Changeset 1909
- Timestamp:
- 01/26/11 00:27:29 (2 years ago)
- Location:
- trunk/pdns
- Files:
-
- 2 added
- 6 modified
-
configure.ac (modified) (2 diffs)
-
pdns/Makefile.am (modified) (6 diffs)
-
pdns/botan19signers.cc (added)
-
pdns/dbdnsseckeeper.cc (modified) (3 diffs)
-
pdns/dnssecinfra.cc (modified) (11 diffs)
-
pdns/dnssecinfra.hh (modified) (3 diffs)
-
pdns/pdnssec.cc (modified) (3 diffs)
-
pdns/polarrsakeyinfra.cc (added)
Legend:
- Unmodified
- Added
- Removed
-
trunk/pdns/configure.ac
r1846 r1909 119 119 AC_MSG_RESULT($enable_verbose_logging) 120 120 121 AC_MSG_CHECKING(whether we will be linking in Botan 1.9) 122 AC_ARG_ENABLE(botan1.9, 123 [ --enable-botan1.9 Use Botan 1.9],enable_botan19=yes, enable_botan19=no) 124 AC_MSG_RESULT($enable_botan19) 125 AM_CONDITIONAL(BOTAN19,test x"$enable_botan19" = "xyes") 126 127 121 128 AC_MSG_CHECKING(whether we should build static binaries) 122 129 … … 191 198 192 199 AC_MSG_RESULT($enable_recursor) 193 194 200 AM_CONDITIONAL(RECURSOR,test x"$enable_recursor" = "xyes") 195 201 -
trunk/pdns/pdns/Makefile.am
r1862 r1909 11 11 if RECURSOR 12 12 sbin_PROGRAMS = pdns_server pdns_recursor 13 bin_PROGRAMS = pdns_control 13 bin_PROGRAMS = pdns_control rec_control pdnssec dnsreplay 14 14 else 15 15 sbin_PROGRAMS = pdns_server … … 41 41 aes/aestab.c aes/aestab.h aes/brg_endian.h aes/brg_types.h aes/dns_random.cc \ 42 42 randomhelper.cc namespaces.hh nsecrecords.cc base32.cc dbdnsseckeeper.cc dnssecinfra.cc \ 43 dnsseckeeper.hh dnssecinfra.hh base32.hh dns.cc dnssecsigner.cc 43 dnsseckeeper.hh dnssecinfra.hh base32.hh dns.cc dnssecsigner.cc polarrsakeyinfra.cc 44 44 45 45 # 46 46 pdns_server_LDFLAGS=@moduleobjects@ @modulelibs@ @DYNLINKFLAGS@ @LIBDL@ @THREADFLAGS@ $(BOOST_FILESYSTEM_LDFLAGS) -Lext/polarssl/library 47 47 pdns_server_LDADD=$(BOOST_FILESYSTEM_LIBS) -lpolarssl 48 49 if BOTAN19 50 pdns_server_SOURCES += botan19signers.cc 51 pdns_server_LDADD += -lbotan -lgmp 52 endif 48 53 49 54 pdnssec_SOURCES=pdnssec.cc dbdnsseckeeper.cc sstuff.hh dnsparser.cc dnsparser.hh dnsrecords.cc dnswriter.cc dnswriter.hh \ … … 55 60 backends/gsql/gsqlbackend.cc \ 56 61 backends/gsql/gsqlbackend.hh backends/gsql/ssql.hh zoneparser-tng.cc \ 57 dynlistener.cc dns.cc randombackend.cc dnssecsigner.cc 62 dynlistener.cc dns.cc randombackend.cc dnssecsigner.cc polarrsakeyinfra.cc 58 63 59 64 pdnssec_LDFLAGS=@moduleobjects@ @modulelibs@ @DYNLINKFLAGS@ @LIBDL@ @THREADFLAGS@ -Lext/polarssl/library/ 60 65 pdnssec_LDADD=$(BOOST_FILESYSTEM_LIBS) $(BOOST_SYSTEM_LIBS) -lpolarssl $(BOOST_PROGRAM_OPTIONS_LIBS) 66 67 if BOTAN19 68 pdnssec_SOURCES += botan19signers.cc 69 pdnssec_LDADD += -lbotan -lgmp 70 endif 61 71 62 72 sdig_SOURCES=sdig.cc sstuff.hh dnsparser.cc dnsparser.hh dnsrecords.cc dnswriter.cc dnswriter.hh \ … … 118 128 nproxy_SOURCES=nproxy.cc dnsparser.cc dnsrecords.cc dnsparser.hh \ 119 129 rcpgenerator.cc rcpgenerator.hh base64.cc base64.hh dnswriter.cc dnswriter.hh \ 120 sillyrecords.cc selectmplexer.cc mplexer.hh130 sillyrecords.cc selectmplexer.cc pollmplexer.cc mplexer.hh 121 131 122 132 nproxy_LDFLAGS= @DYNLINKFLAGS@ @THREADFLAGS@ $(BOOST_FILESYSTEM_LDFLAGS) $(BOOST_PROGRAM_OPTIONS_LDFLAGS) … … 125 135 notify_SOURCES=notify.cc dnsparser.cc dnsrecords.cc dnsparser.hh \ 126 136 rcpgenerator.cc rcpgenerator.hh base64.cc base64.hh dnswriter.cc dnswriter.hh \ 127 sillyrecords.cc selectmplexer.cc nsecrecords.cc base32.cc misc.cc unix_utility.cc \137 sillyrecords.cc selectmplexer.cc pollmplexer.cc nsecrecords.cc base32.cc misc.cc unix_utility.cc \ 128 138 logger.cc qtype.cc statbag.cc 129 139 … … 159 169 aes/dns_random.cc aes/aescrypt.c aes/aeskey.c aes/aestab.c aes/aes_modes.c \ 160 170 lua-pdns-recursor.cc lua-pdns-recursor.hh randomhelper.cc \ 161 recpacketcache.cc recpacketcache.hh dns.cc nsecrecords.cc base32.cc 171 recpacketcache.cc recpacketcache.hh dns.cc nsecrecords.cc base32.cc pollmplexer.cc 162 172 163 173 #../modules/gmysqlbackend/smysql.cc -
trunk/pdns/pdns/dbdnsseckeeper.cc
r1905 r1909 79 79 void DNSSECKeeper::addKey(const std::string& name, bool keyOrZone, int algorithm, int bits, bool active) 80 80 { 81 if(!bits) 82 bits = keyOrZone ? 2048 : 1024; 81 if(!bits) { 82 if(algorithm <= 10) 83 bits = keyOrZone ? 2048 : 1024; 84 else { 85 if(algorithm == 13) 86 bits = 256; 87 else if(algorithm == 14) 88 bits = 384; 89 else { 90 throw runtime_error("Can't guess key size for algoritm "+lexical_cast<string>(algorithm)); 91 } 92 } 93 } 83 94 DNSSECPrivateKey dspk; 84 shared_ptr<DNSPrivateKey> dpk( new RSADNSPrivateKey); // defaults to RSA for now, could be smart w/algorithm! XXX FIXME95 shared_ptr<DNSPrivateKey> dpk(DNSPrivateKey::make(algorithm)); // defaults to RSA for now, could be smart w/algorithm! XXX FIXME 85 96 dpk->create(bits); 86 97 dspk.setKey(dpk); … … 131 142 DNSSECPrivateKey dpk; 132 143 DNSKEYRecordContent dkrc; 133 dpk.setKey(shared_ptr<DNSPrivateKey>(DNSPrivateKey:: fromISCString(dkrc, kd.content)));144 dpk.setKey(shared_ptr<DNSPrivateKey>(DNSPrivateKey::makeFromISCString(dkrc, kd.content))); 134 145 dpk.d_flags = kd.flags; 135 146 dpk.d_algorithm = dkrc.d_algorithm; … … 277 288 278 289 DNSKEYRecordContent dkrc; 279 dpk.setKey(shared_ptr<DNSPrivateKey>(DNSPrivateKey:: fromISCString(dkrc, kd.content)));290 dpk.setKey(shared_ptr<DNSPrivateKey>(DNSPrivateKey::makeFromISCString(dkrc, kd.content))); 280 291 dpk.d_flags = kd.flags; 281 292 dpk.d_algorithm = dkrc.d_algorithm; -
trunk/pdns/pdns/dnssecinfra.cc
r1905 r1909 8 8 #include <boost/foreach.hpp> 9 9 #include <boost/algorithm/string.hpp> 10 #include <polarssl/rsa.h> 11 #include <polarssl/base64.h> 10 #include "dnssecinfra.hh" 11 #include "dnsseckeeper.hh" 12 12 13 #include <polarssl/sha1.h> 13 14 #include <polarssl/sha2.h> 14 #include "dnssecinfra.hh" 15 #include "dnsseckeeper.hh" 16 #include <polarssl/havege.h> 17 #include <polarssl/base64.h> 15 #include <polarssl/sha4.h> 18 16 #include <boost/assign/std/vector.hpp> // for 'operator+=()' 19 17 #include <boost/assign/list_inserter.hpp> … … 23 21 using namespace boost::assign; 24 22 25 void RSADNSPrivateKey::create(unsigned int bits) 26 { 27 havege_state hs; 28 havege_init( &hs ); 29 30 rsa_init(&d_context, RSA_PKCS_V15, 0, havege_rand, &hs ); // FIXME this leaks memory 31 int ret=rsa_gen_key(&d_context, bits, 65537); 32 if(ret < 0) 33 throw runtime_error("Key generation failed"); 34 } 35 36 std::string RSADNSPrivateKey::getPubKeyHash() const 37 { 38 unsigned char hash[20]; 39 unsigned char N[mpi_size(&d_context.N)]; 40 mpi_write_binary(&d_context.N, N, sizeof(N)); 41 unsigned char E[mpi_size(&d_context.E)]; 42 mpi_write_binary(&d_context.E, E, sizeof(E)); 43 44 sha1_context ctx; 45 sha1_starts(&ctx); 46 sha1_update(&ctx, N, sizeof(N)); 47 sha1_update(&ctx, E, sizeof(E)); 48 sha1_finish(&ctx, hash); 49 return string((char*)hash, sizeof(hash)); 50 } 51 52 std::string RSADNSPrivateKey::sign(const std::string& hash) const 53 { 54 unsigned char signature[mpi_size(&d_context.N)]; 55 int ret=rsa_pkcs1_sign(const_cast<rsa_context*>(&d_context), RSA_PRIVATE, 56 hash.size()==20 ? SIG_RSA_SHA1 : SIG_RSA_SHA256, 57 hash.size(), 58 (const unsigned char*) hash.c_str(), signature); 59 60 if(ret!=0) { 61 cerr<<"signing returned: "<<ret<<endl; 62 exit(1); 63 } 64 return string((char*) signature, sizeof(signature)); 65 } 66 67 std::string RSADNSPrivateKey::convertToISC(unsigned int algorithm) const 68 { 69 string ret; 70 typedef vector<pair<string, const mpi*> > outputs_t; 71 outputs_t outputs; 72 push_back(outputs)("Modulus", &d_context.N)("PublicExponent",&d_context.E) 73 ("PrivateExponent",&d_context.D) 74 ("Prime1",&d_context.P) 75 ("Prime2",&d_context.Q) 76 ("Exponent1",&d_context.DP) 77 ("Exponent2",&d_context.DQ) 78 ("Coefficient",&d_context.QP); 79 80 ret = "Private-key-format: v1.2\nAlgorithm: "+lexical_cast<string>(algorithm); 81 switch(algorithm) { 82 case 5: 83 case 7 : 84 ret+= " (RSASHA1)"; 85 break; 86 case 8: 87 ret += " (RSASHA256)"; 88 break; 89 } 90 ret += "\n"; 91 92 BOOST_FOREACH(outputs_t::value_type value, outputs) { 93 ret += value.first; 94 ret += ": "; 95 unsigned char tmp[mpi_size(value.second)]; 96 mpi_write_binary(value.second, tmp, sizeof(tmp)); 97 unsigned char base64tmp[sizeof(tmp)*2]; 98 int dlen=sizeof(base64tmp); 99 base64_encode(base64tmp, &dlen, tmp, sizeof(tmp)); 100 ret.append((const char*)base64tmp, dlen); 101 ret.append(1, '\n'); 102 } 103 return ret; 104 } 105 106 107 DNSPrivateKey* DNSPrivateKey::fromISCFile(DNSKEYRecordContent& drc, const char* fname) 23 DNSPrivateKey* DNSPrivateKey::makeFromISCFile(DNSKEYRecordContent& drc, const char* fname) 108 24 { 109 25 string sline, isc, key, value; … … 121 37 fclose(fp); 122 38 123 switch(algorithm) { 124 case 5: 125 case 7: 126 case 8: 127 case 10: 128 return RSADNSPrivateKey::fromISCString(drc, isc); 129 break; 130 default: 131 throw runtime_error("Unknown DNSSEC signature algorithm number "+lexical_cast<string>(algorithm)); 132 break; 133 } 134 return 0; 135 } 136 137 DNSPrivateKey* DNSPrivateKey::fromISCString(DNSKEYRecordContent& drc, const std::string& content) 39 DNSPrivateKey* dpk=make(algorithm); 40 dpk->fromISCString(drc, isc); 41 return dpk; 42 } 43 44 DNSPrivateKey* DNSPrivateKey::make(unsigned int algo) 45 { 46 makers_t& makers = getMakers(); 47 makers_t::const_iterator iter = makers.find(algo); 48 if(iter != makers.end()) 49 return (iter->second)(algo); 50 else { 51 throw runtime_error("Request to create key object for unknown algorithm number "+lexical_cast<string>(algo)); 52 } 53 } 54 55 void DNSPrivateKey::report(unsigned int algo, maker_t* maker) 56 { 57 getMakers()[algo]=maker; 58 } 59 DNSPrivateKey* DNSPrivateKey::makeFromISCString(DNSKEYRecordContent& drc, const std::string& content) 138 60 { 139 61 int algorithm = 0; … … 147 69 } 148 70 } 149 switch(algorithm) { 150 case 5: 151 case 7: 152 case 8: 153 case 10: 154 return RSADNSPrivateKey::fromISCString(drc, content); 155 break; 156 default: 157 throw runtime_error("Unknown DNSSEC signature algorithm number "+lexical_cast<string>(algorithm)); 158 break; 71 DNSPrivateKey* dpk=make(algorithm); 72 dpk->fromISCString(drc, content); 73 return dpk; 74 } 75 76 77 DNSPrivateKey* DNSPrivateKey::makeFromPEMString(DNSKEYRecordContent& drc, const std::string& raw) 78 { 79 80 BOOST_FOREACH(makers_t::value_type& val, getMakers()) 81 { 82 DNSPrivateKey* ret=0; 83 try { 84 ret = val.second(val.first); 85 ret->fromPEMString(drc, raw); 86 return ret; 87 } 88 catch(...) 89 { 90 delete ret; // fine if 0 91 } 159 92 } 160 93 return 0; 161 94 } 162 95 163 DNSPrivateKey* RSADNSPrivateKey::fromISCString(DNSKEYRecordContent& drc, const std::string& content)164 {165 RSADNSPrivateKey* ret = new RSADNSPrivateKey();166 167 string sline;168 string key,value;169 map<string, mpi*> places;170 171 rsa_init(&ret->d_context, RSA_PKCS_V15, 0, NULL, NULL );172 173 places["Modulus"]=&ret->d_context.N;174 places["PublicExponent"]=&ret->d_context.E;175 places["PrivateExponent"]=&ret->d_context.D;176 places["Prime1"]=&ret->d_context.P;177 places["Prime2"]=&ret->d_context.Q;178 places["Exponent1"]=&ret->d_context.DP;179 places["Exponent2"]=&ret->d_context.DQ;180 places["Coefficient"]=&ret->d_context.QP;181 182 string modulus, exponent;183 istringstream str(content);184 unsigned char decoded[1024];185 while(getline(str, sline)) {186 tie(key,value)=splitField(sline, ':');187 trim(value);188 189 if(places.count(key)) {190 if(places[key]) {191 int len=sizeof(decoded);192 if(base64_decode(decoded, &len, (unsigned char*)value.c_str(), value.length()) < 0) {193 cerr<<"Error base64 decoding '"<<value<<"'\n";194 exit(1);195 }196 // B64Decode(value, decoded);197 // cerr<<key<<" decoded.length(): "<<8*len<<endl;198 mpi_read_binary(places[key], decoded, len);199 if(key=="Modulus")200 modulus.assign((const char*)decoded,len);201 if(key=="PublicExponent")202 exponent.assign((const char*)decoded,len);203 }204 }205 else {206 if(key == "Algorithm")207 drc.d_algorithm = atoi(value.c_str());208 else if(key != "Private-key-format")209 cerr<<"Unknown field '"<<key<<"'\n";210 }211 }212 ret->d_context.len = ( mpi_msb( &ret->d_context.N ) + 7 ) >> 3; // no clue what this does213 214 if(exponent.length() < 255)215 drc.d_key.assign(1, (char) (unsigned int) exponent.length());216 else {217 drc.d_key.assign(1, 0);218 uint16_t len=htons(exponent.length());219 drc.d_key.append((char*)&len, 2);220 }221 drc.d_key.append(exponent);222 drc.d_key.append(modulus);223 drc.d_protocol=3;224 225 return ret;226 }227 228 DNSPrivateKey* DNSPrivateKey::fromPEMString(DNSKEYRecordContent& drc, const std::string& raw)229 {230 return RSADNSPrivateKey::fromPEMString(drc, raw);231 }232 233 DNSPrivateKey* RSADNSPrivateKey::fromPEMString(DNSKEYRecordContent& drc, const std::string& raw)234 {235 vector<string> integers;236 decodeDERIntegerSequence(raw, integers);237 cerr<<"Got "<<integers.size()<<" integers"<<endl;238 map<int, mpi*> places;239 240 RSADNSPrivateKey* ret = new RSADNSPrivateKey;241 242 rsa_init(&ret->d_context, RSA_PKCS_V15, 0, NULL, NULL );243 244 places[1]=&ret->d_context.N;245 places[2]=&ret->d_context.E;246 places[3]=&ret->d_context.D;247 places[4]=&ret->d_context.P;248 places[5]=&ret->d_context.Q;249 places[6]=&ret->d_context.DP;250 places[7]=&ret->d_context.DQ;251 places[8]=&ret->d_context.QP;252 253 string modulus, exponent;254 255 for(int n = 0; n < 9 ; ++n) {256 if(places.count(n)) {257 if(places[n]) {258 mpi_read_binary(places[n], (const unsigned char*)integers[n].c_str(), integers[n].length());259 if(n==1)260 modulus=integers[n];261 if(n==2)262 exponent=integers[n];263 }264 }265 }266 ret->d_context.len = ( mpi_msb( &ret->d_context.N ) + 7 ) >> 3; // no clue what this does267 268 if(exponent.length() < 255)269 drc.d_key.assign(1, (char) (unsigned int) exponent.length());270 else {271 drc.d_key.assign(1, 0);272 uint16_t len=htons(exponent.length());273 drc.d_key.append((char*)&len, 2);274 }275 drc.d_key.append(exponent);276 drc.d_key.append(modulus);277 drc.d_protocol=3;278 279 return ret;280 }281 282 void makeRSAPublicKeyFromDNS(rsa_context* rc, const DNSKEYRecordContent& dkrc)283 {284 rsa_init(rc, RSA_PKCS_V15, 0, NULL, NULL );285 286 mpi_read_binary(&rc->E, (unsigned char*)dkrc.getExponent().c_str(), dkrc.getExponent().length()); // exponent287 mpi_read_binary(&rc->N, (unsigned char*)dkrc.getModulus().c_str(), dkrc.getModulus().length()); // modulus288 rc->len = ( mpi_msb( &rc->N ) + 7 ) >> 3; // no clue what this does289 }290 96 291 97 bool sharedDNSSECCompare(const shared_ptr<DNSRecordContent>& a, const shared_ptr<DNSRecordContent>& b) … … 316 122 } 317 123 318 if(rrc.d_algorithm <= 7 ) { 124 // algorithm 12 needs special GOST hash 125 126 if(rrc.d_algorithm <= 7 ) { // RSASHA1 319 127 unsigned char hash[20]; 320 128 sha1((unsigned char*)toHash.c_str(), toHash.length(), hash); 321 129 return string((char*)hash, sizeof(hash)); 322 } else {130 } else if(rrc.d_algorithm == 8 || rrc.d_algorithm == 13) { // RSASHA256 or ECDSAP256 323 131 unsigned char hash[32]; 324 132 sha2((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); 325 133 return string((char*)hash, sizeof(hash)); 134 } else if(rrc.d_algorithm == 10) { // RSASHA512 135 unsigned char hash[64]; 136 sha4((unsigned char*)toHash.c_str(), toHash.length(), hash, 0); 137 return string((char*)hash, sizeof(hash)); 138 } else if(rrc.d_algorithm == 14) { // ECDSAP384 139 unsigned char hash[48]; 140 sha4((unsigned char*)toHash.c_str(), toHash.length(), hash, 1); // == 384 141 return string((char*)hash, sizeof(hash)); 142 } 143 else { 144 cerr<<"No idea how to hash for algorithm "<<(int)rrc.d_algorithm<<endl; 145 exit(1); 326 146 } 327 147 } … … 347 167 } 348 168 349 string RSADNSPrivateKey::getPublicKeyString() const 350 { 351 string keystring; 352 char tmp[max(mpi_size(&d_context.E), mpi_size(&d_context.N))]; 353 354 mpi_write_binary(&d_context.E, (unsigned char*)tmp, mpi_size(&d_context.E) ); 355 string exponent((char*)tmp, mpi_size(&d_context.E)); 356 357 mpi_write_binary(&d_context.N, (unsigned char*)tmp, mpi_size(&d_context.N) ); 358 string modulus((char*)tmp, mpi_size(&d_context.N)); 359 360 if(exponent.length() < 255) 361 keystring.assign(1, (char) (unsigned int) exponent.length()); 362 else { 363 keystring.assign(1, 0); 364 uint16_t len=htons(exponent.length()); 365 keystring.append((char*)&len, 2); 366 } 367 keystring.append(exponent); 368 keystring.append(modulus); 369 return keystring; 370 } 371 372 DNSKEYRecordContent makeDNSKEYFromRSAKey(const DNSPrivateKey* pk, uint8_t algorithm, uint16_t flags) 169 170 DNSKEYRecordContent makeDNSKEYFromDNSPrivateKey(const DNSPrivateKey* pk, uint8_t algorithm, uint16_t flags) 373 171 { 374 172 DNSKEYRecordContent drc; 375 173 376 377 174 drc.d_protocol=3; 378 175 drc.d_algorithm = algorithm; … … 382 179 return drc; 383 180 } 384 385 181 386 182 int countLabels(const std::string& signQName) … … 396 192 } 397 193 398 399 400 194 uint32_t getCurrentInception() 401 195 { … … 404 198 return now; 405 199 } 406 407 408 200 409 201 std::string hashQNameWithSalt(unsigned int times, const std::string& salt, const std::string& qname) … … 426 218 DNSKEYRecordContent DNSSECPrivateKey::getDNSKEY() const 427 219 { 428 return makeDNSKEYFrom RSAKey(getKey(), d_algorithm, d_flags);220 return makeDNSKEYFromDNSPrivateKey(getKey(), d_algorithm, d_flags); 429 221 } 430 222 … … 503 295 if(de.getOffset() - startseq != seqlen) 504 296 throw runtime_error("DER Sequence ended before end of data"); 505 } 506 507 } 297 } 298 } -
trunk/pdns/pdns/dnssecinfra.hh
r1905 r1909 2 2 #define PDNS_DNSSECINFRA_HH 3 3 #include "dnsrecords.hh" 4 #include <polarssl/rsa.h>5 4 #include <boost/shared_ptr.hpp> 6 5 #include <string> 7 6 #include <vector> 7 #include <map> 8 8 #include "misc.hh" 9 10 11 #define PDNSSEC_MI(x) mpi_init(&d_context.x, 0)12 #define PDNSSEC_MC(x) PDNSSEC_MI(x); mpi_copy(&d_context.x, const_cast<mpi*>(&orig.d_context.x))13 #define PDNSSEC_MF(x) mpi_free(&d_context.x, 0)14 15 inline bool operator<(const mpi& a, const mpi& b)16 {17 return mpi_cmp_mpi(&a, &b) < 0;18 }19 9 20 10 class DNSPrivateKey … … 28 18 virtual int getBits() const =0; 29 19 30 static DNSPrivateKey* fromISCFile(DNSKEYRecordContent& drc, const char* fname); 31 static DNSPrivateKey* fromISCString(DNSKEYRecordContent& drc, const std::string& content); 32 static DNSPrivateKey* fromPEMString(DNSKEYRecordContent& drc, const std::string& raw); 20 virtual void fromISCString(DNSKEYRecordContent& drc, const std::string& content)=0; 21 virtual void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw)=0; 22 23 static DNSPrivateKey* makeFromISCFile(DNSKEYRecordContent& drc, const char* fname); 24 static DNSPrivateKey* makeFromISCString(DNSKEYRecordContent& drc, const std::string& content); 25 static DNSPrivateKey* makeFromPEMString(DNSKEYRecordContent& drc, const std::string& raw); 26 static DNSPrivateKey* make(unsigned int algorithm); 27 28 typedef DNSPrivateKey* maker_t(unsigned int algorithm); 29 30 static void report(unsigned int algorithm, maker_t* maker); 31 private: 32 33 typedef std::map<unsigned int, maker_t*> makers_t; 34 35 static makers_t& getMakers() 36 { 37 static makers_t s_makers; 38 return s_makers; 39 } 40 // need some magic here to pick the right DNSPrivateKey supplier 33 41 }; 34 35 class RSADNSPrivateKey : public DNSPrivateKey36 {37 public:38 RSADNSPrivateKey()39 {40 memset(&d_context, 0, sizeof(d_context));41 PDNSSEC_MI(N);42 PDNSSEC_MI(E); PDNSSEC_MI(D); PDNSSEC_MI(P); PDNSSEC_MI(Q); PDNSSEC_MI(DP); PDNSSEC_MI(DQ); PDNSSEC_MI(QP); PDNSSEC_MI(RN); PDNSSEC_MI(RP); PDNSSEC_MI(RQ);43 }44 45 ~RSADNSPrivateKey()46 {47 PDNSSEC_MF(N);48 PDNSSEC_MF(E); PDNSSEC_MF(D); PDNSSEC_MF(P); PDNSSEC_MF(Q); PDNSSEC_MF(DP); PDNSSEC_MF(DQ); PDNSSEC_MF(QP); PDNSSEC_MF(RN); PDNSSEC_MF(RP); PDNSSEC_MF(RQ);49 }50 51 bool operator<(const RSADNSPrivateKey& rhs) const52 {53 return tie(d_context.N, d_context.E, d_context.D, d_context.P, d_context.Q, d_context.DP, d_context.DQ, d_context.QP)54 < tie(rhs.d_context.N, rhs.d_context.E, rhs.d_context.D, rhs.d_context.P, rhs.d_context.Q, rhs.d_context.DP, rhs.d_context.DQ, rhs.d_context.QP);55 }56 57 RSADNSPrivateKey(const RSADNSPrivateKey& orig)58 {59 d_context.ver = orig.d_context.ver;60 d_context.len = orig.d_context.len;61 62 d_context.padding = orig.d_context.padding;63 d_context.hash_id = orig.d_context.hash_id;64 d_context.f_rng = orig.d_context.f_rng;65 d_context.p_rng = orig.d_context.p_rng;66 67 PDNSSEC_MC(N);68 PDNSSEC_MC(E); PDNSSEC_MC(D); PDNSSEC_MC(P); PDNSSEC_MC(Q); PDNSSEC_MC(DP); PDNSSEC_MC(DQ); PDNSSEC_MC(QP); PDNSSEC_MC(RN); PDNSSEC_MC(RP); PDNSSEC_MC(RQ);69 }70 71 RSADNSPrivateKey& operator=(const RSADNSPrivateKey& orig)72 {73 d_context.ver = orig.d_context.ver;74 d_context.len = orig.d_context.len;75 76 d_context.padding = orig.d_context.padding;77 d_context.hash_id = orig.d_context.hash_id;78 d_context.f_rng = orig.d_context.f_rng;79 d_context.p_rng = orig.d_context.p_rng;80 81 PDNSSEC_MF(N);82 PDNSSEC_MF(E); PDNSSEC_MF(D); PDNSSEC_MF(P); PDNSSEC_MF(Q); PDNSSEC_MF(DP); PDNSSEC_MF(DQ); PDNSSEC_MF(QP); PDNSSEC_MF(RN); PDNSSEC_MF(RP); PDNSSEC_MF(RQ);83 84 PDNSSEC_MC(N);85 PDNSSEC_MC(E); PDNSSEC_MC(D); PDNSSEC_MC(P); PDNSSEC_MC(Q); PDNSSEC_MC(DP); PDNSSEC_MC(DQ); PDNSSEC_MC(QP); PDNSSEC_MC(RN); PDNSSEC_MC(RP); PDNSSEC_MC(RQ);86 return *this;87 }88 89 const rsa_context& getConstContext() const90 {91 return d_context;92 }93 94 rsa_context& getContext()95 {96 return d_context;97 }98 99 void create(unsigned int bits);100 std::string convertToISC(unsigned int algorithm) const;101 std::string getPubKeyHash() const;102 std::string sign(const std::string& hash) const;103 std::string getPublicKeyString() const;104 int getBits() const105 {106 return mpi_size(&d_context.N)*8;107 }108 static DNSPrivateKey* fromISCString(DNSKEYRecordContent& drc, const std::string& content);109 static DNSPrivateKey* fromPEMString(DNSKEYRecordContent& drc, const std::string& raw);110 111 private:112 rsa_context d_context;113 };114 115 // see above116 #undef PDNSSEC_MC117 #undef PDNSSEC_MI118 #undef PDNSSEC_MF119 42 120 43 struct DNSSECPrivateKey … … 156 79 }; 157 80 158 159 DNSKEYRecordContent getRSAKeyFromISC(rsa_context* rsa, const char* fname);160 DNSKEYRecordContent getRSAKeyFromISCString(rsa_context* rsa, const std::string& content);161 DNSKEYRecordContent getRSAKeyFromPEMString(rsa_context* rsa, const std::string& content);162 void makeRSAPublicKeyFromDNS(rsa_context* rc, const DNSKEYRecordContent& dkrc);163 81 bool sharedDNSSECCompare(const boost::shared_ptr<DNSRecordContent>& a, const shared_ptr<DNSRecordContent>& b); 164 82 string getHashForRRSET(const std::string& qname, const RRSIGRecordContent& rrc, std::vector<boost::shared_ptr<DNSRecordContent> >& signRecords); 165 DNSKEYRecordContent makeDNSKEYFromRSAKey(const rsa_context* rc, uint8_t algorithm, uint16_t flags); 83 166 84 DSRecordContent makeDSFromDNSKey(const std::string& qname, const DNSKEYRecordContent& drc, int digest=1); 167 85 -
trunk/pdns/pdns/pdnssec.cc
r1908 r1909 312 312 else if(pdns_iequals(cmds[n], "rsasha256")) 313 313 algorithm=8; 314 else if(pdns_iequals(cmds[n], "gost")) 315 algorithm=10; 316 else if(pdns_iequals(cmds[n], "ecdsa256")) 317 algorithm=13; 318 else if(pdns_iequals(cmds[n], "ecdsa384")) 319 algorithm=14; 314 320 else if(atoi(cmds[n].c_str())) 315 321 bits = atoi(cmds[n].c_str()); … … 437 443 DNSSECPrivateKey dpk; 438 444 DNSKEYRecordContent drc; 439 shared_ptr<DNSPrivateKey> key(DNSPrivateKey:: fromPEMString(drc, raw));445 shared_ptr<DNSPrivateKey> key(DNSPrivateKey::makeFromPEMString(drc, raw)); 440 446 dpk.setKey(key); 441 447 … … 472 478 DNSSECPrivateKey dpk; 473 479 DNSKEYRecordContent drc; 474 shared_ptr<DNSPrivateKey> key(DNSPrivateKey:: fromISCFile(drc, fname.c_str()));480 shared_ptr<DNSPrivateKey> key(DNSPrivateKey::makeFromISCFile(drc, fname.c_str())); 475 481 dpk.setKey(key); 476 482 dpk.d_algorithm = drc.d_algorithm;
