1 /* $NetBSD: hx509.h,v 1.1.1.2 2011/04/14 14:08:56 elric Exp $ */ 2 3 /* 4 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 /* Id */ 37 38 #ifndef HEIMDAL_HX509_H 39 #define HEIMDAL_HX509_H 1 40 41 #include <krb5/rfc2459_asn1.h> 42 #include <stdarg.h> 43 #include <stdio.h> 44 45 typedef struct hx509_cert_attribute_data *hx509_cert_attribute; 46 typedef struct hx509_cert_data *hx509_cert; 47 typedef struct hx509_certs_data *hx509_certs; 48 typedef struct hx509_context_data *hx509_context; 49 typedef struct hx509_crypto_data *hx509_crypto; 50 typedef struct hx509_lock_data *hx509_lock; 51 typedef struct hx509_name_data *hx509_name; 52 typedef struct hx509_private_key *hx509_private_key; 53 typedef struct hx509_private_key_ops hx509_private_key_ops; 54 typedef struct hx509_validate_ctx_data *hx509_validate_ctx; 55 typedef struct hx509_verify_ctx_data *hx509_verify_ctx; 56 typedef struct hx509_revoke_ctx_data *hx509_revoke_ctx; 57 typedef struct hx509_query_data hx509_query; 58 typedef void * hx509_cursor; 59 typedef struct hx509_request_data *hx509_request; 60 typedef struct hx509_error_data *hx509_error; 61 typedef struct hx509_peer_info *hx509_peer_info; 62 typedef struct hx509_ca_tbs *hx509_ca_tbs; 63 typedef struct hx509_env_data *hx509_env; 64 typedef struct hx509_crl *hx509_crl; 65 66 typedef void (*hx509_vprint_func)(void *, const char *, va_list); 67 68 enum { 69 HX509_VHN_F_ALLOW_NO_MATCH = 1 70 }; 71 72 enum { 73 HX509_VALIDATE_F_VALIDATE = 1, 74 HX509_VALIDATE_F_VERBOSE = 2 75 }; 76 77 enum { 78 HX509_CRYPTO_PADDING_PKCS7 = 0, 79 HX509_CRYPTO_PADDING_NONE = 1 80 }; 81 82 enum { 83 HX509_KEY_FORMAT_GUESS = 0, 84 HX509_KEY_FORMAT_DER = 1, 85 HX509_KEY_FORMAT_WIN_BACKUPKEY = 2 86 }; 87 typedef uint32_t hx509_key_format_t; 88 89 struct hx509_cert_attribute_data { 90 heim_oid oid; 91 heim_octet_string data; 92 }; 93 94 typedef enum { 95 HX509_PROMPT_TYPE_PASSWORD = 0x1, /* password, hidden */ 96 HX509_PROMPT_TYPE_QUESTION = 0x2, /* question, not hidden */ 97 HX509_PROMPT_TYPE_INFO = 0x4 /* infomation, reply doesn't matter */ 98 } hx509_prompt_type; 99 100 typedef struct hx509_prompt { 101 const char *prompt; 102 hx509_prompt_type type; 103 heim_octet_string reply; 104 } hx509_prompt; 105 106 typedef int (*hx509_prompter_fct)(void *, const hx509_prompt *); 107 108 typedef struct hx509_octet_string_list { 109 size_t len; 110 heim_octet_string *val; 111 } hx509_octet_string_list; 112 113 typedef struct hx509_pem_header { 114 struct hx509_pem_header *next; 115 char *header; 116 char *value; 117 } hx509_pem_header; 118 119 typedef int 120 (*hx509_pem_read_func)(hx509_context, const char *, const hx509_pem_header *, 121 const void *, size_t, void *ctx); 122 123 /* 124 * Options passed to hx509_query_match_option. 125 */ 126 typedef enum { 127 HX509_QUERY_OPTION_PRIVATE_KEY = 1, 128 HX509_QUERY_OPTION_KU_ENCIPHERMENT = 2, 129 HX509_QUERY_OPTION_KU_DIGITALSIGNATURE = 3, 130 HX509_QUERY_OPTION_KU_KEYCERTSIGN = 4, 131 HX509_QUERY_OPTION_END = 0xffff 132 } hx509_query_option; 133 134 /* flags to hx509_certs_init */ 135 #define HX509_CERTS_CREATE 0x01 136 #define HX509_CERTS_UNPROTECT_ALL 0x02 137 138 /* flags to hx509_set_error_string */ 139 #define HX509_ERROR_APPEND 0x01 140 141 /* flags to hx509_cms_unenvelope */ 142 #define HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT 0x01 143 #define HX509_CMS_UE_ALLOW_WEAK 0x02 144 145 /* flags to hx509_cms_envelope_1 */ 146 #define HX509_CMS_EV_NO_KU_CHECK 0x01 147 #define HX509_CMS_EV_ALLOW_WEAK 0x02 148 #define HX509_CMS_EV_ID_NAME 0x04 149 150 /* flags to hx509_cms_verify_signed */ 151 #define HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH 0x01 152 #define HX509_CMS_VS_NO_KU_CHECK 0x02 153 #define HX509_CMS_VS_ALLOW_ZERO_SIGNER 0x04 154 #define HX509_CMS_VS_NO_VALIDATE 0x08 155 156 /* selectors passed to hx509_crypto_select and hx509_crypto_available */ 157 #define HX509_SELECT_ALL 0 158 #define HX509_SELECT_DIGEST 1 159 #define HX509_SELECT_PUBLIC_SIG 2 160 #define HX509_SELECT_PUBLIC_ENC 3 161 #define HX509_SELECT_SECRET_ENC 4 162 163 /* flags to hx509_ca_tbs_set_template */ 164 #define HX509_CA_TEMPLATE_SUBJECT 1 165 #define HX509_CA_TEMPLATE_SERIAL 2 166 #define HX509_CA_TEMPLATE_NOTBEFORE 4 167 #define HX509_CA_TEMPLATE_NOTAFTER 8 168 #define HX509_CA_TEMPLATE_SPKI 16 169 #define HX509_CA_TEMPLATE_KU 32 170 #define HX509_CA_TEMPLATE_EKU 64 171 172 /* flags hx509_cms_create_signed* */ 173 #define HX509_CMS_SIGNATURE_DETACHED 0x01 174 #define HX509_CMS_SIGNATURE_ID_NAME 0x02 175 #define HX509_CMS_SIGNATURE_NO_SIGNER 0x04 176 #define HX509_CMS_SIGNATURE_LEAF_ONLY 0x08 177 #define HX509_CMS_SIGNATURE_NO_CERTS 0x10 178 179 /* hx509_verify_hostname nametype */ 180 typedef enum { 181 HX509_HN_HOSTNAME = 0, 182 HX509_HN_DNSSRV 183 } hx509_hostname_type; 184 185 #include <krb5/hx509-protos.h> 186 #include <krb5/hx509_err.h> 187 188 #endif /* HEIMDAL_HX509_H */ 189