1159d09a2SMark Phalan /* 2159d09a2SMark Phalan * COPYRIGHT (C) 2006,2007 3159d09a2SMark Phalan * THE REGENTS OF THE UNIVERSITY OF MICHIGAN 4159d09a2SMark Phalan * ALL RIGHTS RESERVED 5159d09a2SMark Phalan * 6159d09a2SMark Phalan * Permission is granted to use, copy, create derivative works 7159d09a2SMark Phalan * and redistribute this software and such derivative works 8159d09a2SMark Phalan * for any purpose, so long as the name of The University of 9159d09a2SMark Phalan * Michigan is not used in any advertising or publicity 10159d09a2SMark Phalan * pertaining to the use of distribution of this software 11159d09a2SMark Phalan * without specific, written prior authorization. If the 12159d09a2SMark Phalan * above copyright notice or any other identification of the 13159d09a2SMark Phalan * University of Michigan is included in any copy of any 14159d09a2SMark Phalan * portion of this software, then the disclaimer below must 15159d09a2SMark Phalan * also be included. 16159d09a2SMark Phalan * 17159d09a2SMark Phalan * THIS SOFTWARE IS PROVIDED AS IS, WITHOUT REPRESENTATION 18159d09a2SMark Phalan * FROM THE UNIVERSITY OF MICHIGAN AS TO ITS FITNESS FOR ANY 19159d09a2SMark Phalan * PURPOSE, AND WITHOUT WARRANTY BY THE UNIVERSITY OF 20159d09a2SMark Phalan * MICHIGAN OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING 21159d09a2SMark Phalan * WITHOUT LIMITATION THE IMPLIED WARRANTIES OF 22159d09a2SMark Phalan * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE 23159d09a2SMark Phalan * REGENTS OF THE UNIVERSITY OF MICHIGAN SHALL NOT BE LIABLE 24159d09a2SMark Phalan * FOR ANY DAMAGES, INCLUDING SPECIAL, INDIRECT, INCIDENTAL, OR 25159d09a2SMark Phalan * CONSEQUENTIAL DAMAGES, WITH RESPECT TO ANY CLAIM ARISING 26159d09a2SMark Phalan * OUT OF OR IN CONNECTION WITH THE USE OF THE SOFTWARE, EVEN 27159d09a2SMark Phalan * IF IT HAS BEEN OR IS HEREAFTER ADVISED OF THE POSSIBILITY OF 28159d09a2SMark Phalan * SUCH DAMAGES. 29159d09a2SMark Phalan */ 30159d09a2SMark Phalan 31488060a6SWill Fiveash /* 32488060a6SWill Fiveash * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. 33488060a6SWill Fiveash */ 34488060a6SWill Fiveash 35159d09a2SMark Phalan #ifndef _PKINIT_H 36159d09a2SMark Phalan #define _PKINIT_H 37159d09a2SMark Phalan 38159d09a2SMark Phalan /* Solaris Kerberos */ 39159d09a2SMark Phalan #include <preauth_plugin.h> 40159d09a2SMark Phalan #include <k5-int-pkinit.h> 41159d09a2SMark Phalan #include <profile.h> 42159d09a2SMark Phalan #include "pkinit_accessor.h" 43159d09a2SMark Phalan 44159d09a2SMark Phalan /* 45159d09a2SMark Phalan * It is anticipated that all the special checks currently 46159d09a2SMark Phalan * required when talking to a Longhorn server will go away 47159d09a2SMark Phalan * by the time it is officially released and all references 48159d09a2SMark Phalan * to the longhorn global can be removed and any code 49159d09a2SMark Phalan * #ifdef'd with LONGHORN_BETA_COMPAT can be removed. 50159d09a2SMark Phalan * And this #define! 51159d09a2SMark Phalan */ 52159d09a2SMark Phalan #define LONGHORN_BETA_COMPAT 1 53159d09a2SMark Phalan #ifdef LONGHORN_BETA_COMPAT 54159d09a2SMark Phalan extern int longhorn; /* XXX Talking to a Longhorn server? */ 55159d09a2SMark Phalan #endif 56159d09a2SMark Phalan 57159d09a2SMark Phalan 58159d09a2SMark Phalan #ifndef WITHOUT_PKCS11 59159d09a2SMark Phalan /* Solaris Kerberos */ 60159d09a2SMark Phalan #include <security/cryptoki.h> 61159d09a2SMark Phalan #include <security/pkcs11.h> 62159d09a2SMark Phalan 63159d09a2SMark Phalan /* Solaris Kerberos */ 64159d09a2SMark Phalan #define PKCS11_MODNAME "/usr/lib/libpkcs11.so" 65159d09a2SMark Phalan 66159d09a2SMark Phalan #define PK_SIGLEN_GUESS 1000 67159d09a2SMark Phalan #define PK_NOSLOT 999999 68159d09a2SMark Phalan #endif 69159d09a2SMark Phalan 70159d09a2SMark Phalan #define DH_PROTOCOL 1 71159d09a2SMark Phalan #define RSA_PROTOCOL 2 72159d09a2SMark Phalan 73159d09a2SMark Phalan #define TD_TRUSTED_CERTIFIERS 104 74159d09a2SMark Phalan #define TD_INVALID_CERTIFICATES 105 75159d09a2SMark Phalan #define TD_DH_PARAMETERS 109 76159d09a2SMark Phalan 77159d09a2SMark Phalan #define PKINIT_CTX_MAGIC 0x05551212 78159d09a2SMark Phalan #define PKINIT_REQ_CTX_MAGIC 0xdeadbeef 79159d09a2SMark Phalan 80159d09a2SMark Phalan #define PKINIT_DEFAULT_DH_MIN_BITS 2048 81159d09a2SMark Phalan 82159d09a2SMark Phalan /* Make pkiDebug(fmt,...) print, or not. */ 83159d09a2SMark Phalan #ifdef DEBUG 84159d09a2SMark Phalan #define pkiDebug printf 85159d09a2SMark Phalan #else 86159d09a2SMark Phalan /* Still evaluates for side effects. */ 87159d09a2SMark Phalan /* ARGSUSED */ 88159d09a2SMark Phalan static void pkiDebug (const char *fmt, ...) { } 89159d09a2SMark Phalan /* This is better if the compiler doesn't inline variadic functions 90159d09a2SMark Phalan well, but gcc will warn about "left-hand operand of comma 91159d09a2SMark Phalan expression has no effect". Still evaluates for side effects. */ 92159d09a2SMark Phalan /* #define pkiDebug (void) */ 93159d09a2SMark Phalan #endif 94159d09a2SMark Phalan 95159d09a2SMark Phalan /* Solaris Kerberos */ 96159d09a2SMark Phalan #if (__STDC_VERSION__ >= 199901L) || \ 97159d09a2SMark Phalan (defined(__SUNPRO_C) && defined(__C99FEATURES__)) 98159d09a2SMark Phalan #define __FUNCTION__ __func__ 99159d09a2SMark Phalan #else 100159d09a2SMark Phalan #define __FUNCTION__ "" 101159d09a2SMark Phalan #endif 102159d09a2SMark Phalan 103159d09a2SMark Phalan 104159d09a2SMark Phalan /* Macros to deal with converting between various data types... */ 105159d09a2SMark Phalan #define PADATA_TO_KRB5DATA(pad, k5d) \ 106159d09a2SMark Phalan (k5d)->length = (pad)->length; (k5d)->data = (char *)(pad)->contents; 107159d09a2SMark Phalan #define OCTETDATA_TO_KRB5DATA(octd, k5d) \ 108159d09a2SMark Phalan (k5d)->length = (octd)->length; (k5d)->data = (char *)(octd)->data; 109159d09a2SMark Phalan 110159d09a2SMark Phalan extern const krb5_octet_data dh_oid; 111159d09a2SMark Phalan 112159d09a2SMark Phalan /* 113159d09a2SMark Phalan * notes about crypto contexts: 114159d09a2SMark Phalan * 115159d09a2SMark Phalan * the basic idea is that there are crypto contexts that live at 116159d09a2SMark Phalan * both the plugin level and request level. the identity context (that 117159d09a2SMark Phalan * keeps info about your own certs and such) is separate because 118159d09a2SMark Phalan * it is needed at different levels for the kdc and and the client. 119159d09a2SMark Phalan * (the kdc's identity is at the plugin level, the client's identity 120159d09a2SMark Phalan * information could change per-request.) 121159d09a2SMark Phalan * the identity context is meant to have the entity's cert, 122159d09a2SMark Phalan * a list of trusted and intermediate cas, a list of crls, and any 123159d09a2SMark Phalan * pkcs11 information. the req context is meant to have the 124159d09a2SMark Phalan * received certificate and the DH related information. the plugin 125159d09a2SMark Phalan * context is meant to have global crypto information, i.e., OIDs 126159d09a2SMark Phalan * and constant DH parameter information. 127159d09a2SMark Phalan */ 128159d09a2SMark Phalan 129159d09a2SMark Phalan /* 130159d09a2SMark Phalan * plugin crypto context should keep plugin common information, 131159d09a2SMark Phalan * eg., OIDs, known DHparams 132159d09a2SMark Phalan */ 133159d09a2SMark Phalan typedef struct _pkinit_plg_crypto_context *pkinit_plg_crypto_context; 134159d09a2SMark Phalan 135159d09a2SMark Phalan /* 136159d09a2SMark Phalan * request crypto context should keep reqyest common information, 137159d09a2SMark Phalan * eg., received credentials, DH parameters of this request 138159d09a2SMark Phalan */ 139159d09a2SMark Phalan typedef struct _pkinit_req_crypto_context *pkinit_req_crypto_context; 140159d09a2SMark Phalan 141159d09a2SMark Phalan /* 142159d09a2SMark Phalan * identity context should keep information about credentials 143159d09a2SMark Phalan * for the request, eg., my credentials, trusted ca certs, 144159d09a2SMark Phalan * intermediate ca certs, crls, pkcs11 info 145159d09a2SMark Phalan */ 146159d09a2SMark Phalan typedef struct _pkinit_identity_crypto_context *pkinit_identity_crypto_context; 147159d09a2SMark Phalan 148159d09a2SMark Phalan /* 149159d09a2SMark Phalan * this structure keeps information about the config options 150159d09a2SMark Phalan */ 151159d09a2SMark Phalan typedef struct _pkinit_plg_opts { 152159d09a2SMark Phalan int require_eku; /* require EKU checking (default is true) */ 153159d09a2SMark Phalan int accept_secondary_eku;/* accept secondary EKU (default is false) */ 154159d09a2SMark Phalan int allow_upn; /* allow UPN-SAN instead of pkinit-SAN */ 155159d09a2SMark Phalan int dh_or_rsa; /* selects DH or RSA based pkinit */ 156159d09a2SMark Phalan int require_crl_checking; /* require CRL for a CA (default is false) */ 157159d09a2SMark Phalan int dh_min_bits; /* minimum DH modulus size allowed */ 158159d09a2SMark Phalan } pkinit_plg_opts; 159159d09a2SMark Phalan 160159d09a2SMark Phalan /* 161159d09a2SMark Phalan * this structure keeps options used for a given request 162159d09a2SMark Phalan */ 163159d09a2SMark Phalan typedef struct _pkinit_req_opts { 164159d09a2SMark Phalan int require_eku; 165159d09a2SMark Phalan int accept_secondary_eku; 166159d09a2SMark Phalan int allow_upn; 167159d09a2SMark Phalan int dh_or_rsa; 168159d09a2SMark Phalan int require_crl_checking; 169159d09a2SMark Phalan int dh_size; /* initial request DH modulus size (default=1024) */ 170159d09a2SMark Phalan int require_hostname_match; 171159d09a2SMark Phalan int win2k_target; 172159d09a2SMark Phalan int win2k_require_cksum; 173159d09a2SMark Phalan } pkinit_req_opts; 174159d09a2SMark Phalan 175159d09a2SMark Phalan /* 176159d09a2SMark Phalan * information about identity from config file or command line 177159d09a2SMark Phalan */ 178159d09a2SMark Phalan 179159d09a2SMark Phalan #define PKINIT_ID_OPT_USER_IDENTITY 1 180159d09a2SMark Phalan #define PKINIT_ID_OPT_ANCHOR_CAS 2 181159d09a2SMark Phalan #define PKINIT_ID_OPT_INTERMEDIATE_CAS 3 182159d09a2SMark Phalan #define PKINIT_ID_OPT_CRLS 4 183159d09a2SMark Phalan #define PKINIT_ID_OPT_OCSP 5 184159d09a2SMark Phalan #define PKINIT_ID_OPT_DN_MAPPING 6 /* XXX ? */ 185159d09a2SMark Phalan 186159d09a2SMark Phalan typedef struct _pkinit_identity_opts { 187159d09a2SMark Phalan char *identity; 188159d09a2SMark Phalan char **identity_alt; 189159d09a2SMark Phalan char **anchors; 190159d09a2SMark Phalan char **intermediates; 191159d09a2SMark Phalan char **crls; 192159d09a2SMark Phalan char *ocsp; 193159d09a2SMark Phalan char *dn_mapping_file; 194159d09a2SMark Phalan int idtype; 195159d09a2SMark Phalan char *cert_filename; 196159d09a2SMark Phalan char *key_filename; 197159d09a2SMark Phalan #ifndef WITHOUT_PKCS11 198159d09a2SMark Phalan char *p11_module_name; 199159d09a2SMark Phalan CK_SLOT_ID slotid; 200159d09a2SMark Phalan char *token_label; 201159d09a2SMark Phalan char *cert_id_string; 202159d09a2SMark Phalan char *cert_label; 203488060a6SWill Fiveash char *PIN; /* Solaris Kerberos */ 204159d09a2SMark Phalan #endif 205159d09a2SMark Phalan } pkinit_identity_opts; 206159d09a2SMark Phalan 207159d09a2SMark Phalan 208159d09a2SMark Phalan /* 209159d09a2SMark Phalan * Client's plugin context 210159d09a2SMark Phalan */ 211159d09a2SMark Phalan struct _pkinit_context { 212159d09a2SMark Phalan int magic; 213159d09a2SMark Phalan pkinit_plg_crypto_context cryptoctx; 214159d09a2SMark Phalan pkinit_plg_opts *opts; 215159d09a2SMark Phalan pkinit_identity_opts *idopts; 216159d09a2SMark Phalan }; 217159d09a2SMark Phalan typedef struct _pkinit_context *pkinit_context; 218159d09a2SMark Phalan 219159d09a2SMark Phalan /* 220159d09a2SMark Phalan * Client's per-request context 221159d09a2SMark Phalan */ 222159d09a2SMark Phalan struct _pkinit_req_context { 223159d09a2SMark Phalan int magic; 224159d09a2SMark Phalan pkinit_req_crypto_context cryptoctx; 225159d09a2SMark Phalan pkinit_req_opts *opts; 226159d09a2SMark Phalan pkinit_identity_crypto_context idctx; 227159d09a2SMark Phalan pkinit_identity_opts *idopts; 228159d09a2SMark Phalan krb5_preauthtype pa_type; 229159d09a2SMark Phalan }; 230159d09a2SMark Phalan typedef struct _pkinit_kdc_context *pkinit_kdc_context; 231159d09a2SMark Phalan 232159d09a2SMark Phalan /* 233159d09a2SMark Phalan * KDC's (per-realm) plugin context 234159d09a2SMark Phalan */ 235159d09a2SMark Phalan struct _pkinit_kdc_context { 236159d09a2SMark Phalan int magic; 237159d09a2SMark Phalan pkinit_plg_crypto_context cryptoctx; 238159d09a2SMark Phalan pkinit_plg_opts *opts; 239159d09a2SMark Phalan pkinit_identity_crypto_context idctx; 240159d09a2SMark Phalan pkinit_identity_opts *idopts; 241159d09a2SMark Phalan char *realmname; 242159d09a2SMark Phalan unsigned int realmname_len; 243159d09a2SMark Phalan }; 244159d09a2SMark Phalan typedef struct _pkinit_req_context *pkinit_req_context; 245159d09a2SMark Phalan 246159d09a2SMark Phalan /* 247159d09a2SMark Phalan * KDC's per-request context 248159d09a2SMark Phalan */ 249159d09a2SMark Phalan struct _pkinit_kdc_req_context { 250159d09a2SMark Phalan int magic; 251159d09a2SMark Phalan pkinit_req_crypto_context cryptoctx; 252159d09a2SMark Phalan krb5_auth_pack *rcv_auth_pack; 253159d09a2SMark Phalan krb5_auth_pack_draft9 *rcv_auth_pack9; 254159d09a2SMark Phalan krb5_preauthtype pa_type; 255159d09a2SMark Phalan }; 256159d09a2SMark Phalan typedef struct _pkinit_kdc_req_context *pkinit_kdc_req_context; 257159d09a2SMark Phalan 258159d09a2SMark Phalan /* 259159d09a2SMark Phalan * Functions in pkinit_lib.c 260159d09a2SMark Phalan */ 261159d09a2SMark Phalan 262159d09a2SMark Phalan krb5_error_code pkinit_init_req_opts(pkinit_req_opts **); 263159d09a2SMark Phalan void pkinit_fini_req_opts(pkinit_req_opts *); 264159d09a2SMark Phalan 265159d09a2SMark Phalan krb5_error_code pkinit_init_plg_opts(pkinit_plg_opts **); 266159d09a2SMark Phalan void pkinit_fini_plg_opts(pkinit_plg_opts *); 267159d09a2SMark Phalan 268159d09a2SMark Phalan krb5_error_code pkinit_init_identity_opts(pkinit_identity_opts **idopts); 269159d09a2SMark Phalan void pkinit_fini_identity_opts(pkinit_identity_opts *idopts); 270159d09a2SMark Phalan krb5_error_code pkinit_dup_identity_opts(pkinit_identity_opts *src_opts, 271159d09a2SMark Phalan pkinit_identity_opts **dest_opts); 272159d09a2SMark Phalan 273159d09a2SMark Phalan /* 274159d09a2SMark Phalan * Functions in pkinit_identity.c 275159d09a2SMark Phalan */ 276159d09a2SMark Phalan char * idtype2string(int idtype); 277159d09a2SMark Phalan char * catype2string(int catype); 278159d09a2SMark Phalan 279159d09a2SMark Phalan krb5_error_code pkinit_identity_initialize 280159d09a2SMark Phalan (krb5_context context, /* IN */ 281159d09a2SMark Phalan pkinit_plg_crypto_context plg_cryptoctx, /* IN */ 282159d09a2SMark Phalan pkinit_req_crypto_context req_cryptoctx, /* IN */ 283159d09a2SMark Phalan pkinit_identity_opts *idopts, /* IN */ 284159d09a2SMark Phalan pkinit_identity_crypto_context id_cryptoctx, /* IN/OUT */ 285159d09a2SMark Phalan int do_matching, /* IN */ 286159d09a2SMark Phalan krb5_principal princ); /* IN (optional) */ 287159d09a2SMark Phalan 288159d09a2SMark Phalan krb5_error_code pkinit_cert_matching 289159d09a2SMark Phalan (krb5_context context, 290159d09a2SMark Phalan pkinit_plg_crypto_context plg_cryptoctx, 291159d09a2SMark Phalan pkinit_req_crypto_context req_cryptoctx, 292159d09a2SMark Phalan pkinit_identity_crypto_context id_cryptoctx, 293*9e11d51cSWill Fiveash krb5_principal princ, 294*9e11d51cSWill Fiveash krb5_boolean do_select); 295159d09a2SMark Phalan 296159d09a2SMark Phalan /* 297159d09a2SMark Phalan * initialization and free functions 298159d09a2SMark Phalan */ 299159d09a2SMark Phalan void init_krb5_pa_pk_as_req(krb5_pa_pk_as_req **in); 300159d09a2SMark Phalan void init_krb5_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 **in); 301159d09a2SMark Phalan void init_krb5_reply_key_pack(krb5_reply_key_pack **in); 302159d09a2SMark Phalan void init_krb5_reply_key_pack_draft9(krb5_reply_key_pack_draft9 **in); 303159d09a2SMark Phalan 304159d09a2SMark Phalan void init_krb5_auth_pack(krb5_auth_pack **in); 305159d09a2SMark Phalan void init_krb5_auth_pack_draft9(krb5_auth_pack_draft9 **in); 306159d09a2SMark Phalan void init_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in); 307159d09a2SMark Phalan void init_krb5_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 **in); 308159d09a2SMark Phalan void init_krb5_typed_data(krb5_typed_data **in); 309159d09a2SMark Phalan void init_krb5_subject_pk_info(krb5_subject_pk_info **in); 310159d09a2SMark Phalan 311159d09a2SMark Phalan void free_krb5_pa_pk_as_req(krb5_pa_pk_as_req **in); 312159d09a2SMark Phalan void free_krb5_pa_pk_as_req_draft9(krb5_pa_pk_as_req_draft9 **in); 313159d09a2SMark Phalan void free_krb5_reply_key_pack(krb5_reply_key_pack **in); 314159d09a2SMark Phalan void free_krb5_reply_key_pack_draft9(krb5_reply_key_pack_draft9 **in); 315159d09a2SMark Phalan void free_krb5_auth_pack(krb5_auth_pack **in); 316159d09a2SMark Phalan void free_krb5_auth_pack_draft9(krb5_context, krb5_auth_pack_draft9 **in); 317159d09a2SMark Phalan void free_krb5_pa_pk_as_rep(krb5_pa_pk_as_rep **in); 318159d09a2SMark Phalan void free_krb5_pa_pk_as_rep_draft9(krb5_pa_pk_as_rep_draft9 **in); 319159d09a2SMark Phalan void free_krb5_external_principal_identifier(krb5_external_principal_identifier ***in); 320159d09a2SMark Phalan void free_krb5_trusted_ca(krb5_trusted_ca ***in); 321159d09a2SMark Phalan void free_krb5_typed_data(krb5_typed_data ***in); 322159d09a2SMark Phalan void free_krb5_algorithm_identifiers(krb5_algorithm_identifier ***in); 323159d09a2SMark Phalan void free_krb5_algorithm_identifier(krb5_algorithm_identifier *in); 324159d09a2SMark Phalan void free_krb5_kdc_dh_key_info(krb5_kdc_dh_key_info **in); 325159d09a2SMark Phalan void free_krb5_subject_pk_info(krb5_subject_pk_info **in); 326159d09a2SMark Phalan krb5_error_code pkinit_copy_krb5_octet_data(krb5_octet_data *dst, const krb5_octet_data *src); 327159d09a2SMark Phalan 328159d09a2SMark Phalan 329159d09a2SMark Phalan /* 330159d09a2SMark Phalan * Functions in pkinit_profile.c 331159d09a2SMark Phalan */ 332159d09a2SMark Phalan krb5_error_code pkinit_kdcdefault_strings 333159d09a2SMark Phalan (krb5_context context, const char *realmname, const char *option, 334159d09a2SMark Phalan char ***ret_value); 335159d09a2SMark Phalan krb5_error_code pkinit_kdcdefault_string 336159d09a2SMark Phalan (krb5_context context, const char *realmname, const char *option, 337159d09a2SMark Phalan char **ret_value); 338159d09a2SMark Phalan krb5_error_code pkinit_kdcdefault_boolean 339159d09a2SMark Phalan (krb5_context context, const char *realmname, const char *option, 340159d09a2SMark Phalan int default_value, int *ret_value); 341159d09a2SMark Phalan krb5_error_code pkinit_kdcdefault_integer 342159d09a2SMark Phalan (krb5_context context, const char *realmname, const char *option, 343159d09a2SMark Phalan int default_value, int *ret_value); 344159d09a2SMark Phalan 345159d09a2SMark Phalan 346159d09a2SMark Phalan krb5_error_code pkinit_libdefault_strings 347159d09a2SMark Phalan (krb5_context context, const krb5_data *realm, 348159d09a2SMark Phalan const char *option, char ***ret_value); 349159d09a2SMark Phalan krb5_error_code pkinit_libdefault_string 350159d09a2SMark Phalan (krb5_context context, const krb5_data *realm, 351159d09a2SMark Phalan const char *option, char **ret_value); 352159d09a2SMark Phalan krb5_error_code pkinit_libdefault_boolean 353159d09a2SMark Phalan (krb5_context context, const krb5_data *realm, const char *option, 354159d09a2SMark Phalan int default_value, int *ret_value); 355159d09a2SMark Phalan krb5_error_code pkinit_libdefault_integer 356159d09a2SMark Phalan (krb5_context context, const krb5_data *realm, const char *option, 357159d09a2SMark Phalan int default_value, int *ret_value); 358159d09a2SMark Phalan 359159d09a2SMark Phalan /* 360159d09a2SMark Phalan * debugging functions 361159d09a2SMark Phalan */ 362159d09a2SMark Phalan void print_buffer(unsigned char *, unsigned int); 363159d09a2SMark Phalan void print_buffer_bin(unsigned char *, unsigned int, char *); 364159d09a2SMark Phalan 365159d09a2SMark Phalan /* 366159d09a2SMark Phalan * Now get crypto function declarations 367159d09a2SMark Phalan */ 368159d09a2SMark Phalan #include "pkinit_crypto.h" 369159d09a2SMark Phalan 370159d09a2SMark Phalan #endif /* _PKINIT_H */ 371