1 /***************************************************************** 2 ** 3 ** @(#) dki.h -- Header file for DNSsec Key info/manipulation 4 ** 5 ** Copyright (c) July 2004 - Jan 2005, Holger Zuleger HZnet. All rights reserved. 6 ** 7 ** This software is open source. 8 ** 9 ** Redistribution and use in source and binary forms, with or without 10 ** modification, are permitted provided that the following conditions 11 ** are met: 12 ** 13 ** Redistributions of source code must retain the above copyright notice, 14 ** this list of conditions and the following disclaimer. 15 ** 16 ** Redistributions in binary form must reproduce the above copyright notice, 17 ** this list of conditions and the following disclaimer in the documentation 18 ** and/or other materials provided with the distribution. 19 ** 20 ** Neither the name of Holger Zuleger HZnet nor the names of its contributors may 21 ** be used to endorse or promote products derived from this software without 22 ** specific prior written permission. 23 ** 24 ** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 25 ** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 26 ** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 27 ** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 28 ** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 29 ** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 30 ** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 31 ** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 32 ** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 33 ** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 34 ** POSSIBILITY OF SUCH DAMAGE. 35 ** 36 *****************************************************************/ 37 #ifndef DKI_H 38 # define DKI_H 39 40 # ifndef TYPES_H 41 # include <sys/types.h> 42 # include <stdio.h> 43 # include <time.h> 44 # endif 45 46 # define MAX_LABELSIZE (255) 47 # define MAX_FNAMESIZE (1+255+2+3+1+5+1+11) 48 /* Kdomain.+ALG+KEYID.type */ 49 /* domain == FQDN (max 255) */ 50 /* ALG == 3; KEYID == 5 chars */ 51 /* type == key||published|private|depreciated == 11 chars */ 52 //# define MAX_DNAMESIZE (254) 53 # define MAX_DNAMESIZE (1023) 54 /* /path/name / filename */ 55 # define MAX_PATHSIZE (MAX_DNAMESIZE + 1 + MAX_FNAMESIZE) 56 57 /* algorithm types */ 58 # define DK_ALGO_RSA 1 /* RFC2537 */ 59 # define DK_ALGO_DH 2 /* RFC2539 */ 60 # define DK_ALGO_DSA 3 /* RFC2536 (mandatory) */ 61 # define DK_ALGO_EC 4 /* */ 62 # define DK_ALGO_RSASHA1 5 /* RFC3110 */ 63 # define DK_ALGO_NSEC3DSA 6 /* symlink to alg 3 RFC5155 */ 64 # define DK_ALGO_NSEC3RSASHA1 7 /* symlink to alg 5 RFC5155 */ 65 # define DK_ALGO_RSASHA256 8 /* RFCxxx */ 66 # define DK_ALGO_RSASHA512 10 /* RFCxxx */ 67 # define DK_ALGO_NSEC3RSASHA256 DK_ALGO_RSASHA256 /* same as non nsec algorithm RFCxxx */ 68 # define DK_ALGO_NSEC3RSASHA512 DK_ALGO_RSASHA512 /* same as non nsec algorithm RFCxxx */ 69 # define DK_ALGO_ECDSAP256SHA256 13 /* RFC 6605 */ 70 # define DK_ALGO_ECDSAP384SHA384 14 /* RFC 6605 */ 71 72 /* protocol types */ 73 # define DK_PROTO_DNS 3 74 75 /* flag bits */ 76 typedef enum { /* 11 1111 */ 77 /* 0123 4567 8901 2345 */ 78 DK_FLAG_KSK= 01, /* 0000 0000 0000 0001 Bit 15 RFC4034/RFC3757 */ 79 DK_FLAG_REVOKE= 0200, /* 0000 0000 1000 0000 Bit 8 RFC5011 */ 80 DK_FLAG_ZONE= 0400, /* 0000 0001 0000 0000 Bit 7 RFC4034 */ 81 } dk_flag_t; 82 83 /* status types */ 84 typedef enum { 85 DKI_SEP= 'e', 86 DKI_SECUREENTRYPOINT= 'e', 87 DKI_PUB= 'p', 88 DKI_PUBLISHED= 'p', 89 DKI_ACT= 'a', 90 DKI_ACTIVE= 'a', 91 DKI_DEP= 'd', 92 DKI_DEPRECIATED= 'd', 93 DKI_REV= 'r', 94 DKI_REVOKED= 'r', 95 } dk_status_t; 96 97 # define DKI_KEY_FILEEXT ".key" 98 # define DKI_PUB_FILEEXT ".published" 99 # define DKI_ACT_FILEEXT ".private" 100 # define DKI_DEP_FILEEXT ".depreciated" 101 102 # define DKI_KSK 1 103 # define DKI_ZSK 0 104 105 typedef struct dki { 106 char dname[MAX_DNAMESIZE+1]; /* directory */ 107 char fname[MAX_FNAMESIZE+1]; /* file name without extension */ 108 char name[MAX_LABELSIZE+1]; /* domain name or label */ 109 ushort algo; /* key algorithm */ 110 ushort proto; /* must be 3 (DNSSEC) */ 111 dk_flag_t flags; /* ZONE, optional SEP or REVOKE flag */ 112 time_t time; /* key file time */ 113 time_t gentime; /* key generation time (will be set on key generation and never changed) */ 114 time_t exptime; /* time the key was expired (0L if not) */ 115 ulong lifetime; /* proposed key life time at time of generation */ 116 uint tag; /* key id */ 117 dk_status_t status; /* key exist (".key") and name of private */ 118 /* key file is ".published", ".private" */ 119 /* or ".depreciated" */ 120 char *pubkey; /* base64 public key */ 121 struct dki *next; /* ptr to next entry in list */ 122 } dki_t; 123 124 #if defined(USE_TREE) && USE_TREE 125 /* 126 * Instead of including <search.h>, which contains horrible false function 127 * declarations, we declared it for our usage (Yes, these functions return 128 * the adress of a pointer variable) 129 */ 130 typedef enum 131 { 132 /* we change the naming to the new, and more predictive one, used by Knuth */ 133 PREORDER, /* preorder, */ 134 INORDER, /* postorder, */ 135 POSTORDER, /* endorder, */ 136 LEAF /* leaf */ 137 } 138 VISIT; 139 140 dki_t **tsearch (const dki_t *dkp, dki_t **tree, int(*compar)(const dki_t *, const dki_t *)); 141 dki_t **tfind (const dki_t *dkp, const dki_t **tree, int(*compar)(const dki_t *, const dki_t *)); 142 dki_t **tdelete (const dki_t *dkp, dki_t **tree, int(*compar)(const dki_t *, const dki_t *)); 143 void twalk (const dki_t *root, void (*action)(const dki_t **nodep, VISIT which, int depth)); 144 145 extern void dki_tfree (dki_t **tree); 146 extern dki_t *dki_tadd (dki_t **tree, dki_t *new, int sub_before); 147 extern int dki_tagcmp (const dki_t *a, const dki_t *b); 148 extern int dki_namecmp (const dki_t *a, const dki_t *b); 149 extern int dki_revnamecmp (const dki_t *a, const dki_t *b); 150 extern int dki_allcmp (const dki_t *a, const dki_t *b); 151 #endif 152 153 extern dki_t *dki_read (const char *dir, const char *fname); 154 extern int dki_readdir (const char *dir, dki_t **listp, int recursive); 155 extern int dki_prt_trustedkey (const dki_t *dkp, FILE *fp); 156 extern int dki_prt_managedkey (const dki_t *dkp, FILE *fp); 157 extern int dki_prt_dnskey (const dki_t *dkp, FILE *fp); 158 extern int dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl); 159 extern int dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp); 160 extern int dki_prt_comment (const dki_t *dkp, FILE *fp); 161 extern int dki_cmp (const dki_t *a, const dki_t *b); 162 extern int dki_timecmp (const dki_t *a, const dki_t *b); 163 extern int dki_age (const dki_t *dkp, time_t curr); 164 extern dk_flag_t dki_getflag (const dki_t *dkp, time_t curr); 165 extern dk_flag_t dki_setflag (dki_t *dkp, dk_flag_t flag); 166 extern dk_flag_t dki_unsetflag (dki_t *dkp, dk_flag_t flag); 167 extern dk_status_t dki_status (const dki_t *dkp); 168 extern const char *dki_statusstr (const dki_t *dkp); 169 extern int dki_isksk (const dki_t *dkp); 170 extern int dki_isdepreciated (const dki_t *dkp); 171 extern int dki_isrevoked (const dki_t *dkp); 172 extern int dki_isactive (const dki_t *dkp); 173 extern int dki_ispublished (const dki_t *dkp); 174 extern time_t dki_algo (const dki_t *dkp); 175 extern time_t dki_time (const dki_t *dkp); 176 extern time_t dki_exptime (const dki_t *dkp); 177 extern time_t dki_gentime (const dki_t *dkp); 178 extern time_t dki_lifetime (const dki_t *dkp); 179 extern ushort dki_lifetimedays (const dki_t *dkp); 180 extern ushort dki_setlifetime (dki_t *dkp, int days); 181 extern time_t dki_setexptime (dki_t *dkp, time_t sec); 182 extern dki_t *dki_new (const char *dir, const char *name, int ksk, int algo, int bitsize, const char *rfile, int lf_days); 183 extern dki_t *dki_remove (dki_t *dkp); 184 extern dki_t *dki_destroy (dki_t *dkp); 185 extern int dki_setstatus (dki_t *dkp, int status); 186 extern int dki_setstatus_preservetime (dki_t *dkp, int status); 187 extern dki_t *dki_add (dki_t **dkp, dki_t *new); 188 extern const dki_t *dki_tsearch (const dki_t *tree, int tag, const char *name); 189 extern const dki_t *dki_search (const dki_t *list, int tag, const char *name); 190 extern const dki_t *dki_find (const dki_t *list, int ksk, int status, int first); 191 extern const dki_t *dki_findalgo (const dki_t *list, int ksk, int alg, int status, int no); 192 extern void dki_free (dki_t *dkp); 193 extern void dki_freelist (dki_t **listp); 194 extern char *dki_algo2str (int algo); 195 extern char *dki_algo2sstr (int algo); 196 extern const char *dki_geterrstr (void); 197 198 #endif 199