keys.h
Go to the documentation of this file.
1 /*
2  *
3  * keys.h
4  *
5  * priv key definitions
6  *
7  * a Net::DNS like library for C
8  *
9  * (c) NLnet Labs, 2005-2006
10  *
11  * See the file LICENSE for the license
12  */
13 
21 #ifndef LDNS_KEYS_H
22 #define LDNS_KEYS_H
23 
24 #include <ldns/common.h>
25 #if LDNS_BUILD_CONFIG_HAVE_SSL
26 #include <openssl/ssl.h>
27 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
28 #include <ldns/util.h>
29 #include <errno.h>
30 
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34 
36 
37 #define LDNS_KEY_ZONE_KEY 0x0100 /* rfc 4034 */
38 #define LDNS_KEY_SEP_KEY 0x0001 /* rfc 4034 */
39 #define LDNS_KEY_REVOKE_KEY 0x0080 /* rfc 5011 */
40 
45 {
46  LDNS_RSAMD5 = 1, /* RFC 4034,4035 */
47  LDNS_DH = 2,
48  LDNS_DSA = 3,
49  LDNS_ECC = 4,
53  LDNS_RSASHA256 = 8, /* RFC 5702 */
54  LDNS_RSASHA512 = 10, /* RFC 5702 */
55  LDNS_ECC_GOST = 12, /* RFC 5933 */
56  LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */
57  LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */
61 };
63 
68 {
69  LDNS_SHA1 = 1, /* RFC 4034 */
70  LDNS_SHA256 = 2, /* RFC 4509 */
71  LDNS_HASH_GOST = 3, /* RFC 5933 */
72  LDNS_SHA384 = 4 /* RFC 6605 */
73 };
75 
80 {
91  LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */
92  LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */
93  LDNS_SIGN_HMACSHA256 = 159 /* ditto */
94 };
96 
108  ldns_signing_algorithm _alg;
110  bool _use;
112  /* TODO remove unions? */
113  struct {
114 #if LDNS_BUILD_CONFIG_HAVE_SSL
115 #ifndef S_SPLINT_S
116  /* The key can be an OpenSSL EVP Key
117  */
118  EVP_PKEY *key;
119 #endif
120 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
121 
124  struct {
125  unsigned char *key;
126  size_t size;
127  } hmac;
132  } _key;
134  union {
136  struct {
138  uint32_t orig_ttl;
140  uint32_t inception;
142  uint32_t expiration;
144  uint16_t keytag;
146  uint16_t flags;
147  } dnssec;
148  } _extra;
151 };
152 typedef struct ldns_struct_key ldns_key;
153 
158 {
159  size_t _key_count;
161 };
163 
164 
170 
176 
184 ldns_key *ldns_key_new_frm_algorithm(ldns_signing_algorithm a, uint16_t size);
185 
197 
209 ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr);
210 
211 #if LDNS_BUILD_CONFIG_HAVE_SSL
212 
216 ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm);
217 
218 
225 RSA *ldns_key_new_frm_fp_rsa(FILE *fp);
226 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
227 
228 #if LDNS_BUILD_CONFIG_HAVE_SSL
229 
236 RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr);
237 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
238 
239 #if LDNS_BUILD_CONFIG_HAVE_SSL
240 
246 DSA *ldns_key_new_frm_fp_dsa(FILE *fp);
247 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
248 
249 #if LDNS_BUILD_CONFIG_HAVE_SSL
250 
257 DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr);
258 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
259 
260 #if LDNS_BUILD_CONFIG_HAVE_SSL
261 
269 unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size);
270 #endif
271 
272 #if LDNS_BUILD_CONFIG_HAVE_SSL
273 
282 unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size);
283 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
284 
285 /* acces write functions */
291 void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l);
292 #if LDNS_BUILD_CONFIG_HAVE_SSL
293 
298 void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e);
299 
306 void ldns_key_set_rsa_key(ldns_key *k, RSA *r);
307 
314 void ldns_key_set_dsa_key(ldns_key *k, DSA *d);
315 
322 void ldns_key_assign_rsa_key(ldns_key *k, RSA *r);
323 
330 void ldns_key_assign_dsa_key(ldns_key *k, DSA *d);
331 
337 int ldns_key_EVP_load_gost_id(void);
338 
340 void ldns_key_EVP_unload_gost(void);
341 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
342 
348 void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac);
349 
360 void ldns_key_set_external_key(ldns_key *key, void *external_key);
361 
367 void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size);
373 void ldns_key_set_origttl(ldns_key *k, uint32_t t);
379 void ldns_key_set_inception(ldns_key *k, uint32_t i);
385 void ldns_key_set_expiration(ldns_key *k, uint32_t e);
397 void ldns_key_set_keytag(ldns_key *k, uint16_t tag);
403 void ldns_key_set_flags(ldns_key *k, uint16_t flags);
409 void ldns_key_list_set_key_count(ldns_key_list *key, size_t count);
410 
417 bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key);
418 
424 size_t ldns_key_list_key_count(const ldns_key_list *key_list);
425 
432 ldns_key *ldns_key_list_key(const ldns_key_list *key, size_t nr);
433 
434 #if LDNS_BUILD_CONFIG_HAVE_SSL
435 
440 RSA *ldns_key_rsa_key(const ldns_key *k);
446 EVP_PKEY *ldns_key_evp_key(const ldns_key *k);
447 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
448 
452 #if LDNS_BUILD_CONFIG_HAVE_SSL
453 DSA *ldns_key_dsa_key(const ldns_key *k);
454 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
455 
461 ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k);
467 void ldns_key_set_use(ldns_key *k, bool v);
473 bool ldns_key_use(const ldns_key *k);
479 unsigned char *ldns_key_hmac_key(const ldns_key *k);
485 void *ldns_key_external_key(const ldns_key *k);
491 size_t ldns_key_hmac_size(const ldns_key *k);
497 uint32_t ldns_key_origttl(const ldns_key *k);
503 uint32_t ldns_key_inception(const ldns_key *k);
509 uint32_t ldns_key_expiration(const ldns_key *k);
515 uint16_t ldns_key_keytag(const ldns_key *k);
527 void
528 ldns_key_list_set_use(ldns_key_list *keys, bool v);
529 
535 uint16_t ldns_key_flags(const ldns_key *k);
536 
543 
553 ldns_rr *ldns_key2rr(const ldns_key *k);
554 
561 void ldns_key_print(FILE *output, const ldns_key *k);
562 
568 void ldns_key_free(ldns_key *key);
569 
576 void ldns_key_deep_free(ldns_key *key);
577 
582 void ldns_key_list_free(ldns_key_list *key_list);
583 
589 ldns_rr * ldns_read_anchor_file(const char *filename);
590 
602 
608 int ldns_key_algo_supported(int algo);
609 
615 ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name);
616 
617 #ifdef __cplusplus
618 }
619 #endif
620 
621 #endif /* LDNS_KEYS_H */
void ldns_key_set_external_key(ldns_key *k, void *external_key)
Set the key id data.
Definition: keys.c:1034
unsigned char * key
Definition: keys.h:125
void ldns_key_set_origttl(ldns_key *k, uint32_t t)
Set the key&#39;s original ttl.
Definition: keys.c:1040
DSA * ldns_key_new_frm_fp_dsa(FILE *f)
frm_fp helper function.
Definition: keys.c:655
ldns_key * ldns_key_list_key(const ldns_key_list *key, size_t nr)
returns a pointer to the key in the list at the given position
Definition: keys.c:1077
uint32_t orig_ttl
The TTL of the rrset that is currently signed.
Definition: keys.h:138
DSA * ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr)
frm_fp helper function.
DSA *char * d
Definition: keys.c:662
uint16_t keytag
The keytag of this key.
Definition: keys.h:144
void ldns_key_assign_dsa_key(ldns_key *k, DSA *d)
Assign the key&#39;s dsa data The dsa data will be freed automatically when the key is freed...
Definition: keys.c:1012
ldns_rdf * ldns_key_pubkey_owner(const ldns_key *k)
return the public key&#39;s owner
Definition: keys.c:1196
ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char *name)
Get signing algorithm by name.
Definition: keys.c:1667
uint16_t flags
The dnssec key flags as specified in RFC4035, like ZSK and KSK.
Definition: keys.h:146
ldns_key * ldns_key_list_pop_key(ldns_key_list *key_list)
pops the last rr from a keylist
Definition: keys.c:1242
void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l)
Set the key&#39;s algorithm.
Definition: keys.c:968
void ldns_key_set_use(ldns_key *k, bool v)
Definition: keys.c:1093
ldns_enum_algorithm
Algorithms used in dns.
Definition: keys.h:44
void ldns_key_set_flags(ldns_key *k, uint16_t f)
Set the key&#39;s flags.
Definition: keys.c:974
ldns_key ** _keys
Definition: keys.h:160
uint32_t ldns_key_origttl(const ldns_key *k)
return the original ttl of the key
Definition: keys.c:1166
Definition: keys.h:48
DSA * ldns_key_dsa_key(const ldns_key *k)
returns the (openssl) DSA struct contained in the key
Definition: keys.c:1128
enum ldns_enum_hash ldns_hash
Definition: keys.h:74
void * external_key
the key structure can also just point to some external key data
Definition: keys.h:131
struct ldns_struct_key::@0 _key
Storage pointers for the types of keys supported.
void ldns_key_free(ldns_key *key)
frees a key structure, but not its internal data structures
Definition: keys.c:1557
void ldns_key_set_rsa_key(ldns_key *k, RSA *r)
Set the key&#39;s rsa data.
Definition: keys.c:988
unsigned char * ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
frm_fp helper function.
Definition: keys.c:742
uint32_t expiration
The expiration date of signatures made with this key.
Definition: keys.h:142
EVP_PKEY * key
Definition: keys.h:118
void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
Set the key&#39;s pubkey owner.
Definition: keys.c:1058
ldns_enum_hash
Hashing algorithms used in the DS record.
Definition: keys.h:67
void ldns_key_list_set_use(ldns_key_list *keys, bool v)
Definition: keys.c:1203
Resource Record.
Definition: rr.h:278
size_t ldns_key_hmac_size(const ldns_key *k)
return the hmac key size
Definition: keys.c:1150
unsigned char * ldns_key_new_frm_fp_hmac_l(FILE *f, int *line_nr __attribute__((unused)), size_t *hmac_size)
Definition: keys.c:748
ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
Read the key with the given id from the given engine and store it in the given ldns_key structure...
Definition: keys.c:93
ldns_key * ldns_key_new()
Creates a new empty key structure.
Definition: keys.c:60
void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
Set the key&#39;s hmac size.
Definition: keys.c:1028
size_t size
Definition: keys.h:126
signed char _use
Whether to use this key when signing.
Definition: keys.h:110
General key structure, can contain all types of keys that are used in DNSSEC.
Definition: keys.h:107
int ldns_key_algo_supported(int algo)
See if a key algorithm is supported.
Definition: keys.c:1656
ldns_rr * ldns_read_anchor_file(const char *filename)
Instantiates a DNSKEY or DS RR from file.
Definition: keys.c:1593
enum ldns_enum_signing_algorithm ldns_signing_algorithm
Definition: keys.h:95
void ldns_key_set_expiration(ldns_key *k, uint32_t e)
Set the key&#39;s expiration date (seconds after epoch)
Definition: keys.c:1052
struct ldns_struct_key::@1::@3 dnssec
Some values that influence generated signatures.
uint32_t inception
The inception date of signatures made with this key.
Definition: keys.h:140
ldns_rdf * _pubkey_owner
Owner name of the key.
Definition: keys.h:150
union ldns_struct_key::@1 _extra
Depending on the key we can have extra data.
bool ldns_key_use(const ldns_key *k)
return the use flag
Definition: keys.c:1101
Same as rr_list, but now for keys.
Definition: keys.h:157
int ldns_key_EVP_load_gost_id(void)
Get the PKEY id for GOST, loads GOST into openssl as a side effect.
ldns_status ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
Creates a new private key based on the contents of the file pointed by fp.
Definition: keys.c:291
RSA * ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
frm_fp helper function.
Definition: keys.c:518
void ldns_key_list_free(ldns_key_list *key_list)
Frees a key list structure.
Definition: keys.c:1582
RSA * ldns_key_rsa_key(const ldns_key *k)
returns the (openssl) RSA struct contained in the key
Definition: keys.c:1118
void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
Set the key&#39;s evp key.
Definition: keys.c:982
bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
pushes a key to a keylist
Definition: keys.c:1219
RSA * ldns_key_new_frm_fp_rsa(FILE *f)
frm_fp helper function.
Definition: keys.c:512
void * ldns_key_external_key(const ldns_key *k)
return the key id key data
Definition: keys.c:1160
uint32_t ldns_key_inception(const ldns_key *k)
return the key&#39;s inception date
Definition: keys.c:1178
void ldns_key_print(FILE *output, const ldns_key *k)
print a private key to the file ouput
Definition: keys.c:955
unsigned char * ldns_key_hmac_key(const ldns_key *k)
return the hmac key data
Definition: keys.c:1140
enum ldns_enum_status ldns_status
Definition: error.h:122
EVP_PKEY * ldns_key_evp_key(const ldns_key *k)
returns the (openssl) EVP struct contained in the key
Definition: keys.c:1112
void ldns_key_set_inception(ldns_key *k, uint32_t i)
Set the key&#39;s inception date (seconds after epoch)
Definition: keys.c:1046
Definition: keys.h:47
A general purpose lookup table.
Definition: util.h:156
ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k)
return the signing alg of the key
Definition: keys.c:1087
uint32_t ldns_key_expiration(const ldns_key *k)
return the key&#39;s expiration date
Definition: keys.c:1184
ldns_signing_algorithm _alg
Definition: keys.h:108
void ldns_key_set_keytag(ldns_key *k, uint16_t tag)
Set the key&#39;s key tag.
Definition: keys.c:1064
Definition: keys.h:69
size_t _key_count
Definition: keys.h:159
ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
Creates a new priv key based on the contents of the file pointed by fp.
Definition: keys.c:86
ldns_rr * ldns_key2rr(const ldns_key *k)
converts a ldns_key to a public key rr If the key data exists at an external point, the corresponding rdata field must still be added with ldns_rr_rdf_push() to the result rr of this function
Definition: keys.c:1358
Resource record data field.
Definition: rdata.h:138
Common definitions for LDNS.
size_t ldns_key_list_key_count(const ldns_key_list *key_list)
returns the number of keys in the key list
Definition: keys.c:1071
ldns_enum_signing_algorithm
Algorithms used in dns for signing.
Definition: keys.h:79
void ldns_key_assign_rsa_key(ldns_key *k, RSA *r)
Assign the key&#39;s rsa data The rsa data will be freed automatically when the key is freed...
Definition: keys.c:1004
void ldns_key_deep_free(ldns_key *key)
frees a key structure and all its internal data structures, except the data set by ldns_key_set_exter...
Definition: keys.c:1563
uint16_t ldns_key_keytag(const ldns_key *k)
return the keytag
Definition: keys.c:1190
ldns_key_list * ldns_key_list_new()
Creates a new empty key list.
Definition: keys.c:47
void ldns_key_EVP_unload_gost(void)
Release the engine reference held for the GOST engine.
struct ldns_struct_key::@0::@2 hmac
The key can be an HMAC key.
char * ldns_key_get_file_base_name(ldns_key *key)
Returns the &#39;default base name&#39; for key files; IE.
Definition: keys.c:1639
void ldns_key_set_dsa_key(ldns_key *k, DSA *d)
Set the key&#39;s dsa data The dsa data should be freed by the user.
Definition: keys.c:996
uint16_t ldns_key_flags(const ldns_key *k)
return the flag of the key
Definition: keys.c:1172
Definition: keys.h:49
void ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
Set the keylist&#39;s key count to count.
Definition: keys.c:1213
ldns_lookup_table ldns_signing_algorithms[]
Definition: keys.c:23
ldns_key * ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
Creates a new key based on the algorithm.
Definition: keys.c:809
void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
Set the key&#39;s hmac data.
Definition: keys.c:1022
enum ldns_enum_algorithm ldns_algorithm
Definition: keys.h:62
i
Definition: keys.c:681