Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/heimdal/lib/hx509/hx_locl.h
34878 views
1
/*

2
 * Copyright (c) 2004 - 2006 Kungliga Tekniska Högskolan

3
 * (Royal Institute of Technology, Stockholm, Sweden).

4
 * All rights reserved.

5
 *

6
 * Redistribution and use in source and binary forms, with or without

7
 * modification, are permitted provided that the following conditions

8
 * are met:

9
 *

10
 * 1. Redistributions of source code must retain the above copyright

11
 *    notice, this list of conditions and the following disclaimer.

12
 *

13
 * 2. Redistributions in binary form must reproduce the above copyright

14
 *    notice, this list of conditions and the following disclaimer in the

15
 *    documentation and/or other materials provided with the distribution.

16
 *

17
 * 3. Neither the name of the Institute nor the names of its contributors

18
 *    may be used to endorse or promote products derived from this software

19
 *    without specific prior written permission.

20
 *

21
 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND

22
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

24
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE

25
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

26
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

27
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

28
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

29
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

30
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

31
 * SUCH DAMAGE.

32
 */

33


34
/* $Id$ */

35


36
#include <config.h>

37


38
#include <stdio.h>

39
#include <stdlib.h>

40
#include <ctype.h>

41
#include <errno.h>

42
#ifdef HAVE_STRINGS_H

43
#include <strings.h>

44
#endif

45
#include <assert.h>

46
#include <stdarg.h>

47
#include <err.h>

48
#include <limits.h>

49


50
#include <roken.h>

51


52
#include <getarg.h>

53
#include <base64.h>

54
#include <hex.h>

55
#include <com_err.h>

56
#include <parse_units.h>

57
#include <parse_bytes.h>

58


59
#include <krb5-types.h>

60


61
#include <rfc2459_asn1.h>

62
#include <cms_asn1.h>

63
#include <pkcs8_asn1.h>

64
#include <pkcs9_asn1.h>

65
#include <pkcs12_asn1.h>

66
#include <ocsp_asn1.h>

67
#include <pkcs10_asn1.h>

68
#include <asn1_err.h>

69
#include <pkinit_asn1.h>

70


71
#include <der.h>

72


73
#define HC_DEPRECATED_CRYPTO

74
#include "crypto-headers.h"

75


76
struct hx509_keyset_ops;

77
struct hx509_collector;

78
struct hx509_generate_private_context;

79
typedef struct hx509_path hx509_path;

80


81
#include <hx509.h>

82


83
typedef void (*_hx509_cert_release_func)(struct hx509_cert_data *, void *);

84


85


86
#include "sel.h"

87


88
#include <hx509-private.h>

89
#include <hx509_err.h>

90


91
struct hx509_peer_info {

92
    hx509_cert cert;

93
    AlgorithmIdentifier *val;

94
    size_t len;

95
};

96


97
#define HX509_CERTS_FIND_SERIALNUMBER		1

98
#define HX509_CERTS_FIND_ISSUER			2

99
#define HX509_CERTS_FIND_SUBJECT		4

100
#define HX509_CERTS_FIND_ISSUER_KEY_ID		8

101
#define HX509_CERTS_FIND_SUBJECT_KEY_ID		16

102


103
struct hx509_name_data {

104
    Name der_name;

105
};

106


107
struct hx509_path {

108
    size_t len;

109
    hx509_cert *val;

110
};

111


112
struct hx509_query_data {

113
    int match;

114
#define HX509_QUERY_FIND_ISSUER_CERT		0x000001

115
#define HX509_QUERY_MATCH_SERIALNUMBER		0x000002

116
#define HX509_QUERY_MATCH_ISSUER_NAME		0x000004

117
#define HX509_QUERY_MATCH_SUBJECT_NAME		0x000008

118
#define HX509_QUERY_MATCH_SUBJECT_KEY_ID	0x000010

119
#define HX509_QUERY_MATCH_ISSUER_ID		0x000020

120
#define HX509_QUERY_PRIVATE_KEY			0x000040

121
#define HX509_QUERY_KU_ENCIPHERMENT		0x000080

122
#define HX509_QUERY_KU_DIGITALSIGNATURE		0x000100

123
#define HX509_QUERY_KU_KEYCERTSIGN		0x000200

124
#define HX509_QUERY_KU_CRLSIGN			0x000400

125
#define HX509_QUERY_KU_NONREPUDIATION		0x000800

126
#define HX509_QUERY_KU_KEYAGREEMENT		0x001000

127
#define HX509_QUERY_KU_DATAENCIPHERMENT		0x002000

128
#define HX509_QUERY_ANCHOR			0x004000

129
#define HX509_QUERY_MATCH_CERTIFICATE		0x008000

130
#define HX509_QUERY_MATCH_LOCAL_KEY_ID		0x010000

131
#define HX509_QUERY_NO_MATCH_PATH		0x020000

132
#define HX509_QUERY_MATCH_FRIENDLY_NAME		0x040000

133
#define HX509_QUERY_MATCH_FUNCTION		0x080000

134
#define HX509_QUERY_MATCH_KEY_HASH_SHA1		0x100000

135
#define HX509_QUERY_MATCH_TIME			0x200000

136
#define HX509_QUERY_MATCH_EKU			0x400000

137
#define HX509_QUERY_MATCH_EXPR			0x800000

138
#define HX509_QUERY_MASK			0xffffff

139
    Certificate *subject;

140
    Certificate *certificate;

141
    heim_integer *serial;

142
    heim_octet_string *subject_id;

143
    heim_octet_string *local_key_id;

144
    Name *issuer_name;

145
    Name *subject_name;

146
    hx509_path *path;

147
    char *friendlyname;

148
    int (*cmp_func)(hx509_context, hx509_cert, void *);

149
    void *cmp_func_ctx;

150
    heim_octet_string *keyhash_sha1;

151
    time_t timenow;

152
    heim_oid *eku;

153
    struct hx_expr *expr;

154
};

155


156
struct hx509_keyset_ops {

157
    const char *name;

158
    int flags;

159
    int (*init)(hx509_context, hx509_certs, void **,

160
		int, const char *, hx509_lock);

161
    int (*store)(hx509_context, hx509_certs, void *, int, hx509_lock);

162
    int (*free)(hx509_certs, void *);

163
    int (*add)(hx509_context, hx509_certs, void *, hx509_cert);

164
    int (*query)(hx509_context, hx509_certs, void *,

165
		 const hx509_query *, hx509_cert *);

166
    int (*iter_start)(hx509_context, hx509_certs, void *, void **);

167
    int (*iter)(hx509_context, hx509_certs, void *, void *, hx509_cert *);

168
    int (*iter_end)(hx509_context, hx509_certs, void *, void *);

169
    int (*printinfo)(hx509_context, hx509_certs,

170
		     void *, int (*)(void *, const char *), void *);

171
    int (*getkeys)(hx509_context, hx509_certs, void *, hx509_private_key **);

172
    int (*addkey)(hx509_context, hx509_certs, void *, hx509_private_key);

173
};

174


175
struct _hx509_password {

176
    size_t len;

177
    char **val;

178
};

179


180
extern hx509_lock _hx509_empty_lock;

181


182
struct hx509_context_data {

183
    struct hx509_keyset_ops **ks_ops;

184
    int ks_num_ops;

185
    int flags;

186
#define HX509_CTX_VERIFY_MISSING_OK	1

187
    int ocsp_time_diff;

188
#define HX509_DEFAULT_OCSP_TIME_DIFF	(5*60)

189
    hx509_error error;

190
    struct et_list *et_list;

191
    char *querystat;

192
    hx509_certs default_trust_anchors;

193
};

194


195
/* _hx509_calculate_path flag field */

196
#define HX509_CALCULATE_PATH_NO_ANCHOR 1

197


198
/* environment */

199
struct hx509_env_data {

200
    enum { env_string, env_list } type;

201
    char *name;

202
    struct hx509_env_data *next;

203
    union {

204
	char *string;

205
	struct hx509_env_data *list;

206
    } u;

207
};

208


209


210
extern const AlgorithmIdentifier * _hx509_crypto_default_sig_alg;

211
extern const AlgorithmIdentifier * _hx509_crypto_default_digest_alg;

212
extern const AlgorithmIdentifier * _hx509_crypto_default_secret_alg;

213


214
/*

215
 * Configurable options

216
 */

217


218
#ifdef __APPLE__

219
#define HX509_DEFAULT_ANCHORS "KEYCHAIN:system-anchors"

220
#endif

221


222