1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
/*
* Copyright (C) 2012 Tobias Brunner
* Copyright (C) 2005 Jan Hutter, Martin Willi
* Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#ifndef _SCEP_H
#define _SCEP_H
#include <credentials/containers/pkcs7.h>
#include <credentials/certificates/certificate.h>
/* supported SCEP operation types */
typedef enum {
SCEP_PKI_OPERATION,
SCEP_GET_CA_CERT
} scep_op_t;
/* SCEP pkiStatus values */
typedef enum {
SCEP_SUCCESS,
SCEP_FAILURE,
SCEP_PENDING,
SCEP_UNKNOWN
} pkiStatus_t;
/* SCEP messageType values */
typedef enum {
SCEP_CertRep_MSG,
SCEP_PKCSReq_MSG,
SCEP_GetCertInitial_MSG,
SCEP_GetCert_MSG,
SCEP_GetCRL_MSG,
SCEP_Unknown_MSG
} scep_msg_t;
/* SCEP failure reasons */
typedef enum {
SCEP_badAlg_REASON = 0,
SCEP_badMessageCheck_REASON = 1,
SCEP_badRequest_REASON = 2,
SCEP_badTime_REASON = 3,
SCEP_badCertId_REASON = 4,
SCEP_unknown_REASON = 5
} failInfo_t;
/* SCEP attributes */
typedef struct {
scep_msg_t msgType;
pkiStatus_t pkiStatus;
failInfo_t failInfo;
chunk_t transID;
chunk_t senderNonce;
chunk_t recipientNonce;
} scep_attributes_t;
extern const scep_attributes_t empty_scep_attributes;
bool parse_attributes(chunk_t blob, scep_attributes_t *attrs);
void scep_generate_transaction_id(public_key_t *key,
chunk_t *transID,
chunk_t *serialNumber);
chunk_t scep_generate_pkcs10_fingerprint(chunk_t pkcs10);
chunk_t scep_transId_attribute(chunk_t transaction_id);
chunk_t scep_messageType_attribute(scep_msg_t m);
chunk_t scep_senderNonce_attribute(void);
chunk_t scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg,
certificate_t *enc_cert, encryption_algorithm_t enc_alg,
size_t key_size, certificate_t *signer_cert,
hash_algorithm_t digest_alg, private_key_t *private_key);
bool scep_http_request(const char *url, chunk_t msg, scep_op_t op,
bool http_get_request, u_int timeout, char *src,
chunk_t *response);
err_t scep_parse_response(chunk_t response, chunk_t transID,
container_t **out, scep_attributes_t *attrs);
#endif /* _SCEP_H */
|