dst_api.c

DHCP服务器源码

	memset(out_storage, 0, out_len);
	val = (u_int16_t)(key->dk_flags & 0xffff);
	out_storage[0] = (val >> 8) & 0xff;
	out_storage[1] = val        & 0xff;
	loc += 2;

	out_storage[loc++] = (u_char) key->dk_proto;
	out_storage[loc++] = (u_char) key->dk_alg;

	if (key->dk_flags > 0xffff) {	/* Extended flags */
		val = (u_int16_t)((key->dk_flags >> 16) & 0xffff);
		out_storage[loc]   = (val >> 8) & 0xff;
		out_storage[loc+1] = val        & 0xff;
		loc += 2;
	}
	if (key->dk_KEY_struct == NULL)
		return (loc);
	if (key->dk_func && key->dk_func->to_dns_key) {
		enc_len = key->dk_func->to_dns_key(key,
						 (u_char *) &out_storage[loc],
						   out_len - loc);
		if (enc_len > 0)
			return (enc_len + loc);
		else
			return (-1);
	} else
		EREPORT(("dst_key_to_dnskey(): Unsupported ALG %d\n",
			 key->dk_alg));
	return (-1);
}


/*
 *  dst_buffer_to_key
 *	Function to encode a string of raw data into a DST key
 *  Parameters
 *	alg		The algorithm (HMAC only)
 *	key		A pointer to the data
 *	keylen		The length of the data
 *  Returns
 *	NULL	    an error occurred
 *	NON-NULL	the DST key
 */
DST_KEY *
dst_buffer_to_key(const char *key_name,		/* name of the key */
		  const int alg,		/* algorithm */
		  const unsigned flags,		/* dns flags */
		  const int protocol,		/* dns protocol */
		  const u_char *key_buf,	/* key in dns wire fmt */
		  const unsigned key_len)		/* size of key */
{
	
	DST_KEY *dkey = NULL; 

	if (!dst_check_algorithm(alg)) { /* make sure alg is available */
		EREPORT(("dst_buffer_to_key(): Algorithm %d not suppored\n", alg));
		return (NULL);
	}

	dkey = dst_s_get_key_struct(key_name, alg, flags,  protocol, -1);

	if (dkey == NULL)
		return (NULL);
	if (dkey->dk_func != NULL &&
	    dkey->dk_func->from_dns_key != NULL) {
		if (dkey->dk_func->from_dns_key(dkey, key_buf, key_len) < 0) {
			EREPORT(("dst_buffer_to_key(): dst_buffer_to_hmac failed\n"));
			return (dst_free_key(dkey));
		}
		return (dkey);
	}
	return (NULL);
}

int 
dst_key_to_buffer(DST_KEY *key, u_char *out_buff, unsigned buf_len)
{
	int len;
  /* this function will extrac the secret of HMAC into a buffer */
	if(key == NULL) 
		return (0);
	if(key->dk_func != NULL && key->dk_func != NULL) {
		len = key->dk_func->to_dns_key(key, out_buff, buf_len);
		if (len < 0)
			return (0);
		return (len);
	}
	return (0);
}


/*
 * dst_s_read_private_key_file
 *     Function reads in private key from a file.
 *     Fills out the KEY structure.
 * Parameters
 *     name    Name of the key to be read.
 *     pk_key  Structure that the key is returned in.
 *     in_id   Key identifier (tag)
 * Return
 *     1 if everthing works
 *     0 if there is any problem
 */

static int
dst_s_read_private_key_file(char *name, DST_KEY *pk_key, unsigned in_id,
			    int in_alg)
{
	int cnt, alg, len, major, minor, file_major, file_minor;
	int id;
	char filename[PATH_MAX];
	u_char in_buff[RAW_KEY_SIZE], *p;
	FILE *fp;

	if (name == NULL || pk_key == NULL) {
		EREPORT(("dst_read_private_key_file(): No key name given\n"));
		return (0);
	}
	/* Make the filename */
	if (dst_s_build_filename(filename, name, in_id, in_alg, PRIVATE_KEY,
				 PATH_MAX) == -1) {
		EREPORT(("dst_read_private_key(): Cannot make filename from %s, %d, and %s\n",
			 name, in_id, PRIVATE_KEY));
		return (0);
	}
	/* first check if we can find the key file */
	if ((fp = dst_s_fopen(filename, "r", 0)) == NULL) {
		EREPORT(("dst_s_read_private_key_file: Could not open file %s in directory %s\n",
			 filename, dst_path[0] ? dst_path :
			 (char *) getcwd(NULL, PATH_MAX - 1)));
		return (0);
	}
	/* now read the header info from the file */
	if ((cnt = fread(in_buff, 1, sizeof(in_buff), fp)) < 5) {
		fclose(fp);
		EREPORT(("dst_s_read_private_key_file: error reading file %s (empty file)\n",
			 filename));
		return (0);
	}
	/* decrypt key */
	fclose(fp);
	if (memcmp(in_buff, "Private-key-format: v", 20) != 0)
		goto fail;
	len = cnt;
	p = in_buff;

	if (!dst_s_verify_str((const char **) &p, "Private-key-format: v")) {
		EREPORT(("dst_s_read_private_key_file(): Not a Key file/Decrypt failed %s\n", name));
		goto fail;
	}
	/* read in file format */
	sscanf((char *)p, "%d.%d", &file_major, &file_minor);
	sscanf(KEY_FILE_FORMAT, "%d.%d", &major, &minor);
	if (file_major < 1) {
		EREPORT(("dst_s_read_private_key_file(): Unknown keyfile %d.%d version for %s\n",
			 file_major, file_minor, name));
		goto fail;
	} else if (file_major > major || file_minor > minor)
		EREPORT((
				"dst_s_read_private_key_file(): Keyfile %s version higher than mine %d.%d MAY FAIL\n",
				name, file_major, file_minor));

	while (*p++ != '\n') ;	/* skip to end of line */

	if (!dst_s_verify_str((const char **) &p, "Algorithm: "))
		goto fail;

	if (sscanf((char *)p, "%d", &alg) != 1)
		goto fail;
	while (*p++ != '\n') ;	/* skip to end of line */

	if (pk_key->dk_key_name && !strcmp(pk_key->dk_key_name, name))
		SAFE_FREE2(pk_key->dk_key_name, strlen(pk_key->dk_key_name));
	pk_key->dk_key_name = (char *) strdup(name);

	/* allocate and fill in key structure */
	if (pk_key->dk_func == NULL || pk_key->dk_func->from_file_fmt == NULL)
		goto fail;

	id = pk_key->dk_func->from_file_fmt(pk_key, (char *)p,
					    (unsigned)(&in_buff[len] - p));
	if (id < 0)
		goto fail;

	/* Make sure the actual key tag matches the input tag used in the filename
	 */
	if (id != in_id) {
		EREPORT(("dst_s_read_private_key_file(): actual tag of key read %d != input tag used to build filename %d.\n", id, in_id));
		goto fail;
	}
	pk_key->dk_id = (u_int16_t) id;
	pk_key->dk_alg = alg;
	memset(in_buff, 0, (unsigned)cnt);
	return (1);

 fail:
	memset(in_buff, 0, (unsigned)cnt);
	return (0);
}


/*
 *  dst_generate_key
 *	Generate and store a public/private keypair.
 *	Keys will be stored in formatted files.
 *  Parameters
 *	name    Name of the new key.  Used to create key files
 *		  K<name>+<alg>+<id>.public and K<name>+<alg>+<id>.private.
 *	bits    Size of the new key in bits.
 *	exp     What exponent to use:
 *		  0	   use exponent 3
 *		  non-zero    use Fermant4
 *	flags   The default value of the DNS Key flags.
 *		  The DNS Key RR Flag field is defined in RFC 2065,
 *		  section 3.3.  The field has 16 bits.
 *	protocol
 *	      Default value of the DNS Key protocol field.
 *		  The DNS Key protocol field is defined in RFC 2065,
 *		  section 3.4.  The field has 8 bits.
 *	alg     What algorithm to use.  Currently defined:
 *		  KEY_RSA       1
 *		  KEY_DSA       3
 *		  KEY_HMAC    157
 *	out_id The key tag is returned.
 *
 *  Return
 *	NULL		Failure
 *	non-NULL 	the generated key pair
 *			Caller frees the result, and its dk_name pointer.
 */
DST_KEY *
dst_generate_key(const char *name, const int bits, const int exp,
		 const unsigned flags, const int protocol, const int alg)
{
	DST_KEY *new_key = NULL;
	int res;
	if (name == NULL)
		return (NULL);

	if (!dst_check_algorithm(alg)) { /* make sure alg is available */
		EREPORT(("dst_generate_key(): Algorithm %d not suppored\n", alg));
		return (NULL);
	}

	new_key = dst_s_get_key_struct(name, alg, flags, protocol, bits);
	if (new_key == NULL)
		return (NULL);
	if (bits == 0) /* null key we are done */
		return (new_key);
	if (new_key->dk_func == NULL || new_key->dk_func->generate == NULL) {
		EREPORT(("dst_generate_key_pair():Unsupported algorithm %d\n",
			 alg));
		return (dst_free_key(new_key));
	}
	if ((res = new_key->dk_func->generate(new_key, exp)) <= 0) {
		EREPORT(("dst_generate_key_pair(): Key generation failure %s %d %d %d\n",
			 new_key->dk_key_name, new_key->dk_alg,
			 new_key->dk_key_size, exp));
		return (dst_free_key(new_key));
	}
	return (new_key);
}


/*
 *  dst_free_key
 *	Release all data structures pointed to by a key structure.
 *  Parameters
 *	f_key   Key structure to be freed.
 */

DST_KEY *
dst_free_key(DST_KEY *f_key)
{

	if (f_key == NULL)
		return (f_key);
	if (f_key->dk_func && f_key->dk_func->destroy)
		f_key->dk_KEY_struct =
			f_key->dk_func->destroy(f_key->dk_KEY_struct);
	else {
		EREPORT(("dst_free_key(): Unknown key alg %d\n",
			 f_key->dk_alg));
		free(f_key->dk_KEY_struct);	/* SHOULD NOT happen */
	}
	if (f_key->dk_KEY_struct) {
		free(f_key->dk_KEY_struct);
		f_key->dk_KEY_struct = NULL;
	}
	if (f_key->dk_key_name)
		SAFE_FREE(f_key->dk_key_name);
	SAFE_FREE(f_key);
	return (NULL);
}

/*
 * dst_sig_size
 *	Return the maximim size of signature from the key specified in bytes
 * Parameters
 *      key 
 * Returns
 *     bytes
 */
int
dst_sig_size(DST_KEY *key) {
	switch (key->dk_alg) {
	    case KEY_HMAC_MD5:
		return (16);
	    case KEY_HMAC_SHA1:
		return (20);
	    case KEY_RSA:
		return (key->dk_key_size + 7) / 8;
	    case KEY_DSA:
		return (40);
	    default:
		EREPORT(("dst_sig_size(): Unknown key alg %d\n", key->dk_alg));
		return -1;
	}
}

/* 
 * dst_random 
 *  function that multiplexes number of random number generators
 * Parameters  
 *   mode: select the random number generator
 *   wanted is how many bytes of random data are requested 
 *   outran is a buffer of size at least wanted for the output data
 *
 * Returns
 *    number of bytes written to outran
 */
int 
dst_random(const int mode, unsigned wanted, u_char *outran)
{
	u_int32_t *buff = NULL, *bp = NULL;
	int i;
	if (wanted <= 0 || outran == NULL) 
		return (0);

	switch (mode) {
	case DST_RAND_SEMI: 
		bp = buff = (u_int32_t *) malloc(wanted+sizeof(u_int32_t));
		for (i = 0; i < wanted; i+= sizeof(u_int32_t), bp++) {
			*bp = dst_s_quick_random(i);
		}
		memcpy(outran, buff, (unsigned)wanted);
		SAFE_FREE(buff);
		return (wanted);
	case DST_RAND_STD:
		return (dst_s_semi_random(outran, wanted));
	case DST_RAND_KEY:
		return (dst_s_random(outran, wanted));
	case DST_RAND_DSS:
	default:
		/* need error case here XXX OG */
		return (0);
	}
}