OpenDNSSEC-signer  1.4.9
keys.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 NLNet Labs. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  * notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  * notice, this list of conditions and the following disclaimer in the
11  * documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
17  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
19  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
21  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
22  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
23  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  */
26 
32 #include "shared/file.h"
33 #include "shared/log.h"
34 #include "shared/util.h"
35 #include "signer/backup.h"
36 #include "signer/keys.h"
37 #include "signer/signconf.h"
38 
39 static const char* key_str = "keys";
40 
41 
47 keylist_create(void* sc)
48 {
49  signconf_type* signconf = (signconf_type*) sc;
50  keylist_type* kl = NULL;
51 
52  if (!signconf || !signconf->allocator) {
53  return NULL;
54  }
55  kl = (keylist_type*) allocator_alloc(signconf->allocator,
56  sizeof(keylist_type));
57  if (!kl) {
58  ods_log_error("[%s] create list failed: allocator_alloc() failed",
59  key_str);
60  return NULL;
61  }
62  kl->sc = sc;
63  kl->count = 0;
64  kl->keys = NULL;
65  return kl;
66 }
67 
68 
73 key_type*
74 keylist_lookup_by_locator(keylist_type* kl, const char* locator)
75 {
76  uint16_t i = 0;
77  if (!kl || !locator || kl->count <= 0) {
78  return NULL;
79  }
80  for (i=0; i < kl->count; i++) {
81  if (&kl->keys[i] && kl->keys[i].locator) {
82  if (ods_strcmp(kl->keys[i].locator, locator) == 0) {
83  return &kl->keys[i];
84  }
85  }
86  }
87  return NULL;
88 }
89 
90 
95 key_type*
97 {
98  uint16_t i = 0;
99  if (!kl || !dnskey || kl->count <= 0) {
100  return NULL;
101  }
102  for (i=0; i < kl->count; i++) {
103  if (&kl->keys[i] && kl->keys[i].dnskey) {
104  if (ldns_rr_compare(kl->keys[i].dnskey, dnskey) == 0) {
105  return &kl->keys[i];
106  }
107  }
108  }
109  return NULL;
110 }
111 
112 
117 key_type*
118 keylist_push(keylist_type* kl, const char* locator,
119  uint8_t algorithm, uint32_t flags, int publish, int ksk, int zsk,
120  int rfc5011)
121 {
122  key_type* keys_old = NULL;
123  signconf_type* sc = NULL;
124 
125  ods_log_assert(kl);
126  ods_log_assert(locator);
127  ods_log_debug("[%s] add locator %s", key_str, locator);
128 
129  sc = (signconf_type*) kl->sc;
130  keys_old = kl->keys;
131  kl->keys = (key_type*) allocator_alloc(sc->allocator,
132  (kl->count + 1) * sizeof(key_type));
133  if (!kl->keys) {
134  ods_fatal_exit("[%s] unable to add key: allocator_alloc() failed",
135  key_str);
136  }
137  if (keys_old) {
138  memcpy(kl->keys, keys_old, (kl->count) * sizeof(key_type));
139  }
140  allocator_deallocate(sc->allocator, (void*) keys_old);
141  kl->count++;
142  kl->keys[kl->count -1].locator = locator;
143  kl->keys[kl->count -1].algorithm = algorithm;
144  kl->keys[kl->count -1].flags = flags;
145  kl->keys[kl->count -1].publish = publish;
146  kl->keys[kl->count -1].ksk = ksk;
147  kl->keys[kl->count -1].zsk = zsk;
148  kl->keys[kl->count -1].rfc5011 = rfc5011;
149  kl->keys[kl->count -1].dnskey = NULL;
150  kl->keys[kl->count -1].hsmkey = NULL;
151  kl->keys[kl->count -1].params = NULL;
152  return &kl->keys[kl->count -1];
153 }
154 
155 
160 static void
161 key_print(FILE* fd, key_type* key)
162 {
163  if (!fd || !key) {
164  return;
165  }
166  fprintf(fd, "\t\t\t<Key>\n");
167  fprintf(fd, "\t\t\t\t<Flags>%u</Flags>\n", key->flags);
168  fprintf(fd, "\t\t\t\t<Algorithm>%u</Algorithm>\n", key->algorithm);
169  if (key->locator) {
170  fprintf(fd, "\t\t\t\t<Locator>%s</Locator>\n", key->locator);
171  }
172  if (key->ksk) {
173  fprintf(fd, "\t\t\t\t<KSK />\n");
174  }
175  if (key->zsk) {
176  fprintf(fd, "\t\t\t\t<ZSK />\n");
177  }
178  if (key->publish) {
179  fprintf(fd, "\t\t\t\t<Publish />\n");
180  }
181  if (key->rfc5011) {
182  fprintf(fd, "\t\t\t\t<RFC5011 />\n");
183  }
184  fprintf(fd, "\t\t\t</Key>\n");
185  fprintf(fd, "\n");
186  return;
187 }
188 
189 
194 static void
195 key_log(key_type* key, const char* name)
196 {
197  if (!key) {
198  return;
199  }
200  ods_log_debug("[%s] zone %s key: LOCATOR[%s] FLAGS[%u] ALGORITHM[%u] "
201  "KSK[%i] ZSK[%i] PUBLISH[%i] RFC5011[%i]", key_str, name?name:"(null)", key->locator,
202  key->flags, key->algorithm, key->ksk, key->zsk, key->publish, key->rfc5011);
203  return;
204 }
205 
206 
211 void
213 {
214  uint16_t i = 0;
215  if (!fd || !kl || kl->count <= 0) {
216  return;
217  }
218  for (i=0; i < kl->count; i++) {
219  key_print(fd, &kl->keys[i]);
220  }
221  return;
222 }
223 
224 
229 void
230 keylist_log(keylist_type* kl, const char* name)
231 {
232  uint16_t i = 0;
233  if (!kl || kl->count <= 0) {
234  return;
235  }
236  for (i=0; i < kl->count; i++) {
237  key_log(&kl->keys[i], name);
238  }
239  return;
240 }
241 
242 
247 static void
248 key_delfunc(key_type* key)
249 {
250  if (!key) {
251  return;
252  }
253  /* ldns_rr_free(key->dnskey); */
254  hsm_key_free(key->hsmkey);
255  hsm_sign_params_free(key->params);
256  free((void*) key->locator);
257  return;
258 }
259 
260 
265 void
267 {
268  uint16_t i = 0;
269  signconf_type* sc = NULL;
270  if (!kl) {
271  return;
272  }
273  for (i=0; i < kl->count; i++) {
274  key_delfunc(&kl->keys[i]);
275  }
276  sc = (signconf_type*) kl->sc;
277  allocator_deallocate(sc->allocator, (void*) kl->keys);
278  allocator_deallocate(sc->allocator, (void*) kl);
279 }
280 
281 
286 static void
287 key_backup(FILE* fd, key_type* key, const char* version)
288 {
289  if (!fd || !key) {
290  return;
291  }
292  fprintf(fd, ";;Key: locator %s algorithm %u flags %u publish %i ksk %i "
293  "zsk %i rfc5011 %i\n", key->locator, (unsigned) key->algorithm,
294  (unsigned) key->flags, key->publish, key->ksk, key->zsk, key->rfc5011);
295  if (strcmp(version, ODS_SE_FILE_MAGIC_V2) == 0) {
296  if (key->dnskey) {
297  (void)util_rr_print(fd, key->dnskey);
298  }
299  fprintf(fd, ";;Keydone\n");
300  }
301  return;
302 }
303 
304 
309 key_type*
311 {
312  const char* locator = NULL;
313  uint8_t algorithm = 0;
314  uint32_t flags = 0;
315  int publish = 0;
316  int ksk = 0;
317  int zsk = 0;
318  int rfc5011 = 0;
319 
320  ods_log_assert(fd);
321 
322  if (!backup_read_check_str(fd, "locator") ||
323  !backup_read_str(fd, &locator) ||
324  !backup_read_check_str(fd, "algorithm") ||
325  !backup_read_uint8_t(fd, &algorithm) ||
326  !backup_read_check_str(fd, "flags") ||
327  !backup_read_uint32_t(fd, &flags) ||
328  !backup_read_check_str(fd, "publish") ||
329  !backup_read_int(fd, &publish) ||
330  !backup_read_check_str(fd, "ksk") ||
331  !backup_read_int(fd, &ksk) ||
332  !backup_read_check_str(fd, "zsk") ||
333  !backup_read_int(fd, &zsk) ||
334  !backup_read_check_str(fd, "rfc5011") ||
335  !backup_read_int(fd, &rfc5011)) {
336  if (locator) {
337  free((void*)locator);
338  locator = NULL;
339  }
340  return NULL;
341  }
342  /* key ok */
343  return keylist_push(kl, locator, algorithm, flags, publish, ksk,
344  zsk, rfc5011);
345 }
346 
347 
352 void
353 keylist_backup(FILE* fd, keylist_type* kl, const char* version)
354 {
355  uint16_t i = 0;
356  if (!fd || !kl || kl->count <= 0) {
357  return;
358  }
359  for (i=0; i < kl->count; i++) {
360  key_backup(fd, &kl->keys[i], version);
361  }
362  return;
363 }
void keylist_cleanup(keylist_type *kl)
Definition: keys.c:266
int backup_read_str(FILE *in, const char **str)
Definition: backup.c:97
key_type * keylist_push(keylist_type *kl, const char *locator, uint8_t algorithm, uint32_t flags, int publish, int ksk, int zsk, int rfc5011)
Definition: keys.c:118
int publish
Definition: keys.h:61
int zsk
Definition: keys.h:63
void keylist_log(keylist_type *kl, const char *name)
Definition: keys.c:230
key_type * keylist_lookup_by_locator(keylist_type *kl, const char *locator)
Definition: keys.c:74
int backup_read_uint8_t(FILE *in, uint8_t *v)
Definition: backup.c:199
void ods_log_debug(const char *format,...)
Definition: log.c:270
ldns_rr * dnskey
Definition: keys.h:55
void * allocator_alloc(allocator_type *allocator, size_t size)
Definition: allocator.c:66
void ods_fatal_exit(const char *format,...)
Definition: log.c:382
void ods_log_error(const char *format,...)
Definition: log.c:334
void keylist_print(FILE *fd, keylist_type *kl)
Definition: keys.c:212
int rfc5011
Definition: keys.h:64
int ods_strcmp(const char *s1, const char *s2)
Definition: file.c:320
int backup_read_int(FILE *in, int *v)
Definition: backup.c:165
ods_status util_rr_print(FILE *fd, const ldns_rr *rr)
Definition: util.c:378
const char * locator
Definition: keys.h:58
key_type * keys
Definition: keys.h:74
keylist_type * keylist_create(void *sc)
Definition: keys.c:47
size_t count
Definition: keys.h:75
allocator_type * allocator
Definition: signconf.h:53
void * sc
Definition: keys.h:73
int ksk
Definition: keys.h:62
uint8_t algorithm
Definition: keys.h:59
int backup_read_check_str(FILE *in, const char *str)
Definition: backup.c:77
hsm_sign_params_t * params
Definition: keys.h:57
key_type * keylist_lookup_by_dnskey(keylist_type *kl, ldns_rr *dnskey)
Definition: keys.c:96
void allocator_deallocate(allocator_type *allocator, void *data)
Definition: allocator.c:135
#define ods_log_assert(x)
Definition: log.h:154
uint32_t flags
Definition: keys.h:60
key_type * key_recover2(FILE *fd, keylist_type *kl)
Definition: keys.c:310
void keylist_backup(FILE *fd, keylist_type *kl, const char *version)
Definition: keys.c:353
hsm_key_t * hsmkey
Definition: keys.h:56
int backup_read_uint32_t(FILE *in, uint32_t *v)
Definition: backup.c:233