OpenDNSSEC-enforcer
1.4.5
Main Page
Data Structures
Files
File List
Globals
enforcer
ksm
include
ksm
ksm.h
Go to the documentation of this file.
1
/*
2
* Copyright (c) 2008-2009 Nominet UK. All rights reserved.
3
*
4
* Redistribution and use in source and binary forms, with or without
5
* modification, are permitted provided that the following conditions
6
* are met:
7
* 1. Redistributions of source code must retain the above copyright
8
* notice, this list of conditions and the following disclaimer.
9
* 2. Redistributions in binary form must reproduce the above copyright
10
* notice, this list of conditions and the following disclaimer in the
11
* documentation and/or other materials provided with the distribution.
12
*
13
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
17
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
19
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
21
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
22
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
23
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24
*
25
*/
26
27
#ifndef KSM_KSM_H
28
#define KSM_KSM_H
29
30
#ifdef __cplusplus
31
extern
"C"
{
32
#endif
33
34
/*+
35
* ksm.h - KSM Definitions
36
*
37
* Description:
38
* Holds definitions and prototypes for the KSM library.
39
-*/
40
41
#include <time.h>
42
#include <
ksm/database.h
>
43
#include <
ksm/database_statement.h
>
44
45
46
/* General */
47
48
typedef
int
KSM_ID
;
/* Identifies a KSM entity */
49
50
#define KSM_NULL_ID ((KSM_ID) -1)
/* General invalid ID */
51
52
/* ksm_common */
53
54
int
KsmInit
(
void
);
55
int
KsmRundown
(
void
);
56
57
#define KSM_NAME_LENGTH 256
/* Includes trailing NULL */
58
#define KSM_MSG_LENGTH 512
/* Includes trailing NULL */
59
#define KSM_PATH_LENGTH 4096
/* Includes trailing NULL */
60
#define KSM_POLICY_DESC_LENGTH 256
/* Includes trailing NULL */
61
#define KSM_TIME_LENGTH 32
/* Includes trailing NULL */
62
63
#define KSM_SQL_SIZE 1024
/* Max size of SQL statement */
64
#define KSM_INT_STR_SIZE 32
/* Max size of int as string */
65
#define KSM_SALT_LENGTH 512
/* Includes trailing NULL */
66
#define KSM_ZONE_NAME_LENGTH 256
/* Includes trailing NULL */
67
#define KSM_ADAPTER_NAME_LENGTH 512
/* Includes trailing NULL */
68
/* ksm_key */
69
70
/* Key time flag states */
71
72
#define KEYDATA_M_ID 0x0001
73
#define KEYDATA_M_STATE 0x0002
74
#define KEYDATA_M_KEYTYPE 0x0004
75
#define KEYDATA_M_ALGORITHM 0x0008
76
#define KEYDATA_M_SIGLIFETIME 0x0010
77
#define KEYDATA_M_ACTIVE 0x0020
78
#define KEYDATA_M_DEAD 0x0040
79
#define KEYDATA_M_GENERATE 0x0080
80
#define KEYDATA_M_PUBLISH 0x0100
81
#define KEYDATA_M_READY 0x0200
82
#define KEYDATA_M_RETIRE 0x0400
83
#define KEYDATA_M_LOCATION 0x0800
84
#define KEYDATA_M_SIZE 0x1000
85
#define KEYDATA_M_SMID 0x2000
86
87
#define KEYDATA_M_TIMES (KEYDATA_M_ACTIVE | KEYDATA_M_DEAD | \
88
KEYDATA_M_GENERATE | KEYDATA_M_PUBLISH | KEYDATA_M_READY | KEYDATA_M_RETIRE)
89
90
/*
91
* Structure for key information. Note that on the date fields, the
92
* "struct tm" fields are used to insert data into the database, and the
93
* "char*" fields used to retrieve data. In the latter case, a NULL field
94
* will be represented by an empty string.
95
*/
96
97
typedef
struct
{
98
DB_ID
keypair_id
;
99
int
state
;
100
int
keytype
;
101
int
algorithm
;
102
int
siglifetime
;
103
char
active[
KSM_TIME_LENGTH
];
104
char
dead[
KSM_TIME_LENGTH
];
105
char
generate[
KSM_TIME_LENGTH
];
106
char
publish[
KSM_TIME_LENGTH
];
107
char
ready[
KSM_TIME_LENGTH
];
108
char
retire[
KSM_TIME_LENGTH
];
109
char
location[
KSM_NAME_LENGTH
];
110
int
securitymodule_id
;
111
int
size
;
112
int
policy_id
;
113
char
HSMKey_id[
KSM_NAME_LENGTH
];
/* TODO is this long enough ? */
114
DB_ID
dnsseckey_id
;
115
int
zone_id
;
116
int
fixedDate
;
117
118
/*
119
* The remaining fields are used for data manipulation and are not part of
120
* the KEYDATA table.
121
*/
122
123
int
flags
;
/* States which fields are valid */
124
int
roll_scheme
;
/* Which rollover scheme the key is under */
125
}
KSM_KEYDATA
;
126
127
int
KsmKeyPairCreate
(
int
policy_id,
const
char
* HSMKeyID,
int
smID,
int
size,
int
alg,
const
char
* generate,
DB_ID
*
id
);
128
int
KsmDnssecKeyCreate
(
int
zone_id,
int
keypair_id,
int
keytype,
int
state,
const
char
* time,
const
char
* retTime,
DB_ID
*
id
);
129
/*int KsmDnssecKeyCreateOnPolicy(int policy_id, int keypair_id, int keytype);*/
130
int
KsmKeyInitSql
(
DB_RESULT
* result,
const
char
* sql);
131
int
KsmKeyInit
(
DB_RESULT
* result,
DQS_QUERY_CONDITION
* condition);
132
int
KsmKeyInitId
(
DB_RESULT
* result,
DB_ID
id
);
133
int
KsmKey
(
DB_RESULT
result,
KSM_KEYDATA
* data);
134
void
KsmKeyEnd
(
DB_RESULT
result);
135
int
KsmKeyQuery
(
const
char
* sql,
DB_RESULT
* result);
136
int
KsmKeyData
(
DB_ID
id
,
KSM_KEYDATA
* data);
137
int
KsmKeyPredict
(
int
policy_id,
int
keytype,
int
shared_keys,
int
interval,
int
*count,
int
rollover_scheme,
int
zone_count);
138
int
KsmKeyCountQueue
(
int
keytype,
int
* count,
int
zone_id);
139
int
KsmKeyCountStillGood
(
int
policy_id,
int
sm,
int
bits,
int
algorithm,
int
interval,
const
char
* datetime,
int
*count,
int
keytype);
140
int
KsmKeyGetUnallocated
(
int
policy_id,
int
sm,
int
bits,
int
algorithm,
int
zone_id,
int
share_keys,
int
*keypair_id);
141
int
KsmMarkKeysAsDead
(
int
zone_id);
142
int
KsmKillKey
(
int
keypair_id,
int
zone_id);
143
144
/* delete */
145
146
int
KsmDeleteKeyRange
(
int
minid,
int
maxid);
147
int
KsmDeleteKeyRanges
(
int
limit[],
int
size);
148
149
/* KsmParameter */
150
151
typedef
struct
{
152
char
name[
KSM_NAME_LENGTH
];
153
char
category[
KSM_NAME_LENGTH
];
154
int
value
;
155
int
parameter_id
;
156
}
KSM_PARAMETER
;
157
158
int
KsmParameterInit
(
DB_RESULT
* result,
const
char
* name,
const
char
* category,
int
policy_id);
159
int
KsmParameterExist
(
DB_RESULT
* result,
const
char
* name,
const
char
* category,
int
* parameter_id);
160
int
KsmParameter
(
DB_RESULT
result,
KSM_PARAMETER
* data);
161
void
KsmParameterEnd
(
DB_RESULT
result);
162
int
KsmParameterValue
(
const
char
* name,
const
char
* category,
int
* value,
int
policy_id,
int
* parameter_id);
163
int
KsmParameterSet
(
const
char
* name,
const
char
* category,
int
value,
int
policy_id);
164
int
KsmParameterShow
(
const
char
* name,
const
char
* category,
int
policy_id);
165
166
/* ksmPolicy */
167
typedef
struct
{
168
int
refresh
;
169
int
jitter
;
170
int
propdelay
;
171
int
soamin
;
172
int
soattl
;
173
int
serial
;
174
}
KSM_SIGNER_POLICY
;
175
176
typedef
struct
{
177
int
clockskew
;
178
int
resign
;
179
int
valdefault
;
180
int
valdenial
;
181
}
KSM_SIGNATURE_POLICY
;
182
183
typedef
struct
{
184
int
version
;
185
int
resalt
;
186
int
algorithm
;
187
int
iteration
;
188
int
optout
;
189
int
ttl
;
190
int
saltlength
;
191
char
salt[
KSM_SALT_LENGTH
];
192
char
salt_stamp[
KSM_TIME_LENGTH
];
193
}
KSM_DENIAL_POLICY
;
194
195
typedef
struct
{
196
int
ttl
;
197
int
retire_safety
;
198
int
publish_safety
;
199
int
share_keys
;
200
int
purge
;
201
}
KSM_COMMON_KEY_POLICY
;
202
203
typedef
struct
{
204
int
algorithm
;
205
int
bits
;
206
int
lifetime
;
207
int
sm
;
208
char
sm_name[
KSM_NAME_LENGTH
];
209
unsigned
long
sm_capacity
;
210
int
require_backup
;
211
int
overlap
;
212
int
ttl
;
213
int
rfc5011
;
214
int
type
;
215
int
standby_keys
;
216
int
manual_rollover
;
217
int
rollover_scheme
;
218
}
KSM_KEY_POLICY
;
219
220
typedef
struct
{
221
int
keycreate
;
222
int
backup_interval
;
223
int
keygeninterval
;
224
}
KSM_ENFORCER_POLICY
;
225
226
typedef
struct
{
227
int
propdelay
;
228
int
soa_ttl
;
229
int
soa_min
;
230
int
serial
;
231
}
KSM_ZONE_POLICY
;
232
233
typedef
struct
{
234
int
propdelay
;
235
int
ds_ttl
;
236
int
soa_ttl
;
237
int
soa_min
;
238
}
KSM_PARENT_POLICY
;
239
240
typedef
struct
{
241
int
id
;
242
char
name[
KSM_NAME_LENGTH
];
243
char
*
description
;
244
KSM_SIGNER_POLICY
*
signer
;
245
KSM_SIGNATURE_POLICY
*
signature
;
246
KSM_DENIAL_POLICY
*
denial
;
247
KSM_COMMON_KEY_POLICY
*
keys
;
248
KSM_KEY_POLICY
*
ksk
;
249
KSM_KEY_POLICY
*
zsk
;
250
KSM_ENFORCER_POLICY
*
enforcer
;
251
KSM_ZONE_POLICY
*
zone
;
252
KSM_PARENT_POLICY
*
parent
;
253
int
shared_keys
;
254
}
KSM_POLICY
;
255
256
typedef
struct
{
257
char
name[
KSM_NAME_LENGTH
];
258
char
category[
KSM_NAME_LENGTH
];
259
int
value
;
260
}
KSM_POLICY_PARAMETER
;
261
262
int
KsmPolicyInit
(
DB_RESULT
* handle,
const
char
* name);
263
int
KsmPolicyExists
(
const
char
* name);
264
int
KsmPolicyParametersInit
(
DB_RESULT
* handle,
const
char
* name);
265
int
KsmPolicyRead
(
KSM_POLICY
* policy);
266
int
KsmPolicy
(
DB_RESULT
handle,
KSM_POLICY
* data);
267
int
KsmPolicyParameter
(
DB_RESULT
handle,
KSM_POLICY_PARAMETER
* data);
268
int
KsmPolicyReadFromId
(
KSM_POLICY
* policy);
269
int
KsmPolicyNameFromId
(
KSM_POLICY
* policy);
270
int
KsmPolicyUpdateSalt
(
KSM_POLICY
* policy);
271
int
KsmPolicyNullSaltStamp
(
int
policy_id);
272
int
KsmPolicyPopulateSMFromIds
(
KSM_POLICY
* policy);
273
int
KsmPolicySetIdFromName
(
KSM_POLICY
*policy);
274
int
KsmPolicyIdFromZoneId
(
int
zone_id,
int
* policy_id);
275
int
KsmPolicyUpdateDesc
(
int
policy_id,
const
char
* policy_description);
276
277
KSM_POLICY
*
KsmPolicyAlloc
();
278
void
KsmPolicyFree
(
KSM_POLICY
*policy);
279
280
/* ksmZone */
281
typedef
struct
{
282
int
id
;
283
int
policy_id
;
284
char
name[
KSM_ZONE_NAME_LENGTH
];
285
char
signconf[
KSM_PATH_LENGTH
];
286
char
input[
KSM_PATH_LENGTH
];
287
char
output[
KSM_PATH_LENGTH
];
288
char
policy_name[
KSM_NAME_LENGTH
];
289
char
in_type[
KSM_ADAPTER_NAME_LENGTH
];
290
char
out_type[
KSM_ADAPTER_NAME_LENGTH
];
291
}
KSM_ZONE
;
292
293
int
KsmZoneInit
(
DB_RESULT
* handle,
int
policy_id);
294
int
KsmZone
(
DB_RESULT
handle,
KSM_ZONE
*data);
295
int
KsmZoneCount
(
DB_RESULT
handle,
int
* count);
296
int
KsmZoneCountInit
(
DB_RESULT
* handle,
int
id
);
297
int
KsmZoneIdFromName
(
const
char
* zone_name,
int
* zone_id);
298
int
KsmZoneIdAndPolicyFromName
(
const
char
* zone_name,
int
* policy_id,
int
* zone_id);
299
int
KsmDeleteZone
(
int
zone_id);
300
int
KsmZoneNameFromId
(
int
zone_id,
char
** zone_name);
301
302
#define UNSIGNED 0
303
#define SIGNED 1
304
305
int
KsmDNSSECKeysInSMCountInit
(
DB_RESULT
* handle,
int
policy_id);
306
int
KsmDNSSECKeysInSMCount
(
DB_RESULT
handle,
int
* count);
307
int
KsmDNSSECKeysStateCountInit
(
DB_RESULT
* result,
int
policy_id,
KSM_KEY_POLICY
*key_policy,
int
state);
308
309
/* Purge */
310
311
void
KsmPurge
(
void
);
312
313
/*
314
* Constants in the database tables. These are used in the
315
* ksm_keyword module.
316
*
317
* THESE MUST BE KEPT IN STEP WITH THE DATABASE CREATION SCRIPT
318
*/
319
320
/*
321
* The following names and constants are in the SIG(0) Algorithm Numbers
322
* page at IANA - http://www.iana.org/assignments/sig-alg-numbers.
323
*/
324
325
#define KSM_ALGORITHM_RSAMD5 1
326
#define KSM_ALGORITHM_RSAMD5_STRING "rsamd5"
327
#define KSM_ALGORITHM_DH 2
328
#define KSM_ALGORITHM_DH_STRING "dh"
329
#define KSM_ALGORITHM_DSASHA1 3
330
#define KSM_ALGORITHM_DSASHA1_STRING "dsa"
331
#define KSM_ALGORITHM_RSASHA1 5
332
#define KSM_ALGORITHM_RSASHA1_STRING "rsasha1"
333
#define KSM_ALGORITHM_DSA_NSEC3_SHA1 6
334
#define KSM_ALGORITHM_DSA_NSEC3_SHA1_STRING "dsa-nsec3-sha1"
335
#define KSM_ALGORITHM_RSASHA1_NSEC3_SHA1 7
336
#define KSM_ALGORITHM_RSASHA1_NSEC3_SHA1_STRING "rsasha1-nsec3-sha1"
337
#define KSM_ALGORITHM_RSASHA256 8
338
#define KSM_ALGORITHM_RSASHA256_STRING "rsasha256"
339
#define KSM_ALGORITHM_RSASHA512 10
340
#define KSM_ALGORITHM_RSASHA512_STRING "rsasha512"
341
#define KSM_ALGORITHM_INDIRECT 252
342
#define KSM_ALGORITHM_INDIRECT_STRING "indirect"
343
#define KSM_ALGORITHM_PRIVDOM 253
344
#define KSM_ALGORITHM_PRIVDOM_STRING "domain"
345
#define KSM_ALGORITHM_PRIVOID 254
346
#define KSM_ALGORITHM_PRIVOID_STRING "oid"
347
348
#define KSM_FORMAT_FILE 1
349
#define KSM_FORMAT_FILE_STRING "file"
350
#define KSM_FORMAT_HSM 2
351
#define KSM_FORMAT_HSM_STRING "hsm"
352
#define KSM_FORMAT_URI 3
353
#define KSM_FORMAT_URI_STRING "uri"
354
355
#define KSM_TYPE_KSK 257
356
#define KSM_TYPE_KSK_STRING "ksk"
357
#define KSM_TYPE_ZSK 256
358
#define KSM_TYPE_ZSK_STRING "zsk"
359
360
#define KSM_STATE_GENERATE 1
361
#define KSM_STATE_GENERATE_STRING "generate"
362
#define KSM_STATE_PUBLISH 2
363
#define KSM_STATE_PUBLISH_STRING "publish"
364
#define KSM_STATE_READY 3
365
#define KSM_STATE_READY_STRING "ready"
366
#define KSM_STATE_ACTIVE 4
367
#define KSM_STATE_ACTIVE_STRING "active"
368
#define KSM_STATE_RETIRE 5
369
#define KSM_STATE_RETIRE_STRING "retire"
370
#define KSM_STATE_DEAD 6
371
#define KSM_STATE_DEAD_STRING "dead"
372
#define KSM_STATE_DSSUB 7
373
#define KSM_STATE_DSSUB_STRING "dssub"
374
#define KSM_STATE_DSPUBLISH 8
375
#define KSM_STATE_DSPUBLISH_STRING "dspublish"
376
#define KSM_STATE_DSREADY 9
377
#define KSM_STATE_DSREADY_STRING "dsready"
378
#define KSM_STATE_KEYPUBLISH 10
379
#define KSM_STATE_KEYPUBLISH_STRING "keypublish"
380
381
#define KSM_SERIAL_UNIX_STRING "unixtime"
382
#define KSM_SERIAL_UNIX 1
383
#define KSM_SERIAL_COUNTER_STRING "counter"
384
#define KSM_SERIAL_COUNTER 2
385
#define KSM_SERIAL_DATE_STRING "datecounter"
386
#define KSM_SERIAL_DATE 3
387
#define KSM_SERIAL_KEEP_STRING "keep"
388
#define KSM_SERIAL_KEEP 4
389
390
#define KSM_KEYS_NOT_SHARED 0
391
#define KSM_KEYS_SHARED 1
392
393
#define KSM_ROLL_DEFAULT 1
/* DoubleDNSKEY */
394
#define KSM_ROLL_DNSKEY_STRING "DoubleDNSKey"
395
#define KSM_ROLL_DNSKEY 1
396
#define KSM_ROLL_DS_STRING "DoubleDS"
397
#define KSM_ROLL_DS 2
398
#define KSM_ROLL_RRSET_STRING "DoubleRRSet"
399
#define KSM_ROLL_RRSET 3
400
401
/* Reserved parameters and default values (in seconds) */
402
/* TODO redefine this properly:
403
* have _CAT defines separate
404
* rename to match the new list
405
* add new items ? */
406
#define KSM_PAR_CLOCKSKEW 3600
/* 1 hour */
407
#define KSM_PAR_CLOCKSKEW_STRING "clockskew"
408
#define KSM_PAR_CLOCKSKEW_CAT "signature"
409
#define KSM_PAR_KSKLIFE 63072000
/* 2 years */
410
#define KSM_PAR_KSKLIFE_STRING "lifetime"
411
#define KSM_PAR_KSKLIFE_CAT "ksk"
412
#define KSM_PAR_PROPDELAY 3600
/* 1 hour */
413
#define KSM_PAR_PROPDELAY_STRING "propagationdelay"
414
#define KSM_PAR_PROPDELAY_CAT "zone"
415
#define KSM_PAR_STANDBYKSKS 1
416
#define KSM_PAR_STANDBYKSKS_STRING "standby"
417
#define KSM_PAR_STANDBYKSKS_CAT "ksk"
418
#define KSM_PAR_STANDBYZSKS 1
419
#define KSM_PAR_STANDBYZSKS_STRING "standby"
420
#define KSM_PAR_STANDBYZSKS_CAT "zsk"
421
#define KSM_PAR_SIGNINT 7200
/* 2 hours */
422
#define KSM_PAR_SIGNINT_STRING "resign"
423
#define KSM_PAR_SIGNINT_CAT "signature"
424
#define KSM_PAR_SOAMIN 7200
/* 2 hours */
425
#define KSM_PAR_SOAMIN_STRING "min"
426
#define KSM_PAR_SOAMIN_CAT "zone"
427
#define KSM_PAR_SOATTL 172800
/* 2 days */
428
#define KSM_PAR_SOATTL_STRING "ttl"
429
#define KSM_PAR_SOATTL_CAT "zone"
430
#define KSM_PAR_ZSKSIGLIFE 432000
/* 5 days */
431
#define KSM_PAR_ZSKSIGLIFE_STRING "valdefault"
432
#define KSM_PAR_ZSKSIGLIFE_CAT "signature"
433
#define KSM_PAR_ZSKLIFE 2592000
/* 30 days */
434
#define KSM_PAR_ZSKLIFE_STRING "lifetime"
435
#define KSM_PAR_ZSKLIFE_CAT "zsk"
436
#define KSM_PAR_ZSKTTL 172800
/* 2 days */
437
#define KSM_PAR_ZSKTTL_STRING "ttl"
438
#define KSM_PAR_ZSKTTL_CAT "keys"
439
#define KSM_PAR_KSKTTL 172800
/* 2 days */
440
#define KSM_PAR_KSKTTL_STRING "ttl"
441
#define KSM_PAR_KSKTTL_CAT "keys"
442
#define KSM_PAR_KSKPROPDELAY 3600
/* 1 hour */
443
#define KSM_PAR_KSKPROPDELAY_STRING "propagationdelay"
444
#define KSM_PAR_KSKPROPDELAY_CAT "parent"
445
#define KSM_PAR_REGDELAY 0
/* TODO sort this out */
446
#define KSM_PAR_REGDELAY_STRING "registrationdelay"
/* TODO sort this out */
447
#define KSM_PAR_REGDELAY_CAT "parent"
/* TODO sort this out */
448
#define KSM_PAR_PUBSAFETY 172800
/* 2 days */
449
#define KSM_PAR_PUBSAFETY_STRING "publishsafety"
450
#define KSM_PAR_PUBSAFETY_CAT "keys"
451
#define KSM_PAR_RETSAFETY 172800
/* 2 days */
452
#define KSM_PAR_RETSAFETY_STRING "retiresafety"
453
#define KSM_PAR_RETSAFETY_CAT "keys"
454
#define KSM_PAR_KSK_MAN_ROLL 0
/* false (i.e. automatic roll) */
455
#define KSM_PAR_KSK_MAN_ROLL_STRING "manual_rollover"
456
#define KSM_PAR_KSK_MAN_ROLL_CAT "ksk"
457
#define KSM_PAR_ZSK_MAN_ROLL 0
/* false (i.e. automatic roll) */
458
#define KSM_PAR_ZSK_MAN_ROLL_STRING "manual_rollover"
459
#define KSM_PAR_ZSK_MAN_ROLL_CAT "zsk"
460
#define KSM_PAR_DSTTL 3600
461
#define KSM_PAR_DSTTL_STRING "ttlds"
462
#define KSM_PAR_DSTTL_CAT "parent"
463
#define KSM_PAR_KSK_ROLL 0
464
#define KSM_PAR_KSK_ROLL_STRING "rollover_scheme"
465
#define KSM_PAR_KSK_ROLL_CAT "ksk"
466
467
typedef
struct
{
/* Holds collection of parameters */
468
int
clockskew
;
/* Clock skew */
469
int
ksklife
;
/* Lifetime of a KSK */
470
int
standbyksks
;
/* Number of Standby Key Signing keys */
471
int
standbyzsks
;
/* Number of Standby Zone signing keys */
472
int
propdelay
;
/* Propagation delay */
473
int
signint
;
/* Signing interval - how long signing the zone takes */
474
int
soamin
;
/* "Minimum" value from SOA record */
475
int
soattl
;
/* TTL of the SOA record */
476
int
zsksiglife
;
/* Length of signatures signed by this ZSK */
477
int
zsklife
;
/* How long key is used for */
478
int
zskttl
;
/* TTL of ZSK DNSKEY record */
479
int
kskttl
;
/* TTL of KSK DNSKEY record */
480
int
kskpropdelay
;
/* KSK Propagation delay */
481
int
regdelay
;
/* KSK Registration delay */
482
int
pub_safety
;
/* Publish safety margin */
483
int
ret_safety
;
/* Retire safety margin */
484
int
kskmanroll
;
/* Do we only roll the KSK manually? */
485
int
zskmanroll
;
/* Do we only roll the ZSK manually? */
486
int
dsttl
;
/* TTL of the DS record */
487
int
kskroll
;
/* Rollover Scheme for the KSK */
488
}
KSM_PARCOLL
;
489
490
int
KsmCollectionInit
(
KSM_PARCOLL
* data);
491
int
KsmParameterClockskew
(
KSM_PARCOLL
* collection);
492
int
KsmParameterKskLifetime
(
KSM_PARCOLL
* collection);
493
int
KsmParameterStandbyKSKeys
(
KSM_PARCOLL
* collection);
494
int
KsmParameterStandbyZSKeys
(
KSM_PARCOLL
* collection);
495
int
KsmParameterPropagationDelay
(
KSM_PARCOLL
* collection);
496
int
KsmParameterSigningInterval
(
KSM_PARCOLL
* collection);
497
int
KsmParameterSoaMin
(
KSM_PARCOLL
* collection);
498
int
KsmParameterSoaTtl
(
KSM_PARCOLL
* collection);
499
int
KsmParameterZskLifetime
(
KSM_PARCOLL
* collection);
500
int
KsmParameterZskTtl
(
KSM_PARCOLL
* collection);
501
int
KsmParameterKskTtl
(
KSM_PARCOLL
* collection);
502
int
KsmParameterKskPropagationDelay
(
KSM_PARCOLL
* collection);
503
int
KsmParameterRegistrationDelay
(
KSM_PARCOLL
* collection);
504
int
KsmParameterPubSafety
(
KSM_PARCOLL
* collection);
505
int
KsmParameterRetSafety
(
KSM_PARCOLL
* collection);
506
int
KsmParameterInitialPublicationInterval
(
KSM_PARCOLL
* collection);
507
int
KsmParameterCollection
(
KSM_PARCOLL
* data,
int
policy_id);
508
void
KsmParameterCollectionCache
(
int
enable);
509
510
/* ksm_keyword */
511
512
int
KsmKeywordAlgorithmNameToValue
(
const
char
* name);
513
int
KsmKeywordFormatNameToValue
(
const
char
* name);
514
int
KsmKeywordParameterNameToValue
(
const
char
* name);
515
int
KsmKeywordStateNameToValue
(
const
char
* name);
516
int
KsmKeywordTypeNameToValue
(
const
char
* name);
517
int
KsmKeywordRollNameToValue
(
const
char
* name);
518
519
const
char
*
KsmKeywordAlgorithmValueToName
(
int
value);
520
const
char
*
KsmKeywordFormatValueToName
(
int
value);
521
const
char
*
KsmKeywordStateValueToName
(
int
value);
522
const
char
*
KsmKeywordTypeValueToName
(
int
value);
523
const
char
*
KsmKeywordSerialValueToName
(
int
value);
524
const
char
*
KsmKeywordRollValueToName
(
int
value);
525
526
int
KsmKeywordParameterExists
(
const
char
* name);
527
528
/* ksm_update */
529
530
int
KsmUpdate
(
int
policy_id,
int
zone_id);
531
void
KsmUpdateKey
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
532
void
KsmUpdateGenerateKeyTime
(
KSM_KEYDATA
* data);
533
void
KsmUpdatePublishKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
534
void
KsmUpdateReadyKeyTime
(
KSM_KEYDATA
* data);
535
void
KsmUpdateActiveKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
536
void
KsmUpdateRetireKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
537
void
KsmUpdateDeadKeyTime
(
KSM_KEYDATA
* data);
538
void
KsmUpdateDSPublishKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
539
void
KsmUpdateKEYPublishKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
540
int
KsmUpdateKeyTime
(
const
KSM_KEYDATA
* data,
const
char
* source,
541
const
char
* destination,
int
interval,
int
zone_id);
542
543
/* ksm_request */
544
545
typedef
int (*
KSM_REQUEST_CALLBACK
)(
void
* context,
KSM_KEYDATA
* key);
546
547
int
KsmRequestKeys
(
int
keytype,
int
rollover,
const
char
* datetime,
548
KSM_REQUEST_CALLBACK
callback,
void
* context,
int
policy_id,
int
zone_id,
549
int
run_interval,
int
* NewDS);
550
int
KsmRequestKeysByType
(
int
keytype,
int
rollover,
const
char
* datetime,
551
KSM_REQUEST_CALLBACK
callback,
void
* context,
int
policy_id,
int
zone_id,
552
int
run_interval,
int
* NewDS);
553
int
KsmRequestSetActiveExpectedRetire
(
int
keytype,
const
char
* datetime,
int
zone_id);
554
int
KsmRequestChangeStateActiveRetire
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id);
555
int
KsmRequestChangeStateRetireDead
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id,
int
rollover_scheme,
int
* NewDS);
556
int
KsmRequestChangeStatePublishReady
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id,
int
* NewDS);
557
int
KsmRequestChangeStateDSPublishDSReady
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id);
558
int
KsmRequestChangeState
(
int
keytype,
const
char
* datetime,
int
src_state,
559
int
dst_state,
int
zone_id,
int
policy_id,
int
rollover_scheme,
int
* NewDS);
560
int
KsmRequestChangeStateGeneratePublish
(
int
keytype,
const
char
* datetime,
561
int
count,
int
zone_id);
562
int
KsmRequestChangeStateGenerateDSSub
(
int
keytype,
const
char
* datetime,
563
int
count,
int
zone_id);
564
int
KsmRequestChangeStateDSReadyKeyPublish
(
const
char
* datetime,
int
zone_id,
int
policy_id);
565
int
KsmRequestChangeStateKeyPublishActive
(
const
char
* datetime,
int
zone_id,
int
policy_id,
int
* NewDS);
566
int
KsmRequestChangeStateReadyActive
(
int
keytype,
const
char
* datetime,
567
int
count,
int
zone_id);
568
int
KsmRequestChangeStateN
(
int
keytype,
const
char
* datetime,
569
int
count,
int
src_state,
int
dst_state,
int
zone_id);
570
int
KsmRequestChangeStateGenerateDSSubConditional
(
int
keytype,
571
const
char
* datetime,
KSM_PARCOLL
* collection,
int
zone_id,
int
* NewDS);
572
int
KsmRequestChangeStateGeneratePublishConditional
(
int
keytype,
573
const
char
* datetime,
KSM_PARCOLL
* collection,
int
zone_id,
574
int
run_interval);
575
int
KsmRequestPendingRetireCount
(
int
keytype,
const
char
* datetime,
576
KSM_PARCOLL
* parameters,
int
* count,
int
zone_id,
int
interval);
577
int
KsmRequestAvailableCount
(
int
keytype,
const
char
* datetime,
578
KSM_PARCOLL
* parameters,
int
* count,
int
zone_id);
579
int
KsmRequestGenerateCount
(
int
keytype,
int
* count,
int
zone_id);
580
int
KsmRequestStandbyKSKCount
(
int
* count,
int
zone_id);
581
int
KsmRequestCheckActiveKey
(
int
keytype,
const
char
* datetime,
int
* count,
int
zone_id);
582
int
KsmRequestCountReadyKey
(
int
keytype,
const
char
* datetime,
int
* count,
int
zone_id);
583
int
KsmRequestCheckFirstPass
(
int
keytype,
int
* first_pass_flag,
int
zone_id);
584
int
KsmRequestCheckCompromisedFlag
(
int
keytype,
int
zone_id,
int
* comp_flag);
585
int
KsmRequestIssueKeys
(
int
keytype,
KSM_REQUEST_CALLBACK
callback,
586
void
* context,
int
zone_id);
587
588
int
KsmRequestPrintKey
(
void
* context,
KSM_KEYDATA
* data);
589
590
int
KsmRequestDNSSECKeys
(
const
char
* datetime,
KSM_POLICY
* policy);
591
int
KsmRequestDNSSECKeysChangeStateRetireDead
(
KSM_KEY_POLICY
*policy,
const
char
* datetime,
int
verify);
592
int
KsmRequestDNSSECKeysChangeState
(
KSM_KEY_POLICY
*policy,
const
char
* datetime,
int
src_state,
int
dst_state,
int
verify);
593
int
KsmRequestDNSSECKeysChangeStatePublishReady
(
KSM_KEY_POLICY
*policy,
const
char
* datetime,
int
verify);
594
int
KsmRequestDNSSECKeysChangeStateGeneratePublishConditional
(
KSM_POLICY
*policy,
KSM_KEY_POLICY
*key_policy,
const
char
* datetime,
int
verify);
595
int
KsmRequestDNSSECKeysSetActiveExpectedRetire
(
int
keytype,
const
char
* datetime,
int
verify);
596
int
KsmRequestDNSSECKeysPendingRetireCount
(
KSM_KEY_POLICY
,
const
char
* datetime,
int
* count);
597
598
int
KsmPolicyClockskew
(
KSM_SIGNATURE_POLICY
*policy);
599
int
KsmPolicyKeyLifetime
(
KSM_KEY_POLICY
*policy);
600
int
KsmPolicyStandbyKeys
(
KSM_KEY_POLICY
*policy);
601
int
KsmPolicyPropagationDelay
(
KSM_SIGNER_POLICY
*policy);
602
int
KsmPolicySigningInterval
(
KSM_PARCOLL
* collection);
603
int
KsmPolicySoaMin
(
KSM_SIGNER_POLICY
*policy);
604
int
KsmPolicySoaTtl
(
KSM_SIGNER_POLICY
*policy);
605
int
KsmPolicyZskTtl
(
KSM_PARCOLL
* collection);
606
int
KsmPolicyInitialPublicationInterval
(
KSM_POLICY
*policy);
607
608
/* KsmImport */
609
int
KsmImportRepository
(
const
char
* repo_name,
const
char
* repo_capacity,
int
require_backup);
610
int
KsmImportPolicy
(
const
char
* policy_name,
const
char
* policy_description);
611
int
KsmImportZone
(
const
char
* zone_name,
int
policy_id,
int
fail_if_exists,
int
*new_zone,
const
char
* signconf,
const
char
* input,
const
char
* output,
const
char
* input_type,
const
char
* output_type);
612
int
KsmImportKeyPair
(
int
policy_id,
const
char
* HSMKeyID,
int
smID,
int
size,
int
alg,
int
state,
const
char
* time,
int
fixDate,
DB_ID
*
id
);
613
int
KsmSmIdFromName
(
const
char
* name,
int
*
id
);
614
int
KsmSerialIdFromName
(
const
char
* name,
int
*
id
);
615
int
KsmPolicyIdFromName
(
const
char
* name,
int
*
id
);
616
int
KsmMarkPreBackup
(
int
repo_id,
const
char
* datetime);
617
int
KsmRollbackMarkPreBackup
(
int
repo_id);
618
int
KsmMarkBackup
(
int
repo_id,
const
char
* datetime);
619
int
KsmCheckHSMkeyID
(
int
repo_id,
const
char
* cka_id,
int
*exists);
620
621
/* KsmList */
622
int
KsmListBackups
(
int
repo_id,
int
verbose_flag);
623
int
KsmListRepos
();
624
int
KsmListPolicies
();
625
int
KsmListRollovers
(
int
zone_id,
int
* ds_count);
626
int
KsmCheckNextRollover
(
int
keytype,
int
zone_id,
char
** datetime);
627
628
#ifdef __cplusplus
629
};
630
#endif
631
632
#endif
/* KSM_KSM_H */
Generated on Tue Jul 22 2014 00:37:50 for OpenDNSSEC-enforcer by
1.8.1.2