1/* $NetBSD: sign.h,v 1.1 2008/10/31 16:12:19 christos Exp $ */ 2 3/*- 4 * Copyright (c) 2008 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Martin Sch�tte. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 3. All advertising materials mentioning features or use of this software 19 * must display the following acknowledgement: 20 * This product includes software developed by the NetBSD 21 * Foundation, Inc. and its contributors. 22 * 4. Neither the name of The NetBSD Foundation nor the names of its 23 * contributors may be used to endorse or promote products derived 24 * from this software without specific prior written permission. 25 * 26 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 27 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 28 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 29 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 30 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 31 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 32 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 33 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 34 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 35 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 36 * POSSIBILITY OF SUCH DAMAGE. 37 */ 38/* 39 * sign.h 40 * 41 */ 42#ifndef SIGN_H_ 43#define SIGN_H_ 44 45#include <netinet/in.h> 46#include <resolv.h> 47#include <openssl/x509v3.h> 48#include <openssl/err.h> 49#include <openssl/rand.h> 50#include <openssl/pem.h> 51 52/* default Signature Group value, 53 * defines signature strategy: 54 * 0 one global SG 55 * 1 one SG per PRI 56 * 2 SGs for PRI ranges 57 * 3 other (SGs not defined by PRI) 58 * 59 * We use '3' and assign one SG to every destination (=struct filed) 60 */ 61#define SIGN_SG 3 62 63/* maximum value for several counters in -sign */ 64#define SIGN_MAX_COUNT 9999999999 65 66/* 67 * many of these options could be made user configurable if desired, 68 * but I do not see the need for that 69 */ 70 71/* redundancy options */ 72/* 73 * note on the implementation of redundancy: 74 * - certificate blocks: sending the first CB just before first SB. 75 * after that domark() triggers resends until resend count is reached. 76 * - signature blocks: to send every hash n times I use a sliding window. 77 * the hashes in every SB are grouped into n divisions: 78 * * the 1st hashcount/n hashes are sent for the 1st time 79 * * the 2nd hashcount/n hashes are sent for the 2nd time 80 * * ... 81 * * the n-th hashcount/n hashes are sent for the n-th time 82 * (and deleted thereafter) 83 */ 84#define SIGN_RESENDCOUNT_CERTBLOCK 2 85#define SIGN_RESENDCOUNT_HASHES 3 86 87/* maximum length of syslog-sign messages should be <= 2048 by standard 88 * and should be >= 1024 to be long enough. 89 * be careful with small values because there is no check for a lower bound 90 * thus the following derived values would become negative. 91 */ 92#define SIGN_MAX_LENGTH 2048 93/* the length we can use for the SD and keep the 94 * message length with header below 2048 octets */ 95#define SIGN_MAX_SD_LENGTH (SIGN_MAX_LENGTH - 1 - HEADER_LEN_MAX) 96/* length of signature, currently only for DSA */ 97#define SIGN_B64SIGLEN_DSS 64+1 98/* the maximum length of one payload fragment: 99 * max.SD len - text - max. field lengths - sig len */ 100#define SIGN_MAX_FRAG_LENGTH (SIGN_MAX_SD_LENGTH - 82 - 38 - SIGN_B64SIGLEN_DSS) 101/* the maximum length of one signature block: 102 * max.SD len - text - max. field lens - sig len */ 103#define SIGN_MAX_SB_LENGTH (SIGN_MAX_SD_LENGTH - 72 - 40 - SIGN_B64SIGLEN_DSS) 104/* the maximum number of hashes pec signature block */ 105#define SIGN_MAX_HASH_NUM (SIGN_MAX_SB_LENGTH / (GlobalSign.md_len_b64+1)) 106/* number of hashes in one signature block */ 107#define SIGN_HASH_NUM_WANT 100 108/* make sure to consider SIGN_MAX_HASH_NUM and 109 * to have a SIGN_HASH_NUM that is a multiple of SIGN_HASH_DIVISION_NUM */ 110#define SIGN_HASH_DIVISION_NUM (MIN(SIGN_HASH_NUM_WANT, SIGN_MAX_HASH_NUM) \ 111 / SIGN_RESENDCOUNT_HASHES) 112#define SIGN_HASH_NUM (SIGN_HASH_DIVISION_NUM * SIGN_RESENDCOUNT_HASHES) 113 114/* the length of payload strings 115 * since the payload is fragmented there is no technical limit 116 * it just has to be big enough to hold big b64 encoded PKIX certificates 117 */ 118#define SIGN_MAX_PAYLOAD_LENGTH 20480 119 120/* length of generated DSA keys for signing */ 121#define SIGN_GENCERT_BITS 1024 122 123#define SSL_CHECK_ONE(exp) do { \ 124 if ((exp) != 1) { \ 125 DPRINTF(D_SIGN, #exp " failed in %d: %s\n", __LINE__, \ 126 ERR_error_string(ERR_get_error(), NULL)); \ 127 return 1; \ 128 } \ 129} while (/*CONSTCOND*/0) 130 131/* structs use uint_fast64_t in different places because the standard 132 * requires values in interval [0:9999999999 = SIGN_MAX_COUNT] */ 133 134/* queue of C-Strings (here used for hashes) */ 135struct string_queue { 136 uint_fast64_t key; 137 char *data; 138 STAILQ_ENTRY(string_queue) entries; 139}; 140STAILQ_HEAD(string_queue_head, string_queue); 141 142/* queue of destinations (used associate SGs and fileds) */ 143struct filed_queue { 144 struct filed *f; 145 STAILQ_ENTRY(filed_queue) entries; 146}; 147STAILQ_HEAD(filed_queue_head, filed_queue); 148 149/* queue of Signature Groups */ 150struct signature_group_t { 151 unsigned spri; 152 unsigned resendcount; 153 uint_fast64_t last_msg_num; 154 struct string_queue_head hashes; 155 struct filed_queue_head files; 156 STAILQ_ENTRY(signature_group_t) entries; 157}; 158STAILQ_HEAD(signature_group_head, signature_group_t); 159 160/* all global variables for sign */ 161/* note that there is one object of this type which might only be 162 * partially filled. 163 * The fields .sg and .sig2_delims are set by init() and are always 164 * valid. A value >0 in field .rsid indicates whether the rest of the 165 * structure was already set by sign_global_init(). 166 */ 167struct sign_global_t { 168 /* params for signature block, named as in RFC nnnn */ 169 const char *ver; 170 uint_fast64_t rsid; 171 int sg; 172 uint_fast64_t gbc; 173 struct signature_group_head SigGroups; 174 struct string_queue_head sig2_delims; 175 176 EVP_PKEY *privkey; 177 EVP_PKEY *pubkey; 178 char *pubkey_b64; 179 char keytype; 180 181 EVP_MD_CTX *mdctx; /* hashing context */ 182 const EVP_MD *md; /* hashing method/algorithm */ 183 unsigned md_len_b64; /* length of b64 hash value */ 184 185 EVP_MD_CTX *sigctx; /* signature context */ 186 const EVP_MD *sig; /* signature method/algorithm */ 187 unsigned sig_len_b64; /* length of b64 signature */ 188}; 189 190bool sign_global_init(struct filed*); 191bool sign_sg_init(struct filed*); 192bool sign_get_keys(void); 193void sign_global_free(void); 194struct signature_group_t* sign_get_sg(int, struct filed*); 195bool sign_send_certificate_block(struct signature_group_t*); 196unsigned sign_send_signature_block(struct signature_group_t*, bool); 197void sign_free_hashes(struct signature_group_t*); 198void sign_free_string_queue(struct string_queue_head*); 199bool sign_msg_hash(char*, char**); 200bool sign_append_hash(char*, struct signature_group_t*); 201bool sign_msg_sign(struct buf_msg**, char*, size_t); 202bool sign_string_sign(char*, char**); 203void sign_new_reboot_session(void); 204void sign_inc_gbc(void); 205uint_fast64_t sign_assign_msg_num(struct signature_group_t*); 206 207#endif /* SIGN_H_ */ 208