162 lines
6.2 KiB
OCaml
162 lines
6.2 KiB
OCaml
(* (c) 2017 Hannes Mehnert, all rights reserved *)
|
|
|
|
(** ASN.1 encoding of resources and configuration *)
|
|
|
|
(** Object Identifiers *)
|
|
|
|
module Oid : sig
|
|
|
|
(** {1 Object identifiers} *)
|
|
|
|
(** OIDs in the Mirage namespace (enterprise arc 1.3.6.1.4.1.49836.42) *)
|
|
|
|
(** [version] specifies an [INTEGER] describing the version. *)
|
|
val version : Asn.OID.t
|
|
|
|
(** {2 OIDs used in delegation certificates} *)
|
|
|
|
(** [vms] is an [INTEGER] denoting the number of virtual machines. *)
|
|
val vms : Asn.OID.t
|
|
|
|
(** [bridges] is a [CHOICE] between [ [0] UTF8STRING], describing an internal
|
|
bridge, and a [ [1] SEQUENCE] of [UTF8STRING], [IPV4ADDRESS] denoting the first
|
|
IP to use, [IPV4ADDRESS] denoting the last IP to use, [IPV4ADDRESS]
|
|
denoting the default gateway, [INTEGER] denoting the netmask. *)
|
|
val bridges : Asn.OID.t
|
|
|
|
(** [block] is an [INTEGER] denoting the size of block storage available for
|
|
this delegation in MB. *)
|
|
val block : Asn.OID.t
|
|
|
|
(** [cpuids] is a [SEQUENCE OF INTEGER] denoting the CPU identifiers available
|
|
for this delegate. *)
|
|
val cpuids : Asn.OID.t
|
|
|
|
(** [memory] is an [INTEGER] denoting the amount of available memory, in
|
|
MB. Also used in virtual machine certificates. *)
|
|
val memory : Asn.OID.t
|
|
|
|
(** {2 OIDs used in virtual machine certificates} *)
|
|
|
|
(** [cpuid] is an [INTEGER] denoting the CPU identifier on which this virtual
|
|
machine should be executed. Must be a member of all [cpuids] in the
|
|
chained delegation certificates. *)
|
|
val cpuid : Asn.OID.t
|
|
|
|
(** [network] is a [SEQUENCE OF UTF8STRING] denoting the bridge devices to
|
|
hook this virtual machine up to. Each name must be in the chained
|
|
delegation certificates. *)
|
|
val network : Asn.OID.t
|
|
|
|
(** [block_device] is a [UTF8STRING] with the name of the block device. It
|
|
must exist. *)
|
|
val block_device : Asn.OID.t
|
|
|
|
(** [vmimage] is a [CHOICE] between [ [0] OCTET_STRING] for an UKVM amd64
|
|
image and [ [1] OCTET_STRING] for an UKVM arm64 image. *)
|
|
val vmimage : Asn.OID.t
|
|
|
|
(** [argv] is a [SEQUENCE OF UTF8STRING] denoting the boot parameters passed
|
|
to the virtual machine image. *)
|
|
val argv : Asn.OID.t
|
|
|
|
(** {2 OID used in administrative certificates} *)
|
|
|
|
(** [permissions] is a [BIT_STRING] denoting the permissions this certificate
|
|
has: 0 for All, 1 for Info, 2 for Image, 3 for Block, 4 for Statistics, 5
|
|
for Console, 6 for Log. *)
|
|
val permissions : Asn.OID.t
|
|
|
|
|
|
(** [crl] is a [OCTET_STRING] denoting the revocation list of the intermediate
|
|
CA. *)
|
|
val crl : Asn.OID.t
|
|
end
|
|
|
|
(** {1 Encoding and decoding functions} *)
|
|
|
|
(** The type of versions of the ASN.1 grammar defined above. *)
|
|
type version = [ `AV0 ]
|
|
|
|
(** [version_eq a b] is true if [a] and [b] are equal. *)
|
|
val version_eq : version -> version -> bool
|
|
|
|
(** [pp_version ppf version] pretty prints [version] onto [ppf]. *)
|
|
val pp_version : version Fmt.t
|
|
|
|
(** [version_to_cstruct ver] is the DER encoded version. *)
|
|
val version_to_cstruct : version -> Cstruct.t
|
|
|
|
(** [version_of_cstruct buffer] is either a decoded version of the DER
|
|
encoding [buffer] or an error. *)
|
|
val version_of_cstruct : Cstruct.t -> (version, [> `Msg of string ]) result
|
|
|
|
(** [permissions_to_cstruct perms] is the DER encoded permission list. *)
|
|
val permissions_to_cstruct : Vmm_core.permission list -> Cstruct.t
|
|
|
|
(** [permissions_of_cstruct buffer] is either a decoded permissions list of
|
|
the DER encoded [buffer] or an error. *)
|
|
val permissions_of_cstruct : Cstruct.t -> (Vmm_core.permission list, [> `Msg of string ]) result
|
|
|
|
(** [bridges_to_cstruct bridges] is the DER encoded bridges. *)
|
|
val bridges_to_cstruct : Vmm_core.bridge list -> Cstruct.t
|
|
|
|
(** [bridges_of_cstruct buffer] is either a decoded bridge list of the DER
|
|
encoded [buffer] or an error. *)
|
|
val bridges_of_cstruct : Cstruct.t -> (Vmm_core.bridge list, [> `Msg of string ]) result
|
|
|
|
(** [image_to_cstruct (typ, img)] is the DER encoded image. *)
|
|
val image_to_cstruct : Vmm_core.vmtype * Cstruct.t -> Cstruct.t
|
|
|
|
(** [image_of_cstruct buffer] is either a decoded image of the DER encoded
|
|
[buffer] or an error. *)
|
|
val image_of_cstruct : Cstruct.t -> (Vmm_core.vmtype * Cstruct.t, [> `Msg of string ]) result
|
|
|
|
(** [int_to_cstruct i] is the DER encoded int. *)
|
|
val int_to_cstruct : int -> Cstruct.t
|
|
|
|
(** [int_of_cstruct buffer] is either a decoded int of the DER encoded [buffer]
|
|
or an error. *)
|
|
val int_of_cstruct : Cstruct.t -> (int, [> `Msg of string ]) result
|
|
|
|
(** [ints_to_cstruct xs] is the DER encoded int sequence. *)
|
|
val ints_to_cstruct : int list -> Cstruct.t
|
|
|
|
(** [ints_of_cstruct buffer] is either a decoded int list of the DER encoded
|
|
[buffer] or an error. *)
|
|
val ints_of_cstruct : Cstruct.t -> (int list, [> `Msg of string ]) result
|
|
|
|
(** [string_to_cstruct s] is the DER encoded string. *)
|
|
val string_to_cstruct : string -> Cstruct.t
|
|
|
|
(** [string_of_cstruct buffer] is either a decoded string of the DER encoded
|
|
[buffer] or an error. *)
|
|
val string_of_cstruct : Cstruct.t -> (string, [> `Msg of string ]) result
|
|
|
|
(** [strings_to_cstruct xs] is the DER encoded string sequence. *)
|
|
val strings_to_cstruct : string list -> Cstruct.t
|
|
|
|
(** [strings_of_cstruct buffer] is either a decoded string list of the DER
|
|
encoded [buffer] or an error. *)
|
|
val strings_of_cstruct : Cstruct.t -> (string list, [> `Msg of string ]) result
|
|
|
|
(** {1 Decoding functions} *)
|
|
|
|
(** [contains_vm cert] is [true] if the certificate contains a virtual machine image. *)
|
|
val contains_vm : X509.t -> bool
|
|
|
|
(** [contains_crl cert] is [true] if the certificate contains a revocation list. *)
|
|
val contains_crl : X509.t -> bool
|
|
|
|
(** [vm_of_cert id cert] is either the decoded virtual machine configuration, or an error. *)
|
|
val vm_of_cert : Vmm_core.id -> X509.t -> (Vmm_core.vm_config, [> `Msg of string ]) result
|
|
|
|
(** [crl_of_cert id cert] is either the decoded revocation list, or an error. *)
|
|
val crl_of_cert : X509.t -> (X509.CRL.c, [> `Msg of string ]) result
|
|
|
|
(** [delegation_of_cert version cert] is either the decoded delegation, or an error. *)
|
|
val delegation_of_cert : version -> X509.t -> (Vmm_core.delegation, [> `Msg of string ]) result
|
|
|
|
(** [permissions_of_cert version cert] is either the decoded permission list, or an error. *)
|
|
val permissions_of_cert : version -> X509.t -> (Vmm_core.permission list, [> `Msg of string ]) result
|