bind/lib/dns/tsec.c

/*
 * Copyright (C) 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
 */

/* $Id: tsec.c,v 1.7 2010/12/09 00:54:34 marka Exp $ */

#include <config.h>

#include <isc/mem.h>

#include <dns/tsec.h>
#include <dns/tsig.h>
#include <dns/result.h>

#include <dst/dst.h>

#define DNS_TSEC_MAGIC			ISC_MAGIC('T', 's', 'e', 'c')
#define DNS_TSEC_VALID(t)		ISC_MAGIC_VALID(t, DNS_TSEC_MAGIC)

/*%
 * DNS Transaction Security object.  We assume this is not shared by
 * multiple threads, and so the structure does not contain a lock.
 */
struct dns_tsec {
	unsigned int		magic;
	dns_tsectype_t		type;
	isc_mem_t		*mctx;
	union {
		dns_tsigkey_t	*tsigkey;
		dst_key_t	*key;
	} ukey;
};

isc_result_t
dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
		dns_tsec_t **tsecp)
{
	isc_result_t result;
	dns_tsec_t *tsec;
	dns_tsigkey_t *tsigkey = NULL;
	dns_name_t *algname;

	REQUIRE(mctx != NULL);
	REQUIRE(tsecp != NULL && *tsecp == NULL);

	tsec = isc_mem_get(mctx, sizeof(*tsec));
	if (tsec == NULL)
		return (ISC_R_NOMEMORY);

	tsec->type = type;
	tsec->mctx = mctx;

	switch (type) {
	case dns_tsectype_tsig:
		switch (dst_key_alg(key)) {
		case DST_ALG_HMACMD5:
			algname = dns_tsig_hmacmd5_name;
			break;
		case DST_ALG_HMACSHA1:
			algname = dns_tsig_hmacsha1_name;
			break;
		case DST_ALG_HMACSHA224:
			algname = dns_tsig_hmacsha224_name;
			break;
		case DST_ALG_HMACSHA256:
			algname = dns_tsig_hmacsha256_name;
			break;
		case DST_ALG_HMACSHA384:
			algname = dns_tsig_hmacsha384_name;
			break;
		case DST_ALG_HMACSHA512:
			algname = dns_tsig_hmacsha512_name;
			break;
		default:
			isc_mem_put(mctx, tsec, sizeof(*tsec));
			return (DNS_R_BADALG);
		}
		result = dns_tsigkey_createfromkey(dst_key_name(key),
						   algname, key, ISC_FALSE,
						   NULL, 0, 0, mctx, NULL,
						   &tsigkey);
		if (result != ISC_R_SUCCESS) {
			isc_mem_put(mctx, tsec, sizeof(*tsec));
			return (result);
		}
		tsec->ukey.tsigkey = tsigkey;
		break;
	case dns_tsectype_sig0:
		tsec->ukey.key = key;
		break;
	default:
		INSIST(0);
	}

	tsec->magic = DNS_TSEC_MAGIC;

	*tsecp = tsec;
	return (ISC_R_SUCCESS);
}

void
dns_tsec_destroy(dns_tsec_t **tsecp) {
	dns_tsec_t *tsec;

	REQUIRE(tsecp != NULL && *tsecp != NULL);
	tsec = *tsecp;
	REQUIRE(DNS_TSEC_VALID(tsec));

	switch (tsec->type) {
	case dns_tsectype_tsig:
		dns_tsigkey_detach(&tsec->ukey.tsigkey);
		break;
	case dns_tsectype_sig0:
		dst_key_free(&tsec->ukey.key);
		break;
	default:
		INSIST(0);
	}

	tsec->magic = 0;
	isc_mem_put(tsec->mctx, tsec, sizeof(*tsec));

	*tsecp = NULL;
}

dns_tsectype_t
dns_tsec_gettype(dns_tsec_t *tsec) {
	REQUIRE(DNS_TSEC_VALID(tsec));

	return (tsec->type);
}

void
dns_tsec_getkey(dns_tsec_t *tsec, void *keyp) {
	REQUIRE(DNS_TSEC_VALID(tsec));
	REQUIRE(keyp != NULL);

	switch (tsec->type) {
	case dns_tsectype_tsig:
		dns_tsigkey_attach(tsec->ukey.tsigkey, (dns_tsigkey_t **)keyp);
		break;
	case dns_tsectype_sig0:
		*(dst_key_t **)keyp = tsec->ukey.key;
		break;
	default:
		INSIST(0);
	}
}
2660. [func] Add a new set of DNS libraries for non-BIND9 applications. See README.libdns. [RT #19369] 2009-09-01 00:22:28 +00:00			`/*`
update copyright notice 2010-12-02 23:46:56 +00:00			`* Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")`
2660. [func] Add a new set of DNS libraries for non-BIND9 applications. See README.libdns. [RT #19369] 2009-09-01 00:22:28 +00:00			`*`
update copyright notice 2009-09-02 23:48:03 +00:00			`* Permission to use, copy, modify, and/or distribute this software for any`
2660. [func] Add a new set of DNS libraries for non-BIND9 applications. See README.libdns. [RT #19369] 2009-09-01 00:22:28 +00:00			`* purpose with or without fee is hereby granted, provided that the above`
			`* copyright notice and this permission notice appear in all copies.`
			`*`
			`* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH`
			`* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY`
			`* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,`
			`* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM`
			`* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE`
			`* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR`
			`* PERFORMANCE OF THIS SOFTWARE.`
			`*/`

2982. [bug] Reference count dst keys. dst_key_attach() can be used increment the reference count. Note: dns_tsigkey_createfromkey() callers should now always call dst_key_free() rather than setting it to NULL on success. [RT #22672] 2010-12-09 00:54:34 +00:00			`/* $Id: tsec.c,v 1.7 2010/12/09 00:54:34 marka Exp $ */`
added include <config.h> 2009-09-01 03:43:27 +00:00
			`#include <config.h>`
2660. [func] Add a new set of DNS libraries for non-BIND9 applications. See README.libdns. [RT #19369] 2009-09-01 00:22:28 +00:00
			`#include <isc/mem.h>`

			`#include <dns/tsec.h>`
			`#include <dns/tsig.h>`
			`#include <dns/result.h>`

			`#include <dst/dst.h>`

			`#define DNS_TSEC_MAGIC ISC_MAGIC('T', 's', 'e', 'c')`
			`#define DNS_TSEC_VALID(t) ISC_MAGIC_VALID(t, DNS_TSEC_MAGIC)`

			`/*%`
			`* DNS Transaction Security object. We assume this is not shared by`
			`* multiple threads, and so the structure does not contain a lock.`
			`*/`
			`struct dns_tsec {`
			`unsigned int magic;`
			`dns_tsectype_t type;`
			`isc_mem_t *mctx;`
			`union {`
			`dns_tsigkey_t *tsigkey;`
			`dst_key_t *key;`
			`} ukey;`
			`};`

			`isc_result_t`
2982. [bug] Reference count dst keys. dst_key_attach() can be used increment the reference count. Note: dns_tsigkey_createfromkey() callers should now always call dst_key_free() rather than setting it to NULL on success. [RT #22672] 2010-12-09 00:54:34 +00:00			`dns_tsec_create(isc_mem_t mctx, dns_tsectype_t type, dst_key_t key,`
2660. [func] Add a new set of DNS libraries for non-BIND9 applications. See README.libdns. [RT #19369] 2009-09-01 00:22:28 +00:00			`dns_tsec_t **tsecp)`
			`{`
			`isc_result_t result;`
			`dns_tsec_t *tsec;`
			`dns_tsigkey_t *tsigkey = NULL;`
			`dns_name_t *algname;`

			`REQUIRE(mctx != NULL);`
			`REQUIRE(tsecp != NULL && *tsecp == NULL);`

			`tsec = isc_mem_get(mctx, sizeof(*tsec));`
			`if (tsec == NULL)`
			`return (ISC_R_NOMEMORY);`

			`tsec->type = type;`
			`tsec->mctx = mctx;`

			`switch (type) {`
			`case dns_tsectype_tsig:`
			`switch (dst_key_alg(key)) {`
			`case DST_ALG_HMACMD5:`
			`algname = dns_tsig_hmacmd5_name;`
			`break;`
			`case DST_ALG_HMACSHA1:`
			`algname = dns_tsig_hmacsha1_name;`
			`break;`
			`case DST_ALG_HMACSHA224:`
			`algname = dns_tsig_hmacsha224_name;`
			`break;`
			`case DST_ALG_HMACSHA256:`
			`algname = dns_tsig_hmacsha256_name;`
			`break;`
			`case DST_ALG_HMACSHA384:`
			`algname = dns_tsig_hmacsha384_name;`
			`break;`
			`case DST_ALG_HMACSHA512:`
			`algname = dns_tsig_hmacsha512_name;`
update copyright notice 2009-09-02 23:48:03 +00:00			`break;`
2660. [func] Add a new set of DNS libraries for non-BIND9 applications. See README.libdns. [RT #19369] 2009-09-01 00:22:28 +00:00			`default:`
			`isc_mem_put(mctx, tsec, sizeof(*tsec));`
			`return (DNS_R_BADALG);`
			`}`
			`result = dns_tsigkey_createfromkey(dst_key_name(key),`
2982. [bug] Reference count dst keys. dst_key_attach() can be used increment the reference count. Note: dns_tsigkey_createfromkey() callers should now always call dst_key_free() rather than setting it to NULL on success. [RT #22672] 2010-12-09 00:54:34 +00:00			`algname, key, ISC_FALSE,`
2660. [func] Add a new set of DNS libraries for non-BIND9 applications. See README.libdns. [RT #19369] 2009-09-01 00:22:28 +00:00			`NULL, 0, 0, mctx, NULL,`
			`&tsigkey);`
			`if (result != ISC_R_SUCCESS) {`
			`isc_mem_put(mctx, tsec, sizeof(*tsec));`
			`return (result);`
			`}`
			`tsec->ukey.tsigkey = tsigkey;`
			`break;`
			`case dns_tsectype_sig0:`
			`tsec->ukey.key = key;`
			`break;`
			`default:`
			`INSIST(0);`
			`}`

			`tsec->magic = DNS_TSEC_MAGIC;`

			`*tsecp = tsec;`
			`return (ISC_R_SUCCESS);`
			`}`

			`void`
			`dns_tsec_destroy(dns_tsec_t **tsecp) {`
			`dns_tsec_t *tsec;`

			`REQUIRE(tsecp != NULL && *tsecp != NULL);`
			`tsec = *tsecp;`
			`REQUIRE(DNS_TSEC_VALID(tsec));`

			`switch (tsec->type) {`
			`case dns_tsectype_tsig:`
			`dns_tsigkey_detach(&tsec->ukey.tsigkey);`
			`break;`
			`case dns_tsectype_sig0:`
			`dst_key_free(&tsec->ukey.key);`
			`break;`
			`default:`
			`INSIST(0);`
			`}`

			`tsec->magic = 0;`
			`isc_mem_put(tsec->mctx, tsec, sizeof(*tsec));`

			`*tsecp = NULL;`
			`}`

			`dns_tsectype_t`
			`dns_tsec_gettype(dns_tsec_t *tsec) {`
			`REQUIRE(DNS_TSEC_VALID(tsec));`

			`return (tsec->type);`
			`}`

			`void`
			`dns_tsec_getkey(dns_tsec_t tsec, void keyp) {`
			`REQUIRE(DNS_TSEC_VALID(tsec));`
			`REQUIRE(keyp != NULL);`

			`switch (tsec->type) {`
			`case dns_tsectype_tsig:`
			`dns_tsigkey_attach(tsec->ukey.tsigkey, (dns_tsigkey_t **)keyp);`
			`break;`
			`case dns_tsectype_sig0:`
			`(dst_key_t *)keyp = tsec->ukey.key;`
			`break;`
			`default:`
			`INSIST(0);`
			`}`
			`}`