![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to dnskey_builder.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / dnskey|
Return to dnskey_builder.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / libstrongswan / plugins / dnskey |
1.1 misho 1: /*
2: * Copyright (C) 2009 Martin Willi
3: * HSR Hochschule fuer Technik Rapperswil
4: *
5: * This program is free software; you can redistribute it and/or modify it
6: * under the terms of the GNU General Public License as published by the
7: * Free Software Foundation; either version 2 of the License, or (at your
8: * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
9: *
10: * This program is distributed in the hope that it will be useful, but
11: * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
12: * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
13: * for more details.
14: */
15:
16: #include "dnskey_builder.h"
17:
18: #include <utils/debug.h>
19: #include <credentials/keys/private_key.h>
20:
21:
22: typedef struct dnskey_rr_t dnskey_rr_t;
23: typedef enum dnskey_algorithm_t dnskey_algorithm_t;
24:
25: /**
26: * Header of a DNSKEY resource record
27: */
28: struct dnskey_rr_t {
29: uint16_t flags;
30: uint8_t protocol;
31: uint8_t algorithm;
32: uint8_t data[];
33: } __attribute__((__packed__));
34:
35: /**
36: * DNSSEC algorithms, RFC4034 Appendix A.1.
37: */
38: enum dnskey_algorithm_t {
39: DNSKEY_ALG_RSA_MD5 = 1,
40: DNSKEY_ALG_DH = 2,
41: DNSKEY_ALG_DSA = 3,
42: DNSKEY_ALG_RSA_SHA1 = 5,
43: DNSKEY_ALG_DSA_NSEC3_SHA1 = 6,
44: DNSKEY_ALG_RSA_SHA1_NSEC3_SHA1 = 7,
45: DNSKEY_ALG_RSA_SHA256 = 8,
46: DNSKEY_ALG_RSA_SHA512 = 10,
47: DNSKEY_ALG_ECC_GOST = 12,
48: DNSKEY_ALG_ECDSA_P256_SHA256 = 13,
49: DNSKEY_ALG_ECDSA_P384_SHA384 = 14
50: };
51:
52: /**
53: * Load a generic public key from a DNSKEY RR blob
54: */
55: static dnskey_public_key_t *parse_public_key(chunk_t blob)
56: {
57: dnskey_rr_t *rr = (dnskey_rr_t*)blob.ptr;
58:
59: if (blob.len < sizeof(dnskey_rr_t))
60: {
61: DBG1(DBG_LIB, "DNSKEY too short");
62: return NULL;
63: }
64: blob = chunk_skip(blob, sizeof(dnskey_rr_t));
65:
66: switch (rr->algorithm)
67: {
68: case DNSKEY_ALG_RSA_MD5:
69: case DNSKEY_ALG_RSA_SHA1:
70: case DNSKEY_ALG_RSA_SHA1_NSEC3_SHA1:
71: case DNSKEY_ALG_RSA_SHA256:
72: case DNSKEY_ALG_RSA_SHA512:
73: return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
74: BUILD_BLOB_DNSKEY, blob, BUILD_END);
75: default:
76: DBG1(DBG_LIB, "DNSKEY public key algorithm %d not supported",
77: rr->algorithm);
78: return NULL;
79: }
80: }
81:
82: /**
83: * Load a RSA public key from DNSKEY RR data
84: */
85: static dnskey_public_key_t *parse_rsa_public_key(chunk_t blob)
86: {
87: chunk_t n, e;
88:
89: if (blob.len < 3)
90: {
91: DBG1(DBG_LIB, "RFC 3110 public key blob too short for exponent length");
92: return NULL;
93: }
94:
95: if (blob.ptr[0])
96: {
97: e.len = blob.ptr[0];
98: blob = chunk_skip(blob, 1);
99: }
100: else
101: {
102: e.len = blob.ptr[1] * 256 + blob.ptr[2];
103: blob = chunk_skip(blob, 3);
104: }
105: e.ptr = blob.ptr;
106: if (e.len >= blob.len)
107: {
108: DBG1(DBG_LIB, "RFC 3110 public key blob too short for exponent");
109: return NULL;
110: }
111: n = chunk_skip(blob, e.len);
112:
113: return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
114: BUILD_RSA_MODULUS, n, BUILD_RSA_PUB_EXP, e,
115: BUILD_END);
116: }
117:
118: /**
119: * See header.
120: */
121: dnskey_public_key_t *dnskey_public_key_load(key_type_t type, va_list args)
122: {
123: chunk_t blob = chunk_empty;
124:
125: while (TRUE)
126: {
127: switch (va_arg(args, builder_part_t))
128: {
129: case BUILD_BLOB_DNSKEY:
130: blob = va_arg(args, chunk_t);
131: continue;
132: case BUILD_END:
133: break;
134: default:
135: return NULL;
136: }
137: break;
138: }
139: if (!blob.ptr)
140: {
141: return NULL;
142: }
143: switch (type)
144: {
145: case KEY_ANY:
146: return parse_public_key(blob);
147: case KEY_RSA:
148: return parse_rsa_public_key(blob);
149: default:
150: return NULL;
151: }
152: }
153: