include/openssl/store.h

0001 /*
0002  * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
0003  *
0004  * Licensed under the Apache License 2.0 (the "License").  You may not use
0005  * this file except in compliance with the License.  You can obtain a copy
0006  * in the file LICENSE in the source distribution or at
0007  * https://www.openssl.org/source/license.html
0008  */
0009
0010 #ifndef OPENSSL_STORE_H
0011 # define OPENSSL_STORE_H
0012 # pragma once
0013
0014 # include <openssl/macros.h>
0015 # ifndef OPENSSL_NO_DEPRECATED_3_0
0016 #  define HEADER_OSSL_STORE_H
0017 # endif
0018
0019 # include <stdarg.h>
0020 # include <openssl/types.h>
0021 # include <openssl/pem.h>
0022 # include <openssl/storeerr.h>
0023
0024 # ifdef  __cplusplus
0025 extern "C" {
0026 # endif
0027
0028 /*-
0029  *  The main OSSL_STORE functions.
0030  *  ------------------------------
0031  *
0032  *  These allow applications to open a channel to a resource with supported
0033  *  data (keys, certs, crls, ...), read the data a piece at a time and decide
0034  *  what to do with it, and finally close.
0035  */
0036
0037 typedef struct ossl_store_ctx_st OSSL_STORE_CTX;
0038
0039 /*
0040  * Typedef for the OSSL_STORE_INFO post processing callback.  This can be used
0041  * to massage the given OSSL_STORE_INFO, or to drop it entirely (by returning
0042  * NULL).
0043  */
0044 typedef OSSL_STORE_INFO *(*OSSL_STORE_post_process_info_fn)(OSSL_STORE_INFO *,
0045                                                             void *);
0046
0047 /*
0048  * Open a channel given a URI.  The given UI method will be used any time the
0049  * loader needs extra input, for example when a password or pin is needed, and
0050  * will be passed the same user data every time it's needed in this context.
0051  *
0052  * Returns a context reference which represents the channel to communicate
0053  * through.
0054  */
0055 OSSL_STORE_CTX *
0056 OSSL_STORE_open(const char *uri, const UI_METHOD *ui_method, void *ui_data,
0057                 OSSL_STORE_post_process_info_fn post_process,
0058                 void *post_process_data);
0059 OSSL_STORE_CTX *
0060 OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
0061                    const UI_METHOD *ui_method, void *ui_data,
0062                    const OSSL_PARAM params[],
0063                    OSSL_STORE_post_process_info_fn post_process,
0064                    void *post_process_data);
0065
0066 /*
0067  * Control / fine tune the OSSL_STORE channel.  |cmd| determines what is to be
0068  * done, and depends on the underlying loader (use OSSL_STORE_get0_scheme to
0069  * determine which loader is used), except for common commands (see below).
0070  * Each command takes different arguments.
0071  */
0072 # ifndef OPENSSL_NO_DEPRECATED_3_0
0073 OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_ctrl(OSSL_STORE_CTX *ctx, int cmd,
0074                                           ... /* args */);
0075 OSSL_DEPRECATEDIN_3_0 int OSSL_STORE_vctrl(OSSL_STORE_CTX *ctx, int cmd,
0076                                            va_list args);
0077 # endif
0078
0079 # ifndef OPENSSL_NO_DEPRECATED_3_0
0080
0081 /*
0082  * Common ctrl commands that different loaders may choose to support.
0083  */
0084 /* int on = 0 or 1; STORE_ctrl(ctx, STORE_C_USE_SECMEM, &on); */
0085 # define OSSL_STORE_C_USE_SECMEM      1
0086 /* Where custom commands start */
0087 # define OSSL_STORE_C_CUSTOM_START    100
0088
0089 # endif
0090
0091 /*
0092  * Read one data item (a key, a cert, a CRL) that is supported by the OSSL_STORE
0093  * functionality, given a context.
0094  * Returns a OSSL_STORE_INFO pointer, from which OpenSSL typed data can be
0095  * extracted with OSSL_STORE_INFO_get0_PKEY(), OSSL_STORE_INFO_get0_CERT(), ...
0096  * NULL is returned on error, which may include that the data found at the URI
0097  * can't be figured out for certain or is ambiguous.
0098  */
0099 OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx);
0100
0101 /*
0102  * Deletes the object in the store by URI.
0103  * Returns 1 on success, 0 otherwise.
0104  */
0105 int OSSL_STORE_delete(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
0106                       const UI_METHOD *ui_method, void *ui_data,
0107                       const OSSL_PARAM params[]);
0108
0109 /*
0110  * Check if end of data (end of file) is reached
0111  * Returns 1 on end, 0 otherwise.
0112  */
0113 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx);
0114
0115 /*
0116  * Check if an error occurred
0117  * Returns 1 if it did, 0 otherwise.
0118  */
0119 int OSSL_STORE_error(OSSL_STORE_CTX *ctx);
0120
0121 /*
0122  * Close the channel
0123  * Returns 1 on success, 0 on error.
0124  */
0125 int OSSL_STORE_close(OSSL_STORE_CTX *ctx);
0126
0127 /*
0128  * Attach to a BIO.  This works like OSSL_STORE_open() except it takes a
0129  * BIO instead of a uri, along with a scheme to use when reading.
0130  * The given UI method will be used any time the loader needs extra input,
0131  * for example when a password or pin is needed, and will be passed the
0132  * same user data every time it's needed in this context.
0133  *
0134  * Returns a context reference which represents the channel to communicate
0135  * through.
0136  *
0137  * Note that this function is considered unsafe, all depending on what the
0138  * BIO actually reads.
0139  */
0140 OSSL_STORE_CTX *OSSL_STORE_attach(BIO *bio, const char *scheme,
0141                                   OSSL_LIB_CTX *libctx, const char *propq,
0142                                   const UI_METHOD *ui_method, void *ui_data,
0143                                   const OSSL_PARAM params[],
0144                                   OSSL_STORE_post_process_info_fn post_process,
0145                                   void *post_process_data);
0146
0147 /*-
0148  *  Extracting OpenSSL types from and creating new OSSL_STORE_INFOs
0149  *  ---------------------------------------------------------------
0150  */
0151
0152 /*
0153  * Types of data that can be ossl_stored in a OSSL_STORE_INFO.
0154  * OSSL_STORE_INFO_NAME is typically found when getting a listing of
0155  * available "files" / "tokens" / what have you.
0156  */
0157 # define OSSL_STORE_INFO_NAME           1   /* char * */
0158 # define OSSL_STORE_INFO_PARAMS         2   /* EVP_PKEY * */
0159 # define OSSL_STORE_INFO_PUBKEY         3   /* EVP_PKEY * */
0160 # define OSSL_STORE_INFO_PKEY           4   /* EVP_PKEY * */
0161 # define OSSL_STORE_INFO_CERT           5   /* X509 * */
0162 # define OSSL_STORE_INFO_CRL            6   /* X509_CRL * */
0163
0164 /*
0165  * Functions to generate OSSL_STORE_INFOs, one function for each type we
0166  * support having in them, as well as a generic constructor.
0167  *
0168  * In all cases, ownership of the object is transferred to the OSSL_STORE_INFO
0169  * and will therefore be freed when the OSSL_STORE_INFO is freed.
0170  */
0171 OSSL_STORE_INFO *OSSL_STORE_INFO_new(int type, void *data);
0172 OSSL_STORE_INFO *OSSL_STORE_INFO_new_NAME(char *name);
0173 int OSSL_STORE_INFO_set0_NAME_description(OSSL_STORE_INFO *info, char *desc);
0174 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PARAMS(EVP_PKEY *params);
0175 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PUBKEY(EVP_PKEY *pubkey);
0176 OSSL_STORE_INFO *OSSL_STORE_INFO_new_PKEY(EVP_PKEY *pkey);
0177 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CERT(X509 *x509);
0178 OSSL_STORE_INFO *OSSL_STORE_INFO_new_CRL(X509_CRL *crl);
0179
0180 /*
0181  * Functions to try to extract data from a OSSL_STORE_INFO.
0182  */
0183 int OSSL_STORE_INFO_get_type(const OSSL_STORE_INFO *info);
0184 void *OSSL_STORE_INFO_get0_data(int type, const OSSL_STORE_INFO *info);
0185 const char *OSSL_STORE_INFO_get0_NAME(const OSSL_STORE_INFO *info);
0186 char *OSSL_STORE_INFO_get1_NAME(const OSSL_STORE_INFO *info);
0187 const char *OSSL_STORE_INFO_get0_NAME_description(const OSSL_STORE_INFO *info);
0188 char *OSSL_STORE_INFO_get1_NAME_description(const OSSL_STORE_INFO *info);
0189 EVP_PKEY *OSSL_STORE_INFO_get0_PARAMS(const OSSL_STORE_INFO *info);
0190 EVP_PKEY *OSSL_STORE_INFO_get1_PARAMS(const OSSL_STORE_INFO *info);
0191 EVP_PKEY *OSSL_STORE_INFO_get0_PUBKEY(const OSSL_STORE_INFO *info);
0192 EVP_PKEY *OSSL_STORE_INFO_get1_PUBKEY(const OSSL_STORE_INFO *info);
0193 EVP_PKEY *OSSL_STORE_INFO_get0_PKEY(const OSSL_STORE_INFO *info);
0194 EVP_PKEY *OSSL_STORE_INFO_get1_PKEY(const OSSL_STORE_INFO *info);
0195 X509 *OSSL_STORE_INFO_get0_CERT(const OSSL_STORE_INFO *info);
0196 X509 *OSSL_STORE_INFO_get1_CERT(const OSSL_STORE_INFO *info);
0197 X509_CRL *OSSL_STORE_INFO_get0_CRL(const OSSL_STORE_INFO *info);
0198 X509_CRL *OSSL_STORE_INFO_get1_CRL(const OSSL_STORE_INFO *info);
0199
0200 const char *OSSL_STORE_INFO_type_string(int type);
0201
0202 /*
0203  * Free the OSSL_STORE_INFO
0204  */
0205 void OSSL_STORE_INFO_free(OSSL_STORE_INFO *info);
0206
0207
0208 /*-
0209  *  Functions to construct a search URI from a base URI and search criteria
0210  *  -----------------------------------------------------------------------
0211  */
0212
0213 /* OSSL_STORE search types */
0214 # define OSSL_STORE_SEARCH_BY_NAME              1 /* subject in certs, issuer in CRLs */
0215 # define OSSL_STORE_SEARCH_BY_ISSUER_SERIAL     2
0216 # define OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT   3
0217 # define OSSL_STORE_SEARCH_BY_ALIAS             4
0218
0219 /* To check what search types the scheme handler supports */
0220 int OSSL_STORE_supports_search(OSSL_STORE_CTX *ctx, int search_type);
0221
0222 /* Search term constructors */
0223 /*
0224  * The input is considered to be owned by the caller, and must therefore
0225  * remain present throughout the lifetime of the returned OSSL_STORE_SEARCH
0226  */
0227 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_name(X509_NAME *name);
0228 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_issuer_serial(X509_NAME *name,
0229                                                       const ASN1_INTEGER
0230                                                       *serial);
0231 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
0232                                                         const unsigned char
0233                                                         *bytes, size_t len);
0234 OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_alias(const char *alias);
0235
0236 /* Search term destructor */
0237 void OSSL_STORE_SEARCH_free(OSSL_STORE_SEARCH *search);
0238
0239 /* Search term accessors */
0240 int OSSL_STORE_SEARCH_get_type(const OSSL_STORE_SEARCH *criterion);
0241 X509_NAME *OSSL_STORE_SEARCH_get0_name(const OSSL_STORE_SEARCH *criterion);
0242 const ASN1_INTEGER *OSSL_STORE_SEARCH_get0_serial(const OSSL_STORE_SEARCH
0243                                                   *criterion);
0244 const unsigned char *OSSL_STORE_SEARCH_get0_bytes(const OSSL_STORE_SEARCH
0245                                                   *criterion, size_t *length);
0246 const char *OSSL_STORE_SEARCH_get0_string(const OSSL_STORE_SEARCH *criterion);
0247 const EVP_MD *OSSL_STORE_SEARCH_get0_digest(const OSSL_STORE_SEARCH *criterion);
0248
0249 /*
0250  * Add search criterion and expected return type (which can be unspecified)
0251  * to the loading channel.  This MUST happen before the first OSSL_STORE_load().
0252  */
0253 int OSSL_STORE_expect(OSSL_STORE_CTX *ctx, int expected_type);
0254 int OSSL_STORE_find(OSSL_STORE_CTX *ctx, const OSSL_STORE_SEARCH *search);
0255
0256
0257 /*-
0258  *  Function to fetch a loader and extract data from it
0259  *  ---------------------------------------------------
0260  */
0261
0262 typedef struct ossl_store_loader_st OSSL_STORE_LOADER;
0263
0264 OSSL_STORE_LOADER *OSSL_STORE_LOADER_fetch(OSSL_LIB_CTX *libctx,
0265                                            const char *scheme,
0266                                            const char *properties);
0267 int OSSL_STORE_LOADER_up_ref(OSSL_STORE_LOADER *loader);
0268 void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader);
0269 const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER *
0270                                                 loader);
0271 const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader);
0272 const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader);
0273 int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader,
0274                            const char *scheme);
0275 void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx,
0276                                        void (*fn)(OSSL_STORE_LOADER *loader,
0277                                                   void *arg),
0278                                        void *arg);
0279 int OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader,
0280                                    void (*fn)(const char *name, void *data),
0281                                    void *data);
0282 const OSSL_PARAM *
0283 OSSL_STORE_LOADER_settable_ctx_params(const OSSL_STORE_LOADER *loader);
0284
0285 /*-
0286  *  Function to register a loader for the given URI scheme.
0287  *  -------------------------------------------------------
0288  *
0289  *  The loader receives all the main components of an URI except for the
0290  *  scheme.
0291  */
0292
0293 # ifndef OPENSSL_NO_DEPRECATED_3_0
0294
0295 /* struct ossl_store_loader_ctx_st is defined differently by each loader */
0296 typedef struct ossl_store_loader_ctx_st OSSL_STORE_LOADER_CTX;
0297 typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_fn)
0298     (const OSSL_STORE_LOADER *loader, const char *uri,
0299      const UI_METHOD *ui_method, void *ui_data);
0300 typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_open_ex_fn)
0301     (const OSSL_STORE_LOADER *loader,
0302      const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
0303      const UI_METHOD *ui_method, void *ui_data);
0304
0305 typedef OSSL_STORE_LOADER_CTX *(*OSSL_STORE_attach_fn)
0306     (const OSSL_STORE_LOADER *loader, BIO *bio,
0307      OSSL_LIB_CTX *libctx, const char *propq,
0308      const UI_METHOD *ui_method, void *ui_data);
0309 typedef int (*OSSL_STORE_ctrl_fn)
0310     (OSSL_STORE_LOADER_CTX *ctx, int cmd, va_list args);
0311 typedef int (*OSSL_STORE_expect_fn)
0312     (OSSL_STORE_LOADER_CTX *ctx, int expected);
0313 typedef int (*OSSL_STORE_find_fn)
0314     (OSSL_STORE_LOADER_CTX *ctx, const OSSL_STORE_SEARCH *criteria);
0315 typedef OSSL_STORE_INFO *(*OSSL_STORE_load_fn)
0316     (OSSL_STORE_LOADER_CTX *ctx, const UI_METHOD *ui_method, void *ui_data);
0317 typedef int (*OSSL_STORE_eof_fn)(OSSL_STORE_LOADER_CTX *ctx);
0318 typedef int (*OSSL_STORE_error_fn)(OSSL_STORE_LOADER_CTX *ctx);
0319 typedef int (*OSSL_STORE_close_fn)(OSSL_STORE_LOADER_CTX *ctx);
0320
0321 # endif
0322 # ifndef OPENSSL_NO_DEPRECATED_3_0
0323 OSSL_DEPRECATEDIN_3_0
0324 OSSL_STORE_LOADER *OSSL_STORE_LOADER_new(ENGINE *e, const char *scheme);
0325 OSSL_DEPRECATEDIN_3_0
0326 int OSSL_STORE_LOADER_set_open(OSSL_STORE_LOADER *loader,
0327                                OSSL_STORE_open_fn open_function);
0328 OSSL_DEPRECATEDIN_3_0
0329 int OSSL_STORE_LOADER_set_open_ex(OSSL_STORE_LOADER *loader,
0330                                   OSSL_STORE_open_ex_fn open_ex_function);
0331 OSSL_DEPRECATEDIN_3_0
0332 int OSSL_STORE_LOADER_set_attach(OSSL_STORE_LOADER *loader,
0333                                  OSSL_STORE_attach_fn attach_function);
0334 OSSL_DEPRECATEDIN_3_0
0335 int OSSL_STORE_LOADER_set_ctrl(OSSL_STORE_LOADER *loader,
0336                                OSSL_STORE_ctrl_fn ctrl_function);
0337 OSSL_DEPRECATEDIN_3_0
0338 int OSSL_STORE_LOADER_set_expect(OSSL_STORE_LOADER *loader,
0339                                  OSSL_STORE_expect_fn expect_function);
0340 OSSL_DEPRECATEDIN_3_0
0341 int OSSL_STORE_LOADER_set_find(OSSL_STORE_LOADER *loader,
0342                                OSSL_STORE_find_fn find_function);
0343 OSSL_DEPRECATEDIN_3_0
0344 int OSSL_STORE_LOADER_set_load(OSSL_STORE_LOADER *loader,
0345                                OSSL_STORE_load_fn load_function);
0346 OSSL_DEPRECATEDIN_3_0
0347 int OSSL_STORE_LOADER_set_eof(OSSL_STORE_LOADER *loader,
0348                               OSSL_STORE_eof_fn eof_function);
0349 OSSL_DEPRECATEDIN_3_0
0350 int OSSL_STORE_LOADER_set_error(OSSL_STORE_LOADER *loader,
0351                                 OSSL_STORE_error_fn error_function);
0352 OSSL_DEPRECATEDIN_3_0
0353 int OSSL_STORE_LOADER_set_close(OSSL_STORE_LOADER *loader,
0354                                 OSSL_STORE_close_fn close_function);
0355 OSSL_DEPRECATEDIN_3_0
0356 const ENGINE *OSSL_STORE_LOADER_get0_engine(const OSSL_STORE_LOADER *loader);
0357 OSSL_DEPRECATEDIN_3_0
0358 const char *OSSL_STORE_LOADER_get0_scheme(const OSSL_STORE_LOADER *loader);
0359 OSSL_DEPRECATEDIN_3_0
0360 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader);
0361 OSSL_DEPRECATEDIN_3_0
0362 OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme);
0363 # endif
0364
0365 /*-
0366  *  Functions to list STORE loaders
0367  *  -------------------------------
0368  */
0369 # ifndef OPENSSL_NO_DEPRECATED_3_0
0370 OSSL_DEPRECATEDIN_3_0
0371 int OSSL_STORE_do_all_loaders(void (*do_function)(const OSSL_STORE_LOADER *loader,
0372                                                   void *do_arg),
0373                               void *do_arg);
0374 # endif
0375
0376 # ifdef  __cplusplus
0377 }
0378 # endif
0379 #endif