Apache2
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
md_crypt.h
Go to the documentation of this file.
1 /* Licensed to the Apache Software Foundation (ASF) under one or more
2  * contributor license agreements. See the NOTICE file distributed with
3  * this work for additional information regarding copyright ownership.
4  * The ASF licenses this file to You under the Apache License, Version 2.0
5  * (the "License"); you may not use this file except in compliance with
6  * the License. You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef mod_md_md_crypt_h
18 #define mod_md_md_crypt_h
19 
20 #include <apr_file_io.h>
21 
22 struct apr_array_header_t;
23 struct md_t;
24 struct md_http_response_t;
25 struct md_cert_t;
26 struct md_pkey_t;
27 struct md_data_t;
28 
29 
30 /**************************************************************************************************/
31 /* random */
32 
33 apr_status_t md_rand_bytes(unsigned char *buf, apr_size_t len, apr_pool_t *p);
34 
35 apr_time_t md_asn1_generalized_time_get(void *ASN1_GENERALIZEDTIME);
36 
37 /**************************************************************************************************/
38 /* digests */
39 apr_status_t md_crypt_sha256_digest64(const char **pdigest64, apr_pool_t *p,
40  const struct md_data_t *data);
41 apr_status_t md_crypt_sha256_digest_hex(const char **pdigesthex, apr_pool_t *p,
42  const struct md_data_t *data);
43 
44 #define MD_DATA_SET_STR(d, s) do { (d)->data = (s); (d)->len = strlen(s); } while(0)
45 
46 /**************************************************************************************************/
47 /* private keys */
48 
49 typedef struct md_pkey_t md_pkey_t;
50 
51 typedef enum {
55 
56 typedef struct md_pkey_rsa_spec_t {
59 
60 typedef struct md_pkey_spec_t {
62  union {
64  } params;
66 
68 
70 void md_pkey_free(md_pkey_t *pkey);
71 
72 const char *md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p);
73 const char *md_pkey_get_rsa_n64(md_pkey_t *pkey, apr_pool_t *p);
74 
76  const char *pass_phrase, apr_size_t pass_len,
77  const char *fname);
79  const char *pass_phrase, apr_size_t pass_len,
80  const char *fname, apr_fileperms_t perms);
81 
82 apr_status_t md_crypt_sign64(const char **psign64, md_pkey_t *pkey, apr_pool_t *p,
83  const char *d, size_t dlen);
84 
85 void *md_pkey_get_EVP_PKEY(struct md_pkey_t *pkey);
86 
90 
91 /**************************************************************************************************/
92 /* X509 certificates */
93 
94 typedef struct md_cert_t md_cert_t;
95 
96 typedef enum {
101 
106 md_cert_t *md_cert_make(apr_pool_t *p, void *x509);
107 
112 md_cert_t *md_cert_wrap(apr_pool_t *p, void *x509);
113 
114 void *md_cert_get_X509(const md_cert_t *cert);
115 
116 apr_status_t md_cert_fload(md_cert_t **pcert, apr_pool_t *p, const char *fname);
118  const char *fname, apr_fileperms_t perms);
119 
126  const struct md_http_response_t *res);
127 
135  apr_pool_t *pool, const struct md_http_response_t *res);
136 
138 int md_cert_is_valid_now(const md_cert_t *cert);
139 int md_cert_has_expired(const md_cert_t *cert);
140 int md_cert_covers_domain(md_cert_t *cert, const char *domain_name);
141 int md_cert_covers_md(md_cert_t *cert, const struct md_t *md);
142 int md_cert_must_staple(const md_cert_t *cert);
145 
146 apr_status_t md_cert_get_issuers_uri(const char **puri, const md_cert_t *cert, apr_pool_t *p);
148 
149 apr_status_t md_cert_to_base64url(const char **ps64, const md_cert_t *cert, apr_pool_t *p);
150 apr_status_t md_cert_from_base64url(md_cert_t **pcert, const char *s64, apr_pool_t *p);
151 
152 apr_status_t md_cert_to_sha256_digest(struct md_data_t **pdigest, const md_cert_t *cert, apr_pool_t *p);
153 apr_status_t md_cert_to_sha256_fingerprint(const char **pfinger, const md_cert_t *cert, apr_pool_t *p);
154 
155 const char *md_cert_get_serial_number(const md_cert_t *cert, apr_pool_t *p);
156 
158  apr_pool_t *p, const char *fname);
160  apr_pool_t *p, const char *fname, apr_fileperms_t perms);
162  apr_pool_t *p, const char *fname);
163 
164 apr_status_t md_cert_req_create(const char **pcsr_der_64, const char *name,
165  apr_array_header_t *domains, int must_staple,
166  md_pkey_t *pkey, apr_pool_t *p);
167 
172 apr_status_t md_cert_self_sign(md_cert_t **pcert, const char *cn,
173  struct apr_array_header_t *domains, md_pkey_t *pkey,
174  apr_interval_time_t valid_for, apr_pool_t *p);
175 
180 apr_status_t md_cert_make_tls_alpn_01(md_cert_t **pcert, const char *domain,
181  const char *acme_id, md_pkey_t *pkey,
182  apr_interval_time_t valid_for, apr_pool_t *p);
183 
185 
186 
187 /**************************************************************************************************/
188 /* X509 certificate transparency */
189 
190 const char *md_nid_get_sname(int nid);
191 const char *md_nid_get_lname(int nid);
192 
193 typedef struct md_sct md_sct;
194 struct md_sct {
195  int version;
197  struct md_data_t *logid;
200 };
201 
202 #endif /* md_crypt_h */
size_t apr_size_t
Definition: apr.h:393
md_cert_state_t md_cert_state_get(const md_cert_t *cert)
struct md_cert_t md_cert_t
Definition: md_crypt.h:94
const char * md_nid_get_lname(int nid)
Definition: md.h:74
struct md_pkey_rsa_spec_t md_pkey_rsa_spec_t
struct md_json_t md_json_t
Definition: md_json.h:29
apr_uint32_t bits
Definition: md_crypt.h:57
void md_pkey_free(md_pkey_t *pkey)
const char * md_cert_get_serial_number(const md_cert_t *cert, apr_pool_t *p)
apr_status_t md_cert_to_sha256_digest(struct md_data_t **pdigest, const md_cert_t *cert, apr_pool_t *p)
int version
Definition: md_crypt.h:195
Definition: apr_tables.h:62
int md_cert_covers_domain(md_cert_t *cert, const char *domain_name)
md_pkey_type_t
Definition: md_crypt.h:51
Definition: md_util.h:39
apr_time_t md_cert_get_not_after(const md_cert_t *cert)
apr_status_t md_cert_fload(md_cert_t **pcert, apr_pool_t *p, const char *fname)
apr_bucket_brigade request_rec apr_pool_t * pool
Definition: mod_dav.h:555
apr_time_t md_asn1_generalized_time_get(void *ASN1_GENERALIZEDTIME)
apr_status_t md_cert_get_issuers_uri(const char **puri, const md_cert_t *cert, apr_pool_t *p)
Definition: md_crypt.h:53
apr_status_t md_pkey_fsave(md_pkey_t *pkey, apr_pool_t *p, const char *pass_phrase, apr_size_t pass_len, const char *fname, apr_fileperms_t perms)
struct md_data_t * signature
Definition: md_crypt.h:199
Definition: md_crypt.h:99
Definition: md_crypt.h:98
apr_status_t md_cert_chain_read_http(struct apr_array_header_t *chain, apr_pool_t *pool, const struct md_http_response_t *res)
apr_status_t md_pkey_fload(md_pkey_t **ppkey, apr_pool_t *p, const char *pass_phrase, apr_size_t pass_len, const char *fname)
apr_status_t md_cert_read_http(md_cert_t **pcert, apr_pool_t *pool, const struct md_http_response_t *res)
apr_status_t md_cert_fsave(md_cert_t *cert, apr_pool_t *p, const char *fname, apr_fileperms_t perms)
struct md_json_t * md_pkey_spec_to_json(const md_pkey_spec_t *spec, apr_pool_t *p)
apr_status_t md_cert_req_create(const char **pcsr_der_64, const char *name, apr_array_header_t *domains, int must_staple, md_pkey_t *pkey, apr_pool_t *p)
apr_status_t md_crypt_sign64(const char **psign64, md_pkey_t *pkey, apr_pool_t *p, const char *d, size_t dlen)
APR File I/O Handling.
const char apr_size_t dlen
Definition: mod_proxy.h:685
apr_int64_t apr_interval_time_t
Definition: apr_time.h:55
int md_cert_is_valid_now(const md_cert_t *cert)
int md_pkey_spec_eq(md_pkey_spec_t *spec1, md_pkey_spec_t *spec2)
void * md_pkey_get_EVP_PKEY(struct md_pkey_t *pkey)
apr_time_t md_cert_get_not_before(const md_cert_t *cert)
apr_status_t md_cert_from_base64url(md_cert_t **pcert, const char *s64, apr_pool_t *p)
apr_size_t len
Definition: md_util.h:41
apr_int64_t apr_time_t
Definition: apr_time.h:45
apr_status_t md_cert_to_base64url(const char **ps64, const md_cert_t *cert, apr_pool_t *p)
apr_status_t md_crypt_sha256_digest_hex(const char **pdigesthex, apr_pool_t *p, const struct md_data_t *data)
apr_int32_t apr_fileperms_t
Definition: apr_file_info.h:125
apr_status_t md_cert_get_alt_names(apr_array_header_t **pnames, const md_cert_t *cert, apr_pool_t *p)
apr_status_t md_cert_self_sign(md_cert_t **pcert, const char *cn, struct apr_array_header_t *domains, md_pkey_t *pkey, apr_interval_time_t valid_for, apr_pool_t *p)
struct md_data_t * logid
Definition: md_crypt.h:197
apr_status_t md_cert_to_sha256_fingerprint(const char **pfinger, const md_cert_t *cert, apr_pool_t *p)
md_cert_t * md_cert_wrap(apr_pool_t *p, void *x509)
apr_status_t md_cert_make_tls_alpn_01(md_cert_t **pcert, const char *domain, const char *acme_id, md_pkey_t *pkey, apr_interval_time_t valid_for, apr_pool_t *p)
unsigned int apr_uint32_t
Definition: apr.h:347
int signature_type_nid
Definition: md_crypt.h:198
union md_pkey_spec_t::@9 params
apr_status_t md_crypt_init(apr_pool_t *pool)
md_cert_state_t
Definition: md_crypt.h:96
apr_status_t md_chain_fappend(struct apr_array_header_t *certs, apr_pool_t *p, const char *fname)
apr_pool_t * p
Definition: md_crypt.h:52
apr_status_t md_chain_fsave(struct apr_array_header_t *certs, apr_pool_t *p, const char *fname, apr_fileperms_t perms)
md_pkey_rsa_spec_t rsa
Definition: md_crypt.h:63
apr_status_t md_rand_bytes(unsigned char *buf, apr_size_t len, apr_pool_t *p)
apr_status_t md_chain_fload(struct apr_array_header_t **pcerts, apr_pool_t *p, const char *fname)
apr_status_t md_crypt_sha256_digest64(const char **pdigest64, apr_pool_t *p, const struct md_data_t *data)
apr_status_t md_pkey_gen(md_pkey_t **ppkey, apr_pool_t *p, md_pkey_spec_t *spec)
int md_cert_covers_md(md_cert_t *cert, const struct md_t *md)
apr_time_t timestamp
Definition: md_crypt.h:196
const char * name
Definition: mod_dav.h:805
Definition: md_crypt.h:97
struct apr_pool_t apr_pool_t
Definition: apr_pools.h:60
const char * md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p)
const char * md_nid_get_sname(int nid)
int apr_status_t
Definition: apr_errno.h:44
int md_cert_must_staple(const md_cert_t *cert)
void * md_cert_get_X509(const md_cert_t *cert)
apr_status_t md_cert_get_ct_scts(apr_array_header_t *scts, apr_pool_t *p, const md_cert_t *cert)
Definition: md_crypt.h:56
Definition: md_crypt.h:194
struct md_pkey_t md_pkey_t
Definition: md_crypt.h:49
int md_cert_has_expired(const md_cert_t *cert)
struct md_pkey_spec_t md_pkey_spec_t
md_pkey_type_t type
Definition: md_crypt.h:61
Definition: md_crypt.h:60
const char * data
Definition: md_util.h:40
const char * md_pkey_get_rsa_n64(md_pkey_t *pkey, apr_pool_t *p)
md_pkey_spec_t * md_pkey_spec_from_json(struct md_json_t *json, apr_pool_t *p)
md_cert_t * md_cert_make(apr_pool_t *p, void *x509)
Definition: md_http.h:76