1 /*	$NetBSD: cert_37.c,v 1.8 2022/09/23 12:15:31 christos Exp $	*/
2 
3 /*
4  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
5  *
6  * SPDX-License-Identifier: MPL-2.0
7  *
8  * This Source Code Form is subject to the terms of the Mozilla Public
9  * License, v. 2.0. If a copy of the MPL was not distributed with this
10  * file, you can obtain one at https://mozilla.org/MPL/2.0/.
11  *
12  * See the COPYRIGHT file distributed with this work for additional
13  * information regarding copyright ownership.
14  */
15 
16 /* RFC2538 */
17 
18 #ifndef RDATA_GENERIC_CERT_37_C
19 #define RDATA_GENERIC_CERT_37_C
20 
21 #define RRTYPE_CERT_ATTRIBUTES (0)
22 
23 static isc_result_t
fromtext_cert(ARGS_FROMTEXT)24 fromtext_cert(ARGS_FROMTEXT) {
25 	isc_token_t token;
26 	dns_secalg_t secalg;
27 	dns_cert_t cert;
28 
29 	REQUIRE(type == dns_rdatatype_cert);
30 
31 	UNUSED(type);
32 	UNUSED(rdclass);
33 	UNUSED(origin);
34 	UNUSED(options);
35 	UNUSED(callbacks);
36 
37 	/*
38 	 * Cert type.
39 	 */
40 	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
41 				      false));
42 	RETTOK(dns_cert_fromtext(&cert, &token.value.as_textregion));
43 	RETERR(uint16_tobuffer(cert, target));
44 
45 	/*
46 	 * Key tag.
47 	 */
48 	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
49 				      false));
50 	if (token.value.as_ulong > 0xffffU) {
51 		RETTOK(ISC_R_RANGE);
52 	}
53 	RETERR(uint16_tobuffer(token.value.as_ulong, target));
54 
55 	/*
56 	 * Algorithm.
57 	 */
58 	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string,
59 				      false));
60 	RETTOK(dns_secalg_fromtext(&secalg, &token.value.as_textregion));
61 	RETERR(mem_tobuffer(target, &secalg, 1));
62 
63 	return (isc_base64_tobuffer(lexer, target, -2));
64 }
65 
66 static isc_result_t
totext_cert(ARGS_TOTEXT)67 totext_cert(ARGS_TOTEXT) {
68 	isc_region_t sr;
69 	char buf[sizeof("64000 ")];
70 	unsigned int n;
71 
72 	REQUIRE(rdata->type == dns_rdatatype_cert);
73 	REQUIRE(rdata->length != 0);
74 
75 	UNUSED(tctx);
76 
77 	dns_rdata_toregion(rdata, &sr);
78 
79 	/*
80 	 * Type.
81 	 */
82 	n = uint16_fromregion(&sr);
83 	isc_region_consume(&sr, 2);
84 	RETERR(dns_cert_totext((dns_cert_t)n, target));
85 	RETERR(str_totext(" ", target));
86 
87 	/*
88 	 * Key tag.
89 	 */
90 	n = uint16_fromregion(&sr);
91 	isc_region_consume(&sr, 2);
92 	snprintf(buf, sizeof(buf), "%u ", n);
93 	RETERR(str_totext(buf, target));
94 
95 	/*
96 	 * Algorithm.
97 	 */
98 	RETERR(dns_secalg_totext(sr.base[0], target));
99 	isc_region_consume(&sr, 1);
100 
101 	/*
102 	 * Cert.
103 	 */
104 	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) {
105 		RETERR(str_totext(" (", target));
106 	}
107 	RETERR(str_totext(tctx->linebreak, target));
108 	if (tctx->width == 0) { /* No splitting */
109 		RETERR(isc_base64_totext(&sr, 60, "", target));
110 	} else {
111 		RETERR(isc_base64_totext(&sr, tctx->width - 2, tctx->linebreak,
112 					 target));
113 	}
114 	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) {
115 		RETERR(str_totext(" )", target));
116 	}
117 	return (ISC_R_SUCCESS);
118 }
119 
120 static isc_result_t
fromwire_cert(ARGS_FROMWIRE)121 fromwire_cert(ARGS_FROMWIRE) {
122 	isc_region_t sr;
123 
124 	REQUIRE(type == dns_rdatatype_cert);
125 
126 	UNUSED(type);
127 	UNUSED(rdclass);
128 	UNUSED(dctx);
129 	UNUSED(options);
130 
131 	isc_buffer_activeregion(source, &sr);
132 	if (sr.length < 6) {
133 		return (ISC_R_UNEXPECTEDEND);
134 	}
135 
136 	isc_buffer_forward(source, sr.length);
137 	return (mem_tobuffer(target, sr.base, sr.length));
138 }
139 
140 static isc_result_t
towire_cert(ARGS_TOWIRE)141 towire_cert(ARGS_TOWIRE) {
142 	isc_region_t sr;
143 
144 	REQUIRE(rdata->type == dns_rdatatype_cert);
145 	REQUIRE(rdata->length != 0);
146 
147 	UNUSED(cctx);
148 
149 	dns_rdata_toregion(rdata, &sr);
150 	return (mem_tobuffer(target, sr.base, sr.length));
151 }
152 
153 static int
compare_cert(ARGS_COMPARE)154 compare_cert(ARGS_COMPARE) {
155 	isc_region_t r1;
156 	isc_region_t r2;
157 
158 	REQUIRE(rdata1->type == rdata2->type);
159 	REQUIRE(rdata1->rdclass == rdata2->rdclass);
160 	REQUIRE(rdata1->type == dns_rdatatype_cert);
161 	REQUIRE(rdata1->length != 0);
162 	REQUIRE(rdata2->length != 0);
163 
164 	dns_rdata_toregion(rdata1, &r1);
165 	dns_rdata_toregion(rdata2, &r2);
166 	return (isc_region_compare(&r1, &r2));
167 }
168 
169 static isc_result_t
fromstruct_cert(ARGS_FROMSTRUCT)170 fromstruct_cert(ARGS_FROMSTRUCT) {
171 	dns_rdata_cert_t *cert = source;
172 
173 	REQUIRE(type == dns_rdatatype_cert);
174 	REQUIRE(cert != NULL);
175 	REQUIRE(cert->common.rdtype == type);
176 	REQUIRE(cert->common.rdclass == rdclass);
177 
178 	UNUSED(type);
179 	UNUSED(rdclass);
180 
181 	RETERR(uint16_tobuffer(cert->type, target));
182 	RETERR(uint16_tobuffer(cert->key_tag, target));
183 	RETERR(uint8_tobuffer(cert->algorithm, target));
184 
185 	return (mem_tobuffer(target, cert->certificate, cert->length));
186 }
187 
188 static isc_result_t
tostruct_cert(ARGS_TOSTRUCT)189 tostruct_cert(ARGS_TOSTRUCT) {
190 	dns_rdata_cert_t *cert = target;
191 	isc_region_t region;
192 
193 	REQUIRE(rdata->type == dns_rdatatype_cert);
194 	REQUIRE(cert != NULL);
195 	REQUIRE(rdata->length != 0);
196 
197 	cert->common.rdclass = rdata->rdclass;
198 	cert->common.rdtype = rdata->type;
199 	ISC_LINK_INIT(&cert->common, link);
200 
201 	dns_rdata_toregion(rdata, &region);
202 
203 	cert->type = uint16_fromregion(&region);
204 	isc_region_consume(&region, 2);
205 	cert->key_tag = uint16_fromregion(&region);
206 	isc_region_consume(&region, 2);
207 	cert->algorithm = uint8_fromregion(&region);
208 	isc_region_consume(&region, 1);
209 	cert->length = region.length;
210 
211 	cert->certificate = mem_maybedup(mctx, region.base, region.length);
212 	if (cert->certificate == NULL) {
213 		return (ISC_R_NOMEMORY);
214 	}
215 
216 	cert->mctx = mctx;
217 	return (ISC_R_SUCCESS);
218 }
219 
220 static void
freestruct_cert(ARGS_FREESTRUCT)221 freestruct_cert(ARGS_FREESTRUCT) {
222 	dns_rdata_cert_t *cert = source;
223 
224 	REQUIRE(cert != NULL);
225 	REQUIRE(cert->common.rdtype == dns_rdatatype_cert);
226 
227 	if (cert->mctx == NULL) {
228 		return;
229 	}
230 
231 	if (cert->certificate != NULL) {
232 		isc_mem_free(cert->mctx, cert->certificate);
233 	}
234 	cert->mctx = NULL;
235 }
236 
237 static isc_result_t
additionaldata_cert(ARGS_ADDLDATA)238 additionaldata_cert(ARGS_ADDLDATA) {
239 	REQUIRE(rdata->type == dns_rdatatype_cert);
240 
241 	UNUSED(rdata);
242 	UNUSED(add);
243 	UNUSED(arg);
244 
245 	return (ISC_R_SUCCESS);
246 }
247 
248 static isc_result_t
digest_cert(ARGS_DIGEST)249 digest_cert(ARGS_DIGEST) {
250 	isc_region_t r;
251 
252 	REQUIRE(rdata->type == dns_rdatatype_cert);
253 
254 	dns_rdata_toregion(rdata, &r);
255 
256 	return ((digest)(arg, &r));
257 }
258 
259 static bool
checkowner_cert(ARGS_CHECKOWNER)260 checkowner_cert(ARGS_CHECKOWNER) {
261 	REQUIRE(type == dns_rdatatype_cert);
262 
263 	UNUSED(name);
264 	UNUSED(type);
265 	UNUSED(rdclass);
266 	UNUSED(wildcard);
267 
268 	return (true);
269 }
270 
271 static bool
checknames_cert(ARGS_CHECKNAMES)272 checknames_cert(ARGS_CHECKNAMES) {
273 	REQUIRE(rdata->type == dns_rdatatype_cert);
274 
275 	UNUSED(rdata);
276 	UNUSED(owner);
277 	UNUSED(bad);
278 
279 	return (true);
280 }
281 
282 static int
casecompare_cert(ARGS_COMPARE)283 casecompare_cert(ARGS_COMPARE) {
284 	return (compare_cert(rdata1, rdata2));
285 }
286 #endif /* RDATA_GENERIC_CERT_37_C */
287