1 /* $OpenBSD: cert.h,v 1.14 2004/05/14 08:42:56 hshoexer Exp $	 */
2 /* $EOM: cert.h,v 1.8 2000/09/28 12:53:27 niklas Exp $	 */
3 
4 /*
5  * Copyright (c) 1998, 1999 Niels Provos.  All rights reserved.
6  * Copyright (c) 2000, 2001 Niklas Hallqvist.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 /*
30  * This code was written under funding by Ericsson Radio Systems.
31  */
32 
33 #ifndef _CERT_H_
34 #define _CERT_H_
35 
36 #include <sys/param.h>
37 #include <sys/types.h>
38 #include <sys/queue.h>
39 
40 /*
41  * CERT handler for each kind of certificate:
42  *
43  * cert_init - initialize CERT handler.
44  * crl_init - initialize CRLs, if applicable.
45  * cert_get - get a certificate in internal representation from raw data.
46  * cert_validate - validated a certificate, if it returns != 0 we can use it.
47  * cert_insert - inserts cert into memory storage, we can retrieve with
48  *               cert_obtain.
49  * cert_dup - duplicate a certificate
50  * cert_serialize - convert to a "serialized" form; KeyNote stays the same,
51  *                  X509 is converted to the ASN1 notation.
52  * cert_printable - for X509, the hex representation of the serialized form;
53  *                  for KeyNote, itself.
54  * cert_from_printable - the reverse of cert_printable
55  */
56 
57 struct cert_handler {
58 	u_int16_t id;	/* ISAKMP Cert Encoding ID */
59 	int	 (*cert_init)(void);
60 	int	 (*crl_init)(void);
61 	void	*(*cert_get)(u_int8_t *, u_int32_t);
62 	int	 (*cert_validate)(void *);
63 	int	 (*cert_insert)(int, void *);
64 	void	 (*cert_free)(void *);
65 	int	 (*certreq_validate)(u_int8_t *, u_int32_t);
66 	void	*(*certreq_decode)(u_int8_t *, u_int32_t);
67 	void	 (*free_aca)(void *);
68 	int	 (*cert_obtain)(u_int8_t *, size_t, void *, u_int8_t **,
69 		     u_int32_t *);
70 	int	 (*cert_get_key) (void *, void *);
71 	int	 (*cert_get_subjects) (void *, int *, u_int8_t ***,
72 		     u_int32_t **);
73 	void	*(*cert_dup) (void *);
74 	void	 (*cert_serialize) (void *, u_int8_t **, u_int32_t *);
75 	char	*(*cert_printable) (void *);
76 	void	*(*cert_from_printable) (char *);
77 };
78 
79 /* The acceptable authority of cert request.  */
80 struct certreq_aca {
81 	TAILQ_ENTRY(certreq_aca) link;
82 
83 	u_int16_t id;
84 	struct cert_handler *handler;
85 
86 	/* If data is a null pointer, everything is acceptable.  */
87 	void	*data;
88 };
89 
90 struct certreq_aca *certreq_decode(u_int16_t, u_int8_t *, u_int32_t);
91 void	cert_free_subjects(int, u_int8_t **, u_int32_t *);
92 struct cert_handler *cert_get(u_int16_t);
93 int	cert_init(void);
94 int	crl_init(void);
95 
96 #endif				/* _CERT_H_ */
97