1/* 2 * Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC") 3 * Copyright (C) 1999-2001, 2003 Internet Software Consortium. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15 * PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18/* $Id: keyvalues.h,v 1.29 2010/12/23 23:47:08 tbox Exp $ */ 19 20#ifndef DNS_KEYVALUES_H 21#define DNS_KEYVALUES_H 1 22 23/*! \file dns/keyvalues.h */ 24 25/* 26 * Flags field of the KEY RR rdata 27 */ 28#define DNS_KEYFLAG_TYPEMASK 0xC000 /*%< Mask for "type" bits */ 29#define DNS_KEYTYPE_AUTHCONF 0x0000 /*%< Key usable for both */ 30#define DNS_KEYTYPE_CONFONLY 0x8000 /*%< Key usable for confidentiality */ 31#define DNS_KEYTYPE_AUTHONLY 0x4000 /*%< Key usable for authentication */ 32#define DNS_KEYTYPE_NOKEY 0xC000 /*%< No key usable for either; no key */ 33#define DNS_KEYTYPE_NOAUTH DNS_KEYTYPE_CONFONLY 34#define DNS_KEYTYPE_NOCONF DNS_KEYTYPE_AUTHONLY 35 36#define DNS_KEYFLAG_RESERVED2 0x2000 /*%< reserved - must be zero */ 37#define DNS_KEYFLAG_EXTENDED 0x1000 /*%< key has extended flags */ 38#define DNS_KEYFLAG_RESERVED4 0x0800 /*%< reserved - must be zero */ 39#define DNS_KEYFLAG_RESERVED5 0x0400 /*%< reserved - must be zero */ 40#define DNS_KEYFLAG_OWNERMASK 0x0300 /*%< these bits determine the type */ 41#define DNS_KEYOWNER_USER 0x0000 /*%< key is assoc. with user */ 42#define DNS_KEYOWNER_ENTITY 0x0200 /*%< key is assoc. with entity eg host */ 43#define DNS_KEYOWNER_ZONE 0x0100 /*%< key is zone key */ 44#define DNS_KEYOWNER_RESERVED 0x0300 /*%< reserved meaning */ 45#define DNS_KEYFLAG_REVOKE 0x0080 /*%< key revoked (per rfc5011) */ 46#define DNS_KEYFLAG_RESERVED9 0x0040 /*%< reserved - must be zero */ 47#define DNS_KEYFLAG_RESERVED10 0x0020 /*%< reserved - must be zero */ 48#define DNS_KEYFLAG_RESERVED11 0x0010 /*%< reserved - must be zero */ 49#define DNS_KEYFLAG_SIGNATORYMASK 0x000F /*%< key can sign RR's of same name */ 50 51#define DNS_KEYFLAG_RESERVEDMASK (DNS_KEYFLAG_RESERVED2 | \ 52 DNS_KEYFLAG_RESERVED4 | \ 53 DNS_KEYFLAG_RESERVED5 | \ 54 DNS_KEYFLAG_RESERVED9 | \ 55 DNS_KEYFLAG_RESERVED10 | \ 56 DNS_KEYFLAG_RESERVED11 ) 57#define DNS_KEYFLAG_KSK 0x0001 /*%< key signing key */ 58 59#define DNS_KEYFLAG_RESERVEDMASK2 0xFFFF /*%< no bits defined here */ 60 61/* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */ 62#define DNS_KEYALG_RSAMD5 1 /*%< RSA with MD5 */ 63#define DNS_KEYALG_RSA DNS_KEYALG_RSAMD5 64#define DNS_KEYALG_DH 2 /*%< Diffie Hellman KEY */ 65#define DNS_KEYALG_DSA 3 /*%< DSA KEY */ 66#define DNS_KEYALG_NSEC3DSA 6 67#define DNS_KEYALG_DSS DNS_ALG_DSA 68#define DNS_KEYALG_ECC 4 69#define DNS_KEYALG_RSASHA1 5 70#define DNS_KEYALG_NSEC3RSASHA1 7 71#define DNS_KEYALG_RSASHA256 8 72#define DNS_KEYALG_RSASHA512 10 73#define DNS_KEYALG_ECCGOST 12 74#define DNS_KEYALG_INDIRECT 252 75#define DNS_KEYALG_PRIVATEDNS 253 76#define DNS_KEYALG_PRIVATEOID 254 /*%< Key begins with OID giving alg */ 77 78/* Protocol values */ 79#define DNS_KEYPROTO_RESERVED 0 80#define DNS_KEYPROTO_TLS 1 81#define DNS_KEYPROTO_EMAIL 2 82#define DNS_KEYPROTO_DNSSEC 3 83#define DNS_KEYPROTO_IPSEC 4 84#define DNS_KEYPROTO_ANY 255 85 86/* Signatures */ 87#define DNS_SIG_RSAMINBITS 512 /*%< Size of a mod or exp in bits */ 88#define DNS_SIG_RSAMAXBITS 2552 89 /* Total of binary mod and exp */ 90#define DNS_SIG_RSAMAXBYTES ((DNS_SIG_RSAMAXBITS+7/8)*2+3) 91 /*%< Max length of text sig block */ 92#define DNS_SIG_RSAMAXBASE64 (((DNS_SIG_RSAMAXBYTES+2)/3)*4) 93#define DNS_SIG_RSAMINSIZE ((DNS_SIG_RSAMINBITS+7)/8) 94#define DNS_SIG_RSAMAXSIZE ((DNS_SIG_RSAMAXBITS+7)/8) 95 96#define DNS_SIG_DSASIGSIZE 41 97#define DNS_SIG_DSAMINBITS 512 98#define DNS_SIG_DSAMAXBITS 1024 99#define DNS_SIG_DSAMINBYTES 213 100#define DNS_SIG_DSAMAXBYTES 405 101 102#define DNS_SIG_GOSTSIGSIZE 64 103 104#endif /* DNS_KEYVALUES_H */ 105