Annotation of embedaddon/strongswan/src/libstrongswan/credentials/cred_encoding.h, revision 1.1.1.1
1.1 misho 1: /*
2: * Copyright (C) 2009 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: /**
17: * @defgroup cred_encoding cred_encoding
18: * @{ @ingroup credentials
19: */
20:
21: #ifndef CRED_ENCODING_H_
22: #define CRED_ENCODING_H_
23:
24: typedef struct cred_encoding_t cred_encoding_t;
25: typedef enum cred_encoding_type_t cred_encoding_type_t;
26: typedef enum cred_encoding_part_t cred_encoding_part_t;
27:
28: #include <utils/chunk.h>
29:
30: /**
31: * Credential encoder function implementing encoding/fingerprinting.
32: *
33: * The variable argument list takes cred_encoding_part_t, followed by part
34: * specific arguments, terminated by KEY_PART_END.
35: *
36: * @param type format to encode the credential to
37: * @param args list of (cred_encoding_part_t, data)
38: * @param encoding encoding result, allocated
39: * @return TRUE if encoding successful
40: */
41: typedef bool (*cred_encoder_t)(cred_encoding_type_t type, chunk_t *encoding,
42: va_list args);
43:
44: /**
45: * Helper function for cred_encoder_t implementations to parse argument list.
46: *
47: * Credential encoder functions get a variable argument list to parse. To
48: * simplify the job, this function reads the arguments and returns chunks for
49: * each part.
50: * The argument list of this function takes a cred_encoding_part_t, followed
51: * by a data pointer receiving the value, terminated by CRED_PART_END.
52: *
53: * @param args argument list passed to credential encoder function
54: * @param ... list of (cred_encoding_part_t, data*)
55: * @return TRUE if all parts found, FALSE otherwise
56: */
57: bool cred_encoding_args(va_list args, ...);
58:
59: /**
60: * Encoding type of a fingerprint/credential.
61: *
62: * Fingerprints have the KEYID_*, public keys the PUBKEY_* and
63: * private keys the PRIVKEY_* prefix.
64: */
65: enum cred_encoding_type_t {
66: /** SHA1 fingerprint over subjectPublicKeyInfo */
67: KEYID_PUBKEY_INFO_SHA1 = 0,
68: /** SHA1 fingerprint over subjectPublicKey */
69: KEYID_PUBKEY_SHA1,
70: /** PGPv3 fingerprint */
71: KEYID_PGPV3,
72: /** PGPv4 fingerprint */
73: KEYID_PGPV4,
74:
75: KEYID_MAX,
76:
77: /** PKCS#1 and similar ASN.1 key encoding */
78: PUBKEY_ASN1_DER,
79: PRIVKEY_ASN1_DER,
80: /** subjectPublicKeyInfo encoding */
81: PUBKEY_SPKI_ASN1_DER,
82: /** PEM encoded PKCS#1 key */
83: PUBKEY_PEM,
84: PRIVKEY_PEM,
85: /** PGP key encoding */
86: PUBKEY_PGP,
87: PRIVKEY_PGP,
88: /** DNSKEY encoding */
89: PUBKEY_DNSKEY,
90: /** SSHKEY encoding (Base64) */
91: PUBKEY_SSHKEY,
92: /** RSA modulus only */
93: PUBKEY_RSA_MODULUS,
94:
95: /** ASN.1 DER encoded certificate */
96: CERT_ASN1_DER,
97: /** PEM encoded certificate */
98: CERT_PEM,
99: /** PGP Packet encoded certificate */
100: CERT_PGP_PKT,
101:
102: CRED_ENCODING_MAX,
103: };
104:
105: /**
106: * Parts of a credential to encode.
107: */
108: enum cred_encoding_part_t {
109: /** modulus of a RSA key, n */
110: CRED_PART_RSA_MODULUS,
111: /** public exponent of a RSA key, e */
112: CRED_PART_RSA_PUB_EXP,
113: /** private exponent of a RSA key, d */
114: CRED_PART_RSA_PRIV_EXP,
115: /** prime1 a RSA key, p */
116: CRED_PART_RSA_PRIME1,
117: /** prime2 a RSA key, q */
118: CRED_PART_RSA_PRIME2,
119: /** exponent1 a RSA key, exp1 */
120: CRED_PART_RSA_EXP1,
121: /** exponent1 a RSA key, exp2 */
122: CRED_PART_RSA_EXP2,
123: /** coefficient of RSA key, coeff */
124: CRED_PART_RSA_COEFF,
125: /** a DER encoded RSA public key */
126: CRED_PART_RSA_PUB_ASN1_DER,
127: /** a DER encoded RSA private key */
128: CRED_PART_RSA_PRIV_ASN1_DER,
129: /** a DER encoded ECDSA public key */
130: CRED_PART_ECDSA_PUB_ASN1_DER,
131: /** a DER encoded ECDSA private key */
132: CRED_PART_ECDSA_PRIV_ASN1_DER,
133: /** a DER encoded X509 certificate */
134: CRED_PART_X509_ASN1_DER,
135: /** a DER encoded X509 CRL */
136: CRED_PART_X509_CRL_ASN1_DER,
137: /** a DER encoded X509 OCSP request */
138: CRED_PART_X509_OCSP_REQ_ASN1_DER,
139: /** a DER encoded X509 OCSP response */
140: CRED_PART_X509_OCSP_RES_ASN1_DER,
141: /** a DER encoded X509 attribute certificate */
142: CRED_PART_X509_AC_ASN1_DER,
143: /** a DER encoded PKCS10 certificate request */
144: CRED_PART_PKCS10_ASN1_DER,
145: /** a PGP encoded certificate */
146: CRED_PART_PGP_CERT,
147: /** a DER encoded EdDSA public key */
148: CRED_PART_EDDSA_PUB_ASN1_DER,
149: /** a DER encoded EdDSA private key */
150: CRED_PART_EDDSA_PRIV_ASN1_DER,
151: /** a DER encoded BLISS public key */
152: CRED_PART_BLISS_PUB_ASN1_DER,
153: /** a DER encoded BLISS private key */
154: CRED_PART_BLISS_PRIV_ASN1_DER,
155:
156: CRED_PART_END,
157: };
158:
159: /**
160: * Credential encoding and fingerprinting facility.
161: */
162: struct cred_encoding_t {
163:
164: /**
165: * Encode a credential in a format using several parts, optional caching.
166: *
167: * The variable argument list takes cred_encoding_part_t, followed by part
168: * specific arguments, terminated by CRED_PART_END.
169: * If a cache key is given, the returned encoding points to internal data:
170: * do not free or modify. If no cache key is given, the encoding is
171: * allocated and must be freed by the caller.
172: *
173: * @param type format the credential should be encoded to
174: * @param cache key to use for caching, NULL to not cache
175: * @param encoding encoding result, allocated if caching disabled
176: * @param ... list of (cred_encoding_part_t, data)
177: * @return TRUE if encoding successful
178: */
179: bool (*encode)(cred_encoding_t *this, cred_encoding_type_t type, void *cache,
180: chunk_t *encoding, ...);
181:
182: /**
183: * Clear all cached encodings of a given cache key.
184: *
185: * @param cache key used in encode() for caching
186: */
187: void (*clear_cache)(cred_encoding_t *this, void *cache);
188:
189: /**
190: * Check for a cached encoding.
191: *
192: * @param type format of the credential encoding
193: * @param cache key to use for caching, as given to encode()
194: * @param encoding encoding result, internal data
195: * @return TRUE if cache entry found
196: */
197: bool (*get_cache)(cred_encoding_t *this, cred_encoding_type_t type,
198: void *cache, chunk_t *encoding);
199:
200: /**
201: * Cache a credential encoding created externally.
202: *
203: * After calling cache(), the passed encoding is owned by the cred encoding
204: * facility.
205: *
206: * @param type format of the credential encoding
207: * @param cache key to use for caching, as given to encode()
208: * @param encoding encoding to cache, gets owned by this
209: */
210: void (*cache)(cred_encoding_t *this, cred_encoding_type_t type, void *cache,
211: chunk_t encoding);
212:
213: /**
214: * Register a credential encoder function.
215: *
216: * @param encoder credential encoder function to add
217: */
218: void (*add_encoder)(cred_encoding_t *this, cred_encoder_t encoder);
219:
220: /**
221: * Unregister a previously registered credential encoder function.
222: *
223: * @param encoder credential encoder function to remove
224: */
225: void (*remove_encoder)(cred_encoding_t *this, cred_encoder_t encoder);
226:
227: /**
228: * Destroy a cred_encoding_t.
229: */
230: void (*destroy)(cred_encoding_t *this);
231: };
232:
233: /**
234: * Create a cred_encoding instance.
235: */
236: cred_encoding_t *cred_encoding_create();
237:
238: #endif /** CRED_ENCODING_H_ @}*/
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>