From: Miek Gieben Date: Mon, 14 Mar 2005 14:23:45 +0000 (+0000) Subject: a rr_key2ds function is added X-Git-Tag: release-0.50~255 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf720347d0e4b27ca01b3e1253f41aeccf9d8d60;p=thirdparty%2Fldns.git a rr_key2ds function is added --- diff --git a/Makefile.in b/Makefile.in index 84086f9b..bc7d387a 100644 --- a/Makefile.in +++ b/Makefile.in @@ -52,7 +52,8 @@ LIBDNS_OBJECTS = $(LIBDNS_SOURCES:.c=.o) TEST_SOURCES = run-test0.c run-test1.c run-test2.c run-test3.c \ run-test4.c run-test5.c run-test6.c run-test7.c \ run-test8.c run-test9.c run-test10.c run-test11.c \ - run-test13.c run-test14.c run-test15.c run-test16.c + run-test13.c run-test14.c run-test15.c run-test16.c \ + run-test17.c ALL_SOURCES = $(TEST_SOURCES) $(LIBDNS_SOURCES) $(PROG_SOURCES) @@ -122,6 +123,8 @@ run-test15: run-test15.o $(LIBDNS_OBJECTS) $(LIBOBJS) $(LINK) ${LIBS} -o $@ $+ run-test16: run-test16.o $(LIBDNS_OBJECTS) $(LIBOBJS) $(LINK) ${LIBS} -o $@ $+ +run-test17: run-test17.o $(LIBDNS_OBJECTS) $(LIBOBJS) + $(LINK) ${LIBS} -o $@ $+ run-test-trace: run-test-trace.o $(LIBDNS_OBJECTS) $(LIBOBJS) $(LINK) ${LIBS} -o $@ $+ diff --git a/dnssec.c b/dnssec.c index 29667ac3..c71f3755 100644 --- a/dnssec.c +++ b/dnssec.c @@ -663,3 +663,78 @@ ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, ui return LDNS_STATUS_OK; } + + +ldns_rr * +ldns_key_rr2ds(ldns_rr *key) +{ + ldns_rdf *tmp; + ldns_rr *ds; + uint16_t keytag; + uint8_t sha1hash; + uint8_t *digest; + ldns_buffer *data_buf; + + if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY) { + return NULL; + } + + ds = ldns_rr_new(); + if (!ds) { + return NULL; + } + ldns_rr_set_type(ds, LDNS_RR_TYPE_DS); + ldns_rr_set_owner(ds, ldns_rdf_deep_clone( + ldns_rr_owner(key))); + ldns_rr_set_ttl(ds, ldns_rr_ttl(key)); + ldns_rr_set_class(ds, ldns_rr_get_class(key)); + + digest = XMALLOC(uint8_t, SHA_DIGEST_LENGTH); + if (!digest) { + return NULL; + } + + data_buf = ldns_buffer_new(MAX_PACKETLEN); + if (!data_buf) { + return NULL; + } + + /* keytag */ + keytag = htons(ldns_keytag(key)); + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16, sizeof(uint16_t), &keytag); + ldns_rr_push_rdf(ds, tmp); + + /* copy the algorithm field */ + ldns_rr_push_rdf(ds, ldns_rdf_deep_clone( + ldns_rr_rdf(key, 2))); + + /* digest type, only SHA1 is supported */ + sha1hash = 1; + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, sizeof(uint8_t), &sha1hash); + ldns_rr_push_rdf(ds, tmp); + + /* digest */ + /* owner name */ + if (ldns_rdf2buffer_wire(data_buf, ldns_rr_owner(key)) != + LDNS_STATUS_OK) { + return NULL; + } + + /* all the rdata's */ + if (ldns_rr_rdata2buffer_wire(data_buf, key) != + LDNS_STATUS_OK) { + return NULL; + } + + /* sha1 it */ + (void) SHA1((unsigned char *) ldns_buffer_begin(data_buf), + ldns_buffer_position(data_buf), + (unsigned char*) digest); + + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, SHA_DIGEST_LENGTH, + digest); + ldns_rr_push_rdf(ds, tmp); + + FREE(digest); + return ds; +} diff --git a/higher.c b/higher.c index 164898a7..ae23ffbd 100644 --- a/higher.c +++ b/higher.c @@ -12,6 +12,8 @@ */ #include +#include +#include #include #include "util.h" diff --git a/host2wire.c b/host2wire.c index 6286355d..fd578979 100644 --- a/host2wire.c +++ b/host2wire.c @@ -126,8 +126,9 @@ ldns_rrsig2buffer_wire(ldns_buffer *buffer, ldns_rr *rr) /** * convert a rr's rdata to wireformat, while excluding * the ownername and all the crap before the rdata. - * This is needed in DNSSEC keytag calculation and maybe - * elsewhere. + * This is needed in DNSSEC keytag calculation, the ds + * calcalution from the key and maybe elsewhere. + * * \param[out] *buffer buffer where to put the result * \param[in] *rr rr to operate on */ diff --git a/ldns/dnssec.h b/ldns/dnssec.h index 4d203a05..869873e3 100644 --- a/ldns/dnssec.h +++ b/ldns/dnssec.h @@ -44,5 +44,6 @@ RSA *ldns_key_buf2rsa(ldns_buffer *); bool ldns_pkt_tsig_verify(ldns_pkt *pkt, const char *key_name, const char *key_data, ldns_rdf *mac); ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac); +ldns_rr *ldns_key_rr2ds(ldns_rr *key); #endif /* _DNSSEC_H_ */ diff --git a/net.c b/net.c index 69cbba41..b1d2f565 100644 --- a/net.c +++ b/net.c @@ -111,6 +111,7 @@ ldns_send(ldns_resolver *r, ldns_pkt *query_pkt) } } + /* wait retrans seconds... */ } ldns_buffer_free(qb); return reply; diff --git a/rr.c b/rr.c index a7aa3722..cc2a60e4 100644 --- a/rr.c +++ b/rr.c @@ -35,6 +35,8 @@ ldns_rr_new(void) ldns_rr_set_rd_count(rr, 0); rr->_rdata_fields = NULL; ldns_rr_set_ttl(rr, 0); + ldns_rr_set_class(rr, LDNS_RR_CLASS_IN); + ldns_rr_set_ttl(rr, LDNS_DEFTTL); return rr; } diff --git a/run-test17.c b/run-test17.c new file mode 100644 index 00000000..ba8ac1f0 --- /dev/null +++ b/run-test17.c @@ -0,0 +1,31 @@ +/** + * An example ldns program + * + * transform a key into a ds + */ + +#include +#include + +int +main(void) +{ + ldns_rr *key; + ldns_rr *ds; + + key = ldns_rr_new_frm_str("nlnetlabs.nl. 86400 IN DNSKEY 257 3 RSASHA1 AQPzzTWMz8qSWIQlfRnPckx2BiVmkVN6LPupO3mbz7FhLSnm26n6iG9NLby97Ji453aWZY3M5/xJBSOS2vWtco2t8C0+xeO1bc/d6ZTy32DHchpW6rDH1vp86Ll+ha0tmwyy9QP7y2bVw5zSbFCrefk8qCUBgfHm9bHzMG1UBYtEIQ=="); + + ldns_rr_print(stdout, key); + printf("keytag %d\n", ldns_keytag(key)); + + printf("\n"); + + ds = ldns_key_rr2ds(key); + + printf("\nand now the DS\n"); + printf("rdata count %d\n", ldns_rr_rd_count(ds)); + ldns_rr_print(stdout, ds); + printf("\n"); + + return 0; +}