TEST_SOURCES = run-test0.c run-test1.c run-test2.c run-test3.c \
run-test4.c run-test5.c run-test6.c run-test7.c \
run-test8.c run-test9.c run-test10.c run-test11.c \
- run-test13.c run-test14.c run-test15.c run-test16.c
+ run-test13.c run-test14.c run-test15.c run-test16.c \
+ run-test17.c
ALL_SOURCES = $(TEST_SOURCES) $(LIBDNS_SOURCES) $(PROG_SOURCES)
$(LINK) ${LIBS} -o $@ $+
run-test16: run-test16.o $(LIBDNS_OBJECTS) $(LIBOBJS)
$(LINK) ${LIBS} -o $@ $+
+run-test17: run-test17.o $(LIBDNS_OBJECTS) $(LIBOBJS)
+ $(LINK) ${LIBS} -o $@ $+
run-test-trace: run-test-trace.o $(LIBDNS_OBJECTS) $(LIBOBJS)
$(LINK) ${LIBS} -o $@ $+
return LDNS_STATUS_OK;
}
+
+
+ldns_rr *
+ldns_key_rr2ds(ldns_rr *key)
+{
+ ldns_rdf *tmp;
+ ldns_rr *ds;
+ uint16_t keytag;
+ uint8_t sha1hash;
+ uint8_t *digest;
+ ldns_buffer *data_buf;
+
+ if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY) {
+ return NULL;
+ }
+
+ ds = ldns_rr_new();
+ if (!ds) {
+ return NULL;
+ }
+ ldns_rr_set_type(ds, LDNS_RR_TYPE_DS);
+ ldns_rr_set_owner(ds, ldns_rdf_deep_clone(
+ ldns_rr_owner(key)));
+ ldns_rr_set_ttl(ds, ldns_rr_ttl(key));
+ ldns_rr_set_class(ds, ldns_rr_get_class(key));
+
+ digest = XMALLOC(uint8_t, SHA_DIGEST_LENGTH);
+ if (!digest) {
+ return NULL;
+ }
+
+ data_buf = ldns_buffer_new(MAX_PACKETLEN);
+ if (!data_buf) {
+ return NULL;
+ }
+
+ /* keytag */
+ keytag = htons(ldns_keytag(key));
+ tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16, sizeof(uint16_t), &keytag);
+ ldns_rr_push_rdf(ds, tmp);
+
+ /* copy the algorithm field */
+ ldns_rr_push_rdf(ds, ldns_rdf_deep_clone(
+ ldns_rr_rdf(key, 2)));
+
+ /* digest type, only SHA1 is supported */
+ sha1hash = 1;
+ tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, sizeof(uint8_t), &sha1hash);
+ ldns_rr_push_rdf(ds, tmp);
+
+ /* digest */
+ /* owner name */
+ if (ldns_rdf2buffer_wire(data_buf, ldns_rr_owner(key)) !=
+ LDNS_STATUS_OK) {
+ return NULL;
+ }
+
+ /* all the rdata's */
+ if (ldns_rr_rdata2buffer_wire(data_buf, key) !=
+ LDNS_STATUS_OK) {
+ return NULL;
+ }
+
+ /* sha1 it */
+ (void) SHA1((unsigned char *) ldns_buffer_begin(data_buf),
+ ldns_buffer_position(data_buf),
+ (unsigned char*) digest);
+
+ tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, SHA_DIGEST_LENGTH,
+ digest);
+ ldns_rr_push_rdf(ds, tmp);
+
+ FREE(digest);
+ return ds;
+}
*/
#include <config.h>
+#include <openssl/ssl.h>
+#include <openssl/sha.h>
#include <ldns/higher.h>
#include "util.h"
/**
* convert a rr's rdata to wireformat, while excluding
* the ownername and all the crap before the rdata.
- * This is needed in DNSSEC keytag calculation and maybe
- * elsewhere.
+ * This is needed in DNSSEC keytag calculation, the ds
+ * calcalution from the key and maybe elsewhere.
+ *
* \param[out] *buffer buffer where to put the result
* \param[in] *rr rr to operate on
*/
bool ldns_pkt_tsig_verify(ldns_pkt *pkt, const char *key_name, const char *key_data, ldns_rdf *mac);
ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac);
+ldns_rr *ldns_key_rr2ds(ldns_rr *key);
#endif /* _DNSSEC_H_ */
}
}
+ /* wait retrans seconds... */
}
ldns_buffer_free(qb);
return reply;
ldns_rr_set_rd_count(rr, 0);
rr->_rdata_fields = NULL;
ldns_rr_set_ttl(rr, 0);
+ ldns_rr_set_class(rr, LDNS_RR_CLASS_IN);
+ ldns_rr_set_ttl(rr, LDNS_DEFTTL);
return rr;
}
--- /dev/null
+/**
+ * An example ldns program
+ *
+ * transform a key into a ds
+ */
+
+#include <config.h>
+#include <ldns/dns.h>
+
+int
+main(void)
+{
+ ldns_rr *key;
+ ldns_rr *ds;
+
+ key = ldns_rr_new_frm_str("nlnetlabs.nl. 86400 IN DNSKEY 257 3 RSASHA1 AQPzzTWMz8qSWIQlfRnPckx2BiVmkVN6LPupO3mbz7FhLSnm26n6iG9NLby97Ji453aWZY3M5/xJBSOS2vWtco2t8C0+xeO1bc/d6ZTy32DHchpW6rDH1vp86Ll+ha0tmwyy9QP7y2bVw5zSbFCrefk8qCUBgfHm9bHzMG1UBYtEIQ==");
+
+ ldns_rr_print(stdout, key);
+ printf("keytag %d\n", ldns_keytag(key));
+
+ printf("\n");
+
+ ds = ldns_key_rr2ds(key);
+
+ printf("\nand now the DS\n");
+ printf("rdata count %d\n", ldns_rr_rd_count(ds));
+ ldns_rr_print(stdout, ds);
+ printf("\n");
+
+ return 0;
+}
projects / thirdparty / ldns.git / commitdiff
