upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-28 01:28:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

997. [func] Add support for RSA-SHA1 keys (RFC3110).

Browse source
This commit is contained in:
Mark Andrews 2003-08-04 01:04:44 +00:00
parent 96e8abc92a
commit 3b89807475
11 changed files with 53 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGES
View file

@ -1,3 +1,5 @@
997. [func] Add support for RSA-SHA1 keys (RFC3110).
996. [func] Issue warning if the configuration filename contains
the chroot path.

7
bin/dnssec/dnssec-keygen.c
View file

@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.48.2.1.10.1 2003/08/01 23:50:46 marka Exp $ */
/* $Id: dnssec-keygen.c,v 1.48.2.1.10.2 2003/08/04 01:04:42 marka Exp $ */
#include <config.h>
@ -48,6 +48,8 @@
const char *program = "dnssec-keygen";
int verbose;
static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5";
static isc_boolean_t
dsa_size_ok(int size) {
return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0));
@ -59,8 +61,7 @@ usage(void) {
fprintf(stderr, " %s -a alg -b bits -n type [options] name\n\n",
program);
fprintf(stderr, "Required options:\n");
fprintf(stderr, " -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5"
"\n");
fprintf(stderr, " -a algorithm: %s\n", algs);
fprintf(stderr, " -b key size, in bits:\n");
fprintf(stderr, " RSA:\t\t[512..%d]\n", MAX_RSA);
fprintf(stderr, " DH:\t\t[128..4096]\n");

5
lib/dns/rdata.c
View file

@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rdata.c,v 1.147.2.11 2003/07/30 01:04:15 marka Exp $ */
/* $Id: rdata.c,v 1.147.2.11.2.1 2003/08/04 01:04:42 marka Exp $ */
#include <config.h>
#include <ctype.h>
@ -270,13 +270,14 @@ static const char decdigits[] = "0123456789";
{ 254, "OID", 0}, \
{ 0, NULL, 0}
/* RFC2535 section 7 */
/* RFC2535 section 7, RFC3110 */
#define SECALGNAMES \
{ 1, "RSAMD5", 0 }, \
{ 2, "DH", 0 }, \
{ 3, "DSA", 0 }, \
{ 4, "ECC", 0 }, \
{ 5, "RSASHA1", 0 }, \
{ 252, "INDIRECT", 0 }, \
{ 253, "PRIVATEDNS", 0 }, \
{ 254, "PRIVATEOID", 0 }, \

5
lib/dns/sec/dst/dst_api.c
View file

@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.88.2.3 2003/07/23 06:57:53 marka Exp $
* $Id: dst_api.c,v 1.88.2.3.2.1 2003/08/04 01:04:43 marka Exp $
*/
#include <config.h>
@ -138,6 +138,7 @@ dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) {
#ifdef OPENSSL
RETERR(dst__openssl_init());
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5]));
RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1]));
RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA]));
RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
#endif
@ -697,6 +698,7 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
switch (key->key_alg) {
case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1:
*n = (key->key_size + 7) / 8;
break;
case DST_ALG_DSA:
@ -726,6 +728,7 @@ dst_key_secretsize(const dst_key_t *key, unsigned int *n) {
*n = (key->key_size + 7) / 8;
break;
case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1:
case DST_ALG_DSA:
case DST_ALG_HMACMD5:
default:

15
lib/dns/sec/dst/dst_parse.c
View file

@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_parse.c,v 1.31.2.1 2001/09/15 00:37:18 gson Exp $
* $Id: dst_parse.c,v 1.31.2.1.10.1 2003/08/04 01:04:43 marka Exp $
*/
#include <config.h>
@ -39,10 +39,6 @@
#define PRIVATE_KEY_STR "Private-key-format:"
#define ALGORITHM_STR "Algorithm:"
#define RSA_STR "RSA"
#define DH_STR "DH"
#define DSA_STR "DSA"
#define HMACMD5_STR "HMAC_MD5"
struct parse_map {
const int value;
@ -157,6 +153,7 @@ static int
check_data(const dst_private_t *priv, const unsigned int alg) {
switch (alg) {
case DST_ALG_RSAMD5:
case DST_ALG_RSASHA1:
return (check_rsa(priv));
case DST_ALG_DH:
return (check_dh(priv));
@ -185,8 +182,9 @@ dst__privstruct_free(dst_private_t *priv, isc_mem_t *mctx) {
}
int
dst__privstruct_parsefile(dst_key_t *key, const char *filename,
isc_mem_t *mctx, dst_private_t *priv)
dst__privstruct_parsefile(dst_key_t *key, unsigned int alg,
const char *filename, isc_mem_t *mctx,
dst_private_t *priv)
{
int n = 0, major, minor;
isc_buffer_t b;
@ -329,7 +327,7 @@ dst__privstruct_parsefile(dst_key_t *key, const char *filename,
done:
priv->nelements = n;
if (check_data(priv, dst_key_alg(key)) < 0)
if (check_data(priv, alg) < 0)
goto fail;
isc_lex_close(lex);
@ -390,6 +388,7 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
case DST_ALG_RSAMD5: fprintf(fp, "(RSA)\n"); break;
case DST_ALG_DH: fprintf(fp, "(DH)\n"); break;
case DST_ALG_DSA: fprintf(fp, "(DSA)\n"); break;
case DST_ALG_RSASHA1: fprintf(fp, "(RSASHA1)\n"); break;
case DST_ALG_HMACMD5: fprintf(fp, "(HMAC_MD5)\n"); break;
default : fprintf(fp, "(?)\n"); break;
}

7
lib/dns/sec/dst/dst_parse.h
View file

@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dst_parse.h,v 1.19 2001/05/10 19:07:13 bwelling Exp $ */
/* $Id: dst_parse.h,v 1.19.12.1 2003/08/04 01:04:43 marka Exp $ */
#ifndef DST_DST_PARSE_H
#define DST_DST_PARSE_H 1
@ -84,8 +84,9 @@ void
dst__privstruct_free(dst_private_t *priv, isc_mem_t *mctx);
int
dst__privstruct_parsefile(dst_key_t *key, const char *filename,
isc_mem_t *mctx, dst_private_t *priv);
dst__privstruct_parsefile(dst_key_t *key, unsigned int alg,
const char *filename, isc_mem_t *mctx,
dst_private_t *priv);
int
dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,

5
lib/dns/sec/dst/hmac_link.c
View file

@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: hmac_link.c,v 1.53.2.1 2001/12/19 01:29:33 marka Exp $
* $Id: hmac_link.c,v 1.53.2.1.8.1 2003/08/04 01:04:43 marka Exp $
*/
#include <config.h>
@ -248,7 +248,8 @@ hmacmd5_fromfile(dst_key_t *key, const char *filename) {
isc_mem_t *mctx = key->mctx;
/* read private key file */
ret = dst__privstruct_parsefile(key, filename, mctx, &priv);
ret = dst__privstruct_parsefile(key, DST_ALG_HMACMD5, filename, mctx,
&priv);
if (ret != ISC_R_SUCCESS)
return (ret);

4
lib/dns/sec/dst/include/dst/dst.h
View file

@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dst.h,v 1.42.2.1 2001/12/19 01:09:58 marka Exp $ */
/* $Id: dst.h,v 1.42.2.1.8.1 2003/08/04 01:04:44 marka Exp $ */
#ifndef DST_DST_H
#define DST_DST_H 1
@ -45,6 +45,8 @@ typedef struct dst_context dst_context_t;
#define DST_ALG_RSA DST_ALG_RSAMD5 /* backwards compatibility */
#define DST_ALG_DH 2
#define DST_ALG_DSA 3
#define DST_ALG_ECC 4
#define DST_ALG_RSASHA1 5
#define DST_ALG_HMACMD5 157
#define DST_ALG_GSSAPI 160
#define DST_ALG_PRIVATE 254

5
lib/dns/sec/dst/openssldh_link.c
View file

@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: openssldh_link.c,v 1.38.2.2 2001/12/19 01:29:34 marka Exp $
* $Id: openssldh_link.c,v 1.38.2.2.8.1 2003/08/04 01:04:44 marka Exp $
*/
#ifdef OPENSSL
@ -443,7 +443,8 @@ openssldh_fromfile(dst_key_t *key, const char *filename) {
mctx = key->mctx;
/* read private key file */
ret = dst__privstruct_parsefile(key, filename, mctx, &priv);
ret = dst__privstruct_parsefile(key, DST_ALG_DH, filename, mctx,
&priv);
if (ret != ISC_R_SUCCESS)
return (ret);

5
lib/dns/sec/dst/openssldsa_link.c
View file

@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: openssldsa_link.c,v 1.4.2.1 2001/12/19 01:29:35 marka Exp $ */
/* $Id: openssldsa_link.c,v 1.4.2.1.8.1 2003/08/04 01:04:44 marka Exp $ */
#ifdef OPENSSL
@ -364,7 +364,8 @@ openssldsa_fromfile(dst_key_t *key, const char *filename) {
#define DST_RET(a) {ret = a; goto err;}
/* read private key file */
ret = dst__privstruct_parsefile(key, filename, mctx, &priv);
ret = dst__privstruct_parsefile(key, DST_ALG_DSA, filename, mctx,
&priv);
if (ret != ISC_R_SUCCESS)
return (ret);

19
lib/dns/sec/dst/opensslrsa_link.c
View file

@ -17,7 +17,7 @@
/*
* Principal Author: Brian Wellington
* $Id: opensslrsa_link.c,v 1.12.2.4 2003/07/24 06:18:42 marka Exp $
* $Id: opensslrsa_link.c,v 1.12.2.4.2.1 2003/08/04 01:04:44 marka Exp $
*/
#ifdef OPENSSL
@ -44,6 +44,8 @@ static isc_result_t opensslrsa_todns(const dst_key_t *key, isc_buffer_t *data);
static isc_result_t
opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
UNUSED(key);
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1);
if (dctx->key->key_alg == DST_ALG_RSAMD5) {
isc_md5_t *md5ctx;
@ -64,6 +66,9 @@ opensslrsa_createctx(dst_key_t *key, dst_context_t *dctx) {
static void
opensslrsa_destroyctx(dst_context_t *dctx) {
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1);
if (dctx->key->key_alg == DST_ALG_RSAMD5) {
isc_md5_t *md5ctx = dctx->opaque;
@ -84,6 +89,9 @@ opensslrsa_destroyctx(dst_context_t *dctx) {
static isc_result_t
opensslrsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1);
if (dctx->key->key_alg == DST_ALG_RSAMD5) {
isc_md5_t *md5ctx = dctx->opaque;
isc_md5_update(md5ctx, data->base, data->length);
@ -106,6 +114,9 @@ opensslrsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
int type;
unsigned int digestlen;
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1);
isc_buffer_availableregion(sig, &r);
if (r.length < (unsigned int) RSA_size(rsa))
@ -144,6 +155,9 @@ opensslrsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
int type;
unsigned int digestlen;
REQUIRE(dctx->key->key_alg == DST_ALG_RSAMD5 ||
dctx->key->key_alg == DST_ALG_RSASHA1);
if (dctx->key->key_alg == DST_ALG_RSAMD5) {
isc_md5_t *md5ctx = dctx->opaque;
isc_md5_final(md5ctx, digest);
@ -428,7 +442,8 @@ opensslrsa_fromfile(dst_key_t *key, const char *filename) {
#define DST_RET(a) {ret = a; goto err;}
/* read private key file */
ret = dst__privstruct_parsefile(key, filename, mctx, &priv);
ret = dst__privstruct_parsefile(key, DST_ALG_RSA, filename, mctx,
&priv);
if (ret != ISC_R_SUCCESS)
return (ret);