35 #include "cryptoki_compat/pkcs11.h" 37 static const char* hsm_str =
"hsm";
54 hsm_sign_params_free(key->
params);
59 static const hsm_key_t*
60 keylookup(hsm_ctx_t* ctx,
const char* locator)
63 key = keycache_lookup(ctx, locator);
65 char* error = hsm_get_error(ctx);
71 ods_log_error(
"[%s] unable to get key: key %s not found", hsm_str, locator);
87 if (!owner || !key_id) {
88 ods_log_error(
"[%s] unable to get key: missing required elements",
97 key_id->
params = hsm_sign_params_new();
99 key_id->
params->owner = ldns_rdf_clone(owner);
104 error = hsm_get_error(ctx);
108 }
else if (!retries) {
109 lhsm_clear_key_cache(key_id);
113 ods_log_error(
"[%s] unable to get key: create params for key %s " 123 error = hsm_get_error(ctx);
127 }
else if (!retries) {
128 lhsm_clear_key_cache(key_id);
132 ods_log_error(
"[%s] unable to get key: hsm failed to create dnskey",
136 key_id->
params->keytag = ldns_calc_keytag(key_id->
dnskey);
147 ldns_rdf* owner, time_t inception, time_t expiration)
150 ldns_rr* result = NULL;
151 hsm_sign_params_t* params = NULL;
153 if (!owner || !key_id || !rrset || !inception || !expiration) {
154 ods_log_error(
"[%s] unable to sign: missing required elements",
161 params = hsm_sign_params_new();
162 params->owner = ldns_rdf_clone(key_id->
params->owner);
164 params->flags = key_id->
flags;
165 params->inception = inception;
166 params->expiration = expiration;
167 params->keytag = key_id->
params->keytag;
169 ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)),
171 result = hsm_sign_rrset(ctx, rrset, keylookup(ctx, key_id->
locator), params);
172 hsm_sign_params_free(params);
174 error = hsm_get_error(ctx);
179 ods_log_crit(
"[%s] error signing rrset with libhsm", hsm_str);
ldns_rr * lhsm_sign(hsm_ctx_t *ctx, ldns_rr_list *rrset, key_type *key_id, ldns_rdf *owner, time_t inception, time_t expiration)
enum ods_enum_status ods_status
void ods_log_error(const char *format,...)
void ods_log_crit(const char *format,...)
ods_status lhsm_get_key(hsm_ctx_t *ctx, ldns_rdf *owner, key_type *key_id)
hsm_sign_params_t * params
void ods_log_deeebug(const char *format,...)
#define ods_log_assert(x)