/contrib/bind9/lib/dns/tsec.c

  1/*
  2 * Copyright (C) 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
  3 *
  4 * Permission to use, copy, modify, and/or distribute this software for any
  5 * purpose with or without fee is hereby granted, provided that the above
  6 * copyright notice and this permission notice appear in all copies.
  7 *
  8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 10 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 14 * PERFORMANCE OF THIS SOFTWARE.
 15 */
 16
 17/* $Id: tsec.c,v 1.7 2010/12/09 00:54:34 marka Exp $ */
 18
 19#include <config.h>
 20
 21#include <isc/mem.h>
 22
 23#include <dns/tsec.h>
 24#include <dns/tsig.h>
 25#include <dns/result.h>
 26
 27#include <dst/dst.h>
 28
 29#define DNS_TSEC_MAGIC			ISC_MAGIC('T', 's', 'e', 'c')
 30#define DNS_TSEC_VALID(t)		ISC_MAGIC_VALID(t, DNS_TSEC_MAGIC)
 31
 32/*%
 33 * DNS Transaction Security object.  We assume this is not shared by
 34 * multiple threads, and so the structure does not contain a lock.
 35 */
 36struct dns_tsec {
 37	unsigned int		magic;
 38	dns_tsectype_t		type;
 39	isc_mem_t		*mctx;
 40	union {
 41		dns_tsigkey_t	*tsigkey;
 42		dst_key_t	*key;
 43	} ukey;
 44};
 45
 46isc_result_t
 47dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
 48		dns_tsec_t **tsecp)
 49{
 50	isc_result_t result;
 51	dns_tsec_t *tsec;
 52	dns_tsigkey_t *tsigkey = NULL;
 53	dns_name_t *algname;
 54
 55	REQUIRE(mctx != NULL);
 56	REQUIRE(tsecp != NULL && *tsecp == NULL);
 57
 58	tsec = isc_mem_get(mctx, sizeof(*tsec));
 59	if (tsec == NULL)
 60		return (ISC_R_NOMEMORY);
 61
 62	tsec->type = type;
 63	tsec->mctx = mctx;
 64
 65	switch (type) {
 66	case dns_tsectype_tsig:
 67		switch (dst_key_alg(key)) {
 68		case DST_ALG_HMACMD5:
 69			algname = dns_tsig_hmacmd5_name;
 70			break;
 71		case DST_ALG_HMACSHA1:
 72			algname = dns_tsig_hmacsha1_name;
 73			break;
 74		case DST_ALG_HMACSHA224:
 75			algname = dns_tsig_hmacsha224_name;
 76			break;
 77		case DST_ALG_HMACSHA256:
 78			algname = dns_tsig_hmacsha256_name;
 79			break;
 80		case DST_ALG_HMACSHA384:
 81			algname = dns_tsig_hmacsha384_name;
 82			break;
 83		case DST_ALG_HMACSHA512:
 84			algname = dns_tsig_hmacsha512_name;
 85			break;
 86		default:
 87			isc_mem_put(mctx, tsec, sizeof(*tsec));
 88			return (DNS_R_BADALG);
 89		}
 90		result = dns_tsigkey_createfromkey(dst_key_name(key),
 91						   algname, key, ISC_FALSE,
 92						   NULL, 0, 0, mctx, NULL,
 93						   &tsigkey);
 94		if (result != ISC_R_SUCCESS) {
 95			isc_mem_put(mctx, tsec, sizeof(*tsec));
 96			return (result);
 97		}
 98		tsec->ukey.tsigkey = tsigkey;
 99		break;
100	case dns_tsectype_sig0:
101		tsec->ukey.key = key;
102		break;
103	default:
104		INSIST(0);
105	}
106
107	tsec->magic = DNS_TSEC_MAGIC;
108
109	*tsecp = tsec;
110	return (ISC_R_SUCCESS);
111}
112
113void
114dns_tsec_destroy(dns_tsec_t **tsecp) {
115	dns_tsec_t *tsec;
116
117	REQUIRE(tsecp != NULL && *tsecp != NULL);
118	tsec = *tsecp;
119	REQUIRE(DNS_TSEC_VALID(tsec));
120
121	switch (tsec->type) {
122	case dns_tsectype_tsig:
123		dns_tsigkey_detach(&tsec->ukey.tsigkey);
124		break;
125	case dns_tsectype_sig0:
126		dst_key_free(&tsec->ukey.key);
127		break;
128	default:
129		INSIST(0);
130	}
131
132	tsec->magic = 0;
133	isc_mem_put(tsec->mctx, tsec, sizeof(*tsec));
134
135	*tsecp = NULL;
136}
137
138dns_tsectype_t
139dns_tsec_gettype(dns_tsec_t *tsec) {
140	REQUIRE(DNS_TSEC_VALID(tsec));
141
142	return (tsec->type);
143}
144
145void
146dns_tsec_getkey(dns_tsec_t *tsec, void *keyp) {
147	REQUIRE(DNS_TSEC_VALID(tsec));
148	REQUIRE(keyp != NULL);
149
150	switch (tsec->type) {
151	case dns_tsectype_tsig:
152		dns_tsigkey_attach(tsec->ukey.tsigkey, (dns_tsigkey_t **)keyp);
153		break;
154	case dns_tsectype_sig0:
155		*(dst_key_t **)keyp = tsec->ukey.key;
156		break;
157	default:
158		INSIST(0);
159	}
160}