consts.h 6.9 KB
Newer Older
Lubos Slovak's avatar
Lubos Slovak committed
1 2 3 4 5 6 7
/*!
 * \file consts.h
 *
 * \author Lubos Slovak <lubos.slovak@nic.cz>
 *
 * \brief Contains some DNS-related constants.
 *
Ondřej Surý's avatar
Ondřej Surý committed
8
 * \addtogroup libknot
Lubos Slovak's avatar
Lubos Slovak committed
9 10
 * @{
 */
11
/*  Copyright (C) 2011 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
Lubos Slovak's avatar
Lubos Slovak committed
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

Lubos Slovak's avatar
Lubos Slovak committed
27 28
#ifndef _KNOT_CONSTS_H_
#define _KNOT_CONSTS_H_
Lubos Slovak's avatar
Lubos Slovak committed
29

30
#include <stdbool.h>
Lubos Slovak's avatar
Lubos Slovak committed
31 32
#include <stdint.h>

33 34
#include "libknot/util/utils.h"

35 36
/*!
 * \brief Basic limits for domain names (RFC 1035).
Lubos Slovak's avatar
Lubos Slovak committed
37
 */
38 39
#define KNOT_DNAME_MAXLEN 255     /*!< 1-byte maximum. */
#define KNOT_DNAME_MAXLABELS 127  /*!< 1-char labels. */
40

Lubos Slovak's avatar
Lubos Slovak committed
41 42 43 44 45
/*!
 * \brief Often used sizes.
 */
#define KNOT_RR_HEADER_SIZE 10

46 47 48 49 50 51 52 53 54 55 56
/*!
 * \brief DNS operation codes (OPCODEs).
 *
 * http://www.iana.org/assignments/dns-parameters/dns-parameters.xml
 */
typedef enum {
	KNOT_OPCODE_QUERY  = 0, /*!< Standard query. */
	KNOT_OPCODE_IQUERY = 1, /*!< Inverse query. */
	KNOT_OPCODE_STATUS = 2, /*!< Server status request. */
	KNOT_OPCODE_NOTIFY = 4, /*!< Notify message. */
	KNOT_OPCODE_UPDATE = 5  /*!< Dynamic update. */
57
} knot_opcode_t;
Lubos Slovak's avatar
Lubos Slovak committed
58

59
/*!
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86
 * \brief DNS reply codes (RCODEs).
 *
 * http://www.iana.org/assignments/dns-parameters/dns-parameters.xml
 */
typedef enum {
	KNOT_RCODE_NOERROR  =  0, /*!< No error. */
	KNOT_RCODE_FORMERR  =  1, /*!< Format error. */
	KNOT_RCODE_SERVFAIL =  2, /*!< Server failure. */
	KNOT_RCODE_NXDOMAIN =  3, /*!< Non-existend domain. */
	KNOT_RCODE_NOTIMPL  =  4, /*!< Not implemented. */
	KNOT_RCODE_REFUSED  =  5, /*!< Refused. */
	KNOT_RCODE_YXDOMAIN =  6, /*!< Name should not exist. */
	KNOT_RCODE_YXRRSET  =  7, /*!< RR set should not exist. */
	KNOT_RCODE_NXRRSET  =  8, /*!< RR set does not exist. */
	KNOT_RCODE_NOTAUTH  =  9, /*!< Server not authoritative. */
	KNOT_RCODE_NOTZONE  = 10, /*!< Name is not inside zone. */
	KNOT_RCODE_BADSIG   = 16, /*!< TSIG signature failed. */
	KNOT_RCODE_BADKEY   = 17, /*!< Key is not supported. */
	KNOT_RCODE_BADTIME  = 18, /*!< Signature out of time window. */
	KNOT_RCODE_BADMODE  = 19, /*!< Bad TKEY mode. */
	KNOT_RCODE_BADNAME  = 20, /*!< Duplicate key name. */
	KNOT_RCODE_BADALG   = 21, /*!< Algorithm not supported. */
	KNOT_RCODE_BADTRUNC = 22  /*!< Bad truncation. */
} knot_rcode_t;

/*!
 * \brief DNS query types (internal use only).
87 88 89 90
 *
 * This type encompasses the different query types distinguished by both the
 * OPCODE and the QTYPE.
 */
91
typedef enum {
92
	KNOT_QUERY_INVALID,   /*!< Invalid query. */
Lubos Slovak's avatar
Lubos Slovak committed
93 94 95 96 97 98 99 100
	KNOT_QUERY_NORMAL,    /*!< Normal query. */
	KNOT_QUERY_AXFR,      /*!< Request for AXFR transfer. */
	KNOT_QUERY_IXFR,      /*!< Request for IXFR transfer. */
	KNOT_QUERY_NOTIFY,    /*!< NOTIFY query. */
	KNOT_QUERY_UPDATE,    /*!< Dynamic update. */
	KNOT_RESPONSE_NORMAL, /*!< Normal response. */
	KNOT_RESPONSE_AXFR,   /*!< AXFR transfer response. */
	KNOT_RESPONSE_IXFR,   /*!< IXFR transfer response. */
101 102
	KNOT_RESPONSE_NOTIFY, /*!< NOTIFY response. */
	KNOT_RESPONSE_UPDATE  /*!< Dynamic update response. */
103
} knot_packet_type_t;
104

105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156
/*!
 * \brief TSIG algorithm numbers.
 *
 * These constants were taken from the Bind file key format (dnssec-keygen).
 */
typedef enum {
	KNOT_TSIG_ALG_NULL        =   0,
	KNOT_TSIG_ALG_GSS_TSIG    = 128,
	KNOT_TSIG_ALG_HMAC_MD5    = 157,
	KNOT_TSIG_ALG_HMAC_SHA1   = 161,
	KNOT_TSIG_ALG_HMAC_SHA224 = 162,
	KNOT_TSIG_ALG_HMAC_SHA256 = 163,
	KNOT_TSIG_ALG_HMAC_SHA384 = 164,
	KNOT_TSIG_ALG_HMAC_SHA512 = 165
} knot_tsig_algorithm_t;

/*!
 * \brief Lengths of TSIG algorithm digests.
 */
typedef enum {
	KNOT_TSIG_ALG_DIG_LENGTH_GSS_TSIG =  0,
	KNOT_TSIG_ALG_DIG_LENGTH_HMAC_MD5 = 16,
	KNOT_TSIG_ALG_DIG_LENGTH_SHA1     = 20,
	KNOT_TSIG_ALG_DIG_LENGTH_SHA224   = 28,
	KNOT_TSIG_ALG_DIG_LENGTH_SHA256   = 32,
	KNOT_TSIG_ALG_DIG_LENGTH_SHA384   = 48,
	KNOT_TSIG_ALG_DIG_LENGTH_SHA512   = 64
} knot_tsig_algorithm_digest_length_t;

/*!
 * \brief DS digest lengths.
 */
enum knot_ds_algorithm_len
{
	KNOT_DS_DIGEST_LEN_SHA1   = 20, /*!< RFC 3658 */
	KNOT_DS_DIGEST_LEN_SHA256 = 32, /*!< RFC 4509 */
	KNOT_DS_DIGEST_LEN_GOST   = 32, /*!< RFC 5933 */
	KNOT_DS_DIGEST_LEN_SHA384 = 48  /*!< RFC 6605 */
};

/*!
 * \brief Constants for DNSSEC algorithm types.
 *
 * Source: http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xml
 */
typedef enum {
	KNOT_DS_ALG_SHA1   = 1,
	KNOT_DS_ALG_SHA256 = 2,
	KNOT_DS_ALG_GOST   = 3,
	KNOT_DS_ALG_SHA384 = 4
} knot_ds_algorithm_t;

157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185
/*!
 * \brief DNSSEC algorithm numbers.
 *
 * http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml
 */
typedef enum {
	KNOT_DNSSEC_ALG_RSAMD5             =  1,
	KNOT_DNSSEC_ALG_DH                 =  2,
	KNOT_DNSSEC_ALG_DSA                =  3,

	KNOT_DNSSEC_ALG_RSASHA1            =  5,
	KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1     =  6,
	KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1 =  7,
	KNOT_DNSSEC_ALG_RSASHA256          =  8,

	KNOT_DNSSEC_ALG_RSASHA512          = 10,

	KNOT_DNSSEC_ALG_ECC_GOST           = 12,
	KNOT_DNSSEC_ALG_ECDSAP256SHA256    = 13,
	KNOT_DNSSEC_ALG_ECDSAP384SHA384    = 14
} knot_dnssec_algorithm_t;

/*!
 * \brief NSEC3 hash algorithm numbers.
 */
typedef enum {
	KNOT_NSEC3_ALGORITHM_SHA1 = 1
} knot_nsec3_hash_algorithm_t;

186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203
/*!
 * \brief DNS operation code names.
 */
extern knot_lookup_table_t knot_opcode_names[];

/*!
 * \brief DNS reply code names.
 */
extern knot_lookup_table_t knot_rcode_names[];

/*!
 * \brief TSIG key algorithm names.
 */
extern knot_lookup_table_t knot_tsig_alg_names[];

/*!
 * \brief TSIG key algorithm names in a domain form.
 */
204 205 206 207 208 209
extern knot_lookup_table_t knot_tsig_alg_dnames_str[];

/*!
 * \brief TSIG key algorithm domain names.
 */
extern knot_lookup_table_t knot_tsig_alg_dnames[];
210

211 212 213 214 215
/*!
 * \brief DNSSEC algorithm names.
 */
extern knot_lookup_table_t knot_dnssec_alg_names[];

216 217 218 219 220
/*!
 * \brief Returns length of TSIG digest for given algorithm.
 *
 * \param algorithm Algorithm code to be used.
 *
Jan Včelák's avatar
Jan Včelák committed
221
 * \retval Digest length for given algorithm.
222 223 224 225 226 227 228 229
 */
size_t knot_tsig_digest_length(const uint8_t algorithm);

/*!
 * \brief Returns length of DS digest for given algorithm.
 *
 * \param algorithm Algorithm code to be used.
 *
Jan Včelák's avatar
Jan Včelák committed
230
 * \retval Digest length for given algorithm.
231 232 233
 */
size_t knot_ds_digest_length(const uint8_t algorithm);

234 235 236 237 238 239 240 241 242 243
/*!
 * \brief Check if algorithm is supported for zone signing.
 *
 * \param algorithm      Algorithm identification.
 * \param nsec3_enabled  NSEC3 enabled for signed zone.
 *
 * \return Given algorithm is allowed for zone signing.
 */
bool knot_dnssec_algorithm_is_zonesign(uint8_t algorithm, bool nsec3_enabled);

Lubos Slovak's avatar
Lubos Slovak committed
244
#endif /* _KNOT_CONSTS_H_ */
Lubos Slovak's avatar
Lubos Slovak committed
245 246

/*! @} */