Annotation of embedaddon/strongswan/src/libcharon/plugins/dnscert/dnscert.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2013 Ruslan Marchenko
! 3: *
! 4: * Permission is hereby granted, free of charge, to any person obtaining a copy
! 5: * of this software and associated documentation files (the "Software"), to deal
! 6: * in the Software without restriction, including without limitation the rights
! 7: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
! 8: * copies of the Software, and to permit persons to whom the Software is
! 9: * furnished to do so, subject to the following conditions:
! 10: *
! 11: * The above copyright notice and this permission notice shall be included in
! 12: * all copies or substantial portions of the Software.
! 13: *
! 14: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
! 15: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
! 16: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
! 17: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
! 18: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
! 19: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
! 20: * THE SOFTWARE.
! 21: */
! 22:
! 23: /**
! 24: * @defgroup dnscert_i dnscert
! 25: * @{ @ingroup dnscert
! 26: */
! 27:
! 28: #ifndef DNSCERT_H_
! 29: #define DNSCERT_H_
! 30:
! 31: typedef struct dnscert_t dnscert_t;
! 32: typedef enum dnscert_algorithm_t dnscert_algorithm_t;
! 33: typedef enum dnscert_type_t dnscert_type_t;
! 34:
! 35: #include <library.h>
! 36:
! 37: /**
! 38: * DNS CERT types as defined in RFC 4398.
! 39: */
! 40: enum dnscert_type_t {
! 41: /** Reserved value */
! 42: DNSCERT_TYPE_RESERVED = 0,
! 43: /** An x509 PKIX certificate */
! 44: DNSCERT_TYPE_PKIX = 1,
! 45: /** A SKPI certificate */
! 46: DNSCERT_TYPE_SKPI = 2,
! 47: /** A PGP certificate */
! 48: DNSCERT_TYPE_PGP = 3,
! 49: /** An x509 PKIX cert URL */
! 50: DNSCERT_TYPE_IPKIX = 4,
! 51: /** A SKPI cert URL */
! 52: DNSCERT_TYPE_ISKPI = 5,
! 53: /** A PGP cert fingerprint and URL */
! 54: DNSCERT_TYPE_IPGP = 6,
! 55: /** An attribute Certificate */
! 56: DNSCERT_TYPE_ACPKIX = 7,
! 57: /** An attribute cert URL */
! 58: DNSCERT_TYPE_IACKPIX = 8
! 59: };
! 60:
! 61: /**
! 62: * DNSCERT algorithms as defined in http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml#dns-sec-alg-numbers-1
! 63: */
! 64: enum dnscert_algorithm_t {
! 65: /** No defined */
! 66: DNSCERT_ALGORITHM_UNDEFINED = 0,
! 67: /** RSA/MD5 */
! 68: DNSCERT_ALGORITHM_RSAMD5 = 1,
! 69: /** Diffie-Hellman */
! 70: DNSCERT_ALGORITHM_DH = 2,
! 71: /** DSA/SHA1 */
! 72: DNSCERT_ALGORITHM_DSASHA = 3,
! 73: /** Reserved */
! 74: DNSCERT_ALGORITHM_RSRVD4 = 4,
! 75: /** RSA/SHA1 */
! 76: DNSCERT_ALGORITHM_RSASHA = 5,
! 77: /** DSA/NSEC3/SHA */
! 78: DNSCERT_ALGORITHM_DSANSEC3 = 6,
! 79: /** RSA/NSEC3/SHA */
! 80: DNSCERT_ALGORITHM_RSANSEC3 = 7,
! 81: /** RSA/SHA256 */
! 82: DNSCERT_ALGORITHM_RSASHA256 = 8,
! 83: /** Reserved */
! 84: DNSCERT_ALGORITHM_RSRVD9 = 9,
! 85: /** RSA/SHA512 */
! 86: DNSCERT_ALGORITHM_RSASHA512 = 10,
! 87: };
! 88:
! 89: /**
! 90: * DNS CERT RR as defined in RFC 4398.
! 91: *
! 92: * The CERT resource record (RR) has the structure given below. Its RR
! 93: * type code is 37.
! 94: *
! 95: * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
! 96: * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
! 97: * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 98: * | type | key tag |
! 99: * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
! 100: * | algorithm | /
! 101: * +---------------+ certificate or CRL /
! 102: * / /
! 103: * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
! 104: */
! 105: struct dnscert_t {
! 106:
! 107: /**
! 108: * Get the type of the certificate body.
! 109: *
! 110: * The certificate "type" determines the format of the body
! 111: * of the CERT data.
! 112: *
! 113: * @return certificate type
! 114: */
! 115: dnscert_type_t (*get_cert_type)(dnscert_t *this);
! 116:
! 117: /**
! 118: * Get the tag of the key part of the CERT.
! 119: *
! 120: * @return keytag
! 121: */
! 122: uint16_t (*get_key_tag)(dnscert_t *this);
! 123:
! 124: /**
! 125: * Get the algorithm.
! 126: *
! 127: * The "algorithm" determines the format of the public key field
! 128: * of the DNS CERT.
! 129: *
! 130: * @return algorithm
! 131: */
! 132: dnscert_algorithm_t (*get_algorithm)(dnscert_t *this);
! 133:
! 134: /**
! 135: * Get the content of the certificate field as chunk.
! 136: *
! 137: * The format of the certificate depends on the type.
! 138: *
! 139: * The data pointed by the chunk is still owned by the DNSCERT.
! 140: * Clone it if necessary.
! 141: *
! 142: * @return certificate field as chunk
! 143: */
! 144: chunk_t (*get_certificate)(dnscert_t *this);
! 145:
! 146: /**
! 147: * Destroy the DNSCERT.
! 148: */
! 149: void (*destroy) (dnscert_t *this);
! 150: };
! 151:
! 152: /**
! 153: * Create a dnscert instance out of a resource record.
! 154: *
! 155: * @param rr resource record which contains a DNSCERT
! 156: * @return dnscert, NULL on failure
! 157: */
! 158: dnscert_t *dnscert_create_frm_rr(rr_t *rr);
! 159:
! 160: #endif /** DNSCERT_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to dnscert.h CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libcharon / plugins / dnscert