keys.c
Go to the documentation of this file.
1/*
2 * keys.c handle private keys for use in DNSSEC
3 *
4 * This module should hide some of the openSSL complexities
5 * and give a general interface for private keys and hmac
6 * handling
7 *
8 * (c) NLnet Labs, 2004-2006
9 *
10 * See the file LICENSE for the license
11 */
12
13#include <ldns/config.h>
14
15#include <ldns/ldns.h>
16
17#ifdef HAVE_SSL
18#include <openssl/ui.h>
19#include <openssl/ssl.h>
20#include <openssl/rand.h>
21#include <openssl/bn.h>
22#include <openssl/rsa.h>
23#ifdef USE_DSA
24#include <openssl/dsa.h>
25#endif
26#if defined(HAVE_OPENSSL_ENGINE_H) && !defined(OPENSSL_NO_ENGINE)
27#include <openssl/engine.h>
28#else
29# ifndef OPENSSL_NO_ENGINE
30# define OPENSSL_NO_ENGINE
31# endif
32#endif
33#endif /* HAVE_SSL */
34
35ldns_lookup_table ldns_signing_algorithms[] = {
36 { LDNS_SIGN_RSAMD5, "RSAMD5" },
37 { LDNS_SIGN_RSASHA1, "RSASHA1" },
38 { LDNS_SIGN_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" },
39#ifdef USE_SHA2
40 { LDNS_SIGN_RSASHA256, "RSASHA256" },
41 { LDNS_SIGN_RSASHA512, "RSASHA512" },
42#endif
43#ifdef USE_GOST
44 { LDNS_SIGN_ECC_GOST, "ECC-GOST" },
45#endif
46#ifdef USE_ECDSA
47 { LDNS_SIGN_ECDSAP256SHA256, "ECDSAP256SHA256" },
48 { LDNS_SIGN_ECDSAP384SHA384, "ECDSAP384SHA384" },
49#endif
50#ifdef USE_ED25519
51 { LDNS_SIGN_ED25519, "ED25519" },
52#endif
53#ifdef USE_ED448
54 { LDNS_SIGN_ED448, "ED448" },
55#endif
56#ifdef USE_DSA
57 { LDNS_SIGN_DSA, "DSA" },
58 { LDNS_SIGN_DSA_NSEC3, "DSA-NSEC3-SHA1" },
59#endif
60 { LDNS_SIGN_HMACMD5, "hmac-md5.sig-alg.reg.int" },
61 { LDNS_SIGN_HMACSHA1, "hmac-sha1" },
62 { LDNS_SIGN_HMACSHA256, "hmac-sha256" },
63 { LDNS_SIGN_HMACSHA224, "hmac-sha224" },
64 { LDNS_SIGN_HMACSHA384, "hmac-sha384" },
65 { LDNS_SIGN_HMACSHA512, "hmac-sha512" },
66 { 0, NULL }
67};
68
69ldns_key_list *
70ldns_key_list_new(void)
71{
72 ldns_key_list *key_list = LDNS_MALLOC(ldns_key_list);
73 if (!key_list) {
74 return NULL;
75 } else {
76 key_list->_key_count = 0;
77 key_list->_keys = NULL;
78 return key_list;
79 }
80}
81
82ldns_key *
83ldns_key_new(void)
84{
85 ldns_key *newkey;
86
87 newkey = LDNS_MALLOC(ldns_key);
88 if (!newkey) {
89 return NULL;
90 } else {
91 /* some defaults - not sure whether to do this */
92 ldns_key_set_use(newkey, true);
93 ldns_key_set_flags(newkey, LDNS_KEY_ZONE_KEY);
94 ldns_key_set_origttl(newkey, 0);
95 ldns_key_set_keytag(newkey, 0);
96 ldns_key_set_inception(newkey, 0);
97 ldns_key_set_expiration(newkey, 0);
98 ldns_key_set_pubkey_owner(newkey, NULL);
99#ifdef HAVE_SSL
100 ldns_key_set_evp_key(newkey, NULL);
101#endif /* HAVE_SSL */
102 ldns_key_set_hmac_key(newkey, NULL);
103 ldns_key_set_external_key(newkey, NULL);
104 return newkey;
105 }
106}
107
108ldns_status
109ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
110{
111 return ldns_key_new_frm_fp_l(k, fp, NULL);
112}
113
114#if defined(HAVE_SSL) && !defined(OPENSSL_NO_ENGINE)
115ldns_status
116ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
117{
118 ldns_key *k;
119
120 k = ldns_key_new();
121 if(!k) return LDNS_STATUS_MEM_ERR;
122#ifndef S_SPLINT_S
123 ldns_key_set_algorithm(k, (ldns_signing_algorithm) alg);
124 k->_key.key = ENGINE_load_private_key(e, key_id, UI_OpenSSL(), NULL);
125 if (!k->_key.key) {
126 ldns_key_free(k);
127 return LDNS_STATUS_ENGINE_KEY_NOT_LOADED;
128 }
129#endif /* splint */
130 *key = k;
131 return LDNS_STATUS_OK;
132}
133#endif
134
135#if defined(USE_GOST) && !defined(OPENSSL_NO_ENGINE)
137ENGINE* ldns_gost_engine = NULL;
138
139int
140ldns_key_EVP_load_gost_id(void)
141{
142 static int gost_id = 0;
143 const EVP_PKEY_ASN1_METHOD* meth;
144 ENGINE* e;
145
146 if(gost_id) return gost_id;
147
148 /* see if configuration loaded gost implementation from other engine*/
149 meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1);
150 if(meth) {
151 EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
152 return gost_id;
153 }
154
155 /* see if engine can be loaded already */
156 e = ENGINE_by_id("gost");
157 if(!e) {
158 /* load it ourself, in case statically linked */
159 ENGINE_load_builtin_engines();
160 ENGINE_load_dynamic();
161 e = ENGINE_by_id("gost");
162 }
163 if(!e) {
164 /* no gost engine in openssl */
165 return 0;
166 }
167 if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
168 ENGINE_finish(e);
169 ENGINE_free(e);
170 return 0;
171 }
172
173 meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1);
174 if(!meth) {
175 /* algo not found */
176 ENGINE_finish(e);
177 ENGINE_free(e);
178 return 0;
179 }
180 /* Note: do not ENGINE_finish and ENGINE_free the acquired engine
181 * on some platforms this frees up the meth and unloads gost stuff */
182 ldns_gost_engine = e;
183
184 EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
185 return gost_id;
186}
187
188void ldns_key_EVP_unload_gost(void)
189{
190 if(ldns_gost_engine) {
191 ENGINE_finish(ldns_gost_engine);
192 ENGINE_free(ldns_gost_engine);
193 ldns_gost_engine = NULL;
194 }
195}
196
198static EVP_PKEY*
199ldns_key_new_frm_fp_gost_l(FILE* fp, int* line_nr)
200{
201 char token[16384];
202 const unsigned char* pp;
203 int gost_id;
204 EVP_PKEY* pkey;
205 ldns_rdf* b64rdf = NULL;
206
207 gost_id = ldns_key_EVP_load_gost_id();
208 if(!gost_id)
209 return NULL;
210
211 if (ldns_fget_keyword_data_l(fp, "GostAsn1", ": ", token, "\n",
212 sizeof(token), line_nr) == -1)
213 return NULL;
214 while(strlen(token) < 96) {
215 /* read more b64 from the file, b64 split on multiple lines */
216 if(ldns_fget_token_l(fp, token+strlen(token), "\n",
217 sizeof(token)-strlen(token), line_nr) == -1)
218 return NULL;
219 }
220 if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
221 return NULL;
222 pp = (unsigned char*)ldns_rdf_data(b64rdf);
223 pkey = d2i_PrivateKey(gost_id, NULL, &pp, (int)ldns_rdf_size(b64rdf));
224 ldns_rdf_deep_free(b64rdf);
225 return pkey;
226}
227#endif
228
229#ifdef USE_ECDSA
231static int
232ldns_EC_KEY_calc_public(EC_KEY* ec)
233{
234 EC_POINT* pub_key;
235 const EC_GROUP* group;
236 group = EC_KEY_get0_group(ec);
237 pub_key = EC_POINT_new(group);
238 if(!pub_key) return 0;
239 if(!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
240 EC_POINT_free(pub_key);
241 return 0;
242 }
243 if(!EC_POINT_mul(group, pub_key, EC_KEY_get0_private_key(ec),
244 NULL, NULL, NULL)) {
245 EC_POINT_free(pub_key);
246 return 0;
247 }
248 if(EC_KEY_set_public_key(ec, pub_key) == 0) {
249 EC_POINT_free(pub_key);
250 return 0;
251 }
252 EC_POINT_free(pub_key);
253 return 1;
254}
255
257static EVP_PKEY*
258ldns_key_new_frm_fp_ecdsa_l(FILE* fp, ldns_algorithm alg, int* line_nr)
259{
260 char token[16384];
261 ldns_rdf* b64rdf = NULL;
262 unsigned char* pp;
263 BIGNUM* bn;
264 EVP_PKEY* evp_key;
265 EC_KEY* ec;
266 if (ldns_fget_keyword_data_l(fp, "PrivateKey", ": ", token, "\n",
267 sizeof(token), line_nr) == -1)
268 return NULL;
269 if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
270 return NULL;
271 pp = (unsigned char*)ldns_rdf_data(b64rdf);
272
273 if(alg == LDNS_ECDSAP256SHA256)
274 ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
275 else if(alg == LDNS_ECDSAP384SHA384)
276 ec = EC_KEY_new_by_curve_name(NID_secp384r1);
277 else ec = NULL;
278 if(!ec) {
279 ldns_rdf_deep_free(b64rdf);
280 return NULL;
281 }
282 bn = BN_bin2bn(pp, (int)ldns_rdf_size(b64rdf), NULL);
283 ldns_rdf_deep_free(b64rdf);
284 if(!bn) {
285 EC_KEY_free(ec);
286 return NULL;
287 }
288 EC_KEY_set_private_key(ec, bn);
289 BN_free(bn);
290 if(!ldns_EC_KEY_calc_public(ec)) {
291 EC_KEY_free(ec);
292 return NULL;
293 }
294
295 evp_key = EVP_PKEY_new();
296 if(!evp_key) {
297 EC_KEY_free(ec);
298 return NULL;
299 }
300 if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
301 EVP_PKEY_free(evp_key);
302 EC_KEY_free(ec);
303 return NULL;
304 }
305 return evp_key;
306}
307#endif
308
309#ifdef USE_ED25519
311static EVP_PKEY*
312ldns_ed25519_priv_raw(uint8_t* pkey, int plen)
313{
314 const unsigned char* pp;
315 uint8_t buf[256];
316 int buflen = 0;
317 uint8_t pre[] = {0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
318 0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20};
319 int pre_len = 16;
320 /* ASN looks like this for ED25519 public key
321 * 302a300506032b6570032100 <32byteskey>
322 * for ED25519 private key
323 * 302e020100300506032b657004220420 <32bytes>
324 *
325 * for X25519 this was
326 * 30320201010420 <32byteskey>
327 * andparameters a00b06092b06010401da470f01
328 * (noparameters, preamble is 30250201010420).
329 * the key is reversed (little endian).
330 */
331 buflen = pre_len + plen;
332 if((size_t)buflen > sizeof(buf))
333 return NULL;
334 memmove(buf, pre, pre_len);
335 memmove(buf+pre_len, pkey, plen);
336 /* reverse the pkey into the buf - key is not reversed it seems */
337 /* for(i=0; i<plen; i++)
338 buf[pre_len+i] = pkey[plen-1-i]; */
339 pp = buf;
340 return d2i_PrivateKey(NID_ED25519, NULL, &pp, buflen);
341}
342
344static EVP_PKEY*
345ldns_key_new_frm_fp_ed25519_l(FILE* fp, int* line_nr)
346{
347 char token[16384];
348 ldns_rdf* b64rdf = NULL;
349 EVP_PKEY* evp_key;
350 if (ldns_fget_keyword_data_l(fp, "PrivateKey", ": ", token, "\n",
351 sizeof(token), line_nr) == -1)
352 return NULL;
353 if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
354 return NULL;
355
356 /* we use d2i_ECPrivateKey because it calculates the public key
357 * from the private part, which others, EC_KEY_set_private_key,
358 * and o2i methods, do not do */
359 /* for that the private key has to be encoded in ASN1 notation
360 * with a ED25519 prefix on it */
361
362 evp_key = ldns_ed25519_priv_raw(ldns_rdf_data(b64rdf),
363 (int)ldns_rdf_size(b64rdf));
364 ldns_rdf_deep_free(b64rdf);
365 return evp_key;
366}
367#endif
368
369#ifdef USE_ED448
371static EVP_PKEY*
372ldns_ed448_priv_raw(uint8_t* pkey, int plen)
373{
374 const unsigned char* pp;
375 uint8_t buf[256];
376 int buflen = 0;
377 uint8_t pre[] = {0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39};
378 int pre_len = 16;
379 /* ASN looks like this for ED448
380 * 3047020100300506032b6571043b0439 <57bytekey>
381 * the key is reversed (little endian).
382 */
383 buflen = pre_len + plen;
384 if((size_t)buflen > sizeof(buf))
385 return NULL;
386 memmove(buf, pre, pre_len);
387 memmove(buf+pre_len, pkey, plen);
388 /* reverse the pkey into the buf - key is not reversed it seems */
389 /* for(i=0; i<plen; i++)
390 buf[pre_len+i] = pkey[plen-1-i]; */
391 pp = buf;
392 return d2i_PrivateKey(NID_ED448, NULL, &pp, buflen);
393}
394
396static EVP_PKEY*
397ldns_key_new_frm_fp_ed448_l(FILE* fp, int* line_nr)
398{
399 char token[16384];
400 ldns_rdf* b64rdf = NULL;
401 EVP_PKEY* evp_key;
402 if (ldns_fget_keyword_data_l(fp, "PrivateKey", ": ", token, "\n",
403 sizeof(token), line_nr) == -1)
404 return NULL;
405 if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
406 return NULL;
407
408 /* convert private key into ASN notation and then convert that */
409 evp_key = ldns_ed448_priv_raw(ldns_rdf_data(b64rdf),
410 (int)ldns_rdf_size(b64rdf));
411 ldns_rdf_deep_free(b64rdf);
412 return evp_key;
413}
414#endif
415
416ldns_status
417ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
418{
419 ldns_key *k;
420 char *d;
421 ldns_signing_algorithm alg;
422 ldns_rr *key_rr;
423#ifdef HAVE_SSL
424 RSA *rsa;
425#ifdef USE_DSA
426 DSA *dsa;
427#endif
428 unsigned char *hmac;
429 size_t hmac_size;
430#endif /* HAVE_SSL */
431
432 k = ldns_key_new();
433
434 d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
435 if (!k || !d) {
436 ldns_key_free(k);
437 LDNS_FREE(d);
438 return LDNS_STATUS_MEM_ERR;
439 }
440
441 alg = 0;
442
443 /* the file is highly structured. Do this in sequence */
444 /* RSA:
445 * Private-key-format: v1.x.
446 * Algorithm: 1 (RSA)
447
448 */
449 /* get the key format version number */
450 if (ldns_fget_keyword_data_l(fp, "Private-key-format", ": ", d, "\n",
451 LDNS_MAX_LINELEN, line_nr) == -1) {
452 /* no version information */
453 ldns_key_free(k);
454 LDNS_FREE(d);
455 return LDNS_STATUS_SYNTAX_ERR;
456 }
457 if (strncmp(d, "v1.", 3) != 0) {
458 ldns_key_free(k);
459 LDNS_FREE(d);
460 return LDNS_STATUS_SYNTAX_VERSION_ERR;
461 }
462
463 /* get the algorithm type, our file function strip ( ) so there are
464 * not in the return string! */
465 if (ldns_fget_keyword_data_l(fp, "Algorithm", ": ", d, "\n",
466 LDNS_MAX_LINELEN, line_nr) == -1) {
467 /* no alg information */
468 ldns_key_free(k);
469 LDNS_FREE(d);
470 return LDNS_STATUS_SYNTAX_ALG_ERR;
471 }
472
473 if (strncmp(d, "1 RSA", 2) == 0) {
474 alg = LDNS_SIGN_RSAMD5;
475 }
476 if (strncmp(d, "2 DH", 2) == 0) {
477 alg = (ldns_signing_algorithm)LDNS_DH;
478 }
479 if (strncmp(d, "3 DSA", 2) == 0) {
480#ifdef USE_DSA
481 alg = LDNS_SIGN_DSA;
482#else
483# ifdef STDERR_MSGS
484 fprintf(stderr, "Warning: DSA not compiled into this ");
485 fprintf(stderr, "version of ldns\n");
486# endif
487#endif
488 }
489 if (strncmp(d, "4 ECC", 2) == 0) {
490 alg = (ldns_signing_algorithm)LDNS_ECC;
491 }
492 if (strncmp(d, "5 RSASHA1", 2) == 0) {
493 alg = LDNS_SIGN_RSASHA1;
494 }
495 if (strncmp(d, "6 DSA", 2) == 0) {
496#ifdef USE_DSA
497 alg = LDNS_SIGN_DSA_NSEC3;
498#else
499# ifdef STDERR_MSGS
500 fprintf(stderr, "Warning: DSA not compiled into this ");
501 fprintf(stderr, "version of ldns\n");
502# endif
503#endif
504 }
505 if (strncmp(d, "7 RSASHA1", 2) == 0) {
506 alg = LDNS_SIGN_RSASHA1_NSEC3;
507 }
508
509 if (strncmp(d, "8 RSASHA256", 2) == 0) {
510#ifdef USE_SHA2
511 alg = LDNS_SIGN_RSASHA256;
512#else
513# ifdef STDERR_MSGS
514 fprintf(stderr, "Warning: SHA256 not compiled into this ");
515 fprintf(stderr, "version of ldns\n");
516# endif
517#endif
518 }
519 if (strncmp(d, "10 RSASHA512", 3) == 0) {
520#ifdef USE_SHA2
521 alg = LDNS_SIGN_RSASHA512;
522#else
523# ifdef STDERR_MSGS
524 fprintf(stderr, "Warning: SHA512 not compiled into this ");
525 fprintf(stderr, "version of ldns\n");
526# endif
527#endif
528 }
529 if (strncmp(d, "12 ECC-GOST", 3) == 0) {
530#ifdef USE_GOST
531 alg = LDNS_SIGN_ECC_GOST;
532#else
533# ifdef STDERR_MSGS
534 fprintf(stderr, "Warning: ECC-GOST not compiled into this ");
535 fprintf(stderr, "version of ldns, use --enable-gost\n");
536# endif
537#endif
538 }
539 if (strncmp(d, "13 ECDSAP256SHA256", 3) == 0) {
540#ifdef USE_ECDSA
541 alg = LDNS_SIGN_ECDSAP256SHA256;
542#else
543# ifdef STDERR_MSGS
544 fprintf(stderr, "Warning: ECDSA not compiled into this ");
545 fprintf(stderr, "version of ldns, use --enable-ecdsa\n");
546# endif
547#endif
548 }
549 if (strncmp(d, "14 ECDSAP384SHA384", 3) == 0) {
550#ifdef USE_ECDSA
551 alg = LDNS_SIGN_ECDSAP384SHA384;
552#else
553# ifdef STDERR_MSGS
554 fprintf(stderr, "Warning: ECDSA not compiled into this ");
555 fprintf(stderr, "version of ldns, use --enable-ecdsa\n");
556# endif
557#endif
558 }
559 if (strncmp(d, "15 ED25519", 3) == 0) {
560#ifdef USE_ED25519
561 alg = LDNS_SIGN_ED25519;
562#else
563# ifdef STDERR_MSGS
564 fprintf(stderr, "Warning: ED25519 not compiled into this ");
565 fprintf(stderr, "version of ldns, use --enable-ed25519\n");
566# endif
567#endif
568 }
569 if (strncmp(d, "16 ED448", 3) == 0) {
570#ifdef USE_ED448
571 alg = LDNS_SIGN_ED448;
572#else
573# ifdef STDERR_MSGS
574 fprintf(stderr, "Warning: ED448 not compiled into this ");
575 fprintf(stderr, "version of ldns, use --enable-ed448\n");
576# endif
577#endif
578 }
579 if (strncmp(d, "157 HMAC-MD5", 4) == 0) {
580 alg = LDNS_SIGN_HMACMD5;
581 }
582 if (strncmp(d, "158 HMAC-SHA1", 4) == 0) {
583 alg = LDNS_SIGN_HMACSHA1;
584 }
585 if (strncmp(d, "159 HMAC-SHA256", 4) == 0) {
586 alg = LDNS_SIGN_HMACSHA256;
587 }
588 /* For compatibility with dnssec-keygen */
589 if (strncmp(d, "161 ", 4) == 0) {
590 alg = LDNS_SIGN_HMACSHA1;
591 }
592 if (strncmp(d, "162 HMAC-SHA224", 4) == 0) {
593 alg = LDNS_SIGN_HMACSHA224;
594 }
595 /* For compatibility with dnssec-keygen */
596 if (strncmp(d, "163 ", 4) == 0) {
597 alg = LDNS_SIGN_HMACSHA256;
598 }
599 if (strncmp(d, "164 HMAC-SHA384", 4) == 0) {
600 alg = LDNS_SIGN_HMACSHA384;
601 }
602 if (strncmp(d, "165 HMAC-SHA512", 4) == 0) {
603 alg = LDNS_SIGN_HMACSHA512;
604 }
605 LDNS_FREE(d);
606
607 switch(alg) {
608 case LDNS_SIGN_RSAMD5:
609 case LDNS_SIGN_RSASHA1:
610 case LDNS_SIGN_RSASHA1_NSEC3:
611#ifdef USE_SHA2
612 case LDNS_SIGN_RSASHA256:
613 case LDNS_SIGN_RSASHA512:
614#endif
615 ldns_key_set_algorithm(k, alg);
616#ifdef HAVE_SSL
617 rsa = ldns_key_new_frm_fp_rsa_l(fp, line_nr);
618 if (!rsa) {
619 ldns_key_free(k);
620 return LDNS_STATUS_ERR;
621 }
622 ldns_key_assign_rsa_key(k, rsa);
623#endif /* HAVE_SSL */
624 break;
625#ifdef USE_DSA
626 case LDNS_SIGN_DSA:
627 case LDNS_SIGN_DSA_NSEC3:
628 ldns_key_set_algorithm(k, alg);
629#ifdef HAVE_SSL
630 dsa = ldns_key_new_frm_fp_dsa_l(fp, line_nr);
631 if (!dsa) {
632 ldns_key_free(k);
633 return LDNS_STATUS_ERR;
634 }
635 ldns_key_assign_dsa_key(k, dsa);
636#endif /* HAVE_SSL */
637 break;
638#endif /* USE_DSA */
639 case LDNS_SIGN_HMACMD5:
640 case LDNS_SIGN_HMACSHA1:
641 case LDNS_SIGN_HMACSHA224:
642 case LDNS_SIGN_HMACSHA256:
643 case LDNS_SIGN_HMACSHA384:
644 case LDNS_SIGN_HMACSHA512:
645 ldns_key_set_algorithm(k, alg);
646#ifdef HAVE_SSL
647 hmac = ldns_key_new_frm_fp_hmac_l(fp, line_nr, &hmac_size);
648 if (!hmac) {
649 ldns_key_free(k);
650 return LDNS_STATUS_ERR;
651 }
652 ldns_key_set_hmac_size(k, hmac_size);
653 ldns_key_set_hmac_key(k, hmac);
654#endif /* HAVE_SSL */
655 break;
656 case LDNS_SIGN_ECC_GOST:
657 ldns_key_set_algorithm(k, alg);
658#if defined(HAVE_SSL) && defined(USE_GOST)
659 if(!ldns_key_EVP_load_gost_id()) {
660 ldns_key_free(k);
661 return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL;
662 }
663 ldns_key_set_evp_key(k,
664 ldns_key_new_frm_fp_gost_l(fp, line_nr));
665#ifndef S_SPLINT_S
666 if(!k->_key.key) {
667 ldns_key_free(k);
668 return LDNS_STATUS_ERR;
669 }
670#endif /* splint */
671#endif
672 break;
673#ifdef USE_ECDSA
674 case LDNS_SIGN_ECDSAP256SHA256:
675 case LDNS_SIGN_ECDSAP384SHA384:
676 ldns_key_set_algorithm(k, alg);
677 ldns_key_set_evp_key(k,
678 ldns_key_new_frm_fp_ecdsa_l(fp, (ldns_algorithm)alg, line_nr));
679#ifndef S_SPLINT_S
680 if(!k->_key.key) {
681 ldns_key_free(k);
682 return LDNS_STATUS_ERR;
683 }
684#endif /* splint */
685 break;
686#endif
687#ifdef USE_ED25519
688 case LDNS_SIGN_ED25519:
689 ldns_key_set_algorithm(k, alg);
690 ldns_key_set_evp_key(k,
691 ldns_key_new_frm_fp_ed25519_l(fp, line_nr));
692#ifndef S_SPLINT_S
693 if(!k->_key.key) {
694 ldns_key_free(k);
695 return LDNS_STATUS_ERR;
696 }
697#endif /* splint */
698 break;
699#endif
700#ifdef USE_ED448
701 case LDNS_SIGN_ED448:
702 ldns_key_set_algorithm(k, alg);
703 ldns_key_set_evp_key(k,
704 ldns_key_new_frm_fp_ed448_l(fp, line_nr));
705#ifndef S_SPLINT_S
706 if(!k->_key.key) {
707 ldns_key_free(k);
708 return LDNS_STATUS_ERR;
709 }
710#endif /* splint */
711 break;
712#endif
713 default:
714 ldns_key_free(k);
715 return LDNS_STATUS_SYNTAX_ALG_ERR;
716 }
717 key_rr = ldns_key2rr(k);
718 ldns_key_set_keytag(k, ldns_calc_keytag(key_rr));
719 ldns_rr_free(key_rr);
720
721 if (key) {
722 *key = k;
723 return LDNS_STATUS_OK;
724 }
725 ldns_key_free(k);
726 return LDNS_STATUS_ERR;
727}
728
729#ifdef HAVE_SSL
730RSA *
731ldns_key_new_frm_fp_rsa(FILE *f)
732{
733 return ldns_key_new_frm_fp_rsa_l(f, NULL);
734}
735
736RSA *
737ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
738{
739 /* we parse
740 * Modulus:
741 * PublicExponent:
742 * PrivateExponent:
743 * Prime1:
744 * Prime2:
745 * Exponent1:
746 * Exponent2:
747 * Coefficient:
748 *
749 * man 3 RSA:
750 *
751 * struct
752 * {
753 * BIGNUM *n; // public modulus
754 * BIGNUM *e; // public exponent
755 * BIGNUM *d; // private exponent
756 * BIGNUM *p; // secret prime factor
757 * BIGNUM *q; // secret prime factor
758 * BIGNUM *dmp1; // d mod (p-1)
759 * BIGNUM *dmq1; // d mod (q-1)
760 * BIGNUM *iqmp; // q^-1 mod p
761 * // ...
762 *
763 */
764 char *b;
765 RSA *rsa;
766 uint8_t *buf;
767 int i;
768 BIGNUM *n=NULL, *e=NULL, *d=NULL, *p=NULL, *q=NULL,
769 *dmp1=NULL, *dmq1=NULL, *iqmp=NULL;
770
771 b = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
772 buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
773 rsa = RSA_new();
774 if (!b || !rsa || !buf) {
775 goto error;
776 }
777
778 /* I could use functions again, but that seems an overkill,
779 * although this also looks tedious
780 */
781
782 /* Modules, rsa->n */
783 if (ldns_fget_keyword_data_l(f, "Modulus", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
784 goto error;
785 }
786 i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
787#ifndef S_SPLINT_S
788 n = BN_bin2bn((const char unsigned*)buf, i, NULL);
789 if (!n) {
790 goto error;
791 }
792
793 /* PublicExponent, rsa->e */
794 if (ldns_fget_keyword_data_l(f, "PublicExponent", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
795 goto error;
796 }
797 i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
798 e = BN_bin2bn((const char unsigned*)buf, i, NULL);
799 if (!e) {
800 goto error;
801 }
802
803 /* PrivateExponent, rsa->d */
804 if (ldns_fget_keyword_data_l(f, "PrivateExponent", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
805 goto error;
806 }
807 i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
808 d = BN_bin2bn((const char unsigned*)buf, i, NULL);
809 if (!d) {
810 goto error;
811 }
812
813 /* Prime1, rsa->p */
814 if (ldns_fget_keyword_data_l(f, "Prime1", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
815 goto error;
816 }
817 i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
818 p = BN_bin2bn((const char unsigned*)buf, i, NULL);
819 if (!p) {
820 goto error;
821 }
822
823 /* Prime2, rsa->q */
824 if (ldns_fget_keyword_data_l(f, "Prime2", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
825 goto error;
826 }
827 i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
828 q = BN_bin2bn((const char unsigned*)buf, i, NULL);
829 if (!q) {
830 goto error;
831 }
832
833 /* Exponent1, rsa->dmp1 */
834 if (ldns_fget_keyword_data_l(f, "Exponent1", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
835 goto error;
836 }
837 i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
838 dmp1 = BN_bin2bn((const char unsigned*)buf, i, NULL);
839 if (!dmp1) {
840 goto error;
841 }
842
843 /* Exponent2, rsa->dmq1 */
844 if (ldns_fget_keyword_data_l(f, "Exponent2", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
845 goto error;
846 }
847 i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
848 dmq1 = BN_bin2bn((const char unsigned*)buf, i, NULL);
849 if (!dmq1) {
850 goto error;
851 }
852
853 /* Coefficient, rsa->iqmp */
854 if (ldns_fget_keyword_data_l(f, "Coefficient", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
855 goto error;
856 }
857 i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
858 iqmp = BN_bin2bn((const char unsigned*)buf, i, NULL);
859 if (!iqmp) {
860 goto error;
861 }
862#endif /* splint */
863
864#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000)
865# ifndef S_SPLINT_S
866 rsa->n = n;
867 rsa->e = e;
868 rsa->d = d;
869 rsa->p = p;
870 rsa->q = q;
871 rsa->dmp1 = dmp1;
872 rsa->dmq1 = dmq1;
873 rsa->iqmp = iqmp;
874# endif
875#else
876 if(!RSA_set0_key(rsa, n, e, d))
877 goto error;
878 n = NULL;
879 e = NULL;
880 d = NULL;
881 if(!RSA_set0_factors(rsa, p, q))
882 goto error;
883 p = NULL;
884 q = NULL;
885 if(!RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))
886 goto error;
887#endif
888
889 LDNS_FREE(buf);
890 LDNS_FREE(b);
891 return rsa;
892
893error:
894 RSA_free(rsa);
895 LDNS_FREE(b);
896 LDNS_FREE(buf);
897 BN_free(n);
898 BN_free(e);
899 BN_free(d);
900 BN_free(p);
901 BN_free(q);
902 BN_free(dmp1);
903 BN_free(dmq1);
904 BN_free(iqmp);
905 return NULL;
906}
907
908#ifdef USE_DSA
909DSA *
910ldns_key_new_frm_fp_dsa(FILE *f)
911{
912 return ldns_key_new_frm_fp_dsa_l(f, NULL);
913}
914
915DSA *
916ldns_key_new_frm_fp_dsa_l(FILE *f, ATTR_UNUSED(int *line_nr))
917{
918 int i;
919 char *d;
920 DSA *dsa;
921 uint8_t *buf;
922 BIGNUM *p=NULL, *q=NULL, *g=NULL, *priv_key=NULL, *pub_key=NULL;
923
924 d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
925 buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
926 dsa = DSA_new();
927 if (!d || !dsa || !buf) {
928 goto error;
929 }
930
931 /* the line parser removes the () from the input... */
932
933 /* Prime, dsa->p */
934 if (ldns_fget_keyword_data_l(f, "Primep", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
935 goto error;
936 }
937 i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
938#ifndef S_SPLINT_S
939 p = BN_bin2bn((const char unsigned*)buf, i, NULL);
940 if (!p) {
941 goto error;
942 }
943
944 /* Subprime, dsa->q */
945 if (ldns_fget_keyword_data_l(f, "Subprimeq", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
946 goto error;
947 }
948 i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
949 q = BN_bin2bn((const char unsigned*)buf, i, NULL);
950 if (!q) {
951 goto error;
952 }
953
954 /* Base, dsa->g */
955 if (ldns_fget_keyword_data_l(f, "Baseg", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
956 goto error;
957 }
958 i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
959 g = BN_bin2bn((const char unsigned*)buf, i, NULL);
960 if (!g) {
961 goto error;
962 }
963
964 /* Private key, dsa->priv_key */
965 if (ldns_fget_keyword_data_l(f, "Private_valuex", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
966 goto error;
967 }
968 i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
969 priv_key = BN_bin2bn((const char unsigned*)buf, i, NULL);
970 if (!priv_key) {
971 goto error;
972 }
973
974 /* Public key, dsa->priv_key */
975 if (ldns_fget_keyword_data_l(f, "Public_valuey", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
976 goto error;
977 }
978 i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
979 pub_key = BN_bin2bn((const char unsigned*)buf, i, NULL);
980 if (!pub_key) {
981 goto error;
982 }
983#endif /* splint */
984
985#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000)
986# ifndef S_SPLINT_S
987 dsa->p = p;
988 dsa->q = q;
989 dsa->g = g;
990 dsa->priv_key = priv_key;
991 dsa->pub_key = pub_key;
992# endif
993#else
994 if(!DSA_set0_pqg(dsa, p, q, g))
995 goto error;
996 p = NULL;
997 q = NULL;
998 g = NULL;
999 if(!DSA_set0_key(dsa, pub_key, priv_key))
1000 goto error;
1001#endif
1002
1003 LDNS_FREE(buf);
1004 LDNS_FREE(d);
1005
1006 return dsa;
1007
1008error:
1009 LDNS_FREE(d);
1010 LDNS_FREE(buf);
1011 DSA_free(dsa);
1012 BN_free(p);
1013 BN_free(q);
1014 BN_free(g);
1015 BN_free(priv_key);
1016 BN_free(pub_key);
1017 return NULL;
1018}
1019#endif /* USE_DSA */
1020
1021unsigned char *
1022ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
1023{
1024 return ldns_key_new_frm_fp_hmac_l(f, NULL, hmac_size);
1025}
1026
1027unsigned char *
1028ldns_key_new_frm_fp_hmac_l( FILE *f
1029 , ATTR_UNUSED(int *line_nr)
1030 , size_t *hmac_size
1031 )
1032{
1033 size_t bufsz;
1034 char d[LDNS_MAX_LINELEN];
1035 unsigned char *buf = NULL;
1036
1037 *hmac_size = ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n",
1038 LDNS_MAX_LINELEN, line_nr) == -1
1039 ? 0
1040 : (buf = LDNS_XMALLOC( unsigned char, (bufsz =
1041 ldns_b64_ntop_calculate_size(strlen(d))))) == NULL
1042 ? 0
1043 : (size_t) ldns_b64_pton((const char*)d, buf, bufsz);
1044 return buf;
1045}
1046#endif /* HAVE_SSL */
1047
1048#ifdef USE_GOST
1049static EVP_PKEY*
1050ldns_gen_gost_key(void)
1051{
1052 EVP_PKEY_CTX* ctx;
1053 EVP_PKEY* p = NULL;
1054 int gost_id = ldns_key_EVP_load_gost_id();
1055 if(!gost_id)
1056 return NULL;
1057 ctx = EVP_PKEY_CTX_new_id(gost_id, NULL);
1058 if(!ctx) {
1059 /* the id should be available now */
1060 return NULL;
1061 }
1062 if(EVP_PKEY_CTX_ctrl_str(ctx, "paramset", "A") <= 0) {
1063 /* cannot set paramset */
1064 EVP_PKEY_CTX_free(ctx);
1065 return NULL;
1066 }
1067
1068 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1069 EVP_PKEY_CTX_free(ctx);
1070 return NULL;
1071 }
1072 if(EVP_PKEY_keygen(ctx, &p) <= 0) {
1073 EVP_PKEY_free(p);
1074 EVP_PKEY_CTX_free(ctx);
1075 return NULL;
1076 }
1077 EVP_PKEY_CTX_free(ctx);
1078 return p;
1079}
1080#endif
1081
1082ldns_key *
1083ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
1084{
1085 ldns_key *k;
1086#ifdef HAVE_SSL
1087#ifdef USE_DSA
1088 DSA *d;
1089#endif /* USE_DSA */
1090# ifdef USE_ECDSA
1091 EC_KEY *ec = NULL;
1092# endif
1093# ifdef HAVE_EVP_PKEY_KEYGEN
1094 EVP_PKEY_CTX *ctx;
1095# else
1096 RSA *r;
1097# endif
1098#else
1099 int i;
1100 uint16_t offset = 0;
1101#endif
1102 unsigned char *hmac;
1103
1104 k = ldns_key_new();
1105 if (!k) {
1106 return NULL;
1107 }
1108 switch(alg) {
1109 case LDNS_SIGN_RSAMD5:
1110 case LDNS_SIGN_RSASHA1:
1111 case LDNS_SIGN_RSASHA1_NSEC3:
1112 case LDNS_SIGN_RSASHA256:
1113 case LDNS_SIGN_RSASHA512:
1114#ifdef HAVE_SSL
1115#ifdef HAVE_EVP_PKEY_KEYGEN
1116 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
1117 if(!ctx) {
1118 ldns_key_free(k);
1119 return NULL;
1120 }
1121 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1122 ldns_key_free(k);
1123 EVP_PKEY_CTX_free(ctx);
1124 return NULL;
1125 }
1126 if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, size) <= 0) {
1127 ldns_key_free(k);
1128 EVP_PKEY_CTX_free(ctx);
1129 return NULL;
1130 }
1131#ifndef S_SPLINT_S
1132 if (EVP_PKEY_keygen(ctx, &k->_key.key) <= 0) {
1133 ldns_key_free(k);
1134 EVP_PKEY_CTX_free(ctx);
1135 return NULL;
1136 }
1137#endif
1138 EVP_PKEY_CTX_free(ctx);
1139#else /* HAVE_EVP_PKEY_KEYGEN */
1140 r = RSA_generate_key((int)size, RSA_F4, NULL, NULL);
1141 if(!r) {
1142 ldns_key_free(k);
1143 return NULL;
1144 }
1145 if (RSA_check_key(r) != 1) {
1146 ldns_key_free(k);
1147 return NULL;
1148 }
1149 ldns_key_set_rsa_key(k, r);
1150 RSA_free(r);
1151#endif /* HAVE_EVP_PKEY_KEYGEN */
1152#endif /* HAVE_SSL */
1153 break;
1154#ifdef USE_DSA
1155 case LDNS_SIGN_DSA:
1156 case LDNS_SIGN_DSA_NSEC3:
1157#ifdef HAVE_SSL
1158# if OPENSSL_VERSION_NUMBER < 0x00908000L
1159 d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL);
1160 if (!d) {
1161 ldns_key_free(k);
1162 return NULL;
1163 }
1164
1165# else
1166 if (! (d = DSA_new())) {
1167 ldns_key_free(k);
1168 return NULL;
1169 }
1170 if (! DSA_generate_parameters_ex(d, (int)size, NULL, 0, NULL, NULL, NULL)) {
1171 DSA_free(d);
1172 ldns_key_free(k);
1173 return NULL;
1174 }
1175# endif
1176 if (DSA_generate_key(d) != 1) {
1177 ldns_key_free(k);
1178 return NULL;
1179 }
1180 ldns_key_set_dsa_key(k, d);
1181 DSA_free(d);
1182#endif /* HAVE_SSL */
1183#endif /* USE_DSA */
1184 break;
1185 case LDNS_SIGN_HMACMD5:
1186 case LDNS_SIGN_HMACSHA1:
1187 case LDNS_SIGN_HMACSHA224:
1188 case LDNS_SIGN_HMACSHA256:
1189 case LDNS_SIGN_HMACSHA384:
1190 case LDNS_SIGN_HMACSHA512:
1191#ifdef HAVE_SSL
1192#ifndef S_SPLINT_S
1193 k->_key.key = NULL;
1194#endif /* splint */
1195#endif /* HAVE_SSL */
1196 size = size / 8;
1197 ldns_key_set_hmac_size(k, size);
1198
1199 hmac = LDNS_XMALLOC(unsigned char, size);
1200 if(!hmac) {
1201 ldns_key_free(k);
1202 return NULL;
1203 }
1204#ifdef HAVE_SSL
1205 if (RAND_bytes(hmac, (int) size) != 1) {
1206 LDNS_FREE(hmac);
1207 ldns_key_free(k);
1208 return NULL;
1209 }
1210#else
1211 while (offset + sizeof(i) < size) {
1212 i = random();
1213 memcpy(&hmac[offset], &i, sizeof(i));
1214 offset += sizeof(i);
1215 }
1216 if (offset < size) {
1217 i = random();
1218 memcpy(&hmac[offset], &i, size - offset);
1219 }
1220#endif /* HAVE_SSL */
1221 ldns_key_set_hmac_key(k, hmac);
1222
1223 ldns_key_set_flags(k, 0);
1224 break;
1225 case LDNS_SIGN_ECC_GOST:
1226#if defined(HAVE_SSL) && defined(USE_GOST)
1227 ldns_key_set_evp_key(k, ldns_gen_gost_key());
1228#ifndef S_SPLINT_S
1229 if(!k->_key.key) {
1230 ldns_key_free(k);
1231 return NULL;
1232 }
1233#endif /* splint */
1234#else
1235 ldns_key_free(k);
1236 return NULL;
1237#endif /* HAVE_SSL and USE_GOST */
1238 break;
1239 case LDNS_SIGN_ECDSAP256SHA256:
1240 case LDNS_SIGN_ECDSAP384SHA384:
1241#ifdef USE_ECDSA
1242 if(alg == LDNS_SIGN_ECDSAP256SHA256)
1243 ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1244 else if(alg == LDNS_SIGN_ECDSAP384SHA384)
1245 ec = EC_KEY_new_by_curve_name(NID_secp384r1);
1246 if(!ec) {
1247 ldns_key_free(k);
1248 return NULL;
1249 }
1250 if(!EC_KEY_generate_key(ec)) {
1251 ldns_key_free(k);
1252 EC_KEY_free(ec);
1253 return NULL;
1254 }
1255#ifndef S_SPLINT_S
1256 k->_key.key = EVP_PKEY_new();
1257 if(!k->_key.key) {
1258 ldns_key_free(k);
1259 EC_KEY_free(ec);
1260 return NULL;
1261 }
1262 if (!EVP_PKEY_assign_EC_KEY(k->_key.key, ec)) {
1263 ldns_key_free(k);
1264 EC_KEY_free(ec);
1265 return NULL;
1266 }
1267#endif /* splint */
1268#else
1269 ldns_key_free(k);
1270 return NULL;
1271#endif /* ECDSA */
1272 break;
1273#ifdef USE_ED25519
1274 case LDNS_SIGN_ED25519:
1275#ifdef HAVE_EVP_PKEY_KEYGEN
1276 ctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
1277 if(!ctx) {
1278 ldns_key_free(k);
1279 return NULL;
1280 }
1281 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1282 ldns_key_free(k);
1283 EVP_PKEY_CTX_free(ctx);
1284 return NULL;
1285 }
1286 if (EVP_PKEY_keygen(ctx, &k->_key.key) <= 0) {
1287 ldns_key_free(k);
1288 EVP_PKEY_CTX_free(ctx);
1289 return NULL;
1290 }
1291 EVP_PKEY_CTX_free(ctx);
1292#endif
1293 break;
1294#endif /* ED25519 */
1295#ifdef USE_ED448
1296 case LDNS_SIGN_ED448:
1297#ifdef HAVE_EVP_PKEY_KEYGEN
1298 ctx = EVP_PKEY_CTX_new_id(NID_ED448, NULL);
1299 if(!ctx) {
1300 ldns_key_free(k);
1301 return NULL;
1302 }
1303 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1304 ldns_key_free(k);
1305 EVP_PKEY_CTX_free(ctx);
1306 return NULL;
1307 }
1308 if (EVP_PKEY_keygen(ctx, &k->_key.key) <= 0) {
1309 ldns_key_free(k);
1310 EVP_PKEY_CTX_free(ctx);
1311 return NULL;
1312 }
1313 EVP_PKEY_CTX_free(ctx);
1314#endif
1315 break;
1316#endif /* ED448 */
1317 }
1318 ldns_key_set_algorithm(k, alg);
1319 return k;
1320}
1321
1322void
1323ldns_key_print(FILE *output, const ldns_key *k)
1324{
1325 char *str = ldns_key2str(k);
1326 if (str) {
1327 fprintf(output, "%s", str);
1328 } else {
1329 fprintf(output, "Unable to convert private key to string\n");
1330 }
1331 LDNS_FREE(str);
1332}
1333
1334
1335void
1340
1341void
1342ldns_key_set_flags(ldns_key *k, uint16_t f)
1343{
1344 k->_extra.dnssec.flags = f;
1345}
1346
1347#ifdef HAVE_SSL
1348#ifndef S_SPLINT_S
1349void
1350ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
1351{
1352 k->_key.key = e;
1353}
1354
1355void
1356ldns_key_set_rsa_key(ldns_key *k, RSA *r)
1357{
1358 EVP_PKEY *key = EVP_PKEY_new();
1359 EVP_PKEY_set1_RSA(key, r);
1360 k->_key.key = key;
1361}
1362
1363void
1364ldns_key_set_dsa_key(ldns_key *k, DSA *d)
1365{
1366#ifdef USE_DSA
1367 EVP_PKEY *key = EVP_PKEY_new();
1368 EVP_PKEY_set1_DSA(key, d);
1369 k->_key.key = key;
1370#else
1371 (void)k; (void)d;
1372#endif
1373}
1374
1375void
1376ldns_key_assign_rsa_key(ldns_key *k, RSA *r)
1377{
1378 EVP_PKEY *key = EVP_PKEY_new();
1379 EVP_PKEY_assign_RSA(key, r);
1380 k->_key.key = key;
1381}
1382
1383void
1384ldns_key_assign_dsa_key(ldns_key *k, DSA *d)
1385{
1386#ifdef USE_DSA
1387 EVP_PKEY *key = EVP_PKEY_new();
1388 EVP_PKEY_assign_DSA(key, d);
1389 k->_key.key = key;
1390#else
1391 (void)k; (void)d;
1392#endif
1393}
1394#endif /* splint */
1395#endif /* HAVE_SSL */
1396
1397void
1398ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
1399{
1400 k->_key.hmac.key = hmac;
1401}
1402
1403void
1404ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
1405{
1406 k->_key.hmac.size = hmac_size;
1407}
1408
1409void
1410ldns_key_set_external_key(ldns_key *k, void *external_key)
1411{
1412 k->_key.external_key = external_key;
1413}
1414
1415void
1416ldns_key_set_origttl(ldns_key *k, uint32_t t)
1417{
1418 k->_extra.dnssec.orig_ttl = t;
1419}
1420
1421void
1422ldns_key_set_inception(ldns_key *k, uint32_t i)
1423{
1424 k->_extra.dnssec.inception = i;
1425}
1426
1427void
1428ldns_key_set_expiration(ldns_key *k, uint32_t e)
1429{
1430 k->_extra.dnssec.expiration = e;
1431}
1432
1433void
1438
1439void
1440ldns_key_set_keytag(ldns_key *k, uint16_t tag)
1441{
1442 k->_extra.dnssec.keytag = tag;
1443}
1444
1445/* read */
1446size_t
1447ldns_key_list_key_count(const ldns_key_list *key_list)
1448{
1449 return key_list ? key_list->_key_count : 0;
1450}
1451
1452ldns_key *
1453ldns_key_list_key(const ldns_key_list *key, size_t nr)
1454{
1455 if (nr < ldns_key_list_key_count(key)) {
1456 return key->_keys[nr];
1457 } else {
1458 return NULL;
1459 }
1460}
1461
1462ldns_signing_algorithm
1463ldns_key_algorithm(const ldns_key *k)
1464{
1465 return k->_alg;
1466}
1467
1468void
1469ldns_key_set_use(ldns_key *k, bool v)
1470{
1471 if (k) {
1472 k->_use = v;
1473 }
1474}
1475
1476bool
1477ldns_key_use(const ldns_key *k)
1478{
1479 if (k) {
1480 return k->_use;
1481 }
1482 return false;
1483}
1484
1485#ifdef HAVE_SSL
1486#ifndef S_SPLINT_S
1487EVP_PKEY *
1488ldns_key_evp_key(const ldns_key *k)
1489{
1490 return k->_key.key;
1491}
1492
1493RSA *
1494ldns_key_rsa_key(const ldns_key *k)
1495{
1496 if (k->_key.key) {
1497 return EVP_PKEY_get1_RSA(k->_key.key);
1498 } else {
1499 return NULL;
1500 }
1501}
1502
1503DSA *
1504ldns_key_dsa_key(const ldns_key *k)
1505{
1506#ifdef USE_DSA
1507 if (k->_key.key) {
1508 return EVP_PKEY_get1_DSA(k->_key.key);
1509 } else {
1510 return NULL;
1511 }
1512#else
1513 (void)k;
1514 return NULL;
1515#endif
1516}
1517#endif /* splint */
1518#endif /* HAVE_SSL */
1519
1520unsigned char *
1521ldns_key_hmac_key(const ldns_key *k)
1522{
1523 if (k->_key.hmac.key) {
1524 return k->_key.hmac.key;
1525 } else {
1526 return NULL;
1527 }
1528}
1529
1530size_t
1531ldns_key_hmac_size(const ldns_key *k)
1532{
1533#ifndef __clang_analyzer__
1534 if (k->_key.hmac.size) {
1535 return k->_key.hmac.size;
1536 } else {
1537 return 0;
1538 }
1539#endif
1540}
1541
1542void *
1543ldns_key_external_key(const ldns_key *k)
1544{
1545 return k->_key.external_key;
1546}
1547
1548uint32_t
1549ldns_key_origttl(const ldns_key *k)
1550{
1551 return k->_extra.dnssec.orig_ttl;
1552}
1553
1554uint16_t
1555ldns_key_flags(const ldns_key *k)
1556{
1557 return k->_extra.dnssec.flags;
1558}
1559
1560uint32_t
1561ldns_key_inception(const ldns_key *k)
1562{
1563 return k->_extra.dnssec.inception;
1564}
1565
1566uint32_t
1567ldns_key_expiration(const ldns_key *k)
1568{
1569 return k->_extra.dnssec.expiration;
1570}
1571
1572uint16_t
1573ldns_key_keytag(const ldns_key *k)
1574{
1575 return k->_extra.dnssec.keytag;
1576}
1577
1578ldns_rdf *
1579ldns_key_pubkey_owner(const ldns_key *k)
1580{
1581 return k->_pubkey_owner;
1582}
1583
1584/* write */
1585void
1586ldns_key_list_set_use(ldns_key_list *keys, bool v)
1587{
1588 size_t i;
1589
1590 for (i = 0; i < ldns_key_list_key_count(keys); i++) {
1591 ldns_key_set_use(ldns_key_list_key(keys, i), v);
1592 }
1593}
1594
1595void
1596ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
1597{
1598 key->_key_count = count;
1599}
1600
1601bool
1602ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
1603{
1604 size_t key_count;
1605 ldns_key **keys;
1606
1607 key_count = ldns_key_list_key_count(key_list);
1608
1609 /* grow the array */
1610 keys = LDNS_XREALLOC(
1611 key_list->_keys, ldns_key *, key_count + 1);
1612 if (!keys) {
1613 return false;
1614 }
1615
1616 /* add the new member */
1617 key_list->_keys = keys;
1618 key_list->_keys[key_count] = key;
1619
1620 ldns_key_list_set_key_count(key_list, key_count + 1);
1621 return true;
1622}
1623
1624ldns_key *
1625ldns_key_list_pop_key(ldns_key_list *key_list)
1626{
1627 size_t key_count;
1628 ldns_key** a;
1629 ldns_key *pop;
1630
1631 if (!key_list) {
1632 return NULL;
1633 }
1634
1635 key_count = ldns_key_list_key_count(key_list);
1636 if (key_count == 0) {
1637 return NULL;
1638 }
1639
1640 pop = ldns_key_list_key(key_list, key_count);
1641
1642 /* shrink the array */
1643 a = LDNS_XREALLOC(key_list->_keys, ldns_key *, key_count - 1);
1644 if(a) {
1645 key_list->_keys = a;
1646 }
1647
1648 ldns_key_list_set_key_count(key_list, key_count - 1);
1649
1650 return pop;
1651}
1652
1653#ifdef HAVE_SSL
1654#ifndef S_SPLINT_S
1655/* data pointer must be large enough (LDNS_MAX_KEYLEN) */
1656static bool
1657ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size)
1658{
1659 int i,j;
1660 const BIGNUM *n=NULL, *e=NULL;
1661
1662 if (!k) {
1663 return false;
1664 }
1665#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000)
1666 n = k->n;
1667 e = k->e;
1668#else
1669 RSA_get0_key(k, &n, &e, NULL);
1670#endif
1671
1672 if (BN_num_bytes(e) <= 256) {
1673 /* normally only this path is executed (small factors are
1674 * more common
1675 */
1676 data[0] = (unsigned char) BN_num_bytes(e);
1677 i = BN_bn2bin(e, data + 1);
1678 j = BN_bn2bin(n, data + i + 1);
1679 *size = (uint16_t) i + j;
1680 } else if (BN_num_bytes(e) <= 65536) {
1681 data[0] = 0;
1682 /* BN_bn2bin does bigendian, _uint16 also */
1683 ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(e));
1684
1685 BN_bn2bin(e, data + 3);
1686 BN_bn2bin(n, data + 4 + BN_num_bytes(e));
1687 *size = (uint16_t) BN_num_bytes(n) + 6;
1688 } else {
1689 return false;
1690 }
1691 return true;
1692}
1693
1694#ifdef USE_DSA
1695/* data pointer must be large enough (LDNS_MAX_KEYLEN) */
1696static bool
1697ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size)
1698{
1699 uint8_t T;
1700 const BIGNUM *p, *q, *g;
1701 const BIGNUM *pub_key, *priv_key;
1702
1703 if (!k) {
1704 return false;
1705 }
1706
1707 /* See RFC2536 */
1708# ifdef HAVE_DSA_GET0_PQG
1709 DSA_get0_pqg(k, &p, &q, &g);
1710# else
1711 p = k->p; q = k->q; g = k->g;
1712# endif
1713# ifdef HAVE_DSA_GET0_KEY
1714 DSA_get0_key(k, &pub_key, &priv_key);
1715# else
1716 pub_key = k->pub_key; priv_key = k->priv_key;
1717# endif
1718 (void)priv_key;
1719 *size = (uint16_t)BN_num_bytes(p);
1720 T = (*size - 64) / 8;
1721
1722 if (T > 8) {
1723#ifdef STDERR_MSGS
1724 fprintf(stderr, "DSA key with T > 8 (ie. > 1024 bits)");
1725 fprintf(stderr, " not implemented\n");
1726#endif
1727 return false;
1728 }
1729
1730 /* size = 64 + (T * 8); */
1731 memset(data, 0, 21 + *size * 3);
1732 data[0] = (unsigned char)T;
1733 BN_bn2bin(q, data + 1 ); /* 20 octects */
1734 BN_bn2bin(p, data + 21 ); /* offset octects */
1735 BN_bn2bin(g, data + 21 + *size * 2 - BN_num_bytes(g));
1736 BN_bn2bin(pub_key,data + 21 + *size * 3 - BN_num_bytes(pub_key));
1737 *size = 21 + *size * 3;
1738 return true;
1739}
1740#endif /* USE_DSA */
1741
1742#ifdef USE_GOST
1743static bool
1744ldns_key_gost2bin(unsigned char* data, EVP_PKEY* k, uint16_t* size)
1745{
1746 int i;
1747 unsigned char* pp = NULL;
1748 if(i2d_PUBKEY(k, &pp) != 37 + 64) {
1749 /* expect 37 byte(ASN header) and 64 byte(X and Y) */
1750 free(pp);
1751 return false;
1752 }
1753 /* omit ASN header */
1754 for(i=0; i<64; i++)
1755 data[i] = pp[i+37];
1756 free(pp);
1757 *size = 64;
1758 return true;
1759}
1760#endif /* USE_GOST */
1761
1762#ifdef USE_ED25519
1763static bool
1764ldns_key_ed255192bin(unsigned char* data, EVP_PKEY* k, uint16_t* size)
1765{
1766 int i;
1767 unsigned char* pp = NULL;
1768 if(i2d_PUBKEY(k, &pp) != 12 + 32) {
1769 /* expect 12 byte(ASN header) and 32 byte(pubkey) */
1770 free(pp);
1771 return false;
1772 }
1773 /* omit ASN header */
1774 for(i=0; i<32; i++)
1775 data[i] = pp[i+12];
1776 free(pp);
1777 *size = 32;
1778 return true;
1779}
1780#endif /* USE_ED25519 */
1781
1782#ifdef USE_ED448
1783static bool
1784ldns_key_ed4482bin(unsigned char* data, EVP_PKEY* k, uint16_t* size)
1785{
1786 int i;
1787 unsigned char* pp = NULL;
1788 if(i2d_PUBKEY(k, &pp) != 12 + 57) {
1789 /* expect 12 byte(ASN header) and 57 byte(pubkey) */
1790 free(pp);
1791 return false;
1792 }
1793 /* omit ASN header */
1794 for(i=0; i<57; i++)
1795 data[i] = pp[i+12];
1796 free(pp);
1797 *size = 57;
1798 return true;
1799}
1800#endif /* USE_ED448 */
1801#endif /* splint */
1802#endif /* HAVE_SSL */
1803
1804ldns_rr *
1805ldns_key2rr(const ldns_key *k)
1806{
1807 /* this function will convert a the keydata contained in
1808 * rsa/dsa pointers to a DNSKEY rr. It will fill in as
1809 * much as it can, but it does not know about key-flags
1810 * for instance
1811 */
1812 ldns_rr *pubkey;
1813 ldns_rdf *keybin;
1814 unsigned char *bin = NULL;
1815 uint16_t size = 0;
1816#ifdef HAVE_SSL
1817 RSA *rsa = NULL;
1818#ifdef USE_DSA
1819 DSA *dsa = NULL;
1820#endif /* USE_DSA */
1821#endif /* HAVE_SSL */
1822#ifdef USE_ECDSA
1823 EC_KEY* ec;
1824#endif
1825 int internal_data = 0;
1826
1827 if (!k) {
1828 return NULL;
1829 }
1830 pubkey = ldns_rr_new();
1831
1832 switch (ldns_key_algorithm(k)) {
1833 case LDNS_SIGN_HMACMD5:
1834 case LDNS_SIGN_HMACSHA1:
1835 case LDNS_SIGN_HMACSHA224:
1836 case LDNS_SIGN_HMACSHA256:
1837 case LDNS_SIGN_HMACSHA384:
1838 case LDNS_SIGN_HMACSHA512:
1839 ldns_rr_set_type(pubkey, LDNS_RR_TYPE_KEY);
1840 break;
1841 default:
1842 ldns_rr_set_type(pubkey, LDNS_RR_TYPE_DNSKEY);
1843 break;
1844 }
1845 /* zero-th rdf - flags */
1846 ldns_rr_push_rdf(pubkey,
1847 ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16,
1848 ldns_key_flags(k)));
1849 /* first - proto */
1850 ldns_rr_push_rdf(pubkey,
1851 ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, LDNS_DNSSEC_KEYPROTO));
1852
1853 if (ldns_key_pubkey_owner(k)) {
1854 ldns_rr_set_owner(pubkey, ldns_rdf_clone(ldns_key_pubkey_owner(k)));
1855 }
1856
1857 /* third - da algorithm */
1858 switch(ldns_key_algorithm(k)) {
1859 case LDNS_SIGN_RSAMD5:
1860 case LDNS_SIGN_RSASHA1:
1861 case LDNS_SIGN_RSASHA1_NSEC3:
1862 case LDNS_SIGN_RSASHA256:
1863 case LDNS_SIGN_RSASHA512:
1864 ldns_rr_push_rdf(pubkey,
1865 ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
1866#ifdef HAVE_SSL
1867 rsa = ldns_key_rsa_key(k);
1868 if (rsa) {
1869 bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
1870 if (!bin) {
1871 ldns_rr_free(pubkey);
1872 return NULL;
1873 }
1874 if (!ldns_key_rsa2bin(bin, rsa, &size)) {
1875 LDNS_FREE(bin);
1876 ldns_rr_free(pubkey);
1877 return NULL;
1878 }
1879 RSA_free(rsa);
1880 internal_data = 1;
1881 }
1882#endif
1883 size++;
1884 break;
1885#ifdef USE_DSA
1886 case LDNS_SIGN_DSA:
1887 ldns_rr_push_rdf(pubkey,
1888 ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA));
1889#ifdef HAVE_SSL
1890 dsa = ldns_key_dsa_key(k);
1891 if (dsa) {
1892 bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
1893 if (!bin) {
1894 ldns_rr_free(pubkey);
1895 return NULL;
1896 }
1897 if (!ldns_key_dsa2bin(bin, dsa, &size)) {
1898 LDNS_FREE(bin);
1899 ldns_rr_free(pubkey);
1900 return NULL;
1901 }
1902 DSA_free(dsa);
1903 internal_data = 1;
1904 }
1905#endif /* HAVE_SSL */
1906#endif /* USE_DSA */
1907 break;
1908#ifdef USE_DSA
1909 case LDNS_SIGN_DSA_NSEC3:
1910 ldns_rr_push_rdf(pubkey,
1911 ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3));
1912#ifdef HAVE_SSL
1913 dsa = ldns_key_dsa_key(k);
1914 if (dsa) {
1915 bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
1916 if (!bin) {
1917 ldns_rr_free(pubkey);
1918 return NULL;
1919 }
1920 if (!ldns_key_dsa2bin(bin, dsa, &size)) {
1921 LDNS_FREE(bin);
1922 ldns_rr_free(pubkey);
1923 return NULL;
1924 }
1925 DSA_free(dsa);
1926 internal_data = 1;
1927 }
1928#endif /* HAVE_SSL */
1929#endif /* USE_DSA */
1930 break;
1931 case LDNS_SIGN_ECC_GOST:
1932 ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
1933 LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
1934#if defined(HAVE_SSL) && defined(USE_GOST)
1935 bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
1936 if (!bin) {
1937 ldns_rr_free(pubkey);
1938 return NULL;
1939 }
1940#ifndef S_SPLINT_S
1941 if (!ldns_key_gost2bin(bin, k->_key.key, &size)) {
1942 LDNS_FREE(bin);
1943 ldns_rr_free(pubkey);
1944 return NULL;
1945 }
1946#endif /* splint */
1947 internal_data = 1;
1948#else
1949 ldns_rr_free(pubkey);
1950 return NULL;
1951#endif /* HAVE_SSL and USE_GOST */
1952 break;
1953 case LDNS_SIGN_ECDSAP256SHA256:
1954 case LDNS_SIGN_ECDSAP384SHA384:
1955#ifdef USE_ECDSA
1956 ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
1957 LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
1958 bin = NULL;
1959#ifndef S_SPLINT_S
1960 ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
1961#endif
1962 EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
1963 size = (uint16_t)i2o_ECPublicKey(ec, NULL);
1964 if(!i2o_ECPublicKey(ec, &bin)) {
1965 EC_KEY_free(ec);
1966 ldns_rr_free(pubkey);
1967 return NULL;
1968 }
1969 if(size > 1) {
1970 /* move back one byte to shave off the 0x02
1971 * 'uncompressed' indicator that openssl made
1972 * Actually its 0x04 (from implementation).
1973 */
1974 assert(bin[0] == POINT_CONVERSION_UNCOMPRESSED);
1975 size -= 1;
1976 memmove(bin, bin+1, size);
1977 }
1978 /* down the reference count for ec, its still assigned
1979 * to the pkey */
1980 EC_KEY_free(ec);
1981 internal_data = 1;
1982#else
1983 ldns_rr_free(pubkey);
1984 return NULL;
1985#endif /* ECDSA */
1986 break;
1987#ifdef USE_ED25519
1988 case LDNS_SIGN_ED25519:
1989 ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
1990 LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
1991 bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
1992 if (!bin) {
1993 ldns_rr_free(pubkey);
1994 return NULL;
1995 }
1996 if (!ldns_key_ed255192bin(bin, k->_key.key, &size)) {
1997 LDNS_FREE(bin);
1998 ldns_rr_free(pubkey);
1999 return NULL;
2000 }
2001 internal_data = 1;
2002 break;
2003#endif
2004#ifdef USE_ED448
2005 case LDNS_SIGN_ED448:
2006 ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
2007 LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
2008 bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
2009 if (!bin) {
2010 ldns_rr_free(pubkey);
2011 return NULL;
2012 }
2013 if (!ldns_key_ed4482bin(bin, k->_key.key, &size)) {
2014 LDNS_FREE(bin);
2015 ldns_rr_free(pubkey);
2016 return NULL;
2017 }
2018 internal_data = 1;
2019 break;
2020#endif
2021 case LDNS_SIGN_HMACMD5:
2022 case LDNS_SIGN_HMACSHA1:
2023 case LDNS_SIGN_HMACSHA224:
2024 case LDNS_SIGN_HMACSHA256:
2025 case LDNS_SIGN_HMACSHA384:
2026 case LDNS_SIGN_HMACSHA512:
2027 bin = LDNS_XMALLOC(unsigned char, ldns_key_hmac_size(k));
2028 if (!bin) {
2029 ldns_rr_free(pubkey);
2030 return NULL;
2031 }
2032 ldns_rr_push_rdf(pubkey,
2033 ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG,
2034 ldns_key_algorithm(k)));
2035 size = ldns_key_hmac_size(k);
2036 memcpy(bin, ldns_key_hmac_key(k), size);
2037 internal_data = 1;
2038 break;
2039 }
2040 /* fourth the key bin material */
2041 if (internal_data) {
2042 keybin = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, size, bin);
2043 LDNS_FREE(bin);
2044 ldns_rr_push_rdf(pubkey, keybin);
2045 }
2046 return pubkey;
2047}
2048
2049void
2050ldns_key_free(ldns_key *key)
2051{
2052 LDNS_FREE(key);
2053}
2054
2055void
2056ldns_key_deep_free(ldns_key *key)
2057{
2058 unsigned char* hmac;
2059 if (ldns_key_pubkey_owner(key)) {
2060 ldns_rdf_deep_free(ldns_key_pubkey_owner(key));
2061 }
2062#ifdef HAVE_SSL
2063 if (ldns_key_evp_key(key)) {
2064 EVP_PKEY_free(ldns_key_evp_key(key));
2065 }
2066#endif /* HAVE_SSL */
2067 if (ldns_key_hmac_key(key)) {
2068 hmac = ldns_key_hmac_key(key);
2069 LDNS_FREE(hmac);
2070 }
2071 LDNS_FREE(key);
2072}
2073
2074void
2075ldns_key_list_free(ldns_key_list *key_list)
2076{
2077 size_t i;
2078 for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
2079 ldns_key_deep_free(ldns_key_list_key(key_list, i));
2080 }
2081 LDNS_FREE(key_list->_keys);
2082 LDNS_FREE(key_list);
2083}
2084
2085ldns_rr *
2086ldns_read_anchor_file(const char *filename)
2087{
2088 FILE *fp;
2089 /*char line[LDNS_MAX_PACKETLEN];*/
2090 char *line = LDNS_XMALLOC(char, LDNS_MAX_PACKETLEN);
2091 int c;
2092 size_t i = 0;
2093 ldns_rr *r;
2094 ldns_status status;
2095 if(!line) {
2096 return NULL;
2097 }
2098
2099 fp = fopen(filename, "r");
2100 if (!fp) {
2101#ifdef STDERR_MSGS
2102 fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
2103#endif
2104 LDNS_FREE(line);
2105 return NULL;
2106 }
2107
2108 while ((c = fgetc(fp)) && i+1 < LDNS_MAX_PACKETLEN && c != EOF) {
2109 line[i] = c;
2110 i++;
2111 }
2112 line[i] = '\0';
2113
2114 fclose(fp);
2115
2116 if (i <= 0) {
2117#ifdef STDERR_MSGS
2118 fprintf(stderr, "nothing read from %s", filename);
2119#endif
2120 LDNS_FREE(line);
2121 return NULL;
2122 } else {
2123 status = ldns_rr_new_frm_str(&r, line, 0, NULL, NULL);
2124 if (status == LDNS_STATUS_OK && (ldns_rr_get_type(r) == LDNS_RR_TYPE_DNSKEY || ldns_rr_get_type(r) == LDNS_RR_TYPE_DS)) {
2125 LDNS_FREE(line);
2126 return r;
2127 } else {
2128#ifdef STDERR_MSGS
2129 fprintf(stderr, "Error creating DNSKEY or DS rr from %s: %s\n", filename, ldns_get_errorstr_by_id(status));
2130#endif
2131 LDNS_FREE(line);
2132 return NULL;
2133 }
2134 }
2135}
2136
2137char *
2138ldns_key_get_file_base_name(const ldns_key *key)
2139{
2140 ldns_buffer *buffer;
2141 char *file_base_name;
2142
2143 buffer = ldns_buffer_new(255);
2144 ldns_buffer_printf(buffer, "K");
2145 (void)ldns_rdf2buffer_str_dname(buffer, ldns_key_pubkey_owner(key));
2146 ldns_buffer_printf(buffer,
2147 "+%03u+%05u",
2148 ldns_key_algorithm(key),
2149 ldns_key_keytag(key));
2150 file_base_name = ldns_buffer_export(buffer);
2151 ldns_buffer_free(buffer);
2152 return file_base_name;
2153}
2154
2155int ldns_key_algo_supported(int algo)
2156{
2157 ldns_lookup_table *lt = ldns_signing_algorithms;
2158 while(lt->name) {
2159 if(lt->id == algo)
2160 return 1;
2161 lt++;
2162 }
2163 return 0;
2164}
2165
2166ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name)
2167{
2168 /* list of (signing algorithm id, alias_name) */
2169 ldns_lookup_table aliases[] = {
2170 /* from bind dnssec-keygen */
2171 {LDNS_SIGN_HMACMD5, "HMAC-MD5"},
2172#ifdef USE_DSA
2173 {LDNS_SIGN_DSA_NSEC3, "NSEC3DSA"},
2174#endif /* USE_DSA */
2175 {LDNS_SIGN_RSASHA1_NSEC3, "NSEC3RSASHA1"},
2176 /* old ldns usage, now RFC names */
2177#ifdef USE_DSA
2178 {LDNS_SIGN_DSA_NSEC3, "DSA_NSEC3" },
2179#endif
2180 {LDNS_SIGN_RSASHA1_NSEC3, "RSASHA1_NSEC3" },
2181#ifdef USE_GOST
2182 {LDNS_SIGN_ECC_GOST, "GOST"},
2183#endif
2184 /* compat with possible output */
2185 {LDNS_DH, "DH"},
2186 {LDNS_ECC, "ECC"},
2187 {LDNS_INDIRECT, "INDIRECT"},
2188 {LDNS_PRIVATEDNS, "PRIVATEDNS"},
2189 {LDNS_PRIVATEOID, "PRIVATEOID"},
2190 {0, NULL}};
2191 ldns_lookup_table* lt = ldns_signing_algorithms;
2192 ldns_signing_algorithm a;
2193 char *endptr;
2194
2195 while(lt->name) {
2196 if(strcasecmp(lt->name, name) == 0)
2197 return lt->id;
2198 lt++;
2199 }
2200 lt = aliases;
2201 while(lt->name) {
2202 if(strcasecmp(lt->name, name) == 0)
2203 return lt->id;
2204 lt++;
2205 }
2206 a = strtol(name, &endptr, 10);
2207 if (*name && !*endptr)
2208 return a;
2209
2210 return 0;
2211}
ldns_buffer_free
void ldns_buffer_free(ldns_buffer *buffer)
frees the buffer.
Definition buffer.c:137
ldns_buffer_new
ldns_buffer * ldns_buffer_new(size_t capacity)
creates a new buffer with the specified capacity.
Definition buffer.c:16
ldns_buffer_export
void * ldns_buffer_export(ldns_buffer *buffer)
Makes the buffer fixed and returns a pointer to the data.
Definition buffer.c:150
ldns_buffer_printf
int ldns_buffer_printf(ldns_buffer *buffer, const char *format,...)
prints to the buffer, increasing the capacity if required using buffer_reserve().
Definition buffer.c:99
ATTR_UNUSED
#define ATTR_UNUSED(x)
Definition common.h:72
ldns_b64_pton
int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
LDNS_DNSSEC_KEYPROTO
#define LDNS_DNSSEC_KEYPROTO
Definition dnssec.h:42
LDNS_MAX_KEYLEN
#define LDNS_MAX_KEYLEN
Definition dnssec.h:41
ldns_calc_keytag
uint16_t ldns_calc_keytag(const ldns_rr *key)
calculates a keytag of a key for use in DNSSEC.
Definition dnssec.c:277
LDNS_STATUS_SYNTAX_VERSION_ERR
@ LDNS_STATUS_SYNTAX_VERSION_ERR
Definition error.h:85
LDNS_STATUS_ENGINE_KEY_NOT_LOADED
@ LDNS_STATUS_ENGINE_KEY_NOT_LOADED
Definition error.h:68
LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL
@ LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL
Definition error.h:53
LDNS_STATUS_SYNTAX_ERR
@ LDNS_STATUS_SYNTAX_ERR
Definition error.h:97
LDNS_STATUS_ERR
@ LDNS_STATUS_ERR
Definition error.h:37
LDNS_STATUS_MEM_ERR
@ LDNS_STATUS_MEM_ERR
Definition error.h:34
LDNS_STATUS_OK
@ LDNS_STATUS_OK
Definition error.h:26
LDNS_STATUS_SYNTAX_ALG_ERR
@ LDNS_STATUS_SYNTAX_ALG_ERR
Definition error.h:86
ldns_status
enum ldns_enum_status ldns_status
Definition error.h:149
ldns_get_errorstr_by_id
const char * ldns_get_errorstr_by_id(ldns_status err)
look up a descriptive text by each error.
Definition error.c:198
ldns_key2str
char * ldns_key2str(const ldns_key *k)
Converts a private key to the test presentation fmt and returns that as a char *.
Definition host2str.c:3402
ldns_rdf2buffer_str_dname
ldns_status ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname)
Print the ldns_rdf containing a dname to the buffer.
Definition host2str.c:337
ldns_key_new_frm_fp_l
ldns_status ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
Creates a new private key based on the contents of the file pointed by fp.
Definition keys.c:417
ldns_key_new_frm_fp_rsa
RSA * ldns_key_new_frm_fp_rsa(FILE *f)
frm_fp helper function.
Definition keys.c:731
ldns_key_list_set_key_count
void ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
Set the keylist's key count to count.
Definition keys.c:1596
ldns_key_new_frm_fp_dsa_l
DSA * ldns_key_new_frm_fp_dsa_l(FILE *f, int *line_nr __attribute__((unused)))
Definition keys.c:916
ldns_key_expiration
uint32_t ldns_key_expiration(const ldns_key *k)
return the key's expiration date
Definition keys.c:1567
ldns_key_list_set_use
void ldns_key_list_set_use(ldns_key_list *keys, signed char v)
Set the 'use' flag for all keys in the list.
Definition keys.c:1586
ldns_key_list_pop_key
ldns_key * ldns_key_list_pop_key(ldns_key_list *key_list)
pops the last rr from a keylist
Definition keys.c:1625
ldns_key_list_free
void ldns_key_list_free(ldns_key_list *key_list)
Frees a key list structure.
Definition keys.c:2075
ldns_key_set_use
void ldns_key_set_use(ldns_key *k, signed char v)
set the use flag
Definition keys.c:1469
ldns_key_new_frm_fp_hmac_l
unsigned char * ldns_key_new_frm_fp_hmac_l(FILE *f, int *line_nr __attribute__((unused)), size_t *hmac_size)
Definition keys.c:1028
ldns_get_signing_algorithm_by_name
ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char *name)
Get signing algorithm by name.
Definition keys.c:2166
ldns_key_algo_supported
int ldns_key_algo_supported(int algo)
See if a key algorithm is supported.
Definition keys.c:2155
ldns_key_set_external_key
void ldns_key_set_external_key(ldns_key *k, void *external_key)
Set the key id data.
Definition keys.c:1410
ldns_key_set_expiration
void ldns_key_set_expiration(ldns_key *k, uint32_t e)
Set the key's expiration date (seconds after epoch)
Definition keys.c:1428
ldns_key_rsa_key
RSA * ldns_key_rsa_key(const ldns_key *k)
returns the (openssl) RSA struct contained in the key
Definition keys.c:1494
ldns_key_new_frm_fp
ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
Creates a new priv key based on the contents of the file pointed by fp.
Definition keys.c:109
ldns_key_new_frm_algorithm
ldns_key * ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
Creates a new key based on the algorithm.
Definition keys.c:1083
ldns_key_set_hmac_key
void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
Set the key's hmac data.
Definition keys.c:1398
ldns_key_set_dsa_key
void ldns_key_set_dsa_key(ldns_key *k, DSA *d)
Set the key's dsa data The dsa data should be freed by the user.
Definition keys.c:1364
ldns_key_evp_key
EVP_PKEY * ldns_key_evp_key(const ldns_key *k)
returns the (openssl) EVP struct contained in the key
Definition keys.c:1488
ldns_key_list_new
ldns_key_list * ldns_key_list_new(void)
Creates a new empty key list.
Definition keys.c:70
ldns_key_set_pubkey_owner
void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
Set the key's pubkey owner.
Definition keys.c:1434
ldns_key_get_file_base_name
char * ldns_key_get_file_base_name(const ldns_key *key)
Returns the 'default base name' for key files; IE.
Definition keys.c:2138
ldns_key_EVP_unload_gost
void ldns_key_EVP_unload_gost(void)
Release the engine reference held for the GOST engine.
Definition keys.c:188
ldns_gost_engine
ENGINE * ldns_gost_engine
store GOST engine reference loaded into OpenSSL library
Definition keys.c:137
ldns_key_origttl
uint32_t ldns_key_origttl(const ldns_key *k)
return the original ttl of the key
Definition keys.c:1549
ldns_key_EVP_load_gost_id
int ldns_key_EVP_load_gost_id(void)
Get the PKEY id for GOST, loads GOST into openssl as a side effect.
Definition keys.c:140
ldns_key_new_frm_fp_dsa
DSA * ldns_key_new_frm_fp_dsa(FILE *f)
frm_fp helper function.
Definition keys.c:910
ldns_key_new
ldns_key * ldns_key_new(void)
Creates a new empty key structure.
Definition keys.c:83
ldns_key_list_push_key
signed char ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
pushes a key to a keylist
Definition keys.c:1602
ldns_key_print
void ldns_key_print(FILE *output, const ldns_key *k)
print a private key to the file output
Definition keys.c:1323
ldns_key_assign_dsa_key
void ldns_key_assign_dsa_key(ldns_key *k, DSA *d)
Assign the key's dsa data The dsa data will be freed automatically when the key is freed.
Definition keys.c:1384
ldns_key_list_key
ldns_key * ldns_key_list_key(const ldns_key_list *key, size_t nr)
returns a pointer to the key in the list at the given position
Definition keys.c:1453
ldns_key_hmac_size
size_t ldns_key_hmac_size(const ldns_key *k)
return the hmac key size
Definition keys.c:1531
ldns_key_dsa_key
DSA * ldns_key_dsa_key(const ldns_key *k)
returns the (openssl) DSA struct contained in the key
Definition keys.c:1504
ldns_key_keytag
uint16_t ldns_key_keytag(const ldns_key *k)
return the keytag
Definition keys.c:1573
ldns_key_set_origttl
void ldns_key_set_origttl(ldns_key *k, uint32_t t)
Set the key's original ttl.
Definition keys.c:1416
ldns_key_algorithm
ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k)
return the signing alg of the key
Definition keys.c:1463
ldns_key_set_evp_key
void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
Set the key's evp key.
Definition keys.c:1350
ldns_key_set_keytag
void ldns_key_set_keytag(ldns_key *k, uint16_t tag)
Set the key's key tag.
Definition keys.c:1440
ldns_key2rr
ldns_rr * ldns_key2rr(const ldns_key *k)
converts a ldns_key to a public key rr If the key data exists at an external point,...
Definition keys.c:1805
ldns_key_free
void ldns_key_free(ldns_key *key)
frees a key structure, but not its internal data structures
Definition keys.c:2050
ldns_key_inception
uint32_t ldns_key_inception(const ldns_key *k)
return the key's inception date
Definition keys.c:1561
ldns_key_pubkey_owner
ldns_rdf * ldns_key_pubkey_owner(const ldns_key *k)
return the public key's owner
Definition keys.c:1579
ldns_key_set_hmac_size
void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
Set the key's hmac size.
Definition keys.c:1404
ldns_key_use
signed char ldns_key_use(const ldns_key *k)
return the use flag
Definition keys.c:1477
ldns_key_hmac_key
unsigned char * ldns_key_hmac_key(const ldns_key *k)
return the hmac key data
Definition keys.c:1521
ldns_signing_algorithms
ldns_lookup_table ldns_signing_algorithms[]
Definition keys.c:35
ldns_key_external_key
void * ldns_key_external_key(const ldns_key *k)
return the key id key data
Definition keys.c:1543
ldns_key_new_frm_engine
ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
Read the key with the given id from the given engine and store it in the given ldns_key structure.
Definition keys.c:116
ldns_read_anchor_file
ldns_rr * ldns_read_anchor_file(const char *filename)
Instantiates a DNSKEY or DS RR from file.
Definition keys.c:2086
ldns_key_flags
uint16_t ldns_key_flags(const ldns_key *k)
return the flag of the key
Definition keys.c:1555
ldns_key_set_algorithm
void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l)
Set the key's algorithm.
Definition keys.c:1336
ldns_key_assign_rsa_key
void ldns_key_assign_rsa_key(ldns_key *k, RSA *r)
Assign the key's rsa data The rsa data will be freed automatically when the key is freed.
Definition keys.c:1376
ldns_key_list_key_count
size_t ldns_key_list_key_count(const ldns_key_list *key_list)
returns the number of keys in the key list
Definition keys.c:1447
ldns_key_new_frm_fp_hmac
unsigned char * ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
frm_fp helper function.
Definition keys.c:1022
ldns_key_set_flags
void ldns_key_set_flags(ldns_key *k, uint16_t f)
Set the key's flags.
Definition keys.c:1342
ldns_key_set_rsa_key
void ldns_key_set_rsa_key(ldns_key *k, RSA *r)
Set the key's rsa data.
Definition keys.c:1356
ldns_key_new_frm_fp_rsa_l
RSA * ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
frm_fp helper function.
Definition keys.c:737
ldns_key_deep_free
void ldns_key_deep_free(ldns_key *key)
frees a key structure and all its internal data structures, except the data set by ldns_key_set_exter...
Definition keys.c:2056
ldns_key_set_inception
void ldns_key_set_inception(ldns_key *k, uint32_t i)
Set the key's inception date (seconds after epoch)
Definition keys.c:1422
LDNS_ECDSAP384SHA384
@ LDNS_ECDSAP384SHA384
Definition keys.h:57
LDNS_DSA_NSEC3
@ LDNS_DSA_NSEC3
Definition keys.h:51
LDNS_DSA
@ LDNS_DSA
Definition keys.h:48
LDNS_ECDSAP256SHA256
@ LDNS_ECDSAP256SHA256
Definition keys.h:56
LDNS_PRIVATEOID
@ LDNS_PRIVATEOID
Definition keys.h:62
LDNS_PRIVATEDNS
@ LDNS_PRIVATEDNS
Definition keys.h:61
LDNS_DH
@ LDNS_DH
Definition keys.h:47
LDNS_INDIRECT
@ LDNS_INDIRECT
Definition keys.h:60
LDNS_ECC
@ LDNS_ECC
Definition keys.h:49
ldns_signing_algorithm
enum ldns_enum_signing_algorithm ldns_signing_algorithm
Definition keys.h:110
LDNS_SIGN_RSASHA1
@ LDNS_SIGN_RSASHA1
Definition keys.h:84
LDNS_SIGN_ECDSAP256SHA256
@ LDNS_SIGN_ECDSAP256SHA256
Definition keys.h:95
LDNS_SIGN_DSA_NSEC3
@ LDNS_SIGN_DSA_NSEC3
Definition keys.h:92
LDNS_SIGN_ECC_GOST
@ LDNS_SIGN_ECC_GOST
Definition keys.h:94
LDNS_SIGN_ED448
@ LDNS_SIGN_ED448
Definition keys.h:101
LDNS_SIGN_ED25519
@ LDNS_SIGN_ED25519
Definition keys.h:98
LDNS_SIGN_RSASHA1_NSEC3
@ LDNS_SIGN_RSASHA1_NSEC3
Definition keys.h:88
LDNS_SIGN_HMACSHA224
@ LDNS_SIGN_HMACSHA224
Definition keys.h:106
LDNS_SIGN_ECDSAP384SHA384
@ LDNS_SIGN_ECDSAP384SHA384
Definition keys.h:96
LDNS_SIGN_HMACMD5
@ LDNS_SIGN_HMACMD5
Definition keys.h:103
LDNS_SIGN_RSAMD5
@ LDNS_SIGN_RSAMD5
Definition keys.h:83
LDNS_SIGN_RSASHA512
@ LDNS_SIGN_RSASHA512
Definition keys.h:90
LDNS_SIGN_DSA
@ LDNS_SIGN_DSA
Definition keys.h:86
LDNS_SIGN_RSASHA256
@ LDNS_SIGN_RSASHA256
Definition keys.h:89
LDNS_SIGN_HMACSHA384
@ LDNS_SIGN_HMACSHA384
Definition keys.h:107
LDNS_SIGN_HMACSHA1
@ LDNS_SIGN_HMACSHA1
Definition keys.h:104
LDNS_SIGN_HMACSHA512
@ LDNS_SIGN_HMACSHA512
Definition keys.h:108
LDNS_SIGN_HMACSHA256
@ LDNS_SIGN_HMACSHA256
Definition keys.h:105
LDNS_KEY_ZONE_KEY
#define LDNS_KEY_ZONE_KEY
Definition keys.h:37
ldns_algorithm
enum ldns_enum_algorithm ldns_algorithm
Definition keys.h:64
ldns.h
Including this file will include all ldns files, and define some lookup tables.
LDNS_MAX_PACKETLEN
#define LDNS_MAX_PACKETLEN
Definition packet.h:24
ldns_fget_token_l
ssize_t ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr)
returns a token/char from the stream F.
Definition parse.c:247
LDNS_MAX_LINELEN
#define LDNS_MAX_LINELEN
Definition parse.h:23
ldns_fget_keyword_data_l
ssize_t ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit, int *line_nr)
Definition parse.c:266
ldns_rdf_data
uint8_t * ldns_rdf_data(const ldns_rdf *rd)
returns the data of the rdf.
Definition rdata.c:38
ldns_rdf_clone
ldns_rdf * ldns_rdf_clone(const ldns_rdf *rd)
clones a rdf structure.
Definition rdata.c:222
ldns_rdf_new_frm_data
ldns_rdf * ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data)
allocates a new rdf structure and fills it.
Definition rdata.c:193
ldns_rdf_deep_free
void ldns_rdf_deep_free(ldns_rdf *rd)
frees a rdf structure and frees the data.
Definition rdata.c:230
ldns_native2rdf_int16
ldns_rdf * ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value)
returns the rdf containing the native uint16_t representation.
Definition rdata.c:132
ldns_native2rdf_int8
ldns_rdf * ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value)
returns the rdf containing the native uint8_t repr.
Definition rdata.c:126
LDNS_RDF_TYPE_B64
@ LDNS_RDF_TYPE_B64
b64 string
Definition rdata.h:70
LDNS_RDF_TYPE_INT8
@ LDNS_RDF_TYPE_INT8
8 bits
Definition rdata.h:52
LDNS_RDF_TYPE_INT16
@ LDNS_RDF_TYPE_INT16
16 bits
Definition rdata.h:54
LDNS_RDF_TYPE_ALG
@ LDNS_RDF_TYPE_ALG
a key algorithm
Definition rdata.h:83
ldns_rdf_size
size_t ldns_rdf_size(const ldns_rdf *rd)
returns the size of the rdf.
Definition rdata.c:24
ldns_rr_free
void ldns_rr_free(ldns_rr *rr)
frees an RR structure
Definition rr.c:81
ldns_rr_set_owner
void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner)
sets the owner in the rr structure.
Definition rr.c:802
ldns_rr_new_frm_str
ldns_status ldns_rr_new_frm_str(ldns_rr **n, const char *str, uint32_t default_ttl, const ldns_rdf *origin, ldns_rdf **prev)
creates an rr from a string.
Definition rr.c:670
ldns_rr_new
ldns_rr * ldns_rr_new(void)
creates a new rr structure.
Definition rr.c:30
ldns_rr_set_type
void ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type)
sets the type in the rr.
Definition rr.c:826
LDNS_RR_TYPE_DNSKEY
@ LDNS_RR_TYPE_DNSKEY
Definition rr.h:172
LDNS_RR_TYPE_DS
@ LDNS_RR_TYPE_DS
RFC4034, RFC3658.
Definition rr.h:164
LDNS_RR_TYPE_KEY
@ LDNS_RR_TYPE_KEY
2535typecode
Definition rr.h:128
ldns_rr_get_type
ldns_rr_type ldns_rr_get_type(const ldns_rr *rr)
returns the type of the rr.
Definition rr.c:941
ldns_rr_push_rdf
signed char ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f)
sets rd_field member, it will be placed in the next available spot.
Definition rr.c:855
ldns_str2rdf_b64
ldns_status ldns_str2rdf_b64(ldns_rdf **rd, const char *str)
convert the string with the b64 data into wireformat
Definition str2host.c:646
ldns_struct_buffer
implementation of buffers to ease operations
Definition buffer.h:51
ldns_struct_key_list
Same as rr_list, but now for keys.
Definition keys.h:173
ldns_struct_key_list::_key_count
size_t _key_count
Definition keys.h:174
ldns_struct_key_list::_keys
ldns_key ** _keys
Definition keys.h:175
ldns_struct_key
General key structure, can contain all types of keys that are used in DNSSEC.
Definition keys.h:122
ldns_struct_key::inception
uint32_t inception
The inception date of signatures made with this key.
Definition keys.h:155
ldns_struct_key::dnssec
struct ldns_struct_key::@1::@3 dnssec
Some values that influence generated signatures.
ldns_struct_key::keytag
uint16_t keytag
The keytag of this key.
Definition keys.h:159
ldns_struct_key::_use
signed char _use
Whether to use this key when signing.
Definition keys.h:125
ldns_struct_key::hmac
struct ldns_struct_key::@0::@2 hmac
The key can be an HMAC key.
ldns_struct_key::expiration
uint32_t expiration
The expiration date of signatures made with this key.
Definition keys.h:157
ldns_struct_key::size
size_t size
Definition keys.h:141
ldns_struct_key::key
EVP_PKEY * key
Definition keys.h:133
ldns_struct_key::_pubkey_owner
ldns_rdf * _pubkey_owner
Owner name of the key.
Definition keys.h:165
ldns_struct_key::_alg
ldns_signing_algorithm _alg
Definition keys.h:123
ldns_struct_key::_extra
union ldns_struct_key::@1 _extra
Depending on the key we can have extra data.
ldns_struct_key::external_key
void * external_key
the key structure can also just point to some external key data
Definition keys.h:146
ldns_struct_key::flags
uint16_t flags
The dnssec key flags as specified in RFC4035, like ZSK and KSK.
Definition keys.h:161
ldns_struct_key::orig_ttl
uint32_t orig_ttl
The TTL of the rrset that is currently signed.
Definition keys.h:153
ldns_struct_key::_key
struct ldns_struct_key::@0 _key
Storage pointers for the types of keys supported.
ldns_struct_lookup_table
A general purpose lookup table.
Definition util.h:178
ldns_struct_lookup_table::name
const char * name
Definition util.h:180
ldns_struct_lookup_table::id
int id
Definition util.h:179
ldns_struct_rdf
Resource record data field.
Definition rdata.h:203
ldns_struct_rr
Resource Record.
Definition rr.h:327
LDNS_FREE
#define LDNS_FREE(ptr)
Definition util.h:60
LDNS_MALLOC
#define LDNS_MALLOC(type)
Memory management macros.
Definition util.h:49
LDNS_XMALLOC
#define LDNS_XMALLOC(type, count)
Definition util.h:51
LDNS_XREALLOC
#define LDNS_XREALLOC(ptr, type, count)
Definition util.h:57