1224ba2bdSOllivier Robert /* 2224ba2bdSOllivier Robert * ntp_crypto.h - definitions for cryptographic operations 3224ba2bdSOllivier Robert */ 49c2daa00SOllivier Robert #ifdef OPENSSL 59c2daa00SOllivier Robert #include "openssl/evp.h" 69c2daa00SOllivier Robert /* 79c2daa00SOllivier Robert * The following bits are set by the CRYPTO_ASSOC message from 89c2daa00SOllivier Robert * the server and are not modified by the client. 99c2daa00SOllivier Robert */ 109c2daa00SOllivier Robert #define CRYPTO_FLAG_ENAB 0x0001 /* crypto enable */ 119c2daa00SOllivier Robert #define CRYPTO_FLAG_TAI 0x0002 /* leapseconds table */ 12224ba2bdSOllivier Robert 139c2daa00SOllivier Robert #define CRYPTO_FLAG_PRIV 0x0010 /* PC identity scheme */ 149c2daa00SOllivier Robert #define CRYPTO_FLAG_IFF 0x0020 /* IFF identity scheme */ 159c2daa00SOllivier Robert #define CRYPTO_FLAG_GQ 0x0040 /* GQ identity scheme */ 169c2daa00SOllivier Robert #define CRYPTO_FLAG_MV 0x0080 /* MV identity scheme */ 179c2daa00SOllivier Robert #define CRYPTO_FLAG_MASK 0x00f0 /* identity scheme mask */ 18224ba2bdSOllivier Robert 19224ba2bdSOllivier Robert /* 209c2daa00SOllivier Robert * The following bits are used by the client during the protocol 219c2daa00SOllivier Robert * exchange. 22224ba2bdSOllivier Robert */ 239c2daa00SOllivier Robert #define CRYPTO_FLAG_VALID 0x0100 /* public key verified */ 249c2daa00SOllivier Robert #define CRYPTO_FLAG_VRFY 0x0200 /* identity verified */ 259c2daa00SOllivier Robert #define CRYPTO_FLAG_PROV 0x0400 /* signature verified */ 269c2daa00SOllivier Robert #define CRYPTO_FLAG_AGREE 0x0800 /* cookie verifed */ 279c2daa00SOllivier Robert #define CRYPTO_FLAG_AUTO 0x1000 /* autokey verified */ 289c2daa00SOllivier Robert #define CRYPTO_FLAG_SIGN 0x2000 /* certificate signed */ 299c2daa00SOllivier Robert #define CRYPTO_FLAG_LEAP 0x4000 /* leapseconds table verified */ 309c2daa00SOllivier Robert 319c2daa00SOllivier Robert /* 329c2daa00SOllivier Robert * Flags used for certificate management 339c2daa00SOllivier Robert */ 34ea906c41SOllivier Robert #define CERT_TRUST 0x01 /* certificate is trusted */ 35ea906c41SOllivier Robert #define CERT_SIGN 0x02 /* certificate is signed */ 36ea906c41SOllivier Robert #define CERT_VALID 0x04 /* certificate is valid */ 37ea906c41SOllivier Robert #define CERT_PRIV 0x08 /* certificate is private */ 389c2daa00SOllivier Robert #define CERT_ERROR 0x80 /* certificate has errors */ 39224ba2bdSOllivier Robert 40224ba2bdSOllivier Robert /* 41224ba2bdSOllivier Robert * Extension field definitions 42224ba2bdSOllivier Robert */ 439c2daa00SOllivier Robert #define CRYPTO_MAXLEN 1024 /* max extension field length */ 449c2daa00SOllivier Robert #define CRYPTO_VN 2 /* current protocol version number */ 459c2daa00SOllivier Robert #define CRYPTO_CMD(x) (((CRYPTO_VN << 8) | (x)) << 16) 469c2daa00SOllivier Robert #define CRYPTO_NULL CRYPTO_CMD(0) /* no operation */ 479c2daa00SOllivier Robert #define CRYPTO_ASSOC CRYPTO_CMD(1) /* association */ 489c2daa00SOllivier Robert #define CRYPTO_CERT CRYPTO_CMD(2) /* certificate */ 499c2daa00SOllivier Robert #define CRYPTO_COOK CRYPTO_CMD(3) /* cookie value */ 509c2daa00SOllivier Robert #define CRYPTO_AUTO CRYPTO_CMD(4) /* autokey values */ 519c2daa00SOllivier Robert #define CRYPTO_TAI CRYPTO_CMD(5) /* leapseconds table */ 529c2daa00SOllivier Robert #define CRYPTO_SIGN CRYPTO_CMD(6) /* certificate sign */ 539c2daa00SOllivier Robert #define CRYPTO_IFF CRYPTO_CMD(7) /* IFF identity scheme */ 549c2daa00SOllivier Robert #define CRYPTO_GQ CRYPTO_CMD(8) /* GQ identity scheme */ 559c2daa00SOllivier Robert #define CRYPTO_MV CRYPTO_CMD(9) /* MV identity scheme */ 569c2daa00SOllivier Robert #define CRYPTO_RESP 0x80000000 /* response */ 579c2daa00SOllivier Robert #define CRYPTO_ERROR 0x40000000 /* error */ 58224ba2bdSOllivier Robert 599c2daa00SOllivier Robert /* 609c2daa00SOllivier Robert * Autokey event codes 619c2daa00SOllivier Robert */ 629c2daa00SOllivier Robert #define XEVNT_CMD(x) (CRPT_EVENT | (x)) 639c2daa00SOllivier Robert #define XEVNT_OK XEVNT_CMD(0) /* success */ 649c2daa00SOllivier Robert #define XEVNT_LEN XEVNT_CMD(1) /* bad field format or length */ 659c2daa00SOllivier Robert #define XEVNT_TSP XEVNT_CMD(2) /* bad timestamp */ 669c2daa00SOllivier Robert #define XEVNT_FSP XEVNT_CMD(3) /* bad filestamp */ 67ea906c41SOllivier Robert #define XEVNT_PUB XEVNT_CMD(4) /* bad or missing public key */ 689c2daa00SOllivier Robert #define XEVNT_MD XEVNT_CMD(5) /* unsupported digest type */ 699c2daa00SOllivier Robert #define XEVNT_KEY XEVNT_CMD(6) /* unsupported identity type */ 709c2daa00SOllivier Robert #define XEVNT_SGL XEVNT_CMD(7) /* bad signature length */ 719c2daa00SOllivier Robert #define XEVNT_SIG XEVNT_CMD(8) /* signature not verified */ 729c2daa00SOllivier Robert #define XEVNT_VFY XEVNT_CMD(9) /* certificate not verified */ 73ea906c41SOllivier Robert #define XEVNT_PER XEVNT_CMD(10) /* host certificate expired */ 749c2daa00SOllivier Robert #define XEVNT_CKY XEVNT_CMD(11) /* bad or missing cookie */ 759c2daa00SOllivier Robert #define XEVNT_DAT XEVNT_CMD(12) /* bad or missing leapseconds table */ 769c2daa00SOllivier Robert #define XEVNT_CRT XEVNT_CMD(13) /* bad or missing certificate */ 77ea906c41SOllivier Robert #define XEVNT_ID XEVNT_CMD(14) /* bad or missing group key */ 78ea906c41SOllivier Robert #define XEVNT_ERR XEVNT_CMD(15) /* protocol error */ 79ea906c41SOllivier Robert #define XEVNT_SRV XEVNT_CMD(16) /* server certificate expired */ 80224ba2bdSOllivier Robert 81224ba2bdSOllivier Robert /* 82224ba2bdSOllivier Robert * Configuration codes 83224ba2bdSOllivier Robert */ 84224ba2bdSOllivier Robert #define CRYPTO_CONF_NONE 0 /* nothing doing */ 859c2daa00SOllivier Robert #define CRYPTO_CONF_PRIV 1 /* host keys file name */ 869c2daa00SOllivier Robert #define CRYPTO_CONF_SIGN 2 /* signature keys file name */ 879c2daa00SOllivier Robert #define CRYPTO_CONF_LEAP 3 /* leapseconds table file name */ 889c2daa00SOllivier Robert #define CRYPTO_CONF_KEYS 4 /* keys directory path */ 899c2daa00SOllivier Robert #define CRYPTO_CONF_CERT 5 /* certificate file name */ 909c2daa00SOllivier Robert #define CRYPTO_CONF_RAND 6 /* random seed file name */ 919c2daa00SOllivier Robert #define CRYPTO_CONF_TRST 7 /* specify trust */ 929c2daa00SOllivier Robert #define CRYPTO_CONF_IFFPAR 8 /* IFF parameters file name */ 939c2daa00SOllivier Robert #define CRYPTO_CONF_GQPAR 9 /* GQ parameters file name */ 949c2daa00SOllivier Robert #define CRYPTO_CONF_MVPAR 10 /* GQ parameters file name */ 959c2daa00SOllivier Robert #define CRYPTO_CONF_PW 11 /* private key password */ 96ea906c41SOllivier Robert #define CRYPTO_CONF_IDENT 12 /* specify identity scheme */ 97224ba2bdSOllivier Robert 98224ba2bdSOllivier Robert /* 999c2daa00SOllivier Robert * Miscellaneous crypto stuff 100224ba2bdSOllivier Robert */ 1019c2daa00SOllivier Robert #define NTP_MAXSESSION 100 /* maximum session key list entries */ 1029c2daa00SOllivier Robert #define NTP_AUTOMAX 13 /* log2 default max session key life */ 1039c2daa00SOllivier Robert #define KEY_REVOKE 16 /* log2 default key revoke timeout */ 1049c2daa00SOllivier Robert #define NTP_MAXEXTEN 1024 /* maximum extension field size */ 105ea906c41SOllivier Robert #define TAI_1972 10 /* initial TAI offset (s) */ 1069c2daa00SOllivier Robert 1079c2daa00SOllivier Robert /* 1089c2daa00SOllivier Robert * The autokey structure holds the values used to authenticate key IDs. 1099c2daa00SOllivier Robert */ 1109c2daa00SOllivier Robert struct autokey { /* network byte order */ 1119c2daa00SOllivier Robert keyid_t key; /* key ID */ 1129c2daa00SOllivier Robert int32 seq; /* key number */ 1139c2daa00SOllivier Robert }; 1149c2daa00SOllivier Robert 1159c2daa00SOllivier Robert /* 1169c2daa00SOllivier Robert * The value structure holds variable length data such as public 1179c2daa00SOllivier Robert * key, agreement parameters, public valule and leapsecond table. 1189c2daa00SOllivier Robert * They are in network byte order. 1199c2daa00SOllivier Robert */ 1209c2daa00SOllivier Robert struct value { /* network byte order */ 1219c2daa00SOllivier Robert tstamp_t tstamp; /* timestamp */ 1229c2daa00SOllivier Robert tstamp_t fstamp; /* filestamp */ 1239c2daa00SOllivier Robert u_int32 vallen; /* value length */ 1249c2daa00SOllivier Robert u_char *ptr; /* data pointer (various) */ 1259c2daa00SOllivier Robert u_int32 siglen; /* signature length */ 1269c2daa00SOllivier Robert u_char *sig; /* signature */ 1279c2daa00SOllivier Robert }; 1289c2daa00SOllivier Robert 1299c2daa00SOllivier Robert /* 1309c2daa00SOllivier Robert * The packet extension field structures are used to hold values 1319c2daa00SOllivier Robert * and signatures in network byte order. 1329c2daa00SOllivier Robert */ 1339c2daa00SOllivier Robert struct exten { 1349c2daa00SOllivier Robert u_int32 opcode; /* opcode */ 1359c2daa00SOllivier Robert u_int32 associd; /* association ID */ 1369c2daa00SOllivier Robert u_int32 tstamp; /* timestamp */ 1379c2daa00SOllivier Robert u_int32 fstamp; /* filestamp */ 1389c2daa00SOllivier Robert u_int32 vallen; /* value length */ 1399c2daa00SOllivier Robert u_int32 pkt[1]; /* start of value field */ 1409c2daa00SOllivier Robert }; 1419c2daa00SOllivier Robert 1429c2daa00SOllivier Robert /* 1439c2daa00SOllivier Robert * The certificate info/value structure 1449c2daa00SOllivier Robert */ 1459c2daa00SOllivier Robert struct cert_info { 1469c2daa00SOllivier Robert struct cert_info *link; /* forward link */ 1479c2daa00SOllivier Robert u_int flags; /* flags that wave */ 1489c2daa00SOllivier Robert EVP_PKEY *pkey; /* generic key */ 1499c2daa00SOllivier Robert long version; /* X509 version */ 1509c2daa00SOllivier Robert int nid; /* signature/digest ID */ 1519c2daa00SOllivier Robert const EVP_MD *digest; /* message digest algorithm */ 1529c2daa00SOllivier Robert u_long serial; /* serial number */ 153ea906c41SOllivier Robert tstamp_t first; /* not valid before */ 154ea906c41SOllivier Robert tstamp_t last; /* not valid after */ 1559c2daa00SOllivier Robert char *subject; /* subject common name */ 1569c2daa00SOllivier Robert char *issuer; /* issuer common name */ 1579c2daa00SOllivier Robert u_char *grpkey; /* GQ group key */ 1589c2daa00SOllivier Robert u_int grplen; /* GQ group key length */ 1599c2daa00SOllivier Robert struct value cert; /* certificate/value */ 1609c2daa00SOllivier Robert }; 161224ba2bdSOllivier Robert 162224ba2bdSOllivier Robert /* 163224ba2bdSOllivier Robert * Cryptographic values 164224ba2bdSOllivier Robert */ 1659c2daa00SOllivier Robert extern char *keysdir; /* crypto keys directory */ 166224ba2bdSOllivier Robert extern u_int crypto_flags; /* status word */ 1679c2daa00SOllivier Robert extern struct value hostval; /* host name/value */ 1689c2daa00SOllivier Robert extern struct cert_info *cinfo; /* host certificate information */ 169224ba2bdSOllivier Robert extern struct value tai_leap; /* leapseconds table */ 1709c2daa00SOllivier Robert #endif /* OPENSSL */ 171