From: Matthijs Mekking Date: Wed, 11 Sep 2019 14:32:58 +0000 (+0200) Subject: Add various get functions for kasp X-Git-Tag: v9.15.6~26^2~29 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97a5698e069c82f5a15effcb141a94cd4daf9f17;p=thirdparty%2Fbind9.git Add various get functions for kasp Write functions to access various elements of the kasp structure, and the kasp keys. This in preparation of code in dnssec-keygen, dnssec-settime, named... --- diff --git a/lib/dns/include/dns/kasp.h b/lib/dns/include/dns/kasp.h index 12998d46ff3..6c953a0636e 100644 --- a/lib/dns/include/dns/kasp.h +++ b/lib/dns/include/dns/kasp.h @@ -187,13 +187,27 @@ dns_kasp_getname(dns_kasp_t *kasp); * * Requires: * - *\li 'kasp' is a valid, frozen kasp. + *\li 'kasp' is a valid kasp. * * Returns: * *\li name of 'kasp'. */ +dns_ttl_t +dns_kasp_dnskeyttl(dns_kasp_t *kasp); +/*%< + * Get dnskey ttl. + * + * Requires: + * + *\li 'kasp' is a valid, frozen kasp. + * + * Returns: + * + *\li DNSKEY TTL. + */ + isc_result_t dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp); /*%< @@ -236,9 +250,83 @@ dns_kasp_key_destroy(dns_kasp_key_t* key); * * Requires: * - *\li 'key' is a valid KASP key. + *\li key != NULL + */ + +uint32_t +dns_kasp_key_algorithm(dns_kasp_key_t *key); +/*%< + * Get the key algorithm. + * + * Requires: + * + *\li key != NULL + * + * Returns: + * + *\li Key algorithm. + */ + +unsigned int +dns_kasp_key_size(dns_kasp_key_t *key); +/*%< + * Get the key size. + * + * Requires: + * + *\li key != NULL + * + * Returns: + * + *\li Configured key size, or default key size for key algorithm if no size + * configured. + */ + +time_t +dns_kasp_key_lifetime(dns_kasp_key_t *key); +/*%< + * The lifetime of this key (how long may this key be active?) + * + * Requires: + * + *\li key != NULL + * + * Returns: + * + *\li Lifetime of key. + * + */ + +bool +dns_kasp_key_ksk(dns_kasp_key_t *key); +/*%< + * Does this key act as a KSK? + * + * Requires: + * + *\li key != NULL + * + * Returns: + * + *\li True, if the key role has DNS_KASP_KEY_ROLE_KSK set. + *\li False, otherwise. + * + */ + +bool +dns_kasp_key_zsk(dns_kasp_key_t *key); +/*%< + * Does this key act as a ZSK? + * + * Requires: + * + *\li key != NULL + * + * Returns: + * + *\li True, if the key role has DNS_KASP_KEY_ROLE_ZSK set. + *\li False, otherwise. * - *\li kasp != NULL && key != NULL */ ISC_LANG_ENDDECLS diff --git a/lib/dns/kasp.c b/lib/dns/kasp.c index ce401cdb6ad..f585129b329 100644 --- a/lib/dns/kasp.c +++ b/lib/dns/kasp.c @@ -21,6 +21,7 @@ #include #include +#include isc_result_t dns_kasp_create(isc_mem_t *mctx, const char *name, dns_kasp_t **kaspp) @@ -64,6 +65,7 @@ void dns_kasp_attach(dns_kasp_t *source, dns_kasp_t **targetp) { REQUIRE(DNS_KASP_VALID(source)); REQUIRE(targetp != NULL && *targetp == NULL); + isc_refcount_increment(&source->references); *targetp = source; } @@ -95,6 +97,12 @@ dns_kasp_detach(dns_kasp_t **kaspp) { } } +const char* +dns_kasp_getname(dns_kasp_t *kasp) { + REQUIRE(DNS_KASP_VALID(kasp)); + return kasp->name; +} + void dns_kasp_freeze(dns_kasp_t *kasp) { REQUIRE(DNS_KASP_VALID(kasp)); @@ -109,16 +117,17 @@ dns_kasp_thaw(dns_kasp_t *kasp) { kasp->frozen = false; } -const char* -dns_kasp_getname(dns_kasp_t *kasp) { +dns_ttl_t +dns_kasp_dnskeyttl(dns_kasp_t *kasp) { REQUIRE(DNS_KASP_VALID(kasp)); - return kasp->name; + REQUIRE(kasp->frozen); + return kasp->dnskey_ttl; } isc_result_t dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp) { - dns_kasp_t *kasp; + dns_kasp_t *kasp = NULL; if (list == NULL) { return (ISC_R_NOTFOUND); @@ -166,3 +175,77 @@ dns_kasp_key_destroy(dns_kasp_key_t* key) REQUIRE(key != NULL); isc_mem_putanddetach(&key->mctx, key, sizeof(*key)); } + +uint32_t +dns_kasp_key_algorithm(dns_kasp_key_t *key) { + + REQUIRE(key != NULL); + return key->algorithm; +} + +unsigned int +dns_kasp_key_size(dns_kasp_key_t *key) { + unsigned int size = 0; + unsigned int min = 0; + + REQUIRE(key != NULL); + + switch (key->algorithm) { + case DNS_KEYALG_RSASHA1: + case DNS_KEYALG_NSEC3RSASHA1: + case DNS_KEYALG_RSASHA256: + case DNS_KEYALG_RSASHA512: + min = DNS_KEYALG_RSASHA512 ? 1024 : 512; + if (key->length > -1) { + size = (unsigned int) key->length; + if (size < min) { + size = min; + } + if (size > 4096) { + size = 4096; + } + } else if (key->role & DNS_KASP_KEY_ROLE_KSK) { + size = 2048; + } else { + size = 1024; + } + break; + case DNS_KEYALG_ECDSA256: + size = 256; + break; + case DNS_KEYALG_ECDSA384: + size = 384; + break; + case DNS_KEYALG_ED25519: + size = 32; + break; + case DNS_KEYALG_ED448: + size = 57; + break; + default: + /* unsupported */ + break; + } + return size; +} + +time_t +dns_kasp_key_lifetime(dns_kasp_key_t *key) { + + REQUIRE(key != NULL); + return (key->lifetime); +} + +bool +dns_kasp_key_ksk(dns_kasp_key_t *key) { + + REQUIRE(key != NULL); + return (key->role & DNS_KASP_KEY_ROLE_KSK); +} + +bool +dns_kasp_key_zsk(dns_kasp_key_t *key) { + + REQUIRE(key != NULL); + return (key->role & DNS_KASP_KEY_ROLE_ZSK); +} diff --git a/lib/dns/win32/libdns.def.in b/lib/dns/win32/libdns.def.in index 2016d204ae3..beef70a5d7b 100644 --- a/lib/dns/win32/libdns.def.in +++ b/lib/dns/win32/libdns.def.in @@ -416,10 +416,16 @@ dns_journal_writediff dns_kasp_create dns_kasp_attach dns_kasp_detach +dns_kasp_dnskeyttl dns_kasp_freeze dns_kasp_getname +dns_kasp_key_algorithm dns_kasp_key_create dns_kasp_key_destroy +dns_kasp_key_ksk +dns_kasp_key_lifetime +dns_kasp_key_size +dns_kasp_key_zsk dns_kasp_thaw dns_kasplist_find dns_keydata_fromdnskey