1 /* $NetBSD: rcode.c,v 1.8 2014/12/10 04:37:58 christos Exp $ */ 2 3 /* 4 * Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC") 5 * Copyright (C) 1998-2003 Internet Software Consortium. 6 * 7 * Permission to use, copy, modify, and/or distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 * PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* Id */ 21 22 #include <config.h> 23 #include <ctype.h> 24 25 #include <isc/buffer.h> 26 #include <isc/parseint.h> 27 #include <isc/print.h> 28 #include <isc/region.h> 29 #include <isc/result.h> 30 #include <isc/stdio.h> 31 #include <isc/stdlib.h> 32 #include <isc/string.h> 33 #include <isc/types.h> 34 #include <isc/util.h> 35 36 #include <dns/cert.h> 37 #include <dns/ds.h> 38 #include <dns/dsdigest.h> 39 #include <dns/keyflags.h> 40 #include <dns/keyvalues.h> 41 #include <dns/rcode.h> 42 #include <dns/rdataclass.h> 43 #include <dns/result.h> 44 #include <dns/secalg.h> 45 #include <dns/secproto.h> 46 47 #define RETERR(x) \ 48 do { \ 49 isc_result_t _r = (x); \ 50 if (_r != ISC_R_SUCCESS) \ 51 return (_r); \ 52 } while (/*CONSTCOND*/0) 53 54 #define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */ 55 56 #define RCODENAMES \ 57 /* standard rcodes */ \ 58 { dns_rcode_noerror, "NOERROR", 0}, \ 59 { dns_rcode_formerr, "FORMERR", 0}, \ 60 { dns_rcode_servfail, "SERVFAIL", 0}, \ 61 { dns_rcode_nxdomain, "NXDOMAIN", 0}, \ 62 { dns_rcode_notimp, "NOTIMP", 0}, \ 63 { dns_rcode_refused, "REFUSED", 0}, \ 64 { dns_rcode_yxdomain, "YXDOMAIN", 0}, \ 65 { dns_rcode_yxrrset, "YXRRSET", 0}, \ 66 { dns_rcode_nxrrset, "NXRRSET", 0}, \ 67 { dns_rcode_notauth, "NOTAUTH", 0}, \ 68 { dns_rcode_notzone, "NOTZONE", 0}, 69 70 #define ERCODENAMES \ 71 /* extended rcodes */ \ 72 { dns_rcode_badvers, "BADVERS", 0}, \ 73 { 0, NULL, 0 } 74 75 #define TSIGRCODENAMES \ 76 /* extended rcodes */ \ 77 { dns_tsigerror_badsig, "BADSIG", 0}, \ 78 { dns_tsigerror_badkey, "BADKEY", 0}, \ 79 { dns_tsigerror_badtime, "BADTIME", 0}, \ 80 { dns_tsigerror_badmode, "BADMODE", 0}, \ 81 { dns_tsigerror_badname, "BADNAME", 0}, \ 82 { dns_tsigerror_badalg, "BADALG", 0}, \ 83 { dns_tsigerror_badtrunc, "BADTRUNC", 0}, \ 84 { 0, NULL, 0 } 85 86 /* RFC4398 section 2.1 */ 87 88 #define CERTNAMES \ 89 { 1, "PKIX", 0}, \ 90 { 2, "SPKI", 0}, \ 91 { 3, "PGP", 0}, \ 92 { 4, "IPKIX", 0}, \ 93 { 5, "ISPKI", 0}, \ 94 { 6, "IPGP", 0}, \ 95 { 7, "ACPKIX", 0}, \ 96 { 8, "IACPKIX", 0}, \ 97 { 253, "URI", 0}, \ 98 { 254, "OID", 0}, \ 99 { 0, NULL, 0} 100 101 /* RFC2535 section 7, RFC3110 */ 102 103 #define SECALGNAMES \ 104 { DNS_KEYALG_RSAMD5, "RSAMD5", 0 }, \ 105 { DNS_KEYALG_RSAMD5, "RSA", 0 }, \ 106 { DNS_KEYALG_DH, "DH", 0 }, \ 107 { DNS_KEYALG_DSA, "DSA", 0 }, \ 108 { DNS_KEYALG_NSEC3DSA, "NSEC3DSA", 0 }, \ 109 { DNS_KEYALG_ECC, "ECC", 0 }, \ 110 { DNS_KEYALG_RSASHA1, "RSASHA1", 0 }, \ 111 { DNS_KEYALG_NSEC3RSASHA1, "NSEC3RSASHA1", 0 }, \ 112 { DNS_KEYALG_RSASHA256, "RSASHA256", 0 }, \ 113 { DNS_KEYALG_RSASHA512, "RSASHA512", 0 }, \ 114 { DNS_KEYALG_ECCGOST, "ECCGOST", 0 }, \ 115 { DNS_KEYALG_ECDSA256, "ECDSAP256SHA256", 0 }, \ 116 { DNS_KEYALG_ECDSA384, "ECDSAP384SHA384", 0 }, \ 117 { DNS_KEYALG_INDIRECT, "INDIRECT", 0 }, \ 118 { DNS_KEYALG_PRIVATEDNS, "PRIVATEDNS", 0 }, \ 119 { DNS_KEYALG_PRIVATEOID, "PRIVATEOID", 0 }, \ 120 { 0, NULL, 0} 121 122 /* RFC2535 section 7.1 */ 123 124 #define SECPROTONAMES \ 125 { 0, "NONE", 0 }, \ 126 { 1, "TLS", 0 }, \ 127 { 2, "EMAIL", 0 }, \ 128 { 3, "DNSSEC", 0 }, \ 129 { 4, "IPSEC", 0 }, \ 130 { 255, "ALL", 0 }, \ 131 { 0, NULL, 0} 132 133 #define HASHALGNAMES \ 134 { 1, "SHA-1", 0 }, \ 135 { 0, NULL, 0 } 136 137 /* RFC3658, RFC4509, RFC5933, RFC6605 */ 138 139 #define DSDIGESTNAMES \ 140 { DNS_DSDIGEST_SHA1, "SHA-1", 0 }, \ 141 { DNS_DSDIGEST_SHA256, "SHA-256", 0 }, \ 142 { DNS_DSDIGEST_GOST, "GOST", 0 }, \ 143 { DNS_DSDIGEST_SHA384, "SHA-384", 0 }, \ 144 { 0, NULL, 0} 145 146 struct tbl { 147 unsigned int value; 148 const char *name; 149 int flags; 150 }; 151 152 static struct tbl rcodes[] = { RCODENAMES ERCODENAMES }; 153 static struct tbl tsigrcodes[] = { RCODENAMES TSIGRCODENAMES }; 154 static struct tbl certs[] = { CERTNAMES }; 155 static struct tbl secalgs[] = { SECALGNAMES }; 156 static struct tbl secprotos[] = { SECPROTONAMES }; 157 static struct tbl hashalgs[] = { HASHALGNAMES }; 158 static struct tbl dsdigests[] = { DSDIGESTNAMES }; 159 160 static struct keyflag { 161 const char *name; 162 unsigned int value; 163 unsigned int mask; 164 } keyflags[] = { 165 { "NOCONF", 0x4000, 0xC000 }, 166 { "NOAUTH", 0x8000, 0xC000 }, 167 { "NOKEY", 0xC000, 0xC000 }, 168 { "FLAG2", 0x2000, 0x2000 }, 169 { "EXTEND", 0x1000, 0x1000 }, 170 { "FLAG4", 0x0800, 0x0800 }, 171 { "FLAG5", 0x0400, 0x0400 }, 172 { "USER", 0x0000, 0x0300 }, 173 { "ZONE", 0x0100, 0x0300 }, 174 { "HOST", 0x0200, 0x0300 }, 175 { "NTYP3", 0x0300, 0x0300 }, 176 { "FLAG8", 0x0080, 0x0080 }, 177 { "FLAG9", 0x0040, 0x0040 }, 178 { "FLAG10", 0x0020, 0x0020 }, 179 { "FLAG11", 0x0010, 0x0010 }, 180 { "SIG0", 0x0000, 0x000F }, 181 { "SIG1", 0x0001, 0x000F }, 182 { "SIG2", 0x0002, 0x000F }, 183 { "SIG3", 0x0003, 0x000F }, 184 { "SIG4", 0x0004, 0x000F }, 185 { "SIG5", 0x0005, 0x000F }, 186 { "SIG6", 0x0006, 0x000F }, 187 { "SIG7", 0x0007, 0x000F }, 188 { "SIG8", 0x0008, 0x000F }, 189 { "SIG9", 0x0009, 0x000F }, 190 { "SIG10", 0x000A, 0x000F }, 191 { "SIG11", 0x000B, 0x000F }, 192 { "SIG12", 0x000C, 0x000F }, 193 { "SIG13", 0x000D, 0x000F }, 194 { "SIG14", 0x000E, 0x000F }, 195 { "SIG15", 0x000F, 0x000F }, 196 { "KSK", DNS_KEYFLAG_KSK, DNS_KEYFLAG_KSK }, 197 { NULL, 0, 0 } 198 }; 199 200 static isc_result_t 201 str_totext(const char *source, isc_buffer_t *target) { 202 unsigned int l; 203 isc_region_t region; 204 205 isc_buffer_availableregion(target, ®ion); 206 l = strlen(source); 207 208 if (l > region.length) 209 return (ISC_R_NOSPACE); 210 211 memmove(region.base, source, l); 212 isc_buffer_add(target, l); 213 return (ISC_R_SUCCESS); 214 } 215 216 static isc_result_t 217 maybe_numeric(unsigned int *valuep, isc_textregion_t *source, 218 unsigned int max, isc_boolean_t hex_allowed) 219 { 220 isc_result_t result; 221 isc_uint32_t n; 222 char buffer[NUMBERSIZE]; 223 224 if (! isdigit(source->base[0] & 0xff) || 225 source->length > NUMBERSIZE - 1) 226 return (ISC_R_BADNUMBER); 227 228 /* 229 * We have a potential number. Try to parse it with 230 * isc_parse_uint32(). isc_parse_uint32() requires 231 * null termination, so we must make a copy. 232 */ 233 strncpy(buffer, source->base, sizeof(buffer)); 234 buffer[sizeof(buffer) - 1] = '\0'; 235 236 INSIST(buffer[source->length] == '\0'); 237 238 result = isc_parse_uint32(&n, buffer, 10); 239 if (result == ISC_R_BADNUMBER && hex_allowed) 240 result = isc_parse_uint32(&n, buffer, 16); 241 if (result != ISC_R_SUCCESS) 242 return (result); 243 if (n > max) 244 return (ISC_R_RANGE); 245 *valuep = n; 246 return (ISC_R_SUCCESS); 247 } 248 249 static isc_result_t 250 dns_mnemonic_fromtext(unsigned int *valuep, isc_textregion_t *source, 251 struct tbl *table, unsigned int max) 252 { 253 isc_result_t result; 254 int i; 255 256 result = maybe_numeric(valuep, source, max, ISC_FALSE); 257 if (result != ISC_R_BADNUMBER) 258 return (result); 259 260 for (i = 0; table[i].name != NULL; i++) { 261 unsigned int n; 262 n = strlen(table[i].name); 263 if (n == source->length && 264 strncasecmp(source->base, table[i].name, n) == 0) { 265 *valuep = table[i].value; 266 return (ISC_R_SUCCESS); 267 } 268 } 269 return (DNS_R_UNKNOWN); 270 } 271 272 static isc_result_t 273 dns_mnemonic_totext(unsigned int value, isc_buffer_t *target, 274 struct tbl *table) 275 { 276 int i = 0; 277 char buf[sizeof("4294967296")]; 278 while (table[i].name != NULL) { 279 if (table[i].value == value) { 280 return (str_totext(table[i].name, target)); 281 } 282 i++; 283 } 284 snprintf(buf, sizeof(buf), "%u", value); 285 return (str_totext(buf, target)); 286 } 287 288 isc_result_t 289 dns_rcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source) { 290 unsigned int value; 291 RETERR(dns_mnemonic_fromtext(&value, source, rcodes, 0xffff)); 292 *rcodep = value; 293 return (ISC_R_SUCCESS); 294 } 295 296 isc_result_t 297 dns_rcode_totext(dns_rcode_t rcode, isc_buffer_t *target) { 298 return (dns_mnemonic_totext(rcode, target, rcodes)); 299 } 300 301 isc_result_t 302 dns_tsigrcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source) { 303 unsigned int value; 304 RETERR(dns_mnemonic_fromtext(&value, source, tsigrcodes, 0xffff)); 305 *rcodep = value; 306 return (ISC_R_SUCCESS); 307 } 308 309 isc_result_t 310 dns_tsigrcode_totext(dns_rcode_t rcode, isc_buffer_t *target) { 311 return (dns_mnemonic_totext(rcode, target, tsigrcodes)); 312 } 313 314 isc_result_t 315 dns_cert_fromtext(dns_cert_t *certp, isc_textregion_t *source) { 316 unsigned int value; 317 RETERR(dns_mnemonic_fromtext(&value, source, certs, 0xffff)); 318 *certp = value; 319 return (ISC_R_SUCCESS); 320 } 321 322 isc_result_t 323 dns_cert_totext(dns_cert_t cert, isc_buffer_t *target) { 324 return (dns_mnemonic_totext(cert, target, certs)); 325 } 326 327 isc_result_t 328 dns_secalg_fromtext(dns_secalg_t *secalgp, isc_textregion_t *source) { 329 unsigned int value; 330 RETERR(dns_mnemonic_fromtext(&value, source, secalgs, 0xff)); 331 *secalgp = value; 332 return (ISC_R_SUCCESS); 333 } 334 335 isc_result_t 336 dns_secalg_totext(dns_secalg_t secalg, isc_buffer_t *target) { 337 return (dns_mnemonic_totext(secalg, target, secalgs)); 338 } 339 340 void 341 dns_secalg_format(dns_secalg_t alg, char *cp, unsigned int size) { 342 isc_buffer_t b; 343 isc_region_t r; 344 isc_result_t result; 345 346 REQUIRE(cp != NULL && size > 0); 347 isc_buffer_init(&b, cp, size - 1); 348 result = dns_secalg_totext(alg, &b); 349 isc_buffer_usedregion(&b, &r); 350 r.base[r.length] = 0; 351 if (result != ISC_R_SUCCESS) 352 r.base[0] = 0; 353 } 354 355 isc_result_t 356 dns_secproto_fromtext(dns_secproto_t *secprotop, isc_textregion_t *source) { 357 unsigned int value; 358 RETERR(dns_mnemonic_fromtext(&value, source, secprotos, 0xff)); 359 *secprotop = value; 360 return (ISC_R_SUCCESS); 361 } 362 363 isc_result_t 364 dns_secproto_totext(dns_secproto_t secproto, isc_buffer_t *target) { 365 return (dns_mnemonic_totext(secproto, target, secprotos)); 366 } 367 368 isc_result_t 369 dns_hashalg_fromtext(unsigned char *hashalg, isc_textregion_t *source) { 370 unsigned int value; 371 RETERR(dns_mnemonic_fromtext(&value, source, hashalgs, 0xff)); 372 *hashalg = value; 373 return (ISC_R_SUCCESS); 374 } 375 376 isc_result_t 377 dns_keyflags_fromtext(dns_keyflags_t *flagsp, isc_textregion_t *source) 378 { 379 isc_result_t result; 380 char *text, *end; 381 unsigned int value, mask; 382 383 result = maybe_numeric(&value, source, 0xffff, ISC_TRUE); 384 if (result == ISC_R_SUCCESS) { 385 *flagsp = value; 386 return (ISC_R_SUCCESS); 387 } 388 if (result != ISC_R_BADNUMBER) 389 return (result); 390 391 text = source->base; 392 end = source->base + source->length; 393 value = mask = 0; 394 395 while (text < end) { 396 struct keyflag *p; 397 unsigned int len; 398 char *delim = memchr(text, '|', end - text); 399 if (delim != NULL) 400 len = (unsigned int)(delim - text); 401 else 402 len = (unsigned int)(end - text); 403 for (p = keyflags; p->name != NULL; p++) { 404 if (strncasecmp(p->name, text, len) == 0) 405 break; 406 } 407 if (p->name == NULL) 408 return (DNS_R_UNKNOWNFLAG); 409 value |= p->value; 410 #ifdef notyet 411 if ((mask & p->mask) != 0) 412 warn("overlapping key flags"); 413 #endif 414 mask |= p->mask; 415 text += len; 416 if (delim != NULL) 417 text++; /* Skip "|" */ 418 } 419 *flagsp = value; 420 return (ISC_R_SUCCESS); 421 } 422 423 isc_result_t 424 dns_dsdigest_fromtext(dns_dsdigest_t *dsdigestp, isc_textregion_t *source) { 425 unsigned int value; 426 RETERR(dns_mnemonic_fromtext(&value, source, dsdigests, 0xff)); 427 *dsdigestp = value; 428 return (ISC_R_SUCCESS); 429 } 430 431 isc_result_t 432 dns_dsdigest_totext(dns_dsdigest_t dsdigest, isc_buffer_t *target) { 433 return (dns_mnemonic_totext(dsdigest, target, dsdigests)); 434 } 435 436 void 437 dns_dsdigest_format(dns_dsdigest_t typ, char *cp, unsigned int size) { 438 isc_buffer_t b; 439 isc_region_t r; 440 isc_result_t result; 441 442 REQUIRE(cp != NULL && size > 0); 443 isc_buffer_init(&b, cp, size - 1); 444 result = dns_dsdigest_totext(typ, &b); 445 isc_buffer_usedregion(&b, &r); 446 r.base[r.length] = 0; 447 if (result != ISC_R_SUCCESS) 448 r.base[0] = 0; 449 } 450 451 /* 452 * This uses lots of hard coded values, but how often do we actually 453 * add classes? 454 */ 455 isc_result_t 456 dns_rdataclass_fromtext(dns_rdataclass_t *classp, isc_textregion_t *source) { 457 #define COMPARE(string, rdclass) \ 458 if (((sizeof(string) - 1) == source->length) \ 459 && (strncasecmp(source->base, string, source->length) == 0)) { \ 460 *classp = rdclass; \ 461 return (ISC_R_SUCCESS); \ 462 } 463 464 switch (tolower((unsigned char)source->base[0])) { 465 case 'a': 466 COMPARE("any", dns_rdataclass_any); 467 break; 468 case 'c': 469 /* 470 * RFC1035 says the mnemonic for the CHAOS class is CH, 471 * but historical BIND practice is to call it CHAOS. 472 * We will accept both forms, but only generate CH. 473 */ 474 COMPARE("ch", dns_rdataclass_chaos); 475 COMPARE("chaos", dns_rdataclass_chaos); 476 477 if (source->length > 5 && 478 source->length < (5 + sizeof("65000")) && 479 strncasecmp("class", source->base, 5) == 0) { 480 char buf[sizeof("65000")]; 481 char *endp; 482 unsigned int val; 483 484 strncpy(buf, source->base + 5, source->length - 5); 485 buf[source->length - 5] = '\0'; 486 val = strtoul(buf, &endp, 10); 487 if (*endp == '\0' && val <= 0xffff) { 488 *classp = (dns_rdataclass_t)val; 489 return (ISC_R_SUCCESS); 490 } 491 } 492 break; 493 case 'h': 494 COMPARE("hs", dns_rdataclass_hs); 495 COMPARE("hesiod", dns_rdataclass_hs); 496 break; 497 case 'i': 498 COMPARE("in", dns_rdataclass_in); 499 break; 500 case 'n': 501 COMPARE("none", dns_rdataclass_none); 502 break; 503 case 'r': 504 COMPARE("reserved0", dns_rdataclass_reserved0); 505 break; 506 } 507 508 #undef COMPARE 509 510 return (DNS_R_UNKNOWN); 511 } 512 513 isc_result_t 514 dns_rdataclass_totext(dns_rdataclass_t rdclass, isc_buffer_t *target) { 515 char buf[sizeof("CLASS65535")]; 516 517 switch (rdclass) { 518 case dns_rdataclass_any: 519 return (str_totext("ANY", target)); 520 case dns_rdataclass_chaos: 521 return (str_totext("CH", target)); 522 case dns_rdataclass_hs: 523 return (str_totext("HS", target)); 524 case dns_rdataclass_in: 525 return (str_totext("IN", target)); 526 case dns_rdataclass_none: 527 return (str_totext("NONE", target)); 528 case dns_rdataclass_reserved0: 529 return (str_totext("RESERVED0", target)); 530 default: 531 snprintf(buf, sizeof(buf), "CLASS%u", rdclass); 532 return (str_totext(buf, target)); 533 } 534 } 535 536 void 537 dns_rdataclass_format(dns_rdataclass_t rdclass, 538 char *array, unsigned int size) 539 { 540 isc_result_t result; 541 isc_buffer_t buf; 542 543 if (size == 0U) 544 return; 545 546 isc_buffer_init(&buf, array, size); 547 result = dns_rdataclass_totext(rdclass, &buf); 548 /* 549 * Null terminate. 550 */ 551 if (result == ISC_R_SUCCESS) { 552 if (isc_buffer_availablelength(&buf) >= 1) 553 isc_buffer_putuint8(&buf, 0); 554 else 555 result = ISC_R_NOSPACE; 556 } 557 if (result != ISC_R_SUCCESS) 558 strlcpy(array, "<unknown>", size); 559 } 560