Changeset View
Changeset View
Standalone View
Standalone View
contrib/ldns/ldns/keys.h
Show First 20 Lines • Show All 49 Lines • ▼ Show 20 Lines | enum ldns_enum_algorithm | ||||
LDNS_RSASHA1 = 5, | LDNS_RSASHA1 = 5, | ||||
LDNS_DSA_NSEC3 = 6, | LDNS_DSA_NSEC3 = 6, | ||||
LDNS_RSASHA1_NSEC3 = 7, | LDNS_RSASHA1_NSEC3 = 7, | ||||
LDNS_RSASHA256 = 8, /* RFC 5702 */ | LDNS_RSASHA256 = 8, /* RFC 5702 */ | ||||
LDNS_RSASHA512 = 10, /* RFC 5702 */ | LDNS_RSASHA512 = 10, /* RFC 5702 */ | ||||
LDNS_ECC_GOST = 12, /* RFC 5933 */ | LDNS_ECC_GOST = 12, /* RFC 5933 */ | ||||
LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */ | LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */ | ||||
LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */ | LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */ | ||||
#ifdef USE_ED25519 | LDNS_ED25519 = 15, /* RFC 8080 */ | ||||
/* this ifdef is internal to ldns, because we do not want to export | LDNS_ED448 = 16, /* RFC 8080 */ | ||||
* the symbol. Users can define it if they want access, | |||||
* the feature is not fully implemented at this time and openssl | |||||
* does not support it fully either (also for ED448). */ | |||||
LDNS_ED25519 = 15, /* draft-ietf-curdle-dnskey-ed25519 */ | |||||
#endif | |||||
#ifdef USE_ED448 | |||||
LDNS_ED448 = 16, /* draft-ietf-curdle-dnskey-ed448 */ | |||||
#endif | |||||
LDNS_INDIRECT = 252, | LDNS_INDIRECT = 252, | ||||
LDNS_PRIVATEDNS = 253, | LDNS_PRIVATEDNS = 253, | ||||
LDNS_PRIVATEOID = 254 | LDNS_PRIVATEOID = 254 | ||||
}; | }; | ||||
typedef enum ldns_enum_algorithm ldns_algorithm; | typedef enum ldns_enum_algorithm ldns_algorithm; | ||||
/** | /** | ||||
* Hashing algorithms used in the DS record | * Hashing algorithms used in the DS record | ||||
Show All 9 Lines | |||||
/** | /** | ||||
* Algorithms used in dns for signing | * Algorithms used in dns for signing | ||||
*/ | */ | ||||
enum ldns_enum_signing_algorithm | enum ldns_enum_signing_algorithm | ||||
{ | { | ||||
LDNS_SIGN_RSAMD5 = LDNS_RSAMD5, | LDNS_SIGN_RSAMD5 = LDNS_RSAMD5, | ||||
LDNS_SIGN_RSASHA1 = LDNS_RSASHA1, | LDNS_SIGN_RSASHA1 = LDNS_RSASHA1, | ||||
#if LDNS_BUILD_CONFIG_USE_DSA | |||||
LDNS_SIGN_DSA = LDNS_DSA, | LDNS_SIGN_DSA = LDNS_DSA, | ||||
#endif /* LDNS_BUILD_CONFIG_USE_DSA */ | |||||
LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3, | LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3, | ||||
LDNS_SIGN_RSASHA256 = LDNS_RSASHA256, | LDNS_SIGN_RSASHA256 = LDNS_RSASHA256, | ||||
LDNS_SIGN_RSASHA512 = LDNS_RSASHA512, | LDNS_SIGN_RSASHA512 = LDNS_RSASHA512, | ||||
#if LDNS_BUILD_CONFIG_USE_DSA | |||||
LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3, | LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3, | ||||
#endif /* LDNS_BUILD_CONFIG_USE_DSA */ | |||||
LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST, | LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST, | ||||
LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256, | LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256, | ||||
LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384, | LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384, | ||||
#ifdef USE_ED25519 | #if LDNS_BUILD_CONFIG_USE_ED25519 | ||||
LDNS_SIGN_ED25519 = LDNS_ED25519, | LDNS_SIGN_ED25519 = LDNS_ED25519, | ||||
#endif | #endif /* LDNS_BUILD_CONFIG_USE_ED25519 */ | ||||
#ifdef USE_ED448 | #if LDNS_BUILD_CONFIG_USE_ED448 | ||||
LDNS_SIGN_ED448 = LDNS_ED448, | LDNS_SIGN_ED448 = LDNS_ED448, | ||||
#endif | #endif /* LDNS_BUILD_CONFIG_USE_ED448 */ | ||||
LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */ | LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */ | ||||
LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */ | LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */ | ||||
LDNS_SIGN_HMACSHA256 = 159, /* ditto */ | LDNS_SIGN_HMACSHA256 = 159, /* ditto */ | ||||
LDNS_SIGN_HMACSHA224 = 162, /* ditto */ | LDNS_SIGN_HMACSHA224 = 162, /* ditto */ | ||||
LDNS_SIGN_HMACSHA384 = 164, /* ditto */ | LDNS_SIGN_HMACSHA384 = 164, /* ditto */ | ||||
LDNS_SIGN_HMACSHA512 = 165 /* ditto */ | LDNS_SIGN_HMACSHA512 = 165 /* ditto */ | ||||
}; | }; | ||||
typedef enum ldns_enum_signing_algorithm ldns_signing_algorithm; | typedef enum ldns_enum_signing_algorithm ldns_signing_algorithm; | ||||
▲ Show 20 Lines • Show All 111 Lines • ▼ Show 20 Lines | |||||
* \return an error or LDNS_STATUS_OK | * \return an error or LDNS_STATUS_OK | ||||
*/ | */ | ||||
ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr); | ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr); | ||||
#if LDNS_BUILD_CONFIG_HAVE_SSL | #if LDNS_BUILD_CONFIG_HAVE_SSL | ||||
/** | /** | ||||
* Read the key with the given id from the given engine and store it | * Read the key with the given id from the given engine and store it | ||||
* in the given ldns_key structure. The algorithm type is set | * in the given ldns_key structure. The algorithm type is set | ||||
* | |||||
* \param[out] key the new ldns_key structure | |||||
* \param[in] e the engine from which to read the key | |||||
* \param[in] key_id the id of the key with which to lookup the key in the engine | |||||
* \param[in] a the algorithm to set for this key | |||||
* \return an error or LDNS_STATUS_OK | |||||
*/ | */ | ||||
ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm); | ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm a); | ||||
/** | /** | ||||
* frm_fp helper function. This function parses the | * frm_fp helper function. This function parses the | ||||
* remainder of the (RSA) priv. key file generated from bind9 | * remainder of the (RSA) priv. key file generated from bind9 | ||||
* \param[in] fp the file to parse | * \param[in] fp the file to parse | ||||
* \return NULL on failure otherwise a RSA structure | * \return NULL on failure otherwise a RSA structure | ||||
*/ | */ | ||||
RSA *ldns_key_new_frm_fp_rsa(FILE *fp); | RSA *ldns_key_new_frm_fp_rsa(FILE *fp); | ||||
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ | |||||
#if LDNS_BUILD_CONFIG_HAVE_SSL | |||||
/** | /** | ||||
* frm_fp helper function. This function parses the | * frm_fp helper function. This function parses the | ||||
* remainder of the (RSA) priv. key file generated from bind9 | * remainder of the (RSA) priv. key file generated from bind9 | ||||
* \param[in] fp the file to parse | * \param[in] fp the file to parse | ||||
* \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) | * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) | ||||
* \return NULL on failure otherwise a RSA structure | * \return NULL on failure otherwise a RSA structure | ||||
*/ | */ | ||||
RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr); | RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr); | ||||
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ | |||||
#if LDNS_BUILD_CONFIG_HAVE_SSL | |||||
# if LDNS_BUILD_CONFIG_USE_DSA | |||||
/** | /** | ||||
* frm_fp helper function. This function parses the | * frm_fp helper function. This function parses the | ||||
* remainder of the (DSA) priv. key file | * remainder of the (DSA) priv. key file | ||||
* \param[in] fp the file to parse | * \param[in] fp the file to parse | ||||
* \return NULL on failure otherwise a RSA structure | * \return NULL on failure otherwise a RSA structure | ||||
*/ | */ | ||||
DSA *ldns_key_new_frm_fp_dsa(FILE *fp); | DSA *ldns_key_new_frm_fp_dsa(FILE *fp); | ||||
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ | |||||
#if LDNS_BUILD_CONFIG_HAVE_SSL | |||||
/** | /** | ||||
* frm_fp helper function. This function parses the | * frm_fp helper function. This function parses the | ||||
* remainder of the (DSA) priv. key file | * remainder of the (DSA) priv. key file | ||||
* \param[in] fp the file to parse | * \param[in] fp the file to parse | ||||
* \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) | * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) | ||||
* \return NULL on failure otherwise a RSA structure | * \return NULL on failure otherwise a RSA structure | ||||
*/ | */ | ||||
DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr); | DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr); | ||||
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ | # endif /* LDNS_BUILD_CONFIG_USE_DSA */ | ||||
#if LDNS_BUILD_CONFIG_HAVE_SSL | |||||
/** | /** | ||||
* frm_fp helper function. This function parses the | * frm_fp helper function. This function parses the | ||||
* remainder of the (HMAC-MD5) key file | * remainder of the (HMAC-MD5) key file | ||||
* This function allocated a buffer that needs to be freed | * This function allocated a buffer that needs to be freed | ||||
* \param[in] fp the file to parse | * \param[in] fp the file to parse | ||||
* \param[out] hmac_size the number of bits in the resulting buffer | * \param[out] hmac_size the number of bits in the resulting buffer | ||||
* \return NULL on failure otherwise a newly allocated char buffer | * \return NULL on failure otherwise a newly allocated char buffer | ||||
*/ | */ | ||||
unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size); | unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size); | ||||
#endif | |||||
#if LDNS_BUILD_CONFIG_HAVE_SSL | |||||
/** | /** | ||||
* frm_fp helper function. This function parses the | * frm_fp helper function. This function parses the | ||||
* remainder of the (HMAC-MD5) key file | * remainder of the (HMAC-MD5) key file | ||||
* This function allocated a buffer that needs to be freed | * This function allocated a buffer that needs to be freed | ||||
* \param[in] fp the file to parse | * \param[in] fp the file to parse | ||||
* \param[in] line_nr pointer to an integer containing the current line number (for error reporting purposes) | * \param[in] line_nr pointer to an integer containing the current line number (for error reporting purposes) | ||||
* \param[out] hmac_size the number of bits in the resulting buffer | * \param[out] hmac_size the number of bits in the resulting buffer | ||||
* \return NULL on failure otherwise a newly allocated char buffer | * \return NULL on failure otherwise a newly allocated char buffer | ||||
*/ | */ | ||||
unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size); | unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size); | ||||
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ | #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ | ||||
/* acces write functions */ | /* access write functions */ | ||||
/** | /** | ||||
* Set the key's algorithm | * Set the key's algorithm | ||||
* \param[in] k the key | * \param[in] k the key | ||||
* \param[in] l the algorithm | * \param[in] l the algorithm | ||||
*/ | */ | ||||
void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l); | void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l); | ||||
#if LDNS_BUILD_CONFIG_HAVE_SSL | #if LDNS_BUILD_CONFIG_HAVE_SSL | ||||
/** | /** | ||||
* Set the key's evp key | * Set the key's evp key | ||||
* \param[in] k the key | * \param[in] k the key | ||||
* \param[in] e the evp key | * \param[in] e the evp key | ||||
*/ | */ | ||||
void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e); | void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e); | ||||
/** | /** | ||||
* Set the key's rsa data. | * Set the key's rsa data. | ||||
* The rsa data should be freed by the user. | * The rsa data should be freed by the user. | ||||
* \param[in] k the key | * \param[in] k the key | ||||
* \param[in] r the rsa data | * \param[in] r the rsa data | ||||
*/ | */ | ||||
void ldns_key_set_rsa_key(ldns_key *k, RSA *r); | void ldns_key_set_rsa_key(ldns_key *k, RSA *r); | ||||
# if LDNS_BUILD_CONFIG_USE_DSA | |||||
/** | /** | ||||
* Set the key's dsa data | * Set the key's dsa data | ||||
* The dsa data should be freed by the user. | * The dsa data should be freed by the user. | ||||
* \param[in] k the key | * \param[in] k the key | ||||
* \param[in] d the dsa data | * \param[in] d the dsa data | ||||
*/ | */ | ||||
void ldns_key_set_dsa_key(ldns_key *k, DSA *d); | void ldns_key_set_dsa_key(ldns_key *k, DSA *d); | ||||
# endif /* LDNS_BUILD_CONFIG_USE_DSA */ | |||||
/** | /** | ||||
* Assign the key's rsa data | * Assign the key's rsa data | ||||
* The rsa data will be freed automatically when the key is freed. | * The rsa data will be freed automatically when the key is freed. | ||||
* \param[in] k the key | * \param[in] k the key | ||||
* \param[in] r the rsa data | * \param[in] r the rsa data | ||||
*/ | */ | ||||
void ldns_key_assign_rsa_key(ldns_key *k, RSA *r); | void ldns_key_assign_rsa_key(ldns_key *k, RSA *r); | ||||
# if LDNS_BUILD_CONFIG_USE_DSA | |||||
/** | /** | ||||
* Assign the key's dsa data | * Assign the key's dsa data | ||||
* The dsa data will be freed automatically when the key is freed. | * The dsa data will be freed automatically when the key is freed. | ||||
* \param[in] k the key | * \param[in] k the key | ||||
* \param[in] d the dsa data | * \param[in] d the dsa data | ||||
*/ | */ | ||||
void ldns_key_assign_dsa_key(ldns_key *k, DSA *d); | void ldns_key_assign_dsa_key(ldns_key *k, DSA *d); | ||||
# endif /* LDNS_BUILD_CONFIG_USE_DSA */ | |||||
/** | /** | ||||
* Get the PKEY id for GOST, loads GOST into openssl as a side effect. | * Get the PKEY id for GOST, loads GOST into openssl as a side effect. | ||||
* Only available if GOST is compiled into the library and openssl. | * Only available if GOST is compiled into the library and openssl. | ||||
* \return the gost id for EVP_CTX creation. | * \return the gost id for EVP_CTX creation. | ||||
*/ | */ | ||||
int ldns_key_EVP_load_gost_id(void); | int ldns_key_EVP_load_gost_id(void); | ||||
▲ Show 20 Lines • Show All 60 Lines • ▼ Show 20 Lines | |||||
* Set the key's flags | * Set the key's flags | ||||
* \param[in] k the key | * \param[in] k the key | ||||
* \param[in] flags the flags | * \param[in] flags the flags | ||||
*/ | */ | ||||
void ldns_key_set_flags(ldns_key *k, uint16_t flags); | void ldns_key_set_flags(ldns_key *k, uint16_t flags); | ||||
/** | /** | ||||
* Set the keylist's key count to count | * Set the keylist's key count to count | ||||
* \param[in] key the key | * \param[in] key the key | ||||
* \param[in] count the cuont | * \param[in] count the count | ||||
*/ | */ | ||||
void ldns_key_list_set_key_count(ldns_key_list *key, size_t count); | void ldns_key_list_set_key_count(ldns_key_list *key, size_t count); | ||||
/** | /** | ||||
* pushes a key to a keylist | * pushes a key to a keylist | ||||
* \param[in] key_list the key_list to push to | * \param[in] key_list the key_list to push to | ||||
* \param[in] key the key to push | * \param[in] key the key to push | ||||
* \return false on error, otherwise true | * \return false on error, otherwise true | ||||
Show All 23 Lines | |||||
*/ | */ | ||||
RSA *ldns_key_rsa_key(const ldns_key *k); | RSA *ldns_key_rsa_key(const ldns_key *k); | ||||
/** | /** | ||||
* returns the (openssl) EVP struct contained in the key | * returns the (openssl) EVP struct contained in the key | ||||
* \param[in] k the key to look in | * \param[in] k the key to look in | ||||
* \return the RSA * structure in the key | * \return the RSA * structure in the key | ||||
*/ | */ | ||||
EVP_PKEY *ldns_key_evp_key(const ldns_key *k); | EVP_PKEY *ldns_key_evp_key(const ldns_key *k); | ||||
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ | |||||
# if LDNS_BUILD_CONFIG_USE_DSA | |||||
/** | /** | ||||
* returns the (openssl) DSA struct contained in the key | * returns the (openssl) DSA struct contained in the key | ||||
*/ | */ | ||||
#if LDNS_BUILD_CONFIG_HAVE_SSL | |||||
DSA *ldns_key_dsa_key(const ldns_key *k); | DSA *ldns_key_dsa_key(const ldns_key *k); | ||||
# endif /* LDNS_BUILD_CONFIG_USE_DSA */ | |||||
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ | #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ | ||||
/** | /** | ||||
* return the signing alg of the key | * return the signing alg of the key | ||||
* \param[in] k the key | * \param[in] k the key | ||||
* \return the algorithm | * \return the algorithm | ||||
*/ | */ | ||||
ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k); | ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k); | ||||
Show All 37 Lines | |||||
* return the key's inception date | * return the key's inception date | ||||
* \param[in] k the key | * \param[in] k the key | ||||
* \return the inception date | * \return the inception date | ||||
*/ | */ | ||||
uint32_t ldns_key_inception(const ldns_key *k); | uint32_t ldns_key_inception(const ldns_key *k); | ||||
/** | /** | ||||
* return the key's expiration date | * return the key's expiration date | ||||
* \param[in] k the key | * \param[in] k the key | ||||
* \return the experiration date | * \return the expiration date | ||||
*/ | */ | ||||
uint32_t ldns_key_expiration(const ldns_key *k); | uint32_t ldns_key_expiration(const ldns_key *k); | ||||
/** | /** | ||||
* return the keytag | * return the keytag | ||||
* \param[in] k the key | * \param[in] k the key | ||||
* \return the keytag | * \return the keytag | ||||
*/ | */ | ||||
uint16_t ldns_key_keytag(const ldns_key *k); | uint16_t ldns_key_keytag(const ldns_key *k); | ||||
▲ Show 20 Lines • Show All 106 Lines • Show Last 20 Lines |