#include <config.h>#include <stdlib.h>#include <time.h>#include <isc/buffer.h>#include <isc/dir.h>#include <isc/entropy.h>#include <isc/fsaccess.h>#include <isc/hmacsha.h>#include <isc/lex.h>#include <isc/mem.h>#include <isc/once.h>#include <isc/platform.h>#include <isc/print.h>#include <isc/refcount.h>#include <isc/random.h>#include <isc/string.h>#include <isc/time.h>#include <isc/util.h>#include <isc/file.h>#include <dns/fixedname.h>#include <dns/keyvalues.h>#include <dns/name.h>#include <dns/rdata.h>#include <dns/rdataclass.h>#include <dns/ttl.h>#include <dns/types.h>#include <dst/result.h>#include "dst_internal.h"Go to the source code of this file.
Defines | |
| #define | DST_KEY_INTERNAL |
| #define | DST_AS_STR(t) ((t).value.as_textregion.base) |
| #define | RETERR(x) |
| #define | CHECKALG(alg) |
| #define | NEXTTOKEN(lex, opt, token) |
| #define | BADTOKEN() |
Functions | |
| void | gss_log (int level, const char *fmt,...) ISC_FORMAT_PRINTF(2 |
| static dst_key_t * | get_key_struct (dns_name_t *name, unsigned int alg, unsigned int flags, unsigned int protocol, unsigned int bits, dns_rdataclass_t rdclass, dns_ttl_t ttl, isc_mem_t *mctx) |
| Allocates a key structure and fills in some of the fields. | |
| static isc_result_t | write_public_key (const dst_key_t *key, int type, const char *directory) |
| Writes a public key to disk in DNS format. | |
| static isc_result_t | buildfilename (dns_name_t *name, dns_keytag_t id, unsigned int alg, unsigned int type, const char *directory, isc_buffer_t *out) |
| static isc_result_t | computeid (dst_key_t *key) |
| static isc_result_t | frombuffer (dns_name_t *name, unsigned int alg, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp) |
| static isc_result_t | algorithm_status (unsigned int alg) |
| static isc_result_t | addsuffix (char *filename, int len, const char *dirname, const char *ofilename, const char *suffix) |
| isc_result_t | dst_lib_init (isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) |
| isc_result_t | dst_lib_init2 (isc_mem_t *mctx, isc_entropy_t *ectx, const char *engine, unsigned int eflags) |
| Initializes the DST subsystem. | |
| void | dst_lib_destroy (void) |
| Releases all resources allocated by DST. | |
| isc_boolean_t | dst_algorithm_supported (unsigned int alg) |
| Checks that a given algorithm is supported by DST. | |
| isc_boolean_t | dst_ds_digest_supported (unsigned int digest_type) |
| Checks that a given digest algorithm is supported by DST. | |
| isc_result_t | dst_context_create (dst_key_t *key, isc_mem_t *mctx, dst_context_t **dctxp) |
| isc_result_t | dst_context_create2 (dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t *category, dst_context_t **dctxp) |
| isc_result_t | dst_context_create3 (dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t *category, isc_boolean_t useforsigning, dst_context_t **dctxp) |
| isc_result_t | dst_context_create4 (dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t *category, isc_boolean_t useforsigning, int maxbits, dst_context_t **dctxp) |
| Creates a context to be used for a sign or verify operation. | |
| void | dst_context_destroy (dst_context_t **dctxp) |
| Destroys all memory associated with a context. | |
| isc_result_t | dst_context_adddata (dst_context_t *dctx, const isc_region_t *data) |
| Incrementally adds data to the context to be used in a sign or verify operation. | |
| isc_result_t | dst_context_sign (dst_context_t *dctx, isc_buffer_t *sig) |
| Computes a signature using the data and key stored in the context. | |
| isc_result_t | dst_context_verify (dst_context_t *dctx, isc_region_t *sig) |
| isc_result_t | dst_context_verify2 (dst_context_t *dctx, unsigned int maxbits, isc_region_t *sig) |
| Verifies the signature using the data and key stored in the context. | |
| isc_result_t | dst_key_computesecret (const dst_key_t *pub, const dst_key_t *priv, isc_buffer_t *secret) |
| Computes a shared secret from two (Diffie-Hellman) keys. | |
| isc_result_t | dst_key_tofile (const dst_key_t *key, int type, const char *directory) |
| Writes a key to permanent storage. The key can either be a public or private key. Public keys are written in DNS format and private keys are written as a set of base64 encoded values. If directory is NULL, the current directory is assumed. | |
| void | dst_key_setexternal (dst_key_t *key, isc_boolean_t value) |
| isc_boolean_t | dst_key_isexternal (dst_key_t *key) |
| isc_result_t | dst_key_getfilename (dns_name_t *name, dns_keytag_t id, unsigned int alg, int type, const char *directory, isc_mem_t *mctx, isc_buffer_t *buf) |
| Generates a key filename for the name, algorithm, and id, and places it in the buffer 'buf'. If directory is NULL, the current directory is assumed. | |
| isc_result_t | dst_key_fromfile (dns_name_t *name, dns_keytag_t id, unsigned int alg, int type, const char *directory, isc_mem_t *mctx, dst_key_t **keyp) |
| Reads a key from permanent storage. The key can either be a public or private key, and is specified by name, algorithm, and id. If a private key is specified, the public key must also be present. If directory is NULL, the current directory is assumed. | |
| isc_result_t | dst_key_fromnamedfile (const char *filename, const char *dirname, int type, isc_mem_t *mctx, dst_key_t **keyp) |
| Reads a key from permanent storage. The key can either be a public or key, and is specified by filename. If a private key is specified, the public key must also be present. | |
| isc_result_t | dst_key_todns (const dst_key_t *key, isc_buffer_t *target) |
| Converts a DST key into a DNS KEY record. | |
| isc_result_t | dst_key_fromdns (dns_name_t *name, dns_rdataclass_t rdclass, isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp) |
| Converts a DNS KEY record into a DST key. | |
| isc_result_t | dst_key_frombuffer (dns_name_t *name, unsigned int alg, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp) |
| Converts a buffer containing DNS KEY RDATA into a DST key. | |
| isc_result_t | dst_key_tobuffer (const dst_key_t *key, isc_buffer_t *target) |
| Converts a DST key into DNS KEY RDATA format. | |
| isc_result_t | dst_key_privatefrombuffer (dst_key_t *key, isc_buffer_t *buffer) |
| Converts a public key into a private key, reading the private key information from the buffer. The buffer should contain the same data as the .private key file would. | |
| gss_ctx_id_t | dst_key_getgssctx (const dst_key_t *key) |
| Returns the opaque key data. Be cautions when using this value unless you know what you are doing. | |
| isc_result_t | dst_key_fromgssapi (dns_name_t *name, gss_ctx_id_t gssctx, isc_mem_t *mctx, dst_key_t **keyp, isc_region_t *intoken) |
| Converts a GSSAPI opaque context id into a DST key. | |
| isc_result_t | dst_key_buildinternal (dns_name_t *name, unsigned int alg, unsigned int bits, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, void *data, isc_mem_t *mctx, dst_key_t **keyp) |
| isc_result_t | dst_key_fromlabel (dns_name_t *name, int alg, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, const char *engine, const char *label, const char *pin, isc_mem_t *mctx, dst_key_t **keyp) |
| isc_result_t | dst_key_generate (dns_name_t *name, unsigned int alg, unsigned int bits, unsigned int param, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_mem_t *mctx, dst_key_t **keyp) |
| isc_result_t | dst_key_generate2 (dns_name_t *name, unsigned int alg, unsigned int bits, unsigned int param, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_mem_t *mctx, dst_key_t **keyp, void(*callback)(int)) |
| Generate a DST key (or keypair) with the supplied parameters. The interpretation of the "param" field depends on the algorithm:. | |
| isc_result_t | dst_key_getnum (const dst_key_t *key, int type, isc_uint32_t *valuep) |
| Get a member of the numeric metadata array and place it in '*valuep'. | |
| void | dst_key_setnum (dst_key_t *key, int type, isc_uint32_t value) |
| Set a member of the numeric metadata array. | |
| void | dst_key_unsetnum (dst_key_t *key, int type) |
| Flag a member of the numeric metadata array as "not set". | |
| isc_result_t | dst_key_gettime (const dst_key_t *key, int type, isc_stdtime_t *timep) |
| Get a member of the timing metadata array and place it in '*timep'. | |
| void | dst_key_settime (dst_key_t *key, int type, isc_stdtime_t when) |
| Set a member of the timing metadata array. | |
| void | dst_key_unsettime (dst_key_t *key, int type) |
| Flag a member of the timing metadata array as "not set". | |
| isc_result_t | dst_key_getprivateformat (const dst_key_t *key, int *majorp, int *minorp) |
| Get the private key format version number. (If the key does not have a private key associated with it, the version will be 0.0.) The major version number is placed in '*majorp', and the minor version number in '*minorp'. | |
| void | dst_key_setprivateformat (dst_key_t *key, int major, int minor) |
| Set the private key format version number. | |
| static isc_boolean_t | comparekeys (const dst_key_t *key1, const dst_key_t *key2, isc_boolean_t match_revoked_key, isc_boolean_t(*compare)(const dst_key_t *key1, const dst_key_t *key2)) |
| static isc_boolean_t | pub_compare (const dst_key_t *key1, const dst_key_t *key2) |
| isc_boolean_t | dst_key_compare (const dst_key_t *key1, const dst_key_t *key2) |
| Compares two DST keys. Returns true if they match, false otherwise. | |
| isc_boolean_t | dst_key_pubcompare (const dst_key_t *key1, const dst_key_t *key2, isc_boolean_t match_revoked_key) |
| Compares only the public portions of two DST keys. Returns true if they match, false otherwise. This allows us, for example, to determine whether a public key found in a zone matches up with a key pair found on disk. | |
| isc_boolean_t | dst_key_paramcompare (const dst_key_t *key1, const dst_key_t *key2) |
| Compares the parameters of two DST keys. This is used to determine if two (Diffie-Hellman) keys can be used to derive a shared secret. | |
| void | dst_key_attach (dst_key_t *source, dst_key_t **target) |
| void | dst_key_free (dst_key_t **keyp) |
| Decrement the key's reference counter and, when it reaches zero, release all memory associated with the key. | |
| isc_boolean_t | dst_key_isprivate (const dst_key_t *key) |
| isc_result_t | dst_key_buildfilename (const dst_key_t *key, int type, const char *directory, isc_buffer_t *out) |
| Generates the filename used by dst to store the specified key. If directory is NULL, the current directory is assumed. | |
| isc_result_t | dst_key_sigsize (const dst_key_t *key, unsigned int *n) |
| Computes the size of a signature generated by the given key. | |
| isc_result_t | dst_key_secretsize (const dst_key_t *key, unsigned int *n) |
| Computes the size of a shared secret generated by the given key. | |
| isc_result_t | dst_key_setflags (dst_key_t *key, isc_uint32_t flags) |
| Set the flags on a key, then recompute the key ID. | |
| void | dst_key_format (const dst_key_t *key, char *cp, unsigned int size) |
| Write the uniquely identifying information about the key (name, algorithm, key ID) into a string 'cp' of size 'size'. | |
| isc_result_t | dst_key_dump (dst_key_t *key, isc_mem_t *mctx, char **buffer, int *length) |
| Allocate 'buffer' and dump the key into it in base64 format. The buffer is not NUL terminated. The length of the buffer is returned in *length. | |
| isc_result_t | dst_key_restore (dns_name_t *name, unsigned int alg, unsigned int flags, unsigned int protocol, dns_rdataclass_t rdclass, isc_mem_t *mctx, const char *keystr, dst_key_t **keyp) |
| isc_boolean_t | dst_key_inactive (const dst_key_t *key) |
| Determines if the private key is missing due the key being deemed inactive. | |
| void | dst_key_setinactive (dst_key_t *key, isc_boolean_t inactive) |
| Set key inactive state. | |
| isc_result_t | dst_key_read_public (const char *filename, int type, isc_mem_t *mctx, dst_key_t **keyp) |
| Reads a public key from disk. | |
| static isc_boolean_t | issymmetric (const dst_key_t *key) |
| static void | printtime (const dst_key_t *key, int type, const char *tag, FILE *stream) |
| Write key timing metadata to a file pointer, preceded by 'tag'. | |
| isc_result_t | dst__entropy_getdata (void *buf, unsigned int len, isc_boolean_t pseudo) |
| Entropy retriever using the DST entropy pool. | |
| unsigned int | dst__entropy_status (void) |
| isc_buffer_t * | dst_key_tkeytoken (const dst_key_t *key) |
| Return the token from the TKEY request, if any. If this key was not negotiated via TKEY, return NULL. | |
Variables | |
| static dst_func_t * | dst_t_func [DST_MAX_ALGS] |
| static isc_entropy_t * | dst_entropy_pool = NULL |
| static unsigned int | dst_entropy_flags = 0 |
| isc_boolean_t | dst_initialized = ISC_FALSE |
| void isc_mem_t * | dst__memory_pool = NULL |
Definition in file dst_api.c.
| #define DST_AS_STR | ( | t | ) | ((t).value.as_textregion.base) |
Definition at line 75 of file dst_api.c.
Referenced by dst__privstruct_parse(), and dst_key_read_public().
| #define RETERR | ( | x | ) |
Value:
do { \ result = (x); \ if (result != ISC_R_SUCCESS) \ goto out; \ } while (0)
| #define CHECKALG | ( | alg | ) |
Value:
do { \ isc_result_t _r; \ _r = algorithm_status(alg); \ if (_r != ISC_R_SUCCESS) \ return (_r); \ } while (0); \
Definition at line 129 of file dst_api.c.
Referenced by dst_context_sign(), dst_context_verify(), dst_context_verify2(), dst_key_buildinternal(), dst_key_computesecret(), dst_key_fromfile(), dst_key_fromlabel(), dst_key_generate2(), dst_key_getfilename(), dst_key_tobuffer(), dst_key_todns(), and dst_key_tofile().
| #define NEXTTOKEN | ( | lex, | |||
| opt, | |||||
| token | ) |
Value:
{ \
ret = isc_lex_gettoken(lex, opt, token); \
if (ret != ISC_R_SUCCESS) \
goto cleanup; \
}
Referenced by dst__privstruct_parse(), and dst_key_read_public().
| #define BADTOKEN | ( | ) |
| void gss_log | ( | int | level, | |
| const char * | fmt, | |||
| ... | ||||
| ) |
| static dst_key_t * get_key_struct | ( | dns_name_t * | name, | |
| unsigned int | alg, | |||
| unsigned int | flags, | |||
| unsigned int | protocol, | |||
| unsigned int | bits, | |||
| dns_rdataclass_t | rdclass, | |||
| dns_ttl_t | ttl, | |||
| isc_mem_t * | mctx | |||
| ) | [static] |
Allocates a key structure and fills in some of the fields.
Definition at line 1392 of file dst_api.c.
References dns_name_dup(), dns_name_free(), dns_name_init(), DST_MAX_TIMES, ISC_FALSE, isc_mem_attach(), isc_mem_get, isc_mem_put, ISC_R_SUCCESS, isc_refcount_init(), and KEY_MAGIC.
Referenced by dst_key_buildinternal(), dst_key_fromgssapi(), dst_key_fromlabel(), dst_key_fromnamedfile(), dst_key_generate2(), dst_key_restore(), and frombuffer().
| static isc_result_t write_public_key | ( | const dst_key_t * | key, | |
| int | type, | |||
| const char * | directory | |||
| ) | [static] |
Writes a public key to disk in DNS format.
Definition at line 1670 of file dst_api.c.
References isc_region::base, DNS_KEYFLAG_KSK, DNS_KEYFLAG_REVOKE, dns_name_print(), dns_rdata_fromregion(), DNS_RDATA_INIT, dns_rdata_totext(), dns_rdataclass_totext(), dst_key_buildfilename(), DST_KEY_MAXSIZE, DST_KEY_MAXTEXTSIZE, dst_key_todns(), DST_R_INVALIDPUBLICKEY, DST_R_WRITEERROR, DST_TIME_ACTIVATE, DST_TIME_CREATED, DST_TIME_DELETE, DST_TIME_INACTIVE, DST_TIME_PUBLISH, DST_TIME_REVOKE, DST_TYPE_KEY, DST_TYPE_PUBLIC, isc_buffer_init, isc_buffer_usedregion, ISC_DIR_NAMEMAX, isc_fsaccess_add(), ISC_FSACCESS_OWNER, ISC_FSACCESS_READ, isc_fsaccess_set(), ISC_FSACCESS_WRITE, ISC_R_SUCCESS, issymmetric(), isc_region::length, printtime(), r, REQUIRE, and VALID_KEY.
Referenced by dst_key_tofile().
| static isc_result_t buildfilename | ( | dns_name_t * | name, | |
| dns_keytag_t | id, | |||
| unsigned int | alg, | |||
| unsigned int | type, | |||
| const char * | directory, | |||
| isc_buffer_t * | out | |||
| ) | [static] |
Definition at line 1780 of file dst_api.c.
References dns_name_tofilenametext(), DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, isc_buffer_add, isc_buffer_availablelength, isc_buffer_putstr, isc_buffer_used, ISC_FALSE, ISC_R_NOSPACE, ISC_R_SUCCESS, and REQUIRE.
Referenced by dst_key_buildfilename(), and dst_key_getfilename().
| static isc_result_t computeid | ( | dst_key_t * | key | ) | [static] |
Definition at line 1818 of file dst_api.c.
References DST_KEY_MAXSIZE, dst_key_todns(), dst_region_computeid(), dst_region_computerid(), isc_buffer_init, isc_buffer_usedregion, ISC_R_SUCCESS, and r.
Referenced by dst_key_buildinternal(), dst_key_frombuffer(), dst_key_fromfile(), dst_key_fromlabel(), dst_key_fromnamedfile(), dst_key_generate2(), and dst_key_setflags().
| static isc_result_t frombuffer | ( | dns_name_t * | name, | |
| unsigned int | alg, | |||
| unsigned int | flags, | |||
| unsigned int | protocol, | |||
| dns_rdataclass_t | rdclass, | |||
| isc_buffer_t * | source, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) | [static] |
Definition at line 1836 of file dst_api.c.
References algorithm_status(), dns_name_isabsolute(), dst_key_free(), DST_R_UNSUPPORTEDALG, get_key_struct(), isc_buffer_remaininglength, ISC_R_NOMEMORY, ISC_R_SUCCESS, and REQUIRE.
Referenced by dst_key_frombuffer(), and dst_key_fromdns().
| static isc_result_t algorithm_status | ( | unsigned int | alg | ) | [static] |
Definition at line 1875 of file dst_api.c.
References DST_ALG_DH, DST_ALG_DSA, DST_ALG_ECCGOST, DST_ALG_ECDSA256, DST_ALG_ECDSA384, DST_ALG_HMACMD5, DST_ALG_NSEC3DSA, DST_ALG_NSEC3RSASHA1, DST_ALG_RSAMD5, DST_ALG_RSASHA1, DST_ALG_RSASHA256, DST_ALG_RSASHA512, dst_algorithm_supported(), dst_initialized, DST_R_NOCRYPTO, DST_R_UNSUPPORTEDALG, ISC_R_SUCCESS, ISC_TRUE, and REQUIRE.
Referenced by dst_key_fromnamedfile(), and frombuffer().
| static isc_result_t addsuffix | ( | char * | filename, | |
| int | len, | |||
| const char * | dirname, | |||
| const char * | ofilename, | |||
| const char * | suffix | |||
| ) | [static] |
Definition at line 1894 of file dst_api.c.
References ISC_R_FAILURE, ISC_R_NOSPACE, and ISC_R_SUCCESS.
Referenced by dst_key_fromnamedfile().
| isc_result_t dst_lib_init | ( | isc_mem_t * | mctx, | |
| isc_entropy_t * | ectx, | |||
| unsigned int | eflags | |||
| ) |
Definition at line 154 of file dst_api.c.
References dst_lib_init2().
Referenced by dns_test_begin(), initialize(), main(), setup_libs(), and setup_system().
| isc_result_t dst_lib_init2 | ( | isc_mem_t * | mctx, | |
| isc_entropy_t * | ectx, | |||
| const char * | engine, | |||
| unsigned int | eflags | |||
| ) |
Initializes the DST subsystem.
Requires:
Definition at line 159 of file dst_api.c.
References default_memalloc(), default_memfree(), dst__gssapi_init(), dst__hmacmd5_init(), dst__hmacsha1_init(), dst__hmacsha224_init(), dst__hmacsha256_init(), dst__hmacsha384_init(), dst__hmacsha512_init(), dst__memory_pool, dst__openssl_init(), dst__openssldh_init(), dst__openssldsa_init(), dst__opensslrsa_init(), dst__pkcs11_init, dst__pkcs11dh_init(), dst__pkcs11dsa_init(), dst__pkcs11rsa_init(), DST_ALG_DH, DST_ALG_DSA, DST_ALG_ECCGOST, DST_ALG_ECDSA256, DST_ALG_ECDSA384, DST_ALG_GSSAPI, DST_ALG_HMACMD5, DST_ALG_HMACSHA1, DST_ALG_HMACSHA224, DST_ALG_HMACSHA256, DST_ALG_HMACSHA384, DST_ALG_HMACSHA512, DST_ALG_NSEC3DSA, DST_ALG_NSEC3RSASHA1, DST_ALG_RSAMD5, DST_ALG_RSASHA1, DST_ALG_RSASHA256, DST_ALG_RSASHA512, dst_entropy_flags, dst_initialized, dst_lib_destroy(), dst_result_register(), isc_entropy_attach(), ISC_FALSE, isc_mem_attach(), isc_mem_createx2(), isc_mem_setdestroycheck(), isc_mem_setname(), ISC_R_SUCCESS, ISC_TRUE, REQUIRE, RETERR, and UNUSED.
Referenced by dst_lib_init(), main(), and ns_server_create().
| void dst_lib_destroy | ( | void | ) |
Releases all resources allocated by DST.
Definition at line 263 of file dst_api.c.
References dst_func::cleanup, cleanup(), dst__memory_pool, dst__openssl_destroy(), dst__pkcs11_destroy, dst_initialized, DST_MAX_ALGS, isc_entropy_detach(), ISC_FALSE, isc_mem_detach(), ISC_TRUE, and RUNTIME_CHECK.
Referenced by destroy_libs(), dns_lib_shutdown(), dns_test_end(), doshutdown(), dst_lib_init2(), initialize(), main(), and ns_server_destroy().
| isc_boolean_t dst_algorithm_supported | ( | unsigned int | alg | ) |
Checks that a given algorithm is supported by DST.
Returns:
Definition at line 283 of file dst_api.c.
References dst_initialized, DST_MAX_ALGS, ISC_FALSE, ISC_TRUE, and REQUIRE.
Referenced by algorithm_status(), dns_resolver_algorithm_supported(), and main().
| isc_boolean_t dst_ds_digest_supported | ( | unsigned int | digest_type | ) |
Checks that a given digest algorithm is supported by DST.
Returns:
Definition at line 292 of file dst_api.c.
References DNS_DSDIGEST_GOST, DNS_DSDIGEST_SHA1, DNS_DSDIGEST_SHA256, DNS_DSDIGEST_SHA384, and ISC_TF.
Referenced by dns_ds_buildrdata(), and dns_resolver_ds_digest_supported().
| isc_result_t dst_context_create | ( | dst_key_t * | key, | |
| isc_mem_t * | mctx, | |||
| dst_context_t ** | dctxp | |||
| ) |
Definition at line 306 of file dst_api.c.
References DNS_LOGCATEGORY_GENERAL, dst_context_create4(), and ISC_TRUE.
| isc_result_t dst_context_create2 | ( | dst_key_t * | key, | |
| isc_mem_t * | mctx, | |||
| isc_logcategory_t * | category, | |||
| dst_context_t ** | dctxp | |||
| ) |
| isc_result_t dst_context_create3 | ( | dst_key_t * | key, | |
| isc_mem_t * | mctx, | |||
| isc_logcategory_t * | category, | |||
| isc_boolean_t | useforsigning, | |||
| dst_context_t ** | dctxp | |||
| ) |
Definition at line 319 of file dst_api.c.
References dst_context_create4().
Referenced by dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_verifymessage(), dns_tsig_sign(), dns_tsig_verify(), and tsig_verify_tcp().
| isc_result_t dst_context_create4 | ( | dst_key_t * | key, | |
| isc_mem_t * | mctx, | |||
| isc_logcategory_t * | category, | |||
| isc_boolean_t | useforsigning, | |||
| int | maxbits, | |||
| dst_context_t ** | dctxp | |||
| ) |
Creates a context to be used for a sign or verify operation.
Requires:
Definition at line 328 of file dst_api.c.
References dst_context::category, CTX_MAGIC, DO_SIGN, DO_VERIFY, dst_initialized, DST_R_NULLKEY, DST_R_UNSUPPORTEDALG, isc_mem_get, isc_mem_put, ISC_R_NOMEMORY, ISC_R_SUCCESS, ISC_TRUE, dst_context::key, dst_context::magic, dst_context::mctx, REQUIRE, dst_context::use, and VALID_KEY.
Referenced by dns_dnssec_verify3(), dst_context_create(), dst_context_create2(), and dst_context_create3().
| void dst_context_destroy | ( | dst_context_t ** | dctxp | ) |
Destroys all memory associated with a context.
Requires:
Definition at line 370 of file dst_api.c.
References INSIST, isc_mem_put, dst_context::key, dst_context::magic, dst_context::mctx, REQUIRE, and VALID_CTX.
Referenced by destroy_lookup(), dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_verify3(), dns_dnssec_verifymessage(), dns_tsig_sign(), dns_tsig_verify(), maybe_free(), msgreset(), tsig_verify_tcp(), and xfrin_send_request().
| isc_result_t dst_context_adddata | ( | dst_context_t * | dctx, | |
| const isc_region_t * | data | |||
| ) |
Incrementally adds data to the context to be used in a sign or verify operation.
Requires:
Definition at line 384 of file dst_api.c.
References INSIST, dst_context::key, REQUIRE, and VALID_CTX.
Referenced by digest_callback(), digest_sig(), dns_dnssec_sign(), dns_dnssec_signmessage(), dns_dnssec_verify3(), dns_dnssec_verifymessage(), dns_tsig_sign(), dns_tsig_verify(), and tsig_verify_tcp().
| isc_result_t dst_context_sign | ( | dst_context_t * | dctx, | |
| isc_buffer_t * | sig | |||
| ) |
Computes a signature using the data and key stored in the context.
Requires:
Definition at line 393 of file dst_api.c.
References CHECKALG, DST_R_NOTPRIVATEKEY, DST_R_NULLKEY, ISC_FALSE, dst_context::key, REQUIRE, and VALID_CTX.
Referenced by dns_dnssec_sign(), dns_dnssec_signmessage(), and dns_tsig_sign().
| isc_result_t dst_context_verify | ( | dst_context_t * | dctx, | |
| isc_region_t * | sig | |||
| ) |
Definition at line 414 of file dst_api.c.
References CHECKALG, DST_R_NOTPUBLICKEY, DST_R_NULLKEY, dst_context::key, REQUIRE, and VALID_CTX.
Referenced by dns_dnssec_verifymessage(), dns_tsig_verify(), and tsig_verify_tcp().
| isc_result_t dst_context_verify2 | ( | dst_context_t * | dctx, | |
| unsigned int | maxbits, | |||
| isc_region_t * | sig | |||
| ) |
Verifies the signature using the data and key stored in the context.
'maxbits' specifies the maximum number of bits permitted in the RSA exponent.
Requires:
Definition at line 428 of file dst_api.c.
References CHECKALG, DST_R_NOTPUBLICKEY, DST_R_NULLKEY, dst_context::key, REQUIRE, and VALID_CTX.
Referenced by dns_dnssec_verify3().
| isc_result_t dst_key_computesecret | ( | const dst_key_t * | pub, | |
| const dst_key_t * | priv, | |||
| isc_buffer_t * | secret | |||
| ) |
Computes a shared secret from two (Diffie-Hellman) keys.
Requires:
Definition at line 447 of file dst_api.c.
References CHECKALG, dst_initialized, dst_key_isprivate(), DST_R_KEYCANNOTCOMPUTESECRET, DST_R_NOTPRIVATEKEY, DST_R_NULLKEY, ISC_FALSE, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by dns_tkey_processdhresponse(), and process_dhtkey().
| isc_result_t dst_key_tofile | ( | const dst_key_t * | key, | |
| int | type, | |||
| const char * | directory | |||
| ) |
Writes a key to permanent storage. The key can either be a public or private key. Public keys are written in DNS format and private keys are written as a set of base64 encoded values. If directory is NULL, the current directory is assumed.
Requires:
Definition at line 472 of file dst_api.c.
References CHECKALG, DNS_KEYFLAG_TYPEMASK, DNS_KEYTYPE_NOKEY, dst_initialized, DST_R_UNSUPPORTEDALG, DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, VALID_KEY, and write_public_key().
| void dst_key_setexternal | ( | dst_key_t * | key, | |
| isc_boolean_t | value | |||
| ) |
| isc_boolean_t dst_key_isexternal | ( | dst_key_t * | key | ) |
| isc_result_t dst_key_getfilename | ( | dns_name_t * | name, | |
| dns_keytag_t | id, | |||
| unsigned int | alg, | |||
| int | type, | |||
| const char * | directory, | |||
| isc_mem_t * | mctx, | |||
| isc_buffer_t * | buf | |||
| ) |
Generates a key filename for the name, algorithm, and id, and places it in the buffer 'buf'. If directory is NULL, the current directory is assumed.
Requires:
Definition at line 508 of file dst_api.c.
References buildfilename(), CHECKALG, dns_name_isabsolute(), dst_initialized, DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, isc_buffer_availablelength, isc_buffer_putuint8, ISC_R_NOSPACE, ISC_R_SUCCESS, ISC_TRUE, and REQUIRE.
Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), and dst_key_fromfile().
| isc_result_t dst_key_fromfile | ( | dns_name_t * | name, | |
| dns_keytag_t | id, | |||
| unsigned int | alg, | |||
| int | type, | |||
| const char * | directory, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Reads a key from permanent storage. The key can either be a public or private key, and is specified by name, algorithm, and id. If a private key is specified, the public key must also be present. If directory is NULL, the current directory is assumed.
Requires:
Definition at line 534 of file dst_api.c.
References CHECKALG, computeid(), dns_name_equal(), dns_name_isabsolute(), dst_initialized, dst_key_free(), dst_key_fromnamedfile(), dst_key_getfilename(), DST_R_INVALIDPRIVATEKEY, DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, isc_buffer_init, ISC_DIR_NAMEMAX, ISC_R_SUCCESS, ISC_TRUE, and REQUIRE.
Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), emit(), keythatsigned(), and ns_tkeyctx_fromconfig().
| isc_result_t dst_key_fromnamedfile | ( | const char * | filename, | |
| const char * | dirname, | |||
| int | type, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Reads a key from permanent storage. The key can either be a public or key, and is specified by filename. If a private key is specified, the public key must also be present.
If 'dirname' is not NULL, and 'filename' is a relative path, then the file is looked up relative to the given directory. If 'filename' is an absolute path, 'dirname' is ignored.
Requires:
Definition at line 583 of file dst_api.c.
References addsuffix(), algorithm_status(), computeid(), DNS_KEYFLAG_TYPEMASK, DNS_KEYTYPE_NOKEY, dst_initialized, dst_key_free(), dst_key_read_public(), DST_R_INVALIDPRIVATEKEY, DST_R_UNSUPPORTEDALG, DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, get_key_struct(), INSIST, isc_lex_create(), isc_lex_destroy(), isc_lex_openfile(), isc_mem_get, isc_mem_put, ISC_R_NOMEMORY, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, and RETERR.
Referenced by dns_dnssec_findmatchingkeys(), dst_key_fromfile(), loadexplicitkeys(), loadkey(), main(), setup_file_key(), and setup_keyfile().
| isc_result_t dst_key_todns | ( | const dst_key_t * | key, | |
| isc_buffer_t * | target | |||
| ) |
Converts a DST key into a DNS KEY record.
Requires:
< NULL KEY
Definition at line 689 of file dst_api.c.
References CHECKALG, DNS_KEYFLAG_EXTENDED, dst_initialized, DST_R_UNSUPPORTEDALG, isc_buffer_availablelength, isc_buffer_putuint16, isc_buffer_putuint8, ISC_R_NOSPACE, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by computeid(), create_keydata(), dns_tkey_builddhquery(), loadkey(), make_dnskey(), process_dhtkey(), pub_compare(), write_public_key(), and writeset().
| isc_result_t dst_key_fromdns | ( | dns_name_t * | name, | |
| dns_rdataclass_t | rdclass, | |||
| isc_buffer_t * | source, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Converts a DNS KEY record into a DST key.
Requires:
Definition at line 720 of file dst_api.c.
References DNS_KEYFLAG_EXTENDED, dst_initialized, DST_R_INVALIDPUBLICKEY, dst_region_computeid(), dst_region_computerid(), frombuffer(), isc_buffer_getuint16(), isc_buffer_getuint8(), isc_buffer_remaininglength, isc_buffer_remainingregion, ISC_R_SUCCESS, r, and REQUIRE.
Referenced by dns_client_addtrustedkey(), dns_dnssec_keyfromrdata(), dns_message_checksig(), dns_nsec3_maxiterations(), dst_key_read_public(), dstkey_fromconfig(), emit(), get_dst_key(), get_key(), and logkey().
| isc_result_t dst_key_frombuffer | ( | dns_name_t * | name, | |
| unsigned int | alg, | |||
| unsigned int | flags, | |||
| unsigned int | protocol, | |||
| dns_rdataclass_t | rdclass, | |||
| isc_buffer_t * | source, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Converts a buffer containing DNS KEY RDATA into a DST key.
Requires:
Definition at line 762 of file dst_api.c.
References computeid(), dst_initialized, dst_key_free(), frombuffer(), ISC_R_SUCCESS, and REQUIRE.
Referenced by dns_tsigkey_create().
| isc_result_t dst_key_tobuffer | ( | const dst_key_t * | key, | |
| isc_buffer_t * | target | |||
| ) |
Converts a DST key into DNS KEY RDATA format.
Requires:
Definition at line 788 of file dst_api.c.
References CHECKALG, dst_initialized, DST_R_UNSUPPORTEDALG, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by generate_session_key().
| isc_result_t dst_key_privatefrombuffer | ( | dst_key_t * | key, | |
| isc_buffer_t * | buffer | |||
| ) |
Converts a public key into a private key, reading the private key information from the buffer. The buffer should contain the same data as the .private key file would.
Requires:
Definition at line 802 of file dst_api.c.
References dst_initialized, dst_key_isprivate(), DST_R_UNSUPPORTEDALG, isc_lex_create(), isc_lex_destroy(), isc_lex_openbuffer(), ISC_R_SUCCESS, ISC_TRUE, REQUIRE, RETERR, and VALID_KEY.
| gss_ctx_id_t dst_key_getgssctx | ( | const dst_key_t * | key | ) |
Returns the opaque key data. Be cautions when using this value unless you know what you are doing.
Requires:
Definition at line 824 of file dst_api.c.
References REQUIRE.
Referenced by process_gsstkey().
| isc_result_t dst_key_fromgssapi | ( | dns_name_t * | name, | |
| gss_ctx_id_t | gssctx, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp, | |||
| isc_region_t * | intoken | |||
| ) |
Converts a GSSAPI opaque context id into a DST key.
Requires:
Definition at line 832 of file dst_api.c.
References DNS_KEYPROTO_DNSSEC, DST_ALG_GSSAPI, get_key_struct(), isc_buffer_allocate(), isc_buffer_copyregion(), ISC_R_NOMEMORY, ISC_R_SUCCESS, isc_region::length, REQUIRE, and RETERR.
Referenced by dns_tkey_gssnegotiate(), dns_tkey_processgssresponse(), and process_gsstkey().
| isc_result_t dst_key_buildinternal | ( | dns_name_t * | name, | |
| unsigned int | alg, | |||
| unsigned int | bits, | |||
| unsigned int | flags, | |||
| unsigned int | protocol, | |||
| dns_rdataclass_t | rdclass, | |||
| void * | data, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Definition at line 864 of file dst_api.c.
References CHECKALG, computeid(), dns_name_isabsolute(), dst_initialized, dst_key_free(), get_key_struct(), ISC_R_NOMEMORY, ISC_R_SUCCESS, ISC_TRUE, and REQUIRE.
| isc_result_t dst_key_fromlabel | ( | dns_name_t * | name, | |
| int | alg, | |||
| unsigned int | flags, | |||
| unsigned int | protocol, | |||
| dns_rdataclass_t | rdclass, | |||
| const char * | engine, | |||
| const char * | label, | |||
| const char * | pin, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Definition at line 898 of file dst_api.c.
References CHECKALG, computeid(), dns_name_isabsolute(), dst_initialized, dst_key_free(), DST_R_UNSUPPORTEDALG, get_key_struct(), ISC_R_NOMEMORY, ISC_R_SUCCESS, ISC_TRUE, and REQUIRE.
Referenced by main().
| isc_result_t dst_key_generate | ( | dns_name_t * | name, | |
| unsigned int | alg, | |||
| unsigned int | bits, | |||
| unsigned int | param, | |||
| unsigned int | flags, | |||
| unsigned int | protocol, | |||
| dns_rdataclass_t | rdclass, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Definition at line 940 of file dst_api.c.
References dst_key_generate2().
Referenced by generate_session_key().
| isc_result_t dst_key_generate2 | ( | dns_name_t * | name, | |
| unsigned int | alg, | |||
| unsigned int | bits, | |||
| unsigned int | param, | |||
| unsigned int | flags, | |||
| unsigned int | protocol, | |||
| dns_rdataclass_t | rdclass, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp, | |||
| void(*)(int) | callback | |||
| ) |
Generate a DST key (or keypair) with the supplied parameters. The interpretation of the "param" field depends on the algorithm:.
RSA: exponent
0 use exponent 3
!0 use Fermat4 (2^16 + 1)
DH: generator
0 default - use well known prime if bits == 768 or 1024,
otherwise use 2 as the generator.
!0 use this value as the generator.
DSA: unused
HMACMD5: entropy
0 default - require good entropy
!0 lack of good entropy is ok
*
Requires:
< NULL KEY
Definition at line 951 of file dst_api.c.
References CHECKALG, computeid(), DNS_KEYTYPE_NOKEY, dns_name_isabsolute(), dst_initialized, dst_key_free(), DST_R_UNSUPPORTEDALG, get_key_struct(), ISC_R_NOMEMORY, ISC_R_SUCCESS, ISC_TRUE, and REQUIRE.
Referenced by dst_key_generate(), and main().
| isc_result_t dst_key_getnum | ( | const dst_key_t * | key, | |
| int | type, | |||
| isc_uint32_t * | valuep | |||
| ) |
Get a member of the numeric metadata array and place it in '*valuep'.
Requires: "key" is a valid key. "type" is no larger than DST_MAX_NUMERIC "timep" is not null.
Definition at line 1001 of file dst_api.c.
References DST_MAX_NUMERIC, ISC_R_NOTFOUND, ISC_R_SUCCESS, REQUIRE, and VALID_KEY.
Referenced by dst__privstruct_writefile().
| void dst_key_setnum | ( | dst_key_t * | key, | |
| int | type, | |||
| isc_uint32_t | value | |||
| ) |
Set a member of the numeric metadata array.
Requires: "key" is a valid key. "type" is no larger than DST_MAX_NUMERIC
Definition at line 1013 of file dst_api.c.
References DST_MAX_NUMERIC, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by dst__privstruct_parse().
| void dst_key_unsetnum | ( | dst_key_t * | key, | |
| int | type | |||
| ) |
| isc_result_t dst_key_gettime | ( | const dst_key_t * | key, | |
| int | type, | |||
| isc_stdtime_t * | timep | |||
| ) |
Get a member of the timing metadata array and place it in '*timep'.
Requires: "key" is a valid key. "type" is no larger than DST_MAX_TIMES "timep" is not null.
Definition at line 1030 of file dst_api.c.
References DST_MAX_TIMES, ISC_R_NOTFOUND, ISC_R_SUCCESS, REQUIRE, and VALID_KEY.
Referenced by dns_dnssec_keyactive(), dst__privstruct_writefile(), get_hints(), main(), next_keyevent(), and printtime().
| void dst_key_settime | ( | dst_key_t * | key, | |
| int | type, | |||
| isc_stdtime_t | when | |||
| ) |
Set a member of the timing metadata array.
Requires: "key" is a valid key. "type" is no larger than DST_MAX_TIMES
Definition at line 1041 of file dst_api.c.
References DST_MAX_TIMES, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by dst__privstruct_parse(), emit(), main(), publish_key(), and set_keyversion().
| void dst_key_unsettime | ( | dst_key_t * | key, | |
| int | type | |||
| ) |
| isc_result_t dst_key_getprivateformat | ( | const dst_key_t * | key, | |
| int * | majorp, | |||
| int * | minorp | |||
| ) |
Get the private key format version number. (If the key does not have a private key associated with it, the version will be 0.0.) The major version number is placed in '*majorp', and the minor version number in '*minorp'.
Requires: "key" is a valid key. "majorp" is not NULL. "minorp" is not NULL.
Definition at line 1056 of file dst_api.c.
References ISC_R_SUCCESS, REQUIRE, and VALID_KEY.
Referenced by check_keyversion(), dns_dnssec_keyactive(), dns_dnsseckey_create(), dst__privstruct_writefile(), main(), and set_keyversion().
| void dst_key_setprivateformat | ( | dst_key_t * | key, | |
| int | major, | |||
| int | minor | |||
| ) |
Set the private key format version number.
Requires: "key" is a valid key.
Definition at line 1066 of file dst_api.c.
References REQUIRE, and VALID_KEY.
Referenced by dst__privstruct_parse(), main(), and set_keyversion().
| static isc_boolean_t comparekeys | ( | const dst_key_t * | key1, | |
| const dst_key_t * | key2, | |||
| isc_boolean_t | match_revoked_key, | |||
| isc_boolean_t(*)(const dst_key_t *key1, const dst_key_t *key2) | compare | |||
| ) | [static] |
Definition at line 1073 of file dst_api.c.
References compare(), DNS_KEYFLAG_REVOKE, DST_ALG_RSAMD5, dst_initialized, ISC_FALSE, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by dst_key_compare(), and dst_key_pubcompare().
| static isc_boolean_t pub_compare | ( | const dst_key_t * | key1, | |
| const dst_key_t * | key2 | |||
| ) | [static] |
Definition at line 1116 of file dst_api.c.
References DNS_KEYFLAG_EXTENDED, DST_KEY_MAXSIZE, dst_key_todns(), isc_buffer_init, isc_buffer_subtract, isc_buffer_usedregion, ISC_FALSE, ISC_R_SUCCESS, isc_region_compare(), ISC_TF, isc_region::length, r1, and r2.
Referenced by dst_key_pubcompare().
| isc_boolean_t dst_key_compare | ( | const dst_key_t * | key1, | |
| const dst_key_t * | key2 | |||
| ) |
Compares two DST keys. Returns true if they match, false otherwise.
Keys ARE NOT considered to match if one of them is the revoked version of the other.
Requires:
Definition at line 1157 of file dst_api.c.
References comparekeys(), and ISC_FALSE.
Referenced by dns_keytable_deletekeynode(), get_dst_key(), insert(), and ns_client_isself().
| isc_boolean_t dst_key_pubcompare | ( | const dst_key_t * | key1, | |
| const dst_key_t * | key2, | |||
| isc_boolean_t | match_revoked_key | |||
| ) |
Compares only the public portions of two DST keys. Returns true if they match, false otherwise. This allows us, for example, to determine whether a public key found in a zone matches up with a key pair found on disk.
If match_revoked_key is TRUE, then keys ARE considered to match if one of them is the revoked version of the other. Otherwise, they are not.
Requires:
Definition at line 1162 of file dst_api.c.
References comparekeys(), and pub_compare().
Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), and dns_dnssec_updatekeys().
| isc_boolean_t dst_key_paramcompare | ( | const dst_key_t * | key1, | |
| const dst_key_t * | key2 | |||
| ) |
Compares the parameters of two DST keys. This is used to determine if two (Diffie-Hellman) keys can be used to derive a shared secret.
Requires:
Definition at line 1170 of file dst_api.c.
References dst_initialized, ISC_FALSE, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by process_dhtkey().
Definition at line 1188 of file dst_api.c.
References dst_initialized, isc_refcount_increment, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by dns_tsigkey_createfromkey(), and setup_keyfile().
| void dst_key_free | ( | dst_key_t ** | keyp | ) |
Decrement the key's reference counter and, when it reaches zero, release all memory associated with the key.
Requires:
Definition at line 1199 of file dst_api.c.
References dns_name_free(), dst_initialized, INSIST, isc_buffer_free(), isc_mem_free, isc_mem_put, isc_mem_putanddetach, isc_refcount_decrement, isc_refcount_destroy, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by addkey(), checkkey(), cleanup(), compute_tag(), destroy(), dns_client_addtrustedkey(), dns_dnssec_findmatchingkeys(), dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), dns_dnssec_signs(), dns_dnsseckey_destroy(), dns_keynode_detach(), dns_keytable_deletekeynode(), dns_message_checksig(), dns_nsec3_maxiterations(), dns_tkey_gssnegotiate(), dns_tkey_processdhresponse(), dns_tkey_processgssresponse(), dns_tkeyctx_destroy(), dns_tsec_destroy(), dns_tsigkey_create(), dns_tsigkey_createfromkey(), dns_update_signaturesinc(), dns_view_untrust(), doshutdown(), dst_key_buildinternal(), dst_key_frombuffer(), dst_key_fromfile(), dst_key_fromlabel(), dst_key_fromnamedfile(), dst_key_generate2(), dst_key_restore(), dstkey_fromconfig(), emit(), frombuffer(), generate_session_key(), get_dst_key(), get_key(), goodsig(), insert(), isselfsigned(), keythatsigned(), load_view_keys(), loadexplicitkeys(), loadkey(), logkey(), main(), process_dhtkey(), process_gsstkey(), restore_key(), revocable(), setup_file_key(), setup_keyfile(), trust_key(), tsigkey_free(), update_sendevent(), validate(), zone_nsec3chain(), zone_resigninc(), and zone_sign().
| isc_boolean_t dst_key_isprivate | ( | const dst_key_t * | key | ) |
Definition at line 1234 of file dst_api.c.
References INSIST, REQUIRE, and VALID_KEY.
Referenced by add_sigs(), addkey(), del_keysigs(), del_sigs(), delsig_ok(), dns_tkey_builddhquery(), dns_tkey_processdhresponse(), dst_key_computesecret(), dst_key_privatefrombuffer(), emit(), loadexplicitkeys(), main(), and zone_sign().
| isc_result_t dst_key_buildfilename | ( | const dst_key_t * | key, | |
| int | type, | |||
| const char * | directory, | |||
| isc_buffer_t * | out | |||
| ) |
Generates the filename used by dst to store the specified key. If directory is NULL, the current directory is assumed.
Requires:
Definition at line 1241 of file dst_api.c.
References buildfilename(), DST_TYPE_PRIVATE, DST_TYPE_PUBLIC, REQUIRE, and VALID_KEY.
Referenced by dst__privstruct_writefile(), emit(), main(), and write_public_key().
| isc_result_t dst_key_sigsize | ( | const dst_key_t * | key, | |
| unsigned int * | n | |||
| ) |
Computes the size of a signature generated by the given key.
Requires:
< XXX
Definition at line 1253 of file dst_api.c.
References DNS_SIG_DSASIGSIZE, DNS_SIG_ECDSA256SIZE, DNS_SIG_ECDSA384SIZE, DNS_SIG_GOSTSIGSIZE, DST_ALG_DH, DST_ALG_DSA, DST_ALG_ECCGOST, DST_ALG_ECDSA256, DST_ALG_ECDSA384, DST_ALG_GSSAPI, DST_ALG_HMACMD5, DST_ALG_HMACSHA1, DST_ALG_HMACSHA224, DST_ALG_HMACSHA256, DST_ALG_HMACSHA384, DST_ALG_HMACSHA512, DST_ALG_NSEC3DSA, DST_ALG_NSEC3RSASHA1, DST_ALG_RSAMD5, DST_ALG_RSASHA1, DST_ALG_RSASHA256, DST_ALG_RSASHA512, dst_initialized, DST_R_UNSUPPORTEDALG, ISC_R_SUCCESS, ISC_SHA1_DIGESTLENGTH, ISC_SHA224_DIGESTLENGTH, ISC_SHA256_DIGESTLENGTH, ISC_SHA384_DIGESTLENGTH, ISC_SHA512_DIGESTLENGTH, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by dns_dnssec_sign(), dns_dnssec_signmessage(), dns_message_setsig0key(), dns_tsig_sign(), dns_tsig_verify(), dst_key_setbits(), and spacefortsig().
| isc_result_t dst_key_secretsize | ( | const dst_key_t * | key, | |
| unsigned int * | n | |||
| ) |
Computes the size of a shared secret generated by the given key.
Requires:
Definition at line 1309 of file dst_api.c.
References DST_ALG_DH, dst_initialized, DST_R_UNSUPPORTEDALG, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by dns_tkey_processdhresponse(), and process_dhtkey().
| isc_result_t dst_key_setflags | ( | dst_key_t * | key, | |
| isc_uint32_t | flags | |||
| ) |
Set the flags on a key, then recompute the key ID.
Definition at line 1325 of file dst_api.c.
References computeid(), REQUIRE, and VALID_KEY.
Referenced by dns_dnssec_findzonekeys2(), dns_dnssec_keylistfromrdataset(), get_hints(), and main().
| void dst_key_format | ( | const dst_key_t * | key, | |
| char * | cp, | |||
| unsigned int | size | |||
| ) |
Write the uniquely identifying information about the key (name, algorithm, key ID) into a string 'cp' of size 'size'.
Definition at line 1332 of file dst_api.c.
References dns_name_format(), DNS_NAME_FORMATSIZE, dns_secalg_format(), dst_key_alg(), dst_key_id(), and dst_key_name().
Referenced by dns_keytable_totext(), dns_sdlzssumatch(), dns_ssu_external_match(), emit(), loadkey(), logkey(), main(), publish_key(), and signwithkey().
| isc_result_t dst_key_dump | ( | dst_key_t * | key, | |
| isc_mem_t * | mctx, | |||
| char ** | buffer, | |||
| int * | length | |||
| ) |
Allocate 'buffer' and dump the key into it in base64 format. The buffer is not NUL terminated. The length of the buffer is returned in *length.
'buffer' needs to be freed using isc_mem_put(mctx, buffer, length);
Requires: 'buffer' to be non NULL and *buffer to be NULL. 'length' to be non NULL and *length to be zero.
Returns: ISC_R_SUCCESS ISC_R_NOMEMORY ISC_R_NOTIMPLEMENTED others.
Definition at line 1343 of file dst_api.c.
References ISC_R_NOTIMPLEMENTED, REQUIRE, and VALID_KEY.
Referenced by dump_key().
| isc_result_t dst_key_restore | ( | dns_name_t * | name, | |
| unsigned int | alg, | |||
| unsigned int | flags, | |||
| unsigned int | protocol, | |||
| dns_rdataclass_t | rdclass, | |||
| isc_mem_t * | mctx, | |||
| const char * | keystr, | |||
| dst_key_t ** | keyp | |||
| ) |
Definition at line 1355 of file dst_api.c.
References dst_initialized, dst_key_free(), DST_MAX_ALGS, DST_R_UNSUPPORTEDALG, get_key_struct(), ISC_R_NOMEMORY, ISC_R_NOTIMPLEMENTED, ISC_R_SUCCESS, ISC_TRUE, REQUIRE, and dst_func::restore.
Referenced by restore_key().
| isc_boolean_t dst_key_inactive | ( | const dst_key_t * | key | ) |
Determines if the private key is missing due the key being deemed inactive.
Requires: 'key' to be valid.
Definition at line 1449 of file dst_api.c.
References REQUIRE, and VALID_KEY.
Referenced by del_keysigs(), and del_sigs().
| void dst_key_setinactive | ( | dst_key_t * | key, | |
| isc_boolean_t | inactive | |||
| ) |
| isc_result_t dst_key_read_public | ( | const char * | filename, | |
| int | type, | |||
| isc_mem_t * | mctx, | |||
| dst_key_t ** | keyp | |||
| ) |
Reads a public key from disk.
Reads a public key from permanent storage. The key must be a public key.
< SIG(0), TKEY
Definition at line 1468 of file dst_api.c.
References isc_tokenvalue_t::as_textregion, BADTOKEN, cleanup(), dns_fixedname_init, dns_fixedname_name, dns_name_fromtext(), dns_rdata_fromtext(), DNS_RDATA_INIT, dns_rdataclass_fromtext(), dns_rootname, dns_ttl_fromtext(), DST_AS_STR, dst_key_fromdns(), DST_KEY_MAXSIZE, dst_key_setttl(), DST_R_BADKEYTYPE, DST_TYPE_KEY, isc_buffer_add, isc_buffer_init, ISC_FALSE, isc_lex_create(), isc_lex_destroy(), isc_lex_openfile(), isc_lex_setcomments(), isc_lex_setspecials(), ISC_LEXCOMMENT_DNSMASTERFILE, ISC_LEXOPT_DNSMULTILINE, ISC_R_SUCCESS, isc_tokentype_string, NEXTTOKEN, token, isc_token::type, and isc_token::value.
Referenced by dst_key_fromnamedfile().
| static isc_boolean_t issymmetric | ( | const dst_key_t * | key | ) | [static] |
Definition at line 1591 of file dst_api.c.
References DST_ALG_DH, DST_ALG_DSA, DST_ALG_ECCGOST, DST_ALG_ECDSA256, DST_ALG_ECDSA384, DST_ALG_GSSAPI, DST_ALG_HMACMD5, DST_ALG_NSEC3DSA, DST_ALG_NSEC3RSASHA1, DST_ALG_RSAMD5, DST_ALG_RSASHA1, DST_ALG_RSASHA256, DST_ALG_RSASHA512, dst_initialized, ISC_FALSE, ISC_TRUE, REQUIRE, and VALID_KEY.
Referenced by write_public_key().
| static void printtime | ( | const dst_key_t * | key, | |
| int | type, | |||
| const char * | tag, | |||
| FILE * | stream | |||
| ) | [static] |
Write key timing metadata to a file pointer, preceded by 'tag'.
Definition at line 1621 of file dst_api.c.
References isc_region::base, dns_time32_totext(), dst_key_gettime(), error(), isc_buffer_init, isc_buffer_usedregion, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_region::length, output(), and r.
Referenced by channel_fromconf(), isc_log_doit(), main(), and write_public_key().
| isc_result_t dst__entropy_getdata | ( | void * | buf, | |
| unsigned int | len, | |||
| isc_boolean_t | pseudo | |||
| ) |
Entropy retriever using the DST entropy pool.
Definition at line 1920 of file dst_api.c.
References dst_entropy_flags, ISC_ENTROPY_BLOCKING, isc_entropy_getdata(), ISC_ENTROPY_GOODONLY, ISC_R_FAILURE, ISC_R_SUCCESS, pk11_rand_bytes(), and UNUSED.
Referenced by hmacmd5_generate(), hmacsha1_generate(), hmacsha224_generate(), hmacsha256_generate(), hmacsha384_generate(), hmacsha512_generate(), and process_dhtkey().
| unsigned int dst__entropy_status | ( | void | ) |
Definition at line 1943 of file dst_api.c.
References dst_entropy_flags, INSIST, isc_entropy_getdata(), ISC_ENTROPY_GOODONLY, isc_entropy_putdata(), isc_entropy_status(), ISC_FALSE, ISC_R_SUCCESS, and ISC_TRUE.
| isc_buffer_t* dst_key_tkeytoken | ( | const dst_key_t * | key | ) |
Return the token from the TKEY request, if any. If this key was not negotiated via TKEY, return NULL.
Requires: "key" is a valid key.
Definition at line 1971 of file dst_api.c.
References REQUIRE, and VALID_KEY.
Referenced by dns_sdlzssumatch(), and dns_ssu_external_match().
dst_func_t* dst_t_func[DST_MAX_ALGS] [static] |
isc_entropy_t* dst_entropy_pool = NULL [static] |
unsigned int dst_entropy_flags = 0 [static] |
Definition at line 79 of file dst_api.c.
Referenced by dst__entropy_getdata(), dst__entropy_status(), and dst_lib_init2().
| isc_boolean_t dst_initialized = ISC_FALSE |
Definition at line 81 of file dst_api.c.
Referenced by algorithm_status(), comparekeys(), dst_algorithm_supported(), dst_context_create4(), dst_key_attach(), dst_key_buildinternal(), dst_key_computesecret(), dst_key_free(), dst_key_frombuffer(), dst_key_fromdns(), dst_key_fromfile(), dst_key_fromlabel(), dst_key_fromnamedfile(), dst_key_generate2(), dst_key_getfilename(), dst_key_paramcompare(), dst_key_privatefrombuffer(), dst_key_restore(), dst_key_secretsize(), dst_key_sigsize(), dst_key_tobuffer(), dst_key_todns(), dst_key_tofile(), dst_lib_destroy(), dst_lib_init2(), and issymmetric().
| void isc_mem_t* dst__memory_pool = NULL |