OpenDNSSEC-enforcer 1.3.0
/build/buildd/opendnssec-1.3.0/enforcer/ksm/include/ksm/ksm.h
Go to the documentation of this file.
00001 /*
00002  * $Id: ksm.h 5320 2011-07-12 10:42:26Z jakob $
00003  *
00004  * Copyright (c) 2008-2009 Nominet UK. All rights reserved.
00005  *
00006  * Redistribution and use in source and binary forms, with or without
00007  * modification, are permitted provided that the following conditions
00008  * are met:
00009  * 1. Redistributions of source code must retain the above copyright
00010  *    notice, this list of conditions and the following disclaimer.
00011  * 2. Redistributions in binary form must reproduce the above copyright
00012  *    notice, this list of conditions and the following disclaimer in the
00013  *    documentation and/or other materials provided with the distribution.
00014  *
00015  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
00016  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
00017  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
00018  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
00019  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
00020  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
00021  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
00022  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
00023  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
00024  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
00025  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
00026  *
00027  */
00028 
00029 #ifndef KSM_KSM_H
00030 #define KSM_KSM_H
00031 
00032 #ifdef __cplusplus
00033 extern "C" {
00034 #endif
00035 
00036 /*+
00037  * ksm.h - KSM Definitions
00038  *
00039  * Description:
00040  *      Holds definitions and prototypes for the KSM library.
00041 -*/
00042 
00043 #include <time.h>
00044 #include <ksm/database.h>
00045 #include <ksm/database_statement.h>
00046 
00047 
00048 /* General */
00049 
00050 typedef int     KSM_ID;         /* Identifies a KSM entity */
00051 
00052 #define KSM_NULL_ID ((KSM_ID) -1)   /* General invalid ID */
00053 
00054 /* ksm_common */
00055 
00056 int KsmInit(void);
00057 int KsmRundown(void);
00058 
00059 #define KSM_NAME_LENGTH     256         /* Includes trailing NULL */
00060 #define KSM_PATH_LENGTH     4096        /* Includes trailing NULL */
00061 #define KSM_POLICY_DESC_LENGTH     256  /* Includes trailing NULL */
00062 #define KSM_POLICY_AUDIT_LENGTH    4096 /* Includes trailing NULL */
00063 #define KSM_TIME_LENGTH     32          /* Includes trailing NULL */
00064 
00065 #define KSM_SQL_SIZE        1024        /* Max size of SQL statement */
00066 #define KSM_INT_STR_SIZE    32          /* Max size of int as string */
00067 #define KSM_SALT_LENGTH     512         /* Includes trailing NULL */
00068 #define KSM_ZONE_NAME_LENGTH     256    /* Includes trailing NULL */
00069 #define KSM_ADAPTER_NAME_LENGTH  256    /* Includes trailing NULL */
00070 /* ksm_key */
00071 
00072 /* Key time flag states */
00073 
00074 #define KEYDATA_M_ID            0x0001
00075 #define KEYDATA_M_STATE         0x0002
00076 #define KEYDATA_M_KEYTYPE       0x0004
00077 #define KEYDATA_M_ALGORITHM     0x0008
00078 #define KEYDATA_M_SIGLIFETIME   0x0010
00079 #define KEYDATA_M_ACTIVE        0x0020
00080 #define KEYDATA_M_DEAD          0x0040
00081 #define KEYDATA_M_GENERATE      0x0080
00082 #define KEYDATA_M_PUBLISH       0x0100
00083 #define KEYDATA_M_READY         0x0200
00084 #define KEYDATA_M_RETIRE        0x0400
00085 #define KEYDATA_M_LOCATION      0x0800
00086 #define KEYDATA_M_SIZE                  0x1000
00087 #define KEYDATA_M_SMID                  0x2000
00088 
00089 #define KEYDATA_M_TIMES         (KEYDATA_M_ACTIVE | KEYDATA_M_DEAD | \
00090     KEYDATA_M_GENERATE | KEYDATA_M_PUBLISH | KEYDATA_M_READY | KEYDATA_M_RETIRE)
00091 
00092 /*
00093  * Structure for key information.  Note that on the date fields, the
00094  * "struct tm" fields are used to insert data into the database, and the
00095  * "char*" fields used to retrieve data.  In the latter case, a NULL field
00096  * will be represented by an empty string.
00097  */
00098 
00099 typedef struct {
00100     DB_ID       keypair_id;
00101     int     state;
00102     int     keytype;
00103     int     algorithm;
00104     int     siglifetime;
00105     char    active[KSM_TIME_LENGTH];
00106     char    dead[KSM_TIME_LENGTH];
00107     char    generate[KSM_TIME_LENGTH];
00108     char    publish[KSM_TIME_LENGTH];
00109     char    ready[KSM_TIME_LENGTH];
00110     char    retire[KSM_TIME_LENGTH];
00111     char    location[KSM_NAME_LENGTH];
00112     int     securitymodule_id;
00113     int     size;
00114     int     policy_id;
00115     char    HSMKey_id[KSM_NAME_LENGTH]; /* TODO is this long enough ? */
00116     DB_ID       dnsseckey_id;
00117     int     zone_id;
00118     int     fixedDate;
00119 
00120     /*
00121      * The remaining fields are used for data manipulation and are not part of
00122      * the KEYDATA table.
00123      */
00124 
00125     int     flags;                  /* States which fields are valid */
00126     int     roll_scheme;        /* Which rollover scheme the key is under */
00127 } KSM_KEYDATA;
00128 
00129 int KsmKeyPairCreate(int policy_id, const char* HSMKeyID, int smID, int size, int alg, const char* generate, DB_ID* id);
00130 int KsmDnssecKeyCreate(int zone_id, int keypair_id, int keytype, int state, const char* time, DB_ID* id);
00131 /*int KsmDnssecKeyCreateOnPolicy(int policy_id, int keypair_id, int keytype);*/
00132 int KsmKeyInitSql(DB_RESULT* result, const char* sql);
00133 int KsmKeyInit(DB_RESULT* result, DQS_QUERY_CONDITION* condition);
00134 int KsmKeyInitId(DB_RESULT* result, DB_ID id);
00135 int KsmKey(DB_RESULT result, KSM_KEYDATA* data);
00136 void KsmKeyEnd(DB_RESULT result);
00137 int KsmKeyQuery(const char* sql, DB_RESULT* result);
00138 int KsmKeyData(DB_ID id, KSM_KEYDATA* data);
00139 int KsmKeyPredict(int policy_id, int keytype, int shared_keys, int interval, int *count, int rollover_scheme, int zone_count);
00140 int KsmKeyCountQueue(int keytype, int* count, int zone_id);
00141 int KsmKeyCountStillGood(int policy_id, int sm, int bits, int algorithm, int interval, const char* datetime, int *count, int keytype);
00142 int KsmKeyGetUnallocated(int policy_id, int sm, int bits, int algorithm, int zone_id, int share_keys, int *keypair_id);
00143 int KsmMarkKeysAsDead(int zone_id);
00144 int KsmKillKey(int keypair_id);
00145 
00146 /* delete */
00147 
00148 int KsmDeleteKeyRange(int minid, int maxid);
00149 int KsmDeleteKeyRanges(int limit[], int size);
00150 
00151 /* KsmParameter */
00152 
00153 typedef struct {
00154     char        name[KSM_NAME_LENGTH];
00155     char        category[KSM_NAME_LENGTH];
00156     int         value;
00157     int         parameter_id;
00158 } KSM_PARAMETER;
00159 
00160 int KsmParameterInit(DB_RESULT* result, const char* name, const char* category, int policy_id);
00161 int KsmParameterExist(DB_RESULT* result, const char* name, const char* category, int* parameter_id);
00162 int KsmParameter(DB_RESULT result, KSM_PARAMETER* data);
00163 void KsmParameterEnd(DB_RESULT result);
00164 int KsmParameterValue(const char* name, const char* category, int* value, int policy_id, int* parameter_id);
00165 int KsmParameterSet(const char* name, const char* category, int value, int policy_id);
00166 int KsmParameterShow(const char* name, const char* category, int policy_id);
00167 
00168 /* ksmPolicy */
00169 typedef struct {
00170         int refresh;
00171         int jitter;
00172         int propdelay;
00173         int soamin;
00174         int soattl;
00175     int serial;
00176 } KSM_SIGNER_POLICY;
00177 
00178 typedef struct {
00179         int clockskew;
00180         int resign;
00181         int valdefault;
00182         int valdenial;
00183 } KSM_SIGNATURE_POLICY;
00184 
00185 typedef struct {
00186         int version;
00187         int resalt;
00188         int algorithm;
00189         int iteration;
00190         int optout;
00191         int ttl;
00192         int saltlength;
00193     char    salt[KSM_SALT_LENGTH];
00194     char    salt_stamp[KSM_TIME_LENGTH];
00195 } KSM_DENIAL_POLICY;
00196 
00197 typedef struct {
00198         int ttl;
00199         int retire_safety;
00200         int publish_safety;
00201         int share_keys;
00202         int purge;
00203 } KSM_COMMON_KEY_POLICY;
00204 
00205 typedef struct {
00206         int algorithm;
00207         int bits;
00208         int lifetime;
00209         int sm;
00210         char sm_name[KSM_NAME_LENGTH];
00211         unsigned long sm_capacity;
00212     int require_backup;
00213         int overlap;
00214         int ttl;
00215         int rfc5011;
00216         int type;
00217         int standby_keys;
00218     int manual_rollover;
00219     int rollover_scheme;
00220 } KSM_KEY_POLICY;
00221 
00222 typedef struct {
00223     int         keycreate;
00224     int                 backup_interval;
00225     int keygeninterval;
00226 } KSM_ENFORCER_POLICY;
00227 
00228 typedef struct {
00229     int propdelay;
00230     int soa_ttl;
00231     int soa_min;
00232     int serial;
00233 } KSM_ZONE_POLICY;
00234 
00235 typedef struct {
00236     int propdelay;
00237     int ds_ttl;
00238     int soa_ttl;
00239     int soa_min;
00240 } KSM_PARENT_POLICY;
00241 
00242 typedef struct {
00243     int audit;
00244 } KSM_AUDIT_POLICY;
00245 
00246 typedef struct {
00247         int id;
00248     char        name[KSM_NAME_LENGTH];
00249         char* description;
00250         KSM_SIGNER_POLICY* signer;
00251         KSM_SIGNATURE_POLICY* signature;
00252         KSM_DENIAL_POLICY* denial;
00253         KSM_COMMON_KEY_POLICY* keys;
00254         KSM_KEY_POLICY* ksk;
00255         KSM_KEY_POLICY* zsk;
00256         KSM_ENFORCER_POLICY* enforcer;
00257         KSM_ZONE_POLICY* zone;
00258         KSM_PARENT_POLICY* parent;
00259         /*KSM_AUDIT_POLICY* audit;*/
00260         char* audit;
00261     int     shared_keys;
00262 } KSM_POLICY;
00263 
00264 typedef struct {
00265     char        name[KSM_NAME_LENGTH];
00266     char                category[KSM_NAME_LENGTH];
00267     int         value;
00268 } KSM_POLICY_PARAMETER;
00269 
00270 int KsmPolicyInit(DB_RESULT* handle, const char* name);
00271 int KsmPolicyExists(const char* name);
00272 int KsmPolicyParametersInit(DB_RESULT* handle, const char* name);
00273 int KsmPolicyRead(KSM_POLICY* policy);
00274 int KsmPolicy(DB_RESULT handle, KSM_POLICY* data);
00275 int KsmPolicyParameter(DB_RESULT handle, KSM_POLICY_PARAMETER* data);
00276 int KsmPolicyReadFromId(KSM_POLICY* policy);
00277 int KsmPolicyNameFromId(KSM_POLICY* policy);
00278 int KsmPolicyUpdateSalt(KSM_POLICY* policy);
00279 int KsmPolicyNullSaltStamp(int policy_id);
00280 int KsmPolicyPopulateSMFromIds(KSM_POLICY* policy);
00281 int KsmPolicySetIdFromName(KSM_POLICY *policy);
00282 int KsmPolicyIdFromZoneId(int zone_id, int* policy_id);
00283 
00284 KSM_POLICY *KsmPolicyAlloc();
00285 void KsmPolicyFree(KSM_POLICY *policy);
00286 
00287 /* ksmZone */
00288 typedef struct {
00289     int   id;
00290     int   policy_id;
00291     char  name[KSM_ZONE_NAME_LENGTH];
00292     char  signconf[KSM_PATH_LENGTH];
00293     char  input[KSM_PATH_LENGTH];
00294     char  output[KSM_PATH_LENGTH];
00295     char  policy_name[KSM_NAME_LENGTH];
00296 } KSM_ZONE;
00297 
00298 int KsmZoneInit(DB_RESULT* handle, int policy_id);
00299 int KsmZone(DB_RESULT handle, KSM_ZONE *data);
00300 int KsmZoneCount(DB_RESULT handle, int* count);
00301 int KsmZoneCountInit(DB_RESULT* handle, int id);
00302 int KsmZoneIdFromName(const char* zone_name, int* zone_id);
00303 int KsmZoneIdAndPolicyFromName(const char* zone_name, int* policy_id, int* zone_id);
00304 int KsmDeleteZone(int zone_id);
00305 int KsmZoneNameFromId(int zone_id, char** zone_name);
00306 
00307 #define UNSIGNED 0
00308 #define SIGNED 1
00309 
00310 int KsmDNSSECKeysInSMCountInit(DB_RESULT* handle, int policy_id);
00311 int KsmDNSSECKeysInSMCount(DB_RESULT handle, int* count);
00312 int KsmDNSSECKeysStateCountInit(DB_RESULT* result, int policy_id, KSM_KEY_POLICY *key_policy, int state);
00313 
00314 /* Purge */
00315 
00316 void KsmPurge(void);
00317 
00318 /*
00319  * Constants in the database tables.  These are used in the
00320  * ksm_keyword module.
00321  *
00322  * THESE MUST BE KEPT IN STEP WITH THE DATABASE CREATION SCRIPT
00323  */
00324 
00325 /*
00326  * The following names and constants are in the SIG(0) Algorithm Numbers
00327  * page at IANA - http://www.iana.org/assignments/sig-alg-numbers.
00328  */
00329 
00330 #define KSM_ALGORITHM_RSAMD5            1
00331 #define KSM_ALGORITHM_RSAMD5_STRING     "rsamd5"
00332 #define KSM_ALGORITHM_DH                2
00333 #define KSM_ALGORITHM_DH_STRING         "dh"
00334 #define KSM_ALGORITHM_DSASHA1           3
00335 #define KSM_ALGORITHM_DSASHA1_STRING    "dsa"
00336 #define KSM_ALGORITHM_RSASHA1           5
00337 #define KSM_ALGORITHM_RSASHA1_STRING    "rsasha1"
00338 #define KSM_ALGORITHM_DSA_NSEC3_SHA1        6
00339 #define KSM_ALGORITHM_DSA_NSEC3_SHA1_STRING "dsa-nsec3-sha1"
00340 #define KSM_ALGORITHM_RSASHA1_NSEC3_SHA1 7
00341 #define KSM_ALGORITHM_RSASHA1_NSEC3_SHA1_STRING "rsasha1-nsec3-sha1"
00342 #define KSM_ALGORITHM_RSASHA256         8
00343 #define KSM_ALGORITHM_RSASHA256_STRING  "rsasha256"
00344 #define KSM_ALGORITHM_RSASHA512         10
00345 #define KSM_ALGORITHM_RSASHA512_STRING  "rsasha512"
00346 #define KSM_ALGORITHM_INDIRECT          252
00347 #define KSM_ALGORITHM_INDIRECT_STRING   "indirect"
00348 #define KSM_ALGORITHM_PRIVDOM           253
00349 #define KSM_ALGORITHM_PRIVDOM_STRING    "domain"
00350 #define KSM_ALGORITHM_PRIVOID           254
00351 #define KSM_ALGORITHM_PRIVOID_STRING    "oid"
00352 
00353 #define KSM_FORMAT_FILE             1
00354 #define KSM_FORMAT_FILE_STRING      "file"
00355 #define KSM_FORMAT_HSM              2
00356 #define KSM_FORMAT_HSM_STRING       "hsm"
00357 #define KSM_FORMAT_URI              3
00358 #define KSM_FORMAT_URI_STRING       "uri"
00359 
00360 #define KSM_TYPE_KSK                257
00361 #define KSM_TYPE_KSK_STRING         "ksk"
00362 #define KSM_TYPE_ZSK                256
00363 #define KSM_TYPE_ZSK_STRING         "zsk"
00364 
00365 #define KSM_STATE_GENERATE          1
00366 #define KSM_STATE_GENERATE_STRING   "generate"
00367 #define KSM_STATE_PUBLISH           2
00368 #define KSM_STATE_PUBLISH_STRING    "publish"
00369 #define KSM_STATE_READY             3
00370 #define KSM_STATE_READY_STRING      "ready"
00371 #define KSM_STATE_ACTIVE            4
00372 #define KSM_STATE_ACTIVE_STRING     "active"
00373 #define KSM_STATE_RETIRE            5
00374 #define KSM_STATE_RETIRE_STRING     "retire"
00375 #define KSM_STATE_DEAD              6
00376 #define KSM_STATE_DEAD_STRING       "dead"
00377 #define KSM_STATE_DSSUB             7
00378 #define KSM_STATE_DSSUB_STRING      "dssub"
00379 #define KSM_STATE_DSPUBLISH         8
00380 #define KSM_STATE_DSPUBLISH_STRING  "dspublish"
00381 #define KSM_STATE_DSREADY           9
00382 #define KSM_STATE_DSREADY_STRING    "dsready"
00383 #define KSM_STATE_KEYPUBLISH        10 
00384 #define KSM_STATE_KEYPUBLISH_STRING "keypublish"
00385 
00386 #define KSM_SERIAL_UNIX_STRING      "unixtime"
00387 #define KSM_SERIAL_UNIX             1
00388 #define KSM_SERIAL_COUNTER_STRING   "counter"
00389 #define KSM_SERIAL_COUNTER          2
00390 #define KSM_SERIAL_DATE_STRING      "datecounter"
00391 #define KSM_SERIAL_DATE             3
00392 #define KSM_SERIAL_KEEP_STRING      "keep"
00393 #define KSM_SERIAL_KEEP             4
00394 
00395 #define KSM_KEYS_NOT_SHARED         0
00396 #define KSM_KEYS_SHARED             1
00397 
00398 #define KSM_ROLL_DEFAULT            1 /* DoubleDNSKEY */
00399 #define KSM_ROLL_DNSKEY_STRING      "DoubleDNSKey"
00400 #define KSM_ROLL_DNSKEY             1
00401 #define KSM_ROLL_DS_STRING          "DoubleDS"
00402 #define KSM_ROLL_DS                 2
00403 #define KSM_ROLL_RRSET_STRING       "DoubleRRSet"
00404 #define KSM_ROLL_RRSET              3
00405 
00406 /* Reserved parameters and default values (in seconds) */
00407 /* TODO redefine this properly:
00408  *      have _CAT defines separate 
00409  *      rename to match the new list
00410  *      add new items ? */
00411 #define KSM_PAR_CLOCKSKEW               3600        /* 1 hour */
00412 #define KSM_PAR_CLOCKSKEW_STRING        "clockskew"
00413 #define KSM_PAR_CLOCKSKEW_CAT           "signature"
00414 #define KSM_PAR_KSKLIFE                 63072000    /* 2 years */
00415 #define KSM_PAR_KSKLIFE_STRING          "lifetime"
00416 #define KSM_PAR_KSKLIFE_CAT             "ksk"
00417 #define KSM_PAR_PROPDELAY               3600        /* 1 hour */
00418 #define KSM_PAR_PROPDELAY_STRING        "propagationdelay"
00419 #define KSM_PAR_PROPDELAY_CAT           "zone"
00420 #define KSM_PAR_STANDBYKSKS             1
00421 #define KSM_PAR_STANDBYKSKS_STRING      "standby"
00422 #define KSM_PAR_STANDBYKSKS_CAT         "ksk"
00423 #define KSM_PAR_STANDBYZSKS             1
00424 #define KSM_PAR_STANDBYZSKS_STRING      "standby"
00425 #define KSM_PAR_STANDBYZSKS_CAT         "zsk"
00426 #define KSM_PAR_SIGNINT                 7200        /* 2 hours */
00427 #define KSM_PAR_SIGNINT_STRING          "resign"
00428 #define KSM_PAR_SIGNINT_CAT             "signature"
00429 #define KSM_PAR_SOAMIN                  7200        /* 2 hours */
00430 #define KSM_PAR_SOAMIN_STRING           "min"
00431 #define KSM_PAR_SOAMIN_CAT              "zone"
00432 #define KSM_PAR_SOATTL                  172800      /* 2 days */
00433 #define KSM_PAR_SOATTL_STRING           "ttl"
00434 #define KSM_PAR_SOATTL_CAT              "zone"
00435 #define KSM_PAR_ZSKSIGLIFE              432000      /* 5 days */
00436 #define KSM_PAR_ZSKSIGLIFE_STRING       "valdefault"
00437 #define KSM_PAR_ZSKSIGLIFE_CAT          "signature"
00438 #define KSM_PAR_ZSKLIFE                 2592000     /* 30 days */
00439 #define KSM_PAR_ZSKLIFE_STRING          "lifetime"
00440 #define KSM_PAR_ZSKLIFE_CAT             "zsk"
00441 #define KSM_PAR_ZSKTTL                  172800      /* 2 days */
00442 #define KSM_PAR_ZSKTTL_STRING           "ttl"
00443 #define KSM_PAR_ZSKTTL_CAT              "keys"
00444 #define KSM_PAR_KSKTTL                  172800      /* 2 days */
00445 #define KSM_PAR_KSKTTL_STRING           "ttl"
00446 #define KSM_PAR_KSKTTL_CAT              "keys"
00447 #define KSM_PAR_KSKPROPDELAY            3600        /* 1 hour */
00448 #define KSM_PAR_KSKPROPDELAY_STRING     "propagationdelay"
00449 #define KSM_PAR_KSKPROPDELAY_CAT        "parent"
00450 #define KSM_PAR_REGDELAY                0   /* TODO sort this out */
00451 #define KSM_PAR_REGDELAY_STRING         "registrationdelay"  /* TODO sort this out */
00452 #define KSM_PAR_REGDELAY_CAT            "parent"  /* TODO sort this out */
00453 #define KSM_PAR_PUBSAFETY               172800      /* 2 days */
00454 #define KSM_PAR_PUBSAFETY_STRING        "publishsafety"
00455 #define KSM_PAR_PUBSAFETY_CAT           "keys"
00456 #define KSM_PAR_RETSAFETY               172800      /* 2 days */
00457 #define KSM_PAR_RETSAFETY_STRING        "retiresafety"
00458 #define KSM_PAR_RETSAFETY_CAT           "keys"
00459 #define KSM_PAR_KSK_MAN_ROLL            0      /* false (i.e. automatic roll) */
00460 #define KSM_PAR_KSK_MAN_ROLL_STRING     "manual_rollover"
00461 #define KSM_PAR_KSK_MAN_ROLL_CAT        "ksk"
00462 #define KSM_PAR_ZSK_MAN_ROLL            0      /* false (i.e. automatic roll) */
00463 #define KSM_PAR_ZSK_MAN_ROLL_STRING     "manual_rollover"
00464 #define KSM_PAR_ZSK_MAN_ROLL_CAT        "zsk"
00465 #define KSM_PAR_DSTTL                   3600
00466 #define KSM_PAR_DSTTL_STRING            "ttlds"
00467 #define KSM_PAR_DSTTL_CAT               "parent"
00468 #define KSM_PAR_KSK_ROLL                0
00469 #define KSM_PAR_KSK_ROLL_STRING         "rollover_scheme"
00470 #define KSM_PAR_KSK_ROLL_CAT            "ksk"
00471 
00472 typedef struct {            /* Holds collection of parameters */
00473     int     clockskew;      /* Clock skew */
00474     int     ksklife;        /* Lifetime of a KSK */
00475     int     standbyksks;    /* Number of Standby Key Signing keys */
00476     int     standbyzsks;    /* Number of Standby Zone signing keys */
00477     int     propdelay;      /* Propagation delay */
00478     int     signint;        /* Signing interval - how long signing the zone takes */
00479     int     soamin;         /* "Minimum" value from SOA record */
00480     int     soattl;         /* TTL of the SOA record */
00481     int     zsksiglife;     /* Length of signatures signed by this ZSK */
00482     int     zsklife;        /* How long key is used for */
00483     int     zskttl;         /* TTL of ZSK DNSKEY record */
00484     int     kskttl;         /* TTL of KSK DNSKEY record */
00485     int     kskpropdelay;   /* KSK Propagation delay */
00486     int     regdelay;       /* KSK Registration delay */
00487     int     pub_safety;     /* Publish safety margin */
00488     int     ret_safety;     /* Retire safety margin */
00489     int     kskmanroll;     /* Do we only roll the KSK manually? */
00490     int     zskmanroll;     /* Do we only roll the ZSK manually? */
00491     int     dsttl;          /* TTL of the DS record */
00492     int     kskroll;        /* Rollover Scheme for the KSK */
00493 } KSM_PARCOLL;
00494 
00495 int KsmCollectionInit(KSM_PARCOLL* data);
00496 int KsmParameterClockskew(KSM_PARCOLL* collection);
00497 int KsmParameterKskLifetime(KSM_PARCOLL* collection);
00498 int KsmParameterStandbyKSKeys(KSM_PARCOLL* collection);
00499 int KsmParameterStandbyZSKeys(KSM_PARCOLL* collection);
00500 int KsmParameterPropagationDelay(KSM_PARCOLL* collection);
00501 int KsmParameterSigningInterval(KSM_PARCOLL* collection);
00502 int KsmParameterSoaMin(KSM_PARCOLL* collection);
00503 int KsmParameterSoaTtl(KSM_PARCOLL* collection);
00504 int KsmParameterZskLifetime(KSM_PARCOLL* collection);
00505 int KsmParameterZskTtl(KSM_PARCOLL* collection);
00506 int KsmParameterKskTtl(KSM_PARCOLL* collection);
00507 int KsmParameterKskPropagationDelay(KSM_PARCOLL* collection);
00508 int KsmParameterRegistrationDelay(KSM_PARCOLL* collection);
00509 int KsmParameterPubSafety(KSM_PARCOLL* collection);
00510 int KsmParameterRetSafety(KSM_PARCOLL* collection);
00511 int KsmParameterInitialPublicationInterval(KSM_PARCOLL* collection);
00512 int KsmParameterCollection(KSM_PARCOLL* data, int policy_id);
00513 
00514 /* ksm_keyword */
00515 
00516 int KsmKeywordAlgorithmNameToValue(const char* name);
00517 int KsmKeywordFormatNameToValue(const char* name);
00518 int KsmKeywordParameterNameToValue(const char* name);
00519 int KsmKeywordStateNameToValue(const char* name);
00520 int KsmKeywordTypeNameToValue(const char* name);
00521 int KsmKeywordRollNameToValue(const char* name);
00522 
00523 const char* KsmKeywordAlgorithmValueToName(int value);
00524 const char* KsmKeywordFormatValueToName(int value);
00525 const char* KsmKeywordStateValueToName(int value);
00526 const char* KsmKeywordTypeValueToName(int value);
00527 const char* KsmKeywordSerialValueToName(int value);
00528 const char* KsmKeywordRollValueToName(int value);
00529 
00530 int KsmKeywordParameterExists(const char* name);
00531 
00532 /* ksm_update */
00533 
00534 int KsmUpdate(int policy_id, int zone_id);
00535 void KsmUpdateKey(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id);
00536 void KsmUpdateGenerateKeyTime(KSM_KEYDATA* data);
00537 void KsmUpdatePublishKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id);
00538 void KsmUpdateReadyKeyTime(KSM_KEYDATA* data);
00539 void KsmUpdateActiveKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id);
00540 void KsmUpdateRetireKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id);
00541 void KsmUpdateDeadKeyTime(KSM_KEYDATA* data);
00542 void KsmUpdateDSPublishKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id);
00543 void KsmUpdateKEYPublishKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id);
00544 int KsmUpdateKeyTime(const KSM_KEYDATA* data, const char* source,
00545     const char* destination, int interval, int zone_id);
00546 
00547 /* ksm_request */
00548 
00549 typedef int (*KSM_REQUEST_CALLBACK)(void* context, KSM_KEYDATA* key);
00550 
00551 int KsmRequestKeys(int keytype, int rollover, const char* datetime,
00552         KSM_REQUEST_CALLBACK callback, void* context, int policy_id, int zone_id,
00553     int run_interval, int* NewDS);
00554 int KsmRequestKeysByType(int keytype, int rollover, const char* datetime,
00555         KSM_REQUEST_CALLBACK callback, void* context, int policy_id, int zone_id,
00556     int run_interval, int* NewDS);
00557 int KsmRequestSetActiveExpectedRetire(int keytype, const char* datetime, int zone_id);
00558 int KsmRequestChangeStateActiveRetire(int keytype, const char* datetime, int zone_id, int policy_id);
00559 int KsmRequestChangeStateRetireDead(int keytype, const char* datetime, int zone_id, int policy_id, int rollover_scheme, int* NewDS);
00560 int KsmRequestChangeStatePublishReady(int keytype, const char* datetime, int zone_id, int policy_id, int* NewDS);
00561 int KsmRequestChangeStateDSPublishDSReady(int keytype, const char* datetime, int zone_id, int policy_id);
00562 int KsmRequestChangeState(int keytype, const char* datetime, int src_state,
00563         int dst_state, int zone_id, int policy_id, int rollover_scheme, int* NewDS);
00564 int KsmRequestChangeStateGeneratePublish(int keytype, const char* datetime,
00565         int count, int zone_id);
00566 int KsmRequestChangeStateGenerateDSSub(int keytype, const char* datetime,
00567         int count, int zone_id);
00568 int KsmRequestChangeStateDSReadyKeyPublish(const char* datetime, int zone_id, int policy_id);
00569 int KsmRequestChangeStateKeyPublishActive(const char* datetime, int zone_id, int policy_id, int* NewDS);
00570 int KsmRequestChangeStateReadyActive(int keytype, const char* datetime,
00571         int count, int zone_id);
00572 int KsmRequestChangeStateN(int keytype, const char* datetime,
00573     int count, int src_state, int dst_state, int zone_id);
00574 int KsmRequestChangeStateGenerateDSSubConditional(int keytype,
00575         const char* datetime, KSM_PARCOLL* collection, int zone_id, int* NewDS);
00576 int KsmRequestChangeStateGeneratePublishConditional( int keytype,
00577         const char* datetime, KSM_PARCOLL* collection, int zone_id,
00578     int run_interval);
00579 int KsmRequestPendingRetireCount(int keytype, const char* datetime,
00580         KSM_PARCOLL* parameters, int* count, int zone_id, int interval);
00581 int KsmRequestAvailableCount(int keytype, const char* datetime,
00582         KSM_PARCOLL* parameters, int* count, int zone_id);
00583 int KsmRequestGenerateCount(int keytype, int* count, int zone_id);
00584 int KsmRequestStandbyKSKCount(int* count, int zone_id);
00585 int KsmRequestCheckActiveKey(int keytype, const char* datetime, int* count, int zone_id);
00586 int KsmRequestCountReadyKey(int keytype, const char* datetime, int* count, int zone_id);
00587 int KsmRequestCheckFirstPass(int keytype, int* first_pass_flag, int zone_id);
00588 int KsmRequestCheckCompromisedFlag(int keytype, int zone_id, int* comp_flag);
00589 int KsmRequestIssueKeys(int keytype, KSM_REQUEST_CALLBACK callback,
00590         void* context, int zone_id);
00591 
00592 int KsmRequestPrintKey(void* context, KSM_KEYDATA* data);
00593 
00594 int KsmRequestDNSSECKeys(const char* datetime, KSM_POLICY* policy);
00595 int KsmRequestDNSSECKeysChangeStateRetireDead(KSM_KEY_POLICY *policy, const char* datetime, int verify);
00596 int KsmRequestDNSSECKeysChangeState(KSM_KEY_POLICY *policy, const char* datetime, int src_state, int dst_state, int verify);
00597 int KsmRequestDNSSECKeysChangeStatePublishReady(KSM_KEY_POLICY *policy, const char* datetime, int verify);
00598 int KsmRequestDNSSECKeysChangeStateGeneratePublishConditional(KSM_POLICY *policy, KSM_KEY_POLICY *key_policy, const char* datetime, int verify);
00599 int KsmRequestDNSSECKeysSetActiveExpectedRetire(int keytype, const char* datetime, int verify);
00600 int KsmRequestDNSSECKeysPendingRetireCount(KSM_KEY_POLICY, const char* datetime, int* count);
00601 
00602 int KsmPolicyClockskew(KSM_SIGNATURE_POLICY *policy);
00603 int KsmPolicyKeyLifetime(KSM_KEY_POLICY *policy);
00604 int KsmPolicyStandbyKeys(KSM_KEY_POLICY *policy);
00605 int KsmPolicyPropagationDelay(KSM_SIGNER_POLICY *policy);
00606 int KsmPolicySigningInterval(KSM_PARCOLL* collection);
00607 int KsmPolicySoaMin(KSM_SIGNER_POLICY *policy);
00608 int KsmPolicySoaTtl(KSM_SIGNER_POLICY *policy);
00609 int KsmPolicyZskTtl(KSM_PARCOLL* collection);
00610 int KsmPolicyInitialPublicationInterval(KSM_POLICY *policy);
00611 
00612 /* KsmImport */
00613 int KsmImportRepository(const char* repo_name, const char* repo_capacity, int require_backup);
00614 int KsmImportPolicy(const char* policy_name, const char* policy_description);
00615 int KsmImportZone(const char* zone_name, int policy_id, int fail_if_exists, int *new_zone, const char* signconf, const char* input, const char* output);
00616 int KsmImportAudit(int policy_id, const char* audit_contents);
00617 int KsmImportKeyPair(int policy_id, const char* HSMKeyID, int smID, int size, int alg, int state, const char* time, DB_ID* id);
00618 int KsmSmIdFromName(const char* name, int *id);
00619 int KsmSerialIdFromName(const char* name, int *id);
00620 int KsmPolicyIdFromName(const char* name, int *id);
00621 int KsmMarkPreBackup(int repo_id, const char* datetime);
00622 int KsmRollbackMarkPreBackup(int repo_id);
00623 int KsmMarkBackup(int repo_id, const char* datetime);
00624 int KsmCheckHSMkeyID(int repo_id, const char* cka_id, int *exists);
00625 
00626 /* KsmList */
00627 int KsmListBackups(int repo_id, int verbose_flag);
00628 int KsmListRepos();
00629 int KsmListPolicies();
00630 int KsmListRollovers(int zone_id);
00631 int KsmCheckNextRollover(int keytype, int zone_id, char** datetime);
00632 
00633 #ifdef __cplusplus
00634 };
00635 #endif
00636 
00637 #endif /* KSM_KSM_H */