Return to ntp_crypto.h CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / ntp / include

Annotation of embedaddon/ntp/include/ntp_crypto.h, revision 1.1

1.1     ! misho       1: /*
        !             2:  * ntp_crypto.h - definitions for cryptographic operations
        !             3:  */
        !             4: #ifndef NTP_CRYPTO_H
        !             5: #define NTP_CRYPTO_H
        !             6: 
        !             7: /*
        !             8:  * Configuration codes (also needed for parser without OPENSSL)
        !             9:  */
        !            10: #define CRYPTO_CONF_NONE  0    /* nothing doing */
        !            11: #define CRYPTO_CONF_PRIV  1    /* host keys file name */
        !            12: #define CRYPTO_CONF_SIGN  2    /* signature keys file name */
        !            13: #define CRYPTO_CONF_CERT  3    /* certificate file name */
        !            14: #define CRYPTO_CONF_RAND  4    /* random seed file name */
        !            15: #define CRYPTO_CONF_IFFPAR 5   /* IFF parameters file name */
        !            16: #define CRYPTO_CONF_GQPAR 6    /* GQ parameters file name */
        !            17: #define        CRYPTO_CONF_MVPAR 7     /* MV parameters file name */
        !            18: #define CRYPTO_CONF_PW   8     /* private key password */
        !            19: #define        CRYPTO_CONF_IDENT 9     /* specify identity scheme */
        !            20: #define        CRYPTO_CONF_NID   10    /* specify digest name */
        !            21: 
        !            22: #ifdef OPENSSL
        !            23: #include "openssl/evp.h"
        !            24: 
        !            25: /*
        !            26:  * The following bits are set by the CRYPTO_ASSOC message from
        !            27:  * the server and are not modified by the client.
        !            28:  */
        !            29: #define CRYPTO_FLAG_ENAB  0x0001 /* crypto enable */
        !            30: #define CRYPTO_FLAG_TAI   0x0002 /* leapseconds table */
        !            31: 
        !            32: #define CRYPTO_FLAG_PRIV  0x0010 /* PC identity scheme */
        !            33: #define CRYPTO_FLAG_IFF   0x0020 /* IFF identity scheme */
        !            34: #define CRYPTO_FLAG_GQ   0x0040 /* GQ identity scheme */
        !            35: #define        CRYPTO_FLAG_MV    0x0080 /* MV identity scheme */
        !            36: #define CRYPTO_FLAG_MASK  0x00f0 /* identity scheme mask */
        !            37:        
        !            38: /*
        !            39:  * The following bits are used by the client during the protocol
        !            40:  * exchange.
        !            41:  */
        !            42: #define CRYPTO_FLAG_CERT  0x0100 /* public key verified */
        !            43: #define CRYPTO_FLAG_VRFY  0x0200 /* identity verified */
        !            44: #define CRYPTO_FLAG_PROV  0x0400 /* signature verified */
        !            45: #define CRYPTO_FLAG_COOK  0x0800 /* cookie verifed */
        !            46: #define CRYPTO_FLAG_AUTO  0x1000 /* autokey verified */
        !            47: #define CRYPTO_FLAG_SIGN  0x2000 /* certificate signed */
        !            48: #define CRYPTO_FLAG_LEAP  0x4000 /* leapsecond values verified */
        !            49: #define        CRYPTO_FLAG_ALL   0x7f00 /* all mask */
        !            50: 
        !            51: /*
        !            52:  * Flags used for certificate management
        !            53:  */
        !            54: #define        CERT_TRUST      0x01    /* certificate is trusted */
        !            55: #define CERT_SIGN      0x02    /* certificate is signed */
        !            56: #define CERT_VALID     0x04    /* certificate is valid */
        !            57: #define CERT_PRIV      0x08    /* certificate is private */
        !            58: #define CERT_ERROR     0x80    /* certificate has errors */
        !            59: 
        !            60: /*
        !            61:  * Extension field definitions
        !            62:  */
        !            63: #define        CRYPTO_MAXLEN   1024    /* max extension field length */
        !            64: #define CRYPTO_VN      2       /* current protocol version number */
        !            65: #define CRYPTO_CMD(x)  (((CRYPTO_VN << 8) | (x)) << 16)
        !            66: #define CRYPTO_NULL    CRYPTO_CMD(0) /* no operation */
        !            67: #define CRYPTO_ASSOC   CRYPTO_CMD(1) /* association */
        !            68: #define CRYPTO_CERT    CRYPTO_CMD(2) /* certificate */
        !            69: #define CRYPTO_COOK    CRYPTO_CMD(3) /* cookie value */
        !            70: #define CRYPTO_AUTO    CRYPTO_CMD(4) /* autokey values */
        !            71: #define CRYPTO_LEAP    CRYPTO_CMD(5) /* leapsecond values */
        !            72: #define        CRYPTO_SIGN     CRYPTO_CMD(6) /* certificate sign */
        !            73: #define CRYPTO_IFF     CRYPTO_CMD(7) /* IFF identity scheme */
        !            74: #define CRYPTO_GQ      CRYPTO_CMD(8) /* GQ identity scheme */
        !            75: #define        CRYPTO_MV       CRYPTO_CMD(9) /* MV identity scheme */
        !            76: #define CRYPTO_RESP    0x80000000 /* response */
        !            77: #define CRYPTO_ERROR   0x40000000 /* error */
        !            78: 
        !            79: /*
        !            80:  * Autokey event codes
        !            81:  */
        !            82: #define XEVNT_CMD(x)   (CRPT_EVENT | (x))
        !            83: #define XEVNT_OK       XEVNT_CMD(0) /* success */
        !            84: #define XEVNT_LEN      XEVNT_CMD(1) /* bad field format or length */
        !            85: #define XEVNT_TSP      XEVNT_CMD(2) /* bad timestamp */
        !            86: #define XEVNT_FSP      XEVNT_CMD(3) /* bad filestamp */
        !            87: #define XEVNT_PUB      XEVNT_CMD(4) /* bad or missing public key */
        !            88: #define XEVNT_MD       XEVNT_CMD(5) /* unsupported digest type */
        !            89: #define XEVNT_KEY      XEVNT_CMD(6) /* unsupported identity type */
        !            90: #define XEVNT_SGL      XEVNT_CMD(7) /* bad signature length */
        !            91: #define XEVNT_SIG      XEVNT_CMD(8) /* signature not verified */
        !            92: #define XEVNT_VFY      XEVNT_CMD(9) /* certificate not verified */
        !            93: #define XEVNT_PER      XEVNT_CMD(10) /* host certificate expired */
        !            94: #define XEVNT_CKY      XEVNT_CMD(11) /* bad or missing cookie */
        !            95: #define XEVNT_DAT      XEVNT_CMD(12) /* bad or missing leapseconds */
        !            96: #define XEVNT_CRT      XEVNT_CMD(13) /* bad or missing certificate */
        !            97: #define XEVNT_ID       XEVNT_CMD(14) /* bad or missing group key */
        !            98: #define        XEVNT_ERR       XEVNT_CMD(15) /* protocol error */
        !            99: 
        !           100: /*
        !           101:  * Miscellaneous crypto stuff
        !           102:  */
        !           103: #define NTP_MAXSESSION 100     /* maximum session key list entries */
        !           104: #define        NTP_MAXEXTEN    2048    /* maximum extension field size */
        !           105: #define        NTP_AUTOMAX     12      /* default key list timeout (log2 s) */
        !           106: #define        KEY_REVOKE      17      /* default key revoke timeout (log2 s) */
        !           107: #define        NTP_REFRESH     19      /* default restart timeout (log2 s) */
        !           108: #define        NTP_MAXKEY      65535   /* maximum symmetric key ID */
        !           109: 
        !           110: /*
        !           111:  * The autokey structure holds the values used to authenticate key IDs.
        !           112:  */
        !           113: struct autokey {               /* network byte order */
        !           114:        keyid_t key;            /* key ID */
        !           115:        int32   seq;            /* key number */
        !           116: };
        !           117: 
        !           118: /*
        !           119:  * The value structure holds variable length data such as public
        !           120:  * key, agreement parameters, public valule and leapsecond table.
        !           121:  * They are in network byte order.
        !           122:  */
        !           123: struct value {                 /* network byte order */
        !           124:        tstamp_t tstamp;        /* timestamp */
        !           125:        tstamp_t fstamp;        /* filestamp */
        !           126:        u_int32 vallen;         /* value length */
        !           127:        u_char  *ptr;           /* data pointer (various) */
        !           128:        u_int32 siglen;         /* signature length */
        !           129:        u_char  *sig;           /* signature */
        !           130: };
        !           131: 
        !           132: /*
        !           133:  * The packet extension field structures are used to hold values
        !           134:  * and signatures in network byte order.
        !           135:  */
        !           136: struct exten {
        !           137:        u_int32 opcode;         /* opcode */
        !           138:        u_int32 associd;        /* association ID */
        !           139:        u_int32 tstamp;         /* timestamp */
        !           140:        u_int32 fstamp;         /* filestamp */
        !           141:        u_int32 vallen;         /* value length */
        !           142:        u_int32 pkt[1];         /* start of value field */
        !           143: };
        !           144: 
        !           145: /*
        !           146:  * The certificate info/value structure
        !           147:  */
        !           148: struct cert_info {
        !           149:        struct cert_info *link; /* forward link */
        !           150:        u_int   flags;          /* flags that wave */
        !           151:        EVP_PKEY *pkey;         /* generic key */
        !           152:        long    version;        /* X509 version */
        !           153:        int     nid;            /* signature/digest ID */
        !           154:        const EVP_MD *digest;   /* message digest algorithm */
        !           155:        u_long  serial;         /* serial number */
        !           156:        tstamp_t first;         /* not valid before */
        !           157:        tstamp_t last;          /* not valid after */
        !           158:        char    *subject;       /* subject common name */
        !           159:        char    *issuer;        /* issuer common name */
        !           160:        BIGNUM  *grpkey;        /* GQ group key */
        !           161:        struct value cert;      /* certificate/value */
        !           162: };
        !           163: 
        !           164: /*
        !           165:  * The keys info/value structure
        !           166:  */
        !           167: struct pkey_info {
        !           168:        struct pkey_info *link; /* forward link */
        !           169:        EVP_PKEY *pkey;         /* generic key */
        !           170:        char    *name;          /* file name */
        !           171:        tstamp_t fstamp;        /* filestamp */
        !           172: };
        !           173: 
        !           174: /*
        !           175:  * Cryptographic values
        !           176:  */
        !           177: extern u_int   crypto_flags;   /* status word */
        !           178: extern int     crypto_nid;     /* digest nid */
        !           179: extern struct value hostval;   /* host name/value */
        !           180: extern struct cert_info *cinfo; /* host certificate information */
        !           181: extern struct value tai_leap;  /* leapseconds table */
        !           182: #endif /* OPENSSL */
        !           183: #endif /* NTP_CRYPTO_H */