Which also get an extra variable
* tsig.h: internal used functions are now static:
ldns_digest_name and ldns_tsig_mac_new
+ * ldns_key_rr2ds has an extra argument to specify the hash to
+ use.
New:
* ldns_resolver_searchlist_count: return the searchlist counter
* ldns_zone_sort: Sort a zone
}
ldns_rr *
-ldns_key_rr2ds(const ldns_rr *key)
+ldns_key_rr2ds(const ldns_rr *key, ldns_hash h)
{
ldns_rdf *tmp;
ldns_rr *ds;
ldns_rr_set_ttl(ds, ldns_rr_ttl(key));
ldns_rr_set_class(ds, ldns_rr_get_class(key));
- digest = LDNS_XMALLOC(uint8_t, SHA_DIGEST_LENGTH);
- if (!digest) {
- return NULL;
- }
+ switch(h) {
+ case LDNS_SHA1:
+ digest = LDNS_XMALLOC(uint8_t, SHA_DIGEST_LENGTH);
+ if (!digest) {
+ return NULL;
+ }
+ break;
+ case LDNS_SHA256:
+ return NULL; /* not implemented */
+ break;
+ }
data_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
if (!data_buf) {
/* copy the algorithm field */
ldns_rr_push_rdf(ds, ldns_rdf_clone(
- ldns_rr_rdf(key, 2)));
+ ldns_rr_rdf(key, 2))); /* second rfd */
- /* digest type, only SHA1 is supported */
- sha1hash = 1;
+ /* digest hash type */
+ sha1hash = (uint8_t)h;
tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, sizeof(uint8_t), &sha1hash);
ldns_rr_push_rdf(ds, tmp);
LDNS_STATUS_OK) {
return NULL;
}
+ switch(h) {
+ case LDNS_SHA1:
+ (void) SHA1((unsigned char *) ldns_buffer_begin(data_buf),
+ ldns_buffer_position(data_buf),
+ (unsigned char*) digest);
- /* sha1 it */
- (void) SHA1((unsigned char *) ldns_buffer_begin(data_buf),
- ldns_buffer_position(data_buf),
- (unsigned char*) digest);
+ tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, SHA_DIGEST_LENGTH,
+ digest);
+ ldns_rr_push_rdf(ds, tmp);
- tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, SHA_DIGEST_LENGTH,
- digest);
- ldns_rr_push_rdf(ds, tmp);
+ break;
+ case LDNS_SHA256:
+ /* XXX to SHA265
+ (void) SHA1((unsigned char *) ldns_buffer_begin(data_buf),
+ ldns_buffer_position(data_buf),
+ (unsigned char*) digest);
+
+ tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, SHA_DIGEST_LENGTH,
+ digest);
+ ldns_rr_push_rdf(ds, tmp);
+ */
+ break;
+ }
- LDNS_FREE(digest);
return ds;
}
void
usage(FILE *fp, char *prog) {
- fprintf(fp, "%s keyfile\n", prog);
- fprintf(fp, " generate a ds record\n");
+ fprintf(fp, "%s [-1|-2] keyfile\n", prog);
+ fprintf(fp, " Generate a DS RR from the key\n");
fprintf(fp, " The following file will be created: ");
fprintf(fp, "K<name>+<alg>+<id>.ds\n");
fprintf(fp, " The base name (K<name>+<alg>+<id> will be printed to stdout\n");
+ fprintf(fp, "Options:\n");
+ fprintf(fp, " -1 (default): use SHA1 for the DS hash\n");
+ fprintf(fp, " -2: use SHA256 for the DS hash\n");
}
int
char *owner;
ldns_rr *k, *ds;
ldns_signing_algorithm alg;
+ ldns_hash h;
alg = 0;
prog = strdup(argv[0]);
- if (argc != 2) {
+ h = LDNS_SHA1;
+
+ argv++, argc--;
+ while (argc && argv[0][0] == '-') {
+ if (strcmp(argv[0], "-1") == 0) {
+ h = LDNS_SHA1;
+ }
+ if (strcmp(argv[0], "-2") == 0) {
+ h = LDNS_SHA256;
+ }
+ argv++, argc--;
+ }
+
+ if (argc != 1) {
usage(stderr, prog);
exit(EXIT_FAILURE);
}
- keyname = strdup(argv[1]);
+ keyname = strdup(argv[0]);
keyfp = fopen(keyname, "r");
if (!keyfp) {
owner = ldns_rdf2str(ldns_rr_owner(k));
alg = ldns_rdf2native_int8(ldns_rr_dnskey_algorithm(k));
- ds = ldns_key_rr2ds(k);
+ ds = ldns_key_rr2ds(k, LDNS_SHA1);
if (!ds) {
fprintf(stderr, "Conversion to a DS RR failed\n");
exit(EXIT_FAILURE);
ldns_key_set_keytag(key, ldns_calc_keytag(pubkey));
/* build the DS record */
- ds = ldns_key_rr2ds(pubkey);
+ ds = ldns_key_rr2ds(pubkey, LDNS_SHA1);
/* print the public key RR to .key */
filename = LDNS_XMALLOC(char, strlen(owner) + 17);
* returns a new DS rr that represents the given key rr.
*
* \param[in] *key the key to convert
+ * \param[in] h the hash to use LDNS_SHA1/LDNS_SHA256
* \return ldns_rr* a new rr pointer to a DS
*/
-ldns_rr *ldns_key_rr2ds(const ldns_rr *key);
+ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h);
/* sign functions */
syn keyword ldnsType ldns_key
syn keyword ldnsType ldns_key_list
syn keyword ldnsType ldns_signing_algorithm
+syn keyword ldnsType ldns_hash
" ldns/dnssec.h
syn keyword ldnsConstant LDNS_MAX_KEYLEN
#ifdef HAVE_SSL
if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DS &&
ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DNSKEY) {
- ds_repr = ldns_key_rr2ds(rr2);
+ ds_repr = ldns_key_rr2ds(rr2, LDNS_SHA1);
result = (ldns_rr_compare(rr1, ds_repr) == 0);
ldns_rr_free(ds_repr);
} else if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DNSKEY &&
ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DS) {
- ds_repr = ldns_key_rr2ds(rr1);
+ ds_repr = ldns_key_rr2ds(rr1, LDNS_SHA1);
result = (ldns_rr_compare(rr2, ds_repr) == 0);
ldns_rr_free(ds_repr);
} else {
projects / thirdparty / ldns.git / commitdiff
