From 0c5214b1797bd794556561e2e69303338d73eec6 Mon Sep 17 00:00:00 2001 From: Federico Lucifredi Date: Mon, 21 Jan 2008 00:24:37 +0000 Subject: added avahi_dnssec_sign_record() minus crypto pass. git-svn-id: file:///home/lennart/svn/public/avahi/branches/federico2@1734 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe --- avahi-core/dns.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 54 insertions(+), 4 deletions(-) (limited to 'avahi-core/dns.c') diff --git a/avahi-core/dns.c b/avahi-core/dns.c index bfa6d60..3b88a20 100644 --- a/avahi-core/dns.c +++ b/avahi-core/dns.c @@ -768,7 +768,7 @@ static int append_rdata(AvahiDnsPacket *p, AvahiRecord *r) { break; - case AVAHI_DNS_TYPE_RRSIG: + case AVAHI_DNS_TYPE_RRSIG: if (!avahi_dns_packet_append_uint16(p, r->data.rrsig.type_covered)) return -1; @@ -914,9 +914,9 @@ AvahiRecord* avahi_get_local_zsk_pubkey(const unsigned char* keyname, uint32_t t r = avahi_record_new_full(keyname, AVAHI_DNS_CLASS_IN, AVAHI_DNS_TYPE_DNSKEY, 0); - if (!r) { - avahi_log_error("avahi_record_new_full() failed."); - return NULL; + if (!r) { /* OOM check */ + avahi_log_error("avahi_record_new_full() failed."); + return NULL; } r->ttl = ttl; /* TTL of records associated with a signature MUST match the record's */ @@ -937,3 +937,53 @@ AvahiRecord* avahi_get_local_zsk_pubkey(const unsigned char* keyname, uint32_t t return r; } + +/* invoke as avahi_dnssec_sign_record(, "reiker.local", ) */ +AvahiRecord avahi_dnssec_sign_record(AvahiRecord *s, const char *authority, uint32_t ttl){ + AvahiRecord *r; + + AvahiRecord *key; + int result; + + r = avahi_record_new_full(keyname, AVAHI_DNS_CLASS_IN, AVAHI_DNS_TYPE_RRSIG, 0); + + if (!r) { /* OOM check */ + avahi_log_error("avahi_record_new_full() failed."); + return NULL; + } + + /* type of covered record */ + r->data.rrsig.type_covered = s->key.clazz; + + /* SHA1 is mandatory in the spec (MUST), but other options are available */ + r->data.rrsig.algorithm = AVAHI_DNSSEC_KEY_SHA1; + + /* label count */ + r->data.rrsig.labels = avahi_count_canonical_labels(avahi_c_to_canonical_string(s->key.name)); + + /* original ttl */ + r->data.rrsig.ttl = ttl); /*this could be invalidated if TTL capping is later used in the packet dispatching call */ + + /* signature validity - ttl seconds from now is reasonable*/ + r->data.rrsig.signature_expiration = time(NULL) + ttl; + + /* when was the record signed? to allow for badly sync'd clocks, one conventionally claims signing 1 hour in the past */ + r->data.rrsig.signature_inception = time(NULL) - AVAHI_DNSSEC_TIME_DRIFT; + + /* retrieve RRSIG record representing localhost's trust */ + key = avahi_get_local_zsk_pubkey(authority, ttl); + + /* generate keytag of the localhos's pubkey */ + r->data.rrsig.keytag = avahi_keytag(key); + + avahi_free(key); + + /* +".local", to be retrieved from future *private* crypto config file along with local ZSK keypair */ + r->data.rrsig.signers_name = avahi_strdup (authority); + + return r; +} + +AvahiRecord* avahi_get_local_trust_record(){ + +} \ No newline at end of file -- cgit