DST_KEY * dst_dnskey_to_key(const char *in_name, const u_char *rdata, const int len) { DST_KEY *key_st; int alg ; int start = DST_KEY_START; if (rdata == NULL || len <= DST_KEY_ALG) /*%< no data */ return (NULL); alg = (u_int8_t) rdata[DST_KEY_ALG]; if (!dst_check_algorithm(alg)) { /*%< make sure alg is available */ EREPORT(("dst_dnskey_to_key(): Algorithm %d not suppored\n", alg)); return (NULL); } if (in_name == NULL) return (NULL); if ((key_st = dst_s_get_key_struct(in_name, alg, 0, 0, 0)) == NULL) return (NULL); key_st->dk_id = dst_s_dns_key_id(rdata, len); key_st->dk_flags = dst_s_get_int16(rdata); key_st->dk_proto = (u_int16_t) rdata[DST_KEY_PROT]; if (key_st->dk_flags & DST_EXTEND_FLAG) { u_int32_t ext_flags; ext_flags = (u_int32_t) dst_s_get_int16(&rdata[DST_EXT_FLAG]); key_st->dk_flags = key_st->dk_flags | (ext_flags << 16); start += 2; } /* * now point to the begining of the data representing the encoding * of the key */ if (key_st->dk_func && key_st->dk_func->from_dns_key) { if (key_st->dk_func->from_dns_key(key_st, &rdata[start], len - start) > 0) return (key_st); } else EREPORT(("dst_dnskey_to_public_key(): unsuppored alg %d\n", alg)); SAFE_FREE(key_st); return (key_st); }
/* * dst_s_dns_key_id() Function to calculated DNSSEC footprint from KEY record * rdata (all of record) * Input: * dns_key_rdata: the raw data in wire format * rdata_len: the size of the input data * Output: * the key footprint/id calculated from the key data */ u_int16_t dst_s_dns_key_id(const u_char *dns_key_rdata, const unsigned rdata_len) { unsigned key_data = 4; if (!dns_key_rdata || (rdata_len < key_data)) return 0; /* check the extended parameters bit in the DNS Key RR flags */ if (dst_s_get_int16(dns_key_rdata) & DST_EXTEND_FLAG) key_data += 2; /* compute id */ if (dns_key_rdata[3] == KEY_RSA) /* Algorithm RSA */ return dst_s_get_int16((const u_char *) &dns_key_rdata[rdata_len - 3]); else /* compute a checksum on the key part of the key rr */ return dst_s_id_calc(&dns_key_rdata[key_data], (rdata_len - key_data)); }
/*% * dst_s_dns_key_id() Function to calculate DNSSEC footprint from KEY record * rdata * Input: * dns_key_rdata: the raw data in wire format * rdata_len: the size of the input data * Output: * the key footprint/id calculated from the key data */ u_int16_t dst_s_dns_key_id(const u_char *dns_key_rdata, const int rdata_len) { if (!dns_key_rdata) return 0; /* compute id */ if (dns_key_rdata[3] == KEY_RSA) /*%< Algorithm RSA */ return dst_s_get_int16((const u_char *) &dns_key_rdata[rdata_len - 3]); else if (dns_key_rdata[3] == KEY_HMAC_MD5) /* compatibility */ return 0; else /* compute a checksum on the key part of the key rr */ return dst_s_id_calc(dns_key_rdata, rdata_len); }