contrib/bind-9.2.4rc7/lib/dns/include/dns/keyvalues.h

   1 /*
   2  * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
   3  * Copyright (C) 1999-2001  Internet Software Consortium.
   4  *
   5  * Permission to use, copy, modify, and distribute this software for any
   6  * purpose with or without fee is hereby granted, provided that the above
   7  * copyright notice and this permission notice appear in all copies.
   8  *
   9  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  10  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  11  * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  12  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  13  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  14  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  15  * PERFORMANCE OF THIS SOFTWARE.
  16  */
  17
  18 /* $Id: keyvalues.h,v 1.11.2.1 2004/03/09 06:11:16 marka Exp $ */
  19
  20 #ifndef DNS_KEYVALUES_H
  21 #define DNS_KEYVALUES_H 1
  22
  23 /*
  24  * Flags field of the KEY RR rdata
  25  */
  26 #define DNS_KEYFLAG_TYPEMASK    0xC000  /* Mask for "type" bits */
  27 #define DNS_KEYTYPE_AUTHCONF    0x0000  /* Key usable for both */
  28 #define DNS_KEYTYPE_CONFONLY    0x8000  /* Key usable for confidentiality */
  29 #define DNS_KEYTYPE_AUTHONLY    0x4000  /* Key usable for authentication */
  30 #define DNS_KEYTYPE_NOKEY       0xC000  /* No key usable for either; no key */
  31 #define DNS_KEYTYPE_NOAUTH      DNS_KEYTYPE_CONFONLY
  32 #define DNS_KEYTYPE_NOCONF      DNS_KEYTYPE_AUTHONLY
  33
  34 #define DNS_KEYFLAG_RESERVED2   0x2000  /* Security is *mandatory* if bit=0 */
  35 #define DNS_KEYFLAG_EXTENDED    0x1000  /* key has extended flags */
  36 #define DNS_KEYFLAG_RESERVED4   0x0800  /* reserved - must be zero */
  37 #define DNS_KEYFLAG_RESERVED5   0x0400  /* reserved - must be zero */
  38 #define DNS_KEYFLAG_OWNERMASK   0x0300  /* these bits determine the type */
  39 #define DNS_KEYOWNER_USER       0x0000  /* key is assoc. with user */
  40 #define DNS_KEYOWNER_ENTITY     0x0200  /* key is assoc. with entity eg host */
  41 #define DNS_KEYOWNER_ZONE       0x0100  /* key is zone key */
  42 #define DNS_KEYOWNER_RESERVED   0x0300  /* reserved meaning */
  43 #define DNS_KEYFLAG_RESERVED8   0x0080  /* reserved - must be zero */
  44 #define DNS_KEYFLAG_RESERVED9   0x0040  /* reserved - must be zero */
  45 #define DNS_KEYFLAG_RESERVED10  0x0020  /* reserved - must be zero */
  46 #define DNS_KEYFLAG_RESERVED11  0x0010  /* reserved - must be zero */
  47 #define DNS_KEYFLAG_SIGNATORYMASK 0x000F /* key can sign RR's of same name */
  48
  49 #define DNS_KEYFLAG_RESERVEDMASK (DNS_KEYFLAG_RESERVED2 | \
  50                                   DNS_KEYFLAG_RESERVED4 | \
  51                                   DNS_KEYFLAG_RESERVED5 | \
  52                                   DNS_KEYFLAG_RESERVED8 | \
  53                                   DNS_KEYFLAG_RESERVED9 | \
  54                                   DNS_KEYFLAG_RESERVED10 | \
  55                                   DNS_KEYFLAG_RESERVED11 )
  56
  57 #define DNS_KEYFLAG_RESERVEDMASK2 0xFFFF        /* no bits defined here */
  58
  59 /* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */
  60 #define DNS_KEYALG_RSAMD5       1       /* RSA with MD5 */
  61 #define DNS_KEYALG_RSA          DNS_KEYALG_RSAMD5
  62 #define DNS_KEYALG_DH           2       /* Diffie Hellman KEY */
  63 #define DNS_KEYALG_DSA          3       /* DSA KEY */
  64 #define DNS_KEYALG_DSS          NS_ALG_DSA
  65 #define DNS_KEYALG_EXPIREONLY   253     /* No alg, no security */
  66 #define DNS_KEYALG_PRIVATEOID   254     /* Key begins with OID giving alg */
  67
  68 /* Protocol values  */
  69 #define DNS_KEYPROTO_RESERVED   0
  70 #define DNS_KEYPROTO_TLS        1
  71 #define DNS_KEYPROTO_EMAIL      2
  72 #define DNS_KEYPROTO_DNSSEC     3
  73 #define DNS_KEYPROTO_IPSEC      4
  74 #define DNS_KEYPROTO_ANY        255
  75
  76 /* Signatures */
  77 #define DNS_SIG_RSAMINBITS      512     /* Size of a mod or exp in bits */
  78 #define DNS_SIG_RSAMAXBITS      2552
  79         /* Total of binary mod and exp */
  80 #define DNS_SIG_RSAMAXBYTES     ((DNS_SIG_RSAMAXBITS+7/8)*2+3)
  81         /* Max length of text sig block */
  82 #define DNS_SIG_RSAMAXBASE64    (((DNS_SIG_RSAMAXBYTES+2)/3)*4)
  83 #define DNS_SIG_RSAMINSIZE      ((DNS_SIG_RSAMINBITS+7)/8)
  84 #define DNS_SIG_RSAMAXSIZE      ((DNS_SIG_RSAMAXBITS+7)/8)
  85
  86 #define DNS_SIG_DSASIGSIZE      41
  87 #define DNS_SIG_DSAMINBITS      512
  88 #define DNS_SIG_DSAMAXBITS      1024
  89 #define DNS_SIG_DSAMINBYTES     213
  90 #define DNS_SIG_DSAMAXBYTES     405
  91
  92 #endif /* DNS_KEYVALUES_H */