Apache HTTPD
md_crypt.h
Go to the documentation of this file.
1/* Licensed to the Apache Software Foundation (ASF) under one or more
2 * contributor license agreements. See the NOTICE file distributed with
3 * this work for additional information regarding copyright ownership.
4 * The ASF licenses this file to You under the Apache License, Version 2.0
5 * (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef mod_md_md_crypt_h
18#define mod_md_md_crypt_h
19
20#include <apr_file_io.h>
21
22struct apr_array_header_t;
23struct md_t;
24struct md_http_response_t;
25struct md_cert_t;
26struct md_pkey_t;
27struct md_data_t;
28struct md_timeperiod_t;
29
30/**************************************************************************************************/
31/* random */
32
33apr_status_t md_rand_bytes(unsigned char *buf, apr_size_t len, apr_pool_t *p);
34
35apr_time_t md_asn1_generalized_time_get(void *ASN1_GENERALIZEDTIME);
36
37/**************************************************************************************************/
38/* digests */
39apr_status_t md_crypt_sha256_digest64(const char **pdigest64, apr_pool_t *p,
40 const struct md_data_t *data);
41apr_status_t md_crypt_sha256_digest_hex(const char **pdigesthex, apr_pool_t *p,
42 const struct md_data_t *data);
43
44/**************************************************************************************************/
45/* private keys */
46
47typedef struct md_pkey_t md_pkey_t;
48
54
58
59typedef struct md_pkey_ec_params_t {
60 const char *curve;
61} md_pkey_ec_params_t;
62
70
75
76apr_status_t md_crypt_init(apr_pool_t *pool);
77
78const char *md_pkey_spec_name(const md_pkey_spec_t *spec);
79
80md_pkeys_spec_t *md_pkeys_spec_make(apr_pool_t *p);
81void md_pkeys_spec_add_default(md_pkeys_spec_t *pks);
82int md_pkeys_spec_contains_rsa(md_pkeys_spec_t *pks);
83void md_pkeys_spec_add_rsa(md_pkeys_spec_t *pks, unsigned int bits);
84int md_pkeys_spec_contains_ec(md_pkeys_spec_t *pks, const char *curve);
85void md_pkeys_spec_add_ec(md_pkeys_spec_t *pks, const char *curve);
86int md_pkeys_spec_eq(md_pkeys_spec_t *pks1, md_pkeys_spec_t *pks2);
87md_pkeys_spec_t *md_pkeys_spec_clone(apr_pool_t *p, const md_pkeys_spec_t *pks);
88int md_pkeys_spec_is_empty(const md_pkeys_spec_t *pks);
89md_pkey_spec_t *md_pkeys_spec_get(const md_pkeys_spec_t *pks, int index);
90int md_pkeys_spec_count(const md_pkeys_spec_t *pks);
91void md_pkeys_spec_add(md_pkeys_spec_t *pks, md_pkey_spec_t *spec);
92
93struct md_json_t *md_pkey_spec_to_json(const md_pkey_spec_t *spec, apr_pool_t *p);
94md_pkey_spec_t *md_pkey_spec_from_json(struct md_json_t *json, apr_pool_t *p);
95struct md_json_t *md_pkeys_spec_to_json(const md_pkeys_spec_t *pks, apr_pool_t *p);
96md_pkeys_spec_t *md_pkeys_spec_from_json(struct md_json_t *json, apr_pool_t *p);
97
98
99apr_status_t md_pkey_gen(md_pkey_t **ppkey, apr_pool_t *p, md_pkey_spec_t *key_props);
100void md_pkey_free(md_pkey_t *pkey);
101
102const char *md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p);
103const char *md_pkey_get_rsa_n64(md_pkey_t *pkey, apr_pool_t *p);
104
105apr_status_t md_pkey_fload(md_pkey_t **ppkey, apr_pool_t *p,
106 const char *pass_phrase, apr_size_t pass_len,
107 const char *fname);
108apr_status_t md_pkey_fsave(md_pkey_t *pkey, apr_pool_t *p,
109 const char *pass_phrase, apr_size_t pass_len,
110 const char *fname, apr_fileperms_t perms);
111
112apr_status_t md_crypt_sign64(const char **psign64, md_pkey_t *pkey, apr_pool_t *p,
113 const char *d, size_t dlen);
114
115void *md_pkey_get_EVP_PKEY(struct md_pkey_t *pkey);
116
117apr_status_t md_crypt_hmac64(const char **pmac64, const struct md_data_t *hmac_key,
118 apr_pool_t *p, const char *d, size_t dlen);
119
123apr_status_t md_pkey_read_http(md_pkey_t **ppkey, apr_pool_t *pool,
124 const struct md_http_response_t *res);
125
126/**************************************************************************************************/
127/* X509 certificates */
128
129typedef struct md_cert_t md_cert_t;
130
136
141md_cert_t *md_cert_make(apr_pool_t *p, void *x509);
142
147md_cert_t *md_cert_wrap(apr_pool_t *p, void *x509);
148
149void *md_cert_get_X509(const md_cert_t *cert);
150
151apr_status_t md_cert_fload(md_cert_t **pcert, apr_pool_t *p, const char *fname);
152apr_status_t md_cert_fsave(md_cert_t *cert, apr_pool_t *p,
153 const char *fname, apr_fileperms_t perms);
154
160apr_status_t md_cert_read_http(md_cert_t **pcert, apr_pool_t *pool,
161 const struct md_http_response_t *res);
162
166apr_status_t md_cert_read_chain(apr_array_header_t *chain, apr_pool_t *p,
167 const char *pem, apr_size_t pem_len);
168
175apr_status_t md_cert_chain_read_http(struct apr_array_header_t *chain,
176 apr_pool_t *pool, const struct md_http_response_t *res);
177
178md_cert_state_t md_cert_state_get(const md_cert_t *cert);
179int md_cert_is_valid_now(const md_cert_t *cert);
180int md_cert_has_expired(const md_cert_t *cert);
181int md_cert_covers_domain(md_cert_t *cert, const char *domain_name);
182int md_cert_covers_md(md_cert_t *cert, const struct md_t *md);
183int md_cert_must_staple(const md_cert_t *cert);
184apr_time_t md_cert_get_not_after(const md_cert_t *cert);
185apr_time_t md_cert_get_not_before(const md_cert_t *cert);
186struct md_timeperiod_t md_cert_get_valid(const md_cert_t *cert);
187
191int md_certs_are_equal(const md_cert_t *a, const md_cert_t *b);
192
193apr_status_t md_cert_get_issuers_uri(const char **puri, const md_cert_t *cert, apr_pool_t *p);
194apr_status_t md_cert_get_alt_names(apr_array_header_t **pnames, const md_cert_t *cert, apr_pool_t *p);
195
196apr_status_t md_cert_to_base64url(const char **ps64, const md_cert_t *cert, apr_pool_t *p);
197apr_status_t md_cert_from_base64url(md_cert_t **pcert, const char *s64, apr_pool_t *p);
198
199apr_status_t md_cert_to_sha256_digest(struct md_data_t **pdigest, const md_cert_t *cert, apr_pool_t *p);
200apr_status_t md_cert_to_sha256_fingerprint(const char **pfinger, const md_cert_t *cert, apr_pool_t *p);
201
202const char *md_cert_get_serial_number(const md_cert_t *cert, apr_pool_t *p);
203
204apr_status_t md_chain_fload(struct apr_array_header_t **pcerts,
205 apr_pool_t *p, const char *fname);
206apr_status_t md_chain_fsave(struct apr_array_header_t *certs,
207 apr_pool_t *p, const char *fname, apr_fileperms_t perms);
208apr_status_t md_chain_fappend(struct apr_array_header_t *certs,
209 apr_pool_t *p, const char *fname);
210
211apr_status_t md_cert_req_create(const char **pcsr_der_64, const char *name,
212 apr_array_header_t *domains, int must_staple,
213 md_pkey_t *pkey, apr_pool_t *p);
214
219apr_status_t md_cert_self_sign(md_cert_t **pcert, const char *cn,
220 struct apr_array_header_t *domains, md_pkey_t *pkey,
221 apr_interval_time_t valid_for, apr_pool_t *p);
222
227apr_status_t md_cert_make_tls_alpn_01(md_cert_t **pcert, const char *domain,
228 const char *acme_id, md_pkey_t *pkey,
229 apr_interval_time_t valid_for, apr_pool_t *p);
230
231apr_status_t md_cert_get_ct_scts(apr_array_header_t *scts, apr_pool_t *p, const md_cert_t *cert);
232
233apr_status_t md_cert_get_ocsp_responder_url(const char **purl, apr_pool_t *p, const md_cert_t *cert);
234
235apr_status_t md_check_cert_and_pkey(struct apr_array_header_t *certs, md_pkey_t *pkey);
236
237
238/**************************************************************************************************/
239/* X509 certificate transparency */
240
241const char *md_nid_get_sname(int nid);
242const char *md_nid_get_lname(int nid);
243
244typedef struct md_sct md_sct;
252
253#endif /* md_crypt_h */
len
const char apr_size_t len
Definition ap_regex.h:187
apr_file_io.h
APR File I/O Handling.
d
apr_size_t const unsigned char unsigned int unsigned int d
Definition apr_siphash.h:72
buf
const unsigned char * buf
Definition util_md5.h:50
a
apr_bucket apr_bucket_brigade * a
Definition apr_buckets.h:700
res
apr_pool_t apr_dbd_t apr_dbd_results_t ** res
Definition apr_dbd.h:287
pkey
apr_datum_t * pkey
Definition apr_dbm.h:158
size
apr_size_t size
Definition apr_allocator.h:115
pool
const char int apr_pool_t * pool
Definition apr_cstr.h:84
apr_status_t
int apr_status_t
Definition apr_errno.h:44
apr_fileperms_t
apr_int32_t apr_fileperms_t
Definition apr_file_info.h:125
perms
const char apr_fileperms_t perms
Definition apr_file_io.h:305
data
void * data
Definition apr_file_io.h:832
fname
const char * fname
Definition apr_file_info.h:229
b
apr_pool_t * b
Definition apr_pools.h:529
apr_interval_time_t
apr_int64_t apr_interval_time_t
Definition apr_time.h:55
apr_time_t
apr_int64_t apr_time_t
Definition apr_time.h:45
md_cert_chain_read_http
apr_status_t md_cert_chain_read_http(struct apr_array_header_t *chain, apr_pool_t *pool, const struct md_http_response_t *res)
Definition md_crypt.c:1540
md_cert_get_valid
struct md_timeperiod_t md_cert_get_valid(const md_cert_t *cert)
Definition md_crypt.c:1222
md_certs_are_equal
int md_certs_are_equal(const md_cert_t *a, const md_cert_t *b)
Definition md_crypt.c:1196
md_pkey_spec_to_json
struct md_json_t * md_pkey_spec_to_json(const md_pkey_spec_t *spec, apr_pool_t *p)
Definition md_crypt.c:348
md_rand_bytes
apr_status_t md_rand_bytes(unsigned char *buf, apr_size_t len, apr_pool_t *p)
Definition md_crypt.c:162
md_pkey_free
void md_pkey_free(md_pkey_t *pkey)
Definition md_crypt.c:590
md_chain_fload
apr_status_t md_chain_fload(struct apr_array_header_t **pcerts, apr_pool_t *p, const char *fname)
Definition md_crypt.c:1645
md_chain_fappend
apr_status_t md_chain_fappend(struct apr_array_header_t *certs, apr_pool_t *p, const char *fname)
Definition md_crypt.c:1601
md_pkey_get_rsa_e64
const char * md_pkey_get_rsa_e64(md_pkey_t *pkey, apr_pool_t *p)
Definition md_crypt.c:979
md_cert_fload
apr_status_t md_cert_fload(md_cert_t **pcert, apr_pool_t *p, const char *fname)
Definition md_crypt.c:1353
md_pkey_read_http
apr_status_t md_pkey_read_http(md_pkey_t **ppkey, apr_pool_t *pool, const struct md_http_response_t *res)
Definition md_crypt.c:706
md_cert_to_sha256_fingerprint
apr_status_t md_cert_to_sha256_fingerprint(const char **pfinger, const md_cert_t *cert, apr_pool_t *p)
Definition md_crypt.c:1443
md_pkey_fload
apr_status_t md_pkey_fload(md_pkey_t **ppkey, apr_pool_t *p, const char *pass_phrase, apr_size_t pass_len, const char *fname)
Definition md_crypt.c:600
md_cert_read_chain
apr_status_t md_cert_read_chain(apr_array_header_t *chain, apr_pool_t *p, const char *pem, apr_size_t pem_len)
Definition md_crypt.c:1472
md_cert_get_serial_number
const char * md_cert_get_serial_number(const md_cert_t *cert, apr_pool_t *p)
Definition md_crypt.c:1180
md_cert_get_issuers_uri
apr_status_t md_cert_get_issuers_uri(const char **puri, const md_cert_t *cert, apr_pool_t *p)
Definition md_crypt.c:1268
md_cert_wrap
md_cert_t * md_cert_wrap(apr_pool_t *p, void *x509)
Definition md_crypt.c:1160
md_pkeys_spec_get
md_pkey_spec_t * md_pkeys_spec_get(const md_pkeys_spec_t *pks, int index)
Definition md_crypt.c:562
md_pkey_spec_from_json
md_pkey_spec_t * md_pkey_spec_from_json(struct md_json_t *json, apr_pool_t *p)
Definition md_crypt.c:397
md_cert_get_ocsp_responder_url
apr_status_t md_cert_get_ocsp_responder_url(const char **purl, apr_pool_t *p, const md_cert_t *cert)
Definition md_crypt.c:2111
md_cert_must_staple
int md_cert_must_staple(const md_cert_t *cert)
Definition md_crypt.c:1751
md_pkey_get_rsa_n64
const char * md_pkey_get_rsa_n64(md_pkey_t *pkey, apr_pool_t *p)
Definition md_crypt.c:999
md_pkey_spec_name
const char * md_pkey_spec_name(const md_pkey_spec_t *spec)
Definition md_crypt.c:520
md_asn1_generalized_time_get
apr_time_t md_asn1_generalized_time_get(void *ASN1_GENERALIZEDTIME)
Definition md_crypt.c:256
md_pkey_type_t
md_pkey_type_t
Definition md_crypt.h:49
MD_PKEY_TYPE_RSA
@ MD_PKEY_TYPE_RSA
Definition md_crypt.h:51
MD_PKEY_TYPE_EC
@ MD_PKEY_TYPE_EC
Definition md_crypt.h:52
MD_PKEY_TYPE_DEFAULT
@ MD_PKEY_TYPE_DEFAULT
Definition md_crypt.h:50
md_cert_self_sign
apr_status_t md_cert_self_sign(md_cert_t **pcert, const char *cn, struct apr_array_header_t *domains, md_pkey_t *pkey, apr_interval_time_t valid_for, apr_pool_t *p)
Definition md_crypt.c:1942
md_cert_get_not_before
apr_time_t md_cert_get_not_before(const md_cert_t *cert)
Definition md_crypt.c:1217
md_nid_get_sname
const char * md_nid_get_sname(int nid)
Definition md_crypt.c:2056
md_cert_covers_md
int md_cert_covers_md(md_cert_t *cert, const struct md_t *md)
md_cert_to_sha256_digest
apr_status_t md_cert_to_sha256_digest(struct md_data_t **pdigest, const md_cert_t *cert, apr_pool_t *p)
Definition md_crypt.c:1430
md_pkeys_spec_to_json
struct md_json_t * md_pkeys_spec_to_json(const md_pkeys_spec_t *pks, apr_pool_t *p)
Definition md_crypt.c:385
md_crypt_sha256_digest64
apr_status_t md_crypt_sha256_digest64(const char **pdigest64, apr_pool_t *p, const struct md_data_t *data)
md_crypt_sign64
apr_status_t md_crypt_sign64(const char **psign64, md_pkey_t *pkey, apr_pool_t *p, const char *d, size_t dlen)
Definition md_crypt.c:1019
md_cert_req_create
apr_status_t md_cert_req_create(const char **pcsr_der_64, const char *name, apr_array_header_t *domains, int must_staple, md_pkey_t *pkey, apr_pool_t *p)
Definition md_crypt.c:1779
md_pkeys_spec_count
int md_pkeys_spec_count(const md_pkeys_spec_t *pks)
Definition md_crypt.c:555
md_cert_make
md_cert_t * md_cert_make(apr_pool_t *p, void *x509)
Definition md_crypt.c:1168
md_cert_is_valid_now
int md_cert_is_valid_now(const md_cert_t *cert)
Definition md_crypt.c:1201
md_crypt_init
apr_status_t md_crypt_init(apr_pool_t *pool)
Definition md_crypt.c:133
md_cert_get_alt_names
apr_status_t md_cert_get_alt_names(apr_array_header_t **pnames, const md_cert_t *cert, apr_pool_t *p)
Definition md_crypt.c:1295
md_pkeys_spec_contains_rsa
int md_pkeys_spec_contains_rsa(md_pkeys_spec_t *pks)
Definition md_crypt.c:305
md_cert_from_base64url
apr_status_t md_cert_from_base64url(md_cert_t **pcert, const char *s64, apr_pool_t *p)
md_cert_state_t
md_cert_state_t
Definition md_crypt.h:131
MD_CERT_VALID
@ MD_CERT_VALID
Definition md_crypt.h:133
MD_CERT_EXPIRED
@ MD_CERT_EXPIRED
Definition md_crypt.h:134
MD_CERT_UNKNOWN
@ MD_CERT_UNKNOWN
Definition md_crypt.h:132
md_pkey_fsave
apr_status_t md_pkey_fsave(md_pkey_t *pkey, apr_pool_t *p, const char *pass_phrase, apr_size_t pass_len, const char *fname, apr_fileperms_t perms)
Definition md_crypt.c:691
md_cert_has_expired
int md_cert_has_expired(const md_cert_t *cert)
Definition md_crypt.c:1207
md_cert_make_tls_alpn_01
apr_status_t md_cert_make_tls_alpn_01(md_cert_t **pcert, const char *domain, const char *acme_id, md_pkey_t *pkey, apr_interval_time_t valid_for, apr_pool_t *p)
Definition md_crypt.c:2000
md_cert_get_ct_scts
apr_status_t md_cert_get_ct_scts(apr_array_header_t *scts, apr_pool_t *p, const md_cert_t *cert)
Definition md_crypt.c:2066
md_cert_read_http
apr_status_t md_cert_read_http(md_cert_t **pcert, apr_pool_t *pool, const struct md_http_response_t *res)
md_pkeys_spec_make
md_pkeys_spec_t * md_pkeys_spec_make(apr_pool_t *p)
Definition md_crypt.c:281
md_crypt_hmac64
apr_status_t md_crypt_hmac64(const char **pmac64, const struct md_data_t *hmac_key, apr_pool_t *p, const char *d, size_t dlen)
md_pkeys_spec_eq
int md_pkeys_spec_eq(md_pkeys_spec_t *pks1, md_pkeys_spec_t *pks2)
Definition md_crypt.c:482
md_pkeys_spec_clone
md_pkeys_spec_t * md_pkeys_spec_clone(apr_pool_t *p, const md_pkeys_spec_t *pks)
Definition md_crypt.c:538
md_pkey_gen
apr_status_t md_pkey_gen(md_pkey_t **ppkey, apr_pool_t *p, md_pkey_spec_t *key_props)
Definition md_crypt.c:933
md_cert_get_X509
void * md_cert_get_X509(const md_cert_t *cert)
Definition md_crypt.c:1175
md_cert_fsave
apr_status_t md_cert_fsave(md_cert_t *cert, apr_pool_t *p, const char *fname, apr_fileperms_t perms)
Definition md_crypt.c:1403
md_cert_state_get
md_cert_state_t md_cert_state_get(const md_cert_t *cert)
Definition md_crypt.c:1593
md_check_cert_and_pkey
apr_status_t md_check_cert_and_pkey(struct apr_array_header_t *certs, md_pkey_t *pkey)
Definition md_crypt.c:2131
md_pkeys_spec_add_default
void md_pkeys_spec_add_default(md_pkeys_spec_t *pks)
Definition md_crypt.c:296
md_pkeys_spec_from_json
md_pkeys_spec_t * md_pkeys_spec_from_json(struct md_json_t *json, apr_pool_t *p)
Definition md_crypt.c:439
md_pkeys_spec_add
void md_pkeys_spec_add(md_pkeys_spec_t *pks, md_pkey_spec_t *spec)
Definition md_crypt.c:291
md_cert_covers_domain
int md_cert_covers_domain(md_cert_t *cert, const char *domain_name)
Definition md_crypt.c:1230
md_nid_get_lname
const char * md_nid_get_lname(int nid)
Definition md_crypt.c:2061
md_pkeys_spec_add_ec
void md_pkeys_spec_add_ec(md_pkeys_spec_t *pks, const char *curve)
Definition md_crypt.c:338
md_pkeys_spec_is_empty
int md_pkeys_spec_is_empty(const md_pkeys_spec_t *pks)
Definition md_crypt.c:533
md_cert_get_not_after
apr_time_t md_cert_get_not_after(const md_cert_t *cert)
Definition md_crypt.c:1212
md_pkeys_spec_add_rsa
void md_pkeys_spec_add_rsa(md_pkeys_spec_t *pks, unsigned int bits)
Definition md_crypt.c:316
md_cert_to_base64url
apr_status_t md_cert_to_base64url(const char **ps64, const md_cert_t *cert, apr_pool_t *p)
Definition md_crypt.c:1416
md_pkey_get_EVP_PKEY
void * md_pkey_get_EVP_PKEY(struct md_pkey_t *pkey)
Definition md_crypt.c:595
md_chain_fsave
apr_status_t md_chain_fsave(struct apr_array_header_t *certs, apr_pool_t *p, const char *fname, apr_fileperms_t perms)
Definition md_crypt.c:1656
md_pkeys_spec_contains_ec
int md_pkeys_spec_contains_ec(md_pkeys_spec_t *pks, const char *curve)
Definition md_crypt.c:326
md_crypt_sha256_digest_hex
apr_status_t md_crypt_sha256_digest_hex(const char **pdigesthex, apr_pool_t *p, const struct md_data_t *data)
p
apr_pool_t * p
Definition md_event.c:32
name
char * name
Definition ssl_engine_vars.c:563
nid
int nid
Definition ssl_engine_vars.c:564
apr_array_header_t
Definition apr_tables.h:62
apr_pool_t
Definition apr_pools.c:562
md_cert_t
Definition md_crypt.c:1144
md_cert_t::x509
X509 * x509
Definition md_crypt.c:1146
md_data_t
Definition md_util.h:41
md_http_response_t
Definition md_http.h:78
md_json_t
Definition md_json.c:56
md_pkey_ec_params_t
Definition md_crypt.h:59
md_pkey_ec_params_t::curve
const char * curve
Definition md_crypt.h:60
md_pkey_rsa_params_t
Definition md_crypt.h:55
md_pkey_rsa_params_t::bits
apr_uint32_t bits
Definition md_crypt.h:56
md_pkey_spec_t
Definition md_crypt.h:63
md_pkey_spec_t::type
md_pkey_type_t type
Definition md_crypt.h:64
md_pkey_spec_t::ec
md_pkey_ec_params_t ec
Definition md_crypt.h:67
md_pkey_spec_t::rsa
md_pkey_rsa_params_t rsa
Definition md_crypt.h:66
md_pkey_spec_t::params
union md_pkey_spec_t::@24 params
md_pkey_t
Definition md_crypt.c:70
md_pkeys_spec_t
Definition md_crypt.h:71
md_pkeys_spec_t::p
apr_pool_t * p
Definition md_crypt.h:72
md_pkeys_spec_t::specs
struct apr_array_header_t * specs
Definition md_crypt.h:73
md_sct
Definition md_crypt.h:245
md_sct::version
int version
Definition md_crypt.h:246
md_sct::timestamp
apr_time_t timestamp
Definition md_crypt.h:247
md_sct::signature_type_nid
int signature_type_nid
Definition md_crypt.h:249
md_sct::signature
struct md_data_t * signature
Definition md_crypt.h:250
md_sct::logid
struct md_data_t * logid
Definition md_crypt.h:248
md_t
Definition md.h:76
md_timeperiod_t
Definition md_time.h:27
Generated by doxygen 1.9.8