Commit 65c4736d authored by Brian Wellington's avatar Brian Wellington

Added underlying DNSSEC support (dst and crypto libraries)

parent e430659a
......@@ -34,7 +34,7 @@ ISCDEPLIBS = ../../lib/isc/libisc.@A@
LIBS = @LIBS@
SUBDIRS = master names rbt
SUBDIRS = master names rbt dst
TARGETS = res_test \
lex_test \
name_test \
......
test. IN KEY 257 3 1 AQPQjwSpaVzxIgRCpiUoozUQKGh2oX8NIFKDOvtxK+tn536OZg2cROKTlgGEHXJK9YHfW/6nzQULTVpb63P+SQMmjCCidb8IYyhItixRztVeJQ==
Private-key-format: v1.2
Algorithm: 1 (RSA)
Modulus: 0I8EqWlc8SIEQqYlKKM1EChodqF/DSBSgzr7cSvrZ+d+jmYNnETik5YBhB1ySvWB31v+p80FC01aW+tz/kkDJowgonW/CGMoSLYsUc7VXiU=
PublicExponent: Aw==
PrivateExponent: iwoDG5uTS2wC1xluGxd4tXBFpGuqCMA3AidSS3Kc7++ptEQJEtiXC9kfCJMvZhGfQLaujft2OgrmkcuDVtPIbQWEENhyJhb4Lk82kFXbfus=
Prime1: /rSKuzcZY7R5cY2YWD4CiBNyj9WJMq1wWmBnb9+5M08nTl5E9NW5qQ==
Prime2: 0Z5shXQYd16E2Gs6e5WxtO0Oqlly2KkSqXohwTQWDWTb8Pw0WTZmHQ==
Exponent1: qc2x0iS7l82mS7O65X6sWrehtTkGIcj1kZWaSpUmIjTE3umDTePRGw==
Exponent2: i77zA6K6+j8DOvIm/Q52eJ4JxuZMkHC3G6bBK3gOs5iSoKgi5iREEw==
Coefficient: 3+wYZB0SJad7z2EsjzgbSlg6CawoaOvrROGSbwSiW5DCsMFROudOTw==
test. IN KEY 16641 3 3 ANp1//lqDlEfTavcFI+cyudNfgEz73V/K7fSDvkA0eDYcGg/kSvEjAEO/oLWCERltkuC55ZcM/mSv17WF1d/wR6kww/pLI9eXwkjftAYqs5sNxk+mbEGl6zwve9wq5z7IoTY5/J4l7XLCKftg/wGvrzXQhggIkRvEh3myhxd+ouILcpfvTIthWlTKiH59tSJpmgmiSMTE7nDYaf10iVRWN6DMSprgejiH05/fpmyZAt44tyAh4m1wXS5u4tam1PXDJYJozn7EfQ8e2weIv1yC+t6PHSx
Private-key-format: v1.2
Algorithm: 3 (DSA)
Prime(p): 73V/K7fSDvkA0eDYcGg/kSvEjAEO/oLWCERltkuC55ZcM/mSv17WF1d/wR6kww/pLI9eXwkjftAYqs5sNxk+mQ==
Subprime(q): 2nX/+WoOUR9Nq9wUj5zK501+ATM=
Base(g): sQaXrPC973CrnPsihNjn8niXtcsIp+2D/Aa+vNdCGCAiRG8SHebKHF36i4gtyl+9Mi2FaVMqIfn21ImmaCaJIw==
Private_value(x): Nky4tvIwg6xlcyeHXr4k2DEZg0E=
Public_value(y): ExO5w2Gn9dIlUVjegzEqa4Ho4h9Of36ZsmQLeOLcgIeJtcF0ubuLWptT1wyWCaM5+xH0PHtsHiL9cgvrejx0sQ==
# Copyright (C) 1999 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
# SOFTWARE.
srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
CINCLUDES = -I${srcdir}/../../../lib/isc/unix/include \
-I${srcdir}/../../../lib/isc/pthreads/include \
-I${srcdir}/../../../lib/isc/include \
-I${srcdir}/../../../lib/dns/include \
-I${srcdir}/../../../lib/dns/sec/dst/include \
CDEFINES =
CWARNINGS =
LIBS = ../../../lib/dns/libdns.@A@ \
../../../lib/isc/libisc.@A@ \
@LIBS@
TARGETS = dst_test
@BIND9_MAKE_RULES@
dst_test: dst_test.o
${LIBTOOL} ${CC} -o $@ dst_test.o ${LIBS}
test:
-@ ./dst_test
clean distclean::
rm -f ${TARGETS}
/*
* Copyright (C) 1999 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#include <config.h>
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <isc/assertions.h>
#include <isc/error.h>
#include <isc/boolean.h>
#include <isc/region.h>
#include <isc/mem.h>
#include <dst/dst.h>
#include <dst/result.h>
char *current, *tmp = "/tmp";
static void
use(dst_key_t *key, isc_mem_t *mctx) {
dst_result_t ret;
char *data = "This is some data";
unsigned char sig[512];
isc_buffer_t databuf, sigbuf;
isc_region_t datareg, sigreg;
isc_buffer_init(&sigbuf, sig, sizeof(sig), ISC_BUFFERTYPE_BINARY);
/* Advance 1 byte for fun */
isc_buffer_add(&sigbuf, 1);
isc_buffer_init(&databuf, data, strlen(data), ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&databuf, strlen(data));
isc_buffer_used(&databuf, &datareg);
ret = dst_sign(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigbuf, mctx);
printf("sign(%d) returned: %s\n", dst_key_alg(key),
dst_result_totext(ret));
isc_buffer_forward(&sigbuf, 1);
isc_buffer_remaining(&sigbuf, &sigreg);
ret = dst_verify(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigreg, mctx);
printf("verify(%d) returned: %s\n", dst_key_alg(key),
dst_result_totext(ret));
}
static void
io(char *name, int id, int alg, int type, isc_mem_t *mctx) {
dst_key_t *key;
dst_result_t ret;
chdir(current);
ret = dst_key_fromfile(name, id, alg, type, mctx, &key);
printf("read(%d) returned: %s\n", alg, dst_result_totext(ret));
if (ret != 0)
return;
chdir(tmp);
ret = dst_key_tofile(key, type);
printf("write(%d) returned: %s\n", alg, dst_result_totext(ret));
if (ret != 0)
return;
use(key, mctx);
dst_key_free(key, mctx);
}
static void
generate(int alg, isc_mem_t *mctx) {
dst_result_t ret;
dst_key_t *key;
ret = dst_key_generate("test.", alg, 512, 0, 0, 0, mctx, &key);
printf("generate(%d) returned: %s\n", alg, dst_result_totext(ret));
use(key, mctx);
dst_key_free(key, mctx);
}
static void
get_random() {
unsigned char data[25];
isc_buffer_t databuf;
dst_result_t ret;
unsigned int i;
isc_buffer_init(&databuf, data, sizeof data, ISC_BUFFERTYPE_BINARY);
ret = dst_random(sizeof(data), &databuf);
printf("random() returned: %s\n", dst_result_totext(ret));
for (i = 0; i < sizeof data; i++)
printf("%02x ", data[i]);
printf("\n");
}
int
main() {
isc_mem_t *mctx = NULL;
isc_mem_create(0, 0, &mctx);
current = isc_mem_get(mctx, 256);
getcwd(current, 256);
io("test.", 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io("test.", 54622, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io("test.", 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io("test.", 0, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
generate(DST_ALG_RSA, mctx);
generate(DST_ALG_DSA, mctx);
generate(DST_ALG_HMAC_MD5, mctx);
get_random();
isc_mem_put(mctx, current, 256);
/* isc_mem_stats(mctx, stdout);*/
isc_mem_destroy(&mctx);
exit(0);
}
......@@ -2850,6 +2850,14 @@ trap 'rm -fr `echo "make/rules
lib/dns/Makefile
lib/dns/include/Makefile
lib/dns/include/dns/Makefile
lib/dns/sec/Makefile
lib/dns/sec/openssl/Makefile
lib/dns/sec/openssl/include/Makefile
lib/dns/sec/openssl/include/openssl/Makefile
lib/dns/sec/dnssafe/Makefile
lib/dns/sec/dst/Makefile
lib/dns/sec/dst/include/Makefile
lib/dns/sec/dst/include/dst/Makefile
lib/tests/Makefile
lib/tests/include/Makefile
lib/tests/include/tests/Makefile
......@@ -2859,6 +2867,7 @@ trap 'rm -fr `echo "make/rules
bin/tests/names/Makefile
bin/tests/master/Makefile
bin/tests/rbt/Makefile
bin/tests/dst/Makefile
config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
EOF
cat >> $CONFIG_STATUS <<EOF
......@@ -2991,6 +3000,14 @@ CONFIG_FILES=\${CONFIG_FILES-"make/rules
lib/dns/Makefile
lib/dns/include/Makefile
lib/dns/include/dns/Makefile
lib/dns/sec/Makefile
lib/dns/sec/openssl/Makefile
lib/dns/sec/openssl/include/Makefile
lib/dns/sec/openssl/include/openssl/Makefile
lib/dns/sec/dnssafe/Makefile
lib/dns/sec/dst/Makefile
lib/dns/sec/dst/include/Makefile
lib/dns/sec/dst/include/dst/Makefile
lib/tests/Makefile
lib/tests/include/Makefile
lib/tests/include/tests/Makefile
......@@ -3000,6 +3017,7 @@ CONFIG_FILES=\${CONFIG_FILES-"make/rules
bin/tests/names/Makefile
bin/tests/master/Makefile
bin/tests/rbt/Makefile
bin/tests/dst/Makefile
"}
EOF
cat >> $CONFIG_STATUS <<\EOF
......
......@@ -13,7 +13,7 @@ dnl PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
dnl ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
dnl SOFTWARE.
AC_REVISION($Revision: 1.36 $)
AC_REVISION($Revision: 1.37 $)
AC_PREREQ(2.13)
......@@ -357,6 +357,14 @@ AC_OUTPUT(
lib/dns/Makefile
lib/dns/include/Makefile
lib/dns/include/dns/Makefile
lib/dns/sec/Makefile
lib/dns/sec/openssl/Makefile
lib/dns/sec/openssl/include/Makefile
lib/dns/sec/openssl/include/openssl/Makefile
lib/dns/sec/dnssafe/Makefile
lib/dns/sec/dst/Makefile
lib/dns/sec/dst/include/Makefile
lib/dns/sec/dst/include/dst/Makefile
lib/tests/Makefile
lib/tests/include/Makefile
lib/tests/include/tests/Makefile
......@@ -366,4 +374,5 @@ AC_OUTPUT(
bin/tests/names/Makefile
bin/tests/master/Makefile
bin/tests/rbt/Makefile
bin/tests/dst/Makefile
)
......@@ -35,19 +35,90 @@ CWARNINGS =
LIBS = @LIBS@
# Alphabetically
DSTOBJS = sec/dst/bsafe_link.@O@ sec/dst/dst_api.@O@ \
sec/dst/dst_parse.@O@ sec/dst/hmac_link.@O@ \
sec/dst/openssl_link.@O@ sec/dst/dst_result.@O@ \
sec/dst/dst_support.@O@ sec/dst/dst_lib.@O@
OPENSSLOBJS = sec/openssl/bn_add.@O@ sec/openssl/bn_asm.@O@ \
sec/openssl/bn_comba.@O@ sec/openssl/bn_div.@O@ \
sec/openssl/bn_err.@O@ sec/openssl/bn_exp.@O@ \
sec/openssl/bn_exp2.@O@ sec/openssl/bn_gcd.@O@ \
sec/openssl/bn_lib.@O@ sec/openssl/bn_m.@O@ \
sec/openssl/bn_mont.@O@ sec/openssl/bn_mul.@O@ \
sec/openssl/bn_prime.@O@ sec/openssl/bn_rand.@O@ \
sec/openssl/bn_recp.@O@ sec/openssl/bn_shift.@O@ \
sec/openssl/bn_sqr.@O@ sec/openssl/bn_word.@O@ \
sec/openssl/buffer.@O@ sec/openssl/cryptlib.@O@ \
sec/openssl/dsa_asn1.@O@ sec/openssl/dsa_err.@O@ \
sec/openssl/dsa_gen.@O@ sec/openssl/dsa_key.@O@ \
sec/openssl/dsa_lib.@O@ sec/openssl/dsa_sign.@O@ \
sec/openssl/dsa_vrf.@O@ sec/openssl/err.@O@ \
sec/openssl/lhash.@O@ sec/openssl/md_rand.@O@ \
sec/openssl/md5_dgst.@O@ sec/openssl/mem.@O@ \
sec/openssl/rand_lib.@O@ sec/openssl/sha1_one.@O@ \
sec/openssl/sha1dgst.@O@ sec/openssl/stack.@O@ \
sec/openssl/th-lock.@O@
DNSSAFEOBJS = sec/dnssafe/ahchdig.@O@ sec/dnssafe/ahchencr.@O@ \
sec/dnssafe/ahchgen.@O@ sec/dnssafe/ahchrand.@O@ \
sec/dnssafe/ahdigest.@O@ sec/dnssafe/ahencryp.@O@ \
sec/dnssafe/ahgen.@O@ sec/dnssafe/ahrandom.@O@ \
sec/dnssafe/ahrsaenc.@O@ sec/dnssafe/ahrsaepr.@O@ \
sec/dnssafe/ahrsaepu.@O@ sec/dnssafe/aichdig.@O@ \
sec/dnssafe/aichenc8.@O@ sec/dnssafe/aichencn.@O@ \
sec/dnssafe/aichencr.@O@ sec/dnssafe/aichgen.@O@ \
sec/dnssafe/aichrand.@O@ sec/dnssafe/aimd5.@O@ \
sec/dnssafe/aimd5ran.@O@ sec/dnssafe/ainfotyp.@O@ \
sec/dnssafe/ainull.@O@ sec/dnssafe/airsaepr.@O@ \
sec/dnssafe/airsaepu.@O@ sec/dnssafe/airsakgn.@O@ \
sec/dnssafe/airsaprv.@O@ sec/dnssafe/airsapub.@O@ \
sec/dnssafe/algchoic.@O@ sec/dnssafe/algobj.@O@ \
sec/dnssafe/amcrte.@O@ sec/dnssafe/ammd5.@O@ \
sec/dnssafe/ammd5r.@O@ sec/dnssafe/amrkg.@O@ \
sec/dnssafe/amrsae.@O@ \
sec/dnssafe/balg.@O@ sec/dnssafe/bgclrbit.@O@ \
sec/dnssafe/bgmdmpyx.@O@ sec/dnssafe/bgmdsqx.@O@ \
sec/dnssafe/bgmodexp.@O@ sec/dnssafe/bgpegcd.@O@ \
sec/dnssafe/big2exp.@O@ sec/dnssafe/bigabs.@O@ \
sec/dnssafe/bigacc.@O@ sec/dnssafe/bigarith.@O@ \
sec/dnssafe/bigcmp.@O@ sec/dnssafe/bigconst.@O@ \
sec/dnssafe/biginv.@O@ sec/dnssafe/biglen.@O@ \
sec/dnssafe/bigmodx.@O@ sec/dnssafe/bigmpy.@O@ \
sec/dnssafe/bigpdiv.@O@ sec/dnssafe/bigpmpy.@O@ \
sec/dnssafe/bigpmpyh.@O@ sec/dnssafe/bigpmpyl.@O@ \
sec/dnssafe/bigpsq.@O@ sec/dnssafe/bigqrx.@O@ \
sec/dnssafe/bigsmod.@O@ sec/dnssafe/bigtocan.@O@ \
sec/dnssafe/bigu.@O@ sec/dnssafe/bigunexp.@O@ \
sec/dnssafe/binfocsh.@O@ sec/dnssafe/bkey.@O@ \
sec/dnssafe/bmempool.@O@ sec/dnssafe/cantobig.@O@ \
sec/dnssafe/crt2.@O@ sec/dnssafe/digest.@O@ \
sec/dnssafe/digrand.@O@ sec/dnssafe/encrypt.@O@ \
sec/dnssafe/generate.@O@ sec/dnssafe/intbits.@O@ \
sec/dnssafe/intitem.@O@ sec/dnssafe/keyobj.@O@ \
sec/dnssafe/ki8byte.@O@ sec/dnssafe/kiitem.@O@ \
sec/dnssafe/kinfotyp.@O@ sec/dnssafe/kifulprv.@O@ \
sec/dnssafe/kipkcrpr.@O@ sec/dnssafe/kirsacrt.@O@ \
sec/dnssafe/kirsapub.@O@ sec/dnssafe/md5.@O@ \
sec/dnssafe/md5rand.@O@ sec/dnssafe/prime.@O@ \
sec/dnssafe/random.@O@ sec/dnssafe/rsa.@O@ \
sec/dnssafe/rsakeygn.@O@ sec/dnssafe/seccbcd.@O@ \
sec/dnssafe/seccbce.@O@ sec/dnssafe/surrendr.@O@
OBJS = callbacks.@O@ compress.@O@ db.@O@ dbiterator.@O@ \
dbtable.@O@ dispatch.@O@ lib.@O@ master.@O@ message.@O@ \
name.@O@ rbt.@O@ rbtdb.@O@ rbtdb64.@O@ rdata.@O@ \
rdatalist.@O@ rdataset.@O@ rdatasetiter.@O@ rdataslab.@O@ \
resolver.@O@ result.@O@ version.@O@ masterdump.@O@ time.@O@ \
ttl.@O@ tcpmsg.@O@
ttl.@O@ tcpmsg.@O@ \
${DSTOBJS} ${OPENSSLOBJS} ${DNSSAFEOBJS}
OSRC = callbacks.c compress.c db.c dbiterator.c dbtable.c dispatch.c \
lib.c master.c name.c rbt.c rbtdb.c rbtdb64.c \
rdata.c rdatalist.c rdataset.c rdatasetiter.c rdataslab.c \
resolver.c result.c version.c masterdump.c time.c ttl.c
SUBDIRS = include
SUBDIRS = include sec
TARGETS = include/dns/enumtype.h include/dns/enumclass.h \
include/dns/rdatastruct.h timestamp
......@@ -87,6 +158,8 @@ clean distclean::
rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
rm -f include/dns/rdatastruct.h
sec: include/dns/enumtype.h include/dns/enumclass.h include/dns/rdatastruct.h
rdata.@O@: code.h
include/dns/enumtype.h: gen
......
......@@ -20,11 +20,11 @@ top_srcdir = @top_srcdir@
@BIND9_VERSION@
HEADERS = callbacks.h cert.h compress.h db.h dbiterator.h dbtable.h \
events.h dispatch.h events.h fixedname.h lib.h master.h \
masterdump.h message.h name.h rbt.h rcode.h rdata.h \
rdataclass.h rdatalist.h rdataset.h rdatasetiter.h \
rdataslab.h rdatatype.h result.h secalg.h tcpmsg.h time.h \
ttl.h types.h
events.h dispatch.h events.h fixedname.h keyvalues.h \
lib.h master.h masterdump.h message.h name.h rbt.h \
rcode.h rdata.h rdataclass.h rdatalist.h rdataset.h \
rdatasetiter.h rdataslab.h rdatatype.h result.h \
secalg.h tcpmsg.h time.h ttl.h types.h
GENHEADERS = enumclass.h enumtype.h rdatastruct.h
SUBDIRS =
......
#ifndef DNS_KEYVALUES_H
#define DNS_KEYVALUES_H 1
ISC_LANG_BEGINDECLS
/*
* Flags field of the KEY RR rdata
*/
#define NS_KEY_TYPEMASK 0xC000 /* Mask for "type" bits */
#define NS_KEY_TYPE_AUTH_CONF 0x0000 /* Key usable for both */
#define NS_KEY_TYPE_CONF_ONLY 0x8000 /* Key usable for confidentiality */
#define NS_KEY_TYPE_AUTH_ONLY 0x4000 /* Key usable for authentication */
#define NS_KEY_TYPE_NO_KEY 0xC000 /* No key usable for either; no key */
/* The type bits can also be interpreted independently, as single bits: */
#define NS_KEY_NO_AUTH 0x8000 /* Key unusable for authentication */
#define NS_KEY_NO_CONF 0x4000 /* Key unusable for confidentiality */
#define NS_KEY_RESERVED2 0x2000 /* Security is *mandatory* if bit=0 */
#define NS_KEY_EXTENDED_FLAGS 0x1000 /* reserved - must be zero */
#define NS_KEY_RESERVED4 0x0800 /* reserved - must be zero */
#define NS_KEY_RESERVED5 0x0400 /* reserved - must be zero */
#define NS_KEY_NAME_TYPE 0x0300 /* these bits determine the type */
#define NS_KEY_NAME_USER 0x0000 /* key is assoc. with user */
#define NS_KEY_NAME_ENTITY 0x0200 /* key is assoc. with entity eg host */
#define NS_KEY_NAME_ZONE 0x0100 /* key is zone key */
#define NS_KEY_NAME_RESERVED 0x0300 /* reserved meaning */
#define NS_KEY_RESERVED8 0x0080 /* reserved - must be zero */
#define NS_KEY_RESERVED9 0x0040 /* reserved - must be zero */
#define NS_KEY_RESERVED10 0x0020 /* reserved - must be zero */
#define NS_KEY_RESERVED11 0x0010 /* reserved - must be zero */
#define NS_KEY_SIGNATORYMASK 0x000F /* key can sign RR's of same name */
#define NS_KEY_RESERVED_BITMASK ( NS_KEY_RESERVED2 | \
NS_KEY_RESERVED4 | \
NS_KEY_RESERVED5 | \
NS_KEY_RESERVED8 | \
NS_KEY_RESERVED9 | \
NS_KEY_RESERVED10 | \
NS_KEY_RESERVED11 )
#define NS_KEY_RESERVED_BITMASK2 0xFFFF /* no bits defined here */
/* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */
#define NS_ALG_MD5RSA 1 /* MD5 with RSA */
#define NS_ALG_DH 2 /* Diffie Hellman KEY */
#define NS_ALG_DSA 3 /* DSA KEY */
#define NS_ALG_DSS NS_ALG_DSA
#define NS_ALG_EXPIRE_ONLY 253 /* No alg, no security */
#define NS_ALG_PRIVATE_OID 254 /* Key begins with OID giving alg */
/* Protocol values */
/* value 0 is reserved */
#define NS_KEY_PROT_TLS 1
#define NS_KEY_PROT_EMAIL 2
#define NS_KEY_PROT_DNSSEC 3
#define NS_KEY_PROT_IPSEC 4
#define NS_KEY_PROT_ANY 255
/* Signatures */
#define NS_MD5RSA_MIN_BITS 512 /* Size of a mod or exp in bits */
#define NS_MD5RSA_MAX_BITS 2552
/* Total of binary mod and exp */
#define NS_MD5RSA_MAX_BYTES ((NS_MD5RSA_MAX_BITS+7/8)*2+3)
/* Max length of text sig block */
#define NS_MD5RSA_MAX_BASE64 (((NS_MD5RSA_MAX_BYTES+2)/3)*4)
#define NS_MD5RSA_MIN_SIZE ((NS_MD5RSA_MIN_BITS+7)/8)
#define NS_MD5RSA_MAX_SIZE ((NS_MD5RSA_MAX_BITS+7)/8)
#define NS_DSA_SIG_SIZE 41
#define NS_DSA_MIN_BITS 512
#define NS_DSA_MAX_BITS 1024
#define NS_DSA_MIN_BYTES 213
#define NS_DSA_MAX_BYTES 405
ISC_LANG_ENDDECLS
#endif /* DNS_KEYVALUES_H */
......@@ -64,6 +64,7 @@ typedef struct dns_forwarders dns_forwarders_t;
typedef isc_uint16_t dns_messageid_t;
typedef isc_uint16_t dns_trust_t;
typedef struct dns_dispatch dns_dispatch_t;
typedef struct dns_tsig_key dns_tsig_key_t;
typedef enum {
dns_labeltype_ordinary = 0,
......
# Copyright (C) 1998 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
# SOFTWARE.
srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
SUBDIRS = dnssafe dst openssl
TARGETS =
@BIND9_MAKE_RULES@
# Copyright (C) 1998, 1999 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
# SOFTWARE.
srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
@BIND9_VERSION@
@LIBDNS_API@
CINCLUDES = -I${srcdir}/../../../isc/unix/include \
-I${srcdir}/../../../isc/pthreads/include \
-I${srcdir}/../../../isc/include \
-I${srcdir}/include \
-I${srcdir} \
-I./include \
-I.
CDEFINES =
CWARNINGS =
LIBS = @LIBS@