include/git2/cert.h

0001 /*
0002  * Copyright (C) the libgit2 contributors. All rights reserved.
0003  *
0004  * This file is part of libgit2, distributed under the GNU GPL v2 with
0005  * a Linking Exception. For full terms see the included COPYING file.
0006  */
0007 #ifndef INCLUDE_git_cert_h__
0008 #define INCLUDE_git_cert_h__
0009
0010 #include "common.h"
0011 #include "types.h"
0012
0013 /**
0014  * @file git2/cert.h
0015  * @brief Git certificate objects
0016  * @defgroup git_cert Certificate objects
0017  * @ingroup Git
0018  * @{
0019  */
0020 GIT_BEGIN_DECL
0021
0022 /**
0023  * Type of host certificate structure that is passed to the check callback
0024  */
0025 typedef enum git_cert_t {
0026     /**
0027      * No information about the certificate is available. This may
0028      * happen when using curl.
0029      */
0030     GIT_CERT_NONE,
0031     /**
0032      * The `data` argument to the callback will be a pointer to
0033      * the DER-encoded data.
0034      */
0035     GIT_CERT_X509,
0036     /**
0037      * The `data` argument to the callback will be a pointer to a
0038      * `git_cert_hostkey` structure.
0039      */
0040     GIT_CERT_HOSTKEY_LIBSSH2,
0041     /**
0042      * The `data` argument to the callback will be a pointer to a
0043      * `git_strarray` with `name:content` strings containing
0044      * information about the certificate. This is used when using
0045      * curl.
0046      */
0047     GIT_CERT_STRARRAY
0048 } git_cert_t;
0049
0050 /**
0051  * Parent type for `git_cert_hostkey` and `git_cert_x509`.
0052  */
0053 struct git_cert {
0054     /**
0055      * Type of certificate. A `GIT_CERT_` value.
0056      */
0057     git_cert_t cert_type;
0058 };
0059
0060 /**
0061  * Callback for the user's custom certificate checks.
0062  *
0063  * @param cert The host certificate
0064  * @param valid Whether the libgit2 checks (OpenSSL or WinHTTP) think
0065  * this certificate is valid
0066  * @param host Hostname of the host libgit2 connected to
0067  * @param payload Payload provided by the caller
0068  * @return 0 to proceed with the connection, < 0 to fail the connection
0069  *         or > 0 to indicate that the callback refused to act and that
0070  *         the existing validity determination should be honored
0071  */
0072 typedef int GIT_CALLBACK(git_transport_certificate_check_cb)(git_cert *cert, int valid, const char *host, void *payload);
0073
0074 /**
0075  * Type of SSH host fingerprint
0076  */
0077 typedef enum {
0078     /** MD5 is available */
0079     GIT_CERT_SSH_MD5 = (1 << 0),
0080     /** SHA-1 is available */
0081     GIT_CERT_SSH_SHA1 = (1 << 1),
0082     /** SHA-256 is available */
0083     GIT_CERT_SSH_SHA256 = (1 << 2),
0084     /** Raw hostkey is available */
0085     GIT_CERT_SSH_RAW = (1 << 3)
0086 } git_cert_ssh_t;
0087
0088 typedef enum {
0089     /** The raw key is of an unknown type. */
0090     GIT_CERT_SSH_RAW_TYPE_UNKNOWN = 0,
0091     /** The raw key is an RSA key. */
0092     GIT_CERT_SSH_RAW_TYPE_RSA = 1,
0093     /** The raw key is a DSS key. */
0094     GIT_CERT_SSH_RAW_TYPE_DSS = 2,
0095     /** The raw key is a ECDSA 256 key. */
0096     GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_256 = 3,
0097     /** The raw key is a ECDSA 384 key. */
0098     GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_384 = 4,
0099     /** The raw key is a ECDSA 521 key. */
0100     GIT_CERT_SSH_RAW_TYPE_KEY_ECDSA_521 = 5,
0101     /** The raw key is a ED25519 key. */
0102     GIT_CERT_SSH_RAW_TYPE_KEY_ED25519 = 6
0103 } git_cert_ssh_raw_type_t;
0104
0105 /**
0106  * Hostkey information taken from libssh2
0107  */
0108 typedef struct {
0109     git_cert parent; /**< The parent cert */
0110
0111     /**
0112      * A bitmask containing the available fields.
0113      */
0114     git_cert_ssh_t type;
0115
0116     /**
0117      * Hostkey hash. If `type` has `GIT_CERT_SSH_MD5` set, this will
0118      * have the MD5 hash of the hostkey.
0119      */
0120     unsigned char hash_md5[16];
0121
0122     /**
0123      * Hostkey hash. If `type` has `GIT_CERT_SSH_SHA1` set, this will
0124      * have the SHA-1 hash of the hostkey.
0125      */
0126     unsigned char hash_sha1[20];
0127
0128     /**
0129      * Hostkey hash. If `type` has `GIT_CERT_SSH_SHA256` set, this will
0130      * have the SHA-256 hash of the hostkey.
0131      */
0132     unsigned char hash_sha256[32];
0133
0134     /**
0135      * Raw hostkey type. If `type` has `GIT_CERT_SSH_RAW` set, this will
0136      * have the type of the raw hostkey.
0137      */
0138     git_cert_ssh_raw_type_t raw_type;
0139
0140     /**
0141      * Pointer to the raw hostkey. If `type` has `GIT_CERT_SSH_RAW` set,
0142      * this will have the raw contents of the hostkey.
0143      */
0144     const char *hostkey;
0145
0146     /**
0147      * Raw hostkey length. If `type` has `GIT_CERT_SSH_RAW` set, this will
0148      * have the length of the raw contents of the hostkey.
0149      */
0150     size_t hostkey_len;
0151 } git_cert_hostkey;
0152
0153 /**
0154  * X.509 certificate information
0155  */
0156 typedef struct {
0157     git_cert parent; /**< The parent cert */
0158
0159     /**
0160      * Pointer to the X.509 certificate data
0161      */
0162     void *data;
0163
0164     /**
0165      * Length of the memory block pointed to by `data`.
0166      */
0167     size_t len;
0168 } git_cert_x509;
0169
0170 /** @} */
0171 GIT_END_DECL
0172 #endif