OpenDNSSEC-enforcer
1.3.4
|
00001 /* 00002 * $Id: ksm.h 5838 2011-11-08 14:28:05Z sion $ 00003 * 00004 * Copyright (c) 2008-2009 Nominet UK. All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 1. Redistributions of source code must retain the above copyright 00010 * notice, this list of conditions and the following disclaimer. 00011 * 2. Redistributions in binary form must reproduce the above copyright 00012 * notice, this list of conditions and the following disclaimer in the 00013 * documentation and/or other materials provided with the distribution. 00014 * 00015 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 00016 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 00017 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 00018 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 00019 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 00020 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 00021 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 00022 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 00023 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 00024 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 00025 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00026 * 00027 */ 00028 00029 #ifndef KSM_KSM_H 00030 #define KSM_KSM_H 00031 00032 #ifdef __cplusplus 00033 extern "C" { 00034 #endif 00035 00036 /*+ 00037 * ksm.h - KSM Definitions 00038 * 00039 * Description: 00040 * Holds definitions and prototypes for the KSM library. 00041 -*/ 00042 00043 #include <time.h> 00044 #include <ksm/database.h> 00045 #include <ksm/database_statement.h> 00046 00047 00048 /* General */ 00049 00050 typedef int KSM_ID; /* Identifies a KSM entity */ 00051 00052 #define KSM_NULL_ID ((KSM_ID) -1) /* General invalid ID */ 00053 00054 /* ksm_common */ 00055 00056 int KsmInit(void); 00057 int KsmRundown(void); 00058 00059 #define KSM_NAME_LENGTH 256 /* Includes trailing NULL */ 00060 #define KSM_PATH_LENGTH 4096 /* Includes trailing NULL */ 00061 #define KSM_POLICY_DESC_LENGTH 256 /* Includes trailing NULL */ 00062 #define KSM_POLICY_AUDIT_LENGTH 4096 /* Includes trailing NULL */ 00063 #define KSM_TIME_LENGTH 32 /* Includes trailing NULL */ 00064 00065 #define KSM_SQL_SIZE 1024 /* Max size of SQL statement */ 00066 #define KSM_INT_STR_SIZE 32 /* Max size of int as string */ 00067 #define KSM_SALT_LENGTH 512 /* Includes trailing NULL */ 00068 #define KSM_ZONE_NAME_LENGTH 256 /* Includes trailing NULL */ 00069 #define KSM_ADAPTER_NAME_LENGTH 256 /* Includes trailing NULL */ 00070 /* ksm_key */ 00071 00072 /* Key time flag states */ 00073 00074 #define KEYDATA_M_ID 0x0001 00075 #define KEYDATA_M_STATE 0x0002 00076 #define KEYDATA_M_KEYTYPE 0x0004 00077 #define KEYDATA_M_ALGORITHM 0x0008 00078 #define KEYDATA_M_SIGLIFETIME 0x0010 00079 #define KEYDATA_M_ACTIVE 0x0020 00080 #define KEYDATA_M_DEAD 0x0040 00081 #define KEYDATA_M_GENERATE 0x0080 00082 #define KEYDATA_M_PUBLISH 0x0100 00083 #define KEYDATA_M_READY 0x0200 00084 #define KEYDATA_M_RETIRE 0x0400 00085 #define KEYDATA_M_LOCATION 0x0800 00086 #define KEYDATA_M_SIZE 0x1000 00087 #define KEYDATA_M_SMID 0x2000 00088 00089 #define KEYDATA_M_TIMES (KEYDATA_M_ACTIVE | KEYDATA_M_DEAD | \ 00090 KEYDATA_M_GENERATE | KEYDATA_M_PUBLISH | KEYDATA_M_READY | KEYDATA_M_RETIRE) 00091 00092 /* 00093 * Structure for key information. Note that on the date fields, the 00094 * "struct tm" fields are used to insert data into the database, and the 00095 * "char*" fields used to retrieve data. In the latter case, a NULL field 00096 * will be represented by an empty string. 00097 */ 00098 00099 typedef struct { 00100 DB_ID keypair_id; 00101 int state; 00102 int keytype; 00103 int algorithm; 00104 int siglifetime; 00105 char active[KSM_TIME_LENGTH]; 00106 char dead[KSM_TIME_LENGTH]; 00107 char generate[KSM_TIME_LENGTH]; 00108 char publish[KSM_TIME_LENGTH]; 00109 char ready[KSM_TIME_LENGTH]; 00110 char retire[KSM_TIME_LENGTH]; 00111 char location[KSM_NAME_LENGTH]; 00112 int securitymodule_id; 00113 int size; 00114 int policy_id; 00115 char HSMKey_id[KSM_NAME_LENGTH]; /* TODO is this long enough ? */ 00116 DB_ID dnsseckey_id; 00117 int zone_id; 00118 int fixedDate; 00119 00120 /* 00121 * The remaining fields are used for data manipulation and are not part of 00122 * the KEYDATA table. 00123 */ 00124 00125 int flags; /* States which fields are valid */ 00126 int roll_scheme; /* Which rollover scheme the key is under */ 00127 } KSM_KEYDATA; 00128 00129 int KsmKeyPairCreate(int policy_id, const char* HSMKeyID, int smID, int size, int alg, const char* generate, DB_ID* id); 00130 int KsmDnssecKeyCreate(int zone_id, int keypair_id, int keytype, int state, const char* time, const char* retTime, DB_ID* id); 00131 /*int KsmDnssecKeyCreateOnPolicy(int policy_id, int keypair_id, int keytype);*/ 00132 int KsmKeyInitSql(DB_RESULT* result, const char* sql); 00133 int KsmKeyInit(DB_RESULT* result, DQS_QUERY_CONDITION* condition); 00134 int KsmKeyInitId(DB_RESULT* result, DB_ID id); 00135 int KsmKey(DB_RESULT result, KSM_KEYDATA* data); 00136 void KsmKeyEnd(DB_RESULT result); 00137 int KsmKeyQuery(const char* sql, DB_RESULT* result); 00138 int KsmKeyData(DB_ID id, KSM_KEYDATA* data); 00139 int KsmKeyPredict(int policy_id, int keytype, int shared_keys, int interval, int *count, int rollover_scheme, int zone_count); 00140 int KsmKeyCountQueue(int keytype, int* count, int zone_id); 00141 int KsmKeyCountStillGood(int policy_id, int sm, int bits, int algorithm, int interval, const char* datetime, int *count, int keytype); 00142 int KsmKeyGetUnallocated(int policy_id, int sm, int bits, int algorithm, int zone_id, int share_keys, int *keypair_id); 00143 int KsmMarkKeysAsDead(int zone_id); 00144 int KsmKillKey(int keypair_id); 00145 00146 /* delete */ 00147 00148 int KsmDeleteKeyRange(int minid, int maxid); 00149 int KsmDeleteKeyRanges(int limit[], int size); 00150 00151 /* KsmParameter */ 00152 00153 typedef struct { 00154 char name[KSM_NAME_LENGTH]; 00155 char category[KSM_NAME_LENGTH]; 00156 int value; 00157 int parameter_id; 00158 } KSM_PARAMETER; 00159 00160 int KsmParameterInit(DB_RESULT* result, const char* name, const char* category, int policy_id); 00161 int KsmParameterExist(DB_RESULT* result, const char* name, const char* category, int* parameter_id); 00162 int KsmParameter(DB_RESULT result, KSM_PARAMETER* data); 00163 void KsmParameterEnd(DB_RESULT result); 00164 int KsmParameterValue(const char* name, const char* category, int* value, int policy_id, int* parameter_id); 00165 int KsmParameterSet(const char* name, const char* category, int value, int policy_id); 00166 int KsmParameterShow(const char* name, const char* category, int policy_id); 00167 00168 /* ksmPolicy */ 00169 typedef struct { 00170 int refresh; 00171 int jitter; 00172 int propdelay; 00173 int soamin; 00174 int soattl; 00175 int serial; 00176 } KSM_SIGNER_POLICY; 00177 00178 typedef struct { 00179 int clockskew; 00180 int resign; 00181 int valdefault; 00182 int valdenial; 00183 } KSM_SIGNATURE_POLICY; 00184 00185 typedef struct { 00186 int version; 00187 int resalt; 00188 int algorithm; 00189 int iteration; 00190 int optout; 00191 int ttl; 00192 int saltlength; 00193 char salt[KSM_SALT_LENGTH]; 00194 char salt_stamp[KSM_TIME_LENGTH]; 00195 } KSM_DENIAL_POLICY; 00196 00197 typedef struct { 00198 int ttl; 00199 int retire_safety; 00200 int publish_safety; 00201 int share_keys; 00202 int purge; 00203 } KSM_COMMON_KEY_POLICY; 00204 00205 typedef struct { 00206 int algorithm; 00207 int bits; 00208 int lifetime; 00209 int sm; 00210 char sm_name[KSM_NAME_LENGTH]; 00211 unsigned long sm_capacity; 00212 int require_backup; 00213 int overlap; 00214 int ttl; 00215 int rfc5011; 00216 int type; 00217 int standby_keys; 00218 int manual_rollover; 00219 int rollover_scheme; 00220 } KSM_KEY_POLICY; 00221 00222 typedef struct { 00223 int keycreate; 00224 int backup_interval; 00225 int keygeninterval; 00226 } KSM_ENFORCER_POLICY; 00227 00228 typedef struct { 00229 int propdelay; 00230 int soa_ttl; 00231 int soa_min; 00232 int serial; 00233 } KSM_ZONE_POLICY; 00234 00235 typedef struct { 00236 int propdelay; 00237 int ds_ttl; 00238 int soa_ttl; 00239 int soa_min; 00240 } KSM_PARENT_POLICY; 00241 00242 typedef struct { 00243 int audit; 00244 } KSM_AUDIT_POLICY; 00245 00246 typedef struct { 00247 int id; 00248 char name[KSM_NAME_LENGTH]; 00249 char* description; 00250 KSM_SIGNER_POLICY* signer; 00251 KSM_SIGNATURE_POLICY* signature; 00252 KSM_DENIAL_POLICY* denial; 00253 KSM_COMMON_KEY_POLICY* keys; 00254 KSM_KEY_POLICY* ksk; 00255 KSM_KEY_POLICY* zsk; 00256 KSM_ENFORCER_POLICY* enforcer; 00257 KSM_ZONE_POLICY* zone; 00258 KSM_PARENT_POLICY* parent; 00259 /*KSM_AUDIT_POLICY* audit;*/ 00260 char* audit; 00261 int shared_keys; 00262 } KSM_POLICY; 00263 00264 typedef struct { 00265 char name[KSM_NAME_LENGTH]; 00266 char category[KSM_NAME_LENGTH]; 00267 int value; 00268 } KSM_POLICY_PARAMETER; 00269 00270 int KsmPolicyInit(DB_RESULT* handle, const char* name); 00271 int KsmPolicyExists(const char* name); 00272 int KsmPolicyParametersInit(DB_RESULT* handle, const char* name); 00273 int KsmPolicyRead(KSM_POLICY* policy); 00274 int KsmPolicy(DB_RESULT handle, KSM_POLICY* data); 00275 int KsmPolicyParameter(DB_RESULT handle, KSM_POLICY_PARAMETER* data); 00276 int KsmPolicyReadFromId(KSM_POLICY* policy); 00277 int KsmPolicyNameFromId(KSM_POLICY* policy); 00278 int KsmPolicyUpdateSalt(KSM_POLICY* policy); 00279 int KsmPolicyNullSaltStamp(int policy_id); 00280 int KsmPolicyPopulateSMFromIds(KSM_POLICY* policy); 00281 int KsmPolicySetIdFromName(KSM_POLICY *policy); 00282 int KsmPolicyIdFromZoneId(int zone_id, int* policy_id); 00283 00284 KSM_POLICY *KsmPolicyAlloc(); 00285 void KsmPolicyFree(KSM_POLICY *policy); 00286 00287 /* ksmZone */ 00288 typedef struct { 00289 int id; 00290 int policy_id; 00291 char name[KSM_ZONE_NAME_LENGTH]; 00292 char signconf[KSM_PATH_LENGTH]; 00293 char input[KSM_PATH_LENGTH]; 00294 char output[KSM_PATH_LENGTH]; 00295 char policy_name[KSM_NAME_LENGTH]; 00296 } KSM_ZONE; 00297 00298 int KsmZoneInit(DB_RESULT* handle, int policy_id); 00299 int KsmZone(DB_RESULT handle, KSM_ZONE *data); 00300 int KsmZoneCount(DB_RESULT handle, int* count); 00301 int KsmZoneCountInit(DB_RESULT* handle, int id); 00302 int KsmZoneIdFromName(const char* zone_name, int* zone_id); 00303 int KsmZoneIdAndPolicyFromName(const char* zone_name, int* policy_id, int* zone_id); 00304 int KsmDeleteZone(int zone_id); 00305 int KsmZoneNameFromId(int zone_id, char** zone_name); 00306 00307 #define UNSIGNED 0 00308 #define SIGNED 1 00309 00310 int KsmDNSSECKeysInSMCountInit(DB_RESULT* handle, int policy_id); 00311 int KsmDNSSECKeysInSMCount(DB_RESULT handle, int* count); 00312 int KsmDNSSECKeysStateCountInit(DB_RESULT* result, int policy_id, KSM_KEY_POLICY *key_policy, int state); 00313 00314 /* Purge */ 00315 00316 void KsmPurge(void); 00317 00318 /* 00319 * Constants in the database tables. These are used in the 00320 * ksm_keyword module. 00321 * 00322 * THESE MUST BE KEPT IN STEP WITH THE DATABASE CREATION SCRIPT 00323 */ 00324 00325 /* 00326 * The following names and constants are in the SIG(0) Algorithm Numbers 00327 * page at IANA - http://www.iana.org/assignments/sig-alg-numbers. 00328 */ 00329 00330 #define KSM_ALGORITHM_RSAMD5 1 00331 #define KSM_ALGORITHM_RSAMD5_STRING "rsamd5" 00332 #define KSM_ALGORITHM_DH 2 00333 #define KSM_ALGORITHM_DH_STRING "dh" 00334 #define KSM_ALGORITHM_DSASHA1 3 00335 #define KSM_ALGORITHM_DSASHA1_STRING "dsa" 00336 #define KSM_ALGORITHM_RSASHA1 5 00337 #define KSM_ALGORITHM_RSASHA1_STRING "rsasha1" 00338 #define KSM_ALGORITHM_DSA_NSEC3_SHA1 6 00339 #define KSM_ALGORITHM_DSA_NSEC3_SHA1_STRING "dsa-nsec3-sha1" 00340 #define KSM_ALGORITHM_RSASHA1_NSEC3_SHA1 7 00341 #define KSM_ALGORITHM_RSASHA1_NSEC3_SHA1_STRING "rsasha1-nsec3-sha1" 00342 #define KSM_ALGORITHM_RSASHA256 8 00343 #define KSM_ALGORITHM_RSASHA256_STRING "rsasha256" 00344 #define KSM_ALGORITHM_RSASHA512 10 00345 #define KSM_ALGORITHM_RSASHA512_STRING "rsasha512" 00346 #define KSM_ALGORITHM_INDIRECT 252 00347 #define KSM_ALGORITHM_INDIRECT_STRING "indirect" 00348 #define KSM_ALGORITHM_PRIVDOM 253 00349 #define KSM_ALGORITHM_PRIVDOM_STRING "domain" 00350 #define KSM_ALGORITHM_PRIVOID 254 00351 #define KSM_ALGORITHM_PRIVOID_STRING "oid" 00352 00353 #define KSM_FORMAT_FILE 1 00354 #define KSM_FORMAT_FILE_STRING "file" 00355 #define KSM_FORMAT_HSM 2 00356 #define KSM_FORMAT_HSM_STRING "hsm" 00357 #define KSM_FORMAT_URI 3 00358 #define KSM_FORMAT_URI_STRING "uri" 00359 00360 #define KSM_TYPE_KSK 257 00361 #define KSM_TYPE_KSK_STRING "ksk" 00362 #define KSM_TYPE_ZSK 256 00363 #define KSM_TYPE_ZSK_STRING "zsk" 00364 00365 #define KSM_STATE_GENERATE 1 00366 #define KSM_STATE_GENERATE_STRING "generate" 00367 #define KSM_STATE_PUBLISH 2 00368 #define KSM_STATE_PUBLISH_STRING "publish" 00369 #define KSM_STATE_READY 3 00370 #define KSM_STATE_READY_STRING "ready" 00371 #define KSM_STATE_ACTIVE 4 00372 #define KSM_STATE_ACTIVE_STRING "active" 00373 #define KSM_STATE_RETIRE 5 00374 #define KSM_STATE_RETIRE_STRING "retire" 00375 #define KSM_STATE_DEAD 6 00376 #define KSM_STATE_DEAD_STRING "dead" 00377 #define KSM_STATE_DSSUB 7 00378 #define KSM_STATE_DSSUB_STRING "dssub" 00379 #define KSM_STATE_DSPUBLISH 8 00380 #define KSM_STATE_DSPUBLISH_STRING "dspublish" 00381 #define KSM_STATE_DSREADY 9 00382 #define KSM_STATE_DSREADY_STRING "dsready" 00383 #define KSM_STATE_KEYPUBLISH 10 00384 #define KSM_STATE_KEYPUBLISH_STRING "keypublish" 00385 00386 #define KSM_SERIAL_UNIX_STRING "unixtime" 00387 #define KSM_SERIAL_UNIX 1 00388 #define KSM_SERIAL_COUNTER_STRING "counter" 00389 #define KSM_SERIAL_COUNTER 2 00390 #define KSM_SERIAL_DATE_STRING "datecounter" 00391 #define KSM_SERIAL_DATE 3 00392 #define KSM_SERIAL_KEEP_STRING "keep" 00393 #define KSM_SERIAL_KEEP 4 00394 00395 #define KSM_KEYS_NOT_SHARED 0 00396 #define KSM_KEYS_SHARED 1 00397 00398 #define KSM_ROLL_DEFAULT 1 /* DoubleDNSKEY */ 00399 #define KSM_ROLL_DNSKEY_STRING "DoubleDNSKey" 00400 #define KSM_ROLL_DNSKEY 1 00401 #define KSM_ROLL_DS_STRING "DoubleDS" 00402 #define KSM_ROLL_DS 2 00403 #define KSM_ROLL_RRSET_STRING "DoubleRRSet" 00404 #define KSM_ROLL_RRSET 3 00405 00406 /* Reserved parameters and default values (in seconds) */ 00407 /* TODO redefine this properly: 00408 * have _CAT defines separate 00409 * rename to match the new list 00410 * add new items ? */ 00411 #define KSM_PAR_CLOCKSKEW 3600 /* 1 hour */ 00412 #define KSM_PAR_CLOCKSKEW_STRING "clockskew" 00413 #define KSM_PAR_CLOCKSKEW_CAT "signature" 00414 #define KSM_PAR_KSKLIFE 63072000 /* 2 years */ 00415 #define KSM_PAR_KSKLIFE_STRING "lifetime" 00416 #define KSM_PAR_KSKLIFE_CAT "ksk" 00417 #define KSM_PAR_PROPDELAY 3600 /* 1 hour */ 00418 #define KSM_PAR_PROPDELAY_STRING "propagationdelay" 00419 #define KSM_PAR_PROPDELAY_CAT "zone" 00420 #define KSM_PAR_STANDBYKSKS 1 00421 #define KSM_PAR_STANDBYKSKS_STRING "standby" 00422 #define KSM_PAR_STANDBYKSKS_CAT "ksk" 00423 #define KSM_PAR_STANDBYZSKS 1 00424 #define KSM_PAR_STANDBYZSKS_STRING "standby" 00425 #define KSM_PAR_STANDBYZSKS_CAT "zsk" 00426 #define KSM_PAR_SIGNINT 7200 /* 2 hours */ 00427 #define KSM_PAR_SIGNINT_STRING "resign" 00428 #define KSM_PAR_SIGNINT_CAT "signature" 00429 #define KSM_PAR_SOAMIN 7200 /* 2 hours */ 00430 #define KSM_PAR_SOAMIN_STRING "min" 00431 #define KSM_PAR_SOAMIN_CAT "zone" 00432 #define KSM_PAR_SOATTL 172800 /* 2 days */ 00433 #define KSM_PAR_SOATTL_STRING "ttl" 00434 #define KSM_PAR_SOATTL_CAT "zone" 00435 #define KSM_PAR_ZSKSIGLIFE 432000 /* 5 days */ 00436 #define KSM_PAR_ZSKSIGLIFE_STRING "valdefault" 00437 #define KSM_PAR_ZSKSIGLIFE_CAT "signature" 00438 #define KSM_PAR_ZSKLIFE 2592000 /* 30 days */ 00439 #define KSM_PAR_ZSKLIFE_STRING "lifetime" 00440 #define KSM_PAR_ZSKLIFE_CAT "zsk" 00441 #define KSM_PAR_ZSKTTL 172800 /* 2 days */ 00442 #define KSM_PAR_ZSKTTL_STRING "ttl" 00443 #define KSM_PAR_ZSKTTL_CAT "keys" 00444 #define KSM_PAR_KSKTTL 172800 /* 2 days */ 00445 #define KSM_PAR_KSKTTL_STRING "ttl" 00446 #define KSM_PAR_KSKTTL_CAT "keys" 00447 #define KSM_PAR_KSKPROPDELAY 3600 /* 1 hour */ 00448 #define KSM_PAR_KSKPROPDELAY_STRING "propagationdelay" 00449 #define KSM_PAR_KSKPROPDELAY_CAT "parent" 00450 #define KSM_PAR_REGDELAY 0 /* TODO sort this out */ 00451 #define KSM_PAR_REGDELAY_STRING "registrationdelay" /* TODO sort this out */ 00452 #define KSM_PAR_REGDELAY_CAT "parent" /* TODO sort this out */ 00453 #define KSM_PAR_PUBSAFETY 172800 /* 2 days */ 00454 #define KSM_PAR_PUBSAFETY_STRING "publishsafety" 00455 #define KSM_PAR_PUBSAFETY_CAT "keys" 00456 #define KSM_PAR_RETSAFETY 172800 /* 2 days */ 00457 #define KSM_PAR_RETSAFETY_STRING "retiresafety" 00458 #define KSM_PAR_RETSAFETY_CAT "keys" 00459 #define KSM_PAR_KSK_MAN_ROLL 0 /* false (i.e. automatic roll) */ 00460 #define KSM_PAR_KSK_MAN_ROLL_STRING "manual_rollover" 00461 #define KSM_PAR_KSK_MAN_ROLL_CAT "ksk" 00462 #define KSM_PAR_ZSK_MAN_ROLL 0 /* false (i.e. automatic roll) */ 00463 #define KSM_PAR_ZSK_MAN_ROLL_STRING "manual_rollover" 00464 #define KSM_PAR_ZSK_MAN_ROLL_CAT "zsk" 00465 #define KSM_PAR_DSTTL 3600 00466 #define KSM_PAR_DSTTL_STRING "ttlds" 00467 #define KSM_PAR_DSTTL_CAT "parent" 00468 #define KSM_PAR_KSK_ROLL 0 00469 #define KSM_PAR_KSK_ROLL_STRING "rollover_scheme" 00470 #define KSM_PAR_KSK_ROLL_CAT "ksk" 00471 00472 typedef struct { /* Holds collection of parameters */ 00473 int clockskew; /* Clock skew */ 00474 int ksklife; /* Lifetime of a KSK */ 00475 int standbyksks; /* Number of Standby Key Signing keys */ 00476 int standbyzsks; /* Number of Standby Zone signing keys */ 00477 int propdelay; /* Propagation delay */ 00478 int signint; /* Signing interval - how long signing the zone takes */ 00479 int soamin; /* "Minimum" value from SOA record */ 00480 int soattl; /* TTL of the SOA record */ 00481 int zsksiglife; /* Length of signatures signed by this ZSK */ 00482 int zsklife; /* How long key is used for */ 00483 int zskttl; /* TTL of ZSK DNSKEY record */ 00484 int kskttl; /* TTL of KSK DNSKEY record */ 00485 int kskpropdelay; /* KSK Propagation delay */ 00486 int regdelay; /* KSK Registration delay */ 00487 int pub_safety; /* Publish safety margin */ 00488 int ret_safety; /* Retire safety margin */ 00489 int kskmanroll; /* Do we only roll the KSK manually? */ 00490 int zskmanroll; /* Do we only roll the ZSK manually? */ 00491 int dsttl; /* TTL of the DS record */ 00492 int kskroll; /* Rollover Scheme for the KSK */ 00493 } KSM_PARCOLL; 00494 00495 int KsmCollectionInit(KSM_PARCOLL* data); 00496 int KsmParameterClockskew(KSM_PARCOLL* collection); 00497 int KsmParameterKskLifetime(KSM_PARCOLL* collection); 00498 int KsmParameterStandbyKSKeys(KSM_PARCOLL* collection); 00499 int KsmParameterStandbyZSKeys(KSM_PARCOLL* collection); 00500 int KsmParameterPropagationDelay(KSM_PARCOLL* collection); 00501 int KsmParameterSigningInterval(KSM_PARCOLL* collection); 00502 int KsmParameterSoaMin(KSM_PARCOLL* collection); 00503 int KsmParameterSoaTtl(KSM_PARCOLL* collection); 00504 int KsmParameterZskLifetime(KSM_PARCOLL* collection); 00505 int KsmParameterZskTtl(KSM_PARCOLL* collection); 00506 int KsmParameterKskTtl(KSM_PARCOLL* collection); 00507 int KsmParameterKskPropagationDelay(KSM_PARCOLL* collection); 00508 int KsmParameterRegistrationDelay(KSM_PARCOLL* collection); 00509 int KsmParameterPubSafety(KSM_PARCOLL* collection); 00510 int KsmParameterRetSafety(KSM_PARCOLL* collection); 00511 int KsmParameterInitialPublicationInterval(KSM_PARCOLL* collection); 00512 int KsmParameterCollection(KSM_PARCOLL* data, int policy_id); 00513 00514 /* ksm_keyword */ 00515 00516 int KsmKeywordAlgorithmNameToValue(const char* name); 00517 int KsmKeywordFormatNameToValue(const char* name); 00518 int KsmKeywordParameterNameToValue(const char* name); 00519 int KsmKeywordStateNameToValue(const char* name); 00520 int KsmKeywordTypeNameToValue(const char* name); 00521 int KsmKeywordRollNameToValue(const char* name); 00522 00523 const char* KsmKeywordAlgorithmValueToName(int value); 00524 const char* KsmKeywordFormatValueToName(int value); 00525 const char* KsmKeywordStateValueToName(int value); 00526 const char* KsmKeywordTypeValueToName(int value); 00527 const char* KsmKeywordSerialValueToName(int value); 00528 const char* KsmKeywordRollValueToName(int value); 00529 00530 int KsmKeywordParameterExists(const char* name); 00531 00532 /* ksm_update */ 00533 00534 int KsmUpdate(int policy_id, int zone_id); 00535 void KsmUpdateKey(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id); 00536 void KsmUpdateGenerateKeyTime(KSM_KEYDATA* data); 00537 void KsmUpdatePublishKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id); 00538 void KsmUpdateReadyKeyTime(KSM_KEYDATA* data); 00539 void KsmUpdateActiveKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id); 00540 void KsmUpdateRetireKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id); 00541 void KsmUpdateDeadKeyTime(KSM_KEYDATA* data); 00542 void KsmUpdateDSPublishKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id); 00543 void KsmUpdateKEYPublishKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id); 00544 int KsmUpdateKeyTime(const KSM_KEYDATA* data, const char* source, 00545 const char* destination, int interval, int zone_id); 00546 00547 /* ksm_request */ 00548 00549 typedef int (*KSM_REQUEST_CALLBACK)(void* context, KSM_KEYDATA* key); 00550 00551 int KsmRequestKeys(int keytype, int rollover, const char* datetime, 00552 KSM_REQUEST_CALLBACK callback, void* context, int policy_id, int zone_id, 00553 int run_interval, int* NewDS); 00554 int KsmRequestKeysByType(int keytype, int rollover, const char* datetime, 00555 KSM_REQUEST_CALLBACK callback, void* context, int policy_id, int zone_id, 00556 int run_interval, int* NewDS); 00557 int KsmRequestSetActiveExpectedRetire(int keytype, const char* datetime, int zone_id); 00558 int KsmRequestChangeStateActiveRetire(int keytype, const char* datetime, int zone_id, int policy_id); 00559 int KsmRequestChangeStateRetireDead(int keytype, const char* datetime, int zone_id, int policy_id, int rollover_scheme, int* NewDS); 00560 int KsmRequestChangeStatePublishReady(int keytype, const char* datetime, int zone_id, int policy_id, int* NewDS); 00561 int KsmRequestChangeStateDSPublishDSReady(int keytype, const char* datetime, int zone_id, int policy_id); 00562 int KsmRequestChangeState(int keytype, const char* datetime, int src_state, 00563 int dst_state, int zone_id, int policy_id, int rollover_scheme, int* NewDS); 00564 int KsmRequestChangeStateGeneratePublish(int keytype, const char* datetime, 00565 int count, int zone_id); 00566 int KsmRequestChangeStateGenerateDSSub(int keytype, const char* datetime, 00567 int count, int zone_id); 00568 int KsmRequestChangeStateDSReadyKeyPublish(const char* datetime, int zone_id, int policy_id); 00569 int KsmRequestChangeStateKeyPublishActive(const char* datetime, int zone_id, int policy_id, int* NewDS); 00570 int KsmRequestChangeStateReadyActive(int keytype, const char* datetime, 00571 int count, int zone_id); 00572 int KsmRequestChangeStateN(int keytype, const char* datetime, 00573 int count, int src_state, int dst_state, int zone_id); 00574 int KsmRequestChangeStateGenerateDSSubConditional(int keytype, 00575 const char* datetime, KSM_PARCOLL* collection, int zone_id, int* NewDS); 00576 int KsmRequestChangeStateGeneratePublishConditional( int keytype, 00577 const char* datetime, KSM_PARCOLL* collection, int zone_id, 00578 int run_interval); 00579 int KsmRequestPendingRetireCount(int keytype, const char* datetime, 00580 KSM_PARCOLL* parameters, int* count, int zone_id, int interval); 00581 int KsmRequestAvailableCount(int keytype, const char* datetime, 00582 KSM_PARCOLL* parameters, int* count, int zone_id); 00583 int KsmRequestGenerateCount(int keytype, int* count, int zone_id); 00584 int KsmRequestStandbyKSKCount(int* count, int zone_id); 00585 int KsmRequestCheckActiveKey(int keytype, const char* datetime, int* count, int zone_id); 00586 int KsmRequestCountReadyKey(int keytype, const char* datetime, int* count, int zone_id); 00587 int KsmRequestCheckFirstPass(int keytype, int* first_pass_flag, int zone_id); 00588 int KsmRequestCheckCompromisedFlag(int keytype, int zone_id, int* comp_flag); 00589 int KsmRequestIssueKeys(int keytype, KSM_REQUEST_CALLBACK callback, 00590 void* context, int zone_id); 00591 00592 int KsmRequestPrintKey(void* context, KSM_KEYDATA* data); 00593 00594 int KsmRequestDNSSECKeys(const char* datetime, KSM_POLICY* policy); 00595 int KsmRequestDNSSECKeysChangeStateRetireDead(KSM_KEY_POLICY *policy, const char* datetime, int verify); 00596 int KsmRequestDNSSECKeysChangeState(KSM_KEY_POLICY *policy, const char* datetime, int src_state, int dst_state, int verify); 00597 int KsmRequestDNSSECKeysChangeStatePublishReady(KSM_KEY_POLICY *policy, const char* datetime, int verify); 00598 int KsmRequestDNSSECKeysChangeStateGeneratePublishConditional(KSM_POLICY *policy, KSM_KEY_POLICY *key_policy, const char* datetime, int verify); 00599 int KsmRequestDNSSECKeysSetActiveExpectedRetire(int keytype, const char* datetime, int verify); 00600 int KsmRequestDNSSECKeysPendingRetireCount(KSM_KEY_POLICY, const char* datetime, int* count); 00601 00602 int KsmPolicyClockskew(KSM_SIGNATURE_POLICY *policy); 00603 int KsmPolicyKeyLifetime(KSM_KEY_POLICY *policy); 00604 int KsmPolicyStandbyKeys(KSM_KEY_POLICY *policy); 00605 int KsmPolicyPropagationDelay(KSM_SIGNER_POLICY *policy); 00606 int KsmPolicySigningInterval(KSM_PARCOLL* collection); 00607 int KsmPolicySoaMin(KSM_SIGNER_POLICY *policy); 00608 int KsmPolicySoaTtl(KSM_SIGNER_POLICY *policy); 00609 int KsmPolicyZskTtl(KSM_PARCOLL* collection); 00610 int KsmPolicyInitialPublicationInterval(KSM_POLICY *policy); 00611 00612 /* KsmImport */ 00613 int KsmImportRepository(const char* repo_name, const char* repo_capacity, int require_backup); 00614 int KsmImportPolicy(const char* policy_name, const char* policy_description); 00615 int KsmImportZone(const char* zone_name, int policy_id, int fail_if_exists, int *new_zone, const char* signconf, const char* input, const char* output); 00616 int KsmImportAudit(int policy_id, const char* audit_contents); 00617 int KsmImportKeyPair(int policy_id, const char* HSMKeyID, int smID, int size, int alg, int state, const char* time, int fixDate, DB_ID* id); 00618 int KsmSmIdFromName(const char* name, int *id); 00619 int KsmSerialIdFromName(const char* name, int *id); 00620 int KsmPolicyIdFromName(const char* name, int *id); 00621 int KsmMarkPreBackup(int repo_id, const char* datetime); 00622 int KsmRollbackMarkPreBackup(int repo_id); 00623 int KsmMarkBackup(int repo_id, const char* datetime); 00624 int KsmCheckHSMkeyID(int repo_id, const char* cka_id, int *exists); 00625 00626 /* KsmList */ 00627 int KsmListBackups(int repo_id, int verbose_flag); 00628 int KsmListRepos(); 00629 int KsmListPolicies(); 00630 int KsmListRollovers(int zone_id); 00631 int KsmCheckNextRollover(int keytype, int zone_id, char** datetime); 00632 00633 #ifdef __cplusplus 00634 }; 00635 #endif 00636 00637 #endif /* KSM_KSM_H */