OpenDNSSEC-signer 1.2.1

/build/buildd-opendnssec_1.2.1.dfsg-1-mips-p9AT07/opendnssec-1.2.1.dfsg/signer/src/signer/hsm.c

Go to the documentation of this file.
00001 /*
00002  * $Id: hsm.c 4294 2011-01-13 19:58:29Z jakob $
00003  *
00004  * Copyright (c) 2009 NLNet Labs. All rights reserved.
00005  *
00006  * Redistribution and use in source and binary forms, with or without
00007  * modification, are permitted provided that the following conditions
00008  * are met:
00009  * 1. Redistributions of source code must retain the above copyright
00010  *    notice, this list of conditions and the following disclaimer.
00011  * 2. Redistributions in binary form must reproduce the above copyright
00012  *    notice, this list of conditions and the following disclaimer in the
00013  *    documentation and/or other materials provided with the distribution.
00014  *
00015  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
00016  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
00017  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
00018  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
00019  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
00020  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
00021  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
00022  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
00023  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
00024  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
00025  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
00026  *
00027  */
00028 
00034 #include "signer/hsm.h"
00035 #include "util/log.h"
00036 
00041 int
00042 hsm_get_key(hsm_ctx_t* ctx, ldns_rdf* dname, key_type* key_id)
00043 {
00044     se_log_assert(dname);
00045     se_log_assert(key_id);
00046 
00047     if (!key_id->params) {
00048         key_id->params = hsm_sign_params_new();
00049         if (key_id->params) {
00050             key_id->params->owner = ldns_rdf_clone(dname);
00051             key_id->params->algorithm = key_id->algorithm;
00052             key_id->params->flags = key_id->flags;
00053         } else {
00054             /* could not create params */
00055             se_log_error("could not create params for key %s",
00056                 key_id->locator?key_id->locator:"(null)");
00057             return 1;
00058         }
00059     }
00060 
00061     /* lookup key */
00062     if (!key_id->hsmkey) {
00063         key_id->hsmkey = hsm_find_key_by_id(ctx, key_id->locator);
00064 
00065         if (key_id->hsmkey) {
00066             key_id->dnskey = hsm_get_dnskey(ctx, key_id->hsmkey,
00067                 key_id->params);
00068         } else {
00069             /* could not find key */
00070             se_log_error("could not find key %s",
00071                 key_id->locator?key_id->locator:"(null)");
00072             return 1;
00073         }
00074     }
00075 
00076     if (!key_id->dnskey) {
00077         return 1;
00078     }
00079     key_id->params->keytag = ldns_calc_keytag(key_id->dnskey);
00080     return 0;
00081 }
00082 
00087 ldns_rr*
00088 hsm_sign_rrset_with_key(hsm_ctx_t* ctx, ldns_rdf* dname, key_type* key_id,
00089     ldns_rr_list* rrset, time_t inception, time_t expiration)
00090 {
00091     se_log_assert(dname);
00092     se_log_assert(key_id);
00093     se_log_assert(rrset);
00094     se_log_assert(inception);
00095     se_log_assert(expiration);
00096 
00097     if (!key_id->params) {
00098         key_id->params = hsm_sign_params_new();
00099         if (key_id->params) {
00100             key_id->params->owner = ldns_rdf_clone(dname);
00101             key_id->params->algorithm = key_id->algorithm;
00102             key_id->params->flags = key_id->flags;
00103         } else {
00104             /* could not create params */
00105             se_log_error("could not create params for key %s",
00106                 key_id->locator?key_id->locator:"(null)");
00107             return NULL;
00108         }
00109     }
00110 
00111     key_id->params->inception = inception;
00112     key_id->params->expiration = expiration;
00113 
00114     /* lookup key */
00115     if (!key_id->hsmkey) {
00116         key_id->hsmkey = hsm_find_key_by_id(ctx, key_id->locator);
00117 
00118         if (!key_id->hsmkey) {
00119             /* could not find key */
00120             se_log_error("could not find key %s",
00121                 key_id->locator?key_id->locator:"(null)");
00122             return NULL;
00123         }
00124     }
00125 
00126     if (!key_id->dnskey) {
00127         key_id->dnskey = hsm_get_dnskey(ctx, key_id->hsmkey, key_id->params);
00128         if (!key_id->dnskey) {
00129             /* could not find key */
00130             se_log_error("could not create DNSKEY for %s",
00131                 key_id->locator?key_id->locator:"(null)");
00132             return NULL;
00133         }
00134     }
00135 
00136     if (!key_id->params->keytag) {
00137         key_id->params->keytag = ldns_calc_keytag(key_id->dnskey);
00138     }
00139 
00140     se_log_debug("HSM sign RRset[%i] with key %s tag %u",
00141         ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)),
00142         key_id->locator?key_id->locator:"(null)", key_id->params->keytag);
00143     return hsm_sign_rrset(ctx, rrset, key_id->hsmkey, key_id->params);
00144 }