/contrib/bind9/lib/dns/dst_internal.h

https://bitbucket.org/freebsd/freebsd-head/ · C Header · 247 lines · 155 code · 32 blank · 60 comment · 1 complexity · d7ece58d024ec18d64afc6d23024f9b5 MD5 · raw file

  1. /*
  2. * Portions Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
  3. * Portions Copyright (C) 2000-2002 Internet Software Consortium.
  4. *
  5. * Permission to use, copy, modify, and/or distribute this software for any
  6. * purpose with or without fee is hereby granted, provided that the above
  7. * copyright notice and this permission notice appear in all copies.
  8. *
  9. * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
  10. * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
  11. * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
  12. * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  13. * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  14. * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
  15. * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  16. *
  17. * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
  18. *
  19. * Permission to use, copy, modify, and/or distribute this software for any
  20. * purpose with or without fee is hereby granted, provided that the above
  21. * copyright notice and this permission notice appear in all copies.
  22. *
  23. * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
  24. * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
  25. * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
  26. * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  27. * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  28. * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
  29. * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  30. */
  31. /* $Id$ */
  32. #ifndef DST_DST_INTERNAL_H
  33. #define DST_DST_INTERNAL_H 1
  34. #include <isc/lang.h>
  35. #include <isc/buffer.h>
  36. #include <isc/int.h>
  37. #include <isc/magic.h>
  38. #include <isc/region.h>
  39. #include <isc/types.h>
  40. #include <isc/md5.h>
  41. #include <isc/refcount.h>
  42. #include <isc/sha1.h>
  43. #include <isc/sha2.h>
  44. #include <isc/stdtime.h>
  45. #include <isc/hmacmd5.h>
  46. #include <isc/hmacsha.h>
  47. #include <dns/time.h>
  48. #include <dst/dst.h>
  49. #ifdef OPENSSL
  50. #include <openssl/dh.h>
  51. #include <openssl/dsa.h>
  52. #include <openssl/err.h>
  53. #include <openssl/evp.h>
  54. #include <openssl/objects.h>
  55. #include <openssl/rsa.h>
  56. #endif
  57. ISC_LANG_BEGINDECLS
  58. #define KEY_MAGIC ISC_MAGIC('D','S','T','K')
  59. #define CTX_MAGIC ISC_MAGIC('D','S','T','C')
  60. #define VALID_KEY(x) ISC_MAGIC_VALID(x, KEY_MAGIC)
  61. #define VALID_CTX(x) ISC_MAGIC_VALID(x, CTX_MAGIC)
  62. extern isc_mem_t *dst__memory_pool;
  63. /***
  64. *** Types
  65. ***/
  66. typedef struct dst_func dst_func_t;
  67. typedef struct dst_hmacmd5_key dst_hmacmd5_key_t;
  68. typedef struct dst_hmacsha1_key dst_hmacsha1_key_t;
  69. typedef struct dst_hmacsha224_key dst_hmacsha224_key_t;
  70. typedef struct dst_hmacsha256_key dst_hmacsha256_key_t;
  71. typedef struct dst_hmacsha384_key dst_hmacsha384_key_t;
  72. typedef struct dst_hmacsha512_key dst_hmacsha512_key_t;
  73. /*% DST Key Structure */
  74. struct dst_key {
  75. unsigned int magic;
  76. isc_refcount_t refs;
  77. dns_name_t * key_name; /*%< name of the key */
  78. unsigned int key_size; /*%< size of the key in bits */
  79. unsigned int key_proto; /*%< protocols this key is used for */
  80. unsigned int key_alg; /*%< algorithm of the key */
  81. isc_uint32_t key_flags; /*%< flags of the public key */
  82. isc_uint16_t key_id; /*%< identifier of the key */
  83. isc_uint16_t key_rid; /*%< identifier of the key when
  84. revoked */
  85. isc_uint16_t key_bits; /*%< hmac digest bits */
  86. dns_rdataclass_t key_class; /*%< class of the key record */
  87. isc_mem_t *mctx; /*%< memory context */
  88. char *engine; /*%< engine name (HSM) */
  89. char *label; /*%< engine label (HSM) */
  90. union {
  91. void *generic;
  92. gss_ctx_id_t gssctx;
  93. #ifdef OPENSSL
  94. #if !defined(USE_EVP) || !USE_EVP
  95. RSA *rsa;
  96. #endif
  97. DSA *dsa;
  98. DH *dh;
  99. EVP_PKEY *pkey;
  100. #endif
  101. dst_hmacmd5_key_t *hmacmd5;
  102. dst_hmacsha1_key_t *hmacsha1;
  103. dst_hmacsha224_key_t *hmacsha224;
  104. dst_hmacsha256_key_t *hmacsha256;
  105. dst_hmacsha384_key_t *hmacsha384;
  106. dst_hmacsha512_key_t *hmacsha512;
  107. } keydata; /*%< pointer to key in crypto pkg fmt */
  108. isc_stdtime_t times[DST_MAX_TIMES + 1]; /*%< timing metadata */
  109. isc_boolean_t timeset[DST_MAX_TIMES + 1]; /*%< data set? */
  110. isc_stdtime_t nums[DST_MAX_NUMERIC + 1]; /*%< numeric metadata */
  111. isc_boolean_t numset[DST_MAX_NUMERIC + 1]; /*%< data set? */
  112. int fmt_major; /*%< private key format, major version */
  113. int fmt_minor; /*%< private key format, minor version */
  114. dst_func_t * func; /*%< crypto package specific functions */
  115. isc_buffer_t *key_tkeytoken; /*%< TKEY token data */
  116. };
  117. struct dst_context {
  118. unsigned int magic;
  119. dst_key_t *key;
  120. isc_mem_t *mctx;
  121. union {
  122. void *generic;
  123. dst_gssapi_signverifyctx_t *gssctx;
  124. isc_md5_t *md5ctx;
  125. isc_sha1_t *sha1ctx;
  126. isc_sha256_t *sha256ctx;
  127. isc_sha512_t *sha512ctx;
  128. isc_hmacmd5_t *hmacmd5ctx;
  129. isc_hmacsha1_t *hmacsha1ctx;
  130. isc_hmacsha224_t *hmacsha224ctx;
  131. isc_hmacsha256_t *hmacsha256ctx;
  132. isc_hmacsha384_t *hmacsha384ctx;
  133. isc_hmacsha512_t *hmacsha512ctx;
  134. #ifdef OPENSSL
  135. EVP_MD_CTX *evp_md_ctx;
  136. #endif
  137. } ctxdata;
  138. };
  139. struct dst_func {
  140. /*
  141. * Context functions
  142. */
  143. isc_result_t (*createctx)(dst_key_t *key, dst_context_t *dctx);
  144. void (*destroyctx)(dst_context_t *dctx);
  145. isc_result_t (*adddata)(dst_context_t *dctx, const isc_region_t *data);
  146. /*
  147. * Key operations
  148. */
  149. isc_result_t (*sign)(dst_context_t *dctx, isc_buffer_t *sig);
  150. isc_result_t (*verify)(dst_context_t *dctx, const isc_region_t *sig);
  151. isc_result_t (*computesecret)(const dst_key_t *pub,
  152. const dst_key_t *priv,
  153. isc_buffer_t *secret);
  154. isc_boolean_t (*compare)(const dst_key_t *key1, const dst_key_t *key2);
  155. isc_boolean_t (*paramcompare)(const dst_key_t *key1,
  156. const dst_key_t *key2);
  157. isc_result_t (*generate)(dst_key_t *key, int parms,
  158. void (*callback)(int));
  159. isc_boolean_t (*isprivate)(const dst_key_t *key);
  160. void (*destroy)(dst_key_t *key);
  161. /* conversion functions */
  162. isc_result_t (*todns)(const dst_key_t *key, isc_buffer_t *data);
  163. isc_result_t (*fromdns)(dst_key_t *key, isc_buffer_t *data);
  164. isc_result_t (*tofile)(const dst_key_t *key, const char *directory);
  165. isc_result_t (*parse)(dst_key_t *key,
  166. isc_lex_t *lexer,
  167. dst_key_t *pub);
  168. /* cleanup */
  169. void (*cleanup)(void);
  170. isc_result_t (*fromlabel)(dst_key_t *key, const char *engine,
  171. const char *label, const char *pin);
  172. isc_result_t (*dump)(dst_key_t *key, isc_mem_t *mctx, char **buffer,
  173. int *length);
  174. isc_result_t (*restore)(dst_key_t *key, const char *keystr);
  175. };
  176. /*%
  177. * Initializers
  178. */
  179. isc_result_t dst__openssl_init(const char *engine);
  180. isc_result_t dst__hmacmd5_init(struct dst_func **funcp);
  181. isc_result_t dst__hmacsha1_init(struct dst_func **funcp);
  182. isc_result_t dst__hmacsha224_init(struct dst_func **funcp);
  183. isc_result_t dst__hmacsha256_init(struct dst_func **funcp);
  184. isc_result_t dst__hmacsha384_init(struct dst_func **funcp);
  185. isc_result_t dst__hmacsha512_init(struct dst_func **funcp);
  186. isc_result_t dst__opensslrsa_init(struct dst_func **funcp,
  187. unsigned char algorithm);
  188. isc_result_t dst__openssldsa_init(struct dst_func **funcp);
  189. isc_result_t dst__openssldh_init(struct dst_func **funcp);
  190. isc_result_t dst__gssapi_init(struct dst_func **funcp);
  191. #ifdef HAVE_OPENSSL_GOST
  192. isc_result_t dst__opensslgost_init(struct dst_func **funcp);
  193. #endif
  194. /*%
  195. * Destructors
  196. */
  197. void dst__openssl_destroy(void);
  198. /*%
  199. * Memory allocators using the DST memory pool.
  200. */
  201. void * dst__mem_alloc(size_t size);
  202. void dst__mem_free(void *ptr);
  203. void * dst__mem_realloc(void *ptr, size_t size);
  204. /*%
  205. * Entropy retriever using the DST entropy pool.
  206. */
  207. isc_result_t dst__entropy_getdata(void *buf, unsigned int len,
  208. isc_boolean_t pseudo);
  209. /*
  210. * Entropy status hook.
  211. */
  212. unsigned int dst__entropy_status(void);
  213. ISC_LANG_ENDDECLS
  214. #endif /* DST_DST_INTERNAL_H */
  215. /*! \file */