00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013 #include <ldns/config.h>
00014
00015 #include <ldns/ldns.h>
00016
00017 #ifdef HAVE_SSL
00018 #include <openssl/ssl.h>
00019 #include <openssl/rand.h>
00020 #endif
00021
00022 ldns_lookup_table ldns_signing_algorithms[] = {
00023 { LDNS_SIGN_RSAMD5, "RSAMD5" },
00024 { LDNS_SIGN_RSASHA1, "RSASHA1" },
00025 { LDNS_SIGN_DSA, "DSAMD5" },
00026 { LDNS_SIGN_HMACMD5, "hmac-md5.sig-alg.reg.int" },
00027 { 0, NULL }
00028 };
00029
00030 #ifdef HAVE_SSL
00031 ldns_key_list *
00032 ldns_key_list_new()
00033 {
00034 ldns_key_list *key_list = LDNS_MALLOC(ldns_key_list);
00035 if (!key_list) {
00036 return NULL;
00037 } else {
00038 key_list->_key_count = 0;
00039 key_list->_keys = NULL;
00040 return key_list;
00041 }
00042 }
00043
00044 ldns_key *
00045 ldns_key_new()
00046 {
00047 ldns_key *newkey;
00048
00049 newkey = LDNS_MALLOC(ldns_key);
00050 if (!newkey) {
00051 return NULL;
00052 } else {
00053
00054 ldns_key_set_flags(newkey, LDNS_KEY_ZONE_KEY);
00055 ldns_key_set_origttl(newkey, 0);
00056 ldns_key_set_keytag(newkey, 0);
00057 ldns_key_set_inception(newkey, 0);
00058 ldns_key_set_expiration(newkey, 0);
00059 ldns_key_set_pubkey_owner(newkey, NULL);
00060 ldns_key_set_rsa_key(newkey, NULL);
00061 ldns_key_set_dsa_key(newkey, NULL);
00062 ldns_key_set_hmac_key(newkey, NULL);
00063 return newkey;
00064 }
00065 }
00066
00067 ldns_status
00068 ldns_key_new_frm_fp(ldns_key **k, FILE *fp)
00069 {
00070 return ldns_key_new_frm_fp_l(k, fp, NULL);
00071 }
00072
00073 ldns_status
00074 ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
00075 {
00076 ldns_key *k;
00077 char *d;
00078 ldns_signing_algorithm alg;
00079 ldns_rr *key_rr;
00080 unsigned char *hmac;
00081 size_t hmac_size;
00082
00083 k = ldns_key_new();
00084
00085 d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
00086 if (!k || !d) {
00087 return LDNS_STATUS_MEM_ERR;
00088 }
00089
00090 alg = 0;
00091
00092
00093
00094
00095
00096
00097
00098
00099 if (ldns_fget_keyword_data_l(fp, "Private-key-format", ": ", d, "\n",
00100 LDNS_MAX_LINELEN, line_nr) == -1) {
00101
00102 return LDNS_STATUS_SYNTAX_ERR;
00103 }
00104 if (strncmp(d, "v1.2", strlen(d)) != 0) {
00105 return LDNS_STATUS_SYNTAX_VERSION_ERR;
00106 }
00107
00108
00109
00110 if (ldns_fget_keyword_data_l(fp, "Algorithm", ": ", d, "\n",
00111 LDNS_MAX_LINELEN, line_nr) == -1) {
00112
00113 return LDNS_STATUS_SYNTAX_ALG_ERR;
00114 }
00115
00116 if (strncmp(d, "1 RSA", 2) == 0) {
00117 alg = LDNS_SIGN_RSAMD5;
00118 }
00119 if (strncmp(d, "3 DSA", 2) == 0) {
00120 alg = LDNS_SIGN_DSA;
00121 }
00122 if (strncmp(d, "5 RSASHA1", 2) == 0) {
00123 alg = LDNS_SIGN_RSASHA1;
00124 }
00125 if (strncmp(d, "157 HMAC-MD5", 4) == 0) {
00126 alg = LDNS_SIGN_HMACMD5;
00127 }
00128
00129 LDNS_FREE(d);
00130
00131 switch(alg) {
00132 case LDNS_SIGN_RSAMD5:
00133 case LDNS_SIGN_RSASHA1:
00134
00135 ldns_key_set_algorithm(k, alg);
00136 ldns_key_set_rsa_key(k, ldns_key_new_frm_fp_rsa_l(fp, line_nr));
00137
00138 break;
00139 case LDNS_SIGN_DSA:
00140 ldns_key_set_algorithm(k, alg);
00141 ldns_key_set_dsa_key(k, ldns_key_new_frm_fp_dsa_l(fp, line_nr));
00142 break;
00143 case LDNS_SIGN_HMACMD5:
00144 ldns_key_set_algorithm(k, alg);
00145 hmac = ldns_key_new_frm_fp_hmac_l(fp, line_nr, &hmac_size);
00146 ldns_key_set_hmac_size(k, hmac_size);
00147 ldns_key_set_hmac_key(k, hmac);
00148 break;
00149 case 0:
00150 default:
00151 return LDNS_STATUS_SYNTAX_ALG_ERR;
00152 break;
00153 }
00154
00155 key_rr = ldns_key2rr(k);
00156 ldns_key_set_keytag(k, ldns_calc_keytag(key_rr));
00157 ldns_rr_free(key_rr);
00158 if (key) {
00159 *key = k;
00160 return LDNS_STATUS_OK;
00161 }
00162 return LDNS_STATUS_ERR;
00163 }
00164
00165 RSA *
00166 ldns_key_new_frm_fp_rsa(FILE *f)
00167 {
00168 return ldns_key_new_frm_fp_rsa_l(f, NULL);
00169 }
00170
00171 RSA *
00172 ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr)
00173 {
00174
00175
00176
00177
00178
00179
00180
00181
00182
00183
00184
00185
00186
00187
00188
00189
00190
00191
00192
00193
00194
00195
00196
00197
00198
00199 char *d;
00200 RSA *rsa;
00201 uint8_t *buf;
00202 int i;
00203
00204 d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
00205 buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
00206 rsa = RSA_new();
00207 if (!d || !rsa || !buf) {
00208 return NULL;
00209 }
00210
00211
00212
00213
00214
00215
00216 if (ldns_fget_keyword_data_l(f, "Modulus", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00217 goto error;
00218 }
00219 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00220 rsa->n = BN_bin2bn((const char unsigned*)buf, i, NULL);
00221 if (!rsa->n) {
00222 goto error;
00223 }
00224
00225
00226 if (ldns_fget_keyword_data_l(f, "PublicExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00227 goto error;
00228 }
00229 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00230 rsa->e = BN_bin2bn((const char unsigned*)buf, i, NULL);
00231 if (!rsa->e) {
00232 goto error;
00233 }
00234
00235
00236 if (ldns_fget_keyword_data_l(f, "PrivateExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00237 goto error;
00238 }
00239 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00240 rsa->d = BN_bin2bn((const char unsigned*)buf, i, NULL);
00241 if (!rsa->d) {
00242 goto error;
00243 }
00244
00245
00246 if (ldns_fget_keyword_data_l(f, "Prime1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00247 goto error;
00248 }
00249 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00250 rsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL);
00251 if (!rsa->p) {
00252 goto error;
00253 }
00254
00255
00256 if (ldns_fget_keyword_data_l(f, "Prime2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00257 goto error;
00258 }
00259 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00260 rsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL);
00261 if (!rsa->q) {
00262 goto error;
00263 }
00264
00265
00266 if (ldns_fget_keyword_data_l(f, "Exponent1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00267 goto error;
00268 }
00269 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00270 rsa->dmp1 = BN_bin2bn((const char unsigned*)buf, i, NULL);
00271 if (!rsa->dmp1) {
00272 goto error;
00273 }
00274
00275
00276 if (ldns_fget_keyword_data_l(f, "Exponent2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00277 goto error;
00278 }
00279 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00280 rsa->dmq1 = BN_bin2bn((const char unsigned*)buf, i, NULL);
00281 if (!rsa->dmq1) {
00282 goto error;
00283 }
00284
00285
00286 if (ldns_fget_keyword_data_l(f, "Coefficient", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00287 goto error;
00288 }
00289 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00290 rsa->iqmp = BN_bin2bn((const char unsigned*)buf, i, NULL);
00291 if (!rsa->iqmp) {
00292 goto error;
00293 }
00294
00295 LDNS_FREE(buf);
00296 LDNS_FREE(d);
00297 return rsa;
00298
00299 error:
00300 LDNS_FREE(d);
00301 LDNS_FREE(buf);
00302 return NULL;
00303 }
00304
00305 DSA *
00306 ldns_key_new_frm_fp_dsa(FILE *f)
00307 {
00308 return ldns_key_new_frm_fp_dsa_l(f, NULL);
00309 }
00310
00311 DSA *
00312 ldns_key_new_frm_fp_dsa_l(FILE *f, int *line_nr)
00313 {
00314 int i;
00315 char *d;
00316 DSA *dsa;
00317 uint8_t *buf;
00318
00319 line_nr = line_nr;
00320
00321 d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
00322 buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN);
00323 dsa = DSA_new();
00324 if (!d || !dsa) {
00325 return NULL;
00326 }
00327
00328
00329
00330
00331 if (ldns_fget_keyword_data_l(f, "Primep", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00332 goto error;
00333 }
00334 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00335 dsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL);
00336 if (!dsa->p) {
00337 goto error;
00338 }
00339
00340
00341 if (ldns_fget_keyword_data_l(f, "Subprimeq", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00342 goto error;
00343 }
00344 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00345 dsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL);
00346 if (!dsa->q) {
00347 goto error;
00348 }
00349
00350
00351 if (ldns_fget_keyword_data_l(f, "Baseg", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00352 goto error;
00353 }
00354 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00355 dsa->g = BN_bin2bn((const char unsigned*)buf, i, NULL);
00356 if (!dsa->g) {
00357 goto error;
00358 }
00359
00360
00361 if (ldns_fget_keyword_data_l(f, "Private_valuex", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00362 goto error;
00363 }
00364 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00365 dsa->priv_key = BN_bin2bn((const char unsigned*)buf, i, NULL);
00366 if (!dsa->priv_key) {
00367 goto error;
00368 }
00369
00370
00371 if (ldns_fget_keyword_data_l(f, "Public_valuey", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00372 goto error;
00373 }
00374 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00375 dsa->pub_key = BN_bin2bn((const char unsigned*)buf, i, NULL);
00376 if (!dsa->pub_key) {
00377 goto error;
00378 }
00379
00380 LDNS_FREE(buf);
00381 LDNS_FREE(d);
00382
00383 return dsa;
00384
00385 error:
00386 LDNS_FREE(d);
00387 LDNS_FREE(buf);
00388 return NULL;
00389 }
00390
00391 unsigned char *
00392 ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size)
00393 {
00394 return ldns_key_new_frm_fp_hmac_l(f, NULL, hmac_size);
00395 }
00396
00397 unsigned char *
00398 ldns_key_new_frm_fp_hmac_l(FILE *f, int *line_nr, size_t *hmac_size)
00399 {
00400 int i;
00401 char *d;
00402 unsigned char *buf;
00403
00404 line_nr = line_nr;
00405
00406 d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
00407 buf = LDNS_XMALLOC(unsigned char, LDNS_MAX_LINELEN);
00408
00409 if (ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
00410 goto error;
00411 }
00412 i = b64_pton((const char*)d, buf, b64_ntop_calculate_size(strlen(d)));
00413
00414 *hmac_size = i;
00415 return buf;
00416
00417 error:
00418 LDNS_FREE(d);
00419 LDNS_FREE(buf);
00420 *hmac_size = 0;
00421 return NULL;
00422 }
00423
00424
00425 ldns_key *
00426 ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
00427 {
00428 ldns_key *k;
00429 DSA *d;
00430 RSA *r;
00431 #ifndef HAVE_SSL
00432 int i;
00433 uint16_t offset;
00434 #endif
00435 unsigned char *hmac;
00436
00437 k = ldns_key_new();
00438 if (!k) {
00439 return NULL;
00440 }
00441 switch(alg) {
00442 case LDNS_SIGN_RSAMD5:
00443 case LDNS_SIGN_RSASHA1:
00444 r = RSA_generate_key((int)size, RSA_3, NULL, NULL);
00445 if (RSA_check_key(r) != 1) {
00446 return NULL;
00447 }
00448 ldns_key_set_rsa_key(k, r);
00449 break;
00450 case LDNS_SIGN_DSA:
00451 d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL);
00452 if (!d) {
00453 return NULL;
00454 }
00455 if (DSA_generate_key(d) != 1) {
00456 return NULL;
00457 }
00458 ldns_key_set_dsa_key(k, d);
00459 break;
00460 case LDNS_SIGN_HMACMD5:
00461 k->_key.rsa = NULL;
00462 k->_key.dsa = NULL;
00463 size = size / 8;
00464 ldns_key_set_hmac_size(k, size);
00465
00466 hmac = LDNS_XMALLOC(unsigned char, size);
00467 #ifdef HAVE_SSL
00468 if (RAND_bytes(hmac, size) != 1) {
00469 LDNS_FREE(hmac);
00470 ldns_key_free(k);
00471 return NULL;
00472 }
00473 #else
00474 while (offset + sizeof(i) < size) {
00475 i = random();
00476 memcpy(&hmac[offset], &i, sizeof(i));
00477 offset += sizeof(i);
00478 }
00479 if (offset < size) {
00480 i = random();
00481 memcpy(&hmac[offset], &i, size - offset);
00482 }
00483 #endif
00484 ldns_key_set_hmac_key(k, hmac);
00485
00486 ldns_key_set_flags(k, 0);
00487 break;
00488 }
00489 ldns_key_set_algorithm(k, alg);
00490 return k;
00491 }
00492
00493 void
00494 ldns_key_print(FILE *output, const ldns_key *k)
00495 {
00496 char *str = ldns_key2str(k);
00497 if (str) {
00498 fprintf(output, "%s", str);
00499 } else {
00500 fprintf(output, "Unable to convert private key to string\n");
00501 }
00502 LDNS_FREE(str);
00503 }
00504
00505
00506 void
00507 ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l)
00508 {
00509 k->_alg = l;
00510 }
00511
00512 void
00513 ldns_key_set_flags(ldns_key *k, uint16_t f)
00514 {
00515 k->_extra.dnssec.flags = f;
00516 }
00517
00518 void
00519 ldns_key_set_rsa_key(ldns_key *k, RSA *r)
00520 {
00521 k->_key.rsa = r;
00522 }
00523
00524 void
00525 ldns_key_set_dsa_key(ldns_key *k, DSA *d)
00526 {
00527 k->_key.dsa = d;
00528 }
00529
00530 void
00531 ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac)
00532 {
00533 k->_key.hmac.key = hmac;
00534 }
00535
00536 void
00537 ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size)
00538 {
00539 k->_key.hmac.size = hmac_size;
00540 }
00541
00542 void
00543 ldns_key_set_origttl(ldns_key *k, uint32_t t)
00544 {
00545 k->_extra.dnssec.orig_ttl = t;
00546 }
00547
00548 void
00549 ldns_key_set_inception(ldns_key *k, uint32_t i)
00550 {
00551 k->_extra.dnssec.inception = i;
00552 }
00553
00554 void
00555 ldns_key_set_expiration(ldns_key *k, uint32_t e)
00556 {
00557 k->_extra.dnssec.expiration = e;
00558 }
00559
00560 void
00561 ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r)
00562 {
00563 k->_pubkey_owner = r;
00564 }
00565
00566 void
00567 ldns_key_set_keytag(ldns_key *k, uint16_t tag)
00568 {
00569 k->_extra.dnssec.keytag = tag;
00570 }
00571
00572
00573 size_t
00574 ldns_key_list_key_count(const ldns_key_list *key_list)
00575 {
00576 return key_list->_key_count;
00577 }
00578
00579 ldns_key *
00580 ldns_key_list_key(const ldns_key_list *key, size_t nr)
00581 {
00582 if (nr < ldns_key_list_key_count(key)) {
00583 return key->_keys[nr];
00584 } else {
00585 return NULL;
00586 }
00587 }
00588
00589 ldns_signing_algorithm
00590 ldns_key_algorithm(const ldns_key *k)
00591 {
00592 return k->_alg;
00593 }
00594
00595 RSA *
00596 ldns_key_rsa_key(const ldns_key *k)
00597 {
00598 return k->_key.rsa;
00599 }
00600
00601 DSA *
00602 ldns_key_dsa_key(const ldns_key *k)
00603 {
00604 return k->_key.dsa;
00605 }
00606
00607 unsigned char *
00608 ldns_key_hmac_key(const ldns_key *k)
00609 {
00610 return k->_key.hmac.key;
00611 }
00612
00613 size_t
00614 ldns_key_hmac_size(const ldns_key *k)
00615 {
00616 return k->_key.hmac.size;
00617 }
00618
00619 uint32_t
00620 ldns_key_origttl(const ldns_key *k)
00621 {
00622 return k->_extra.dnssec.orig_ttl;
00623 }
00624
00625 uint16_t
00626 ldns_key_flags(const ldns_key *k)
00627 {
00628 return k->_extra.dnssec.flags;
00629 }
00630
00631 uint32_t
00632 ldns_key_inception(const ldns_key *k)
00633 {
00634 return k->_extra.dnssec.inception;
00635 }
00636
00637 uint32_t
00638 ldns_key_expiration(const ldns_key *k)
00639 {
00640 return k->_extra.dnssec.expiration;
00641 }
00642
00643 uint16_t
00644 ldns_key_keytag(const ldns_key *k)
00645 {
00646 return k->_extra.dnssec.keytag;
00647 }
00648
00649 ldns_rdf *
00650 ldns_key_pubkey_owner(const ldns_key *k)
00651 {
00652 return k->_pubkey_owner;
00653 }
00654
00655
00656 void
00657 ldns_key_list_set_key_count(ldns_key_list *key, size_t count)
00658 {
00659 key->_key_count = count;
00660 }
00661
00662 bool
00663 ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key)
00664 {
00665 size_t key_count;
00666 ldns_key **keys;
00667
00668 key_count = ldns_key_list_key_count(key_list);
00669 keys = key_list->_keys;
00670
00671
00672 keys = LDNS_XREALLOC(
00673 key_list->_keys, ldns_key *, key_count + 1);
00674 if (!keys) {
00675 return false;
00676 }
00677
00678
00679 key_list->_keys = keys;
00680 key_list->_keys[key_count] = key;
00681
00682 ldns_key_list_set_key_count(key_list, key_count + 1);
00683 return true;
00684 }
00685
00686 ldns_key *
00687 ldns_key_list_pop_key(ldns_key_list *key_list)
00688 {
00689 size_t key_count;
00690 ldns_key *pop;
00691
00692 if (!key_list) {
00693 return NULL;
00694 }
00695
00696 key_count = ldns_key_list_key_count(key_list);
00697 if (key_count == 0) {
00698 return NULL;
00699 }
00700
00701 pop = ldns_key_list_key(key_list, key_count);
00702
00703
00704 key_list->_keys = LDNS_XREALLOC(
00705 key_list->_keys, ldns_key *, key_count - 1);
00706
00707 ldns_key_list_set_key_count(key_list, key_count - 1);
00708
00709 return pop;
00710 }
00711
00712 static bool
00713 ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size)
00714 {
00715 int i,j;
00716
00717 if (!k) {
00718 return false;
00719 }
00720
00721 if (BN_num_bytes(k->e) <= 256) {
00722
00723
00724
00725 data[0] = (unsigned char) BN_num_bytes(k->e);
00726 i = BN_bn2bin(k->e, data + 1);
00727 j = BN_bn2bin(k->n, data + i + 1);
00728 *size = (uint16_t) i + j;
00729 } else if (BN_num_bytes(k->e) <= 65536) {
00730 data[0] = 0;
00731
00732 ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(k->e));
00733
00734 BN_bn2bin(k->e, data + 3);
00735 BN_bn2bin(k->n, data + 4 + BN_num_bytes(k->e));
00736 *size = (uint16_t) BN_num_bytes(k->n) + 6;
00737 } else {
00738 return false;
00739 }
00740 return true;
00741 }
00742
00743 static bool
00744 ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size)
00745 {
00746 uint8_t T;
00747
00748 if (!k) {
00749 return false;
00750 }
00751
00752
00753 *size = (uint16_t)BN_num_bytes(k->g);
00754 T = (*size - 64) / 8;
00755 memcpy(data, &T, 1);
00756
00757 if (T > 8) {
00758 return false;
00759 }
00760
00761
00762 data[0] = (unsigned char)T;
00763 BN_bn2bin(k->q, data + 1 );
00764 BN_bn2bin(k->p, data + 21 );
00765 BN_bn2bin(k->g, data + 21 + *size);
00766 BN_bn2bin(k->pub_key, data + 21 + *size + *size);
00767 *size = 20 + (*size * 3);
00768 return true;
00769 }
00770
00771 ldns_rr *
00772 ldns_key2rr(const ldns_key *k)
00773 {
00774
00775
00776
00777
00778
00779 ldns_rr *pubkey;
00780 ldns_rdf *keybin;
00781 unsigned char *bin;
00782 uint16_t size;
00783
00784 pubkey = ldns_rr_new();
00785 if (!k) {
00786 return NULL;
00787 }
00788
00789 bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN);
00790 if (!bin) {
00791 return NULL;
00792 }
00793
00794 switch (ldns_key_algorithm(k)) {
00795 case LDNS_SIGN_HMACMD5:
00796 ldns_rr_set_type(pubkey, LDNS_RR_TYPE_KEY);
00797 break;
00798 default:
00799 ldns_rr_set_type(pubkey, LDNS_RR_TYPE_DNSKEY);
00800 break;
00801 }
00802
00803 ldns_rr_push_rdf(pubkey,
00804 ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16,
00805 ldns_key_flags(k)));
00806
00807 ldns_rr_push_rdf(pubkey,
00808 ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, LDNS_DNSSEC_KEYPROTO));
00809
00810 if (ldns_key_pubkey_owner(k)) {
00811 ldns_rr_set_owner(pubkey, ldns_rdf_clone(ldns_key_pubkey_owner(k)));
00812 }
00813
00814
00815 switch(ldns_key_algorithm(k)) {
00816 case LDNS_SIGN_RSAMD5:
00817 ldns_rr_push_rdf(pubkey,
00818 ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_RSAMD5));
00819 if (!ldns_key_rsa2bin(bin, ldns_key_rsa_key(k), &size)) {
00820 return NULL;
00821 }
00822 break;
00823 case LDNS_SIGN_RSASHA1:
00824 ldns_rr_push_rdf(pubkey,
00825 ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_RSASHA1));
00826 if (!ldns_key_rsa2bin(bin, ldns_key_rsa_key(k), &size)) {
00827 return NULL;
00828 }
00829 break;
00830 case LDNS_SIGN_DSA:
00831 ldns_rr_push_rdf(pubkey,
00832 ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA));
00833 if (!ldns_key_dsa2bin(bin, ldns_key_dsa_key(k), &size)) {
00834 return NULL;
00835 }
00836 break;
00837 case LDNS_SIGN_HMACMD5:
00838
00839 ldns_rr_push_rdf(pubkey,
00840 ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_SIGN_HMACMD5));
00841 size = ldns_key_hmac_size(k);
00842 bin = LDNS_XREALLOC(bin, unsigned char, size);
00843 memcpy(bin, ldns_key_hmac_key(k), size);
00844 break;
00845 }
00846
00847
00848
00849 keybin = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, size, bin);
00850 LDNS_FREE(bin);
00851 ldns_rr_push_rdf(pubkey, keybin);
00852 return pubkey;
00853 }
00854
00855 void
00856 ldns_key_free(ldns_key *key)
00857 {
00858 LDNS_FREE(key);
00859 }
00860
00861 void
00862 ldns_key_deep_free(ldns_key *key)
00863 {
00864 if (ldns_key_pubkey_owner(key)) {
00865 ldns_rdf_deep_free(ldns_key_pubkey_owner(key));
00866 }
00867 switch(ldns_key_algorithm(key)) {
00868 case LDNS_SIGN_RSASHA1:
00869 case LDNS_SIGN_RSAMD5:
00870 if (ldns_key_rsa_key(key)) {
00871 RSA_free(ldns_key_rsa_key(key));
00872 }
00873 break;
00874 case LDNS_SIGN_DSA:
00875 if (ldns_key_dsa_key(key)) {
00876 DSA_free(ldns_key_dsa_key(key));
00877 }
00878 break;
00879 case LDNS_SIGN_HMACMD5:
00880 break;
00881 }
00882 if (ldns_key_hmac_key(key)) {
00883 free(ldns_key_hmac_key(key));
00884 }
00885 LDNS_FREE(key);
00886 }
00887
00888 void
00889 ldns_key_list_free(ldns_key_list *key_list)
00890 {
00891 size_t i;
00892 for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
00893 ldns_key_deep_free(ldns_key_list_key(key_list, i));
00894 }
00895 LDNS_FREE(key_list->_keys);
00896 LDNS_FREE(key_list);
00897 }
00898 #endif