xref: /netbsd-src/external/bsd/unbound/dist/sldns/keyraw.h (revision 7a540f2bd4f5b968566c2607d6462c7f2fb452cf) 
13b6c3722Schristos /*
23b6c3722Schristos  * keyraw.h -- raw key and signature access and conversion
33b6c3722Schristos  *
43b6c3722Schristos  * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
53b6c3722Schristos  *
63b6c3722Schristos  * See LICENSE for the license.
73b6c3722Schristos  *
83b6c3722Schristos  */
93b6c3722Schristos 
103b6c3722Schristos /**
113b6c3722Schristos  * \file
123b6c3722Schristos  *
133b6c3722Schristos  * raw key and signature access and conversion
143b6c3722Schristos  *
153b6c3722Schristos  * Since those functions heavily rely op cryptographic operations,
163b6c3722Schristos  * this module is dependent on openssl.
173b6c3722Schristos  *
183b6c3722Schristos  */
193b6c3722Schristos 
203b6c3722Schristos #ifndef LDNS_KEYRAW_H
213b6c3722Schristos #define LDNS_KEYRAW_H
223b6c3722Schristos 
233b6c3722Schristos #ifdef __cplusplus
243b6c3722Schristos extern "C" {
253b6c3722Schristos #endif
263b6c3722Schristos #if LDNS_BUILD_CONFIG_HAVE_SSL
273b6c3722Schristos #  include <openssl/ssl.h>
283b6c3722Schristos #  include <openssl/evp.h>
293b6c3722Schristos #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
303b6c3722Schristos 
313b6c3722Schristos /**
323b6c3722Schristos  * get the length of the keydata in bits
333b6c3722Schristos  * \param[in] keydata the raw key data
343b6c3722Schristos  * \param[in] len the length of the keydata
353b6c3722Schristos  * \param[in] alg the cryptographic algorithm this is a key for
363b6c3722Schristos  * \return the keysize in bits, or 0 on error
373b6c3722Schristos  */
383b6c3722Schristos size_t sldns_rr_dnskey_key_size_raw(const unsigned char *keydata,
393b6c3722Schristos 	const size_t len, int alg);
403b6c3722Schristos 
413b6c3722Schristos /**
423b6c3722Schristos  * Calculates keytag of DNSSEC key, operates on wireformat rdata.
433b6c3722Schristos  * \param[in] key the key as uncompressed wireformat rdata.
443b6c3722Schristos  * \param[in] keysize length of key data.
453b6c3722Schristos  * \return the keytag
463b6c3722Schristos  */
473b6c3722Schristos uint16_t sldns_calc_keytag_raw(uint8_t* key, size_t keysize);
483b6c3722Schristos 
493b6c3722Schristos #if LDNS_BUILD_CONFIG_HAVE_SSL
503b6c3722Schristos /**
513b6c3722Schristos  * Get the PKEY id for GOST, loads GOST into openssl as a side effect.
523b6c3722Schristos  * Only available if GOST is compiled into the library and openssl.
533b6c3722Schristos  * \return the gost id for EVP_CTX creation.
543b6c3722Schristos  */
553b6c3722Schristos int sldns_key_EVP_load_gost_id(void);
563b6c3722Schristos 
573b6c3722Schristos /** Release the engine reference held for the GOST engine. */
583b6c3722Schristos void sldns_key_EVP_unload_gost(void);
593b6c3722Schristos 
60*7a540f2bSchristos #ifndef HAVE_OSSL_PARAM_BLD_NEW
613b6c3722Schristos /**
623b6c3722Schristos  * Like sldns_key_buf2dsa, but uses raw buffer.
633b6c3722Schristos  * \param[in] key the uncompressed wireformat of the key.
643b6c3722Schristos  * \param[in] len length of key data
653b6c3722Schristos  * \return a DSA * structure with the key material
663b6c3722Schristos  */
673b6c3722Schristos DSA *sldns_key_buf2dsa_raw(unsigned char* key, size_t len);
68*7a540f2bSchristos #endif
69*7a540f2bSchristos 
70*7a540f2bSchristos /**
71*7a540f2bSchristos  * Converts a holding buffer with DSA key material to EVP PKEY in openssl.
72*7a540f2bSchristos  * \param[in] key the uncompressed wireformat of the key.
73*7a540f2bSchristos  * \param[in] len length of key data
74*7a540f2bSchristos  * \return the key or NULL on error.
75*7a540f2bSchristos  */
76*7a540f2bSchristos EVP_PKEY *sldns_key_dsa2pkey_raw(unsigned char* key, size_t len);
773b6c3722Schristos 
783b6c3722Schristos /**
793b6c3722Schristos  * Converts a holding buffer with key material to EVP PKEY in openssl.
803b6c3722Schristos  * Only available if ldns was compiled with GOST.
813b6c3722Schristos  * \param[in] key data to convert
823b6c3722Schristos  * \param[in] keylen length of the key data
833b6c3722Schristos  * \return the key or NULL on error.
843b6c3722Schristos  */
853b6c3722Schristos EVP_PKEY* sldns_gost2pkey_raw(unsigned char* key, size_t keylen);
863b6c3722Schristos 
873b6c3722Schristos /**
883b6c3722Schristos  * Converts a holding buffer with key material to EVP PKEY in openssl.
893b6c3722Schristos  * Only available if ldns was compiled with ECDSA.
903b6c3722Schristos  * \param[in] key data to convert
913b6c3722Schristos  * \param[in] keylen length of the key data
923b6c3722Schristos  * \param[in] algo precise algorithm to initialize ECC group values.
933b6c3722Schristos  * \return the key or NULL on error.
943b6c3722Schristos  */
953b6c3722Schristos EVP_PKEY* sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
963b6c3722Schristos 
97*7a540f2bSchristos #ifndef HAVE_OSSL_PARAM_BLD_NEW
983b6c3722Schristos /**
993b6c3722Schristos  * Like sldns_key_buf2rsa, but uses raw buffer.
1003b6c3722Schristos  * \param[in] key the uncompressed wireformat of the key.
1013b6c3722Schristos  * \param[in] len length of key data
1023b6c3722Schristos  * \return a RSA * structure with the key material
1033b6c3722Schristos  */
1043b6c3722Schristos RSA *sldns_key_buf2rsa_raw(unsigned char* key, size_t len);
105*7a540f2bSchristos #endif
106*7a540f2bSchristos 
107*7a540f2bSchristos /**
108*7a540f2bSchristos  * Converts a holding buffer with RSA key material to EVP PKEY in openssl.
109*7a540f2bSchristos  * \param[in] key the uncompressed wireformat of the key.
110*7a540f2bSchristos  * \param[in] len length of key data
111*7a540f2bSchristos  * \return the key or NULL on error.
112*7a540f2bSchristos  */
113*7a540f2bSchristos EVP_PKEY* sldns_key_rsa2pkey_raw(unsigned char* key, size_t len);
1143b6c3722Schristos 
1153b6c3722Schristos /**
1160cd9f4ecSchristos  * Converts a holding buffer with key material to EVP PKEY in openssl.
1170cd9f4ecSchristos  * Only available if ldns was compiled with ED25519.
1180cd9f4ecSchristos  * \param[in] key the uncompressed wireformat of the key.
1190cd9f4ecSchristos  * \param[in] len length of key data
1200cd9f4ecSchristos  * \return the key or NULL on error.
1210cd9f4ecSchristos  */
1220cd9f4ecSchristos EVP_PKEY* sldns_ed255192pkey_raw(const unsigned char* key, size_t len);
1230cd9f4ecSchristos 
1240cd9f4ecSchristos /**
1257cd94d69Schristos  * Converts a holding buffer with key material to EVP PKEY in openssl.
1267cd94d69Schristos  * Only available if ldns was compiled with ED448.
1277cd94d69Schristos  * \param[in] key the uncompressed wireformat of the key.
1287cd94d69Schristos  * \param[in] len length of key data
1297cd94d69Schristos  * \return the key or NULL on error.
1307cd94d69Schristos  */
1317cd94d69Schristos EVP_PKEY* sldns_ed4482pkey_raw(const unsigned char* key, size_t len);
1327cd94d69Schristos 
1337cd94d69Schristos /**
1343b6c3722Schristos  * Utility function to calculate hash using generic EVP_MD pointer.
1353b6c3722Schristos  * \param[in] data the data to hash.
1363b6c3722Schristos  * \param[in] len  length of data.
1373b6c3722Schristos  * \param[out] dest the destination of the hash, must be large enough.
1383b6c3722Schristos  * \param[in] md the message digest to use.
1393b6c3722Schristos  * \return true if worked, false on failure.
1403b6c3722Schristos  */
1413b6c3722Schristos int sldns_digest_evp(unsigned char* data, unsigned int len,
1423b6c3722Schristos 	unsigned char* dest, const EVP_MD* md);
1433b6c3722Schristos 
1443b6c3722Schristos #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
1453b6c3722Schristos 
1463b6c3722Schristos #ifdef __cplusplus
1473b6c3722Schristos }
1483b6c3722Schristos #endif
1493b6c3722Schristos 
1503b6c3722Schristos #endif /* LDNS_KEYRAW_H */
151