PageRenderTime 22ms CodeModel.GetById 10ms app.highlight 8ms RepoModel.GetById 1ms app.codeStats 1ms

/contrib/ntp/include/ntp_crypto.h

https://bitbucket.org/freebsd/freebsd-head/
C++ Header | 170 lines | 114 code | 12 blank | 44 comment | 0 complexity | e64c78427eb5cc43a705a8f1db82e8e1 MD5 | raw file
  1/*
  2 * ntp_crypto.h - definitions for cryptographic operations
  3 */
  4#ifdef OPENSSL
  5#include "openssl/evp.h"
  6/*
  7 * The following bits are set by the CRYPTO_ASSOC message from
  8 * the server and are not modified by the client.
  9 */
 10#define CRYPTO_FLAG_ENAB  0x0001 /* crypto enable */
 11#define CRYPTO_FLAG_TAI   0x0002 /* leapseconds table */
 12
 13#define CRYPTO_FLAG_PRIV  0x0010 /* PC identity scheme */
 14#define CRYPTO_FLAG_IFF   0x0020 /* IFF identity scheme */
 15#define CRYPTO_FLAG_GQ	  0x0040 /* GQ identity scheme */
 16#define	CRYPTO_FLAG_MV	  0x0080 /* MV identity scheme */
 17#define CRYPTO_FLAG_MASK  0x00f0 /* identity scheme mask */
 18	
 19/*
 20 * The following bits are used by the client during the protocol
 21 * exchange.
 22 */
 23#define CRYPTO_FLAG_VALID 0x0100 /* public key verified */
 24#define CRYPTO_FLAG_VRFY  0x0200 /* identity verified */
 25#define CRYPTO_FLAG_PROV  0x0400 /* signature verified */
 26#define CRYPTO_FLAG_AGREE 0x0800 /* cookie verifed */
 27#define CRYPTO_FLAG_AUTO  0x1000 /* autokey verified */
 28#define CRYPTO_FLAG_SIGN  0x2000 /* certificate signed */
 29#define CRYPTO_FLAG_LEAP  0x4000 /* leapseconds table verified */
 30
 31/*
 32 * Flags used for certificate management
 33 */
 34#define	CERT_TRUST	0x01	/* certificate is trusted */
 35#define CERT_SIGN	0x02	/* certificate is signed */
 36#define CERT_VALID	0x04	/* certificate is valid */
 37#define CERT_PRIV	0x08	/* certificate is private */
 38#define CERT_ERROR	0x80	/* certificate has errors */
 39
 40/*
 41 * Extension field definitions
 42 */
 43#define	CRYPTO_MAXLEN	1024	/* max extension field length */
 44#define CRYPTO_VN	2	/* current protocol version number */
 45#define CRYPTO_CMD(x)	(((CRYPTO_VN << 8) | (x)) << 16)
 46#define CRYPTO_NULL	CRYPTO_CMD(0) /* no operation */
 47#define CRYPTO_ASSOC	CRYPTO_CMD(1) /* association */
 48#define CRYPTO_CERT	CRYPTO_CMD(2) /* certificate */
 49#define CRYPTO_COOK	CRYPTO_CMD(3) /* cookie value */
 50#define CRYPTO_AUTO	CRYPTO_CMD(4) /* autokey values */
 51#define CRYPTO_TAI	CRYPTO_CMD(5) /* leapseconds table */
 52#define	CRYPTO_SIGN	CRYPTO_CMD(6) /* certificate sign */
 53#define CRYPTO_IFF	CRYPTO_CMD(7) /* IFF identity scheme */
 54#define CRYPTO_GQ	CRYPTO_CMD(8) /* GQ identity scheme */
 55#define	CRYPTO_MV	CRYPTO_CMD(9) /* MV identity scheme */
 56#define CRYPTO_RESP	0x80000000 /* response */
 57#define CRYPTO_ERROR	0x40000000 /* error */
 58
 59/*
 60 * Autokey event codes
 61 */
 62#define XEVNT_CMD(x)	(CRPT_EVENT | (x))
 63#define XEVNT_OK	XEVNT_CMD(0) /* success */
 64#define XEVNT_LEN	XEVNT_CMD(1) /* bad field format or length */
 65#define XEVNT_TSP	XEVNT_CMD(2) /* bad timestamp */
 66#define XEVNT_FSP	XEVNT_CMD(3) /* bad filestamp */
 67#define XEVNT_PUB	XEVNT_CMD(4) /* bad or missing public key */
 68#define XEVNT_MD	XEVNT_CMD(5) /* unsupported digest type */
 69#define XEVNT_KEY	XEVNT_CMD(6) /* unsupported identity type */
 70#define XEVNT_SGL	XEVNT_CMD(7) /* bad signature length */
 71#define XEVNT_SIG	XEVNT_CMD(8) /* signature not verified */
 72#define XEVNT_VFY	XEVNT_CMD(9) /* certificate not verified */
 73#define XEVNT_PER	XEVNT_CMD(10) /* host certificate expired */
 74#define XEVNT_CKY	XEVNT_CMD(11) /* bad or missing cookie */
 75#define XEVNT_DAT	XEVNT_CMD(12) /* bad or missing leapseconds table */
 76#define XEVNT_CRT	XEVNT_CMD(13) /* bad or missing certificate */
 77#define XEVNT_ID	XEVNT_CMD(14) /* bad or missing group key */
 78#define	XEVNT_ERR	XEVNT_CMD(15) /* protocol error */
 79#define	XEVNT_SRV	XEVNT_CMD(16) /* server certificate expired */
 80
 81/*
 82 * Configuration codes
 83 */
 84#define CRYPTO_CONF_NONE  0	/* nothing doing */
 85#define CRYPTO_CONF_PRIV  1	/* host keys file name */
 86#define CRYPTO_CONF_SIGN  2	/* signature keys file name */
 87#define CRYPTO_CONF_LEAP  3	/* leapseconds table file name */
 88#define CRYPTO_CONF_KEYS  4	/* keys directory path */
 89#define CRYPTO_CONF_CERT  5	/* certificate file name */
 90#define CRYPTO_CONF_RAND  6	/* random seed file name */
 91#define	CRYPTO_CONF_TRST  7	/* specify trust */
 92#define CRYPTO_CONF_IFFPAR 8	/* IFF parameters file name */
 93#define CRYPTO_CONF_GQPAR 9	/* GQ parameters file name */
 94#define	CRYPTO_CONF_MVPAR 10	/* GQ parameters file name */
 95#define CRYPTO_CONF_PW	  11	/* private key password */
 96#define	CRYPTO_CONF_IDENT 12	/* specify identity scheme */
 97
 98/*
 99 * Miscellaneous crypto stuff
100 */
101#define NTP_MAXSESSION	100	/* maximum session key list entries */
102#define NTP_AUTOMAX	13	/* log2 default max session key life */
103#define KEY_REVOKE	16	/* log2 default key revoke timeout */
104#define NTP_MAXEXTEN	1024	/* maximum extension field size */
105#define	TAI_1972	10	/* initial TAI offset (s) */
106
107/*
108 * The autokey structure holds the values used to authenticate key IDs.
109 */
110struct autokey {		/* network byte order */
111	keyid_t	key;		/* key ID */
112	int32	seq;		/* key number */
113};
114
115/*
116 * The value structure holds variable length data such as public
117 * key, agreement parameters, public valule and leapsecond table.
118 * They are in network byte order.
119 */
120struct value {			/* network byte order */
121	tstamp_t tstamp;	/* timestamp */
122	tstamp_t fstamp;	/* filestamp */
123	u_int32	vallen;		/* value length */
124	u_char	*ptr;		/* data pointer (various) */
125	u_int32	siglen;		/* signature length */
126	u_char	*sig;		/* signature */
127};
128
129/*
130 * The packet extension field structures are used to hold values
131 * and signatures in network byte order.
132 */
133struct exten {
134	u_int32	opcode;		/* opcode */
135	u_int32	associd;	/* association ID */
136	u_int32	tstamp;		/* timestamp */
137	u_int32	fstamp;		/* filestamp */
138	u_int32	vallen;		/* value length */
139	u_int32	pkt[1];		/* start of value field */
140};
141
142/*
143 * The certificate info/value structure
144 */
145struct cert_info {
146	struct cert_info *link;	/* forward link */
147	u_int	flags;		/* flags that wave */
148	EVP_PKEY *pkey;		/* generic key */
149	long	version;	/* X509 version */
150	int	nid;		/* signature/digest ID */
151	const EVP_MD *digest;	/* message digest algorithm */
152	u_long	serial;		/* serial number */
153	tstamp_t first;		/* not valid before */
154	tstamp_t last;		/* not valid after */
155	char	*subject;	/* subject common name */
156	char	*issuer;	/* issuer common name */
157	u_char	*grpkey;	/* GQ group key */
158	u_int	grplen;		/* GQ group key length */
159	struct value cert;	/* certificate/value */
160};
161
162/*
163 * Cryptographic values
164 */
165extern	char	*keysdir;	/* crypto keys directory */
166extern	u_int	crypto_flags;	/* status word */
167extern	struct value hostval;	/* host name/value */
168extern	struct cert_info *cinfo; /* host certificate information */
169extern	struct value tai_leap;	/* leapseconds table */
170#endif /* OPENSSL */