2 * Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
3 * Portions Copyright (C) 1999-2002 Internet Software Consortium.
4 * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
6 * Permission to use, copy, modify, and distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
11 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
12 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
13 * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
16 * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
20 * Principal Author: Brian Wellington
21 * $Id: dst_parse.c,v 1.1.4.1 2004/12/09 04:07:17 marka Exp $
26 #include <isc/base64.h>
28 #include <isc/fsaccess.h>
31 #include <isc/string.h>
34 #include "dst_internal.h"
35 #include "dst_parse.h"
36 #include "dst/result.h"
38 #define DST_AS_STR(t) ((t).value.as_textregion.base)
40 #define PRIVATE_KEY_STR "Private-key-format:"
41 #define ALGORITHM_STR "Algorithm:"
48 static struct parse_map map[] = {
49 {TAG_RSA_MODULUS, "Modulus:"},
50 {TAG_RSA_PUBLICEXPONENT, "PublicExponent:"},
51 {TAG_RSA_PRIVATEEXPONENT, "PrivateExponent:"},
52 {TAG_RSA_PRIME1, "Prime1:"},
53 {TAG_RSA_PRIME2, "Prime2:"},
54 {TAG_RSA_EXPONENT1, "Exponent1:"},
55 {TAG_RSA_EXPONENT2, "Exponent2:"},
56 {TAG_RSA_COEFFICIENT, "Coefficient:"},
58 {TAG_DH_PRIME, "Prime(p):"},
59 {TAG_DH_GENERATOR, "Generator(g):"},
60 {TAG_DH_PRIVATE, "Private_value(x):"},
61 {TAG_DH_PUBLIC, "Public_value(y):"},
63 {TAG_DSA_PRIME, "Prime(p):"},
64 {TAG_DSA_SUBPRIME, "Subprime(q):"},
65 {TAG_DSA_BASE, "Base(g):"},
66 {TAG_DSA_PRIVATE, "Private_value(x):"},
67 {TAG_DSA_PUBLIC, "Public_value(y):"},
69 {TAG_HMACMD5_KEY, "Key:"},
74 find_value(const char *s, const unsigned int alg) {
78 if (map[i].tag == NULL)
80 else if (strcasecmp(s, map[i].tag) == 0 &&
81 TAG_ALG(map[i].value) == alg)
82 return (map[i].value);
87 find_tag(const int value) {
91 if (map[i].tag == NULL)
93 else if (value == map[i].value)
99 check_rsa(const dst_private_t *priv) {
101 if (priv->nelements != RSA_NTAGS)
103 for (i = 0; i < RSA_NTAGS; i++) {
104 for (j = 0; j < priv->nelements; j++)
105 if (priv->elements[j].tag == TAG(DST_ALG_RSAMD5, i))
107 if (j == priv->nelements)
114 check_dh(const dst_private_t *priv) {
116 if (priv->nelements != DH_NTAGS)
118 for (i = 0; i < DH_NTAGS; i++) {
119 for (j = 0; j < priv->nelements; j++)
120 if (priv->elements[j].tag == TAG(DST_ALG_DH, i))
122 if (j == priv->nelements)
129 check_dsa(const dst_private_t *priv) {
131 if (priv->nelements != DSA_NTAGS)
133 for (i = 0; i < DSA_NTAGS; i++) {
134 for (j = 0; j < priv->nelements; j++)
135 if (priv->elements[j].tag == TAG(DST_ALG_DSA, i))
137 if (j == priv->nelements)
144 check_hmac_md5(const dst_private_t *priv) {
145 if (priv->nelements != HMACMD5_NTAGS)
147 if (priv->elements[0].tag != TAG_HMACMD5_KEY)
153 check_data(const dst_private_t *priv, const unsigned int alg) {
154 /* XXXVIX this switch statement is too sparse to gen a jump table. */
157 case DST_ALG_RSASHA1:
158 return (check_rsa(priv));
160 return (check_dh(priv));
162 return (check_dsa(priv));
163 case DST_ALG_HMACMD5:
164 return (check_hmac_md5(priv));
166 return (DST_R_UNSUPPORTEDALG);
171 dst__privstruct_free(dst_private_t *priv, isc_mem_t *mctx) {
176 for (i = 0; i < priv->nelements; i++) {
177 if (priv->elements[i].data == NULL)
179 memset(priv->elements[i].data, 0, MAXFIELDSIZE);
180 isc_mem_put(mctx, priv->elements[i].data, MAXFIELDSIZE);
186 dst__privstruct_parse(dst_key_t *key, unsigned int alg, isc_lex_t *lex,
187 isc_mem_t *mctx, dst_private_t *priv)
189 int n = 0, major, minor;
192 unsigned char *data = NULL;
193 unsigned int opt = ISC_LEXOPT_EOL;
196 REQUIRE(priv != NULL);
200 #define NEXTTOKEN(lex, opt, token) \
202 ret = isc_lex_gettoken(lex, opt, token); \
203 if (ret != ISC_R_SUCCESS) \
207 #define READLINE(lex, opt, token) \
209 ret = isc_lex_gettoken(lex, opt, token); \
210 if (ret == ISC_R_EOF) \
212 else if (ret != ISC_R_SUCCESS) \
214 } while ((*token).type != isc_tokentype_eol)
217 * Read the description line.
219 NEXTTOKEN(lex, opt, &token);
220 if (token.type != isc_tokentype_string ||
221 strcmp(DST_AS_STR(token), PRIVATE_KEY_STR) != 0)
223 ret = DST_R_INVALIDPRIVATEKEY;
227 NEXTTOKEN(lex, opt, &token);
228 if (token.type != isc_tokentype_string ||
229 (DST_AS_STR(token))[0] != 'v')
231 ret = DST_R_INVALIDPRIVATEKEY;
234 if (sscanf(DST_AS_STR(token), "v%d.%d", &major, &minor) != 2)
236 ret = DST_R_INVALIDPRIVATEKEY;
240 if (major > MAJOR_VERSION ||
241 (major == MAJOR_VERSION && minor > MINOR_VERSION))
243 ret = DST_R_INVALIDPRIVATEKEY;
247 READLINE(lex, opt, &token);
250 * Read the algorithm line.
252 NEXTTOKEN(lex, opt, &token);
253 if (token.type != isc_tokentype_string ||
254 strcmp(DST_AS_STR(token), ALGORITHM_STR) != 0)
256 ret = DST_R_INVALIDPRIVATEKEY;
260 NEXTTOKEN(lex, opt | ISC_LEXOPT_NUMBER, &token);
261 if (token.type != isc_tokentype_number ||
262 token.value.as_ulong != (unsigned long) dst_key_alg(key))
264 ret = DST_R_INVALIDPRIVATEKEY;
268 READLINE(lex, opt, &token);
273 for (n = 0; n < MAXFIELDS; n++) {
278 ret = isc_lex_gettoken(lex, opt, &token);
279 if (ret == ISC_R_EOF)
281 if (ret != ISC_R_SUCCESS)
283 } while (token.type == isc_tokentype_eol);
285 if (token.type != isc_tokentype_string) {
286 ret = DST_R_INVALIDPRIVATEKEY;
290 memset(&priv->elements[n], 0, sizeof(dst_private_element_t));
291 tag = find_value(DST_AS_STR(token), alg);
292 if (tag < 0 || TAG_ALG(tag) != alg) {
293 ret = DST_R_INVALIDPRIVATEKEY;
296 priv->elements[n].tag = tag;
298 data = (unsigned char *) isc_mem_get(mctx, MAXFIELDSIZE);
302 isc_buffer_init(&b, data, MAXFIELDSIZE);
303 ret = isc_base64_tobuffer(lex, &b, -1);
304 if (ret != ISC_R_SUCCESS)
306 isc_buffer_usedregion(&b, &r);
307 priv->elements[n].length = r.length;
308 priv->elements[n].data = r.base;
310 READLINE(lex, opt, &token);
316 if (check_data(priv, alg) < 0)
319 return (ISC_R_SUCCESS);
323 dst__privstruct_free(priv, mctx);
325 isc_mem_put(mctx, data, MAXFIELDSIZE);
331 dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
332 const char *directory)
337 char filename[ISC_DIR_NAMEMAX];
338 char buffer[MAXFIELDSIZE * 2];
340 isc_fsaccess_t access;
342 REQUIRE(priv != NULL);
344 if (check_data(priv, dst_key_alg(key)) < 0)
345 return (DST_R_INVALIDPRIVATEKEY);
347 isc_buffer_init(&b, filename, sizeof(filename));
348 ret = dst_key_buildfilename(key, DST_TYPE_PRIVATE, directory, &b);
349 if (ret != ISC_R_SUCCESS)
352 if ((fp = fopen(filename, "w")) == NULL)
353 return (DST_R_WRITEERROR);
356 isc_fsaccess_add(ISC_FSACCESS_OWNER,
357 ISC_FSACCESS_READ | ISC_FSACCESS_WRITE,
359 (void)isc_fsaccess_set(filename, access);
361 /* XXXDCL return value should be checked for full filesystem */
362 fprintf(fp, "%s v%d.%d\n", PRIVATE_KEY_STR, MAJOR_VERSION,
365 fprintf(fp, "%s %d ", ALGORITHM_STR, dst_key_alg(key));
366 /* XXXVIX this switch statement is too sparse to gen a jump table. */
367 switch (dst_key_alg(key)) {
369 fprintf(fp, "(RSA)\n");
372 fprintf(fp, "(DH)\n");
375 fprintf(fp, "(DSA)\n");
377 case DST_ALG_RSASHA1:
378 fprintf(fp, "(RSASHA1)\n");
380 case DST_ALG_HMACMD5:
381 fprintf(fp, "(HMAC_MD5)\n");
384 fprintf(fp, "(?)\n");
388 for (i = 0; i < priv->nelements; i++) {
393 s = find_tag(priv->elements[i].tag);
395 r.base = priv->elements[i].data;
396 r.length = priv->elements[i].length;
397 isc_buffer_init(&b, buffer, sizeof(buffer));
398 iret = isc_base64_totext(&r, sizeof(buffer), "", &b);
399 if (iret != ISC_R_SUCCESS) {
401 return (DST_R_INVALIDPRIVATEKEY);
403 isc_buffer_usedregion(&b, &r);
405 fprintf(fp, "%s ", s);
406 fwrite(r.base, 1, r.length, fp);
411 return (ISC_R_SUCCESS);
projects / dragonfly.git / blob