1 /* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * Permission to use, copy, modify, and/or distribute this software for any 5 * purpose with or without fee is hereby granted, provided that the above 6 * copyright notice and this permission notice appear in all copies. 7 * 8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 14 * PERFORMANCE OF THIS SOFTWARE. 15 */ 16 17 /* $Id: keyvalues.h,v 1.1 2020/02/07 09:58:52 florian Exp $ */ 18 19 #ifndef DNS_KEYVALUES_H 20 #define DNS_KEYVALUES_H 1 21 22 /*! \file dns/keyvalues.h */ 23 24 /* 25 * Flags field of the KEY RR rdata 26 */ 27 #define DNS_KEYFLAG_TYPEMASK 0xC000 /*%< Mask for "type" bits */ 28 #define DNS_KEYTYPE_AUTHCONF 0x0000 /*%< Key usable for both */ 29 #define DNS_KEYTYPE_CONFONLY 0x8000 /*%< Key usable for confidentiality */ 30 #define DNS_KEYTYPE_AUTHONLY 0x4000 /*%< Key usable for authentication */ 31 #define DNS_KEYTYPE_NOKEY 0xC000 /*%< No key usable for either; no key */ 32 #define DNS_KEYTYPE_NOAUTH DNS_KEYTYPE_CONFONLY 33 #define DNS_KEYTYPE_NOCONF DNS_KEYTYPE_AUTHONLY 34 35 #define DNS_KEYFLAG_RESERVED2 0x2000 /*%< reserved - must be zero */ 36 #define DNS_KEYFLAG_EXTENDED 0x1000 /*%< key has extended flags */ 37 #define DNS_KEYFLAG_RESERVED4 0x0800 /*%< reserved - must be zero */ 38 #define DNS_KEYFLAG_RESERVED5 0x0400 /*%< reserved - must be zero */ 39 #define DNS_KEYFLAG_OWNERMASK 0x0300 /*%< these bits determine the type */ 40 #define DNS_KEYOWNER_USER 0x0000 /*%< key is assoc. with user */ 41 #define DNS_KEYOWNER_ENTITY 0x0200 /*%< key is assoc. with entity eg host */ 42 #define DNS_KEYOWNER_ZONE 0x0100 /*%< key is zone key */ 43 #define DNS_KEYOWNER_RESERVED 0x0300 /*%< reserved meaning */ 44 #define DNS_KEYFLAG_REVOKE 0x0080 /*%< key revoked (per rfc5011) */ 45 #define DNS_KEYFLAG_RESERVED9 0x0040 /*%< reserved - must be zero */ 46 #define DNS_KEYFLAG_RESERVED10 0x0020 /*%< reserved - must be zero */ 47 #define DNS_KEYFLAG_RESERVED11 0x0010 /*%< reserved - must be zero */ 48 #define DNS_KEYFLAG_SIGNATORYMASK 0x000F /*%< key can sign RR's of same name */ 49 50 #define DNS_KEYFLAG_RESERVEDMASK (DNS_KEYFLAG_RESERVED2 | \ 51 DNS_KEYFLAG_RESERVED4 | \ 52 DNS_KEYFLAG_RESERVED5 | \ 53 DNS_KEYFLAG_RESERVED9 | \ 54 DNS_KEYFLAG_RESERVED10 | \ 55 DNS_KEYFLAG_RESERVED11 ) 56 #define DNS_KEYFLAG_KSK 0x0001 /*%< key signing key */ 57 58 #define DNS_KEYFLAG_RESERVEDMASK2 0xFFFF /*%< no bits defined here */ 59 60 /* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */ 61 #define DNS_KEYALG_RSAMD5 1 /*%< RSA with MD5 */ 62 #define DNS_KEYALG_RSA DNS_KEYALG_RSAMD5 63 #define DNS_KEYALG_DH 2 /*%< Diffie Hellman KEY */ 64 #define DNS_KEYALG_DSA 3 /*%< DSA KEY */ 65 #define DNS_KEYALG_NSEC3DSA 6 66 #define DNS_KEYALG_DSS DNS_ALG_DSA 67 #define DNS_KEYALG_ECC 4 68 #define DNS_KEYALG_RSASHA1 5 69 #define DNS_KEYALG_NSEC3RSASHA1 7 70 #define DNS_KEYALG_RSASHA256 8 71 #define DNS_KEYALG_RSASHA512 10 72 #define DNS_KEYALG_ECCGOST 12 73 #define DNS_KEYALG_ECDSA256 13 74 #define DNS_KEYALG_ECDSA384 14 75 #define DNS_KEYALG_ED25519 15 76 #define DNS_KEYALG_ED448 16 77 #define DNS_KEYALG_INDIRECT 252 78 #define DNS_KEYALG_PRIVATEDNS 253 79 #define DNS_KEYALG_PRIVATEOID 254 /*%< Key begins with OID giving alg */ 80 81 /* Protocol values */ 82 #define DNS_KEYPROTO_RESERVED 0 83 #define DNS_KEYPROTO_TLS 1 84 #define DNS_KEYPROTO_EMAIL 2 85 #define DNS_KEYPROTO_DNSSEC 3 86 #define DNS_KEYPROTO_IPSEC 4 87 #define DNS_KEYPROTO_ANY 255 88 89 /* Signatures */ 90 #define DNS_SIG_RSAMINBITS 512 /*%< Size of a mod or exp in bits */ 91 #define DNS_SIG_RSAMAXBITS 2552 92 /* Total of binary mod and exp */ 93 #define DNS_SIG_RSAMAXBYTES ((DNS_SIG_RSAMAXBITS+7/8)*2+3) 94 /*%< Max length of text sig block */ 95 #define DNS_SIG_RSAMAXBASE64 (((DNS_SIG_RSAMAXBYTES+2)/3)*4) 96 #define DNS_SIG_RSAMINSIZE ((DNS_SIG_RSAMINBITS+7)/8) 97 #define DNS_SIG_RSAMAXSIZE ((DNS_SIG_RSAMAXBITS+7)/8) 98 99 #define DNS_SIG_DSASIGSIZE 41 100 #define DNS_SIG_DSAMINBITS 512 101 #define DNS_SIG_DSAMAXBITS 1024 102 #define DNS_SIG_DSAMINBYTES 213 103 #define DNS_SIG_DSAMAXBYTES 405 104 105 #define DNS_SIG_GOSTSIGSIZE 64 106 107 #define DNS_SIG_ECDSA256SIZE 64 108 #define DNS_SIG_ECDSA384SIZE 96 109 110 #define DNS_KEY_ECDSA256SIZE 64 111 #define DNS_KEY_ECDSA384SIZE 96 112 113 #define DNS_SIG_ED25519SIZE 64 114 #define DNS_SIG_ED448SIZE 114 115 116 #define DNS_KEY_ED25519SIZE 32 117 #define DNS_KEY_ED448SIZE 57 118 119 #endif /* DNS_KEYVALUES_H */ 120