#ifndef __CRYPTO_FACTORY_H__ #define __CRYPTO_FACTORY_H__ /******************************************************************************/ /* */ /* X r d C r y p t o F a c t o r y . h h */ /* */ /* (c) 2004 by the Board of Trustees of the Leland Stanford, Jr., University */ /* Produced by Gerri Ganis for CERN */ /* */ /* This file is part of the XRootD software suite. */ /* */ /* XRootD is free software: you can redistribute it and/or modify it under */ /* the terms of the GNU Lesser General Public License as published by the */ /* Free Software Foundation, either version 3 of the License, or (at your */ /* option) any later version. */ /* */ /* XRootD is distributed in the hope that it will be useful, but WITHOUT */ /* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or */ /* FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public */ /* License for more details. */ /* */ /* You should have received a copy of the GNU Lesser General Public License */ /* along with XRootD in a file called COPYING.LESSER (LGPL license) and file */ /* COPYING (GPL license). If not, see . */ /* */ /* The copyright holder's institutional names and contributor's names may not */ /* be used to endorse or promote products derived from this software without */ /* specific prior written permission of the institution or contributor. */ /******************************************************************************/ /* ************************************************************************** */ /* */ /* Abstract interface for a crypto factory */ /* Allows to plug-in modules based on different crypto implementation */ /* (OpenSSL, Botan, ...) */ /* */ /* ************************************************************************** */ #include "XrdCrypto/XrdCryptoAux.hh" #define MAXFACTORYNAMELEN 10 // ---------------------------------------------------------------------------// // // Abstract Crypto Factory // // ---------------------------------------------------------------------------// class XrdSutBucket; class XrdOucString; class XrdCryptoCipher; class XrdCryptoMsgDigest; class XrdCryptoRSA; class XrdCryptoX509; class XrdCryptoX509Chain; class XrdCryptogsiX509Chain; class XrdCryptoX509Crl; class XrdCryptoX509Req; class XrdTlsPeerCerts; // // Prototypes for some Utility Functions // Key derivation function typedef int (*XrdCryptoKDFunLen_t)(); typedef int (*XrdCryptoKDFun_t)(const char *pass, int plen, const char *salt, int slen, char *key, int klen); // X509 manipulation: certificate verification typedef bool (*XrdCryptoX509VerifyCert_t)(XrdCryptoX509 *c, XrdCryptoX509 *r); // chain verification typedef bool (*XrdCryptoX509VerifyChain_t)(XrdCryptoX509Chain *chain, int &errcode); // chain export typedef XrdSutBucket *(*XrdCryptoX509ExportChain_t)(XrdCryptoX509Chain *, bool); // chain to file typedef int (*XrdCryptoX509ChainToFile_t)(XrdCryptoX509Chain *, const char *); // certificates from file parsing typedef int (*XrdCryptoX509ParseFile_t)(const char *fname, XrdCryptoX509Chain *, const char *); // certificates from STACK_OF(X509*) typedef int (*XrdCryptoX509ParseStack_t)(XrdTlsPeerCerts* pc, XrdCryptoX509Chain *c); // certificates from bucket parsing typedef int (*XrdCryptoX509ParseBucket_t)(XrdSutBucket *, XrdCryptoX509Chain *); // Proxies // The OID of the extension #define gsiProxyCertInfo_OLD_OID "1.3.6.1.4.1.3536.1.222" #define gsiProxyCertInfo_OID "1.3.6.1.5.5.7.1.14" // check presence of proxyCertInfo extension (RFC 3820) typedef bool (*XrdCryptoProxyCertInfo_t)(const void *, int &, bool *); // set path length constraint typedef void (*XrdCryptoSetPathLenConstraint_t)(void *, int); // create a proxy certificate typedef struct { int bits; // Number of bits in the RSA key [512] int valid; // Duration validity in secs [43200 (12 hours)] int depthlen; // Maximum depth of the path of proxy certificates // that can signed by this proxy certificates // [-1 (== unlimited)] } XrdProxyOpt_t; typedef int (*XrdCryptoX509CreateProxy_t)(const char *, const char *, XrdProxyOpt_t *, XrdCryptogsiX509Chain *, XrdCryptoRSA **, const char *); // create a proxy certificate request typedef int (*XrdCryptoX509CreateProxyReq_t)(XrdCryptoX509 *, XrdCryptoX509Req **, XrdCryptoRSA **); // sign a proxy certificate request typedef int (*XrdCryptoX509SignProxyReq_t)(XrdCryptoX509 *, XrdCryptoRSA *, XrdCryptoX509Req *, XrdCryptoX509 **); // check consistency of a GSI 3 compliant proxy typedef int (*XrdCryptoX509CheckProxy3_t)(XrdCryptoX509 *, XrdOucString &); // get VOMS attributes typedef int (*XrdCryptoX509GetVOMSAttr_t)(XrdCryptoX509 *, XrdOucString &); class XrdCryptoFactory { private: char name[MAXFACTORYNAMELEN]; int fID; public: XrdCryptoFactory(const char *n = "Unknown", int id = -1); virtual ~XrdCryptoFactory() { } // Set trace flags virtual void SetTrace(kXR_int32 trace); // Get the factory name char *Name() const { return (char *)&name[0]; } int ID() const { return fID; } // Get the right factory static XrdCryptoFactory *GetCryptoFactory(const char *factoryname); // Any possible notification virtual void Notify() { } // Hook to a Key Derivation Function (PBKDF2 when possible) virtual XrdCryptoKDFunLen_t KDFunLen(); // Length of buffer virtual XrdCryptoKDFun_t KDFun(); // Cipher constructors virtual bool SupportedCipher(const char *t); virtual bool HasPaddingSupport(); virtual XrdCryptoCipher *Cipher(const char *t, int l = 0); virtual XrdCryptoCipher *Cipher(const char *t, int l, const char *k, int liv, const char *iv); virtual XrdCryptoCipher *Cipher(XrdSutBucket *b); virtual XrdCryptoCipher *Cipher(int bits, char *pub, int lpub, const char *t = 0); virtual XrdCryptoCipher *Cipher(bool padded, int bits, char *pub, int lpub, const char *t); virtual XrdCryptoCipher *Cipher(const XrdCryptoCipher &c); // MsgDigest constructors virtual bool SupportedMsgDigest(const char *dgst); virtual XrdCryptoMsgDigest *MsgDigest(const char *dgst); // RSA constructors virtual XrdCryptoRSA *RSA(int b = 0, int e = 0); virtual XrdCryptoRSA *RSA(const char *p, int l = 0); virtual XrdCryptoRSA *RSA(const XrdCryptoRSA &r); // X509 constructors virtual XrdCryptoX509 *X509(const char *cf, const char *kf = 0); virtual XrdCryptoX509 *X509(XrdSutBucket *b); // X509 CRL constructors virtual XrdCryptoX509Crl *X509Crl(const char *crlfile, int opt = 0); virtual XrdCryptoX509Crl *X509Crl(XrdCryptoX509 *cacert); // X509 REQ constructors virtual XrdCryptoX509Req *X509Req(XrdSutBucket *bck); // Hooks to handle X509 certificates virtual XrdCryptoX509VerifyCert_t X509VerifyCert(); virtual XrdCryptoX509VerifyChain_t X509VerifyChain(); virtual XrdCryptoX509ParseFile_t X509ParseFile(); virtual XrdCryptoX509ParseStack_t X509ParseStack(); virtual XrdCryptoX509ParseBucket_t X509ParseBucket(); virtual XrdCryptoX509ExportChain_t X509ExportChain(); virtual XrdCryptoX509ChainToFile_t X509ChainToFile(); // Hooks to handle X509 proxy certificates virtual XrdCryptoProxyCertInfo_t ProxyCertInfo(); virtual XrdCryptoSetPathLenConstraint_t SetPathLenConstraint(); virtual XrdCryptoX509CreateProxy_t X509CreateProxy(); virtual XrdCryptoX509CreateProxyReq_t X509CreateProxyReq(); virtual XrdCryptoX509SignProxyReq_t X509SignProxyReq(); virtual XrdCryptoX509CheckProxy3_t X509CheckProxy3(); virtual XrdCryptoX509GetVOMSAttr_t X509GetVOMSAttr(); // Equality operator bool operator==(const XrdCryptoFactory factory); }; #endif