}
}
}
- DNSSECPrivateKey dspk;
shared_ptr<DNSCryptoKeyEngine> dpk(DNSCryptoKeyEngine::make(algorithm));
try{
dpk->create(bits);
} catch (const std::runtime_error& error){
throw runtime_error("The algorithm does not support the given bit size.");
}
- dspk.d_algorithm = algorithm;
- dspk.d_flags = setSEPBit ? 257 : 256;
- dspk.setKey(dpk);
+ DNSSECPrivateKey dspk;
+ dspk.setKey(dpk, setSEPBit ? 257 : 256);
+ dspk.setAlgorithm(algorithm);
return addKey(name, dspk, id, active, published) && clearKeyCache(name);
}
bool DNSSECKeeper::addKey(const DNSName& name, const DNSSECPrivateKey& dpk, int64_t& id, bool active, bool published)
{
DNSBackend::KeyData kd;
- kd.flags = dpk.d_flags; // the dpk doesn't get stored, only they key part
+ kd.flags = dpk.getFlags(); // the dpk doesn't get stored, only they key part
kd.active = active;
kd.published = published;
kd.content = dpk.getKey()->convertToISC();
if(kd.id != id)
continue;
- DNSSECPrivateKey dpk;
DNSKEYRecordContent dkrc;
auto key = shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content));
- dpk.d_flags = kd.flags;
- dpk.d_algorithm = dkrc.d_algorithm;
- dpk.setKey(key);
+ DNSSECPrivateKey dpk;
+ dpk.setKey(key, kd.flags);
+ dpk.setAlgorithm(dkrc.d_algorithm);
return dpk;
}
set<uint8_t> algoSEP, algoNoSEP;
vector<uint8_t> algoHasSeparateKSK;
for(const DNSBackend::KeyData &keydata : dbkeyset) {
- DNSSECPrivateKey dpk;
DNSKEYRecordContent dkrc;
auto key = shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(dkrc, keydata.content));
- dpk.setKey(key);
+ DNSSECPrivateKey dpk;
+ dpk.setKey(key, dkrc.d_algorithm);
if(keydata.active) {
if(keydata.flags == 257)
for(DNSBackend::KeyData& kd : dbkeyset)
{
- DNSSECPrivateKey dpk;
DNSKEYRecordContent dkrc;
auto key = shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(dkrc, kd.content));
- dpk.d_flags = kd.flags;
- dpk.d_algorithm = dkrc.d_algorithm;
- dpk.setKey(key);
+ DNSSECPrivateKey dpk;
+ dpk.setKey(key, kd.flags);
+ dpk.setAlgorithm(dkrc.d_algorithm);
KeyMetaData kmd;
kmd.hasSEPBit = (kd.flags == 257);
kmd.id = kd.id;
- if (find(algoHasSeparateKSK.begin(), algoHasSeparateKSK.end(), dpk.d_algorithm) == algoHasSeparateKSK.end())
+ if (find(algoHasSeparateKSK.begin(), algoHasSeparateKSK.end(), dpk.getAlgorithm()) == algoHasSeparateKSK.end())
kmd.keyType = CSK;
else if(kmd.hasSEPBit)
kmd.keyType = KSK;
return d_key;
}
- void setKey(std::shared_ptr<DNSCryptoKeyEngine>& key)
+ // be aware that calling setKey() will also set the algorithm
+ void setKey(std::shared_ptr<DNSCryptoKeyEngine>& key, uint16_t flags)
{
d_key = key;
+ d_flags = flags;
d_algorithm = d_key->getAlgorithm();
computeDNSKEY();
}
- void setKey(std::unique_ptr<DNSCryptoKeyEngine>&& key)
+ // be aware that calling setKey() will also set the algorithm
+ void setKey(std::unique_ptr<DNSCryptoKeyEngine>&& key, uint16_t flags)
{
d_key = std::move(key);
+ d_flags = flags;
d_algorithm = d_key->getAlgorithm();
computeDNSKEY();
}
const DNSKEYRecordContent& getDNSKEY() const;
- uint16_t d_flags;
- uint8_t d_algorithm;
+ uint16_t getFlags() const
+ {
+ return d_flags;
+ }
+
+ uint8_t getAlgorithm() const
+ {
+ return d_algorithm;
+ }
+
+ void setAlgorithm(uint8_t algo)
+ {
+ d_algorithm = algo;
+ }
private:
void computeDNSKEY();
DNSKEYRecordContent d_dnskey;
std::shared_ptr<DNSCryptoKeyEngine> d_key;
+ uint16_t d_flags;
+ uint8_t d_algorithm;
};
cout<<key.first.getKey()->getBits()<<string(spacelen, ' ');
}
- string algname = DNSSECKeeper::algorithm2name(key.first.d_algorithm);
+ string algname = DNSSECKeeper::algorithm2name(key.first.getAlgorithm());
spacelen = (algname.length() >= 16) ? 1 : 16 - algname.length();
cout<<algname<<string(spacelen, ' ');
}
for(const DNSSECKeeper::keyset_t::value_type& value : keyset) {
- string algname = DNSSECKeeper::algorithm2name(value.first.d_algorithm);
+ string algname = DNSSECKeeper::algorithm2name(value.first.getAlgorithm());
if (!exportDS) {
cout<<"ID = "<<value.second.id<<" ("<<DNSSECKeeper::keyTypeToString(value.second.keyType)<<")";
}
continue;
}
if (!exportDS) {
- cout<<", flags = "<<std::to_string(value.first.d_flags);
+ cout<<", flags = "<<std::to_string(value.first.getFlags());
cout<<", tag = "<<value.first.getDNSKEY().getTag();
- cout<<", algo = "<<(int)value.first.d_algorithm<<", bits = "<<value.first.getKey()->getBits()<<"\t"<<((int)value.second.active == 1 ? " A" : "Ina")<<"ctive\t"<<(value.second.published ? " Published" : " Unpublished")<<" ( " + algname + " ) "<<endl;
+ cout<<", algo = "<<(int)value.first.getAlgorithm()<<", bits = "<<value.first.getKey()->getBits()<<"\t"<<((int)value.second.active == 1 ? " A" : "Ina")<<"ctive\t"<<(value.second.published ? " Published" : " Unpublished")<<" ( " + algname + " ) "<<endl;
}
if (!exportDS) {
DNSSECPrivateKey dpk;
- pdns::checked_stoi_into(dpk.d_algorithm, cmds.at(3));
- if (dpk.d_algorithm == DNSSECKeeper::RSASHA1NSEC3SHA1) {
- dpk.d_algorithm = DNSSECKeeper::RSASHA1;
+ uint8_t algo = 0;
+ pdns::checked_stoi_into(algo, cmds.at(3));
+ if (algo == DNSSECKeeper::RSASHA1NSEC3SHA1) {
+ algo = DNSSECKeeper::RSASHA1;
}
- cerr << (int)dpk.d_algorithm << endl;
+ cerr << std::to_string(algo) << endl;
+ uint16_t flags = 0;
if (cmds.size() > 4) {
if (pdns_iequals(cmds.at(4), "ZSK")) {
- dpk.d_flags = 256;
+ flags = 256;
}
else if (pdns_iequals(cmds.at(4), "KSK")) {
- dpk.d_flags = 257;
+ flags = 257;
}
else {
cerr << "Unknown key flag '" << cmds.at(4) << "'" << endl;
}
}
else {
- dpk.d_flags = 257; // ksk
+ flags = 257; // ksk
}
- dpk.setKey(key);
+ dpk.setKey(key, flags);
+ dpk.setAlgorithm(algo);
int64_t id;
if (!dk.addKey(DNSName(zone), dpk, id)) {
}
string zone = cmds.at(1);
string fname = cmds.at(2);
- DNSSECPrivateKey dpk;
DNSKEYRecordContent drc;
shared_ptr<DNSCryptoKeyEngine> key(DNSCryptoKeyEngine::makeFromISCFile(drc, fname.c_str()));
- dpk.d_algorithm = drc.d_algorithm;
-
- if(dpk.d_algorithm == DNSSECKeeper::RSASHA1NSEC3SHA1)
- dpk.d_algorithm = DNSSECKeeper::RSASHA1;
- dpk.d_flags = 257;
+ uint16_t flags = 257;
bool active=true;
bool published=true;
for(unsigned int n = 3; n < cmds.size(); ++n) {
if (pdns_iequals(cmds.at(n), "ZSK"))
- dpk.d_flags = 256;
+ flags = 256;
else if (pdns_iequals(cmds.at(n), "KSK"))
- dpk.d_flags = 257;
+ flags = 257;
else if (pdns_iequals(cmds.at(n), "active"))
active = true;
else if (pdns_iequals(cmds.at(n), "passive") || pdns_iequals(cmds.at(n), "inactive")) // passive eventually needs to be removed
return 1;
}
}
- dpk.setKey(key);
+
+ DNSSECPrivateKey dpk;
+ dpk.setKey(key, flags);
+
+ if (dpk.getAlgorithm() == DNSSECKeeper::RSASHA1NSEC3SHA1) {
+ dpk.setAlgorithm(DNSSECKeeper::RSASHA1);
+ }
+
int64_t id;
if (!dk.addKey(DNSName(zone), dpk, id, active, published)) {
cerr<<"Adding key failed, perhaps DNSSEC not enabled in configuration?"<<endl;
if(bits)
cerr<<"Requesting specific key size of "<<bits<<" bits"<<endl;
- DNSSECPrivateKey dspk;
shared_ptr<DNSCryptoKeyEngine> dpk(DNSCryptoKeyEngine::make(algorithm));
if(!bits) {
if(algorithm <= 10)
}
}
dpk->create(bits);
- dspk.d_algorithm = algorithm;
- dspk.d_flags = keyOrZone ? 257 : 256;
- dspk.setKey(dpk);
+ DNSSECPrivateKey dspk;
+ dspk.setKey(dpk, keyOrZone ? 257 : 256);
+ dspk.setAlgorithm(algorithm);
// print key to stdout
- cout << "Flags: " << dspk.d_flags << endl <<
+ cout << "Flags: " << dspk.getFlags() << endl <<
dspk.getKey()->convertToISC() << endl;
}
else if (cmds.at(0) == "generate-tsig-key") {
"PubLabel: " << pub_label << std::endl;
DNSKEYRecordContent drc;
- DNSSECPrivateKey dpk;
- dpk.d_flags = (keyOrZone ? 257 : 256);
shared_ptr<DNSCryptoKeyEngine> dke(DNSCryptoKeyEngine::makeFromISCString(drc, iscString.str()));
if(!dke->checkKey()) {
cerr << "Invalid DNS Private Key in engine " << module << " slot " << slot << std::endl;
return 1;
}
- dpk.setKey(dke);
+ DNSSECPrivateKey dpk;
+ dpk.setKey(dke, keyOrZone ? 257 : 256);
// make sure this key isn't being reused.
B.getDomainKeys(zone, keys);
auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::make(algo));
dcke->create((algo <= 10) ? 2048 : dcke->getBits());
DNSSECPrivateKey dpk;
- dpk.d_flags = 256;
- dpk.setKey(dcke);
+ dpk.setKey(dcke, 256);
DSRecordContent ds = makeDSFromDNSKey(name, dpk.getDNSKEY(), digest);
keys[name] = std::pair<DNSSECPrivateKey, DSRecordContent>(dpk, ds);
}
auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dcke->create(dcke->getBits());
DNSSECPrivateKey key;
- key.d_flags = 257;
- key.setKey(std::move(dcke));
+ key.setKey(std::move(dcke), 257);
DSRecordContent drc = makeDSFromDNSKey(DNSName("powerdns.com."), key.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
testkeysset_t wrongKeys;
auto wrongDcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
wrongDcke->create(wrongDcke->getBits());
DNSSECPrivateKey wrongKey;
- wrongKey.d_flags = 256;
- wrongKey.setKey(std::move(wrongDcke));
+ wrongKey.setKey(std::move(wrongDcke), 256);
DSRecordContent uselessdrc = makeDSFromDNSKey(DNSName("powerdns.com."), wrongKey.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
wrongKeys[DNSName("powerdns.com.")] = std::pair<DNSSECPrivateKey, DSRecordContent>(wrongKey, uselessdrc);
dcke->create(dcke->getBits());
// cerr<<dcke->convertToISC()<<endl;
DNSSECPrivateKey dpk;
- dpk.d_flags = 256;
- dpk.setKey(std::move(dcke));
+ dpk.setKey(std::move(dcke), 256);
sortedRecords_t recordcontents;
recordcontents.insert(getRecordContent(QType::A, "192.0.2.1"));
auto dckeZ = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dckeZ->create(dckeZ->getBits());
DNSSECPrivateKey ksk;
- ksk.d_flags = 257;
- ksk.setKey(std::move(dckeZ));
+ ksk.setKey(std::move(dckeZ), 257);
DSRecordContent kskds = makeDSFromDNSKey(target, ksk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
auto dckeK = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dckeK->create(dckeK->getBits());
DNSSECPrivateKey zsk;
- zsk.d_flags = 256;
- zsk.setKey(std::move(dckeK));
+ zsk.setKey(std::move(dckeK), 256);
DSRecordContent zskds = makeDSFromDNSKey(target, zsk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
kskeys[target] = std::pair<DNSSECPrivateKey, DSRecordContent>(ksk, kskds);
auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dcke->create(dcke->getBits());
DNSSECPrivateKey csk;
- csk.d_flags = 0;
- csk.setKey(std::move(dcke));
+ csk.setKey(std::move(dcke), 0);
DSRecordContent ds = makeDSFromDNSKey(target, csk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
keys[target] = std::pair<DNSSECPrivateKey, DSRecordContent>(csk, ds);
auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dcke->create(dcke->getBits());
DNSSECPrivateKey csk;
- csk.d_flags = 257 | 128;
- csk.setKey(std::move(dcke));
+ csk.setKey(std::move(dcke), 257 | 128);
DSRecordContent ds = makeDSFromDNSKey(target, csk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
keys[target] = std::pair<DNSSECPrivateKey, DSRecordContent>(csk, ds);
auto dckeDS = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dckeDS->create(dckeDS->getBits());
DNSSECPrivateKey dskey;
- dskey.d_flags = 257;
- dskey.setKey(std::move(dckeDS));
+ dskey.setKey(std::move(dckeDS), 257);
DSRecordContent drc = makeDSFromDNSKey(target, dskey.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dcke->create(dcke->getBits());
DNSSECPrivateKey dpk;
- dpk.d_flags = 256;
- dpk.setKey(std::move(dcke));
+ dpk.setKey(std::move(dcke), 256);
DSRecordContent uselessdrc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
dskeys[target] = std::pair<DNSSECPrivateKey, DSRecordContent>(dskey, drc);
auto dckeRRSIG = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dckeRRSIG->create(dckeRRSIG->getBits());
DNSSECPrivateKey rrsigkey;
- rrsigkey.d_flags = 257;
- rrsigkey.setKey(std::move(dckeRRSIG));
+ rrsigkey.setKey(std::move(dckeRRSIG), 257);
DSRecordContent rrsigds = makeDSFromDNSKey(target, rrsigkey.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
rrsigkeys[target] = std::pair<DNSSECPrivateKey, DSRecordContent>(rrsigkey, rrsigds);
auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dcke->create(dcke->getBits());
DNSSECPrivateKey dpk;
- dpk.d_flags = 256;
+ dpk.setKey(std::move(dcke), 256);
/* Fake algorithm number (private) */
- dpk.d_algorithm = 253;
- dpk.setKey(std::move(dcke));
+ dpk.setAlgorithm(253);
DSRecordContent drc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
keys[target] = std::pair<DNSSECPrivateKey, DSRecordContent>(dpk, drc);
auto dcke = DNSCryptoKeyEngine::make(DNSSECKeeper::ECDSA256);
dcke->create(dcke->getBits());
DNSSECPrivateKey dpk;
- dpk.d_flags = 256;
- dpk.setKey(std::move(dcke));
+ dpk.setKey(std::move(dcke), 256);
DSRecordContent drc = makeDSFromDNSKey(target, dpk.getDNSKEY(), DNSSECKeeper::DIGEST_SHA256);
/* Fake digest number (reserved) */
drc.d_digesttype = 0;
DNSKEYRecordContent drc;
auto dcke = std::shared_ptr<DNSCryptoKeyEngine>(DNSCryptoKeyEngine::makeFromISCString(drc, signer.iscMap));
DNSSECPrivateKey dpk;
- dpk.d_flags = signer.rfcFlags;
- dpk.setKey(dcke);
+ dpk.setKey(dcke, signer.rfcFlags);
sortedRecords_t rrs;
/* values taken from rfc8080 for ed25519 and ed448, rfc5933 for gost */
- DNSName qname(dpk.d_algorithm == DNSSECKeeper::ECCGOST ? "www.example.net." : "example.com.");
+ DNSName qname(dpk.getAlgorithm() == DNSSECKeeper::ECCGOST ? "www.example.net." : "example.com.");
reportBasicTypes();
uint32_t expire = 1440021600;
uint32_t inception = 1438207200;
- if (dpk.d_algorithm == DNSSECKeeper::ECCGOST) {
+ if (dpk.getAlgorithm() == DNSSECKeeper::ECCGOST) {
rrc.d_signer = DNSName("example.net.");
inception = 946684800;
expire = 1893456000;
rrc.d_type = (*rrs.cbegin())->getType();
rrc.d_labels = qname.countLabels();
rrc.d_tag = dpk.getTag();
- rrc.d_algorithm = dpk.d_algorithm;
+ rrc.d_algorithm = dpk.getAlgorithm();
string msg = getMessageForRRSET(qname, rrc, rrs, false);
BOOST_CHECK_EQUAL(drc.d_algorithm, signer.algorithm);
DNSSECPrivateKey dpk;
- dpk.d_flags = signer.flags;
- dpk.setKey(dcke);
+ dpk.setKey(dcke, signer.flags);
drc = dpk.getDNSKEY();
BOOST_CHECK_EQUAL(drc.d_algorithm, signer.algorithm);
{ "active", value.second.active },
{ "published", value.second.published },
{ "keytype", keyType },
- { "flags", (uint16_t)value.first.d_flags },
+ { "flags", (uint16_t)value.first.getFlags() },
{ "dnskey", value.first.getDNSKEY().getZoneRepresentation() },
- { "algorithm", DNSSECKeeper::algorithm2name(value.first.d_algorithm) },
+ { "algorithm", DNSSECKeeper::algorithm2name(value.first.getAlgorithm()) },
{ "bits", value.first.getKey()->getBits() }
};
DNSSECPrivateKey dpk;
try {
shared_ptr<DNSCryptoKeyEngine> dke(DNSCryptoKeyEngine::makeFromISCString(dkrc, keyData));
- dpk.d_algorithm = dkrc.d_algorithm;
- // TODO remove in 4.2.0
- if(dpk.d_algorithm == DNSSECKeeper::RSASHA1NSEC3SHA1)
- dpk.d_algorithm = DNSSECKeeper::RSASHA1;
-
- if (keyOrZone)
- dpk.d_flags = 257;
- else
- dpk.d_flags = 256;
+ uint16_t flags = 0;
+ if (keyOrZone) {
+ flags = 257;
+ }
+ else {
+ flags = 256;
+ }
- dpk.setKey(dke);
+ uint8_t algorithm = dkrc.d_algorithm;
+ dpk.setKey(dke, flags);
+ // TODO remove in 4.2.0
+ if (algorithm == DNSSECKeeper::RSASHA1NSEC3SHA1) {
+ dpk.setAlgorithm(DNSSECKeeper::RSASHA1);
+ }
}
catch (std::runtime_error& error) {
throw ApiException("Key could not be parsed. Make sure your key format is correct.");
projects / thirdparty / pdns.git / commitdiff
