1 /* $OpenBSD: cert.h,v 1.14 2004/05/14 08:42:56 hshoexer Exp $ */ 2 /* $EOM: cert.h,v 1.8 2000/09/28 12:53:27 niklas Exp $ */ 3 4 /* 5 * Copyright (c) 1998, 1999 Niels Provos. All rights reserved. 6 * Copyright (c) 2000, 2001 Niklas Hallqvist. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 /* 30 * This code was written under funding by Ericsson Radio Systems. 31 */ 32 33 #ifndef _CERT_H_ 34 #define _CERT_H_ 35 36 #include <sys/param.h> 37 #include <sys/types.h> 38 #include <sys/queue.h> 39 40 /* 41 * CERT handler for each kind of certificate: 42 * 43 * cert_init - initialize CERT handler. 44 * crl_init - initialize CRLs, if applicable. 45 * cert_get - get a certificate in internal representation from raw data. 46 * cert_validate - validated a certificate, if it returns != 0 we can use it. 47 * cert_insert - inserts cert into memory storage, we can retrieve with 48 * cert_obtain. 49 * cert_dup - duplicate a certificate 50 * cert_serialize - convert to a "serialized" form; KeyNote stays the same, 51 * X509 is converted to the ASN1 notation. 52 * cert_printable - for X509, the hex representation of the serialized form; 53 * for KeyNote, itself. 54 * cert_from_printable - the reverse of cert_printable 55 */ 56 57 struct cert_handler { 58 u_int16_t id; /* ISAKMP Cert Encoding ID */ 59 int (*cert_init)(void); 60 int (*crl_init)(void); 61 void *(*cert_get)(u_int8_t *, u_int32_t); 62 int (*cert_validate)(void *); 63 int (*cert_insert)(int, void *); 64 void (*cert_free)(void *); 65 int (*certreq_validate)(u_int8_t *, u_int32_t); 66 void *(*certreq_decode)(u_int8_t *, u_int32_t); 67 void (*free_aca)(void *); 68 int (*cert_obtain)(u_int8_t *, size_t, void *, u_int8_t **, 69 u_int32_t *); 70 int (*cert_get_key) (void *, void *); 71 int (*cert_get_subjects) (void *, int *, u_int8_t ***, 72 u_int32_t **); 73 void *(*cert_dup) (void *); 74 void (*cert_serialize) (void *, u_int8_t **, u_int32_t *); 75 char *(*cert_printable) (void *); 76 void *(*cert_from_printable) (char *); 77 }; 78 79 /* The acceptable authority of cert request. */ 80 struct certreq_aca { 81 TAILQ_ENTRY(certreq_aca) link; 82 83 u_int16_t id; 84 struct cert_handler *handler; 85 86 /* If data is a null pointer, everything is acceptable. */ 87 void *data; 88 }; 89 90 struct certreq_aca *certreq_decode(u_int16_t, u_int8_t *, u_int32_t); 91 void cert_free_subjects(int, u_int8_t **, u_int32_t *); 92 struct cert_handler *cert_get(u_int16_t); 93 int cert_init(void); 94 int crl_init(void); 95 96 #endif /* _CERT_H_ */ 97