"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.11.23/lib/dns/dst_internal.h" (7 Sep 2020, 9149 Bytes) of package /linux/misc/dns/bind9/9.11.23/bind-9.11.23.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "dst_internal.h" see the Fossies "Dox" file reference documentation.

    1 /*
    2  * Portions Copyright (C) Internet Systems Consortium, Inc. ("ISC")
    3  *
    4  * This Source Code Form is subject to the terms of the Mozilla Public
    5  * License, v. 2.0. If a copy of the MPL was not distributed with this
    6  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
    7  *
    8  * See the COPYRIGHT file distributed with this work for additional
    9  * information regarding copyright ownership.
   10  *
   11  * Portions Copyright (C) Network Associates, Inc.
   12  *
   13  * Permission to use, copy, modify, and/or distribute this software for any
   14  * purpose with or without fee is hereby granted, provided that the above
   15  * copyright notice and this permission notice appear in all copies.
   16  *
   17  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
   18  * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
   19  * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
   20  * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
   21  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
   22  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
   23  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
   24  */
   25 
   26 
   27 #ifndef DST_DST_INTERNAL_H
   28 #define DST_DST_INTERNAL_H 1
   29 
   30 #include <inttypes.h>
   31 #include <stdbool.h>
   32 
   33 #include <isc/lang.h>
   34 #include <isc/buffer.h>
   35 #include <isc/magic.h>
   36 #include <isc/region.h>
   37 #include <isc/types.h>
   38 #include <isc/md5.h>
   39 #include <isc/refcount.h>
   40 #include <isc/sha1.h>
   41 #include <isc/sha2.h>
   42 #include <isc/stdtime.h>
   43 #include <isc/hmacmd5.h>
   44 #include <isc/hmacsha.h>
   45 
   46 #include <pk11/site.h>
   47 
   48 #include <dns/time.h>
   49 
   50 #include <dst/dst.h>
   51 
   52 #ifdef OPENSSL
   53 #ifndef PK11_DH_DISABLE
   54 #include <openssl/dh.h>
   55 #endif
   56 #ifndef PK11_DSA_DISABLE
   57 #include <openssl/dsa.h>
   58 #endif
   59 #include <openssl/err.h>
   60 #include <openssl/evp.h>
   61 #include <openssl/objects.h>
   62 #include <openssl/rsa.h>
   63 #endif
   64 
   65 ISC_LANG_BEGINDECLS
   66 
   67 #define KEY_MAGIC   ISC_MAGIC('D','S','T','K')
   68 #define CTX_MAGIC   ISC_MAGIC('D','S','T','C')
   69 
   70 #define VALID_KEY(x) ISC_MAGIC_VALID(x, KEY_MAGIC)
   71 #define VALID_CTX(x) ISC_MAGIC_VALID(x, CTX_MAGIC)
   72 
   73 LIBDNS_EXTERNAL_DATA extern isc_mem_t *dst__memory_pool;
   74 
   75 /***
   76  *** Types
   77  ***/
   78 
   79 typedef struct dst_func dst_func_t;
   80 
   81 #ifndef PK11_MD5_DISABLE
   82 typedef struct dst_hmacmd5_key    dst_hmacmd5_key_t;
   83 #endif
   84 typedef struct dst_hmacsha1_key   dst_hmacsha1_key_t;
   85 typedef struct dst_hmacsha224_key dst_hmacsha224_key_t;
   86 typedef struct dst_hmacsha256_key dst_hmacsha256_key_t;
   87 typedef struct dst_hmacsha384_key dst_hmacsha384_key_t;
   88 typedef struct dst_hmacsha512_key dst_hmacsha512_key_t;
   89 
   90 /*%
   91  * Indicate whether a DST context will be used for signing
   92  * or for verification
   93  */
   94 typedef enum { DO_SIGN, DO_VERIFY } dst_use_t;
   95 
   96 /*% DST Key Structure */
   97 struct dst_key {
   98     unsigned int    magic;
   99     isc_refcount_t  refs;
  100     dns_name_t *    key_name;   /*%< name of the key */
  101     unsigned int    key_size;   /*%< size of the key in bits */
  102     unsigned int    key_proto;  /*%< protocols this key is used for */
  103     unsigned int    key_alg;    /*%< algorithm of the key */
  104     uint32_t    key_flags;  /*%< flags of the public key */
  105     uint16_t    key_id;     /*%< identifier of the key */
  106     uint16_t    key_rid;    /*%< identifier of the key when
  107                          revoked */
  108     uint16_t    key_bits;   /*%< hmac digest bits */
  109     dns_rdataclass_t key_class; /*%< class of the key record */
  110     dns_ttl_t   key_ttl;    /*%< default/initial dnskey ttl */
  111     isc_mem_t   *mctx;      /*%< memory context */
  112     char        *engine;    /*%< engine name (HSM) */
  113     char        *label;     /*%< engine label (HSM) */
  114     union {
  115         void *generic;
  116         gss_ctx_id_t gssctx;
  117 #ifdef OPENSSL
  118 #if !defined(USE_EVP) || !USE_EVP
  119         RSA *rsa;
  120 #endif
  121 #ifndef PK11_DSA_DISABLE
  122         DSA *dsa;
  123 #endif
  124 #ifndef PK11_DH_DISABLE
  125         DH *dh;
  126 #endif
  127         EVP_PKEY *pkey;
  128 #elif PKCS11CRYPTO
  129         pk11_object_t *pkey;
  130 #endif
  131 #ifndef PK11_MD5_DISABLE
  132         dst_hmacmd5_key_t *hmacmd5;
  133 #endif
  134         dst_hmacsha1_key_t *hmacsha1;
  135         dst_hmacsha224_key_t *hmacsha224;
  136         dst_hmacsha256_key_t *hmacsha256;
  137         dst_hmacsha384_key_t *hmacsha384;
  138         dst_hmacsha512_key_t *hmacsha512;
  139 
  140     } keydata;          /*%< pointer to key in crypto pkg fmt */
  141 
  142     isc_stdtime_t   times[DST_MAX_TIMES + 1];    /*%< timing metadata */
  143     bool    timeset[DST_MAX_TIMES + 1];  /*%< data set? */
  144     isc_stdtime_t   nums[DST_MAX_NUMERIC + 1];   /*%< numeric metadata */
  145     bool    numset[DST_MAX_NUMERIC + 1]; /*%< data set? */
  146     bool    inactive;      /*%< private key not present as it is
  147                         inactive */
  148     bool    external;      /*%< external key */
  149 
  150     int     fmt_major;     /*%< private key format, major version */
  151     int     fmt_minor;     /*%< private key format, minor version */
  152 
  153     dst_func_t *    func;          /*%< crypto package specific functions */
  154     isc_buffer_t   *key_tkeytoken; /*%< TKEY token data */
  155 };
  156 
  157 struct dst_context {
  158     unsigned int magic;
  159     dst_use_t use;
  160     dst_key_t *key;
  161     isc_mem_t *mctx;
  162     isc_logcategory_t *category;
  163     union {
  164         void *generic;
  165         dst_gssapi_signverifyctx_t *gssctx;
  166 #ifndef PK11_MD5_DISABLE
  167         isc_md5_t *md5ctx;
  168 #endif
  169         isc_sha1_t *sha1ctx;
  170         isc_sha256_t *sha256ctx;
  171         isc_sha512_t *sha512ctx;
  172 #ifndef PK11_MD5_DISABLE
  173         isc_hmacmd5_t *hmacmd5ctx;
  174 #endif
  175         isc_hmacsha1_t *hmacsha1ctx;
  176         isc_hmacsha224_t *hmacsha224ctx;
  177         isc_hmacsha256_t *hmacsha256ctx;
  178         isc_hmacsha384_t *hmacsha384ctx;
  179         isc_hmacsha512_t *hmacsha512ctx;
  180 #ifdef OPENSSL
  181         EVP_MD_CTX *evp_md_ctx;
  182 #elif PKCS11CRYPTO
  183         pk11_context_t *pk11_ctx;
  184 #endif
  185     } ctxdata;
  186 };
  187 
  188 struct dst_func {
  189     /*
  190      * Context functions
  191      */
  192     isc_result_t (*createctx)(dst_key_t *key, dst_context_t *dctx);
  193     isc_result_t (*createctx2)(dst_key_t *key, int maxbits,
  194                    dst_context_t *dctx);
  195     void (*destroyctx)(dst_context_t *dctx);
  196     isc_result_t (*adddata)(dst_context_t *dctx, const isc_region_t *data);
  197 
  198     /*
  199      * Key operations
  200      */
  201     isc_result_t (*sign)(dst_context_t *dctx, isc_buffer_t *sig);
  202     isc_result_t (*verify)(dst_context_t *dctx, const isc_region_t *sig);
  203     isc_result_t (*verify2)(dst_context_t *dctx, int maxbits,
  204                 const isc_region_t *sig);
  205     isc_result_t (*computesecret)(const dst_key_t *pub,
  206                       const dst_key_t *priv,
  207                       isc_buffer_t *secret);
  208     bool (*compare)(const dst_key_t *key1, const dst_key_t *key2);
  209     bool (*paramcompare)(const dst_key_t *key1,
  210                       const dst_key_t *key2);
  211     isc_result_t (*generate)(dst_key_t *key, int parms,
  212                  void (*callback)(int));
  213     bool (*isprivate)(const dst_key_t *key);
  214     void (*destroy)(dst_key_t *key);
  215 
  216     /* conversion functions */
  217     isc_result_t (*todns)(const dst_key_t *key, isc_buffer_t *data);
  218     isc_result_t (*fromdns)(dst_key_t *key, isc_buffer_t *data);
  219     isc_result_t (*tofile)(const dst_key_t *key, const char *directory);
  220     isc_result_t (*parse)(dst_key_t *key,
  221                   isc_lex_t *lexer,
  222                   dst_key_t *pub);
  223 
  224     /* cleanup */
  225     void (*cleanup)(void);
  226 
  227     isc_result_t (*fromlabel)(dst_key_t *key, const char *engine,
  228                   const char *label, const char *pin);
  229     isc_result_t (*dump)(dst_key_t *key, isc_mem_t *mctx, char **buffer,
  230                  int *length);
  231     isc_result_t (*restore)(dst_key_t *key, const char *keystr);
  232 };
  233 
  234 /*%
  235  * Initializers
  236  */
  237 isc_result_t dst__openssl_init(const char *engine);
  238 #define dst__pkcs11_init pk11_initialize
  239 
  240 #ifndef PK11_MD5_DISABLE
  241 isc_result_t dst__hmacmd5_init(struct dst_func **funcp);
  242 #endif
  243 isc_result_t dst__hmacsha1_init(struct dst_func **funcp);
  244 isc_result_t dst__hmacsha224_init(struct dst_func **funcp);
  245 isc_result_t dst__hmacsha256_init(struct dst_func **funcp);
  246 isc_result_t dst__hmacsha384_init(struct dst_func **funcp);
  247 isc_result_t dst__hmacsha512_init(struct dst_func **funcp);
  248 isc_result_t dst__opensslrsa_init(struct dst_func **funcp,
  249                   unsigned char algorithm);
  250 isc_result_t dst__pkcs11rsa_init(struct dst_func **funcp);
  251 #ifndef PK11_DSA_DISABLE
  252 isc_result_t dst__openssldsa_init(struct dst_func **funcp);
  253 isc_result_t dst__pkcs11dsa_init(struct dst_func **funcp);
  254 #endif
  255 #ifndef PK11_DH_DISABLE
  256 isc_result_t dst__openssldh_init(struct dst_func **funcp);
  257 isc_result_t dst__pkcs11dh_init(struct dst_func **funcp);
  258 #endif
  259 isc_result_t dst__gssapi_init(struct dst_func **funcp);
  260 #ifdef HAVE_OPENSSL_ECDSA
  261 isc_result_t dst__opensslecdsa_init(struct dst_func **funcp);
  262 #endif
  263 #if defined(HAVE_OPENSSL_ED25519) || defined(HAVE_OPENSSL_ED448)
  264 isc_result_t dst__openssleddsa_init(struct dst_func **funcp);
  265 #endif
  266 #ifdef HAVE_PKCS11_ECDSA
  267 isc_result_t dst__pkcs11ecdsa_init(struct dst_func **funcp);
  268 #endif
  269 #if defined(HAVE_PKCS11_ED25519) || defined(HAVE_PKCS11_ED448)
  270 isc_result_t dst__pkcs11eddsa_init(struct dst_func **funcp);
  271 #endif
  272 #ifdef HAVE_OPENSSL_GOST
  273 isc_result_t dst__opensslgost_init(struct dst_func **funcp);
  274 #endif
  275 #ifdef HAVE_PKCS11_GOST
  276 isc_result_t dst__pkcs11gost_init(struct dst_func **funcp);
  277 #endif
  278 
  279 /*%
  280  * Destructors
  281  */
  282 void dst__openssl_destroy(void);
  283 #define dst__pkcs11_destroy pk11_finalize
  284 
  285 /*%
  286  * Memory allocators using the DST memory pool.
  287  */
  288 void * dst__mem_alloc(size_t size);
  289 void   dst__mem_free(void *ptr);
  290 void * dst__mem_realloc(void *ptr, size_t size);
  291 
  292 /*%
  293  * Entropy retriever using the DST entropy pool.
  294  */
  295 isc_result_t dst__entropy_getdata(void *buf, unsigned int len,
  296                   bool pseudo);
  297 
  298 /*
  299  * Entropy status hook.
  300  */
  301 unsigned int dst__entropy_status(void);
  302 
  303 ISC_LANG_ENDDECLS
  304 
  305 #endif /* DST_DST_INTERNAL_H */
  306 /*! \file */