1 /* $NetBSD: sig_24.c,v 1.6 2015/07/08 17:28:59 christos Exp $ */ 2 3 /* 4 * Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012, 2015 Internet Systems Consortium, Inc. ("ISC") 5 * Copyright (C) 1999-2003 Internet Software Consortium. 6 * 7 * Permission to use, copy, modify, and/or distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 * PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* Id */ 21 22 /* Reviewed: Fri Mar 17 09:05:02 PST 2000 by gson */ 23 24 /* RFC2535 */ 25 26 #ifndef RDATA_GENERIC_SIG_24_C 27 #define RDATA_GENERIC_SIG_24_C 28 29 #define RRTYPE_SIG_ATTRIBUTES (0) 30 31 static inline isc_result_t 32 fromtext_sig(ARGS_FROMTEXT) { 33 isc_token_t token; 34 unsigned char c; 35 long i; 36 dns_rdatatype_t covered; 37 char *e; 38 isc_result_t result; 39 dns_name_t name; 40 isc_buffer_t buffer; 41 isc_uint32_t time_signed, time_expire; 42 43 REQUIRE(type == 24); 44 45 UNUSED(type); 46 UNUSED(rdclass); 47 UNUSED(callbacks); 48 49 /* 50 * Type covered. 51 */ 52 RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, 53 ISC_FALSE)); 54 result = dns_rdatatype_fromtext(&covered, &token.value.as_textregion); 55 if (result != ISC_R_SUCCESS && result != ISC_R_NOTIMPLEMENTED) { 56 i = strtol(DNS_AS_STR(token), &e, 10); 57 if (i < 0 || i > 65535) 58 RETTOK(ISC_R_RANGE); 59 if (*e != 0) 60 RETTOK(result); 61 covered = (dns_rdatatype_t)i; 62 } 63 RETERR(uint16_tobuffer(covered, target)); 64 65 /* 66 * Algorithm. 67 */ 68 RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, 69 ISC_FALSE)); 70 RETTOK(dns_secalg_fromtext(&c, &token.value.as_textregion)); 71 RETERR(mem_tobuffer(target, &c, 1)); 72 73 /* 74 * Labels. 75 */ 76 RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, 77 ISC_FALSE)); 78 if (token.value.as_ulong > 0xffU) 79 RETTOK(ISC_R_RANGE); 80 c = (unsigned char)token.value.as_ulong; 81 RETERR(mem_tobuffer(target, &c, 1)); 82 83 /* 84 * Original ttl. 85 */ 86 RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, 87 ISC_FALSE)); 88 RETERR(uint32_tobuffer(token.value.as_ulong, target)); 89 90 /* 91 * Signature expiration. 92 */ 93 RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, 94 ISC_FALSE)); 95 RETTOK(dns_time32_fromtext(DNS_AS_STR(token), &time_expire)); 96 RETERR(uint32_tobuffer(time_expire, target)); 97 98 /* 99 * Time signed. 100 */ 101 RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, 102 ISC_FALSE)); 103 RETTOK(dns_time32_fromtext(DNS_AS_STR(token), &time_signed)); 104 RETERR(uint32_tobuffer(time_signed, target)); 105 106 /* 107 * Key footprint. 108 */ 109 RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, 110 ISC_FALSE)); 111 RETERR(uint16_tobuffer(token.value.as_ulong, target)); 112 113 /* 114 * Signer. 115 */ 116 RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_string, 117 ISC_FALSE)); 118 dns_name_init(&name, NULL); 119 buffer_fromregion(&buffer, &token.value.as_region); 120 origin = (origin != NULL) ? origin : dns_rootname; 121 RETTOK(dns_name_fromtext(&name, &buffer, origin, options, target)); 122 123 /* 124 * Sig. 125 */ 126 return (isc_base64_tobuffer(lexer, target, -1)); 127 } 128 129 static inline isc_result_t 130 totext_sig(ARGS_TOTEXT) { 131 isc_region_t sr; 132 char buf[sizeof("4294967295")]; 133 dns_rdatatype_t covered; 134 unsigned long ttl; 135 unsigned long when; 136 unsigned long exp; 137 unsigned long foot; 138 dns_name_t name; 139 dns_name_t prefix; 140 isc_boolean_t sub; 141 142 REQUIRE(rdata->type == 24); 143 REQUIRE(rdata->length != 0); 144 145 dns_rdata_toregion(rdata, &sr); 146 147 /* 148 * Type covered. 149 */ 150 covered = uint16_fromregion(&sr); 151 isc_region_consume(&sr, 2); 152 /* 153 * XXXAG We should have something like dns_rdatatype_isknown() 154 * that does the right thing with type 0. 155 */ 156 if (dns_rdatatype_isknown(covered) && covered != 0) { 157 RETERR(dns_rdatatype_totext(covered, target)); 158 } else { 159 sprintf(buf, "%u", covered); 160 RETERR(str_totext(buf, target)); 161 } 162 RETERR(str_totext(" ", target)); 163 164 /* 165 * Algorithm. 166 */ 167 sprintf(buf, "%u", sr.base[0]); 168 isc_region_consume(&sr, 1); 169 RETERR(str_totext(buf, target)); 170 RETERR(str_totext(" ", target)); 171 172 /* 173 * Labels. 174 */ 175 sprintf(buf, "%u", sr.base[0]); 176 isc_region_consume(&sr, 1); 177 RETERR(str_totext(buf, target)); 178 RETERR(str_totext(" ", target)); 179 180 /* 181 * Ttl. 182 */ 183 ttl = uint32_fromregion(&sr); 184 isc_region_consume(&sr, 4); 185 sprintf(buf, "%lu", ttl); 186 RETERR(str_totext(buf, target)); 187 RETERR(str_totext(" ", target)); 188 189 /* 190 * Sig exp. 191 */ 192 exp = uint32_fromregion(&sr); 193 isc_region_consume(&sr, 4); 194 RETERR(dns_time32_totext(exp, target)); 195 196 if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) 197 RETERR(str_totext(" (", target)); 198 RETERR(str_totext(tctx->linebreak, target)); 199 200 /* 201 * Time signed. 202 */ 203 when = uint32_fromregion(&sr); 204 isc_region_consume(&sr, 4); 205 RETERR(dns_time32_totext(when, target)); 206 RETERR(str_totext(" ", target)); 207 208 /* 209 * Footprint. 210 */ 211 foot = uint16_fromregion(&sr); 212 isc_region_consume(&sr, 2); 213 sprintf(buf, "%lu", foot); 214 RETERR(str_totext(buf, target)); 215 RETERR(str_totext(" ", target)); 216 217 /* 218 * Signer. 219 */ 220 dns_name_init(&name, NULL); 221 dns_name_init(&prefix, NULL); 222 dns_name_fromregion(&name, &sr); 223 isc_region_consume(&sr, name_length(&name)); 224 sub = name_prefix(&name, tctx->origin, &prefix); 225 RETERR(dns_name_totext(&prefix, sub, target)); 226 227 /* 228 * Sig. 229 */ 230 RETERR(str_totext(tctx->linebreak, target)); 231 if (tctx->width == 0) /* No splitting */ 232 RETERR(isc_base64_totext(&sr, 60, "", target)); 233 else 234 RETERR(isc_base64_totext(&sr, tctx->width - 2, 235 tctx->linebreak, target)); 236 if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) 237 RETERR(str_totext(" )", target)); 238 239 return (ISC_R_SUCCESS); 240 } 241 242 static inline isc_result_t 243 fromwire_sig(ARGS_FROMWIRE) { 244 isc_region_t sr; 245 dns_name_t name; 246 247 REQUIRE(type == 24); 248 249 UNUSED(type); 250 UNUSED(rdclass); 251 252 dns_decompress_setmethods(dctx, DNS_COMPRESS_NONE); 253 254 isc_buffer_activeregion(source, &sr); 255 /* 256 * type covered: 2 257 * algorithm: 1 258 * labels: 1 259 * original ttl: 4 260 * signature expiration: 4 261 * time signed: 4 262 * key footprint: 2 263 */ 264 if (sr.length < 18) 265 return (ISC_R_UNEXPECTEDEND); 266 267 isc_buffer_forward(source, 18); 268 RETERR(mem_tobuffer(target, sr.base, 18)); 269 270 /* 271 * Signer. 272 */ 273 dns_name_init(&name, NULL); 274 RETERR(dns_name_fromwire(&name, source, dctx, options, target)); 275 276 /* 277 * Sig. 278 */ 279 isc_buffer_activeregion(source, &sr); 280 isc_buffer_forward(source, sr.length); 281 return (mem_tobuffer(target, sr.base, sr.length)); 282 } 283 284 static inline isc_result_t 285 towire_sig(ARGS_TOWIRE) { 286 isc_region_t sr; 287 dns_name_t name; 288 dns_offsets_t offsets; 289 290 REQUIRE(rdata->type == 24); 291 REQUIRE(rdata->length != 0); 292 293 dns_compress_setmethods(cctx, DNS_COMPRESS_NONE); 294 dns_rdata_toregion(rdata, &sr); 295 /* 296 * type covered: 2 297 * algorithm: 1 298 * labels: 1 299 * original ttl: 4 300 * signature expiration: 4 301 * time signed: 4 302 * key footprint: 2 303 */ 304 RETERR(mem_tobuffer(target, sr.base, 18)); 305 isc_region_consume(&sr, 18); 306 307 /* 308 * Signer. 309 */ 310 dns_name_init(&name, offsets); 311 dns_name_fromregion(&name, &sr); 312 isc_region_consume(&sr, name_length(&name)); 313 RETERR(dns_name_towire(&name, cctx, target)); 314 315 /* 316 * Signature. 317 */ 318 return (mem_tobuffer(target, sr.base, sr.length)); 319 } 320 321 static inline int 322 compare_sig(ARGS_COMPARE) { 323 isc_region_t r1; 324 isc_region_t r2; 325 dns_name_t name1; 326 dns_name_t name2; 327 int order; 328 329 REQUIRE(rdata1->type == rdata2->type); 330 REQUIRE(rdata1->rdclass == rdata2->rdclass); 331 REQUIRE(rdata1->type == 24); 332 REQUIRE(rdata1->length != 0); 333 REQUIRE(rdata2->length != 0); 334 335 dns_rdata_toregion(rdata1, &r1); 336 dns_rdata_toregion(rdata2, &r2); 337 338 INSIST(r1.length > 18); 339 INSIST(r2.length > 18); 340 r1.length = 18; 341 r2.length = 18; 342 order = isc_region_compare(&r1, &r2); 343 if (order != 0) 344 return (order); 345 346 dns_name_init(&name1, NULL); 347 dns_name_init(&name2, NULL); 348 dns_rdata_toregion(rdata1, &r1); 349 dns_rdata_toregion(rdata2, &r2); 350 isc_region_consume(&r1, 18); 351 isc_region_consume(&r2, 18); 352 dns_name_fromregion(&name1, &r1); 353 dns_name_fromregion(&name2, &r2); 354 order = dns_name_rdatacompare(&name1, &name2); 355 if (order != 0) 356 return (order); 357 358 isc_region_consume(&r1, name_length(&name1)); 359 isc_region_consume(&r2, name_length(&name2)); 360 361 return (isc_region_compare(&r1, &r2)); 362 } 363 364 static inline isc_result_t 365 fromstruct_sig(ARGS_FROMSTRUCT) { 366 dns_rdata_sig_t *sig = source; 367 368 REQUIRE(type == 24); 369 REQUIRE(source != NULL); 370 REQUIRE(sig->common.rdtype == type); 371 REQUIRE(sig->common.rdclass == rdclass); 372 REQUIRE(sig->signature != NULL || sig->siglen == 0); 373 374 UNUSED(type); 375 UNUSED(rdclass); 376 377 /* 378 * Type covered. 379 */ 380 RETERR(uint16_tobuffer(sig->covered, target)); 381 382 /* 383 * Algorithm. 384 */ 385 RETERR(uint8_tobuffer(sig->algorithm, target)); 386 387 /* 388 * Labels. 389 */ 390 RETERR(uint8_tobuffer(sig->labels, target)); 391 392 /* 393 * Original TTL. 394 */ 395 RETERR(uint32_tobuffer(sig->originalttl, target)); 396 397 /* 398 * Expire time. 399 */ 400 RETERR(uint32_tobuffer(sig->timeexpire, target)); 401 402 /* 403 * Time signed. 404 */ 405 RETERR(uint32_tobuffer(sig->timesigned, target)); 406 407 /* 408 * Key ID. 409 */ 410 RETERR(uint16_tobuffer(sig->keyid, target)); 411 412 /* 413 * Signer name. 414 */ 415 RETERR(name_tobuffer(&sig->signer, target)); 416 417 /* 418 * Signature. 419 */ 420 return (mem_tobuffer(target, sig->signature, sig->siglen)); 421 } 422 423 static inline isc_result_t 424 tostruct_sig(ARGS_TOSTRUCT) { 425 isc_region_t sr; 426 dns_rdata_sig_t *sig = target; 427 dns_name_t signer; 428 429 REQUIRE(rdata->type == 24); 430 REQUIRE(target != NULL); 431 REQUIRE(rdata->length != 0); 432 433 sig->common.rdclass = rdata->rdclass; 434 sig->common.rdtype = rdata->type; 435 ISC_LINK_INIT(&sig->common, link); 436 437 dns_rdata_toregion(rdata, &sr); 438 439 /* 440 * Type covered. 441 */ 442 sig->covered = uint16_fromregion(&sr); 443 isc_region_consume(&sr, 2); 444 445 /* 446 * Algorithm. 447 */ 448 sig->algorithm = uint8_fromregion(&sr); 449 isc_region_consume(&sr, 1); 450 451 /* 452 * Labels. 453 */ 454 sig->labels = uint8_fromregion(&sr); 455 isc_region_consume(&sr, 1); 456 457 /* 458 * Original TTL. 459 */ 460 sig->originalttl = uint32_fromregion(&sr); 461 isc_region_consume(&sr, 4); 462 463 /* 464 * Expire time. 465 */ 466 sig->timeexpire = uint32_fromregion(&sr); 467 isc_region_consume(&sr, 4); 468 469 /* 470 * Time signed. 471 */ 472 sig->timesigned = uint32_fromregion(&sr); 473 isc_region_consume(&sr, 4); 474 475 /* 476 * Key ID. 477 */ 478 sig->keyid = uint16_fromregion(&sr); 479 isc_region_consume(&sr, 2); 480 481 dns_name_init(&signer, NULL); 482 dns_name_fromregion(&signer, &sr); 483 dns_name_init(&sig->signer, NULL); 484 RETERR(name_duporclone(&signer, mctx, &sig->signer)); 485 isc_region_consume(&sr, name_length(&sig->signer)); 486 487 /* 488 * Signature. 489 */ 490 sig->siglen = sr.length; 491 sig->signature = mem_maybedup(mctx, sr.base, sig->siglen); 492 if (sig->signature == NULL) 493 goto cleanup; 494 495 496 sig->mctx = mctx; 497 return (ISC_R_SUCCESS); 498 499 cleanup: 500 if (mctx != NULL) 501 dns_name_free(&sig->signer, mctx); 502 return (ISC_R_NOMEMORY); 503 } 504 505 static inline void 506 freestruct_sig(ARGS_FREESTRUCT) { 507 dns_rdata_sig_t *sig = (dns_rdata_sig_t *) source; 508 509 REQUIRE(source != NULL); 510 REQUIRE(sig->common.rdtype == 24); 511 512 if (sig->mctx == NULL) 513 return; 514 515 dns_name_free(&sig->signer, sig->mctx); 516 if (sig->signature != NULL) 517 isc_mem_free(sig->mctx, sig->signature); 518 sig->mctx = NULL; 519 } 520 521 static inline isc_result_t 522 additionaldata_sig(ARGS_ADDLDATA) { 523 REQUIRE(rdata->type == 24); 524 525 UNUSED(rdata); 526 UNUSED(add); 527 UNUSED(arg); 528 529 return (ISC_R_SUCCESS); 530 } 531 532 static inline isc_result_t 533 digest_sig(ARGS_DIGEST) { 534 535 REQUIRE(rdata->type == 24); 536 537 UNUSED(rdata); 538 UNUSED(digest); 539 UNUSED(arg); 540 541 return (ISC_R_NOTIMPLEMENTED); 542 } 543 544 static inline dns_rdatatype_t 545 covers_sig(dns_rdata_t *rdata) { 546 dns_rdatatype_t type; 547 isc_region_t r; 548 549 REQUIRE(rdata->type == 24); 550 551 dns_rdata_toregion(rdata, &r); 552 type = uint16_fromregion(&r); 553 554 return (type); 555 } 556 557 static inline isc_boolean_t 558 checkowner_sig(ARGS_CHECKOWNER) { 559 560 REQUIRE(type == 24); 561 562 UNUSED(name); 563 UNUSED(type); 564 UNUSED(rdclass); 565 UNUSED(wildcard); 566 567 return (ISC_TRUE); 568 } 569 570 static inline isc_boolean_t 571 checknames_sig(ARGS_CHECKNAMES) { 572 573 REQUIRE(rdata->type == 24); 574 575 UNUSED(rdata); 576 UNUSED(owner); 577 UNUSED(bad); 578 579 return (ISC_TRUE); 580 } 581 582 static inline int 583 casecompare_sig(ARGS_COMPARE) { 584 return (compare_sig(rdata1, rdata2)); 585 } 586 #endif /* RDATA_GENERIC_SIG_24_C */ 587