Annotation of embedaddon/strongswan/src/libstrongswan/plugins/dnskey/dnskey_builder.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (C) 2009 Martin Willi
! 3: * HSR Hochschule fuer Technik Rapperswil
! 4: *
! 5: * This program is free software; you can redistribute it and/or modify it
! 6: * under the terms of the GNU General Public License as published by the
! 7: * Free Software Foundation; either version 2 of the License, or (at your
! 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
! 9: *
! 10: * This program is distributed in the hope that it will be useful, but
! 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
! 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
! 13: * for more details.
! 14: */
! 15:
! 16: #include "dnskey_builder.h"
! 17:
! 18: #include <utils/debug.h>
! 19: #include <credentials/keys/private_key.h>
! 20:
! 21:
! 22: typedef struct dnskey_rr_t dnskey_rr_t;
! 23: typedef enum dnskey_algorithm_t dnskey_algorithm_t;
! 24:
! 25: /**
! 26: * Header of a DNSKEY resource record
! 27: */
! 28: struct dnskey_rr_t {
! 29: uint16_t flags;
! 30: uint8_t protocol;
! 31: uint8_t algorithm;
! 32: uint8_t data[];
! 33: } __attribute__((__packed__));
! 34:
! 35: /**
! 36: * DNSSEC algorithms, RFC4034 Appendix A.1.
! 37: */
! 38: enum dnskey_algorithm_t {
! 39: DNSKEY_ALG_RSA_MD5 = 1,
! 40: DNSKEY_ALG_DH = 2,
! 41: DNSKEY_ALG_DSA = 3,
! 42: DNSKEY_ALG_RSA_SHA1 = 5,
! 43: DNSKEY_ALG_DSA_NSEC3_SHA1 = 6,
! 44: DNSKEY_ALG_RSA_SHA1_NSEC3_SHA1 = 7,
! 45: DNSKEY_ALG_RSA_SHA256 = 8,
! 46: DNSKEY_ALG_RSA_SHA512 = 10,
! 47: DNSKEY_ALG_ECC_GOST = 12,
! 48: DNSKEY_ALG_ECDSA_P256_SHA256 = 13,
! 49: DNSKEY_ALG_ECDSA_P384_SHA384 = 14
! 50: };
! 51:
! 52: /**
! 53: * Load a generic public key from a DNSKEY RR blob
! 54: */
! 55: static dnskey_public_key_t *parse_public_key(chunk_t blob)
! 56: {
! 57: dnskey_rr_t *rr = (dnskey_rr_t*)blob.ptr;
! 58:
! 59: if (blob.len < sizeof(dnskey_rr_t))
! 60: {
! 61: DBG1(DBG_LIB, "DNSKEY too short");
! 62: return NULL;
! 63: }
! 64: blob = chunk_skip(blob, sizeof(dnskey_rr_t));
! 65:
! 66: switch (rr->algorithm)
! 67: {
! 68: case DNSKEY_ALG_RSA_MD5:
! 69: case DNSKEY_ALG_RSA_SHA1:
! 70: case DNSKEY_ALG_RSA_SHA1_NSEC3_SHA1:
! 71: case DNSKEY_ALG_RSA_SHA256:
! 72: case DNSKEY_ALG_RSA_SHA512:
! 73: return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
! 74: BUILD_BLOB_DNSKEY, blob, BUILD_END);
! 75: default:
! 76: DBG1(DBG_LIB, "DNSKEY public key algorithm %d not supported",
! 77: rr->algorithm);
! 78: return NULL;
! 79: }
! 80: }
! 81:
! 82: /**
! 83: * Load a RSA public key from DNSKEY RR data
! 84: */
! 85: static dnskey_public_key_t *parse_rsa_public_key(chunk_t blob)
! 86: {
! 87: chunk_t n, e;
! 88:
! 89: if (blob.len < 3)
! 90: {
! 91: DBG1(DBG_LIB, "RFC 3110 public key blob too short for exponent length");
! 92: return NULL;
! 93: }
! 94:
! 95: if (blob.ptr[0])
! 96: {
! 97: e.len = blob.ptr[0];
! 98: blob = chunk_skip(blob, 1);
! 99: }
! 100: else
! 101: {
! 102: e.len = blob.ptr[1] * 256 + blob.ptr[2];
! 103: blob = chunk_skip(blob, 3);
! 104: }
! 105: e.ptr = blob.ptr;
! 106: if (e.len >= blob.len)
! 107: {
! 108: DBG1(DBG_LIB, "RFC 3110 public key blob too short for exponent");
! 109: return NULL;
! 110: }
! 111: n = chunk_skip(blob, e.len);
! 112:
! 113: return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
! 114: BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e,
! 115: BUILD_END);
! 116: }
! 117:
! 118: /**
! 119: * See header.
! 120: */
! 121: dnskey_public_key_t *dnskey_public_key_load(key_type_t type, va_list args)
! 122: {
! 123: chunk_t blob = chunk_empty;
! 124:
! 125: while (TRUE)
! 126: {
! 127: switch (va_arg(args, builder_part_t))
! 128: {
! 129: case BUILD_BLOB_DNSKEY:
! 130: blob = va_arg(args, chunk_t);
! 131: continue;
! 132: case BUILD_END:
! 133: break;
! 134: default:
! 135: return NULL;
! 136: }
! 137: break;
! 138: }
! 139: if (!blob.ptr)
! 140: {
! 141: return NULL;
! 142: }
! 143: switch (type)
! 144: {
! 145: case KEY_ANY:
! 146: return parse_public_key(blob);
! 147: case KEY_RSA:
! 148: return parse_rsa_public_key(blob);
! 149: default:
! 150: return NULL;
! 151: }
! 152: }
! 153:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>