1825eb42bSJan Lentfer /* 2825eb42bSJan Lentfer * 3825eb42bSJan Lentfer * keys.h 4825eb42bSJan Lentfer * 5825eb42bSJan Lentfer * priv key definitions 6825eb42bSJan Lentfer * 7825eb42bSJan Lentfer * a Net::DNS like library for C 8825eb42bSJan Lentfer * 9825eb42bSJan Lentfer * (c) NLnet Labs, 2005-2006 10825eb42bSJan Lentfer * 11825eb42bSJan Lentfer * See the file LICENSE for the license 12825eb42bSJan Lentfer */ 13825eb42bSJan Lentfer 14825eb42bSJan Lentfer /** 15825eb42bSJan Lentfer * \file 16825eb42bSJan Lentfer * 17825eb42bSJan Lentfer * Addendum to \ref dnssec.h, this module contains key and algorithm definitions and functions. 18825eb42bSJan Lentfer */ 19825eb42bSJan Lentfer 20825eb42bSJan Lentfer 21825eb42bSJan Lentfer #ifndef LDNS_KEYS_H 22825eb42bSJan Lentfer #define LDNS_KEYS_H 23825eb42bSJan Lentfer 24b5dedccaSJan Lentfer #include <ldns/common.h> 25b5dedccaSJan Lentfer #if LDNS_BUILD_CONFIG_HAVE_SSL 26825eb42bSJan Lentfer #include <openssl/ssl.h> 27b5dedccaSJan Lentfer #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 28825eb42bSJan Lentfer #include <ldns/util.h> 29825eb42bSJan Lentfer #include <errno.h> 30825eb42bSJan Lentfer 31ac996e71SJan Lentfer #ifdef __cplusplus 32ac996e71SJan Lentfer extern "C" { 33ac996e71SJan Lentfer #endif 34ac996e71SJan Lentfer 35825eb42bSJan Lentfer extern ldns_lookup_table ldns_signing_algorithms[]; 36825eb42bSJan Lentfer 37825eb42bSJan Lentfer #define LDNS_KEY_ZONE_KEY 0x0100 /* rfc 4034 */ 38825eb42bSJan Lentfer #define LDNS_KEY_SEP_KEY 0x0001 /* rfc 4034 */ 39825eb42bSJan Lentfer #define LDNS_KEY_REVOKE_KEY 0x0080 /* rfc 5011 */ 40825eb42bSJan Lentfer 41825eb42bSJan Lentfer /** 42825eb42bSJan Lentfer * Algorithms used in dns 43825eb42bSJan Lentfer */ 44825eb42bSJan Lentfer enum ldns_enum_algorithm 45825eb42bSJan Lentfer { 46825eb42bSJan Lentfer LDNS_RSAMD5 = 1, /* RFC 4034,4035 */ 47825eb42bSJan Lentfer LDNS_DH = 2, 48825eb42bSJan Lentfer LDNS_DSA = 3, 49825eb42bSJan Lentfer LDNS_ECC = 4, 50825eb42bSJan Lentfer LDNS_RSASHA1 = 5, 51825eb42bSJan Lentfer LDNS_DSA_NSEC3 = 6, 52825eb42bSJan Lentfer LDNS_RSASHA1_NSEC3 = 7, 53825eb42bSJan Lentfer LDNS_RSASHA256 = 8, /* RFC 5702 */ 54825eb42bSJan Lentfer LDNS_RSASHA512 = 10, /* RFC 5702 */ 55ac996e71SJan Lentfer LDNS_ECC_GOST = 12, /* RFC 5933 */ 56d1b2b5caSJohn Marino LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */ 57d1b2b5caSJohn Marino LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */ 58*ee791febSAntonio Huete Jimenez LDNS_ED25519 = 15, /* RFC 8080 */ 59*ee791febSAntonio Huete Jimenez LDNS_ED448 = 16, /* RFC 8080 */ 60825eb42bSJan Lentfer LDNS_INDIRECT = 252, 61825eb42bSJan Lentfer LDNS_PRIVATEDNS = 253, 62825eb42bSJan Lentfer LDNS_PRIVATEOID = 254 63825eb42bSJan Lentfer }; 64825eb42bSJan Lentfer typedef enum ldns_enum_algorithm ldns_algorithm; 65825eb42bSJan Lentfer 66825eb42bSJan Lentfer /** 67825eb42bSJan Lentfer * Hashing algorithms used in the DS record 68825eb42bSJan Lentfer */ 69825eb42bSJan Lentfer enum ldns_enum_hash 70825eb42bSJan Lentfer { 71825eb42bSJan Lentfer LDNS_SHA1 = 1, /* RFC 4034 */ 72825eb42bSJan Lentfer LDNS_SHA256 = 2, /* RFC 4509 */ 73d1b2b5caSJohn Marino LDNS_HASH_GOST = 3, /* RFC 5933 */ 74d1b2b5caSJohn Marino LDNS_SHA384 = 4 /* RFC 6605 */ 75825eb42bSJan Lentfer }; 76825eb42bSJan Lentfer typedef enum ldns_enum_hash ldns_hash; 77825eb42bSJan Lentfer 78825eb42bSJan Lentfer /** 79825eb42bSJan Lentfer * Algorithms used in dns for signing 80825eb42bSJan Lentfer */ 81825eb42bSJan Lentfer enum ldns_enum_signing_algorithm 82825eb42bSJan Lentfer { 83825eb42bSJan Lentfer LDNS_SIGN_RSAMD5 = LDNS_RSAMD5, 84825eb42bSJan Lentfer LDNS_SIGN_RSASHA1 = LDNS_RSASHA1, 85*ee791febSAntonio Huete Jimenez #if LDNS_BUILD_CONFIG_USE_DSA 86825eb42bSJan Lentfer LDNS_SIGN_DSA = LDNS_DSA, 87*ee791febSAntonio Huete Jimenez #endif /* LDNS_BUILD_CONFIG_USE_DSA */ 88825eb42bSJan Lentfer LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3, 89825eb42bSJan Lentfer LDNS_SIGN_RSASHA256 = LDNS_RSASHA256, 90825eb42bSJan Lentfer LDNS_SIGN_RSASHA512 = LDNS_RSASHA512, 91*ee791febSAntonio Huete Jimenez #if LDNS_BUILD_CONFIG_USE_DSA 92825eb42bSJan Lentfer LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3, 93*ee791febSAntonio Huete Jimenez #endif /* LDNS_BUILD_CONFIG_USE_DSA */ 94ac996e71SJan Lentfer LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST, 95ac996e71SJan Lentfer LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256, 96ac996e71SJan Lentfer LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384, 97*ee791febSAntonio Huete Jimenez #if LDNS_BUILD_CONFIG_USE_ED25519 985340022aSzrj LDNS_SIGN_ED25519 = LDNS_ED25519, 99*ee791febSAntonio Huete Jimenez #endif /* LDNS_BUILD_CONFIG_USE_ED25519 */ 100*ee791febSAntonio Huete Jimenez #if LDNS_BUILD_CONFIG_USE_ED448 1015340022aSzrj LDNS_SIGN_ED448 = LDNS_ED448, 102*ee791febSAntonio Huete Jimenez #endif /* LDNS_BUILD_CONFIG_USE_ED448 */ 103825eb42bSJan Lentfer LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */ 104825eb42bSJan Lentfer LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */ 1055340022aSzrj LDNS_SIGN_HMACSHA256 = 159, /* ditto */ 1065340022aSzrj LDNS_SIGN_HMACSHA224 = 162, /* ditto */ 1075340022aSzrj LDNS_SIGN_HMACSHA384 = 164, /* ditto */ 1085340022aSzrj LDNS_SIGN_HMACSHA512 = 165 /* ditto */ 109825eb42bSJan Lentfer }; 110825eb42bSJan Lentfer typedef enum ldns_enum_signing_algorithm ldns_signing_algorithm; 111825eb42bSJan Lentfer 112825eb42bSJan Lentfer /** 113825eb42bSJan Lentfer * General key structure, can contain all types of keys that 114825eb42bSJan Lentfer * are used in DNSSEC. Mostly used to store private keys, since 115825eb42bSJan Lentfer * public keys can also be stored in a \ref ldns_rr with type 116825eb42bSJan Lentfer * \ref LDNS_RR_TYPE_DNSKEY. 117825eb42bSJan Lentfer * 118825eb42bSJan Lentfer * This structure can also store some variables that influence the 119825eb42bSJan Lentfer * signatures generated by signing with this key, for instance the 120825eb42bSJan Lentfer * inception date. 121825eb42bSJan Lentfer */ 122825eb42bSJan Lentfer struct ldns_struct_key { 123825eb42bSJan Lentfer ldns_signing_algorithm _alg; 124825eb42bSJan Lentfer /** Whether to use this key when signing */ 125825eb42bSJan Lentfer bool _use; 126825eb42bSJan Lentfer /** Storage pointers for the types of keys supported */ 127825eb42bSJan Lentfer /* TODO remove unions? */ 128825eb42bSJan Lentfer struct { 129b5dedccaSJan Lentfer #if LDNS_BUILD_CONFIG_HAVE_SSL 130825eb42bSJan Lentfer #ifndef S_SPLINT_S 131825eb42bSJan Lentfer /* The key can be an OpenSSL EVP Key 132825eb42bSJan Lentfer */ 133825eb42bSJan Lentfer EVP_PKEY *key; 134825eb42bSJan Lentfer #endif 135b5dedccaSJan Lentfer #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 136825eb42bSJan Lentfer /** 137825eb42bSJan Lentfer * The key can be an HMAC key 138825eb42bSJan Lentfer */ 139825eb42bSJan Lentfer struct { 140825eb42bSJan Lentfer unsigned char *key; 141825eb42bSJan Lentfer size_t size; 142825eb42bSJan Lentfer } hmac; 143825eb42bSJan Lentfer /** the key structure can also just point to some external 144825eb42bSJan Lentfer * key data 145825eb42bSJan Lentfer */ 146825eb42bSJan Lentfer void *external_key; 147825eb42bSJan Lentfer } _key; 148825eb42bSJan Lentfer /** Depending on the key we can have extra data */ 149825eb42bSJan Lentfer union { 150825eb42bSJan Lentfer /** Some values that influence generated signatures */ 151825eb42bSJan Lentfer struct { 152825eb42bSJan Lentfer /** The TTL of the rrset that is currently signed */ 153825eb42bSJan Lentfer uint32_t orig_ttl; 154825eb42bSJan Lentfer /** The inception date of signatures made with this key. */ 155825eb42bSJan Lentfer uint32_t inception; 156825eb42bSJan Lentfer /** The expiration date of signatures made with this key. */ 157825eb42bSJan Lentfer uint32_t expiration; 158825eb42bSJan Lentfer /** The keytag of this key. */ 159825eb42bSJan Lentfer uint16_t keytag; 160825eb42bSJan Lentfer /** The dnssec key flags as specified in RFC4035, like ZSK and KSK */ 161825eb42bSJan Lentfer uint16_t flags; 162825eb42bSJan Lentfer } dnssec; 163825eb42bSJan Lentfer } _extra; 164825eb42bSJan Lentfer /** Owner name of the key */ 165825eb42bSJan Lentfer ldns_rdf *_pubkey_owner; 166825eb42bSJan Lentfer }; 167825eb42bSJan Lentfer typedef struct ldns_struct_key ldns_key; 168825eb42bSJan Lentfer 169825eb42bSJan Lentfer /** 170825eb42bSJan Lentfer * Same as rr_list, but now for keys 171825eb42bSJan Lentfer */ 172825eb42bSJan Lentfer struct ldns_struct_key_list 173825eb42bSJan Lentfer { 174825eb42bSJan Lentfer size_t _key_count; 175825eb42bSJan Lentfer ldns_key **_keys; 176825eb42bSJan Lentfer }; 177825eb42bSJan Lentfer typedef struct ldns_struct_key_list ldns_key_list; 178825eb42bSJan Lentfer 179825eb42bSJan Lentfer 180825eb42bSJan Lentfer /** 181825eb42bSJan Lentfer * Creates a new empty key list 182825eb42bSJan Lentfer * \return a new ldns_key_list structure pointer 183825eb42bSJan Lentfer */ 1845340022aSzrj ldns_key_list *ldns_key_list_new(void); 185825eb42bSJan Lentfer 186825eb42bSJan Lentfer /** 187825eb42bSJan Lentfer * Creates a new empty key structure 188825eb42bSJan Lentfer * \return a new ldns_key * structure 189825eb42bSJan Lentfer */ 1905340022aSzrj ldns_key *ldns_key_new(void); 191825eb42bSJan Lentfer 192825eb42bSJan Lentfer /** 193825eb42bSJan Lentfer * Creates a new key based on the algorithm 194825eb42bSJan Lentfer * 195825eb42bSJan Lentfer * \param[in] a The algorithm to use 196825eb42bSJan Lentfer * \param[in] size the number of bytes for the keysize 197825eb42bSJan Lentfer * \return a new ldns_key structure with the key 198825eb42bSJan Lentfer */ 199825eb42bSJan Lentfer ldns_key *ldns_key_new_frm_algorithm(ldns_signing_algorithm a, uint16_t size); 200825eb42bSJan Lentfer 201825eb42bSJan Lentfer /** 202825eb42bSJan Lentfer * Creates a new priv key based on the 203825eb42bSJan Lentfer * contents of the file pointed by fp. 204825eb42bSJan Lentfer * 205d1b2b5caSJohn Marino * The file should be in Private-key-format v1.x. 206825eb42bSJan Lentfer * 207825eb42bSJan Lentfer * \param[out] k the new ldns_key structure 208825eb42bSJan Lentfer * \param[in] fp the file pointer to use 209825eb42bSJan Lentfer * \return an error or LDNS_STATUS_OK 210825eb42bSJan Lentfer */ 211825eb42bSJan Lentfer ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp); 212825eb42bSJan Lentfer 213825eb42bSJan Lentfer /** 214825eb42bSJan Lentfer * Creates a new private key based on the 215825eb42bSJan Lentfer * contents of the file pointed by fp 216825eb42bSJan Lentfer * 217d1b2b5caSJohn Marino * The file should be in Private-key-format v1.x. 218825eb42bSJan Lentfer * 219825eb42bSJan Lentfer * \param[out] k the new ldns_key structure 220825eb42bSJan Lentfer * \param[in] fp the file pointer to use 221825eb42bSJan Lentfer * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) 222825eb42bSJan Lentfer * \return an error or LDNS_STATUS_OK 223825eb42bSJan Lentfer */ 224825eb42bSJan Lentfer ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr); 225825eb42bSJan Lentfer 226b5dedccaSJan Lentfer #if LDNS_BUILD_CONFIG_HAVE_SSL 227825eb42bSJan Lentfer /** 228825eb42bSJan Lentfer * Read the key with the given id from the given engine and store it 229825eb42bSJan Lentfer * in the given ldns_key structure. The algorithm type is set 230*ee791febSAntonio Huete Jimenez * 231*ee791febSAntonio Huete Jimenez * \param[out] key the new ldns_key structure 232*ee791febSAntonio Huete Jimenez * \param[in] e the engine from which to read the key 233*ee791febSAntonio Huete Jimenez * \param[in] key_id the id of the key with which to lookup the key in the engine 234*ee791febSAntonio Huete Jimenez * \param[in] a the algorithm to set for this key 235*ee791febSAntonio Huete Jimenez * \return an error or LDNS_STATUS_OK 236825eb42bSJan Lentfer */ 237*ee791febSAntonio Huete Jimenez ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm a); 238825eb42bSJan Lentfer 239825eb42bSJan Lentfer 240825eb42bSJan Lentfer /** 241825eb42bSJan Lentfer * frm_fp helper function. This function parses the 242825eb42bSJan Lentfer * remainder of the (RSA) priv. key file generated from bind9 243825eb42bSJan Lentfer * \param[in] fp the file to parse 244825eb42bSJan Lentfer * \return NULL on failure otherwise a RSA structure 245825eb42bSJan Lentfer */ 246825eb42bSJan Lentfer RSA *ldns_key_new_frm_fp_rsa(FILE *fp); 247825eb42bSJan Lentfer 248825eb42bSJan Lentfer /** 249825eb42bSJan Lentfer * frm_fp helper function. This function parses the 250825eb42bSJan Lentfer * remainder of the (RSA) priv. key file generated from bind9 251825eb42bSJan Lentfer * \param[in] fp the file to parse 252825eb42bSJan Lentfer * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) 253825eb42bSJan Lentfer * \return NULL on failure otherwise a RSA structure 254825eb42bSJan Lentfer */ 255825eb42bSJan Lentfer RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr); 256825eb42bSJan Lentfer 257*ee791febSAntonio Huete Jimenez 258*ee791febSAntonio Huete Jimenez # if LDNS_BUILD_CONFIG_USE_DSA 259825eb42bSJan Lentfer /** 260825eb42bSJan Lentfer * frm_fp helper function. This function parses the 261825eb42bSJan Lentfer * remainder of the (DSA) priv. key file 262825eb42bSJan Lentfer * \param[in] fp the file to parse 263825eb42bSJan Lentfer * \return NULL on failure otherwise a RSA structure 264825eb42bSJan Lentfer */ 265825eb42bSJan Lentfer DSA *ldns_key_new_frm_fp_dsa(FILE *fp); 266825eb42bSJan Lentfer 267825eb42bSJan Lentfer /** 268825eb42bSJan Lentfer * frm_fp helper function. This function parses the 269825eb42bSJan Lentfer * remainder of the (DSA) priv. key file 270825eb42bSJan Lentfer * \param[in] fp the file to parse 271825eb42bSJan Lentfer * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) 272825eb42bSJan Lentfer * \return NULL on failure otherwise a RSA structure 273825eb42bSJan Lentfer */ 274825eb42bSJan Lentfer DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr); 275*ee791febSAntonio Huete Jimenez # endif /* LDNS_BUILD_CONFIG_USE_DSA */ 276825eb42bSJan Lentfer 277825eb42bSJan Lentfer /** 278825eb42bSJan Lentfer * frm_fp helper function. This function parses the 279825eb42bSJan Lentfer * remainder of the (HMAC-MD5) key file 280825eb42bSJan Lentfer * This function allocated a buffer that needs to be freed 281825eb42bSJan Lentfer * \param[in] fp the file to parse 282825eb42bSJan Lentfer * \param[out] hmac_size the number of bits in the resulting buffer 283825eb42bSJan Lentfer * \return NULL on failure otherwise a newly allocated char buffer 284825eb42bSJan Lentfer */ 285825eb42bSJan Lentfer unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size); 286825eb42bSJan Lentfer 287825eb42bSJan Lentfer /** 288825eb42bSJan Lentfer * frm_fp helper function. This function parses the 289825eb42bSJan Lentfer * remainder of the (HMAC-MD5) key file 290825eb42bSJan Lentfer * This function allocated a buffer that needs to be freed 291825eb42bSJan Lentfer * \param[in] fp the file to parse 292825eb42bSJan Lentfer * \param[in] line_nr pointer to an integer containing the current line number (for error reporting purposes) 293825eb42bSJan Lentfer * \param[out] hmac_size the number of bits in the resulting buffer 294825eb42bSJan Lentfer * \return NULL on failure otherwise a newly allocated char buffer 295825eb42bSJan Lentfer */ 296825eb42bSJan Lentfer unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size); 297b5dedccaSJan Lentfer #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 298825eb42bSJan Lentfer 299*ee791febSAntonio Huete Jimenez /* access write functions */ 300825eb42bSJan Lentfer /** 301825eb42bSJan Lentfer * Set the key's algorithm 302825eb42bSJan Lentfer * \param[in] k the key 303825eb42bSJan Lentfer * \param[in] l the algorithm 304825eb42bSJan Lentfer */ 305825eb42bSJan Lentfer void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l); 306*ee791febSAntonio Huete Jimenez 307b5dedccaSJan Lentfer #if LDNS_BUILD_CONFIG_HAVE_SSL 308825eb42bSJan Lentfer /** 309825eb42bSJan Lentfer * Set the key's evp key 310825eb42bSJan Lentfer * \param[in] k the key 311825eb42bSJan Lentfer * \param[in] e the evp key 312825eb42bSJan Lentfer */ 313825eb42bSJan Lentfer void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e); 314825eb42bSJan Lentfer 315825eb42bSJan Lentfer /** 316d1b2b5caSJohn Marino * Set the key's rsa data. 317d1b2b5caSJohn Marino * The rsa data should be freed by the user. 318825eb42bSJan Lentfer * \param[in] k the key 319825eb42bSJan Lentfer * \param[in] r the rsa data 320825eb42bSJan Lentfer */ 321825eb42bSJan Lentfer void ldns_key_set_rsa_key(ldns_key *k, RSA *r); 322d1b2b5caSJohn Marino 323*ee791febSAntonio Huete Jimenez # if LDNS_BUILD_CONFIG_USE_DSA 324825eb42bSJan Lentfer /** 325825eb42bSJan Lentfer * Set the key's dsa data 326d1b2b5caSJohn Marino * The dsa data should be freed by the user. 327825eb42bSJan Lentfer * \param[in] k the key 328825eb42bSJan Lentfer * \param[in] d the dsa data 329825eb42bSJan Lentfer */ 330825eb42bSJan Lentfer void ldns_key_set_dsa_key(ldns_key *k, DSA *d); 331*ee791febSAntonio Huete Jimenez # endif /* LDNS_BUILD_CONFIG_USE_DSA */ 332825eb42bSJan Lentfer 333825eb42bSJan Lentfer /** 334d1b2b5caSJohn Marino * Assign the key's rsa data 335d1b2b5caSJohn Marino * The rsa data will be freed automatically when the key is freed. 336d1b2b5caSJohn Marino * \param[in] k the key 337d1b2b5caSJohn Marino * \param[in] r the rsa data 338d1b2b5caSJohn Marino */ 339d1b2b5caSJohn Marino void ldns_key_assign_rsa_key(ldns_key *k, RSA *r); 340d1b2b5caSJohn Marino 341*ee791febSAntonio Huete Jimenez # if LDNS_BUILD_CONFIG_USE_DSA 342d1b2b5caSJohn Marino /** 343d1b2b5caSJohn Marino * Assign the key's dsa data 344d1b2b5caSJohn Marino * The dsa data will be freed automatically when the key is freed. 345d1b2b5caSJohn Marino * \param[in] k the key 346d1b2b5caSJohn Marino * \param[in] d the dsa data 347d1b2b5caSJohn Marino */ 348d1b2b5caSJohn Marino void ldns_key_assign_dsa_key(ldns_key *k, DSA *d); 349*ee791febSAntonio Huete Jimenez # endif /* LDNS_BUILD_CONFIG_USE_DSA */ 350d1b2b5caSJohn Marino 351d1b2b5caSJohn Marino /** 352825eb42bSJan Lentfer * Get the PKEY id for GOST, loads GOST into openssl as a side effect. 353825eb42bSJan Lentfer * Only available if GOST is compiled into the library and openssl. 354825eb42bSJan Lentfer * \return the gost id for EVP_CTX creation. 355825eb42bSJan Lentfer */ 356825eb42bSJan Lentfer int ldns_key_EVP_load_gost_id(void); 357ac996e71SJan Lentfer 358ac996e71SJan Lentfer /** Release the engine reference held for the GOST engine. */ 359ac996e71SJan Lentfer void ldns_key_EVP_unload_gost(void); 360b5dedccaSJan Lentfer #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 361825eb42bSJan Lentfer 362825eb42bSJan Lentfer /** 363825eb42bSJan Lentfer * Set the key's hmac data 364825eb42bSJan Lentfer * \param[in] k the key 365825eb42bSJan Lentfer * \param[in] hmac the raw key data 366825eb42bSJan Lentfer */ 367825eb42bSJan Lentfer void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac); 368825eb42bSJan Lentfer 369825eb42bSJan Lentfer /** 370825eb42bSJan Lentfer * Set the key id data. This is used if the key points to 371825eb42bSJan Lentfer * some externally stored key data 372825eb42bSJan Lentfer * 373825eb42bSJan Lentfer * Only the pointer is set, the data there is not copied, 374825eb42bSJan Lentfer * and must be freed manually; ldns_key_deep_free() does 375825eb42bSJan Lentfer * *not* free this data 376825eb42bSJan Lentfer * \param[in] key the key 377825eb42bSJan Lentfer * \param[in] external_key key id data 378825eb42bSJan Lentfer */ 379825eb42bSJan Lentfer void ldns_key_set_external_key(ldns_key *key, void *external_key); 380825eb42bSJan Lentfer 381825eb42bSJan Lentfer /** 382825eb42bSJan Lentfer * Set the key's hmac size 383825eb42bSJan Lentfer * \param[in] k the key 384825eb42bSJan Lentfer * \param[in] hmac_size the size of the hmac data 385825eb42bSJan Lentfer */ 386825eb42bSJan Lentfer void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size); 387825eb42bSJan Lentfer /** 388825eb42bSJan Lentfer * Set the key's original ttl 389825eb42bSJan Lentfer * \param[in] k the key 390825eb42bSJan Lentfer * \param[in] t the ttl 391825eb42bSJan Lentfer */ 392825eb42bSJan Lentfer void ldns_key_set_origttl(ldns_key *k, uint32_t t); 393825eb42bSJan Lentfer /** 394825eb42bSJan Lentfer * Set the key's inception date (seconds after epoch) 395825eb42bSJan Lentfer * \param[in] k the key 396825eb42bSJan Lentfer * \param[in] i the inception 397825eb42bSJan Lentfer */ 398825eb42bSJan Lentfer void ldns_key_set_inception(ldns_key *k, uint32_t i); 399825eb42bSJan Lentfer /** 400825eb42bSJan Lentfer * Set the key's expiration date (seconds after epoch) 401825eb42bSJan Lentfer * \param[in] k the key 402825eb42bSJan Lentfer * \param[in] e the expiration 403825eb42bSJan Lentfer */ 404825eb42bSJan Lentfer void ldns_key_set_expiration(ldns_key *k, uint32_t e); 405825eb42bSJan Lentfer /** 406825eb42bSJan Lentfer * Set the key's pubkey owner 407825eb42bSJan Lentfer * \param[in] k the key 408825eb42bSJan Lentfer * \param[in] r the owner 409825eb42bSJan Lentfer */ 410825eb42bSJan Lentfer void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r); 411825eb42bSJan Lentfer /** 412825eb42bSJan Lentfer * Set the key's key tag 413825eb42bSJan Lentfer * \param[in] k the key 414825eb42bSJan Lentfer * \param[in] tag the keytag 415825eb42bSJan Lentfer */ 416825eb42bSJan Lentfer void ldns_key_set_keytag(ldns_key *k, uint16_t tag); 417825eb42bSJan Lentfer /** 418825eb42bSJan Lentfer * Set the key's flags 419825eb42bSJan Lentfer * \param[in] k the key 420825eb42bSJan Lentfer * \param[in] flags the flags 421825eb42bSJan Lentfer */ 422825eb42bSJan Lentfer void ldns_key_set_flags(ldns_key *k, uint16_t flags); 423825eb42bSJan Lentfer /** 424825eb42bSJan Lentfer * Set the keylist's key count to count 425825eb42bSJan Lentfer * \param[in] key the key 426*ee791febSAntonio Huete Jimenez * \param[in] count the count 427825eb42bSJan Lentfer */ 428825eb42bSJan Lentfer void ldns_key_list_set_key_count(ldns_key_list *key, size_t count); 429825eb42bSJan Lentfer 430825eb42bSJan Lentfer /** 431825eb42bSJan Lentfer * pushes a key to a keylist 432825eb42bSJan Lentfer * \param[in] key_list the key_list to push to 433825eb42bSJan Lentfer * \param[in] key the key to push 434825eb42bSJan Lentfer * \return false on error, otherwise true 435825eb42bSJan Lentfer */ 436825eb42bSJan Lentfer bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key); 437825eb42bSJan Lentfer 438825eb42bSJan Lentfer /** 439825eb42bSJan Lentfer * returns the number of keys in the key list 440825eb42bSJan Lentfer * \param[in] key_list the key_list 441825eb42bSJan Lentfer * \return the numbers of keys in the list 442825eb42bSJan Lentfer */ 443825eb42bSJan Lentfer size_t ldns_key_list_key_count(const ldns_key_list *key_list); 444825eb42bSJan Lentfer 445825eb42bSJan Lentfer /** 446825eb42bSJan Lentfer * returns a pointer to the key in the list at the given position 447825eb42bSJan Lentfer * \param[in] key the key 448825eb42bSJan Lentfer * \param[in] nr the position in the list 449825eb42bSJan Lentfer * \return the key 450825eb42bSJan Lentfer */ 451825eb42bSJan Lentfer ldns_key *ldns_key_list_key(const ldns_key_list *key, size_t nr); 452825eb42bSJan Lentfer 453b5dedccaSJan Lentfer #if LDNS_BUILD_CONFIG_HAVE_SSL 454825eb42bSJan Lentfer /** 455825eb42bSJan Lentfer * returns the (openssl) RSA struct contained in the key 456825eb42bSJan Lentfer * \param[in] k the key to look in 457825eb42bSJan Lentfer * \return the RSA * structure in the key 458825eb42bSJan Lentfer */ 459825eb42bSJan Lentfer RSA *ldns_key_rsa_key(const ldns_key *k); 460825eb42bSJan Lentfer /** 461825eb42bSJan Lentfer * returns the (openssl) EVP struct contained in the key 462825eb42bSJan Lentfer * \param[in] k the key to look in 463825eb42bSJan Lentfer * \return the RSA * structure in the key 464825eb42bSJan Lentfer */ 465825eb42bSJan Lentfer EVP_PKEY *ldns_key_evp_key(const ldns_key *k); 466825eb42bSJan Lentfer 467*ee791febSAntonio Huete Jimenez # if LDNS_BUILD_CONFIG_USE_DSA 468825eb42bSJan Lentfer /** 469825eb42bSJan Lentfer * returns the (openssl) DSA struct contained in the key 470825eb42bSJan Lentfer */ 471825eb42bSJan Lentfer DSA *ldns_key_dsa_key(const ldns_key *k); 472*ee791febSAntonio Huete Jimenez # endif /* LDNS_BUILD_CONFIG_USE_DSA */ 473b5dedccaSJan Lentfer #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 474825eb42bSJan Lentfer 475825eb42bSJan Lentfer /** 476825eb42bSJan Lentfer * return the signing alg of the key 477825eb42bSJan Lentfer * \param[in] k the key 478825eb42bSJan Lentfer * \return the algorithm 479825eb42bSJan Lentfer */ 480825eb42bSJan Lentfer ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k); 481825eb42bSJan Lentfer /** 482825eb42bSJan Lentfer * set the use flag 483825eb42bSJan Lentfer * \param[in] k the key 484825eb42bSJan Lentfer * \param[in] v the boolean value to set the _use field to 485825eb42bSJan Lentfer */ 486825eb42bSJan Lentfer void ldns_key_set_use(ldns_key *k, bool v); 487825eb42bSJan Lentfer /** 488825eb42bSJan Lentfer * return the use flag 489825eb42bSJan Lentfer * \param[in] k the key 490825eb42bSJan Lentfer * \return the boolean value of the _use field 491825eb42bSJan Lentfer */ 492825eb42bSJan Lentfer bool ldns_key_use(const ldns_key *k); 493825eb42bSJan Lentfer /** 494825eb42bSJan Lentfer * return the hmac key data 495825eb42bSJan Lentfer * \param[in] k the key 496825eb42bSJan Lentfer * \return the hmac key data 497825eb42bSJan Lentfer */ 498825eb42bSJan Lentfer unsigned char *ldns_key_hmac_key(const ldns_key *k); 499825eb42bSJan Lentfer /** 500825eb42bSJan Lentfer * return the key id key data 501825eb42bSJan Lentfer * \param[in] k the key 502825eb42bSJan Lentfer * \return the key id data 503825eb42bSJan Lentfer */ 504825eb42bSJan Lentfer void *ldns_key_external_key(const ldns_key *k); 505825eb42bSJan Lentfer /** 506825eb42bSJan Lentfer * return the hmac key size 507825eb42bSJan Lentfer * \param[in] k the key 508825eb42bSJan Lentfer * \return the hmac key size 509825eb42bSJan Lentfer */ 510825eb42bSJan Lentfer size_t ldns_key_hmac_size(const ldns_key *k); 511825eb42bSJan Lentfer /** 512825eb42bSJan Lentfer * return the original ttl of the key 513825eb42bSJan Lentfer * \param[in] k the key 514825eb42bSJan Lentfer * \return the original ttl 515825eb42bSJan Lentfer */ 516825eb42bSJan Lentfer uint32_t ldns_key_origttl(const ldns_key *k); 517825eb42bSJan Lentfer /** 518825eb42bSJan Lentfer * return the key's inception date 519825eb42bSJan Lentfer * \param[in] k the key 520825eb42bSJan Lentfer * \return the inception date 521825eb42bSJan Lentfer */ 522825eb42bSJan Lentfer uint32_t ldns_key_inception(const ldns_key *k); 523825eb42bSJan Lentfer /** 524825eb42bSJan Lentfer * return the key's expiration date 525825eb42bSJan Lentfer * \param[in] k the key 526*ee791febSAntonio Huete Jimenez * \return the expiration date 527825eb42bSJan Lentfer */ 528825eb42bSJan Lentfer uint32_t ldns_key_expiration(const ldns_key *k); 529825eb42bSJan Lentfer /** 530825eb42bSJan Lentfer * return the keytag 531825eb42bSJan Lentfer * \param[in] k the key 532825eb42bSJan Lentfer * \return the keytag 533825eb42bSJan Lentfer */ 534825eb42bSJan Lentfer uint16_t ldns_key_keytag(const ldns_key *k); 535825eb42bSJan Lentfer /** 536825eb42bSJan Lentfer * return the public key's owner 537825eb42bSJan Lentfer * \param[in] k the key 538825eb42bSJan Lentfer * \return the owner 539825eb42bSJan Lentfer */ 540825eb42bSJan Lentfer ldns_rdf *ldns_key_pubkey_owner(const ldns_key *k); 541825eb42bSJan Lentfer /** 542825eb42bSJan Lentfer * Set the 'use' flag for all keys in the list 543825eb42bSJan Lentfer * \param[in] keys The key_list 544825eb42bSJan Lentfer * \param[in] v The value to set the use flags to 545825eb42bSJan Lentfer */ 546825eb42bSJan Lentfer void 547825eb42bSJan Lentfer ldns_key_list_set_use(ldns_key_list *keys, bool v); 548825eb42bSJan Lentfer 549825eb42bSJan Lentfer /** 550825eb42bSJan Lentfer * return the flag of the key 551825eb42bSJan Lentfer * \param[in] k the key 552825eb42bSJan Lentfer * \return the flag 553825eb42bSJan Lentfer */ 554825eb42bSJan Lentfer uint16_t ldns_key_flags(const ldns_key *k); 555825eb42bSJan Lentfer 556825eb42bSJan Lentfer /** 557825eb42bSJan Lentfer * pops the last rr from a keylist 558825eb42bSJan Lentfer * \param[in] key_list the rr_list to pop from 559825eb42bSJan Lentfer * \return NULL if nothing to pop. Otherwise the popped RR 560825eb42bSJan Lentfer */ 561825eb42bSJan Lentfer ldns_key *ldns_key_list_pop_key(ldns_key_list *key_list); 562825eb42bSJan Lentfer 563825eb42bSJan Lentfer /** 564825eb42bSJan Lentfer * converts a ldns_key to a public key rr 565825eb42bSJan Lentfer * If the key data exists at an external point, the corresponding 566825eb42bSJan Lentfer * rdata field must still be added with ldns_rr_rdf_push() to the 567825eb42bSJan Lentfer * result rr of this function 568825eb42bSJan Lentfer * 569825eb42bSJan Lentfer * \param[in] k the ldns_key to convert 570825eb42bSJan Lentfer * \return ldns_rr representation of the key 571825eb42bSJan Lentfer */ 572825eb42bSJan Lentfer ldns_rr *ldns_key2rr(const ldns_key *k); 573825eb42bSJan Lentfer 574825eb42bSJan Lentfer /** 5755340022aSzrj * print a private key to the file output 576825eb42bSJan Lentfer * 577825eb42bSJan Lentfer * \param[in] output the FILE descriptor where to print to 578825eb42bSJan Lentfer * \param[in] k the ldns_key to print 579825eb42bSJan Lentfer */ 580825eb42bSJan Lentfer void ldns_key_print(FILE *output, const ldns_key *k); 581825eb42bSJan Lentfer 582825eb42bSJan Lentfer /** 583825eb42bSJan Lentfer * frees a key structure, but not its internal data structures 584825eb42bSJan Lentfer * 585825eb42bSJan Lentfer * \param[in] key the key object to free 586825eb42bSJan Lentfer */ 587825eb42bSJan Lentfer void ldns_key_free(ldns_key *key); 588825eb42bSJan Lentfer 589825eb42bSJan Lentfer /** 590825eb42bSJan Lentfer * frees a key structure and all its internal data structures, except 591825eb42bSJan Lentfer * the data set by ldns_key_set_external_key() 592825eb42bSJan Lentfer * 593825eb42bSJan Lentfer * \param[in] key the key object to free 594825eb42bSJan Lentfer */ 595825eb42bSJan Lentfer void ldns_key_deep_free(ldns_key *key); 596825eb42bSJan Lentfer 597825eb42bSJan Lentfer /** 598825eb42bSJan Lentfer * Frees a key list structure 599825eb42bSJan Lentfer * \param[in] key_list the key list object to free 600825eb42bSJan Lentfer */ 601825eb42bSJan Lentfer void ldns_key_list_free(ldns_key_list *key_list); 602825eb42bSJan Lentfer 603825eb42bSJan Lentfer /** 604825eb42bSJan Lentfer * Instantiates a DNSKEY or DS RR from file. 605825eb42bSJan Lentfer * \param[in] filename the file to read the record from 606825eb42bSJan Lentfer * \return the corresponding RR, or NULL if the parsing failed 607825eb42bSJan Lentfer */ 608825eb42bSJan Lentfer ldns_rr * ldns_read_anchor_file(const char *filename); 609825eb42bSJan Lentfer 610825eb42bSJan Lentfer /** 611825eb42bSJan Lentfer * Returns the 'default base name' for key files; 612825eb42bSJan Lentfer * IE. K\<zone\>+\<alg\>+\<keytag\> 613825eb42bSJan Lentfer * (without the .key or .private) 614825eb42bSJan Lentfer * The memory for this is allocated by this function, 615825eb42bSJan Lentfer * and should be freed by the caller 616825eb42bSJan Lentfer * 617825eb42bSJan Lentfer * \param[in] key the key to get the file name from 618825eb42bSJan Lentfer * \returns A string containing the file base name 619825eb42bSJan Lentfer */ 6205340022aSzrj char *ldns_key_get_file_base_name(const ldns_key *key); 621825eb42bSJan Lentfer 622825eb42bSJan Lentfer /** 623825eb42bSJan Lentfer * See if a key algorithm is supported 624825eb42bSJan Lentfer * \param[in] algo the signing algorithm number. 625825eb42bSJan Lentfer * \returns true if supported. 626825eb42bSJan Lentfer */ 627825eb42bSJan Lentfer int ldns_key_algo_supported(int algo); 628825eb42bSJan Lentfer 629ac996e71SJan Lentfer /** 630ac996e71SJan Lentfer * Get signing algorithm by name. Comparison is case insensitive. 631ac996e71SJan Lentfer * \param[in] name string with the name. 632ac996e71SJan Lentfer * \returns 0 on parse failure or the algorithm number. 633ac996e71SJan Lentfer */ 634ac996e71SJan Lentfer ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name); 635ac996e71SJan Lentfer 636ac996e71SJan Lentfer #ifdef __cplusplus 637ac996e71SJan Lentfer } 638ac996e71SJan Lentfer #endif 639ac996e71SJan Lentfer 640825eb42bSJan Lentfer #endif /* LDNS_KEYS_H */ 641