OpenDNSSEC-enforcer
1.3.9
Main Page
Data Structures
Files
File List
Globals
enforcer
ksm
include
ksm
ksm.h
Go to the documentation of this file.
1
/*
2
* $Id: ksm.h 6379 2012-06-05 08:52:37Z jerry $
3
*
4
* Copyright (c) 2008-2009 Nominet UK. All rights reserved.
5
*
6
* Redistribution and use in source and binary forms, with or without
7
* modification, are permitted provided that the following conditions
8
* are met:
9
* 1. Redistributions of source code must retain the above copyright
10
* notice, this list of conditions and the following disclaimer.
11
* 2. Redistributions in binary form must reproduce the above copyright
12
* notice, this list of conditions and the following disclaimer in the
13
* documentation and/or other materials provided with the distribution.
14
*
15
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26
*
27
*/
28
29
#ifndef KSM_KSM_H
30
#define KSM_KSM_H
31
32
#ifdef __cplusplus
33
extern
"C"
{
34
#endif
35
36
/*+
37
* ksm.h - KSM Definitions
38
*
39
* Description:
40
* Holds definitions and prototypes for the KSM library.
41
-*/
42
43
#include <time.h>
44
#include <
ksm/database.h
>
45
#include <
ksm/database_statement.h
>
46
47
48
/* General */
49
50
typedef
int
KSM_ID
;
/* Identifies a KSM entity */
51
52
#define KSM_NULL_ID ((KSM_ID) -1)
/* General invalid ID */
53
54
/* ksm_common */
55
56
int
KsmInit
(
void
);
57
int
KsmRundown
(
void
);
58
59
#define KSM_NAME_LENGTH 256
/* Includes trailing NULL */
60
#define KSM_PATH_LENGTH 4096
/* Includes trailing NULL */
61
#define KSM_POLICY_DESC_LENGTH 256
/* Includes trailing NULL */
62
#define KSM_POLICY_AUDIT_LENGTH 4096
/* Includes trailing NULL */
63
#define KSM_TIME_LENGTH 32
/* Includes trailing NULL */
64
65
#define KSM_SQL_SIZE 1024
/* Max size of SQL statement */
66
#define KSM_INT_STR_SIZE 32
/* Max size of int as string */
67
#define KSM_SALT_LENGTH 512
/* Includes trailing NULL */
68
#define KSM_ZONE_NAME_LENGTH 256
/* Includes trailing NULL */
69
#define KSM_ADAPTER_NAME_LENGTH 256
/* Includes trailing NULL */
70
/* ksm_key */
71
72
/* Key time flag states */
73
74
#define KEYDATA_M_ID 0x0001
75
#define KEYDATA_M_STATE 0x0002
76
#define KEYDATA_M_KEYTYPE 0x0004
77
#define KEYDATA_M_ALGORITHM 0x0008
78
#define KEYDATA_M_SIGLIFETIME 0x0010
79
#define KEYDATA_M_ACTIVE 0x0020
80
#define KEYDATA_M_DEAD 0x0040
81
#define KEYDATA_M_GENERATE 0x0080
82
#define KEYDATA_M_PUBLISH 0x0100
83
#define KEYDATA_M_READY 0x0200
84
#define KEYDATA_M_RETIRE 0x0400
85
#define KEYDATA_M_LOCATION 0x0800
86
#define KEYDATA_M_SIZE 0x1000
87
#define KEYDATA_M_SMID 0x2000
88
89
#define KEYDATA_M_TIMES (KEYDATA_M_ACTIVE | KEYDATA_M_DEAD | \
90
KEYDATA_M_GENERATE | KEYDATA_M_PUBLISH | KEYDATA_M_READY | KEYDATA_M_RETIRE)
91
92
/*
93
* Structure for key information. Note that on the date fields, the
94
* "struct tm" fields are used to insert data into the database, and the
95
* "char*" fields used to retrieve data. In the latter case, a NULL field
96
* will be represented by an empty string.
97
*/
98
99
typedef
struct
{
100
DB_ID
keypair_id
;
101
int
state
;
102
int
keytype
;
103
int
algorithm
;
104
int
siglifetime
;
105
char
active[
KSM_TIME_LENGTH
];
106
char
dead[
KSM_TIME_LENGTH
];
107
char
generate[
KSM_TIME_LENGTH
];
108
char
publish[
KSM_TIME_LENGTH
];
109
char
ready[
KSM_TIME_LENGTH
];
110
char
retire[
KSM_TIME_LENGTH
];
111
char
location[
KSM_NAME_LENGTH
];
112
int
securitymodule_id
;
113
int
size
;
114
int
policy_id
;
115
char
HSMKey_id[
KSM_NAME_LENGTH
];
/* TODO is this long enough ? */
116
DB_ID
dnsseckey_id
;
117
int
zone_id
;
118
int
fixedDate
;
119
120
/*
121
* The remaining fields are used for data manipulation and are not part of
122
* the KEYDATA table.
123
*/
124
125
int
flags
;
/* States which fields are valid */
126
int
roll_scheme
;
/* Which rollover scheme the key is under */
127
}
KSM_KEYDATA
;
128
129
int
KsmKeyPairCreate
(
int
policy_id,
const
char
* HSMKeyID,
int
smID,
int
size,
int
alg,
const
char
* generate,
DB_ID
*
id
);
130
int
KsmDnssecKeyCreate
(
int
zone_id,
int
keypair_id,
int
keytype,
int
state,
const
char
* time,
const
char
* retTime,
DB_ID
*
id
);
131
/*int KsmDnssecKeyCreateOnPolicy(int policy_id, int keypair_id, int keytype);*/
132
int
KsmKeyInitSql
(
DB_RESULT
* result,
const
char
* sql);
133
int
KsmKeyInit
(
DB_RESULT
* result,
DQS_QUERY_CONDITION
* condition);
134
int
KsmKeyInitId
(
DB_RESULT
* result,
DB_ID
id
);
135
int
KsmKey
(
DB_RESULT
result,
KSM_KEYDATA
* data);
136
void
KsmKeyEnd
(
DB_RESULT
result);
137
int
KsmKeyQuery
(
const
char
* sql,
DB_RESULT
* result);
138
int
KsmKeyData
(
DB_ID
id
,
KSM_KEYDATA
* data);
139
int
KsmKeyPredict
(
int
policy_id,
int
keytype,
int
shared_keys,
int
interval,
int
*count,
int
rollover_scheme,
int
zone_count);
140
int
KsmKeyCountQueue
(
int
keytype,
int
* count,
int
zone_id);
141
int
KsmKeyCountStillGood
(
int
policy_id,
int
sm,
int
bits,
int
algorithm,
int
interval,
const
char
* datetime,
int
*count,
int
keytype);
142
int
KsmKeyGetUnallocated
(
int
policy_id,
int
sm,
int
bits,
int
algorithm,
int
zone_id,
int
share_keys,
int
*keypair_id);
143
int
KsmMarkKeysAsDead
(
int
zone_id);
144
int
KsmKillKey
(
int
keypair_id,
int
zone_id);
145
146
/* delete */
147
148
int
KsmDeleteKeyRange
(
int
minid,
int
maxid);
149
int
KsmDeleteKeyRanges
(
int
limit[],
int
size);
150
151
/* KsmParameter */
152
153
typedef
struct
{
154
char
name[
KSM_NAME_LENGTH
];
155
char
category[
KSM_NAME_LENGTH
];
156
int
value
;
157
int
parameter_id
;
158
}
KSM_PARAMETER
;
159
160
int
KsmParameterInit
(
DB_RESULT
* result,
const
char
* name,
const
char
* category,
int
policy_id);
161
int
KsmParameterExist
(
DB_RESULT
* result,
const
char
* name,
const
char
* category,
int
* parameter_id);
162
int
KsmParameter
(
DB_RESULT
result,
KSM_PARAMETER
* data);
163
void
KsmParameterEnd
(
DB_RESULT
result);
164
int
KsmParameterValue
(
const
char
* name,
const
char
* category,
int
* value,
int
policy_id,
int
* parameter_id);
165
int
KsmParameterSet
(
const
char
* name,
const
char
* category,
int
value,
int
policy_id);
166
int
KsmParameterShow
(
const
char
* name,
const
char
* category,
int
policy_id);
167
168
/* ksmPolicy */
169
typedef
struct
{
170
int
refresh
;
171
int
jitter
;
172
int
propdelay
;
173
int
soamin
;
174
int
soattl
;
175
int
serial
;
176
}
KSM_SIGNER_POLICY
;
177
178
typedef
struct
{
179
int
clockskew
;
180
int
resign
;
181
int
valdefault
;
182
int
valdenial
;
183
}
KSM_SIGNATURE_POLICY
;
184
185
typedef
struct
{
186
int
version
;
187
int
resalt
;
188
int
algorithm
;
189
int
iteration
;
190
int
optout
;
191
int
ttl
;
192
int
saltlength
;
193
char
salt[
KSM_SALT_LENGTH
];
194
char
salt_stamp[
KSM_TIME_LENGTH
];
195
}
KSM_DENIAL_POLICY
;
196
197
typedef
struct
{
198
int
ttl
;
199
int
retire_safety
;
200
int
publish_safety
;
201
int
share_keys
;
202
int
purge
;
203
}
KSM_COMMON_KEY_POLICY
;
204
205
typedef
struct
{
206
int
algorithm
;
207
int
bits
;
208
int
lifetime
;
209
int
sm
;
210
char
sm_name[
KSM_NAME_LENGTH
];
211
unsigned
long
sm_capacity
;
212
int
require_backup
;
213
int
overlap
;
214
int
ttl
;
215
int
rfc5011
;
216
int
type
;
217
int
standby_keys
;
218
int
manual_rollover
;
219
int
rollover_scheme
;
220
}
KSM_KEY_POLICY
;
221
222
typedef
struct
{
223
int
keycreate
;
224
int
backup_interval
;
225
int
keygeninterval
;
226
}
KSM_ENFORCER_POLICY
;
227
228
typedef
struct
{
229
int
propdelay
;
230
int
soa_ttl
;
231
int
soa_min
;
232
int
serial
;
233
}
KSM_ZONE_POLICY
;
234
235
typedef
struct
{
236
int
propdelay
;
237
int
ds_ttl
;
238
int
soa_ttl
;
239
int
soa_min
;
240
}
KSM_PARENT_POLICY
;
241
242
typedef
struct
{
243
int
audit
;
244
}
KSM_AUDIT_POLICY
;
245
246
typedef
struct
{
247
int
id
;
248
char
name[
KSM_NAME_LENGTH
];
249
char
*
description
;
250
KSM_SIGNER_POLICY
*
signer
;
251
KSM_SIGNATURE_POLICY
*
signature
;
252
KSM_DENIAL_POLICY
*
denial
;
253
KSM_COMMON_KEY_POLICY
*
keys
;
254
KSM_KEY_POLICY
*
ksk
;
255
KSM_KEY_POLICY
*
zsk
;
256
KSM_ENFORCER_POLICY
*
enforcer
;
257
KSM_ZONE_POLICY
*
zone
;
258
KSM_PARENT_POLICY
*
parent
;
259
/*KSM_AUDIT_POLICY* audit;*/
260
char
*
audit
;
261
int
shared_keys
;
262
}
KSM_POLICY
;
263
264
typedef
struct
{
265
char
name[
KSM_NAME_LENGTH
];
266
char
category[
KSM_NAME_LENGTH
];
267
int
value
;
268
}
KSM_POLICY_PARAMETER
;
269
270
int
KsmPolicyInit
(
DB_RESULT
* handle,
const
char
* name);
271
int
KsmPolicyExists
(
const
char
* name);
272
int
KsmPolicyParametersInit
(
DB_RESULT
* handle,
const
char
* name);
273
int
KsmPolicyRead
(
KSM_POLICY
* policy);
274
int
KsmPolicy
(
DB_RESULT
handle,
KSM_POLICY
* data);
275
int
KsmPolicyParameter
(
DB_RESULT
handle,
KSM_POLICY_PARAMETER
* data);
276
int
KsmPolicyReadFromId
(
KSM_POLICY
* policy);
277
int
KsmPolicyNameFromId
(
KSM_POLICY
* policy);
278
int
KsmPolicyUpdateSalt
(
KSM_POLICY
* policy);
279
int
KsmPolicyNullSaltStamp
(
int
policy_id);
280
int
KsmPolicyPopulateSMFromIds
(
KSM_POLICY
* policy);
281
int
KsmPolicySetIdFromName
(
KSM_POLICY
*policy);
282
int
KsmPolicyIdFromZoneId
(
int
zone_id,
int
* policy_id);
283
284
KSM_POLICY
*
KsmPolicyAlloc
();
285
void
KsmPolicyFree
(
KSM_POLICY
*policy);
286
287
/* ksmZone */
288
typedef
struct
{
289
int
id
;
290
int
policy_id
;
291
char
name[
KSM_ZONE_NAME_LENGTH
];
292
char
signconf[
KSM_PATH_LENGTH
];
293
char
input[
KSM_PATH_LENGTH
];
294
char
output[
KSM_PATH_LENGTH
];
295
char
policy_name[
KSM_NAME_LENGTH
];
296
}
KSM_ZONE
;
297
298
int
KsmZoneInit
(
DB_RESULT
* handle,
int
policy_id);
299
int
KsmZone
(
DB_RESULT
handle,
KSM_ZONE
*data);
300
int
KsmZoneCount
(
DB_RESULT
handle,
int
* count);
301
int
KsmZoneCountInit
(
DB_RESULT
* handle,
int
id
);
302
int
KsmZoneIdFromName
(
const
char
* zone_name,
int
* zone_id);
303
int
KsmZoneIdAndPolicyFromName
(
const
char
* zone_name,
int
* policy_id,
int
* zone_id);
304
int
KsmDeleteZone
(
int
zone_id);
305
int
KsmZoneNameFromId
(
int
zone_id,
char
** zone_name);
306
307
#define UNSIGNED 0
308
#define SIGNED 1
309
310
int
KsmDNSSECKeysInSMCountInit
(
DB_RESULT
* handle,
int
policy_id);
311
int
KsmDNSSECKeysInSMCount
(
DB_RESULT
handle,
int
* count);
312
int
KsmDNSSECKeysStateCountInit
(
DB_RESULT
* result,
int
policy_id,
KSM_KEY_POLICY
*key_policy,
int
state);
313
314
/* Purge */
315
316
void
KsmPurge
(
void
);
317
318
/*
319
* Constants in the database tables. These are used in the
320
* ksm_keyword module.
321
*
322
* THESE MUST BE KEPT IN STEP WITH THE DATABASE CREATION SCRIPT
323
*/
324
325
/*
326
* The following names and constants are in the SIG(0) Algorithm Numbers
327
* page at IANA - http://www.iana.org/assignments/sig-alg-numbers.
328
*/
329
330
#define KSM_ALGORITHM_RSAMD5 1
331
#define KSM_ALGORITHM_RSAMD5_STRING "rsamd5"
332
#define KSM_ALGORITHM_DH 2
333
#define KSM_ALGORITHM_DH_STRING "dh"
334
#define KSM_ALGORITHM_DSASHA1 3
335
#define KSM_ALGORITHM_DSASHA1_STRING "dsa"
336
#define KSM_ALGORITHM_RSASHA1 5
337
#define KSM_ALGORITHM_RSASHA1_STRING "rsasha1"
338
#define KSM_ALGORITHM_DSA_NSEC3_SHA1 6
339
#define KSM_ALGORITHM_DSA_NSEC3_SHA1_STRING "dsa-nsec3-sha1"
340
#define KSM_ALGORITHM_RSASHA1_NSEC3_SHA1 7
341
#define KSM_ALGORITHM_RSASHA1_NSEC3_SHA1_STRING "rsasha1-nsec3-sha1"
342
#define KSM_ALGORITHM_RSASHA256 8
343
#define KSM_ALGORITHM_RSASHA256_STRING "rsasha256"
344
#define KSM_ALGORITHM_RSASHA512 10
345
#define KSM_ALGORITHM_RSASHA512_STRING "rsasha512"
346
#define KSM_ALGORITHM_INDIRECT 252
347
#define KSM_ALGORITHM_INDIRECT_STRING "indirect"
348
#define KSM_ALGORITHM_PRIVDOM 253
349
#define KSM_ALGORITHM_PRIVDOM_STRING "domain"
350
#define KSM_ALGORITHM_PRIVOID 254
351
#define KSM_ALGORITHM_PRIVOID_STRING "oid"
352
353
#define KSM_FORMAT_FILE 1
354
#define KSM_FORMAT_FILE_STRING "file"
355
#define KSM_FORMAT_HSM 2
356
#define KSM_FORMAT_HSM_STRING "hsm"
357
#define KSM_FORMAT_URI 3
358
#define KSM_FORMAT_URI_STRING "uri"
359
360
#define KSM_TYPE_KSK 257
361
#define KSM_TYPE_KSK_STRING "ksk"
362
#define KSM_TYPE_ZSK 256
363
#define KSM_TYPE_ZSK_STRING "zsk"
364
365
#define KSM_STATE_GENERATE 1
366
#define KSM_STATE_GENERATE_STRING "generate"
367
#define KSM_STATE_PUBLISH 2
368
#define KSM_STATE_PUBLISH_STRING "publish"
369
#define KSM_STATE_READY 3
370
#define KSM_STATE_READY_STRING "ready"
371
#define KSM_STATE_ACTIVE 4
372
#define KSM_STATE_ACTIVE_STRING "active"
373
#define KSM_STATE_RETIRE 5
374
#define KSM_STATE_RETIRE_STRING "retire"
375
#define KSM_STATE_DEAD 6
376
#define KSM_STATE_DEAD_STRING "dead"
377
#define KSM_STATE_DSSUB 7
378
#define KSM_STATE_DSSUB_STRING "dssub"
379
#define KSM_STATE_DSPUBLISH 8
380
#define KSM_STATE_DSPUBLISH_STRING "dspublish"
381
#define KSM_STATE_DSREADY 9
382
#define KSM_STATE_DSREADY_STRING "dsready"
383
#define KSM_STATE_KEYPUBLISH 10
384
#define KSM_STATE_KEYPUBLISH_STRING "keypublish"
385
386
#define KSM_SERIAL_UNIX_STRING "unixtime"
387
#define KSM_SERIAL_UNIX 1
388
#define KSM_SERIAL_COUNTER_STRING "counter"
389
#define KSM_SERIAL_COUNTER 2
390
#define KSM_SERIAL_DATE_STRING "datecounter"
391
#define KSM_SERIAL_DATE 3
392
#define KSM_SERIAL_KEEP_STRING "keep"
393
#define KSM_SERIAL_KEEP 4
394
395
#define KSM_KEYS_NOT_SHARED 0
396
#define KSM_KEYS_SHARED 1
397
398
#define KSM_ROLL_DEFAULT 1
/* DoubleDNSKEY */
399
#define KSM_ROLL_DNSKEY_STRING "DoubleDNSKey"
400
#define KSM_ROLL_DNSKEY 1
401
#define KSM_ROLL_DS_STRING "DoubleDS"
402
#define KSM_ROLL_DS 2
403
#define KSM_ROLL_RRSET_STRING "DoubleRRSet"
404
#define KSM_ROLL_RRSET 3
405
406
/* Reserved parameters and default values (in seconds) */
407
/* TODO redefine this properly:
408
* have _CAT defines separate
409
* rename to match the new list
410
* add new items ? */
411
#define KSM_PAR_CLOCKSKEW 3600
/* 1 hour */
412
#define KSM_PAR_CLOCKSKEW_STRING "clockskew"
413
#define KSM_PAR_CLOCKSKEW_CAT "signature"
414
#define KSM_PAR_KSKLIFE 63072000
/* 2 years */
415
#define KSM_PAR_KSKLIFE_STRING "lifetime"
416
#define KSM_PAR_KSKLIFE_CAT "ksk"
417
#define KSM_PAR_PROPDELAY 3600
/* 1 hour */
418
#define KSM_PAR_PROPDELAY_STRING "propagationdelay"
419
#define KSM_PAR_PROPDELAY_CAT "zone"
420
#define KSM_PAR_STANDBYKSKS 1
421
#define KSM_PAR_STANDBYKSKS_STRING "standby"
422
#define KSM_PAR_STANDBYKSKS_CAT "ksk"
423
#define KSM_PAR_STANDBYZSKS 1
424
#define KSM_PAR_STANDBYZSKS_STRING "standby"
425
#define KSM_PAR_STANDBYZSKS_CAT "zsk"
426
#define KSM_PAR_SIGNINT 7200
/* 2 hours */
427
#define KSM_PAR_SIGNINT_STRING "resign"
428
#define KSM_PAR_SIGNINT_CAT "signature"
429
#define KSM_PAR_SOAMIN 7200
/* 2 hours */
430
#define KSM_PAR_SOAMIN_STRING "min"
431
#define KSM_PAR_SOAMIN_CAT "zone"
432
#define KSM_PAR_SOATTL 172800
/* 2 days */
433
#define KSM_PAR_SOATTL_STRING "ttl"
434
#define KSM_PAR_SOATTL_CAT "zone"
435
#define KSM_PAR_ZSKSIGLIFE 432000
/* 5 days */
436
#define KSM_PAR_ZSKSIGLIFE_STRING "valdefault"
437
#define KSM_PAR_ZSKSIGLIFE_CAT "signature"
438
#define KSM_PAR_ZSKLIFE 2592000
/* 30 days */
439
#define KSM_PAR_ZSKLIFE_STRING "lifetime"
440
#define KSM_PAR_ZSKLIFE_CAT "zsk"
441
#define KSM_PAR_ZSKTTL 172800
/* 2 days */
442
#define KSM_PAR_ZSKTTL_STRING "ttl"
443
#define KSM_PAR_ZSKTTL_CAT "keys"
444
#define KSM_PAR_KSKTTL 172800
/* 2 days */
445
#define KSM_PAR_KSKTTL_STRING "ttl"
446
#define KSM_PAR_KSKTTL_CAT "keys"
447
#define KSM_PAR_KSKPROPDELAY 3600
/* 1 hour */
448
#define KSM_PAR_KSKPROPDELAY_STRING "propagationdelay"
449
#define KSM_PAR_KSKPROPDELAY_CAT "parent"
450
#define KSM_PAR_REGDELAY 0
/* TODO sort this out */
451
#define KSM_PAR_REGDELAY_STRING "registrationdelay"
/* TODO sort this out */
452
#define KSM_PAR_REGDELAY_CAT "parent"
/* TODO sort this out */
453
#define KSM_PAR_PUBSAFETY 172800
/* 2 days */
454
#define KSM_PAR_PUBSAFETY_STRING "publishsafety"
455
#define KSM_PAR_PUBSAFETY_CAT "keys"
456
#define KSM_PAR_RETSAFETY 172800
/* 2 days */
457
#define KSM_PAR_RETSAFETY_STRING "retiresafety"
458
#define KSM_PAR_RETSAFETY_CAT "keys"
459
#define KSM_PAR_KSK_MAN_ROLL 0
/* false (i.e. automatic roll) */
460
#define KSM_PAR_KSK_MAN_ROLL_STRING "manual_rollover"
461
#define KSM_PAR_KSK_MAN_ROLL_CAT "ksk"
462
#define KSM_PAR_ZSK_MAN_ROLL 0
/* false (i.e. automatic roll) */
463
#define KSM_PAR_ZSK_MAN_ROLL_STRING "manual_rollover"
464
#define KSM_PAR_ZSK_MAN_ROLL_CAT "zsk"
465
#define KSM_PAR_DSTTL 3600
466
#define KSM_PAR_DSTTL_STRING "ttlds"
467
#define KSM_PAR_DSTTL_CAT "parent"
468
#define KSM_PAR_KSK_ROLL 0
469
#define KSM_PAR_KSK_ROLL_STRING "rollover_scheme"
470
#define KSM_PAR_KSK_ROLL_CAT "ksk"
471
472
typedef
struct
{
/* Holds collection of parameters */
473
int
clockskew
;
/* Clock skew */
474
int
ksklife
;
/* Lifetime of a KSK */
475
int
standbyksks
;
/* Number of Standby Key Signing keys */
476
int
standbyzsks
;
/* Number of Standby Zone signing keys */
477
int
propdelay
;
/* Propagation delay */
478
int
signint
;
/* Signing interval - how long signing the zone takes */
479
int
soamin
;
/* "Minimum" value from SOA record */
480
int
soattl
;
/* TTL of the SOA record */
481
int
zsksiglife
;
/* Length of signatures signed by this ZSK */
482
int
zsklife
;
/* How long key is used for */
483
int
zskttl
;
/* TTL of ZSK DNSKEY record */
484
int
kskttl
;
/* TTL of KSK DNSKEY record */
485
int
kskpropdelay
;
/* KSK Propagation delay */
486
int
regdelay
;
/* KSK Registration delay */
487
int
pub_safety
;
/* Publish safety margin */
488
int
ret_safety
;
/* Retire safety margin */
489
int
kskmanroll
;
/* Do we only roll the KSK manually? */
490
int
zskmanroll
;
/* Do we only roll the ZSK manually? */
491
int
dsttl
;
/* TTL of the DS record */
492
int
kskroll
;
/* Rollover Scheme for the KSK */
493
}
KSM_PARCOLL
;
494
495
int
KsmCollectionInit
(
KSM_PARCOLL
* data);
496
int
KsmParameterClockskew
(
KSM_PARCOLL
* collection);
497
int
KsmParameterKskLifetime
(
KSM_PARCOLL
* collection);
498
int
KsmParameterStandbyKSKeys
(
KSM_PARCOLL
* collection);
499
int
KsmParameterStandbyZSKeys
(
KSM_PARCOLL
* collection);
500
int
KsmParameterPropagationDelay
(
KSM_PARCOLL
* collection);
501
int
KsmParameterSigningInterval
(
KSM_PARCOLL
* collection);
502
int
KsmParameterSoaMin
(
KSM_PARCOLL
* collection);
503
int
KsmParameterSoaTtl
(
KSM_PARCOLL
* collection);
504
int
KsmParameterZskLifetime
(
KSM_PARCOLL
* collection);
505
int
KsmParameterZskTtl
(
KSM_PARCOLL
* collection);
506
int
KsmParameterKskTtl
(
KSM_PARCOLL
* collection);
507
int
KsmParameterKskPropagationDelay
(
KSM_PARCOLL
* collection);
508
int
KsmParameterRegistrationDelay
(
KSM_PARCOLL
* collection);
509
int
KsmParameterPubSafety
(
KSM_PARCOLL
* collection);
510
int
KsmParameterRetSafety
(
KSM_PARCOLL
* collection);
511
int
KsmParameterInitialPublicationInterval
(
KSM_PARCOLL
* collection);
512
int
KsmParameterCollection
(
KSM_PARCOLL
* data,
int
policy_id);
513
void
KsmParameterCollectionCache
(
int
enable);
514
515
/* ksm_keyword */
516
517
int
KsmKeywordAlgorithmNameToValue
(
const
char
* name);
518
int
KsmKeywordFormatNameToValue
(
const
char
* name);
519
int
KsmKeywordParameterNameToValue
(
const
char
* name);
520
int
KsmKeywordStateNameToValue
(
const
char
* name);
521
int
KsmKeywordTypeNameToValue
(
const
char
* name);
522
int
KsmKeywordRollNameToValue
(
const
char
* name);
523
524
const
char
*
KsmKeywordAlgorithmValueToName
(
int
value);
525
const
char
*
KsmKeywordFormatValueToName
(
int
value);
526
const
char
*
KsmKeywordStateValueToName
(
int
value);
527
const
char
*
KsmKeywordTypeValueToName
(
int
value);
528
const
char
*
KsmKeywordSerialValueToName
(
int
value);
529
const
char
*
KsmKeywordRollValueToName
(
int
value);
530
531
int
KsmKeywordParameterExists
(
const
char
* name);
532
533
/* ksm_update */
534
535
int
KsmUpdate
(
int
policy_id,
int
zone_id);
536
void
KsmUpdateKey
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
537
void
KsmUpdateGenerateKeyTime
(
KSM_KEYDATA
* data);
538
void
KsmUpdatePublishKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
539
void
KsmUpdateReadyKeyTime
(
KSM_KEYDATA
* data);
540
void
KsmUpdateActiveKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
541
void
KsmUpdateRetireKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
542
void
KsmUpdateDeadKeyTime
(
KSM_KEYDATA
* data);
543
void
KsmUpdateDSPublishKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
544
void
KsmUpdateKEYPublishKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
545
int
KsmUpdateKeyTime
(
const
KSM_KEYDATA
* data,
const
char
* source,
546
const
char
* destination,
int
interval,
int
zone_id);
547
548
/* ksm_request */
549
550
typedef
int (*
KSM_REQUEST_CALLBACK
)(
void
* context,
KSM_KEYDATA
* key);
551
552
int
KsmRequestKeys
(
int
keytype,
int
rollover,
const
char
* datetime,
553
KSM_REQUEST_CALLBACK
callback,
void
* context,
int
policy_id,
int
zone_id,
554
int
run_interval,
int
* NewDS);
555
int
KsmRequestKeysByType
(
int
keytype,
int
rollover,
const
char
* datetime,
556
KSM_REQUEST_CALLBACK
callback,
void
* context,
int
policy_id,
int
zone_id,
557
int
run_interval,
int
* NewDS);
558
int
KsmRequestSetActiveExpectedRetire
(
int
keytype,
const
char
* datetime,
int
zone_id);
559
int
KsmRequestChangeStateActiveRetire
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id);
560
int
KsmRequestChangeStateRetireDead
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id,
int
rollover_scheme,
int
* NewDS);
561
int
KsmRequestChangeStatePublishReady
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id,
int
* NewDS);
562
int
KsmRequestChangeStateDSPublishDSReady
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id);
563
int
KsmRequestChangeState
(
int
keytype,
const
char
* datetime,
int
src_state,
564
int
dst_state,
int
zone_id,
int
policy_id,
int
rollover_scheme,
int
* NewDS);
565
int
KsmRequestChangeStateGeneratePublish
(
int
keytype,
const
char
* datetime,
566
int
count,
int
zone_id);
567
int
KsmRequestChangeStateGenerateDSSub
(
int
keytype,
const
char
* datetime,
568
int
count,
int
zone_id);
569
int
KsmRequestChangeStateDSReadyKeyPublish
(
const
char
* datetime,
int
zone_id,
int
policy_id);
570
int
KsmRequestChangeStateKeyPublishActive
(
const
char
* datetime,
int
zone_id,
int
policy_id,
int
* NewDS);
571
int
KsmRequestChangeStateReadyActive
(
int
keytype,
const
char
* datetime,
572
int
count,
int
zone_id);
573
int
KsmRequestChangeStateN
(
int
keytype,
const
char
* datetime,
574
int
count,
int
src_state,
int
dst_state,
int
zone_id);
575
int
KsmRequestChangeStateGenerateDSSubConditional
(
int
keytype,
576
const
char
* datetime,
KSM_PARCOLL
* collection,
int
zone_id,
int
* NewDS);
577
int
KsmRequestChangeStateGeneratePublishConditional
(
int
keytype,
578
const
char
* datetime,
KSM_PARCOLL
* collection,
int
zone_id,
579
int
run_interval);
580
int
KsmRequestPendingRetireCount
(
int
keytype,
const
char
* datetime,
581
KSM_PARCOLL
* parameters,
int
* count,
int
zone_id,
int
interval);
582
int
KsmRequestAvailableCount
(
int
keytype,
const
char
* datetime,
583
KSM_PARCOLL
* parameters,
int
* count,
int
zone_id);
584
int
KsmRequestGenerateCount
(
int
keytype,
int
* count,
int
zone_id);
585
int
KsmRequestStandbyKSKCount
(
int
* count,
int
zone_id);
586
int
KsmRequestCheckActiveKey
(
int
keytype,
const
char
* datetime,
int
* count,
int
zone_id);
587
int
KsmRequestCountReadyKey
(
int
keytype,
const
char
* datetime,
int
* count,
int
zone_id);
588
int
KsmRequestCheckFirstPass
(
int
keytype,
int
* first_pass_flag,
int
zone_id);
589
int
KsmRequestCheckCompromisedFlag
(
int
keytype,
int
zone_id,
int
* comp_flag);
590
int
KsmRequestIssueKeys
(
int
keytype,
KSM_REQUEST_CALLBACK
callback,
591
void
* context,
int
zone_id);
592
593
int
KsmRequestPrintKey
(
void
* context,
KSM_KEYDATA
* data);
594
595
int
KsmRequestDNSSECKeys
(
const
char
* datetime,
KSM_POLICY
* policy);
596
int
KsmRequestDNSSECKeysChangeStateRetireDead
(
KSM_KEY_POLICY
*policy,
const
char
* datetime,
int
verify);
597
int
KsmRequestDNSSECKeysChangeState
(
KSM_KEY_POLICY
*policy,
const
char
* datetime,
int
src_state,
int
dst_state,
int
verify);
598
int
KsmRequestDNSSECKeysChangeStatePublishReady
(
KSM_KEY_POLICY
*policy,
const
char
* datetime,
int
verify);
599
int
KsmRequestDNSSECKeysChangeStateGeneratePublishConditional
(
KSM_POLICY
*policy,
KSM_KEY_POLICY
*key_policy,
const
char
* datetime,
int
verify);
600
int
KsmRequestDNSSECKeysSetActiveExpectedRetire
(
int
keytype,
const
char
* datetime,
int
verify);
601
int
KsmRequestDNSSECKeysPendingRetireCount
(
KSM_KEY_POLICY
,
const
char
* datetime,
int
* count);
602
603
int
KsmPolicyClockskew
(
KSM_SIGNATURE_POLICY
*policy);
604
int
KsmPolicyKeyLifetime
(
KSM_KEY_POLICY
*policy);
605
int
KsmPolicyStandbyKeys
(
KSM_KEY_POLICY
*policy);
606
int
KsmPolicyPropagationDelay
(
KSM_SIGNER_POLICY
*policy);
607
int
KsmPolicySigningInterval
(
KSM_PARCOLL
* collection);
608
int
KsmPolicySoaMin
(
KSM_SIGNER_POLICY
*policy);
609
int
KsmPolicySoaTtl
(
KSM_SIGNER_POLICY
*policy);
610
int
KsmPolicyZskTtl
(
KSM_PARCOLL
* collection);
611
int
KsmPolicyInitialPublicationInterval
(
KSM_POLICY
*policy);
612
613
/* KsmImport */
614
int
KsmImportRepository
(
const
char
* repo_name,
const
char
* repo_capacity,
int
require_backup);
615
int
KsmImportPolicy
(
const
char
* policy_name,
const
char
* policy_description);
616
int
KsmImportZone
(
const
char
* zone_name,
int
policy_id,
int
fail_if_exists,
int
*new_zone,
const
char
* signconf,
const
char
* input,
const
char
* output);
617
int
KsmImportAudit
(
int
policy_id,
const
char
* audit_contents);
618
int
KsmImportKeyPair
(
int
policy_id,
const
char
* HSMKeyID,
int
smID,
int
size,
int
alg,
int
state,
const
char
* time,
int
fixDate,
DB_ID
*
id
);
619
int
KsmSmIdFromName
(
const
char
* name,
int
*
id
);
620
int
KsmSerialIdFromName
(
const
char
* name,
int
*
id
);
621
int
KsmPolicyIdFromName
(
const
char
* name,
int
*
id
);
622
int
KsmMarkPreBackup
(
int
repo_id,
const
char
* datetime);
623
int
KsmRollbackMarkPreBackup
(
int
repo_id);
624
int
KsmMarkBackup
(
int
repo_id,
const
char
* datetime);
625
int
KsmCheckHSMkeyID
(
int
repo_id,
const
char
* cka_id,
int
*exists);
626
627
/* KsmList */
628
int
KsmListBackups
(
int
repo_id,
int
verbose_flag);
629
int
KsmListRepos
();
630
int
KsmListPolicies
();
631
int
KsmListRollovers
(
int
zone_id);
632
int
KsmCheckNextRollover
(
int
keytype,
int
zone_id,
char
** datetime);
633
634
#ifdef __cplusplus
635
};
636
#endif
637
638
#endif
/* KSM_KSM_H */
Generated on Thu Mar 20 2014 15:30:04 for OpenDNSSEC-enforcer by
1.8.1.2