Annotation of embedaddon/strongswan/src/libstrongswan/credentials/cred_encoding.h, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2009 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: /**
! 17: * @defgroup cred_encoding cred_encoding
! 18: * @{ @ingroup credentials
! 19: */
! 20:
! 21: #ifndef CRED_ENCODING_H_
! 22: #define CRED_ENCODING_H_
! 23:
! 24: typedef struct cred_encoding_t cred_encoding_t;
! 25: typedef enum cred_encoding_type_t cred_encoding_type_t;
! 26: typedef enum cred_encoding_part_t cred_encoding_part_t;
! 27:
! 28: #include <utils/chunk.h>
! 29:
! 30: /**
! 31: * Credential encoder function implementing encoding/fingerprinting.
! 32: *
! 33: * The variable argument list takes cred_encoding_part_t, followed by part
! 34: * specific arguments, terminated by KEY_PART_END.
! 35: *
! 36: * @param type format to encode the credential to
! 37: * @param args list of (cred_encoding_part_t, data)
! 38: * @param encoding encoding result, allocated
! 39: * @return TRUE if encoding successful
! 40: */
! 41: typedef bool (*cred_encoder_t)(cred_encoding_type_t type, chunk_t *encoding,
! 42: va_list args);
! 43:
! 44: /**
! 45: * Helper function for cred_encoder_t implementations to parse argument list.
! 46: *
! 47: * Credential encoder functions get a variable argument list to parse. To
! 48: * simplify the job, this function reads the arguments and returns chunks for
! 49: * each part.
! 50: * The argument list of this function takes a cred_encoding_part_t, followed
! 51: * by a data pointer receiving the value, terminated by CRED_PART_END.
! 52: *
! 53: * @param args argument list passed to credential encoder function
! 54: * @param ... list of (cred_encoding_part_t, data*)
! 55: * @return TRUE if all parts found, FALSE otherwise
! 56: */
! 57: bool cred_encoding_args(va_list args, ...);
! 58:
! 59: /**
! 60: * Encoding type of a fingerprint/credential.
! 61: *
! 62: * Fingerprints have the KEYID_*, public keys the PUBKEY_* and
! 63: * private keys the PRIVKEY_* prefix.
! 64: */
! 65: enum cred_encoding_type_t {
! 66: /** SHA1 fingerprint over subjectPublicKeyInfo */
! 67: KEYID_PUBKEY_INFO_SHA1 = 0,
! 68: /** SHA1 fingerprint over subjectPublicKey */
! 69: KEYID_PUBKEY_SHA1,
! 70: /** PGPv3 fingerprint */
! 71: KEYID_PGPV3,
! 72: /** PGPv4 fingerprint */
! 73: KEYID_PGPV4,
! 74:
! 75: KEYID_MAX,
! 76:
! 77: /** PKCS#1 and similar ASN.1 key encoding */
! 78: PUBKEY_ASN1_DER,
! 79: PRIVKEY_ASN1_DER,
! 80: /** subjectPublicKeyInfo encoding */
! 81: PUBKEY_SPKI_ASN1_DER,
! 82: /** PEM encoded PKCS#1 key */
! 83: PUBKEY_PEM,
! 84: PRIVKEY_PEM,
! 85: /** PGP key encoding */
! 86: PUBKEY_PGP,
! 87: PRIVKEY_PGP,
! 88: /** DNSKEY encoding */
! 89: PUBKEY_DNSKEY,
! 90: /** SSHKEY encoding (Base64) */
! 91: PUBKEY_SSHKEY,
! 92: /** RSA modulus only */
! 93: PUBKEY_RSA_MODULUS,
! 94:
! 95: /** ASN.1 DER encoded certificate */
! 96: CERT_ASN1_DER,
! 97: /** PEM encoded certificate */
! 98: CERT_PEM,
! 99: /** PGP Packet encoded certificate */
! 100: CERT_PGP_PKT,
! 101:
! 102: CRED_ENCODING_MAX,
! 103: };
! 104:
! 105: /**
! 106: * Parts of a credential to encode.
! 107: */
! 108: enum cred_encoding_part_t {
! 109: /** modulus of a RSA key, n */
! 110: CRED_PART_RSA_MODULUS,
! 111: /** public exponent of a RSA key, e */
! 112: CRED_PART_RSA_PUB_EXP,
! 113: /** private exponent of a RSA key, d */
! 114: CRED_PART_RSA_PRIV_EXP,
! 115: /** prime1 a RSA key, p */
! 116: CRED_PART_RSA_PRIME1,
! 117: /** prime2 a RSA key, q */
! 118: CRED_PART_RSA_PRIME2,
! 119: /** exponent1 a RSA key, exp1 */
! 120: CRED_PART_RSA_EXP1,
! 121: /** exponent1 a RSA key, exp2 */
! 122: CRED_PART_RSA_EXP2,
! 123: /** coefficient of RSA key, coeff */
! 124: CRED_PART_RSA_COEFF,
! 125: /** a DER encoded RSA public key */
! 126: CRED_PART_RSA_PUB_ASN1_DER,
! 127: /** a DER encoded RSA private key */
! 128: CRED_PART_RSA_PRIV_ASN1_DER,
! 129: /** a DER encoded ECDSA public key */
! 130: CRED_PART_ECDSA_PUB_ASN1_DER,
! 131: /** a DER encoded ECDSA private key */
! 132: CRED_PART_ECDSA_PRIV_ASN1_DER,
! 133: /** a DER encoded X509 certificate */
! 134: CRED_PART_X509_ASN1_DER,
! 135: /** a DER encoded X509 CRL */
! 136: CRED_PART_X509_CRL_ASN1_DER,
! 137: /** a DER encoded X509 OCSP request */
! 138: CRED_PART_X509_OCSP_REQ_ASN1_DER,
! 139: /** a DER encoded X509 OCSP response */
! 140: CRED_PART_X509_OCSP_RES_ASN1_DER,
! 141: /** a DER encoded X509 attribute certificate */
! 142: CRED_PART_X509_AC_ASN1_DER,
! 143: /** a DER encoded PKCS10 certificate request */
! 144: CRED_PART_PKCS10_ASN1_DER,
! 145: /** a PGP encoded certificate */
! 146: CRED_PART_PGP_CERT,
! 147: /** a DER encoded EdDSA public key */
! 148: CRED_PART_EDDSA_PUB_ASN1_DER,
! 149: /** a DER encoded EdDSA private key */
! 150: CRED_PART_EDDSA_PRIV_ASN1_DER,
! 151: /** a DER encoded BLISS public key */
! 152: CRED_PART_BLISS_PUB_ASN1_DER,
! 153: /** a DER encoded BLISS private key */
! 154: CRED_PART_BLISS_PRIV_ASN1_DER,
! 155:
! 156: CRED_PART_END,
! 157: };
! 158:
! 159: /**
! 160: * Credential encoding and fingerprinting facility.
! 161: */
! 162: struct cred_encoding_t {
! 163:
! 164: /**
! 165: * Encode a credential in a format using several parts, optional caching.
! 166: *
! 167: * The variable argument list takes cred_encoding_part_t, followed by part
! 168: * specific arguments, terminated by CRED_PART_END.
! 169: * If a cache key is given, the returned encoding points to internal data:
! 170: * do not free or modify. If no cache key is given, the encoding is
! 171: * allocated and must be freed by the caller.
! 172: *
! 173: * @param type format the credential should be encoded to
! 174: * @param cache key to use for caching, NULL to not cache
! 175: * @param encoding encoding result, allocated if caching disabled
! 176: * @param ... list of (cred_encoding_part_t, data)
! 177: * @return TRUE if encoding successful
! 178: */
! 179: bool (*encode)(cred_encoding_t *this, cred_encoding_type_t type, void *cache,
! 180: chunk_t *encoding, ...);
! 181:
! 182: /**
! 183: * Clear all cached encodings of a given cache key.
! 184: *
! 185: * @param cache key used in encode() for caching
! 186: */
! 187: void (*clear_cache)(cred_encoding_t *this, void *cache);
! 188:
! 189: /**
! 190: * Check for a cached encoding.
! 191: *
! 192: * @param type format of the credential encoding
! 193: * @param cache key to use for caching, as given to encode()
! 194: * @param encoding encoding result, internal data
! 195: * @return TRUE if cache entry found
! 196: */
! 197: bool (*get_cache)(cred_encoding_t *this, cred_encoding_type_t type,
! 198: void *cache, chunk_t *encoding);
! 199:
! 200: /**
! 201: * Cache a credential encoding created externally.
! 202: *
! 203: * After calling cache(), the passed encoding is owned by the cred encoding
! 204: * facility.
! 205: *
! 206: * @param type format of the credential encoding
! 207: * @param cache key to use for caching, as given to encode()
! 208: * @param encoding encoding to cache, gets owned by this
! 209: */
! 210: void (*cache)(cred_encoding_t *this, cred_encoding_type_t type, void *cache,
! 211: chunk_t encoding);
! 212:
! 213: /**
! 214: * Register a credential encoder function.
! 215: *
! 216: * @param encoder credential encoder function to add
! 217: */
! 218: void (*add_encoder)(cred_encoding_t *this, cred_encoder_t encoder);
! 219:
! 220: /**
! 221: * Unregister a previously registered credential encoder function.
! 222: *
! 223: * @param encoder credential encoder function to remove
! 224: */
! 225: void (*remove_encoder)(cred_encoding_t *this, cred_encoder_t encoder);
! 226:
! 227: /**
! 228: * Destroy a cred_encoding_t.
! 229: */
! 230: void (*destroy)(cred_encoding_t *this);
! 231: };
! 232:
! 233: /**
! 234: * Create a cred_encoding instance.
! 235: */
! 236: cred_encoding_t *cred_encoding_create();
! 237:
! 238: #endif /** CRED_ENCODING_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>