"Fossies" - the Fresh Open Source Software Archive

Member "knot-2.8.3/src/libdnssec/keystore/keystore.c" (16 Jul 2019, 3964 Bytes) of package /linux/misc/dns/knot-2.8.3.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "keystore.c" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 2.7.6_vs_2.8.0.

    1 /*  Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
    2 
    3     This program is free software: you can redistribute it and/or modify
    4     it under the terms of the GNU General Public License as published by
    5     the Free Software Foundation, either version 3 of the License, or
    6     (at your option) any later version.
    7 
    8     This program is distributed in the hope that it will be useful,
    9     but WITHOUT ANY WARRANTY; without even the implied warranty of
   10     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   11     GNU General Public License for more details.
   12 
   13     You should have received a copy of the GNU General Public License
   14     along with this program.  If not, see <https://www.gnu.org/licenses/>.
   15 */
   16 
   17 #include <assert.h>
   18 #include <stdlib.h>
   19 
   20 #include "libdnssec/error.h"
   21 #include "libdnssec/key.h"
   22 #include "libdnssec/key/algorithm.h"
   23 #include "libdnssec/key/dnskey.h"
   24 #include "libdnssec/key/internal.h"
   25 #include "libdnssec/key/privkey.h"
   26 #include "libdnssec/keyid.h"
   27 #include "libdnssec/keystore.h"
   28 #include "libdnssec/keystore/internal.h"
   29 #include "libdnssec/shared/shared.h"
   30 
   31 /* -- internal API --------------------------------------------------------- */
   32 
   33 int keystore_create(dnssec_keystore_t **store_ptr,
   34             const keystore_functions_t *functions)
   35 {
   36     assert(store_ptr);
   37     assert(functions);
   38 
   39     dnssec_keystore_t *store = calloc(1, sizeof(*store));
   40     if (!store) {
   41         return DNSSEC_ENOMEM;
   42     }
   43 
   44     store->functions = functions;
   45 
   46     int result = functions->ctx_new(&store->ctx);
   47     if (result != DNSSEC_EOK) {
   48         free(store);
   49         return DNSSEC_ENOMEM;
   50     }
   51 
   52     *store_ptr = store;
   53     return DNSSEC_EOK;
   54 }
   55 
   56 /* -- public API ----------------------------------------------------------- */
   57 
   58 _public_
   59 int dnssec_keystore_deinit(dnssec_keystore_t *store)
   60 {
   61     if (!store) {
   62         return DNSSEC_EINVAL;
   63     }
   64 
   65     dnssec_keystore_close(store);
   66     store->functions->ctx_free(store->ctx);
   67 
   68     free(store);
   69 
   70     return DNSSEC_EOK;
   71 }
   72 
   73 _public_
   74 int dnssec_keystore_init(dnssec_keystore_t *store, const char *config)
   75 {
   76     if (!store) {
   77         return DNSSEC_EINVAL;
   78     }
   79 
   80     return store->functions->init(store->ctx, config);
   81 }
   82 
   83 _public_
   84 int dnssec_keystore_open(dnssec_keystore_t *store, const char *config)
   85 {
   86     if (!store) {
   87         return DNSSEC_EINVAL;
   88     }
   89 
   90     return store->functions->open(store->ctx, config);
   91 }
   92 
   93 _public_
   94 int dnssec_keystore_close(dnssec_keystore_t *store)
   95 {
   96     if (!store) {
   97         return DNSSEC_EINVAL;
   98     }
   99 
  100     return store->functions->close(store->ctx);
  101 }
  102 
  103 _public_
  104 int dnssec_keystore_generate(dnssec_keystore_t *store,
  105                  dnssec_key_algorithm_t _algorithm,
  106                  unsigned bits, char **id_ptr)
  107 {
  108     if (!store || !_algorithm || !id_ptr) {
  109         return DNSSEC_EINVAL;
  110     }
  111 
  112     // prepare parameters
  113 
  114     gnutls_pk_algorithm_t algorithm = algorithm_to_gnutls(_algorithm);
  115     if (algorithm == GNUTLS_PK_UNKNOWN) {
  116         return DNSSEC_INVALID_KEY_ALGORITHM;
  117     }
  118 
  119     if (!dnssec_algorithm_key_size_check(_algorithm, bits)) {
  120         return DNSSEC_INVALID_KEY_SIZE;
  121     }
  122 
  123     return store->functions->generate_key(store->ctx, algorithm, bits, id_ptr);
  124 }
  125 
  126 _public_
  127 int dnssec_keystore_import(dnssec_keystore_t *store, const dnssec_binary_t *pem,
  128                char **id_ptr)
  129 {
  130     if (!store || !pem || !id_ptr) {
  131         return DNSSEC_EINVAL;
  132     }
  133 
  134     return store->functions->import_key(store->ctx, pem, id_ptr);
  135 }
  136 
  137 _public_
  138 int dnssec_keystore_remove(dnssec_keystore_t *store, const char *id)
  139 {
  140     if (!store || !id) {
  141         return DNSSEC_EINVAL;
  142     }
  143 
  144     return store->functions->remove_key(store->ctx, id);
  145 }
  146 
  147 _public_
  148 int dnssec_keystore_export(dnssec_keystore_t *store, const char *id,
  149                dnssec_key_t *key)
  150 {
  151     if (!store || !id || dnssec_key_get_algorithm(key) == 0 || !key) {
  152         return DNSSEC_EINVAL;
  153     }
  154 
  155     if (key->private_key) {
  156         return DNSSEC_KEY_ALREADY_PRESENT;
  157     }
  158 
  159     gnutls_privkey_t privkey = NULL;
  160     int r = store->functions->get_private(store->ctx, id, &privkey);
  161     if (r != DNSSEC_EOK) {
  162         return r;
  163     }
  164 
  165     r = key_set_private_key(key, privkey);
  166     if (r != DNSSEC_EOK) {
  167         gnutls_privkey_deinit(privkey);
  168         return r;
  169     }
  170 
  171     return DNSSEC_EOK;
  172 }