OpenDNSSEC-enforcer
1.4.1
Main Page
Data Structures
Files
File List
Globals
enforcer
ksm
include
ksm
ksm.h
Go to the documentation of this file.
1
/*
2
* $Id: ksm.h 6969 2013-01-23 09:55:48Z sion $
3
*
4
* Copyright (c) 2008-2009 Nominet UK. All rights reserved.
5
*
6
* Redistribution and use in source and binary forms, with or without
7
* modification, are permitted provided that the following conditions
8
* are met:
9
* 1. Redistributions of source code must retain the above copyright
10
* notice, this list of conditions and the following disclaimer.
11
* 2. Redistributions in binary form must reproduce the above copyright
12
* notice, this list of conditions and the following disclaimer in the
13
* documentation and/or other materials provided with the distribution.
14
*
15
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26
*
27
*/
28
29
#ifndef KSM_KSM_H
30
#define KSM_KSM_H
31
32
#ifdef __cplusplus
33
extern
"C"
{
34
#endif
35
36
/*+
37
* ksm.h - KSM Definitions
38
*
39
* Description:
40
* Holds definitions and prototypes for the KSM library.
41
-*/
42
43
#include <time.h>
44
#include <
ksm/database.h
>
45
#include <
ksm/database_statement.h
>
46
47
48
/* General */
49
50
typedef
int
KSM_ID
;
/* Identifies a KSM entity */
51
52
#define KSM_NULL_ID ((KSM_ID) -1)
/* General invalid ID */
53
54
/* ksm_common */
55
56
int
KsmInit
(
void
);
57
int
KsmRundown
(
void
);
58
59
#define KSM_NAME_LENGTH 256
/* Includes trailing NULL */
60
#define KSM_MSG_LENGTH 512
/* Includes trailing NULL */
61
#define KSM_PATH_LENGTH 4096
/* Includes trailing NULL */
62
#define KSM_POLICY_DESC_LENGTH 256
/* Includes trailing NULL */
63
#define KSM_TIME_LENGTH 32
/* Includes trailing NULL */
64
65
#define KSM_SQL_SIZE 1024
/* Max size of SQL statement */
66
#define KSM_INT_STR_SIZE 32
/* Max size of int as string */
67
#define KSM_SALT_LENGTH 512
/* Includes trailing NULL */
68
#define KSM_ZONE_NAME_LENGTH 256
/* Includes trailing NULL */
69
#define KSM_ADAPTER_NAME_LENGTH 512
/* Includes trailing NULL */
70
/* ksm_key */
71
72
/* Key time flag states */
73
74
#define KEYDATA_M_ID 0x0001
75
#define KEYDATA_M_STATE 0x0002
76
#define KEYDATA_M_KEYTYPE 0x0004
77
#define KEYDATA_M_ALGORITHM 0x0008
78
#define KEYDATA_M_SIGLIFETIME 0x0010
79
#define KEYDATA_M_ACTIVE 0x0020
80
#define KEYDATA_M_DEAD 0x0040
81
#define KEYDATA_M_GENERATE 0x0080
82
#define KEYDATA_M_PUBLISH 0x0100
83
#define KEYDATA_M_READY 0x0200
84
#define KEYDATA_M_RETIRE 0x0400
85
#define KEYDATA_M_LOCATION 0x0800
86
#define KEYDATA_M_SIZE 0x1000
87
#define KEYDATA_M_SMID 0x2000
88
89
#define KEYDATA_M_TIMES (KEYDATA_M_ACTIVE | KEYDATA_M_DEAD | \
90
KEYDATA_M_GENERATE | KEYDATA_M_PUBLISH | KEYDATA_M_READY | KEYDATA_M_RETIRE)
91
92
/*
93
* Structure for key information. Note that on the date fields, the
94
* "struct tm" fields are used to insert data into the database, and the
95
* "char*" fields used to retrieve data. In the latter case, a NULL field
96
* will be represented by an empty string.
97
*/
98
99
typedef
struct
{
100
DB_ID
keypair_id
;
101
int
state
;
102
int
keytype
;
103
int
algorithm
;
104
int
siglifetime
;
105
char
active[
KSM_TIME_LENGTH
];
106
char
dead[
KSM_TIME_LENGTH
];
107
char
generate[
KSM_TIME_LENGTH
];
108
char
publish[
KSM_TIME_LENGTH
];
109
char
ready[
KSM_TIME_LENGTH
];
110
char
retire[
KSM_TIME_LENGTH
];
111
char
location[
KSM_NAME_LENGTH
];
112
int
securitymodule_id
;
113
int
size
;
114
int
policy_id
;
115
char
HSMKey_id[
KSM_NAME_LENGTH
];
/* TODO is this long enough ? */
116
DB_ID
dnsseckey_id
;
117
int
zone_id
;
118
int
fixedDate
;
119
120
/*
121
* The remaining fields are used for data manipulation and are not part of
122
* the KEYDATA table.
123
*/
124
125
int
flags
;
/* States which fields are valid */
126
int
roll_scheme
;
/* Which rollover scheme the key is under */
127
}
KSM_KEYDATA
;
128
129
int
KsmKeyPairCreate
(
int
policy_id,
const
char
* HSMKeyID,
int
smID,
int
size,
int
alg,
const
char
* generate,
DB_ID
*
id
);
130
int
KsmDnssecKeyCreate
(
int
zone_id,
int
keypair_id,
int
keytype,
int
state,
const
char
* time,
const
char
* retTime,
DB_ID
*
id
);
131
/*int KsmDnssecKeyCreateOnPolicy(int policy_id, int keypair_id, int keytype);*/
132
int
KsmKeyInitSql
(
DB_RESULT
* result,
const
char
* sql);
133
int
KsmKeyInit
(
DB_RESULT
* result,
DQS_QUERY_CONDITION
* condition);
134
int
KsmKeyInitId
(
DB_RESULT
* result,
DB_ID
id
);
135
int
KsmKey
(
DB_RESULT
result,
KSM_KEYDATA
* data);
136
void
KsmKeyEnd
(
DB_RESULT
result);
137
int
KsmKeyQuery
(
const
char
* sql,
DB_RESULT
* result);
138
int
KsmKeyData
(
DB_ID
id
,
KSM_KEYDATA
* data);
139
int
KsmKeyPredict
(
int
policy_id,
int
keytype,
int
shared_keys,
int
interval,
int
*count,
int
rollover_scheme,
int
zone_count);
140
int
KsmKeyCountQueue
(
int
keytype,
int
* count,
int
zone_id);
141
int
KsmKeyCountStillGood
(
int
policy_id,
int
sm,
int
bits,
int
algorithm,
int
interval,
const
char
* datetime,
int
*count,
int
keytype);
142
int
KsmKeyGetUnallocated
(
int
policy_id,
int
sm,
int
bits,
int
algorithm,
int
zone_id,
int
share_keys,
int
*keypair_id);
143
int
KsmMarkKeysAsDead
(
int
zone_id);
144
int
KsmKillKey
(
int
keypair_id,
int
zone_id);
145
146
/* delete */
147
148
int
KsmDeleteKeyRange
(
int
minid,
int
maxid);
149
int
KsmDeleteKeyRanges
(
int
limit[],
int
size);
150
151
/* KsmParameter */
152
153
typedef
struct
{
154
char
name[
KSM_NAME_LENGTH
];
155
char
category[
KSM_NAME_LENGTH
];
156
int
value
;
157
int
parameter_id
;
158
}
KSM_PARAMETER
;
159
160
int
KsmParameterInit
(
DB_RESULT
* result,
const
char
* name,
const
char
* category,
int
policy_id);
161
int
KsmParameterExist
(
DB_RESULT
* result,
const
char
* name,
const
char
* category,
int
* parameter_id);
162
int
KsmParameter
(
DB_RESULT
result,
KSM_PARAMETER
* data);
163
void
KsmParameterEnd
(
DB_RESULT
result);
164
int
KsmParameterValue
(
const
char
* name,
const
char
* category,
int
* value,
int
policy_id,
int
* parameter_id);
165
int
KsmParameterSet
(
const
char
* name,
const
char
* category,
int
value,
int
policy_id);
166
int
KsmParameterShow
(
const
char
* name,
const
char
* category,
int
policy_id);
167
168
/* ksmPolicy */
169
typedef
struct
{
170
int
refresh
;
171
int
jitter
;
172
int
propdelay
;
173
int
soamin
;
174
int
soattl
;
175
int
serial
;
176
}
KSM_SIGNER_POLICY
;
177
178
typedef
struct
{
179
int
clockskew
;
180
int
resign
;
181
int
valdefault
;
182
int
valdenial
;
183
}
KSM_SIGNATURE_POLICY
;
184
185
typedef
struct
{
186
int
version
;
187
int
resalt
;
188
int
algorithm
;
189
int
iteration
;
190
int
optout
;
191
int
ttl
;
192
int
saltlength
;
193
char
salt[
KSM_SALT_LENGTH
];
194
char
salt_stamp[
KSM_TIME_LENGTH
];
195
}
KSM_DENIAL_POLICY
;
196
197
typedef
struct
{
198
int
ttl
;
199
int
retire_safety
;
200
int
publish_safety
;
201
int
share_keys
;
202
int
purge
;
203
}
KSM_COMMON_KEY_POLICY
;
204
205
typedef
struct
{
206
int
algorithm
;
207
int
bits
;
208
int
lifetime
;
209
int
sm
;
210
char
sm_name[
KSM_NAME_LENGTH
];
211
unsigned
long
sm_capacity
;
212
int
require_backup
;
213
int
overlap
;
214
int
ttl
;
215
int
rfc5011
;
216
int
type
;
217
int
standby_keys
;
218
int
manual_rollover
;
219
int
rollover_scheme
;
220
}
KSM_KEY_POLICY
;
221
222
typedef
struct
{
223
int
keycreate
;
224
int
backup_interval
;
225
int
keygeninterval
;
226
}
KSM_ENFORCER_POLICY
;
227
228
typedef
struct
{
229
int
propdelay
;
230
int
soa_ttl
;
231
int
soa_min
;
232
int
serial
;
233
}
KSM_ZONE_POLICY
;
234
235
typedef
struct
{
236
int
propdelay
;
237
int
ds_ttl
;
238
int
soa_ttl
;
239
int
soa_min
;
240
}
KSM_PARENT_POLICY
;
241
242
typedef
struct
{
243
int
id
;
244
char
name[
KSM_NAME_LENGTH
];
245
char
*
description
;
246
KSM_SIGNER_POLICY
*
signer
;
247
KSM_SIGNATURE_POLICY
*
signature
;
248
KSM_DENIAL_POLICY
*
denial
;
249
KSM_COMMON_KEY_POLICY
*
keys
;
250
KSM_KEY_POLICY
*
ksk
;
251
KSM_KEY_POLICY
*
zsk
;
252
KSM_ENFORCER_POLICY
*
enforcer
;
253
KSM_ZONE_POLICY
*
zone
;
254
KSM_PARENT_POLICY
*
parent
;
255
int
shared_keys
;
256
}
KSM_POLICY
;
257
258
typedef
struct
{
259
char
name[
KSM_NAME_LENGTH
];
260
char
category[
KSM_NAME_LENGTH
];
261
int
value
;
262
}
KSM_POLICY_PARAMETER
;
263
264
int
KsmPolicyInit
(
DB_RESULT
* handle,
const
char
* name);
265
int
KsmPolicyExists
(
const
char
* name);
266
int
KsmPolicyParametersInit
(
DB_RESULT
* handle,
const
char
* name);
267
int
KsmPolicyRead
(
KSM_POLICY
* policy);
268
int
KsmPolicy
(
DB_RESULT
handle,
KSM_POLICY
* data);
269
int
KsmPolicyParameter
(
DB_RESULT
handle,
KSM_POLICY_PARAMETER
* data);
270
int
KsmPolicyReadFromId
(
KSM_POLICY
* policy);
271
int
KsmPolicyNameFromId
(
KSM_POLICY
* policy);
272
int
KsmPolicyUpdateSalt
(
KSM_POLICY
* policy);
273
int
KsmPolicyNullSaltStamp
(
int
policy_id);
274
int
KsmPolicyPopulateSMFromIds
(
KSM_POLICY
* policy);
275
int
KsmPolicySetIdFromName
(
KSM_POLICY
*policy);
276
int
KsmPolicyIdFromZoneId
(
int
zone_id,
int
* policy_id);
277
int
KsmPolicyUpdateDesc
(
int
policy_id,
const
char
* policy_description);
278
279
KSM_POLICY
*
KsmPolicyAlloc
();
280
void
KsmPolicyFree
(
KSM_POLICY
*policy);
281
282
/* ksmZone */
283
typedef
struct
{
284
int
id
;
285
int
policy_id
;
286
char
name[
KSM_ZONE_NAME_LENGTH
];
287
char
signconf[
KSM_PATH_LENGTH
];
288
char
input[
KSM_PATH_LENGTH
];
289
char
output[
KSM_PATH_LENGTH
];
290
char
policy_name[
KSM_NAME_LENGTH
];
291
char
in_type[
KSM_ADAPTER_NAME_LENGTH
];
292
char
out_type[
KSM_ADAPTER_NAME_LENGTH
];
293
}
KSM_ZONE
;
294
295
int
KsmZoneInit
(
DB_RESULT
* handle,
int
policy_id);
296
int
KsmZone
(
DB_RESULT
handle,
KSM_ZONE
*data);
297
int
KsmZoneCount
(
DB_RESULT
handle,
int
* count);
298
int
KsmZoneCountInit
(
DB_RESULT
* handle,
int
id
);
299
int
KsmZoneIdFromName
(
const
char
* zone_name,
int
* zone_id);
300
int
KsmZoneIdAndPolicyFromName
(
const
char
* zone_name,
int
* policy_id,
int
* zone_id);
301
int
KsmDeleteZone
(
int
zone_id);
302
int
KsmZoneNameFromId
(
int
zone_id,
char
** zone_name);
303
304
#define UNSIGNED 0
305
#define SIGNED 1
306
307
int
KsmDNSSECKeysInSMCountInit
(
DB_RESULT
* handle,
int
policy_id);
308
int
KsmDNSSECKeysInSMCount
(
DB_RESULT
handle,
int
* count);
309
int
KsmDNSSECKeysStateCountInit
(
DB_RESULT
* result,
int
policy_id,
KSM_KEY_POLICY
*key_policy,
int
state);
310
311
/* Purge */
312
313
void
KsmPurge
(
void
);
314
315
/*
316
* Constants in the database tables. These are used in the
317
* ksm_keyword module.
318
*
319
* THESE MUST BE KEPT IN STEP WITH THE DATABASE CREATION SCRIPT
320
*/
321
322
/*
323
* The following names and constants are in the SIG(0) Algorithm Numbers
324
* page at IANA - http://www.iana.org/assignments/sig-alg-numbers.
325
*/
326
327
#define KSM_ALGORITHM_RSAMD5 1
328
#define KSM_ALGORITHM_RSAMD5_STRING "rsamd5"
329
#define KSM_ALGORITHM_DH 2
330
#define KSM_ALGORITHM_DH_STRING "dh"
331
#define KSM_ALGORITHM_DSASHA1 3
332
#define KSM_ALGORITHM_DSASHA1_STRING "dsa"
333
#define KSM_ALGORITHM_RSASHA1 5
334
#define KSM_ALGORITHM_RSASHA1_STRING "rsasha1"
335
#define KSM_ALGORITHM_DSA_NSEC3_SHA1 6
336
#define KSM_ALGORITHM_DSA_NSEC3_SHA1_STRING "dsa-nsec3-sha1"
337
#define KSM_ALGORITHM_RSASHA1_NSEC3_SHA1 7
338
#define KSM_ALGORITHM_RSASHA1_NSEC3_SHA1_STRING "rsasha1-nsec3-sha1"
339
#define KSM_ALGORITHM_RSASHA256 8
340
#define KSM_ALGORITHM_RSASHA256_STRING "rsasha256"
341
#define KSM_ALGORITHM_RSASHA512 10
342
#define KSM_ALGORITHM_RSASHA512_STRING "rsasha512"
343
#define KSM_ALGORITHM_INDIRECT 252
344
#define KSM_ALGORITHM_INDIRECT_STRING "indirect"
345
#define KSM_ALGORITHM_PRIVDOM 253
346
#define KSM_ALGORITHM_PRIVDOM_STRING "domain"
347
#define KSM_ALGORITHM_PRIVOID 254
348
#define KSM_ALGORITHM_PRIVOID_STRING "oid"
349
350
#define KSM_FORMAT_FILE 1
351
#define KSM_FORMAT_FILE_STRING "file"
352
#define KSM_FORMAT_HSM 2
353
#define KSM_FORMAT_HSM_STRING "hsm"
354
#define KSM_FORMAT_URI 3
355
#define KSM_FORMAT_URI_STRING "uri"
356
357
#define KSM_TYPE_KSK 257
358
#define KSM_TYPE_KSK_STRING "ksk"
359
#define KSM_TYPE_ZSK 256
360
#define KSM_TYPE_ZSK_STRING "zsk"
361
362
#define KSM_STATE_GENERATE 1
363
#define KSM_STATE_GENERATE_STRING "generate"
364
#define KSM_STATE_PUBLISH 2
365
#define KSM_STATE_PUBLISH_STRING "publish"
366
#define KSM_STATE_READY 3
367
#define KSM_STATE_READY_STRING "ready"
368
#define KSM_STATE_ACTIVE 4
369
#define KSM_STATE_ACTIVE_STRING "active"
370
#define KSM_STATE_RETIRE 5
371
#define KSM_STATE_RETIRE_STRING "retire"
372
#define KSM_STATE_DEAD 6
373
#define KSM_STATE_DEAD_STRING "dead"
374
#define KSM_STATE_DSSUB 7
375
#define KSM_STATE_DSSUB_STRING "dssub"
376
#define KSM_STATE_DSPUBLISH 8
377
#define KSM_STATE_DSPUBLISH_STRING "dspublish"
378
#define KSM_STATE_DSREADY 9
379
#define KSM_STATE_DSREADY_STRING "dsready"
380
#define KSM_STATE_KEYPUBLISH 10
381
#define KSM_STATE_KEYPUBLISH_STRING "keypublish"
382
383
#define KSM_SERIAL_UNIX_STRING "unixtime"
384
#define KSM_SERIAL_UNIX 1
385
#define KSM_SERIAL_COUNTER_STRING "counter"
386
#define KSM_SERIAL_COUNTER 2
387
#define KSM_SERIAL_DATE_STRING "datecounter"
388
#define KSM_SERIAL_DATE 3
389
#define KSM_SERIAL_KEEP_STRING "keep"
390
#define KSM_SERIAL_KEEP 4
391
392
#define KSM_KEYS_NOT_SHARED 0
393
#define KSM_KEYS_SHARED 1
394
395
#define KSM_ROLL_DEFAULT 1
/* DoubleDNSKEY */
396
#define KSM_ROLL_DNSKEY_STRING "DoubleDNSKey"
397
#define KSM_ROLL_DNSKEY 1
398
#define KSM_ROLL_DS_STRING "DoubleDS"
399
#define KSM_ROLL_DS 2
400
#define KSM_ROLL_RRSET_STRING "DoubleRRSet"
401
#define KSM_ROLL_RRSET 3
402
403
/* Reserved parameters and default values (in seconds) */
404
/* TODO redefine this properly:
405
* have _CAT defines separate
406
* rename to match the new list
407
* add new items ? */
408
#define KSM_PAR_CLOCKSKEW 3600
/* 1 hour */
409
#define KSM_PAR_CLOCKSKEW_STRING "clockskew"
410
#define KSM_PAR_CLOCKSKEW_CAT "signature"
411
#define KSM_PAR_KSKLIFE 63072000
/* 2 years */
412
#define KSM_PAR_KSKLIFE_STRING "lifetime"
413
#define KSM_PAR_KSKLIFE_CAT "ksk"
414
#define KSM_PAR_PROPDELAY 3600
/* 1 hour */
415
#define KSM_PAR_PROPDELAY_STRING "propagationdelay"
416
#define KSM_PAR_PROPDELAY_CAT "zone"
417
#define KSM_PAR_STANDBYKSKS 1
418
#define KSM_PAR_STANDBYKSKS_STRING "standby"
419
#define KSM_PAR_STANDBYKSKS_CAT "ksk"
420
#define KSM_PAR_STANDBYZSKS 1
421
#define KSM_PAR_STANDBYZSKS_STRING "standby"
422
#define KSM_PAR_STANDBYZSKS_CAT "zsk"
423
#define KSM_PAR_SIGNINT 7200
/* 2 hours */
424
#define KSM_PAR_SIGNINT_STRING "resign"
425
#define KSM_PAR_SIGNINT_CAT "signature"
426
#define KSM_PAR_SOAMIN 7200
/* 2 hours */
427
#define KSM_PAR_SOAMIN_STRING "min"
428
#define KSM_PAR_SOAMIN_CAT "zone"
429
#define KSM_PAR_SOATTL 172800
/* 2 days */
430
#define KSM_PAR_SOATTL_STRING "ttl"
431
#define KSM_PAR_SOATTL_CAT "zone"
432
#define KSM_PAR_ZSKSIGLIFE 432000
/* 5 days */
433
#define KSM_PAR_ZSKSIGLIFE_STRING "valdefault"
434
#define KSM_PAR_ZSKSIGLIFE_CAT "signature"
435
#define KSM_PAR_ZSKLIFE 2592000
/* 30 days */
436
#define KSM_PAR_ZSKLIFE_STRING "lifetime"
437
#define KSM_PAR_ZSKLIFE_CAT "zsk"
438
#define KSM_PAR_ZSKTTL 172800
/* 2 days */
439
#define KSM_PAR_ZSKTTL_STRING "ttl"
440
#define KSM_PAR_ZSKTTL_CAT "keys"
441
#define KSM_PAR_KSKTTL 172800
/* 2 days */
442
#define KSM_PAR_KSKTTL_STRING "ttl"
443
#define KSM_PAR_KSKTTL_CAT "keys"
444
#define KSM_PAR_KSKPROPDELAY 3600
/* 1 hour */
445
#define KSM_PAR_KSKPROPDELAY_STRING "propagationdelay"
446
#define KSM_PAR_KSKPROPDELAY_CAT "parent"
447
#define KSM_PAR_REGDELAY 0
/* TODO sort this out */
448
#define KSM_PAR_REGDELAY_STRING "registrationdelay"
/* TODO sort this out */
449
#define KSM_PAR_REGDELAY_CAT "parent"
/* TODO sort this out */
450
#define KSM_PAR_PUBSAFETY 172800
/* 2 days */
451
#define KSM_PAR_PUBSAFETY_STRING "publishsafety"
452
#define KSM_PAR_PUBSAFETY_CAT "keys"
453
#define KSM_PAR_RETSAFETY 172800
/* 2 days */
454
#define KSM_PAR_RETSAFETY_STRING "retiresafety"
455
#define KSM_PAR_RETSAFETY_CAT "keys"
456
#define KSM_PAR_KSK_MAN_ROLL 0
/* false (i.e. automatic roll) */
457
#define KSM_PAR_KSK_MAN_ROLL_STRING "manual_rollover"
458
#define KSM_PAR_KSK_MAN_ROLL_CAT "ksk"
459
#define KSM_PAR_ZSK_MAN_ROLL 0
/* false (i.e. automatic roll) */
460
#define KSM_PAR_ZSK_MAN_ROLL_STRING "manual_rollover"
461
#define KSM_PAR_ZSK_MAN_ROLL_CAT "zsk"
462
#define KSM_PAR_DSTTL 3600
463
#define KSM_PAR_DSTTL_STRING "ttlds"
464
#define KSM_PAR_DSTTL_CAT "parent"
465
#define KSM_PAR_KSK_ROLL 0
466
#define KSM_PAR_KSK_ROLL_STRING "rollover_scheme"
467
#define KSM_PAR_KSK_ROLL_CAT "ksk"
468
469
typedef
struct
{
/* Holds collection of parameters */
470
int
clockskew
;
/* Clock skew */
471
int
ksklife
;
/* Lifetime of a KSK */
472
int
standbyksks
;
/* Number of Standby Key Signing keys */
473
int
standbyzsks
;
/* Number of Standby Zone signing keys */
474
int
propdelay
;
/* Propagation delay */
475
int
signint
;
/* Signing interval - how long signing the zone takes */
476
int
soamin
;
/* "Minimum" value from SOA record */
477
int
soattl
;
/* TTL of the SOA record */
478
int
zsksiglife
;
/* Length of signatures signed by this ZSK */
479
int
zsklife
;
/* How long key is used for */
480
int
zskttl
;
/* TTL of ZSK DNSKEY record */
481
int
kskttl
;
/* TTL of KSK DNSKEY record */
482
int
kskpropdelay
;
/* KSK Propagation delay */
483
int
regdelay
;
/* KSK Registration delay */
484
int
pub_safety
;
/* Publish safety margin */
485
int
ret_safety
;
/* Retire safety margin */
486
int
kskmanroll
;
/* Do we only roll the KSK manually? */
487
int
zskmanroll
;
/* Do we only roll the ZSK manually? */
488
int
dsttl
;
/* TTL of the DS record */
489
int
kskroll
;
/* Rollover Scheme for the KSK */
490
}
KSM_PARCOLL
;
491
492
int
KsmCollectionInit
(
KSM_PARCOLL
* data);
493
int
KsmParameterClockskew
(
KSM_PARCOLL
* collection);
494
int
KsmParameterKskLifetime
(
KSM_PARCOLL
* collection);
495
int
KsmParameterStandbyKSKeys
(
KSM_PARCOLL
* collection);
496
int
KsmParameterStandbyZSKeys
(
KSM_PARCOLL
* collection);
497
int
KsmParameterPropagationDelay
(
KSM_PARCOLL
* collection);
498
int
KsmParameterSigningInterval
(
KSM_PARCOLL
* collection);
499
int
KsmParameterSoaMin
(
KSM_PARCOLL
* collection);
500
int
KsmParameterSoaTtl
(
KSM_PARCOLL
* collection);
501
int
KsmParameterZskLifetime
(
KSM_PARCOLL
* collection);
502
int
KsmParameterZskTtl
(
KSM_PARCOLL
* collection);
503
int
KsmParameterKskTtl
(
KSM_PARCOLL
* collection);
504
int
KsmParameterKskPropagationDelay
(
KSM_PARCOLL
* collection);
505
int
KsmParameterRegistrationDelay
(
KSM_PARCOLL
* collection);
506
int
KsmParameterPubSafety
(
KSM_PARCOLL
* collection);
507
int
KsmParameterRetSafety
(
KSM_PARCOLL
* collection);
508
int
KsmParameterInitialPublicationInterval
(
KSM_PARCOLL
* collection);
509
int
KsmParameterCollection
(
KSM_PARCOLL
* data,
int
policy_id);
510
void
KsmParameterCollectionCache
(
int
enable);
511
512
/* ksm_keyword */
513
514
int
KsmKeywordAlgorithmNameToValue
(
const
char
* name);
515
int
KsmKeywordFormatNameToValue
(
const
char
* name);
516
int
KsmKeywordParameterNameToValue
(
const
char
* name);
517
int
KsmKeywordStateNameToValue
(
const
char
* name);
518
int
KsmKeywordTypeNameToValue
(
const
char
* name);
519
int
KsmKeywordRollNameToValue
(
const
char
* name);
520
521
const
char
*
KsmKeywordAlgorithmValueToName
(
int
value);
522
const
char
*
KsmKeywordFormatValueToName
(
int
value);
523
const
char
*
KsmKeywordStateValueToName
(
int
value);
524
const
char
*
KsmKeywordTypeValueToName
(
int
value);
525
const
char
*
KsmKeywordSerialValueToName
(
int
value);
526
const
char
*
KsmKeywordRollValueToName
(
int
value);
527
528
int
KsmKeywordParameterExists
(
const
char
* name);
529
530
/* ksm_update */
531
532
int
KsmUpdate
(
int
policy_id,
int
zone_id);
533
void
KsmUpdateKey
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
534
void
KsmUpdateGenerateKeyTime
(
KSM_KEYDATA
* data);
535
void
KsmUpdatePublishKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
536
void
KsmUpdateReadyKeyTime
(
KSM_KEYDATA
* data);
537
void
KsmUpdateActiveKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
538
void
KsmUpdateRetireKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
539
void
KsmUpdateDeadKeyTime
(
KSM_KEYDATA
* data);
540
void
KsmUpdateDSPublishKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
541
void
KsmUpdateKEYPublishKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
542
int
KsmUpdateKeyTime
(
const
KSM_KEYDATA
* data,
const
char
* source,
543
const
char
* destination,
int
interval,
int
zone_id);
544
545
/* ksm_request */
546
547
typedef
int (*
KSM_REQUEST_CALLBACK
)(
void
* context,
KSM_KEYDATA
* key);
548
549
int
KsmRequestKeys
(
int
keytype,
int
rollover,
const
char
* datetime,
550
KSM_REQUEST_CALLBACK
callback,
void
* context,
int
policy_id,
int
zone_id,
551
int
run_interval,
int
* NewDS);
552
int
KsmRequestKeysByType
(
int
keytype,
int
rollover,
const
char
* datetime,
553
KSM_REQUEST_CALLBACK
callback,
void
* context,
int
policy_id,
int
zone_id,
554
int
run_interval,
int
* NewDS);
555
int
KsmRequestSetActiveExpectedRetire
(
int
keytype,
const
char
* datetime,
int
zone_id);
556
int
KsmRequestChangeStateActiveRetire
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id);
557
int
KsmRequestChangeStateRetireDead
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id,
int
rollover_scheme,
int
* NewDS);
558
int
KsmRequestChangeStatePublishReady
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id,
int
* NewDS);
559
int
KsmRequestChangeStateDSPublishDSReady
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id);
560
int
KsmRequestChangeState
(
int
keytype,
const
char
* datetime,
int
src_state,
561
int
dst_state,
int
zone_id,
int
policy_id,
int
rollover_scheme,
int
* NewDS);
562
int
KsmRequestChangeStateGeneratePublish
(
int
keytype,
const
char
* datetime,
563
int
count,
int
zone_id);
564
int
KsmRequestChangeStateGenerateDSSub
(
int
keytype,
const
char
* datetime,
565
int
count,
int
zone_id);
566
int
KsmRequestChangeStateDSReadyKeyPublish
(
const
char
* datetime,
int
zone_id,
int
policy_id);
567
int
KsmRequestChangeStateKeyPublishActive
(
const
char
* datetime,
int
zone_id,
int
policy_id,
int
* NewDS);
568
int
KsmRequestChangeStateReadyActive
(
int
keytype,
const
char
* datetime,
569
int
count,
int
zone_id);
570
int
KsmRequestChangeStateN
(
int
keytype,
const
char
* datetime,
571
int
count,
int
src_state,
int
dst_state,
int
zone_id);
572
int
KsmRequestChangeStateGenerateDSSubConditional
(
int
keytype,
573
const
char
* datetime,
KSM_PARCOLL
* collection,
int
zone_id,
int
* NewDS);
574
int
KsmRequestChangeStateGeneratePublishConditional
(
int
keytype,
575
const
char
* datetime,
KSM_PARCOLL
* collection,
int
zone_id,
576
int
run_interval);
577
int
KsmRequestPendingRetireCount
(
int
keytype,
const
char
* datetime,
578
KSM_PARCOLL
* parameters,
int
* count,
int
zone_id,
int
interval);
579
int
KsmRequestAvailableCount
(
int
keytype,
const
char
* datetime,
580
KSM_PARCOLL
* parameters,
int
* count,
int
zone_id);
581
int
KsmRequestGenerateCount
(
int
keytype,
int
* count,
int
zone_id);
582
int
KsmRequestStandbyKSKCount
(
int
* count,
int
zone_id);
583
int
KsmRequestCheckActiveKey
(
int
keytype,
const
char
* datetime,
int
* count,
int
zone_id);
584
int
KsmRequestCountReadyKey
(
int
keytype,
const
char
* datetime,
int
* count,
int
zone_id);
585
int
KsmRequestCheckFirstPass
(
int
keytype,
int
* first_pass_flag,
int
zone_id);
586
int
KsmRequestCheckCompromisedFlag
(
int
keytype,
int
zone_id,
int
* comp_flag);
587
int
KsmRequestIssueKeys
(
int
keytype,
KSM_REQUEST_CALLBACK
callback,
588
void
* context,
int
zone_id);
589
590
int
KsmRequestPrintKey
(
void
* context,
KSM_KEYDATA
* data);
591
592
int
KsmRequestDNSSECKeys
(
const
char
* datetime,
KSM_POLICY
* policy);
593
int
KsmRequestDNSSECKeysChangeStateRetireDead
(
KSM_KEY_POLICY
*policy,
const
char
* datetime,
int
verify);
594
int
KsmRequestDNSSECKeysChangeState
(
KSM_KEY_POLICY
*policy,
const
char
* datetime,
int
src_state,
int
dst_state,
int
verify);
595
int
KsmRequestDNSSECKeysChangeStatePublishReady
(
KSM_KEY_POLICY
*policy,
const
char
* datetime,
int
verify);
596
int
KsmRequestDNSSECKeysChangeStateGeneratePublishConditional
(
KSM_POLICY
*policy,
KSM_KEY_POLICY
*key_policy,
const
char
* datetime,
int
verify);
597
int
KsmRequestDNSSECKeysSetActiveExpectedRetire
(
int
keytype,
const
char
* datetime,
int
verify);
598
int
KsmRequestDNSSECKeysPendingRetireCount
(
KSM_KEY_POLICY
,
const
char
* datetime,
int
* count);
599
600
int
KsmPolicyClockskew
(
KSM_SIGNATURE_POLICY
*policy);
601
int
KsmPolicyKeyLifetime
(
KSM_KEY_POLICY
*policy);
602
int
KsmPolicyStandbyKeys
(
KSM_KEY_POLICY
*policy);
603
int
KsmPolicyPropagationDelay
(
KSM_SIGNER_POLICY
*policy);
604
int
KsmPolicySigningInterval
(
KSM_PARCOLL
* collection);
605
int
KsmPolicySoaMin
(
KSM_SIGNER_POLICY
*policy);
606
int
KsmPolicySoaTtl
(
KSM_SIGNER_POLICY
*policy);
607
int
KsmPolicyZskTtl
(
KSM_PARCOLL
* collection);
608
int
KsmPolicyInitialPublicationInterval
(
KSM_POLICY
*policy);
609
610
/* KsmImport */
611
int
KsmImportRepository
(
const
char
* repo_name,
const
char
* repo_capacity,
int
require_backup);
612
int
KsmImportPolicy
(
const
char
* policy_name,
const
char
* policy_description);
613
int
KsmImportZone
(
const
char
* zone_name,
int
policy_id,
int
fail_if_exists,
int
*new_zone,
const
char
* signconf,
const
char
* input,
const
char
* output,
const
char
* input_type,
const
char
* output_type);
614
int
KsmImportKeyPair
(
int
policy_id,
const
char
* HSMKeyID,
int
smID,
int
size,
int
alg,
int
state,
const
char
* time,
int
fixDate,
DB_ID
*
id
);
615
int
KsmSmIdFromName
(
const
char
* name,
int
*
id
);
616
int
KsmSerialIdFromName
(
const
char
* name,
int
*
id
);
617
int
KsmPolicyIdFromName
(
const
char
* name,
int
*
id
);
618
int
KsmMarkPreBackup
(
int
repo_id,
const
char
* datetime);
619
int
KsmRollbackMarkPreBackup
(
int
repo_id);
620
int
KsmMarkBackup
(
int
repo_id,
const
char
* datetime);
621
int
KsmCheckHSMkeyID
(
int
repo_id,
const
char
* cka_id,
int
*exists);
622
623
/* KsmList */
624
int
KsmListBackups
(
int
repo_id,
int
verbose_flag);
625
int
KsmListRepos
();
626
int
KsmListPolicies
();
627
int
KsmListRollovers
(
int
zone_id,
int
* ds_count);
628
int
KsmCheckNextRollover
(
int
keytype,
int
zone_id,
char
** datetime);
629
630
#ifdef __cplusplus
631
};
632
#endif
633
634
#endif
/* KSM_KSM_H */
Generated on Wed Jul 17 2013 07:14:20 for OpenDNSSEC-enforcer by
1.8.4