diff --git a/lib/dns/sec/dst/bsafe_link.c b/lib/dns/sec/dst/bsafe_link.c index 41e83a760a..35ada0c2df 100644 --- a/lib/dns/sec/dst/bsafe_link.c +++ b/lib/dns/sec/dst/bsafe_link.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: bsafe_link.c,v 1.17 2000/05/13 19:28:15 tale Exp $ + * $Id: bsafe_link.c,v 1.18 2000/05/15 21:02:27 bwelling Exp $ */ #if defined(BSAFE) || defined(DNSSAFE) @@ -592,8 +592,7 @@ dst_bsafe_to_file(const dst_key_t *key) { priv.elements[cnt++].length = private->coefficient.len; priv.nelements = cnt; - return (dst_s_write_private_key_file(key->key_name, key->key_alg, - key->key_id, &priv)); + return (dst_s_write_private_key_file(key, &priv)); } @@ -624,8 +623,7 @@ dst_bsafe_from_file(dst_key_t *key, const isc_uint16_t id, isc_mem_t *mctx) { /* * Read private key file. */ - ret = dst_s_parse_private_key_file(key->key_name, key->key_alg, - id, &priv, mctx); + ret = dst_s_parse_private_key_file(key, &priv, mctx); if (ret != ISC_R_SUCCESS) return (ret); /* diff --git a/lib/dns/sec/dst/dst_api.c b/lib/dns/sec/dst/dst_api.c index d35234abd0..81d7b73e40 100644 --- a/lib/dns/sec/dst/dst_api.c +++ b/lib/dns/sec/dst/dst_api.c @@ -19,11 +19,12 @@ /* * Principal Author: Brian Wellington - * $Id: dst_api.c,v 1.34 2000/05/11 02:11:44 gson Exp $ + * $Id: dst_api.c,v 1.35 2000/05/15 21:02:28 bwelling Exp $ */ #include +#include #include #include #include @@ -743,6 +744,35 @@ dst_key_isnullkey(const dst_key_t *key) { return (ISC_TRUE); } +isc_result_t +dst_key_buildfilename(const dst_key_t *key, const int type, isc_buffer_t *out) { + char *suffix; + unsigned int namelen; + isc_region_t r; + + REQUIRE(VALID_KEY(key)); + REQUIRE(type == DST_TYPE_PRIVATE || type == DST_TYPE_PUBLIC || + type == 0); + REQUIRE(out != NULL); + if (type == 0) + suffix = ""; + else if (type == DST_TYPE_PRIVATE) + suffix = ".private"; + else + suffix = ".key"; + namelen = 1 + strlen(key->key_name) + 1 + 3 + 1 + 5 + 1 + + strlen(suffix); + isc_buffer_availableregion(out, &r); + if (namelen >= r.length) + return (ISC_R_NOSPACE); + if (namelen >= ISC_DIR_NAMEMAX) + return (ISC_R_INVALIDFILE); + sprintf((char *) r.base, "K%s+%03d+%05d%s", key->key_name, + key->key_alg, key->key_id, suffix); + isc_buffer_add(out, namelen); + return (ISC_R_SUCCESS); +} + /* * dst_sig_size * Computes the maximum size of a signature generated by the given key @@ -967,7 +997,7 @@ get_key_struct(const char *name, const int alg, const int flags, static isc_result_t read_public_key(const char *name, const isc_uint16_t id, int alg, - isc_mem_t *mctx, dst_key_t **keyp) + isc_mem_t *mctx, dst_key_t **keyp) { char filename[ISC_DIR_NAMEMAX]; u_char rdatabuf[DST_KEY_MAXSIZE]; @@ -977,10 +1007,17 @@ read_public_key(const char *name, const isc_uint16_t id, int alg, isc_result_t ret; dns_rdata_t rdata; unsigned int opt = ISC_LEXOPT_DNSMULTILINE; + dst_key_t *tempkey; - if (dst_s_build_filename(filename, name, id, alg, PUBLIC_KEY, - sizeof(filename)) != ISC_R_SUCCESS) - return (DST_R_NAMETOOLONG); + tempkey = get_key_struct(name, alg, 0, 0, 0, mctx); + if (tempkey == NULL) + return (ISC_R_NOMEMORY); + tempkey->key_id = id; + isc_buffer_init(&b, filename, sizeof(filename)); + ret = dst_key_buildfilename(tempkey, DST_TYPE_PUBLIC, &b); + dst_key_free(tempkey); + if (ret != ISC_R_SUCCESS) + return (ret); /* * Open the file and read its formatted contents @@ -1070,7 +1107,7 @@ cleanup: static isc_result_t write_public_key(const dst_key_t *key) { FILE *fp; - isc_buffer_t keyb, textb; + isc_buffer_t keyb, textb, fileb; isc_region_t r; char filename[ISC_DIR_NAMEMAX]; unsigned char key_array[DST_KEY_MAXSIZE]; @@ -1102,10 +1139,10 @@ write_public_key(const dst_key_t *key) { /* * Make the filename. */ - if (dst_s_build_filename(filename, - key->key_name, key->key_id, key->key_alg, - PUBLIC_KEY, sizeof(filename)) < 0) - return (DST_R_NAMETOOLONG); + isc_buffer_init(&fileb, filename, sizeof(filename)); + ret = dst_key_buildfilename(key, DST_TYPE_PUBLIC, &fileb); + if (ret != ISC_R_SUCCESS) + return (ret); /* * Create public key file. diff --git a/lib/dns/sec/dst/dst_internal.h b/lib/dns/sec/dst/dst_internal.h index 9027f71d70..db864f3e58 100644 --- a/lib/dns/sec/dst/dst_internal.h +++ b/lib/dns/sec/dst/dst_internal.h @@ -85,12 +85,6 @@ struct dst_func { extern dst_func *dst_t_func[DST_MAX_ALGS]; -/* - * Suffixes for key file names. - */ -#define PRIVATE_KEY "private" -#define PUBLIC_KEY "key" - #ifndef DST_HASH_SIZE #define DST_HASH_SIZE 20 /* RIPEMD160 & SHA-1 are 20 bytes, MD5 is 16 */ #endif @@ -111,9 +105,6 @@ int dst_s_calculate_bits(const unsigned char *str, const int max_bits); isc_uint16_t dst_s_id_calc(const unsigned char *key, const int keysize); -int -dst_s_build_filename(char *filename, const char *name, isc_uint16_t id, - int alg, const char *suffix, size_t filename_length); /* * Digest functions. diff --git a/lib/dns/sec/dst/dst_parse.c b/lib/dns/sec/dst/dst_parse.c index bc86cb4ecc..e38a97ef42 100644 --- a/lib/dns/sec/dst/dst_parse.c +++ b/lib/dns/sec/dst/dst_parse.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: dst_parse.c,v 1.13 2000/05/13 19:30:19 tale Exp $ + * $Id: dst_parse.c,v 1.14 2000/05/15 21:02:32 bwelling Exp $ */ #include @@ -187,8 +187,7 @@ dst_s_free_private_structure_fields(dst_private_t *priv, isc_mem_t *mctx) { } int -dst_s_parse_private_key_file(const char *name, const int alg, - const isc_uint16_t id, dst_private_t *priv, +dst_s_parse_private_key_file(const dst_key_t *key, dst_private_t *priv, isc_mem_t *mctx) { char filename[ISC_DIR_NAMEMAX]; @@ -203,10 +202,10 @@ dst_s_parse_private_key_file(const char *name, const int alg, priv->nelements = 0; - ret = dst_s_build_filename(filename, name, id, alg, PRIVATE_KEY, - sizeof(filename)); - if (ret < 0) - return (DST_R_NAMETOOLONG); + isc_buffer_init(&b, filename, sizeof(filename)); + ret = dst_key_buildfilename(key, DST_TYPE_PRIVATE, &b); + if (ret != ISC_R_SUCCESS) + return (ret); iret = isc_lex_create(mctx, 1024, &lex); if (iret != ISC_R_SUCCESS) @@ -259,7 +258,7 @@ dst_s_parse_private_key_file(const char *name, const int alg, NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token); if (token.type != isc_tokentype_number || - token.value.as_ulong != (unsigned long) alg) + token.value.as_ulong != (unsigned long) dst_key_alg(key)) goto fail; READLINE(lex, opt, &token); @@ -281,8 +280,8 @@ dst_s_parse_private_key_file(const char *name, const int alg, goto fail; memset(&priv->elements[n], 0, sizeof(dst_private_element_t)); - tag = find_value(token.value.as_pointer, alg); - if (tag < 0 || TAG_ALG(tag) != alg) + tag = find_value(token.value.as_pointer, dst_key_alg(key)); + if (tag < 0 || TAG_ALG(tag) != dst_key_alg(key)) goto fail; priv->elements[n].tag = tag; @@ -303,7 +302,7 @@ dst_s_parse_private_key_file(const char *name, const int alg, priv->nelements = n; - if (check_data(priv, alg) < 0) + if (check_data(priv, dst_key_alg(key)) < 0) goto fail; isc_lex_close(lex); @@ -323,24 +322,23 @@ fail: } int -dst_s_write_private_key_file(const char *name, const int alg, - const isc_uint16_t id, const dst_private_t *priv) -{ +dst_s_write_private_key_file(const dst_key_t *key, const dst_private_t *priv) { FILE *fp; int ret, i; isc_result_t iret; char filename[ISC_DIR_NAMEMAX]; char buffer[MAXFIELDSIZE * 2]; + isc_buffer_t b; REQUIRE(priv != NULL); - if (check_data(priv, alg) < 0) + if (check_data(priv, dst_key_alg(key)) < 0) return (DST_R_INVALIDPRIVATEKEY); - ret = dst_s_build_filename(filename, name, id, alg, PRIVATE_KEY, - sizeof(filename)); - if (ret < 0) - return (DST_R_NAMETOOLONG); + isc_buffer_init(&b, filename, sizeof(filename)); + ret = dst_key_buildfilename(key, DST_TYPE_PRIVATE, &b); + if (ret != ISC_R_SUCCESS) + return (ret); if ((fp = fopen(filename, "w")) == NULL) return (DST_R_WRITEERROR); @@ -351,8 +349,8 @@ dst_s_write_private_key_file(const char *name, const int alg, fprintf(fp, "%s v%d.%d\n", PRIVATE_KEY_STR, MAJOR_VERSION, MINOR_VERSION); - fprintf(fp, "%s %d ", ALGORITHM_STR, alg); - switch (alg) { + fprintf(fp, "%s %d ", ALGORITHM_STR, dst_key_alg(key)); + switch (dst_key_alg(key)) { case DST_ALG_RSA: fprintf(fp, "(RSA)\n"); break; case DST_ALG_DH: fprintf(fp, "(DH)\n"); break; case DST_ALG_DSA: fprintf(fp, "(DSA)\n"); break; diff --git a/lib/dns/sec/dst/dst_parse.h b/lib/dns/sec/dst/dst_parse.h index 2c7263c8ec..6264d8dc43 100644 --- a/lib/dns/sec/dst/dst_parse.h +++ b/lib/dns/sec/dst/dst_parse.h @@ -78,13 +78,11 @@ void dst_s_free_private_structure_fields(dst_private_t *priv, isc_mem_t *mctx); int -dst_s_parse_private_key_file(const char *name, const int alg, - const isc_uint16_t id, dst_private_t *priv, +dst_s_parse_private_key_file(const dst_key_t *key, dst_private_t *priv, isc_mem_t *mctx); int -dst_s_write_private_key_file(const char *name, const int alg, - const isc_uint16_t id, const dst_private_t *priv); +dst_s_write_private_key_file(const dst_key_t *key, const dst_private_t *priv); ISC_LANG_ENDDECLS diff --git a/lib/dns/sec/dst/dst_support.c b/lib/dns/sec/dst/dst_support.c index ac1ac7ecd3..e2833678dd 100644 --- a/lib/dns/sec/dst/dst_support.c +++ b/lib/dns/sec/dst/dst_support.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: dst_support.c,v 1.4 2000/05/08 14:37:06 tale Exp $ + * $Id: dst_support.c,v 1.5 2000/05/15 21:02:34 bwelling Exp $ */ #include @@ -81,48 +81,3 @@ dst_s_id_calc(const unsigned char *key, const int keysize) { return ((isc_uint16_t)(ac & 0xffff)); } - -/* - * dst_s_build_filename - * Builds a key filename from the key name, its id, and a - * suffix. '\', '/' and ':' are not allowed. fA filename is of the - * form: K. - * form: K++. - * - * Returns -1 if the conversion fails: - * if the filename would be too long for space allotted - * if the filename would contain a '\', '/' or ':' - * Returns 0 on success - */ - -int -dst_s_build_filename(char *filename, const char *name, isc_uint16_t id, - int alg, const char *suffix, size_t filename_length) -{ - isc_uint32_t my_id; - char *dot; - if (filename == NULL) - return (-1); - memset(filename, 0, filename_length); - if (name == NULL) - return (-1); - if (suffix == NULL) - return (-1); - if (filename_length < - 1 + strlen(name) + 1 + 4 + 6 + 1 + strlen(suffix)) - return (-1); - my_id = id; - if (name[strlen(name) - 1] == '.') - dot = ""; - else - dot = "."; - sprintf(filename, "K%s%s+%03d+%05d.%s", name, dot, alg, my_id, - (char *) suffix); - if (strrchr(filename, '/')) - return (-1); - if (strrchr(filename, '\\')) - return (-1); - if (strrchr(filename, ':')) - return (-1); - return (0); -} diff --git a/lib/dns/sec/dst/hmac_link.c b/lib/dns/sec/dst/hmac_link.c index f6881de157..a65790f5a6 100644 --- a/lib/dns/sec/dst/hmac_link.c +++ b/lib/dns/sec/dst/hmac_link.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: hmac_link.c,v 1.24 2000/05/13 19:31:35 tale Exp $ + * $Id: hmac_link.c,v 1.25 2000/05/15 21:02:35 bwelling Exp $ */ #include @@ -375,8 +375,7 @@ dst_hmacmd5_to_file(const dst_key_t *key) { priv.elements[cnt++].data = keydata; priv.nelements = cnt; - return (dst_s_write_private_key_file(key->key_name, key->key_alg, - key->key_id, &priv)); + return (dst_s_write_private_key_file(key, &priv)); } @@ -400,8 +399,7 @@ dst_hmacmd5_from_file(dst_key_t *key, const isc_uint16_t id, isc_mem_t *mctx) { #define DST_RET(a) {ret = a; goto err;} /* read private key file */ - ret = dst_s_parse_private_key_file(key->key_name, key->key_alg, - id, &priv, mctx); + ret = dst_s_parse_private_key_file(key, &priv, mctx); if (ret != ISC_R_SUCCESS) return (ret); diff --git a/lib/dns/sec/dst/include/dst/dst.h b/lib/dns/sec/dst/include/dst/dst.h index b9b728313c..3af1f35bdf 100644 --- a/lib/dns/sec/dst/include/dst/dst.h +++ b/lib/dns/sec/dst/include/dst/dst.h @@ -135,7 +135,7 @@ dst_key_fromfile(const char *name, const isc_uint16_t id, const int alg, const int type, isc_mem_t *mctx, dst_key_t **keyp); /* * Reads a key from permanent storage. - * + G* * Requires: * "name" is not NULL. * "id" is a valid key tag identifier. @@ -302,6 +302,21 @@ dst_key_iszonekey(const dst_key_t *key); isc_boolean_t dst_key_isnullkey(const dst_key_t *key); +isc_result_t +dst_key_buildfilename(const dst_key_t *key, const int type, isc_buffer_t *out); +/* + * Generates the filename used by dst to store the specified key. + * + * Requires: + * "key" is a valid key + * "type" is either DST_TYPE_PUBLIC, DST_TYPE_PRIVATE, or 0 + * "out" is a valid buffer + * + * Ensures: + * the file name will be written to "out", and the used pointer will + * be advanced. + */ + isc_result_t dst_sig_size(const dst_key_t *key, unsigned int *n); /* diff --git a/lib/dns/sec/dst/openssl_link.c b/lib/dns/sec/dst/openssl_link.c index 3c0acdfecb..8592be6109 100644 --- a/lib/dns/sec/dst/openssl_link.c +++ b/lib/dns/sec/dst/openssl_link.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: openssl_link.c,v 1.21 2000/05/11 22:48:12 gson Exp $ + * $Id: openssl_link.c,v 1.22 2000/05/15 21:02:36 bwelling Exp $ */ #if defined(OPENSSL) @@ -422,8 +422,7 @@ dst_openssl_to_file(const dst_key_t *key) { cnt++; priv.nelements = cnt; - return (dst_s_write_private_key_file(key->key_name, key->key_alg, - key->key_id, &priv)); + return (dst_s_write_private_key_file(key, &priv)); } @@ -451,8 +450,7 @@ dst_openssl_from_file(dst_key_t *key, const isc_uint16_t id, isc_mem_t *mctx) { #define DST_RET(a) {ret = a; goto err;} /* read private key file */ - ret = dst_s_parse_private_key_file(key->key_name, key->key_alg, - id, &priv, mctx); + ret = dst_s_parse_private_key_file(key, &priv, mctx); if (ret != ISC_R_SUCCESS) return (ret); diff --git a/lib/dns/sec/dst/openssldh_link.c b/lib/dns/sec/dst/openssldh_link.c index 401b7c4dd0..49b918b558 100644 --- a/lib/dns/sec/dst/openssldh_link.c +++ b/lib/dns/sec/dst/openssldh_link.c @@ -19,7 +19,7 @@ /* * Principal Author: Brian Wellington - * $Id: openssldh_link.c,v 1.14 2000/05/11 22:47:02 gson Exp $ + * $Id: openssldh_link.c,v 1.15 2000/05/15 21:02:37 bwelling Exp $ */ #if defined(OPENSSL) @@ -412,8 +412,7 @@ dst_openssldh_to_file(const dst_key_t *key) { cnt++; priv.nelements = cnt; - return (dst_s_write_private_key_file(key->key_name, key->key_alg, - key->key_id, &priv)); + return (dst_s_write_private_key_file(key, &priv)); } @@ -442,8 +441,7 @@ dst_openssldh_from_file(dst_key_t *key, const isc_uint16_t id, #define DST_RET(a) {ret = a; goto err;} /* read private key file */ - ret = dst_s_parse_private_key_file(key->key_name, key->key_alg, - id, &priv, mctx); + ret = dst_s_parse_private_key_file(key, &priv, mctx); if (ret != ISC_R_SUCCESS) return (ret);