Apache2
md_crypt.h
Go to the documentation of this file.
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2  * contributor license agreements. See the NOTICE file distributed with
3  * this work for additional information regarding copyright ownership.
4  * The ASF licenses this file to You under the Apache License, Version 2.0
5  * (the "License"); you may not use this file except in compliance with
6  * the License. You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef mod_md_md_crypt_h
18 #define mod_md_md_crypt_h
19 
20 #include <apr_file_io.h>
21 
22 struct apr_array_header_t;
23 struct md_t;
24 struct md_http_response_t;
25 struct md_cert_t;
26 struct md_pkey_t;
27 struct md_data_t;
28 struct md_timeperiod_t;
29 
30 /**************************************************************************************************/
31 /* random */
32 
33 apr_status_t md_rand_bytes(unsigned char *buf, apr_size_t len, apr_pool_t *p);
34 
35 apr_time_t md_asn1_generalized_time_get(void *ASN1_GENERALIZEDTIME);
36 
37 /**************************************************************************************************/
38 /* digests */
39 apr_status_t md_crypt_sha256_digest64(const char **pdigest64, apr_pool_t *p,
40  const struct md_data_t *data);
41 apr_status_t md_crypt_sha256_digest_hex(const char **pdigesthex, apr_pool_t *p,
42  const struct md_data_t *data);
43 
44 /**************************************************************************************************/
45 /* private keys */
46 
47 typedef struct md_pkey_t md_pkey_t;
48 
49 typedef enum {
54 
55 typedef struct md_pkey_rsa_params_t {
58 
59 typedef struct md_pkey_ec_params_t {
60  const char *curve;
62 
63 typedef struct md_pkey_spec_t {
65  union {
68  } params;
70 
71 typedef struct md_pkeys_spec_t {
75 
77 
78 const char *md_pkey_spec_name(const md_pkey_spec_t *spec);
79 
83 void md_pkeys_spec_add_rsa(md_pkeys_spec_t *pks, unsigned int bits);
84 int md_pkeys_spec_contains_ec(md_pkeys_spec_t *pks, const char *curve);
85 void md_pkeys_spec_add_ec(md_pkeys_spec_t *pks, const char *curve);
89 md_pkey_spec_t *md_pkeys_spec_get(const md_pkeys_spec_t *pks, int index);
90 int md_pkeys_spec_count(const md_pkeys_spec_t *pks);
92 
97 
98 
100 void md_pkey_free(md_pkey_t *pkey);
101 
102 const char *md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p);
103 const char *md_pkey_get_rsa_n64(md_pkey_t *pkey, apr_pool_t *p);
104 
106  const char *pass_phrase, apr_size_t pass_len,
107  const char *fname);
109  const char *pass_phrase, apr_size_t pass_len,
110  const char *fname, apr_fileperms_t perms);
111 
112 apr_status_t md_crypt_sign64(const char **psign64, md_pkey_t *pkey, apr_pool_t *p,
113  const char *d, size_t dlen);
114 
115 void *md_pkey_get_EVP_PKEY(struct md_pkey_t *pkey);
116 
117 /**************************************************************************************************/
118 /* X509 certificates */
119 
120 typedef struct md_cert_t md_cert_t;
121 
122 typedef enum {
127 
132 md_cert_t *md_cert_make(apr_pool_t *p, void *x509);
133 
138 md_cert_t *md_cert_wrap(apr_pool_t *p, void *x509);
139 
140 void *md_cert_get_X509(const md_cert_t *cert);
141 
142 apr_status_t md_cert_fload(md_cert_t **pcert, apr_pool_t *p, const char *fname);
144  const char *fname, apr_fileperms_t perms);
145 
152  const struct md_http_response_t *res);
153 
158  const char *pem, apr_size_t pem_len);
159 
167  apr_pool_t *pool, const struct md_http_response_t *res);
168 
170 int md_cert_is_valid_now(const md_cert_t *cert);
171 int md_cert_has_expired(const md_cert_t *cert);
172 int md_cert_covers_domain(md_cert_t *cert, const char *domain_name);
173 int md_cert_covers_md(md_cert_t *cert, const struct md_t *md);
174 int md_cert_must_staple(const md_cert_t *cert);
177 struct md_timeperiod_t md_cert_get_valid(const md_cert_t *cert);
178 
179 apr_status_t md_cert_get_issuers_uri(const char **puri, const md_cert_t *cert, apr_pool_t *p);
181 
182 apr_status_t md_cert_to_base64url(const char **ps64, const md_cert_t *cert, apr_pool_t *p);
183 apr_status_t md_cert_from_base64url(md_cert_t **pcert, const char *s64, apr_pool_t *p);
184 
185 apr_status_t md_cert_to_sha256_digest(struct md_data_t **pdigest, const md_cert_t *cert, apr_pool_t *p);
186 apr_status_t md_cert_to_sha256_fingerprint(const char **pfinger, const md_cert_t *cert, apr_pool_t *p);
187 
188 const char *md_cert_get_serial_number(const md_cert_t *cert, apr_pool_t *p);
189 
191  apr_pool_t *p, const char *fname);
193  apr_pool_t *p, const char *fname, apr_fileperms_t perms);
195  apr_pool_t *p, const char *fname);
196 
197 apr_status_t md_cert_req_create(const char **pcsr_der_64, const char *name,
198  apr_array_header_t *domains, int must_staple,
199  md_pkey_t *pkey, apr_pool_t *p);
200 
205 apr_status_t md_cert_self_sign(md_cert_t **pcert, const char *cn,
206  struct apr_array_header_t *domains, md_pkey_t *pkey,
207  apr_interval_time_t valid_for, apr_pool_t *p);
208 
213 apr_status_t md_cert_make_tls_alpn_01(md_cert_t **pcert, const char *domain,
214  const char *acme_id, md_pkey_t *pkey,
215  apr_interval_time_t valid_for, apr_pool_t *p);
216 
218 
219 apr_status_t md_cert_get_ocsp_responder_url(const char **purl, apr_pool_t *p, const md_cert_t *cert);
220 
221 /**************************************************************************************************/
222 /* X509 certificate transparency */
223 
224 const char *md_nid_get_sname(int nid);
225 const char *md_nid_get_lname(int nid);
226 
227 typedef struct md_sct md_sct;
228 struct md_sct {
229  int version;
231  struct md_data_t *logid;
234 };
235 
236 #endif /* md_crypt_h */
size_t apr_size_t
Definition: apr.h:393
md_cert_state_t md_cert_state_get(const md_cert_t *cert)
struct md_cert_t md_cert_t
Definition: md_crypt.h:120
const char * md_nid_get_lname(int nid)
Definition: md.h:76
struct md_json_t md_json_t
Definition: md_json.h:29
void md_pkey_free(md_pkey_t *pkey)
const char * md_cert_get_serial_number(const md_cert_t *cert, apr_pool_t *p)
apr_status_t md_cert_to_sha256_digest(struct md_data_t **pdigest, const md_cert_t *cert, apr_pool_t *p)
md_pkeys_spec_t * md_pkeys_spec_from_json(struct md_json_t *json, apr_pool_t *p)
int version
Definition: md_crypt.h:229
apr_status_t md_cert_get_ocsp_responder_url(const char **purl, apr_pool_t *p, const md_cert_t *cert)
Definition: apr_tables.h:62
int md_cert_covers_domain(md_cert_t *cert, const char *domain_name)
md_pkey_type_t
Definition: md_crypt.h:49
void md_pkeys_spec_add_default(md_pkeys_spec_t *pks)
Definition: md_util.h:41
apr_status_t md_pkey_gen(md_pkey_t **ppkey, apr_pool_t *p, md_pkey_spec_t *key_props)
int md_pkeys_spec_contains_rsa(md_pkeys_spec_t *pks)
apr_time_t md_cert_get_not_after(const md_cert_t *cert)
apr_status_t md_cert_fload(md_cert_t **pcert, apr_pool_t *p, const char *fname)
apr_bucket_brigade request_rec apr_pool_t * pool
Definition: mod_dav.h:555
apr_time_t md_asn1_generalized_time_get(void *ASN1_GENERALIZEDTIME)
void md_pkeys_spec_add_rsa(md_pkeys_spec_t *pks, unsigned int bits)
apr_status_t md_cert_get_issuers_uri(const char **puri, const md_cert_t *cert, apr_pool_t *p)
Definition: md_crypt.h:51
apr_status_t md_pkey_fsave(md_pkey_t *pkey, apr_pool_t *p, const char *pass_phrase, apr_size_t pass_len, const char *fname, apr_fileperms_t perms)
struct md_data_t * signature
Definition: md_crypt.h:233
Definition: md_crypt.h:125
Definition: md_crypt.h:124
apr_status_t md_cert_chain_read_http(struct apr_array_header_t *chain, apr_pool_t *pool, const struct md_http_response_t *res)
apr_status_t md_pkey_fload(md_pkey_t **ppkey, apr_pool_t *p, const char *pass_phrase, apr_size_t pass_len, const char *fname)
md_pkeys_spec_t * md_pkeys_spec_clone(apr_pool_t *p, const md_pkeys_spec_t *pks)
struct apr_array_header_t * specs
Definition: md_crypt.h:73
apr_status_t md_cert_read_http(md_cert_t **pcert, apr_pool_t *pool, const struct md_http_response_t *res)
apr_status_t md_cert_fsave(md_cert_t *cert, apr_pool_t *p, const char *fname, apr_fileperms_t perms)
struct md_json_t * md_pkey_spec_to_json(const md_pkey_spec_t *spec, apr_pool_t *p)
apr_status_t md_cert_req_create(const char **pcsr_der_64, const char *name, apr_array_header_t *domains, int must_staple, md_pkey_t *pkey, apr_pool_t *p)
apr_status_t md_crypt_sign64(const char **psign64, md_pkey_t *pkey, apr_pool_t *p, const char *d, size_t dlen)
APR File I/O Handling.
const char apr_size_t dlen
Definition: mod_proxy.h:686
apr_int64_t apr_interval_time_t
Definition: apr_time.h:55
int md_cert_is_valid_now(const md_cert_t *cert)
md_pkey_rsa_params_t rsa
Definition: md_crypt.h:66
void * md_pkey_get_EVP_PKEY(struct md_pkey_t *pkey)
apr_time_t md_cert_get_not_before(const md_cert_t *cert)
apr_status_t md_cert_from_base64url(md_cert_t **pcert, const char *s64, apr_pool_t *p)
struct md_pkey_ec_params_t md_pkey_ec_params_t
apr_status_t md_cert_read_chain(apr_array_header_t *chain, apr_pool_t *p, const char *pem, apr_size_t pem_len)
apr_int64_t apr_time_t
Definition: apr_time.h:45
md_pkey_spec_t * md_pkeys_spec_get(const md_pkeys_spec_t *pks, int index)
apr_status_t md_cert_to_base64url(const char **ps64, const md_cert_t *cert, apr_pool_t *p)
apr_status_t md_crypt_sha256_digest_hex(const char **pdigesthex, apr_pool_t *p, const struct md_data_t *data)
void md_pkeys_spec_add_ec(md_pkeys_spec_t *pks, const char *curve)
apr_int32_t apr_fileperms_t
Definition: apr_file_info.h:125
apr_status_t md_cert_get_alt_names(apr_array_header_t **pnames, const md_cert_t *cert, apr_pool_t *p)
apr_status_t md_cert_self_sign(md_cert_t **pcert, const char *cn, struct apr_array_header_t *domains, md_pkey_t *pkey, apr_interval_time_t valid_for, apr_pool_t *p)
struct md_data_t * logid
Definition: md_crypt.h:231
struct md_pkeys_spec_t md_pkeys_spec_t
Definition: md_crypt.h:59
int md_pkeys_spec_is_empty(const md_pkeys_spec_t *pks)
struct md_timeperiod_t md_cert_get_valid(const md_cert_t *cert)
apr_status_t md_cert_to_sha256_fingerprint(const char **pfinger, const md_cert_t *cert, apr_pool_t *p)
md_cert_t * md_cert_wrap(apr_pool_t *p, void *x509)
const char * curve
Definition: md_crypt.h:60
apr_status_t md_cert_make_tls_alpn_01(md_cert_t **pcert, const char *domain, const char *acme_id, md_pkey_t *pkey, apr_interval_time_t valid_for, apr_pool_t *p)
unsigned int apr_uint32_t
Definition: apr.h:347
Definition: md_crypt.h:52
int signature_type_nid
Definition: md_crypt.h:232
apr_status_t md_crypt_init(apr_pool_t *pool)
md_cert_state_t
Definition: md_crypt.h:122
apr_status_t md_chain_fappend(struct apr_array_header_t *certs, apr_pool_t *p, const char *fname)
apr_pool_t * p
Definition: md_crypt.h:55
struct md_json_t * md_pkeys_spec_to_json(const md_pkeys_spec_t *pks, apr_pool_t *p)
Definition: md_crypt.h:50
apr_status_t md_chain_fsave(struct apr_array_header_t *certs, apr_pool_t *p, const char *fname, apr_fileperms_t perms)
md_pkey_ec_params_t ec
Definition: md_crypt.h:67
apr_status_t md_rand_bytes(unsigned char *buf, apr_size_t len, apr_pool_t *p)
apr_status_t md_chain_fload(struct apr_array_header_t **pcerts, apr_pool_t *p, const char *fname)
apr_status_t md_crypt_sha256_digest64(const char **pdigest64, apr_pool_t *p, const struct md_data_t *data)
int md_pkeys_spec_contains_ec(md_pkeys_spec_t *pks, const char *curve)
int md_cert_covers_md(md_cert_t *cert, const struct md_t *md)
int md_pkeys_spec_count(const md_pkeys_spec_t *pks)
apr_time_t timestamp
Definition: md_crypt.h:230
const char * name
Definition: mod_dav.h:805
Definition: md_crypt.h:123
struct apr_pool_t apr_pool_t
Definition: apr_pools.h:60
const char * md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p)
const char * md_nid_get_sname(int nid)
Definition: md_crypt.h:71
Definition: md_time.h:27
md_pkeys_spec_t * md_pkeys_spec_make(apr_pool_t *p)
int apr_status_t
Definition: apr_errno.h:44
apr_pool_t * p
Definition: md_crypt.h:72
const char * md_pkey_spec_name(const md_pkey_spec_t *spec)
int md_cert_must_staple(const md_cert_t *cert)
void * md_cert_get_X509(const md_cert_t *cert)
apr_status_t md_cert_get_ct_scts(apr_array_header_t *scts, apr_pool_t *p, const md_cert_t *cert)
Definition: md_crypt.h:228
apr_uint32_t bits
Definition: md_crypt.h:56
struct md_pkey_t md_pkey_t
Definition: md_crypt.h:47
void md_pkeys_spec_add(md_pkeys_spec_t *pks, md_pkey_spec_t *spec)
int md_cert_has_expired(const md_cert_t *cert)
struct md_pkey_spec_t md_pkey_spec_t
int md_pkeys_spec_eq(md_pkeys_spec_t *pks1, md_pkeys_spec_t *pks2)
md_pkey_type_t type
Definition: md_crypt.h:64
Definition: md_crypt.h:63
const char * md_pkey_get_rsa_n64(md_pkey_t *pkey, apr_pool_t *p)
md_pkey_spec_t * md_pkey_spec_from_json(struct md_json_t *json, apr_pool_t *p)
md_cert_t * md_cert_make(apr_pool_t *p, void *x509)
Definition: md_http.h:77
struct md_pkey_rsa_params_t md_pkey_rsa_params_t