*
* Requires:
*
- *\li 'kasp' is a valid, frozen kasp.
+ *\li 'kasp' is a valid kasp.
*
* Returns:
*
*\li name of 'kasp'.
*/
+dns_ttl_t
+dns_kasp_dnskeyttl(dns_kasp_t *kasp);
+/*%<
+ * Get dnskey ttl.
+ *
+ * Requires:
+ *
+ *\li 'kasp' is a valid, frozen kasp.
+ *
+ * Returns:
+ *
+ *\li DNSKEY TTL.
+ */
+
isc_result_t
dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp);
/*%<
*
* Requires:
*
- *\li 'key' is a valid KASP key.
+ *\li key != NULL
+ */
+
+uint32_t
+dns_kasp_key_algorithm(dns_kasp_key_t *key);
+/*%<
+ * Get the key algorithm.
+ *
+ * Requires:
+ *
+ *\li key != NULL
+ *
+ * Returns:
+ *
+ *\li Key algorithm.
+ */
+
+unsigned int
+dns_kasp_key_size(dns_kasp_key_t *key);
+/*%<
+ * Get the key size.
+ *
+ * Requires:
+ *
+ *\li key != NULL
+ *
+ * Returns:
+ *
+ *\li Configured key size, or default key size for key algorithm if no size
+ * configured.
+ */
+
+time_t
+dns_kasp_key_lifetime(dns_kasp_key_t *key);
+/*%<
+ * The lifetime of this key (how long may this key be active?)
+ *
+ * Requires:
+ *
+ *\li key != NULL
+ *
+ * Returns:
+ *
+ *\li Lifetime of key.
+ *
+ */
+
+bool
+dns_kasp_key_ksk(dns_kasp_key_t *key);
+/*%<
+ * Does this key act as a KSK?
+ *
+ * Requires:
+ *
+ *\li key != NULL
+ *
+ * Returns:
+ *
+ *\li True, if the key role has DNS_KASP_KEY_ROLE_KSK set.
+ *\li False, otherwise.
+ *
+ */
+
+bool
+dns_kasp_key_zsk(dns_kasp_key_t *key);
+/*%<
+ * Does this key act as a ZSK?
+ *
+ * Requires:
+ *
+ *\li key != NULL
+ *
+ * Returns:
+ *
+ *\li True, if the key role has DNS_KASP_KEY_ROLE_ZSK set.
+ *\li False, otherwise.
*
- *\li kasp != NULL && key != NULL
*/
ISC_LANG_ENDDECLS
#include <dns/log.h>
#include <dns/kasp.h>
+#include <dns/keyvalues.h>
isc_result_t
dns_kasp_create(isc_mem_t *mctx, const char *name, dns_kasp_t **kaspp)
dns_kasp_attach(dns_kasp_t *source, dns_kasp_t **targetp) {
REQUIRE(DNS_KASP_VALID(source));
REQUIRE(targetp != NULL && *targetp == NULL);
+
isc_refcount_increment(&source->references);
*targetp = source;
}
}
}
+const char*
+dns_kasp_getname(dns_kasp_t *kasp) {
+ REQUIRE(DNS_KASP_VALID(kasp));
+ return kasp->name;
+}
+
void
dns_kasp_freeze(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp));
kasp->frozen = false;
}
-const char*
-dns_kasp_getname(dns_kasp_t *kasp) {
+dns_ttl_t
+dns_kasp_dnskeyttl(dns_kasp_t *kasp) {
REQUIRE(DNS_KASP_VALID(kasp));
- return kasp->name;
+ REQUIRE(kasp->frozen);
+ return kasp->dnskey_ttl;
}
isc_result_t
dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp)
{
- dns_kasp_t *kasp;
+ dns_kasp_t *kasp = NULL;
if (list == NULL) {
return (ISC_R_NOTFOUND);
REQUIRE(key != NULL);
isc_mem_putanddetach(&key->mctx, key, sizeof(*key));
}
+
+uint32_t
+dns_kasp_key_algorithm(dns_kasp_key_t *key) {
+
+ REQUIRE(key != NULL);
+ return key->algorithm;
+}
+
+unsigned int
+dns_kasp_key_size(dns_kasp_key_t *key) {
+ unsigned int size = 0;
+ unsigned int min = 0;
+
+ REQUIRE(key != NULL);
+
+ switch (key->algorithm) {
+ case DNS_KEYALG_RSASHA1:
+ case DNS_KEYALG_NSEC3RSASHA1:
+ case DNS_KEYALG_RSASHA256:
+ case DNS_KEYALG_RSASHA512:
+ min = DNS_KEYALG_RSASHA512 ? 1024 : 512;
+ if (key->length > -1) {
+ size = (unsigned int) key->length;
+ if (size < min) {
+ size = min;
+ }
+ if (size > 4096) {
+ size = 4096;
+ }
+ } else if (key->role & DNS_KASP_KEY_ROLE_KSK) {
+ size = 2048;
+ } else {
+ size = 1024;
+ }
+ break;
+ case DNS_KEYALG_ECDSA256:
+ size = 256;
+ break;
+ case DNS_KEYALG_ECDSA384:
+ size = 384;
+ break;
+ case DNS_KEYALG_ED25519:
+ size = 32;
+ break;
+ case DNS_KEYALG_ED448:
+ size = 57;
+ break;
+ default:
+ /* unsupported */
+ break;
+ }
+ return size;
+}
+
+time_t
+dns_kasp_key_lifetime(dns_kasp_key_t *key) {
+
+ REQUIRE(key != NULL);
+ return (key->lifetime);
+}
+
+bool
+dns_kasp_key_ksk(dns_kasp_key_t *key) {
+
+ REQUIRE(key != NULL);
+ return (key->role & DNS_KASP_KEY_ROLE_KSK);
+}
+
+bool
+dns_kasp_key_zsk(dns_kasp_key_t *key) {
+
+ REQUIRE(key != NULL);
+ return (key->role & DNS_KASP_KEY_ROLE_ZSK);
+}
projects / thirdparty / bind9.git / commitdiff
