/contrib/ntp/include/ntp_crypto.h

https://bitbucket.org/freebsd/freebsd-head/ · C++ Header · 170 lines · 114 code · 12 blank · 44 comment · 0 complexity · e64c78427eb5cc43a705a8f1db82e8e1 MD5 · raw file

  1. /*
  2. * ntp_crypto.h - definitions for cryptographic operations
  3. */
  4. #ifdef OPENSSL
  5. #include "openssl/evp.h"
  6. /*
  7. * The following bits are set by the CRYPTO_ASSOC message from
  8. * the server and are not modified by the client.
  9. */
  10. #define CRYPTO_FLAG_ENAB 0x0001 /* crypto enable */
  11. #define CRYPTO_FLAG_TAI 0x0002 /* leapseconds table */
  12. #define CRYPTO_FLAG_PRIV 0x0010 /* PC identity scheme */
  13. #define CRYPTO_FLAG_IFF 0x0020 /* IFF identity scheme */
  14. #define CRYPTO_FLAG_GQ 0x0040 /* GQ identity scheme */
  15. #define CRYPTO_FLAG_MV 0x0080 /* MV identity scheme */
  16. #define CRYPTO_FLAG_MASK 0x00f0 /* identity scheme mask */
  17. /*
  18. * The following bits are used by the client during the protocol
  19. * exchange.
  20. */
  21. #define CRYPTO_FLAG_VALID 0x0100 /* public key verified */
  22. #define CRYPTO_FLAG_VRFY 0x0200 /* identity verified */
  23. #define CRYPTO_FLAG_PROV 0x0400 /* signature verified */
  24. #define CRYPTO_FLAG_AGREE 0x0800 /* cookie verifed */
  25. #define CRYPTO_FLAG_AUTO 0x1000 /* autokey verified */
  26. #define CRYPTO_FLAG_SIGN 0x2000 /* certificate signed */
  27. #define CRYPTO_FLAG_LEAP 0x4000 /* leapseconds table verified */
  28. /*
  29. * Flags used for certificate management
  30. */
  31. #define CERT_TRUST 0x01 /* certificate is trusted */
  32. #define CERT_SIGN 0x02 /* certificate is signed */
  33. #define CERT_VALID 0x04 /* certificate is valid */
  34. #define CERT_PRIV 0x08 /* certificate is private */
  35. #define CERT_ERROR 0x80 /* certificate has errors */
  36. /*
  37. * Extension field definitions
  38. */
  39. #define CRYPTO_MAXLEN 1024 /* max extension field length */
  40. #define CRYPTO_VN 2 /* current protocol version number */
  41. #define CRYPTO_CMD(x) (((CRYPTO_VN << 8) | (x)) << 16)
  42. #define CRYPTO_NULL CRYPTO_CMD(0) /* no operation */
  43. #define CRYPTO_ASSOC CRYPTO_CMD(1) /* association */
  44. #define CRYPTO_CERT CRYPTO_CMD(2) /* certificate */
  45. #define CRYPTO_COOK CRYPTO_CMD(3) /* cookie value */
  46. #define CRYPTO_AUTO CRYPTO_CMD(4) /* autokey values */
  47. #define CRYPTO_TAI CRYPTO_CMD(5) /* leapseconds table */
  48. #define CRYPTO_SIGN CRYPTO_CMD(6) /* certificate sign */
  49. #define CRYPTO_IFF CRYPTO_CMD(7) /* IFF identity scheme */
  50. #define CRYPTO_GQ CRYPTO_CMD(8) /* GQ identity scheme */
  51. #define CRYPTO_MV CRYPTO_CMD(9) /* MV identity scheme */
  52. #define CRYPTO_RESP 0x80000000 /* response */
  53. #define CRYPTO_ERROR 0x40000000 /* error */
  54. /*
  55. * Autokey event codes
  56. */
  57. #define XEVNT_CMD(x) (CRPT_EVENT | (x))
  58. #define XEVNT_OK XEVNT_CMD(0) /* success */
  59. #define XEVNT_LEN XEVNT_CMD(1) /* bad field format or length */
  60. #define XEVNT_TSP XEVNT_CMD(2) /* bad timestamp */
  61. #define XEVNT_FSP XEVNT_CMD(3) /* bad filestamp */
  62. #define XEVNT_PUB XEVNT_CMD(4) /* bad or missing public key */
  63. #define XEVNT_MD XEVNT_CMD(5) /* unsupported digest type */
  64. #define XEVNT_KEY XEVNT_CMD(6) /* unsupported identity type */
  65. #define XEVNT_SGL XEVNT_CMD(7) /* bad signature length */
  66. #define XEVNT_SIG XEVNT_CMD(8) /* signature not verified */
  67. #define XEVNT_VFY XEVNT_CMD(9) /* certificate not verified */
  68. #define XEVNT_PER XEVNT_CMD(10) /* host certificate expired */
  69. #define XEVNT_CKY XEVNT_CMD(11) /* bad or missing cookie */
  70. #define XEVNT_DAT XEVNT_CMD(12) /* bad or missing leapseconds table */
  71. #define XEVNT_CRT XEVNT_CMD(13) /* bad or missing certificate */
  72. #define XEVNT_ID XEVNT_CMD(14) /* bad or missing group key */
  73. #define XEVNT_ERR XEVNT_CMD(15) /* protocol error */
  74. #define XEVNT_SRV XEVNT_CMD(16) /* server certificate expired */
  75. /*
  76. * Configuration codes
  77. */
  78. #define CRYPTO_CONF_NONE 0 /* nothing doing */
  79. #define CRYPTO_CONF_PRIV 1 /* host keys file name */
  80. #define CRYPTO_CONF_SIGN 2 /* signature keys file name */
  81. #define CRYPTO_CONF_LEAP 3 /* leapseconds table file name */
  82. #define CRYPTO_CONF_KEYS 4 /* keys directory path */
  83. #define CRYPTO_CONF_CERT 5 /* certificate file name */
  84. #define CRYPTO_CONF_RAND 6 /* random seed file name */
  85. #define CRYPTO_CONF_TRST 7 /* specify trust */
  86. #define CRYPTO_CONF_IFFPAR 8 /* IFF parameters file name */
  87. #define CRYPTO_CONF_GQPAR 9 /* GQ parameters file name */
  88. #define CRYPTO_CONF_MVPAR 10 /* GQ parameters file name */
  89. #define CRYPTO_CONF_PW 11 /* private key password */
  90. #define CRYPTO_CONF_IDENT 12 /* specify identity scheme */
  91. /*
  92. * Miscellaneous crypto stuff
  93. */
  94. #define NTP_MAXSESSION 100 /* maximum session key list entries */
  95. #define NTP_AUTOMAX 13 /* log2 default max session key life */
  96. #define KEY_REVOKE 16 /* log2 default key revoke timeout */
  97. #define NTP_MAXEXTEN 1024 /* maximum extension field size */
  98. #define TAI_1972 10 /* initial TAI offset (s) */
  99. /*
  100. * The autokey structure holds the values used to authenticate key IDs.
  101. */
  102. struct autokey { /* network byte order */
  103. keyid_t key; /* key ID */
  104. int32 seq; /* key number */
  105. };
  106. /*
  107. * The value structure holds variable length data such as public
  108. * key, agreement parameters, public valule and leapsecond table.
  109. * They are in network byte order.
  110. */
  111. struct value { /* network byte order */
  112. tstamp_t tstamp; /* timestamp */
  113. tstamp_t fstamp; /* filestamp */
  114. u_int32 vallen; /* value length */
  115. u_char *ptr; /* data pointer (various) */
  116. u_int32 siglen; /* signature length */
  117. u_char *sig; /* signature */
  118. };
  119. /*
  120. * The packet extension field structures are used to hold values
  121. * and signatures in network byte order.
  122. */
  123. struct exten {
  124. u_int32 opcode; /* opcode */
  125. u_int32 associd; /* association ID */
  126. u_int32 tstamp; /* timestamp */
  127. u_int32 fstamp; /* filestamp */
  128. u_int32 vallen; /* value length */
  129. u_int32 pkt[1]; /* start of value field */
  130. };
  131. /*
  132. * The certificate info/value structure
  133. */
  134. struct cert_info {
  135. struct cert_info *link; /* forward link */
  136. u_int flags; /* flags that wave */
  137. EVP_PKEY *pkey; /* generic key */
  138. long version; /* X509 version */
  139. int nid; /* signature/digest ID */
  140. const EVP_MD *digest; /* message digest algorithm */
  141. u_long serial; /* serial number */
  142. tstamp_t first; /* not valid before */
  143. tstamp_t last; /* not valid after */
  144. char *subject; /* subject common name */
  145. char *issuer; /* issuer common name */
  146. u_char *grpkey; /* GQ group key */
  147. u_int grplen; /* GQ group key length */
  148. struct value cert; /* certificate/value */
  149. };
  150. /*
  151. * Cryptographic values
  152. */
  153. extern char *keysdir; /* crypto keys directory */
  154. extern u_int crypto_flags; /* status word */
  155. extern struct value hostval; /* host name/value */
  156. extern struct cert_info *cinfo; /* host certificate information */
  157. extern struct value tai_leap; /* leapseconds table */
  158. #endif /* OPENSSL */