2 * COPYRIGHT (C) 2006,2007
3 * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
6 * Permission is granted to use, copy, create derivative works
7 * and redistribute this software and such derivative works
8 * for any purpose, so long as the name of The University of
9 * Michigan is not used in any advertising or publicity
10 * pertaining to the use of distribution of this software
11 * without specific, written prior authorization. If the
12 * above copyright notice or any other identification of the
13 * University of Michigan is included in any copy of any
14 * portion of this software, then the disclaimer below must
17 * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
18 * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
19 * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
20 * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
21 * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
22 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
23 * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
24 * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
25 * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
26 * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
27 * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
31 #ifndef _PKINIT_CRYPTO_OPENSSL_H
32 #define _PKINIT_CRYPTO_OPENSSL_H
36 #include <openssl/bn.h>
37 #include <openssl/dh.h>
38 #include <openssl/x509.h>
39 #include <openssl/pkcs7.h>
40 #include <openssl/pkcs12.h>
41 #include <openssl/obj_mac.h>
42 #include <openssl/x509v3.h>
43 #include <openssl/err.h>
44 #include <openssl/evp.h>
45 #include <openssl/sha.h>
46 #include <openssl/asn1.h>
47 #include <openssl/pem.h>
49 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
50 #include <openssl/asn1t.h>
52 #include <openssl/asn1_mac.h>
55 #define DN_BUF_LEN 256
56 #define MAX_CREDS_ALLOWED 20
58 struct _pkinit_cred_info {
62 #ifndef WITHOUT_PKCS11
67 typedef struct _pkinit_cred_info * pkinit_cred_info;
69 struct _pkinit_identity_crypto_context {
70 pkinit_cred_info creds[MAX_CREDS_ALLOWED+1];
71 STACK_OF(X509) *my_certs; /* available user certs */
72 char *identity; /* identity name for user cert */
73 int cert_index; /* cert to use out of available certs*/
74 EVP_PKEY *my_key; /* available user keys if in filesystem */
75 STACK_OF(X509) *trustedCAs; /* available trusted ca certs */
76 STACK_OF(X509) *intermediateCAs; /* available intermediate ca certs */
77 STACK_OF(X509_CRL) *revoked; /* available crls */
79 krb5_prompter_fct prompter;
81 #ifndef WITHOUT_PKCS11
82 char *p11_module_name;
86 /* These are crypto-specific */
88 CK_SESSION_HANDLE session;
89 CK_FUNCTION_LIST_PTR p11;
92 CK_MECHANISM_TYPE mech;
94 krb5_boolean defer_id_prompt;
95 pkinit_deferred_id *deferred_ids;
98 struct _pkinit_plg_crypto_context {
102 ASN1_OBJECT *id_pkinit_authData;
103 ASN1_OBJECT *id_pkinit_DHKeyData;
104 ASN1_OBJECT *id_pkinit_rkeyData;
105 ASN1_OBJECT *id_pkinit_san;
106 ASN1_OBJECT *id_ms_san_upn;
107 ASN1_OBJECT *id_pkinit_KPClientAuth;
108 ASN1_OBJECT *id_pkinit_KPKdc;
109 ASN1_OBJECT *id_ms_kp_sc_logon;
110 ASN1_OBJECT *id_kp_serverAuth;
113 struct _pkinit_req_crypto_context {
118 #endif /* _PKINIT_CRYPTO_OPENSSL_H */