1 /* 2 * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) 3 * 4 * This code was written by Angelos D. Keromytis in Philadelphia, PA, USA, 5 * in April-May 1998 6 * 7 * Copyright (C) 1998, 1999 by Angelos D. Keromytis. 8 * 9 * Permission to use, copy, and modify this software without fee 10 * is hereby granted, provided that this entire notice is included in 11 * all copies of any software which is or includes a copy or 12 * modification of this software. 13 * 14 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 15 * IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO 16 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 17 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 18 * PURPOSE. 19 */ 20 21 #ifndef __KEYNOTE_H__ 22 #define __KEYNOTE_H__ 23 24 struct environment 25 { 26 char *env_name; 27 char *env_value; 28 int env_flags; 29 regex_t env_regex; 30 struct environment *env_next; 31 }; 32 33 struct keynote_deckey 34 { 35 int dec_algorithm; 36 void *dec_key; 37 }; 38 39 struct keynote_binary 40 { 41 int bn_len; 42 char *bn_key; 43 }; 44 45 struct keynote_keylist 46 { 47 int key_alg; 48 void *key_key; 49 char *key_stringkey; 50 struct keynote_keylist *key_next; 51 }; 52 53 #define SIG_DSA_SHA1_HEX "sig-dsa-sha1-hex:" 54 #define SIG_DSA_SHA1_HEX_LEN strlen(SIG_DSA_SHA1_HEX) 55 #define SIG_DSA_SHA1_BASE64 "sig-dsa-sha1-base64:" 56 #define SIG_DSA_SHA1_BASE64_LEN strlen(SIG_DSA_SHA1_BASE64) 57 #define SIG_RSA_SHA1_PKCS1_HEX "sig-rsa-sha1-hex:" 58 #define SIG_RSA_SHA1_PKCS1_HEX_LEN strlen(SIG_RSA_SHA1_PKCS1_HEX) 59 #define SIG_RSA_SHA1_PKCS1_BASE64 "sig-rsa-sha1-base64:" 60 #define SIG_RSA_SHA1_PKCS1_BASE64_LEN strlen(SIG_RSA_SHA1_PKCS1_BASE64) 61 #define SIG_RSA_MD5_PKCS1_HEX "sig-rsa-md5-hex:" 62 #define SIG_RSA_MD5_PKCS1_HEX_LEN strlen(SIG_RSA_MD5_PKCS1_HEX) 63 #define SIG_RSA_MD5_PKCS1_BASE64 "sig-rsa-md5-base64:" 64 #define SIG_RSA_MD5_PKCS1_BASE64_LEN strlen(SIG_RSA_MD5_PKCS1_BASE64) 65 #define SIG_ELGAMAL_SHA1_HEX "sig-elgamal-sha1-hex:" 66 #define SIG_ELGAMAL_SHA1_HEX_LEN strlen(SIG_ELGAMAL_SHA1_HEX) 67 #define SIG_ELGAMAL_SHA1_BASE64 "sig-elgamal-sha1-base64:" 68 #define SIG_ELGAMAL_SHA1_BASE64_LEN strlen(SIG_ELGAMAL_SHA1_BASE64) 69 #define SIG_PGP_NATIVE "sig-pgp:" 70 #define SIG_PGP_NATIVE_LEN strlen(SIG_PGP_NATIVE) 71 #define SIG_X509_SHA1_BASE64 "sig-x509-sha1-base64:" 72 #define SIG_X509_SHA1_BASE64_LEN strlen(SIG_X509_SHA1_BASE64) 73 #define SIG_X509_SHA1_HEX "sig-x509-sha1-hex:" 74 #define SIG_X509_SHA1_HEX_LEN strlen(SIG_X509_SHA1_HEX) 75 76 #define SIGRESULT_UNTOUCHED 0 77 #define SIGRESULT_FALSE 1 78 #define SIGRESULT_TRUE 2 79 80 #define ENVIRONMENT_FLAG_FUNC 0x0001 /* This is a callback function */ 81 #define ENVIRONMENT_FLAG_REGEX 0x0002 /* Regular expression for name */ 82 83 #define ASSERT_FLAG_LOCAL 0x0001 /* 84 * Trusted assertion -- means 85 * signature is not verified, and 86 * authorizer field can 87 * include symbolic names. 88 */ 89 #define ASSERT_FLAG_SIGGEN 0x0002 /* 90 * Be a bit more lax with the 91 * contents of the Signature: 92 * field; to be used in 93 * assertion signing only. 94 */ 95 #define ASSERT_FLAG_SIGVER 0x0004 /* 96 * To be used in signature verification 97 * only. 98 */ 99 #define RESULT_FALSE 0 100 #define RESULT_TRUE 1 101 102 #define KEYNOTE_CALLBACK_INITIALIZE "_KEYNOTE_CALLBACK_INITIALIZE" 103 #define KEYNOTE_CALLBACK_CLEANUP "_KEYNOTE_CALLBACK_CLEANUP" 104 105 #define KEYNOTE_VERSION_STRING "2" 106 107 #define ERROR_MEMORY -1 108 #define ERROR_SYNTAX -2 109 #define ERROR_NOTFOUND -3 110 #define ERROR_SIGN_FAILURE -4 111 112 #define KEYNOTE_ALGORITHM_UNSPEC -1 113 #define KEYNOTE_ALGORITHM_NONE 0 114 #define KEYNOTE_ALGORITHM_DSA 1 115 #define KEYNOTE_ALGORITHM_ELGAMAL 2 116 #define KEYNOTE_ALGORITHM_PGP 3 117 #define KEYNOTE_ALGORITHM_BINARY 4 118 #define KEYNOTE_ALGORITHM_X509 5 119 #define KEYNOTE_ALGORITHM_RSA 6 120 121 #define KEYNOTE_ERROR_ANY 0 122 #define KEYNOTE_ERROR_SYNTAX 1 123 #define KEYNOTE_ERROR_MEMORY 2 124 #define KEYNOTE_ERROR_SIGNATURE 3 125 126 #define ENCODING_NONE 0 127 #define ENCODING_HEX 1 128 #define ENCODING_BASE64 2 129 #define ENCODING_NATIVE 3 /* For things like PGP */ 130 131 #define INTERNAL_ENC_NONE 0 132 #define INTERNAL_ENC_PKCS1 1 133 #define INTERNAL_ENC_ASN1 2 134 #define INTERNAL_ENC_NATIVE 3 /* For things like PGP */ 135 136 #define KEYNOTE_PUBLIC_KEY 0 137 #define KEYNOTE_PRIVATE_KEY 1 138 139 extern int keynote_errno; 140 141 /* Session API */ 142 int kn_init(void); 143 int kn_add_assertion(int, char *, int, int); 144 int kn_remove_assertion(int, int); 145 int kn_add_action(int, char *, char *, int); 146 int kn_remove_action(int, char *); 147 int kn_add_authorizer(int, char *); 148 int kn_remove_authorizer(int, char *); 149 int kn_do_query(int, char **, int); 150 int kn_get_failed(int, int, int); 151 int kn_cleanup_action_environment(int); 152 int kn_close(int); 153 void kn_free_key(struct keynote_deckey *); 154 char *kn_get_string(char *); 155 156 /* Simple API */ 157 int kn_query(struct environment *, char **, int, char **, int *, int, 158 char **, int *, int, char **, int); 159 160 /* Aux. routines */ 161 char **kn_read_asserts(char *, int, int *); 162 int kn_keycompare(void *, void *, int); 163 void *kn_get_authorizer(int, int, int *); 164 struct keynote_keylist *kn_get_licensees(int, int); 165 166 /* ASCII-encoding API */ 167 int kn_encode_base64(unsigned char const *, unsigned int, char *, 168 unsigned int); 169 int kn_decode_base64(char const *, unsigned char *, unsigned int); 170 int kn_encode_hex(unsigned char *, char **, int); 171 int kn_decode_hex(char *, char **); 172 173 /* Key-encoding API */ 174 int kn_decode_key(struct keynote_deckey *, char *, int); 175 char *kn_encode_key(struct keynote_deckey *, int, int, int); 176 177 /* Crypto API */ 178 char *kn_sign_assertion(char *, int, char *, char *, int); 179 int kn_verify_assertion(char *, int); 180 #endif /* __KEYNOTE_H__ */ 181