Lines Matching defs:key
158 write_public_key(const dst_key_t *key, int type, const char *directory);
160 write_key_state(const dst_key_t *key, int type, const char *directory);
165 computeid(dst_key_t *key);
277 dst_context_create(dst_key_t *key, isc_mem_t *mctx, isc_logcategory_t *category,
283 REQUIRE(VALID_KEY(key));
287 if (key->func->createctx == NULL && key->func->createctx2 == NULL) {
290 if (key->keydata.generic == NULL) {
300 dst_key_attach(key, &dctx->key);
302 if (key->func->createctx2 != NULL) {
303 result = key->func->createctx2(key, maxbits, dctx);
305 result = key->func->createctx(key, dctx);
308 if (dctx->key != NULL) {
309 dst_key_free(&dctx->key);
327 INSIST(dctx->key->func->destroyctx != NULL);
328 dctx->key->func->destroyctx(dctx);
329 if (dctx->key != NULL) {
330 dst_key_free(&dctx->key);
340 INSIST(dctx->key->func->adddata != NULL);
342 return dctx->key->func->adddata(dctx, data);
347 dst_key_t *key;
352 key = dctx->key;
353 CHECKALG(key->key_alg);
354 if (key->keydata.generic == NULL) {
358 if (key->func->sign == NULL) {
361 if (key->func->isprivate == NULL || !key->func->isprivate(key)) {
365 return key->func->sign(dctx, sig);
373 CHECKALG(dctx->key->key_alg);
374 if (dctx->key->keydata.generic == NULL) {
377 if (dctx->key->func->verify == NULL) {
381 return dctx->key->func->verify(dctx, sig);
390 CHECKALG(dctx->key->key_alg);
391 if (dctx->key->keydata.generic == NULL) {
394 if (dctx->key->func->verify == NULL && dctx->key->func->verify2 == NULL)
399 return dctx->key->func->verify2 != NULL
400 ? dctx->key->func->verify2(dctx, maxbits, sig)
401 : dctx->key->func->verify(dctx, sig);
432 dst_key_tofile(const dst_key_t *key, int type, const char *directory) {
436 REQUIRE(VALID_KEY(key));
440 CHECKALG(key->key_alg);
442 if (key->func->tofile == NULL) {
447 ret = write_public_key(key, type, directory);
454 ret = write_key_state(key, type, directory);
461 (key->key_flags & DNS_KEYFLAG_TYPEMASK) != DNS_KEYTYPE_NOKEY)
463 return key->func->tofile(key, directory);
469 dst_key_setexternal(dst_key_t *key, bool value) {
470 REQUIRE(VALID_KEY(key));
472 key->external = value;
476 dst_key_isexternal(dst_key_t *key) {
477 REQUIRE(VALID_KEY(key));
479 return key->external;
483 dst_key_setmodified(dst_key_t *key, bool value) {
484 REQUIRE(VALID_KEY(key));
486 isc_mutex_lock(&key->mdlock);
487 key->modified = value;
488 isc_mutex_unlock(&key->mdlock);
492 dst_key_ismodified(const dst_key_t *key) {
495 REQUIRE(VALID_KEY(key));
497 isc_mutex_lock(&(((dst_key_t *)key)->mdlock));
498 modified = key->modified;
499 isc_mutex_unlock(&(((dst_key_t *)key)->mdlock));
537 dst_key_t *key;
547 key = NULL;
555 result = dst_key_fromnamedfile(filename, directory, type, mctx, &key);
560 result = computeid(key);
565 if (!dns_name_equal(name, key->key_name) || id != key->key_id ||
566 alg != key->key_alg)
572 *keyp = key;
576 if ((key != NULL) && (result != ISC_R_SUCCESS)) {
577 dst_key_free(&key);
587 dst_key_t *pubkey = NULL, *key = NULL;
598 /* If an absolute path is specified, don't use the key directory */
609 ".key");
653 key = get_key_struct(pubkey->key_name, pubkey->key_alg,
658 if (key->func->parse == NULL) {
675 RETERR(key->func->parse(key, lex, pubkey));
678 key->kasp = false;
680 result = dst_key_read_state(statefilename, mctx, &key);
682 key->kasp = true;
690 RETERR(computeid(key));
692 if (pubkey->key_id != key->key_id) {
696 key->modified = false;
699 key->directory = isc_mem_strdup(mctx, dirname);
701 *keyp = key;
702 key = NULL;
717 if (key != NULL) {
718 dst_key_free(&key);
724 dst_key_todns(const dst_key_t *key, isc_buffer_t *target) {
726 REQUIRE(VALID_KEY(key));
729 CHECKALG(key->key_alg);
731 if (key->func->todns == NULL) {
738 isc_buffer_putuint16(target, (uint16_t)(key->key_flags & 0xffff));
739 isc_buffer_putuint8(target, (uint8_t)key->key_proto);
740 isc_buffer_putuint8(target, (uint8_t)key->key_alg);
742 if ((key->key_flags & DNS_KEYFLAG_EXTENDED) != 0) {
747 target, (uint16_t)((key->key_flags >> 16) & 0xffff));
750 if (key->keydata.generic == NULL) { /*%< NULL KEY */
754 return key->func->todns(key, target);
769 dst_key_t *key = NULL;
797 no_rdata, &key);
801 key->key_id = id;
802 key->key_rid = rid;
804 *keyp = key;
812 dst_key_t *key = NULL;
818 false, &key);
823 result = computeid(key);
825 dst_key_free(&key);
829 *keyp = key;
834 dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) {
836 REQUIRE(VALID_KEY(key));
839 CHECKALG(key->key_alg);
841 if (key->func->todns == NULL) {
845 return key->func->todns(key, target);
849 dst_key_privatefrombuffer(dst_key_t *key, isc_buffer_t *buffer) {
854 REQUIRE(VALID_KEY(key));
855 REQUIRE(!dst_key_isprivate(key));
858 if (key->func->parse == NULL) {
862 isc_lex_create(key->mctx, 1500, &lex);
864 RETERR(key->func->parse(key, lex, NULL));
873 dst_key_getgssctx(const dst_key_t *key) {
874 REQUIRE(key != NULL);
876 return key->keydata.gssctx;
882 dst_key_t *key;
888 key = get_key_struct(name, DST_ALG_GSSAPI, 0, DNS_KEYPROTO_DNSSEC, 0,
896 isc_buffer_allocate(key->mctx, &key->key_tkeytoken,
898 RETERR(isc_buffer_copyregion(key->key_tkeytoken, intoken));
901 key->keydata.gssctx = gssctx;
902 *keyp = key;
906 dst_key_free(&key);
913 /* Create public key file. */
976 dst_key_t *key;
987 key = get_key_struct(name, alg, flags, protocol, bits, rdclass, 0,
990 key->keydata.generic = data;
992 result = computeid(key);
994 dst_key_free(&key);
998 *keyp = key;
1007 dst_key_t *key;
1018 key = get_key_struct(name, alg, flags, protocol, 0, rdclass, 0, mctx);
1020 if (key->func->fromlabel == NULL) {
1021 dst_key_free(&key);
1025 result = key->func->fromlabel(key, engine, label, pin);
1027 dst_key_free(&key);
1031 result = computeid(key);
1033 dst_key_free(&key);
1037 *keyp = key;
1046 dst_key_t *key;
1056 key = get_key_struct(name, alg, flags, protocol, bits, rdclass, 0,
1060 key->label = isc_mem_strdup(mctx, label);
1064 key->key_flags |= DNS_KEYTYPE_NOKEY;
1065 *keyp = key;
1069 if (key->func->generate == NULL) {
1070 dst_key_free(&key);
1074 ret = key->func->generate(key, param, callback);
1076 dst_key_free(&key);
1080 ret = computeid(key);
1082 dst_key_free(&key);
1086 *keyp = key;
1091 dst_key_getbool(const dst_key_t *key, int type, bool *valuep) {
1092 REQUIRE(VALID_KEY(key));
1096 isc_mutex_lock(&(((dst_key_t *)key)->mdlock));
1097 if (!key->boolset[type]) {
1098 isc_mutex_unlock(&(((dst_key_t *)key)->mdlock));
1101 *valuep = key->bools[type];
1102 isc_mutex_unlock(&(((dst_key_t *)key)->mdlock));
1108 dst_key_setbool(dst_key_t *key, int type, bool value) {
1109 REQUIRE(VALID_KEY(key));
1112 isc_mutex_lock(&key->mdlock);
1113 key->modified = key->modified || !key->boolset[type] ||
1114 key->bools[type] != value;
1115 key->bools[type] = value;
1116 key->boolset[type] = true;
1117 isc_mutex_unlock(&key->mdlock);
1121 dst_key_unsetbool(dst_key_t *key, int type) {
1122 REQUIRE(VALID_KEY(key));
1125 isc_mutex_lock(&key->mdlock);
1126 key->modified = key->modified || key->boolset[type];
1127 key->boolset[type] = false;
1128 isc_mutex_unlock(&key->mdlock);
1132 dst_key_getnum(const dst_key_t *key, int type, uint32_t *valuep) {
1133 REQUIRE(VALID_KEY(key));
1137 isc_mutex_lock(&(((dst_key_t *)key)->mdlock));
1138 if (!key->numset[type]) {
1139 isc_mutex_unlock(&(((dst_key_t *)key)->mdlock));
1142 *valuep = key->nums[type];
1143 isc_mutex_unlock(&(((dst_key_t *)key)->mdlock));
1149 dst_key_setnum(dst_key_t *key, int type, uint32_t value) {
1150 REQUIRE(VALID_KEY(key));
1153 isc_mutex_lock(&key->mdlock);
1154 key->modified = key->modified || !key->numset[type] ||
1155 key->nums[type] != value;
1156 key->nums[type] = value;
1157 key->numset[type] = true;
1158 isc_mutex_unlock(&key->mdlock);
1162 dst_key_unsetnum(dst_key_t *key, int type) {
1163 REQUIRE(VALID_KEY(key));
1166 isc_mutex_lock(&key->mdlock);
1167 key->modified = key->modified || key->numset[type];
1168 key->numset[type] = false;
1169 isc_mutex_unlock(&key->mdlock);
1173 dst_key_gettime(const dst_key_t *key, int type, isc_stdtime_t *timep) {
1174 REQUIRE(VALID_KEY(key));
1178 isc_mutex_lock(&(((dst_key_t *)key)->mdlock));
1179 if (!key->timeset[type]) {
1180 isc_mutex_unlock(&(((dst_key_t *)key)->mdlock));
1183 *timep = key->times[type];
1184 isc_mutex_unlock(&(((dst_key_t *)key)->mdlock));
1189 dst_key_settime(dst_key_t *key, int type, isc_stdtime_t when) {
1190 REQUIRE(VALID_KEY(key));
1193 isc_mutex_lock(&key->mdlock);
1194 key->modified = key->modified || !key->timeset[type] ||
1195 key->times[type] != when;
1196 key->times[type] = when;
1197 key->timeset[type] = true;
1198 isc_mutex_unlock(&key->mdlock);
1202 dst_key_unsettime(dst_key_t *key, int type) {
1203 REQUIRE(VALID_KEY(key));
1206 isc_mutex_lock(&key->mdlock);
1207 key->modified = key->modified || key->timeset[type];
1208 key->timeset[type] = false;
1209 isc_mutex_unlock(&key->mdlock);
1213 dst_key_getstate(const dst_key_t *key, int type, dst_key_state_t *statep) {
1214 REQUIRE(VALID_KEY(key));
1218 isc_mutex_lock(&(((dst_key_t *)key)->mdlock));
1219 if (!key->keystateset[type]) {
1220 isc_mutex_unlock(&(((dst_key_t *)key)->mdlock));
1223 *statep = key->keystates[type];
1224 isc_mutex_unlock(&(((dst_key_t *)key)->mdlock));
1230 dst_key_setstate(dst_key_t *key, int type, dst_key_state_t state) {
1231 REQUIRE(VALID_KEY(key));
1234 isc_mutex_lock(&key->mdlock);
1235 key->modified = key->modified || !key->keystateset[type] ||
1236 key->keystates[type] != state;
1237 key->keystates[type] = state;
1238 key->keystateset[type] = true;
1239 isc_mutex_unlock(&key->mdlock);
1243 dst_key_unsetstate(dst_key_t *key, int type) {
1244 REQUIRE(VALID_KEY(key));
1247 isc_mutex_lock(&key->mdlock);
1248 key->modified = key->modified || key->keystateset[type];
1249 key->keystateset[type] = false;
1250 isc_mutex_unlock(&key->mdlock);
1254 dst_key_getprivateformat(const dst_key_t *key, int *majorp, int *minorp) {
1255 REQUIRE(VALID_KEY(key));
1258 *majorp = key->fmt_major;
1259 *minorp = key->fmt_minor;
1264 dst_key_setprivateformat(dst_key_t *key, int major, int minor) {
1265 REQUIRE(VALID_KEY(key));
1266 key->fmt_major = major;
1267 key->fmt_minor = minor;
1402 dst_key_t *key = *keyp;
1405 if (isc_refcount_decrement(&key->refs) == 1) {
1406 isc_refcount_destroy(&key->refs);
1407 isc_mem_t *mctx = key->mctx;
1408 if (key->keydata.generic != NULL) {
1409 INSIST(key->func->destroy != NULL);
1410 key->func->destroy(key);
1412 if (key->directory != NULL) {
1413 isc_mem_free(mctx, key->directory);
1415 if (key->engine != NULL) {
1416 isc_mem_free(mctx, key->engine);
1418 if (key->label != NULL) {
1419 isc_mem_free(mctx, key->label);
1421 dns_name_free(key->key_name, mctx);
1422 isc_mem_put(mctx, key->key_name, sizeof(dns_name_t));
1423 if (key->key_tkeytoken) {
1424 isc_buffer_free(&key->key_tkeytoken);
1426 isc_mutex_destroy(&key->mdlock);
1427 isc_safe_memwipe(key, sizeof(*key));
1428 isc_mem_putanddetach(&mctx, key, sizeof(*key));
1433 dst_key_isprivate(const dst_key_t *key) {
1434 REQUIRE(VALID_KEY(key));
1435 INSIST(key->func->isprivate != NULL);
1436 return key->func->isprivate(key);
1440 dst_key_buildfilename(const dst_key_t *key, int type, const char *directory,
1442 REQUIRE(VALID_KEY(key));
1447 return buildfilename(key->key_name, key->key_id, key->key_alg, type,
1452 dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
1454 REQUIRE(VALID_KEY(key));
1457 switch (key->key_alg) {
1462 *n = (key->key_size + 7) / 8;
1504 * Set the flags on a key, then recompute the key ID
1507 dst_key_setflags(dst_key_t *key, uint32_t flags) {
1508 REQUIRE(VALID_KEY(key));
1509 key->key_flags = flags;
1510 return computeid(key);
1514 dst_key_format(const dst_key_t *key, char *cp, unsigned int size) {
1518 dns_name_format(dst_key_name(key), namestr, sizeof(namestr));
1519 dns_secalg_format((dns_secalg_t)dst_key_alg(key), algstr,
1521 snprintf(cp, size, "%s/%s/%d", namestr, algstr, dst_key_id(key));
1525 dst_key_dump(dst_key_t *key, isc_mem_t *mctx, char **buffer, int *length) {
1528 REQUIRE(VALID_KEY(key));
1530 if (key->func->dump == NULL) {
1533 return key->func->dump(key, mctx, buffer, length);
1541 dst_key_t *key;
1554 key = get_key_struct(name, alg, flags, protocol, 0, rdclass, 0, mctx);
1556 result = (dst_t_func[alg]->restore)(key, keystr);
1558 *keyp = key;
1560 dst_key_free(&key);
1571 * Allocates a key structure and fills in some of the fields.
1577 dst_key_t *key;
1579 key = isc_mem_get(mctx, sizeof(dst_key_t));
1580 *key = (dst_key_t){
1591 dns_name_init(key->key_name, NULL);
1592 dns_name_dup(name, mctx, key->key_name);
1594 isc_refcount_init(&key->refs, 1);
1595 isc_mem_attach(mctx, &key->mctx);
1597 isc_mutex_init(&key->mdlock);
1599 key->magic = KEY_MAGIC;
1600 return key;
1604 dst_key_inactive(const dst_key_t *key) {
1605 REQUIRE(VALID_KEY(key));
1607 return key->inactive;
1611 dst_key_setinactive(dst_key_t *key, bool inactive) {
1612 REQUIRE(VALID_KEY(key));
1614 key->inactive = inactive;
1618 * Reads a public key from disk.
1641 * <algorithm> <key>
1644 /* 1500 should be large enough for any key */
1666 * We don't support "@" in .key files.
1786 * Reads a key state from disk.
1951 issymmetric(const dst_key_t *key) {
1953 REQUIRE(VALID_KEY(key));
1955 switch (key->key_alg) {
1979 * Write key boolean metadata to a file pointer, preceded by 'tag'
1982 printbool(const dst_key_t *key, int type, const char *tag, FILE *stream) {
1986 result = dst_key_getbool(key, type, &value);
1994 * Write key numeric metadata to a file pointer, preceded by 'tag'
1997 printnum(const dst_key_t *key, int type, const char *tag, FILE *stream) {
2001 result = dst_key_getnum(key, type, &value);
2009 * Write key timing metadata to a file pointer, preceded by 'tag'
2012 printtime(const dst_key_t *key, int type, const char *tag, FILE *stream) {
2020 result = dst_key_gettime(key, type, &when);
2041 * Write key state metadata to a file pointer, preceded by 'tag'
2044 printstate(const dst_key_t *key, int type, const char *tag, FILE *stream) {
2048 result = dst_key_getstate(key, type, &value);
2056 * Writes a key state to disk.
2059 write_key_state(const dst_key_t *key, int type, const char *directory) {
2067 REQUIRE(VALID_KEY(key));
2073 result = dst_key_buildfilename(key, DST_TYPE_STATE, directory, &fileb);
2079 result = dst_key_buildfilename(key, DST_TYPE_TEMPLATE, directory,
2085 mode_t mode = issymmetric(key) ? S_IRUSR | S_IWUSR
2088 /* Create temporary public key file. */
2094 /* Write key state */
2096 fprintf(fp, "; This is the state of key %d, for ", key->key_id);
2097 result = dns_name_print(key->key_name, fp);
2103 fprintf(fp, "Algorithm: %u\n", key->key_alg);
2104 fprintf(fp, "Length: %u\n", key->key_size);
2106 printnum(key, DST_NUM_LIFETIME, "Lifetime", fp);
2107 printnum(key, DST_NUM_PREDECESSOR, "Predecessor", fp);
2108 printnum(key, DST_NUM_SUCCESSOR, "Successor", fp);
2110 printbool(key, DST_BOOL_KSK, "KSK", fp);
2111 printbool(key, DST_BOOL_ZSK, "ZSK", fp);
2113 printtime(key, DST_TIME_CREATED, "Generated", fp);
2114 printtime(key, DST_TIME_PUBLISH, "Published", fp);
2115 printtime(key, DST_TIME_ACTIVATE, "Active", fp);
2116 printtime(key, DST_TIME_INACTIVE, "Retired", fp);
2117 printtime(key, DST_TIME_REVOKE, "Revoked", fp);
2118 printtime(key, DST_TIME_DELETE, "Removed", fp);
2119 printtime(key, DST_TIME_DSPUBLISH, "DSPublish", fp);
2120 printtime(key, DST_TIME_DSDELETE, "DSRemoved", fp);
2121 printtime(key, DST_TIME_SYNCPUBLISH, "PublishCDS", fp);
2122 printtime(key, DST_TIME_SYNCDELETE, "DeleteCDS", fp);
2124 printnum(key, DST_NUM_DSPUBCOUNT, "DSPubCount", fp);
2125 printnum(key, DST_NUM_DSDELCOUNT, "DSDelCount", fp);
2127 printtime(key, DST_TIME_DNSKEY, "DNSKEYChange", fp);
2128 printtime(key, DST_TIME_ZRRSIG, "ZRRSIGChange", fp);
2129 printtime(key, DST_TIME_KRRSIG, "KRRSIGChange", fp);
2130 printtime(key, DST_TIME_DS, "DSChange", fp);
2132 printstate(key, DST_KEY_DNSKEY, "DNSKEYState", fp);
2133 printstate(key, DST_KEY_ZRRSIG, "ZRRSIGState", fp);
2134 printstate(key, DST_KEY_KRRSIG, "KRRSIGState", fp);
2135 printstate(key, DST_KEY_DS, "DSState", fp);
2136 printstate(key, DST_KEY_GOAL, "GoalState", fp);
2143 * Writes a public key to disk in DNS format.
2146 write_public_key(const dst_key_t *key, int type, const char *directory) {
2158 REQUIRE(VALID_KEY(key));
2164 result = dst_key_todns(key, &keyb);
2170 dns_rdata_fromregion(&rdata, key->key_class, dns_rdatatype_dnskey, &r);
2177 result = dns_rdataclass_totext(key->key_class, &classb);
2186 result = dst_key_buildfilename(key, DST_TYPE_PUBLIC, directory, &fileb);
2192 result = dst_key_buildfilename(key, DST_TYPE_TEMPLATE, directory,
2198 /* Create temporary public key file. */
2199 mode_t mode = issymmetric(key) ? S_IRUSR | S_IWUSR
2207 /* Write key information in comments */
2209 fprintf(fp, "; This is a %s%s-signing key, keyid %d, for ",
2210 (key->key_flags & DNS_KEYFLAG_REVOKE) != 0 ? "revoked "
2212 (key->key_flags & DNS_KEYFLAG_KSK) != 0 ? "key"
2214 key->key_id);
2215 result = dns_name_print(key->key_name, fp);
2221 printtime(key, DST_TIME_CREATED, "; Created", fp);
2222 printtime(key, DST_TIME_PUBLISH, "; Publish", fp);
2223 printtime(key, DST_TIME_ACTIVATE, "; Activate", fp);
2224 printtime(key, DST_TIME_REVOKE, "; Revoke", fp);
2225 printtime(key, DST_TIME_INACTIVE, "; Inactive", fp);
2226 printtime(key, DST_TIME_DELETE, "; Delete", fp);
2227 printtime(key, DST_TIME_SYNCPUBLISH, "; SyncPublish", fp);
2228 printtime(key, DST_TIME_SYNCDELETE, "; SyncDelete", fp);
2231 /* Now print the actual key */
2232 result = dns_name_print(key->key_name, fp);
2238 if (key->key_ttl != 0) {
2239 fprintf(fp, "%u ", key->key_ttl);
2274 suffix = ".key";
2305 computeid(dst_key_t *key) {
2312 ret = dst_key_todns(key, &dnsbuf);
2318 key->key_id = dst_region_computeid(&r);
2319 key->key_rid = dst_region_computerid(&r);
2328 dst_key_t *key;
2336 key = get_key_struct(name, alg, flags, protocol, 0, rdclass, 0, mctx);
2341 dst_key_free(&key);
2344 if (key->func->fromdns == NULL) {
2345 dst_key_free(&key);
2350 ret = key->func->fromdns(key, source);
2352 dst_key_free(&key);
2358 *keyp = key;
2382 } else if (olen > 4 && strcmp(ofilename + olen - 4, ".key") == 0) {
2402 dst_key_tkeytoken(const dst_key_t *key) {
2403 REQUIRE(VALID_KEY(key));
2404 return key->key_tkeytoken;
2408 * A key is considered unused if it does not have any timing metadata set
2413 dst_key_is_unused(dst_key_t *key) {
2419 REQUIRE(VALID_KEY(key));
2422 * None of the key timing metadata, except Created, may be set. Key
2456 if (dst_key_gettime(key, i, &val) == ISC_R_NOTFOUND) {
2460 * Found timing metadata and it is not related to key states.
2461 * This key is used.
2467 * If the state is not HIDDEN, the key is in use.
2470 if (dst_key_getstate(key, state_type, &st) != ISC_R_SUCCESS) {
2477 /* This key is unused. */
2482 dst_key_role(dst_key_t *key, bool *ksk, bool *zsk) {
2487 result = dst_key_getbool(key, DST_BOOL_KSK, &k);
2491 *ksk = ((dst_key_flags(key) & DNS_KEYFLAG_KSK) != 0);
2497 result = dst_key_getbool(key, DST_BOOL_ZSK, &z);
2501 *zsk = ((dst_key_flags(key) & DNS_KEYFLAG_KSK) == 0);
2508 /* Hints on key whether it can be published and/or used for signing. */
2511 dst_key_is_published(dst_key_t *key, isc_stdtime_t now,
2518 REQUIRE(VALID_KEY(key));
2520 result = dst_key_gettime(key, DST_TIME_PUBLISH, &when);
2526 /* Check key states:
2530 result = dst_key_getstate(key, DST_KEY_DNSKEY, &state);
2545 dst_key_is_active(dst_key_t *key, isc_stdtime_t now) {
2552 REQUIRE(VALID_KEY(key));
2554 result = dst_key_gettime(key, DST_TIME_INACTIVE, &when);
2559 result = dst_key_gettime(key, DST_TIME_ACTIVATE, &when);
2564 (void)dst_key_role(key, &ksk, &zsk);
2566 /* Check key states:
2567 * KSK: If the DS is RUMOURED or OMNIPRESENT the key is considered
2571 result = dst_key_getstate(key, DST_KEY_DS, &state);
2585 * key is active.
2588 result = dst_key_getstate(key, DST_KEY_ZRRSIG, &state);
2604 dst_key_is_signing(dst_key_t *key, int role, isc_stdtime_t now,
2612 REQUIRE(VALID_KEY(key));
2614 result = dst_key_gettime(key, DST_TIME_INACTIVE, &when);
2619 result = dst_key_gettime(key, DST_TIME_ACTIVATE, &when);
2625 (void)dst_key_role(key, &ksk, &zsk);
2627 /* Check key states:
2628 * If the RRSIG state is RUMOURED or OMNIPRESENT, it means the key
2632 result = dst_key_getstate(key, DST_KEY_KRRSIG, &state);
2644 result = dst_key_getstate(key, DST_KEY_ZRRSIG, &state);
2660 dst_key_is_revoked(dst_key_t *key, isc_stdtime_t now, isc_stdtime_t *revoke) {
2665 REQUIRE(VALID_KEY(key));
2667 result = dst_key_gettime(key, DST_TIME_REVOKE, &when);
2677 dst_key_is_removed(dst_key_t *key, isc_stdtime_t now, isc_stdtime_t *remove) {
2683 REQUIRE(VALID_KEY(key));
2685 if (dst_key_is_unused(key)) {
2686 /* This key was never used. */
2690 result = dst_key_gettime(key, DST_TIME_DELETE, &when);
2696 /* Check key states:
2697 * If the DNSKEY state is UNRETENTIVE or HIDDEN, it means the key
2700 result = dst_key_getstate(key, DST_KEY_DNSKEY, &state);
2715 dst_key_goal(dst_key_t *key) {
2719 REQUIRE(VALID_KEY(key));
2721 result = dst_key_getstate(key, DST_KEY_GOAL, &state);
2729 dst_key_haskasp(dst_key_t *key) {
2730 REQUIRE(VALID_KEY(key));
2732 return key->kasp;