109a3aaf3SDag-Erling Smørgrav /* 209a3aaf3SDag-Erling Smørgrav * keyraw.h -- raw key and signature access and conversion 309a3aaf3SDag-Erling Smørgrav * 409a3aaf3SDag-Erling Smørgrav * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. 509a3aaf3SDag-Erling Smørgrav * 609a3aaf3SDag-Erling Smørgrav * See LICENSE for the license. 709a3aaf3SDag-Erling Smørgrav * 809a3aaf3SDag-Erling Smørgrav */ 909a3aaf3SDag-Erling Smørgrav 1009a3aaf3SDag-Erling Smørgrav /** 1109a3aaf3SDag-Erling Smørgrav * \file 1209a3aaf3SDag-Erling Smørgrav * 1309a3aaf3SDag-Erling Smørgrav * raw key and signature access and conversion 1409a3aaf3SDag-Erling Smørgrav * 1509a3aaf3SDag-Erling Smørgrav * Since those functions heavily rely op cryptographic operations, 1609a3aaf3SDag-Erling Smørgrav * this module is dependent on openssl. 1709a3aaf3SDag-Erling Smørgrav * 1809a3aaf3SDag-Erling Smørgrav */ 1909a3aaf3SDag-Erling Smørgrav 2009a3aaf3SDag-Erling Smørgrav #ifndef LDNS_KEYRAW_H 2109a3aaf3SDag-Erling Smørgrav #define LDNS_KEYRAW_H 2209a3aaf3SDag-Erling Smørgrav 2309a3aaf3SDag-Erling Smørgrav #ifdef __cplusplus 2409a3aaf3SDag-Erling Smørgrav extern "C" { 2509a3aaf3SDag-Erling Smørgrav #endif 2609a3aaf3SDag-Erling Smørgrav #if LDNS_BUILD_CONFIG_HAVE_SSL 2709a3aaf3SDag-Erling Smørgrav # include <openssl/ssl.h> 2809a3aaf3SDag-Erling Smørgrav # include <openssl/evp.h> 2909a3aaf3SDag-Erling Smørgrav #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 3009a3aaf3SDag-Erling Smørgrav 3109a3aaf3SDag-Erling Smørgrav /** 3209a3aaf3SDag-Erling Smørgrav * get the length of the keydata in bits 3309a3aaf3SDag-Erling Smørgrav * \param[in] keydata the raw key data 3409a3aaf3SDag-Erling Smørgrav * \param[in] len the length of the keydata 3509a3aaf3SDag-Erling Smørgrav * \param[in] alg the cryptographic algorithm this is a key for 3609a3aaf3SDag-Erling Smørgrav * \return the keysize in bits, or 0 on error 3709a3aaf3SDag-Erling Smørgrav */ 3809a3aaf3SDag-Erling Smørgrav size_t sldns_rr_dnskey_key_size_raw(const unsigned char *keydata, 3909a3aaf3SDag-Erling Smørgrav const size_t len, int alg); 4009a3aaf3SDag-Erling Smørgrav 4109a3aaf3SDag-Erling Smørgrav /** 4209a3aaf3SDag-Erling Smørgrav * Calculates keytag of DNSSEC key, operates on wireformat rdata. 4309a3aaf3SDag-Erling Smørgrav * \param[in] key the key as uncompressed wireformat rdata. 4409a3aaf3SDag-Erling Smørgrav * \param[in] keysize length of key data. 4509a3aaf3SDag-Erling Smørgrav * \return the keytag 4609a3aaf3SDag-Erling Smørgrav */ 4709a3aaf3SDag-Erling Smørgrav uint16_t sldns_calc_keytag_raw(uint8_t* key, size_t keysize); 4809a3aaf3SDag-Erling Smørgrav 4909a3aaf3SDag-Erling Smørgrav #if LDNS_BUILD_CONFIG_HAVE_SSL 5009a3aaf3SDag-Erling Smørgrav /** 5109a3aaf3SDag-Erling Smørgrav * Get the PKEY id for GOST, loads GOST into openssl as a side effect. 5209a3aaf3SDag-Erling Smørgrav * Only available if GOST is compiled into the library and openssl. 5309a3aaf3SDag-Erling Smørgrav * \return the gost id for EVP_CTX creation. 5409a3aaf3SDag-Erling Smørgrav */ 5509a3aaf3SDag-Erling Smørgrav int sldns_key_EVP_load_gost_id(void); 5609a3aaf3SDag-Erling Smørgrav 5709a3aaf3SDag-Erling Smørgrav /** Release the engine reference held for the GOST engine. */ 5809a3aaf3SDag-Erling Smørgrav void sldns_key_EVP_unload_gost(void); 5909a3aaf3SDag-Erling Smørgrav 60*5469a995SCy Schubert #ifndef HAVE_OSSL_PARAM_BLD_NEW 6109a3aaf3SDag-Erling Smørgrav /** 6209a3aaf3SDag-Erling Smørgrav * Like sldns_key_buf2dsa, but uses raw buffer. 6309a3aaf3SDag-Erling Smørgrav * \param[in] key the uncompressed wireformat of the key. 6409a3aaf3SDag-Erling Smørgrav * \param[in] len length of key data 6509a3aaf3SDag-Erling Smørgrav * \return a DSA * structure with the key material 6609a3aaf3SDag-Erling Smørgrav */ 6709a3aaf3SDag-Erling Smørgrav DSA *sldns_key_buf2dsa_raw(unsigned char* key, size_t len); 68*5469a995SCy Schubert #endif 69*5469a995SCy Schubert 70*5469a995SCy Schubert /** 71*5469a995SCy Schubert * Converts a holding buffer with DSA key material to EVP PKEY in openssl. 72*5469a995SCy Schubert * \param[in] key the uncompressed wireformat of the key. 73*5469a995SCy Schubert * \param[in] len length of key data 74*5469a995SCy Schubert * \return the key or NULL on error. 75*5469a995SCy Schubert */ 76*5469a995SCy Schubert EVP_PKEY *sldns_key_dsa2pkey_raw(unsigned char* key, size_t len); 7709a3aaf3SDag-Erling Smørgrav 7809a3aaf3SDag-Erling Smørgrav /** 7909a3aaf3SDag-Erling Smørgrav * Converts a holding buffer with key material to EVP PKEY in openssl. 8009a3aaf3SDag-Erling Smørgrav * Only available if ldns was compiled with GOST. 8109a3aaf3SDag-Erling Smørgrav * \param[in] key data to convert 8209a3aaf3SDag-Erling Smørgrav * \param[in] keylen length of the key data 8309a3aaf3SDag-Erling Smørgrav * \return the key or NULL on error. 8409a3aaf3SDag-Erling Smørgrav */ 8509a3aaf3SDag-Erling Smørgrav EVP_PKEY* sldns_gost2pkey_raw(unsigned char* key, size_t keylen); 8609a3aaf3SDag-Erling Smørgrav 8709a3aaf3SDag-Erling Smørgrav /** 8809a3aaf3SDag-Erling Smørgrav * Converts a holding buffer with key material to EVP PKEY in openssl. 8909a3aaf3SDag-Erling Smørgrav * Only available if ldns was compiled with ECDSA. 9009a3aaf3SDag-Erling Smørgrav * \param[in] key data to convert 9109a3aaf3SDag-Erling Smørgrav * \param[in] keylen length of the key data 9209a3aaf3SDag-Erling Smørgrav * \param[in] algo precise algorithm to initialize ECC group values. 9309a3aaf3SDag-Erling Smørgrav * \return the key or NULL on error. 9409a3aaf3SDag-Erling Smørgrav */ 9509a3aaf3SDag-Erling Smørgrav EVP_PKEY* sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo); 9609a3aaf3SDag-Erling Smørgrav 97*5469a995SCy Schubert #ifndef HAVE_OSSL_PARAM_BLD_NEW 9809a3aaf3SDag-Erling Smørgrav /** 9909a3aaf3SDag-Erling Smørgrav * Like sldns_key_buf2rsa, but uses raw buffer. 10009a3aaf3SDag-Erling Smørgrav * \param[in] key the uncompressed wireformat of the key. 10109a3aaf3SDag-Erling Smørgrav * \param[in] len length of key data 10209a3aaf3SDag-Erling Smørgrav * \return a RSA * structure with the key material 10309a3aaf3SDag-Erling Smørgrav */ 10409a3aaf3SDag-Erling Smørgrav RSA *sldns_key_buf2rsa_raw(unsigned char* key, size_t len); 105*5469a995SCy Schubert #endif 106*5469a995SCy Schubert 107*5469a995SCy Schubert /** 108*5469a995SCy Schubert * Converts a holding buffer with RSA key material to EVP PKEY in openssl. 109*5469a995SCy Schubert * \param[in] key the uncompressed wireformat of the key. 110*5469a995SCy Schubert * \param[in] len length of key data 111*5469a995SCy Schubert * \return the key or NULL on error. 112*5469a995SCy Schubert */ 113*5469a995SCy Schubert EVP_PKEY* sldns_key_rsa2pkey_raw(unsigned char* key, size_t len); 11409a3aaf3SDag-Erling Smørgrav 11509a3aaf3SDag-Erling Smørgrav /** 116c7f4d7adSDag-Erling Smørgrav * Converts a holding buffer with key material to EVP PKEY in openssl. 117c7f4d7adSDag-Erling Smørgrav * Only available if ldns was compiled with ED25519. 118c7f4d7adSDag-Erling Smørgrav * \param[in] key the uncompressed wireformat of the key. 119c7f4d7adSDag-Erling Smørgrav * \param[in] len length of key data 120c7f4d7adSDag-Erling Smørgrav * \return the key or NULL on error. 121c7f4d7adSDag-Erling Smørgrav */ 122c7f4d7adSDag-Erling Smørgrav EVP_PKEY* sldns_ed255192pkey_raw(const unsigned char* key, size_t len); 123c7f4d7adSDag-Erling Smørgrav 124c7f4d7adSDag-Erling Smørgrav /** 1250fb34990SDag-Erling Smørgrav * Converts a holding buffer with key material to EVP PKEY in openssl. 1260fb34990SDag-Erling Smørgrav * Only available if ldns was compiled with ED448. 1270fb34990SDag-Erling Smørgrav * \param[in] key the uncompressed wireformat of the key. 1280fb34990SDag-Erling Smørgrav * \param[in] len length of key data 1290fb34990SDag-Erling Smørgrav * \return the key or NULL on error. 1300fb34990SDag-Erling Smørgrav */ 1310fb34990SDag-Erling Smørgrav EVP_PKEY* sldns_ed4482pkey_raw(const unsigned char* key, size_t len); 1320fb34990SDag-Erling Smørgrav 1330fb34990SDag-Erling Smørgrav /** 13409a3aaf3SDag-Erling Smørgrav * Utility function to calculate hash using generic EVP_MD pointer. 13509a3aaf3SDag-Erling Smørgrav * \param[in] data the data to hash. 13609a3aaf3SDag-Erling Smørgrav * \param[in] len length of data. 13709a3aaf3SDag-Erling Smørgrav * \param[out] dest the destination of the hash, must be large enough. 13809a3aaf3SDag-Erling Smørgrav * \param[in] md the message digest to use. 13909a3aaf3SDag-Erling Smørgrav * \return true if worked, false on failure. 14009a3aaf3SDag-Erling Smørgrav */ 14109a3aaf3SDag-Erling Smørgrav int sldns_digest_evp(unsigned char* data, unsigned int len, 14209a3aaf3SDag-Erling Smørgrav unsigned char* dest, const EVP_MD* md); 14309a3aaf3SDag-Erling Smørgrav 14409a3aaf3SDag-Erling Smørgrav #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 14509a3aaf3SDag-Erling Smørgrav 14609a3aaf3SDag-Erling Smørgrav #ifdef __cplusplus 14709a3aaf3SDag-Erling Smørgrav } 14809a3aaf3SDag-Erling Smørgrav #endif 14909a3aaf3SDag-Erling Smørgrav 15009a3aaf3SDag-Erling Smørgrav #endif /* LDNS_KEYRAW_H */ 151