1*4afad4b7Schristos /* $NetBSD: zonekey.c,v 1.1 2024/02/18 20:57:34 christos Exp $ */ 2*4afad4b7Schristos 3*4afad4b7Schristos /* 4*4afad4b7Schristos * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5*4afad4b7Schristos * 6*4afad4b7Schristos * SPDX-License-Identifier: MPL-2.0 7*4afad4b7Schristos * 8*4afad4b7Schristos * This Source Code Form is subject to the terms of the Mozilla Public 9*4afad4b7Schristos * License, v. 2.0. If a copy of the MPL was not distributed with this 10*4afad4b7Schristos * file, you can obtain one at https://mozilla.org/MPL/2.0/. 11*4afad4b7Schristos * 12*4afad4b7Schristos * See the COPYRIGHT file distributed with this work for additional 13*4afad4b7Schristos * information regarding copyright ownership. 14*4afad4b7Schristos */ 15*4afad4b7Schristos 16*4afad4b7Schristos /*! \file */ 17*4afad4b7Schristos 18*4afad4b7Schristos #include <stdbool.h> 19*4afad4b7Schristos 20*4afad4b7Schristos #include <isc/result.h> 21*4afad4b7Schristos #include <isc/types.h> 22*4afad4b7Schristos #include <isc/util.h> 23*4afad4b7Schristos 24*4afad4b7Schristos #include <dns/keyvalues.h> 25*4afad4b7Schristos #include <dns/rdata.h> 26*4afad4b7Schristos #include <dns/rdatastruct.h> 27*4afad4b7Schristos #include <dns/types.h> 28*4afad4b7Schristos #include <dns/zonekey.h> 29*4afad4b7Schristos 30*4afad4b7Schristos bool dns_zonekey_iszonekey(dns_rdata_t * keyrdata)31*4afad4b7Schristosdns_zonekey_iszonekey(dns_rdata_t *keyrdata) { 32*4afad4b7Schristos isc_result_t result; 33*4afad4b7Schristos dns_rdata_dnskey_t key; 34*4afad4b7Schristos bool iszonekey = true; 35*4afad4b7Schristos 36*4afad4b7Schristos REQUIRE(keyrdata != NULL); 37*4afad4b7Schristos 38*4afad4b7Schristos result = dns_rdata_tostruct(keyrdata, &key, NULL); 39*4afad4b7Schristos if (result != ISC_R_SUCCESS) { 40*4afad4b7Schristos return (false); 41*4afad4b7Schristos } 42*4afad4b7Schristos 43*4afad4b7Schristos if ((key.flags & DNS_KEYTYPE_NOAUTH) != 0) { 44*4afad4b7Schristos iszonekey = false; 45*4afad4b7Schristos } 46*4afad4b7Schristos if ((key.flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE) { 47*4afad4b7Schristos iszonekey = false; 48*4afad4b7Schristos } 49*4afad4b7Schristos if (key.protocol != DNS_KEYPROTO_DNSSEC && 50*4afad4b7Schristos key.protocol != DNS_KEYPROTO_ANY) 51*4afad4b7Schristos { 52*4afad4b7Schristos iszonekey = false; 53*4afad4b7Schristos } 54*4afad4b7Schristos 55*4afad4b7Schristos return (iszonekey); 56*4afad4b7Schristos } 57