/*-
* Copyright (c) 2008 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
* by Martin Sch�tte.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* This product includes software developed by the NetBSD
* Foundation, Inc. and its contributors.
* 4. Neither the name of The NetBSD Foundation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/*
* sign.h
*
*/
#ifndef SIGN_H_
#define SIGN_H_
/* default Signature Group value,
* defines signature strategy:
* 0 one global SG
* 1 one SG per PRI
* 2 SGs for PRI ranges
* 3 other (SGs not defined by PRI)
*
* We use '3' and assign one SG to every destination (=struct filed)
*/
#define SIGN_SG 3
/* maximum value for several counters in -sign */
#define SIGN_MAX_COUNT 9999999999
/*
* many of these options could be made user configurable if desired,
* but I do not see the need for that
*/
/* redundancy options */
/*
* note on the implementation of redundancy:
* - certificate blocks: sending the first CB just before first SB.
* after that domark() triggers resends until resend count is reached.
* - signature blocks: to send every hash n times I use a sliding window.
* the hashes in every SB are grouped into n divisions:
* * the 1st hashcount/n hashes are sent for the 1st time
* * the 2nd hashcount/n hashes are sent for the 2nd time
* * ...
* * the n-th hashcount/n hashes are sent for the n-th time
* (and deleted thereafter)
*/
#define SIGN_RESENDCOUNT_CERTBLOCK 2
#define SIGN_RESENDCOUNT_HASHES 3
/* maximum length of syslog-sign messages should be <= 2048 by standard
* and should be >= 1024 to be long enough.
* be careful with small values because there is no check for a lower bound
* thus the following derived values would become negative.
*/
#define SIGN_MAX_LENGTH 2048
/* the length we can use for the SD and keep the
* message length with header below 2048 octets */
#define SIGN_MAX_SD_LENGTH (SIGN_MAX_LENGTH - 1 - HEADER_LEN_MAX)
/* length of signature, currently only for DSA */
#define SIGN_B64SIGLEN_DSS 64+1
/* the maximum length of one payload fragment:
* max.SD len - text - max. field lengths - sig len */
#define SIGN_MAX_FRAG_LENGTH (SIGN_MAX_SD_LENGTH - 82 - 38 - SIGN_B64SIGLEN_DSS)
/* the maximum length of one signature block:
* max.SD len - text - max. field lens - sig len */
#define SIGN_MAX_SB_LENGTH (SIGN_MAX_SD_LENGTH - 72 - 40 - SIGN_B64SIGLEN_DSS)
/* the maximum number of hashes pec signature block */
#define SIGN_MAX_HASH_NUM (SIGN_MAX_SB_LENGTH / (GlobalSign.md_len_b64+1))
/* number of hashes in one signature block */
#define SIGN_HASH_NUM_WANT 100
/* make sure to consider SIGN_MAX_HASH_NUM and
* to have a SIGN_HASH_NUM that is a multiple of SIGN_HASH_DIVISION_NUM */
#define SIGN_HASH_DIVISION_NUM (MIN(SIGN_HASH_NUM_WANT, SIGN_MAX_HASH_NUM) \
/ SIGN_RESENDCOUNT_HASHES)
#define SIGN_HASH_NUM (SIGN_HASH_DIVISION_NUM * SIGN_RESENDCOUNT_HASHES)
/* the length of payload strings
* since the payload is fragmented there is no technical limit
* it just has to be big enough to hold big b64 encoded PKIX certificates
*/
#define SIGN_MAX_PAYLOAD_LENGTH 20480
/* length of generated DSA keys for signing */
#define SIGN_GENCERT_BITS 1024
#define SSL_CHECK_ONE(exp) do { \
if ((exp) != 1) { \
DPRINTF(D_SIGN, #exp " failed in %d: %s\n", __LINE__, \
ERR_error_string(ERR_get_error(), NULL)); \
return 1; \
} \
} while (0)
/* structs use uint_fast64_t in different places because the standard
* requires values in interval [0:9999999999 = SIGN_MAX_COUNT] */
/* queue of C-Strings (here used for hashes) */
struct string_queue {
uint_fast64_t key;
char *data;
STAILQ_ENTRY(string_queue) entries;
};
STAILQ_HEAD(string_queue_head, string_queue);
/* all global variables for sign */
/* note that there is one object of this type which might only be
* partially filled.
* The fields .sg and .sig2_delims are set by init() and are always
* valid. A value >0 in field .rsid indicates whether the rest of the
* structure was already set by sign_global_init().
*/
struct sign_global_t {
/* params for signature block, named as in RFC nnnn */
const char *ver;
uint_fast64_t rsid;
int sg;
uint_fast64_t gbc;
struct signature_group_head SigGroups;
struct string_queue_head sig2_delims;
