1238104Sdes/* 2238104Sdes * 3238104Sdes * keys.h 4238104Sdes * 5238104Sdes * priv key definitions 6238104Sdes * 7238104Sdes * a Net::DNS like library for C 8238104Sdes * 9238104Sdes * (c) NLnet Labs, 2005-2006 10238104Sdes * 11238104Sdes * See the file LICENSE for the license 12238104Sdes */ 13238104Sdes 14238104Sdes/** 15238104Sdes * \file 16238104Sdes * 17238104Sdes * Addendum to \ref dnssec.h, this module contains key and algorithm definitions and functions. 18238104Sdes */ 19238104Sdes 20238104Sdes 21238104Sdes#ifndef LDNS_KEYS_H 22238104Sdes#define LDNS_KEYS_H 23238104Sdes 24238104Sdes#include <ldns/common.h> 25238104Sdes#if LDNS_BUILD_CONFIG_HAVE_SSL 26238104Sdes#include <openssl/ssl.h> 27238104Sdes#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 28238104Sdes#include <ldns/util.h> 29238104Sdes#include <errno.h> 30238104Sdes 31238104Sdes#ifdef __cplusplus 32238104Sdesextern "C" { 33238104Sdes#endif 34238104Sdes 35238104Sdesextern ldns_lookup_table ldns_signing_algorithms[]; 36238104Sdes 37238104Sdes#define LDNS_KEY_ZONE_KEY 0x0100 /* rfc 4034 */ 38238104Sdes#define LDNS_KEY_SEP_KEY 0x0001 /* rfc 4034 */ 39238104Sdes#define LDNS_KEY_REVOKE_KEY 0x0080 /* rfc 5011 */ 40238104Sdes 41238104Sdes/** 42238104Sdes * Algorithms used in dns 43238104Sdes */ 44238104Sdesenum ldns_enum_algorithm 45238104Sdes{ 46238104Sdes LDNS_RSAMD5 = 1, /* RFC 4034,4035 */ 47238104Sdes LDNS_DH = 2, 48238104Sdes LDNS_DSA = 3, 49238104Sdes LDNS_ECC = 4, 50238104Sdes LDNS_RSASHA1 = 5, 51238104Sdes LDNS_DSA_NSEC3 = 6, 52238104Sdes LDNS_RSASHA1_NSEC3 = 7, 53238104Sdes LDNS_RSASHA256 = 8, /* RFC 5702 */ 54238104Sdes LDNS_RSASHA512 = 10, /* RFC 5702 */ 55238104Sdes LDNS_ECC_GOST = 12, /* RFC 5933 */ 56238104Sdes LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */ 57238104Sdes LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */ 58238104Sdes LDNS_INDIRECT = 252, 59238104Sdes LDNS_PRIVATEDNS = 253, 60238104Sdes LDNS_PRIVATEOID = 254 61238104Sdes}; 62238104Sdestypedef enum ldns_enum_algorithm ldns_algorithm; 63238104Sdes 64238104Sdes/** 65238104Sdes * Hashing algorithms used in the DS record 66238104Sdes */ 67238104Sdesenum ldns_enum_hash 68238104Sdes{ 69238104Sdes LDNS_SHA1 = 1, /* RFC 4034 */ 70238104Sdes LDNS_SHA256 = 2, /* RFC 4509 */ 71238104Sdes LDNS_HASH_GOST = 3, /* RFC 5933 */ 72238104Sdes LDNS_SHA384 = 4 /* RFC 6605 */ 73238104Sdes}; 74238104Sdestypedef enum ldns_enum_hash ldns_hash; 75238104Sdes 76238104Sdes/** 77238104Sdes * Algorithms used in dns for signing 78238104Sdes */ 79238104Sdesenum ldns_enum_signing_algorithm 80238104Sdes{ 81238104Sdes LDNS_SIGN_RSAMD5 = LDNS_RSAMD5, 82238104Sdes LDNS_SIGN_RSASHA1 = LDNS_RSASHA1, 83238104Sdes LDNS_SIGN_DSA = LDNS_DSA, 84238104Sdes LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3, 85238104Sdes LDNS_SIGN_RSASHA256 = LDNS_RSASHA256, 86238104Sdes LDNS_SIGN_RSASHA512 = LDNS_RSASHA512, 87238104Sdes LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3, 88238104Sdes LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST, 89238104Sdes LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256, 90238104Sdes LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384, 91238104Sdes LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */ 92238104Sdes LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */ 93238104Sdes LDNS_SIGN_HMACSHA256 = 159 /* ditto */ 94238104Sdes}; 95238104Sdestypedef enum ldns_enum_signing_algorithm ldns_signing_algorithm; 96238104Sdes 97238104Sdes/** 98238104Sdes * General key structure, can contain all types of keys that 99238104Sdes * are used in DNSSEC. Mostly used to store private keys, since 100238104Sdes * public keys can also be stored in a \ref ldns_rr with type 101238104Sdes * \ref LDNS_RR_TYPE_DNSKEY. 102238104Sdes * 103238104Sdes * This structure can also store some variables that influence the 104238104Sdes * signatures generated by signing with this key, for instance the 105238104Sdes * inception date. 106238104Sdes */ 107238104Sdesstruct ldns_struct_key { 108238104Sdes ldns_signing_algorithm _alg; 109238104Sdes /** Whether to use this key when signing */ 110238104Sdes bool _use; 111238104Sdes /** Storage pointers for the types of keys supported */ 112238104Sdes /* TODO remove unions? */ 113238104Sdes struct { 114238104Sdes#if LDNS_BUILD_CONFIG_HAVE_SSL 115238104Sdes#ifndef S_SPLINT_S 116238104Sdes /* The key can be an OpenSSL EVP Key 117238104Sdes */ 118238104Sdes EVP_PKEY *key; 119238104Sdes#endif 120238104Sdes#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 121238104Sdes /** 122238104Sdes * The key can be an HMAC key 123238104Sdes */ 124238104Sdes struct { 125238104Sdes unsigned char *key; 126238104Sdes size_t size; 127238104Sdes } hmac; 128238104Sdes /** the key structure can also just point to some external 129238104Sdes * key data 130238104Sdes */ 131238104Sdes void *external_key; 132238104Sdes } _key; 133238104Sdes /** Depending on the key we can have extra data */ 134238104Sdes union { 135238104Sdes /** Some values that influence generated signatures */ 136238104Sdes struct { 137238104Sdes /** The TTL of the rrset that is currently signed */ 138238104Sdes uint32_t orig_ttl; 139238104Sdes /** The inception date of signatures made with this key. */ 140238104Sdes uint32_t inception; 141238104Sdes /** The expiration date of signatures made with this key. */ 142238104Sdes uint32_t expiration; 143238104Sdes /** The keytag of this key. */ 144238104Sdes uint16_t keytag; 145238104Sdes /** The dnssec key flags as specified in RFC4035, like ZSK and KSK */ 146238104Sdes uint16_t flags; 147238104Sdes } dnssec; 148238104Sdes } _extra; 149238104Sdes /** Owner name of the key */ 150238104Sdes ldns_rdf *_pubkey_owner; 151238104Sdes}; 152238104Sdestypedef struct ldns_struct_key ldns_key; 153238104Sdes 154238104Sdes/** 155238104Sdes * Same as rr_list, but now for keys 156238104Sdes */ 157238104Sdesstruct ldns_struct_key_list 158238104Sdes{ 159238104Sdes size_t _key_count; 160238104Sdes ldns_key **_keys; 161238104Sdes}; 162238104Sdestypedef struct ldns_struct_key_list ldns_key_list; 163238104Sdes 164238104Sdes 165238104Sdes/** 166238104Sdes * Creates a new empty key list 167238104Sdes * \return a new ldns_key_list structure pointer 168238104Sdes */ 169246827Sdesldns_key_list *ldns_key_list_new(void); 170238104Sdes 171238104Sdes/** 172238104Sdes * Creates a new empty key structure 173238104Sdes * \return a new ldns_key * structure 174238104Sdes */ 175246827Sdesldns_key *ldns_key_new(void); 176238104Sdes 177238104Sdes/** 178238104Sdes * Creates a new key based on the algorithm 179238104Sdes * 180238104Sdes * \param[in] a The algorithm to use 181238104Sdes * \param[in] size the number of bytes for the keysize 182238104Sdes * \return a new ldns_key structure with the key 183238104Sdes */ 184238104Sdesldns_key *ldns_key_new_frm_algorithm(ldns_signing_algorithm a, uint16_t size); 185238104Sdes 186238104Sdes/** 187238104Sdes * Creates a new priv key based on the 188238104Sdes * contents of the file pointed by fp. 189238104Sdes * 190238104Sdes * The file should be in Private-key-format v1.x. 191238104Sdes * 192238104Sdes * \param[out] k the new ldns_key structure 193238104Sdes * \param[in] fp the file pointer to use 194238104Sdes * \return an error or LDNS_STATUS_OK 195238104Sdes */ 196238104Sdesldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp); 197238104Sdes 198238104Sdes/** 199238104Sdes * Creates a new private key based on the 200238104Sdes * contents of the file pointed by fp 201238104Sdes * 202238104Sdes * The file should be in Private-key-format v1.x. 203238104Sdes * 204238104Sdes * \param[out] k the new ldns_key structure 205238104Sdes * \param[in] fp the file pointer to use 206238104Sdes * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) 207238104Sdes * \return an error or LDNS_STATUS_OK 208238104Sdes */ 209238104Sdesldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr); 210238104Sdes 211238104Sdes#if LDNS_BUILD_CONFIG_HAVE_SSL 212238104Sdes/** 213238104Sdes * Read the key with the given id from the given engine and store it 214238104Sdes * in the given ldns_key structure. The algorithm type is set 215238104Sdes */ 216238104Sdesldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm); 217238104Sdes 218238104Sdes 219238104Sdes/** 220238104Sdes * frm_fp helper function. This function parses the 221238104Sdes * remainder of the (RSA) priv. key file generated from bind9 222238104Sdes * \param[in] fp the file to parse 223238104Sdes * \return NULL on failure otherwise a RSA structure 224238104Sdes */ 225238104SdesRSA *ldns_key_new_frm_fp_rsa(FILE *fp); 226238104Sdes#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 227238104Sdes 228238104Sdes#if LDNS_BUILD_CONFIG_HAVE_SSL 229238104Sdes/** 230238104Sdes * frm_fp helper function. This function parses the 231238104Sdes * remainder of the (RSA) priv. key file generated from bind9 232238104Sdes * \param[in] fp the file to parse 233238104Sdes * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) 234238104Sdes * \return NULL on failure otherwise a RSA structure 235238104Sdes */ 236238104SdesRSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr); 237238104Sdes#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 238238104Sdes 239238104Sdes#if LDNS_BUILD_CONFIG_HAVE_SSL 240238104Sdes/** 241238104Sdes * frm_fp helper function. This function parses the 242238104Sdes * remainder of the (DSA) priv. key file 243238104Sdes * \param[in] fp the file to parse 244238104Sdes * \return NULL on failure otherwise a RSA structure 245238104Sdes */ 246238104SdesDSA *ldns_key_new_frm_fp_dsa(FILE *fp); 247238104Sdes#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 248238104Sdes 249238104Sdes#if LDNS_BUILD_CONFIG_HAVE_SSL 250238104Sdes/** 251238104Sdes * frm_fp helper function. This function parses the 252238104Sdes * remainder of the (DSA) priv. key file 253238104Sdes * \param[in] fp the file to parse 254238104Sdes * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) 255238104Sdes * \return NULL on failure otherwise a RSA structure 256238104Sdes */ 257238104SdesDSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr); 258238104Sdes#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 259238104Sdes 260238104Sdes#if LDNS_BUILD_CONFIG_HAVE_SSL 261238104Sdes/** 262238104Sdes * frm_fp helper function. This function parses the 263238104Sdes * remainder of the (HMAC-MD5) key file 264238104Sdes * This function allocated a buffer that needs to be freed 265238104Sdes * \param[in] fp the file to parse 266238104Sdes * \param[out] hmac_size the number of bits in the resulting buffer 267238104Sdes * \return NULL on failure otherwise a newly allocated char buffer 268238104Sdes */ 269238104Sdesunsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size); 270238104Sdes#endif 271238104Sdes 272238104Sdes#if LDNS_BUILD_CONFIG_HAVE_SSL 273238104Sdes/** 274238104Sdes * frm_fp helper function. This function parses the 275238104Sdes * remainder of the (HMAC-MD5) key file 276238104Sdes * This function allocated a buffer that needs to be freed 277238104Sdes * \param[in] fp the file to parse 278238104Sdes * \param[in] line_nr pointer to an integer containing the current line number (for error reporting purposes) 279238104Sdes * \param[out] hmac_size the number of bits in the resulting buffer 280238104Sdes * \return NULL on failure otherwise a newly allocated char buffer 281238104Sdes */ 282238104Sdesunsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size); 283238104Sdes#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 284238104Sdes 285238104Sdes/* acces write functions */ 286238104Sdes/** 287238104Sdes * Set the key's algorithm 288238104Sdes * \param[in] k the key 289238104Sdes * \param[in] l the algorithm 290238104Sdes */ 291238104Sdesvoid ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l); 292238104Sdes#if LDNS_BUILD_CONFIG_HAVE_SSL 293238104Sdes/** 294238104Sdes * Set the key's evp key 295238104Sdes * \param[in] k the key 296238104Sdes * \param[in] e the evp key 297238104Sdes */ 298238104Sdesvoid ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e); 299238104Sdes 300238104Sdes/** 301246854Sdes * Set the key's rsa data. 302246854Sdes * The rsa data should be freed by the user. 303238104Sdes * \param[in] k the key 304238104Sdes * \param[in] r the rsa data 305238104Sdes */ 306238104Sdesvoid ldns_key_set_rsa_key(ldns_key *k, RSA *r); 307246854Sdes 308238104Sdes/** 309238104Sdes * Set the key's dsa data 310246854Sdes * The dsa data should be freed by the user. 311238104Sdes * \param[in] k the key 312238104Sdes * \param[in] d the dsa data 313238104Sdes */ 314238104Sdesvoid ldns_key_set_dsa_key(ldns_key *k, DSA *d); 315238104Sdes 316246854Sdes/** 317246854Sdes * Assign the key's rsa data 318246854Sdes * The rsa data will be freed automatically when the key is freed. 319246854Sdes * \param[in] k the key 320246854Sdes * \param[in] r the rsa data 321246854Sdes */ 322246854Sdesvoid ldns_key_assign_rsa_key(ldns_key *k, RSA *r); 323246854Sdes 324246854Sdes/** 325246854Sdes * Assign the key's dsa data 326246854Sdes * The dsa data will be freed automatically when the key is freed. 327246854Sdes * \param[in] k the key 328246854Sdes * \param[in] d the dsa data 329246854Sdes */ 330246854Sdesvoid ldns_key_assign_dsa_key(ldns_key *k, DSA *d); 331246854Sdes 332238104Sdes/** 333238104Sdes * Get the PKEY id for GOST, loads GOST into openssl as a side effect. 334238104Sdes * Only available if GOST is compiled into the library and openssl. 335238104Sdes * \return the gost id for EVP_CTX creation. 336238104Sdes */ 337238104Sdesint ldns_key_EVP_load_gost_id(void); 338238104Sdes 339238104Sdes/** Release the engine reference held for the GOST engine. */ 340238104Sdesvoid ldns_key_EVP_unload_gost(void); 341238104Sdes#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 342238104Sdes 343238104Sdes/** 344238104Sdes * Set the key's hmac data 345238104Sdes * \param[in] k the key 346238104Sdes * \param[in] hmac the raw key data 347238104Sdes */ 348238104Sdesvoid ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac); 349238104Sdes 350238104Sdes/** 351238104Sdes * Set the key id data. This is used if the key points to 352238104Sdes * some externally stored key data 353238104Sdes * 354238104Sdes * Only the pointer is set, the data there is not copied, 355238104Sdes * and must be freed manually; ldns_key_deep_free() does 356238104Sdes * *not* free this data 357238104Sdes * \param[in] key the key 358238104Sdes * \param[in] external_key key id data 359238104Sdes */ 360238104Sdesvoid ldns_key_set_external_key(ldns_key *key, void *external_key); 361238104Sdes 362238104Sdes/** 363238104Sdes * Set the key's hmac size 364238104Sdes * \param[in] k the key 365238104Sdes * \param[in] hmac_size the size of the hmac data 366238104Sdes */ 367238104Sdesvoid ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size); 368238104Sdes/** 369238104Sdes * Set the key's original ttl 370238104Sdes * \param[in] k the key 371238104Sdes * \param[in] t the ttl 372238104Sdes */ 373238104Sdesvoid ldns_key_set_origttl(ldns_key *k, uint32_t t); 374238104Sdes/** 375238104Sdes * Set the key's inception date (seconds after epoch) 376238104Sdes * \param[in] k the key 377238104Sdes * \param[in] i the inception 378238104Sdes */ 379238104Sdesvoid ldns_key_set_inception(ldns_key *k, uint32_t i); 380238104Sdes/** 381238104Sdes * Set the key's expiration date (seconds after epoch) 382238104Sdes * \param[in] k the key 383238104Sdes * \param[in] e the expiration 384238104Sdes */ 385238104Sdesvoid ldns_key_set_expiration(ldns_key *k, uint32_t e); 386238104Sdes/** 387238104Sdes * Set the key's pubkey owner 388238104Sdes * \param[in] k the key 389238104Sdes * \param[in] r the owner 390238104Sdes */ 391238104Sdesvoid ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r); 392238104Sdes/** 393238104Sdes * Set the key's key tag 394238104Sdes * \param[in] k the key 395238104Sdes * \param[in] tag the keytag 396238104Sdes */ 397238104Sdesvoid ldns_key_set_keytag(ldns_key *k, uint16_t tag); 398238104Sdes/** 399238104Sdes * Set the key's flags 400238104Sdes * \param[in] k the key 401238104Sdes * \param[in] flags the flags 402238104Sdes */ 403238104Sdesvoid ldns_key_set_flags(ldns_key *k, uint16_t flags); 404238104Sdes/** 405238104Sdes * Set the keylist's key count to count 406238104Sdes * \param[in] key the key 407238104Sdes * \param[in] count the cuont 408238104Sdes */ 409238104Sdesvoid ldns_key_list_set_key_count(ldns_key_list *key, size_t count); 410238104Sdes 411238104Sdes/** 412238104Sdes * pushes a key to a keylist 413238104Sdes * \param[in] key_list the key_list to push to 414238104Sdes * \param[in] key the key to push 415238104Sdes * \return false on error, otherwise true 416238104Sdes */ 417238104Sdesbool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key); 418238104Sdes 419238104Sdes/** 420238104Sdes * returns the number of keys in the key list 421238104Sdes * \param[in] key_list the key_list 422238104Sdes * \return the numbers of keys in the list 423238104Sdes */ 424238104Sdessize_t ldns_key_list_key_count(const ldns_key_list *key_list); 425238104Sdes 426238104Sdes/** 427238104Sdes * returns a pointer to the key in the list at the given position 428238104Sdes * \param[in] key the key 429238104Sdes * \param[in] nr the position in the list 430238104Sdes * \return the key 431238104Sdes */ 432238104Sdesldns_key *ldns_key_list_key(const ldns_key_list *key, size_t nr); 433238104Sdes 434238104Sdes#if LDNS_BUILD_CONFIG_HAVE_SSL 435238104Sdes/** 436238104Sdes * returns the (openssl) RSA struct contained in the key 437238104Sdes * \param[in] k the key to look in 438238104Sdes * \return the RSA * structure in the key 439238104Sdes */ 440238104SdesRSA *ldns_key_rsa_key(const ldns_key *k); 441238104Sdes/** 442238104Sdes * returns the (openssl) EVP struct contained in the key 443238104Sdes * \param[in] k the key to look in 444238104Sdes * \return the RSA * structure in the key 445238104Sdes */ 446238104SdesEVP_PKEY *ldns_key_evp_key(const ldns_key *k); 447238104Sdes#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 448238104Sdes 449238104Sdes/** 450238104Sdes * returns the (openssl) DSA struct contained in the key 451238104Sdes */ 452238104Sdes#if LDNS_BUILD_CONFIG_HAVE_SSL 453238104SdesDSA *ldns_key_dsa_key(const ldns_key *k); 454238104Sdes#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 455238104Sdes 456238104Sdes/** 457238104Sdes * return the signing alg of the key 458238104Sdes * \param[in] k the key 459238104Sdes * \return the algorithm 460238104Sdes */ 461238104Sdesldns_signing_algorithm ldns_key_algorithm(const ldns_key *k); 462238104Sdes/** 463238104Sdes * set the use flag 464238104Sdes * \param[in] k the key 465238104Sdes * \param[in] v the boolean value to set the _use field to 466238104Sdes */ 467238104Sdesvoid ldns_key_set_use(ldns_key *k, bool v); 468238104Sdes/** 469238104Sdes * return the use flag 470238104Sdes * \param[in] k the key 471238104Sdes * \return the boolean value of the _use field 472238104Sdes */ 473238104Sdesbool ldns_key_use(const ldns_key *k); 474238104Sdes/** 475238104Sdes * return the hmac key data 476238104Sdes * \param[in] k the key 477238104Sdes * \return the hmac key data 478238104Sdes */ 479238104Sdesunsigned char *ldns_key_hmac_key(const ldns_key *k); 480238104Sdes/** 481238104Sdes * return the key id key data 482238104Sdes * \param[in] k the key 483238104Sdes * \return the key id data 484238104Sdes */ 485238104Sdesvoid *ldns_key_external_key(const ldns_key *k); 486238104Sdes/** 487238104Sdes * return the hmac key size 488238104Sdes * \param[in] k the key 489238104Sdes * \return the hmac key size 490238104Sdes */ 491238104Sdessize_t ldns_key_hmac_size(const ldns_key *k); 492238104Sdes/** 493238104Sdes * return the original ttl of the key 494238104Sdes * \param[in] k the key 495238104Sdes * \return the original ttl 496238104Sdes */ 497238104Sdesuint32_t ldns_key_origttl(const ldns_key *k); 498238104Sdes/** 499238104Sdes * return the key's inception date 500238104Sdes * \param[in] k the key 501238104Sdes * \return the inception date 502238104Sdes */ 503238104Sdesuint32_t ldns_key_inception(const ldns_key *k); 504238104Sdes/** 505238104Sdes * return the key's expiration date 506238104Sdes * \param[in] k the key 507238104Sdes * \return the experiration date 508238104Sdes */ 509238104Sdesuint32_t ldns_key_expiration(const ldns_key *k); 510238104Sdes/** 511238104Sdes * return the keytag 512238104Sdes * \param[in] k the key 513238104Sdes * \return the keytag 514238104Sdes */ 515238104Sdesuint16_t ldns_key_keytag(const ldns_key *k); 516238104Sdes/** 517238104Sdes * return the public key's owner 518238104Sdes * \param[in] k the key 519238104Sdes * \return the owner 520238104Sdes */ 521238104Sdesldns_rdf *ldns_key_pubkey_owner(const ldns_key *k); 522238104Sdes/** 523238104Sdes * Set the 'use' flag for all keys in the list 524238104Sdes * \param[in] keys The key_list 525238104Sdes * \param[in] v The value to set the use flags to 526238104Sdes */ 527238104Sdesvoid 528238104Sdesldns_key_list_set_use(ldns_key_list *keys, bool v); 529238104Sdes 530238104Sdes/** 531238104Sdes * return the flag of the key 532238104Sdes * \param[in] k the key 533238104Sdes * \return the flag 534238104Sdes */ 535238104Sdesuint16_t ldns_key_flags(const ldns_key *k); 536238104Sdes 537238104Sdes/** 538238104Sdes * pops the last rr from a keylist 539238104Sdes * \param[in] key_list the rr_list to pop from 540238104Sdes * \return NULL if nothing to pop. Otherwise the popped RR 541238104Sdes */ 542238104Sdesldns_key *ldns_key_list_pop_key(ldns_key_list *key_list); 543238104Sdes 544238104Sdes/** 545238104Sdes * converts a ldns_key to a public key rr 546238104Sdes * If the key data exists at an external point, the corresponding 547238104Sdes * rdata field must still be added with ldns_rr_rdf_push() to the 548238104Sdes * result rr of this function 549238104Sdes * 550238104Sdes * \param[in] k the ldns_key to convert 551238104Sdes * \return ldns_rr representation of the key 552238104Sdes */ 553238104Sdesldns_rr *ldns_key2rr(const ldns_key *k); 554238104Sdes 555238104Sdes/** 556238104Sdes * print a private key to the file ouput 557238104Sdes * 558238104Sdes * \param[in] output the FILE descriptor where to print to 559238104Sdes * \param[in] k the ldns_key to print 560238104Sdes */ 561238104Sdesvoid ldns_key_print(FILE *output, const ldns_key *k); 562238104Sdes 563238104Sdes/** 564238104Sdes * frees a key structure, but not its internal data structures 565238104Sdes * 566238104Sdes * \param[in] key the key object to free 567238104Sdes */ 568238104Sdesvoid ldns_key_free(ldns_key *key); 569238104Sdes 570238104Sdes/** 571238104Sdes * frees a key structure and all its internal data structures, except 572238104Sdes * the data set by ldns_key_set_external_key() 573238104Sdes * 574238104Sdes * \param[in] key the key object to free 575238104Sdes */ 576238104Sdesvoid ldns_key_deep_free(ldns_key *key); 577238104Sdes 578238104Sdes/** 579238104Sdes * Frees a key list structure 580238104Sdes * \param[in] key_list the key list object to free 581238104Sdes */ 582238104Sdesvoid ldns_key_list_free(ldns_key_list *key_list); 583238104Sdes 584238104Sdes/** 585238104Sdes * Instantiates a DNSKEY or DS RR from file. 586238104Sdes * \param[in] filename the file to read the record from 587238104Sdes * \return the corresponding RR, or NULL if the parsing failed 588238104Sdes */ 589238104Sdesldns_rr * ldns_read_anchor_file(const char *filename); 590238104Sdes 591238104Sdes/** 592238104Sdes * Returns the 'default base name' for key files; 593238104Sdes * IE. K\<zone\>+\<alg\>+\<keytag\> 594238104Sdes * (without the .key or .private) 595238104Sdes * The memory for this is allocated by this function, 596238104Sdes * and should be freed by the caller 597238104Sdes * 598238104Sdes * \param[in] key the key to get the file name from 599238104Sdes * \returns A string containing the file base name 600238104Sdes */ 601238104Sdeschar *ldns_key_get_file_base_name(ldns_key *key); 602238104Sdes 603238104Sdes/** 604238104Sdes * See if a key algorithm is supported 605238104Sdes * \param[in] algo the signing algorithm number. 606238104Sdes * \returns true if supported. 607238104Sdes */ 608238104Sdesint ldns_key_algo_supported(int algo); 609238104Sdes 610238104Sdes/** 611238104Sdes * Get signing algorithm by name. Comparison is case insensitive. 612238104Sdes * \param[in] name string with the name. 613238104Sdes * \returns 0 on parse failure or the algorithm number. 614238104Sdes */ 615238104Sdesldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name); 616238104Sdes 617238104Sdes#ifdef __cplusplus 618238104Sdes} 619238104Sdes#endif 620238104Sdes 621238104Sdes#endif /* LDNS_KEYS_H */ 622