dst_parse.c revision a91029a00e83e3933046cc9354357bccaa66c272
a7038d1a0513c8e804937ebc95fc9cb3a46c04f5Mark Andrews * Portions Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * Portions Copyright (C) 1999-2002 Internet Software Consortium.
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley * Permission to use, copy, modify, and/or distribute this software for any
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley * purpose with or without fee is hereby granted, provided that the above
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * copyright notice and this permission notice appear in all copies.
15a44745412679c30a6d022733925af70a38b715David Lawrence * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
15a44745412679c30a6d022733925af70a38b715David Lawrence * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
15a44745412679c30a6d022733925af70a38b715David Lawrence * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
15a44745412679c30a6d022733925af70a38b715David Lawrence * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
15a44745412679c30a6d022733925af70a38b715David Lawrence * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15a44745412679c30a6d022733925af70a38b715David Lawrence * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
15a44745412679c30a6d022733925af70a38b715David Lawrence * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence * Permission to use, copy, modify, and/or distribute this software for any
110d1702731f42dd620879c1d765ebe91f3920ceMichael Graff * purpose with or without fee is hereby granted, provided that the above
110d1702731f42dd620879c1d765ebe91f3920ceMichael Graff * copyright notice and this permission notice appear in all copies.
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
def8e47c688e2480a4539d69c3d1a0a28a7c0550Mark Andrews * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
364a82f7c25b62967678027043425201a5e5171aBob Halley * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
8dfa9caeec8e68db0c937e347a3d6629e7627d54Bob Halley * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley * Principal Author: Brian Wellington
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley * $Id: dst_parse.c,v 1.26 2010/01/11 10:49:14 fdupont Exp $
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley#define DST_AS_STR(t) ((t).value.as_textregion.base)
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley "Activate:",
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley "Inactive:",
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley "DSPublish:"
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley "Predecessor:",
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley "Successor:",
732e0731dec1922747bb3b3147cf2c3d16b22eaaBob Halley "RollPeriod:"
80b782f356f0692c11b4e52e8dd46ec41704e5a2Mark Andrews const char *tag;
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Grafffind_value(const char *s, const unsigned int alg) {
bf345589ce0b0b64533d4566e4992a0e63aac6f5Bob Halley return (-1);
bf345589ce0b0b64533d4566e4992a0e63aac6f5Bob Halleystatic const char *
bf345589ce0b0b64533d4566e4992a0e63aac6f5Bob Halley for (i = 0; ; i++) {
7837d146219db7a85a4b444a9cdf6602254a4f75Bob Halleyfind_metadata(const char *s, const char *tags[], int ntags) {
7837d146219db7a85a4b444a9cdf6602254a4f75Bob Halley for (i = 0; i < ntags; i++) {
7837d146219db7a85a4b444a9cdf6602254a4f75Bob Halley return (-1);
bf345589ce0b0b64533d4566e4992a0e63aac6f5Bob Halleyfind_timedata(const char *s) {
bf345589ce0b0b64533d4566e4992a0e63aac6f5Bob Halley return (find_metadata(s, timetags, TIMING_NTAGS));
bf345589ce0b0b64533d4566e4992a0e63aac6f5Bob Halleyfind_numericdata(const char *s) {
bf345589ce0b0b64533d4566e4992a0e63aac6f5Bob Halley return (find_metadata(s, numerictags, NUMERIC_NTAGS));
bf345589ce0b0b64533d4566e4992a0e63aac6f5Bob Halley unsigned int mask;
bf345589ce0b0b64533d4566e4992a0e63aac6f5Bob Halley for (i = 0; i < RSA_NTAGS; i++)
bf345589ce0b0b64533d4566e4992a0e63aac6f5Bob Halley for (i = 0; i < RSA_NTAGS; i++)
bf345589ce0b0b64533d4566e4992a0e63aac6f5Bob Halley if (priv->elements[j].tag == TAG(DST_ALG_RSAMD5, i))
bf345589ce0b0b64533d4566e4992a0e63aac6f5Bob Halley return (-1);
1c724c986de1449e3b2f1eeae4c724dc0d97603cBob Halley return (-1);
1c724c986de1449e3b2f1eeae4c724dc0d97603cBob Halley for (i = 0; i < DH_NTAGS; i++) {
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff if (priv->elements[j].tag == TAG(DST_ALG_DH, i))
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley return (-1);
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley return (-1);
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff for (i = 0; i < DSA_NTAGS; i++) {
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley if (priv->elements[j].tag == TAG(DST_ALG_DSA, i))
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley return (-1);
5619558151f1aa4249b3ead979e76876e29278b6Bob Halleycheck_hmac_md5(const dst_private_t *priv, isc_boolean_t old) {
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley * If this is a good old format and we are accepting
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley * the old format return success.
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley if (old && priv->nelements == OLD_HMACMD5_NTAGS &&
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley return (-1);
5619558151f1aa4249b3ead979e76876e29278b6Bob Halley * We must be new format at this point.
c3b708aaf1bb0a118e0e11befa1b732acfb1d079Bob Halley for (i = 0; i < HMACMD5_NTAGS; i++) {
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence if (priv->elements[j].tag == TAG(DST_ALG_HMACMD5, i))
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafssoncheck_hmac_sha(const dst_private_t *priv, unsigned int ntags,
c3b708aaf1bb0a118e0e11befa1b732acfb1d079Bob Halley unsigned int i, j;
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews return (-1);
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews for (i = 0; i < ntags; i++) {
88a6fef4944a00d8350ffd8b64ef58c694b8335eMark Andrews return (-1);
bf345589ce0b0b64533d4566e4992a0e63aac6f5Bob Halleycheck_data(const dst_private_t *priv, const unsigned int alg,
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson /* XXXVIX this switch statement is too sparse to gen a jump table. */
54f959d12b5a1f9315fbf6a776c6d349316e9686Bob Halley return (check_hmac_sha(priv, HMACSHA1_NTAGS, alg));
89d8adb6663b13435ff9ae1eb53e45da7fa79275Bob Halley return (check_hmac_sha(priv, HMACSHA224_NTAGS, alg));
c3b708aaf1bb0a118e0e11befa1b732acfb1d079Bob Halley return (check_hmac_sha(priv, HMACSHA256_NTAGS, alg));
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff return (check_hmac_sha(priv, HMACSHA384_NTAGS, alg));
8dfa9caeec8e68db0c937e347a3d6629e7627d54Bob Halley return (check_hmac_sha(priv, HMACSHA512_NTAGS, alg));
84185d19c7a9ef1ac23cc6236c8773697d4efeb1Brian Wellingtondst__privstruct_free(dst_private_t *priv, isc_mem_t *mctx) {
bf345589ce0b0b64533d4566e4992a0e63aac6f5Bob Halley isc_mem_put(mctx, priv->elements[i].data, MAXFIELDSIZE);
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafssondst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson memset(priv->elements, 0, sizeof(priv->elements));
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson ret = isc_lex_gettoken(lex, opt, token); \
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson * Read the description line.
2dd99c098ca162f985b7ef3c8142a964ad8281aeMark Andrews strcmp(DST_AS_STR(token), PRIVATE_KEY_STR) != 0)
2dd99c098ca162f985b7ef3c8142a964ad8281aeMark Andrews if (sscanf(DST_AS_STR(token), "v%d.%d", &major, &minor) != 2)
def8e47c688e2480a4539d69c3d1a0a28a7c0550Mark Andrews * Store the private key format version number
2dd99c098ca162f985b7ef3c8142a964ad8281aeMark Andrews * Read the algorithm line.
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson if (token.type != isc_tokentype_string ||
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson strcmp(DST_AS_STR(token), ALGORITHM_STR) != 0)
2dd99c098ca162f985b7ef3c8142a964ad8281aeMark Andrews NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
2dd99c098ca162f985b7ef3c8142a964ad8281aeMark Andrews token.value.as_ulong != (unsigned long) dst_key_alg(key))
76883e8cee593f45c65b0936e5d6e8f778d6e3efMichael Graff * Read the key data.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence for (n = 0; n < MAXFIELDS; n++) {
94a08e09db3dc844b6ee4841c368a2d7074a9c3fAndreas Gustafsson ret = isc_lex_gettoken(lex, opt, &token);
52637f592f705ca93fadc218e403fd55e8ce4aeaMark Andrews /* Numeric metadata */
69be7837c920fac5c71a73e8fad586f9a2711e96Michael Graff NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
69be7837c920fac5c71a73e8fad586f9a2711e96Michael Graff dst_key_setnum(key, tag, token.value.as_ulong);
c3b708aaf1bb0a118e0e11befa1b732acfb1d079Bob Halley /* Timing metadata */
69be7837c920fac5c71a73e8fad586f9a2711e96Michael Graff ret = dns_time32_fromtext(DST_AS_STR(token), &when);
419590499823ce15b5d2ad4fe71eaf04bd5a86c0Michael Graff /* Key data */
c3b708aaf1bb0a118e0e11befa1b732acfb1d079Bob Halley else if (tag < 0) {
ccbfddc70ef38263daca312d29bb8c5077e24785Bob Halley data = (unsigned char *) isc_mem_get(mctx, MAXFIELDSIZE);
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrewsdst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
03f91269f5453bcbd924910ef85a8f8496cf2661Mark Andrews if (check_data(priv, dst_key_alg(key), ISC_FALSE) < 0)
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson isc_buffer_init(&b, filename, sizeof(filename));
febaa091847ab004f40500cc475a819f2c73fcddAndreas Gustafsson ret = dst_key_buildfilename(key, DST_TYPE_PRIVATE, directory, &b);
d981ca645597116d227a48bf37cc5edc061c854dBob Halley /* XXXDCL return value should be checked for full filesystem */
d981ca645597116d227a48bf37cc5edc061c854dBob Halley fprintf(fp, "%s v%d.%d\n", PRIVATE_KEY_STR, major, minor);
d981ca645597116d227a48bf37cc5edc061c854dBob Halley fprintf(fp, "%s %d ", ALGORITHM_STR, dst_key_alg(key));
d981ca645597116d227a48bf37cc5edc061c854dBob Halley /* XXXVIX this switch statement is too sparse to gen a jump table. */
case DST_ALG_RSASHA256:
case DST_ALG_RSASHA512:
case DST_ALG_HMACMD5:
case DST_ALG_HMACSHA1:
case DST_ALG_HMACSHA224:
case DST_ALG_HMACSHA256:
case DST_ALG_HMACSHA384:
case DST_ALG_HMACSHA512:
return (DST_R_INVALIDPRIVATEKEY);
isc_buffer_usedregion(&b, &r);
for (i = 0; i < NUMERIC_NTAGS; i++) {
for (i = 0; i < TIMING_NTAGS; i++) {
isc_buffer_usedregion(&b, &r);
return (result);