keys.h

Go to the documentation of this file.
00001 /*
00002  * 
00003  * keys.h
00004  *
00005  * priv key definitions
00006  *
00007  * a Net::DNS like library for C
00008  *
00009  * (c) NLnet Labs, 2005-2006
00010  *
00011  * See the file LICENSE for the license
00012  */
00013 
00021 #ifndef LDNS_KEYS_H
00022 #define LDNS_KEYS_H
00023 
00024 #include <ldns/common.h>
00025 #if LDNS_BUILD_CONFIG_HAVE_SSL
00026 #include <openssl/ssl.h>
00027 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00028 #include <ldns/dnssec.h>
00029 #include <ldns/util.h>
00030 #include <errno.h>
00031 
00032 #ifdef __cplusplus
00033 extern "C" {
00034 #endif
00035 
00036 extern ldns_lookup_table ldns_signing_algorithms[];
00037 
00038 #define LDNS_KEY_ZONE_KEY 0x0100   /* rfc 4034 */
00039 #define LDNS_KEY_SEP_KEY 0x0001    /* rfc 4034 */
00040 #define LDNS_KEY_REVOKE_KEY 0x0080 /* rfc 5011 */
00041 
00045 enum ldns_enum_algorithm
00046 {
00047         LDNS_RSAMD5             = 1,   /* RFC 4034,4035 */
00048         LDNS_DH                 = 2,
00049         LDNS_DSA                = 3,
00050         LDNS_ECC                = 4,
00051         LDNS_RSASHA1            = 5,
00052         LDNS_DSA_NSEC3          = 6,
00053         LDNS_RSASHA1_NSEC3      = 7,
00054         LDNS_RSASHA256          = 8,   /* RFC 5702 */
00055         LDNS_RSASHA512          = 10,  /* RFC 5702 */
00056         LDNS_ECC_GOST           = 12,  /* RFC 5933 */
00057 #if LDNS_BUILD_CONFIG_USE_ECDSA
00058         /* this ifdef has to be removed once it is no longer experimental,
00059          * to be able to use these values outside of the ldns library itself */
00060         LDNS_ECDSAP256SHA256    = 13,  /* draft-hoffman-dnssec-ecdsa */
00061         LDNS_ECDSAP384SHA384    = 14,  /* EXPERIMENTAL */
00062 #endif
00063         LDNS_INDIRECT           = 252,
00064         LDNS_PRIVATEDNS         = 253,
00065         LDNS_PRIVATEOID         = 254
00066 };
00067 typedef enum ldns_enum_algorithm ldns_algorithm;
00068 
00072 enum ldns_enum_hash
00073 {
00074         LDNS_SHA1               = 1,  /* RFC 4034 */
00075         LDNS_SHA256             = 2,  /* RFC 4509 */
00076         LDNS_HASH_GOST          = 3   /* RFC 5933 */
00077 #if LDNS_BUILD_CONFIG_USE_ECDSA
00078         /* this ifdef has to be removed once it is no longer experimental,
00079          * to be able to use these values outside of the ldns library itself */
00080         ,LDNS_SHA384             = 4   /* draft-hoffman-dnssec-ecdsa EXPERIMENTAL */
00081 #endif
00082 };
00083 typedef enum ldns_enum_hash ldns_hash;
00084 
00088 enum ldns_enum_signing_algorithm
00089 {
00090         LDNS_SIGN_RSAMD5         = LDNS_RSAMD5,
00091         LDNS_SIGN_RSASHA1        = LDNS_RSASHA1,
00092         LDNS_SIGN_DSA            = LDNS_DSA,
00093         LDNS_SIGN_RSASHA1_NSEC3  = LDNS_RSASHA1_NSEC3,
00094         LDNS_SIGN_RSASHA256      = LDNS_RSASHA256,
00095         LDNS_SIGN_RSASHA512      = LDNS_RSASHA512,
00096         LDNS_SIGN_DSA_NSEC3      = LDNS_DSA_NSEC3,
00097         LDNS_SIGN_ECC_GOST       = LDNS_ECC_GOST,
00098 #if LDNS_BUILD_CONFIG_USE_ECDSA
00099         /* this ifdef has to be removed once it is no longer experimental,
00100          * to be able to use these values outside of the ldns library itself */
00101         LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256,
00102         LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384,
00103 #endif
00104         LDNS_SIGN_HMACMD5        = 157, /* not official! This type is for TSIG, not DNSSEC */
00105         LDNS_SIGN_HMACSHA1       = 158, /* not official! This type is for TSIG, not DNSSEC */
00106         LDNS_SIGN_HMACSHA256 = 159  /* ditto */
00107 };
00108 typedef enum ldns_enum_signing_algorithm ldns_signing_algorithm;
00109 
00120 struct ldns_struct_key {
00121         ldns_signing_algorithm _alg;
00123         bool _use;
00125         /* TODO remove unions? */
00126         struct {
00127 #if LDNS_BUILD_CONFIG_HAVE_SSL
00128 #ifndef S_SPLINT_S
00129                 /* The key can be an OpenSSL EVP Key
00130                  */
00131                 EVP_PKEY *key;
00132 #endif
00133 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00134 
00137                 struct {
00138                         unsigned char *key;
00139                         size_t size;
00140                 } hmac;
00144                 void *external_key;
00145         } _key;
00147         union {
00149                 struct {
00151                         uint32_t orig_ttl;
00153                         uint32_t inception;
00155                         uint32_t expiration;
00157                         uint16_t keytag;
00159                         uint16_t flags;
00160                 }  dnssec;
00161         } _extra;
00163         ldns_rdf *_pubkey_owner;
00164 };
00165 typedef struct ldns_struct_key ldns_key;
00166 
00170 struct ldns_struct_key_list
00171 {
00172         size_t _key_count;
00173         ldns_key **_keys;
00174 };
00175 typedef struct ldns_struct_key_list ldns_key_list;
00176 
00177 
00182 ldns_key_list *ldns_key_list_new();
00183 
00188 ldns_key *ldns_key_new();
00189 
00197 ldns_key *ldns_key_new_frm_algorithm(ldns_signing_algorithm a, uint16_t size);
00198 
00209 ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp);
00210 
00222 ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr);
00223 
00224 #if LDNS_BUILD_CONFIG_HAVE_SSL
00225 
00229 ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm);
00230 
00231 
00238 RSA *ldns_key_new_frm_fp_rsa(FILE *fp);
00239 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00240 
00241 #if LDNS_BUILD_CONFIG_HAVE_SSL
00242 
00249 RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr);
00250 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00251 
00252 #if LDNS_BUILD_CONFIG_HAVE_SSL
00253 
00259 DSA *ldns_key_new_frm_fp_dsa(FILE *fp);
00260 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00261 
00262 #if LDNS_BUILD_CONFIG_HAVE_SSL
00263 
00270 DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr);
00271 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00272 
00273 #if LDNS_BUILD_CONFIG_HAVE_SSL
00274 
00282 unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size);
00283 #endif
00284 
00285 #if LDNS_BUILD_CONFIG_HAVE_SSL
00286 
00295 unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size);
00296 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00297 
00298 /* acces write functions */
00304 void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l);
00305 #if LDNS_BUILD_CONFIG_HAVE_SSL
00306 
00311 void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e);
00312 
00318 void ldns_key_set_rsa_key(ldns_key *k, RSA *r);
00324 void ldns_key_set_dsa_key(ldns_key *k, DSA *d);
00325 
00331 int ldns_key_EVP_load_gost_id(void);
00332 
00334 void ldns_key_EVP_unload_gost(void);
00335 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00336 
00342 void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac);
00343 
00354 void ldns_key_set_external_key(ldns_key *key, void *external_key);
00355 
00361 void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size);
00367 void ldns_key_set_origttl(ldns_key *k, uint32_t t);
00373 void ldns_key_set_inception(ldns_key *k, uint32_t i);
00379 void ldns_key_set_expiration(ldns_key *k, uint32_t e);
00385 void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r);
00391 void ldns_key_set_keytag(ldns_key *k, uint16_t tag);
00397 void ldns_key_set_flags(ldns_key *k, uint16_t flags);
00403 void ldns_key_list_set_key_count(ldns_key_list *key, size_t count);
00404 
00411 bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key);
00412 
00418 size_t ldns_key_list_key_count(const ldns_key_list *key_list);
00419 
00426 ldns_key *ldns_key_list_key(const ldns_key_list *key, size_t nr);
00427 
00428 #if LDNS_BUILD_CONFIG_HAVE_SSL
00429 
00434 RSA *ldns_key_rsa_key(const ldns_key *k);
00440 EVP_PKEY *ldns_key_evp_key(const ldns_key *k);
00441 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00442 
00446 #if LDNS_BUILD_CONFIG_HAVE_SSL
00447 DSA *ldns_key_dsa_key(const ldns_key *k);
00448 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
00449 
00455 ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k);
00461 void ldns_key_set_use(ldns_key *k, bool v);
00467 bool ldns_key_use(const ldns_key *k);
00473 unsigned char *ldns_key_hmac_key(const ldns_key *k);
00479 void *ldns_key_external_key(const ldns_key *k);
00485 size_t ldns_key_hmac_size(const ldns_key *k);
00491 uint32_t ldns_key_origttl(const ldns_key *k);
00497 uint32_t ldns_key_inception(const ldns_key *k);
00503 uint32_t ldns_key_expiration(const ldns_key *k);
00509 uint16_t ldns_key_keytag(const ldns_key *k);
00515 ldns_rdf *ldns_key_pubkey_owner(const ldns_key *k);
00521 void
00522 ldns_key_list_set_use(ldns_key_list *keys, bool v);
00523 
00529 uint16_t ldns_key_flags(const ldns_key *k);
00530 
00536 ldns_key *ldns_key_list_pop_key(ldns_key_list *key_list);
00537 
00547 ldns_rr *ldns_key2rr(const ldns_key *k);
00548 
00555 void ldns_key_print(FILE *output, const ldns_key *k);
00556 
00562 void ldns_key_free(ldns_key *key);
00563 
00570 void ldns_key_deep_free(ldns_key *key);
00571 
00576 void ldns_key_list_free(ldns_key_list *key_list);
00577 
00583 ldns_rr * ldns_read_anchor_file(const char *filename);
00584 
00595 char *ldns_key_get_file_base_name(ldns_key *key);
00596 
00602 int ldns_key_algo_supported(int algo);
00603 
00609 ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name);
00610 
00611 #ifdef __cplusplus
00612 }
00613 #endif
00614 
00615 #endif /* LDNS_KEYS_H */

Generated on Thu Apr 5 23:05:30 2012 for ldns by  doxygen 1.4.7