diff options
author | Othmar Gsenger <otti@anytun.org> | 2007-12-27 11:13:13 +0000 |
---|---|---|
committer | Othmar Gsenger <otti@anytun.org> | 2007-12-27 11:13:13 +0000 |
commit | 6dc4f1912caf7f01f4b977ff8aaa50be61db2aba (patch) | |
tree | d7a281c430052e04156265d9ab3108c631360a5e /keyexchange/isakmpd-20041012/cert.h | |
parent | removed old isakmpd (diff) |
adden new isakmpd
Diffstat (limited to 'keyexchange/isakmpd-20041012/cert.h')
-rw-r--r-- | keyexchange/isakmpd-20041012/cert.h | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/keyexchange/isakmpd-20041012/cert.h b/keyexchange/isakmpd-20041012/cert.h new file mode 100644 index 0000000..151b2f9 --- /dev/null +++ b/keyexchange/isakmpd-20041012/cert.h @@ -0,0 +1,96 @@ +/* $OpenBSD: cert.h,v 1.14 2004/05/14 08:42:56 hshoexer Exp $ */ +/* $EOM: cert.h,v 1.8 2000/09/28 12:53:27 niklas Exp $ */ + +/* + * Copyright (c) 1998, 1999 Niels Provos. All rights reserved. + * Copyright (c) 2000, 2001 Niklas Hallqvist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* + * This code was written under funding by Ericsson Radio Systems. + */ + +#ifndef _CERT_H_ +#define _CERT_H_ + +#include <sys/param.h> +#include <sys/types.h> +#include <sys/queue.h> + +/* + * CERT handler for each kind of certificate: + * + * cert_init - initialize CERT handler. + * crl_init - initialize CRLs, if applicable. + * cert_get - get a certificate in internal representation from raw data. + * cert_validate - validated a certificate, if it returns != 0 we can use it. + * cert_insert - inserts cert into memory storage, we can retrieve with + * cert_obtain. + * cert_dup - duplicate a certificate + * cert_serialize - convert to a "serialized" form; KeyNote stays the same, + * X509 is converted to the ASN1 notation. + * cert_printable - for X509, the hex representation of the serialized form; + * for KeyNote, itself. + * cert_from_printable - the reverse of cert_printable + */ + +struct cert_handler { + u_int16_t id; /* ISAKMP Cert Encoding ID */ + int (*cert_init)(void); + int (*crl_init)(void); + void *(*cert_get)(u_int8_t *, u_int32_t); + int (*cert_validate)(void *); + int (*cert_insert)(int, void *); + void (*cert_free)(void *); + int (*certreq_validate)(u_int8_t *, u_int32_t); + void *(*certreq_decode)(u_int8_t *, u_int32_t); + void (*free_aca)(void *); + int (*cert_obtain)(u_int8_t *, size_t, void *, u_int8_t **, + u_int32_t *); + int (*cert_get_key) (void *, void *); + int (*cert_get_subjects) (void *, int *, u_int8_t ***, + u_int32_t **); + void *(*cert_dup) (void *); + void (*cert_serialize) (void *, u_int8_t **, u_int32_t *); + char *(*cert_printable) (void *); + void *(*cert_from_printable) (char *); +}; + +/* The acceptable authority of cert request. */ +struct certreq_aca { + TAILQ_ENTRY(certreq_aca) link; + + u_int16_t id; + struct cert_handler *handler; + + /* If data is a null pointer, everything is acceptable. */ + void *data; +}; + +struct certreq_aca *certreq_decode(u_int16_t, u_int8_t *, u_int32_t); +void cert_free_subjects(int, u_int8_t **, u_int32_t *); +struct cert_handler *cert_get(u_int16_t); +int cert_init(void); +int crl_init(void); + +#endif /* _CERT_H_ */ |