PageRenderTime 26ms CodeModel.GetById 13ms RepoModel.GetById 0ms app.codeStats 0ms

/bundled-libs/Net/DNS2/RR/SIG.php

http://github.com/s9y/Serendipity
PHP | 459 lines | 153 code | 60 blank | 246 comment | 11 complexity | 550120e35eaf854d95f00da0c4b8cc34 MD5 | raw file
Possible License(s): BSD-3-Clause, LGPL-3.0, LGPL-2.1, MPL-2.0-no-copyleft-exception, Apache-2.0 
    

  1. <?php
    2. 

  2. /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4: */
    3. 

  3. 

  4. /**
    5. 

  5.  * DNS Library for handling lookups and updates. 
    6. 

  6.  *
    7. 

  7.  * PHP Version 5
    8. 

  8.  *
    9. 

  9.  * Copyright (c) 2010, Mike Pultz <mike@mikepultz.com>.
    10. 

  10.  * All rights reserved.
    11. 

  11.  *
    12. 

  12.  * Redistribution and use in source and binary forms, with or without
    13. 

  13.  * modification, are permitted provided that the following conditions
    14. 

  14.  * are met:
    15. 

  15.  *
    16. 

  16.  *   * Redistributions of source code must retain the above copyright
    17. 

  17.  *     notice, this list of conditions and the following disclaimer.
    18. 

  18.  *
    19. 

  19.  *   * Redistributions in binary form must reproduce the above copyright
    20. 

  20.  *     notice, this list of conditions and the following disclaimer in
    21. 

  21.  *     the documentation and/or other materials provided with the
    22. 

  22.  *     distribution.
    23. 

  23.  *
    24. 

  24.  *   * Neither the name of Mike Pultz nor the names of his contributors 
    25. 

  25.  *     may be used to endorse or promote products derived from this 
    26. 

  26.  *     software without specific prior written permission.
    27. 

  27.  *
    28. 

  28.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
    29. 

  29.  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
    30. 

  30.  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
    31. 

  31.  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
    32. 

  32.  * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
    33. 

  33.  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
    34. 

  34.  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
    35. 

  35.  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
    36. 

  36.  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRIC
    37. 

  37.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
    38. 

  38.  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
    39. 

  39.  * POSSIBILITY OF SUCH DAMAGE.
    40. 

  40.  *
    41. 

  41.  * @category  Networking
    42. 

  42.  * @package   Net_DNS2
    43. 

  43.  * @author    Mike Pultz <mike@mikepultz.com>
    44. 

  44.  * @copyright 2010 Mike Pultz <mike@mikepultz.com>
    45. 

  45.  * @license   http://www.opensource.org/licenses/bsd-license.php  BSD License
    46. 

  46.  * @version   SVN: $Id$
    47. 

  47.  * @link      http://pear.php.net/package/Net_DNS2
    48. 

  48.  * @since     File available since Release 0.6.0
    49. 

  49.  *
    50. 

  50.  * This file contains code based off the Net::DNS::SEC Perl module by
    51. 

  51.  * Olaf M. Kolkman
    52. 

  52.  *
    53. 

  53.  * This is the copyright notice from the PERL Net::DNS::SEC module:
    54. 

  54.  *
    55. 

  55.  * Copyright (c) 2001 - 2005  RIPE NCC.  Author Olaf M. Kolkman 
    56. 

  56.  * Copyright (c) 2007 - 2008  NLnet Labs.  Author Olaf M. Kolkman 
    57. 

  57.  * <olaf@net-dns.org>
    58. 

  58.  *
    59. 

  59.  * All Rights Reserved
    60. 

  60.  *
    61. 

  61.  * Permission to use, copy, modify, and distribute this software and its
    62. 

  62.  * documentation for any purpose and without fee is hereby granted,
    63. 

  63.  * provided that the above copyright notice appear in all copies and that
    64. 

  64.  * both that copyright notice and this permission notice appear in
    65. 

  65.  * supporting documentation, and that the name of the author not be
    66. 

  66.  * used in advertising or publicity pertaining to distribution of the
    67. 

  67.  * software without specific, written prior permission.
    68. 

  68.  *
    69. 

  69.  * THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING
    70. 

  70.  * ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO EVENT SHALL
    71. 

  71.  * AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
    72. 

  72.  * DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
    73. 

  73.  * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
    74. 

  74.  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
    75. 

  75.  *
    76. 

  76.  */
    77. 

  77. 

  78. /**
    79. 

  79.  * SIG Resource Record - RFC2535 section 4.1
    80. 

  80.  *
    81. 

  81.  *    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
    82. 

  82.  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    83. 

  83.  *   |        Type Covered           |  Algorithm    |     Labels    |
    84. 

  84.  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    85. 

  85.  *   |                         Original TTL                          |
    86. 

  86.  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    87. 

  87.  *   |                      Signature Expiration                     |
    88. 

  88.  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    89. 

  89.  *   |                      Signature Inception                      |
    90. 

  90.  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    91. 

  91.  *   |            Key Tag            |                               /
    92. 

  92.  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+         Signer's Name         /
    93. 

  93.  *   /                                                               /
    94. 

  94.  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    95. 

  95.  *   /                                                               /
    96. 

  96.  *   /                            Signature                          /
    97. 

  97.  *   /                                                               /
    98. 

  98.  *   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
    99. 

  99.  *
    100. 

  100.  * @category Networking
    101. 

  101.  * @package  Net_DNS2
    102. 

  102.  * @author   Mike Pultz <mike@mikepultz.com>
    103. 

  103.  * @license  http://www.opensource.org/licenses/bsd-license.php  BSD License
    104. 

  104.  * @link     http://pear.php.net/package/Net_DNS2
    105. 

  105.  * @see      Net_DNS2_RR
    106. 

  106.  *
    107. 

  107.  */
    108. 

  108. class Net_DNS2_RR_SIG extends Net_DNS2_RR
    109. 

  109. {
    110. 

  110.     /*
    111. 

  111.      * and instance of a Net_DNS2_PrivateKey object
    112. 

  112.      */
    113. 

  113.     public $private_key = null;
    114. 

  114. 

  115.     /*
    116. 

  116.      * the RR type covered by this signature
    117. 

  117.      */
    118. 

  118.     public $typecovered;
    119. 

  119. 

  120.     /*
    121. 

  121.      * the algorithm used for the signature
    122. 

  122.      */
    123. 

  123.     public $algorithm;
    124. 

  124.     
    125. 

  125.     /*
    126. 

  126.      * the number of labels in the name
    127. 

  127.      */
    128. 

  128.     public $labels;
    129. 

  129. 

  130.     /*
    131. 

  131.      * the original TTL
    132. 

  132.      */
    133. 

  133.     public $origttl;
    134. 

  134. 

  135.     /*
    136. 

  136.      * the signature expiration
    137. 

  137.      */
    138. 

  138.     public $sigexp;
    139. 

  139. 

  140.     /*
    141. 

  141.      * the inception of the signature
    142. 

  142.     */
    143. 

  143.     public $sigincep;
    144. 

  144. 

  145.     /*
    146. 

  146.      * the keytag used
    147. 

  147.      */
    148. 

  148.     public $keytag;
    149. 

  149. 

  150.     /*
    151. 

  151.      * the signer's name
    152. 

  152.      */
    153. 

  153.     public $signname;
    154. 

  154. 

  155.     /*
    156. 

  156.      * the signature
    157. 

  157.      */
    158. 

  158.     public $signature;
    159. 

  159. 

  160.     /**
    161. 

  161.      * method to return the rdata portion of the packet as a string
    162. 

  162.      *
    163. 

  163.      * @return  string
    164. 

  164.      * @access  protected
    165. 

  165.      *
    166. 

  166.      */
    167. 

  167.     protected function rrToString()
    168. 

  168.     {
    169. 

  169.         return $this->typecovered . ' ' . $this->algorithm . ' ' . 
    170. 

  170.             $this->labels . ' ' . $this->origttl . ' ' .
    171. 

  171.             $this->sigexp . ' ' . $this->sigincep . ' ' . 
    172. 

  172.             $this->keytag . ' ' . $this->cleanString($this->signname) . '. ' . 
    173. 

  173.             $this->signature;
    174. 

  174.     }
    175. 

  175. 

  176.     /**
    177. 

  177.      * parses the rdata portion from a standard DNS config line
    178. 

  178.      *
    179. 

  179.      * @param array $rdata a string split line of values for the rdata
    180. 

  180.      *
    181. 

  181.      * @return boolean
    182. 

  182.      * @access protected
    183. 

  183.      *
    184. 

  184.      */
    185. 

  185.     protected function rrFromString(array $rdata)
    186. 

  186.     {
    187. 

  187.         $this->typecovered  = strtoupper(array_shift($rdata));
    188. 

  188.         $this->algorithm    = array_shift($rdata);
    189. 

  189.         $this->labels       = array_shift($rdata);
    190. 

  190.         $this->origttl      = array_shift($rdata);
    191. 

  191.         $this->sigexp       = array_shift($rdata);
    192. 

  192.         $this->sigincep     = array_shift($rdata);
    193. 

  193.         $this->keytag       = array_shift($rdata);
    194. 

  194.         $this->signname     = $this->cleanString(array_shift($rdata));
    195. 

  195. 

  196.         foreach ($rdata as $line) {
    197. 

  197. 

  198.             $this->signature .= $line;
    199. 

  199.         }
    200. 

  200. 

  201.         $this->signature = trim($this->signature);
    202. 

  202. 

  203.         return true;
    204. 

  204.     }
    205. 

  205. 

  206.     /**
    207. 

  207.      * parses the rdata of the Net_DNS2_Packet object
    208. 

  208.      *
    209. 

  209.      * @param Net_DNS2_Packet &$packet a Net_DNS2_Packet packet to parse the RR from
    210. 

  210.      *
    211. 

  211.      * @return boolean
    212. 

  212.      * @access protected
    213. 

  213.      *
    214. 

  214.      */
    215. 

  215.     protected function rrSet(Net_DNS2_Packet &$packet)
    216. 

  216.     {
    217. 

  217.         if ($this->rdlength > 0) {
    218. 

  218. 

  219.             //
    220. 

  220.             // unpack 
    221. 

  221.             //
    222. 

  222.             $x = unpack(
    223. 

  223.                 'ntc/Calgorithm/Clabels/Norigttl/Nsigexp/Nsigincep/nkeytag', 
    224. 

  224.                 $this->rdata
    225. 

  225.             );
    226. 

  226. 

  227.             $this->typecovered  = Net_DNS2_Lookups::$rr_types_by_id[$x['tc']];
    228. 

  228.             $this->algorithm    = $x['algorithm'];
    229. 

  229.             $this->labels       = $x['labels'];
    230. 

  230.             $this->origttl      = Net_DNS2::expandUint32($x['origttl']);
    231. 

  231. 

  232.             //
    233. 

  233.             // the dates are in GM time
    234. 

  234.             //
    235. 

  235.             $this->sigexp       = gmdate('YmdHis', $x['sigexp']);
    236. 

  236.             $this->sigincep     = gmdate('YmdHis', $x['sigincep']);
    237. 

  237. 

  238.             //
    239. 

  239.             // get the keytag
    240. 

  240.             //
    241. 

  241.             $this->keytag       = $x['keytag'];
    242. 

  242. 

  243.             //
    244. 

  244.             // get teh signers name and signature
    245. 

  245.             //
    246. 

  246.             $offset             = $packet->offset + 18;
    247. 

  247.             $sigoffset          = $offset;
    248. 

  248. 

  249.             $this->signname     = strtolower(
    250. 

  250.                 Net_DNS2_Packet::expand($packet, $sigoffset)
    251. 

  251.             );
    252. 

  252.             $this->signature    = base64_encode(
    253. 

  253.                 substr($this->rdata, 18 + ($sigoffset - $offset))
    254. 

  254.             );
    255. 

  255. 

  256.             return true;
    257. 

  257.         }
    258. 

  258. 

  259.         return false;
    260. 

  260.     }
    261. 

  261. 

  262.     /**
    263. 

  263.      * returns the rdata portion of the DNS packet
    264. 

  264.      *
    265. 

  265.      * @param Net_DNS2_Packet &$packet a Net_DNS2_Packet packet use for
    266. 

  266.      *                                 compressed names
    267. 

  267.      *
    268. 

  268.      * @return mixed                   either returns a binary packed
    269. 

  269.      *                                 string or null on failure
    270. 

  270.      * @access protected
    271. 

  271.      *
    272. 

  272.      */
    273. 

  273.     protected function rrGet(Net_DNS2_Packet &$packet)
    274. 

  274.     {
    275. 

  275.         //
    276. 

  276.         // parse the values out of the dates
    277. 

  277.         //
    278. 

  278.         preg_match(
    279. 

  279.             '/(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/', $this->sigexp, $e
    280. 

  280.         );
    281. 

  281.         preg_match(
    282. 

  282.             '/(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})/', $this->sigincep, $i
    283. 

  283.         );
    284. 

  284. 

  285.         //
    286. 

  286.         // pack the value
    287. 

  287.         //
    288. 

  288.         $data = pack(
    289. 

  289.             'nCCNNNn', 
    290. 

  290.             Net_DNS2_Lookups::$rr_types_by_name[$this->typecovered],
    291. 

  291.             $this->algorithm,
    292. 

  292.             $this->labels,
    293. 

  293.             $this->origttl,
    294. 

  294.             gmmktime($e[4], $e[5], $e[6], $e[2], $e[3], $e[1]),
    295. 

  295.             gmmktime($i[4], $i[5], $i[6], $i[2], $i[3], $i[1]),
    296. 

  296.             $this->keytag
    297. 

  297.         );
    298. 

  298. 

  299.         //
    300. 

  300.         // the signer name is special; it's not allowed to be compressed 
    301. 

  301.         // (see section 3.1.7)
    302. 

  302.         //
    303. 

  303.         $names = explode('.', strtolower($this->signname));
    304. 

  304.         foreach ($names as $name) {
    305. 

  305. 

  306.             $data .= chr(strlen($name));
    307. 

  307.             $data .= $name;
    308. 

  308.         }
    309. 

  309. 

  310.         $data .= chr('0');
    311. 

  311. 

  312.         //
    313. 

  313.         // if the signature is empty, and $this->private_key is an instance of a 
    314. 

  314.         // private key object, and we have access to openssl, then assume this
    315. 

  315.         // is a SIG(0), and generate a new signature
    316. 

  316.         //
    317. 

  317.         if ( (strlen($this->signature) == 0)
    318. 

  318.             && ($this->private_key instanceof Net_DNS2_PrivateKey)
    319. 

  319.             && (extension_loaded('openssl') === true)
    320. 

  320.         ) {
    321. 

  321. 

  322.             //
    323. 

  323.             // create a new packet for the signature-
    324. 

  324.             //
    325. 

  325.             $new_packet = new Net_DNS2_Packet_Request('example.com', 'SOA', 'IN');
    326. 

  326. 

  327.             //
    328. 

  328.             // copy the packet data over
    329. 

  329.             //
    330. 

  330.             $new_packet->copy($packet);
    331. 

  331. 

  332.             //
    333. 

  333.             // remove the SIG object from the additional list
    334. 

  334.             //
    335. 

  335.             array_pop($new_packet->additional);
    336. 

  336.             $new_packet->header->arcount = count($new_packet->additional);
    337. 

  337. 

  338.             //
    339. 

  339.             // copy out the data
    340. 

  340.             //
    341. 

  341.             $sigdata = $data . $new_packet->get();
    342. 

  342. 

  343.             //
    344. 

  344.             // based on the algorithm
    345. 

  345.             //
    346. 

  346.             $algorithm = 0;
    347. 

  347. 

  348.             switch($this->algorithm) {
    349. 

  349. 

  350.             //
    351. 

  351.             // MD5
    352. 

  352.             //
    353. 

  353.             case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSAMD5:
    354. 

  354. 

  355.                 $algorithm = OPENSSL_ALGO_MD5;
    356. 

  356.                 break;
    357. 

  357. 

  358.             //
    359. 

  359.             // SHA1
    360. 

  360.             //
    361. 

  361.             case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA1:
    362. 

  362. 

  363.                 $algorithm = OPENSSL_ALGO_SHA1;
    364. 

  364.                 break;
    365. 

  365. 

  366.             //
    367. 

  367.             // SHA256 (PHP 5.4.8 or higher)
    368. 

  368.             //
    369. 

  369.             case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA256:
    370. 

  370. 

  371.                 if (version_compare(PHP_VERSION, '5.4.8', '<') == true) {
    372. 

  372. 

  373.                     throw new Net_DNS2_Exception(
    374. 

  374.                         'SHA256 support is only available in PHP >= 5.4.8',
    375. 

  375.                         Net_DNS2_Lookups::E_OPENSSL_INV_ALGO
    376. 

  376.                     );
    377. 

  377.                 }
    378. 

  378. 

  379.                 $algorithm = OPENSSL_ALGO_SHA256;
    380. 

  380.                 break;
    381. 

  381. 

  382.             //
    383. 

  383.             // SHA512 (PHP 5.4.8 or higher)
    384. 

  384.             //
    385. 

  385.             case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA512:
    386. 

  386. 

  387.                 if (version_compare(PHP_VERSION, '5.4.8', '<') == true) {
    388. 

  388. 

  389.                     throw new Net_DNS2_Exception(
    390. 

  390.                         'SHA512 support is only available in PHP >= 5.4.8',
    391. 

  391.                         Net_DNS2_Lookups::E_OPENSSL_INV_ALGO
    392. 

  392.                     );
    393. 

  393.                 }
    394. 

  394. 

  395.                 $algorithm = OPENSSL_ALGO_SHA512;
    396. 

  396.                 break;
    397. 

  397.         
    398. 

  398.             //
    399. 

  399.             // unsupported at the moment
    400. 

  400.             //
    401. 

  401.             case Net_DNS2_Lookups::DNSSEC_ALGORITHM_DSA:
    402. 

  402.             case Net_DNS2_Lookups::DSNSEC_ALGORITHM_RSASHA1NSEC3SHA1:
    403. 

  403.             case Net_DNS2_Lookups::DNSSEC_ALGORITHM_DSANSEC3SHA1:            
    404. 

  404.             default:
    405. 

  405.                 throw new Net_DNS2_Exception(
    406. 

  406.                     'invalid or unsupported algorithm',
    407. 

  407.                     Net_DNS2_Lookups::E_OPENSSL_INV_ALGO
    408. 

  408.                 );
    409. 

  409.                 break;
    410. 

  410.             }
    411. 

  411. 

  412.             //
    413. 

  413.             // sign the data
    414. 

  414.             //
    415. 

  415.             if (openssl_sign($sigdata, $this->signature, $this->private_key->instance, $algorithm) == false) {
    416. 

  416. 

  417.                 throw new Net_DNS2_Exception(
    418. 

  418.                     openssl_error_string(), 
    419. 

  419.                     Net_DNS2_Lookups::E_OPENSSL_ERROR
    420. 

  420.                 );
    421. 

  421.             }
    422. 

  422. 

  423.             //
    424. 

  424.             // build the signature value based
    425. 

  425.             //
    426. 

  426.             switch($this->algorithm) {
    427. 

  427. 

  428.             //
    429. 

  429.             // RSA- add it directly
    430. 

  430.             //
    431. 

  431.             case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSAMD5:
    432. 

  432.             case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA1:
    433. 

  433.             case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA256:
    434. 

  434.             case Net_DNS2_Lookups::DNSSEC_ALGORITHM_RSASHA512:
    435. 

  435. 

  436.                 $this->signature = base64_encode($this->signature);
    437. 

  437.                 break;
    438. 

  438.             }
    439. 

  439.         }
    440. 

  440. 

  441.         //
    442. 

  442.         // add the signature
    443. 

  443.         //
    444. 

  444.         $data .= base64_decode($this->signature);
    445. 

  445. 

  446.         $packet->offset += strlen($data);
    447. 

  447. 

  448.         return $data;
    449. 

  449.     }
    450. 

  450. }
    451. 

  451. 

  452. /*
    453. 

  453.  * Local variables:
    454. 

  454.  * tab-width: 4
    455. 

  455.  * c-basic-offset: 4
    456. 

  456.  * c-hanging-comment-ender-p: nil
    457. 

  457.  * End:
    458. 

  458.  */
    459. 

  459. ?>
    460. 

  460.