Go to the documentation of this file.00001
00002
00003
00004
00005
00006
00007
00008
00009
00010
00011
00012
00013
00014
00015
00016
00017
00018
00019
00020
00021
00022
00023
00024
00025
00026
00027
00028
00034 #include "shared/hsm.h"
00035 #include "shared/log.h"
00036
00037 static const char* hsm_str = "hsm";
00038
00039
00044 ods_status
00045 lhsm_get_key(hsm_ctx_t* ctx, ldns_rdf* owner, key_type* key_id)
00046 {
00047 char *error = NULL;
00048
00049 if (!owner || !key_id) {
00050 ods_log_error("[%s] unable to get key: missing required elements",
00051 hsm_str);
00052 return ODS_STATUS_ASSERT_ERR;
00053 }
00054 ods_log_assert(owner);
00055 ods_log_assert(key_id);
00056
00057
00058 if (!key_id->params) {
00059 key_id->params = hsm_sign_params_new();
00060 if (key_id->params) {
00061 key_id->params->owner = ldns_rdf_clone(owner);
00062 key_id->params->algorithm = key_id->algorithm;
00063 key_id->params->flags = key_id->flags;
00064 } else {
00065
00066 error = hsm_get_error(ctx);
00067 if (error) {
00068 ods_log_error("[%s] %s", hsm_str, error);
00069 free((void*)error);
00070 }
00071 ods_log_error("[%s] unable to get key: create params for key %s "
00072 "failed", hsm_str, key_id->locator?key_id->locator:"(null)");
00073 return ODS_STATUS_ERR;
00074 }
00075 }
00076
00077
00078 if (!key_id->hsmkey) {
00079 key_id->hsmkey = hsm_find_key_by_id(ctx, key_id->locator);
00080 }
00081 if (!key_id->hsmkey) {
00082 error = hsm_get_error(ctx);
00083 if (error) {
00084 ods_log_error("[%s] %s", hsm_str, error);
00085 free((void*)error);
00086 }
00087
00088 ods_log_error("[%s] unable to get key: key %s not found", hsm_str,
00089 key_id->locator?key_id->locator:"(null)");
00090 return ODS_STATUS_ERR;
00091 }
00092
00093
00094 if (!key_id->dnskey) {
00095 key_id->dnskey = hsm_get_dnskey(ctx, key_id->hsmkey, key_id->params);
00096 }
00097 if (!key_id->dnskey) {
00098 error = hsm_get_error(ctx);
00099 if (error) {
00100 ods_log_error("[%s] %s", hsm_str, error);
00101 free((void*)error);
00102 }
00103 ods_log_error("[%s] unable to get key: hsm failed to create dnskey",
00104 hsm_str);
00105 return ODS_STATUS_ERR;
00106 }
00107 key_id->params->keytag = ldns_calc_keytag(key_id->dnskey);
00108 return ODS_STATUS_OK;
00109 }
00110
00115 ldns_rr*
00116 lhsm_sign(hsm_ctx_t* ctx, ldns_rr_list* rrset, key_type* key_id,
00117 ldns_rdf* owner, time_t inception, time_t expiration)
00118 {
00119 ods_status status = ODS_STATUS_OK;
00120 char* error = NULL;
00121 ldns_rr* result = NULL;
00122 hsm_sign_params_t* params = NULL;
00123
00124 if (!owner || !key_id || !rrset || !inception || !expiration) {
00125 ods_log_error("[%s] unable to sign: missing required elements",
00126 hsm_str);
00127 return NULL;
00128 }
00129 ods_log_assert(owner);
00130 ods_log_assert(key_id);
00131 ods_log_assert(rrset);
00132 ods_log_assert(inception);
00133 ods_log_assert(expiration);
00134
00135 if (!key_id->dnskey) {
00136 status = lhsm_get_key(ctx, owner, key_id);
00137 if (status != ODS_STATUS_OK) {
00138 error = hsm_get_error(ctx);
00139 if (error) {
00140 ods_log_error("[%s] %s", hsm_str, error);
00141 free((void*)error);
00142 }
00143 ods_log_error("[%s] unable to sign: get key failed", hsm_str);
00144 return NULL;
00145 }
00146 }
00147 ods_log_assert(key_id->dnskey);
00148 ods_log_assert(key_id->hsmkey);
00149 ods_log_assert(key_id->params);
00150
00151 params = hsm_sign_params_new();
00152 params->owner = ldns_rdf_clone(key_id->params->owner);
00153 params->algorithm = key_id->algorithm;
00154 params->flags = key_id->flags;
00155 params->inception = inception;
00156 params->expiration = expiration;
00157 params->keytag = ldns_calc_keytag(key_id->dnskey);
00158 ods_log_debug("[%s] sign RRset[%i] with key %s tag %u", hsm_str,
00159 ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)),
00160 key_id->locator?key_id->locator:"(null)", params->keytag);
00161 result = hsm_sign_rrset(ctx, rrset, key_id->hsmkey, params);
00162 hsm_sign_params_free(params);
00163
00164 if (!result) {
00165 error = hsm_get_error(ctx);
00166 if (error) {
00167 ods_log_error("[%s] %s", hsm_str, error);
00168 free((void*)error);
00169 }
00170 }
00171 return result;
00172 }