18 #include <openssl/ssl.h>
19 #include <openssl/engine.h>
20 #include <openssl/rand.h>
39 { LDNS_SIGN_ED25519,
"ED25519" },
42 { LDNS_SIGN_ED448,
"ED448" },
65 key_list->
_keys = NULL;
111 k->
_key.
key = ENGINE_load_private_key(e, key_id, UI_OpenSSL(), NULL);
129 ENGINE* ldns_gost_engine = NULL;
134 static int gost_id = 0;
135 const EVP_PKEY_ASN1_METHOD* meth;
138 if(gost_id)
return gost_id;
141 meth = EVP_PKEY_asn1_find_str(NULL,
"gost2001", -1);
143 EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
148 e = ENGINE_by_id(
"gost");
151 ENGINE_load_builtin_engines();
152 ENGINE_load_dynamic();
153 e = ENGINE_by_id(
"gost");
159 if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
165 meth = EVP_PKEY_asn1_find_str(&e,
"gost2001", -1);
174 ldns_gost_engine = e;
176 EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
182 if(ldns_gost_engine) {
183 ENGINE_finish(ldns_gost_engine);
184 ENGINE_free(ldns_gost_engine);
185 ldns_gost_engine = NULL;
191 ldns_key_new_frm_fp_gost_l(FILE* fp,
int* line_nr)
194 const unsigned char* pp;
204 sizeof(token), line_nr) == -1)
206 while(strlen(token) < 96) {
209 sizeof(token)-strlen(token), line_nr) == -1)
215 pkey = d2i_PrivateKey(gost_id, NULL, &pp, (
int)
ldns_rdf_size(b64rdf));
224 ldns_EC_KEY_calc_public(EC_KEY* ec)
227 const EC_GROUP* group;
228 group = EC_KEY_get0_group(ec);
229 pub_key = EC_POINT_new(group);
230 if(!pub_key)
return 0;
231 if(!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
232 EC_POINT_free(pub_key);
235 if(!EC_POINT_mul(group, pub_key, EC_KEY_get0_private_key(ec),
237 EC_POINT_free(pub_key);
240 if(EC_KEY_set_public_key(ec, pub_key) == 0) {
241 EC_POINT_free(pub_key);
244 EC_POINT_free(pub_key);
250 ldns_key_new_frm_fp_ecdsa_l(FILE* fp,
ldns_algorithm alg,
int* line_nr)
259 sizeof(token), line_nr) == -1)
266 ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
268 ec = EC_KEY_new_by_curve_name(NID_secp384r1);
280 EC_KEY_set_private_key(ec, bn);
282 if(!ldns_EC_KEY_calc_public(ec)) {
287 evp_key = EVP_PKEY_new();
292 if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
293 EVP_PKEY_free(evp_key);
304 ldns_ed25519_priv_raw(uint8_t* pkey,
int plen)
306 const unsigned char* pp;
309 uint8_t pre[] = {0x30, 0x32, 0x02, 0x01, 0x01, 0x04, 0x20};
311 uint8_t post[] = {0xa0, 0x0b, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04,
312 0x01, 0xda, 0x47, 0x0f, 0x01};
321 buflen = pre_len + plen + post_len;
322 if((
size_t)buflen >
sizeof(buf))
324 memmove(buf, pre, pre_len);
326 for(i=0; i<plen; i++)
327 buf[pre_len+i] = pkey[plen-1-i];
328 memmove(buf+pre_len+plen, post, post_len);
330 return d2i_ECPrivateKey(NULL, &pp, buflen);
335 ldns_key_new_frm_fp_ed25519_l(FILE* fp,
int* line_nr)
342 sizeof(token), line_nr) == -1)
357 if(EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)) != NID_X25519) {
363 evp_key = EVP_PKEY_new();
368 if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
369 EVP_PKEY_free(evp_key);
380 ldns_ed448_priv_raw(uint8_t* pkey,
int plen)
382 const unsigned char* pp;
385 uint8_t pre[] = {0x30, 0x4b, 0x02, 0x01, 0x01, 0x04, 0x39};
387 uint8_t post[] = {0xa0, 0x0b, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04,
388 0x01, 0xda, 0x47, 0x0f, 0x02};
402 buflen = pre_len + plen + post_len;
403 if((
size_t)buflen >
sizeof(buf))
405 memmove(buf, pre, pre_len);
407 for(i=0; i<plen; i++)
408 buf[pre_len+i] = pkey[plen-1-i];
409 memmove(buf+pre_len+plen, post, post_len);
411 return d2i_ECPrivateKey(NULL, &pp, buflen);
416 ldns_key_new_frm_fp_ed448_l(FILE* fp,
int* line_nr)
423 sizeof(token), line_nr) == -1)
433 if(EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)) != NID_X448) {
439 evp_key = EVP_PKEY_new();
444 if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
445 EVP_PKEY_free(evp_key);
494 if (strncmp(d,
"v1.", 3) != 0) {
510 if (strncmp(d,
"1 RSA", 2) == 0) {
513 if (strncmp(d,
"2 DH", 2) == 0) {
516 if (strncmp(d,
"3 DSA", 2) == 0) {
521 fprintf(stderr,
"Warning: DSA not compiled into this ");
522 fprintf(stderr,
"version of ldns\n");
526 if (strncmp(d,
"4 ECC", 2) == 0) {
529 if (strncmp(d,
"5 RSASHA1", 2) == 0) {
532 if (strncmp(d,
"6 DSA", 2) == 0) {
537 fprintf(stderr,
"Warning: DSA not compiled into this ");
538 fprintf(stderr,
"version of ldns\n");
542 if (strncmp(d,
"7 RSASHA1", 2) == 0) {
546 if (strncmp(d,
"8 RSASHA256", 2) == 0) {
551 fprintf(stderr,
"Warning: SHA256 not compiled into this ");
552 fprintf(stderr,
"version of ldns\n");
556 if (strncmp(d,
"10 RSASHA512", 3) == 0) {
561 fprintf(stderr,
"Warning: SHA512 not compiled into this ");
562 fprintf(stderr,
"version of ldns\n");
566 if (strncmp(d,
"12 ECC-GOST", 3) == 0) {
571 fprintf(stderr,
"Warning: ECC-GOST not compiled into this ");
572 fprintf(stderr,
"version of ldns, use --enable-gost\n");
576 if (strncmp(d,
"13 ECDSAP256SHA256", 3) == 0) {
581 fprintf(stderr,
"Warning: ECDSA not compiled into this ");
582 fprintf(stderr,
"version of ldns, use --enable-ecdsa\n");
586 if (strncmp(d,
"14 ECDSAP384SHA384", 3) == 0) {
591 fprintf(stderr,
"Warning: ECDSA not compiled into this ");
592 fprintf(stderr,
"version of ldns, use --enable-ecdsa\n");
596 if (strncmp(d,
"15 ED25519", 3) == 0) {
598 alg = LDNS_SIGN_ED25519;
601 fprintf(stderr,
"Warning: ED25519 not compiled into this ");
602 fprintf(stderr,
"version of ldns, use --enable-ed25519\n");
606 if (strncmp(d,
"16 ED448", 3) == 0) {
608 alg = LDNS_SIGN_ED448;
611 fprintf(stderr,
"Warning: ED448 not compiled into this ");
612 fprintf(stderr,
"version of ldns, use --enable-ed448\n");
616 if (strncmp(d,
"157 HMAC-MD5", 4) == 0) {
619 if (strncmp(d,
"158 HMAC-SHA1", 4) == 0) {
622 if (strncmp(d,
"159 HMAC-SHA256", 4) == 0) {
626 if (strncmp(d,
"161 ", 4) == 0) {
629 if (strncmp(d,
"162 HMAC-SHA224", 4) == 0) {
633 if (strncmp(d,
"163 ", 4) == 0) {
636 if (strncmp(d,
"164 HMAC-SHA384", 4) == 0) {
639 if (strncmp(d,
"165 HMAC-SHA512", 4) == 0) {
695 #if defined(HAVE_SSL) && defined(USE_GOST)
701 ldns_key_new_frm_fp_gost_l(fp, line_nr));
725 case LDNS_SIGN_ED25519:
728 ldns_key_new_frm_fp_ed25519_l(fp, line_nr));
738 case LDNS_SIGN_ED448:
741 ldns_key_new_frm_fp_ed448_l(fp, line_nr));
805 BIGNUM *n=NULL, *e=NULL, *d=NULL, *p=NULL, *q=NULL,
806 *dmp1=NULL, *dmq1=NULL, *iqmp=NULL;
811 if (!b || !rsa || !buf) {
823 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
825 n = BN_bin2bn((
const char unsigned*)buf, i, NULL);
834 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
835 e = BN_bin2bn((
const char unsigned*)buf, i, NULL);
844 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
845 d = BN_bin2bn((
const char unsigned*)buf, i, NULL);
854 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
855 p = BN_bin2bn((
const char unsigned*)buf, i, NULL);
864 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
865 q = BN_bin2bn((
const char unsigned*)buf, i, NULL);
874 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
875 dmp1 = BN_bin2bn((
const char unsigned*)buf, i, NULL);
884 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
885 dmq1 = BN_bin2bn((
const char unsigned*)buf, i, NULL);
894 i =
ldns_b64_pton((
const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
895 iqmp = BN_bin2bn((
const char unsigned*)buf, i, NULL);
901 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
913 if(!RSA_set0_key(rsa, n, e, d))
918 if(!RSA_set0_factors(rsa, p, q))
922 if(!RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))
958 BIGNUM *p=NULL, *q=NULL, *g=NULL, *priv_key=NULL, *pub_key=NULL;
963 if (!d || !dsa || !buf) {
973 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
975 p = BN_bin2bn((
const char unsigned*)buf, i, NULL);
984 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
985 q = BN_bin2bn((
const char unsigned*)buf, i, NULL);
994 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
995 g = BN_bin2bn((
const char unsigned*)buf, i, NULL);
1004 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
1005 priv_key = BN_bin2bn((
const char unsigned*)buf, i, NULL);
1014 i =
ldns_b64_pton((
const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
1015 pub_key = BN_bin2bn((
const char unsigned*)buf, i, NULL);
1021 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
1026 dsa->priv_key = priv_key;
1027 dsa->pub_key = pub_key;
1030 if(!DSA_set0_pqg(dsa, p, q, g))
1035 if(!DSA_set0_key(dsa, pub_key, priv_key))
1070 unsigned char *buf = NULL;
1075 bufsz = ldns_b64_ntop_calculate_size(strlen(d));
1091 ldns_gen_gost_key(
void)
1098 ctx = EVP_PKEY_CTX_new_id(gost_id, NULL);
1103 if(EVP_PKEY_CTX_ctrl_str(ctx,
"paramset",
"A") <= 0) {
1105 EVP_PKEY_CTX_free(ctx);
1109 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1110 EVP_PKEY_CTX_free(ctx);
1113 if(EVP_PKEY_keygen(ctx, &p) <= 0) {
1115 EVP_PKEY_CTX_free(ctx);
1118 EVP_PKEY_CTX_free(ctx);
1134 # ifdef HAVE_EVP_PKEY_KEYGEN
1141 uint16_t offset = 0;
1143 unsigned char *hmac;
1156 #ifdef HAVE_EVP_PKEY_KEYGEN
1157 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
1162 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1164 EVP_PKEY_CTX_free(ctx);
1167 if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, size) <= 0) {
1169 EVP_PKEY_CTX_free(ctx);
1173 if (EVP_PKEY_keygen(ctx, &k->
_key.
key) <= 0) {
1175 EVP_PKEY_CTX_free(ctx);
1179 EVP_PKEY_CTX_free(ctx);
1181 r = RSA_generate_key((
int)size, RSA_F4, NULL, NULL);
1186 if (RSA_check_key(r) != 1) {
1199 # if OPENSSL_VERSION_NUMBER < 0x00908000L
1200 d = DSA_generate_parameters((
int)size, NULL, 0, NULL, NULL, NULL, NULL);
1207 if (! (d = DSA_new())) {
1211 if (! DSA_generate_parameters_ex(d, (
int)size, NULL, 0, NULL, NULL, NULL)) {
1217 if (DSA_generate_key(d) != 1) {
1246 if (RAND_bytes(hmac, (
int) size) != 1) {
1252 while (offset +
sizeof(i) < size) {
1254 memcpy(&hmac[offset], &i,
sizeof(i));
1255 offset +=
sizeof(i);
1257 if (offset < size) {
1259 memcpy(&hmac[offset], &i, size - offset);
1267 #if defined(HAVE_SSL) && defined(USE_GOST)
1284 ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1286 ec = EC_KEY_new_by_curve_name(NID_secp384r1);
1291 if(!EC_KEY_generate_key(ec)) {
1303 if (!EVP_PKEY_assign_EC_KEY(k->
_key.
key, ec)) {
1315 case LDNS_SIGN_ED25519:
1316 #ifdef HAVE_EVP_PKEY_KEYGEN
1317 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
1322 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1324 EVP_PKEY_CTX_free(ctx);
1327 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx,
1330 EVP_PKEY_CTX_free(ctx);
1333 if (EVP_PKEY_keygen(ctx, &k->
_key.
key) <= 0) {
1335 EVP_PKEY_CTX_free(ctx);
1338 EVP_PKEY_CTX_free(ctx);
1343 case LDNS_SIGN_ED448:
1344 #ifdef HAVE_EVP_PKEY_KEYGEN
1345 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
1350 if(EVP_PKEY_keygen_init(ctx) <= 0) {
1352 EVP_PKEY_CTX_free(ctx);
1355 if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx,
1358 EVP_PKEY_CTX_free(ctx);
1361 if (EVP_PKEY_keygen(ctx, &k->
_key.
key) <= 0) {
1363 EVP_PKEY_CTX_free(ctx);
1366 EVP_PKEY_CTX_free(ctx);
1380 fprintf(output,
"%s", str);
1382 fprintf(output,
"Unable to convert private key to string\n");
1411 EVP_PKEY *key = EVP_PKEY_new();
1412 EVP_PKEY_set1_RSA(key, r);
1420 EVP_PKEY *key = EVP_PKEY_new();
1421 EVP_PKEY_set1_DSA(key, d);
1431 EVP_PKEY *key = EVP_PKEY_new();
1432 EVP_PKEY_assign_RSA(key, r);
1440 EVP_PKEY *key = EVP_PKEY_new();
1441 EVP_PKEY_assign_DSA(key, d);
1509 return key->
_keys[nr];
1550 return EVP_PKEY_get1_RSA(k->
_key.
key);
1561 return EVP_PKEY_get1_DSA(k->
_key.
key);
1668 key_list->
_keys = keys;
1669 key_list->
_keys[key_count] = key;
1687 if (key_count == 0) {
1696 key_list->
_keys = a;
1708 ldns_key_rsa2bin(
unsigned char *data, RSA *k, uint16_t *size)
1711 const BIGNUM *n=NULL, *e=NULL;
1716 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
1720 RSA_get0_key(k, &n, &e, NULL);
1723 if (BN_num_bytes(e) <= 256) {
1727 data[0] = (
unsigned char) BN_num_bytes(e);
1728 i = BN_bn2bin(e, data + 1);
1729 j = BN_bn2bin(n, data + i + 1);
1730 *size = (uint16_t) i + j;
1731 }
else if (BN_num_bytes(e) <= 65536) {
1734 ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(e));
1736 BN_bn2bin(e, data + 3);
1737 BN_bn2bin(n, data + 4 + BN_num_bytes(e));
1738 *size = (uint16_t) BN_num_bytes(n) + 6;
1748 ldns_key_dsa2bin(
unsigned char *data, DSA *k, uint16_t *size)
1751 const BIGNUM *p, *q, *g;
1752 const BIGNUM *pub_key, *priv_key;
1759 # ifdef HAVE_DSA_GET0_PQG
1760 DSA_get0_pqg(k, &p, &q, &g);
1762 p = k->p; q = k->q; g = k->g;
1764 # ifdef HAVE_DSA_GET0_KEY
1765 DSA_get0_key(k, &pub_key, &priv_key);
1767 pub_key = k->pub_key; priv_key = k->priv_key;
1770 *size = (uint16_t)BN_num_bytes(p);
1771 T = (*size - 64) / 8;
1775 fprintf(stderr,
"DSA key with T > 8 (ie. > 1024 bits)");
1776 fprintf(stderr,
" not implemented\n");
1782 memset(data, 0, 21 + *size * 3);
1783 data[0] = (
unsigned char)T;
1784 BN_bn2bin(q, data + 1 );
1785 BN_bn2bin(p, data + 21 );
1786 BN_bn2bin(g, data + 21 + *size * 2 - BN_num_bytes(g));
1787 BN_bn2bin(pub_key,data + 21 + *size * 3 - BN_num_bytes(pub_key));
1788 *size = 21 + *size * 3;
1795 ldns_key_gost2bin(
unsigned char* data, EVP_PKEY* k, uint16_t* size)
1798 unsigned char* pp = NULL;
1799 if(i2d_PUBKEY(k, &pp) != 37 + 64) {
1825 unsigned char *bin = NULL;
1836 int internal_data = 0;
1885 if (!ldns_key_rsa2bin(bin, rsa, &size)) {
1908 if (!ldns_key_dsa2bin(bin, dsa, &size)) {
1931 if (!ldns_key_dsa2bin(bin, dsa, &size)) {
1945 #if defined(HAVE_SSL) && defined(USE_GOST)
1952 if (!ldns_key_gost2bin(bin, k->
_key.
key, &size)) {
1971 ec = EVP_PKEY_get1_EC_KEY(k->
_key.
key);
1973 EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
1974 size = (uint16_t)i2o_ECPublicKey(ec, NULL);
1975 if(!i2o_ECPublicKey(ec, &bin)) {
1985 assert(bin[0] == POINT_CONVERSION_UNCOMPRESSED);
1987 memmove(bin, bin+1, size);
1999 case LDNS_SIGN_ED25519:
2003 ec = EVP_PKEY_get1_EC_KEY(k->
_key.
key);
2004 EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
2005 size = (uint16_t)i2o_ECPublicKey(ec, NULL);
2006 if(!i2o_ECPublicKey(ec, &bin)) {
2018 case LDNS_SIGN_ED448:
2022 ec = EVP_PKEY_get1_EC_KEY(k->
_key.
key);
2023 EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
2024 size = (uint16_t)i2o_ECPublicKey(ec, NULL);
2025 if(!i2o_ECPublicKey(ec, &bin)) {
2056 if (internal_data) {
2073 unsigned char* hmac;
2114 fp = fopen(filename,
"r");
2117 fprintf(stderr,
"Unable to open %s: %s\n", filename, strerror(errno));
2133 fprintf(stderr,
"nothing read from %s", filename);
2156 char *file_base_name;
2167 return file_base_name;
2209 if(strcasecmp(lt->
name, name) == 0)
2215 if(strcasecmp(lt->
name, name) == 0)
2219 a = strtol(name, &endptr, 10);
2220 if (*name && !*endptr)
void ldns_key_set_external_key(ldns_key *k, void *external_key)
Set the key id data.
implementation of buffers to ease operations
DSA * ldns_key_new_frm_fp_dsa_l(FILE *f, int *line_nr __attribute__((unused)))
void ldns_key_set_origttl(ldns_key *k, uint32_t t)
Set the key's original ttl.
DSA * ldns_key_new_frm_fp_dsa(FILE *f)
frm_fp helper function.
ldns_key * ldns_key_list_key(const ldns_key_list *key, size_t nr)
returns a pointer to the key in the list at the given position
void ldns_key_assign_dsa_key(ldns_key *k, DSA *d)
Assign the key's dsa data The dsa data will be freed automatically when the key is freed...
void * ldns_buffer_export(ldns_buffer *buffer)
Makes the buffer fixed and returns a pointer to the data.
ldns_rdf * ldns_key_pubkey_owner(const ldns_key *k)
return the public key's owner
void ldns_rdf_deep_free(ldns_rdf *rd)
frees a rdf structure and frees the data.
ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char *name)
Get signing algorithm by name.
void ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type)
sets the type in the rr.
ldns_key * ldns_key_list_pop_key(ldns_key_list *key_list)
pops the last rr from a keylist
ldns_rdf * ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value)
returns the rdf containing the native uint16_t representation.
void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l)
Set the key's algorithm.
int ldns_buffer_printf(ldns_buffer *buffer, const char *format,...)
prints to the buffer, increasing the capacity if required using buffer_reserve(). ...
void ldns_key_set_flags(ldns_key *k, uint16_t f)
Set the key's flags.
uint32_t ldns_key_origttl(const ldns_key *k)
return the original ttl of the key
void ldns_key_set_use(ldns_key *k, _Bool v)
#define LDNS_XMALLOC(type, count)
DSA * ldns_key_dsa_key(const ldns_key *k)
returns the (openssl) DSA struct contained in the key
ssize_t ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit, int *line_nr)
size_t ldns_rdf_size(const ldns_rdf *rd)
returns the size of the rdf.
void * external_key
the key structure can also just point to some external key data
void ldns_buffer_free(ldns_buffer *buffer)
frees the buffer.
char * ldns_key_get_file_base_name(const ldns_key *key)
Returns the 'default base name' for key files; IE.
struct ldns_struct_key::@0 _key
Storage pointers for the types of keys supported.
ldns_rdf * ldns_rdf_clone(const ldns_rdf *rd)
clones a rdf structure.
void ldns_key_free(ldns_key *key)
frees a key structure, but not its internal data structures
void ldns_key_set_rsa_key(ldns_key *k, RSA *r)
Set the key's rsa data.
#define LDNS_MAX_PACKETLEN
void ldns_rr_free(ldns_rr *rr)
frees an RR structure
unsigned char * ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
frm_fp helper function.
void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
Set the key's pubkey owner.
_Bool ldns_key_use(const ldns_key *k)
return the use flag
#define LDNS_XREALLOC(ptr, type, count)
size_t ldns_key_hmac_size(const ldns_key *k)
return the hmac key size
unsigned char * ldns_key_new_frm_fp_hmac_l(FILE *f, int *line_nr __attribute__((unused)), size_t *hmac_size)
ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
Read the key with the given id from the given engine and store it in the given ldns_key structure...
Including this file will include all ldns files, and define some lookup tables.
ldns_rdf * ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value)
returns the rdf containing the native uint8_t repr.
void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
Set the key's hmac size.
signed char _use
Whether to use this key when signing.
General key structure, can contain all types of keys that are used in DNSSEC.
uint8_t * ldns_rdf_data(const ldns_rdf *rd)
returns the data of the rdf.
int ldns_key_algo_supported(int algo)
See if a key algorithm is supported.
ldns_rr * ldns_read_anchor_file(const char *filename)
Instantiates a DNSKEY or DS RR from file.
_Bool ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f)
sets rd_field member, it will be placed in the next available spot.
enum ldns_enum_signing_algorithm ldns_signing_algorithm
void ldns_key_set_expiration(ldns_key *k, uint32_t e)
Set the key's expiration date (seconds after epoch)
struct ldns_struct_key::@1::@3 dnssec
Some values that influence generated signatures.
ldns_rdf * _pubkey_owner
Owner name of the key.
#define LDNS_KEY_ZONE_KEY
union ldns_struct_key::@1 _extra
Depending on the key we can have extra data.
Same as rr_list, but now for keys.
int ldns_key_EVP_load_gost_id(void)
Get the PKEY id for GOST, loads GOST into openssl as a side effect.
ldns_status ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
Creates a new private key based on the contents of the file pointed by fp.
uint16_t ldns_calc_keytag(const ldns_rr *key)
calculates a keytag of a key for use in DNSSEC.
RSA * ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
frm_fp helper function.
ldns_status ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname)
Print the ldns_rdf containing a dname to the buffer.
void ldns_key_list_free(ldns_key_list *key_list)
Frees a key list structure.
RSA * ldns_key_rsa_key(const ldns_key *k)
returns the (openssl) RSA struct contained in the key
void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
Set the key's evp key.
ssize_t ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr)
returns a token/char from the stream F.
RSA * ldns_key_new_frm_fp_rsa(FILE *f)
frm_fp helper function.
void * ldns_key_external_key(const ldns_key *k)
return the key id key data
void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner)
sets the owner in the rr structure.
uint32_t ldns_key_inception(const ldns_key *k)
return the key's inception date
void ldns_key_print(FILE *output, const ldns_key *k)
print a private key to the file output
ldns_rr_type ldns_rr_get_type(const ldns_rr *rr)
returns the type of the rr.
unsigned char * ldns_key_hmac_key(const ldns_key *k)
return the hmac key data
enum ldns_enum_status ldns_status
EVP_PKEY * ldns_key_evp_key(const ldns_key *k)
returns the (openssl) EVP struct contained in the key
ldns_rdf * ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data)
allocates a new rdf structure and fills it.
#define LDNS_MALLOC(type)
Memory management macros.
void ldns_key_set_inception(ldns_key *k, uint32_t i)
Set the key's inception date (seconds after epoch)
ldns_buffer * ldns_buffer_new(size_t capacity)
creates a new buffer with the specified capacity.
A general purpose lookup table.
ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k)
return the signing alg of the key
void ldns_key_list_set_use(ldns_key_list *keys, _Bool v)
uint32_t ldns_key_expiration(const ldns_key *k)
return the key's expiration date
_Bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
pushes a key to a keylist
ldns_signing_algorithm _alg
void ldns_key_set_keytag(ldns_key *k, uint16_t tag)
Set the key's key tag.
ldns_status ldns_rr_new_frm_str(ldns_rr **newrr, const char *str, uint32_t default_ttl, const ldns_rdf *origin, ldns_rdf **prev)
creates an rr from a string.
ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
Creates a new priv key based on the contents of the file pointed by fp.
ldns_status ldns_str2rdf_b64(ldns_rdf **rd, const char *str)
convert the string with the b64 data into wireformat
ldns_rr * ldns_key2rr(const ldns_key *k)
converts a ldns_key to a public key rr If the key data exists at an external point, the corresponding rdata field must still be added with ldns_rr_rdf_push() to the result rr of this function
Resource record data field.
size_t ldns_key_list_key_count(const ldns_key_list *key_list)
returns the number of keys in the key list
#define LDNS_DNSSEC_KEYPROTO
ldns_rr * ldns_rr_new(void)
creates a new rr structure.
void ldns_key_assign_rsa_key(ldns_key *k, RSA *r)
Assign the key's rsa data The rsa data will be freed automatically when the key is freed...
void ldns_key_deep_free(ldns_key *key)
frees a key structure and all its internal data structures, except the data set by ldns_key_set_exter...
uint16_t ldns_key_keytag(const ldns_key *k)
return the keytag
void ldns_key_EVP_unload_gost(void)
Release the engine reference held for the GOST engine.
struct ldns_struct_key::@0::@2 hmac
The key can be an HMAC key.
const char * ldns_get_errorstr_by_id(ldns_status err)
look up a descriptive text by each error.
void ldns_key_set_dsa_key(ldns_key *k, DSA *d)
Set the key's dsa data The dsa data should be freed by the user.
uint16_t ldns_key_flags(const ldns_key *k)
return the flag of the key
char * ldns_key2str(const ldns_key *k)
Converts a private key to the test presentation fmt and returns that as a char *. ...
int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
void ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
Set the keylist's key count to count.
ldns_lookup_table ldns_signing_algorithms[]
ldns_key_list * ldns_key_list_new(void)
Creates a new empty key list.
ldns_key * ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
Creates a new key based on the algorithm.
ldns_key * ldns_key_new(void)
Creates a new empty key structure.
void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
Set the key's hmac data.
enum ldns_enum_algorithm ldns_algorithm