BIND9 Internals: lib/dns/dst_internal.h Source File

00001 /*
00002  * Portions Copyright (C) 2004-2014  Internet Systems Consortium, Inc. ("ISC")
00003  * Portions Copyright (C) 2000-2002  Internet Software Consortium.
00004  *
00005  * Permission to use, copy, modify, and/or distribute this software for any
00006  * purpose with or without fee is hereby granted, provided that the above
00007  * copyright notice and this permission notice appear in all copies.
00008  *
00009  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
00010  * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
00011  * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
00012  * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
00013  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
00014  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
00015  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
00016  *
00017  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
00018  *
00019  * Permission to use, copy, modify, and/or distribute this software for any
00020  * purpose with or without fee is hereby granted, provided that the above
00021  * copyright notice and this permission notice appear in all copies.
00022  *
00023  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
00024  * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
00025  * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
00026  * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
00027  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
00028  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
00029  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
00030  */
00031 
00032 /* $Id: dst_internal.h,v 1.31 2011/10/20 21:20:02 marka Exp $ */
00033 
00034 #ifndef DST_DST_INTERNAL_H
00035 #define DST_DST_INTERNAL_H 1
00036 
00037 #include <isc/lang.h>
00038 #include <isc/buffer.h>
00039 #include <isc/int.h>
00040 #include <isc/magic.h>
00041 #include <isc/region.h>
00042 #include <isc/types.h>
00043 #include <isc/md5.h>
00044 #include <isc/refcount.h>
00045 #include <isc/sha1.h>
00046 #include <isc/sha2.h>
00047 #include <isc/stdtime.h>
00048 #include <isc/hmacmd5.h>
00049 #include <isc/hmacsha.h>
00050 
00051 #include <dns/time.h>
00052 
00053 #include <dst/dst.h>
00054 
00055 #ifdef OPENSSL
00056 #include <openssl/dh.h>
00057 #include <openssl/dsa.h>
00058 #include <openssl/err.h>
00059 #include <openssl/evp.h>
00060 #include <openssl/objects.h>
00061 #include <openssl/rsa.h>
00062 #endif
00063 
00064 ISC_LANG_BEGINDECLS
00065 
00066 #define KEY_MAGIC       ISC_MAGIC('D','S','T','K')
00067 #define CTX_MAGIC       ISC_MAGIC('D','S','T','C')
00068 
00069 #define VALID_KEY(x) ISC_MAGIC_VALID(x, KEY_MAGIC)
00070 #define VALID_CTX(x) ISC_MAGIC_VALID(x, CTX_MAGIC)
00071 
00072 extern isc_mem_t *dst__memory_pool;
00073 
00074 /***
00075  *** Types
00076  ***/
00077 
00078 typedef struct dst_func dst_func_t;
00079 
00080 typedef struct dst_hmacmd5_key    dst_hmacmd5_key_t;
00081 typedef struct dst_hmacsha1_key   dst_hmacsha1_key_t;
00082 typedef struct dst_hmacsha224_key dst_hmacsha224_key_t;
00083 typedef struct dst_hmacsha256_key dst_hmacsha256_key_t;
00084 typedef struct dst_hmacsha384_key dst_hmacsha384_key_t;
00085 typedef struct dst_hmacsha512_key dst_hmacsha512_key_t;
00086 
00087 /*%
00088  * Indicate whether a DST context will be used for signing
00089  * or for verification
00090  */
00091 typedef enum { DO_SIGN, DO_VERIFY } dst_use_t;
00092 
00093 /*% DST Key Structure */
00094 struct dst_key {
00095         unsigned int    magic;
00096         isc_refcount_t  refs;
00097         dns_name_t *    key_name;       /*%< name of the key */
00098         unsigned int    key_size;       /*%< size of the key in bits */
00099         unsigned int    key_proto;      /*%< protocols this key is used for */
00100         unsigned int    key_alg;        /*%< algorithm of the key */
00101         isc_uint32_t    key_flags;      /*%< flags of the public key */
00102         isc_uint16_t    key_id;         /*%< identifier of the key */
00103         isc_uint16_t    key_rid;        /*%< identifier of the key when
00104                                              revoked */
00105         isc_uint16_t    key_bits;       /*%< hmac digest bits */
00106         dns_rdataclass_t key_class;     /*%< class of the key record */
00107         dns_ttl_t       key_ttl;        /*%< default/initial dnskey ttl */
00108         isc_mem_t       *mctx;          /*%< memory context */
00109         char            *engine;        /*%< engine name (HSM) */
00110         char            *label;         /*%< engine label (HSM) */
00111         union {
00112                 void *generic;
00113                 gss_ctx_id_t gssctx;
00114 #ifdef OPENSSL
00115 #if !defined(USE_EVP) || !USE_EVP
00116                 RSA *rsa;
00117 #endif
00118                 DSA *dsa;
00119                 DH *dh;
00120                 EVP_PKEY *pkey;
00121 #elif PKCS11CRYPTO
00122                 pk11_object_t *pkey;
00123 #endif
00124                 dst_hmacmd5_key_t *hmacmd5;
00125                 dst_hmacsha1_key_t *hmacsha1;
00126                 dst_hmacsha224_key_t *hmacsha224;
00127                 dst_hmacsha256_key_t *hmacsha256;
00128                 dst_hmacsha384_key_t *hmacsha384;
00129                 dst_hmacsha512_key_t *hmacsha512;
00130 
00131         } keydata;                      /*%< pointer to key in crypto pkg fmt */
00132 
00133         isc_stdtime_t   times[DST_MAX_TIMES + 1];    /*%< timing metadata */
00134         isc_boolean_t   timeset[DST_MAX_TIMES + 1];  /*%< data set? */
00135         isc_stdtime_t   nums[DST_MAX_NUMERIC + 1];   /*%< numeric metadata */
00136         isc_boolean_t   numset[DST_MAX_NUMERIC + 1]; /*%< data set? */
00137         isc_boolean_t   inactive;      /*%< private key not present as it is
00138                                             inactive */
00139         isc_boolean_t   external;      /*%< external key */
00140 
00141         int             fmt_major;     /*%< private key format, major version */
00142         int             fmt_minor;     /*%< private key format, minor version */
00143 
00144         dst_func_t *    func;          /*%< crypto package specific functions */
00145         isc_buffer_t   *key_tkeytoken; /*%< TKEY token data */
00146 };
00147 
00148 struct dst_context {
00149         unsigned int magic;
00150         dst_use_t use;
00151         dst_key_t *key;
00152         isc_mem_t *mctx;
00153         isc_logcategory_t *category;
00154         union {
00155                 void *generic;
00156                 dst_gssapi_signverifyctx_t *gssctx;
00157                 isc_md5_t *md5ctx;
00158                 isc_sha1_t *sha1ctx;
00159                 isc_sha256_t *sha256ctx;
00160                 isc_sha512_t *sha512ctx;
00161                 isc_hmacmd5_t *hmacmd5ctx;
00162                 isc_hmacsha1_t *hmacsha1ctx;
00163                 isc_hmacsha224_t *hmacsha224ctx;
00164                 isc_hmacsha256_t *hmacsha256ctx;
00165                 isc_hmacsha384_t *hmacsha384ctx;
00166                 isc_hmacsha512_t *hmacsha512ctx;
00167 #ifdef OPENSSL
00168                 EVP_MD_CTX *evp_md_ctx;
00169 #elif PKCS11CRYPTO
00170                 pk11_context_t *pk11_ctx;
00171 #endif
00172         } ctxdata;
00173 };
00174 
00175 struct dst_func {
00176         /*
00177          * Context functions
00178          */
00179         isc_result_t (*createctx)(dst_key_t *key, dst_context_t *dctx);
00180         isc_result_t (*createctx2)(dst_key_t *key, int maxbits,
00181                                    dst_context_t *dctx);
00182         void (*destroyctx)(dst_context_t *dctx);
00183         isc_result_t (*adddata)(dst_context_t *dctx, const isc_region_t *data);
00184 
00185         /*
00186          * Key operations
00187          */
00188         isc_result_t (*sign)(dst_context_t *dctx, isc_buffer_t *sig);
00189         isc_result_t (*verify)(dst_context_t *dctx, const isc_region_t *sig);
00190         isc_result_t (*verify2)(dst_context_t *dctx, int maxbits,
00191                                 const isc_region_t *sig);
00192         isc_result_t (*computesecret)(const dst_key_t *pub,
00193                                       const dst_key_t *priv,
00194                                       isc_buffer_t *secret);
00195         isc_boolean_t (*compare)(const dst_key_t *key1, const dst_key_t *key2);
00196         isc_boolean_t (*paramcompare)(const dst_key_t *key1,
00197                                       const dst_key_t *key2);
00198         isc_result_t (*generate)(dst_key_t *key, int parms,
00199                                  void (*callback)(int));
00200         isc_boolean_t (*isprivate)(const dst_key_t *key);
00201         void (*destroy)(dst_key_t *key);
00202 
00203         /* conversion functions */
00204         isc_result_t (*todns)(const dst_key_t *key, isc_buffer_t *data);
00205         isc_result_t (*fromdns)(dst_key_t *key, isc_buffer_t *data);
00206         isc_result_t (*tofile)(const dst_key_t *key, const char *directory);
00207         isc_result_t (*parse)(dst_key_t *key,
00208                               isc_lex_t *lexer,
00209                               dst_key_t *pub);
00210 
00211         /* cleanup */
00212         void (*cleanup)(void);
00213 
00214         isc_result_t (*fromlabel)(dst_key_t *key, const char *engine,
00215                                   const char *label, const char *pin);
00216         isc_result_t (*dump)(dst_key_t *key, isc_mem_t *mctx, char **buffer,
00217                              int *length);
00218         isc_result_t (*restore)(dst_key_t *key, const char *keystr);
00219 };
00220 
00221 /*%
00222  * Initializers
00223  */
00224 isc_result_t dst__openssl_init(const char *engine);
00225 #define dst__pkcs11_init pk11_initialize
00226 
00227 isc_result_t dst__hmacmd5_init(struct dst_func **funcp);
00228 isc_result_t dst__hmacsha1_init(struct dst_func **funcp);
00229 isc_result_t dst__hmacsha224_init(struct dst_func **funcp);
00230 isc_result_t dst__hmacsha256_init(struct dst_func **funcp);
00231 isc_result_t dst__hmacsha384_init(struct dst_func **funcp);
00232 isc_result_t dst__hmacsha512_init(struct dst_func **funcp);
00233 isc_result_t dst__opensslrsa_init(struct dst_func **funcp,
00234                                   unsigned char algorithm);
00235 isc_result_t dst__pkcs11rsa_init(struct dst_func **funcp);
00236 isc_result_t dst__openssldsa_init(struct dst_func **funcp);
00237 isc_result_t dst__pkcs11dsa_init(struct dst_func **funcp);
00238 isc_result_t dst__openssldh_init(struct dst_func **funcp);
00239 isc_result_t dst__pkcs11dh_init(struct dst_func **funcp);
00240 isc_result_t dst__gssapi_init(struct dst_func **funcp);
00241 #ifdef HAVE_OPENSSL_ECDSA
00242 isc_result_t dst__opensslecdsa_init(struct dst_func **funcp);
00243 #endif
00244 #ifdef HAVE_PKCS11_ECDSA
00245 isc_result_t dst__pkcs11ecdsa_init(struct dst_func **funcp);
00246 #endif
00247 #ifdef HAVE_OPENSSL_GOST
00248 isc_result_t dst__opensslgost_init(struct dst_func **funcp);
00249 #endif
00250 #ifdef HAVE_PKCS11_GOST
00251 isc_result_t dst__pkcs11gost_init(struct dst_func **funcp);
00252 #endif
00253 
00254 /*%
00255  * Destructors
00256  */
00257 void dst__openssl_destroy(void);
00258 #define dst__pkcs11_destroy pk11_finalize
00259 
00260 /*%
00261  * Memory allocators using the DST memory pool.
00262  */
00263 void * dst__mem_alloc(size_t size);
00264 void   dst__mem_free(void *ptr);
00265 void * dst__mem_realloc(void *ptr, size_t size);
00266 
00267 /*%
00268  * Entropy retriever using the DST entropy pool.
00269  */
00270 isc_result_t dst__entropy_getdata(void *buf, unsigned int len,
00271                                   isc_boolean_t pseudo);
00272 
00273 /*
00274  * Entropy status hook.
00275  */
00276 unsigned int dst__entropy_status(void);
00277 
00278 ISC_LANG_ENDDECLS
00279 
00280 #endif /* DST_DST_INTERNAL_H */
00281 /*! \file */