1 /*
2 * Copyright (C) 2019-2021 Nicola Di Lieto <nicola.dilieto@gmail.com>
3 *
4 * This file is part of uacme.
5 *
6 * uacme is free software: you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
10 *
11 * uacme is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program. If not, see
18 * <http://www.gnu.org/licenses/>.
19 */
20
21 #ifndef __CRYPTO_H__
22 #define __CRYPTO_H__
23
24 #include <stdbool.h>
25
26 #if defined(USE_GNUTLS)
27 #if defined(USE_OPENSSL) || defined(USE_MBEDTLS)
28 #error only one of USE_GNUTLS, USE_MBEDTLS or USE_OPENSSL must be defined
29 #endif
30 #include <gnutls/abstract.h>
31
32 typedef gnutls_privkey_t privkey_t;
33 #define privkey_deinit gnutls_privkey_deinit
34
35 #elif defined(USE_OPENSSL)
36 #if defined(USE_GNUTLS) || defined(USE_MBEDTLS)
37 #error only one of USE_GNUTLS, USE_MBEDTLS or USE_OPENSSL must be defined
38 #endif
39 #include <openssl/evp.h>
40
41 typedef EVP_PKEY *privkey_t;
42 #define privkey_deinit EVP_PKEY_free
43
44 #elif defined(USE_MBEDTLS)
45 #if defined(USE_OPENSSL) || defined(USE_GNUTLS)
46 #error only one of USE_GNUTLS, USE_MBEDTLS or USE_OPENSSL must be defined
47 #endif
48 #include <mbedtls/pk.h>
49
50 typedef mbedtls_pk_context *privkey_t;
privkey_deinit(privkey_t key)51 static inline void privkey_deinit(privkey_t key)
52 {
53 mbedtls_pk_free(key);
54 free(key);
55 }
56
57 #else
58 #error either USE_GNUTLS or USE_MBEDTLS or USE_OPENSSL must be defined
59 #endif
60
61 typedef enum
62 {
63 PK_NONE = 0,
64 PK_RSA,
65 PK_EC
66 } keytype_t;
67
68 bool crypto_init(void);
69 void crypto_deinit(void);
70 char *sha2_base64url(size_t, const char *, ...);
71 char *hmac_base64url(size_t, const char *, const char *, ...);
72 char *jws_jwk(privkey_t key, const char **, const char **);
73 char *jws_protected_jwk(const char *, const char *, privkey_t);
74 char *jws_protected_kid(const char *, const char *, const char *, privkey_t);
75 char *jws_protected_eab(size_t, const char *, const char *);
76 char *jws_thumbprint(privkey_t);
77 char *jws_encode(const char *, const char *, privkey_t);
78 char *jws_encode_hmac(const char *, const char *, size_t, const char *);
79 keytype_t key_type(privkey_t);
80 privkey_t key_load(keytype_t, int bits, const char *, ...);
81 bool is_ip(const char *, unsigned char *, size_t *);
82 char *csr_gen(char * const *, bool, privkey_t);
83 char *csr_load(const char *, char ***);
84 char *cert_der_base64url(const char *);
85 bool cert_valid(const char *, char * const *, int, bool);
86 bool cert_match(const char *, unsigned char *, size_t);
87
88 #endif
89
90