Annotation of embedaddon/ntp/include/ntp_crypto.h, revision 1.1
1.1 ! misho 1: /*
! 2: * ntp_crypto.h - definitions for cryptographic operations
! 3: */
! 4: #ifndef NTP_CRYPTO_H
! 5: #define NTP_CRYPTO_H
! 6:
! 7: /*
! 8: * Configuration codes (also needed for parser without OPENSSL)
! 9: */
! 10: #define CRYPTO_CONF_NONE 0 /* nothing doing */
! 11: #define CRYPTO_CONF_PRIV 1 /* host keys file name */
! 12: #define CRYPTO_CONF_SIGN 2 /* signature keys file name */
! 13: #define CRYPTO_CONF_CERT 3 /* certificate file name */
! 14: #define CRYPTO_CONF_RAND 4 /* random seed file name */
! 15: #define CRYPTO_CONF_IFFPAR 5 /* IFF parameters file name */
! 16: #define CRYPTO_CONF_GQPAR 6 /* GQ parameters file name */
! 17: #define CRYPTO_CONF_MVPAR 7 /* MV parameters file name */
! 18: #define CRYPTO_CONF_PW 8 /* private key password */
! 19: #define CRYPTO_CONF_IDENT 9 /* specify identity scheme */
! 20: #define CRYPTO_CONF_NID 10 /* specify digest name */
! 21:
! 22: #ifdef OPENSSL
! 23: #include "openssl/evp.h"
! 24:
! 25: /*
! 26: * The following bits are set by the CRYPTO_ASSOC message from
! 27: * the server and are not modified by the client.
! 28: */
! 29: #define CRYPTO_FLAG_ENAB 0x0001 /* crypto enable */
! 30: #define CRYPTO_FLAG_TAI 0x0002 /* leapseconds table */
! 31:
! 32: #define CRYPTO_FLAG_PRIV 0x0010 /* PC identity scheme */
! 33: #define CRYPTO_FLAG_IFF 0x0020 /* IFF identity scheme */
! 34: #define CRYPTO_FLAG_GQ 0x0040 /* GQ identity scheme */
! 35: #define CRYPTO_FLAG_MV 0x0080 /* MV identity scheme */
! 36: #define CRYPTO_FLAG_MASK 0x00f0 /* identity scheme mask */
! 37:
! 38: /*
! 39: * The following bits are used by the client during the protocol
! 40: * exchange.
! 41: */
! 42: #define CRYPTO_FLAG_CERT 0x0100 /* public key verified */
! 43: #define CRYPTO_FLAG_VRFY 0x0200 /* identity verified */
! 44: #define CRYPTO_FLAG_PROV 0x0400 /* signature verified */
! 45: #define CRYPTO_FLAG_COOK 0x0800 /* cookie verifed */
! 46: #define CRYPTO_FLAG_AUTO 0x1000 /* autokey verified */
! 47: #define CRYPTO_FLAG_SIGN 0x2000 /* certificate signed */
! 48: #define CRYPTO_FLAG_LEAP 0x4000 /* leapsecond values verified */
! 49: #define CRYPTO_FLAG_ALL 0x7f00 /* all mask */
! 50:
! 51: /*
! 52: * Flags used for certificate management
! 53: */
! 54: #define CERT_TRUST 0x01 /* certificate is trusted */
! 55: #define CERT_SIGN 0x02 /* certificate is signed */
! 56: #define CERT_VALID 0x04 /* certificate is valid */
! 57: #define CERT_PRIV 0x08 /* certificate is private */
! 58: #define CERT_ERROR 0x80 /* certificate has errors */
! 59:
! 60: /*
! 61: * Extension field definitions
! 62: */
! 63: #define CRYPTO_MAXLEN 1024 /* max extension field length */
! 64: #define CRYPTO_VN 2 /* current protocol version number */
! 65: #define CRYPTO_CMD(x) (((CRYPTO_VN << 8) | (x)) << 16)
! 66: #define CRYPTO_NULL CRYPTO_CMD(0) /* no operation */
! 67: #define CRYPTO_ASSOC CRYPTO_CMD(1) /* association */
! 68: #define CRYPTO_CERT CRYPTO_CMD(2) /* certificate */
! 69: #define CRYPTO_COOK CRYPTO_CMD(3) /* cookie value */
! 70: #define CRYPTO_AUTO CRYPTO_CMD(4) /* autokey values */
! 71: #define CRYPTO_LEAP CRYPTO_CMD(5) /* leapsecond values */
! 72: #define CRYPTO_SIGN CRYPTO_CMD(6) /* certificate sign */
! 73: #define CRYPTO_IFF CRYPTO_CMD(7) /* IFF identity scheme */
! 74: #define CRYPTO_GQ CRYPTO_CMD(8) /* GQ identity scheme */
! 75: #define CRYPTO_MV CRYPTO_CMD(9) /* MV identity scheme */
! 76: #define CRYPTO_RESP 0x80000000 /* response */
! 77: #define CRYPTO_ERROR 0x40000000 /* error */
! 78:
! 79: /*
! 80: * Autokey event codes
! 81: */
! 82: #define XEVNT_CMD(x) (CRPT_EVENT | (x))
! 83: #define XEVNT_OK XEVNT_CMD(0) /* success */
! 84: #define XEVNT_LEN XEVNT_CMD(1) /* bad field format or length */
! 85: #define XEVNT_TSP XEVNT_CMD(2) /* bad timestamp */
! 86: #define XEVNT_FSP XEVNT_CMD(3) /* bad filestamp */
! 87: #define XEVNT_PUB XEVNT_CMD(4) /* bad or missing public key */
! 88: #define XEVNT_MD XEVNT_CMD(5) /* unsupported digest type */
! 89: #define XEVNT_KEY XEVNT_CMD(6) /* unsupported identity type */
! 90: #define XEVNT_SGL XEVNT_CMD(7) /* bad signature length */
! 91: #define XEVNT_SIG XEVNT_CMD(8) /* signature not verified */
! 92: #define XEVNT_VFY XEVNT_CMD(9) /* certificate not verified */
! 93: #define XEVNT_PER XEVNT_CMD(10) /* host certificate expired */
! 94: #define XEVNT_CKY XEVNT_CMD(11) /* bad or missing cookie */
! 95: #define XEVNT_DAT XEVNT_CMD(12) /* bad or missing leapseconds */
! 96: #define XEVNT_CRT XEVNT_CMD(13) /* bad or missing certificate */
! 97: #define XEVNT_ID XEVNT_CMD(14) /* bad or missing group key */
! 98: #define XEVNT_ERR XEVNT_CMD(15) /* protocol error */
! 99:
! 100: /*
! 101: * Miscellaneous crypto stuff
! 102: */
! 103: #define NTP_MAXSESSION 100 /* maximum session key list entries */
! 104: #define NTP_MAXEXTEN 2048 /* maximum extension field size */
! 105: #define NTP_AUTOMAX 12 /* default key list timeout (log2 s) */
! 106: #define KEY_REVOKE 17 /* default key revoke timeout (log2 s) */
! 107: #define NTP_REFRESH 19 /* default restart timeout (log2 s) */
! 108: #define NTP_MAXKEY 65535 /* maximum symmetric key ID */
! 109:
! 110: /*
! 111: * The autokey structure holds the values used to authenticate key IDs.
! 112: */
! 113: struct autokey { /* network byte order */
! 114: keyid_t key; /* key ID */
! 115: int32 seq; /* key number */
! 116: };
! 117:
! 118: /*
! 119: * The value structure holds variable length data such as public
! 120: * key, agreement parameters, public valule and leapsecond table.
! 121: * They are in network byte order.
! 122: */
! 123: struct value { /* network byte order */
! 124: tstamp_t tstamp; /* timestamp */
! 125: tstamp_t fstamp; /* filestamp */
! 126: u_int32 vallen; /* value length */
! 127: u_char *ptr; /* data pointer (various) */
! 128: u_int32 siglen; /* signature length */
! 129: u_char *sig; /* signature */
! 130: };
! 131:
! 132: /*
! 133: * The packet extension field structures are used to hold values
! 134: * and signatures in network byte order.
! 135: */
! 136: struct exten {
! 137: u_int32 opcode; /* opcode */
! 138: u_int32 associd; /* association ID */
! 139: u_int32 tstamp; /* timestamp */
! 140: u_int32 fstamp; /* filestamp */
! 141: u_int32 vallen; /* value length */
! 142: u_int32 pkt[1]; /* start of value field */
! 143: };
! 144:
! 145: /*
! 146: * The certificate info/value structure
! 147: */
! 148: struct cert_info {
! 149: struct cert_info *link; /* forward link */
! 150: u_int flags; /* flags that wave */
! 151: EVP_PKEY *pkey; /* generic key */
! 152: long version; /* X509 version */
! 153: int nid; /* signature/digest ID */
! 154: const EVP_MD *digest; /* message digest algorithm */
! 155: u_long serial; /* serial number */
! 156: tstamp_t first; /* not valid before */
! 157: tstamp_t last; /* not valid after */
! 158: char *subject; /* subject common name */
! 159: char *issuer; /* issuer common name */
! 160: BIGNUM *grpkey; /* GQ group key */
! 161: struct value cert; /* certificate/value */
! 162: };
! 163:
! 164: /*
! 165: * The keys info/value structure
! 166: */
! 167: struct pkey_info {
! 168: struct pkey_info *link; /* forward link */
! 169: EVP_PKEY *pkey; /* generic key */
! 170: char *name; /* file name */
! 171: tstamp_t fstamp; /* filestamp */
! 172: };
! 173:
! 174: /*
! 175: * Cryptographic values
! 176: */
! 177: extern u_int crypto_flags; /* status word */
! 178: extern int crypto_nid; /* digest nid */
! 179: extern struct value hostval; /* host name/value */
! 180: extern struct cert_info *cinfo; /* host certificate information */
! 181: extern struct value tai_leap; /* leapseconds table */
! 182: #endif /* OPENSSL */
! 183: #endif /* NTP_CRYPTO_H */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>