keys.h
Go to the documentation of this file.
1 /*
2  *
3  * keys.h
4  *
5  * priv key definitions
6  *
7  * a Net::DNS like library for C
8  *
9  * (c) NLnet Labs, 2005-2006
10  *
11  * See the file LICENSE for the license
12  */
13 
21 #ifndef LDNS_KEYS_H
22 #define LDNS_KEYS_H
23 
24 #include <ldns/common.h>
25 #if LDNS_BUILD_CONFIG_HAVE_SSL
26 #include <openssl/ssl.h>
27 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
28 #include <ldns/util.h>
29 #include <errno.h>
30 
31 #ifdef __cplusplus
32 extern "C" {
33 #endif
34 
36 
37 #define LDNS_KEY_ZONE_KEY 0x0100 /* rfc 4034 */
38 #define LDNS_KEY_SEP_KEY 0x0001 /* rfc 4034 */
39 #define LDNS_KEY_REVOKE_KEY 0x0080 /* rfc 5011 */
40 
45 {
46  LDNS_RSAMD5 = 1, /* RFC 4034,4035 */
47  LDNS_DH = 2,
48  LDNS_DSA = 3,
49  LDNS_ECC = 4,
53  LDNS_RSASHA256 = 8, /* RFC 5702 */
54  LDNS_RSASHA512 = 10, /* RFC 5702 */
55  LDNS_ECC_GOST = 12, /* RFC 5933 */
56  LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */
57  LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */
58  LDNS_ED25519 = 15, /* RFC 8080 */
59  LDNS_ED448 = 16, /* RFC 8080 */
63 };
65 
70 {
71  LDNS_SHA1 = 1, /* RFC 4034 */
72  LDNS_SHA256 = 2, /* RFC 4509 */
73  LDNS_HASH_GOST = 3, /* RFC 5933 */
74  LDNS_SHA384 = 4 /* RFC 6605 */
75 };
77 
82 {
85 #if LDNS_BUILD_CONFIG_USE_DSA
87 #endif /* LDNS_BUILD_CONFIG_USE_DSA */
91 #if LDNS_BUILD_CONFIG_USE_DSA
93 #endif /* LDNS_BUILD_CONFIG_USE_DSA */
97 #if LDNS_BUILD_CONFIG_USE_ED25519
99 #endif /* LDNS_BUILD_CONFIG_USE_ED25519 */
100 #if LDNS_BUILD_CONFIG_USE_ED448
102 #endif /* LDNS_BUILD_CONFIG_USE_ED448 */
103  LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */
104  LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */
105  LDNS_SIGN_HMACSHA256 = 159, /* ditto */
106  LDNS_SIGN_HMACSHA224 = 162, /* ditto */
107  LDNS_SIGN_HMACSHA384 = 164, /* ditto */
108  LDNS_SIGN_HMACSHA512 = 165 /* ditto */
109 };
111 
125  bool _use;
127  /* TODO remove unions? */
128  struct {
129 #if LDNS_BUILD_CONFIG_HAVE_SSL
130 #ifndef S_SPLINT_S
131  /* The key can be an OpenSSL EVP Key
132  */
133  EVP_PKEY *key;
134 #endif
135 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
136 
139  struct {
140  unsigned char *key;
141  size_t size;
142  } hmac;
147  } _key;
149  union {
151  struct {
153  uint32_t orig_ttl;
155  uint32_t inception;
157  uint32_t expiration;
159  uint16_t keytag;
161  uint16_t flags;
162  } dnssec;
163  } _extra;
166 };
167 typedef struct ldns_struct_key ldns_key;
168 
173 {
174  size_t _key_count;
176 };
178 
179 
185 
190 ldns_key *ldns_key_new(void);
191 
200 
212 
224 ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr);
225 
226 #if LDNS_BUILD_CONFIG_HAVE_SSL
227 
237 ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm a);
238 
239 
246 RSA *ldns_key_new_frm_fp_rsa(FILE *fp);
247 
255 RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr);
256 
257 
258 # if LDNS_BUILD_CONFIG_USE_DSA
259 
265 DSA *ldns_key_new_frm_fp_dsa(FILE *fp);
266 
274 DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr);
275 # endif /* LDNS_BUILD_CONFIG_USE_DSA */
276 
285 unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size);
286 
296 unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size);
297 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
298 
299 /* access write functions */
306 
307 #if LDNS_BUILD_CONFIG_HAVE_SSL
308 
313 void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e);
314 
321 void ldns_key_set_rsa_key(ldns_key *k, RSA *r);
322 
323 # if LDNS_BUILD_CONFIG_USE_DSA
324 
330 void ldns_key_set_dsa_key(ldns_key *k, DSA *d);
331 # endif /* LDNS_BUILD_CONFIG_USE_DSA */
332 
339 void ldns_key_assign_rsa_key(ldns_key *k, RSA *r);
340 
341 # if LDNS_BUILD_CONFIG_USE_DSA
342 
348 void ldns_key_assign_dsa_key(ldns_key *k, DSA *d);
349 # endif /* LDNS_BUILD_CONFIG_USE_DSA */
350 
356 int ldns_key_EVP_load_gost_id(void);
357 
359 void ldns_key_EVP_unload_gost(void);
360 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
361 
367 void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac);
368 
379 void ldns_key_set_external_key(ldns_key *key, void *external_key);
380 
386 void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size);
392 void ldns_key_set_origttl(ldns_key *k, uint32_t t);
398 void ldns_key_set_inception(ldns_key *k, uint32_t i);
404 void ldns_key_set_expiration(ldns_key *k, uint32_t e);
416 void ldns_key_set_keytag(ldns_key *k, uint16_t tag);
422 void ldns_key_set_flags(ldns_key *k, uint16_t flags);
428 void ldns_key_list_set_key_count(ldns_key_list *key, size_t count);
429 
436 bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key);
437 
443 size_t ldns_key_list_key_count(const ldns_key_list *key_list);
444 
451 ldns_key *ldns_key_list_key(const ldns_key_list *key, size_t nr);
452 
453 #if LDNS_BUILD_CONFIG_HAVE_SSL
454 
459 RSA *ldns_key_rsa_key(const ldns_key *k);
465 EVP_PKEY *ldns_key_evp_key(const ldns_key *k);
466 
467 # if LDNS_BUILD_CONFIG_USE_DSA
468 
471 DSA *ldns_key_dsa_key(const ldns_key *k);
472 # endif /* LDNS_BUILD_CONFIG_USE_DSA */
473 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
474 
486 void ldns_key_set_use(ldns_key *k, bool v);
492 bool ldns_key_use(const ldns_key *k);
498 unsigned char *ldns_key_hmac_key(const ldns_key *k);
504 void *ldns_key_external_key(const ldns_key *k);
510 size_t ldns_key_hmac_size(const ldns_key *k);
516 uint32_t ldns_key_origttl(const ldns_key *k);
522 uint32_t ldns_key_inception(const ldns_key *k);
528 uint32_t ldns_key_expiration(const ldns_key *k);
534 uint16_t ldns_key_keytag(const ldns_key *k);
546 void
547 ldns_key_list_set_use(ldns_key_list *keys, bool v);
548 
554 uint16_t ldns_key_flags(const ldns_key *k);
555 
562 
572 ldns_rr *ldns_key2rr(const ldns_key *k);
573 
580 void ldns_key_print(FILE *output, const ldns_key *k);
581 
587 void ldns_key_free(ldns_key *key);
588 
595 void ldns_key_deep_free(ldns_key *key);
596 
601 void ldns_key_list_free(ldns_key_list *key_list);
602 
608 ldns_rr * ldns_read_anchor_file(const char *filename);
609 
620 char *ldns_key_get_file_base_name(const ldns_key *key);
621 
627 int ldns_key_algo_supported(int algo);
628 
635 
636 #ifdef __cplusplus
637 }
638 #endif
639 
640 #endif /* LDNS_KEYS_H */
void ldns_key_set_dsa_key(ldns_key *k, DSA *d)
Set the key's dsa data The dsa data should be freed by the user.
Definition: keys.c:1364
ldns_key * ldns_key_list_key(const ldns_key_list *key, size_t nr)
returns a pointer to the key in the list at the given position
Definition: keys.c:1453
@ LDNS_ED25519
Definition: keys.h:58
void ldns_key_set_external_key(ldns_key *key, void *external_key)
Set the key id data.
Definition: keys.c:1410
enum ldns_enum_hash ldns_hash
Definition: keys.h:76
@ LDNS_SIGN_HMACMD5
Definition: keys.h:103
void ldns_key_set_rsa_key(ldns_key *k, RSA *r)
Set the key's rsa data.
Definition: keys.c:1356
DSA * ldns_key_new_frm_fp_dsa(FILE *fp)
frm_fp helper function.
Definition: keys.c:910
void ldns_key_deep_free(ldns_key *key)
frees a key structure and all its internal data structures, except the data set by ldns_key_set_exter...
Definition: keys.c:2054
size_t ldns_key_list_key_count(const ldns_key_list *key_list)
returns the number of keys in the key list
Definition: keys.c:1447
ldns_key * ldns_key_new(void)
Creates a new empty key structure.
Definition: keys.c:79
@ LDNS_ECC_GOST
Definition: keys.h:55
void * external_key
the key structure can also just point to some external key data
Definition: keys.h:146
void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
Set the key's hmac data.
Definition: keys.c:1398
void ldns_key_EVP_unload_gost(void)
Release the engine reference held for the GOST engine.
Definition: keys.c:188
Resource Record.
Definition: rr.h:309
void ldns_key_set_inception(ldns_key *k, uint32_t i)
Set the key's inception date (seconds after epoch)
Definition: keys.c:1422
uint32_t expiration
The expiration date of signatures made with this key.
Definition: keys.h:157
ldns_key * ldns_key_new_frm_algorithm(ldns_signing_algorithm a, uint16_t size)
Creates a new key based on the algorithm.
Definition: keys.c:1083
int ldns_key_EVP_load_gost_id(void)
Get the PKEY id for GOST, loads GOST into openssl as a side effect.
Definition: keys.c:140
void ldns_key_set_keytag(ldns_key *k, uint16_t tag)
Set the key's key tag.
Definition: keys.c:1440
void ldns_key_list_free(ldns_key_list *key_list)
Frees a key list structure.
Definition: keys.c:2073
ldns_signing_algorithm _alg
Definition: keys.h:123
EVP_PKEY * ldns_key_evp_key(const ldns_key *k)
returns the (openssl) EVP struct contained in the key
Definition: keys.c:1488
@ LDNS_RSASHA1_NSEC3
Definition: keys.h:52
void ldns_key_assign_dsa_key(ldns_key *k, DSA *d)
Assign the key's dsa data The dsa data will be freed automatically when the key is freed.
Definition: keys.c:1384
@ LDNS_SIGN_ED25519
Definition: keys.h:98
Same as rr_list, but now for keys.
Definition: keys.h:172
@ LDNS_SIGN_HMACSHA256
Definition: keys.h:105
ldns_key * ldns_key_list_pop_key(ldns_key_list *key_list)
pops the last rr from a keylist
Definition: keys.c:1623
@ LDNS_SIGN_ECDSAP256SHA256
Definition: keys.h:95
struct ldns_struct_key::@1::@3 dnssec
Some values that influence generated signatures.
uint32_t ldns_key_origttl(const ldns_key *k)
return the original ttl of the key
Definition: keys.c:1547
@ LDNS_SIGN_HMACSHA224
Definition: keys.h:106
ldns_key ** _keys
Definition: keys.h:175
void ldns_key_set_expiration(ldns_key *k, uint32_t e)
Set the key's expiration date (seconds after epoch)
Definition: keys.c:1428
union ldns_struct_key::@1 _extra
Depending on the key we can have extra data.
void * ldns_key_external_key(const ldns_key *k)
return the key id key data
Definition: keys.c:1541
uint32_t ldns_key_inception(const ldns_key *k)
return the key's inception date
Definition: keys.c:1559
void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
Set the key's pubkey owner.
Definition: keys.c:1434
@ LDNS_SIGN_HMACSHA1
Definition: keys.h:104
signed char _use
Whether to use this key when signing.
Definition: keys.h:125
@ LDNS_SIGN_HMACSHA512
Definition: keys.h:108
signed char ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
pushes a key to a keylist
Definition: keys.c:1600
void ldns_key_set_flags(ldns_key *k, uint16_t flags)
Set the key's flags.
Definition: keys.c:1342
ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char *name)
Get signing algorithm by name.
Definition: keys.c:2164
signed char ldns_key_use(const ldns_key *k)
return the use flag
Definition: keys.c:1477
char * ldns_key_get_file_base_name(const ldns_key *key)
Returns the 'default base name' for key files; IE.
Definition: keys.c:2136
@ LDNS_SIGN_ECC_GOST
Definition: keys.h:94
@ LDNS_SIGN_RSASHA1
Definition: keys.h:84
RSA * ldns_key_rsa_key(const ldns_key *k)
returns the (openssl) RSA struct contained in the key
Definition: keys.c:1494
size_t ldns_key_hmac_size(const ldns_key *k)
return the hmac key size
Definition: keys.c:1531
ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr)
Creates a new private key based on the contents of the file pointed by fp.
Definition: keys.c:417
ldns_enum_signing_algorithm
Algorithms used in dns for signing.
Definition: keys.h:81
DSA * ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr)
frm_fp helper function.
ldns_enum_algorithm
Algorithms used in dns.
Definition: keys.h:44
unsigned char * ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size)
frm_fp helper function.
Definition: keys.c:1022
void ldns_key_list_set_use(ldns_key_list *keys, signed char v)
Set the 'use' flag for all keys in the list.
uint16_t flags
The dnssec key flags as specified in RFC4035, like ZSK and KSK.
Definition: keys.h:161
@ LDNS_SIGN_RSASHA512
Definition: keys.h:90
@ LDNS_SHA384
Definition: keys.h:74
void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l)
Set the key's algorithm.
Definition: keys.c:1336
void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
Set the key's evp key.
Definition: keys.c:1350
General key structure, can contain all types of keys that are used in DNSSEC.
Definition: keys.h:122
@ LDNS_INDIRECT
Definition: keys.h:60
unsigned char * ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size)
frm_fp helper function.
void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
Set the key's hmac size.
Definition: keys.c:1404
DSA * ldns_key_dsa_key(const ldns_key *k)
returns the (openssl) DSA struct contained in the key
Definition: keys.c:1504
@ LDNS_ECDSAP256SHA256
Definition: keys.h:56
@ LDNS_ECDSAP384SHA384
Definition: keys.h:57
ldns_rdf * _pubkey_owner
Owner name of the key.
Definition: keys.h:165
enum ldns_enum_status ldns_status
Definition: error.h:146
@ LDNS_SHA1
Definition: keys.h:71
@ LDNS_RSASHA512
Definition: keys.h:54
@ LDNS_SIGN_HMACSHA384
Definition: keys.h:107
uint32_t ldns_key_expiration(const ldns_key *k)
return the key's expiration date
Definition: keys.c:1565
A general purpose lookup table.
Definition: util.h:156
@ LDNS_SIGN_DSA
Definition: keys.h:86
@ LDNS_SHA256
Definition: keys.h:72
@ LDNS_PRIVATEOID
Definition: keys.h:62
@ LDNS_ECC
Definition: keys.h:49
void ldns_key_set_origttl(ldns_key *k, uint32_t t)
Set the key's original ttl.
Definition: keys.c:1416
Resource record data field.
Definition: rdata.h:196
@ LDNS_DSA_NSEC3
Definition: keys.h:51
ldns_rr * ldns_key2rr(const ldns_key *k)
converts a ldns_key to a public key rr If the key data exists at an external point,...
Definition: keys.c:1803
@ LDNS_RSASHA1
Definition: keys.h:50
RSA * ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr)
frm_fp helper function.
Definition: keys.c:737
ldns_enum_hash
Hashing algorithms used in the DS record.
Definition: keys.h:69
RSA * ldns_key_new_frm_fp_rsa(FILE *fp)
frm_fp helper function.
Definition: keys.c:731
enum ldns_enum_algorithm ldns_algorithm
Definition: keys.h:64
void ldns_key_free(ldns_key *key)
frees a key structure, but not its internal data structures
Definition: keys.c:2048
ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
Creates a new priv key based on the contents of the file pointed by fp.
Definition: keys.c:105
unsigned char * key
Definition: keys.h:140
@ LDNS_RSASHA256
Definition: keys.h:53
@ LDNS_SIGN_DSA_NSEC3
Definition: keys.h:92
@ LDNS_RSAMD5
Definition: keys.h:46
ldns_rdf * ldns_key_pubkey_owner(const ldns_key *k)
return the public key's owner
Definition: keys.c:1577
unsigned char * ldns_key_hmac_key(const ldns_key *k)
return the hmac key data
Definition: keys.c:1521
void ldns_key_assign_rsa_key(ldns_key *k, RSA *r)
Assign the key's rsa data The rsa data will be freed automatically when the key is freed.
Definition: keys.c:1376
EVP_PKEY * key
Definition: keys.h:133
uint16_t ldns_key_keytag(const ldns_key *k)
return the keytag
Definition: keys.c:1571
void ldns_key_set_use(ldns_key *k, signed char v)
set the use flag
@ LDNS_DH
Definition: keys.h:47
@ LDNS_SIGN_RSASHA256
Definition: keys.h:89
@ LDNS_SIGN_RSAMD5
Definition: keys.h:83
void ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
Set the keylist's key count to count.
Definition: keys.c:1594
uint16_t keytag
The keytag of this key.
Definition: keys.h:159
enum ldns_enum_signing_algorithm ldns_signing_algorithm
Definition: keys.h:110
uint16_t ldns_key_flags(const ldns_key *k)
return the flag of the key
Definition: keys.c:1553
@ LDNS_HASH_GOST
Definition: keys.h:73
void ldns_key_print(FILE *output, const ldns_key *k)
print a private key to the file output
Definition: keys.c:1323
size_t _key_count
Definition: keys.h:174
ldns_rr * ldns_read_anchor_file(const char *filename)
Instantiates a DNSKEY or DS RR from file.
Definition: keys.c:2084
@ LDNS_PRIVATEDNS
Definition: keys.h:61
@ LDNS_SIGN_RSASHA1_NSEC3
Definition: keys.h:88
ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm a)
Read the key with the given id from the given engine and store it in the given ldns_key structure.
Definition: keys.c:112
@ LDNS_ED448
Definition: keys.h:59
ldns_lookup_table ldns_signing_algorithms[]
Definition: keys.c:31
ldns_key_list * ldns_key_list_new(void)
Creates a new empty key list.
Definition: keys.c:66
ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k)
return the signing alg of the key
Definition: keys.c:1463
size_t size
Definition: keys.h:141
int ldns_key_algo_supported(int algo)
See if a key algorithm is supported.
Definition: keys.c:2153
@ LDNS_DSA
Definition: keys.h:48
uint32_t orig_ttl
The TTL of the rrset that is currently signed.
Definition: keys.h:153
struct ldns_struct_key::@0 _key
Storage pointers for the types of keys supported.
@ LDNS_SIGN_ED448
Definition: keys.h:101
@ LDNS_SIGN_ECDSAP384SHA384
Definition: keys.h:96
uint32_t inception
The inception date of signatures made with this key.
Definition: keys.h:155
struct ldns_struct_key::@0::@2 hmac
The key can be an HMAC key.