Lines Matching refs:ksk
65 static dki_t *genkey (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)
72 if ( ksk )
82 static dki_t *genkey2 (dki_t **listp, const char *dir, const char *domain, int ksk, const zconf_t *conf, int status)
89 if ( ksk )
224 static int kskrollover (dki_t *ksk, zone_t *zonelist, zone_t *zp)
238 assert ( ksk != NULL );
242 /* check ksk lifetime */
243 if ( (lifetime = dki_lifetime (ksk)) == 0 ) /* if lifetime of key is not set.. */
247 age = dki_age (ksk, currtime);
252 /* check if we have to change the ksk ? */
260 ksk = genkey (&zp->keys, zp->dir, zp->zone, DKI_KSK, z, DKI_ACTIVE);
261 if ( ksk == NULL )
263 lg_mesg (LG_ERROR, "\"%s\": unable to generate new ksk for double signing rollover", zp->zone);
266 lg_mesg (LG_INFO, "\"%s\": kskrollover phase1: New key %d generated", zp->zone, ksk->tag);
268 /* find the oldest active ksk to create the parent file */
269 if ( (ksk = (dki_t *)dki_findalgo (zp->keys, DKI_KSK, zp->conf->k_algo, 'a', 1)) == NULL )
271 if ( !create_parent_file (path, 1, z->key_ttl, ksk) )
278 ksk->tag, str_delspace (age2str (age)));
280 zp->zone, ksk->tag, str_delspace (age2str (age - lifetime)));
291 /* check the ksk rollover phase we are in */
302 case 1: /* we are currently in state one (new ksk already generated) */
305 verbmesg (2, z, "\t\tkskrollover: save new ksk in parent file\n");
306 ksk = ksk->next; /* set ksk to new ksk */
307 if ( !create_parent_file (path, currphase+1, z->key_ttl, ksk) )
309 lg_mesg (LG_INFO, "\"%s\": kskrollover phase2: send new key %d to the parent zone", zp->zone, ksk->tag);
326 zp->keys = dki_remove (ksk);
330 ksk->name, ksk->algo, ksk->tag);
331 lg_mesg (LG_INFO, "\"%s\": kskrollover phase3: Remove old key %d", zp->zone, ksk->tag);
463 ** Check the ksk status of a zone if a ksk lifetime is set.
498 else /* try to start a full automated ksk rollover */
504 /* check for ksk supporting the additional algorithm */