1 /*	$NetBSD: dst.h,v 1.1.1.2 2014/07/12 11:57:57 spz Exp $	*/
2 #ifndef DST_H
3 #define DST_H
4 
5 #ifndef HAS_DST_KEY
6 typedef struct dst_key {
7 	char	*dk_key_name;   /* name of the key */
8 	int	dk_key_size;    /* this is the size of the key in bits */
9 	int	dk_proto;       /* what protocols this key can be used for */
10 	int	dk_alg;         /* algorithm number from key record */
11 	unsigned dk_flags;     /* and the flags of the public key */
12 	unsigned dk_id;        /* identifier of the key */
13 } DST_KEY;
14 #endif /* HAS_DST_KEY */
15 
16 /*
17  * DST Crypto API defintions
18  */
19 void     dst_init(void);
20 int      dst_check_algorithm(const int);
21 
22 int dst_sign_data(const int mode,	 /* specifies INIT/UPDATE/FINAL/ALL */
23 		  DST_KEY *in_key,	 /* the key to use */
24 		  void **context,	 /* pointer to state structure */
25 		  const u_char *data,	 /* data to be signed */
26 		  const unsigned len,	 /* length of input data */
27 		  u_char *signature,	 /* buffer to write signature to */
28 		  const unsigned sig_len); /* size of output buffer */
29 
30 int dst_verify_data(const int mode,	 /* specifies INIT/UPDATE/FINAL/ALL */
31 		    DST_KEY *in_key,	 /* the key to use */
32 		    void **context,	 /* pointer to state structure */
33 		    const u_char *data,  /* data to be verified */
34 		    const unsigned len,	 /* length of input data */
35 		    const u_char *signature,/* buffer containing signature */
36 		    const unsigned sig_len);	 /* length of signature */
37 
38 
39 DST_KEY *dst_read_key(const char *in_name,   /* name of key */
40 		      const unsigned in_id, /* key tag identifier */
41 		      const int in_alg,      /* key algorithm */
42 		      const int key_type);   /* Private/PublicKey wanted*/
43 
44 int      dst_write_key(const DST_KEY *key,  /* key to write out */
45 		       const int key_type); /* Public/Private */
46 
47 DST_KEY *dst_dnskey_to_key(const char *in_name,	/* KEY record name */
48 			   const u_char *key,	/* KEY RDATA */
49 			   const unsigned len);	/* size of input buffer*/
50 
51 
52 int      dst_key_to_dnskey(const DST_KEY *key,	/* key to translate */
53 			   u_char *out_storage,	/* output buffer */
54 			   const unsigned out_len); /* size of out_storage*/
55 
56 
57 DST_KEY *dst_buffer_to_key(const char *key_name,  /* name of the key */
58 			   const int alg,	  /* algorithm */
59 			   const unsigned flags,  /* dns flags */
60 			   const int protocol,	  /* dns protocol */
61 			   const u_char *key_buf, /* key in dns wire fmt */
62 			   const unsigned key_len);	  /* size of key */
63 
64 
65 int     dst_key_to_buffer(DST_KEY *key, u_char *out_buff, unsigned buf_len);
66 
67 DST_KEY *dst_generate_key(const char *name,    /* name of new key */
68 			  const int bits,      /* size of new key */
69 			  const int exp,       /* alg dependent parameter*/
70 			  const unsigned flags,     /* key DNS flags */
71 			  const int protocol, /* key DNS protocol */
72 			  const int alg);       /* key algorithm to generate */
73 
74 DST_KEY *dst_free_key(DST_KEY *f_key);
75 int      dst_compare_keys(const DST_KEY *key1, const DST_KEY *key2);
76 
77 int	dst_sig_size(DST_KEY *key);
78 
79 int     dst_random(const int mode, unsigned wanted, u_char *outran);
80 
81 
82 /* support for dns key tags/ids */
83 u_int16_t dst_s_dns_key_id(const u_char *dns_key_rdata,
84 			   const unsigned rdata_len);
85 u_int16_t dst_s_id_calc(const u_char *key_data, const unsigned key_len);
86 
87 /* Used by callers as well as by the library.  */
88 #define RAW_KEY_SIZE    8192        /* large enough to store any key */
89 
90 /* DST_API control flags */
91 /* These are used used in functions dst_sign_data and dst_verify_data */
92 #define SIG_MODE_INIT		1  /* initalize digest */
93 #define SIG_MODE_UPDATE		2  /* add data to digest */
94 #define SIG_MODE_FINAL		4  /* generate/verify signature */
95 #define SIG_MODE_ALL		(SIG_MODE_INIT|SIG_MODE_UPDATE|SIG_MODE_FINAL)
96 
97 /* Flags for dst_read_private_key()  */
98 #define DST_FORCE_READ		0x1000000
99 #define DST_CAN_SIGN		0x010F
100 #define DST_NO_AUTHEN		0x8000
101 #define DST_EXTEND_FLAG         0x1000
102 #define DST_STANDARD		0
103 #define DST_PRIVATE             0x2000000
104 #define DST_PUBLIC              0x4000000
105 #define DST_RAND_SEMI           1
106 #define DST_RAND_STD            2
107 #define DST_RAND_KEY            3
108 #define DST_RAND_DSS            4
109 
110 
111 /* DST algorithm codes */
112 #define KEY_RSA			1
113 #define KEY_DH			2
114 #define KEY_DSA			3
115 #define KEY_PRIVATE		254
116 #define KEY_EXPAND		255
117 #define KEY_HMAC_MD5		157
118 #define KEY_HMAC_SHA1		158
119 #define UNKNOWN_KEYALG		0
120 #define DST_MAX_ALGS            KEY_HMAC_SHA1
121 
122 /* DST constants to locations in KEY record  changes in new KEY record */
123 #define DST_FLAGS_SIZE		2
124 #define DST_KEY_PROT		2
125 #define DST_KEY_ALG		3
126 #define DST_EXT_FLAG            4
127 #define DST_KEY_START		4
128 
129 #ifndef SIGN_F_NOKEY
130 #define SIGN_F_NOKEY		0xC000
131 #endif
132 
133 /* error codes from dst routines */
134 #define SIGN_INIT_FAILURE	(-23)
135 #define SIGN_UPDATE_FAILURE	(-24)
136 #define SIGN_FINAL_FAILURE	(-25)
137 #define VERIFY_INIT_FAILURE	(-26)
138 #define VERIFY_UPDATE_FAILURE	(-27)
139 #define VERIFY_FINAL_FAILURE	(-28)
140 #define MISSING_KEY_OR_SIGNATURE (-30)
141 #define UNSUPPORTED_KEYALG	(-31)
142 
143 #endif /* DST_H */
144