38 static const char* hsm_str =
"hsm";
48 int result = hsm_open(filename, hsm_prompt_pin, NULL);
49 if (result != HSM_OK) {
50 char* error = hsm_get_error(NULL);
55 ods_log_crit(
"[%s] error opening libhsm (errno %i)", hsm_str,
60 ods_log_info(
"[%s] libhsm connection opened succesfully", hsm_str);
73 if (hsm_check_context(NULL) != HSM_OK) {
102 hsm_sign_params_free(key->
params);
117 if (hsm_check_context(NULL) != HSM_OK) {
141 if (!owner || !key_id) {
142 ods_log_error(
"[%s] unable to get key: missing required elements",
153 key_id->
params = hsm_sign_params_new();
155 key_id->
params->owner = ldns_rdf_clone(owner);
160 error = hsm_get_error(ctx);
164 }
else if (!retries) {
165 lhsm_clear_key_cache(key_id);
169 ods_log_error(
"[%s] unable to get key: create params for key %s "
180 error = hsm_get_error(ctx);
184 }
else if (!retries) {
185 lhsm_clear_key_cache(key_id);
190 ods_log_error(
"[%s] unable to get key: key %s not found", hsm_str,
200 error = hsm_get_error(ctx);
204 }
else if (!retries) {
205 lhsm_clear_key_cache(key_id);
209 ods_log_error(
"[%s] unable to get key: hsm failed to create dnskey",
213 key_id->
params->keytag = ldns_calc_keytag(key_id->
dnskey);
224 ldns_rdf* owner, time_t inception, time_t expiration)
228 ldns_rr* result = NULL;
229 hsm_sign_params_t* params = NULL;
232 if (!owner || !key_id || !rrset || !inception || !expiration) {
233 ods_log_error(
"[%s] unable to sign: missing required elements",
246 params = hsm_sign_params_new();
247 params->owner = ldns_rdf_clone(key_id->
params->owner);
249 params->flags = key_id->
flags;
250 params->inception = inception;
251 params->expiration = expiration;
252 params->keytag = key_id->
params->keytag;
253 ods_log_debug(
"[%s] sign RRset[%i] with key %s tag %u", hsm_str,
254 ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)),
256 result = hsm_sign_rrset(ctx, rrset, key_id->
hsmkey, params);
257 hsm_sign_params_free(params);
260 error = hsm_get_error(ctx);
265 ods_log_crit(
"[%s] error signing rrset with libhsm", hsm_str);