ldns  1.7.0
keys.c
Go to the documentation of this file.
1 /*
2  * keys.c handle private keys for use in DNSSEC
3  *
4  * This module should hide some of the openSSL complexities
5  * and give a general interface for private keys and hmac
6  * handling
7  *
8  * (c) NLnet Labs, 2004-2006
9  *
10  * See the file LICENSE for the license
11  */
12 
13 #include <ldns/config.h>
14 
15 #include <ldns/ldns.h>
16 
17 #ifdef HAVE_SSL
18 #include <openssl/ssl.h>
19 #include <openssl/engine.h>
20 #include <openssl/rand.h>
21 #endif /* HAVE_SSL */
22 
23 ldns_lookup_table ldns_signing_algorithms[] = {
24  { LDNS_SIGN_RSAMD5, "RSAMD5" },
25  { LDNS_SIGN_RSASHA1, "RSASHA1" },
26  { LDNS_SIGN_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" },
27 #ifdef USE_SHA2
28  { LDNS_SIGN_RSASHA256, "RSASHA256" },
29  { LDNS_SIGN_RSASHA512, "RSASHA512" },
30 #endif
31 #ifdef USE_GOST
32  { LDNS_SIGN_ECC_GOST, "ECC-GOST" },
33 #endif
34 #ifdef USE_ECDSA
35  { LDNS_SIGN_ECDSAP256SHA256, "ECDSAP256SHA256" },
36  { LDNS_SIGN_ECDSAP384SHA384, "ECDSAP384SHA384" },
37 #endif
38 #ifdef USE_ED25519
39  { LDNS_SIGN_ED25519, "ED25519" },
40 #endif
41 #ifdef USE_ED448
42  { LDNS_SIGN_ED448, "ED448" },
43 #endif
44 #ifdef USE_DSA
45  { LDNS_SIGN_DSA, "DSA" },
46  { LDNS_SIGN_DSA_NSEC3, "DSA-NSEC3-SHA1" },
47 #endif
48  { LDNS_SIGN_HMACMD5, "hmac-md5.sig-alg.reg.int" },
49  { LDNS_SIGN_HMACSHA1, "hmac-sha1" },
50  { LDNS_SIGN_HMACSHA256, "hmac-sha256" },
51  { LDNS_SIGN_HMACSHA224, "hmac-sha224" },
52  { LDNS_SIGN_HMACSHA384, "hmac-sha384" },
53  { LDNS_SIGN_HMACSHA512, "hmac-sha512" },
54  { 0, NULL }
55 };
56 
57 ldns_key_list *
58 ldns_key_list_new(void)
59 {
60  ldns_key_list *key_list = LDNS_MALLOC(ldns_key_list);
61  if (!key_list) {
62  return NULL;
63  } else {
64  key_list->_key_count = 0;
65  key_list->_keys = NULL;
66  return key_list;
67  }
68 }
69 
70 ldns_key *
71 ldns_key_new(void)
72 {
73  ldns_key *newkey;
74 
75  newkey = LDNS_MALLOC(ldns_key);
76  if (!newkey) {
77  return NULL;
78  } else {
79  /* some defaults - not sure wether to do this */
80  ldns_key_set_use(newkey, true);
81  ldns_key_set_flags(newkey, LDNS_KEY_ZONE_KEY);
82  ldns_key_set_origttl(newkey, 0);
83  ldns_key_set_keytag(newkey, 0);
84  ldns_key_set_inception(newkey, 0);
85  ldns_key_set_expiration(newkey, 0);
86  ldns_key_set_pubkey_owner(newkey, NULL);
87 #ifdef HAVE_SSL
88  ldns_key_set_evp_key(newkey, NULL);
89 #endif /* HAVE_SSL */
90  ldns_key_set_hmac_key(newkey, NULL);
91  ldns_key_set_external_key(newkey, NULL);
92  return newkey;
93  }
94 }
95 
96 ldns_status
97 ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
98 {
99  return ldns_key_new_frm_fp_l(k, fp, NULL);
100 }
101 
102 #ifdef HAVE_SSL
103 ldns_status
104 ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
105 {
106  ldns_key *k;
107 
108  k = ldns_key_new();
109  if(!k) return LDNS_STATUS_MEM_ERR;
110 #ifndef S_SPLINT_S
111  k->_key.key = ENGINE_load_private_key(e, key_id, UI_OpenSSL(), NULL);
112  if(!k->_key.key) {
113  ldns_key_free(k);
114  return LDNS_STATUS_ERR;
115  }
116  ldns_key_set_algorithm(k, (ldns_signing_algorithm) alg);
117  if (!k->_key.key) {
118  ldns_key_free(k);
119  return LDNS_STATUS_ENGINE_KEY_NOT_LOADED;
120  }
121 #endif /* splint */
122  *key = k;
123  return LDNS_STATUS_OK;
124 }
125 #endif
126 
127 #ifdef USE_GOST
128 
129 ENGINE* ldns_gost_engine = NULL;
130 
131 int
132 ldns_key_EVP_load_gost_id(void)
133 {
134  static int gost_id = 0;
135  const EVP_PKEY_ASN1_METHOD* meth;
136  ENGINE* e;
137 
138  if(gost_id) return gost_id;
139 
140  /* see if configuration loaded gost implementation from other engine*/
141  meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1);
142  if(meth) {
143  EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
144  return gost_id;
145  }
146 
147  /* see if engine can be loaded already */
148  e = ENGINE_by_id("gost");
149  if(!e) {
150  /* load it ourself, in case statically linked */
151  ENGINE_load_builtin_engines();
152  ENGINE_load_dynamic();
153  e = ENGINE_by_id("gost");
154  }
155  if(!e) {
156  /* no gost engine in openssl */
157  return 0;
158  }
159  if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) {
160  ENGINE_finish(e);
161  ENGINE_free(e);
162  return 0;
163  }
164 
165  meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1);
166  if(!meth) {
167  /* algo not found */
168  ENGINE_finish(e);
169  ENGINE_free(e);
170  return 0;
171  }
172  /* Note: do not ENGINE_finish and ENGINE_free the acquired engine
173  * on some platforms this frees up the meth and unloads gost stuff */
174  ldns_gost_engine = e;
175 
176  EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth);
177  return gost_id;
178 }
179 
180 void ldns_key_EVP_unload_gost(void)
181 {
182  if(ldns_gost_engine) {
183  ENGINE_finish(ldns_gost_engine);
184  ENGINE_free(ldns_gost_engine);
185  ldns_gost_engine = NULL;
186  }
187 }
188 
190 static EVP_PKEY*
191 ldns_key_new_frm_fp_gost_l(FILE* fp, int* line_nr)
192 {
193  char token[16384];
194  const unsigned char* pp;
195  int gost_id;
196  EVP_PKEY* pkey;
197  ldns_rdf* b64rdf = NULL;
198 
199  gost_id = ldns_key_EVP_load_gost_id();
200  if(!gost_id)
201  return NULL;
202 
203  if (ldns_fget_keyword_data_l(fp, "GostAsn1", ": ", token, "\n",
204  sizeof(token), line_nr) == -1)
205  return NULL;
206  while(strlen(token) < 96) {
207  /* read more b64 from the file, b64 split on multiple lines */
208  if(ldns_fget_token_l(fp, token+strlen(token), "\n",
209  sizeof(token)-strlen(token), line_nr) == -1)
210  return NULL;
211  }
212  if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
213  return NULL;
214  pp = (unsigned char*)ldns_rdf_data(b64rdf);
215  pkey = d2i_PrivateKey(gost_id, NULL, &pp, (int)ldns_rdf_size(b64rdf));
216  ldns_rdf_deep_free(b64rdf);
217  return pkey;
218 }
219 #endif
220 
221 #ifdef USE_ECDSA
222 
223 static int
224 ldns_EC_KEY_calc_public(EC_KEY* ec)
225 {
226  EC_POINT* pub_key;
227  const EC_GROUP* group;
228  group = EC_KEY_get0_group(ec);
229  pub_key = EC_POINT_new(group);
230  if(!pub_key) return 0;
231  if(!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) {
232  EC_POINT_free(pub_key);
233  return 0;
234  }
235  if(!EC_POINT_mul(group, pub_key, EC_KEY_get0_private_key(ec),
236  NULL, NULL, NULL)) {
237  EC_POINT_free(pub_key);
238  return 0;
239  }
240  if(EC_KEY_set_public_key(ec, pub_key) == 0) {
241  EC_POINT_free(pub_key);
242  return 0;
243  }
244  EC_POINT_free(pub_key);
245  return 1;
246 }
247 
249 static EVP_PKEY*
250 ldns_key_new_frm_fp_ecdsa_l(FILE* fp, ldns_algorithm alg, int* line_nr)
251 {
252  char token[16384];
253  ldns_rdf* b64rdf = NULL;
254  unsigned char* pp;
255  BIGNUM* bn;
256  EVP_PKEY* evp_key;
257  EC_KEY* ec;
258  if (ldns_fget_keyword_data_l(fp, "PrivateKey", ": ", token, "\n",
259  sizeof(token), line_nr) == -1)
260  return NULL;
261  if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
262  return NULL;
263  pp = (unsigned char*)ldns_rdf_data(b64rdf);
264 
265  if(alg == LDNS_ECDSAP256SHA256)
266  ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
267  else if(alg == LDNS_ECDSAP384SHA384)
268  ec = EC_KEY_new_by_curve_name(NID_secp384r1);
269  else ec = NULL;
270  if(!ec) {
271  ldns_rdf_deep_free(b64rdf);
272  return NULL;
273  }
274  bn = BN_bin2bn(pp, (int)ldns_rdf_size(b64rdf), NULL);
275  ldns_rdf_deep_free(b64rdf);
276  if(!bn) {
277  EC_KEY_free(ec);
278  return NULL;
279  }
280  EC_KEY_set_private_key(ec, bn);
281  BN_free(bn);
282  if(!ldns_EC_KEY_calc_public(ec)) {
283  EC_KEY_free(ec);
284  return NULL;
285  }
286 
287  evp_key = EVP_PKEY_new();
288  if(!evp_key) {
289  EC_KEY_free(ec);
290  return NULL;
291  }
292  if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
293  EVP_PKEY_free(evp_key);
294  EC_KEY_free(ec);
295  return NULL;
296  }
297  return evp_key;
298 }
299 #endif
300 
301 #ifdef USE_ED25519
302 
303 static EC_KEY*
304 ldns_ed25519_priv_raw(uint8_t* pkey, int plen)
305 {
306  const unsigned char* pp;
307  uint8_t buf[256];
308  int buflen = 0;
309  uint8_t pre[] = {0x30, 0x32, 0x02, 0x01, 0x01, 0x04, 0x20};
310  int pre_len = 7;
311  uint8_t post[] = {0xa0, 0x0b, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04,
312  0x01, 0xda, 0x47, 0x0f, 0x01};
313  int post_len = 13;
314  int i;
315  /* ASN looks like this for ED25519
316  * 30320201010420 <32byteskey>
317  * andparameters a00b06092b06010401da470f01
318  * (noparameters, preamble is 30250201010420).
319  * the key is reversed (little endian).
320  */
321  buflen = pre_len + plen + post_len;
322  if((size_t)buflen > sizeof(buf))
323  return NULL;
324  memmove(buf, pre, pre_len);
325  /* reverse the pkey into the buf */
326  for(i=0; i<plen; i++)
327  buf[pre_len+i] = pkey[plen-1-i];
328  memmove(buf+pre_len+plen, post, post_len);
329  pp = buf;
330  return d2i_ECPrivateKey(NULL, &pp, buflen);
331 }
332 
334 static EVP_PKEY*
335 ldns_key_new_frm_fp_ed25519_l(FILE* fp, int* line_nr)
336 {
337  char token[16384];
338  ldns_rdf* b64rdf = NULL;
339  EVP_PKEY* evp_key;
340  EC_KEY* ec;
341  if (ldns_fget_keyword_data_l(fp, "PrivateKey", ": ", token, "\n",
342  sizeof(token), line_nr) == -1)
343  return NULL;
344  if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
345  return NULL;
346 
347  /* we use d2i_ECPrivateKey because it calculates the public key
348  * from the private part, which others, EC_KEY_set_private_key,
349  * and o2i methods, do not do */
350  /* for that the private key has to be encoded in ASN1 notation
351  * with a X25519 prefix on it */
352 
353  ec = ldns_ed25519_priv_raw(ldns_rdf_data(b64rdf),
354  (int)ldns_rdf_size(b64rdf));
355  ldns_rdf_deep_free(b64rdf);
356  if(!ec) return NULL;
357  if(EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)) != NID_X25519) {
358  /* wrong group, bad asn conversion */
359  EC_KEY_free(ec);
360  return NULL;
361  }
362 
363  evp_key = EVP_PKEY_new();
364  if(!evp_key) {
365  EC_KEY_free(ec);
366  return NULL;
367  }
368  if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
369  EVP_PKEY_free(evp_key);
370  EC_KEY_free(ec);
371  return NULL;
372  }
373  return evp_key;
374 }
375 #endif
376 
377 #ifdef USE_ED448
378 
379 static EC_KEY*
380 ldns_ed448_priv_raw(uint8_t* pkey, int plen)
381 {
382  const unsigned char* pp;
383  uint8_t buf[256];
384  int buflen = 0;
385  uint8_t pre[] = {0x30, 0x4b, 0x02, 0x01, 0x01, 0x04, 0x39};
386  int pre_len = 7;
387  uint8_t post[] = {0xa0, 0x0b, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x04,
388  0x01, 0xda, 0x47, 0x0f, 0x02};
389  int post_len = 13;
390  int i;
391  /* ASN looks like this for ED25519
392  * And for ED448, the parameters are ...02 instead of ...01
393  * For ED25519 it was:
394  * 30320201010420 <32byteskey>
395  * andparameters a00b06092b06010401da470f01
396  * (noparameters, preamble is 30250201010420).
397  * the key is reversed (little endian).
398  *
399  * For ED448 the key is 57 bytes, and that changes lengths.
400  * 304b0201010439 <57bytekey> a00b06092b06010401da470f02
401  */
402  buflen = pre_len + plen + post_len;
403  if((size_t)buflen > sizeof(buf))
404  return NULL;
405  memmove(buf, pre, pre_len);
406  /* reverse the pkey into the buf */
407  for(i=0; i<plen; i++)
408  buf[pre_len+i] = pkey[plen-1-i];
409  memmove(buf+pre_len+plen, post, post_len);
410  pp = buf;
411  return d2i_ECPrivateKey(NULL, &pp, buflen);
412 }
413 
415 static EVP_PKEY*
416 ldns_key_new_frm_fp_ed448_l(FILE* fp, int* line_nr)
417 {
418  char token[16384];
419  ldns_rdf* b64rdf = NULL;
420  EVP_PKEY* evp_key;
421  EC_KEY* ec;
422  if (ldns_fget_keyword_data_l(fp, "PrivateKey", ": ", token, "\n",
423  sizeof(token), line_nr) == -1)
424  return NULL;
425  if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK)
426  return NULL;
427 
428  /* convert private key into ASN notation and then convert that */
429  ec = ldns_ed448_priv_raw(ldns_rdf_data(b64rdf),
430  (int)ldns_rdf_size(b64rdf));
431  ldns_rdf_deep_free(b64rdf);
432  if(!ec) return NULL;
433  if(EC_GROUP_get_curve_name(EC_KEY_get0_group(ec)) != NID_X448) {
434  /* wrong group, bad asn conversion */
435  EC_KEY_free(ec);
436  return NULL;
437  }
438 
439  evp_key = EVP_PKEY_new();
440  if(!evp_key) {
441  EC_KEY_free(ec);
442  return NULL;
443  }
444  if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) {
445  EVP_PKEY_free(evp_key);
446  EC_KEY_free(ec);
447  return NULL;
448  }
449  return evp_key;
450 }
451 #endif
452 
453 ldns_status
454 ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
455 {
456  ldns_key *k;
457  char *d;
458  ldns_signing_algorithm alg;
459  ldns_rr *key_rr;
460 #ifdef HAVE_SSL
461  RSA *rsa;
462 #ifdef USE_DSA
463  DSA *dsa;
464 #endif
465  unsigned char *hmac;
466  size_t hmac_size;
467 #endif /* HAVE_SSL */
468 
469  k = ldns_key_new();
470 
471  d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
472  if (!k || !d) {
473  ldns_key_free(k);
474  LDNS_FREE(d);
475  return LDNS_STATUS_MEM_ERR;
476  }
477 
478  alg = 0;
479 
480  /* the file is highly structured. Do this in sequence */
481  /* RSA:
482  * Private-key-format: v1.x.
483  * Algorithm: 1 (RSA)
484 
485  */
486  /* get the key format version number */
487  if (ldns_fget_keyword_data_l(fp, "Private-key-format", ": ", d, "\n",
488  LDNS_MAX_LINELEN, line_nr) == -1) {
489  /* no version information */
490  ldns_key_free(k);
491  LDNS_FREE(d);
492  return LDNS_STATUS_SYNTAX_ERR;
493  }
494  if (strncmp(d, "v1.", 3) != 0) {
495  ldns_key_free(k);
496  LDNS_FREE(d);
497  return LDNS_STATUS_SYNTAX_VERSION_ERR;
498  }
499 
500  /* get the algorithm type, our file function strip ( ) so there are
501  * not in the return string! */
502  if (ldns_fget_keyword_data_l(fp, "Algorithm", ": ", d, "\n",
503  LDNS_MAX_LINELEN, line_nr) == -1) {
504  /* no alg information */
505  ldns_key_free(k);
506  LDNS_FREE(d);
507  return LDNS_STATUS_SYNTAX_ALG_ERR;
508  }
509 
510  if (strncmp(d, "1 RSA", 2) == 0) {
511  alg = LDNS_SIGN_RSAMD5;
512  }
513  if (strncmp(d, "2 DH", 2) == 0) {
514  alg = (ldns_signing_algorithm)LDNS_DH;
515  }
516  if (strncmp(d, "3 DSA", 2) == 0) {
517 #ifdef USE_DSA
518  alg = LDNS_SIGN_DSA;
519 #else
520 # ifdef STDERR_MSGS
521  fprintf(stderr, "Warning: DSA not compiled into this ");
522  fprintf(stderr, "version of ldns\n");
523 # endif
524 #endif
525  }
526  if (strncmp(d, "4 ECC", 2) == 0) {
527  alg = (ldns_signing_algorithm)LDNS_ECC;
528  }
529  if (strncmp(d, "5 RSASHA1", 2) == 0) {
530  alg = LDNS_SIGN_RSASHA1;
531  }
532  if (strncmp(d, "6 DSA", 2) == 0) {
533 #ifdef USE_DSA
534  alg = LDNS_SIGN_DSA_NSEC3;
535 #else
536 # ifdef STDERR_MSGS
537  fprintf(stderr, "Warning: DSA not compiled into this ");
538  fprintf(stderr, "version of ldns\n");
539 # endif
540 #endif
541  }
542  if (strncmp(d, "7 RSASHA1", 2) == 0) {
543  alg = LDNS_SIGN_RSASHA1_NSEC3;
544  }
545 
546  if (strncmp(d, "8 RSASHA256", 2) == 0) {
547 #ifdef USE_SHA2
548  alg = LDNS_SIGN_RSASHA256;
549 #else
550 # ifdef STDERR_MSGS
551  fprintf(stderr, "Warning: SHA256 not compiled into this ");
552  fprintf(stderr, "version of ldns\n");
553 # endif
554 #endif
555  }
556  if (strncmp(d, "10 RSASHA512", 3) == 0) {
557 #ifdef USE_SHA2
558  alg = LDNS_SIGN_RSASHA512;
559 #else
560 # ifdef STDERR_MSGS
561  fprintf(stderr, "Warning: SHA512 not compiled into this ");
562  fprintf(stderr, "version of ldns\n");
563 # endif
564 #endif
565  }
566  if (strncmp(d, "12 ECC-GOST", 3) == 0) {
567 #ifdef USE_GOST
568  alg = LDNS_SIGN_ECC_GOST;
569 #else
570 # ifdef STDERR_MSGS
571  fprintf(stderr, "Warning: ECC-GOST not compiled into this ");
572  fprintf(stderr, "version of ldns, use --enable-gost\n");
573 # endif
574 #endif
575  }
576  if (strncmp(d, "13 ECDSAP256SHA256", 3) == 0) {
577 #ifdef USE_ECDSA
578  alg = LDNS_SIGN_ECDSAP256SHA256;
579 #else
580 # ifdef STDERR_MSGS
581  fprintf(stderr, "Warning: ECDSA not compiled into this ");
582  fprintf(stderr, "version of ldns, use --enable-ecdsa\n");
583 # endif
584 #endif
585  }
586  if (strncmp(d, "14 ECDSAP384SHA384", 3) == 0) {
587 #ifdef USE_ECDSA
588  alg = LDNS_SIGN_ECDSAP384SHA384;
589 #else
590 # ifdef STDERR_MSGS
591  fprintf(stderr, "Warning: ECDSA not compiled into this ");
592  fprintf(stderr, "version of ldns, use --enable-ecdsa\n");
593 # endif
594 #endif
595  }
596  if (strncmp(d, "15 ED25519", 3) == 0) {
597 #ifdef USE_ED25519
598  alg = LDNS_SIGN_ED25519;
599 #else
600 # ifdef STDERR_MSGS
601  fprintf(stderr, "Warning: ED25519 not compiled into this ");
602  fprintf(stderr, "version of ldns, use --enable-ed25519\n");
603 # endif
604 #endif
605  }
606  if (strncmp(d, "16 ED448", 3) == 0) {
607 #ifdef USE_ED448
608  alg = LDNS_SIGN_ED448;
609 #else
610 # ifdef STDERR_MSGS
611  fprintf(stderr, "Warning: ED448 not compiled into this ");
612  fprintf(stderr, "version of ldns, use --enable-ed448\n");
613 # endif
614 #endif
615  }
616  if (strncmp(d, "157 HMAC-MD5", 4) == 0) {
617  alg = LDNS_SIGN_HMACMD5;
618  }
619  if (strncmp(d, "158 HMAC-SHA1", 4) == 0) {
620  alg = LDNS_SIGN_HMACSHA1;
621  }
622  if (strncmp(d, "159 HMAC-SHA256", 4) == 0) {
623  alg = LDNS_SIGN_HMACSHA256;
624  }
625  /* For compatibility with dnssec-keygen */
626  if (strncmp(d, "161 ", 4) == 0) {
627  alg = LDNS_SIGN_HMACSHA1;
628  }
629  if (strncmp(d, "162 HMAC-SHA224", 4) == 0) {
630  alg = LDNS_SIGN_HMACSHA224;
631  }
632  /* For compatibility with dnssec-keygen */
633  if (strncmp(d, "163 ", 4) == 0) {
634  alg = LDNS_SIGN_HMACSHA256;
635  }
636  if (strncmp(d, "164 HMAC-SHA384", 4) == 0) {
637  alg = LDNS_SIGN_HMACSHA384;
638  }
639  if (strncmp(d, "165 HMAC-SHA512", 4) == 0) {
640  alg = LDNS_SIGN_HMACSHA512;
641  }
642  LDNS_FREE(d);
643 
644  switch(alg) {
645  case LDNS_SIGN_RSAMD5:
646  case LDNS_SIGN_RSASHA1:
647  case LDNS_SIGN_RSASHA1_NSEC3:
648 #ifdef USE_SHA2
649  case LDNS_SIGN_RSASHA256:
650  case LDNS_SIGN_RSASHA512:
651 #endif
652  ldns_key_set_algorithm(k, alg);
653 #ifdef HAVE_SSL
654  rsa = ldns_key_new_frm_fp_rsa_l(fp, line_nr);
655  if (!rsa) {
656  ldns_key_free(k);
657  return LDNS_STATUS_ERR;
658  }
659  ldns_key_assign_rsa_key(k, rsa);
660 #endif /* HAVE_SSL */
661  break;
662 #ifdef USE_DSA
663  case LDNS_SIGN_DSA:
664  case LDNS_SIGN_DSA_NSEC3:
665  ldns_key_set_algorithm(k, alg);
666 #ifdef HAVE_SSL
667  dsa = ldns_key_new_frm_fp_dsa_l(fp, line_nr);
668  if (!dsa) {
669  ldns_key_free(k);
670  return LDNS_STATUS_ERR;
671  }
672  ldns_key_assign_dsa_key(k, dsa);
673 #endif /* HAVE_SSL */
674  break;
675 #endif /* USE_DSA */
676  case LDNS_SIGN_HMACMD5:
677  case LDNS_SIGN_HMACSHA1:
678  case LDNS_SIGN_HMACSHA224:
679  case LDNS_SIGN_HMACSHA256:
680  case LDNS_SIGN_HMACSHA384:
681  case LDNS_SIGN_HMACSHA512:
682  ldns_key_set_algorithm(k, alg);
683 #ifdef HAVE_SSL
684  hmac = ldns_key_new_frm_fp_hmac_l(fp, line_nr, &hmac_size);
685  if (!hmac) {
686  ldns_key_free(k);
687  return LDNS_STATUS_ERR;
688  }
689  ldns_key_set_hmac_size(k, hmac_size);
690  ldns_key_set_hmac_key(k, hmac);
691 #endif /* HAVE_SSL */
692  break;
693  case LDNS_SIGN_ECC_GOST:
694  ldns_key_set_algorithm(k, alg);
695 #if defined(HAVE_SSL) && defined(USE_GOST)
696  if(!ldns_key_EVP_load_gost_id()) {
697  ldns_key_free(k);
698  return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL;
699  }
700  ldns_key_set_evp_key(k,
701  ldns_key_new_frm_fp_gost_l(fp, line_nr));
702 #ifndef S_SPLINT_S
703  if(!k->_key.key) {
704  ldns_key_free(k);
705  return LDNS_STATUS_ERR;
706  }
707 #endif /* splint */
708 #endif
709  break;
710 #ifdef USE_ECDSA
711  case LDNS_SIGN_ECDSAP256SHA256:
712  case LDNS_SIGN_ECDSAP384SHA384:
713  ldns_key_set_algorithm(k, alg);
714  ldns_key_set_evp_key(k,
715  ldns_key_new_frm_fp_ecdsa_l(fp, (ldns_algorithm)alg, line_nr));
716 #ifndef S_SPLINT_S
717  if(!k->_key.key) {
718  ldns_key_free(k);
719  return LDNS_STATUS_ERR;
720  }
721 #endif /* splint */
722  break;
723 #endif
724 #ifdef USE_ED25519
725  case LDNS_SIGN_ED25519:
726  ldns_key_set_algorithm(k, alg);
727  ldns_key_set_evp_key(k,
728  ldns_key_new_frm_fp_ed25519_l(fp, line_nr));
729 #ifndef S_SPLINT_S
730  if(!k->_key.key) {
731  ldns_key_free(k);
732  return LDNS_STATUS_ERR;
733  }
734 #endif /* splint */
735  break;
736 #endif
737 #ifdef USE_ED448
738  case LDNS_SIGN_ED448:
739  ldns_key_set_algorithm(k, alg);
740  ldns_key_set_evp_key(k,
741  ldns_key_new_frm_fp_ed448_l(fp, line_nr));
742 #ifndef S_SPLINT_S
743  if(!k->_key.key) {
744  ldns_key_free(k);
745  return LDNS_STATUS_ERR;
746  }
747 #endif /* splint */
748  break;
749 #endif
750  default:
751  ldns_key_free(k);
752  return LDNS_STATUS_SYNTAX_ALG_ERR;
753  }
754  key_rr = ldns_key2rr(k);
755  ldns_key_set_keytag(k, ldns_calc_keytag(key_rr));
756  ldns_rr_free(key_rr);
757 
758  if (key) {
759  *key = k;
760  return LDNS_STATUS_OK;
761  }
762  ldns_key_free(k);
763  return LDNS_STATUS_ERR;
764 }
765 
766 #ifdef HAVE_SSL
767 RSA *
768 ldns_key_new_frm_fp_rsa(FILE *f)
769 {
770  return ldns_key_new_frm_fp_rsa_l(f, NULL);
771 }
772 
773 RSA *
774 ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
775 {
776  /* we parse
777  * Modulus:
778  * PublicExponent:
779  * PrivateExponent:
780  * Prime1:
781  * Prime2:
782  * Exponent1:
783  * Exponent2:
784  * Coefficient:
785  *
786  * man 3 RSA:
787  *
788  * struct
789  * {
790  * BIGNUM *n; // public modulus
791  * BIGNUM *e; // public exponent
792  * BIGNUM *d; // private exponent
793  * BIGNUM *p; // secret prime factor
794  * BIGNUM *q; // secret prime factor
795  * BIGNUM *dmp1; // d mod (p-1)
796  * BIGNUM *dmq1; // d mod (q-1)
797  * BIGNUM *iqmp; // q^-1 mod p
798  * // ...
799  *
800  */
801  char *b;
802  RSA *rsa;
803  uint8_t *buf;
804  int i;
805  BIGNUM *n=NULL, *e=NULL, *d=NULL, *p=NULL, *q=NULL,
806  *dmp1=NULL, *dmq1=NULL, *iqmp=NULL;
807 
808  b = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
809  buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
810  rsa = RSA_new();
811  if (!b || !rsa || !buf) {
812  goto error;
813  }
814 
815  /* I could use functions again, but that seems an overkill,
816  * allthough this also looks tedious
817  */
818 
819  /* Modules, rsa->n */
820  if (ldns_fget_keyword_data_l(f, "Modulus", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
821  goto error;
822  }
823  i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
824 #ifndef S_SPLINT_S
825  n = BN_bin2bn((const char unsigned*)buf, i, NULL);
826  if (!n) {
827  goto error;
828  }
829 
830  /* PublicExponent, rsa->e */
831  if (ldns_fget_keyword_data_l(f, "PublicExponent", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
832  goto error;
833  }
834  i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
835  e = BN_bin2bn((const char unsigned*)buf, i, NULL);
836  if (!e) {
837  goto error;
838  }
839 
840  /* PrivateExponent, rsa->d */
841  if (ldns_fget_keyword_data_l(f, "PrivateExponent", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
842  goto error;
843  }
844  i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
845  d = BN_bin2bn((const char unsigned*)buf, i, NULL);
846  if (!d) {
847  goto error;
848  }
849 
850  /* Prime1, rsa->p */
851  if (ldns_fget_keyword_data_l(f, "Prime1", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
852  goto error;
853  }
854  i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
855  p = BN_bin2bn((const char unsigned*)buf, i, NULL);
856  if (!p) {
857  goto error;
858  }
859 
860  /* Prime2, rsa->q */
861  if (ldns_fget_keyword_data_l(f, "Prime2", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
862  goto error;
863  }
864  i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
865  q = BN_bin2bn((const char unsigned*)buf, i, NULL);
866  if (!q) {
867  goto error;
868  }
869 
870  /* Exponent1, rsa->dmp1 */
871  if (ldns_fget_keyword_data_l(f, "Exponent1", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
872  goto error;
873  }
874  i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
875  dmp1 = BN_bin2bn((const char unsigned*)buf, i, NULL);
876  if (!dmp1) {
877  goto error;
878  }
879 
880  /* Exponent2, rsa->dmq1 */
881  if (ldns_fget_keyword_data_l(f, "Exponent2", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
882  goto error;
883  }
884  i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
885  dmq1 = BN_bin2bn((const char unsigned*)buf, i, NULL);
886  if (!dmq1) {
887  goto error;
888  }
889 
890  /* Coefficient, rsa->iqmp */
891  if (ldns_fget_keyword_data_l(f, "Coefficient", ": ", b, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
892  goto error;
893  }
894  i = ldns_b64_pton((const char*)b, buf, ldns_b64_ntop_calculate_size(strlen(b)));
895  iqmp = BN_bin2bn((const char unsigned*)buf, i, NULL);
896  if (!iqmp) {
897  goto error;
898  }
899 #endif /* splint */
900 
901 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
902 # ifndef S_SPLINT_S
903  rsa->n = n;
904  rsa->e = e;
905  rsa->d = d;
906  rsa->p = p;
907  rsa->q = q;
908  rsa->dmp1 = dmp1;
909  rsa->dmq1 = dmq1;
910  rsa->iqmp = iqmp;
911 # endif
912 #else
913  if(!RSA_set0_key(rsa, n, e, d))
914  goto error;
915  n = NULL;
916  e = NULL;
917  d = NULL;
918  if(!RSA_set0_factors(rsa, p, q))
919  goto error;
920  p = NULL;
921  q = NULL;
922  if(!RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp))
923  goto error;
924 #endif
925 
926  LDNS_FREE(buf);
927  LDNS_FREE(b);
928  return rsa;
929 
930 error:
931  RSA_free(rsa);
932  LDNS_FREE(b);
933  LDNS_FREE(buf);
934  BN_free(n);
935  BN_free(e);
936  BN_free(d);
937  BN_free(p);
938  BN_free(q);
939  BN_free(dmp1);
940  BN_free(dmq1);
941  BN_free(iqmp);
942  return NULL;
943 }
944 
945 DSA *
946 ldns_key_new_frm_fp_dsa(FILE *f)
947 {
948  return ldns_key_new_frm_fp_dsa_l(f, NULL);
949 }
950 
951 DSA *
952 ldns_key_new_frm_fp_dsa_l(FILE *f, ATTR_UNUSED(int *line_nr))
953 {
954  int i;
955  char *d;
956  DSA *dsa;
957  uint8_t *buf;
958  BIGNUM *p=NULL, *q=NULL, *g=NULL, *priv_key=NULL, *pub_key=NULL;
959 
960  d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
961  buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
962  dsa = DSA_new();
963  if (!d || !dsa || !buf) {
964  goto error;
965  }
966 
967  /* the line parser removes the () from the input... */
968 
969  /* Prime, dsa->p */
970  if (ldns_fget_keyword_data_l(f, "Primep", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
971  goto error;
972  }
973  i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
974 #ifndef S_SPLINT_S
975  p = BN_bin2bn((const char unsigned*)buf, i, NULL);
976  if (!p) {
977  goto error;
978  }
979 
980  /* Subprime, dsa->q */
981  if (ldns_fget_keyword_data_l(f, "Subprimeq", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
982  goto error;
983  }
984  i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
985  q = BN_bin2bn((const char unsigned*)buf, i, NULL);
986  if (!q) {
987  goto error;
988  }
989 
990  /* Base, dsa->g */
991  if (ldns_fget_keyword_data_l(f, "Baseg", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
992  goto error;
993  }
994  i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
995  g = BN_bin2bn((const char unsigned*)buf, i, NULL);
996  if (!g) {
997  goto error;
998  }
999 
1000  /* Private key, dsa->priv_key */
1001  if (ldns_fget_keyword_data_l(f, "Private_valuex", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
1002  goto error;
1003  }
1004  i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
1005  priv_key = BN_bin2bn((const char unsigned*)buf, i, NULL);
1006  if (!priv_key) {
1007  goto error;
1008  }
1009 
1010  /* Public key, dsa->priv_key */
1011  if (ldns_fget_keyword_data_l(f, "Public_valuey", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
1012  goto error;
1013  }
1014  i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d)));
1015  pub_key = BN_bin2bn((const char unsigned*)buf, i, NULL);
1016  if (!pub_key) {
1017  goto error;
1018  }
1019 #endif /* splint */
1020 
1021 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
1022 # ifndef S_SPLINT_S
1023  dsa->p = p;
1024  dsa->q = q;
1025  dsa->g = g;
1026  dsa->priv_key = priv_key;
1027  dsa->pub_key = pub_key;
1028 # endif
1029 #else
1030  if(!DSA_set0_pqg(dsa, p, q, g))
1031  goto error;
1032  p = NULL;
1033  q = NULL;
1034  g = NULL;
1035  if(!DSA_set0_key(dsa, pub_key, priv_key))
1036  goto error;
1037 #endif
1038 
1039  LDNS_FREE(buf);
1040  LDNS_FREE(d);
1041 
1042  return dsa;
1043 
1044 error:
1045  LDNS_FREE(d);
1046  LDNS_FREE(buf);
1047  DSA_free(dsa);
1048  BN_free(p);
1049  BN_free(q);
1050  BN_free(g);
1051  BN_free(priv_key);
1052  BN_free(pub_key);
1053  return NULL;
1054 }
1055 
1056 unsigned char *
1057 ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
1058 {
1059  return ldns_key_new_frm_fp_hmac_l(f, NULL, hmac_size);
1060 }
1061 
1062 unsigned char *
1063 ldns_key_new_frm_fp_hmac_l( FILE *f
1064  , ATTR_UNUSED(int *line_nr)
1065  , size_t *hmac_size
1066  )
1067 {
1068  size_t i, bufsz;
1069  char d[LDNS_MAX_LINELEN];
1070  unsigned char *buf = NULL;
1071 
1072  if (ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
1073  goto error;
1074  }
1075  bufsz = ldns_b64_ntop_calculate_size(strlen(d));
1076  buf = LDNS_XMALLOC(unsigned char, bufsz);
1077  i = (size_t) ldns_b64_pton((const char*)d, buf, bufsz);
1078 
1079  *hmac_size = i;
1080  return buf;
1081 
1082  error:
1083  LDNS_FREE(buf);
1084  *hmac_size = 0;
1085  return NULL;
1086 }
1087 #endif /* HAVE_SSL */
1088 
1089 #ifdef USE_GOST
1090 static EVP_PKEY*
1091 ldns_gen_gost_key(void)
1092 {
1093  EVP_PKEY_CTX* ctx;
1094  EVP_PKEY* p = NULL;
1095  int gost_id = ldns_key_EVP_load_gost_id();
1096  if(!gost_id)
1097  return NULL;
1098  ctx = EVP_PKEY_CTX_new_id(gost_id, NULL);
1099  if(!ctx) {
1100  /* the id should be available now */
1101  return NULL;
1102  }
1103  if(EVP_PKEY_CTX_ctrl_str(ctx, "paramset", "A") <= 0) {
1104  /* cannot set paramset */
1105  EVP_PKEY_CTX_free(ctx);
1106  return NULL;
1107  }
1108 
1109  if(EVP_PKEY_keygen_init(ctx) <= 0) {
1110  EVP_PKEY_CTX_free(ctx);
1111  return NULL;
1112  }
1113  if(EVP_PKEY_keygen(ctx, &p) <= 0) {
1114  EVP_PKEY_free(p);
1115  EVP_PKEY_CTX_free(ctx);
1116  return NULL;
1117  }
1118  EVP_PKEY_CTX_free(ctx);
1119  return p;
1120 }
1121 #endif
1122 
1123 ldns_key *
1124 ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
1125 {
1126  ldns_key *k;
1127 #ifdef HAVE_SSL
1128 #ifdef USE_DSA
1129  DSA *d;
1130 #endif /* USE_DSA */
1131 # ifdef USE_ECDSA
1132  EC_KEY *ec = NULL;
1133 # endif
1134 # ifdef HAVE_EVP_PKEY_KEYGEN
1135  EVP_PKEY_CTX *ctx;
1136 # else
1137  RSA *r;
1138 # endif
1139 #else
1140  int i;
1141  uint16_t offset = 0;
1142 #endif
1143  unsigned char *hmac;
1144 
1145  k = ldns_key_new();
1146  if (!k) {
1147  return NULL;
1148  }
1149  switch(alg) {
1150  case LDNS_SIGN_RSAMD5:
1151  case LDNS_SIGN_RSASHA1:
1152  case LDNS_SIGN_RSASHA1_NSEC3:
1153  case LDNS_SIGN_RSASHA256:
1154  case LDNS_SIGN_RSASHA512:
1155 #ifdef HAVE_SSL
1156 #ifdef HAVE_EVP_PKEY_KEYGEN
1157  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
1158  if(!ctx) {
1159  ldns_key_free(k);
1160  return NULL;
1161  }
1162  if(EVP_PKEY_keygen_init(ctx) <= 0) {
1163  ldns_key_free(k);
1164  EVP_PKEY_CTX_free(ctx);
1165  return NULL;
1166  }
1167  if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, size) <= 0) {
1168  ldns_key_free(k);
1169  EVP_PKEY_CTX_free(ctx);
1170  return NULL;
1171  }
1172 #ifndef S_SPLINT_S
1173  if (EVP_PKEY_keygen(ctx, &k->_key.key) <= 0) {
1174  ldns_key_free(k);
1175  EVP_PKEY_CTX_free(ctx);
1176  return NULL;
1177  }
1178 #endif
1179  EVP_PKEY_CTX_free(ctx);
1180 #else /* HAVE_EVP_PKEY_KEYGEN */
1181  r = RSA_generate_key((int)size, RSA_F4, NULL, NULL);
1182  if(!r) {
1183  ldns_key_free(k);
1184  return NULL;
1185  }
1186  if (RSA_check_key(r) != 1) {
1187  ldns_key_free(k);
1188  return NULL;
1189  }
1190  ldns_key_set_rsa_key(k, r);
1191  RSA_free(r);
1192 #endif /* HAVE_EVP_PKEY_KEYGEN */
1193 #endif /* HAVE_SSL */
1194  break;
1195  case LDNS_SIGN_DSA:
1196  case LDNS_SIGN_DSA_NSEC3:
1197 #ifdef USE_DSA
1198 #ifdef HAVE_SSL
1199 # if OPENSSL_VERSION_NUMBER < 0x00908000L
1200  d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL);
1201  if (!d) {
1202  ldns_key_free(k);
1203  return NULL;
1204  }
1205 
1206 # else
1207  if (! (d = DSA_new())) {
1208  ldns_key_free(k);
1209  return NULL;
1210  }
1211  if (! DSA_generate_parameters_ex(d, (int)size, NULL, 0, NULL, NULL, NULL)) {
1212  DSA_free(d);
1213  ldns_key_free(k);
1214  return NULL;
1215  }
1216 # endif
1217  if (DSA_generate_key(d) != 1) {
1218  ldns_key_free(k);
1219  return NULL;
1220  }
1221  ldns_key_set_dsa_key(k, d);
1222  DSA_free(d);
1223 #endif /* HAVE_SSL */
1224 #endif /* USE_DSA */
1225  break;
1226  case LDNS_SIGN_HMACMD5:
1227  case LDNS_SIGN_HMACSHA1:
1228  case LDNS_SIGN_HMACSHA224:
1229  case LDNS_SIGN_HMACSHA256:
1230  case LDNS_SIGN_HMACSHA384:
1231  case LDNS_SIGN_HMACSHA512:
1232 #ifdef HAVE_SSL
1233 #ifndef S_SPLINT_S
1234  k->_key.key = NULL;
1235 #endif /* splint */
1236 #endif /* HAVE_SSL */
1237  size = size / 8;
1238  ldns_key_set_hmac_size(k, size);
1239 
1240  hmac = LDNS_XMALLOC(unsigned char, size);
1241  if(!hmac) {
1242  ldns_key_free(k);
1243  return NULL;
1244  }
1245 #ifdef HAVE_SSL
1246  if (RAND_bytes(hmac, (int) size) != 1) {
1247  LDNS_FREE(hmac);
1248  ldns_key_free(k);
1249  return NULL;
1250  }
1251 #else
1252  while (offset + sizeof(i) < size) {
1253  i = random();
1254  memcpy(&hmac[offset], &i, sizeof(i));
1255  offset += sizeof(i);
1256  }
1257  if (offset < size) {
1258  i = random();
1259  memcpy(&hmac[offset], &i, size - offset);
1260  }
1261 #endif /* HAVE_SSL */
1262  ldns_key_set_hmac_key(k, hmac);
1263 
1264  ldns_key_set_flags(k, 0);
1265  break;
1266  case LDNS_SIGN_ECC_GOST:
1267 #if defined(HAVE_SSL) && defined(USE_GOST)
1268  ldns_key_set_evp_key(k, ldns_gen_gost_key());
1269 #ifndef S_SPLINT_S
1270  if(!k->_key.key) {
1271  ldns_key_free(k);
1272  return NULL;
1273  }
1274 #endif /* splint */
1275 #else
1276  ldns_key_free(k);
1277  return NULL;
1278 #endif /* HAVE_SSL and USE_GOST */
1279  break;
1280  case LDNS_SIGN_ECDSAP256SHA256:
1281  case LDNS_SIGN_ECDSAP384SHA384:
1282 #ifdef USE_ECDSA
1283  if(alg == LDNS_SIGN_ECDSAP256SHA256)
1284  ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1285  else if(alg == LDNS_SIGN_ECDSAP384SHA384)
1286  ec = EC_KEY_new_by_curve_name(NID_secp384r1);
1287  if(!ec) {
1288  ldns_key_free(k);
1289  return NULL;
1290  }
1291  if(!EC_KEY_generate_key(ec)) {
1292  ldns_key_free(k);
1293  EC_KEY_free(ec);
1294  return NULL;
1295  }
1296 #ifndef S_SPLINT_S
1297  k->_key.key = EVP_PKEY_new();
1298  if(!k->_key.key) {
1299  ldns_key_free(k);
1300  EC_KEY_free(ec);
1301  return NULL;
1302  }
1303  if (!EVP_PKEY_assign_EC_KEY(k->_key.key, ec)) {
1304  ldns_key_free(k);
1305  EC_KEY_free(ec);
1306  return NULL;
1307  }
1308 #endif /* splint */
1309 #else
1310  ldns_key_free(k);
1311  return NULL;
1312 #endif /* ECDSA */
1313  break;
1314 #ifdef USE_ED25519
1315  case LDNS_SIGN_ED25519:
1316 #ifdef HAVE_EVP_PKEY_KEYGEN
1317  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
1318  if(!ctx) {
1319  ldns_key_free(k);
1320  return NULL;
1321  }
1322  if(EVP_PKEY_keygen_init(ctx) <= 0) {
1323  ldns_key_free(k);
1324  EVP_PKEY_CTX_free(ctx);
1325  return NULL;
1326  }
1327  if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx,
1328  NID_X25519) <= 0) {
1329  ldns_key_free(k);
1330  EVP_PKEY_CTX_free(ctx);
1331  return NULL;
1332  }
1333  if (EVP_PKEY_keygen(ctx, &k->_key.key) <= 0) {
1334  ldns_key_free(k);
1335  EVP_PKEY_CTX_free(ctx);
1336  return NULL;
1337  }
1338  EVP_PKEY_CTX_free(ctx);
1339 #endif
1340  break;
1341 #endif /* ED25519 */
1342 #ifdef USE_ED448
1343  case LDNS_SIGN_ED448:
1344 #ifdef HAVE_EVP_PKEY_KEYGEN
1345  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
1346  if(!ctx) {
1347  ldns_key_free(k);
1348  return NULL;
1349  }
1350  if(EVP_PKEY_keygen_init(ctx) <= 0) {
1351  ldns_key_free(k);
1352  EVP_PKEY_CTX_free(ctx);
1353  return NULL;
1354  }
1355  if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx,
1356  NID_X448) <= 0) {
1357  ldns_key_free(k);
1358  EVP_PKEY_CTX_free(ctx);
1359  return NULL;
1360  }
1361  if (EVP_PKEY_keygen(ctx, &k->_key.key) <= 0) {
1362  ldns_key_free(k);
1363  EVP_PKEY_CTX_free(ctx);
1364  return NULL;
1365  }
1366  EVP_PKEY_CTX_free(ctx);
1367 #endif
1368  break;
1369 #endif /* ED448 */
1370  }
1371  ldns_key_set_algorithm(k, alg);
1372  return k;
1373 }
1374 
1375 void
1376 ldns_key_print(FILE *output, const ldns_key *k)
1377 {
1378  char *str = ldns_key2str(k);
1379  if (str) {
1380  fprintf(output, "%s", str);
1381  } else {
1382  fprintf(output, "Unable to convert private key to string\n");
1383  }
1384  LDNS_FREE(str);
1385 }
1386 
1387 
1388 void
1389 ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l)
1390 {
1391  k->_alg = l;
1392 }
1393 
1394 void
1395 ldns_key_set_flags(ldns_key *k, uint16_t f)
1396 {
1397  k->_extra.dnssec.flags = f;
1398 }
1399 
1400 #ifdef HAVE_SSL
1401 #ifndef S_SPLINT_S
1402 void
1403 ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
1404 {
1405  k->_key.key = e;
1406 }
1407 
1408 void
1409 ldns_key_set_rsa_key(ldns_key *k, RSA *r)
1410 {
1411  EVP_PKEY *key = EVP_PKEY_new();
1412  EVP_PKEY_set1_RSA(key, r);
1413  k->_key.key = key;
1414 }
1415 
1416 void
1417 ldns_key_set_dsa_key(ldns_key *k, DSA *d)
1418 {
1419 #ifdef USE_DSA
1420  EVP_PKEY *key = EVP_PKEY_new();
1421  EVP_PKEY_set1_DSA(key, d);
1422  k->_key.key = key;
1423 #else
1424  (void)k; (void)d;
1425 #endif
1426 }
1427 
1428 void
1429 ldns_key_assign_rsa_key(ldns_key *k, RSA *r)
1430 {
1431  EVP_PKEY *key = EVP_PKEY_new();
1432  EVP_PKEY_assign_RSA(key, r);
1433  k->_key.key = key;
1434 }
1435 
1436 void
1437 ldns_key_assign_dsa_key(ldns_key *k, DSA *d)
1438 {
1439 #ifdef USE_DSA
1440  EVP_PKEY *key = EVP_PKEY_new();
1441  EVP_PKEY_assign_DSA(key, d);
1442  k->_key.key = key;
1443 #else
1444  (void)k; (void)d;
1445 #endif
1446 }
1447 #endif /* splint */
1448 #endif /* HAVE_SSL */
1449 
1450 void
1451 ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
1452 {
1453  k->_key.hmac.key = hmac;
1454 }
1455 
1456 void
1457 ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
1458 {
1459  k->_key.hmac.size = hmac_size;
1460 }
1461 
1462 void
1463 ldns_key_set_external_key(ldns_key *k, void *external_key)
1464 {
1465  k->_key.external_key = external_key;
1466 }
1467 
1468 void
1469 ldns_key_set_origttl(ldns_key *k, uint32_t t)
1470 {
1471  k->_extra.dnssec.orig_ttl = t;
1472 }
1473 
1474 void
1475 ldns_key_set_inception(ldns_key *k, uint32_t i)
1476 {
1477  k->_extra.dnssec.inception = i;
1478 }
1479 
1480 void
1481 ldns_key_set_expiration(ldns_key *k, uint32_t e)
1482 {
1483  k->_extra.dnssec.expiration = e;
1484 }
1485 
1486 void
1487 ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
1488 {
1489  k->_pubkey_owner = r;
1490 }
1491 
1492 void
1493 ldns_key_set_keytag(ldns_key *k, uint16_t tag)
1494 {
1495  k->_extra.dnssec.keytag = tag;
1496 }
1497 
1498 /* read */
1499 size_t
1500 ldns_key_list_key_count(const ldns_key_list *key_list)
1501 {
1502  return key_list->_key_count;
1503 }
1504 
1505 ldns_key *
1506 ldns_key_list_key(const ldns_key_list *key, size_t nr)
1507 {
1508  if (nr < ldns_key_list_key_count(key)) {
1509  return key->_keys[nr];
1510  } else {
1511  return NULL;
1512  }
1513 }
1514 
1515 ldns_signing_algorithm
1516 ldns_key_algorithm(const ldns_key *k)
1517 {
1518  return k->_alg;
1519 }
1520 
1521 void
1522 ldns_key_set_use(ldns_key *k, bool v)
1523 {
1524  if (k) {
1525  k->_use = v;
1526  }
1527 }
1528 
1529 bool
1530 ldns_key_use(const ldns_key *k)
1531 {
1532  if (k) {
1533  return k->_use;
1534  }
1535  return false;
1536 }
1537 
1538 #ifdef HAVE_SSL
1539 #ifndef S_SPLINT_S
1540 EVP_PKEY *
1541 ldns_key_evp_key(const ldns_key *k)
1542 {
1543  return k->_key.key;
1544 }
1545 
1546 RSA *
1547 ldns_key_rsa_key(const ldns_key *k)
1548 {
1549  if (k->_key.key) {
1550  return EVP_PKEY_get1_RSA(k->_key.key);
1551  } else {
1552  return NULL;
1553  }
1554 }
1555 
1556 DSA *
1557 ldns_key_dsa_key(const ldns_key *k)
1558 {
1559 #ifdef USE_DSA
1560  if (k->_key.key) {
1561  return EVP_PKEY_get1_DSA(k->_key.key);
1562  } else {
1563  return NULL;
1564  }
1565 #else
1566  (void)k;
1567  return NULL;
1568 #endif
1569 }
1570 #endif /* splint */
1571 #endif /* HAVE_SSL */
1572 
1573 unsigned char *
1574 ldns_key_hmac_key(const ldns_key *k)
1575 {
1576  if (k->_key.hmac.key) {
1577  return k->_key.hmac.key;
1578  } else {
1579  return NULL;
1580  }
1581 }
1582 
1583 size_t
1584 ldns_key_hmac_size(const ldns_key *k)
1585 {
1586  if (k->_key.hmac.size) {
1587  return k->_key.hmac.size;
1588  } else {
1589  return 0;
1590  }
1591 }
1592 
1593 void *
1594 ldns_key_external_key(const ldns_key *k)
1595 {
1596  return k->_key.external_key;
1597 }
1598 
1599 uint32_t
1600 ldns_key_origttl(const ldns_key *k)
1601 {
1602  return k->_extra.dnssec.orig_ttl;
1603 }
1604 
1605 uint16_t
1606 ldns_key_flags(const ldns_key *k)
1607 {
1608  return k->_extra.dnssec.flags;
1609 }
1610 
1611 uint32_t
1612 ldns_key_inception(const ldns_key *k)
1613 {
1614  return k->_extra.dnssec.inception;
1615 }
1616 
1617 uint32_t
1618 ldns_key_expiration(const ldns_key *k)
1619 {
1620  return k->_extra.dnssec.expiration;
1621 }
1622 
1623 uint16_t
1624 ldns_key_keytag(const ldns_key *k)
1625 {
1626  return k->_extra.dnssec.keytag;
1627 }
1628 
1629 ldns_rdf *
1630 ldns_key_pubkey_owner(const ldns_key *k)
1631 {
1632  return k->_pubkey_owner;
1633 }
1634 
1635 /* write */
1636 void
1637 ldns_key_list_set_use(ldns_key_list *keys, bool v)
1638 {
1639  size_t i;
1640 
1641  for (i = 0; i < ldns_key_list_key_count(keys); i++) {
1642  ldns_key_set_use(ldns_key_list_key(keys, i), v);
1643  }
1644 }
1645 
1646 void
1647 ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
1648 {
1649  key->_key_count = count;
1650 }
1651 
1652 bool
1653 ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
1654 {
1655  size_t key_count;
1656  ldns_key **keys;
1657 
1658  key_count = ldns_key_list_key_count(key_list);
1659 
1660  /* grow the array */
1661  keys = LDNS_XREALLOC(
1662  key_list->_keys, ldns_key *, key_count + 1);
1663  if (!keys) {
1664  return false;
1665  }
1666 
1667  /* add the new member */
1668  key_list->_keys = keys;
1669  key_list->_keys[key_count] = key;
1670 
1671  ldns_key_list_set_key_count(key_list, key_count + 1);
1672  return true;
1673 }
1674 
1675 ldns_key *
1676 ldns_key_list_pop_key(ldns_key_list *key_list)
1677 {
1678  size_t key_count;
1679  ldns_key** a;
1680  ldns_key *pop;
1681 
1682  if (!key_list) {
1683  return NULL;
1684  }
1685 
1686  key_count = ldns_key_list_key_count(key_list);
1687  if (key_count == 0) {
1688  return NULL;
1689  }
1690 
1691  pop = ldns_key_list_key(key_list, key_count);
1692 
1693  /* shrink the array */
1694  a = LDNS_XREALLOC(key_list->_keys, ldns_key *, key_count - 1);
1695  if(a) {
1696  key_list->_keys = a;
1697  }
1698 
1699  ldns_key_list_set_key_count(key_list, key_count - 1);
1700 
1701  return pop;
1702 }
1703 
1704 #ifdef HAVE_SSL
1705 #ifndef S_SPLINT_S
1706 /* data pointer must be large enough (LDNS_MAX_KEYLEN) */
1707 static bool
1708 ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size)
1709 {
1710  int i,j;
1711  const BIGNUM *n=NULL, *e=NULL;
1712 
1713  if (!k) {
1714  return false;
1715  }
1716 #if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
1717  n = k->n;
1718  e = k->e;
1719 #else
1720  RSA_get0_key(k, &n, &e, NULL);
1721 #endif
1722 
1723  if (BN_num_bytes(e) <= 256) {
1724  /* normally only this path is executed (small factors are
1725  * more common
1726  */
1727  data[0] = (unsigned char) BN_num_bytes(e);
1728  i = BN_bn2bin(e, data + 1);
1729  j = BN_bn2bin(n, data + i + 1);
1730  *size = (uint16_t) i + j;
1731  } else if (BN_num_bytes(e) <= 65536) {
1732  data[0] = 0;
1733  /* BN_bn2bin does bigendian, _uint16 also */
1734  ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(e));
1735 
1736  BN_bn2bin(e, data + 3);
1737  BN_bn2bin(n, data + 4 + BN_num_bytes(e));
1738  *size = (uint16_t) BN_num_bytes(n) + 6;
1739  } else {
1740  return false;
1741  }
1742  return true;
1743 }
1744 
1745 #ifdef USE_DSA
1746 /* data pointer must be large enough (LDNS_MAX_KEYLEN) */
1747 static bool
1748 ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size)
1749 {
1750  uint8_t T;
1751  const BIGNUM *p, *q, *g;
1752  const BIGNUM *pub_key, *priv_key;
1753 
1754  if (!k) {
1755  return false;
1756  }
1757 
1758  /* See RFC2536 */
1759 # ifdef HAVE_DSA_GET0_PQG
1760  DSA_get0_pqg(k, &p, &q, &g);
1761 # else
1762  p = k->p; q = k->q; g = k->g;
1763 # endif
1764 # ifdef HAVE_DSA_GET0_KEY
1765  DSA_get0_key(k, &pub_key, &priv_key);
1766 # else
1767  pub_key = k->pub_key; priv_key = k->priv_key;
1768 # endif
1769  (void)priv_key;
1770  *size = (uint16_t)BN_num_bytes(p);
1771  T = (*size - 64) / 8;
1772 
1773  if (T > 8) {
1774 #ifdef STDERR_MSGS
1775  fprintf(stderr, "DSA key with T > 8 (ie. > 1024 bits)");
1776  fprintf(stderr, " not implemented\n");
1777 #endif
1778  return false;
1779  }
1780 
1781  /* size = 64 + (T * 8); */
1782  memset(data, 0, 21 + *size * 3);
1783  data[0] = (unsigned char)T;
1784  BN_bn2bin(q, data + 1 ); /* 20 octects */
1785  BN_bn2bin(p, data + 21 ); /* offset octects */
1786  BN_bn2bin(g, data + 21 + *size * 2 - BN_num_bytes(g));
1787  BN_bn2bin(pub_key,data + 21 + *size * 3 - BN_num_bytes(pub_key));
1788  *size = 21 + *size * 3;
1789  return true;
1790 }
1791 #endif /* USE_DSA */
1792 
1793 #ifdef USE_GOST
1794 static bool
1795 ldns_key_gost2bin(unsigned char* data, EVP_PKEY* k, uint16_t* size)
1796 {
1797  int i;
1798  unsigned char* pp = NULL;
1799  if(i2d_PUBKEY(k, &pp) != 37 + 64) {
1800  /* expect 37 byte(ASN header) and 64 byte(X and Y) */
1801  free(pp);
1802  return false;
1803  }
1804  /* omit ASN header */
1805  for(i=0; i<64; i++)
1806  data[i] = pp[i+37];
1807  free(pp);
1808  *size = 64;
1809  return true;
1810 }
1811 #endif /* USE_GOST */
1812 #endif /* splint */
1813 #endif /* HAVE_SSL */
1814 
1815 ldns_rr *
1816 ldns_key2rr(const ldns_key *k)
1817 {
1818  /* this function will convert a the keydata contained in
1819  * rsa/dsa pointers to a DNSKEY rr. It will fill in as
1820  * much as it can, but it does not know about key-flags
1821  * for instance
1822  */
1823  ldns_rr *pubkey;
1824  ldns_rdf *keybin;
1825  unsigned char *bin = NULL;
1826  uint16_t size = 0;
1827 #ifdef HAVE_SSL
1828  RSA *rsa = NULL;
1829 #ifdef USE_DSA
1830  DSA *dsa = NULL;
1831 #endif /* USE_DSA */
1832 #endif /* HAVE_SSL */
1833 #ifdef USE_ECDSA
1834  EC_KEY* ec;
1835 #endif
1836  int internal_data = 0;
1837 
1838  if (!k) {
1839  return NULL;
1840  }
1841  pubkey = ldns_rr_new();
1842 
1843  switch (ldns_key_algorithm(k)) {
1844  case LDNS_SIGN_HMACMD5:
1845  case LDNS_SIGN_HMACSHA1:
1846  case LDNS_SIGN_HMACSHA224:
1847  case LDNS_SIGN_HMACSHA256:
1848  case LDNS_SIGN_HMACSHA384:
1849  case LDNS_SIGN_HMACSHA512:
1850  ldns_rr_set_type(pubkey, LDNS_RR_TYPE_KEY);
1851  break;
1852  default:
1853  ldns_rr_set_type(pubkey, LDNS_RR_TYPE_DNSKEY);
1854  break;
1855  }
1856  /* zero-th rdf - flags */
1857  ldns_rr_push_rdf(pubkey,
1858  ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16,
1859  ldns_key_flags(k)));
1860  /* first - proto */
1861  ldns_rr_push_rdf(pubkey,
1862  ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, LDNS_DNSSEC_KEYPROTO));
1863 
1864  if (ldns_key_pubkey_owner(k)) {
1865  ldns_rr_set_owner(pubkey, ldns_rdf_clone(ldns_key_pubkey_owner(k)));
1866  }
1867 
1868  /* third - da algorithm */
1869  switch(ldns_key_algorithm(k)) {
1870  case LDNS_SIGN_RSAMD5:
1871  case LDNS_SIGN_RSASHA1:
1872  case LDNS_SIGN_RSASHA1_NSEC3:
1873  case LDNS_SIGN_RSASHA256:
1874  case LDNS_SIGN_RSASHA512:
1875  ldns_rr_push_rdf(pubkey,
1876  ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
1877 #ifdef HAVE_SSL
1878  rsa = ldns_key_rsa_key(k);
1879  if (rsa) {
1880  bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
1881  if (!bin) {
1882  ldns_rr_free(pubkey);
1883  return NULL;
1884  }
1885  if (!ldns_key_rsa2bin(bin, rsa, &size)) {
1886  LDNS_FREE(bin);
1887  ldns_rr_free(pubkey);
1888  return NULL;
1889  }
1890  RSA_free(rsa);
1891  internal_data = 1;
1892  }
1893 #endif
1894  size++;
1895  break;
1896  case LDNS_SIGN_DSA:
1897  ldns_rr_push_rdf(pubkey,
1898  ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA));
1899 #ifdef USE_DSA
1900 #ifdef HAVE_SSL
1901  dsa = ldns_key_dsa_key(k);
1902  if (dsa) {
1903  bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
1904  if (!bin) {
1905  ldns_rr_free(pubkey);
1906  return NULL;
1907  }
1908  if (!ldns_key_dsa2bin(bin, dsa, &size)) {
1909  LDNS_FREE(bin);
1910  ldns_rr_free(pubkey);
1911  return NULL;
1912  }
1913  DSA_free(dsa);
1914  internal_data = 1;
1915  }
1916 #endif /* HAVE_SSL */
1917 #endif /* USE_DSA */
1918  break;
1919  case LDNS_SIGN_DSA_NSEC3:
1920  ldns_rr_push_rdf(pubkey,
1921  ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3));
1922 #ifdef USE_DSA
1923 #ifdef HAVE_SSL
1924  dsa = ldns_key_dsa_key(k);
1925  if (dsa) {
1926  bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
1927  if (!bin) {
1928  ldns_rr_free(pubkey);
1929  return NULL;
1930  }
1931  if (!ldns_key_dsa2bin(bin, dsa, &size)) {
1932  LDNS_FREE(bin);
1933  ldns_rr_free(pubkey);
1934  return NULL;
1935  }
1936  DSA_free(dsa);
1937  internal_data = 1;
1938  }
1939 #endif /* HAVE_SSL */
1940 #endif /* USE_DSA */
1941  break;
1942  case LDNS_SIGN_ECC_GOST:
1943  ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
1944  LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
1945 #if defined(HAVE_SSL) && defined(USE_GOST)
1946  bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
1947  if (!bin) {
1948  ldns_rr_free(pubkey);
1949  return NULL;
1950  }
1951 #ifndef S_SPLINT_S
1952  if (!ldns_key_gost2bin(bin, k->_key.key, &size)) {
1953  LDNS_FREE(bin);
1954  ldns_rr_free(pubkey);
1955  return NULL;
1956  }
1957 #endif /* splint */
1958  internal_data = 1;
1959 #else
1960  ldns_rr_free(pubkey);
1961  return NULL;
1962 #endif /* HAVE_SSL and USE_GOST */
1963  break;
1964  case LDNS_SIGN_ECDSAP256SHA256:
1965  case LDNS_SIGN_ECDSAP384SHA384:
1966 #ifdef USE_ECDSA
1967  ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
1968  LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
1969  bin = NULL;
1970 #ifndef S_SPLINT_S
1971  ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
1972 #endif
1973  EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
1974  size = (uint16_t)i2o_ECPublicKey(ec, NULL);
1975  if(!i2o_ECPublicKey(ec, &bin)) {
1976  EC_KEY_free(ec);
1977  ldns_rr_free(pubkey);
1978  return NULL;
1979  }
1980  if(size > 1) {
1981  /* move back one byte to shave off the 0x02
1982  * 'uncompressed' indicator that openssl made
1983  * Actually its 0x04 (from implementation).
1984  */
1985  assert(bin[0] == POINT_CONVERSION_UNCOMPRESSED);
1986  size -= 1;
1987  memmove(bin, bin+1, size);
1988  }
1989  /* down the reference count for ec, its still assigned
1990  * to the pkey */
1991  EC_KEY_free(ec);
1992  internal_data = 1;
1993 #else
1994  ldns_rr_free(pubkey);
1995  return NULL;
1996 #endif /* ECDSA */
1997  break;
1998 #ifdef USE_ED25519
1999  case LDNS_SIGN_ED25519:
2000  ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
2001  LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
2002  bin = NULL;
2003  ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
2004  EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
2005  size = (uint16_t)i2o_ECPublicKey(ec, NULL);
2006  if(!i2o_ECPublicKey(ec, &bin)) {
2007  EC_KEY_free(ec);
2008  ldns_rr_free(pubkey);
2009  return NULL;
2010  }
2011  /* down the reference count for ec, its still assigned
2012  * to the pkey */
2013  EC_KEY_free(ec);
2014  internal_data = 1;
2015  break;
2016 #endif
2017 #ifdef USE_ED448
2018  case LDNS_SIGN_ED448:
2019  ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8(
2020  LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
2021  bin = NULL;
2022  ec = EVP_PKEY_get1_EC_KEY(k->_key.key);
2023  EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED);
2024  size = (uint16_t)i2o_ECPublicKey(ec, NULL);
2025  if(!i2o_ECPublicKey(ec, &bin)) {
2026  EC_KEY_free(ec);
2027  ldns_rr_free(pubkey);
2028  return NULL;
2029  }
2030  /* down the reference count for ec, its still assigned
2031  * to the pkey */
2032  EC_KEY_free(ec);
2033  internal_data = 1;
2034  break;
2035 #endif
2036  case LDNS_SIGN_HMACMD5:
2037  case LDNS_SIGN_HMACSHA1:
2038  case LDNS_SIGN_HMACSHA224:
2039  case LDNS_SIGN_HMACSHA256:
2040  case LDNS_SIGN_HMACSHA384:
2041  case LDNS_SIGN_HMACSHA512:
2042  bin = LDNS_XMALLOC(unsigned char, ldns_key_hmac_size(k));
2043  if (!bin) {
2044  ldns_rr_free(pubkey);
2045  return NULL;
2046  }
2047  ldns_rr_push_rdf(pubkey,
2048  ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG,
2049  ldns_key_algorithm(k)));
2050  size = ldns_key_hmac_size(k);
2051  memcpy(bin, ldns_key_hmac_key(k), size);
2052  internal_data = 1;
2053  break;
2054  }
2055  /* fourth the key bin material */
2056  if (internal_data) {
2057  keybin = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, size, bin);
2058  LDNS_FREE(bin);
2059  ldns_rr_push_rdf(pubkey, keybin);
2060  }
2061  return pubkey;
2062 }
2063 
2064 void
2065 ldns_key_free(ldns_key *key)
2066 {
2067  LDNS_FREE(key);
2068 }
2069 
2070 void
2071 ldns_key_deep_free(ldns_key *key)
2072 {
2073  unsigned char* hmac;
2074  if (ldns_key_pubkey_owner(key)) {
2075  ldns_rdf_deep_free(ldns_key_pubkey_owner(key));
2076  }
2077 #ifdef HAVE_SSL
2078  if (ldns_key_evp_key(key)) {
2079  EVP_PKEY_free(ldns_key_evp_key(key));
2080  }
2081 #endif /* HAVE_SSL */
2082  if (ldns_key_hmac_key(key)) {
2083  hmac = ldns_key_hmac_key(key);
2084  LDNS_FREE(hmac);
2085  }
2086  LDNS_FREE(key);
2087 }
2088 
2089 void
2090 ldns_key_list_free(ldns_key_list *key_list)
2091 {
2092  size_t i;
2093  for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
2094  ldns_key_deep_free(ldns_key_list_key(key_list, i));
2095  }
2096  LDNS_FREE(key_list->_keys);
2097  LDNS_FREE(key_list);
2098 }
2099 
2100 ldns_rr *
2101 ldns_read_anchor_file(const char *filename)
2102 {
2103  FILE *fp;
2104  /*char line[LDNS_MAX_PACKETLEN];*/
2105  char *line = LDNS_XMALLOC(char, LDNS_MAX_PACKETLEN);
2106  int c;
2107  size_t i = 0;
2108  ldns_rr *r;
2109  ldns_status status;
2110  if(!line) {
2111  return NULL;
2112  }
2113 
2114  fp = fopen(filename, "r");
2115  if (!fp) {
2116 #ifdef STDERR_MSGS
2117  fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
2118 #endif
2119  LDNS_FREE(line);
2120  return NULL;
2121  }
2122 
2123  while ((c = fgetc(fp)) && i+1 < LDNS_MAX_PACKETLEN && c != EOF) {
2124  line[i] = c;
2125  i++;
2126  }
2127  line[i] = '\0';
2128 
2129  fclose(fp);
2130 
2131  if (i <= 0) {
2132 #ifdef STDERR_MSGS
2133  fprintf(stderr, "nothing read from %s", filename);
2134 #endif
2135  LDNS_FREE(line);
2136  return NULL;
2137  } else {
2138  status = ldns_rr_new_frm_str(&r, line, 0, NULL, NULL);
2139  if (status == LDNS_STATUS_OK && (ldns_rr_get_type(r) == LDNS_RR_TYPE_DNSKEY || ldns_rr_get_type(r) == LDNS_RR_TYPE_DS)) {
2140  LDNS_FREE(line);
2141  return r;
2142  } else {
2143 #ifdef STDERR_MSGS
2144  fprintf(stderr, "Error creating DNSKEY or DS rr from %s: %s\n", filename, ldns_get_errorstr_by_id(status));
2145 #endif
2146  LDNS_FREE(line);
2147  return NULL;
2148  }
2149  }
2150 }
2151 
2152 char *
2153 ldns_key_get_file_base_name(const ldns_key *key)
2154 {
2155  ldns_buffer *buffer;
2156  char *file_base_name;
2157 
2158  buffer = ldns_buffer_new(255);
2159  ldns_buffer_printf(buffer, "K");
2160  (void)ldns_rdf2buffer_str_dname(buffer, ldns_key_pubkey_owner(key));
2161  ldns_buffer_printf(buffer,
2162  "+%03u+%05u",
2163  ldns_key_algorithm(key),
2164  ldns_key_keytag(key));
2165  file_base_name = ldns_buffer_export(buffer);
2166  ldns_buffer_free(buffer);
2167  return file_base_name;
2168 }
2169 
2170 int ldns_key_algo_supported(int algo)
2171 {
2172  ldns_lookup_table *lt = ldns_signing_algorithms;
2173  while(lt->name) {
2174  if(lt->id == algo)
2175  return 1;
2176  lt++;
2177  }
2178  return 0;
2179 }
2180 
2181 ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name)
2182 {
2183  /* list of (signing algorithm id, alias_name) */
2184  ldns_lookup_table aliases[] = {
2185  /* from bind dnssec-keygen */
2186  {LDNS_SIGN_HMACMD5, "HMAC-MD5"},
2187  {LDNS_SIGN_DSA_NSEC3, "NSEC3DSA"},
2188  {LDNS_SIGN_RSASHA1_NSEC3, "NSEC3RSASHA1"},
2189  /* old ldns usage, now RFC names */
2190 #ifdef USE_DSA
2191  {LDNS_SIGN_DSA_NSEC3, "DSA_NSEC3" },
2192 #endif
2193  {LDNS_SIGN_RSASHA1_NSEC3, "RSASHA1_NSEC3" },
2194 #ifdef USE_GOST
2195  {LDNS_SIGN_ECC_GOST, "GOST"},
2196 #endif
2197  /* compat with possible output */
2198  {LDNS_DH, "DH"},
2199  {LDNS_ECC, "ECC"},
2200  {LDNS_INDIRECT, "INDIRECT"},
2201  {LDNS_PRIVATEDNS, "PRIVATEDNS"},
2202  {LDNS_PRIVATEOID, "PRIVATEOID"},
2203  {0, NULL}};
2204  ldns_lookup_table* lt = ldns_signing_algorithms;
2205  ldns_signing_algorithm a;
2206  char *endptr;
2207 
2208  while(lt->name) {
2209  if(strcasecmp(lt->name, name) == 0)
2210  return lt->id;
2211  lt++;
2212  }
2213  lt = aliases;
2214  while(lt->name) {
2215  if(strcasecmp(lt->name, name) == 0)
2216  return lt->id;
2217  lt++;
2218  }
2219  a = strtol(name, &endptr, 10);
2220  if (*name && !*endptr)
2221  return a;
2222 
2223  return 0;
2224 }
ldns_native2rdf_int16
ldns_rdf * ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value)
returns the rdf containing the native uint16_t representation.
Definition: rdata.c:132
ldns_key_print
void ldns_key_print(FILE *output, const ldns_key *k)
print a private key to the file output
Definition: keys.c:1376
ldns_key_EVP_load_gost_id
int ldns_key_EVP_load_gost_id(void)
Get the PKEY id for GOST, loads GOST into openssl as a side effect.
Definition: keys.c:132
LDNS_XREALLOC
#define LDNS_XREALLOC(ptr, type, count)
Definition: util.h:57
ldns_rdf_size
size_t ldns_rdf_size(const ldns_rdf *rd)
returns the size of the rdf.
Definition: rdata.c:24
ldns_struct_buffer
implementation of buffers to ease operations
Definition: buffer.h:50
LDNS_MAX_PACKETLEN
#define LDNS_MAX_PACKETLEN
Definition: packet.h:24
ldns_buffer_new
ldns_buffer * ldns_buffer_new(size_t capacity)
creates a new buffer with the specified capacity.
Definition: buffer.c:16
ldns_key_new_frm_fp_hmac_l
unsigned char * ldns_key_new_frm_fp_hmac_l(FILE *f, int *line_nr __attribute__((unused)), size_t *hmac_size)
Definition: keys.c:1063
ldns_key_EVP_unload_gost
void ldns_key_EVP_unload_gost(void)
Release the engine reference held for the GOST engine.
Definition: keys.c:180
ldns_key_evp_key
EVP_PKEY * ldns_key_evp_key(const ldns_key *k)
returns the (openssl) EVP struct contained in the key
Definition: keys.c:1541
ldns_key2rr
ldns_rr * ldns_key2rr(const ldns_key *k)
converts a ldns_key to a public key rr If the key data exists at an external point,...
Definition: keys.c:1816
LDNS_SIGN_HMACMD5
@ LDNS_SIGN_HMACMD5
Definition: keys.h:107
ldns_key_set_inception
void ldns_key_set_inception(ldns_key *k, uint32_t i)
Set the key's inception date (seconds after epoch)
Definition: keys.c:1475
ldns_native2rdf_int8
ldns_rdf * ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value)
returns the rdf containing the native uint8_t repr.
Definition: rdata.c:126
ldns_struct_key::external_key
void * external_key
the key structure can also just point to some external key data
Definition: keys.h:150
LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL
@ LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL
Definition: error.h:53
ldns_key_set_keytag
void ldns_key_set_keytag(ldns_key *k, uint16_t tag)
Set the key's key tag.
Definition: keys.c:1493
ldns_struct_rr
Resource Record.
Definition: rr.h:302
ldns_key_set_dsa_key
void ldns_key_set_dsa_key(ldns_key *k, DSA *d)
Set the key's dsa data The dsa data should be freed by the user.
Definition: keys.c:1417
ldns_gost_engine
ENGINE * ldns_gost_engine
store GOST engine reference loaded into OpenSSL library
Definition: keys.c:129
LDNS_FREE
#define LDNS_FREE(ptr)
Definition: util.h:60
ldns_key_deep_free
void ldns_key_deep_free(ldns_key *key)
frees a key structure and all its internal data structures, except the data set by ldns_key_set_exter...
Definition: keys.c:2071
ldns_key_algo_supported
int ldns_key_algo_supported(int algo)
See if a key algorithm is supported.
Definition: keys.c:2170
ldns_b64_pton
int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
ldns_struct_lookup_table::id
int id
Definition: util.h:157
LDNS_RDF_TYPE_INT16
@ LDNS_RDF_TYPE_INT16
16 bits
Definition: rdata.h:54
LDNS_STATUS_OK
@ LDNS_STATUS_OK
Definition: error.h:26
LDNS_STATUS_ERR
@ LDNS_STATUS_ERR
Definition: error.h:37
ldns_key_hmac_size
size_t ldns_key_hmac_size(const ldns_key *k)
return the hmac key size
Definition: keys.c:1584
ldns_key_list_push_key
bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
pushes a key to a keylist
Definition: keys.c:1653
ldns_struct_key::_alg
ldns_signing_algorithm _alg
Definition: keys.h:127
LDNS_KEY_ZONE_KEY
#define LDNS_KEY_ZONE_KEY
Definition: keys.h:37
ldns_struct_key_list
Same as rr_list, but now for keys.
Definition: keys.h:176
LDNS_SIGN_HMACSHA256
@ LDNS_SIGN_HMACSHA256
Definition: keys.h:109
LDNS_SIGN_ECDSAP256SHA256
@ LDNS_SIGN_ECDSAP256SHA256
Definition: keys.h:99
ldns_rr_new
ldns_rr * ldns_rr_new(void)
creates a new rr structure.
Definition: rr.c:24
ldns_struct_key::dnssec
struct ldns_struct_key::@1::@3 dnssec
Some values that influence generated signatures.
ldns_key_set_evp_key
void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
Set the key's evp key.
Definition: keys.c:1403
ldns_key_flags
uint16_t ldns_key_flags(const ldns_key *k)
return the flag of the key
Definition: keys.c:1606
LDNS_SIGN_HMACSHA224
@ LDNS_SIGN_HMACSHA224
Definition: keys.h:110
ldns_struct_key_list::_keys
ldns_key ** _keys
Definition: keys.h:179
ldns_read_anchor_file
ldns_rr * ldns_read_anchor_file(const char *filename)
Instantiates a DNSKEY or DS RR from file.
Definition: keys.c:2101
ldns_struct_key::_extra
union ldns_struct_key::@1 _extra
Depending on the key we can have extra data.
ldns_key_new_frm_fp_rsa_l
RSA * ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
frm_fp helper function.
Definition: keys.c:774
ldns_signing_algorithms
ldns_lookup_table ldns_signing_algorithms[]
Definition: keys.c:23
ldns_key_list_new
ldns_key_list * ldns_key_list_new(void)
Creates a new empty key list.
Definition: keys.c:58
ldns_key_set_expiration
void ldns_key_set_expiration(ldns_key *k, uint32_t e)
Set the key's expiration date (seconds after epoch)
Definition: keys.c:1481
LDNS_SIGN_HMACSHA1
@ LDNS_SIGN_HMACSHA1
Definition: keys.h:108
ldns_struct_key::_use
signed char _use
Whether to use this key when signing.
Definition: keys.h:129
LDNS_SIGN_HMACSHA512
@ LDNS_SIGN_HMACSHA512
Definition: keys.h:112
ldns_key_external_key
void * ldns_key_external_key(const ldns_key *k)
return the key id key data
Definition: keys.c:1594
ldns_str2rdf_b64
ldns_status ldns_str2rdf_b64(ldns_rdf **rd, const char *str)
convert the string with the b64 data into wireformat
Definition: str2host.c:582
ldns_key_use
bool ldns_key_use(const ldns_key *k)
return the use flag
Definition: keys.c:1530
ldns_rr_free
void ldns_rr_free(ldns_rr *rr)
frees an RR structure
Definition: rr.c:75
LDNS_SIGN_ECC_GOST
@ LDNS_SIGN_ECC_GOST
Definition: keys.h:98
LDNS_SIGN_RSASHA1
@ LDNS_SIGN_RSASHA1
Definition: keys.h:92
ldns_key_set_external_key
void ldns_key_set_external_key(ldns_key *k, void *external_key)
Set the key id data.
Definition: keys.c:1463
ldns_struct_lookup_table::name
const char * name
Definition: util.h:158
ldns_key_hmac_key
unsigned char * ldns_key_hmac_key(const ldns_key *k)
return the hmac key data
Definition: keys.c:1574
ldns_rdf_new_frm_data
ldns_rdf * ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data)
allocates a new rdf structure and fills it.
Definition: rdata.c:193
ldns_key_origttl
uint32_t ldns_key_origttl(const ldns_key *k)
return the original ttl of the key
Definition: keys.c:1600
ldns_key_set_use
void ldns_key_set_use(ldns_key *k, bool v)
Definition: keys.c:1522
LDNS_RR_TYPE_DS
@ LDNS_RR_TYPE_DS
RFC4034, RFC3658.
Definition: rr.h:167
ldns_buffer_export
void * ldns_buffer_export(ldns_buffer *buffer)
Makes the buffer fixed and returns a pointer to the data.
Definition: buffer.c:150
LDNS_MAX_KEYLEN
#define LDNS_MAX_KEYLEN
Definition: dnssec.h:41
ldns_rdf2buffer_str_dname
ldns_status ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname)
Print the ldns_rdf containing a dname to the buffer.
Definition: host2str.c:326
ldns_key_new_frm_fp_rsa
RSA * ldns_key_new_frm_fp_rsa(FILE *f)
frm_fp helper function.
Definition: keys.c:768
ldns_key_set_pubkey_owner
void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
Set the key's pubkey owner.
Definition: keys.c:1487
LDNS_SIGN_RSASHA512
@ LDNS_SIGN_RSASHA512
Definition: keys.h:96
ldns_key_list_set_use
void ldns_key_list_set_use(ldns_key_list *keys, bool v)
Definition: keys.c:1637
ldns_buffer_free
void ldns_buffer_free(ldns_buffer *buffer)
frees the buffer.
Definition: buffer.c:137
ldns_key_list_pop_key
ldns_key * ldns_key_list_pop_key(ldns_key_list *key_list)
pops the last rr from a keylist
Definition: keys.c:1676
LDNS_STATUS_SYNTAX_ERR
@ LDNS_STATUS_SYNTAX_ERR
Definition: error.h:97
ldns_struct_key
General key structure, can contain all types of keys that are used in DNSSEC.
Definition: keys.h:126
LDNS_INDIRECT
@ LDNS_INDIRECT
Definition: keys.h:68
ldns_key_list_key_count
size_t ldns_key_list_key_count(const ldns_key_list *key_list)
returns the number of keys in the key list
Definition: keys.c:1500
ldns_rdf_deep_free
void ldns_rdf_deep_free(ldns_rdf *rd)
frees a rdf structure and frees the data.
Definition: rdata.c:230
LDNS_STATUS_SYNTAX_ALG_ERR
@ LDNS_STATUS_SYNTAX_ALG_ERR
Definition: error.h:86
ldns_rdf_clone
ldns_rdf * ldns_rdf_clone(const ldns_rdf *rd)
clones a rdf structure.
Definition: rdata.c:222
LDNS_MALLOC
#define LDNS_MALLOC(type)
Memory management macros.
Definition: util.h:49
ldns_key_expiration
uint32_t ldns_key_expiration(const ldns_key *k)
return the key's expiration date
Definition: keys.c:1618
LDNS_ECDSAP256SHA256
@ LDNS_ECDSAP256SHA256
Definition: keys.h:56
ldns_rr_set_owner
void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner)
sets the owner in the rr structure.
Definition: rr.c:790
LDNS_ECDSAP384SHA384
@ LDNS_ECDSAP384SHA384
Definition: keys.h:57
ldns_struct_key::_pubkey_owner
ldns_rdf * _pubkey_owner
Owner name of the key.
Definition: keys.h:169
ldns_calc_keytag
uint16_t ldns_calc_keytag(const ldns_rr *key)
calculates a keytag of a key for use in DNSSEC.
Definition: dnssec.c:271
ldns_status
enum ldns_enum_status ldns_status
Definition: error.h:134
ATTR_UNUSED
#define ATTR_UNUSED(x)
Definition: common.h:69
ldns_key_new_frm_fp_hmac
unsigned char * ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
frm_fp helper function.
Definition: keys.c:1057
LDNS_RDF_TYPE_B64
@ LDNS_RDF_TYPE_B64
b64 string
Definition: rdata.h:68
LDNS_XMALLOC
#define LDNS_XMALLOC(type, count)
Definition: util.h:51
LDNS_SIGN_HMACSHA384
@ LDNS_SIGN_HMACSHA384
Definition: keys.h:111
ldns_key_assign_rsa_key
void ldns_key_assign_rsa_key(ldns_key *k, RSA *r)
Assign the key's rsa data The rsa data will be freed automatically when the key is freed.
Definition: keys.c:1429
ldns_struct_lookup_table
A general purpose lookup table.
Definition: util.h:156
LDNS_SIGN_DSA
@ LDNS_SIGN_DSA
Definition: keys.h:93
config.h
LDNS_PRIVATEOID
@ LDNS_PRIVATEOID
Definition: keys.h:70
ldns_key_new_frm_fp
ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
Creates a new priv key based on the contents of the file pointed by fp.
Definition: keys.c:97
ldns_key_list_set_key_count
void ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
Set the keylist's key count to count.
Definition: keys.c:1647
LDNS_ECC
@ LDNS_ECC
Definition: keys.h:49
ldns_struct_rdf
Resource record data field.
Definition: rdata.h:174
ldns_key_new_frm_algorithm
ldns_key * ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
Creates a new key based on the algorithm.
Definition: keys.c:1124
LDNS_DSA_NSEC3
@ LDNS_DSA_NSEC3
Definition: keys.h:51
ldns_key_set_hmac_size
void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
Set the key's hmac size.
Definition: keys.c:1457
LDNS_RDF_TYPE_INT8
@ LDNS_RDF_TYPE_INT8
8 bits
Definition: rdata.h:52
ldns_key_pubkey_owner
ldns_rdf * ldns_key_pubkey_owner(const ldns_key *k)
return the public key's owner
Definition: keys.c:1630
ldns_rdf_data
uint8_t * ldns_rdf_data(const ldns_rdf *rd)
returns the data of the rdf.
Definition: rdata.c:38
ldns_key_new
ldns_key * ldns_key_new(void)
Creates a new empty key structure.
Definition: keys.c:71
ldns_key_keytag
uint16_t ldns_key_keytag(const ldns_key *k)
return the keytag
Definition: keys.c:1624
LDNS_MAX_LINELEN
#define LDNS_MAX_LINELEN
Definition: parse.h:23
ldns_rr_new_frm_str
ldns_status ldns_rr_new_frm_str(ldns_rr **newrr, const char *str, uint32_t default_ttl, const ldns_rdf *origin, ldns_rdf **prev)
creates an rr from a string.
Definition: rr.c:659
ldns_key_set_hmac_key
void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
Set the key's hmac data.
Definition: keys.c:1451
ldns_key_set_algorithm
void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l)
Set the key's algorithm.
Definition: keys.c:1389
ldns_fget_keyword_data_l
ssize_t ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit, int *line_nr)
Definition: parse.c:188
ldns_algorithm
enum ldns_enum_algorithm ldns_algorithm
Definition: keys.h:72
ldns.h
ldns_rr_push_rdf
bool ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f)
sets rd_field member, it will be placed in the next available spot.
Definition: rr.c:843
ldns_key2str
char * ldns_key2str(const ldns_key *k)
Converts a private key to the test presentation fmt and returns that as a char *.
Definition: host2str.c:2354
ldns_key_set_origttl
void ldns_key_set_origttl(ldns_key *k, uint32_t t)
Set the key's original ttl.
Definition: keys.c:1469
ldns_key_new_frm_fp_dsa
DSA * ldns_key_new_frm_fp_dsa(FILE *f)
frm_fp helper function.
Definition: keys.c:946
ldns_key_list_key
ldns_key * ldns_key_list_key(const ldns_key_list *key, size_t nr)
returns a pointer to the key in the list at the given position
Definition: keys.c:1506
ldns_get_signing_algorithm_by_name
ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char *name)
Get signing algorithm by name.
Definition: keys.c:2181
ldns_get_errorstr_by_id
const char * ldns_get_errorstr_by_id(ldns_status err)
look up a descriptive text by each error.
Definition: error.c:164
LDNS_STATUS_SYNTAX_VERSION_ERR
@ LDNS_STATUS_SYNTAX_VERSION_ERR
Definition: error.h:85
LDNS_SIGN_DSA_NSEC3
@ LDNS_SIGN_DSA_NSEC3
Definition: keys.h:97
ldns_key_assign_dsa_key
void ldns_key_assign_dsa_key(ldns_key *k, DSA *d)
Assign the key's dsa data The dsa data will be freed automatically when the key is freed.
Definition: keys.c:1437
LDNS_STATUS_ENGINE_KEY_NOT_LOADED
@ LDNS_STATUS_ENGINE_KEY_NOT_LOADED
Definition: error.h:68
ldns_key_rsa_key
RSA * ldns_key_rsa_key(const ldns_key *k)
returns the (openssl) RSA struct contained in the key
Definition: keys.c:1547
LDNS_STATUS_MEM_ERR
@ LDNS_STATUS_MEM_ERR
Definition: error.h:34
ldns_struct_key::key
EVP_PKEY * key
Definition: keys.h:137
LDNS_RR_TYPE_DNSKEY
@ LDNS_RR_TYPE_DNSKEY
Definition: rr.h:175
ldns_key_new_frm_fp_l
ldns_status ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
Creates a new private key based on the contents of the file pointed by fp.
Definition: keys.c:454
LDNS_DH
@ LDNS_DH
Definition: keys.h:47
ldns_key_new_frm_fp_dsa_l
DSA * ldns_key_new_frm_fp_dsa_l(FILE *f, int *line_nr __attribute__((unused)))
Definition: keys.c:952
LDNS_SIGN_RSASHA256
@ LDNS_SIGN_RSASHA256
Definition: keys.h:95
LDNS_DNSSEC_KEYPROTO
#define LDNS_DNSSEC_KEYPROTO
Definition: dnssec.h:42
LDNS_SIGN_RSAMD5
@ LDNS_SIGN_RSAMD5
Definition: keys.h:91
ldns_key_set_flags
void ldns_key_set_flags(ldns_key *k, uint16_t f)
Set the key's flags.
Definition: keys.c:1395
ldns_buffer_printf
int ldns_buffer_printf(ldns_buffer *buffer, const char *format,...)
prints to the buffer, increasing the capacity if required using buffer_reserve().
Definition: buffer.c:99
ldns_signing_algorithm
enum ldns_enum_signing_algorithm ldns_signing_algorithm
Definition: keys.h:114
ldns_key_free
void ldns_key_free(ldns_key *key)
frees a key structure, but not its internal data structures
Definition: keys.c:2065
ldns_key_set_rsa_key
void ldns_key_set_rsa_key(ldns_key *k, RSA *r)
Set the key's rsa data.
Definition: keys.c:1409
ldns_struct_key_list::_key_count
size_t _key_count
Definition: keys.h:178
LDNS_RR_TYPE_KEY
@ LDNS_RR_TYPE_KEY
2535typecode
Definition: rr.h:131
LDNS_PRIVATEDNS
@ LDNS_PRIVATEDNS
Definition: keys.h:69
LDNS_SIGN_RSASHA1_NSEC3
@ LDNS_SIGN_RSASHA1_NSEC3
Definition: keys.h:94
ldns_rr_set_type
void ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type)
sets the type in the rr.
Definition: rr.c:814
ldns_key_inception
uint32_t ldns_key_inception(const ldns_key *k)
return the key's inception date
Definition: keys.c:1612
LDNS_DSA
@ LDNS_DSA
Definition: keys.h:48
ldns_struct_key::_key
struct ldns_struct_key::@0 _key
Storage pointers for the types of keys supported.
ldns_key_dsa_key
DSA * ldns_key_dsa_key(const ldns_key *k)
returns the (openssl) DSA struct contained in the key
Definition: keys.c:1557
ldns_key_list_free
void ldns_key_list_free(ldns_key_list *key_list)
Frees a key list structure.
Definition: keys.c:2090
ldns_key_algorithm
ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k)
return the signing alg of the key
Definition: keys.c:1516
ldns_key_new_frm_engine
ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
Read the key with the given id from the given engine and store it in the given ldns_key structure.
Definition: keys.c:104
LDNS_SIGN_ECDSAP384SHA384
@ LDNS_SIGN_ECDSAP384SHA384
Definition: keys.h:100
ldns_key_get_file_base_name
char * ldns_key_get_file_base_name(const ldns_key *key)
Returns the 'default base name' for key files; IE.
Definition: keys.c:2153
LDNS_RDF_TYPE_ALG
@ LDNS_RDF_TYPE_ALG
a key algorithm
Definition: rdata.h:80
ldns_rr_get_type
ldns_rr_type ldns_rr_get_type(const ldns_rr *rr)
returns the type of the rr.
Definition: rr.c:929
ldns_fget_token_l
ssize_t ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr)
returns a token/char from the stream F.
Definition: parse.c:31
ldns_struct_key::hmac
struct ldns_struct_key::@0::@2 hmac
The key can be an HMAC key.
Generated on Mon Apr 13 2020 01:12:45 for ldns by   doxygen 1.8.17