1*ce7279d8Sjsg /* $Id: extern.h,v 1.21 2024/05/21 05:00:48 jsg Exp $ */ 2de579d12Sflorian /* 3de579d12Sflorian * Copyright (c) 2016 Kristaps Dzonsons <kristaps@bsd.lv> 4de579d12Sflorian * 5de579d12Sflorian * Permission to use, copy, modify, and distribute this software for any 6de579d12Sflorian * purpose with or without fee is hereby granted, provided that the above 7de579d12Sflorian * copyright notice and this permission notice appear in all copies. 8de579d12Sflorian * 9de579d12Sflorian * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES 10de579d12Sflorian * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11de579d12Sflorian * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR 12de579d12Sflorian * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13de579d12Sflorian * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14de579d12Sflorian * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15de579d12Sflorian * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16de579d12Sflorian */ 17de579d12Sflorian #ifndef EXTERN_H 18de579d12Sflorian #define EXTERN_H 19de579d12Sflorian 20383e31e9Sbenno #include "parse.h" 21383e31e9Sbenno 22de579d12Sflorian #define MAX_SERVERS_DNS 8 23de579d12Sflorian 24a8bb3d0cSflorian #ifndef nitems 25a8bb3d0cSflorian #define nitems(_a) (sizeof((_a)) / sizeof((_a)[0])) 26a8bb3d0cSflorian #endif 27de579d12Sflorian 28de579d12Sflorian /* 29de579d12Sflorian * Requests to and from acctproc. 30de579d12Sflorian */ 31de579d12Sflorian enum acctop { 32de579d12Sflorian ACCT_STOP = 0, 33de579d12Sflorian ACCT_READY, 34de579d12Sflorian ACCT_SIGN, 357b00f4e9Sflorian ACCT_KID_SIGN, 36de579d12Sflorian ACCT_THUMBPRINT, 37de579d12Sflorian ACCT__MAX 38de579d12Sflorian }; 39de579d12Sflorian 40de579d12Sflorian /* 41de579d12Sflorian * Requests to and from chngproc. 42de579d12Sflorian */ 43de579d12Sflorian enum chngop { 44de579d12Sflorian CHNG_STOP = 0, 45de579d12Sflorian CHNG_SYN, 46de579d12Sflorian CHNG_ACK, 47de579d12Sflorian CHNG__MAX 48de579d12Sflorian }; 49de579d12Sflorian 50de579d12Sflorian /* 51de579d12Sflorian * Requests to keyproc. 52de579d12Sflorian */ 53de579d12Sflorian enum keyop { 54de579d12Sflorian KEY_STOP = 0, 55de579d12Sflorian KEY_READY, 56de579d12Sflorian KEY__MAX 57de579d12Sflorian }; 58de579d12Sflorian 59de579d12Sflorian /* 60de579d12Sflorian * Requests to certproc. 61de579d12Sflorian */ 62de579d12Sflorian enum certop { 63de579d12Sflorian CERT_STOP = 0, 64de579d12Sflorian CERT_REVOKE, 65de579d12Sflorian CERT_UPDATE, 66de579d12Sflorian CERT__MAX 67de579d12Sflorian }; 68de579d12Sflorian 69de579d12Sflorian /* 70de579d12Sflorian * Requests to fileproc. 71de579d12Sflorian */ 72de579d12Sflorian enum fileop { 73de579d12Sflorian FILE_STOP = 0, 74de579d12Sflorian FILE_REMOVE, 75de579d12Sflorian FILE_CREATE, 76de579d12Sflorian FILE__MAX 77de579d12Sflorian }; 78de579d12Sflorian 79de579d12Sflorian /* 80de579d12Sflorian * Requests to dnsproc. 81de579d12Sflorian */ 82de579d12Sflorian enum dnsop { 83de579d12Sflorian DNS_STOP = 0, 84de579d12Sflorian DNS_LOOKUP, 85de579d12Sflorian DNS__MAX 86de579d12Sflorian }; 87de579d12Sflorian 88de579d12Sflorian enum revokeop { 89de579d12Sflorian REVOKE_STOP = 0, 90de579d12Sflorian REVOKE_CHECK, 91de579d12Sflorian REVOKE_EXP, 92de579d12Sflorian REVOKE_OK, 93de579d12Sflorian REVOKE__MAX 94de579d12Sflorian }; 95de579d12Sflorian 96de579d12Sflorian /* 97de579d12Sflorian * Our components. 98de579d12Sflorian * Each one of these is in a separated, isolated process. 99de579d12Sflorian */ 100de579d12Sflorian enum comp { 101de579d12Sflorian COMP_NET, /* network-facing (to ACME) */ 102de579d12Sflorian COMP_KEY, /* handles domain keys */ 103de579d12Sflorian COMP_CERT, /* handles domain certificates */ 104de579d12Sflorian COMP_ACCOUNT, /* handles account key */ 105de579d12Sflorian COMP_CHALLENGE, /* handles challenges */ 106de579d12Sflorian COMP_FILE, /* handles writing certs */ 107de579d12Sflorian COMP_DNS, /* handles DNS lookups */ 108de579d12Sflorian COMP_REVOKE, /* checks X509 expiration */ 109de579d12Sflorian COMP__MAX 110de579d12Sflorian }; 111de579d12Sflorian 112de579d12Sflorian /* 113de579d12Sflorian * Inter-process communication labels. 114de579d12Sflorian * This is purely for looking at debugging. 115de579d12Sflorian */ 116de579d12Sflorian enum comm { 117de579d12Sflorian COMM_REQ, 118de579d12Sflorian COMM_THUMB, 119de579d12Sflorian COMM_CERT, 120de579d12Sflorian COMM_PAY, 121de579d12Sflorian COMM_NONCE, 1227b00f4e9Sflorian COMM_KID, 1237b00f4e9Sflorian COMM_URL, 124de579d12Sflorian COMM_TOK, 125de579d12Sflorian COMM_CHNG_OP, 126de579d12Sflorian COMM_CHNG_ACK, 127de579d12Sflorian COMM_ACCT, 128de579d12Sflorian COMM_ACCT_STAT, 129de579d12Sflorian COMM_CSR, 130de579d12Sflorian COMM_CSR_OP, 131de579d12Sflorian COMM_ISSUER, 132de579d12Sflorian COMM_CHAIN, 133de579d12Sflorian COMM_CHAIN_OP, 134de579d12Sflorian COMM_DNS, 135de579d12Sflorian COMM_DNSQ, 136de579d12Sflorian COMM_DNSA, 137de579d12Sflorian COMM_DNSF, 138de579d12Sflorian COMM_DNSLEN, 139de579d12Sflorian COMM_KEY_STAT, 140de579d12Sflorian COMM_REVOKE_OP, 141de579d12Sflorian COMM_REVOKE_CHECK, 142de579d12Sflorian COMM_REVOKE_RESP, 143de579d12Sflorian COMM__MAX 144de579d12Sflorian }; 145de579d12Sflorian 146de579d12Sflorian /* 147de579d12Sflorian * This contains the URI and token of an ACME-issued challenge. 148de579d12Sflorian * A challenge consists of a token, which we must present on the 149de579d12Sflorian * (presumably!) local machine to an ACME connection; and a URI, to 150de579d12Sflorian * which we must connect to verify the token. 151de579d12Sflorian */ 152045b9945Sbenno enum chngstatus { 153045b9945Sbenno CHNG_INVALID = -1, 154045b9945Sbenno CHNG_PENDING = 0, 1557b00f4e9Sflorian CHNG_PROCESSING = 1, 1567b00f4e9Sflorian CHNG_VALID = 2 157045b9945Sbenno }; 158045b9945Sbenno 159de579d12Sflorian struct chng { 160de579d12Sflorian char *uri; /* uri on ACME server */ 161de579d12Sflorian char *token; /* token we must offer */ 16242c2cc51Sflorian char *error; /* "detail" field in case of error */ 163de579d12Sflorian size_t retry; /* how many times have we tried */ 164045b9945Sbenno enum chngstatus status; /* challenge accepted? */ 165de579d12Sflorian }; 166de579d12Sflorian 1677b00f4e9Sflorian enum orderstatus { 1687b00f4e9Sflorian ORDER_INVALID = -1, 1697b00f4e9Sflorian ORDER_PENDING = 0, 1707b00f4e9Sflorian ORDER_READY = 1, 1717b00f4e9Sflorian ORDER_PROCESSING = 2, 1727b00f4e9Sflorian ORDER_VALID = 3 1737b00f4e9Sflorian }; 1747b00f4e9Sflorian 1757b00f4e9Sflorian struct order { 1767b00f4e9Sflorian char *uri; /* uri of the order request */ 1777b00f4e9Sflorian char *finalize; /* finalize uri */ 1787b00f4e9Sflorian char *certificate; /* uri for issued certificate */ 1797b00f4e9Sflorian enum orderstatus status; /* status of order */ 1807b00f4e9Sflorian char **auths; /* authorization uris */ 1817b00f4e9Sflorian size_t authsz; 1827b00f4e9Sflorian }; 1837b00f4e9Sflorian 184de579d12Sflorian /* 185de579d12Sflorian * This consists of the services offered by the CA. 186de579d12Sflorian * They must all be filled in. 187de579d12Sflorian */ 188de579d12Sflorian struct capaths { 1897b00f4e9Sflorian char *newaccount; /* new acme account */ 1907b00f4e9Sflorian char *newnonce; /* new nonce */ 1917b00f4e9Sflorian char *neworder; /* order new certificate */ 192de579d12Sflorian char *revokecert; /* revoke certificate */ 193de579d12Sflorian }; 194de579d12Sflorian 195de579d12Sflorian struct jsmnn; 196de579d12Sflorian 197de579d12Sflorian __BEGIN_DECLS 198de579d12Sflorian 199de579d12Sflorian /* 200de579d12Sflorian * Start with our components. 201de579d12Sflorian * These are all isolated and talk to each other using sockets. 202de579d12Sflorian */ 2034f8b772fSflorian int acctproc(int, const char *, enum keytype); 204de579d12Sflorian int certproc(int, int); 205383e31e9Sbenno int chngproc(int, const char *); 206de579d12Sflorian int dnsproc(int); 20761075b4cSflorian int revokeproc(int, const char *, int, int, const char *const *, 20861075b4cSflorian size_t); 20962492c74Sflorian int fileproc(int, const char *, const char *, const char *, 21062492c74Sflorian const char *); 21165a104faSflorian int keyproc(int, const char *, const char **, size_t, 21265a104faSflorian enum keytype); 2137b00f4e9Sflorian int netproc(int, int, int, int, int, int, int, 214383e31e9Sbenno struct authority_c *, const char *const *, 2150b28b247Sflorian size_t); 216de579d12Sflorian 217de579d12Sflorian /* 218de579d12Sflorian * Debugging functions. 219de579d12Sflorian * These just route to warnx according to the verbosity. 220de579d12Sflorian */ 221de579d12Sflorian void dodbg(const char *, ...) 222de579d12Sflorian __attribute__((format(printf, 1, 2))); 223de579d12Sflorian void doddbg(const char *, ...) 224de579d12Sflorian __attribute__((format(printf, 1, 2))); 225de579d12Sflorian 226de579d12Sflorian /* 227de579d12Sflorian * Read and write things from the wire. 228de579d12Sflorian * The readers behave differently with respect to EOF. 229de579d12Sflorian */ 230de579d12Sflorian long readop(int, enum comm); 231de579d12Sflorian char *readbuf(int, enum comm, size_t *); 232de579d12Sflorian char *readstr(int, enum comm); 233de579d12Sflorian int writebuf(int, enum comm, const void *, size_t); 234de579d12Sflorian int writestr(int, enum comm, const char *); 235de579d12Sflorian int writeop(int, enum comm, long); 236de579d12Sflorian 237de579d12Sflorian int checkexit(pid_t, enum comp); 238de579d12Sflorian int checkexit_ext(int *, pid_t, enum comp); 239de579d12Sflorian 240de579d12Sflorian /* 241de579d12Sflorian * Base64 and URL encoding. 242de579d12Sflorian * Returns a buffer or NULL on allocation error. 243de579d12Sflorian */ 244de579d12Sflorian size_t base64len(size_t); 245de579d12Sflorian char *base64buf_url(const char *, size_t); 246de579d12Sflorian 247de579d12Sflorian /* 248de579d12Sflorian * JSON parsing routines. 249de579d12Sflorian * Keep this all in on place, though it's only used by one file. 250de579d12Sflorian */ 251de579d12Sflorian struct jsmnn *json_parse(const char *, size_t); 252de579d12Sflorian void json_free(struct jsmnn *); 253de579d12Sflorian int json_parse_response(struct jsmnn *); 254de579d12Sflorian void json_free_challenge(struct chng *); 255de579d12Sflorian int json_parse_challenge(struct jsmnn *, struct chng *); 2567b00f4e9Sflorian void json_free_order(struct order *); 2577b00f4e9Sflorian int json_parse_order(struct jsmnn *, struct order *); 2587b00f4e9Sflorian int json_parse_upd_order(struct jsmnn *, struct order *); 259de579d12Sflorian void json_free_capaths(struct capaths *); 260de579d12Sflorian int json_parse_capaths(struct jsmnn *, struct capaths *); 261ec77e55dSflorian char *json_getstr(struct jsmnn *, const char *); 262de579d12Sflorian 263de579d12Sflorian char *json_fmt_newcert(const char *); 2647b00f4e9Sflorian char *json_fmt_chkacc(void); 2656736ff2bSflorian char *json_fmt_newacc(const char *); 2667b00f4e9Sflorian char *json_fmt_neworder(const char *const *, size_t); 267de579d12Sflorian char *json_fmt_protected_rsa(const char *, 268de579d12Sflorian const char *, const char *, const char *); 2694f8b772fSflorian char *json_fmt_protected_ec(const char *, const char *, const char *, 2704f8b772fSflorian const char *); 2714f8b772fSflorian char *json_fmt_protected_kid(const char*, const char *, const char *, 2727b00f4e9Sflorian const char *); 2737b00f4e9Sflorian char *json_fmt_revokecert(const char *); 2747b00f4e9Sflorian char *json_fmt_thumb_rsa(const char *, const char *); 2754f8b772fSflorian char *json_fmt_thumb_ec(const char *, const char *); 2767b00f4e9Sflorian char *json_fmt_signed(const char *, const char *, const char *); 277de579d12Sflorian 278de579d12Sflorian /* 279de579d12Sflorian * Should we print debugging messages? 280de579d12Sflorian */ 2813a92740dSflorian extern int verbose; 282de579d12Sflorian 283de579d12Sflorian /* 284de579d12Sflorian * What component is the process within (COMP__MAX for none)? 285de579d12Sflorian */ 2863a92740dSflorian extern enum comp proccomp; 287de579d12Sflorian 288de579d12Sflorian __END_DECLS 289de579d12Sflorian 290de579d12Sflorian #endif /* ! EXTERN_H */ 291