import less(1)
[unleashed/tickless.git] / usr / src / lib / gss_mechs / mech_krb5 / include / k5-int-pkinit.h
blobe6d65840eb07c28794db20edfc2eacca139d5292
2 /*
3 * COPYRIGHT (C) 2006
4 * THE REGENTS OF THE UNIVERSITY OF MICHIGAN
5 * ALL RIGHTS RESERVED
6 *
7 * Permission is granted to use, copy, create derivative works
8 * and redistribute this software and such derivative works
9 * for any purpose, so long as the name of The University of
10 * Michigan is not used in any advertising or publicity
11 * pertaining to the use of distribution of this software
12 * without specific, written prior authorization. If the
13 * above copyright notice or any other identification of the
14 * University of Michigan is included in any copy of any
15 * portion of this software, then the disclaimer below must
16 * also be included.
18 * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION
19 * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY
20 * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF
21 * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING
22 * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF
23 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE
24 * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE
25 * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR
26 * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING
27 * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN
28 * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF
29 * SUCH DAMAGES.
32 #ifndef _KRB5_INT_PKINIT_H
33 #define _KRB5_INT_PKINIT_H
36 * pkinit structures
39 /* PKAuthenticator */
40 typedef struct _krb5_pk_authenticator {
41 krb5_int32 cusec; /* (0..999999) */
42 krb5_timestamp ctime;
43 krb5_int32 nonce; /* (0..4294967295) */
44 krb5_checksum paChecksum;
45 } krb5_pk_authenticator;
47 /* PKAuthenticator draft9 */
48 typedef struct _krb5_pk_authenticator_draft9 {
49 krb5_principal kdcName;
50 krb5_octet_data kdcRealm;
51 krb5_int32 cusec; /* (0..999999) */
52 krb5_timestamp ctime;
53 krb5_int32 nonce; /* (0..4294967295) */
54 } krb5_pk_authenticator_draft9;
56 /* AlgorithmIdentifier */
57 typedef struct _krb5_algorithm_identifier {
58 krb5_octet_data algorithm; /* OID */
59 krb5_octet_data parameters; /* Optional */
60 } krb5_algorithm_identifier;
62 /* SubjectPublicKeyInfo */
63 typedef struct _krb5_subject_pk_info {
64 krb5_algorithm_identifier algorithm;
65 krb5_octet_data subjectPublicKey; /* BIT STRING */
66 } krb5_subject_pk_info;
68 /* AuthPack */
69 typedef struct _krb5_auth_pack {
70 krb5_pk_authenticator pkAuthenticator;
71 krb5_subject_pk_info *clientPublicValue; /* Optional */
72 krb5_algorithm_identifier **supportedCMSTypes; /* Optional */
73 krb5_octet_data clientDHNonce; /* Optional */
74 } krb5_auth_pack;
76 /* AuthPack draft9 */
77 typedef struct _krb5_auth_pack_draft9 {
78 krb5_pk_authenticator_draft9 pkAuthenticator;
79 krb5_subject_pk_info *clientPublicValue; /* Optional */
80 } krb5_auth_pack_draft9;
82 /* ExternalPrincipalIdentifier */
83 typedef struct _krb5_external_principal_identifier {
84 krb5_octet_data subjectName; /* Optional */
85 krb5_octet_data issuerAndSerialNumber; /* Optional */
86 krb5_octet_data subjectKeyIdentifier; /* Optional */
87 } krb5_external_principal_identifier;
89 /* TrustedCas */
90 typedef struct _krb5_trusted_ca {
91 enum {
92 choice_trusted_cas_UNKNOWN = -1,
93 choice_trusted_cas_principalName = 0,
94 choice_trusted_cas_caName = 1,
95 choice_trusted_cas_issuerAndSerial = 2
96 } choice;
97 union {
98 krb5_principal principalName;
99 krb5_octet_data caName; /* fully-qualified X.500 "Name" as defined by X.509 (der-encoded) */
100 krb5_octet_data issuerAndSerial; /* Optional -- IssuerAndSerialNumber (der-encoded) */
101 } u;
102 } krb5_trusted_ca;
104 /* typed data */
105 typedef struct _krb5_typed_data {
106 krb5_magic magic;
107 krb5_int32 type;
108 unsigned int length;
109 krb5_octet *data;
110 } krb5_typed_data;
112 /* PA-PK-AS-REQ (Draft 9 -- PA TYPE 14) */
113 typedef struct _krb5_pa_pk_as_req_draft9 {
114 krb5_octet_data signedAuthPack;
115 krb5_trusted_ca **trustedCertifiers; /* Optional array */
116 krb5_octet_data kdcCert; /* Optional */
117 krb5_octet_data encryptionCert;
118 } krb5_pa_pk_as_req_draft9;
120 /* PA-PK-AS-REQ (rfc4556 -- PA TYPE 16) */
121 typedef struct _krb5_pa_pk_as_req {
122 krb5_octet_data signedAuthPack;
123 krb5_external_principal_identifier **trustedCertifiers; /* Optional array */
124 krb5_octet_data kdcPkId; /* Optional */
125 } krb5_pa_pk_as_req;
127 /* DHRepInfo */
128 typedef struct _krb5_dh_rep_info {
129 krb5_octet_data dhSignedData;
130 krb5_octet_data serverDHNonce; /* Optional */
131 } krb5_dh_rep_info;
133 /* KDCDHKeyInfo */
134 typedef struct _krb5_kdc_dh_key_info {
135 krb5_octet_data subjectPublicKey; /* BIT STRING */
136 krb5_int32 nonce; /* (0..4294967295) */
137 krb5_timestamp dhKeyExpiration; /* Optional */
138 } krb5_kdc_dh_key_info;
140 /* KDCDHKeyInfo draft9*/
141 typedef struct _krb5_kdc_dh_key_info_draft9 {
142 krb5_octet_data subjectPublicKey; /* BIT STRING */
143 krb5_int32 nonce; /* (0..4294967295) */
144 } krb5_kdc_dh_key_info_draft9;
146 /* ReplyKeyPack */
147 typedef struct _krb5_reply_key_pack {
148 krb5_keyblock replyKey;
149 krb5_checksum asChecksum;
150 } krb5_reply_key_pack;
152 /* ReplyKeyPack */
153 typedef struct _krb5_reply_key_pack_draft9 {
154 krb5_keyblock replyKey;
155 krb5_int32 nonce;
156 } krb5_reply_key_pack_draft9;
158 /* PA-PK-AS-REP (Draft 9 -- PA TYPE 15) */
159 typedef struct _krb5_pa_pk_as_rep_draft9 {
160 enum {
161 choice_pa_pk_as_rep_draft9_UNKNOWN = -1,
162 choice_pa_pk_as_rep_draft9_dhSignedData = 0,
163 choice_pa_pk_as_rep_draft9_encKeyPack = 1
164 } choice;
165 union {
166 krb5_octet_data dhSignedData;
167 krb5_octet_data encKeyPack;
168 } u;
169 } krb5_pa_pk_as_rep_draft9;
171 /* PA-PK-AS-REP (rfc4556 -- PA TYPE 17) */
172 typedef struct _krb5_pa_pk_as_rep {
173 enum {
174 choice_pa_pk_as_rep_UNKNOWN = -1,
175 choice_pa_pk_as_rep_dhInfo = 0,
176 choice_pa_pk_as_rep_encKeyPack = 1
177 } choice;
178 union {
179 krb5_dh_rep_info dh_Info;
180 krb5_octet_data encKeyPack;
181 } u;
182 } krb5_pa_pk_as_rep;
185 * Begin "asn1.h"
188 /*************************************************************************
189 * Prototypes for pkinit asn.1 encode routines
190 *************************************************************************/
192 krb5_error_code encode_krb5_pa_pk_as_req
193 (const krb5_pa_pk_as_req *rep, krb5_data **code);
195 krb5_error_code encode_krb5_pa_pk_as_req_draft9
196 (const krb5_pa_pk_as_req_draft9 *rep, krb5_data **code);
198 krb5_error_code encode_krb5_pa_pk_as_rep
199 (const krb5_pa_pk_as_rep *rep, krb5_data **code);
201 krb5_error_code encode_krb5_pa_pk_as_rep_draft9
202 (const krb5_pa_pk_as_rep_draft9 *rep, krb5_data **code);
204 krb5_error_code encode_krb5_auth_pack
205 (const krb5_auth_pack *rep, krb5_data **code);
207 krb5_error_code encode_krb5_auth_pack_draft9
208 (const krb5_auth_pack_draft9 *rep, krb5_data **code);
210 krb5_error_code encode_krb5_kdc_dh_key_info
211 (const krb5_kdc_dh_key_info *rep, krb5_data **code);
213 krb5_error_code encode_krb5_reply_key_pack
214 (const krb5_reply_key_pack *, krb5_data **code);
216 krb5_error_code encode_krb5_reply_key_pack_draft9
217 (const krb5_reply_key_pack_draft9 *, krb5_data **code);
219 krb5_error_code encode_krb5_typed_data
220 (const krb5_typed_data **, krb5_data **code);
222 krb5_error_code encode_krb5_td_trusted_certifiers
223 (const krb5_external_principal_identifier **, krb5_data **code);
225 krb5_error_code encode_krb5_td_dh_parameters
226 (const krb5_algorithm_identifier **, krb5_data **code);
228 /*************************************************************************
229 * Prototypes for pkinit asn.1 decode routines
230 *************************************************************************/
232 krb5_error_code decode_krb5_pa_pk_as_req
233 (const krb5_data *, krb5_pa_pk_as_req **);
235 krb5_error_code decode_krb5_pa_pk_as_req_draft9
236 (const krb5_data *, krb5_pa_pk_as_req_draft9 **);
238 krb5_error_code decode_krb5_pa_pk_as_rep
239 (const krb5_data *, krb5_pa_pk_as_rep **);
241 krb5_error_code decode_krb5_pa_pk_as_rep_draft9
242 (const krb5_data *, krb5_pa_pk_as_rep_draft9 **);
244 krb5_error_code decode_krb5_auth_pack
245 (const krb5_data *, krb5_auth_pack **);
247 krb5_error_code decode_krb5_auth_pack_draft9
248 (const krb5_data *, krb5_auth_pack_draft9 **);
250 krb5_error_code decode_krb5_kdc_dh_key_info
251 (const krb5_data *, krb5_kdc_dh_key_info **);
253 krb5_error_code decode_krb5_principal_name
254 (const krb5_data *, krb5_principal_data **);
256 krb5_error_code decode_krb5_reply_key_pack
257 (const krb5_data *, krb5_reply_key_pack **);
259 krb5_error_code decode_krb5_reply_key_pack_draft9
260 (const krb5_data *, krb5_reply_key_pack_draft9 **);
262 krb5_error_code decode_krb5_typed_data
263 (const krb5_data *, krb5_typed_data ***);
265 krb5_error_code decode_krb5_td_trusted_certifiers
266 (const krb5_data *, krb5_external_principal_identifier ***);
268 krb5_error_code decode_krb5_td_dh_parameters
269 (const krb5_data *, krb5_algorithm_identifier ***);
271 #endif /* _KRB5_INT_PKINIT_H */