Line | Count | Source |
1 | | /* |
2 | | * Copyright (C) Internet Systems Consortium, Inc. ("ISC") |
3 | | * |
4 | | * SPDX-License-Identifier: MPL-2.0 |
5 | | * |
6 | | * This Source Code Form is subject to the terms of the Mozilla Public |
7 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
8 | | * file, you can obtain one at https://mozilla.org/MPL/2.0/. |
9 | | * |
10 | | * See the COPYRIGHT file distributed with this work for additional |
11 | | * information regarding copyright ownership. |
12 | | */ |
13 | | |
14 | | #include <inttypes.h> |
15 | | #include <stdbool.h> |
16 | | #include <stddef.h> |
17 | | #include <stdlib.h> |
18 | | |
19 | | #include <isc/mem.h> |
20 | | #include <isc/region.h> |
21 | | #include <isc/util.h> |
22 | | |
23 | | #include <dns/keyvalues.h> |
24 | | |
25 | | #include <dst/dst.h> |
26 | | |
27 | | #include "dst_internal.h" |
28 | | |
29 | | uint16_t |
30 | 319 | dst_region_computeid(const isc_region_t *source) { |
31 | 319 | uint32_t ac; |
32 | 319 | const unsigned char *p; |
33 | 319 | int size; |
34 | | |
35 | 319 | REQUIRE(source != NULL); |
36 | 319 | REQUIRE(source->length >= 4); |
37 | | |
38 | 319 | p = source->base; |
39 | 319 | size = source->length; |
40 | | |
41 | 31.2k | for (ac = 0; size > 1; size -= 2, p += 2) { |
42 | 30.8k | ac += ((*p) << 8) + *(p + 1); |
43 | 30.8k | } |
44 | | |
45 | 319 | if (size > 0) { |
46 | 74 | ac += ((*p) << 8); |
47 | 74 | } |
48 | 319 | ac += (ac >> 16) & 0xffff; |
49 | | |
50 | 319 | return (uint16_t)(ac & 0xffff); |
51 | 319 | } |
52 | | |
53 | | uint16_t |
54 | 84 | dst_region_computerid(const isc_region_t *source) { |
55 | 84 | uint32_t ac; |
56 | 84 | const unsigned char *p; |
57 | 84 | int size; |
58 | | |
59 | 84 | REQUIRE(source != NULL); |
60 | 84 | REQUIRE(source->length >= 4); |
61 | | |
62 | 84 | p = source->base; |
63 | 84 | size = source->length; |
64 | | |
65 | 84 | ac = ((*p) << 8) + *(p + 1); |
66 | 84 | ac |= DNS_KEYFLAG_REVOKE; |
67 | 10.8k | for (size -= 2, p += 2; size > 1; size -= 2, p += 2) { |
68 | 10.7k | ac += ((*p) << 8) + *(p + 1); |
69 | 10.7k | } |
70 | | |
71 | 84 | if (size > 0) { |
72 | 0 | ac += ((*p) << 8); |
73 | 0 | } |
74 | 84 | ac += (ac >> 16) & 0xffff; |
75 | | |
76 | 84 | return (uint16_t)(ac & 0xffff); |
77 | 84 | } |
78 | | |
79 | | dns_name_t * |
80 | 19 | dst_key_name(const dst_key_t *key) { |
81 | 19 | REQUIRE(VALID_KEY(key)); |
82 | 19 | return key->key_name; |
83 | 19 | } |
84 | | |
85 | | unsigned int |
86 | 2 | dst_key_size(const dst_key_t *key) { |
87 | 2 | REQUIRE(VALID_KEY(key)); |
88 | 2 | return key->key_size; |
89 | 2 | } |
90 | | |
91 | | unsigned int |
92 | 216 | dst_key_alg(const dst_key_t *key) { |
93 | 216 | REQUIRE(VALID_KEY(key)); |
94 | 216 | return key->key_alg; |
95 | 216 | } |
96 | | |
97 | | uint32_t |
98 | 0 | dst_key_flags(const dst_key_t *key) { |
99 | 0 | REQUIRE(VALID_KEY(key)); |
100 | 0 | return key->key_flags; |
101 | 0 | } |
102 | | |
103 | | dns_keytag_t |
104 | 0 | dst_key_id(const dst_key_t *key) { |
105 | 0 | REQUIRE(VALID_KEY(key)); |
106 | 0 | return key->key_id; |
107 | 0 | } |
108 | | |
109 | | dns_keytag_t |
110 | 0 | dst_key_rid(const dst_key_t *key) { |
111 | 0 | REQUIRE(VALID_KEY(key)); |
112 | 0 | return key->key_rid; |
113 | 0 | } |
114 | | |
115 | | dns_rdataclass_t |
116 | 0 | dst_key_class(const dst_key_t *key) { |
117 | 0 | REQUIRE(VALID_KEY(key)); |
118 | 0 | return key->key_class; |
119 | 0 | } |
120 | | |
121 | | const char * |
122 | 0 | dst_key_directory(const dst_key_t *key) { |
123 | 0 | REQUIRE(VALID_KEY(key)); |
124 | 0 | return key->directory; |
125 | 0 | } |
126 | | |
127 | | bool |
128 | 0 | dst_key_iszonekey(const dst_key_t *key) { |
129 | 0 | REQUIRE(VALID_KEY(key)); |
130 | |
|
131 | 0 | if ((key->key_flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE) { |
132 | 0 | return false; |
133 | 0 | } |
134 | 0 | if (key->key_proto != DNS_KEYPROTO_DNSSEC && |
135 | 0 | key->key_proto != DNS_KEYPROTO_ANY) |
136 | 0 | { |
137 | 0 | return false; |
138 | 0 | } |
139 | 0 | return true; |
140 | 0 | } |
141 | | |
142 | 0 | #define REVOKE(x) ((dst_key_flags(x) & DNS_KEYFLAG_REVOKE) != 0) |
143 | 0 | #define KSK(x) ((dst_key_flags(x) & DNS_KEYFLAG_KSK) != 0) |
144 | | #define ID(x) dst_key_id(x) |
145 | 0 | #define ALG(x) dst_key_alg(x) |
146 | | |
147 | | bool |
148 | | dst_key_have_ksk_and_zsk(dst_key_t **keys, unsigned int nkeys, unsigned int i, |
149 | | bool check_offline, bool ksk, bool zsk, bool *have_ksk, |
150 | 0 | bool *have_zsk) { |
151 | 0 | bool hksk = ksk; |
152 | 0 | bool hzsk = zsk; |
153 | 0 | isc_result_t result; |
154 | |
|
155 | 0 | REQUIRE(keys != NULL); |
156 | |
|
157 | 0 | for (unsigned int j = 0; j < nkeys && !(hksk && hzsk); j++) { |
158 | 0 | if (j == i || ALG(keys[i]) != ALG(keys[j])) { |
159 | 0 | continue; |
160 | 0 | } |
161 | | /* |
162 | | * Don't consider inactive keys. |
163 | | */ |
164 | 0 | if (dst_key_inactive(keys[j])) { |
165 | 0 | continue; |
166 | 0 | } |
167 | | /* |
168 | | * Don't consider offline keys. |
169 | | */ |
170 | 0 | if (check_offline && !dst_key_isprivate(keys[j])) { |
171 | 0 | continue; |
172 | 0 | } |
173 | 0 | if (REVOKE(keys[j])) { |
174 | 0 | continue; |
175 | 0 | } |
176 | | |
177 | 0 | if (!hksk) { |
178 | 0 | result = dst_key_getbool(keys[j], DST_BOOL_KSK, &hksk); |
179 | 0 | if (result != ISC_R_SUCCESS) { |
180 | 0 | if (KSK(keys[j])) { |
181 | 0 | hksk = true; |
182 | 0 | } |
183 | 0 | } |
184 | 0 | } |
185 | 0 | if (!hzsk) { |
186 | 0 | result = dst_key_getbool(keys[j], DST_BOOL_ZSK, &hzsk); |
187 | 0 | if (result != ISC_R_SUCCESS) { |
188 | 0 | if (!KSK(keys[j])) { |
189 | 0 | hzsk = dst_key_isprivate(keys[j]); |
190 | 0 | } |
191 | 0 | } |
192 | 0 | } |
193 | 0 | } |
194 | |
|
195 | 0 | SET_IF_NOT_NULL(have_ksk, hksk); |
196 | 0 | SET_IF_NOT_NULL(have_zsk, hzsk); |
197 | 0 | return hksk && hzsk; |
198 | 0 | } |
199 | | |
200 | | void |
201 | 0 | dst_key_setbits(dst_key_t *key, uint16_t bits) { |
202 | 0 | unsigned int maxbits; |
203 | 0 | REQUIRE(VALID_KEY(key)); |
204 | 0 | if (bits != 0) { |
205 | 0 | RUNTIME_CHECK(dst_key_sigsize(key, &maxbits) == ISC_R_SUCCESS); |
206 | 0 | maxbits *= 8; |
207 | 0 | REQUIRE(bits <= maxbits); |
208 | 0 | } |
209 | 0 | key->key_bits = bits; |
210 | 0 | } |
211 | | |
212 | | uint16_t |
213 | 14 | dst_key_getbits(const dst_key_t *key) { |
214 | 14 | REQUIRE(VALID_KEY(key)); |
215 | 14 | return key->key_bits; |
216 | 14 | } |
217 | | |
218 | | void |
219 | 0 | dst_key_setttl(dst_key_t *key, dns_ttl_t ttl) { |
220 | 0 | REQUIRE(VALID_KEY(key)); |
221 | 0 | key->key_ttl = ttl; |
222 | 0 | } |
223 | | |
224 | | dns_ttl_t |
225 | 0 | dst_key_getttl(const dst_key_t *key) { |
226 | 0 | REQUIRE(VALID_KEY(key)); |
227 | 0 | return key->key_ttl; |
228 | 0 | } |
229 | | |
230 | | void |
231 | 0 | dst_key_setdirectory(dst_key_t *key, const char *dir) { |
232 | 0 | if (key->directory != NULL) { |
233 | 0 | isc_mem_free(key->mctx, key->directory); |
234 | 0 | } |
235 | 0 | key->directory = isc_mem_strdup(key->mctx, dir); |
236 | 0 | } |
237 | | |
238 | | /*! \file */ |