keys.h
Go to the documentation of this file.
1/*
2 *
3 * keys.h
4 *
5 * priv key definitions
6 *
7 * a Net::DNS like library for C
8 *
9 * (c) NLnet Labs, 2005-2006
10 *
11 * See the file LICENSE for the license
12 */
13
21#ifndef LDNS_KEYS_H
22#define LDNS_KEYS_H
23
24#include <ldns/common.h>
25#if LDNS_BUILD_CONFIG_HAVE_SSL
26#include <openssl/ssl.h>
27#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
28#include <ldns/util.h>
29#include <errno.h>
30
31#ifdef __cplusplus
32extern "C" {
33#endif
34
36
37#define LDNS_KEY_ZONE_KEY 0x0100 /* rfc 4034 */
38#define LDNS_KEY_SEP_KEY 0x0001 /* rfc 4034 */
39#define LDNS_KEY_REVOKE_KEY 0x0080 /* rfc 5011 */
40
45{
46 LDNS_RSAMD5 = 1, /* RFC 4034,4035 */
53 LDNS_RSASHA256 = 8, /* RFC 5702 */
54 LDNS_RSASHA512 = 10, /* RFC 5702 */
55 LDNS_ECC_GOST = 12, /* RFC 5933 */
56 LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */
57 LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */
58 LDNS_ED25519 = 15, /* RFC 8080 */
59 LDNS_ED448 = 16, /* RFC 8080 */
62 LDNS_PRIVATEOID = 254
63};
65
70{
71 LDNS_SHA1 = 1, /* RFC 4034 */
72 LDNS_SHA256 = 2, /* RFC 4509 */
73 LDNS_HASH_GOST = 3, /* RFC 5933 */
74 LDNS_SHA384 = 4 /* RFC 6605 */
75};
77
82{
85#if LDNS_BUILD_CONFIG_USE_DSA
87#endif /* LDNS_BUILD_CONFIG_USE_DSA */
91#if LDNS_BUILD_CONFIG_USE_DSA
93#endif /* LDNS_BUILD_CONFIG_USE_DSA */
97#if LDNS_BUILD_CONFIG_USE_ED25519
99#endif /* LDNS_BUILD_CONFIG_USE_ED25519 */
100#if LDNS_BUILD_CONFIG_USE_ED448
102#endif /* LDNS_BUILD_CONFIG_USE_ED448 */
103 LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */
104 LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */
105 LDNS_SIGN_HMACSHA256 = 159, /* ditto */
106 LDNS_SIGN_HMACSHA224 = 162, /* ditto */
107 LDNS_SIGN_HMACSHA384 = 164, /* ditto */
108 LDNS_SIGN_HMACSHA512 = 165 /* ditto */
111
125 bool _use;
127 /* TODO remove unions? */
128 struct {
129#if LDNS_BUILD_CONFIG_HAVE_SSL
130#ifndef S_SPLINT_S
131 /* The key can be an OpenSSL EVP Key
132 */
133 EVP_PKEY *key;
134#endif
135#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
139 struct {
140 unsigned char *key;
141 size_t size;
149 union {
151 struct {
153 uint32_t orig_ttl;
155 uint32_t inception;
157 uint32_t expiration;
159 uint16_t keytag;
161 uint16_t flags;
166};
168
178
179
185
191
200
212
224ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr);
225
226#if LDNS_BUILD_CONFIG_HAVE_SSL
237ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm a);
238
239
246RSA *ldns_key_new_frm_fp_rsa(FILE *fp);
247
255RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr);
256
257
258# if LDNS_BUILD_CONFIG_USE_DSA
265DSA *ldns_key_new_frm_fp_dsa(FILE *fp);
266
274DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr);
275# endif /* LDNS_BUILD_CONFIG_USE_DSA */
276
285unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size);
286
296unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size);
297#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
298
299/* access write functions */
306
307#if LDNS_BUILD_CONFIG_HAVE_SSL
313void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e);
314
321void ldns_key_set_rsa_key(ldns_key *k, RSA *r);
322
323# if LDNS_BUILD_CONFIG_USE_DSA
330void ldns_key_set_dsa_key(ldns_key *k, DSA *d);
331# endif /* LDNS_BUILD_CONFIG_USE_DSA */
332
339void ldns_key_assign_rsa_key(ldns_key *k, RSA *r);
340
341# if LDNS_BUILD_CONFIG_USE_DSA
348void ldns_key_assign_dsa_key(ldns_key *k, DSA *d);
349# endif /* LDNS_BUILD_CONFIG_USE_DSA */
350
357
359void ldns_key_EVP_unload_gost(void);
360#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
361
367void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac);
368
379void ldns_key_set_external_key(ldns_key *key, void *external_key);
380
386void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size);
392void ldns_key_set_origttl(ldns_key *k, uint32_t t);
398void ldns_key_set_inception(ldns_key *k, uint32_t i);
404void ldns_key_set_expiration(ldns_key *k, uint32_t e);
416void ldns_key_set_keytag(ldns_key *k, uint16_t tag);
422void ldns_key_set_flags(ldns_key *k, uint16_t flags);
428void ldns_key_list_set_key_count(ldns_key_list *key, size_t count);
429
436bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key);
437
443size_t ldns_key_list_key_count(const ldns_key_list *key_list);
444
451ldns_key *ldns_key_list_key(const ldns_key_list *key, size_t nr);
452
453#if LDNS_BUILD_CONFIG_HAVE_SSL
459RSA *ldns_key_rsa_key(const ldns_key *k);
465EVP_PKEY *ldns_key_evp_key(const ldns_key *k);
466
467# if LDNS_BUILD_CONFIG_USE_DSA
471DSA *ldns_key_dsa_key(const ldns_key *k);
472# endif /* LDNS_BUILD_CONFIG_USE_DSA */
473#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
474
486void ldns_key_set_use(ldns_key *k, bool v);
492bool ldns_key_use(const ldns_key *k);
498unsigned char *ldns_key_hmac_key(const ldns_key *k);
504void *ldns_key_external_key(const ldns_key *k);
510size_t ldns_key_hmac_size(const ldns_key *k);
516uint32_t ldns_key_origttl(const ldns_key *k);
522uint32_t ldns_key_inception(const ldns_key *k);
528uint32_t ldns_key_expiration(const ldns_key *k);
534uint16_t ldns_key_keytag(const ldns_key *k);
546void
548
554uint16_t ldns_key_flags(const ldns_key *k);
555
562
572ldns_rr *ldns_key2rr(const ldns_key *k);
573
580void ldns_key_print(FILE *output, const ldns_key *k);
581
587void ldns_key_free(ldns_key *key);
588
596
601void ldns_key_list_free(ldns_key_list *key_list);
602
608ldns_rr * ldns_read_anchor_file(const char *filename);
609
620char *ldns_key_get_file_base_name(const ldns_key *key);
621
627int ldns_key_algo_supported(int algo);
628
635
636#ifdef __cplusplus
637}
638#endif
639
640#endif /* LDNS_KEYS_H */
Common definitions for LDNS.
enum ldns_enum_status ldns_status
Definition error.h:148
void ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
Set the keylist's key count to count.
Definition keys.c:1594
uint32_t ldns_key_expiration(const ldns_key *k)
return the key's expiration date
Definition keys.c:1565
void ldns_key_list_set_use(ldns_key_list *keys, signed char v)
Set the 'use' flag for all keys in the list.
Definition keys.c:1584
ldns_key * ldns_key_list_pop_key(ldns_key_list *key_list)
pops the last rr from a keylist
Definition keys.c:1623
void ldns_key_list_free(ldns_key_list *key_list)
Frees a key list structure.
Definition keys.c:2073
void ldns_key_set_use(ldns_key *k, signed char v)
set the use flag
Definition keys.c:1469
ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm a)
Read the key with the given id from the given engine and store it in the given ldns_key structure.
Definition keys.c:116
ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char *name)
Get signing algorithm by name.
Definition keys.c:2164
int ldns_key_algo_supported(int algo)
See if a key algorithm is supported.
Definition keys.c:2153
ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr)
Creates a new private key based on the contents of the file pointed by fp.
Definition keys.c:417
void ldns_key_set_expiration(ldns_key *k, uint32_t e)
Set the key's expiration date (seconds after epoch)
Definition keys.c:1428
RSA * ldns_key_rsa_key(const ldns_key *k)
returns the (openssl) RSA struct contained in the key
Definition keys.c:1494
ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
Creates a new priv key based on the contents of the file pointed by fp.
Definition keys.c:109
void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
Set the key's hmac data.
Definition keys.c:1398
void ldns_key_set_dsa_key(ldns_key *k, DSA *d)
Set the key's dsa data The dsa data should be freed by the user.
Definition keys.c:1364
EVP_PKEY * ldns_key_evp_key(const ldns_key *k)
returns the (openssl) EVP struct contained in the key
Definition keys.c:1488
unsigned char * ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size)
frm_fp helper function.
ldns_key_list * ldns_key_list_new(void)
Creates a new empty key list.
Definition keys.c:70
DSA * ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr)
frm_fp helper function.
ldns_key * ldns_key_new_frm_algorithm(ldns_signing_algorithm a, uint16_t size)
Creates a new key based on the algorithm.
Definition keys.c:1083
void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
Set the key's pubkey owner.
Definition keys.c:1434
char * ldns_key_get_file_base_name(const ldns_key *key)
Returns the 'default base name' for key files; IE.
Definition keys.c:2136
unsigned char * ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size)
frm_fp helper function.
Definition keys.c:1022
void ldns_key_EVP_unload_gost(void)
Release the engine reference held for the GOST engine.
Definition keys.c:188
uint32_t ldns_key_origttl(const ldns_key *k)
return the original ttl of the key
Definition keys.c:1547
int ldns_key_EVP_load_gost_id(void)
Get the PKEY id for GOST, loads GOST into openssl as a side effect.
Definition keys.c:140
ldns_key * ldns_key_new(void)
Creates a new empty key structure.
Definition keys.c:83
signed char ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
pushes a key to a keylist
Definition keys.c:1600
ldns_enum_algorithm
Algorithms used in dns.
Definition keys.h:45
@ LDNS_ED448
Definition keys.h:59
@ LDNS_RSAMD5
Definition keys.h:46
@ LDNS_ECDSAP384SHA384
Definition keys.h:57
@ LDNS_RSASHA1_NSEC3
Definition keys.h:52
@ LDNS_DSA_NSEC3
Definition keys.h:51
@ LDNS_DSA
Definition keys.h:48
@ LDNS_ECDSAP256SHA256
Definition keys.h:56
@ LDNS_ECC_GOST
Definition keys.h:55
@ LDNS_PRIVATEOID
Definition keys.h:62
@ LDNS_PRIVATEDNS
Definition keys.h:61
@ LDNS_DH
Definition keys.h:47
@ LDNS_INDIRECT
Definition keys.h:60
@ LDNS_ECC
Definition keys.h:49
@ LDNS_RSASHA1
Definition keys.h:50
@ LDNS_RSASHA512
Definition keys.h:54
@ LDNS_RSASHA256
Definition keys.h:53
@ LDNS_ED25519
Definition keys.h:58
void ldns_key_print(FILE *output, const ldns_key *k)
print a private key to the file output
Definition keys.c:1323
enum ldns_enum_signing_algorithm ldns_signing_algorithm
Definition keys.h:110
void ldns_key_assign_dsa_key(ldns_key *k, DSA *d)
Assign the key's dsa data The dsa data will be freed automatically when the key is freed.
Definition keys.c:1384
ldns_key * ldns_key_list_key(const ldns_key_list *key, size_t nr)
returns a pointer to the key in the list at the given position
Definition keys.c:1453
size_t ldns_key_hmac_size(const ldns_key *k)
return the hmac key size
Definition keys.c:1531
DSA * ldns_key_dsa_key(const ldns_key *k)
returns the (openssl) DSA struct contained in the key
Definition keys.c:1504
RSA * ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr)
frm_fp helper function.
Definition keys.c:737
uint16_t ldns_key_keytag(const ldns_key *k)
return the keytag
Definition keys.c:1571
void ldns_key_set_origttl(ldns_key *k, uint32_t t)
Set the key's original ttl.
Definition keys.c:1416
ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k)
return the signing alg of the key
Definition keys.c:1463
void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
Set the key's evp key.
Definition keys.c:1350
void ldns_key_set_keytag(ldns_key *k, uint16_t tag)
Set the key's key tag.
Definition keys.c:1440
ldns_rr * ldns_key2rr(const ldns_key *k)
converts a ldns_key to a public key rr If the key data exists at an external point,...
Definition keys.c:1803
void ldns_key_set_flags(ldns_key *k, uint16_t flags)
Set the key's flags.
Definition keys.c:1342
void ldns_key_set_external_key(ldns_key *key, void *external_key)
Set the key id data.
Definition keys.c:1410
void ldns_key_free(ldns_key *key)
frees a key structure, but not its internal data structures
Definition keys.c:2048
ldns_enum_signing_algorithm
Algorithms used in dns for signing.
Definition keys.h:82
@ LDNS_SIGN_RSASHA1
Definition keys.h:84
@ LDNS_SIGN_ECDSAP256SHA256
Definition keys.h:95
@ LDNS_SIGN_DSA_NSEC3
Definition keys.h:92
@ LDNS_SIGN_ECC_GOST
Definition keys.h:94
@ LDNS_SIGN_ED448
Definition keys.h:101
@ LDNS_SIGN_ED25519
Definition keys.h:98
@ LDNS_SIGN_RSASHA1_NSEC3
Definition keys.h:88
@ LDNS_SIGN_HMACSHA224
Definition keys.h:106
@ LDNS_SIGN_ECDSAP384SHA384
Definition keys.h:96
@ LDNS_SIGN_HMACMD5
Definition keys.h:103
@ LDNS_SIGN_RSAMD5
Definition keys.h:83
@ LDNS_SIGN_RSASHA512
Definition keys.h:90
@ LDNS_SIGN_DSA
Definition keys.h:86
@ LDNS_SIGN_RSASHA256
Definition keys.h:89
@ LDNS_SIGN_HMACSHA384
Definition keys.h:107
@ LDNS_SIGN_HMACSHA1
Definition keys.h:104
@ LDNS_SIGN_HMACSHA512
Definition keys.h:108
@ LDNS_SIGN_HMACSHA256
Definition keys.h:105
uint32_t ldns_key_inception(const ldns_key *k)
return the key's inception date
Definition keys.c:1559
ldns_rdf * ldns_key_pubkey_owner(const ldns_key *k)
return the public key's owner
Definition keys.c:1577
enum ldns_enum_hash ldns_hash
Definition keys.h:76
void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
Set the key's hmac size.
Definition keys.c:1404
signed char ldns_key_use(const ldns_key *k)
return the use flag
Definition keys.c:1477
unsigned char * ldns_key_hmac_key(const ldns_key *k)
return the hmac key data
Definition keys.c:1521
ldns_lookup_table ldns_signing_algorithms[]
Definition keys.c:35
void * ldns_key_external_key(const ldns_key *k)
return the key id key data
Definition keys.c:1541
ldns_enum_hash
Hashing algorithms used in the DS record.
Definition keys.h:70
@ LDNS_HASH_GOST
Definition keys.h:73
@ LDNS_SHA256
Definition keys.h:72
@ LDNS_SHA1
Definition keys.h:71
@ LDNS_SHA384
Definition keys.h:74
ldns_rr * ldns_read_anchor_file(const char *filename)
Instantiates a DNSKEY or DS RR from file.
Definition keys.c:2084
uint16_t ldns_key_flags(const ldns_key *k)
return the flag of the key
Definition keys.c:1553
void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l)
Set the key's algorithm.
Definition keys.c:1336
void ldns_key_assign_rsa_key(ldns_key *k, RSA *r)
Assign the key's rsa data The rsa data will be freed automatically when the key is freed.
Definition keys.c:1376
size_t ldns_key_list_key_count(const ldns_key_list *key_list)
returns the number of keys in the key list
Definition keys.c:1447
RSA * ldns_key_new_frm_fp_rsa(FILE *fp)
frm_fp helper function.
Definition keys.c:731
void ldns_key_set_rsa_key(ldns_key *k, RSA *r)
Set the key's rsa data.
Definition keys.c:1356
void ldns_key_deep_free(ldns_key *key)
frees a key structure and all its internal data structures, except the data set by ldns_key_set_exter...
Definition keys.c:2054
void ldns_key_set_inception(ldns_key *k, uint32_t i)
Set the key's inception date (seconds after epoch)
Definition keys.c:1422
enum ldns_enum_algorithm ldns_algorithm
Definition keys.h:64
DSA * ldns_key_new_frm_fp_dsa(FILE *fp)
frm_fp helper function.
Definition keys.c:910
Same as rr_list, but now for keys.
Definition keys.h:173
size_t _key_count
Definition keys.h:174
ldns_key ** _keys
Definition keys.h:175
General key structure, can contain all types of keys that are used in DNSSEC.
Definition keys.h:122
uint32_t inception
The inception date of signatures made with this key.
Definition keys.h:155
struct ldns_struct_key::@1::@3 dnssec
Some values that influence generated signatures.
uint16_t keytag
The keytag of this key.
Definition keys.h:159
signed char _use
Whether to use this key when signing.
Definition keys.h:125
struct ldns_struct_key::@0::@2 hmac
The key can be an HMAC key.
uint32_t expiration
The expiration date of signatures made with this key.
Definition keys.h:157
size_t size
Definition keys.h:141
EVP_PKEY * key
Definition keys.h:133
unsigned char * key
Definition keys.h:140
ldns_rdf * _pubkey_owner
Owner name of the key.
Definition keys.h:165
ldns_signing_algorithm _alg
Definition keys.h:123
union ldns_struct_key::@1 _extra
Depending on the key we can have extra data.
void * external_key
the key structure can also just point to some external key data
Definition keys.h:146
uint16_t flags
The dnssec key flags as specified in RFC4035, like ZSK and KSK.
Definition keys.h:161
uint32_t orig_ttl
The TTL of the rrset that is currently signed.
Definition keys.h:153
struct ldns_struct_key::@0 _key
Storage pointers for the types of keys supported.
A general purpose lookup table.
Definition util.h:156
Resource record data field.
Definition rdata.h:197
Resource Record.
Definition rr.h:318