1*4724848cSchristos /* 2*4724848cSchristos * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. 3*4724848cSchristos * 4*4724848cSchristos * Licensed under the OpenSSL license (the "License"). You may not use 5*4724848cSchristos * this file except in compliance with the License. You can obtain a copy 6*4724848cSchristos * in the file LICENSE in the source distribution or at 7*4724848cSchristos * https://www.openssl.org/source/license.html 8*4724848cSchristos */ 9*4724848cSchristos 10*4724848cSchristos #ifndef HEADER_OSSL_STORE_H 11*4724848cSchristos # define HEADER_OSSL_STORE_H 12*4724848cSchristos 13*4724848cSchristos # include <stdarg.h> 14*4724848cSchristos # include <openssl/ossl_typ.h> 15*4724848cSchristos # include <openssl/pem.h> 16*4724848cSchristos # include <openssl/storeerr.h> 17*4724848cSchristos 18*4724848cSchristos # ifdef __cplusplus 19*4724848cSchristos extern "C" { 20*4724848cSchristos # endif 21*4724848cSchristos 22*4724848cSchristos /*- 23*4724848cSchristos * The main OSSL_STORE functions. 24*4724848cSchristos * ------------------------------ 25*4724848cSchristos * 26*4724848cSchristos * These allow applications to open a channel to a resource with supported 27*4724848cSchristos * data (keys, certs, crls, ...), read the data a piece at a time and decide 28*4724848cSchristos * what to do with it, and finally close. 29*4724848cSchristos */ 30*4724848cSchristos 31*4724848cSchristos typedef struct ossl_store_ctx_st OSSL_STORE_CTX; 32*4724848cSchristos 33*4724848cSchristos /* 34*4724848cSchristos * Typedef for the OSSL_STORE_INFO post processing callback. This can be used 35*4724848cSchristos * to massage the given OSSL_STORE_INFO, or to drop it entirely (by returning 36*4724848cSchristos * NULL). 37*4724848cSchristos */ 38*4724848cSchristos typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *, 39*4724848cSchristos void *); 40*4724848cSchristos 41*4724848cSchristos /* 42*4724848cSchristos * Open a channel given a URI. The given UI method will be used any time the 43*4724848cSchristos * loader needs extra input, for example when a password or pin is needed, and 44*4724848cSchristos * will be passed the same user data every time it's needed in this context. 45*4724848cSchristos * 46*4724848cSchristos * Returns a context reference which represents the channel to communicate 47*4724848cSchristos * through. 48*4724848cSchristos */ 49*4724848cSchristos OSSL_STORE_CTX *OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, 50*4724848cSchristos void *ui_data, 51*4724848cSchristos OSSL_STORE_post_process_info_fn post_process, 52*4724848cSchristos void *post_process_data); 53*4724848cSchristos 54*4724848cSchristos /* 55*4724848cSchristos * Control / fine tune the OSSL_STORE channel. |cmd| determines what is to be 56*4724848cSchristos * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to 57*4724848cSchristos * determine which loader is used), except for common commands (see below). 58*4724848cSchristos * Each command takes different arguments. 59*4724848cSchristos */ 60*4724848cSchristos int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd, ... /* args */); 61*4724848cSchristos int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd, va_list args); 62*4724848cSchristos 63*4724848cSchristos /* 64*4724848cSchristos * Common ctrl commands that different loaders may choose to support. 65*4724848cSchristos */ 66*4724848cSchristos /* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */ 67*4724848cSchristos # define OSSL_STORE_C_USE_SECMEM 1 68*4724848cSchristos /* Where custom commands start */ 69*4724848cSchristos # define OSSL_STORE_C_CUSTOM_START 100 70*4724848cSchristos 71*4724848cSchristos /* 72*4724848cSchristos * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE 73*4724848cSchristos * functionality, given a context. 74*4724848cSchristos * Returns a OSSL_STORE_INFO pointer, from which OpenSSL typed data can be 75*4724848cSchristos * extracted with OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), ... 76*4724848cSchristos * NULL is returned on error, which may include that the data found at the URI 77*4724848cSchristos * can't be figured out for certain or is ambiguous. 78*4724848cSchristos */ 79*4724848cSchristos OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx); 80*4724848cSchristos 81*4724848cSchristos /* 82*4724848cSchristos * Check if end of data (end of file) is reached 83*4724848cSchristos * Returns 1 on end, 0 otherwise. 84*4724848cSchristos */ 85*4724848cSchristos int OSSL_STORE_eof(OSSL_STORE_CTX *ctx); 86*4724848cSchristos 87*4724848cSchristos /* 88*4724848cSchristos * Check if an error occurred 89*4724848cSchristos * Returns 1 if it did, 0 otherwise. 90*4724848cSchristos */ 91*4724848cSchristos int OSSL_STORE_error(OSSL_STORE_CTX *ctx); 92*4724848cSchristos 93*4724848cSchristos /* 94*4724848cSchristos * Close the channel 95*4724848cSchristos * Returns 1 on success, 0 on error. 96*4724848cSchristos */ 97*4724848cSchristos int OSSL_STORE_close(OSSL_STORE_CTX *ctx); 98*4724848cSchristos 99*4724848cSchristos 100*4724848cSchristos /*- 101*4724848cSchristos * Extracting OpenSSL types from and creating new OSSL_STORE_INFOs 102*4724848cSchristos * --------------------------------------------------------------- 103*4724848cSchristos */ 104*4724848cSchristos 105*4724848cSchristos /* 106*4724848cSchristos * Types of data that can be ossl_stored in a OSSL_STORE_INFO. 107*4724848cSchristos * OSSL_STORE_INFO_NAME is typically found when getting a listing of 108*4724848cSchristos * available "files" / "tokens" / what have you. 109*4724848cSchristos */ 110*4724848cSchristos # define OSSL_STORE_INFO_NAME 1 /* char * */ 111*4724848cSchristos # define OSSL_STORE_INFO_PARAMS 2 /* EVP_PKEY * */ 112*4724848cSchristos # define OSSL_STORE_INFO_PKEY 3 /* EVP_PKEY * */ 113*4724848cSchristos # define OSSL_STORE_INFO_CERT 4 /* X509 * */ 114*4724848cSchristos # define OSSL_STORE_INFO_CRL 5 /* X509_CRL * */ 115*4724848cSchristos 116*4724848cSchristos /* 117*4724848cSchristos * Functions to generate OSSL_STORE_INFOs, one function for each type we 118*4724848cSchristos * support having in them, as well as a generic constructor. 119*4724848cSchristos * 120*4724848cSchristos * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO 121*4724848cSchristos * and will therefore be freed when the OSSL_STORE_INFO is freed. 122*4724848cSchristos */ 123*4724848cSchristos OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name); 124*4724848cSchristos int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc); 125*4724848cSchristos OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params); 126*4724848cSchristos OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey); 127*4724848cSchristos OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509); 128*4724848cSchristos OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl); 129*4724848cSchristos 130*4724848cSchristos /* 131*4724848cSchristos * Functions to try to extract data from a OSSL_STORE_INFO. 132*4724848cSchristos */ 133*4724848cSchristos int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info); 134*4724848cSchristos const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info); 135*4724848cSchristos char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info); 136*4724848cSchristos const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info); 137*4724848cSchristos char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info); 138*4724848cSchristos EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info); 139*4724848cSchristos EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info); 140*4724848cSchristos EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info); 141*4724848cSchristos EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info); 142*4724848cSchristos X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info); 143*4724848cSchristos X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info); 144*4724848cSchristos X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info); 145*4724848cSchristos X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info); 146*4724848cSchristos 147*4724848cSchristos const char *OSSL_STORE_INFO_type_string(int type); 148*4724848cSchristos 149*4724848cSchristos /* 150*4724848cSchristos * Free the OSSL_STORE_INFO 151*4724848cSchristos */ 152*4724848cSchristos void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info); 153*4724848cSchristos 154*4724848cSchristos 155*4724848cSchristos /*- 156*4724848cSchristos * Functions to construct a search URI from a base URI and search criteria 157*4724848cSchristos * ----------------------------------------------------------------------- 158*4724848cSchristos */ 159*4724848cSchristos 160*4724848cSchristos /* OSSL_STORE search types */ 161*4724848cSchristos # define OSSL_STORE_SEARCH_BY_NAME 1 /* subject in certs, issuer in CRLs */ 162*4724848cSchristos # define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL 2 163*4724848cSchristos # define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT 3 164*4724848cSchristos # define OSSL_STORE_SEARCH_BY_ALIAS 4 165*4724848cSchristos 166*4724848cSchristos /* To check what search types the scheme handler supports */ 167*4724848cSchristos int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type); 168*4724848cSchristos 169*4724848cSchristos /* Search term constructors */ 170*4724848cSchristos /* 171*4724848cSchristos * The input is considered to be owned by the caller, and must therefore 172*4724848cSchristos * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH 173*4724848cSchristos */ 174*4724848cSchristos OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name); 175*4724848cSchristos OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name, 176*4724848cSchristos const ASN1_INTEGER 177*4724848cSchristos *serial); 178*4724848cSchristos OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest, 179*4724848cSchristos const unsigned char 180*4724848cSchristos *bytes, size_t len); 181*4724848cSchristos OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias); 182*4724848cSchristos 183*4724848cSchristos /* Search term destructor */ 184*4724848cSchristos void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search); 185*4724848cSchristos 186*4724848cSchristos /* Search term accessors */ 187*4724848cSchristos int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion); 188*4724848cSchristos X509_NAME *OSSL_STORE_SEARCH_get0_name(OSSL_STORE_SEARCH *criterion); 189*4724848cSchristos const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH 190*4724848cSchristos *criterion); 191*4724848cSchristos const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH 192*4724848cSchristos *criterion, size_t *length); 193*4724848cSchristos const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion); 194*4724848cSchristos const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion); 195*4724848cSchristos 196*4724848cSchristos /* 197*4724848cSchristos * Add search criterion and expected return type (which can be unspecified) 198*4724848cSchristos * to the loading channel. This MUST happen before the first OSSL_STORE_load(). 199*4724848cSchristos */ 200*4724848cSchristos int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type); 201*4724848cSchristos int OSSL_STORE_find(OSSL_STORE_CTX *ctx, OSSL_STORE_SEARCH *search); 202*4724848cSchristos 203*4724848cSchristos 204*4724848cSchristos /*- 205*4724848cSchristos * Function to register a loader for the given URI scheme. 206*4724848cSchristos * ------------------------------------------------------- 207*4724848cSchristos * 208*4724848cSchristos * The loader receives all the main components of an URI except for the 209*4724848cSchristos * scheme. 210*4724848cSchristos */ 211*4724848cSchristos 212*4724848cSchristos typedef struct ossl_store_loader_st OSSL_STORE_LOADER; 213*4724848cSchristos OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme); 214*4724848cSchristos const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader); 215*4724848cSchristos const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader); 216*4724848cSchristos /* struct ossl_store_loader_ctx_st is defined differently by each loader */ 217*4724848cSchristos typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX; 218*4724848cSchristos typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)(const OSSL_STORE_LOADER 219*4724848cSchristos *loader, 220*4724848cSchristos const char *uri, 221*4724848cSchristos const UI_METHOD *ui_method, 222*4724848cSchristos void *ui_data); 223*4724848cSchristos int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader, 224*4724848cSchristos OSSL_STORE_open_fn open_function); 225*4724848cSchristos typedef int (*OSSL_STORE_ctrl_fn)(OSSL_STORE_LOADER_CTX *ctx, int cmd, 226*4724848cSchristos va_list args); 227*4724848cSchristos int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader, 228*4724848cSchristos OSSL_STORE_ctrl_fn ctrl_function); 229*4724848cSchristos typedef int (*OSSL_STORE_expect_fn)(OSSL_STORE_LOADER_CTX *ctx, int expected); 230*4724848cSchristos int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader, 231*4724848cSchristos OSSL_STORE_expect_fn expect_function); 232*4724848cSchristos typedef int (*OSSL_STORE_find_fn)(OSSL_STORE_LOADER_CTX *ctx, 233*4724848cSchristos OSSL_STORE_SEARCH *criteria); 234*4724848cSchristos int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader, 235*4724848cSchristos OSSL_STORE_find_fn find_function); 236*4724848cSchristos typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)(OSSL_STORE_LOADER_CTX *ctx, 237*4724848cSchristos const UI_METHOD *ui_method, 238*4724848cSchristos void *ui_data); 239*4724848cSchristos int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader, 240*4724848cSchristos OSSL_STORE_load_fn load_function); 241*4724848cSchristos typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx); 242*4724848cSchristos int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader, 243*4724848cSchristos OSSL_STORE_eof_fn eof_function); 244*4724848cSchristos typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx); 245*4724848cSchristos int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader, 246*4724848cSchristos OSSL_STORE_error_fn error_function); 247*4724848cSchristos typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx); 248*4724848cSchristos int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader, 249*4724848cSchristos OSSL_STORE_close_fn close_function); 250*4724848cSchristos void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader); 251*4724848cSchristos 252*4724848cSchristos int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader); 253*4724848cSchristos OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme); 254*4724848cSchristos 255*4724848cSchristos /*- 256*4724848cSchristos * Functions to list STORE loaders 257*4724848cSchristos * ------------------------------- 258*4724848cSchristos */ 259*4724848cSchristos int OSSL_STORE_do_all_loaders(void (*do_function) (const OSSL_STORE_LOADER 260*4724848cSchristos *loader, void *do_arg), 261*4724848cSchristos void *do_arg); 262*4724848cSchristos 263*4724848cSchristos # ifdef __cplusplus 264*4724848cSchristos } 265*4724848cSchristos # endif 266*4724848cSchristos #endif 267