|
Packit |
fd8b60 |
/*
|
|
Packit |
fd8b60 |
* COPYRIGHT (C) 2006,2007
|
|
Packit |
fd8b60 |
* THE REGENTS OF THE UNIVERSITY OF MICHIGAN
|
|
Packit |
fd8b60 |
* ALL RIGHTS RESERVED
|
|
Packit |
fd8b60 |
*
|
|
Packit |
fd8b60 |
* Permission is granted to use, copy, create derivative works
|
|
Packit |
fd8b60 |
* and redistribute this software and such derivative works
|
|
Packit |
fd8b60 |
* for any purpose, so long as the name of The University of
|
|
Packit |
fd8b60 |
* Michigan is not used in any advertising or publicity
|
|
Packit |
fd8b60 |
* pertaining to the use of distribution of this software
|
|
Packit |
fd8b60 |
* without specific, written prior authorization. If the
|
|
Packit |
fd8b60 |
* above copyright notice or any other identification of the
|
|
Packit |
fd8b60 |
* University of Michigan is included in any copy of any
|
|
Packit |
fd8b60 |
* portion of this software, then the disclaimer below must
|
|
Packit |
fd8b60 |
* also be included.
|
|
Packit |
fd8b60 |
*
|
|
Packit |
fd8b60 |
* THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
|
|
Packit |
fd8b60 |
* FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
|
|
Packit |
fd8b60 |
* PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
|
|
Packit |
fd8b60 |
* MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
|
|
Packit |
fd8b60 |
* WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
|
|
Packit |
fd8b60 |
* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
|
|
Packit |
fd8b60 |
* REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
|
|
Packit |
fd8b60 |
* FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
|
|
Packit |
fd8b60 |
* CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
|
|
Packit |
fd8b60 |
* OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
|
|
Packit |
fd8b60 |
* IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
|
|
Packit |
fd8b60 |
* SUCH DAMAGES.
|
|
Packit |
fd8b60 |
*/
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#ifndef _PKINIT_CRYPTO_OPENSSL_H
|
|
Packit |
fd8b60 |
#define _PKINIT_CRYPTO_OPENSSL_H
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#include "pkinit.h"
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#include <openssl/bn.h>
|
|
Packit |
fd8b60 |
#include <openssl/dh.h>
|
|
Packit |
fd8b60 |
#include <openssl/x509.h>
|
|
Packit |
fd8b60 |
#include <openssl/pkcs7.h>
|
|
Packit |
fd8b60 |
#include <openssl/pkcs12.h>
|
|
Packit |
fd8b60 |
#include <openssl/obj_mac.h>
|
|
Packit |
fd8b60 |
#include <openssl/x509v3.h>
|
|
Packit |
fd8b60 |
#include <openssl/err.h>
|
|
Packit |
fd8b60 |
#include <openssl/evp.h>
|
|
Packit |
fd8b60 |
#include <openssl/sha.h>
|
|
Packit |
fd8b60 |
#include <openssl/asn1.h>
|
|
Packit |
fd8b60 |
#include <openssl/pem.h>
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
Packit |
fd8b60 |
#include <openssl/asn1t.h>
|
|
Packit |
fd8b60 |
#else
|
|
Packit |
fd8b60 |
#include <openssl/asn1_mac.h>
|
|
Packit |
fd8b60 |
#endif
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#define DN_BUF_LEN 256
|
|
Packit |
fd8b60 |
#define MAX_CREDS_ALLOWED 20
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
struct _pkinit_cred_info {
|
|
Packit |
fd8b60 |
char *name;
|
|
Packit |
fd8b60 |
X509 *cert;
|
|
Packit |
fd8b60 |
EVP_PKEY *key;
|
|
Packit |
fd8b60 |
#ifndef WITHOUT_PKCS11
|
|
Packit |
fd8b60 |
CK_BYTE_PTR cert_id;
|
|
Packit |
fd8b60 |
int cert_id_len;
|
|
Packit |
fd8b60 |
#endif
|
|
Packit |
fd8b60 |
};
|
|
Packit |
fd8b60 |
typedef struct _pkinit_cred_info * pkinit_cred_info;
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
struct _pkinit_identity_crypto_context {
|
|
Packit |
fd8b60 |
pkinit_cred_info creds[MAX_CREDS_ALLOWED+1];
|
|
Packit |
fd8b60 |
STACK_OF(X509) *my_certs; /* available user certs */
|
|
Packit |
fd8b60 |
char *identity; /* identity name for user cert */
|
|
Packit |
fd8b60 |
int cert_index; /* cert to use out of available certs*/
|
|
Packit |
fd8b60 |
EVP_PKEY *my_key; /* available user keys if in filesystem */
|
|
Packit |
fd8b60 |
STACK_OF(X509) *trustedCAs; /* available trusted ca certs */
|
|
Packit |
fd8b60 |
STACK_OF(X509) *intermediateCAs; /* available intermediate ca certs */
|
|
Packit |
fd8b60 |
STACK_OF(X509_CRL) *revoked; /* available crls */
|
|
Packit |
fd8b60 |
int pkcs11_method;
|
|
Packit |
fd8b60 |
krb5_prompter_fct prompter;
|
|
Packit |
fd8b60 |
void *prompter_data;
|
|
Packit |
fd8b60 |
#ifndef WITHOUT_PKCS11
|
|
Packit |
fd8b60 |
char *p11_module_name;
|
|
Packit |
fd8b60 |
CK_SLOT_ID slotid;
|
|
Packit |
fd8b60 |
char *token_label;
|
|
Packit |
fd8b60 |
char *cert_label;
|
|
Packit |
fd8b60 |
/* These are crypto-specific */
|
|
Packit |
fd8b60 |
void *p11_module;
|
|
Packit |
fd8b60 |
CK_SESSION_HANDLE session;
|
|
Packit |
fd8b60 |
CK_FUNCTION_LIST_PTR p11;
|
|
Packit |
fd8b60 |
uint8_t *cert_id;
|
|
Packit |
fd8b60 |
size_t cert_id_len;
|
|
Packit |
fd8b60 |
CK_MECHANISM_TYPE mech;
|
|
Packit |
fd8b60 |
#endif
|
|
Packit |
fd8b60 |
krb5_boolean defer_id_prompt;
|
|
Packit |
fd8b60 |
pkinit_deferred_id *deferred_ids;
|
|
Packit |
fd8b60 |
};
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
struct _pkinit_plg_crypto_context {
|
|
Packit |
fd8b60 |
DH *dh_1024;
|
|
Packit |
fd8b60 |
DH *dh_2048;
|
|
Packit |
fd8b60 |
DH *dh_4096;
|
|
Packit |
fd8b60 |
ASN1_OBJECT *id_pkinit_authData;
|
|
Packit |
fd8b60 |
ASN1_OBJECT *id_pkinit_DHKeyData;
|
|
Packit |
fd8b60 |
ASN1_OBJECT *id_pkinit_rkeyData;
|
|
Packit |
fd8b60 |
ASN1_OBJECT *id_pkinit_san;
|
|
Packit |
fd8b60 |
ASN1_OBJECT *id_ms_san_upn;
|
|
Packit |
fd8b60 |
ASN1_OBJECT *id_pkinit_KPClientAuth;
|
|
Packit |
fd8b60 |
ASN1_OBJECT *id_pkinit_KPKdc;
|
|
Packit |
fd8b60 |
ASN1_OBJECT *id_ms_kp_sc_logon;
|
|
Packit |
fd8b60 |
ASN1_OBJECT *id_kp_serverAuth;
|
|
Packit |
fd8b60 |
};
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
struct _pkinit_req_crypto_context {
|
|
Packit |
fd8b60 |
X509 *received_cert;
|
|
Packit |
fd8b60 |
DH *dh;
|
|
Packit |
fd8b60 |
};
|
|
Packit |
fd8b60 |
|
|
Packit |
fd8b60 |
#endif /* _PKINIT_CRYPTO_OPENSSL_H */
|