external/bsd/bind/dist/lib/dns/dst_internal.h

   1 /*      $NetBSD$        */
   2
   3 /*
   4  * Portions Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
   5  * Portions Copyright (C) 2000-2002  Internet Software Consortium.
   6  *
   7  * Permission to use, copy, modify, and/or distribute this software for any
   8  * purpose with or without fee is hereby granted, provided that the above
   9  * copyright notice and this permission notice appear in all copies.
  10  *
  11  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
  12  * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
  13  * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
  14  * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  15  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  16  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
  17  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  18  *
  19  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
  20  *
  21  * Permission to use, copy, modify, and/or distribute this software for any
  22  * purpose with or without fee is hereby granted, provided that the above
  23  * copyright notice and this permission notice appear in all copies.
  24  *
  25  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
  26  * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
  27  * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
  28  * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  29  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  30  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
  31  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  32  */
  33
  34 /* Id: dst_internal.h,v 1.23 2009/10/27 22:25:37 marka Exp */
  35
  36 #ifndef DST_DST_INTERNAL_H
  37 #define DST_DST_INTERNAL_H 1
  38
  39 #include <isc/lang.h>
  40 #include <isc/buffer.h>
  41 #include <isc/int.h>
  42 #include <isc/magic.h>
  43 #include <isc/region.h>
  44 #include <isc/types.h>
  45 #include <isc/md5.h>
  46 #include <isc/sha1.h>
  47 #include <isc/sha2.h>
  48 #include <isc/stdtime.h>
  49 #include <isc/hmacmd5.h>
  50 #include <isc/hmacsha.h>
  51
  52 #include <dns/time.h>
  53
  54 #include <dst/dst.h>
  55
  56 #ifdef OPENSSL
  57 #include <openssl/dh.h>
  58 #include <openssl/dsa.h>
  59 #include <openssl/err.h>
  60 #include <openssl/evp.h>
  61 #include <openssl/objects.h>
  62 #include <openssl/rsa.h>
  63 #endif
  64
  65 ISC_LANG_BEGINDECLS
  66
  67 #define KEY_MAGIC       ISC_MAGIC('D','S','T','K')
  68 #define CTX_MAGIC       ISC_MAGIC('D','S','T','C')
  69
  70 #define VALID_KEY(x) ISC_MAGIC_VALID(x, KEY_MAGIC)
  71 #define VALID_CTX(x) ISC_MAGIC_VALID(x, CTX_MAGIC)
  72
  73 extern isc_mem_t *dst__memory_pool;
  74
  75 /***
  76  *** Types
  77  ***/
  78
  79 typedef struct dst_func dst_func_t;
  80
  81 typedef struct dst_hmacmd5_key    dst_hmacmd5_key_t;
  82 typedef struct dst_hmacsha1_key   dst_hmacsha1_key_t;
  83 typedef struct dst_hmacsha224_key dst_hmacsha224_key_t;
  84 typedef struct dst_hmacsha256_key dst_hmacsha256_key_t;
  85 typedef struct dst_hmacsha384_key dst_hmacsha384_key_t;
  86 typedef struct dst_hmacsha512_key dst_hmacsha512_key_t;
  87
  88 /*% DST Key Structure */
  89 struct dst_key {
  90         unsigned int    magic;
  91         dns_name_t *    key_name;       /*%< name of the key */
  92         unsigned int    key_size;       /*%< size of the key in bits */
  93         unsigned int    key_proto;      /*%< protocols this key is used for */
  94         unsigned int    key_alg;        /*%< algorithm of the key */
  95         isc_uint32_t    key_flags;      /*%< flags of the public key */
  96         isc_uint16_t    key_id;         /*%< identifier of the key */
  97         isc_uint16_t    key_bits;       /*%< hmac digest bits */
  98         dns_rdataclass_t key_class;     /*%< class of the key record */
  99         isc_mem_t       *mctx;          /*%< memory context */
 100         char            *engine;        /*%< engine name (HSM) */
 101         char            *label;         /*%< engine label (HSM) */
 102         union {
 103                 void *generic;
 104                 gss_ctx_id_t gssctx;
 105 #ifdef OPENSSL
 106 #if !defined(USE_EVP) || !USE_EVP
 107                 RSA *rsa;
 108 #endif
 109                 DSA *dsa;
 110                 DH *dh;
 111                 EVP_PKEY *pkey;
 112 #endif
 113                 dst_hmacmd5_key_t *hmacmd5;
 114                 dst_hmacsha1_key_t *hmacsha1;
 115                 dst_hmacsha224_key_t *hmacsha224;
 116                 dst_hmacsha256_key_t *hmacsha256;
 117                 dst_hmacsha384_key_t *hmacsha384;
 118                 dst_hmacsha512_key_t *hmacsha512;
 119
 120         } keydata;                      /*%< pointer to key in crypto pkg fmt */
 121
 122         isc_stdtime_t   times[DST_MAX_TIMES + 1];    /*%< timing metadata */
 123         isc_boolean_t   timeset[DST_MAX_TIMES + 1];  /*%< data set? */
 124         isc_stdtime_t   nums[DST_MAX_NUMERIC + 1];   /*%< numeric metadata */
 125         isc_boolean_t   numset[DST_MAX_NUMERIC + 1]; /*%< data set? */
 126
 127         int             fmt_major;     /*%< private key format, major version */
 128         int             fmt_minor;     /*%< private key format, minor version */
 129
 130         dst_func_t *    func;          /*%< crypto package specific functions */
 131 };
 132
 133 struct dst_context {
 134         unsigned int magic;
 135         dst_key_t *key;
 136         isc_mem_t *mctx;
 137         union {
 138                 void *generic;
 139                 dst_gssapi_signverifyctx_t *gssctx;
 140                 isc_md5_t *md5ctx;
 141                 isc_sha1_t *sha1ctx;
 142                 isc_sha256_t *sha256ctx;
 143                 isc_sha512_t *sha512ctx;
 144                 isc_hmacmd5_t *hmacmd5ctx;
 145                 isc_hmacsha1_t *hmacsha1ctx;
 146                 isc_hmacsha224_t *hmacsha224ctx;
 147                 isc_hmacsha256_t *hmacsha256ctx;
 148                 isc_hmacsha384_t *hmacsha384ctx;
 149                 isc_hmacsha512_t *hmacsha512ctx;
 150 #ifdef OPENSSL
 151                 EVP_MD_CTX *evp_md_ctx;
 152 #endif
 153         } ctxdata;
 154 };
 155
 156 struct dst_func {
 157         /*
 158          * Context functions
 159          */
 160         isc_result_t (*createctx)(dst_key_t *key, dst_context_t *dctx);
 161         void (*destroyctx)(dst_context_t *dctx);
 162         isc_result_t (*adddata)(dst_context_t *dctx, const isc_region_t *data);
 163
 164         /*
 165          * Key operations
 166          */
 167         isc_result_t (*sign)(dst_context_t *dctx, isc_buffer_t *sig);
 168         isc_result_t (*verify)(dst_context_t *dctx, const isc_region_t *sig);
 169         isc_result_t (*computesecret)(const dst_key_t *pub,
 170                                       const dst_key_t *priv,
 171                                       isc_buffer_t *secret);
 172         isc_boolean_t (*compare)(const dst_key_t *key1, const dst_key_t *key2);
 173         isc_boolean_t (*paramcompare)(const dst_key_t *key1,
 174                                       const dst_key_t *key2);
 175         isc_result_t (*generate)(dst_key_t *key, int parms,
 176                                  void (*callback)(int));
 177         isc_boolean_t (*isprivate)(const dst_key_t *key);
 178         void (*destroy)(dst_key_t *key);
 179
 180         /* conversion functions */
 181         isc_result_t (*todns)(const dst_key_t *key, isc_buffer_t *data);
 182         isc_result_t (*fromdns)(dst_key_t *key, isc_buffer_t *data);
 183         isc_result_t (*tofile)(const dst_key_t *key, const char *directory);
 184         isc_result_t (*parse)(dst_key_t *key,
 185                               isc_lex_t *lexer,
 186                               dst_key_t *pub);
 187
 188         /* cleanup */
 189         void (*cleanup)(void);
 190
 191         isc_result_t (*fromlabel)(dst_key_t *key, const char *engine,
 192                                   const char *label, const char *pin);
 193 };
 194
 195 /*%
 196  * Initializers
 197  */
 198 isc_result_t dst__openssl_init(const char *engine);
 199
 200 isc_result_t dst__hmacmd5_init(struct dst_func **funcp);
 201 isc_result_t dst__hmacsha1_init(struct dst_func **funcp);
 202 isc_result_t dst__hmacsha224_init(struct dst_func **funcp);
 203 isc_result_t dst__hmacsha256_init(struct dst_func **funcp);
 204 isc_result_t dst__hmacsha384_init(struct dst_func **funcp);
 205 isc_result_t dst__hmacsha512_init(struct dst_func **funcp);
 206 isc_result_t dst__opensslrsa_init(struct dst_func **funcp,
 207                                   unsigned char algorithm);
 208 isc_result_t dst__openssldsa_init(struct dst_func **funcp);
 209 isc_result_t dst__openssldh_init(struct dst_func **funcp);
 210 isc_result_t dst__gssapi_init(struct dst_func **funcp);
 211
 212 /*%
 213  * Destructors
 214  */
 215 void dst__openssl_destroy(void);
 216
 217 /*%
 218  * Memory allocators using the DST memory pool.
 219  */
 220 void * dst__mem_alloc(size_t size);
 221 void   dst__mem_free(void *ptr);
 222 void * dst__mem_realloc(void *ptr, size_t size);
 223
 224 /*%
 225  * Entropy retriever using the DST entropy pool.
 226  */
 227 isc_result_t dst__entropy_getdata(void *buf, unsigned int len,
 228                                   isc_boolean_t pseudo);
 229
 230 /*
 231  * Entropy status hook.
 232  */
 233 unsigned int dst__entropy_status(void);
 234
 235 ISC_LANG_ENDDECLS
 236
 237 #endif /* DST_DST_INTERNAL_H */
 238 /*! \file */