xref: /freebsd/contrib/unbound/sldns/keyraw.h (revision 8aac90f18aef7c9eea906c3ff9a001ca7b94f375)
1 /*
2  * keyraw.h -- raw key and signature access and conversion
3  *
4  * Copyright (c) 2005-2008, NLnet Labs. All rights reserved.
5  *
6  * See LICENSE for the license.
7  *
8  */
9 
10 /**
11  * \file
12  *
13  * raw key and signature access and conversion
14  *
15  * Since those functions heavily rely op cryptographic operations,
16  * this module is dependent on openssl.
17  *
18  */
19 
20 #ifndef LDNS_KEYRAW_H
21 #define LDNS_KEYRAW_H
22 
23 #ifdef __cplusplus
24 extern "C" {
25 #endif
26 #if LDNS_BUILD_CONFIG_HAVE_SSL
27 #  include <openssl/ssl.h>
28 #  include <openssl/evp.h>
29 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
30 
31 /**
32  * get the length of the keydata in bits
33  * \param[in] keydata the raw key data
34  * \param[in] len the length of the keydata
35  * \param[in] alg the cryptographic algorithm this is a key for
36  * \return the keysize in bits, or 0 on error
37  */
38 size_t sldns_rr_dnskey_key_size_raw(const unsigned char *keydata,
39 	const size_t len, int alg);
40 
41 /**
42  * Calculates keytag of DNSSEC key, operates on wireformat rdata.
43  * \param[in] key the key as uncompressed wireformat rdata.
44  * \param[in] keysize length of key data.
45  * \return the keytag
46  */
47 uint16_t sldns_calc_keytag_raw(uint8_t* key, size_t keysize);
48 
49 #if LDNS_BUILD_CONFIG_HAVE_SSL
50 /**
51  * Get the PKEY id for GOST, loads GOST into openssl as a side effect.
52  * Only available if GOST is compiled into the library and openssl.
53  * \return the gost id for EVP_CTX creation.
54  */
55 int sldns_key_EVP_load_gost_id(void);
56 
57 /** Release the engine reference held for the GOST engine. */
58 void sldns_key_EVP_unload_gost(void);
59 
60 #ifndef HAVE_OSSL_PARAM_BLD_NEW
61 /**
62  * Like sldns_key_buf2dsa, but uses raw buffer.
63  * \param[in] key the uncompressed wireformat of the key.
64  * \param[in] len length of key data
65  * \return a DSA * structure with the key material
66  */
67 DSA *sldns_key_buf2dsa_raw(unsigned char* key, size_t len);
68 #endif
69 
70 /**
71  * Converts a holding buffer with DSA key material to EVP PKEY in openssl.
72  * \param[in] key the uncompressed wireformat of the key.
73  * \param[in] len length of key data
74  * \return the key or NULL on error.
75  */
76 EVP_PKEY *sldns_key_dsa2pkey_raw(unsigned char* key, size_t len);
77 
78 /**
79  * Converts a holding buffer with key material to EVP PKEY in openssl.
80  * Only available if ldns was compiled with GOST.
81  * \param[in] key data to convert
82  * \param[in] keylen length of the key data
83  * \return the key or NULL on error.
84  */
85 EVP_PKEY* sldns_gost2pkey_raw(unsigned char* key, size_t keylen);
86 
87 /**
88  * Converts a holding buffer with key material to EVP PKEY in openssl.
89  * Only available if ldns was compiled with ECDSA.
90  * \param[in] key data to convert
91  * \param[in] keylen length of the key data
92  * \param[in] algo precise algorithm to initialize ECC group values.
93  * \return the key or NULL on error.
94  */
95 EVP_PKEY* sldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo);
96 
97 #ifndef HAVE_OSSL_PARAM_BLD_NEW
98 /**
99  * Like sldns_key_buf2rsa, but uses raw buffer.
100  * \param[in] key the uncompressed wireformat of the key.
101  * \param[in] len length of key data
102  * \return a RSA * structure with the key material
103  */
104 RSA *sldns_key_buf2rsa_raw(unsigned char* key, size_t len);
105 #endif
106 
107 /**
108  * Converts a holding buffer with RSA key material to EVP PKEY in openssl.
109  * \param[in] key the uncompressed wireformat of the key.
110  * \param[in] len length of key data
111  * \return the key or NULL on error.
112  */
113 EVP_PKEY* sldns_key_rsa2pkey_raw(unsigned char* key, size_t len);
114 
115 /**
116  * Converts a holding buffer with key material to EVP PKEY in openssl.
117  * Only available if ldns was compiled with ED25519.
118  * \param[in] key the uncompressed wireformat of the key.
119  * \param[in] len length of key data
120  * \return the key or NULL on error.
121  */
122 EVP_PKEY* sldns_ed255192pkey_raw(const unsigned char* key, size_t len);
123 
124 /**
125  * Converts a holding buffer with key material to EVP PKEY in openssl.
126  * Only available if ldns was compiled with ED448.
127  * \param[in] key the uncompressed wireformat of the key.
128  * \param[in] len length of key data
129  * \return the key or NULL on error.
130  */
131 EVP_PKEY* sldns_ed4482pkey_raw(const unsigned char* key, size_t len);
132 
133 /**
134  * Utility function to calculate hash using generic EVP_MD pointer.
135  * \param[in] data the data to hash.
136  * \param[in] len  length of data.
137  * \param[out] dest the destination of the hash, must be large enough.
138  * \param[in] md the message digest to use.
139  * \return true if worked, false on failure.
140  */
141 int sldns_digest_evp(unsigned char* data, unsigned int len,
142 	unsigned char* dest, const EVP_MD* md);
143 
144 #endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
145 
146 #ifdef __cplusplus
147 }
148 #endif
149 
150 #endif /* LDNS_KEYRAW_H */
151