OpenDNSSEC-signer 1.2.1
|
00001 /* 00002 * $Id: hsm.c 4294 2011-01-13 19:58:29Z jakob $ 00003 * 00004 * Copyright (c) 2009 NLNet Labs. All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 1. Redistributions of source code must retain the above copyright 00010 * notice, this list of conditions and the following disclaimer. 00011 * 2. Redistributions in binary form must reproduce the above copyright 00012 * notice, this list of conditions and the following disclaimer in the 00013 * documentation and/or other materials provided with the distribution. 00014 * 00015 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 00016 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 00017 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 00018 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 00019 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 00020 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 00021 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 00022 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 00023 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 00024 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 00025 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00026 * 00027 */ 00028 00034 #include "signer/hsm.h" 00035 #include "util/log.h" 00036 00041 int 00042 hsm_get_key(hsm_ctx_t* ctx, ldns_rdf* dname, key_type* key_id) 00043 { 00044 se_log_assert(dname); 00045 se_log_assert(key_id); 00046 00047 if (!key_id->params) { 00048 key_id->params = hsm_sign_params_new(); 00049 if (key_id->params) { 00050 key_id->params->owner = ldns_rdf_clone(dname); 00051 key_id->params->algorithm = key_id->algorithm; 00052 key_id->params->flags = key_id->flags; 00053 } else { 00054 /* could not create params */ 00055 se_log_error("could not create params for key %s", 00056 key_id->locator?key_id->locator:"(null)"); 00057 return 1; 00058 } 00059 } 00060 00061 /* lookup key */ 00062 if (!key_id->hsmkey) { 00063 key_id->hsmkey = hsm_find_key_by_id(ctx, key_id->locator); 00064 00065 if (key_id->hsmkey) { 00066 key_id->dnskey = hsm_get_dnskey(ctx, key_id->hsmkey, 00067 key_id->params); 00068 } else { 00069 /* could not find key */ 00070 se_log_error("could not find key %s", 00071 key_id->locator?key_id->locator:"(null)"); 00072 return 1; 00073 } 00074 } 00075 00076 if (!key_id->dnskey) { 00077 return 1; 00078 } 00079 key_id->params->keytag = ldns_calc_keytag(key_id->dnskey); 00080 return 0; 00081 } 00082 00087 ldns_rr* 00088 hsm_sign_rrset_with_key(hsm_ctx_t* ctx, ldns_rdf* dname, key_type* key_id, 00089 ldns_rr_list* rrset, time_t inception, time_t expiration) 00090 { 00091 se_log_assert(dname); 00092 se_log_assert(key_id); 00093 se_log_assert(rrset); 00094 se_log_assert(inception); 00095 se_log_assert(expiration); 00096 00097 if (!key_id->params) { 00098 key_id->params = hsm_sign_params_new(); 00099 if (key_id->params) { 00100 key_id->params->owner = ldns_rdf_clone(dname); 00101 key_id->params->algorithm = key_id->algorithm; 00102 key_id->params->flags = key_id->flags; 00103 } else { 00104 /* could not create params */ 00105 se_log_error("could not create params for key %s", 00106 key_id->locator?key_id->locator:"(null)"); 00107 return NULL; 00108 } 00109 } 00110 00111 key_id->params->inception = inception; 00112 key_id->params->expiration = expiration; 00113 00114 /* lookup key */ 00115 if (!key_id->hsmkey) { 00116 key_id->hsmkey = hsm_find_key_by_id(ctx, key_id->locator); 00117 00118 if (!key_id->hsmkey) { 00119 /* could not find key */ 00120 se_log_error("could not find key %s", 00121 key_id->locator?key_id->locator:"(null)"); 00122 return NULL; 00123 } 00124 } 00125 00126 if (!key_id->dnskey) { 00127 key_id->dnskey = hsm_get_dnskey(ctx, key_id->hsmkey, key_id->params); 00128 if (!key_id->dnskey) { 00129 /* could not find key */ 00130 se_log_error("could not create DNSKEY for %s", 00131 key_id->locator?key_id->locator:"(null)"); 00132 return NULL; 00133 } 00134 } 00135 00136 if (!key_id->params->keytag) { 00137 key_id->params->keytag = ldns_calc_keytag(key_id->dnskey); 00138 } 00139 00140 se_log_debug("HSM sign RRset[%i] with key %s tag %u", 00141 ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)), 00142 key_id->locator?key_id->locator:"(null)", key_id->params->keytag); 00143 return hsm_sign_rrset(ctx, rrset, key_id->hsmkey, key_id->params); 00144 }