[dnssec] internal key API split

064af6e5 · Jan Včelák · 7cbd1d9e · 064af6e5 · 064af6e5 · 064af6e5
Commit 064af6e5 authored 11 years ago by Jan Včelák
--- a/dnssec/Makefile.am
+++ b/dnssec/Makefile.am
@@ -27,14 +27,16 @@ libdnssec_la_SOURCES = \
 	lib/dnssec/sign.h \
 	lib/hex.c \
 	lib/hex.h \
+	lib/key/dnskey.c \
+	lib/key/dnskey.h \
 	lib/key/ds.c \
 	lib/key/internal.h \
 	lib/key/key.c \
 	lib/key/keyid.c \
 	lib/key/keytag.c \
 	lib/key/keytag.h \
-	lib/key/pubkey.c \
-	lib/key/pubkey.h \
+	lib/key/privkey.c \
+	lib/key/privkey.h \
 	lib/keystore/internal.h \
 	lib/keystore/keystore.c \
 	lib/keystore/pkcs11.c \

--- a/dnssec/lib/key/pubkey.c
+++ b/dnssec/lib/key/pubkey.c
@@ -8,7 +8,7 @@
 #include "binary.h"
 #include "error.h"
 #include "key.h"
-#include "key/pubkey.h"
+#include "key/dnskey.h"
 #include "shared.h"
 #include "wire.h"

@@ -382,7 +382,7 @@ gnutls_pk_algorithm_t dnskey_algorithm_to_gnutls(dnssec_key_algorithm_t dnssec)
 /*!
 * Encode public key to the format used in DNSKEY RDATA.
 */
-int pubkey_to_rdata(gnutls_pubkey_t key, dnssec_binary_t *rdata)
+int dnskey_pubkey_to_rdata(gnutls_pubkey_t key, dnssec_binary_t *rdata)
 {
 	assert(key);
 	assert(rdata);
@@ -404,8 +404,8 @@ int pubkey_to_rdata(gnutls_pubkey_t key, dnssec_binary_t *rdata)
 /*!
 * Create public key from the format encoded in DNSKEY RDATA.
 */
-int rdata_to_pubkey(uint8_t algorithm, const dnssec_binary_t *rdata,
-		    gnutls_pubkey_t key)
+int dnskey_rdata_to_pubkey(uint8_t algorithm, const dnssec_binary_t *rdata,
+			   gnutls_pubkey_t key)
 {
 	assert(rdata);
 	assert(key);

--- a/dnssec/lib/key/pubkey.h
+++ b/dnssec/lib/key/pubkey.h
 #pragma once

 #include <gnutls/abstract.h>
+
 #include "binary.h"
 #include "key.h"

@@ -21,7 +22,7 @@ gnutls_pk_algorithm_t dnskey_algorithm_to_gnutls(dnssec_key_algorithm_t dnssec);
 *
 * \return Error code, DNSSEC_EOK if successful.
 */
-int pubkey_to_rdata(gnutls_pubkey_t key, dnssec_binary_t *rdata);
+int dnskey_pubkey_to_rdata(gnutls_pubkey_t key, dnssec_binary_t *rdata);

 /*!
 * Create public key from the format encoded in DNSKEY RDATA.
@@ -32,5 +33,5 @@ int pubkey_to_rdata(gnutls_pubkey_t key, dnssec_binary_t *rdata);
 *
 * \return Error code, DNSSEC_EOK if successful.
 */
-int rdata_to_pubkey(uint8_t algorithm, const dnssec_binary_t *rdata,
-                    gnutls_pubkey_t key);
+int dnskey_rdata_to_pubkey(uint8_t algorithm, const dnssec_binary_t *rdata,
+			   gnutls_pubkey_t key);
--- a/dnssec/lib/key/key.c
+++ b/dnssec/lib/key/key.c
@@ -9,7 +9,8 @@
 #include "key.h"
 #include "key/internal.h"
 #include "key/keytag.h"
-#include "key/pubkey.h"
+#include "key/privkey.h"
+#include "key/dnskey.h"
 #include "shared.h"
 #include "wire.h"

@@ -277,7 +278,7 @@ static int crypto_create_pubkey(const dnssec_binary_t *rdata,
 		return DNSSEC_ENOMEM;
 	}

-	result = rdata_to_pubkey(algorithm, &rdata_pubkey, key);
+	result = dnskey_rdata_to_pubkey(algorithm, &rdata_pubkey, key);
 	if (result != DNSSEC_EOK) {
 		gnutls_pubkey_deinit(key);
 		return result;
@@ -418,83 +419,6 @@ int dnssec_key_set_rdata(dnssec_key_t *key, const dnssec_binary_t *rdata)

 /* -- private key import --------------------------------------------------- */

-static int crypto_privkey_from_pem(const dnssec_binary_t *data,
-				   gnutls_privkey_t *key, dnssec_key_id_t key_id)
-{
-	assert(data);
-	assert(key);
-
-	gnutls_datum_t pem;
-	binary_to_datum(data, &pem);
-
-	// create X.509 private key
-
-	gnutls_x509_privkey_t key_x509 = NULL;
-	int result = gnutls_x509_privkey_init(&key_x509);
-	if (result != GNUTLS_E_SUCCESS) {
-		return DNSSEC_ENOMEM;
-	}
-
-	int format = GNUTLS_X509_FMT_PEM;
-	result = gnutls_x509_privkey_import_pkcs8(key_x509, &pem, format, NULL, 0);
-	if (result != GNUTLS_E_SUCCESS) {
-		gnutls_x509_privkey_deinit(key_x509);
-		return DNSSEC_PKCS8_IMPORT_ERROR;
-	}
-
-	// convert to abstract private key
-
-	gnutls_privkey_t key_abs = NULL;
-	result = gnutls_privkey_init(&key_abs);
-	if (result != GNUTLS_E_SUCCESS) {
-		gnutls_x509_privkey_deinit(key_x509);
-		return DNSSEC_ENOMEM;
-	}
-
-	int flags = GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE;
-	result = gnutls_privkey_import_x509(key_abs, key_x509, flags);
-	if (result != GNUTLS_E_SUCCESS) {
-		gnutls_x509_privkey_deinit(key_x509);
-		gnutls_privkey_deinit(key_abs);
-		return DNSSEC_ENOMEM;
-	}
-
-	// extract keytag
-
-	dnssec_key_id_t id = { 0 };
-	size_t id_size = DNSSEC_KEY_ID_SIZE;
-	gnutls_x509_privkey_get_key_id(key_x509, 0, id, &id_size);
-	assert(id_size == DNSSEC_KEY_ID_SIZE);
-
-	*key = key_abs;
-	dnssec_key_id_copy(id, key_id);
-
-	return DNSSEC_EOK;
-}
-
-static int crypto_pubkey_from_privkey(gnutls_privkey_t privkey,
-				      gnutls_pubkey_t *pubkey)
-{
-	assert(privkey);
-	assert(pubkey);
-
-	gnutls_pubkey_t new_key = NULL;
-	int result = gnutls_pubkey_init(&new_key);
-	if (result != GNUTLS_E_SUCCESS) {
-		return DNSSEC_ENOMEM;
-	}
-
-	result = gnutls_pubkey_import_privkey(new_key, privkey, 0, 0);
-	if (result != GNUTLS_E_SUCCESS) {
-		gnutls_pubkey_deinit(new_key);
-		return DNSSEC_KEY_IMPORT_ERROR;
-	}
-
-	*pubkey = new_key;
-
-	return DNSSEC_EOK;
-}
-
 _public_
 int dnssec_key_load_pkcs8(dnssec_key_t *key, const dnssec_binary_t *pem)
 {
@@ -506,7 +430,7 @@ int dnssec_key_load_pkcs8(dnssec_key_t *key, const dnssec_binary_t *pem)

 	gnutls_privkey_t new_privkey = NULL;
 	dnssec_key_id_t new_key_id = { 0 };
-	int result = crypto_privkey_from_pem(pem, &new_privkey, new_key_id);
+	int result = privkey_from_pem(pem, &new_privkey, new_key_id);
 	if (result != DNSSEC_EOK) {
 		return result;
 	}
@@ -524,14 +448,14 @@ int dnssec_key_load_pkcs8(dnssec_key_t *key, const dnssec_binary_t *pem)
 	// create public key if not present

 	gnutls_pubkey_t new_pubkey = NULL;
-	result = crypto_pubkey_from_privkey(new_privkey, &new_pubkey);
+	result = pubkey_from_privkey(new_privkey, &new_pubkey);
 	if (result != DNSSEC_EOK) {
 		gnutls_privkey_deinit(new_privkey);
 		return result;
 	}

 	_cleanup_binary_ dnssec_binary_t rdata_pubkey = { 0 };
-	result = pubkey_to_rdata(new_pubkey, &rdata_pubkey);
+	result = dnskey_pubkey_to_rdata(new_pubkey, &rdata_pubkey);
 	if (result != DNSSEC_EOK) {
 		gnutls_privkey_deinit(new_privkey);
 		gnutls_pubkey_deinit(new_pubkey);

--- a/dnssec/lib/key/privkey.c
+++ b/dnssec/lib/key/privkey.c
+#include <assert.h>
+#include <gnutls/abstract.h>
+#include <gnutls/gnutls.h>
+
+#include "binary.h"
+#include "error.h"
+#include "key.h"
+#include "key/privkey.h"
+#include "shared.h"
+
+int privkey_from_pem(const dnssec_binary_t *data, gnutls_privkey_t *key,
+		     dnssec_key_id_t key_id)
+{
+	assert(data);
+	assert(key);
+
+	gnutls_datum_t pem;
+	binary_to_datum(data, &pem);
+
+	// create X.509 private key
+
+	gnutls_x509_privkey_t key_x509 = NULL;
+	int result = gnutls_x509_privkey_init(&key_x509);
+	if (result != GNUTLS_E_SUCCESS) {
+		return DNSSEC_ENOMEM;
+	}
+
+	int format = GNUTLS_X509_FMT_PEM;
+	result = gnutls_x509_privkey_import_pkcs8(key_x509, &pem, format, NULL, 0);
+	if (result != GNUTLS_E_SUCCESS) {
+		gnutls_x509_privkey_deinit(key_x509);
+		return DNSSEC_PKCS8_IMPORT_ERROR;
+	}
+
+	// convert to abstract private key
+
+	gnutls_privkey_t key_abs = NULL;
+	result = gnutls_privkey_init(&key_abs);
+	if (result != GNUTLS_E_SUCCESS) {
+		gnutls_x509_privkey_deinit(key_x509);
+		return DNSSEC_ENOMEM;
+	}
+
+	int flags = GNUTLS_PRIVKEY_IMPORT_AUTO_RELEASE;
+	result = gnutls_privkey_import_x509(key_abs, key_x509, flags);
+	if (result != GNUTLS_E_SUCCESS) {
+		gnutls_x509_privkey_deinit(key_x509);
+		gnutls_privkey_deinit(key_abs);
+		return DNSSEC_ENOMEM;
+	}
+
+	// extract keytag
+
+	dnssec_key_id_t id = { 0 };
+	size_t id_size = DNSSEC_KEY_ID_SIZE;
+	gnutls_x509_privkey_get_key_id(key_x509, 0, id, &id_size);
+	assert(id_size == DNSSEC_KEY_ID_SIZE);
+
+	*key = key_abs;
+	dnssec_key_id_copy(id, key_id);
+
+	return DNSSEC_EOK;
+}
+
+int pubkey_from_privkey(gnutls_privkey_t privkey, gnutls_pubkey_t *pubkey)
+{
+	assert(privkey);
+	assert(pubkey);
+
+	gnutls_pubkey_t new_key = NULL;
+	int result = gnutls_pubkey_init(&new_key);
+	if (result != GNUTLS_E_SUCCESS) {
+		return DNSSEC_ENOMEM;
+	}
+
+	result = gnutls_pubkey_import_privkey(new_key, privkey, 0, 0);
+	if (result != GNUTLS_E_SUCCESS) {
+		gnutls_pubkey_deinit(new_key);
+		return DNSSEC_KEY_IMPORT_ERROR;
+	}
+
+	*pubkey = new_key;
+
+	return DNSSEC_EOK;
+}
--- a/dnssec/lib/key/privkey.h
+++ b/dnssec/lib/key/privkey.h
+#pragma once
+
+#include <gnutls/abstract.h>
+
+#include "binary.h"
+#include "key.h"
+
+/*!
+ * Create GnuTLS private key from PKCS #8 in PEM.
+ *
+ * \param[in]  data    Unencrypted PEM.
+ * \param[out] key     Resulting key.
+ * \param[out] key_id  Key id of the created key.
+ *
+ * \return Error code, DNSSEC_EOK if successful.
+ */
+int privkey_from_pem(const dnssec_binary_t *data, gnutls_privkey_t *key,
+		     dnssec_key_id_t key_id);
+
+/*!
+ * Create GnuTLS public key from private key.
+ *
+ * \param[in]  privkey  Private key.
+ * \param[out] pubkey   Created public key.
+ *
+ * \return Error code, DNSSEC_EOK if successful.
+ */
+int pubkey_from_privkey(gnutls_privkey_t privkey, gnutls_pubkey_t *pubkey);