search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Add BIND 9.2.4rc7.
[dragonfly.git] / contrib / bind-9.2.4rc7 / lib / dns / sec / dst / dst_parse.c
blob5618773182095e5a675e7dad3f1554088e7edded
1 /*
2 * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
3 * Portions Copyright (C) 1999-2001 Internet Software Consortium.
4 * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
5 *
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
11 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
12 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
13 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
16 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 /*
20 * Principal Author: Brian Wellington
21 * $Id: dst_parse.c,v 1.31.2.3 2004/03/09 06:11:40 marka Exp $
22 */
23
24 #include <config.h>
25
26 #include <isc/base64.h>
27 #include <isc/dir.h>
28 #include <isc/fsaccess.h>
29 #include <isc/lex.h>
30 #include <isc/mem.h>
31 #include <isc/string.h>
32 #include <isc/util.h>
33
34 #include "dst_internal.h"
35 #include "dst_parse.h"
36 #include "dst/result.h"
37
38
39 #define PRIVATE_KEY_STR "Private-key-format:"
40 #define ALGORITHM_STR "Algorithm:"
41 #define RSA_STR "RSA"
42 #define DH_STR "DH"
43 #define DSA_STR "DSA"
44 #define HMACMD5_STR "HMAC_MD5"
45
46 struct parse_map {
47 const int value;
48 const char *tag;
49 };
50
51 static struct parse_map map[] = {
52 {TAG_RSA_MODULUS, "Modulus:"},
53 {TAG_RSA_PUBLICEXPONENT, "PublicExponent:"},
54 {TAG_RSA_PRIVATEEXPONENT, "PrivateExponent:"},
55 {TAG_RSA_PRIME1, "Prime1:"},
56 {TAG_RSA_PRIME2, "Prime2:"},
57 {TAG_RSA_EXPONENT1, "Exponent1:"},
58 {TAG_RSA_EXPONENT2, "Exponent2:"},
59 {TAG_RSA_COEFFICIENT, "Coefficient:"},
60
61 {TAG_DH_PRIME, "Prime(p):"},
62 {TAG_DH_GENERATOR, "Generator(g):"},
63 {TAG_DH_PRIVATE, "Private_value(x):"},
64 {TAG_DH_PUBLIC, "Public_value(y):"},
65
66 {TAG_DSA_PRIME, "Prime(p):"},
67 {TAG_DSA_SUBPRIME, "Subprime(q):"},
68 {TAG_DSA_BASE, "Base(g):"},
69 {TAG_DSA_PRIVATE, "Private_value(x):"},
70 {TAG_DSA_PUBLIC, "Public_value(y):"},
71
72 {TAG_HMACMD5_KEY, "Key:"},
73 {0, NULL}
74 };
75
76 static int
77 find_value(const char *s, const unsigned int alg) {
78 int i;
79
80 for (i = 0; ; i++) {
81 if (map[i].tag == NULL)
82 return (-1);
83 else if (strcasecmp(s, map[i].tag) == 0 &&
84 TAG_ALG(map[i].value) == alg)
85 return (map[i].value);
86 }
87 }
88
89 static const char *
90 find_tag(const int value) {
91 int i;
92
93 for (i = 0; ; i++) {
94 if (map[i].tag == NULL)
95 return (NULL);
96 else if (value == map[i].value)
97 return (map[i].tag);
98 }
99 }
100
101 static int
102 check_rsa(const dst_private_t *priv) {
103 int i, j;
104 if (priv->nelements != RSA_NTAGS)
105 return (-1);
106 for (i = 0; i < RSA_NTAGS; i++) {
107 for (j = 0; j < priv->nelements; j++)
108 if (priv->elements[j].tag == TAG(DST_ALG_RSAMD5, i))
109 break;
110 if (j == priv->nelements)
111 return (-1);
112 }
113 return (0);
114 }
115
116 static int
117 check_dh(const dst_private_t *priv) {
118 int i, j;
119 if (priv->nelements != DH_NTAGS)
120 return (-1);
121 for (i = 0; i < DH_NTAGS; i++) {
122 for (j = 0; j < priv->nelements; j++)
123 if (priv->elements[j].tag == TAG(DST_ALG_DH, i))
124 break;
125 if (j == priv->nelements)
126 return (-1);
127 }
128 return (0);
129 }
130
131 static int
132 check_dsa(const dst_private_t *priv) {
133 int i, j;
134 if (priv->nelements != DSA_NTAGS)
135 return (-1);
136 for (i = 0; i < DSA_NTAGS; i++) {
137 for (j = 0; j < priv->nelements; j++)
138 if (priv->elements[j].tag == TAG(DST_ALG_DSA, i))
139 break;
140 if (j == priv->nelements)
141 return (-1);
142 }
143 return (0);
144 }
145
146 static int
147 check_hmac_md5(const dst_private_t *priv) {
148 if (priv->nelements != HMACMD5_NTAGS)
149 return (-1);
150 if (priv->elements[0].tag != TAG_HMACMD5_KEY)
151 return (-1);
152 return (0);
153 }
154
155 static int
156 check_data(const dst_private_t *priv, const unsigned int alg) {
157 /* XXXVIX this switch statement is too sparse to gen a jump table. */
158 switch (alg) {
159 case DST_ALG_RSAMD5:
160 return (check_rsa(priv));
161 case DST_ALG_DH:
162 return (check_dh(priv));
163 case DST_ALG_DSA:
164 return (check_dsa(priv));
165 case DST_ALG_HMACMD5:
166 return (check_hmac_md5(priv));
167 default:
168 return (DST_R_UNSUPPORTEDALG);
169 }
170 }
171
172 void
173 dst__privstruct_free(dst_private_t *priv, isc_mem_t *mctx) {
174 int i;
175
176 if (priv == NULL)
177 return;
178 for (i = 0; i < priv->nelements; i++) {
179 if (priv->elements[i].data == NULL)
180 continue;
181 memset(priv->elements[i].data, 0, MAXFIELDSIZE);
182 isc_mem_put(mctx, priv->elements[i].data, MAXFIELDSIZE);
183 }
184 priv->nelements = 0;
185 }
186
187 int
188 dst__privstruct_parsefile(dst_key_t *key, const char *filename,
189 isc_mem_t *mctx, dst_private_t *priv)
190 {
191 int n = 0, major, minor;
192 isc_buffer_t b;
193 isc_lex_t *lex = NULL;
194 isc_token_t token;
195 unsigned int opt = ISC_LEXOPT_EOL;
196 char *newfilename;
197 int newfilenamelen;
198 isc_result_t ret;
199
200 REQUIRE(priv != NULL);
201
202 newfilenamelen = strlen(filename) + 9;
203 newfilename = isc_mem_get(mctx, newfilenamelen);
204 if (newfilename == NULL)
205 return (ISC_R_NOMEMORY);
206 ret = dst__file_addsuffix(newfilename, newfilenamelen, filename,
207 ".private");
208 INSIST(ret == ISC_R_SUCCESS);
209
210 priv->nelements = 0;
211
212 ret = isc_lex_create(mctx, 1024, &lex);
213 if (ret != ISC_R_SUCCESS)
214 return (ret);
215
216 ret = isc_lex_openfile(lex, newfilename);
217 if (ret != ISC_R_SUCCESS)
218 goto fail;
219
220 #define NEXTTOKEN(lex, opt, token) \
221 { \
222 ret = isc_lex_gettoken(lex, opt, token); \
223 if (ret != ISC_R_SUCCESS) \
224 goto fail; \
225 }
226
227 #define READLINE(lex, opt, token) \
228 do { \
229 NEXTTOKEN(lex, opt, token) \
230 } while ((*token).type != isc_tokentype_eol) \
231
232 /*
233 * Read the description line.
234 */
235 NEXTTOKEN(lex, opt, &token);
236 if (token.type != isc_tokentype_string ||
237 strcmp(token.value.as_pointer, PRIVATE_KEY_STR) != 0)
238 {
239 ret = DST_R_INVALIDPRIVATEKEY;
240 goto fail;
241 }
242
243 NEXTTOKEN(lex, opt, &token);
244 if (token.type != isc_tokentype_string ||
245 ((char *)token.value.as_pointer)[0] != 'v')
246 {
247 ret = DST_R_INVALIDPRIVATEKEY;
248 goto fail;
249 }
250 if (sscanf(token.value.as_pointer, "v%d.%d", &major, &minor) != 2)
251 {
252 ret = DST_R_INVALIDPRIVATEKEY;
253 goto fail;
254 }
255
256 if (major > MAJOR_VERSION ||
257 (major == MAJOR_VERSION && minor > MINOR_VERSION))
258 {
259 ret = DST_R_INVALIDPRIVATEKEY;
260 goto fail;
261 }
262
263 READLINE(lex, opt, &token);
264
265 /*
266 * Read the algorithm line.
267 */
268 NEXTTOKEN(lex, opt, &token);
269 if (token.type != isc_tokentype_string ||
270 strcmp(token.value.as_pointer, ALGORITHM_STR) != 0)
271 {
272 ret = DST_R_INVALIDPRIVATEKEY;
273 goto fail;
274 }
275
276 NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
277 if (token.type != isc_tokentype_number ||
278 token.value.as_ulong != (unsigned long) dst_key_alg(key))
279 {
280 ret = DST_R_INVALIDPRIVATEKEY;
281 goto fail;
282 }
283
284 READLINE(lex, opt, &token);
285
286 /*
287 * Read the key data.
288 */
289 for (n = 0; n < MAXFIELDS; n++) {
290 int tag;
291 unsigned char *data;
292 isc_region_t r;
293
294 do {
295 ret = isc_lex_gettoken(lex, opt, &token);
296 if (ret == ISC_R_EOF)
297 goto done;
298 if (ret != ISC_R_SUCCESS)
299 goto fail;
300 } while (token.type == isc_tokentype_eol);
301
302 if (token.type != isc_tokentype_string) {
303 ret = DST_R_INVALIDPRIVATEKEY;
304 goto fail;
305 }
306
307 memset(&priv->elements[n], 0, sizeof(dst_private_element_t));
308 tag = find_value(token.value.as_pointer, dst_key_alg(key));
309 if (tag < 0 || TAG_ALG(tag) != dst_key_alg(key)) {
310 ret = DST_R_INVALIDPRIVATEKEY;
311 goto fail;
312 }
313 priv->elements[n].tag = tag;
314
315 data = (unsigned char *) isc_mem_get(mctx, MAXFIELDSIZE);
316 if (data == NULL)
317 goto fail;
318
319 isc_buffer_init(&b, data, MAXFIELDSIZE);
320 ret = isc_base64_tobuffer(lex, &b, -1);
321 if (ret != ISC_R_SUCCESS)
322 goto fail;
323 isc_buffer_usedregion(&b, &r);
324 priv->elements[n].length = r.length;
325 priv->elements[n].data = r.base;
326
327 READLINE(lex, opt, &token);
328 }
329 done:
330 priv->nelements = n;
331
332 if (check_data(priv, dst_key_alg(key)) < 0)
333 goto fail;
334
335 isc_lex_close(lex);
336 isc_lex_destroy(&lex);
337 isc_mem_put(mctx, newfilename, newfilenamelen);
338
339 return (ISC_R_SUCCESS);
340
341 fail:
342 if (lex != NULL) {
343 isc_lex_close(lex);
344 isc_lex_destroy(&lex);
345 }
346 isc_mem_put(mctx, newfilename, newfilenamelen);
347
348 priv->nelements = n;
349 dst__privstruct_free(priv, mctx);
350 return (ret);
351 }
352
353 int
354 dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
355 const char *directory)
356 {
357 FILE *fp;
358 int ret, i;
359 isc_result_t iret;
360 char filename[ISC_DIR_NAMEMAX];
361 char buffer[MAXFIELDSIZE * 2];
362 isc_buffer_t b;
363 isc_fsaccess_t access;
364
365 REQUIRE(priv != NULL);
366
367 if (check_data(priv, dst_key_alg(key)) < 0)
368 return (DST_R_INVALIDPRIVATEKEY);
369
370 isc_buffer_init(&b, filename, sizeof(filename));
371 ret = dst_key_buildfilename(key, DST_TYPE_PRIVATE, directory, &b);
372 if (ret != ISC_R_SUCCESS)
373 return (ret);
374
375 if ((fp = fopen(filename, "w")) == NULL)
376 return (DST_R_WRITEERROR);
377
378 access = 0;
379 isc_fsaccess_add(ISC_FSACCESS_OWNER,
380 ISC_FSACCESS_READ | ISC_FSACCESS_WRITE,
381 &access);
382 (void)isc_fsaccess_set(filename, access);
383
384 /* XXXDCL return value should be checked for full filesystem */
385 fprintf(fp, "%s v%d.%d\n", PRIVATE_KEY_STR, MAJOR_VERSION,
386 MINOR_VERSION);
387
388 fprintf(fp, "%s %d ", ALGORITHM_STR, dst_key_alg(key));
389 /* XXXVIX this switch statement is too sparse to gen a jump table. */
390 switch (dst_key_alg(key)) {
391 case DST_ALG_RSAMD5:
392 fprintf(fp, "(RSA)\n");
393 break;
394 case DST_ALG_DH:
395 fprintf(fp, "(DH)\n");
396 break;
397 case DST_ALG_DSA:
398 fprintf(fp, "(DSA)\n");
399 break;
400 case DST_ALG_HMACMD5:
401 fprintf(fp, "(HMAC_MD5)\n");
402 break;
403 default:
404 fprintf(fp, "(?)\n");
405 break;
406 }
407
408 for (i = 0; i < priv->nelements; i++) {
409 isc_buffer_t b;
410 isc_region_t r;
411 const char *s;
412
413 s = find_tag(priv->elements[i].tag);
414
415 r.base = priv->elements[i].data;
416 r.length = priv->elements[i].length;
417 isc_buffer_init(&b, buffer, sizeof(buffer));
418 iret = isc_base64_totext(&r, sizeof(buffer), "", &b);
419 if (iret != ISC_R_SUCCESS) {
420 fclose(fp);
421 return (DST_R_INVALIDPRIVATEKEY);
422 }
423 isc_buffer_usedregion(&b, &r);
424
425 fprintf(fp, "%s ", s);
426 fwrite(r.base, 1, r.length, fp);
427 fprintf(fp, "\n");
428 }
429
430 fclose(fp);
431 return (ISC_R_SUCCESS);
432 }
DragonFly BSD