summaryrefslogtreecommitdiffstats
path: root/contrib/ntp/include/ntp_crypto.h
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/ntp/include/ntp_crypto.h')
-rw-r--r--contrib/ntp/include/ntp_crypto.h205
1 files changed, 139 insertions, 66 deletions
diff --git a/contrib/ntp/include/ntp_crypto.h b/contrib/ntp/include/ntp_crypto.h
index a4e6d70..fb1955c 100644
--- a/contrib/ntp/include/ntp_crypto.h
+++ b/contrib/ntp/include/ntp_crypto.h
@@ -1,93 +1,166 @@
/*
* ntp_crypto.h - definitions for cryptographic operations
*/
-#ifdef AUTOKEY
-#include "global.h"
-#include "md5.h"
-#ifdef RSAREF
-#include "rsaref.h"
-#include "rsa.h"
-
-#define EVP_SignInit(a, b) R_SignInit(a, b)
-#define EVP_SignUpdate(a, b, c) R_SignUpdate(a, b, c);
-#define EVP_SignFinal(a, b, c, d) R_SignFinal(a, b, c, d);
-#define EVP_VerifyInit(a, b) R_VerifyInit(a, b)
-#define EVP_VerifyUpdate(a, b, c) R_VerifyUpdate(a, b, c);
-#define EVP_VerifyFinal(a, b, c, d) R_VerifyFinal(a, b, c, d);
+#ifdef OPENSSL
+#include "openssl/evp.h"
+/*
+ * The following bits are set by the CRYPTO_ASSOC message from
+ * the server and are not modified by the client.
+ */
+#define CRYPTO_FLAG_ENAB 0x0001 /* crypto enable */
+#define CRYPTO_FLAG_TAI 0x0002 /* leapseconds table */
-#endif /* RSAREF */
+#define CRYPTO_FLAG_PRIV 0x0010 /* PC identity scheme */
+#define CRYPTO_FLAG_IFF 0x0020 /* IFF identity scheme */
+#define CRYPTO_FLAG_GQ 0x0040 /* GQ identity scheme */
+#define CRYPTO_FLAG_MV 0x0080 /* MV identity scheme */
+#define CRYPTO_FLAG_MASK 0x00f0 /* identity scheme mask */
+
+/*
+ * The following bits are used by the client during the protocol
+ * exchange.
+ */
+#define CRYPTO_FLAG_VALID 0x0100 /* public key verified */
+#define CRYPTO_FLAG_VRFY 0x0200 /* identity verified */
+#define CRYPTO_FLAG_PROV 0x0400 /* signature verified */
+#define CRYPTO_FLAG_AGREE 0x0800 /* cookie verifed */
+#define CRYPTO_FLAG_AUTO 0x1000 /* autokey verified */
+#define CRYPTO_FLAG_SIGN 0x2000 /* certificate signed */
+#define CRYPTO_FLAG_LEAP 0x4000 /* leapseconds table verified */
/*
- * Cryptostatus word
+ * Flags used for certificate management
*/
-#define CRYPTO_FLAG_ENAB 0x01 /* crypto enable */
-#define CRYPTO_FLAG_RSA 0x02 /* public/private keys */
-#define CRYPTO_FLAG_CERT 0x04 /* certificate */
-#define CRYPTO_FLAG_DH 0x08 /* agreement parameters */
-#define CRYPTO_FLAG_TAI 0x10 /* leapseconds table */
+#define CERT_SIGN 0x01 /* certificate is signed */
+#define CERT_TRUST 0x02 /* certificate is trusted */
+#define CERT_PRIV 0x04 /* certificate is private */
+#define CERT_ERROR 0x80 /* certificate has errors */
/*
* Extension field definitions
*/
-#define CRYPTO_VN 1 /* current protocol version number */
+#define CRYPTO_MAXLEN 1024 /* max extension field length */
+#define CRYPTO_VN 2 /* current protocol version number */
+#define CRYPTO_CMD(x) (((CRYPTO_VN << 8) | (x)) << 16)
+#define CRYPTO_NULL CRYPTO_CMD(0) /* no operation */
+#define CRYPTO_ASSOC CRYPTO_CMD(1) /* association */
+#define CRYPTO_CERT CRYPTO_CMD(2) /* certificate */
+#define CRYPTO_COOK CRYPTO_CMD(3) /* cookie value */
+#define CRYPTO_AUTO CRYPTO_CMD(4) /* autokey values */
+#define CRYPTO_TAI CRYPTO_CMD(5) /* leapseconds table */
+#define CRYPTO_SIGN CRYPTO_CMD(6) /* certificate sign */
+#define CRYPTO_IFF CRYPTO_CMD(7) /* IFF identity scheme */
+#define CRYPTO_GQ CRYPTO_CMD(8) /* GQ identity scheme */
+#define CRYPTO_MV CRYPTO_CMD(9) /* MV identity scheme */
+#define CRYPTO_RESP 0x80000000 /* response */
+#define CRYPTO_ERROR 0x40000000 /* error */
-#define CRYPTO_NULL ((CRYPTO_VN << 8) | 0) /* no operation */
-#define CRYPTO_STAT ((CRYPTO_VN << 8) | 1) /* status */
-#define CRYPTO_ASSOC ((CRYPTO_VN << 8) | 2) /* association ID */
-#define CRYPTO_AUTO ((CRYPTO_VN << 8) | 3) /* autokey values */
-#define CRYPTO_PRIV ((CRYPTO_VN << 8) | 4) /* cookie value */
-#define CRYPTO_DHPAR ((CRYPTO_VN << 8) | 5) /* agreement params */
-#define CRYPTO_DH ((CRYPTO_VN << 8) | 6) /* public value */
-#define CRYPTO_NAME ((CRYPTO_VN << 8) | 7) /* host name/pub key */
-#define CRYPTO_CERT ((CRYPTO_VN << 8) | 8) /* PKI certificate */
-#define CRYPTO_TAI ((CRYPTO_VN << 8) | 9) /* leapseconds table */
-#define CRYPTO_RESP 0x8000 /* response */
-#define CRYPTO_ERROR 0x4000 /* error */
+/*
+ * Autokey event codes
+ */
+#define XEVNT_CMD(x) (CRPT_EVENT | (x))
+#define XEVNT_OK XEVNT_CMD(0) /* success */
+#define XEVNT_LEN XEVNT_CMD(1) /* bad field format or length */
+#define XEVNT_TSP XEVNT_CMD(2) /* bad timestamp */
+#define XEVNT_FSP XEVNT_CMD(3) /* bad filestamp */
+#define XEVNT_PUB XEVNT_CMD(4) /* bad procedure or data */
+#define XEVNT_MD XEVNT_CMD(5) /* unsupported digest type */
+#define XEVNT_KEY XEVNT_CMD(6) /* unsupported identity type */
+#define XEVNT_SGL XEVNT_CMD(7) /* bad signature length */
+#define XEVNT_SIG XEVNT_CMD(8) /* signature not verified */
+#define XEVNT_VFY XEVNT_CMD(9) /* certificate not verified */
+#define XEVNT_PER XEVNT_CMD(10) /* certificate expired */
+#define XEVNT_CKY XEVNT_CMD(11) /* bad or missing cookie */
+#define XEVNT_DAT XEVNT_CMD(12) /* bad or missing leapseconds table */
+#define XEVNT_CRT XEVNT_CMD(13) /* bad or missing certificate */
+#define XEVNT_ID XEVNT_CMD(14) /* bad or missing identification */
-#ifdef PUBKEY
/*
* Configuration codes
*/
#define CRYPTO_CONF_NONE 0 /* nothing doing */
-#define CRYPTO_CONF_FLAGS 1 /* initialize flags */
-#define CRYPTO_CONF_PRIV 2 /* load private key from file */
-#define CRYPTO_CONF_PUBL 3 /* load public key from file */
-#define CRYPTO_CONF_DH 4 /* load Diffie_Hellman pars from file */
-#define CRYPTO_CONF_LEAP 5 /* load leapsecond table */
-#define CRYPTO_CONF_KEYS 6 /* set keys directory path */
-#define CRYPTO_CONF_CERT 7 /* load PKI certificate from file */
-#endif /* PUBKEY */
+#define CRYPTO_CONF_PRIV 1 /* host keys file name */
+#define CRYPTO_CONF_SIGN 2 /* signature keys file name */
+#define CRYPTO_CONF_LEAP 3 /* leapseconds table file name */
+#define CRYPTO_CONF_KEYS 4 /* keys directory path */
+#define CRYPTO_CONF_CERT 5 /* certificate file name */
+#define CRYPTO_CONF_RAND 6 /* random seed file name */
+#define CRYPTO_CONF_TRST 7 /* specify trust */
+#define CRYPTO_CONF_IFFPAR 8 /* IFF parameters file name */
+#define CRYPTO_CONF_GQPAR 9 /* GQ parameters file name */
+#define CRYPTO_CONF_MVPAR 10 /* GQ parameters file name */
+#define CRYPTO_CONF_PW 11 /* private key password */
+
+/*
+ * Miscellaneous crypto stuff
+ */
+#define NTP_MAXSESSION 100 /* maximum session key list entries */
+#define NTP_AUTOMAX 13 /* log2 default max session key life */
+#define KEY_REVOKE 16 /* log2 default key revoke timeout */
+#define NTP_MAXEXTEN 1024 /* maximum extension field size */
+
+/*
+ * The autokey structure holds the values used to authenticate key IDs.
+ */
+struct autokey { /* network byte order */
+ keyid_t key; /* key ID */
+ int32 seq; /* key number */
+};
+
+/*
+ * The value structure holds variable length data such as public
+ * key, agreement parameters, public valule and leapsecond table.
+ * They are in network byte order.
+ */
+struct value { /* network byte order */
+ tstamp_t tstamp; /* timestamp */
+ tstamp_t fstamp; /* filestamp */
+ u_int32 vallen; /* value length */
+ u_char *ptr; /* data pointer (various) */
+ u_int32 siglen; /* signature length */
+ u_char *sig; /* signature */
+};
+
+/*
+ * The packet extension field structures are used to hold values
+ * and signatures in network byte order.
+ */
+struct exten {
+ u_int32 opcode; /* opcode */
+ u_int32 associd; /* association ID */
+ u_int32 tstamp; /* timestamp */
+ u_int32 fstamp; /* filestamp */
+ u_int32 vallen; /* value length */
+ u_int32 pkt[1]; /* start of value field */
+};
/*
- * Function prototypes
+ * The certificate info/value structure
*/
-extern void crypto_recv P((struct peer *, struct recvbuf *));
-extern int crypto_xmit P((u_int32 *, int, u_int, keyid_t,
- u_int));
-extern keyid_t session_key P((struct sockaddr_in *, struct
- sockaddr_in *, keyid_t, keyid_t,
- u_long));
-extern void make_keylist P((struct peer *, struct interface *));
-extern void key_expire P((struct peer *));
-extern void crypto_agree P((void));
-#ifdef PUBKEY
-extern void crypto_config P((int, char *));
-extern void crypto_setup P((void));
-extern int crypto_public P((struct peer *, u_char *, u_int));
-#endif /* PUBKEY */
+struct cert_info {
+ struct cert_info *link; /* forward link */
+ u_int flags; /* flags that wave */
+ EVP_PKEY *pkey; /* generic key */
+ long version; /* X509 version */
+ int nid; /* signature/digest ID */
+ const EVP_MD *digest; /* message digest algorithm */
+ u_long serial; /* serial number */
+ tstamp_t first; /* valid not before */
+ tstamp_t last; /* valid not after */
+ char *subject; /* subject common name */
+ char *issuer; /* issuer common name */
+ u_char *grpkey; /* GQ group key */
+ u_int grplen; /* GQ group key length */
+ struct value cert; /* certificate/value */
+};
/*
* Cryptographic values
*/
+extern char *keysdir; /* crypto keys directory */
extern u_int crypto_flags; /* status word */
-#ifdef PUBKEY
-extern R_DH_PARAMS dh_params;
-extern struct value host; /* host name/public key */
-extern struct value certif; /* certificate */
-extern struct value dhparam; /* agreement parameters */
-extern struct value dhpub; /* public value */
+extern struct value hostval; /* host name/value */
+extern struct cert_info *cinfo; /* host certificate information */
extern struct value tai_leap; /* leapseconds table */
-extern u_int crypto_flags; /* status word */
extern u_int sys_tai; /* current UTC offset from TAI */
-#endif /* PUBKEY */
-#endif /* AUTOKEY */
+#endif /* OPENSSL */
OpenPOWER on IntegriCloud