OpenDNSSEC-enforcer  1.3.9
ksm.h
Go to the documentation of this file.
1 /*
2  * $Id: ksm.h 6379 2012-06-05 08:52:37Z jerry $
3  *
4  * Copyright (c) 2008-2009 Nominet UK. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  *
27  */
28 
29 #ifndef KSM_KSM_H
30 #define KSM_KSM_H
31 
32 #ifdef __cplusplus
33 extern "C" {
34 #endif
35 
36 /*+
37  * ksm.h - KSM Definitions
38  *
39  * Description:
40  * Holds definitions and prototypes for the KSM library.
41 -*/
42 
43 #include <time.h>
44 #include <ksm/database.h>
45 #include <ksm/database_statement.h>
46 
47 
48 /* General */
49 
50 typedef int KSM_ID; /* Identifies a KSM entity */
51 
52 #define KSM_NULL_ID ((KSM_ID) -1) /* General invalid ID */
53 
54 /* ksm_common */
55 
56 int KsmInit(void);
57 int KsmRundown(void);
58 
59 #define KSM_NAME_LENGTH 256 /* Includes trailing NULL */
60 #define KSM_PATH_LENGTH 4096 /* Includes trailing NULL */
61 #define KSM_POLICY_DESC_LENGTH 256 /* Includes trailing NULL */
62 #define KSM_POLICY_AUDIT_LENGTH 4096 /* Includes trailing NULL */
63 #define KSM_TIME_LENGTH 32 /* Includes trailing NULL */
64 
65 #define KSM_SQL_SIZE 1024 /* Max size of SQL statement */
66 #define KSM_INT_STR_SIZE 32 /* Max size of int as string */
67 #define KSM_SALT_LENGTH 512 /* Includes trailing NULL */
68 #define KSM_ZONE_NAME_LENGTH 256 /* Includes trailing NULL */
69 #define KSM_ADAPTER_NAME_LENGTH 256 /* Includes trailing NULL */
70 /* ksm_key */
71 
72 /* Key time flag states */
73 
74 #define KEYDATA_M_ID 0x0001
75 #define KEYDATA_M_STATE 0x0002
76 #define KEYDATA_M_KEYTYPE 0x0004
77 #define KEYDATA_M_ALGORITHM 0x0008
78 #define KEYDATA_M_SIGLIFETIME 0x0010
79 #define KEYDATA_M_ACTIVE 0x0020
80 #define KEYDATA_M_DEAD 0x0040
81 #define KEYDATA_M_GENERATE 0x0080
82 #define KEYDATA_M_PUBLISH 0x0100
83 #define KEYDATA_M_READY 0x0200
84 #define KEYDATA_M_RETIRE 0x0400
85 #define KEYDATA_M_LOCATION 0x0800
86 #define KEYDATA_M_SIZE 0x1000
87 #define KEYDATA_M_SMID 0x2000
88 
89 #define KEYDATA_M_TIMES (KEYDATA_M_ACTIVE | KEYDATA_M_DEAD | \
90  KEYDATA_M_GENERATE | KEYDATA_M_PUBLISH | KEYDATA_M_READY | KEYDATA_M_RETIRE)
91 
92 /*
93  * Structure for key information. Note that on the date fields, the
94  * "struct tm" fields are used to insert data into the database, and the
95  * "char*" fields used to retrieve data. In the latter case, a NULL field
96  * will be represented by an empty string.
97  */
98 
99 typedef struct {
101  int state;
102  int keytype;
105  char active[KSM_TIME_LENGTH];
106  char dead[KSM_TIME_LENGTH];
107  char generate[KSM_TIME_LENGTH];
108  char publish[KSM_TIME_LENGTH];
109  char ready[KSM_TIME_LENGTH];
110  char retire[KSM_TIME_LENGTH];
111  char location[KSM_NAME_LENGTH];
113  int size;
115  char HSMKey_id[KSM_NAME_LENGTH]; /* TODO is this long enough ? */
117  int zone_id;
119 
120  /*
121  * The remaining fields are used for data manipulation and are not part of
122  * the KEYDATA table.
123  */
124 
125  int flags; /* States which fields are valid */
126  int roll_scheme; /* Which rollover scheme the key is under */
127 } KSM_KEYDATA;
128 
129 int KsmKeyPairCreate(int policy_id, const char* HSMKeyID, int smID, int size, int alg, const char* generate, DB_ID* id);
130 int KsmDnssecKeyCreate(int zone_id, int keypair_id, int keytype, int state, const char* time, const char* retTime, DB_ID* id);
131 /*int KsmDnssecKeyCreateOnPolicy(int policy_id, int keypair_id, int keytype);*/
132 int KsmKeyInitSql(DB_RESULT* result, const char* sql);
133 int KsmKeyInit(DB_RESULT* result, DQS_QUERY_CONDITION* condition);
134 int KsmKeyInitId(DB_RESULT* result, DB_ID id);
135 int KsmKey(DB_RESULT result, KSM_KEYDATA* data);
136 void KsmKeyEnd(DB_RESULT result);
137 int KsmKeyQuery(const char* sql, DB_RESULT* result);
138 int KsmKeyData(DB_ID id, KSM_KEYDATA* data);
139 int KsmKeyPredict(int policy_id, int keytype, int shared_keys, int interval, int *count, int rollover_scheme, int zone_count);
140 int KsmKeyCountQueue(int keytype, int* count, int zone_id);
141 int KsmKeyCountStillGood(int policy_id, int sm, int bits, int algorithm, int interval, const char* datetime, int *count, int keytype);
142 int KsmKeyGetUnallocated(int policy_id, int sm, int bits, int algorithm, int zone_id, int share_keys, int *keypair_id);
143 int KsmMarkKeysAsDead(int zone_id);
144 int KsmKillKey(int keypair_id, int zone_id);
145 
146 /* delete */
147 
148 int KsmDeleteKeyRange(int minid, int maxid);
149 int KsmDeleteKeyRanges(int limit[], int size);
150 
151 /* KsmParameter */
152 
153 typedef struct {
154  char name[KSM_NAME_LENGTH];
155  char category[KSM_NAME_LENGTH];
156  int value;
158 } KSM_PARAMETER;
159 
160 int KsmParameterInit(DB_RESULT* result, const char* name, const char* category, int policy_id);
161 int KsmParameterExist(DB_RESULT* result, const char* name, const char* category, int* parameter_id);
162 int KsmParameter(DB_RESULT result, KSM_PARAMETER* data);
163 void KsmParameterEnd(DB_RESULT result);
164 int KsmParameterValue(const char* name, const char* category, int* value, int policy_id, int* parameter_id);
165 int KsmParameterSet(const char* name, const char* category, int value, int policy_id);
166 int KsmParameterShow(const char* name, const char* category, int policy_id);
167 
168 /* ksmPolicy */
169 typedef struct {
170  int refresh;
171  int jitter;
173  int soamin;
174  int soattl;
175  int serial;
177 
178 typedef struct {
180  int resign;
184 
185 typedef struct {
186  int version;
187  int resalt;
190  int optout;
191  int ttl;
193  char salt[KSM_SALT_LENGTH];
194  char salt_stamp[KSM_TIME_LENGTH];
196 
197 typedef struct {
198  int ttl;
202  int purge;
204 
205 typedef struct {
207  int bits;
208  int lifetime;
209  int sm;
210  char sm_name[KSM_NAME_LENGTH];
211  unsigned long sm_capacity;
213  int overlap;
214  int ttl;
215  int rfc5011;
216  int type;
221 
222 typedef struct {
227 
228 typedef struct {
230  int soa_ttl;
231  int soa_min;
232  int serial;
234 
235 typedef struct {
237  int ds_ttl;
238  int soa_ttl;
239  int soa_min;
241 
242 typedef struct {
243  int audit;
245 
246 typedef struct {
247  int id;
248  char name[KSM_NAME_LENGTH];
249  char* description;
259  /*KSM_AUDIT_POLICY* audit;*/
260  char* audit;
262 } KSM_POLICY;
263 
264 typedef struct {
265  char name[KSM_NAME_LENGTH];
266  char category[KSM_NAME_LENGTH];
267  int value;
269 
270 int KsmPolicyInit(DB_RESULT* handle, const char* name);
271 int KsmPolicyExists(const char* name);
272 int KsmPolicyParametersInit(DB_RESULT* handle, const char* name);
273 int KsmPolicyRead(KSM_POLICY* policy);
274 int KsmPolicy(DB_RESULT handle, KSM_POLICY* data);
276 int KsmPolicyReadFromId(KSM_POLICY* policy);
277 int KsmPolicyNameFromId(KSM_POLICY* policy);
278 int KsmPolicyUpdateSalt(KSM_POLICY* policy);
279 int KsmPolicyNullSaltStamp(int policy_id);
282 int KsmPolicyIdFromZoneId(int zone_id, int* policy_id);
283 
285 void KsmPolicyFree(KSM_POLICY *policy);
286 
287 /* ksmZone */
288 typedef struct {
289  int id;
292  char signconf[KSM_PATH_LENGTH];
293  char input[KSM_PATH_LENGTH];
294  char output[KSM_PATH_LENGTH];
295  char policy_name[KSM_NAME_LENGTH];
296 } KSM_ZONE;
297 
298 int KsmZoneInit(DB_RESULT* handle, int policy_id);
299 int KsmZone(DB_RESULT handle, KSM_ZONE *data);
300 int KsmZoneCount(DB_RESULT handle, int* count);
301 int KsmZoneCountInit(DB_RESULT* handle, int id);
302 int KsmZoneIdFromName(const char* zone_name, int* zone_id);
303 int KsmZoneIdAndPolicyFromName(const char* zone_name, int* policy_id, int* zone_id);
304 int KsmDeleteZone(int zone_id);
305 int KsmZoneNameFromId(int zone_id, char** zone_name);
306 
307 #define UNSIGNED 0
308 #define SIGNED 1
309 
310 int KsmDNSSECKeysInSMCountInit(DB_RESULT* handle, int policy_id);
311 int KsmDNSSECKeysInSMCount(DB_RESULT handle, int* count);
312 int KsmDNSSECKeysStateCountInit(DB_RESULT* result, int policy_id, KSM_KEY_POLICY *key_policy, int state);
313 
314 /* Purge */
315 
316 void KsmPurge(void);
317 
318 /*
319  * Constants in the database tables. These are used in the
320  * ksm_keyword module.
321  *
322  * THESE MUST BE KEPT IN STEP WITH THE DATABASE CREATION SCRIPT
323  */
324 
325 /*
326  * The following names and constants are in the SIG(0) Algorithm Numbers
327  * page at IANA - http://www.iana.org/assignments/sig-alg-numbers.
328  */
329 
330 #define KSM_ALGORITHM_RSAMD5 1
331 #define KSM_ALGORITHM_RSAMD5_STRING "rsamd5"
332 #define KSM_ALGORITHM_DH 2
333 #define KSM_ALGORITHM_DH_STRING "dh"
334 #define KSM_ALGORITHM_DSASHA1 3
335 #define KSM_ALGORITHM_DSASHA1_STRING "dsa"
336 #define KSM_ALGORITHM_RSASHA1 5
337 #define KSM_ALGORITHM_RSASHA1_STRING "rsasha1"
338 #define KSM_ALGORITHM_DSA_NSEC3_SHA1 6
339 #define KSM_ALGORITHM_DSA_NSEC3_SHA1_STRING "dsa-nsec3-sha1"
340 #define KSM_ALGORITHM_RSASHA1_NSEC3_SHA1 7
341 #define KSM_ALGORITHM_RSASHA1_NSEC3_SHA1_STRING "rsasha1-nsec3-sha1"
342 #define KSM_ALGORITHM_RSASHA256 8
343 #define KSM_ALGORITHM_RSASHA256_STRING "rsasha256"
344 #define KSM_ALGORITHM_RSASHA512 10
345 #define KSM_ALGORITHM_RSASHA512_STRING "rsasha512"
346 #define KSM_ALGORITHM_INDIRECT 252
347 #define KSM_ALGORITHM_INDIRECT_STRING "indirect"
348 #define KSM_ALGORITHM_PRIVDOM 253
349 #define KSM_ALGORITHM_PRIVDOM_STRING "domain"
350 #define KSM_ALGORITHM_PRIVOID 254
351 #define KSM_ALGORITHM_PRIVOID_STRING "oid"
352 
353 #define KSM_FORMAT_FILE 1
354 #define KSM_FORMAT_FILE_STRING "file"
355 #define KSM_FORMAT_HSM 2
356 #define KSM_FORMAT_HSM_STRING "hsm"
357 #define KSM_FORMAT_URI 3
358 #define KSM_FORMAT_URI_STRING "uri"
359 
360 #define KSM_TYPE_KSK 257
361 #define KSM_TYPE_KSK_STRING "ksk"
362 #define KSM_TYPE_ZSK 256
363 #define KSM_TYPE_ZSK_STRING "zsk"
364 
365 #define KSM_STATE_GENERATE 1
366 #define KSM_STATE_GENERATE_STRING "generate"
367 #define KSM_STATE_PUBLISH 2
368 #define KSM_STATE_PUBLISH_STRING "publish"
369 #define KSM_STATE_READY 3
370 #define KSM_STATE_READY_STRING "ready"
371 #define KSM_STATE_ACTIVE 4
372 #define KSM_STATE_ACTIVE_STRING "active"
373 #define KSM_STATE_RETIRE 5
374 #define KSM_STATE_RETIRE_STRING "retire"
375 #define KSM_STATE_DEAD 6
376 #define KSM_STATE_DEAD_STRING "dead"
377 #define KSM_STATE_DSSUB 7
378 #define KSM_STATE_DSSUB_STRING "dssub"
379 #define KSM_STATE_DSPUBLISH 8
380 #define KSM_STATE_DSPUBLISH_STRING "dspublish"
381 #define KSM_STATE_DSREADY 9
382 #define KSM_STATE_DSREADY_STRING "dsready"
383 #define KSM_STATE_KEYPUBLISH 10
384 #define KSM_STATE_KEYPUBLISH_STRING "keypublish"
385 
386 #define KSM_SERIAL_UNIX_STRING "unixtime"
387 #define KSM_SERIAL_UNIX 1
388 #define KSM_SERIAL_COUNTER_STRING "counter"
389 #define KSM_SERIAL_COUNTER 2
390 #define KSM_SERIAL_DATE_STRING "datecounter"
391 #define KSM_SERIAL_DATE 3
392 #define KSM_SERIAL_KEEP_STRING "keep"
393 #define KSM_SERIAL_KEEP 4
394 
395 #define KSM_KEYS_NOT_SHARED 0
396 #define KSM_KEYS_SHARED 1
397 
398 #define KSM_ROLL_DEFAULT 1 /* DoubleDNSKEY */
399 #define KSM_ROLL_DNSKEY_STRING "DoubleDNSKey"
400 #define KSM_ROLL_DNSKEY 1
401 #define KSM_ROLL_DS_STRING "DoubleDS"
402 #define KSM_ROLL_DS 2
403 #define KSM_ROLL_RRSET_STRING "DoubleRRSet"
404 #define KSM_ROLL_RRSET 3
405 
406 /* Reserved parameters and default values (in seconds) */
407 /* TODO redefine this properly:
408  * have _CAT defines separate
409  * rename to match the new list
410  * add new items ? */
411 #define KSM_PAR_CLOCKSKEW 3600 /* 1 hour */
412 #define KSM_PAR_CLOCKSKEW_STRING "clockskew"
413 #define KSM_PAR_CLOCKSKEW_CAT "signature"
414 #define KSM_PAR_KSKLIFE 63072000 /* 2 years */
415 #define KSM_PAR_KSKLIFE_STRING "lifetime"
416 #define KSM_PAR_KSKLIFE_CAT "ksk"
417 #define KSM_PAR_PROPDELAY 3600 /* 1 hour */
418 #define KSM_PAR_PROPDELAY_STRING "propagationdelay"
419 #define KSM_PAR_PROPDELAY_CAT "zone"
420 #define KSM_PAR_STANDBYKSKS 1
421 #define KSM_PAR_STANDBYKSKS_STRING "standby"
422 #define KSM_PAR_STANDBYKSKS_CAT "ksk"
423 #define KSM_PAR_STANDBYZSKS 1
424 #define KSM_PAR_STANDBYZSKS_STRING "standby"
425 #define KSM_PAR_STANDBYZSKS_CAT "zsk"
426 #define KSM_PAR_SIGNINT 7200 /* 2 hours */
427 #define KSM_PAR_SIGNINT_STRING "resign"
428 #define KSM_PAR_SIGNINT_CAT "signature"
429 #define KSM_PAR_SOAMIN 7200 /* 2 hours */
430 #define KSM_PAR_SOAMIN_STRING "min"
431 #define KSM_PAR_SOAMIN_CAT "zone"
432 #define KSM_PAR_SOATTL 172800 /* 2 days */
433 #define KSM_PAR_SOATTL_STRING "ttl"
434 #define KSM_PAR_SOATTL_CAT "zone"
435 #define KSM_PAR_ZSKSIGLIFE 432000 /* 5 days */
436 #define KSM_PAR_ZSKSIGLIFE_STRING "valdefault"
437 #define KSM_PAR_ZSKSIGLIFE_CAT "signature"
438 #define KSM_PAR_ZSKLIFE 2592000 /* 30 days */
439 #define KSM_PAR_ZSKLIFE_STRING "lifetime"
440 #define KSM_PAR_ZSKLIFE_CAT "zsk"
441 #define KSM_PAR_ZSKTTL 172800 /* 2 days */
442 #define KSM_PAR_ZSKTTL_STRING "ttl"
443 #define KSM_PAR_ZSKTTL_CAT "keys"
444 #define KSM_PAR_KSKTTL 172800 /* 2 days */
445 #define KSM_PAR_KSKTTL_STRING "ttl"
446 #define KSM_PAR_KSKTTL_CAT "keys"
447 #define KSM_PAR_KSKPROPDELAY 3600 /* 1 hour */
448 #define KSM_PAR_KSKPROPDELAY_STRING "propagationdelay"
449 #define KSM_PAR_KSKPROPDELAY_CAT "parent"
450 #define KSM_PAR_REGDELAY 0 /* TODO sort this out */
451 #define KSM_PAR_REGDELAY_STRING "registrationdelay" /* TODO sort this out */
452 #define KSM_PAR_REGDELAY_CAT "parent" /* TODO sort this out */
453 #define KSM_PAR_PUBSAFETY 172800 /* 2 days */
454 #define KSM_PAR_PUBSAFETY_STRING "publishsafety"
455 #define KSM_PAR_PUBSAFETY_CAT "keys"
456 #define KSM_PAR_RETSAFETY 172800 /* 2 days */
457 #define KSM_PAR_RETSAFETY_STRING "retiresafety"
458 #define KSM_PAR_RETSAFETY_CAT "keys"
459 #define KSM_PAR_KSK_MAN_ROLL 0 /* false (i.e. automatic roll) */
460 #define KSM_PAR_KSK_MAN_ROLL_STRING "manual_rollover"
461 #define KSM_PAR_KSK_MAN_ROLL_CAT "ksk"
462 #define KSM_PAR_ZSK_MAN_ROLL 0 /* false (i.e. automatic roll) */
463 #define KSM_PAR_ZSK_MAN_ROLL_STRING "manual_rollover"
464 #define KSM_PAR_ZSK_MAN_ROLL_CAT "zsk"
465 #define KSM_PAR_DSTTL 3600
466 #define KSM_PAR_DSTTL_STRING "ttlds"
467 #define KSM_PAR_DSTTL_CAT "parent"
468 #define KSM_PAR_KSK_ROLL 0
469 #define KSM_PAR_KSK_ROLL_STRING "rollover_scheme"
470 #define KSM_PAR_KSK_ROLL_CAT "ksk"
471 
472 typedef struct { /* Holds collection of parameters */
473  int clockskew; /* Clock skew */
474  int ksklife; /* Lifetime of a KSK */
475  int standbyksks; /* Number of Standby Key Signing keys */
476  int standbyzsks; /* Number of Standby Zone signing keys */
477  int propdelay; /* Propagation delay */
478  int signint; /* Signing interval - how long signing the zone takes */
479  int soamin; /* "Minimum" value from SOA record */
480  int soattl; /* TTL of the SOA record */
481  int zsksiglife; /* Length of signatures signed by this ZSK */
482  int zsklife; /* How long key is used for */
483  int zskttl; /* TTL of ZSK DNSKEY record */
484  int kskttl; /* TTL of KSK DNSKEY record */
485  int kskpropdelay; /* KSK Propagation delay */
486  int regdelay; /* KSK Registration delay */
487  int pub_safety; /* Publish safety margin */
488  int ret_safety; /* Retire safety margin */
489  int kskmanroll; /* Do we only roll the KSK manually? */
490  int zskmanroll; /* Do we only roll the ZSK manually? */
491  int dsttl; /* TTL of the DS record */
492  int kskroll; /* Rollover Scheme for the KSK */
493 } KSM_PARCOLL;
494 
495 int KsmCollectionInit(KSM_PARCOLL* data);
496 int KsmParameterClockskew(KSM_PARCOLL* collection);
497 int KsmParameterKskLifetime(KSM_PARCOLL* collection);
498 int KsmParameterStandbyKSKeys(KSM_PARCOLL* collection);
499 int KsmParameterStandbyZSKeys(KSM_PARCOLL* collection);
502 int KsmParameterSoaMin(KSM_PARCOLL* collection);
503 int KsmParameterSoaTtl(KSM_PARCOLL* collection);
504 int KsmParameterZskLifetime(KSM_PARCOLL* collection);
505 int KsmParameterZskTtl(KSM_PARCOLL* collection);
506 int KsmParameterKskTtl(KSM_PARCOLL* collection);
509 int KsmParameterPubSafety(KSM_PARCOLL* collection);
510 int KsmParameterRetSafety(KSM_PARCOLL* collection);
512 int KsmParameterCollection(KSM_PARCOLL* data, int policy_id);
513 void KsmParameterCollectionCache(int enable);
514 
515 /* ksm_keyword */
516 
517 int KsmKeywordAlgorithmNameToValue(const char* name);
518 int KsmKeywordFormatNameToValue(const char* name);
519 int KsmKeywordParameterNameToValue(const char* name);
520 int KsmKeywordStateNameToValue(const char* name);
521 int KsmKeywordTypeNameToValue(const char* name);
522 int KsmKeywordRollNameToValue(const char* name);
523 
524 const char* KsmKeywordAlgorithmValueToName(int value);
525 const char* KsmKeywordFormatValueToName(int value);
526 const char* KsmKeywordStateValueToName(int value);
527 const char* KsmKeywordTypeValueToName(int value);
528 const char* KsmKeywordSerialValueToName(int value);
529 const char* KsmKeywordRollValueToName(int value);
530 
531 int KsmKeywordParameterExists(const char* name);
532 
533 /* ksm_update */
534 
535 int KsmUpdate(int policy_id, int zone_id);
536 void KsmUpdateKey(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id);
538 void KsmUpdatePublishKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id);
540 void KsmUpdateActiveKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id);
541 void KsmUpdateRetireKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id);
543 void KsmUpdateDSPublishKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id);
544 void KsmUpdateKEYPublishKeyTime(KSM_KEYDATA* data, KSM_PARCOLL* collection, int zone_id);
545 int KsmUpdateKeyTime(const KSM_KEYDATA* data, const char* source,
546  const char* destination, int interval, int zone_id);
547 
548 /* ksm_request */
549 
550 typedef int (*KSM_REQUEST_CALLBACK)(void* context, KSM_KEYDATA* key);
551 
552 int KsmRequestKeys(int keytype, int rollover, const char* datetime,
553  KSM_REQUEST_CALLBACK callback, void* context, int policy_id, int zone_id,
554  int run_interval, int* NewDS);
555 int KsmRequestKeysByType(int keytype, int rollover, const char* datetime,
556  KSM_REQUEST_CALLBACK callback, void* context, int policy_id, int zone_id,
557  int run_interval, int* NewDS);
558 int KsmRequestSetActiveExpectedRetire(int keytype, const char* datetime, int zone_id);
559 int KsmRequestChangeStateActiveRetire(int keytype, const char* datetime, int zone_id, int policy_id);
560 int KsmRequestChangeStateRetireDead(int keytype, const char* datetime, int zone_id, int policy_id, int rollover_scheme, int* NewDS);
561 int KsmRequestChangeStatePublishReady(int keytype, const char* datetime, int zone_id, int policy_id, int* NewDS);
562 int KsmRequestChangeStateDSPublishDSReady(int keytype, const char* datetime, int zone_id, int policy_id);
563 int KsmRequestChangeState(int keytype, const char* datetime, int src_state,
564  int dst_state, int zone_id, int policy_id, int rollover_scheme, int* NewDS);
565 int KsmRequestChangeStateGeneratePublish(int keytype, const char* datetime,
566  int count, int zone_id);
567 int KsmRequestChangeStateGenerateDSSub(int keytype, const char* datetime,
568  int count, int zone_id);
569 int KsmRequestChangeStateDSReadyKeyPublish(const char* datetime, int zone_id, int policy_id);
570 int KsmRequestChangeStateKeyPublishActive(const char* datetime, int zone_id, int policy_id, int* NewDS);
571 int KsmRequestChangeStateReadyActive(int keytype, const char* datetime,
572  int count, int zone_id);
573 int KsmRequestChangeStateN(int keytype, const char* datetime,
574  int count, int src_state, int dst_state, int zone_id);
576  const char* datetime, KSM_PARCOLL* collection, int zone_id, int* NewDS);
578  const char* datetime, KSM_PARCOLL* collection, int zone_id,
579  int run_interval);
580 int KsmRequestPendingRetireCount(int keytype, const char* datetime,
581  KSM_PARCOLL* parameters, int* count, int zone_id, int interval);
582 int KsmRequestAvailableCount(int keytype, const char* datetime,
583  KSM_PARCOLL* parameters, int* count, int zone_id);
584 int KsmRequestGenerateCount(int keytype, int* count, int zone_id);
585 int KsmRequestStandbyKSKCount(int* count, int zone_id);
586 int KsmRequestCheckActiveKey(int keytype, const char* datetime, int* count, int zone_id);
587 int KsmRequestCountReadyKey(int keytype, const char* datetime, int* count, int zone_id);
588 int KsmRequestCheckFirstPass(int keytype, int* first_pass_flag, int zone_id);
589 int KsmRequestCheckCompromisedFlag(int keytype, int zone_id, int* comp_flag);
590 int KsmRequestIssueKeys(int keytype, KSM_REQUEST_CALLBACK callback,
591  void* context, int zone_id);
592 
593 int KsmRequestPrintKey(void* context, KSM_KEYDATA* data);
594 
595 int KsmRequestDNSSECKeys(const char* datetime, KSM_POLICY* policy);
596 int KsmRequestDNSSECKeysChangeStateRetireDead(KSM_KEY_POLICY *policy, const char* datetime, int verify);
597 int KsmRequestDNSSECKeysChangeState(KSM_KEY_POLICY *policy, const char* datetime, int src_state, int dst_state, int verify);
598 int KsmRequestDNSSECKeysChangeStatePublishReady(KSM_KEY_POLICY *policy, const char* datetime, int verify);
599 int KsmRequestDNSSECKeysChangeStateGeneratePublishConditional(KSM_POLICY *policy, KSM_KEY_POLICY *key_policy, const char* datetime, int verify);
600 int KsmRequestDNSSECKeysSetActiveExpectedRetire(int keytype, const char* datetime, int verify);
601 int KsmRequestDNSSECKeysPendingRetireCount(KSM_KEY_POLICY, const char* datetime, int* count);
602 
607 int KsmPolicySigningInterval(KSM_PARCOLL* collection);
610 int KsmPolicyZskTtl(KSM_PARCOLL* collection);
612 
613 /* KsmImport */
614 int KsmImportRepository(const char* repo_name, const char* repo_capacity, int require_backup);
615 int KsmImportPolicy(const char* policy_name, const char* policy_description);
616 int KsmImportZone(const char* zone_name, int policy_id, int fail_if_exists, int *new_zone, const char* signconf, const char* input, const char* output);
617 int KsmImportAudit(int policy_id, const char* audit_contents);
618 int KsmImportKeyPair(int policy_id, const char* HSMKeyID, int smID, int size, int alg, int state, const char* time, int fixDate, DB_ID* id);
619 int KsmSmIdFromName(const char* name, int *id);
620 int KsmSerialIdFromName(const char* name, int *id);
621 int KsmPolicyIdFromName(const char* name, int *id);
622 int KsmMarkPreBackup(int repo_id, const char* datetime);
623 int KsmRollbackMarkPreBackup(int repo_id);
624 int KsmMarkBackup(int repo_id, const char* datetime);
625 int KsmCheckHSMkeyID(int repo_id, const char* cka_id, int *exists);
626 
627 /* KsmList */
628 int KsmListBackups(int repo_id, int verbose_flag);
629 int KsmListRepos();
630 int KsmListPolicies();
631 int KsmListRollovers(int zone_id);
632 int KsmCheckNextRollover(int keytype, int zone_id, char** datetime);
633 
634 #ifdef __cplusplus
635 };
636 #endif
637 
638 #endif /* KSM_KSM_H */