search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Patrick Welche <prlw1@cam.ac.uk>
[netbsd-mini2440.git] / external / bsd / ntp / dist / include / ntp_crypto.h
blobd6d06f21db36aefa3e6d50ab39af13bf2cde13a5
1 /* $NetBSD$ */
2
3 /*
4 * ntp_crypto.h - definitions for cryptographic operations
5 */
6 #ifndef NTP_CRYPTO_H
7 #define NTP_CRYPTO_H
8
9 /*
10 * Configuration codes (also needed for parser without OPENSSL)
11 */
12 #define CRYPTO_CONF_NONE 0 /* nothing doing */
13 #define CRYPTO_CONF_PRIV 1 /* host keys file name */
14 #define CRYPTO_CONF_SIGN 2 /* signature keys file name */
15 #define CRYPTO_CONF_CERT 3 /* certificate file name */
16 #define CRYPTO_CONF_RAND 4 /* random seed file name */
17 #define CRYPTO_CONF_IFFPAR 5 /* IFF parameters file name */
18 #define CRYPTO_CONF_GQPAR 6 /* GQ parameters file name */
19 #define CRYPTO_CONF_MVPAR 7 /* MV parameters file name */
20 #define CRYPTO_CONF_PW 8 /* private key password */
21 #define CRYPTO_CONF_IDENT 9 /* specify identity scheme */
22 #define CRYPTO_CONF_NID 10 /* specify digest name */
23
24 #ifdef OPENSSL
25 #include "openssl/evp.h"
26
27 /*
28 * The following bits are set by the CRYPTO_ASSOC message from
29 * the server and are not modified by the client.
30 */
31 #define CRYPTO_FLAG_ENAB 0x0001 /* crypto enable */
32 #define CRYPTO_FLAG_TAI 0x0002 /* leapseconds table */
33
34 #define CRYPTO_FLAG_PRIV 0x0010 /* PC identity scheme */
35 #define CRYPTO_FLAG_IFF 0x0020 /* IFF identity scheme */
36 #define CRYPTO_FLAG_GQ 0x0040 /* GQ identity scheme */
37 #define CRYPTO_FLAG_MV 0x0080 /* MV identity scheme */
38 #define CRYPTO_FLAG_MASK 0x00f0 /* identity scheme mask */
39
40 /*
41 * The following bits are used by the client during the protocol
42 * exchange.
43 */
44 #define CRYPTO_FLAG_CERT 0x0100 /* public key verified */
45 #define CRYPTO_FLAG_VRFY 0x0200 /* identity verified */
46 #define CRYPTO_FLAG_PROV 0x0400 /* signature verified */
47 #define CRYPTO_FLAG_COOK 0x0800 /* cookie verifed */
48 #define CRYPTO_FLAG_AUTO 0x1000 /* autokey verified */
49 #define CRYPTO_FLAG_SIGN 0x2000 /* certificate signed */
50 #define CRYPTO_FLAG_LEAP 0x4000 /* leapsecond values verified */
51 #define CRYPTO_FLAG_ALL 0x7f00 /* all mask */
52
53 /*
54 * Flags used for certificate management
55 */
56 #define CERT_TRUST 0x01 /* certificate is trusted */
57 #define CERT_SIGN 0x02 /* certificate is signed */
58 #define CERT_VALID 0x04 /* certificate is valid */
59 #define CERT_PRIV 0x08 /* certificate is private */
60 #define CERT_ERROR 0x80 /* certificate has errors */
61
62 /*
63 * Extension field definitions
64 */
65 #define CRYPTO_MAXLEN 1024 /* max extension field length */
66 #define CRYPTO_VN 2 /* current protocol version number */
67 #define CRYPTO_CMD(x) (((CRYPTO_VN << 8) | (x)) << 16)
68 #define CRYPTO_NULL CRYPTO_CMD(0) /* no operation */
69 #define CRYPTO_ASSOC CRYPTO_CMD(1) /* association */
70 #define CRYPTO_CERT CRYPTO_CMD(2) /* certificate */
71 #define CRYPTO_COOK CRYPTO_CMD(3) /* cookie value */
72 #define CRYPTO_AUTO CRYPTO_CMD(4) /* autokey values */
73 #define CRYPTO_LEAP CRYPTO_CMD(5) /* leapsecond values */
74 #define CRYPTO_SIGN CRYPTO_CMD(6) /* certificate sign */
75 #define CRYPTO_IFF CRYPTO_CMD(7) /* IFF identity scheme */
76 #define CRYPTO_GQ CRYPTO_CMD(8) /* GQ identity scheme */
77 #define CRYPTO_MV CRYPTO_CMD(9) /* MV identity scheme */
78 #define CRYPTO_RESP 0x80000000 /* response */
79 #define CRYPTO_ERROR 0x40000000 /* error */
80
81 /*
82 * Autokey event codes
83 */
84 #define XEVNT_CMD(x) (CRPT_EVENT | (x))
85 #define XEVNT_OK XEVNT_CMD(0) /* success */
86 #define XEVNT_LEN XEVNT_CMD(1) /* bad field format or length */
87 #define XEVNT_TSP XEVNT_CMD(2) /* bad timestamp */
88 #define XEVNT_FSP XEVNT_CMD(3) /* bad filestamp */
89 #define XEVNT_PUB XEVNT_CMD(4) /* bad or missing public key */
90 #define XEVNT_MD XEVNT_CMD(5) /* unsupported digest type */
91 #define XEVNT_KEY XEVNT_CMD(6) /* unsupported identity type */
92 #define XEVNT_SGL XEVNT_CMD(7) /* bad signature length */
93 #define XEVNT_SIG XEVNT_CMD(8) /* signature not verified */
94 #define XEVNT_VFY XEVNT_CMD(9) /* certificate not verified */
95 #define XEVNT_PER XEVNT_CMD(10) /* host certificate expired */
96 #define XEVNT_CKY XEVNT_CMD(11) /* bad or missing cookie */
97 #define XEVNT_DAT XEVNT_CMD(12) /* bad or missing leapseconds */
98 #define XEVNT_CRT XEVNT_CMD(13) /* bad or missing certificate */
99 #define XEVNT_ID XEVNT_CMD(14) /* bad or missing group key */
100 #define XEVNT_ERR XEVNT_CMD(15) /* protocol error */
101
102 /*
103 * Miscellaneous crypto stuff
104 */
105 #define NTP_MAXSESSION 100 /* maximum session key list entries */
106 #define NTP_MAXEXTEN 2048 /* maximum extension field size */
107 #define NTP_AUTOMAX 12 /* default key list timeout (log2 s) */
108 #define KEY_REVOKE 17 /* default key revoke timeout (log2 s) */
109 #define NTP_REFRESH 19 /* default restart timeout (log2 s) */
110 #define NTP_MAXKEY 65535 /* maximum symmetric key ID */
111
112 /*
113 * The autokey structure holds the values used to authenticate key IDs.
114 */
115 struct autokey { /* network byte order */
116 keyid_t key; /* key ID */
117 int32 seq; /* key number */
118 };
119
120 /*
121 * The value structure holds variable length data such as public
122 * key, agreement parameters, public valule and leapsecond table.
123 * They are in network byte order.
124 */
125 struct value { /* network byte order */
126 tstamp_t tstamp; /* timestamp */
127 tstamp_t fstamp; /* filestamp */
128 u_int32 vallen; /* value length */
129 u_char *ptr; /* data pointer (various) */
130 u_int32 siglen; /* signature length */
131 u_char *sig; /* signature */
132 };
133
134 /*
135 * The packet extension field structures are used to hold values
136 * and signatures in network byte order.
137 */
138 struct exten {
139 u_int32 opcode; /* opcode */
140 u_int32 associd; /* association ID */
141 u_int32 tstamp; /* timestamp */
142 u_int32 fstamp; /* filestamp */
143 u_int32 vallen; /* value length */
144 u_int32 pkt[1]; /* start of value field */
145 };
146
147 /*
148 * The certificate info/value structure
149 */
150 struct cert_info {
151 struct cert_info *link; /* forward link */
152 u_int flags; /* flags that wave */
153 EVP_PKEY *pkey; /* generic key */
154 long version; /* X509 version */
155 int nid; /* signature/digest ID */
156 const EVP_MD *digest; /* message digest algorithm */
157 u_long serial; /* serial number */
158 tstamp_t first; /* not valid before */
159 tstamp_t last; /* not valid after */
160 char *subject; /* subject common name */
161 char *issuer; /* issuer common name */
162 BIGNUM *grpkey; /* GQ group key */
163 struct value cert; /* certificate/value */
164 };
165
166 /*
167 * The keys info/value structure
168 */
169 struct pkey_info {
170 struct pkey_info *link; /* forward link */
171 EVP_PKEY *pkey; /* generic key */
172 char *name; /* file name */
173 tstamp_t fstamp; /* filestamp */
174 };
175
176 /*
177 * Cryptographic values
178 */
179 extern u_int crypto_flags; /* status word */
180 extern int crypto_nid; /* digest nid */
181 extern struct value hostval; /* host name/value */
182 extern struct cert_info *cinfo; /* host certificate information */
183 extern struct value tai_leap; /* leapseconds table */
184 #endif /* OPENSSL */
185 #endif /* NTP_CRYPTO_H */
NetBSD on the FriendlyARM MINI2440