default:
assert(0);
}
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
free(fixed_config);
return knot_error_from_libdnssec(ret);
}
}
ret = dnssec_keystore_init(*keystore, fixed_config);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
free(fixed_config);
dnssec_keystore_deinit(*keystore);
*keystore = NULL;
ret = dnssec_keystore_open(*keystore, fixed_config);
free(fixed_config);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
dnssec_keystore_deinit(*keystore);
*keystore = NULL;
return knot_error_from_libdnssec(ret);
{
dnssec_sign_ctx_t *sign_ctx;
int ret = dnssec_sign_new(&sign_ctx, key->key);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
ret = knot_error_from_libdnssec(ret);
}
header.size = RRSIG_RDATA_SIGNER_OFFSET;
result = dnssec_sign_add(ctx, &header);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
dnssec_binary_t signature = { 0 };
res = dnssec_sign_write(ctx, sign_flags, &signature);
- if (res != DNSSEC_EOK) {
+ if (res != KNOT_EOK) {
return res;
}
assert(signature.size > 0);
}
int ret = kdnssec_load_private(ctx->keystores, key->id, key->key, NULL, NULL);
switch (ret) {
- case DNSSEC_EOK:
+ case KNOT_EOK:
case DNSSEC_KEY_ALREADY_PRESENT:
break;
default:
}
ret = dnssec_sign_new(&ctx->sign_ctxs[i], ctx->keys[i].key);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
zone_sign_ctx_free(ctx);
return NULL;
}
ctx->dnssec_ctx = dnssec_ctx;
for (size_t i = 0; i < ctx->count; i++) {
int ret = dnssec_sign_new(&ctx->sign_ctxs[i], dnssec_ctx->zone->keys[i].key);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
zone_sign_ctx_free(ctx);
return NULL;
}
dnssec_key_t *new_key = NULL;
int ret = dnssec_key_new(&new_key);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
return knot_error_from_libdnssec(ret);
}
ret = dnssec_key_set_rdata(new_key, &binary_key);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
dnssec_key_free(new_key);
return knot_error_from_libdnssec(ret);
}
if (owner != NULL) {
ret = dnssec_key_set_dname(new_key, owner);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
dnssec_key_free(new_key);
return knot_error_from_libdnssec(ret);
}
dnssec_binary_t hash = { 0 };
int ret = dnssec_nsec3_hash(&data, params, &hash);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
return knot_error_from_libdnssec(ret);
}
dnssec_nsec3_params_t parsed = { 0 };
int r = dnssec_nsec3_params_from_rdata(&parsed, &rdata);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return false;
}
if (want_dnssec(qdata)) {
knot_rrset_t *nsec = synth_nsec(pkt, qdata, mod, &pkt->mm);
int r = knot_pkt_put(pkt, KNOT_COMPR_HINT_NONE, nsec, KNOT_PF_FREE);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
knot_rrset_free(nsec, &pkt->mm);
return KNOTD_IN_STATE_ERROR;
}
}
int r = knot_pkt_put(pkt, KNOT_COMPR_HINT_QNAME, dnskey, KNOT_PF_FREE);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
knot_rrset_free(dnskey, &pkt->mm);
return KNOTD_IN_STATE_ERROR;
}
}
int r = knot_pkt_put(pkt, KNOT_COMPR_HINT_QNAME, dnskey, KNOT_PF_FREE);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
knot_rrset_free(dnskey, &pkt->mm);
return KNOTD_IN_STATE_ERROR;
}
}
int r = knot_pkt_put(pkt, KNOT_COMPR_HINT_QNAME, ds, KNOT_PF_FREE);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
knot_rrset_free(ds, &pkt->mm);
return KNOTD_IN_STATE_ERROR;
}
}
int r = knot_pkt_put(pkt, KNOT_COMPR_HINT_QNAME, nsec, KNOT_PF_FREE);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
knot_rrset_free(nsec, &pkt->mm);
return KNOTD_IN_STATE_ERROR;
}
kru->loads_bits = loads_bits;
- if (dnssec_random_buffer((uint8_t *)&kru->hash_key, sizeof(kru->hash_key)) != DNSSEC_EOK) {
+ if (dnssec_random_buffer((uint8_t *)&kru->hash_key, sizeof(kru->hash_key)) != KNOT_EOK) {
return false;
}
{
dnssec_key_t *key = NULL;
int ret = dnssec_key_new(&key);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
return knot_error_from_libdnssec(ret);
}
dnssec_key_set_algorithm(key, parm->algorithm);
unsigned backend;
ret = kdnssec_load_private(from, parm->id, key, NULL, &backend);
- if (ret == DNSSEC_EOK) {
+ if (ret == KNOT_EOK) {
// If restore, consider only the first configured keystore.
assert(to->count > 0);
ret = dnssec_keystore_set_private(to[0].keystore, key);
backend = restore ? to->backend : backend;
- if (ret != DNSSEC_EOK && backend == KEYSTORE_BACKEND_PKCS11) {
+ if (ret != KNOT_EOK && backend == KEYSTORE_BACKEND_PKCS11) {
log_zone_notice(zname,
"%s of private key id %s via PKCS #11 not possible, ignoring",
restore ? "restore" : "backup", parm->id);
- ret = DNSSEC_EOK;
+ ret = KNOT_EOK;
}
} else if (ret == DNSSEC_ENOENT) {
log_zone_notice(zname, "private key id %s not available, ignoring", parm->id);
- ret = DNSSEC_EOK;
+ ret = KNOT_EOK;
}
dnssec_key_free(key);
};
dnssec_nsec3_params_t new_params = { 0 };
- int r = dnssec_nsec3_params_from_rdata(&new_params, &rdata);
- if (r != DNSSEC_EOK) {
- return KNOT_EMALF;
+ int ret = dnssec_nsec3_params_from_rdata(&new_params, &rdata);
+ if (ret != KNOT_EOK) {
+ return ret;
}
dnssec_nsec3_params_free(&contents->nsec3_params);
}
int ret = dnssec_digest_init(algorithm, &ctx.digest_ctx);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
free(ctx.buf);
return knot_error_from_libdnssec(ret);
}
data->data = new_data;
data->size = size;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
to->size = from->size;
to->data = copy;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
data->data = new_data;
data->size = new_size;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
binary->data = data;
binary->size = size;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
base64->data = data;
base64->size = size;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
* \param[out] data Binary to be allocated.
* \param[in] size Requested size of the binary.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_binary_alloc(dnssec_binary_t *data, size_t size);
* \param[in] from Source of the copy.
* \param[out] to Target of the copy.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_binary_dup(const dnssec_binary_t *from, dnssec_binary_t *to);
* \param data Binary to be resized.
* \param new_size New size.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_binary_resize(dnssec_binary_t *data, size_t new_size);
* \param[in] base64 Base64 encoded data.
* \param[out] binary Decoded binary data.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_binary_from_base64(const dnssec_binary_t *base64,
dnssec_binary_t *binary);
* \param[in] binary Binary data.
* \param[out] base64 Base64 encode data.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_binary_to_base64(const dnssec_binary_t *binary,
dnssec_binary_t *base64);
}
*out_ctx = res;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static void digest_ctx_free(dnssec_digest_ctx_t *ctx)
digest_ctx_free(ctx);
return DNSSEC_DIGEST_ERROR;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
gnutls_hash_output(ctx->gtctx, out->data);
digest_ctx_free(ctx);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
} error_message_t;
static const error_message_t ERROR_MESSAGES[] = {
- { DNSSEC_EOK, "no error" },
+ { KNOT_EOK, "no error" },
{ DNSSEC_ENOMEM, "not enough memory" },
{ DNSSEC_EINVAL, "invalid argument" },
* Library error codes.
*/
enum dnssec_error {
- DNSSEC_EOK = 0,
+ KNOT_EOK = 0,
DNSSEC_ENOMEM = -ENOMEM,
DNSSEC_EINVAL = -EINVAL,
* The protocol field of the key is set to 3 (DNSSEC).
* The flags field of the key is set to 256 (zone key, no SEP).
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_key_new(dnssec_key_t **key);
* \param[out] min Minimal size of the private key (can be NULL).
* \param[out] max Maximal size of the private key (can be NULL).
*
- * \return DNSSEC_EOK for valid parameters.
+ * \return KNOT_EOK for valid parameters.
*/
int dnssec_algorithm_key_size_range(dnssec_key_algorithm_t algorithm,
unsigned *min, unsigned *max);
* \param[in] digest Digest algorithm to be used.
* \param[out] rdata Allocated DS RDATA.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_key_create_ds(const dnssec_key_t *key, dnssec_key_digest_t digest,
dnssec_binary_t *rdata);
*max_ptr = limits->max;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
size_t modulus_size = bignum_size_u_datum(&modulus);
result = dnssec_binary_alloc(rdata, 1 + exponent_size + modulus_size);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
wire_write_bignum_datum(&wire, modulus_size, &modulus);
assert(wire_ctx_offset(&wire) == rdata->size);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
}
result = dnssec_binary_alloc(rdata, 2 * point_size);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
wire_write_bignum_datum(&wire, point_size, &point_y);
assert(wire_ctx_offset(&wire) == rdata->size);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
}
result = dnssec_binary_alloc(rdata, point_size);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
wire_write_bignum_datum(&wire, point_size, &point_x);
assert(wire_ctx_offset(&wire) == rdata->size);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/* -- crypto to DNSSEC ------------------------------------------------------*/
return DNSSEC_KEY_IMPORT_ERROR;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
return DNSSEC_KEY_IMPORT_ERROR;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
return DNSSEC_KEY_IMPORT_ERROR;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/* -- internal API --------------------------------------------------------- */
* \param[in] key Public key to be encoded.
* \param[out] rdata Encoded key (allocated).
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int convert_pubkey_to_dnskey(gnutls_pubkey_t key, dnssec_binary_t *rdata);
* \param[in] rdata Public key in DNSKEY RDATA format.
* \param[out] key GnuTLS public key (initialized).
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int convert_dnskey_to_pubkey(uint8_t algorithm, const dnssec_binary_t *rdata,
gnutls_pubkey_t key);
size_t new_size = DNSKEY_RDATA_OFFSET_PUBKEY + pubkey->size;
int result = dnssec_binary_resize(rdata, new_size);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
binary_write(&wire, pubkey);
assert(wire_ctx_offset(&wire) == rdata->size);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
}
result = convert_dnskey_to_pubkey(algorithm, &rdata_pubkey, key);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
gnutls_pubkey_deinit(key);
return result;
}
*key_ptr = key;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
dnssec_binary_t rdata = { 0 };
r = dnssec_binary_alloc(&rdata, 4 + digest_size);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
*rdata_ptr = rdata;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
}
int r = dnssec_binary_dup(&DNSKEY_RDATA_TEMPLATE, &key->rdata);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
free(key);
return DNSSEC_ENOMEM;
}
*key_ptr = key;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
dnssec_key_t *dup = NULL;
- if (dnssec_key_new(&dup) != DNSSEC_EOK ||
- dnssec_key_set_dname(dup, key->dname) != DNSSEC_EOK ||
- dnssec_key_set_rdata(dup, &key->rdata) != DNSSEC_EOK
+ if (dnssec_key_new(&dup) != KNOT_EOK ||
+ dnssec_key_set_dname(dup, key->dname) != KNOT_EOK ||
+ dnssec_key_set_rdata(dup, &key->rdata) != KNOT_EOK
) {
dnssec_key_free(dup);
return NULL;
free(key->dname);
key->dname = copy;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
wire_ctx_set_offset(&wire, DNSKEY_RDATA_OFFSET_FLAGS);
wire_ctx_write_u16(&wire, flags);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
wire_ctx_set_offset(&wire, DNSKEY_RDATA_OFFSET_PROTOCOL);
wire_ctx_write_u8(&wire, protocol);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/* -- restricted attributes ------------------------------------------------ */
wire_ctx_set_offset(&wire, DNSKEY_RDATA_OFFSET_ALGORITHM);
wire_ctx_write_u8(&wire, algorithm);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
wire_ctx_set_offset(&wire, DNSKEY_RDATA_OFFSET_PUBKEY);
binary_available(&wire, pubkey);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
}
int result = dnskey_rdata_set_pubkey(&key->rdata, pubkey);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
result = dnskey_rdata_to_crypto_key(&key->rdata, &key->public_key);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
key->rdata.size = DNSKEY_RDATA_OFFSET_PUBKEY; // downsize
return result;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
*rdata = key->rdata;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
gnutls_pubkey_t new_pubkey = NULL;
int result = dnskey_rdata_to_crypto_key(rdata, &new_pubkey);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
result = dnssec_binary_resize(&key->rdata, rdata->size);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
gnutls_pubkey_deinit(new_pubkey);
return result;
}
memmove(key->rdata.data, rdata->data, rdata->size);
key->public_key = new_pubkey;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/* -- key presence checking ------------------------------------------------ */
*keytag = keytag_current(rdata);
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
*pubkey = new_key;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
gnutls_pubkey_t pubkey = NULL;
int result = public_from_private(privkey, &pubkey);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
_cleanup_binary_ dnssec_binary_t rdata_pubkey = { 0 };
result = convert_pubkey_to_dnskey(pubkey, &rdata_pubkey);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
gnutls_pubkey_deinit(pubkey);
return result;
}
size_t rdata_size = DNSKEY_RDATA_OFFSET_PUBKEY + rdata_pubkey.size;
result = dnssec_binary_resize(rdata, rdata_size);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
gnutls_pubkey_deinit(pubkey);
return result;
}
*pubkey_ptr = pubkey;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/* -- internal API --------------------------------------------------------- */
if (!key->public_key) {
int r = create_public_key(privkey, &key->public_key, &key->rdata);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
}
key->private_key = privkey;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
* \param key DNSSEC key to be updated.
* \param privkey Private key to be set.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int key_set_private_key(dnssec_key_t *key, gnutls_privkey_t privkey);
gnutls_privkey_t privkey = NULL;
int r = dnssec_pem_to_privkey(pem, &privkey);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
r = key_set_private_key(key, privkey);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
gnutls_privkey_deinit(privkey);
return r;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
*
* \param[out] store Opened key store.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_keystore_init_pkcs8(dnssec_keystore_t **store);
*
* \param[out] store Opened key store.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_keystore_init_pkcs11(dnssec_keystore_t **store);
*
* \param store Key store to be closed.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_keystore_close(dnssec_keystore_t *store);
* \param[in] label Optional key label for PKCS #11.
* \param[out] id_ptr ID of the generated key. Must be freed by the caller.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_keystore_generate(dnssec_keystore_t *store,
dnssec_key_algorithm_t algorithm,
* \param[in] pem Private key material in PEM format.
* \param[out] id_ptr ID of the imported key. Must be freed by the caller.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_keystore_import(dnssec_keystore_t *store, const dnssec_binary_t *pem,
char **id_ptr);
* \param store Key store.
* \param id ID of the private key to be deleted.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_keystore_remove(dnssec_keystore_t *store, const char *id);
* \param id ID of the key.
* \param key DNSSEC key to be initialized.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_keystore_get_private(dnssec_keystore_t *store, const char *id,
dnssec_key_t *key);
* \param store Key store.
* \param key DNSSEC key with a private key.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_keystore_set_private(dnssec_keystore_t *store, dnssec_key_t *key);
store->functions = functions;
int result = functions->ctx_new(&store->ctx);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
free(store);
return DNSSEC_ENOMEM;
}
*store_ptr = store;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/* -- public API ----------------------------------------------------------- */
free(store);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
gnutls_privkey_t privkey = NULL;
int r = store->functions->get_private(store->ctx, id, &privkey);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
r = key_set_private_key(key, privkey);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
gnutls_privkey_deinit(privkey);
return r;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
url[len] = '\0';
*url_ptr = url;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
*uri_ptr = url;
*module_ptr = module;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
char *module = NULL;
int r = parse_config(config, &url, &module);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
*url_ptr = url;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/* -- internal API --------------------------------------------------------- */
*ctx_ptr = ctx;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static void pkcs11_ctx_free(void *ctx)
free(ctx->url);
clear_struct(ctx);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int pkcs11_generate_key(void *_ctx, gnutls_pk_algorithm_t algorithm,
*id_ptr = id;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int import_pem(const dnssec_binary_t *pem,
gnutls_pubkey_t pubkey = NULL;
int r = dnssec_pem_to_x509(pem, &x509_key);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
goto fail;
}
fail:
gnutls_privkey_deinit(key);
- if (r == DNSSEC_EOK) {
+ if (r == KNOT_EOK) {
*key_ptr = x509_key;
*pubkey_ptr = pubkey;
} else {
_cleanup_pubkey_ gnutls_pubkey_t pubkey = NULL;
int r = import_pem(pem, &key, &pubkey);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
_cleanup_binary_ dnssec_binary_t id = { 0 };
r = keyid_x509(key, &id);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
return DNSSEC_ENOMEM;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int pkcs11_remove_key(void *_ctx, const char *id)
_cleanup_free_ char *url = NULL;
int r = key_url(ctx->url, id, &url);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
return DNSSEC_ENOENT;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int pkcs11_get_private(void *_ctx, const char *id, gnutls_privkey_t *key_ptr)
_cleanup_free_ char *url = NULL;
int r = key_url(ctx->url, id, &url);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
*key_ptr = key;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int pkcs11_set_private(void *ctx, gnutls_privkey_t key)
{
_cleanup_binary_ dnssec_binary_t pem = { 0 };
int r = dnssec_pem_from_privkey(key, &pem);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
assert(offset >= 0);
*size = offset;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
*fd_ptr = fd;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int key_open_read(const char *dir_name, const char *id, int *fd_ptr)
_cleanup_close_ int file = -1;
int result = key_open_read(handle->dir_name, id, &file);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
size_t size = 0;
result = file_size(file, &size);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
dnssec_binary_t read_pem = { 0 };
result = dnssec_binary_alloc(&read_pem, size);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
assert(read_count == read_pem.size);
*pem = read_pem;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static bool key_is_duplicate(int open_error, pkcs8_dir_handle_t *handle,
_cleanup_binary_ dnssec_binary_t old = { 0 };
int r = pkcs8_dir_read(handle, id, &old);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return false;
}
dnssec_binary_t _pem = { 0 };
r = dnssec_pem_from_x509(key, &_pem);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
char *_id = NULL;
r = keyid_x509_hex(key, &_id);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
dnssec_binary_free(&_pem);
return r;
}
*id = _id;
*pem = _pem;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/* -- internal API --------------------------------------------------------- */
*ctx_ptr = ctx;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static void pkcs8_ctx_free(void *ctx)
handle->dir_name = path;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int pkcs8_close(void *ctx)
free(handle->dir_name);
memset(handle, 0, sizeof(*handle));
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int pkcs8_generate_key(void *ctx, gnutls_pk_algorithm_t algorithm,
char *id = NULL;
_cleanup_binary_ dnssec_binary_t pem = { 0 };
int r = pem_generate(algorithm, bits, &pem, &id);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
_cleanup_close_ int file = -1;
r = key_open_write(handle->dir_name, id, &file);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
if (key_is_duplicate(r, handle, id, &pem)) {
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
return r;
}
*id_ptr = id;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int pkcs8_import_key(void *ctx, const dnssec_binary_t *pem, char **id_ptr)
char *id = NULL;
_cleanup_x509_privkey_ gnutls_x509_privkey_t key = NULL;
int r = dnssec_pem_to_x509(pem, &key);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
r = keyid_x509_hex(key, &id);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
_cleanup_close_ int file = -1;
r = key_open_write(handle->dir_name, id, &file);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
if (key_is_duplicate(r, handle, id, pem)) {
*id_ptr = id;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
free(id);
return r;
*id_ptr = id;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int pkcs8_remove_key(void *ctx, const char *id)
return dnssec_errno_to_error(errno);
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int pkcs8_get_private(void *ctx, const char *id, gnutls_privkey_t *key_ptr)
_cleanup_close_ int file = -1;
int r = key_open_read(handle->dir_name, id, &file);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
size_t size = 0;
r = file_size(file, &size);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
_cleanup_binary_ dnssec_binary_t pem = { 0 };
r = dnssec_binary_alloc(&pem, size);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
gnutls_privkey_t key = NULL;
r = dnssec_pem_to_privkey(&pem, &key);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
*key_ptr = key;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int pkcs8_set_private(void *ctx, gnutls_privkey_t key)
_cleanup_binary_ dnssec_binary_t pem = { 0 };
int r = dnssec_pem_from_privkey(key, &pem);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
* \param[in] rdata DNSKEY RDATA.
* \param[out] keytag Computed keytag.
*
- * \return Error code, DNSSEC_EOK of successful.
+ * \return Error code, KNOT_EOK of successful.
*/
int dnssec_keytag(const dnssec_binary_t *rdata, uint16_t *keytag);
* \param params Output parameters.
* \param rdata NSEC3PARAM RDATA.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_nsec3_params_from_rdata(dnssec_nsec3_params_t *params,
const dnssec_binary_t *rdata);
* \param[in] params NSEC3 parameters.
* \param[out] hash Computed hash (will be allocated or resized).
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_nsec3_hash(const dnssec_binary_t *data,
const dnssec_nsec3_params_t *params,
}
int result = dnssec_binary_resize(hash, hash_size);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
in_size = hash->size;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
*params = new_params;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
static int map_result(int gnutls_result)
{
- return gnutls_result == GNUTLS_E_SUCCESS ? DNSSEC_EOK : DNSSEC_ERROR;
+ return gnutls_result == GNUTLS_E_SUCCESS ? KNOT_EOK : DNSSEC_ERROR;
}
int p11_init(void)
{
for (int i = 0; i < pkcs11_modules_count; i++) {
if (strcmp(pkcs11_modules[i], module) == 0) {
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
}
pkcs11_modules[pkcs11_modules_count] = copy;
pkcs11_modules_count += 1;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
void p11_cleanup(void)
int p11_init(void)
{
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
int p11_reinit(void)
{
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
int p11_load_module(const char *module)
*key = _key;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
gnutls_x509_privkey_t key_x509 = NULL;
int r = dnssec_pem_to_x509(pem, &key_x509);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
*key = key_abs;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int try_export_pem(gnutls_x509_privkey_t key, dnssec_binary_t *pem)
}
r = dnssec_binary_alloc(&_pem, _pem.size);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
*pem = _pem;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int privkey_export_x509(gnutls_privkey_t key, gnutls_x509_privkey_t *_key)
return DNSSEC_KEY_EXPORT_ERROR;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
_cleanup_x509_privkey_ gnutls_x509_privkey_t _key = NULL;
int r = privkey_export_x509(key, &_key);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
dnssec_binary_t _pem = { 0 };
r = dnssec_pem_from_x509(_key, &_pem);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
*pem = _pem;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
* \param[in] pem PEM binary data.
* \param[out] key Resulting private key.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_pem_to_x509(const dnssec_binary_t *pem, gnutls_x509_privkey_t *key);
* \param[in] pem PEM binary data.
* \param[out] key Resulting private key.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_pem_to_privkey(const dnssec_binary_t *pem, gnutls_privkey_t *key);
* \param[in] key Key to be exported.
* \param[out] pem Generated key in unencrypted PEM format.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_pem_from_x509(gnutls_x509_privkey_t key, dnssec_binary_t *pem);
* \param[in] key Key to be exported.
* \param[out] pem Generated key in unencrypted PEM format.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_pem_from_privkey(gnutls_privkey_t key, dnssec_binary_t *pem);
return DNSSEC_ERROR;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
* \param data Pointer to the output buffer.
* \param size Size of the output buffer.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_random_buffer(uint8_t *data, size_t size);
*
* \param data Preallocated binary structure to be filled.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_random_binary(dnssec_binary_t *data);
assert(size == DNSSEC_KEYID_BINARY_SIZE);
r = dnssec_binary_resize(id, size);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
memcpy(id->data, buffer, size);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
{
_cleanup_binary_ dnssec_binary_t bin = { 0 };
int r = keyid_bin(key, pubkey, &bin);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return r;
}
return DNSSEC_ENOMEM;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
int keyid_x509(gnutls_x509_privkey_t key, dnssec_binary_t *id)
* \param ctx_ptr Pointer to context to be allocated.
* \param key DNSSEC key to be used.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_sign_new(dnssec_sign_ctx_t **ctx_ptr, const dnssec_key_t *key);
*
* \param ctx Signing context.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_sign_init(dnssec_sign_ctx_t *ctx);
* \param ctx Signing context.
* \param data Data to be signed.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_sign_add(dnssec_sign_ctx_t *ctx, const dnssec_binary_t *data);
* \param flags Additional flags to be used for signing.
* \param signature Signature to be allocated and written.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_sign_write(dnssec_sign_ctx_t *ctx, dnssec_sign_flags_t flags,
dnssec_binary_t *signature);
* \param signature Signature to be verified.
*
* \return Error code.
- * \retval DNSSEC_EOK Validation successful, valid signature.
+ * \retval KNOT_EOK Validation successful, valid signature.
* \retval DNSSEC_INVALID_SIGNATURE Validation successful, invalid signature.
*/
int dnssec_sign_verify(dnssec_sign_ctx_t *ctx, bool sign_cmp,
*size = byte;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
size_t size;
int result = asn1_decode_size(wire, &size);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
*_value = value;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
}
result = asn1_decode_size(&wire, &size);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
dnssec_binary_t der_r;
result = asn1_decode_integer(&wire, &der_r);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
dnssec_binary_t der_s;
result = asn1_decode_integer(&wire, &der_s);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
*r = der_r;
*s = der_s;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/*!
*der = _der;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
* \param[out] s Value 's' of the signature, will point to the data in DER.
* \param[out] r Value 'r' of the signature, will point to the data in DER.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dss_sig_value_decode(const dnssec_binary_t *der,
dnssec_binary_t *r, dnssec_binary_t *s);
* \param[in] r Value 'r' of the signature.
* \param[out] der X.509 signature, the content will be allocated.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dss_sig_value_encode(const dnssec_binary_t *r, const dnssec_binary_t *s,
dnssec_binary_t *der);
* \param from Data in source format.
* \param to Allocated data in target format.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
typedef int (*signature_convert_cb)(dnssec_sign_ctx_t *ctx,
const dnssec_binary_t *from,
dnssec_binary_t value_s = { 0 };
int result = dss_sig_value_decode(x509, &value_r, &value_s);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
}
result = dnssec_binary_alloc(dnssec, 2 * int_size);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
bignum_write(&wire, int_size, &value_s);
assert(wire_ctx_offset(&wire) == dnssec->size);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
static int ecdsa_dnssec_to_x509(dnssec_sign_ctx_t *ctx,
const uint8_t algo_raw = dnssec_key_get_algorithm(key);
ctx->sign_algorithm = algo_dnssec2gnutls((dnssec_key_algorithm_t)algo_raw);
int result = dnssec_sign_init(ctx);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
free(ctx);
return result;
}
*ctx_ptr = ctx;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
vpool_init(&ctx->buffer, 1024, 0);
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
return DNSSEC_SIGN_ERROR;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
if (ret == KNOT_EOK) {
ret = dnssec_binary_cmp(&sign, signature)
? DNSSEC_INVALID_SIGNATURE
- : DNSSEC_EOK;
+ : KNOT_EOK;
}
dnssec_binary_free(&sign);
return ret;
_cleanup_binary_ dnssec_binary_t bin_raw = { 0 };
int result = ctx->functions->dnssec_to_x509(ctx, signature, &bin_raw);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return result;
}
return DNSSEC_ERROR;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
*ctx_ptr = ctx;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
return DNSSEC_SIGN_ERROR;
}
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
_public_
gnutls_hmac_output(ctx->hash, mac);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
* \param[in] algorithm TSIG algorithm.
* \param[in] key Shared key to be used for signing.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_tsig_new(dnssec_tsig_ctx_t **ctx, dnssec_tsig_algorithm_t algorithm,
const dnssec_binary_t *key);
* \param ctx TSIG signing context.
* \param data Data to be signed.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_tsig_add(dnssec_tsig_ctx_t *ctx, const dnssec_binary_t *data);
* \param[in] ctx TSIG signing context.
* \param[out] mac Resulting TSIG signature.
*
- * \return Error code, DNSSEC_EOK if successful.
+ * \return Error code, KNOT_EOK if successful.
*/
int dnssec_tsig_write(dnssec_tsig_ctx_t *ctx, uint8_t *mac);
len = SERVER_DEFAULT_SCIDLEN;
}
- if (dnssec_random_buffer(cid->data, len) != DNSSEC_EOK) {
+ if (dnssec_random_buffer(cid->data, len) != KNOT_EOK) {
cid->datalen = 0;
} else {
cid->datalen = len;
params.retry_scid_present = 1;
params.retry_scid = *scid;
}
- if (dnssec_random_buffer(params.stateless_reset_token, NGTCP2_STATELESS_RESET_TOKENLEN) != DNSSEC_EOK) {
+ if (dnssec_random_buffer(params.stateless_reset_token, NGTCP2_STATELESS_RESET_TOKENLEN) != KNOT_EOK) {
return KNOT_ERROR;
}
}
dnssec_tsig_ctx_t *ctx = NULL;
- int result = dnssec_tsig_new(&ctx, key->algorithm, &key->secret);
- if (result != DNSSEC_EOK) {
+ int ret = dnssec_tsig_new(&ctx, key->algorithm, &key->secret);
+ if (ret != KNOT_EOK) {
return KNOT_TSIG_EBADSIG;
}
return KNOT_ENOMEM;
}
- if (dnssec_binary_dup(&src->secret, ©.secret) != DNSSEC_EOK) {
+ if (dnssec_binary_dup(&src->secret, ©.secret) != KNOT_EOK) {
knot_tsig_key_deinit(©);
return KNOT_ENOMEM;
}
quic_ctx_t *ctx = (quic_ctx_t *)user_data;
- if (dnssec_random_buffer(cid->data, cidlen) != DNSSEC_EOK) {
+ if (dnssec_random_buffer(cid->data, cidlen) != KNOT_EOK) {
return NGTCP2_ERR_CALLBACK_FAILURE;
}
cid->datalen = cidlen;
assert(buf != NULL && buflen > 0 && buflen <= 32);
uint8_t rand[16], hash[32];
int ret = dnssec_random_buffer(rand, sizeof(rand));
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
return KNOT_ERROR;
}
ret = gnutls_hash_fast(GNUTLS_DIG_SHA256, rand, sizeof(rand), hash);
ngtcp2_cid dcid, scid;
scid.datalen = NGTCP2_MAX_CIDLEN;
int ret = dnssec_random_buffer(scid.data, scid.datalen);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
return ret;
}
dcid.datalen = 18;
ret = dnssec_random_buffer(dcid.data, dcid.datalen);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
return ret;
}
q->cc.len = KNOT_EDNS_COOKIE_CLNT_SIZE;
int ret = dnssec_random_buffer(q->cc.data, q->cc.len);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
return knot_error_from_libdnssec(ret);
}
}
uint8_t *algorithm = _algorithm;
int r = str_to_u8(string, algorithm);
- return (r == KNOT_EOK ? DNSSEC_EOK : DNSSEC_INVALID_KEY_ALGORITHM);
+ return (r == KNOT_EOK ? KNOT_EOK : DNSSEC_INVALID_KEY_ALGORITHM);
}
/*!
time_t *time = _time;
*time = timegm(&tm);
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/* -- key parsing ---------------------------------------------------------- */
// ignore unknown attributes
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
int bind_privkey_parse(const char *filename, bind_privkey_t *params_ptr)
ssize_t read = 0;
while ((read = getline(&line, &size, file)) != -1) {
int r = parse_line(¶ms, line, read);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
bind_privkey_free(¶ms);
return r;
}
*params_ptr = params;
- return DNSSEC_EOK;
+ return KNOT_EOK;
}
/* -- freeing -------------------------------------------------------------- */
gnutls_datum_t k = binary_to_datum(¶ms->private_key);
result = gnutls_x509_privkey_import_ecc_raw(key, curve, &x, &y, &k);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return DNSSEC_KEY_IMPORT_ERROR;
}
gnutls_datum_t k = binary_to_datum(¶ms->private_key);
result = gnutls_x509_privkey_import_ecc_raw(key, curve, &x, NULL, &k);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return DNSSEC_KEY_IMPORT_ERROR;
}
{
dnssec_key_t *key = NULL;
int result = dnssec_key_new(&key);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return KNOT_ENOMEM;
}
ret = bind_privkey_parse(privname, &bpriv);
free(privname);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
goto fail;
}
dnssec_binary_t pem = { 0 };
ret = bind_privkey_to_pem(key, &bpriv, &pem);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
bind_privkey_free(&bpriv);
goto fail;
}
ret = dnssec_keystore_import(keystore->keystore, &pem, &keyid);
dnssec_binary_free(&pem);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
goto fail;
}
} else {
timing.publish = ctx->now;
ret = dnssec_key_get_keyid(key, &keyid);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
goto fail;
}
}
// alloc memory
dnssec_binary_t pem = { 0 };
ret = dnssec_binary_alloc(&pem, fsize);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
close(fd);
err_import_key("", param);
goto fail;
// put pem to keystore
ret = dnssec_keystore_import(keystore->keystore, &pem, &keyid);
dnssec_binary_free(&pem);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
err_import_key(keyid, param);
goto fail;
}
// create dnssec key
ret = dnssec_key_new(&key);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
goto fail;
}
ret = dnssec_key_set_dname(key, ctx->zone->dname);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
goto fail;
}
dnssec_key_set_flags(key, dnskey_flags(flags & DNSKEY_GENERATE_SEP_ON));
// fill key structure from keystore (incl. pubkey from privkey computation)
ret = kdnssec_load_private(ctx->keystores, keyid, key, NULL, NULL);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
err_import_key(keyid, "");
goto fail;
}
_cleanup_binary_ dnssec_binary_t key = { 0 };
int r = dnssec_binary_alloc(&key, bits / CHAR_BIT);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
ERR2("failed to allocate memory");
return knot_error_from_libdnssec(r);
}
_cleanup_binary_ dnssec_binary_t key_b64 = { 0 };
r = dnssec_binary_to_base64(&key, &key_b64);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
ERR2("failed to convert the key to Base64");
return knot_error_from_libdnssec(r);
}
{
key_info_t out = { .ks_count = ctx->keystores[0].count };
out.missing = !key->is_pub_only &&
- DNSSEC_EOK != kdnssec_load_private(ctx->keystores, key->id,
- key->key, &out.ks_name, &out.backend);
+ KNOT_EOK != kdnssec_load_private(ctx->keystores, key->id,
+ key->key, &out.ks_name, &out.backend);
return out;
}
{
_cleanup_binary_ dnssec_binary_t rdata = { 0 };
int r = dnssec_key_create_ds(key, digest, &rdata);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
return knot_error_from_libdnssec(r);
}
dnssec_binary_t pubkey = { 0 };
int ret = dnssec_key_get_pubkey(dnskey, &pubkey);
- if (ret != DNSSEC_EOK) {
+ if (ret != KNOT_EOK) {
free(name);
return knot_error_from_libdnssec(ret);
}
dnssec_key_t **test_key_ptr, dnssec_key_t **ref_key_ptr)
{
dnssec_key_t *test_key = NULL;
- if (dnssec_key_new(&test_key) != DNSSEC_EOK ||
- dnssec_key_set_algorithm(test_key, algorithm) != DNSSEC_EOK ||
- dnssec_keystore_get_private(keystore, id, test_key) != DNSSEC_EOK) {
+ if (dnssec_key_new(&test_key) != KNOT_EOK ||
+ dnssec_key_set_algorithm(test_key, algorithm) != KNOT_EOK ||
+ dnssec_keystore_get_private(keystore, id, test_key) != KNOT_EOK) {
dnssec_key_free(test_key);
return KNOT_ERROR;
}
dnssec_binary_t rdata;
dnssec_key_t *ref_key = NULL;
- if (dnssec_key_new(&ref_key) != DNSSEC_EOK ||
- dnssec_key_get_rdata(test_key, &rdata) != DNSSEC_EOK ||
- dnssec_key_set_rdata(ref_key, &rdata) != DNSSEC_EOK) {
+ if (dnssec_key_new(&ref_key) != KNOT_EOK ||
+ dnssec_key_get_rdata(test_key, &rdata) != KNOT_EOK ||
+ dnssec_key_set_rdata(ref_key, &rdata) != KNOT_EOK) {
dnssec_key_free(test_key);
dnssec_key_free(ref_key);
return KNOT_ERROR;
dnssec_binary_t sign = { 0 };
dnssec_sign_ctx_t *ctx = NULL;
- if (dnssec_sign_new(&ctx, test_key) != DNSSEC_EOK ||
- dnssec_sign_add(ctx, &input) != DNSSEC_EOK ||
- dnssec_sign_write(ctx, DNSSEC_SIGN_NORMAL, &sign) != DNSSEC_EOK) {
+ if (dnssec_sign_new(&ctx, test_key) != KNOT_EOK ||
+ dnssec_sign_add(ctx, &input) != KNOT_EOK ||
+ dnssec_sign_write(ctx, DNSSEC_SIGN_NORMAL, &sign) != KNOT_EOK) {
dnssec_binary_free(&sign);
dnssec_sign_free(ctx);
return KNOT_ERROR;
}
- if (dnssec_sign_init(ctx) != DNSSEC_EOK ||
- dnssec_sign_add(ctx, &input) != DNSSEC_EOK ||
- dnssec_sign_verify(ctx, false, &sign) != DNSSEC_EOK) {
+ if (dnssec_sign_init(ctx) != KNOT_EOK ||
+ dnssec_sign_add(ctx, &input) != KNOT_EOK ||
+ dnssec_sign_verify(ctx, false, &sign) != KNOT_EOK) {
dnssec_binary_free(&sign);
dnssec_sign_free(ctx);
return KNOT_ERROR;
dnssec_sign_free(ctx);
ctx = NULL;
- if (dnssec_sign_new(&ctx, ref_key) != DNSSEC_EOK ||
- dnssec_sign_add(ctx, &input) != DNSSEC_EOK ||
- dnssec_sign_verify(ctx, false, &sign) != DNSSEC_EOK) {
+ if (dnssec_sign_new(&ctx, ref_key) != KNOT_EOK ||
+ dnssec_sign_add(ctx, &input) != KNOT_EOK ||
+ dnssec_sign_verify(ctx, false, &sign) != KNOT_EOK) {
dnssec_binary_free(&sign);
dnssec_sign_free(ctx);
return KNOT_ERROR;
char *id = NULL;
int ret = dnssec_keystore_generate(store, params->algorithm,
params->bit_size, NULL, &id);
- if (ret == DNSSEC_EOK) {
+ if (ret == KNOT_EOK) {
res.generate = true;
ret = test_key_use(store, id, params->algorithm);
res.use = (ret == KNOT_EOK);
ret = dnssec_keystore_remove(store, id);
- res.remove = (ret == DNSSEC_EOK);
+ res.remove = (ret == KNOT_EOK);
free(id);
}
ret = dnssec_keystore_import(store, ¶ms->pem, &id);
- if (ret == DNSSEC_EOK) {
+ if (ret == KNOT_EOK) {
res.import = true;
ret = test_key_use(store, id, params->algorithm);
ret = dnssec_keystore_remove(store, id);
if (res.generate) {
- res.remove &= (ret == DNSSEC_EOK);
+ res.remove &= (ret == KNOT_EOK);
} else {
- res.remove = (ret == DNSSEC_EOK);
+ res.remove = (ret == KNOT_EOK);
}
free(id);
}
knot_spin_lock(&data->lock);
int ret = dnssec_keystore_generate(store, params->algorithm,
params->bit_size, NULL, &id);
- if (ret != DNSSEC_EOK ||
- dnssec_key_new(&test_key) != DNSSEC_EOK ||
- dnssec_key_set_algorithm(test_key, params->algorithm) != DNSSEC_EOK ||
- dnssec_keystore_get_private(store, id, test_key) != DNSSEC_EOK) {
+ if (ret != KNOT_EOK ||
+ dnssec_key_new(&test_key) != KNOT_EOK ||
+ dnssec_key_set_algorithm(test_key, params->algorithm) != KNOT_EOK ||
+ dnssec_keystore_get_private(store, id, test_key) != KNOT_EOK) {
goto finish;
}
knot_spin_unlock(&data->lock);
while (result->time < BENCH_TIME) {
dnssec_binary_t sign = { 0 };
dnssec_sign_ctx_t *ctx = NULL;
- if (dnssec_sign_new(&ctx, test_key) != DNSSEC_EOK ||
- dnssec_sign_add(ctx, &input) != DNSSEC_EOK ||
- dnssec_sign_write(ctx, DNSSEC_SIGN_NORMAL, &sign) != DNSSEC_EOK) {
+ if (dnssec_sign_new(&ctx, test_key) != KNOT_EOK ||
+ dnssec_sign_add(ctx, &input) != KNOT_EOK ||
+ dnssec_sign_write(ctx, DNSSEC_SIGN_NORMAL, &sign) != KNOT_EOK) {
dnssec_binary_free(&sign);
dnssec_sign_free(ctx);
result->time = 0;
{
if (strcmp(str, "-") == 0) {
salt->size = 0;
- return DNSSEC_EOK;
+ return KNOT_EOK;
} else {
salt->data = hex_to_bin(str, &salt->size);
- return (salt->data != NULL ? DNSSEC_EOK : DNSSEC_EINVAL);
+ return (salt->data != NULL ? KNOT_EOK : DNSSEC_EINVAL);
}
}
dnssec_binary_t salt = { 0 };
r = str_to_salt(salt_str, &salt);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
ERR2("invalid salt (%s)", knot_strerror(r));
return false;
}
dname.size = knot_dname_size(dname.data);
int r = dnssec_nsec3_hash(&dname, &nsec3_params, &digest);
- if (r != DNSSEC_EOK) {
+ if (r != KNOT_EOK) {
ERR2("cannot compute NSEC3 hash (%s)", knot_strerror(r));
goto fail;
}
dnssec_binary_t binary = { 0 };
int r = dnssec_binary_from_base64(&base64, &binary);
- ok(r == DNSSEC_EOK &&
+ ok(r == KNOT_EOK &&
binary.size == ts->decoded_size &&
(binary.size == 0 || memcmp(binary.data, ts->decoded, binary.size) == 0),
"dnssec_binary_from_base64() for '%s'", ts->encoded);
dnssec_binary_t encoded = { 0 };
r = dnssec_binary_to_base64(&binary, &encoded);
- ok(r == DNSSEC_EOK &&
+ ok(r == KNOT_EOK &&
encoded.size == ts->encoded_size &&
memcmp(encoded.data, ts->encoded, encoded.size) == 0,
"dnssec_binary_to_base64() for '%s'", ts->encoded);
dnssec_binary_t dst = { 0 };
int r = dnssec_binary_dup(&src, &dst);
- ok(r == DNSSEC_EOK &&
+ ok(r == KNOT_EOK &&
src.size == dst.size && memcmp(src.data, dst.data, src.size) == 0,
"dnssec_binary_dup()");
type value = dnssec_key_get_##name(key); \
ok(value == def_val, #name " default"); \
r = dnssec_key_set_##name(key, set_val); \
- ok(r == DNSSEC_EOK, #name " set"); \
+ ok(r == KNOT_EOK, #name " set"); \
value = dnssec_key_get_##name(key); \
ok(value == set_val, #name " get"); \
}
{
dnssec_key_t *key = NULL;
int r = dnssec_key_new(&key);
- ok(r == DNSSEC_EOK && key != NULL, "create key");
+ ok(r == KNOT_EOK && key != NULL, "create key");
// create from parameters
check_attr_scalar(key, uint8_t, algorithm, 0, params->algorithm);
r = dnssec_key_set_pubkey(key, ¶ms->public_key);
- ok(r == DNSSEC_EOK, "set public key (succeeds)");
+ ok(r == KNOT_EOK, "set public key (succeeds)");
r = dnssec_key_set_pubkey(key, ¶ms->public_key);
ok(r == DNSSEC_KEY_ALREADY_PRESENT,
dnssec_binary_t rdata = { 0 };
r = dnssec_key_get_rdata(key, &rdata);
- ok(r == DNSSEC_EOK && dnssec_binary_cmp(&rdata, ¶ms->rdata) == 0,
+ ok(r == KNOT_EOK && dnssec_binary_cmp(&rdata, ¶ms->rdata) == 0,
"get RDATA");
check_key_tag(key, params);
dnssec_key_clear(key);
r = dnssec_key_set_rdata(key, ¶ms->rdata);
- ok(r == DNSSEC_EOK, "set RDATA");
+ ok(r == KNOT_EOK, "set RDATA");
check_key_tag(key, params);
check_key_size(key, params);
{
dnssec_key_t *key = NULL;
int r = dnssec_key_new(&key);
- ok(r == DNSSEC_EOK && key != NULL, "create key");
+ ok(r == KNOT_EOK && key != NULL, "create key");
// import to public
r = dnssec_key_set_rdata(key, ¶ms->rdata);
- ok(r == DNSSEC_EOK, "set RDATA");
+ ok(r == KNOT_EOK, "set RDATA");
r = dnssec_key_load_pkcs8(key, ¶ms->pem);
- ok(r == DNSSEC_EOK, "load private key (1)");
+ ok(r == KNOT_EOK, "load private key (1)");
ok(dnssec_key_can_verify(key), "can verify");
ok(dnssec_key_can_sign(key), "can sign");
dnssec_key_set_algorithm(key, params->algorithm);
dnssec_key_set_flags(key, params->flags);
r = dnssec_key_load_pkcs8(key, ¶ms->pem);
- ok(r == DNSSEC_EOK, "load private key (2)");
+ ok(r == KNOT_EOK, "load private key (2)");
dnssec_binary_t rdata = { 0 };
r = dnssec_key_get_rdata(key, &rdata);
- ok(r == DNSSEC_EOK && dnssec_binary_cmp(&rdata, ¶ms->rdata) == 0,
+ ok(r == KNOT_EOK && dnssec_binary_cmp(&rdata, ¶ms->rdata) == 0,
"get RDATA");
check_key_tag(key, params);
{
unsigned min = 0, max = 0;
int r = dnssec_algorithm_key_size_range(algo, &min, &max);
- ok(r == DNSSEC_EOK && min == exp_min && max == exp_max,
+ ok(r == KNOT_EOK && min == exp_min && max == exp_max,
"dnssec_algorithm_key_size_range() for %s", name);
}
r = dnssec_algorithm_key_size_range(algo, NULL, NULL);
ok(r == DNSSEC_EINVAL, "dnssec_algorithm_key_size_range() all null");
r = dnssec_algorithm_key_size_range(algo, &val, NULL);
- ok(r == DNSSEC_EOK && val == 1024, "dnssec_algorithm_key_size_range() min only");
+ ok(r == KNOT_EOK && val == 1024, "dnssec_algorithm_key_size_range() min only");
r = dnssec_algorithm_key_size_range(algo, NULL, &val);
- ok(r == DNSSEC_EOK && val == 4096, "dnssec_algorithm_key_size_range() max only");
+ ok(r == KNOT_EOK && val == 4096, "dnssec_algorithm_key_size_range() max only");
}
static void check_borders(void)
const dnssec_binary_t *expect = (void *)params + dt->params_offset;
- ok(r == DNSSEC_EOK &&
+ ok(r == KNOT_EOK &&
ds.size == expect->size &&
memcmp(ds.data, expect->data, ds.size) == 0,
"dnssec_key_create_ds() for %s/%s", name, dt->name);
is_int(DNSSEC_INVALID_DS_ALGORITHM, r, "dnssec_key_create_ds() unsupported algorithm");
r = dnssec_key_create_ds(key, DNSSEC_KEY_DIGEST_SHA1, &ds);
- is_int(DNSSEC_EOK, r, "dnssec_key_create_ds() valid parameters");
+ is_int(KNOT_EOK, r, "dnssec_key_create_ds() valid parameters");
dnssec_binary_free(&ds);
dnssec_key_free(key);
dnssec_key_t *p11_key = NULL;
r = dnssec_key_new(&p11_key);
- ok(r == DNSSEC_EOK && p11_key != NULL, MSG_PKCS11 " dnssec_key_new()");
+ ok(r == KNOT_EOK && p11_key != NULL, MSG_PKCS11 " dnssec_key_new()");
r = dnssec_key_set_algorithm(p11_key, algorithm);
- ok(r == DNSSEC_EOK, MSG_PKCS11 " dnssec_key_set_algorithm()");
+ ok(r == KNOT_EOK, MSG_PKCS11 " dnssec_key_set_algorithm()");
r = dnssec_keystore_get_private(keystore, id, p11_key);
- ok(r == DNSSEC_EOK, MSG_PKCS11 " dnssec_keystore_get_private()");
+ ok(r == KNOT_EOK, MSG_PKCS11 " dnssec_keystore_get_private()");
// construct software public key
dnssec_key_t *soft_key = NULL;
r = dnssec_key_new(&soft_key);
- ok(r == DNSSEC_EOK && soft_key != NULL, MSG_SOFTWARE " dnssec_key_new()");
+ ok(r == KNOT_EOK && soft_key != NULL, MSG_SOFTWARE " dnssec_key_new()");
dnssec_binary_t rdata = { 0 };
dnssec_key_get_rdata(p11_key, &rdata);
r = dnssec_key_set_rdata(soft_key, &rdata);
- ok(r == DNSSEC_EOK, MSG_SOFTWARE " dnssec_key_set_rdata()");
+ ok(r == KNOT_EOK, MSG_SOFTWARE " dnssec_key_set_rdata()");
*p11_key_ptr = p11_key;
*soft_key_ptr = soft_key;
dnssec_sign_ctx_t *ctx = NULL;
r = dnssec_sign_new(&ctx, p11_key);
- ok(r == DNSSEC_EOK, MSG_PKCS11 " dnssec_sign_init() ");
+ ok(r == KNOT_EOK, MSG_PKCS11 " dnssec_sign_init() ");
r = dnssec_sign_add(ctx, &input);
- ok(r == DNSSEC_EOK, MSG_PKCS11 " dnssec_sign_add()");
+ ok(r == KNOT_EOK, MSG_PKCS11 " dnssec_sign_add()");
r = dnssec_sign_write(ctx, DNSSEC_SIGN_NORMAL, &sign);
- ok(r == DNSSEC_EOK, MSG_PKCS11 " dnssec_sign_write()");
+ ok(r == KNOT_EOK, MSG_PKCS11 " dnssec_sign_write()");
// PKCS #11 key verification
r = dnssec_sign_init(ctx);
- ok(r == DNSSEC_EOK, MSG_PKCS11 " dnssec_sign_init()");
+ ok(r == KNOT_EOK, MSG_PKCS11 " dnssec_sign_init()");
r = dnssec_sign_add(ctx, &input);
- ok(r == DNSSEC_EOK, MSG_PKCS11 " dnssec_sign_add()");
+ ok(r == KNOT_EOK, MSG_PKCS11 " dnssec_sign_add()");
r = dnssec_sign_verify(ctx, false, &sign);
- ok(r == DNSSEC_EOK, MSG_PKCS11 " dnssec_sign_verify()");
+ ok(r == KNOT_EOK, MSG_PKCS11 " dnssec_sign_verify()");
// software verification
ctx = NULL;
r = dnssec_sign_new(&ctx, soft_key);
- ok(r == DNSSEC_EOK, MSG_SOFTWARE " dnssec_sign_init()");
+ ok(r == KNOT_EOK, MSG_SOFTWARE " dnssec_sign_init()");
r = dnssec_sign_add(ctx, &input);
- ok(r == DNSSEC_EOK, MSG_SOFTWARE " dnssec_sign_add()");
+ ok(r == KNOT_EOK, MSG_SOFTWARE " dnssec_sign_add()");
r = dnssec_sign_verify(ctx, false, &sign);
- ok(r == DNSSEC_EOK, MSG_SOFTWARE " dnssec_sign_verify()");
+ ok(r == KNOT_EOK, MSG_SOFTWARE " dnssec_sign_verify()");
dnssec_binary_free(&sign);
dnssec_sign_free(ctx);
r = dnssec_keystore_generate(store, params->algorithm, params->bit_size,
NULL, &id_generate);
- ok(r == DNSSEC_EOK && id_generate != NULL, "dnssec_keystore_generate()");
+ ok(r == KNOT_EOK && id_generate != NULL, "dnssec_keystore_generate()");
test_key_use(store, params->algorithm, id_generate);
diag("algorithm %d, imported key", params->algorithm);
r = dnssec_keystore_import(store, ¶ms->pem, &id_import);
- ok(r == DNSSEC_EOK && id_import != NULL, "dnssec_keystore_import()");
+ ok(r == KNOT_EOK && id_import != NULL, "dnssec_keystore_import()");
test_key_use(store, params->algorithm, id_import);
free(id_generate);
skip_all("not supported");
goto done;
}
- ok(r == DNSSEC_EOK && store, "dnssec_keystore_init_pkcs11()");
+ ok(r == KNOT_EOK && store, "dnssec_keystore_init_pkcs11()");
char *dso_name = libsofthsm_dso();
if (!dso_name) {
// key store access
r = dnssec_keystore_init(store, config);
- ok(r == DNSSEC_EOK, "dnssec_keystore_init()");
+ ok(r == KNOT_EOK, "dnssec_keystore_init()");
r = dnssec_keystore_open(store, config);
- ok(r == DNSSEC_EOK, "dnssec_keystore_open()");
+ ok(r == KNOT_EOK, "dnssec_keystore_open()");
// key manipulation
}
r = dnssec_keystore_close(store);
- ok(r == DNSSEC_EOK, "dnssec_keystore_close()");
+ ok(r == KNOT_EOK, "dnssec_keystore_close()");
done:
dnssec_keystore_deinit(store);
dnssec_crypto_cleanup();
dnssec_keystore_t *store = NULL;
int r = dnssec_keystore_init_pkcs8(&store);
- ok(r == DNSSEC_EOK, "dnssec_keystore_init_pkcs8()");
+ ok(r == KNOT_EOK, "dnssec_keystore_init_pkcs8()");
r = dnssec_keystore_init(store, dir);
- ok(r == DNSSEC_EOK, "init");
+ ok(r == KNOT_EOK, "init");
r = dnssec_keystore_open(store, dir);
- ok(r == DNSSEC_EOK, "open");
+ ok(r == KNOT_EOK, "open");
// writing new content
char *id_A = NULL;
r = dnssec_keystore_generate(store, DNSSEC_KEY_ALGORITHM_RSA_SHA256,
1024, NULL, &id_A);
- ok(r == DNSSEC_EOK, "generate A");
+ ok(r == KNOT_EOK, "generate A");
char *id_B = NULL;
r = dnssec_keystore_generate(store, DNSSEC_KEY_ALGORITHM_RSA_SHA256,
1024, NULL, &id_B);
- ok(r == DNSSEC_EOK, "generate B");
+ ok(r == KNOT_EOK, "generate B");
// reading existing content
dnssec_key_new(&key);
dnssec_key_set_algorithm(key, DNSSEC_KEY_ALGORITHM_RSA_SHA256);
r = dnssec_keystore_get_private(store, id_A, key);
- ok(r == DNSSEC_EOK, "read A");
+ ok(r == KNOT_EOK, "read A");
dnssec_key_free(key);
dnssec_key_new(&key);
dnssec_key_set_algorithm(key, DNSSEC_KEY_ALGORITHM_RSA_SHA256);
r = dnssec_keystore_get_private(store, id_B, key);
- ok(r == DNSSEC_EOK, "read B");
+ ok(r == KNOT_EOK, "read B");
dnssec_key_free(key);
// content removal
r = dnssec_keystore_remove(store, id_A);
- ok(r == DNSSEC_EOK, "remove A");
+ ok(r == KNOT_EOK, "remove A");
dnssec_key_new(&key);
dnssec_key_set_algorithm(key, DNSSEC_KEY_ALGORITHM_RSA_SHA256);
free(id_B);
r = dnssec_keystore_close(store);
- ok(r == DNSSEC_EOK, "close");
+ ok(r == KNOT_EOK, "close");
r = dnssec_keystore_deinit(store);
- ok(r == DNSSEC_EOK, "deinit");
+ ok(r == KNOT_EOK, "deinit");
test_rm_rf(dir);
free(dir);
}};
uint16_t tag = 0;
- ok(dnssec_keytag(&rsa_md5_rdata, &tag) == DNSSEC_EOK && tag == 40866,
+ ok(dnssec_keytag(&rsa_md5_rdata, &tag) == KNOT_EOK && tag == 40866,
"keytag for RSA/MD5");
const dnssec_binary_t ecdsa_rdata = { .size = 100, .data = (uint8_t []) {
0xf4, 0xfc, 0xe2, 0x10, 0xd4, 0x26
}};
- ok(dnssec_keytag(&ecdsa_rdata, &tag) == DNSSEC_EOK && tag == 61768,
+ ok(dnssec_keytag(&ecdsa_rdata, &tag) == KNOT_EOK && tag == 61768,
"keytag for ECDSA/SHA384");
return 0;
dnssec_nsec3_params_t params = { 0 };
int result = dnssec_nsec3_params_from_rdata(¶ms, &RDATA);
- ok(result == DNSSEC_EOK, "dnssec_nsec3_params_from_rdata()");
+ ok(result == KNOT_EOK, "dnssec_nsec3_params_from_rdata()");
ok(params.algorithm == 1, "algorithm");
ok(params.flags == 0, "flags");
dnssec_binary_t hash = { 0 };
int result = dnssec_nsec3_hash(&dname, ¶ms, &hash);
- ok(result == DNSSEC_EOK, "dnssec_nsec3_hash()");
+ ok(result == KNOT_EOK, "dnssec_nsec3_hash()");
ok(hash.size == expected.size && hash.data != NULL &&
memcmp(hash.data, expected.data, expected.size) == 0,
dnssec_nsec3_params_t params = { 0 };
int result = dnssec_nsec3_params_from_rdata(¶ms, &RDATA);
- ok(result == DNSSEC_EOK, "dnssec_nsec3_params_from_rdata()");
+ ok(result == KNOT_EOK, "dnssec_nsec3_params_from_rdata()");
ok(memcmp(¶ms, &empty, sizeof(dnssec_nsec3_params_t)) != 0,
"non-empty after dnssec_nsec3_params_from_rdata()");
for (int i = 0; i < 10; i++) {
int result = dnssec_random_buffer(buffer, buffer_size);
- if (result != DNSSEC_EOK) {
+ if (result != KNOT_EOK) {
return 1;
}
dnssec_key_t *key = NULL;
r = dnssec_key_new(&key);
- ok(r == DNSSEC_EOK && key != NULL, "create key");
+ ok(r == KNOT_EOK && key != NULL, "create key");
r = dnssec_key_set_rdata(key, &key_data->rdata);
- ok(r == DNSSEC_EOK, "set RDATA");
+ ok(r == KNOT_EOK, "set RDATA");
// check validation on static signature
dnssec_sign_ctx_t *ctx = NULL;
r = dnssec_sign_new(&ctx, key);
- ok(r == DNSSEC_EOK, "create signing context");
+ ok(r == KNOT_EOK, "create signing context");
r = dnssec_sign_add(ctx, data);
- ok(r == DNSSEC_EOK, "add data to be signed");
+ ok(r == KNOT_EOK, "add data to be signed");
r = dnssec_sign_verify(ctx, false, signature);
- ok(r == DNSSEC_EOK, "signature verified");
+ ok(r == KNOT_EOK, "signature verified");
// create new signature and self-validate
r = dnssec_key_load_pkcs8(key, &key_data->pem);
- ok(r == DNSSEC_EOK, "load private key");
+ ok(r == KNOT_EOK, "load private key");
if (signature_match) {
r = dnssec_sign_init(ctx);
- ok(r == DNSSEC_EOK, "reinitialize context");
+ ok(r == KNOT_EOK, "reinitialize context");
r = dnssec_sign_add(ctx, data);
- ok(r == DNSSEC_EOK, "add data to be signed");
+ ok(r == KNOT_EOK, "add data to be signed");
dnssec_binary_t new_signature = { 0 };
r = dnssec_sign_write(ctx, DNSSEC_SIGN_NORMAL, &new_signature);
- ok(r == DNSSEC_EOK, "write the signature");
+ ok(r == KNOT_EOK, "write the signature");
ok(dnssec_binary_cmp(signature, &new_signature) == 0,
"signature exact match");
r = dnssec_sign_verify(ctx, false, &new_signature);
- ok(r == DNSSEC_EOK, "reverify the new signature");
+ ok(r == KNOT_EOK, "reverify the new signature");
dnssec_binary_free(&new_signature);
}
dnssec_binary_t tmp = { 0 };
r = dnssec_sign_init(ctx);
- ok(r == DNSSEC_EOK, "reinitialize context");
+ ok(r == KNOT_EOK, "reinitialize context");
tmp = binary_set_string("bind");
r = dnssec_sign_add(ctx, &tmp);
- ok(r == DNSSEC_EOK, "add data (1)");
+ ok(r == KNOT_EOK, "add data (1)");
r = dnssec_sign_init(ctx);
- ok(r == DNSSEC_EOK, "reinitialize context");
+ ok(r == KNOT_EOK, "reinitialize context");
tmp = binary_set_string("knot");
r = dnssec_sign_add(ctx, &tmp);
- ok(r == DNSSEC_EOK, "add data (2)");
+ ok(r == KNOT_EOK, "add data (2)");
tmp = binary_set_string(" is the best");
r = dnssec_sign_add(ctx, &tmp);
- ok(r == DNSSEC_EOK, "add data (3)");
+ ok(r == KNOT_EOK, "add data (3)");
dnssec_binary_t new_signature = { 0 };
r = dnssec_sign_write(ctx, DNSSEC_SIGN_NORMAL, &new_signature);
- ok(r == DNSSEC_EOK, "write signature");
+ ok(r == KNOT_EOK, "write signature");
r = dnssec_sign_init(ctx);
- ok(r == DNSSEC_EOK, "reinitialize context");
+ ok(r == KNOT_EOK, "reinitialize context");
tmp = binary_set_string("knot is the best");
r = dnssec_sign_add(ctx, &tmp);
- ok(r == DNSSEC_EOK, "add data (4)");
+ ok(r == KNOT_EOK, "add data (4)");
r = dnssec_sign_verify(ctx, false, &new_signature);
- ok(r == DNSSEC_EOK, "verify signature");
+ ok(r == KNOT_EOK, "verify signature");
dnssec_binary_free(&new_signature);
dnssec_binary_t __out_s = { 0 }; \
dnssec_binary_t __out_r = { 0 }; \
int _result = dss_sig_value_decode(&__der, &__out_r, &__out_s); \
- ok(_result == DNSSEC_EOK && \
+ ok(_result == KNOT_EOK && \
binary_eq(&__r, &__out_r) && \
binary_eq(&__s, &__out_s), \
"decode ok, " message)
dnssec_binary_t __out_r = { 0 }; \
dnssec_binary_t __out_s = { 0 }; \
int _result = dss_sig_value_decode(&__der, &__out_r, &__out_s); \
- ok(_result != DNSSEC_EOK, \
+ ok(_result != KNOT_EOK, \
"decode fail, " message)
#define ENCODE_OK(r, s, der, message) \
dnssec_binary_t __der = { .data = der, .size = sizeof(der) }; \
dnssec_binary_t __out_der = { 0 }; \
int _result = dss_sig_value_encode(&__r, &__s, &__out_der); \
- ok(_result == DNSSEC_EOK && \
+ ok(_result == KNOT_EOK && \
binary_eq(&__der, &__out_der), \
"encode ok, " message); \
dnssec_binary_free(&__out_der)
dnssec_binary_t __s = { .data = s, .size = sizeof(s) }; \
dnssec_binary_t __out_der = { 0 }; \
int _result = dss_sig_value_encode(&__r, &__s, &__out_der); \
- ok(_result != DNSSEC_EOK, \
+ ok(_result != KNOT_EOK, \
"encode fail, " message); \
dnssec_binary_free(&__out_der)
projects / thirdparty / knot-dns.git / commitdiff
