/src/bind9/lib/dns/kasp.c

Source (jump to first uncovered line)
/*
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
 *
 * SPDX-License-Identifier: MPL-2.0
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
 *
 * See the COPYRIGHT file distributed with this work for additional
 * information regarding copyright ownership.
 */

/*! \file */

#include <string.h>

#include <isc/assertions.h>
#include <isc/buffer.h>
#include <isc/file.h>
#include <isc/hex.h>
#include <isc/log.h>
#include <isc/mem.h>
#include <isc/util.h>

#include <dns/kasp.h>
#include <dns/keyvalues.h>
#include <dns/log.h>

isc_result_t
dns_kasp_create(isc_mem_t *mctx, const char *name, dns_kasp_t **kaspp) {
  dns_kasp_t *kasp;

  REQUIRE(name != NULL);
  REQUIRE(kaspp != NULL && *kaspp == NULL);

  kasp = isc_mem_get(mctx, sizeof(*kasp));
  kasp->mctx = NULL;
  isc_mem_attach(mctx, &kasp->mctx);

  kasp->name = isc_mem_strdup(mctx, name);
  isc_mutex_init(&kasp->lock);
  kasp->frozen = false;

  isc_refcount_init(&kasp->references, 1);

  ISC_LINK_INIT(kasp, link);

  kasp->signatures_refresh = DNS_KASP_SIG_REFRESH;
  kasp->signatures_validity = DNS_KASP_SIG_VALIDITY;
  kasp->signatures_validity_dnskey = DNS_KASP_SIG_VALIDITY_DNSKEY;

  ISC_LIST_INIT(kasp->keys);

  kasp->dnskey_ttl = DNS_KASP_KEY_TTL;
  kasp->publish_safety = DNS_KASP_PUBLISH_SAFETY;
  kasp->retire_safety = DNS_KASP_RETIRE_SAFETY;
  kasp->purge_keys = DNS_KASP_PURGE_KEYS;

  kasp->zone_max_ttl = DNS_KASP_ZONE_MAXTTL;
  kasp->zone_propagation_delay = DNS_KASP_ZONE_PROPDELAY;

  kasp->parent_ds_ttl = DNS_KASP_DS_TTL;
  kasp->parent_propagation_delay = DNS_KASP_PARENT_PROPDELAY;

  kasp->nsec3 = false;

  kasp->magic = DNS_KASP_MAGIC;
  *kaspp = kasp;

  return (ISC_R_SUCCESS);
}

void
dns_kasp_attach(dns_kasp_t *source, dns_kasp_t **targetp) {
  REQUIRE(DNS_KASP_VALID(source));
  REQUIRE(targetp != NULL && *targetp == NULL);

  isc_refcount_increment(&source->references);
  *targetp = source;
}

static inline void
destroy(dns_kasp_t *kasp) {
  dns_kasp_key_t *key;
  dns_kasp_key_t *key_next;

  REQUIRE(!ISC_LINK_LINKED(kasp, link));

  for (key = ISC_LIST_HEAD(kasp->keys); key != NULL; key = key_next) {
    key_next = ISC_LIST_NEXT(key, link);
    ISC_LIST_UNLINK(kasp->keys, key, link);
    dns_kasp_key_destroy(key);
  }
  INSIST(ISC_LIST_EMPTY(kasp->keys));

  isc_mutex_destroy(&kasp->lock);
  isc_mem_free(kasp->mctx, kasp->name);
  isc_mem_putanddetach(&kasp->mctx, kasp, sizeof(*kasp));
}

void
dns_kasp_detach(dns_kasp_t **kaspp) {
  REQUIRE(kaspp != NULL && DNS_KASP_VALID(*kaspp));

  dns_kasp_t *kasp = *kaspp;
  *kaspp = NULL;

  if (isc_refcount_decrement(&kasp->references) == 1) {
    destroy(kasp);
  }
}

const char *
dns_kasp_getname(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));

  return (kasp->name);
}

void
dns_kasp_freeze(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(!kasp->frozen);

  kasp->frozen = true;
}

void
dns_kasp_thaw(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(kasp->frozen);

  kasp->frozen = false;
}

uint32_t
dns_kasp_signdelay(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(kasp->frozen);

  return (kasp->signatures_validity - kasp->signatures_refresh);
}

uint32_t
dns_kasp_sigrefresh(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(kasp->frozen);

  return (kasp->signatures_refresh);
}

void
dns_kasp_setsigrefresh(dns_kasp_t *kasp, uint32_t value) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(!kasp->frozen);

  kasp->signatures_refresh = value;
}

uint32_t
dns_kasp_sigvalidity(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(kasp->frozen);

  return (kasp->signatures_validity);
}

void
dns_kasp_setsigvalidity(dns_kasp_t *kasp, uint32_t value) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(!kasp->frozen);

  kasp->signatures_validity = value;
}

uint32_t
dns_kasp_sigvalidity_dnskey(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(kasp->frozen);

  return (kasp->signatures_validity_dnskey);
}

void
dns_kasp_setsigvalidity_dnskey(dns_kasp_t *kasp, uint32_t value) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(!kasp->frozen);

  kasp->signatures_validity_dnskey = value;
}

dns_ttl_t
dns_kasp_dnskeyttl(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(kasp->frozen);

  return (kasp->dnskey_ttl);
}

void
dns_kasp_setdnskeyttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(!kasp->frozen);

  kasp->dnskey_ttl = ttl;
}

uint32_t
dns_kasp_purgekeys(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(kasp->frozen);

  return (kasp->purge_keys);
}

void
dns_kasp_setpurgekeys(dns_kasp_t *kasp, uint32_t value) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(!kasp->frozen);

  kasp->purge_keys = value;
}

uint32_t
dns_kasp_publishsafety(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(kasp->frozen);

  return (kasp->publish_safety);
}

void
dns_kasp_setpublishsafety(dns_kasp_t *kasp, uint32_t value) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(!kasp->frozen);

  kasp->publish_safety = value;
}

uint32_t
dns_kasp_retiresafety(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(kasp->frozen);

  return (kasp->retire_safety);
}

void
dns_kasp_setretiresafety(dns_kasp_t *kasp, uint32_t value) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(!kasp->frozen);

  kasp->retire_safety = value;
}

dns_ttl_t
dns_kasp_zonemaxttl(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(kasp->frozen);

  return (kasp->zone_max_ttl);
}

void
dns_kasp_setzonemaxttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(!kasp->frozen);

  kasp->zone_max_ttl = ttl;
}

uint32_t
dns_kasp_zonepropagationdelay(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(kasp->frozen);

  return (kasp->zone_propagation_delay);
}

void
dns_kasp_setzonepropagationdelay(dns_kasp_t *kasp, uint32_t value) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(!kasp->frozen);

  kasp->zone_propagation_delay = value;
}

dns_ttl_t
dns_kasp_dsttl(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(kasp->frozen);

  return (kasp->parent_ds_ttl);
}

void
dns_kasp_setdsttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(!kasp->frozen);

  kasp->parent_ds_ttl = ttl;
}

uint32_t
dns_kasp_parentpropagationdelay(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(kasp->frozen);

  return (kasp->parent_propagation_delay);
}

void
dns_kasp_setparentpropagationdelay(dns_kasp_t *kasp, uint32_t value) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(!kasp->frozen);

  kasp->parent_propagation_delay = value;
}

isc_result_t
dns_kasplist_find(dns_kasplist_t *list, const char *name, dns_kasp_t **kaspp) {
  dns_kasp_t *kasp = NULL;

  REQUIRE(kaspp != NULL && *kaspp == NULL);

  if (list == NULL) {
    return (ISC_R_NOTFOUND);
  }

  for (kasp = ISC_LIST_HEAD(*list); kasp != NULL;
       kasp = ISC_LIST_NEXT(kasp, link))
  {
    if (strcmp(kasp->name, name) == 0) {
      break;
    }
  }

  if (kasp == NULL) {
    return (ISC_R_NOTFOUND);
  }

  dns_kasp_attach(kasp, kaspp);
  return (ISC_R_SUCCESS);
}

dns_kasp_keylist_t
dns_kasp_keys(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(kasp->frozen);

  return (kasp->keys);
}

bool
dns_kasp_keylist_empty(dns_kasp_t *kasp) {
  REQUIRE(DNS_KASP_VALID(kasp));

  return (ISC_LIST_EMPTY(kasp->keys));
}

void
dns_kasp_addkey(dns_kasp_t *kasp, dns_kasp_key_t *key) {
  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(!kasp->frozen);
  REQUIRE(key != NULL);

  ISC_LIST_APPEND(kasp->keys, key, link);
}

isc_result_t
dns_kasp_key_create(dns_kasp_t *kasp, dns_kasp_key_t **keyp) {
  dns_kasp_key_t *key;

  REQUIRE(DNS_KASP_VALID(kasp));
  REQUIRE(keyp != NULL && *keyp == NULL);

  key = isc_mem_get(kasp->mctx, sizeof(*key));
  key->mctx = NULL;
  isc_mem_attach(kasp->mctx, &key->mctx);

  ISC_LINK_INIT(key, link);

  key->lifetime = 0;
  key->algorithm = 0;
  key->length = -1;
  key->role = 0;
  *keyp = key;
  return (ISC_R_SUCCESS);
}

void
dns_kasp_key_destroy(dns_kasp_key_t *key) {
  REQUIRE(key != NULL);

  isc_mem_putanddetach(&key->mctx, key, sizeof(*key));
}

uint32_t
dns_kasp_key_algorithm(dns_kasp_key_t *key) {
  REQUIRE(key != NULL);

  return (key->algorithm);
}

unsigned int
dns_kasp_key_size(dns_kasp_key_t *key) {
  unsigned int size = 0;
  unsigned int min = 0;

  REQUIRE(key != NULL);

  switch (key->algorithm) {
  case DNS_KEYALG_RSASHA1:
  case DNS_KEYALG_NSEC3RSASHA1:
  case DNS_KEYALG_RSASHA256:
  case DNS_KEYALG_RSASHA512:
    min = (key->algorithm == DNS_KEYALG_RSASHA512) ? 1024 : 512;
    if (key->length > -1) {
      size = (unsigned int)key->length;
      if (size < min) {
        size = min;
      }
      if (size > 4096) {
        size = 4096;
      }
    } else {
      size = 2048;
    }
    break;
  case DNS_KEYALG_ECDSA256:
    size = 256;
    break;
  case DNS_KEYALG_ECDSA384:
    size = 384;
    break;
  case DNS_KEYALG_ED25519:
    size = 256;
    break;
  case DNS_KEYALG_ED448:
    size = 456;
    break;
  default:
    /* unsupported */
    break;
  }
  return (size);
}

uint32_t
dns_kasp_key_lifetime(dns_kasp_key_t *key) {
  REQUIRE(key != NULL);

  return (key->lifetime);
}

bool
dns_kasp_key_ksk(dns_kasp_key_t *key) {
  REQUIRE(key != NULL);

  return (key->role & DNS_KASP_KEY_ROLE_KSK);
}

bool
dns_kasp_key_zsk(dns_kasp_key_t *key) {
  REQUIRE(key != NULL);

  return (key->role & DNS_KASP_KEY_ROLE_ZSK);
}

uint8_t
dns_kasp_nsec3iter(dns_kasp_t *kasp) {
  REQUIRE(kasp != NULL);
  REQUIRE(kasp->frozen);
  REQUIRE(kasp->nsec3);

  return (kasp->nsec3param.iterations);
}

uint8_t
dns_kasp_nsec3flags(dns_kasp_t *kasp) {
  REQUIRE(kasp != NULL);
  REQUIRE(kasp->frozen);
  REQUIRE(kasp->nsec3);

  if (kasp->nsec3param.optout) {
    return (0x01);
  }
  return (0x00);
}

uint8_t
dns_kasp_nsec3saltlen(dns_kasp_t *kasp) {
  REQUIRE(kasp != NULL);
  REQUIRE(kasp->frozen);
  REQUIRE(kasp->nsec3);

  return (kasp->nsec3param.saltlen);
}

bool
dns_kasp_nsec3(dns_kasp_t *kasp) {
  REQUIRE(kasp != NULL);
  REQUIRE(kasp->frozen);

  return kasp->nsec3;
}

void
dns_kasp_setnsec3(dns_kasp_t *kasp, bool nsec3) {
  REQUIRE(kasp != NULL);
  REQUIRE(!kasp->frozen);

  kasp->nsec3 = nsec3;
}

void
dns_kasp_setnsec3param(dns_kasp_t *kasp, uint8_t iter, bool optout,
           uint8_t saltlen) {
  REQUIRE(kasp != NULL);
  REQUIRE(!kasp->frozen);
  REQUIRE(kasp->nsec3);

  kasp->nsec3param.iterations = iter;
  kasp->nsec3param.optout = optout;
  kasp->nsec3param.saltlen = saltlen;
}

Coverage Report

Created: 2022-03-10 07:56

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3		*
4		* SPDX-License-Identifier: MPL-2.0
5		*
6		* This Source Code Form is subject to the terms of the Mozilla Public
7		* License, v. 2.0. If a copy of the MPL was not distributed with this
8		* file, you can obtain one at https://mozilla.org/MPL/2.0/.
9		*
10		* See the COPYRIGHT file distributed with this work for additional
11		* information regarding copyright ownership.
12		*/
13
14		/! \file /
15
16		#include <string.h>
17
18		#include <isc/assertions.h>
19		#include <isc/buffer.h>
20		#include <isc/file.h>
21		#include <isc/hex.h>
22		#include <isc/log.h>
23		#include <isc/mem.h>
24		#include <isc/util.h>
25
26		#include <dns/kasp.h>
27		#include <dns/keyvalues.h>
28		#include <dns/log.h>
29
30		isc_result_t
31	0	dns_kasp_create(isc_mem_t mctx, const char name, dns_kasp_t **kaspp) {
32	0	dns_kasp_t *kasp;
33
34	0	REQUIRE(name != NULL);
35	0	REQUIRE(kaspp != NULL && *kaspp == NULL);
36
37	0	kasp = isc_mem_get(mctx, sizeof(*kasp));
38	0	kasp->mctx = NULL;
39	0	isc_mem_attach(mctx, &kasp->mctx);
40
41	0	kasp->name = isc_mem_strdup(mctx, name);
42	0	isc_mutex_init(&kasp->lock);
43	0	kasp->frozen = false;
44
45	0	isc_refcount_init(&kasp->references, 1);
46
47	0	ISC_LINK_INIT(kasp, link);
48
49	0	kasp->signatures_refresh = DNS_KASP_SIG_REFRESH;
50	0	kasp->signatures_validity = DNS_KASP_SIG_VALIDITY;
51	0	kasp->signatures_validity_dnskey = DNS_KASP_SIG_VALIDITY_DNSKEY;
52
53	0	ISC_LIST_INIT(kasp->keys);
54
55	0	kasp->dnskey_ttl = DNS_KASP_KEY_TTL;
56	0	kasp->publish_safety = DNS_KASP_PUBLISH_SAFETY;
57	0	kasp->retire_safety = DNS_KASP_RETIRE_SAFETY;
58	0	kasp->purge_keys = DNS_KASP_PURGE_KEYS;
59
60	0	kasp->zone_max_ttl = DNS_KASP_ZONE_MAXTTL;
61	0	kasp->zone_propagation_delay = DNS_KASP_ZONE_PROPDELAY;
62
63	0	kasp->parent_ds_ttl = DNS_KASP_DS_TTL;
64	0	kasp->parent_propagation_delay = DNS_KASP_PARENT_PROPDELAY;
65
66	0	kasp->nsec3 = false;
67
68	0	kasp->magic = DNS_KASP_MAGIC;
69	0	*kaspp = kasp;
70
71	0	return (ISC_R_SUCCESS);
72	0	}
73
74		void
75	0	dns_kasp_attach(dns_kasp_t source, dns_kasp_t *targetp) {
76	0	REQUIRE(DNS_KASP_VALID(source));
77	0	REQUIRE(targetp != NULL && *targetp == NULL);
78
79	0	isc_refcount_increment(&source->references);
80	0	*targetp = source;
81	0	}
82
83		static inline void
84	0	destroy(dns_kasp_t *kasp) {
85	0	dns_kasp_key_t *key;
86	0	dns_kasp_key_t *key_next;
87
88	0	REQUIRE(!ISC_LINK_LINKED(kasp, link));
89
90	0	for (key = ISC_LIST_HEAD(kasp->keys); key != NULL; key = key_next) {
91	0	key_next = ISC_LIST_NEXT(key, link);
92	0	ISC_LIST_UNLINK(kasp->keys, key, link);
93	0	dns_kasp_key_destroy(key);
94	0	}
95	0	INSIST(ISC_LIST_EMPTY(kasp->keys));
96
97	0	isc_mutex_destroy(&kasp->lock);
98	0	isc_mem_free(kasp->mctx, kasp->name);
99	0	isc_mem_putanddetach(&kasp->mctx, kasp, sizeof(*kasp));
100	0	}
101
102		void
103	0	dns_kasp_detach(dns_kasp_t **kaspp) {
104	0	REQUIRE(kaspp != NULL && DNS_KASP_VALID(*kaspp));
105
106	0	dns_kasp_t kasp = kaspp;
107	0	*kaspp = NULL;
108
109	0	if (isc_refcount_decrement(&kasp->references) == 1) {
110	0	destroy(kasp);
111	0	}
112	0	}
113
114		const char *
115	0	dns_kasp_getname(dns_kasp_t *kasp) {
116	0	REQUIRE(DNS_KASP_VALID(kasp));
117
118	0	return (kasp->name);
119	0	}
120
121		void
122	0	dns_kasp_freeze(dns_kasp_t *kasp) {
123	0	REQUIRE(DNS_KASP_VALID(kasp));
124	0	REQUIRE(!kasp->frozen);
125
126	0	kasp->frozen = true;
127	0	}
128
129		void
130	0	dns_kasp_thaw(dns_kasp_t *kasp) {
131	0	REQUIRE(DNS_KASP_VALID(kasp));
132	0	REQUIRE(kasp->frozen);
133
134	0	kasp->frozen = false;
135	0	}
136
137		uint32_t
138	0	dns_kasp_signdelay(dns_kasp_t *kasp) {
139	0	REQUIRE(DNS_KASP_VALID(kasp));
140	0	REQUIRE(kasp->frozen);
141
142	0	return (kasp->signatures_validity - kasp->signatures_refresh);
143	0	}
144
145		uint32_t
146	0	dns_kasp_sigrefresh(dns_kasp_t *kasp) {
147	0	REQUIRE(DNS_KASP_VALID(kasp));
148	0	REQUIRE(kasp->frozen);
149
150	0	return (kasp->signatures_refresh);
151	0	}
152
153		void
154	0	dns_kasp_setsigrefresh(dns_kasp_t *kasp, uint32_t value) {
155	0	REQUIRE(DNS_KASP_VALID(kasp));
156	0	REQUIRE(!kasp->frozen);
157
158	0	kasp->signatures_refresh = value;
159	0	}
160
161		uint32_t
162	0	dns_kasp_sigvalidity(dns_kasp_t *kasp) {
163	0	REQUIRE(DNS_KASP_VALID(kasp));
164	0	REQUIRE(kasp->frozen);
165
166	0	return (kasp->signatures_validity);
167	0	}
168
169		void
170	0	dns_kasp_setsigvalidity(dns_kasp_t *kasp, uint32_t value) {
171	0	REQUIRE(DNS_KASP_VALID(kasp));
172	0	REQUIRE(!kasp->frozen);
173
174	0	kasp->signatures_validity = value;
175	0	}
176
177		uint32_t
178	0	dns_kasp_sigvalidity_dnskey(dns_kasp_t *kasp) {
179	0	REQUIRE(DNS_KASP_VALID(kasp));
180	0	REQUIRE(kasp->frozen);
181
182	0	return (kasp->signatures_validity_dnskey);
183	0	}
184
185		void
186	0	dns_kasp_setsigvalidity_dnskey(dns_kasp_t *kasp, uint32_t value) {
187	0	REQUIRE(DNS_KASP_VALID(kasp));
188	0	REQUIRE(!kasp->frozen);
189
190	0	kasp->signatures_validity_dnskey = value;
191	0	}
192
193		dns_ttl_t
194	0	dns_kasp_dnskeyttl(dns_kasp_t *kasp) {
195	0	REQUIRE(DNS_KASP_VALID(kasp));
196	0	REQUIRE(kasp->frozen);
197
198	0	return (kasp->dnskey_ttl);
199	0	}
200
201		void
202	0	dns_kasp_setdnskeyttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
203	0	REQUIRE(DNS_KASP_VALID(kasp));
204	0	REQUIRE(!kasp->frozen);
205
206	0	kasp->dnskey_ttl = ttl;
207	0	}
208
209		uint32_t
210	0	dns_kasp_purgekeys(dns_kasp_t *kasp) {
211	0	REQUIRE(DNS_KASP_VALID(kasp));
212	0	REQUIRE(kasp->frozen);
213
214	0	return (kasp->purge_keys);
215	0	}
216
217		void
218	0	dns_kasp_setpurgekeys(dns_kasp_t *kasp, uint32_t value) {
219	0	REQUIRE(DNS_KASP_VALID(kasp));
220	0	REQUIRE(!kasp->frozen);
221
222	0	kasp->purge_keys = value;
223	0	}
224
225		uint32_t
226	0	dns_kasp_publishsafety(dns_kasp_t *kasp) {
227	0	REQUIRE(DNS_KASP_VALID(kasp));
228	0	REQUIRE(kasp->frozen);
229
230	0	return (kasp->publish_safety);
231	0	}
232
233		void
234	0	dns_kasp_setpublishsafety(dns_kasp_t *kasp, uint32_t value) {
235	0	REQUIRE(DNS_KASP_VALID(kasp));
236	0	REQUIRE(!kasp->frozen);
237
238	0	kasp->publish_safety = value;
239	0	}
240
241		uint32_t
242	0	dns_kasp_retiresafety(dns_kasp_t *kasp) {
243	0	REQUIRE(DNS_KASP_VALID(kasp));
244	0	REQUIRE(kasp->frozen);
245
246	0	return (kasp->retire_safety);
247	0	}
248
249		void
250	0	dns_kasp_setretiresafety(dns_kasp_t *kasp, uint32_t value) {
251	0	REQUIRE(DNS_KASP_VALID(kasp));
252	0	REQUIRE(!kasp->frozen);
253
254	0	kasp->retire_safety = value;
255	0	}
256
257		dns_ttl_t
258	0	dns_kasp_zonemaxttl(dns_kasp_t *kasp) {
259	0	REQUIRE(DNS_KASP_VALID(kasp));
260	0	REQUIRE(kasp->frozen);
261
262	0	return (kasp->zone_max_ttl);
263	0	}
264
265		void
266	0	dns_kasp_setzonemaxttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
267	0	REQUIRE(DNS_KASP_VALID(kasp));
268	0	REQUIRE(!kasp->frozen);
269
270	0	kasp->zone_max_ttl = ttl;
271	0	}
272
273		uint32_t
274	0	dns_kasp_zonepropagationdelay(dns_kasp_t *kasp) {
275	0	REQUIRE(DNS_KASP_VALID(kasp));
276	0	REQUIRE(kasp->frozen);
277
278	0	return (kasp->zone_propagation_delay);
279	0	}
280
281		void
282	0	dns_kasp_setzonepropagationdelay(dns_kasp_t *kasp, uint32_t value) {
283	0	REQUIRE(DNS_KASP_VALID(kasp));
284	0	REQUIRE(!kasp->frozen);
285
286	0	kasp->zone_propagation_delay = value;
287	0	}
288
289		dns_ttl_t
290	0	dns_kasp_dsttl(dns_kasp_t *kasp) {
291	0	REQUIRE(DNS_KASP_VALID(kasp));
292	0	REQUIRE(kasp->frozen);
293
294	0	return (kasp->parent_ds_ttl);
295	0	}
296
297		void
298	0	dns_kasp_setdsttl(dns_kasp_t *kasp, dns_ttl_t ttl) {
299	0	REQUIRE(DNS_KASP_VALID(kasp));
300	0	REQUIRE(!kasp->frozen);
301
302	0	kasp->parent_ds_ttl = ttl;
303	0	}
304
305		uint32_t
306	0	dns_kasp_parentpropagationdelay(dns_kasp_t *kasp) {
307	0	REQUIRE(DNS_KASP_VALID(kasp));
308	0	REQUIRE(kasp->frozen);
309
310	0	return (kasp->parent_propagation_delay);
311	0	}
312
313		void
314	0	dns_kasp_setparentpropagationdelay(dns_kasp_t *kasp, uint32_t value) {
315	0	REQUIRE(DNS_KASP_VALID(kasp));
316	0	REQUIRE(!kasp->frozen);
317
318	0	kasp->parent_propagation_delay = value;
319	0	}
320
321		isc_result_t
322	0	dns_kasplist_find(dns_kasplist_t list, const char name, dns_kasp_t **kaspp) {
323	0	dns_kasp_t *kasp = NULL;
324
325	0	REQUIRE(kaspp != NULL && *kaspp == NULL);
326
327	0	if (list == NULL) {
328	0	return (ISC_R_NOTFOUND);
329	0	}
330
331	0	for (kasp = ISC_LIST_HEAD(*list); kasp != NULL;
332	0	kasp = ISC_LIST_NEXT(kasp, link))
333	0	{
334	0	if (strcmp(kasp->name, name) == 0) {
335	0	break;
336	0	}
337	0	}
338
339	0	if (kasp == NULL) {
340	0	return (ISC_R_NOTFOUND);
341	0	}
342
343	0	dns_kasp_attach(kasp, kaspp);
344	0	return (ISC_R_SUCCESS);
345	0	}
346
347		dns_kasp_keylist_t
348	0	dns_kasp_keys(dns_kasp_t *kasp) {
349	0	REQUIRE(DNS_KASP_VALID(kasp));
350	0	REQUIRE(kasp->frozen);
351
352	0	return (kasp->keys);
353	0	}
354
355		bool
356	0	dns_kasp_keylist_empty(dns_kasp_t *kasp) {
357	0	REQUIRE(DNS_KASP_VALID(kasp));
358
359	0	return (ISC_LIST_EMPTY(kasp->keys));
360	0	}
361
362		void
363	0	dns_kasp_addkey(dns_kasp_t kasp, dns_kasp_key_t key) {
364	0	REQUIRE(DNS_KASP_VALID(kasp));
365	0	REQUIRE(!kasp->frozen);
366	0	REQUIRE(key != NULL);
367
368	0	ISC_LIST_APPEND(kasp->keys, key, link);
369	0	}
370
371		isc_result_t
372	0	dns_kasp_key_create(dns_kasp_t kasp, dns_kasp_key_t *keyp) {
373	0	dns_kasp_key_t *key;
374
375	0	REQUIRE(DNS_KASP_VALID(kasp));
376	0	REQUIRE(keyp != NULL && *keyp == NULL);
377
378	0	key = isc_mem_get(kasp->mctx, sizeof(*key));
379	0	key->mctx = NULL;
380	0	isc_mem_attach(kasp->mctx, &key->mctx);
381
382	0	ISC_LINK_INIT(key, link);
383
384	0	key->lifetime = 0;
385	0	key->algorithm = 0;
386	0	key->length = -1;
387	0	key->role = 0;
388	0	*keyp = key;
389	0	return (ISC_R_SUCCESS);
390	0	}
391
392		void
393	0	dns_kasp_key_destroy(dns_kasp_key_t *key) {
394	0	REQUIRE(key != NULL);
395
396	0	isc_mem_putanddetach(&key->mctx, key, sizeof(*key));
397	0	}
398
399		uint32_t
400	0	dns_kasp_key_algorithm(dns_kasp_key_t *key) {
401	0	REQUIRE(key != NULL);
402
403	0	return (key->algorithm);
404	0	}
405
406		unsigned int
407	0	dns_kasp_key_size(dns_kasp_key_t *key) {
408	0	unsigned int size = 0;
409	0	unsigned int min = 0;
410
411	0	REQUIRE(key != NULL);
412
413	0	switch (key->algorithm) {
414	0	case DNS_KEYALG_RSASHA1:
415	0	case DNS_KEYALG_NSEC3RSASHA1:
416	0	case DNS_KEYALG_RSASHA256:
417	0	case DNS_KEYALG_RSASHA512:
418	0	min = (key->algorithm == DNS_KEYALG_RSASHA512) ? 1024 : 512;
419	0	if (key->length > -1) {
420	0	size = (unsigned int)key->length;
421	0	if (size < min) {
422	0	size = min;
423	0	}
424	0	if (size > 4096) {
425	0	size = 4096;
426	0	}
427	0	} else {
428	0	size = 2048;
429	0	}
430	0	break;
431	0	case DNS_KEYALG_ECDSA256:
432	0	size = 256;
433	0	break;
434	0	case DNS_KEYALG_ECDSA384:
435	0	size = 384;
436	0	break;
437	0	case DNS_KEYALG_ED25519:
438	0	size = 256;
439	0	break;
440	0	case DNS_KEYALG_ED448:
441	0	size = 456;
442	0	break;
443	0	default:
444		/* unsupported */
445	0	break;
446	0	}
447	0	return (size);
448	0	}
449
450		uint32_t
451	0	dns_kasp_key_lifetime(dns_kasp_key_t *key) {
452	0	REQUIRE(key != NULL);
453
454	0	return (key->lifetime);
455	0	}
456
457		bool
458	0	dns_kasp_key_ksk(dns_kasp_key_t *key) {
459	0	REQUIRE(key != NULL);
460
461	0	return (key->role & DNS_KASP_KEY_ROLE_KSK);
462	0	}
463
464		bool
465	0	dns_kasp_key_zsk(dns_kasp_key_t *key) {
466	0	REQUIRE(key != NULL);
467
468	0	return (key->role & DNS_KASP_KEY_ROLE_ZSK);
469	0	}
470
471		uint8_t
472	0	dns_kasp_nsec3iter(dns_kasp_t *kasp) {
473	0	REQUIRE(kasp != NULL);
474	0	REQUIRE(kasp->frozen);
475	0	REQUIRE(kasp->nsec3);
476
477	0	return (kasp->nsec3param.iterations);
478	0	}
479
480		uint8_t
481	0	dns_kasp_nsec3flags(dns_kasp_t *kasp) {
482	0	REQUIRE(kasp != NULL);
483	0	REQUIRE(kasp->frozen);
484	0	REQUIRE(kasp->nsec3);
485
486	0	if (kasp->nsec3param.optout) {
487	0	return (0x01);
488	0	}
489	0	return (0x00);
490	0	}
491
492		uint8_t
493	0	dns_kasp_nsec3saltlen(dns_kasp_t *kasp) {
494	0	REQUIRE(kasp != NULL);
495	0	REQUIRE(kasp->frozen);
496	0	REQUIRE(kasp->nsec3);
497
498	0	return (kasp->nsec3param.saltlen);
499	0	}
500
501		bool
502	0	dns_kasp_nsec3(dns_kasp_t *kasp) {
503	0	REQUIRE(kasp != NULL);
504	0	REQUIRE(kasp->frozen);
505
506	0	return kasp->nsec3;
507	0	}
508
509		void
510	0	dns_kasp_setnsec3(dns_kasp_t *kasp, bool nsec3) {
511	0	REQUIRE(kasp != NULL);
512	0	REQUIRE(!kasp->frozen);
513
514	0	kasp->nsec3 = nsec3;
515	0	}
516
517		void
518		dns_kasp_setnsec3param(dns_kasp_t *kasp, uint8_t iter, bool optout,
519	0	uint8_t saltlen) {
520	0	REQUIRE(kasp != NULL);
521	0	REQUIRE(!kasp->frozen);
522	0	REQUIRE(kasp->nsec3);
523
524	0	kasp->nsec3param.iterations = iter;
525	0	kasp->nsec3param.optout = optout;
526	0	kasp->nsec3param.saltlen = saltlen;
527	0	}