Commit 65c4736d authored by Brian Wellington's avatar Brian Wellington

Added underlying DNSSEC support (dst and crypto libraries)

parent e430659a
...@@ -34,7 +34,7 @@ ISCDEPLIBS = ../../lib/isc/libisc.@A@ ...@@ -34,7 +34,7 @@ ISCDEPLIBS = ../../lib/isc/libisc.@A@
LIBS = @LIBS@ LIBS = @LIBS@
SUBDIRS = master names rbt SUBDIRS = master names rbt dst
TARGETS = res_test \ TARGETS = res_test \
lex_test \ lex_test \
name_test \ name_test \
......
test. IN KEY 257 3 1 AQPQjwSpaVzxIgRCpiUoozUQKGh2oX8NIFKDOvtxK+tn536OZg2cROKTlgGEHXJK9YHfW/6nzQULTVpb63P+SQMmjCCidb8IYyhItixRztVeJQ==
Private-key-format: v1.2
Algorithm: 1 (RSA)
Modulus: 0I8EqWlc8SIEQqYlKKM1EChodqF/DSBSgzr7cSvrZ+d+jmYNnETik5YBhB1ySvWB31v+p80FC01aW+tz/kkDJowgonW/CGMoSLYsUc7VXiU=
PublicExponent: Aw==
PrivateExponent: iwoDG5uTS2wC1xluGxd4tXBFpGuqCMA3AidSS3Kc7++ptEQJEtiXC9kfCJMvZhGfQLaujft2OgrmkcuDVtPIbQWEENhyJhb4Lk82kFXbfus=
Prime1: /rSKuzcZY7R5cY2YWD4CiBNyj9WJMq1wWmBnb9+5M08nTl5E9NW5qQ==
Prime2: 0Z5shXQYd16E2Gs6e5WxtO0Oqlly2KkSqXohwTQWDWTb8Pw0WTZmHQ==
Exponent1: qc2x0iS7l82mS7O65X6sWrehtTkGIcj1kZWaSpUmIjTE3umDTePRGw==
Exponent2: i77zA6K6+j8DOvIm/Q52eJ4JxuZMkHC3G6bBK3gOs5iSoKgi5iREEw==
Coefficient: 3+wYZB0SJad7z2EsjzgbSlg6CawoaOvrROGSbwSiW5DCsMFROudOTw==
test. IN KEY 16641 3 3 ANp1//lqDlEfTavcFI+cyudNfgEz73V/K7fSDvkA0eDYcGg/kSvEjAEO/oLWCERltkuC55ZcM/mSv17WF1d/wR6kww/pLI9eXwkjftAYqs5sNxk+mbEGl6zwve9wq5z7IoTY5/J4l7XLCKftg/wGvrzXQhggIkRvEh3myhxd+ouILcpfvTIthWlTKiH59tSJpmgmiSMTE7nDYaf10iVRWN6DMSprgejiH05/fpmyZAt44tyAh4m1wXS5u4tam1PXDJYJozn7EfQ8e2weIv1yC+t6PHSx
Private-key-format: v1.2
Algorithm: 3 (DSA)
Prime(p): 73V/K7fSDvkA0eDYcGg/kSvEjAEO/oLWCERltkuC55ZcM/mSv17WF1d/wR6kww/pLI9eXwkjftAYqs5sNxk+mQ==
Subprime(q): 2nX/+WoOUR9Nq9wUj5zK501+ATM=
Base(g): sQaXrPC973CrnPsihNjn8niXtcsIp+2D/Aa+vNdCGCAiRG8SHebKHF36i4gtyl+9Mi2FaVMqIfn21ImmaCaJIw==
Private_value(x): Nky4tvIwg6xlcyeHXr4k2DEZg0E=
Public_value(y): ExO5w2Gn9dIlUVjegzEqa4Ho4h9Of36ZsmQLeOLcgIeJtcF0ubuLWptT1wyWCaM5+xH0PHtsHiL9cgvrejx0sQ==
# Copyright (C) 1999 Internet Software Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
# SOFTWARE.
srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
CINCLUDES = -I${srcdir}/../../../lib/isc/unix/include \
-I${srcdir}/../../../lib/isc/pthreads/include \
-I${srcdir}/../../../lib/isc/include \
-I${srcdir}/../../../lib/dns/include \
-I${srcdir}/../../../lib/dns/sec/dst/include \
CDEFINES =
CWARNINGS =
LIBS = ../../../lib/dns/libdns.@A@ \
../../../lib/isc/libisc.@A@ \
@LIBS@
TARGETS = dst_test
@BIND9_MAKE_RULES@
dst_test: dst_test.o
${LIBTOOL} ${CC} -o $@ dst_test.o ${LIBS}
test:
-@ ./dst_test
clean distclean::
rm -f ${TARGETS}
/*
* Copyright (C) 1999 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#include <config.h>
#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <isc/assertions.h>
#include <isc/error.h>
#include <isc/boolean.h>
#include <isc/region.h>
#include <isc/mem.h>
#include <dst/dst.h>
#include <dst/result.h>
char *current, *tmp = "/tmp";
static void
use(dst_key_t *key, isc_mem_t *mctx) {
dst_result_t ret;
char *data = "This is some data";
unsigned char sig[512];
isc_buffer_t databuf, sigbuf;
isc_region_t datareg, sigreg;
isc_buffer_init(&sigbuf, sig, sizeof(sig), ISC_BUFFERTYPE_BINARY);
/* Advance 1 byte for fun */
isc_buffer_add(&sigbuf, 1);
isc_buffer_init(&databuf, data, strlen(data), ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&databuf, strlen(data));
isc_buffer_used(&databuf, &datareg);
ret = dst_sign(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigbuf, mctx);
printf("sign(%d) returned: %s\n", dst_key_alg(key),
dst_result_totext(ret));
isc_buffer_forward(&sigbuf, 1);
isc_buffer_remaining(&sigbuf, &sigreg);
ret = dst_verify(DST_SIG_MODE_ALL, key, NULL, &datareg, &sigreg, mctx);
printf("verify(%d) returned: %s\n", dst_key_alg(key),
dst_result_totext(ret));
}
static void
io(char *name, int id, int alg, int type, isc_mem_t *mctx) {
dst_key_t *key;
dst_result_t ret;
chdir(current);
ret = dst_key_fromfile(name, id, alg, type, mctx, &key);
printf("read(%d) returned: %s\n", alg, dst_result_totext(ret));
if (ret != 0)
return;
chdir(tmp);
ret = dst_key_tofile(key, type);
printf("write(%d) returned: %s\n", alg, dst_result_totext(ret));
if (ret != 0)
return;
use(key, mctx);
dst_key_free(key, mctx);
}
static void
generate(int alg, isc_mem_t *mctx) {
dst_result_t ret;
dst_key_t *key;
ret = dst_key_generate("test.", alg, 512, 0, 0, 0, mctx, &key);
printf("generate(%d) returned: %s\n", alg, dst_result_totext(ret));
use(key, mctx);
dst_key_free(key, mctx);
}
static void
get_random() {
unsigned char data[25];
isc_buffer_t databuf;
dst_result_t ret;
unsigned int i;
isc_buffer_init(&databuf, data, sizeof data, ISC_BUFFERTYPE_BINARY);
ret = dst_random(sizeof(data), &databuf);
printf("random() returned: %s\n", dst_result_totext(ret));
for (i = 0; i < sizeof data; i++)
printf("%02x ", data[i]);
printf("\n");
}
int
main() {
isc_mem_t *mctx = NULL;
isc_mem_create(0, 0, &mctx);
current = isc_mem_get(mctx, 256);
getcwd(current, 256);
io("test.", 6204, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io("test.", 54622, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io("test.", 0, DST_ALG_DSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
io("test.", 0, DST_ALG_RSA, DST_TYPE_PRIVATE|DST_TYPE_PUBLIC, mctx);
generate(DST_ALG_RSA, mctx);
generate(DST_ALG_DSA, mctx);
generate(DST_ALG_HMAC_MD5, mctx);
get_random();
isc_mem_put(mctx, current, 256);
/* isc_mem_stats(mctx, stdout);*/
isc_mem_destroy(&mctx);
exit(0);
}
...@@ -2850,6 +2850,14 @@ trap 'rm -fr `echo "make/rules ...@@ -2850,6 +2850,14 @@ trap 'rm -fr `echo "make/rules
lib/dns/Makefile lib/dns/Makefile
lib/dns/include/Makefile lib/dns/include/Makefile
lib/dns/include/dns/Makefile lib/dns/include/dns/Makefile
lib/dns/sec/Makefile
lib/dns/sec/openssl/Makefile
lib/dns/sec/openssl/include/Makefile
lib/dns/sec/openssl/include/openssl/Makefile
lib/dns/sec/dnssafe/Makefile
lib/dns/sec/dst/Makefile
lib/dns/sec/dst/include/Makefile
lib/dns/sec/dst/include/dst/Makefile
lib/tests/Makefile lib/tests/Makefile
lib/tests/include/Makefile lib/tests/include/Makefile
lib/tests/include/tests/Makefile lib/tests/include/tests/Makefile
...@@ -2859,6 +2867,7 @@ trap 'rm -fr `echo "make/rules ...@@ -2859,6 +2867,7 @@ trap 'rm -fr `echo "make/rules
bin/tests/names/Makefile bin/tests/names/Makefile
bin/tests/master/Makefile bin/tests/master/Makefile
bin/tests/rbt/Makefile bin/tests/rbt/Makefile
bin/tests/dst/Makefile
config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15
EOF EOF
cat >> $CONFIG_STATUS <<EOF cat >> $CONFIG_STATUS <<EOF
...@@ -2991,6 +3000,14 @@ CONFIG_FILES=\${CONFIG_FILES-"make/rules ...@@ -2991,6 +3000,14 @@ CONFIG_FILES=\${CONFIG_FILES-"make/rules
lib/dns/Makefile lib/dns/Makefile
lib/dns/include/Makefile lib/dns/include/Makefile
lib/dns/include/dns/Makefile lib/dns/include/dns/Makefile
lib/dns/sec/Makefile
lib/dns/sec/openssl/Makefile
lib/dns/sec/openssl/include/Makefile
lib/dns/sec/openssl/include/openssl/Makefile
lib/dns/sec/dnssafe/Makefile
lib/dns/sec/dst/Makefile
lib/dns/sec/dst/include/Makefile
lib/dns/sec/dst/include/dst/Makefile
lib/tests/Makefile lib/tests/Makefile
lib/tests/include/Makefile lib/tests/include/Makefile
lib/tests/include/tests/Makefile lib/tests/include/tests/Makefile
...@@ -3000,6 +3017,7 @@ CONFIG_FILES=\${CONFIG_FILES-"make/rules ...@@ -3000,6 +3017,7 @@ CONFIG_FILES=\${CONFIG_FILES-"make/rules
bin/tests/names/Makefile bin/tests/names/Makefile
bin/tests/master/Makefile bin/tests/master/Makefile
bin/tests/rbt/Makefile bin/tests/rbt/Makefile
bin/tests/dst/Makefile
"} "}
EOF EOF
cat >> $CONFIG_STATUS <<\EOF cat >> $CONFIG_STATUS <<\EOF
......
...@@ -13,7 +13,7 @@ dnl PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ...@@ -13,7 +13,7 @@ dnl PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
dnl ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS dnl ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
dnl SOFTWARE. dnl SOFTWARE.
AC_REVISION($Revision: 1.36 $) AC_REVISION($Revision: 1.37 $)
AC_PREREQ(2.13) AC_PREREQ(2.13)
...@@ -357,6 +357,14 @@ AC_OUTPUT( ...@@ -357,6 +357,14 @@ AC_OUTPUT(
lib/dns/Makefile lib/dns/Makefile
lib/dns/include/Makefile lib/dns/include/Makefile
lib/dns/include/dns/Makefile lib/dns/include/dns/Makefile
lib/dns/sec/Makefile
lib/dns/sec/openssl/Makefile
lib/dns/sec/openssl/include/Makefile
lib/dns/sec/openssl/include/openssl/Makefile
lib/dns/sec/dnssafe/Makefile
lib/dns/sec/dst/Makefile
lib/dns/sec/dst/include/Makefile
lib/dns/sec/dst/include/dst/Makefile
lib/tests/Makefile lib/tests/Makefile
lib/tests/include/Makefile lib/tests/include/Makefile
lib/tests/include/tests/Makefile lib/tests/include/tests/Makefile
...@@ -366,4 +374,5 @@ AC_OUTPUT( ...@@ -366,4 +374,5 @@ AC_OUTPUT(
bin/tests/names/Makefile bin/tests/names/Makefile
bin/tests/master/Makefile bin/tests/master/Makefile
bin/tests/rbt/Makefile bin/tests/rbt/Makefile
bin/tests/dst/Makefile
) )
...@@ -35,19 +35,90 @@ CWARNINGS = ...@@ -35,19 +35,90 @@ CWARNINGS =
LIBS = @LIBS@ LIBS = @LIBS@
# Alphabetically # Alphabetically
DSTOBJS = sec/dst/bsafe_link.@O@ sec/dst/dst_api.@O@ \
sec/dst/dst_parse.@O@ sec/dst/hmac_link.@O@ \
sec/dst/openssl_link.@O@ sec/dst/dst_result.@O@ \
sec/dst/dst_support.@O@ sec/dst/dst_lib.@O@
OPENSSLOBJS = sec/openssl/bn_add.@O@ sec/openssl/bn_asm.@O@ \
sec/openssl/bn_comba.@O@ sec/openssl/bn_div.@O@ \
sec/openssl/bn_err.@O@ sec/openssl/bn_exp.@O@ \
sec/openssl/bn_exp2.@O@ sec/openssl/bn_gcd.@O@ \
sec/openssl/bn_lib.@O@ sec/openssl/bn_m.@O@ \
sec/openssl/bn_mont.@O@ sec/openssl/bn_mul.@O@ \
sec/openssl/bn_prime.@O@ sec/openssl/bn_rand.@O@ \
sec/openssl/bn_recp.@O@ sec/openssl/bn_shift.@O@ \
sec/openssl/bn_sqr.@O@ sec/openssl/bn_word.@O@ \
sec/openssl/buffer.@O@ sec/openssl/cryptlib.@O@ \
sec/openssl/dsa_asn1.@O@ sec/openssl/dsa_err.@O@ \
sec/openssl/dsa_gen.@O@ sec/openssl/dsa_key.@O@ \
sec/openssl/dsa_lib.@O@ sec/openssl/dsa_sign.@O@ \
sec/openssl/dsa_vrf.@O@ sec/openssl/err.@O@ \
sec/openssl/lhash.@O@ sec/openssl/md_rand.@O@ \
sec/openssl/md5_dgst.@O@ sec/openssl/mem.@O@ \
sec/openssl/rand_lib.@O@ sec/openssl/sha1_one.@O@ \
sec/openssl/sha1dgst.@O@ sec/openssl/stack.@O@ \
sec/openssl/th-lock.@O@
DNSSAFEOBJS = sec/dnssafe/ahchdig.@O@ sec/dnssafe/ahchencr.@O@ \
sec/dnssafe/ahchgen.@O@ sec/dnssafe/ahchrand.@O@ \
sec/dnssafe/ahdigest.@O@ sec/dnssafe/ahencryp.@O@ \
sec/dnssafe/ahgen.@O@ sec/dnssafe/ahrandom.@O@ \
sec/dnssafe/ahrsaenc.@O@ sec/dnssafe/ahrsaepr.@O@ \
sec/dnssafe/ahrsaepu.@O@ sec/dnssafe/aichdig.@O@ \
sec/dnssafe/aichenc8.@O@ sec/dnssafe/aichencn.@O@ \
sec/dnssafe/aichencr.@O@ sec/dnssafe/aichgen.@O@ \
sec/dnssafe/aichrand.@O@ sec/dnssafe/aimd5.@O@ \
sec/dnssafe/aimd5ran.@O@ sec/dnssafe/ainfotyp.@O@ \
sec/dnssafe/ainull.@O@ sec/dnssafe/airsaepr.@O@ \
sec/dnssafe/airsaepu.@O@ sec/dnssafe/airsakgn.@O@ \
sec/dnssafe/airsaprv.@O@ sec/dnssafe/airsapub.@O@ \
sec/dnssafe/algchoic.@O@ sec/dnssafe/algobj.@O@ \
sec/dnssafe/amcrte.@O@ sec/dnssafe/ammd5.@O@ \
sec/dnssafe/ammd5r.@O@ sec/dnssafe/amrkg.@O@ \
sec/dnssafe/amrsae.@O@ \
sec/dnssafe/balg.@O@ sec/dnssafe/bgclrbit.@O@ \
sec/dnssafe/bgmdmpyx.@O@ sec/dnssafe/bgmdsqx.@O@ \
sec/dnssafe/bgmodexp.@O@ sec/dnssafe/bgpegcd.@O@ \
sec/dnssafe/big2exp.@O@ sec/dnssafe/bigabs.@O@ \
sec/dnssafe/bigacc.@O@ sec/dnssafe/bigarith.@O@ \
sec/dnssafe/bigcmp.@O@ sec/dnssafe/bigconst.@O@ \
sec/dnssafe/biginv.@O@ sec/dnssafe/biglen.@O@ \
sec/dnssafe/bigmodx.@O@ sec/dnssafe/bigmpy.@O@ \
sec/dnssafe/bigpdiv.@O@ sec/dnssafe/bigpmpy.@O@ \
sec/dnssafe/bigpmpyh.@O@ sec/dnssafe/bigpmpyl.@O@ \
sec/dnssafe/bigpsq.@O@ sec/dnssafe/bigqrx.@O@ \
sec/dnssafe/bigsmod.@O@ sec/dnssafe/bigtocan.@O@ \
sec/dnssafe/bigu.@O@ sec/dnssafe/bigunexp.@O@ \
sec/dnssafe/binfocsh.@O@ sec/dnssafe/bkey.@O@ \
sec/dnssafe/bmempool.@O@ sec/dnssafe/cantobig.@O@ \
sec/dnssafe/crt2.@O@ sec/dnssafe/digest.@O@ \
sec/dnssafe/digrand.@O@ sec/dnssafe/encrypt.@O@ \
sec/dnssafe/generate.@O@ sec/dnssafe/intbits.@O@ \
sec/dnssafe/intitem.@O@ sec/dnssafe/keyobj.@O@ \
sec/dnssafe/ki8byte.@O@ sec/dnssafe/kiitem.@O@ \
sec/dnssafe/kinfotyp.@O@ sec/dnssafe/kifulprv.@O@ \
sec/dnssafe/kipkcrpr.@O@ sec/dnssafe/kirsacrt.@O@ \
sec/dnssafe/kirsapub.@O@ sec/dnssafe/md5.@O@ \
sec/dnssafe/md5rand.@O@ sec/dnssafe/prime.@O@ \
sec/dnssafe/random.@O@ sec/dnssafe/rsa.@O@ \
sec/dnssafe/rsakeygn.@O@ sec/dnssafe/seccbcd.@O@ \
sec/dnssafe/seccbce.@O@ sec/dnssafe/surrendr.@O@
OBJS = callbacks.@O@ compress.@O@ db.@O@ dbiterator.@O@ \ OBJS = callbacks.@O@ compress.@O@ db.@O@ dbiterator.@O@ \
dbtable.@O@ dispatch.@O@ lib.@O@ master.@O@ message.@O@ \ dbtable.@O@ dispatch.@O@ lib.@O@ master.@O@ message.@O@ \
name.@O@ rbt.@O@ rbtdb.@O@ rbtdb64.@O@ rdata.@O@ \ name.@O@ rbt.@O@ rbtdb.@O@ rbtdb64.@O@ rdata.@O@ \
rdatalist.@O@ rdataset.@O@ rdatasetiter.@O@ rdataslab.@O@ \ rdatalist.@O@ rdataset.@O@ rdatasetiter.@O@ rdataslab.@O@ \
resolver.@O@ result.@O@ version.@O@ masterdump.@O@ time.@O@ \ resolver.@O@ result.@O@ version.@O@ masterdump.@O@ time.@O@ \
ttl.@O@ tcpmsg.@O@ ttl.@O@ tcpmsg.@O@ \
${DSTOBJS} ${OPENSSLOBJS} ${DNSSAFEOBJS}
OSRC = callbacks.c compress.c db.c dbiterator.c dbtable.c dispatch.c \ OSRC = callbacks.c compress.c db.c dbiterator.c dbtable.c dispatch.c \
lib.c master.c name.c rbt.c rbtdb.c rbtdb64.c \ lib.c master.c name.c rbt.c rbtdb.c rbtdb64.c \
rdata.c rdatalist.c rdataset.c rdatasetiter.c rdataslab.c \ rdata.c rdatalist.c rdataset.c rdatasetiter.c rdataslab.c \
resolver.c result.c version.c masterdump.c time.c ttl.c resolver.c result.c version.c masterdump.c time.c ttl.c
SUBDIRS = include SUBDIRS = include sec
TARGETS = include/dns/enumtype.h include/dns/enumclass.h \ TARGETS = include/dns/enumtype.h include/dns/enumclass.h \
include/dns/rdatastruct.h timestamp include/dns/rdatastruct.h timestamp
...@@ -87,6 +158,8 @@ clean distclean:: ...@@ -87,6 +158,8 @@ clean distclean::
rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h rm -f gen code.h include/dns/enumtype.h include/dns/enumclass.h
rm -f include/dns/rdatastruct.h rm -f include/dns/rdatastruct.h
sec: include/dns/enumtype.h include/dns/enumclass.h include/dns/rdatastruct.h
rdata.@O@: code.h rdata.@O@: code.h
include/dns/enumtype.h: gen include/dns/enumtype.h: gen
......
...@@ -20,11 +20,11 @@ top_srcdir = @top_srcdir@ ...@@ -20,11 +20,11 @@ top_srcdir = @top_srcdir@
@BIND9_VERSION@ @BIND9_VERSION@
HEADERS = callbacks.h cert.h compress.h db.h dbiterator.h dbtable.h \ HEADERS = callbacks.h cert.h compress.h db.h dbiterator.h dbtable.h \
events.h dispatch.h events.h fixedname.h lib.h master.h \ events.h dispatch.h events.h fixedname.h keyvalues.h \
masterdump.h message.h name.h rbt.h rcode.h rdata.h \ lib.h master.h masterdump.h message.h name.h rbt.h \
rdataclass.h rdatalist.h rdataset.h rdatasetiter.h \ rcode.h rdata.h rdataclass.h rdatalist.h rdataset.h \
rdataslab.h rdatatype.h result.h secalg.h tcpmsg.h time.h \ rdatasetiter.h rdataslab.h rdatatype.h result.h \
ttl.h types.h secalg.h tcpmsg.h time.h ttl.h types.h
GENHEADERS = enumclass.h enumtype.h rdatastruct.h GENHEADERS = enumclass.h enumtype.h rdatastruct.h
SUBDIRS = SUBDIRS =
......
#ifndef DNS_KEYVALUES_H
#define DNS_KEYVALUES_H 1
ISC_LANG_BEGINDECLS
/*
* Flags field of the KEY RR rdata
*/
#define NS_KEY_TYPEMASK 0xC000 /* Mask for "type" bits */
#define NS_KEY_TYPE_AUTH_CONF 0x0000 /* Key usable for both */
#define NS_KEY_TYPE_CONF_ONLY 0x8000 /* Key usable for confidentiality */
#define NS_KEY_TYPE_AUTH_ONLY 0x4000 /* Key usable for authentication */
#define NS_KEY_TYPE_NO_KEY 0xC000 /* No key usable for either; no key */
/* The type bits can also be interpreted independently, as single bits: */
#define NS_KEY_NO_AUTH 0x8000 /* Key unusable for authentication */
#define NS_KEY_NO_CONF 0x4000 /* Key unusable for confidentiality */
#define NS_KEY_RESERVED2 0x2000 /* Security is *mandatory* if bit=0 */
#define NS_KEY_EXTENDED_FLAGS 0x1000 /* reserved - must be zero */
#define NS_KEY_RESERVED4 0x0800 /* reserved - must be zero */
#define NS_KEY_RESERVED5 0x0400 /* reserved - must be zero */
#define NS_KEY_NAME_TYPE 0x0300 /* these bits determine the type */
#define NS_KEY_NAME_USER 0x0000 /* key is assoc. with user */
#define NS_KEY_NAME_ENTITY 0x0200 /* key is assoc. with entity eg host */
#define NS_KEY_NAME_ZONE 0x0100 /* key is zone key */
#define NS_KEY_NAME_RESERVED 0x0300 /* reserved meaning */
#define NS_KEY_RESERVED8 0x0080 /* reserved - must be zero */
#define NS_KEY_RESERVED9 0x0040 /* reserved - must be zero */
#define NS_KEY_RESERVED10 0x0020 /* reserved - must be zero */
#define NS_KEY_RESERVED11 0x0010 /* reserved - must be zero */
#define NS_KEY_SIGNATORYMASK 0x000F /* key can sign RR's of same name */
#define NS_KEY_RESERVED_BITMASK ( NS_KEY_RESERVED2 | \
NS_KEY_RESERVED4 | \
NS_KEY_RESERVED5 | \
NS_KEY_RESERVED8 | \
NS_KEY_RESERVED9 | \
NS_KEY_RESERVED10 | \
NS_KEY_RESERVED11 )
#define NS_KEY_RESERVED_BITMASK2 0xFFFF /* no bits defined here */
/* The Algorithm field of the KEY and SIG RR's is an integer, {1..254} */
#define NS_ALG_MD5RSA 1 /* MD5 with RSA */
#define NS_ALG_DH 2 /* Diffie Hellman KEY */
#define NS_ALG_DSA 3 /* DSA KEY */
#define NS_ALG_DSS NS_ALG_DSA
#define NS_ALG_EXPIRE_ONLY 253 /* No alg, no security */
#define NS_ALG_PRIVATE_OID 254 /* Key begins with OID giving alg */
/* Protocol values */
/* value 0 is reserved */
#define NS_KEY_PROT_TLS 1
#define NS_KEY_PROT_EMAIL 2
#define NS_KEY_PROT_DNSSEC 3
#define NS_KEY_PROT_IPSEC 4
#define NS_KEY_PROT_ANY 255
/* Signatures */
#define NS_MD5RSA_MIN_BITS 512 /* Size of a mod or exp in bits */
#define NS_MD5RSA_MAX_BITS 2552
/* Total of binary mod and exp */
#define NS_MD5RSA_MAX_BYTES ((NS_MD5RSA_MAX_BITS+7/8)*2+3)
/* Max length of text sig block */
#define NS_MD5RSA_MAX_BASE64 (((NS_MD5RSA_MAX_BYTES+2)/3)*4)
#define NS_MD5RSA_MIN_SIZE ((NS_MD5RSA_MIN_BITS+7)/8)