1/* $NetBSD: krl.h,v 1.6 2023/10/25 20:19:57 christos Exp $ */ 2/* 3 * Copyright (c) 2012 Damien Miller <djm@mindrot.org> 4 * 5 * Permission to use, copy, modify, and distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18/* $OpenBSD: krl.h,v 1.10 2023/07/17 04:01:10 djm Exp $ */ 19 20#ifndef _KRL_H 21#define _KRL_H 22 23/* Functions to manage key revocation lists */ 24 25#define KRL_MAGIC "SSHKRL\n\0" 26#define KRL_FORMAT_VERSION 1 27 28/* KRL section types */ 29#define KRL_SECTION_CERTIFICATES 1 30#define KRL_SECTION_EXPLICIT_KEY 2 31#define KRL_SECTION_FINGERPRINT_SHA1 3 32#define KRL_SECTION_SIGNATURE 4 33#define KRL_SECTION_FINGERPRINT_SHA256 5 34#define KRL_SECTION_EXTENSION 255 35 36/* KRL_SECTION_CERTIFICATES subsection types */ 37#define KRL_SECTION_CERT_SERIAL_LIST 0x20 38#define KRL_SECTION_CERT_SERIAL_RANGE 0x21 39#define KRL_SECTION_CERT_SERIAL_BITMAP 0x22 40#define KRL_SECTION_CERT_KEY_ID 0x23 41#define KRL_SECTION_CERT_EXTENSION 0x39 42 43struct sshkey; 44struct sshbuf; 45struct ssh_krl; 46 47struct ssh_krl *ssh_krl_init(void); 48void ssh_krl_free(struct ssh_krl *krl); 49void ssh_krl_set_version(struct ssh_krl *krl, u_int64_t version); 50int ssh_krl_set_comment(struct ssh_krl *krl, const char *comment); 51int ssh_krl_revoke_cert_by_serial(struct ssh_krl *krl, 52 const struct sshkey *ca_key, u_int64_t serial); 53int ssh_krl_revoke_cert_by_serial_range(struct ssh_krl *krl, 54 const struct sshkey *ca_key, u_int64_t lo, u_int64_t hi); 55int ssh_krl_revoke_cert_by_key_id(struct ssh_krl *krl, 56 const struct sshkey *ca_key, const char *key_id); 57int ssh_krl_revoke_key_explicit(struct ssh_krl *krl, const struct sshkey *key); 58int ssh_krl_revoke_key_sha1(struct ssh_krl *krl, const u_char *p, size_t len); 59int ssh_krl_revoke_key_sha256(struct ssh_krl *krl, const u_char *p, size_t len); 60int ssh_krl_revoke_key(struct ssh_krl *krl, const struct sshkey *key); 61int ssh_krl_to_blob(struct ssh_krl *krl, struct sshbuf *buf); 62int ssh_krl_from_blob(struct sshbuf *buf, struct ssh_krl **krlp); 63int ssh_krl_check_key(struct ssh_krl *krl, const struct sshkey *key); 64int ssh_krl_file_contains_key(const char *path, const struct sshkey *key); 65int krl_dump(struct ssh_krl *krl, FILE *f); 66 67#endif /* _KRL_H */ 68 69