source-git / bind

Clone
Source Code
GIT

Blame lib/dns/tsec.c

c8 c8s master
  1.   d3afd5b428dff0254f0b61445db21d457973043c
  2.   lib
  3.   dns
  4.   tsec.c
Blob History Raw
Packit 5ce601 
/*
Packit 5ce601 
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
Packit 5ce601 
 *
Packit 5ce601 
 * This Source Code Form is subject to the terms of the Mozilla Public
Packit 5ce601 
 * License, v. 2.0. If a copy of the MPL was not distributed with this
Packit Service 704ed8 
 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
Packit 5ce601 
 *
Packit 5ce601 
 * See the COPYRIGHT file distributed with this work for additional
Packit 5ce601 
 * information regarding copyright ownership.
Packit 5ce601 
 */
Packit 5ce601
Packit 5ce601 
#include <config.h>
Packit 5ce601
Packit 5ce601 
#include <isc/mem.h>
Packit 5ce601 
#include <isc/util.h>
Packit 5ce601
Packit 5ce601 
#include <pk11/site.h>
Packit 5ce601
Packit 5ce601 
#include <dns/tsec.h>
Packit 5ce601 
#include <dns/tsig.h>
Packit 5ce601 
#include <dns/result.h>
Packit 5ce601
Packit 5ce601 
#include <dst/dst.h>
Packit 5ce601
Packit 5ce601 
#define DNS_TSEC_MAGIC			ISC_MAGIC('T', 's', 'e', 'c')
Packit 5ce601 
#define DNS_TSEC_VALID(t)		ISC_MAGIC_VALID(t, DNS_TSEC_MAGIC)
Packit 5ce601
Packit 5ce601 
/*%
Packit 5ce601 
 * DNS Transaction Security object.  We assume this is not shared by
Packit 5ce601 
 * multiple threads, and so the structure does not contain a lock.
Packit 5ce601 
 */
Packit 5ce601 
struct dns_tsec {
Packit 5ce601 
	unsigned int		magic;
Packit 5ce601 
	dns_tsectype_t		type;
Packit 5ce601 
	isc_mem_t		*mctx;
Packit 5ce601 
	union {
Packit 5ce601 
		dns_tsigkey_t	*tsigkey;
Packit 5ce601 
		dst_key_t	*key;
Packit 5ce601 
	} ukey;
Packit 5ce601 
};
Packit 5ce601
Packit 5ce601 
isc_result_t
Packit 5ce601 
dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
Packit 5ce601 
		dns_tsec_t **tsecp)
Packit 5ce601 
{
Packit 5ce601 
	isc_result_t result;
Packit 5ce601 
	dns_tsec_t *tsec;
Packit 5ce601 
	dns_tsigkey_t *tsigkey = NULL;
Packit 5ce601 
	dns_name_t *algname;
Packit 5ce601
Packit 5ce601 
	REQUIRE(mctx != NULL);
Packit 5ce601 
	REQUIRE(tsecp != NULL && *tsecp == NULL);
Packit 5ce601
Packit 5ce601 
	tsec = isc_mem_get(mctx, sizeof(*tsec));
Packit 5ce601 
	if (tsec == NULL)
Packit 5ce601 
		return (ISC_R_NOMEMORY);
Packit 5ce601
Packit 5ce601 
	tsec->type = type;
Packit 5ce601 
	tsec->mctx = mctx;
Packit 5ce601
Packit 5ce601 
	switch (type) {
Packit 5ce601 
	case dns_tsectype_tsig:
Packit 5ce601 
		switch (dst_key_alg(key)) {
Packit 5ce601 
#ifndef PK11_MD5_DISABLE
Packit 5ce601 
		case DST_ALG_HMACMD5:
Packit Service d3afd5 
			algname = dns_tsig_hmacmd5_name;
Packit 5ce601 
			break;
Packit 5ce601 
#endif
Packit 5ce601 
		case DST_ALG_HMACSHA1:
Packit 5ce601 
			algname = dns_tsig_hmacsha1_name;
Packit 5ce601 
			break;
Packit 5ce601 
		case DST_ALG_HMACSHA224:
Packit 5ce601 
			algname = dns_tsig_hmacsha224_name;
Packit 5ce601 
			break;
Packit 5ce601 
		case DST_ALG_HMACSHA256:
Packit 5ce601 
			algname = dns_tsig_hmacsha256_name;
Packit 5ce601 
			break;
Packit 5ce601 
		case DST_ALG_HMACSHA384:
Packit 5ce601 
			algname = dns_tsig_hmacsha384_name;
Packit 5ce601 
			break;
Packit 5ce601 
		case DST_ALG_HMACSHA512:
Packit 5ce601 
			algname = dns_tsig_hmacsha512_name;
Packit 5ce601 
			break;
Packit 5ce601 
		default:
Packit 5ce601 
			isc_mem_put(mctx, tsec, sizeof(*tsec));
Packit 5ce601 
			return (DNS_R_BADALG);
Packit 5ce601 
		}
Packit 5ce601 
		result = dns_tsigkey_createfromkey(dst_key_name(key),
Packit 5ce601 
						   algname, key, false,
Packit 5ce601 
						   NULL, 0, 0, mctx, NULL,
Packit 5ce601 
						   &tsigkey);
Packit 5ce601 
		if (result != ISC_R_SUCCESS) {
Packit 5ce601 
			isc_mem_put(mctx, tsec, sizeof(*tsec));
Packit 5ce601 
			return (result);
Packit 5ce601 
		}
Packit 5ce601 
		tsec->ukey.tsigkey = tsigkey;
Packit 5ce601 
		break;
Packit 5ce601 
	case dns_tsectype_sig0:
Packit 5ce601 
		tsec->ukey.key = key;
Packit 5ce601 
		break;
Packit 5ce601 
	default:
Packit 5ce601 
		INSIST(0);
Packit 5ce601 
		ISC_UNREACHABLE();
Packit 5ce601 
	}
Packit 5ce601
Packit 5ce601 
	tsec->magic = DNS_TSEC_MAGIC;
Packit 5ce601
Packit 5ce601 
	*tsecp = tsec;
Packit 5ce601 
	return (ISC_R_SUCCESS);
Packit 5ce601 
}
Packit 5ce601
Packit 5ce601 
void
Packit 5ce601 
dns_tsec_destroy(dns_tsec_t **tsecp) {
Packit 5ce601 
	dns_tsec_t *tsec;
Packit 5ce601
Packit 5ce601 
	REQUIRE(tsecp != NULL && *tsecp != NULL);
Packit 5ce601 
	tsec = *tsecp;
Packit 5ce601 
	REQUIRE(DNS_TSEC_VALID(tsec));
Packit 5ce601
Packit 5ce601 
	switch (tsec->type) {
Packit 5ce601 
	case dns_tsectype_tsig:
Packit 5ce601 
		dns_tsigkey_detach(&tsec->ukey.tsigkey);
Packit 5ce601 
		break;
Packit 5ce601 
	case dns_tsectype_sig0:
Packit 5ce601 
		dst_key_free(&tsec->ukey.key);
Packit 5ce601 
		break;
Packit 5ce601 
	default:
Packit 5ce601 
		INSIST(0);
Packit 5ce601 
		ISC_UNREACHABLE();
Packit 5ce601 
	}
Packit 5ce601
Packit 5ce601 
	tsec->magic = 0;
Packit 5ce601 
	isc_mem_put(tsec->mctx, tsec, sizeof(*tsec));
Packit 5ce601
Packit 5ce601 
	*tsecp = NULL;
Packit 5ce601 
}
Packit 5ce601
Packit 5ce601 
dns_tsectype_t
Packit 5ce601 
dns_tsec_gettype(dns_tsec_t *tsec) {
Packit 5ce601 
	REQUIRE(DNS_TSEC_VALID(tsec));
Packit 5ce601
Packit 5ce601 
	return (tsec->type);
Packit 5ce601 
}
Packit 5ce601
Packit 5ce601 
void
Packit 5ce601 
dns_tsec_getkey(dns_tsec_t *tsec, void *keyp) {
Packit 5ce601 
	REQUIRE(DNS_TSEC_VALID(tsec));
Packit 5ce601 
	REQUIRE(keyp != NULL);
Packit 5ce601
Packit 5ce601 
	switch (tsec->type) {
Packit 5ce601 
	case dns_tsectype_tsig:
Packit 5ce601 
		dns_tsigkey_attach(tsec->ukey.tsigkey, (dns_tsigkey_t **)keyp);
Packit 5ce601 
		break;
Packit 5ce601 
	case dns_tsectype_sig0:
Packit 5ce601 
		*(dst_key_t **)keyp = tsec->ukey.key;
Packit 5ce601 
		break;
Packit 5ce601 
	default:
Packit 5ce601 
		INSIST(0);
Packit 5ce601 
		ISC_UNREACHABLE();
Packit 5ce601 
	}
Packit 5ce601 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation