int kr_dnssec_key_match(const uint8_t *key_a_rdata, size_t key_a_rdlen,
const uint8_t *key_b_rdata, size_t key_b_rdlen)
{
dnssec_key_t *key_a = NULL, *key_b = NULL;
int ret = kr_dnssec_key_from_rdata((struct dseckey **)&key_a, NULL, key_a_rdata, key_a_rdlen);
if (ret != 0) {
return ret;
}
ret = kr_dnssec_key_from_rdata((struct dseckey **)&key_b, NULL, key_b_rdata, key_b_rdlen);
if (ret != 0) {
dnssec_key_free(key_a);
return ret;
}
/* If the algorithm and the public key match, we can be sure
* that they are the same key. */
ret = kr_error(ENOENT);
dnssec_binary_t pk_a, pk_b;
if (dnssec_key_get_algorithm(key_a) == dnssec_key_get_algorithm(key_b) &&
dnssec_key_get_pubkey(key_a, &pk_a) == DNSSEC_EOK &&
dnssec_key_get_pubkey(key_b, &pk_b) == DNSSEC_EOK) {
if (pk_a.size == pk_b.size && memcmp(pk_a.data, pk_b.data, pk_a.size) == 0) {
ret = 0;
}
}
dnssec_key_free(key_a);
dnssec_key_free(key_b);
return ret;
}
static int params_to_pem(dnssec_key_t *key, legacy_privkey_t *params, dnssec_binary_t *pem)
{
dnssec_key_algorithm_t algorithm = dnssec_key_get_algorithm(key);
switch (algorithm) {
case DNSSEC_KEY_ALGORITHM_DSA_SHA1:
case DNSSEC_KEY_ALGORITHM_DSA_SHA1_NSEC3:
return dsa_params_to_pem(params, pem);
case DNSSEC_KEY_ALGORITHM_RSA_SHA1:
case DNSSEC_KEY_ALGORITHM_RSA_SHA1_NSEC3:
case DNSSEC_KEY_ALGORITHM_RSA_SHA256:
case DNSSEC_KEY_ALGORITHM_RSA_SHA512:
return rsa_params_to_pem(params, pem);
case DNSSEC_KEY_ALGORITHM_ECDSA_P256_SHA256:
case DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384:
return ecdsa_params_to_pem(key, params, pem);
default:
return DNSSEC_INVALID_KEY_ALGORITHM;
}
}