Return to dnskey_builder.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / dnskey |
1.1 misho 1: /* 2: * Copyright (C) 2009 Martin Willi 3: * HSR Hochschule fuer Technik Rapperswil 4: * 5: * This program is free software; you can redistribute it and/or modify it 6: * under the terms of the GNU General Public License as published by the 7: * Free Software Foundation; either version 2 of the License, or (at your 8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. 9: * 10: * This program is distributed in the hope that it will be useful, but 11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 13: * for more details. 14: */ 15: 16: #include "dnskey_builder.h" 17: 18: #include <utils/debug.h> 19: #include <credentials/keys/private_key.h> 20: 21: 22: typedef struct dnskey_rr_t dnskey_rr_t; 23: typedef enum dnskey_algorithm_t dnskey_algorithm_t; 24: 25: /** 26: * Header of a DNSKEY resource record 27: */ 28: struct dnskey_rr_t { 29: uint16_t flags; 30: uint8_t protocol; 31: uint8_t algorithm; 32: uint8_t data[]; 33: } __attribute__((__packed__)); 34: 35: /** 36: * DNSSEC algorithms, RFC4034 Appendix A.1. 37: */ 38: enum dnskey_algorithm_t { 39: DNSKEY_ALG_RSA_MD5 = 1, 40: DNSKEY_ALG_DH = 2, 41: DNSKEY_ALG_DSA = 3, 42: DNSKEY_ALG_RSA_SHA1 = 5, 43: DNSKEY_ALG_DSA_NSEC3_SHA1 = 6, 44: DNSKEY_ALG_RSA_SHA1_NSEC3_SHA1 = 7, 45: DNSKEY_ALG_RSA_SHA256 = 8, 46: DNSKEY_ALG_RSA_SHA512 = 10, 47: DNSKEY_ALG_ECC_GOST = 12, 48: DNSKEY_ALG_ECDSA_P256_SHA256 = 13, 49: DNSKEY_ALG_ECDSA_P384_SHA384 = 14 50: }; 51: 52: /** 53: * Load a generic public key from a DNSKEY RR blob 54: */ 55: static dnskey_public_key_t *parse_public_key(chunk_t blob) 56: { 57: dnskey_rr_t *rr = (dnskey_rr_t*)blob.ptr; 58: 59: if (blob.len < sizeof(dnskey_rr_t)) 60: { 61: DBG1(DBG_LIB, "DNSKEY too short"); 62: return NULL; 63: } 64: blob = chunk_skip(blob, sizeof(dnskey_rr_t)); 65: 66: switch (rr->algorithm) 67: { 68: case DNSKEY_ALG_RSA_MD5: 69: case DNSKEY_ALG_RSA_SHA1: 70: case DNSKEY_ALG_RSA_SHA1_NSEC3_SHA1: 71: case DNSKEY_ALG_RSA_SHA256: 72: case DNSKEY_ALG_RSA_SHA512: 73: return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, 74: BUILD_BLOB_DNSKEY, blob, BUILD_END); 75: default: 76: DBG1(DBG_LIB, "DNSKEY public key algorithm %d not supported", 77: rr->algorithm); 78: return NULL; 79: } 80: } 81: 82: /** 83: * Load a RSA public key from DNSKEY RR data 84: */ 85: static dnskey_public_key_t *parse_rsa_public_key(chunk_t blob) 86: { 87: chunk_t n, e; 88: 89: if (blob.len < 3) 90: { 91: DBG1(DBG_LIB, "RFC 3110 public key blob too short for exponent length"); 92: return NULL; 93: } 94: 95: if (blob.ptr[0]) 96: { 97: e.len = blob.ptr[0]; 98: blob = chunk_skip(blob, 1); 99: } 100: else 101: { 102: e.len = blob.ptr[1] * 256 + blob.ptr[2]; 103: blob = chunk_skip(blob, 3); 104: } 105: e.ptr = blob.ptr; 106: if (e.len >= blob.len) 107: { 108: DBG1(DBG_LIB, "RFC 3110 public key blob too short for exponent"); 109: return NULL; 110: } 111: n = chunk_skip(blob, e.len); 112: 113: return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, 114: BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e, 115: BUILD_END); 116: } 117: 118: /** 119: * See header. 120: */ 121: dnskey_public_key_t *dnskey_public_key_load(key_type_t type, va_list args) 122: { 123: chunk_t blob = chunk_empty; 124: 125: while (TRUE) 126: { 127: switch (va_arg(args, builder_part_t)) 128: { 129: case BUILD_BLOB_DNSKEY: 130: blob = va_arg(args, chunk_t); 131: continue; 132: case BUILD_END: 133: break; 134: default: 135: return NULL; 136: } 137: break; 138: } 139: if (!blob.ptr) 140: { 141: return NULL; 142: } 143: switch (type) 144: { 145: case KEY_ANY: 146: return parse_public_key(blob); 147: case KEY_RSA: 148: return parse_rsa_public_key(blob); 149: default: 150: return NULL; 151: } 152: } 153: