Annotation of embedaddon/strongswan/src/libcharon/plugins/dnscert/dnscert.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2013 Ruslan Marchenko
3: *
4: * Permission is hereby granted, free of charge, to any person obtaining a copy
5: * of this software and associated documentation files (the "Software"), to deal
6: * in the Software without restriction, including without limitation the rights
7: * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
8: * copies of the Software, and to permit persons to whom the Software is
9: * furnished to do so, subject to the following conditions:
10: *
11: * The above copyright notice and this permission notice shall be included in
12: * all copies or substantial portions of the Software.
13: *
14: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
15: * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
16: * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
17: * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
18: * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
19: * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
20: * THE SOFTWARE.
21: */
22:
23: /**
24: * @defgroup dnscert_i dnscert
25: * @{ @ingroup dnscert
26: */
27:
28: #ifndef DNSCERT_H_
29: #define DNSCERT_H_
30:
31: typedef struct dnscert_t dnscert_t;
32: typedef enum dnscert_algorithm_t dnscert_algorithm_t;
33: typedef enum dnscert_type_t dnscert_type_t;
34:
35: #include <library.h>
36:
37: /**
38: * DNS CERT types as defined in RFC 4398.
39: */
40: enum dnscert_type_t {
41: /** Reserved value */
42: DNSCERT_TYPE_RESERVED = 0,
43: /** An x509 PKIX certificate */
44: DNSCERT_TYPE_PKIX = 1,
45: /** A SKPI certificate */
46: DNSCERT_TYPE_SKPI = 2,
47: /** A PGP certificate */
48: DNSCERT_TYPE_PGP = 3,
49: /** An x509 PKIX cert URL */
50: DNSCERT_TYPE_IPKIX = 4,
51: /** A SKPI cert URL */
52: DNSCERT_TYPE_ISKPI = 5,
53: /** A PGP cert fingerprint and URL */
54: DNSCERT_TYPE_IPGP = 6,
55: /** An attribute Certificate */
56: DNSCERT_TYPE_ACPKIX = 7,
57: /** An attribute cert URL */
58: DNSCERT_TYPE_IACKPIX = 8
59: };
60:
61: /**
62: * DNSCERT algorithms as defined in http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml#dns-sec-alg-numbers-1
63: */
64: enum dnscert_algorithm_t {
65: /** No defined */
66: DNSCERT_ALGORITHM_UNDEFINED = 0,
67: /** RSA/MD5 */
68: DNSCERT_ALGORITHM_RSAMD5 = 1,
69: /** Diffie-Hellman */
70: DNSCERT_ALGORITHM_DH = 2,
71: /** DSA/SHA1 */
72: DNSCERT_ALGORITHM_DSASHA = 3,
73: /** Reserved */
74: DNSCERT_ALGORITHM_RSRVD4 = 4,
75: /** RSA/SHA1 */
76: DNSCERT_ALGORITHM_RSASHA = 5,
77: /** DSA/NSEC3/SHA */
78: DNSCERT_ALGORITHM_DSANSEC3 = 6,
79: /** RSA/NSEC3/SHA */
80: DNSCERT_ALGORITHM_RSANSEC3 = 7,
81: /** RSA/SHA256 */
82: DNSCERT_ALGORITHM_RSASHA256 = 8,
83: /** Reserved */
84: DNSCERT_ALGORITHM_RSRVD9 = 9,
85: /** RSA/SHA512 */
86: DNSCERT_ALGORITHM_RSASHA512 = 10,
87: };
88:
89: /**
90: * DNS CERT RR as defined in RFC 4398.
91: *
92: * The CERT resource record (RR) has the structure given below. Its RR
93: * type code is 37.
94: *
95: * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
96: * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
97: * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
98: * | type | key tag |
99: * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
100: * | algorithm | /
101: * +---------------+ certificate or CRL /
102: * / /
103: * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|
104: */
105: struct dnscert_t {
106:
107: /**
108: * Get the type of the certificate body.
109: *
110: * The certificate "type" determines the format of the body
111: * of the CERT data.
112: *
113: * @return certificate type
114: */
115: dnscert_type_t (*get_cert_type)(dnscert_t *this);
116:
117: /**
118: * Get the tag of the key part of the CERT.
119: *
120: * @return keytag
121: */
122: uint16_t (*get_key_tag)(dnscert_t *this);
123:
124: /**
125: * Get the algorithm.
126: *
127: * The "algorithm" determines the format of the public key field
128: * of the DNS CERT.
129: *
130: * @return algorithm
131: */
132: dnscert_algorithm_t (*get_algorithm)(dnscert_t *this);
133:
134: /**
135: * Get the content of the certificate field as chunk.
136: *
137: * The format of the certificate depends on the type.
138: *
139: * The data pointed by the chunk is still owned by the DNSCERT.
140: * Clone it if necessary.
141: *
142: * @return certificate field as chunk
143: */
144: chunk_t (*get_certificate)(dnscert_t *this);
145:
146: /**
147: * Destroy the DNSCERT.
148: */
149: void (*destroy) (dnscert_t *this);
150: };
151:
152: /**
153: * Create a dnscert instance out of a resource record.
154: *
155: * @param rr resource record which contains a DNSCERT
156: * @return dnscert, NULL on failure
157: */
158: dnscert_t *dnscert_create_frm_rr(rr_t *rr);
159:
160: #endif /** DNSCERT_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>