summaryrefslogtreecommitdiffstats
path: root/contrib/bind9/lib/dns/dst_api.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind9/lib/dns/dst_api.c')
-rw-r--r--contrib/bind9/lib/dns/dst_api.c1221
1 files changed, 0 insertions, 1221 deletions
diff --git a/contrib/bind9/lib/dns/dst_api.c b/contrib/bind9/lib/dns/dst_api.c
deleted file mode 100644
index 7d98e10..0000000
--- a/contrib/bind9/lib/dns/dst_api.c
+++ /dev/null
@@ -1,1221 +0,0 @@
-/*
- * Portions Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
- * Portions Copyright (C) 1999-2003 Internet Software Consortium.
- * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
- * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
- * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.1.6.7 2006/01/27 23:57:44 marka Exp $
- */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdlib.h>
-
-#include <isc/buffer.h>
-#include <isc/dir.h>
-#include <isc/entropy.h>
-#include <isc/fsaccess.h>
-#include <isc/hmacsha.h>
-#include <isc/lex.h>
-#include <isc/mem.h>
-#include <isc/once.h>
-#include <isc/print.h>
-#include <isc/random.h>
-#include <isc/string.h>
-#include <isc/time.h>
-#include <isc/util.h>
-
-#include <dns/fixedname.h>
-#include <dns/keyvalues.h>
-#include <dns/name.h>
-#include <dns/rdata.h>
-#include <dns/rdataclass.h>
-#include <dns/ttl.h>
-#include <dns/types.h>
-
-#include <dst/result.h>
-
-#include "dst_internal.h"
-
-#define DST_AS_STR(t) ((t).value.as_textregion.base)
-
-static dst_func_t *dst_t_func[DST_MAX_ALGS];
-static isc_entropy_t *dst_entropy_pool = NULL;
-static unsigned int dst_entropy_flags = 0;
-static isc_boolean_t dst_initialized = ISC_FALSE;
-
-isc_mem_t *dst__memory_pool = NULL;
-
-/*
- * Static functions.
- */
-static dst_key_t * get_key_struct(dns_name_t *name,
- unsigned int alg,
- unsigned int flags,
- unsigned int protocol,
- unsigned int bits,
- dns_rdataclass_t rdclass,
- isc_mem_t *mctx);
-static isc_result_t write_public_key(const dst_key_t *key, int type,
- const char *directory);
-static isc_result_t buildfilename(dns_name_t *name,
- dns_keytag_t id,
- unsigned int alg,
- unsigned int type,
- const char *directory,
- isc_buffer_t *out);
-static isc_result_t computeid(dst_key_t *key);
-static isc_result_t frombuffer(dns_name_t *name,
- unsigned int alg,
- unsigned int flags,
- unsigned int protocol,
- dns_rdataclass_t rdclass,
- isc_buffer_t *source,
- isc_mem_t *mctx,
- dst_key_t **keyp);
-
-static isc_result_t algorithm_status(unsigned int alg);
-
-static isc_result_t addsuffix(char *filename, unsigned int len,
- const char *ofilename, const char *suffix);
-
-#define RETERR(x) \
- do { \
- result = (x); \
- if (result != ISC_R_SUCCESS) \
- goto out; \
- } while (0)
-
-#define CHECKALG(alg) \
- do { \
- isc_result_t _r; \
- _r = algorithm_status(alg); \
- if (_r != ISC_R_SUCCESS) \
- return (_r); \
- } while (0); \
-
-static void *
-default_memalloc(void *arg, size_t size) {
- UNUSED(arg);
- if (size == 0U)
- size = 1;
- return (malloc(size));
-}
-
-static void
-default_memfree(void *arg, void *ptr) {
- UNUSED(arg);
- free(ptr);
-}
-
-isc_result_t
-dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) {
- isc_result_t result;
-
- REQUIRE(mctx != NULL && ectx != NULL);
- REQUIRE(dst_initialized == ISC_FALSE);
-
- dst__memory_pool = NULL;
-
-#ifdef OPENSSL
- UNUSED(mctx);
- /*
- * When using --with-openssl, there seems to be no good way of not
- * leaking memory due to the openssl error handling mechanism.
- * Avoid assertions by using a local memory context and not checking
- * for leaks on exit. Note: as there are leaks we cannot use
- * ISC_MEMFLAG_INTERNAL as it will free up memory still being used
- * by libcrypto.
- */
- result = isc_mem_createx2(0, 0, default_memalloc, default_memfree,
- NULL, &dst__memory_pool, 0);
- if (result != ISC_R_SUCCESS)
- return (result);
- isc_mem_setdestroycheck(dst__memory_pool, ISC_FALSE);
-#else
- isc_mem_attach(mctx, &dst__memory_pool);
-#endif
- isc_entropy_attach(ectx, &dst_entropy_pool);
- dst_entropy_flags = eflags;
-
- dst_result_register();
-
- memset(dst_t_func, 0, sizeof(dst_t_func));
- RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]));
- RETERR(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1]));
- RETERR(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224]));
- RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]));
- RETERR(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]));
- RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]));
-#ifdef OPENSSL
- RETERR(dst__openssl_init());
- RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5]));
- RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1]));
-#ifdef HAVE_OPENSSL_DSA
- RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA]));
-#endif
- RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
-#endif /* OPENSSL */
-#ifdef GSSAPI
- RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
-#endif
- dst_initialized = ISC_TRUE;
- return (ISC_R_SUCCESS);
-
- out:
- dst_lib_destroy();
- return (result);
-}
-
-void
-dst_lib_destroy(void) {
- int i;
- RUNTIME_CHECK(dst_initialized == ISC_TRUE);
- dst_initialized = ISC_FALSE;
-
- for (i = 0; i < DST_MAX_ALGS; i++)
- if (dst_t_func[i] != NULL && dst_t_func[i]->cleanup != NULL)
- dst_t_func[i]->cleanup();
-#ifdef OPENSSL
- dst__openssl_destroy();
-#endif
- if (dst__memory_pool != NULL)
- isc_mem_detach(&dst__memory_pool);
- if (dst_entropy_pool != NULL)
- isc_entropy_detach(&dst_entropy_pool);
-
-}
-
-isc_boolean_t
-dst_algorithm_supported(unsigned int alg) {
- REQUIRE(dst_initialized == ISC_TRUE);
-
- if (alg >= DST_MAX_ALGS || dst_t_func[alg] == NULL)
- return (ISC_FALSE);
- return (ISC_TRUE);
-}
-
-isc_result_t
-dst_context_create(dst_key_t *key, isc_mem_t *mctx, dst_context_t **dctxp) {
- dst_context_t *dctx;
- isc_result_t result;
-
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(VALID_KEY(key));
- REQUIRE(mctx != NULL);
- REQUIRE(dctxp != NULL && *dctxp == NULL);
-
- if (key->func->createctx == NULL)
- return (DST_R_UNSUPPORTEDALG);
- if (key->opaque == NULL)
- return (DST_R_NULLKEY);
-
- dctx = isc_mem_get(mctx, sizeof(dst_context_t));
- if (dctx == NULL)
- return (ISC_R_NOMEMORY);
- dctx->key = key;
- dctx->mctx = mctx;
- result = key->func->createctx(key, dctx);
- if (result != ISC_R_SUCCESS) {
- isc_mem_put(mctx, dctx, sizeof(dst_context_t));
- return (result);
- }
- dctx->magic = CTX_MAGIC;
- *dctxp = dctx;
- return (ISC_R_SUCCESS);
-}
-
-void
-dst_context_destroy(dst_context_t **dctxp) {
- dst_context_t *dctx;
-
- REQUIRE(dctxp != NULL && VALID_CTX(*dctxp));
-
- dctx = *dctxp;
- INSIST(dctx->key->func->destroyctx != NULL);
- dctx->key->func->destroyctx(dctx);
- dctx->magic = 0;
- isc_mem_put(dctx->mctx, dctx, sizeof(dst_context_t));
- *dctxp = NULL;
-}
-
-isc_result_t
-dst_context_adddata(dst_context_t *dctx, const isc_region_t *data) {
- REQUIRE(VALID_CTX(dctx));
- REQUIRE(data != NULL);
- INSIST(dctx->key->func->adddata != NULL);
-
- return (dctx->key->func->adddata(dctx, data));
-}
-
-isc_result_t
-dst_context_sign(dst_context_t *dctx, isc_buffer_t *sig) {
- dst_key_t *key;
-
- REQUIRE(VALID_CTX(dctx));
- REQUIRE(sig != NULL);
-
- key = dctx->key;
- CHECKALG(key->key_alg);
- if (key->opaque == NULL)
- return (DST_R_NULLKEY);
- if (key->func->sign == NULL)
- return (DST_R_NOTPRIVATEKEY);
- if (key->func->isprivate == NULL ||
- key->func->isprivate(key) == ISC_FALSE)
- return (DST_R_NOTPRIVATEKEY);
-
- return (key->func->sign(dctx, sig));
-}
-
-isc_result_t
-dst_context_verify(dst_context_t *dctx, isc_region_t *sig) {
- REQUIRE(VALID_CTX(dctx));
- REQUIRE(sig != NULL);
-
- CHECKALG(dctx->key->key_alg);
- if (dctx->key->opaque == NULL)
- return (DST_R_NULLKEY);
- if (dctx->key->func->verify == NULL)
- return (DST_R_NOTPUBLICKEY);
-
- return (dctx->key->func->verify(dctx, sig));
-}
-
-isc_result_t
-dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv,
- isc_buffer_t *secret)
-{
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(VALID_KEY(pub) && VALID_KEY(priv));
- REQUIRE(secret != NULL);
-
- CHECKALG(pub->key_alg);
- CHECKALG(priv->key_alg);
-
- if (pub->opaque == NULL || priv->opaque == NULL)
- return (DST_R_NULLKEY);
-
- if (pub->key_alg != priv->key_alg ||
- pub->func->computesecret == NULL ||
- priv->func->computesecret == NULL)
- return (DST_R_KEYCANNOTCOMPUTESECRET);
-
- if (dst_key_isprivate(priv) == ISC_FALSE)
- return (DST_R_NOTPRIVATEKEY);
-
- return (pub->func->computesecret(pub, priv, secret));
-}
-
-isc_result_t
-dst_key_tofile(const dst_key_t *key, int type, const char *directory) {
- isc_result_t ret = ISC_R_SUCCESS;
-
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(VALID_KEY(key));
- REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0);
-
- CHECKALG(key->key_alg);
-
- if (key->func->tofile == NULL)
- return (DST_R_UNSUPPORTEDALG);
-
- if (type & DST_TYPE_PUBLIC) {
- ret = write_public_key(key, type, directory);
- if (ret != ISC_R_SUCCESS)
- return (ret);
- }
-
- if ((type & DST_TYPE_PRIVATE) &&
- (key->key_flags & DNS_KEYFLAG_TYPEMASK) != DNS_KEYTYPE_NOKEY)
- return (key->func->tofile(key, directory));
- else
- return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-dst_key_fromfile(dns_name_t *name, dns_keytag_t id,
- unsigned int alg, int type, const char *directory,
- isc_mem_t *mctx, dst_key_t **keyp)
-{
- char filename[ISC_DIR_NAMEMAX];
- isc_buffer_t b;
- dst_key_t *key;
- isc_result_t result;
-
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(dns_name_isabsolute(name));
- REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0);
- REQUIRE(mctx != NULL);
- REQUIRE(keyp != NULL && *keyp == NULL);
-
- CHECKALG(alg);
-
- isc_buffer_init(&b, filename, sizeof(filename));
- result = buildfilename(name, id, alg, type, directory, &b);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- key = NULL;
- result = dst_key_fromnamedfile(filename, type, mctx, &key);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- result = computeid(key);
- if (result != ISC_R_SUCCESS) {
- dst_key_free(&key);
- return (result);
- }
-
- if (!dns_name_equal(name, key->key_name) ||
- id != key->key_id ||
- alg != key->key_alg)
- {
- dst_key_free(&key);
- return (DST_R_INVALIDPRIVATEKEY);
- }
- key->key_id = id;
-
- *keyp = key;
- return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-dst_key_fromnamedfile(const char *filename, int type, isc_mem_t *mctx,
- dst_key_t **keyp)
-{
- isc_result_t result;
- dst_key_t *pubkey = NULL, *key = NULL;
- dns_keytag_t id;
- char *newfilename = NULL;
- int newfilenamelen = 0;
- isc_lex_t *lex = NULL;
-
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(filename != NULL);
- REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0);
- REQUIRE(mctx != NULL);
- REQUIRE(keyp != NULL && *keyp == NULL);
-
- newfilenamelen = strlen(filename) + 5;
- newfilename = isc_mem_get(mctx, newfilenamelen);
- if (newfilename == NULL)
- return (ISC_R_NOMEMORY);
- result = addsuffix(newfilename, newfilenamelen, filename, ".key");
- INSIST(result == ISC_R_SUCCESS);
-
- result = dst_key_read_public(newfilename, type, mctx, &pubkey);
- isc_mem_put(mctx, newfilename, newfilenamelen);
- newfilename = NULL;
- if (result != ISC_R_SUCCESS)
- return (result);
-
- if ((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) == DST_TYPE_PUBLIC ||
- (pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
- {
- result = computeid(pubkey);
- if (result != ISC_R_SUCCESS) {
- dst_key_free(&pubkey);
- return (result);
- }
-
- *keyp = pubkey;
- return (ISC_R_SUCCESS);
- }
-
- result = algorithm_status(pubkey->key_alg);
- if (result != ISC_R_SUCCESS) {
- dst_key_free(&pubkey);
- return (result);
- }
-
- key = get_key_struct(pubkey->key_name, pubkey->key_alg,
- pubkey->key_flags, pubkey->key_proto, 0,
- pubkey->key_class, mctx);
- id = pubkey->key_id;
- dst_key_free(&pubkey);
-
- if (key == NULL)
- return (ISC_R_NOMEMORY);
-
- if (key->func->parse == NULL)
- RETERR(DST_R_UNSUPPORTEDALG);
-
- newfilenamelen = strlen(filename) + 9;
- newfilename = isc_mem_get(mctx, newfilenamelen);
- if (newfilename == NULL)
- RETERR(ISC_R_NOMEMORY);
- result = addsuffix(newfilename, newfilenamelen, filename, ".private");
- INSIST(result == ISC_R_SUCCESS);
-
- RETERR(isc_lex_create(mctx, 1500, &lex));
- RETERR(isc_lex_openfile(lex, newfilename));
- isc_mem_put(mctx, newfilename, newfilenamelen);
-
- RETERR(key->func->parse(key, lex));
- isc_lex_destroy(&lex);
-
- RETERR(computeid(key));
-
- if (id != key->key_id)
- RETERR(DST_R_INVALIDPRIVATEKEY);
-
- *keyp = key;
- return (ISC_R_SUCCESS);
- out:
- if (newfilename != NULL)
- isc_mem_put(mctx, newfilename, newfilenamelen);
- if (lex != NULL)
- isc_lex_destroy(&lex);
- dst_key_free(&key);
- return (result);
-}
-
-isc_result_t
-dst_key_todns(const dst_key_t *key, isc_buffer_t *target) {
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(VALID_KEY(key));
- REQUIRE(target != NULL);
-
- CHECKALG(key->key_alg);
-
- if (key->func->todns == NULL)
- return (DST_R_UNSUPPORTEDALG);
-
- if (isc_buffer_availablelength(target) < 4)
- return (ISC_R_NOSPACE);
- isc_buffer_putuint16(target, (isc_uint16_t)(key->key_flags & 0xffff));
- isc_buffer_putuint8(target, (isc_uint8_t)key->key_proto);
- isc_buffer_putuint8(target, (isc_uint8_t)key->key_alg);
-
- if (key->key_flags & DNS_KEYFLAG_EXTENDED) {
- if (isc_buffer_availablelength(target) < 2)
- return (ISC_R_NOSPACE);
- isc_buffer_putuint16(target,
- (isc_uint16_t)((key->key_flags >> 16)
- & 0xffff));
- }
-
- if (key->opaque == NULL) /*%< NULL KEY */
- return (ISC_R_SUCCESS);
-
- return (key->func->todns(key, target));
-}
-
-isc_result_t
-dst_key_fromdns(dns_name_t *name, dns_rdataclass_t rdclass,
- isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
-{
- isc_uint8_t alg, proto;
- isc_uint32_t flags, extflags;
- dst_key_t *key = NULL;
- dns_keytag_t id;
- isc_region_t r;
- isc_result_t result;
-
- REQUIRE(dst_initialized);
-
- isc_buffer_remainingregion(source, &r);
-
- if (isc_buffer_remaininglength(source) < 4)
- return (DST_R_INVALIDPUBLICKEY);
- flags = isc_buffer_getuint16(source);
- proto = isc_buffer_getuint8(source);
- alg = isc_buffer_getuint8(source);
-
- id = dst_region_computeid(&r, alg);
-
- if (flags & DNS_KEYFLAG_EXTENDED) {
- if (isc_buffer_remaininglength(source) < 2)
- return (DST_R_INVALIDPUBLICKEY);
- extflags = isc_buffer_getuint16(source);
- flags |= (extflags << 16);
- }
-
- result = frombuffer(name, alg, flags, proto, rdclass, source,
- mctx, &key);
- if (result != ISC_R_SUCCESS)
- return (result);
- key->key_id = id;
-
- *keyp = key;
- return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-dst_key_frombuffer(dns_name_t *name, unsigned int alg,
- unsigned int flags, unsigned int protocol,
- dns_rdataclass_t rdclass,
- isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
-{
- dst_key_t *key = NULL;
- isc_result_t result;
-
- REQUIRE(dst_initialized);
-
- result = frombuffer(name, alg, flags, protocol, rdclass, source,
- mctx, &key);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- result = computeid(key);
- if (result != ISC_R_SUCCESS) {
- dst_key_free(&key);
- return (result);
- }
-
- *keyp = key;
- return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) {
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(VALID_KEY(key));
- REQUIRE(target != NULL);
-
- CHECKALG(key->key_alg);
-
- if (key->func->todns == NULL)
- return (DST_R_UNSUPPORTEDALG);
-
- return (key->func->todns(key, target));
-}
-
-isc_result_t
-dst_key_privatefrombuffer(dst_key_t *key, isc_buffer_t *buffer) {
- isc_lex_t *lex = NULL;
- isc_result_t result = ISC_R_SUCCESS;
-
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(VALID_KEY(key));
- REQUIRE(!dst_key_isprivate(key));
- REQUIRE(buffer != NULL);
-
- if (key->func->parse == NULL)
- RETERR(DST_R_UNSUPPORTEDALG);
-
- RETERR(isc_lex_create(key->mctx, 1500, &lex));
- RETERR(isc_lex_openbuffer(lex, buffer));
- RETERR(key->func->parse(key, lex));
- out:
- if (lex != NULL)
- isc_lex_destroy(&lex);
- return (result);
-}
-
-isc_result_t
-dst_key_fromgssapi(dns_name_t *name, void *opaque, isc_mem_t *mctx,
- dst_key_t **keyp)
-{
- dst_key_t *key;
-
- REQUIRE(opaque != NULL);
- REQUIRE(keyp != NULL && *keyp == NULL);
-
- key = get_key_struct(name, DST_ALG_GSSAPI, 0, DNS_KEYPROTO_DNSSEC,
- 0, dns_rdataclass_in, mctx);
- if (key == NULL)
- return (ISC_R_NOMEMORY);
- key->opaque = opaque;
- *keyp = key;
- return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-dst_key_generate(dns_name_t *name, unsigned int alg,
- unsigned int bits, unsigned int param,
- unsigned int flags, unsigned int protocol,
- dns_rdataclass_t rdclass,
- isc_mem_t *mctx, dst_key_t **keyp)
-{
- dst_key_t *key;
- isc_result_t ret;
-
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(dns_name_isabsolute(name));
- REQUIRE(mctx != NULL);
- REQUIRE(keyp != NULL && *keyp == NULL);
-
- CHECKALG(alg);
-
- key = get_key_struct(name, alg, flags, protocol, bits, rdclass, mctx);
- if (key == NULL)
- return (ISC_R_NOMEMORY);
-
- if (bits == 0) { /*%< NULL KEY */
- key->key_flags |= DNS_KEYTYPE_NOKEY;
- *keyp = key;
- return (ISC_R_SUCCESS);
- }
-
- if (key->func->generate == NULL) {
- dst_key_free(&key);
- return (DST_R_UNSUPPORTEDALG);
- }
-
- ret = key->func->generate(key, param);
- if (ret != ISC_R_SUCCESS) {
- dst_key_free(&key);
- return (ret);
- }
-
- ret = computeid(key);
- if (ret != ISC_R_SUCCESS) {
- dst_key_free(&key);
- return (ret);
- }
-
- *keyp = key;
- return (ISC_R_SUCCESS);
-}
-
-isc_boolean_t
-dst_key_compare(const dst_key_t *key1, const dst_key_t *key2) {
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(VALID_KEY(key1));
- REQUIRE(VALID_KEY(key2));
-
- if (key1 == key2)
- return (ISC_TRUE);
- if (key1 == NULL || key2 == NULL)
- return (ISC_FALSE);
- if (key1->key_alg == key2->key_alg &&
- key1->key_id == key2->key_id &&
- key1->func->compare != NULL &&
- key1->func->compare(key1, key2) == ISC_TRUE)
- return (ISC_TRUE);
- else
- return (ISC_FALSE);
-}
-
-isc_boolean_t
-dst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(VALID_KEY(key1));
- REQUIRE(VALID_KEY(key2));
-
- if (key1 == key2)
- return (ISC_TRUE);
- if (key1 == NULL || key2 == NULL)
- return (ISC_FALSE);
- if (key1->key_alg == key2->key_alg &&
- key1->func->paramcompare != NULL &&
- key1->func->paramcompare(key1, key2) == ISC_TRUE)
- return (ISC_TRUE);
- else
- return (ISC_FALSE);
-}
-
-void
-dst_key_free(dst_key_t **keyp) {
- isc_mem_t *mctx;
- dst_key_t *key;
-
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(keyp != NULL && VALID_KEY(*keyp));
-
- key = *keyp;
- mctx = key->mctx;
-
- if (key->opaque != NULL) {
- INSIST(key->func->destroy != NULL);
- key->func->destroy(key);
- }
-
- dns_name_free(key->key_name, mctx);
- isc_mem_put(mctx, key->key_name, sizeof(dns_name_t));
- memset(key, 0, sizeof(dst_key_t));
- isc_mem_put(mctx, key, sizeof(dst_key_t));
- *keyp = NULL;
-}
-
-isc_boolean_t
-dst_key_isprivate(const dst_key_t *key) {
- REQUIRE(VALID_KEY(key));
- INSIST(key->func->isprivate != NULL);
- return (key->func->isprivate(key));
-}
-
-isc_result_t
-dst_key_buildfilename(const dst_key_t *key, int type,
- const char *directory, isc_buffer_t *out) {
-
- REQUIRE(VALID_KEY(key));
- REQUIRE(type == DST_TYPE_PRIVATE || type == DST_TYPE_PUBLIC ||
- type == 0);
-
- return (buildfilename(key->key_name, key->key_id, key->key_alg,
- type, directory, out));
-}
-
-isc_result_t
-dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(VALID_KEY(key));
- REQUIRE(n != NULL);
-
- /* XXXVIX this switch statement is too sparse to gen a jump table. */
- switch (key->key_alg) {
- case DST_ALG_RSAMD5:
- case DST_ALG_RSASHA1:
- *n = (key->key_size + 7) / 8;
- break;
- case DST_ALG_DSA:
- *n = DNS_SIG_DSASIGSIZE;
- break;
- case DST_ALG_HMACMD5:
- *n = 16;
- break;
- case DST_ALG_HMACSHA1:
- *n = ISC_SHA1_DIGESTLENGTH;
- break;
- case DST_ALG_HMACSHA224:
- *n = ISC_SHA224_DIGESTLENGTH;
- break;
- case DST_ALG_HMACSHA256:
- *n = ISC_SHA256_DIGESTLENGTH;
- break;
- case DST_ALG_HMACSHA384:
- *n = ISC_SHA384_DIGESTLENGTH;
- break;
- case DST_ALG_HMACSHA512:
- *n = ISC_SHA512_DIGESTLENGTH;
- break;
- case DST_ALG_GSSAPI:
- *n = 128; /*%< XXX */
- break;
- case DST_ALG_DH:
- default:
- return (DST_R_UNSUPPORTEDALG);
- }
- return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-dst_key_secretsize(const dst_key_t *key, unsigned int *n) {
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(VALID_KEY(key));
- REQUIRE(n != NULL);
-
- if (key->key_alg == DST_ALG_DH)
- *n = (key->key_size + 7) / 8;
- else
- return (DST_R_UNSUPPORTEDALG);
- return (ISC_R_SUCCESS);
-}
-
-/***
- *** Static methods
- ***/
-
-/*%
- * Allocates a key structure and fills in some of the fields.
- */
-static dst_key_t *
-get_key_struct(dns_name_t *name, unsigned int alg,
- unsigned int flags, unsigned int protocol,
- unsigned int bits, dns_rdataclass_t rdclass,
- isc_mem_t *mctx)
-{
- dst_key_t *key;
- isc_result_t result;
-
- key = (dst_key_t *) isc_mem_get(mctx, sizeof(dst_key_t));
- if (key == NULL)
- return (NULL);
-
- memset(key, 0, sizeof(dst_key_t));
- key->magic = KEY_MAGIC;
-
- key->key_name = isc_mem_get(mctx, sizeof(dns_name_t));
- if (key->key_name == NULL) {
- isc_mem_put(mctx, key, sizeof(dst_key_t));
- return (NULL);
- }
- dns_name_init(key->key_name, NULL);
- result = dns_name_dup(name, mctx, key->key_name);
- if (result != ISC_R_SUCCESS) {
- isc_mem_put(mctx, key->key_name, sizeof(dns_name_t));
- isc_mem_put(mctx, key, sizeof(dst_key_t));
- return (NULL);
- }
- key->key_alg = alg;
- key->key_flags = flags;
- key->key_proto = protocol;
- key->mctx = mctx;
- key->opaque = NULL;
- key->key_size = bits;
- key->key_class = rdclass;
- key->func = dst_t_func[alg];
- return (key);
-}
-
-/*%
- * Reads a public key from disk
- */
-isc_result_t
-dst_key_read_public(const char *filename, int type,
- isc_mem_t *mctx, dst_key_t **keyp)
-{
- u_char rdatabuf[DST_KEY_MAXSIZE];
- isc_buffer_t b;
- dns_fixedname_t name;
- isc_lex_t *lex = NULL;
- isc_token_t token;
- isc_result_t ret;
- dns_rdata_t rdata = DNS_RDATA_INIT;
- unsigned int opt = ISC_LEXOPT_DNSMULTILINE;
- dns_rdataclass_t rdclass = dns_rdataclass_in;
- isc_lexspecials_t specials;
- isc_uint32_t ttl;
- isc_result_t result;
- dns_rdatatype_t keytype;
-
- /*
- * Open the file and read its formatted contents
- * File format:
- * domain.name [ttl] [class] [KEY|DNSKEY] <flags> <protocol> <algorithm> <key>
- */
-
- /* 1500 should be large enough for any key */
- ret = isc_lex_create(mctx, 1500, &lex);
- if (ret != ISC_R_SUCCESS)
- goto cleanup;
-
- memset(specials, 0, sizeof(specials));
- specials['('] = 1;
- specials[')'] = 1;
- specials['"'] = 1;
- isc_lex_setspecials(lex, specials);
- isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
-
- ret = isc_lex_openfile(lex, filename);
- if (ret != ISC_R_SUCCESS)
- goto cleanup;
-
-#define NEXTTOKEN(lex, opt, token) { \
- ret = isc_lex_gettoken(lex, opt, token); \
- if (ret != ISC_R_SUCCESS) \
- goto cleanup; \
- }
-
-#define BADTOKEN() { \
- ret = ISC_R_UNEXPECTEDTOKEN; \
- goto cleanup; \
- }
-
- /* Read the domain name */
- NEXTTOKEN(lex, opt, &token);
- if (token.type != isc_tokentype_string)
- BADTOKEN();
- dns_fixedname_init(&name);
- isc_buffer_init(&b, DST_AS_STR(token), strlen(DST_AS_STR(token)));
- isc_buffer_add(&b, strlen(DST_AS_STR(token)));
- ret = dns_name_fromtext(dns_fixedname_name(&name), &b, dns_rootname,
- ISC_FALSE, NULL);
- if (ret != ISC_R_SUCCESS)
- goto cleanup;
-
- /* Read the next word: either TTL, class, or 'KEY' */
- NEXTTOKEN(lex, opt, &token);
-
- /* If it's a TTL, read the next one */
- result = dns_ttl_fromtext(&token.value.as_textregion, &ttl);
- if (result == ISC_R_SUCCESS)
- NEXTTOKEN(lex, opt, &token);
-
- if (token.type != isc_tokentype_string)
- BADTOKEN();
-
- ret = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
- if (ret == ISC_R_SUCCESS)
- NEXTTOKEN(lex, opt, &token);
-
- if (token.type != isc_tokentype_string)
- BADTOKEN();
-
- if (strcasecmp(DST_AS_STR(token), "DNSKEY") == 0)
- keytype = dns_rdatatype_dnskey;
- else if (strcasecmp(DST_AS_STR(token), "KEY") == 0)
- keytype = dns_rdatatype_key; /*%< SIG(0), TKEY */
- else
- BADTOKEN();
-
- if (((type & DST_TYPE_KEY) != 0 && keytype != dns_rdatatype_key) ||
- ((type & DST_TYPE_KEY) == 0 && keytype != dns_rdatatype_dnskey)) {
- ret = DST_R_BADKEYTYPE;
- goto cleanup;
- }
-
- isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
- ret = dns_rdata_fromtext(&rdata, rdclass, keytype, lex, NULL,
- ISC_FALSE, mctx, &b, NULL);
- if (ret != ISC_R_SUCCESS)
- goto cleanup;
-
- ret = dst_key_fromdns(dns_fixedname_name(&name), rdclass, &b, mctx,
- keyp);
- if (ret != ISC_R_SUCCESS)
- goto cleanup;
-
- cleanup:
- if (lex != NULL)
- isc_lex_destroy(&lex);
- return (ret);
-}
-
-static isc_boolean_t
-issymmetric(const dst_key_t *key) {
- REQUIRE(dst_initialized == ISC_TRUE);
- REQUIRE(VALID_KEY(key));
-
- /* XXXVIX this switch statement is too sparse to gen a jump table. */
- switch (key->key_alg) {
- case DST_ALG_RSAMD5:
- case DST_ALG_RSASHA1:
- case DST_ALG_DSA:
- case DST_ALG_DH:
- return (ISC_FALSE);
- case DST_ALG_HMACMD5:
- case DST_ALG_GSSAPI:
- return (ISC_TRUE);
- default:
- return (ISC_FALSE);
- }
-}
-
-/*%
- * Writes a public key to disk in DNS format.
- */
-static isc_result_t
-write_public_key(const dst_key_t *key, int type, const char *directory) {
- FILE *fp;
- isc_buffer_t keyb, textb, fileb, classb;
- isc_region_t r;
- char filename[ISC_DIR_NAMEMAX];
- unsigned char key_array[DST_KEY_MAXSIZE];
- char text_array[DST_KEY_MAXTEXTSIZE];
- char class_array[10];
- isc_result_t ret;
- dns_rdata_t rdata = DNS_RDATA_INIT;
- isc_fsaccess_t access;
-
- REQUIRE(VALID_KEY(key));
-
- isc_buffer_init(&keyb, key_array, sizeof(key_array));
- isc_buffer_init(&textb, text_array, sizeof(text_array));
- isc_buffer_init(&classb, class_array, sizeof(class_array));
-
- ret = dst_key_todns(key, &keyb);
- if (ret != ISC_R_SUCCESS)
- return (ret);
-
- isc_buffer_usedregion(&keyb, &r);
- dns_rdata_fromregion(&rdata, key->key_class, dns_rdatatype_dnskey, &r);
-
- ret = dns_rdata_totext(&rdata, (dns_name_t *) NULL, &textb);
- if (ret != ISC_R_SUCCESS)
- return (DST_R_INVALIDPUBLICKEY);
-
- ret = dns_rdataclass_totext(key->key_class, &classb);
- if (ret != ISC_R_SUCCESS)
- return (DST_R_INVALIDPUBLICKEY);
-
- /*
- * Make the filename.
- */
- isc_buffer_init(&fileb, filename, sizeof(filename));
- ret = dst_key_buildfilename(key, DST_TYPE_PUBLIC, directory, &fileb);
- if (ret != ISC_R_SUCCESS)
- return (ret);
-
- /*
- * Create public key file.
- */
- if ((fp = fopen(filename, "w")) == NULL)
- return (DST_R_WRITEERROR);
-
- if (issymmetric(key)) {
- access = 0;
- isc_fsaccess_add(ISC_FSACCESS_OWNER,
- ISC_FSACCESS_READ | ISC_FSACCESS_WRITE,
- &access);
- (void)isc_fsaccess_set(filename, access);
- }
-
- ret = dns_name_print(key->key_name, fp);
- if (ret != ISC_R_SUCCESS) {
- fclose(fp);
- return (ret);
- }
-
- fprintf(fp, " ");
-
- isc_buffer_usedregion(&classb, &r);
- fwrite(r.base, 1, r.length, fp);
-
- if ((type & DST_TYPE_KEY) != 0)
- fprintf(fp, " KEY ");
- else
- fprintf(fp, " DNSKEY ");
-
- isc_buffer_usedregion(&textb, &r);
- fwrite(r.base, 1, r.length, fp);
-
- fputc('\n', fp);
- fclose(fp);
-
- return (ISC_R_SUCCESS);
-}
-
-static isc_result_t
-buildfilename(dns_name_t *name, dns_keytag_t id,
- unsigned int alg, unsigned int type,
- const char *directory, isc_buffer_t *out)
-{
- const char *suffix = "";
- unsigned int len;
- isc_result_t result;
-
- REQUIRE(out != NULL);
- if ((type & DST_TYPE_PRIVATE) != 0)
- suffix = ".private";
- else if (type == DST_TYPE_PUBLIC)
- suffix = ".key";
- if (directory != NULL) {
- if (isc_buffer_availablelength(out) < strlen(directory))
- return (ISC_R_NOSPACE);
- isc_buffer_putstr(out, directory);
- if (strlen(directory) > 0U &&
- directory[strlen(directory) - 1] != '/')
- isc_buffer_putstr(out, "/");
- }
- if (isc_buffer_availablelength(out) < 1)
- return (ISC_R_NOSPACE);
- isc_buffer_putstr(out, "K");
- result = dns_name_tofilenametext(name, ISC_FALSE, out);
- if (result != ISC_R_SUCCESS)
- return (result);
- len = 1 + 3 + 1 + 5 + strlen(suffix) + 1;
- if (isc_buffer_availablelength(out) < len)
- return (ISC_R_NOSPACE);
- sprintf((char *) isc_buffer_used(out), "+%03d+%05d%s", alg, id, suffix);
- isc_buffer_add(out, len);
- return (ISC_R_SUCCESS);
-}
-
-static isc_result_t
-computeid(dst_key_t *key) {
- isc_buffer_t dnsbuf;
- unsigned char dns_array[DST_KEY_MAXSIZE];
- isc_region_t r;
- isc_result_t ret;
-
- isc_buffer_init(&dnsbuf, dns_array, sizeof(dns_array));
- ret = dst_key_todns(key, &dnsbuf);
- if (ret != ISC_R_SUCCESS)
- return (ret);
-
- isc_buffer_usedregion(&dnsbuf, &r);
- key->key_id = dst_region_computeid(&r, key->key_alg);
- return (ISC_R_SUCCESS);
-}
-
-static isc_result_t
-frombuffer(dns_name_t *name, unsigned int alg, unsigned int flags,
- unsigned int protocol, dns_rdataclass_t rdclass,
- isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
-{
- dst_key_t *key;
- isc_result_t ret;
-
- REQUIRE(dns_name_isabsolute(name));
- REQUIRE(source != NULL);
- REQUIRE(mctx != NULL);
- REQUIRE(keyp != NULL && *keyp == NULL);
-
- key = get_key_struct(name, alg, flags, protocol, 0, rdclass, mctx);
- if (key == NULL)
- return (ISC_R_NOMEMORY);
-
- if (isc_buffer_remaininglength(source) > 0) {
- ret = algorithm_status(alg);
- if (ret != ISC_R_SUCCESS) {
- dst_key_free(&key);
- return (ret);
- }
- if (key->func->fromdns == NULL) {
- dst_key_free(&key);
- return (DST_R_UNSUPPORTEDALG);
- }
-
- ret = key->func->fromdns(key, source);
- if (ret != ISC_R_SUCCESS) {
- dst_key_free(&key);
- return (ret);
- }
- }
-
- *keyp = key;
- return (ISC_R_SUCCESS);
-}
-
-static isc_result_t
-algorithm_status(unsigned int alg) {
- REQUIRE(dst_initialized == ISC_TRUE);
-
- if (dst_algorithm_supported(alg))
- return (ISC_R_SUCCESS);
-#ifndef OPENSSL
- if (alg == DST_ALG_RSAMD5 || alg == DST_ALG_RSASHA1 ||
- alg == DST_ALG_DSA || alg == DST_ALG_DH ||
- alg == DST_ALG_HMACMD5)
- return (DST_R_NOCRYPTO);
-#endif
- return (DST_R_UNSUPPORTEDALG);
-}
-
-static isc_result_t
-addsuffix(char *filename, unsigned int len, const char *ofilename,
- const char *suffix)
-{
- int olen = strlen(ofilename);
- int n;
-
- if (olen > 1 && ofilename[olen - 1] == '.')
- olen -= 1;
- else if (olen > 8 && strcmp(ofilename + olen - 8, ".private") == 0)
- olen -= 8;
- else if (olen > 4 && strcmp(ofilename + olen - 4, ".key") == 0)
- olen -= 4;
-
- n = snprintf(filename, len, "%.*s%s", olen, ofilename, suffix);
- if (n < 0)
- return (ISC_R_NOSPACE);
- return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-dst__entropy_getdata(void *buf, unsigned int len, isc_boolean_t pseudo) {
- unsigned int flags = dst_entropy_flags;
- if (pseudo)
- flags &= ~ISC_ENTROPY_GOODONLY;
- return (isc_entropy_getdata(dst_entropy_pool, buf, len, NULL, flags));
-}
OpenPOWER on IntegriCloud