1 /* $NetBSD: hx509.h,v 1.2 2017/01/28 21:31:48 christos Exp $ */ 2 3 /* 4 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 /* Id */ 37 38 #ifndef HEIMDAL_HX509_H 39 #define HEIMDAL_HX509_H 1 40 41 #include <krb5/rfc2459_asn1.h> 42 #include <stdarg.h> 43 #include <stdio.h> 44 #include <krb5/heimbase.h> 45 46 typedef struct hx509_cert_attribute_data *hx509_cert_attribute; 47 typedef struct hx509_cert_data *hx509_cert; 48 typedef struct hx509_certs_data *hx509_certs; 49 typedef struct hx509_context_data *hx509_context; 50 typedef struct hx509_crypto_data *hx509_crypto; 51 typedef struct hx509_lock_data *hx509_lock; 52 typedef struct hx509_name_data *hx509_name; 53 typedef struct hx509_private_key *hx509_private_key; 54 typedef struct hx509_private_key_ops hx509_private_key_ops; 55 typedef struct hx509_validate_ctx_data *hx509_validate_ctx; 56 typedef struct hx509_verify_ctx_data *hx509_verify_ctx; 57 typedef struct hx509_revoke_ctx_data *hx509_revoke_ctx; 58 typedef struct hx509_query_data hx509_query; 59 typedef void * hx509_cursor; 60 typedef struct hx509_request_data *hx509_request; 61 typedef struct hx509_error_data *hx509_error; 62 typedef struct hx509_peer_info *hx509_peer_info; 63 typedef struct hx509_ca_tbs *hx509_ca_tbs; 64 typedef struct hx509_env_data *hx509_env; 65 typedef struct hx509_crl *hx509_crl; 66 67 typedef void (*hx509_vprint_func)(void *, const char *, va_list); 68 69 enum { 70 HX509_VHN_F_ALLOW_NO_MATCH = 1 71 }; 72 73 enum { 74 HX509_VALIDATE_F_VALIDATE = 1, 75 HX509_VALIDATE_F_VERBOSE = 2 76 }; 77 78 enum { 79 HX509_CRYPTO_PADDING_PKCS7 = 0, 80 HX509_CRYPTO_PADDING_NONE = 1 81 }; 82 83 enum { 84 HX509_KEY_FORMAT_GUESS = 0, 85 HX509_KEY_FORMAT_DER = 1, 86 HX509_KEY_FORMAT_WIN_BACKUPKEY = 2 87 }; 88 typedef uint32_t hx509_key_format_t; 89 90 struct hx509_cert_attribute_data { 91 heim_oid oid; 92 heim_octet_string data; 93 }; 94 95 typedef enum { 96 HX509_PROMPT_TYPE_PASSWORD = 0x1, /* password, hidden */ 97 HX509_PROMPT_TYPE_QUESTION = 0x2, /* question, not hidden */ 98 HX509_PROMPT_TYPE_INFO = 0x4 /* infomation, reply doesn't matter */ 99 } hx509_prompt_type; 100 101 typedef struct hx509_prompt { 102 const char *prompt; 103 hx509_prompt_type type; 104 heim_octet_string reply; 105 } hx509_prompt; 106 107 typedef int (*hx509_prompter_fct)(void *, const hx509_prompt *); 108 109 typedef struct hx509_octet_string_list { 110 size_t len; 111 heim_octet_string *val; 112 } hx509_octet_string_list; 113 114 typedef struct hx509_pem_header { 115 struct hx509_pem_header *next; 116 char *header; 117 char *value; 118 } hx509_pem_header; 119 120 typedef int 121 (*hx509_pem_read_func)(hx509_context, const char *, const hx509_pem_header *, 122 const void *, size_t, void *ctx); 123 124 /* 125 * Options passed to hx509_query_match_option. 126 */ 127 typedef enum { 128 HX509_QUERY_OPTION_PRIVATE_KEY = 1, 129 HX509_QUERY_OPTION_KU_ENCIPHERMENT = 2, 130 HX509_QUERY_OPTION_KU_DIGITALSIGNATURE = 3, 131 HX509_QUERY_OPTION_KU_KEYCERTSIGN = 4, 132 HX509_QUERY_OPTION_END = 0xffff 133 } hx509_query_option; 134 135 /* flags to hx509_certs_init */ 136 #define HX509_CERTS_CREATE 0x01 137 #define HX509_CERTS_UNPROTECT_ALL 0x02 138 139 /* flags to hx509_set_error_string */ 140 #define HX509_ERROR_APPEND 0x01 141 142 /* flags to hx509_cms_unenvelope */ 143 #define HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT 0x01 144 #define HX509_CMS_UE_ALLOW_WEAK 0x02 145 146 /* flags to hx509_cms_envelope_1 */ 147 #define HX509_CMS_EV_NO_KU_CHECK 0x01 148 #define HX509_CMS_EV_ALLOW_WEAK 0x02 149 #define HX509_CMS_EV_ID_NAME 0x04 150 151 /* flags to hx509_cms_verify_signed */ 152 #define HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH 0x01 153 #define HX509_CMS_VS_NO_KU_CHECK 0x02 154 #define HX509_CMS_VS_ALLOW_ZERO_SIGNER 0x04 155 #define HX509_CMS_VS_NO_VALIDATE 0x08 156 157 /* selectors passed to hx509_crypto_select and hx509_crypto_available */ 158 #define HX509_SELECT_ALL 0 159 #define HX509_SELECT_DIGEST 1 160 #define HX509_SELECT_PUBLIC_SIG 2 161 #define HX509_SELECT_PUBLIC_ENC 3 162 #define HX509_SELECT_SECRET_ENC 4 163 164 /* flags to hx509_ca_tbs_set_template */ 165 #define HX509_CA_TEMPLATE_SUBJECT 1 166 #define HX509_CA_TEMPLATE_SERIAL 2 167 #define HX509_CA_TEMPLATE_NOTBEFORE 4 168 #define HX509_CA_TEMPLATE_NOTAFTER 8 169 #define HX509_CA_TEMPLATE_SPKI 16 170 #define HX509_CA_TEMPLATE_KU 32 171 #define HX509_CA_TEMPLATE_EKU 64 172 173 /* flags hx509_cms_create_signed* */ 174 #define HX509_CMS_SIGNATURE_DETACHED 0x01 175 #define HX509_CMS_SIGNATURE_ID_NAME 0x02 176 #define HX509_CMS_SIGNATURE_NO_SIGNER 0x04 177 #define HX509_CMS_SIGNATURE_LEAF_ONLY 0x08 178 #define HX509_CMS_SIGNATURE_NO_CERTS 0x10 179 180 /* hx509_verify_hostname nametype */ 181 typedef enum { 182 HX509_HN_HOSTNAME = 0, 183 HX509_HN_DNSSRV 184 } hx509_hostname_type; 185 186 #include <krb5/hx509-protos.h> 187 #include <krb5/hx509_err.h> 188 189 #endif /* HEIMDAL_HX509_H */ 190