1 /* $NetBSD: dnskey_48.c,v 1.7 2014/12/10 04:37:59 christos Exp $ */
2
3 /*
4 * Copyright (C) 2004, 2005, 2007, 2009, 2011-2013 Internet Systems Consortium, Inc. ("ISC")
5 * Copyright (C) 2003 Internet Software Consortium.
6 *
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
10 *
11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 * PERFORMANCE OF THIS SOFTWARE.
18 */
19
20 /* Id */
21
22 /*
23 * Reviewed: Wed Mar 15 16:47:10 PST 2000 by halley.
24 */
25
26 /* RFC2535 */
27
28 #ifndef RDATA_GENERIC_DNSKEY_48_C
29 #define RDATA_GENERIC_DNSKEY_48_C
30
31 #include <dst/dst.h>
32
33 #define RRTYPE_DNSKEY_ATTRIBUTES (DNS_RDATATYPEATTR_DNSSEC)
34
35 static inline isc_result_t
fromtext_dnskey(ARGS_FROMTEXT)36 fromtext_dnskey(ARGS_FROMTEXT) {
37 isc_result_t result;
38 isc_token_t token;
39 dns_secalg_t alg;
40 dns_secproto_t proto;
41 dns_keyflags_t flags;
42
43 REQUIRE(type == 48);
44
45 UNUSED(type);
46 UNUSED(rdclass);
47 UNUSED(origin);
48 UNUSED(options);
49 UNUSED(callbacks);
50
51 /* flags */
52 RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
53 ISC_FALSE));
54 RETTOK(dns_keyflags_fromtext(&flags, &token.value.as_textregion));
55 RETERR(uint16_tobuffer(flags, target));
56
57 /* protocol */
58 RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
59 ISC_FALSE));
60 RETTOK(dns_secproto_fromtext(&proto, &token.value.as_textregion));
61 RETERR(mem_tobuffer(target, &proto, 1));
62
63 /* algorithm */
64 RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
65 ISC_FALSE));
66 RETTOK(dns_secalg_fromtext(&alg, &token.value.as_textregion));
67 RETERR(mem_tobuffer(target, &alg, 1));
68
69 /* No Key? */
70 if ((flags & 0xc000) == 0xc000)
71 return (ISC_R_SUCCESS);
72
73 result = isc_base64_tobuffer(lexer, target, -1);
74 if (result != ISC_R_SUCCESS)
75 return (result);
76
77 /* Ensure there's at least enough data to compute a key ID for MD5 */
78 if (alg == DST_ALG_RSAMD5 && isc_buffer_usedlength(target) < 7)
79 return (ISC_R_UNEXPECTEDEND);
80
81 return (ISC_R_SUCCESS);
82 }
83
84 static inline isc_result_t
totext_dnskey(ARGS_TOTEXT)85 totext_dnskey(ARGS_TOTEXT) {
86 isc_region_t sr;
87 char buf[sizeof("[key id = 64000]")];
88 unsigned int flags;
89 unsigned char algorithm;
90 char algbuf[DNS_NAME_FORMATSIZE];
91 const char *keyinfo;
92 isc_region_t tmpr;
93
94 REQUIRE(rdata->type == 48);
95 REQUIRE(rdata->length != 0);
96
97 dns_rdata_toregion(rdata, &sr);
98
99 /* flags */
100 flags = uint16_fromregion(&sr);
101 isc_region_consume(&sr, 2);
102 sprintf(buf, "%u", flags);
103 RETERR(str_totext(buf, target));
104 RETERR(str_totext(" ", target));
105 if ((flags & DNS_KEYFLAG_KSK) != 0) {
106 if (flags & DNS_KEYFLAG_REVOKE)
107 keyinfo = "revoked KSK";
108 else
109 keyinfo = "KSK";
110 } else
111 keyinfo = "ZSK";
112
113 /* protocol */
114 sprintf(buf, "%u", sr.base[0]);
115 isc_region_consume(&sr, 1);
116 RETERR(str_totext(buf, target));
117 RETERR(str_totext(" ", target));
118
119 /* algorithm */
120 algorithm = sr.base[0];
121 sprintf(buf, "%u", algorithm);
122 isc_region_consume(&sr, 1);
123 RETERR(str_totext(buf, target));
124
125 /* No Key? */
126 if ((flags & 0xc000) == 0xc000)
127 return (ISC_R_SUCCESS);
128
129 if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0 &&
130 algorithm == DNS_KEYALG_PRIVATEDNS) {
131 dns_name_t name;
132 dns_name_init(&name, NULL);
133 dns_name_fromregion(&name, &sr);
134 dns_name_format(&name, algbuf, sizeof(algbuf));
135 } else {
136 dns_secalg_format((dns_secalg_t) algorithm, algbuf,
137 sizeof(algbuf));
138 }
139
140 /* key */
141 if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
142 RETERR(str_totext(" (", target));
143 RETERR(str_totext(tctx->linebreak, target));
144
145 if ((tctx->flags & DNS_STYLEFLAG_NOCRYPTO) == 0) {
146 if (tctx->width == 0) /* No splitting */
147 RETERR(isc_base64_totext(&sr, 0, "", target));
148 else
149 RETERR(isc_base64_totext(&sr, tctx->width - 2,
150 tctx->linebreak, target));
151 } else {
152 dns_rdata_toregion(rdata, &tmpr);
153 snprintf(buf, sizeof(buf), "[key id = %u]",
154 dst_region_computeid(&tmpr, algorithm));
155 RETERR(str_totext(buf, target));
156 }
157
158 if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0)
159 RETERR(str_totext(tctx->linebreak, target));
160 else if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
161 RETERR(str_totext(" ", target));
162
163 if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
164 RETERR(str_totext(")", target));
165
166 if ((tctx->flags & DNS_STYLEFLAG_RRCOMMENT) != 0) {
167
168 RETERR(str_totext(" ; ", target));
169 RETERR(str_totext(keyinfo, target));
170 RETERR(str_totext("; alg = ", target));
171 RETERR(str_totext(algbuf, target));
172 RETERR(str_totext("; key id = ", target));
173 dns_rdata_toregion(rdata, &tmpr);
174 sprintf(buf, "%u", dst_region_computeid(&tmpr, algorithm));
175 RETERR(str_totext(buf, target));
176 }
177 return (ISC_R_SUCCESS);
178 }
179
180 static inline isc_result_t
fromwire_dnskey(ARGS_FROMWIRE)181 fromwire_dnskey(ARGS_FROMWIRE) {
182 unsigned char algorithm;
183 isc_region_t sr;
184
185 REQUIRE(type == 48);
186
187 UNUSED(type);
188 UNUSED(rdclass);
189 UNUSED(dctx);
190 UNUSED(options);
191
192 isc_buffer_activeregion(source, &sr);
193 if (sr.length < 4)
194 return (ISC_R_UNEXPECTEDEND);
195
196 algorithm = sr.base[3];
197 RETERR(mem_tobuffer(target, sr.base, 4));
198 isc_region_consume(&sr, 4);
199 isc_buffer_forward(source, 4);
200
201 if (algorithm == DNS_KEYALG_PRIVATEDNS) {
202 dns_name_t name;
203 dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE);
204 dns_name_init(&name, NULL);
205 RETERR(dns_name_fromwire(&name, source, dctx, options, target));
206 }
207
208 /*
209 * RSAMD5 computes key ID differently from other
210 * algorithms: we need to ensure there's enough data
211 * present for the computation
212 */
213 if (algorithm == DST_ALG_RSAMD5 && sr.length < 3)
214 return (ISC_R_UNEXPECTEDEND);
215
216 isc_buffer_activeregion(source, &sr);
217 isc_buffer_forward(source, sr.length);
218 return (mem_tobuffer(target, sr.base, sr.length));
219 }
220
221 static inline isc_result_t
towire_dnskey(ARGS_TOWIRE)222 towire_dnskey(ARGS_TOWIRE) {
223 isc_region_t sr;
224
225 REQUIRE(rdata->type == 48);
226 REQUIRE(rdata->length != 0);
227
228 UNUSED(cctx);
229
230 dns_rdata_toregion(rdata, &sr);
231 return (mem_tobuffer(target, sr.base, sr.length));
232 }
233
234 static inline int
compare_dnskey(ARGS_COMPARE)235 compare_dnskey(ARGS_COMPARE) {
236 isc_region_t r1;
237 isc_region_t r2;
238
239 REQUIRE(rdata1->type == rdata2->type);
240 REQUIRE(rdata1->rdclass == rdata2->rdclass);
241 REQUIRE(rdata1->type == 48);
242 REQUIRE(rdata1->length != 0);
243 REQUIRE(rdata2->length != 0);
244
245 dns_rdata_toregion(rdata1, &r1);
246 dns_rdata_toregion(rdata2, &r2);
247 return (isc_region_compare(&r1, &r2));
248 }
249
250 static inline isc_result_t
fromstruct_dnskey(ARGS_FROMSTRUCT)251 fromstruct_dnskey(ARGS_FROMSTRUCT) {
252 dns_rdata_dnskey_t *dnskey = source;
253
254 REQUIRE(type == 48);
255 REQUIRE(source != NULL);
256 REQUIRE(dnskey->common.rdtype == type);
257 REQUIRE(dnskey->common.rdclass == rdclass);
258
259 UNUSED(type);
260 UNUSED(rdclass);
261
262 /* Flags */
263 RETERR(uint16_tobuffer(dnskey->flags, target));
264
265 /* Protocol */
266 RETERR(uint8_tobuffer(dnskey->protocol, target));
267
268 /* Algorithm */
269 RETERR(uint8_tobuffer(dnskey->algorithm, target));
270
271 /* Data */
272 return (mem_tobuffer(target, dnskey->data, dnskey->datalen));
273 }
274
275 static inline isc_result_t
tostruct_dnskey(ARGS_TOSTRUCT)276 tostruct_dnskey(ARGS_TOSTRUCT) {
277 dns_rdata_dnskey_t *dnskey = target;
278 isc_region_t sr;
279
280 REQUIRE(rdata->type == 48);
281 REQUIRE(target != NULL);
282 REQUIRE(rdata->length != 0);
283
284 dnskey->common.rdclass = rdata->rdclass;
285 dnskey->common.rdtype = rdata->type;
286 ISC_LINK_INIT(&dnskey->common, link);
287
288 dns_rdata_toregion(rdata, &sr);
289
290 /* Flags */
291 if (sr.length < 2)
292 return (ISC_R_UNEXPECTEDEND);
293 dnskey->flags = uint16_fromregion(&sr);
294 isc_region_consume(&sr, 2);
295
296 /* Protocol */
297 if (sr.length < 1)
298 return (ISC_R_UNEXPECTEDEND);
299 dnskey->protocol = uint8_fromregion(&sr);
300 isc_region_consume(&sr, 1);
301
302 /* Algorithm */
303 if (sr.length < 1)
304 return (ISC_R_UNEXPECTEDEND);
305 dnskey->algorithm = uint8_fromregion(&sr);
306 isc_region_consume(&sr, 1);
307
308 /* Data */
309 dnskey->datalen = sr.length;
310 dnskey->data = mem_maybedup(mctx, sr.base, dnskey->datalen);
311 if (dnskey->data == NULL)
312 return (ISC_R_NOMEMORY);
313
314 dnskey->mctx = mctx;
315 return (ISC_R_SUCCESS);
316 }
317
318 static inline void
freestruct_dnskey(ARGS_FREESTRUCT)319 freestruct_dnskey(ARGS_FREESTRUCT) {
320 dns_rdata_dnskey_t *dnskey = (dns_rdata_dnskey_t *) source;
321
322 REQUIRE(source != NULL);
323 REQUIRE(dnskey->common.rdtype == 48);
324
325 if (dnskey->mctx == NULL)
326 return;
327
328 if (dnskey->data != NULL)
329 isc_mem_free(dnskey->mctx, dnskey->data);
330 dnskey->mctx = NULL;
331 }
332
333 static inline isc_result_t
additionaldata_dnskey(ARGS_ADDLDATA)334 additionaldata_dnskey(ARGS_ADDLDATA) {
335 REQUIRE(rdata->type == 48);
336
337 UNUSED(rdata);
338 UNUSED(add);
339 UNUSED(arg);
340
341 return (ISC_R_SUCCESS);
342 }
343
344 static inline isc_result_t
digest_dnskey(ARGS_DIGEST)345 digest_dnskey(ARGS_DIGEST) {
346 isc_region_t r;
347
348 REQUIRE(rdata->type == 48);
349
350 dns_rdata_toregion(rdata, &r);
351
352 return ((digest)(arg, &r));
353 }
354
355 static inline isc_boolean_t
checkowner_dnskey(ARGS_CHECKOWNER)356 checkowner_dnskey(ARGS_CHECKOWNER) {
357
358 REQUIRE(type == 48);
359
360 UNUSED(name);
361 UNUSED(type);
362 UNUSED(rdclass);
363 UNUSED(wildcard);
364
365 return (ISC_TRUE);
366 }
367
368 static inline isc_boolean_t
checknames_dnskey(ARGS_CHECKNAMES)369 checknames_dnskey(ARGS_CHECKNAMES) {
370
371 REQUIRE(rdata->type == 48);
372
373 UNUSED(rdata);
374 UNUSED(owner);
375 UNUSED(bad);
376
377 return (ISC_TRUE);
378 }
379
380 static inline int
casecompare_dnskey(ARGS_COMPARE)381 casecompare_dnskey(ARGS_COMPARE) {
382
383 /*
384 * Treat ALG 253 (private DNS) subtype name case sensistively.
385 */
386 return (compare_dnskey(rdata1, rdata2));
387 }
388
389 #endif /* RDATA_GENERIC_DNSKEY_48_C */
390