// kasp.rnc converted to .proto format for protocol buffers
//
// Information in this proto file has been taken from online documentation on the 
// OpenDNSSEC wiki and from the kasp.rnc file. We try to adhere to the contraints 
// expressed in the kasp.rnc file as closely as possible.

package ods.kasp;

import "xmlext.proto";

message KaspDocument {
	required KASP kasp = 2 [(xml).path="KASP"]; // root element in kasp.xml config file 
}

message KASP {
	repeated Policy policies = 1 [(xml).path="Policy"];
}

message Policy {
	required string name = 1 [(xml).path="@name"];
	required string description = 2 [(xml).path="Description"];
	required Signatures signatures = 3 [(xml).path="Signatures"]; // Parameters for signatures created using the policy
	required Denial denial = 4 [(xml).path="Denial"]; // Parameters for authenticated denial of existence (proving that domain names do not exist)
	required Keys keys = 5 [(xml).path="Keys"]; // Parameters relating to both zone-signing keys (ZSK) and key-signing keys (KSK).
	required Zone zone = 6 [(xml).path="Zone"]; // General information concerning the zones
	required Parent parent = 7 [(xml).path="Parent"]; // Timing information concerning the parent zone when the zone is part of a chain of trust
	repeated Audit audit = 8 [(xml).path="Audit"];
}

message Signatures {
	optional int32 resign = 1 [(xml).path="Resign", (xml).type=duration]; // re-signing interval
	optional int32 refresh = 2 [(xml).path="Refresh",(xml).type=duration]; // how old a signature may become before it needs to be re-signed
	optional int32 jitter = 3 [(xml).path="Jitter",(xml).type=duration]; // jitter to use in signature inception and expiration times
	optional int32 inceptionOffset = 4 [(xml).path="InceptionOffset",(xml).type=duration]; // estimated max clockskew expected in clients
	optional int32 valdefault = 5 [(xml).path="Validity/Default",(xml).type=duration]; // signature validity period
	optional int32 valdenial = 6 [(xml).path="Validity/Denial",(xml).type=duration]; // nsec(3) validity period
}

message Denial {
	//--NOTE that denial contains either nsec or nsec3 not both.
	optional NSEC nsec = 1 [(xml).path="NSEC"]; // nsec version 0
	optional NSEC3 nsec3 = 2 [(xml).path="NSEC3"]; // nsec version 3
}

message NSEC {
}

message NSEC3 {
    optional bool optout = 1 [(xml).path="OptOut"]; // opt out flag for nsec3
    optional uint32 ttl = 2 [(xml).path="TTL", (xml).type=duration]; // ttl for nsec(3) rrs ?? not found in kasp.rnc
    required uint32 resalt = 3 [(xml).path="Resalt", (xml).type=duration]; // re-salting interval
    required uint32 algorithm = 4 [(xml).path="Hash/Algorithm"]; // algorithm 0..255
    required uint32 iterations = 5 [(xml).path="Hash/Iterations"]; // iterations 0..65535
    required uint32 saltlength = 6 [(xml).path="Hash/Salt/@length"];// nsec3 salt length 0..255
    optional string salt = 7 [(xml).path="Hash/Salt"];// the actual salt is generated by the enforcer e.g. 0438eb9a93a6d6c5
    optional uint32 salt_last_change = 8 [(xml).path="Hash/Salt/@lastchanged"]; // timestamp for when the last resalt took place
}

message Keys {
	required int32 ttl = 1 [(xml).path="TTL", (xml).type=duration]; // TTL for DNSKEYs
	required int32 retiresafety = 2 [(xml).path="RetireSafety", (xml).type=duration]; // key retirement safety factor
	required int32 publishsafety = 3 [(xml).path="PublishSafety", (xml).type=duration]; // key publication safety factor
	optional bool zones_share_keys = 4 [(xml).path="ShareKeys"]; // do the zones share the same keys ?
	optional int32 purge = 5 [(xml).path="Purge", (xml).type=duration]; // enforcer may purge keys after this amount of time
	repeated Ksk ksk = 6 [(xml).path="KSK"]; // Key Signing Keys (KSK) parameters.
	repeated Zsk zsk = 7 [(xml).path="ZSK"]; // Zone Signing Keys (ZSK) parameters.
	repeated Csk csk = 8 [(xml).path="CSK"]; // Combined Signing Keys (CSK) paramters.
}

// These values correspond directly to the minimize flags. 3,6 & 7
// are forbidden. MinimizeDS<<2 & MinimizeDNSKEY <<1 & MinimizeRRSIG

enum KskRollType {
	KskDoubleRRset = 0;		//no minimize
	KskDoubleDS = 2;		//minimize DNSKEY
	KskDoubleSignature = 4; //minimize DS
}
enum ZskRollType {
	ZskDoubleSignature = 0;	//no minimize
	ZskPrePublication = 1;	//minimize RRSIG
	ZskDoubleRRsig = 2;		//minimize DNSKEY
}
enum CskRollType {
	CskDoubleRRset = 0;		//no minimize
	CskSingleSignature = 1;	//minimize RRSIG
	CskDoubleDS = 2;		//minimize DNSKEY
	CskDoubleSignature = 4;	//minimize DS
	CskPrePublication = 5;	//minimize DS and RRSIG
}

message Ksk {
	// anykey = generic key definition
	required uint32 algorithm = 1 [(xml).path="Algorithm"]; // ksk algorithm (maxInclusive 255)
	optional uint32 bits = 2 [(xml).path="Algorithm/@length"]; // ksk key size
	required int32 lifetime = 3 [(xml).path="Lifetime", (xml).type=duration]; // ksk lifetime
	required string repository = 4 [(xml).path="Repository"]; // default ksk sm (for newly generated keys)
	optional uint32 standby = 5 [(xml).path="Standby"]; // Number of Standby keys. Makes the rollover faster, since the key is already pre-published and ready
	optional bool manual_rollover = 6 [(xml).path="ManualRollover"]; // Use manual key rollover ? Then do not automatically roll keys when their time is up.

	// Ksk specific
	optional bool rfc5011 = 7 [(xml).path="RFC5011"]; // Use RFC 5011 for key rollover ?
	optional KskRollType rollover_type = 8 [default = KskDoubleSignature, (xml).path="KskRollType"]; // user friendly way of configure minimize flags
}

message Zsk {
	// anykey = generic key definition
	required uint32 algorithm = 1 [(xml).path="Algorithm"]; // zsk algorithm (maxInclusive 255)
	optional uint32 bits = 2 [(xml).path="Algorithm/@length"]; // zsk key size
	required int32 lifetime = 3 [(xml).path="Lifetime", (xml).type=duration]; // zsk lifetime
	required string repository = 4 [(xml).path="Repository"]; // default zsk sm (for newly generated keys)
	optional uint32 standby = 5 [(xml).path="Standby"]; // Number of Standby keys. Makes the rollover faster, since the key is already pre-published and ready
	optional bool manual_rollover = 6 [(xml).path="ManualRollover"]; // Use manual key rollover ? Then do not automatically roll keys when their time is up.

	optional ZskRollType rollover_type = 8 [default = ZskPrePublication, (xml).path="ZskRollType"]; // user friendly way of configure minimize flags
}

message Csk {
	// anykey = generic key definition
	required uint32 algorithm = 1 [(xml).path="Algorithm"]; // ksk algorithm (maxInclusive 255)
	optional uint32 bits = 2 [(xml).path="Algorithm/@length"]; // ksk key size
	required int32 lifetime = 3 [(xml).path="Lifetime", (xml).type=duration]; // ksk lifetime
	required string repository = 4 [(xml).path="Repository"]; // default ksk sm (for newly generated keys)
	optional uint32 standby = 5 [(xml).path="Standby"]; // Number of Standby keys. Makes the rollover faster, since the key is already pre-published and ready
	optional bool manual_rollover = 6 [(xml).path="ManualRollover"]; // Use manual key rollover ? Then do not automatically roll keys when their time is up.

	// Ksk specific
	optional bool rfc5011 = 7 [(xml).path="RFC5011"]; // Use RFC 5011 for key rollover ?
	optional CskRollType rollover_type = 8 [default = CskPrePublication, (xml).path="CskRollType"]; // user friendly way of configure minimize flags
}

message Zone {
	required int32 propagationdelay = 1 [(xml).path="PropagationDelay", (xml).type=duration]; // Expected propagation delay in child publication
	optional int32 ttl = 2 [(xml).path="SOA/TTL", (xml).type=duration]; // ttl of the soa
	optional int32 min = 3 [(xml).path="SOA/Minimum", (xml).type=duration]; // min of the soa
	optional serial serial = 4 [(xml).path="SOA/Serial"]; // how serial no are changed
	optional int32 max_zone_ttl = 5 [(xml).path="MaxZoneTTL",(xml).type=duration];  // ttl for RRSIGS ?? not found in kasp.rnc
}

enum serial {
	counter = 1; // use an increasing counter (but use the serial from the unsigned zone if possible)
	datecounter = 2; // use increasing counter in YYYYMMDDxx format (xx is incremented within each day)
	unixtime = 3; // the serial number is set to the "Unix time" (seconds since 00:00 on 1 January 1970 (UTC)) at which the signer is run.
	keep = 4; // keep the serial from the unsigned zone (do not resign unless it has been incremented)
}

message Parent {
	optional int32 ttlds = 1 [(xml).path="DS/TTL", (xml).type=duration]; // ttl of the ds
	optional int32 registrationdelay = 2 [(xml).path="RegistrationDelay", (xml).type=duration]; // Dr
	optional int32 propagationdelay = 3 [(xml).path="PropagationDelay", (xml).type=duration]; // Dp
	optional int32 ttl = 4 [(xml).path="SOA/TTL", (xml).type=duration]; // ttl of the soa
	optional int32 min = 5 [(xml).path="SOA/Minimum", (xml).type=duration]; // min of the soa
}

message Audit {
	optional bool partial = 1 [(xml).path="Partial"]; // Do a partial audit ?
}