dst_api.c revision 63bf060be4ff2a7ade02fd86abb98694a5afc250
784a904bd06c7492361ed09a882d10c636b1291bAutomatic Updater * Portions Copyright (c) 1995-1999 by Network Associates, Inc.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * Permission to use, copy modify, and distribute this software for any
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater * purpose with or without fee is hereby granted, provided that the above
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * copyright notice and this permission notice appear in all copies.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * THE SOFTWARE IS PROVIDED "AS IS" AND NETWORK ASSOCIATES
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * NETWORK ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT,
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein * Principal Author: Brian Wellington
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein * $Id: dst_api.c,v 1.27 2000/04/12 15:52:11 bwelling Exp $
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley#define VALID_KEY(key) (key != NULL && key->magic == KEY_MAGIC)
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley/* Static functions */
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halleystatic void initialize(void);
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halleystatic dst_key_t * get_key_struct(const char *name, const int alg,
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halleystatic isc_result_t read_public_key(const char *name,
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halleystatic isc_result_t write_public_key(const dst_key_t *key);
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence * dst_supported_algorithm
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * This function determines if the crypto system for the specified
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * algorithm is present.
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * Parameters
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * alg The algorithm to test
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * ISC_TRUE The algorithm is available.
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * ISC_FALSE The algorithm is not available.
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley if (alg >= DST_MAX_ALGS || dst_t_func[alg] == NULL)
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * An incremental signing function. Data is signed in steps.
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * First the context must be initialized (DST_SIGMODE_INIT).
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * Then data is hashed (DST_SIGMODE_UPDATE). Finally the signature
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * itself is created (DST_SIGMODE_FINAL). This function can be called
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * once with DST_SIGMODE_ALL set, or it can be called separately
7cd4c3ddd1baf5f2b204562fdba3da37c716cc78Andreas Gustafsson * for each step. The UPDATE step may be repeated.
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * Parameters
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * mode A bit mask specifying operation(s) to be performed.
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * DST_SIGMODE_INIT Initialize digest
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * DST_SIGMODE_UPDATE Add data to digest
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * DST_SIGMODE_FINAL Generate signature
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * DST_SIGMODE_ALL Perform all operations
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * key The private key used to sign the data
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * context The state of the operation
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * data The data to be signed.
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * sig The buffer to which the signature will be written.
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * ISC_R_SUCCESS Success
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * !ISC_R_SUCCESS Failure
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halleydst_sign(const unsigned int mode, dst_key_t *key, dst_context_t *context,
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley if (dst_supported_algorithm(key->key_alg) == ISC_FALSE)
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley return (key->func->sign(mode, key, (void **)context, data, sig,
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * dst_verify
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * An incremental verify function. Data is verified in steps.
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * First the context must be initialized (DST_SIGMODE_INIT).
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * Then data is hashed (DST_SIGMODE_UPDATE). Finally the signature
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * is verified (DST_SIGMODE_FINAL). This function can be called
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * once with DST_SIGMODE_ALL set, or it can be called separately
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * for each step. The UPDATE step may be repeated.
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * Parameters
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * mode A bit mask specifying operation(s) to be performed.
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * DST_SIGMODE_INIT Initialize digest
7cd4c3ddd1baf5f2b204562fdba3da37c716cc78Andreas Gustafsson * DST_SIGMODE_UPDATE Add data to digest
66b2f0d4bfa342770aa5e26a005a0c0ec5071231Bob Halley * DST_SIGMODE_FINAL Verify signature
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence * DST_SIGMODE_ALL Perform all operations
4607e7a9b8dfb1b41c70e51c2b603daaf22cf302Mark Andrews * key The public key used to verify the signature.
4607e7a9b8dfb1b41c70e51c2b603daaf22cf302Mark Andrews * context The state of the operation
4607e7a9b8dfb1b41c70e51c2b603daaf22cf302Mark Andrews * data The data to be digested.
4607e7a9b8dfb1b41c70e51c2b603daaf22cf302Mark Andrews * sig The signature.
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * ISC_R_SUCCESS Success
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley * !ISC_R_SUCCESS Failure
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halleydst_verify(const unsigned int mode, dst_key_t *key, dst_context_t *context,
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
66b2f0d4bfa342770aa5e26a005a0c0ec5071231Bob Halley if (dst_supported_algorithm(key->key_alg) == ISC_FALSE)
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley return (key->func->verify(mode, key, (void **)context, data, sig,
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley * dst_digest
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * An incremental digest function. Data is digested in steps.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * First the context must be initialized (DST_SIGMODE_INIT).
fbe2cff19f5cddc67b967764ad95038dfcafc85aEvan Hunt * Then data is hashed (DST_SIGMODE_UPDATE). Finally the digest
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley * is generated (DST_SIGMODE_FINAL). This function can be called
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington * once with DST_SIGMODE_ALL set, or it can be called separately
b5fff54fe9335b20c02d749831fc0eaeda97198fBrian Wellington * for each step. The UPDATE step may be repeated.
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * Parameters
32f985bcf464816d3a8700185afdebb122cb4cecMark Andrews * mode A bit mask specifying operation(s) to be performed.
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley * DST_SIGMODE_INIT Initialize digest
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley * DST_SIGMODE_UPDATE Add data to digest
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley * DST_SIGMODE_FINAL Complete digest
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley * DST_SIGMODE_ALL Perform all operations
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley * alg The digest algorithm to use
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley * context The state of the operation
e0df061f35a26d2bbd0986aa889f88b3710b32d4Bob Halley * data The data to be digested.
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * sig The sdigest.
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * ISC_R_SUCCESS Success
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * !ISC_R_SUCCESS Failure
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrewsdst_digest(const unsigned int mode, const unsigned int alg,
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews dst_context_t *context, isc_region_t *data, isc_buffer_t *digest)
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley return (dst_s_md5(mode, context, data, digest, dst_memory_pool));
55254a46f91419b92eee0d20dfb958e8dd52526cBob Halley * dst_computesecret
55254a46f91419b92eee0d20dfb958e8dd52526cBob Halley * A function to compute a shared secret from two (Diffie-Hellman) keys.
55254a46f91419b92eee0d20dfb958e8dd52526cBob Halley * Parameters
55254a46f91419b92eee0d20dfb958e8dd52526cBob Halley * pub The public key
55254a46f91419b92eee0d20dfb958e8dd52526cBob Halley * priv The private key
55254a46f91419b92eee0d20dfb958e8dd52526cBob Halley * secret A buffer into which the secret is written
c1ee8bb4ba3e9ab1463403ed685729631de406b1Mark Andrews * ISC_R_SUCCESS Success
55254a46f91419b92eee0d20dfb958e8dd52526cBob Halley * !ISC_R_SUCCESS Failure
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halleydst_computesecret(const dst_key_t *pub, const dst_key_t *priv,
4e142a5bccd2944174ad9ae58d86cf03e170054dBob Halley RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
1f1d36a87b65186d9f89aac7f456ab1fd2a39ef6Andreas Gustafsson REQUIRE(VALID_KEY(pub) && VALID_KEY(priv));
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Hunt if (dst_supported_algorithm(pub->key_alg) == ISC_FALSE ||
421e4cf66e4cba0b0751a34a9c027e39fe0474f9Mark Andrews dst_supported_algorithm(priv->key_alg) == ISC_FALSE)
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews if (pub->opaque == NULL || priv->opaque == NULL)
c03bb27f0675a6e60ceea66b451548e8481bc05cMark Andrews return (pub->func->computesecret(pub, priv, secret));
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * dst_key_tofile
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * Writes a key to disk. The key can either be a public or private key.
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * The public key is written in DNS format and the private key is
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * written as a set of base64 encoded values.
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * Parameters
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * key The key to be written.
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * type Either DST_PUBLIC or DST_PRIVATE, or both
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * ISC_R_SUCCESS Success
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * !ISC_R_SUCCESS Failure
6de9744cf9c64be2145f663e4051196a4eaa9d45Evan Huntdst_key_tofile(const dst_key_t *key, const int type) {
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews if (dst_supported_algorithm(key->key_alg) == ISC_FALSE)
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews if ((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) == 0)
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley if ((ret = write_public_key(key)) != ISC_R_SUCCESS)
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews (key->key_flags & DNS_KEYFLAG_TYPEMASK) != DNS_KEYTYPE_NOKEY)
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * dst_key_fromfile
368b37b616234fce3d23099eb180f1dd38e1fb62Mark Andrews * Reads a key from disk. The key can either be a public or private
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * key, and is specified by name, algorithm, and id.
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * name The key name.
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * id The id of the key.
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * alg The algorithm of the key.
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * type Either DST_PUBLIC or DST_PRIVATE
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * mctx Memory context used to allocate key structure
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * keyp Returns the new key
b2ca6fd3a8293440b4d263723525396059cf2400Brian Wellington * ISC_R_SUCCESS Success
84185d19c7a9ef1ac23cc6236c8773697d4efeb1Brian Wellington * !ISC_R_SUCCESS Failure
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halleydst_key_fromfile(const char *name, const isc_uint16_t id, const int alg,
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley const int type, isc_mem_t *mctx, dst_key_t **keyp)
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
8569ab045a4cf6ecd1b5a3354ddb1c93ef34ea57Brian Wellington if (dst_supported_algorithm(alg) == ISC_FALSE)
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley if ((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) == 0)
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley ret = read_public_key(name, id, alg, mctx, &pubkey);
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley if (ret == ISC_R_NOTFOUND && (type & DST_TYPE_PUBLIC) == 0)
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence (pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) ==
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley key = get_key_struct(name, pubkey->key_alg, pubkey->key_flags,
c866769e664ba0a6a5e6f9375245f5ccca393009David Lawrence /* Fill in private key and some fields in the general key structure */
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * dst_key_todns
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * Function to encode a public key into DNS KEY format
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * Parameters
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * key Key structure to encode.
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * target Buffer to write the encoded key into.
c866769e664ba0a6a5e6f9375245f5ccca393009David Lawrence * ISC_R_SUCCESS Success
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halley * !ISC_R_SUCCESS Failure
948eabe2a254a8a278ef6325f3790e75329ee656Bob Halleydst_key_todns(const dst_key_t *key, isc_buffer_t *target) {
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews if (dst_supported_algorithm(key->key_alg) == ISC_FALSE)
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews isc_buffer_putuint16(target, (isc_uint16_t)(key->key_flags & 0xffff));
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews isc_buffer_putuint8(target, (isc_uint8_t)key->key_proto);
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews isc_buffer_putuint8(target, (isc_uint8_t)key->key_alg);
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * dst_key_fromdns
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * This function converts the contents of a DNS KEY RR into a key
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * name Name of the new key
80b782f356f0692c11b4e52e8dd46ec41704e5a2Mark Andrews * source A buffer containing the KEY RR
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * mctx The memory context used to allocate the key
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * keyp Returns the new key
80b782f356f0692c11b4e52e8dd46ec41704e5a2Mark Andrews * ISC_R_SUCCESS Success
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * !ISC_R_SUCCESS Failure
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrewsdst_key_fromdns(const char *name, isc_buffer_t *source, isc_mem_t *mctx,
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews if (r.length < 4) /* 2 bytes of flags, 1 proto, 1 alg */
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews *keyp = get_key_struct(name, alg, flags, proto, 0, mctx);
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews ret = (*keyp)->func->from_dns(*keyp, source, mctx);
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * dst_key_frombuffer
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * Function to convert raw data into a public key. The raw data format
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * is basically DNS KEY rdata format.
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * Parameters
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * name The key name
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * alg The algorithm
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * flags The key's flags
7ac0df532272d803c3f72ff7a109587e92622f5aMark Andrews * protocol The key's protocol
7ac0df532272d803c3f72ff7a109587e92622f5aMark Andrews * source A buffer containing the key
d0eb2cc33c5db3366a16b1cb0abcca6ec7c8ee3cTatuya JINMEI 神明達哉 * mctx The memory context used to allocate the key
d0eb2cc33c5db3366a16b1cb0abcca6ec7c8ee3cTatuya JINMEI 神明達哉 * keyp Returns the new key
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * ISC_R_SUCCESS Success
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * !ISC_R_SUCCESS Failure
7ac0df532272d803c3f72ff7a109587e92622f5aMark Andrewsdst_key_frombuffer(const char *name, const int alg, const int flags,
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews const int protocol, isc_buffer_t *source, isc_mem_t *mctx,
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews *keyp = get_key_struct(name, alg, flags, protocol, 0, mctx);
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews ret = (*keyp)->func->from_dns((*keyp), source, mctx);
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * dst_key_tobuffer
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * Function to convert a public key into raw data. The raw data format
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * is basically DNS KEY rdata format.
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * Parameters
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * key The key
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * target The buffer to be written into.
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * ISC_R_SUCCESS Success
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * !ISC_R_SUCCESS Failure
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrewsdst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) {
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews if (dst_supported_algorithm(key->key_alg) == ISC_FALSE)
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * dst_key_generate
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * Generate a public/private keypair.
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * Parameters
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * name Name of the new key. Used to create key files
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * K<name>+<alg>+<id>.public
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * K<name>+<alg>+<id>.private
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * alg The algorithm to use
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * bits Size of the new key in bits
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * param Algorithm specific
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * RSA: exponent
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * 0 use exponent 3
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * !0 use Fermat4 (2^16 + 1)
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * DH: generator
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * 0 default - use well-known prime if bits == 768
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * or 1024, otherwise use generator 2
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * !0 use this value as the generator
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * flags The default value of the DNS Key flags.
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * protocol Default value of the DNS Key protocol field.
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * mctx The memory context used to allocate the key
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * keyp Returns the new key
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * ISC_R_SUCCESS Success
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * !ISC_R_SUCCESS Failure
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrewsdst_key_generate(const char *name, const int alg, const int bits,
515c7f3c43f76d7b439905b18009105364b36100Automatic Updater const int exp, const int flags, const int protocol,
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews *keyp = get_key_struct(name, alg, flags, protocol, bits, mctx);
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews ret = (*keyp)->func->generate(*keyp, exp, mctx);
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * dst_key_compare
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * Compares two keys for equality.
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * Parameters
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * key1, key2 Two keys to be compared.
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * ISC_TRUE The keys are equal.
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * ISC_FALSE The keys are not equal.
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrewsdst_key_compare(const dst_key_t *key1, const dst_key_t *key2) {
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * dst_key_paramcompare
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * Compares two keys' parameters for equality. This is designed to
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * determine if two (Diffie-Hellman) keys can be used to derive a shared
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * Parameters
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * key1, key2 Two keys whose parameters are to be compared.
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * ISC_TRUE The keys' parameters are equal.
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews * ISC_FALSE The keys' parameters are not equal.
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrewsdst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
b335299322e50f045f10e4636262cd2f8d407a8bMark Andrews key1->func->paramcompare(key1, key2) == ISC_TRUE)
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * dst_key_free
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * Release all data structures pointed to by a key structure.
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * Parameters
ff30cdeb783ca7ffe69b222c56197828e882c229Mark Andrews * key Key structure to be freed.
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews RUNTIME_CHECK(isc_once_do(&once, initialize) == ISC_R_SUCCESS);
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews if ((key->key_flags & DNS_KEYTYPE_NOAUTH) != 0)
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews if ((key->key_flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE)
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * dst_sig_size
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * Computes the maximum size of a signature generated by the given key
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * Parameters
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * key The DST key
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * n Stores the number of bytes necessary to hold a signature
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews * with the key.
case DST_ALG_RSA:
case DST_ALG_DSA:
*n = DNS_SIG_DSASIGSIZE;
case DST_ALG_HMACMD5:
case DST_ALG_HMACSHA1:
case DST_ALG_DH:
return (DST_R_UNSUPPORTEDALG);
return (ISC_R_SUCCESS);
case DST_ALG_DH:
case DST_ALG_RSA:
case DST_ALG_DSA:
case DST_ALG_HMACMD5:
case DST_ALG_HMACSHA1:
return (DST_R_UNSUPPORTEDALG);
return (ISC_R_SUCCESS);
isc_region_t r;
int status;
return (ISC_R_NOSPACE);
if (status == 0)
return (DST_R_NORANDOMNESS);
return (ISC_R_SUCCESS);
initialize() {
#ifdef OPENSSL
if (RAND_status() == 0) {
while (RAND_status() == 0) {
static dst_key_t *
return (NULL);
return (NULL);
return (NULL);
return (key);
static isc_result_t
isc_buffer_t b;
return (DST_R_NAMETOOLONG);
return (ISC_R_NOMEMORY);
goto cleanup;
goto cleanup; \
#define BADTOKEN() { \
goto cleanup; \
BADTOKEN();
BADTOKEN();
BADTOKEN();
goto cleanup;
goto cleanup;
return (ISC_R_SUCCESS);
return (ret);
static isc_result_t
isc_region_t r;
return (ret);
return (DST_R_INVALIDPUBLICKEY);
return (DST_R_NAMETOOLONG);
return (DST_R_WRITEERROR);
return (ISC_R_SUCCESS);
p = NULL;
if (size > 0) {