1 /* $OpenBSD: cert.h,v 1.16 2015/01/16 06:39:58 deraadt Exp $ */ 2 /* $EOM: cert.h,v 1.8 2000/09/28 12:53:27 niklas Exp $ */ 3 4 /* 5 * Copyright (c) 1998, 1999 Niels Provos. All rights reserved. 6 * Copyright (c) 2000, 2001 Niklas Hallqvist. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * This code was written under funding by Ericsson Radio Systems. 31 */ 32 33 #ifndef _CERT_H_ 34 #define _CERT_H_ 35 36 #include <sys/types.h> 37 #include <sys/queue.h> 38 39 /* 40 * CERT handler for each kind of certificate: 41 * 42 * cert_init - initialize CERT handler. 43 * crl_init - initialize CRLs, if applicable. 44 * cert_get - get a certificate in internal representation from raw data. 45 * cert_validate - validated a certificate, if it returns != 0 we can use it. 46 * cert_insert - inserts cert into memory storage, we can retrieve with 47 * cert_obtain. 48 * cert_dup - duplicate a certificate 49 * cert_serialize - convert to a "serialized" form; KeyNote stays the same, 50 * X509 is converted to the ASN1 notation. 51 * cert_printable - for X509, the hex representation of the serialized form; 52 * for KeyNote, itself. 53 * cert_from_printable - the reverse of cert_printable 54 * ca_count - how many CAs we have in our store (for CERT_REQ processing) 55 */ 56 57 struct cert_handler { 58 u_int16_t id; /* ISAKMP Cert Encoding ID */ 59 int (*cert_init)(void); 60 int (*crl_init)(void); 61 void *(*cert_get)(u_int8_t *, u_int32_t); 62 int (*cert_validate)(void *); 63 int (*cert_insert)(int, void *); 64 void (*cert_free)(void *); 65 int (*certreq_validate)(u_int8_t *, u_int32_t); 66 int (*certreq_decode)(void **, u_int8_t *, u_int32_t); 67 void (*free_aca)(void *); 68 int (*cert_obtain)(u_int8_t *, size_t, void *, u_int8_t **, 69 u_int32_t *); 70 int (*cert_get_key) (void *, void *); 71 int (*cert_get_subjects) (void *, int *, u_int8_t ***, 72 u_int32_t **); 73 void *(*cert_dup) (void *); 74 void (*cert_serialize) (void *, u_int8_t **, u_int32_t *); 75 char *(*cert_printable) (void *); 76 void *(*cert_from_printable) (char *); 77 int (*ca_count)(void); 78 }; 79 80 /* The acceptable authority of cert request. */ 81 struct certreq_aca { 82 TAILQ_ENTRY(certreq_aca) link; 83 84 u_int16_t id; 85 struct cert_handler *handler; 86 87 /* If data is a null pointer, everything is acceptable. */ 88 void *data; 89 90 /* Copy of raw CA value received */ 91 u_int32_t raw_ca_len; 92 void *raw_ca; 93 }; 94 95 struct certreq_aca *certreq_decode(u_int16_t, u_int8_t *, u_int32_t); 96 void cert_free_subjects(int, u_int8_t **, u_int32_t *); 97 struct cert_handler *cert_get(u_int16_t); 98 int cert_init(void); 99 int crl_init(void); 100 101 #endif /* _CERT_H_ */ 102