/contrib/ntp/include/ntp_crypto.h
C++ Header | 170 lines | 114 code | 12 blank | 44 comment | 0 complexity | e64c78427eb5cc43a705a8f1db82e8e1 MD5 | raw file
1/* 2 * ntp_crypto.h - definitions for cryptographic operations 3 */ 4#ifdef OPENSSL 5#include "openssl/evp.h" 6/* 7 * The following bits are set by the CRYPTO_ASSOC message from 8 * the server and are not modified by the client. 9 */ 10#define CRYPTO_FLAG_ENAB 0x0001 /* crypto enable */ 11#define CRYPTO_FLAG_TAI 0x0002 /* leapseconds table */ 12 13#define CRYPTO_FLAG_PRIV 0x0010 /* PC identity scheme */ 14#define CRYPTO_FLAG_IFF 0x0020 /* IFF identity scheme */ 15#define CRYPTO_FLAG_GQ 0x0040 /* GQ identity scheme */ 16#define CRYPTO_FLAG_MV 0x0080 /* MV identity scheme */ 17#define CRYPTO_FLAG_MASK 0x00f0 /* identity scheme mask */ 18 19/* 20 * The following bits are used by the client during the protocol 21 * exchange. 22 */ 23#define CRYPTO_FLAG_VALID 0x0100 /* public key verified */ 24#define CRYPTO_FLAG_VRFY 0x0200 /* identity verified */ 25#define CRYPTO_FLAG_PROV 0x0400 /* signature verified */ 26#define CRYPTO_FLAG_AGREE 0x0800 /* cookie verifed */ 27#define CRYPTO_FLAG_AUTO 0x1000 /* autokey verified */ 28#define CRYPTO_FLAG_SIGN 0x2000 /* certificate signed */ 29#define CRYPTO_FLAG_LEAP 0x4000 /* leapseconds table verified */ 30 31/* 32 * Flags used for certificate management 33 */ 34#define CERT_TRUST 0x01 /* certificate is trusted */ 35#define CERT_SIGN 0x02 /* certificate is signed */ 36#define CERT_VALID 0x04 /* certificate is valid */ 37#define CERT_PRIV 0x08 /* certificate is private */ 38#define CERT_ERROR 0x80 /* certificate has errors */ 39 40/* 41 * Extension field definitions 42 */ 43#define CRYPTO_MAXLEN 1024 /* max extension field length */ 44#define CRYPTO_VN 2 /* current protocol version number */ 45#define CRYPTO_CMD(x) (((CRYPTO_VN << 8) | (x)) << 16) 46#define CRYPTO_NULL CRYPTO_CMD(0) /* no operation */ 47#define CRYPTO_ASSOC CRYPTO_CMD(1) /* association */ 48#define CRYPTO_CERT CRYPTO_CMD(2) /* certificate */ 49#define CRYPTO_COOK CRYPTO_CMD(3) /* cookie value */ 50#define CRYPTO_AUTO CRYPTO_CMD(4) /* autokey values */ 51#define CRYPTO_TAI CRYPTO_CMD(5) /* leapseconds table */ 52#define CRYPTO_SIGN CRYPTO_CMD(6) /* certificate sign */ 53#define CRYPTO_IFF CRYPTO_CMD(7) /* IFF identity scheme */ 54#define CRYPTO_GQ CRYPTO_CMD(8) /* GQ identity scheme */ 55#define CRYPTO_MV CRYPTO_CMD(9) /* MV identity scheme */ 56#define CRYPTO_RESP 0x80000000 /* response */ 57#define CRYPTO_ERROR 0x40000000 /* error */ 58 59/* 60 * Autokey event codes 61 */ 62#define XEVNT_CMD(x) (CRPT_EVENT | (x)) 63#define XEVNT_OK XEVNT_CMD(0) /* success */ 64#define XEVNT_LEN XEVNT_CMD(1) /* bad field format or length */ 65#define XEVNT_TSP XEVNT_CMD(2) /* bad timestamp */ 66#define XEVNT_FSP XEVNT_CMD(3) /* bad filestamp */ 67#define XEVNT_PUB XEVNT_CMD(4) /* bad or missing public key */ 68#define XEVNT_MD XEVNT_CMD(5) /* unsupported digest type */ 69#define XEVNT_KEY XEVNT_CMD(6) /* unsupported identity type */ 70#define XEVNT_SGL XEVNT_CMD(7) /* bad signature length */ 71#define XEVNT_SIG XEVNT_CMD(8) /* signature not verified */ 72#define XEVNT_VFY XEVNT_CMD(9) /* certificate not verified */ 73#define XEVNT_PER XEVNT_CMD(10) /* host certificate expired */ 74#define XEVNT_CKY XEVNT_CMD(11) /* bad or missing cookie */ 75#define XEVNT_DAT XEVNT_CMD(12) /* bad or missing leapseconds table */ 76#define XEVNT_CRT XEVNT_CMD(13) /* bad or missing certificate */ 77#define XEVNT_ID XEVNT_CMD(14) /* bad or missing group key */ 78#define XEVNT_ERR XEVNT_CMD(15) /* protocol error */ 79#define XEVNT_SRV XEVNT_CMD(16) /* server certificate expired */ 80 81/* 82 * Configuration codes 83 */ 84#define CRYPTO_CONF_NONE 0 /* nothing doing */ 85#define CRYPTO_CONF_PRIV 1 /* host keys file name */ 86#define CRYPTO_CONF_SIGN 2 /* signature keys file name */ 87#define CRYPTO_CONF_LEAP 3 /* leapseconds table file name */ 88#define CRYPTO_CONF_KEYS 4 /* keys directory path */ 89#define CRYPTO_CONF_CERT 5 /* certificate file name */ 90#define CRYPTO_CONF_RAND 6 /* random seed file name */ 91#define CRYPTO_CONF_TRST 7 /* specify trust */ 92#define CRYPTO_CONF_IFFPAR 8 /* IFF parameters file name */ 93#define CRYPTO_CONF_GQPAR 9 /* GQ parameters file name */ 94#define CRYPTO_CONF_MVPAR 10 /* GQ parameters file name */ 95#define CRYPTO_CONF_PW 11 /* private key password */ 96#define CRYPTO_CONF_IDENT 12 /* specify identity scheme */ 97 98/* 99 * Miscellaneous crypto stuff 100 */ 101#define NTP_MAXSESSION 100 /* maximum session key list entries */ 102#define NTP_AUTOMAX 13 /* log2 default max session key life */ 103#define KEY_REVOKE 16 /* log2 default key revoke timeout */ 104#define NTP_MAXEXTEN 1024 /* maximum extension field size */ 105#define TAI_1972 10 /* initial TAI offset (s) */ 106 107/* 108 * The autokey structure holds the values used to authenticate key IDs. 109 */ 110struct autokey { /* network byte order */ 111 keyid_t key; /* key ID */ 112 int32 seq; /* key number */ 113}; 114 115/* 116 * The value structure holds variable length data such as public 117 * key, agreement parameters, public valule and leapsecond table. 118 * They are in network byte order. 119 */ 120struct value { /* network byte order */ 121 tstamp_t tstamp; /* timestamp */ 122 tstamp_t fstamp; /* filestamp */ 123 u_int32 vallen; /* value length */ 124 u_char *ptr; /* data pointer (various) */ 125 u_int32 siglen; /* signature length */ 126 u_char *sig; /* signature */ 127}; 128 129/* 130 * The packet extension field structures are used to hold values 131 * and signatures in network byte order. 132 */ 133struct exten { 134 u_int32 opcode; /* opcode */ 135 u_int32 associd; /* association ID */ 136 u_int32 tstamp; /* timestamp */ 137 u_int32 fstamp; /* filestamp */ 138 u_int32 vallen; /* value length */ 139 u_int32 pkt[1]; /* start of value field */ 140}; 141 142/* 143 * The certificate info/value structure 144 */ 145struct cert_info { 146 struct cert_info *link; /* forward link */ 147 u_int flags; /* flags that wave */ 148 EVP_PKEY *pkey; /* generic key */ 149 long version; /* X509 version */ 150 int nid; /* signature/digest ID */ 151 const EVP_MD *digest; /* message digest algorithm */ 152 u_long serial; /* serial number */ 153 tstamp_t first; /* not valid before */ 154 tstamp_t last; /* not valid after */ 155 char *subject; /* subject common name */ 156 char *issuer; /* issuer common name */ 157 u_char *grpkey; /* GQ group key */ 158 u_int grplen; /* GQ group key length */ 159 struct value cert; /* certificate/value */ 160}; 161 162/* 163 * Cryptographic values 164 */ 165extern char *keysdir; /* crypto keys directory */ 166extern u_int crypto_flags; /* status word */ 167extern struct value hostval; /* host name/value */ 168extern struct cert_info *cinfo; /* host certificate information */ 169extern struct value tai_leap; /* leapseconds table */ 170#endif /* OPENSSL */