keys.c

Go to the documentation of this file.
00001 /*
00002  * keys.c handle private keys for use in DNSSEC
00003  *
00004  * This module should hide some of the openSSL complexities
00005  * and give a general interface for private keys and hmac
00006  * handling
00007  *
00008  * (c) NLnet Labs, 2004-2006
00009  * 
00010  * See the file LICENSE for the license
00011  */
00012 
00013 #include <ldns/config.h>
00014 
00015 #include <ldns/ldns.h>
00016 
00017 #ifdef HAVE_SSL
00018 #include <openssl/ssl.h>
00019 #include <openssl/rand.h>
00020 #endif /* HAVE_SSL */
00021 
00022 ldns_lookup_table ldns_signing_algorithms[] = {
00023         { LDNS_SIGN_RSAMD5, "RSAMD5" },
00024         { LDNS_SIGN_RSASHA1, "RSASHA1" },
00025         { LDNS_SIGN_DSA, "DSAMD5" },
00026         { LDNS_SIGN_HMACMD5, "hmac-md5.sig-alg.reg.int" },
00027         { 0, NULL }
00028 };
00029 
00030 #ifdef HAVE_SSL 
00031 ldns_key_list *
00032 ldns_key_list_new()
00033 {
00034         ldns_key_list *key_list = LDNS_MALLOC(ldns_key_list);
00035         if (!key_list) {
00036                 return NULL;
00037         } else {
00038                 key_list->_key_count = 0;
00039                 key_list->_keys = NULL;
00040                 return key_list;
00041         }
00042 }
00043 
00044 ldns_key *
00045 ldns_key_new()
00046 {
00047         ldns_key *newkey;
00048 
00049         newkey = LDNS_MALLOC(ldns_key);
00050         if (!newkey) {
00051                 return NULL;
00052         } else {
00053                 /* some defaults - not sure wether to do this */
00054                 ldns_key_set_flags(newkey, LDNS_KEY_ZONE_KEY);
00055                 ldns_key_set_origttl(newkey, 0);
00056                 ldns_key_set_keytag(newkey, 0);
00057                 ldns_key_set_inception(newkey, 0);
00058                 ldns_key_set_expiration(newkey, 0);
00059                 ldns_key_set_pubkey_owner(newkey, NULL);
00060                 ldns_key_set_rsa_key(newkey, NULL);
00061                 ldns_key_set_dsa_key(newkey, NULL);
00062                 ldns_key_set_hmac_key(newkey, NULL);
00063                 return newkey;
00064         }
00065 }
00066 
00067 ldns_status 
00068 ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
00069 {
00070         return ldns_key_new_frm_fp_l(k, fp, NULL);
00071 }
00072 
00073 ldns_status
00074 ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
00075 {
00076         ldns_key *k;
00077         char *d;
00078         ldns_signing_algorithm alg;
00079         ldns_rr *key_rr;
00080         unsigned char *hmac;
00081         size_t hmac_size;
00082 
00083         k = ldns_key_new();
00084 
00085         d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
00086         if (!k || !d) {
00087                 return LDNS_STATUS_MEM_ERR;
00088         }
00089         
00090         alg = 0;
00091         
00092         /* the file is highly structured. Do this in sequence */
00093         /* RSA:
00094          * Private-key-format: v1.2
00095          * Algorithm: 1 (RSA)
00096 
00097          */
00098         /* get the key format version number */
00099         if (ldns_fget_keyword_data_l(fp, "Private-key-format", ": ", d, "\n",
00100                                 LDNS_MAX_LINELEN, line_nr) == -1) {
00101                 /* no version information */
00102                 return LDNS_STATUS_SYNTAX_ERR;
00103         }
00104         if (strncmp(d, "v1.2", strlen(d)) != 0) {
00105                 return LDNS_STATUS_SYNTAX_VERSION_ERR;
00106         }
00107 
00108         /* get the algorithm type, our file function strip ( ) so there are
00109          * not in the return string! */
00110         if (ldns_fget_keyword_data_l(fp, "Algorithm", ": ", d, "\n", 
00111                                 LDNS_MAX_LINELEN, line_nr) == -1) {
00112                 /* no alg information */
00113                 return LDNS_STATUS_SYNTAX_ALG_ERR;
00114         }
00115 
00116         if (strncmp(d, "1 RSA", 2) == 0) {
00117                 alg = LDNS_SIGN_RSAMD5;
00118         }
00119         if (strncmp(d, "3 DSA", 2) == 0) {
00120                 alg = LDNS_SIGN_DSA; 
00121         }
00122         if (strncmp(d, "5 RSASHA1", 2) == 0) {
00123                 alg = LDNS_SIGN_RSASHA1;
00124         }
00125         if (strncmp(d, "157 HMAC-MD5", 4) == 0) {
00126                 alg = LDNS_SIGN_HMACMD5;
00127         }
00128 
00129         LDNS_FREE(d);
00130 
00131         switch(alg) {
00132                 case LDNS_SIGN_RSAMD5:
00133                 case LDNS_SIGN_RSASHA1:
00134 
00135                         ldns_key_set_algorithm(k, alg);
00136                         ldns_key_set_rsa_key(k, ldns_key_new_frm_fp_rsa_l(fp, line_nr));
00137 
00138                         break;
00139                 case LDNS_SIGN_DSA:
00140                         ldns_key_set_algorithm(k, alg);
00141                         ldns_key_set_dsa_key(k, ldns_key_new_frm_fp_dsa_l(fp, line_nr));
00142                         break;
00143                 case LDNS_SIGN_HMACMD5:
00144                         ldns_key_set_algorithm(k, alg);
00145                         hmac = ldns_key_new_frm_fp_hmac_l(fp, line_nr, &hmac_size);
00146                         ldns_key_set_hmac_size(k, hmac_size);
00147                         ldns_key_set_hmac_key(k, hmac);
00148                         break;
00149                 case 0:
00150                 default:
00151                         return LDNS_STATUS_SYNTAX_ALG_ERR;
00152                         break;
00153         }
00154 
00155         key_rr = ldns_key2rr(k);
00156         ldns_key_set_keytag(k, ldns_calc_keytag(key_rr));
00157         ldns_rr_free(key_rr);
00158         if (key) {
00159                 *key = k;
00160                 return LDNS_STATUS_OK;
00161         }
00162         return LDNS_STATUS_ERR;
00163 }
00164 
00165 RSA *
00166 ldns_key_new_frm_fp_rsa(FILE *f)
00167 {
00168         return ldns_key_new_frm_fp_rsa_l(f, NULL);
00169 }
00170 
00171 RSA *
00172 ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
00173 {
00174         /* we parse
00175          * Modulus: 
00176          * PublicExponent: 
00177          * PrivateExponent: 
00178          * Prime1: 
00179          * Prime2: 
00180          * Exponent1: 
00181          * Exponent2: 
00182          * Coefficient: 
00183          *
00184          * man 3 RSA:
00185          *
00186          * struct
00187          *     {
00188          *     BIGNUM *n;              // public modulus
00189          *     BIGNUM *e;              // public exponent
00190          *     BIGNUM *d;              // private exponent
00191          *     BIGNUM *p;              // secret prime factor
00192          *     BIGNUM *q;              // secret prime factor
00193          *     BIGNUM *dmp1;           // d mod (p-1)
00194          *     BIGNUM *dmq1;           // d mod (q-1)
00195          *     BIGNUM *iqmp;           // q^-1 mod p
00196          *     // ...
00197          *
00198          */
00199         char *d;
00200         RSA *rsa;
00201         uint8_t *buf;
00202         int i;
00203 
00204         d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
00205         buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
00206         rsa = RSA_new();
00207         if (!d || !rsa || !buf) {
00208                 return NULL;
00209         }
00210 
00211         /* I could use functions again, but that seems an overkill,
00212          * allthough this also looks tedious 
00213          */
00214 
00215         /* Modules, rsa->n */
00216         if (ldns_fget_keyword_data_l(f, "Modulus", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00217                 goto error;
00218         }
00219         i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00220         rsa->n = BN_bin2bn((const char unsigned*)buf, i, NULL);
00221         if (!rsa->n) {
00222                 goto error;
00223         }
00224 
00225         /* PublicExponent, rsa->e */
00226         if (ldns_fget_keyword_data_l(f, "PublicExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00227                 goto error;
00228         }
00229         i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00230         rsa->e = BN_bin2bn((const char unsigned*)buf, i, NULL);
00231         if (!rsa->e) {
00232                 goto error;
00233         }
00234 
00235         /* PrivateExponent, rsa->d */
00236         if (ldns_fget_keyword_data_l(f, "PrivateExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00237                 goto error;
00238         }
00239         i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00240         rsa->d = BN_bin2bn((const char unsigned*)buf, i, NULL);
00241         if (!rsa->d) {
00242                 goto error;
00243         }
00244 
00245         /* Prime1, rsa->p */
00246         if (ldns_fget_keyword_data_l(f, "Prime1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00247                 goto error;
00248         }
00249         i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00250         rsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL);
00251         if (!rsa->p) {
00252                 goto error;
00253         }
00254         
00255         /* Prime2, rsa->q */
00256         if (ldns_fget_keyword_data_l(f, "Prime2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00257                 goto error;
00258         }
00259         i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00260         rsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL);
00261         if (!rsa->q) {
00262                 goto error;
00263         }
00264 
00265         /* Exponent1, rsa->dmp1 */
00266         if (ldns_fget_keyword_data_l(f, "Exponent1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00267                 goto error;
00268         }
00269         i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00270         rsa->dmp1 = BN_bin2bn((const char unsigned*)buf, i, NULL);
00271         if (!rsa->dmp1) {
00272                 goto error;
00273         }
00274         
00275         /* Exponent2, rsa->dmq1 */
00276         if (ldns_fget_keyword_data_l(f, "Exponent2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00277                 goto error;
00278         }
00279         i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00280         rsa->dmq1 = BN_bin2bn((const char unsigned*)buf, i, NULL);
00281         if (!rsa->dmq1) {
00282                 goto error;
00283         }
00284 
00285         /* Coefficient, rsa->iqmp */
00286         if (ldns_fget_keyword_data_l(f, "Coefficient", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00287                 goto error;
00288         }
00289         i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00290         rsa->iqmp = BN_bin2bn((const char unsigned*)buf, i, NULL);
00291         if (!rsa->iqmp) {
00292                 goto error;
00293         }
00294         
00295         LDNS_FREE(buf);
00296         LDNS_FREE(d);
00297         return rsa;
00298 
00299 error:
00300         LDNS_FREE(d);
00301         LDNS_FREE(buf);
00302         return NULL;
00303 }
00304 
00305 DSA *
00306 ldns_key_new_frm_fp_dsa(FILE *f)
00307 {
00308         return ldns_key_new_frm_fp_dsa_l(f, NULL);
00309 }
00310 
00311 DSA *
00312 ldns_key_new_frm_fp_dsa_l(FILE *f, int *line_nr)
00313 {
00314         int i;
00315         char *d;
00316         DSA *dsa;
00317         uint8_t *buf;
00318 
00319         line_nr = line_nr;
00320 
00321         d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
00322         buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
00323         dsa = DSA_new();
00324         if (!d || !dsa) {
00325                 return NULL;
00326         }
00327 
00328         /* the line parser removes the () from the input... */
00329 
00330         /* Prime, dsa->p */
00331         if (ldns_fget_keyword_data_l(f, "Primep", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00332                 goto error;
00333         }
00334         i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00335         dsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL);
00336         if (!dsa->p) {
00337                 goto error;
00338         }
00339 
00340         /* Subprime, dsa->q */
00341         if (ldns_fget_keyword_data_l(f, "Subprimeq", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00342                 goto error;
00343         }
00344         i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00345         dsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL);
00346         if (!dsa->q) {
00347                 goto error;
00348         }
00349 
00350         /* Base, dsa->g */
00351         if (ldns_fget_keyword_data_l(f, "Baseg", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00352                 goto error;
00353         }
00354         i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00355         dsa->g = BN_bin2bn((const char unsigned*)buf, i, NULL);
00356         if (!dsa->g) {
00357                 goto error;
00358         }
00359 
00360         /* Private key, dsa->priv_key */
00361         if (ldns_fget_keyword_data_l(f, "Private_valuex", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00362                 goto error;
00363         }
00364         i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00365         dsa->priv_key = BN_bin2bn((const char unsigned*)buf, i, NULL);
00366         if (!dsa->priv_key) {
00367                 goto error;
00368         }
00369 
00370         /* Public key, dsa->priv_key */
00371         if (ldns_fget_keyword_data_l(f, "Public_valuey", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00372                 goto error;
00373         }
00374         i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00375         dsa->pub_key = BN_bin2bn((const char unsigned*)buf, i, NULL);
00376         if (!dsa->pub_key) {
00377                 goto error;
00378         }
00379 
00380         LDNS_FREE(buf);
00381         LDNS_FREE(d);
00382 
00383         return dsa;
00384 
00385 error:
00386         LDNS_FREE(d);
00387         LDNS_FREE(buf);
00388         return NULL;
00389 }
00390 
00391 unsigned char *
00392 ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
00393 {
00394         return ldns_key_new_frm_fp_hmac_l(f, NULL, hmac_size);
00395 }
00396 
00397 unsigned char *
00398 ldns_key_new_frm_fp_hmac_l(FILE *f, int *line_nr, size_t *hmac_size)
00399 {
00400         int i;
00401         char *d;
00402         unsigned char *buf;
00403 
00404         line_nr = line_nr;
00405 
00406         d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
00407         buf = LDNS_XMALLOC(unsigned char, LDNS_MAX_LINELEN);
00408         
00409         if (ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00410                 goto error;
00411         }
00412         i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00413 
00414         *hmac_size = i;
00415         return buf;
00416         
00417         error:
00418         LDNS_FREE(d);
00419         LDNS_FREE(buf);
00420         *hmac_size = 0;
00421         return NULL;
00422 }
00423 
00424 
00425 ldns_key *
00426 ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
00427 {
00428         ldns_key *k;
00429         DSA *d;
00430         RSA *r;
00431 #ifndef HAVE_SSL
00432         int i;
00433         uint16_t offset;
00434 #endif
00435         unsigned char *hmac;
00436 
00437         k = ldns_key_new();
00438         if (!k) {
00439                 return NULL;
00440         }
00441         switch(alg) {
00442                 case LDNS_SIGN_RSAMD5:
00443                 case LDNS_SIGN_RSASHA1:
00444                         r = RSA_generate_key((int)size, RSA_3, NULL, NULL);
00445                         if (RSA_check_key(r) != 1) {
00446                                 return NULL;
00447                         }
00448                         ldns_key_set_rsa_key(k, r);
00449                         break;
00450                 case LDNS_SIGN_DSA:
00451                         d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL);
00452                         if (!d) {
00453                                 return NULL;
00454                         }
00455                         if (DSA_generate_key(d) != 1) {
00456                                 return NULL;
00457                         }
00458                         ldns_key_set_dsa_key(k, d);
00459                         break;
00460                 case LDNS_SIGN_HMACMD5:
00461                         k->_key.rsa = NULL;
00462                         k->_key.dsa = NULL;
00463                         size = size / 8;
00464                         ldns_key_set_hmac_size(k, size);
00465                          
00466                         hmac = LDNS_XMALLOC(unsigned char, size);
00467 #ifdef HAVE_SSL
00468                         if (RAND_bytes(hmac, size) != 1) {
00469                                 LDNS_FREE(hmac);
00470                                 ldns_key_free(k);
00471                                 return NULL;
00472                         }
00473 #else
00474                         while (offset + sizeof(i) < size) {
00475                           i = random();
00476                           memcpy(&hmac[offset], &i, sizeof(i));
00477                           offset += sizeof(i);
00478                         }
00479                         if (offset < size) {
00480                           i = random();
00481                           memcpy(&hmac[offset], &i, size - offset);
00482                         }
00483 #endif /* HAVE_SSL */
00484                         ldns_key_set_hmac_key(k, hmac);
00485                         
00486                         ldns_key_set_flags(k, 0);
00487                         break;
00488         }
00489         ldns_key_set_algorithm(k, alg);
00490         return k;
00491 }
00492 
00493 void
00494 ldns_key_print(FILE *output, const ldns_key *k)
00495 {
00496         char *str = ldns_key2str(k);
00497         if (str) {
00498                 fprintf(output, "%s", str);
00499         } else {
00500                 fprintf(output, "Unable to convert private key to string\n");
00501         }
00502         LDNS_FREE(str);
00503 }
00504 
00505 
00506 void
00507 ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l) 
00508 {
00509         k->_alg = l;
00510 }
00511 
00512 void
00513 ldns_key_set_flags(ldns_key *k, uint16_t f)
00514 {
00515         k->_extra.dnssec.flags = f;
00516 }
00517 
00518 void
00519 ldns_key_set_rsa_key(ldns_key *k, RSA *r)
00520 {
00521         k->_key.rsa = r;
00522 }
00523 
00524 void
00525 ldns_key_set_dsa_key(ldns_key *k, DSA *d)
00526 {
00527         k->_key.dsa  = d;
00528 }
00529 
00530 void
00531 ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
00532 {
00533         k->_key.hmac.key = hmac;
00534 }
00535 
00536 void
00537 ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
00538 {
00539         k->_key.hmac.size = hmac_size;
00540 }
00541 
00542 void
00543 ldns_key_set_origttl(ldns_key *k, uint32_t t)
00544 {
00545         k->_extra.dnssec.orig_ttl = t;
00546 }
00547 
00548 void
00549 ldns_key_set_inception(ldns_key *k, uint32_t i)
00550 {
00551         k->_extra.dnssec.inception = i;
00552 }
00553 
00554 void
00555 ldns_key_set_expiration(ldns_key *k, uint32_t e)
00556 {
00557         k->_extra.dnssec.expiration = e;
00558 }
00559 
00560 void
00561 ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
00562 {
00563         k->_pubkey_owner = r;
00564 }
00565 
00566 void
00567 ldns_key_set_keytag(ldns_key *k, uint16_t tag)
00568 {
00569         k->_extra.dnssec.keytag = tag;
00570 }
00571 
00572 /* read */
00573 size_t
00574 ldns_key_list_key_count(const ldns_key_list *key_list)
00575 {
00576                 return key_list->_key_count;
00577 }       
00578 
00579 ldns_key *
00580 ldns_key_list_key(const ldns_key_list *key, size_t nr)
00581 {       
00582         if (nr < ldns_key_list_key_count(key)) {
00583                 return key->_keys[nr];
00584         } else {
00585                 return NULL;
00586         }
00587 }
00588 
00589 ldns_signing_algorithm
00590 ldns_key_algorithm(const ldns_key *k) 
00591 {
00592         return k->_alg;
00593 }
00594 
00595 RSA *
00596 ldns_key_rsa_key(const ldns_key *k)
00597 {
00598         return k->_key.rsa;
00599 }
00600 
00601 DSA *
00602 ldns_key_dsa_key(const ldns_key *k)
00603 {
00604         return k->_key.dsa;
00605 }
00606 
00607 unsigned char *
00608 ldns_key_hmac_key(const ldns_key *k)
00609 {
00610         return k->_key.hmac.key;
00611 }
00612 
00613 size_t
00614 ldns_key_hmac_size(const ldns_key *k)
00615 {
00616         return k->_key.hmac.size;
00617 }
00618 
00619 uint32_t
00620 ldns_key_origttl(const ldns_key *k)
00621 {
00622         return k->_extra.dnssec.orig_ttl;
00623 }
00624 
00625 uint16_t
00626 ldns_key_flags(const ldns_key *k)
00627 {
00628         return k->_extra.dnssec.flags;
00629 }
00630 
00631 uint32_t
00632 ldns_key_inception(const ldns_key *k)
00633 {
00634         return k->_extra.dnssec.inception;
00635 }
00636 
00637 uint32_t
00638 ldns_key_expiration(const ldns_key *k)
00639 {
00640         return k->_extra.dnssec.expiration;
00641 }
00642 
00643 uint16_t
00644 ldns_key_keytag(const ldns_key *k)
00645 {
00646         return k->_extra.dnssec.keytag;
00647 }
00648 
00649 ldns_rdf *
00650 ldns_key_pubkey_owner(const ldns_key *k)
00651 {
00652         return k->_pubkey_owner;
00653 }
00654 
00655 /* write */
00656 void            
00657 ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
00658 {
00659                 key->_key_count = count;
00660 }       
00661 
00662 bool             
00663 ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
00664 {       
00665         size_t key_count;
00666         ldns_key **keys;
00667 
00668         key_count = ldns_key_list_key_count(key_list);
00669         keys = key_list->_keys;
00670 
00671         /* grow the array */
00672         keys = LDNS_XREALLOC(
00673                 key_list->_keys, ldns_key *, key_count + 1);
00674         if (!keys) {
00675                 return false;
00676         }
00677 
00678         /* add the new member */
00679         key_list->_keys = keys;
00680         key_list->_keys[key_count] = key;
00681 
00682         ldns_key_list_set_key_count(key_list, key_count + 1);
00683         return true;
00684 }
00685 
00686 ldns_key *
00687 ldns_key_list_pop_key(ldns_key_list *key_list)
00688 {                               
00689         size_t key_count;
00690         ldns_key *pop;
00691 
00692         if (!key_list) {
00693                 return NULL;
00694         }
00695         
00696         key_count = ldns_key_list_key_count(key_list);
00697         if (key_count == 0) {
00698                 return NULL;
00699         }       
00700         
00701         pop = ldns_key_list_key(key_list, key_count);
00702         
00703         /* shrink the array */
00704         key_list->_keys = LDNS_XREALLOC(
00705                 key_list->_keys, ldns_key *, key_count - 1);
00706 
00707         ldns_key_list_set_key_count(key_list, key_count - 1);
00708 
00709         return pop;
00710 }       
00711 
00712 static bool
00713 ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size)
00714 {
00715         int i,j;
00716         
00717         if (!k) {
00718                 return false;
00719         }
00720         
00721         if (BN_num_bytes(k->e) <= 256) {
00722                 /* normally only this path is executed (small factors are
00723                  * more common 
00724                  */
00725                 data[0] = (unsigned char) BN_num_bytes(k->e);
00726                 i = BN_bn2bin(k->e, data + 1);  
00727                 j = BN_bn2bin(k->n, data + i + 1);
00728                 *size = (uint16_t) i + j;
00729         } else if (BN_num_bytes(k->e) <= 65536) {
00730                 data[0] = 0;
00731                 /* BN_bn2bin does bigendian, _uint16 also */
00732                 ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(k->e)); 
00733 
00734                 BN_bn2bin(k->e, data + 3); 
00735                 BN_bn2bin(k->n, data + 4 + BN_num_bytes(k->e));
00736                 *size = (uint16_t) BN_num_bytes(k->n) + 6;
00737         } else {
00738                 return false;
00739         }
00740         return true;
00741 }
00742 
00743 static bool
00744 ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size)
00745 {
00746         uint8_t T;
00747 
00748         if (!k) {
00749                 return false;
00750         }
00751         
00752         /* See RFC2536 */
00753         *size = (uint16_t)BN_num_bytes(k->g);
00754         T = (*size - 64) / 8;
00755         memcpy(data, &T, 1);
00756 
00757         if (T > 8) {
00758                 return false;
00759         }
00760 
00761         /* size = 64 + (T * 8); */
00762         data[0] = (unsigned char)T;
00763         BN_bn2bin(k->q, data + 1 );             /* 20 octects */
00764         BN_bn2bin(k->p, data + 21 );            /* offset octects */
00765         BN_bn2bin(k->g, data + 21 + *size);     /* offset octets */
00766         BN_bn2bin(k->pub_key, data + 21 + *size + *size); /* offset octets */
00767         *size = 20 + (*size * 3);
00768         return true;
00769 }
00770 
00771 ldns_rr *
00772 ldns_key2rr(const ldns_key *k)
00773 {
00774         /* this function will convert a the keydata contained in
00775          * rsa/dsa pointers to a DNSKEY rr. It will fill in as
00776          * much as it can, but it does not know about key-flags
00777          * for instance
00778          */
00779         ldns_rr *pubkey;
00780         ldns_rdf *keybin;
00781         unsigned char *bin;
00782         uint16_t size;
00783 
00784         pubkey = ldns_rr_new();
00785         if (!k) {
00786                 return NULL;
00787         }
00788 
00789         bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
00790         if (!bin) {
00791                 return NULL;
00792         }
00793 
00794         switch (ldns_key_algorithm(k)) {
00795         case LDNS_SIGN_HMACMD5:
00796                 ldns_rr_set_type(pubkey, LDNS_RR_TYPE_KEY);
00797                 break;
00798         default:
00799                 ldns_rr_set_type(pubkey, LDNS_RR_TYPE_DNSKEY);
00800                 break;
00801         }
00802         /* zero-th rdf - flags */
00803         ldns_rr_push_rdf(pubkey,
00804                         ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, 
00805                                 ldns_key_flags(k)));
00806         /* first - proto */
00807         ldns_rr_push_rdf(pubkey, 
00808                         ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, LDNS_DNSSEC_KEYPROTO));
00809         
00810         if (ldns_key_pubkey_owner(k)) {
00811                 ldns_rr_set_owner(pubkey, ldns_rdf_clone(ldns_key_pubkey_owner(k)));
00812         }
00813         
00814         /* third - da algorithm */
00815         switch(ldns_key_algorithm(k)) {
00816                 case LDNS_SIGN_RSAMD5:
00817                         ldns_rr_push_rdf(pubkey,
00818                                         ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_RSAMD5));
00819                         if (!ldns_key_rsa2bin(bin, ldns_key_rsa_key(k), &size)) {
00820                                 return NULL;
00821                         }
00822                         break;
00823                 case LDNS_SIGN_RSASHA1:
00824                         ldns_rr_push_rdf(pubkey,
00825                                         ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_RSASHA1));
00826                         if (!ldns_key_rsa2bin(bin, ldns_key_rsa_key(k), &size)) {
00827                                 return NULL;
00828                         }
00829                         break;
00830                 case LDNS_SIGN_DSA:
00831                         ldns_rr_push_rdf(pubkey,
00832                                         ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA));
00833                         if (!ldns_key_dsa2bin(bin, ldns_key_dsa_key(k), &size)) {
00834                                 return NULL;
00835                         }
00836                         break;
00837                 case LDNS_SIGN_HMACMD5:
00838                         /* tja */
00839                         ldns_rr_push_rdf(pubkey,
00840                                          ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_SIGN_HMACMD5));
00841                         size = ldns_key_hmac_size(k);
00842                         bin = LDNS_XREALLOC(bin, unsigned char, size);
00843                         memcpy(bin, ldns_key_hmac_key(k), size);
00844                         break;
00845         }
00846         /* fourth the key bin material */
00847         /* MIEK, not sure about this +1. I've re-added it--needs checking */
00848         /* TODO: and i've removed it again, it's certainly wrong for HMAC */
00849         keybin = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, size, bin);
00850         LDNS_FREE(bin);
00851         ldns_rr_push_rdf(pubkey, keybin);
00852         return pubkey;
00853 }
00854 
00855 void
00856 ldns_key_free(ldns_key *key)
00857 {
00858         LDNS_FREE(key);
00859 }
00860 
00861 void
00862 ldns_key_deep_free(ldns_key *key)
00863 {
00864         if (ldns_key_pubkey_owner(key)) {
00865                 ldns_rdf_deep_free(ldns_key_pubkey_owner(key));
00866         }
00867         switch(ldns_key_algorithm(key)) {
00868         case LDNS_SIGN_RSASHA1:
00869         case LDNS_SIGN_RSAMD5:
00870                 if (ldns_key_rsa_key(key)) {
00871                         RSA_free(ldns_key_rsa_key(key));
00872                 }
00873                 break;
00874         case LDNS_SIGN_DSA:
00875                 if (ldns_key_dsa_key(key)) {
00876                         DSA_free(ldns_key_dsa_key(key));
00877                 }
00878                 break;
00879         case LDNS_SIGN_HMACMD5:
00880                 break;
00881         }
00882         if (ldns_key_hmac_key(key)) {
00883                 free(ldns_key_hmac_key(key));
00884         }       
00885         LDNS_FREE(key);
00886 }
00887 
00888 void
00889 ldns_key_list_free(ldns_key_list *key_list)
00890 {
00891         size_t i;
00892         for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
00893                 ldns_key_deep_free(ldns_key_list_key(key_list, i));
00894         }
00895         LDNS_FREE(key_list->_keys);
00896         LDNS_FREE(key_list);
00897 }
00898 #endif /* HAVE_SSL */

Generated on Thu Nov 29 13:38:26 2007 for ldns by  doxygen 1.5.2