mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 23:25:38 +00:00
Code Issues Releases Wiki Activity

2709. [func] Added some data fields, currently unused, to the

Browse Source 
private key file format, to allow implementation
			of explicit key rollover in a future release
			without impairing backward or forward compatibility.
			[RT #20310]
This commit is contained in:
Evan Hunt
2009-10-09 06:09:21 +00:00
parent b05106c7e6
commit 315a1514a5
9 changed files with 156 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGES
View File

@@ -1,3 +1,9 @@
2709. [func] Added some data fields, currently unused, to the
private key file format, to allow implementation
of explicit key rollover in a future release
without impairing backward or forward compatibility.
[RT #20310]
2708. [func] Insecure to secure and NSEC3 parameter changes via 2708. [func] Insecure to secure and NSEC3 parameter changes via
update are now fully supported and no longer require update are now fully supported and no longer require
defines to enable. We now no longer overload the defines to enable. We now no longer overload the

4
bin/dnssec/dnssec-revoke.c
View File

@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: dnssec-revoke.c,v 1.14 2009/10/05 17:30:49 fdupont Exp $ */ /* $Id: dnssec-revoke.c,v 1.15 2009/10/09 06:09:21 each Exp $ */
/*! \file */ /*! \file */
@@ -105,7 +105,7 @@ main(int argc, char **argv) {
isc_commandline_errprint = ISC_FALSE; isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv, "EfK:rhv:")) != -1) { while ((ch = isc_commandline_parse(argc, argv, "E:fK:rhv:")) != -1) {
switch (ch) { switch (ch) {
case 'E': case 'E':
engine = isc_commandline_argument; engine = isc_commandline_argument;

4
bin/dnssec/dnssec-settime.c
View File

@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: dnssec-settime.c,v 1.15 2009/10/05 17:30:49 fdupont Exp $ */ /* $Id: dnssec-settime.c,v 1.16 2009/10/09 06:09:21 each Exp $ */
/*! \file */ /*! \file */
@@ -161,7 +161,7 @@ main(int argc, char **argv) {
isc_stdtime_get(&now); isc_stdtime_get(&now);
while ((ch = isc_commandline_parse(argc, argv, while ((ch = isc_commandline_parse(argc, argv,
"EfK:uhp:v:P:A:R:I:D:")) != -1) { "E:fK:uhp:v:P:A:R:I:D:")) != -1) {
switch (ch) { switch (ch) {
case 'E': case 'E':
engine = isc_commandline_argument; engine = isc_commandline_argument;

4
bin/dnssec/dnssec-signzone.c
View File

@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: dnssec-signzone.c,v 1.241 2009/10/05 17:30:49 fdupont Exp $ */ /* $Id: dnssec-signzone.c,v 1.242 2009/10/09 06:09:21 each Exp $ */
/*! \file */ /*! \file */
@@ -3424,7 +3424,7 @@ main(int argc, char *argv[]) {
isc_boolean_t set_iter = ISC_FALSE; isc_boolean_t set_iter = ISC_FALSE;
#define CMDLINE_FLAGS \ #define CMDLINE_FLAGS \
"3:AaCc:Dd:Ee:f:FghH:i:I:j:K:k:l:m:n:N:o:O:pPr:s:ST:tuUv:z" "3:AaCc:Dd:E:e:f:FghH:i:I:j:K:k:l:m:n:N:o:O:pPr:s:ST:tuUv:z"
/* /*
* Process memory debugging argument first. * Process memory debugging argument first.

35
lib/dns/dst_api.c
View File

@@ -31,7 +31,7 @@
/* /*
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.34 2009/10/05 17:30:49 fdupont Exp $ * $Id: dst_api.c,v 1.35 2009/10/09 06:09:21 each Exp $
*/ */
/*! \file */ /*! \file */
@@ -109,7 +109,7 @@ static isc_result_t frombuffer(dns_name_t *name,
static isc_result_t algorithm_status(unsigned int alg); static isc_result_t algorithm_status(unsigned int alg);
static isc_result_t addsuffix(char *filename, unsigned int len, static isc_result_t addsuffix(char *filename, int len,
const char *dirname, const char *ofilename, const char *dirname, const char *ofilename,
const char *suffix); const char *suffix);
@@ -792,6 +792,35 @@ dst_key_generate(dns_name_t *name, unsigned int alg,
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
} }
isc_result_t
dst_key_getnum(const dst_key_t *key, int type, isc_uint32_t *valuep)
{
REQUIRE(VALID_KEY(key));
REQUIRE(valuep != NULL);
REQUIRE(type <= DST_MAX_NUMERIC);
if (!key->numset[type])
return (ISC_R_NOTFOUND);
*valuep = key->nums[type];
return (ISC_R_SUCCESS);
}
void
dst_key_setnum(dst_key_t *key, int type, isc_uint32_t value)
{
REQUIRE(VALID_KEY(key));
REQUIRE(type <= DST_MAX_NUMERIC);
key->nums[type] = value;
key->numset[type] = ISC_TRUE;
}
void
dst_key_unsetnum(dst_key_t *key, int type)
{
REQUIRE(VALID_KEY(key));
REQUIRE(type <= DST_MAX_NUMERIC);
key->numset[type] = ISC_FALSE;
}
isc_result_t isc_result_t
dst_key_gettime(const dst_key_t *key, int type, isc_stdtime_t *timep) { dst_key_gettime(const dst_key_t *key, int type, isc_stdtime_t *timep) {
REQUIRE(VALID_KEY(key)); REQUIRE(VALID_KEY(key));
@@ -1499,7 +1528,7 @@ algorithm_status(unsigned int alg) {
} }
static isc_result_t static isc_result_t
addsuffix(char *filename, unsigned int len, const char *odirname, addsuffix(char *filename, int len, const char *odirname,
const char *ofilename, const char *suffix) const char *ofilename, const char *suffix)
{ {
int olen = strlen(ofilename); int olen = strlen(ofilename);

8
lib/dns/dst_internal.h
View File

@@ -29,7 +29,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: dst_internal.h,v 1.19 2009/10/05 17:30:49 fdupont Exp $ */ /* $Id: dst_internal.h,v 1.20 2009/10/09 06:09:21 each Exp $ */
#ifndef DST_DST_INTERNAL_H #ifndef DST_DST_INTERNAL_H
#define DST_DST_INTERNAL_H 1 #define DST_DST_INTERNAL_H 1
@@ -116,8 +116,10 @@ struct dst_key {
} keydata; /*%< pointer to key in crypto pkg fmt */ } keydata; /*%< pointer to key in crypto pkg fmt */
isc_stdtime_t times[DST_MAX_TIMES + 1]; /*%< key timing metadata */ isc_stdtime_t times[DST_MAX_TIMES + 1]; /*%< timing metadata */
isc_boolean_t timeset[DST_MAX_TIMES + 1]; /*%< metadata set? */ isc_boolean_t timeset[DST_MAX_TIMES + 1]; /*%< data set? */
isc_stdtime_t nums[DST_MAX_NUMERIC + 1]; /*%< numeric metadata */
isc_boolean_t numset[DST_MAX_NUMERIC + 1]; /*%< data set? */
int fmt_major; /*%< private key format, major version */ int fmt_major; /*%< private key format, major version */
int fmt_minor; /*%< private key format, minor version */ int fmt_minor; /*%< private key format, minor version */

85
lib/dns/dst_parse.c
View File

@@ -31,7 +31,7 @@
/*% /*%
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
* $Id: dst_parse.c,v 1.20 2009/09/02 06:29:01 each Exp $ * $Id: dst_parse.c,v 1.21 2009/10/09 06:09:21 each Exp $
*/ */
#include <config.h> #include <config.h>
@@ -56,14 +56,23 @@
#define PRIVATE_KEY_STR "Private-key-format:" #define PRIVATE_KEY_STR "Private-key-format:"
#define ALGORITHM_STR "Algorithm:" #define ALGORITHM_STR "Algorithm:"
#define METADATA_NTAGS 6 #define TIMING_NTAGS (DST_MAX_TIMES + 1)
static const char *metatags[METADATA_NTAGS] = { static const char *timetags[TIMING_NTAGS] = {
"Created:", "Created:",
"Publish:", "Publish:",
"Activate:", "Activate:",
"Revoke:", "Revoke:",
"Unpublish:", "Unpublish:",
"Delete:" "Delete:",
"DSPublish:"
};
#define NUMERIC_NTAGS (DST_MAX_NUMERIC + 1)
static const char *numerictags[NUMERIC_NTAGS] = {
"Predecessor:",
"Successor:",
"MaxTTL:",
"RollPeriod:"
}; };
struct parse_map { struct parse_map {
@@ -128,18 +137,6 @@ find_value(const char *s, const unsigned int alg) {
return (-1); return (-1);
} }
static int
find_metadata(const char *s) {
int i;
for (i = 0; i < METADATA_NTAGS; i++) {
if (strcasecmp(s, metatags[i]) == 0)
return (i);
}
return (-1);
}
static const char * static const char *
find_tag(const int value) { find_tag(const int value) {
int i; int i;
@@ -152,6 +149,28 @@ find_tag(const int value) {
} }
} }
static int
find_metadata(const char *s, const char *tags[], int ntags) {
int i;
for (i = 0; i < ntags; i++) {
if (strcasecmp(s, tags[i]) == 0)
return (i);
}
return (-1);
}
static int
find_timedata(const char *s) {
return (find_metadata(s, timetags, TIMING_NTAGS));
}
static int
find_numericdata(const char *s) {
return (find_metadata(s, numerictags, NUMERIC_NTAGS));
}
static int static int
check_rsa(const dst_private_t *priv) { check_rsa(const dst_private_t *priv) {
int i, j; int i, j;
@@ -420,10 +439,25 @@ dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
goto fail; goto fail;
} }
/* Key timing metadata */ /* Numeric metadata */
tag = find_metadata(DST_AS_STR(token)); tag = find_numericdata(DST_AS_STR(token));
if (tag >= 0) { if (tag >= 0) {
INSIST(tag < METADATA_NTAGS); INSIST(tag < NUMERIC_NTAGS);
NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
if (token.type != isc_tokentype_number) {
ret = DST_R_INVALIDPRIVATEKEY;
goto fail;
}
dst_key_setnum(key, tag, token.value.as_ulong);
goto next;
}
/* Timing metadata */
tag = find_timedata(DST_AS_STR(token));
if (tag >= 0) {
INSIST(tag < TIMING_NTAGS);
NEXTTOKEN(lex, opt, &token); NEXTTOKEN(lex, opt, &token);
if (token.type != isc_tokentype_string) { if (token.type != isc_tokentype_string) {
@@ -490,6 +524,7 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
char buffer[MAXFIELDSIZE * 2]; char buffer[MAXFIELDSIZE * 2];
isc_fsaccess_t access; isc_fsaccess_t access;
isc_stdtime_t when; isc_stdtime_t when;
isc_uint32_t value;
isc_buffer_t b; isc_buffer_t b;
isc_region_t r; isc_region_t r;
int major, minor; int major, minor;
@@ -587,9 +622,15 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
fprintf(fp, "\n"); fprintf(fp, "\n");
} }
/* Add the timing metadata tags */ /* Add the metadata tags */
if (major > 1 || (major == 1 && minor >= 3)) { if (major > 1 || (major == 1 && minor >= 3)) {
for (i = 0; i < METADATA_NTAGS; i++) { for (i = 0; i < NUMERIC_NTAGS; i++) {
result = dst_key_getnum(key, i, &value);
if (result != ISC_R_SUCCESS)
continue;
fprintf(fp, "%s %u\n", numerictags[i], value);
}
for (i = 0; i < TIMING_NTAGS; i++) {
result = dst_key_gettime(key, i, &when); result = dst_key_gettime(key, i, &when);
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
continue; continue;
@@ -601,7 +642,7 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
isc_buffer_usedregion(&b, &r); isc_buffer_usedregion(&b, &r);
fprintf(fp, "%s ", metatags[i]); fprintf(fp, "%s ", timetags[i]);
fwrite(r.base, 1, r.length, fp); fwrite(r.base, 1, r.length, fp);
fprintf(fp, "\n"); fprintf(fp, "\n");
} }

5
lib/dns/hmac_link.c
View File

@@ -31,7 +31,7 @@
/* /*
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
* $Id: hmac_link.c,v 1.13 2009/09/03 23:48:12 tbox Exp $ * $Id: hmac_link.c,v 1.14 2009/10/09 06:09:21 each Exp $
*/ */
#include <config.h> #include <config.h>
@@ -277,7 +277,8 @@ hmacmd5_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
UNUSED(pub); UNUSED(pub);
/* read private key file */ /* read private key file */
result = dst__privstruct_parse(key, DST_ALG_HMACMD5, lexer, mctx, &priv); result = dst__privstruct_parse(key, DST_ALG_HMACMD5, lexer, mctx,
&priv);
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
return (result); return (result);

43
lib/dns/include/dst/dst.h
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: dst.h,v 1.20 2009/10/05 17:30:49 fdupont Exp $ */ /* $Id: dst.h,v 1.21 2009/10/09 06:09:21 each Exp $ */
#ifndef DST_DST_H #ifndef DST_DST_H
#define DST_DST_H 1 #define DST_DST_H 1
@@ -86,7 +86,15 @@ typedef struct dst_context dst_context_t;
#define DST_TIME_REVOKE 3 #define DST_TIME_REVOKE 3
#define DST_TIME_INACTIVE 4 #define DST_TIME_INACTIVE 4
#define DST_TIME_DELETE 5 #define DST_TIME_DELETE 5
#define DST_MAX_TIMES 5 #define DST_TIME_DSPUBLISH 6
#define DST_MAX_TIMES 6
/* Numeric metadata definitions */
#define DST_NUM_PREDECESSOR 0
#define DST_NUM_SUCCESSOR 1
#define DST_NUM_MAXTTL 2
#define DST_NUM_ROLLPERIOD 3
#define DST_MAX_NUMERIC 3
/*** /***
*** Functions *** Functions
@@ -690,6 +698,37 @@ dst_key_setflags(dst_key_t *key, isc_uint32_t flags);
* "key" is a valid key. * "key" is a valid key.
*/ */
isc_result_t
dst_key_getnum(const dst_key_t *key, int type, isc_uint32_t *valuep);
/*%<
* Get a member of the numeric metadata array and place it in '*valuep'.
*
* Requires:
* "key" is a valid key.
* "type" is no larger than DST_MAX_NUMERIC
* "timep" is not null.
*/
void
dst_key_setnum(dst_key_t *key, int type, isc_uint32_t value);
/*%<
* Set a member of the numeric metadata array.
*
* Requires:
* "key" is a valid key.
* "type" is no larger than DST_MAX_NUMERIC
*/
void
dst_key_unsetnum(dst_key_t *key, int type);
/*%<
* Flag a member of the numeric metadata array as "not set".
*
* Requires:
* "key" is a valid key.
* "type" is no larger than DST_MAX_NUMERIC
*/
isc_result_t isc_result_t
dst_key_gettime(const dst_key_t *key, int type, isc_stdtime_t *timep); dst_key_gettime(const dst_key_t *key, int type, isc_stdtime_t *timep);
/*%< /*%<