krl.h revision 296853
150276Speter/* 2262685Sdelphij * Copyright (c) 2012 Damien Miller <djm@mindrot.org> 350276Speter * 450276Speter * Permission to use, copy, modify, and distribute this software for any 550276Speter * purpose with or without fee is hereby granted, provided that the above 650276Speter * copyright notice and this permission notice appear in all copies. 750276Speter * 850276Speter * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 950276Speter * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 1050276Speter * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 1150276Speter * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 1250276Speter * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 1350276Speter * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 1450276Speter * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 1550276Speter */ 1650276Speter 1750276Speter/* $OpenBSD: krl.h,v 1.5 2015/12/30 23:46:14 djm Exp $ */ 1850276Speter 1950276Speter#ifndef _KRL_H 2050276Speter#define _KRL_H 2150276Speter 2250276Speter/* Functions to manage key revocation lists */ 2350276Speter 2450276Speter#define KRL_MAGIC "SSHKRL\n\0" 2550276Speter#define KRL_FORMAT_VERSION 1 2650276Speter 2750276Speter/* KRL section types */ 2850276Speter#define KRL_SECTION_CERTIFICATES 1 2950276Speter#define KRL_SECTION_EXPLICIT_KEY 2 3050276Speter#define KRL_SECTION_FINGERPRINT_SHA1 3 3150276Speter#define KRL_SECTION_SIGNATURE 4 32262629Sdelphij 33262629Sdelphij/* KRL_SECTION_CERTIFICATES subsection types */ 3450276Speter#define KRL_SECTION_CERT_SERIAL_LIST 0x20 3550276Speter#define KRL_SECTION_CERT_SERIAL_RANGE 0x21 3650276Speter#define KRL_SECTION_CERT_SERIAL_BITMAP 0x22 3750276Speter#define KRL_SECTION_CERT_KEY_ID 0x23 3850276Speter 3950276Speterstruct sshkey; 4050276Speterstruct sshbuf; 41166124Srafanstruct ssh_krl; 42166124Srafan 4350276Speterstruct ssh_krl *ssh_krl_init(void); 4450276Spetervoid ssh_krl_free(struct ssh_krl *krl); 4550276Spetervoid ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version); 4650276Speterint ssh_krl_set_comment(struct ssh_krl *krl, const char *comment); 4750276Speterint ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, 4850276Speter const struct sshkey *ca_key, u_int64_t serial); 4962449Speterint ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, 5062449Speter const struct sshkey *ca_key, u_int64_t lo, u_int64_t hi); 5162449Speterint ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, 5250276Speter const struct sshkey *ca_key, const char *key_id); 5350276Speterint ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key); 54262685Sdelphijint ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const struct sshkey *key); 5550276Speterint ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key); 5676726Speterint ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf, 57262629Sdelphij const struct sshkey **sign_keys, u_int nsign_keys); 5850276Speterint ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp, 5962449Speter const struct sshkey **sign_ca_keys, size_t nsign_ca_keys); 6050276Speterint ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key); 61262629Sdelphijint ssh_krl_file_contains_key(const char *path, const struct sshkey *key); 62262685Sdelphij 63262685Sdelphij#endif /* _KRL_H */ 64262685Sdelphij 65262629Sdelphij