1 /* $NetBSD: dst_internal.h,v 1.10 2014/12/10 04:37:58 christos Exp $ */ 2 3 /* 4 * Portions Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") 5 * Portions Copyright (C) 2000-2002 Internet Software Consortium. 6 * 7 * Permission to use, copy, modify, and/or distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS 12 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 13 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE 14 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR 17 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 * 19 * Portions Copyright (C) 1995-2000 by Network Associates, Inc. 20 * 21 * Permission to use, copy, modify, and/or distribute this software for any 22 * purpose with or without fee is hereby granted, provided that the above 23 * copyright notice and this permission notice appear in all copies. 24 * 25 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS 26 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 27 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE 28 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 29 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 30 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR 31 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 32 */ 33 34 /* Id: dst_internal.h,v 1.31 2011/10/20 21:20:02 marka Exp */ 35 36 #ifndef DST_DST_INTERNAL_H 37 #define DST_DST_INTERNAL_H 1 38 39 #include <isc/lang.h> 40 #include <isc/buffer.h> 41 #include <isc/int.h> 42 #include <isc/magic.h> 43 #include <isc/region.h> 44 #include <isc/types.h> 45 #include <isc/md5.h> 46 #include <isc/refcount.h> 47 #include <isc/sha1.h> 48 #include <isc/sha2.h> 49 #include <isc/stdtime.h> 50 #include <isc/hmacmd5.h> 51 #include <isc/hmacsha.h> 52 53 #include <dns/time.h> 54 55 #include <dst/dst.h> 56 57 #ifdef OPENSSL 58 #include <openssl/dh.h> 59 #include <openssl/dsa.h> 60 #include <openssl/err.h> 61 #include <openssl/evp.h> 62 #include <openssl/objects.h> 63 #include <openssl/rsa.h> 64 #endif 65 66 ISC_LANG_BEGINDECLS 67 68 #define KEY_MAGIC ISC_MAGIC('D','S','T','K') 69 #define CTX_MAGIC ISC_MAGIC('D','S','T','C') 70 71 #define VALID_KEY(x) ISC_MAGIC_VALID(x, KEY_MAGIC) 72 #define VALID_CTX(x) ISC_MAGIC_VALID(x, CTX_MAGIC) 73 74 extern isc_mem_t *dst__memory_pool; 75 76 /*** 77 *** Types 78 ***/ 79 80 typedef struct dst_func dst_func_t; 81 82 typedef struct dst_hmacmd5_key dst_hmacmd5_key_t; 83 typedef struct dst_hmacsha1_key dst_hmacsha1_key_t; 84 typedef struct dst_hmacsha224_key dst_hmacsha224_key_t; 85 typedef struct dst_hmacsha256_key dst_hmacsha256_key_t; 86 typedef struct dst_hmacsha384_key dst_hmacsha384_key_t; 87 typedef struct dst_hmacsha512_key dst_hmacsha512_key_t; 88 89 /*% 90 * Indicate whether a DST context will be used for signing 91 * or for verification 92 */ 93 typedef enum { DO_SIGN, DO_VERIFY } dst_use_t; 94 95 /*% DST Key Structure */ 96 struct dst_key { 97 unsigned int magic; 98 isc_refcount_t refs; 99 dns_name_t * key_name; /*%< name of the key */ 100 unsigned int key_size; /*%< size of the key in bits */ 101 unsigned int key_proto; /*%< protocols this key is used for */ 102 unsigned int key_alg; /*%< algorithm of the key */ 103 isc_uint32_t key_flags; /*%< flags of the public key */ 104 isc_uint16_t key_id; /*%< identifier of the key */ 105 isc_uint16_t key_rid; /*%< identifier of the key when 106 revoked */ 107 isc_uint16_t key_bits; /*%< hmac digest bits */ 108 dns_rdataclass_t key_class; /*%< class of the key record */ 109 dns_ttl_t key_ttl; /*%< default/initial dnskey ttl */ 110 isc_mem_t *mctx; /*%< memory context */ 111 char *engine; /*%< engine name (HSM) */ 112 char *label; /*%< engine label (HSM) */ 113 union { 114 void *generic; 115 gss_ctx_id_t gssctx; 116 #ifdef OPENSSL 117 #if !defined(USE_EVP) || !USE_EVP 118 RSA *rsa; 119 #endif 120 DSA *dsa; 121 DH *dh; 122 EVP_PKEY *pkey; 123 #elif PKCS11CRYPTO 124 pk11_object_t *pkey; 125 #endif 126 dst_hmacmd5_key_t *hmacmd5; 127 dst_hmacsha1_key_t *hmacsha1; 128 dst_hmacsha224_key_t *hmacsha224; 129 dst_hmacsha256_key_t *hmacsha256; 130 dst_hmacsha384_key_t *hmacsha384; 131 dst_hmacsha512_key_t *hmacsha512; 132 133 } keydata; /*%< pointer to key in crypto pkg fmt */ 134 135 isc_stdtime_t times[DST_MAX_TIMES + 1]; /*%< timing metadata */ 136 isc_boolean_t timeset[DST_MAX_TIMES + 1]; /*%< data set? */ 137 isc_stdtime_t nums[DST_MAX_NUMERIC + 1]; /*%< numeric metadata */ 138 isc_boolean_t numset[DST_MAX_NUMERIC + 1]; /*%< data set? */ 139 isc_boolean_t inactive; /*%< private key not present as it is 140 inactive */ 141 isc_boolean_t external; /*%< external key */ 142 143 int fmt_major; /*%< private key format, major version */ 144 int fmt_minor; /*%< private key format, minor version */ 145 146 dst_func_t * func; /*%< crypto package specific functions */ 147 isc_buffer_t *key_tkeytoken; /*%< TKEY token data */ 148 }; 149 150 struct dst_context { 151 unsigned int magic; 152 dst_use_t use; 153 dst_key_t *key; 154 isc_mem_t *mctx; 155 isc_logcategory_t *category; 156 union { 157 void *generic; 158 dst_gssapi_signverifyctx_t *gssctx; 159 isc_md5_t *md5ctx; 160 isc_sha1_t *sha1ctx; 161 isc_sha256_t *sha256ctx; 162 isc_sha512_t *sha512ctx; 163 isc_hmacmd5_t *hmacmd5ctx; 164 isc_hmacsha1_t *hmacsha1ctx; 165 isc_hmacsha224_t *hmacsha224ctx; 166 isc_hmacsha256_t *hmacsha256ctx; 167 isc_hmacsha384_t *hmacsha384ctx; 168 isc_hmacsha512_t *hmacsha512ctx; 169 #ifdef OPENSSL 170 EVP_MD_CTX *evp_md_ctx; 171 #elif PKCS11CRYPTO 172 pk11_context_t *pk11_ctx; 173 #endif 174 } ctxdata; 175 }; 176 177 struct dst_func { 178 /* 179 * Context functions 180 */ 181 isc_result_t (*createctx)(dst_key_t *key, dst_context_t *dctx); 182 isc_result_t (*createctx2)(dst_key_t *key, int maxbits, 183 dst_context_t *dctx); 184 void (*destroyctx)(dst_context_t *dctx); 185 isc_result_t (*adddata)(dst_context_t *dctx, const isc_region_t *data); 186 187 /* 188 * Key operations 189 */ 190 isc_result_t (*sign)(dst_context_t *dctx, isc_buffer_t *sig); 191 isc_result_t (*verify)(dst_context_t *dctx, const isc_region_t *sig); 192 isc_result_t (*verify2)(dst_context_t *dctx, int maxbits, 193 const isc_region_t *sig); 194 isc_result_t (*computesecret)(const dst_key_t *pub, 195 const dst_key_t *priv, 196 isc_buffer_t *secret); 197 isc_boolean_t (*compare)(const dst_key_t *key1, const dst_key_t *key2); 198 isc_boolean_t (*paramcompare)(const dst_key_t *key1, 199 const dst_key_t *key2); 200 isc_result_t (*generate)(dst_key_t *key, int parms, 201 void (*callback)(int)); 202 isc_boolean_t (*isprivate)(const dst_key_t *key); 203 void (*destroy)(dst_key_t *key); 204 205 /* conversion functions */ 206 isc_result_t (*todns)(const dst_key_t *key, isc_buffer_t *data); 207 isc_result_t (*fromdns)(dst_key_t *key, isc_buffer_t *data); 208 isc_result_t (*tofile)(const dst_key_t *key, const char *directory); 209 isc_result_t (*parse)(dst_key_t *key, 210 isc_lex_t *lexer, 211 dst_key_t *pub); 212 213 /* cleanup */ 214 void (*cleanup)(void); 215 216 isc_result_t (*fromlabel)(dst_key_t *key, const char *engine, 217 const char *label, const char *pin); 218 isc_result_t (*dump)(dst_key_t *key, isc_mem_t *mctx, char **buffer, 219 int *length); 220 isc_result_t (*restore)(dst_key_t *key, const char *keystr); 221 }; 222 223 /*% 224 * Initializers 225 */ 226 isc_result_t dst__openssl_init(const char *engine); 227 #define dst__pkcs11_init pk11_initialize 228 229 isc_result_t dst__hmacmd5_init(struct dst_func **funcp); 230 isc_result_t dst__hmacsha1_init(struct dst_func **funcp); 231 isc_result_t dst__hmacsha224_init(struct dst_func **funcp); 232 isc_result_t dst__hmacsha256_init(struct dst_func **funcp); 233 isc_result_t dst__hmacsha384_init(struct dst_func **funcp); 234 isc_result_t dst__hmacsha512_init(struct dst_func **funcp); 235 isc_result_t dst__opensslrsa_init(struct dst_func **funcp, 236 unsigned char algorithm); 237 isc_result_t dst__pkcs11rsa_init(struct dst_func **funcp); 238 isc_result_t dst__openssldsa_init(struct dst_func **funcp); 239 isc_result_t dst__pkcs11dsa_init(struct dst_func **funcp); 240 isc_result_t dst__openssldh_init(struct dst_func **funcp); 241 isc_result_t dst__pkcs11dh_init(struct dst_func **funcp); 242 isc_result_t dst__gssapi_init(struct dst_func **funcp); 243 #ifdef HAVE_OPENSSL_ECDSA 244 isc_result_t dst__opensslecdsa_init(struct dst_func **funcp); 245 #endif 246 #ifdef HAVE_PKCS11_ECDSA 247 isc_result_t dst__pkcs11ecdsa_init(struct dst_func **funcp); 248 #endif 249 #ifdef HAVE_OPENSSL_GOST 250 isc_result_t dst__opensslgost_init(struct dst_func **funcp); 251 #endif 252 #ifdef HAVE_PKCS11_GOST 253 isc_result_t dst__pkcs11gost_init(struct dst_func **funcp); 254 #endif 255 256 /*% 257 * Destructors 258 */ 259 void dst__openssl_destroy(void); 260 #define dst__pkcs11_destroy pk11_finalize 261 262 /*% 263 * Memory allocators using the DST memory pool. 264 */ 265 void * dst__mem_alloc(size_t size); 266 void dst__mem_free(void *ptr); 267 void * dst__mem_realloc(void *ptr, size_t size); 268 269 /*% 270 * Entropy retriever using the DST entropy pool. 271 */ 272 isc_result_t dst__entropy_getdata(void *buf, unsigned int len, 273 isc_boolean_t pseudo); 274 275 /* 276 * Entropy status hook. 277 */ 278 unsigned int dst__entropy_status(void); 279 280 ISC_LANG_ENDDECLS 281 282 #endif /* DST_DST_INTERNAL_H */ 283 /*! \file */ 284