1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
/* $NetBSD: dst.h,v 1.1.1.1 2004/05/20 19:49:41 christos Exp $ */
#ifndef DST_H
#define DST_H
#ifndef HAS_DST_KEY
typedef struct dst_key {
char *dk_key_name; /* name of the key */
int dk_key_size; /* this is the size of the key in bits */
int dk_proto; /* what protocols this key can be used for */
int dk_alg; /* algorithm number from key record */
u_int32_t dk_flags; /* and the flags of the public key */
u_int16_t dk_id; /* identifier of the key */
} DST_KEY;
#endif /* HAS_DST_KEY */
/*
* do not taint namespace
*/
#define dst_bsafe_init __dst_bsafe_init
#define dst_buffer_to_key __dst_buffer_to_key
#define dst_check_algorithm __dst_check_algorithm
#define dst_compare_keys __dst_compare_keys
#define dst_cylink_init __dst_cylink_init
#define dst_dnskey_to_key __dst_dnskey_to_key
#define dst_eay_dss_init __dst_eay_dss_init
#define dst_free_key __dst_free_key
#define dst_generate_key __dst_generate_key
#define dst_hmac_md5_init __dst_hmac_md5_init
#define dst_init __dst_init
#define dst_key_to_buffer __dst_key_to_buffer
#define dst_key_to_dnskey __dst_key_to_dnskey
#define dst_read_key __dst_read_key
#define dst_rsaref_init __dst_rsaref_init
#define dst_s_build_filename __dst_s_build_filename
#define dst_s_calculate_bits __dst_s_calculate_bits
#define dst_s_conv_bignum_b64_to_u8 __dst_s_conv_bignum_b64_to_u8
#define dst_s_conv_bignum_u8_to_b64 __dst_s_conv_bignum_u8_to_b64
#define dst_s_dns_key_id __dst_s_dns_key_id
#define dst_s_dump __dst_s_dump
#define dst_s_filename_length __dst_s_filename_length
#define dst_s_fopen __dst_s_fopen
#define dst_s_get_int16 __dst_s_get_int16
#define dst_s_get_int32 __dst_s_get_int32
#define dst_s_id_calc __dst_s_id_calc
#define dst_s_put_int16 __dst_s_put_int16
#define dst_s_put_int32 __dst_s_put_int32
#define dst_s_quick_random __dst_s_quick_random
#define dst_s_quick_random_set __dst_s_quick_random_set
#define dst_s_random __dst_s_random
#define dst_s_semi_random __dst_s_semi_random
#define dst_s_verify_str __dst_s_verify_str
#define dst_sig_size __dst_sig_size
#define dst_sign_data __dst_sign_data
#define dst_verify_data __dst_verify_data
#define dst_write_key __dst_write_key
/*
* DST Crypto API defintions
*/
void dst_init(void);
int dst_check_algorithm(const int);
int dst_sign_data(const int, /* specifies INIT/UPDATE/FINAL/ALL */
DST_KEY *, /* the key to use */
void **, /* pointer to state structure */
const u_char *, /* data to be signed */
const int, /* length of input data */
u_char *, /* buffer to write signature to */
const int); /* size of output buffer */
int dst_verify_data(const int, /* specifies INIT/UPDATE/FINAL/ALL */
DST_KEY *, /* the key to use */
void **, /* pointer to state structure */
const u_char *, /* data to be verified */
const int, /* length of input data */
const u_char *, /* buffer containing signature */
const int); /* length of signature */
DST_KEY *dst_read_key(const char *, /* name of key */
const u_int16_t, /* key tag identifier */
const int, /* key algorithm */
const int); /* Private/PublicKey wanted*/
int dst_write_key(const DST_KEY *, /* key to write out */
const int); /* Public/Private */
DST_KEY *dst_dnskey_to_key(const char *, /* KEY record name */
const u_char *, /* KEY RDATA */
const int); /* size of input buffer*/
int dst_key_to_dnskey(const DST_KEY *, /* key to translate */
u_char *, /* output buffer */
const int); /* size of out_storage*/
DST_KEY *dst_buffer_to_key(const char *, /* name of the key */
const int, /* algorithm */
const int, /* dns flags */
const int, /* dns protocol */
const u_char *, /* key in dns wire fmt */
const int); /* size of key */
int dst_key_to_buffer(DST_KEY *, u_char *, int);
DST_KEY *dst_generate_key(const char *, /* name of new key */
const int, /* key algorithm to generate */
const int, /* size of new key */
const int, /* alg dependent parameter*/
const int, /* key DNS flags */
const int); /* key DNS protocol */
DST_KEY *dst_free_key(DST_KEY *);
int dst_compare_keys(const DST_KEY *, const DST_KEY *);
int dst_sig_size(DST_KEY *);
/* support for dns key tags/ids */
u_int16_t dst_s_dns_key_id(const u_char *, const int);
u_int16_t dst_s_id_calc(const u_char *, const int);
/* Used by callers as well as by the library. */
#define RAW_KEY_SIZE 8192 /* large enough to store any key */
/* DST_API control flags */
/* These are used used in functions dst_sign_data and dst_verify_data */
#define SIG_MODE_INIT 1 /* initialize digest */
#define SIG_MODE_UPDATE 2 /* add data to digest */
#define SIG_MODE_FINAL 4 /* generate/verify signature */
#define SIG_MODE_ALL (SIG_MODE_INIT|SIG_MODE_UPDATE|SIG_MODE_FINAL)
/* Flags for dst_read_private_key() */
#define DST_FORCE_READ 0x1000000
#define DST_CAN_SIGN 0x010F
#define DST_NO_AUTHEN 0x8000
#define DST_EXTEND_FLAG 0x1000
#define DST_STANDARD 0
#define DST_PRIVATE 0x2000000
#define DST_PUBLIC 0x4000000
#define DST_RAND_SEMI 1
#define DST_RAND_STD 2
#define DST_RAND_KEY 3
#define DST_RAND_DSS 4
/* DST algorithm codes */
#define KEY_RSA 1
#define KEY_DH 2
#define KEY_DSA 3
#define KEY_PRIVATE 254
#define KEY_EXPAND 255
#define KEY_HMAC_MD5 157
#define KEY_HMAC_SHA1 158
#define UNKNOWN_KEYALG 0
#define DST_MAX_ALGS KEY_HMAC_SHA1
/* DST constants to locations in KEY record changes in new KEY record */
#define DST_FLAGS_SIZE 2
#define DST_KEY_PROT 2
#define DST_KEY_ALG 3
#define DST_EXT_FLAG 4
#define DST_KEY_START 4
#ifndef SIGN_F_NOKEY
#define SIGN_F_NOKEY 0xC000
#endif
/* error codes from dst routines */
#define SIGN_INIT_FAILURE (-23)
#define SIGN_UPDATE_FAILURE (-24)
#define SIGN_FINAL_FAILURE (-25)
#define VERIFY_INIT_FAILURE (-26)
#define VERIFY_UPDATE_FAILURE (-27)
#define VERIFY_FINAL_FAILURE (-28)
#define MISSING_KEY_OR_SIGNATURE (-30)
#define UNSUPPORTED_KEYALG (-31)
#endif /* DST_H */
|