Commit 0d8dadb4 authored by Libor Peltan's avatar Libor Peltan Committed by Daniel Salzman

dnssec: added CDS and CDNSKEY creation

parent ff55685e
......@@ -425,6 +425,7 @@ void free_zone_keys(zone_keyset_t *keyset)
for (size_t i = 0; i < keyset->count; i++) {
dnssec_sign_free(keyset->keys[i].ctx);
dnssec_binary_free(&keyset->keys[i].precomputed_ds);
}
free(keyset->keys);
......@@ -467,3 +468,23 @@ time_t knot_get_next_zone_key_event(const zone_keyset_t *keyset)
return result;
}
/*!
* \brief Compute DS record rdata from key + cache it.
*/
int zone_key_calculate_ds(zone_key_t *for_key, dnssec_binary_t *out_donotfree)
{
assert(for_key);
assert(out_donotfree);
int ret = KNOT_EOK;
if (for_key->precomputed_ds.data == NULL) {
dnssec_key_digest_t digesttype = DNSSEC_KEY_DIGEST_SHA256; // TODO !
ret = dnssec_key_create_ds(for_key->key, digesttype, &for_key->precomputed_ds);
ret = knot_error_from_libdnssec(ret);
}
*out_donotfree = for_key->precomputed_ds;
return ret;
}
......@@ -44,6 +44,8 @@ struct zone_key {
dnssec_key_t *key;
dnssec_sign_ctx_t *ctx;
dnssec_binary_t precomputed_ds;
time_t next_event;
bool is_ksk;
......@@ -136,4 +138,9 @@ void free_zone_keys(zone_keyset_t *keyset);
*/
time_t knot_get_next_zone_key_event(const zone_keyset_t *keyset);
/*!
* \todo this comment (needed?)
*/
int zone_key_calculate_ds(zone_key_t *for_key, dnssec_binary_t *out_donotfree);
/*! @} */
This diff is collapsed.
......@@ -48,7 +48,7 @@
* \return Error code, KNOT_EOK if successful.
*/
int knot_zone_sign(const zone_contents_t *zone,
const zone_keyset_t *zone_keys,
zone_keyset_t *zone_keys,
const kdnssec_ctx_t *dnssec_ctx,
changeset_t *out_ch, uint32_t *expire_at);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment