1 /*	$NetBSD: hx509.h,v 1.2 2017/01/28 21:31:48 christos Exp $	*/
2 
3 /*
4  * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan
5  * (Royal Institute of Technology, Stockholm, Sweden).
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * 3. Neither the name of the Institute nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 /* Id */
37 
38 #ifndef HEIMDAL_HX509_H
39 #define HEIMDAL_HX509_H 1
40 
41 #include <krb5/rfc2459_asn1.h>
42 #include <stdarg.h>
43 #include <stdio.h>
44 #include <krb5/heimbase.h>
45 
46 typedef struct hx509_cert_attribute_data *hx509_cert_attribute;
47 typedef struct hx509_cert_data *hx509_cert;
48 typedef struct hx509_certs_data *hx509_certs;
49 typedef struct hx509_context_data *hx509_context;
50 typedef struct hx509_crypto_data *hx509_crypto;
51 typedef struct hx509_lock_data *hx509_lock;
52 typedef struct hx509_name_data *hx509_name;
53 typedef struct hx509_private_key *hx509_private_key;
54 typedef struct hx509_private_key_ops hx509_private_key_ops;
55 typedef struct hx509_validate_ctx_data *hx509_validate_ctx;
56 typedef struct hx509_verify_ctx_data *hx509_verify_ctx;
57 typedef struct hx509_revoke_ctx_data *hx509_revoke_ctx;
58 typedef struct hx509_query_data hx509_query;
59 typedef void * hx509_cursor;
60 typedef struct hx509_request_data *hx509_request;
61 typedef struct hx509_error_data *hx509_error;
62 typedef struct hx509_peer_info *hx509_peer_info;
63 typedef struct hx509_ca_tbs *hx509_ca_tbs;
64 typedef struct hx509_env_data *hx509_env;
65 typedef struct hx509_crl *hx509_crl;
66 
67 typedef void (*hx509_vprint_func)(void *, const char *, va_list);
68 
69 enum {
70     HX509_VHN_F_ALLOW_NO_MATCH = 1
71 };
72 
73 enum {
74     HX509_VALIDATE_F_VALIDATE = 1,
75     HX509_VALIDATE_F_VERBOSE = 2
76 };
77 
78 enum {
79     HX509_CRYPTO_PADDING_PKCS7 = 0,
80     HX509_CRYPTO_PADDING_NONE = 1
81 };
82 
83 enum {
84     HX509_KEY_FORMAT_GUESS = 0,
85     HX509_KEY_FORMAT_DER = 1,
86     HX509_KEY_FORMAT_WIN_BACKUPKEY = 2
87 };
88 typedef uint32_t hx509_key_format_t;
89 
90 struct hx509_cert_attribute_data {
91     heim_oid oid;
92     heim_octet_string data;
93 };
94 
95 typedef enum {
96     HX509_PROMPT_TYPE_PASSWORD		= 0x1,	/* password, hidden */
97     HX509_PROMPT_TYPE_QUESTION		= 0x2,	/* question, not hidden */
98     HX509_PROMPT_TYPE_INFO		= 0x4	/* infomation, reply doesn't matter */
99 } hx509_prompt_type;
100 
101 typedef struct hx509_prompt {
102     const char *prompt;
103     hx509_prompt_type type;
104     heim_octet_string reply;
105 } hx509_prompt;
106 
107 typedef int (*hx509_prompter_fct)(void *, const hx509_prompt *);
108 
109 typedef struct hx509_octet_string_list {
110     size_t len;
111     heim_octet_string *val;
112 } hx509_octet_string_list;
113 
114 typedef struct hx509_pem_header {
115     struct hx509_pem_header *next;
116     char *header;
117     char *value;
118 } hx509_pem_header;
119 
120 typedef int
121 (*hx509_pem_read_func)(hx509_context, const char *, const hx509_pem_header *,
122 		       const void *, size_t, void *ctx);
123 
124 /*
125  * Options passed to hx509_query_match_option.
126  */
127 typedef enum {
128     HX509_QUERY_OPTION_PRIVATE_KEY = 1,
129     HX509_QUERY_OPTION_KU_ENCIPHERMENT = 2,
130     HX509_QUERY_OPTION_KU_DIGITALSIGNATURE = 3,
131     HX509_QUERY_OPTION_KU_KEYCERTSIGN = 4,
132     HX509_QUERY_OPTION_END = 0xffff
133 } hx509_query_option;
134 
135 /* flags to hx509_certs_init */
136 #define HX509_CERTS_CREATE				0x01
137 #define HX509_CERTS_UNPROTECT_ALL			0x02
138 
139 /* flags to hx509_set_error_string */
140 #define HX509_ERROR_APPEND				0x01
141 
142 /* flags to hx509_cms_unenvelope */
143 #define HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT	0x01
144 #define HX509_CMS_UE_ALLOW_WEAK				0x02
145 
146 /* flags to hx509_cms_envelope_1 */
147 #define HX509_CMS_EV_NO_KU_CHECK			0x01
148 #define HX509_CMS_EV_ALLOW_WEAK				0x02
149 #define HX509_CMS_EV_ID_NAME				0x04
150 
151 /* flags to hx509_cms_verify_signed */
152 #define HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH		0x01
153 #define HX509_CMS_VS_NO_KU_CHECK			0x02
154 #define HX509_CMS_VS_ALLOW_ZERO_SIGNER			0x04
155 #define HX509_CMS_VS_NO_VALIDATE			0x08
156 
157 /* selectors passed to hx509_crypto_select and hx509_crypto_available */
158 #define HX509_SELECT_ALL 0
159 #define HX509_SELECT_DIGEST 1
160 #define HX509_SELECT_PUBLIC_SIG 2
161 #define HX509_SELECT_PUBLIC_ENC 3
162 #define HX509_SELECT_SECRET_ENC 4
163 
164 /* flags to hx509_ca_tbs_set_template */
165 #define HX509_CA_TEMPLATE_SUBJECT 1
166 #define HX509_CA_TEMPLATE_SERIAL 2
167 #define HX509_CA_TEMPLATE_NOTBEFORE 4
168 #define HX509_CA_TEMPLATE_NOTAFTER 8
169 #define HX509_CA_TEMPLATE_SPKI 16
170 #define HX509_CA_TEMPLATE_KU 32
171 #define HX509_CA_TEMPLATE_EKU 64
172 
173 /* flags hx509_cms_create_signed* */
174 #define HX509_CMS_SIGNATURE_DETACHED			0x01
175 #define HX509_CMS_SIGNATURE_ID_NAME			0x02
176 #define HX509_CMS_SIGNATURE_NO_SIGNER			0x04
177 #define HX509_CMS_SIGNATURE_LEAF_ONLY			0x08
178 #define HX509_CMS_SIGNATURE_NO_CERTS			0x10
179 
180 /* hx509_verify_hostname nametype */
181 typedef enum  {
182     HX509_HN_HOSTNAME = 0,
183     HX509_HN_DNSSRV
184 } hx509_hostname_type;
185 
186 #include <krb5/hx509-protos.h>
187 #include <krb5/hx509_err.h>
188 
189 #endif /* HEIMDAL_HX509_H */
190