18 #include <openssl/ui.h>
19 #include <openssl/ssl.h>
20 #include <openssl/rand.h>
21 #include <openssl/bn.h>
22 #include <openssl/rsa.h>
24 #include <openssl/dsa.h>
26 #if defined(HAVE_OPENSSL_ENGINE_H) && !defined(OPENSSL_NO_ENGINE)
27 #include <openssl/engine.h>
29 # ifndef OPENSSL_NO_ENGINE
30 # define OPENSSL_NO_ENGINE
77 key_list->
_keys = NULL;
114 #if defined(HAVE_SSL) && !defined(OPENSSL_NO_ENGINE)
124 k->
_key.
key = ENGINE_load_private_key(e, key_id, UI_OpenSSL(), NULL);
135 #if defined(USE_GOST) && !defined(OPENSSL_NO_ENGINE)
137 ENGINE* ldns_gost_engine = NULL;
142 static int gost_id = 0;
143 const EVP_PKEY_ASN1_METHOD* meth;
146 if(gost_id)
return gost_id;
149 meth = EVP_PKEY_asn1_find_str(NULL,
"gost2001", -1);
151 EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
156 e = ENGINE_by_id(
"gost");
159 ENGINE_load_builtin_engines();
160 ENGINE_load_dynamic();
161 e = ENGINE_by_id(
"gost");
167 if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
173 meth = EVP_PKEY_asn1_find_str(&e,
"gost2001", -1);
182 ldns_gost_engine = e;
184 EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
190 if(ldns_gost_engine) {
191 ENGINE_finish(ldns_gost_engine);
192 ENGINE_free(ldns_gost_engine);
193 ldns_gost_engine = NULL;
199 ldns_key_new_frm_fp_gost_l(FILE* fp,
int* line_nr)
202 const unsigned char* pp;
212 sizeof(token), line_nr) == -1)
214 while(strlen(token) < 96) {
217 sizeof(token)-strlen(token), line_nr) == -1)
223 pkey = d2i_PrivateKey(gost_id, NULL, &pp, (
int)
ldns_rdf_size(b64rdf));
232 ldns_EC_KEY_calc_public(EC_KEY* ec)
235 const EC_GROUP* group;
236 group = EC_KEY_get0_group(ec);
237 pub_key = EC_POINT_new(group);
238 if(!pub_key)
return 0;
239 if(!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
240 EC_POINT_free(pub_key);
243 if(!EC_POINT_mul(group, pub_key, EC_KEY_get0_private_key(ec),
245 EC_POINT_free(pub_key);
248 if(EC_KEY_set_public_key(ec, pub_key) == 0) {
249 EC_POINT_free(pub_key);
252 EC_POINT_free(pub_key);
258 ldns_key_new_frm_fp_ecdsa_l(FILE* fp,
ldns_algorithm alg,
int* line_nr)
267 sizeof(token), line_nr) == -1)
274 ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
276 ec = EC_KEY_new_by_curve_name(NID_secp384r1);
288 EC_KEY_set_private_key(ec, bn);
290 if(!ldns_EC_KEY_calc_public(ec)) {
295 evp_key = EVP_PKEY_new();
300 if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
301 EVP_PKEY_free(evp_key);
312 ldns_ed25519_priv_raw(uint8_t* pkey,
int plen)
314 const unsigned char* pp;
317 uint8_t pre[] = {0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
318 0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20};
331 buflen = pre_len + plen;
332 if((
size_t)buflen >
sizeof(buf))
334 memmove(buf, pre, pre_len);
335 memmove(buf+pre_len, pkey, plen);
340 return d2i_PrivateKey(NID_ED25519, NULL, &pp, buflen);
345 ldns_key_new_frm_fp_ed25519_l(FILE* fp,
int* line_nr)
351 sizeof(token), line_nr) == -1)
372 ldns_ed448_priv_raw(uint8_t* pkey,
int plen)
374 const unsigned char* pp;
377 uint8_t pre[] = {0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39};
383 buflen = pre_len + plen;
384 if((
size_t)buflen >
sizeof(buf))
386 memmove(buf, pre, pre_len);
387 memmove(buf+pre_len, pkey, plen);
392 return d2i_PrivateKey(NID_ED448, NULL, &pp, buflen);
397 ldns_key_new_frm_fp_ed448_l(FILE* fp,
int* line_nr)
403 sizeof(token), line_nr) == -1)
457 if (strncmp(d,
"v1.", 3) != 0) {
473 if (strncmp(d,
"1 RSA", 2) == 0) {
476 if (strncmp(d,
"2 DH", 2) == 0) {
479 if (strncmp(d,
"3 DSA", 2) == 0) {
484 fprintf(stderr,
"Warning: DSA not compiled into this ");
485 fprintf(stderr,
"version of ldns\n");
489 if (strncmp(d,
"4 ECC", 2) == 0) {
492 if (strncmp(d,
"5 RSASHA1", 2) == 0) {
495 if (strncmp(d,
"6 DSA", 2) == 0) {
500 fprintf(stderr,
"Warning: DSA not compiled into this ");
501 fprintf(stderr,
"version of ldns\n");
505 if (strncmp(d,
"7 RSASHA1", 2) == 0) {
509 if (strncmp(d,
"8 RSASHA256", 2) == 0) {
514 fprintf(stderr,
"Warning: SHA256 not compiled into this ");
515 fprintf(stderr,
"version of ldns\n");
519 if (strncmp(d,
"10 RSASHA512", 3) == 0) {
524 fprintf(stderr,
"Warning: SHA512 not compiled into this ");
525 fprintf(stderr,
"version of ldns\n");
529 if (strncmp(d,
"12 ECC-GOST", 3) == 0) {
534 fprintf(stderr,
"Warning: ECC-GOST not compiled into this ");
535 fprintf(stderr,
"version of ldns, use --enable-gost\n");
539 if (strncmp(d,
"13 ECDSAP256SHA256", 3) == 0) {
544 fprintf(stderr,
"Warning: ECDSA not compiled into this ");
545 fprintf(stderr,
"version of ldns, use --enable-ecdsa\n");
549 if (strncmp(d,
"14 ECDSAP384SHA384", 3) == 0) {
554 fprintf(stderr,
"Warning: ECDSA not compiled into this ");
555 fprintf(stderr,
"version of ldns, use --enable-ecdsa\n");
559 if (strncmp(d,
"15 ED25519", 3) == 0) {
564 fprintf(stderr,
"Warning: ED25519 not compiled into this ");
565 fprintf(stderr,
"version of ldns, use --enable-ed25519\n");
569 if (strncmp(d,
"16 ED448", 3) == 0) {
574 fprintf(stderr,
"Warning: ED448 not compiled into this ");
575 fprintf(stderr,
"version of ldns, use --enable-ed448\n");
579 if (strncmp(d,
"157 HMAC-MD5", 4) == 0) {
582 if (strncmp(d,
"158 HMAC-SHA1", 4) == 0) {
585 if (strncmp(d,
"159 HMAC-SHA256", 4) == 0) {
589 if (strncmp(d,
"161 ", 4) == 0) {
592 if (strncmp(d,
"162 HMAC-SHA224", 4) == 0) {
596 if (strncmp(d,
"163 ", 4) == 0) {
599 if (strncmp(d,
"164 HMAC-SHA384", 4) == 0) {
602 if (strncmp(d,
"165 HMAC-SHA512", 4) == 0) {
658 #if defined(HAVE_SSL) && defined(USE_GOST)
664 ldns_key_new_frm_fp_gost_l(fp, line_nr));
691 ldns_key_new_frm_fp_ed25519_l(fp, line_nr));
704 ldns_key_new_frm_fp_ed448_l(fp, line_nr));
768 BIGNUM *n=NULL, *e=NULL, *d=NULL, *p=NULL, *q=NULL,
769 *dmp1=NULL, *dmq1=NULL, *iqmp=NULL;
774 if (!b || !rsa || !buf) {
786 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
788 n = BN_bin2bn((
const char unsigned*)buf, i, NULL);
797 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
798 e = BN_bin2bn((
const char unsigned*)buf, i, NULL);
807 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
808 d = BN_bin2bn((
const char unsigned*)buf, i, NULL);
817 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
818 p = BN_bin2bn((
const char unsigned*)buf, i, NULL);
827 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
828 q = BN_bin2bn((
const char unsigned*)buf, i, NULL);
837 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
838 dmp1 = BN_bin2bn((
const char unsigned*)buf, i, NULL);
847 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
848 dmq1 = BN_bin2bn((
const char unsigned*)buf, i, NULL);
857 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
858 iqmp = BN_bin2bn((
const char unsigned*)buf, i, NULL);
864 #if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000)
876 if(!RSA_set0_key(rsa, n, e, d))
881 if(!RSA_set0_factors(rsa, p, q))
885 if(!RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))
922 BIGNUM *p=NULL, *q=NULL, *g=NULL, *priv_key=NULL, *pub_key=NULL;
927 if (!d || !dsa || !buf) {
937 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
939 p = BN_bin2bn((
const char unsigned*)buf, i, NULL);
948 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
949 q = BN_bin2bn((
const char unsigned*)buf, i, NULL);
958 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
959 g = BN_bin2bn((
const char unsigned*)buf, i, NULL);
968 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
969 priv_key = BN_bin2bn((
const char unsigned*)buf, i, NULL);
978 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
979 pub_key = BN_bin2bn((
const char unsigned*)buf, i, NULL);
985 #if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000)
990 dsa->priv_key = priv_key;
991 dsa->pub_key = pub_key;
994 if(!DSA_set0_pqg(dsa, p, q, g))
999 if(!DSA_set0_key(dsa, pub_key, priv_key))
1035 unsigned char *buf = NULL;
1041 ldns_b64_ntop_calculate_size(strlen(d))))) == NULL
1050 ldns_gen_gost_key(
void)
1057 ctx = EVP_PKEY_CTX_new_id(gost_id, NULL);
1062 if(EVP_PKEY_CTX_ctrl_str(ctx,
"paramset",
"A") <= 0) {
1064 EVP_PKEY_CTX_free(ctx);
1068 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1069 EVP_PKEY_CTX_free(ctx);
1072 if(EVP_PKEY_keygen(ctx, &p) <= 0) {
1074 EVP_PKEY_CTX_free(ctx);
1077 EVP_PKEY_CTX_free(ctx);
1093 # ifdef HAVE_EVP_PKEY_KEYGEN
1100 uint16_t offset = 0;
1102 unsigned char *hmac;
1115 #ifdef HAVE_EVP_PKEY_KEYGEN
1116 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
1121 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1123 EVP_PKEY_CTX_free(ctx);
1126 if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, size) <= 0) {
1128 EVP_PKEY_CTX_free(ctx);
1132 if (EVP_PKEY_keygen(ctx, &k->
_key.
key) <= 0) {
1134 EVP_PKEY_CTX_free(ctx);
1138 EVP_PKEY_CTX_free(ctx);
1140 r = RSA_generate_key((
int)size, RSA_F4, NULL, NULL);
1145 if (RSA_check_key(r) != 1) {
1158 # if OPENSSL_VERSION_NUMBER < 0x00908000L
1159 d = DSA_generate_parameters((
int)size, NULL, 0, NULL, NULL, NULL, NULL);
1166 if (! (d = DSA_new())) {
1170 if (! DSA_generate_parameters_ex(d, (
int)size, NULL, 0, NULL, NULL, NULL)) {
1176 if (DSA_generate_key(d) != 1) {
1205 if (RAND_bytes(hmac, (
int) size) != 1) {
1211 while (offset +
sizeof(i) < size) {
1213 memcpy(&hmac[offset], &i,
sizeof(i));
1214 offset +=
sizeof(i);
1216 if (offset < size) {
1218 memcpy(&hmac[offset], &i, size - offset);
1226 #if defined(HAVE_SSL) && defined(USE_GOST)
1243 ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1245 ec = EC_KEY_new_by_curve_name(NID_secp384r1);
1250 if(!EC_KEY_generate_key(ec)) {
1262 if (!EVP_PKEY_assign_EC_KEY(k->
_key.
key, ec)) {
1275 #ifdef HAVE_EVP_PKEY_KEYGEN
1276 ctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
1281 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1283 EVP_PKEY_CTX_free(ctx);
1286 if (EVP_PKEY_keygen(ctx, &k->
_key.
key) <= 0) {
1288 EVP_PKEY_CTX_free(ctx);
1291 EVP_PKEY_CTX_free(ctx);
1297 #ifdef HAVE_EVP_PKEY_KEYGEN
1298 ctx = EVP_PKEY_CTX_new_id(NID_ED448, NULL);
1303 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1305 EVP_PKEY_CTX_free(ctx);
1308 if (EVP_PKEY_keygen(ctx, &k->
_key.
key) <= 0) {
1310 EVP_PKEY_CTX_free(ctx);
1313 EVP_PKEY_CTX_free(ctx);
1327 fprintf(output,
"%s", str);
1329 fprintf(output,
"Unable to convert private key to string\n");
1358 EVP_PKEY *key = EVP_PKEY_new();
1359 EVP_PKEY_set1_RSA(key, r);
1367 EVP_PKEY *key = EVP_PKEY_new();
1368 EVP_PKEY_set1_DSA(key, d);
1378 EVP_PKEY *key = EVP_PKEY_new();
1379 EVP_PKEY_assign_RSA(key, r);
1387 EVP_PKEY *key = EVP_PKEY_new();
1388 EVP_PKEY_assign_DSA(key, d);
1456 return key->
_keys[nr];
1497 return EVP_PKEY_get1_RSA(k->
_key.
key);
1508 return EVP_PKEY_get1_DSA(k->
_key.
key);
1615 key_list->
_keys = keys;
1616 key_list->
_keys[key_count] = key;
1634 if (key_count == 0) {
1643 key_list->
_keys = a;
1655 ldns_key_rsa2bin(
unsigned char *data, RSA *k, uint16_t *size)
1658 const BIGNUM *n=NULL, *e=NULL;
1663 #if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000)
1667 RSA_get0_key(k, &n, &e, NULL);
1670 if (BN_num_bytes(e) <= 256) {
1674 data[0] = (
unsigned char) BN_num_bytes(e);
1675 i = BN_bn2bin(e, data + 1);
1676 j = BN_bn2bin(n, data + i + 1);
1677 *size = (uint16_t) i + j;
1678 }
else if (BN_num_bytes(e) <= 65536) {
1681 ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(e));
1683 BN_bn2bin(e, data + 3);
1684 BN_bn2bin(n, data + 4 + BN_num_bytes(e));
1685 *size = (uint16_t) BN_num_bytes(n) + 6;
1695 ldns_key_dsa2bin(
unsigned char *data, DSA *k, uint16_t *size)
1698 const BIGNUM *p, *q, *g;
1699 const BIGNUM *pub_key, *priv_key;
1706 # ifdef HAVE_DSA_GET0_PQG
1707 DSA_get0_pqg(k, &p, &q, &g);
1709 p = k->p; q = k->q; g = k->g;
1711 # ifdef HAVE_DSA_GET0_KEY
1712 DSA_get0_key(k, &pub_key, &priv_key);
1714 pub_key = k->pub_key; priv_key = k->priv_key;
1717 *size = (uint16_t)BN_num_bytes(p);
1718 T = (*size - 64) / 8;
1722 fprintf(stderr,
"DSA key with T > 8 (ie. > 1024 bits)");
1723 fprintf(stderr,
" not implemented\n");
1729 memset(data, 0, 21 + *size * 3);
1730 data[0] = (
unsigned char)T;
1731 BN_bn2bin(q, data + 1 );
1732 BN_bn2bin(p, data + 21 );
1733 BN_bn2bin(g, data + 21 + *size * 2 - BN_num_bytes(g));
1734 BN_bn2bin(pub_key,data + 21 + *size * 3 - BN_num_bytes(pub_key));
1735 *size = 21 + *size * 3;
1742 ldns_key_gost2bin(
unsigned char* data, EVP_PKEY* k, uint16_t* size)
1745 unsigned char* pp = NULL;
1746 if(i2d_PUBKEY(k, &pp) != 37 + 64) {
1762 ldns_key_ed255192bin(
unsigned char* data, EVP_PKEY* k, uint16_t* size)
1765 unsigned char* pp = NULL;
1766 if(i2d_PUBKEY(k, &pp) != 12 + 32) {
1782 ldns_key_ed4482bin(
unsigned char* data, EVP_PKEY* k, uint16_t* size)
1785 unsigned char* pp = NULL;
1786 if(i2d_PUBKEY(k, &pp) != 12 + 57) {
1812 unsigned char *bin = NULL;
1823 int internal_data = 0;
1872 if (!ldns_key_rsa2bin(bin, rsa, &size)) {
1895 if (!ldns_key_dsa2bin(bin, dsa, &size)) {
1918 if (!ldns_key_dsa2bin(bin, dsa, &size)) {
1932 #if defined(HAVE_SSL) && defined(USE_GOST)
1939 if (!ldns_key_gost2bin(bin, k->
_key.
key, &size)) {
1958 ec = EVP_PKEY_get1_EC_KEY(k->
_key.
key);
1960 EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
1961 size = (uint16_t)i2o_ECPublicKey(ec, NULL);
1962 if(!i2o_ECPublicKey(ec, &bin)) {
1972 assert(bin[0] == POINT_CONVERSION_UNCOMPRESSED);
1974 memmove(bin, bin+1, size);
1994 if (!ldns_key_ed255192bin(bin, k->
_key.
key, &size)) {
2011 if (!ldns_key_ed4482bin(bin, k->
_key.
key, &size)) {
2039 if (internal_data) {
2056 unsigned char* hmac;
2097 fp = fopen(filename,
"r");
2100 fprintf(stderr,
"Unable to open %s: %s\n", filename, strerror(errno));
2116 fprintf(stderr,
"nothing read from %s", filename);
2139 char *file_base_name;
2150 return file_base_name;
2194 if(strcasecmp(lt->
name, name) == 0)
2200 if(strcasecmp(lt->
name, name) == 0)
2204 a = strtol(name, &endptr, 10);
2205 if (*name && !*endptr)
void ldns_buffer_free(ldns_buffer *buffer)
frees the buffer.
ldns_buffer * ldns_buffer_new(size_t capacity)
creates a new buffer with the specified capacity.
int ldns_buffer_printf(ldns_buffer *buffer, const char *format,...)
prints to the buffer, increasing the capacity if required using buffer_reserve().
void * ldns_buffer_export(ldns_buffer *buffer)
Makes the buffer fixed and returns a pointer to the data.
int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
#define LDNS_DNSSEC_KEYPROTO
uint16_t ldns_calc_keytag(const ldns_rr *key)
calculates a keytag of a key for use in DNSSEC.
@ LDNS_STATUS_SYNTAX_VERSION_ERR
@ LDNS_STATUS_ENGINE_KEY_NOT_LOADED
@ LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL
@ LDNS_STATUS_SYNTAX_ALG_ERR
const char * ldns_get_errorstr_by_id(ldns_status err)
look up a descriptive text by each error.
enum ldns_enum_status ldns_status
char * ldns_key2str(const ldns_key *k)
Converts a private key to the test presentation fmt and returns that as a char *.
ldns_status ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname)
Print the ldns_rdf containing a dname to the buffer.
ldns_status ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
Creates a new private key based on the contents of the file pointed by fp.
void ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
Set the keylist's key count to count.
uint32_t ldns_key_expiration(const ldns_key *k)
return the key's expiration date
void ldns_key_list_set_use(ldns_key_list *keys, signed char v)
Set the 'use' flag for all keys in the list.
void ldns_key_list_free(ldns_key_list *key_list)
Frees a key list structure.
void ldns_key_set_use(ldns_key *k, signed char v)
set the use flag
EVP_PKEY * ldns_key_evp_key(const ldns_key *k)
returns the (openssl) EVP struct contained in the key
ldns_key * ldns_key_list_pop_key(ldns_key_list *key_list)
pops the last rr from a keylist
ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char *name)
Get signing algorithm by name.
RSA * ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
frm_fp helper function.
int ldns_key_algo_supported(int algo)
See if a key algorithm is supported.
void ldns_key_set_external_key(ldns_key *k, void *external_key)
Set the key id data.
void ldns_key_set_expiration(ldns_key *k, uint32_t e)
Set the key's expiration date (seconds after epoch)
ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
Creates a new priv key based on the contents of the file pointed by fp.
void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
Set the key's hmac data.
void ldns_key_set_dsa_key(ldns_key *k, DSA *d)
Set the key's dsa data The dsa data should be freed by the user.
ldns_rr * ldns_key2rr(const ldns_key *k)
converts a ldns_key to a public key rr If the key data exists at an external point,...
void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
Set the key's pubkey owner.
unsigned char * ldns_key_hmac_key(const ldns_key *k)
return the hmac key data
ldns_key_list * ldns_key_list_new(void)
Creates a new empty key list.
ldns_key * ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
Creates a new key based on the algorithm.
DSA * ldns_key_new_frm_fp_dsa(FILE *f)
frm_fp helper function.
ldns_rr * ldns_read_anchor_file(const char *filename)
Instantiates a DNSKEY or DS RR from file.
uint32_t ldns_key_origttl(const ldns_key *k)
return the original ttl of the key
signed char ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
pushes a key to a keylist
void * ldns_key_external_key(const ldns_key *k)
return the key id key data
void ldns_key_print(FILE *output, const ldns_key *k)
print a private key to the file output
unsigned char * ldns_key_new_frm_fp_hmac_l(FILE *f, int *line_nr __attribute__((unused)), size_t *hmac_size)
void ldns_key_assign_dsa_key(ldns_key *k, DSA *d)
Assign the key's dsa data The dsa data will be freed automatically when the key is freed.
size_t ldns_key_hmac_size(const ldns_key *k)
return the hmac key size
char * ldns_key_get_file_base_name(const ldns_key *key)
Returns the 'default base name' for key files; IE.
uint16_t ldns_key_keytag(const ldns_key *k)
return the keytag
void ldns_key_set_origttl(ldns_key *k, uint32_t t)
Set the key's original ttl.
ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k)
return the signing alg of the key
void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
Set the key's evp key.
void ldns_key_set_keytag(ldns_key *k, uint16_t tag)
Set the key's key tag.
void ldns_key_free(ldns_key *key)
frees a key structure, but not its internal data structures
uint32_t ldns_key_inception(const ldns_key *k)
return the key's inception date
void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
Set the key's hmac size.
RSA * ldns_key_rsa_key(const ldns_key *k)
returns the (openssl) RSA struct contained in the key
ldns_rdf * ldns_key_pubkey_owner(const ldns_key *k)
return the public key's owner
signed char ldns_key_use(const ldns_key *k)
return the use flag
RSA * ldns_key_new_frm_fp_rsa(FILE *f)
frm_fp helper function.
ldns_lookup_table ldns_signing_algorithms[]
ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
Read the key with the given id from the given engine and store it in the given ldns_key structure.
ldns_key * ldns_key_new(void)
Creates a new empty key structure.
unsigned char * ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
frm_fp helper function.
uint16_t ldns_key_flags(const ldns_key *k)
return the flag of the key
void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l)
Set the key's algorithm.
DSA * ldns_key_dsa_key(const ldns_key *k)
returns the (openssl) DSA struct contained in the key
void ldns_key_assign_rsa_key(ldns_key *k, RSA *r)
Assign the key's rsa data The rsa data will be freed automatically when the key is freed.
DSA * ldns_key_new_frm_fp_dsa_l(FILE *f, int *line_nr __attribute__((unused)))
size_t ldns_key_list_key_count(const ldns_key_list *key_list)
returns the number of keys in the key list
void ldns_key_set_flags(ldns_key *k, uint16_t f)
Set the key's flags.
void ldns_key_set_rsa_key(ldns_key *k, RSA *r)
Set the key's rsa data.
void ldns_key_deep_free(ldns_key *key)
frees a key structure and all its internal data structures, except the data set by ldns_key_set_exter...
void ldns_key_set_inception(ldns_key *k, uint32_t i)
Set the key's inception date (seconds after epoch)
ldns_key * ldns_key_list_key(const ldns_key_list *key, size_t nr)
returns a pointer to the key in the list at the given position
void ldns_key_EVP_unload_gost(void)
Release the engine reference held for the GOST engine.
int ldns_key_EVP_load_gost_id(void)
Get the PKEY id for GOST, loads GOST into openssl as a side effect.
enum ldns_enum_signing_algorithm ldns_signing_algorithm
@ LDNS_SIGN_ECDSAP256SHA256
@ LDNS_SIGN_RSASHA1_NSEC3
@ LDNS_SIGN_ECDSAP384SHA384
#define LDNS_KEY_ZONE_KEY
enum ldns_enum_algorithm ldns_algorithm
Including this file will include all ldns files, and define some lookup tables.
#define LDNS_MAX_PACKETLEN
ssize_t ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr)
returns a token/char from the stream F.
ssize_t ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit, int *line_nr)
ldns_rdf * ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value)
returns the rdf containing the native uint8_t repr.
void ldns_rdf_deep_free(ldns_rdf *rd)
frees a rdf structure and frees the data.
ldns_rdf * ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value)
returns the rdf containing the native uint16_t representation.
@ LDNS_RDF_TYPE_B64
b64 string
@ LDNS_RDF_TYPE_INT8
8 bits
@ LDNS_RDF_TYPE_INT16
16 bits
@ LDNS_RDF_TYPE_ALG
a key algorithm
size_t ldns_rdf_size(const ldns_rdf *rd)
returns the size of the rdf.
uint8_t * ldns_rdf_data(const ldns_rdf *rd)
returns the data of the rdf.
ldns_rdf * ldns_rdf_clone(const ldns_rdf *rd)
clones a rdf structure.
ldns_rdf * ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data)
allocates a new rdf structure and fills it.
void ldns_rr_free(ldns_rr *rr)
frees an RR structure
void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner)
sets the owner in the rr structure.
ldns_status ldns_rr_new_frm_str(ldns_rr **n, const char *str, uint32_t default_ttl, const ldns_rdf *origin, ldns_rdf **prev)
creates an rr from a string.
void ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type)
sets the type in the rr.
@ LDNS_RR_TYPE_DS
RFC4034, RFC3658.
@ LDNS_RR_TYPE_KEY
2535typecode
ldns_rr_type ldns_rr_get_type(const ldns_rr *rr)
returns the type of the rr.
signed char ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f)
sets rd_field member, it will be placed in the next available spot.
ldns_rr * ldns_rr_new(void)
creates a new rr structure.
ldns_status ldns_str2rdf_b64(ldns_rdf **rd, const char *str)
convert the string with the b64 data into wireformat
implementation of buffers to ease operations
Same as rr_list, but now for keys.
General key structure, can contain all types of keys that are used in DNSSEC.
struct ldns_struct_key::@1::@3 dnssec
Some values that influence generated signatures.
signed char _use
Whether to use this key when signing.
struct ldns_struct_key::@0::@2 hmac
The key can be an HMAC key.
ldns_rdf * _pubkey_owner
Owner name of the key.
ldns_signing_algorithm _alg
union ldns_struct_key::@1 _extra
Depending on the key we can have extra data.
void * external_key
the key structure can also just point to some external key data
struct ldns_struct_key::@0 _key
Storage pointers for the types of keys supported.
A general purpose lookup table.
Resource record data field.
#define LDNS_MALLOC(type)
Memory management macros.
#define LDNS_XMALLOC(type, count)
#define LDNS_XREALLOC(ptr, type, count)