OpenDNSSEC-signer  1.3.4
/build/buildd/opendnssec-1.3.4/signer/src/shared/hsm.c
Go to the documentation of this file.
00001 /*
00002  * $Id: hsm.c 5380 2011-08-09 21:00:32Z matthijs $
00003  *
00004  * Copyright (c) 2009 NLNet Labs. All rights reserved.
00005  *
00006  * Redistribution and use in source and binary forms, with or without
00007  * modification, are permitted provided that the following conditions
00008  * are met:
00009  * 1. Redistributions of source code must retain the above copyright
00010  *    notice, this list of conditions and the following disclaimer.
00011  * 2. Redistributions in binary form must reproduce the above copyright
00012  *    notice, this list of conditions and the following disclaimer in the
00013  *    documentation and/or other materials provided with the distribution.
00014  *
00015  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
00016  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
00017  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
00018  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
00019  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
00020  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
00021  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
00022  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
00023  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
00024  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
00025  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
00026  *
00027  */
00028 
00034 #include "shared/hsm.h"
00035 #include "shared/log.h"
00036 
00037 static const char* hsm_str = "hsm";
00038 
00039 
00044 ods_status
00045 lhsm_get_key(hsm_ctx_t* ctx, ldns_rdf* owner, key_type* key_id)
00046 {
00047     char *error = NULL;
00048 
00049     if (!owner || !key_id) {
00050         ods_log_error("[%s] unable to get key: missing required elements",
00051             hsm_str);
00052         return ODS_STATUS_ASSERT_ERR;
00053     }
00054     ods_log_assert(owner);
00055     ods_log_assert(key_id);
00056 
00057     /* set parameters */
00058     if (!key_id->params) {
00059         key_id->params = hsm_sign_params_new();
00060         if (key_id->params) {
00061             key_id->params->owner = ldns_rdf_clone(owner);
00062             key_id->params->algorithm = key_id->algorithm;
00063             key_id->params->flags = key_id->flags;
00064         } else {
00065             /* could not create params */
00066             error = hsm_get_error(ctx);
00067             if (error) {
00068                 ods_log_error("[%s] %s", hsm_str, error);
00069                 free((void*)error);
00070             }
00071             ods_log_error("[%s] unable to get key: create params for key %s "
00072                 "failed", hsm_str, key_id->locator?key_id->locator:"(null)");
00073             return ODS_STATUS_ERR;
00074         }
00075     }
00076 
00077     /* lookup key */
00078     if (!key_id->hsmkey) {
00079         key_id->hsmkey = hsm_find_key_by_id(ctx, key_id->locator);
00080     }
00081     if (!key_id->hsmkey) {
00082         error = hsm_get_error(ctx);
00083         if (error) {
00084             ods_log_error("[%s] %s", hsm_str, error);
00085             free((void*)error);
00086         }
00087         /* could not find key */
00088         ods_log_error("[%s] unable to get key: key %s not found", hsm_str,
00089             key_id->locator?key_id->locator:"(null)");
00090         return ODS_STATUS_ERR;
00091     }
00092 
00093     /* get dnskey */
00094     if (!key_id->dnskey) {
00095         key_id->dnskey = hsm_get_dnskey(ctx, key_id->hsmkey, key_id->params);
00096     }
00097     if (!key_id->dnskey) {
00098         error = hsm_get_error(ctx);
00099         if (error) {
00100             ods_log_error("[%s] %s", hsm_str, error);
00101             free((void*)error);
00102         }
00103         ods_log_error("[%s] unable to get key: hsm failed to create dnskey",
00104             hsm_str);
00105         return ODS_STATUS_ERR;
00106     }
00107     key_id->params->keytag = ldns_calc_keytag(key_id->dnskey);
00108     return ODS_STATUS_OK;
00109 }
00110 
00115 ldns_rr*
00116 lhsm_sign(hsm_ctx_t* ctx, ldns_rr_list* rrset, key_type* key_id,
00117     ldns_rdf* owner, time_t inception, time_t expiration)
00118 {
00119     ods_status status = ODS_STATUS_OK;
00120     char* error = NULL;
00121     ldns_rr* result = NULL;
00122     hsm_sign_params_t* params = NULL;
00123 
00124     if (!owner || !key_id || !rrset || !inception || !expiration) {
00125         ods_log_error("[%s] unable to sign: missing required elements",
00126             hsm_str);
00127         return NULL;
00128     }
00129     ods_log_assert(owner);
00130     ods_log_assert(key_id);
00131     ods_log_assert(rrset);
00132     ods_log_assert(inception);
00133     ods_log_assert(expiration);
00134 
00135     if (!key_id->dnskey) {
00136         status = lhsm_get_key(ctx, owner, key_id);
00137         if (status != ODS_STATUS_OK) {
00138             error = hsm_get_error(ctx);
00139             if (error) {
00140                 ods_log_error("[%s] %s", hsm_str, error);
00141                 free((void*)error);
00142             }
00143             ods_log_error("[%s] unable to sign: get key failed", hsm_str);
00144             return NULL;
00145         }
00146     }
00147     ods_log_assert(key_id->dnskey);
00148     ods_log_assert(key_id->hsmkey);
00149     ods_log_assert(key_id->params);
00150 
00151     params = hsm_sign_params_new();
00152     params->owner = ldns_rdf_clone(key_id->params->owner);
00153     params->algorithm = key_id->algorithm;
00154     params->flags = key_id->flags;
00155     params->inception = inception;
00156     params->expiration = expiration;
00157     params->keytag = ldns_calc_keytag(key_id->dnskey);
00158     ods_log_debug("[%s] sign RRset[%i] with key %s tag %u", hsm_str,
00159         ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)),
00160         key_id->locator?key_id->locator:"(null)", params->keytag);
00161     result = hsm_sign_rrset(ctx, rrset, key_id->hsmkey, params);
00162     hsm_sign_params_free(params);
00163 
00164     if (!result) {
00165         error = hsm_get_error(ctx);
00166         if (error) {
00167             ods_log_error("[%s] %s", hsm_str, error);
00168             free((void*)error);
00169         }
00170     }
00171     return result;
00172 }