#include <isc/lang.h>#include <isc/stdtime.h>#include <dns/types.h>#include <dns/log.h>#include <dns/name.h>#include <dns/secalg.h>#include <dns/ds.h>#include <dns/dsdigest.h>#include <dst/gssapi.h>Go to the source code of this file.
Defines | |
| #define | DST_DST_H 1 |
| #define | DST_ALG_UNKNOWN 0 |
| #define | DST_ALG_RSAMD5 1 |
| #define | DST_ALG_RSA DST_ALG_RSAMD5 |
| backwards compatibility | |
| #define | DST_ALG_DH 2 |
| #define | DST_ALG_DSA 3 |
| #define | DST_ALG_ECC 4 |
| #define | DST_ALG_RSASHA1 5 |
| #define | DST_ALG_NSEC3DSA 6 |
| #define | DST_ALG_NSEC3RSASHA1 7 |
| #define | DST_ALG_RSASHA256 8 |
| #define | DST_ALG_RSASHA512 10 |
| #define | DST_ALG_ECCGOST 12 |
| #define | DST_ALG_ECDSA256 13 |
| #define | DST_ALG_ECDSA384 14 |
| #define | DST_ALG_HMACMD5 157 |
| #define | DST_ALG_GSSAPI 160 |
| #define | DST_ALG_HMACSHA1 161 |
| #define | DST_ALG_HMACSHA224 162 |
| #define | DST_ALG_HMACSHA256 163 |
| #define | DST_ALG_HMACSHA384 164 |
| #define | DST_ALG_HMACSHA512 165 |
| #define | DST_ALG_PRIVATE 254 |
| #define | DST_ALG_EXPAND 255 |
| #define | DST_MAX_ALGS 255 |
| #define | DST_KEY_MAXSIZE 1280 |
| A buffer of this size is large enough to hold any key. | |
| #define | DST_KEY_MAXTEXTSIZE 2048 |
| A buffer of this size is large enough to hold the textual representation of any key. | |
| #define | DST_TYPE_KEY 0x1000000 |
| 'Type' for dst_read_key() | |
| #define | DST_TYPE_PRIVATE 0x2000000 |
| #define | DST_TYPE_PUBLIC 0x4000000 |
| #define | DST_TIME_CREATED 0 |
| #define | DST_TIME_PUBLISH 1 |
| #define | DST_TIME_ACTIVATE 2 |
| #define | DST_TIME_REVOKE 3 |
| #define | DST_TIME_INACTIVE 4 |
| #define | DST_TIME_DELETE 5 |
| #define | DST_TIME_DSPUBLISH 6 |
| #define | DST_MAX_TIMES 6 |
| #define | DST_NUM_PREDECESSOR 0 |
| #define | DST_NUM_SUCCESSOR 1 |
| #define | DST_NUM_MAXTTL 2 |
| #define | DST_NUM_ROLLPERIOD 3 |
| #define | DST_MAX_NUMERIC 3 |
| #define | DST_MAJOR_VERSION 1 |
| #define | DST_MINOR_VERSION 3 |
| #define | DST_KEY_FORMATSIZE (DNS_NAME_FORMATSIZE + DNS_SECALG_FORMATSIZE + 7) |
Typedefs | |
| typedef typedefISC_LANG_BEGINDECLS struct dst_key | dst_key_t |
| The dst_key structure is opaque. Applications should use the accessor functions provided to retrieve key attributes. If an application needs to set attributes, new accessor functions will be written. | |
| typedef struct dst_context | dst_context_t |
Functions | |
| isc_result_t | dst_lib_init (isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) |
| isc_result_t | dst_lib_init2 (isc_mem_t *mctx, isc_entropy_t *ectx, const char *engine, unsigned int eflags) |
| Initializes the DST subsystem. | |
| void | dst_lib_destroy (void) |
| Releases all resources allocated by DST. | |
| isc_boolean_t | dst_algorithm_supported (unsigned int alg) |
| Checks that a given algorithm is supported by DST. | |
| isc_boolean_t | dst_ds_digest_supported (unsigned int digest_type) |
| Checks that a given digest algorithm is supported by DST. | |
| isc_result_t | dst_context_create (dst_key_t *key, isc_mem_t *mctx, dst_context_t **dctxp) |
| isc_result_t | dst_context_create2 (dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t *category, dst_context_t **dctxp) |
| isc_result_t | dst_context_create3 (dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t *category, isc_boolean_t useforsigning, dst_context_t **dctxp) |
| isc_result_t | dst_context_create4 (dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t *category, isc_boolean_t useforsigning, int maxbits, dst_context_t **dctxp) |
| Creates a context to be used for a sign or verify operation. | |
| void | dst_context_destroy (dst_context_t **dctxp) |
| Destroys all memory associated with a context. | |
| isc_result_t | dst_context_adddata (dst_context_t *dctx, const isc_region_t *data) |
| Incrementally adds data to the context to be used in a sign or verify operation. | |
| isc_result_t | dst_context_sign (dst_context_t *dctx, isc_buffer_t *sig) |
| Computes a signature using the data and key stored in the context. | |
| isc_result_t | dst_context_verify (dst_context_t *dctx, isc_region_t *sig) |
| isc_result_t | dst_context_verify2 (dst_context_t *dctx, unsigned int maxbits, isc_region_t *sig) |
| Verifies the signature using the data and key stored in the context. | |
| isc_result_t | dst_key_computesecret (const dst_key_t *pub, const dst_key_t *priv, isc_buffer_t *secret) |
| Computes a shared secret from two (Diffie-Hellman) keys. | |
| isc_result_t | dst_key_getfilename (dns_name_t *name, dns_keytag_t id, unsigned int alg, int type, const char *directory, isc_mem_t *mctx, isc_buffer_t *buf) |
| Generates a key filename for the name, algorithm, and id, and places it in the buffer 'buf'. If directory is NULL, the current directory is assumed. | |
| isc_result_t | dst_key_fromfile (dns_name_t *name, dns_keytag_t id, unsigned int alg, int type, const char *directory, isc_mem_t *mctx, dst_key_t **keyp) |
| Reads a key from permanent storage. The key can either be a public or private key, and is specified by name, algorithm, and id. If a private key is specified, the public key must also be present. If directory is NULL, the current directory is assumed. | |
| isc_result_t | dst_key_fromnamedfile (const char *filename, const char *dirname, int type, isc_mem_t *mctx, dst_key_t **keyp) |
| Reads a key from permanent storage. The key can either be a public or key, and is specified by filename. If a private key is specified, the public key must also be present. | |
| isc_result_t | dst_key_read_public (const char *filename, int type, isc_mem_t *mctx, dst_key_t **keyp) |
| Reads a public key from permanent storage. The key must be a public key. | |
| isc_result_t | dst_key_tofile (const dst_key_t *key, int type, const char *directory) |
| Writes a key to permanent storage. The key can either be a public or private key. Public keys are written in DNS format and private keys are written as a set of base64 encoded values. If directory is NULL, the current directory is assumed. | |
| isc_result_t | dst_key_fromdns (dns_name_t *name, dns_rdataclass_t rdclass, isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp) |
| Converts a DNS KEY record into a DST key. | |
| isc_result_t | dst_key_todns (const dst_key_t *key, isc_buffer_t *target) |
| Converts a DST key into a DNS KEY record. | |
| isc_result_t | dst_key_frombuffer (dns_name_t *name, unsigned int alg, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp) |
| Converts a buffer containing DNS KEY RDATA into a DST key. | |
| isc_result_t | dst_key_tobuffer (const dst_key_t *key, isc_buffer_t *target) |
| Converts a DST key into DNS KEY RDATA format. | |
| isc_result_t | dst_key_privatefrombuffer (dst_key_t *key, isc_buffer_t *buffer) |
| Converts a public key into a private key, reading the private key information from the buffer. The buffer should contain the same data as the .private key file would. | |
| gss_ctx_id_t | dst_key_getgssctx (const dst_key_t *key) |
| Returns the opaque key data. Be cautions when using this value unless you know what you are doing. | |
| isc_result_t | dst_key_fromgssapi (dns_name_t *name, gss_ctx_id_t gssctx, isc_mem_t *mctx, dst_key_t **keyp, isc_region_t *intoken) |
| Converts a GSSAPI opaque context id into a DST key. | |
| isc_result_t | dst_key_fromlabel (dns_name_t *name, int alg, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, const char *engine, const char *label, const char *pin, isc_mem_t *mctx, dst_key_t **keyp) |
| isc_result_t | dst_key_generate (dns_name_t *name, unsigned int alg, unsigned int bits, unsigned int param, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_mem_t *mctx, dst_key_t **keyp) |
| isc_result_t | dst_key_generate2 (dns_name_t *name, unsigned int alg, unsigned int bits, unsigned int param, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_mem_t *mctx, dst_key_t **keyp, void(*callback)(int)) |
| Generate a DST key (or keypair) with the supplied parameters. The interpretation of the "param" field depends on the algorithm:. | |
| isc_boolean_t | dst_key_compare (const dst_key_t *key1, const dst_key_t *key2) |
| Compares two DST keys. Returns true if they match, false otherwise. | |
| isc_boolean_t | dst_key_pubcompare (const dst_key_t *key1, const dst_key_t *key2, isc_boolean_t match_revoked_key) |
| Compares only the public portions of two DST keys. Returns true if they match, false otherwise. This allows us, for example, to determine whether a public key found in a zone matches up with a key pair found on disk. | |
| isc_boolean_t | dst_key_paramcompare (const dst_key_t *key1, const dst_key_t *key2) |
| Compares the parameters of two DST keys. This is used to determine if two (Diffie-Hellman) keys can be used to derive a shared secret. | |
| void | dst_key_attach (dst_key_t *source, dst_key_t **target) |
| void | dst_key_free (dst_key_t **keyp) |
| Decrement the key's reference counter and, when it reaches zero, release all memory associated with the key. | |
| dns_name_t * | dst_key_name (const dst_key_t *key) |
| unsigned int | dst_key_size (const dst_key_t *key) |
| unsigned int | dst_key_proto (const dst_key_t *key) |
| unsigned int | dst_key_alg (const dst_key_t *key) |
| isc_uint32_t | dst_key_flags (const dst_key_t *key) |
| dns_keytag_t | dst_key_id (const dst_key_t *key) |
| dns_keytag_t | dst_key_rid (const dst_key_t *key) |
| dns_rdataclass_t | dst_key_class (const dst_key_t *key) |
| isc_boolean_t | dst_key_isprivate (const dst_key_t *key) |
| isc_boolean_t | dst_key_iszonekey (const dst_key_t *key) |
| isc_boolean_t | dst_key_isnullkey (const dst_key_t *key) |
| isc_result_t | dst_key_buildfilename (const dst_key_t *key, int type, const char *directory, isc_buffer_t *out) |
| Generates the filename used by dst to store the specified key. If directory is NULL, the current directory is assumed. | |
| isc_result_t | dst_key_sigsize (const dst_key_t *key, unsigned int *n) |
| Computes the size of a signature generated by the given key. | |
| isc_result_t | dst_key_secretsize (const dst_key_t *key, unsigned int *n) |
| Computes the size of a shared secret generated by the given key. | |
| isc_uint16_t | dst_region_computeid (const isc_region_t *source, unsigned int alg) |
| isc_uint16_t | dst_region_computerid (const isc_region_t *source, unsigned int alg) |
| Computes the (revoked) key id of the key stored in the provided region with the given algorithm. | |
| isc_uint16_t | dst_key_getbits (const dst_key_t *key) |
| Get the number of digest bits required (0 == MAX). | |
| void | dst_key_setbits (dst_key_t *key, isc_uint16_t bits) |
| Set the number of digest bits required (0 == MAX). | |
| void | dst_key_setttl (dst_key_t *key, dns_ttl_t ttl) |
| Set the default TTL to use when converting the key to a KEY or DNSKEY RR. | |
| dns_ttl_t | dst_key_getttl (const dst_key_t *key) |
| Get the default TTL to use when converting the key to a KEY or DNSKEY RR. | |
| isc_result_t | dst_key_setflags (dst_key_t *key, isc_uint32_t flags) |
| Set the flags on a key, then recompute the key ID. | |
| isc_result_t | dst_key_getnum (const dst_key_t *key, int type, isc_uint32_t *valuep) |
| Get a member of the numeric metadata array and place it in '*valuep'. | |
| void | dst_key_setnum (dst_key_t *key, int type, isc_uint32_t value) |
| Set a member of the numeric metadata array. | |
| void | dst_key_unsetnum (dst_key_t *key, int type) |
| Flag a member of the numeric metadata array as "not set". | |
| isc_result_t | dst_key_gettime (const dst_key_t *key, int type, isc_stdtime_t *timep) |
| Get a member of the timing metadata array and place it in '*timep'. | |
| void | dst_key_settime (dst_key_t *key, int type, isc_stdtime_t when) |
| Set a member of the timing metadata array. | |
| void | dst_key_unsettime (dst_key_t *key, int type) |
| Flag a member of the timing metadata array as "not set". | |
| isc_result_t | dst_key_getprivateformat (const dst_key_t *key, int *majorp, int *minorp) |
| Get the private key format version number. (If the key does not have a private key associated with it, the version will be 0.0.) The major version number is placed in '*majorp', and the minor version number in '*minorp'. | |
| void | dst_key_setprivateformat (dst_key_t *key, int major, int minor) |
| Set the private key format version number. | |
| void | dst_key_format (const dst_key_t *key, char *cp, unsigned int size) |
| Write the uniquely identifying information about the key (name, algorithm, key ID) into a string 'cp' of size 'size'. | |
| isc_buffer_t * | dst_key_tkeytoken (const dst_key_t *key) |
| Return the token from the TKEY request, if any. If this key was not negotiated via TKEY, return NULL. | |
| isc_result_t | dst_key_dump (dst_key_t *key, isc_mem_t *mctx, char **buffer, int *length) |
| Allocate 'buffer' and dump the key into it in base64 format. The buffer is not NUL terminated. The length of the buffer is returned in *length. | |
| isc_result_t | dst_key_restore (dns_name_t *name, unsigned int alg, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_mem_t *mctx, const char *keystr, dst_key_t **keyp) |
| isc_boolean_t | dst_key_inactive (const dst_key_t *key) |
| Determines if the private key is missing due the key being deemed inactive. | |
| void | dst_key_setinactive (dst_key_t *key, isc_boolean_t inactive) |
| Set key inactive state. | |
| void | dst_key_setexternal (dst_key_t *key, isc_boolean_t value) |
| isc_boolean_t | dst_key_isexternal (dst_key_t *key) |
Definition in file dst.h.
| #define DST_ALG_UNKNOWN 0 |
Definition at line 51 of file dst.h.
Referenced by cleanup_session_key(), configure_session_key(), control_recvmessage(), controlkeylist_fromcfg(), get_rndckey(), and ns_server_create().
| #define DST_ALG_RSAMD5 1 |
Definition at line 52 of file dst.h.
Referenced by algorithm_status(), check_data(), check_dnssec(), check_rsa(), check_trusted_key(), comparekeys(), dns_nsec_nseconly(), dnskey_sane(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), dst_region_computeid(), dst_region_computerid(), dstkey_fromconfig(), fromtext_cdnskey(), fromtext_dnskey(), fromtext_key(), fromtext_keydata(), fromwire_cdnskey(), fromwire_dnskey(), fromwire_key(), issymmetric(), main(), and zone_check_dnskeys().
| #define DST_ALG_DH 2 |
Definition at line 54 of file dst.h.
Referenced by algorithm_status(), check_data(), check_dh(), dst__privstruct_writefile(), dst_key_secretsize(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().
| #define DST_ALG_DSA 3 |
Definition at line 55 of file dst.h.
Referenced by algorithm_status(), check_data(), check_dnssec(), check_dsa(), dns_nsec_nseconly(), dnskey_sane(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), and issymmetric().
| #define DST_ALG_ECC 4 |
Definition at line 56 of file dst.h.
Referenced by check_dnssec(), dns_nsec_nseconly(), and dnskey_sane().
| #define DST_ALG_RSASHA1 5 |
Definition at line 57 of file dst.h.
Referenced by algorithm_status(), ATF_TC_BODY(), check_data(), check_dnssec(), check_trusted_key(), dns_nsec_nseconly(), dnskey_sane(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), dstkey_fromconfig(), issymmetric(), and zone_check_dnskeys().
| #define DST_ALG_NSEC3DSA 6 |
Definition at line 58 of file dst.h.
Referenced by algorithm_status(), check_data(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().
| #define DST_ALG_NSEC3RSASHA1 7 |
Definition at line 59 of file dst.h.
Referenced by algorithm_status(), ATF_TC_BODY(), check_data(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().
| #define DST_ALG_RSASHA256 8 |
Definition at line 60 of file dst.h.
Referenced by algorithm_status(), ATF_TC_BODY(), check_data(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().
| #define DST_ALG_RSASHA512 10 |
Definition at line 61 of file dst.h.
Referenced by algorithm_status(), ATF_TC_BODY(), check_data(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().
| #define DST_ALG_ECCGOST 12 |
Definition at line 62 of file dst.h.
Referenced by algorithm_status(), check_data(), check_gost(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().
| #define DST_ALG_ECDSA256 13 |
Definition at line 63 of file dst.h.
Referenced by algorithm_status(), check_data(), check_ecdsa(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().
| #define DST_ALG_ECDSA384 14 |
Definition at line 64 of file dst.h.
Referenced by algorithm_status(), check_data(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().
| #define DST_ALG_HMACMD5 157 |
Definition at line 65 of file dst.h.
Referenced by algorithm_status(), check_data(), check_hmac_md5(), dns_tsec_create(), dns_tsig_verify(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dst__privstruct_writefile(), dst_alg_fromname(), dst_key_sigsize(), dst_lib_init2(), hmacmd5_parse(), issymmetric(), main(), setup_file_key(), and setup_keyfile().
| #define DST_ALG_GSSAPI 160 |
Definition at line 66 of file dst.h.
Referenced by dns_tsigkey_createfromkey(), dst_alg_fromname(), dst_key_fromgssapi(), dst_key_sigsize(), dst_lib_init2(), and issymmetric().
| #define DST_ALG_HMACSHA1 161 |
Definition at line 67 of file dst.h.
Referenced by check_data(), dns_tsec_create(), dns_tsig_verify(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dst__privstruct_writefile(), dst_alg_fromname(), dst_key_sigsize(), dst_lib_init2(), hmacsha1_parse(), main(), setup_file_key(), and setup_keyfile().
| #define DST_ALG_HMACSHA224 162 |
Definition at line 68 of file dst.h.
Referenced by check_data(), dns_tsec_create(), dns_tsig_verify(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dst__privstruct_writefile(), dst_alg_fromname(), dst_key_sigsize(), dst_lib_init2(), hmacsha224_parse(), main(), setup_file_key(), and setup_keyfile().
| #define DST_ALG_HMACSHA256 163 |
Definition at line 69 of file dst.h.
Referenced by check_data(), dns_tsec_create(), dns_tsig_verify(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dst__privstruct_writefile(), dst_alg_fromname(), dst_key_sigsize(), dst_lib_init2(), hmacsha256_parse(), main(), setup_file_key(), and setup_keyfile().
| #define DST_ALG_HMACSHA384 164 |
Definition at line 70 of file dst.h.
Referenced by check_data(), dns_tsec_create(), dns_tsig_verify(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dst__privstruct_writefile(), dst_alg_fromname(), dst_key_sigsize(), dst_lib_init2(), hmacsha384_parse(), main(), setup_file_key(), and setup_keyfile().
| #define DST_ALG_HMACSHA512 165 |
Definition at line 71 of file dst.h.
Referenced by check_data(), dns_tsec_create(), dns_tsig_verify(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dst__privstruct_writefile(), dst_alg_fromname(), dst_key_sigsize(), dst_lib_init2(), hmacsha512_parse(), main(), setup_file_key(), and setup_keyfile().
| #define DST_MAX_ALGS 255 |
Definition at line 74 of file dst.h.
Referenced by dst_algorithm_supported(), dst_key_restore(), and dst_lib_destroy().
| #define DST_KEY_MAXSIZE 1280 |
A buffer of this size is large enough to hold any key.
Definition at line 77 of file dst.h.
Referenced by computeid(), create_keydata(), dst_key_read_public(), main(), process_dhtkey(), pub_compare(), publish_key(), remove_key(), write_public_key(), and writeset().
| #define DST_KEY_MAXTEXTSIZE 2048 |
A buffer of this size is large enough to hold the textual representation of any key.
Definition at line 83 of file dst.h.
Referenced by emit(), and write_public_key().
| #define DST_TYPE_KEY 0x1000000 |
'Type' for dst_read_key()
Definition at line 86 of file dst.h.
Referenced by dst_key_read_public(), main(), ns_tkeyctx_fromconfig(), setup_file_key(), setup_keyfile(), and write_public_key().
| #define DST_TYPE_PRIVATE 0x2000000 |
Definition at line 87 of file dst.h.
Referenced by buildfilename(), dns_dnssec_findmatchingkeys(), dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dst__privstruct_writefile(), dst_key_buildfilename(), dst_key_fromfile(), dst_key_fromnamedfile(), dst_key_getfilename(), dst_key_tofile(), emit(), keythatsigned(), loadexplicitkeys(), main(), ns_tkeyctx_fromconfig(), setup_file_key(), and setup_keyfile().
| #define DST_TYPE_PUBLIC 0x4000000 |
Definition at line 88 of file dst.h.
Referenced by buildfilename(), dns_dnssec_findmatchingkeys(), dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dst_key_buildfilename(), dst_key_fromfile(), dst_key_fromnamedfile(), dst_key_getfilename(), dst_key_tofile(), emit(), keythatsigned(), loadexplicitkeys(), loadkey(), main(), ns_tkeyctx_fromconfig(), and write_public_key().
| #define DST_TIME_CREATED 0 |
Definition at line 91 of file dst.h.
Referenced by main(), set_keyversion(), and write_public_key().
| #define DST_TIME_PUBLISH 1 |
Definition at line 92 of file dst.h.
Referenced by dns_dnssec_keyactive(), emit(), get_hints(), main(), and write_public_key().
| #define DST_TIME_ACTIVATE 2 |
Definition at line 93 of file dst.h.
Referenced by dns_dnssec_keyactive(), get_hints(), main(), publish_key(), and write_public_key().
| #define DST_TIME_REVOKE 3 |
Definition at line 94 of file dst.h.
Referenced by dns_dnssec_keyactive(), get_hints(), main(), and write_public_key().
| #define DST_TIME_INACTIVE 4 |
Definition at line 95 of file dst.h.
Referenced by dns_dnssec_keyactive(), get_hints(), main(), and write_public_key().
| #define DST_TIME_DELETE 5 |
Definition at line 96 of file dst.h.
Referenced by dns_dnssec_keyactive(), emit(), get_hints(), main(), and write_public_key().
| #define DST_MAX_TIMES 6 |
Definition at line 98 of file dst.h.
Referenced by dst_key_gettime(), dst_key_settime(), dst_key_unsettime(), get_key_struct(), and next_keyevent().
| #define DST_MAX_NUMERIC 3 |
Definition at line 105 of file dst.h.
Referenced by dst_key_getnum(), dst_key_setnum(), and dst_key_unsetnum().
| #define DST_MAJOR_VERSION 1 |
Definition at line 126 of file dst.h.
Referenced by check_keyversion(), dst__privstruct_parse(), dst__privstruct_writefile(), main(), and set_keyversion().
| #define DST_MINOR_VERSION 3 |
Definition at line 127 of file dst.h.
Referenced by check_keyversion(), dst__privstruct_parse(), dst__privstruct_writefile(), main(), and set_keyversion().
| #define DST_KEY_FORMATSIZE (DNS_NAME_FORMATSIZE + DNS_SECALG_FORMATSIZE + 7) |
Definition at line 923 of file dst.h.
Referenced by dns_keytable_totext(), dns_sdlzssumatch(), dns_ssu_external_match(), emit(), loadkey(), logkey(), main(), publish_key(), and signwithkey().
| typedef struct dst_context dst_context_t |
| isc_result_t dst_lib_init | ( | isc_mem_t * | mctx, | |
| isc_entropy_t * | ectx, | |||
| unsigned int | eflags | |||
| ) |
Definition at line 154 of file dst_api.c.
References dst_lib_init2().
Referenced by dns_test_begin(), initialize(), main(), setup_libs(), and setup_system().
| isc_result_t dst_lib_init2 | ( | isc_mem_t * | mctx, | |
| isc_entropy_t * | ectx, | |||
| const char * | engine, | |||
| unsigned int | eflags | |||
| ) |
Initializes the DST subsystem.
Requires:
Definition at line 159 of file dst_api.c.
References default_memalloc(), default_memfree(), dst__gssapi_init(), dst__hmacmd5_init(), dst__hmacsha1_init(), dst__hmacsha224_init(), dst__hmacsha256_init(), dst__hmacsha384_init(), dst__hmacsha512_init(), dst__memory_pool, dst__openssl_init(), dst__openssldh_init(), dst__openssldsa_init(), dst__opensslrsa_init(), dst__pkcs11_init, dst__pkcs11dh_init(), dst__pkcs11dsa_init(), dst__pkcs11rsa_init(), DST_ALG_DH, DST_ALG_DSA, DST_ALG_ECCGOST, DST_ALG_ECDSA256, DST_ALG_ECDSA384, DST_ALG_GSSAPI, DST_ALG_HMACMD5, DST_ALG_HMACSHA1, DST_ALG_HMACSHA224, DST_ALG_HMACSHA256, DST_ALG_HMACSHA384, DST_ALG_HMACSHA512, DST_ALG_NSEC3DSA, DST_ALG_NSEC3RSASHA1, DST_ALG_RSAMD5, DST_ALG_RSASHA1, DST_ALG_RSASHA256, DST_ALG_RSASHA512, dst_entropy_flags, dst_initialized, dst_lib_destroy(), dst_result_register(), isc_entropy_attach(), ISC_FALSE, isc_mem_attach(), isc_mem_createx2(), isc_mem_setdestroycheck(), isc_mem_setname(), ISC_R_SUCCESS, ISC_TRUE, REQUIRE, RETERR, and UNUSED.
Referenced by dst_lib_init(), main(), and ns_server_create().
| void dst_lib_destroy | ( | void | ) |
Releases all resources allocated by DST.
Definition at line 263 of file dst_api.c.
References dst_func::cleanup, cleanup(), dst__memory_pool, dst__openssl_destroy(), dst__pkcs11_destroy, dst_initialized, DST_MAX_ALGS, isc_entropy_detach(), ISC_FALSE, isc_mem_detach(), ISC_TRUE, and RUNTIME_CHECK.
Referenced by destroy_libs(), dns_lib_shutdown(), dns_test_end(), doshutdown(), dst_lib_init2(), initialize(), main(), and ns_server_destroy().
| isc_boolean_t dst_algorithm_supported | ( | unsigned int | alg | ) |
Checks that a given algorithm is supported by DST.
Returns:
Definition at line 283 of file dst_api.c.
References dst_initialized, DST_MAX_ALGS, ISC_FALSE, ISC_TRUE, and REQUIRE.
Referenced by algorithm_status(), dns_resolver_algorithm_supported(), and main().
| isc_boolean_t dst_ds_digest_supported | ( | unsigned int | digest_type | ) |
Checks that a given digest algorithm is supported by DST.
Returns:
Definition at line 292 of file dst_api.c.
References DNS_DSDIGEST_GOST, DNS_DSDIGEST_SHA1, DNS_DSDIGEST_SHA256, DNS_DSDIGEST_SHA384, and ISC_TF.
Referenced by dns_ds_buildrdata(), and dns_resolver_ds_digest_supported().
| isc_result_t dst_context_create | ( | dst_key_t * | key, | |
| isc_mem_t * | mctx, | |||
| dst_context_t ** | dctxp | |||
| ) |
Definition at line 306 of file dst_api.c.
References DNS_LOGCATEGORY_GENERAL, dst_context_create4(), and ISC_TRUE.
| isc_result_t dst_context_create2 | ( | dst_key_t * | key, | |
| isc_mem_t * | mctx, | |||
| isc_logcategory_t * | category, | |||
| dst_context_t ** | dctxp | |||
| ) |
| isc_result_t dst_context_create3 | ( | dst_key_t * | key, | |
| isc_mem_t * | mctx, | |||
| isc_logcategory_t * | category, | |||
| isc_boolean_t | useforsigning, | |||
| dst_context_t ** | dctxp | |||
| ) |
Definition at line 319 of file dst_api.c.
References dst_context_create4().
Referenced by dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_verifymessage(), dns_tsig_sign(), dns_tsig_verify(), and tsig_verify_tcp().
| isc_result_t dst_context_create4 | ( | dst_key_t * | key, | |
| isc_mem_t * | mctx, | |||
| isc_logcategory_t * | category, | |||
| isc_boolean_t | useforsigning, | |||
| int | maxbits, | |||
| dst_context_t ** | dctxp | |||
| ) |
Creates a context to be used for a sign or verify operation.
Requires:
Definition at line 328 of file dst_api.c.
References dst_context::category, CTX_MAGIC, DO_SIGN, DO_VERIFY, dst_initialized, DST_R_NULLKEY, DST_R_UNSUPPORTEDALG, isc_mem_get, isc_mem_put, ISC_R_NOMEMORY, ISC_R_SUCCESS, ISC_TRUE, dst_context::key, dst_context::magic, dst_context::mctx, REQUIRE, dst_context::use, and VALID_KEY.
Referenced by dns_dnssec_verify3(), dst_context_create(), dst_context_create2(), and dst_context_create3().
| void dst_context_destroy | ( | dst_context_t ** | dctxp | ) |
Destroys all memory associated with a context.
Requires:
Definition at line 370 of file dst_api.c.
References INSIST, isc_mem_put, dst_context::key, dst_context::magic, dst_context::mctx, REQUIRE, and VALID_CTX.
Referenced by destroy_lookup(), dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_verify3(), dns_dnssec_verifymessage(), dns_tsig_sign(), dns_tsig_verify(), maybe_free(), msgreset(), tsig_verify_tcp(), and xfrin_send_request().
| isc_result_t dst_context_adddata | ( | dst_context_t * | dctx, | |
| const isc_region_t * | data | |||
| ) |
Incrementally adds data to the context to be used in a sign or verify operation.
Requires:
Definition at line 384 of file dst_api.c.
References INSIST, dst_context::key, REQUIRE, and VALID_CTX.
Referenced by digest_callback(), digest_sig(), dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_verify3(), dns_dnssec_verifymessage(), dns_tsig_sign(), dns_tsig_verify(), and tsig_verify_tcp().
| isc_result_t dst_context_sign | ( | dst_context_t * | dctx, | |
| isc_buffer_t * | sig | |||
| ) |
Computes a signature using the data and key stored in the context.
Requires:
Definition at line 393 of file dst_api.c.
References CHECKALG, DST_R_NOTPRIVATEKEY, DST_R_NULLKEY, ISC_FALSE, dst_context::key, REQUIRE, and VALID_CTX.
Referenced by dns_dnssec_sign(), dns_dnssec_signmessage(), and dns_tsig_sign().
| isc_result_t dst_context_verify | ( | dst_context_t * | dctx, | |
| isc_region_t * | sig | |||
| ) |
Definition at line 414 of file dst_api.c.
References CHECKALG, DST_R_NOTPUBLICKEY, DST_R_NULLKEY, dst_context::key, REQUIRE, and VALID_CTX.
Referenced by dns_dnssec_verifymessage(), dns_tsig_verify(), and tsig_verify_tcp().
| isc_result_t dst_context_verify2 | ( | dst_context_t * | dctx, | |
| unsigned int | maxbits, | |||
| isc_region_t * | sig | |||
| ) |
Verifies the signature using the data and key stored in the context.
'maxbits' specifies the maximum number of bits permitted in the RSA exponent.
Requires:
Definition at line 428 of file dst_api.c.
References CHECKALG, DST_R_NOTPUBLICKEY, DST_R_NULLKEY, dst_context::key, REQUIRE, and VALID_CTX.
Referenced by dns_dnssec_verify3().
| isc_result_t dst_key_computesecret | ( | const dst_key_t * | pub, | |
| const dst_key_t * | priv, | |||
| isc_buffer_t * | secret | |||
| ) |
Computes a shared secret from two (Diffie-Hellman) keys.
Requires:
Definition at line 447 of file dst_api.c.
References CHECKALG, dst_initialized, dst_key_isprivate(), DST_R_KEYCANNOTCOMPUTESECRET, DST_R_NOTPRIVATEKEY, DST_R_NULLKEY, ISC_FALSE, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by dns_tkey_processdhresponse(), and process_dhtkey().
| isc_result_t dst_key_getfilename | ( | dns_name_t * | name, | |
| dns_keytag_t | id, | |||
| unsigned int | alg, | |||
| int | type, | |||
| const char * | directory, | |||
| isc_mem_t * | mctx, | |||
| isc_buffer_t * | buf | |||
| ) |
Generates a key filename for the name, algorithm, and id, and places it in the buffer 'buf'. If directory is NULL, the current directory is assumed.
Requires:
Definition at line 508 of file dst_api.c.
References buildfilename(), CHECKALG, dns_name_isabsolute(), dst_initialized, DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, isc_buffer_availablelength, isc_buffer_putuint8, ISC_R_NOSPACE, ISC_R_SUCCESS, ISC_TRUE, and REQUIRE.
Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), and dst_key_fromfile().
| isc_result_t dst_key_fromfile | ( | dns_name_t * | name, | |
| dns_keytag_t | id, | |||
| unsigned int | alg, | |||
| int | type, | |||
| const char * | directory, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Reads a key from permanent storage. The key can either be a public or private key, and is specified by name, algorithm, and id. If a private key is specified, the public key must also be present. If directory is NULL, the current directory is assumed.
Requires:
Definition at line 534 of file dst_api.c.
References CHECKALG, computeid(), dns_name_equal(), dns_name_isabsolute(), dst_initialized, dst_key_free(), dst_key_fromnamedfile(), dst_key_getfilename(), DST_R_INVALIDPRIVATEKEY, DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, isc_buffer_init, ISC_DIR_NAMEMAX, ISC_R_SUCCESS, ISC_TRUE, and REQUIRE.
Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), emit(), keythatsigned(), and ns_tkeyctx_fromconfig().
| isc_result_t dst_key_fromnamedfile | ( | const char * | filename, | |
| const char * | dirname, | |||
| int | type, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Reads a key from permanent storage. The key can either be a public or key, and is specified by filename. If a private key is specified, the public key must also be present.
If 'dirname' is not NULL, and 'filename' is a relative path, then the file is looked up relative to the given directory. If 'filename' is an absolute path, 'dirname' is ignored.
Requires:
Definition at line 583 of file dst_api.c.
References addsuffix(), algorithm_status(), computeid(), DNS_KEYFLAG_TYPEMASK, DNS_KEYTYPE_NOKEY, dst_initialized, dst_key_free(), dst_key_read_public(), DST_R_INVALIDPRIVATEKEY, DST_R_UNSUPPORTEDALG, DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, get_key_struct(), INSIST, isc_lex_create(), isc_lex_destroy(), isc_lex_openfile(), isc_mem_get, isc_mem_put, ISC_R_NOMEMORY, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, and RETERR.
Referenced by dns_dnssec_findmatchingkeys(), dst_key_fromfile(), loadexplicitkeys(), loadkey(), main(), setup_file_key(), and setup_keyfile().
| isc_result_t dst_key_read_public | ( | const char * | filename, | |
| int | type, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Reads a public key from permanent storage. The key must be a public key.
Requires:
< SIG(0), TKEY
Definition at line 1468 of file dst_api.c.
References isc_tokenvalue_t::as_textregion, BADTOKEN, cleanup(), dns_fixedname_init, dns_fixedname_name, dns_name_fromtext(), dns_rdata_fromtext(), DNS_RDATA_INIT, dns_rdataclass_fromtext(), dns_rootname, dns_ttl_fromtext(), DST_AS_STR, dst_key_fromdns(), DST_KEY_MAXSIZE, dst_key_setttl(), DST_R_BADKEYTYPE, DST_TYPE_KEY, isc_buffer_add, isc_buffer_init, ISC_FALSE, isc_lex_create(), isc_lex_destroy(), isc_lex_openfile(), isc_lex_setcomments(), isc_lex_setspecials(), ISC_LEXCOMMENT_DNSMASTERFILE, ISC_LEXOPT_DNSMULTILINE, ISC_R_SUCCESS, isc_tokentype_string, NEXTTOKEN, token, isc_token::type, and isc_token::value.
Referenced by dst_key_fromnamedfile().
| isc_result_t dst_key_tofile | ( | const dst_key_t * | key, | |
| int | type, | |||
| const char * | directory | |||
| ) |
Writes a key to permanent storage. The key can either be a public or private key. Public keys are written in DNS format and private keys are written as a set of base64 encoded values. If directory is NULL, the current directory is assumed.
Requires:
Definition at line 472 of file dst_api.c.
References CHECKALG, DNS_KEYFLAG_TYPEMASK, DNS_KEYTYPE_NOKEY, dst_initialized, DST_R_UNSUPPORTEDALG, DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, VALID_KEY, and write_public_key().
| isc_result_t dst_key_fromdns | ( | dns_name_t * | name, | |
| dns_rdataclass_t | rdclass, | |||
| isc_buffer_t * | source, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Converts a DNS KEY record into a DST key.
Requires:
Definition at line 720 of file dst_api.c.
References DNS_KEYFLAG_EXTENDED, dst_initialized, DST_R_INVALIDPUBLICKEY, dst_region_computeid(), dst_region_computerid(), frombuffer(), isc_buffer_getuint16(), isc_buffer_getuint8(), isc_buffer_remaininglength, isc_buffer_remainingregion, ISC_R_SUCCESS, r, and REQUIRE.
Referenced by dns_client_addtrustedkey(), dns_dnssec_keyfromrdata(), dns_message_checksig(), dns_nsec3_maxiterations(), dst_key_read_public(), dstkey_fromconfig(), emit(), get_dst_key(), get_key(), and logkey().
| isc_result_t dst_key_todns | ( | const dst_key_t * | key, | |
| isc_buffer_t * | target | |||
| ) |
Converts a DST key into a DNS KEY record.
Requires:
< NULL KEY
Definition at line 689 of file dst_api.c.
References CHECKALG, DNS_KEYFLAG_EXTENDED, dst_initialized, DST_R_UNSUPPORTEDALG, isc_buffer_availablelength, isc_buffer_putuint16, isc_buffer_putuint8, ISC_R_NOSPACE, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by computeid(), create_keydata(), dns_tkey_builddhquery(), loadkey(), make_dnskey(), process_dhtkey(), pub_compare(), write_public_key(), and writeset().
| isc_result_t dst_key_frombuffer | ( | dns_name_t * | name, | |
| unsigned int | alg, | |||
| unsigned int | flags, | |||
| unsigned int | protocol, | |||
| dns_rdataclass_t | rdclass, | |||
| isc_buffer_t * | source, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Converts a buffer containing DNS KEY RDATA into a DST key.
Requires:
Definition at line 762 of file dst_api.c.
References computeid(), dst_initialized, dst_key_free(), frombuffer(), ISC_R_SUCCESS, and REQUIRE.
Referenced by dns_tsigkey_create().
| isc_result_t dst_key_tobuffer | ( | const dst_key_t * | key, | |
| isc_buffer_t * | target | |||
| ) |
Converts a DST key into DNS KEY RDATA format.
Requires:
Definition at line 788 of file dst_api.c.
References CHECKALG, dst_initialized, DST_R_UNSUPPORTEDALG, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by generate_session_key().
| isc_result_t dst_key_privatefrombuffer | ( | dst_key_t * | key, | |
| isc_buffer_t * | buffer | |||
| ) |
Converts a public key into a private key, reading the private key information from the buffer. The buffer should contain the same data as the .private key file would.
Requires:
Definition at line 802 of file dst_api.c.
References dst_initialized, dst_key_isprivate(), DST_R_UNSUPPORTEDALG, isc_lex_create(), isc_lex_destroy(), isc_lex_openbuffer(), ISC_R_SUCCESS, ISC_TRUE, REQUIRE, RETERR, and VALID_KEY.
| gss_ctx_id_t dst_key_getgssctx | ( | const dst_key_t * | key | ) |
Returns the opaque key data. Be cautions when using this value unless you know what you are doing.
Requires:
Definition at line 824 of file dst_api.c.
References REQUIRE.
Referenced by process_gsstkey().
| isc_result_t dst_key_fromgssapi | ( | dns_name_t * | name, | |
| gss_ctx_id_t | gssctx, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp, | |||
| isc_region_t * | intoken | |||
| ) |
Converts a GSSAPI opaque context id into a DST key.
Requires:
Definition at line 832 of file dst_api.c.
References DNS_KEYPROTO_DNSSEC, DST_ALG_GSSAPI, get_key_struct(), isc_buffer_allocate(), isc_buffer_copyregion(), ISC_R_NOMEMORY, ISC_R_SUCCESS, isc_region::length, REQUIRE, and RETERR.
Referenced by dns_tkey_gssnegotiate(), dns_tkey_processgssresponse(), and process_gsstkey().
| isc_result_t dst_key_fromlabel | ( | dns_name_t * | name, | |
| int | alg, | |||
| unsigned int | flags, | |||
| unsigned int | protocol, | |||
| dns_rdataclass_t | rdclass, | |||
| const char * | engine, | |||
| const char * | label, | |||
| const char * | pin, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Definition at line 898 of file dst_api.c.
References CHECKALG, computeid(), dns_name_isabsolute(), dst_initialized, dst_key_free(), DST_R_UNSUPPORTEDALG, get_key_struct(), ISC_R_NOMEMORY, ISC_R_SUCCESS, ISC_TRUE, and REQUIRE.
Referenced by main().
| isc_result_t dst_key_generate | ( | dns_name_t * | name, | |
| unsigned int | alg, | |||
| unsigned int | bits, | |||
| unsigned int | param, | |||
| unsigned int | flags, | |||
| unsigned int | protocol, | |||
| dns_rdataclass_t | rdclass, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Definition at line 940 of file dst_api.c.
References dst_key_generate2().
Referenced by generate_session_key().
| isc_result_t dst_key_generate2 | ( | dns_name_t * | name, | |
| unsigned int | alg, | |||
| unsigned int | bits, | |||
| unsigned int | param, | |||
| unsigned int | flags, | |||
| unsigned int | protocol, | |||
| dns_rdataclass_t | rdclass, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp, | |||
| void(*)(int) | callback | |||
| ) |
Generate a DST key (or keypair) with the supplied parameters. The interpretation of the "param" field depends on the algorithm:.
RSA: exponent
0 use exponent 3
!0 use Fermat4 (2^16 + 1)
DH: generator
0 default - use well known prime if bits == 768 or 1024,
otherwise use 2 as the generator.
!0 use this value as the generator.
DSA: unused
HMACMD5: entropy
0 default - require good entropy
!0 lack of good entropy is ok
*
Requires:
< NULL KEY
Definition at line 951 of file dst_api.c.
References CHECKALG, computeid(), DNS_KEYTYPE_NOKEY, dns_name_isabsolute(), dst_initialized, dst_key_free(), DST_R_UNSUPPORTEDALG, get_key_struct(), ISC_R_NOMEMORY, ISC_R_SUCCESS, ISC_TRUE, and REQUIRE.
Referenced by dst_key_generate(), and main().
| isc_boolean_t dst_key_compare | ( | const dst_key_t * | key1, | |
| const dst_key_t * | key2 | |||
| ) |
Compares two DST keys. Returns true if they match, false otherwise.
Keys ARE NOT considered to match if one of them is the revoked version of the other.
Requires:
Definition at line 1157 of file dst_api.c.
References comparekeys(), and ISC_FALSE.
Referenced by dns_keytable_deletekeynode(), get_dst_key(), insert(), and ns_client_isself().
| isc_boolean_t dst_key_pubcompare | ( | const dst_key_t * | key1, | |
| const dst_key_t * | key2, | |||
| isc_boolean_t | match_revoked_key | |||
| ) |
Compares only the public portions of two DST keys. Returns true if they match, false otherwise. This allows us, for example, to determine whether a public key found in a zone matches up with a key pair found on disk.
If match_revoked_key is TRUE, then keys ARE considered to match if one of them is the revoked version of the other. Otherwise, they are not.
Requires:
Definition at line 1162 of file dst_api.c.
References comparekeys(), and pub_compare().
Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), and dns_dnssec_updatekeys().
| isc_boolean_t dst_key_paramcompare | ( | const dst_key_t * | key1, | |
| const dst_key_t * | key2 | |||
| ) |
Compares the parameters of two DST keys. This is used to determine if two (Diffie-Hellman) keys can be used to derive a shared secret.
Requires:
Definition at line 1170 of file dst_api.c.
References dst_initialized, ISC_FALSE, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by process_dhtkey().
Definition at line 1188 of file dst_api.c.
References dst_initialized, isc_refcount_increment, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by dns_tsigkey_createfromkey(), and setup_keyfile().
| void dst_key_free | ( | dst_key_t ** | keyp | ) |
Decrement the key's reference counter and, when it reaches zero, release all memory associated with the key.
Requires:
Definition at line 1199 of file dst_api.c.
References dns_name_free(), dst_initialized, INSIST, isc_buffer_free(), isc_mem_free, isc_mem_put, isc_mem_putanddetach, isc_refcount_decrement, isc_refcount_destroy, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by addkey(), checkkey(), cleanup(), compute_tag(), destroy(), dns_client_addtrustedkey(), dns_dnssec_findmatchingkeys(), dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dns_dnssec_signs(), dns_dnsseckey_destroy(), dns_keynode_detach(), dns_keytable_deletekeynode(), dns_message_checksig(), dns_nsec3_maxiterations(), dns_tkey_gssnegotiate(), dns_tkey_processdhresponse(), dns_tkey_processgssresponse(), dns_tkeyctx_destroy(), dns_tsec_destroy(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dns_update_signaturesinc(), dns_view_untrust(), doshutdown(), dst_key_buildinternal(), dst_key_frombuffer(), dst_key_fromfile(), dst_key_fromlabel(), dst_key_fromnamedfile(), dst_key_generate2(), dst_key_restore(), dstkey_fromconfig(), emit(), frombuffer(), generate_session_key(), get_dst_key(), get_key(), goodsig(), insert(), isselfsigned(), keythatsigned(), load_view_keys(), loadexplicitkeys(), loadkey(), logkey(), main(), process_dhtkey(), process_gsstkey(), restore_key(), revocable(), setup_file_key(), setup_keyfile(), trust_key(), tsigkey_free(), update_sendevent(), validate(), zone_nsec3chain(), zone_resigninc(), and zone_sign().
| dns_name_t* dst_key_name | ( | const dst_key_t * | key | ) |
Definition at line 87 of file key.c.
References REQUIRE, and VALID_KEY.
Referenced by addkey(), create_keydata(), dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_verifymessage(), dns_keytable_add(), dns_keytable_deletekeynode(), dns_message_setsig0key(), dns_tkey_builddhquery(), dns_tkey_processdhresponse(), dns_tsec_create(), dst_key_format(), emit(), generate_session_key(), iszonekey(), keythatsigned_unlocked(), load_view_keys(), loadexplicitkeys(), loadkey(), main(), process_dhtkey(), setup_file_key(), setup_keyfile(), start_lookup(), and sync_keyzone().
| unsigned int dst_key_size | ( | const dst_key_t * | key | ) |
Definition at line 93 of file key.c.
References REQUIRE, and VALID_KEY.
Referenced by dns_nsec3_maxiterations(), dns_tsigkey_createfromkey(), and main().
| unsigned int dst_key_proto | ( | const dst_key_t * | key | ) |
Definition at line 99 of file key.c.
References REQUIRE, and VALID_KEY.
Referenced by dns_message_checksig().
| unsigned int dst_key_alg | ( | const dst_key_t * | key | ) |
Definition at line 105 of file key.c.
References REQUIRE, and VALID_KEY.
Referenced by addkey(), del_sigs(), delsig_ok(), dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_updatekeys(), dns_keytable_findkeynode(), dns_keytable_findnextkeynode(), dns_message_checksig(), dns_tkey_builddhquery(), dns_tkey_processdhresponse(), dns_tsec_create(), dns_tsig_verify(), dns_tsigkey_createfromkey(), dst__privstruct_parse(), dst__privstruct_writefile(), dst_key_format(), emit(), get_dst_key(), get_key(), key_collision(), keyfetch_done(), keythatsigned_unlocked(), loadexplicitkeys(), main(), mark_active_keys(), process_dhtkey(), publish_key(), remove_key(), revocable(), setup_file_key(), setup_keyfile(), signed_with_key(), signset(), writeset(), and zone_sign().
| isc_uint32_t dst_key_flags | ( | const dst_key_t * | key | ) |
Definition at line 111 of file key.c.
References REQUIRE, and VALID_KEY.
Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dns_dnssec_sign(), dns_dnssec_updatekeys(), dns_dnssec_verify3(), dns_dnsseckey_create(), get_hints(), and main().
| dns_keytag_t dst_key_id | ( | const dst_key_t * | key | ) |
Definition at line 117 of file key.c.
References REQUIRE, and VALID_KEY.
Referenced by addkey(), compute_tag(), del_keysigs(), del_sigs(), delsig_ok(), dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_signs(), dns_keytable_findkeynode(), dns_keytable_findnextkeynode(), dns_message_checksig(), dst_key_format(), emit(), get_dst_key(), get_key(), goodsig(), key_collision(), keyfetch_done(), keythatsigned_unlocked(), loadexplicitkeys(), mark_active_keys(), publish_key(), remove_key(), signed_with_key(), and zone_sign().
| dns_keytag_t dst_key_rid | ( | const dst_key_t * | key | ) |
Definition at line 123 of file key.c.
References REQUIRE, and VALID_KEY.
Referenced by key_collision(), main(), and revocable().
| dns_rdataclass_t dst_key_class | ( | const dst_key_t * | key | ) |
Definition at line 129 of file key.c.
References REQUIRE, and VALID_KEY.
Referenced by create_keydata(), loadkey(), and make_dnskey().
| isc_boolean_t dst_key_isprivate | ( | const dst_key_t * | key | ) |
Definition at line 1234 of file dst_api.c.
References INSIST, REQUIRE, and VALID_KEY.
Referenced by add_sigs(), addkey(), del_keysigs(), del_sigs(), delsig_ok(), dns_tkey_builddhquery(), dns_tkey_processdhresponse(), dst_key_computesecret(), dst_key_privatefrombuffer(), emit(), loadexplicitkeys(), main(), and zone_sign().
| isc_boolean_t dst_key_iszonekey | ( | const dst_key_t * | key | ) |
Definition at line 135 of file key.c.
References DNS_KEYFLAG_OWNERMASK, DNS_KEYOWNER_ZONE, DNS_KEYPROTO_ANY, DNS_KEYPROTO_DNSSEC, DNS_KEYTYPE_NOAUTH, ISC_FALSE, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by get_dst_key(), get_key(), and iszonekey().
| isc_boolean_t dst_key_isnullkey | ( | const dst_key_t * | key | ) |
Definition at line 149 of file key.c.
References DNS_KEYFLAG_OWNERMASK, DNS_KEYFLAG_TYPEMASK, DNS_KEYOWNER_ZONE, DNS_KEYPROTO_ANY, DNS_KEYPROTO_DNSSEC, DNS_KEYTYPE_NOKEY, ISC_FALSE, ISC_TRUE, REQUIRE, and VALID_KEY.
| isc_result_t dst_key_buildfilename | ( | const dst_key_t * | key, | |
| int | type, | |||
| const char * | directory, | |||
| isc_buffer_t * | out | |||
| ) |
Generates the filename used by dst to store the specified key. If directory is NULL, the current directory is assumed.
Requires:
Definition at line 1241 of file dst_api.c.
References buildfilename(), DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, REQUIRE, and VALID_KEY.
Referenced by dst__privstruct_writefile(), emit(), main(), and write_public_key().
| isc_result_t dst_key_sigsize | ( | const dst_key_t * | key, | |
| unsigned int * | n | |||
| ) |
Computes the size of a signature generated by the given key.
Requires:
< XXX
Definition at line 1253 of file dst_api.c.
References DNS_SIG_DSASIGSIZE, DNS_SIG_ECDSA256SIZE, DNS_SIG_ECDSA384SIZE, DNS_SIG_GOSTSIGSIZE, DST_ALG_DH, DST_ALG_DSA, DST_ALG_ECCGOST, DST_ALG_ECDSA256, DST_ALG_ECDSA384, DST_ALG_GSSAPI, DST_ALG_HMACMD5, DST_ALG_HMACSHA1, DST_ALG_HMACSHA224, DST_ALG_HMACSHA256, DST_ALG_HMACSHA384, DST_ALG_HMACSHA512, DST_ALG_NSEC3DSA, DST_ALG_NSEC3RSASHA1, DST_ALG_RSAMD5, DST_ALG_RSASHA1, DST_ALG_RSASHA256, DST_ALG_RSASHA512, dst_initialized, DST_R_UNSUPPORTEDALG, ISC_R_SUCCESS, ISC_SHA1_DIGESTLENGTH, ISC_SHA224_DIGESTLENGTH, ISC_SHA256_DIGESTLENGTH, ISC_SHA384_DIGESTLENGTH, ISC_SHA512_DIGESTLENGTH, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by dns_dnssec_sign(), dns_dnssec_signmessage(), dns_message_setsig0key(), dns_tsig_sign(), dns_tsig_verify(), dst_key_setbits(), and spacefortsig().
| isc_result_t dst_key_secretsize | ( | const dst_key_t * | key, | |
| unsigned int * | n | |||
| ) |
Computes the size of a shared secret generated by the given key.
Requires:
Definition at line 1309 of file dst_api.c.
References DST_ALG_DH, dst_initialized, DST_R_UNSUPPORTEDALG, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by dns_tkey_processdhresponse(), and process_dhtkey().
| isc_uint16_t dst_region_computeid | ( | const isc_region_t * | source, | |
| unsigned int | alg | |||
| ) |
Definition at line 35 of file key.c.
References isc_region::base, DST_ALG_RSAMD5, isc_region::length, and REQUIRE.
Referenced by add_signing_records(), compute_keytag(), computeid(), dns_ds_buildrdata(), dst_key_fromdns(), mkey_dumpzone(), totext_cdnskey(), totext_dnskey(), totext_key(), totext_keydata(), and update_action().
| isc_uint16_t dst_region_computerid | ( | const isc_region_t * | source, | |
| unsigned int | alg | |||
| ) |
Computes the (revoked) key id of the key stored in the provided region with the given algorithm.
Requires:
Definition at line 60 of file key.c.
References isc_region::base, DNS_KEYFLAG_REVOKE, DST_ALG_RSAMD5, isc_region::length, and REQUIRE.
Referenced by computeid(), and dst_key_fromdns().
| isc_uint16_t dst_key_getbits | ( | const dst_key_t * | key | ) |
Get the number of digest bits required (0 == MAX).
Requires: "key" is a valid key.
Definition at line 175 of file key.c.
References REQUIRE, and VALID_KEY.
Referenced by dns_tsig_sign(), and dns_tsig_verify().
| void dst_key_setbits | ( | dst_key_t * | key, | |
| isc_uint16_t | bits | |||
| ) |
Set the number of digest bits required (0 == MAX).
Requires: "key" is a valid key.
Definition at line 163 of file key.c.
References dst_key_sigsize(), ISC_R_SUCCESS, REQUIRE, RUNTIME_CHECK, and VALID_KEY.
Referenced by add_initial_keys(), evaluate_key(), main(), setup_keystr(), and setup_text_key().
Set the default TTL to use when converting the key to a KEY or DNSKEY RR.
Requires: "key" is a valid key.
Definition at line 181 of file key.c.
References REQUIRE, and VALID_KEY.
Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dst_key_read_public(), emit(), and main().
Get the default TTL to use when converting the key to a KEY or DNSKEY RR.
Requires: "key" is a valid key.
Definition at line 187 of file key.c.
References REQUIRE, and VALID_KEY.
Referenced by dns_dnssec_keylistfromrdataset(), and dns_dnssec_updatekeys().
| isc_result_t dst_key_setflags | ( | dst_key_t * | key, | |
| isc_uint32_t | flags | |||
| ) |
Set the flags on a key, then recompute the key ID.
Definition at line 1325 of file dst_api.c.
References computeid(), REQUIRE, and VALID_KEY.
Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), get_hints(), and main().
| isc_result_t dst_key_getnum | ( | const dst_key_t * | key, | |
| int | type, | |||
| isc_uint32_t * | valuep | |||
| ) |
Get a member of the numeric metadata array and place it in '*valuep'.
Requires: "key" is a valid key. "type" is no larger than DST_MAX_NUMERIC "timep" is not null.
Definition at line 1001 of file dst_api.c.
References DST_MAX_NUMERIC, ISC_R_NOTFOUND, ISC_R_SUCCESS, REQUIRE, and VALID_KEY.
Referenced by dst__privstruct_writefile().
| void dst_key_setnum | ( | dst_key_t * | key, | |
| int | type, | |||
| isc_uint32_t | value | |||
| ) |
Set a member of the numeric metadata array.
Requires: "key" is a valid key. "type" is no larger than DST_MAX_NUMERIC
Definition at line 1013 of file dst_api.c.
References DST_MAX_NUMERIC, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by dst__privstruct_parse().
| void dst_key_unsetnum | ( | dst_key_t * | key, | |
| int | type | |||
| ) |
| isc_result_t dst_key_gettime | ( | const dst_key_t * | key, | |
| int | type, | |||
| isc_stdtime_t * | timep | |||
| ) |
Get a member of the timing metadata array and place it in '*timep'.
Requires: "key" is a valid key. "type" is no larger than DST_MAX_TIMES "timep" is not null.
Definition at line 1030 of file dst_api.c.
References DST_MAX_TIMES, ISC_R_NOTFOUND, ISC_R_SUCCESS, REQUIRE, and VALID_KEY.
Referenced by dns_dnssec_keyactive(), dst__privstruct_writefile(), get_hints(), main(), next_keyevent(), and printtime().
| void dst_key_settime | ( | dst_key_t * | key, | |
| int | type, | |||
| isc_stdtime_t | when | |||
| ) |
Set a member of the timing metadata array.
Requires: "key" is a valid key. "type" is no larger than DST_MAX_TIMES
Definition at line 1041 of file dst_api.c.
References DST_MAX_TIMES, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by dst__privstruct_parse(), emit(), main(), publish_key(), and set_keyversion().
| void dst_key_unsettime | ( | dst_key_t * | key, | |
| int | type | |||
| ) |
| isc_result_t dst_key_getprivateformat | ( | const dst_key_t * | key, | |
| int * | majorp, | |||
| int * | minorp | |||
| ) |
Get the private key format version number. (If the key does not have a private key associated with it, the version will be 0.0.) The major version number is placed in '*majorp', and the minor version number in '*minorp'.
Requires: "key" is a valid key. "majorp" is not NULL. "minorp" is not NULL.
Definition at line 1056 of file dst_api.c.
References ISC_R_SUCCESS, REQUIRE, and VALID_KEY.
Referenced by check_keyversion(), dns_dnssec_keyactive(), dns_dnsseckey_create(), dst__privstruct_writefile(), main(), and set_keyversion().
| void dst_key_setprivateformat | ( | dst_key_t * | key, | |
| int | major, | |||
| int | minor | |||
| ) |
Set the private key format version number.
Requires: "key" is a valid key.
Definition at line 1066 of file dst_api.c.
References REQUIRE, and VALID_KEY.
Referenced by dst__privstruct_parse(), main(), and set_keyversion().
| void dst_key_format | ( | const dst_key_t * | key, | |
| char * | cp, | |||
| unsigned int | size | |||
| ) |
Write the uniquely identifying information about the key (name, algorithm, key ID) into a string 'cp' of size 'size'.
Definition at line 1332 of file dst_api.c.
References dns_name_format(), DNS_NAME_FORMATSIZE, dns_secalg_format(), dst_key_alg(), dst_key_id(), and dst_key_name().
Referenced by dns_keytable_totext(), dns_sdlzssumatch(), dns_ssu_external_match(), emit(), loadkey(), logkey(), main(), publish_key(), and signwithkey().
| isc_buffer_t* dst_key_tkeytoken | ( | const dst_key_t * | key | ) |
Return the token from the TKEY request, if any. If this key was not negotiated via TKEY, return NULL.
Requires: "key" is a valid key.
Definition at line 1971 of file dst_api.c.
References REQUIRE, and VALID_KEY.
Referenced by dns_sdlzssumatch(), and dns_ssu_external_match().
| isc_result_t dst_key_dump | ( | dst_key_t * | key, | |
| isc_mem_t * | mctx, | |||
| char ** | buffer, | |||
| int * | length | |||
| ) |
Allocate 'buffer' and dump the key into it in base64 format. The buffer is not NUL terminated. The length of the buffer is returned in *length.
'buffer' needs to be freed using isc_mem_put(mctx, buffer, length);
Requires: 'buffer' to be non NULL and *buffer to be NULL. 'length' to be non NULL and *length to be zero.
Returns: ISC_R_SUCCESS ISC_R_NOMEMORY ISC_R_NOTIMPLEMENTED others.
Definition at line 1343 of file dst_api.c.
References ISC_R_NOTIMPLEMENTED, REQUIRE, and VALID_KEY.
Referenced by dump_key().
| isc_result_t dst_key_restore | ( | dns_name_t * | name, | |
| unsigned int | alg, | |||
| unsigned int | flags, | |||
| unsigned int | protocol, | |||
| dns_rdataclass_t | rdclass, | |||
| isc_mem_t * | mctx, | |||
| const char * | keystr, | |||
| dst_key_t ** | keyp | |||
| ) |
Definition at line 1355 of file dst_api.c.
References dst_initialized, dst_key_free(), DST_MAX_ALGS, DST_R_UNSUPPORTEDALG, get_key_struct(), ISC_R_NOMEMORY, ISC_R_NOTIMPLEMENTED, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, and dst_func::restore.
Referenced by restore_key().
| isc_boolean_t dst_key_inactive | ( | const dst_key_t * | key | ) |
Determines if the private key is missing due the key being deemed inactive.
Requires: 'key' to be valid.
Definition at line 1449 of file dst_api.c.
References REQUIRE, and VALID_KEY.
Referenced by del_keysigs(), and del_sigs().
| void dst_key_setinactive | ( | dst_key_t * | key, | |
| isc_boolean_t | inactive | |||
| ) |
| void dst_key_setexternal | ( | dst_key_t * | key, | |
| isc_boolean_t | value | |||
| ) |
| isc_boolean_t dst_key_isexternal | ( | dst_key_t * | key | ) |