From: Daniel Salzman <daniel.salzman@nic.cz>
Date: Mon, 21 Jul 2025 06:43:36 +0000 (+0200)
Subject: keymgr: support colon separators in keyid
X-Git-Tag: v3.5.0~45^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4be0af187b52fc1c9d07cdf543f2a3ad397fe864;p=thirdparty%2Fknot-dns.git

keymgr: support colon separators in keyid
---

diff --git a/src/libdnssec/keyid.c b/src/libdnssec/keyid.c
index 59086dc4c9..cb4d2679fd 100644
--- a/src/libdnssec/keyid.c
+++ b/src/libdnssec/keyid.c
@@ -22,11 +22,16 @@ bool dnssec_keyid_is_valid(const char *id)
 		return false;
 	}
 
-	if (strlen(id) % 2 != 0) {
+	size_t id_len = strlen(id);
+	bool with_colons = (id_len > 3 && id[2] == ':'); // p11tool format XX:XX:XX:<..>:XX
+	if ((id_len - (with_colons ? id_len / 3 : 0)) % 2 != 0) {
 		return false;
 	}
 
 	for (int i = 0; id[i] != '\0'; i++) {
+		if (with_colons && i > 0 && i < id_len - 1 && i % 3 == 2 && id[i] == ':') {
+			continue;
+		}
 		if (!is_xdigit(id[i])) {
 			return false;
 		}
@@ -42,10 +47,16 @@ void dnssec_keyid_normalize(char *id)
 		return;
 	}
 
+	size_t j = 0;
 	for (size_t i = 0; id[i] != '\0'; i++) {
+		if (id[i] == ':') {
+			assert(i % 3 == 2);
+			continue;
+		}
 		assert(id[i] != '\0' && is_xdigit(id[i]));
-		id[i] = knot_tolower(id[i]);
+		id[j++] = knot_tolower(id[i]);
 	}
+	id[j] = '\0';
 }
 
 _public_