00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013 #include <ldns/config.h>
00014
00015 #include <ldns/ldns.h>
00016
00017 #ifdef HAVE_SSL
00018 #include <openssl/ssl.h>
00019 #include <openssl/engine.h>
00020 #include <openssl/rand.h>
00021 #endif
00022
00023 ldns_lookup_table ldns_signing_algorithms[] = {
00024 { LDNS_SIGN_RSAMD5, "RSAMD5" },
00025 { LDNS_SIGN_RSASHA1, "RSASHA1" },
00026 { LDNS_SIGN_RSASHA256, "RSASHA256" },
00027 { LDNS_SIGN_RSASHA512, "RSASHA512" },
00028 { LDNS_SIGN_DSA, "DSAMD5" },
00029 { LDNS_SIGN_HMACMD5, "hmac-md5.sig-alg.reg.int" },
00030 { 0, NULL }
00031 };
00032
00033 #ifdef HAVE_SSL
00034 ldns_key_list *
00035 ldns_key_list_new()
00036 {
00037 ldns_key_list *key_list = LDNS_MALLOC(ldns_key_list);
00038 if (!key_list) {
00039 return NULL;
00040 } else {
00041 key_list->_key_count = 0;
00042 key_list->_keys = NULL;
00043 return key_list;
00044 }
00045 }
00046
00047 ldns_key *
00048 ldns_key_new()
00049 {
00050 ldns_key *newkey;
00051
00052 newkey = LDNS_MALLOC(ldns_key);
00053 if (!newkey) {
00054 return NULL;
00055 } else {
00056
00057 ldns_key_set_use(newkey, true);
00058 ldns_key_set_flags(newkey, LDNS_KEY_ZONE_KEY);
00059 ldns_key_set_origttl(newkey, 0);
00060 ldns_key_set_keytag(newkey, 0);
00061 ldns_key_set_inception(newkey, 0);
00062 ldns_key_set_expiration(newkey, 0);
00063 ldns_key_set_pubkey_owner(newkey, NULL);
00064 ldns_key_set_hmac_key(newkey, NULL);
00065 return newkey;
00066 }
00067 return NULL;
00068 }
00069
00070 ldns_status
00071 ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
00072 {
00073 return ldns_key_new_frm_fp_l(k, fp, NULL);
00074 }
00075
00076 #ifdef HAVE_SSL
00077 ldns_status
00078 ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg)
00079 {
00080 ldns_key *k;
00081
00082 k = ldns_key_new();
00083 k->_key.key = ENGINE_load_private_key(e, key_id, UI_OpenSSL(), NULL);
00084 ldns_key_set_algorithm(k, alg);
00085 if (!k->_key.key) {
00086 return LDNS_STATUS_ENGINE_KEY_NOT_LOADED;
00087 } else {
00088 *key = k;
00089 return LDNS_STATUS_OK;
00090 }
00091 }
00092 #endif
00093
00094 ldns_status
00095 ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
00096 {
00097 ldns_key *k;
00098 char *d;
00099 ldns_signing_algorithm alg;
00100 ldns_rr *key_rr;
00101 RSA *rsa;
00102 DSA *dsa;
00103 unsigned char *hmac;
00104 size_t hmac_size;
00105
00106 k = ldns_key_new();
00107
00108 d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
00109 if (!k || !d) {
00110 return LDNS_STATUS_MEM_ERR;
00111 }
00112
00113 alg = 0;
00114
00115
00116
00117
00118
00119
00120
00121
00122 if (ldns_fget_keyword_data_l(fp, "Private-key-format", ": ", d, "\n",
00123 LDNS_MAX_LINELEN, line_nr) == -1) {
00124
00125 return LDNS_STATUS_SYNTAX_ERR;
00126 }
00127 if (strncmp(d, "v1.2", strlen(d)) != 0) {
00128 return LDNS_STATUS_SYNTAX_VERSION_ERR;
00129 }
00130
00131
00132
00133 if (ldns_fget_keyword_data_l(fp, "Algorithm", ": ", d, "\n",
00134 LDNS_MAX_LINELEN, line_nr) == -1) {
00135
00136 return LDNS_STATUS_SYNTAX_ALG_ERR;
00137 }
00138
00139 if (strncmp(d, "1 RSA", 2) == 0) {
00140 alg = LDNS_SIGN_RSAMD5;
00141 }
00142 if (strncmp(d, "2 DH", 2) == 0) {
00143 alg = LDNS_DH;
00144 }
00145 if (strncmp(d, "3 DSA", 2) == 0) {
00146 alg = LDNS_SIGN_DSA;
00147 }
00148 if (strncmp(d, "4 ECC", 2) == 0) {
00149 alg = LDNS_ECC;
00150 }
00151 if (strncmp(d, "5 RSASHA1", 2) == 0) {
00152 alg = LDNS_SIGN_RSASHA1;
00153 }
00154 if (strncmp(d, "6 DSA", 4) == 0) {
00155 alg = LDNS_DSA_NSEC3;
00156 }
00157 if (strncmp(d, "7 RSASHA1", 4) == 0) {
00158 alg = LDNS_RSASHA1_NSEC3;
00159 }
00160 if (strncmp(d, "8 RSASHA256", 2) == 0) {
00161 alg = LDNS_SIGN_RSASHA256;
00162 }
00163 if (strncmp(d, "9 RSASHA512", 2) == 0) {
00164 alg = LDNS_SIGN_RSASHA512;
00165 }
00166 if (strncmp(d, "10 RSASHA256", 3) == 0) {
00167 alg = LDNS_SIGN_RSASHA256_NSEC3;
00168 }
00169 if (strncmp(d, "11 RSASHA512", 3) == 0) {
00170 alg = LDNS_SIGN_RSASHA512_NSEC3;
00171 }
00172 if (strncmp(d, "157 HMAC-MD5", 4) == 0) {
00173 alg = LDNS_SIGN_HMACMD5;
00174 }
00175
00176 LDNS_FREE(d);
00177
00178 switch(alg) {
00179 case LDNS_SIGN_RSAMD5:
00180 case LDNS_SIGN_RSASHA1:
00181 case LDNS_RSASHA1_NSEC3:
00182 case LDNS_SIGN_RSASHA256:
00183 case LDNS_RSASHA256_NSEC3:
00184 case LDNS_SIGN_RSASHA512:
00185 case LDNS_RSASHA512_NSEC3:
00186 ldns_key_set_algorithm(k, alg);
00187 rsa = ldns_key_new_frm_fp_rsa_l(fp, line_nr);
00188 ldns_key_set_rsa_key(k, rsa);
00189 RSA_free(rsa);
00190 break;
00191 case LDNS_SIGN_DSA:
00192 case LDNS_DSA_NSEC3:
00193 ldns_key_set_algorithm(k, alg);
00194 dsa = ldns_key_new_frm_fp_dsa_l(fp, line_nr);
00195 ldns_key_set_dsa_key(k, dsa);
00196 DSA_free(dsa);
00197 break;
00198 case LDNS_SIGN_HMACMD5:
00199 ldns_key_set_algorithm(k, alg);
00200 hmac = ldns_key_new_frm_fp_hmac_l(fp, line_nr, &hmac_size);
00201 ldns_key_set_hmac_size(k, hmac_size);
00202 ldns_key_set_hmac_key(k, hmac);
00203 break;
00204 case 0:
00205 default:
00206 return LDNS_STATUS_SYNTAX_ALG_ERR;
00207 break;
00208 }
00209
00210 key_rr = ldns_key2rr(k);
00211 ldns_key_set_keytag(k, ldns_calc_keytag(key_rr));
00212 ldns_rr_free(key_rr);
00213
00214 if (key) {
00215 *key = k;
00216 return LDNS_STATUS_OK;
00217 }
00218 return LDNS_STATUS_ERR;
00219 }
00220
00221 RSA *
00222 ldns_key_new_frm_fp_rsa(FILE *f)
00223 {
00224 return ldns_key_new_frm_fp_rsa_l(f, NULL);
00225 }
00226
00227 RSA *
00228 ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
00229 {
00230
00231
00232
00233
00234
00235
00236
00237
00238
00239
00240
00241
00242
00243
00244
00245
00246
00247
00248
00249
00250
00251
00252
00253
00254
00255 char *d;
00256 RSA *rsa;
00257 uint8_t *buf;
00258 int i;
00259
00260 d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
00261 buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
00262 rsa = RSA_new();
00263 if (!d || !rsa || !buf) {
00264 return NULL;
00265 }
00266
00267
00268
00269
00270
00271
00272 if (ldns_fget_keyword_data_l(f, "Modulus", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00273 goto error;
00274 }
00275 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00276 rsa->n = BN_bin2bn((const char unsigned*)buf, i, NULL);
00277 if (!rsa->n) {
00278 goto error;
00279 }
00280
00281
00282 if (ldns_fget_keyword_data_l(f, "PublicExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00283 goto error;
00284 }
00285 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00286 rsa->e = BN_bin2bn((const char unsigned*)buf, i, NULL);
00287 if (!rsa->e) {
00288 goto error;
00289 }
00290
00291
00292 if (ldns_fget_keyword_data_l(f, "PrivateExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00293 goto error;
00294 }
00295 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00296 rsa->d = BN_bin2bn((const char unsigned*)buf, i, NULL);
00297 if (!rsa->d) {
00298 goto error;
00299 }
00300
00301
00302 if (ldns_fget_keyword_data_l(f, "Prime1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00303 goto error;
00304 }
00305 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00306 rsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL);
00307 if (!rsa->p) {
00308 goto error;
00309 }
00310
00311
00312 if (ldns_fget_keyword_data_l(f, "Prime2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00313 goto error;
00314 }
00315 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00316 rsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL);
00317 if (!rsa->q) {
00318 goto error;
00319 }
00320
00321
00322 if (ldns_fget_keyword_data_l(f, "Exponent1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00323 goto error;
00324 }
00325 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00326 rsa->dmp1 = BN_bin2bn((const char unsigned*)buf, i, NULL);
00327 if (!rsa->dmp1) {
00328 goto error;
00329 }
00330
00331
00332 if (ldns_fget_keyword_data_l(f, "Exponent2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00333 goto error;
00334 }
00335 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00336 rsa->dmq1 = BN_bin2bn((const char unsigned*)buf, i, NULL);
00337 if (!rsa->dmq1) {
00338 goto error;
00339 }
00340
00341
00342 if (ldns_fget_keyword_data_l(f, "Coefficient", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00343 goto error;
00344 }
00345 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00346 rsa->iqmp = BN_bin2bn((const char unsigned*)buf, i, NULL);
00347 if (!rsa->iqmp) {
00348 goto error;
00349 }
00350
00351 LDNS_FREE(buf);
00352 LDNS_FREE(d);
00353 return rsa;
00354
00355 error:
00356 LDNS_FREE(d);
00357 LDNS_FREE(buf);
00358 return NULL;
00359 }
00360
00361 DSA *
00362 ldns_key_new_frm_fp_dsa(FILE *f)
00363 {
00364 return ldns_key_new_frm_fp_dsa_l(f, NULL);
00365 }
00366
00367 DSA *
00368 ldns_key_new_frm_fp_dsa_l(FILE *f, int *line_nr)
00369 {
00370 int i;
00371 char *d;
00372 DSA *dsa;
00373 uint8_t *buf;
00374
00375 line_nr = line_nr;
00376
00377 d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
00378 buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
00379 dsa = DSA_new();
00380 if (!d || !dsa) {
00381 return NULL;
00382 }
00383
00384
00385
00386
00387 if (ldns_fget_keyword_data_l(f, "Primep", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00388 goto error;
00389 }
00390 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00391 dsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL);
00392 if (!dsa->p) {
00393 goto error;
00394 }
00395
00396
00397 if (ldns_fget_keyword_data_l(f, "Subprimeq", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00398 goto error;
00399 }
00400 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00401 dsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL);
00402 if (!dsa->q) {
00403 goto error;
00404 }
00405
00406
00407 if (ldns_fget_keyword_data_l(f, "Baseg", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00408 goto error;
00409 }
00410 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00411 dsa->g = BN_bin2bn((const char unsigned*)buf, i, NULL);
00412 if (!dsa->g) {
00413 goto error;
00414 }
00415
00416
00417 if (ldns_fget_keyword_data_l(f, "Private_valuex", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00418 goto error;
00419 }
00420 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00421 dsa->priv_key = BN_bin2bn((const char unsigned*)buf, i, NULL);
00422 if (!dsa->priv_key) {
00423 goto error;
00424 }
00425
00426
00427 if (ldns_fget_keyword_data_l(f, "Public_valuey", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00428 goto error;
00429 }
00430 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00431 dsa->pub_key = BN_bin2bn((const char unsigned*)buf, i, NULL);
00432 if (!dsa->pub_key) {
00433 goto error;
00434 }
00435
00436 LDNS_FREE(buf);
00437 LDNS_FREE(d);
00438
00439 return dsa;
00440
00441 error:
00442 LDNS_FREE(d);
00443 LDNS_FREE(buf);
00444 return NULL;
00445 }
00446
00447 unsigned char *
00448 ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
00449 {
00450 return ldns_key_new_frm_fp_hmac_l(f, NULL, hmac_size);
00451 }
00452
00453 unsigned char *
00454 ldns_key_new_frm_fp_hmac_l(FILE *f, int *line_nr, size_t *hmac_size)
00455 {
00456 int i;
00457 char *d;
00458 unsigned char *buf;
00459
00460 line_nr = line_nr;
00461
00462 d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
00463 buf = LDNS_XMALLOC(unsigned char, LDNS_MAX_LINELEN);
00464
00465 if (ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00466 goto error;
00467 }
00468 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00469
00470 *hmac_size = i;
00471 return buf;
00472
00473 error:
00474 LDNS_FREE(d);
00475 LDNS_FREE(buf);
00476 *hmac_size = 0;
00477 return NULL;
00478 }
00479
00480
00481 ldns_key *
00482 ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
00483 {
00484 ldns_key *k;
00485 DSA *d;
00486 RSA *r;
00487 #ifndef HAVE_SSL
00488 int i;
00489 uint16_t offset;
00490 #endif
00491 unsigned char *hmac;
00492
00493 k = ldns_key_new();
00494 if (!k) {
00495 return NULL;
00496 }
00497 switch(alg) {
00498 case LDNS_SIGN_RSAMD5:
00499 case LDNS_SIGN_RSASHA1:
00500 case LDNS_SIGN_RSASHA1_NSEC3:
00501 case LDNS_SIGN_RSASHA256:
00502 case LDNS_SIGN_RSASHA256_NSEC3:
00503 case LDNS_SIGN_RSASHA512:
00504 case LDNS_SIGN_RSASHA512_NSEC3:
00505 r = RSA_generate_key((int)size, RSA_F4, NULL, NULL);
00506 if (RSA_check_key(r) != 1) {
00507 return NULL;
00508 }
00509
00510 ldns_key_set_rsa_key(k, r);
00511 break;
00512 case LDNS_SIGN_DSA:
00513 case LDNS_SIGN_DSA_NSEC3:
00514 d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL);
00515 if (!d) {
00516 return NULL;
00517 }
00518 if (DSA_generate_key(d) != 1) {
00519 return NULL;
00520 }
00521 ldns_key_set_dsa_key(k, d);
00522 break;
00523 case LDNS_SIGN_HMACMD5:
00524 k->_key.key = NULL;
00525 size = size / 8;
00526 ldns_key_set_hmac_size(k, size);
00527
00528 hmac = LDNS_XMALLOC(unsigned char, size);
00529 #ifdef HAVE_SSL
00530 if (RAND_bytes(hmac, size) != 1) {
00531 LDNS_FREE(hmac);
00532 ldns_key_free(k);
00533 return NULL;
00534 }
00535 #else
00536 while (offset + sizeof(i) < size) {
00537 i = random();
00538 memcpy(&hmac[offset], &i, sizeof(i));
00539 offset += sizeof(i);
00540 }
00541 if (offset < size) {
00542 i = random();
00543 memcpy(&hmac[offset], &i, size - offset);
00544 }
00545 #endif
00546 ldns_key_set_hmac_key(k, hmac);
00547
00548 ldns_key_set_flags(k, 0);
00549 break;
00550 }
00551 ldns_key_set_algorithm(k, alg);
00552 return k;
00553 }
00554
00555 void
00556 ldns_key_print(FILE *output, const ldns_key *k)
00557 {
00558 char *str = ldns_key2str(k);
00559 if (str) {
00560 fprintf(output, "%s", str);
00561 } else {
00562 fprintf(output, "Unable to convert private key to string\n");
00563 }
00564 LDNS_FREE(str);
00565 }
00566
00567
00568 void
00569 ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l)
00570 {
00571 k->_alg = l;
00572 }
00573
00574 void
00575 ldns_key_set_flags(ldns_key *k, uint16_t f)
00576 {
00577 k->_extra.dnssec.flags = f;
00578 }
00579
00580 void
00581 ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e)
00582 {
00583 k->_key.key = e;
00584 }
00585
00586 void
00587 ldns_key_set_rsa_key(ldns_key *k, RSA *r)
00588 {
00589 EVP_PKEY *key = EVP_PKEY_new();
00590 EVP_PKEY_set1_RSA(key, r);
00591 k->_key.key = key;
00592 }
00593
00594 void
00595 ldns_key_set_dsa_key(ldns_key *k, DSA *d)
00596 {
00597 EVP_PKEY *key = EVP_PKEY_new();
00598 EVP_PKEY_set1_DSA(key, d);
00599 k->_key.key = key;
00600 }
00601
00602 void
00603 ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
00604 {
00605 k->_key.hmac.key = hmac;
00606 }
00607
00608 void
00609 ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
00610 {
00611 k->_key.hmac.size = hmac_size;
00612 }
00613
00614 void
00615 ldns_key_set_origttl(ldns_key *k, uint32_t t)
00616 {
00617 k->_extra.dnssec.orig_ttl = t;
00618 }
00619
00620 void
00621 ldns_key_set_inception(ldns_key *k, uint32_t i)
00622 {
00623 k->_extra.dnssec.inception = i;
00624 }
00625
00626 void
00627 ldns_key_set_expiration(ldns_key *k, uint32_t e)
00628 {
00629 k->_extra.dnssec.expiration = e;
00630 }
00631
00632 void
00633 ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
00634 {
00635 k->_pubkey_owner = r;
00636 }
00637
00638 void
00639 ldns_key_set_keytag(ldns_key *k, uint16_t tag)
00640 {
00641 k->_extra.dnssec.keytag = tag;
00642 }
00643
00644
00645 size_t
00646 ldns_key_list_key_count(const ldns_key_list *key_list)
00647 {
00648 return key_list->_key_count;
00649 }
00650
00651 ldns_key *
00652 ldns_key_list_key(const ldns_key_list *key, size_t nr)
00653 {
00654 if (nr < ldns_key_list_key_count(key)) {
00655 return key->_keys[nr];
00656 } else {
00657 return NULL;
00658 }
00659 }
00660
00661 ldns_signing_algorithm
00662 ldns_key_algorithm(const ldns_key *k)
00663 {
00664 return k->_alg;
00665 }
00666
00667 void
00668 ldns_key_set_use(ldns_key *k, bool v)
00669 {
00670 if (k) {
00671 k->_use = v;
00672 }
00673 }
00674
00675 bool
00676 ldns_key_use(const ldns_key *k)
00677 {
00678 if (k) {
00679 return k->_use;
00680 }
00681 return false;
00682 }
00683
00684 EVP_PKEY *
00685 ldns_key_evp_key(const ldns_key *k)
00686 {
00687 return k->_key.key;
00688 }
00689
00690 RSA *
00691 ldns_key_rsa_key(const ldns_key *k)
00692 {
00693 return EVP_PKEY_get1_RSA(k->_key.key);
00694 }
00695
00696 DSA *
00697 ldns_key_dsa_key(const ldns_key *k)
00698 {
00699 return EVP_PKEY_get1_DSA(k->_key.key);
00700 }
00701
00702 unsigned char *
00703 ldns_key_hmac_key(const ldns_key *k)
00704 {
00705 return k->_key.hmac.key;
00706 }
00707
00708 size_t
00709 ldns_key_hmac_size(const ldns_key *k)
00710 {
00711 return k->_key.hmac.size;
00712 }
00713
00714 uint32_t
00715 ldns_key_origttl(const ldns_key *k)
00716 {
00717 return k->_extra.dnssec.orig_ttl;
00718 }
00719
00720 uint16_t
00721 ldns_key_flags(const ldns_key *k)
00722 {
00723 return k->_extra.dnssec.flags;
00724 }
00725
00726 uint32_t
00727 ldns_key_inception(const ldns_key *k)
00728 {
00729 return k->_extra.dnssec.inception;
00730 }
00731
00732 uint32_t
00733 ldns_key_expiration(const ldns_key *k)
00734 {
00735 return k->_extra.dnssec.expiration;
00736 }
00737
00738 uint16_t
00739 ldns_key_keytag(const ldns_key *k)
00740 {
00741 return k->_extra.dnssec.keytag;
00742 }
00743
00744 ldns_rdf *
00745 ldns_key_pubkey_owner(const ldns_key *k)
00746 {
00747 return k->_pubkey_owner;
00748 }
00749
00750
00751 void
00752 ldns_key_list_set_use(ldns_key_list *keys, bool v)
00753 {
00754 size_t i;
00755
00756 for (i = 0; i < ldns_key_list_key_count(keys); i++) {
00757 ldns_key_set_use(ldns_key_list_key(keys, i), v);
00758 }
00759 }
00760
00761 void
00762 ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
00763 {
00764 key->_key_count = count;
00765 }
00766
00767 bool
00768 ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
00769 {
00770 size_t key_count;
00771 ldns_key **keys;
00772
00773 key_count = ldns_key_list_key_count(key_list);
00774 keys = key_list->_keys;
00775
00776
00777 keys = LDNS_XREALLOC(
00778 key_list->_keys, ldns_key *, key_count + 1);
00779 if (!keys) {
00780 return false;
00781 }
00782
00783
00784 key_list->_keys = keys;
00785 key_list->_keys[key_count] = key;
00786
00787 ldns_key_list_set_key_count(key_list, key_count + 1);
00788 return true;
00789 }
00790
00791 ldns_key *
00792 ldns_key_list_pop_key(ldns_key_list *key_list)
00793 {
00794 size_t key_count;
00795 ldns_key *pop;
00796
00797 if (!key_list) {
00798 return NULL;
00799 }
00800
00801 key_count = ldns_key_list_key_count(key_list);
00802 if (key_count == 0) {
00803 return NULL;
00804 }
00805
00806 pop = ldns_key_list_key(key_list, key_count);
00807
00808
00809 key_list->_keys = LDNS_XREALLOC(
00810 key_list->_keys, ldns_key *, key_count - 1);
00811
00812 ldns_key_list_set_key_count(key_list, key_count - 1);
00813
00814 return pop;
00815 }
00816
00817 static bool
00818 ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size)
00819 {
00820 int i,j;
00821
00822 if (!k) {
00823 return false;
00824 }
00825
00826 if (BN_num_bytes(k->e) <= 256) {
00827
00828
00829
00830 data[0] = (unsigned char) BN_num_bytes(k->e);
00831 i = BN_bn2bin(k->e, data + 1);
00832 j = BN_bn2bin(k->n, data + i + 1);
00833 *size = (uint16_t) i + j;
00834 } else if (BN_num_bytes(k->e) <= 65536) {
00835 data[0] = 0;
00836
00837 ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(k->e));
00838
00839 BN_bn2bin(k->e, data + 3);
00840 BN_bn2bin(k->n, data + 4 + BN_num_bytes(k->e));
00841 *size = (uint16_t) BN_num_bytes(k->n) + 6;
00842 } else {
00843 return false;
00844 }
00845 return true;
00846 }
00847
00848 static bool
00849 ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size)
00850 {
00851 uint8_t T;
00852
00853 if (!k) {
00854 return false;
00855 }
00856
00857
00858 *size = (uint16_t)BN_num_bytes(k->g);
00859 T = (*size - 64) / 8;
00860 memcpy(data, &T, 1);
00861
00862 if (T > 8) {
00863 return false;
00864 }
00865
00866
00867 data[0] = (unsigned char)T;
00868 BN_bn2bin(k->q, data + 1 );
00869 BN_bn2bin(k->p, data + 21 );
00870 BN_bn2bin(k->g, data + 21 + *size);
00871 BN_bn2bin(k->pub_key, data + 21 + *size + *size);
00872 *size = 20 + (*size * 3);
00873 return true;
00874 }
00875
00876 ldns_rr *
00877 ldns_key2rr(const ldns_key *k)
00878 {
00879
00880
00881
00882
00883
00884 ldns_rr *pubkey;
00885 ldns_rdf *keybin;
00886 unsigned char *bin;
00887 uint16_t size = 0;
00888 RSA *rsa = NULL;
00889 DSA *dsa = NULL;
00890
00891 pubkey = ldns_rr_new();
00892 if (!k) {
00893 return NULL;
00894 }
00895
00896 bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
00897 if (!bin) {
00898 return NULL;
00899 }
00900
00901 switch (ldns_key_algorithm(k)) {
00902 case LDNS_SIGN_HMACMD5:
00903 ldns_rr_set_type(pubkey, LDNS_RR_TYPE_KEY);
00904 break;
00905 default:
00906 ldns_rr_set_type(pubkey, LDNS_RR_TYPE_DNSKEY);
00907 break;
00908 }
00909
00910 ldns_rr_push_rdf(pubkey,
00911 ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16,
00912 ldns_key_flags(k)));
00913
00914 ldns_rr_push_rdf(pubkey,
00915 ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, LDNS_DNSSEC_KEYPROTO));
00916
00917 if (ldns_key_pubkey_owner(k)) {
00918 ldns_rr_set_owner(pubkey, ldns_rdf_clone(ldns_key_pubkey_owner(k)));
00919 }
00920
00921
00922 switch(ldns_key_algorithm(k)) {
00923 case LDNS_RSAMD5:
00924 case LDNS_RSASHA1:
00925 case LDNS_RSASHA1_NSEC3:
00926 case LDNS_RSASHA256:
00927 case LDNS_RSASHA256_NSEC3:
00928 case LDNS_RSASHA512:
00929 case LDNS_RSASHA512_NSEC3:
00930 ldns_rr_push_rdf(pubkey,
00931 ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k)));
00932 rsa = ldns_key_rsa_key(k);
00933 if (!rsa) {
00934 return NULL;
00935 } else {
00936 if (!ldns_key_rsa2bin(bin, rsa, &size)) {
00937 return NULL;
00938 }
00939 RSA_free(rsa);
00940 }
00941 size++;
00942 break;
00943 case LDNS_SIGN_DSA:
00944 ldns_rr_push_rdf(pubkey,
00945 ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA));
00946 dsa = ldns_key_dsa_key(k);
00947 if (!dsa) {
00948 return NULL;
00949 } else {
00950 if (!ldns_key_dsa2bin(bin, dsa, &size)) {
00951 return NULL;
00952 }
00953 DSA_free(dsa);
00954 }
00955 break;
00956 case LDNS_DSA_NSEC3:
00957 ldns_rr_push_rdf(pubkey,
00958 ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3));
00959 if (!ldns_key_dsa2bin(bin, ldns_key_dsa_key(k), &size)) {
00960 return NULL;
00961 }
00962 break;
00963 case LDNS_SIGN_HMACMD5:
00964
00965 ldns_rr_push_rdf(pubkey,
00966 ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_SIGN_HMACMD5));
00967 size = ldns_key_hmac_size(k);
00968 bin = LDNS_XREALLOC(bin, unsigned char, size);
00969 memcpy(bin, ldns_key_hmac_key(k), size);
00970 break;
00971 }
00972
00973 keybin = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, size, bin);
00974 LDNS_FREE(bin);
00975 ldns_rr_push_rdf(pubkey, keybin);
00976 return pubkey;
00977 }
00978
00979 void
00980 ldns_key_free(ldns_key *key)
00981 {
00982 LDNS_FREE(key);
00983 }
00984
00985 void
00986 ldns_key_deep_free(ldns_key *key)
00987 {
00988 if (ldns_key_pubkey_owner(key)) {
00989 ldns_rdf_deep_free(ldns_key_pubkey_owner(key));
00990 }
00991
00992
00993
00994
00995
00996
00997
00998
00999
01000
01001
01002
01003
01004
01005
01006
01007
01008
01009
01010 if (ldns_key_evp_key(key)) {
01011 EVP_PKEY_free(ldns_key_evp_key(key));
01012 }
01013 if (ldns_key_hmac_key(key)) {
01014 free(ldns_key_hmac_key(key));
01015 }
01016 LDNS_FREE(key);
01017 }
01018
01019 void
01020 ldns_key_list_free(ldns_key_list *key_list)
01021 {
01022 size_t i;
01023 for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
01024 ldns_key_deep_free(ldns_key_list_key(key_list, i));
01025 }
01026 LDNS_FREE(key_list->_keys);
01027 LDNS_FREE(key_list);
01028 }
01029
01030 ldns_rr *
01031 ldns_read_anchor_file(const char *filename)
01032 {
01033 FILE *fp;
01034
01035 char *line = LDNS_XMALLOC(char, LDNS_MAX_PACKETLEN);
01036 int c;
01037 size_t i = 0;
01038 ldns_rr *r;
01039 ldns_status status;
01040
01041 fp = fopen(filename, "r");
01042 if (!fp) {
01043 fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
01044 LDNS_FREE(line);
01045 return NULL;
01046 }
01047
01048 while ((c = fgetc(fp)) && i < LDNS_MAX_PACKETLEN && c != EOF) {
01049 line[i] = c;
01050 i++;
01051 }
01052 line[i] = '\0';
01053
01054 fclose(fp);
01055
01056 if (i <= 0) {
01057 fprintf(stderr, "nothing read from %s", filename);
01058 LDNS_FREE(line);
01059 return NULL;
01060 } else {
01061 status = ldns_rr_new_frm_str(&r, line, 0, NULL, NULL);
01062 if (status == LDNS_STATUS_OK && (ldns_rr_get_type(r) == LDNS_RR_TYPE_DNSKEY || ldns_rr_get_type(r) == LDNS_RR_TYPE_DS)) {
01063 LDNS_FREE(line);
01064 return r;
01065 } else {
01066 fprintf(stderr, "Error creating DNSKEY or DS rr from %s: %s\n", filename, ldns_get_errorstr_by_id(status));
01067 LDNS_FREE(line);
01068 return NULL;
01069 }
01070 }
01071 }
01072
01073 #endif