130 verbose_key(struct autr_ta* ta, enum verbosity_value level, 
135  * @param ta: trust anchor key with DNSKEY data.
140 verbose_key(struct autr_ta* ta, enum verbosity_value level, 
146 		char* str = sldns_wire2str_dname(ta->rr, ta->dname_len);
148 			ta->rr, ta->rr_len, ta->dname_len),
149 			sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len,
150 			ta->dname_len));
162  * @param ta: trust key autotrust metadata
166 parse_comments(char* str, struct autr_ta* ta)
200                 ta->s = AUTR_STATE_VALID;
212                                 ta->s = s;
215 				verbose_key(ta, VERB_OPS, "has undefined "
217                                 ta->s = AUTR_STATE_START;
230                 ta->pending_count = 0;
234                 ta->pending_count = (uint8_t)atoi(comments);
251 		ta->last_change = 0;
253                 ta->last_change = (time_t)timestamp;
298 ta_is_dnskey_sep(struct autr_ta* ta)
301 		sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len),
302 		sldns_wirerr_get_rdata(ta->rr, ta->rr_len, ta->dname_len),
303 		sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, ta->dname_len)
315 /** create ta */
319 	struct autr_ta* ta = (struct autr_ta*)calloc(1, sizeof(*ta));
320 	if(!ta) {
324 	ta->rr = rr;
325 	ta->rr_len = rr_len;
326 	ta->dname_len = dname_len;
327 	return ta;
443 	struct autr_ta* ta = autr_ta_create(rr, rr_len, dname_len);
444 	if(!ta) 
448 		free(ta->rr);
449 		free(ta);
452 	/* add ta to tp */
453 	ta->next = (*tp)->autr->keys;
454 	(*tp)->autr->keys = ta;
456 	return ta;
529 	struct autr_ta* ta = NULL;
532 	ta = add_trustanchor_frm_str(anchors, str, &tp, origin, origin_len,
534 	if(!ta)
537 	if(!parse_comments(str, ta)) {
1102 	struct autr_ta* ta;
1142 	for(ta=tp->autr->keys; ta; ta=ta->next) {
1144 		if(ta->s == AUTR_STATE_START)
1146 		if(ta->s == AUTR_STATE_REMOVED)
1149 		if(sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len)
1152 		str = sldns_wire2str_rr(ta->rr, ta->rr_len);
1160 			";;lastchange=%u ;;%s", str, (int)ta->s, 
1161 			trustanchor_state2str(ta->s), (int)ta->pending_count,
1162 			(unsigned int)ta->last_change, 
1163 			ctime_r(&(ta->last_change), tmi)) < 0) {
1315 seen_trustanchor(struct autr_ta* ta, uint8_t seen)
1317 	ta->fetched = seen;
1318 	if(ta->pending_count < 250) /* no numerical overflow, please */
1319 		ta->pending_count++;
1324 seen_revoked_trustanchor(struct autr_ta* ta, uint8_t revoked)
1326 	ta->revoked = revoked;
1331 revoke_dnskey(struct autr_ta* ta, int off)
1335 	if(sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len) !=
1338 	if(sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, ta->dname_len) < 2)
1340 	data = sldns_wirerr_get_rdata(ta->rr, ta->rr_len, ta->dname_len);
1405  * @param result: returns NULL or the ta key looked for.
1412 	struct autr_ta* ta;
1417 	for(ta=tp->autr->keys; ta; ta=ta->next) {
1418 		if(ta_compare(ta, t, rdata, rdata_len) == 0) {
1419 			*result = ta;
1431 	struct autr_ta* ta;
1448 	ta = autr_ta_create(rr, rr_len, dname_len);
1449 	if(!ta) {
1454 	ta->next = tp->autr->keys;
1455 	tp->autr->keys = ta;
1456 	return ta;
1515 	struct autr_ta* ta;
1516 	for(ta=tp->autr->keys; ta; ta=ta->next) {
1517 		ta->fetched = 0;
1532 		struct autr_ta* ta = NULL;
1539 			dd->rr_data[i]+2, dd->rr_len[i]-2, &ta)) {
1543 		if(!ta)
1551 				ta->rr, ta->rr_len, ta->dname_len),
1552 				sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len,
1553 				ta->dname_len)) ||
1556 				ta->rr, ta->rr_len, ta->dname_len),
1557 				sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len,
1558 				ta->dname_len))); /* checks conversion*/
1559 			verbose_key(ta, VERB_ALGO, "is self-signed revoked");
1560 			if(!ta->revoked) 
1562 			seen_revoked_trustanchor(ta, 1);
1563 			do_revoked(env, ta, changed);
1624 		struct autr_ta* ta = NULL;
1646 			dd->rr_data[i]+2, dd->rr_len[i]-2, &ta)) {
1649 		if(!ta) {
1650 			ta = add_key(tp, (uint32_t)dd->rr_ttl[i],
1654 			if(ta && tp->ds_rrset && key_matches_a_ds(env, ve,
1656 				verbose_key(ta, VERB_ALGO, "verified by DS");
1657 				ta->s = AUTR_STATE_VALID;
1660 		if(!ta) {
1663 		seen_trustanchor(ta, 1);
1664 		verbose_key(ta, VERB_ALGO, "in DNS response");
1675  * @param ta: trust anchor to check for.
1680 check_holddown(struct module_env* env, struct autr_ta* ta,
1684 	if(*env->now < ta->last_change) {
1688 	elapsed = *env->now - ta->last_change;
1692 	verbose_key(ta, VERB_ALGO, "holddown time " ARG_LL "d seconds to go",
1700 reset_holddown(struct module_env* env, struct autr_ta* ta, int* changed)
1702 	ta->last_change = *env->now;
1708 set_trustanchor_state(struct module_env* env, struct autr_ta* ta, int* changed,
1711 	verbose_key(ta, VERB_ALGO, "update: %s to %s",
1712 		trustanchor_state2str(ta->s), trustanchor_state2str(s));
1713 	ta->s = s;
1714 	reset_holddown(env, ta, changed);
2256 autr_debug_print_ta(struct autr_ta* ta)
2259 	char* str = sldns_wire2str_rr(ta->rr, ta->rr_len);
2265 	ctime_r(&ta->last_change, buf);
2268 		trustanchor_state2str(ta->s), str, ta->s, ta->pending_count,
2269 		ta->fetched?" fetched":"", ta->revoked?" revoked":"", buf);
2277 	struct autr_ta* ta;
2306 	for(ta=tp->autr->keys; ta; ta=ta->next) {
2307 		autr_debug_print_ta(ta);

Indexes created Sat May 18 11:27:04 MDT 2024