18 #include <openssl/ui.h> 19 #include <openssl/ssl.h> 20 #include <openssl/rand.h> 21 #include <openssl/bn.h> 22 #include <openssl/rsa.h> 24 #include <openssl/dsa.h> 26 #ifndef OPENSSL_NO_ENGINE 27 #include <openssl/engine.h> 47 { LDNS_SIGN_ED25519,
"ED25519" },
50 { LDNS_SIGN_ED448,
"ED448" },
73 key_list->
_keys = NULL;
110 #if defined(HAVE_SSL) && !defined(OPENSSL_NO_ENGINE) 119 k->
_key.
key = ENGINE_load_private_key(e, key_id, UI_OpenSSL(), NULL);
137 ENGINE* ldns_gost_engine = NULL;
142 static int gost_id = 0;
143 const EVP_PKEY_ASN1_METHOD* meth;
146 if(gost_id)
return gost_id;
149 meth = EVP_PKEY_asn1_find_str(NULL,
"gost2001", -1);
151 EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
156 e = ENGINE_by_id(
"gost");
159 ENGINE_load_builtin_engines();
160 ENGINE_load_dynamic();
161 e = ENGINE_by_id(
"gost");
167 if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
173 meth = EVP_PKEY_asn1_find_str(&e,
"gost2001", -1);
182 ldns_gost_engine = e;
184 EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
190 if(ldns_gost_engine) {
191 ENGINE_finish(ldns_gost_engine);
192 ENGINE_free(ldns_gost_engine);
193 ldns_gost_engine = NULL;
199 ldns_key_new_frm_fp_gost_l(FILE* fp,
int* line_nr)
202 const unsigned char* pp;
212 sizeof(token), line_nr) == -1)
214 while(strlen(token) < 96) {
217 sizeof(token)-strlen(token), line_nr) == -1)
223 pkey = d2i_PrivateKey(gost_id, NULL, &pp, (
int)
ldns_rdf_size(b64rdf));
232 ldns_EC_KEY_calc_public(EC_KEY* ec)
235 const EC_GROUP* group;
236 group = EC_KEY_get0_group(ec);
237 pub_key = EC_POINT_new(group);
238 if(!pub_key)
return 0;
239 if(!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
240 EC_POINT_free(pub_key);
243 if(!EC_POINT_mul(group, pub_key, EC_KEY_get0_private_key(ec),
245 EC_POINT_free(pub_key);
248 if(EC_KEY_set_public_key(ec, pub_key) == 0) {
249 EC_POINT_free(pub_key);
252 EC_POINT_free(pub_key);
258 ldns_key_new_frm_fp_ecdsa_l(FILE* fp,
ldns_algorithm alg,
int* line_nr)
267 sizeof(token), line_nr) == -1)
274 ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
276 ec = EC_KEY_new_by_curve_name(NID_secp384r1);
288 EC_KEY_set_private_key(ec, bn);
290 if(!ldns_EC_KEY_calc_public(ec)) {
295 evp_key = EVP_PKEY_new();
300 if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
301 EVP_PKEY_free(evp_key);
312 ldns_ed25519_priv_raw(uint8_t* pkey,
int plen)
314 const unsigned char* pp;
317 uint8_t pre[] = {0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06,
318 0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20};
331 buflen = pre_len + plen;
332 if((
size_t)buflen >
sizeof(buf))
334 memmove(buf, pre, pre_len);
335 memmove(buf+pre_len, pkey, plen);
340 return d2i_PrivateKey(NID_ED25519, NULL, &pp, buflen);
345 ldns_key_new_frm_fp_ed25519_l(FILE* fp,
int* line_nr)
351 sizeof(token), line_nr) == -1)
372 ldns_ed448_priv_raw(uint8_t* pkey,
int plen)
374 const unsigned char* pp;
377 uint8_t pre[] = {0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39};
383 buflen = pre_len + plen;
384 if((
size_t)buflen >
sizeof(buf))
386 memmove(buf, pre, pre_len);
387 memmove(buf+pre_len, pkey, plen);
392 return d2i_PrivateKey(NID_ED448, NULL, &pp, buflen);
397 ldns_key_new_frm_fp_ed448_l(FILE* fp,
int* line_nr)
403 sizeof(token), line_nr) == -1)
457 if (strncmp(d,
"v1.", 3) != 0) {
473 if (strncmp(d,
"1 RSA", 2) == 0) {
476 if (strncmp(d,
"2 DH", 2) == 0) {
479 if (strncmp(d,
"3 DSA", 2) == 0) {
484 fprintf(stderr,
"Warning: DSA not compiled into this ");
485 fprintf(stderr,
"version of ldns\n");
489 if (strncmp(d,
"4 ECC", 2) == 0) {
492 if (strncmp(d,
"5 RSASHA1", 2) == 0) {
495 if (strncmp(d,
"6 DSA", 2) == 0) {
500 fprintf(stderr,
"Warning: DSA not compiled into this ");
501 fprintf(stderr,
"version of ldns\n");
505 if (strncmp(d,
"7 RSASHA1", 2) == 0) {
509 if (strncmp(d,
"8 RSASHA256", 2) == 0) {
514 fprintf(stderr,
"Warning: SHA256 not compiled into this ");
515 fprintf(stderr,
"version of ldns\n");
519 if (strncmp(d,
"10 RSASHA512", 3) == 0) {
524 fprintf(stderr,
"Warning: SHA512 not compiled into this ");
525 fprintf(stderr,
"version of ldns\n");
529 if (strncmp(d,
"12 ECC-GOST", 3) == 0) {
534 fprintf(stderr,
"Warning: ECC-GOST not compiled into this ");
535 fprintf(stderr,
"version of ldns, use --enable-gost\n");
539 if (strncmp(d,
"13 ECDSAP256SHA256", 3) == 0) {
544 fprintf(stderr,
"Warning: ECDSA not compiled into this ");
545 fprintf(stderr,
"version of ldns, use --enable-ecdsa\n");
549 if (strncmp(d,
"14 ECDSAP384SHA384", 3) == 0) {
554 fprintf(stderr,
"Warning: ECDSA not compiled into this ");
555 fprintf(stderr,
"version of ldns, use --enable-ecdsa\n");
559 if (strncmp(d,
"15 ED25519", 3) == 0) {
561 alg = LDNS_SIGN_ED25519;
564 fprintf(stderr,
"Warning: ED25519 not compiled into this ");
565 fprintf(stderr,
"version of ldns, use --enable-ed25519\n");
569 if (strncmp(d,
"16 ED448", 3) == 0) {
571 alg = LDNS_SIGN_ED448;
574 fprintf(stderr,
"Warning: ED448 not compiled into this ");
575 fprintf(stderr,
"version of ldns, use --enable-ed448\n");
579 if (strncmp(d,
"157 HMAC-MD5", 4) == 0) {
582 if (strncmp(d,
"158 HMAC-SHA1", 4) == 0) {
585 if (strncmp(d,
"159 HMAC-SHA256", 4) == 0) {
589 if (strncmp(d,
"161 ", 4) == 0) {
592 if (strncmp(d,
"162 HMAC-SHA224", 4) == 0) {
596 if (strncmp(d,
"163 ", 4) == 0) {
599 if (strncmp(d,
"164 HMAC-SHA384", 4) == 0) {
602 if (strncmp(d,
"165 HMAC-SHA512", 4) == 0) {
658 #if defined(HAVE_SSL) && defined(USE_GOST) 664 ldns_key_new_frm_fp_gost_l(fp, line_nr));
688 case LDNS_SIGN_ED25519:
691 ldns_key_new_frm_fp_ed25519_l(fp, line_nr));
701 case LDNS_SIGN_ED448:
704 ldns_key_new_frm_fp_ed448_l(fp, line_nr));
768 BIGNUM *n=NULL, *e=NULL, *d=NULL, *p=NULL, *q=NULL,
769 *dmp1=NULL, *dmq1=NULL, *iqmp=NULL;
774 if (!b || !rsa || !buf) {
786 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
788 n = BN_bin2bn((
const char unsigned*)buf, i, NULL);
797 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
798 e = BN_bin2bn((
const char unsigned*)buf, i, NULL);
807 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
808 d = BN_bin2bn((
const char unsigned*)buf, i, NULL);
817 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
818 p = BN_bin2bn((
const char unsigned*)buf, i, NULL);
827 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
828 q = BN_bin2bn((
const char unsigned*)buf, i, NULL);
837 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
838 dmp1 = BN_bin2bn((
const char unsigned*)buf, i, NULL);
847 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
848 dmq1 = BN_bin2bn((
const char unsigned*)buf, i, NULL);
857 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
858 iqmp = BN_bin2bn((
const char unsigned*)buf, i, NULL);
864 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) 876 if(!RSA_set0_key(rsa, n, e, d))
881 if(!RSA_set0_factors(rsa, p, q))
885 if(!RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))
921 BIGNUM *p=NULL, *q=NULL, *g=NULL, *priv_key=NULL, *pub_key=NULL;
926 if (!d || !dsa || !buf) {
936 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
938 p = BN_bin2bn((
const char unsigned*)buf, i, NULL);
947 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
948 q = BN_bin2bn((
const char unsigned*)buf, i, NULL);
957 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
958 g = BN_bin2bn((
const char unsigned*)buf, i, NULL);
967 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
968 priv_key = BN_bin2bn((
const char unsigned*)buf, i, NULL);
977 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
978 pub_key = BN_bin2bn((
const char unsigned*)buf, i, NULL);
984 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) 989 dsa->priv_key = priv_key;
990 dsa->pub_key = pub_key;
993 if(!DSA_set0_pqg(dsa, p, q, g))
998 if(!DSA_set0_key(dsa, pub_key, priv_key))
1033 unsigned char *buf = NULL;
1039 ldns_b64_ntop_calculate_size(strlen(d))))) == NULL
1048 ldns_gen_gost_key(
void)
1055 ctx = EVP_PKEY_CTX_new_id(gost_id, NULL);
1060 if(EVP_PKEY_CTX_ctrl_str(ctx,
"paramset",
"A") <= 0) {
1062 EVP_PKEY_CTX_free(ctx);
1066 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1067 EVP_PKEY_CTX_free(ctx);
1070 if(EVP_PKEY_keygen(ctx, &p) <= 0) {
1072 EVP_PKEY_CTX_free(ctx);
1075 EVP_PKEY_CTX_free(ctx);
1091 # ifdef HAVE_EVP_PKEY_KEYGEN 1098 uint16_t offset = 0;
1100 unsigned char *hmac;
1113 #ifdef HAVE_EVP_PKEY_KEYGEN 1114 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
1119 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1121 EVP_PKEY_CTX_free(ctx);
1124 if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, size) <= 0) {
1126 EVP_PKEY_CTX_free(ctx);
1130 if (EVP_PKEY_keygen(ctx, &k->
_key.
key) <= 0) {
1132 EVP_PKEY_CTX_free(ctx);
1136 EVP_PKEY_CTX_free(ctx);
1138 r = RSA_generate_key((
int)size, RSA_F4, NULL, NULL);
1143 if (RSA_check_key(r) != 1) {
1156 # if OPENSSL_VERSION_NUMBER < 0x00908000L 1157 d = DSA_generate_parameters((
int)size, NULL, 0, NULL, NULL, NULL, NULL);
1164 if (! (d = DSA_new())) {
1168 if (! DSA_generate_parameters_ex(d, (
int)size, NULL, 0, NULL, NULL, NULL)) {
1174 if (DSA_generate_key(d) != 1) {
1203 if (RAND_bytes(hmac, (
int) size) != 1) {
1209 while (offset +
sizeof(i) < size) {
1211 memcpy(&hmac[offset], &i,
sizeof(i));
1212 offset +=
sizeof(i);
1214 if (offset < size) {
1216 memcpy(&hmac[offset], &i, size - offset);
1224 #if defined(HAVE_SSL) && defined(USE_GOST) 1241 ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1243 ec = EC_KEY_new_by_curve_name(NID_secp384r1);
1248 if(!EC_KEY_generate_key(ec)) {
1260 if (!EVP_PKEY_assign_EC_KEY(k->
_key.
key, ec)) {
1272 case LDNS_SIGN_ED25519:
1273 #ifdef HAVE_EVP_PKEY_KEYGEN 1274 ctx = EVP_PKEY_CTX_new_id(NID_ED25519, NULL);
1279 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1281 EVP_PKEY_CTX_free(ctx);
1284 if (EVP_PKEY_keygen(ctx, &k->
_key.
key) <= 0) {
1286 EVP_PKEY_CTX_free(ctx);
1289 EVP_PKEY_CTX_free(ctx);
1294 case LDNS_SIGN_ED448:
1295 #ifdef HAVE_EVP_PKEY_KEYGEN 1296 ctx = EVP_PKEY_CTX_new_id(NID_ED448, NULL);
1301 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1303 EVP_PKEY_CTX_free(ctx);
1306 if (EVP_PKEY_keygen(ctx, &k->
_key.
key) <= 0) {
1308 EVP_PKEY_CTX_free(ctx);
1311 EVP_PKEY_CTX_free(ctx);
1325 fprintf(output,
"%s", str);
1327 fprintf(output,
"Unable to convert private key to string\n");
1356 EVP_PKEY *key = EVP_PKEY_new();
1357 EVP_PKEY_set1_RSA(key, r);
1365 EVP_PKEY *key = EVP_PKEY_new();
1366 EVP_PKEY_set1_DSA(key, d);
1376 EVP_PKEY *key = EVP_PKEY_new();
1377 EVP_PKEY_assign_RSA(key, r);
1385 EVP_PKEY *key = EVP_PKEY_new();
1386 EVP_PKEY_assign_DSA(key, d);
1454 return key->
_keys[nr];
1495 return EVP_PKEY_get1_RSA(k->
_key.
key);
1506 return EVP_PKEY_get1_DSA(k->
_key.
key);
1613 key_list->
_keys = keys;
1614 key_list->
_keys[key_count] = key;
1632 if (key_count == 0) {
1641 key_list->
_keys = a;
1653 ldns_key_rsa2bin(
unsigned char *data, RSA *k, uint16_t *size)
1656 const BIGNUM *n=NULL, *e=NULL;
1661 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) 1665 RSA_get0_key(k, &n, &e, NULL);
1668 if (BN_num_bytes(e) <= 256) {
1672 data[0] = (
unsigned char) BN_num_bytes(e);
1673 i = BN_bn2bin(e, data + 1);
1674 j = BN_bn2bin(n, data + i + 1);
1675 *size = (uint16_t) i + j;
1676 }
else if (BN_num_bytes(e) <= 65536) {
1679 ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(e));
1681 BN_bn2bin(e, data + 3);
1682 BN_bn2bin(n, data + 4 + BN_num_bytes(e));
1683 *size = (uint16_t) BN_num_bytes(n) + 6;
1693 ldns_key_dsa2bin(
unsigned char *data, DSA *k, uint16_t *size)
1696 const BIGNUM *p, *q, *g;
1697 const BIGNUM *pub_key, *priv_key;
1704 # ifdef HAVE_DSA_GET0_PQG 1705 DSA_get0_pqg(k, &p, &q, &g);
1707 p = k->p; q = k->q; g = k->g;
1709 # ifdef HAVE_DSA_GET0_KEY 1710 DSA_get0_key(k, &pub_key, &priv_key);
1712 pub_key = k->pub_key; priv_key = k->priv_key;
1715 *size = (uint16_t)BN_num_bytes(p);
1716 T = (*size - 64) / 8;
1720 fprintf(stderr,
"DSA key with T > 8 (ie. > 1024 bits)");
1721 fprintf(stderr,
" not implemented\n");
1727 memset(data, 0, 21 + *size * 3);
1728 data[0] = (
unsigned char)T;
1729 BN_bn2bin(q, data + 1 );
1730 BN_bn2bin(p, data + 21 );
1731 BN_bn2bin(g, data + 21 + *size * 2 - BN_num_bytes(g));
1732 BN_bn2bin(pub_key,data + 21 + *size * 3 - BN_num_bytes(pub_key));
1733 *size = 21 + *size * 3;
1740 ldns_key_gost2bin(
unsigned char* data, EVP_PKEY* k, uint16_t* size)
1743 unsigned char* pp = NULL;
1744 if(i2d_PUBKEY(k, &pp) != 37 + 64) {
1760 ldns_key_ed255192bin(
unsigned char* data, EVP_PKEY* k, uint16_t* size)
1763 unsigned char* pp = NULL;
1764 if(i2d_PUBKEY(k, &pp) != 12 + 32) {
1780 ldns_key_ed4482bin(
unsigned char* data, EVP_PKEY* k, uint16_t* size)
1783 unsigned char* pp = NULL;
1784 if(i2d_PUBKEY(k, &pp) != 12 + 57) {
1810 unsigned char *bin = NULL;
1821 int internal_data = 0;
1870 if (!ldns_key_rsa2bin(bin, rsa, &size)) {
1893 if (!ldns_key_dsa2bin(bin, dsa, &size)) {
1916 if (!ldns_key_dsa2bin(bin, dsa, &size)) {
1930 #if defined(HAVE_SSL) && defined(USE_GOST) 1937 if (!ldns_key_gost2bin(bin, k->
_key.
key, &size)) {
1956 ec = EVP_PKEY_get1_EC_KEY(k->
_key.
key);
1958 EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
1959 size = (uint16_t)i2o_ECPublicKey(ec, NULL);
1960 if(!i2o_ECPublicKey(ec, &bin)) {
1970 assert(bin[0] == POINT_CONVERSION_UNCOMPRESSED);
1972 memmove(bin, bin+1, size);
1984 case LDNS_SIGN_ED25519:
1992 if (!ldns_key_ed255192bin(bin, k->
_key.
key, &size)) {
2001 case LDNS_SIGN_ED448:
2009 if (!ldns_key_ed4482bin(bin, k->
_key.
key, &size)) {
2037 if (internal_data) {
2054 unsigned char* hmac;
2095 fp = fopen(filename,
"r");
2098 fprintf(stderr,
"Unable to open %s: %s\n", filename, strerror(errno));
2114 fprintf(stderr,
"nothing read from %s", filename);
2137 char *file_base_name;
2148 return file_base_name;
2190 if(strcasecmp(lt->
name, name) == 0)
2196 if(strcasecmp(lt->
name, name) == 0)
2200 a = strtol(name, &endptr, 10);
2201 if (*name && !*endptr)
void ldns_key_set_external_key(ldns_key *k, void *external_key)
Set the key id data.
implementation of buffers to ease operations
DSA * ldns_key_new_frm_fp_dsa_l(FILE *f, int *line_nr __attribute__((unused)))
void ldns_key_set_origttl(ldns_key *k, uint32_t t)
Set the key's original ttl.
DSA * ldns_key_new_frm_fp_dsa(FILE *f)
frm_fp helper function.
ldns_key * ldns_key_list_key(const ldns_key_list *key, size_t nr)
returns a pointer to the key in the list at the given position
void ldns_key_assign_dsa_key(ldns_key *k, DSA *d)
Assign the key's dsa data The dsa data will be freed automatically when the key is freed.
void * ldns_buffer_export(ldns_buffer *buffer)
Makes the buffer fixed and returns a pointer to the data.
ldns_rdf * ldns_key_pubkey_owner(const ldns_key *k)
return the public key's owner
void ldns_rdf_deep_free(ldns_rdf *rd)
frees a rdf structure and frees the data.
ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char *name)
Get signing algorithm by name.
void ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type)
sets the type in the rr.
ldns_key * ldns_key_list_pop_key(ldns_key_list *key_list)
pops the last rr from a keylist
ldns_rdf * ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value)
returns the rdf containing the native uint16_t representation.
void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l)
Set the key's algorithm.
void ldns_key_set_use(ldns_key *k, bool v)
int ldns_buffer_printf(ldns_buffer *buffer, const char *format,...)
prints to the buffer, increasing the capacity if required using buffer_reserve().
void ldns_key_set_flags(ldns_key *k, uint16_t f)
Set the key's flags.
uint32_t ldns_key_origttl(const ldns_key *k)
return the original ttl of the key
#define LDNS_XMALLOC(type, count)
DSA * ldns_key_dsa_key(const ldns_key *k)
returns the (openssl) DSA struct contained in the key
ssize_t ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit, int *line_nr)
size_t ldns_rdf_size(const ldns_rdf *rd)
returns the size of the rdf.
void * external_key
the key structure can also just point to some external key data
void ldns_buffer_free(ldns_buffer *buffer)
frees the buffer.
char * ldns_key_get_file_base_name(const ldns_key *key)
Returns the 'default base name' for key files; IE.
struct ldns_struct_key::@0 _key
Storage pointers for the types of keys supported.
ldns_rdf * ldns_rdf_clone(const ldns_rdf *rd)
clones a rdf structure.
void ldns_key_free(ldns_key *key)
frees a key structure, but not its internal data structures
void ldns_key_set_rsa_key(ldns_key *k, RSA *r)
Set the key's rsa data.
#define LDNS_MAX_PACKETLEN
void ldns_rr_free(ldns_rr *rr)
frees an RR structure
unsigned char * ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
frm_fp helper function.
void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
Set the key's pubkey owner.
#define LDNS_XREALLOC(ptr, type, count)
void ldns_key_list_set_use(ldns_key_list *keys, bool v)
size_t ldns_key_hmac_size(const ldns_key *k)
return the hmac key size
unsigned char * ldns_key_new_frm_fp_hmac_l(FILE *f, int *line_nr __attribute__((unused)), size_t *hmac_size)
ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
Read the key with the given id from the given engine and store it in the given ldns_key structure.
Including this file will include all ldns files, and define some lookup tables.
ldns_rdf * ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value)
returns the rdf containing the native uint8_t repr.
void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
Set the key's hmac size.
signed char _use
Whether to use this key when signing.
General key structure, can contain all types of keys that are used in DNSSEC.
uint8_t * ldns_rdf_data(const ldns_rdf *rd)
returns the data of the rdf.
int ldns_key_algo_supported(int algo)
See if a key algorithm is supported.
ldns_rr * ldns_read_anchor_file(const char *filename)
Instantiates a DNSKEY or DS RR from file.
enum ldns_enum_signing_algorithm ldns_signing_algorithm
void ldns_key_set_expiration(ldns_key *k, uint32_t e)
Set the key's expiration date (seconds after epoch)
struct ldns_struct_key::@1::@3 dnssec
Some values that influence generated signatures.
ldns_rdf * _pubkey_owner
Owner name of the key.
#define LDNS_KEY_ZONE_KEY
union ldns_struct_key::@1 _extra
Depending on the key we can have extra data.
bool ldns_key_use(const ldns_key *k)
return the use flag
Same as rr_list, but now for keys.
int ldns_key_EVP_load_gost_id(void)
Get the PKEY id for GOST, loads GOST into openssl as a side effect.
ldns_status ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
Creates a new private key based on the contents of the file pointed by fp.
uint16_t ldns_calc_keytag(const ldns_rr *key)
calculates a keytag of a key for use in DNSSEC.
RSA * ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
frm_fp helper function.
ldns_status ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname)
Print the ldns_rdf containing a dname to the buffer.
void ldns_key_list_free(ldns_key_list *key_list)
Frees a key list structure.
RSA * ldns_key_rsa_key(const ldns_key *k)
returns the (openssl) RSA struct contained in the key
void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
Set the key's evp key.
bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
pushes a key to a keylist
ssize_t ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr)
returns a token/char from the stream F.
RSA * ldns_key_new_frm_fp_rsa(FILE *f)
frm_fp helper function.
void * ldns_key_external_key(const ldns_key *k)
return the key id key data
void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner)
sets the owner in the rr structure.
uint32_t ldns_key_inception(const ldns_key *k)
return the key's inception date
void ldns_key_print(FILE *output, const ldns_key *k)
print a private key to the file output
ldns_rr_type ldns_rr_get_type(const ldns_rr *rr)
returns the type of the rr.
unsigned char * ldns_key_hmac_key(const ldns_key *k)
return the hmac key data
enum ldns_enum_status ldns_status
EVP_PKEY * ldns_key_evp_key(const ldns_key *k)
returns the (openssl) EVP struct contained in the key
ldns_rdf * ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data)
allocates a new rdf structure and fills it.
#define LDNS_MALLOC(type)
Memory management macros.
void ldns_key_set_inception(ldns_key *k, uint32_t i)
Set the key's inception date (seconds after epoch)
ldns_buffer * ldns_buffer_new(size_t capacity)
creates a new buffer with the specified capacity.
A general purpose lookup table.
ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k)
return the signing alg of the key
uint32_t ldns_key_expiration(const ldns_key *k)
return the key's expiration date
ldns_signing_algorithm _alg
void ldns_key_set_keytag(ldns_key *k, uint16_t tag)
Set the key's key tag.
ldns_status ldns_rr_new_frm_str(ldns_rr **newrr, const char *str, uint32_t default_ttl, const ldns_rdf *origin, ldns_rdf **prev)
creates an rr from a string.
ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
Creates a new priv key based on the contents of the file pointed by fp.
bool ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f)
sets rd_field member, it will be placed in the next available spot.
ldns_status ldns_str2rdf_b64(ldns_rdf **rd, const char *str)
convert the string with the b64 data into wireformat
ldns_rr * ldns_key2rr(const ldns_key *k)
converts a ldns_key to a public key rr If the key data exists at an external point,...
Resource record data field.
size_t ldns_key_list_key_count(const ldns_key_list *key_list)
returns the number of keys in the key list
#define LDNS_DNSSEC_KEYPROTO
ldns_rr * ldns_rr_new(void)
creates a new rr structure.
void ldns_key_assign_rsa_key(ldns_key *k, RSA *r)
Assign the key's rsa data The rsa data will be freed automatically when the key is freed.
void ldns_key_deep_free(ldns_key *key)
frees a key structure and all its internal data structures, except the data set by ldns_key_set_exter...
uint16_t ldns_key_keytag(const ldns_key *k)
return the keytag
void ldns_key_EVP_unload_gost(void)
Release the engine reference held for the GOST engine.
struct ldns_struct_key::@0::@2 hmac
The key can be an HMAC key.
const char * ldns_get_errorstr_by_id(ldns_status err)
look up a descriptive text by each error.
void ldns_key_set_dsa_key(ldns_key *k, DSA *d)
Set the key's dsa data The dsa data should be freed by the user.
uint16_t ldns_key_flags(const ldns_key *k)
return the flag of the key
char * ldns_key2str(const ldns_key *k)
Converts a private key to the test presentation fmt and returns that as a char *.
int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
void ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
Set the keylist's key count to count.
ldns_lookup_table ldns_signing_algorithms[]
ldns_key_list * ldns_key_list_new(void)
Creates a new empty key list.
ldns_key * ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
Creates a new key based on the algorithm.
ldns_key * ldns_key_new(void)
Creates a new empty key structure.
void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
Set the key's hmac data.
enum ldns_enum_algorithm ldns_algorithm