1/* $NetBSD: hx509.h,v 1.1.1.2 2011/04/14 14:08:56 elric Exp $ */ 2 3/* 4 * Copyright (c) 2004 - 2007 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36/* Id */ 37 38#ifndef HEIMDAL_HX509_H 39#define HEIMDAL_HX509_H 1 40 41#include <krb5/rfc2459_asn1.h> 42#include <stdarg.h> 43#include <stdio.h> 44 45typedef struct hx509_cert_attribute_data *hx509_cert_attribute; 46typedef struct hx509_cert_data *hx509_cert; 47typedef struct hx509_certs_data *hx509_certs; 48typedef struct hx509_context_data *hx509_context; 49typedef struct hx509_crypto_data *hx509_crypto; 50typedef struct hx509_lock_data *hx509_lock; 51typedef struct hx509_name_data *hx509_name; 52typedef struct hx509_private_key *hx509_private_key; 53typedef struct hx509_private_key_ops hx509_private_key_ops; 54typedef struct hx509_validate_ctx_data *hx509_validate_ctx; 55typedef struct hx509_verify_ctx_data *hx509_verify_ctx; 56typedef struct hx509_revoke_ctx_data *hx509_revoke_ctx; 57typedef struct hx509_query_data hx509_query; 58typedef void * hx509_cursor; 59typedef struct hx509_request_data *hx509_request; 60typedef struct hx509_error_data *hx509_error; 61typedef struct hx509_peer_info *hx509_peer_info; 62typedef struct hx509_ca_tbs *hx509_ca_tbs; 63typedef struct hx509_env_data *hx509_env; 64typedef struct hx509_crl *hx509_crl; 65 66typedef void (*hx509_vprint_func)(void *, const char *, va_list); 67 68enum { 69 HX509_VHN_F_ALLOW_NO_MATCH = 1 70}; 71 72enum { 73 HX509_VALIDATE_F_VALIDATE = 1, 74 HX509_VALIDATE_F_VERBOSE = 2 75}; 76 77enum { 78 HX509_CRYPTO_PADDING_PKCS7 = 0, 79 HX509_CRYPTO_PADDING_NONE = 1 80}; 81 82enum { 83 HX509_KEY_FORMAT_GUESS = 0, 84 HX509_KEY_FORMAT_DER = 1, 85 HX509_KEY_FORMAT_WIN_BACKUPKEY = 2 86}; 87typedef uint32_t hx509_key_format_t; 88 89struct hx509_cert_attribute_data { 90 heim_oid oid; 91 heim_octet_string data; 92}; 93 94typedef enum { 95 HX509_PROMPT_TYPE_PASSWORD = 0x1, /* password, hidden */ 96 HX509_PROMPT_TYPE_QUESTION = 0x2, /* question, not hidden */ 97 HX509_PROMPT_TYPE_INFO = 0x4 /* infomation, reply doesn't matter */ 98} hx509_prompt_type; 99 100typedef struct hx509_prompt { 101 const char *prompt; 102 hx509_prompt_type type; 103 heim_octet_string reply; 104} hx509_prompt; 105 106typedef int (*hx509_prompter_fct)(void *, const hx509_prompt *); 107 108typedef struct hx509_octet_string_list { 109 size_t len; 110 heim_octet_string *val; 111} hx509_octet_string_list; 112 113typedef struct hx509_pem_header { 114 struct hx509_pem_header *next; 115 char *header; 116 char *value; 117} hx509_pem_header; 118 119typedef int 120(*hx509_pem_read_func)(hx509_context, const char *, const hx509_pem_header *, 121 const void *, size_t, void *ctx); 122 123/* 124 * Options passed to hx509_query_match_option. 125 */ 126typedef enum { 127 HX509_QUERY_OPTION_PRIVATE_KEY = 1, 128 HX509_QUERY_OPTION_KU_ENCIPHERMENT = 2, 129 HX509_QUERY_OPTION_KU_DIGITALSIGNATURE = 3, 130 HX509_QUERY_OPTION_KU_KEYCERTSIGN = 4, 131 HX509_QUERY_OPTION_END = 0xffff 132} hx509_query_option; 133 134/* flags to hx509_certs_init */ 135#define HX509_CERTS_CREATE 0x01 136#define HX509_CERTS_UNPROTECT_ALL 0x02 137 138/* flags to hx509_set_error_string */ 139#define HX509_ERROR_APPEND 0x01 140 141/* flags to hx509_cms_unenvelope */ 142#define HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT 0x01 143#define HX509_CMS_UE_ALLOW_WEAK 0x02 144 145/* flags to hx509_cms_envelope_1 */ 146#define HX509_CMS_EV_NO_KU_CHECK 0x01 147#define HX509_CMS_EV_ALLOW_WEAK 0x02 148#define HX509_CMS_EV_ID_NAME 0x04 149 150/* flags to hx509_cms_verify_signed */ 151#define HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH 0x01 152#define HX509_CMS_VS_NO_KU_CHECK 0x02 153#define HX509_CMS_VS_ALLOW_ZERO_SIGNER 0x04 154#define HX509_CMS_VS_NO_VALIDATE 0x08 155 156/* selectors passed to hx509_crypto_select and hx509_crypto_available */ 157#define HX509_SELECT_ALL 0 158#define HX509_SELECT_DIGEST 1 159#define HX509_SELECT_PUBLIC_SIG 2 160#define HX509_SELECT_PUBLIC_ENC 3 161#define HX509_SELECT_SECRET_ENC 4 162 163/* flags to hx509_ca_tbs_set_template */ 164#define HX509_CA_TEMPLATE_SUBJECT 1 165#define HX509_CA_TEMPLATE_SERIAL 2 166#define HX509_CA_TEMPLATE_NOTBEFORE 4 167#define HX509_CA_TEMPLATE_NOTAFTER 8 168#define HX509_CA_TEMPLATE_SPKI 16 169#define HX509_CA_TEMPLATE_KU 32 170#define HX509_CA_TEMPLATE_EKU 64 171 172/* flags hx509_cms_create_signed* */ 173#define HX509_CMS_SIGNATURE_DETACHED 0x01 174#define HX509_CMS_SIGNATURE_ID_NAME 0x02 175#define HX509_CMS_SIGNATURE_NO_SIGNER 0x04 176#define HX509_CMS_SIGNATURE_LEAF_ONLY 0x08 177#define HX509_CMS_SIGNATURE_NO_CERTS 0x10 178 179/* hx509_verify_hostname nametype */ 180typedef enum { 181 HX509_HN_HOSTNAME = 0, 182 HX509_HN_DNSSRV 183} hx509_hostname_type; 184 185#include <krb5/hx509-protos.h> 186#include <krb5/hx509_err.h> 187 188#endif /* HEIMDAL_HX509_H */ 189