break;
#ifdef USE_SHA2
case LDNS_SIGN_RSASHA256:
+ case LDNS_SIGN_RSASHA256_NSEC3:
b64rdf = ldns_sign_public_evp(
sign_buf,
ldns_key_evp_key(current_key),
EVP_sha256());
break;
case LDNS_SIGN_RSASHA512:
+ case LDNS_SIGN_RSASHA512_NSEC3:
b64rdf = ldns_sign_public_evp(
sign_buf,
ldns_key_evp_key(current_key),
case LDNS_SIGN_RSASHA1:
case LDNS_SIGN_RSASHA1_NSEC3:
case LDNS_SIGN_RSASHA256:
+ case LDNS_SIGN_RSASHA256_NSEC3:
case LDNS_SIGN_RSASHA512:
+ case LDNS_SIGN_RSASHA512_NSEC3:
case LDNS_SIGN_DSA:
case LDNS_SIGN_DSA_NSEC3:
ldns_key_list_push_key(keys, key);
case LDNS_SIGN_RSASHA1:
case LDNS_SIGN_RSASHA1_NSEC3:
case LDNS_SIGN_RSASHA256:
+ case LDNS_SIGN_RSASHA256_NSEC3:
case LDNS_SIGN_RSASHA512:
+ case LDNS_SIGN_RSASHA512_NSEC3:
case LDNS_SIGN_DSA:
case LDNS_SIGN_DSA_NSEC3:
ldns_key_list_push_key(keys, key);
case LDNS_SIGN_RSASHA1:
case LDNS_SIGN_RSASHA1_NSEC3:
case LDNS_SIGN_RSASHA256:
+ case LDNS_SIGN_RSASHA256_NSEC3:
case LDNS_SIGN_RSASHA512:
+ case LDNS_SIGN_RSASHA512_NSEC3:
case LDNS_SIGN_RSAMD5:
/* copied by looking at dnssec-keygen output */
/* header */
LDNS_RSAMD5);
break;
case LDNS_SIGN_RSASHA1:
- case LDNS_SIGN_RSASHA1_NSEC3:
ldns_buffer_printf(output,
"Algorithm: %u (RSASHA1)\n",
LDNS_RSASHA1);
break;
+ case LDNS_SIGN_RSASHA1_NSEC3:
+ ldns_buffer_printf(output,
+ "Algorithm: %u (RSASHA1_NSEC3)\n",
+ LDNS_RSASHA1_NSEC3);
+ break;
#ifdef USE_SHA2
case LDNS_SIGN_RSASHA256:
ldns_buffer_printf(output,
"Algorithm: %u (RSASHA256)\n",
LDNS_RSASHA256);
break;
+ case LDNS_SIGN_RSASHA256_NSEC3:
+ ldns_buffer_printf(output,
+ "Algorithm: %u (RSASHA256_NSEC3)\n",
+ LDNS_RSASHA256_NSEC3);
+ break;
case LDNS_SIGN_RSASHA512:
ldns_buffer_printf(output,
"Algorithm: %u (RSASHA512)\n",
LDNS_RSASHA512);
break;
+ case LDNS_SIGN_RSASHA512_NSEC3:
+ ldns_buffer_printf(output,
+ "Algorithm: %u (RSASHA512_NSEC3)\n",
+ LDNS_RSASHA512_NSEC3);
+ break;
#endif
default:
fprintf(stderr, "Warning: unknown signature ");
dsa = ldns_key_dsa_key(k);
ldns_buffer_printf(output,"Private-key-format: v1.2\n");
- ldns_buffer_printf(output,"Algorithm: 3 (DSA)\n");
+ if (ldns_key_algorithm(k) == LDNS_SIGN_DSA) {
+ ldns_buffer_printf(output,"Algorithm: 3 (DSA)\n");
+ } else if (ldns_key_algorithm(k) == LDNS_SIGN_DSA_NSEC3) {
+ ldns_buffer_printf(output,"Algorithm: 6 (DSA_NSEC3)\n");
+ }
/* print to buf, convert to bin, convert to b64,
* print to buf */
ldns_lookup_table ldns_signing_algorithms[] = {
{ LDNS_SIGN_RSAMD5, "RSAMD5" },
{ LDNS_SIGN_RSASHA1, "RSASHA1" },
+ { LDNS_SIGN_RSASHA1_NSEC3, "RSASHA1_NSEC3" },
#ifdef USE_SHA2
{ LDNS_SIGN_RSASHA256, "RSASHA256" },
+ { LDNS_SIGN_RSASHA256_NSEC3, "RSASHA256_NSEC3" },
{ LDNS_SIGN_RSASHA512, "RSASHA512" },
+ { LDNS_SIGN_RSASHA512_NSEC3, "RSASHA512_NSEC3" },
#endif
{ LDNS_SIGN_DSA, "DSA" },
+ { LDNS_SIGN_DSA_NSEC3, "DSA_NSEC3" },
{ LDNS_SIGN_HMACMD5, "hmac-md5.sig-alg.reg.int" },
{ LDNS_SIGN_HMACSHA1, "hmac-sha1" },
{ LDNS_SIGN_HMACSHA256, "hmac-sha256" },
fprintf(stderr, "version of ldns\n");
#endif
}
- if (strncmp(d, "9 RSASHA512", 2) == 0) {
+ if (strncmp(d, "9 RSASHA256", 2) == 0) {
+#ifdef USE_SHA2
+ alg = LDNS_SIGN_RSASHA256_NSEC3;
+#else
+ fprintf(stderr, "Warning: SHA256 not compiled into this ");
+ fprintf(stderr, "version of ldns\n");
+#endif
+ }
+ if (strncmp(d, "10 RSASHA512", 3) == 0) {
#ifdef USE_SHA2
alg = LDNS_SIGN_RSASHA512;
#else
fprintf(stderr, "Warning: SHA256 not compiled into this ");
fprintf(stderr, "version of ldns\n");
+#endif
+ }
+ if (strncmp(d, "11 RSASHA512", 3) == 0) {
+#ifdef USE_SHA2
+ alg = LDNS_SIGN_RSASHA512_NSEC3;
+#else
+ fprintf(stderr, "Warning: SHA256 not compiled into this ");
+ fprintf(stderr, "version of ldns\n");
#endif
}
if (strncmp(d, "157 HMAC-MD5", 4) == 0) {
case LDNS_RSASHA1_NSEC3:
#ifdef USE_SHA2
case LDNS_SIGN_RSASHA256:
+ case LDNS_SIGN_RSASHA256_NSEC3:
case LDNS_SIGN_RSASHA512:
+ case LDNS_SIGN_RSASHA512_NSEC3:
#endif
ldns_key_set_algorithm(k, alg);
rsa = ldns_key_new_frm_fp_rsa_l(fp, line_nr);
case LDNS_SIGN_RSASHA1:
case LDNS_SIGN_RSASHA1_NSEC3:
case LDNS_SIGN_RSASHA256:
+ case LDNS_SIGN_RSASHA256_NSEC3:
case LDNS_SIGN_RSASHA512:
+ case LDNS_SIGN_RSASHA512_NSEC3:
r = RSA_generate_key((int)size, RSA_F4, NULL, NULL);
if (RSA_check_key(r) != 1) {
return NULL;
case LDNS_RSASHA1:
case LDNS_RSASHA1_NSEC3:
case LDNS_RSASHA256:
+ case LDNS_RSASHA256_NSEC3:
case LDNS_RSASHA512:
+ case LDNS_RSASHA512_NSEC3:
ldns_rr_push_rdf(pubkey,
ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
rsa = ldns_key_rsa_key(k);
LDNS_DSA_NSEC3 = 6,
LDNS_RSASHA1_NSEC3 = 7,
LDNS_RSASHA256 = 8, /* not official */
- LDNS_RSASHA512 = 9, /* not official */
+ LDNS_RSASHA256_NSEC3 = 9, /* not official */
+ LDNS_RSASHA512 = 10, /* not official */
+ LDNS_RSASHA512_NSEC3 = 11, /* not official */
LDNS_INDIRECT = 252,
LDNS_PRIVATEDNS = 253,
LDNS_PRIVATEOID = 254
{
LDNS_SIGN_RSAMD5 = LDNS_RSAMD5,
LDNS_SIGN_RSASHA1 = LDNS_RSASHA1,
- LDNS_SIGN_RSASHA256 = LDNS_RSASHA256,
- LDNS_SIGN_RSASHA512 = LDNS_RSASHA512,
LDNS_SIGN_DSA = LDNS_DSA,
LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3,
+ LDNS_SIGN_RSASHA256 = LDNS_RSASHA256,
+ LDNS_SIGN_RSASHA256_NSEC3= LDNS_RSASHA256_NSEC3,
+ LDNS_SIGN_RSASHA512 = LDNS_RSASHA512,
+ LDNS_SIGN_RSASHA512_NSEC3= LDNS_RSASHA512_NSEC3,
LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3,
LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */
LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */
case LDNS_SIGN_RSASHA1_NSEC3:
#ifdef USE_SHA2
case LDNS_SIGN_RSASHA256:
+ case LDNS_SIGN_RSASHA256_NSEC3:
case LDNS_SIGN_RSASHA512:
+ case LDNS_SIGN_RSASHA512_NSEC3:
#endif
if (len > 0) {
if (keydata[0] == 0) {
projects / thirdparty / ldns.git / commitdiff
