFactor out ASN.1 type decoding
Reto Buerki [Mon, 29 Oct 2012 09:15:50 +0000 (10:15 +0100)]
Factor out ASN.1 type decoding

5 years agoUtils: Add To_String function
Reto Buerki [Fri, 26 Oct 2012 16:58:38 +0000 (18:58 +0200)]
Utils: Add To_String function

This function returns the string representation of a buffer with given
size starting at specified address.

5 years agoAdd thin binding for X520CommonName
Reto Buerki [Fri, 26 Oct 2012 16:32:28 +0000 (18:32 +0200)]
Add thin binding for X520CommonName

5 years agoAdd commonName OID
Reto Buerki [Fri, 26 Oct 2012 16:25:14 +0000 (18:25 +0200)]
Add commonName OID

5 years agoAdd organizationName OID
Reto Buerki [Fri, 26 Oct 2012 16:23:55 +0000 (18:23 +0200)]
Add organizationName OID

5 years agoAdd countryName OID
Reto Buerki [Fri, 26 Oct 2012 16:22:36 +0000 (18:22 +0200)]
Add countryName OID

5 years agoRename Get_Sigalg function to Get_Signature_Alg
Reto Buerki [Fri, 26 Oct 2012 15:40:16 +0000 (17:40 +0200)]
Rename Get_Sigalg function to Get_Signature_Alg

5 years agoExtract public key algorithm OID from certificate
Reto Buerki [Fri, 26 Oct 2012 15:38:42 +0000 (17:38 +0200)]
Extract public key algorithm OID from certificate

5 years agoAdd rsaEncryption OID
Reto Buerki [Fri, 26 Oct 2012 15:37:54 +0000 (17:37 +0200)]
Add rsaEncryption OID

5 years agoFree ASN.1 certificate structure on exception
Reto Buerki [Fri, 26 Oct 2012 15:21:45 +0000 (17:21 +0200)]
Free ASN.1 certificate structure on exception

5 years agoExtract signature algorithm OID from certificate
Reto Buerki [Fri, 26 Oct 2012 15:17:21 +0000 (17:17 +0200)]
Extract signature algorithm OID from certificate

5 years agoImplement abstraction for ASN.1 OIDs
Reto Buerki [Fri, 26 Oct 2012 15:10:02 +0000 (17:10 +0200)]
Implement abstraction for ASN.1 OIDs

The X509.Oids package provides the To_Ada conversion function which can
be used to convert an ASN.1 OBJECT_IDENTIFIER structure to Ada Oid_Type
enum type.

The package contains a map of known OIDs; To_Ada raises a conversion
error exception if the ASN.1 OID given as argument is unknown.

5 years agoImprove x509 fuzzing variance
Reto Buerki [Fri, 26 Oct 2012 10:22:32 +0000 (12:22 +0200)]
Improve x509 fuzzing variance

By setting the Validity times to correct values and using a valid
bits_unused field for BIT_STRINGs (sometimes).

5 years agoRename Constraints_Error to Validation_Error
Reto Buerki [Thu, 25 Oct 2012 15:46:58 +0000 (17:46 +0200)]
Rename Constraints_Error to Validation_Error

5 years agoFree allocated memory if constraint check fails
Reto Buerki [Thu, 25 Oct 2012 15:45:46 +0000 (17:45 +0200)]
Free allocated memory if constraint check fails

5 years agoImplement Load_Random_ASN1 test
Reto Buerki [Thu, 25 Oct 2012 15:30:48 +0000 (17:30 +0200)]
Implement Load_Random_ASN1 test

This test verifies that loading random ASN.1 structures into
certificates fails (fuzzing).

5 years agoAdd David Howell's asn1random.pl script
Reto Buerki [Thu, 25 Oct 2012 15:25:37 +0000 (17:25 +0200)]
Add David Howell's asn1random.pl script

This script generates random but valid ASN.1 data.

5 years agoImplement Load_Random_Chunk test
Reto Buerki [Thu, 25 Oct 2012 15:22:24 +0000 (17:22 +0200)]
Implement Load_Random_Chunk test

This test verifies that loading random data into certificates fails
(fuzzing).

5 years agoAdd fuzz.sh script
Reto Buerki [Thu, 25 Oct 2012 15:17:28 +0000 (17:17 +0200)]
Add fuzz.sh script

This script uses the dd utility to generate random data.

5 years agoImplement Load_Random_Certs test
Reto Buerki [Thu, 25 Oct 2012 14:58:16 +0000 (16:58 +0200)]
Implement Load_Random_Certs test

This test uses the x509random.pl script to generate X.509 certificates
with random data. The test asserts that loading of the generated certs
results in a constraint validation error.

5 years agoAdd Test_Utils package
Reto Buerki [Thu, 25 Oct 2012 14:57:07 +0000 (16:57 +0200)]
Add Test_Utils package

The Test_Utils package provides the Execute procedure which can be used
to run system commands.

5 years agoAdd x509random.pl script
Reto Buerki [Thu, 25 Oct 2012 14:45:24 +0000 (16:45 +0200)]
Add x509random.pl script

This script generates validly formatted X.509 certificates filled with
mostly random data, including for the RSA key and signature fields.

The script has been written by David Howells to test the kernel ASN.1
decoder [1].

[1] - https://patchwork.kernel.org/patch/1454941/

5 years agoExtend private, public key from Key_Type
Reto Buerki [Thu, 25 Oct 2012 13:22:42 +0000 (15:22 +0200)]
Extend private, public key from Key_Type

5 years agoIntroduce abstract Key_Type
Reto Buerki [Thu, 25 Oct 2012 13:12:49 +0000 (15:12 +0200)]
Introduce abstract Key_Type

The abstract Key_Type provides the common functionality of RSA private
and public keys.

5 years agoFactor out constraints checking to own package
Reto Buerki [Thu, 25 Oct 2012 13:08:47 +0000 (15:08 +0200)]
Factor out constraints checking to own package

5 years agoImplement RSA public key abstraction
Reto Buerki [Thu, 25 Oct 2012 11:53:41 +0000 (13:53 +0200)]
Implement RSA public key abstraction

5 years agoAdd thin binding for RSAPublicKey
Reto Buerki [Thu, 25 Oct 2012 08:54:53 +0000 (10:54 +0200)]
Add thin binding for RSAPublicKey

5 years agoImplement initial X.509 certificate abstraction
Reto Buerki [Thu, 25 Oct 2012 08:29:34 +0000 (10:29 +0200)]
Implement initial X.509 certificate abstraction

The Certificate_Type in the X509.Certs package can be used to load X.509
certificates. The type provides getters to access the certificate
information.

5 years agoChange To_Hex_String argument to System.Address
Reto Buerki [Thu, 25 Oct 2012 08:23:10 +0000 (10:23 +0200)]
Change To_Hex_String argument to System.Address

The To_Hex_String procedure now expects address and size arguments
instead of INTEGER_t. This allows to convert all ASN.1 primitive types
to hex.

5 years agoAdd auto-generated Ada thin binding for X.509 certs
Reto Buerki [Tue, 23 Oct 2012 14:16:54 +0000 (16:16 +0200)]
Add auto-generated Ada thin binding for X.509 certs

The binding has been generated for the x86_64 architecture. Some minor
modifications of the generated Ada code were needed to make it compile:

1. Fix incorrect 'limited with' includes
2. Delete unneeded files (cosmetic)

5 years agoMove Load_Error exception to top-level package
Reto Buerki [Tue, 23 Oct 2012 14:09:22 +0000 (16:09 +0200)]
Move Load_Error exception to top-level package

5 years agoUpdate common Ada thin binding files
Reto Buerki [Tue, 23 Oct 2012 14:03:52 +0000 (16:03 +0200)]
Update common Ada thin binding files

Cosmetic change; only the comments referring to the location of the C
sources have changed.

5 years agoFactor out reading of file contents
Reto Buerki [Tue, 23 Oct 2012 12:10:41 +0000 (14:10 +0200)]
Factor out reading of file contents

5 years agoRename GNAT project from X509_Ada to X509ada
Reto Buerki [Tue, 23 Oct 2012 08:28:48 +0000 (10:28 +0200)]
Rename GNAT project from X509_Ada to X509ada

5 years agoAdd compiled PKIX X.509 files
Reto Buerki [Mon, 22 Oct 2012 12:42:40 +0000 (14:42 +0200)]
Add compiled PKIX X.509 files

The files in the src/c/x509 directory have been compiled from the ASN.1
specification found in RFC 3280 using asn1c:

$ asn1c -fskeletons-copy asn.1/rfc3280-PKIX1*.asn

Some additional steps had to be performed manually:

1. Move asn_OS_Subvariant enum out of struct
2. Move asn_per_constraint_flags enum out of struct

5 years agoMove common C files to src/c/common directory
Reto Buerki [Mon, 22 Oct 2012 12:26:13 +0000 (14:26 +0200)]
Move common C files to src/c/common directory

5 years agoAdd RFC 3280 ASN.1 specification
Reto Buerki [Mon, 22 Oct 2012 12:13:55 +0000 (14:13 +0200)]
Add RFC 3280 ASN.1 specification

Extracted from RFC 3280 using the following commands:
$ wget https://www.ietf.org/rfc/rfc3280.txt
$ crfc2asn1.pl rfc3280.txt

The definitions of 'AlgorithmIdentifier' and 'Version' have been renamed
to 'XAlgorithmIdentifier' and 'XVersion' to avoid clashes with the
PKCS#1 specification.

Furthermore, the definition of 'Time' has been renamed to 'XTime' to
avoid clashes with the system-wide time.h header file
(/usr/include/time.h).

6 years agoImplement Get_Size function
Reto Buerki [Tue, 16 Oct 2012 12:18:43 +0000 (14:18 +0200)]
Implement Get_Size function

This function returns the size of the private key modulus in bits.

6 years agoAdd Null_Private_Key constant
Reto Buerki [Tue, 16 Oct 2012 10:01:48 +0000 (12:01 +0200)]
Add Null_Private_Key constant

6 years agoInstall missing thin binding ALI files
Reto Buerki [Tue, 16 Oct 2012 08:02:20 +0000 (10:02 +0200)]
Install missing thin binding ALI files

6 years agoImplement Get_Coefficient getter
Reto Buerki [Tue, 9 Oct 2012 09:26:19 +0000 (11:26 +0200)]
Implement Get_Coefficient getter

6 years agoImplement Get_Exponent[1|2] getters
Reto Buerki [Tue, 9 Oct 2012 09:19:40 +0000 (11:19 +0200)]
Implement Get_Exponent[1|2] getters

6 years agoImplement Get_Prime_[P|Q] getters
Reto Buerki [Tue, 9 Oct 2012 09:12:18 +0000 (11:12 +0200)]
Implement Get_Prime_[P|Q] getters

6 years agoImplement Get_Priv_Exponent getter
Reto Buerki [Tue, 9 Oct 2012 08:59:49 +0000 (10:59 +0200)]
Implement Get_Priv_Exponent getter

6 years agoImplement Get_Pub_Exponent getter
Reto Buerki [Tue, 9 Oct 2012 08:51:10 +0000 (10:51 +0200)]
Implement Get_Pub_Exponent getter

6 years agoAdd Makefile and GNAT project file
Reto Buerki [Tue, 9 Oct 2012 08:39:11 +0000 (10:39 +0200)]
Add Makefile and GNAT project file

6 years agoAdd library project file
Reto Buerki [Tue, 9 Oct 2012 08:29:58 +0000 (10:29 +0200)]
Add library project file

6 years agoImplement PKCS#1 RSA private key abstraction
Reto Buerki [Tue, 9 Oct 2012 06:56:04 +0000 (08:56 +0200)]
Implement PKCS#1 RSA private key abstraction

The RSA_Private_Key_Type in the X509.Keys package can be used to load
PKCS#1 RSA private keys. The type provides getters to access the key
information.

6 years agoAdd auto-generated Ada thin binding for PKCS#1
Reto Buerki [Mon, 8 Oct 2012 14:03:35 +0000 (16:03 +0200)]
Add auto-generated Ada thin binding for PKCS#1

The binding has been generated for the x86_64 architecture. Some minor
modifications of the generated Ada code were needed to make it compile:

1. Fix incorrect 'limited with' includes
2. libio_h.ads: Fix buffers of size 1
3. Delete unneeded files (cosmetic)