1266077Sdes/* 2266077Sdes * keyraw.h -- raw key and signature access and conversion 3266077Sdes * 4266077Sdes * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. 5266077Sdes * 6266077Sdes * See LICENSE for the license. 7266077Sdes * 8266077Sdes */ 9266077Sdes 10266077Sdes/** 11266077Sdes * \file 12266077Sdes * 13266077Sdes * raw key and signature access and conversion 14266077Sdes * 15266077Sdes * Since those functions heavily rely op cryptographic operations, 16266077Sdes * this module is dependent on openssl. 17266077Sdes * 18266077Sdes */ 19266077Sdes 20266077Sdes#ifndef LDNS_KEYRAW_H 21266077Sdes#define LDNS_KEYRAW_H 22266077Sdes 23266077Sdes#ifdef __cplusplus 24266077Sdesextern "C" { 25266077Sdes#endif 26266077Sdes#if LDNS_BUILD_CONFIG_HAVE_SSL 27266077Sdes# include <openssl/ssl.h> 28266077Sdes# include <openssl/evp.h> 29266077Sdes#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 30266077Sdes 31266077Sdes/** 32266077Sdes * get the length of the keydata in bits 33266077Sdes * \param[in] keydata the raw key data 34266077Sdes * \param[in] len the length of the keydata 35266077Sdes * \param[in] alg the cryptographic algorithm this is a key for 36266077Sdes * \return the keysize in bits, or 0 on error 37266077Sdes */ 38266077Sdessize_t sldns_rr_dnskey_key_size_raw(const unsigned char *keydata, 39266077Sdes const size_t len, int alg); 40266077Sdes 41266077Sdes/** 42266077Sdes * Calculates keytag of DNSSEC key, operates on wireformat rdata. 43266077Sdes * \param[in] key the key as uncompressed wireformat rdata. 44266077Sdes * \param[in] keysize length of key data. 45266077Sdes * \return the keytag 46266077Sdes */ 47266077Sdesuint16_t sldns_calc_keytag_raw(uint8_t* key, size_t keysize); 48266077Sdes 49266077Sdes#if LDNS_BUILD_CONFIG_HAVE_SSL 50266077Sdes/** 51266077Sdes * Get the PKEY id for GOST, loads GOST into openssl as a side effect. 52266077Sdes * Only available if GOST is compiled into the library and openssl. 53266077Sdes * \return the gost id for EVP_CTX creation. 54266077Sdes */ 55266077Sdesint sldns_key_EVP_load_gost_id(void); 56266077Sdes 57266077Sdes/** Release the engine reference held for the GOST engine. */ 58266077Sdesvoid sldns_key_EVP_unload_gost(void); 59266077Sdes 60266077Sdes/** 61266077Sdes * Like sldns_key_buf2dsa, but uses raw buffer. 62266077Sdes * \param[in] key the uncompressed wireformat of the key. 63266077Sdes * \param[in] len length of key data 64266077Sdes * \return a DSA * structure with the key material 65266077Sdes */ 66266077SdesDSA *sldns_key_buf2dsa_raw(unsigned char* key, size_t len); 67266077Sdes 68266077Sdes/** 69266077Sdes * Converts a holding buffer with key material to EVP PKEY in openssl. 70266077Sdes * Only available if ldns was compiled with GOST. 71266077Sdes * \param[in] key data to convert 72266077Sdes * \param[in] keylen length of the key data 73266077Sdes * \return the key or NULL on error. 74266077Sdes */ 75266077SdesEVP_PKEY* sldns_gost2pkey_raw(unsigned char* key, size_t keylen); 76266077Sdes 77266077Sdes/** 78266077Sdes * Converts a holding buffer with key material to EVP PKEY in openssl. 79266077Sdes * Only available if ldns was compiled with ECDSA. 80266077Sdes * \param[in] key data to convert 81266077Sdes * \param[in] keylen length of the key data 82266077Sdes * \param[in] algo precise algorithm to initialize ECC group values. 83266077Sdes * \return the key or NULL on error. 84266077Sdes */ 85266077SdesEVP_PKEY* sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo); 86266077Sdes 87266077Sdes/** 88266077Sdes * Like sldns_key_buf2rsa, but uses raw buffer. 89266077Sdes * \param[in] key the uncompressed wireformat of the key. 90266077Sdes * \param[in] len length of key data 91266077Sdes * \return a RSA * structure with the key material 92266077Sdes */ 93266077SdesRSA *sldns_key_buf2rsa_raw(unsigned char* key, size_t len); 94266077Sdes 95266077Sdes/** 96266077Sdes * Utility function to calculate hash using generic EVP_MD pointer. 97266077Sdes * \param[in] data the data to hash. 98266077Sdes * \param[in] len length of data. 99266077Sdes * \param[out] dest the destination of the hash, must be large enough. 100266077Sdes * \param[in] md the message digest to use. 101266077Sdes * \return true if worked, false on failure. 102266077Sdes */ 103266077Sdesint sldns_digest_evp(unsigned char* data, unsigned int len, 104266077Sdes unsigned char* dest, const EVP_MD* md); 105266077Sdes 106266077Sdes#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ 107266077Sdes 108266077Sdes#ifdef __cplusplus 109266077Sdes} 110266077Sdes#endif 111266077Sdes 112266077Sdes#endif /* LDNS_KEYRAW_H */ 113