/** PGP key encoding */
PUBKEY_PGP,
PRIVKEY_PGP,
+ /** DNSKEY encoding */
+ PUBKEY_DNSKEY,
/** ASN.1 DER encoded certificate */
CERT_ASN1_DER,
libstrongswan_dnskey_la_SOURCES = \
dnskey_plugin.h dnskey_plugin.c \
- dnskey_builder.h dnskey_builder.c
+ dnskey_builder.h dnskey_builder.c \
+ dnskey_encoder.h dnskey_encoder.c
libstrongswan_dnskey_la_LDFLAGS = -module -avoid-version
DNSKEY_ALG_RSA_MD5 = 1,
DNSKEY_ALG_DH = 2,
DNSKEY_ALG_DSA = 3,
- DNSKEY_ALG_ECC = 4,
DNSKEY_ALG_RSA_SHA1 = 5,
+ DNSKEY_ALG_DSA_NSEC3_SHA1 = 6,
+ DNSKEY_ALG_RSA_SHA1_NSEC3_SHA1 = 7,
+ DNSKEY_ALG_RSA_SHA256 = 8,
+ DNSKEY_ALG_RSA_SHA512 = 10,
+ DNSKEY_ALG_ECC_GOST = 12,
+ DNSKEY_ALG_ECDSA_P256_SHA256 = 13,
+ DNSKEY_ALG_ECDSA_P384_SHA384 = 14
};
/**
switch (rr->algorithm)
{
+ case DNSKEY_ALG_RSA_MD5:
case DNSKEY_ALG_RSA_SHA1:
+ case DNSKEY_ALG_RSA_SHA1_NSEC3_SHA1:
+ case DNSKEY_ALG_RSA_SHA256:
+ case DNSKEY_ALG_RSA_SHA512:
return lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA,
BUILD_BLOB_DNSKEY, blob, BUILD_END);
default:
--- /dev/null
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "dnskey_encoder.h"
+
+#include <utils/debug.h>
+
+/**
+ * Encode an RSA public key in DNSKEY format (RFC 3110)
+ */
+bool build_pub(chunk_t *encoding, va_list args)
+{
+ chunk_t n, e, pubkey;
+ size_t exp_len;
+ u_char *pos;
+
+ if (cred_encoding_args(args, CRED_PART_RSA_MODULUS, &n,
+ CRED_PART_RSA_PUB_EXP, &e, CRED_PART_END))
+ {
+ /* remove leading zeros in exponent and modulus */
+ while (*e.ptr == 0)
+ {
+ e = chunk_skip(e, 1);
+ }
+ while (*n.ptr == 0)
+ {
+ n = chunk_skip(n, 1);
+ }
+
+ if (e.len < 256)
+ {
+ /* exponent length fits into a single octet */
+ exp_len = 1;
+ pubkey = chunk_alloc(exp_len + e.len + n.len);
+ pubkey.ptr[0] = (char)e.len;
+ }
+ else if (e.len < 65536)
+ {
+ /* exponent length fits into two octets preceded by zero octet */
+ exp_len = 3;
+ pubkey = chunk_alloc(exp_len + e.len + n.len);
+ pubkey.ptr[0] = 0x00;
+ htoun16(pubkey.ptr + 1, e.len);
+ }
+ else
+ {
+ /* exponent length is too large */
+ return FALSE;
+ }
+
+ /* copy exponent and modulus and convert to base64 format */
+ pos = pubkey.ptr + exp_len;
+ memcpy(pos, e.ptr, e.len);
+ pos += e.len;
+ memcpy(pos, n.ptr, n.len);
+ *encoding = chunk_to_base64(pubkey, NULL);
+ chunk_free(&pubkey);
+
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
+ * See header.
+ */
+bool dnskey_encoder_encode(cred_encoding_type_t type, chunk_t *encoding,
+ va_list args)
+{
+ switch (type)
+ {
+ case PUBKEY_DNSKEY:
+ return build_pub(encoding, args);
+ default:
+ return FALSE;
+ }
+}
+
+
--- /dev/null
+/*
+ * Copyright (C) 2013 Andreas Steffen
+ * HSR Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup dnskey_encoder dnskey_encoder
+ * @{ @ingroup dnskey
+ */
+
+#ifndef DNSKEY_ENCODER_H_
+#define DNSKEY_ENCODER_H_
+
+#include <credentials/cred_encoding.h>
+
+/**
+ * Encoding function for DNSKEY (RFC 3110) public key format.
+ */
+bool dnskey_encoder_encode(cred_encoding_type_t type, chunk_t *encoding,
+ va_list args);
+
+#endif /** DNSKEY_ENCODER_H_ @}*/
#include <library.h>
#include "dnskey_builder.h"
+#include "dnskey_encoder.h"
typedef struct private_dnskey_plugin_t private_dnskey_plugin_t;
METHOD(plugin_t, destroy, void,
private_dnskey_plugin_t *this)
{
+ lib->encoding->remove_encoder(lib->encoding, dnskey_encoder_encode);
+
free(this);
}
},
);
+ lib->encoding->add_encoder(lib->encoding, dnskey_encoder_encode);
+
return &this->public.plugin;
}
pub, 'p', "pub",
"extract the public key from a private key/certificate",
{"[--in file|--keyid hex] [--type rsa|ecdsa|pkcs10|x509]",
- "[--outform der|pem|pgp]"},
+ "[--outform der|pem|pgp|dnskey]"},
{
{"help", 'h', 0, "show usage information"},
{"in", 'i', 1, "input file, default: stdin"},
return FALSE;
}
}
+ else if (streq(form, "dnskey"))
+ {
+ switch (type)
+ {
+ case CRED_PUBLIC_KEY:
+ *enc =PUBKEY_DNSKEY;
+ return TRUE;
+ default:
+ return FALSE;
+ }
+ }
return FALSE;
}