Lines Matching refs:key

92 static isc_result_t	write_public_key(const dst_key_t *key, int type,
100 static isc_result_t computeid(dst_key_t *key);
324 dst_context_create(dst_key_t *key, isc_mem_t *mctx, dst_context_t **dctxp) {
325 return (dst_context_create4(key, mctx, DNS_LOGCATEGORY_GENERAL,
330 dst_context_create2(dst_key_t *key, isc_mem_t *mctx,
333 return (dst_context_create4(key, mctx, category, ISC_TRUE, 0, dctxp));
337 dst_context_create3(dst_key_t *key, isc_mem_t *mctx,
341 return (dst_context_create4(key, mctx, category,
346 dst_context_create4(dst_key_t *key, isc_mem_t *mctx,
354 REQUIRE(VALID_KEY(key));
358 if (key->func->createctx == NULL &&
359 key->func->createctx2 == NULL)
361 if (key->keydata.generic == NULL)
368 dst_key_attach(key, &dctx->key);
375 if (key->func->createctx2 != NULL)
376 result = key->func->createctx2(key, maxbits, dctx);
378 result = key->func->createctx(key, dctx);
380 if (dctx->key != NULL)
381 dst_key_free(&dctx->key);
397 INSIST(dctx->key->func->destroyctx != NULL);
398 dctx->key->func->destroyctx(dctx);
399 if (dctx->key != NULL)
400 dst_key_free(&dctx->key);
410 INSIST(dctx->key->func->adddata != NULL);
412 return (dctx->key->func->adddata(dctx, data));
417 dst_key_t *key;
422 key = dctx->key;
423 CHECKALG(key->key_alg);
424 if (key->keydata.generic == NULL)
427 if (key->func->sign == NULL)
429 if (key->func->isprivate == NULL ||
430 key->func->isprivate(key) == ISC_FALSE)
433 return (key->func->sign(dctx, sig));
441 CHECKALG(dctx->key->key_alg);
442 if (dctx->key->keydata.generic == NULL)
444 if (dctx->key->func->verify == NULL)
447 return (dctx->key->func->verify(dctx, sig));
457 CHECKALG(dctx->key->key_alg);
458 if (dctx->key->keydata.generic == NULL)
460 if (dctx->key->func->verify == NULL &&
461 dctx->key->func->verify2 == NULL)
464 return (dctx->key->func->verify2 != NULL ?
465 dctx->key->func->verify2(dctx, maxbits, sig) :
466 dctx->key->func->verify(dctx, sig));
495 dst_key_tofile(const dst_key_t *key, int type, const char *directory) {
499 REQUIRE(VALID_KEY(key));
502 CHECKALG(key->key_alg);
504 if (key->func->tofile == NULL)
508 ret = write_public_key(key, type, directory);
514 (key->key_flags & DNS_KEYFLAG_TYPEMASK) != DNS_KEYTYPE_NOKEY)
515 return (key->func->tofile(key, directory));
521 dst_key_setexternal(dst_key_t *key, isc_boolean_t value) {
522 key->external = value;
526 dst_key_isexternal(dst_key_t *key) {
527 return (key->external);
564 dst_key_t *key;
574 key = NULL;
581 result = dst_key_fromnamedfile(filename, directory, type, mctx, &key);
585 result = computeid(key);
589 if (!dns_name_equal(name, key->key_name) || id != key->key_id ||
590 alg != key->key_alg) {
595 *keyp = key;
599 if ((key != NULL) && (result != ISC_R_SUCCESS))
600 dst_key_free(&key);
610 dst_key_t *pubkey = NULL, *key = NULL;
621 /* If an absolute path is specified, don't use the key directory */
637 dirname, filename, ".key");
663 key = get_key_struct(pubkey->key_name, pubkey->key_alg,
666 if (key == NULL) {
671 if (key->func->parse == NULL)
688 RETERR(key->func->parse(key, lex, pubkey));
691 RETERR(computeid(key));
693 if (pubkey->key_id != key->key_id)
697 *keyp = key;
707 if (key != NULL)
708 dst_key_free(&key);
713 dst_key_todns(const dst_key_t *key, isc_buffer_t *target) {
715 REQUIRE(VALID_KEY(key));
718 CHECKALG(key->key_alg);
720 if (key->func->todns == NULL)
725 isc_buffer_putuint16(target, (isc_uint16_t)(key->key_flags & 0xffff));
726 isc_buffer_putuint8(target, (isc_uint8_t)key->key_proto);
727 isc_buffer_putuint8(target, (isc_uint8_t)key->key_alg);
729 if (key->key_flags & DNS_KEYFLAG_EXTENDED) {
733 (isc_uint16_t)((key->key_flags >> 16)
737 if (key->keydata.generic == NULL) /*%< NULL KEY */
740 return (key->func->todns(key, target));
749 dst_key_t *key = NULL;
775 mctx, &key);
778 key->key_id = id;
779 key->key_rid = rid;
781 *keyp = key;
791 dst_key_t *key = NULL;
797 mctx, &key);
801 result = computeid(key);
803 dst_key_free(&key);
807 *keyp = key;
812 dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) {
814 REQUIRE(VALID_KEY(key));
817 CHECKALG(key->key_alg);
819 if (key->func->todns == NULL)
822 return (key->func->todns(key, target));
826 dst_key_privatefrombuffer(dst_key_t *key, isc_buffer_t *buffer) {
831 REQUIRE(VALID_KEY(key));
832 REQUIRE(!dst_key_isprivate(key));
835 if (key->func->parse == NULL)
838 RETERR(isc_lex_create(key->mctx, 1500, &lex));
840 RETERR(key->func->parse(key, lex, NULL));
848 dst_key_getgssctx(const dst_key_t *key)
850 REQUIRE(key != NULL);
852 return (key->keydata.gssctx);
859 dst_key_t *key;
865 key = get_key_struct(name, DST_ALG_GSSAPI, 0, DNS_KEYPROTO_DNSSEC,
867 if (key == NULL)
875 RETERR(isc_buffer_allocate(key->mctx, &key->key_tkeytoken,
877 RETERR(isc_buffer_copyregion(key->key_tkeytoken, intoken));
880 key->keydata.gssctx = gssctx;
881 *keyp = key;
893 dst_key_t *key;
904 key = get_key_struct(name, alg, flags, protocol, bits, rdclass,
906 if (key == NULL)
909 key->keydata.generic = data;
911 result = computeid(key);
913 dst_key_free(&key);
917 *keyp = key;
927 dst_key_t *key;
938 key = get_key_struct(name, alg, flags, protocol, 0, rdclass, 0, mctx);
939 if (key == NULL)
942 if (key->func->fromlabel == NULL) {
943 dst_key_free(&key);
947 result = key->func->fromlabel(key, engine, label, pin);
949 dst_key_free(&key);
953 result = computeid(key);
955 dst_key_free(&key);
959 *keyp = key;
982 dst_key_t *key;
992 key = get_key_struct(name, alg, flags, protocol, bits,
994 if (key == NULL)
998 key->key_flags |= DNS_KEYTYPE_NOKEY;
999 *keyp = key;
1003 if (key->func->generate == NULL) {
1004 dst_key_free(&key);
1008 ret = key->func->generate(key, param, callback);
1010 dst_key_free(&key);
1014 ret = computeid(key);
1016 dst_key_free(&key);
1020 *keyp = key;
1025 dst_key_getnum(const dst_key_t *key, int type, isc_uint32_t *valuep)
1027 REQUIRE(VALID_KEY(key));
1030 if (!key->numset[type])
1032 *valuep = key->nums[type];
1037 dst_key_setnum(dst_key_t *key, int type, isc_uint32_t value)
1039 REQUIRE(VALID_KEY(key));
1041 key->nums[type] = value;
1042 key->numset[type] = ISC_TRUE;
1046 dst_key_unsetnum(dst_key_t *key, int type)
1048 REQUIRE(VALID_KEY(key));
1050 key->numset[type] = ISC_FALSE;
1054 dst_key_gettime(const dst_key_t *key, int type, isc_stdtime_t *timep) {
1055 REQUIRE(VALID_KEY(key));
1058 if (!key->timeset[type])
1060 *timep = key->times[type];
1065 dst_key_settime(dst_key_t *key, int type, isc_stdtime_t when) {
1066 REQUIRE(VALID_KEY(key));
1068 key->times[type] = when;
1069 key->timeset[type] = ISC_TRUE;
1073 dst_key_unsettime(dst_key_t *key, int type) {
1074 REQUIRE(VALID_KEY(key));
1076 key->timeset[type] = ISC_FALSE;
1080 dst_key_getprivateformat(const dst_key_t *key, int *majorp, int *minorp) {
1081 REQUIRE(VALID_KEY(key));
1084 *majorp = key->fmt_major;
1085 *minorp = key->fmt_minor;
1090 dst_key_setprivateformat(dst_key_t *key, int major, int minor) {
1091 REQUIRE(VALID_KEY(key));
1092 key->fmt_major = major;
1093 key->fmt_minor = minor;
1222 dst_key_t *key;
1228 key = *keyp;
1229 mctx = key->mctx;
1231 isc_refcount_decrement(&key->refs, &refs);
1235 isc_refcount_destroy(&key->refs);
1236 if (key->keydata.generic != NULL) {
1237 INSIST(key->func->destroy != NULL);
1238 key->func->destroy(key);
1240 if (key->engine != NULL)
1241 isc_mem_free(mctx, key->engine);
1242 if (key->label != NULL)
1243 isc_mem_free(mctx, key->label);
1244 dns_name_free(key->key_name, mctx);
1245 isc_mem_put(mctx, key->key_name, sizeof(dns_name_t));
1246 if (key->key_tkeytoken) {
1247 isc_buffer_free(&key->key_tkeytoken);
1249 isc_safe_memwipe(key, sizeof(*key));
1250 isc_mem_putanddetach(&mctx, key, sizeof(*key));
1255 dst_key_isprivate(const dst_key_t *key) {
1256 REQUIRE(VALID_KEY(key));
1257 INSIST(key->func->isprivate != NULL);
1258 return (key->func->isprivate(key));
1262 dst_key_buildfilename(const dst_key_t *key, int type,
1265 REQUIRE(VALID_KEY(key));
1269 return (buildfilename(key->key_name, key->key_id, key->key_alg,
1274 dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
1276 REQUIRE(VALID_KEY(key));
1280 switch (key->key_alg) {
1288 *n = (key->key_size + 7) / 8;
1344 dst_key_secretsize(const dst_key_t *key, unsigned int *n) {
1346 REQUIRE(VALID_KEY(key));
1350 if (key->key_alg == DST_ALG_DH)
1351 *n = (key->key_size + 7) / 8;
1361 * Set the flags on a key, then recompute the key ID
1364 dst_key_setflags(dst_key_t *key, isc_uint32_t flags) {
1365 REQUIRE(VALID_KEY(key));
1366 key->key_flags = flags;
1367 return (computeid(key));
1371 dst_key_format(const dst_key_t *key, char *cp, unsigned int size) {
1375 dns_name_format(dst_key_name(key), namestr, sizeof(namestr));
1376 dns_secalg_format((dns_secalg_t) dst_key_alg(key), algstr,
1378 snprintf(cp, size, "%s/%s/%d", namestr, algstr, dst_key_id(key));
1382 dst_key_dump(dst_key_t *key, isc_mem_t *mctx, char **buffer, int *length) {
1386 REQUIRE(VALID_KEY(key));
1388 if (key->func->dump == NULL)
1390 return (key->func->dump(key, mctx, buffer, length));
1399 dst_key_t *key;
1410 key = get_key_struct(name, alg, flags, protocol, 0, rdclass, 0, mctx);
1411 if (key == NULL)
1414 result = (dst_t_func[alg]->restore)(key, keystr);
1416 *keyp = key;
1418 dst_key_free(&key);
1428 * Allocates a key structure and fills in some of the fields.
1436 dst_key_t *key;
1440 key = (dst_key_t *) isc_mem_get(mctx, sizeof(dst_key_t));
1441 if (key == NULL)
1444 memset(key, 0, sizeof(dst_key_t));
1446 key->key_name = isc_mem_get(mctx, sizeof(dns_name_t));
1447 if (key->key_name == NULL) {
1448 isc_mem_put(mctx, key, sizeof(dst_key_t));
1452 dns_name_init(key->key_name, NULL);
1453 result = dns_name_dup(name, mctx, key->key_name);
1455 isc_mem_put(mctx, key->key_name, sizeof(dns_name_t));
1456 isc_mem_put(mctx, key, sizeof(dst_key_t));
1460 result = isc_refcount_init(&key->refs, 1);
1462 dns_name_free(key->key_name, mctx);
1463 isc_mem_put(mctx, key->key_name, sizeof(dns_name_t));
1464 isc_mem_put(mctx, key, sizeof(dst_key_t));
1467 isc_mem_attach(mctx, &key->mctx);
1468 key->key_alg = alg;
1469 key->key_flags = flags;
1470 key->key_proto = protocol;
1471 key->keydata.generic = NULL;
1472 key->key_size = bits;
1473 key->key_class = rdclass;
1474 key->key_ttl = ttl;
1475 key->func = dst_t_func[alg];
1476 key->fmt_major = 0;
1477 key->fmt_minor = 0;
1479 key->times[i] = 0;
1480 key->timeset[i] = ISC_FALSE;
1482 key->inactive = ISC_FALSE;
1483 key->magic = KEY_MAGIC;
1484 return (key);
1488 dst_key_inactive(const dst_key_t *key) {
1490 REQUIRE(VALID_KEY(key));
1492 return (key->inactive);
1496 dst_key_setinactive(dst_key_t *key, isc_boolean_t inactive) {
1498 REQUIRE(VALID_KEY(key));
1500 key->inactive = inactive;
1504 * Reads a public key from disk
1527 * domain.name [ttl] [class] [KEY|DNSKEY] <flags> <protocol> <algorithm> <key>
1530 /* 1500 should be large enough for any key */
1563 * We don't support "@" in .key files.
1630 issymmetric(const dst_key_t *key) {
1632 REQUIRE(VALID_KEY(key));
1635 switch (key->key_alg) {
1672 * Write key timing metadata to a file pointer, preceded by 'tag'
1675 printtime(const dst_key_t *key, int type, const char *tag, FILE *stream) {
1688 result = dst_key_gettime(key, type, &when);
1721 * Writes a public key to disk in DNS format.
1724 write_public_key(const dst_key_t *key, int type, const char *directory) {
1736 REQUIRE(VALID_KEY(key));
1742 ret = dst_key_todns(key, &keyb);
1747 dns_rdata_fromregion(&rdata, key->key_class, dns_rdatatype_dnskey, &r);
1753 ret = dns_rdataclass_totext(key->key_class, &classb);
1761 ret = dst_key_buildfilename(key, DST_TYPE_PUBLIC, directory, &fileb);
1766 * Create public key file.
1771 if (issymmetric(key)) {
1779 /* Write key information in comments */
1781 fprintf(fp, "; This is a %s%s-signing key, keyid %d, for ",
1782 (key->key_flags & DNS_KEYFLAG_REVOKE) != 0 ?
1785 (key->key_flags & DNS_KEYFLAG_KSK) != 0 ?
1786 "key" :
1788 key->key_id);
1789 ret = dns_name_print(key->key_name, fp);
1796 printtime(key, DST_TIME_CREATED, "; Created", fp);
1797 printtime(key, DST_TIME_PUBLISH, "; Publish", fp);
1798 printtime(key, DST_TIME_ACTIVATE, "; Activate", fp);
1799 printtime(key, DST_TIME_REVOKE, "; Revoke", fp);
1800 printtime(key, DST_TIME_INACTIVE, "; Inactive", fp);
1801 printtime(key, DST_TIME_DELETE, "; Delete", fp);
1802 printtime(key, DST_TIME_SYNCPUBLISH , "; SyncPublish", fp);
1803 printtime(key, DST_TIME_SYNCDELETE , "; SyncDelete", fp);
1806 /* Now print the actual key */
1807 ret = dns_name_print(key->key_name, fp);
1810 if (key->key_ttl != 0)
1811 fprintf(fp, "%d ", key->key_ttl);
1848 suffix = ".key";
1875 computeid(dst_key_t *key) {
1882 ret = dst_key_todns(key, &dnsbuf);
1887 key->key_id = dst_region_computeid(&r, key->key_alg);
1888 key->key_rid = dst_region_computerid(&r, key->key_alg);
1897 dst_key_t *key;
1905 key = get_key_struct(name, alg, flags, protocol, 0, rdclass, 0, mctx);
1906 if (key == NULL)
1912 dst_key_free(&key);
1915 if (key->func->fromdns == NULL) {
1916 dst_key_free(&key);
1920 ret = key->func->fromdns(key, source);
1922 dst_key_free(&key);
1927 *keyp = key;
1962 else if (olen > 4 && strcmp(ofilename + olen - 4, ".key") == 0)
2030 dst_key_tkeytoken(const dst_key_t *key) {
2031 REQUIRE(VALID_KEY(key));
2032 return (key->key_tkeytoken);