Patrick Welche <prlw1@cam.ac.uk>
[netbsd-mini2440.git] / usr.sbin / syslogd / sign.h
blob536120acf0534446a9dec66ec114f1844c9a0127
1 /* $NetBSD: sign.h,v 1.1 2008/10/31 16:12:19 christos Exp $ */
3 /*-
4 * Copyright (c) 2008 The NetBSD Foundation, Inc.
5 * All rights reserved.
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Martin Schütte.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the NetBSD
21 * Foundation, Inc. and its contributors.
22 * 4. Neither the name of The NetBSD Foundation nor the names of its
23 * contributors may be used to endorse or promote products derived
24 * from this software without specific prior written permission.
26 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
27 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 * POSSIBILITY OF SUCH DAMAGE.
39 * sign.h
42 #ifndef SIGN_H_
43 #define SIGN_H_
45 #include <netinet/in.h>
46 #include <resolv.h>
47 #include <openssl/x509v3.h>
48 #include <openssl/err.h>
49 #include <openssl/rand.h>
50 #include <openssl/pem.h>
52 /* default Signature Group value,
53 * defines signature strategy:
54 * 0 one global SG
55 * 1 one SG per PRI
56 * 2 SGs for PRI ranges
57 * 3 other (SGs not defined by PRI)
59 * We use '3' and assign one SG to every destination (=struct filed)
61 #define SIGN_SG 3
63 /* maximum value for several counters in -sign */
64 #define SIGN_MAX_COUNT 9999999999
67 * many of these options could be made user configurable if desired,
68 * but I do not see the need for that
71 /* redundancy options */
73 * note on the implementation of redundancy:
74 * - certificate blocks: sending the first CB just before first SB.
75 * after that domark() triggers resends until resend count is reached.
76 * - signature blocks: to send every hash n times I use a sliding window.
77 * the hashes in every SB are grouped into n divisions:
78 * * the 1st hashcount/n hashes are sent for the 1st time
79 * * the 2nd hashcount/n hashes are sent for the 2nd time
80 * * ...
81 * * the n-th hashcount/n hashes are sent for the n-th time
82 * (and deleted thereafter)
84 #define SIGN_RESENDCOUNT_CERTBLOCK 2
85 #define SIGN_RESENDCOUNT_HASHES 3
87 /* maximum length of syslog-sign messages should be <= 2048 by standard
88 * and should be >= 1024 to be long enough.
89 * be careful with small values because there is no check for a lower bound
90 * thus the following derived values would become negative.
92 #define SIGN_MAX_LENGTH 2048
93 /* the length we can use for the SD and keep the
94 * message length with header below 2048 octets */
95 #define SIGN_MAX_SD_LENGTH (SIGN_MAX_LENGTH - 1 - HEADER_LEN_MAX)
96 /* length of signature, currently only for DSA */
97 #define SIGN_B64SIGLEN_DSS 64+1
98 /* the maximum length of one payload fragment:
99 * max.SD len - text - max. field lengths - sig len */
100 #define SIGN_MAX_FRAG_LENGTH (SIGN_MAX_SD_LENGTH - 82 - 38 - SIGN_B64SIGLEN_DSS)
101 /* the maximum length of one signature block:
102 * max.SD len - text - max. field lens - sig len */
103 #define SIGN_MAX_SB_LENGTH (SIGN_MAX_SD_LENGTH - 72 - 40 - SIGN_B64SIGLEN_DSS)
104 /* the maximum number of hashes pec signature block */
105 #define SIGN_MAX_HASH_NUM (SIGN_MAX_SB_LENGTH / (GlobalSign.md_len_b64+1))
106 /* number of hashes in one signature block */
107 #define SIGN_HASH_NUM_WANT 100
108 /* make sure to consider SIGN_MAX_HASH_NUM and
109 * to have a SIGN_HASH_NUM that is a multiple of SIGN_HASH_DIVISION_NUM */
110 #define SIGN_HASH_DIVISION_NUM (MIN(SIGN_HASH_NUM_WANT, SIGN_MAX_HASH_NUM) \
111 / SIGN_RESENDCOUNT_HASHES)
112 #define SIGN_HASH_NUM (SIGN_HASH_DIVISION_NUM * SIGN_RESENDCOUNT_HASHES)
114 /* the length of payload strings
115 * since the payload is fragmented there is no technical limit
116 * it just has to be big enough to hold big b64 encoded PKIX certificates
118 #define SIGN_MAX_PAYLOAD_LENGTH 20480
120 /* length of generated DSA keys for signing */
121 #define SIGN_GENCERT_BITS 1024
123 #define SSL_CHECK_ONE(exp) do { \
124 if ((exp) != 1) { \
125 DPRINTF(D_SIGN, #exp " failed in %d: %s\n", __LINE__, \
126 ERR_error_string(ERR_get_error(), NULL)); \
127 return 1; \
129 } while (/*CONSTCOND*/0)
131 /* structs use uint_fast64_t in different places because the standard
132 * requires values in interval [0:9999999999 = SIGN_MAX_COUNT] */
134 /* queue of C-Strings (here used for hashes) */
135 struct string_queue {
136 uint_fast64_t key;
137 char *data;
138 STAILQ_ENTRY(string_queue) entries;
140 STAILQ_HEAD(string_queue_head, string_queue);
142 /* queue of destinations (used associate SGs and fileds) */
143 struct filed_queue {
144 struct filed *f;
145 STAILQ_ENTRY(filed_queue) entries;
147 STAILQ_HEAD(filed_queue_head, filed_queue);
149 /* queue of Signature Groups */
150 struct signature_group_t {
151 unsigned spri;
152 unsigned resendcount;
153 uint_fast64_t last_msg_num;
154 struct string_queue_head hashes;
155 struct filed_queue_head files;
156 STAILQ_ENTRY(signature_group_t) entries;
158 STAILQ_HEAD(signature_group_head, signature_group_t);
160 /* all global variables for sign */
161 /* note that there is one object of this type which might only be
162 * partially filled.
163 * The fields .sg and .sig2_delims are set by init() and are always
164 * valid. A value >0 in field .rsid indicates whether the rest of the
165 * structure was already set by sign_global_init().
167 struct sign_global_t {
168 /* params for signature block, named as in RFC nnnn */
169 const char *ver;
170 uint_fast64_t rsid;
171 int sg;
172 uint_fast64_t gbc;
173 struct signature_group_head SigGroups;
174 struct string_queue_head sig2_delims;
176 EVP_PKEY *privkey;
177 EVP_PKEY *pubkey;
178 char *pubkey_b64;
179 char keytype;
181 EVP_MD_CTX *mdctx; /* hashing context */
182 const EVP_MD *md; /* hashing method/algorithm */
183 unsigned md_len_b64; /* length of b64 hash value */
185 EVP_MD_CTX *sigctx; /* signature context */
186 const EVP_MD *sig; /* signature method/algorithm */
187 unsigned sig_len_b64; /* length of b64 signature */
190 bool sign_global_init(struct filed*);
191 bool sign_sg_init(struct filed*);
192 bool sign_get_keys(void);
193 void sign_global_free(void);
194 struct signature_group_t* sign_get_sg(int, struct filed*);
195 bool sign_send_certificate_block(struct signature_group_t*);
196 unsigned sign_send_signature_block(struct signature_group_t*, bool);
197 void sign_free_hashes(struct signature_group_t*);
198 void sign_free_string_queue(struct string_queue_head*);
199 bool sign_msg_hash(char*, char**);
200 bool sign_append_hash(char*, struct signature_group_t*);
201 bool sign_msg_sign(struct buf_msg**, char*, size_t);
202 bool sign_string_sign(char*, char**);
203 void sign_new_reboot_session(void);
204 void sign_inc_gbc(void);
205 uint_fast64_t sign_assign_msg_num(struct signature_group_t*);
207 #endif /* SIGN_H_ */