dki.h   [plain text]

/*****************************************************************
**
**	@(#) dki.h -- Header file for DNSsec Key info/manipulation
**
**	Copyright (c) July 2004 - Jan 2005, Holger Zuleger HZnet. All rights reserved.
**
**	This software is open source.
**
**	Redistribution and use in source and binary forms, with or without
**	modification, are permitted provided that the following conditions
**	are met:
**
**	Redistributions of source code must retain the above copyright notice,
**	this list of conditions and the following disclaimer.
**
**	Redistributions in binary form must reproduce the above copyright notice,
**	this list of conditions and the following disclaimer in the documentation
**	and/or other materials provided with the distribution.
**
**	Neither the name of Holger Zuleger HZnet nor the names of its contributors may
**	be used to endorse or promote products derived from this software without
**	specific prior written permission.
**
**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
**	POSSIBILITY OF SUCH DAMAGE.
**
*****************************************************************/
#ifndef DKI_H
# define DKI_H

# ifndef TYPES_H
#  include <sys/types.h>
#  include <stdio.h>
#  include <time.h>
# endif

# define	MAX_LABELSIZE	(255)	
# define	MAX_FNAMESIZE	(1+255+2+3+1+5+1+11)
				/* Kdomain.+ALG+KEYID.type  */
				/* domain == FQDN (max 255) */
				/* ALG == 3; KEYID == 5 chars */
				/* type == key||published|private|depreciated == 11 chars */
//# define	MAX_DNAMESIZE	(254)
# define	MAX_DNAMESIZE	(1023)
				/*   /path/name  /   filename  */
# define	MAX_PATHSIZE	(MAX_DNAMESIZE + 1 + MAX_FNAMESIZE)

/* algorithm types */
# define	DK_ALGO_RSA		1	/* RFC2537 */
# define	DK_ALGO_DH		2	/* RFC2539 */
# define	DK_ALGO_DSA		3	/* RFC2536 (mandatory) */
# define	DK_ALGO_EC		4	/* */
# define	DK_ALGO_RSASHA1		5	/* RFC3110 */
# define	DK_ALGO_NSEC3DSA	6	/* symlink to alg 3 RFC5155 */
# define	DK_ALGO_NSEC3RSASHA1	7	/* symlink to alg 5 RFC5155 */
# define	DK_ALGO_RSASHA256	8	/* RFCxxx */
# define	DK_ALGO_RSASHA512	10	/* RFCxxx */
# define	DK_ALGO_NSEC3RSASHA256	DK_ALGO_RSASHA256	/* same as non nsec algorithm RFCxxx */
# define	DK_ALGO_NSEC3RSASHA512	DK_ALGO_RSASHA512	/* same as non nsec algorithm RFCxxx */

/* protocol types */
# define	DK_PROTO_DNS	3

/* flag bits */
typedef enum {			/*             11 1111 */
				/* 0123 4567 8901 2345 */
	DK_FLAG_KSK=	01,	/* 0000 0000 0000 0001	Bit 15 RFC4034/RFC3757 */
	DK_FLAG_REVOKE=	0200,	/* 0000 0000 1000 0000	Bit 8  RFC5011 */
	DK_FLAG_ZONE=	0400,	/* 0000 0001 0000 0000	Bit 7  RFC4034 */
} dk_flag_t;

/* status types */
typedef enum {
	DKI_SEP=	'e',
	DKI_SECUREENTRYPOINT=	'e',
	DKI_PUB=	'p',
	DKI_PUBLISHED=	'p',
	DKI_ACT=	'a',
	DKI_ACTIVE=	'a',
	DKI_DEP=	'd',
	DKI_DEPRECIATED=	'd',
	DKI_REV=	'r',
	DKI_REVOKED=	'r',
} dk_status_t;

# define	DKI_KEY_FILEEXT	".key"
# define	DKI_PUB_FILEEXT	".published"
# define	DKI_ACT_FILEEXT	".private"
# define	DKI_DEP_FILEEXT	".depreciated"

# define	DKI_KSK	1
# define	DKI_ZSK	0

typedef	struct	dki {
	char	dname[MAX_DNAMESIZE+1];	/* directory */
	char	fname[MAX_FNAMESIZE+1];	/* file name without extension */
	char	name[MAX_LABELSIZE+1];	/* domain name or label */
	ushort	algo;			/* key algorithm */
	ushort	proto;			/* must be 3 (DNSSEC) */
	dk_flag_t	flags;		/* ZONE, optional SEP or REVOKE flag */
	time_t	time;			/* key file time */
	time_t	gentime;		/* key generation time (will be set on key generation and never changed) */
	time_t	exptime;		/* time the key was expired (0L if not) */
	ulong	lifetime;		/* proposed key life time at time of generation */
	uint	tag;			/* key id */
	dk_status_t	status;		/* key exist (".key") and name of private */
					/* key file is ".published", ".private" */
					/* or ".depreciated" */
	char	*pubkey;		/* base64 public key */
	struct	dki	*next;		/* ptr to next entry in list */
} dki_t;

#if defined(USE_TREE) && USE_TREE
/*
 *	Instead of including <search.h>, which contains horrible false function
 *	declarations, we declared it for our usage (Yes, these functions return
 *	the adress of a pointer variable)
 */
typedef enum
{
	/* we change the naming to the new, and more predictive one, used by Knuth */
	PREORDER,	/* preorder,	*/
	INORDER,	/* postorder,	*/
	POSTORDER,	/* endorder,	*/
	LEAF		/* leaf		*/
}
VISIT;

dki_t	**tsearch (const dki_t *dkp, dki_t **tree, int(*compar)(const dki_t *, const dki_t *));
dki_t	**tfind (const dki_t *dkp, const dki_t **tree, int(*compar)(const dki_t *, const dki_t *));
dki_t	**tdelete (const dki_t *dkp, dki_t **tree, int(*compar)(const dki_t *, const dki_t *));
void	twalk (const dki_t *root, void (*action)(const dki_t **nodep, VISIT which, int depth));

extern	void	dki_tfree (dki_t **tree);
extern	dki_t	*dki_tadd (dki_t **tree, dki_t *new, int sub_before);
extern	int	dki_tagcmp (const dki_t *a, const dki_t *b);
extern	int	dki_namecmp (const dki_t *a, const dki_t *b);
extern	int	dki_revnamecmp (const dki_t *a, const dki_t *b);
extern	int	dki_allcmp (const dki_t *a, const dki_t *b);
#endif

extern	dki_t	*dki_read (const char *dir, const char *fname);
extern	int	dki_readdir (const char *dir, dki_t **listp, int recursive);
extern	int	dki_prt_trustedkey (const dki_t *dkp, FILE *fp);
extern	int	dki_prt_dnskey (const dki_t *dkp, FILE *fp);
extern	int	dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl);
extern	int	dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp);
extern	int	dki_prt_comment (const dki_t *dkp, FILE *fp);
extern	int	dki_cmp (const dki_t *a, const dki_t *b);
extern	int	dki_timecmp (const dki_t *a, const dki_t *b);
extern	int	dki_age (const dki_t *dkp, time_t curr);
extern	dk_flag_t	dki_getflag (const dki_t *dkp, time_t curr);
extern	dk_flag_t	dki_setflag (dki_t *dkp, dk_flag_t flag);
extern	dk_flag_t	dki_unsetflag (dki_t *dkp, dk_flag_t flag);
extern	dk_status_t	dki_status (const dki_t *dkp);
extern	const	char	*dki_statusstr (const dki_t *dkp);
extern	int	dki_isksk (const dki_t *dkp);
extern	int	dki_isdepreciated (const dki_t *dkp);
extern	int	dki_isrevoked (const dki_t *dkp);
extern	int	dki_isactive (const dki_t *dkp);
extern	int	dki_ispublished (const dki_t *dkp);
extern	time_t	dki_algo (const dki_t *dkp);
extern	time_t	dki_time (const dki_t *dkp);
extern	time_t	dki_exptime (const dki_t *dkp);
extern	time_t	dki_gentime (const dki_t *dkp);
extern	time_t	dki_lifetime (const dki_t *dkp);
extern	ushort	dki_lifetimedays (const dki_t *dkp);
extern	ushort	dki_setlifetime (dki_t *dkp, int days);
extern	time_t	dki_setexptime (dki_t *dkp, time_t sec);
extern	dki_t	*dki_new (const char *dir, const char *name, int ksk, int algo, int bitsize, const char *rfile, int lf_days);
extern	dki_t	*dki_remove (dki_t *dkp);
extern	dki_t	*dki_destroy (dki_t *dkp);
extern	int	dki_setstatus (dki_t *dkp, int status);
extern	int	dki_setstatus_preservetime (dki_t *dkp, int status);
extern	dki_t	*dki_add (dki_t **dkp, dki_t *new);
extern	const dki_t	*dki_tsearch (const dki_t *tree, int tag, const char *name);
extern	const dki_t	*dki_search (const dki_t *list, int tag, const char *name);
extern	const dki_t	*dki_find (const dki_t *list, int ksk, int status, int first);
extern	const dki_t	*dki_findalgo (const dki_t *list, int ksk, int alg, int status, int no);
extern	void	dki_free (dki_t *dkp);
extern	void	dki_freelist (dki_t **listp);
extern	char	*dki_algo2str (int algo);
extern	char	*dki_algo2sstr (int algo);
extern	const char	*dki_geterrstr (void);

#endif