Apache2
md_crypt.h
Go to the documentation of this file.
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2  * contributor license agreements. See the NOTICE file distributed with
3  * this work for additional information regarding copyright ownership.
4  * The ASF licenses this file to You under the Apache License, Version 2.0
5  * (the "License"); you may not use this file except in compliance with
6  * the License. You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef mod_md_md_crypt_h
18 #define mod_md_md_crypt_h
19 
20 #include <apr_file_io.h>
21 
22 struct apr_array_header_t;
23 struct md_t;
24 struct md_http_response_t;
25 struct md_cert_t;
26 struct md_pkey_t;
27 struct md_data_t;
28 struct md_timeperiod_t;
29 
30 /**************************************************************************************************/
31 /* random */
32 
33 apr_status_t md_rand_bytes(unsigned char *buf, apr_size_t len, apr_pool_t *p);
34 
35 apr_time_t md_asn1_generalized_time_get(void *ASN1_GENERALIZEDTIME);
36 
37 /**************************************************************************************************/
38 /* digests */
39 apr_status_t md_crypt_sha256_digest64(const char **pdigest64, apr_pool_t *p,
40  const struct md_data_t *data);
41 apr_status_t md_crypt_sha256_digest_hex(const char **pdigesthex, apr_pool_t *p,
42  const struct md_data_t *data);
43 
44 #define MD_DATA_SET_STR(d, s) do { (d)->data = (s); (d)->len = strlen(s); } while(0)
45 
46 /**************************************************************************************************/
47 /* private keys */
48 
49 typedef struct md_pkey_t md_pkey_t;
50 
51 typedef enum {
56 
57 typedef struct md_pkey_rsa_params_t {
60 
61 typedef struct md_pkey_ec_params_t {
62  const char *curve;
64 
65 typedef struct md_pkey_spec_t {
67  union {
70  } params;
72 
73 typedef struct md_pkeys_spec_t {
77 
79 
80 const char *md_pkey_spec_name(const md_pkey_spec_t *spec);
81 
85 void md_pkeys_spec_add_rsa(md_pkeys_spec_t *pks, unsigned int bits);
86 int md_pkeys_spec_contains_ec(md_pkeys_spec_t *pks, const char *curve);
87 void md_pkeys_spec_add_ec(md_pkeys_spec_t *pks, const char *curve);
91 md_pkey_spec_t *md_pkeys_spec_get(const md_pkeys_spec_t *pks, int index);
92 int md_pkeys_spec_count(const md_pkeys_spec_t *pks);
94 
99 
100 
102 void md_pkey_free(md_pkey_t *pkey);
103 
104 const char *md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p);
105 const char *md_pkey_get_rsa_n64(md_pkey_t *pkey, apr_pool_t *p);
106 
108  const char *pass_phrase, apr_size_t pass_len,
109  const char *fname);
111  const char *pass_phrase, apr_size_t pass_len,
112  const char *fname, apr_fileperms_t perms);
113 
114 apr_status_t md_crypt_sign64(const char **psign64, md_pkey_t *pkey, apr_pool_t *p,
115  const char *d, size_t dlen);
116 
117 void *md_pkey_get_EVP_PKEY(struct md_pkey_t *pkey);
118 
119 /**************************************************************************************************/
120 /* X509 certificates */
121 
122 typedef struct md_cert_t md_cert_t;
123 
124 typedef enum {
129 
134 md_cert_t *md_cert_make(apr_pool_t *p, void *x509);
135 
140 md_cert_t *md_cert_wrap(apr_pool_t *p, void *x509);
141 
142 void *md_cert_get_X509(const md_cert_t *cert);
143 
144 apr_status_t md_cert_fload(md_cert_t **pcert, apr_pool_t *p, const char *fname);
146  const char *fname, apr_fileperms_t perms);
147 
154  const struct md_http_response_t *res);
155 
160  const char *pem, apr_size_t pem_len);
161 
169  apr_pool_t *pool, const struct md_http_response_t *res);
170 
172 int md_cert_is_valid_now(const md_cert_t *cert);
173 int md_cert_has_expired(const md_cert_t *cert);
174 int md_cert_covers_domain(md_cert_t *cert, const char *domain_name);
175 int md_cert_covers_md(md_cert_t *cert, const struct md_t *md);
176 int md_cert_must_staple(const md_cert_t *cert);
179 struct md_timeperiod_t md_cert_get_valid(const md_cert_t *cert);
180 
181 apr_status_t md_cert_get_issuers_uri(const char **puri, const md_cert_t *cert, apr_pool_t *p);
183 
184 apr_status_t md_cert_to_base64url(const char **ps64, const md_cert_t *cert, apr_pool_t *p);
185 apr_status_t md_cert_from_base64url(md_cert_t **pcert, const char *s64, apr_pool_t *p);
186 
187 apr_status_t md_cert_to_sha256_digest(struct md_data_t **pdigest, const md_cert_t *cert, apr_pool_t *p);
188 apr_status_t md_cert_to_sha256_fingerprint(const char **pfinger, const md_cert_t *cert, apr_pool_t *p);
189 
190 const char *md_cert_get_serial_number(const md_cert_t *cert, apr_pool_t *p);
191 
193  apr_pool_t *p, const char *fname);
195  apr_pool_t *p, const char *fname, apr_fileperms_t perms);
197  apr_pool_t *p, const char *fname);
198 
199 apr_status_t md_cert_req_create(const char **pcsr_der_64, const char *name,
200  apr_array_header_t *domains, int must_staple,
201  md_pkey_t *pkey, apr_pool_t *p);
202 
207 apr_status_t md_cert_self_sign(md_cert_t **pcert, const char *cn,
208  struct apr_array_header_t *domains, md_pkey_t *pkey,
209  apr_interval_time_t valid_for, apr_pool_t *p);
210 
215 apr_status_t md_cert_make_tls_alpn_01(md_cert_t **pcert, const char *domain,
216  const char *acme_id, md_pkey_t *pkey,
217  apr_interval_time_t valid_for, apr_pool_t *p);
218 
220 
221 /**************************************************************************************************/
222 /* X509 certificate transparency */
223 
224 const char *md_nid_get_sname(int nid);
225 const char *md_nid_get_lname(int nid);
226 
227 typedef struct md_sct md_sct;
228 struct md_sct {
229  int version;
231  struct md_data_t *logid;
234 };
235 
236 #endif /* md_crypt_h */
size_t apr_size_t
Definition: apr.h:393
md_cert_state_t md_cert_state_get(const md_cert_t *cert)
struct md_cert_t md_cert_t
Definition: md_crypt.h:122
const char * md_nid_get_lname(int nid)
Definition: md.h:76
struct md_json_t md_json_t
Definition: md_json.h:29
void md_pkey_free(md_pkey_t *pkey)
const char * md_cert_get_serial_number(const md_cert_t *cert, apr_pool_t *p)
apr_status_t md_cert_to_sha256_digest(struct md_data_t **pdigest, const md_cert_t *cert, apr_pool_t *p)
md_pkeys_spec_t * md_pkeys_spec_from_json(struct md_json_t *json, apr_pool_t *p)
int version
Definition: md_crypt.h:229
Definition: apr_tables.h:62
int md_cert_covers_domain(md_cert_t *cert, const char *domain_name)
md_pkey_type_t
Definition: md_crypt.h:51
void md_pkeys_spec_add_default(md_pkeys_spec_t *pks)
Definition: md_util.h:39
apr_status_t md_pkey_gen(md_pkey_t **ppkey, apr_pool_t *p, md_pkey_spec_t *key_props)
int md_pkeys_spec_contains_rsa(md_pkeys_spec_t *pks)
apr_time_t md_cert_get_not_after(const md_cert_t *cert)
apr_status_t md_cert_fload(md_cert_t **pcert, apr_pool_t *p, const char *fname)
apr_bucket_brigade request_rec apr_pool_t * pool
Definition: mod_dav.h:555
apr_time_t md_asn1_generalized_time_get(void *ASN1_GENERALIZEDTIME)
void md_pkeys_spec_add_rsa(md_pkeys_spec_t *pks, unsigned int bits)
apr_status_t md_cert_get_issuers_uri(const char **puri, const md_cert_t *cert, apr_pool_t *p)
Definition: md_crypt.h:53
apr_status_t md_pkey_fsave(md_pkey_t *pkey, apr_pool_t *p, const char *pass_phrase, apr_size_t pass_len, const char *fname, apr_fileperms_t perms)
struct md_data_t * signature
Definition: md_crypt.h:233
Definition: md_crypt.h:127
Definition: md_crypt.h:126
apr_status_t md_cert_chain_read_http(struct apr_array_header_t *chain, apr_pool_t *pool, const struct md_http_response_t *res)
apr_status_t md_pkey_fload(md_pkey_t **ppkey, apr_pool_t *p, const char *pass_phrase, apr_size_t pass_len, const char *fname)
md_pkeys_spec_t * md_pkeys_spec_clone(apr_pool_t *p, const md_pkeys_spec_t *pks)
struct apr_array_header_t * specs
Definition: md_crypt.h:75
apr_status_t md_cert_read_http(md_cert_t **pcert, apr_pool_t *pool, const struct md_http_response_t *res)
apr_status_t md_cert_fsave(md_cert_t *cert, apr_pool_t *p, const char *fname, apr_fileperms_t perms)
struct md_json_t * md_pkey_spec_to_json(const md_pkey_spec_t *spec, apr_pool_t *p)
apr_status_t md_cert_req_create(const char **pcsr_der_64, const char *name, apr_array_header_t *domains, int must_staple, md_pkey_t *pkey, apr_pool_t *p)
apr_status_t md_crypt_sign64(const char **psign64, md_pkey_t *pkey, apr_pool_t *p, const char *d, size_t dlen)
APR File I/O Handling.
const char apr_size_t dlen
Definition: mod_proxy.h:686
apr_int64_t apr_interval_time_t
Definition: apr_time.h:55
int md_cert_is_valid_now(const md_cert_t *cert)
md_pkey_rsa_params_t rsa
Definition: md_crypt.h:68
void * md_pkey_get_EVP_PKEY(struct md_pkey_t *pkey)
apr_time_t md_cert_get_not_before(const md_cert_t *cert)
apr_status_t md_cert_from_base64url(md_cert_t **pcert, const char *s64, apr_pool_t *p)
struct md_pkey_ec_params_t md_pkey_ec_params_t
apr_status_t md_cert_read_chain(apr_array_header_t *chain, apr_pool_t *p, const char *pem, apr_size_t pem_len)
apr_int64_t apr_time_t
Definition: apr_time.h:45
md_pkey_spec_t * md_pkeys_spec_get(const md_pkeys_spec_t *pks, int index)
apr_status_t md_cert_to_base64url(const char **ps64, const md_cert_t *cert, apr_pool_t *p)
apr_status_t md_crypt_sha256_digest_hex(const char **pdigesthex, apr_pool_t *p, const struct md_data_t *data)
void md_pkeys_spec_add_ec(md_pkeys_spec_t *pks, const char *curve)
apr_int32_t apr_fileperms_t
Definition: apr_file_info.h:125
apr_status_t md_cert_get_alt_names(apr_array_header_t **pnames, const md_cert_t *cert, apr_pool_t *p)
apr_status_t md_cert_self_sign(md_cert_t **pcert, const char *cn, struct apr_array_header_t *domains, md_pkey_t *pkey, apr_interval_time_t valid_for, apr_pool_t *p)
struct md_data_t * logid
Definition: md_crypt.h:231
struct md_pkeys_spec_t md_pkeys_spec_t
Definition: md_crypt.h:61
int md_pkeys_spec_is_empty(const md_pkeys_spec_t *pks)
struct md_timeperiod_t md_cert_get_valid(const md_cert_t *cert)
apr_status_t md_cert_to_sha256_fingerprint(const char **pfinger, const md_cert_t *cert, apr_pool_t *p)
md_cert_t * md_cert_wrap(apr_pool_t *p, void *x509)
const char * curve
Definition: md_crypt.h:62
apr_status_t md_cert_make_tls_alpn_01(md_cert_t **pcert, const char *domain, const char *acme_id, md_pkey_t *pkey, apr_interval_time_t valid_for, apr_pool_t *p)
unsigned int apr_uint32_t
Definition: apr.h:347
Definition: md_crypt.h:54
int signature_type_nid
Definition: md_crypt.h:232
apr_status_t md_crypt_init(apr_pool_t *pool)
md_cert_state_t
Definition: md_crypt.h:124
apr_status_t md_chain_fappend(struct apr_array_header_t *certs, apr_pool_t *p, const char *fname)
apr_pool_t * p
Definition: md_crypt.h:57
struct md_json_t * md_pkeys_spec_to_json(const md_pkeys_spec_t *pks, apr_pool_t *p)
Definition: md_crypt.h:52
apr_status_t md_chain_fsave(struct apr_array_header_t *certs, apr_pool_t *p, const char *fname, apr_fileperms_t perms)
md_pkey_ec_params_t ec
Definition: md_crypt.h:69
apr_status_t md_rand_bytes(unsigned char *buf, apr_size_t len, apr_pool_t *p)
apr_status_t md_chain_fload(struct apr_array_header_t **pcerts, apr_pool_t *p, const char *fname)
apr_status_t md_crypt_sha256_digest64(const char **pdigest64, apr_pool_t *p, const struct md_data_t *data)
int md_pkeys_spec_contains_ec(md_pkeys_spec_t *pks, const char *curve)
int md_cert_covers_md(md_cert_t *cert, const struct md_t *md)
int md_pkeys_spec_count(const md_pkeys_spec_t *pks)
apr_time_t timestamp
Definition: md_crypt.h:230
const char * name
Definition: mod_dav.h:805
Definition: md_crypt.h:125
struct apr_pool_t apr_pool_t
Definition: apr_pools.h:60
const char * md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p)
const char * md_nid_get_sname(int nid)
Definition: md_crypt.h:73
Definition: md_time.h:27
md_pkeys_spec_t * md_pkeys_spec_make(apr_pool_t *p)
int apr_status_t
Definition: apr_errno.h:44
apr_pool_t * p
Definition: md_crypt.h:74
const char * md_pkey_spec_name(const md_pkey_spec_t *spec)
int md_cert_must_staple(const md_cert_t *cert)
void * md_cert_get_X509(const md_cert_t *cert)
apr_status_t md_cert_get_ct_scts(apr_array_header_t *scts, apr_pool_t *p, const md_cert_t *cert)
Definition: md_crypt.h:228
apr_uint32_t bits
Definition: md_crypt.h:58
struct md_pkey_t md_pkey_t
Definition: md_crypt.h:49
void md_pkeys_spec_add(md_pkeys_spec_t *pks, md_pkey_spec_t *spec)
int md_cert_has_expired(const md_cert_t *cert)
struct md_pkey_spec_t md_pkey_spec_t
int md_pkeys_spec_eq(md_pkeys_spec_t *pks1, md_pkeys_spec_t *pks2)
md_pkey_type_t type
Definition: md_crypt.h:66
Definition: md_crypt.h:65
const char * md_pkey_get_rsa_n64(md_pkey_t *pkey, apr_pool_t *p)
md_pkey_spec_t * md_pkey_spec_from_json(struct md_json_t *json, apr_pool_t *p)
md_cert_t * md_cert_make(apr_pool_t *p, void *x509)
Definition: md_http.h:77
struct md_pkey_rsa_params_t md_pkey_rsa_params_t