/contrib/bind9/lib/dns/tsec.c

https://bitbucket.org/freebsd/freebsd-head/ · C · 160 lines · 117 code · 23 blank · 20 comment · 16 complexity · 244efaae90d6bdebe305f5ecb1a7e75a MD5 · raw file

  1. /*
  2. * Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
  3. *
  4. * Permission to use, copy, modify, and/or distribute this software for any
  5. * purpose with or without fee is hereby granted, provided that the above
  6. * copyright notice and this permission notice appear in all copies.
  7. *
  8. * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  9. * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  10. * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  11. * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  12. * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  13. * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  14. * PERFORMANCE OF THIS SOFTWARE.
  15. */
  16. /* $Id: tsec.c,v 1.7 2010/12/09 00:54:34 marka Exp $ */
  17. #include <config.h>
  18. #include <isc/mem.h>
  19. #include <dns/tsec.h>
  20. #include <dns/tsig.h>
  21. #include <dns/result.h>
  22. #include <dst/dst.h>
  23. #define DNS_TSEC_MAGIC ISC_MAGIC('T', 's', 'e', 'c')
  24. #define DNS_TSEC_VALID(t) ISC_MAGIC_VALID(t, DNS_TSEC_MAGIC)
  25. /*%
  26. * DNS Transaction Security object. We assume this is not shared by
  27. * multiple threads, and so the structure does not contain a lock.
  28. */
  29. struct dns_tsec {
  30. unsigned int magic;
  31. dns_tsectype_t type;
  32. isc_mem_t *mctx;
  33. union {
  34. dns_tsigkey_t *tsigkey;
  35. dst_key_t *key;
  36. } ukey;
  37. };
  38. isc_result_t
  39. dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
  40. dns_tsec_t **tsecp)
  41. {
  42. isc_result_t result;
  43. dns_tsec_t *tsec;
  44. dns_tsigkey_t *tsigkey = NULL;
  45. dns_name_t *algname;
  46. REQUIRE(mctx != NULL);
  47. REQUIRE(tsecp != NULL && *tsecp == NULL);
  48. tsec = isc_mem_get(mctx, sizeof(*tsec));
  49. if (tsec == NULL)
  50. return (ISC_R_NOMEMORY);
  51. tsec->type = type;
  52. tsec->mctx = mctx;
  53. switch (type) {
  54. case dns_tsectype_tsig:
  55. switch (dst_key_alg(key)) {
  56. case DST_ALG_HMACMD5:
  57. algname = dns_tsig_hmacmd5_name;
  58. break;
  59. case DST_ALG_HMACSHA1:
  60. algname = dns_tsig_hmacsha1_name;
  61. break;
  62. case DST_ALG_HMACSHA224:
  63. algname = dns_tsig_hmacsha224_name;
  64. break;
  65. case DST_ALG_HMACSHA256:
  66. algname = dns_tsig_hmacsha256_name;
  67. break;
  68. case DST_ALG_HMACSHA384:
  69. algname = dns_tsig_hmacsha384_name;
  70. break;
  71. case DST_ALG_HMACSHA512:
  72. algname = dns_tsig_hmacsha512_name;
  73. break;
  74. default:
  75. isc_mem_put(mctx, tsec, sizeof(*tsec));
  76. return (DNS_R_BADALG);
  77. }
  78. result = dns_tsigkey_createfromkey(dst_key_name(key),
  79. algname, key, ISC_FALSE,
  80. NULL, 0, 0, mctx, NULL,
  81. &tsigkey);
  82. if (result != ISC_R_SUCCESS) {
  83. isc_mem_put(mctx, tsec, sizeof(*tsec));
  84. return (result);
  85. }
  86. tsec->ukey.tsigkey = tsigkey;
  87. break;
  88. case dns_tsectype_sig0:
  89. tsec->ukey.key = key;
  90. break;
  91. default:
  92. INSIST(0);
  93. }
  94. tsec->magic = DNS_TSEC_MAGIC;
  95. *tsecp = tsec;
  96. return (ISC_R_SUCCESS);
  97. }
  98. void
  99. dns_tsec_destroy(dns_tsec_t **tsecp) {
  100. dns_tsec_t *tsec;
  101. REQUIRE(tsecp != NULL && *tsecp != NULL);
  102. tsec = *tsecp;
  103. REQUIRE(DNS_TSEC_VALID(tsec));
  104. switch (tsec->type) {
  105. case dns_tsectype_tsig:
  106. dns_tsigkey_detach(&tsec->ukey.tsigkey);
  107. break;
  108. case dns_tsectype_sig0:
  109. dst_key_free(&tsec->ukey.key);
  110. break;
  111. default:
  112. INSIST(0);
  113. }
  114. tsec->magic = 0;
  115. isc_mem_put(tsec->mctx, tsec, sizeof(*tsec));
  116. *tsecp = NULL;
  117. }
  118. dns_tsectype_t
  119. dns_tsec_gettype(dns_tsec_t *tsec) {
  120. REQUIRE(DNS_TSEC_VALID(tsec));
  121. return (tsec->type);
  122. }
  123. void
  124. dns_tsec_getkey(dns_tsec_t *tsec, void *keyp) {
  125. REQUIRE(DNS_TSEC_VALID(tsec));
  126. REQUIRE(keyp != NULL);
  127. switch (tsec->type) {
  128. case dns_tsectype_tsig:
  129. dns_tsigkey_attach(tsec->ukey.tsigkey, (dns_tsigkey_t **)keyp);
  130. break;
  131. case dns_tsectype_sig0:
  132. *(dst_key_t **)keyp = tsec->ukey.key;
  133. break;
  134. default:
  135. INSIST(0);
  136. }
  137. }