dst.h File Reference

#include <isc/lang.h>
#include <isc/stdtime.h>
#include <dns/types.h>
#include <dns/log.h>
#include <dns/name.h>
#include <dns/secalg.h>
#include <dns/ds.h>
#include <dns/dsdigest.h>
#include <dst/gssapi.h>

Go to the source code of this file.

Defines

#define DST_DST_H   1
#define DST_ALG_UNKNOWN   0
#define DST_ALG_RSAMD5   1
#define DST_ALG_RSA   DST_ALG_RSAMD5
 backwards compatibility
#define DST_ALG_DH   2
#define DST_ALG_DSA   3
#define DST_ALG_ECC   4
#define DST_ALG_RSASHA1   5
#define DST_ALG_NSEC3DSA   6
#define DST_ALG_NSEC3RSASHA1   7
#define DST_ALG_RSASHA256   8
#define DST_ALG_RSASHA512   10
#define DST_ALG_ECCGOST   12
#define DST_ALG_ECDSA256   13
#define DST_ALG_ECDSA384   14
#define DST_ALG_HMACMD5   157
#define DST_ALG_GSSAPI   160
#define DST_ALG_HMACSHA1   161
#define DST_ALG_HMACSHA224   162
#define DST_ALG_HMACSHA256   163
#define DST_ALG_HMACSHA384   164
#define DST_ALG_HMACSHA512   165
#define DST_ALG_PRIVATE   254
#define DST_ALG_EXPAND   255
#define DST_MAX_ALGS   255
#define DST_KEY_MAXSIZE   1280
 A buffer of this size is large enough to hold any key.
#define DST_KEY_MAXTEXTSIZE   2048
 A buffer of this size is large enough to hold the textual representation of any key.
#define DST_TYPE_KEY   0x1000000
 'Type' for dst_read_key()
#define DST_TYPE_PRIVATE   0x2000000
#define DST_TYPE_PUBLIC   0x4000000
#define DST_TIME_CREATED   0
#define DST_TIME_PUBLISH   1
#define DST_TIME_ACTIVATE   2
#define DST_TIME_REVOKE   3
#define DST_TIME_INACTIVE   4
#define DST_TIME_DELETE   5
#define DST_TIME_DSPUBLISH   6
#define DST_MAX_TIMES   6
#define DST_NUM_PREDECESSOR   0
#define DST_NUM_SUCCESSOR   1
#define DST_NUM_MAXTTL   2
#define DST_NUM_ROLLPERIOD   3
#define DST_MAX_NUMERIC   3
#define DST_MAJOR_VERSION   1
#define DST_MINOR_VERSION   3
#define DST_KEY_FORMATSIZE   (DNS_NAME_FORMATSIZE + DNS_SECALG_FORMATSIZE + 7)

Typedefs

typedef
typedefISC_LANG_BEGINDECLS
struct dst_key 
dst_key_t
 The dst_key structure is opaque. Applications should use the accessor functions provided to retrieve key attributes. If an application needs to set attributes, new accessor functions will be written.
typedef struct dst_context dst_context_t

Functions

isc_result_t dst_lib_init (isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags)
isc_result_t dst_lib_init2 (isc_mem_t *mctx, isc_entropy_t *ectx, const char *engine, unsigned int eflags)
 Initializes the DST subsystem.
void dst_lib_destroy (void)
 Releases all resources allocated by DST.
isc_boolean_t dst_algorithm_supported (unsigned int alg)
 Checks that a given algorithm is supported by DST.
isc_boolean_t dst_ds_digest_supported (unsigned int digest_type)
 Checks that a given digest algorithm is supported by DST.
isc_result_t dst_context_create (dst_key_t *key, isc_mem_t *mctx, dst_context_t **dctxp)
isc_result_t dst_context_create2 (dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t *category, dst_context_t **dctxp)
isc_result_t dst_context_create3 (dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t *category, isc_boolean_t useforsigning, dst_context_t **dctxp)
isc_result_t dst_context_create4 (dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t *category, isc_boolean_t useforsigning, int maxbits, dst_context_t **dctxp)
 Creates a context to be used for a sign or verify operation.
void dst_context_destroy (dst_context_t **dctxp)
 Destroys all memory associated with a context.
isc_result_t dst_context_adddata (dst_context_t *dctx, const isc_region_t *data)
 Incrementally adds data to the context to be used in a sign or verify operation.
isc_result_t dst_context_sign (dst_context_t *dctx, isc_buffer_t *sig)
 Computes a signature using the data and key stored in the context.
isc_result_t dst_context_verify (dst_context_t *dctx, isc_region_t *sig)
isc_result_t dst_context_verify2 (dst_context_t *dctx, unsigned int maxbits, isc_region_t *sig)
 Verifies the signature using the data and key stored in the context.
isc_result_t dst_key_computesecret (const dst_key_t *pub, const dst_key_t *priv, isc_buffer_t *secret)
 Computes a shared secret from two (Diffie-Hellman) keys.
isc_result_t dst_key_getfilename (dns_name_t *name, dns_keytag_t id, unsigned int alg, int type, const char *directory, isc_mem_t *mctx, isc_buffer_t *buf)
 Generates a key filename for the name, algorithm, and id, and places it in the buffer 'buf'. If directory is NULL, the current directory is assumed.
isc_result_t dst_key_fromfile (dns_name_t *name, dns_keytag_t id, unsigned int alg, int type, const char *directory, isc_mem_t *mctx, dst_key_t **keyp)
 Reads a key from permanent storage. The key can either be a public or private key, and is specified by name, algorithm, and id. If a private key is specified, the public key must also be present. If directory is NULL, the current directory is assumed.
isc_result_t dst_key_fromnamedfile (const char *filename, const char *dirname, int type, isc_mem_t *mctx, dst_key_t **keyp)
 Reads a key from permanent storage. The key can either be a public or key, and is specified by filename. If a private key is specified, the public key must also be present.
isc_result_t dst_key_read_public (const char *filename, int type, isc_mem_t *mctx, dst_key_t **keyp)
 Reads a public key from permanent storage. The key must be a public key.
isc_result_t dst_key_tofile (const dst_key_t *key, int type, const char *directory)
 Writes a key to permanent storage. The key can either be a public or private key. Public keys are written in DNS format and private keys are written as a set of base64 encoded values. If directory is NULL, the current directory is assumed.
isc_result_t dst_key_fromdns (dns_name_t *name, dns_rdataclass_t rdclass, isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
 Converts a DNS KEY record into a DST key.
isc_result_t dst_key_todns (const dst_key_t *key, isc_buffer_t *target)
 Converts a DST key into a DNS KEY record.
isc_result_t dst_key_frombuffer (dns_name_t *name, unsigned int alg, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
 Converts a buffer containing DNS KEY RDATA into a DST key.
isc_result_t dst_key_tobuffer (const dst_key_t *key, isc_buffer_t *target)
 Converts a DST key into DNS KEY RDATA format.
isc_result_t dst_key_privatefrombuffer (dst_key_t *key, isc_buffer_t *buffer)
 Converts a public key into a private key, reading the private key information from the buffer. The buffer should contain the same data as the .private key file would.
gss_ctx_id_t dst_key_getgssctx (const dst_key_t *key)
 Returns the opaque key data. Be cautions when using this value unless you know what you are doing.
isc_result_t dst_key_fromgssapi (dns_name_t *name, gss_ctx_id_t gssctx, isc_mem_t *mctx, dst_key_t **keyp, isc_region_t *intoken)
 Converts a GSSAPI opaque context id into a DST key.
isc_result_t dst_key_fromlabel (dns_name_t *name, int alg, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, const char *engine, const char *label, const char *pin, isc_mem_t *mctx, dst_key_t **keyp)
isc_result_t dst_key_generate (dns_name_t *name, unsigned int alg, unsigned int bits, unsigned int param, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_mem_t *mctx, dst_key_t **keyp)
isc_result_t dst_key_generate2 (dns_name_t *name, unsigned int alg, unsigned int bits, unsigned int param, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_mem_t *mctx, dst_key_t **keyp, void(*callback)(int))
 Generate a DST key (or keypair) with the supplied parameters. The interpretation of the "param" field depends on the algorithm:.
isc_boolean_t dst_key_compare (const dst_key_t *key1, const dst_key_t *key2)
 Compares two DST keys. Returns true if they match, false otherwise.
isc_boolean_t dst_key_pubcompare (const dst_key_t *key1, const dst_key_t *key2, isc_boolean_t match_revoked_key)
 Compares only the public portions of two DST keys. Returns true if they match, false otherwise. This allows us, for example, to determine whether a public key found in a zone matches up with a key pair found on disk.
isc_boolean_t dst_key_paramcompare (const dst_key_t *key1, const dst_key_t *key2)
 Compares the parameters of two DST keys. This is used to determine if two (Diffie-Hellman) keys can be used to derive a shared secret.
void dst_key_attach (dst_key_t *source, dst_key_t **target)
void dst_key_free (dst_key_t **keyp)
 Decrement the key's reference counter and, when it reaches zero, release all memory associated with the key.
dns_name_tdst_key_name (const dst_key_t *key)
unsigned int dst_key_size (const dst_key_t *key)
unsigned int dst_key_proto (const dst_key_t *key)
unsigned int dst_key_alg (const dst_key_t *key)
isc_uint32_t dst_key_flags (const dst_key_t *key)
dns_keytag_t dst_key_id (const dst_key_t *key)
dns_keytag_t dst_key_rid (const dst_key_t *key)
dns_rdataclass_t dst_key_class (const dst_key_t *key)
isc_boolean_t dst_key_isprivate (const dst_key_t *key)
isc_boolean_t dst_key_iszonekey (const dst_key_t *key)
isc_boolean_t dst_key_isnullkey (const dst_key_t *key)
isc_result_t dst_key_buildfilename (const dst_key_t *key, int type, const char *directory, isc_buffer_t *out)
 Generates the filename used by dst to store the specified key. If directory is NULL, the current directory is assumed.
isc_result_t dst_key_sigsize (const dst_key_t *key, unsigned int *n)
 Computes the size of a signature generated by the given key.
isc_result_t dst_key_secretsize (const dst_key_t *key, unsigned int *n)
 Computes the size of a shared secret generated by the given key.
isc_uint16_t dst_region_computeid (const isc_region_t *source, unsigned int alg)
isc_uint16_t dst_region_computerid (const isc_region_t *source, unsigned int alg)
 Computes the (revoked) key id of the key stored in the provided region with the given algorithm.
isc_uint16_t dst_key_getbits (const dst_key_t *key)
 Get the number of digest bits required (0 == MAX).
void dst_key_setbits (dst_key_t *key, isc_uint16_t bits)
 Set the number of digest bits required (0 == MAX).
void dst_key_setttl (dst_key_t *key, dns_ttl_t ttl)
 Set the default TTL to use when converting the key to a KEY or DNSKEY RR.
dns_ttl_t dst_key_getttl (const dst_key_t *key)
 Get the default TTL to use when converting the key to a KEY or DNSKEY RR.
isc_result_t dst_key_setflags (dst_key_t *key, isc_uint32_t flags)
 Set the flags on a key, then recompute the key ID.
isc_result_t dst_key_getnum (const dst_key_t *key, int type, isc_uint32_t *valuep)
 Get a member of the numeric metadata array and place it in '*valuep'.
void dst_key_setnum (dst_key_t *key, int type, isc_uint32_t value)
 Set a member of the numeric metadata array.
void dst_key_unsetnum (dst_key_t *key, int type)
 Flag a member of the numeric metadata array as "not set".
isc_result_t dst_key_gettime (const dst_key_t *key, int type, isc_stdtime_t *timep)
 Get a member of the timing metadata array and place it in '*timep'.
void dst_key_settime (dst_key_t *key, int type, isc_stdtime_t when)
 Set a member of the timing metadata array.
void dst_key_unsettime (dst_key_t *key, int type)
 Flag a member of the timing metadata array as "not set".
isc_result_t dst_key_getprivateformat (const dst_key_t *key, int *majorp, int *minorp)
 Get the private key format version number. (If the key does not have a private key associated with it, the version will be 0.0.) The major version number is placed in '*majorp', and the minor version number in '*minorp'.
void dst_key_setprivateformat (dst_key_t *key, int major, int minor)
 Set the private key format version number.
void dst_key_format (const dst_key_t *key, char *cp, unsigned int size)
 Write the uniquely identifying information about the key (name, algorithm, key ID) into a string 'cp' of size 'size'.
isc_buffer_tdst_key_tkeytoken (const dst_key_t *key)
 Return the token from the TKEY request, if any. If this key was not negotiated via TKEY, return NULL.
isc_result_t dst_key_dump (dst_key_t *key, isc_mem_t *mctx, char **buffer, int *length)
 Allocate 'buffer' and dump the key into it in base64 format. The buffer is not NUL terminated. The length of the buffer is returned in *length.
isc_result_t dst_key_restore (dns_name_t *name, unsigned int alg, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_mem_t *mctx, const char *keystr, dst_key_t **keyp)
isc_boolean_t dst_key_inactive (const dst_key_t *key)
 Determines if the private key is missing due the key being deemed inactive.
void dst_key_setinactive (dst_key_t *key, isc_boolean_t inactive)
 Set key inactive state.
void dst_key_setexternal (dst_key_t *key, isc_boolean_t value)
isc_boolean_t dst_key_isexternal (dst_key_t *key)


Detailed Description

Definition in file dst.h.


Define Documentation

#define DST_DST_H   1

Definition at line 19 of file dst.h.

#define DST_ALG_UNKNOWN   0

Definition at line 51 of file dst.h.

Referenced by cleanup_session_key(), configure_session_key(), control_recvmessage(), controlkeylist_fromcfg(), get_rndckey(), and ns_server_create().

#define DST_ALG_RSAMD5   1

Definition at line 52 of file dst.h.

Referenced by algorithm_status(), check_data(), check_dnssec(), check_rsa(), check_trusted_key(), comparekeys(), dns_nsec_nseconly(), dnskey_sane(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), dst_region_computeid(), dst_region_computerid(), dstkey_fromconfig(), fromtext_cdnskey(), fromtext_dnskey(), fromtext_key(), fromtext_keydata(), fromwire_cdnskey(), fromwire_dnskey(), fromwire_key(), issymmetric(), main(), and zone_check_dnskeys().

#define DST_ALG_RSA   DST_ALG_RSAMD5

backwards compatibility

Definition at line 53 of file dst.h.

#define DST_ALG_DH   2

Definition at line 54 of file dst.h.

Referenced by algorithm_status(), check_data(), check_dh(), dst__privstruct_writefile(), dst_key_secretsize(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().

#define DST_ALG_DSA   3

Definition at line 55 of file dst.h.

Referenced by algorithm_status(), check_data(), check_dnssec(), check_dsa(), dns_nsec_nseconly(), dnskey_sane(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), and issymmetric().

#define DST_ALG_ECC   4

Definition at line 56 of file dst.h.

Referenced by check_dnssec(), dns_nsec_nseconly(), and dnskey_sane().

#define DST_ALG_RSASHA1   5

Definition at line 57 of file dst.h.

Referenced by algorithm_status(), ATF_TC_BODY(), check_data(), check_dnssec(), check_trusted_key(), dns_nsec_nseconly(), dnskey_sane(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), dstkey_fromconfig(), issymmetric(), and zone_check_dnskeys().

#define DST_ALG_NSEC3DSA   6

Definition at line 58 of file dst.h.

Referenced by algorithm_status(), check_data(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().

#define DST_ALG_NSEC3RSASHA1   7

Definition at line 59 of file dst.h.

Referenced by algorithm_status(), ATF_TC_BODY(), check_data(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().

#define DST_ALG_RSASHA256   8

Definition at line 60 of file dst.h.

Referenced by algorithm_status(), ATF_TC_BODY(), check_data(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().

#define DST_ALG_RSASHA512   10

Definition at line 61 of file dst.h.

Referenced by algorithm_status(), ATF_TC_BODY(), check_data(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().

#define DST_ALG_ECCGOST   12

Definition at line 62 of file dst.h.

Referenced by algorithm_status(), check_data(), check_gost(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().

#define DST_ALG_ECDSA256   13

Definition at line 63 of file dst.h.

Referenced by algorithm_status(), check_data(), check_ecdsa(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().

#define DST_ALG_ECDSA384   14

Definition at line 64 of file dst.h.

Referenced by algorithm_status(), check_data(), dst__privstruct_writefile(), dst_key_sigsize(), dst_lib_init2(), issymmetric(), and main().

#define DST_ALG_HMACMD5   157

Definition at line 65 of file dst.h.

Referenced by algorithm_status(), check_data(), check_hmac_md5(), dns_tsec_create(), dns_tsig_verify(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dst__privstruct_writefile(), dst_alg_fromname(), dst_key_sigsize(), dst_lib_init2(), hmacmd5_parse(), issymmetric(), main(), setup_file_key(), and setup_keyfile().

#define DST_ALG_GSSAPI   160

Definition at line 66 of file dst.h.

Referenced by dns_tsigkey_createfromkey(), dst_alg_fromname(), dst_key_fromgssapi(), dst_key_sigsize(), dst_lib_init2(), and issymmetric().

#define DST_ALG_HMACSHA1   161

Definition at line 67 of file dst.h.

Referenced by check_data(), dns_tsec_create(), dns_tsig_verify(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dst__privstruct_writefile(), dst_alg_fromname(), dst_key_sigsize(), dst_lib_init2(), hmacsha1_parse(), main(), setup_file_key(), and setup_keyfile().

#define DST_ALG_HMACSHA224   162

Definition at line 68 of file dst.h.

Referenced by check_data(), dns_tsec_create(), dns_tsig_verify(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dst__privstruct_writefile(), dst_alg_fromname(), dst_key_sigsize(), dst_lib_init2(), hmacsha224_parse(), main(), setup_file_key(), and setup_keyfile().

#define DST_ALG_HMACSHA256   163

Definition at line 69 of file dst.h.

Referenced by check_data(), dns_tsec_create(), dns_tsig_verify(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dst__privstruct_writefile(), dst_alg_fromname(), dst_key_sigsize(), dst_lib_init2(), hmacsha256_parse(), main(), setup_file_key(), and setup_keyfile().

#define DST_ALG_HMACSHA384   164

Definition at line 70 of file dst.h.

Referenced by check_data(), dns_tsec_create(), dns_tsig_verify(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dst__privstruct_writefile(), dst_alg_fromname(), dst_key_sigsize(), dst_lib_init2(), hmacsha384_parse(), main(), setup_file_key(), and setup_keyfile().

#define DST_ALG_HMACSHA512   165

Definition at line 71 of file dst.h.

Referenced by check_data(), dns_tsec_create(), dns_tsig_verify(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dst__privstruct_writefile(), dst_alg_fromname(), dst_key_sigsize(), dst_lib_init2(), hmacsha512_parse(), main(), setup_file_key(), and setup_keyfile().

#define DST_ALG_PRIVATE   254

Definition at line 72 of file dst.h.

#define DST_ALG_EXPAND   255

Definition at line 73 of file dst.h.

#define DST_MAX_ALGS   255

Definition at line 74 of file dst.h.

Referenced by dst_algorithm_supported(), dst_key_restore(), and dst_lib_destroy().

#define DST_KEY_MAXSIZE   1280

A buffer of this size is large enough to hold any key.

Definition at line 77 of file dst.h.

Referenced by computeid(), create_keydata(), dst_key_read_public(), main(), process_dhtkey(), pub_compare(), publish_key(), remove_key(), write_public_key(), and writeset().

#define DST_KEY_MAXTEXTSIZE   2048

A buffer of this size is large enough to hold the textual representation of any key.

Definition at line 83 of file dst.h.

Referenced by emit(), and write_public_key().

#define DST_TYPE_KEY   0x1000000

'Type' for dst_read_key()

Definition at line 86 of file dst.h.

Referenced by dst_key_read_public(), main(), ns_tkeyctx_fromconfig(), setup_file_key(), setup_keyfile(), and write_public_key().

#define DST_TYPE_PRIVATE   0x2000000

Definition at line 87 of file dst.h.

Referenced by buildfilename(), dns_dnssec_findmatchingkeys(), dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dst__privstruct_writefile(), dst_key_buildfilename(), dst_key_fromfile(), dst_key_fromnamedfile(), dst_key_getfilename(), dst_key_tofile(), emit(), keythatsigned(), loadexplicitkeys(), main(), ns_tkeyctx_fromconfig(), setup_file_key(), and setup_keyfile().

#define DST_TYPE_PUBLIC   0x4000000

Definition at line 88 of file dst.h.

Referenced by buildfilename(), dns_dnssec_findmatchingkeys(), dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dst_key_buildfilename(), dst_key_fromfile(), dst_key_fromnamedfile(), dst_key_getfilename(), dst_key_tofile(), emit(), keythatsigned(), loadexplicitkeys(), loadkey(), main(), ns_tkeyctx_fromconfig(), and write_public_key().

#define DST_TIME_CREATED   0

Definition at line 91 of file dst.h.

Referenced by main(), set_keyversion(), and write_public_key().

#define DST_TIME_PUBLISH   1

Definition at line 92 of file dst.h.

Referenced by dns_dnssec_keyactive(), emit(), get_hints(), main(), and write_public_key().

#define DST_TIME_ACTIVATE   2

Definition at line 93 of file dst.h.

Referenced by dns_dnssec_keyactive(), get_hints(), main(), publish_key(), and write_public_key().

#define DST_TIME_REVOKE   3

Definition at line 94 of file dst.h.

Referenced by dns_dnssec_keyactive(), get_hints(), main(), and write_public_key().

#define DST_TIME_INACTIVE   4

Definition at line 95 of file dst.h.

Referenced by dns_dnssec_keyactive(), get_hints(), main(), and write_public_key().

#define DST_TIME_DELETE   5

Definition at line 96 of file dst.h.

Referenced by dns_dnssec_keyactive(), emit(), get_hints(), main(), and write_public_key().

#define DST_TIME_DSPUBLISH   6

Definition at line 97 of file dst.h.

#define DST_MAX_TIMES   6

Definition at line 98 of file dst.h.

Referenced by dst_key_gettime(), dst_key_settime(), dst_key_unsettime(), get_key_struct(), and next_keyevent().

#define DST_NUM_PREDECESSOR   0

Definition at line 101 of file dst.h.

#define DST_NUM_SUCCESSOR   1

Definition at line 102 of file dst.h.

#define DST_NUM_MAXTTL   2

Definition at line 103 of file dst.h.

#define DST_NUM_ROLLPERIOD   3

Definition at line 104 of file dst.h.

#define DST_MAX_NUMERIC   3

Definition at line 105 of file dst.h.

Referenced by dst_key_getnum(), dst_key_setnum(), and dst_key_unsetnum().

#define DST_MAJOR_VERSION   1

Definition at line 126 of file dst.h.

Referenced by check_keyversion(), dst__privstruct_parse(), dst__privstruct_writefile(), main(), and set_keyversion().

#define DST_MINOR_VERSION   3

Definition at line 127 of file dst.h.

Referenced by check_keyversion(), dst__privstruct_parse(), dst__privstruct_writefile(), main(), and set_keyversion().

#define DST_KEY_FORMATSIZE   (DNS_NAME_FORMATSIZE + DNS_SECALG_FORMATSIZE + 7)

Definition at line 923 of file dst.h.

Referenced by dns_keytable_totext(), dns_sdlzssumatch(), dns_ssu_external_match(), emit(), loadkey(), logkey(), main(), publish_key(), and signwithkey().


Typedef Documentation

typedef typedefISC_LANG_BEGINDECLS struct dst_key dst_key_t

The dst_key structure is opaque. Applications should use the accessor functions provided to retrieve key attributes. If an application needs to set attributes, new accessor functions will be written.

Definition at line 47 of file dst.h.

typedef struct dst_context dst_context_t

Definition at line 48 of file dst.h.


Function Documentation

isc_result_t dst_lib_init ( isc_mem_t mctx,
isc_entropy_t ectx,
unsigned int  eflags 
)

Definition at line 154 of file dst_api.c.

References dst_lib_init2().

Referenced by dns_test_begin(), initialize(), main(), setup_libs(), and setup_system().

isc_result_t dst_lib_init2 ( isc_mem_t mctx,
isc_entropy_t ectx,
const char *  engine,
unsigned int  eflags 
)

Initializes the DST subsystem.

Requires:

Returns: Ensures:

Definition at line 159 of file dst_api.c.

References default_memalloc(), default_memfree(), dst__gssapi_init(), dst__hmacmd5_init(), dst__hmacsha1_init(), dst__hmacsha224_init(), dst__hmacsha256_init(), dst__hmacsha384_init(), dst__hmacsha512_init(), dst__memory_pool, dst__openssl_init(), dst__openssldh_init(), dst__openssldsa_init(), dst__opensslrsa_init(), dst__pkcs11_init, dst__pkcs11dh_init(), dst__pkcs11dsa_init(), dst__pkcs11rsa_init(), DST_ALG_DH, DST_ALG_DSA, DST_ALG_ECCGOST, DST_ALG_ECDSA256, DST_ALG_ECDSA384, DST_ALG_GSSAPI, DST_ALG_HMACMD5, DST_ALG_HMACSHA1, DST_ALG_HMACSHA224, DST_ALG_HMACSHA256, DST_ALG_HMACSHA384, DST_ALG_HMACSHA512, DST_ALG_NSEC3DSA, DST_ALG_NSEC3RSASHA1, DST_ALG_RSAMD5, DST_ALG_RSASHA1, DST_ALG_RSASHA256, DST_ALG_RSASHA512, dst_entropy_flags, dst_initialized, dst_lib_destroy(), dst_result_register(), isc_entropy_attach(), ISC_FALSE, isc_mem_attach(), isc_mem_createx2(), isc_mem_setdestroycheck(), isc_mem_setname(), ISC_R_SUCCESS, ISC_TRUE, REQUIRE, RETERR, and UNUSED.

Referenced by dst_lib_init(), main(), and ns_server_create().

void dst_lib_destroy ( void   ) 

Releases all resources allocated by DST.

Definition at line 263 of file dst_api.c.

References dst_func::cleanup, cleanup(), dst__memory_pool, dst__openssl_destroy(), dst__pkcs11_destroy, dst_initialized, DST_MAX_ALGS, isc_entropy_detach(), ISC_FALSE, isc_mem_detach(), ISC_TRUE, and RUNTIME_CHECK.

Referenced by destroy_libs(), dns_lib_shutdown(), dns_test_end(), doshutdown(), dst_lib_init2(), initialize(), main(), and ns_server_destroy().

isc_boolean_t dst_algorithm_supported ( unsigned int  alg  ) 

Checks that a given algorithm is supported by DST.

Returns:

Definition at line 283 of file dst_api.c.

References dst_initialized, DST_MAX_ALGS, ISC_FALSE, ISC_TRUE, and REQUIRE.

Referenced by algorithm_status(), dns_resolver_algorithm_supported(), and main().

isc_boolean_t dst_ds_digest_supported ( unsigned int  digest_type  ) 

Checks that a given digest algorithm is supported by DST.

Returns:

Definition at line 292 of file dst_api.c.

References DNS_DSDIGEST_GOST, DNS_DSDIGEST_SHA1, DNS_DSDIGEST_SHA256, DNS_DSDIGEST_SHA384, and ISC_TF.

Referenced by dns_ds_buildrdata(), and dns_resolver_ds_digest_supported().

isc_result_t dst_context_create ( dst_key_t key,
isc_mem_t mctx,
dst_context_t **  dctxp 
)

Definition at line 306 of file dst_api.c.

References DNS_LOGCATEGORY_GENERAL, dst_context_create4(), and ISC_TRUE.

isc_result_t dst_context_create2 ( dst_key_t key,
isc_mem_t mctx,
isc_logcategory_t category,
dst_context_t **  dctxp 
)

Definition at line 312 of file dst_api.c.

References dst_context_create4(), and ISC_TRUE.

isc_result_t dst_context_create3 ( dst_key_t key,
isc_mem_t mctx,
isc_logcategory_t category,
isc_boolean_t  useforsigning,
dst_context_t **  dctxp 
)

Definition at line 319 of file dst_api.c.

References dst_context_create4().

Referenced by dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_verifymessage(), dns_tsig_sign(), dns_tsig_verify(), and tsig_verify_tcp().

isc_result_t dst_context_create4 ( dst_key_t key,
isc_mem_t mctx,
isc_logcategory_t category,
isc_boolean_t  useforsigning,
int  maxbits,
dst_context_t **  dctxp 
)

Creates a context to be used for a sign or verify operation.

Requires:

Returns: Ensures:

Definition at line 328 of file dst_api.c.

References dst_context::category, CTX_MAGIC, DO_SIGN, DO_VERIFY, dst_initialized, DST_R_NULLKEY, DST_R_UNSUPPORTEDALG, isc_mem_get, isc_mem_put, ISC_R_NOMEMORY, ISC_R_SUCCESS, ISC_TRUE, dst_context::key, dst_context::magic, dst_context::mctx, REQUIRE, dst_context::use, and VALID_KEY.

Referenced by dns_dnssec_verify3(), dst_context_create(), dst_context_create2(), and dst_context_create3().

void dst_context_destroy ( dst_context_t **  dctxp  ) 

Destroys all memory associated with a context.

Requires:

Ensures:

Definition at line 370 of file dst_api.c.

References INSIST, isc_mem_put, dst_context::key, dst_context::magic, dst_context::mctx, REQUIRE, and VALID_CTX.

Referenced by destroy_lookup(), dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_verify3(), dns_dnssec_verifymessage(), dns_tsig_sign(), dns_tsig_verify(), maybe_free(), msgreset(), tsig_verify_tcp(), and xfrin_send_request().

isc_result_t dst_context_adddata ( dst_context_t dctx,
const isc_region_t data 
)

Incrementally adds data to the context to be used in a sign or verify operation.

Requires:

Returns:

Definition at line 384 of file dst_api.c.

References INSIST, dst_context::key, REQUIRE, and VALID_CTX.

Referenced by digest_callback(), digest_sig(), dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_verify3(), dns_dnssec_verifymessage(), dns_tsig_sign(), dns_tsig_verify(), and tsig_verify_tcp().

isc_result_t dst_context_sign ( dst_context_t dctx,
isc_buffer_t sig 
)

Computes a signature using the data and key stored in the context.

Requires:

Returns: Ensures:

Definition at line 393 of file dst_api.c.

References CHECKALG, DST_R_NOTPRIVATEKEY, DST_R_NULLKEY, ISC_FALSE, dst_context::key, REQUIRE, and VALID_CTX.

Referenced by dns_dnssec_sign(), dns_dnssec_signmessage(), and dns_tsig_sign().

isc_result_t dst_context_verify ( dst_context_t dctx,
isc_region_t sig 
)

Definition at line 414 of file dst_api.c.

References CHECKALG, DST_R_NOTPUBLICKEY, DST_R_NULLKEY, dst_context::key, REQUIRE, and VALID_CTX.

Referenced by dns_dnssec_verifymessage(), dns_tsig_verify(), and tsig_verify_tcp().

isc_result_t dst_context_verify2 ( dst_context_t dctx,
unsigned int  maxbits,
isc_region_t sig 
)

Verifies the signature using the data and key stored in the context.

'maxbits' specifies the maximum number of bits permitted in the RSA exponent.

Requires:

Returns: Ensures:

Definition at line 428 of file dst_api.c.

References CHECKALG, DST_R_NOTPUBLICKEY, DST_R_NULLKEY, dst_context::key, REQUIRE, and VALID_CTX.

Referenced by dns_dnssec_verify3().

isc_result_t dst_key_computesecret ( const dst_key_t pub,
const dst_key_t priv,
isc_buffer_t secret 
)

Computes a shared secret from two (Diffie-Hellman) keys.

Requires:

Returns: Ensures:

Definition at line 447 of file dst_api.c.

References CHECKALG, dst_initialized, dst_key_isprivate(), DST_R_KEYCANNOTCOMPUTESECRET, DST_R_NOTPRIVATEKEY, DST_R_NULLKEY, ISC_FALSE, ISC_TRUE, REQUIRE, and VALID_KEY.

Referenced by dns_tkey_processdhresponse(), and process_dhtkey().

isc_result_t dst_key_getfilename ( dns_name_t name,
dns_keytag_t  id,
unsigned int  alg,
int  type,
const char *  directory,
isc_mem_t mctx,
isc_buffer_t buf 
)

Generates a key filename for the name, algorithm, and id, and places it in the buffer 'buf'. If directory is NULL, the current directory is assumed.

Requires:

Returns:

Definition at line 508 of file dst_api.c.

References buildfilename(), CHECKALG, dns_name_isabsolute(), dst_initialized, DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, isc_buffer_availablelength, isc_buffer_putuint8, ISC_R_NOSPACE, ISC_R_SUCCESS, ISC_TRUE, and REQUIRE.

Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), and dst_key_fromfile().

isc_result_t dst_key_fromfile ( dns_name_t name,
dns_keytag_t  id,
unsigned int  alg,
int  type,
const char *  directory,
isc_mem_t mctx,
dst_key_t **  keyp 
)

Reads a key from permanent storage. The key can either be a public or private key, and is specified by name, algorithm, and id. If a private key is specified, the public key must also be present. If directory is NULL, the current directory is assumed.

Requires:

Returns: Ensures:

Definition at line 534 of file dst_api.c.

References CHECKALG, computeid(), dns_name_equal(), dns_name_isabsolute(), dst_initialized, dst_key_free(), dst_key_fromnamedfile(), dst_key_getfilename(), DST_R_INVALIDPRIVATEKEY, DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, isc_buffer_init, ISC_DIR_NAMEMAX, ISC_R_SUCCESS, ISC_TRUE, and REQUIRE.

Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), emit(), keythatsigned(), and ns_tkeyctx_fromconfig().

isc_result_t dst_key_fromnamedfile ( const char *  filename,
const char *  dirname,
int  type,
isc_mem_t mctx,
dst_key_t **  keyp 
)

Reads a key from permanent storage. The key can either be a public or key, and is specified by filename. If a private key is specified, the public key must also be present.

If 'dirname' is not NULL, and 'filename' is a relative path, then the file is looked up relative to the given directory. If 'filename' is an absolute path, 'dirname' is ignored.

Requires:

Returns: Ensures:

Definition at line 583 of file dst_api.c.

References addsuffix(), algorithm_status(), computeid(), DNS_KEYFLAG_TYPEMASK, DNS_KEYTYPE_NOKEY, dst_initialized, dst_key_free(), dst_key_read_public(), DST_R_INVALIDPRIVATEKEY, DST_R_UNSUPPORTEDALG, DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, get_key_struct(), INSIST, isc_lex_create(), isc_lex_destroy(), isc_lex_openfile(), isc_mem_get, isc_mem_put, ISC_R_NOMEMORY, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, and RETERR.

Referenced by dns_dnssec_findmatchingkeys(), dst_key_fromfile(), loadexplicitkeys(), loadkey(), main(), setup_file_key(), and setup_keyfile().

isc_result_t dst_key_read_public ( const char *  filename,
int  type,
isc_mem_t mctx,
dst_key_t **  keyp 
)

Reads a public key from permanent storage. The key must be a public key.

Requires:

Returns: Ensures:

< SIG(0), TKEY

Definition at line 1468 of file dst_api.c.

References isc_tokenvalue_t::as_textregion, BADTOKEN, cleanup(), dns_fixedname_init, dns_fixedname_name, dns_name_fromtext(), dns_rdata_fromtext(), DNS_RDATA_INIT, dns_rdataclass_fromtext(), dns_rootname, dns_ttl_fromtext(), DST_AS_STR, dst_key_fromdns(), DST_KEY_MAXSIZE, dst_key_setttl(), DST_R_BADKEYTYPE, DST_TYPE_KEY, isc_buffer_add, isc_buffer_init, ISC_FALSE, isc_lex_create(), isc_lex_destroy(), isc_lex_openfile(), isc_lex_setcomments(), isc_lex_setspecials(), ISC_LEXCOMMENT_DNSMASTERFILE, ISC_LEXOPT_DNSMULTILINE, ISC_R_SUCCESS, isc_tokentype_string, NEXTTOKEN, token, isc_token::type, and isc_token::value.

Referenced by dst_key_fromnamedfile().

isc_result_t dst_key_tofile ( const dst_key_t key,
int  type,
const char *  directory 
)

Writes a key to permanent storage. The key can either be a public or private key. Public keys are written in DNS format and private keys are written as a set of base64 encoded values. If directory is NULL, the current directory is assumed.

Requires:

Returns:

Definition at line 472 of file dst_api.c.

References CHECKALG, DNS_KEYFLAG_TYPEMASK, DNS_KEYTYPE_NOKEY, dst_initialized, DST_R_UNSUPPORTEDALG, DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, VALID_KEY, and write_public_key().

Referenced by emit(), and main().

isc_result_t dst_key_fromdns ( dns_name_t name,
dns_rdataclass_t  rdclass,
isc_buffer_t source,
isc_mem_t mctx,
dst_key_t **  keyp 
)

Converts a DNS KEY record into a DST key.

Requires:

Returns: Ensures:

Definition at line 720 of file dst_api.c.

References DNS_KEYFLAG_EXTENDED, dst_initialized, DST_R_INVALIDPUBLICKEY, dst_region_computeid(), dst_region_computerid(), frombuffer(), isc_buffer_getuint16(), isc_buffer_getuint8(), isc_buffer_remaininglength, isc_buffer_remainingregion, ISC_R_SUCCESS, r, and REQUIRE.

Referenced by dns_client_addtrustedkey(), dns_dnssec_keyfromrdata(), dns_message_checksig(), dns_nsec3_maxiterations(), dst_key_read_public(), dstkey_fromconfig(), emit(), get_dst_key(), get_key(), and logkey().

isc_result_t dst_key_todns ( const dst_key_t key,
isc_buffer_t target 
)

Converts a DST key into a DNS KEY record.

Requires:

Returns: Ensures:

< NULL KEY

Definition at line 689 of file dst_api.c.

References CHECKALG, DNS_KEYFLAG_EXTENDED, dst_initialized, DST_R_UNSUPPORTEDALG, isc_buffer_availablelength, isc_buffer_putuint16, isc_buffer_putuint8, ISC_R_NOSPACE, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, and VALID_KEY.

Referenced by computeid(), create_keydata(), dns_tkey_builddhquery(), loadkey(), make_dnskey(), process_dhtkey(), pub_compare(), write_public_key(), and writeset().

isc_result_t dst_key_frombuffer ( dns_name_t name,
unsigned int  alg,
unsigned int  flags,
unsigned int  protocol,
dns_rdataclass_t  rdclass,
isc_buffer_t source,
isc_mem_t mctx,
dst_key_t **  keyp 
)

Converts a buffer containing DNS KEY RDATA into a DST key.

Requires:

Returns: Ensures:

Definition at line 762 of file dst_api.c.

References computeid(), dst_initialized, dst_key_free(), frombuffer(), ISC_R_SUCCESS, and REQUIRE.

Referenced by dns_tsigkey_create().

isc_result_t dst_key_tobuffer ( const dst_key_t key,
isc_buffer_t target 
)

Converts a DST key into DNS KEY RDATA format.

Requires:

Returns: Ensures:

Definition at line 788 of file dst_api.c.

References CHECKALG, dst_initialized, DST_R_UNSUPPORTEDALG, ISC_TRUE, REQUIRE, and VALID_KEY.

Referenced by generate_session_key().

isc_result_t dst_key_privatefrombuffer ( dst_key_t key,
isc_buffer_t buffer 
)

Converts a public key into a private key, reading the private key information from the buffer. The buffer should contain the same data as the .private key file would.

Requires:

Returns: Ensures:

Definition at line 802 of file dst_api.c.

References dst_initialized, dst_key_isprivate(), DST_R_UNSUPPORTEDALG, isc_lex_create(), isc_lex_destroy(), isc_lex_openbuffer(), ISC_R_SUCCESS, ISC_TRUE, REQUIRE, RETERR, and VALID_KEY.

gss_ctx_id_t dst_key_getgssctx ( const dst_key_t key  ) 

Returns the opaque key data. Be cautions when using this value unless you know what you are doing.

Requires:

Returns:

Definition at line 824 of file dst_api.c.

References REQUIRE.

Referenced by process_gsstkey().

isc_result_t dst_key_fromgssapi ( dns_name_t name,
gss_ctx_id_t  gssctx,
isc_mem_t mctx,
dst_key_t **  keyp,
isc_region_t intoken 
)

Converts a GSSAPI opaque context id into a DST key.

Requires:

Returns: Ensures:

Definition at line 832 of file dst_api.c.

References DNS_KEYPROTO_DNSSEC, DST_ALG_GSSAPI, get_key_struct(), isc_buffer_allocate(), isc_buffer_copyregion(), ISC_R_NOMEMORY, ISC_R_SUCCESS, isc_region::length, REQUIRE, and RETERR.

Referenced by dns_tkey_gssnegotiate(), dns_tkey_processgssresponse(), and process_gsstkey().

isc_result_t dst_key_fromlabel ( dns_name_t name,
int  alg,
unsigned int  flags,
unsigned int  protocol,
dns_rdataclass_t  rdclass,
const char *  engine,
const char *  label,
const char *  pin,
isc_mem_t mctx,
dst_key_t **  keyp 
)

Definition at line 898 of file dst_api.c.

References CHECKALG, computeid(), dns_name_isabsolute(), dst_initialized, dst_key_free(), DST_R_UNSUPPORTEDALG, get_key_struct(), ISC_R_NOMEMORY, ISC_R_SUCCESS, ISC_TRUE, and REQUIRE.

Referenced by main().

isc_result_t dst_key_generate ( dns_name_t name,
unsigned int  alg,
unsigned int  bits,
unsigned int  param,
unsigned int  flags,
unsigned int  protocol,
dns_rdataclass_t  rdclass,
isc_mem_t mctx,
dst_key_t **  keyp 
)

Definition at line 940 of file dst_api.c.

References dst_key_generate2().

Referenced by generate_session_key().

isc_result_t dst_key_generate2 ( dns_name_t name,
unsigned int  alg,
unsigned int  bits,
unsigned int  param,
unsigned int  flags,
unsigned int  protocol,
dns_rdataclass_t  rdclass,
isc_mem_t mctx,
dst_key_t **  keyp,
void(*)(int)  callback 
)

Generate a DST key (or keypair) with the supplied parameters. The interpretation of the "param" field depends on the algorithm:.

        RSA:    exponent
                0       use exponent 3
                !0      use Fermat4 (2^16 + 1)
        DH:     generator
                0       default - use well known prime if bits == 768 or 1024,
                        otherwise use 2 as the generator.
                !0      use this value as the generator.
        DSA:    unused
        HMACMD5: entropy
                0       default - require good entropy
                !0      lack of good entropy is ok
 *

Requires:

Returns: Ensures:

< NULL KEY

Definition at line 951 of file dst_api.c.

References CHECKALG, computeid(), DNS_KEYTYPE_NOKEY, dns_name_isabsolute(), dst_initialized, dst_key_free(), DST_R_UNSUPPORTEDALG, get_key_struct(), ISC_R_NOMEMORY, ISC_R_SUCCESS, ISC_TRUE, and REQUIRE.

Referenced by dst_key_generate(), and main().

isc_boolean_t dst_key_compare ( const dst_key_t key1,
const dst_key_t key2 
)

Compares two DST keys. Returns true if they match, false otherwise.

Keys ARE NOT considered to match if one of them is the revoked version of the other.

Requires:

Returns:

Definition at line 1157 of file dst_api.c.

References comparekeys(), and ISC_FALSE.

Referenced by dns_keytable_deletekeynode(), get_dst_key(), insert(), and ns_client_isself().

isc_boolean_t dst_key_pubcompare ( const dst_key_t key1,
const dst_key_t key2,
isc_boolean_t  match_revoked_key 
)

Compares only the public portions of two DST keys. Returns true if they match, false otherwise. This allows us, for example, to determine whether a public key found in a zone matches up with a key pair found on disk.

If match_revoked_key is TRUE, then keys ARE considered to match if one of them is the revoked version of the other. Otherwise, they are not.

Requires:

Returns:

Definition at line 1162 of file dst_api.c.

References comparekeys(), and pub_compare().

Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), and dns_dnssec_updatekeys().

isc_boolean_t dst_key_paramcompare ( const dst_key_t key1,
const dst_key_t key2 
)

Compares the parameters of two DST keys. This is used to determine if two (Diffie-Hellman) keys can be used to derive a shared secret.

Requires:

Returns:

Definition at line 1170 of file dst_api.c.

References dst_initialized, ISC_FALSE, ISC_TRUE, REQUIRE, and VALID_KEY.

Referenced by process_dhtkey().

void dst_key_attach ( dst_key_t source,
dst_key_t **  target 
)

Definition at line 1188 of file dst_api.c.

References dst_initialized, isc_refcount_increment, ISC_TRUE, REQUIRE, and VALID_KEY.

Referenced by dns_tsigkey_createfromkey(), and setup_keyfile().

void dst_key_free ( dst_key_t **  keyp  ) 

Decrement the key's reference counter and, when it reaches zero, release all memory associated with the key.

Requires:

Ensures: Require:

Definition at line 1199 of file dst_api.c.

References dns_name_free(), dst_initialized, INSIST, isc_buffer_free(), isc_mem_free, isc_mem_put, isc_mem_putanddetach, isc_refcount_decrement, isc_refcount_destroy, ISC_TRUE, REQUIRE, and VALID_KEY.

Referenced by addkey(), checkkey(), cleanup(), compute_tag(), destroy(), dns_client_addtrustedkey(), dns_dnssec_findmatchingkeys(), dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dns_dnssec_signs(), dns_dnsseckey_destroy(), dns_keynode_detach(), dns_keytable_deletekeynode(), dns_message_checksig(), dns_nsec3_maxiterations(), dns_tkey_gssnegotiate(), dns_tkey_processdhresponse(), dns_tkey_processgssresponse(), dns_tkeyctx_destroy(), dns_tsec_destroy(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dns_update_signaturesinc(), dns_view_untrust(), doshutdown(), dst_key_buildinternal(), dst_key_frombuffer(), dst_key_fromfile(), dst_key_fromlabel(), dst_key_fromnamedfile(), dst_key_generate2(), dst_key_restore(), dstkey_fromconfig(), emit(), frombuffer(), generate_session_key(), get_dst_key(), get_key(), goodsig(), insert(), isselfsigned(), keythatsigned(), load_view_keys(), loadexplicitkeys(), loadkey(), logkey(), main(), process_dhtkey(), process_gsstkey(), restore_key(), revocable(), setup_file_key(), setup_keyfile(), trust_key(), tsigkey_free(), update_sendevent(), validate(), zone_nsec3chain(), zone_resigninc(), and zone_sign().

dns_name_t* dst_key_name ( const dst_key_t key  ) 

Definition at line 87 of file key.c.

References REQUIRE, and VALID_KEY.

Referenced by addkey(), create_keydata(), dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_verifymessage(), dns_keytable_add(), dns_keytable_deletekeynode(), dns_message_setsig0key(), dns_tkey_builddhquery(), dns_tkey_processdhresponse(), dns_tsec_create(), dst_key_format(), emit(), generate_session_key(), iszonekey(), keythatsigned_unlocked(), load_view_keys(), loadexplicitkeys(), loadkey(), main(), process_dhtkey(), setup_file_key(), setup_keyfile(), start_lookup(), and sync_keyzone().

unsigned int dst_key_size ( const dst_key_t key  ) 

Definition at line 93 of file key.c.

References REQUIRE, and VALID_KEY.

Referenced by dns_nsec3_maxiterations(), dns_tsigkey_createfromkey(), and main().

unsigned int dst_key_proto ( const dst_key_t key  ) 

Definition at line 99 of file key.c.

References REQUIRE, and VALID_KEY.

Referenced by dns_message_checksig().

unsigned int dst_key_alg ( const dst_key_t key  ) 

Definition at line 105 of file key.c.

References REQUIRE, and VALID_KEY.

Referenced by addkey(), del_sigs(), delsig_ok(), dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_updatekeys(), dns_keytable_findkeynode(), dns_keytable_findnextkeynode(), dns_message_checksig(), dns_tkey_builddhquery(), dns_tkey_processdhresponse(), dns_tsec_create(), dns_tsig_verify(), dns_tsigkey_createfromkey(), dst__privstruct_parse(), dst__privstruct_writefile(), dst_key_format(), emit(), get_dst_key(), get_key(), key_collision(), keyfetch_done(), keythatsigned_unlocked(), loadexplicitkeys(), main(), mark_active_keys(), process_dhtkey(), publish_key(), remove_key(), revocable(), setup_file_key(), setup_keyfile(), signed_with_key(), signset(), writeset(), and zone_sign().

isc_uint32_t dst_key_flags ( const dst_key_t key  ) 

Definition at line 111 of file key.c.

References REQUIRE, and VALID_KEY.

Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dns_dnssec_sign(), dns_dnssec_updatekeys(), dns_dnssec_verify3(), dns_dnsseckey_create(), get_hints(), and main().

dns_keytag_t dst_key_id ( const dst_key_t key  ) 

Definition at line 117 of file key.c.

References REQUIRE, and VALID_KEY.

Referenced by addkey(), compute_tag(), del_keysigs(), del_sigs(), delsig_ok(), dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_signs(), dns_keytable_findkeynode(), dns_keytable_findnextkeynode(), dns_message_checksig(), dst_key_format(), emit(), get_dst_key(), get_key(), goodsig(), key_collision(), keyfetch_done(), keythatsigned_unlocked(), loadexplicitkeys(), mark_active_keys(), publish_key(), remove_key(), signed_with_key(), and zone_sign().

dns_keytag_t dst_key_rid ( const dst_key_t key  ) 

Definition at line 123 of file key.c.

References REQUIRE, and VALID_KEY.

Referenced by key_collision(), main(), and revocable().

dns_rdataclass_t dst_key_class ( const dst_key_t key  ) 

Definition at line 129 of file key.c.

References REQUIRE, and VALID_KEY.

Referenced by create_keydata(), loadkey(), and make_dnskey().

isc_boolean_t dst_key_isprivate ( const dst_key_t key  ) 

Definition at line 1234 of file dst_api.c.

References INSIST, REQUIRE, and VALID_KEY.

Referenced by add_sigs(), addkey(), del_keysigs(), del_sigs(), delsig_ok(), dns_tkey_builddhquery(), dns_tkey_processdhresponse(), dst_key_computesecret(), dst_key_privatefrombuffer(), emit(), loadexplicitkeys(), main(), and zone_sign().

isc_boolean_t dst_key_iszonekey ( const dst_key_t key  ) 

Definition at line 135 of file key.c.

References DNS_KEYFLAG_OWNERMASK, DNS_KEYOWNER_ZONE, DNS_KEYPROTO_ANY, DNS_KEYPROTO_DNSSEC, DNS_KEYTYPE_NOAUTH, ISC_FALSE, ISC_TRUE, REQUIRE, and VALID_KEY.

Referenced by get_dst_key(), get_key(), and iszonekey().

isc_boolean_t dst_key_isnullkey ( const dst_key_t key  ) 

Definition at line 149 of file key.c.

References DNS_KEYFLAG_OWNERMASK, DNS_KEYFLAG_TYPEMASK, DNS_KEYOWNER_ZONE, DNS_KEYPROTO_ANY, DNS_KEYPROTO_DNSSEC, DNS_KEYTYPE_NOKEY, ISC_FALSE, ISC_TRUE, REQUIRE, and VALID_KEY.

isc_result_t dst_key_buildfilename ( const dst_key_t key,
int  type,
const char *  directory,
isc_buffer_t out 
)

Generates the filename used by dst to store the specified key. If directory is NULL, the current directory is assumed.

Requires:

Ensures:

Definition at line 1241 of file dst_api.c.

References buildfilename(), DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, REQUIRE, and VALID_KEY.

Referenced by dst__privstruct_writefile(), emit(), main(), and write_public_key().

isc_result_t dst_key_sigsize ( const dst_key_t key,
unsigned int *  n 
)

Computes the size of a signature generated by the given key.

Requires:

Returns: Ensures:

< XXX

Definition at line 1253 of file dst_api.c.

References DNS_SIG_DSASIGSIZE, DNS_SIG_ECDSA256SIZE, DNS_SIG_ECDSA384SIZE, DNS_SIG_GOSTSIGSIZE, DST_ALG_DH, DST_ALG_DSA, DST_ALG_ECCGOST, DST_ALG_ECDSA256, DST_ALG_ECDSA384, DST_ALG_GSSAPI, DST_ALG_HMACMD5, DST_ALG_HMACSHA1, DST_ALG_HMACSHA224, DST_ALG_HMACSHA256, DST_ALG_HMACSHA384, DST_ALG_HMACSHA512, DST_ALG_NSEC3DSA, DST_ALG_NSEC3RSASHA1, DST_ALG_RSAMD5, DST_ALG_RSASHA1, DST_ALG_RSASHA256, DST_ALG_RSASHA512, dst_initialized, DST_R_UNSUPPORTEDALG, ISC_R_SUCCESS, ISC_SHA1_DIGESTLENGTH, ISC_SHA224_DIGESTLENGTH, ISC_SHA256_DIGESTLENGTH, ISC_SHA384_DIGESTLENGTH, ISC_SHA512_DIGESTLENGTH, ISC_TRUE, REQUIRE, and VALID_KEY.

Referenced by dns_dnssec_sign(), dns_dnssec_signmessage(), dns_message_setsig0key(), dns_tsig_sign(), dns_tsig_verify(), dst_key_setbits(), and spacefortsig().

isc_result_t dst_key_secretsize ( const dst_key_t key,
unsigned int *  n 
)

Computes the size of a shared secret generated by the given key.

Requires:

Returns: Ensures:

Definition at line 1309 of file dst_api.c.

References DST_ALG_DH, dst_initialized, DST_R_UNSUPPORTEDALG, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, and VALID_KEY.

Referenced by dns_tkey_processdhresponse(), and process_dhtkey().

isc_uint16_t dst_region_computeid ( const isc_region_t source,
unsigned int  alg 
)

Definition at line 35 of file key.c.

References isc_region::base, DST_ALG_RSAMD5, isc_region::length, and REQUIRE.

Referenced by add_signing_records(), compute_keytag(), computeid(), dns_ds_buildrdata(), dst_key_fromdns(), mkey_dumpzone(), totext_cdnskey(), totext_dnskey(), totext_key(), totext_keydata(), and update_action().

isc_uint16_t dst_region_computerid ( const isc_region_t source,
unsigned int  alg 
)

Computes the (revoked) key id of the key stored in the provided region with the given algorithm.

Requires:

Returns:

Definition at line 60 of file key.c.

References isc_region::base, DNS_KEYFLAG_REVOKE, DST_ALG_RSAMD5, isc_region::length, and REQUIRE.

Referenced by computeid(), and dst_key_fromdns().

isc_uint16_t dst_key_getbits ( const dst_key_t key  ) 

Get the number of digest bits required (0 == MAX).

Requires: "key" is a valid key.

Definition at line 175 of file key.c.

References REQUIRE, and VALID_KEY.

Referenced by dns_tsig_sign(), and dns_tsig_verify().

void dst_key_setbits ( dst_key_t key,
isc_uint16_t  bits 
)

Set the number of digest bits required (0 == MAX).

Requires: "key" is a valid key.

Definition at line 163 of file key.c.

References dst_key_sigsize(), ISC_R_SUCCESS, REQUIRE, RUNTIME_CHECK, and VALID_KEY.

Referenced by add_initial_keys(), evaluate_key(), main(), setup_keystr(), and setup_text_key().

void dst_key_setttl ( dst_key_t key,
dns_ttl_t  ttl 
)

Set the default TTL to use when converting the key to a KEY or DNSKEY RR.

Requires: "key" is a valid key.

Definition at line 181 of file key.c.

References REQUIRE, and VALID_KEY.

Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dst_key_read_public(), emit(), and main().

dns_ttl_t dst_key_getttl ( const dst_key_t key  ) 

Get the default TTL to use when converting the key to a KEY or DNSKEY RR.

Requires: "key" is a valid key.

Definition at line 187 of file key.c.

References REQUIRE, and VALID_KEY.

Referenced by dns_dnssec_keylistfromrdataset(), and dns_dnssec_updatekeys().

isc_result_t dst_key_setflags ( dst_key_t key,
isc_uint32_t  flags 
)

Set the flags on a key, then recompute the key ID.

Definition at line 1325 of file dst_api.c.

References computeid(), REQUIRE, and VALID_KEY.

Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), get_hints(), and main().

isc_result_t dst_key_getnum ( const dst_key_t key,
int  type,
isc_uint32_t valuep 
)

Get a member of the numeric metadata array and place it in '*valuep'.

Requires: "key" is a valid key. "type" is no larger than DST_MAX_NUMERIC "timep" is not null.

Definition at line 1001 of file dst_api.c.

References DST_MAX_NUMERIC, ISC_R_NOTFOUND, ISC_R_SUCCESS, REQUIRE, and VALID_KEY.

Referenced by dst__privstruct_writefile().

void dst_key_setnum ( dst_key_t key,
int  type,
isc_uint32_t  value 
)

Set a member of the numeric metadata array.

Requires: "key" is a valid key. "type" is no larger than DST_MAX_NUMERIC

Definition at line 1013 of file dst_api.c.

References DST_MAX_NUMERIC, ISC_TRUE, REQUIRE, and VALID_KEY.

Referenced by dst__privstruct_parse().

void dst_key_unsetnum ( dst_key_t key,
int  type 
)

Flag a member of the numeric metadata array as "not set".

Requires: "key" is a valid key. "type" is no larger than DST_MAX_NUMERIC

Definition at line 1022 of file dst_api.c.

References DST_MAX_NUMERIC, ISC_FALSE, REQUIRE, and VALID_KEY.

isc_result_t dst_key_gettime ( const dst_key_t key,
int  type,
isc_stdtime_t timep 
)

Get a member of the timing metadata array and place it in '*timep'.

Requires: "key" is a valid key. "type" is no larger than DST_MAX_TIMES "timep" is not null.

Definition at line 1030 of file dst_api.c.

References DST_MAX_TIMES, ISC_R_NOTFOUND, ISC_R_SUCCESS, REQUIRE, and VALID_KEY.

Referenced by dns_dnssec_keyactive(), dst__privstruct_writefile(), get_hints(), main(), next_keyevent(), and printtime().

void dst_key_settime ( dst_key_t key,
int  type,
isc_stdtime_t  when 
)

Set a member of the timing metadata array.

Requires: "key" is a valid key. "type" is no larger than DST_MAX_TIMES

Definition at line 1041 of file dst_api.c.

References DST_MAX_TIMES, ISC_TRUE, REQUIRE, and VALID_KEY.

Referenced by dst__privstruct_parse(), emit(), main(), publish_key(), and set_keyversion().

void dst_key_unsettime ( dst_key_t key,
int  type 
)

Flag a member of the timing metadata array as "not set".

Requires: "key" is a valid key. "type" is no larger than DST_MAX_TIMES

Definition at line 1049 of file dst_api.c.

References DST_MAX_TIMES, ISC_FALSE, REQUIRE, and VALID_KEY.

Referenced by main().

isc_result_t dst_key_getprivateformat ( const dst_key_t key,
int *  majorp,
int *  minorp 
)

Get the private key format version number. (If the key does not have a private key associated with it, the version will be 0.0.) The major version number is placed in '*majorp', and the minor version number in '*minorp'.

Requires: "key" is a valid key. "majorp" is not NULL. "minorp" is not NULL.

Definition at line 1056 of file dst_api.c.

References ISC_R_SUCCESS, REQUIRE, and VALID_KEY.

Referenced by check_keyversion(), dns_dnssec_keyactive(), dns_dnsseckey_create(), dst__privstruct_writefile(), main(), and set_keyversion().

void dst_key_setprivateformat ( dst_key_t key,
int  major,
int  minor 
)

Set the private key format version number.

Requires: "key" is a valid key.

Definition at line 1066 of file dst_api.c.

References REQUIRE, and VALID_KEY.

Referenced by dst__privstruct_parse(), main(), and set_keyversion().

void dst_key_format ( const dst_key_t key,
char *  cp,
unsigned int  size 
)

Write the uniquely identifying information about the key (name, algorithm, key ID) into a string 'cp' of size 'size'.

Definition at line 1332 of file dst_api.c.

References dns_name_format(), DNS_NAME_FORMATSIZE, dns_secalg_format(), dst_key_alg(), dst_key_id(), and dst_key_name().

Referenced by dns_keytable_totext(), dns_sdlzssumatch(), dns_ssu_external_match(), emit(), loadkey(), logkey(), main(), publish_key(), and signwithkey().

isc_buffer_t* dst_key_tkeytoken ( const dst_key_t key  ) 

Return the token from the TKEY request, if any. If this key was not negotiated via TKEY, return NULL.

Requires: "key" is a valid key.

Definition at line 1971 of file dst_api.c.

References REQUIRE, and VALID_KEY.

Referenced by dns_sdlzssumatch(), and dns_ssu_external_match().

isc_result_t dst_key_dump ( dst_key_t key,
isc_mem_t mctx,
char **  buffer,
int *  length 
)

Allocate 'buffer' and dump the key into it in base64 format. The buffer is not NUL terminated. The length of the buffer is returned in *length.

'buffer' needs to be freed using isc_mem_put(mctx, buffer, length);

Requires: 'buffer' to be non NULL and *buffer to be NULL. 'length' to be non NULL and *length to be zero.

Returns: ISC_R_SUCCESS ISC_R_NOMEMORY ISC_R_NOTIMPLEMENTED others.

Definition at line 1343 of file dst_api.c.

References ISC_R_NOTIMPLEMENTED, REQUIRE, and VALID_KEY.

Referenced by dump_key().

isc_result_t dst_key_restore ( dns_name_t name,
unsigned int  alg,
unsigned int  flags,
unsigned int  protocol,
dns_rdataclass_t  rdclass,
isc_mem_t mctx,
const char *  keystr,
dst_key_t **  keyp 
)

Definition at line 1355 of file dst_api.c.

References dst_initialized, dst_key_free(), DST_MAX_ALGS, DST_R_UNSUPPORTEDALG, get_key_struct(), ISC_R_NOMEMORY, ISC_R_NOTIMPLEMENTED, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, and dst_func::restore.

Referenced by restore_key().

isc_boolean_t dst_key_inactive ( const dst_key_t key  ) 

Determines if the private key is missing due the key being deemed inactive.

Requires: 'key' to be valid.

Definition at line 1449 of file dst_api.c.

References REQUIRE, and VALID_KEY.

Referenced by del_keysigs(), and del_sigs().

void dst_key_setinactive ( dst_key_t key,
isc_boolean_t  inactive 
)

Set key inactive state.

Requires: 'key' to be valid.

Definition at line 1457 of file dst_api.c.

References REQUIRE, and VALID_KEY.

Referenced by dns_dnssec_findzonekeys2().

void dst_key_setexternal ( dst_key_t key,
isc_boolean_t  value 
)

Definition at line 498 of file dst_api.c.

Referenced by emit().

isc_boolean_t dst_key_isexternal ( dst_key_t key  ) 

Definition at line 503 of file dst_api.c.

Referenced by emit(), and main().


Generated on Tue Apr 28 17:41:11 2015 by Doxygen 1.5.4 for BIND9 Internals 9.11.0pre-alpha