From: Bert Hubert Date: Fri, 31 Dec 2010 13:39:12 +0000 (+0000) Subject: in preparation for database storage of keys, move out some infrastructure code from... X-Git-Tag: auth-3.0~468 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=673208a2d6abedcfb3f0102616a4a51dec915ac4;p=pdns in preparation for database storage of keys, move out some infrastructure code from the fsdnsseckeeper to dnssecinfra git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@1779 d19b8d6e-7fed-0310-83ef-9ca221ded41b --- diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc index 3ab57d65f..4987851af 100644 --- a/pdns/dnssecinfra.cc +++ b/pdns/dnssecinfra.cc @@ -13,9 +13,57 @@ #include #include "dnssecinfra.hh" #include "dnsseckeeper.hh" +#include +#include +#include // for 'operator+=()' +#include + using namespace boost; using namespace std; +using namespace boost::assign; + + +void RSAContext::create(unsigned int bits) +{ + havege_state hs; + havege_init( &hs ); + + rsa_init(&d_context, RSA_PKCS_V15, 0, havege_rand, &hs ); // FIXME this leaks memory + int ret=rsa_gen_key(&d_context, bits, 65537); + if(ret < 0) + throw runtime_error("Key generation failed"); +} + +std::string RSAContext::convertToISC(unsigned int algorithm) +{ + string ret; + typedef vector > outputs_t; + outputs_t outputs; + push_back(outputs)("Modulus", &d_context.N)("PublicExponent",&d_context.E) + ("PrivateExponent",&d_context.D) + ("Prime1",&d_context.P) + ("Prime2",&d_context.Q) + ("Exponent1",&d_context.DP) + ("Exponent2",&d_context.DQ) + ("Coefficient",&d_context.QP); + + ret = "Private-key-format: v1.2\nAlgorithm: "+lexical_cast(algorithm)+" (RSASHA1)\n"; + + BOOST_FOREACH(outputs_t::value_type value, outputs) { + ret += value.first; + ret += ": "; + unsigned char tmp[mpi_size(value.second)]; + mpi_write_binary(value.second, tmp, sizeof(tmp)); + unsigned char base64tmp[sizeof(tmp)*2]; + int dlen=sizeof(base64tmp); + base64_encode(base64tmp, &dlen, tmp, sizeof(tmp)); + ret.append((const char*)base64tmp, dlen); + ret.append(1, '\n'); + } + return ret; +} + DNSKEYRecordContent getRSAKeyFromISC(rsa_context* rsa, const char* fname) { @@ -204,6 +252,8 @@ int countLabels(const std::string& signQName) return count; } + + DNSKEYRecordContent getDNSKEYFor(const std::string& keyRepositoryDir, const std::string& qname, bool withKSK, RSAContext* rc) { DNSSECKeeper dk(keyRepositoryDir); @@ -345,3 +395,7 @@ std::string hashQNameWithSalt(unsigned int times, const std::string& salt, const } return string((char*)hash, 20); } +DNSKEYRecordContent DNSSECPrivateKey::getDNSKEY() const +{ + return makeDNSKEYFromRSAKey(&d_key.getConstContext(), d_algorithm, d_flags); +} diff --git a/pdns/fsdnsseckeeper.cc b/pdns/fsdnsseckeeper.cc index 80dd61d3b..4d1a87313 100644 --- a/pdns/fsdnsseckeeper.cc +++ b/pdns/fsdnsseckeeper.cc @@ -20,46 +20,6 @@ namespace fs = boost::filesystem; using namespace std; using namespace boost; -void RSAContext::create(unsigned int bits) -{ - havege_state hs; - havege_init( &hs ); - - rsa_init(&d_context, RSA_PKCS_V15, 0, havege_rand, &hs ); // FIXME this leaks memory - int ret=rsa_gen_key(&d_context, bits, 65537); - if(ret < 0) - throw runtime_error("Key generation failed"); -} - -std::string RSAContext::convertToISC(unsigned int algorithm) -{ - string ret; - typedef vector > outputs_t; - outputs_t outputs; - push_back(outputs)("Modulus", &d_context.N)("PublicExponent",&d_context.E) - ("PrivateExponent",&d_context.D) - ("Prime1",&d_context.P) - ("Prime2",&d_context.Q) - ("Exponent1",&d_context.DP) - ("Exponent2",&d_context.DQ) - ("Coefficient",&d_context.QP); - - ret = "Private-key-format: v1.2\nAlgorithm: "+lexical_cast(algorithm)+" (RSASHA1)\n"; - - BOOST_FOREACH(outputs_t::value_type value, outputs) { - ret += value.first; - ret += ": "; - unsigned char tmp[mpi_size(value.second)]; - mpi_write_binary(value.second, tmp, sizeof(tmp)); - unsigned char base64tmp[sizeof(tmp)*2]; - int dlen=sizeof(base64tmp); - base64_encode(base64tmp, &dlen, tmp, sizeof(tmp)); - ret.append((const char*)base64tmp, dlen); - ret.append(1, '\n'); - } - return ret; -} - bool DNSSECKeeper::haveActiveKSKFor(const std::string& zone, DNSSECPrivateKey* dpk) { keyset_t keys = getKeys(zone, true); @@ -288,10 +248,6 @@ DNSSECKeeper::keyset_t DNSSECKeeper::getKeys(const std::string& zone, boost::tri return keyset; } -DNSKEYRecordContent DNSSECPrivateKey::getDNSKEY() const -{ - return makeDNSKEYFromRSAKey(&d_key.getConstContext(), d_algorithm, d_flags); -} void DNSSECKeeper::secureZone(const std::string& name, int algorithm)