/contrib/bind9/lib/dns/dst_internal.h
C++ Header | 247 lines | 155 code | 32 blank | 60 comment | 1 complexity | d7ece58d024ec18d64afc6d23024f9b5 MD5 | raw file
1/* 2 * Portions Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") 3 * Portions Copyright (C) 2000-2002 Internet Software Consortium. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS 10 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE 12 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR 15 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 * 17 * Portions Copyright (C) 1995-2000 by Network Associates, Inc. 18 * 19 * Permission to use, copy, modify, and/or distribute this software for any 20 * purpose with or without fee is hereby granted, provided that the above 21 * copyright notice and this permission notice appear in all copies. 22 * 23 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS 24 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 25 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE 26 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 27 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 28 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR 29 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 30 */ 31 32/* $Id$ */ 33 34#ifndef DST_DST_INTERNAL_H 35#define DST_DST_INTERNAL_H 1 36 37#include <isc/lang.h> 38#include <isc/buffer.h> 39#include <isc/int.h> 40#include <isc/magic.h> 41#include <isc/region.h> 42#include <isc/types.h> 43#include <isc/md5.h> 44#include <isc/refcount.h> 45#include <isc/sha1.h> 46#include <isc/sha2.h> 47#include <isc/stdtime.h> 48#include <isc/hmacmd5.h> 49#include <isc/hmacsha.h> 50 51#include <dns/time.h> 52 53#include <dst/dst.h> 54 55#ifdef OPENSSL 56#include <openssl/dh.h> 57#include <openssl/dsa.h> 58#include <openssl/err.h> 59#include <openssl/evp.h> 60#include <openssl/objects.h> 61#include <openssl/rsa.h> 62#endif 63 64ISC_LANG_BEGINDECLS 65 66#define KEY_MAGIC ISC_MAGIC('D','S','T','K') 67#define CTX_MAGIC ISC_MAGIC('D','S','T','C') 68 69#define VALID_KEY(x) ISC_MAGIC_VALID(x, KEY_MAGIC) 70#define VALID_CTX(x) ISC_MAGIC_VALID(x, CTX_MAGIC) 71 72extern isc_mem_t *dst__memory_pool; 73 74/*** 75 *** Types 76 ***/ 77 78typedef struct dst_func dst_func_t; 79 80typedef struct dst_hmacmd5_key dst_hmacmd5_key_t; 81typedef struct dst_hmacsha1_key dst_hmacsha1_key_t; 82typedef struct dst_hmacsha224_key dst_hmacsha224_key_t; 83typedef struct dst_hmacsha256_key dst_hmacsha256_key_t; 84typedef struct dst_hmacsha384_key dst_hmacsha384_key_t; 85typedef struct dst_hmacsha512_key dst_hmacsha512_key_t; 86 87/*% DST Key Structure */ 88struct dst_key { 89 unsigned int magic; 90 isc_refcount_t refs; 91 dns_name_t * key_name; /*%< name of the key */ 92 unsigned int key_size; /*%< size of the key in bits */ 93 unsigned int key_proto; /*%< protocols this key is used for */ 94 unsigned int key_alg; /*%< algorithm of the key */ 95 isc_uint32_t key_flags; /*%< flags of the public key */ 96 isc_uint16_t key_id; /*%< identifier of the key */ 97 isc_uint16_t key_rid; /*%< identifier of the key when 98 revoked */ 99 isc_uint16_t key_bits; /*%< hmac digest bits */ 100 dns_rdataclass_t key_class; /*%< class of the key record */ 101 isc_mem_t *mctx; /*%< memory context */ 102 char *engine; /*%< engine name (HSM) */ 103 char *label; /*%< engine label (HSM) */ 104 union { 105 void *generic; 106 gss_ctx_id_t gssctx; 107#ifdef OPENSSL 108#if !defined(USE_EVP) || !USE_EVP 109 RSA *rsa; 110#endif 111 DSA *dsa; 112 DH *dh; 113 EVP_PKEY *pkey; 114#endif 115 dst_hmacmd5_key_t *hmacmd5; 116 dst_hmacsha1_key_t *hmacsha1; 117 dst_hmacsha224_key_t *hmacsha224; 118 dst_hmacsha256_key_t *hmacsha256; 119 dst_hmacsha384_key_t *hmacsha384; 120 dst_hmacsha512_key_t *hmacsha512; 121 122 } keydata; /*%< pointer to key in crypto pkg fmt */ 123 124 isc_stdtime_t times[DST_MAX_TIMES + 1]; /*%< timing metadata */ 125 isc_boolean_t timeset[DST_MAX_TIMES + 1]; /*%< data set? */ 126 isc_stdtime_t nums[DST_MAX_NUMERIC + 1]; /*%< numeric metadata */ 127 isc_boolean_t numset[DST_MAX_NUMERIC + 1]; /*%< data set? */ 128 129 int fmt_major; /*%< private key format, major version */ 130 int fmt_minor; /*%< private key format, minor version */ 131 132 dst_func_t * func; /*%< crypto package specific functions */ 133 isc_buffer_t *key_tkeytoken; /*%< TKEY token data */ 134}; 135 136struct dst_context { 137 unsigned int magic; 138 dst_key_t *key; 139 isc_mem_t *mctx; 140 union { 141 void *generic; 142 dst_gssapi_signverifyctx_t *gssctx; 143 isc_md5_t *md5ctx; 144 isc_sha1_t *sha1ctx; 145 isc_sha256_t *sha256ctx; 146 isc_sha512_t *sha512ctx; 147 isc_hmacmd5_t *hmacmd5ctx; 148 isc_hmacsha1_t *hmacsha1ctx; 149 isc_hmacsha224_t *hmacsha224ctx; 150 isc_hmacsha256_t *hmacsha256ctx; 151 isc_hmacsha384_t *hmacsha384ctx; 152 isc_hmacsha512_t *hmacsha512ctx; 153#ifdef OPENSSL 154 EVP_MD_CTX *evp_md_ctx; 155#endif 156 } ctxdata; 157}; 158 159struct dst_func { 160 /* 161 * Context functions 162 */ 163 isc_result_t (*createctx)(dst_key_t *key, dst_context_t *dctx); 164 void (*destroyctx)(dst_context_t *dctx); 165 isc_result_t (*adddata)(dst_context_t *dctx, const isc_region_t *data); 166 167 /* 168 * Key operations 169 */ 170 isc_result_t (*sign)(dst_context_t *dctx, isc_buffer_t *sig); 171 isc_result_t (*verify)(dst_context_t *dctx, const isc_region_t *sig); 172 isc_result_t (*computesecret)(const dst_key_t *pub, 173 const dst_key_t *priv, 174 isc_buffer_t *secret); 175 isc_boolean_t (*compare)(const dst_key_t *key1, const dst_key_t *key2); 176 isc_boolean_t (*paramcompare)(const dst_key_t *key1, 177 const dst_key_t *key2); 178 isc_result_t (*generate)(dst_key_t *key, int parms, 179 void (*callback)(int)); 180 isc_boolean_t (*isprivate)(const dst_key_t *key); 181 void (*destroy)(dst_key_t *key); 182 183 /* conversion functions */ 184 isc_result_t (*todns)(const dst_key_t *key, isc_buffer_t *data); 185 isc_result_t (*fromdns)(dst_key_t *key, isc_buffer_t *data); 186 isc_result_t (*tofile)(const dst_key_t *key, const char *directory); 187 isc_result_t (*parse)(dst_key_t *key, 188 isc_lex_t *lexer, 189 dst_key_t *pub); 190 191 /* cleanup */ 192 void (*cleanup)(void); 193 194 isc_result_t (*fromlabel)(dst_key_t *key, const char *engine, 195 const char *label, const char *pin); 196 isc_result_t (*dump)(dst_key_t *key, isc_mem_t *mctx, char **buffer, 197 int *length); 198 isc_result_t (*restore)(dst_key_t *key, const char *keystr); 199}; 200 201/*% 202 * Initializers 203 */ 204isc_result_t dst__openssl_init(const char *engine); 205 206isc_result_t dst__hmacmd5_init(struct dst_func **funcp); 207isc_result_t dst__hmacsha1_init(struct dst_func **funcp); 208isc_result_t dst__hmacsha224_init(struct dst_func **funcp); 209isc_result_t dst__hmacsha256_init(struct dst_func **funcp); 210isc_result_t dst__hmacsha384_init(struct dst_func **funcp); 211isc_result_t dst__hmacsha512_init(struct dst_func **funcp); 212isc_result_t dst__opensslrsa_init(struct dst_func **funcp, 213 unsigned char algorithm); 214isc_result_t dst__openssldsa_init(struct dst_func **funcp); 215isc_result_t dst__openssldh_init(struct dst_func **funcp); 216isc_result_t dst__gssapi_init(struct dst_func **funcp); 217#ifdef HAVE_OPENSSL_GOST 218isc_result_t dst__opensslgost_init(struct dst_func **funcp); 219#endif 220 221/*% 222 * Destructors 223 */ 224void dst__openssl_destroy(void); 225 226/*% 227 * Memory allocators using the DST memory pool. 228 */ 229void * dst__mem_alloc(size_t size); 230void dst__mem_free(void *ptr); 231void * dst__mem_realloc(void *ptr, size_t size); 232 233/*% 234 * Entropy retriever using the DST entropy pool. 235 */ 236isc_result_t dst__entropy_getdata(void *buf, unsigned int len, 237 isc_boolean_t pseudo); 238 239/* 240 * Entropy status hook. 241 */ 242unsigned int dst__entropy_status(void); 243 244ISC_LANG_ENDDECLS 245 246#endif /* DST_DST_INTERNAL_H */ 247/*! \file */