/* $OpenBSD: keynote.h,v 1.7 1999/10/01 01:08:30 angelos Exp $ */ /* * The author of this code is Angelos D. Keromytis (angelos@dsl.cis.upenn.edu) * * This code was written by Angelos D. Keromytis in Philadelphia, PA, USA, * in April-May 1998 * * Copyright (C) 1998, 1999 by Angelos D. Keromytis. * * Permission to use, copy, and modify this software without fee * is hereby granted, provided that this entire notice is included in * all copies of any software which is or includes a copy or * modification of this software. * * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR * IMPLIED WARRANTY. IN PARTICULAR, THE AUTHORS MAKES NO * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR * PURPOSE. */ #ifndef __KEYNOTE_H__ #define __KEYNOTE_H__ #if HAVE_REGEX_H #include #include #endif /* HAVE_REGEX_H */ #if defined(CRYPTO) #if HAVE_SSL_CRYPTO_H #include #include #include #include #include #include #include #include #include #elif HAVE_OPENSSL_CRYPTO_H #include #include #include #include #include #include #include #include #include #else /* HAVE_SSL_CRYPTO_H */ #error "SSLeay or OpenSSL not detected!" #endif /* HAVE_SSL_CRYPTO_H */ #endif /* CRYPTO */ #if !defined(HAVE_STRCASECMP) && defined(HAVE_STRICMP) #define strcasecmp stricmp #endif /* !HAVE_STRCASECMP && HAVE_STRICMP */ #if !defined(HAVE_STRNCASECMP) && defined(HAVE_STRNICMP) #define strncasecmp strnicmp #endif /* !HAVE_STRNCASECMP && HAVE_STRNICMP */ #if !defined(HAVE_OPEN) && defined(HAVE__OPEN) #define open _open #endif /* !HAVE_OPEN && HAVE__OPEN */ #if !defined(HAVE_READ) && defined(HAVE__READ) #define read _read #endif /* !HAVE_READ && HAVE__OPEN */ #if !defined(HAVE_CLOSE) && defined(HAVE__CLOSE) #define close _close #endif /* !HAVE_CLOSE && HAVE__CLOSE */ #if defined(CRYPTO) #if HAVE__DEV_URANDOM #define KEYNOTERNDFILENAME "/dev/urandom" #else /* HAVE__DEV_URANDOM */ #error "You need a random device!" #endif /* HAVE__DEV_URANDOM */ #endif /* CRYPTO */ struct environment { char *env_name; char *env_value; int env_flags; regex_t env_regex; struct environment *env_next; }; struct keynote_deckey { int dec_algorithm; void *dec_key; }; struct keynote_binary { int bn_len; char *bn_key; }; struct keynote_keylist { int key_alg; void *key_key; char *key_stringkey; struct keynote_keylist *key_next; }; #define SIG_DSA_SHA1_HEX "sig-dsa-sha1-hex:" #define SIG_DSA_SHA1_HEX_LEN strlen(SIG_DSA_SHA1_HEX) #define SIG_DSA_SHA1_BASE64 "sig-dsa-sha1-base64:" #define SIG_DSA_SHA1_BASE64_LEN strlen(SIG_DSA_SHA1_BASE64) #define SIG_RSA_SHA1_PKCS1_HEX "sig-rsa-sha1-hex:" #define SIG_RSA_SHA1_PKCS1_HEX_LEN strlen(SIG_RSA_SHA1_PKCS1_HEX) #define SIG_RSA_SHA1_PKCS1_BASE64 "sig-rsa-sha1-base64:" #define SIG_RSA_SHA1_PKCS1_BASE64_LEN strlen(SIG_RSA_SHA1_PKCS1_BASE64) #define SIG_RSA_MD5_PKCS1_HEX "sig-rsa-md5-hex:" #define SIG_RSA_MD5_PKCS1_HEX_LEN strlen(SIG_RSA_MD5_PKCS1_HEX) #define SIG_RSA_MD5_PKCS1_BASE64 "sig-rsa-md5-base64:" #define SIG_RSA_MD5_PKCS1_BASE64_LEN strlen(SIG_RSA_MD5_PKCS1_BASE64) #define SIG_ELGAMAL_SHA1_HEX "sig-elgamal-sha1-hex:" #define SIG_ELGAMAL_SHA1_HEX_LEN strlen(SIG_ELGAMAL_SHA1_HEX) #define SIG_ELGAMAL_SHA1_BASE64 "sig-elgamal-sha1-base64:" #define SIG_ELGAMAL_SHA1_BASE64_LEN strlen(SIG_ELGAMAL_SHA1_BASE64) #define SIG_PGP_NATIVE "sig-pgp:" #define SIG_PGP_NATIVE_LEN strlen(SIG_PGP_NATIVE) #define SIG_X509_SHA1_BASE64 "sig-x509-sha1-base64:" #define SIG_X509_SHA1_BASE64_LEN strlen(SIG_X509_SHA1_BASE64) #define SIG_X509_SHA1_HEX "sig-x509-sha1-hex:" #define SIG_X509_SHA1_HEX_LEN strlen(SIG_X509_SHA1_HEX) #define SIGRESULT_UNTOUCHED 0 #define SIGRESULT_FALSE 1 #define SIGRESULT_TRUE 2 #define ENVIRONMENT_FLAG_FUNC 0x0001 /* This is a callback function */ #define ENVIRONMENT_FLAG_REGEX 0x0002 /* Regular expression for name */ #define ASSERT_FLAG_LOCAL 0x0001 /* * Trusted assertion -- means * signature is not verified, and * authorizer field can * include symbolic names. */ #define ASSERT_FLAG_SIGGEN 0x0002 /* * Be a bit more lax with the * contents of the Signature: * field; to be used in * assertion signing only. */ #define ASSERT_FLAG_SIGVER 0x0004 /* * To be used in signature verification * only. */ #define RESULT_FALSE 0 #define RESULT_TRUE 1 #define KEYNOTE_CALLBACK_INITIALIZE "_KEYNOTE_CALLBACK_INITIALIZE" #define KEYNOTE_CALLBACK_CLEANUP "_KEYNOTE_CALLBACK_CLEANUP" #define KEYNOTE_VERSION_STRING "2" #define ERROR_MEMORY -1 #define ERROR_SYNTAX -2 #define ERROR_NOTFOUND -3 #define ERROR_SIGN_FAILURE -4 #define KEYNOTE_ALGORITHM_UNSPEC -1 #define KEYNOTE_ALGORITHM_NONE 0 #define KEYNOTE_ALGORITHM_DSA 1 #define KEYNOTE_ALGORITHM_ELGAMAL 2 #define KEYNOTE_ALGORITHM_PGP 3 #define KEYNOTE_ALGORITHM_BINARY 4 #define KEYNOTE_ALGORITHM_X509 5 #define KEYNOTE_ALGORITHM_RSA 6 #define KEYNOTE_ERROR_ANY 0 #define KEYNOTE_ERROR_SYNTAX 1 #define KEYNOTE_ERROR_MEMORY 2 #define KEYNOTE_ERROR_SIGNATURE 3 #define ENCODING_NONE 0 #define ENCODING_HEX 1 #define ENCODING_BASE64 2 #define ENCODING_NATIVE 3 /* For things like PGP */ #define INTERNAL_ENC_NONE 0 #define INTERNAL_ENC_PKCS1 1 #define INTERNAL_ENC_ASN1 2 #define INTERNAL_ENC_NATIVE 3 /* For things like PGP */ #define KEYNOTE_PUBLIC_KEY 0 #define KEYNOTE_PRIVATE_KEY 1 extern int keynote_errno; /* Session API */ int kn_init(void); int kn_add_assertion(int, char *, int, int); int kn_remove_assertion(int, int); int kn_add_action(int, char *, char *, int); int kn_remove_action(int, char *); int kn_add_authorizer(int, char *); int kn_remove_authorizer(int, char *); int kn_do_query(int, char **, int); int kn_get_failed(int, int, int); int kn_cleanup_action_environment(int); int kn_close(int); /* Simple API */ int kn_query(struct environment *, char **, int, char **, int *, int, char **, int *, int, char **, int); /* Aux. routines */ char **kn_read_asserts(char *, int, int *); int kn_keycompare(void *, void *, int); void *kn_get_authorizer(int, int, int *); struct keynote_keylist *kn_get_licensees(int, int); /* ASCII-encoding API */ int kn_encode_base64(unsigned char const *, unsigned int, char *, unsigned int); int kn_decode_base64(char const *, unsigned char *, unsigned int); int kn_encode_hex(unsigned char *, char **, int); int kn_decode_hex(char *, char **); /* Key-encoding API */ int kn_decode_key(struct keynote_deckey *, char *, int); char *kn_encode_key(struct keynote_deckey *, int, int, int); /* Crypto API */ char *kn_sign_assertion(char *, int, char *, char *, int); int kn_verify_assertion(char *, int); #endif /* __KEYNOTE_H__ */