| blob | 536120acf0534446a9dec66ec114f1844c9a0127 |
1 /* $NetBSD: sign.h,v 1.1 2008/10/31 16:12:19 christos Exp $ */
3 /*-
4 * Copyright (c) 2008 The NetBSD Foundation, Inc.
5 * All rights reserved.
6 *
7 * This code is derived from software contributed to The NetBSD Foundation
8 * by Martin Schütte.
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 * 3. All advertising materials mentioning features or use of this software
19 * must display the following acknowledgement:
20 * This product includes software developed by the NetBSD
21 * Foundation, Inc. and its contributors.
22 * 4. Neither the name of The NetBSD Foundation nor the names of its
23 * contributors may be used to endorse or promote products derived
24 * from this software without specific prior written permission.
25 *
26 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
27 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
36 * POSSIBILITY OF SUCH DAMAGE.
37 */
38 /*
39 * sign.h
40 *
41 */
42 #ifndef SIGN_H_
43 #define SIGN_H_
45 #include <netinet/in.h>
46 #include <resolv.h>
47 #include <openssl/x509v3.h>
48 #include <openssl/err.h>
49 #include <openssl/rand.h>
50 #include <openssl/pem.h>
52 /* default Signature Group value,
53 * defines signature strategy:
54 * 0 one global SG
55 * 1 one SG per PRI
56 * 2 SGs for PRI ranges
57 * 3 other (SGs not defined by PRI)
58 *
59 * We use '3' and assign one SG to every destination (=struct filed)
60 */
61 #define SIGN_SG 3
63 /* maximum value for several counters in -sign */
64 #define SIGN_MAX_COUNT 9999999999
66 /*
67 * many of these options could be made user configurable if desired,
68 * but I do not see the need for that
69 */
71 /* redundancy options */
72 /*
73 * note on the implementation of redundancy:
74 * - certificate blocks: sending the first CB just before first SB.
75 * after that domark() triggers resends until resend count is reached.
76 * - signature blocks: to send every hash n times I use a sliding window.
77 * the hashes in every SB are grouped into n divisions:
78 * * the 1st hashcount/n hashes are sent for the 1st time
79 * * the 2nd hashcount/n hashes are sent for the 2nd time
80 * * ...
81 * * the n-th hashcount/n hashes are sent for the n-th time
82 * (and deleted thereafter)
83 */
84 #define SIGN_RESENDCOUNT_CERTBLOCK 2
85 #define SIGN_RESENDCOUNT_HASHES 3
87 /* maximum length of syslog-sign messages should be <= 2048 by standard
88 * and should be >= 1024 to be long enough.
89 * be careful with small values because there is no check for a lower bound
90 * thus the following derived values would become negative.
91 */
92 #define SIGN_MAX_LENGTH 2048
93 /* the length we can use for the SD and keep the
94 * message length with header below 2048 octets */
95 #define SIGN_MAX_SD_LENGTH (SIGN_MAX_LENGTH - 1 - HEADER_LEN_MAX)
96 /* length of signature, currently only for DSA */
97 #define SIGN_B64SIGLEN_DSS 64+1
98 /* the maximum length of one payload fragment:
99 * max.SD len - text - max. field lengths - sig len */
100 #define SIGN_MAX_FRAG_LENGTH (SIGN_MAX_SD_LENGTH - 82 - 38 - SIGN_B64SIGLEN_DSS)
101 /* the maximum length of one signature block:
102 * max.SD len - text - max. field lens - sig len */
103 #define SIGN_MAX_SB_LENGTH (SIGN_MAX_SD_LENGTH - 72 - 40 - SIGN_B64SIGLEN_DSS)
104 /* the maximum number of hashes pec signature block */
105 #define SIGN_MAX_HASH_NUM (SIGN_MAX_SB_LENGTH / (GlobalSign.md_len_b64+1))
106 /* number of hashes in one signature block */
107 #define SIGN_HASH_NUM_WANT 100
108 /* make sure to consider SIGN_MAX_HASH_NUM and
109 * to have a SIGN_HASH_NUM that is a multiple of SIGN_HASH_DIVISION_NUM */
110 #define SIGN_HASH_DIVISION_NUM (MIN(SIGN_HASH_NUM_WANT, SIGN_MAX_HASH_NUM) \
111 / SIGN_RESENDCOUNT_HASHES)
112 #define SIGN_HASH_NUM (SIGN_HASH_DIVISION_NUM * SIGN_RESENDCOUNT_HASHES)
114 /* the length of payload strings
115 * since the payload is fragmented there is no technical limit
116 * it just has to be big enough to hold big b64 encoded PKIX certificates
117 */
118 #define SIGN_MAX_PAYLOAD_LENGTH 20480
120 /* length of generated DSA keys for signing */
121 #define SIGN_GENCERT_BITS 1024
123 #define SSL_CHECK_ONE(exp) do { \
124 if ((exp) != 1) { \
126 ERR_error_string(ERR_get_error(), NULL)); \
127 return 1; \
128 } \
131 /* structs use uint_fast64_t in different places because the standard
132 * requires values in interval [0:9999999999 = SIGN_MAX_COUNT] */
134 /* queue of C-Strings (here used for hashes) */
139 };
142 /* queue of destinations (used associate SGs and fileds) */
146 };
149 /* queue of Signature Groups */
157 };
160 /* all global variables for sign */
161 /* note that there is one object of this type which might only be
162 * partially filled.
163 * The fields .sg and .sig2_delims are set by init() and are always
164 * valid. A value >0 in field .rsid indicates whether the rest of the
165 * structure was already set by sign_global_init().
166 */
168 /* params for signature block, named as in RFC nnnn */
188 };