159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * COPYRIGHT (C) 2006,2007
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * ALL RIGHTS RESERVED
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * Permission is granted to use, copy, create derivative works
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * and redistribute this software and such derivative works
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * for any purpose, so long as the name of The University of
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * Michigan is not used in any advertising or publicity
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * pertaining to the use of distribution of this software
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * without specific, written prior authorization. If the
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * above copyright notice or any other identification of the
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * University of Michigan is included in any copy of any
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * portion of this software, then the disclaimer below must
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * also be included.
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * SUCH DAMAGES.
488060a6285c53d78d4e5360e7db00d6d544d960Will Fiveash * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved.
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan/* Solaris Kerberos */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * It is anticipated that all the special checks currently
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * required when talking to a Longhorn server will go away
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * by the time it is officially released and all references
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * to the longhorn global can be removed and any code
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * #ifdef'd with LONGHORN_BETA_COMPAT can be removed.
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * And this #define!
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanextern int longhorn; /* XXX Talking to a Longhorn server? */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan/* Solaris Kerberos */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan/* Solaris Kerberos */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan/* Make pkiDebug(fmt,...) print, or not. */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan/* Still evaluates for side effects. */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan/* ARGSUSED */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan/* This is better if the compiler doesn't inline variadic functions
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan well, but gcc will warn about "left-hand operand of comma
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan expression has no effect". Still evaluates for side effects. */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan/* #define pkiDebug (void) */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan/* Solaris Kerberos */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan (defined(__SUNPRO_C) && defined(__C99FEATURES__))
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan/* Macros to deal with converting between various data types... */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan (k5d)->length = (pad)->length; (k5d)->data = (char *)(pad)->contents;
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan (k5d)->length = (octd)->length; (k5d)->data = (char *)(octd)->data;
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * notes about crypto contexts:
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * the basic idea is that there are crypto contexts that live at
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * both the plugin level and request level. the identity context (that
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * keeps info about your own certs and such) is separate because
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * it is needed at different levels for the kdc and and the client.
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * (the kdc's identity is at the plugin level, the client's identity
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * information could change per-request.)
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * the identity context is meant to have the entity's cert,
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * a list of trusted and intermediate cas, a list of crls, and any
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * pkcs11 information. the req context is meant to have the
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * received certificate and the DH related information. the plugin
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * context is meant to have global crypto information, i.e., OIDs
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * and constant DH parameter information.
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * plugin crypto context should keep plugin common information,
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * eg., OIDs, known DHparams
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalantypedef struct _pkinit_plg_crypto_context *pkinit_plg_crypto_context;
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * request crypto context should keep reqyest common information,
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * eg., received credentials, DH parameters of this request
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalantypedef struct _pkinit_req_crypto_context *pkinit_req_crypto_context;
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * identity context should keep information about credentials
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * for the request, eg., my credentials, trusted ca certs,
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * intermediate ca certs, crls, pkcs11 info
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalantypedef struct _pkinit_identity_crypto_context *pkinit_identity_crypto_context;
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * this structure keeps information about the config options
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan int require_eku; /* require EKU checking (default is true) */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan int accept_secondary_eku;/* accept secondary EKU (default is false) */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan int allow_upn; /* allow UPN-SAN instead of pkinit-SAN */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan int dh_or_rsa; /* selects DH or RSA based pkinit */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan int require_crl_checking; /* require CRL for a CA (default is false) */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan int dh_min_bits; /* minimum DH modulus size allowed */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * this structure keeps options used for a given request
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan int dh_size; /* initial request DH modulus size (default=1024) */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * information about identity from config file or command line
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * Client's plugin context
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * Client's per-request context
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalantypedef struct _pkinit_kdc_context *pkinit_kdc_context;
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * KDC's (per-realm) plugin context
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalantypedef struct _pkinit_req_context *pkinit_req_context;
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * KDC's per-request context
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalantypedef struct _pkinit_kdc_req_context *pkinit_kdc_req_context;
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * Functions in pkinit_lib.c
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalankrb5_error_code pkinit_init_req_opts(pkinit_req_opts **);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalankrb5_error_code pkinit_init_plg_opts(pkinit_plg_opts **);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalankrb5_error_code pkinit_init_identity_opts(pkinit_identity_opts **idopts);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid pkinit_fini_identity_opts(pkinit_identity_opts *idopts);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalankrb5_error_code pkinit_dup_identity_opts(pkinit_identity_opts *src_opts,
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan pkinit_plg_crypto_context plg_cryptoctx, /* IN */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan pkinit_req_crypto_context req_cryptoctx, /* IN */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan pkinit_identity_crypto_context id_cryptoctx, /* IN/OUT */
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * initialization and free functions
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid init_krb5_pa_pk_as_req(krb5_pa_pk_as_req **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid init_krb5_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid init_krb5_reply_key_pack(krb5_reply_key_pack **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid init_krb5_reply_key_pack_draft9(krb5_reply_key_pack_draft9 **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid init_krb5_auth_pack_draft9(krb5_auth_pack_draft9 **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid init_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid init_krb5_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid init_krb5_subject_pk_info(krb5_subject_pk_info **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid free_krb5_pa_pk_as_req(krb5_pa_pk_as_req **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid free_krb5_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid free_krb5_reply_key_pack(krb5_reply_key_pack **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid free_krb5_reply_key_pack_draft9(krb5_reply_key_pack_draft9 **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid free_krb5_auth_pack_draft9(krb5_context, krb5_auth_pack_draft9 **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid free_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid free_krb5_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid free_krb5_external_principal_identifier(krb5_external_principal_identifier ***in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid free_krb5_trusted_ca(krb5_trusted_ca ***in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid free_krb5_typed_data(krb5_typed_data ***in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid free_krb5_algorithm_identifiers(krb5_algorithm_identifier ***in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid free_krb5_algorithm_identifier(krb5_algorithm_identifier *in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid free_krb5_kdc_dh_key_info(krb5_kdc_dh_key_info **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid free_krb5_subject_pk_info(krb5_subject_pk_info **in);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalankrb5_error_code pkinit_copy_krb5_octet_data(krb5_octet_data *dst, const krb5_octet_data *src);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan (krb5_context context, const char *realmname, const char *option,
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan (krb5_context context, const char *realmname, const char *option,
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan (krb5_context context, const char *realmname, const char *option,
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan (krb5_context context, const char *realmname, const char *option,
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan (krb5_context context, const krb5_data *realm, const char *option,
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan (krb5_context context, const krb5_data *realm, const char *option,
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * debugging functions
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid print_buffer(unsigned char *, unsigned int);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalanvoid print_buffer_bin(unsigned char *, unsigned int, char *);
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan * Now get crypto function declarations
159d09a20817016f09b3ea28d1bdada4a336bb91Mark Phalan#endif /* _PKINIT_H */