cryptlib  3.4.1
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Properties Macros
scep.h
Go to the documentation of this file.
1 /****************************************************************************
2 * *
3 * SCEP Definitions Header File *
4 * Copyright Peter Gutmann 1999-2007 *
5 * *
6 ****************************************************************************/
7 
8 #ifndef _SCEP_DEFINED
9 
10 #define _SCEP_DEFINED
11 
12 /* Various SCEP constants */
13 
14 #define SCEP_NONCE_SIZE 16
15 
16 /* SCEP protocol-specific flags that augment the general session flags */
17 
18 #define SCEP_PFLAG_NONE 0x00 /* No protocol-specific flags */
19 #define SCEP_PFLAG_PNPPKI 0x01 /* Session is PnP PKI-capable */
20 
21 /* The SCEP message type, status, and failure information. For some
22  bizarre reason these integer values are communicated as text strings */
23 
24 #define MESSAGETYPE_CERTREP "3"
25 #define MESSAGETYPE_PKCSREQ "19"
26 
27 #define MESSAGESTATUS_SUCCESS "0"
28 #define MESSAGESTATUS_FAILURE "2"
29 #define MESSAGESTATUS_PENDING "3"
30 
31 #define MESSAGEFAILINFO_BADALG "0"
32 #define MESSAGEFAILINFO_BADMESSAGECHECK "1"
33 #define MESSAGEFAILINFO_BADREQUEST "2"
34 #define MESSAGEFAILINFO_BADTIME "3"
35 #define MESSAGEFAILINFO_BADCERTID "4"
36 
37 #define MESSAGESTATUS_SIZE 1
38 #define MESSAGEFAILINFO_SIZE 1
39 
40 /* Numeric equivalents of the above, to make them easier to work with */
41 
42 #define MESSAGETYPE_CERTREP_VALUE 3
43 #define MESSAGETYPE_PKCSREQ_VALUE 19
44 
45 #define MESSAGESTATUS_SUCCESS_VALUE 0
46 #define MESSAGESTATUS_FAILURE_VALUE 2
47 #define MESSAGESTATUS_PENDING_VALUE 3
48 
49 /* SCEP HTTP content type */
50 
51 #define SCEP_CONTENT_TYPE "application/x-pki-message"
52 #define SCEP_CONTENT_TYPE_LEN 25
53 #define SCEP_CONTENT_TYPE_GETCACERT "application/x-x509-ca-cert"
54 #define SCEP_CONTENT_TYPE_GETCACERT_LEN 26
55 #define SCEP_CONTENT_TYPE_GETCACERTCHAIN "application/x-x509-ca-ra-cert-chain"
56 #define SCEP_CONTENT_TYPE_GETCACERTCHAIN_LEN 35
57 
58 /* SCEP protocol state information. This is passed around various
59  subfunctions that handle individual parts of the protocol */
60 
61 typedef struct {
62  /* Identification/state variable information. SCEP uses a single
63  nonce, but when present in the initiator's message it's identified
64  as a sender nonce and when present in the responder's message
65  it's identified as a recipient nonce.
66 
67  In order to accommodate nonstandard implementations, we allow for
68  nonces that are slightly larger than the required size */
69  BUFFER( CRYPT_MAX_HASHSIZE, transIDsize ) \
70  BYTE transID[ CRYPT_MAX_HASHSIZE + 8 ]; /* Transaction nonce */
71  BUFFER( CRYPT_MAX_HASHSIZE, nonceSize ) \
72  BYTE nonce[ CRYPT_MAX_HASHSIZE + 8 ]; /* Nonce */
73  int transIDsize, nonceSize;
74 
75  /* When sending/receiving SCEP messages, the user has to sign the
76  request data and decrypt the response data. Since they don't
77  have a certificate at this point, they need to create an ephemeral
78  self-signed certificate to handle this task */
79  CRYPT_CERTIFICATE iScepCert;
80  } SCEP_PROTOCOL_INFO;
81 
82 /* Prototypes for functions in scep.c */
83 
84 STDC_NONNULL_ARG( ( 1 ) ) \
85 void initSCEPprotocolInfo( OUT SCEP_PROTOCOL_INFO *protocolInfo );
86 STDC_NONNULL_ARG( ( 1 ) ) \
87 void destroySCEPprotocolInfo( INOUT SCEP_PROTOCOL_INFO *protocolInfo );
88 CHECK_RETVAL_BOOL \
89 BOOLEAN checkCACert( IN_HANDLE const CRYPT_CERTIFICATE iCaCert );
90 CHECK_RETVAL STDC_NONNULL_ARG( ( 1 ) ) \
91 int processKeyFingerprint( INOUT SESSION_INFO *sessionInfoPtr );
92 CHECK_RETVAL STDC_NONNULL_ARG( ( 3 ) ) \
93 int getScepStatusValue( IN_HANDLE const CRYPT_CERTIFICATE iCmsAttributes,
94  IN_ATTRIBUTE const CRYPT_ATTRIBUTE_TYPE attributeType,
95  OUT int *value );
96 CHECK_RETVAL STDC_NONNULL_ARG( ( 1, 2, 3 ) ) \
97 int createScepAttributes( INOUT SESSION_INFO *sessionInfoPtr,
98  INOUT SCEP_PROTOCOL_INFO *protocolInfo,
99  OUT_HANDLE_OPT CRYPT_CERTIFICATE *iScepAttributes,
100  const BOOLEAN isInitiator,
101  IN_STATUS const int scepStatus );
102 
103 /* Prototypes for functions in scep_cli/scep_svr.c */
104 
105 STDC_NONNULL_ARG( ( 1 ) ) \
106 void initSCEPclientProcessing( SESSION_INFO *sessionInfoPtr );
107 STDC_NONNULL_ARG( ( 1 ) ) \
108 void initSCEPserverProcessing( SESSION_INFO *sessionInfoPtr );
109 
110 #endif /* _SCEP_DEFINED */
Generated on Thu Jan 10 2013 10:00:52 for cryptlib by   doxygen 1.8.2