1 /* $NetBSD: keyvalues.h,v 1.7 2022/09/23 12:15:30 christos Exp $ */ 2 3 /* 4 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 * 6 * SPDX-License-Identifier: MPL-2.0 7 * 8 * This Source Code Form is subject to the terms of the Mozilla Public 9 * License, v. 2.0. If a copy of the MPL was not distributed with this 10 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 11 * 12 * See the COPYRIGHT file distributed with this work for additional 13 * information regarding copyright ownership. 14 */ 15 16 #ifndef DNS_KEYVALUES_H 17 #define DNS_KEYVALUES_H 1 18 19 /*! \file dns/keyvalues.h */ 20 21 /* 22 * Flags field of the KEY RR rdata 23 */ 24 #define DNS_KEYFLAG_TYPEMASK 0xC000 /*%< Mask for "type" bits */ 25 #define DNS_KEYTYPE_AUTHCONF 0x0000 /*%< Key usable for both */ 26 #define DNS_KEYTYPE_CONFONLY 0x8000 /*%< Key usable for confidentiality */ 27 #define DNS_KEYTYPE_AUTHONLY 0x4000 /*%< Key usable for authentication */ 28 #define DNS_KEYTYPE_NOKEY 0xC000 /*%< No key usable for either; no key */ 29 #define DNS_KEYTYPE_NOAUTH DNS_KEYTYPE_CONFONLY 30 #define DNS_KEYTYPE_NOCONF DNS_KEYTYPE_AUTHONLY 31 32 #define DNS_KEYFLAG_RESERVED2 0x2000 /*%< reserved - must be zero */ 33 #define DNS_KEYFLAG_EXTENDED 0x1000 /*%< key has extended flags */ 34 #define DNS_KEYFLAG_RESERVED4 0x0800 /*%< reserved - must be zero */ 35 #define DNS_KEYFLAG_RESERVED5 0x0400 /*%< reserved - must be zero */ 36 #define DNS_KEYFLAG_OWNERMASK 0x0300 /*%< these bits determine the type */ 37 #define DNS_KEYOWNER_USER 0x0000 /*%< key is assoc. with user */ 38 #define DNS_KEYOWNER_ENTITY 0x0200 /*%< key is assoc. with entity eg host */ 39 #define DNS_KEYOWNER_ZONE 0x0100 /*%< key is zone key */ 40 #define DNS_KEYOWNER_RESERVED 0x0300 /*%< reserved meaning */ 41 #define DNS_KEYFLAG_REVOKE 0x0080 /*%< key revoked (per rfc5011) */ 42 #define DNS_KEYFLAG_RESERVED9 0x0040 /*%< reserved - must be zero */ 43 #define DNS_KEYFLAG_RESERVED10 0x0020 /*%< reserved - must be zero */ 44 #define DNS_KEYFLAG_RESERVED11 0x0010 /*%< reserved - must be zero */ 45 #define DNS_KEYFLAG_SIGNATORYMASK \ 46 0x000F /*%< key can sign RR's of same name \ 47 */ 48 49 #define DNS_KEYFLAG_RESERVEDMASK \ 50 (DNS_KEYFLAG_RESERVED2 | DNS_KEYFLAG_RESERVED4 | \ 51 DNS_KEYFLAG_RESERVED5 | DNS_KEYFLAG_RESERVED9 | \ 52 DNS_KEYFLAG_RESERVED10 | DNS_KEYFLAG_RESERVED11) 53 #define DNS_KEYFLAG_KSK 0x0001 /*%< key signing key */ 54 55 #define DNS_KEYFLAG_RESERVEDMASK2 0xFFFF /*%< no bits defined here */ 56 57 /* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */ 58 #define DNS_KEYALG_RSAMD5 1 /*%< RSA with MD5 */ 59 #define DNS_KEYALG_RSA 1 /*%< Used just for tagging */ 60 #define DNS_KEYALG_DH 2 /*%< Diffie Hellman KEY */ 61 #define DNS_KEYALG_DSA 3 /*%< DSA KEY */ 62 #define DNS_KEYALG_NSEC3DSA 6 63 #define DNS_KEYALG_DSS DNS_ALG_DSA 64 #define DNS_KEYALG_ECC 4 65 #define DNS_KEYALG_RSASHA1 5 66 #define DNS_KEYALG_NSEC3RSASHA1 7 67 #define DNS_KEYALG_RSASHA256 8 68 #define DNS_KEYALG_RSASHA512 10 69 #define DNS_KEYALG_ECCGOST 12 70 #define DNS_KEYALG_ECDSA256 13 71 #define DNS_KEYALG_ECDSA384 14 72 #define DNS_KEYALG_ED25519 15 73 #define DNS_KEYALG_ED448 16 74 #define DNS_KEYALG_INDIRECT 252 75 #define DNS_KEYALG_PRIVATEDNS 253 76 #define DNS_KEYALG_PRIVATEOID 254 /*%< Key begins with OID giving alg */ 77 #define DNS_KEYALG_MAX 255 78 79 /* Protocol values */ 80 #define DNS_KEYPROTO_RESERVED 0 81 #define DNS_KEYPROTO_TLS 1 82 #define DNS_KEYPROTO_EMAIL 2 83 #define DNS_KEYPROTO_DNSSEC 3 84 #define DNS_KEYPROTO_IPSEC 4 85 #define DNS_KEYPROTO_ANY 255 86 87 /* Signatures */ 88 #define DNS_SIG_RSAMINBITS 512 /*%< Size of a mod or exp in bits */ 89 #define DNS_SIG_RSAMAXBITS 2552 90 /* Total of binary mod and exp */ 91 #define DNS_SIG_RSAMAXBYTES ((DNS_SIG_RSAMAXBITS + 7 / 8) * 2 + 3) 92 /*%< Max length of text sig block */ 93 #define DNS_SIG_RSAMAXBASE64 (((DNS_SIG_RSAMAXBYTES + 2) / 3) * 4) 94 #define DNS_SIG_RSAMINSIZE ((DNS_SIG_RSAMINBITS + 7) / 8) 95 #define DNS_SIG_RSAMAXSIZE ((DNS_SIG_RSAMAXBITS + 7) / 8) 96 97 #define DNS_SIG_ECDSA256SIZE 64 98 #define DNS_SIG_ECDSA384SIZE 96 99 100 #define DNS_KEY_ECDSA256SIZE 64 101 #define DNS_KEY_ECDSA384SIZE 96 102 103 #define DNS_SIG_ED25519SIZE 64 104 #define DNS_SIG_ED448SIZE 114 105 106 #define DNS_KEY_ED25519SIZE 32 107 #define DNS_KEY_ED448SIZE 57 108 109 #endif /* DNS_KEYVALUES_H */ 110