1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
|
/*****************************************************************
**
** @(#) dki.h -- Header file for DNSsec Key info/manipulation
**
** Copyright (c) July 2004 - Jan 2005, Holger Zuleger HZnet. All rights reserved.
**
** This software is open source.
**
** Redistribution and use in source and binary forms, with or without
** modification, are permitted provided that the following conditions
** are met:
**
** Redistributions of source code must retain the above copyright notice,
** this list of conditions and the following disclaimer.
**
** Redistributions in binary form must reproduce the above copyright notice,
** this list of conditions and the following disclaimer in the documentation
** and/or other materials provided with the distribution.
**
** Neither the name of Holger Zuleger HZnet nor the names of its contributors may
** be used to endorse or promote products derived from this software without
** specific prior written permission.
**
** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
** POSSIBILITY OF SUCH DAMAGE.
**
*****************************************************************/
#ifndef DKI_H
# define DKI_H
# ifndef TYPES_H
# include <sys/types.h>
# include <stdio.h>
# include <time.h>
# endif
# define MAX_LABELSIZE (255)
# define MAX_FNAMESIZE (1+255+2+3+1+5+1+11)
/* Kdomain.+ALG+KEYID.type */
/* domain == FQDN (max 255) */
/* ALG == 3; KEYID == 5 chars */
/* type == key||published|private|depreciated == 11 chars */
//# define MAX_DNAMESIZE (254)
# define MAX_DNAMESIZE (1023)
/* /path/name / filename */
# define MAX_PATHSIZE (MAX_DNAMESIZE + 1 + MAX_FNAMESIZE)
/* algorithm types */
# define DK_ALGO_RSA 1 /* RFC2537 */
# define DK_ALGO_DH 2 /* RFC2539 */
# define DK_ALGO_DSA 3 /* RFC2536 (mandatory) */
# define DK_ALGO_EC 4 /* */
# define DK_ALGO_RSASHA1 5 /* RFC3110 */
/* protocol types */
# define DK_PROTO_DNS 3
/* flag bits */
typedef enum { /* 11 1111 */
/* 0123 4567 8901 2345 */
DK_FLAG_KSK= 01, /* 0000 0000 0000 0001 Bit 15 RFC4034/RFC3757 */
DK_FLAG_REVOKE= 0200, /* 0000 0000 1000 0000 Bit 8 RFC5011 */
DK_FLAG_ZONE= 0400, /* 0000 0001 0000 0000 Bit 7 RFC4034 */
} dk_flag_t;
/* status types */
typedef enum {
DKI_SEP= 'e',
DKI_SECUREENTRYPOINT= 'e',
DKI_PUB= 'p',
DKI_PUBLISHED= 'p',
DKI_ACT= 'a',
DKI_ACTIVE= 'a',
DKI_DEP= 'd',
DKI_DEPRECIATED= 'd',
DKI_REV= 'r',
DKI_REVOKED= 'r',
} dk_status_t;
# define DKI_KEY_FILEEXT ".key"
# define DKI_PUB_FILEEXT ".published"
# define DKI_ACT_FILEEXT ".private"
# define DKI_DEP_FILEEXT ".depreciated"
# define DKI_KSK 1
# define DKI_ZSK 0
typedef struct dki {
char dname[MAX_DNAMESIZE+1]; /* directory */
char fname[MAX_FNAMESIZE+1]; /* file name without extension */
char name[MAX_LABELSIZE+1]; /* domain name or label */
ushort algo; /* key algorithm */
ushort proto; /* must be 3 (DNSSEC) */
dk_flag_t flags; /* ZONE, optional SEP or REVOKE flag */
time_t time; /* key file time */
time_t gentime; /* key generation time (will be set on key generation and never changed) */
time_t exptime; /* time the key was expired (0L if not) */
ulong lifetime; /* proposed key life time at time of generation */
uint tag; /* key id */
dk_status_t status; /* key exist (".key") and name of private */
/* key file is ".published", ".private" */
/* or ".depreciated" */
char *pubkey; /* base64 public key */
struct dki *next; /* ptr to next entry in list */
} dki_t;
#if defined(USE_TREE) && USE_TREE
/*
* Instead of including <search.h>, which contains horrible false function
* declarations, we declared it for our usage (Yes, these functions return
* the adress of a pointer variable)
*/
typedef enum
{
/* we change the naming to the new, and more predictive one, used by Knuth */
PREORDER, /* preorder, */
INORDER, /* postorder, */
POSTORDER, /* endorder, */
LEAF /* leaf */
}
VISIT;
dki_t **tsearch (const dki_t *dkp, dki_t **tree, int(*compar)(const dki_t *, const dki_t *));
dki_t **tfind (const dki_t *dkp, const dki_t **tree, int(*compar)(const dki_t *, const dki_t *));
dki_t **tdelete (const dki_t *dkp, dki_t **tree, int(*compar)(const dki_t *, const dki_t *));
void twalk (const dki_t *root, void (*action)(const dki_t **nodep, VISIT which, int depth));
extern void dki_tfree (dki_t **tree);
extern dki_t *dki_tadd (dki_t **tree, dki_t *new);
extern int dki_tagcmp (const dki_t *a, const dki_t *b);
extern int dki_namecmp (const dki_t *a, const dki_t *b);
extern int dki_allcmp (const dki_t *a, const dki_t *b);
#endif
extern dki_t *dki_read (const char *dir, const char *fname);
extern int dki_readdir (const char *dir, dki_t **listp, int recursive);
extern int dki_prt_trustedkey (const dki_t *dkp, FILE *fp);
extern int dki_prt_dnskey (const dki_t *dkp, FILE *fp);
extern int dki_prt_dnskeyttl (const dki_t *dkp, FILE *fp, int ttl);
extern int dki_prt_dnskey_raw (const dki_t *dkp, FILE *fp);
extern int dki_prt_comment (const dki_t *dkp, FILE *fp);
extern int dki_cmp (const dki_t *a, const dki_t *b);
extern int dki_timecmp (const dki_t *a, const dki_t *b);
extern int dki_age (const dki_t *dkp, time_t curr);
extern dk_flag_t dki_getflag (const dki_t *dkp, time_t curr);
extern dk_flag_t dki_setflag (dki_t *dkp, dk_flag_t flag);
extern dk_flag_t dki_unsetflag (dki_t *dkp, dk_flag_t flag);
extern dk_status_t dki_status (const dki_t *dkp);
extern const char *dki_statusstr (const dki_t *dkp);
extern int dki_isksk (const dki_t *dkp);
extern int dki_isdepreciated (const dki_t *dkp);
extern int dki_isrevoked (const dki_t *dkp);
extern int dki_isactive (const dki_t *dkp);
extern int dki_ispublished (const dki_t *dkp);
extern time_t dki_time (const dki_t *dkp);
extern time_t dki_exptime (const dki_t *dkp);
extern time_t dki_gentime (const dki_t *dkp);
extern time_t dki_lifetime (const dki_t *dkp);
extern ushort dki_lifetimedays (const dki_t *dkp);
extern ushort dki_setlifetime (dki_t *dkp, int days);
extern time_t dki_setexptime (dki_t *dkp, time_t sec);
extern dki_t *dki_new (const char *dir, const char *name, int ksk, int algo, int bitsize, const char *rfile, int lf_days);
extern dki_t *dki_remove (dki_t *dkp);
extern dki_t *dki_destroy (dki_t *dkp);
extern int dki_setstatus (dki_t *dkp, int status);
extern int dki_setstatus_preservetime (dki_t *dkp, int status);
extern dki_t *dki_add (dki_t **dkp, dki_t *new);
extern const dki_t *dki_tsearch (const dki_t *tree, int tag, const char *name);
extern const dki_t *dki_search (const dki_t *list, int tag, const char *name);
extern const dki_t *dki_find (const dki_t *list, int ksk, int status, int first);
extern void dki_free (dki_t *dkp);
extern void dki_freelist (dki_t **listp);
extern char *dki_algo2str (int algo);
extern const char *dki_geterrstr (void);
#endif
|
