PageRenderTime 58ms CodeModel.GetById 46ms app.highlight 9ms RepoModel.GetById 1ms app.codeStats 0ms

/contrib/bind9/lib/dns/dst_internal.h

https://bitbucket.org/freebsd/freebsd-head/
C++ Header | 247 lines | 155 code | 32 blank | 60 comment | 1 complexity | d7ece58d024ec18d64afc6d23024f9b5 MD5 | raw file
  1/*
  2 * Portions Copyright (C) 2004-2012  Internet Systems Consortium, Inc. ("ISC")
  3 * Portions Copyright (C) 2000-2002  Internet Software Consortium.
  4 *
  5 * Permission to use, copy, modify, and/or distribute this software for any
  6 * purpose with or without fee is hereby granted, provided that the above
  7 * copyright notice and this permission notice appear in all copies.
  8 *
  9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
 10 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
 12 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
 15 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 16 *
 17 * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
 18 *
 19 * Permission to use, copy, modify, and/or distribute this software for any
 20 * purpose with or without fee is hereby granted, provided that the above
 21 * copyright notice and this permission notice appear in all copies.
 22 *
 23 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
 24 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
 25 * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
 26 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 27 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 28 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
 29 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 30 */
 31
 32/* $Id$ */
 33
 34#ifndef DST_DST_INTERNAL_H
 35#define DST_DST_INTERNAL_H 1
 36
 37#include <isc/lang.h>
 38#include <isc/buffer.h>
 39#include <isc/int.h>
 40#include <isc/magic.h>
 41#include <isc/region.h>
 42#include <isc/types.h>
 43#include <isc/md5.h>
 44#include <isc/refcount.h>
 45#include <isc/sha1.h>
 46#include <isc/sha2.h>
 47#include <isc/stdtime.h>
 48#include <isc/hmacmd5.h>
 49#include <isc/hmacsha.h>
 50
 51#include <dns/time.h>
 52
 53#include <dst/dst.h>
 54
 55#ifdef OPENSSL
 56#include <openssl/dh.h>
 57#include <openssl/dsa.h>
 58#include <openssl/err.h>
 59#include <openssl/evp.h>
 60#include <openssl/objects.h>
 61#include <openssl/rsa.h>
 62#endif
 63
 64ISC_LANG_BEGINDECLS
 65
 66#define KEY_MAGIC	ISC_MAGIC('D','S','T','K')
 67#define CTX_MAGIC	ISC_MAGIC('D','S','T','C')
 68
 69#define VALID_KEY(x) ISC_MAGIC_VALID(x, KEY_MAGIC)
 70#define VALID_CTX(x) ISC_MAGIC_VALID(x, CTX_MAGIC)
 71
 72extern isc_mem_t *dst__memory_pool;
 73
 74/***
 75 *** Types
 76 ***/
 77
 78typedef struct dst_func dst_func_t;
 79
 80typedef struct dst_hmacmd5_key	  dst_hmacmd5_key_t;
 81typedef struct dst_hmacsha1_key   dst_hmacsha1_key_t;
 82typedef struct dst_hmacsha224_key dst_hmacsha224_key_t;
 83typedef struct dst_hmacsha256_key dst_hmacsha256_key_t;
 84typedef struct dst_hmacsha384_key dst_hmacsha384_key_t;
 85typedef struct dst_hmacsha512_key dst_hmacsha512_key_t;
 86
 87/*% DST Key Structure */
 88struct dst_key {
 89	unsigned int	magic;
 90	isc_refcount_t	refs;
 91	dns_name_t *	key_name;	/*%< name of the key */
 92	unsigned int	key_size;	/*%< size of the key in bits */
 93	unsigned int	key_proto;	/*%< protocols this key is used for */
 94	unsigned int	key_alg;	/*%< algorithm of the key */
 95	isc_uint32_t	key_flags;	/*%< flags of the public key */
 96	isc_uint16_t	key_id;		/*%< identifier of the key */
 97	isc_uint16_t	key_rid;	/*%< identifier of the key when
 98					     revoked */
 99	isc_uint16_t	key_bits;	/*%< hmac digest bits */
100	dns_rdataclass_t key_class;	/*%< class of the key record */
101	isc_mem_t	*mctx;		/*%< memory context */
102	char		*engine;	/*%< engine name (HSM) */
103	char		*label;		/*%< engine label (HSM) */
104	union {
105		void *generic;
106		gss_ctx_id_t gssctx;
107#ifdef OPENSSL
108#if !defined(USE_EVP) || !USE_EVP
109		RSA *rsa;
110#endif
111		DSA *dsa;
112		DH *dh;
113		EVP_PKEY *pkey;
114#endif
115		dst_hmacmd5_key_t *hmacmd5;
116		dst_hmacsha1_key_t *hmacsha1;
117		dst_hmacsha224_key_t *hmacsha224;
118		dst_hmacsha256_key_t *hmacsha256;
119		dst_hmacsha384_key_t *hmacsha384;
120		dst_hmacsha512_key_t *hmacsha512;
121
122	} keydata;			/*%< pointer to key in crypto pkg fmt */
123
124	isc_stdtime_t	times[DST_MAX_TIMES + 1];    /*%< timing metadata */
125	isc_boolean_t	timeset[DST_MAX_TIMES + 1];  /*%< data set? */
126	isc_stdtime_t	nums[DST_MAX_NUMERIC + 1];   /*%< numeric metadata */
127	isc_boolean_t	numset[DST_MAX_NUMERIC + 1]; /*%< data set? */
128
129	int		fmt_major;     /*%< private key format, major version */
130	int		fmt_minor;     /*%< private key format, minor version */
131
132	dst_func_t *    func;	       /*%< crypto package specific functions */
133	isc_buffer_t   *key_tkeytoken; /*%< TKEY token data */
134};
135
136struct dst_context {
137	unsigned int magic;
138	dst_key_t *key;
139	isc_mem_t *mctx;
140	union {
141		void *generic;
142		dst_gssapi_signverifyctx_t *gssctx;
143		isc_md5_t *md5ctx;
144		isc_sha1_t *sha1ctx;
145		isc_sha256_t *sha256ctx;
146		isc_sha512_t *sha512ctx;
147		isc_hmacmd5_t *hmacmd5ctx;
148		isc_hmacsha1_t *hmacsha1ctx;
149		isc_hmacsha224_t *hmacsha224ctx;
150		isc_hmacsha256_t *hmacsha256ctx;
151		isc_hmacsha384_t *hmacsha384ctx;
152		isc_hmacsha512_t *hmacsha512ctx;
153#ifdef OPENSSL
154		EVP_MD_CTX *evp_md_ctx;
155#endif
156	} ctxdata;
157};
158
159struct dst_func {
160	/*
161	 * Context functions
162	 */
163	isc_result_t (*createctx)(dst_key_t *key, dst_context_t *dctx);
164	void (*destroyctx)(dst_context_t *dctx);
165	isc_result_t (*adddata)(dst_context_t *dctx, const isc_region_t *data);
166
167	/*
168	 * Key operations
169	 */
170	isc_result_t (*sign)(dst_context_t *dctx, isc_buffer_t *sig);
171	isc_result_t (*verify)(dst_context_t *dctx, const isc_region_t *sig);
172	isc_result_t (*computesecret)(const dst_key_t *pub,
173				      const dst_key_t *priv,
174				      isc_buffer_t *secret);
175	isc_boolean_t (*compare)(const dst_key_t *key1, const dst_key_t *key2);
176	isc_boolean_t (*paramcompare)(const dst_key_t *key1,
177				      const dst_key_t *key2);
178	isc_result_t (*generate)(dst_key_t *key, int parms,
179				 void (*callback)(int));
180	isc_boolean_t (*isprivate)(const dst_key_t *key);
181	void (*destroy)(dst_key_t *key);
182
183	/* conversion functions */
184	isc_result_t (*todns)(const dst_key_t *key, isc_buffer_t *data);
185	isc_result_t (*fromdns)(dst_key_t *key, isc_buffer_t *data);
186	isc_result_t (*tofile)(const dst_key_t *key, const char *directory);
187	isc_result_t (*parse)(dst_key_t *key,
188			      isc_lex_t *lexer,
189			      dst_key_t *pub);
190
191	/* cleanup */
192	void (*cleanup)(void);
193
194	isc_result_t (*fromlabel)(dst_key_t *key, const char *engine,
195				  const char *label, const char *pin);
196	isc_result_t (*dump)(dst_key_t *key, isc_mem_t *mctx, char **buffer,
197			     int *length);
198	isc_result_t (*restore)(dst_key_t *key, const char *keystr);
199};
200
201/*%
202 * Initializers
203 */
204isc_result_t dst__openssl_init(const char *engine);
205
206isc_result_t dst__hmacmd5_init(struct dst_func **funcp);
207isc_result_t dst__hmacsha1_init(struct dst_func **funcp);
208isc_result_t dst__hmacsha224_init(struct dst_func **funcp);
209isc_result_t dst__hmacsha256_init(struct dst_func **funcp);
210isc_result_t dst__hmacsha384_init(struct dst_func **funcp);
211isc_result_t dst__hmacsha512_init(struct dst_func **funcp);
212isc_result_t dst__opensslrsa_init(struct dst_func **funcp,
213				  unsigned char algorithm);
214isc_result_t dst__openssldsa_init(struct dst_func **funcp);
215isc_result_t dst__openssldh_init(struct dst_func **funcp);
216isc_result_t dst__gssapi_init(struct dst_func **funcp);
217#ifdef HAVE_OPENSSL_GOST
218isc_result_t dst__opensslgost_init(struct dst_func **funcp);
219#endif
220
221/*%
222 * Destructors
223 */
224void dst__openssl_destroy(void);
225
226/*%
227 * Memory allocators using the DST memory pool.
228 */
229void * dst__mem_alloc(size_t size);
230void   dst__mem_free(void *ptr);
231void * dst__mem_realloc(void *ptr, size_t size);
232
233/*%
234 * Entropy retriever using the DST entropy pool.
235 */
236isc_result_t dst__entropy_getdata(void *buf, unsigned int len,
237				  isc_boolean_t pseudo);
238
239/*
240 * Entropy status hook.
241 */
242unsigned int dst__entropy_status(void);
243
244ISC_LANG_ENDDECLS
245
246#endif /* DST_DST_INTERNAL_H */
247/*! \file */