DNSSECPrivateKey dpk;
DNSKEYRecordContent dkrc;
- dpk.setKey(shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content)));
+ auto key = shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content));
+ dpk.setKey(key);
dpk.d_flags = kd.flags;
dpk.d_algorithm = dkrc.d_algorithm;
for(const DNSBackend::KeyData &keydata : dbkeyset) {
DNSSECPrivateKey dpk;
DNSKEYRecordContent dkrc;
-
- dpk.setKey(shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(dkrc, keydata.content)));
+ auto key = shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(dkrc, keydata.content));
+ dpk.setKey(key);
if(keydata.active) {
if(keydata.flags == 257)
{
DNSSECPrivateKey dpk;
DNSKEYRecordContent dkrc;
-
- dpk.setKey(shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content)));
+ auto key = shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content));
+ dpk.setKey(key);
dpk.d_flags = kd.flags;
dpk.d_algorithm = dkrc.d_algorithm;
for(const DNSBackend::KeyData &keydata : dbkeyset) {
DNSKEYRecordContent dkrc;
- shared_ptr<DNSCryptoKeyEngine> dke(DNSCryptoKeyEngine::makeFromISCString(dkrc, keydata.content));
+ auto dke = DNSCryptoKeyEngine::makeFromISCString(dkrc, keydata.content);
retval = dke->checkKey(errorMessages) && retval;
}
void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) override
{}
- static std::shared_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
+ static std::unique_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
{
- return std::make_shared<DecafED25519DNSCryptoKeyEngine>(algorithm);
+ return make_unique<DecafED25519DNSCryptoKeyEngine>(algorithm);
}
private:
void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) override
{}
- static std::shared_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
+ static std::unique_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
{
- return std::make_shared<DecafED448DNSCryptoKeyEngine>(algorithm);
+ return make_unique<DecafED448DNSCryptoKeyEngine>(algorithm);
}
private:
using namespace boost::assign;
-shared_ptr<DNSCryptoKeyEngine> DNSCryptoKeyEngine::makeFromISCFile(DNSKEYRecordContent& drc, const char* fname)
+std::unique_ptr<DNSCryptoKeyEngine> DNSCryptoKeyEngine::makeFromISCFile(DNSKEYRecordContent& drc, const char* fname)
{
string sline, isc;
auto fp = std::unique_ptr<FILE, int(*)(FILE*)>(fopen(fname, "r"), fclose);
}
fp.reset();
- shared_ptr<DNSCryptoKeyEngine> dke = makeFromISCString(drc, isc);
+ auto dke = makeFromISCString(drc, isc);
vector<string> checkKeyErrors;
if(!dke->checkKey(&checkKeyErrors)) {
return dke;
}
-shared_ptr<DNSCryptoKeyEngine> DNSCryptoKeyEngine::makeFromISCString(DNSKEYRecordContent& drc, const std::string& content)
+std::unique_ptr<DNSCryptoKeyEngine> DNSCryptoKeyEngine::makeFromISCString(DNSKEYRecordContent& drc, const std::string& content)
{
bool pkcs11=false;
int algorithm = 0;
B64Decode(value, raw);
stormap[toLower(key)]=raw;
}
- shared_ptr<DNSCryptoKeyEngine> dpk;
+ std::unique_ptr<DNSCryptoKeyEngine> dpk;
if (pkcs11) {
#ifdef HAVE_P11KIT1
throw PDNSException("Cannot load PKCS#11 key without support for it");
#endif
} else {
- dpk=make(algorithm);
+ dpk = make(algorithm);
}
dpk->fromISCMap(drc, stormap);
return dpk;
return ret.str();
}
-shared_ptr<DNSCryptoKeyEngine> DNSCryptoKeyEngine::make(unsigned int algo)
+std::unique_ptr<DNSCryptoKeyEngine> DNSCryptoKeyEngine::make(unsigned int algo)
{
const makers_t& makers = getMakers();
makers_t::const_iterator iter = makers.find(algo);
- if(iter != makers.cend())
+ if (iter != makers.cend())
return (iter->second)(algo);
else {
throw runtime_error("Request to create key object for unknown algorithm number "+std::to_string(algo));
{
vector<pair<uint8_t, string>> ret;
for (auto const& value : getMakers()) {
- shared_ptr<DNSCryptoKeyEngine> dcke(value.second(value.first));
+ auto dcke = value.second(value.first);
ret.push_back(make_pair(value.first, dcke->getName()));
}
return ret;
void DNSCryptoKeyEngine::testMakers(unsigned int algo, maker_t* creator, maker_t* signer, maker_t* verifier)
{
- shared_ptr<DNSCryptoKeyEngine> dckeCreate(creator(algo));
- shared_ptr<DNSCryptoKeyEngine> dckeSign(signer(algo));
- shared_ptr<DNSCryptoKeyEngine> dckeVerify(verifier(algo));
+ auto dckeCreate = creator(algo);
+ auto dckeSign = signer(algo);
+ auto dckeVerify = verifier(algo);
cerr<<"Testing algorithm "<<algo<<": '"<<dckeCreate->getName()<<"' ->'"<<dckeSign->getName()<<"' -> '"<<dckeVerify->getName()<<"' ";
unsigned int bits;
}
}
-shared_ptr<DNSCryptoKeyEngine> DNSCryptoKeyEngine::makeFromPublicKeyString(unsigned int algorithm, const std::string& content)
+std::unique_ptr<DNSCryptoKeyEngine> DNSCryptoKeyEngine::makeFromPublicKeyString(unsigned int algorithm, const std::string& content)
{
- shared_ptr<DNSCryptoKeyEngine> dpk=make(algorithm);
+ auto dpk = make(algorithm);
dpk->fromPublicKeyString(content);
return dpk;
}
-shared_ptr<DNSCryptoKeyEngine> DNSCryptoKeyEngine::makeFromPEMString(DNSKEYRecordContent& drc, const std::string& raw)
+std::unique_ptr<DNSCryptoKeyEngine> DNSCryptoKeyEngine::makeFromPEMString(DNSKEYRecordContent& drc, const std::string& raw)
{
- for(const makers_t::value_type& val : getMakers())
+ for (const makers_t::value_type& val : getMakers())
{
- shared_ptr<DNSCryptoKeyEngine> ret=nullptr;
+ std::unique_ptr<DNSCryptoKeyEngine> ret=nullptr;
try {
ret = val.second(val.first);
ret->fromPEMString(drc, raw);
DSRecordContent dsrc;
try {
unsigned int algo = digestToAlgorithmNumber(digest);
- shared_ptr<DNSCryptoKeyEngine> dpk(DNSCryptoKeyEngine::make(algo));
+ auto dpk = DNSCryptoKeyEngine::make(algo);
dsrc.d_digest = dpk->hash(toHash);
}
catch(const std::exception& e) {
{
return true;
}
- static shared_ptr<DNSCryptoKeyEngine> makeFromISCFile(DNSKEYRecordContent& drc, const char* fname);
- static shared_ptr<DNSCryptoKeyEngine> makeFromISCString(DNSKEYRecordContent& drc, const std::string& content);
- static shared_ptr<DNSCryptoKeyEngine> makeFromPEMString(DNSKEYRecordContent& drc, const std::string& raw);
- static shared_ptr<DNSCryptoKeyEngine> makeFromPublicKeyString(unsigned int algorithm, const std::string& raw);
- static shared_ptr<DNSCryptoKeyEngine> make(unsigned int algorithm);
+ static std::unique_ptr<DNSCryptoKeyEngine> makeFromISCFile(DNSKEYRecordContent& drc, const char* fname);
+ static std::unique_ptr<DNSCryptoKeyEngine> makeFromISCString(DNSKEYRecordContent& drc, const std::string& content);
+ static std::unique_ptr<DNSCryptoKeyEngine> makeFromPEMString(DNSKEYRecordContent& drc, const std::string& raw);
+ static std::unique_ptr<DNSCryptoKeyEngine> makeFromPublicKeyString(unsigned int algorithm, const std::string& raw);
+ static std::unique_ptr<DNSCryptoKeyEngine> make(unsigned int algorithm);
static bool isAlgorithmSupported(unsigned int algo);
static bool isDigestSupported(uint8_t digest);
- typedef shared_ptr<DNSCryptoKeyEngine> maker_t(unsigned int algorithm);
+ typedef std::unique_ptr<DNSCryptoKeyEngine> maker_t(unsigned int algorithm);
static void report(unsigned int algorithm, maker_t* maker, bool fallback=false);
static void testMakers(unsigned int algorithm, maker_t* creator, maker_t* signer, maker_t* verifier);
return getDNSKEY().getTag();
}
- const shared_ptr<DNSCryptoKeyEngine> getKey() const
+ const std::shared_ptr<DNSCryptoKeyEngine>& getKey() const
{
return d_key;
}
- void setKey(const shared_ptr<DNSCryptoKeyEngine> key)
+ void setKey(std::shared_ptr<DNSCryptoKeyEngine>& key)
{
d_key = key;
- d_algorithm = key->getAlgorithm();
+ d_algorithm = d_key->getAlgorithm();
}
+
+ void setKey(std::unique_ptr<DNSCryptoKeyEngine>&& key)
+ {
+ d_key = std::move(key);
+ d_algorithm = d_key->getAlgorithm();
+ }
+
DNSKEYRecordContent getDNSKEY() const;
uint16_t d_flags;
uint8_t d_algorithm;
private:
- shared_ptr<DNSCryptoKeyEngine> d_key;
+ std::shared_ptr<DNSCryptoKeyEngine> d_key;
};
void fromPublicKeyString(const std::string& content) override;
bool checkKey(vector<string> *errorMessages) const override;
- static std::shared_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
+ static std::unique_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
{
- return std::make_shared<OpenSSLRSADNSCryptoKeyEngine>(algorithm);
+ return make_unique<OpenSSLRSADNSCryptoKeyEngine>(algorithm);
}
private:
void fromPublicKeyString(const std::string& content) override;
bool checkKey(vector<string> *errorMessages) const override;
- static std::shared_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
+ static std::unique_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
{
- return std::make_shared<OpenSSLECDSADNSCryptoKeyEngine>(algorithm);
+ return make_unique<OpenSSLECDSADNSCryptoKeyEngine>(algorithm);
}
private:
void fromPublicKeyString(const std::string& content) override;
bool checkKey(vector<string> *errorMessages) const override;
- static std::shared_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
+ static std::unique_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
{
- return std::make_shared<OpenSSLEDDSADNSCryptoKeyEngine>(algorithm);
+ return make_unique<OpenSSLEDDSADNSCryptoKeyEngine>(algorithm);
}
private:
vector<DNSBackend::KeyData> dbkeyset;
B.getDomainKeys(zone, dbkeyset);
- for(DNSBackend::KeyData& kd : dbkeyset) {
+ for (DNSBackend::KeyData& kd : dbkeyset) {
DNSKEYRecordContent dkrc;
- shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content));
+ DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content);
if(dkrc.d_algorithm == DNSSECKeeper::RSASHA1) {
cout<<"[Error] zone '"<<zone<<"' has NSEC3 semantics, but the "<< (kd.active ? "" : "in" ) <<"active key with id "<<kd.id<<" has 'Algorithm: 5'. This should be corrected to 'Algorithm: 7' in the database (or NSEC3 should be disabled)."<<endl;
int bits = -1;
try {
- std::shared_ptr<DNSCryptoKeyEngine> engine(DNSCryptoKeyEngine::makeFromPublicKeyString(key.d_algorithm, key.d_key)); // throws on unknown algo or bad key
+ auto engine = DNSCryptoKeyEngine::makeFromPublicKeyString(key.d_algorithm, key.d_key); // throws on unknown algo or bad key
bits=engine->getBits();
}
- catch(std::exception& e) {
+ catch (const std::exception& e) {
cerr<<"Could not process key to extract metadata: "<<e.what()<<endl;
}
if (!exportDS) {
return 1;
}
- std::shared_ptr<DNSCryptoKeyEngine> dke = nullptr;
+ std::unique_ptr<DNSCryptoKeyEngine> dke = nullptr;
// lookup correct key
for(DNSBackend::KeyData &kd : keys) {
if (kd.id == id) {
#endif
#include <boost/assign/std/vector.hpp> // for 'operator+=()'
#include <boost/assign/list_of.hpp>
-#include <boost/make_shared.hpp>
#include <boost/format.hpp>
#include <p11-kit/p11-kit.h>
throw PDNSException("Could not log in to token (PIN wrong?)");
};
-std::shared_ptr<DNSCryptoKeyEngine> PKCS11DNSCryptoKeyEngine::maker(unsigned int algorithm)
+std::unique_ptr<DNSCryptoKeyEngine> PKCS11DNSCryptoKeyEngine::maker(unsigned int algorithm)
{
- return
std::make_shared<PKCS11DNSCryptoKeyEngine>(algorithm);
+ return
make_unique<PKCS11DNSCryptoKeyEngine>(algorithm);
}
// this is called during program startup
void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) override { throw "Unimplemented"; };
void fromPublicKeyString(const std::string& content) override { throw "Unimplemented"; };
- static std::shared_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm);
+ static std::unique_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm);
};
bool PKCS11ModuleSlotLogin(const std::string& module, const string& tokenId, const std::string& pin);
now = time(nullptr);
}
DNSKEYRecordContent drc = dpk.getDNSKEY();
- const std::shared_ptr<DNSCryptoKeyEngine> rc = dpk.getKey();
+ const auto& rc = dpk.getKey();
rrc.d_type = signQType;
rrc.d_labels = signQName.countLabels() - signQName.isWildcard();
{
initSR();
- auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256));
+ auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dcke->create(dcke->getBits());
// cerr<<dcke->convertToISC()<<endl;
DNSSECPrivateKey dpk;
dpk.d_flags = 256;
- dpk.setKey(dcke);
+ dpk.setKey(std::move(dcke));
sortedRecords_t recordcontents;
recordcontents.insert(getRecordContent(QType::A, "192.0.2.1"));
testkeysset_t kskeys;
/* Generate key material for "." */
- auto dckeZ = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256));
+ auto dckeZ = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dckeZ->create(dckeZ->getBits());
DNSSECPrivateKey ksk;
ksk.d_flags = 257;
- ksk.setKey(dckeZ);
+ ksk.setKey(std::move(dckeZ));
DSRecordContent kskds = makeDSFromDNSKey(target, ksk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
- auto dckeK = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256));
+ auto dckeK = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dckeK->create(dckeK->getBits());
DNSSECPrivateKey zsk;
zsk.d_flags = 256;
- zsk.setKey(dckeK);
+ zsk.setKey(std::move(dckeK));
DSRecordContent zskds = makeDSFromDNSKey(target, zsk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
kskeys[target] = std::pair<DNSSECPrivateKey, DSRecordContent>(ksk, kskds);
testkeysset_t keys;
/* Generate key material for "." */
- auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256));
+ auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dcke->create(dcke->getBits());
DNSSECPrivateKey csk;
csk.d_flags = 0;
- csk.setKey(dcke);
+ csk.setKey(std::move(dcke));
DSRecordContent ds = makeDSFromDNSKey(target, csk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
keys[target] = std::pair<DNSSECPrivateKey, DSRecordContent>(csk, ds);
testkeysset_t keys;
/* Generate key material for "." */
- auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256));
+ auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dcke->create(dcke->getBits());
DNSSECPrivateKey csk;
csk.d_flags = 257 | 128;
- csk.setKey(dcke);
+ csk.setKey(std::move(dcke));
DSRecordContent ds = makeDSFromDNSKey(target, csk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
keys[target] = std::pair<DNSSECPrivateKey, DSRecordContent>(csk, ds);
testkeysset_t keys;
/* Generate key material for "." */
- auto dckeDS = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256));
+ auto dckeDS = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dckeDS->create(dckeDS->getBits());
DNSSECPrivateKey dskey;
dskey.d_flags = 257;
- dskey.setKey(dckeDS);
+ dskey.setKey(std::move(dckeDS));
DSRecordContent drc = makeDSFromDNSKey(target, dskey.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
- auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256));
+ auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dcke->create(dcke->getBits());
DNSSECPrivateKey dpk;
dpk.d_flags = 256;
- dpk.setKey(dcke);
+ dpk.setKey(std::move(dcke));
DSRecordContent uselessdrc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
dskeys[target] = std::pair<DNSSECPrivateKey, DSRecordContent>(dskey, drc);
generateKeyMaterial(target, DNSSECKeeper::ECDSA256, DNSSECKeeper::DIGEST_SHA256, keys, luaconfsCopy.dsAnchors);
g_luaconfs.setState(luaconfsCopy);
- auto dckeRRSIG = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256));
+ auto dckeRRSIG = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dckeRRSIG->create(dckeRRSIG->getBits());
DNSSECPrivateKey rrsigkey;
rrsigkey.d_flags = 257;
- rrsigkey.setKey(dckeRRSIG);
+ rrsigkey.setKey(std::move(dckeRRSIG));
DSRecordContent rrsigds = makeDSFromDNSKey(target, rrsigkey.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
rrsigkeys[target] = std::pair<DNSSECPrivateKey, DSRecordContent>(rrsigkey, rrsigds);
testkeysset_t keys;
/* Generate key material for "." */
- auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256));
+ auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dcke->create(dcke->getBits());
DNSSECPrivateKey dpk;
dpk.d_flags = 256;
- dpk.setKey(dcke);
+ dpk.setKey(std::move(dcke));
/* Fake algorithm number (private) */
dpk.d_algorithm = 253;
testkeysset_t keys;
/* Generate key material for "." */
- auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256));
+ auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dcke->create(dcke->getBits());
DNSSECPrivateKey dpk;
dpk.d_flags = 256;
- dpk.setKey(dcke);
+ dpk.setKey(std::move(dcke));
DSRecordContent drc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
/* Fake digest number (reserved) */
drc.d_digesttype = 0;
void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw) override
{}
- static std::shared_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
+ static std::unique_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
{
- return std::make_shared<SodiumED25519DNSCryptoKeyEngine>(algorithm);
+ return make_unique<SodiumED25519DNSCryptoKeyEngine>(algorithm);
}
private:
static void checkRR(const signerParams& signer)
{
DNSKEYRecordContent drc;
- auto dcke = DNSCryptoKeyEngine::makeFromISCString(drc, signer.iscMap);
+ auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(drc, signer.iscMap));
DNSSECPrivateKey dpk;
dpk.setKey(dcke);
dpk.d_flags = signer.rfcFlags;
{
for (const auto& signer : signers) {
DNSKEYRecordContent drc;
- auto dcke = DNSCryptoKeyEngine::makeFromISCString(drc, signer.iscMap);
+ auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(drc, signer.iscMap));
BOOST_CHECK_EQUAL(dcke->getAlgorithm(), signer.algorithm);
BOOST_CHECK_EQUAL(dcke->getBits(), signer.bits);
- The validator's notion of the current time MUST be greater than or equal to the time listed in the RRSIG RR's Inception field.
*/
if (isRRSIGIncepted(now, sig) && isRRSIGNotExpired(now, sig)) {
- std::shared_ptr<DNSCryptoKeyEngine> dke = shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromPublicKeyString(key->d_algorithm, key->d_key));
+ auto dke = DNSCryptoKeyEngine::makeFromPublicKeyString(key->d_algorithm, key->d_key);
result = dke->verify(msg, sig->d_signature);
LOG("signature by key with tag "<<sig->d_tag<<" and algorithm "<<DNSSECKeeper::algorithm2name(sig->d_algorithm)<<" was " << (result ? "" : "NOT ")<<"valid"<<endl);
}
projects / thirdparty / pdns.git / commitdiff
