1 /* 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 3 * 4 * This Source Code Form is subject to the terms of the Mozilla Public 5 * License, v. 2.0. If a copy of the MPL was not distributed with this 6 * file, You can obtain one at http://mozilla.org/MPL/2.0/. 7 * 8 * See the COPYRIGHT file distributed with this work for additional 9 * information regarding copyright ownership. 10 */ 11 12 #ifndef DNS_KEYVALUES_H 13 #define DNS_KEYVALUES_H 1 14 15 /*! \file dns/keyvalues.h */ 16 17 /* 18 * Flags field of the KEY RR rdata 19 */ 20 #define DNS_KEYFLAG_TYPEMASK 0xC000 /*%< Mask for "type" bits */ 21 #define DNS_KEYTYPE_AUTHCONF 0x0000 /*%< Key usable for both */ 22 #define DNS_KEYTYPE_CONFONLY 0x8000 /*%< Key usable for confidentiality */ 23 #define DNS_KEYTYPE_AUTHONLY 0x4000 /*%< Key usable for authentication */ 24 #define DNS_KEYTYPE_NOKEY 0xC000 /*%< No key usable for either; no key */ 25 #define DNS_KEYTYPE_NOAUTH DNS_KEYTYPE_CONFONLY 26 #define DNS_KEYTYPE_NOCONF DNS_KEYTYPE_AUTHONLY 27 28 #define DNS_KEYFLAG_RESERVED2 0x2000 /*%< reserved - must be zero */ 29 #define DNS_KEYFLAG_EXTENDED 0x1000 /*%< key has extended flags */ 30 #define DNS_KEYFLAG_RESERVED4 0x0800 /*%< reserved - must be zero */ 31 #define DNS_KEYFLAG_RESERVED5 0x0400 /*%< reserved - must be zero */ 32 #define DNS_KEYFLAG_OWNERMASK 0x0300 /*%< these bits determine the type */ 33 #define DNS_KEYOWNER_USER 0x0000 /*%< key is assoc. with user */ 34 #define DNS_KEYOWNER_ENTITY 0x0200 /*%< key is assoc. with entity eg host */ 35 #define DNS_KEYOWNER_ZONE 0x0100 /*%< key is zone key */ 36 #define DNS_KEYOWNER_RESERVED 0x0300 /*%< reserved meaning */ 37 #define DNS_KEYFLAG_REVOKE 0x0080 /*%< key revoked (per rfc5011) */ 38 #define DNS_KEYFLAG_RESERVED9 0x0040 /*%< reserved - must be zero */ 39 #define DNS_KEYFLAG_RESERVED10 0x0020 /*%< reserved - must be zero */ 40 #define DNS_KEYFLAG_RESERVED11 0x0010 /*%< reserved - must be zero */ 41 #define DNS_KEYFLAG_SIGNATORYMASK \ 42 0x000F /*%< key can sign RR's of same name \ 43 */ 44 45 #define DNS_KEYFLAG_RESERVEDMASK \ 46 (DNS_KEYFLAG_RESERVED2 | DNS_KEYFLAG_RESERVED4 | \ 47 DNS_KEYFLAG_RESERVED5 | DNS_KEYFLAG_RESERVED9 | \ 48 DNS_KEYFLAG_RESERVED10 | DNS_KEYFLAG_RESERVED11) 49 #define DNS_KEYFLAG_KSK 0x0001 /*%< key signing key */ 50 51 #define DNS_KEYFLAG_RESERVEDMASK2 0xFFFF /*%< no bits defined here */ 52 53 /* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */ 54 #define DNS_KEYALG_RSAMD5 1 /*%< RSA with MD5 */ 55 #define DNS_KEYALG_RSA 1 /*%< Used just for tagging */ 56 #define DNS_KEYALG_DH 2 /*%< Diffie Hellman KEY */ 57 #define DNS_KEYALG_DSA 3 /*%< DSA KEY */ 58 #define DNS_KEYALG_NSEC3DSA 6 59 #define DNS_KEYALG_DSS DNS_ALG_DSA 60 #define DNS_KEYALG_ECC 4 61 #define DNS_KEYALG_RSASHA1 5 62 #define DNS_KEYALG_NSEC3RSASHA1 7 63 #define DNS_KEYALG_RSASHA256 8 64 #define DNS_KEYALG_RSASHA512 10 65 #define DNS_KEYALG_ECCGOST 12 66 #define DNS_KEYALG_ECDSA256 13 67 #define DNS_KEYALG_ECDSA384 14 68 #define DNS_KEYALG_ED25519 15 69 #define DNS_KEYALG_ED448 16 70 #define DNS_KEYALG_INDIRECT 252 71 #define DNS_KEYALG_PRIVATEDNS 253 72 #define DNS_KEYALG_PRIVATEOID 254 /*%< Key begins with OID giving alg */ 73 74 /* Protocol values */ 75 #define DNS_KEYPROTO_RESERVED 0 76 #define DNS_KEYPROTO_TLS 1 77 #define DNS_KEYPROTO_EMAIL 2 78 #define DNS_KEYPROTO_DNSSEC 3 79 #define DNS_KEYPROTO_IPSEC 4 80 #define DNS_KEYPROTO_ANY 255 81 82 /* Signatures */ 83 #define DNS_SIG_RSAMINBITS 512 /*%< Size of a mod or exp in bits */ 84 #define DNS_SIG_RSAMAXBITS 2552 85 /* Total of binary mod and exp */ 86 #define DNS_SIG_RSAMAXBYTES ((DNS_SIG_RSAMAXBITS + 7 / 8) * 2 + 3) 87 /*%< Max length of text sig block */ 88 #define DNS_SIG_RSAMAXBASE64 (((DNS_SIG_RSAMAXBYTES + 2) / 3) * 4) 89 #define DNS_SIG_RSAMINSIZE ((DNS_SIG_RSAMINBITS + 7) / 8) 90 #define DNS_SIG_RSAMAXSIZE ((DNS_SIG_RSAMAXBITS + 7) / 8) 91 92 #define DNS_SIG_ECDSA256SIZE 64 93 #define DNS_SIG_ECDSA384SIZE 96 94 95 #define DNS_KEY_ECDSA256SIZE 64 96 #define DNS_KEY_ECDSA384SIZE 96 97 98 #define DNS_SIG_ED25519SIZE 64 99 #define DNS_SIG_ED448SIZE 114 100 101 #define DNS_KEY_ED25519SIZE 32 102 #define DNS_KEY_ED448SIZE 57 103 104 #endif /* DNS_KEYVALUES_H */ 105