2019-09-03 10:39:25 +02:00
|
|
|
/*
|
|
|
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
|
|
|
*
|
|
|
|
|
* SPDX-License-Identifier: MPL-2.0
|
2021-06-03 08:37:05 +02:00
|
|
|
*
|
2019-09-03 10:39:25 +02:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
|
|
|
*
|
|
|
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
|
|
|
* information regarding copyright ownership.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*! \file */
|
|
|
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
#include <isc/assertions.h>
|
2020-10-13 14:39:21 +02:00
|
|
|
#include <isc/buffer.h>
|
2019-09-03 10:39:25 +02:00
|
|
|
#include <isc/file.h>
|
2020-10-13 14:39:21 +02:00
|
|
|
#include <isc/hex.h>
|
2019-09-03 10:39:25 +02:00
|
|
|
#include <isc/log.h>
|
|
|
|
|
#include <isc/mem.h>
|
|
|
|
|
#include <isc/util.h>
|
|
|
|
|
|
|
|
|
|
#include <dns/kasp.h>
|
2019-09-11 16:32:58 +02:00
|
|
|
#include <dns/keyvalues.h>
|
2019-09-03 10:39:25 +02:00
|
|
|
|
2023-01-30 11:18:42 +01:00
|
|
|
#include <dst/dst.h>
|
|
|
|
|
|
2023-07-26 11:50:57 +02:00
|
|
|
/* Default TTLsig (maximum zone ttl) */
|
2023-08-02 11:16:50 +02:00
|
|
|
#define DEFAULT_TTLSIG 604800 /* one week */
|
2023-07-26 11:50:57 +02:00
|
|
|
|
2019-09-03 10:39:25 +02:00
|
|
|
isc_result_t
|
2020-02-06 10:28:53 -08:00
|
|
|
dns_kasp_create(isc_mem_t *mctx, const char *name, dns_kasp_t **kaspp) {
|
2019-09-03 10:39:25 +02:00
|
|
|
dns_kasp_t *kasp;
|
2022-06-21 12:31:05 +02:00
|
|
|
dns_kasp_t k = {
|
|
|
|
|
.magic = DNS_KASP_MAGIC,
|
2023-02-10 15:18:36 +01:00
|
|
|
.digests = ISC_LIST_INITIALIZER,
|
|
|
|
|
.keys = ISC_LIST_INITIALIZER,
|
|
|
|
|
.link = ISC_LINK_INITIALIZER,
|
2022-06-21 12:31:05 +02:00
|
|
|
};
|
2019-09-03 10:39:25 +02:00
|
|
|
|
|
|
|
|
REQUIRE(name != NULL);
|
|
|
|
|
REQUIRE(kaspp != NULL && *kaspp == NULL);
|
|
|
|
|
|
|
|
|
|
kasp = isc_mem_get(mctx, sizeof(*kasp));
|
2022-06-21 12:31:05 +02:00
|
|
|
*kasp = k;
|
|
|
|
|
|
2019-09-03 10:39:25 +02:00
|
|
|
kasp->mctx = NULL;
|
|
|
|
|
isc_mem_attach(mctx, &kasp->mctx);
|
|
|
|
|
kasp->name = isc_mem_strdup(mctx, name);
|
2023-12-19 17:07:40 +01:00
|
|
|
isc_mutex_init(&kasp->lock);
|
2019-09-03 10:39:25 +02:00
|
|
|
isc_refcount_init(&kasp->references, 1);
|
|
|
|
|
|
|
|
|
|
*kaspp = kasp;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dns_kasp_attach(dns_kasp_t *source, dns_kasp_t **targetp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(source));
|
|
|
|
|
REQUIRE(targetp != NULL && *targetp == NULL);
|
2019-09-11 16:32:58 +02:00
|
|
|
|
2019-09-03 10:39:25 +02:00
|
|
|
isc_refcount_increment(&source->references);
|
|
|
|
|
*targetp = source;
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-11 13:43:12 +02:00
|
|
|
static void
|
2019-09-03 10:39:25 +02:00
|
|
|
destroy(dns_kasp_t *kasp) {
|
2023-02-10 15:18:36 +01:00
|
|
|
dns_kasp_key_t *key, *key_next;
|
|
|
|
|
dns_kasp_digest_t *digest, *digest_next;
|
2019-09-03 10:39:25 +02:00
|
|
|
|
2020-02-06 10:28:53 -08:00
|
|
|
REQUIRE(!ISC_LINK_LINKED(kasp, link));
|
2019-11-05 13:36:40 +11:00
|
|
|
|
2019-09-03 10:39:25 +02:00
|
|
|
for (key = ISC_LIST_HEAD(kasp->keys); key != NULL; key = key_next) {
|
|
|
|
|
key_next = ISC_LIST_NEXT(key, link);
|
|
|
|
|
ISC_LIST_UNLINK(kasp->keys, key, link);
|
|
|
|
|
dns_kasp_key_destroy(key);
|
|
|
|
|
}
|
2020-02-06 10:28:53 -08:00
|
|
|
INSIST(ISC_LIST_EMPTY(kasp->keys));
|
2019-09-03 10:39:25 +02:00
|
|
|
|
2023-02-10 15:18:36 +01:00
|
|
|
for (digest = ISC_LIST_HEAD(kasp->digests); digest != NULL;
|
|
|
|
|
digest = digest_next)
|
|
|
|
|
{
|
|
|
|
|
digest_next = ISC_LIST_NEXT(digest, link);
|
|
|
|
|
ISC_LIST_UNLINK(kasp->digests, digest, link);
|
|
|
|
|
isc_mem_put(kasp->mctx, digest, sizeof(*digest));
|
|
|
|
|
}
|
|
|
|
|
INSIST(ISC_LIST_EMPTY(kasp->digests));
|
|
|
|
|
|
2023-12-19 17:07:40 +01:00
|
|
|
isc_mutex_destroy(&kasp->lock);
|
2019-09-03 10:39:25 +02:00
|
|
|
isc_mem_free(kasp->mctx, kasp->name);
|
|
|
|
|
isc_mem_putanddetach(&kasp->mctx, kasp, sizeof(*kasp));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dns_kasp_detach(dns_kasp_t **kaspp) {
|
|
|
|
|
REQUIRE(kaspp != NULL && DNS_KASP_VALID(*kaspp));
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-09-03 10:39:25 +02:00
|
|
|
dns_kasp_t *kasp = *kaspp;
|
|
|
|
|
*kaspp = NULL;
|
|
|
|
|
|
|
|
|
|
if (isc_refcount_decrement(&kasp->references) == 1) {
|
|
|
|
|
destroy(kasp);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-06 10:28:53 -08:00
|
|
|
const char *
|
2019-09-11 16:32:58 +02:00
|
|
|
dns_kasp_getname(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 12:04:52 +01:00
|
|
|
return (kasp->name);
|
2019-09-11 16:32:58 +02:00
|
|
|
}
|
|
|
|
|
|
2019-09-03 10:39:25 +02:00
|
|
|
void
|
|
|
|
|
dns_kasp_freeze(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-09-03 10:39:25 +02:00
|
|
|
kasp->frozen = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dns_kasp_thaw(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-09-03 10:39:25 +02:00
|
|
|
kasp->frozen = false;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-30 17:40:08 +01:00
|
|
|
uint32_t
|
2019-10-16 18:36:38 +02:00
|
|
|
dns_kasp_signdelay(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-10-16 18:36:38 +02:00
|
|
|
return (kasp->signatures_validity - kasp->signatures_refresh);
|
|
|
|
|
}
|
|
|
|
|
|
2024-01-31 16:52:32 +01:00
|
|
|
uint32_t
|
|
|
|
|
dns_kasp_sigjitter(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
|
|
|
|
|
|
|
|
|
return (kasp->signatures_jitter);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dns_kasp_setsigjitter(dns_kasp_t *kasp, uint32_t value) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
|
|
|
|
|
|
|
|
|
kasp->signatures_jitter = value;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-30 17:40:08 +01:00
|
|
|
uint32_t
|
2019-10-16 18:36:38 +02:00
|
|
|
dns_kasp_sigrefresh(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 12:04:52 +01:00
|
|
|
return (kasp->signatures_refresh);
|
2019-10-16 18:36:38 +02:00
|
|
|
}
|
|
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
void
|
|
|
|
|
dns_kasp_setsigrefresh(dns_kasp_t *kasp, uint32_t value) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
kasp->signatures_refresh = value;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-30 17:40:08 +01:00
|
|
|
uint32_t
|
2019-10-16 18:36:38 +02:00
|
|
|
dns_kasp_sigvalidity(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 12:04:52 +01:00
|
|
|
return (kasp->signatures_validity);
|
2019-10-16 18:36:38 +02:00
|
|
|
}
|
|
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
void
|
|
|
|
|
dns_kasp_setsigvalidity(dns_kasp_t *kasp, uint32_t value) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
kasp->signatures_validity = value;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-30 17:40:08 +01:00
|
|
|
uint32_t
|
2019-10-16 18:36:38 +02:00
|
|
|
dns_kasp_sigvalidity_dnskey(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 12:04:52 +01:00
|
|
|
return (kasp->signatures_validity_dnskey);
|
2019-10-16 18:36:38 +02:00
|
|
|
}
|
|
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
void
|
|
|
|
|
dns_kasp_setsigvalidity_dnskey(dns_kasp_t *kasp, uint32_t value) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2021-01-07 17:41:38 +01:00
|
|
|
kasp->signatures_validity_dnskey = value;
|
2019-11-04 16:26:39 +01:00
|
|
|
}
|
|
|
|
|
|
2019-09-11 16:32:58 +02:00
|
|
|
dns_ttl_t
|
|
|
|
|
dns_kasp_dnskeyttl(dns_kasp_t *kasp) {
|
2019-09-03 10:39:25 +02:00
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
2019-09-11 16:32:58 +02:00
|
|
|
REQUIRE(kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 12:04:52 +01:00
|
|
|
return (kasp->dnskey_ttl);
|
2019-09-03 10:39:25 +02:00
|
|
|
}
|
|
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
void
|
|
|
|
|
dns_kasp_setdnskeyttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
kasp->dnskey_ttl = ttl;
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-08 12:02:19 +01:00
|
|
|
uint32_t
|
|
|
|
|
dns_kasp_purgekeys(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
|
|
|
|
|
|
|
|
|
return (kasp->purge_keys);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dns_kasp_setpurgekeys(dns_kasp_t *kasp, uint32_t value) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
|
|
|
|
|
|
|
|
|
kasp->purge_keys = value;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-30 17:40:08 +01:00
|
|
|
uint32_t
|
2019-10-16 18:36:38 +02:00
|
|
|
dns_kasp_publishsafety(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 12:04:52 +01:00
|
|
|
return (kasp->publish_safety);
|
2019-10-16 18:36:38 +02:00
|
|
|
}
|
|
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
void
|
|
|
|
|
dns_kasp_setpublishsafety(dns_kasp_t *kasp, uint32_t value) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
kasp->publish_safety = value;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-30 17:40:08 +01:00
|
|
|
uint32_t
|
2019-10-16 18:36:38 +02:00
|
|
|
dns_kasp_retiresafety(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 12:04:52 +01:00
|
|
|
return (kasp->retire_safety);
|
2019-10-16 18:36:38 +02:00
|
|
|
}
|
|
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
void
|
|
|
|
|
dns_kasp_setretiresafety(dns_kasp_t *kasp, uint32_t value) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
kasp->retire_safety = value;
|
|
|
|
|
}
|
|
|
|
|
|
2023-04-03 17:00:36 +02:00
|
|
|
bool
|
|
|
|
|
dns_kasp_inlinesigning(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
|
|
|
|
|
|
|
|
|
return (kasp->inline_signing);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dns_kasp_setinlinesigning(dns_kasp_t *kasp, bool value) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
|
|
|
|
|
|
|
|
|
kasp->inline_signing = value;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-16 18:36:38 +02:00
|
|
|
dns_ttl_t
|
2023-07-26 11:50:57 +02:00
|
|
|
dns_kasp_zonemaxttl(dns_kasp_t *kasp, bool fallback) {
|
2019-10-16 18:36:38 +02:00
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2023-07-26 11:50:57 +02:00
|
|
|
if (kasp->zone_max_ttl == 0 && fallback) {
|
|
|
|
|
return (DEFAULT_TTLSIG);
|
|
|
|
|
}
|
2019-11-04 12:04:52 +01:00
|
|
|
return (kasp->zone_max_ttl);
|
2019-10-16 18:36:38 +02:00
|
|
|
}
|
|
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
void
|
|
|
|
|
dns_kasp_setzonemaxttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
kasp->zone_max_ttl = ttl;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-30 17:40:08 +01:00
|
|
|
uint32_t
|
2019-10-16 18:36:38 +02:00
|
|
|
dns_kasp_zonepropagationdelay(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 12:04:52 +01:00
|
|
|
return (kasp->zone_propagation_delay);
|
2019-10-16 18:36:38 +02:00
|
|
|
}
|
|
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
void
|
|
|
|
|
dns_kasp_setzonepropagationdelay(dns_kasp_t *kasp, uint32_t value) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
kasp->zone_propagation_delay = value;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-16 18:36:38 +02:00
|
|
|
dns_ttl_t
|
|
|
|
|
dns_kasp_dsttl(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 12:04:52 +01:00
|
|
|
return (kasp->parent_ds_ttl);
|
2019-10-16 18:36:38 +02:00
|
|
|
}
|
|
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
void
|
|
|
|
|
dns_kasp_setdsttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
kasp->parent_ds_ttl = ttl;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-30 17:40:08 +01:00
|
|
|
uint32_t
|
2019-10-16 18:36:38 +02:00
|
|
|
dns_kasp_parentpropagationdelay(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 12:04:52 +01:00
|
|
|
return (kasp->parent_propagation_delay);
|
2019-10-16 18:36:38 +02:00
|
|
|
}
|
|
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
void
|
|
|
|
|
dns_kasp_setparentpropagationdelay(dns_kasp_t *kasp, uint32_t value) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
kasp->parent_propagation_delay = value;
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-03 10:39:25 +02:00
|
|
|
isc_result_t
|
2020-02-06 10:28:53 -08:00
|
|
|
dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp) {
|
2019-09-11 16:32:58 +02:00
|
|
|
dns_kasp_t *kasp = NULL;
|
2019-09-03 10:39:25 +02:00
|
|
|
|
2019-11-04 12:04:52 +01:00
|
|
|
REQUIRE(kaspp != NULL && *kaspp == NULL);
|
|
|
|
|
|
2019-09-03 10:39:25 +02:00
|
|
|
if (list == NULL) {
|
|
|
|
|
return (ISC_R_NOTFOUND);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (kasp = ISC_LIST_HEAD(*list); kasp != NULL;
|
|
|
|
|
kasp = ISC_LIST_NEXT(kasp, link))
|
|
|
|
|
{
|
|
|
|
|
if (strcmp(kasp->name, name) == 0) {
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-09-03 10:39:25 +02:00
|
|
|
if (kasp == NULL) {
|
|
|
|
|
return (ISC_R_NOTFOUND);
|
|
|
|
|
}
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-09-03 10:39:25 +02:00
|
|
|
dns_kasp_attach(kasp, kaspp);
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
dns_kasp_keylist_t
|
2020-02-06 10:28:53 -08:00
|
|
|
dns_kasp_keys(dns_kasp_t *kasp) {
|
2019-11-04 16:26:39 +01:00
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
return (kasp->keys);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool
|
2020-02-06 10:28:53 -08:00
|
|
|
dns_kasp_keylist_empty(dns_kasp_t *kasp) {
|
2019-11-04 16:26:39 +01:00
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
return (ISC_LIST_EMPTY(kasp->keys));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2020-02-06 10:28:53 -08:00
|
|
|
dns_kasp_addkey(dns_kasp_t *kasp, dns_kasp_key_t *key) {
|
2019-11-04 16:26:39 +01:00
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
|
|
|
|
REQUIRE(key != NULL);
|
|
|
|
|
|
|
|
|
|
ISC_LIST_APPEND(kasp->keys, key, link);
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-03 10:39:25 +02:00
|
|
|
isc_result_t
|
2020-02-06 10:28:53 -08:00
|
|
|
dns_kasp_key_create(dns_kasp_t *kasp, dns_kasp_key_t **keyp) {
|
2022-01-25 10:30:04 +01:00
|
|
|
dns_kasp_key_t *key = NULL;
|
|
|
|
|
dns_kasp_key_t k = { .length = -1 };
|
2019-09-03 10:39:25 +02:00
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
2019-09-03 10:39:25 +02:00
|
|
|
REQUIRE(keyp != NULL && *keyp == NULL);
|
|
|
|
|
|
2019-11-04 16:26:39 +01:00
|
|
|
key = isc_mem_get(kasp->mctx, sizeof(*key));
|
2022-01-25 10:30:04 +01:00
|
|
|
*key = k;
|
|
|
|
|
|
2019-09-03 10:39:25 +02:00
|
|
|
key->mctx = NULL;
|
2019-11-04 16:26:39 +01:00
|
|
|
isc_mem_attach(kasp->mctx, &key->mctx);
|
2019-09-03 10:39:25 +02:00
|
|
|
|
|
|
|
|
ISC_LINK_INIT(key, link);
|
|
|
|
|
|
|
|
|
|
*keyp = key;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2020-02-06 10:28:53 -08:00
|
|
|
dns_kasp_key_destroy(dns_kasp_key_t *key) {
|
2019-09-03 10:39:25 +02:00
|
|
|
REQUIRE(key != NULL);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2022-01-25 10:30:04 +01:00
|
|
|
if (key->keystore != NULL) {
|
2022-02-18 15:03:49 +01:00
|
|
|
dns_keystore_detach(&key->keystore);
|
2022-01-25 10:30:04 +01:00
|
|
|
}
|
2019-09-03 10:39:25 +02:00
|
|
|
isc_mem_putanddetach(&key->mctx, key, sizeof(*key));
|
|
|
|
|
}
|
2019-09-11 16:32:58 +02:00
|
|
|
|
|
|
|
|
uint32_t
|
|
|
|
|
dns_kasp_key_algorithm(dns_kasp_key_t *key) {
|
|
|
|
|
REQUIRE(key != NULL);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-11-04 12:04:52 +01:00
|
|
|
return (key->algorithm);
|
2019-09-11 16:32:58 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
unsigned int
|
|
|
|
|
dns_kasp_key_size(dns_kasp_key_t *key) {
|
|
|
|
|
unsigned int size = 0;
|
|
|
|
|
unsigned int min = 0;
|
|
|
|
|
|
|
|
|
|
REQUIRE(key != NULL);
|
|
|
|
|
|
|
|
|
|
switch (key->algorithm) {
|
|
|
|
|
case DNS_KEYALG_RSASHA1:
|
|
|
|
|
case DNS_KEYALG_NSEC3RSASHA1:
|
|
|
|
|
case DNS_KEYALG_RSASHA256:
|
|
|
|
|
case DNS_KEYALG_RSASHA512:
|
2020-10-01 11:05:01 +02:00
|
|
|
min = (key->algorithm == DNS_KEYALG_RSASHA512) ? 1024 : 512;
|
2019-09-11 16:32:58 +02:00
|
|
|
if (key->length > -1) {
|
|
|
|
|
size = (unsigned int)key->length;
|
|
|
|
|
if (size < min) {
|
|
|
|
|
size = min;
|
|
|
|
|
}
|
|
|
|
|
if (size > 4096) {
|
|
|
|
|
size = 4096;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2019-12-05 11:16:53 +01:00
|
|
|
size = 2048;
|
2019-09-11 16:32:58 +02:00
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
case DNS_KEYALG_ECDSA256:
|
|
|
|
|
size = 256;
|
|
|
|
|
break;
|
|
|
|
|
case DNS_KEYALG_ECDSA384:
|
|
|
|
|
size = 384;
|
|
|
|
|
break;
|
|
|
|
|
case DNS_KEYALG_ED25519:
|
2020-09-30 09:57:45 +02:00
|
|
|
size = 256;
|
2019-09-11 16:32:58 +02:00
|
|
|
break;
|
|
|
|
|
case DNS_KEYALG_ED448:
|
2020-09-30 09:57:45 +02:00
|
|
|
size = 456;
|
2019-09-11 16:32:58 +02:00
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
/* unsupported */
|
|
|
|
|
break;
|
|
|
|
|
}
|
2019-11-04 12:04:52 +01:00
|
|
|
return (size);
|
2019-09-11 16:32:58 +02:00
|
|
|
}
|
|
|
|
|
|
2019-10-30 17:40:08 +01:00
|
|
|
uint32_t
|
2019-09-11 16:32:58 +02:00
|
|
|
dns_kasp_key_lifetime(dns_kasp_key_t *key) {
|
|
|
|
|
REQUIRE(key != NULL);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-09-11 16:32:58 +02:00
|
|
|
return (key->lifetime);
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-18 15:03:49 +01:00
|
|
|
dns_keystore_t *
|
2022-02-09 11:19:21 +01:00
|
|
|
dns_kasp_key_keystore(dns_kasp_key_t *key) {
|
|
|
|
|
REQUIRE(key != NULL);
|
|
|
|
|
|
|
|
|
|
return (key->keystore);
|
|
|
|
|
}
|
|
|
|
|
|
2019-09-11 16:32:58 +02:00
|
|
|
bool
|
|
|
|
|
dns_kasp_key_ksk(dns_kasp_key_t *key) {
|
|
|
|
|
REQUIRE(key != NULL);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-09-11 16:32:58 +02:00
|
|
|
return (key->role & DNS_KASP_KEY_ROLE_KSK);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool
|
|
|
|
|
dns_kasp_key_zsk(dns_kasp_key_t *key) {
|
|
|
|
|
REQUIRE(key != NULL);
|
2020-02-06 10:28:53 -08:00
|
|
|
|
2019-09-11 16:32:58 +02:00
|
|
|
return (key->role & DNS_KASP_KEY_ROLE_ZSK);
|
|
|
|
|
}
|
2020-10-13 14:39:21 +02:00
|
|
|
|
2023-08-09 14:10:32 +02:00
|
|
|
bool
|
|
|
|
|
dns_kasp_key_match(dns_kasp_key_t *key, dns_dnsseckey_t *dkey) {
|
|
|
|
|
isc_result_t ret;
|
|
|
|
|
bool role = false;
|
|
|
|
|
|
|
|
|
|
REQUIRE(key != NULL);
|
|
|
|
|
REQUIRE(dkey != NULL);
|
|
|
|
|
|
|
|
|
|
/* Matching algorithms? */
|
|
|
|
|
if (dst_key_alg(dkey->key) != dns_kasp_key_algorithm(key)) {
|
|
|
|
|
return (false);
|
|
|
|
|
}
|
|
|
|
|
/* Matching length? */
|
|
|
|
|
if (dst_key_size(dkey->key) != dns_kasp_key_size(key)) {
|
|
|
|
|
return (false);
|
|
|
|
|
}
|
|
|
|
|
/* Matching role? */
|
|
|
|
|
ret = dst_key_getbool(dkey->key, DST_BOOL_KSK, &role);
|
|
|
|
|
if (ret != ISC_R_SUCCESS || role != dns_kasp_key_ksk(key)) {
|
|
|
|
|
return (false);
|
|
|
|
|
}
|
|
|
|
|
ret = dst_key_getbool(dkey->key, DST_BOOL_ZSK, &role);
|
|
|
|
|
if (ret != ISC_R_SUCCESS || role != dns_kasp_key_zsk(key)) {
|
|
|
|
|
return (false);
|
|
|
|
|
}
|
|
|
|
|
/* Found a match. */
|
|
|
|
|
return (true);
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-13 14:39:21 +02:00
|
|
|
uint8_t
|
|
|
|
|
dns_kasp_nsec3iter(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(kasp != NULL);
|
|
|
|
|
REQUIRE(kasp->frozen);
|
|
|
|
|
REQUIRE(kasp->nsec3);
|
|
|
|
|
|
|
|
|
|
return (kasp->nsec3param.iterations);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uint8_t
|
|
|
|
|
dns_kasp_nsec3flags(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(kasp != NULL);
|
|
|
|
|
REQUIRE(kasp->frozen);
|
|
|
|
|
REQUIRE(kasp->nsec3);
|
|
|
|
|
|
|
|
|
|
if (kasp->nsec3param.optout) {
|
|
|
|
|
return (0x01);
|
|
|
|
|
}
|
|
|
|
|
return (0x00);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
uint8_t
|
|
|
|
|
dns_kasp_nsec3saltlen(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(kasp != NULL);
|
|
|
|
|
REQUIRE(kasp->frozen);
|
|
|
|
|
REQUIRE(kasp->nsec3);
|
|
|
|
|
|
|
|
|
|
return (kasp->nsec3param.saltlen);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool
|
|
|
|
|
dns_kasp_nsec3(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(kasp != NULL);
|
|
|
|
|
REQUIRE(kasp->frozen);
|
|
|
|
|
|
|
|
|
|
return kasp->nsec3;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dns_kasp_setnsec3(dns_kasp_t *kasp, bool nsec3) {
|
|
|
|
|
REQUIRE(kasp != NULL);
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
|
|
|
|
|
|
|
|
|
kasp->nsec3 = nsec3;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-23 15:02:19 +02:00
|
|
|
void
|
2020-10-13 14:39:21 +02:00
|
|
|
dns_kasp_setnsec3param(dns_kasp_t *kasp, uint8_t iter, bool optout,
|
2020-10-23 15:02:19 +02:00
|
|
|
uint8_t saltlen) {
|
2020-10-13 14:39:21 +02:00
|
|
|
REQUIRE(kasp != NULL);
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
|
|
|
|
REQUIRE(kasp->nsec3);
|
|
|
|
|
|
|
|
|
|
kasp->nsec3param.iterations = iter;
|
|
|
|
|
kasp->nsec3param.optout = optout;
|
2020-10-23 15:02:19 +02:00
|
|
|
kasp->nsec3param.saltlen = saltlen;
|
2020-10-13 14:39:21 +02:00
|
|
|
}
|
2023-02-10 15:18:36 +01:00
|
|
|
|
2024-03-22 11:48:53 +01:00
|
|
|
bool
|
|
|
|
|
dns_kasp_offlineksk(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(kasp != NULL);
|
|
|
|
|
REQUIRE(kasp->frozen);
|
|
|
|
|
|
|
|
|
|
return kasp->offlineksk;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dns_kasp_setofflineksk(dns_kasp_t *kasp, bool offlineksk) {
|
|
|
|
|
REQUIRE(kasp != NULL);
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
|
|
|
|
|
|
|
|
|
kasp->offlineksk = offlineksk;
|
|
|
|
|
}
|
|
|
|
|
|
2023-05-11 14:00:58 +02:00
|
|
|
bool
|
|
|
|
|
dns_kasp_cdnskey(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(kasp != NULL);
|
|
|
|
|
REQUIRE(kasp->frozen);
|
|
|
|
|
|
|
|
|
|
return kasp->cdnskey;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dns_kasp_setcdnskey(dns_kasp_t *kasp, bool cdnskey) {
|
|
|
|
|
REQUIRE(kasp != NULL);
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
|
|
|
|
|
|
|
|
|
kasp->cdnskey = cdnskey;
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-10 15:18:36 +01:00
|
|
|
dns_kasp_digestlist_t
|
|
|
|
|
dns_kasp_digests(dns_kasp_t *kasp) {
|
|
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(kasp->frozen);
|
|
|
|
|
|
|
|
|
|
return (kasp->digests);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
dns_kasp_adddigest(dns_kasp_t *kasp, dns_dsdigest_t alg) {
|
2023-02-13 16:11:46 +01:00
|
|
|
dns_kasp_digest_t *digest;
|
|
|
|
|
|
2023-02-10 15:18:36 +01:00
|
|
|
REQUIRE(DNS_KASP_VALID(kasp));
|
|
|
|
|
REQUIRE(!kasp->frozen);
|
|
|
|
|
|
2023-02-13 16:11:46 +01:00
|
|
|
/* Suppress unsupported algorithms */
|
|
|
|
|
if (!dst_ds_digest_supported(alg)) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Suppress duplicates */
|
|
|
|
|
for (dns_kasp_digest_t *d = ISC_LIST_HEAD(kasp->digests); d != NULL;
|
|
|
|
|
d = ISC_LIST_NEXT(d, link))
|
|
|
|
|
{
|
|
|
|
|
if (d->digest == alg) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
2023-02-10 15:18:36 +01:00
|
|
|
}
|
2023-02-13 16:11:46 +01:00
|
|
|
|
|
|
|
|
digest = isc_mem_get(kasp->mctx, sizeof(*digest));
|
|
|
|
|
digest->digest = alg;
|
|
|
|
|
ISC_LINK_INIT(digest, link);
|
|
|
|
|
ISC_LIST_APPEND(kasp->digests, digest, link);
|
2023-02-10 15:18:36 +01:00
|
|
|
}
|
