OpenDNSSEC-enforcer
1.3.15
Main Page
Data Structures
Files
File List
Globals
enforcer
ksm
include
ksm
ksm.h
Go to the documentation of this file.
1
/*
2
* $Id: ksm.h 7053 2013-02-21 16:10:40Z sion $
3
*
4
* Copyright (c) 2008-2009 Nominet UK. All rights reserved.
5
*
6
* Redistribution and use in source and binary forms, with or without
7
* modification, are permitted provided that the following conditions
8
* are met:
9
* 1. Redistributions of source code must retain the above copyright
10
* notice, this list of conditions and the following disclaimer.
11
* 2. Redistributions in binary form must reproduce the above copyright
12
* notice, this list of conditions and the following disclaimer in the
13
* documentation and/or other materials provided with the distribution.
14
*
15
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26
*
27
*/
28
29
#ifndef KSM_KSM_H
30
#define KSM_KSM_H
31
32
#ifdef __cplusplus
33
extern
"C"
{
34
#endif
35
36
/*+
37
* ksm.h - KSM Definitions
38
*
39
* Description:
40
* Holds definitions and prototypes for the KSM library.
41
-*/
42
43
#include <time.h>
44
#include <
ksm/database.h
>
45
#include <
ksm/database_statement.h
>
46
47
48
/* General */
49
50
typedef
int
KSM_ID
;
/* Identifies a KSM entity */
51
52
#define KSM_NULL_ID ((KSM_ID) -1)
/* General invalid ID */
53
54
/* ksm_common */
55
56
int
KsmInit
(
void
);
57
int
KsmRundown
(
void
);
58
59
#define KSM_NAME_LENGTH 256
/* Includes trailing NULL */
60
#define KSM_MSG_LENGTH 512
/* Includes trailing NULL */
61
#define KSM_PATH_LENGTH 4096
/* Includes trailing NULL */
62
#define KSM_POLICY_DESC_LENGTH 256
/* Includes trailing NULL */
63
#define KSM_POLICY_AUDIT_LENGTH 4096
/* Includes trailing NULL */
64
#define KSM_TIME_LENGTH 32
/* Includes trailing NULL */
65
66
#define KSM_SQL_SIZE 1024
/* Max size of SQL statement */
67
#define KSM_INT_STR_SIZE 32
/* Max size of int as string */
68
#define KSM_SALT_LENGTH 512
/* Includes trailing NULL */
69
#define KSM_ZONE_NAME_LENGTH 256
/* Includes trailing NULL */
70
#define KSM_ADAPTER_NAME_LENGTH 256
/* Includes trailing NULL */
71
/* ksm_key */
72
73
/* Key time flag states */
74
75
#define KEYDATA_M_ID 0x0001
76
#define KEYDATA_M_STATE 0x0002
77
#define KEYDATA_M_KEYTYPE 0x0004
78
#define KEYDATA_M_ALGORITHM 0x0008
79
#define KEYDATA_M_SIGLIFETIME 0x0010
80
#define KEYDATA_M_ACTIVE 0x0020
81
#define KEYDATA_M_DEAD 0x0040
82
#define KEYDATA_M_GENERATE 0x0080
83
#define KEYDATA_M_PUBLISH 0x0100
84
#define KEYDATA_M_READY 0x0200
85
#define KEYDATA_M_RETIRE 0x0400
86
#define KEYDATA_M_LOCATION 0x0800
87
#define KEYDATA_M_SIZE 0x1000
88
#define KEYDATA_M_SMID 0x2000
89
90
#define KEYDATA_M_TIMES (KEYDATA_M_ACTIVE | KEYDATA_M_DEAD | \
91
KEYDATA_M_GENERATE | KEYDATA_M_PUBLISH | KEYDATA_M_READY | KEYDATA_M_RETIRE)
92
93
/*
94
* Structure for key information. Note that on the date fields, the
95
* "struct tm" fields are used to insert data into the database, and the
96
* "char*" fields used to retrieve data. In the latter case, a NULL field
97
* will be represented by an empty string.
98
*/
99
100
typedef
struct
{
101
DB_ID
keypair_id
;
102
int
state
;
103
int
keytype
;
104
int
algorithm
;
105
int
siglifetime
;
106
char
active[
KSM_TIME_LENGTH
];
107
char
dead[
KSM_TIME_LENGTH
];
108
char
generate[
KSM_TIME_LENGTH
];
109
char
publish[
KSM_TIME_LENGTH
];
110
char
ready[
KSM_TIME_LENGTH
];
111
char
retire[
KSM_TIME_LENGTH
];
112
char
location[
KSM_NAME_LENGTH
];
113
int
securitymodule_id
;
114
int
size
;
115
int
policy_id
;
116
char
HSMKey_id[
KSM_NAME_LENGTH
];
/* TODO is this long enough ? */
117
DB_ID
dnsseckey_id
;
118
int
zone_id
;
119
int
fixedDate
;
120
121
/*
122
* The remaining fields are used for data manipulation and are not part of
123
* the KEYDATA table.
124
*/
125
126
int
flags
;
/* States which fields are valid */
127
int
roll_scheme
;
/* Which rollover scheme the key is under */
128
}
KSM_KEYDATA
;
129
130
int
KsmKeyPairCreate
(
int
policy_id,
const
char
* HSMKeyID,
int
smID,
int
size,
int
alg,
const
char
* generate,
DB_ID
*
id
);
131
int
KsmDnssecKeyCreate
(
int
zone_id,
int
keypair_id,
int
keytype,
int
state,
const
char
* time,
const
char
* retTime,
DB_ID
*
id
);
132
/*int KsmDnssecKeyCreateOnPolicy(int policy_id, int keypair_id, int keytype);*/
133
int
KsmKeyInitSql
(
DB_RESULT
* result,
const
char
* sql);
134
int
KsmKeyInit
(
DB_RESULT
* result,
DQS_QUERY_CONDITION
* condition);
135
int
KsmKeyInitId
(
DB_RESULT
* result,
DB_ID
id
);
136
int
KsmKey
(
DB_RESULT
result,
KSM_KEYDATA
* data);
137
void
KsmKeyEnd
(
DB_RESULT
result);
138
int
KsmKeyQuery
(
const
char
* sql,
DB_RESULT
* result);
139
int
KsmKeyData
(
DB_ID
id
,
KSM_KEYDATA
* data);
140
int
KsmKeyPredict
(
int
policy_id,
int
keytype,
int
shared_keys,
int
interval,
int
*count,
int
rollover_scheme,
int
zone_count);
141
int
KsmKeyCountQueue
(
int
keytype,
int
* count,
int
zone_id);
142
int
KsmKeyCountStillGood
(
int
policy_id,
int
sm,
int
bits,
int
algorithm,
int
interval,
const
char
* datetime,
int
*count,
int
keytype);
143
int
KsmKeyGetUnallocated
(
int
policy_id,
int
sm,
int
bits,
int
algorithm,
int
zone_id,
int
share_keys,
int
*keypair_id);
144
int
KsmMarkKeysAsDead
(
int
zone_id);
145
int
KsmKillKey
(
int
keypair_id,
int
zone_id);
146
147
/* delete */
148
149
int
KsmDeleteKeyRange
(
int
minid,
int
maxid);
150
int
KsmDeleteKeyRanges
(
int
limit[],
int
size);
151
152
/* KsmParameter */
153
154
typedef
struct
{
155
char
name[
KSM_NAME_LENGTH
];
156
char
category[
KSM_NAME_LENGTH
];
157
int
value
;
158
int
parameter_id
;
159
}
KSM_PARAMETER
;
160
161
int
KsmParameterInit
(
DB_RESULT
* result,
const
char
* name,
const
char
* category,
int
policy_id);
162
int
KsmParameterExist
(
DB_RESULT
* result,
const
char
* name,
const
char
* category,
int
* parameter_id);
163
int
KsmParameter
(
DB_RESULT
result,
KSM_PARAMETER
* data);
164
void
KsmParameterEnd
(
DB_RESULT
result);
165
int
KsmParameterValue
(
const
char
* name,
const
char
* category,
int
* value,
int
policy_id,
int
* parameter_id);
166
int
KsmParameterSet
(
const
char
* name,
const
char
* category,
int
value,
int
policy_id);
167
int
KsmParameterShow
(
const
char
* name,
const
char
* category,
int
policy_id);
168
169
/* ksmPolicy */
170
typedef
struct
{
171
int
refresh
;
172
int
jitter
;
173
int
propdelay
;
174
int
soamin
;
175
int
soattl
;
176
int
serial
;
177
}
KSM_SIGNER_POLICY
;
178
179
typedef
struct
{
180
int
clockskew
;
181
int
resign
;
182
int
valdefault
;
183
int
valdenial
;
184
}
KSM_SIGNATURE_POLICY
;
185
186
typedef
struct
{
187
int
version
;
188
int
resalt
;
189
int
algorithm
;
190
int
iteration
;
191
int
optout
;
192
int
ttl
;
193
int
saltlength
;
194
char
salt[
KSM_SALT_LENGTH
];
195
char
salt_stamp[
KSM_TIME_LENGTH
];
196
}
KSM_DENIAL_POLICY
;
197
198
typedef
struct
{
199
int
ttl
;
200
int
retire_safety
;
201
int
publish_safety
;
202
int
share_keys
;
203
int
purge
;
204
}
KSM_COMMON_KEY_POLICY
;
205
206
typedef
struct
{
207
int
algorithm
;
208
int
bits
;
209
int
lifetime
;
210
int
sm
;
211
char
sm_name[
KSM_NAME_LENGTH
];
212
unsigned
long
sm_capacity
;
213
int
require_backup
;
214
int
overlap
;
215
int
ttl
;
216
int
rfc5011
;
217
int
type
;
218
int
standby_keys
;
219
int
manual_rollover
;
220
int
rollover_scheme
;
221
}
KSM_KEY_POLICY
;
222
223
typedef
struct
{
224
int
keycreate
;
225
int
backup_interval
;
226
int
keygeninterval
;
227
}
KSM_ENFORCER_POLICY
;
228
229
typedef
struct
{
230
int
propdelay
;
231
int
soa_ttl
;
232
int
soa_min
;
233
int
serial
;
234
}
KSM_ZONE_POLICY
;
235
236
typedef
struct
{
237
int
propdelay
;
238
int
ds_ttl
;
239
int
soa_ttl
;
240
int
soa_min
;
241
}
KSM_PARENT_POLICY
;
242
243
typedef
struct
{
244
int
audit
;
245
}
KSM_AUDIT_POLICY
;
246
247
typedef
struct
{
248
int
id
;
249
char
name[
KSM_NAME_LENGTH
];
250
char
*
description
;
251
KSM_SIGNER_POLICY
*
signer
;
252
KSM_SIGNATURE_POLICY
*
signature
;
253
KSM_DENIAL_POLICY
*
denial
;
254
KSM_COMMON_KEY_POLICY
*
keys
;
255
KSM_KEY_POLICY
*
ksk
;
256
KSM_KEY_POLICY
*
zsk
;
257
KSM_ENFORCER_POLICY
*
enforcer
;
258
KSM_ZONE_POLICY
*
zone
;
259
KSM_PARENT_POLICY
*
parent
;
260
/*KSM_AUDIT_POLICY* audit;*/
261
char
*
audit
;
262
int
shared_keys
;
263
}
KSM_POLICY
;
264
265
typedef
struct
{
266
char
name[
KSM_NAME_LENGTH
];
267
char
category[
KSM_NAME_LENGTH
];
268
int
value
;
269
}
KSM_POLICY_PARAMETER
;
270
271
int
KsmPolicyInit
(
DB_RESULT
* handle,
const
char
* name);
272
int
KsmPolicyExists
(
const
char
* name);
273
int
KsmPolicyParametersInit
(
DB_RESULT
* handle,
const
char
* name);
274
int
KsmPolicyRead
(
KSM_POLICY
* policy);
275
int
KsmPolicy
(
DB_RESULT
handle,
KSM_POLICY
* data);
276
int
KsmPolicyParameter
(
DB_RESULT
handle,
KSM_POLICY_PARAMETER
* data);
277
int
KsmPolicyReadFromId
(
KSM_POLICY
* policy);
278
int
KsmPolicyNameFromId
(
KSM_POLICY
* policy);
279
int
KsmPolicyUpdateSalt
(
KSM_POLICY
* policy);
280
int
KsmPolicyNullSaltStamp
(
int
policy_id);
281
int
KsmPolicyPopulateSMFromIds
(
KSM_POLICY
* policy);
282
int
KsmPolicySetIdFromName
(
KSM_POLICY
*policy);
283
int
KsmPolicyIdFromZoneId
(
int
zone_id,
int
* policy_id);
284
285
KSM_POLICY
*
KsmPolicyAlloc
();
286
void
KsmPolicyFree
(
KSM_POLICY
*policy);
287
288
/* ksmZone */
289
typedef
struct
{
290
int
id
;
291
int
policy_id
;
292
char
name[
KSM_ZONE_NAME_LENGTH
];
293
char
signconf[
KSM_PATH_LENGTH
];
294
char
input[
KSM_PATH_LENGTH
];
295
char
output[
KSM_PATH_LENGTH
];
296
char
policy_name[
KSM_NAME_LENGTH
];
297
}
KSM_ZONE
;
298
299
int
KsmZoneInit
(
DB_RESULT
* handle,
int
policy_id);
300
int
KsmZone
(
DB_RESULT
handle,
KSM_ZONE
*data);
301
int
KsmZoneCount
(
DB_RESULT
handle,
int
* count);
302
int
KsmZoneCountInit
(
DB_RESULT
* handle,
int
id
);
303
int
KsmZoneIdFromName
(
const
char
* zone_name,
int
* zone_id);
304
int
KsmZoneIdAndPolicyFromName
(
const
char
* zone_name,
int
* policy_id,
int
* zone_id);
305
int
KsmDeleteZone
(
int
zone_id);
306
int
KsmZoneNameFromId
(
int
zone_id,
char
** zone_name);
307
308
#define UNSIGNED 0
309
#define SIGNED 1
310
311
int
KsmDNSSECKeysInSMCountInit
(
DB_RESULT
* handle,
int
policy_id);
312
int
KsmDNSSECKeysInSMCount
(
DB_RESULT
handle,
int
* count);
313
int
KsmDNSSECKeysStateCountInit
(
DB_RESULT
* result,
int
policy_id,
KSM_KEY_POLICY
*key_policy,
int
state);
314
315
/* Purge */
316
317
void
KsmPurge
(
void
);
318
319
/*
320
* Constants in the database tables. These are used in the
321
* ksm_keyword module.
322
*
323
* THESE MUST BE KEPT IN STEP WITH THE DATABASE CREATION SCRIPT
324
*/
325
326
/*
327
* The following names and constants are in the SIG(0) Algorithm Numbers
328
* page at IANA - http://www.iana.org/assignments/sig-alg-numbers.
329
*/
330
331
#define KSM_ALGORITHM_RSAMD5 1
332
#define KSM_ALGORITHM_RSAMD5_STRING "rsamd5"
333
#define KSM_ALGORITHM_DH 2
334
#define KSM_ALGORITHM_DH_STRING "dh"
335
#define KSM_ALGORITHM_DSASHA1 3
336
#define KSM_ALGORITHM_DSASHA1_STRING "dsa"
337
#define KSM_ALGORITHM_RSASHA1 5
338
#define KSM_ALGORITHM_RSASHA1_STRING "rsasha1"
339
#define KSM_ALGORITHM_DSA_NSEC3_SHA1 6
340
#define KSM_ALGORITHM_DSA_NSEC3_SHA1_STRING "dsa-nsec3-sha1"
341
#define KSM_ALGORITHM_RSASHA1_NSEC3_SHA1 7
342
#define KSM_ALGORITHM_RSASHA1_NSEC3_SHA1_STRING "rsasha1-nsec3-sha1"
343
#define KSM_ALGORITHM_RSASHA256 8
344
#define KSM_ALGORITHM_RSASHA256_STRING "rsasha256"
345
#define KSM_ALGORITHM_RSASHA512 10
346
#define KSM_ALGORITHM_RSASHA512_STRING "rsasha512"
347
#define KSM_ALGORITHM_INDIRECT 252
348
#define KSM_ALGORITHM_INDIRECT_STRING "indirect"
349
#define KSM_ALGORITHM_PRIVDOM 253
350
#define KSM_ALGORITHM_PRIVDOM_STRING "domain"
351
#define KSM_ALGORITHM_PRIVOID 254
352
#define KSM_ALGORITHM_PRIVOID_STRING "oid"
353
354
#define KSM_FORMAT_FILE 1
355
#define KSM_FORMAT_FILE_STRING "file"
356
#define KSM_FORMAT_HSM 2
357
#define KSM_FORMAT_HSM_STRING "hsm"
358
#define KSM_FORMAT_URI 3
359
#define KSM_FORMAT_URI_STRING "uri"
360
361
#define KSM_TYPE_KSK 257
362
#define KSM_TYPE_KSK_STRING "ksk"
363
#define KSM_TYPE_ZSK 256
364
#define KSM_TYPE_ZSK_STRING "zsk"
365
366
#define KSM_STATE_GENERATE 1
367
#define KSM_STATE_GENERATE_STRING "generate"
368
#define KSM_STATE_PUBLISH 2
369
#define KSM_STATE_PUBLISH_STRING "publish"
370
#define KSM_STATE_READY 3
371
#define KSM_STATE_READY_STRING "ready"
372
#define KSM_STATE_ACTIVE 4
373
#define KSM_STATE_ACTIVE_STRING "active"
374
#define KSM_STATE_RETIRE 5
375
#define KSM_STATE_RETIRE_STRING "retire"
376
#define KSM_STATE_DEAD 6
377
#define KSM_STATE_DEAD_STRING "dead"
378
#define KSM_STATE_DSSUB 7
379
#define KSM_STATE_DSSUB_STRING "dssub"
380
#define KSM_STATE_DSPUBLISH 8
381
#define KSM_STATE_DSPUBLISH_STRING "dspublish"
382
#define KSM_STATE_DSREADY 9
383
#define KSM_STATE_DSREADY_STRING "dsready"
384
#define KSM_STATE_KEYPUBLISH 10
385
#define KSM_STATE_KEYPUBLISH_STRING "keypublish"
386
387
#define KSM_SERIAL_UNIX_STRING "unixtime"
388
#define KSM_SERIAL_UNIX 1
389
#define KSM_SERIAL_COUNTER_STRING "counter"
390
#define KSM_SERIAL_COUNTER 2
391
#define KSM_SERIAL_DATE_STRING "datecounter"
392
#define KSM_SERIAL_DATE 3
393
#define KSM_SERIAL_KEEP_STRING "keep"
394
#define KSM_SERIAL_KEEP 4
395
396
#define KSM_KEYS_NOT_SHARED 0
397
#define KSM_KEYS_SHARED 1
398
399
#define KSM_ROLL_DEFAULT 1
/* DoubleDNSKEY */
400
#define KSM_ROLL_DNSKEY_STRING "DoubleDNSKey"
401
#define KSM_ROLL_DNSKEY 1
402
#define KSM_ROLL_DS_STRING "DoubleDS"
403
#define KSM_ROLL_DS 2
404
#define KSM_ROLL_RRSET_STRING "DoubleRRSet"
405
#define KSM_ROLL_RRSET 3
406
407
/* Reserved parameters and default values (in seconds) */
408
/* TODO redefine this properly:
409
* have _CAT defines separate
410
* rename to match the new list
411
* add new items ? */
412
#define KSM_PAR_CLOCKSKEW 3600
/* 1 hour */
413
#define KSM_PAR_CLOCKSKEW_STRING "clockskew"
414
#define KSM_PAR_CLOCKSKEW_CAT "signature"
415
#define KSM_PAR_KSKLIFE 63072000
/* 2 years */
416
#define KSM_PAR_KSKLIFE_STRING "lifetime"
417
#define KSM_PAR_KSKLIFE_CAT "ksk"
418
#define KSM_PAR_PROPDELAY 3600
/* 1 hour */
419
#define KSM_PAR_PROPDELAY_STRING "propagationdelay"
420
#define KSM_PAR_PROPDELAY_CAT "zone"
421
#define KSM_PAR_STANDBYKSKS 1
422
#define KSM_PAR_STANDBYKSKS_STRING "standby"
423
#define KSM_PAR_STANDBYKSKS_CAT "ksk"
424
#define KSM_PAR_STANDBYZSKS 1
425
#define KSM_PAR_STANDBYZSKS_STRING "standby"
426
#define KSM_PAR_STANDBYZSKS_CAT "zsk"
427
#define KSM_PAR_SIGNINT 7200
/* 2 hours */
428
#define KSM_PAR_SIGNINT_STRING "resign"
429
#define KSM_PAR_SIGNINT_CAT "signature"
430
#define KSM_PAR_SOAMIN 7200
/* 2 hours */
431
#define KSM_PAR_SOAMIN_STRING "min"
432
#define KSM_PAR_SOAMIN_CAT "zone"
433
#define KSM_PAR_SOATTL 172800
/* 2 days */
434
#define KSM_PAR_SOATTL_STRING "ttl"
435
#define KSM_PAR_SOATTL_CAT "zone"
436
#define KSM_PAR_ZSKSIGLIFE 432000
/* 5 days */
437
#define KSM_PAR_ZSKSIGLIFE_STRING "valdefault"
438
#define KSM_PAR_ZSKSIGLIFE_CAT "signature"
439
#define KSM_PAR_ZSKLIFE 2592000
/* 30 days */
440
#define KSM_PAR_ZSKLIFE_STRING "lifetime"
441
#define KSM_PAR_ZSKLIFE_CAT "zsk"
442
#define KSM_PAR_ZSKTTL 172800
/* 2 days */
443
#define KSM_PAR_ZSKTTL_STRING "ttl"
444
#define KSM_PAR_ZSKTTL_CAT "keys"
445
#define KSM_PAR_KSKTTL 172800
/* 2 days */
446
#define KSM_PAR_KSKTTL_STRING "ttl"
447
#define KSM_PAR_KSKTTL_CAT "keys"
448
#define KSM_PAR_KSKPROPDELAY 3600
/* 1 hour */
449
#define KSM_PAR_KSKPROPDELAY_STRING "propagationdelay"
450
#define KSM_PAR_KSKPROPDELAY_CAT "parent"
451
#define KSM_PAR_REGDELAY 0
/* TODO sort this out */
452
#define KSM_PAR_REGDELAY_STRING "registrationdelay"
/* TODO sort this out */
453
#define KSM_PAR_REGDELAY_CAT "parent"
/* TODO sort this out */
454
#define KSM_PAR_PUBSAFETY 172800
/* 2 days */
455
#define KSM_PAR_PUBSAFETY_STRING "publishsafety"
456
#define KSM_PAR_PUBSAFETY_CAT "keys"
457
#define KSM_PAR_RETSAFETY 172800
/* 2 days */
458
#define KSM_PAR_RETSAFETY_STRING "retiresafety"
459
#define KSM_PAR_RETSAFETY_CAT "keys"
460
#define KSM_PAR_KSK_MAN_ROLL 0
/* false (i.e. automatic roll) */
461
#define KSM_PAR_KSK_MAN_ROLL_STRING "manual_rollover"
462
#define KSM_PAR_KSK_MAN_ROLL_CAT "ksk"
463
#define KSM_PAR_ZSK_MAN_ROLL 0
/* false (i.e. automatic roll) */
464
#define KSM_PAR_ZSK_MAN_ROLL_STRING "manual_rollover"
465
#define KSM_PAR_ZSK_MAN_ROLL_CAT "zsk"
466
#define KSM_PAR_DSTTL 3600
467
#define KSM_PAR_DSTTL_STRING "ttlds"
468
#define KSM_PAR_DSTTL_CAT "parent"
469
#define KSM_PAR_KSK_ROLL 0
470
#define KSM_PAR_KSK_ROLL_STRING "rollover_scheme"
471
#define KSM_PAR_KSK_ROLL_CAT "ksk"
472
473
typedef
struct
{
/* Holds collection of parameters */
474
int
clockskew
;
/* Clock skew */
475
int
ksklife
;
/* Lifetime of a KSK */
476
int
standbyksks
;
/* Number of Standby Key Signing keys */
477
int
standbyzsks
;
/* Number of Standby Zone signing keys */
478
int
propdelay
;
/* Propagation delay */
479
int
signint
;
/* Signing interval - how long signing the zone takes */
480
int
soamin
;
/* "Minimum" value from SOA record */
481
int
soattl
;
/* TTL of the SOA record */
482
int
zsksiglife
;
/* Length of signatures signed by this ZSK */
483
int
zsklife
;
/* How long key is used for */
484
int
zskttl
;
/* TTL of ZSK DNSKEY record */
485
int
kskttl
;
/* TTL of KSK DNSKEY record */
486
int
kskpropdelay
;
/* KSK Propagation delay */
487
int
regdelay
;
/* KSK Registration delay */
488
int
pub_safety
;
/* Publish safety margin */
489
int
ret_safety
;
/* Retire safety margin */
490
int
kskmanroll
;
/* Do we only roll the KSK manually? */
491
int
zskmanroll
;
/* Do we only roll the ZSK manually? */
492
int
dsttl
;
/* TTL of the DS record */
493
int
kskroll
;
/* Rollover Scheme for the KSK */
494
}
KSM_PARCOLL
;
495
496
int
KsmCollectionInit
(
KSM_PARCOLL
* data);
497
int
KsmParameterClockskew
(
KSM_PARCOLL
* collection);
498
int
KsmParameterKskLifetime
(
KSM_PARCOLL
* collection);
499
int
KsmParameterStandbyKSKeys
(
KSM_PARCOLL
* collection);
500
int
KsmParameterStandbyZSKeys
(
KSM_PARCOLL
* collection);
501
int
KsmParameterPropagationDelay
(
KSM_PARCOLL
* collection);
502
int
KsmParameterSigningInterval
(
KSM_PARCOLL
* collection);
503
int
KsmParameterSoaMin
(
KSM_PARCOLL
* collection);
504
int
KsmParameterSoaTtl
(
KSM_PARCOLL
* collection);
505
int
KsmParameterZskLifetime
(
KSM_PARCOLL
* collection);
506
int
KsmParameterZskTtl
(
KSM_PARCOLL
* collection);
507
int
KsmParameterKskTtl
(
KSM_PARCOLL
* collection);
508
int
KsmParameterKskPropagationDelay
(
KSM_PARCOLL
* collection);
509
int
KsmParameterRegistrationDelay
(
KSM_PARCOLL
* collection);
510
int
KsmParameterPubSafety
(
KSM_PARCOLL
* collection);
511
int
KsmParameterRetSafety
(
KSM_PARCOLL
* collection);
512
int
KsmParameterInitialPublicationInterval
(
KSM_PARCOLL
* collection);
513
int
KsmParameterCollection
(
KSM_PARCOLL
* data,
int
policy_id);
514
void
KsmParameterCollectionCache
(
int
enable);
515
516
/* ksm_keyword */
517
518
int
KsmKeywordAlgorithmNameToValue
(
const
char
* name);
519
int
KsmKeywordFormatNameToValue
(
const
char
* name);
520
int
KsmKeywordParameterNameToValue
(
const
char
* name);
521
int
KsmKeywordStateNameToValue
(
const
char
* name);
522
int
KsmKeywordTypeNameToValue
(
const
char
* name);
523
int
KsmKeywordRollNameToValue
(
const
char
* name);
524
525
const
char
*
KsmKeywordAlgorithmValueToName
(
int
value);
526
const
char
*
KsmKeywordFormatValueToName
(
int
value);
527
const
char
*
KsmKeywordStateValueToName
(
int
value);
528
const
char
*
KsmKeywordTypeValueToName
(
int
value);
529
const
char
*
KsmKeywordSerialValueToName
(
int
value);
530
const
char
*
KsmKeywordRollValueToName
(
int
value);
531
532
int
KsmKeywordParameterExists
(
const
char
* name);
533
534
/* ksm_update */
535
536
int
KsmUpdate
(
int
policy_id,
int
zone_id);
537
void
KsmUpdateKey
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
538
void
KsmUpdateGenerateKeyTime
(
KSM_KEYDATA
* data);
539
void
KsmUpdatePublishKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
540
void
KsmUpdateReadyKeyTime
(
KSM_KEYDATA
* data);
541
void
KsmUpdateActiveKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
542
void
KsmUpdateRetireKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
543
void
KsmUpdateDeadKeyTime
(
KSM_KEYDATA
* data);
544
void
KsmUpdateDSPublishKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
545
void
KsmUpdateKEYPublishKeyTime
(
KSM_KEYDATA
* data,
KSM_PARCOLL
* collection,
int
zone_id);
546
int
KsmUpdateKeyTime
(
const
KSM_KEYDATA
* data,
const
char
* source,
547
const
char
* destination,
int
interval,
int
zone_id);
548
549
/* ksm_request */
550
551
typedef
int (*
KSM_REQUEST_CALLBACK
)(
void
* context,
KSM_KEYDATA
* key);
552
553
int
KsmRequestKeys
(
int
keytype,
int
rollover,
const
char
* datetime,
554
KSM_REQUEST_CALLBACK
callback,
void
* context,
int
policy_id,
int
zone_id,
555
int
run_interval,
int
* NewDS);
556
int
KsmRequestKeysByType
(
int
keytype,
int
rollover,
const
char
* datetime,
557
KSM_REQUEST_CALLBACK
callback,
void
* context,
int
policy_id,
int
zone_id,
558
int
run_interval,
int
* NewDS);
559
int
KsmRequestSetActiveExpectedRetire
(
int
keytype,
const
char
* datetime,
int
zone_id);
560
int
KsmRequestChangeStateActiveRetire
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id);
561
int
KsmRequestChangeStateRetireDead
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id,
int
rollover_scheme,
int
* NewDS);
562
int
KsmRequestChangeStatePublishReady
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id,
int
* NewDS);
563
int
KsmRequestChangeStateDSPublishDSReady
(
int
keytype,
const
char
* datetime,
int
zone_id,
int
policy_id);
564
int
KsmRequestChangeState
(
int
keytype,
const
char
* datetime,
int
src_state,
565
int
dst_state,
int
zone_id,
int
policy_id,
int
rollover_scheme,
int
* NewDS);
566
int
KsmRequestChangeStateGeneratePublish
(
int
keytype,
const
char
* datetime,
567
int
count,
int
zone_id);
568
int
KsmRequestChangeStateGenerateDSSub
(
int
keytype,
const
char
* datetime,
569
int
count,
int
zone_id);
570
int
KsmRequestChangeStateDSReadyKeyPublish
(
const
char
* datetime,
int
zone_id,
int
policy_id);
571
int
KsmRequestChangeStateKeyPublishActive
(
const
char
* datetime,
int
zone_id,
int
policy_id,
int
* NewDS);
572
int
KsmRequestChangeStateReadyActive
(
int
keytype,
const
char
* datetime,
573
int
count,
int
zone_id);
574
int
KsmRequestChangeStateN
(
int
keytype,
const
char
* datetime,
575
int
count,
int
src_state,
int
dst_state,
int
zone_id);
576
int
KsmRequestChangeStateGenerateDSSubConditional
(
int
keytype,
577
const
char
* datetime,
KSM_PARCOLL
* collection,
int
zone_id,
int
* NewDS);
578
int
KsmRequestChangeStateGeneratePublishConditional
(
int
keytype,
579
const
char
* datetime,
KSM_PARCOLL
* collection,
int
zone_id,
580
int
run_interval);
581
int
KsmRequestPendingRetireCount
(
int
keytype,
const
char
* datetime,
582
KSM_PARCOLL
* parameters,
int
* count,
int
zone_id,
int
interval);
583
int
KsmRequestAvailableCount
(
int
keytype,
const
char
* datetime,
584
KSM_PARCOLL
* parameters,
int
* count,
int
zone_id);
585
int
KsmRequestGenerateCount
(
int
keytype,
int
* count,
int
zone_id);
586
int
KsmRequestStandbyKSKCount
(
int
* count,
int
zone_id);
587
int
KsmRequestCheckActiveKey
(
int
keytype,
const
char
* datetime,
int
* count,
int
zone_id);
588
int
KsmRequestCountReadyKey
(
int
keytype,
const
char
* datetime,
int
* count,
int
zone_id);
589
int
KsmRequestCheckFirstPass
(
int
keytype,
int
* first_pass_flag,
int
zone_id);
590
int
KsmRequestCheckCompromisedFlag
(
int
keytype,
int
zone_id,
int
* comp_flag);
591
int
KsmRequestIssueKeys
(
int
keytype,
KSM_REQUEST_CALLBACK
callback,
592
void
* context,
int
zone_id);
593
594
int
KsmRequestPrintKey
(
void
* context,
KSM_KEYDATA
* data);
595
596
int
KsmRequestDNSSECKeys
(
const
char
* datetime,
KSM_POLICY
* policy);
597
int
KsmRequestDNSSECKeysChangeStateRetireDead
(
KSM_KEY_POLICY
*policy,
const
char
* datetime,
int
verify);
598
int
KsmRequestDNSSECKeysChangeState
(
KSM_KEY_POLICY
*policy,
const
char
* datetime,
int
src_state,
int
dst_state,
int
verify);
599
int
KsmRequestDNSSECKeysChangeStatePublishReady
(
KSM_KEY_POLICY
*policy,
const
char
* datetime,
int
verify);
600
int
KsmRequestDNSSECKeysChangeStateGeneratePublishConditional
(
KSM_POLICY
*policy,
KSM_KEY_POLICY
*key_policy,
const
char
* datetime,
int
verify);
601
int
KsmRequestDNSSECKeysSetActiveExpectedRetire
(
int
keytype,
const
char
* datetime,
int
verify);
602
int
KsmRequestDNSSECKeysPendingRetireCount
(
KSM_KEY_POLICY
,
const
char
* datetime,
int
* count);
603
604
int
KsmPolicyClockskew
(
KSM_SIGNATURE_POLICY
*policy);
605
int
KsmPolicyKeyLifetime
(
KSM_KEY_POLICY
*policy);
606
int
KsmPolicyStandbyKeys
(
KSM_KEY_POLICY
*policy);
607
int
KsmPolicyPropagationDelay
(
KSM_SIGNER_POLICY
*policy);
608
int
KsmPolicySigningInterval
(
KSM_PARCOLL
* collection);
609
int
KsmPolicySoaMin
(
KSM_SIGNER_POLICY
*policy);
610
int
KsmPolicySoaTtl
(
KSM_SIGNER_POLICY
*policy);
611
int
KsmPolicyZskTtl
(
KSM_PARCOLL
* collection);
612
int
KsmPolicyInitialPublicationInterval
(
KSM_POLICY
*policy);
613
614
/* KsmImport */
615
int
KsmImportRepository
(
const
char
* repo_name,
const
char
* repo_capacity,
int
require_backup);
616
int
KsmImportPolicy
(
const
char
* policy_name,
const
char
* policy_description);
617
int
KsmImportZone
(
const
char
* zone_name,
int
policy_id,
int
fail_if_exists,
int
*new_zone,
const
char
* signconf,
const
char
* input,
const
char
* output);
618
int
KsmImportAudit
(
int
policy_id,
const
char
* audit_contents);
619
int
KsmImportKeyPair
(
int
policy_id,
const
char
* HSMKeyID,
int
smID,
int
size,
int
alg,
int
state,
const
char
* time,
int
fixDate,
DB_ID
*
id
);
620
int
KsmSmIdFromName
(
const
char
* name,
int
*
id
);
621
int
KsmSerialIdFromName
(
const
char
* name,
int
*
id
);
622
int
KsmPolicyIdFromName
(
const
char
* name,
int
*
id
);
623
int
KsmMarkPreBackup
(
int
repo_id,
const
char
* datetime);
624
int
KsmRollbackMarkPreBackup
(
int
repo_id);
625
int
KsmMarkBackup
(
int
repo_id,
const
char
* datetime);
626
int
KsmCheckHSMkeyID
(
int
repo_id,
const
char
* cka_id,
int
*exists);
627
628
/* KsmList */
629
int
KsmListBackups
(
int
repo_id,
int
verbose_flag);
630
int
KsmListRepos
();
631
int
KsmListPolicies
();
632
int
KsmListRollovers
(
int
zone_id);
633
int
KsmCheckNextRollover
(
int
keytype,
int
zone_id,
char
** datetime);
634
635
#ifdef __cplusplus
636
};
637
#endif
638
639
#endif
/* KSM_KSM_H */
Generated on Fri Sep 27 2013 06:39:24 for OpenDNSSEC-enforcer by
1.8.4