[dnssec] cleanup after keystore API abstraction

099081fe · Jan Včelák · 085541f5 · 099081fe · 099081fe · 099081fe
Commit 099081fe authored 11 years ago by Jan Včelák
--- a/dnssec/Makefile.am
+++ b/dnssec/Makefile.am
@@ -40,6 +40,8 @@ libdnssec_la_SOURCES = \
 	lib/key/keyid.h \
 	lib/key/keytag.c \
 	lib/key/keytag.h \
+	lib/key/privkey.c \
+	lib/key/privkey.h \
 	lib/key/simple.c \
 	lib/keystore/internal.h \
 	lib/keystore/keystore.c \
@@ -48,8 +50,6 @@ libdnssec_la_SOURCES = \
 	lib/keystore/pkcs11.c \
 	lib/keystore/pkcs8.c \
 	lib/keystore/pkcs8_dir.c \
-	lib/keystore/public.c \
-	lib/keystore/public.h \
 	lib/nsec/bitmap.c \
 	lib/nsec/hash.c \
 	lib/random.c \

--- a/dnssec/lib/dnssec/nsec.h
+++ b/dnssec/lib/dnssec/nsec.h
@@ -36,7 +36,7 @@ void dnssec_nsec3_params_free(dnssec_nsec3_params_t *params);
 * \param params  Output parameters.
 * \param rdata   NSEC3PARAM RDATA.
 *
- * \return Error code, KNOT_EOK if successful.
+ * \return Error code, DNSSEC_EOK if successful.
 */
 int dnssec_nsec3_params_from_rdata(dnssec_nsec3_params_t *params,
 				   const dnssec_binary_t *rdata);
@@ -50,7 +50,7 @@ int dnssec_nsec3_params_from_rdata(dnssec_nsec3_params_t *params,
 * \param[in]  params  NSEC3 parameters.
 * \param[out] hash    Computed hash (will be allocated or resized).
 *
- * \return Error code, KNOT_EOK if successful.
+ * \return Error code, DNSSEC_EOK if successful.
 */
 int dnssec_nsec3_hash(const dnssec_binary_t *data,
 		      const dnssec_nsec3_params_t *params,

--- a/dnssec/lib/key/dnskey.c
+++ b/dnssec/lib/key/dnskey.c
@@ -64,87 +64,3 @@ int dnskey_rdata_to_crypto_key(const dnssec_binary_t *rdata, gnutls_pubkey_t *ke

 	return DNSSEC_EOK;
 }
-
-/* -- move to some other place API ----------------------------------------- */
-#warning "Move this to some proper place..."
-
-#include "key/internal.h"
-#include "key/algorithm.h"
-#include "keystore/public.h"
-
-static int create_public_key(gnutls_privkey_t privkey,
-			     gnutls_pubkey_t *pubkey_ptr,
-			     dnssec_binary_t *rdata)
-{
-	assert(privkey);
-	assert(pubkey_ptr);
-	assert(rdata);
-
-	// crypto public key
-
-	gnutls_pubkey_t pubkey = NULL;
-	int result = public_from_private(privkey, &pubkey);
-	if (result != DNSSEC_EOK) {
-		return result;
-	}
-
-	// dnssec public key
-
-	_cleanup_binary_ dnssec_binary_t rdata_pubkey = { 0 };
-	result = convert_pubkey_to_dnskey(pubkey, &rdata_pubkey);
-	if (result != DNSSEC_EOK) {
-		gnutls_pubkey_deinit(pubkey);
-		return result;
-	}
-
-	size_t rdata_size = DNSKEY_RDATA_OFFSET_PUBKEY + rdata_pubkey.size;
-	result = dnssec_binary_resize(rdata, rdata_size);
-	if (result != DNSSEC_EOK) {
-		gnutls_pubkey_deinit(pubkey);
-		return result;
-	}
-
-	// updated RDATA
-
-	wire_ctx_t wire = wire_init_binary(rdata);
-	wire_seek(&wire, DNSKEY_RDATA_OFFSET_PUBKEY);
-	wire_write_binary(&wire, &rdata_pubkey);
-	assert(wire_tell(&wire) == rdata->size);
-
-	*pubkey_ptr = pubkey;
-
-	return DNSSEC_EOK;
-}
-
-static bool valid_algorithm(dnssec_key_t *key, gnutls_privkey_t privkey)
-{
-	uint8_t current_algorithm = 0;
-	dnssec_key_get_algorithm(key, &current_algorithm);
-	int gnu_algorithm = gnutls_privkey_get_pk_algorithm(privkey, NULL);
-
-	return (gnu_algorithm == algorithm_to_gnutls(current_algorithm));
-}
-
-int key_set_private_key(dnssec_key_t *key, gnutls_privkey_t privkey)
-{
-	assert(key);
-	assert(privkey);
-	assert(key->private_key == NULL);
-
-	if (!valid_algorithm(key, privkey)) {
-		return DNSSEC_INVALID_KEY_ALGORITHM;
-	}
-
-	if (!key->public_key) {
-		int r = create_public_key(privkey, &key->public_key, &key->rdata);
-		if (r != DNSSEC_EOK) {
-			return r;
-		}
-
-		key_update_identifiers(key);
-	}
-
-	key->private_key = privkey;
-
-	return DNSSEC_EOK;
-}
--- a/dnssec/lib/key/dnskey.h
+++ b/dnssec/lib/key/dnskey.h
@@ -28,6 +28,3 @@ int dnskey_rdata_set_pubkey(dnssec_binary_t *rdata,
 */
 int dnskey_rdata_to_crypto_key(const dnssec_binary_t *rdata,
 			       gnutls_pubkey_t *key_ptr);
-
-#include "key.h"
-int key_set_private_key(dnssec_key_t *key, gnutls_privkey_t privkey);
--- a/dnssec/lib/key/privkey.c
+++ b/dnssec/lib/key/privkey.c
+#include <gnutls/abstract.h>
+#include <gnutls/gnutls.h>
+
+#include "binary.h"
+#include "error.h"
+#include "key/algorithm.h"
+#include "key/convert.h"
+#include "key/dnskey.h"
+#include "key/internal.h"
+#include "key/privkey.h"
+#include "shared.h"
+#include "wire.h"
+
+/* -- internal functions --------------------------------------------------- */
+
+/*!
+ * Check if the algorithm number is valid for given DNSKEY.
+ */
+static bool valid_algorithm(dnssec_key_t *key, gnutls_privkey_t privkey)
+{
+	uint8_t current_algorithm = 0;
+	dnssec_key_get_algorithm(key, &current_algorithm);
+	int gnu_algorithm = gnutls_privkey_get_pk_algorithm(privkey, NULL);
+
+	return (gnu_algorithm == algorithm_to_gnutls(current_algorithm));
+}
+
+/*!
+ * Create GnuTLS public key from private key.
+ */
+static int public_from_private(gnutls_privkey_t privkey, gnutls_pubkey_t *pubkey)
+{
+	assert(privkey);
+	assert(pubkey);
+
+	gnutls_pubkey_t new_key = NULL;
+	int result = gnutls_pubkey_init(&new_key);
+	if (result != GNUTLS_E_SUCCESS) {
+		return DNSSEC_ENOMEM;
+	}
+
+	result = gnutls_pubkey_import_privkey(new_key, privkey, 0, 0);
+	if (result != GNUTLS_E_SUCCESS) {
+		gnutls_pubkey_deinit(new_key);
+		return DNSSEC_KEY_IMPORT_ERROR;
+	}
+
+	*pubkey = new_key;
+
+	return DNSSEC_EOK;
+}
+
+/*!
+ * Create public key (GnuTLS and DNSKEY RDATA) from a private key.
+ */
+static int create_public_key(gnutls_privkey_t privkey,
+			     gnutls_pubkey_t *pubkey_ptr,
+			     dnssec_binary_t *rdata)
+{
+	assert(privkey);
+	assert(pubkey_ptr);
+	assert(rdata);
+
+	// crypto public key
+
+	gnutls_pubkey_t pubkey = NULL;
+	int result = public_from_private(privkey, &pubkey);
+	if (result != DNSSEC_EOK) {
+		return result;
+	}
+
+	// dnssec public key
+
+	_cleanup_binary_ dnssec_binary_t rdata_pubkey = { 0 };
+	result = convert_pubkey_to_dnskey(pubkey, &rdata_pubkey);
+	if (result != DNSSEC_EOK) {
+		gnutls_pubkey_deinit(pubkey);
+		return result;
+	}
+
+	size_t rdata_size = DNSKEY_RDATA_OFFSET_PUBKEY + rdata_pubkey.size;
+	result = dnssec_binary_resize(rdata, rdata_size);
+	if (result != DNSSEC_EOK) {
+		gnutls_pubkey_deinit(pubkey);
+		return result;
+	}
+
+	// updated RDATA
+
+	wire_ctx_t wire = wire_init_binary(rdata);
+	wire_seek(&wire, DNSKEY_RDATA_OFFSET_PUBKEY);
+	wire_write_binary(&wire, &rdata_pubkey);
+	assert(wire_tell(&wire) == rdata->size);
+
+	*pubkey_ptr = pubkey;
+
+	return DNSSEC_EOK;
+}
+
+/* -- internal API --------------------------------------------------------- */
+
+/*!
+ * Load a private key into a DNSSEC key, create a public part if necessary.
+ */
+int key_set_private_key(dnssec_key_t *key, gnutls_privkey_t privkey)
+{
+	assert(key);
+	assert(privkey);
+	assert(key->private_key == NULL);
+
+	if (!valid_algorithm(key, privkey)) {
+		return DNSSEC_INVALID_KEY_ALGORITHM;
+	}
+
+	if (!key->public_key) {
+		int r = create_public_key(privkey, &key->public_key, &key->rdata);
+		if (r != DNSSEC_EOK) {
+			return r;
+		}
+
+		key_update_identifiers(key);
+	}
+
+	key->private_key = privkey;
+
+	return DNSSEC_EOK;
+}
--- a/dnssec/lib/key/privkey.h
+++ b/dnssec/lib/key/privkey.h
+#pragma once
+
+#include <gnutls/abstract.h>
+
+#include "key.h"
+
+/*!
+ * Load a private key into a DNSSEC key, create a public part if necessary.
+ *
+ * If the public key is not loaded, at least an algorithm must be set.
+ *
+ * Updates private key, public key, RDATA, and key identifiers.
+ *
+ * \param key      DNSSEC key to be updated.
+ * \param privkey  Private key to be set.
+ *
+ * \return Error code, DNSSEC_EOK if successful.
+ */
+int key_set_private_key(dnssec_key_t *key, gnutls_privkey_t privkey);
--- a/dnssec/lib/key/simple.c
+++ b/dnssec/lib/key/simple.c
@@ -6,9 +6,15 @@
 #include "key.h"
 #include "key/dnskey.h"
 #include "key/internal.h"
+#include "key/privkey.h"
 #include "keystore/pem.h"
 #include "shared.h"

+/* -- internal functions --------------------------------------------------- */
+
+/*!
+ * Check if DNSKEY has and algorithm set.
+ */
 static bool has_algorithm(dnssec_key_t *key)
 {
 	assert(key);

--- a/dnssec/lib/keystore/keystore.c
+++ b/dnssec/lib/keystore/keystore.c
@@ -7,9 +7,9 @@
 #include "key/dnskey.h"
 #include "key/internal.h"
 #include "key/keyid.h"
+#include "key/privkey.h"
 #include "keystore.h"
 #include "keystore/internal.h"
-#include "keystore/public.h"
 #include "shared.h"
 #include "wire.h"


--- a/dnssec/lib/keystore/public.c
+++ b/dnssec/lib/keystore/public.c
-#include <gnutls/abstract.h>
-#include <gnutls/gnutls.h>
-
-#include "error.h"
-#include "shared.h"
-
-int public_from_private(gnutls_privkey_t privkey, gnutls_pubkey_t *pubkey)
-{
-	assert(privkey);
-	assert(pubkey);
-
-	gnutls_pubkey_t new_key = NULL;
-	int result = gnutls_pubkey_init(&new_key);
-	if (result != GNUTLS_E_SUCCESS) {
-		return DNSSEC_ENOMEM;
-	}
-
-	result = gnutls_pubkey_import_privkey(new_key, privkey, 0, 0);
-	if (result != GNUTLS_E_SUCCESS) {
-		gnutls_pubkey_deinit(new_key);
-		return DNSSEC_KEY_IMPORT_ERROR;
-	}
-
-	*pubkey = new_key;
-
-	return DNSSEC_EOK;
-}
--- a/dnssec/lib/keystore/public.h
+++ b/dnssec/lib/keystore/public.h
-#pragma once
-
-#include <gnutls/abstract.h>
-
-/*!
- * Create GnuTLS public key from private key.
- *
- * \param[in]  privkey  Private key.
- * \param[out] pubkey   Created public key.
- *
- * \return Error code, DNSSEC_EOK if successful.
- */
-int public_from_private(gnutls_privkey_t privkey, gnutls_pubkey_t *pubkey);
--- a/dnssec/lib/sign/sign.c
+++ b/dnssec/lib/sign/sign.c
@@ -19,7 +19,7 @@
 * \param from  Data in source format.
 * \param to    Allocated data in target format.
 *
- * \return Error code, KNOT_EOK if successful.
+ * \return Error code, DNSSEC_EOK if successful.
 */
 typedef int (*signature_convert_cb)(dnssec_sign_ctx_t *ctx,
 				    const dnssec_binary_t *from,