mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 10:10:06 +00:00
Code Issues Releases Wiki Activity
bind/lib/dns/key.c
Ondřej Surý 841b25fb62
Cleanup the DST cryptographic API 
The DST API has been cleaned up, duplicate functions has been squashed
into single call (verify and verify2 functions), and couple of unused
functions have been completely removed (createctx2, computesecret,
paramcompare, and cleanup).
2025-05-20 09:52:35 +02:00

239 lines
4.6 KiB
C
Raw Permalink Blame History

/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
#include <inttypes.h>
#include <stdbool.h>
#include <stddef.h>
#include <stdlib.h>
#include <isc/mem.h>
#include <isc/region.h>
#include <isc/util.h>
#include <dns/keyvalues.h>
#include <dst/dst.h>
#include "dst_internal.h"
uint16_t
dst_region_computeid(const isc_region_t *source) {
uint32_t ac;
const unsigned char *p;
int size;
REQUIRE(source != NULL);
REQUIRE(source->length >= 4);
p = source->base;
size = source->length;
for (ac = 0; size > 1; size -= 2, p += 2) {
ac += ((*p) << 8) + *(p + 1);
}
if (size > 0) {
ac += ((*p) << 8);
}
ac += (ac >> 16) & 0xffff;
return (uint16_t)(ac & 0xffff);
}
uint16_t
dst_region_computerid(const isc_region_t *source) {
uint32_t ac;
const unsigned char *p;
int size;
REQUIRE(source != NULL);
REQUIRE(source->length >= 4);
p = source->base;
size = source->length;
ac = ((*p) << 8) + *(p + 1);
ac |= DNS_KEYFLAG_REVOKE;
for (size -= 2, p += 2; size > 1; size -= 2, p += 2) {
ac += ((*p) << 8) + *(p + 1);
}
if (size > 0) {
ac += ((*p) << 8);
}
ac += (ac >> 16) & 0xffff;
return (uint16_t)(ac & 0xffff);
}
dns_name_t *
dst_key_name(const dst_key_t *key) {
REQUIRE(VALID_KEY(key));
return key->key_name;
}
unsigned int
dst_key_size(const dst_key_t *key) {
REQUIRE(VALID_KEY(key));
return key->key_size;
}
unsigned int
dst_key_alg(const dst_key_t *key) {
REQUIRE(VALID_KEY(key));
return key->key_alg;
}
uint32_t
dst_key_flags(const dst_key_t *key) {
REQUIRE(VALID_KEY(key));
return key->key_flags;
}
dns_keytag_t
dst_key_id(const dst_key_t *key) {
REQUIRE(VALID_KEY(key));
return key->key_id;
}
dns_keytag_t
dst_key_rid(const dst_key_t *key) {
REQUIRE(VALID_KEY(key));
return key->key_rid;
}
dns_rdataclass_t
dst_key_class(const dst_key_t *key) {
REQUIRE(VALID_KEY(key));
return key->key_class;
}
const char *
dst_key_directory(const dst_key_t *key) {
REQUIRE(VALID_KEY(key));
return key->directory;
}
bool
dst_key_iszonekey(const dst_key_t *key) {
REQUIRE(VALID_KEY(key));
if ((key->key_flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE) {
return false;
}
if (key->key_proto != DNS_KEYPROTO_DNSSEC &&
key->key_proto != DNS_KEYPROTO_ANY)
{
return false;
}
return true;
}
#define REVOKE(x) ((dst_key_flags(x) & DNS_KEYFLAG_REVOKE) != 0)
#define KSK(x) ((dst_key_flags(x) & DNS_KEYFLAG_KSK) != 0)
#define ID(x) dst_key_id(x)
#define ALG(x) dst_key_alg(x)
bool
dst_key_have_ksk_and_zsk(dst_key_t **keys, unsigned int nkeys, unsigned int i,
bool check_offline, bool ksk, bool zsk, bool *have_ksk,
bool *have_zsk) {
bool hksk = ksk;
bool hzsk = zsk;
isc_result_t result;
REQUIRE(keys != NULL);
for (unsigned int j = 0; j < nkeys && !(hksk && hzsk); j++) {
if (j == i || ALG(keys[i]) != ALG(keys[j])) {
continue;
}
/*
* Don't consider inactive keys.
*/
if (dst_key_inactive(keys[j])) {
continue;
}
/*
* Don't consider offline keys.
*/
if (check_offline && !dst_key_isprivate(keys[j])) {
continue;
}
if (REVOKE(keys[j])) {
continue;
}
if (!hksk) {
result = dst_key_getbool(keys[j], DST_BOOL_KSK, &hksk);
if (result != ISC_R_SUCCESS) {
if (KSK(keys[j])) {
hksk = true;
}
}
}
if (!hzsk) {
result = dst_key_getbool(keys[j], DST_BOOL_ZSK, &hzsk);
if (result != ISC_R_SUCCESS) {
if (!KSK(keys[j])) {
hzsk = dst_key_isprivate(keys[j]);
}
}
}
}
SET_IF_NOT_NULL(have_ksk, hksk);
SET_IF_NOT_NULL(have_zsk, hzsk);
return hksk && hzsk;
}
void
dst_key_setbits(dst_key_t *key, uint16_t bits) {
unsigned int maxbits;
REQUIRE(VALID_KEY(key));
if (bits != 0) {
RUNTIME_CHECK(dst_key_sigsize(key, &maxbits) == ISC_R_SUCCESS);
maxbits *= 8;
REQUIRE(bits <= maxbits);
}
key->key_bits = bits;
}
uint16_t
dst_key_getbits(const dst_key_t *key) {
REQUIRE(VALID_KEY(key));
return key->key_bits;
}
void
dst_key_setttl(dst_key_t *key, dns_ttl_t ttl) {
REQUIRE(VALID_KEY(key));
key->key_ttl = ttl;
}
dns_ttl_t
dst_key_getttl(const dst_key_t *key) {
REQUIRE(VALID_KEY(key));
return key->key_ttl;
}
void
dst_key_setdirectory(dst_key_t *key, const char *dir) {
if (key->directory != NULL) {
isc_mem_free(key->mctx, key->directory);
}
key->directory = isc_mem_strdup(key->mctx, dir);
}
/*! \file */
Reference in New Issue View Git Blame Copy Permalink