From: =?utf-8?q?Ond=C5=99ej_Sur=C3=BD?= Date: Tue, 28 Jun 2016 12:36:19 +0200 Subject: Use system ldns library for compilation --- MANIFEST | 99 +- Makefile.PL | 19 +- include/ldns/buffer.h | 645 --------- include/ldns/common.h | 78 -- include/ldns/config.h | 590 -------- include/ldns/dane.h | 262 ---- include/ldns/dname.h | 211 --- include/ldns/dnssec.h | 541 -------- include/ldns/dnssec_sign.h | 383 ------ include/ldns/dnssec_verify.h | 857 ------------ include/ldns/dnssec_zone.h | 483 ------- include/ldns/duration.h | 109 -- include/ldns/error.h | 147 -- include/ldns/higher.h | 113 -- include/ldns/host2str.h | 891 ------------ include/ldns/host2wire.h | 197 --- include/ldns/keys.h | 621 --------- include/ldns/ldns.h | 158 --- include/ldns/net.h | 207 --- include/ldns/packet.h | 891 ------------ include/ldns/parse.h | 167 --- include/ldns/radix.h | 240 ---- include/ldns/rbtree.h | 230 ---- include/ldns/rdata.h | 451 ------- include/ldns/resolver.h | 805 ----------- include/ldns/rr.h | 929 ------------- include/ldns/rr_functions.h | 363 ----- include/ldns/sha1.h | 38 - include/ldns/sha2.h | 149 -- include/ldns/str2host.h | 319 ----- include/ldns/tsig.h | 101 -- include/ldns/update.h | 115 -- include/ldns/util.h | 392 ------ include/ldns/wire2host.h | 197 --- include/ldns/zone.h | 176 --- ldns/include/ldns/buffer.h | 645 +++++++++ ldns/include/ldns/common.h | 78 ++ ldns/include/ldns/config.h | 590 ++++++++ ldns/include/ldns/dane.h | 262 ++++ ldns/include/ldns/dname.h | 211 +++ ldns/include/ldns/dnssec.h | 541 ++++++++ ldns/include/ldns/dnssec_sign.h | 383 ++++++ ldns/include/ldns/dnssec_verify.h | 857 ++++++++++++ ldns/include/ldns/dnssec_zone.h | 483 +++++++ ldns/include/ldns/duration.h | 109 ++ ldns/include/ldns/error.h | 147 ++ ldns/include/ldns/higher.h | 113 ++ ldns/include/ldns/host2str.h | 891 ++++++++++++ ldns/include/ldns/host2wire.h | 197 +++ ldns/include/ldns/keys.h | 621 +++++++++ ldns/include/ldns/ldns.h | 158 +++ ldns/include/ldns/net.h | 207 +++ ldns/include/ldns/packet.h | 891 ++++++++++++ ldns/include/ldns/parse.h | 167 +++ ldns/include/ldns/radix.h | 240 ++++ ldns/include/ldns/rbtree.h | 230 ++++ ldns/include/ldns/rdata.h | 451 +++++++ ldns/include/ldns/resolver.h | 805 +++++++++++ ldns/include/ldns/rr.h | 929 +++++++++++++ ldns/include/ldns/rr_functions.h | 363 +++++ ldns/include/ldns/sha1.h | 38 + ldns/include/ldns/sha2.h | 149 ++ ldns/include/ldns/str2host.h | 319 +++++ ldns/include/ldns/tsig.h | 101 ++ ldns/include/ldns/update.h | 115 ++ ldns/include/ldns/util.h | 392 ++++++ ldns/include/ldns/wire2host.h | 197 +++ ldns/include/ldns/zone.h | 176 +++ ldns/src/buffer.c | 177 +++ ldns/src/compat/b64_ntop.c | 185 +++ ldns/src/compat/b64_pton.c | 244 ++++ ldns/src/compat/strlcpy.c | 57 + ldns/src/dane.c | 748 ++++++++++ ldns/src/dname.c | 598 ++++++++ ldns/src/dnssec.c | 1869 +++++++++++++++++++++++++ ldns/src/dnssec_sign.c | 1456 ++++++++++++++++++++ ldns/src/dnssec_verify.c | 2684 ++++++++++++++++++++++++++++++++++++ ldns/src/dnssec_zone.c | 1192 ++++++++++++++++ ldns/src/duration.c | 354 +++++ ldns/src/error.c | 160 +++ ldns/src/higher.c | 344 +++++ ldns/src/host2str.c | 2635 ++++++++++++++++++++++++++++++++++++ ldns/src/host2wire.c | 494 +++++++ ldns/src/keys.c | 1726 +++++++++++++++++++++++ ldns/src/net.c | 1002 ++++++++++++++ ldns/src/packet.c | 1159 ++++++++++++++++ ldns/src/parse.c | 434 ++++++ ldns/src/radix.c | 1590 ++++++++++++++++++++++ ldns/src/rbtree.c | 670 +++++++++ ldns/src/rdata.c | 757 +++++++++++ ldns/src/resolver.c | 1603 ++++++++++++++++++++++ ldns/src/rr.c | 2705 +++++++++++++++++++++++++++++++++++++ ldns/src/rr_functions.c | 419 ++++++ ldns/src/sha1.c | 177 +++ ldns/src/sha2.c | 991 ++++++++++++++ ldns/src/str2host.c | 1604 ++++++++++++++++++++++ ldns/src/tsig.c | 470 +++++++ ldns/src/update.c | 325 +++++ ldns/src/util.c | 773 +++++++++++ ldns/src/wire2host.c | 491 +++++++ ldns/src/zone.c | 318 +++++ src/ldns/buffer.c | 177 --- src/ldns/compat/b64_ntop.c | 185 --- src/ldns/compat/b64_pton.c | 244 ---- src/ldns/compat/strlcpy.c | 57 - src/ldns/dane.c | 748 ---------- src/ldns/dname.c | 598 -------- src/ldns/dnssec.c | 1869 ------------------------- src/ldns/dnssec_sign.c | 1456 -------------------- src/ldns/dnssec_verify.c | 2684 ------------------------------------ src/ldns/dnssec_zone.c | 1192 ---------------- src/ldns/duration.c | 354 ----- src/ldns/error.c | 160 --- src/ldns/higher.c | 344 ----- src/ldns/host2str.c | 2635 ------------------------------------ src/ldns/host2wire.c | 494 ------- src/ldns/keys.c | 1726 ----------------------- src/ldns/net.c | 1002 -------------- src/ldns/packet.c | 1159 ---------------- src/ldns/parse.c | 434 ------ src/ldns/radix.c | 1590 ---------------------- src/ldns/rbtree.c | 670 --------- src/ldns/rdata.c | 757 ----------- src/ldns/resolver.c | 1603 ---------------------- src/ldns/rr.c | 2705 ------------------------------------- src/ldns/rr_functions.c | 419 ------ src/ldns/sha1.c | 177 --- src/ldns/sha2.c | 991 -------------- src/ldns/str2host.c | 1604 ---------------------- src/ldns/tsig.c | 470 ------- src/ldns/update.c | 325 ----- src/ldns/util.c | 773 ----------- src/ldns/wire2host.c | 491 ------- src/ldns/zone.c | 318 ----- 134 files changed, 42518 insertions(+), 42534 deletions(-) delete mode 100644 include/ldns/buffer.h delete mode 100644 include/ldns/common.h delete mode 100644 include/ldns/config.h delete mode 100644 include/ldns/dane.h delete mode 100644 include/ldns/dname.h delete mode 100644 include/ldns/dnssec.h delete mode 100644 include/ldns/dnssec_sign.h delete mode 100644 include/ldns/dnssec_verify.h delete mode 100644 include/ldns/dnssec_zone.h delete mode 100644 include/ldns/duration.h delete mode 100644 include/ldns/error.h delete mode 100644 include/ldns/higher.h delete mode 100644 include/ldns/host2str.h delete mode 100644 include/ldns/host2wire.h delete mode 100644 include/ldns/keys.h delete mode 100644 include/ldns/ldns.h delete mode 100644 include/ldns/net.h delete mode 100644 include/ldns/packet.h delete mode 100644 include/ldns/parse.h delete mode 100644 include/ldns/radix.h delete mode 100644 include/ldns/rbtree.h delete mode 100644 include/ldns/rdata.h delete mode 100644 include/ldns/resolver.h delete mode 100644 include/ldns/rr.h delete mode 100644 include/ldns/rr_functions.h delete mode 100644 include/ldns/sha1.h delete mode 100644 include/ldns/sha2.h delete mode 100644 include/ldns/str2host.h delete mode 100644 include/ldns/tsig.h delete mode 100644 include/ldns/update.h delete mode 100644 include/ldns/util.h delete mode 100644 include/ldns/wire2host.h delete mode 100644 include/ldns/zone.h create mode 100644 ldns/include/ldns/buffer.h create mode 100644 ldns/include/ldns/common.h create mode 100644 ldns/include/ldns/config.h create mode 100644 ldns/include/ldns/dane.h create mode 100644 ldns/include/ldns/dname.h create mode 100644 ldns/include/ldns/dnssec.h create mode 100644 ldns/include/ldns/dnssec_sign.h create mode 100644 ldns/include/ldns/dnssec_verify.h create mode 100644 ldns/include/ldns/dnssec_zone.h create mode 100644 ldns/include/ldns/duration.h create mode 100644 ldns/include/ldns/error.h create mode 100644 ldns/include/ldns/higher.h create mode 100644 ldns/include/ldns/host2str.h create mode 100644 ldns/include/ldns/host2wire.h create mode 100644 ldns/include/ldns/keys.h create mode 100644 ldns/include/ldns/ldns.h create mode 100644 ldns/include/ldns/net.h create mode 100644 ldns/include/ldns/packet.h create mode 100644 ldns/include/ldns/parse.h create mode 100644 ldns/include/ldns/radix.h create mode 100644 ldns/include/ldns/rbtree.h create mode 100644 ldns/include/ldns/rdata.h create mode 100644 ldns/include/ldns/resolver.h create mode 100644 ldns/include/ldns/rr.h create mode 100644 ldns/include/ldns/rr_functions.h create mode 100644 ldns/include/ldns/sha1.h create mode 100644 ldns/include/ldns/sha2.h create mode 100644 ldns/include/ldns/str2host.h create mode 100644 ldns/include/ldns/tsig.h create mode 100644 ldns/include/ldns/update.h create mode 100644 ldns/include/ldns/util.h create mode 100644 ldns/include/ldns/wire2host.h create mode 100644 ldns/include/ldns/zone.h create mode 100644 ldns/src/buffer.c create mode 100644 ldns/src/compat/b64_ntop.c create mode 100644 ldns/src/compat/b64_pton.c create mode 100644 ldns/src/compat/strlcpy.c create mode 100644 ldns/src/dane.c create mode 100644 ldns/src/dname.c create mode 100644 ldns/src/dnssec.c create mode 100644 ldns/src/dnssec_sign.c create mode 100644 ldns/src/dnssec_verify.c create mode 100644 ldns/src/dnssec_zone.c create mode 100644 ldns/src/duration.c create mode 100644 ldns/src/error.c create mode 100644 ldns/src/higher.c create mode 100644 ldns/src/host2str.c create mode 100644 ldns/src/host2wire.c create mode 100644 ldns/src/keys.c create mode 100644 ldns/src/net.c create mode 100644 ldns/src/packet.c create mode 100644 ldns/src/parse.c create mode 100644 ldns/src/radix.c create mode 100644 ldns/src/rbtree.c create mode 100644 ldns/src/rdata.c create mode 100644 ldns/src/resolver.c create mode 100644 ldns/src/rr.c create mode 100644 ldns/src/rr_functions.c create mode 100644 ldns/src/sha1.c create mode 100644 ldns/src/sha2.c create mode 100644 ldns/src/str2host.c create mode 100644 ldns/src/tsig.c create mode 100644 ldns/src/update.c create mode 100644 ldns/src/util.c create mode 100644 ldns/src/wire2host.c create mode 100644 ldns/src/zone.c delete mode 100644 src/ldns/buffer.c delete mode 100644 src/ldns/compat/b64_ntop.c delete mode 100644 src/ldns/compat/b64_pton.c delete mode 100644 src/ldns/compat/strlcpy.c delete mode 100644 src/ldns/dane.c delete mode 100644 src/ldns/dname.c delete mode 100644 src/ldns/dnssec.c delete mode 100644 src/ldns/dnssec_sign.c delete mode 100644 src/ldns/dnssec_verify.c delete mode 100644 src/ldns/dnssec_zone.c delete mode 100644 src/ldns/duration.c delete mode 100644 src/ldns/error.c delete mode 100644 src/ldns/higher.c delete mode 100644 src/ldns/host2str.c delete mode 100644 src/ldns/host2wire.c delete mode 100644 src/ldns/keys.c delete mode 100644 src/ldns/net.c delete mode 100644 src/ldns/packet.c delete mode 100644 src/ldns/parse.c delete mode 100644 src/ldns/radix.c delete mode 100644 src/ldns/rbtree.c delete mode 100644 src/ldns/rdata.c delete mode 100644 src/ldns/resolver.c delete mode 100644 src/ldns/rr.c delete mode 100644 src/ldns/rr_functions.c delete mode 100644 src/ldns/sha1.c delete mode 100644 src/ldns/sha2.c delete mode 100644 src/ldns/str2host.c delete mode 100644 src/ldns/tsig.c delete mode 100644 src/ldns/update.c delete mode 100644 src/ldns/util.c delete mode 100644 src/ldns/wire2host.c delete mode 100644 src/ldns/zone.c diff --git a/MANIFEST b/MANIFEST index 580f068..a8b2463 100644 --- a/MANIFEST +++ b/MANIFEST @@ -9,39 +9,6 @@ inc/Module/Install/Win32.pm inc/Module/Install/WriteAll.pm inc/Module/Install/XSUtil.pm include/LDNS.h -include/ldns/buffer.h -include/ldns/common.h -include/ldns/config.h -include/ldns/dane.h -include/ldns/dname.h -include/ldns/dnssec.h -include/ldns/dnssec_sign.h -include/ldns/dnssec_verify.h -include/ldns/dnssec_zone.h -include/ldns/duration.h -include/ldns/error.h -include/ldns/higher.h -include/ldns/host2str.h -include/ldns/host2wire.h -include/ldns/keys.h -include/ldns/ldns.h -include/ldns/net.h -include/ldns/packet.h -include/ldns/parse.h -include/ldns/radix.h -include/ldns/rbtree.h -include/ldns/rdata.h -include/ldns/resolver.h -include/ldns/rr.h -include/ldns/rr_functions.h -include/ldns/sha1.h -include/ldns/sha2.h -include/ldns/str2host.h -include/ldns/tsig.h -include/ldns/update.h -include/ldns/util.h -include/ldns/wire2host.h -include/ldns/zone.h lib/Net/LDNS.pm lib/Net/LDNS/Packet.pm lib/Net/LDNS/RR.pm @@ -128,39 +95,6 @@ ppport.h README.md src/assist.c src/LDNS.xs -src/ldns/compat/b64_ntop.c -src/ldns/compat/b64_pton.c -src/ldns/buffer.c -src/ldns/compat/strlcpy.c -src/ldns/dane.c -src/ldns/dname.c -src/ldns/dnssec.c -src/ldns/dnssec_sign.c -src/ldns/dnssec_verify.c -src/ldns/dnssec_zone.c -src/ldns/duration.c -src/ldns/error.c -src/ldns/higher.c -src/ldns/host2str.c -src/ldns/host2wire.c -src/ldns/keys.c -src/ldns/net.c -src/ldns/packet.c -src/ldns/parse.c -src/ldns/radix.c -src/ldns/rbtree.c -src/ldns/rdata.c -src/ldns/resolver.c -src/ldns/rr.c -src/ldns/rr_functions.c -src/ldns/sha1.c -src/ldns/sha2.c -src/ldns/str2host.c -src/ldns/tsig.c -src/ldns/update.c -src/ldns/util.c -src/ldns/wire2host.c -src/ldns/zone.c src/typemap t/axfr.t t/dnssec.t @@ -176,3 +110,36 @@ t/rrlist.t t/serialize.t t/threads.t t/utils.t +ldns/src/buffer.c +ldns/src/compat/b64_ntop.c +ldns/src/compat/b64_pton.c +ldns/src/compat/strlcpy.c +ldns/src/dane.c +ldns/src/dname.c +ldns/src/dnssec.c +ldns/src/dnssec_sign.c +ldns/src/dnssec_verify.c +ldns/src/dnssec_zone.c +ldns/src/duration.c +ldns/src/error.c +ldns/src/higher.c +ldns/src/host2str.c +ldns/src/host2wire.c +ldns/src/keys.c +ldns/src/net.c +ldns/src/packet.c +ldns/src/parse.c +ldns/src/radix.c +ldns/src/rbtree.c +ldns/src/rdata.c +ldns/src/resolver.c +ldns/src/rr.c +ldns/src/rr_functions.c +ldns/src/sha1.c +ldns/src/sha2.c +ldns/src/str2host.c +ldns/src/tsig.c +ldns/src/update.c +ldns/src/util.c +ldns/src/wire2host.c +ldns/src/zone.c diff --git a/Makefile.PL b/Makefile.PL index 35596f7..5ae48a9 100644 --- a/Makefile.PL +++ b/Makefile.PL @@ -75,6 +75,23 @@ else { if ( check_lib( + lib => 'ldns', + header => 'ldns/ldns.h', + function => 'if (!ldns_resolver_clone(ldns_resolver_new())) return 1; else return 0;' + ) + ) +{ + print "Using system ldns library.\n"; + cc_libs 'ldns'; +} +else { + print "Using embedded ldns library.\n"; + cc_include_paths 'ldns/include'; + cc_src_paths 'ldns/src'; +} + +if ( + check_lib( lib => 'idn', header => 'idna.h', function => 'if(strcmp(IDNA_ACE_PREFIX,"xn--")==0) return 0; else return 1;' @@ -140,4 +157,4 @@ sub check_gost { CODE return check_lib(%args); -} \ No newline at end of file +} diff --git a/include/ldns/buffer.h b/include/ldns/buffer.h deleted file mode 100644 index 3b64198..0000000 --- a/include/ldns/buffer.h +++ /dev/null @@ -1,645 +0,0 @@ -/* - * buffer.h -- generic memory buffer. - * - * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. - * - * - * The buffer module implements a generic buffer. The API is based on - * the java.nio.Buffer interface. - */ - -#ifndef LDNS_BUFFER_H -#define LDNS_BUFFER_H - -#include -#include -#include - -#include -#include - -#include "ldns/util.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * number of initial bytes in buffer of - * which we cannot tell the size before hand - */ -#define LDNS_MIN_BUFLEN 512 - -/** - * \file buffer.h - * - * This file contains the definition of ldns_buffer, and functions to manipulate those. - */ - -/** - * implementation of buffers to ease operations - * - * ldns_buffers can contain arbitrary information, per octet. You can write - * to the current end of a buffer, read from the current position, and - * access any data within it. - * - * Example use of buffers is in the source code of \ref host2str.c - */ -struct ldns_struct_buffer -{ - /** The current position used for reading/writing */ - size_t _position; - - /** The read/write limit */ - size_t _limit; - - /** The amount of data the buffer can contain */ - size_t _capacity; - - /** The data contained in the buffer */ - uint8_t *_data; - - /** If the buffer is fixed it cannot be resized */ - unsigned _fixed : 1; - - /** The current state of the buffer. If writing to the buffer fails - * for any reason, this value is changed. This way, you can perform - * multiple writes in sequence and check for success afterwards. */ - ldns_status _status; -}; -typedef struct ldns_struct_buffer ldns_buffer; - - -#ifdef NDEBUG -INLINE void -ldns_buffer_invariant(ldns_buffer *ATTR_UNUSED(buffer)) -{ -} -#else -INLINE void -ldns_buffer_invariant(ldns_buffer *buffer) -{ - assert(buffer != NULL); - assert(buffer->_position <= buffer->_limit); - assert(buffer->_limit <= buffer->_capacity); - assert(buffer->_data != NULL); -} -#endif - -/** - * creates a new buffer with the specified capacity. - * - * \param[in] capacity the size (in bytes) to allocate for the buffer - * \return the created buffer - */ -ldns_buffer *ldns_buffer_new(size_t capacity); - -/** - * creates a buffer with the specified data. The data IS copied - * and MEMORY allocations are done. The buffer is not fixed and can - * be resized using buffer_reserve(). - * - * \param[in] buffer pointer to the buffer to put the data in - * \param[in] data the data to encapsulate in the buffer - * \param[in] size the size of the data - */ -void ldns_buffer_new_frm_data(ldns_buffer *buffer, void *data, size_t size); - -/** - * clears the buffer and make it ready for writing. The buffer's limit - * is set to the capacity and the position is set to 0. - * \param[in] buffer the buffer to clear - */ -INLINE void ldns_buffer_clear(ldns_buffer *buffer) -{ - ldns_buffer_invariant(buffer); - - /* reset status here? */ - - buffer->_position = 0; - buffer->_limit = buffer->_capacity; -} - -/** - * makes the buffer ready for reading the data that has been written to - * the buffer. The buffer's limit is set to the current position and - * the position is set to 0. - * - * \param[in] buffer the buffer to flip - * \return void - */ -INLINE void ldns_buffer_flip(ldns_buffer *buffer) -{ - ldns_buffer_invariant(buffer); - - buffer->_limit = buffer->_position; - buffer->_position = 0; -} - -/** - * make the buffer ready for re-reading the data. The buffer's - * position is reset to 0. - * \param[in] buffer the buffer to rewind - */ -INLINE void ldns_buffer_rewind(ldns_buffer *buffer) -{ - ldns_buffer_invariant(buffer); - - buffer->_position = 0; -} - -/** - * returns the current position in the buffer (as a number of bytes) - * \param[in] buffer the buffer - * \return the current position - */ -INLINE size_t -ldns_buffer_position(ldns_buffer *buffer) -{ - return buffer->_position; -} - -/** - * sets the buffer's position to MARK. The position must be less than - * or equal to the buffer's limit. - * \param[in] buffer the buffer - * \param[in] mark the mark to use - */ -INLINE void -ldns_buffer_set_position(ldns_buffer *buffer, size_t mark) -{ - assert(mark <= buffer->_limit); - buffer->_position = mark; -} - -/** - * changes the buffer's position by COUNT bytes. The position must not - * be moved behind the buffer's limit or before the beginning of the - * buffer. - * \param[in] buffer the buffer - * \param[in] count the count to use - */ -INLINE void -ldns_buffer_skip(ldns_buffer *buffer, ssize_t count) -{ - assert(buffer->_position + count <= buffer->_limit); - buffer->_position += count; -} - -/** - * returns the maximum size of the buffer - * \param[in] buffer - * \return the size - */ -INLINE size_t -ldns_buffer_limit(ldns_buffer *buffer) -{ - return buffer->_limit; -} - -/** - * changes the buffer's limit. If the buffer's position is greater - * than the new limit the position is set to the limit. - * \param[in] buffer the buffer - * \param[in] limit the new limit - */ -INLINE void -ldns_buffer_set_limit(ldns_buffer *buffer, size_t limit) -{ - assert(limit <= buffer->_capacity); - buffer->_limit = limit; - if (buffer->_position > buffer->_limit) - buffer->_position = buffer->_limit; -} - -/** - * returns the number of bytes the buffer can hold. - * \param[in] buffer the buffer - * \return the number of bytes - */ -INLINE size_t -ldns_buffer_capacity(ldns_buffer *buffer) -{ - return buffer->_capacity; -} - -/** - * changes the buffer's capacity. The data is reallocated so any - * pointers to the data may become invalid. The buffer's limit is set - * to the buffer's new capacity. - * \param[in] buffer the buffer - * \param[in] capacity the capacity to use - * \return whether this failed or succeeded - */ -bool ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity); - -/** - * ensures BUFFER can contain at least AMOUNT more bytes. The buffer's - * capacity is increased if necessary using buffer_set_capacity(). - * - * The buffer's limit is always set to the (possibly increased) - * capacity. - * \param[in] buffer the buffer - * \param[in] amount amount to use - * \return whether this failed or succeeded - */ -bool ldns_buffer_reserve(ldns_buffer *buffer, size_t amount); - -/** - * returns a pointer to the data at the indicated position. - * \param[in] buffer the buffer - * \param[in] at position - * \return the pointer to the data - */ -INLINE uint8_t * -ldns_buffer_at(const ldns_buffer *buffer, size_t at) -{ - assert(at <= buffer->_limit); - return buffer->_data + at; -} - -/** - * returns a pointer to the beginning of the buffer (the data at - * position 0). - * \param[in] buffer the buffer - * \return the pointer - */ -INLINE uint8_t * -ldns_buffer_begin(const ldns_buffer *buffer) -{ - return ldns_buffer_at(buffer, 0); -} - -/** - * returns a pointer to the end of the buffer (the data at the buffer's - * limit). - * \param[in] buffer the buffer - * \return the pointer - */ -INLINE uint8_t * -ldns_buffer_end(ldns_buffer *buffer) -{ - return ldns_buffer_at(buffer, buffer->_limit); -} - -/** - * returns a pointer to the data at the buffer's current position. - * \param[in] buffer the buffer - * \return the pointer - */ -INLINE uint8_t * -ldns_buffer_current(ldns_buffer *buffer) -{ - return ldns_buffer_at(buffer, buffer->_position); -} - -/** - * returns the number of bytes remaining between the indicated position and - * the limit. - * \param[in] buffer the buffer - * \param[in] at indicated position - * \return number of bytes - */ -INLINE size_t -ldns_buffer_remaining_at(ldns_buffer *buffer, size_t at) -{ - ldns_buffer_invariant(buffer); - assert(at <= buffer->_limit); - return buffer->_limit - at; -} - -/** - * returns the number of bytes remaining between the buffer's position and - * limit. - * \param[in] buffer the buffer - * \return the number of bytes - */ -INLINE size_t -ldns_buffer_remaining(ldns_buffer *buffer) -{ - return ldns_buffer_remaining_at(buffer, buffer->_position); -} - -/** - * checks if the buffer has at least COUNT more bytes available. - * Before reading or writing the caller needs to ensure enough space - * is available! - * \param[in] buffer the buffer - * \param[in] at indicated position - * \param[in] count how much is available - * \return true or false (as int?) - */ -INLINE int -ldns_buffer_available_at(ldns_buffer *buffer, size_t at, size_t count) -{ - return count <= ldns_buffer_remaining_at(buffer, at); -} - -/** - * checks if the buffer has count bytes available at the current position - * \param[in] buffer the buffer - * \param[in] count how much is available - * \return true or false (as int?) - */ -INLINE int -ldns_buffer_available(ldns_buffer *buffer, size_t count) -{ - return ldns_buffer_available_at(buffer, buffer->_position, count); -} - -/** - * writes the given data to the buffer at the specified position - * \param[in] buffer the buffer - * \param[in] at the position (in number of bytes) to write the data at - * \param[in] data pointer to the data to write to the buffer - * \param[in] count the number of bytes of data to write - */ -INLINE void -ldns_buffer_write_at(ldns_buffer *buffer, size_t at, const void *data, size_t count) -{ - assert(ldns_buffer_available_at(buffer, at, count)); - memcpy(buffer->_data + at, data, count); -} - -/** - * writes count bytes of data to the current position of the buffer - * \param[in] buffer the buffer - * \param[in] data the data to write - * \param[in] count the lenght of the data to write - */ -INLINE void -ldns_buffer_write(ldns_buffer *buffer, const void *data, size_t count) -{ - ldns_buffer_write_at(buffer, buffer->_position, data, count); - buffer->_position += count; -} - -/** - * copies the given (null-delimited) string to the specified position at the buffer - * \param[in] buffer the buffer - * \param[in] at the position in the buffer - * \param[in] str the string to write - */ -INLINE void -ldns_buffer_write_string_at(ldns_buffer *buffer, size_t at, const char *str) -{ - ldns_buffer_write_at(buffer, at, str, strlen(str)); -} - -/** - * copies the given (null-delimited) string to the current position at the buffer - * \param[in] buffer the buffer - * \param[in] str the string to write - */ -INLINE void -ldns_buffer_write_string(ldns_buffer *buffer, const char *str) -{ - ldns_buffer_write(buffer, str, strlen(str)); -} - -/** - * writes the given byte of data at the given position in the buffer - * \param[in] buffer the buffer - * \param[in] at the position in the buffer - * \param[in] data the 8 bits to write - */ -INLINE void -ldns_buffer_write_u8_at(ldns_buffer *buffer, size_t at, uint8_t data) -{ - assert(ldns_buffer_available_at(buffer, at, sizeof(data))); - buffer->_data[at] = data; -} - -/** - * writes the given byte of data at the current position in the buffer - * \param[in] buffer the buffer - * \param[in] data the 8 bits to write - */ -INLINE void -ldns_buffer_write_u8(ldns_buffer *buffer, uint8_t data) -{ - ldns_buffer_write_u8_at(buffer, buffer->_position, data); - buffer->_position += sizeof(data); -} - -/** - * writes the given 2 byte integer at the given position in the buffer - * \param[in] buffer the buffer - * \param[in] at the position in the buffer - * \param[in] data the 16 bits to write - */ -INLINE void -ldns_buffer_write_u16_at(ldns_buffer *buffer, size_t at, uint16_t data) -{ - assert(ldns_buffer_available_at(buffer, at, sizeof(data))); - ldns_write_uint16(buffer->_data + at, data); -} - -/** - * writes the given 2 byte integer at the current position in the buffer - * \param[in] buffer the buffer - * \param[in] data the 16 bits to write - */ -INLINE void -ldns_buffer_write_u16(ldns_buffer *buffer, uint16_t data) -{ - ldns_buffer_write_u16_at(buffer, buffer->_position, data); - buffer->_position += sizeof(data); -} - -/** - * writes the given 4 byte integer at the given position in the buffer - * \param[in] buffer the buffer - * \param[in] at the position in the buffer - * \param[in] data the 32 bits to write - */ -INLINE void -ldns_buffer_write_u32_at(ldns_buffer *buffer, size_t at, uint32_t data) -{ - assert(ldns_buffer_available_at(buffer, at, sizeof(data))); - ldns_write_uint32(buffer->_data + at, data); -} - -/** - * writes the given 4 byte integer at the current position in the buffer - * \param[in] buffer the buffer - * \param[in] data the 32 bits to write - */ -INLINE void -ldns_buffer_write_u32(ldns_buffer *buffer, uint32_t data) -{ - ldns_buffer_write_u32_at(buffer, buffer->_position, data); - buffer->_position += sizeof(data); -} - -/** - * copies count bytes of data at the given position to the given data-array - * \param[in] buffer the buffer - * \param[in] at the position in the buffer to start - * \param[out] data buffer to copy to - * \param[in] count the length of the data to copy - */ -INLINE void -ldns_buffer_read_at(ldns_buffer *buffer, size_t at, void *data, size_t count) -{ - assert(ldns_buffer_available_at(buffer, at, count)); - memcpy(data, buffer->_data + at, count); -} - -/** - * copies count bytes of data at the current position to the given data-array - * \param[in] buffer the buffer - * \param[out] data buffer to copy to - * \param[in] count the length of the data to copy - */ -INLINE void -ldns_buffer_read(ldns_buffer *buffer, void *data, size_t count) -{ - ldns_buffer_read_at(buffer, buffer->_position, data, count); - buffer->_position += count; -} - -/** - * returns the byte value at the given position in the buffer - * \param[in] buffer the buffer - * \param[in] at the position in the buffer - * \return 1 byte integer - */ -INLINE uint8_t -ldns_buffer_read_u8_at(ldns_buffer *buffer, size_t at) -{ - assert(ldns_buffer_available_at(buffer, at, sizeof(uint8_t))); - return buffer->_data[at]; -} - -/** - * returns the byte value at the current position in the buffer - * \param[in] buffer the buffer - * \return 1 byte integer - */ -INLINE uint8_t -ldns_buffer_read_u8(ldns_buffer *buffer) -{ - uint8_t result = ldns_buffer_read_u8_at(buffer, buffer->_position); - buffer->_position += sizeof(uint8_t); - return result; -} - -/** - * returns the 2-byte integer value at the given position in the buffer - * \param[in] buffer the buffer - * \param[in] at position in the buffer - * \return 2 byte integer - */ -INLINE uint16_t -ldns_buffer_read_u16_at(ldns_buffer *buffer, size_t at) -{ - assert(ldns_buffer_available_at(buffer, at, sizeof(uint16_t))); - return ldns_read_uint16(buffer->_data + at); -} - -/** - * returns the 2-byte integer value at the current position in the buffer - * \param[in] buffer the buffer - * \return 2 byte integer - */ -INLINE uint16_t -ldns_buffer_read_u16(ldns_buffer *buffer) -{ - uint16_t result = ldns_buffer_read_u16_at(buffer, buffer->_position); - buffer->_position += sizeof(uint16_t); - return result; -} - -/** - * returns the 4-byte integer value at the given position in the buffer - * \param[in] buffer the buffer - * \param[in] at position in the buffer - * \return 4 byte integer - */ -INLINE uint32_t -ldns_buffer_read_u32_at(ldns_buffer *buffer, size_t at) -{ - assert(ldns_buffer_available_at(buffer, at, sizeof(uint32_t))); - return ldns_read_uint32(buffer->_data + at); -} - -/** - * returns the 4-byte integer value at the current position in the buffer - * \param[in] buffer the buffer - * \return 4 byte integer - */ -INLINE uint32_t -ldns_buffer_read_u32(ldns_buffer *buffer) -{ - uint32_t result = ldns_buffer_read_u32_at(buffer, buffer->_position); - buffer->_position += sizeof(uint32_t); - return result; -} - -/** - * returns the status of the buffer - * \param[in] buffer - * \return the status - */ -INLINE ldns_status -ldns_buffer_status(ldns_buffer *buffer) -{ - return buffer->_status; -} - -/** - * returns true if the status of the buffer is LDNS_STATUS_OK, false otherwise - * \param[in] buffer the buffer - * \return true or false - */ -INLINE bool -ldns_buffer_status_ok(ldns_buffer *buffer) -{ - if (buffer) { - return ldns_buffer_status(buffer) == LDNS_STATUS_OK; - } else { - return false; - } -} - -/** - * prints to the buffer, increasing the capacity if required using - * buffer_reserve(). The buffer's position is set to the terminating '\\0' - * Returns the number of characters written (not including the - * terminating '\\0') or -1 on failure. - */ -int ldns_buffer_printf(ldns_buffer *buffer, const char *format, ...); -/* ATTR_FORMAT(printf, 2, 3);*/ - -/** - * frees the buffer. - * \param[in] *buffer the buffer to be freed - * \return void - */ -void ldns_buffer_free(ldns_buffer *buffer); - -/** - * Makes the buffer fixed and returns a pointer to the data. The - * caller is responsible for free'ing the result. - * \param[in] *buffer the buffer to be exported - * \return void - */ -void *ldns_buffer_export(ldns_buffer *buffer); - -/** - * Copy contents of the from buffer to the result buffer and then flips - * the result buffer. Data will be silently truncated if the result buffer is - * too small. - * \param[out] *result resulting buffer which is copied to. - * \param[in] *from what to copy to result. - */ -void ldns_buffer_copy(ldns_buffer* result, ldns_buffer* from); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_BUFFER_H */ diff --git a/include/ldns/common.h b/include/ldns/common.h deleted file mode 100644 index 9abd9b9..0000000 --- a/include/ldns/common.h +++ /dev/null @@ -1,78 +0,0 @@ -/** - * \file common.h - * - * Common definitions for LDNS - */ - -/** - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ - -#ifndef LDNS_COMMON_H -#define LDNS_COMMON_H - -/* - * The build configuration that is used in the distributed headers, - * as detected and determined by the auto configure script. - */ -#define LDNS_BUILD_CONFIG_HAVE_SSL 1 -#define LDNS_BUILD_CONFIG_HAVE_INTTYPES_H 1 -#define LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT 1 -#define LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED 1 -#define LDNS_BUILD_CONFIG_HAVE_SOCKLEN_T 1 -#define LDNS_BUILD_CONFIG_USE_DANE 1 -#define LDNS_BUILD_CONFIG_HAVE_B32_PTON 0 -#define LDNS_BUILD_CONFIG_HAVE_B32_NTOP 0 - -/* - * HAVE_STDBOOL_H is not available when distributed as a library, but no build - * configuration variables may be used (like those above) because the header - * is sometimes only available when using special compiler flags to enable the - * c99 environment. Because we cannot force the usage of this flag, we have to - * provide a default type. Below what is suggested by the autoconf manual. - */ -/*@ignore@*/ -/* splint barfs on this construct */ -#ifndef __bool_true_false_are_defined -# ifdef HAVE_STDBOOL_H -# include -# else -# ifndef HAVE__BOOL -# ifdef __cplusplus -typedef bool _Bool; -# else -# define _Bool signed char -# endif -# endif -# define bool _Bool -# define false 0 -# define true 1 -# define __bool_true_false_are_defined 1 -# endif -#endif -/*@end@*/ - -#if LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT -#define ATTR_FORMAT(archetype, string_index, first_to_check) \ - __attribute__ ((format (archetype, string_index, first_to_check))) -#else /* !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT */ -#define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */ -#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT */ - -#if defined(__cplusplus) -#define ATTR_UNUSED(x) -#elif LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED -#define ATTR_UNUSED(x) x __attribute__((unused)) -#else /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */ -#define ATTR_UNUSED(x) x -#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */ - -#if !LDNS_BUILD_CONFIG_HAVE_SOCKLEN_T -typedef int socklen_t; -#endif - -#endif /* LDNS_COMMON_H */ diff --git a/include/ldns/config.h b/include/ldns/config.h deleted file mode 100644 index d77cc7f..0000000 --- a/include/ldns/config.h +++ /dev/null @@ -1,590 +0,0 @@ -#include "EXTERN.h" -#include "perl.h" - -/* Define if building universal (internal helper macro) */ -/* #undef AC_APPLE_UNIVERSAL_BUILD */ - -/* Define to 1 if you have the header file. */ -#define HAVE_ARPA_INET_H 1 - -/* Whether the C compiler accepts the "format" attribute */ -#define HAVE_ATTR_FORMAT 1 - -/* Whether the C compiler accepts the "unused" attribute */ -#define HAVE_ATTR_UNUSED 1 - -/* Define to 1 if you have the `b32_ntop' function. */ -/* #undef HAVE_B32_NTOP */ - -/* Define to 1 if you have the `b32_pton' function. */ -/* #undef HAVE_B32_PTON */ - -/* Define to 1 if you have the `b64_ntop' function. */ -/* #undef HAVE_B64_NTOP */ - -/* Define to 1 if you have the `b64_pton' function. */ -/* #undef HAVE_B64_PTON */ - -/* Define to 1 if you have the `bzero' function. */ -#define HAVE_BZERO 1 - -/* Define to 1 if you have the `calloc' function. */ -#define HAVE_CALLOC 1 - -/* Define to 1 if you have the `ctime_r' function. */ -#define HAVE_CTIME_R 1 - -/* Is a CAFILE given at configure time */ -#define HAVE_DANE_CA_FILE 0 - -/* Is a CAPATH given at configure time */ -#define HAVE_DANE_CA_PATH 0 - -/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you - don't. */ -#define HAVE_DECL_NID_SECP384R1 1 - -/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0 - if you don't. */ -#define HAVE_DECL_NID_X9_62_PRIME256V1 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_DLFCN_H 1 - -/* Define to 1 if you have the `endprotoent' function. */ -#define HAVE_ENDPROTOENT 1 - -/* Define to 1 if you have the `endservent' function. */ -#define HAVE_ENDSERVENT 1 - -/* Define to 1 if you have the `ENGINE_load_cryptodev' function. */ -#define HAVE_ENGINE_LOAD_CRYPTODEV 1 - -/* Define to 1 if you have the `EVP_sha256' function. */ -#define HAVE_EVP_SHA256 1 - -/* Define to 1 if you have the `fcntl' function. */ -#define HAVE_FCNTL 1 - -/* Define to 1 if you have the `fork' function. */ -#define HAVE_FORK 1 - -/* Whether getaddrinfo is available */ -#define HAVE_GETADDRINFO 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_GETOPT_H 1 - -/* Define to 1 if you have the `gmtime_r' function. */ -#define HAVE_GMTIME_R 1 - -/* If you have HMAC_CTX_init */ -#define HAVE_HMAC_CTX_INIT 1 - -/* Define to 1 if you have the `inet_aton' function. */ -#define HAVE_INET_ATON 1 - -/* Define to 1 if you have the `inet_ntop' function. */ -#define HAVE_INET_NTOP 1 - -/* Define to 1 if you have the `inet_pton' function. */ -#define HAVE_INET_PTON 1 - -/* define if you have inttypes.h */ -#define HAVE_INTTYPES_H 1 - -/* if the function 'ioctlsocket' is available */ -/* #undef HAVE_IOCTLSOCKET */ - -/* Define to 1 if you have the `isascii' function. */ -#define HAVE_ISASCII 1 - -/* Define to 1 if you have the `isblank' function. */ -#define HAVE_ISBLANK 1 - -/* Define to 1 if you have the `pcap' library (-lpcap). */ -/* #undef HAVE_LIBPCAP */ - -/* Define to 1 if you have the `localtime_r' function. */ -#define HAVE_LOCALTIME_R 1 - -/* Define to 1 if your system has a GNU libc compatible `malloc' function, and - to 0 otherwise. */ -#define HAVE_MALLOC 1 - -/* Define to 1 if you have the `memmove' function. */ -#define HAVE_MEMMOVE 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_MEMORY_H 1 - -/* Define to 1 if you have the `memset' function. */ -#define HAVE_MEMSET 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_NETDB_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_NETINET_IF_ETHER_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_NETINET_IGMP_H */ - -/* Define to 1 if you have the header file. */ -#define HAVE_NETINET_IN_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_NETINET_IN_SYSTM_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_NETINET_IP6_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_NETINET_IP_COMPAT_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_NETINET_IP_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_NETINET_UDP_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_NET_ETHERNET_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_NET_IF_H */ - -/* Define to 1 if you have the header file. */ -#define HAVE_OPENSSL_ERR_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_OPENSSL_RAND_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_OPENSSL_SSL_H 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_PCAP_H */ - -/* Define to 1 if you have the `random' function. */ -#define HAVE_RANDOM 1 - -/* Define to 1 if your system has a GNU libc compatible `realloc' function, - and to 0 otherwise. */ -#define HAVE_REALLOC 1 - -/* Define to 1 if you have the `sleep' function. */ -#define HAVE_SLEEP 1 - -/* Define to 1 if you have the `snprintf' function. */ -#define HAVE_SNPRINTF 1 - -/* Define if you have the SSL libraries installed. */ -#define HAVE_SSL /**/ - -/* Define to 1 if you have the header file. */ -#define HAVE_STDARG_H 1 - -/* Define to 1 if stdbool.h conforms to C99. */ -#define HAVE_STDBOOL_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STDINT_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STDLIB_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STRINGS_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_STRING_H 1 - -/* Define to 1 if you have the `strlcpy' function. */ -#ifdef HAS_STRLCPY -#define HAVE_STRLCPY 1 -#else -#undef HAVE_STRLCPY -#endif - -/* Define to 1 if you have the `strtoul' function. */ -#define HAVE_STRTOUL 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_MOUNT_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_PARAM_H 1 - -/* define if you have sys/socket.h */ -#define HAVE_SYS_SOCKET_H 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_SYS_STAT_H 1 - -/* define if you have sys/types.h */ -#define HAVE_SYS_TYPES_H 1 - -/* Define to 1 if you have the `timegm' function. */ -#define HAVE_TIMEGM 1 - -/* Define to 1 if you have the header file. */ -#define HAVE_TIME_H 1 - -/* define if you have unistd.h */ -#define HAVE_UNISTD_H 1 - -/* Define to 1 if you have the `vfork' function. */ -#define HAVE_VFORK 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_VFORK_H */ - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_WINSOCK2_H */ - -/* Define to 1 if `fork' works. */ -#define HAVE_WORKING_FORK 1 - -/* Define to 1 if `vfork' works. */ -#define HAVE_WORKING_VFORK 1 - -/* Define to 1 if you have the header file. */ -/* #undef HAVE_WS2TCPIP_H */ - -/* Define to 1 if the system has the type `_Bool'. */ -#define HAVE__BOOL 1 - -/* Is a CAFILE given at configure time */ -/* #undef LDNS_DANE_CA_FILE */ - -/* Is a CAPATH given at configure time */ -/* #undef LDNS_DANE_CA_PATH */ - -/* Define to the sub-directory where libtool stores uninstalled libraries. */ -#define LT_OBJDIR ".libs/" - -/* Define to the address where bug reports for this package should be sent. */ -#define PACKAGE_BUGREPORT "libdns@nlnetlabs.nl" - -/* Define to the full name of this package. */ -#define PACKAGE_NAME "ldns" - -/* Define to the full name and version of this package. */ -#define PACKAGE_STRING "ldns 1.6.17" - -/* Define to the one symbol short name of this package. */ -#define PACKAGE_TARNAME "libdns" - -/* Define to the home page for this package. */ -#define PACKAGE_URL "" - -/* Define to the version of this package. */ -#define PACKAGE_VERSION "1.6.17" - -/* Define this to enable RR type NINFO. */ -/* #undef RRTYPE_NINFO */ - -/* Define this to enable RR type OPENPGPKEY. */ -/* #undef RRTYPE_OPENPGPKEY */ - -/* Define this to enable RR type RKEY. */ -/* #undef RRTYPE_RKEY */ - -/* Define this to enable RR type TA. */ -/* #undef RRTYPE_TA */ - -/* Define this to enable RR type URI. */ -/* #undef RRTYPE_URI */ - -/* The size of `time_t', as computed by sizeof. */ -#define SIZEOF_TIME_T 8 - -/* Define to 1 if you have the ANSI C header files. */ -#define STDC_HEADERS 1 - -/* Define this to enable messages to stderr. */ -/* #undef STDERR_MSGS */ - -/* System configuration dir */ -#define SYSCONFDIR sysconfdir - -/* Define this to enable DANE support. */ -#define USE_DANE 1 - -/* Define this to enable ECDSA support. */ -#define USE_ECDSA 1 - -/* Define this to enable GOST support. */ -/* #define USE_GOST 1 */ - -/* Define this to enable SHA256 and SHA512 support. */ -#define USE_SHA2 1 - -/* Enable extensions on AIX 3, Interix. */ -#ifndef _ALL_SOURCE -# define _ALL_SOURCE 1 -#endif -/* Enable GNU extensions on systems that have them. */ -#ifndef _GNU_SOURCE -# define _GNU_SOURCE 1 -#endif -/* Enable threading extensions on Solaris. */ -#ifndef _POSIX_PTHREAD_SEMANTICS -# define _POSIX_PTHREAD_SEMANTICS 1 -#endif -/* Enable extensions on HP NonStop. */ -#ifndef _TANDEM_SOURCE -# define _TANDEM_SOURCE 1 -#endif -/* Enable general extensions on Solaris. */ -#ifndef __EXTENSIONS__ -# define __EXTENSIONS__ 1 -#endif - - -/* Whether the windows socket API is used */ -/* #undef USE_WINSOCK */ - -/* the version of the windows API enabled */ -#define WINVER 0x0502 - -/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most - significant byte first (like Motorola and SPARC, unlike Intel). */ -#if defined AC_APPLE_UNIVERSAL_BUILD -# if defined __BIG_ENDIAN__ -# define WORDS_BIGENDIAN 1 -# endif -#else -# ifndef WORDS_BIGENDIAN -/* # undef WORDS_BIGENDIAN */ -# endif -#endif - -/* Define to 1 if on MINIX. */ -/* #undef _MINIX */ - -/* Enable for compile on Minix */ -/* #undef _NETBSD_SOURCE */ - -/* Define to 2 if the system does not provide POSIX.1 features except with - this defined. */ -/* #undef _POSIX_1_SOURCE */ - -/* Define to 1 if you need to in order for `stat' and other things to work. */ -/* #undef _POSIX_SOURCE */ - -/* Define to empty if `const' does not conform to ANSI C. */ -/* #undef const */ - -/* in_addr_t */ -/* #undef in_addr_t */ - -/* in_port_t */ -/* #undef in_port_t */ - -/* Define to `__inline__' or `__inline' if that's what the C compiler - calls it, or to nothing if 'inline' is not supported under any name. */ -#ifndef __cplusplus -/* #undef inline */ -#endif - -/* Define to `short' if does not define. */ -/* #undef int16_t */ - -/* Define to `int' if does not define. */ -/* #undef int32_t */ - -/* Define to `long long' if does not define. */ -/* #undef int64_t */ - -/* Define to `char' if does not define. */ -/* #undef int8_t */ - -/* Define to `size_t' if does not define. */ -/* #undef intptr_t */ - -/* Define to rpl_malloc if the replacement function should be used. */ -/* #undef malloc */ - -/* Define to `int' if does not define. */ -/* #undef pid_t */ - -/* Define to rpl_realloc if the replacement function should be used. */ -/* #undef realloc */ - -/* Define to `unsigned int' if does not define. */ -/* #undef size_t */ - -/* Define to 'int' if not defined */ -/* #undef socklen_t */ - -/* Fallback member name for socket family in struct sockaddr_storage */ -/* #undef ss_family */ - -/* Define to `int' if does not define. */ -/* #undef ssize_t */ - -/* Define to `unsigned short' if does not define. */ -/* #undef uint16_t */ - -/* Define to `unsigned int' if does not define. */ -/* #undef uint32_t */ - -/* Define to `unsigned long long' if does not define. */ -/* #undef uint64_t */ - -/* Define to `unsigned char' if does not define. */ -/* #undef uint8_t */ - -/* Define as `fork' if `vfork' does not work. */ -/* #undef vfork */ - - -#include -#include -#include -#include - -#ifndef LITTLE_ENDIAN -#define LITTLE_ENDIAN 1234 -#endif - -#ifndef BIG_ENDIAN -#define BIG_ENDIAN 4321 -#endif - -#ifndef BYTE_ORDER -#ifdef WORDS_BIGENDIAN -#define BYTE_ORDER BIG_ENDIAN -#else -#define BYTE_ORDER LITTLE_ENDIAN -#endif /* WORDS_BIGENDIAN */ -#endif /* BYTE_ORDER */ - -#if STDC_HEADERS -#include -#include -#endif - -#ifdef HAVE_STDINT_H -#include -#endif - -#ifdef HAVE_SYS_SOCKET_H -#include -#endif - -#ifdef HAVE_NETINET_IN_H -#include -#endif - -#ifdef HAVE_ARPA_INET_H -#include -#endif - -#ifdef HAVE_WINSOCK2_H -#include -#endif - -#ifdef HAVE_WS2TCPIP_H -#include -#endif - - -/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */ -#ifdef HAVE_WINSOCK2_H -#define FD_SET_T (u_int) -#else -#define FD_SET_T -#endif - - - - -#ifdef __cplusplus -extern "C" { -#endif - -int ldns_b64_ntop(uint8_t const *src, size_t srclength, - char *target, size_t targsize); -/** - * calculates the size needed to store the result of b64_ntop - */ -/*@unused@*/ -static inline size_t ldns_b64_ntop_calculate_size(size_t srcsize) -{ - return ((((srcsize + 2) / 3) * 4) + 1); -} -int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize); -/** - * calculates the size needed to store the result of ldns_b64_pton - */ -/*@unused@*/ -static inline size_t ldns_b64_pton_calculate_size(size_t srcsize) -{ - return (((((srcsize + 3) / 4) * 3)) + 1); -} - -/** - * Given in dnssec_zone.c, also used in dnssec_sign.c:w - - */ -int ldns_dname_compare_v(const void *a, const void *b); - -#ifndef HAVE_SLEEP -/* use windows sleep, in millisecs, instead */ -#define sleep(x) Sleep((x)*1000) -#endif - -#ifndef HAVE_RANDOM -#define srandom(x) srand(x) -#define random(x) rand(x) -#endif - -#ifndef HAVE_TIMEGM -#include -time_t timegm (struct tm *tm); -#endif /* !TIMEGM */ -#ifndef HAVE_GMTIME_R -struct tm *gmtime_r(const time_t *timep, struct tm *result); -#endif -#ifndef HAVE_LOCALTIME_R -struct tm *localtime_r(const time_t *timep, struct tm *result); -#endif -#ifndef HAVE_ISBLANK -int isblank(int c); -#endif /* !HAVE_ISBLANK */ -#ifndef HAVE_ISASCII -int isascii(int c); -#endif /* !HAVE_ISASCII */ -#ifndef HAVE_SNPRINTF -#include -int snprintf (char *str, size_t count, const char *fmt, ...); -int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); -#endif /* HAVE_SNPRINTF */ -#ifndef HAVE_INET_PTON -int inet_pton(int af, const char* src, void* dst); -#endif /* HAVE_INET_PTON */ -#ifndef HAVE_INET_NTOP -const char *inet_ntop(int af, const void *src, char *dst, size_t size); -#endif -#ifndef HAVE_INET_ATON -int inet_aton(const char *cp, struct in_addr *addr); -#endif -#ifndef HAVE_MEMMOVE -void *memmove(void *dest, const void *src, size_t n); -#endif -#ifndef HAVE_STRLCPY -size_t strlcpy(char *dst, const char *src, size_t siz); -#endif -#ifdef __cplusplus -} -#endif -#ifndef HAVE_GETADDRINFO -#include "compat/fake-rfc2553.h" -#endif -#ifndef HAVE_STRTOUL -#define strtoul (unsigned long)strtol -#endif - diff --git a/include/ldns/dane.h b/include/ldns/dane.h deleted file mode 100644 index 8234eb7..0000000 --- a/include/ldns/dane.h +++ /dev/null @@ -1,262 +0,0 @@ -/* - * dane.h -- defines for the DNS-Based Authentication of Named Entities (DANE) - * Transport Layer Security (TLS) Protocol: TLSA - * - * Copyright (c) 2012, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. - * - */ - -/** - * \file - * - * This module contains base functions for creating and verifying TLSA RR's - * with PKIX certificates, certificate chains and validation stores. - * (See RFC6394 and RFC6698). - * - * Since those functions heavily rely op cryptographic operations, - * this module is dependent on openssl. - */ - - -#ifndef LDNS_DANE_H -#define LDNS_DANE_H -#if LDNS_BUILD_CONFIG_USE_DANE - -#include -#include -#include -#if LDNS_BUILD_CONFIG_HAVE_SSL -#include -#include -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * The different "Certificate usage" rdata field values for a TLSA RR. - */ -enum ldns_enum_tlsa_certificate_usage -{ - /** CA constraint */ - LDNS_TLSA_USAGE_PKIX_TA = 0, - LDNS_TLSA_USAGE_CA_CONSTRAINT = 0, - /** Sevice certificate constraint */ - LDNS_TLSA_USAGE_PKIX_EE = 1, - LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT = 1, - /** Trust anchor assertion */ - LDNS_TLSA_USAGE_DANE_TA = 2, - LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION = 2, - /** Domain issued certificate */ - LDNS_TLSA_USAGE_DANE_EE = 3, - LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE = 3, - /** Reserved for Private Use */ - LDNS_TLSA_USAGE_PRIVCERT = 255 -}; -typedef enum ldns_enum_tlsa_certificate_usage ldns_tlsa_certificate_usage; - -/** - * The different "Selector" rdata field values for a TLSA RR. - */ -enum ldns_enum_tlsa_selector -{ - /** - * Full certificate: the Certificate binary structure - * as defined in [RFC5280] - */ - LDNS_TLSA_SELECTOR_CERT = 0, - LDNS_TLSA_SELECTOR_FULL_CERTIFICATE = 0, - - /** - * SubjectPublicKeyInfo: DER-encoded binary structure - * as defined in [RFC5280] - */ - LDNS_TLSA_SELECTOR_SPKI = 1, - LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO = 1, - - /** Reserved for Private Use */ - LDNS_TLSA_SELECTOR_PRIVSEL = 255 -}; -typedef enum ldns_enum_tlsa_selector ldns_tlsa_selector; - -/** - * The different "Matching type" rdata field values for a TLSA RR. - */ -enum ldns_enum_tlsa_matching_type -{ - /** Exact match on selected content */ - LDNS_TLSA_MATCHING_TYPE_FULL = 0, - LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED = 0, - /** SHA-256 hash of selected content [RFC6234] */ - LDNS_TLSA_MATCHING_TYPE_SHA2_256 = 1, - LDNS_TLSA_MATCHING_TYPE_SHA256 = 1, - /** SHA-512 hash of selected content [RFC6234] */ - LDNS_TLSA_MATCHING_TYPE_SHA2_512 = 2, - LDNS_TLSA_MATCHING_TYPE_SHA512 = 2, - /** Reserved for Private Use */ - LDNS_TLSA_MATCHING_TYPE_PRIVMATCH = 255 -}; -typedef enum ldns_enum_tlsa_matching_type ldns_tlsa_matching_type; - -/** - * Known transports to use with TLSA owner names. - */ -enum ldns_enum_dane_transport -{ - /** TCP */ - LDNS_DANE_TRANSPORT_TCP = 0, - /** UDP */ - LDNS_DANE_TRANSPORT_UDP = 1, - /** SCTP */ - LDNS_DANE_TRANSPORT_SCTP = 2 -}; -typedef enum ldns_enum_dane_transport ldns_dane_transport; - - -/** - * Creates a dname consisting of the given name, prefixed by the service port - * and type of transport: _port._transport.name. - * - * \param[out] tlsa_owner The created dname. - * \param[in] name The dname that should be prefixed. - * \param[in] port The service port number for wich the name should be created. - * \param[in] transport The transport for wich the name should be created. - * \return LDNS_STATUS_OK on success or an error code otherwise. - */ -ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, - const ldns_rdf* name, uint16_t port, - ldns_dane_transport transport); - - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * Creates a LDNS_RDF_TYPE_HEX type rdf based on the binary data choosen by - * the selector and encoded using matching_type. - * - * \param[out] rdf The created created rdf of type LDNS_RDF_TYPE_HEX. - * \param[in] cert The certificate from which the data is selected - * \param[in] selector The full certificate or the public key - * \param[in] matching_type The full data or the SHA256 or SHA512 hash - * of the selected data - * \return LDNS_STATUS_OK on success or an error code otherwise. - */ -ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert, - ldns_tlsa_selector selector, - ldns_tlsa_matching_type matching_type); - - -/** - * Selects the certificate from cert, extra_certs or the pkix_validation_store - * based on the value of cert_usage and index. - * - * \param[out] selected_cert The selected cert. - * \param[in] cert The certificate to validate (or not) - * \param[in] extra_certs Intermediate certificates that might be necessary - * during validation. May be NULL, except when the certificate - * usage is "Trust Anchor Assertion" because the trust anchor has - * to be provided.(otherwise choose a "Domain issued certificate!" - * \param[in] pkix_validation_store Used when the certificate usage is - * "CA constraint" or "Service Certificate Constraint" to - * validate the certificate and, in case of "CA constraint", - * select the CA. - * When pkix_validation_store is NULL, validation is explicitely - * turned off and the behaviour is then the same as for "Trust - * anchor assertion" and "Domain issued certificate" respectively. - * \param[in] cert_usage Which certificate to use and how to validate. - * \param[in] index Used to select the trust anchor when certificate usage - * is "Trust Anchor Assertion". 0 is the last certificate in the - * validation chain. 1 the one but last, etc. When index is -1, - * the last certificate is used that MUST be self-signed. - * This can help to make sure that the intended (self signed) - * trust anchor is actually present in extra_certs (which is a - * DANE requirement). - * - * \return LDNS_STATUS_OK on success or an error code otherwise. - */ -ldns_status ldns_dane_select_certificate(X509** selected_cert, - X509* cert, STACK_OF(X509)* extra_certs, - X509_STORE* pkix_validation_store, - ldns_tlsa_certificate_usage cert_usage, int index); - -/** - * Creates a TLSA resource record from the certificate. - * No PKIX validation is performed! The given certificate is used as data - * regardless the value of certificate_usage. - * - * \param[out] tlsa The created TLSA resource record. - * \param[in] certificate_usage The value for the Certificate Usage field - * \param[in] selector The value for the Selector field - * \param[in] matching_type The value for the Matching Type field - * \param[in] cert The certificate which data will be represented - * - * \return LDNS_STATUS_OK on success or an error code otherwise. - */ -ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa, - ldns_tlsa_certificate_usage certificate_usage, - ldns_tlsa_selector selector, - ldns_tlsa_matching_type matching_type, - X509* cert); - -/** - * Verify if the given TLSA resource record matches the given certificate. - * Reporting on a TLSA rr mismatch (LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) - * is preferred over PKIX failure (LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE). - * So when PKIX validation is required by the TLSA Certificate usage, - * but the TLSA data does not match, LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH - * is returned whether the PKIX validated or not. - * - * \param[in] tlsa_rr The resource record that specifies what and how to - * match the certificate. With tlsa_rr == NULL, regular PKIX - * validation is performed. - * \param[in] cert The certificate to match (and validate) - * \param[in] extra_certs Intermediate certificates that might be necessary - * creating the validation chain. - * \param[in] pkix_validation_store Used when the certificate usage is - * "CA constraint" or "Service Certificate Constraint" to - * validate the certificate. - * - * \return LDNS_STATUS_OK on success, - * LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH on TLSA data mismatch, - * LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE when TLSA matched, - * but the PKIX validation failed, or other ldns_status errors. - */ -ldns_status ldns_dane_verify_rr(const ldns_rr* tlsa_rr, - X509* cert, STACK_OF(X509)* extra_certs, - X509_STORE* pkix_validation_store); - -/** - * Verify if any of the given TLSA resource records matches the given - * certificate. - * - * \param[in] tlsas The resource records that specify what and how to - * match the certificate. One must match for this function - * to succeed. With tlsas == NULL or the number of TLSA records - * in tlsas == 0, regular PKIX validation is performed. - * \param[in] cert The certificate to match (and validate) - * \param[in] extra_certs Intermediate certificates that might be necessary - * creating the validation chain. - * \param[in] pkix_validation_store Used when the certificate usage is - * "CA constraint" or "Service Certificate Constraint" to - * validate the certificate. - * - * \return LDNS_STATUS_OK on success, - * LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE when one of the TLSA's - * matched but the PKIX validation failed, - * LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH when none of the TLSA's matched, - * or other ldns_status errors. - */ -ldns_status ldns_dane_verify(ldns_rr_list* tlsas, - X509* cert, STACK_OF(X509)* extra_certs, - X509_STORE* pkix_validation_store); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_BUILD_CONFIG_USE_DANE */ -#endif /* LDNS_DANE_H */ - diff --git a/include/ldns/dname.h b/include/ldns/dname.h deleted file mode 100644 index 291786b..0000000 --- a/include/ldns/dname.h +++ /dev/null @@ -1,211 +0,0 @@ -/* - * dname.h - * - * dname definitions - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ - -/** - * \file dname.h - * - * dname contains function to read and manipulate domain names. - * - * Example domain names are "www.nlnetlabs.nl." and "." (the root) - * - * If a domain name ends with a dot ("."), it is called a Fully Qualified - * Domain Name (FQDN). In certain places (for instance when reading a zone - * file), an origin (which is just another domain name) non-FQDNs will be - * placed after the current. For instance, if i have a zone file where the - * origin has been set to "nl.", and my file contains the name - * "www.nlnetlabs", it will result in "www.nlnetlabs.nl.". Internally, dnames are - * always absolute (the dot is added when it is missing and there is no origin). - * - * An FQDN is also - * known as an absolute domain name, therefore the function to check this is - * called \ref ldns_dname_str_absolute - * - * Domain names are stored in \ref ldns_rdf structures, with the type - * \ref LDNS_RDF_TYPE_DNAME - * - * This module is *NOT* about the RR type called DNAME. - */ - - -#ifndef LDNS_DNAME_H -#define LDNS_DNAME_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define LDNS_DNAME_NORMALIZE tolower - -/** - * concatenates two dnames together - * \param[in] rd1 the leftside - * \param[in] rd2 the rightside - * \return a new rdf with leftside/rightside - */ -ldns_rdf *ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2); - -/** - * concatenates rd2 after rd1 (rd2 is copied, rd1 is modified) - * \param[in] rd1 the leftside - * \param[in] rd2 the rightside - * \return LDNS_STATUS_OK on success - */ -ldns_status ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2); - -/** - * Returns a clone of the given dname with the labels - * reversed - * \param[in] d the dname to reverse - * \return clone of the dname with the labels reversed. - */ -ldns_rdf *ldns_dname_reverse(const ldns_rdf *d); - -/** - * Clones the given dname from the nth label on - * \param[in] d The dname to clone - * \param[in] n the label nr to clone from, if this is 0, the complete - * dname is cloned - * \return A newly allocated *rdf structure, containing the cloned dname, - * or NULL if either d was NULL, not a dname, or if n >= - * label_count - */ -ldns_rdf * -ldns_dname_clone_from(const ldns_rdf *d, uint16_t n); - -/** - * chop one label off the left side of a dname. so - * wwww.nlnetlabs.nl, becomes nlnetlabs.nl - * This new name is a clone and must be freed with ldns_deep_free() - * \param[in] d the dname to chop - * \return the remaining dname - */ -ldns_rdf *ldns_dname_left_chop(const ldns_rdf *d); - -/** - * count the number of labels inside a LDNS_RDF_DNAME type rdf. - * \param[in] *r the rdf - * \return the number of labels - */ -uint8_t ldns_dname_label_count(const ldns_rdf *r); - -/** - * creates a new dname rdf from a string. - * \param[in] str string to use - * \return ldns_rdf* or NULL in case of an error - */ -ldns_rdf *ldns_dname_new_frm_str(const char *str); - -/** - * Create a new dname rdf from a string - * \param[in] s the size of the new dname - * \param[in] *data pointer to the actual data - * - * \return ldns_rdf* - */ -ldns_rdf *ldns_dname_new(uint16_t s, void *data); - -/** - * Create a new dname rdf from data (the data is copied) - * \param[in] size the size of the data - * \param[in] *data pointer to the actual data - * - * \return ldns_rdf* - */ -ldns_rdf *ldns_dname_new_frm_data(uint16_t size, const void *data); - -/** - * Put a dname into canonical fmt - ie. lowercase it - * \param[in] rdf the dname to lowercase - * \return void - */ -void ldns_dname2canonical(const ldns_rdf *rdf); - -/** - * test wether the name sub falls under parent (i.e. is a subdomain - * of parent). This function will return false if the given dnames are - * equal. - * \param[in] sub the name to test - * \param[in] parent the parent's name - * \return true if sub falls under parent, otherwise false - */ -bool ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent); - -/** - * Compares the two dname rdf's according to the algorithm for ordering - * in RFC4034 Section 6. - * \param[in] dname1 First dname rdf to compare - * \param[in] dname2 Second dname rdf to compare - * \return -1 if dname1 comes before dname2, 1 if dname1 comes after dname2, and 0 if they are equal. - */ -int ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2); -int ldns_dname_compare_v(const void *, const void *); - -/** - * Checks whether the dname matches the given wildcard - * \param[in] dname The dname to check - * \param[in] wildcard The wildcard to check with - * \return 1 If the wildcard matches, OR if 'wildcard' is not a wildcard and - * the names are *exactly* the same - * 0 If the wildcard does not match, or if it is not a wildcard and - * the names are not the same - */ -int ldns_dname_match_wildcard(const ldns_rdf *dname, const ldns_rdf *wildcard); - -/** - * check if middle lays in the interval defined by prev and next - * prev <= middle < next. This is usefull for nsec checking - * \param[in] prev the previous dname - * \param[in] middle the dname to check - * \param[in] next the next dname - * return 0 on error or unknown, -1 when middle is in the interval, +1 when not - */ -int ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle, const ldns_rdf *next); - -/** - * Checks whether the given dname string is absolute (i.e. ends with a '.') - * \param[in] *dname_str a string representing the dname - * \return true or false - */ -bool ldns_dname_str_absolute(const char *dname_str); - -/** - * Checks whether the given dname is absolute (i.e. ends with a '.') - * \param[in] *dname a rdf representing the dname - * \return true or false - */ -bool ldns_dname_absolute(const ldns_rdf *dname); - -/** - * look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME - * try and retrieve a specific label. The labels are numbered - * starting from 0 (left most). - * \param[in] rdf the rdf to look in - * \param[in] labelpos return the label with this number - * \return a ldns_rdf* with the label as name or NULL on error - */ -ldns_rdf * ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos); - -/** - * Check if dname is a wildcard, starts with *. - * \param[in] dname: the rdf to look in - * \return true if a wildcard, false if not. - */ -int ldns_dname_is_wildcard(const ldns_rdf* dname); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_DNAME_H */ diff --git a/include/ldns/dnssec.h b/include/ldns/dnssec.h deleted file mode 100644 index f4cdafb..0000000 --- a/include/ldns/dnssec.h +++ /dev/null @@ -1,541 +0,0 @@ -/* - * dnssec.h -- defines for the Domain Name System (SEC) (DNSSEC) - * - * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. - * - * A bunch of defines that are used in the DNS - */ - -/** - * \file dnssec.h - * - * This module contains base functions for DNSSEC operations - * (RFC4033 t/m RFC4035). - * - * Since those functions heavily rely op cryptographic operations, - * this module is dependent on openssl. - * - */ - - -#ifndef LDNS_DNSSEC_H -#define LDNS_DNSSEC_H - -#include -#if LDNS_BUILD_CONFIG_HAVE_SSL -#include -#include -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define LDNS_MAX_KEYLEN 2048 -#define LDNS_DNSSEC_KEYPROTO 3 -/* default time before sigs expire */ -#define LDNS_DEFAULT_EXP_TIME 2419200 /* 4 weeks */ - -/** return values for the old-signature callback */ -#define LDNS_SIGNATURE_LEAVE_ADD_NEW 0 -#define LDNS_SIGNATURE_LEAVE_NO_ADD 1 -#define LDNS_SIGNATURE_REMOVE_ADD_NEW 2 -#define LDNS_SIGNATURE_REMOVE_NO_ADD 3 - -/** - * Returns the first RRSIG rr that corresponds to the rrset - * with the given name and type - * - * \param[in] name The dname of the RRset covered by the RRSIG to find - * \param[in] type The type of the RRset covered by the RRSIG to find - * \param[in] rrs List of rrs to search in - * \returns Pointer to the first RRsig ldns_rr found, or NULL if it is - * not present - */ -ldns_rr *ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name, - const ldns_rr_type type, - const ldns_rr_list *rrs); - -/** - * Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if - * any - * - * \param[in] rrsig The rrsig to find the DNSKEY for - * \param[in] rrs The rr list to find the key in - * \return The DNSKEY that corresponds to the given RRSIG, or NULL if it was - * not found. - */ -ldns_rr *ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, const ldns_rr_list *rrs); - -/** - * Returns the rdata field that contains the bitmap of the covered types of - * the given NSEC record - * - * \param[in] nsec The nsec to get the covered type bitmap of - * \return An ldns_rdf containing the bitmap, or NULL on error - */ -ldns_rdf *ldns_nsec_get_bitmap(ldns_rr *nsec); - - -#define LDNS_NSEC3_MAX_ITERATIONS 65535 - -/** - * Returns the dname of the closest (provable) encloser - */ -ldns_rdf * -ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname, - ldns_rr_type qtype, - ldns_rr_list *nsec3s); - -/** - * Checks whether the packet contains rrsigs - */ -bool -ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt); - -/** - * Returns a ldns_rr_list containing the signatures covering the given name - * and type - */ -ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type); - -/** - * Returns a ldns_rr_list containing the signatures covering the given type - */ -ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type); - -/** - * calculates a keytag of a key for use in DNSSEC. - * - * \param[in] key the key as an RR to use for the calc. - * \return the keytag - */ -uint16_t ldns_calc_keytag(const ldns_rr *key); - -/** - * Calculates keytag of DNSSEC key, operates on wireformat rdata. - * \param[in] key the key as uncompressed wireformat rdata. - * \param[in] keysize length of key data. - * \return the keytag - */ -uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize); - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * converts a buffer holding key material to a DSA key in openssl. - * - * \param[in] key the key to convert - * \return a DSA * structure with the key material - */ -DSA *ldns_key_buf2dsa(ldns_buffer *key); -/** - * Like ldns_key_buf2dsa, but uses raw buffer. - * \param[in] key the uncompressed wireformat of the key. - * \param[in] len length of key data - * \return a DSA * structure with the key material - */ -DSA *ldns_key_buf2dsa_raw(unsigned char* key, size_t len); - -/** - * Utility function to calculate hash using generic EVP_MD pointer. - * \param[in] data the data to hash. - * \param[in] len length of data. - * \param[out] dest the destination of the hash, must be large enough. - * \param[in] md the message digest to use. - * \return true if worked, false on failure. - */ -int ldns_digest_evp(unsigned char* data, unsigned int len, - unsigned char* dest, const EVP_MD* md); - -/** - * Converts a holding buffer with key material to EVP PKEY in openssl. - * Only available if ldns was compiled with GOST. - * \param[in] key data to convert - * \param[in] keylen length of the key data - * \return the key or NULL on error. - */ -EVP_PKEY* ldns_gost2pkey_raw(unsigned char* key, size_t keylen); - -/** - * Converts a holding buffer with key material to EVP PKEY in openssl. - * Only available if ldns was compiled with ECDSA. - * \param[in] key data to convert - * \param[in] keylen length of the key data - * \param[in] algo precise algorithm to initialize ECC group values. - * \return the key or NULL on error. - */ -EVP_PKEY* ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo); - -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * converts a buffer holding key material to a RSA key in openssl. - * - * \param[in] key the key to convert - * \return a RSA * structure with the key material - */ -RSA *ldns_key_buf2rsa(ldns_buffer *key); - -/** - * Like ldns_key_buf2rsa, but uses raw buffer. - * \param[in] key the uncompressed wireformat of the key. - * \param[in] len length of key data - * \return a RSA * structure with the key material - */ -RSA *ldns_key_buf2rsa_raw(unsigned char* key, size_t len); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -/** - * returns a new DS rr that represents the given key rr. - * - * \param[in] *key the key to convert - * \param[in] h the hash to use LDNS_SHA1/LDNS_SHA256 - * - * \return ldns_rr* a new rr pointer to a DS - */ -ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h); - -/** - * Create the type bitmap for an NSEC(3) record - */ -ldns_rdf * -ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[], - size_t size, - ldns_rr_type nsec_type); - -/** - * returns whether a rrset of the given type is found in the rrsets. - * - * \param[in] rrsets the rrsets to be tested - * \param[in] type the type to test for - * \return int 1 if the type was found, 0 otherwise. - */ -int -ldns_dnssec_rrsets_contains_type (ldns_dnssec_rrsets *rrsets, ldns_rr_type type); - -/** - * Creates NSEC - */ -ldns_rr * -ldns_dnssec_create_nsec(ldns_dnssec_name *from, - ldns_dnssec_name *to, - ldns_rr_type nsec_type); - - -/** - * Creates NSEC3 - */ -ldns_rr * -ldns_dnssec_create_nsec3(ldns_dnssec_name *from, - ldns_dnssec_name *to, - ldns_rdf *zone_name, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt); - -/** - * Create a NSEC record - * \param[in] cur_owner the current owner which should be taken as the starting point - * \param[in] next_owner the rrlist which the nsec rr should point to - * \param[in] rrs all rrs from the zone, to find all RR types of cur_owner in - * \return a ldns_rr with the nsec record in it - */ -ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs); - -/** - * Calculates the hashed name using the given parameters - * \param[in] *name The owner name to calculate the hash for - * \param[in] algorithm The hash algorithm to use - * \param[in] iterations The number of hash iterations to use - * \param[in] salt_length The length of the salt in bytes - * \param[in] salt The salt to use - * \return The hashed owner name rdf, without the domain name - */ -ldns_rdf *ldns_nsec3_hash_name(ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt); - -/** - * Sets all the NSEC3 options. The rr to set them in must be initialized with _new() and - * type LDNS_RR_TYPE_NSEC3 - * \param[in] *rr The RR to set the values in - * \param[in] algorithm The NSEC3 hash algorithm - * \param[in] flags The flags field - * \param[in] iterations The number of hash iterations - * \param[in] salt_length The length of the salt in bytes - * \param[in] salt The salt bytes - */ -void ldns_nsec3_add_param_rdfs(ldns_rr *rr, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt); - -/* this will NOT return the NSEC3 completed, you will have to run the - finalize function on the rrlist later! */ -ldns_rr * -ldns_create_nsec3(ldns_rdf *cur_owner, - ldns_rdf *cur_zone, - ldns_rr_list *rrs, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt, - bool emptynonterminal); - -/** - * Returns the hash algorithm used in the given NSEC3 RR - * \param[in] *nsec3_rr The RR to read from - * \return The algorithm identifier, or 0 on error - */ -uint8_t ldns_nsec3_algorithm(const ldns_rr *nsec3_rr); - -/** - * Returns flags field - */ -uint8_t -ldns_nsec3_flags(const ldns_rr *nsec3_rr); - -/** - * Returns true if the opt-out flag has been set in the given NSEC3 RR - * \param[in] *nsec3_rr The RR to read from - * \return true if the RR has type NSEC3 and the opt-out bit has been set, false otherwise - */ -bool ldns_nsec3_optout(const ldns_rr *nsec3_rr); - -/** - * Returns the number of hash iterations used in the given NSEC3 RR - * \param[in] *nsec3_rr The RR to read from - * \return The number of iterations - */ -uint16_t ldns_nsec3_iterations(const ldns_rr *nsec3_rr); - -/** - * Returns the salt used in the given NSEC3 RR - * \param[in] *nsec3_rr The RR to read from - * \return The salt rdf, or NULL on error - */ -ldns_rdf *ldns_nsec3_salt(const ldns_rr *nsec3_rr); - -/** - * Returns the length of the salt used in the given NSEC3 RR - * \param[in] *nsec3_rr The RR to read from - * \return The length of the salt in bytes - */ -uint8_t ldns_nsec3_salt_length(const ldns_rr *nsec3_rr); - -/** - * Returns the salt bytes used in the given NSEC3 RR - * \param[in] *nsec3_rr The RR to read from - * \return The salt in bytes, this is alloced, so you need to free it - */ -uint8_t *ldns_nsec3_salt_data(const ldns_rr *nsec3_rr); - -/** - * Returns the first label of the next ownername in the NSEC3 chain (ie. without the domain) - * \param[in] nsec3_rr The RR to read from - * \return The first label of the next owner name in the NSEC3 chain, or NULL on error - */ -ldns_rdf *ldns_nsec3_next_owner(const ldns_rr *nsec3_rr); - -/** - * Returns the bitmap specifying the covered types of the given NSEC3 RR - * \param[in] *nsec3_rr The RR to read from - * \return The covered type bitmap rdf - */ -ldns_rdf *ldns_nsec3_bitmap(const ldns_rr *nsec3_rr); - -/** - * Calculates the hashed name using the parameters of the given NSEC3 RR - * \param[in] *nsec The RR to use the parameters from - * \param[in] *name The owner name to calculate the hash for - * \return The hashed owner name rdf, without the domain name - */ -ldns_rdf *ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name); - -/** - * Check if RR type t is enumerated and set in the RR type bitmap rdf. - * \param[in] bitmap the RR type bitmap rdf to look in - * \param[in] type the type to check for - * \return true when t is found and set, otherwise return false - */ -bool ldns_nsec_bitmap_covers_type(const ldns_rdf* bitmap, ldns_rr_type type); - -/** - * Checks if RR type t is enumerated in the type bitmap rdf and sets the bit. - * \param[in] bitmap the RR type bitmap rdf to look in - * \param[in] type the type to for which the bit to set - * \return LDNS_STATUS_OK on success. LDNS_STATUS_TYPE_NOT_IN_BITMAP is - * returned when the bitmap does not contain the bit to set. - */ -ldns_status ldns_nsec_bitmap_set_type(ldns_rdf* bitmap, ldns_rr_type type); - -/** - * Checks if RR type t is enumerated in the type bitmap rdf and clears the bit. - * \param[in] bitmap the RR type bitmap rdf to look in - * \param[in] type the type to for which the bit to clear - * \return LDNS_STATUS_OK on success. LDNS_STATUS_TYPE_NOT_IN_BITMAP is - * returned when the bitmap does not contain the bit to clear. - */ -ldns_status ldns_nsec_bitmap_clear_type(ldns_rdf* bitmap, ldns_rr_type type); - -/** - * Checks coverage of NSEC(3) RR name span - * Remember that nsec and name must both be in canonical form (ie use - * \ref ldns_rr2canonical and \ref ldns_dname2canonical prior to calling this - * function) - * - * \param[in] nsec The NSEC RR to check - * \param[in] name The owner dname to check, if the nsec record is a NSEC3 record, this should be the hashed name - * \return true if the NSEC RR covers the owner name - */ -bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name); - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * verify a packet - * \param[in] p the packet - * \param[in] t the rr set type to check - * \param[in] o the rr set name to check - * \param[in] k list of keys - * \param[in] s list of sigs (may be null) - * \param[out] good_keys keys which validated the packet - * \return status - * - */ -ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys); - -/** - * verify a packet - * \param[in] p the packet - * \param[in] t the rr set type to check - * \param[in] o the rr set name to check - * \param[in] k list of keys - * \param[in] s list of sigs (may be null) - * \param[in] check_time the time for which the validation is performed - * \param[out] good_keys keys which validated the packet - * \return status - * - */ -ldns_status ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys); - -#endif - -/** - * chains nsec3 list - */ -ldns_status -ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs); - -/** - * compare for nsec3 sort - */ -int -qsort_rr_compare_nsec3(const void *a, const void *b); - -/** - * sort nsec3 list - */ -void -ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted); - -/** - * Default callback function to always leave present signatures, and - * add new ones - * \param[in] sig The signature to check for removal (unused) - * \param[in] n Optional argument (unused) - * \return LDNS_SIGNATURE_LEAVE_ADD_NEW - */ -int ldns_dnssec_default_add_to_signatures(ldns_rr *sig, void *n); -/** - * Default callback function to always leave present signatures, and - * add no new ones for the keys of these signatures - * \param[in] sig The signature to check for removal (unused) - * \param[in] n Optional argument (unused) - * \return LDNS_SIGNATURE_LEAVE_NO_ADD - */ -int ldns_dnssec_default_leave_signatures(ldns_rr *sig, void *n); -/** - * Default callback function to always remove present signatures, but - * add no new ones - * \param[in] sig The signature to check for removal (unused) - * \param[in] n Optional argument (unused) - * \return LDNS_SIGNATURE_REMOVE_NO_ADD - */ -int ldns_dnssec_default_delete_signatures(ldns_rr *sig, void *n); -/** - * Default callback function to always leave present signatures, and - * add new ones - * \param[in] sig The signature to check for removal (unused) - * \param[in] n Optional argument (unused) - * \return LDNS_SIGNATURE_REMOVE_ADD_NEW - */ -int ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n); - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * Converts the DSA signature from ASN1 representation (RFC2459, as - * used by OpenSSL) to raw signature data as used in DNS (rfc2536) - * - * \param[in] sig The signature in RFC2459 format - * \param[in] sig_len The length of the signature - * \return a new rdf with the signature - */ -ldns_rdf * -ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig, - const long sig_len); - -/** - * Converts the RRSIG signature RDF (in rfc2536 format) to a buffer - * with the signature in rfc2459 format - * - * \param[out] target_buffer buffer to place the signature data - * \param[in] sig_rdf The signature rdf to convert - * \return LDNS_STATUS_OK on success, error code otherwise - */ -ldns_status -ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, - const ldns_rdf *sig_rdf); - -/** - * Converts the ECDSA signature from ASN1 representation (as - * used by OpenSSL) to raw signature data as used in DNS - * This routine is only present if ldns is compiled with ecdsa support. - * - * \param[in] sig The signature in ASN1 format - * \param[in] sig_len The length of the signature - * \return a new rdf with the signature - */ -ldns_rdf * -ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len); - -/** - * Converts the RRSIG signature RDF (from DNS) to a buffer with the - * signature in ASN1 format as openssl uses it. - * This routine is only present if ldns is compiled with ecdsa support. - * - * \param[out] target_buffer buffer to place the signature data in ASN1. - * \param[in] sig_rdf The signature rdf to convert - * \return LDNS_STATUS_OK on success, error code otherwise - */ -ldns_status -ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, - const ldns_rdf *sig_rdf); - -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_DNSSEC_H */ diff --git a/include/ldns/dnssec_sign.h b/include/ldns/dnssec_sign.h deleted file mode 100644 index f51c7fb..0000000 --- a/include/ldns/dnssec_sign.h +++ /dev/null @@ -1,383 +0,0 @@ -/** dnssec_verify */ - -#ifndef LDNS_DNSSEC_SIGN_H -#define LDNS_DNSSEC_SIGN_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* sign functions */ - -/** Sign flag that makes DNSKEY type signed by all keys, not only by SEP keys*/ -#define LDNS_SIGN_DNSKEY_WITH_ZSK 1 - -/** - * Create an empty RRSIG RR (i.e. without the actual signature data) - * \param[in] rrset The RRset to create the signature for - * \param[in] key The key that will create the signature - * \return signature rr - */ -ldns_rr * -ldns_create_empty_rrsig(ldns_rr_list *rrset, - ldns_key *key); - -/** - * Sign the buffer which contains the wiredata of an rrset, and the - * corresponding empty rrsig rr with the given key - * \param[in] sign_buf the buffer with data to sign - * \param[in] key the key to sign with - * \return an rdata field with the signature data - */ -ldns_rdf * -ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *key); - -/** - * Sign an rrset - * \param[in] rrset the rrset - * \param[in] keys the keys to use - * \return a rr_list with the signatures - */ -ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys); - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * Sign a buffer with the DSA key (hash with SHA1) - * \param[in] to_sign buffer with the data - * \param[in] key the key to use - * \return a ldns_rdf with the signed data - */ -ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key); - -/** - * Sign data with EVP (general method for different algorithms) - * - * \param[in] to_sign The ldns_buffer containing raw data that is - * to be signed - * \param[in] key The EVP_PKEY key structure to sign with - * \param[in] digest_type The digest algorithm to use in the creation of - * the signature - * \return ldns_rdf for the RRSIG ldns_rr - */ -ldns_rdf *ldns_sign_public_evp(ldns_buffer *to_sign, - EVP_PKEY *key, - const EVP_MD *digest_type); - -/** - * Sign a buffer with the RSA key (hash with SHA1) - * \param[in] to_sign buffer with the data - * \param[in] key the key to use - * \return a ldns_rdf with the signed data - */ -ldns_rdf *ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key); - -/** - * Sign a buffer with the RSA key (hash with MD5) - * \param[in] to_sign buffer with the data - * \param[in] key the key to use - * \return a ldns_rdf with the signed data - */ -ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -/** - * Marks the names in the zone that are occluded. Those names will be skipped - * when walking the tree with the ldns_dnssec_name_node_next_nonglue() - * function. But watch out! Names that are partially occluded (like glue with - * the same name as the delegation) will not be marked and should specifically - * be taken into account separately. - * - * When glue_list is given (not NULL), in the process of marking the names, all - * glue resource records will be pushed to that list, even glue at the delegation name. - * - * \param[in] zone the zone in which to mark the names - * \param[in] glue_list the list to which to push the glue rrs - * \return LDNS_STATUS_OK on success, an error code otherwise - */ -ldns_status -ldns_dnssec_zone_mark_and_get_glue( - ldns_dnssec_zone *zone, ldns_rr_list *glue_list); - -/** - * Marks the names in the zone that are occluded. Those names will be skipped - * when walking the tree with the ldns_dnssec_name_node_next_nonglue() - * function. But watch out! Names that are partially occluded (like glue with - * the same name as the delegation) will not be marked and should specifically - * be taken into account separately. - * - * \param[in] zone the zone in which to mark the names - * \return LDNS_STATUS_OK on succesful completion - */ -ldns_status -ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone); - -/** - * Finds the first dnssec_name node in the rbtree that is not occluded. - * It *does* return names that are partially occluded. - * - * \param[in] node the first node to check - * \return the first node that has not been marked as glue, or NULL - * if not found (TODO: make that LDNS_RBTREE_NULL?) - */ -ldns_rbnode_t *ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node); - -/** - * Adds NSEC records to the given dnssec_zone - * - * \param[in] zone the zone to add the records to - * \param[in] new_rrs ldns_rr's created by this function are - * added to this rr list, so the caller can free them later - * \return LDNS_STATUS_OK on success, an error code otherwise - */ -ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs); - -/** - * Adds NSEC3 records to the zone - */ -ldns_status -ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt); - -/** - * remove signatures if callback function tells to - * - * \param[in] signatures list of signatures to check, and - * possibly remove, depending on the value of the - * callback - * \param[in] key_list these are marked to be used or not, - * on the return value of the callback - * \param[in] func this function is called to specify what to - * do with each signature (and corresponding key) - * \param[in] arg Optional argument for the callback function - * \returns pointer to the new signatures rrs (the original - * passed to this function may have been removed) - */ -ldns_dnssec_rrs *ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void *), - void *arg); - -/** - * Adds signatures to the zone - * - * \param[in] zone the zone to add RRSIG Resource Records to - * \param[in] new_rrs the RRSIG RRs that are created are also - * added to this list, so the caller can free them - * later - * \param[in] key_list list of keys to sign with. - * \param[in] func Callback function to decide what keys to - * use and what to do with old signatures - * \param[in] arg Optional argument for the callback function - * \param[in] flags option flags for signing process. 0 makes DNSKEY - * RRset signed with the minimal key set, that is only SEP keys are used - * for signing. If there are no SEP keys available, non-SEP keys will - * be used. LDNS_SIGN_DNSKEY_WITH_ZSK makes DNSKEY type signed with all - * keys. 0 is the default. - * \return LDNS_STATUS_OK on success, error otherwise - */ -ldns_status ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void*), - void *arg, - int flags); - -/** - * Adds signatures to the zone - * - * \param[in] zone the zone to add RRSIG Resource Records to - * \param[in] new_rrs the RRSIG RRs that are created are also - * added to this list, so the caller can free them - * later - * \param[in] key_list list of keys to sign with. - * \param[in] func Callback function to decide what keys to - * use and what to do with old signatures - * \param[in] arg Optional argument for the callback function - * \return LDNS_STATUS_OK on success, error otherwise - */ -ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void*), - void *arg); - -/** - * signs the given zone with the given keys - * - * \param[in] zone the zone to sign - * \param[in] key_list the list of keys to sign the zone with - * \param[in] new_rrs newly created resource records are added to this list, to free them later - * \param[in] func callback function that decides what to do with old signatures - * This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values: - * LDNS_SIGNATURE_LEAVE_ADD_NEW: - * leave the signature and add a new one for the corresponding key - * LDNS_SIGNATURE_REMOVE_ADD_NEW: - * remove the signature and replace is with a new one from the same key - * LDNS_SIGNATURE_LEAVE_NO_ADD: - * leave the signature and do not add a new one with the corresponding key - * LDNS_SIGNATURE_REMOVE_NO_ADD: - * remove the signature and do not replace - * - * \param[in] arg optional argument for the callback function - * \param[in] flags option flags for signing process. 0 makes DNSKEY - * RRset signed with the minimal key set, that is only SEP keys are used - * for signing. If there are no SEP keys available, non-SEP keys will - * be used. LDNS_SIGN_DNSKEY_WITH_ZSK makes DNSKEY type signed with all - * keys. 0 is the default. - * \return LDNS_STATUS_OK on success, an error code otherwise - */ -ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void *), - void *arg, - int flags); - -/** - * signs the given zone with the given new zone, with NSEC3 - * - * \param[in] zone the zone to sign - * \param[in] key_list the list of keys to sign the zone with - * \param[in] new_rrs newly created resource records are added to this list, to free them later - * \param[in] func callback function that decides what to do with old signatures - * \param[in] arg optional argument for the callback function - * \param[in] algorithm the NSEC3 hashing algorithm to use - * \param[in] flags NSEC3 flags - * \param[in] iterations the number of NSEC3 hash iterations to use - * \param[in] salt_length the length (in octets) of the NSEC3 salt - * \param[in] salt the NSEC3 salt data - * \param[in] signflags option flags for signing process. 0 is the default. - * \return LDNS_STATUS_OK on success, an error code otherwise - */ -ldns_status ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void *), - void *arg, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt, - int signflags); - -/** - * signs the given zone with the given new zone, with NSEC3 - * - * \param[in] zone the zone to sign - * \param[in] key_list the list of keys to sign the zone with - * \param[in] new_rrs newly created resource records are added to this list, to free them later - * \param[in] func callback function that decides what to do with old signatures - * \param[in] arg optional argument for the callback function - * \param[in] algorithm the NSEC3 hashing algorithm to use - * \param[in] flags NSEC3 flags - * \param[in] iterations the number of NSEC3 hash iterations to use - * \param[in] salt_length the length (in octets) of the NSEC3 salt - * \param[in] salt the NSEC3 salt data - * \param[in] signflags option flags for signing process. 0 is the default. - * \param[out] map a referenced rbtree pointer variable. The newly created - * rbtree will contain mappings from hashed owner names to the - * unhashed name. - * \return LDNS_STATUS_OK on success, an error code otherwise - */ -ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void *), - void *arg, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt, - int signflags, - ldns_rbtree_t **map - ); - - -/** - * signs the given zone with the given keys - * - * \param[in] zone the zone to sign - * \param[in] key_list the list of keys to sign the zone with - * \param[in] new_rrs newly created resource records are added to this list, to free them later - * \param[in] func callback function that decides what to do with old signatures - * This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values: - * LDNS_SIGNATURE_LEAVE_ADD_NEW: - * leave the signature and add a new one for the corresponding key - * LDNS_SIGNATURE_REMOVE_ADD_NEW: - * remove the signature and replace is with a new one from the same key - * LDNS_SIGNATURE_LEAVE_NO_ADD: - * leave the signature and do not add a new one with the corresponding key - * LDNS_SIGNATURE_REMOVE_NO_ADD: - * remove the signature and do not replace - * - * \param[in] arg optional argument for the callback function - * \return LDNS_STATUS_OK on success, an error code otherwise - */ -ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void *), - void *arg); - -/** - * signs the given zone with the given new zone, with NSEC3 - * - * \param[in] zone the zone to sign - * \param[in] key_list the list of keys to sign the zone with - * \param[in] new_rrs newly created resource records are added to this list, to free them later - * \param[in] func callback function that decides what to do with old signatures - * \param[in] arg optional argument for the callback function - * \param[in] algorithm the NSEC3 hashing algorithm to use - * \param[in] flags NSEC3 flags - * \param[in] iterations the number of NSEC3 hash iterations to use - * \param[in] salt_length the length (in octets) of the NSEC3 salt - * \param[in] salt the NSEC3 salt data - * \return LDNS_STATUS_OK on success, an error code otherwise - */ -ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void *), - void *arg, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt); - -/** - * Signs the zone, and returns a newly allocated signed zone - * \param[in] zone the zone to sign - * \param[in] key_list list of keys to sign with - * \return signed zone - */ -ldns_zone *ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list); - -/** - * Signs the zone with NSEC3, and returns a newly allocated signed zone - * \param[in] zone the zone to sign - * \param[in] key_list list of keys to sign with - * \param[in] algorithm the NSEC3 hashing algorithm to use - * \param[in] flags NSEC3 flags - * \param[in] iterations the number of NSEC3 hash iterations to use - * \param[in] salt_length the length (in octets) of the NSEC3 salt - * \param[in] salt the NSEC3 salt data - * \return signed zone - */ -ldns_zone *ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/include/ldns/dnssec_verify.h b/include/ldns/dnssec_verify.h deleted file mode 100644 index e8b1a91..0000000 --- a/include/ldns/dnssec_verify.h +++ /dev/null @@ -1,857 +0,0 @@ -/** dnssec_verify */ - -#ifndef LDNS_DNSSEC_VERIFY_H -#define LDNS_DNSSEC_VERIFY_H - -#define LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS 10 - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Chain structure that contains all DNSSEC data needed to - * verify an rrset - */ -typedef struct ldns_dnssec_data_chain_struct ldns_dnssec_data_chain; -struct ldns_dnssec_data_chain_struct -{ - ldns_rr_list *rrset; - ldns_rr_list *signatures; - ldns_rr_type parent_type; - ldns_dnssec_data_chain *parent; - ldns_pkt_rcode packet_rcode; - ldns_rr_type packet_qtype; - bool packet_nodata; -}; - -/** - * Creates a new dnssec_chain structure - * \return ldns_dnssec_data_chain * - */ -ldns_dnssec_data_chain *ldns_dnssec_data_chain_new(void); - -/** - * Frees a dnssec_data_chain structure - * - * \param[in] *chain The chain to free - */ -void ldns_dnssec_data_chain_free(ldns_dnssec_data_chain *chain); - -/** - * Frees a dnssec_data_chain structure, and all data - * contained therein - * - * \param[in] *chain The dnssec_data_chain to free - */ -void ldns_dnssec_data_chain_deep_free(ldns_dnssec_data_chain *chain); - -/** - * Prints the dnssec_data_chain to the given file stream - * - * \param[in] *out The file stream to print to - * \param[in] *chain The dnssec_data_chain to print - */ -void ldns_dnssec_data_chain_print(FILE *out, const ldns_dnssec_data_chain *chain); - -/** - * Prints the dnssec_data_chain to the given file stream - * - * \param[in] *out The file stream to print to - * \param[in] *fmt The format of the textual representation - * \param[in] *chain The dnssec_data_chain to print - */ -void ldns_dnssec_data_chain_print_fmt(FILE *out, - const ldns_output_format *fmt, - const ldns_dnssec_data_chain *chain); - -/** - * Build an ldns_dnssec_data_chain, which contains all - * DNSSEC data that is needed to derive the trust tree later - * - * The data_set will be cloned - * - * \param[in] *res resolver structure for further needed queries - * \param[in] qflags resolution flags - * \param[in] *data_set The original rrset where the chain ends - * \param[in] *pkt optional, can contain the original packet - * (and hence the sigs and maybe the key) - * \param[in] *orig_rr The original Resource Record - * - * \return the DNSSEC data chain - */ -ldns_dnssec_data_chain *ldns_dnssec_build_data_chain(ldns_resolver *res, - const uint16_t qflags, - const ldns_rr_list *data_set, - const ldns_pkt *pkt, - ldns_rr *orig_rr); - -/** - * Tree structure that contains the relation of DNSSEC data, - * and their cryptographic status. - * - * This tree is derived from a data_chain, and can be used - * to look whether there is a connection between an RRSET - * and a trusted key. The tree only contains pointers to the - * data_chain, and therefore one should *never* free() the - * data_chain when there is still a trust tree derived from - * that chain. - * - * Example tree: - * key key key - * \ | / - * \ | / - * \ | / - * ds - * | - * key - * | - * key - * | - * rr - * - * For each signature there is a parent; if the parent - * pointer is null, it couldn't be found and there was no - * denial; otherwise is a tree which contains either a - * DNSKEY, a DS, or a NSEC rr - */ -typedef struct ldns_dnssec_trust_tree_struct ldns_dnssec_trust_tree; -struct ldns_dnssec_trust_tree_struct -{ - ldns_rr *rr; - /* the complete rrset this rr was in */ - ldns_rr_list *rrset; - ldns_dnssec_trust_tree *parents[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS]; - ldns_status parent_status[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS]; - /** for debugging, add signatures too (you might want - those if they contain errors) */ - ldns_rr *parent_signature[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS]; - size_t parent_count; -}; - -/** - * Creates a new (empty) dnssec_trust_tree structure - * - * \return ldns_dnssec_trust_tree * - */ -ldns_dnssec_trust_tree *ldns_dnssec_trust_tree_new(void); - -/** - * Frees the dnssec_trust_tree recursively - * - * There is no deep free; all data in the trust tree - * consists of pointers to a data_chain - * - * \param[in] tree The tree to free - */ -void ldns_dnssec_trust_tree_free(ldns_dnssec_trust_tree *tree); - -/** - * returns the depth of the trust tree - * - * \param[in] tree tree to calculate the depth of - * \return The depth of the tree - */ -size_t ldns_dnssec_trust_tree_depth(ldns_dnssec_trust_tree *tree); - -/** - * Prints the dnssec_trust_tree structure to the given file - * stream. - * - * If a link status is not LDNS_STATUS_OK; the status and - * relevant signatures are printed too - * - * \param[in] *out The file stream to print to - * \param[in] tree The trust tree to print - * \param[in] tabs Prepend each line with tabs*2 spaces - * \param[in] extended If true, add little explanation lines to the output - */ -void ldns_dnssec_trust_tree_print(FILE *out, - ldns_dnssec_trust_tree *tree, - size_t tabs, - bool extended); - -/** - * Prints the dnssec_trust_tree structure to the given file - * stream. - * - * If a link status is not LDNS_STATUS_OK; the status and - * relevant signatures are printed too - * - * \param[in] *out The file stream to print to - * \param[in] *fmt The format of the textual representation - * \param[in] tree The trust tree to print - * \param[in] tabs Prepend each line with tabs*2 spaces - * \param[in] extended If true, add little explanation lines to the output - */ -void ldns_dnssec_trust_tree_print_fmt(FILE *out, - const ldns_output_format *fmt, - ldns_dnssec_trust_tree *tree, - size_t tabs, - bool extended); - -/** - * Adds a trust tree as a parent for the given trust tree - * - * \param[in] *tree The tree to add the parent to - * \param[in] *parent The parent tree to add - * \param[in] *parent_signature The RRSIG relevant to this parent/child - * connection - * \param[in] parent_status The DNSSEC status for this parent, child and RRSIG - * \return LDNS_STATUS_OK if the addition succeeds, error otherwise - */ -ldns_status ldns_dnssec_trust_tree_add_parent(ldns_dnssec_trust_tree *tree, - const ldns_dnssec_trust_tree *parent, - const ldns_rr *parent_signature, - const ldns_status parent_status); - -/** - * Generates a dnssec_trust_tree for the given rr from the - * given data_chain - * - * This does not clone the actual data; Don't free the - * data_chain before you are done with this tree - * - * \param[in] *data_chain The chain to derive the trust tree from - * \param[in] *rr The RR this tree will be about - * \return ldns_dnssec_trust_tree * - */ -ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree( - ldns_dnssec_data_chain *data_chain, - ldns_rr *rr); - -/** - * Generates a dnssec_trust_tree for the given rr from the - * given data_chain - * - * This does not clone the actual data; Don't free the - * data_chain before you are done with this tree - * - * \param[in] *data_chain The chain to derive the trust tree from - * \param[in] *rr The RR this tree will be about - * \param[in] check_time the time for which the validation is performed - * \return ldns_dnssec_trust_tree * - */ -ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree_time( - ldns_dnssec_data_chain *data_chain, - ldns_rr *rr, time_t check_time); - -/** - * Sub function for derive_trust_tree that is used for a 'normal' rrset - * - * \param[in] new_tree The trust tree that we are building - * \param[in] data_chain The data chain containing the data for the trust tree - * \param[in] cur_sig_rr The currently relevant signature - */ -void ldns_dnssec_derive_trust_tree_normal_rrset( - ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain, - ldns_rr *cur_sig_rr); - -/** - * Sub function for derive_trust_tree that is used for a 'normal' rrset - * - * \param[in] new_tree The trust tree that we are building - * \param[in] data_chain The data chain containing the data for the trust tree - * \param[in] cur_sig_rr The currently relevant signature - * \param[in] check_time the time for which the validation is performed - */ -void ldns_dnssec_derive_trust_tree_normal_rrset_time( - ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain, - ldns_rr *cur_sig_rr, time_t check_time); - - -/** - * Sub function for derive_trust_tree that is used for DNSKEY rrsets - * - * \param[in] new_tree The trust tree that we are building - * \param[in] data_chain The data chain containing the data for the trust tree - * \param[in] cur_rr The currently relevant DNSKEY RR - * \param[in] cur_sig_rr The currently relevant signature - */ -void ldns_dnssec_derive_trust_tree_dnskey_rrset( - ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain, - ldns_rr *cur_rr, - ldns_rr *cur_sig_rr); - -/** - * Sub function for derive_trust_tree that is used for DNSKEY rrsets - * - * \param[in] new_tree The trust tree that we are building - * \param[in] data_chain The data chain containing the data for the trust tree - * \param[in] cur_rr The currently relevant DNSKEY RR - * \param[in] cur_sig_rr The currently relevant signature - * \param[in] check_time the time for which the validation is performed - */ -void ldns_dnssec_derive_trust_tree_dnskey_rrset_time( - ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain, - ldns_rr *cur_rr, ldns_rr *cur_sig_rr, - time_t check_time); - -/** - * Sub function for derive_trust_tree that is used for DS rrsets - * - * \param[in] new_tree The trust tree that we are building - * \param[in] data_chain The data chain containing the data for the trust tree - * \param[in] cur_rr The currently relevant DS RR - */ -void ldns_dnssec_derive_trust_tree_ds_rrset( - ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain, - ldns_rr *cur_rr); - -/** - * Sub function for derive_trust_tree that is used for DS rrsets - * - * \param[in] new_tree The trust tree that we are building - * \param[in] data_chain The data chain containing the data for the trust tree - * \param[in] cur_rr The currently relevant DS RR - * \param[in] check_time the time for which the validation is performed - */ -void ldns_dnssec_derive_trust_tree_ds_rrset_time( - ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain, - ldns_rr *cur_rr, time_t check_time); - -/** - * Sub function for derive_trust_tree that is used when there are no - * signatures - * - * \param[in] new_tree The trust tree that we are building - * \param[in] data_chain The data chain containing the data for the trust tree - */ -void ldns_dnssec_derive_trust_tree_no_sig( - ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain); - -/** - * Sub function for derive_trust_tree that is used when there are no - * signatures - * - * \param[in] new_tree The trust tree that we are building - * \param[in] data_chain The data chain containing the data for the trust tree - * \param[in] check_time the time for which the validation is performed - */ -void ldns_dnssec_derive_trust_tree_no_sig_time( - ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain, - time_t check_time); - - -/** - * Returns OK if there is a trusted path in the tree to one of - * the DNSKEY or DS RRs in the given list - * - * \param *tree The trust tree so search - * \param *keys A ldns_rr_list of DNSKEY and DS rrs to look for - * - * \return LDNS_STATUS_OK if there is a trusted path to one of - * the keys, or the *first* error encountered - * if there were no paths - */ -ldns_status ldns_dnssec_trust_tree_contains_keys( - ldns_dnssec_trust_tree *tree, - ldns_rr_list *keys); - -/** - * Verifies a list of signatures for one rrset. - * - * \param[in] rrset the rrset to verify - * \param[in] rrsig a list of signatures to check - * \param[in] keys a list of keys to check with - * \param[out] good_keys if this is a (initialized) list, the pointer to keys - * from keys that validate one of the signatures - * are added to it - * \return status LDNS_STATUS_OK if there is at least one correct key - */ -ldns_status ldns_verify(ldns_rr_list *rrset, - ldns_rr_list *rrsig, - const ldns_rr_list *keys, - ldns_rr_list *good_keys); - -/** - * Verifies a list of signatures for one rrset. - * - * \param[in] rrset the rrset to verify - * \param[in] rrsig a list of signatures to check - * \param[in] keys a list of keys to check with - * \param[in] check_time the time for which the validation is performed - * \param[out] good_keys if this is a (initialized) list, the pointer to keys - * from keys that validate one of the signatures - * are added to it - * \return status LDNS_STATUS_OK if there is at least one correct key - */ -ldns_status ldns_verify_time(ldns_rr_list *rrset, - ldns_rr_list *rrsig, - const ldns_rr_list *keys, - time_t check_time, - ldns_rr_list *good_keys); - - -/** - * Verifies a list of signatures for one rrset, but disregard the time. - * Inception and Expiration are not checked. - * - * \param[in] rrset the rrset to verify - * \param[in] rrsig a list of signatures to check - * \param[in] keys a list of keys to check with - * \param[out] good_keys if this is a (initialized) list, the pointer to keys - * from keys that validate one of the signatures - * are added to it - * \return status LDNS_STATUS_OK if there is at least one correct key - */ -ldns_status ldns_verify_notime(ldns_rr_list *rrset, - ldns_rr_list *rrsig, - const ldns_rr_list *keys, - ldns_rr_list *good_keys); - -/** - * Tries to build an authentication chain from the given - * keys down to the queried domain. - * - * If we find a valid trust path, return the valid keys for the domain. - * - * \param[in] res the current resolver - * \param[in] domain the domain we want valid keys for - * \param[in] keys the current set of trusted keys - * \param[out] status pointer to the status variable where the result - * code will be stored - * \return the set of trusted keys for the domain, or NULL if no - * trust path could be built. - */ -ldns_rr_list *ldns_fetch_valid_domain_keys(const ldns_resolver * res, - const ldns_rdf * domain, - const ldns_rr_list * keys, - ldns_status *status); - -/** - * Tries to build an authentication chain from the given - * keys down to the queried domain. - * - * If we find a valid trust path, return the valid keys for the domain. - * - * \param[in] res the current resolver - * \param[in] domain the domain we want valid keys for - * \param[in] keys the current set of trusted keys - * \param[in] check_time the time for which the validation is performed - * \param[out] status pointer to the status variable where the result - * code will be stored - * \return the set of trusted keys for the domain, or NULL if no - * trust path could be built. - */ -ldns_rr_list *ldns_fetch_valid_domain_keys_time(const ldns_resolver * res, - const ldns_rdf * domain, const ldns_rr_list * keys, - time_t check_time, ldns_status *status); - - -/** - * Validates the DNSKEY RRset for the given domain using the provided - * trusted keys. - * - * \param[in] res the current resolver - * \param[in] domain the domain we want valid keys for - * \param[in] keys the current set of trusted keys - * \return the set of trusted keys for the domain, or NULL if the RRSET - * could not be validated - */ -ldns_rr_list *ldns_validate_domain_dnskey (const ldns_resolver *res, - const ldns_rdf *domain, - const ldns_rr_list *keys); - -/** - * Validates the DNSKEY RRset for the given domain using the provided - * trusted keys. - * - * \param[in] res the current resolver - * \param[in] domain the domain we want valid keys for - * \param[in] keys the current set of trusted keys - * \param[in] check_time the time for which the validation is performed - * \return the set of trusted keys for the domain, or NULL if the RRSET - * could not be validated - */ -ldns_rr_list *ldns_validate_domain_dnskey_time( - const ldns_resolver *res, const ldns_rdf *domain, - const ldns_rr_list *keys, time_t check_time); - - -/** - * Validates the DS RRset for the given domain using the provided trusted keys. - * - * \param[in] res the current resolver - * \param[in] domain the domain we want valid keys for - * \param[in] keys the current set of trusted keys - * \return the set of trusted keys for the domain, or NULL if the RRSET could not be validated - */ -ldns_rr_list *ldns_validate_domain_ds(const ldns_resolver *res, - const ldns_rdf * - domain, - const ldns_rr_list * keys); - -/** - * Validates the DS RRset for the given domain using the provided trusted keys. - * - * \param[in] res the current resolver - * \param[in] domain the domain we want valid keys for - * \param[in] keys the current set of trusted keys - * \param[in] check_time the time for which the validation is performed - * \return the set of trusted keys for the domain, or NULL if the RRSET could not be validated - */ -ldns_rr_list *ldns_validate_domain_ds_time( - const ldns_resolver *res, const ldns_rdf *domain, - const ldns_rr_list * keys, time_t check_time); - - -/** - * Verifies a list of signatures for one RRset using a valid trust path. - * - * \param[in] res the current resolver - * \param[in] rrset the rrset to verify - * \param[in] rrsigs a list of signatures to check - * \param[out] validating_keys if this is a (initialized) list, the - * keys from keys that validate one of - * the signatures are added to it - * \return status LDNS_STATUS_OK if there is at least one correct key - */ -ldns_status ldns_verify_trusted(ldns_resolver *res, - ldns_rr_list *rrset, - ldns_rr_list *rrsigs, - ldns_rr_list *validating_keys); - -/** - * Verifies a list of signatures for one RRset using a valid trust path. - * - * \param[in] res the current resolver - * \param[in] rrset the rrset to verify - * \param[in] rrsigs a list of signatures to check - * \param[in] check_time the time for which the validation is performed - * \param[out] validating_keys if this is a (initialized) list, the - * keys from keys that validate one of - * the signatures are added to it - * \return status LDNS_STATUS_OK if there is at least one correct key - */ -ldns_status ldns_verify_trusted_time( - ldns_resolver *res, ldns_rr_list *rrset, - ldns_rr_list *rrsigs, time_t check_time, - ldns_rr_list *validating_keys); - - -/** - * denial is not just a river in egypt - * - * \param[in] rr The (query) RR to check the denial of existence for - * \param[in] nsecs The list of NSEC RRs that are supposed to deny the - * existence of the RR - * \param[in] rrsigs The RRSIG RR covering the NSEC RRs - * \return LDNS_STATUS_OK if the NSEC RRs deny the existence, error code - * containing the reason they do not otherwise - */ -ldns_status ldns_dnssec_verify_denial(ldns_rr *rr, - ldns_rr_list *nsecs, - ldns_rr_list *rrsigs); - -/** - * Denial of existence using NSEC3 records - * Since NSEC3 is a bit more complicated than normal denial, some - * context arguments are needed - * - * \param[in] rr The (query) RR to check the denial of existence for - * \param[in] nsecs The list of NSEC3 RRs that are supposed to deny the - * existence of the RR - * \param[in] rrsigs The RRSIG rr covering the NSEC RRs - * \param[in] packet_rcode The RCODE value of the packet that provided the - * NSEC3 RRs - * \param[in] packet_qtype The original query RR type - * \param[in] packet_nodata True if the providing packet had an empty ANSWER - * section - * \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code - * containing the reason they do not otherwise - */ -ldns_status ldns_dnssec_verify_denial_nsec3(ldns_rr *rr, - ldns_rr_list *nsecs, - ldns_rr_list *rrsigs, - ldns_pkt_rcode packet_rcode, - ldns_rr_type packet_qtype, - bool packet_nodata); - -/** - * Same as ldns_status ldns_dnssec_verify_denial_nsec3 but also returns - * the nsec rr that matched. - * - * \param[in] rr The (query) RR to check the denial of existence for - * \param[in] nsecs The list of NSEC3 RRs that are supposed to deny the - * existence of the RR - * \param[in] rrsigs The RRSIG rr covering the NSEC RRs - * \param[in] packet_rcode The RCODE value of the packet that provided the - * NSEC3 RRs - * \param[in] packet_qtype The original query RR type - * \param[in] packet_nodata True if the providing packet had an empty ANSWER - * section - * \param[in] match On match, the given (reference to a) pointer will be set - * to point to the matching nsec resource record. - * \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code - * containing the reason they do not otherwise - */ -ldns_status ldns_dnssec_verify_denial_nsec3_match(ldns_rr *rr, - ldns_rr_list *nsecs, - ldns_rr_list *rrsigs, - ldns_pkt_rcode packet_rcode, - ldns_rr_type packet_qtype, - bool packet_nodata, - ldns_rr **match); -/** - * Verifies the already processed data in the buffers - * This function should probably not be used directly. - * - * \param[in] rawsig_buf Buffer containing signature data to use - * \param[in] verify_buf Buffer containing data to verify - * \param[in] key_buf Buffer containing key data to use - * \param[in] algo Signing algorithm - * \return status LDNS_STATUS_OK if the data verifies. Error if not. - */ -ldns_status ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf, - ldns_buffer *verify_buf, - ldns_buffer *key_buf, - uint8_t algo); - -/** - * Like ldns_verify_rrsig_buffers, but uses raw data. - * - * \param[in] sig signature data to use - * \param[in] siglen length of signature data to use - * \param[in] verify_buf Buffer containing data to verify - * \param[in] key key data to use - * \param[in] keylen length of key data to use - * \param[in] algo Signing algorithm - * \return status LDNS_STATUS_OK if the data verifies. Error if not. - */ -ldns_status ldns_verify_rrsig_buffers_raw(unsigned char* sig, - size_t siglen, - ldns_buffer *verify_buf, - unsigned char* key, - size_t keylen, - uint8_t algo); - -/** - * Verifies an rrsig. All keys in the keyset are tried. - * \param[in] rrset the rrset to check - * \param[in] rrsig the signature of the rrset - * \param[in] keys the keys to try - * \param[out] good_keys if this is a (initialized) list, the pointer to keys - * from keys that validate one of the signatures - * are added to it - * \return a list of keys which validate the rrsig + rrset. Returns - * status LDNS_STATUS_OK if at least one key matched. Else an error. - */ -ldns_status ldns_verify_rrsig_keylist(ldns_rr_list *rrset, - ldns_rr *rrsig, - const ldns_rr_list *keys, - ldns_rr_list *good_keys); - -/** - * Verifies an rrsig. All keys in the keyset are tried. - * \param[in] rrset the rrset to check - * \param[in] rrsig the signature of the rrset - * \param[in] keys the keys to try - * \param[in] check_time the time for which the validation is performed - * \param[out] good_keys if this is a (initialized) list, the pointer to keys - * from keys that validate one of the signatures - * are added to it - * \return a list of keys which validate the rrsig + rrset. Returns - * status LDNS_STATUS_OK if at least one key matched. Else an error. - */ -ldns_status ldns_verify_rrsig_keylist_time( - ldns_rr_list *rrset, ldns_rr *rrsig, - const ldns_rr_list *keys, time_t check_time, - ldns_rr_list *good_keys); - - -/** - * Verifies an rrsig. All keys in the keyset are tried. Time is not checked. - * \param[in] rrset the rrset to check - * \param[in] rrsig the signature of the rrset - * \param[in] keys the keys to try - * \param[out] good_keys if this is a (initialized) list, the pointer to keys - * from keys that validate one of the signatures - * are added to it - * \return a list of keys which validate the rrsig + rrset. Returns - * status LDNS_STATUS_OK if at least one key matched. Else an error. - */ -ldns_status ldns_verify_rrsig_keylist_notime(ldns_rr_list *rrset, - ldns_rr *rrsig, - const ldns_rr_list *keys, - ldns_rr_list *good_keys); - -/** - * verify an rrsig with 1 key - * \param[in] rrset the rrset - * \param[in] rrsig the rrsig to verify - * \param[in] key the key to use - * \return status message wether verification succeeded. - */ -ldns_status ldns_verify_rrsig(ldns_rr_list *rrset, - ldns_rr *rrsig, - ldns_rr *key); - - -/** - * verify an rrsig with 1 key - * \param[in] rrset the rrset - * \param[in] rrsig the rrsig to verify - * \param[in] key the key to use - * \param[in] check_time the time for which the validation is performed - * \return status message wether verification succeeded. - */ -ldns_status ldns_verify_rrsig_time( - ldns_rr_list *rrset, ldns_rr *rrsig, - ldns_rr *key, time_t check_time); - - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * verifies a buffer with signature data for a buffer with rrset data - * with an EVP_PKEY - * - * \param[in] sig the signature data - * \param[in] rrset the rrset data, sorted and processed for verification - * \param[in] key the EVP key structure - * \param[in] digest_type The digest type of the signature - */ -ldns_status ldns_verify_rrsig_evp(ldns_buffer *sig, - ldns_buffer *rrset, - EVP_PKEY *key, - const EVP_MD *digest_type); - -/** - * Like ldns_verify_rrsig_evp, but uses raw signature data. - * \param[in] sig the signature data, wireformat uncompressed - * \param[in] siglen length of the signature data - * \param[in] rrset the rrset data, sorted and processed for verification - * \param[in] key the EVP key structure - * \param[in] digest_type The digest type of the signature - */ -ldns_status ldns_verify_rrsig_evp_raw(unsigned char *sig, - size_t siglen, - ldns_buffer *rrset, - EVP_PKEY *key, - const EVP_MD *digest_type); -#endif - -/** - * verifies a buffer with signature data (DSA) for a buffer with rrset data - * with a buffer with key data. - * - * \param[in] sig the signature data - * \param[in] rrset the rrset data, sorted and processed for verification - * \param[in] key the key data - */ -ldns_status ldns_verify_rrsig_dsa(ldns_buffer *sig, - ldns_buffer *rrset, - ldns_buffer *key); - -/** - * verifies a buffer with signature data (RSASHA1) for a buffer with rrset data - * with a buffer with key data. - * - * \param[in] sig the signature data - * \param[in] rrset the rrset data, sorted and processed for verification - * \param[in] key the key data - */ -ldns_status ldns_verify_rrsig_rsasha1(ldns_buffer *sig, - ldns_buffer *rrset, - ldns_buffer *key); - -/** - * verifies a buffer with signature data (RSAMD5) for a buffer with rrset data - * with a buffer with key data. - * - * \param[in] sig the signature data - * \param[in] rrset the rrset data, sorted and processed for verification - * \param[in] key the key data - */ -ldns_status ldns_verify_rrsig_rsamd5(ldns_buffer *sig, - ldns_buffer *rrset, - ldns_buffer *key); - -/** - * Like ldns_verify_rrsig_dsa, but uses raw signature and key data. - * \param[in] sig raw uncompressed wireformat signature data - * \param[in] siglen length of signature data - * \param[in] rrset ldns buffer with prepared rrset data. - * \param[in] key raw uncompressed wireformat key data - * \param[in] keylen length of key data - */ -ldns_status ldns_verify_rrsig_dsa_raw(unsigned char* sig, - size_t siglen, - ldns_buffer* rrset, - unsigned char* key, - size_t keylen); - -/** - * Like ldns_verify_rrsig_rsasha1, but uses raw signature and key data. - * \param[in] sig raw uncompressed wireformat signature data - * \param[in] siglen length of signature data - * \param[in] rrset ldns buffer with prepared rrset data. - * \param[in] key raw uncompressed wireformat key data - * \param[in] keylen length of key data - */ -ldns_status ldns_verify_rrsig_rsasha1_raw(unsigned char* sig, - size_t siglen, - ldns_buffer* rrset, - unsigned char* key, - size_t keylen); - -/** - * Like ldns_verify_rrsig_rsasha256, but uses raw signature and key data. - * \param[in] sig raw uncompressed wireformat signature data - * \param[in] siglen length of signature data - * \param[in] rrset ldns buffer with prepared rrset data. - * \param[in] key raw uncompressed wireformat key data - * \param[in] keylen length of key data - */ - -ldns_status ldns_verify_rrsig_rsasha256_raw(unsigned char* sig, - size_t siglen, - ldns_buffer* rrset, - unsigned char* key, - size_t keylen); - -/** - * Like ldns_verify_rrsig_rsasha512, but uses raw signature and key data. - * \param[in] sig raw uncompressed wireformat signature data - * \param[in] siglen length of signature data - * \param[in] rrset ldns buffer with prepared rrset data. - * \param[in] key raw uncompressed wireformat key data - * \param[in] keylen length of key data - */ -ldns_status ldns_verify_rrsig_rsasha512_raw(unsigned char* sig, - size_t siglen, - ldns_buffer* rrset, - unsigned char* key, - size_t keylen); - -/** - * Like ldns_verify_rrsig_rsamd5, but uses raw signature and key data. - * \param[in] sig raw uncompressed wireformat signature data - * \param[in] siglen length of signature data - * \param[in] rrset ldns buffer with prepared rrset data. - * \param[in] key raw uncompressed wireformat key data - * \param[in] keylen length of key data - */ -ldns_status ldns_verify_rrsig_rsamd5_raw(unsigned char* sig, - size_t siglen, - ldns_buffer* rrset, - unsigned char* key, - size_t keylen); - -#ifdef __cplusplus -} -#endif - -#endif - diff --git a/include/ldns/dnssec_zone.h b/include/ldns/dnssec_zone.h deleted file mode 100644 index b794f94..0000000 --- a/include/ldns/dnssec_zone.h +++ /dev/null @@ -1,483 +0,0 @@ -/* - * special zone file structures and functions for better dnssec handling - * - * A zone contains a SOA dnssec_zone_rrset, and an AVL tree of 'normal' - * dnssec_zone_rrsets, indexed by name and type - */ - -#ifndef LDNS_DNSSEC_ZONE_H -#define LDNS_DNSSEC_ZONE_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Singly linked list of rrs - */ -typedef struct ldns_struct_dnssec_rrs ldns_dnssec_rrs; -struct ldns_struct_dnssec_rrs -{ - ldns_rr *rr; - ldns_dnssec_rrs *next; -}; - -/** - * Singly linked list of RRsets - */ -typedef struct ldns_struct_dnssec_rrsets ldns_dnssec_rrsets; -struct ldns_struct_dnssec_rrsets -{ - ldns_dnssec_rrs *rrs; - ldns_rr_type type; - ldns_dnssec_rrs *signatures; - ldns_dnssec_rrsets *next; -}; - -/** - * Structure containing all resource records for a domain name - * Including the derived NSEC3, if present - */ -typedef struct ldns_struct_dnssec_name ldns_dnssec_name; -struct ldns_struct_dnssec_name -{ - /** - * pointer to a dname containing the name. - * Usually points to the owner name of the first RR of the first RRset - */ - ldns_rdf *name; - /** - * Usually, the name is a pointer to the owner name of the first rr for - * this name, but sometimes there is no actual data to point to, - * for instance in - * names representing empty nonterminals. If so, set alloced to true to - * indicate that this data must also be freed when the name is freed - */ - bool name_alloced; - /** - * The rrsets for this name - */ - ldns_dnssec_rrsets *rrsets; - /** - * NSEC pointing to the next name (or NSEC3 pointing to the next NSEC3) - */ - ldns_rr *nsec; - /** - * signatures for the NSEC record - */ - ldns_dnssec_rrs *nsec_signatures; - /** - * Unlike what the name is_glue suggests, this field is set to true by - * ldns_dnssec_zone_mark_glue() or ldns_dnssec_zone_mark_and_get_glue() - * when the name, this dnssec_name struct represents, is occluded. - * Names that contain other occluded rrsets and records with glue on - * the delegation point will NOT have this bool set to true. - * This field should NOT be read directly, but only via the - * ldns_dnssec_name_is_glue() function! - */ - bool is_glue; - /** - * pointer to store the hashed name (only used when in an NSEC3 zone - */ - ldns_rdf *hashed_name; -}; - -/** - * Structure containing a dnssec zone - */ -struct ldns_struct_dnssec_zone { - /** points to the name containing the SOA RR */ - ldns_dnssec_name *soa; - /** tree of ldns_dnssec_names */ - ldns_rbtree_t *names; - /** tree of ldns_dnssec_names by nsec3 hashes (when applicible) */ - ldns_rbtree_t *hashed_names; - /** points to the first added NSEC3 rr whose parameters will be - * assumed for all subsequent NSEC3 rr's and which will be used - * to calculate hashed names - */ - ldns_rr *_nsec3params; -}; -typedef struct ldns_struct_dnssec_zone ldns_dnssec_zone; - -/** - * Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs - * \return the allocated data - */ -ldns_dnssec_rrs *ldns_dnssec_rrs_new(void); - -/** - * Frees the list of rrs, but *not* the individual ldns_rr records - * contained in the list - * - * \param[in] rrs the data structure to free - */ -void ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs); - -/** - * Frees the list of rrs, and the individual ldns_rr records - * contained in the list - * - * \param[in] rrs the data structure to free - */ -void ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs); - -/** - * Adds an RR to the list of RRs. The list will remain ordered. - * If an equal RR already exists, this RR will not be added. - * - * \param[in] rrs the list to add to - * \param[in] rr the RR to add - * \return LDNS_STATUS_OK on success - */ -ldns_status ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr); - -/** - * Prints the given rrs to the file descriptor - * - * \param[in] out the file descriptor to print to - * \param[in] rrs the list of RRs to print - */ -void ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs); - -/** - * Prints the given rrs to the file descriptor - * - * \param[in] out the file descriptor to print to - * \param[in] fmt the format of the textual representation - * \param[in] rrs the list of RRs to print - */ -void ldns_dnssec_rrs_print_fmt(FILE *out, - const ldns_output_format *fmt, ldns_dnssec_rrs *rrs); - -/** - * Creates a new list (entry) of RRsets - * \return the newly allocated structure - */ -ldns_dnssec_rrsets *ldns_dnssec_rrsets_new(void); - -/** - * Frees the list of rrsets and their rrs, but *not* the ldns_rr - * records in the sets - * - * \param[in] rrsets the data structure to free - */ -void ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets); - -/** - * Frees the list of rrsets and their rrs, and the ldns_rr - * records in the sets - * - * \param[in] rrsets the data structure to free - */ -void ldns_dnssec_rrsets_deep_free(ldns_dnssec_rrsets *rrsets); - -/** - * Returns the rr type of the rrset (that is head of the given list) - * - * \param[in] rrsets the rrset to get the type of - * \return the rr type - */ -ldns_rr_type ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets); - -/** - * Sets the RR type of the rrset (that is head of the given list) - * - * \param[in] rrsets the rrset to set the type of - * \param[in] type the type to set - * \return LDNS_STATUS_OK on success - */ -ldns_status ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets, - ldns_rr_type type); - -/** - * Add an ldns_rr to the corresponding RRset in the given list of RRsets. - * If it is not present, add it as a new RRset with 1 record. - * - * \param[in] rrsets the list of rrsets to add the RR to - * \param[in] rr the rr to add to the list of rrsets - * \return LDNS_STATUS_OK on success - */ -ldns_status ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr); - -/** - * Print the given list of rrsets to the fiven file descriptor - * - * \param[in] out the file descriptor to print to - * \param[in] rrsets the list of RRsets to print - * \param[in] follow if set to false, only print the first RRset - */ -void ldns_dnssec_rrsets_print(FILE *out, - ldns_dnssec_rrsets *rrsets, - bool follow); - -/** - * Print the given list of rrsets to the fiven file descriptor - * - * \param[in] out the file descriptor to print to - * \param[in] fmt the format of the textual representation - * \param[in] rrsets the list of RRsets to print - * \param[in] follow if set to false, only print the first RRset - */ -void ldns_dnssec_rrsets_print_fmt(FILE *out, - const ldns_output_format *fmt, - ldns_dnssec_rrsets *rrsets, - bool follow); - - -/** - * Create a new data structure for a dnssec name - * \return the allocated structure - */ -ldns_dnssec_name *ldns_dnssec_name_new(void); - -/** - * Create a new data structure for a dnssec name for the given RR - * - * \param[in] rr the RR to derive properties from, and to add to the name - */ -ldns_dnssec_name *ldns_dnssec_name_new_frm_rr(ldns_rr *rr); - -/** - * Frees the name structure and its rrs and rrsets. - * Individual ldns_rr records therein are not freed - * - * \param[in] name the structure to free - */ -void ldns_dnssec_name_free(ldns_dnssec_name *name); - -/** - * Frees the name structure and its rrs and rrsets. - * Individual ldns_rr records contained in the name are also freed - * - * \param[in] name the structure to free - */ -void ldns_dnssec_name_deep_free(ldns_dnssec_name *name); - -/** - * Returns the domain name of the given dnssec_name structure - * - * \param[in] name the dnssec name to get the domain name from - * \return the domain name - */ -ldns_rdf *ldns_dnssec_name_name(ldns_dnssec_name *name); - - -/** - * Sets the domain name of the given dnssec_name structure - * - * \param[in] name the dnssec name to set the domain name of - * \param[in] dname the domain name to set it to. This data is *not* copied. - */ -void ldns_dnssec_name_set_name(ldns_dnssec_name *name, - ldns_rdf *dname); -/** - * Returns if dnssec_name structure is marked as glue. - * The ldns_dnssec_zone_mark_glue() function has to be called on a zone before - * using this function. - * Only names that have only glue rrsets will be marked. - * Names that have other occluded rrsets and names containing glue on the - * delegation point will NOT be marked! - * - * \param[in] name the dnssec name to get the domain name from - * \return true if the structure is marked as glue, false otherwise. - */ -bool ldns_dnssec_name_is_glue(ldns_dnssec_name *name); - -/** - * Sets the NSEC(3) RR of the given dnssec_name structure - * - * \param[in] name the dnssec name to set the domain name of - * \param[in] nsec the nsec rr to set it to. This data is *not* copied. - */ -void ldns_dnssec_name_set_nsec(ldns_dnssec_name *name, ldns_rr *nsec); - -/** - * Compares the domain names of the two arguments in their - * canonical ordening. - * - * \param[in] a The first dnssec_name to compare - * \param[in] b The second dnssec_name to compare - * \return -1 if the domain name of a comes before that of b in canonical - * ordening, 1 if it is the other way around, and 0 if they are - * equal - */ -int ldns_dnssec_name_cmp(const void *a, const void *b); - -/** - * Inserts the given rr at the right place in the current dnssec_name - * No checking is done whether the name matches - * - * \param[in] name The ldns_dnssec_name to add the RR to - * \param[in] rr The RR to add - * \return LDNS_STATUS_OK on success, error code otherwise - */ -ldns_status ldns_dnssec_name_add_rr(ldns_dnssec_name *name, - ldns_rr *rr); - -/** - * Find the RRset with the given type in within this name structure - * - * \param[in] name the name to find the RRset in - * \param[in] type the type of the RRset to find - * \return the RRset, or NULL if not present - */ -ldns_dnssec_rrsets *ldns_dnssec_name_find_rrset(ldns_dnssec_name *name, - ldns_rr_type type); - -/** - * Find the RRset with the given name and type in the zone - * - * \param[in] zone the zone structure to find the RRset in - * \param[in] dname the domain name of the RRset to find - * \param[in] type the type of the RRset to find - * \return the RRset, or NULL if not present - */ -ldns_dnssec_rrsets *ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone, - ldns_rdf *dname, - ldns_rr_type type); - -/** - * Prints the RRs in the dnssec name structure to the given - * file descriptor - * - * \param[in] out the file descriptor to print to - * \param[in] name the name structure to print the contents of - */ -void ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name); - -/** - * Prints the RRs in the dnssec name structure to the given - * file descriptor - * - * \param[in] out the file descriptor to print to - * \param[in] fmt the format of the textual representation - * \param[in] name the name structure to print the contents of - */ -void ldns_dnssec_name_print_fmt(FILE *out, - const ldns_output_format *fmt, ldns_dnssec_name *name); - -/** - * Creates a new dnssec_zone structure - * \return the allocated structure - */ -ldns_dnssec_zone *ldns_dnssec_zone_new(void); - -/** - * Create a new dnssec zone from a file. - * \param[out] z the new zone - * \param[in] *fp the filepointer to use - * \param[in] *origin the zones' origin - * \param[in] c default class to use (IN) - * \param[in] ttl default ttl to use - * - * \return ldns_status mesg with an error or LDNS_STATUS_OK - */ -ldns_status ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp, - ldns_rdf* origin, uint32_t ttl, ldns_rr_class c); - -/** - * Create a new dnssec zone from a file, keep track of the line numbering - * \param[out] z the new zone - * \param[in] *fp the filepointer to use - * \param[in] *origin the zones' origin - * \param[in] ttl default ttl to use - * \param[in] c default class to use (IN) - * \param[out] line_nr used for error msg, to get to the line number - * - * \return ldns_status mesg with an error or LDNS_STATUS_OK - */ -ldns_status ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, - ldns_rdf* origin, uint32_t ttl, ldns_rr_class c, int* line_nr); - -/** - * Frees the given zone structure, and its rbtree of dnssec_names - * Individual ldns_rr RRs within those names are *not* freed - * \param[in] *zone the zone to free - */ -void ldns_dnssec_zone_free(ldns_dnssec_zone *zone); - -/** - * Frees the given zone structure, and its rbtree of dnssec_names - * Individual ldns_rr RRs within those names are also freed - * \param[in] *zone the zone to free - */ -void ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone); - -/** - * Adds the given RR to the zone. - * It find whether there is a dnssec_name with that name present. - * If so, add it to that, if not create a new one. - * Special handling of NSEC and RRSIG provided - * - * \param[in] zone the zone to add the RR to - * \param[in] rr The RR to add - * \return LDNS_STATUS_OK on success, an error code otherwise - */ -ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, - ldns_rr *rr); - -/** - * Prints the rbtree of ldns_dnssec_name structures to the file descriptor - * - * \param[in] out the file descriptor to print the names to - * \param[in] tree the tree of ldns_dnssec_name structures to print - * \param[in] print_soa if true, print SOA records, if false, skip them - */ -void ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa); - -/** - * Prints the rbtree of ldns_dnssec_name structures to the file descriptor - * - * \param[in] out the file descriptor to print the names to - * \param[in] fmt the format of the textual representation - * \param[in] tree the tree of ldns_dnssec_name structures to print - * \param[in] print_soa if true, print SOA records, if false, skip them - */ -void ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt, - ldns_rbtree_t *tree, bool print_soa); - -/** - * Prints the complete zone to the given file descriptor - * - * \param[in] out the file descriptor to print to - * \param[in] zone the dnssec_zone to print - */ -void ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone); - -/** - * Prints the complete zone to the given file descriptor - * - * \param[in] out the file descriptor to print to - * \param[in] fmt the format of the textual representation - * \param[in] zone the dnssec_zone to print - */ -void ldns_dnssec_zone_print_fmt(FILE *out, - const ldns_output_format *fmt, ldns_dnssec_zone *zone); - -/** - * Adds explicit dnssec_name structures for the empty nonterminals - * in this zone. (this is needed for NSEC3 generation) - * - * \param[in] zone the zone to check for empty nonterminals - * return LDNS_STATUS_OK on success. - */ -ldns_status ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone); - -/** - * If a NSEC3PARAM is available in the apex, walks the zone and returns true - * on the first optout nsec3. - * - * \param[in] zone the zone to check for nsec3 optout records - * return true when the zone has at least one nsec3 optout record. - */ -bool ldns_dnssec_zone_is_nsec3_optout(ldns_dnssec_zone* zone); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/include/ldns/duration.h b/include/ldns/duration.h deleted file mode 100644 index f12edc4..0000000 --- a/include/ldns/duration.h +++ /dev/null @@ -1,109 +0,0 @@ -/* - * $Id: duration.h 4341 2011-01-31 15:21:09Z matthijs $ - * - * Copyright (c) 2009 NLNet Labs. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE - * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER - * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN - * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * - * This file is copied from the OpenDNSSEC source repository - * and only slightly adapted to make it fit. - */ - -/** - * - * Durations. - */ - -#ifndef LDNS_DURATION_H -#define LDNS_DURATION_H - -#include -#include - -/** - * Duration. - * - */ -typedef struct ldns_duration_struct ldns_duration_type; -struct ldns_duration_struct -{ - time_t years; - time_t months; - time_t weeks; - time_t days; - time_t hours; - time_t minutes; - time_t seconds; -}; - -/** - * Create a new 'instant' duration. - * \return ldns_duration_type* created duration - * - */ -ldns_duration_type* ldns_duration_create(void); - -/** - * Compare durations. - * \param[in] d1 one duration - * \param[in] d2 another duration - * \return int 0 if equal, -1 if d1 < d2, 1 if d2 < d1 - * - */ -int ldns_duration_compare(ldns_duration_type* d1, ldns_duration_type* d2); - -/** - * Create a duration from string. - * \param[in] str string-format duration - * \return ldns_duration_type* created duration - * - */ -ldns_duration_type* ldns_duration_create_from_string(const char* str); - -/** - * Convert a duration to a string. - * \param[in] duration duration to be converted - * \return char* string-format duration - * - */ -char* ldns_duration2string(ldns_duration_type* duration); - -/** - * Convert a duration to a time. - * \param[in] duration duration to be converted - * \return time_t time-format duration - * - */ -time_t ldns_duration2time(ldns_duration_type* duration); - -/** - * Clean up duration. - * \param[in] duration duration to be cleaned up - * - */ -void ldns_duration_cleanup(ldns_duration_type* duration); - -#endif /* LDNS_DURATION_H */ diff --git a/include/ldns/error.h b/include/ldns/error.h deleted file mode 100644 index cc11958..0000000 --- a/include/ldns/error.h +++ /dev/null @@ -1,147 +0,0 @@ -/** - * \file error.h - * - * Defines error numbers and functions to translate those to a readable string. - * - */ - -/** - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -#ifndef LDNS_ERROR_H -#define LDNS_ERROR_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -enum ldns_enum_status { - LDNS_STATUS_OK, - LDNS_STATUS_EMPTY_LABEL, - LDNS_STATUS_LABEL_OVERFLOW, - LDNS_STATUS_DOMAINNAME_OVERFLOW, - LDNS_STATUS_DOMAINNAME_UNDERFLOW, - LDNS_STATUS_DDD_OVERFLOW, - LDNS_STATUS_PACKET_OVERFLOW, - LDNS_STATUS_INVALID_POINTER, - LDNS_STATUS_MEM_ERR, - LDNS_STATUS_INTERNAL_ERR, - LDNS_STATUS_SSL_ERR, - LDNS_STATUS_ERR, - LDNS_STATUS_INVALID_INT, - LDNS_STATUS_INVALID_IP4, - LDNS_STATUS_INVALID_IP6, - LDNS_STATUS_INVALID_STR, - LDNS_STATUS_INVALID_B32_EXT, - LDNS_STATUS_INVALID_B64, - LDNS_STATUS_INVALID_HEX, - LDNS_STATUS_INVALID_TIME, - LDNS_STATUS_NETWORK_ERR, - LDNS_STATUS_ADDRESS_ERR, - LDNS_STATUS_FILE_ERR, - LDNS_STATUS_UNKNOWN_INET, - LDNS_STATUS_NOT_IMPL, - LDNS_STATUS_NULL, - LDNS_STATUS_CRYPTO_UNKNOWN_ALGO, - LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL, - LDNS_STATUS_CRYPTO_NO_RRSIG, - LDNS_STATUS_CRYPTO_NO_DNSKEY, - LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY, - LDNS_STATUS_CRYPTO_NO_DS, - LDNS_STATUS_CRYPTO_NO_TRUSTED_DS, - LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY, - LDNS_STATUS_CRYPTO_VALIDATED, - LDNS_STATUS_CRYPTO_BOGUS, - LDNS_STATUS_CRYPTO_SIG_EXPIRED, - LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED, - LDNS_STATUS_CRYPTO_TSIG_BOGUS, - LDNS_STATUS_CRYPTO_TSIG_ERR, - LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION, - LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR, - LDNS_STATUS_ENGINE_KEY_NOT_LOADED, - LDNS_STATUS_NSEC3_ERR, - LDNS_STATUS_RES_NO_NS, - LDNS_STATUS_RES_QUERY, - LDNS_STATUS_WIRE_INCOMPLETE_HEADER, - LDNS_STATUS_WIRE_INCOMPLETE_QUESTION, - LDNS_STATUS_WIRE_INCOMPLETE_ANSWER, - LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY, - LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL, - LDNS_STATUS_NO_DATA, - LDNS_STATUS_CERT_BAD_ALGORITHM, - LDNS_STATUS_SYNTAX_TYPE_ERR, - LDNS_STATUS_SYNTAX_CLASS_ERR, - LDNS_STATUS_SYNTAX_TTL_ERR, - LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL, - LDNS_STATUS_SYNTAX_RDATA_ERR, - LDNS_STATUS_SYNTAX_DNAME_ERR, - LDNS_STATUS_SYNTAX_VERSION_ERR, - LDNS_STATUS_SYNTAX_ALG_ERR, - LDNS_STATUS_SYNTAX_KEYWORD_ERR, - LDNS_STATUS_SYNTAX_TTL, - LDNS_STATUS_SYNTAX_ORIGIN, - LDNS_STATUS_SYNTAX_INCLUDE, - LDNS_STATUS_SYNTAX_EMPTY, - LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW, - LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR, - LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW, - LDNS_STATUS_SYNTAX_BAD_ESCAPE, - LDNS_STATUS_SOCKET_ERROR, - LDNS_STATUS_SYNTAX_ERR, - LDNS_STATUS_DNSSEC_EXISTENCE_DENIED, - LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED, - LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED, - LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND, - LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG, - LDNS_STATUS_MISSING_RDATA_FIELDS_KEY, - LDNS_STATUS_CRYPTO_SIG_EXPIRED_WITHIN_MARGIN, - LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED_WITHIN_MARGIN, - LDNS_STATUS_DANE_STATUS_MESSAGES, - LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE, - LDNS_STATUS_DANE_UNKNOWN_SELECTOR, - LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE, - LDNS_STATUS_DANE_UNKNOWN_PROTOCOL, - LDNS_STATUS_DANE_UNKNOWN_TRANSPORT, - LDNS_STATUS_DANE_MISSING_EXTRA_CERTS, - LDNS_STATUS_DANE_EXTRA_CERTS_NOT_USED, - LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE, - LDNS_STATUS_DANE_INSECURE, - LDNS_STATUS_DANE_BOGUS, - LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH, - LDNS_STATUS_DANE_NON_CA_CERTIFICATE, - LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE, - LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR, - LDNS_STATUS_EXISTS_ERR, - LDNS_STATUS_INVALID_ILNP64, - LDNS_STATUS_INVALID_EUI48, - LDNS_STATUS_INVALID_EUI64, - LDNS_STATUS_WIRE_RDATA_ERR, - LDNS_STATUS_INVALID_TAG, - LDNS_STATUS_TYPE_NOT_IN_BITMAP, - LDNS_STATUS_INVALID_RDF_TYPE, - LDNS_STATUS_RDATA_OVERFLOW -}; -typedef enum ldns_enum_status ldns_status; - -extern ldns_lookup_table ldns_error_str[]; - -/** - * look up a descriptive text by each error. This function - * could use a better name - * \param[in] err ldns_status number - * \return the string for that error - */ -const char *ldns_get_errorstr_by_id(ldns_status err); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_ERROR_H */ diff --git a/include/ldns/higher.h b/include/ldns/higher.h deleted file mode 100644 index 597e134..0000000 --- a/include/ldns/higher.h +++ /dev/null @@ -1,113 +0,0 @@ -/** - * \file higher.h - * - * Specifies some higher level functions that could - * be useful for certain applications - */ - -/* - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -#ifndef LDNS_HIGHER_H -#define LDNS_HIGHER_H - -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Ask the resolver about name - * and return all address records - * \param[in] r the resolver to use - * \param[in] name the name to look for - * \param[in] c the class to use - * \param[in] flags give some optional flags to the query - */ -ldns_rr_list *ldns_get_rr_list_addr_by_name(ldns_resolver *r, ldns_rdf *name, ldns_rr_class c, uint16_t flags); - -/** - * ask the resolver about the address - * and return the name - * \param[in] r the resolver to use - * \param[in] addr the addr to look for - * \param[in] c the class to use - * \param[in] flags give some optional flags to the query - */ -ldns_rr_list *ldns_get_rr_list_name_by_addr(ldns_resolver *r, ldns_rdf *addr, ldns_rr_class c, uint16_t flags); - -/** - * wade through fp (a /etc/hosts like file) - * and return a rr_list containing all the - * defined hosts in there - * \param[in] fp the file pointer to use - * \return ldns_rr_list * with the names - */ -ldns_rr_list *ldns_get_rr_list_hosts_frm_fp(FILE *fp); - -/** - * wade through fp (a /etc/hosts like file) - * and return a rr_list containing all the - * defined hosts in there - * \param[in] fp the file pointer to use - * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) - * \return ldns_rr_list * with the names - */ -ldns_rr_list *ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr); - -/** - * wade through fp (a /etc/hosts like file) - * and return a rr_list containing all the - * defined hosts in there - * \param[in] filename the filename to use (NULL for /etc/hosts) - * \return ldns_rr_list * with the names - */ -ldns_rr_list *ldns_get_rr_list_hosts_frm_file(char *filename); - -/** - * This function is a wrapper function for ldns_get_rr_list_name_by_addr - * and ldns_get_rr_list_addr_by_name. It's name is from the getaddrinfo() - * library call. It tries to mimic that call, but without the lowlevel - * stuff. - * \param[in] res The resolver. If this value is NULL then a resolver will - * be created by ldns_getaddrinfo. - * \param[in] node the name or ip address to look up - * \param[in] c the class to look in - * \param[out] list put the found RR's in this list - * \return the number of RR found. - */ -uint16_t ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c, ldns_rr_list **list); - -/** - * Check if t is enumerated in the nsec type rdata - * \param[in] nsec the NSEC Record to look in - * \param[in] t the type to check for - * \return true when t is found, otherwise return false - */ -bool ldns_nsec_type_check(ldns_rr *nsec, ldns_rr_type t); - -/** - * Print a number of rdf's of the RR. The rdfnum-list must - * be ended by -1, otherwise unpredictable things might happen. - * rdfs may be printed multiple times - * \param[in] fp FILE * to write to - * \param[in] r RR to write - * \param[in] rdfnum a list of rdf to print. - */ -void ldns_print_rr_rdf(FILE *fp, ldns_rr *r, int rdfnum, ...); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_HIGHER_H */ diff --git a/include/ldns/host2str.h b/include/ldns/host2str.h deleted file mode 100644 index e69389e..0000000 --- a/include/ldns/host2str.h +++ /dev/null @@ -1,891 +0,0 @@ -/** - * host2str.h - txt presentation of RRs - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -/** - * \file - * - * Contains functions to translate the main structures to their text - * representation, as well as functions to print them. - */ - -#ifndef LDNS_HOST2STR_H -#define LDNS_HOST2STR_H - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include "ldns/util.h" - -#ifdef __cplusplus -extern "C" { -#endif - -#define LDNS_APL_IP4 1 -#define LDNS_APL_IP6 2 -#define LDNS_APL_MASK 0x7f -#define LDNS_APL_NEGATION 0x80 - -/** - * Represent a NULL pointer (instead of a pointer to a ldns_rr as "; (null)" - * as opposed to outputting nothing at all in such a case. - */ -/* Flag Name Flag Nr. Has data associated - ---------------------------------------------------------------------*/ -#define LDNS_COMMENT_NULLS (1 << 0) -/** Show key id with DNSKEY RR's as comment */ -#define LDNS_COMMENT_KEY_ID (1 << 1) -/** Show if a DNSKEY is a ZSK or KSK as comment */ -#define LDNS_COMMENT_KEY_TYPE (1 << 2) -/** Show DNSKEY key size as comment */ -#define LDNS_COMMENT_KEY_SIZE (1 << 3) -/** Provide bubblebabble representation for DS RR's as comment */ -#define LDNS_COMMENT_BUBBLEBABBLE (1 << 4) -/** Show when a NSEC3 RR has the optout flag set as comment */ -#define LDNS_COMMENT_FLAGS (1 << 5) -/** Show the unhashed owner and next owner names for NSEC3 RR's as comment */ -#define LDNS_COMMENT_NSEC3_CHAIN (1 << 6) /* yes */ -/** Print mark up */ -#define LDNS_COMMENT_LAYOUT (1 << 7) -/** Also comment KEY_ID with RRSIGS **/ -#define LDNS_COMMENT_RRSIGS (1 << 8) -#define LDNS_FMT_ZEROIZE_RRSIGS (1 << 9) -#define LDNS_FMT_PAD_SOA_SERIAL (1 << 10) -#define LDNS_FMT_RFC3597 (1 << 11) /* yes */ - -#define LDNS_FMT_FLAGS_WITH_DATA 2 - -/** Show key id, type and size as comment for DNSKEY RR's */ -#define LDNS_COMMENT_KEY (LDNS_COMMENT_KEY_ID \ - |LDNS_COMMENT_KEY_TYPE\ - |LDNS_COMMENT_KEY_SIZE) - -/** - * Output format specifier - * - * Determines how Packets, Resource Records and Resource record data fiels are - * formatted when printing or converting to string. - * Currently it is only used to specify what aspects of a Resource Record are - * annotated in the comment section of the textual representation the record. - * This is speciefed with flags and potential exra data (such as for example - * a lookup map of hashes to real names for annotation NSEC3 records). - */ -struct ldns_struct_output_format -{ - /** Specification of how RR's should be formatted in text */ - int flags; - /** Potential extra data to be used with formatting RR's in text */ - void *data; -}; -typedef struct ldns_struct_output_format ldns_output_format; - -/** - * Output format struct with additional data for flags that use them. - * This struct may not be initialized directly. Use ldns_output_format_init - * to initialize. - */ -struct ldns_struct_output_format_storage -{ int flags; - ldns_rbtree_t* hashmap; /* for LDNS_COMMENT_NSEC3_CHAIN */ - ldns_rdf* bitmap; /* for LDNS_FMT_RFC3597 */ -}; -typedef struct ldns_struct_output_format_storage ldns_output_format_storage; - -/** - * Standard output format record that disables commenting in the textual - * representation of Resource Records completely. - */ -extern const ldns_output_format *ldns_output_format_nocomments; -/** - * Standard output format record that annotated only DNSKEY RR's with commenti - * text. - */ -extern const ldns_output_format *ldns_output_format_onlykeyids; -/** - * The default output format record. Same as ldns_output_format_onlykeyids. - */ -extern const ldns_output_format *ldns_output_format_default; -/** - * Standard output format record that shows all DNSKEY related information in - * the comment text, plus the optout flag when set with NSEC3's, plus the - * bubblebabble representation of DS RR's. - */ -extern const ldns_output_format *ldns_output_format_bubblebabble; - -/** - * Initialize output format storage to the default value. - * \param[in] fmt A reference to an output_format_ storage struct - * \return The initialized storage struct typecasted to ldns_output_format - */ -INLINE -ldns_output_format* ldns_output_format_init(ldns_output_format_storage* fmt) { - fmt->flags = ldns_output_format_default->flags; - fmt->hashmap = NULL; - fmt->bitmap = NULL; - return (ldns_output_format*)fmt; -} - -/** - * Set an ouput format flag. - */ -INLINE void ldns_output_format_set(ldns_output_format* fmt, int flag) { - fmt->flags |= flag; -} - -/** - * Clear an ouput format flag. - */ -INLINE void ldns_output_format_clear(ldns_output_format* fmt, int flag) { - fmt->flags &= !flag; -} - -/** - * Makes sure the LDNS_FMT_RFC3597 is set in the output format. - * Marks the type to be printed in RFC3597 format. - * /param[in] fmt the output format to update - * /param[in] the type to be printed in RFC3597 format - * /return LDNS_STATUS_OK on success - */ -ldns_status -ldns_output_format_set_type(ldns_output_format* fmt, ldns_rr_type type); - -/** - * Makes sure the LDNS_FMT_RFC3597 is set in the output format. - * Marks the type to not be printed in RFC3597 format. When no other types - * have been marked before, all known types (except the given one) will be - * marked for printing in RFC3597 format. - * /param[in] fmt the output format to update - * /param[in] the type not to be printed in RFC3597 format - * /return LDNS_STATUS_OK on success - */ -ldns_status -ldns_output_format_clear_type(ldns_output_format* fmt, ldns_rr_type type); - -/** - * Converts an ldns packet opcode value to its mnemonic, and adds that - * to the output buffer - * \param[in] *output the buffer to add the data to - * \param[in] opcode to find the string representation of - * \return LDNS_STATUS_OK on success, or a buffer failure mode on error - */ -ldns_status -ldns_pkt_opcode2buffer_str(ldns_buffer *output, ldns_pkt_opcode opcode); - -/** - * Converts an ldns packet rcode value to its mnemonic, and adds that - * to the output buffer - * \param[in] *output the buffer to add the data to - * \param[in] rcode to find the string representation of - * \return LDNS_STATUS_OK on success, or a buffer failure mode on error - */ -ldns_status -ldns_pkt_rcode2buffer_str(ldns_buffer *output, ldns_pkt_rcode rcode); - -/** - * Converts an ldns algorithm type to its mnemonic, and adds that - * to the output buffer - * \param[in] *output the buffer to add the data to - * \param[in] algorithm to find the string representation of - * \return LDNS_STATUS_OK on success, or a buffer failure mode on error - */ -ldns_status -ldns_algorithm2buffer_str(ldns_buffer *output, - ldns_algorithm algorithm); - -/** - * Converts an ldns certificate algorithm type to its mnemonic, - * and adds that to the output buffer - * \param[in] *output the buffer to add the data to - * \param[in] cert_algorithm to find the string representation of - * \return LDNS_STATUS_OK on success, or a buffer failure mode on error - */ -ldns_status -ldns_cert_algorithm2buffer_str(ldns_buffer *output, - ldns_cert_algorithm cert_algorithm); - - -/** - * Converts a packet opcode to its mnemonic and returns that as - * an allocated null-terminated string. - * Remember to free it. - * - * \param[in] opcode the opcode to convert to text - * \return null terminated char * data, or NULL on error - */ -char *ldns_pkt_opcode2str(ldns_pkt_opcode opcode); - -/** - * Converts a packet rcode to its mnemonic and returns that as - * an allocated null-terminated string. - * Remember to free it. - * - * \param[in] rcode the rcode to convert to text - * \return null terminated char * data, or NULL on error - */ -char *ldns_pkt_rcode2str(ldns_pkt_rcode rcode); - -/** - * Converts a signing algorithms to its mnemonic and returns that as - * an allocated null-terminated string. - * Remember to free it. - * - * \param[in] algorithm the algorithm to convert to text - * \return null terminated char * data, or NULL on error - */ -char *ldns_pkt_algorithm2str(ldns_algorithm algorithm); - -/** - * Converts a cert algorithm to its mnemonic and returns that as - * an allocated null-terminated string. - * Remember to free it. - * - * \param[in] cert_algorithm to convert to text - * \return null terminated char * data, or NULL on error - */ -char *ldns_pkt_cert_algorithm2str(ldns_cert_algorithm cert_algorithm); - -/** - * Converts an LDNS_RDF_TYPE_A rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_a(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_AAAA rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_aaaa(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_STR rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_str(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_B64 rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_b64(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_B32_EXT rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_b32_ext(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_HEX rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_hex(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_TYPE rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_type(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_CLASS rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_class(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_ALG rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_alg(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an ldns_rr_type value to its string representation, - * and places it in the given buffer - * \param[in] *output The buffer to add the data to - * \param[in] type the ldns_rr_type to convert - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rr_type2buffer_str(ldns_buffer *output, - const ldns_rr_type type); - -/** - * Converts an ldns_rr_type value to its string representation, - * and returns that string. For unknown types, the string - * "TYPE" is returned. This function allocates data that must be - * freed by the caller - * \param[in] type the ldns_rr_type to convert - * \return a newly allocated string - */ -char *ldns_rr_type2str(const ldns_rr_type type); - -/** - * Converts an ldns_rr_class value to its string representation, - * and places it in the given buffer - * \param[in] *output The buffer to add the data to - * \param[in] klass the ldns_rr_class to convert - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rr_class2buffer_str(ldns_buffer *output, - const ldns_rr_class klass); - -/** - * Converts an ldns_rr_class value to its string representation, - * and returns that string. For unknown types, the string - * "CLASS" is returned. This function allocates data that must be - * freed by the caller - * \param[in] klass the ldns_rr_class to convert - * \return a newly allocated string - */ -char *ldns_rr_class2str(const ldns_rr_class klass); - - -/** - * Converts an LDNS_RDF_TYPE_CERT rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_cert_alg(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_LOC rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_loc(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_UNKNOWN rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_unknown(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_NSAP rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_nsap(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_ATMA rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_atma(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_WKS rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_wks(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_NSEC rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_nsec(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_PERIOD rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_period(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_TSIGTIME rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_tsigtime(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_APL rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_apl(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_INT16_DATA rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_int16_data(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_IPSECKEY rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts the data in the rdata field to presentation - * format (as char *) and appends it to the given buffer - * - * \param[in] output pointer to the buffer to append the data to - * \param[in] rdf the pointer to the rdafa field containing the data - * \return status - */ -ldns_status ldns_rdf2buffer_str(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts the data in the resource record to presentation - * format (as char *) and appends it to the given buffer. - * The presentation format of DNSKEY record is annotated with comments giving - * the id, type and size of the key. - * - * \param[in] output pointer to the buffer to append the data to - * \param[in] rr the pointer to the rr field to convert - * \return status - */ -ldns_status ldns_rr2buffer_str(ldns_buffer *output, const ldns_rr *rr); - -/** - * Converts the data in the resource record to presentation - * format (as char *) and appends it to the given buffer. - * The presentation format is annotated with comments giving - * additional information on the record. - * - * \param[in] output pointer to the buffer to append the data to - * \param[in] fmt how to format the textual representation of the - * resource record. - * \param[in] rr the pointer to the rr field to convert - * \return status - */ -ldns_status ldns_rr2buffer_str_fmt(ldns_buffer *output, - const ldns_output_format *fmt, const ldns_rr *rr); - -/** - * Converts the data in the DNS packet to presentation - * format (as char *) and appends it to the given buffer - * - * \param[in] output pointer to the buffer to append the data to - * \param[in] pkt the pointer to the packet to convert - * \return status - */ -ldns_status ldns_pkt2buffer_str(ldns_buffer *output, const ldns_pkt *pkt); - -/** - * Converts the data in the DNS packet to presentation - * format (as char *) and appends it to the given buffer - * - * \param[in] output pointer to the buffer to append the data to - * \param[in] fmt how to format the textual representation of the packet - * \param[in] pkt the pointer to the packet to convert - * \return status - */ -ldns_status ldns_pkt2buffer_str_fmt(ldns_buffer *output, - const ldns_output_format *fmt, const ldns_pkt *pkt); - -/** - * Converts an LDNS_RDF_TYPE_NSEC3_SALT rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_nsec3_salt(ldns_buffer *output, const ldns_rdf *rdf); - - -/** - * Converts the data in the DNS packet to presentation - * format (as char *) and appends it to the given buffer - * - * \param[in] output pointer to the buffer to append the data to - * \param[in] k the pointer to the private key to convert - * \return status - */ -ldns_status ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k); - -/** - * Converts an LDNS_RDF_TYPE_INT8 rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_int8(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_INT16 rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_int16(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_INT32 rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_TIME rdata element to string format and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_ILNP64 rdata element to 4 hexadecimal numbers - * separated by colons and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_ilnp64(ldns_buffer *output, - const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_EUI48 rdata element to 6 hexadecimal numbers - * separated by dashes and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_eui48(ldns_buffer *output, - const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_EUI64 rdata element to 8 hexadecimal numbers - * separated by dashes and adds it to the output buffer - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_eui64(ldns_buffer *output, - const ldns_rdf *rdf); - -/** - * Adds the LDNS_RDF_TYPE_TAG rdata to the output buffer, - * provided it contains only alphanumeric characters. - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_tag(ldns_buffer *output, - const ldns_rdf *rdf); - -/** - * Adds the LDNS_RDF_TYPE_LONG_STR rdata to the output buffer, in-between - * double quotes and all non printable characters properly escaped. - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_long_str(ldns_buffer *output, - const ldns_rdf *rdf); - -/** - * Converts an LDNS_RDF_TYPE_HIP rdata element to presentation format for - * the algorithm, HIT and Public Key and adds it the output buffer . - * \param[in] *rdf The rdata to convert - * \param[in] *output The buffer to add the data to - * \return LDNS_STATUS_OK on success, and error status on failure - */ -ldns_status ldns_rdf2buffer_str_hip(ldns_buffer *output, - const ldns_rdf *rdf); - -/** - * Converts the data in the rdata field to presentation format and - * returns that as a char *. - * Remember to free it. - * - * \param[in] rdf The rdata field to convert - * \return null terminated char * data, or NULL on error - */ -char *ldns_rdf2str(const ldns_rdf *rdf); - -/** - * Converts the data in the resource record to presentation format and - * returns that as a char *. - * Remember to free it. - * - * \param[in] rr The rdata field to convert - * \return null terminated char * data, or NULL on error - */ -char *ldns_rr2str(const ldns_rr *rr); - -/** - * Converts the data in the resource record to presentation format and - * returns that as a char *. - * Remember to free it. - * - * \param[in] fmt how to format the resource record - * \param[in] rr The rdata field to convert - * \return null terminated char * data, or NULL on error - */ -char *ldns_rr2str_fmt(const ldns_output_format *fmt, const ldns_rr *rr); - -/** - * Converts the data in the DNS packet to presentation format and - * returns that as a char *. - * Remember to free it. - * - * \param[in] pkt The rdata field to convert - * \return null terminated char * data, or NULL on error - */ -char *ldns_pkt2str(const ldns_pkt *pkt); - -/** - * Converts the data in the DNS packet to presentation format and - * returns that as a char *. - * Remember to free it. - * - * \param[in] fmt how to format the packet - * \param[in] pkt The rdata field to convert - * \return null terminated char * data, or NULL on error - */ -char *ldns_pkt2str_fmt(const ldns_output_format *fmt, const ldns_pkt *pkt); - -/** - * Converts a private key to the test presentation fmt and - * returns that as a char *. - * Remember to free it. - * - * \param[in] k the key to convert to text - * \return null terminated char * data, or NULL on error - */ -char *ldns_key2str(const ldns_key *k); - -/** - * Converts a list of resource records to presentation format - * and returns that as a char *. - * Remember to free it. - * - * \param[in] rr_list the rr_list to convert to text - * \return null terminated char * data, or NULL on error - */ -char *ldns_rr_list2str(const ldns_rr_list *rr_list); - -/** - * Converts a list of resource records to presentation format - * and returns that as a char *. - * Remember to free it. - * - * \param[in] fmt how to format the list of resource records - * \param[in] rr_list the rr_list to convert to text - * \return null terminated char * data, or NULL on error - */ -char *ldns_rr_list2str_fmt( - const ldns_output_format *fmt, const ldns_rr_list *rr_list); - -/** - * Returns a copy of the data in the buffer as a null terminated - * char * string. The returned string must be freed by the caller. - * The buffer must be in write modus and may thus not have been flipped. - * - * \param[in] buffer buffer containing char * data - * \return null terminated char * data, or NULL on error - */ -char *ldns_buffer2str(ldns_buffer *buffer); - -/** - * Exports and returns the data in the buffer as a null terminated - * char * string. The returned string must be freed by the caller. - * The buffer must be in write modus and may thus not have been flipped. - * The buffer is fixed after this function returns. - * - * \param[in] buffer buffer containing char * data - * \return null terminated char * data, or NULL on error - */ -char *ldns_buffer_export2str(ldns_buffer *buffer); - -/** - * Prints the data in the rdata field to the given file stream - * (in presentation format) - * - * \param[in] output the file stream to print to - * \param[in] rdf the rdata field to print - * \return void - */ -void ldns_rdf_print(FILE *output, const ldns_rdf *rdf); - -/** - * Prints the data in the resource record to the given file stream - * (in presentation format) - * - * \param[in] output the file stream to print to - * \param[in] rr the resource record to print - * \return void - */ -void ldns_rr_print(FILE *output, const ldns_rr *rr); - -/** - * Prints the data in the resource record to the given file stream - * (in presentation format) - * - * \param[in] output the file stream to print to - * \param[in] fmt format of the textual representation - * \param[in] rr the resource record to print - * \return void - */ -void ldns_rr_print_fmt(FILE *output, - const ldns_output_format *fmt, const ldns_rr *rr); - -/** - * Prints the data in the DNS packet to the given file stream - * (in presentation format) - * - * \param[in] output the file stream to print to - * \param[in] pkt the packet to print - * \return void - */ -void ldns_pkt_print(FILE *output, const ldns_pkt *pkt); - -/** - * Prints the data in the DNS packet to the given file stream - * (in presentation format) - * - * \param[in] output the file stream to print to - * \param[in] fmt format of the textual representation - * \param[in] pkt the packet to print - * \return void - */ -void ldns_pkt_print_fmt(FILE *output, - const ldns_output_format *fmt, const ldns_pkt *pkt); - -/** - * Converts a rr_list to presentation format and appends it to - * the output buffer - * \param[in] output the buffer to append output to - * \param[in] list the ldns_rr_list to print - * \return ldns_status - */ -ldns_status ldns_rr_list2buffer_str(ldns_buffer *output, const ldns_rr_list *list); - -/** - * Converts a rr_list to presentation format and appends it to - * the output buffer - * \param[in] output the buffer to append output to - * \param[in] fmt format of the textual representation - * \param[in] list the ldns_rr_list to print - * \return ldns_status - */ -ldns_status ldns_rr_list2buffer_str_fmt(ldns_buffer *output, - const ldns_output_format *fmt, const ldns_rr_list *list); - -/** - * Converts the header of a packet to presentation format and appends it to - * the output buffer - * \param[in] output the buffer to append output to - * \param[in] pkt the packet to convert the header of - * \return ldns_status - */ -ldns_status ldns_pktheader2buffer_str(ldns_buffer *output, const ldns_pkt *pkt); - -/** - * print a rr_list to output - * \param[in] output the fd to print to - * \param[in] list the rr_list to print - */ -void ldns_rr_list_print(FILE *output, const ldns_rr_list *list); - -/** - * print a rr_list to output - * \param[in] output the fd to print to - * \param[in] fmt format of the textual representation - * \param[in] list the rr_list to print - */ -void ldns_rr_list_print_fmt(FILE *output, - const ldns_output_format *fmt, const ldns_rr_list *list); - -/** - * Print a resolver (in sofar that is possible) state - * to output. - * \param[in] output the fd to print to - * \param[in] r the resolver to print - */ -void ldns_resolver_print(FILE *output, const ldns_resolver *r); - -/** - * Print a resolver (in sofar that is possible) state - * to output. - * \param[in] output the fd to print to - * \param[in] fmt format of the textual representation - * \param[in] r the resolver to print - */ -void ldns_resolver_print_fmt(FILE *output, - const ldns_output_format *fmt, const ldns_resolver *r); - -/** - * Print a zone structure * to output. Note the SOA record - * is included in this output - * \param[in] output the fd to print to - * \param[in] z the zone to print - */ -void ldns_zone_print(FILE *output, const ldns_zone *z); - -/** - * Print a zone structure * to output. Note the SOA record - * is included in this output - * \param[in] output the fd to print to - * \param[in] fmt format of the textual representation - * \param[in] z the zone to print - */ -void ldns_zone_print_fmt(FILE *output, - const ldns_output_format *fmt, const ldns_zone *z); - -/** - * Print the ldns_rdf containing a dname to the buffer - * \param[in] output the buffer to print to - * \param[in] dname the dname to print - * \return ldns_status message if the printing succeeded - */ -ldns_status ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_HOST2STR_H */ diff --git a/include/ldns/host2wire.h b/include/ldns/host2wire.h deleted file mode 100644 index 94693cd..0000000 --- a/include/ldns/host2wire.h +++ /dev/null @@ -1,197 +0,0 @@ -/* - * host2wire.h - 2wire conversion routines - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -/** - * \file - * - * Contains all functions to translate the main structures to wire format - */ - -#ifndef LDNS_HOST2WIRE_H -#define LDNS_HOST2WIRE_H - -#include -#include -#include -#include -#include -#include -#include - -#include "ldns/util.h" - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * Copies the dname data to the buffer in wire format - * \param[out] *buffer buffer to append the result to - * \param[in] *name rdata dname to convert - * \return ldns_status - */ -ldns_status ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name); - -/** - * Copies the dname data to the buffer in wire format - * \param[out] *buffer buffer to append the result to - * \param[in] *name rdata dname to convert - * \param[out] *compression_data data structure holding state for compression - * \return ldns_status - */ -ldns_status ldns_dname2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *name, ldns_rbtree_t *compression_data); - -/** - * Copies the rdata data to the buffer in wire format - * \param[out] *output buffer to append the result to - * \param[in] *rdf rdata to convert - * \return ldns_status - */ -ldns_status ldns_rdf2buffer_wire(ldns_buffer *output, const ldns_rdf *rdf); - -/** - * Copies the rdata data to the buffer in wire format - * \param[out] *output buffer to append the result to - * \param[in] *rdf rdata to convert - * \param[out] *compression_data data structure holding state for compression - * \return ldns_status - */ -ldns_status ldns_rdf2buffer_wire_compress(ldns_buffer *output, const ldns_rdf *rdf, ldns_rbtree_t *compression_data); - -/** - * Copies the rdata data to the buffer in wire format - * If the rdata is a dname, the letters will be lowercased - * during the conversion - * \param[out] *output buffer to append the result to - * \param[in] *rdf rdata to convert - * \return ldns_status - */ -ldns_status ldns_rdf2buffer_wire_canonical(ldns_buffer *output, - const ldns_rdf *rdf); - -/** - * Copies the rr data to the buffer in wire format - * \param[out] *output buffer to append the result to - * \param[in] *rr resource record to convert - * \param[in] section the section in the packet this rr is supposed to be in - * (to determine whether to add rdata or not) - * \return ldns_status - */ -ldns_status ldns_rr2buffer_wire(ldns_buffer *output, - const ldns_rr *rr, - int section); - -/** - * Copies the rr data to the buffer in wire format while doing DNAME compression - * \param[out] *output buffer to append the result to - * \param[in] *rr resource record to convert - * \param[in] section the section in the packet this rr is supposed to be in - * (to determine whether to add rdata or not) - * \param[out] *compression_data data structure holding state information for compression - * \return ldns_status - */ -ldns_status ldns_rr2buffer_wire_compress(ldns_buffer *output, - const ldns_rr *rr, - int section, - ldns_rbtree_t *compression_data); - -/** - * Copies the rr data to the buffer in wire format, in canonical format - * according to RFC3597 (every dname in rdata fields of RR's mentioned in - * that RFC will be lowercased) - * \param[out] *output buffer to append the result to - * \param[in] *rr resource record to convert - * \param[in] section the section in the packet this rr is supposed to be in - * (to determine whether to add rdata or not) - * \return ldns_status - */ -ldns_status ldns_rr2buffer_wire_canonical(ldns_buffer *output, - const ldns_rr *rr, - int section); - - -/** - * Converts a rrsig to wireformat BUT EXCLUDE the rrsig rdata - * This is needed in DNSSEC verification - * \param[out] output buffer to append the result to - * \param[in] sigrr signature rr to operate on - * \return ldns_status - */ -ldns_status ldns_rrsig2buffer_wire(ldns_buffer *output, const ldns_rr *sigrr); - -/** - * Converts an rr's rdata to wireformat, while excluding - * the ownername and all the stuff before the rdata. - * This is needed in DNSSEC keytag calculation, the ds - * calcalution from the key and maybe elsewhere. - * - * \param[out] *output buffer where to put the result - * \param[in] *rr rr to operate on - * \return ldns_status - */ -ldns_status ldns_rr_rdata2buffer_wire(ldns_buffer *output, const ldns_rr *rr); - -/** - * Copies the packet data to the buffer in wire format - * \param[out] *output buffer to append the result to - * \param[in] *pkt packet to convert - * \return ldns_status - */ -ldns_status ldns_pkt2buffer_wire(ldns_buffer *output, const ldns_pkt *pkt); - -/** - * Copies the rr_list data to the buffer in wire format - * \param[out] *output buffer to append the result to - * \param[in] *rrlist rr_list to to convert - * \return ldns_status - */ -ldns_status ldns_rr_list2buffer_wire(ldns_buffer *output, const ldns_rr_list *rrlist); - -/** - * Allocates an array of uint8_t at dest, and puts the wireformat of the - * given rdf in that array. The result_size value contains the - * length of the array, if it succeeds, and 0 otherwise (in which case - * the function also returns NULL) - * - * \param[out] dest pointer to the array of bytes to be created - * \param[in] rdf the rdata field to convert - * \param[out] size the size of the converted result - */ -ldns_status ldns_rdf2wire(uint8_t **dest, const ldns_rdf *rdf, size_t *size); - -/** - * Allocates an array of uint8_t at dest, and puts the wireformat of the - * given rr in that array. The result_size value contains the - * length of the array, if it succeeds, and 0 otherwise (in which case - * the function also returns NULL) - * - * If the section argument is LDNS_SECTION_QUESTION, data like ttl and rdata - * are not put into the result - * - * \param[out] dest pointer to the array of bytes to be created - * \param[in] rr the rr to convert - * \param[in] section the rr section, determines how the rr is written. - * \param[out] size the size of the converted result - */ -ldns_status ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int section, size_t *size); - -/** - * Allocates an array of uint8_t at dest, and puts the wireformat of the - * given packet in that array. The result_size value contains the - * length of the array, if it succeeds, and 0 otherwise (in which case - * the function also returns NULL) - */ -ldns_status ldns_pkt2wire(uint8_t **dest, const ldns_pkt *p, size_t *size); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_HOST2WIRE_H */ diff --git a/include/ldns/keys.h b/include/ldns/keys.h deleted file mode 100644 index d3b4873..0000000 --- a/include/ldns/keys.h +++ /dev/null @@ -1,621 +0,0 @@ -/* - * - * keys.h - * - * priv key definitions - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -/** - * \file - * - * Addendum to \ref dnssec.h, this module contains key and algorithm definitions and functions. - */ - - -#ifndef LDNS_KEYS_H -#define LDNS_KEYS_H - -#include -#if LDNS_BUILD_CONFIG_HAVE_SSL -#include -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -extern ldns_lookup_table ldns_signing_algorithms[]; - -#define LDNS_KEY_ZONE_KEY 0x0100 /* rfc 4034 */ -#define LDNS_KEY_SEP_KEY 0x0001 /* rfc 4034 */ -#define LDNS_KEY_REVOKE_KEY 0x0080 /* rfc 5011 */ - -/** - * Algorithms used in dns - */ -enum ldns_enum_algorithm -{ - LDNS_RSAMD5 = 1, /* RFC 4034,4035 */ - LDNS_DH = 2, - LDNS_DSA = 3, - LDNS_ECC = 4, - LDNS_RSASHA1 = 5, - LDNS_DSA_NSEC3 = 6, - LDNS_RSASHA1_NSEC3 = 7, - LDNS_RSASHA256 = 8, /* RFC 5702 */ - LDNS_RSASHA512 = 10, /* RFC 5702 */ - LDNS_ECC_GOST = 12, /* RFC 5933 */ - LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */ - LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */ - LDNS_INDIRECT = 252, - LDNS_PRIVATEDNS = 253, - LDNS_PRIVATEOID = 254 -}; -typedef enum ldns_enum_algorithm ldns_algorithm; - -/** - * Hashing algorithms used in the DS record - */ -enum ldns_enum_hash -{ - LDNS_SHA1 = 1, /* RFC 4034 */ - LDNS_SHA256 = 2, /* RFC 4509 */ - LDNS_HASH_GOST = 3, /* RFC 5933 */ - LDNS_SHA384 = 4 /* RFC 6605 */ -}; -typedef enum ldns_enum_hash ldns_hash; - -/** - * Algorithms used in dns for signing - */ -enum ldns_enum_signing_algorithm -{ - LDNS_SIGN_RSAMD5 = LDNS_RSAMD5, - LDNS_SIGN_RSASHA1 = LDNS_RSASHA1, - LDNS_SIGN_DSA = LDNS_DSA, - LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3, - LDNS_SIGN_RSASHA256 = LDNS_RSASHA256, - LDNS_SIGN_RSASHA512 = LDNS_RSASHA512, - LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3, - LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST, - LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256, - LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384, - LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */ - LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */ - LDNS_SIGN_HMACSHA256 = 159 /* ditto */ -}; -typedef enum ldns_enum_signing_algorithm ldns_signing_algorithm; - -/** - * General key structure, can contain all types of keys that - * are used in DNSSEC. Mostly used to store private keys, since - * public keys can also be stored in a \ref ldns_rr with type - * \ref LDNS_RR_TYPE_DNSKEY. - * - * This structure can also store some variables that influence the - * signatures generated by signing with this key, for instance the - * inception date. - */ -struct ldns_struct_key { - ldns_signing_algorithm _alg; - /** Whether to use this key when signing */ - bool _use; - /** Storage pointers for the types of keys supported */ - /* TODO remove unions? */ - struct { -#if LDNS_BUILD_CONFIG_HAVE_SSL -#ifndef S_SPLINT_S - /* The key can be an OpenSSL EVP Key - */ - EVP_PKEY *key; -#endif -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - /** - * The key can be an HMAC key - */ - struct { - unsigned char *key; - size_t size; - } hmac; - /** the key structure can also just point to some external - * key data - */ - void *external_key; - } _key; - /** Depending on the key we can have extra data */ - union { - /** Some values that influence generated signatures */ - struct { - /** The TTL of the rrset that is currently signed */ - uint32_t orig_ttl; - /** The inception date of signatures made with this key. */ - uint32_t inception; - /** The expiration date of signatures made with this key. */ - uint32_t expiration; - /** The keytag of this key. */ - uint16_t keytag; - /** The dnssec key flags as specified in RFC4035, like ZSK and KSK */ - uint16_t flags; - } dnssec; - } _extra; - /** Owner name of the key */ - ldns_rdf *_pubkey_owner; -}; -typedef struct ldns_struct_key ldns_key; - -/** - * Same as rr_list, but now for keys - */ -struct ldns_struct_key_list -{ - size_t _key_count; - ldns_key **_keys; -}; -typedef struct ldns_struct_key_list ldns_key_list; - - -/** - * Creates a new empty key list - * \return a new ldns_key_list structure pointer - */ -ldns_key_list *ldns_key_list_new(void); - -/** - * Creates a new empty key structure - * \return a new ldns_key * structure - */ -ldns_key *ldns_key_new(void); - -/** - * Creates a new key based on the algorithm - * - * \param[in] a The algorithm to use - * \param[in] size the number of bytes for the keysize - * \return a new ldns_key structure with the key - */ -ldns_key *ldns_key_new_frm_algorithm(ldns_signing_algorithm a, uint16_t size); - -/** - * Creates a new priv key based on the - * contents of the file pointed by fp. - * - * The file should be in Private-key-format v1.x. - * - * \param[out] k the new ldns_key structure - * \param[in] fp the file pointer to use - * \return an error or LDNS_STATUS_OK - */ -ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp); - -/** - * Creates a new private key based on the - * contents of the file pointed by fp - * - * The file should be in Private-key-format v1.x. - * - * \param[out] k the new ldns_key structure - * \param[in] fp the file pointer to use - * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) - * \return an error or LDNS_STATUS_OK - */ -ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr); - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * Read the key with the given id from the given engine and store it - * in the given ldns_key structure. The algorithm type is set - */ -ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm); - - -/** - * frm_fp helper function. This function parses the - * remainder of the (RSA) priv. key file generated from bind9 - * \param[in] fp the file to parse - * \return NULL on failure otherwise a RSA structure - */ -RSA *ldns_key_new_frm_fp_rsa(FILE *fp); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * frm_fp helper function. This function parses the - * remainder of the (RSA) priv. key file generated from bind9 - * \param[in] fp the file to parse - * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) - * \return NULL on failure otherwise a RSA structure - */ -RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * frm_fp helper function. This function parses the - * remainder of the (DSA) priv. key file - * \param[in] fp the file to parse - * \return NULL on failure otherwise a RSA structure - */ -DSA *ldns_key_new_frm_fp_dsa(FILE *fp); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * frm_fp helper function. This function parses the - * remainder of the (DSA) priv. key file - * \param[in] fp the file to parse - * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) - * \return NULL on failure otherwise a RSA structure - */ -DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * frm_fp helper function. This function parses the - * remainder of the (HMAC-MD5) key file - * This function allocated a buffer that needs to be freed - * \param[in] fp the file to parse - * \param[out] hmac_size the number of bits in the resulting buffer - * \return NULL on failure otherwise a newly allocated char buffer - */ -unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size); -#endif - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * frm_fp helper function. This function parses the - * remainder of the (HMAC-MD5) key file - * This function allocated a buffer that needs to be freed - * \param[in] fp the file to parse - * \param[in] line_nr pointer to an integer containing the current line number (for error reporting purposes) - * \param[out] hmac_size the number of bits in the resulting buffer - * \return NULL on failure otherwise a newly allocated char buffer - */ -unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -/* acces write functions */ -/** - * Set the key's algorithm - * \param[in] k the key - * \param[in] l the algorithm - */ -void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l); -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * Set the key's evp key - * \param[in] k the key - * \param[in] e the evp key - */ -void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e); - -/** - * Set the key's rsa data. - * The rsa data should be freed by the user. - * \param[in] k the key - * \param[in] r the rsa data - */ -void ldns_key_set_rsa_key(ldns_key *k, RSA *r); - -/** - * Set the key's dsa data - * The dsa data should be freed by the user. - * \param[in] k the key - * \param[in] d the dsa data - */ -void ldns_key_set_dsa_key(ldns_key *k, DSA *d); - -/** - * Assign the key's rsa data - * The rsa data will be freed automatically when the key is freed. - * \param[in] k the key - * \param[in] r the rsa data - */ -void ldns_key_assign_rsa_key(ldns_key *k, RSA *r); - -/** - * Assign the key's dsa data - * The dsa data will be freed automatically when the key is freed. - * \param[in] k the key - * \param[in] d the dsa data - */ -void ldns_key_assign_dsa_key(ldns_key *k, DSA *d); - -/** - * Get the PKEY id for GOST, loads GOST into openssl as a side effect. - * Only available if GOST is compiled into the library and openssl. - * \return the gost id for EVP_CTX creation. - */ -int ldns_key_EVP_load_gost_id(void); - -/** Release the engine reference held for the GOST engine. */ -void ldns_key_EVP_unload_gost(void); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -/** - * Set the key's hmac data - * \param[in] k the key - * \param[in] hmac the raw key data - */ -void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac); - -/** - * Set the key id data. This is used if the key points to - * some externally stored key data - * - * Only the pointer is set, the data there is not copied, - * and must be freed manually; ldns_key_deep_free() does - * *not* free this data - * \param[in] key the key - * \param[in] external_key key id data - */ -void ldns_key_set_external_key(ldns_key *key, void *external_key); - -/** - * Set the key's hmac size - * \param[in] k the key - * \param[in] hmac_size the size of the hmac data - */ -void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size); -/** - * Set the key's original ttl - * \param[in] k the key - * \param[in] t the ttl - */ -void ldns_key_set_origttl(ldns_key *k, uint32_t t); -/** - * Set the key's inception date (seconds after epoch) - * \param[in] k the key - * \param[in] i the inception - */ -void ldns_key_set_inception(ldns_key *k, uint32_t i); -/** - * Set the key's expiration date (seconds after epoch) - * \param[in] k the key - * \param[in] e the expiration - */ -void ldns_key_set_expiration(ldns_key *k, uint32_t e); -/** - * Set the key's pubkey owner - * \param[in] k the key - * \param[in] r the owner - */ -void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r); -/** - * Set the key's key tag - * \param[in] k the key - * \param[in] tag the keytag - */ -void ldns_key_set_keytag(ldns_key *k, uint16_t tag); -/** - * Set the key's flags - * \param[in] k the key - * \param[in] flags the flags - */ -void ldns_key_set_flags(ldns_key *k, uint16_t flags); -/** - * Set the keylist's key count to count - * \param[in] key the key - * \param[in] count the cuont - */ -void ldns_key_list_set_key_count(ldns_key_list *key, size_t count); - -/** - * pushes a key to a keylist - * \param[in] key_list the key_list to push to - * \param[in] key the key to push - * \return false on error, otherwise true - */ -bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key); - -/** - * returns the number of keys in the key list - * \param[in] key_list the key_list - * \return the numbers of keys in the list - */ -size_t ldns_key_list_key_count(const ldns_key_list *key_list); - -/** - * returns a pointer to the key in the list at the given position - * \param[in] key the key - * \param[in] nr the position in the list - * \return the key - */ -ldns_key *ldns_key_list_key(const ldns_key_list *key, size_t nr); - -#if LDNS_BUILD_CONFIG_HAVE_SSL -/** - * returns the (openssl) RSA struct contained in the key - * \param[in] k the key to look in - * \return the RSA * structure in the key - */ -RSA *ldns_key_rsa_key(const ldns_key *k); -/** - * returns the (openssl) EVP struct contained in the key - * \param[in] k the key to look in - * \return the RSA * structure in the key - */ -EVP_PKEY *ldns_key_evp_key(const ldns_key *k); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -/** - * returns the (openssl) DSA struct contained in the key - */ -#if LDNS_BUILD_CONFIG_HAVE_SSL -DSA *ldns_key_dsa_key(const ldns_key *k); -#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ - -/** - * return the signing alg of the key - * \param[in] k the key - * \return the algorithm - */ -ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k); -/** - * set the use flag - * \param[in] k the key - * \param[in] v the boolean value to set the _use field to - */ -void ldns_key_set_use(ldns_key *k, bool v); -/** - * return the use flag - * \param[in] k the key - * \return the boolean value of the _use field - */ -bool ldns_key_use(const ldns_key *k); -/** - * return the hmac key data - * \param[in] k the key - * \return the hmac key data - */ -unsigned char *ldns_key_hmac_key(const ldns_key *k); -/** - * return the key id key data - * \param[in] k the key - * \return the key id data - */ -void *ldns_key_external_key(const ldns_key *k); -/** - * return the hmac key size - * \param[in] k the key - * \return the hmac key size - */ -size_t ldns_key_hmac_size(const ldns_key *k); -/** - * return the original ttl of the key - * \param[in] k the key - * \return the original ttl - */ -uint32_t ldns_key_origttl(const ldns_key *k); -/** - * return the key's inception date - * \param[in] k the key - * \return the inception date - */ -uint32_t ldns_key_inception(const ldns_key *k); -/** - * return the key's expiration date - * \param[in] k the key - * \return the experiration date - */ -uint32_t ldns_key_expiration(const ldns_key *k); -/** - * return the keytag - * \param[in] k the key - * \return the keytag - */ -uint16_t ldns_key_keytag(const ldns_key *k); -/** - * return the public key's owner - * \param[in] k the key - * \return the owner - */ -ldns_rdf *ldns_key_pubkey_owner(const ldns_key *k); -/** - * Set the 'use' flag for all keys in the list - * \param[in] keys The key_list - * \param[in] v The value to set the use flags to - */ -void -ldns_key_list_set_use(ldns_key_list *keys, bool v); - -/** - * return the flag of the key - * \param[in] k the key - * \return the flag - */ -uint16_t ldns_key_flags(const ldns_key *k); - -/** - * pops the last rr from a keylist - * \param[in] key_list the rr_list to pop from - * \return NULL if nothing to pop. Otherwise the popped RR - */ -ldns_key *ldns_key_list_pop_key(ldns_key_list *key_list); - -/** - * converts a ldns_key to a public key rr - * If the key data exists at an external point, the corresponding - * rdata field must still be added with ldns_rr_rdf_push() to the - * result rr of this function - * - * \param[in] k the ldns_key to convert - * \return ldns_rr representation of the key - */ -ldns_rr *ldns_key2rr(const ldns_key *k); - -/** - * print a private key to the file ouput - * - * \param[in] output the FILE descriptor where to print to - * \param[in] k the ldns_key to print - */ -void ldns_key_print(FILE *output, const ldns_key *k); - -/** - * frees a key structure, but not its internal data structures - * - * \param[in] key the key object to free - */ -void ldns_key_free(ldns_key *key); - -/** - * frees a key structure and all its internal data structures, except - * the data set by ldns_key_set_external_key() - * - * \param[in] key the key object to free - */ -void ldns_key_deep_free(ldns_key *key); - -/** - * Frees a key list structure - * \param[in] key_list the key list object to free - */ -void ldns_key_list_free(ldns_key_list *key_list); - -/** - * Instantiates a DNSKEY or DS RR from file. - * \param[in] filename the file to read the record from - * \return the corresponding RR, or NULL if the parsing failed - */ -ldns_rr * ldns_read_anchor_file(const char *filename); - -/** - * Returns the 'default base name' for key files; - * IE. K\+\+\ - * (without the .key or .private) - * The memory for this is allocated by this function, - * and should be freed by the caller - * - * \param[in] key the key to get the file name from - * \returns A string containing the file base name - */ -char *ldns_key_get_file_base_name(ldns_key *key); - -/** - * See if a key algorithm is supported - * \param[in] algo the signing algorithm number. - * \returns true if supported. - */ -int ldns_key_algo_supported(int algo); - -/** - * Get signing algorithm by name. Comparison is case insensitive. - * \param[in] name string with the name. - * \returns 0 on parse failure or the algorithm number. - */ -ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_KEYS_H */ diff --git a/include/ldns/ldns.h b/include/ldns/ldns.h deleted file mode 100644 index 60663ef..0000000 --- a/include/ldns/ldns.h +++ /dev/null @@ -1,158 +0,0 @@ -/* - * dns.h -- defines for the Domain Name System - * - * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. - * - * This library was created by: - * Jelte Jansen, Erik Rozendaal and Miek Gieben - * - * A bunch of defines that are used in the DNS. - */ - - -/** -\mainpage LDNS Documentation - -\section introduction Introduction - -The goal of ldns is to simplify DNS programming, it supports recent RFCs -like the DNSSEC documents, and allow developers to easily create software -conforming to current RFCs, and experimental software for current Internet -drafts. A secondary benefit of using ldns is speed, because ldns is written -in C, and although it is not optimized for performance, it should be a lot -faster than Perl. - -The first main tool to use ldns is Drill, from which part of the library was -derived. From version 1.0.0 on, drill is included in the ldns release -and will not be distributed separately anymore. The library also includes some -other examples and tools to show how it can be used. These can be found in the -examples/ directory in the tarball. - -ldns depends on OpenSSL for it's cryptographic functions. -Feature list - - - Transparent IPv4 and IPv6 support (overridable if necessary), - - TSIG support, - - DNSSEC support; signing and verification, - - small size, - - online documentation as well as manual pages. - -If you want to send us patches please use the code from git. - -\section using_ldns Using ldns - -Almost all interaction between an application and ldns goes through the ldns -data structures (\ref ldns_rr, \ref ldns_pkt, etc.). These are input or -output to the functions of ldns. For example, \ref ldns_zone_new_frm_fp -reads a zone from a \c FILE pointer, and returns an \ref ldns_zone -structure. - - -Let's use Drill as an example. Drill is a tool much like dig, whose most -basic function is to send 1 query to a nameserver and print the response. - -To be able to do this, drill uses the resolver module of ldns, which acts as -a stub resolver. The resolver module uses the net module to actually send -the query that drill requested. It then uses the wire2host module to -translate the response and place it in ldns' internal structures. These are -passed back to drill, which then uses the host2str module to print the -response in presentation format. - -\section gettingstarted Getting Started - -See the \ref design page for a very high level description of the design -choices made for ldns. - -For an overview of the functions and types ldns provides, you can check out -the \ref ldns ldns header file descriptions. - -If you want to see some libdns action, you can read our tutorials: - - \ref tutorial1_mx - - \ref tutorial2_zone - - \ref tutorial3_signzone - -Or you can just use the menu above to browse through the API docs. - -
-\image html LogoInGradientBar2-y100.png -
-*/ - -/** - * \file ldns.h - * - * Including this file will include all ldns files, and define some lookup tables. - */ - -#ifndef LDNS_DNS_H -#define LDNS_DNS_H - -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define LDNS_IP4ADDRLEN (32/8) -#define LDNS_IP6ADDRLEN (128/8) -#define LDNS_PORT 53 -#define LDNS_ROOT_LABEL_STR "." -#define LDNS_DEFAULT_TTL 3600 - -/* lookup tables for standard DNS stuff */ - -/** Taken from RFC 2538, section 2.1. */ -extern ldns_lookup_table ldns_certificate_types[]; -/** Taken from RFC 2535, section 7. */ -extern ldns_lookup_table ldns_algorithms[]; -/** Taken from RFC 2538. */ -extern ldns_lookup_table ldns_cert_algorithms[]; -/** rr types */ -extern ldns_lookup_table ldns_rr_classes[]; -/** Response codes */ -extern ldns_lookup_table ldns_rcodes[]; -/** Operation codes */ -extern ldns_lookup_table ldns_opcodes[]; -/** EDNS flags */ -extern ldns_lookup_table ldns_edns_flags[]; - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_DNS_H */ diff --git a/include/ldns/net.h b/include/ldns/net.h deleted file mode 100644 index 692a9fb..0000000 --- a/include/ldns/net.h +++ /dev/null @@ -1,207 +0,0 @@ -/* - * net.h - * - * DNS Resolver definitions - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -#ifndef LDNS_NET_H -#define LDNS_NET_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define LDNS_DEFAULT_TIMEOUT_SEC 5 -#define LDNS_DEFAULT_TIMEOUT_USEC 0 - -/** - * \file - * - * Contains functions to send and receive packets over a network. - */ - -/** - * Sends a buffer to an ip using udp and return the respons as a ldns_pkt - * \param[in] qbin the ldns_buffer to be send - * \param[in] to the ip addr to send to - * \param[in] tolen length of the ip addr - * \param[in] timeout the timeout value for the network - * \param[out] answersize size of the packet - * \param[out] result packet with the answer - * \return status - */ -ldns_status ldns_udp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout, size_t *answersize); - -/** - * Send an udp query and don't wait for an answer but return - * the socket - * \param[in] qbin the ldns_buffer to be send - * \param[in] to the ip addr to send to - * \param[in] tolen length of the ip addr - * \param[in] timeout *unused*, was the timeout value for the network - * \return the socket used - */ -int ldns_udp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout); - -/** - * Send an tcp query and don't wait for an answer but return - * the socket - * \param[in] qbin the ldns_buffer to be send - * \param[in] to the ip addr to send to - * \param[in] tolen length of the ip addr - * \param[in] timeout the timeout value for the connect attempt - * \return the socket used - */ -int ldns_tcp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout); - -/** - * Sends a buffer to an ip using tcp and return the respons as a ldns_pkt - * \param[in] qbin the ldns_buffer to be send - * \param[in] qbin the ldns_buffer to be send - * \param[in] to the ip addr to send to - * \param[in] tolen length of the ip addr - * \param[in] timeout the timeout value for the network - * \param[out] answersize size of the packet - * \param[out] result packet with the answer - * \return status - */ -ldns_status ldns_tcp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout, size_t *answersize); - -/** - * Sends ptk to the nameserver at the resolver object. Returns the data - * as a ldns_pkt - * - * \param[out] pkt packet received from the nameserver - * \param[in] r the resolver to use - * \param[in] query_pkt the query to send - * \return status - */ -ldns_status ldns_send(ldns_pkt **pkt, ldns_resolver *r, const ldns_pkt *query_pkt); - -/** - * Sends and ldns_buffer (presumably containing a packet to the nameserver at the resolver object. Returns the data - * as a ldns_pkt - * - * \param[out] pkt packet received from the nameserver - * \param[in] r the resolver to use - * \param[in] qb the buffer to send - * \param[in] tsig_mac the tsig MAC to authenticate the response with (NULL to do no TSIG authentication) - * \return status - */ -ldns_status ldns_send_buffer(ldns_pkt **pkt, ldns_resolver *r, ldns_buffer *qb, ldns_rdf *tsig_mac); - -/** - * Create a tcp socket to the specified address - * \param[in] to ip and family - * \param[in] tolen length of to - * \param[in] timeout timeout for the connect attempt - * \return a socket descriptor - */ -int ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout); - -/** - * Create a udp socket to the specified address - * \param[in] to ip and family - * \param[in] timeout *unused*, was timeout for the socket - * \return a socket descriptor - */ -int ldns_udp_connect(const struct sockaddr_storage *to, struct timeval timeout); - -/** - * send a query via tcp to a server. Don't want for the answer - * - * \param[in] qbin the buffer to send - * \param[in] sockfd the socket to use - * \param[in] to which ip to send it - * \param[in] tolen socketlen - * \return number of bytes sent - */ -ssize_t ldns_tcp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen); - -/** - * send a query via udp to a server. Don;t want for the answer - * - * \param[in] qbin the buffer to send - * \param[in] sockfd the socket to use - * \param[in] to which ip to send it - * \param[in] tolen socketlen - * \return number of bytes sent - */ -ssize_t ldns_udp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen); - -/** - * Gives back a raw packet from the wire and reads the header data from the given - * socket. Allocates the data (of size size) itself, so don't forget to free - * - * \param[in] sockfd the socket to read from - * \param[out] size the number of bytes that are read - * \param[in] timeout the time allowed between packets. - * \return the data read - */ -uint8_t *ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout); - -/** - * This routine may block. Use ldns_tcp_read_wire_timeout, it checks timeouts. - * Gives back a raw packet from the wire and reads the header data from the given - * socket. Allocates the data (of size size) itself, so don't forget to free - * - * \param[in] sockfd the socket to read from - * \param[out] size the number of bytes that are read - * \return the data read - */ -uint8_t *ldns_tcp_read_wire(int sockfd, size_t *size); - -/** - * Gives back a raw packet from the wire and reads the header data from the given - * socket. Allocates the data (of size size) itself, so don't forget to free - * - * \param[in] sockfd the socket to read from - * \param[in] fr the address of the client (if applicable) - * \param[in] *frlen the lenght of the client's addr (if applicable) - * \param[out] size the number of bytes that are read - * \return the data read - */ -uint8_t *ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *fr, socklen_t *frlen); - -/** - * returns the native sockaddr representation from the rdf. - * \param[in] rd the ldns_rdf to operate on - * \param[in] port what port to use. 0 means; use default (53) - * \param[out] size what is the size of the sockaddr_storage - * \return struct sockaddr* the address in the format so other - * functions can use it (sendto) - */ -struct sockaddr_storage * ldns_rdf2native_sockaddr_storage(const ldns_rdf *rd, uint16_t port, size_t *size); - -/** - * returns an rdf with the sockaddr info. works for ip4 and ip6 - * \param[in] sock the struct sockaddr_storage to convert - * \param[in] port what port was used. When NULL this is not set - * \return ldns_rdf* wth the address - */ -ldns_rdf * ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port); - -/** - * Prepares the resolver for an axfr query - * The query is sent and the answers can be read with ldns_axfr_next - * \param[in] resolver the resolver to use - * \param[in] domain the domain to exfr - * \param[in] c the class to use - * \return ldns_status the status of the transfer - */ -ldns_status ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class c); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_NET_H */ diff --git a/include/ldns/packet.h b/include/ldns/packet.h deleted file mode 100644 index e66aa34..0000000 --- a/include/ldns/packet.h +++ /dev/null @@ -1,891 +0,0 @@ -/* - * packet.h - * - * DNS packet definitions - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -/** - * \file - * - * Contains the definition of ldns_pkt and its parts, as well - * as functions to manipulate those. - */ - - -#ifndef LDNS_PACKET_H -#define LDNS_PACKET_H - -#define LDNS_MAX_PACKETLEN 65535 - -/* allow flags to be given to mk_query */ -#define LDNS_QR 1 /* QueRy - query flag */ -#define LDNS_AA 2 /* Authoritative Answer - server flag */ -#define LDNS_TC 4 /* TrunCated - server flag */ -#define LDNS_RD 8 /* Recursion Desired - query flag */ -#define LDNS_CD 16 /* Checking Disabled - query flag */ -#define LDNS_RA 32 /* Recursion Available - server flag */ -#define LDNS_AD 64 /* Authenticated Data - server flag */ - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* opcodes for pkt's */ -enum ldns_enum_pkt_opcode { - LDNS_PACKET_QUERY = 0, - LDNS_PACKET_IQUERY = 1, - LDNS_PACKET_STATUS = 2, /* there is no 3?? DNS is weird */ - LDNS_PACKET_NOTIFY = 4, - LDNS_PACKET_UPDATE = 5 -}; -typedef enum ldns_enum_pkt_opcode ldns_pkt_opcode; - -/* rcodes for pkts */ -enum ldns_enum_pkt_rcode { - LDNS_RCODE_NOERROR = 0, - LDNS_RCODE_FORMERR = 1, - LDNS_RCODE_SERVFAIL = 2, - LDNS_RCODE_NXDOMAIN = 3, - LDNS_RCODE_NOTIMPL = 4, - LDNS_RCODE_REFUSED = 5, - LDNS_RCODE_YXDOMAIN = 6, - LDNS_RCODE_YXRRSET = 7, - LDNS_RCODE_NXRRSET = 8, - LDNS_RCODE_NOTAUTH = 9, - LDNS_RCODE_NOTZONE = 10 -}; -typedef enum ldns_enum_pkt_rcode ldns_pkt_rcode; - -/** - * Header of a dns packet - * - * Contains the information about the packet itself, as specified in RFC1035 -
-4.1.1. Header section format
-
-The header contains the following fields:
-
-                                    1  1  1  1  1  1
-      0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
-    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-    |                      ID                       |
-    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-    |QR|   Opcode  |AA|TC|RD|RA|   Z    |   RCODE   |
-    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-    |                    QDCOUNT                    |
-    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-    |                    ANCOUNT                    |
-    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-    |                    NSCOUNT                    |
-    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-    |                    ARCOUNT                    |
-    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-where:
-
-ID              A 16 bit identifier assigned by the program that
-                generates any kind of query.  This identifier is copied
-                the corresponding reply and can be used by the requester
-                to match up replies to outstanding queries.
-
-QR              A one bit field that specifies whether this message is a
-                query (0), or a response (1).
-
-OPCODE          A four bit field that specifies kind of query in this
-                message.  This value is set by the originator of a query
-                and copied into the response.  The values are:
-
-                0               a standard query (QUERY)
-
-                1               an inverse query (IQUERY)
-
-                2               a server status request (STATUS)
-
-                3-15            reserved for future use
-
-AA              Authoritative Answer - this bit is valid in responses,
-                and specifies that the responding name server is an
-                authority for the domain name in question section.
-
-                Note that the contents of the answer section may have
-                multiple owner names because of aliases.  The AA bit
-
-                corresponds to the name which matches the query name, or
-                the first owner name in the answer section.
-
-TC              TrunCation - specifies that this message was truncated
-                due to length greater than that permitted on the
-                transmission channel.
-
-RD              Recursion Desired - this bit may be set in a query and
-                is copied into the response.  If RD is set, it directs
-                the name server to pursue the query recursively.
-                Recursive query support is optional.
-
-RA              Recursion Available - this be is set or cleared in a
-                response, and denotes whether recursive query support is
-                available in the name server.
-
-Z               Reserved for future use.  Must be zero in all queries
-                and responses.
-
-RCODE           Response code - this 4 bit field is set as part of
-                responses.  The values have the following
-                interpretation:
-
-                0               No error condition
-
-                1               Format error - The name server was
-                                unable to interpret the query.
-
-                2               Server failure - The name server was
-                                unable to process this query due to a
-                                problem with the name server.
-
-                3               Name Error - Meaningful only for
-                                responses from an authoritative name
-                                server, this code signifies that the
-                                domain name referenced in the query does
-                                not exist.
-
-                4               Not Implemented - The name server does
-                                not support the requested kind of query.
-
-                5               Refused - The name server refuses to
-                                perform the specified operation for
-                                policy reasons.  For example, a name
-                                server may not wish to provide the
-                                information to the particular requester,
-                                or a name server may not wish to perform
-                                a particular operation (e.g., zone
-
-                                transfer) for particular data.
-
-                6-15            Reserved for future use.
-
-QDCOUNT         an unsigned 16 bit integer specifying the number of
-                entries in the question section.
-
-ANCOUNT         an unsigned 16 bit integer specifying the number of
-                resource records in the answer section.
-
-NSCOUNT         an unsigned 16 bit integer specifying the number of name
-                server resource records in the authority records
-                section.
-
-ARCOUNT         an unsigned 16 bit integer specifying the number of
-                resource records in the additional records section.
-
-
- */ -struct ldns_struct_hdr -{ - /** Id of a packet */ - uint16_t _id; - /** Query bit (0=query, 1=answer) */ - bool _qr; - /** Authoritative answer */ - bool _aa; - /** Packet truncated */ - bool _tc; - /** Recursion desired */ - bool _rd; - /** Checking disabled */ - bool _cd; - /** Recursion available */ - bool _ra; - /** Authentic data */ - bool _ad; - /** Query type */ - ldns_pkt_opcode _opcode; /* XXX 8 bits? */ - /** Response code */ - uint8_t _rcode; - /** question sec */ - uint16_t _qdcount; - /** answer sec */ - uint16_t _ancount; - /** auth sec */ - uint16_t _nscount; - /** add sec */ - uint16_t _arcount; -}; -typedef struct ldns_struct_hdr ldns_hdr; - -/** - * DNS packet - * - * This structure contains a complete DNS packet (either a query or an answer) - * - * It is the complete representation of what you actually send to a - * nameserver, and what it sends back (assuming you are the client here). - */ -struct ldns_struct_pkt -{ - /** Header section */ - ldns_hdr *_header; - /* extra items needed in a packet */ - /** The size of the wire format of the packet in octets */ - ldns_rdf *_answerfrom; - /** Timestamp of the time the packet was sent or created */ - struct timeval timestamp; - /** The duration of the query this packet is an answer to */ - uint32_t _querytime; - /** The size of the wire format of the packet in octets */ - size_t _size; - /** Optional tsig rr */ - ldns_rr *_tsig_rr; - /** EDNS0 available buffer size, see RFC2671 */ - uint16_t _edns_udp_size; - /** EDNS0 Extended rcode */ - uint8_t _edns_extended_rcode; - /** EDNS Version */ - uint8_t _edns_version; - /* OPT pseudo-RR presence flag */ - uint8_t _edns_present; - /** Reserved EDNS data bits */ - uint16_t _edns_z; - /** Arbitrary EDNS rdata */ - ldns_rdf *_edns_data; - /** Question section */ - ldns_rr_list *_question; - /** Answer section */ - ldns_rr_list *_answer; - /** Authority section */ - ldns_rr_list *_authority; - /** Additional section */ - ldns_rr_list *_additional; -}; -typedef struct ldns_struct_pkt ldns_pkt; - -/** - * The sections of a packet - */ -enum ldns_enum_pkt_section { - LDNS_SECTION_QUESTION = 0, - LDNS_SECTION_ANSWER = 1, - LDNS_SECTION_AUTHORITY = 2, - LDNS_SECTION_ADDITIONAL = 3, - /** bogus section, if not interested */ - LDNS_SECTION_ANY = 4, - /** used to get all non-question rrs from a packet */ - LDNS_SECTION_ANY_NOQUESTION = 5 -}; -typedef enum ldns_enum_pkt_section ldns_pkt_section; - -/** - * The different types of packets - */ -enum ldns_enum_pkt_type { - LDNS_PACKET_QUESTION, - LDNS_PACKET_REFERRAL, - LDNS_PACKET_ANSWER, - LDNS_PACKET_NXDOMAIN, - LDNS_PACKET_NODATA, - LDNS_PACKET_UNKNOWN -}; -typedef enum ldns_enum_pkt_type ldns_pkt_type; - -/* prototypes */ - -/* read */ - -/** - * Read the packet id - * \param[in] p the packet - * \return the packet id - */ -uint16_t ldns_pkt_id(const ldns_pkt *p); -/** - * Read the packet's qr bit - * \param[in] p the packet - * \return value of the bit - */ -bool ldns_pkt_qr(const ldns_pkt *p); -/** - * Read the packet's aa bit - * \param[in] p the packet - * \return value of the bit - */ -bool ldns_pkt_aa(const ldns_pkt *p); -/** - * Read the packet's tc bit - * \param[in] p the packet - * \return value of the bit - */ -bool ldns_pkt_tc(const ldns_pkt *p); -/** - * Read the packet's rd bit - * \param[in] p the packet - * \return value of the bit - */ -bool ldns_pkt_rd(const ldns_pkt *p); -/** - * Read the packet's cd bit - * \param[in] p the packet - * \return value of the bit - */ -bool ldns_pkt_cd(const ldns_pkt *p); -/** - * Read the packet's ra bit - * \param[in] p the packet - * \return value of the bit - */ -bool ldns_pkt_ra(const ldns_pkt *p); -/** - * Read the packet's ad bit - * \param[in] p the packet - * \return value of the bit - */ -bool ldns_pkt_ad(const ldns_pkt *p); -/** - * Read the packet's code - * \param[in] p the packet - * \return the opcode - */ -ldns_pkt_opcode ldns_pkt_get_opcode(const ldns_pkt *p); -/** - * Return the packet's respons code - * \param[in] p the packet - * \return the respons code - */ -ldns_pkt_rcode ldns_pkt_get_rcode(const ldns_pkt *p); -/** - * Return the packet's qd count - * \param[in] p the packet - * \return the qd count - */ -uint16_t ldns_pkt_qdcount(const ldns_pkt *p); -/** - * Return the packet's an count - * \param[in] p the packet - * \return the an count - */ -uint16_t ldns_pkt_ancount(const ldns_pkt *p); -/** - * Return the packet's ns count - * \param[in] p the packet - * \return the ns count - */ -uint16_t ldns_pkt_nscount(const ldns_pkt *p); -/** - * Return the packet's ar count - * \param[in] p the packet - * \return the ar count - */ -uint16_t ldns_pkt_arcount(const ldns_pkt *p); - -/** - * Return the packet's answerfrom - * \param[in] p packet - * \return the name of the server - */ -ldns_rdf *ldns_pkt_answerfrom(const ldns_pkt *p); - -/** - * Return the packet's timestamp - * \param[in] p the packet - * \return the timestamp - */ -struct timeval ldns_pkt_timestamp(const ldns_pkt *p); -/** - * Return the packet's querytime - * \param[in] p the packet - * \return the querytime - */ -uint32_t ldns_pkt_querytime(const ldns_pkt *p); - -/** - * Return the packet's size in bytes - * \param[in] p the packet - * \return the size - */ -size_t ldns_pkt_size(const ldns_pkt *p); - -/** - * Return the number of RRs in the given section. - * Returns the sum of all RRs when LDNS_SECTION_ANY is given. - * Returns the sum of all non-question RRs when LDNS_SECTION_ANY_NOQUESTION - * is given. - * \param[in] p the packet - * \param[in] s the section - * \return the number of RRs in the given section - */ -uint16_t ldns_pkt_section_count(const ldns_pkt *p, ldns_pkt_section s); - -/** - * Return the packet's tsig pseudo rr's - * \param[in] p the packet - * \return the tsig rr - */ -ldns_rr *ldns_pkt_tsig(const ldns_pkt *p); - -/** - * Return the packet's question section - * \param[in] p the packet - * \return the section - */ -ldns_rr_list *ldns_pkt_question(const ldns_pkt *p); -/** - * Return the packet's answer section - * \param[in] p the packet - * \return the section - */ -ldns_rr_list *ldns_pkt_answer(const ldns_pkt *p); -/** - * Return the packet's authority section - * \param[in] p the packet - * \return the section - */ -ldns_rr_list *ldns_pkt_authority(const ldns_pkt *p); -/** - * Return the packet's additional section - * \param[in] p the packet - * \return the section - */ -ldns_rr_list *ldns_pkt_additional(const ldns_pkt *p); -/** - * Return the packet's question, answer, authority and additional sections - * concatenated, in a new rr_list clone. - * \param[in] p the packet - * \return the rrs - */ -ldns_rr_list *ldns_pkt_all(const ldns_pkt *p); -/** - * Return the packet's answer, authority and additional sections concatenated, - * in a new rr_list clone. Like ldns_pkt_all but without the questions. - * \param[in] p the packet - * \return the rrs except the question rrs - */ -ldns_rr_list *ldns_pkt_all_noquestion(const ldns_pkt *p); - -/** - * return all the rr_list's in the packet. Clone the lists, instead - * of returning pointers. - * \param[in] p the packet to look in - * \param[in] s what section(s) to return - * \return ldns_rr_list with the rr's or NULL if none were found - */ -ldns_rr_list *ldns_pkt_get_section_clone(const ldns_pkt *p, ldns_pkt_section s); - -/** - * return all the rr with a specific name from a packet. Optionally - * specify from which section in the packet - * \param[in] p the packet - * \param[in] r the name - * \param[in] s the packet's section - * \return a list with the rr's or NULL if none were found - */ -ldns_rr_list *ldns_pkt_rr_list_by_name(ldns_pkt *p, ldns_rdf *r, ldns_pkt_section s); -/** - * return all the rr with a specific type from a packet. Optionally - * specify from which section in the packet - * \param[in] p the packet - * \param[in] t the type - * \param[in] s the packet's section - * \return a list with the rr's or NULL if none were found - */ -ldns_rr_list *ldns_pkt_rr_list_by_type(const ldns_pkt *p, ldns_rr_type t, ldns_pkt_section s); -/** - * return all the rr with a specific type and type from a packet. Optionally - * specify from which section in the packet - * \param[in] packet the packet - * \param[in] ownername the name - * \param[in] type the type - * \param[in] sec the packet's section - * \return a list with the rr's or NULL if none were found - */ -ldns_rr_list *ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet, const ldns_rdf *ownername, ldns_rr_type type, ldns_pkt_section sec); - - -/** - * check to see if an rr exist in the packet - * \param[in] pkt the packet to examine - * \param[in] sec in which section to look - * \param[in] rr the rr to look for - */ -bool ldns_pkt_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr); - - -/** - * sets the flags in a packet. - * \param[in] pkt the packet to operate on - * \param[in] flags ORed values: LDNS_QR| LDNS_AR for instance - * \return true on success otherwise false - */ -bool ldns_pkt_set_flags(ldns_pkt *pkt, uint16_t flags); - -/** - * Set the packet's id - * \param[in] p the packet - * \param[in] id the id to set - */ -void ldns_pkt_set_id(ldns_pkt *p, uint16_t id); -/** - * Set the packet's id to a random value - * \param[in] p the packet - */ -void ldns_pkt_set_random_id(ldns_pkt *p); -/** - * Set the packet's qr bit - * \param[in] p the packet - * \param[in] b the value to set (boolean) - */ -void ldns_pkt_set_qr(ldns_pkt *p, bool b); -/** - * Set the packet's aa bit - * \param[in] p the packet - * \param[in] b the value to set (boolean) - */ -void ldns_pkt_set_aa(ldns_pkt *p, bool b); -/** - * Set the packet's tc bit - * \param[in] p the packet - * \param[in] b the value to set (boolean) - */ -void ldns_pkt_set_tc(ldns_pkt *p, bool b); -/** - * Set the packet's rd bit - * \param[in] p the packet - * \param[in] b the value to set (boolean) - */ -void ldns_pkt_set_rd(ldns_pkt *p, bool b); -/** - * Set the packet's cd bit - * \param[in] p the packet - * \param[in] b the value to set (boolean) - */ -void ldns_pkt_set_cd(ldns_pkt *p, bool b); -/** - * Set the packet's ra bit - * \param[in] p the packet - * \param[in] b the value to set (boolean) - */ -void ldns_pkt_set_ra(ldns_pkt *p, bool b); -/** - * Set the packet's ad bit - * \param[in] p the packet - * \param[in] b the value to set (boolean) - */ -void ldns_pkt_set_ad(ldns_pkt *p, bool b); - -/** - * Set the packet's opcode - * \param[in] p the packet - * \param[in] c the opcode - */ -void ldns_pkt_set_opcode(ldns_pkt *p, ldns_pkt_opcode c); -/** - * Set the packet's respons code - * \param[in] p the packet - * \param[in] c the rcode - */ -void ldns_pkt_set_rcode(ldns_pkt *p, uint8_t c); -/** - * Set the packet's qd count - * \param[in] p the packet - * \param[in] c the count - */ -void ldns_pkt_set_qdcount(ldns_pkt *p, uint16_t c); -/** - * Set the packet's an count - * \param[in] p the packet - * \param[in] c the count - */ -void ldns_pkt_set_ancount(ldns_pkt *p, uint16_t c); -/** - * Set the packet's ns count - * \param[in] p the packet - * \param[in] c the count - */ -void ldns_pkt_set_nscount(ldns_pkt *p, uint16_t c); -/** - * Set the packet's arcount - * \param[in] p the packet - * \param[in] c the count - */ -void ldns_pkt_set_arcount(ldns_pkt *p, uint16_t c); -/** - * Set the packet's answering server - * \param[in] p the packet - * \param[in] r the address - */ -void ldns_pkt_set_answerfrom(ldns_pkt *p, ldns_rdf *r); -/** - * Set the packet's query time - * \param[in] p the packet - * \param[in] t the querytime in msec - */ -void ldns_pkt_set_querytime(ldns_pkt *p, uint32_t t); -/** - * Set the packet's size - * \param[in] p the packet - * \param[in] s the size - */ -void ldns_pkt_set_size(ldns_pkt *p, size_t s); - -/** - * Set the packet's timestamp - * \param[in] p the packet - * \param[in] timeval the timestamp - */ -void ldns_pkt_set_timestamp(ldns_pkt *p, struct timeval timeval); -/** - * Set a packet's section count to x - * \param[in] p the packet - * \param[in] s the section - * \param[in] x the section count - */ -void ldns_pkt_set_section_count(ldns_pkt *p, ldns_pkt_section s, uint16_t x); -/** - * Set the packet's tsig rr - * \param[in] p the packet - * \param[in] t the tsig rr - */ -void ldns_pkt_set_tsig(ldns_pkt *p, ldns_rr *t); - -/** - * looks inside the packet to determine - * what kind of packet it is, AUTH, NXDOMAIN, REFERRAL, etc. - * \param[in] p the packet to examine - * \return the type of packet - */ -ldns_pkt_type ldns_pkt_reply_type(ldns_pkt *p); - -/** - * return the packet's edns udp size - * \param[in] packet the packet - * \return the size - */ -uint16_t ldns_pkt_edns_udp_size(const ldns_pkt *packet); -/** - * return the packet's edns extended rcode - * \param[in] packet the packet - * \return the rcode - */ -uint8_t ldns_pkt_edns_extended_rcode(const ldns_pkt *packet); -/** - * return the packet's edns version - * \param[in] packet the packet - * \return the version - */ -uint8_t ldns_pkt_edns_version(const ldns_pkt *packet); -/** - * return the packet's edns z value - * \param[in] packet the packet - * \return the z value - */ -uint16_t ldns_pkt_edns_z(const ldns_pkt *packet); -/** - * return the packet's edns data - * \param[in] packet the packet - * \return the data - */ -ldns_rdf *ldns_pkt_edns_data(const ldns_pkt *packet); - -/** - * return the packet's edns do bit - * \param[in] packet the packet - * \return the bit's value - */ -bool ldns_pkt_edns_do(const ldns_pkt *packet); -/** - * Set the packet's edns do bit - * \param[in] packet the packet - * \param[in] value the bit's new value - */ -void ldns_pkt_set_edns_do(ldns_pkt *packet, bool value); - -/** - * returns true if this packet needs and EDNS rr to be sent. - * At the moment the only reason is an expected packet - * size larger than 512 bytes, but for instance dnssec would - * be a good reason too. - * - * \param[in] packet the packet to check - * \return true if packet needs edns rr - */ -bool ldns_pkt_edns(const ldns_pkt *packet); - -/** - * Set the packet's edns udp size - * \param[in] packet the packet - * \param[in] s the size - */ -void ldns_pkt_set_edns_udp_size(ldns_pkt *packet, uint16_t s); -/** - * Set the packet's edns extended rcode - * \param[in] packet the packet - * \param[in] c the code - */ -void ldns_pkt_set_edns_extended_rcode(ldns_pkt *packet, uint8_t c); -/** - * Set the packet's edns version - * \param[in] packet the packet - * \param[in] v the version - */ -void ldns_pkt_set_edns_version(ldns_pkt *packet, uint8_t v); -/** - * Set the packet's edns z value - * \param[in] packet the packet - * \param[in] z the value - */ -void ldns_pkt_set_edns_z(ldns_pkt *packet, uint16_t z); -/** - * Set the packet's edns data - * \param[in] packet the packet - * \param[in] data the data - */ -void ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *data); - -/** - * allocates and initializes a ldns_pkt structure. - * \return pointer to the new packet - */ -ldns_pkt *ldns_pkt_new(void); - -/** - * frees the packet structure and all data that it contains. - * \param[in] packet The packet structure to free - * \return void - */ -void ldns_pkt_free(ldns_pkt *packet); - -/** - * creates a query packet for the given name, type, class. - * \param[out] p the packet to be returned - * \param[in] rr_name the name to query for (as string) - * \param[in] rr_type the type to query for - * \param[in] rr_class the class to query for - * \param[in] flags packet flags - * \return LDNS_STATUS_OK or a ldns_status mesg with the error - */ -ldns_status ldns_pkt_query_new_frm_str(ldns_pkt **p, const char *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_class , uint16_t flags); - -/** - * creates an IXFR request packet for the given name, class. - * adds the SOA record to the authority section. - * \param[out] p the packet to be returned - * \param[in] rr_name the name to query for (as string) - * \param[in] rr_class the class to query for - * \param[in] flags packet flags - * \param[in] soa soa record to be added to the authority section - * \return LDNS_STATUS_OK or a ldns_status mesg with the error - */ -ldns_status ldns_pkt_ixfr_request_new_frm_str(ldns_pkt **p, const char *rr_name, ldns_rr_class rr_class, uint16_t flags, ldns_rr* soa); - -/** - * creates a packet with a query in it for the given name, type and class. - * \param[in] rr_name the name to query for - * \param[in] rr_type the type to query for - * \param[in] rr_class the class to query for - * \param[in] flags packet flags - * \return ldns_pkt* a pointer to the new pkt - */ -ldns_pkt *ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_class, uint16_t flags); - -/** - * creates an IXFR request packet for the given name, type and class. - * adds the SOA record to the authority section. - * \param[in] rr_name the name to query for - * \param[in] rr_class the class to query for - * \param[in] flags packet flags - * \param[in] soa soa record to be added to the authority section - * \return ldns_pkt* a pointer to the new pkt - */ -ldns_pkt *ldns_pkt_ixfr_request_new(ldns_rdf *rr_name, ldns_rr_class rr_class, uint16_t flags, ldns_rr* soa); - -/** - * clones the given packet, creating a fully allocated copy - * - * \param[in] pkt the packet to clone - * \return ldns_pkt* pointer to the new packet - */ -ldns_pkt *ldns_pkt_clone(const ldns_pkt *pkt); - -/** - * directly set the additional section - * \param[in] p packet to operate on - * \param[in] rr rrlist to set - */ -void ldns_pkt_set_additional(ldns_pkt *p, ldns_rr_list *rr); - -/** - * directly set the answer section - * \param[in] p packet to operate on - * \param[in] rr rrlist to set - */ -void ldns_pkt_set_answer(ldns_pkt *p, ldns_rr_list *rr); - -/** - * directly set the question section - * \param[in] p packet to operate on - * \param[in] rr rrlist to set - */ -void ldns_pkt_set_question(ldns_pkt *p, ldns_rr_list *rr); - -/** - * directly set the auhority section - * \param[in] p packet to operate on - * \param[in] rr rrlist to set - */ -void ldns_pkt_set_authority(ldns_pkt *p, ldns_rr_list *rr); - -/** - * push an rr on a packet - * \param[in] packet packet to operate on - * \param[in] section where to put it - * \param[in] rr rr to push - * \return a boolean which is true when the rr was added - */ -bool ldns_pkt_push_rr(ldns_pkt *packet, ldns_pkt_section section, ldns_rr *rr); - -/** - * push an rr on a packet, provided the RR is not there. - * \param[in] pkt packet to operate on - * \param[in] sec where to put it - * \param[in] rr rr to push - * \return a boolean which is true when the rr was added - */ -bool ldns_pkt_safe_push_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr); - -/** - * push a rr_list on a packet - * \param[in] packet packet to operate on - * \param[in] section where to put it - * \param[in] list the rr_list to push - * \return a boolean which is true when the rr was added - */ -bool ldns_pkt_push_rr_list(ldns_pkt *packet, ldns_pkt_section section, ldns_rr_list *list); - -/** - * push an rr_list to a packet, provided the RRs are not already there. - * \param[in] pkt packet to operate on - * \param[in] sec where to put it - * \param[in] list the rr_list to push - * \return a boolean which is true when the rr was added - */ -bool ldns_pkt_safe_push_rr_list(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr_list *list); - -/** - * check if a packet is empty - * \param[in] p packet - * \return true: empty, false: not empty - */ -bool ldns_pkt_empty(ldns_pkt *p); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_PACKET_H */ diff --git a/include/ldns/parse.h b/include/ldns/parse.h deleted file mode 100644 index 0e9034c..0000000 --- a/include/ldns/parse.h +++ /dev/null @@ -1,167 +0,0 @@ -/* - * parse.h - * - * a Net::DNS like library for C - * LibDNS Team @ NLnet Labs - * (c) NLnet Labs, 2005-2006 - * See the file LICENSE for the license - */ - -#ifndef LDNS_PARSE_H -#define LDNS_PARSE_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define LDNS_PARSE_SKIP_SPACE "\f\n\r\v" -#define LDNS_PARSE_NORMAL " \f\n\r\t\v" -#define LDNS_PARSE_NO_NL " \t" -#define LDNS_MAX_LINELEN 10230 -#define LDNS_MAX_KEYWORDLEN 32 - - -/** - * \file - * - * Contains some low-level parsing functions, mostly used in the _frm_str - * family of functions. - */ - -/** - * different type of directives in zone files - * We now deal with $TTL, $ORIGIN and $INCLUDE. - * The latter is not implemented in ldns (yet) - */ -enum ldns_enum_directive -{ - LDNS_DIR_TTL, - LDNS_DIR_ORIGIN, - LDNS_DIR_INCLUDE -}; -typedef enum ldns_enum_directive ldns_directive; - -/** - * returns a token/char from the stream F. - * This function deals with ( and ) in the stream, - * and ignores them when encountered - * \param[in] *f the file to read from - * \param[out] *token the read token is put here - * \param[in] *delim chars at which the parsing should stop - * \param[in] *limit how much to read. If 0 the builtin maximum is used - * \return 0 on error of EOF of the stream F. Otherwise return the length of what is read - */ -ssize_t ldns_fget_token(FILE *f, char *token, const char *delim, size_t limit); - -/** - * returns a token/char from the stream F. - * This function deals with ( and ) in the stream, - * and ignores when it finds them. - * \param[in] *f the file to read from - * \param[out] *token the token is put here - * \param[in] *delim chars at which the parsing should stop - * \param[in] *limit how much to read. If 0 use builtin maximum - * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) - * \return 0 on error of EOF of F otherwise return the length of what is read - */ -ssize_t ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr); - -/** - * returns a token/char from the buffer b. - * This function deals with ( and ) in the buffer, - * and ignores when it finds them. - * \param[in] *b the buffer to read from - * \param[out] *token the token is put here - * \param[in] *delim chars at which the parsing should stop - * \param[in] *limit how much to read. If 0 the builtin maximum is used - * \returns 0 on error of EOF of b. Otherwise return the length of what is read - */ -ssize_t ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit); - -/* - * searches for keyword and delim in a file. Gives everything back - * after the keyword + k_del until we hit d_del - * \param[in] f file pointer to read from - * \param[in] keyword keyword to look for - * \param[in] k_del keyword delimeter - * \param[out] data the data found - * \param[in] d_del the data delimeter - * \param[in] data_limit maximum size the the data buffer - * \return the number of character read - */ -ssize_t ldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit); - -/* - * searches for keyword and delim. Gives everything back - * after the keyword + k_del until we hit d_del - * \param[in] f file pointer to read from - * \param[in] keyword keyword to look for - * \param[in] k_del keyword delimeter - * \param[out] data the data found - * \param[in] d_del the data delimeter - * \param[in] data_limit maximum size the the data buffer - * \param[in] line_nr pointer to an integer containing the current line number (for -debugging purposes) - * \return the number of character read - */ -ssize_t ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit, int *line_nr); - -/* - * searches for keyword and delim in a buffer. Gives everything back - * after the keyword + k_del until we hit d_del - * \param[in] b buffer pointer to read from - * \param[in] keyword keyword to look for - * \param[in] k_del keyword delimeter - * \param[out] data the data found - * \param[in] d_del the data delimeter - * \param[in] data_limit maximum size the the data buffer - * \return the number of character read - */ -ssize_t ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit); - -/** - * returns the next character from a buffer. Advances the position pointer with 1. - * When end of buffer is reached returns EOF. This is the buffer's equivalent - * for getc(). - * \param[in] *buffer buffer to read from - * \return EOF on failure otherwise return the character - */ -int ldns_bgetc(ldns_buffer *buffer); - -/** - * skips all of the characters in the given string in the buffer, moving - * the position to the first character that is not in *s. - * \param[in] *buffer buffer to use - * \param[in] *s characters to skip - * \return void - */ -void ldns_bskipcs(ldns_buffer *buffer, const char *s); - -/** - * skips all of the characters in the given string in the fp, moving - * the position to the first character that is not in *s. - * \param[in] *fp file to use - * \param[in] *s characters to skip - * \return void - */ -void ldns_fskipcs(FILE *fp, const char *s); - - -/** - * skips all of the characters in the given string in the fp, moving - * the position to the first character that is not in *s. - * \param[in] *fp file to use - * \param[in] *s characters to skip - * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) - * \return void - */ -void ldns_fskipcs_l(FILE *fp, const char *s, int *line_nr); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_PARSE_H */ diff --git a/include/ldns/radix.h b/include/ldns/radix.h deleted file mode 100644 index 1885959..0000000 --- a/include/ldns/radix.h +++ /dev/null @@ -1,240 +0,0 @@ -/* - * radix.h -- generic radix tree - * - * Copyright (c) 2012, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * \file - * Radix tree. Implementation taken from NSD 4, adjusted for use in ldns. - * - */ - -#ifndef LDNS_RADIX_H_ -#define LDNS_RADIX_H_ - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -typedef uint16_t radix_strlen_t; -typedef struct ldns_radix_array_t ldns_radix_array_t; -typedef struct ldns_radix_node_t ldns_radix_node_t; -typedef struct ldns_radix_t ldns_radix_t; - -/** Radix node select edge array */ -struct ldns_radix_array_t { - /** Additional string after the selection byte for this edge. */ - uint8_t* str; - /** Length of additional string for this edge. */ - radix_strlen_t len; - /** Node that deals with byte+str. */ - ldns_radix_node_t* edge; -}; - -/** A node in a radix tree */ -struct ldns_radix_node_t { - /** Key corresponding to this node. */ - uint8_t* key; - /** Key length corresponding to this node. */ - radix_strlen_t klen; - /** Data corresponding to this node. */ - void* data; - /** Parent node. */ - ldns_radix_node_t* parent; - /** Index in the the parent node select edge array. */ - uint8_t parent_index; - /** Length of the array. */ - uint16_t len; - /** Offset of the array. */ - uint16_t offset; - /** Capacity of the array. */ - uint16_t capacity; - /** Select edge array. */ - ldns_radix_array_t* array; -}; - -/** An entire radix tree */ -struct ldns_radix_t { - /** Root. */ - ldns_radix_node_t* root; - /** Number of nodes in tree. */ - size_t count; -}; - -/** - * Create a new radix tree. - * @return: new radix tree. - * - */ -ldns_radix_t* ldns_radix_create(void); - -/** - * Initialize radix tree. - * @param tree: uninitialized radix tree. - * - */ -void ldns_radix_init(ldns_radix_t* tree); - -/** - * Free the radix tree. - * @param tree: radix tree. - * - */ -void ldns_radix_free(ldns_radix_t* tree); - -/** - * Insert data into the tree. - * @param tree: tree to insert to. - * @param key: key. - * @param len: length of key. - * @param data: data. - * @return: status. - * - */ -ldns_status ldns_radix_insert(ldns_radix_t* tree, uint8_t* key, - radix_strlen_t len, void* data); - -/** - * Delete data from the tree. - * @param tree: tree to insert to. - * @param key: key. - * @param len: length of key. - * @return: unlinked data or NULL if not present. - * - */ -void* ldns_radix_delete(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len); - -/** - * Search data in the tree. - * @param tree: tree to insert to. - * @param key: key. - * @param len: length of key. - * @return: the radix node or NULL if not found. - * - */ -ldns_radix_node_t* ldns_radix_search(ldns_radix_t* tree, uint8_t* key, - radix_strlen_t len); - -/** - * Search data in the tree, and if not found, find the closest smaller - * element in the tree. - * @param tree: tree to insert to. - * @param key: key. - * @param len: length of key. - * @param result: the radix node with the exact or closest match. NULL if - * the key is smaller than the smallest key in the tree. - * @return 1 if exact match, 0 otherwise. - * - */ -int ldns_radix_find_less_equal(ldns_radix_t* tree, uint8_t* key, - radix_strlen_t len, ldns_radix_node_t** result); - -/** - * Get the first element in the tree. - * @param tree: tree. - * @return: the radix node with the first element. - * - */ -ldns_radix_node_t* ldns_radix_first(ldns_radix_t* tree); - -/** - * Get the last element in the tree. - * @param tree: tree. - * @return: the radix node with the last element. - * - */ -ldns_radix_node_t* ldns_radix_last(ldns_radix_t* tree); - -/** - * Next element. - * @param node: node. - * @return: node with next element. - * - */ -ldns_radix_node_t* ldns_radix_next(ldns_radix_node_t* node); - -/** - * Previous element. - * @param node: node. - * @return: node with previous element. - * - */ -ldns_radix_node_t* ldns_radix_prev(ldns_radix_node_t* node); - -/** - * Split radix tree intwo. - * @param tree1: one tree. - * @param num: number of elements to split off. - * @param tree2: another tree. - * @return: status. - * - */ -ldns_status ldns_radix_split(ldns_radix_t* tree1, size_t num, - ldns_radix_t** tree2); - -/** - * Join two radix trees. - * @param tree1: one tree. - * @param tree2: another tree. - * @return: status. - * - */ -ldns_status ldns_radix_join(ldns_radix_t* tree1, ldns_radix_t* tree2); - -/** - * Call function for all nodes in the tree, such that leaf nodes are - * called before parent nodes. - * @param node: start node. - * @param func: function. - * @param arg: user argument. - * - */ -void ldns_radix_traverse_postorder(ldns_radix_node_t* node, - void (*func)(ldns_radix_node_t*, void*), void* arg); - -/** - * Print radix tree (for debugging purposes). - * @param fd: file descriptor. - * @param tree: tree. - * - */ -void ldns_radix_printf(FILE* fd, ldns_radix_t* tree); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_RADIX_H_ */ diff --git a/include/ldns/rbtree.h b/include/ldns/rbtree.h deleted file mode 100644 index c891934..0000000 --- a/include/ldns/rbtree.h +++ /dev/null @@ -1,230 +0,0 @@ -/* - * rbtree.h -- generic red-black tree - * - * Copyright (c) 2001-2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * \file - * Red black tree. Implementation taken from NSD 3.0.5, adjusted for use - * in unbound (memory allocation, logging and so on). - */ - -#ifndef LDNS_RBTREE_H_ -#define LDNS_RBTREE_H_ - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * This structure must be the first member of the data structure in - * the rbtree. This allows easy casting between an rbnode_t and the - * user data (poor man's inheritance). - * Or you can use the data pointer member to get to your data item. - */ -typedef struct ldns_rbnode_t ldns_rbnode_t; -/** - * The rbnode_t struct definition. - */ -struct ldns_rbnode_t { - /** parent in rbtree, RBTREE_NULL for root */ - ldns_rbnode_t *parent; - /** left node (smaller items) */ - ldns_rbnode_t *left; - /** right node (larger items) */ - ldns_rbnode_t *right; - /** pointer to sorting key */ - const void *key; - /** pointer to data */ - const void *data; - /** colour of this node */ - uint8_t color; -}; - -/** The nullpointer, points to empty node */ -#define LDNS_RBTREE_NULL &ldns_rbtree_null_node -/** the global empty node */ -extern ldns_rbnode_t ldns_rbtree_null_node; - -/** An entire red black tree */ -typedef struct ldns_rbtree_t ldns_rbtree_t; -/** definition for tree struct */ -struct ldns_rbtree_t { - /** The root of the red-black tree */ - ldns_rbnode_t *root; - - /** The number of the nodes in the tree */ - size_t count; - - /** - * Key compare function. <0,0,>0 like strcmp. - * Return 0 on two NULL ptrs. - */ - int (*cmp) (const void *, const void *); -}; - -/** - * Create new tree (malloced) with given key compare function. - * @param cmpf: compare function (like strcmp) takes pointers to two keys. - * @return: new tree, empty. - */ -ldns_rbtree_t *ldns_rbtree_create(int (*cmpf)(const void *, const void *)); - -/** - * Free the complete tree (but not its keys) - * @param rbtree The tree to free - */ -void ldns_rbtree_free(ldns_rbtree_t *rbtree); - -/** - * Init a new tree (malloced by caller) with given key compare function. - * @param rbtree: uninitialised memory for new tree, returned empty. - * @param cmpf: compare function (like strcmp) takes pointers to two keys. - */ -void ldns_rbtree_init(ldns_rbtree_t *rbtree, int (*cmpf)(const void *, const void *)); - -/** - * Insert data into the tree. - * @param rbtree: tree to insert to. - * @param data: element to insert. - * @return: data ptr or NULL if key already present. - */ -ldns_rbnode_t *ldns_rbtree_insert(ldns_rbtree_t *rbtree, ldns_rbnode_t *data); - -/** - * Insert data into the tree (reversed arguments, for use as callback) - * \param[in] data element to insert - * \param[out] rbtree tree to insert in to - * \return data ptr or NULL if key is already present - */ -void ldns_rbtree_insert_vref(ldns_rbnode_t *data, void *rbtree); - -/** - * Delete element from tree. - * @param rbtree: tree to delete from. - * @param key: key of item to delete. - * @return: node that is now unlinked from the tree. User to delete it. - * returns 0 if node not present - */ -ldns_rbnode_t *ldns_rbtree_delete(ldns_rbtree_t *rbtree, const void *key); - -/** - * Find key in tree. Returns NULL if not found. - * @param rbtree: tree to find in. - * @param key: key that must match. - * @return: node that fits or NULL. - */ -ldns_rbnode_t *ldns_rbtree_search(ldns_rbtree_t *rbtree, const void *key); - -/** - * Find, but match does not have to be exact. - * @param rbtree: tree to find in. - * @param key: key to find position of. - * @param result: set to the exact node if present, otherwise to element that - * precedes the position of key in the tree. NULL if no smaller element. - * @return: true if exact match in result. Else result points to <= element, - * or NULL if key is smaller than the smallest key. - */ -int ldns_rbtree_find_less_equal(ldns_rbtree_t *rbtree, const void *key, - ldns_rbnode_t **result); - -/** - * Returns first (smallest) node in the tree - * @param rbtree: tree - * @return: smallest element or NULL if tree empty. - */ -ldns_rbnode_t *ldns_rbtree_first(ldns_rbtree_t *rbtree); - -/** - * Returns last (largest) node in the tree - * @param rbtree: tree - * @return: largest element or NULL if tree empty. - */ -ldns_rbnode_t *ldns_rbtree_last(ldns_rbtree_t *rbtree); - -/** - * Returns next larger node in the tree - * @param rbtree: tree - * @return: next larger element or NULL if no larger in tree. - */ -ldns_rbnode_t *ldns_rbtree_next(ldns_rbnode_t *rbtree); - -/** - * Returns previous smaller node in the tree - * @param rbtree: tree - * @return: previous smaller element or NULL if no previous in tree. - */ -ldns_rbnode_t *ldns_rbtree_previous(ldns_rbnode_t *rbtree); - -/** - * split off 'elements' number of elements from the start - * of the name tree and return a new tree containing those - * elements - */ -ldns_rbtree_t *ldns_rbtree_split(ldns_rbtree_t *tree, size_t elements); - -/** - * add all node from the second tree to the first (removing them from the - * second), and fix up nsec(3)s if present - */ -void ldns_rbtree_join(ldns_rbtree_t *tree1, ldns_rbtree_t *tree2); - -/** - * Call with node=variable of struct* with rbnode_t as first element. - * with type is the type of a pointer to that struct. - */ -#define LDNS_RBTREE_FOR(node, type, rbtree) \ - for(node=(type)ldns_rbtree_first(rbtree); \ - (ldns_rbnode_t*)node != LDNS_RBTREE_NULL; \ - node = (type)ldns_rbtree_next((ldns_rbnode_t*)node)) - -/** - * Call function for all elements in the redblack tree, such that - * leaf elements are called before parent elements. So that all - * elements can be safely free()d. - * Note that your function must not remove the nodes from the tree. - * Since that may trigger rebalances of the rbtree. - * @param tree: the tree - * @param func: function called with element and user arg. - * The function must not alter the rbtree. - * @param arg: user argument. - */ -void ldns_traverse_postorder(ldns_rbtree_t* tree, - void (*func)(ldns_rbnode_t*, void*), void* arg); - -#ifdef __cplusplus -} -#endif - -#endif /* UTIL_RBTREE_H_ */ diff --git a/include/ldns/rdata.h b/include/ldns/rdata.h deleted file mode 100644 index 22665b1..0000000 --- a/include/ldns/rdata.h +++ /dev/null @@ -1,451 +0,0 @@ -/* - * rdata.h - * - * rdata definitions - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - - -/** - * \file - * - * Defines ldns_rdf and functions to manipulate those. - */ - - -#ifndef LDNS_RDATA_H -#define LDNS_RDATA_H - -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define LDNS_MAX_RDFLEN 65535 - -#define LDNS_RDF_SIZE_BYTE 1 -#define LDNS_RDF_SIZE_WORD 2 -#define LDNS_RDF_SIZE_DOUBLEWORD 4 -#define LDNS_RDF_SIZE_6BYTES 6 -#define LDNS_RDF_SIZE_8BYTES 8 -#define LDNS_RDF_SIZE_16BYTES 16 - -#define LDNS_NSEC3_VARS_OPTOUT_MASK 0x01 - -/** - * The different types of RDATA fields. - */ -enum ldns_enum_rdf_type -{ - /** none */ - LDNS_RDF_TYPE_NONE, - /** domain name */ - LDNS_RDF_TYPE_DNAME, - /** 8 bits */ - LDNS_RDF_TYPE_INT8, - /** 16 bits */ - LDNS_RDF_TYPE_INT16, - /** 32 bits */ - LDNS_RDF_TYPE_INT32, - /** A record */ - LDNS_RDF_TYPE_A, - /** AAAA record */ - LDNS_RDF_TYPE_AAAA, - /** txt string */ - LDNS_RDF_TYPE_STR, - /** apl data */ - LDNS_RDF_TYPE_APL, - /** b32 string */ - LDNS_RDF_TYPE_B32_EXT, - /** b64 string */ - LDNS_RDF_TYPE_B64, - /** hex string */ - LDNS_RDF_TYPE_HEX, - /** nsec type codes */ - LDNS_RDF_TYPE_NSEC, - /** a RR type */ - LDNS_RDF_TYPE_TYPE, - /** a class */ - LDNS_RDF_TYPE_CLASS, - /** certificate algorithm */ - LDNS_RDF_TYPE_CERT_ALG, - /** a key algorithm */ - LDNS_RDF_TYPE_ALG, - /** unknown types */ - LDNS_RDF_TYPE_UNKNOWN, - /** time (32 bits) */ - LDNS_RDF_TYPE_TIME, - /** period */ - LDNS_RDF_TYPE_PERIOD, - /** tsig time 48 bits */ - LDNS_RDF_TYPE_TSIGTIME, - /** Represents the Public Key Algorithm, HIT and Public Key fields - for the HIP RR types. A HIP specific rdf type is used because of - the unusual layout in wireformat (see RFC 5205 Section 5) */ - LDNS_RDF_TYPE_HIP, - /** variable length any type rdata where the length - is specified by the first 2 bytes */ - LDNS_RDF_TYPE_INT16_DATA, - /** protocol and port bitmaps */ - LDNS_RDF_TYPE_SERVICE, - /** location data */ - LDNS_RDF_TYPE_LOC, - /** well known services */ - LDNS_RDF_TYPE_WKS, - /** NSAP */ - LDNS_RDF_TYPE_NSAP, - /** ATMA */ - LDNS_RDF_TYPE_ATMA, - /** IPSECKEY */ - LDNS_RDF_TYPE_IPSECKEY, - /** nsec3 hash salt */ - LDNS_RDF_TYPE_NSEC3_SALT, - /** nsec3 base32 string (with length byte on wire */ - LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, - - /** 4 shorts represented as 4 * 16 bit hex numbers - * separated by colons. For NID and L64. - */ - LDNS_RDF_TYPE_ILNP64, - - /** 6 * 8 bit hex numbers separated by dashes. For EUI48. */ - LDNS_RDF_TYPE_EUI48, - /** 8 * 8 bit hex numbers separated by dashes. For EUI64. */ - LDNS_RDF_TYPE_EUI64, - - /** A non-zero sequence of US-ASCII letters and numbers in lower case. - * For CAA. - */ - LDNS_RDF_TYPE_TAG, - - /** A encoding of the value field as specified - * [RFC1035], Section 5.1., encoded as remaining rdata. - * For CAA. - */ - LDNS_RDF_TYPE_LONG_STR, - - /** Since RFC7218 TLSA records can be given with mnemonics, - * hence these rdata field types. But as with DNSKEYs, the output - * is always numeric. - */ - LDNS_RDF_TYPE_CERTIFICATE_USAGE, - LDNS_RDF_TYPE_SELECTOR, - LDNS_RDF_TYPE_MATCHING_TYPE, - - /* Aliases */ - LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC -}; -typedef enum ldns_enum_rdf_type ldns_rdf_type; - -/** - * algorithms used in CERT rrs - */ -enum ldns_enum_cert_algorithm -{ - LDNS_CERT_PKIX = 1, - LDNS_CERT_SPKI = 2, - LDNS_CERT_PGP = 3, - LDNS_CERT_IPKIX = 4, - LDNS_CERT_ISPKI = 5, - LDNS_CERT_IPGP = 6, - LDNS_CERT_ACPKIX = 7, - LDNS_CERT_IACPKIX = 8, - LDNS_CERT_URI = 253, - LDNS_CERT_OID = 254 -}; -typedef enum ldns_enum_cert_algorithm ldns_cert_algorithm; - - - -/** - * Resource record data field. - * - * The data is a network ordered array of bytes, which size is specified by - * the (16-bit) size field. To correctly parse it, use the type - * specified in the (16-bit) type field with a value from \ref ldns_rdf_type. - */ -struct ldns_struct_rdf -{ - /** The size of the data (in octets) */ - size_t _size; - /** The type of the data */ - ldns_rdf_type _type; - /** Pointer to the data (raw octets) */ - void *_data; -}; -typedef struct ldns_struct_rdf ldns_rdf; - -/* prototypes */ - -/* write access functions */ - -/** - * sets the size of the rdf. - * \param[in] *rd the rdf to operate on - * \param[in] size the new size - * \return void - */ -void ldns_rdf_set_size(ldns_rdf *rd, size_t size); - -/** - * sets the size of the rdf. - * \param[in] *rd the rdf to operate on - * \param[in] type the new type - * \return void - */ -void ldns_rdf_set_type(ldns_rdf *rd, ldns_rdf_type type); - -/** - * sets the size of the rdf. - * \param[in] *rd the rdf to operate on - * \param[in] *data pointer to the new data - * \return void - */ -void ldns_rdf_set_data(ldns_rdf *rd, void *data); - -/* read access */ - -/** - * returns the size of the rdf. - * \param[in] *rd the rdf to read from - * \return uint16_t with the size - */ -size_t ldns_rdf_size(const ldns_rdf *rd); - -/** - * returns the type of the rdf. We need to insert _get_ - * here to prevent conflict the the rdf_type TYPE. - * \param[in] *rd the rdf to read from - * \return ldns_rdf_type with the type - */ -ldns_rdf_type ldns_rdf_get_type(const ldns_rdf *rd); - -/** - * returns the data of the rdf. - * \param[in] *rd the rdf to read from - * - * \return uint8_t* pointer to the rdf's data - */ -uint8_t *ldns_rdf_data(const ldns_rdf *rd); - -/* creator functions */ - -/** - * allocates a new rdf structure and fills it. - * This function DOES NOT copy the contents from - * the buffer, unlinke ldns_rdf_new_frm_data() - * \param[in] type type of the rdf - * \param[in] size size of the buffer - * \param[in] data pointer to the buffer to be copied - * \return the new rdf structure or NULL on failure - */ -ldns_rdf *ldns_rdf_new(ldns_rdf_type type, size_t size, void *data); - -/** - * allocates a new rdf structure and fills it. - * This function _does_ copy the contents from - * the buffer, unlinke ldns_rdf_new() - * \param[in] type type of the rdf - * \param[in] size size of the buffer - * \param[in] data pointer to the buffer to be copied - * \return the new rdf structure or NULL on failure - */ -ldns_rdf *ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data); - -/** - * creates a new rdf from a string. - * \param[in] type type to use - * \param[in] str string to use - * \return ldns_rdf* or NULL in case of an error - */ -ldns_rdf *ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str); - -/** - * creates a new rdf from a file containing a string. - * \param[out] r the new rdf - * \param[in] type type to use - * \param[in] fp the file pointer to use - * \return LDNS_STATUS_OK or the error - */ -ldns_status ldns_rdf_new_frm_fp(ldns_rdf **r, ldns_rdf_type type, FILE *fp); - -/** - * creates a new rdf from a file containing a string. - * \param[out] r the new rdf - * \param[in] type type to use - * \param[in] fp the file pointer to use - * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) - * \return LDNS_STATUS_OK or the error - */ -ldns_status ldns_rdf_new_frm_fp_l(ldns_rdf **r, ldns_rdf_type type, FILE *fp, int *line_nr); - -/* destroy functions */ - -/** - * frees a rdf structure, leaving the - * data pointer intact. - * \param[in] rd the pointer to be freed - * \return void - */ -void ldns_rdf_free(ldns_rdf *rd); - -/** - * frees a rdf structure _and_ frees the - * data. rdf should be created with _new_frm_data - * \param[in] rd the rdf structure to be freed - * \return void - */ -void ldns_rdf_deep_free(ldns_rdf *rd); - -/* conversion functions */ - -/** - * returns the rdf containing the native uint8_t repr. - * \param[in] type the ldns_rdf type to use - * \param[in] value the uint8_t to use - * \return ldns_rdf* with the converted value - */ -ldns_rdf *ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value); - -/** - * returns the rdf containing the native uint16_t representation. - * \param[in] type the ldns_rdf type to use - * \param[in] value the uint16_t to use - * \return ldns_rdf* with the converted value - */ -ldns_rdf *ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value); - -/** - * returns an rdf that contains the given int32 value. - * - * Because multiple rdf types can contain an int32, the - * type must be specified - * \param[in] type the ldns_rdf type to use - * \param[in] value the uint32_t to use - * \return ldns_rdf* with the converted value - */ -ldns_rdf *ldns_native2rdf_int32(ldns_rdf_type type, uint32_t value); - -/** - * returns an int16_data rdf that contains the data in the - * given array, preceded by an int16 specifying the length. - * - * The memory is copied, and an LDNS_RDF_TYPE_INT16DATA is returned - * \param[in] size the size of the data - * \param[in] *data pointer to the actual data - * - * \return ldns_rd* the rdf with the data - */ -ldns_rdf *ldns_native2rdf_int16_data(size_t size, uint8_t *data); - -/** - * reverses an rdf, only actually useful for AAAA and A records. - * The returned rdf has the type LDNS_RDF_TYPE_DNAME! - * \param[in] *rd rdf to be reversed - * \return the reversed rdf (a newly created rdf) - */ -ldns_rdf *ldns_rdf_address_reverse(ldns_rdf *rd); - -/** - * returns the native uint8_t representation from the rdf. - * \param[in] rd the ldns_rdf to operate on - * \return uint8_t the value extracted - */ -uint8_t ldns_rdf2native_int8(const ldns_rdf *rd); - -/** - * returns the native uint16_t representation from the rdf. - * \param[in] rd the ldns_rdf to operate on - * \return uint16_t the value extracted - */ -uint16_t ldns_rdf2native_int16(const ldns_rdf *rd); - -/** - * returns the native uint32_t representation from the rdf. - * \param[in] rd the ldns_rdf to operate on - * \return uint32_t the value extracted - */ -uint32_t ldns_rdf2native_int32(const ldns_rdf *rd); - -/** - * returns the native time_t representation from the rdf. - * \param[in] rd the ldns_rdf to operate on - * \return time_t the value extracted (32 bits currently) - */ -time_t ldns_rdf2native_time_t(const ldns_rdf *rd); - -/** - * converts a ttl value (like 5d2h) to a long. - * \param[in] nptr the start of the string - * \param[out] endptr points to the last char in case of error - * \return the convert duration value - */ -uint32_t ldns_str2period(const char *nptr, const char **endptr); - -/** - * removes \\DDD, \\[space] and other escapes from the input. - * See RFC 1035, section 5.1. - * \param[in] word what to check - * \param[in] length the string - * \return ldns_status mesg - */ -ldns_status ldns_octet(char *word, size_t *length); - -/** - * clones a rdf structure. The data is copied. - * \param[in] rd rdf to be copied - * \return a new rdf structure - */ -ldns_rdf *ldns_rdf_clone(const ldns_rdf *rd); - -/** - * compares two rdf's on their wire formats. - * (To order dnames according to rfc4034, use ldns_dname_compare) - * \param[in] rd1 the first one - * \param[in] rd2 the second one - * \return 0 if equal - * \return -1 if rd1 comes before rd2 - * \return +1 if rd2 comes before rd1 - */ -int ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2); - -/** - * Gets the algorithm value, the HIT and Public Key data from the rdf with - * type LDNS_RDF_TYPE_HIP. - * \param[in] rdf the rdf with type LDNS_RDF_TYPE_HIP - * \param[out] alg the algorithm - * \param[out] hit_size the size of the HIT data - * \param[out] hit the hit data - * \param[out] pk_size the size of the Public Key data - * \param[out] pk the Public Key data - * \return LDNS_STATUS_OK on success, and the error otherwise - */ -ldns_status ldns_rdf_hip_get_alg_hit_pk(ldns_rdf *rdf, uint8_t* alg, - uint8_t *hit_size, uint8_t** hit, - uint16_t *pk_size, uint8_t** pk); - -/** - * Creates a new LDNS_RDF_TYPE_HIP rdf from given data. - * \param[out] rdf the newly created LDNS_RDF_TYPE_HIP rdf - * \param[in] alg the algorithm - * \param[in] hit_size the size of the HIT data - * \param[in] hit the hit data - * \param[in] pk_size the size of the Public Key data - * \param[in] pk the Public Key data - * \return LDNS_STATUS_OK on success, and the error otherwise - */ -ldns_status ldns_rdf_hip_new_frm_alg_hit_pk(ldns_rdf** rdf, uint8_t alg, - uint8_t hit_size, uint8_t *hit, uint16_t pk_size, uint8_t *pk); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_RDATA_H */ diff --git a/include/ldns/resolver.h b/include/ldns/resolver.h deleted file mode 100644 index 228485c..0000000 --- a/include/ldns/resolver.h +++ /dev/null @@ -1,805 +0,0 @@ -/* - * resolver.h - * - * DNS Resolver definitions - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -/** - * \file - * - * Defines the ldns_resolver structure, a stub resolver that can send queries and parse answers. - * - */ - -#ifndef LDNS_RESOLVER_H -#define LDNS_RESOLVER_H - -#include -#include -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** Default location of the resolv.conf file */ -#define LDNS_RESOLV_CONF "/etc/resolv.conf" -/** Default location of the hosts file */ -#define LDNS_RESOLV_HOSTS "/etc/hosts" - -#define LDNS_RESOLV_KEYWORD -1 -#define LDNS_RESOLV_DEFDOMAIN 0 -#define LDNS_RESOLV_NAMESERVER 1 -#define LDNS_RESOLV_SEARCH 2 -#define LDNS_RESOLV_SORTLIST 3 -#define LDNS_RESOLV_OPTIONS 4 -#define LDNS_RESOLV_ANCHOR 5 -#define LDNS_RESOLV_KEYWORDS 6 - -#define LDNS_RESOLV_INETANY 0 -#define LDNS_RESOLV_INET 1 -#define LDNS_RESOLV_INET6 2 - -#define LDNS_RESOLV_RTT_INF 0 /* infinity */ -#define LDNS_RESOLV_RTT_MIN 1 /* reachable */ - -/** - * DNS stub resolver structure - */ -struct ldns_struct_resolver -{ - /** Port to send queries to */ - uint16_t _port; - - /** Array of nameservers to query (IP addresses or dnames) */ - ldns_rdf **_nameservers; - /** Number of nameservers in \c _nameservers */ - size_t _nameserver_count; /* how many do we have */ - - /** Round trip time; 0 -> infinity. Unit: ms? */ - size_t *_rtt; - - /** Whether or not to be recursive */ - bool _recursive; - - /** Print debug information */ - bool _debug; - - /** Default domain to add to non fully qualified domain names */ - ldns_rdf *_domain; - - /** Searchlist array, add the names in this array if a query cannot be found */ - ldns_rdf **_searchlist; - - /** Number of entries in the searchlist array */ - size_t _searchlist_count; - - /** Number of times to retry before giving up */ - uint8_t _retry; - /** Time to wait before retrying */ - uint8_t _retrans; - /** Use new fallback mechanism (try EDNS, then do TCP) */ - bool _fallback; - - /** Whether to do DNSSEC */ - bool _dnssec; - /** Whether to set the CD bit on DNSSEC requests */ - bool _dnssec_cd; - /** Optional trust anchors for complete DNSSEC validation */ - ldns_rr_list * _dnssec_anchors; - /** Whether to use tcp or udp (tcp if the value is true)*/ - bool _usevc; - /** Whether to ignore the tc bit */ - bool _igntc; - /** Whether to use ip6: 0->does not matter, 1 is IPv4, 2 is IPv6 */ - uint8_t _ip6; - /** If true append the default domain */ - bool _defnames; - /** If true apply the search list */ - bool _dnsrch; - /** Timeout for socket connections */ - struct timeval _timeout; - /** Only try the first nameserver, and return with an error directly if it fails */ - bool _fail; - /** Randomly choose a nameserver */ - bool _random; - /** Keep some things to make AXFR possible */ - int _socket; - /** Count the number of LDNS_RR_TYPE_SOA RRs we have seen so far - * (the second one signifies the end of the AXFR) - */ - int _axfr_soa_count; - /* when axfring we get complete packets from the server - but we want to give the caller 1 rr at a time, so - keep the current pkt */ - /** Packet currently handled when doing part of an AXFR */ - ldns_pkt *_cur_axfr_pkt; - /** Counter for within the AXFR packets */ - uint16_t _axfr_i; - /* EDNS0 available buffer size */ - uint16_t _edns_udp_size; - /* serial for IXFR */ - uint32_t _serial; - - /* Optional tsig key for signing queries, - outgoing messages are signed if and only if both are set - */ - /** Name of the key to use with TSIG, if _tsig_keyname and _tsig_keydata both contain values, outgoing messages are automatically signed with TSIG. */ - char *_tsig_keyname; - /** Secret key data to use with TSIG, if _tsig_keyname and _tsig_keydata both contain values, outgoing messages are automatically signed with TSIG. */ - char *_tsig_keydata; - /** TSIG signing algorithm */ - char *_tsig_algorithm; - - /** Source address to query from */ - ldns_rdf *_source; -}; -typedef struct ldns_struct_resolver ldns_resolver; - -/* prototypes */ -/* read access functions */ - -/** - * Get the port the resolver should use - * \param[in] r the resolver - * \return the port number - */ -uint16_t ldns_resolver_port(const ldns_resolver *r); - -/** - * Get the source address the resolver should use - * \param[in] r the resolver - * \return the source rdf - */ -ldns_rdf *ldns_resolver_source(const ldns_resolver *r); - -/** - * Is the resolver set to recurse - * \param[in] r the resolver - * \return true if so, otherwise false - */ -bool ldns_resolver_recursive(const ldns_resolver *r); - -/** - * Get the debug status of the resolver - * \param[in] r the resolver - * \return true if so, otherwise false - */ -bool ldns_resolver_debug(const ldns_resolver *r); - -/** - * Get the number of retries - * \param[in] r the resolver - * \return the number of retries - */ -uint8_t ldns_resolver_retry(const ldns_resolver *r); - -/** - * Get the retransmit interval - * \param[in] r the resolver - * \return the retransmit interval - */ -uint8_t ldns_resolver_retrans(const ldns_resolver *r); - -/** - * Get the truncation fallback status - * \param[in] r the resolver - * \return whether the truncation fallback mechanism is used - */ -bool ldns_resolver_fallback(const ldns_resolver *r); - -/** - * Does the resolver use ip6 or ip4 - * \param[in] r the resolver - * \return 0: both, 1: ip4, 2:ip6 - */ -uint8_t ldns_resolver_ip6(const ldns_resolver *r); - -/** - * Get the resolver's udp size - * \param[in] r the resolver - * \return the udp mesg size - */ -uint16_t ldns_resolver_edns_udp_size(const ldns_resolver *r); -/** - * Does the resolver use tcp or udp - * \param[in] r the resolver - * \return true: tcp, false: udp - */ -bool ldns_resolver_usevc(const ldns_resolver *r); -/** - * Does the resolver only try the first nameserver - * \param[in] r the resolver - * \return true: yes, fail, false: no, try the others - */ -bool ldns_resolver_fail(const ldns_resolver *r); -/** - * Does the resolver apply default domain name - * \param[in] r the resolver - * \return true: yes, false: no - */ -bool ldns_resolver_defnames(const ldns_resolver *r); -/** - * Does the resolver apply search list - * \param[in] r the resolver - * \return true: yes, false: no - */ -bool ldns_resolver_dnsrch(const ldns_resolver *r); -/** - * Does the resolver do DNSSEC - * \param[in] r the resolver - * \return true: yes, false: no - */ -bool ldns_resolver_dnssec(const ldns_resolver *r); -/** - * Does the resolver set the CD bit - * \param[in] r the resolver - * \return true: yes, false: no - */ -bool ldns_resolver_dnssec_cd(const ldns_resolver *r); -/** - * Get the resolver's DNSSEC anchors - * \param[in] r the resolver - * \return an rr_list containg trusted DNSSEC anchors - */ -ldns_rr_list * ldns_resolver_dnssec_anchors(const ldns_resolver *r); -/** - * Does the resolver ignore the TC bit (truncated) - * \param[in] r the resolver - * \return true: yes, false: no - */ -bool ldns_resolver_igntc(const ldns_resolver *r); -/** - * Does the resolver randomize the nameserver before usage - * \param[in] r the resolver - * \return true: yes, false: no - */ -bool ldns_resolver_random(const ldns_resolver *r); -/** - * How many nameserver are configured in the resolver - * \param[in] r the resolver - * \return number of nameservers - */ -size_t ldns_resolver_nameserver_count(const ldns_resolver *r); -/** - * What is the default dname to add to relative queries - * \param[in] r the resolver - * \return the dname which is added - */ -ldns_rdf *ldns_resolver_domain(const ldns_resolver *r); -/** - * What is the timeout on socket connections - * \param[in] r the resolver - * \return the timeout as struct timeval - */ -struct timeval ldns_resolver_timeout(const ldns_resolver *r); -/** - * What is the searchlist as used by the resolver - * \param[in] r the resolver - * \return a ldns_rdf pointer to a list of the addresses - */ -ldns_rdf** ldns_resolver_searchlist(const ldns_resolver *r); -/** - * Return the configured nameserver ip address - * \param[in] r the resolver - * \return a ldns_rdf pointer to a list of the addresses - */ -ldns_rdf** ldns_resolver_nameservers(const ldns_resolver *r); -/** - * Return the used round trip times for the nameservers - * \param[in] r the resolver - * \return a size_t* pointer to the list. - * yet) - */ -size_t * ldns_resolver_rtt(const ldns_resolver *r); -/** - * Return the used round trip time for a specific nameserver - * \param[in] r the resolver - * \param[in] pos the index to the nameserver - * \return the rrt, 0: infinite, >0: undefined (as of * yet) - */ -size_t ldns_resolver_nameserver_rtt(const ldns_resolver *r, size_t pos); -/** - * Return the tsig keyname as used by the nameserver - * \param[in] r the resolver - * \return the name used. - */ -char *ldns_resolver_tsig_keyname(const ldns_resolver *r); -/** - * Return the tsig algorithm as used by the nameserver - * \param[in] r the resolver - * \return the algorithm used. - */ -char *ldns_resolver_tsig_algorithm(const ldns_resolver *r); -/** - * Return the tsig keydata as used by the nameserver - * \param[in] r the resolver - * \return the keydata used. - */ -char *ldns_resolver_tsig_keydata(const ldns_resolver *r); -/** - * pop the last nameserver from the resolver. - * \param[in] r the resolver - * \return the popped address or NULL if empty - */ -ldns_rdf* ldns_resolver_pop_nameserver(ldns_resolver *r); - -/** - * Return the resolver's searchlist count - * \param[in] r the resolver - * \return the searchlist count - */ -size_t ldns_resolver_searchlist_count(const ldns_resolver *r); - -/* write access function */ -/** - * Set the port the resolver should use - * \param[in] r the resolver - * \param[in] p the port number - */ -void ldns_resolver_set_port(ldns_resolver *r, uint16_t p); - -/** - * Set the source rdf (address) the resolver should use - * \param[in] r the resolver - * \param[in] s the source address - */ -void ldns_resolver_set_source(ldns_resolver *r, ldns_rdf *s); - -/** - * Set the resolver recursion - * \param[in] r the resolver - * \param[in] b true: set to recurse, false: unset - */ -void ldns_resolver_set_recursive(ldns_resolver *r, bool b); - -/** - * Set the resolver debugging - * \param[in] r the resolver - * \param[in] b true: debug on: false debug off - */ -void ldns_resolver_set_debug(ldns_resolver *r, bool b); - -/** - * Incremental the resolver's nameserver count. - * \param[in] r the resolver - */ -void ldns_resolver_incr_nameserver_count(ldns_resolver *r); - -/** - * Decrement the resolver's nameserver count. - * \param[in] r the resolver - */ -void ldns_resolver_dec_nameserver_count(ldns_resolver *r); - -/** - * Set the resolver's nameserver count directly. - * \param[in] r the resolver - * \param[in] c the nameserver count - */ -void ldns_resolver_set_nameserver_count(ldns_resolver *r, size_t c); - -/** - * Set the resolver's nameserver count directly by using an rdf list - * \param[in] r the resolver - * \param[in] rd the resolver addresses - */ -void ldns_resolver_set_nameservers(ldns_resolver *r, ldns_rdf **rd); - -/** - * Set the resolver's default domain. This gets appended when no - * absolute name is given - * \param[in] r the resolver - * \param[in] rd the name to append - */ -void ldns_resolver_set_domain(ldns_resolver *r, ldns_rdf *rd); - -/** - * Set the resolver's socket time out when talking to remote hosts - * \param[in] r the resolver - * \param[in] timeout the timeout to use - */ -void ldns_resolver_set_timeout(ldns_resolver *r, struct timeval timeout); - -/** - * Push a new rd to the resolver's searchlist - * \param[in] r the resolver - * \param[in] rd to push - */ -void ldns_resolver_push_searchlist(ldns_resolver *r, ldns_rdf *rd); - -/** - * Whether the resolver uses the name set with _set_domain - * \param[in] r the resolver - * \param[in] b true: use the defaults, false: don't use them - */ -void ldns_resolver_set_defnames(ldns_resolver *r, bool b); - -/** - * Whether the resolver uses a virtual circuit (TCP) - * \param[in] r the resolver - * \param[in] b true: use TCP, false: don't use TCP - */ -void ldns_resolver_set_usevc(ldns_resolver *r, bool b); - -/** - * Whether the resolver uses the searchlist - * \param[in] r the resolver - * \param[in] b true: use the list, false: don't use the list - */ -void ldns_resolver_set_dnsrch(ldns_resolver *r, bool b); - -/** - * Whether the resolver uses DNSSEC - * \param[in] r the resolver - * \param[in] b true: use DNSSEC, false: don't use DNSSEC - */ -void ldns_resolver_set_dnssec(ldns_resolver *r, bool b); - -/** - * Whether the resolver uses the checking disable bit - * \param[in] r the resolver - * \param[in] b true: enable , false: don't use TCP - */ -void ldns_resolver_set_dnssec_cd(ldns_resolver *r, bool b); -/** - * Set the resolver's DNSSEC anchor list directly. RRs should be of type DS or DNSKEY. - * \param[in] r the resolver - * \param[in] l the list of RRs to use as trust anchors - */ -void ldns_resolver_set_dnssec_anchors(ldns_resolver *r, ldns_rr_list * l); - -/** - * Push a new trust anchor to the resolver. It must be a DS or DNSKEY rr - * \param[in] r the resolver. - * \param[in] rr the RR to add as a trust anchor. - * \return a status - */ -ldns_status ldns_resolver_push_dnssec_anchor(ldns_resolver *r, ldns_rr *rr); - -/** - * Set the resolver retrans timeout (in seconds) - * \param[in] r the resolver - * \param[in] re the retransmission interval in seconds - */ -void ldns_resolver_set_retrans(ldns_resolver *r, uint8_t re); - -/** - * Set whether the resolvers truncation fallback mechanism is used - * when ldns_resolver_query() is called. - * \param[in] r the resolver - * \param[in] fallback whether to use the fallback mechanism - */ -void ldns_resolver_set_fallback(ldns_resolver *r, bool fallback); - -/** - * Set the number of times a resolver should retry a nameserver before the - * next one is tried. - * \param[in] r the resolver - * \param[in] re the number of retries - */ -void ldns_resolver_set_retry(ldns_resolver *r, uint8_t re); - -/** - * Whether the resolver uses ip6 - * \param[in] r the resolver - * \param[in] i 0: no pref, 1: ip4, 2: ip6 - */ -void ldns_resolver_set_ip6(ldns_resolver *r, uint8_t i); - -/** - * Whether or not to fail after one failed query - * \param[in] r the resolver - * \param[in] b true: yes fail, false: continue with next nameserver - */ -void ldns_resolver_set_fail(ldns_resolver *r, bool b); - -/** - * Whether or not to ignore the TC bit - * \param[in] r the resolver - * \param[in] b true: yes ignore, false: don't ignore - */ -void ldns_resolver_set_igntc(ldns_resolver *r, bool b); - -/** - * Set maximum udp size - * \param[in] r the resolver - * \param[in] s the udp max size - */ -void ldns_resolver_set_edns_udp_size(ldns_resolver *r, uint16_t s); - -/** - * Set the tsig key name - * \param[in] r the resolver - * \param[in] tsig_keyname the tsig key name - */ -void ldns_resolver_set_tsig_keyname(ldns_resolver *r, char *tsig_keyname); - -/** - * Set the tsig algorithm - * \param[in] r the resolver - * \param[in] tsig_algorithm the tsig algorithm - */ -void ldns_resolver_set_tsig_algorithm(ldns_resolver *r, char *tsig_algorithm); - -/** - * Set the tsig key data - * \param[in] r the resolver - * \param[in] tsig_keydata the key data - */ -void ldns_resolver_set_tsig_keydata(ldns_resolver *r, char *tsig_keydata); - -/** - * Set round trip time for all nameservers. Note this currently - * differentiates between: unreachable and reachable. - * \param[in] r the resolver - * \param[in] rtt a list with the times - */ -void ldns_resolver_set_rtt(ldns_resolver *r, size_t *rtt); - -/** - * Set round trip time for a specific nameserver. Note this - * currently differentiates between: unreachable and reachable. - * \param[in] r the resolver - * \param[in] pos the nameserver position - * \param[in] value the rtt - */ -void ldns_resolver_set_nameserver_rtt(ldns_resolver *r, size_t pos, size_t value); - -/** - * Should the nameserver list be randomized before each use - * \param[in] r the resolver - * \param[in] b: true: randomize, false: don't - */ -void ldns_resolver_set_random(ldns_resolver *r, bool b); - -/** - * Push a new nameserver to the resolver. It must be an IP - * address v4 or v6. - * \param[in] r the resolver - * \param[in] n the ip address - * \return ldns_status a status - */ -ldns_status ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n); - -/** - * Push a new nameserver to the resolver. It must be an - * A or AAAA RR record type - * \param[in] r the resolver - * \param[in] rr the resource record - * \return ldns_status a status - */ -ldns_status ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr); - -/** - * Push a new nameserver rr_list to the resolver. - * \param[in] r the resolver - * \param[in] rrlist the rr_list to push - * \return ldns_status a status - */ -ldns_status ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list *rrlist); - -/** - * Send the query for using the resolver and take the search list into account - * The search algorithm is as follows: - * If the name is absolute, try it as-is, otherwise apply the search list - * \param[in] *r operate using this resolver - * \param[in] *rdf query for this name - * \param[in] t query for this type (may be 0, defaults to A) - * \param[in] c query for this class (may be 0, default to IN) - * \param[in] flags the query flags - * - * \return ldns_pkt* a packet with the reply from the nameserver - */ -ldns_pkt* ldns_resolver_search(const ldns_resolver *r, const ldns_rdf *rdf, ldns_rr_type t, ldns_rr_class c, uint16_t flags); - - -/** - * Send the query for using the resolver and take the search list into account - * The search algorithm is as follows: - * If the name is absolute, try it as-is, otherwise apply the search list - * \param[out] pkt a packet with the reply from the nameserver - * \param[in] *r operate using this resolver - * \param[in] *rdf query for this name - * \param[in] t query for this type (may be 0, defaults to A) - * \param[in] c query for this class (may be 0, default to IN) - * \param[in] flags the query flags - * - * \return ldns_status LDNS_STATUS_OK on success - */ -ldns_status ldns_resolver_search_status(ldns_pkt** pkt, ldns_resolver *r, const ldns_rdf *rdf, ldns_rr_type t, ldns_rr_class c, uint16_t flags); - -/** - * Form a query packet from a resolver and name/type/class combo - * \param[out] **q a pointer to a ldns_pkt pointer (initialized by this function) - * \param[in] *r operate using this resolver - * \param[in] *name query for this name - * \param[in] t query for this type (may be 0, defaults to A) - * \param[in] c query for this class (may be 0, default to IN) - * \param[in] f the query flags - * - * \return ldns_pkt* a packet with the reply from the nameserver - */ -ldns_status ldns_resolver_prepare_query_pkt(ldns_pkt **q, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t f); - -/** - * Send the query for name as-is - * \param[out] **answer a pointer to a ldns_pkt pointer (initialized by this function) - * \param[in] *r operate using this resolver - * \param[in] *name query for this name - * \param[in] t query for this type (may be 0, defaults to A) - * \param[in] c query for this class (may be 0, default to IN) - * \param[in] flags the query flags - * - * \return ldns_pkt* a packet with the reply from the nameserver - */ -ldns_status ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags); - -/** - * Send the given packet to a nameserver - * \param[out] **answer a pointer to a ldns_pkt pointer (initialized by this function) - * \param[in] *r operate using this resolver - * \param[in] *query_pkt query - */ -ldns_status ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r, ldns_pkt *query_pkt); - -/** - * Send a query to a nameserver - * \param[out] pkt a packet with the reply from the nameserver - * \param[in] *r operate using this resolver - * \param[in] *name query for this name - * \param[in] *t query for this type (may be 0, defaults to A) - * \param[in] *c query for this class (may be 0, default to IN) - * \param[in] flags the query flags - * - * \return ldns_status LDNS_STATUS_OK on success - * if _defnames is true the default domain will be added - */ -ldns_status ldns_resolver_query_status(ldns_pkt** pkt, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags); - - -/** - * Send a query to a nameserver - * \param[in] *r operate using this resolver - * (despite the const in the declaration, - * the struct is altered as a side-effect) - * \param[in] *name query for this name - * \param[in] *t query for this type (may be 0, defaults to A) - * \param[in] *c query for this class (may be 0, default to IN) - * \param[in] flags the query flags - * - * \return ldns_pkt* a packet with the reply from the nameserver - * if _defnames is true the default domain will be added - */ -ldns_pkt* ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags); - - -/** - * Create a new resolver structure - * \return ldns_resolver* pointer to new structure - */ -ldns_resolver* ldns_resolver_new(void); - -/** - * Clone a resolver - * \param[in] r the resolver to clone - * \return ldns_resolver* pointer to new structure - */ -ldns_resolver* ldns_resolver_clone(ldns_resolver *r); - -/** - * Create a resolver structure from a file like /etc/resolv.conf - * \param[out] r the new resolver - * \param[in] fp file pointer to create new resolver from - * if NULL use /etc/resolv.conf - * \return LDNS_STATUS_OK or the error - */ -ldns_status ldns_resolver_new_frm_fp(ldns_resolver **r, FILE *fp); - -/** - * Create a resolver structure from a file like /etc/resolv.conf - * \param[out] r the new resolver - * \param[in] fp file pointer to create new resolver from - * if NULL use /etc/resolv.conf - * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) - * \return LDNS_STATUS_OK or the error - */ -ldns_status ldns_resolver_new_frm_fp_l(ldns_resolver **r, FILE *fp, int *line_nr); - -/** - * Configure a resolver by means of a resolv.conf file - * The file may be NULL in which case there will be - * looked the RESOLV_CONF (defaults to /etc/resolv.conf - * \param[out] r the new resolver - * \param[in] filename the filename to use - * \return LDNS_STATUS_OK or the error - */ -ldns_status ldns_resolver_new_frm_file(ldns_resolver **r, const char *filename); - -/** - * Frees the allocated space for this resolver. Only frees the resolver pionter! You should probably be using _deep_free. - * \param res resolver to free - */ -void ldns_resolver_free(ldns_resolver *res); - -/** - * Frees the allocated space for this resolver and all it's data - * \param res resolver to free - */ -void ldns_resolver_deep_free(ldns_resolver *res); - -/** - * Get the next stream of RRs in a AXFR - * \param[in] resolver the resolver to use. First ldns_axfr_start() must be - * called - * \return ldns_rr the next RR from the AXFR stream - * After you get this returned RR (not NULL: on error), then check if - * ldns_axfr_complete() is true to see if the zone transfer has completed. - */ -ldns_rr* ldns_axfr_next(ldns_resolver *resolver); - -/** - * Abort a transfer that is in progress - * \param[in] resolver the resolver that is used - */ -void ldns_axfr_abort(ldns_resolver *resolver); - -/** - * Returns true if the axfr transfer has completed (i.e. 2 SOA RRs and no errors were encountered - * \param[in] resolver the resolver that is used - * \return bool true if axfr transfer was completed without error - */ -bool ldns_axfr_complete(const ldns_resolver *resolver); - -/** - * Returns a pointer to the last ldns_pkt that was sent by the server in the AXFR transfer - * uasable for instance to get the error code on failure - * \param[in] res the resolver that was used in the axfr transfer - * \return ldns_pkt the last packet sent - */ -ldns_pkt *ldns_axfr_last_pkt(const ldns_resolver *res); - -/** - * Get the serial for requesting IXFR. - * \param[in] r the resolver - * \param[in] serial serial - */ -void ldns_resolver_set_ixfr_serial(ldns_resolver *r, uint32_t serial); - -/** - * Get the serial for requesting IXFR. - * \param[in] res the resolver - * \return uint32_t serial - */ -uint32_t ldns_resolver_get_ixfr_serial(const ldns_resolver *res); - -/** - * Randomize the nameserver list in the resolver - * \param[in] r the resolver - */ -void ldns_resolver_nameservers_randomize(ldns_resolver *r); - -/** - * Returns true if at least one of the provided keys is a trust anchor - * \param[in] r the current resolver - * \param[in] keys the keyset to check - * \param[out] trusted_keys the subset of trusted keys in the 'keys' rrset - * \return true if at least one of the provided keys is a configured trust anchor - */ -bool ldns_resolver_trusted_key(const ldns_resolver *r, ldns_rr_list * keys, ldns_rr_list * trusted_keys); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_RESOLVER_H */ diff --git a/include/ldns/rr.h b/include/ldns/rr.h deleted file mode 100644 index 75ac352..0000000 --- a/include/ldns/rr.h +++ /dev/null @@ -1,929 +0,0 @@ -/* - * rr.h - resource record definitions - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -/** - * \file - * - * Contains the definition of ldns_rr and functions to manipulate those. - */ - - -#ifndef LDNS_RR_H -#define LDNS_RR_H - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** Maximum length of a dname label */ -#define LDNS_MAX_LABELLEN 63 -/** Maximum length of a complete dname */ -#define LDNS_MAX_DOMAINLEN 255 -/** Maximum number of pointers in 1 dname */ -#define LDNS_MAX_POINTERS 65535 -/** The bytes TTL, CLASS and length use up in an rr */ -#define LDNS_RR_OVERHEAD 10 - -/* The first fields are contiguous and can be referenced instantly */ -#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 258 - - - -/** - * The different RR classes. - */ -enum ldns_enum_rr_class -{ - /** the Internet */ - LDNS_RR_CLASS_IN = 1, - /** Chaos class */ - LDNS_RR_CLASS_CH = 3, - /** Hesiod (Dyer 87) */ - LDNS_RR_CLASS_HS = 4, - /** None class, dynamic update */ - LDNS_RR_CLASS_NONE = 254, - /** Any class */ - LDNS_RR_CLASS_ANY = 255, - - LDNS_RR_CLASS_FIRST = 0, - LDNS_RR_CLASS_LAST = 65535, - LDNS_RR_CLASS_COUNT = LDNS_RR_CLASS_LAST - LDNS_RR_CLASS_FIRST + 1 -}; -typedef enum ldns_enum_rr_class ldns_rr_class; - -/** - * Used to specify whether compression is allowed. - */ -enum ldns_enum_rr_compress -{ - /** compression is allowed */ - LDNS_RR_COMPRESS, - LDNS_RR_NO_COMPRESS -}; -typedef enum ldns_enum_rr_compress ldns_rr_compress; - -/** - * The different RR types. - */ -enum ldns_enum_rr_type -{ - /** a host address */ - LDNS_RR_TYPE_A = 1, - /** an authoritative name server */ - LDNS_RR_TYPE_NS = 2, - /** a mail destination (Obsolete - use MX) */ - LDNS_RR_TYPE_MD = 3, - /** a mail forwarder (Obsolete - use MX) */ - LDNS_RR_TYPE_MF = 4, - /** the canonical name for an alias */ - LDNS_RR_TYPE_CNAME = 5, - /** marks the start of a zone of authority */ - LDNS_RR_TYPE_SOA = 6, - /** a mailbox domain name (EXPERIMENTAL) */ - LDNS_RR_TYPE_MB = 7, - /** a mail group member (EXPERIMENTAL) */ - LDNS_RR_TYPE_MG = 8, - /** a mail rename domain name (EXPERIMENTAL) */ - LDNS_RR_TYPE_MR = 9, - /** a null RR (EXPERIMENTAL) */ - LDNS_RR_TYPE_NULL = 10, - /** a well known service description */ - LDNS_RR_TYPE_WKS = 11, - /** a domain name pointer */ - LDNS_RR_TYPE_PTR = 12, - /** host information */ - LDNS_RR_TYPE_HINFO = 13, - /** mailbox or mail list information */ - LDNS_RR_TYPE_MINFO = 14, - /** mail exchange */ - LDNS_RR_TYPE_MX = 15, - /** text strings */ - LDNS_RR_TYPE_TXT = 16, - /** RFC1183 */ - LDNS_RR_TYPE_RP = 17, - /** RFC1183 */ - LDNS_RR_TYPE_AFSDB = 18, - /** RFC1183 */ - LDNS_RR_TYPE_X25 = 19, - /** RFC1183 */ - LDNS_RR_TYPE_ISDN = 20, - /** RFC1183 */ - LDNS_RR_TYPE_RT = 21, - /** RFC1706 */ - LDNS_RR_TYPE_NSAP = 22, - /** RFC1348 */ - LDNS_RR_TYPE_NSAP_PTR = 23, - /** 2535typecode */ - LDNS_RR_TYPE_SIG = 24, - /** 2535typecode */ - LDNS_RR_TYPE_KEY = 25, - /** RFC2163 */ - LDNS_RR_TYPE_PX = 26, - /** RFC1712 */ - LDNS_RR_TYPE_GPOS = 27, - /** ipv6 address */ - LDNS_RR_TYPE_AAAA = 28, - /** LOC record RFC1876 */ - LDNS_RR_TYPE_LOC = 29, - /** 2535typecode */ - LDNS_RR_TYPE_NXT = 30, - /** draft-ietf-nimrod-dns-01.txt */ - LDNS_RR_TYPE_EID = 31, - /** draft-ietf-nimrod-dns-01.txt */ - LDNS_RR_TYPE_NIMLOC = 32, - /** SRV record RFC2782 */ - LDNS_RR_TYPE_SRV = 33, - /** http://www.jhsoft.com/rfc/af-saa-0069.000.rtf */ - LDNS_RR_TYPE_ATMA = 34, - /** RFC2915 */ - LDNS_RR_TYPE_NAPTR = 35, - /** RFC2230 */ - LDNS_RR_TYPE_KX = 36, - /** RFC2538 */ - LDNS_RR_TYPE_CERT = 37, - /** RFC2874 */ - LDNS_RR_TYPE_A6 = 38, - /** RFC2672 */ - LDNS_RR_TYPE_DNAME = 39, - /** dnsind-kitchen-sink-02.txt */ - LDNS_RR_TYPE_SINK = 40, - /** Pseudo OPT record... */ - LDNS_RR_TYPE_OPT = 41, - /** RFC3123 */ - LDNS_RR_TYPE_APL = 42, - /** RFC4034, RFC3658 */ - LDNS_RR_TYPE_DS = 43, - /** SSH Key Fingerprint */ - LDNS_RR_TYPE_SSHFP = 44, /* RFC 4255 */ - /** IPsec Key */ - LDNS_RR_TYPE_IPSECKEY = 45, /* RFC 4025 */ - /** DNSSEC */ - LDNS_RR_TYPE_RRSIG = 46, /* RFC 4034 */ - LDNS_RR_TYPE_NSEC = 47, /* RFC 4034 */ - LDNS_RR_TYPE_DNSKEY = 48, /* RFC 4034 */ - - LDNS_RR_TYPE_DHCID = 49, /* RFC 4701 */ - /* NSEC3 */ - LDNS_RR_TYPE_NSEC3 = 50, /* RFC 5155 */ - LDNS_RR_TYPE_NSEC3PARAM = 51, /* RFC 5155 */ - LDNS_RR_TYPE_NSEC3PARAMS = 51, - LDNS_RR_TYPE_TLSA = 52, /* RFC 6698 */ - - LDNS_RR_TYPE_HIP = 55, /* RFC 5205 */ - - /** draft-reid-dnsext-zs */ - LDNS_RR_TYPE_NINFO = 56, - /** draft-reid-dnsext-rkey */ - LDNS_RR_TYPE_RKEY = 57, - /** draft-ietf-dnsop-trust-history */ - LDNS_RR_TYPE_TALINK = 58, - LDNS_RR_TYPE_CDS = 59, /* RFC 7344 */ - LDNS_RR_TYPE_CDNSKEY = 60, /* RFC 7344 */ - /** draft-ietf-dane-openpgpkey */ - LDNS_RR_TYPE_OPENPGPKEY = 61, - - LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ - - LDNS_RR_TYPE_UINFO = 100, - LDNS_RR_TYPE_UID = 101, - LDNS_RR_TYPE_GID = 102, - LDNS_RR_TYPE_UNSPEC = 103, - - LDNS_RR_TYPE_NID = 104, /* RFC 6742 */ - LDNS_RR_TYPE_L32 = 105, /* RFC 6742 */ - LDNS_RR_TYPE_L64 = 106, /* RFC 6742 */ - LDNS_RR_TYPE_LP = 107, /* RFC 6742 */ - - LDNS_RR_TYPE_EUI48 = 108, /* RFC 7043 */ - LDNS_RR_TYPE_EUI64 = 109, /* RFC 7043 */ - - LDNS_RR_TYPE_TKEY = 249, /* RFC 2930 */ - LDNS_RR_TYPE_TSIG = 250, - LDNS_RR_TYPE_IXFR = 251, - LDNS_RR_TYPE_AXFR = 252, - /** A request for mailbox-related records (MB, MG or MR) */ - LDNS_RR_TYPE_MAILB = 253, - /** A request for mail agent RRs (Obsolete - see MX) */ - LDNS_RR_TYPE_MAILA = 254, - /** any type (wildcard) */ - LDNS_RR_TYPE_ANY = 255, - /** draft-faltstrom-uri-06 */ - LDNS_RR_TYPE_URI = 256, - LDNS_RR_TYPE_CAA = 257, /* RFC 6844 */ - - /** DNSSEC Trust Authorities */ - LDNS_RR_TYPE_TA = 32768, - /* RFC 4431, 5074, DNSSEC Lookaside Validation */ - LDNS_RR_TYPE_DLV = 32769, - - /* type codes from nsec3 experimental phase - LDNS_RR_TYPE_NSEC3 = 65324, - LDNS_RR_TYPE_NSEC3PARAMS = 65325, */ - LDNS_RR_TYPE_FIRST = 0, - LDNS_RR_TYPE_LAST = 65535, - LDNS_RR_TYPE_COUNT = LDNS_RR_TYPE_LAST - LDNS_RR_TYPE_FIRST + 1 -}; -typedef enum ldns_enum_rr_type ldns_rr_type; - -/** - * Resource Record - * - * This is the basic DNS element that contains actual data - * - * From RFC1035: - * 
-3.2.1. Format
-
-All RRs have the same top level format shown below:
-
-                                    1  1  1  1  1  1
-      0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
-    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-    |                                               |
-    /                                               /
-    /                      NAME                     /
-    |                                               |
-    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-    |                      TYPE                     |
-    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-    |                     CLASS                     |
-    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-    |                      TTL                      |
-    |                                               |
-    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-    |                   RDLENGTH                    |
-    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
-    /                     RDATA                     /
-    /                                               /
-    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-
-where:
-
-NAME            an owner name, i.e., the name of the node to which this
-                resource record pertains.
-
-TYPE            two octets containing one of the RR TYPE codes.
-
-CLASS           two octets containing one of the RR CLASS codes.
-
-TTL             a 32 bit signed integer that specifies the time interval
-                that the resource record may be cached before the source
-                of the information should again be consulted.  Zero
-                values are interpreted to mean that the RR can only be
-                used for the transaction in progress, and should not be
-                cached.  For example, SOA records are always distributed
-                with a zero TTL to prohibit caching.  Zero values can
-                also be used for extremely volatile data.
-
-RDLENGTH        an unsigned 16 bit integer that specifies the length in
-                octets of the RDATA field.
-
-RDATA           a variable length string of octets that describes the
-                resource.  The format of this information varies
-                according to the TYPE and CLASS of the resource record.
- *
- * - * The actual amount and type of rdata fields depend on the RR type of the - * RR, and can be found by using \ref ldns_rr_descriptor functions. - */ -struct ldns_struct_rr -{ - /** Owner name, uncompressed */ - ldns_rdf *_owner; - /** Time to live */ - uint32_t _ttl; - /** Number of data fields */ - size_t _rd_count; - /** the type of the RR. A, MX etc. */ - ldns_rr_type _rr_type; - /** Class of the resource record. */ - ldns_rr_class _rr_class; - /* everything in the rdata is in network order */ - /** The array of rdata's */ - ldns_rdf **_rdata_fields; - /** question rr [it would be nicer if thous is after _rd_count] - ABI change: Fix this in next major release - */ - bool _rr_question; -}; -typedef struct ldns_struct_rr ldns_rr; - -/** - * List or Set of Resource Records - * - * Contains a list of rr's
- * No official RFC-like checks are made - */ -struct ldns_struct_rr_list -{ - size_t _rr_count; - size_t _rr_capacity; - ldns_rr **_rrs; -}; -typedef struct ldns_struct_rr_list ldns_rr_list; - -/** - * Contains all information about resource record types. - * - * This structure contains, for all rr types, the rdata fields that are defined. - */ -struct ldns_struct_rr_descriptor -{ - /** Type of the RR that is described here */ - ldns_rr_type _type; - /** Textual name of the RR type. */ - const char *_name; - /** Minimum number of rdata fields in the RRs of this type. */ - uint8_t _minimum; - /** Maximum number of rdata fields in the RRs of this type. */ - uint8_t _maximum; - /** Wireformat specification for the rr, i.e. the types of rdata fields in their respective order. */ - const ldns_rdf_type *_wireformat; - /** Special rdf types */ - ldns_rdf_type _variable; - /** Specifies whether compression can be used for dnames in this RR type. */ - ldns_rr_compress _compress; - /** The number of DNAMEs in the _wireformat string, for parsing. */ - uint8_t _dname_count; -}; -typedef struct ldns_struct_rr_descriptor ldns_rr_descriptor; - - -/** - * Create a rr type bitmap rdf providing enough space to set all - * known (to ldns) rr types. - * \param[out] rdf the constructed rdf - * \return LDNS_STATUS_OK if all went well. - */ -ldns_status ldns_rdf_bitmap_known_rr_types_space(ldns_rdf** rdf); - -/** - * Create a rr type bitmap rdf with at least all known (to ldns) rr types set. - * \param[out] rdf the constructed rdf - * \return LDNS_STATUS_OK if all went well. - */ -ldns_status ldns_rdf_bitmap_known_rr_types(ldns_rdf** rdf); - - -/** - * creates a new rr structure. - * \return ldns_rr * - */ -ldns_rr* ldns_rr_new(void); - -/** - * creates a new rr structure, based on the given type. - * alloc enough space to hold all the rdf's - */ -ldns_rr* ldns_rr_new_frm_type(ldns_rr_type t); - -/** - * frees an RR structure - * \param[in] *rr the RR to be freed - * \return void - */ -void ldns_rr_free(ldns_rr *rr); - -/** - * creates an rr from a string. - * The string should be a fully filled-in rr, like - * ownername <space> TTL <space> CLASS <space> - * TYPE <space> RDATA. - * \param[out] n the rr to return - * \param[in] str the string to convert - * \param[in] default_ttl default ttl value for the rr. - * If 0 DEF_TTL will be used - * \param[in] origin when the owner is relative add this. - * The caller must ldns_rdf_deep_free it. - * \param[out] prev the previous ownername. if this value is not NULL, - * the function overwrites this with the ownername found in this - * string. The caller must then ldns_rdf_deep_free it. - * \return a status msg describing an error or LDNS_STATUS_OK - */ -ldns_status ldns_rr_new_frm_str(ldns_rr **n, const char *str, - uint32_t default_ttl, ldns_rdf *origin, - ldns_rdf **prev); - -/** - * creates an rr for the question section from a string, i.e. - * without RDATA fields - * Origin and previous RR functionality are the same as in - * ldns_rr_new_frm_str() - * \param[out] n the rr to return - * \param[in] str the string to convert - * \param[in] origin when the owner is relative add this. - * The caller must ldns_rdf_deep_free it. - * \param prev the previous ownername. the function overwrite this with - * the current found ownername. The caller must ldns_rdf_deep_free it. - * \return a status msg describing an error or LDNS_STATUS_OK - */ -ldns_status ldns_rr_new_question_frm_str(ldns_rr **n, const char *str, - ldns_rdf *origin, ldns_rdf **prev); - -/** - * creates a new rr from a file containing a string. - * \param[out] rr the new rr - * \param[in] fp the file pointer to use - * \param[in] default_ttl pointer to a default ttl for the rr. If NULL DEF_TTL will be used - * the pointer will be updated if the file contains a $TTL directive - * \param[in] origin when the owner is relative add this - * the pointer will be updated if the file contains a $ORIGIN directive - * The caller must ldns_rdf_deep_free it. - * \param[in] prev when the owner is whitespaces use this as the * ownername - * the pointer will be updated after the call - * The caller must ldns_rdf_deep_free it. - * \return a ldns_status with an error or LDNS_STATUS_OK - */ -ldns_status ldns_rr_new_frm_fp(ldns_rr **rr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev); - -/** - * creates a new rr from a file containing a string. - * \param[out] rr the new rr - * \param[in] fp the file pointer to use - * \param[in] default_ttl a default ttl for the rr. If NULL DEF_TTL will be used - * the pointer will be updated if the file contains a $TTL directive - * \param[in] origin when the owner is relative add this - * the pointer will be updated if the file contains a $ORIGIN directive - * The caller must ldns_rdf_deep_free it. - * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) - * \param[in] prev when the owner is whitespaces use this as the * ownername - * the pointer will be updated after the call - * The caller must ldns_rdf_deep_free it. - * \return a ldns_status with an error or LDNS_STATUS_OK - */ -ldns_status ldns_rr_new_frm_fp_l(ldns_rr **rr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr); - -/** - * sets the owner in the rr structure. - * \param[in] *rr rr to operate on - * \param[in] *owner set to this owner - * \return void - */ -void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner); - -/** - * sets the question flag in the rr structure. - * \param[in] *rr rr to operate on - * \param[in] question question flag - * \return void - */ -void ldns_rr_set_question(ldns_rr *rr, bool question); - -/** - * sets the ttl in the rr structure. - * \param[in] *rr rr to operate on - * \param[in] ttl set to this ttl - * \return void - */ -void ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl); - -/** - * sets the rd_count in the rr. - * \param[in] *rr rr to operate on - * \param[in] count set to this count - * \return void - */ -void ldns_rr_set_rd_count(ldns_rr *rr, size_t count); - -/** - * sets the type in the rr. - * \param[in] *rr rr to operate on - * \param[in] rr_type set to this type - * \return void - */ -void ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type); - -/** - * sets the class in the rr. - * \param[in] *rr rr to operate on - * \param[in] rr_class set to this class - * \return void - */ -void ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class); - -/** - * sets a rdf member, it will be set on the - * position given. The old value is returned, like pop. - * \param[in] *rr the rr to operate on - * \param[in] *f the rdf to set - * \param[in] position the position the set the rdf - * \return the old value in the rr, NULL on failyre - */ -ldns_rdf* ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position); - -/** - * sets rd_field member, it will be - * placed in the next available spot. - * \param[in] *rr rr to operate on - * \param[in] *f the data field member to set - * \return bool - */ -bool ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f); - -/** - * removes a rd_field member, it will be - * popped from the last position. - * \param[in] *rr rr to operate on - * \return rdf which was popped (null if nothing) - */ -ldns_rdf* ldns_rr_pop_rdf(ldns_rr *rr); - -/** - * returns the rdata field member counter. - * \param[in] *rr rr to operate on - * \param[in] nr the number of the rdf to return - * \return ldns_rdf * - */ -ldns_rdf* ldns_rr_rdf(const ldns_rr *rr, size_t nr); - -/** - * returns the owner name of an rr structure. - * \param[in] *rr rr to operate on - * \return ldns_rdf * - */ -ldns_rdf* ldns_rr_owner(const ldns_rr *rr); - -/** - * returns the question flag of an rr structure. - * \param[in] *rr rr to operate on - * \return bool true if question - */ -bool ldns_rr_is_question(const ldns_rr *rr); - -/** - * returns the ttl of an rr structure. - * \param[in] *rr the rr to read from - * \return the ttl of the rr - */ -uint32_t ldns_rr_ttl(const ldns_rr *rr); - -/** - * returns the rd_count of an rr structure. - * \param[in] *rr the rr to read from - * \return the rd count of the rr - */ -size_t ldns_rr_rd_count(const ldns_rr *rr); - -/** - * returns the type of the rr. - * \param[in] *rr the rr to read from - * \return the type of the rr - */ -ldns_rr_type ldns_rr_get_type(const ldns_rr *rr); - -/** - * returns the class of the rr. - * \param[in] *rr the rr to read from - * \return the class of the rr - */ -ldns_rr_class ldns_rr_get_class(const ldns_rr *rr); - -/* rr_lists */ - -/** - * returns the number of rr's in an rr_list. - * \param[in] rr_list the rr_list to read from - * \return the number of rr's - */ -size_t ldns_rr_list_rr_count(const ldns_rr_list *rr_list); - -/** - * sets the number of rr's in an rr_list. - * \param[in] rr_list the rr_list to set the count on - * \param[in] count the number of rr in this list - * \return void - */ -void ldns_rr_list_set_rr_count(ldns_rr_list *rr_list, size_t count); - -/** - * set a rr on a specific index in a ldns_rr_list - * \param[in] rr_list the rr_list to use - * \param[in] r the rr to set - * \param[in] count index into the rr_list - * \return the old rr which was stored in the rr_list, or - * NULL is the index was too large - * set a specific rr */ -ldns_rr * ldns_rr_list_set_rr(ldns_rr_list *rr_list, const ldns_rr *r, size_t count); - -/** - * returns a specific rr of an rrlist. - * \param[in] rr_list the rr_list to read from - * \param[in] nr return this rr - * \return the rr at position nr - */ -ldns_rr* ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr); - -/** - * creates a new rr_list structure. - * \return a new rr_list structure - */ -ldns_rr_list* ldns_rr_list_new(void); - -/** - * frees an rr_list structure. - * \param[in] rr_list the list to free - */ -void ldns_rr_list_free(ldns_rr_list *rr_list); - -/** - * frees an rr_list structure and all rrs contained therein. - * \param[in] rr_list the list to free - */ -void ldns_rr_list_deep_free(ldns_rr_list *rr_list); - -/** - * concatenates two ldns_rr_lists together. This modifies - * *left (to extend it and add the pointers from *right). - * \param[in] left the leftside - * \param[in] right the rightside - * \return a left with right concatenated to it - */ -bool ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right); - -/** - * concatenates two ldns_rr_lists together, but makes clones of the rr's - * (instead of pointer copying). - * \param[in] left the leftside - * \param[in] right the rightside - * \return a new rr_list with leftside/rightside concatenated - */ -ldns_rr_list* ldns_rr_list_cat_clone(ldns_rr_list *left, ldns_rr_list *right); - -/** - * pushes an rr to an rrlist. - * \param[in] rr_list the rr_list to push to - * \param[in] rr the rr to push - * \return false on error, otherwise true - */ -bool ldns_rr_list_push_rr(ldns_rr_list *rr_list, const ldns_rr *rr); - -/** - * pushes an rr_list to an rrlist. - * \param[in] rr_list the rr_list to push to - * \param[in] push_list the rr_list to push - * \return false on error, otherwise true - */ -bool ldns_rr_list_push_rr_list(ldns_rr_list *rr_list, const ldns_rr_list *push_list); - -/** - * pops the last rr from an rrlist. - * \param[in] rr_list the rr_list to pop from - * \return NULL if nothing to pop. Otherwise the popped RR - */ -ldns_rr* ldns_rr_list_pop_rr(ldns_rr_list *rr_list); - -/** - * pops an rr_list of size s from an rrlist. - * \param[in] rr_list the rr_list to pop from - * \param[in] size the number of rr's to pop - * \return NULL if nothing to pop. Otherwise the popped rr_list - */ -ldns_rr_list* ldns_rr_list_pop_rr_list(ldns_rr_list *rr_list, size_t size); - -/** - * returns true if the given rr is one of the rrs in the - * list, or if it is equal to one - * \param[in] rr_list the rr_list to check - * \param[in] rr the rr to check - * \return true if rr_list contains rr, false otherwise - */ -bool ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, ldns_rr *rr); - -/** - * checks if an rr_list is a rrset. - * \param[in] rr_list the rr_list to check - * \return true if it is an rrset otherwise false - */ -bool ldns_is_rrset(ldns_rr_list *rr_list); - -/** - * pushes an rr to an rrset (which really are rr_list's). - * \param[in] *rr_list the rrset to push the rr to - * \param[in] *rr the rr to push - * \return true if the push succeeded otherwise false - */ -bool ldns_rr_set_push_rr(ldns_rr_list *rr_list, ldns_rr *rr); - -/** - * pops the last rr from an rrset. This function is there only - * for the symmetry. - * \param[in] rr_list the rr_list to pop from - * \return NULL if nothing to pop. Otherwise the popped RR - * - */ -ldns_rr* ldns_rr_set_pop_rr(ldns_rr_list *rr_list); - -/** - * pops the first rrset from the list, - * the list must be sorted, so that all rr's from each rrset - * are next to each other - */ -ldns_rr_list *ldns_rr_list_pop_rrset(ldns_rr_list *rr_list); - - -/** - * retrieves a rrtype by looking up its name. - * \param[in] name a string with the name - * \return the type which corresponds with the name - */ -ldns_rr_type ldns_get_rr_type_by_name(const char *name); - -/** - * retrieves a class by looking up its name. - * \param[in] name string with the name - * \return the cass which corresponds with the name - */ -ldns_rr_class ldns_get_rr_class_by_name(const char *name); - -/** - * clones a rr and all its data - * \param[in] rr the rr to clone - * \return the new rr or NULL on failure - */ -ldns_rr* ldns_rr_clone(const ldns_rr *rr); - -/** - * clones an rrlist. - * \param[in] rrlist the rrlist to clone - * \return the cloned rr list - */ -ldns_rr_list* ldns_rr_list_clone(const ldns_rr_list *rrlist); - -/** - * sorts an rr_list (canonical wire format). the sorting is done inband. - * \param[in] unsorted the rr_list to be sorted - * \return void - */ -void ldns_rr_list_sort(ldns_rr_list *unsorted); - -/** - * compares two rrs. The TTL is not looked at. - * \param[in] rr1 the first one - * \param[in] rr2 the second one - * \return 0 if equal - * -1 if rr1 comes before rr2 - * +1 if rr2 comes before rr1 - */ -int ldns_rr_compare(const ldns_rr *rr1, const ldns_rr *rr2); - -/** - * compares two rrs, up to the rdata. - * \param[in] rr1 the first one - * \param[in] rr2 the second one - * \return 0 if equal - * -1 if rr1 comes before rr2 - * +1 if rr2 comes before rr1 - */ -int ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2); - -/** - * compares the wireformat of two rrs, contained in the given buffers. - * \param[in] rr1_buf the first one - * \param[in] rr2_buf the second one - * \return 0 if equal - * -1 if rr1_buf comes before rr2_buf - * +1 if rr2_buf comes before rr1_buf - */ -int ldns_rr_compare_wire(ldns_buffer *rr1_buf, ldns_buffer *rr2_buf); - -/** - * returns true of the given rr's are equal. - * Also returns true if one record is a DS that represents the - * same DNSKEY record as the other record - * \param[in] rr1 the first rr - * \param[in] rr2 the second rr - * \return true if equal otherwise false - */ -bool ldns_rr_compare_ds(const ldns_rr *rr1, const ldns_rr *rr2); - -/** - * compares two rr listss. - * \param[in] rrl1 the first one - * \param[in] rrl2 the second one - * \return 0 if equal - * -1 if rrl1 comes before rrl2 - * +1 if rrl2 comes before rrl1 - */ -int ldns_rr_list_compare(const ldns_rr_list *rrl1, const ldns_rr_list *rrl2); - -/** - * calculates the uncompressed size of an RR. - * \param[in] r the rr to operate on - * \return size of the rr - */ -size_t ldns_rr_uncompressed_size(const ldns_rr *r); - -/** - * converts each dname in a rr to its canonical form. - * \param[in] rr the rr to work on - * \return void - */ -void ldns_rr2canonical(ldns_rr *rr); - -/** - * converts each dname in each rr in a rr_list to its canonical form. - * \param[in] rr_list the rr_list to work on - * \return void - */ -void ldns_rr_list2canonical(ldns_rr_list *rr_list); - -/** - * counts the number of labels of the ownername. - * \param[in] rr count the labels of this rr - * \return the number of labels - */ -uint8_t ldns_rr_label_count(ldns_rr *rr); - -/** - * returns the resource record descriptor for the given rr type. - * - * \param[in] type the type value of the rr type - *\return the ldns_rr_descriptor for this type - */ -const ldns_rr_descriptor *ldns_rr_descript(uint16_t type); - -/** - * returns the minimum number of rdata fields of the rr type this descriptor describes. - * - * \param[in] descriptor for an rr type - * \return the minimum number of rdata fields - */ -size_t ldns_rr_descriptor_minimum(const ldns_rr_descriptor *descriptor); - -/** - * returns the maximum number of rdata fields of the rr type this descriptor describes. - * - * \param[in] descriptor for an rr type - * \return the maximum number of rdata fields - */ -size_t ldns_rr_descriptor_maximum(const ldns_rr_descriptor *descriptor); - -/** - * returns the rdf type for the given rdata field number of the rr type for the given descriptor. - * - * \param[in] descriptor for an rr type - * \param[in] field the field number - * \return the rdf type for the field - */ -ldns_rdf_type ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor, size_t field); - -/** - * Return the rr_list which matches the rdf at position field. Think - * type-covered stuff for RRSIG - * - * \param[in] l the rr_list to look in - * \param[in] r the rdf to use for the comparison - * \param[in] pos at which position can we find the rdf - * - * \return a new rr list with only the RRs that match - * - */ -ldns_rr_list *ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, size_t pos); - -/** - * convert an rdf of type LDNS_RDF_TYPE_TYPE to an actual - * LDNS_RR_TYPE. This is usefull in the case when inspecting - * the rrtype covered field of an RRSIG. - * \param[in] rd the rdf to look at - * \return a ldns_rr_type with equivalent LDNS_RR_TYPE - * - */ -ldns_rr_type ldns_rdf2rr_type(const ldns_rdf *rd); - -/** - * Returns the type of the first element of the RR - * If there are no elements present, 0 is returned - * - * \param[in] rr_list The rr list - * \return rr_type of the first element, or 0 if the list is empty - */ -ldns_rr_type -ldns_rr_list_type(const ldns_rr_list *rr_list); - -/** - * Returns the owner domain name rdf of the first element of the RR - * If there are no elements present, NULL is returned - * - * \param[in] rr_list The rr list - * \return dname of the first element, or NULL if the list is empty - */ -ldns_rdf * -ldns_rr_list_owner(const ldns_rr_list *rr_list); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_RR_H */ diff --git a/include/ldns/rr_functions.h b/include/ldns/rr_functions.h deleted file mode 100644 index 09a28dd..0000000 --- a/include/ldns/rr_functions.h +++ /dev/null @@ -1,363 +0,0 @@ -/* - * rr_functions.h - * - * the .h file with defs for the per rr - * functions - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ -#ifndef LDNS_RR_FUNCTIONS_H -#define LDNS_RR_FUNCTIONS_H - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \file - * - * Defines some extra convenience functions for ldns_rr structures - */ - -/* A / AAAA */ -/** - * returns the address of a LDNS_RR_TYPE_A rr - * \param[in] r the resource record - * \return a ldns_rdf* with the address or NULL on failure - */ -ldns_rdf* ldns_rr_a_address(const ldns_rr *r); - -/** - * sets the address of a LDNS_RR_TYPE_A rr - * \param[in] r the rr to use - * \param[in] f the address to set - * \return true on success, false otherwise - */ -bool ldns_rr_a_set_address(ldns_rr *r, ldns_rdf *f); - -/* NS */ -/** - * returns the name of a LDNS_RR_TYPE_NS rr - * \param[in] r the resource record - * \return a ldns_rdf* with the name or NULL on failure - */ -ldns_rdf* ldns_rr_ns_nsdname(const ldns_rr *r); - -/* MX */ -/** - * returns the mx pref. of a LDNS_RR_TYPE_MX rr - * \param[in] r the resource record - * \return a ldns_rdf* with the preference or NULL on failure - */ -ldns_rdf* ldns_rr_mx_preference(const ldns_rr *r); -/** - * returns the mx host of a LDNS_RR_TYPE_MX rr - * \param[in] r the resource record - * \return a ldns_rdf* with the name of the MX host or NULL on failure - */ -ldns_rdf* ldns_rr_mx_exchange(const ldns_rr *r); - -/* RRSIG */ -/** - * returns the type covered of a LDNS_RR_TYPE_RRSIG rr - * \param[in] r the resource record - * \return a ldns_rdf* with the type covered or NULL on failure - */ -ldns_rdf* ldns_rr_rrsig_typecovered(const ldns_rr *r); -/** - * sets the typecovered of a LDNS_RR_TYPE_RRSIG rr - * \param[in] r the rr to use - * \param[in] f the typecovered to set - * \return true on success, false otherwise - */ -bool ldns_rr_rrsig_set_typecovered(ldns_rr *r, ldns_rdf *f); -/** - * returns the algorithm of a LDNS_RR_TYPE_RRSIG RR - * \param[in] r the resource record - * \return a ldns_rdf* with the algorithm or NULL on failure - */ -ldns_rdf* ldns_rr_rrsig_algorithm(const ldns_rr *r); -/** - * sets the algorithm of a LDNS_RR_TYPE_RRSIG rr - * \param[in] r the rr to use - * \param[in] f the algorithm to set - * \return true on success, false otherwise - */ -bool ldns_rr_rrsig_set_algorithm(ldns_rr *r, ldns_rdf *f); -/** - * returns the number of labels of a LDNS_RR_TYPE_RRSIG RR - * \param[in] r the resource record - * \return a ldns_rdf* with the number of labels or NULL on failure - */ -ldns_rdf *ldns_rr_rrsig_labels(const ldns_rr *r); -/** - * sets the number of labels of a LDNS_RR_TYPE_RRSIG rr - * \param[in] r the rr to use - * \param[in] f the number of labels to set - * \return true on success, false otherwise - */ -bool ldns_rr_rrsig_set_labels(ldns_rr *r, ldns_rdf *f); -/** - * returns the original TTL of a LDNS_RR_TYPE_RRSIG RR - * \param[in] r the resource record - * \return a ldns_rdf* with the original TTL or NULL on failure - */ -ldns_rdf* ldns_rr_rrsig_origttl(const ldns_rr *r); -/** - * sets the original TTL of a LDNS_RR_TYPE_RRSIG rr - * \param[in] r the rr to use - * \param[in] f the original TTL to set - * \return true on success, false otherwise - */ -bool ldns_rr_rrsig_set_origttl(ldns_rr *r, ldns_rdf *f); -/** - * returns the expiration time of a LDNS_RR_TYPE_RRSIG RR - * \param[in] r the resource record - * \return a ldns_rdf* with the expiration time or NULL on failure - */ -ldns_rdf* ldns_rr_rrsig_expiration(const ldns_rr *r); -/** - * sets the expireation date of a LDNS_RR_TYPE_RRSIG rr - * \param[in] r the rr to use - * \param[in] f the expireation date to set - * \return true on success, false otherwise - */ -bool ldns_rr_rrsig_set_expiration(ldns_rr *r, ldns_rdf *f); -/** - * returns the inception time of a LDNS_RR_TYPE_RRSIG RR - * \param[in] r the resource record - * \return a ldns_rdf* with the inception time or NULL on failure - */ -ldns_rdf* ldns_rr_rrsig_inception(const ldns_rr *r); -/** - * sets the inception date of a LDNS_RR_TYPE_RRSIG rr - * \param[in] r the rr to use - * \param[in] f the inception date to set - * \return true on success, false otherwise - */ -bool ldns_rr_rrsig_set_inception(ldns_rr *r, ldns_rdf *f); -/** - * returns the keytag of a LDNS_RR_TYPE_RRSIG RR - * \param[in] r the resource record - * \return a ldns_rdf* with the keytag or NULL on failure - */ -ldns_rdf* ldns_rr_rrsig_keytag(const ldns_rr *r); -/** - * sets the keytag of a LDNS_RR_TYPE_RRSIG rr - * \param[in] r the rr to use - * \param[in] f the keytag to set - * \return true on success, false otherwise - */ -bool ldns_rr_rrsig_set_keytag(ldns_rr *r, ldns_rdf *f); -/** - * returns the signers name of a LDNS_RR_TYPE_RRSIG RR - * \param[in] r the resource record - * \return a ldns_rdf* with the signers name or NULL on failure - */ -ldns_rdf* ldns_rr_rrsig_signame(const ldns_rr *r); -/** - * sets the signers name of a LDNS_RR_TYPE_RRSIG rr - * \param[in] r the rr to use - * \param[in] f the signers name to set - * \return true on success, false otherwise - */ -bool ldns_rr_rrsig_set_signame(ldns_rr *r, ldns_rdf *f); -/** - * returns the signature data of a LDNS_RR_TYPE_RRSIG RR - * \param[in] r the resource record - * \return a ldns_rdf* with the signature data or NULL on failure - */ -ldns_rdf* ldns_rr_rrsig_sig(const ldns_rr *r); -/** - * sets the signature data of a LDNS_RR_TYPE_RRSIG rr - * \param[in] r the rr to use - * \param[in] f the signature data to set - * \return true on success, false otherwise - */ -bool ldns_rr_rrsig_set_sig(ldns_rr *r, ldns_rdf *f); - -/* DNSKEY */ -/** - * returns the flags of a LDNS_RR_TYPE_DNSKEY rr - * \param[in] r the resource record - * \return a ldns_rdf* with the flags or NULL on failure - */ -ldns_rdf* ldns_rr_dnskey_flags(const ldns_rr *r); -/** - * sets the flags of a LDNS_RR_TYPE_DNSKEY rr - * \param[in] r the rr to use - * \param[in] f the flags to set - * \return true on success, false otherwise - */ -bool ldns_rr_dnskey_set_flags(ldns_rr *r, ldns_rdf *f); -/** - * returns the protocol of a LDNS_RR_TYPE_DNSKEY rr - * \param[in] r the resource record - * \return a ldns_rdf* with the protocol or NULL on failure - */ -ldns_rdf* ldns_rr_dnskey_protocol(const ldns_rr *r); -/** - * sets the protocol of a LDNS_RR_TYPE_DNSKEY rr - * \param[in] r the rr to use - * \param[in] f the protocol to set - * \return true on success, false otherwise - */ -bool ldns_rr_dnskey_set_protocol(ldns_rr *r, ldns_rdf *f); -/** - * returns the algorithm of a LDNS_RR_TYPE_DNSKEY rr - * \param[in] r the resource record - * \return a ldns_rdf* with the algorithm or NULL on failure - */ -ldns_rdf* ldns_rr_dnskey_algorithm(const ldns_rr *r); -/** - * sets the algorithm of a LDNS_RR_TYPE_DNSKEY rr - * \param[in] r the rr to use - * \param[in] f the algorithm to set - * \return true on success, false otherwise - */ -bool ldns_rr_dnskey_set_algorithm(ldns_rr *r, ldns_rdf *f); -/** - * returns the key data of a LDNS_RR_TYPE_DNSKEY rr - * \param[in] r the resource record - * \return a ldns_rdf* with the key data or NULL on failure - */ -ldns_rdf* ldns_rr_dnskey_key(const ldns_rr *r); -/** - * sets the key data of a LDNS_RR_TYPE_DNSKEY rr - * \param[in] r the rr to use - * \param[in] f the key data to set - * \return true on success, false otherwise - */ -bool ldns_rr_dnskey_set_key(ldns_rr *r, ldns_rdf *f); - -/** - * get the length of the keydata in bits - * \param[in] keydata the raw key data - * \param[in] len the length of the keydata - * \param[in] alg the cryptographic algorithm this is a key for - * \return the keysize in bits, or 0 on error - */ -size_t ldns_rr_dnskey_key_size_raw(const unsigned char *keydata, - const size_t len, - const ldns_algorithm alg); - -/** - * get the length of the keydata in bits - * \param[in] key the key rr to use - * \return the keysize in bits - */ -size_t ldns_rr_dnskey_key_size(const ldns_rr *key); - -/** - * The type of function to be passed to ldns_rr_soa_increment_func, - * ldns_rr_soa_increment_func_data or ldns_rr_soa_increment_int. - * The function will be called with as the first argument the current serial - * number of the SOA RR to be updated, and as the second argument a value - * given when calling ldns_rr_soa_increment_func_data or - * ldns_rr_soa_increment_int. With ldns_rr_soa_increment_int the pointer - * value holds the integer value passed to ldns_rr_soa_increment_int, - * and it should be cast to intptr_t to be used as an integer by the - * serial modifying function. - */ -typedef uint32_t (*ldns_soa_serial_increment_func_t)(uint32_t, void*); - -/** - * Function to be used with dns_rr_soa_increment_func_int, to set the soa - * serial number. - * \param[in] unused the (unused) current serial number. - * \param[in] data the serial number to be set. - */ -uint32_t ldns_soa_serial_identity(uint32_t unused, void *data); - -/** - * Function to be used with dns_rr_soa_increment_func, to increment the soa - * serial number with one. - * \param[in] s the current serial number. - * \param[in] unused unused. - */ -uint32_t ldns_soa_serial_increment(uint32_t s, void *unused); - -/** - * Function to be used with dns_rr_soa_increment_func_int, to increment the soa - * serial number with a certain amount. - * \param[in] s the current serial number. - * \param[in] data the amount to add to the current serial number. - */ -uint32_t ldns_soa_serial_increment_by(uint32_t s, void *data); - -/** - * Function to be used with ldns_rr_soa_increment_func or - * ldns_rr_soa_increment_func_int to set the soa serial to the number of - * seconds since unix epoch (1-1-1970 00:00). - * When data is given (i.e. the function is called via - * ldns_rr_soa_increment_func_int), it is used as the current time. - * When the resulting serial number is smaller than the current serial number, - * the current serial number is increased by one. - * \param[in] s the current serial number. - * \param[in] data the time in seconds since 1-1-1970 00:00 - */ -uint32_t ldns_soa_serial_unixtime(uint32_t s, void *data); - -/** - * Function to be used with ldns_rr_soa_increment_func or - * ldns_rr_soa_increment_func_int to set the soa serial to the current date - * succeeded by a two digit iteration (datecounter). - * When data is given (i.e. the function is called via - * ldns_rr_soa_increment_func_int), it is used as the current time. - * When the resulting serial number is smaller than the current serial number, - * the current serial number is increased by one. - * \param[in] s the current serial number. - * \param[in] data the time in seconds since 1-1-1970 00:00 - */ -uint32_t ldns_soa_serial_datecounter(uint32_t s, void *data); - -/** - * Increment the serial number of the given SOA by one. - * \param[in] soa The soa rr to be incremented - */ -void ldns_rr_soa_increment( - ldns_rr *soa); - -/** - * Increment the serial number of the given SOA with the given function. - * Included functions to be used here are: ldns_rr_soa_increment, - * ldns_soa_serial_unixtime and ldns_soa_serial_datecounter. - * \param[in] soa The soa rr to be incremented - * \param[in] f the function to use to increment the soa rr. - */ -void ldns_rr_soa_increment_func( - ldns_rr *soa, ldns_soa_serial_increment_func_t f); - -/** - * Increment the serial number of the given SOA with the given function - * passing it the given data argument. - * \param[in] soa The soa rr to be incremented - * \param[in] f the function to use to increment the soa rr. - * \param[in] data this argument will be passed to f as the second argument. - */ -void ldns_rr_soa_increment_func_data( - ldns_rr *soa, ldns_soa_serial_increment_func_t f, void *data); - -/** - * Increment the serial number of the given SOA with the given function - * using data as an argument for the function. - * Included functions to be used here are: ldns_soa_serial_identity, - * ldns_rr_soa_increment_by, ldns_soa_serial_unixtime and - * ldns_soa_serial_datecounter. - * \param[in] soa The soa rr to be incremented - * \param[in] f the function to use to increment the soa rr. - * \param[in] data this argument will be passed to f as the second argument - * (by casting it to void*). - */ -void ldns_rr_soa_increment_func_int( - ldns_rr *soa, ldns_soa_serial_increment_func_t f, int data); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_RR_FUNCTIONS_H */ diff --git a/include/ldns/sha1.h b/include/ldns/sha1.h deleted file mode 100644 index d5b1082..0000000 --- a/include/ldns/sha1.h +++ /dev/null @@ -1,38 +0,0 @@ -#ifndef LDNS_SHA1_H -#define LDNS_SHA1_H - -#ifdef __cplusplus -extern "C" { -#endif - -#define LDNS_SHA1_BLOCK_LENGTH 64 -#define LDNS_SHA1_DIGEST_LENGTH 20 - -typedef struct { - uint32_t state[5]; - uint64_t count; - unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]; -} ldns_sha1_ctx; - -void ldns_sha1_init(ldns_sha1_ctx * context); -void ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]); -void ldns_sha1_update(ldns_sha1_ctx *context, const unsigned char *data, unsigned int len); -void ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context); - -/** - * Convenience function to digest a fixed block of data at once. - * - * \param[in] data the data to digest - * \param[in] data_len the length of data in bytes - * \param[out] digest the length of data in bytes - * This pointer MUST have LDNS_SHA1_DIGEST_LENGTH bytes - * available - * \return the SHA1 digest of the given data - */ -unsigned char *ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_SHA1_H */ diff --git a/include/ldns/sha2.h b/include/ldns/sha2.h deleted file mode 100644 index 238767a..0000000 --- a/include/ldns/sha2.h +++ /dev/null @@ -1,149 +0,0 @@ -/* - * FILE: sha2.h - * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/ - * - * Copyright (c) 2000-2001, Aaron D. Gifford - * All rights reserved. - * - * Modified by Jelte Jansen to fit in ldns, and not clash with any - * system-defined SHA code. - * Changes: - * - Renamed (external) functions and constants to fit ldns style - * - Removed uintXX vs. u_intXX smartness, since ldns needs uintXX - * anyway - * - BYTE ORDER check replaced by simple ifdef as defined or not by - * configure.ac - * - Removed _End and _Data functions - * - Added ldns_shaX(data, len, digest) functions - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the copyright holder nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $Id: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $ - */ - -#ifndef __LDNS_SHA2_H__ -#define __LDNS_SHA2_H__ - -#ifdef __cplusplus -extern "C" { -#endif - - -/* - * Import u_intXX_t size_t type definitions from system headers. You - * may need to change this, or define these things yourself in this - * file. - */ -#include - -#if LDNS_BUILD_CONFIG_HAVE_INTTYPES_H - -#include - -#endif /* LDNS_BUILD_CONFIG_HAVE_INTTYPES_H */ - - -/*** SHA-256/384/512 Various Length Definitions ***********************/ -#define LDNS_SHA256_BLOCK_LENGTH 64 -#define LDNS_SHA256_DIGEST_LENGTH 32 -#define LDNS_SHA256_DIGEST_STRING_LENGTH (LDNS_SHA256_DIGEST_LENGTH * 2 + 1) -#define LDNS_SHA384_BLOCK_LENGTH 128 -#define LDNS_SHA384_DIGEST_LENGTH 48 -#define LDNS_SHA384_DIGEST_STRING_LENGTH (LDNS_SHA384_DIGEST_LENGTH * 2 + 1) -#define LDNS_SHA512_BLOCK_LENGTH 128 -#define LDNS_SHA512_DIGEST_LENGTH 64 -#define LDNS_SHA512_DIGEST_STRING_LENGTH (LDNS_SHA512_DIGEST_LENGTH * 2 + 1) - - -/*** SHA-256/384/512 Context Structures *******************************/ - -typedef struct _ldns_sha256_CTX { - uint32_t state[8]; - uint64_t bitcount; - uint8_t buffer[LDNS_SHA256_BLOCK_LENGTH]; -} ldns_sha256_CTX; -typedef struct _ldns_sha512_CTX { - uint64_t state[8]; - uint64_t bitcount[2]; - uint8_t buffer[LDNS_SHA512_BLOCK_LENGTH]; -} ldns_sha512_CTX; - -typedef ldns_sha512_CTX ldns_sha384_CTX; - - -/*** SHA-256/384/512 Function Prototypes ******************************/ -void ldns_sha256_init(ldns_sha256_CTX *); -void ldns_sha256_update(ldns_sha256_CTX*, const uint8_t*, size_t); -void ldns_sha256_final(uint8_t[LDNS_SHA256_DIGEST_LENGTH], ldns_sha256_CTX*); - -void ldns_sha384_init(ldns_sha384_CTX*); -void ldns_sha384_update(ldns_sha384_CTX*, const uint8_t*, size_t); -void ldns_sha384_final(uint8_t[LDNS_SHA384_DIGEST_LENGTH], ldns_sha384_CTX*); - -void ldns_sha512_init(ldns_sha512_CTX*); -void ldns_sha512_update(ldns_sha512_CTX*, const uint8_t*, size_t); -void ldns_sha512_final(uint8_t[LDNS_SHA512_DIGEST_LENGTH], ldns_sha512_CTX*); - -/** - * Convenience function to digest a fixed block of data at once. - * - * \param[in] data the data to digest - * \param[in] data_len the length of data in bytes - * \param[out] digest the length of data in bytes - * This pointer MUST have LDNS_SHA256_DIGEST_LENGTH bytes - * available - * \return the SHA1 digest of the given data - */ -unsigned char *ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest); - -/** - * Convenience function to digest a fixed block of data at once. - * - * \param[in] data the data to digest - * \param[in] data_len the length of data in bytes - * \param[out] digest the length of data in bytes - * This pointer MUST have LDNS_SHA384_DIGEST_LENGTH bytes - * available - * \return the SHA1 digest of the given data - */ -unsigned char *ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest); - -/** - * Convenience function to digest a fixed block of data at once. - * - * \param[in] data the data to digest - * \param[in] data_len the length of data in bytes - * \param[out] digest the length of data in bytes - * This pointer MUST have LDNS_SHA512_DIGEST_LENGTH bytes - * available - * \return the SHA1 digest of the given data - */ -unsigned char *ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest); - -#ifdef __cplusplus -} -#endif /* __cplusplus */ - -#endif /* __LDNS_SHA2_H__ */ diff --git a/include/ldns/str2host.h b/include/ldns/str2host.h deleted file mode 100644 index d639970..0000000 --- a/include/ldns/str2host.h +++ /dev/null @@ -1,319 +0,0 @@ -/** - * str2host.h - conversion from str to the host fmt - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -#ifndef LDNS_2HOST_H -#define LDNS_2HOST_H - -#include -#include -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \file - * - * Defines functions to convert dns data in presentation format or text files - * to internal structures. - */ - -/** - * convert a byte into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] bytestr the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr); - -/** - * convert a string to a int16 in wireformat - * \param[in] rd the rdf where to put the data - * \param[in] shortstr the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_int16(ldns_rdf **rd, const char *shortstr); - -/** - * convert a strings into a 4 byte int in wireformat - * \param[in] rd the rdf where to put the data - * \param[in] longstr the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr); - -/** - * convert a time string to a time value in wireformat - * \param[in] rd the rdf where to put the data - * \param[in] time the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_time(ldns_rdf **rd, const char *time); - -/* convert string with NSEC3 salt to wireformat) - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * return ldns_status - */ -ldns_status ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *nsec3_salt); - -/* convert a time period (think TTL's) to wireformat) - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * return ldns_status - */ -ldns_status ldns_str2rdf_period(ldns_rdf **rd, const char *str); - -/** - * convert str with an A record into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_a(ldns_rdf **rd, const char *str); - -/** - * convert the str with an AAAA record into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_aaaa(ldns_rdf **rd, const char *str); - -/** - * convert a string into wireformat (think txt record) - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted (NULL terminated) - * \return ldns_status - */ -ldns_status ldns_str2rdf_str(ldns_rdf **rd, const char *str); - -/** - * convert str with the apl record into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_apl(ldns_rdf **rd, const char *str); - -/** - * convert the string with the b64 data into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_b64(ldns_rdf **rd, const char *str); - -/** - * convert the string with the b32 ext hex data into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str); - -/** - * convert a hex value into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_hex(ldns_rdf **rd, const char *str); - -/** - * convert string with nsec into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_nsec(ldns_rdf **rd, const char *str); - -/** - * convert a rrtype into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_type(ldns_rdf **rd, const char *str); - -/** - * convert string with a classname into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_class(ldns_rdf **rd, const char *str); - -/** - * convert an certificate algorithm value into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_cert_alg(ldns_rdf **rd, const char *str); - -/** - * convert an algorithm value into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_alg(ldns_rdf **rd, const char *str); - -/** - * convert a tlsa certificate usage value into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_certificate_usage(ldns_rdf **rd, const char *str); - -/** - * convert a tlsa selector value into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_selector(ldns_rdf **rd, const char *str); - -/** - * convert a tlsa matching type value into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_matching_type(ldns_rdf **rd, const char *str); - -/** - * convert a string with a unknown RR into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_unknown(ldns_rdf **rd, const char *str); - -/** - * convert string with a protocol service into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_service(ldns_rdf **rd, const char *str); - -/** - * convert a string with a LOC RR into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_loc(ldns_rdf **rd, const char *str); - -/** - * convert string with a WKS RR into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_wks(ldns_rdf **rd, const char *str); - -/** - * convert a str with a NSAP RR into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_nsap(ldns_rdf **rd, const char *str); - -/** - * convert a str with a ATMA RR into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_atma(ldns_rdf **rd, const char *str); - -/** - * convert a str with a IPSECKEY RR into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_ipseckey(ldns_rdf **rd, const char *str); - -/** - * convert a dname string into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_dname(ldns_rdf **rd, const char *str); - -/** - * convert 4 * 16bit hex separated by colons into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_ilnp64(ldns_rdf **rd, const char *str); - -/** - * convert 6 hex bytes separated by dashes into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_eui48(ldns_rdf **rd, const char *str); - -/** - * convert 8 hex bytes separated by dashes into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_eui64(ldns_rdf **rd, const char *str); - -/** - * Convert a non-zero sequence of US-ASCII letters and numbers into wireformat - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_tag(ldns_rdf **rd, const char *str); - -/** - * Convert a encoding of the value field as specified - * [RFC1035], Section 5.1., encoded as one bug chunk of data. - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_long_str(ldns_rdf **rd, const char *str); - -/** - * Convert a " " encoding of the value field as specified - * in Section 6. of [RFC5205], encoded as wireformat as specified in Section 5. - * of [RFC5205]. - * \param[in] rd the rdf where to put the data - * \param[in] str the string to be converted - * \return ldns_status - */ -ldns_status ldns_str2rdf_hip(ldns_rdf **rd, const char *str); - - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_2HOST_H */ diff --git a/include/ldns/tsig.h b/include/ldns/tsig.h deleted file mode 100644 index 676045f..0000000 --- a/include/ldns/tsig.h +++ /dev/null @@ -1,101 +0,0 @@ -/* - * tsig.h -- defines for TSIG [RFC2845] - * - * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. - */ - -#ifndef LDNS_TSIG_H -#define LDNS_TSIG_H - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * \file - * - * Defines functions for TSIG usage - */ - - -/** - * Contains credentials for TSIG -*/ -typedef struct ldns_tsig_credentials_struct -{ - char *algorithm; - char *keyname; - char *keydata; - /* XXX More eventually. */ -} ldns_tsig_credentials; - -char *ldns_tsig_algorithm(ldns_tsig_credentials *); -char *ldns_tsig_keyname(ldns_tsig_credentials *); -char *ldns_tsig_keydata(ldns_tsig_credentials *); -char *ldns_tsig_keyname_clone(ldns_tsig_credentials *); -char *ldns_tsig_keydata_clone(ldns_tsig_credentials *); - -/** - * verifies the tsig rr for the given packet and key. - * The wire must be given too because tsig does not sign normalized packets. - * \param[in] pkt the packet to verify - * \param[in] wire needed to verify the mac - * \param[in] wire_size size of wire - * \param[in] key_name the name of the shared key - * \param[in] key_data the key in base 64 format - * \param[in] mac original mac - * \return true if tsig is correct, false if not, or if tsig is not set - */ -bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac); - -/** - * verifies the tsig rr for the given packet and key. - * The wire must be given too because tsig does not sign normalized packets. - * \param[in] pkt the packet to verify - * \param[in] wire needed to verify the mac - * \param[in] wire_size size of wire - * \param[in] key_name the name of the shared key - * \param[in] key_data the key in base 64 format - * \param[in] mac original mac - * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest - components are used to verify the _mac. If non-zero, only the TSIG timers are used to verify the mac. - * \return true if tsig is correct, false if not, or if tsig is not set - */ -bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac, - int tsig_timers_only); - -/** - * creates a tsig rr for the given packet and key. - * \param[in] pkt the packet to sign - * \param[in] key_name the name of the shared key - * \param[in] key_data the key in base 64 format - * \param[in] fudge seconds of error permitted in time signed - * \param[in] algorithm_name the name of the algorithm used - * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers) - * \return status (OK if success) - */ -ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, - const char *algorithm_name, ldns_rdf *query_mac); - -/** - * creates a tsig rr for the given packet and key. - * \param[in] pkt the packet to sign - * \param[in] key_name the name of the shared key - * \param[in] key_data the key in base 64 format - * \param[in] fudge seconds of error permitted in time signed - * \param[in] algorithm_name the name of the algorithm used - * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers) - * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest - components are used to create the query_mac. If non-zero, only the TSIG timers are used to create the query_mac. - * \return status (OK if success) - */ -ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, - const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_TSIG_H */ diff --git a/include/ldns/update.h b/include/ldns/update.h deleted file mode 100644 index d3459d3..0000000 --- a/include/ldns/update.h +++ /dev/null @@ -1,115 +0,0 @@ -/* - * update.h - * - * Functions for RFC 2136 Dynamic Update - * - * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. - */ - -/** - * \file - * - * Defines functions to perform UPDATE queries - */ - - -#ifndef LDNS_UPDATE_H -#define LDNS_UPDATE_H - -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * create an update packet from zone name, class and the rr lists - * \param[in] zone_rdf name of the zone - * \param[in] clas zone class - * \param[in] pr_rrlist list of Prerequisite Section RRs - * \param[in] up_rrlist list of Updates Section RRs - * \param[in] ad_rrlist list of Additional Data Section RRs (currently unused) - * \return the new packet - */ -ldns_pkt *ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class clas, ldns_rr_list *pr_rrlist, ldns_rr_list *up_rrlist, ldns_rr_list *ad_rrlist); - -/** - * add tsig credentials to - * a packet from a resolver - * \param[in] p packet to copy to - * \param[in] r resolver to copy from - * - * \return status wether successfull or not - */ -ldns_status ldns_update_pkt_tsig_add(ldns_pkt *p, ldns_resolver *r); - -/* access functions */ - -/** - * Get the zo count - * \param[in] p the packet - * \return the zo count - */ -uint16_t ldns_update_zocount(const ldns_pkt *p); -/** - * Get the zo count - * \param[in] p the packet - * \return the pr count - */ -uint16_t ldns_update_prcount(const ldns_pkt *p); -/** - * Get the zo count - * \param[in] p the packet - * \return the up count - */ -uint16_t ldns_update_upcount(const ldns_pkt *p); -/** - * Get the zo count - * \param[in] p the packet - * \return the ad count - */ -uint16_t ldns_update_ad(const ldns_pkt *p); -/** - * Set the zo count - * \param[in] p the packet - * \param[in] c the zo count to set - */ -void ldns_update_set_zo(ldns_pkt *p, uint16_t c); -/** - * Set the pr count - * \param[in] p the packet - * \param[in] c the pr count to set - */ -void ldns_update_set_prcount(ldns_pkt *p, uint16_t c); -/** - * Set the up count - * \param[in] p the packet - * \param[in] c the up count to set - */ -void ldns_update_set_upcount(ldns_pkt *p, uint16_t c); -/** - * Set the ad count - * \param[in] p the packet - * \param[in] c the ad count to set - */ -void ldns_update_set_adcount(ldns_pkt *p, uint16_t c); - -/* soa functions that need to be configured */ -/* - * Not sure if we want to keep these like this, therefore - * not documented - */ -ldns_status ldns_update_soa_mname(ldns_rdf *zone, ldns_resolver *r, ldns_rr_class c, ldns_rdf **mname); -/* - * Not sure if we want to keep these like this, therefore - * not documented - */ -ldns_status ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r, ldns_rr_class c, ldns_rdf **zone_rdf, ldns_rdf **mname_rdf); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_UPDATE_H */ diff --git a/include/ldns/util.h b/include/ldns/util.h deleted file mode 100644 index 86848eb..0000000 --- a/include/ldns/util.h +++ /dev/null @@ -1,392 +0,0 @@ -/* - * util.h - * - * helper function header file - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004 - * - * See the file LICENSE for the license - */ - -#ifndef _UTIL_H -#define _UTIL_H - -#include "EXTERN.h" -#include "perl.h" -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -#define dprintf(X,Y) fprintf(stderr, (X), (Y)) -/* #define dprintf(X, Y) */ - -#define LDNS_VERSION "1.6.18" -#define LDNS_REVISION ((1<<16)|(6<<8)|(18)) - -/** - * splint static inline workaround - */ -#ifdef S_SPLINT_S -# define INLINE -#else -# ifdef SWIG -# define INLINE static -# else -# define INLINE static inline -# endif -#endif - -/** - * Memory management macros - */ -#define LDNS_MALLOC(type) LDNS_XMALLOC(type, 1) - -#define LDNS_XMALLOC(type, count) ((type *) malloc((count) * sizeof(type))) - -#define LDNS_CALLOC(type, count) ((type *) calloc((count), sizeof(type))) - -#define LDNS_REALLOC(ptr, type) LDNS_XREALLOC((ptr), type, 1) - -#define LDNS_XREALLOC(ptr, type, count) \ - ((type *) realloc((ptr), (count) * sizeof(type))) - -#define LDNS_FREE(ptr) \ - do { free((ptr)); (ptr) = NULL; } while (0) - -#define LDNS_DEP printf("DEPRECATED FUNCTION!\n"); - -/* - * Copy data allowing for unaligned accesses in network byte order - * (big endian). - */ -INLINE uint16_t -ldns_read_uint16(const void *src) -{ -#ifdef ALLOW_UNALIGNED_ACCESSES - return ntohs(*(const uint16_t *) src); -#else - const uint8_t *p = (const uint8_t *) src; - return ((uint16_t) p[0] << 8) | (uint16_t) p[1]; -#endif -} - -INLINE uint32_t -ldns_read_uint32(const void *src) -{ -#ifdef ALLOW_UNALIGNED_ACCESSES - return ntohl(*(const uint32_t *) src); -#else - const uint8_t *p = (const uint8_t *) src; - return ( ((uint32_t) p[0] << 24) - | ((uint32_t) p[1] << 16) - | ((uint32_t) p[2] << 8) - | (uint32_t) p[3]); -#endif -} - -/* - * Copy data allowing for unaligned accesses in network byte order - * (big endian). - */ -INLINE void -ldns_write_uint16(void *dst, uint16_t data) -{ -#ifdef ALLOW_UNALIGNED_ACCESSES - * (uint16_t *) dst = htons(data); -#else - uint8_t *p = (uint8_t *) dst; - p[0] = (uint8_t) ((data >> 8) & 0xff); - p[1] = (uint8_t) (data & 0xff); -#endif -} - -INLINE void -ldns_write_uint32(void *dst, uint32_t data) -{ -#ifdef ALLOW_UNALIGNED_ACCESSES - * (uint32_t *) dst = htonl(data); -#else - uint8_t *p = (uint8_t *) dst; - p[0] = (uint8_t) ((data >> 24) & 0xff); - p[1] = (uint8_t) ((data >> 16) & 0xff); - p[2] = (uint8_t) ((data >> 8) & 0xff); - p[3] = (uint8_t) (data & 0xff); -#endif -} - -/* warning. */ -INLINE void -ldns_write_uint64_as_uint48(void *dst, uint64_t data) -{ - uint8_t *p = (uint8_t *) dst; - p[0] = (uint8_t) ((data >> 40) & 0xff); - p[1] = (uint8_t) ((data >> 32) & 0xff); - p[2] = (uint8_t) ((data >> 24) & 0xff); - p[3] = (uint8_t) ((data >> 16) & 0xff); - p[4] = (uint8_t) ((data >> 8) & 0xff); - p[5] = (uint8_t) (data & 0xff); -} - - -/** - * Structure to do a Schwartzian-like transformation, for instance when - * sorting. If you need a transformation on the objects that are sorted, - * you can sue this to store the transformed values, so you do not - * need to do the transformation again for each comparison - */ -struct ldns_schwartzian_compare_struct { - void *original_object; - void *transformed_object; -}; - -/** A general purpose lookup table - * - * Lookup tables are arrays of (id, name) pairs, - * So you can for instance lookup the RCODE 3, which is "NXDOMAIN", - * and vice versa. The lookup tables themselves are defined wherever needed, - * for instance in \ref host2str.c - */ -struct ldns_struct_lookup_table { - int id; - const char *name; -}; -typedef struct ldns_struct_lookup_table ldns_lookup_table; - -/** - * Looks up the table entry by name, returns NULL if not found. - * \param[in] table the lookup table to search in - * \param[in] name what to search for - * \return the item found - */ -ldns_lookup_table *ldns_lookup_by_name(ldns_lookup_table table[], - const char *name); - -/** - * Looks up the table entry by id, returns NULL if not found. - * \param[in] table the lookup table to search in - * \param[in] id what to search for - * \return the item found - */ -ldns_lookup_table *ldns_lookup_by_id(ldns_lookup_table table[], int id); - -/** - * Returns the value of the specified bit - * The bits are counted from left to right, so bit #0 is the - * left most bit. - * \param[in] bits array holding the bits - * \param[in] index to the wanted bit - * \return - */ -int ldns_get_bit(uint8_t bits[], size_t index); - - -/** - * Returns the value of the specified bit - * The bits are counted from right to left, so bit #0 is the - * right most bit. - * \param[in] bits array holding the bits - * \param[in] index to the wanted bit - * \return 1 or 0 depending no the bit state - */ -int ldns_get_bit_r(uint8_t bits[], size_t index); - -/** - * sets the specified bit in the specified byte to - * 1 if value is true, 0 if false - * The bits are counted from right to left, so bit #0 is the - * right most bit. - * \param[in] byte the bit to set the bit in - * \param[in] bit_nr the bit to set (0 <= n <= 7) - * \param[in] value whether to set the bit to 1 or 0 - * \return 1 or 0 depending no the bit state - */ -void ldns_set_bit(uint8_t *byte, int bit_nr, bool value); - -/** - * Returns the value of a to the power of b - * (or 1 of b < 1) - */ -/*@unused@*/ -INLINE long -ldns_power(long a, long b) { - long result = 1; - while (b > 0) { - if (b & 1) { - result *= a; - if (b == 1) { - return result; - } - } - a *= a; - b /= 2; - } - return result; -} - -/** - * Returns the int value of the given (hex) digit - * \param[in] ch the hex char to convert - * \return the converted decimal value - */ -int ldns_hexdigit_to_int(char ch); - -/** - * Returns the char (hex) representation of the given int - * \param[in] ch the int to convert - * \return the converted hex char - */ -char ldns_int_to_hexdigit(int ch); - -/** - * Converts a hex string to binary data - * - * \param[out] data The binary result is placed here. - * At least strlen(str)/2 bytes should be allocated - * \param[in] str The hex string to convert. - * This string should not contain spaces - * \return The number of bytes of converted data, or -1 if one of the arguments * is NULL, or -2 if the string length is not an even number - */ -int -ldns_hexstring_to_data(uint8_t *data, const char *str); - -/** - * Show the internal library version - * \return a string with the version in it - */ -const char * ldns_version(void); - -/** - * Convert TM to seconds since epoch (midnight, January 1st, 1970). - * Like timegm(3), which is not always available. - * \param[in] tm a struct tm* with the date - * \return the seconds since epoch - */ -time_t ldns_mktime_from_utc(const struct tm *tm); - -time_t mktime_from_utc(const struct tm *tm); - -/** - * The function interprets time as the number of seconds since epoch - * with respect to now using serial arithmitics (rfc1982). - * That number of seconds is then converted to broken-out time information. - * This is especially usefull when converting the inception and expiration - * fields of RRSIG records. - * - * \param[in] time number of seconds since epoch (midnight, January 1st, 1970) - * to be intepreted as a serial arithmitics number relative to now. - * \param[in] now number of seconds since epoch (midnight, January 1st, 1970) - * to which the time value is compared to determine the final value. - * \param[out] result the struct with the broken-out time information - * \return result on success or NULL on error - */ -struct tm * ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result); - -/** - * Seed the random function. - * If the file descriptor is specified, the random generator is seeded with - * data from that file. If not, /dev/urandom is used. - * - * applications should call this if they need entropy data within ldns - * If openSSL is available, it is automatically seeded from /dev/urandom - * or /dev/random. - * - * If you need more entropy, or have no openssl available, this function - * MUST be called at the start of the program - * - * If openssl *is* available, this function just adds more entropy - * - * \param[in] fd a file providing entropy data for the seed - * \param[in] size the number of bytes to use as entropy data. If this is 0, - * only the minimal amount is taken (usually 4 bytes) - * \return 0 if seeding succeeds, 1 if it fails - */ -int ldns_init_random(FILE *fd, unsigned int size); - -/** - * Get random number. - * \return random number. - * - */ -uint16_t ldns_get_random(void); - -/** - * Encode data as BubbleBabble - * - * \param[in] data a pointer to data to be encoded - * \param[in] len size the number of bytes of data - * \return a string of BubbleBabble - */ -char *ldns_bubblebabble(uint8_t *data, size_t len); - - -INLINE time_t ldns_time(time_t *t) { return time(t); } - - -/** - * calculates the size needed to store the result of b32_ntop - */ -/*@unused@*/ -INLINE size_t ldns_b32_ntop_calculate_size(size_t src_data_length) -{ - return src_data_length == 0 ? 0 : ((src_data_length - 1) / 5 + 1) * 8; -} - -INLINE size_t ldns_b32_ntop_calculate_size_no_padding(size_t src_data_length) -{ - return ((src_data_length + 3) * 8 / 5) - 4; -} - -int ldns_b32_ntop(const uint8_t* src_data, size_t src_data_length, - char* target_text_buffer, size_t target_text_buffer_size); - -int ldns_b32_ntop_extended_hex(const uint8_t* src_data, size_t src_data_length, - char* target_text_buffer, size_t target_text_buffer_size); - -#if ! LDNS_BUILD_CONFIG_HAVE_B32_NTOP - -int b32_ntop(const uint8_t* src_data, size_t src_data_length, - char* target_text_buffer, size_t target_text_buffer_size); - -int b32_ntop_extended_hex(const uint8_t* src_data, size_t src_data_length, - char* target_text_buffer, size_t target_text_buffer_size); - -#endif /* ! LDNS_BUILD_CONFIG_HAVE_B32_NTOP */ - - -/** - * calculates the size needed to store the result of b32_pton - */ -/*@unused@*/ -INLINE size_t ldns_b32_pton_calculate_size(size_t src_text_length) -{ - return src_text_length * 5 / 8; -} - -int ldns_b32_pton(const char* src_text, size_t src_text_length, - uint8_t* target_data_buffer, size_t target_data_buffer_size); - -int ldns_b32_pton_extended_hex(const char* src_text, size_t src_text_length, - uint8_t* target_data_buffer, size_t target_data_buffer_size); - -#if ! LDNS_BUILD_CONFIG_HAVE_B32_PTON - -int b32_pton(const char* src_text, size_t src_text_length, - uint8_t* target_data_buffer, size_t target_data_buffer_size); - -int b32_pton_extended_hex(const char* src_text, size_t src_text_length, - uint8_t* target_data_buffer, size_t target_data_buffer_size); - -#endif /* ! LDNS_BUILD_CONFIG_HAVE_B32_PTON */ - - -#ifdef __cplusplus -} -#endif - -#endif /* !_UTIL_H */ diff --git a/include/ldns/wire2host.h b/include/ldns/wire2host.h deleted file mode 100644 index 53155b3..0000000 --- a/include/ldns/wire2host.h +++ /dev/null @@ -1,197 +0,0 @@ -/* - * wire2host.h - from wire conversion routines - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -/** - * \file - * - * Contains functions that translate dns data from the wire format (as sent - * by servers and clients) to the internal structures. - */ - -#ifndef LDNS_WIRE2HOST_H -#define LDNS_WIRE2HOST_H - -#include -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/* The length of the header */ -#define LDNS_HEADER_SIZE 12 - -/* First octet of flags */ -#define LDNS_RD_MASK 0x01U -#define LDNS_RD_SHIFT 0 -#define LDNS_RD_WIRE(wirebuf) (*(wirebuf+2) & LDNS_RD_MASK) -#define LDNS_RD_SET(wirebuf) (*(wirebuf+2) |= LDNS_RD_MASK) -#define LDNS_RD_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_RD_MASK) - -#define LDNS_TC_MASK 0x02U -#define LDNS_TC_SHIFT 1 -#define LDNS_TC_WIRE(wirebuf) (*(wirebuf+2) & LDNS_TC_MASK) -#define LDNS_TC_SET(wirebuf) (*(wirebuf+2) |= LDNS_TC_MASK) -#define LDNS_TC_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_TC_MASK) - -#define LDNS_AA_MASK 0x04U -#define LDNS_AA_SHIFT 2 -#define LDNS_AA_WIRE(wirebuf) (*(wirebuf+2) & LDNS_AA_MASK) -#define LDNS_AA_SET(wirebuf) (*(wirebuf+2) |= LDNS_AA_MASK) -#define LDNS_AA_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_AA_MASK) - -#define LDNS_OPCODE_MASK 0x78U -#define LDNS_OPCODE_SHIFT 3 -#define LDNS_OPCODE_WIRE(wirebuf) ((*(wirebuf+2) & LDNS_OPCODE_MASK) >> LDNS_OPCODE_SHIFT) -#define LDNS_OPCODE_SET(wirebuf, opcode) \ - (*(wirebuf+2) = ((*(wirebuf+2)) & ~LDNS_OPCODE_MASK) | ((opcode) << LDNS_OPCODE_SHIFT)) - -#define LDNS_QR_MASK 0x80U -#define LDNS_QR_SHIFT 7 -#define LDNS_QR_WIRE(wirebuf) (*(wirebuf+2) & LDNS_QR_MASK) -#define LDNS_QR_SET(wirebuf) (*(wirebuf+2) |= LDNS_QR_MASK) -#define LDNS_QR_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_QR_MASK) - -/* Second octet of flags */ -#define LDNS_RCODE_MASK 0x0fU -#define LDNS_RCODE_SHIFT 0 -#define LDNS_RCODE_WIRE(wirebuf) (*(wirebuf+3) & LDNS_RCODE_MASK) -#define LDNS_RCODE_SET(wirebuf, rcode) \ - (*(wirebuf+3) = ((*(wirebuf+3)) & ~LDNS_RCODE_MASK) | (rcode)) - -#define LDNS_CD_MASK 0x10U -#define LDNS_CD_SHIFT 4 -#define LDNS_CD_WIRE(wirebuf) (*(wirebuf+3) & LDNS_CD_MASK) -#define LDNS_CD_SET(wirebuf) (*(wirebuf+3) |= LDNS_CD_MASK) -#define LDNS_CD_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_CD_MASK) - -#define LDNS_AD_MASK 0x20U -#define LDNS_AD_SHIFT 5 -#define LDNS_AD_WIRE(wirebuf) (*(wirebuf+3) & LDNS_AD_MASK) -#define LDNS_AD_SET(wirebuf) (*(wirebuf+3) |= LDNS_AD_MASK) -#define LDNS_AD_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_AD_MASK) - -#define LDNS_Z_MASK 0x40U -#define LDNS_Z_SHIFT 6 -#define LDNS_Z_WIRE(wirebuf) (*(wirebuf+3) & LDNS_Z_MASK) -#define LDNS_Z_SET(wirebuf) (*(wirebuf+3) |= LDNS_Z_MASK) -#define LDNS_Z_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_Z_MASK) - -#define LDNS_RA_MASK 0x80U -#define LDNS_RA_SHIFT 7 -#define LDNS_RA_WIRE(wirebuf) (*(wirebuf+3) & LDNS_RA_MASK) -#define LDNS_RA_SET(wirebuf) (*(wirebuf+3) |= LDNS_RA_MASK) -#define LDNS_RA_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_RA_MASK) - -/* Query ID */ -#define LDNS_ID_WIRE(wirebuf) (ldns_read_uint16(wirebuf)) -#define LDNS_ID_SET(wirebuf, id) (ldns_write_uint16(wirebuf, id)) - -/* Counter of the question section */ -#define LDNS_QDCOUNT_OFF 4 -/* -#define QDCOUNT(wirebuf) (ntohs(*(uint16_t *)(wirebuf+QDCOUNT_OFF))) -*/ -#define LDNS_QDCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_QDCOUNT_OFF)) - -/* Counter of the answer section */ -#define LDNS_ANCOUNT_OFF 6 -#define LDNS_ANCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_ANCOUNT_OFF)) - -/* Counter of the authority section */ -#define LDNS_NSCOUNT_OFF 8 -#define LDNS_NSCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_NSCOUNT_OFF)) - -/* Counter of the additional section */ -#define LDNS_ARCOUNT_OFF 10 -#define LDNS_ARCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_ARCOUNT_OFF)) - -/** - * converts the data on the uint8_t bytearray (in wire format) to a DNS packet. - * This function will initialize and allocate memory space for the packet - * structure. - * - * \param[in] packet pointer to the structure to hold the packet - * \param[in] data pointer to the buffer with the data - * \param[in] len the length of the data buffer (in bytes) - * \return LDNS_STATUS_OK if everything succeeds, error otherwise - */ -ldns_status ldns_wire2pkt(ldns_pkt **packet, const uint8_t *data, size_t len); - -/** - * converts the data on the uint8_t bytearray (in wire format) to a DNS packet. - * This function will initialize and allocate memory space for the packet - * structure. - * - * \param[in] packet pointer to the structure to hold the packet - * \param[in] buffer the buffer with the data - * \return LDNS_STATUS_OK if everything succeeds, error otherwise - */ -ldns_status ldns_buffer2pkt_wire(ldns_pkt **packet, ldns_buffer *buffer); - -/** - * converts the data on the uint8_t bytearray (in wire format) to a DNS - * dname rdata field. This function will initialize and allocate memory - * space for the dname structure. The length of the wiredata of this rdf - * is added to the *pos value. - * - * \param[in] dname pointer to the structure to hold the rdata value - * \param[in] wire pointer to the buffer with the data - * \param[in] max the length of the data buffer (in bytes) - * \param[in] pos the position of the rdf in the buffer (ie. the number of bytes - * from the start of the buffer) - * \return LDNS_STATUS_OK if everything succeeds, error otherwise - */ -ldns_status ldns_wire2dname(ldns_rdf **dname, const uint8_t *wire, size_t max, size_t *pos); - -/** - * converts the data on the uint8_t bytearray (in wire format) to DNS - * rdata fields, and adds them to the list of rdfs of the given rr. - * This function will initialize and allocate memory space for the dname - * structures. - * The length of the wiredata of these rdfs is added to the *pos value. - * - * All rdfs belonging to the RR are read; the rr should have no rdfs - * yet. An error is returned if the format cannot be parsed. - * - * \param[in] rr pointer to the ldns_rr structure to hold the rdata value - * \param[in] wire pointer to the buffer with the data - * \param[in] max the length of the data buffer (in bytes) - * \param[in] pos the position of the rdf in the buffer (ie. the number of bytes - * from the start of the buffer) - * \return LDNS_STATUS_OK if everything succeeds, error otherwise - */ -ldns_status ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos); - -/** - * converts the data on the uint8_t bytearray (in wire format) to a DNS - * resource record. - * This function will initialize and allocate memory space for the rr - * structure. - * The length of the wiredata of this rr is added to the *pos value. - * - * \param[in] rr pointer to the structure to hold the rdata value - * \param[in] wire pointer to the buffer with the data - * \param[in] max the length of the data buffer (in bytes) - * \param[in] pos the position of the rr in the buffer (ie. the number of bytes - * from the start of the buffer) - * \param[in] section the section in the packet the rr is meant for - * \return LDNS_STATUS_OK if everything succeeds, error otherwise - */ -ldns_status ldns_wire2rr(ldns_rr **rr, const uint8_t *wire, size_t max, size_t *pos, ldns_pkt_section section); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_WIRE2HOST_H */ diff --git a/include/ldns/zone.h b/include/ldns/zone.h deleted file mode 100644 index 0d129a0..0000000 --- a/include/ldns/zone.h +++ /dev/null @@ -1,176 +0,0 @@ -/** - * zone.h - * - * zone definitions - * - what is it - * - get_glue function - * - search etc - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * - * See the file LICENSE for the license - */ - -/** - * \file - * - * Defines the ldns_zone structure and functions to manipulate it. - */ - - -#ifndef LDNS_ZONE_H -#define LDNS_ZONE_H - -#include -#include -#include -#include - -#ifdef __cplusplus -extern "C" { -#endif - -/** - * DNS Zone - * - * A list of RR's with some - * extra information which comes from the SOA RR - * Note: nothing has been done to make this efficient (yet). - */ -struct ldns_struct_zone -{ - /** the soa defines a zone */ - ldns_rr *_soa; - /* basicly a zone is a list of rr's */ - ldns_rr_list *_rrs; - /* we could change this to be a b-tree etc etc todo */ -}; -typedef struct ldns_struct_zone ldns_zone; - -/** - * create a new ldns_zone structure - * \return a pointer to a ldns_zone structure - */ -ldns_zone * ldns_zone_new(void); - -/** - * Return the soa record of a zone - * \param[in] z the zone to read from - * \return the soa record in the zone - */ -ldns_rr * ldns_zone_soa(const ldns_zone *z); - -/** - * Returns the number of resource records in the zone, NOT counting the SOA record - * \param[in] z the zone to read from - * \return the number of rr's in the zone - */ -size_t ldns_zone_rr_count(const ldns_zone *z); - -/** - * Set the zone's soa record - * \param[in] z the zone to put the new soa in - * \param[in] soa the soa to set - */ -void ldns_zone_set_soa(ldns_zone *z, ldns_rr *soa); - -/** - * Get a list of a zone's content. Note that the SOA - * isn't included in this list. You need to get the - * with ldns_zone_soa. - * \param[in] z the zone to read from - * \return the rrs from this zone - */ -ldns_rr_list * ldns_zone_rrs(const ldns_zone *z); - -/** - * Set the zone's contents - * \param[in] z the zone to put the new soa in - * \param[in] rrlist the rrlist to use - */ -void ldns_zone_set_rrs(ldns_zone *z, ldns_rr_list *rrlist); - -/** - * push an rrlist to a zone structure. This function use pointer - * copying, so the rr_list structure inside z is modified! - * \param[in] z the zone to add to - * \param[in] list the list to add - * \return a true on succes otherwise falsed - */ -bool ldns_zone_push_rr_list(ldns_zone *z, ldns_rr_list *list); - -/** - * push an single rr to a zone structure. This function use pointer - * copying, so the rr_list structure inside z is modified! - * \param[in] z the zone to add to - * \param[in] rr the rr to add - * \return a true on succes otherwise falsed - */ -bool ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr); - -/** - * Retrieve all resource records from the zone that are glue - * records. The resulting list does are pointer references - * to the zone's data. - * - * Due to the current zone implementation (as a list of rr's), this - * function is extremely slow. Another (probably better) way to do this - * is to use an ldns_dnssec_zone structure and the - * ldns_dnssec_mark_and_get_glue() function. - * - * \param[in] z the zone to look for glue - * \return the rr_list with the glue - */ -ldns_rr_list *ldns_zone_glue_rr_list(const ldns_zone *z); - -/** - * Create a new zone from a file - * \param[out] z the new zone - * \param[in] *fp the filepointer to use - * \param[in] *origin the zones' origin - * \param[in] ttl default ttl to use - * \param[in] c default class to use (IN) - * - * \return ldns_status mesg with an error or LDNS_STATUS_OK - */ -ldns_status ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c); - -/** - * Create a new zone from a file, keep track of the line numbering - * \param[out] z the new zone - * \param[in] *fp the filepointer to use - * \param[in] *origin the zones' origin - * \param[in] ttl default ttl to use - * \param[in] c default class to use (IN) - * \param[out] line_nr used for error msg, to get to the line number - * - * \return ldns_status mesg with an error or LDNS_STATUS_OK - */ -ldns_status ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c, int *line_nr); - -/** - * Frees the allocated memory for the zone, and the rr_list structure in it - * \param[in] zone the zone to free - */ -void ldns_zone_free(ldns_zone *zone); - -/** - * Frees the allocated memory for the zone, the soa rr in it, - * and the rr_list structure in it, including the rr's in that. etc. - * \param[in] zone the zone to free - */ -void ldns_zone_deep_free(ldns_zone *zone); - -/** - * Sort the rrs in a zone, with the current impl. this is slow - * \param[in] zone the zone to sort - */ -void ldns_zone_sort(ldns_zone *zone); - -#ifdef __cplusplus -} -#endif - -#endif /* LDNS_ZONE_H */ diff --git a/ldns/include/ldns/buffer.h b/ldns/include/ldns/buffer.h new file mode 100644 index 0000000..3b64198 --- /dev/null +++ b/ldns/include/ldns/buffer.h @@ -0,0 +1,645 @@ +/* + * buffer.h -- generic memory buffer. + * + * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + * + * + * The buffer module implements a generic buffer. The API is based on + * the java.nio.Buffer interface. + */ + +#ifndef LDNS_BUFFER_H +#define LDNS_BUFFER_H + +#include +#include +#include + +#include +#include + +#include "ldns/util.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * number of initial bytes in buffer of + * which we cannot tell the size before hand + */ +#define LDNS_MIN_BUFLEN 512 + +/** + * \file buffer.h + * + * This file contains the definition of ldns_buffer, and functions to manipulate those. + */ + +/** + * implementation of buffers to ease operations + * + * ldns_buffers can contain arbitrary information, per octet. You can write + * to the current end of a buffer, read from the current position, and + * access any data within it. + * + * Example use of buffers is in the source code of \ref host2str.c + */ +struct ldns_struct_buffer +{ + /** The current position used for reading/writing */ + size_t _position; + + /** The read/write limit */ + size_t _limit; + + /** The amount of data the buffer can contain */ + size_t _capacity; + + /** The data contained in the buffer */ + uint8_t *_data; + + /** If the buffer is fixed it cannot be resized */ + unsigned _fixed : 1; + + /** The current state of the buffer. If writing to the buffer fails + * for any reason, this value is changed. This way, you can perform + * multiple writes in sequence and check for success afterwards. */ + ldns_status _status; +}; +typedef struct ldns_struct_buffer ldns_buffer; + + +#ifdef NDEBUG +INLINE void +ldns_buffer_invariant(ldns_buffer *ATTR_UNUSED(buffer)) +{ +} +#else +INLINE void +ldns_buffer_invariant(ldns_buffer *buffer) +{ + assert(buffer != NULL); + assert(buffer->_position <= buffer->_limit); + assert(buffer->_limit <= buffer->_capacity); + assert(buffer->_data != NULL); +} +#endif + +/** + * creates a new buffer with the specified capacity. + * + * \param[in] capacity the size (in bytes) to allocate for the buffer + * \return the created buffer + */ +ldns_buffer *ldns_buffer_new(size_t capacity); + +/** + * creates a buffer with the specified data. The data IS copied + * and MEMORY allocations are done. The buffer is not fixed and can + * be resized using buffer_reserve(). + * + * \param[in] buffer pointer to the buffer to put the data in + * \param[in] data the data to encapsulate in the buffer + * \param[in] size the size of the data + */ +void ldns_buffer_new_frm_data(ldns_buffer *buffer, void *data, size_t size); + +/** + * clears the buffer and make it ready for writing. The buffer's limit + * is set to the capacity and the position is set to 0. + * \param[in] buffer the buffer to clear + */ +INLINE void ldns_buffer_clear(ldns_buffer *buffer) +{ + ldns_buffer_invariant(buffer); + + /* reset status here? */ + + buffer->_position = 0; + buffer->_limit = buffer->_capacity; +} + +/** + * makes the buffer ready for reading the data that has been written to + * the buffer. The buffer's limit is set to the current position and + * the position is set to 0. + * + * \param[in] buffer the buffer to flip + * \return void + */ +INLINE void ldns_buffer_flip(ldns_buffer *buffer) +{ + ldns_buffer_invariant(buffer); + + buffer->_limit = buffer->_position; + buffer->_position = 0; +} + +/** + * make the buffer ready for re-reading the data. The buffer's + * position is reset to 0. + * \param[in] buffer the buffer to rewind + */ +INLINE void ldns_buffer_rewind(ldns_buffer *buffer) +{ + ldns_buffer_invariant(buffer); + + buffer->_position = 0; +} + +/** + * returns the current position in the buffer (as a number of bytes) + * \param[in] buffer the buffer + * \return the current position + */ +INLINE size_t +ldns_buffer_position(ldns_buffer *buffer) +{ + return buffer->_position; +} + +/** + * sets the buffer's position to MARK. The position must be less than + * or equal to the buffer's limit. + * \param[in] buffer the buffer + * \param[in] mark the mark to use + */ +INLINE void +ldns_buffer_set_position(ldns_buffer *buffer, size_t mark) +{ + assert(mark <= buffer->_limit); + buffer->_position = mark; +} + +/** + * changes the buffer's position by COUNT bytes. The position must not + * be moved behind the buffer's limit or before the beginning of the + * buffer. + * \param[in] buffer the buffer + * \param[in] count the count to use + */ +INLINE void +ldns_buffer_skip(ldns_buffer *buffer, ssize_t count) +{ + assert(buffer->_position + count <= buffer->_limit); + buffer->_position += count; +} + +/** + * returns the maximum size of the buffer + * \param[in] buffer + * \return the size + */ +INLINE size_t +ldns_buffer_limit(ldns_buffer *buffer) +{ + return buffer->_limit; +} + +/** + * changes the buffer's limit. If the buffer's position is greater + * than the new limit the position is set to the limit. + * \param[in] buffer the buffer + * \param[in] limit the new limit + */ +INLINE void +ldns_buffer_set_limit(ldns_buffer *buffer, size_t limit) +{ + assert(limit <= buffer->_capacity); + buffer->_limit = limit; + if (buffer->_position > buffer->_limit) + buffer->_position = buffer->_limit; +} + +/** + * returns the number of bytes the buffer can hold. + * \param[in] buffer the buffer + * \return the number of bytes + */ +INLINE size_t +ldns_buffer_capacity(ldns_buffer *buffer) +{ + return buffer->_capacity; +} + +/** + * changes the buffer's capacity. The data is reallocated so any + * pointers to the data may become invalid. The buffer's limit is set + * to the buffer's new capacity. + * \param[in] buffer the buffer + * \param[in] capacity the capacity to use + * \return whether this failed or succeeded + */ +bool ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity); + +/** + * ensures BUFFER can contain at least AMOUNT more bytes. The buffer's + * capacity is increased if necessary using buffer_set_capacity(). + * + * The buffer's limit is always set to the (possibly increased) + * capacity. + * \param[in] buffer the buffer + * \param[in] amount amount to use + * \return whether this failed or succeeded + */ +bool ldns_buffer_reserve(ldns_buffer *buffer, size_t amount); + +/** + * returns a pointer to the data at the indicated position. + * \param[in] buffer the buffer + * \param[in] at position + * \return the pointer to the data + */ +INLINE uint8_t * +ldns_buffer_at(const ldns_buffer *buffer, size_t at) +{ + assert(at <= buffer->_limit); + return buffer->_data + at; +} + +/** + * returns a pointer to the beginning of the buffer (the data at + * position 0). + * \param[in] buffer the buffer + * \return the pointer + */ +INLINE uint8_t * +ldns_buffer_begin(const ldns_buffer *buffer) +{ + return ldns_buffer_at(buffer, 0); +} + +/** + * returns a pointer to the end of the buffer (the data at the buffer's + * limit). + * \param[in] buffer the buffer + * \return the pointer + */ +INLINE uint8_t * +ldns_buffer_end(ldns_buffer *buffer) +{ + return ldns_buffer_at(buffer, buffer->_limit); +} + +/** + * returns a pointer to the data at the buffer's current position. + * \param[in] buffer the buffer + * \return the pointer + */ +INLINE uint8_t * +ldns_buffer_current(ldns_buffer *buffer) +{ + return ldns_buffer_at(buffer, buffer->_position); +} + +/** + * returns the number of bytes remaining between the indicated position and + * the limit. + * \param[in] buffer the buffer + * \param[in] at indicated position + * \return number of bytes + */ +INLINE size_t +ldns_buffer_remaining_at(ldns_buffer *buffer, size_t at) +{ + ldns_buffer_invariant(buffer); + assert(at <= buffer->_limit); + return buffer->_limit - at; +} + +/** + * returns the number of bytes remaining between the buffer's position and + * limit. + * \param[in] buffer the buffer + * \return the number of bytes + */ +INLINE size_t +ldns_buffer_remaining(ldns_buffer *buffer) +{ + return ldns_buffer_remaining_at(buffer, buffer->_position); +} + +/** + * checks if the buffer has at least COUNT more bytes available. + * Before reading or writing the caller needs to ensure enough space + * is available! + * \param[in] buffer the buffer + * \param[in] at indicated position + * \param[in] count how much is available + * \return true or false (as int?) + */ +INLINE int +ldns_buffer_available_at(ldns_buffer *buffer, size_t at, size_t count) +{ + return count <= ldns_buffer_remaining_at(buffer, at); +} + +/** + * checks if the buffer has count bytes available at the current position + * \param[in] buffer the buffer + * \param[in] count how much is available + * \return true or false (as int?) + */ +INLINE int +ldns_buffer_available(ldns_buffer *buffer, size_t count) +{ + return ldns_buffer_available_at(buffer, buffer->_position, count); +} + +/** + * writes the given data to the buffer at the specified position + * \param[in] buffer the buffer + * \param[in] at the position (in number of bytes) to write the data at + * \param[in] data pointer to the data to write to the buffer + * \param[in] count the number of bytes of data to write + */ +INLINE void +ldns_buffer_write_at(ldns_buffer *buffer, size_t at, const void *data, size_t count) +{ + assert(ldns_buffer_available_at(buffer, at, count)); + memcpy(buffer->_data + at, data, count); +} + +/** + * writes count bytes of data to the current position of the buffer + * \param[in] buffer the buffer + * \param[in] data the data to write + * \param[in] count the lenght of the data to write + */ +INLINE void +ldns_buffer_write(ldns_buffer *buffer, const void *data, size_t count) +{ + ldns_buffer_write_at(buffer, buffer->_position, data, count); + buffer->_position += count; +} + +/** + * copies the given (null-delimited) string to the specified position at the buffer + * \param[in] buffer the buffer + * \param[in] at the position in the buffer + * \param[in] str the string to write + */ +INLINE void +ldns_buffer_write_string_at(ldns_buffer *buffer, size_t at, const char *str) +{ + ldns_buffer_write_at(buffer, at, str, strlen(str)); +} + +/** + * copies the given (null-delimited) string to the current position at the buffer + * \param[in] buffer the buffer + * \param[in] str the string to write + */ +INLINE void +ldns_buffer_write_string(ldns_buffer *buffer, const char *str) +{ + ldns_buffer_write(buffer, str, strlen(str)); +} + +/** + * writes the given byte of data at the given position in the buffer + * \param[in] buffer the buffer + * \param[in] at the position in the buffer + * \param[in] data the 8 bits to write + */ +INLINE void +ldns_buffer_write_u8_at(ldns_buffer *buffer, size_t at, uint8_t data) +{ + assert(ldns_buffer_available_at(buffer, at, sizeof(data))); + buffer->_data[at] = data; +} + +/** + * writes the given byte of data at the current position in the buffer + * \param[in] buffer the buffer + * \param[in] data the 8 bits to write + */ +INLINE void +ldns_buffer_write_u8(ldns_buffer *buffer, uint8_t data) +{ + ldns_buffer_write_u8_at(buffer, buffer->_position, data); + buffer->_position += sizeof(data); +} + +/** + * writes the given 2 byte integer at the given position in the buffer + * \param[in] buffer the buffer + * \param[in] at the position in the buffer + * \param[in] data the 16 bits to write + */ +INLINE void +ldns_buffer_write_u16_at(ldns_buffer *buffer, size_t at, uint16_t data) +{ + assert(ldns_buffer_available_at(buffer, at, sizeof(data))); + ldns_write_uint16(buffer->_data + at, data); +} + +/** + * writes the given 2 byte integer at the current position in the buffer + * \param[in] buffer the buffer + * \param[in] data the 16 bits to write + */ +INLINE void +ldns_buffer_write_u16(ldns_buffer *buffer, uint16_t data) +{ + ldns_buffer_write_u16_at(buffer, buffer->_position, data); + buffer->_position += sizeof(data); +} + +/** + * writes the given 4 byte integer at the given position in the buffer + * \param[in] buffer the buffer + * \param[in] at the position in the buffer + * \param[in] data the 32 bits to write + */ +INLINE void +ldns_buffer_write_u32_at(ldns_buffer *buffer, size_t at, uint32_t data) +{ + assert(ldns_buffer_available_at(buffer, at, sizeof(data))); + ldns_write_uint32(buffer->_data + at, data); +} + +/** + * writes the given 4 byte integer at the current position in the buffer + * \param[in] buffer the buffer + * \param[in] data the 32 bits to write + */ +INLINE void +ldns_buffer_write_u32(ldns_buffer *buffer, uint32_t data) +{ + ldns_buffer_write_u32_at(buffer, buffer->_position, data); + buffer->_position += sizeof(data); +} + +/** + * copies count bytes of data at the given position to the given data-array + * \param[in] buffer the buffer + * \param[in] at the position in the buffer to start + * \param[out] data buffer to copy to + * \param[in] count the length of the data to copy + */ +INLINE void +ldns_buffer_read_at(ldns_buffer *buffer, size_t at, void *data, size_t count) +{ + assert(ldns_buffer_available_at(buffer, at, count)); + memcpy(data, buffer->_data + at, count); +} + +/** + * copies count bytes of data at the current position to the given data-array + * \param[in] buffer the buffer + * \param[out] data buffer to copy to + * \param[in] count the length of the data to copy + */ +INLINE void +ldns_buffer_read(ldns_buffer *buffer, void *data, size_t count) +{ + ldns_buffer_read_at(buffer, buffer->_position, data, count); + buffer->_position += count; +} + +/** + * returns the byte value at the given position in the buffer + * \param[in] buffer the buffer + * \param[in] at the position in the buffer + * \return 1 byte integer + */ +INLINE uint8_t +ldns_buffer_read_u8_at(ldns_buffer *buffer, size_t at) +{ + assert(ldns_buffer_available_at(buffer, at, sizeof(uint8_t))); + return buffer->_data[at]; +} + +/** + * returns the byte value at the current position in the buffer + * \param[in] buffer the buffer + * \return 1 byte integer + */ +INLINE uint8_t +ldns_buffer_read_u8(ldns_buffer *buffer) +{ + uint8_t result = ldns_buffer_read_u8_at(buffer, buffer->_position); + buffer->_position += sizeof(uint8_t); + return result; +} + +/** + * returns the 2-byte integer value at the given position in the buffer + * \param[in] buffer the buffer + * \param[in] at position in the buffer + * \return 2 byte integer + */ +INLINE uint16_t +ldns_buffer_read_u16_at(ldns_buffer *buffer, size_t at) +{ + assert(ldns_buffer_available_at(buffer, at, sizeof(uint16_t))); + return ldns_read_uint16(buffer->_data + at); +} + +/** + * returns the 2-byte integer value at the current position in the buffer + * \param[in] buffer the buffer + * \return 2 byte integer + */ +INLINE uint16_t +ldns_buffer_read_u16(ldns_buffer *buffer) +{ + uint16_t result = ldns_buffer_read_u16_at(buffer, buffer->_position); + buffer->_position += sizeof(uint16_t); + return result; +} + +/** + * returns the 4-byte integer value at the given position in the buffer + * \param[in] buffer the buffer + * \param[in] at position in the buffer + * \return 4 byte integer + */ +INLINE uint32_t +ldns_buffer_read_u32_at(ldns_buffer *buffer, size_t at) +{ + assert(ldns_buffer_available_at(buffer, at, sizeof(uint32_t))); + return ldns_read_uint32(buffer->_data + at); +} + +/** + * returns the 4-byte integer value at the current position in the buffer + * \param[in] buffer the buffer + * \return 4 byte integer + */ +INLINE uint32_t +ldns_buffer_read_u32(ldns_buffer *buffer) +{ + uint32_t result = ldns_buffer_read_u32_at(buffer, buffer->_position); + buffer->_position += sizeof(uint32_t); + return result; +} + +/** + * returns the status of the buffer + * \param[in] buffer + * \return the status + */ +INLINE ldns_status +ldns_buffer_status(ldns_buffer *buffer) +{ + return buffer->_status; +} + +/** + * returns true if the status of the buffer is LDNS_STATUS_OK, false otherwise + * \param[in] buffer the buffer + * \return true or false + */ +INLINE bool +ldns_buffer_status_ok(ldns_buffer *buffer) +{ + if (buffer) { + return ldns_buffer_status(buffer) == LDNS_STATUS_OK; + } else { + return false; + } +} + +/** + * prints to the buffer, increasing the capacity if required using + * buffer_reserve(). The buffer's position is set to the terminating '\\0' + * Returns the number of characters written (not including the + * terminating '\\0') or -1 on failure. + */ +int ldns_buffer_printf(ldns_buffer *buffer, const char *format, ...); +/* ATTR_FORMAT(printf, 2, 3);*/ + +/** + * frees the buffer. + * \param[in] *buffer the buffer to be freed + * \return void + */ +void ldns_buffer_free(ldns_buffer *buffer); + +/** + * Makes the buffer fixed and returns a pointer to the data. The + * caller is responsible for free'ing the result. + * \param[in] *buffer the buffer to be exported + * \return void + */ +void *ldns_buffer_export(ldns_buffer *buffer); + +/** + * Copy contents of the from buffer to the result buffer and then flips + * the result buffer. Data will be silently truncated if the result buffer is + * too small. + * \param[out] *result resulting buffer which is copied to. + * \param[in] *from what to copy to result. + */ +void ldns_buffer_copy(ldns_buffer* result, ldns_buffer* from); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_BUFFER_H */ diff --git a/ldns/include/ldns/common.h b/ldns/include/ldns/common.h new file mode 100644 index 0000000..9abd9b9 --- /dev/null +++ b/ldns/include/ldns/common.h @@ -0,0 +1,78 @@ +/** + * \file common.h + * + * Common definitions for LDNS + */ + +/** + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#ifndef LDNS_COMMON_H +#define LDNS_COMMON_H + +/* + * The build configuration that is used in the distributed headers, + * as detected and determined by the auto configure script. + */ +#define LDNS_BUILD_CONFIG_HAVE_SSL 1 +#define LDNS_BUILD_CONFIG_HAVE_INTTYPES_H 1 +#define LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT 1 +#define LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED 1 +#define LDNS_BUILD_CONFIG_HAVE_SOCKLEN_T 1 +#define LDNS_BUILD_CONFIG_USE_DANE 1 +#define LDNS_BUILD_CONFIG_HAVE_B32_PTON 0 +#define LDNS_BUILD_CONFIG_HAVE_B32_NTOP 0 + +/* + * HAVE_STDBOOL_H is not available when distributed as a library, but no build + * configuration variables may be used (like those above) because the header + * is sometimes only available when using special compiler flags to enable the + * c99 environment. Because we cannot force the usage of this flag, we have to + * provide a default type. Below what is suggested by the autoconf manual. + */ +/*@ignore@*/ +/* splint barfs on this construct */ +#ifndef __bool_true_false_are_defined +# ifdef HAVE_STDBOOL_H +# include +# else +# ifndef HAVE__BOOL +# ifdef __cplusplus +typedef bool _Bool; +# else +# define _Bool signed char +# endif +# endif +# define bool _Bool +# define false 0 +# define true 1 +# define __bool_true_false_are_defined 1 +# endif +#endif +/*@end@*/ + +#if LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT +#define ATTR_FORMAT(archetype, string_index, first_to_check) \ + __attribute__ ((format (archetype, string_index, first_to_check))) +#else /* !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT */ +#define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */ +#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT */ + +#if defined(__cplusplus) +#define ATTR_UNUSED(x) +#elif LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED +#define ATTR_UNUSED(x) x __attribute__((unused)) +#else /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */ +#define ATTR_UNUSED(x) x +#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */ + +#if !LDNS_BUILD_CONFIG_HAVE_SOCKLEN_T +typedef int socklen_t; +#endif + +#endif /* LDNS_COMMON_H */ diff --git a/ldns/include/ldns/config.h b/ldns/include/ldns/config.h new file mode 100644 index 0000000..d77cc7f --- /dev/null +++ b/ldns/include/ldns/config.h @@ -0,0 +1,590 @@ +#include "EXTERN.h" +#include "perl.h" + +/* Define if building universal (internal helper macro) */ +/* #undef AC_APPLE_UNIVERSAL_BUILD */ + +/* Define to 1 if you have the header file. */ +#define HAVE_ARPA_INET_H 1 + +/* Whether the C compiler accepts the "format" attribute */ +#define HAVE_ATTR_FORMAT 1 + +/* Whether the C compiler accepts the "unused" attribute */ +#define HAVE_ATTR_UNUSED 1 + +/* Define to 1 if you have the `b32_ntop' function. */ +/* #undef HAVE_B32_NTOP */ + +/* Define to 1 if you have the `b32_pton' function. */ +/* #undef HAVE_B32_PTON */ + +/* Define to 1 if you have the `b64_ntop' function. */ +/* #undef HAVE_B64_NTOP */ + +/* Define to 1 if you have the `b64_pton' function. */ +/* #undef HAVE_B64_PTON */ + +/* Define to 1 if you have the `bzero' function. */ +#define HAVE_BZERO 1 + +/* Define to 1 if you have the `calloc' function. */ +#define HAVE_CALLOC 1 + +/* Define to 1 if you have the `ctime_r' function. */ +#define HAVE_CTIME_R 1 + +/* Is a CAFILE given at configure time */ +#define HAVE_DANE_CA_FILE 0 + +/* Is a CAPATH given at configure time */ +#define HAVE_DANE_CA_PATH 0 + +/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you + don't. */ +#define HAVE_DECL_NID_SECP384R1 1 + +/* Define to 1 if you have the declaration of `NID_X9_62_prime256v1', and to 0 + if you don't. */ +#define HAVE_DECL_NID_X9_62_PRIME256V1 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_DLFCN_H 1 + +/* Define to 1 if you have the `endprotoent' function. */ +#define HAVE_ENDPROTOENT 1 + +/* Define to 1 if you have the `endservent' function. */ +#define HAVE_ENDSERVENT 1 + +/* Define to 1 if you have the `ENGINE_load_cryptodev' function. */ +#define HAVE_ENGINE_LOAD_CRYPTODEV 1 + +/* Define to 1 if you have the `EVP_sha256' function. */ +#define HAVE_EVP_SHA256 1 + +/* Define to 1 if you have the `fcntl' function. */ +#define HAVE_FCNTL 1 + +/* Define to 1 if you have the `fork' function. */ +#define HAVE_FORK 1 + +/* Whether getaddrinfo is available */ +#define HAVE_GETADDRINFO 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_GETOPT_H 1 + +/* Define to 1 if you have the `gmtime_r' function. */ +#define HAVE_GMTIME_R 1 + +/* If you have HMAC_CTX_init */ +#define HAVE_HMAC_CTX_INIT 1 + +/* Define to 1 if you have the `inet_aton' function. */ +#define HAVE_INET_ATON 1 + +/* Define to 1 if you have the `inet_ntop' function. */ +#define HAVE_INET_NTOP 1 + +/* Define to 1 if you have the `inet_pton' function. */ +#define HAVE_INET_PTON 1 + +/* define if you have inttypes.h */ +#define HAVE_INTTYPES_H 1 + +/* if the function 'ioctlsocket' is available */ +/* #undef HAVE_IOCTLSOCKET */ + +/* Define to 1 if you have the `isascii' function. */ +#define HAVE_ISASCII 1 + +/* Define to 1 if you have the `isblank' function. */ +#define HAVE_ISBLANK 1 + +/* Define to 1 if you have the `pcap' library (-lpcap). */ +/* #undef HAVE_LIBPCAP */ + +/* Define to 1 if you have the `localtime_r' function. */ +#define HAVE_LOCALTIME_R 1 + +/* Define to 1 if your system has a GNU libc compatible `malloc' function, and + to 0 otherwise. */ +#define HAVE_MALLOC 1 + +/* Define to 1 if you have the `memmove' function. */ +#define HAVE_MEMMOVE 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_MEMORY_H 1 + +/* Define to 1 if you have the `memset' function. */ +#define HAVE_MEMSET 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_NETDB_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IF_ETHER_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IGMP_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_NETINET_IN_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IN_SYSTM_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IP6_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IP_COMPAT_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_IP_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NETINET_UDP_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NET_ETHERNET_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_NET_IF_H */ + +/* Define to 1 if you have the header file. */ +#define HAVE_OPENSSL_ERR_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_OPENSSL_RAND_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_OPENSSL_SSL_H 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_PCAP_H */ + +/* Define to 1 if you have the `random' function. */ +#define HAVE_RANDOM 1 + +/* Define to 1 if your system has a GNU libc compatible `realloc' function, + and to 0 otherwise. */ +#define HAVE_REALLOC 1 + +/* Define to 1 if you have the `sleep' function. */ +#define HAVE_SLEEP 1 + +/* Define to 1 if you have the `snprintf' function. */ +#define HAVE_SNPRINTF 1 + +/* Define if you have the SSL libraries installed. */ +#define HAVE_SSL /**/ + +/* Define to 1 if you have the header file. */ +#define HAVE_STDARG_H 1 + +/* Define to 1 if stdbool.h conforms to C99. */ +#define HAVE_STDBOOL_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDINT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRINGS_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the `strlcpy' function. */ +#ifdef HAS_STRLCPY +#define HAVE_STRLCPY 1 +#else +#undef HAVE_STRLCPY +#endif + +/* Define to 1 if you have the `strtoul' function. */ +#define HAVE_STRTOUL 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_MOUNT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_PARAM_H 1 + +/* define if you have sys/socket.h */ +#define HAVE_SYS_SOCKET_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_STAT_H 1 + +/* define if you have sys/types.h */ +#define HAVE_SYS_TYPES_H 1 + +/* Define to 1 if you have the `timegm' function. */ +#define HAVE_TIMEGM 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_TIME_H 1 + +/* define if you have unistd.h */ +#define HAVE_UNISTD_H 1 + +/* Define to 1 if you have the `vfork' function. */ +#define HAVE_VFORK 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_VFORK_H */ + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_WINSOCK2_H */ + +/* Define to 1 if `fork' works. */ +#define HAVE_WORKING_FORK 1 + +/* Define to 1 if `vfork' works. */ +#define HAVE_WORKING_VFORK 1 + +/* Define to 1 if you have the header file. */ +/* #undef HAVE_WS2TCPIP_H */ + +/* Define to 1 if the system has the type `_Bool'. */ +#define HAVE__BOOL 1 + +/* Is a CAFILE given at configure time */ +/* #undef LDNS_DANE_CA_FILE */ + +/* Is a CAPATH given at configure time */ +/* #undef LDNS_DANE_CA_PATH */ + +/* Define to the sub-directory where libtool stores uninstalled libraries. */ +#define LT_OBJDIR ".libs/" + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "libdns@nlnetlabs.nl" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "ldns" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "ldns 1.6.17" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "libdns" + +/* Define to the home page for this package. */ +#define PACKAGE_URL "" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "1.6.17" + +/* Define this to enable RR type NINFO. */ +/* #undef RRTYPE_NINFO */ + +/* Define this to enable RR type OPENPGPKEY. */ +/* #undef RRTYPE_OPENPGPKEY */ + +/* Define this to enable RR type RKEY. */ +/* #undef RRTYPE_RKEY */ + +/* Define this to enable RR type TA. */ +/* #undef RRTYPE_TA */ + +/* Define this to enable RR type URI. */ +/* #undef RRTYPE_URI */ + +/* The size of `time_t', as computed by sizeof. */ +#define SIZEOF_TIME_T 8 + +/* Define to 1 if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* Define this to enable messages to stderr. */ +/* #undef STDERR_MSGS */ + +/* System configuration dir */ +#define SYSCONFDIR sysconfdir + +/* Define this to enable DANE support. */ +#define USE_DANE 1 + +/* Define this to enable ECDSA support. */ +#define USE_ECDSA 1 + +/* Define this to enable GOST support. */ +/* #define USE_GOST 1 */ + +/* Define this to enable SHA256 and SHA512 support. */ +#define USE_SHA2 1 + +/* Enable extensions on AIX 3, Interix. */ +#ifndef _ALL_SOURCE +# define _ALL_SOURCE 1 +#endif +/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +# define _GNU_SOURCE 1 +#endif +/* Enable threading extensions on Solaris. */ +#ifndef _POSIX_PTHREAD_SEMANTICS +# define _POSIX_PTHREAD_SEMANTICS 1 +#endif +/* Enable extensions on HP NonStop. */ +#ifndef _TANDEM_SOURCE +# define _TANDEM_SOURCE 1 +#endif +/* Enable general extensions on Solaris. */ +#ifndef __EXTENSIONS__ +# define __EXTENSIONS__ 1 +#endif + + +/* Whether the windows socket API is used */ +/* #undef USE_WINSOCK */ + +/* the version of the windows API enabled */ +#define WINVER 0x0502 + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +/* # undef WORDS_BIGENDIAN */ +# endif +#endif + +/* Define to 1 if on MINIX. */ +/* #undef _MINIX */ + +/* Enable for compile on Minix */ +/* #undef _NETBSD_SOURCE */ + +/* Define to 2 if the system does not provide POSIX.1 features except with + this defined. */ +/* #undef _POSIX_1_SOURCE */ + +/* Define to 1 if you need to in order for `stat' and other things to work. */ +/* #undef _POSIX_SOURCE */ + +/* Define to empty if `const' does not conform to ANSI C. */ +/* #undef const */ + +/* in_addr_t */ +/* #undef in_addr_t */ + +/* in_port_t */ +/* #undef in_port_t */ + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +/* #undef inline */ +#endif + +/* Define to `short' if does not define. */ +/* #undef int16_t */ + +/* Define to `int' if does not define. */ +/* #undef int32_t */ + +/* Define to `long long' if does not define. */ +/* #undef int64_t */ + +/* Define to `char' if does not define. */ +/* #undef int8_t */ + +/* Define to `size_t' if does not define. */ +/* #undef intptr_t */ + +/* Define to rpl_malloc if the replacement function should be used. */ +/* #undef malloc */ + +/* Define to `int' if does not define. */ +/* #undef pid_t */ + +/* Define to rpl_realloc if the replacement function should be used. */ +/* #undef realloc */ + +/* Define to `unsigned int' if does not define. */ +/* #undef size_t */ + +/* Define to 'int' if not defined */ +/* #undef socklen_t */ + +/* Fallback member name for socket family in struct sockaddr_storage */ +/* #undef ss_family */ + +/* Define to `int' if does not define. */ +/* #undef ssize_t */ + +/* Define to `unsigned short' if does not define. */ +/* #undef uint16_t */ + +/* Define to `unsigned int' if does not define. */ +/* #undef uint32_t */ + +/* Define to `unsigned long long' if does not define. */ +/* #undef uint64_t */ + +/* Define to `unsigned char' if does not define. */ +/* #undef uint8_t */ + +/* Define as `fork' if `vfork' does not work. */ +/* #undef vfork */ + + +#include +#include +#include +#include + +#ifndef LITTLE_ENDIAN +#define LITTLE_ENDIAN 1234 +#endif + +#ifndef BIG_ENDIAN +#define BIG_ENDIAN 4321 +#endif + +#ifndef BYTE_ORDER +#ifdef WORDS_BIGENDIAN +#define BYTE_ORDER BIG_ENDIAN +#else +#define BYTE_ORDER LITTLE_ENDIAN +#endif /* WORDS_BIGENDIAN */ +#endif /* BYTE_ORDER */ + +#if STDC_HEADERS +#include +#include +#endif + +#ifdef HAVE_STDINT_H +#include +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#ifdef HAVE_ARPA_INET_H +#include +#endif + +#ifdef HAVE_WINSOCK2_H +#include +#endif + +#ifdef HAVE_WS2TCPIP_H +#include +#endif + + +/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */ +#ifdef HAVE_WINSOCK2_H +#define FD_SET_T (u_int) +#else +#define FD_SET_T +#endif + + + + +#ifdef __cplusplus +extern "C" { +#endif + +int ldns_b64_ntop(uint8_t const *src, size_t srclength, + char *target, size_t targsize); +/** + * calculates the size needed to store the result of b64_ntop + */ +/*@unused@*/ +static inline size_t ldns_b64_ntop_calculate_size(size_t srcsize) +{ + return ((((srcsize + 2) / 3) * 4) + 1); +} +int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize); +/** + * calculates the size needed to store the result of ldns_b64_pton + */ +/*@unused@*/ +static inline size_t ldns_b64_pton_calculate_size(size_t srcsize) +{ + return (((((srcsize + 3) / 4) * 3)) + 1); +} + +/** + * Given in dnssec_zone.c, also used in dnssec_sign.c:w + + */ +int ldns_dname_compare_v(const void *a, const void *b); + +#ifndef HAVE_SLEEP +/* use windows sleep, in millisecs, instead */ +#define sleep(x) Sleep((x)*1000) +#endif + +#ifndef HAVE_RANDOM +#define srandom(x) srand(x) +#define random(x) rand(x) +#endif + +#ifndef HAVE_TIMEGM +#include +time_t timegm (struct tm *tm); +#endif /* !TIMEGM */ +#ifndef HAVE_GMTIME_R +struct tm *gmtime_r(const time_t *timep, struct tm *result); +#endif +#ifndef HAVE_LOCALTIME_R +struct tm *localtime_r(const time_t *timep, struct tm *result); +#endif +#ifndef HAVE_ISBLANK +int isblank(int c); +#endif /* !HAVE_ISBLANK */ +#ifndef HAVE_ISASCII +int isascii(int c); +#endif /* !HAVE_ISASCII */ +#ifndef HAVE_SNPRINTF +#include +int snprintf (char *str, size_t count, const char *fmt, ...); +int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); +#endif /* HAVE_SNPRINTF */ +#ifndef HAVE_INET_PTON +int inet_pton(int af, const char* src, void* dst); +#endif /* HAVE_INET_PTON */ +#ifndef HAVE_INET_NTOP +const char *inet_ntop(int af, const void *src, char *dst, size_t size); +#endif +#ifndef HAVE_INET_ATON +int inet_aton(const char *cp, struct in_addr *addr); +#endif +#ifndef HAVE_MEMMOVE +void *memmove(void *dest, const void *src, size_t n); +#endif +#ifndef HAVE_STRLCPY +size_t strlcpy(char *dst, const char *src, size_t siz); +#endif +#ifdef __cplusplus +} +#endif +#ifndef HAVE_GETADDRINFO +#include "compat/fake-rfc2553.h" +#endif +#ifndef HAVE_STRTOUL +#define strtoul (unsigned long)strtol +#endif + diff --git a/ldns/include/ldns/dane.h b/ldns/include/ldns/dane.h new file mode 100644 index 0000000..8234eb7 --- /dev/null +++ b/ldns/include/ldns/dane.h @@ -0,0 +1,262 @@ +/* + * dane.h -- defines for the DNS-Based Authentication of Named Entities (DANE) + * Transport Layer Security (TLS) Protocol: TLSA + * + * Copyright (c) 2012, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + * + */ + +/** + * \file + * + * This module contains base functions for creating and verifying TLSA RR's + * with PKIX certificates, certificate chains and validation stores. + * (See RFC6394 and RFC6698). + * + * Since those functions heavily rely op cryptographic operations, + * this module is dependent on openssl. + */ + + +#ifndef LDNS_DANE_H +#define LDNS_DANE_H +#if LDNS_BUILD_CONFIG_USE_DANE + +#include +#include +#include +#if LDNS_BUILD_CONFIG_HAVE_SSL +#include +#include +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * The different "Certificate usage" rdata field values for a TLSA RR. + */ +enum ldns_enum_tlsa_certificate_usage +{ + /** CA constraint */ + LDNS_TLSA_USAGE_PKIX_TA = 0, + LDNS_TLSA_USAGE_CA_CONSTRAINT = 0, + /** Sevice certificate constraint */ + LDNS_TLSA_USAGE_PKIX_EE = 1, + LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT = 1, + /** Trust anchor assertion */ + LDNS_TLSA_USAGE_DANE_TA = 2, + LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION = 2, + /** Domain issued certificate */ + LDNS_TLSA_USAGE_DANE_EE = 3, + LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE = 3, + /** Reserved for Private Use */ + LDNS_TLSA_USAGE_PRIVCERT = 255 +}; +typedef enum ldns_enum_tlsa_certificate_usage ldns_tlsa_certificate_usage; + +/** + * The different "Selector" rdata field values for a TLSA RR. + */ +enum ldns_enum_tlsa_selector +{ + /** + * Full certificate: the Certificate binary structure + * as defined in [RFC5280] + */ + LDNS_TLSA_SELECTOR_CERT = 0, + LDNS_TLSA_SELECTOR_FULL_CERTIFICATE = 0, + + /** + * SubjectPublicKeyInfo: DER-encoded binary structure + * as defined in [RFC5280] + */ + LDNS_TLSA_SELECTOR_SPKI = 1, + LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO = 1, + + /** Reserved for Private Use */ + LDNS_TLSA_SELECTOR_PRIVSEL = 255 +}; +typedef enum ldns_enum_tlsa_selector ldns_tlsa_selector; + +/** + * The different "Matching type" rdata field values for a TLSA RR. + */ +enum ldns_enum_tlsa_matching_type +{ + /** Exact match on selected content */ + LDNS_TLSA_MATCHING_TYPE_FULL = 0, + LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED = 0, + /** SHA-256 hash of selected content [RFC6234] */ + LDNS_TLSA_MATCHING_TYPE_SHA2_256 = 1, + LDNS_TLSA_MATCHING_TYPE_SHA256 = 1, + /** SHA-512 hash of selected content [RFC6234] */ + LDNS_TLSA_MATCHING_TYPE_SHA2_512 = 2, + LDNS_TLSA_MATCHING_TYPE_SHA512 = 2, + /** Reserved for Private Use */ + LDNS_TLSA_MATCHING_TYPE_PRIVMATCH = 255 +}; +typedef enum ldns_enum_tlsa_matching_type ldns_tlsa_matching_type; + +/** + * Known transports to use with TLSA owner names. + */ +enum ldns_enum_dane_transport +{ + /** TCP */ + LDNS_DANE_TRANSPORT_TCP = 0, + /** UDP */ + LDNS_DANE_TRANSPORT_UDP = 1, + /** SCTP */ + LDNS_DANE_TRANSPORT_SCTP = 2 +}; +typedef enum ldns_enum_dane_transport ldns_dane_transport; + + +/** + * Creates a dname consisting of the given name, prefixed by the service port + * and type of transport: _port._transport.name. + * + * \param[out] tlsa_owner The created dname. + * \param[in] name The dname that should be prefixed. + * \param[in] port The service port number for wich the name should be created. + * \param[in] transport The transport for wich the name should be created. + * \return LDNS_STATUS_OK on success or an error code otherwise. + */ +ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, + const ldns_rdf* name, uint16_t port, + ldns_dane_transport transport); + + +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * Creates a LDNS_RDF_TYPE_HEX type rdf based on the binary data choosen by + * the selector and encoded using matching_type. + * + * \param[out] rdf The created created rdf of type LDNS_RDF_TYPE_HEX. + * \param[in] cert The certificate from which the data is selected + * \param[in] selector The full certificate or the public key + * \param[in] matching_type The full data or the SHA256 or SHA512 hash + * of the selected data + * \return LDNS_STATUS_OK on success or an error code otherwise. + */ +ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert, + ldns_tlsa_selector selector, + ldns_tlsa_matching_type matching_type); + + +/** + * Selects the certificate from cert, extra_certs or the pkix_validation_store + * based on the value of cert_usage and index. + * + * \param[out] selected_cert The selected cert. + * \param[in] cert The certificate to validate (or not) + * \param[in] extra_certs Intermediate certificates that might be necessary + * during validation. May be NULL, except when the certificate + * usage is "Trust Anchor Assertion" because the trust anchor has + * to be provided.(otherwise choose a "Domain issued certificate!" + * \param[in] pkix_validation_store Used when the certificate usage is + * "CA constraint" or "Service Certificate Constraint" to + * validate the certificate and, in case of "CA constraint", + * select the CA. + * When pkix_validation_store is NULL, validation is explicitely + * turned off and the behaviour is then the same as for "Trust + * anchor assertion" and "Domain issued certificate" respectively. + * \param[in] cert_usage Which certificate to use and how to validate. + * \param[in] index Used to select the trust anchor when certificate usage + * is "Trust Anchor Assertion". 0 is the last certificate in the + * validation chain. 1 the one but last, etc. When index is -1, + * the last certificate is used that MUST be self-signed. + * This can help to make sure that the intended (self signed) + * trust anchor is actually present in extra_certs (which is a + * DANE requirement). + * + * \return LDNS_STATUS_OK on success or an error code otherwise. + */ +ldns_status ldns_dane_select_certificate(X509** selected_cert, + X509* cert, STACK_OF(X509)* extra_certs, + X509_STORE* pkix_validation_store, + ldns_tlsa_certificate_usage cert_usage, int index); + +/** + * Creates a TLSA resource record from the certificate. + * No PKIX validation is performed! The given certificate is used as data + * regardless the value of certificate_usage. + * + * \param[out] tlsa The created TLSA resource record. + * \param[in] certificate_usage The value for the Certificate Usage field + * \param[in] selector The value for the Selector field + * \param[in] matching_type The value for the Matching Type field + * \param[in] cert The certificate which data will be represented + * + * \return LDNS_STATUS_OK on success or an error code otherwise. + */ +ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa, + ldns_tlsa_certificate_usage certificate_usage, + ldns_tlsa_selector selector, + ldns_tlsa_matching_type matching_type, + X509* cert); + +/** + * Verify if the given TLSA resource record matches the given certificate. + * Reporting on a TLSA rr mismatch (LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) + * is preferred over PKIX failure (LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE). + * So when PKIX validation is required by the TLSA Certificate usage, + * but the TLSA data does not match, LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH + * is returned whether the PKIX validated or not. + * + * \param[in] tlsa_rr The resource record that specifies what and how to + * match the certificate. With tlsa_rr == NULL, regular PKIX + * validation is performed. + * \param[in] cert The certificate to match (and validate) + * \param[in] extra_certs Intermediate certificates that might be necessary + * creating the validation chain. + * \param[in] pkix_validation_store Used when the certificate usage is + * "CA constraint" or "Service Certificate Constraint" to + * validate the certificate. + * + * \return LDNS_STATUS_OK on success, + * LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH on TLSA data mismatch, + * LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE when TLSA matched, + * but the PKIX validation failed, or other ldns_status errors. + */ +ldns_status ldns_dane_verify_rr(const ldns_rr* tlsa_rr, + X509* cert, STACK_OF(X509)* extra_certs, + X509_STORE* pkix_validation_store); + +/** + * Verify if any of the given TLSA resource records matches the given + * certificate. + * + * \param[in] tlsas The resource records that specify what and how to + * match the certificate. One must match for this function + * to succeed. With tlsas == NULL or the number of TLSA records + * in tlsas == 0, regular PKIX validation is performed. + * \param[in] cert The certificate to match (and validate) + * \param[in] extra_certs Intermediate certificates that might be necessary + * creating the validation chain. + * \param[in] pkix_validation_store Used when the certificate usage is + * "CA constraint" or "Service Certificate Constraint" to + * validate the certificate. + * + * \return LDNS_STATUS_OK on success, + * LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE when one of the TLSA's + * matched but the PKIX validation failed, + * LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH when none of the TLSA's matched, + * or other ldns_status errors. + */ +ldns_status ldns_dane_verify(ldns_rr_list* tlsas, + X509* cert, STACK_OF(X509)* extra_certs, + X509_STORE* pkix_validation_store); +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_BUILD_CONFIG_USE_DANE */ +#endif /* LDNS_DANE_H */ + diff --git a/ldns/include/ldns/dname.h b/ldns/include/ldns/dname.h new file mode 100644 index 0000000..291786b --- /dev/null +++ b/ldns/include/ldns/dname.h @@ -0,0 +1,211 @@ +/* + * dname.h + * + * dname definitions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file dname.h + * + * dname contains function to read and manipulate domain names. + * + * Example domain names are "www.nlnetlabs.nl." and "." (the root) + * + * If a domain name ends with a dot ("."), it is called a Fully Qualified + * Domain Name (FQDN). In certain places (for instance when reading a zone + * file), an origin (which is just another domain name) non-FQDNs will be + * placed after the current. For instance, if i have a zone file where the + * origin has been set to "nl.", and my file contains the name + * "www.nlnetlabs", it will result in "www.nlnetlabs.nl.". Internally, dnames are + * always absolute (the dot is added when it is missing and there is no origin). + * + * An FQDN is also + * known as an absolute domain name, therefore the function to check this is + * called \ref ldns_dname_str_absolute + * + * Domain names are stored in \ref ldns_rdf structures, with the type + * \ref LDNS_RDF_TYPE_DNAME + * + * This module is *NOT* about the RR type called DNAME. + */ + + +#ifndef LDNS_DNAME_H +#define LDNS_DNAME_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define LDNS_DNAME_NORMALIZE tolower + +/** + * concatenates two dnames together + * \param[in] rd1 the leftside + * \param[in] rd2 the rightside + * \return a new rdf with leftside/rightside + */ +ldns_rdf *ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2); + +/** + * concatenates rd2 after rd1 (rd2 is copied, rd1 is modified) + * \param[in] rd1 the leftside + * \param[in] rd2 the rightside + * \return LDNS_STATUS_OK on success + */ +ldns_status ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2); + +/** + * Returns a clone of the given dname with the labels + * reversed + * \param[in] d the dname to reverse + * \return clone of the dname with the labels reversed. + */ +ldns_rdf *ldns_dname_reverse(const ldns_rdf *d); + +/** + * Clones the given dname from the nth label on + * \param[in] d The dname to clone + * \param[in] n the label nr to clone from, if this is 0, the complete + * dname is cloned + * \return A newly allocated *rdf structure, containing the cloned dname, + * or NULL if either d was NULL, not a dname, or if n >= + * label_count + */ +ldns_rdf * +ldns_dname_clone_from(const ldns_rdf *d, uint16_t n); + +/** + * chop one label off the left side of a dname. so + * wwww.nlnetlabs.nl, becomes nlnetlabs.nl + * This new name is a clone and must be freed with ldns_deep_free() + * \param[in] d the dname to chop + * \return the remaining dname + */ +ldns_rdf *ldns_dname_left_chop(const ldns_rdf *d); + +/** + * count the number of labels inside a LDNS_RDF_DNAME type rdf. + * \param[in] *r the rdf + * \return the number of labels + */ +uint8_t ldns_dname_label_count(const ldns_rdf *r); + +/** + * creates a new dname rdf from a string. + * \param[in] str string to use + * \return ldns_rdf* or NULL in case of an error + */ +ldns_rdf *ldns_dname_new_frm_str(const char *str); + +/** + * Create a new dname rdf from a string + * \param[in] s the size of the new dname + * \param[in] *data pointer to the actual data + * + * \return ldns_rdf* + */ +ldns_rdf *ldns_dname_new(uint16_t s, void *data); + +/** + * Create a new dname rdf from data (the data is copied) + * \param[in] size the size of the data + * \param[in] *data pointer to the actual data + * + * \return ldns_rdf* + */ +ldns_rdf *ldns_dname_new_frm_data(uint16_t size, const void *data); + +/** + * Put a dname into canonical fmt - ie. lowercase it + * \param[in] rdf the dname to lowercase + * \return void + */ +void ldns_dname2canonical(const ldns_rdf *rdf); + +/** + * test wether the name sub falls under parent (i.e. is a subdomain + * of parent). This function will return false if the given dnames are + * equal. + * \param[in] sub the name to test + * \param[in] parent the parent's name + * \return true if sub falls under parent, otherwise false + */ +bool ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent); + +/** + * Compares the two dname rdf's according to the algorithm for ordering + * in RFC4034 Section 6. + * \param[in] dname1 First dname rdf to compare + * \param[in] dname2 Second dname rdf to compare + * \return -1 if dname1 comes before dname2, 1 if dname1 comes after dname2, and 0 if they are equal. + */ +int ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2); +int ldns_dname_compare_v(const void *, const void *); + +/** + * Checks whether the dname matches the given wildcard + * \param[in] dname The dname to check + * \param[in] wildcard The wildcard to check with + * \return 1 If the wildcard matches, OR if 'wildcard' is not a wildcard and + * the names are *exactly* the same + * 0 If the wildcard does not match, or if it is not a wildcard and + * the names are not the same + */ +int ldns_dname_match_wildcard(const ldns_rdf *dname, const ldns_rdf *wildcard); + +/** + * check if middle lays in the interval defined by prev and next + * prev <= middle < next. This is usefull for nsec checking + * \param[in] prev the previous dname + * \param[in] middle the dname to check + * \param[in] next the next dname + * return 0 on error or unknown, -1 when middle is in the interval, +1 when not + */ +int ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle, const ldns_rdf *next); + +/** + * Checks whether the given dname string is absolute (i.e. ends with a '.') + * \param[in] *dname_str a string representing the dname + * \return true or false + */ +bool ldns_dname_str_absolute(const char *dname_str); + +/** + * Checks whether the given dname is absolute (i.e. ends with a '.') + * \param[in] *dname a rdf representing the dname + * \return true or false + */ +bool ldns_dname_absolute(const ldns_rdf *dname); + +/** + * look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME + * try and retrieve a specific label. The labels are numbered + * starting from 0 (left most). + * \param[in] rdf the rdf to look in + * \param[in] labelpos return the label with this number + * \return a ldns_rdf* with the label as name or NULL on error + */ +ldns_rdf * ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos); + +/** + * Check if dname is a wildcard, starts with *. + * \param[in] dname: the rdf to look in + * \return true if a wildcard, false if not. + */ +int ldns_dname_is_wildcard(const ldns_rdf* dname); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_DNAME_H */ diff --git a/ldns/include/ldns/dnssec.h b/ldns/include/ldns/dnssec.h new file mode 100644 index 0000000..f4cdafb --- /dev/null +++ b/ldns/include/ldns/dnssec.h @@ -0,0 +1,541 @@ +/* + * dnssec.h -- defines for the Domain Name System (SEC) (DNSSEC) + * + * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + * + * A bunch of defines that are used in the DNS + */ + +/** + * \file dnssec.h + * + * This module contains base functions for DNSSEC operations + * (RFC4033 t/m RFC4035). + * + * Since those functions heavily rely op cryptographic operations, + * this module is dependent on openssl. + * + */ + + +#ifndef LDNS_DNSSEC_H +#define LDNS_DNSSEC_H + +#include +#if LDNS_BUILD_CONFIG_HAVE_SSL +#include +#include +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ +#include +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define LDNS_MAX_KEYLEN 2048 +#define LDNS_DNSSEC_KEYPROTO 3 +/* default time before sigs expire */ +#define LDNS_DEFAULT_EXP_TIME 2419200 /* 4 weeks */ + +/** return values for the old-signature callback */ +#define LDNS_SIGNATURE_LEAVE_ADD_NEW 0 +#define LDNS_SIGNATURE_LEAVE_NO_ADD 1 +#define LDNS_SIGNATURE_REMOVE_ADD_NEW 2 +#define LDNS_SIGNATURE_REMOVE_NO_ADD 3 + +/** + * Returns the first RRSIG rr that corresponds to the rrset + * with the given name and type + * + * \param[in] name The dname of the RRset covered by the RRSIG to find + * \param[in] type The type of the RRset covered by the RRSIG to find + * \param[in] rrs List of rrs to search in + * \returns Pointer to the first RRsig ldns_rr found, or NULL if it is + * not present + */ +ldns_rr *ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name, + const ldns_rr_type type, + const ldns_rr_list *rrs); + +/** + * Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if + * any + * + * \param[in] rrsig The rrsig to find the DNSKEY for + * \param[in] rrs The rr list to find the key in + * \return The DNSKEY that corresponds to the given RRSIG, or NULL if it was + * not found. + */ +ldns_rr *ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, const ldns_rr_list *rrs); + +/** + * Returns the rdata field that contains the bitmap of the covered types of + * the given NSEC record + * + * \param[in] nsec The nsec to get the covered type bitmap of + * \return An ldns_rdf containing the bitmap, or NULL on error + */ +ldns_rdf *ldns_nsec_get_bitmap(ldns_rr *nsec); + + +#define LDNS_NSEC3_MAX_ITERATIONS 65535 + +/** + * Returns the dname of the closest (provable) encloser + */ +ldns_rdf * +ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname, + ldns_rr_type qtype, + ldns_rr_list *nsec3s); + +/** + * Checks whether the packet contains rrsigs + */ +bool +ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt); + +/** + * Returns a ldns_rr_list containing the signatures covering the given name + * and type + */ +ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type); + +/** + * Returns a ldns_rr_list containing the signatures covering the given type + */ +ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type); + +/** + * calculates a keytag of a key for use in DNSSEC. + * + * \param[in] key the key as an RR to use for the calc. + * \return the keytag + */ +uint16_t ldns_calc_keytag(const ldns_rr *key); + +/** + * Calculates keytag of DNSSEC key, operates on wireformat rdata. + * \param[in] key the key as uncompressed wireformat rdata. + * \param[in] keysize length of key data. + * \return the keytag + */ +uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize); + +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * converts a buffer holding key material to a DSA key in openssl. + * + * \param[in] key the key to convert + * \return a DSA * structure with the key material + */ +DSA *ldns_key_buf2dsa(ldns_buffer *key); +/** + * Like ldns_key_buf2dsa, but uses raw buffer. + * \param[in] key the uncompressed wireformat of the key. + * \param[in] len length of key data + * \return a DSA * structure with the key material + */ +DSA *ldns_key_buf2dsa_raw(unsigned char* key, size_t len); + +/** + * Utility function to calculate hash using generic EVP_MD pointer. + * \param[in] data the data to hash. + * \param[in] len length of data. + * \param[out] dest the destination of the hash, must be large enough. + * \param[in] md the message digest to use. + * \return true if worked, false on failure. + */ +int ldns_digest_evp(unsigned char* data, unsigned int len, + unsigned char* dest, const EVP_MD* md); + +/** + * Converts a holding buffer with key material to EVP PKEY in openssl. + * Only available if ldns was compiled with GOST. + * \param[in] key data to convert + * \param[in] keylen length of the key data + * \return the key or NULL on error. + */ +EVP_PKEY* ldns_gost2pkey_raw(unsigned char* key, size_t keylen); + +/** + * Converts a holding buffer with key material to EVP PKEY in openssl. + * Only available if ldns was compiled with ECDSA. + * \param[in] key data to convert + * \param[in] keylen length of the key data + * \param[in] algo precise algorithm to initialize ECC group values. + * \return the key or NULL on error. + */ +EVP_PKEY* ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo); + +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * converts a buffer holding key material to a RSA key in openssl. + * + * \param[in] key the key to convert + * \return a RSA * structure with the key material + */ +RSA *ldns_key_buf2rsa(ldns_buffer *key); + +/** + * Like ldns_key_buf2rsa, but uses raw buffer. + * \param[in] key the uncompressed wireformat of the key. + * \param[in] len length of key data + * \return a RSA * structure with the key material + */ +RSA *ldns_key_buf2rsa_raw(unsigned char* key, size_t len); +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + +/** + * returns a new DS rr that represents the given key rr. + * + * \param[in] *key the key to convert + * \param[in] h the hash to use LDNS_SHA1/LDNS_SHA256 + * + * \return ldns_rr* a new rr pointer to a DS + */ +ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h); + +/** + * Create the type bitmap for an NSEC(3) record + */ +ldns_rdf * +ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[], + size_t size, + ldns_rr_type nsec_type); + +/** + * returns whether a rrset of the given type is found in the rrsets. + * + * \param[in] rrsets the rrsets to be tested + * \param[in] type the type to test for + * \return int 1 if the type was found, 0 otherwise. + */ +int +ldns_dnssec_rrsets_contains_type (ldns_dnssec_rrsets *rrsets, ldns_rr_type type); + +/** + * Creates NSEC + */ +ldns_rr * +ldns_dnssec_create_nsec(ldns_dnssec_name *from, + ldns_dnssec_name *to, + ldns_rr_type nsec_type); + + +/** + * Creates NSEC3 + */ +ldns_rr * +ldns_dnssec_create_nsec3(ldns_dnssec_name *from, + ldns_dnssec_name *to, + ldns_rdf *zone_name, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt); + +/** + * Create a NSEC record + * \param[in] cur_owner the current owner which should be taken as the starting point + * \param[in] next_owner the rrlist which the nsec rr should point to + * \param[in] rrs all rrs from the zone, to find all RR types of cur_owner in + * \return a ldns_rr with the nsec record in it + */ +ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs); + +/** + * Calculates the hashed name using the given parameters + * \param[in] *name The owner name to calculate the hash for + * \param[in] algorithm The hash algorithm to use + * \param[in] iterations The number of hash iterations to use + * \param[in] salt_length The length of the salt in bytes + * \param[in] salt The salt to use + * \return The hashed owner name rdf, without the domain name + */ +ldns_rdf *ldns_nsec3_hash_name(ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt); + +/** + * Sets all the NSEC3 options. The rr to set them in must be initialized with _new() and + * type LDNS_RR_TYPE_NSEC3 + * \param[in] *rr The RR to set the values in + * \param[in] algorithm The NSEC3 hash algorithm + * \param[in] flags The flags field + * \param[in] iterations The number of hash iterations + * \param[in] salt_length The length of the salt in bytes + * \param[in] salt The salt bytes + */ +void ldns_nsec3_add_param_rdfs(ldns_rr *rr, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt); + +/* this will NOT return the NSEC3 completed, you will have to run the + finalize function on the rrlist later! */ +ldns_rr * +ldns_create_nsec3(ldns_rdf *cur_owner, + ldns_rdf *cur_zone, + ldns_rr_list *rrs, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt, + bool emptynonterminal); + +/** + * Returns the hash algorithm used in the given NSEC3 RR + * \param[in] *nsec3_rr The RR to read from + * \return The algorithm identifier, or 0 on error + */ +uint8_t ldns_nsec3_algorithm(const ldns_rr *nsec3_rr); + +/** + * Returns flags field + */ +uint8_t +ldns_nsec3_flags(const ldns_rr *nsec3_rr); + +/** + * Returns true if the opt-out flag has been set in the given NSEC3 RR + * \param[in] *nsec3_rr The RR to read from + * \return true if the RR has type NSEC3 and the opt-out bit has been set, false otherwise + */ +bool ldns_nsec3_optout(const ldns_rr *nsec3_rr); + +/** + * Returns the number of hash iterations used in the given NSEC3 RR + * \param[in] *nsec3_rr The RR to read from + * \return The number of iterations + */ +uint16_t ldns_nsec3_iterations(const ldns_rr *nsec3_rr); + +/** + * Returns the salt used in the given NSEC3 RR + * \param[in] *nsec3_rr The RR to read from + * \return The salt rdf, or NULL on error + */ +ldns_rdf *ldns_nsec3_salt(const ldns_rr *nsec3_rr); + +/** + * Returns the length of the salt used in the given NSEC3 RR + * \param[in] *nsec3_rr The RR to read from + * \return The length of the salt in bytes + */ +uint8_t ldns_nsec3_salt_length(const ldns_rr *nsec3_rr); + +/** + * Returns the salt bytes used in the given NSEC3 RR + * \param[in] *nsec3_rr The RR to read from + * \return The salt in bytes, this is alloced, so you need to free it + */ +uint8_t *ldns_nsec3_salt_data(const ldns_rr *nsec3_rr); + +/** + * Returns the first label of the next ownername in the NSEC3 chain (ie. without the domain) + * \param[in] nsec3_rr The RR to read from + * \return The first label of the next owner name in the NSEC3 chain, or NULL on error + */ +ldns_rdf *ldns_nsec3_next_owner(const ldns_rr *nsec3_rr); + +/** + * Returns the bitmap specifying the covered types of the given NSEC3 RR + * \param[in] *nsec3_rr The RR to read from + * \return The covered type bitmap rdf + */ +ldns_rdf *ldns_nsec3_bitmap(const ldns_rr *nsec3_rr); + +/** + * Calculates the hashed name using the parameters of the given NSEC3 RR + * \param[in] *nsec The RR to use the parameters from + * \param[in] *name The owner name to calculate the hash for + * \return The hashed owner name rdf, without the domain name + */ +ldns_rdf *ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name); + +/** + * Check if RR type t is enumerated and set in the RR type bitmap rdf. + * \param[in] bitmap the RR type bitmap rdf to look in + * \param[in] type the type to check for + * \return true when t is found and set, otherwise return false + */ +bool ldns_nsec_bitmap_covers_type(const ldns_rdf* bitmap, ldns_rr_type type); + +/** + * Checks if RR type t is enumerated in the type bitmap rdf and sets the bit. + * \param[in] bitmap the RR type bitmap rdf to look in + * \param[in] type the type to for which the bit to set + * \return LDNS_STATUS_OK on success. LDNS_STATUS_TYPE_NOT_IN_BITMAP is + * returned when the bitmap does not contain the bit to set. + */ +ldns_status ldns_nsec_bitmap_set_type(ldns_rdf* bitmap, ldns_rr_type type); + +/** + * Checks if RR type t is enumerated in the type bitmap rdf and clears the bit. + * \param[in] bitmap the RR type bitmap rdf to look in + * \param[in] type the type to for which the bit to clear + * \return LDNS_STATUS_OK on success. LDNS_STATUS_TYPE_NOT_IN_BITMAP is + * returned when the bitmap does not contain the bit to clear. + */ +ldns_status ldns_nsec_bitmap_clear_type(ldns_rdf* bitmap, ldns_rr_type type); + +/** + * Checks coverage of NSEC(3) RR name span + * Remember that nsec and name must both be in canonical form (ie use + * \ref ldns_rr2canonical and \ref ldns_dname2canonical prior to calling this + * function) + * + * \param[in] nsec The NSEC RR to check + * \param[in] name The owner dname to check, if the nsec record is a NSEC3 record, this should be the hashed name + * \return true if the NSEC RR covers the owner name + */ +bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name); + +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * verify a packet + * \param[in] p the packet + * \param[in] t the rr set type to check + * \param[in] o the rr set name to check + * \param[in] k list of keys + * \param[in] s list of sigs (may be null) + * \param[out] good_keys keys which validated the packet + * \return status + * + */ +ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys); + +/** + * verify a packet + * \param[in] p the packet + * \param[in] t the rr set type to check + * \param[in] o the rr set name to check + * \param[in] k list of keys + * \param[in] s list of sigs (may be null) + * \param[in] check_time the time for which the validation is performed + * \param[out] good_keys keys which validated the packet + * \return status + * + */ +ldns_status ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, time_t check_time, ldns_rr_list *good_keys); + +#endif + +/** + * chains nsec3 list + */ +ldns_status +ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs); + +/** + * compare for nsec3 sort + */ +int +qsort_rr_compare_nsec3(const void *a, const void *b); + +/** + * sort nsec3 list + */ +void +ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted); + +/** + * Default callback function to always leave present signatures, and + * add new ones + * \param[in] sig The signature to check for removal (unused) + * \param[in] n Optional argument (unused) + * \return LDNS_SIGNATURE_LEAVE_ADD_NEW + */ +int ldns_dnssec_default_add_to_signatures(ldns_rr *sig, void *n); +/** + * Default callback function to always leave present signatures, and + * add no new ones for the keys of these signatures + * \param[in] sig The signature to check for removal (unused) + * \param[in] n Optional argument (unused) + * \return LDNS_SIGNATURE_LEAVE_NO_ADD + */ +int ldns_dnssec_default_leave_signatures(ldns_rr *sig, void *n); +/** + * Default callback function to always remove present signatures, but + * add no new ones + * \param[in] sig The signature to check for removal (unused) + * \param[in] n Optional argument (unused) + * \return LDNS_SIGNATURE_REMOVE_NO_ADD + */ +int ldns_dnssec_default_delete_signatures(ldns_rr *sig, void *n); +/** + * Default callback function to always leave present signatures, and + * add new ones + * \param[in] sig The signature to check for removal (unused) + * \param[in] n Optional argument (unused) + * \return LDNS_SIGNATURE_REMOVE_ADD_NEW + */ +int ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n); + +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * Converts the DSA signature from ASN1 representation (RFC2459, as + * used by OpenSSL) to raw signature data as used in DNS (rfc2536) + * + * \param[in] sig The signature in RFC2459 format + * \param[in] sig_len The length of the signature + * \return a new rdf with the signature + */ +ldns_rdf * +ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig, + const long sig_len); + +/** + * Converts the RRSIG signature RDF (in rfc2536 format) to a buffer + * with the signature in rfc2459 format + * + * \param[out] target_buffer buffer to place the signature data + * \param[in] sig_rdf The signature rdf to convert + * \return LDNS_STATUS_OK on success, error code otherwise + */ +ldns_status +ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, + const ldns_rdf *sig_rdf); + +/** + * Converts the ECDSA signature from ASN1 representation (as + * used by OpenSSL) to raw signature data as used in DNS + * This routine is only present if ldns is compiled with ecdsa support. + * + * \param[in] sig The signature in ASN1 format + * \param[in] sig_len The length of the signature + * \return a new rdf with the signature + */ +ldns_rdf * +ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len); + +/** + * Converts the RRSIG signature RDF (from DNS) to a buffer with the + * signature in ASN1 format as openssl uses it. + * This routine is only present if ldns is compiled with ecdsa support. + * + * \param[out] target_buffer buffer to place the signature data in ASN1. + * \param[in] sig_rdf The signature rdf to convert + * \return LDNS_STATUS_OK on success, error code otherwise + */ +ldns_status +ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, + const ldns_rdf *sig_rdf); + +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_DNSSEC_H */ diff --git a/ldns/include/ldns/dnssec_sign.h b/ldns/include/ldns/dnssec_sign.h new file mode 100644 index 0000000..f51c7fb --- /dev/null +++ b/ldns/include/ldns/dnssec_sign.h @@ -0,0 +1,383 @@ +/** dnssec_verify */ + +#ifndef LDNS_DNSSEC_SIGN_H +#define LDNS_DNSSEC_SIGN_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* sign functions */ + +/** Sign flag that makes DNSKEY type signed by all keys, not only by SEP keys*/ +#define LDNS_SIGN_DNSKEY_WITH_ZSK 1 + +/** + * Create an empty RRSIG RR (i.e. without the actual signature data) + * \param[in] rrset The RRset to create the signature for + * \param[in] key The key that will create the signature + * \return signature rr + */ +ldns_rr * +ldns_create_empty_rrsig(ldns_rr_list *rrset, + ldns_key *key); + +/** + * Sign the buffer which contains the wiredata of an rrset, and the + * corresponding empty rrsig rr with the given key + * \param[in] sign_buf the buffer with data to sign + * \param[in] key the key to sign with + * \return an rdata field with the signature data + */ +ldns_rdf * +ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *key); + +/** + * Sign an rrset + * \param[in] rrset the rrset + * \param[in] keys the keys to use + * \return a rr_list with the signatures + */ +ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys); + +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * Sign a buffer with the DSA key (hash with SHA1) + * \param[in] to_sign buffer with the data + * \param[in] key the key to use + * \return a ldns_rdf with the signed data + */ +ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key); + +/** + * Sign data with EVP (general method for different algorithms) + * + * \param[in] to_sign The ldns_buffer containing raw data that is + * to be signed + * \param[in] key The EVP_PKEY key structure to sign with + * \param[in] digest_type The digest algorithm to use in the creation of + * the signature + * \return ldns_rdf for the RRSIG ldns_rr + */ +ldns_rdf *ldns_sign_public_evp(ldns_buffer *to_sign, + EVP_PKEY *key, + const EVP_MD *digest_type); + +/** + * Sign a buffer with the RSA key (hash with SHA1) + * \param[in] to_sign buffer with the data + * \param[in] key the key to use + * \return a ldns_rdf with the signed data + */ +ldns_rdf *ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key); + +/** + * Sign a buffer with the RSA key (hash with MD5) + * \param[in] to_sign buffer with the data + * \param[in] key the key to use + * \return a ldns_rdf with the signed data + */ +ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key); +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + +/** + * Marks the names in the zone that are occluded. Those names will be skipped + * when walking the tree with the ldns_dnssec_name_node_next_nonglue() + * function. But watch out! Names that are partially occluded (like glue with + * the same name as the delegation) will not be marked and should specifically + * be taken into account separately. + * + * When glue_list is given (not NULL), in the process of marking the names, all + * glue resource records will be pushed to that list, even glue at the delegation name. + * + * \param[in] zone the zone in which to mark the names + * \param[in] glue_list the list to which to push the glue rrs + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status +ldns_dnssec_zone_mark_and_get_glue( + ldns_dnssec_zone *zone, ldns_rr_list *glue_list); + +/** + * Marks the names in the zone that are occluded. Those names will be skipped + * when walking the tree with the ldns_dnssec_name_node_next_nonglue() + * function. But watch out! Names that are partially occluded (like glue with + * the same name as the delegation) will not be marked and should specifically + * be taken into account separately. + * + * \param[in] zone the zone in which to mark the names + * \return LDNS_STATUS_OK on succesful completion + */ +ldns_status +ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone); + +/** + * Finds the first dnssec_name node in the rbtree that is not occluded. + * It *does* return names that are partially occluded. + * + * \param[in] node the first node to check + * \return the first node that has not been marked as glue, or NULL + * if not found (TODO: make that LDNS_RBTREE_NULL?) + */ +ldns_rbnode_t *ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node); + +/** + * Adds NSEC records to the given dnssec_zone + * + * \param[in] zone the zone to add the records to + * \param[in] new_rrs ldns_rr's created by this function are + * added to this rr list, so the caller can free them later + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs); + +/** + * Adds NSEC3 records to the zone + */ +ldns_status +ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt); + +/** + * remove signatures if callback function tells to + * + * \param[in] signatures list of signatures to check, and + * possibly remove, depending on the value of the + * callback + * \param[in] key_list these are marked to be used or not, + * on the return value of the callback + * \param[in] func this function is called to specify what to + * do with each signature (and corresponding key) + * \param[in] arg Optional argument for the callback function + * \returns pointer to the new signatures rrs (the original + * passed to this function may have been removed) + */ +ldns_dnssec_rrs *ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg); + +/** + * Adds signatures to the zone + * + * \param[in] zone the zone to add RRSIG Resource Records to + * \param[in] new_rrs the RRSIG RRs that are created are also + * added to this list, so the caller can free them + * later + * \param[in] key_list list of keys to sign with. + * \param[in] func Callback function to decide what keys to + * use and what to do with old signatures + * \param[in] arg Optional argument for the callback function + * \param[in] flags option flags for signing process. 0 makes DNSKEY + * RRset signed with the minimal key set, that is only SEP keys are used + * for signing. If there are no SEP keys available, non-SEP keys will + * be used. LDNS_SIGN_DNSKEY_WITH_ZSK makes DNSKEY type signed with all + * keys. 0 is the default. + * \return LDNS_STATUS_OK on success, error otherwise + */ +ldns_status ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void*), + void *arg, + int flags); + +/** + * Adds signatures to the zone + * + * \param[in] zone the zone to add RRSIG Resource Records to + * \param[in] new_rrs the RRSIG RRs that are created are also + * added to this list, so the caller can free them + * later + * \param[in] key_list list of keys to sign with. + * \param[in] func Callback function to decide what keys to + * use and what to do with old signatures + * \param[in] arg Optional argument for the callback function + * \return LDNS_STATUS_OK on success, error otherwise + */ +ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void*), + void *arg); + +/** + * signs the given zone with the given keys + * + * \param[in] zone the zone to sign + * \param[in] key_list the list of keys to sign the zone with + * \param[in] new_rrs newly created resource records are added to this list, to free them later + * \param[in] func callback function that decides what to do with old signatures + * This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values: + * LDNS_SIGNATURE_LEAVE_ADD_NEW: + * leave the signature and add a new one for the corresponding key + * LDNS_SIGNATURE_REMOVE_ADD_NEW: + * remove the signature and replace is with a new one from the same key + * LDNS_SIGNATURE_LEAVE_NO_ADD: + * leave the signature and do not add a new one with the corresponding key + * LDNS_SIGNATURE_REMOVE_NO_ADD: + * remove the signature and do not replace + * + * \param[in] arg optional argument for the callback function + * \param[in] flags option flags for signing process. 0 makes DNSKEY + * RRset signed with the minimal key set, that is only SEP keys are used + * for signing. If there are no SEP keys available, non-SEP keys will + * be used. LDNS_SIGN_DNSKEY_WITH_ZSK makes DNSKEY type signed with all + * keys. 0 is the default. + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + int flags); + +/** + * signs the given zone with the given new zone, with NSEC3 + * + * \param[in] zone the zone to sign + * \param[in] key_list the list of keys to sign the zone with + * \param[in] new_rrs newly created resource records are added to this list, to free them later + * \param[in] func callback function that decides what to do with old signatures + * \param[in] arg optional argument for the callback function + * \param[in] algorithm the NSEC3 hashing algorithm to use + * \param[in] flags NSEC3 flags + * \param[in] iterations the number of NSEC3 hash iterations to use + * \param[in] salt_length the length (in octets) of the NSEC3 salt + * \param[in] salt the NSEC3 salt data + * \param[in] signflags option flags for signing process. 0 is the default. + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt, + int signflags); + +/** + * signs the given zone with the given new zone, with NSEC3 + * + * \param[in] zone the zone to sign + * \param[in] key_list the list of keys to sign the zone with + * \param[in] new_rrs newly created resource records are added to this list, to free them later + * \param[in] func callback function that decides what to do with old signatures + * \param[in] arg optional argument for the callback function + * \param[in] algorithm the NSEC3 hashing algorithm to use + * \param[in] flags NSEC3 flags + * \param[in] iterations the number of NSEC3 hash iterations to use + * \param[in] salt_length the length (in octets) of the NSEC3 salt + * \param[in] salt the NSEC3 salt data + * \param[in] signflags option flags for signing process. 0 is the default. + * \param[out] map a referenced rbtree pointer variable. The newly created + * rbtree will contain mappings from hashed owner names to the + * unhashed name. + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt, + int signflags, + ldns_rbtree_t **map + ); + + +/** + * signs the given zone with the given keys + * + * \param[in] zone the zone to sign + * \param[in] key_list the list of keys to sign the zone with + * \param[in] new_rrs newly created resource records are added to this list, to free them later + * \param[in] func callback function that decides what to do with old signatures + * This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values: + * LDNS_SIGNATURE_LEAVE_ADD_NEW: + * leave the signature and add a new one for the corresponding key + * LDNS_SIGNATURE_REMOVE_ADD_NEW: + * remove the signature and replace is with a new one from the same key + * LDNS_SIGNATURE_LEAVE_NO_ADD: + * leave the signature and do not add a new one with the corresponding key + * LDNS_SIGNATURE_REMOVE_NO_ADD: + * remove the signature and do not replace + * + * \param[in] arg optional argument for the callback function + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg); + +/** + * signs the given zone with the given new zone, with NSEC3 + * + * \param[in] zone the zone to sign + * \param[in] key_list the list of keys to sign the zone with + * \param[in] new_rrs newly created resource records are added to this list, to free them later + * \param[in] func callback function that decides what to do with old signatures + * \param[in] arg optional argument for the callback function + * \param[in] algorithm the NSEC3 hashing algorithm to use + * \param[in] flags NSEC3 flags + * \param[in] iterations the number of NSEC3 hash iterations to use + * \param[in] salt_length the length (in octets) of the NSEC3 salt + * \param[in] salt the NSEC3 salt data + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt); + +/** + * Signs the zone, and returns a newly allocated signed zone + * \param[in] zone the zone to sign + * \param[in] key_list list of keys to sign with + * \return signed zone + */ +ldns_zone *ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list); + +/** + * Signs the zone with NSEC3, and returns a newly allocated signed zone + * \param[in] zone the zone to sign + * \param[in] key_list list of keys to sign with + * \param[in] algorithm the NSEC3 hashing algorithm to use + * \param[in] flags NSEC3 flags + * \param[in] iterations the number of NSEC3 hash iterations to use + * \param[in] salt_length the length (in octets) of the NSEC3 salt + * \param[in] salt the NSEC3 salt data + * \return signed zone + */ +ldns_zone *ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/ldns/include/ldns/dnssec_verify.h b/ldns/include/ldns/dnssec_verify.h new file mode 100644 index 0000000..e8b1a91 --- /dev/null +++ b/ldns/include/ldns/dnssec_verify.h @@ -0,0 +1,857 @@ +/** dnssec_verify */ + +#ifndef LDNS_DNSSEC_VERIFY_H +#define LDNS_DNSSEC_VERIFY_H + +#define LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS 10 + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Chain structure that contains all DNSSEC data needed to + * verify an rrset + */ +typedef struct ldns_dnssec_data_chain_struct ldns_dnssec_data_chain; +struct ldns_dnssec_data_chain_struct +{ + ldns_rr_list *rrset; + ldns_rr_list *signatures; + ldns_rr_type parent_type; + ldns_dnssec_data_chain *parent; + ldns_pkt_rcode packet_rcode; + ldns_rr_type packet_qtype; + bool packet_nodata; +}; + +/** + * Creates a new dnssec_chain structure + * \return ldns_dnssec_data_chain * + */ +ldns_dnssec_data_chain *ldns_dnssec_data_chain_new(void); + +/** + * Frees a dnssec_data_chain structure + * + * \param[in] *chain The chain to free + */ +void ldns_dnssec_data_chain_free(ldns_dnssec_data_chain *chain); + +/** + * Frees a dnssec_data_chain structure, and all data + * contained therein + * + * \param[in] *chain The dnssec_data_chain to free + */ +void ldns_dnssec_data_chain_deep_free(ldns_dnssec_data_chain *chain); + +/** + * Prints the dnssec_data_chain to the given file stream + * + * \param[in] *out The file stream to print to + * \param[in] *chain The dnssec_data_chain to print + */ +void ldns_dnssec_data_chain_print(FILE *out, const ldns_dnssec_data_chain *chain); + +/** + * Prints the dnssec_data_chain to the given file stream + * + * \param[in] *out The file stream to print to + * \param[in] *fmt The format of the textual representation + * \param[in] *chain The dnssec_data_chain to print + */ +void ldns_dnssec_data_chain_print_fmt(FILE *out, + const ldns_output_format *fmt, + const ldns_dnssec_data_chain *chain); + +/** + * Build an ldns_dnssec_data_chain, which contains all + * DNSSEC data that is needed to derive the trust tree later + * + * The data_set will be cloned + * + * \param[in] *res resolver structure for further needed queries + * \param[in] qflags resolution flags + * \param[in] *data_set The original rrset where the chain ends + * \param[in] *pkt optional, can contain the original packet + * (and hence the sigs and maybe the key) + * \param[in] *orig_rr The original Resource Record + * + * \return the DNSSEC data chain + */ +ldns_dnssec_data_chain *ldns_dnssec_build_data_chain(ldns_resolver *res, + const uint16_t qflags, + const ldns_rr_list *data_set, + const ldns_pkt *pkt, + ldns_rr *orig_rr); + +/** + * Tree structure that contains the relation of DNSSEC data, + * and their cryptographic status. + * + * This tree is derived from a data_chain, and can be used + * to look whether there is a connection between an RRSET + * and a trusted key. The tree only contains pointers to the + * data_chain, and therefore one should *never* free() the + * data_chain when there is still a trust tree derived from + * that chain. + * + * Example tree: + * key key key + * \ | / + * \ | / + * \ | / + * ds + * | + * key + * | + * key + * | + * rr + * + * For each signature there is a parent; if the parent + * pointer is null, it couldn't be found and there was no + * denial; otherwise is a tree which contains either a + * DNSKEY, a DS, or a NSEC rr + */ +typedef struct ldns_dnssec_trust_tree_struct ldns_dnssec_trust_tree; +struct ldns_dnssec_trust_tree_struct +{ + ldns_rr *rr; + /* the complete rrset this rr was in */ + ldns_rr_list *rrset; + ldns_dnssec_trust_tree *parents[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS]; + ldns_status parent_status[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS]; + /** for debugging, add signatures too (you might want + those if they contain errors) */ + ldns_rr *parent_signature[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS]; + size_t parent_count; +}; + +/** + * Creates a new (empty) dnssec_trust_tree structure + * + * \return ldns_dnssec_trust_tree * + */ +ldns_dnssec_trust_tree *ldns_dnssec_trust_tree_new(void); + +/** + * Frees the dnssec_trust_tree recursively + * + * There is no deep free; all data in the trust tree + * consists of pointers to a data_chain + * + * \param[in] tree The tree to free + */ +void ldns_dnssec_trust_tree_free(ldns_dnssec_trust_tree *tree); + +/** + * returns the depth of the trust tree + * + * \param[in] tree tree to calculate the depth of + * \return The depth of the tree + */ +size_t ldns_dnssec_trust_tree_depth(ldns_dnssec_trust_tree *tree); + +/** + * Prints the dnssec_trust_tree structure to the given file + * stream. + * + * If a link status is not LDNS_STATUS_OK; the status and + * relevant signatures are printed too + * + * \param[in] *out The file stream to print to + * \param[in] tree The trust tree to print + * \param[in] tabs Prepend each line with tabs*2 spaces + * \param[in] extended If true, add little explanation lines to the output + */ +void ldns_dnssec_trust_tree_print(FILE *out, + ldns_dnssec_trust_tree *tree, + size_t tabs, + bool extended); + +/** + * Prints the dnssec_trust_tree structure to the given file + * stream. + * + * If a link status is not LDNS_STATUS_OK; the status and + * relevant signatures are printed too + * + * \param[in] *out The file stream to print to + * \param[in] *fmt The format of the textual representation + * \param[in] tree The trust tree to print + * \param[in] tabs Prepend each line with tabs*2 spaces + * \param[in] extended If true, add little explanation lines to the output + */ +void ldns_dnssec_trust_tree_print_fmt(FILE *out, + const ldns_output_format *fmt, + ldns_dnssec_trust_tree *tree, + size_t tabs, + bool extended); + +/** + * Adds a trust tree as a parent for the given trust tree + * + * \param[in] *tree The tree to add the parent to + * \param[in] *parent The parent tree to add + * \param[in] *parent_signature The RRSIG relevant to this parent/child + * connection + * \param[in] parent_status The DNSSEC status for this parent, child and RRSIG + * \return LDNS_STATUS_OK if the addition succeeds, error otherwise + */ +ldns_status ldns_dnssec_trust_tree_add_parent(ldns_dnssec_trust_tree *tree, + const ldns_dnssec_trust_tree *parent, + const ldns_rr *parent_signature, + const ldns_status parent_status); + +/** + * Generates a dnssec_trust_tree for the given rr from the + * given data_chain + * + * This does not clone the actual data; Don't free the + * data_chain before you are done with this tree + * + * \param[in] *data_chain The chain to derive the trust tree from + * \param[in] *rr The RR this tree will be about + * \return ldns_dnssec_trust_tree * + */ +ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree( + ldns_dnssec_data_chain *data_chain, + ldns_rr *rr); + +/** + * Generates a dnssec_trust_tree for the given rr from the + * given data_chain + * + * This does not clone the actual data; Don't free the + * data_chain before you are done with this tree + * + * \param[in] *data_chain The chain to derive the trust tree from + * \param[in] *rr The RR this tree will be about + * \param[in] check_time the time for which the validation is performed + * \return ldns_dnssec_trust_tree * + */ +ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree_time( + ldns_dnssec_data_chain *data_chain, + ldns_rr *rr, time_t check_time); + +/** + * Sub function for derive_trust_tree that is used for a 'normal' rrset + * + * \param[in] new_tree The trust tree that we are building + * \param[in] data_chain The data chain containing the data for the trust tree + * \param[in] cur_sig_rr The currently relevant signature + */ +void ldns_dnssec_derive_trust_tree_normal_rrset( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_sig_rr); + +/** + * Sub function for derive_trust_tree that is used for a 'normal' rrset + * + * \param[in] new_tree The trust tree that we are building + * \param[in] data_chain The data chain containing the data for the trust tree + * \param[in] cur_sig_rr The currently relevant signature + * \param[in] check_time the time for which the validation is performed + */ +void ldns_dnssec_derive_trust_tree_normal_rrset_time( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_sig_rr, time_t check_time); + + +/** + * Sub function for derive_trust_tree that is used for DNSKEY rrsets + * + * \param[in] new_tree The trust tree that we are building + * \param[in] data_chain The data chain containing the data for the trust tree + * \param[in] cur_rr The currently relevant DNSKEY RR + * \param[in] cur_sig_rr The currently relevant signature + */ +void ldns_dnssec_derive_trust_tree_dnskey_rrset( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr, + ldns_rr *cur_sig_rr); + +/** + * Sub function for derive_trust_tree that is used for DNSKEY rrsets + * + * \param[in] new_tree The trust tree that we are building + * \param[in] data_chain The data chain containing the data for the trust tree + * \param[in] cur_rr The currently relevant DNSKEY RR + * \param[in] cur_sig_rr The currently relevant signature + * \param[in] check_time the time for which the validation is performed + */ +void ldns_dnssec_derive_trust_tree_dnskey_rrset_time( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr, ldns_rr *cur_sig_rr, + time_t check_time); + +/** + * Sub function for derive_trust_tree that is used for DS rrsets + * + * \param[in] new_tree The trust tree that we are building + * \param[in] data_chain The data chain containing the data for the trust tree + * \param[in] cur_rr The currently relevant DS RR + */ +void ldns_dnssec_derive_trust_tree_ds_rrset( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr); + +/** + * Sub function for derive_trust_tree that is used for DS rrsets + * + * \param[in] new_tree The trust tree that we are building + * \param[in] data_chain The data chain containing the data for the trust tree + * \param[in] cur_rr The currently relevant DS RR + * \param[in] check_time the time for which the validation is performed + */ +void ldns_dnssec_derive_trust_tree_ds_rrset_time( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr, time_t check_time); + +/** + * Sub function for derive_trust_tree that is used when there are no + * signatures + * + * \param[in] new_tree The trust tree that we are building + * \param[in] data_chain The data chain containing the data for the trust tree + */ +void ldns_dnssec_derive_trust_tree_no_sig( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain); + +/** + * Sub function for derive_trust_tree that is used when there are no + * signatures + * + * \param[in] new_tree The trust tree that we are building + * \param[in] data_chain The data chain containing the data for the trust tree + * \param[in] check_time the time for which the validation is performed + */ +void ldns_dnssec_derive_trust_tree_no_sig_time( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + time_t check_time); + + +/** + * Returns OK if there is a trusted path in the tree to one of + * the DNSKEY or DS RRs in the given list + * + * \param *tree The trust tree so search + * \param *keys A ldns_rr_list of DNSKEY and DS rrs to look for + * + * \return LDNS_STATUS_OK if there is a trusted path to one of + * the keys, or the *first* error encountered + * if there were no paths + */ +ldns_status ldns_dnssec_trust_tree_contains_keys( + ldns_dnssec_trust_tree *tree, + ldns_rr_list *keys); + +/** + * Verifies a list of signatures for one rrset. + * + * \param[in] rrset the rrset to verify + * \param[in] rrsig a list of signatures to check + * \param[in] keys a list of keys to check with + * \param[out] good_keys if this is a (initialized) list, the pointer to keys + * from keys that validate one of the signatures + * are added to it + * \return status LDNS_STATUS_OK if there is at least one correct key + */ +ldns_status ldns_verify(ldns_rr_list *rrset, + ldns_rr_list *rrsig, + const ldns_rr_list *keys, + ldns_rr_list *good_keys); + +/** + * Verifies a list of signatures for one rrset. + * + * \param[in] rrset the rrset to verify + * \param[in] rrsig a list of signatures to check + * \param[in] keys a list of keys to check with + * \param[in] check_time the time for which the validation is performed + * \param[out] good_keys if this is a (initialized) list, the pointer to keys + * from keys that validate one of the signatures + * are added to it + * \return status LDNS_STATUS_OK if there is at least one correct key + */ +ldns_status ldns_verify_time(ldns_rr_list *rrset, + ldns_rr_list *rrsig, + const ldns_rr_list *keys, + time_t check_time, + ldns_rr_list *good_keys); + + +/** + * Verifies a list of signatures for one rrset, but disregard the time. + * Inception and Expiration are not checked. + * + * \param[in] rrset the rrset to verify + * \param[in] rrsig a list of signatures to check + * \param[in] keys a list of keys to check with + * \param[out] good_keys if this is a (initialized) list, the pointer to keys + * from keys that validate one of the signatures + * are added to it + * \return status LDNS_STATUS_OK if there is at least one correct key + */ +ldns_status ldns_verify_notime(ldns_rr_list *rrset, + ldns_rr_list *rrsig, + const ldns_rr_list *keys, + ldns_rr_list *good_keys); + +/** + * Tries to build an authentication chain from the given + * keys down to the queried domain. + * + * If we find a valid trust path, return the valid keys for the domain. + * + * \param[in] res the current resolver + * \param[in] domain the domain we want valid keys for + * \param[in] keys the current set of trusted keys + * \param[out] status pointer to the status variable where the result + * code will be stored + * \return the set of trusted keys for the domain, or NULL if no + * trust path could be built. + */ +ldns_rr_list *ldns_fetch_valid_domain_keys(const ldns_resolver * res, + const ldns_rdf * domain, + const ldns_rr_list * keys, + ldns_status *status); + +/** + * Tries to build an authentication chain from the given + * keys down to the queried domain. + * + * If we find a valid trust path, return the valid keys for the domain. + * + * \param[in] res the current resolver + * \param[in] domain the domain we want valid keys for + * \param[in] keys the current set of trusted keys + * \param[in] check_time the time for which the validation is performed + * \param[out] status pointer to the status variable where the result + * code will be stored + * \return the set of trusted keys for the domain, or NULL if no + * trust path could be built. + */ +ldns_rr_list *ldns_fetch_valid_domain_keys_time(const ldns_resolver * res, + const ldns_rdf * domain, const ldns_rr_list * keys, + time_t check_time, ldns_status *status); + + +/** + * Validates the DNSKEY RRset for the given domain using the provided + * trusted keys. + * + * \param[in] res the current resolver + * \param[in] domain the domain we want valid keys for + * \param[in] keys the current set of trusted keys + * \return the set of trusted keys for the domain, or NULL if the RRSET + * could not be validated + */ +ldns_rr_list *ldns_validate_domain_dnskey (const ldns_resolver *res, + const ldns_rdf *domain, + const ldns_rr_list *keys); + +/** + * Validates the DNSKEY RRset for the given domain using the provided + * trusted keys. + * + * \param[in] res the current resolver + * \param[in] domain the domain we want valid keys for + * \param[in] keys the current set of trusted keys + * \param[in] check_time the time for which the validation is performed + * \return the set of trusted keys for the domain, or NULL if the RRSET + * could not be validated + */ +ldns_rr_list *ldns_validate_domain_dnskey_time( + const ldns_resolver *res, const ldns_rdf *domain, + const ldns_rr_list *keys, time_t check_time); + + +/** + * Validates the DS RRset for the given domain using the provided trusted keys. + * + * \param[in] res the current resolver + * \param[in] domain the domain we want valid keys for + * \param[in] keys the current set of trusted keys + * \return the set of trusted keys for the domain, or NULL if the RRSET could not be validated + */ +ldns_rr_list *ldns_validate_domain_ds(const ldns_resolver *res, + const ldns_rdf * + domain, + const ldns_rr_list * keys); + +/** + * Validates the DS RRset for the given domain using the provided trusted keys. + * + * \param[in] res the current resolver + * \param[in] domain the domain we want valid keys for + * \param[in] keys the current set of trusted keys + * \param[in] check_time the time for which the validation is performed + * \return the set of trusted keys for the domain, or NULL if the RRSET could not be validated + */ +ldns_rr_list *ldns_validate_domain_ds_time( + const ldns_resolver *res, const ldns_rdf *domain, + const ldns_rr_list * keys, time_t check_time); + + +/** + * Verifies a list of signatures for one RRset using a valid trust path. + * + * \param[in] res the current resolver + * \param[in] rrset the rrset to verify + * \param[in] rrsigs a list of signatures to check + * \param[out] validating_keys if this is a (initialized) list, the + * keys from keys that validate one of + * the signatures are added to it + * \return status LDNS_STATUS_OK if there is at least one correct key + */ +ldns_status ldns_verify_trusted(ldns_resolver *res, + ldns_rr_list *rrset, + ldns_rr_list *rrsigs, + ldns_rr_list *validating_keys); + +/** + * Verifies a list of signatures for one RRset using a valid trust path. + * + * \param[in] res the current resolver + * \param[in] rrset the rrset to verify + * \param[in] rrsigs a list of signatures to check + * \param[in] check_time the time for which the validation is performed + * \param[out] validating_keys if this is a (initialized) list, the + * keys from keys that validate one of + * the signatures are added to it + * \return status LDNS_STATUS_OK if there is at least one correct key + */ +ldns_status ldns_verify_trusted_time( + ldns_resolver *res, ldns_rr_list *rrset, + ldns_rr_list *rrsigs, time_t check_time, + ldns_rr_list *validating_keys); + + +/** + * denial is not just a river in egypt + * + * \param[in] rr The (query) RR to check the denial of existence for + * \param[in] nsecs The list of NSEC RRs that are supposed to deny the + * existence of the RR + * \param[in] rrsigs The RRSIG RR covering the NSEC RRs + * \return LDNS_STATUS_OK if the NSEC RRs deny the existence, error code + * containing the reason they do not otherwise + */ +ldns_status ldns_dnssec_verify_denial(ldns_rr *rr, + ldns_rr_list *nsecs, + ldns_rr_list *rrsigs); + +/** + * Denial of existence using NSEC3 records + * Since NSEC3 is a bit more complicated than normal denial, some + * context arguments are needed + * + * \param[in] rr The (query) RR to check the denial of existence for + * \param[in] nsecs The list of NSEC3 RRs that are supposed to deny the + * existence of the RR + * \param[in] rrsigs The RRSIG rr covering the NSEC RRs + * \param[in] packet_rcode The RCODE value of the packet that provided the + * NSEC3 RRs + * \param[in] packet_qtype The original query RR type + * \param[in] packet_nodata True if the providing packet had an empty ANSWER + * section + * \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code + * containing the reason they do not otherwise + */ +ldns_status ldns_dnssec_verify_denial_nsec3(ldns_rr *rr, + ldns_rr_list *nsecs, + ldns_rr_list *rrsigs, + ldns_pkt_rcode packet_rcode, + ldns_rr_type packet_qtype, + bool packet_nodata); + +/** + * Same as ldns_status ldns_dnssec_verify_denial_nsec3 but also returns + * the nsec rr that matched. + * + * \param[in] rr The (query) RR to check the denial of existence for + * \param[in] nsecs The list of NSEC3 RRs that are supposed to deny the + * existence of the RR + * \param[in] rrsigs The RRSIG rr covering the NSEC RRs + * \param[in] packet_rcode The RCODE value of the packet that provided the + * NSEC3 RRs + * \param[in] packet_qtype The original query RR type + * \param[in] packet_nodata True if the providing packet had an empty ANSWER + * section + * \param[in] match On match, the given (reference to a) pointer will be set + * to point to the matching nsec resource record. + * \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code + * containing the reason they do not otherwise + */ +ldns_status ldns_dnssec_verify_denial_nsec3_match(ldns_rr *rr, + ldns_rr_list *nsecs, + ldns_rr_list *rrsigs, + ldns_pkt_rcode packet_rcode, + ldns_rr_type packet_qtype, + bool packet_nodata, + ldns_rr **match); +/** + * Verifies the already processed data in the buffers + * This function should probably not be used directly. + * + * \param[in] rawsig_buf Buffer containing signature data to use + * \param[in] verify_buf Buffer containing data to verify + * \param[in] key_buf Buffer containing key data to use + * \param[in] algo Signing algorithm + * \return status LDNS_STATUS_OK if the data verifies. Error if not. + */ +ldns_status ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf, + ldns_buffer *verify_buf, + ldns_buffer *key_buf, + uint8_t algo); + +/** + * Like ldns_verify_rrsig_buffers, but uses raw data. + * + * \param[in] sig signature data to use + * \param[in] siglen length of signature data to use + * \param[in] verify_buf Buffer containing data to verify + * \param[in] key key data to use + * \param[in] keylen length of key data to use + * \param[in] algo Signing algorithm + * \return status LDNS_STATUS_OK if the data verifies. Error if not. + */ +ldns_status ldns_verify_rrsig_buffers_raw(unsigned char* sig, + size_t siglen, + ldns_buffer *verify_buf, + unsigned char* key, + size_t keylen, + uint8_t algo); + +/** + * Verifies an rrsig. All keys in the keyset are tried. + * \param[in] rrset the rrset to check + * \param[in] rrsig the signature of the rrset + * \param[in] keys the keys to try + * \param[out] good_keys if this is a (initialized) list, the pointer to keys + * from keys that validate one of the signatures + * are added to it + * \return a list of keys which validate the rrsig + rrset. Returns + * status LDNS_STATUS_OK if at least one key matched. Else an error. + */ +ldns_status ldns_verify_rrsig_keylist(ldns_rr_list *rrset, + ldns_rr *rrsig, + const ldns_rr_list *keys, + ldns_rr_list *good_keys); + +/** + * Verifies an rrsig. All keys in the keyset are tried. + * \param[in] rrset the rrset to check + * \param[in] rrsig the signature of the rrset + * \param[in] keys the keys to try + * \param[in] check_time the time for which the validation is performed + * \param[out] good_keys if this is a (initialized) list, the pointer to keys + * from keys that validate one of the signatures + * are added to it + * \return a list of keys which validate the rrsig + rrset. Returns + * status LDNS_STATUS_OK if at least one key matched. Else an error. + */ +ldns_status ldns_verify_rrsig_keylist_time( + ldns_rr_list *rrset, ldns_rr *rrsig, + const ldns_rr_list *keys, time_t check_time, + ldns_rr_list *good_keys); + + +/** + * Verifies an rrsig. All keys in the keyset are tried. Time is not checked. + * \param[in] rrset the rrset to check + * \param[in] rrsig the signature of the rrset + * \param[in] keys the keys to try + * \param[out] good_keys if this is a (initialized) list, the pointer to keys + * from keys that validate one of the signatures + * are added to it + * \return a list of keys which validate the rrsig + rrset. Returns + * status LDNS_STATUS_OK if at least one key matched. Else an error. + */ +ldns_status ldns_verify_rrsig_keylist_notime(ldns_rr_list *rrset, + ldns_rr *rrsig, + const ldns_rr_list *keys, + ldns_rr_list *good_keys); + +/** + * verify an rrsig with 1 key + * \param[in] rrset the rrset + * \param[in] rrsig the rrsig to verify + * \param[in] key the key to use + * \return status message wether verification succeeded. + */ +ldns_status ldns_verify_rrsig(ldns_rr_list *rrset, + ldns_rr *rrsig, + ldns_rr *key); + + +/** + * verify an rrsig with 1 key + * \param[in] rrset the rrset + * \param[in] rrsig the rrsig to verify + * \param[in] key the key to use + * \param[in] check_time the time for which the validation is performed + * \return status message wether verification succeeded. + */ +ldns_status ldns_verify_rrsig_time( + ldns_rr_list *rrset, ldns_rr *rrsig, + ldns_rr *key, time_t check_time); + + +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * verifies a buffer with signature data for a buffer with rrset data + * with an EVP_PKEY + * + * \param[in] sig the signature data + * \param[in] rrset the rrset data, sorted and processed for verification + * \param[in] key the EVP key structure + * \param[in] digest_type The digest type of the signature + */ +ldns_status ldns_verify_rrsig_evp(ldns_buffer *sig, + ldns_buffer *rrset, + EVP_PKEY *key, + const EVP_MD *digest_type); + +/** + * Like ldns_verify_rrsig_evp, but uses raw signature data. + * \param[in] sig the signature data, wireformat uncompressed + * \param[in] siglen length of the signature data + * \param[in] rrset the rrset data, sorted and processed for verification + * \param[in] key the EVP key structure + * \param[in] digest_type The digest type of the signature + */ +ldns_status ldns_verify_rrsig_evp_raw(unsigned char *sig, + size_t siglen, + ldns_buffer *rrset, + EVP_PKEY *key, + const EVP_MD *digest_type); +#endif + +/** + * verifies a buffer with signature data (DSA) for a buffer with rrset data + * with a buffer with key data. + * + * \param[in] sig the signature data + * \param[in] rrset the rrset data, sorted and processed for verification + * \param[in] key the key data + */ +ldns_status ldns_verify_rrsig_dsa(ldns_buffer *sig, + ldns_buffer *rrset, + ldns_buffer *key); + +/** + * verifies a buffer with signature data (RSASHA1) for a buffer with rrset data + * with a buffer with key data. + * + * \param[in] sig the signature data + * \param[in] rrset the rrset data, sorted and processed for verification + * \param[in] key the key data + */ +ldns_status ldns_verify_rrsig_rsasha1(ldns_buffer *sig, + ldns_buffer *rrset, + ldns_buffer *key); + +/** + * verifies a buffer with signature data (RSAMD5) for a buffer with rrset data + * with a buffer with key data. + * + * \param[in] sig the signature data + * \param[in] rrset the rrset data, sorted and processed for verification + * \param[in] key the key data + */ +ldns_status ldns_verify_rrsig_rsamd5(ldns_buffer *sig, + ldns_buffer *rrset, + ldns_buffer *key); + +/** + * Like ldns_verify_rrsig_dsa, but uses raw signature and key data. + * \param[in] sig raw uncompressed wireformat signature data + * \param[in] siglen length of signature data + * \param[in] rrset ldns buffer with prepared rrset data. + * \param[in] key raw uncompressed wireformat key data + * \param[in] keylen length of key data + */ +ldns_status ldns_verify_rrsig_dsa_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen); + +/** + * Like ldns_verify_rrsig_rsasha1, but uses raw signature and key data. + * \param[in] sig raw uncompressed wireformat signature data + * \param[in] siglen length of signature data + * \param[in] rrset ldns buffer with prepared rrset data. + * \param[in] key raw uncompressed wireformat key data + * \param[in] keylen length of key data + */ +ldns_status ldns_verify_rrsig_rsasha1_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen); + +/** + * Like ldns_verify_rrsig_rsasha256, but uses raw signature and key data. + * \param[in] sig raw uncompressed wireformat signature data + * \param[in] siglen length of signature data + * \param[in] rrset ldns buffer with prepared rrset data. + * \param[in] key raw uncompressed wireformat key data + * \param[in] keylen length of key data + */ + +ldns_status ldns_verify_rrsig_rsasha256_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen); + +/** + * Like ldns_verify_rrsig_rsasha512, but uses raw signature and key data. + * \param[in] sig raw uncompressed wireformat signature data + * \param[in] siglen length of signature data + * \param[in] rrset ldns buffer with prepared rrset data. + * \param[in] key raw uncompressed wireformat key data + * \param[in] keylen length of key data + */ +ldns_status ldns_verify_rrsig_rsasha512_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen); + +/** + * Like ldns_verify_rrsig_rsamd5, but uses raw signature and key data. + * \param[in] sig raw uncompressed wireformat signature data + * \param[in] siglen length of signature data + * \param[in] rrset ldns buffer with prepared rrset data. + * \param[in] key raw uncompressed wireformat key data + * \param[in] keylen length of key data + */ +ldns_status ldns_verify_rrsig_rsamd5_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen); + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/ldns/include/ldns/dnssec_zone.h b/ldns/include/ldns/dnssec_zone.h new file mode 100644 index 0000000..b794f94 --- /dev/null +++ b/ldns/include/ldns/dnssec_zone.h @@ -0,0 +1,483 @@ +/* + * special zone file structures and functions for better dnssec handling + * + * A zone contains a SOA dnssec_zone_rrset, and an AVL tree of 'normal' + * dnssec_zone_rrsets, indexed by name and type + */ + +#ifndef LDNS_DNSSEC_ZONE_H +#define LDNS_DNSSEC_ZONE_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Singly linked list of rrs + */ +typedef struct ldns_struct_dnssec_rrs ldns_dnssec_rrs; +struct ldns_struct_dnssec_rrs +{ + ldns_rr *rr; + ldns_dnssec_rrs *next; +}; + +/** + * Singly linked list of RRsets + */ +typedef struct ldns_struct_dnssec_rrsets ldns_dnssec_rrsets; +struct ldns_struct_dnssec_rrsets +{ + ldns_dnssec_rrs *rrs; + ldns_rr_type type; + ldns_dnssec_rrs *signatures; + ldns_dnssec_rrsets *next; +}; + +/** + * Structure containing all resource records for a domain name + * Including the derived NSEC3, if present + */ +typedef struct ldns_struct_dnssec_name ldns_dnssec_name; +struct ldns_struct_dnssec_name +{ + /** + * pointer to a dname containing the name. + * Usually points to the owner name of the first RR of the first RRset + */ + ldns_rdf *name; + /** + * Usually, the name is a pointer to the owner name of the first rr for + * this name, but sometimes there is no actual data to point to, + * for instance in + * names representing empty nonterminals. If so, set alloced to true to + * indicate that this data must also be freed when the name is freed + */ + bool name_alloced; + /** + * The rrsets for this name + */ + ldns_dnssec_rrsets *rrsets; + /** + * NSEC pointing to the next name (or NSEC3 pointing to the next NSEC3) + */ + ldns_rr *nsec; + /** + * signatures for the NSEC record + */ + ldns_dnssec_rrs *nsec_signatures; + /** + * Unlike what the name is_glue suggests, this field is set to true by + * ldns_dnssec_zone_mark_glue() or ldns_dnssec_zone_mark_and_get_glue() + * when the name, this dnssec_name struct represents, is occluded. + * Names that contain other occluded rrsets and records with glue on + * the delegation point will NOT have this bool set to true. + * This field should NOT be read directly, but only via the + * ldns_dnssec_name_is_glue() function! + */ + bool is_glue; + /** + * pointer to store the hashed name (only used when in an NSEC3 zone + */ + ldns_rdf *hashed_name; +}; + +/** + * Structure containing a dnssec zone + */ +struct ldns_struct_dnssec_zone { + /** points to the name containing the SOA RR */ + ldns_dnssec_name *soa; + /** tree of ldns_dnssec_names */ + ldns_rbtree_t *names; + /** tree of ldns_dnssec_names by nsec3 hashes (when applicible) */ + ldns_rbtree_t *hashed_names; + /** points to the first added NSEC3 rr whose parameters will be + * assumed for all subsequent NSEC3 rr's and which will be used + * to calculate hashed names + */ + ldns_rr *_nsec3params; +}; +typedef struct ldns_struct_dnssec_zone ldns_dnssec_zone; + +/** + * Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs + * \return the allocated data + */ +ldns_dnssec_rrs *ldns_dnssec_rrs_new(void); + +/** + * Frees the list of rrs, but *not* the individual ldns_rr records + * contained in the list + * + * \param[in] rrs the data structure to free + */ +void ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs); + +/** + * Frees the list of rrs, and the individual ldns_rr records + * contained in the list + * + * \param[in] rrs the data structure to free + */ +void ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs); + +/** + * Adds an RR to the list of RRs. The list will remain ordered. + * If an equal RR already exists, this RR will not be added. + * + * \param[in] rrs the list to add to + * \param[in] rr the RR to add + * \return LDNS_STATUS_OK on success + */ +ldns_status ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr); + +/** + * Prints the given rrs to the file descriptor + * + * \param[in] out the file descriptor to print to + * \param[in] rrs the list of RRs to print + */ +void ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs); + +/** + * Prints the given rrs to the file descriptor + * + * \param[in] out the file descriptor to print to + * \param[in] fmt the format of the textual representation + * \param[in] rrs the list of RRs to print + */ +void ldns_dnssec_rrs_print_fmt(FILE *out, + const ldns_output_format *fmt, ldns_dnssec_rrs *rrs); + +/** + * Creates a new list (entry) of RRsets + * \return the newly allocated structure + */ +ldns_dnssec_rrsets *ldns_dnssec_rrsets_new(void); + +/** + * Frees the list of rrsets and their rrs, but *not* the ldns_rr + * records in the sets + * + * \param[in] rrsets the data structure to free + */ +void ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets); + +/** + * Frees the list of rrsets and their rrs, and the ldns_rr + * records in the sets + * + * \param[in] rrsets the data structure to free + */ +void ldns_dnssec_rrsets_deep_free(ldns_dnssec_rrsets *rrsets); + +/** + * Returns the rr type of the rrset (that is head of the given list) + * + * \param[in] rrsets the rrset to get the type of + * \return the rr type + */ +ldns_rr_type ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets); + +/** + * Sets the RR type of the rrset (that is head of the given list) + * + * \param[in] rrsets the rrset to set the type of + * \param[in] type the type to set + * \return LDNS_STATUS_OK on success + */ +ldns_status ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets, + ldns_rr_type type); + +/** + * Add an ldns_rr to the corresponding RRset in the given list of RRsets. + * If it is not present, add it as a new RRset with 1 record. + * + * \param[in] rrsets the list of rrsets to add the RR to + * \param[in] rr the rr to add to the list of rrsets + * \return LDNS_STATUS_OK on success + */ +ldns_status ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr); + +/** + * Print the given list of rrsets to the fiven file descriptor + * + * \param[in] out the file descriptor to print to + * \param[in] rrsets the list of RRsets to print + * \param[in] follow if set to false, only print the first RRset + */ +void ldns_dnssec_rrsets_print(FILE *out, + ldns_dnssec_rrsets *rrsets, + bool follow); + +/** + * Print the given list of rrsets to the fiven file descriptor + * + * \param[in] out the file descriptor to print to + * \param[in] fmt the format of the textual representation + * \param[in] rrsets the list of RRsets to print + * \param[in] follow if set to false, only print the first RRset + */ +void ldns_dnssec_rrsets_print_fmt(FILE *out, + const ldns_output_format *fmt, + ldns_dnssec_rrsets *rrsets, + bool follow); + + +/** + * Create a new data structure for a dnssec name + * \return the allocated structure + */ +ldns_dnssec_name *ldns_dnssec_name_new(void); + +/** + * Create a new data structure for a dnssec name for the given RR + * + * \param[in] rr the RR to derive properties from, and to add to the name + */ +ldns_dnssec_name *ldns_dnssec_name_new_frm_rr(ldns_rr *rr); + +/** + * Frees the name structure and its rrs and rrsets. + * Individual ldns_rr records therein are not freed + * + * \param[in] name the structure to free + */ +void ldns_dnssec_name_free(ldns_dnssec_name *name); + +/** + * Frees the name structure and its rrs and rrsets. + * Individual ldns_rr records contained in the name are also freed + * + * \param[in] name the structure to free + */ +void ldns_dnssec_name_deep_free(ldns_dnssec_name *name); + +/** + * Returns the domain name of the given dnssec_name structure + * + * \param[in] name the dnssec name to get the domain name from + * \return the domain name + */ +ldns_rdf *ldns_dnssec_name_name(ldns_dnssec_name *name); + + +/** + * Sets the domain name of the given dnssec_name structure + * + * \param[in] name the dnssec name to set the domain name of + * \param[in] dname the domain name to set it to. This data is *not* copied. + */ +void ldns_dnssec_name_set_name(ldns_dnssec_name *name, + ldns_rdf *dname); +/** + * Returns if dnssec_name structure is marked as glue. + * The ldns_dnssec_zone_mark_glue() function has to be called on a zone before + * using this function. + * Only names that have only glue rrsets will be marked. + * Names that have other occluded rrsets and names containing glue on the + * delegation point will NOT be marked! + * + * \param[in] name the dnssec name to get the domain name from + * \return true if the structure is marked as glue, false otherwise. + */ +bool ldns_dnssec_name_is_glue(ldns_dnssec_name *name); + +/** + * Sets the NSEC(3) RR of the given dnssec_name structure + * + * \param[in] name the dnssec name to set the domain name of + * \param[in] nsec the nsec rr to set it to. This data is *not* copied. + */ +void ldns_dnssec_name_set_nsec(ldns_dnssec_name *name, ldns_rr *nsec); + +/** + * Compares the domain names of the two arguments in their + * canonical ordening. + * + * \param[in] a The first dnssec_name to compare + * \param[in] b The second dnssec_name to compare + * \return -1 if the domain name of a comes before that of b in canonical + * ordening, 1 if it is the other way around, and 0 if they are + * equal + */ +int ldns_dnssec_name_cmp(const void *a, const void *b); + +/** + * Inserts the given rr at the right place in the current dnssec_name + * No checking is done whether the name matches + * + * \param[in] name The ldns_dnssec_name to add the RR to + * \param[in] rr The RR to add + * \return LDNS_STATUS_OK on success, error code otherwise + */ +ldns_status ldns_dnssec_name_add_rr(ldns_dnssec_name *name, + ldns_rr *rr); + +/** + * Find the RRset with the given type in within this name structure + * + * \param[in] name the name to find the RRset in + * \param[in] type the type of the RRset to find + * \return the RRset, or NULL if not present + */ +ldns_dnssec_rrsets *ldns_dnssec_name_find_rrset(ldns_dnssec_name *name, + ldns_rr_type type); + +/** + * Find the RRset with the given name and type in the zone + * + * \param[in] zone the zone structure to find the RRset in + * \param[in] dname the domain name of the RRset to find + * \param[in] type the type of the RRset to find + * \return the RRset, or NULL if not present + */ +ldns_dnssec_rrsets *ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone, + ldns_rdf *dname, + ldns_rr_type type); + +/** + * Prints the RRs in the dnssec name structure to the given + * file descriptor + * + * \param[in] out the file descriptor to print to + * \param[in] name the name structure to print the contents of + */ +void ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name); + +/** + * Prints the RRs in the dnssec name structure to the given + * file descriptor + * + * \param[in] out the file descriptor to print to + * \param[in] fmt the format of the textual representation + * \param[in] name the name structure to print the contents of + */ +void ldns_dnssec_name_print_fmt(FILE *out, + const ldns_output_format *fmt, ldns_dnssec_name *name); + +/** + * Creates a new dnssec_zone structure + * \return the allocated structure + */ +ldns_dnssec_zone *ldns_dnssec_zone_new(void); + +/** + * Create a new dnssec zone from a file. + * \param[out] z the new zone + * \param[in] *fp the filepointer to use + * \param[in] *origin the zones' origin + * \param[in] c default class to use (IN) + * \param[in] ttl default ttl to use + * + * \return ldns_status mesg with an error or LDNS_STATUS_OK + */ +ldns_status ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp, + ldns_rdf* origin, uint32_t ttl, ldns_rr_class c); + +/** + * Create a new dnssec zone from a file, keep track of the line numbering + * \param[out] z the new zone + * \param[in] *fp the filepointer to use + * \param[in] *origin the zones' origin + * \param[in] ttl default ttl to use + * \param[in] c default class to use (IN) + * \param[out] line_nr used for error msg, to get to the line number + * + * \return ldns_status mesg with an error or LDNS_STATUS_OK + */ +ldns_status ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, + ldns_rdf* origin, uint32_t ttl, ldns_rr_class c, int* line_nr); + +/** + * Frees the given zone structure, and its rbtree of dnssec_names + * Individual ldns_rr RRs within those names are *not* freed + * \param[in] *zone the zone to free + */ +void ldns_dnssec_zone_free(ldns_dnssec_zone *zone); + +/** + * Frees the given zone structure, and its rbtree of dnssec_names + * Individual ldns_rr RRs within those names are also freed + * \param[in] *zone the zone to free + */ +void ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone); + +/** + * Adds the given RR to the zone. + * It find whether there is a dnssec_name with that name present. + * If so, add it to that, if not create a new one. + * Special handling of NSEC and RRSIG provided + * + * \param[in] zone the zone to add the RR to + * \param[in] rr The RR to add + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, + ldns_rr *rr); + +/** + * Prints the rbtree of ldns_dnssec_name structures to the file descriptor + * + * \param[in] out the file descriptor to print the names to + * \param[in] tree the tree of ldns_dnssec_name structures to print + * \param[in] print_soa if true, print SOA records, if false, skip them + */ +void ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa); + +/** + * Prints the rbtree of ldns_dnssec_name structures to the file descriptor + * + * \param[in] out the file descriptor to print the names to + * \param[in] fmt the format of the textual representation + * \param[in] tree the tree of ldns_dnssec_name structures to print + * \param[in] print_soa if true, print SOA records, if false, skip them + */ +void ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt, + ldns_rbtree_t *tree, bool print_soa); + +/** + * Prints the complete zone to the given file descriptor + * + * \param[in] out the file descriptor to print to + * \param[in] zone the dnssec_zone to print + */ +void ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone); + +/** + * Prints the complete zone to the given file descriptor + * + * \param[in] out the file descriptor to print to + * \param[in] fmt the format of the textual representation + * \param[in] zone the dnssec_zone to print + */ +void ldns_dnssec_zone_print_fmt(FILE *out, + const ldns_output_format *fmt, ldns_dnssec_zone *zone); + +/** + * Adds explicit dnssec_name structures for the empty nonterminals + * in this zone. (this is needed for NSEC3 generation) + * + * \param[in] zone the zone to check for empty nonterminals + * return LDNS_STATUS_OK on success. + */ +ldns_status ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone); + +/** + * If a NSEC3PARAM is available in the apex, walks the zone and returns true + * on the first optout nsec3. + * + * \param[in] zone the zone to check for nsec3 optout records + * return true when the zone has at least one nsec3 optout record. + */ +bool ldns_dnssec_zone_is_nsec3_optout(ldns_dnssec_zone* zone); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/ldns/include/ldns/duration.h b/ldns/include/ldns/duration.h new file mode 100644 index 0000000..f12edc4 --- /dev/null +++ b/ldns/include/ldns/duration.h @@ -0,0 +1,109 @@ +/* + * $Id: duration.h 4341 2011-01-31 15:21:09Z matthijs $ + * + * Copyright (c) 2009 NLNet Labs. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER + * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN + * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * + * This file is copied from the OpenDNSSEC source repository + * and only slightly adapted to make it fit. + */ + +/** + * + * Durations. + */ + +#ifndef LDNS_DURATION_H +#define LDNS_DURATION_H + +#include +#include + +/** + * Duration. + * + */ +typedef struct ldns_duration_struct ldns_duration_type; +struct ldns_duration_struct +{ + time_t years; + time_t months; + time_t weeks; + time_t days; + time_t hours; + time_t minutes; + time_t seconds; +}; + +/** + * Create a new 'instant' duration. + * \return ldns_duration_type* created duration + * + */ +ldns_duration_type* ldns_duration_create(void); + +/** + * Compare durations. + * \param[in] d1 one duration + * \param[in] d2 another duration + * \return int 0 if equal, -1 if d1 < d2, 1 if d2 < d1 + * + */ +int ldns_duration_compare(ldns_duration_type* d1, ldns_duration_type* d2); + +/** + * Create a duration from string. + * \param[in] str string-format duration + * \return ldns_duration_type* created duration + * + */ +ldns_duration_type* ldns_duration_create_from_string(const char* str); + +/** + * Convert a duration to a string. + * \param[in] duration duration to be converted + * \return char* string-format duration + * + */ +char* ldns_duration2string(ldns_duration_type* duration); + +/** + * Convert a duration to a time. + * \param[in] duration duration to be converted + * \return time_t time-format duration + * + */ +time_t ldns_duration2time(ldns_duration_type* duration); + +/** + * Clean up duration. + * \param[in] duration duration to be cleaned up + * + */ +void ldns_duration_cleanup(ldns_duration_type* duration); + +#endif /* LDNS_DURATION_H */ diff --git a/ldns/include/ldns/error.h b/ldns/include/ldns/error.h new file mode 100644 index 0000000..cc11958 --- /dev/null +++ b/ldns/include/ldns/error.h @@ -0,0 +1,147 @@ +/** + * \file error.h + * + * Defines error numbers and functions to translate those to a readable string. + * + */ + +/** + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +#ifndef LDNS_ERROR_H +#define LDNS_ERROR_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +enum ldns_enum_status { + LDNS_STATUS_OK, + LDNS_STATUS_EMPTY_LABEL, + LDNS_STATUS_LABEL_OVERFLOW, + LDNS_STATUS_DOMAINNAME_OVERFLOW, + LDNS_STATUS_DOMAINNAME_UNDERFLOW, + LDNS_STATUS_DDD_OVERFLOW, + LDNS_STATUS_PACKET_OVERFLOW, + LDNS_STATUS_INVALID_POINTER, + LDNS_STATUS_MEM_ERR, + LDNS_STATUS_INTERNAL_ERR, + LDNS_STATUS_SSL_ERR, + LDNS_STATUS_ERR, + LDNS_STATUS_INVALID_INT, + LDNS_STATUS_INVALID_IP4, + LDNS_STATUS_INVALID_IP6, + LDNS_STATUS_INVALID_STR, + LDNS_STATUS_INVALID_B32_EXT, + LDNS_STATUS_INVALID_B64, + LDNS_STATUS_INVALID_HEX, + LDNS_STATUS_INVALID_TIME, + LDNS_STATUS_NETWORK_ERR, + LDNS_STATUS_ADDRESS_ERR, + LDNS_STATUS_FILE_ERR, + LDNS_STATUS_UNKNOWN_INET, + LDNS_STATUS_NOT_IMPL, + LDNS_STATUS_NULL, + LDNS_STATUS_CRYPTO_UNKNOWN_ALGO, + LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL, + LDNS_STATUS_CRYPTO_NO_RRSIG, + LDNS_STATUS_CRYPTO_NO_DNSKEY, + LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY, + LDNS_STATUS_CRYPTO_NO_DS, + LDNS_STATUS_CRYPTO_NO_TRUSTED_DS, + LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY, + LDNS_STATUS_CRYPTO_VALIDATED, + LDNS_STATUS_CRYPTO_BOGUS, + LDNS_STATUS_CRYPTO_SIG_EXPIRED, + LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED, + LDNS_STATUS_CRYPTO_TSIG_BOGUS, + LDNS_STATUS_CRYPTO_TSIG_ERR, + LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION, + LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR, + LDNS_STATUS_ENGINE_KEY_NOT_LOADED, + LDNS_STATUS_NSEC3_ERR, + LDNS_STATUS_RES_NO_NS, + LDNS_STATUS_RES_QUERY, + LDNS_STATUS_WIRE_INCOMPLETE_HEADER, + LDNS_STATUS_WIRE_INCOMPLETE_QUESTION, + LDNS_STATUS_WIRE_INCOMPLETE_ANSWER, + LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY, + LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL, + LDNS_STATUS_NO_DATA, + LDNS_STATUS_CERT_BAD_ALGORITHM, + LDNS_STATUS_SYNTAX_TYPE_ERR, + LDNS_STATUS_SYNTAX_CLASS_ERR, + LDNS_STATUS_SYNTAX_TTL_ERR, + LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL, + LDNS_STATUS_SYNTAX_RDATA_ERR, + LDNS_STATUS_SYNTAX_DNAME_ERR, + LDNS_STATUS_SYNTAX_VERSION_ERR, + LDNS_STATUS_SYNTAX_ALG_ERR, + LDNS_STATUS_SYNTAX_KEYWORD_ERR, + LDNS_STATUS_SYNTAX_TTL, + LDNS_STATUS_SYNTAX_ORIGIN, + LDNS_STATUS_SYNTAX_INCLUDE, + LDNS_STATUS_SYNTAX_EMPTY, + LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW, + LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR, + LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW, + LDNS_STATUS_SYNTAX_BAD_ESCAPE, + LDNS_STATUS_SOCKET_ERROR, + LDNS_STATUS_SYNTAX_ERR, + LDNS_STATUS_DNSSEC_EXISTENCE_DENIED, + LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED, + LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED, + LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND, + LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG, + LDNS_STATUS_MISSING_RDATA_FIELDS_KEY, + LDNS_STATUS_CRYPTO_SIG_EXPIRED_WITHIN_MARGIN, + LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED_WITHIN_MARGIN, + LDNS_STATUS_DANE_STATUS_MESSAGES, + LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE, + LDNS_STATUS_DANE_UNKNOWN_SELECTOR, + LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE, + LDNS_STATUS_DANE_UNKNOWN_PROTOCOL, + LDNS_STATUS_DANE_UNKNOWN_TRANSPORT, + LDNS_STATUS_DANE_MISSING_EXTRA_CERTS, + LDNS_STATUS_DANE_EXTRA_CERTS_NOT_USED, + LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE, + LDNS_STATUS_DANE_INSECURE, + LDNS_STATUS_DANE_BOGUS, + LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH, + LDNS_STATUS_DANE_NON_CA_CERTIFICATE, + LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE, + LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR, + LDNS_STATUS_EXISTS_ERR, + LDNS_STATUS_INVALID_ILNP64, + LDNS_STATUS_INVALID_EUI48, + LDNS_STATUS_INVALID_EUI64, + LDNS_STATUS_WIRE_RDATA_ERR, + LDNS_STATUS_INVALID_TAG, + LDNS_STATUS_TYPE_NOT_IN_BITMAP, + LDNS_STATUS_INVALID_RDF_TYPE, + LDNS_STATUS_RDATA_OVERFLOW +}; +typedef enum ldns_enum_status ldns_status; + +extern ldns_lookup_table ldns_error_str[]; + +/** + * look up a descriptive text by each error. This function + * could use a better name + * \param[in] err ldns_status number + * \return the string for that error + */ +const char *ldns_get_errorstr_by_id(ldns_status err); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_ERROR_H */ diff --git a/ldns/include/ldns/higher.h b/ldns/include/ldns/higher.h new file mode 100644 index 0000000..597e134 --- /dev/null +++ b/ldns/include/ldns/higher.h @@ -0,0 +1,113 @@ +/** + * \file higher.h + * + * Specifies some higher level functions that could + * be useful for certain applications + */ + +/* + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +#ifndef LDNS_HIGHER_H +#define LDNS_HIGHER_H + +#include +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Ask the resolver about name + * and return all address records + * \param[in] r the resolver to use + * \param[in] name the name to look for + * \param[in] c the class to use + * \param[in] flags give some optional flags to the query + */ +ldns_rr_list *ldns_get_rr_list_addr_by_name(ldns_resolver *r, ldns_rdf *name, ldns_rr_class c, uint16_t flags); + +/** + * ask the resolver about the address + * and return the name + * \param[in] r the resolver to use + * \param[in] addr the addr to look for + * \param[in] c the class to use + * \param[in] flags give some optional flags to the query + */ +ldns_rr_list *ldns_get_rr_list_name_by_addr(ldns_resolver *r, ldns_rdf *addr, ldns_rr_class c, uint16_t flags); + +/** + * wade through fp (a /etc/hosts like file) + * and return a rr_list containing all the + * defined hosts in there + * \param[in] fp the file pointer to use + * \return ldns_rr_list * with the names + */ +ldns_rr_list *ldns_get_rr_list_hosts_frm_fp(FILE *fp); + +/** + * wade through fp (a /etc/hosts like file) + * and return a rr_list containing all the + * defined hosts in there + * \param[in] fp the file pointer to use + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return ldns_rr_list * with the names + */ +ldns_rr_list *ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr); + +/** + * wade through fp (a /etc/hosts like file) + * and return a rr_list containing all the + * defined hosts in there + * \param[in] filename the filename to use (NULL for /etc/hosts) + * \return ldns_rr_list * with the names + */ +ldns_rr_list *ldns_get_rr_list_hosts_frm_file(char *filename); + +/** + * This function is a wrapper function for ldns_get_rr_list_name_by_addr + * and ldns_get_rr_list_addr_by_name. It's name is from the getaddrinfo() + * library call. It tries to mimic that call, but without the lowlevel + * stuff. + * \param[in] res The resolver. If this value is NULL then a resolver will + * be created by ldns_getaddrinfo. + * \param[in] node the name or ip address to look up + * \param[in] c the class to look in + * \param[out] list put the found RR's in this list + * \return the number of RR found. + */ +uint16_t ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c, ldns_rr_list **list); + +/** + * Check if t is enumerated in the nsec type rdata + * \param[in] nsec the NSEC Record to look in + * \param[in] t the type to check for + * \return true when t is found, otherwise return false + */ +bool ldns_nsec_type_check(ldns_rr *nsec, ldns_rr_type t); + +/** + * Print a number of rdf's of the RR. The rdfnum-list must + * be ended by -1, otherwise unpredictable things might happen. + * rdfs may be printed multiple times + * \param[in] fp FILE * to write to + * \param[in] r RR to write + * \param[in] rdfnum a list of rdf to print. + */ +void ldns_print_rr_rdf(FILE *fp, ldns_rr *r, int rdfnum, ...); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_HIGHER_H */ diff --git a/ldns/include/ldns/host2str.h b/ldns/include/ldns/host2str.h new file mode 100644 index 0000000..e69389e --- /dev/null +++ b/ldns/include/ldns/host2str.h @@ -0,0 +1,891 @@ +/** + * host2str.h - txt presentation of RRs + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Contains functions to translate the main structures to their text + * representation, as well as functions to print them. + */ + +#ifndef LDNS_HOST2STR_H +#define LDNS_HOST2STR_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "ldns/util.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#define LDNS_APL_IP4 1 +#define LDNS_APL_IP6 2 +#define LDNS_APL_MASK 0x7f +#define LDNS_APL_NEGATION 0x80 + +/** + * Represent a NULL pointer (instead of a pointer to a ldns_rr as "; (null)" + * as opposed to outputting nothing at all in such a case. + */ +/* Flag Name Flag Nr. Has data associated + ---------------------------------------------------------------------*/ +#define LDNS_COMMENT_NULLS (1 << 0) +/** Show key id with DNSKEY RR's as comment */ +#define LDNS_COMMENT_KEY_ID (1 << 1) +/** Show if a DNSKEY is a ZSK or KSK as comment */ +#define LDNS_COMMENT_KEY_TYPE (1 << 2) +/** Show DNSKEY key size as comment */ +#define LDNS_COMMENT_KEY_SIZE (1 << 3) +/** Provide bubblebabble representation for DS RR's as comment */ +#define LDNS_COMMENT_BUBBLEBABBLE (1 << 4) +/** Show when a NSEC3 RR has the optout flag set as comment */ +#define LDNS_COMMENT_FLAGS (1 << 5) +/** Show the unhashed owner and next owner names for NSEC3 RR's as comment */ +#define LDNS_COMMENT_NSEC3_CHAIN (1 << 6) /* yes */ +/** Print mark up */ +#define LDNS_COMMENT_LAYOUT (1 << 7) +/** Also comment KEY_ID with RRSIGS **/ +#define LDNS_COMMENT_RRSIGS (1 << 8) +#define LDNS_FMT_ZEROIZE_RRSIGS (1 << 9) +#define LDNS_FMT_PAD_SOA_SERIAL (1 << 10) +#define LDNS_FMT_RFC3597 (1 << 11) /* yes */ + +#define LDNS_FMT_FLAGS_WITH_DATA 2 + +/** Show key id, type and size as comment for DNSKEY RR's */ +#define LDNS_COMMENT_KEY (LDNS_COMMENT_KEY_ID \ + |LDNS_COMMENT_KEY_TYPE\ + |LDNS_COMMENT_KEY_SIZE) + +/** + * Output format specifier + * + * Determines how Packets, Resource Records and Resource record data fiels are + * formatted when printing or converting to string. + * Currently it is only used to specify what aspects of a Resource Record are + * annotated in the comment section of the textual representation the record. + * This is speciefed with flags and potential exra data (such as for example + * a lookup map of hashes to real names for annotation NSEC3 records). + */ +struct ldns_struct_output_format +{ + /** Specification of how RR's should be formatted in text */ + int flags; + /** Potential extra data to be used with formatting RR's in text */ + void *data; +}; +typedef struct ldns_struct_output_format ldns_output_format; + +/** + * Output format struct with additional data for flags that use them. + * This struct may not be initialized directly. Use ldns_output_format_init + * to initialize. + */ +struct ldns_struct_output_format_storage +{ int flags; + ldns_rbtree_t* hashmap; /* for LDNS_COMMENT_NSEC3_CHAIN */ + ldns_rdf* bitmap; /* for LDNS_FMT_RFC3597 */ +}; +typedef struct ldns_struct_output_format_storage ldns_output_format_storage; + +/** + * Standard output format record that disables commenting in the textual + * representation of Resource Records completely. + */ +extern const ldns_output_format *ldns_output_format_nocomments; +/** + * Standard output format record that annotated only DNSKEY RR's with commenti + * text. + */ +extern const ldns_output_format *ldns_output_format_onlykeyids; +/** + * The default output format record. Same as ldns_output_format_onlykeyids. + */ +extern const ldns_output_format *ldns_output_format_default; +/** + * Standard output format record that shows all DNSKEY related information in + * the comment text, plus the optout flag when set with NSEC3's, plus the + * bubblebabble representation of DS RR's. + */ +extern const ldns_output_format *ldns_output_format_bubblebabble; + +/** + * Initialize output format storage to the default value. + * \param[in] fmt A reference to an output_format_ storage struct + * \return The initialized storage struct typecasted to ldns_output_format + */ +INLINE +ldns_output_format* ldns_output_format_init(ldns_output_format_storage* fmt) { + fmt->flags = ldns_output_format_default->flags; + fmt->hashmap = NULL; + fmt->bitmap = NULL; + return (ldns_output_format*)fmt; +} + +/** + * Set an ouput format flag. + */ +INLINE void ldns_output_format_set(ldns_output_format* fmt, int flag) { + fmt->flags |= flag; +} + +/** + * Clear an ouput format flag. + */ +INLINE void ldns_output_format_clear(ldns_output_format* fmt, int flag) { + fmt->flags &= !flag; +} + +/** + * Makes sure the LDNS_FMT_RFC3597 is set in the output format. + * Marks the type to be printed in RFC3597 format. + * /param[in] fmt the output format to update + * /param[in] the type to be printed in RFC3597 format + * /return LDNS_STATUS_OK on success + */ +ldns_status +ldns_output_format_set_type(ldns_output_format* fmt, ldns_rr_type type); + +/** + * Makes sure the LDNS_FMT_RFC3597 is set in the output format. + * Marks the type to not be printed in RFC3597 format. When no other types + * have been marked before, all known types (except the given one) will be + * marked for printing in RFC3597 format. + * /param[in] fmt the output format to update + * /param[in] the type not to be printed in RFC3597 format + * /return LDNS_STATUS_OK on success + */ +ldns_status +ldns_output_format_clear_type(ldns_output_format* fmt, ldns_rr_type type); + +/** + * Converts an ldns packet opcode value to its mnemonic, and adds that + * to the output buffer + * \param[in] *output the buffer to add the data to + * \param[in] opcode to find the string representation of + * \return LDNS_STATUS_OK on success, or a buffer failure mode on error + */ +ldns_status +ldns_pkt_opcode2buffer_str(ldns_buffer *output, ldns_pkt_opcode opcode); + +/** + * Converts an ldns packet rcode value to its mnemonic, and adds that + * to the output buffer + * \param[in] *output the buffer to add the data to + * \param[in] rcode to find the string representation of + * \return LDNS_STATUS_OK on success, or a buffer failure mode on error + */ +ldns_status +ldns_pkt_rcode2buffer_str(ldns_buffer *output, ldns_pkt_rcode rcode); + +/** + * Converts an ldns algorithm type to its mnemonic, and adds that + * to the output buffer + * \param[in] *output the buffer to add the data to + * \param[in] algorithm to find the string representation of + * \return LDNS_STATUS_OK on success, or a buffer failure mode on error + */ +ldns_status +ldns_algorithm2buffer_str(ldns_buffer *output, + ldns_algorithm algorithm); + +/** + * Converts an ldns certificate algorithm type to its mnemonic, + * and adds that to the output buffer + * \param[in] *output the buffer to add the data to + * \param[in] cert_algorithm to find the string representation of + * \return LDNS_STATUS_OK on success, or a buffer failure mode on error + */ +ldns_status +ldns_cert_algorithm2buffer_str(ldns_buffer *output, + ldns_cert_algorithm cert_algorithm); + + +/** + * Converts a packet opcode to its mnemonic and returns that as + * an allocated null-terminated string. + * Remember to free it. + * + * \param[in] opcode the opcode to convert to text + * \return null terminated char * data, or NULL on error + */ +char *ldns_pkt_opcode2str(ldns_pkt_opcode opcode); + +/** + * Converts a packet rcode to its mnemonic and returns that as + * an allocated null-terminated string. + * Remember to free it. + * + * \param[in] rcode the rcode to convert to text + * \return null terminated char * data, or NULL on error + */ +char *ldns_pkt_rcode2str(ldns_pkt_rcode rcode); + +/** + * Converts a signing algorithms to its mnemonic and returns that as + * an allocated null-terminated string. + * Remember to free it. + * + * \param[in] algorithm the algorithm to convert to text + * \return null terminated char * data, or NULL on error + */ +char *ldns_pkt_algorithm2str(ldns_algorithm algorithm); + +/** + * Converts a cert algorithm to its mnemonic and returns that as + * an allocated null-terminated string. + * Remember to free it. + * + * \param[in] cert_algorithm to convert to text + * \return null terminated char * data, or NULL on error + */ +char *ldns_pkt_cert_algorithm2str(ldns_cert_algorithm cert_algorithm); + +/** + * Converts an LDNS_RDF_TYPE_A rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_a(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_AAAA rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_aaaa(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_STR rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_str(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_B64 rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_b64(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_B32_EXT rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_b32_ext(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_HEX rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_hex(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_TYPE rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_type(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_CLASS rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_class(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_ALG rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_alg(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an ldns_rr_type value to its string representation, + * and places it in the given buffer + * \param[in] *output The buffer to add the data to + * \param[in] type the ldns_rr_type to convert + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rr_type2buffer_str(ldns_buffer *output, + const ldns_rr_type type); + +/** + * Converts an ldns_rr_type value to its string representation, + * and returns that string. For unknown types, the string + * "TYPE" is returned. This function allocates data that must be + * freed by the caller + * \param[in] type the ldns_rr_type to convert + * \return a newly allocated string + */ +char *ldns_rr_type2str(const ldns_rr_type type); + +/** + * Converts an ldns_rr_class value to its string representation, + * and places it in the given buffer + * \param[in] *output The buffer to add the data to + * \param[in] klass the ldns_rr_class to convert + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rr_class2buffer_str(ldns_buffer *output, + const ldns_rr_class klass); + +/** + * Converts an ldns_rr_class value to its string representation, + * and returns that string. For unknown types, the string + * "CLASS" is returned. This function allocates data that must be + * freed by the caller + * \param[in] klass the ldns_rr_class to convert + * \return a newly allocated string + */ +char *ldns_rr_class2str(const ldns_rr_class klass); + + +/** + * Converts an LDNS_RDF_TYPE_CERT rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_cert_alg(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_LOC rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_loc(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_UNKNOWN rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_unknown(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_NSAP rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_nsap(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_ATMA rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_atma(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_WKS rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_wks(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_NSEC rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_nsec(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_PERIOD rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_period(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_TSIGTIME rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_tsigtime(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_APL rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_apl(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_INT16_DATA rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_int16_data(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_IPSECKEY rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts the data in the rdata field to presentation + * format (as char *) and appends it to the given buffer + * + * \param[in] output pointer to the buffer to append the data to + * \param[in] rdf the pointer to the rdafa field containing the data + * \return status + */ +ldns_status ldns_rdf2buffer_str(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts the data in the resource record to presentation + * format (as char *) and appends it to the given buffer. + * The presentation format of DNSKEY record is annotated with comments giving + * the id, type and size of the key. + * + * \param[in] output pointer to the buffer to append the data to + * \param[in] rr the pointer to the rr field to convert + * \return status + */ +ldns_status ldns_rr2buffer_str(ldns_buffer *output, const ldns_rr *rr); + +/** + * Converts the data in the resource record to presentation + * format (as char *) and appends it to the given buffer. + * The presentation format is annotated with comments giving + * additional information on the record. + * + * \param[in] output pointer to the buffer to append the data to + * \param[in] fmt how to format the textual representation of the + * resource record. + * \param[in] rr the pointer to the rr field to convert + * \return status + */ +ldns_status ldns_rr2buffer_str_fmt(ldns_buffer *output, + const ldns_output_format *fmt, const ldns_rr *rr); + +/** + * Converts the data in the DNS packet to presentation + * format (as char *) and appends it to the given buffer + * + * \param[in] output pointer to the buffer to append the data to + * \param[in] pkt the pointer to the packet to convert + * \return status + */ +ldns_status ldns_pkt2buffer_str(ldns_buffer *output, const ldns_pkt *pkt); + +/** + * Converts the data in the DNS packet to presentation + * format (as char *) and appends it to the given buffer + * + * \param[in] output pointer to the buffer to append the data to + * \param[in] fmt how to format the textual representation of the packet + * \param[in] pkt the pointer to the packet to convert + * \return status + */ +ldns_status ldns_pkt2buffer_str_fmt(ldns_buffer *output, + const ldns_output_format *fmt, const ldns_pkt *pkt); + +/** + * Converts an LDNS_RDF_TYPE_NSEC3_SALT rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_nsec3_salt(ldns_buffer *output, const ldns_rdf *rdf); + + +/** + * Converts the data in the DNS packet to presentation + * format (as char *) and appends it to the given buffer + * + * \param[in] output pointer to the buffer to append the data to + * \param[in] k the pointer to the private key to convert + * \return status + */ +ldns_status ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k); + +/** + * Converts an LDNS_RDF_TYPE_INT8 rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_int8(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_INT16 rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_int16(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_INT32 rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_TIME rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_ILNP64 rdata element to 4 hexadecimal numbers + * separated by colons and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_ilnp64(ldns_buffer *output, + const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_EUI48 rdata element to 6 hexadecimal numbers + * separated by dashes and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_eui48(ldns_buffer *output, + const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_EUI64 rdata element to 8 hexadecimal numbers + * separated by dashes and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_eui64(ldns_buffer *output, + const ldns_rdf *rdf); + +/** + * Adds the LDNS_RDF_TYPE_TAG rdata to the output buffer, + * provided it contains only alphanumeric characters. + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_tag(ldns_buffer *output, + const ldns_rdf *rdf); + +/** + * Adds the LDNS_RDF_TYPE_LONG_STR rdata to the output buffer, in-between + * double quotes and all non printable characters properly escaped. + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_long_str(ldns_buffer *output, + const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_HIP rdata element to presentation format for + * the algorithm, HIT and Public Key and adds it the output buffer . + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_hip(ldns_buffer *output, + const ldns_rdf *rdf); + +/** + * Converts the data in the rdata field to presentation format and + * returns that as a char *. + * Remember to free it. + * + * \param[in] rdf The rdata field to convert + * \return null terminated char * data, or NULL on error + */ +char *ldns_rdf2str(const ldns_rdf *rdf); + +/** + * Converts the data in the resource record to presentation format and + * returns that as a char *. + * Remember to free it. + * + * \param[in] rr The rdata field to convert + * \return null terminated char * data, or NULL on error + */ +char *ldns_rr2str(const ldns_rr *rr); + +/** + * Converts the data in the resource record to presentation format and + * returns that as a char *. + * Remember to free it. + * + * \param[in] fmt how to format the resource record + * \param[in] rr The rdata field to convert + * \return null terminated char * data, or NULL on error + */ +char *ldns_rr2str_fmt(const ldns_output_format *fmt, const ldns_rr *rr); + +/** + * Converts the data in the DNS packet to presentation format and + * returns that as a char *. + * Remember to free it. + * + * \param[in] pkt The rdata field to convert + * \return null terminated char * data, or NULL on error + */ +char *ldns_pkt2str(const ldns_pkt *pkt); + +/** + * Converts the data in the DNS packet to presentation format and + * returns that as a char *. + * Remember to free it. + * + * \param[in] fmt how to format the packet + * \param[in] pkt The rdata field to convert + * \return null terminated char * data, or NULL on error + */ +char *ldns_pkt2str_fmt(const ldns_output_format *fmt, const ldns_pkt *pkt); + +/** + * Converts a private key to the test presentation fmt and + * returns that as a char *. + * Remember to free it. + * + * \param[in] k the key to convert to text + * \return null terminated char * data, or NULL on error + */ +char *ldns_key2str(const ldns_key *k); + +/** + * Converts a list of resource records to presentation format + * and returns that as a char *. + * Remember to free it. + * + * \param[in] rr_list the rr_list to convert to text + * \return null terminated char * data, or NULL on error + */ +char *ldns_rr_list2str(const ldns_rr_list *rr_list); + +/** + * Converts a list of resource records to presentation format + * and returns that as a char *. + * Remember to free it. + * + * \param[in] fmt how to format the list of resource records + * \param[in] rr_list the rr_list to convert to text + * \return null terminated char * data, or NULL on error + */ +char *ldns_rr_list2str_fmt( + const ldns_output_format *fmt, const ldns_rr_list *rr_list); + +/** + * Returns a copy of the data in the buffer as a null terminated + * char * string. The returned string must be freed by the caller. + * The buffer must be in write modus and may thus not have been flipped. + * + * \param[in] buffer buffer containing char * data + * \return null terminated char * data, or NULL on error + */ +char *ldns_buffer2str(ldns_buffer *buffer); + +/** + * Exports and returns the data in the buffer as a null terminated + * char * string. The returned string must be freed by the caller. + * The buffer must be in write modus and may thus not have been flipped. + * The buffer is fixed after this function returns. + * + * \param[in] buffer buffer containing char * data + * \return null terminated char * data, or NULL on error + */ +char *ldns_buffer_export2str(ldns_buffer *buffer); + +/** + * Prints the data in the rdata field to the given file stream + * (in presentation format) + * + * \param[in] output the file stream to print to + * \param[in] rdf the rdata field to print + * \return void + */ +void ldns_rdf_print(FILE *output, const ldns_rdf *rdf); + +/** + * Prints the data in the resource record to the given file stream + * (in presentation format) + * + * \param[in] output the file stream to print to + * \param[in] rr the resource record to print + * \return void + */ +void ldns_rr_print(FILE *output, const ldns_rr *rr); + +/** + * Prints the data in the resource record to the given file stream + * (in presentation format) + * + * \param[in] output the file stream to print to + * \param[in] fmt format of the textual representation + * \param[in] rr the resource record to print + * \return void + */ +void ldns_rr_print_fmt(FILE *output, + const ldns_output_format *fmt, const ldns_rr *rr); + +/** + * Prints the data in the DNS packet to the given file stream + * (in presentation format) + * + * \param[in] output the file stream to print to + * \param[in] pkt the packet to print + * \return void + */ +void ldns_pkt_print(FILE *output, const ldns_pkt *pkt); + +/** + * Prints the data in the DNS packet to the given file stream + * (in presentation format) + * + * \param[in] output the file stream to print to + * \param[in] fmt format of the textual representation + * \param[in] pkt the packet to print + * \return void + */ +void ldns_pkt_print_fmt(FILE *output, + const ldns_output_format *fmt, const ldns_pkt *pkt); + +/** + * Converts a rr_list to presentation format and appends it to + * the output buffer + * \param[in] output the buffer to append output to + * \param[in] list the ldns_rr_list to print + * \return ldns_status + */ +ldns_status ldns_rr_list2buffer_str(ldns_buffer *output, const ldns_rr_list *list); + +/** + * Converts a rr_list to presentation format and appends it to + * the output buffer + * \param[in] output the buffer to append output to + * \param[in] fmt format of the textual representation + * \param[in] list the ldns_rr_list to print + * \return ldns_status + */ +ldns_status ldns_rr_list2buffer_str_fmt(ldns_buffer *output, + const ldns_output_format *fmt, const ldns_rr_list *list); + +/** + * Converts the header of a packet to presentation format and appends it to + * the output buffer + * \param[in] output the buffer to append output to + * \param[in] pkt the packet to convert the header of + * \return ldns_status + */ +ldns_status ldns_pktheader2buffer_str(ldns_buffer *output, const ldns_pkt *pkt); + +/** + * print a rr_list to output + * \param[in] output the fd to print to + * \param[in] list the rr_list to print + */ +void ldns_rr_list_print(FILE *output, const ldns_rr_list *list); + +/** + * print a rr_list to output + * \param[in] output the fd to print to + * \param[in] fmt format of the textual representation + * \param[in] list the rr_list to print + */ +void ldns_rr_list_print_fmt(FILE *output, + const ldns_output_format *fmt, const ldns_rr_list *list); + +/** + * Print a resolver (in sofar that is possible) state + * to output. + * \param[in] output the fd to print to + * \param[in] r the resolver to print + */ +void ldns_resolver_print(FILE *output, const ldns_resolver *r); + +/** + * Print a resolver (in sofar that is possible) state + * to output. + * \param[in] output the fd to print to + * \param[in] fmt format of the textual representation + * \param[in] r the resolver to print + */ +void ldns_resolver_print_fmt(FILE *output, + const ldns_output_format *fmt, const ldns_resolver *r); + +/** + * Print a zone structure * to output. Note the SOA record + * is included in this output + * \param[in] output the fd to print to + * \param[in] z the zone to print + */ +void ldns_zone_print(FILE *output, const ldns_zone *z); + +/** + * Print a zone structure * to output. Note the SOA record + * is included in this output + * \param[in] output the fd to print to + * \param[in] fmt format of the textual representation + * \param[in] z the zone to print + */ +void ldns_zone_print_fmt(FILE *output, + const ldns_output_format *fmt, const ldns_zone *z); + +/** + * Print the ldns_rdf containing a dname to the buffer + * \param[in] output the buffer to print to + * \param[in] dname the dname to print + * \return ldns_status message if the printing succeeded + */ +ldns_status ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_HOST2STR_H */ diff --git a/ldns/include/ldns/host2wire.h b/ldns/include/ldns/host2wire.h new file mode 100644 index 0000000..94693cd --- /dev/null +++ b/ldns/include/ldns/host2wire.h @@ -0,0 +1,197 @@ +/* + * host2wire.h - 2wire conversion routines + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Contains all functions to translate the main structures to wire format + */ + +#ifndef LDNS_HOST2WIRE_H +#define LDNS_HOST2WIRE_H + +#include +#include +#include +#include +#include +#include +#include + +#include "ldns/util.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * Copies the dname data to the buffer in wire format + * \param[out] *buffer buffer to append the result to + * \param[in] *name rdata dname to convert + * \return ldns_status + */ +ldns_status ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name); + +/** + * Copies the dname data to the buffer in wire format + * \param[out] *buffer buffer to append the result to + * \param[in] *name rdata dname to convert + * \param[out] *compression_data data structure holding state for compression + * \return ldns_status + */ +ldns_status ldns_dname2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *name, ldns_rbtree_t *compression_data); + +/** + * Copies the rdata data to the buffer in wire format + * \param[out] *output buffer to append the result to + * \param[in] *rdf rdata to convert + * \return ldns_status + */ +ldns_status ldns_rdf2buffer_wire(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Copies the rdata data to the buffer in wire format + * \param[out] *output buffer to append the result to + * \param[in] *rdf rdata to convert + * \param[out] *compression_data data structure holding state for compression + * \return ldns_status + */ +ldns_status ldns_rdf2buffer_wire_compress(ldns_buffer *output, const ldns_rdf *rdf, ldns_rbtree_t *compression_data); + +/** + * Copies the rdata data to the buffer in wire format + * If the rdata is a dname, the letters will be lowercased + * during the conversion + * \param[out] *output buffer to append the result to + * \param[in] *rdf rdata to convert + * \return ldns_status + */ +ldns_status ldns_rdf2buffer_wire_canonical(ldns_buffer *output, + const ldns_rdf *rdf); + +/** + * Copies the rr data to the buffer in wire format + * \param[out] *output buffer to append the result to + * \param[in] *rr resource record to convert + * \param[in] section the section in the packet this rr is supposed to be in + * (to determine whether to add rdata or not) + * \return ldns_status + */ +ldns_status ldns_rr2buffer_wire(ldns_buffer *output, + const ldns_rr *rr, + int section); + +/** + * Copies the rr data to the buffer in wire format while doing DNAME compression + * \param[out] *output buffer to append the result to + * \param[in] *rr resource record to convert + * \param[in] section the section in the packet this rr is supposed to be in + * (to determine whether to add rdata or not) + * \param[out] *compression_data data structure holding state information for compression + * \return ldns_status + */ +ldns_status ldns_rr2buffer_wire_compress(ldns_buffer *output, + const ldns_rr *rr, + int section, + ldns_rbtree_t *compression_data); + +/** + * Copies the rr data to the buffer in wire format, in canonical format + * according to RFC3597 (every dname in rdata fields of RR's mentioned in + * that RFC will be lowercased) + * \param[out] *output buffer to append the result to + * \param[in] *rr resource record to convert + * \param[in] section the section in the packet this rr is supposed to be in + * (to determine whether to add rdata or not) + * \return ldns_status + */ +ldns_status ldns_rr2buffer_wire_canonical(ldns_buffer *output, + const ldns_rr *rr, + int section); + + +/** + * Converts a rrsig to wireformat BUT EXCLUDE the rrsig rdata + * This is needed in DNSSEC verification + * \param[out] output buffer to append the result to + * \param[in] sigrr signature rr to operate on + * \return ldns_status + */ +ldns_status ldns_rrsig2buffer_wire(ldns_buffer *output, const ldns_rr *sigrr); + +/** + * Converts an rr's rdata to wireformat, while excluding + * the ownername and all the stuff before the rdata. + * This is needed in DNSSEC keytag calculation, the ds + * calcalution from the key and maybe elsewhere. + * + * \param[out] *output buffer where to put the result + * \param[in] *rr rr to operate on + * \return ldns_status + */ +ldns_status ldns_rr_rdata2buffer_wire(ldns_buffer *output, const ldns_rr *rr); + +/** + * Copies the packet data to the buffer in wire format + * \param[out] *output buffer to append the result to + * \param[in] *pkt packet to convert + * \return ldns_status + */ +ldns_status ldns_pkt2buffer_wire(ldns_buffer *output, const ldns_pkt *pkt); + +/** + * Copies the rr_list data to the buffer in wire format + * \param[out] *output buffer to append the result to + * \param[in] *rrlist rr_list to to convert + * \return ldns_status + */ +ldns_status ldns_rr_list2buffer_wire(ldns_buffer *output, const ldns_rr_list *rrlist); + +/** + * Allocates an array of uint8_t at dest, and puts the wireformat of the + * given rdf in that array. The result_size value contains the + * length of the array, if it succeeds, and 0 otherwise (in which case + * the function also returns NULL) + * + * \param[out] dest pointer to the array of bytes to be created + * \param[in] rdf the rdata field to convert + * \param[out] size the size of the converted result + */ +ldns_status ldns_rdf2wire(uint8_t **dest, const ldns_rdf *rdf, size_t *size); + +/** + * Allocates an array of uint8_t at dest, and puts the wireformat of the + * given rr in that array. The result_size value contains the + * length of the array, if it succeeds, and 0 otherwise (in which case + * the function also returns NULL) + * + * If the section argument is LDNS_SECTION_QUESTION, data like ttl and rdata + * are not put into the result + * + * \param[out] dest pointer to the array of bytes to be created + * \param[in] rr the rr to convert + * \param[in] section the rr section, determines how the rr is written. + * \param[out] size the size of the converted result + */ +ldns_status ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int section, size_t *size); + +/** + * Allocates an array of uint8_t at dest, and puts the wireformat of the + * given packet in that array. The result_size value contains the + * length of the array, if it succeeds, and 0 otherwise (in which case + * the function also returns NULL) + */ +ldns_status ldns_pkt2wire(uint8_t **dest, const ldns_pkt *p, size_t *size); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_HOST2WIRE_H */ diff --git a/ldns/include/ldns/keys.h b/ldns/include/ldns/keys.h new file mode 100644 index 0000000..d3b4873 --- /dev/null +++ b/ldns/include/ldns/keys.h @@ -0,0 +1,621 @@ +/* + * + * keys.h + * + * priv key definitions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Addendum to \ref dnssec.h, this module contains key and algorithm definitions and functions. + */ + + +#ifndef LDNS_KEYS_H +#define LDNS_KEYS_H + +#include +#if LDNS_BUILD_CONFIG_HAVE_SSL +#include +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +extern ldns_lookup_table ldns_signing_algorithms[]; + +#define LDNS_KEY_ZONE_KEY 0x0100 /* rfc 4034 */ +#define LDNS_KEY_SEP_KEY 0x0001 /* rfc 4034 */ +#define LDNS_KEY_REVOKE_KEY 0x0080 /* rfc 5011 */ + +/** + * Algorithms used in dns + */ +enum ldns_enum_algorithm +{ + LDNS_RSAMD5 = 1, /* RFC 4034,4035 */ + LDNS_DH = 2, + LDNS_DSA = 3, + LDNS_ECC = 4, + LDNS_RSASHA1 = 5, + LDNS_DSA_NSEC3 = 6, + LDNS_RSASHA1_NSEC3 = 7, + LDNS_RSASHA256 = 8, /* RFC 5702 */ + LDNS_RSASHA512 = 10, /* RFC 5702 */ + LDNS_ECC_GOST = 12, /* RFC 5933 */ + LDNS_ECDSAP256SHA256 = 13, /* RFC 6605 */ + LDNS_ECDSAP384SHA384 = 14, /* RFC 6605 */ + LDNS_INDIRECT = 252, + LDNS_PRIVATEDNS = 253, + LDNS_PRIVATEOID = 254 +}; +typedef enum ldns_enum_algorithm ldns_algorithm; + +/** + * Hashing algorithms used in the DS record + */ +enum ldns_enum_hash +{ + LDNS_SHA1 = 1, /* RFC 4034 */ + LDNS_SHA256 = 2, /* RFC 4509 */ + LDNS_HASH_GOST = 3, /* RFC 5933 */ + LDNS_SHA384 = 4 /* RFC 6605 */ +}; +typedef enum ldns_enum_hash ldns_hash; + +/** + * Algorithms used in dns for signing + */ +enum ldns_enum_signing_algorithm +{ + LDNS_SIGN_RSAMD5 = LDNS_RSAMD5, + LDNS_SIGN_RSASHA1 = LDNS_RSASHA1, + LDNS_SIGN_DSA = LDNS_DSA, + LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3, + LDNS_SIGN_RSASHA256 = LDNS_RSASHA256, + LDNS_SIGN_RSASHA512 = LDNS_RSASHA512, + LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3, + LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST, + LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256, + LDNS_SIGN_ECDSAP384SHA384 = LDNS_ECDSAP384SHA384, + LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */ + LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */ + LDNS_SIGN_HMACSHA256 = 159 /* ditto */ +}; +typedef enum ldns_enum_signing_algorithm ldns_signing_algorithm; + +/** + * General key structure, can contain all types of keys that + * are used in DNSSEC. Mostly used to store private keys, since + * public keys can also be stored in a \ref ldns_rr with type + * \ref LDNS_RR_TYPE_DNSKEY. + * + * This structure can also store some variables that influence the + * signatures generated by signing with this key, for instance the + * inception date. + */ +struct ldns_struct_key { + ldns_signing_algorithm _alg; + /** Whether to use this key when signing */ + bool _use; + /** Storage pointers for the types of keys supported */ + /* TODO remove unions? */ + struct { +#if LDNS_BUILD_CONFIG_HAVE_SSL +#ifndef S_SPLINT_S + /* The key can be an OpenSSL EVP Key + */ + EVP_PKEY *key; +#endif +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + /** + * The key can be an HMAC key + */ + struct { + unsigned char *key; + size_t size; + } hmac; + /** the key structure can also just point to some external + * key data + */ + void *external_key; + } _key; + /** Depending on the key we can have extra data */ + union { + /** Some values that influence generated signatures */ + struct { + /** The TTL of the rrset that is currently signed */ + uint32_t orig_ttl; + /** The inception date of signatures made with this key. */ + uint32_t inception; + /** The expiration date of signatures made with this key. */ + uint32_t expiration; + /** The keytag of this key. */ + uint16_t keytag; + /** The dnssec key flags as specified in RFC4035, like ZSK and KSK */ + uint16_t flags; + } dnssec; + } _extra; + /** Owner name of the key */ + ldns_rdf *_pubkey_owner; +}; +typedef struct ldns_struct_key ldns_key; + +/** + * Same as rr_list, but now for keys + */ +struct ldns_struct_key_list +{ + size_t _key_count; + ldns_key **_keys; +}; +typedef struct ldns_struct_key_list ldns_key_list; + + +/** + * Creates a new empty key list + * \return a new ldns_key_list structure pointer + */ +ldns_key_list *ldns_key_list_new(void); + +/** + * Creates a new empty key structure + * \return a new ldns_key * structure + */ +ldns_key *ldns_key_new(void); + +/** + * Creates a new key based on the algorithm + * + * \param[in] a The algorithm to use + * \param[in] size the number of bytes for the keysize + * \return a new ldns_key structure with the key + */ +ldns_key *ldns_key_new_frm_algorithm(ldns_signing_algorithm a, uint16_t size); + +/** + * Creates a new priv key based on the + * contents of the file pointed by fp. + * + * The file should be in Private-key-format v1.x. + * + * \param[out] k the new ldns_key structure + * \param[in] fp the file pointer to use + * \return an error or LDNS_STATUS_OK + */ +ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp); + +/** + * Creates a new private key based on the + * contents of the file pointed by fp + * + * The file should be in Private-key-format v1.x. + * + * \param[out] k the new ldns_key structure + * \param[in] fp the file pointer to use + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return an error or LDNS_STATUS_OK + */ +ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr); + +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * Read the key with the given id from the given engine and store it + * in the given ldns_key structure. The algorithm type is set + */ +ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm); + + +/** + * frm_fp helper function. This function parses the + * remainder of the (RSA) priv. key file generated from bind9 + * \param[in] fp the file to parse + * \return NULL on failure otherwise a RSA structure + */ +RSA *ldns_key_new_frm_fp_rsa(FILE *fp); +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * frm_fp helper function. This function parses the + * remainder of the (RSA) priv. key file generated from bind9 + * \param[in] fp the file to parse + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return NULL on failure otherwise a RSA structure + */ +RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr); +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * frm_fp helper function. This function parses the + * remainder of the (DSA) priv. key file + * \param[in] fp the file to parse + * \return NULL on failure otherwise a RSA structure + */ +DSA *ldns_key_new_frm_fp_dsa(FILE *fp); +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * frm_fp helper function. This function parses the + * remainder of the (DSA) priv. key file + * \param[in] fp the file to parse + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return NULL on failure otherwise a RSA structure + */ +DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr); +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * frm_fp helper function. This function parses the + * remainder of the (HMAC-MD5) key file + * This function allocated a buffer that needs to be freed + * \param[in] fp the file to parse + * \param[out] hmac_size the number of bits in the resulting buffer + * \return NULL on failure otherwise a newly allocated char buffer + */ +unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size); +#endif + +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * frm_fp helper function. This function parses the + * remainder of the (HMAC-MD5) key file + * This function allocated a buffer that needs to be freed + * \param[in] fp the file to parse + * \param[in] line_nr pointer to an integer containing the current line number (for error reporting purposes) + * \param[out] hmac_size the number of bits in the resulting buffer + * \return NULL on failure otherwise a newly allocated char buffer + */ +unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size); +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + +/* acces write functions */ +/** + * Set the key's algorithm + * \param[in] k the key + * \param[in] l the algorithm + */ +void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l); +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * Set the key's evp key + * \param[in] k the key + * \param[in] e the evp key + */ +void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e); + +/** + * Set the key's rsa data. + * The rsa data should be freed by the user. + * \param[in] k the key + * \param[in] r the rsa data + */ +void ldns_key_set_rsa_key(ldns_key *k, RSA *r); + +/** + * Set the key's dsa data + * The dsa data should be freed by the user. + * \param[in] k the key + * \param[in] d the dsa data + */ +void ldns_key_set_dsa_key(ldns_key *k, DSA *d); + +/** + * Assign the key's rsa data + * The rsa data will be freed automatically when the key is freed. + * \param[in] k the key + * \param[in] r the rsa data + */ +void ldns_key_assign_rsa_key(ldns_key *k, RSA *r); + +/** + * Assign the key's dsa data + * The dsa data will be freed automatically when the key is freed. + * \param[in] k the key + * \param[in] d the dsa data + */ +void ldns_key_assign_dsa_key(ldns_key *k, DSA *d); + +/** + * Get the PKEY id for GOST, loads GOST into openssl as a side effect. + * Only available if GOST is compiled into the library and openssl. + * \return the gost id for EVP_CTX creation. + */ +int ldns_key_EVP_load_gost_id(void); + +/** Release the engine reference held for the GOST engine. */ +void ldns_key_EVP_unload_gost(void); +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + +/** + * Set the key's hmac data + * \param[in] k the key + * \param[in] hmac the raw key data + */ +void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac); + +/** + * Set the key id data. This is used if the key points to + * some externally stored key data + * + * Only the pointer is set, the data there is not copied, + * and must be freed manually; ldns_key_deep_free() does + * *not* free this data + * \param[in] key the key + * \param[in] external_key key id data + */ +void ldns_key_set_external_key(ldns_key *key, void *external_key); + +/** + * Set the key's hmac size + * \param[in] k the key + * \param[in] hmac_size the size of the hmac data + */ +void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size); +/** + * Set the key's original ttl + * \param[in] k the key + * \param[in] t the ttl + */ +void ldns_key_set_origttl(ldns_key *k, uint32_t t); +/** + * Set the key's inception date (seconds after epoch) + * \param[in] k the key + * \param[in] i the inception + */ +void ldns_key_set_inception(ldns_key *k, uint32_t i); +/** + * Set the key's expiration date (seconds after epoch) + * \param[in] k the key + * \param[in] e the expiration + */ +void ldns_key_set_expiration(ldns_key *k, uint32_t e); +/** + * Set the key's pubkey owner + * \param[in] k the key + * \param[in] r the owner + */ +void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r); +/** + * Set the key's key tag + * \param[in] k the key + * \param[in] tag the keytag + */ +void ldns_key_set_keytag(ldns_key *k, uint16_t tag); +/** + * Set the key's flags + * \param[in] k the key + * \param[in] flags the flags + */ +void ldns_key_set_flags(ldns_key *k, uint16_t flags); +/** + * Set the keylist's key count to count + * \param[in] key the key + * \param[in] count the cuont + */ +void ldns_key_list_set_key_count(ldns_key_list *key, size_t count); + +/** + * pushes a key to a keylist + * \param[in] key_list the key_list to push to + * \param[in] key the key to push + * \return false on error, otherwise true + */ +bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key); + +/** + * returns the number of keys in the key list + * \param[in] key_list the key_list + * \return the numbers of keys in the list + */ +size_t ldns_key_list_key_count(const ldns_key_list *key_list); + +/** + * returns a pointer to the key in the list at the given position + * \param[in] key the key + * \param[in] nr the position in the list + * \return the key + */ +ldns_key *ldns_key_list_key(const ldns_key_list *key, size_t nr); + +#if LDNS_BUILD_CONFIG_HAVE_SSL +/** + * returns the (openssl) RSA struct contained in the key + * \param[in] k the key to look in + * \return the RSA * structure in the key + */ +RSA *ldns_key_rsa_key(const ldns_key *k); +/** + * returns the (openssl) EVP struct contained in the key + * \param[in] k the key to look in + * \return the RSA * structure in the key + */ +EVP_PKEY *ldns_key_evp_key(const ldns_key *k); +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + +/** + * returns the (openssl) DSA struct contained in the key + */ +#if LDNS_BUILD_CONFIG_HAVE_SSL +DSA *ldns_key_dsa_key(const ldns_key *k); +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ + +/** + * return the signing alg of the key + * \param[in] k the key + * \return the algorithm + */ +ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k); +/** + * set the use flag + * \param[in] k the key + * \param[in] v the boolean value to set the _use field to + */ +void ldns_key_set_use(ldns_key *k, bool v); +/** + * return the use flag + * \param[in] k the key + * \return the boolean value of the _use field + */ +bool ldns_key_use(const ldns_key *k); +/** + * return the hmac key data + * \param[in] k the key + * \return the hmac key data + */ +unsigned char *ldns_key_hmac_key(const ldns_key *k); +/** + * return the key id key data + * \param[in] k the key + * \return the key id data + */ +void *ldns_key_external_key(const ldns_key *k); +/** + * return the hmac key size + * \param[in] k the key + * \return the hmac key size + */ +size_t ldns_key_hmac_size(const ldns_key *k); +/** + * return the original ttl of the key + * \param[in] k the key + * \return the original ttl + */ +uint32_t ldns_key_origttl(const ldns_key *k); +/** + * return the key's inception date + * \param[in] k the key + * \return the inception date + */ +uint32_t ldns_key_inception(const ldns_key *k); +/** + * return the key's expiration date + * \param[in] k the key + * \return the experiration date + */ +uint32_t ldns_key_expiration(const ldns_key *k); +/** + * return the keytag + * \param[in] k the key + * \return the keytag + */ +uint16_t ldns_key_keytag(const ldns_key *k); +/** + * return the public key's owner + * \param[in] k the key + * \return the owner + */ +ldns_rdf *ldns_key_pubkey_owner(const ldns_key *k); +/** + * Set the 'use' flag for all keys in the list + * \param[in] keys The key_list + * \param[in] v The value to set the use flags to + */ +void +ldns_key_list_set_use(ldns_key_list *keys, bool v); + +/** + * return the flag of the key + * \param[in] k the key + * \return the flag + */ +uint16_t ldns_key_flags(const ldns_key *k); + +/** + * pops the last rr from a keylist + * \param[in] key_list the rr_list to pop from + * \return NULL if nothing to pop. Otherwise the popped RR + */ +ldns_key *ldns_key_list_pop_key(ldns_key_list *key_list); + +/** + * converts a ldns_key to a public key rr + * If the key data exists at an external point, the corresponding + * rdata field must still be added with ldns_rr_rdf_push() to the + * result rr of this function + * + * \param[in] k the ldns_key to convert + * \return ldns_rr representation of the key + */ +ldns_rr *ldns_key2rr(const ldns_key *k); + +/** + * print a private key to the file ouput + * + * \param[in] output the FILE descriptor where to print to + * \param[in] k the ldns_key to print + */ +void ldns_key_print(FILE *output, const ldns_key *k); + +/** + * frees a key structure, but not its internal data structures + * + * \param[in] key the key object to free + */ +void ldns_key_free(ldns_key *key); + +/** + * frees a key structure and all its internal data structures, except + * the data set by ldns_key_set_external_key() + * + * \param[in] key the key object to free + */ +void ldns_key_deep_free(ldns_key *key); + +/** + * Frees a key list structure + * \param[in] key_list the key list object to free + */ +void ldns_key_list_free(ldns_key_list *key_list); + +/** + * Instantiates a DNSKEY or DS RR from file. + * \param[in] filename the file to read the record from + * \return the corresponding RR, or NULL if the parsing failed + */ +ldns_rr * ldns_read_anchor_file(const char *filename); + +/** + * Returns the 'default base name' for key files; + * IE. K\+\+\ + * (without the .key or .private) + * The memory for this is allocated by this function, + * and should be freed by the caller + * + * \param[in] key the key to get the file name from + * \returns A string containing the file base name + */ +char *ldns_key_get_file_base_name(ldns_key *key); + +/** + * See if a key algorithm is supported + * \param[in] algo the signing algorithm number. + * \returns true if supported. + */ +int ldns_key_algo_supported(int algo); + +/** + * Get signing algorithm by name. Comparison is case insensitive. + * \param[in] name string with the name. + * \returns 0 on parse failure or the algorithm number. + */ +ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_KEYS_H */ diff --git a/ldns/include/ldns/ldns.h b/ldns/include/ldns/ldns.h new file mode 100644 index 0000000..60663ef --- /dev/null +++ b/ldns/include/ldns/ldns.h @@ -0,0 +1,158 @@ +/* + * dns.h -- defines for the Domain Name System + * + * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + * + * This library was created by: + * Jelte Jansen, Erik Rozendaal and Miek Gieben + * + * A bunch of defines that are used in the DNS. + */ + + +/** +\mainpage LDNS Documentation + +\section introduction Introduction + +The goal of ldns is to simplify DNS programming, it supports recent RFCs +like the DNSSEC documents, and allow developers to easily create software +conforming to current RFCs, and experimental software for current Internet +drafts. A secondary benefit of using ldns is speed, because ldns is written +in C, and although it is not optimized for performance, it should be a lot +faster than Perl. + +The first main tool to use ldns is Drill, from which part of the library was +derived. From version 1.0.0 on, drill is included in the ldns release +and will not be distributed separately anymore. The library also includes some +other examples and tools to show how it can be used. These can be found in the +examples/ directory in the tarball. + +ldns depends on OpenSSL for it's cryptographic functions. +Feature list + + - Transparent IPv4 and IPv6 support (overridable if necessary), + - TSIG support, + - DNSSEC support; signing and verification, + - small size, + - online documentation as well as manual pages. + +If you want to send us patches please use the code from git. + +\section using_ldns Using ldns + +Almost all interaction between an application and ldns goes through the ldns +data structures (\ref ldns_rr, \ref ldns_pkt, etc.). These are input or +output to the functions of ldns. For example, \ref ldns_zone_new_frm_fp +reads a zone from a \c FILE pointer, and returns an \ref ldns_zone +structure. + + +Let's use Drill as an example. Drill is a tool much like dig, whose most +basic function is to send 1 query to a nameserver and print the response. + +To be able to do this, drill uses the resolver module of ldns, which acts as +a stub resolver. The resolver module uses the net module to actually send +the query that drill requested. It then uses the wire2host module to +translate the response and place it in ldns' internal structures. These are +passed back to drill, which then uses the host2str module to print the +response in presentation format. + +\section gettingstarted Getting Started + +See the \ref design page for a very high level description of the design +choices made for ldns. + +For an overview of the functions and types ldns provides, you can check out +the \ref ldns ldns header file descriptions. + +If you want to see some libdns action, you can read our tutorials: + - \ref tutorial1_mx + - \ref tutorial2_zone + - \ref tutorial3_signzone + +Or you can just use the menu above to browse through the API docs. + +
+\image html LogoInGradientBar2-y100.png +
+*/ + +/** + * \file ldns.h + * + * Including this file will include all ldns files, and define some lookup tables. + */ + +#ifndef LDNS_DNS_H +#define LDNS_DNS_H + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define LDNS_IP4ADDRLEN (32/8) +#define LDNS_IP6ADDRLEN (128/8) +#define LDNS_PORT 53 +#define LDNS_ROOT_LABEL_STR "." +#define LDNS_DEFAULT_TTL 3600 + +/* lookup tables for standard DNS stuff */ + +/** Taken from RFC 2538, section 2.1. */ +extern ldns_lookup_table ldns_certificate_types[]; +/** Taken from RFC 2535, section 7. */ +extern ldns_lookup_table ldns_algorithms[]; +/** Taken from RFC 2538. */ +extern ldns_lookup_table ldns_cert_algorithms[]; +/** rr types */ +extern ldns_lookup_table ldns_rr_classes[]; +/** Response codes */ +extern ldns_lookup_table ldns_rcodes[]; +/** Operation codes */ +extern ldns_lookup_table ldns_opcodes[]; +/** EDNS flags */ +extern ldns_lookup_table ldns_edns_flags[]; + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_DNS_H */ diff --git a/ldns/include/ldns/net.h b/ldns/include/ldns/net.h new file mode 100644 index 0000000..692a9fb --- /dev/null +++ b/ldns/include/ldns/net.h @@ -0,0 +1,207 @@ +/* + * net.h + * + * DNS Resolver definitions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +#ifndef LDNS_NET_H +#define LDNS_NET_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define LDNS_DEFAULT_TIMEOUT_SEC 5 +#define LDNS_DEFAULT_TIMEOUT_USEC 0 + +/** + * \file + * + * Contains functions to send and receive packets over a network. + */ + +/** + * Sends a buffer to an ip using udp and return the respons as a ldns_pkt + * \param[in] qbin the ldns_buffer to be send + * \param[in] to the ip addr to send to + * \param[in] tolen length of the ip addr + * \param[in] timeout the timeout value for the network + * \param[out] answersize size of the packet + * \param[out] result packet with the answer + * \return status + */ +ldns_status ldns_udp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout, size_t *answersize); + +/** + * Send an udp query and don't wait for an answer but return + * the socket + * \param[in] qbin the ldns_buffer to be send + * \param[in] to the ip addr to send to + * \param[in] tolen length of the ip addr + * \param[in] timeout *unused*, was the timeout value for the network + * \return the socket used + */ +int ldns_udp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout); + +/** + * Send an tcp query and don't wait for an answer but return + * the socket + * \param[in] qbin the ldns_buffer to be send + * \param[in] to the ip addr to send to + * \param[in] tolen length of the ip addr + * \param[in] timeout the timeout value for the connect attempt + * \return the socket used + */ +int ldns_tcp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout); + +/** + * Sends a buffer to an ip using tcp and return the respons as a ldns_pkt + * \param[in] qbin the ldns_buffer to be send + * \param[in] qbin the ldns_buffer to be send + * \param[in] to the ip addr to send to + * \param[in] tolen length of the ip addr + * \param[in] timeout the timeout value for the network + * \param[out] answersize size of the packet + * \param[out] result packet with the answer + * \return status + */ +ldns_status ldns_tcp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout, size_t *answersize); + +/** + * Sends ptk to the nameserver at the resolver object. Returns the data + * as a ldns_pkt + * + * \param[out] pkt packet received from the nameserver + * \param[in] r the resolver to use + * \param[in] query_pkt the query to send + * \return status + */ +ldns_status ldns_send(ldns_pkt **pkt, ldns_resolver *r, const ldns_pkt *query_pkt); + +/** + * Sends and ldns_buffer (presumably containing a packet to the nameserver at the resolver object. Returns the data + * as a ldns_pkt + * + * \param[out] pkt packet received from the nameserver + * \param[in] r the resolver to use + * \param[in] qb the buffer to send + * \param[in] tsig_mac the tsig MAC to authenticate the response with (NULL to do no TSIG authentication) + * \return status + */ +ldns_status ldns_send_buffer(ldns_pkt **pkt, ldns_resolver *r, ldns_buffer *qb, ldns_rdf *tsig_mac); + +/** + * Create a tcp socket to the specified address + * \param[in] to ip and family + * \param[in] tolen length of to + * \param[in] timeout timeout for the connect attempt + * \return a socket descriptor + */ +int ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout); + +/** + * Create a udp socket to the specified address + * \param[in] to ip and family + * \param[in] timeout *unused*, was timeout for the socket + * \return a socket descriptor + */ +int ldns_udp_connect(const struct sockaddr_storage *to, struct timeval timeout); + +/** + * send a query via tcp to a server. Don't want for the answer + * + * \param[in] qbin the buffer to send + * \param[in] sockfd the socket to use + * \param[in] to which ip to send it + * \param[in] tolen socketlen + * \return number of bytes sent + */ +ssize_t ldns_tcp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen); + +/** + * send a query via udp to a server. Don;t want for the answer + * + * \param[in] qbin the buffer to send + * \param[in] sockfd the socket to use + * \param[in] to which ip to send it + * \param[in] tolen socketlen + * \return number of bytes sent + */ +ssize_t ldns_udp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen); + +/** + * Gives back a raw packet from the wire and reads the header data from the given + * socket. Allocates the data (of size size) itself, so don't forget to free + * + * \param[in] sockfd the socket to read from + * \param[out] size the number of bytes that are read + * \param[in] timeout the time allowed between packets. + * \return the data read + */ +uint8_t *ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout); + +/** + * This routine may block. Use ldns_tcp_read_wire_timeout, it checks timeouts. + * Gives back a raw packet from the wire and reads the header data from the given + * socket. Allocates the data (of size size) itself, so don't forget to free + * + * \param[in] sockfd the socket to read from + * \param[out] size the number of bytes that are read + * \return the data read + */ +uint8_t *ldns_tcp_read_wire(int sockfd, size_t *size); + +/** + * Gives back a raw packet from the wire and reads the header data from the given + * socket. Allocates the data (of size size) itself, so don't forget to free + * + * \param[in] sockfd the socket to read from + * \param[in] fr the address of the client (if applicable) + * \param[in] *frlen the lenght of the client's addr (if applicable) + * \param[out] size the number of bytes that are read + * \return the data read + */ +uint8_t *ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *fr, socklen_t *frlen); + +/** + * returns the native sockaddr representation from the rdf. + * \param[in] rd the ldns_rdf to operate on + * \param[in] port what port to use. 0 means; use default (53) + * \param[out] size what is the size of the sockaddr_storage + * \return struct sockaddr* the address in the format so other + * functions can use it (sendto) + */ +struct sockaddr_storage * ldns_rdf2native_sockaddr_storage(const ldns_rdf *rd, uint16_t port, size_t *size); + +/** + * returns an rdf with the sockaddr info. works for ip4 and ip6 + * \param[in] sock the struct sockaddr_storage to convert + * \param[in] port what port was used. When NULL this is not set + * \return ldns_rdf* wth the address + */ +ldns_rdf * ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port); + +/** + * Prepares the resolver for an axfr query + * The query is sent and the answers can be read with ldns_axfr_next + * \param[in] resolver the resolver to use + * \param[in] domain the domain to exfr + * \param[in] c the class to use + * \return ldns_status the status of the transfer + */ +ldns_status ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class c); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_NET_H */ diff --git a/ldns/include/ldns/packet.h b/ldns/include/ldns/packet.h new file mode 100644 index 0000000..e66aa34 --- /dev/null +++ b/ldns/include/ldns/packet.h @@ -0,0 +1,891 @@ +/* + * packet.h + * + * DNS packet definitions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Contains the definition of ldns_pkt and its parts, as well + * as functions to manipulate those. + */ + + +#ifndef LDNS_PACKET_H +#define LDNS_PACKET_H + +#define LDNS_MAX_PACKETLEN 65535 + +/* allow flags to be given to mk_query */ +#define LDNS_QR 1 /* QueRy - query flag */ +#define LDNS_AA 2 /* Authoritative Answer - server flag */ +#define LDNS_TC 4 /* TrunCated - server flag */ +#define LDNS_RD 8 /* Recursion Desired - query flag */ +#define LDNS_CD 16 /* Checking Disabled - query flag */ +#define LDNS_RA 32 /* Recursion Available - server flag */ +#define LDNS_AD 64 /* Authenticated Data - server flag */ + +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* opcodes for pkt's */ +enum ldns_enum_pkt_opcode { + LDNS_PACKET_QUERY = 0, + LDNS_PACKET_IQUERY = 1, + LDNS_PACKET_STATUS = 2, /* there is no 3?? DNS is weird */ + LDNS_PACKET_NOTIFY = 4, + LDNS_PACKET_UPDATE = 5 +}; +typedef enum ldns_enum_pkt_opcode ldns_pkt_opcode; + +/* rcodes for pkts */ +enum ldns_enum_pkt_rcode { + LDNS_RCODE_NOERROR = 0, + LDNS_RCODE_FORMERR = 1, + LDNS_RCODE_SERVFAIL = 2, + LDNS_RCODE_NXDOMAIN = 3, + LDNS_RCODE_NOTIMPL = 4, + LDNS_RCODE_REFUSED = 5, + LDNS_RCODE_YXDOMAIN = 6, + LDNS_RCODE_YXRRSET = 7, + LDNS_RCODE_NXRRSET = 8, + LDNS_RCODE_NOTAUTH = 9, + LDNS_RCODE_NOTZONE = 10 +}; +typedef enum ldns_enum_pkt_rcode ldns_pkt_rcode; + +/** + * Header of a dns packet + * + * Contains the information about the packet itself, as specified in RFC1035 +
+4.1.1. Header section format
+
+The header contains the following fields:
+
+                                    1  1  1  1  1  1
+      0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                      ID                       |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |QR|   Opcode  |AA|TC|RD|RA|   Z    |   RCODE   |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                    QDCOUNT                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                    ANCOUNT                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                    NSCOUNT                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                    ARCOUNT                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ID              A 16 bit identifier assigned by the program that
+                generates any kind of query.  This identifier is copied
+                the corresponding reply and can be used by the requester
+                to match up replies to outstanding queries.
+
+QR              A one bit field that specifies whether this message is a
+                query (0), or a response (1).
+
+OPCODE          A four bit field that specifies kind of query in this
+                message.  This value is set by the originator of a query
+                and copied into the response.  The values are:
+
+                0               a standard query (QUERY)
+
+                1               an inverse query (IQUERY)
+
+                2               a server status request (STATUS)
+
+                3-15            reserved for future use
+
+AA              Authoritative Answer - this bit is valid in responses,
+                and specifies that the responding name server is an
+                authority for the domain name in question section.
+
+                Note that the contents of the answer section may have
+                multiple owner names because of aliases.  The AA bit
+
+                corresponds to the name which matches the query name, or
+                the first owner name in the answer section.
+
+TC              TrunCation - specifies that this message was truncated
+                due to length greater than that permitted on the
+                transmission channel.
+
+RD              Recursion Desired - this bit may be set in a query and
+                is copied into the response.  If RD is set, it directs
+                the name server to pursue the query recursively.
+                Recursive query support is optional.
+
+RA              Recursion Available - this be is set or cleared in a
+                response, and denotes whether recursive query support is
+                available in the name server.
+
+Z               Reserved for future use.  Must be zero in all queries
+                and responses.
+
+RCODE           Response code - this 4 bit field is set as part of
+                responses.  The values have the following
+                interpretation:
+
+                0               No error condition
+
+                1               Format error - The name server was
+                                unable to interpret the query.
+
+                2               Server failure - The name server was
+                                unable to process this query due to a
+                                problem with the name server.
+
+                3               Name Error - Meaningful only for
+                                responses from an authoritative name
+                                server, this code signifies that the
+                                domain name referenced in the query does
+                                not exist.
+
+                4               Not Implemented - The name server does
+                                not support the requested kind of query.
+
+                5               Refused - The name server refuses to
+                                perform the specified operation for
+                                policy reasons.  For example, a name
+                                server may not wish to provide the
+                                information to the particular requester,
+                                or a name server may not wish to perform
+                                a particular operation (e.g., zone
+
+                                transfer) for particular data.
+
+                6-15            Reserved for future use.
+
+QDCOUNT         an unsigned 16 bit integer specifying the number of
+                entries in the question section.
+
+ANCOUNT         an unsigned 16 bit integer specifying the number of
+                resource records in the answer section.
+
+NSCOUNT         an unsigned 16 bit integer specifying the number of name
+                server resource records in the authority records
+                section.
+
+ARCOUNT         an unsigned 16 bit integer specifying the number of
+                resource records in the additional records section.
+
+
+ */ +struct ldns_struct_hdr +{ + /** Id of a packet */ + uint16_t _id; + /** Query bit (0=query, 1=answer) */ + bool _qr; + /** Authoritative answer */ + bool _aa; + /** Packet truncated */ + bool _tc; + /** Recursion desired */ + bool _rd; + /** Checking disabled */ + bool _cd; + /** Recursion available */ + bool _ra; + /** Authentic data */ + bool _ad; + /** Query type */ + ldns_pkt_opcode _opcode; /* XXX 8 bits? */ + /** Response code */ + uint8_t _rcode; + /** question sec */ + uint16_t _qdcount; + /** answer sec */ + uint16_t _ancount; + /** auth sec */ + uint16_t _nscount; + /** add sec */ + uint16_t _arcount; +}; +typedef struct ldns_struct_hdr ldns_hdr; + +/** + * DNS packet + * + * This structure contains a complete DNS packet (either a query or an answer) + * + * It is the complete representation of what you actually send to a + * nameserver, and what it sends back (assuming you are the client here). + */ +struct ldns_struct_pkt +{ + /** Header section */ + ldns_hdr *_header; + /* extra items needed in a packet */ + /** The size of the wire format of the packet in octets */ + ldns_rdf *_answerfrom; + /** Timestamp of the time the packet was sent or created */ + struct timeval timestamp; + /** The duration of the query this packet is an answer to */ + uint32_t _querytime; + /** The size of the wire format of the packet in octets */ + size_t _size; + /** Optional tsig rr */ + ldns_rr *_tsig_rr; + /** EDNS0 available buffer size, see RFC2671 */ + uint16_t _edns_udp_size; + /** EDNS0 Extended rcode */ + uint8_t _edns_extended_rcode; + /** EDNS Version */ + uint8_t _edns_version; + /* OPT pseudo-RR presence flag */ + uint8_t _edns_present; + /** Reserved EDNS data bits */ + uint16_t _edns_z; + /** Arbitrary EDNS rdata */ + ldns_rdf *_edns_data; + /** Question section */ + ldns_rr_list *_question; + /** Answer section */ + ldns_rr_list *_answer; + /** Authority section */ + ldns_rr_list *_authority; + /** Additional section */ + ldns_rr_list *_additional; +}; +typedef struct ldns_struct_pkt ldns_pkt; + +/** + * The sections of a packet + */ +enum ldns_enum_pkt_section { + LDNS_SECTION_QUESTION = 0, + LDNS_SECTION_ANSWER = 1, + LDNS_SECTION_AUTHORITY = 2, + LDNS_SECTION_ADDITIONAL = 3, + /** bogus section, if not interested */ + LDNS_SECTION_ANY = 4, + /** used to get all non-question rrs from a packet */ + LDNS_SECTION_ANY_NOQUESTION = 5 +}; +typedef enum ldns_enum_pkt_section ldns_pkt_section; + +/** + * The different types of packets + */ +enum ldns_enum_pkt_type { + LDNS_PACKET_QUESTION, + LDNS_PACKET_REFERRAL, + LDNS_PACKET_ANSWER, + LDNS_PACKET_NXDOMAIN, + LDNS_PACKET_NODATA, + LDNS_PACKET_UNKNOWN +}; +typedef enum ldns_enum_pkt_type ldns_pkt_type; + +/* prototypes */ + +/* read */ + +/** + * Read the packet id + * \param[in] p the packet + * \return the packet id + */ +uint16_t ldns_pkt_id(const ldns_pkt *p); +/** + * Read the packet's qr bit + * \param[in] p the packet + * \return value of the bit + */ +bool ldns_pkt_qr(const ldns_pkt *p); +/** + * Read the packet's aa bit + * \param[in] p the packet + * \return value of the bit + */ +bool ldns_pkt_aa(const ldns_pkt *p); +/** + * Read the packet's tc bit + * \param[in] p the packet + * \return value of the bit + */ +bool ldns_pkt_tc(const ldns_pkt *p); +/** + * Read the packet's rd bit + * \param[in] p the packet + * \return value of the bit + */ +bool ldns_pkt_rd(const ldns_pkt *p); +/** + * Read the packet's cd bit + * \param[in] p the packet + * \return value of the bit + */ +bool ldns_pkt_cd(const ldns_pkt *p); +/** + * Read the packet's ra bit + * \param[in] p the packet + * \return value of the bit + */ +bool ldns_pkt_ra(const ldns_pkt *p); +/** + * Read the packet's ad bit + * \param[in] p the packet + * \return value of the bit + */ +bool ldns_pkt_ad(const ldns_pkt *p); +/** + * Read the packet's code + * \param[in] p the packet + * \return the opcode + */ +ldns_pkt_opcode ldns_pkt_get_opcode(const ldns_pkt *p); +/** + * Return the packet's respons code + * \param[in] p the packet + * \return the respons code + */ +ldns_pkt_rcode ldns_pkt_get_rcode(const ldns_pkt *p); +/** + * Return the packet's qd count + * \param[in] p the packet + * \return the qd count + */ +uint16_t ldns_pkt_qdcount(const ldns_pkt *p); +/** + * Return the packet's an count + * \param[in] p the packet + * \return the an count + */ +uint16_t ldns_pkt_ancount(const ldns_pkt *p); +/** + * Return the packet's ns count + * \param[in] p the packet + * \return the ns count + */ +uint16_t ldns_pkt_nscount(const ldns_pkt *p); +/** + * Return the packet's ar count + * \param[in] p the packet + * \return the ar count + */ +uint16_t ldns_pkt_arcount(const ldns_pkt *p); + +/** + * Return the packet's answerfrom + * \param[in] p packet + * \return the name of the server + */ +ldns_rdf *ldns_pkt_answerfrom(const ldns_pkt *p); + +/** + * Return the packet's timestamp + * \param[in] p the packet + * \return the timestamp + */ +struct timeval ldns_pkt_timestamp(const ldns_pkt *p); +/** + * Return the packet's querytime + * \param[in] p the packet + * \return the querytime + */ +uint32_t ldns_pkt_querytime(const ldns_pkt *p); + +/** + * Return the packet's size in bytes + * \param[in] p the packet + * \return the size + */ +size_t ldns_pkt_size(const ldns_pkt *p); + +/** + * Return the number of RRs in the given section. + * Returns the sum of all RRs when LDNS_SECTION_ANY is given. + * Returns the sum of all non-question RRs when LDNS_SECTION_ANY_NOQUESTION + * is given. + * \param[in] p the packet + * \param[in] s the section + * \return the number of RRs in the given section + */ +uint16_t ldns_pkt_section_count(const ldns_pkt *p, ldns_pkt_section s); + +/** + * Return the packet's tsig pseudo rr's + * \param[in] p the packet + * \return the tsig rr + */ +ldns_rr *ldns_pkt_tsig(const ldns_pkt *p); + +/** + * Return the packet's question section + * \param[in] p the packet + * \return the section + */ +ldns_rr_list *ldns_pkt_question(const ldns_pkt *p); +/** + * Return the packet's answer section + * \param[in] p the packet + * \return the section + */ +ldns_rr_list *ldns_pkt_answer(const ldns_pkt *p); +/** + * Return the packet's authority section + * \param[in] p the packet + * \return the section + */ +ldns_rr_list *ldns_pkt_authority(const ldns_pkt *p); +/** + * Return the packet's additional section + * \param[in] p the packet + * \return the section + */ +ldns_rr_list *ldns_pkt_additional(const ldns_pkt *p); +/** + * Return the packet's question, answer, authority and additional sections + * concatenated, in a new rr_list clone. + * \param[in] p the packet + * \return the rrs + */ +ldns_rr_list *ldns_pkt_all(const ldns_pkt *p); +/** + * Return the packet's answer, authority and additional sections concatenated, + * in a new rr_list clone. Like ldns_pkt_all but without the questions. + * \param[in] p the packet + * \return the rrs except the question rrs + */ +ldns_rr_list *ldns_pkt_all_noquestion(const ldns_pkt *p); + +/** + * return all the rr_list's in the packet. Clone the lists, instead + * of returning pointers. + * \param[in] p the packet to look in + * \param[in] s what section(s) to return + * \return ldns_rr_list with the rr's or NULL if none were found + */ +ldns_rr_list *ldns_pkt_get_section_clone(const ldns_pkt *p, ldns_pkt_section s); + +/** + * return all the rr with a specific name from a packet. Optionally + * specify from which section in the packet + * \param[in] p the packet + * \param[in] r the name + * \param[in] s the packet's section + * \return a list with the rr's or NULL if none were found + */ +ldns_rr_list *ldns_pkt_rr_list_by_name(ldns_pkt *p, ldns_rdf *r, ldns_pkt_section s); +/** + * return all the rr with a specific type from a packet. Optionally + * specify from which section in the packet + * \param[in] p the packet + * \param[in] t the type + * \param[in] s the packet's section + * \return a list with the rr's or NULL if none were found + */ +ldns_rr_list *ldns_pkt_rr_list_by_type(const ldns_pkt *p, ldns_rr_type t, ldns_pkt_section s); +/** + * return all the rr with a specific type and type from a packet. Optionally + * specify from which section in the packet + * \param[in] packet the packet + * \param[in] ownername the name + * \param[in] type the type + * \param[in] sec the packet's section + * \return a list with the rr's or NULL if none were found + */ +ldns_rr_list *ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet, const ldns_rdf *ownername, ldns_rr_type type, ldns_pkt_section sec); + + +/** + * check to see if an rr exist in the packet + * \param[in] pkt the packet to examine + * \param[in] sec in which section to look + * \param[in] rr the rr to look for + */ +bool ldns_pkt_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr); + + +/** + * sets the flags in a packet. + * \param[in] pkt the packet to operate on + * \param[in] flags ORed values: LDNS_QR| LDNS_AR for instance + * \return true on success otherwise false + */ +bool ldns_pkt_set_flags(ldns_pkt *pkt, uint16_t flags); + +/** + * Set the packet's id + * \param[in] p the packet + * \param[in] id the id to set + */ +void ldns_pkt_set_id(ldns_pkt *p, uint16_t id); +/** + * Set the packet's id to a random value + * \param[in] p the packet + */ +void ldns_pkt_set_random_id(ldns_pkt *p); +/** + * Set the packet's qr bit + * \param[in] p the packet + * \param[in] b the value to set (boolean) + */ +void ldns_pkt_set_qr(ldns_pkt *p, bool b); +/** + * Set the packet's aa bit + * \param[in] p the packet + * \param[in] b the value to set (boolean) + */ +void ldns_pkt_set_aa(ldns_pkt *p, bool b); +/** + * Set the packet's tc bit + * \param[in] p the packet + * \param[in] b the value to set (boolean) + */ +void ldns_pkt_set_tc(ldns_pkt *p, bool b); +/** + * Set the packet's rd bit + * \param[in] p the packet + * \param[in] b the value to set (boolean) + */ +void ldns_pkt_set_rd(ldns_pkt *p, bool b); +/** + * Set the packet's cd bit + * \param[in] p the packet + * \param[in] b the value to set (boolean) + */ +void ldns_pkt_set_cd(ldns_pkt *p, bool b); +/** + * Set the packet's ra bit + * \param[in] p the packet + * \param[in] b the value to set (boolean) + */ +void ldns_pkt_set_ra(ldns_pkt *p, bool b); +/** + * Set the packet's ad bit + * \param[in] p the packet + * \param[in] b the value to set (boolean) + */ +void ldns_pkt_set_ad(ldns_pkt *p, bool b); + +/** + * Set the packet's opcode + * \param[in] p the packet + * \param[in] c the opcode + */ +void ldns_pkt_set_opcode(ldns_pkt *p, ldns_pkt_opcode c); +/** + * Set the packet's respons code + * \param[in] p the packet + * \param[in] c the rcode + */ +void ldns_pkt_set_rcode(ldns_pkt *p, uint8_t c); +/** + * Set the packet's qd count + * \param[in] p the packet + * \param[in] c the count + */ +void ldns_pkt_set_qdcount(ldns_pkt *p, uint16_t c); +/** + * Set the packet's an count + * \param[in] p the packet + * \param[in] c the count + */ +void ldns_pkt_set_ancount(ldns_pkt *p, uint16_t c); +/** + * Set the packet's ns count + * \param[in] p the packet + * \param[in] c the count + */ +void ldns_pkt_set_nscount(ldns_pkt *p, uint16_t c); +/** + * Set the packet's arcount + * \param[in] p the packet + * \param[in] c the count + */ +void ldns_pkt_set_arcount(ldns_pkt *p, uint16_t c); +/** + * Set the packet's answering server + * \param[in] p the packet + * \param[in] r the address + */ +void ldns_pkt_set_answerfrom(ldns_pkt *p, ldns_rdf *r); +/** + * Set the packet's query time + * \param[in] p the packet + * \param[in] t the querytime in msec + */ +void ldns_pkt_set_querytime(ldns_pkt *p, uint32_t t); +/** + * Set the packet's size + * \param[in] p the packet + * \param[in] s the size + */ +void ldns_pkt_set_size(ldns_pkt *p, size_t s); + +/** + * Set the packet's timestamp + * \param[in] p the packet + * \param[in] timeval the timestamp + */ +void ldns_pkt_set_timestamp(ldns_pkt *p, struct timeval timeval); +/** + * Set a packet's section count to x + * \param[in] p the packet + * \param[in] s the section + * \param[in] x the section count + */ +void ldns_pkt_set_section_count(ldns_pkt *p, ldns_pkt_section s, uint16_t x); +/** + * Set the packet's tsig rr + * \param[in] p the packet + * \param[in] t the tsig rr + */ +void ldns_pkt_set_tsig(ldns_pkt *p, ldns_rr *t); + +/** + * looks inside the packet to determine + * what kind of packet it is, AUTH, NXDOMAIN, REFERRAL, etc. + * \param[in] p the packet to examine + * \return the type of packet + */ +ldns_pkt_type ldns_pkt_reply_type(ldns_pkt *p); + +/** + * return the packet's edns udp size + * \param[in] packet the packet + * \return the size + */ +uint16_t ldns_pkt_edns_udp_size(const ldns_pkt *packet); +/** + * return the packet's edns extended rcode + * \param[in] packet the packet + * \return the rcode + */ +uint8_t ldns_pkt_edns_extended_rcode(const ldns_pkt *packet); +/** + * return the packet's edns version + * \param[in] packet the packet + * \return the version + */ +uint8_t ldns_pkt_edns_version(const ldns_pkt *packet); +/** + * return the packet's edns z value + * \param[in] packet the packet + * \return the z value + */ +uint16_t ldns_pkt_edns_z(const ldns_pkt *packet); +/** + * return the packet's edns data + * \param[in] packet the packet + * \return the data + */ +ldns_rdf *ldns_pkt_edns_data(const ldns_pkt *packet); + +/** + * return the packet's edns do bit + * \param[in] packet the packet + * \return the bit's value + */ +bool ldns_pkt_edns_do(const ldns_pkt *packet); +/** + * Set the packet's edns do bit + * \param[in] packet the packet + * \param[in] value the bit's new value + */ +void ldns_pkt_set_edns_do(ldns_pkt *packet, bool value); + +/** + * returns true if this packet needs and EDNS rr to be sent. + * At the moment the only reason is an expected packet + * size larger than 512 bytes, but for instance dnssec would + * be a good reason too. + * + * \param[in] packet the packet to check + * \return true if packet needs edns rr + */ +bool ldns_pkt_edns(const ldns_pkt *packet); + +/** + * Set the packet's edns udp size + * \param[in] packet the packet + * \param[in] s the size + */ +void ldns_pkt_set_edns_udp_size(ldns_pkt *packet, uint16_t s); +/** + * Set the packet's edns extended rcode + * \param[in] packet the packet + * \param[in] c the code + */ +void ldns_pkt_set_edns_extended_rcode(ldns_pkt *packet, uint8_t c); +/** + * Set the packet's edns version + * \param[in] packet the packet + * \param[in] v the version + */ +void ldns_pkt_set_edns_version(ldns_pkt *packet, uint8_t v); +/** + * Set the packet's edns z value + * \param[in] packet the packet + * \param[in] z the value + */ +void ldns_pkt_set_edns_z(ldns_pkt *packet, uint16_t z); +/** + * Set the packet's edns data + * \param[in] packet the packet + * \param[in] data the data + */ +void ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *data); + +/** + * allocates and initializes a ldns_pkt structure. + * \return pointer to the new packet + */ +ldns_pkt *ldns_pkt_new(void); + +/** + * frees the packet structure and all data that it contains. + * \param[in] packet The packet structure to free + * \return void + */ +void ldns_pkt_free(ldns_pkt *packet); + +/** + * creates a query packet for the given name, type, class. + * \param[out] p the packet to be returned + * \param[in] rr_name the name to query for (as string) + * \param[in] rr_type the type to query for + * \param[in] rr_class the class to query for + * \param[in] flags packet flags + * \return LDNS_STATUS_OK or a ldns_status mesg with the error + */ +ldns_status ldns_pkt_query_new_frm_str(ldns_pkt **p, const char *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_class , uint16_t flags); + +/** + * creates an IXFR request packet for the given name, class. + * adds the SOA record to the authority section. + * \param[out] p the packet to be returned + * \param[in] rr_name the name to query for (as string) + * \param[in] rr_class the class to query for + * \param[in] flags packet flags + * \param[in] soa soa record to be added to the authority section + * \return LDNS_STATUS_OK or a ldns_status mesg with the error + */ +ldns_status ldns_pkt_ixfr_request_new_frm_str(ldns_pkt **p, const char *rr_name, ldns_rr_class rr_class, uint16_t flags, ldns_rr* soa); + +/** + * creates a packet with a query in it for the given name, type and class. + * \param[in] rr_name the name to query for + * \param[in] rr_type the type to query for + * \param[in] rr_class the class to query for + * \param[in] flags packet flags + * \return ldns_pkt* a pointer to the new pkt + */ +ldns_pkt *ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_class, uint16_t flags); + +/** + * creates an IXFR request packet for the given name, type and class. + * adds the SOA record to the authority section. + * \param[in] rr_name the name to query for + * \param[in] rr_class the class to query for + * \param[in] flags packet flags + * \param[in] soa soa record to be added to the authority section + * \return ldns_pkt* a pointer to the new pkt + */ +ldns_pkt *ldns_pkt_ixfr_request_new(ldns_rdf *rr_name, ldns_rr_class rr_class, uint16_t flags, ldns_rr* soa); + +/** + * clones the given packet, creating a fully allocated copy + * + * \param[in] pkt the packet to clone + * \return ldns_pkt* pointer to the new packet + */ +ldns_pkt *ldns_pkt_clone(const ldns_pkt *pkt); + +/** + * directly set the additional section + * \param[in] p packet to operate on + * \param[in] rr rrlist to set + */ +void ldns_pkt_set_additional(ldns_pkt *p, ldns_rr_list *rr); + +/** + * directly set the answer section + * \param[in] p packet to operate on + * \param[in] rr rrlist to set + */ +void ldns_pkt_set_answer(ldns_pkt *p, ldns_rr_list *rr); + +/** + * directly set the question section + * \param[in] p packet to operate on + * \param[in] rr rrlist to set + */ +void ldns_pkt_set_question(ldns_pkt *p, ldns_rr_list *rr); + +/** + * directly set the auhority section + * \param[in] p packet to operate on + * \param[in] rr rrlist to set + */ +void ldns_pkt_set_authority(ldns_pkt *p, ldns_rr_list *rr); + +/** + * push an rr on a packet + * \param[in] packet packet to operate on + * \param[in] section where to put it + * \param[in] rr rr to push + * \return a boolean which is true when the rr was added + */ +bool ldns_pkt_push_rr(ldns_pkt *packet, ldns_pkt_section section, ldns_rr *rr); + +/** + * push an rr on a packet, provided the RR is not there. + * \param[in] pkt packet to operate on + * \param[in] sec where to put it + * \param[in] rr rr to push + * \return a boolean which is true when the rr was added + */ +bool ldns_pkt_safe_push_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr); + +/** + * push a rr_list on a packet + * \param[in] packet packet to operate on + * \param[in] section where to put it + * \param[in] list the rr_list to push + * \return a boolean which is true when the rr was added + */ +bool ldns_pkt_push_rr_list(ldns_pkt *packet, ldns_pkt_section section, ldns_rr_list *list); + +/** + * push an rr_list to a packet, provided the RRs are not already there. + * \param[in] pkt packet to operate on + * \param[in] sec where to put it + * \param[in] list the rr_list to push + * \return a boolean which is true when the rr was added + */ +bool ldns_pkt_safe_push_rr_list(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr_list *list); + +/** + * check if a packet is empty + * \param[in] p packet + * \return true: empty, false: not empty + */ +bool ldns_pkt_empty(ldns_pkt *p); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_PACKET_H */ diff --git a/ldns/include/ldns/parse.h b/ldns/include/ldns/parse.h new file mode 100644 index 0000000..0e9034c --- /dev/null +++ b/ldns/include/ldns/parse.h @@ -0,0 +1,167 @@ +/* + * parse.h + * + * a Net::DNS like library for C + * LibDNS Team @ NLnet Labs + * (c) NLnet Labs, 2005-2006 + * See the file LICENSE for the license + */ + +#ifndef LDNS_PARSE_H +#define LDNS_PARSE_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define LDNS_PARSE_SKIP_SPACE "\f\n\r\v" +#define LDNS_PARSE_NORMAL " \f\n\r\t\v" +#define LDNS_PARSE_NO_NL " \t" +#define LDNS_MAX_LINELEN 10230 +#define LDNS_MAX_KEYWORDLEN 32 + + +/** + * \file + * + * Contains some low-level parsing functions, mostly used in the _frm_str + * family of functions. + */ + +/** + * different type of directives in zone files + * We now deal with $TTL, $ORIGIN and $INCLUDE. + * The latter is not implemented in ldns (yet) + */ +enum ldns_enum_directive +{ + LDNS_DIR_TTL, + LDNS_DIR_ORIGIN, + LDNS_DIR_INCLUDE +}; +typedef enum ldns_enum_directive ldns_directive; + +/** + * returns a token/char from the stream F. + * This function deals with ( and ) in the stream, + * and ignores them when encountered + * \param[in] *f the file to read from + * \param[out] *token the read token is put here + * \param[in] *delim chars at which the parsing should stop + * \param[in] *limit how much to read. If 0 the builtin maximum is used + * \return 0 on error of EOF of the stream F. Otherwise return the length of what is read + */ +ssize_t ldns_fget_token(FILE *f, char *token, const char *delim, size_t limit); + +/** + * returns a token/char from the stream F. + * This function deals with ( and ) in the stream, + * and ignores when it finds them. + * \param[in] *f the file to read from + * \param[out] *token the token is put here + * \param[in] *delim chars at which the parsing should stop + * \param[in] *limit how much to read. If 0 use builtin maximum + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return 0 on error of EOF of F otherwise return the length of what is read + */ +ssize_t ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr); + +/** + * returns a token/char from the buffer b. + * This function deals with ( and ) in the buffer, + * and ignores when it finds them. + * \param[in] *b the buffer to read from + * \param[out] *token the token is put here + * \param[in] *delim chars at which the parsing should stop + * \param[in] *limit how much to read. If 0 the builtin maximum is used + * \returns 0 on error of EOF of b. Otherwise return the length of what is read + */ +ssize_t ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit); + +/* + * searches for keyword and delim in a file. Gives everything back + * after the keyword + k_del until we hit d_del + * \param[in] f file pointer to read from + * \param[in] keyword keyword to look for + * \param[in] k_del keyword delimeter + * \param[out] data the data found + * \param[in] d_del the data delimeter + * \param[in] data_limit maximum size the the data buffer + * \return the number of character read + */ +ssize_t ldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit); + +/* + * searches for keyword and delim. Gives everything back + * after the keyword + k_del until we hit d_del + * \param[in] f file pointer to read from + * \param[in] keyword keyword to look for + * \param[in] k_del keyword delimeter + * \param[out] data the data found + * \param[in] d_del the data delimeter + * \param[in] data_limit maximum size the the data buffer + * \param[in] line_nr pointer to an integer containing the current line number (for +debugging purposes) + * \return the number of character read + */ +ssize_t ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit, int *line_nr); + +/* + * searches for keyword and delim in a buffer. Gives everything back + * after the keyword + k_del until we hit d_del + * \param[in] b buffer pointer to read from + * \param[in] keyword keyword to look for + * \param[in] k_del keyword delimeter + * \param[out] data the data found + * \param[in] d_del the data delimeter + * \param[in] data_limit maximum size the the data buffer + * \return the number of character read + */ +ssize_t ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit); + +/** + * returns the next character from a buffer. Advances the position pointer with 1. + * When end of buffer is reached returns EOF. This is the buffer's equivalent + * for getc(). + * \param[in] *buffer buffer to read from + * \return EOF on failure otherwise return the character + */ +int ldns_bgetc(ldns_buffer *buffer); + +/** + * skips all of the characters in the given string in the buffer, moving + * the position to the first character that is not in *s. + * \param[in] *buffer buffer to use + * \param[in] *s characters to skip + * \return void + */ +void ldns_bskipcs(ldns_buffer *buffer, const char *s); + +/** + * skips all of the characters in the given string in the fp, moving + * the position to the first character that is not in *s. + * \param[in] *fp file to use + * \param[in] *s characters to skip + * \return void + */ +void ldns_fskipcs(FILE *fp, const char *s); + + +/** + * skips all of the characters in the given string in the fp, moving + * the position to the first character that is not in *s. + * \param[in] *fp file to use + * \param[in] *s characters to skip + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return void + */ +void ldns_fskipcs_l(FILE *fp, const char *s, int *line_nr); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_PARSE_H */ diff --git a/ldns/include/ldns/radix.h b/ldns/include/ldns/radix.h new file mode 100644 index 0000000..1885959 --- /dev/null +++ b/ldns/include/ldns/radix.h @@ -0,0 +1,240 @@ +/* + * radix.h -- generic radix tree + * + * Copyright (c) 2012, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * \file + * Radix tree. Implementation taken from NSD 4, adjusted for use in ldns. + * + */ + +#ifndef LDNS_RADIX_H_ +#define LDNS_RADIX_H_ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +typedef uint16_t radix_strlen_t; +typedef struct ldns_radix_array_t ldns_radix_array_t; +typedef struct ldns_radix_node_t ldns_radix_node_t; +typedef struct ldns_radix_t ldns_radix_t; + +/** Radix node select edge array */ +struct ldns_radix_array_t { + /** Additional string after the selection byte for this edge. */ + uint8_t* str; + /** Length of additional string for this edge. */ + radix_strlen_t len; + /** Node that deals with byte+str. */ + ldns_radix_node_t* edge; +}; + +/** A node in a radix tree */ +struct ldns_radix_node_t { + /** Key corresponding to this node. */ + uint8_t* key; + /** Key length corresponding to this node. */ + radix_strlen_t klen; + /** Data corresponding to this node. */ + void* data; + /** Parent node. */ + ldns_radix_node_t* parent; + /** Index in the the parent node select edge array. */ + uint8_t parent_index; + /** Length of the array. */ + uint16_t len; + /** Offset of the array. */ + uint16_t offset; + /** Capacity of the array. */ + uint16_t capacity; + /** Select edge array. */ + ldns_radix_array_t* array; +}; + +/** An entire radix tree */ +struct ldns_radix_t { + /** Root. */ + ldns_radix_node_t* root; + /** Number of nodes in tree. */ + size_t count; +}; + +/** + * Create a new radix tree. + * @return: new radix tree. + * + */ +ldns_radix_t* ldns_radix_create(void); + +/** + * Initialize radix tree. + * @param tree: uninitialized radix tree. + * + */ +void ldns_radix_init(ldns_radix_t* tree); + +/** + * Free the radix tree. + * @param tree: radix tree. + * + */ +void ldns_radix_free(ldns_radix_t* tree); + +/** + * Insert data into the tree. + * @param tree: tree to insert to. + * @param key: key. + * @param len: length of key. + * @param data: data. + * @return: status. + * + */ +ldns_status ldns_radix_insert(ldns_radix_t* tree, uint8_t* key, + radix_strlen_t len, void* data); + +/** + * Delete data from the tree. + * @param tree: tree to insert to. + * @param key: key. + * @param len: length of key. + * @return: unlinked data or NULL if not present. + * + */ +void* ldns_radix_delete(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len); + +/** + * Search data in the tree. + * @param tree: tree to insert to. + * @param key: key. + * @param len: length of key. + * @return: the radix node or NULL if not found. + * + */ +ldns_radix_node_t* ldns_radix_search(ldns_radix_t* tree, uint8_t* key, + radix_strlen_t len); + +/** + * Search data in the tree, and if not found, find the closest smaller + * element in the tree. + * @param tree: tree to insert to. + * @param key: key. + * @param len: length of key. + * @param result: the radix node with the exact or closest match. NULL if + * the key is smaller than the smallest key in the tree. + * @return 1 if exact match, 0 otherwise. + * + */ +int ldns_radix_find_less_equal(ldns_radix_t* tree, uint8_t* key, + radix_strlen_t len, ldns_radix_node_t** result); + +/** + * Get the first element in the tree. + * @param tree: tree. + * @return: the radix node with the first element. + * + */ +ldns_radix_node_t* ldns_radix_first(ldns_radix_t* tree); + +/** + * Get the last element in the tree. + * @param tree: tree. + * @return: the radix node with the last element. + * + */ +ldns_radix_node_t* ldns_radix_last(ldns_radix_t* tree); + +/** + * Next element. + * @param node: node. + * @return: node with next element. + * + */ +ldns_radix_node_t* ldns_radix_next(ldns_radix_node_t* node); + +/** + * Previous element. + * @param node: node. + * @return: node with previous element. + * + */ +ldns_radix_node_t* ldns_radix_prev(ldns_radix_node_t* node); + +/** + * Split radix tree intwo. + * @param tree1: one tree. + * @param num: number of elements to split off. + * @param tree2: another tree. + * @return: status. + * + */ +ldns_status ldns_radix_split(ldns_radix_t* tree1, size_t num, + ldns_radix_t** tree2); + +/** + * Join two radix trees. + * @param tree1: one tree. + * @param tree2: another tree. + * @return: status. + * + */ +ldns_status ldns_radix_join(ldns_radix_t* tree1, ldns_radix_t* tree2); + +/** + * Call function for all nodes in the tree, such that leaf nodes are + * called before parent nodes. + * @param node: start node. + * @param func: function. + * @param arg: user argument. + * + */ +void ldns_radix_traverse_postorder(ldns_radix_node_t* node, + void (*func)(ldns_radix_node_t*, void*), void* arg); + +/** + * Print radix tree (for debugging purposes). + * @param fd: file descriptor. + * @param tree: tree. + * + */ +void ldns_radix_printf(FILE* fd, ldns_radix_t* tree); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_RADIX_H_ */ diff --git a/ldns/include/ldns/rbtree.h b/ldns/include/ldns/rbtree.h new file mode 100644 index 0000000..c891934 --- /dev/null +++ b/ldns/include/ldns/rbtree.h @@ -0,0 +1,230 @@ +/* + * rbtree.h -- generic red-black tree + * + * Copyright (c) 2001-2008, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * \file + * Red black tree. Implementation taken from NSD 3.0.5, adjusted for use + * in unbound (memory allocation, logging and so on). + */ + +#ifndef LDNS_RBTREE_H_ +#define LDNS_RBTREE_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * This structure must be the first member of the data structure in + * the rbtree. This allows easy casting between an rbnode_t and the + * user data (poor man's inheritance). + * Or you can use the data pointer member to get to your data item. + */ +typedef struct ldns_rbnode_t ldns_rbnode_t; +/** + * The rbnode_t struct definition. + */ +struct ldns_rbnode_t { + /** parent in rbtree, RBTREE_NULL for root */ + ldns_rbnode_t *parent; + /** left node (smaller items) */ + ldns_rbnode_t *left; + /** right node (larger items) */ + ldns_rbnode_t *right; + /** pointer to sorting key */ + const void *key; + /** pointer to data */ + const void *data; + /** colour of this node */ + uint8_t color; +}; + +/** The nullpointer, points to empty node */ +#define LDNS_RBTREE_NULL &ldns_rbtree_null_node +/** the global empty node */ +extern ldns_rbnode_t ldns_rbtree_null_node; + +/** An entire red black tree */ +typedef struct ldns_rbtree_t ldns_rbtree_t; +/** definition for tree struct */ +struct ldns_rbtree_t { + /** The root of the red-black tree */ + ldns_rbnode_t *root; + + /** The number of the nodes in the tree */ + size_t count; + + /** + * Key compare function. <0,0,>0 like strcmp. + * Return 0 on two NULL ptrs. + */ + int (*cmp) (const void *, const void *); +}; + +/** + * Create new tree (malloced) with given key compare function. + * @param cmpf: compare function (like strcmp) takes pointers to two keys. + * @return: new tree, empty. + */ +ldns_rbtree_t *ldns_rbtree_create(int (*cmpf)(const void *, const void *)); + +/** + * Free the complete tree (but not its keys) + * @param rbtree The tree to free + */ +void ldns_rbtree_free(ldns_rbtree_t *rbtree); + +/** + * Init a new tree (malloced by caller) with given key compare function. + * @param rbtree: uninitialised memory for new tree, returned empty. + * @param cmpf: compare function (like strcmp) takes pointers to two keys. + */ +void ldns_rbtree_init(ldns_rbtree_t *rbtree, int (*cmpf)(const void *, const void *)); + +/** + * Insert data into the tree. + * @param rbtree: tree to insert to. + * @param data: element to insert. + * @return: data ptr or NULL if key already present. + */ +ldns_rbnode_t *ldns_rbtree_insert(ldns_rbtree_t *rbtree, ldns_rbnode_t *data); + +/** + * Insert data into the tree (reversed arguments, for use as callback) + * \param[in] data element to insert + * \param[out] rbtree tree to insert in to + * \return data ptr or NULL if key is already present + */ +void ldns_rbtree_insert_vref(ldns_rbnode_t *data, void *rbtree); + +/** + * Delete element from tree. + * @param rbtree: tree to delete from. + * @param key: key of item to delete. + * @return: node that is now unlinked from the tree. User to delete it. + * returns 0 if node not present + */ +ldns_rbnode_t *ldns_rbtree_delete(ldns_rbtree_t *rbtree, const void *key); + +/** + * Find key in tree. Returns NULL if not found. + * @param rbtree: tree to find in. + * @param key: key that must match. + * @return: node that fits or NULL. + */ +ldns_rbnode_t *ldns_rbtree_search(ldns_rbtree_t *rbtree, const void *key); + +/** + * Find, but match does not have to be exact. + * @param rbtree: tree to find in. + * @param key: key to find position of. + * @param result: set to the exact node if present, otherwise to element that + * precedes the position of key in the tree. NULL if no smaller element. + * @return: true if exact match in result. Else result points to <= element, + * or NULL if key is smaller than the smallest key. + */ +int ldns_rbtree_find_less_equal(ldns_rbtree_t *rbtree, const void *key, + ldns_rbnode_t **result); + +/** + * Returns first (smallest) node in the tree + * @param rbtree: tree + * @return: smallest element or NULL if tree empty. + */ +ldns_rbnode_t *ldns_rbtree_first(ldns_rbtree_t *rbtree); + +/** + * Returns last (largest) node in the tree + * @param rbtree: tree + * @return: largest element or NULL if tree empty. + */ +ldns_rbnode_t *ldns_rbtree_last(ldns_rbtree_t *rbtree); + +/** + * Returns next larger node in the tree + * @param rbtree: tree + * @return: next larger element or NULL if no larger in tree. + */ +ldns_rbnode_t *ldns_rbtree_next(ldns_rbnode_t *rbtree); + +/** + * Returns previous smaller node in the tree + * @param rbtree: tree + * @return: previous smaller element or NULL if no previous in tree. + */ +ldns_rbnode_t *ldns_rbtree_previous(ldns_rbnode_t *rbtree); + +/** + * split off 'elements' number of elements from the start + * of the name tree and return a new tree containing those + * elements + */ +ldns_rbtree_t *ldns_rbtree_split(ldns_rbtree_t *tree, size_t elements); + +/** + * add all node from the second tree to the first (removing them from the + * second), and fix up nsec(3)s if present + */ +void ldns_rbtree_join(ldns_rbtree_t *tree1, ldns_rbtree_t *tree2); + +/** + * Call with node=variable of struct* with rbnode_t as first element. + * with type is the type of a pointer to that struct. + */ +#define LDNS_RBTREE_FOR(node, type, rbtree) \ + for(node=(type)ldns_rbtree_first(rbtree); \ + (ldns_rbnode_t*)node != LDNS_RBTREE_NULL; \ + node = (type)ldns_rbtree_next((ldns_rbnode_t*)node)) + +/** + * Call function for all elements in the redblack tree, such that + * leaf elements are called before parent elements. So that all + * elements can be safely free()d. + * Note that your function must not remove the nodes from the tree. + * Since that may trigger rebalances of the rbtree. + * @param tree: the tree + * @param func: function called with element and user arg. + * The function must not alter the rbtree. + * @param arg: user argument. + */ +void ldns_traverse_postorder(ldns_rbtree_t* tree, + void (*func)(ldns_rbnode_t*, void*), void* arg); + +#ifdef __cplusplus +} +#endif + +#endif /* UTIL_RBTREE_H_ */ diff --git a/ldns/include/ldns/rdata.h b/ldns/include/ldns/rdata.h new file mode 100644 index 0000000..22665b1 --- /dev/null +++ b/ldns/include/ldns/rdata.h @@ -0,0 +1,451 @@ +/* + * rdata.h + * + * rdata definitions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + + +/** + * \file + * + * Defines ldns_rdf and functions to manipulate those. + */ + + +#ifndef LDNS_RDATA_H +#define LDNS_RDATA_H + +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define LDNS_MAX_RDFLEN 65535 + +#define LDNS_RDF_SIZE_BYTE 1 +#define LDNS_RDF_SIZE_WORD 2 +#define LDNS_RDF_SIZE_DOUBLEWORD 4 +#define LDNS_RDF_SIZE_6BYTES 6 +#define LDNS_RDF_SIZE_8BYTES 8 +#define LDNS_RDF_SIZE_16BYTES 16 + +#define LDNS_NSEC3_VARS_OPTOUT_MASK 0x01 + +/** + * The different types of RDATA fields. + */ +enum ldns_enum_rdf_type +{ + /** none */ + LDNS_RDF_TYPE_NONE, + /** domain name */ + LDNS_RDF_TYPE_DNAME, + /** 8 bits */ + LDNS_RDF_TYPE_INT8, + /** 16 bits */ + LDNS_RDF_TYPE_INT16, + /** 32 bits */ + LDNS_RDF_TYPE_INT32, + /** A record */ + LDNS_RDF_TYPE_A, + /** AAAA record */ + LDNS_RDF_TYPE_AAAA, + /** txt string */ + LDNS_RDF_TYPE_STR, + /** apl data */ + LDNS_RDF_TYPE_APL, + /** b32 string */ + LDNS_RDF_TYPE_B32_EXT, + /** b64 string */ + LDNS_RDF_TYPE_B64, + /** hex string */ + LDNS_RDF_TYPE_HEX, + /** nsec type codes */ + LDNS_RDF_TYPE_NSEC, + /** a RR type */ + LDNS_RDF_TYPE_TYPE, + /** a class */ + LDNS_RDF_TYPE_CLASS, + /** certificate algorithm */ + LDNS_RDF_TYPE_CERT_ALG, + /** a key algorithm */ + LDNS_RDF_TYPE_ALG, + /** unknown types */ + LDNS_RDF_TYPE_UNKNOWN, + /** time (32 bits) */ + LDNS_RDF_TYPE_TIME, + /** period */ + LDNS_RDF_TYPE_PERIOD, + /** tsig time 48 bits */ + LDNS_RDF_TYPE_TSIGTIME, + /** Represents the Public Key Algorithm, HIT and Public Key fields + for the HIP RR types. A HIP specific rdf type is used because of + the unusual layout in wireformat (see RFC 5205 Section 5) */ + LDNS_RDF_TYPE_HIP, + /** variable length any type rdata where the length + is specified by the first 2 bytes */ + LDNS_RDF_TYPE_INT16_DATA, + /** protocol and port bitmaps */ + LDNS_RDF_TYPE_SERVICE, + /** location data */ + LDNS_RDF_TYPE_LOC, + /** well known services */ + LDNS_RDF_TYPE_WKS, + /** NSAP */ + LDNS_RDF_TYPE_NSAP, + /** ATMA */ + LDNS_RDF_TYPE_ATMA, + /** IPSECKEY */ + LDNS_RDF_TYPE_IPSECKEY, + /** nsec3 hash salt */ + LDNS_RDF_TYPE_NSEC3_SALT, + /** nsec3 base32 string (with length byte on wire */ + LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, + + /** 4 shorts represented as 4 * 16 bit hex numbers + * separated by colons. For NID and L64. + */ + LDNS_RDF_TYPE_ILNP64, + + /** 6 * 8 bit hex numbers separated by dashes. For EUI48. */ + LDNS_RDF_TYPE_EUI48, + /** 8 * 8 bit hex numbers separated by dashes. For EUI64. */ + LDNS_RDF_TYPE_EUI64, + + /** A non-zero sequence of US-ASCII letters and numbers in lower case. + * For CAA. + */ + LDNS_RDF_TYPE_TAG, + + /** A encoding of the value field as specified + * [RFC1035], Section 5.1., encoded as remaining rdata. + * For CAA. + */ + LDNS_RDF_TYPE_LONG_STR, + + /** Since RFC7218 TLSA records can be given with mnemonics, + * hence these rdata field types. But as with DNSKEYs, the output + * is always numeric. + */ + LDNS_RDF_TYPE_CERTIFICATE_USAGE, + LDNS_RDF_TYPE_SELECTOR, + LDNS_RDF_TYPE_MATCHING_TYPE, + + /* Aliases */ + LDNS_RDF_TYPE_BITMAP = LDNS_RDF_TYPE_NSEC +}; +typedef enum ldns_enum_rdf_type ldns_rdf_type; + +/** + * algorithms used in CERT rrs + */ +enum ldns_enum_cert_algorithm +{ + LDNS_CERT_PKIX = 1, + LDNS_CERT_SPKI = 2, + LDNS_CERT_PGP = 3, + LDNS_CERT_IPKIX = 4, + LDNS_CERT_ISPKI = 5, + LDNS_CERT_IPGP = 6, + LDNS_CERT_ACPKIX = 7, + LDNS_CERT_IACPKIX = 8, + LDNS_CERT_URI = 253, + LDNS_CERT_OID = 254 +}; +typedef enum ldns_enum_cert_algorithm ldns_cert_algorithm; + + + +/** + * Resource record data field. + * + * The data is a network ordered array of bytes, which size is specified by + * the (16-bit) size field. To correctly parse it, use the type + * specified in the (16-bit) type field with a value from \ref ldns_rdf_type. + */ +struct ldns_struct_rdf +{ + /** The size of the data (in octets) */ + size_t _size; + /** The type of the data */ + ldns_rdf_type _type; + /** Pointer to the data (raw octets) */ + void *_data; +}; +typedef struct ldns_struct_rdf ldns_rdf; + +/* prototypes */ + +/* write access functions */ + +/** + * sets the size of the rdf. + * \param[in] *rd the rdf to operate on + * \param[in] size the new size + * \return void + */ +void ldns_rdf_set_size(ldns_rdf *rd, size_t size); + +/** + * sets the size of the rdf. + * \param[in] *rd the rdf to operate on + * \param[in] type the new type + * \return void + */ +void ldns_rdf_set_type(ldns_rdf *rd, ldns_rdf_type type); + +/** + * sets the size of the rdf. + * \param[in] *rd the rdf to operate on + * \param[in] *data pointer to the new data + * \return void + */ +void ldns_rdf_set_data(ldns_rdf *rd, void *data); + +/* read access */ + +/** + * returns the size of the rdf. + * \param[in] *rd the rdf to read from + * \return uint16_t with the size + */ +size_t ldns_rdf_size(const ldns_rdf *rd); + +/** + * returns the type of the rdf. We need to insert _get_ + * here to prevent conflict the the rdf_type TYPE. + * \param[in] *rd the rdf to read from + * \return ldns_rdf_type with the type + */ +ldns_rdf_type ldns_rdf_get_type(const ldns_rdf *rd); + +/** + * returns the data of the rdf. + * \param[in] *rd the rdf to read from + * + * \return uint8_t* pointer to the rdf's data + */ +uint8_t *ldns_rdf_data(const ldns_rdf *rd); + +/* creator functions */ + +/** + * allocates a new rdf structure and fills it. + * This function DOES NOT copy the contents from + * the buffer, unlinke ldns_rdf_new_frm_data() + * \param[in] type type of the rdf + * \param[in] size size of the buffer + * \param[in] data pointer to the buffer to be copied + * \return the new rdf structure or NULL on failure + */ +ldns_rdf *ldns_rdf_new(ldns_rdf_type type, size_t size, void *data); + +/** + * allocates a new rdf structure and fills it. + * This function _does_ copy the contents from + * the buffer, unlinke ldns_rdf_new() + * \param[in] type type of the rdf + * \param[in] size size of the buffer + * \param[in] data pointer to the buffer to be copied + * \return the new rdf structure or NULL on failure + */ +ldns_rdf *ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data); + +/** + * creates a new rdf from a string. + * \param[in] type type to use + * \param[in] str string to use + * \return ldns_rdf* or NULL in case of an error + */ +ldns_rdf *ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str); + +/** + * creates a new rdf from a file containing a string. + * \param[out] r the new rdf + * \param[in] type type to use + * \param[in] fp the file pointer to use + * \return LDNS_STATUS_OK or the error + */ +ldns_status ldns_rdf_new_frm_fp(ldns_rdf **r, ldns_rdf_type type, FILE *fp); + +/** + * creates a new rdf from a file containing a string. + * \param[out] r the new rdf + * \param[in] type type to use + * \param[in] fp the file pointer to use + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return LDNS_STATUS_OK or the error + */ +ldns_status ldns_rdf_new_frm_fp_l(ldns_rdf **r, ldns_rdf_type type, FILE *fp, int *line_nr); + +/* destroy functions */ + +/** + * frees a rdf structure, leaving the + * data pointer intact. + * \param[in] rd the pointer to be freed + * \return void + */ +void ldns_rdf_free(ldns_rdf *rd); + +/** + * frees a rdf structure _and_ frees the + * data. rdf should be created with _new_frm_data + * \param[in] rd the rdf structure to be freed + * \return void + */ +void ldns_rdf_deep_free(ldns_rdf *rd); + +/* conversion functions */ + +/** + * returns the rdf containing the native uint8_t repr. + * \param[in] type the ldns_rdf type to use + * \param[in] value the uint8_t to use + * \return ldns_rdf* with the converted value + */ +ldns_rdf *ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value); + +/** + * returns the rdf containing the native uint16_t representation. + * \param[in] type the ldns_rdf type to use + * \param[in] value the uint16_t to use + * \return ldns_rdf* with the converted value + */ +ldns_rdf *ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value); + +/** + * returns an rdf that contains the given int32 value. + * + * Because multiple rdf types can contain an int32, the + * type must be specified + * \param[in] type the ldns_rdf type to use + * \param[in] value the uint32_t to use + * \return ldns_rdf* with the converted value + */ +ldns_rdf *ldns_native2rdf_int32(ldns_rdf_type type, uint32_t value); + +/** + * returns an int16_data rdf that contains the data in the + * given array, preceded by an int16 specifying the length. + * + * The memory is copied, and an LDNS_RDF_TYPE_INT16DATA is returned + * \param[in] size the size of the data + * \param[in] *data pointer to the actual data + * + * \return ldns_rd* the rdf with the data + */ +ldns_rdf *ldns_native2rdf_int16_data(size_t size, uint8_t *data); + +/** + * reverses an rdf, only actually useful for AAAA and A records. + * The returned rdf has the type LDNS_RDF_TYPE_DNAME! + * \param[in] *rd rdf to be reversed + * \return the reversed rdf (a newly created rdf) + */ +ldns_rdf *ldns_rdf_address_reverse(ldns_rdf *rd); + +/** + * returns the native uint8_t representation from the rdf. + * \param[in] rd the ldns_rdf to operate on + * \return uint8_t the value extracted + */ +uint8_t ldns_rdf2native_int8(const ldns_rdf *rd); + +/** + * returns the native uint16_t representation from the rdf. + * \param[in] rd the ldns_rdf to operate on + * \return uint16_t the value extracted + */ +uint16_t ldns_rdf2native_int16(const ldns_rdf *rd); + +/** + * returns the native uint32_t representation from the rdf. + * \param[in] rd the ldns_rdf to operate on + * \return uint32_t the value extracted + */ +uint32_t ldns_rdf2native_int32(const ldns_rdf *rd); + +/** + * returns the native time_t representation from the rdf. + * \param[in] rd the ldns_rdf to operate on + * \return time_t the value extracted (32 bits currently) + */ +time_t ldns_rdf2native_time_t(const ldns_rdf *rd); + +/** + * converts a ttl value (like 5d2h) to a long. + * \param[in] nptr the start of the string + * \param[out] endptr points to the last char in case of error + * \return the convert duration value + */ +uint32_t ldns_str2period(const char *nptr, const char **endptr); + +/** + * removes \\DDD, \\[space] and other escapes from the input. + * See RFC 1035, section 5.1. + * \param[in] word what to check + * \param[in] length the string + * \return ldns_status mesg + */ +ldns_status ldns_octet(char *word, size_t *length); + +/** + * clones a rdf structure. The data is copied. + * \param[in] rd rdf to be copied + * \return a new rdf structure + */ +ldns_rdf *ldns_rdf_clone(const ldns_rdf *rd); + +/** + * compares two rdf's on their wire formats. + * (To order dnames according to rfc4034, use ldns_dname_compare) + * \param[in] rd1 the first one + * \param[in] rd2 the second one + * \return 0 if equal + * \return -1 if rd1 comes before rd2 + * \return +1 if rd2 comes before rd1 + */ +int ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2); + +/** + * Gets the algorithm value, the HIT and Public Key data from the rdf with + * type LDNS_RDF_TYPE_HIP. + * \param[in] rdf the rdf with type LDNS_RDF_TYPE_HIP + * \param[out] alg the algorithm + * \param[out] hit_size the size of the HIT data + * \param[out] hit the hit data + * \param[out] pk_size the size of the Public Key data + * \param[out] pk the Public Key data + * \return LDNS_STATUS_OK on success, and the error otherwise + */ +ldns_status ldns_rdf_hip_get_alg_hit_pk(ldns_rdf *rdf, uint8_t* alg, + uint8_t *hit_size, uint8_t** hit, + uint16_t *pk_size, uint8_t** pk); + +/** + * Creates a new LDNS_RDF_TYPE_HIP rdf from given data. + * \param[out] rdf the newly created LDNS_RDF_TYPE_HIP rdf + * \param[in] alg the algorithm + * \param[in] hit_size the size of the HIT data + * \param[in] hit the hit data + * \param[in] pk_size the size of the Public Key data + * \param[in] pk the Public Key data + * \return LDNS_STATUS_OK on success, and the error otherwise + */ +ldns_status ldns_rdf_hip_new_frm_alg_hit_pk(ldns_rdf** rdf, uint8_t alg, + uint8_t hit_size, uint8_t *hit, uint16_t pk_size, uint8_t *pk); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_RDATA_H */ diff --git a/ldns/include/ldns/resolver.h b/ldns/include/ldns/resolver.h new file mode 100644 index 0000000..228485c --- /dev/null +++ b/ldns/include/ldns/resolver.h @@ -0,0 +1,805 @@ +/* + * resolver.h + * + * DNS Resolver definitions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Defines the ldns_resolver structure, a stub resolver that can send queries and parse answers. + * + */ + +#ifndef LDNS_RESOLVER_H +#define LDNS_RESOLVER_H + +#include +#include +#include +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** Default location of the resolv.conf file */ +#define LDNS_RESOLV_CONF "/etc/resolv.conf" +/** Default location of the hosts file */ +#define LDNS_RESOLV_HOSTS "/etc/hosts" + +#define LDNS_RESOLV_KEYWORD -1 +#define LDNS_RESOLV_DEFDOMAIN 0 +#define LDNS_RESOLV_NAMESERVER 1 +#define LDNS_RESOLV_SEARCH 2 +#define LDNS_RESOLV_SORTLIST 3 +#define LDNS_RESOLV_OPTIONS 4 +#define LDNS_RESOLV_ANCHOR 5 +#define LDNS_RESOLV_KEYWORDS 6 + +#define LDNS_RESOLV_INETANY 0 +#define LDNS_RESOLV_INET 1 +#define LDNS_RESOLV_INET6 2 + +#define LDNS_RESOLV_RTT_INF 0 /* infinity */ +#define LDNS_RESOLV_RTT_MIN 1 /* reachable */ + +/** + * DNS stub resolver structure + */ +struct ldns_struct_resolver +{ + /** Port to send queries to */ + uint16_t _port; + + /** Array of nameservers to query (IP addresses or dnames) */ + ldns_rdf **_nameservers; + /** Number of nameservers in \c _nameservers */ + size_t _nameserver_count; /* how many do we have */ + + /** Round trip time; 0 -> infinity. Unit: ms? */ + size_t *_rtt; + + /** Whether or not to be recursive */ + bool _recursive; + + /** Print debug information */ + bool _debug; + + /** Default domain to add to non fully qualified domain names */ + ldns_rdf *_domain; + + /** Searchlist array, add the names in this array if a query cannot be found */ + ldns_rdf **_searchlist; + + /** Number of entries in the searchlist array */ + size_t _searchlist_count; + + /** Number of times to retry before giving up */ + uint8_t _retry; + /** Time to wait before retrying */ + uint8_t _retrans; + /** Use new fallback mechanism (try EDNS, then do TCP) */ + bool _fallback; + + /** Whether to do DNSSEC */ + bool _dnssec; + /** Whether to set the CD bit on DNSSEC requests */ + bool _dnssec_cd; + /** Optional trust anchors for complete DNSSEC validation */ + ldns_rr_list * _dnssec_anchors; + /** Whether to use tcp or udp (tcp if the value is true)*/ + bool _usevc; + /** Whether to ignore the tc bit */ + bool _igntc; + /** Whether to use ip6: 0->does not matter, 1 is IPv4, 2 is IPv6 */ + uint8_t _ip6; + /** If true append the default domain */ + bool _defnames; + /** If true apply the search list */ + bool _dnsrch; + /** Timeout for socket connections */ + struct timeval _timeout; + /** Only try the first nameserver, and return with an error directly if it fails */ + bool _fail; + /** Randomly choose a nameserver */ + bool _random; + /** Keep some things to make AXFR possible */ + int _socket; + /** Count the number of LDNS_RR_TYPE_SOA RRs we have seen so far + * (the second one signifies the end of the AXFR) + */ + int _axfr_soa_count; + /* when axfring we get complete packets from the server + but we want to give the caller 1 rr at a time, so + keep the current pkt */ + /** Packet currently handled when doing part of an AXFR */ + ldns_pkt *_cur_axfr_pkt; + /** Counter for within the AXFR packets */ + uint16_t _axfr_i; + /* EDNS0 available buffer size */ + uint16_t _edns_udp_size; + /* serial for IXFR */ + uint32_t _serial; + + /* Optional tsig key for signing queries, + outgoing messages are signed if and only if both are set + */ + /** Name of the key to use with TSIG, if _tsig_keyname and _tsig_keydata both contain values, outgoing messages are automatically signed with TSIG. */ + char *_tsig_keyname; + /** Secret key data to use with TSIG, if _tsig_keyname and _tsig_keydata both contain values, outgoing messages are automatically signed with TSIG. */ + char *_tsig_keydata; + /** TSIG signing algorithm */ + char *_tsig_algorithm; + + /** Source address to query from */ + ldns_rdf *_source; +}; +typedef struct ldns_struct_resolver ldns_resolver; + +/* prototypes */ +/* read access functions */ + +/** + * Get the port the resolver should use + * \param[in] r the resolver + * \return the port number + */ +uint16_t ldns_resolver_port(const ldns_resolver *r); + +/** + * Get the source address the resolver should use + * \param[in] r the resolver + * \return the source rdf + */ +ldns_rdf *ldns_resolver_source(const ldns_resolver *r); + +/** + * Is the resolver set to recurse + * \param[in] r the resolver + * \return true if so, otherwise false + */ +bool ldns_resolver_recursive(const ldns_resolver *r); + +/** + * Get the debug status of the resolver + * \param[in] r the resolver + * \return true if so, otherwise false + */ +bool ldns_resolver_debug(const ldns_resolver *r); + +/** + * Get the number of retries + * \param[in] r the resolver + * \return the number of retries + */ +uint8_t ldns_resolver_retry(const ldns_resolver *r); + +/** + * Get the retransmit interval + * \param[in] r the resolver + * \return the retransmit interval + */ +uint8_t ldns_resolver_retrans(const ldns_resolver *r); + +/** + * Get the truncation fallback status + * \param[in] r the resolver + * \return whether the truncation fallback mechanism is used + */ +bool ldns_resolver_fallback(const ldns_resolver *r); + +/** + * Does the resolver use ip6 or ip4 + * \param[in] r the resolver + * \return 0: both, 1: ip4, 2:ip6 + */ +uint8_t ldns_resolver_ip6(const ldns_resolver *r); + +/** + * Get the resolver's udp size + * \param[in] r the resolver + * \return the udp mesg size + */ +uint16_t ldns_resolver_edns_udp_size(const ldns_resolver *r); +/** + * Does the resolver use tcp or udp + * \param[in] r the resolver + * \return true: tcp, false: udp + */ +bool ldns_resolver_usevc(const ldns_resolver *r); +/** + * Does the resolver only try the first nameserver + * \param[in] r the resolver + * \return true: yes, fail, false: no, try the others + */ +bool ldns_resolver_fail(const ldns_resolver *r); +/** + * Does the resolver apply default domain name + * \param[in] r the resolver + * \return true: yes, false: no + */ +bool ldns_resolver_defnames(const ldns_resolver *r); +/** + * Does the resolver apply search list + * \param[in] r the resolver + * \return true: yes, false: no + */ +bool ldns_resolver_dnsrch(const ldns_resolver *r); +/** + * Does the resolver do DNSSEC + * \param[in] r the resolver + * \return true: yes, false: no + */ +bool ldns_resolver_dnssec(const ldns_resolver *r); +/** + * Does the resolver set the CD bit + * \param[in] r the resolver + * \return true: yes, false: no + */ +bool ldns_resolver_dnssec_cd(const ldns_resolver *r); +/** + * Get the resolver's DNSSEC anchors + * \param[in] r the resolver + * \return an rr_list containg trusted DNSSEC anchors + */ +ldns_rr_list * ldns_resolver_dnssec_anchors(const ldns_resolver *r); +/** + * Does the resolver ignore the TC bit (truncated) + * \param[in] r the resolver + * \return true: yes, false: no + */ +bool ldns_resolver_igntc(const ldns_resolver *r); +/** + * Does the resolver randomize the nameserver before usage + * \param[in] r the resolver + * \return true: yes, false: no + */ +bool ldns_resolver_random(const ldns_resolver *r); +/** + * How many nameserver are configured in the resolver + * \param[in] r the resolver + * \return number of nameservers + */ +size_t ldns_resolver_nameserver_count(const ldns_resolver *r); +/** + * What is the default dname to add to relative queries + * \param[in] r the resolver + * \return the dname which is added + */ +ldns_rdf *ldns_resolver_domain(const ldns_resolver *r); +/** + * What is the timeout on socket connections + * \param[in] r the resolver + * \return the timeout as struct timeval + */ +struct timeval ldns_resolver_timeout(const ldns_resolver *r); +/** + * What is the searchlist as used by the resolver + * \param[in] r the resolver + * \return a ldns_rdf pointer to a list of the addresses + */ +ldns_rdf** ldns_resolver_searchlist(const ldns_resolver *r); +/** + * Return the configured nameserver ip address + * \param[in] r the resolver + * \return a ldns_rdf pointer to a list of the addresses + */ +ldns_rdf** ldns_resolver_nameservers(const ldns_resolver *r); +/** + * Return the used round trip times for the nameservers + * \param[in] r the resolver + * \return a size_t* pointer to the list. + * yet) + */ +size_t * ldns_resolver_rtt(const ldns_resolver *r); +/** + * Return the used round trip time for a specific nameserver + * \param[in] r the resolver + * \param[in] pos the index to the nameserver + * \return the rrt, 0: infinite, >0: undefined (as of * yet) + */ +size_t ldns_resolver_nameserver_rtt(const ldns_resolver *r, size_t pos); +/** + * Return the tsig keyname as used by the nameserver + * \param[in] r the resolver + * \return the name used. + */ +char *ldns_resolver_tsig_keyname(const ldns_resolver *r); +/** + * Return the tsig algorithm as used by the nameserver + * \param[in] r the resolver + * \return the algorithm used. + */ +char *ldns_resolver_tsig_algorithm(const ldns_resolver *r); +/** + * Return the tsig keydata as used by the nameserver + * \param[in] r the resolver + * \return the keydata used. + */ +char *ldns_resolver_tsig_keydata(const ldns_resolver *r); +/** + * pop the last nameserver from the resolver. + * \param[in] r the resolver + * \return the popped address or NULL if empty + */ +ldns_rdf* ldns_resolver_pop_nameserver(ldns_resolver *r); + +/** + * Return the resolver's searchlist count + * \param[in] r the resolver + * \return the searchlist count + */ +size_t ldns_resolver_searchlist_count(const ldns_resolver *r); + +/* write access function */ +/** + * Set the port the resolver should use + * \param[in] r the resolver + * \param[in] p the port number + */ +void ldns_resolver_set_port(ldns_resolver *r, uint16_t p); + +/** + * Set the source rdf (address) the resolver should use + * \param[in] r the resolver + * \param[in] s the source address + */ +void ldns_resolver_set_source(ldns_resolver *r, ldns_rdf *s); + +/** + * Set the resolver recursion + * \param[in] r the resolver + * \param[in] b true: set to recurse, false: unset + */ +void ldns_resolver_set_recursive(ldns_resolver *r, bool b); + +/** + * Set the resolver debugging + * \param[in] r the resolver + * \param[in] b true: debug on: false debug off + */ +void ldns_resolver_set_debug(ldns_resolver *r, bool b); + +/** + * Incremental the resolver's nameserver count. + * \param[in] r the resolver + */ +void ldns_resolver_incr_nameserver_count(ldns_resolver *r); + +/** + * Decrement the resolver's nameserver count. + * \param[in] r the resolver + */ +void ldns_resolver_dec_nameserver_count(ldns_resolver *r); + +/** + * Set the resolver's nameserver count directly. + * \param[in] r the resolver + * \param[in] c the nameserver count + */ +void ldns_resolver_set_nameserver_count(ldns_resolver *r, size_t c); + +/** + * Set the resolver's nameserver count directly by using an rdf list + * \param[in] r the resolver + * \param[in] rd the resolver addresses + */ +void ldns_resolver_set_nameservers(ldns_resolver *r, ldns_rdf **rd); + +/** + * Set the resolver's default domain. This gets appended when no + * absolute name is given + * \param[in] r the resolver + * \param[in] rd the name to append + */ +void ldns_resolver_set_domain(ldns_resolver *r, ldns_rdf *rd); + +/** + * Set the resolver's socket time out when talking to remote hosts + * \param[in] r the resolver + * \param[in] timeout the timeout to use + */ +void ldns_resolver_set_timeout(ldns_resolver *r, struct timeval timeout); + +/** + * Push a new rd to the resolver's searchlist + * \param[in] r the resolver + * \param[in] rd to push + */ +void ldns_resolver_push_searchlist(ldns_resolver *r, ldns_rdf *rd); + +/** + * Whether the resolver uses the name set with _set_domain + * \param[in] r the resolver + * \param[in] b true: use the defaults, false: don't use them + */ +void ldns_resolver_set_defnames(ldns_resolver *r, bool b); + +/** + * Whether the resolver uses a virtual circuit (TCP) + * \param[in] r the resolver + * \param[in] b true: use TCP, false: don't use TCP + */ +void ldns_resolver_set_usevc(ldns_resolver *r, bool b); + +/** + * Whether the resolver uses the searchlist + * \param[in] r the resolver + * \param[in] b true: use the list, false: don't use the list + */ +void ldns_resolver_set_dnsrch(ldns_resolver *r, bool b); + +/** + * Whether the resolver uses DNSSEC + * \param[in] r the resolver + * \param[in] b true: use DNSSEC, false: don't use DNSSEC + */ +void ldns_resolver_set_dnssec(ldns_resolver *r, bool b); + +/** + * Whether the resolver uses the checking disable bit + * \param[in] r the resolver + * \param[in] b true: enable , false: don't use TCP + */ +void ldns_resolver_set_dnssec_cd(ldns_resolver *r, bool b); +/** + * Set the resolver's DNSSEC anchor list directly. RRs should be of type DS or DNSKEY. + * \param[in] r the resolver + * \param[in] l the list of RRs to use as trust anchors + */ +void ldns_resolver_set_dnssec_anchors(ldns_resolver *r, ldns_rr_list * l); + +/** + * Push a new trust anchor to the resolver. It must be a DS or DNSKEY rr + * \param[in] r the resolver. + * \param[in] rr the RR to add as a trust anchor. + * \return a status + */ +ldns_status ldns_resolver_push_dnssec_anchor(ldns_resolver *r, ldns_rr *rr); + +/** + * Set the resolver retrans timeout (in seconds) + * \param[in] r the resolver + * \param[in] re the retransmission interval in seconds + */ +void ldns_resolver_set_retrans(ldns_resolver *r, uint8_t re); + +/** + * Set whether the resolvers truncation fallback mechanism is used + * when ldns_resolver_query() is called. + * \param[in] r the resolver + * \param[in] fallback whether to use the fallback mechanism + */ +void ldns_resolver_set_fallback(ldns_resolver *r, bool fallback); + +/** + * Set the number of times a resolver should retry a nameserver before the + * next one is tried. + * \param[in] r the resolver + * \param[in] re the number of retries + */ +void ldns_resolver_set_retry(ldns_resolver *r, uint8_t re); + +/** + * Whether the resolver uses ip6 + * \param[in] r the resolver + * \param[in] i 0: no pref, 1: ip4, 2: ip6 + */ +void ldns_resolver_set_ip6(ldns_resolver *r, uint8_t i); + +/** + * Whether or not to fail after one failed query + * \param[in] r the resolver + * \param[in] b true: yes fail, false: continue with next nameserver + */ +void ldns_resolver_set_fail(ldns_resolver *r, bool b); + +/** + * Whether or not to ignore the TC bit + * \param[in] r the resolver + * \param[in] b true: yes ignore, false: don't ignore + */ +void ldns_resolver_set_igntc(ldns_resolver *r, bool b); + +/** + * Set maximum udp size + * \param[in] r the resolver + * \param[in] s the udp max size + */ +void ldns_resolver_set_edns_udp_size(ldns_resolver *r, uint16_t s); + +/** + * Set the tsig key name + * \param[in] r the resolver + * \param[in] tsig_keyname the tsig key name + */ +void ldns_resolver_set_tsig_keyname(ldns_resolver *r, char *tsig_keyname); + +/** + * Set the tsig algorithm + * \param[in] r the resolver + * \param[in] tsig_algorithm the tsig algorithm + */ +void ldns_resolver_set_tsig_algorithm(ldns_resolver *r, char *tsig_algorithm); + +/** + * Set the tsig key data + * \param[in] r the resolver + * \param[in] tsig_keydata the key data + */ +void ldns_resolver_set_tsig_keydata(ldns_resolver *r, char *tsig_keydata); + +/** + * Set round trip time for all nameservers. Note this currently + * differentiates between: unreachable and reachable. + * \param[in] r the resolver + * \param[in] rtt a list with the times + */ +void ldns_resolver_set_rtt(ldns_resolver *r, size_t *rtt); + +/** + * Set round trip time for a specific nameserver. Note this + * currently differentiates between: unreachable and reachable. + * \param[in] r the resolver + * \param[in] pos the nameserver position + * \param[in] value the rtt + */ +void ldns_resolver_set_nameserver_rtt(ldns_resolver *r, size_t pos, size_t value); + +/** + * Should the nameserver list be randomized before each use + * \param[in] r the resolver + * \param[in] b: true: randomize, false: don't + */ +void ldns_resolver_set_random(ldns_resolver *r, bool b); + +/** + * Push a new nameserver to the resolver. It must be an IP + * address v4 or v6. + * \param[in] r the resolver + * \param[in] n the ip address + * \return ldns_status a status + */ +ldns_status ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n); + +/** + * Push a new nameserver to the resolver. It must be an + * A or AAAA RR record type + * \param[in] r the resolver + * \param[in] rr the resource record + * \return ldns_status a status + */ +ldns_status ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr); + +/** + * Push a new nameserver rr_list to the resolver. + * \param[in] r the resolver + * \param[in] rrlist the rr_list to push + * \return ldns_status a status + */ +ldns_status ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list *rrlist); + +/** + * Send the query for using the resolver and take the search list into account + * The search algorithm is as follows: + * If the name is absolute, try it as-is, otherwise apply the search list + * \param[in] *r operate using this resolver + * \param[in] *rdf query for this name + * \param[in] t query for this type (may be 0, defaults to A) + * \param[in] c query for this class (may be 0, default to IN) + * \param[in] flags the query flags + * + * \return ldns_pkt* a packet with the reply from the nameserver + */ +ldns_pkt* ldns_resolver_search(const ldns_resolver *r, const ldns_rdf *rdf, ldns_rr_type t, ldns_rr_class c, uint16_t flags); + + +/** + * Send the query for using the resolver and take the search list into account + * The search algorithm is as follows: + * If the name is absolute, try it as-is, otherwise apply the search list + * \param[out] pkt a packet with the reply from the nameserver + * \param[in] *r operate using this resolver + * \param[in] *rdf query for this name + * \param[in] t query for this type (may be 0, defaults to A) + * \param[in] c query for this class (may be 0, default to IN) + * \param[in] flags the query flags + * + * \return ldns_status LDNS_STATUS_OK on success + */ +ldns_status ldns_resolver_search_status(ldns_pkt** pkt, ldns_resolver *r, const ldns_rdf *rdf, ldns_rr_type t, ldns_rr_class c, uint16_t flags); + +/** + * Form a query packet from a resolver and name/type/class combo + * \param[out] **q a pointer to a ldns_pkt pointer (initialized by this function) + * \param[in] *r operate using this resolver + * \param[in] *name query for this name + * \param[in] t query for this type (may be 0, defaults to A) + * \param[in] c query for this class (may be 0, default to IN) + * \param[in] f the query flags + * + * \return ldns_pkt* a packet with the reply from the nameserver + */ +ldns_status ldns_resolver_prepare_query_pkt(ldns_pkt **q, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t f); + +/** + * Send the query for name as-is + * \param[out] **answer a pointer to a ldns_pkt pointer (initialized by this function) + * \param[in] *r operate using this resolver + * \param[in] *name query for this name + * \param[in] t query for this type (may be 0, defaults to A) + * \param[in] c query for this class (may be 0, default to IN) + * \param[in] flags the query flags + * + * \return ldns_pkt* a packet with the reply from the nameserver + */ +ldns_status ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags); + +/** + * Send the given packet to a nameserver + * \param[out] **answer a pointer to a ldns_pkt pointer (initialized by this function) + * \param[in] *r operate using this resolver + * \param[in] *query_pkt query + */ +ldns_status ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r, ldns_pkt *query_pkt); + +/** + * Send a query to a nameserver + * \param[out] pkt a packet with the reply from the nameserver + * \param[in] *r operate using this resolver + * \param[in] *name query for this name + * \param[in] *t query for this type (may be 0, defaults to A) + * \param[in] *c query for this class (may be 0, default to IN) + * \param[in] flags the query flags + * + * \return ldns_status LDNS_STATUS_OK on success + * if _defnames is true the default domain will be added + */ +ldns_status ldns_resolver_query_status(ldns_pkt** pkt, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags); + + +/** + * Send a query to a nameserver + * \param[in] *r operate using this resolver + * (despite the const in the declaration, + * the struct is altered as a side-effect) + * \param[in] *name query for this name + * \param[in] *t query for this type (may be 0, defaults to A) + * \param[in] *c query for this class (may be 0, default to IN) + * \param[in] flags the query flags + * + * \return ldns_pkt* a packet with the reply from the nameserver + * if _defnames is true the default domain will be added + */ +ldns_pkt* ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags); + + +/** + * Create a new resolver structure + * \return ldns_resolver* pointer to new structure + */ +ldns_resolver* ldns_resolver_new(void); + +/** + * Clone a resolver + * \param[in] r the resolver to clone + * \return ldns_resolver* pointer to new structure + */ +ldns_resolver* ldns_resolver_clone(ldns_resolver *r); + +/** + * Create a resolver structure from a file like /etc/resolv.conf + * \param[out] r the new resolver + * \param[in] fp file pointer to create new resolver from + * if NULL use /etc/resolv.conf + * \return LDNS_STATUS_OK or the error + */ +ldns_status ldns_resolver_new_frm_fp(ldns_resolver **r, FILE *fp); + +/** + * Create a resolver structure from a file like /etc/resolv.conf + * \param[out] r the new resolver + * \param[in] fp file pointer to create new resolver from + * if NULL use /etc/resolv.conf + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return LDNS_STATUS_OK or the error + */ +ldns_status ldns_resolver_new_frm_fp_l(ldns_resolver **r, FILE *fp, int *line_nr); + +/** + * Configure a resolver by means of a resolv.conf file + * The file may be NULL in which case there will be + * looked the RESOLV_CONF (defaults to /etc/resolv.conf + * \param[out] r the new resolver + * \param[in] filename the filename to use + * \return LDNS_STATUS_OK or the error + */ +ldns_status ldns_resolver_new_frm_file(ldns_resolver **r, const char *filename); + +/** + * Frees the allocated space for this resolver. Only frees the resolver pionter! You should probably be using _deep_free. + * \param res resolver to free + */ +void ldns_resolver_free(ldns_resolver *res); + +/** + * Frees the allocated space for this resolver and all it's data + * \param res resolver to free + */ +void ldns_resolver_deep_free(ldns_resolver *res); + +/** + * Get the next stream of RRs in a AXFR + * \param[in] resolver the resolver to use. First ldns_axfr_start() must be + * called + * \return ldns_rr the next RR from the AXFR stream + * After you get this returned RR (not NULL: on error), then check if + * ldns_axfr_complete() is true to see if the zone transfer has completed. + */ +ldns_rr* ldns_axfr_next(ldns_resolver *resolver); + +/** + * Abort a transfer that is in progress + * \param[in] resolver the resolver that is used + */ +void ldns_axfr_abort(ldns_resolver *resolver); + +/** + * Returns true if the axfr transfer has completed (i.e. 2 SOA RRs and no errors were encountered + * \param[in] resolver the resolver that is used + * \return bool true if axfr transfer was completed without error + */ +bool ldns_axfr_complete(const ldns_resolver *resolver); + +/** + * Returns a pointer to the last ldns_pkt that was sent by the server in the AXFR transfer + * uasable for instance to get the error code on failure + * \param[in] res the resolver that was used in the axfr transfer + * \return ldns_pkt the last packet sent + */ +ldns_pkt *ldns_axfr_last_pkt(const ldns_resolver *res); + +/** + * Get the serial for requesting IXFR. + * \param[in] r the resolver + * \param[in] serial serial + */ +void ldns_resolver_set_ixfr_serial(ldns_resolver *r, uint32_t serial); + +/** + * Get the serial for requesting IXFR. + * \param[in] res the resolver + * \return uint32_t serial + */ +uint32_t ldns_resolver_get_ixfr_serial(const ldns_resolver *res); + +/** + * Randomize the nameserver list in the resolver + * \param[in] r the resolver + */ +void ldns_resolver_nameservers_randomize(ldns_resolver *r); + +/** + * Returns true if at least one of the provided keys is a trust anchor + * \param[in] r the current resolver + * \param[in] keys the keyset to check + * \param[out] trusted_keys the subset of trusted keys in the 'keys' rrset + * \return true if at least one of the provided keys is a configured trust anchor + */ +bool ldns_resolver_trusted_key(const ldns_resolver *r, ldns_rr_list * keys, ldns_rr_list * trusted_keys); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_RESOLVER_H */ diff --git a/ldns/include/ldns/rr.h b/ldns/include/ldns/rr.h new file mode 100644 index 0000000..75ac352 --- /dev/null +++ b/ldns/include/ldns/rr.h @@ -0,0 +1,929 @@ +/* + * rr.h - resource record definitions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Contains the definition of ldns_rr and functions to manipulate those. + */ + + +#ifndef LDNS_RR_H +#define LDNS_RR_H + +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** Maximum length of a dname label */ +#define LDNS_MAX_LABELLEN 63 +/** Maximum length of a complete dname */ +#define LDNS_MAX_DOMAINLEN 255 +/** Maximum number of pointers in 1 dname */ +#define LDNS_MAX_POINTERS 65535 +/** The bytes TTL, CLASS and length use up in an rr */ +#define LDNS_RR_OVERHEAD 10 + +/* The first fields are contiguous and can be referenced instantly */ +#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 258 + + + +/** + * The different RR classes. + */ +enum ldns_enum_rr_class +{ + /** the Internet */ + LDNS_RR_CLASS_IN = 1, + /** Chaos class */ + LDNS_RR_CLASS_CH = 3, + /** Hesiod (Dyer 87) */ + LDNS_RR_CLASS_HS = 4, + /** None class, dynamic update */ + LDNS_RR_CLASS_NONE = 254, + /** Any class */ + LDNS_RR_CLASS_ANY = 255, + + LDNS_RR_CLASS_FIRST = 0, + LDNS_RR_CLASS_LAST = 65535, + LDNS_RR_CLASS_COUNT = LDNS_RR_CLASS_LAST - LDNS_RR_CLASS_FIRST + 1 +}; +typedef enum ldns_enum_rr_class ldns_rr_class; + +/** + * Used to specify whether compression is allowed. + */ +enum ldns_enum_rr_compress +{ + /** compression is allowed */ + LDNS_RR_COMPRESS, + LDNS_RR_NO_COMPRESS +}; +typedef enum ldns_enum_rr_compress ldns_rr_compress; + +/** + * The different RR types. + */ +enum ldns_enum_rr_type +{ + /** a host address */ + LDNS_RR_TYPE_A = 1, + /** an authoritative name server */ + LDNS_RR_TYPE_NS = 2, + /** a mail destination (Obsolete - use MX) */ + LDNS_RR_TYPE_MD = 3, + /** a mail forwarder (Obsolete - use MX) */ + LDNS_RR_TYPE_MF = 4, + /** the canonical name for an alias */ + LDNS_RR_TYPE_CNAME = 5, + /** marks the start of a zone of authority */ + LDNS_RR_TYPE_SOA = 6, + /** a mailbox domain name (EXPERIMENTAL) */ + LDNS_RR_TYPE_MB = 7, + /** a mail group member (EXPERIMENTAL) */ + LDNS_RR_TYPE_MG = 8, + /** a mail rename domain name (EXPERIMENTAL) */ + LDNS_RR_TYPE_MR = 9, + /** a null RR (EXPERIMENTAL) */ + LDNS_RR_TYPE_NULL = 10, + /** a well known service description */ + LDNS_RR_TYPE_WKS = 11, + /** a domain name pointer */ + LDNS_RR_TYPE_PTR = 12, + /** host information */ + LDNS_RR_TYPE_HINFO = 13, + /** mailbox or mail list information */ + LDNS_RR_TYPE_MINFO = 14, + /** mail exchange */ + LDNS_RR_TYPE_MX = 15, + /** text strings */ + LDNS_RR_TYPE_TXT = 16, + /** RFC1183 */ + LDNS_RR_TYPE_RP = 17, + /** RFC1183 */ + LDNS_RR_TYPE_AFSDB = 18, + /** RFC1183 */ + LDNS_RR_TYPE_X25 = 19, + /** RFC1183 */ + LDNS_RR_TYPE_ISDN = 20, + /** RFC1183 */ + LDNS_RR_TYPE_RT = 21, + /** RFC1706 */ + LDNS_RR_TYPE_NSAP = 22, + /** RFC1348 */ + LDNS_RR_TYPE_NSAP_PTR = 23, + /** 2535typecode */ + LDNS_RR_TYPE_SIG = 24, + /** 2535typecode */ + LDNS_RR_TYPE_KEY = 25, + /** RFC2163 */ + LDNS_RR_TYPE_PX = 26, + /** RFC1712 */ + LDNS_RR_TYPE_GPOS = 27, + /** ipv6 address */ + LDNS_RR_TYPE_AAAA = 28, + /** LOC record RFC1876 */ + LDNS_RR_TYPE_LOC = 29, + /** 2535typecode */ + LDNS_RR_TYPE_NXT = 30, + /** draft-ietf-nimrod-dns-01.txt */ + LDNS_RR_TYPE_EID = 31, + /** draft-ietf-nimrod-dns-01.txt */ + LDNS_RR_TYPE_NIMLOC = 32, + /** SRV record RFC2782 */ + LDNS_RR_TYPE_SRV = 33, + /** http://www.jhsoft.com/rfc/af-saa-0069.000.rtf */ + LDNS_RR_TYPE_ATMA = 34, + /** RFC2915 */ + LDNS_RR_TYPE_NAPTR = 35, + /** RFC2230 */ + LDNS_RR_TYPE_KX = 36, + /** RFC2538 */ + LDNS_RR_TYPE_CERT = 37, + /** RFC2874 */ + LDNS_RR_TYPE_A6 = 38, + /** RFC2672 */ + LDNS_RR_TYPE_DNAME = 39, + /** dnsind-kitchen-sink-02.txt */ + LDNS_RR_TYPE_SINK = 40, + /** Pseudo OPT record... */ + LDNS_RR_TYPE_OPT = 41, + /** RFC3123 */ + LDNS_RR_TYPE_APL = 42, + /** RFC4034, RFC3658 */ + LDNS_RR_TYPE_DS = 43, + /** SSH Key Fingerprint */ + LDNS_RR_TYPE_SSHFP = 44, /* RFC 4255 */ + /** IPsec Key */ + LDNS_RR_TYPE_IPSECKEY = 45, /* RFC 4025 */ + /** DNSSEC */ + LDNS_RR_TYPE_RRSIG = 46, /* RFC 4034 */ + LDNS_RR_TYPE_NSEC = 47, /* RFC 4034 */ + LDNS_RR_TYPE_DNSKEY = 48, /* RFC 4034 */ + + LDNS_RR_TYPE_DHCID = 49, /* RFC 4701 */ + /* NSEC3 */ + LDNS_RR_TYPE_NSEC3 = 50, /* RFC 5155 */ + LDNS_RR_TYPE_NSEC3PARAM = 51, /* RFC 5155 */ + LDNS_RR_TYPE_NSEC3PARAMS = 51, + LDNS_RR_TYPE_TLSA = 52, /* RFC 6698 */ + + LDNS_RR_TYPE_HIP = 55, /* RFC 5205 */ + + /** draft-reid-dnsext-zs */ + LDNS_RR_TYPE_NINFO = 56, + /** draft-reid-dnsext-rkey */ + LDNS_RR_TYPE_RKEY = 57, + /** draft-ietf-dnsop-trust-history */ + LDNS_RR_TYPE_TALINK = 58, + LDNS_RR_TYPE_CDS = 59, /* RFC 7344 */ + LDNS_RR_TYPE_CDNSKEY = 60, /* RFC 7344 */ + /** draft-ietf-dane-openpgpkey */ + LDNS_RR_TYPE_OPENPGPKEY = 61, + + LDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ + + LDNS_RR_TYPE_UINFO = 100, + LDNS_RR_TYPE_UID = 101, + LDNS_RR_TYPE_GID = 102, + LDNS_RR_TYPE_UNSPEC = 103, + + LDNS_RR_TYPE_NID = 104, /* RFC 6742 */ + LDNS_RR_TYPE_L32 = 105, /* RFC 6742 */ + LDNS_RR_TYPE_L64 = 106, /* RFC 6742 */ + LDNS_RR_TYPE_LP = 107, /* RFC 6742 */ + + LDNS_RR_TYPE_EUI48 = 108, /* RFC 7043 */ + LDNS_RR_TYPE_EUI64 = 109, /* RFC 7043 */ + + LDNS_RR_TYPE_TKEY = 249, /* RFC 2930 */ + LDNS_RR_TYPE_TSIG = 250, + LDNS_RR_TYPE_IXFR = 251, + LDNS_RR_TYPE_AXFR = 252, + /** A request for mailbox-related records (MB, MG or MR) */ + LDNS_RR_TYPE_MAILB = 253, + /** A request for mail agent RRs (Obsolete - see MX) */ + LDNS_RR_TYPE_MAILA = 254, + /** any type (wildcard) */ + LDNS_RR_TYPE_ANY = 255, + /** draft-faltstrom-uri-06 */ + LDNS_RR_TYPE_URI = 256, + LDNS_RR_TYPE_CAA = 257, /* RFC 6844 */ + + /** DNSSEC Trust Authorities */ + LDNS_RR_TYPE_TA = 32768, + /* RFC 4431, 5074, DNSSEC Lookaside Validation */ + LDNS_RR_TYPE_DLV = 32769, + + /* type codes from nsec3 experimental phase + LDNS_RR_TYPE_NSEC3 = 65324, + LDNS_RR_TYPE_NSEC3PARAMS = 65325, */ + LDNS_RR_TYPE_FIRST = 0, + LDNS_RR_TYPE_LAST = 65535, + LDNS_RR_TYPE_COUNT = LDNS_RR_TYPE_LAST - LDNS_RR_TYPE_FIRST + 1 +}; +typedef enum ldns_enum_rr_type ldns_rr_type; + +/** + * Resource Record + * + * This is the basic DNS element that contains actual data + * + * From RFC1035: + * 
+3.2.1. Format
+
+All RRs have the same top level format shown below:
+
+                                    1  1  1  1  1  1
+      0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                                               |
+    /                                               /
+    /                      NAME                     /
+    |                                               |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                      TYPE                     |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                     CLASS                     |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                      TTL                      |
+    |                                               |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                   RDLENGTH                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
+    /                     RDATA                     /
+    /                                               /
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NAME            an owner name, i.e., the name of the node to which this
+                resource record pertains.
+
+TYPE            two octets containing one of the RR TYPE codes.
+
+CLASS           two octets containing one of the RR CLASS codes.
+
+TTL             a 32 bit signed integer that specifies the time interval
+                that the resource record may be cached before the source
+                of the information should again be consulted.  Zero
+                values are interpreted to mean that the RR can only be
+                used for the transaction in progress, and should not be
+                cached.  For example, SOA records are always distributed
+                with a zero TTL to prohibit caching.  Zero values can
+                also be used for extremely volatile data.
+
+RDLENGTH        an unsigned 16 bit integer that specifies the length in
+                octets of the RDATA field.
+
+RDATA           a variable length string of octets that describes the
+                resource.  The format of this information varies
+                according to the TYPE and CLASS of the resource record.
+ *
+ * + * The actual amount and type of rdata fields depend on the RR type of the + * RR, and can be found by using \ref ldns_rr_descriptor functions. + */ +struct ldns_struct_rr +{ + /** Owner name, uncompressed */ + ldns_rdf *_owner; + /** Time to live */ + uint32_t _ttl; + /** Number of data fields */ + size_t _rd_count; + /** the type of the RR. A, MX etc. */ + ldns_rr_type _rr_type; + /** Class of the resource record. */ + ldns_rr_class _rr_class; + /* everything in the rdata is in network order */ + /** The array of rdata's */ + ldns_rdf **_rdata_fields; + /** question rr [it would be nicer if thous is after _rd_count] + ABI change: Fix this in next major release + */ + bool _rr_question; +}; +typedef struct ldns_struct_rr ldns_rr; + +/** + * List or Set of Resource Records + * + * Contains a list of rr's
+ * No official RFC-like checks are made + */ +struct ldns_struct_rr_list +{ + size_t _rr_count; + size_t _rr_capacity; + ldns_rr **_rrs; +}; +typedef struct ldns_struct_rr_list ldns_rr_list; + +/** + * Contains all information about resource record types. + * + * This structure contains, for all rr types, the rdata fields that are defined. + */ +struct ldns_struct_rr_descriptor +{ + /** Type of the RR that is described here */ + ldns_rr_type _type; + /** Textual name of the RR type. */ + const char *_name; + /** Minimum number of rdata fields in the RRs of this type. */ + uint8_t _minimum; + /** Maximum number of rdata fields in the RRs of this type. */ + uint8_t _maximum; + /** Wireformat specification for the rr, i.e. the types of rdata fields in their respective order. */ + const ldns_rdf_type *_wireformat; + /** Special rdf types */ + ldns_rdf_type _variable; + /** Specifies whether compression can be used for dnames in this RR type. */ + ldns_rr_compress _compress; + /** The number of DNAMEs in the _wireformat string, for parsing. */ + uint8_t _dname_count; +}; +typedef struct ldns_struct_rr_descriptor ldns_rr_descriptor; + + +/** + * Create a rr type bitmap rdf providing enough space to set all + * known (to ldns) rr types. + * \param[out] rdf the constructed rdf + * \return LDNS_STATUS_OK if all went well. + */ +ldns_status ldns_rdf_bitmap_known_rr_types_space(ldns_rdf** rdf); + +/** + * Create a rr type bitmap rdf with at least all known (to ldns) rr types set. + * \param[out] rdf the constructed rdf + * \return LDNS_STATUS_OK if all went well. + */ +ldns_status ldns_rdf_bitmap_known_rr_types(ldns_rdf** rdf); + + +/** + * creates a new rr structure. + * \return ldns_rr * + */ +ldns_rr* ldns_rr_new(void); + +/** + * creates a new rr structure, based on the given type. + * alloc enough space to hold all the rdf's + */ +ldns_rr* ldns_rr_new_frm_type(ldns_rr_type t); + +/** + * frees an RR structure + * \param[in] *rr the RR to be freed + * \return void + */ +void ldns_rr_free(ldns_rr *rr); + +/** + * creates an rr from a string. + * The string should be a fully filled-in rr, like + * ownername <space> TTL <space> CLASS <space> + * TYPE <space> RDATA. + * \param[out] n the rr to return + * \param[in] str the string to convert + * \param[in] default_ttl default ttl value for the rr. + * If 0 DEF_TTL will be used + * \param[in] origin when the owner is relative add this. + * The caller must ldns_rdf_deep_free it. + * \param[out] prev the previous ownername. if this value is not NULL, + * the function overwrites this with the ownername found in this + * string. The caller must then ldns_rdf_deep_free it. + * \return a status msg describing an error or LDNS_STATUS_OK + */ +ldns_status ldns_rr_new_frm_str(ldns_rr **n, const char *str, + uint32_t default_ttl, ldns_rdf *origin, + ldns_rdf **prev); + +/** + * creates an rr for the question section from a string, i.e. + * without RDATA fields + * Origin and previous RR functionality are the same as in + * ldns_rr_new_frm_str() + * \param[out] n the rr to return + * \param[in] str the string to convert + * \param[in] origin when the owner is relative add this. + * The caller must ldns_rdf_deep_free it. + * \param prev the previous ownername. the function overwrite this with + * the current found ownername. The caller must ldns_rdf_deep_free it. + * \return a status msg describing an error or LDNS_STATUS_OK + */ +ldns_status ldns_rr_new_question_frm_str(ldns_rr **n, const char *str, + ldns_rdf *origin, ldns_rdf **prev); + +/** + * creates a new rr from a file containing a string. + * \param[out] rr the new rr + * \param[in] fp the file pointer to use + * \param[in] default_ttl pointer to a default ttl for the rr. If NULL DEF_TTL will be used + * the pointer will be updated if the file contains a $TTL directive + * \param[in] origin when the owner is relative add this + * the pointer will be updated if the file contains a $ORIGIN directive + * The caller must ldns_rdf_deep_free it. + * \param[in] prev when the owner is whitespaces use this as the * ownername + * the pointer will be updated after the call + * The caller must ldns_rdf_deep_free it. + * \return a ldns_status with an error or LDNS_STATUS_OK + */ +ldns_status ldns_rr_new_frm_fp(ldns_rr **rr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev); + +/** + * creates a new rr from a file containing a string. + * \param[out] rr the new rr + * \param[in] fp the file pointer to use + * \param[in] default_ttl a default ttl for the rr. If NULL DEF_TTL will be used + * the pointer will be updated if the file contains a $TTL directive + * \param[in] origin when the owner is relative add this + * the pointer will be updated if the file contains a $ORIGIN directive + * The caller must ldns_rdf_deep_free it. + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \param[in] prev when the owner is whitespaces use this as the * ownername + * the pointer will be updated after the call + * The caller must ldns_rdf_deep_free it. + * \return a ldns_status with an error or LDNS_STATUS_OK + */ +ldns_status ldns_rr_new_frm_fp_l(ldns_rr **rr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr); + +/** + * sets the owner in the rr structure. + * \param[in] *rr rr to operate on + * \param[in] *owner set to this owner + * \return void + */ +void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner); + +/** + * sets the question flag in the rr structure. + * \param[in] *rr rr to operate on + * \param[in] question question flag + * \return void + */ +void ldns_rr_set_question(ldns_rr *rr, bool question); + +/** + * sets the ttl in the rr structure. + * \param[in] *rr rr to operate on + * \param[in] ttl set to this ttl + * \return void + */ +void ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl); + +/** + * sets the rd_count in the rr. + * \param[in] *rr rr to operate on + * \param[in] count set to this count + * \return void + */ +void ldns_rr_set_rd_count(ldns_rr *rr, size_t count); + +/** + * sets the type in the rr. + * \param[in] *rr rr to operate on + * \param[in] rr_type set to this type + * \return void + */ +void ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type); + +/** + * sets the class in the rr. + * \param[in] *rr rr to operate on + * \param[in] rr_class set to this class + * \return void + */ +void ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class); + +/** + * sets a rdf member, it will be set on the + * position given. The old value is returned, like pop. + * \param[in] *rr the rr to operate on + * \param[in] *f the rdf to set + * \param[in] position the position the set the rdf + * \return the old value in the rr, NULL on failyre + */ +ldns_rdf* ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position); + +/** + * sets rd_field member, it will be + * placed in the next available spot. + * \param[in] *rr rr to operate on + * \param[in] *f the data field member to set + * \return bool + */ +bool ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f); + +/** + * removes a rd_field member, it will be + * popped from the last position. + * \param[in] *rr rr to operate on + * \return rdf which was popped (null if nothing) + */ +ldns_rdf* ldns_rr_pop_rdf(ldns_rr *rr); + +/** + * returns the rdata field member counter. + * \param[in] *rr rr to operate on + * \param[in] nr the number of the rdf to return + * \return ldns_rdf * + */ +ldns_rdf* ldns_rr_rdf(const ldns_rr *rr, size_t nr); + +/** + * returns the owner name of an rr structure. + * \param[in] *rr rr to operate on + * \return ldns_rdf * + */ +ldns_rdf* ldns_rr_owner(const ldns_rr *rr); + +/** + * returns the question flag of an rr structure. + * \param[in] *rr rr to operate on + * \return bool true if question + */ +bool ldns_rr_is_question(const ldns_rr *rr); + +/** + * returns the ttl of an rr structure. + * \param[in] *rr the rr to read from + * \return the ttl of the rr + */ +uint32_t ldns_rr_ttl(const ldns_rr *rr); + +/** + * returns the rd_count of an rr structure. + * \param[in] *rr the rr to read from + * \return the rd count of the rr + */ +size_t ldns_rr_rd_count(const ldns_rr *rr); + +/** + * returns the type of the rr. + * \param[in] *rr the rr to read from + * \return the type of the rr + */ +ldns_rr_type ldns_rr_get_type(const ldns_rr *rr); + +/** + * returns the class of the rr. + * \param[in] *rr the rr to read from + * \return the class of the rr + */ +ldns_rr_class ldns_rr_get_class(const ldns_rr *rr); + +/* rr_lists */ + +/** + * returns the number of rr's in an rr_list. + * \param[in] rr_list the rr_list to read from + * \return the number of rr's + */ +size_t ldns_rr_list_rr_count(const ldns_rr_list *rr_list); + +/** + * sets the number of rr's in an rr_list. + * \param[in] rr_list the rr_list to set the count on + * \param[in] count the number of rr in this list + * \return void + */ +void ldns_rr_list_set_rr_count(ldns_rr_list *rr_list, size_t count); + +/** + * set a rr on a specific index in a ldns_rr_list + * \param[in] rr_list the rr_list to use + * \param[in] r the rr to set + * \param[in] count index into the rr_list + * \return the old rr which was stored in the rr_list, or + * NULL is the index was too large + * set a specific rr */ +ldns_rr * ldns_rr_list_set_rr(ldns_rr_list *rr_list, const ldns_rr *r, size_t count); + +/** + * returns a specific rr of an rrlist. + * \param[in] rr_list the rr_list to read from + * \param[in] nr return this rr + * \return the rr at position nr + */ +ldns_rr* ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr); + +/** + * creates a new rr_list structure. + * \return a new rr_list structure + */ +ldns_rr_list* ldns_rr_list_new(void); + +/** + * frees an rr_list structure. + * \param[in] rr_list the list to free + */ +void ldns_rr_list_free(ldns_rr_list *rr_list); + +/** + * frees an rr_list structure and all rrs contained therein. + * \param[in] rr_list the list to free + */ +void ldns_rr_list_deep_free(ldns_rr_list *rr_list); + +/** + * concatenates two ldns_rr_lists together. This modifies + * *left (to extend it and add the pointers from *right). + * \param[in] left the leftside + * \param[in] right the rightside + * \return a left with right concatenated to it + */ +bool ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right); + +/** + * concatenates two ldns_rr_lists together, but makes clones of the rr's + * (instead of pointer copying). + * \param[in] left the leftside + * \param[in] right the rightside + * \return a new rr_list with leftside/rightside concatenated + */ +ldns_rr_list* ldns_rr_list_cat_clone(ldns_rr_list *left, ldns_rr_list *right); + +/** + * pushes an rr to an rrlist. + * \param[in] rr_list the rr_list to push to + * \param[in] rr the rr to push + * \return false on error, otherwise true + */ +bool ldns_rr_list_push_rr(ldns_rr_list *rr_list, const ldns_rr *rr); + +/** + * pushes an rr_list to an rrlist. + * \param[in] rr_list the rr_list to push to + * \param[in] push_list the rr_list to push + * \return false on error, otherwise true + */ +bool ldns_rr_list_push_rr_list(ldns_rr_list *rr_list, const ldns_rr_list *push_list); + +/** + * pops the last rr from an rrlist. + * \param[in] rr_list the rr_list to pop from + * \return NULL if nothing to pop. Otherwise the popped RR + */ +ldns_rr* ldns_rr_list_pop_rr(ldns_rr_list *rr_list); + +/** + * pops an rr_list of size s from an rrlist. + * \param[in] rr_list the rr_list to pop from + * \param[in] size the number of rr's to pop + * \return NULL if nothing to pop. Otherwise the popped rr_list + */ +ldns_rr_list* ldns_rr_list_pop_rr_list(ldns_rr_list *rr_list, size_t size); + +/** + * returns true if the given rr is one of the rrs in the + * list, or if it is equal to one + * \param[in] rr_list the rr_list to check + * \param[in] rr the rr to check + * \return true if rr_list contains rr, false otherwise + */ +bool ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, ldns_rr *rr); + +/** + * checks if an rr_list is a rrset. + * \param[in] rr_list the rr_list to check + * \return true if it is an rrset otherwise false + */ +bool ldns_is_rrset(ldns_rr_list *rr_list); + +/** + * pushes an rr to an rrset (which really are rr_list's). + * \param[in] *rr_list the rrset to push the rr to + * \param[in] *rr the rr to push + * \return true if the push succeeded otherwise false + */ +bool ldns_rr_set_push_rr(ldns_rr_list *rr_list, ldns_rr *rr); + +/** + * pops the last rr from an rrset. This function is there only + * for the symmetry. + * \param[in] rr_list the rr_list to pop from + * \return NULL if nothing to pop. Otherwise the popped RR + * + */ +ldns_rr* ldns_rr_set_pop_rr(ldns_rr_list *rr_list); + +/** + * pops the first rrset from the list, + * the list must be sorted, so that all rr's from each rrset + * are next to each other + */ +ldns_rr_list *ldns_rr_list_pop_rrset(ldns_rr_list *rr_list); + + +/** + * retrieves a rrtype by looking up its name. + * \param[in] name a string with the name + * \return the type which corresponds with the name + */ +ldns_rr_type ldns_get_rr_type_by_name(const char *name); + +/** + * retrieves a class by looking up its name. + * \param[in] name string with the name + * \return the cass which corresponds with the name + */ +ldns_rr_class ldns_get_rr_class_by_name(const char *name); + +/** + * clones a rr and all its data + * \param[in] rr the rr to clone + * \return the new rr or NULL on failure + */ +ldns_rr* ldns_rr_clone(const ldns_rr *rr); + +/** + * clones an rrlist. + * \param[in] rrlist the rrlist to clone + * \return the cloned rr list + */ +ldns_rr_list* ldns_rr_list_clone(const ldns_rr_list *rrlist); + +/** + * sorts an rr_list (canonical wire format). the sorting is done inband. + * \param[in] unsorted the rr_list to be sorted + * \return void + */ +void ldns_rr_list_sort(ldns_rr_list *unsorted); + +/** + * compares two rrs. The TTL is not looked at. + * \param[in] rr1 the first one + * \param[in] rr2 the second one + * \return 0 if equal + * -1 if rr1 comes before rr2 + * +1 if rr2 comes before rr1 + */ +int ldns_rr_compare(const ldns_rr *rr1, const ldns_rr *rr2); + +/** + * compares two rrs, up to the rdata. + * \param[in] rr1 the first one + * \param[in] rr2 the second one + * \return 0 if equal + * -1 if rr1 comes before rr2 + * +1 if rr2 comes before rr1 + */ +int ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2); + +/** + * compares the wireformat of two rrs, contained in the given buffers. + * \param[in] rr1_buf the first one + * \param[in] rr2_buf the second one + * \return 0 if equal + * -1 if rr1_buf comes before rr2_buf + * +1 if rr2_buf comes before rr1_buf + */ +int ldns_rr_compare_wire(ldns_buffer *rr1_buf, ldns_buffer *rr2_buf); + +/** + * returns true of the given rr's are equal. + * Also returns true if one record is a DS that represents the + * same DNSKEY record as the other record + * \param[in] rr1 the first rr + * \param[in] rr2 the second rr + * \return true if equal otherwise false + */ +bool ldns_rr_compare_ds(const ldns_rr *rr1, const ldns_rr *rr2); + +/** + * compares two rr listss. + * \param[in] rrl1 the first one + * \param[in] rrl2 the second one + * \return 0 if equal + * -1 if rrl1 comes before rrl2 + * +1 if rrl2 comes before rrl1 + */ +int ldns_rr_list_compare(const ldns_rr_list *rrl1, const ldns_rr_list *rrl2); + +/** + * calculates the uncompressed size of an RR. + * \param[in] r the rr to operate on + * \return size of the rr + */ +size_t ldns_rr_uncompressed_size(const ldns_rr *r); + +/** + * converts each dname in a rr to its canonical form. + * \param[in] rr the rr to work on + * \return void + */ +void ldns_rr2canonical(ldns_rr *rr); + +/** + * converts each dname in each rr in a rr_list to its canonical form. + * \param[in] rr_list the rr_list to work on + * \return void + */ +void ldns_rr_list2canonical(ldns_rr_list *rr_list); + +/** + * counts the number of labels of the ownername. + * \param[in] rr count the labels of this rr + * \return the number of labels + */ +uint8_t ldns_rr_label_count(ldns_rr *rr); + +/** + * returns the resource record descriptor for the given rr type. + * + * \param[in] type the type value of the rr type + *\return the ldns_rr_descriptor for this type + */ +const ldns_rr_descriptor *ldns_rr_descript(uint16_t type); + +/** + * returns the minimum number of rdata fields of the rr type this descriptor describes. + * + * \param[in] descriptor for an rr type + * \return the minimum number of rdata fields + */ +size_t ldns_rr_descriptor_minimum(const ldns_rr_descriptor *descriptor); + +/** + * returns the maximum number of rdata fields of the rr type this descriptor describes. + * + * \param[in] descriptor for an rr type + * \return the maximum number of rdata fields + */ +size_t ldns_rr_descriptor_maximum(const ldns_rr_descriptor *descriptor); + +/** + * returns the rdf type for the given rdata field number of the rr type for the given descriptor. + * + * \param[in] descriptor for an rr type + * \param[in] field the field number + * \return the rdf type for the field + */ +ldns_rdf_type ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor, size_t field); + +/** + * Return the rr_list which matches the rdf at position field. Think + * type-covered stuff for RRSIG + * + * \param[in] l the rr_list to look in + * \param[in] r the rdf to use for the comparison + * \param[in] pos at which position can we find the rdf + * + * \return a new rr list with only the RRs that match + * + */ +ldns_rr_list *ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, size_t pos); + +/** + * convert an rdf of type LDNS_RDF_TYPE_TYPE to an actual + * LDNS_RR_TYPE. This is usefull in the case when inspecting + * the rrtype covered field of an RRSIG. + * \param[in] rd the rdf to look at + * \return a ldns_rr_type with equivalent LDNS_RR_TYPE + * + */ +ldns_rr_type ldns_rdf2rr_type(const ldns_rdf *rd); + +/** + * Returns the type of the first element of the RR + * If there are no elements present, 0 is returned + * + * \param[in] rr_list The rr list + * \return rr_type of the first element, or 0 if the list is empty + */ +ldns_rr_type +ldns_rr_list_type(const ldns_rr_list *rr_list); + +/** + * Returns the owner domain name rdf of the first element of the RR + * If there are no elements present, NULL is returned + * + * \param[in] rr_list The rr list + * \return dname of the first element, or NULL if the list is empty + */ +ldns_rdf * +ldns_rr_list_owner(const ldns_rr_list *rr_list); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_RR_H */ diff --git a/ldns/include/ldns/rr_functions.h b/ldns/include/ldns/rr_functions.h new file mode 100644 index 0000000..09a28dd --- /dev/null +++ b/ldns/include/ldns/rr_functions.h @@ -0,0 +1,363 @@ +/* + * rr_functions.h + * + * the .h file with defs for the per rr + * functions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ +#ifndef LDNS_RR_FUNCTIONS_H +#define LDNS_RR_FUNCTIONS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \file + * + * Defines some extra convenience functions for ldns_rr structures + */ + +/* A / AAAA */ +/** + * returns the address of a LDNS_RR_TYPE_A rr + * \param[in] r the resource record + * \return a ldns_rdf* with the address or NULL on failure + */ +ldns_rdf* ldns_rr_a_address(const ldns_rr *r); + +/** + * sets the address of a LDNS_RR_TYPE_A rr + * \param[in] r the rr to use + * \param[in] f the address to set + * \return true on success, false otherwise + */ +bool ldns_rr_a_set_address(ldns_rr *r, ldns_rdf *f); + +/* NS */ +/** + * returns the name of a LDNS_RR_TYPE_NS rr + * \param[in] r the resource record + * \return a ldns_rdf* with the name or NULL on failure + */ +ldns_rdf* ldns_rr_ns_nsdname(const ldns_rr *r); + +/* MX */ +/** + * returns the mx pref. of a LDNS_RR_TYPE_MX rr + * \param[in] r the resource record + * \return a ldns_rdf* with the preference or NULL on failure + */ +ldns_rdf* ldns_rr_mx_preference(const ldns_rr *r); +/** + * returns the mx host of a LDNS_RR_TYPE_MX rr + * \param[in] r the resource record + * \return a ldns_rdf* with the name of the MX host or NULL on failure + */ +ldns_rdf* ldns_rr_mx_exchange(const ldns_rr *r); + +/* RRSIG */ +/** + * returns the type covered of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the resource record + * \return a ldns_rdf* with the type covered or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_typecovered(const ldns_rr *r); +/** + * sets the typecovered of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the typecovered to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_typecovered(ldns_rr *r, ldns_rdf *f); +/** + * returns the algorithm of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the algorithm or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_algorithm(const ldns_rr *r); +/** + * sets the algorithm of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the algorithm to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_algorithm(ldns_rr *r, ldns_rdf *f); +/** + * returns the number of labels of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the number of labels or NULL on failure + */ +ldns_rdf *ldns_rr_rrsig_labels(const ldns_rr *r); +/** + * sets the number of labels of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the number of labels to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_labels(ldns_rr *r, ldns_rdf *f); +/** + * returns the original TTL of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the original TTL or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_origttl(const ldns_rr *r); +/** + * sets the original TTL of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the original TTL to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_origttl(ldns_rr *r, ldns_rdf *f); +/** + * returns the expiration time of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the expiration time or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_expiration(const ldns_rr *r); +/** + * sets the expireation date of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the expireation date to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_expiration(ldns_rr *r, ldns_rdf *f); +/** + * returns the inception time of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the inception time or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_inception(const ldns_rr *r); +/** + * sets the inception date of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the inception date to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_inception(ldns_rr *r, ldns_rdf *f); +/** + * returns the keytag of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the keytag or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_keytag(const ldns_rr *r); +/** + * sets the keytag of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the keytag to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_keytag(ldns_rr *r, ldns_rdf *f); +/** + * returns the signers name of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the signers name or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_signame(const ldns_rr *r); +/** + * sets the signers name of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the signers name to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_signame(ldns_rr *r, ldns_rdf *f); +/** + * returns the signature data of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the signature data or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_sig(const ldns_rr *r); +/** + * sets the signature data of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the signature data to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_sig(ldns_rr *r, ldns_rdf *f); + +/* DNSKEY */ +/** + * returns the flags of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the resource record + * \return a ldns_rdf* with the flags or NULL on failure + */ +ldns_rdf* ldns_rr_dnskey_flags(const ldns_rr *r); +/** + * sets the flags of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the rr to use + * \param[in] f the flags to set + * \return true on success, false otherwise + */ +bool ldns_rr_dnskey_set_flags(ldns_rr *r, ldns_rdf *f); +/** + * returns the protocol of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the resource record + * \return a ldns_rdf* with the protocol or NULL on failure + */ +ldns_rdf* ldns_rr_dnskey_protocol(const ldns_rr *r); +/** + * sets the protocol of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the rr to use + * \param[in] f the protocol to set + * \return true on success, false otherwise + */ +bool ldns_rr_dnskey_set_protocol(ldns_rr *r, ldns_rdf *f); +/** + * returns the algorithm of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the resource record + * \return a ldns_rdf* with the algorithm or NULL on failure + */ +ldns_rdf* ldns_rr_dnskey_algorithm(const ldns_rr *r); +/** + * sets the algorithm of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the rr to use + * \param[in] f the algorithm to set + * \return true on success, false otherwise + */ +bool ldns_rr_dnskey_set_algorithm(ldns_rr *r, ldns_rdf *f); +/** + * returns the key data of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the resource record + * \return a ldns_rdf* with the key data or NULL on failure + */ +ldns_rdf* ldns_rr_dnskey_key(const ldns_rr *r); +/** + * sets the key data of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the rr to use + * \param[in] f the key data to set + * \return true on success, false otherwise + */ +bool ldns_rr_dnskey_set_key(ldns_rr *r, ldns_rdf *f); + +/** + * get the length of the keydata in bits + * \param[in] keydata the raw key data + * \param[in] len the length of the keydata + * \param[in] alg the cryptographic algorithm this is a key for + * \return the keysize in bits, or 0 on error + */ +size_t ldns_rr_dnskey_key_size_raw(const unsigned char *keydata, + const size_t len, + const ldns_algorithm alg); + +/** + * get the length of the keydata in bits + * \param[in] key the key rr to use + * \return the keysize in bits + */ +size_t ldns_rr_dnskey_key_size(const ldns_rr *key); + +/** + * The type of function to be passed to ldns_rr_soa_increment_func, + * ldns_rr_soa_increment_func_data or ldns_rr_soa_increment_int. + * The function will be called with as the first argument the current serial + * number of the SOA RR to be updated, and as the second argument a value + * given when calling ldns_rr_soa_increment_func_data or + * ldns_rr_soa_increment_int. With ldns_rr_soa_increment_int the pointer + * value holds the integer value passed to ldns_rr_soa_increment_int, + * and it should be cast to intptr_t to be used as an integer by the + * serial modifying function. + */ +typedef uint32_t (*ldns_soa_serial_increment_func_t)(uint32_t, void*); + +/** + * Function to be used with dns_rr_soa_increment_func_int, to set the soa + * serial number. + * \param[in] unused the (unused) current serial number. + * \param[in] data the serial number to be set. + */ +uint32_t ldns_soa_serial_identity(uint32_t unused, void *data); + +/** + * Function to be used with dns_rr_soa_increment_func, to increment the soa + * serial number with one. + * \param[in] s the current serial number. + * \param[in] unused unused. + */ +uint32_t ldns_soa_serial_increment(uint32_t s, void *unused); + +/** + * Function to be used with dns_rr_soa_increment_func_int, to increment the soa + * serial number with a certain amount. + * \param[in] s the current serial number. + * \param[in] data the amount to add to the current serial number. + */ +uint32_t ldns_soa_serial_increment_by(uint32_t s, void *data); + +/** + * Function to be used with ldns_rr_soa_increment_func or + * ldns_rr_soa_increment_func_int to set the soa serial to the number of + * seconds since unix epoch (1-1-1970 00:00). + * When data is given (i.e. the function is called via + * ldns_rr_soa_increment_func_int), it is used as the current time. + * When the resulting serial number is smaller than the current serial number, + * the current serial number is increased by one. + * \param[in] s the current serial number. + * \param[in] data the time in seconds since 1-1-1970 00:00 + */ +uint32_t ldns_soa_serial_unixtime(uint32_t s, void *data); + +/** + * Function to be used with ldns_rr_soa_increment_func or + * ldns_rr_soa_increment_func_int to set the soa serial to the current date + * succeeded by a two digit iteration (datecounter). + * When data is given (i.e. the function is called via + * ldns_rr_soa_increment_func_int), it is used as the current time. + * When the resulting serial number is smaller than the current serial number, + * the current serial number is increased by one. + * \param[in] s the current serial number. + * \param[in] data the time in seconds since 1-1-1970 00:00 + */ +uint32_t ldns_soa_serial_datecounter(uint32_t s, void *data); + +/** + * Increment the serial number of the given SOA by one. + * \param[in] soa The soa rr to be incremented + */ +void ldns_rr_soa_increment( + ldns_rr *soa); + +/** + * Increment the serial number of the given SOA with the given function. + * Included functions to be used here are: ldns_rr_soa_increment, + * ldns_soa_serial_unixtime and ldns_soa_serial_datecounter. + * \param[in] soa The soa rr to be incremented + * \param[in] f the function to use to increment the soa rr. + */ +void ldns_rr_soa_increment_func( + ldns_rr *soa, ldns_soa_serial_increment_func_t f); + +/** + * Increment the serial number of the given SOA with the given function + * passing it the given data argument. + * \param[in] soa The soa rr to be incremented + * \param[in] f the function to use to increment the soa rr. + * \param[in] data this argument will be passed to f as the second argument. + */ +void ldns_rr_soa_increment_func_data( + ldns_rr *soa, ldns_soa_serial_increment_func_t f, void *data); + +/** + * Increment the serial number of the given SOA with the given function + * using data as an argument for the function. + * Included functions to be used here are: ldns_soa_serial_identity, + * ldns_rr_soa_increment_by, ldns_soa_serial_unixtime and + * ldns_soa_serial_datecounter. + * \param[in] soa The soa rr to be incremented + * \param[in] f the function to use to increment the soa rr. + * \param[in] data this argument will be passed to f as the second argument + * (by casting it to void*). + */ +void ldns_rr_soa_increment_func_int( + ldns_rr *soa, ldns_soa_serial_increment_func_t f, int data); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_RR_FUNCTIONS_H */ diff --git a/ldns/include/ldns/sha1.h b/ldns/include/ldns/sha1.h new file mode 100644 index 0000000..d5b1082 --- /dev/null +++ b/ldns/include/ldns/sha1.h @@ -0,0 +1,38 @@ +#ifndef LDNS_SHA1_H +#define LDNS_SHA1_H + +#ifdef __cplusplus +extern "C" { +#endif + +#define LDNS_SHA1_BLOCK_LENGTH 64 +#define LDNS_SHA1_DIGEST_LENGTH 20 + +typedef struct { + uint32_t state[5]; + uint64_t count; + unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]; +} ldns_sha1_ctx; + +void ldns_sha1_init(ldns_sha1_ctx * context); +void ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]); +void ldns_sha1_update(ldns_sha1_ctx *context, const unsigned char *data, unsigned int len); +void ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context); + +/** + * Convenience function to digest a fixed block of data at once. + * + * \param[in] data the data to digest + * \param[in] data_len the length of data in bytes + * \param[out] digest the length of data in bytes + * This pointer MUST have LDNS_SHA1_DIGEST_LENGTH bytes + * available + * \return the SHA1 digest of the given data + */ +unsigned char *ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_SHA1_H */ diff --git a/ldns/include/ldns/sha2.h b/ldns/include/ldns/sha2.h new file mode 100644 index 0000000..238767a --- /dev/null +++ b/ldns/include/ldns/sha2.h @@ -0,0 +1,149 @@ +/* + * FILE: sha2.h + * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/ + * + * Copyright (c) 2000-2001, Aaron D. Gifford + * All rights reserved. + * + * Modified by Jelte Jansen to fit in ldns, and not clash with any + * system-defined SHA code. + * Changes: + * - Renamed (external) functions and constants to fit ldns style + * - Removed uintXX vs. u_intXX smartness, since ldns needs uintXX + * anyway + * - BYTE ORDER check replaced by simple ifdef as defined or not by + * configure.ac + * - Removed _End and _Data functions + * - Added ldns_shaX(data, len, digest) functions + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $ + */ + +#ifndef __LDNS_SHA2_H__ +#define __LDNS_SHA2_H__ + +#ifdef __cplusplus +extern "C" { +#endif + + +/* + * Import u_intXX_t size_t type definitions from system headers. You + * may need to change this, or define these things yourself in this + * file. + */ +#include + +#if LDNS_BUILD_CONFIG_HAVE_INTTYPES_H + +#include + +#endif /* LDNS_BUILD_CONFIG_HAVE_INTTYPES_H */ + + +/*** SHA-256/384/512 Various Length Definitions ***********************/ +#define LDNS_SHA256_BLOCK_LENGTH 64 +#define LDNS_SHA256_DIGEST_LENGTH 32 +#define LDNS_SHA256_DIGEST_STRING_LENGTH (LDNS_SHA256_DIGEST_LENGTH * 2 + 1) +#define LDNS_SHA384_BLOCK_LENGTH 128 +#define LDNS_SHA384_DIGEST_LENGTH 48 +#define LDNS_SHA384_DIGEST_STRING_LENGTH (LDNS_SHA384_DIGEST_LENGTH * 2 + 1) +#define LDNS_SHA512_BLOCK_LENGTH 128 +#define LDNS_SHA512_DIGEST_LENGTH 64 +#define LDNS_SHA512_DIGEST_STRING_LENGTH (LDNS_SHA512_DIGEST_LENGTH * 2 + 1) + + +/*** SHA-256/384/512 Context Structures *******************************/ + +typedef struct _ldns_sha256_CTX { + uint32_t state[8]; + uint64_t bitcount; + uint8_t buffer[LDNS_SHA256_BLOCK_LENGTH]; +} ldns_sha256_CTX; +typedef struct _ldns_sha512_CTX { + uint64_t state[8]; + uint64_t bitcount[2]; + uint8_t buffer[LDNS_SHA512_BLOCK_LENGTH]; +} ldns_sha512_CTX; + +typedef ldns_sha512_CTX ldns_sha384_CTX; + + +/*** SHA-256/384/512 Function Prototypes ******************************/ +void ldns_sha256_init(ldns_sha256_CTX *); +void ldns_sha256_update(ldns_sha256_CTX*, const uint8_t*, size_t); +void ldns_sha256_final(uint8_t[LDNS_SHA256_DIGEST_LENGTH], ldns_sha256_CTX*); + +void ldns_sha384_init(ldns_sha384_CTX*); +void ldns_sha384_update(ldns_sha384_CTX*, const uint8_t*, size_t); +void ldns_sha384_final(uint8_t[LDNS_SHA384_DIGEST_LENGTH], ldns_sha384_CTX*); + +void ldns_sha512_init(ldns_sha512_CTX*); +void ldns_sha512_update(ldns_sha512_CTX*, const uint8_t*, size_t); +void ldns_sha512_final(uint8_t[LDNS_SHA512_DIGEST_LENGTH], ldns_sha512_CTX*); + +/** + * Convenience function to digest a fixed block of data at once. + * + * \param[in] data the data to digest + * \param[in] data_len the length of data in bytes + * \param[out] digest the length of data in bytes + * This pointer MUST have LDNS_SHA256_DIGEST_LENGTH bytes + * available + * \return the SHA1 digest of the given data + */ +unsigned char *ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest); + +/** + * Convenience function to digest a fixed block of data at once. + * + * \param[in] data the data to digest + * \param[in] data_len the length of data in bytes + * \param[out] digest the length of data in bytes + * This pointer MUST have LDNS_SHA384_DIGEST_LENGTH bytes + * available + * \return the SHA1 digest of the given data + */ +unsigned char *ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest); + +/** + * Convenience function to digest a fixed block of data at once. + * + * \param[in] data the data to digest + * \param[in] data_len the length of data in bytes + * \param[out] digest the length of data in bytes + * This pointer MUST have LDNS_SHA512_DIGEST_LENGTH bytes + * available + * \return the SHA1 digest of the given data + */ +unsigned char *ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest); + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __LDNS_SHA2_H__ */ diff --git a/ldns/include/ldns/str2host.h b/ldns/include/ldns/str2host.h new file mode 100644 index 0000000..d639970 --- /dev/null +++ b/ldns/include/ldns/str2host.h @@ -0,0 +1,319 @@ +/** + * str2host.h - conversion from str to the host fmt + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +#ifndef LDNS_2HOST_H +#define LDNS_2HOST_H + +#include +#include +#include +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \file + * + * Defines functions to convert dns data in presentation format or text files + * to internal structures. + */ + +/** + * convert a byte into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] bytestr the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr); + +/** + * convert a string to a int16 in wireformat + * \param[in] rd the rdf where to put the data + * \param[in] shortstr the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_int16(ldns_rdf **rd, const char *shortstr); + +/** + * convert a strings into a 4 byte int in wireformat + * \param[in] rd the rdf where to put the data + * \param[in] longstr the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr); + +/** + * convert a time string to a time value in wireformat + * \param[in] rd the rdf where to put the data + * \param[in] time the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_time(ldns_rdf **rd, const char *time); + +/* convert string with NSEC3 salt to wireformat) + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * return ldns_status + */ +ldns_status ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *nsec3_salt); + +/* convert a time period (think TTL's) to wireformat) + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * return ldns_status + */ +ldns_status ldns_str2rdf_period(ldns_rdf **rd, const char *str); + +/** + * convert str with an A record into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_a(ldns_rdf **rd, const char *str); + +/** + * convert the str with an AAAA record into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_aaaa(ldns_rdf **rd, const char *str); + +/** + * convert a string into wireformat (think txt record) + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted (NULL terminated) + * \return ldns_status + */ +ldns_status ldns_str2rdf_str(ldns_rdf **rd, const char *str); + +/** + * convert str with the apl record into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_apl(ldns_rdf **rd, const char *str); + +/** + * convert the string with the b64 data into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_b64(ldns_rdf **rd, const char *str); + +/** + * convert the string with the b32 ext hex data into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str); + +/** + * convert a hex value into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_hex(ldns_rdf **rd, const char *str); + +/** + * convert string with nsec into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_nsec(ldns_rdf **rd, const char *str); + +/** + * convert a rrtype into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_type(ldns_rdf **rd, const char *str); + +/** + * convert string with a classname into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_class(ldns_rdf **rd, const char *str); + +/** + * convert an certificate algorithm value into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_cert_alg(ldns_rdf **rd, const char *str); + +/** + * convert an algorithm value into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_alg(ldns_rdf **rd, const char *str); + +/** + * convert a tlsa certificate usage value into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_certificate_usage(ldns_rdf **rd, const char *str); + +/** + * convert a tlsa selector value into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_selector(ldns_rdf **rd, const char *str); + +/** + * convert a tlsa matching type value into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_matching_type(ldns_rdf **rd, const char *str); + +/** + * convert a string with a unknown RR into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_unknown(ldns_rdf **rd, const char *str); + +/** + * convert string with a protocol service into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_service(ldns_rdf **rd, const char *str); + +/** + * convert a string with a LOC RR into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_loc(ldns_rdf **rd, const char *str); + +/** + * convert string with a WKS RR into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_wks(ldns_rdf **rd, const char *str); + +/** + * convert a str with a NSAP RR into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_nsap(ldns_rdf **rd, const char *str); + +/** + * convert a str with a ATMA RR into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_atma(ldns_rdf **rd, const char *str); + +/** + * convert a str with a IPSECKEY RR into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_ipseckey(ldns_rdf **rd, const char *str); + +/** + * convert a dname string into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_dname(ldns_rdf **rd, const char *str); + +/** + * convert 4 * 16bit hex separated by colons into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_ilnp64(ldns_rdf **rd, const char *str); + +/** + * convert 6 hex bytes separated by dashes into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_eui48(ldns_rdf **rd, const char *str); + +/** + * convert 8 hex bytes separated by dashes into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_eui64(ldns_rdf **rd, const char *str); + +/** + * Convert a non-zero sequence of US-ASCII letters and numbers into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_tag(ldns_rdf **rd, const char *str); + +/** + * Convert a encoding of the value field as specified + * [RFC1035], Section 5.1., encoded as one bug chunk of data. + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_long_str(ldns_rdf **rd, const char *str); + +/** + * Convert a " " encoding of the value field as specified + * in Section 6. of [RFC5205], encoded as wireformat as specified in Section 5. + * of [RFC5205]. + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_hip(ldns_rdf **rd, const char *str); + + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_2HOST_H */ diff --git a/ldns/include/ldns/tsig.h b/ldns/include/ldns/tsig.h new file mode 100644 index 0000000..676045f --- /dev/null +++ b/ldns/include/ldns/tsig.h @@ -0,0 +1,101 @@ +/* + * tsig.h -- defines for TSIG [RFC2845] + * + * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + */ + +#ifndef LDNS_TSIG_H +#define LDNS_TSIG_H + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * \file + * + * Defines functions for TSIG usage + */ + + +/** + * Contains credentials for TSIG +*/ +typedef struct ldns_tsig_credentials_struct +{ + char *algorithm; + char *keyname; + char *keydata; + /* XXX More eventually. */ +} ldns_tsig_credentials; + +char *ldns_tsig_algorithm(ldns_tsig_credentials *); +char *ldns_tsig_keyname(ldns_tsig_credentials *); +char *ldns_tsig_keydata(ldns_tsig_credentials *); +char *ldns_tsig_keyname_clone(ldns_tsig_credentials *); +char *ldns_tsig_keydata_clone(ldns_tsig_credentials *); + +/** + * verifies the tsig rr for the given packet and key. + * The wire must be given too because tsig does not sign normalized packets. + * \param[in] pkt the packet to verify + * \param[in] wire needed to verify the mac + * \param[in] wire_size size of wire + * \param[in] key_name the name of the shared key + * \param[in] key_data the key in base 64 format + * \param[in] mac original mac + * \return true if tsig is correct, false if not, or if tsig is not set + */ +bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac); + +/** + * verifies the tsig rr for the given packet and key. + * The wire must be given too because tsig does not sign normalized packets. + * \param[in] pkt the packet to verify + * \param[in] wire needed to verify the mac + * \param[in] wire_size size of wire + * \param[in] key_name the name of the shared key + * \param[in] key_data the key in base 64 format + * \param[in] mac original mac + * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest + components are used to verify the _mac. If non-zero, only the TSIG timers are used to verify the mac. + * \return true if tsig is correct, false if not, or if tsig is not set + */ +bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac, + int tsig_timers_only); + +/** + * creates a tsig rr for the given packet and key. + * \param[in] pkt the packet to sign + * \param[in] key_name the name of the shared key + * \param[in] key_data the key in base 64 format + * \param[in] fudge seconds of error permitted in time signed + * \param[in] algorithm_name the name of the algorithm used + * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers) + * \return status (OK if success) + */ +ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, + const char *algorithm_name, ldns_rdf *query_mac); + +/** + * creates a tsig rr for the given packet and key. + * \param[in] pkt the packet to sign + * \param[in] key_name the name of the shared key + * \param[in] key_data the key in base 64 format + * \param[in] fudge seconds of error permitted in time signed + * \param[in] algorithm_name the name of the algorithm used + * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers) + * \param[in] tsig_timers_only must be zero for the first packet and positive for subsequent packets. If zero, all digest + components are used to create the query_mac. If non-zero, only the TSIG timers are used to create the query_mac. + * \return status (OK if success) + */ +ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, + const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_TSIG_H */ diff --git a/ldns/include/ldns/update.h b/ldns/include/ldns/update.h new file mode 100644 index 0000000..d3459d3 --- /dev/null +++ b/ldns/include/ldns/update.h @@ -0,0 +1,115 @@ +/* + * update.h + * + * Functions for RFC 2136 Dynamic Update + * + * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + */ + +/** + * \file + * + * Defines functions to perform UPDATE queries + */ + + +#ifndef LDNS_UPDATE_H +#define LDNS_UPDATE_H + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * create an update packet from zone name, class and the rr lists + * \param[in] zone_rdf name of the zone + * \param[in] clas zone class + * \param[in] pr_rrlist list of Prerequisite Section RRs + * \param[in] up_rrlist list of Updates Section RRs + * \param[in] ad_rrlist list of Additional Data Section RRs (currently unused) + * \return the new packet + */ +ldns_pkt *ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class clas, ldns_rr_list *pr_rrlist, ldns_rr_list *up_rrlist, ldns_rr_list *ad_rrlist); + +/** + * add tsig credentials to + * a packet from a resolver + * \param[in] p packet to copy to + * \param[in] r resolver to copy from + * + * \return status wether successfull or not + */ +ldns_status ldns_update_pkt_tsig_add(ldns_pkt *p, ldns_resolver *r); + +/* access functions */ + +/** + * Get the zo count + * \param[in] p the packet + * \return the zo count + */ +uint16_t ldns_update_zocount(const ldns_pkt *p); +/** + * Get the zo count + * \param[in] p the packet + * \return the pr count + */ +uint16_t ldns_update_prcount(const ldns_pkt *p); +/** + * Get the zo count + * \param[in] p the packet + * \return the up count + */ +uint16_t ldns_update_upcount(const ldns_pkt *p); +/** + * Get the zo count + * \param[in] p the packet + * \return the ad count + */ +uint16_t ldns_update_ad(const ldns_pkt *p); +/** + * Set the zo count + * \param[in] p the packet + * \param[in] c the zo count to set + */ +void ldns_update_set_zo(ldns_pkt *p, uint16_t c); +/** + * Set the pr count + * \param[in] p the packet + * \param[in] c the pr count to set + */ +void ldns_update_set_prcount(ldns_pkt *p, uint16_t c); +/** + * Set the up count + * \param[in] p the packet + * \param[in] c the up count to set + */ +void ldns_update_set_upcount(ldns_pkt *p, uint16_t c); +/** + * Set the ad count + * \param[in] p the packet + * \param[in] c the ad count to set + */ +void ldns_update_set_adcount(ldns_pkt *p, uint16_t c); + +/* soa functions that need to be configured */ +/* + * Not sure if we want to keep these like this, therefore + * not documented + */ +ldns_status ldns_update_soa_mname(ldns_rdf *zone, ldns_resolver *r, ldns_rr_class c, ldns_rdf **mname); +/* + * Not sure if we want to keep these like this, therefore + * not documented + */ +ldns_status ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r, ldns_rr_class c, ldns_rdf **zone_rdf, ldns_rdf **mname_rdf); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_UPDATE_H */ diff --git a/ldns/include/ldns/util.h b/ldns/include/ldns/util.h new file mode 100644 index 0000000..86848eb --- /dev/null +++ b/ldns/include/ldns/util.h @@ -0,0 +1,392 @@ +/* + * util.h + * + * helper function header file + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004 + * + * See the file LICENSE for the license + */ + +#ifndef _UTIL_H +#define _UTIL_H + +#include "EXTERN.h" +#include "perl.h" +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define dprintf(X,Y) fprintf(stderr, (X), (Y)) +/* #define dprintf(X, Y) */ + +#define LDNS_VERSION "1.6.18" +#define LDNS_REVISION ((1<<16)|(6<<8)|(18)) + +/** + * splint static inline workaround + */ +#ifdef S_SPLINT_S +# define INLINE +#else +# ifdef SWIG +# define INLINE static +# else +# define INLINE static inline +# endif +#endif + +/** + * Memory management macros + */ +#define LDNS_MALLOC(type) LDNS_XMALLOC(type, 1) + +#define LDNS_XMALLOC(type, count) ((type *) malloc((count) * sizeof(type))) + +#define LDNS_CALLOC(type, count) ((type *) calloc((count), sizeof(type))) + +#define LDNS_REALLOC(ptr, type) LDNS_XREALLOC((ptr), type, 1) + +#define LDNS_XREALLOC(ptr, type, count) \ + ((type *) realloc((ptr), (count) * sizeof(type))) + +#define LDNS_FREE(ptr) \ + do { free((ptr)); (ptr) = NULL; } while (0) + +#define LDNS_DEP printf("DEPRECATED FUNCTION!\n"); + +/* + * Copy data allowing for unaligned accesses in network byte order + * (big endian). + */ +INLINE uint16_t +ldns_read_uint16(const void *src) +{ +#ifdef ALLOW_UNALIGNED_ACCESSES + return ntohs(*(const uint16_t *) src); +#else + const uint8_t *p = (const uint8_t *) src; + return ((uint16_t) p[0] << 8) | (uint16_t) p[1]; +#endif +} + +INLINE uint32_t +ldns_read_uint32(const void *src) +{ +#ifdef ALLOW_UNALIGNED_ACCESSES + return ntohl(*(const uint32_t *) src); +#else + const uint8_t *p = (const uint8_t *) src; + return ( ((uint32_t) p[0] << 24) + | ((uint32_t) p[1] << 16) + | ((uint32_t) p[2] << 8) + | (uint32_t) p[3]); +#endif +} + +/* + * Copy data allowing for unaligned accesses in network byte order + * (big endian). + */ +INLINE void +ldns_write_uint16(void *dst, uint16_t data) +{ +#ifdef ALLOW_UNALIGNED_ACCESSES + * (uint16_t *) dst = htons(data); +#else + uint8_t *p = (uint8_t *) dst; + p[0] = (uint8_t) ((data >> 8) & 0xff); + p[1] = (uint8_t) (data & 0xff); +#endif +} + +INLINE void +ldns_write_uint32(void *dst, uint32_t data) +{ +#ifdef ALLOW_UNALIGNED_ACCESSES + * (uint32_t *) dst = htonl(data); +#else + uint8_t *p = (uint8_t *) dst; + p[0] = (uint8_t) ((data >> 24) & 0xff); + p[1] = (uint8_t) ((data >> 16) & 0xff); + p[2] = (uint8_t) ((data >> 8) & 0xff); + p[3] = (uint8_t) (data & 0xff); +#endif +} + +/* warning. */ +INLINE void +ldns_write_uint64_as_uint48(void *dst, uint64_t data) +{ + uint8_t *p = (uint8_t *) dst; + p[0] = (uint8_t) ((data >> 40) & 0xff); + p[1] = (uint8_t) ((data >> 32) & 0xff); + p[2] = (uint8_t) ((data >> 24) & 0xff); + p[3] = (uint8_t) ((data >> 16) & 0xff); + p[4] = (uint8_t) ((data >> 8) & 0xff); + p[5] = (uint8_t) (data & 0xff); +} + + +/** + * Structure to do a Schwartzian-like transformation, for instance when + * sorting. If you need a transformation on the objects that are sorted, + * you can sue this to store the transformed values, so you do not + * need to do the transformation again for each comparison + */ +struct ldns_schwartzian_compare_struct { + void *original_object; + void *transformed_object; +}; + +/** A general purpose lookup table + * + * Lookup tables are arrays of (id, name) pairs, + * So you can for instance lookup the RCODE 3, which is "NXDOMAIN", + * and vice versa. The lookup tables themselves are defined wherever needed, + * for instance in \ref host2str.c + */ +struct ldns_struct_lookup_table { + int id; + const char *name; +}; +typedef struct ldns_struct_lookup_table ldns_lookup_table; + +/** + * Looks up the table entry by name, returns NULL if not found. + * \param[in] table the lookup table to search in + * \param[in] name what to search for + * \return the item found + */ +ldns_lookup_table *ldns_lookup_by_name(ldns_lookup_table table[], + const char *name); + +/** + * Looks up the table entry by id, returns NULL if not found. + * \param[in] table the lookup table to search in + * \param[in] id what to search for + * \return the item found + */ +ldns_lookup_table *ldns_lookup_by_id(ldns_lookup_table table[], int id); + +/** + * Returns the value of the specified bit + * The bits are counted from left to right, so bit #0 is the + * left most bit. + * \param[in] bits array holding the bits + * \param[in] index to the wanted bit + * \return + */ +int ldns_get_bit(uint8_t bits[], size_t index); + + +/** + * Returns the value of the specified bit + * The bits are counted from right to left, so bit #0 is the + * right most bit. + * \param[in] bits array holding the bits + * \param[in] index to the wanted bit + * \return 1 or 0 depending no the bit state + */ +int ldns_get_bit_r(uint8_t bits[], size_t index); + +/** + * sets the specified bit in the specified byte to + * 1 if value is true, 0 if false + * The bits are counted from right to left, so bit #0 is the + * right most bit. + * \param[in] byte the bit to set the bit in + * \param[in] bit_nr the bit to set (0 <= n <= 7) + * \param[in] value whether to set the bit to 1 or 0 + * \return 1 or 0 depending no the bit state + */ +void ldns_set_bit(uint8_t *byte, int bit_nr, bool value); + +/** + * Returns the value of a to the power of b + * (or 1 of b < 1) + */ +/*@unused@*/ +INLINE long +ldns_power(long a, long b) { + long result = 1; + while (b > 0) { + if (b & 1) { + result *= a; + if (b == 1) { + return result; + } + } + a *= a; + b /= 2; + } + return result; +} + +/** + * Returns the int value of the given (hex) digit + * \param[in] ch the hex char to convert + * \return the converted decimal value + */ +int ldns_hexdigit_to_int(char ch); + +/** + * Returns the char (hex) representation of the given int + * \param[in] ch the int to convert + * \return the converted hex char + */ +char ldns_int_to_hexdigit(int ch); + +/** + * Converts a hex string to binary data + * + * \param[out] data The binary result is placed here. + * At least strlen(str)/2 bytes should be allocated + * \param[in] str The hex string to convert. + * This string should not contain spaces + * \return The number of bytes of converted data, or -1 if one of the arguments * is NULL, or -2 if the string length is not an even number + */ +int +ldns_hexstring_to_data(uint8_t *data, const char *str); + +/** + * Show the internal library version + * \return a string with the version in it + */ +const char * ldns_version(void); + +/** + * Convert TM to seconds since epoch (midnight, January 1st, 1970). + * Like timegm(3), which is not always available. + * \param[in] tm a struct tm* with the date + * \return the seconds since epoch + */ +time_t ldns_mktime_from_utc(const struct tm *tm); + +time_t mktime_from_utc(const struct tm *tm); + +/** + * The function interprets time as the number of seconds since epoch + * with respect to now using serial arithmitics (rfc1982). + * That number of seconds is then converted to broken-out time information. + * This is especially usefull when converting the inception and expiration + * fields of RRSIG records. + * + * \param[in] time number of seconds since epoch (midnight, January 1st, 1970) + * to be intepreted as a serial arithmitics number relative to now. + * \param[in] now number of seconds since epoch (midnight, January 1st, 1970) + * to which the time value is compared to determine the final value. + * \param[out] result the struct with the broken-out time information + * \return result on success or NULL on error + */ +struct tm * ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result); + +/** + * Seed the random function. + * If the file descriptor is specified, the random generator is seeded with + * data from that file. If not, /dev/urandom is used. + * + * applications should call this if they need entropy data within ldns + * If openSSL is available, it is automatically seeded from /dev/urandom + * or /dev/random. + * + * If you need more entropy, or have no openssl available, this function + * MUST be called at the start of the program + * + * If openssl *is* available, this function just adds more entropy + * + * \param[in] fd a file providing entropy data for the seed + * \param[in] size the number of bytes to use as entropy data. If this is 0, + * only the minimal amount is taken (usually 4 bytes) + * \return 0 if seeding succeeds, 1 if it fails + */ +int ldns_init_random(FILE *fd, unsigned int size); + +/** + * Get random number. + * \return random number. + * + */ +uint16_t ldns_get_random(void); + +/** + * Encode data as BubbleBabble + * + * \param[in] data a pointer to data to be encoded + * \param[in] len size the number of bytes of data + * \return a string of BubbleBabble + */ +char *ldns_bubblebabble(uint8_t *data, size_t len); + + +INLINE time_t ldns_time(time_t *t) { return time(t); } + + +/** + * calculates the size needed to store the result of b32_ntop + */ +/*@unused@*/ +INLINE size_t ldns_b32_ntop_calculate_size(size_t src_data_length) +{ + return src_data_length == 0 ? 0 : ((src_data_length - 1) / 5 + 1) * 8; +} + +INLINE size_t ldns_b32_ntop_calculate_size_no_padding(size_t src_data_length) +{ + return ((src_data_length + 3) * 8 / 5) - 4; +} + +int ldns_b32_ntop(const uint8_t* src_data, size_t src_data_length, + char* target_text_buffer, size_t target_text_buffer_size); + +int ldns_b32_ntop_extended_hex(const uint8_t* src_data, size_t src_data_length, + char* target_text_buffer, size_t target_text_buffer_size); + +#if ! LDNS_BUILD_CONFIG_HAVE_B32_NTOP + +int b32_ntop(const uint8_t* src_data, size_t src_data_length, + char* target_text_buffer, size_t target_text_buffer_size); + +int b32_ntop_extended_hex(const uint8_t* src_data, size_t src_data_length, + char* target_text_buffer, size_t target_text_buffer_size); + +#endif /* ! LDNS_BUILD_CONFIG_HAVE_B32_NTOP */ + + +/** + * calculates the size needed to store the result of b32_pton + */ +/*@unused@*/ +INLINE size_t ldns_b32_pton_calculate_size(size_t src_text_length) +{ + return src_text_length * 5 / 8; +} + +int ldns_b32_pton(const char* src_text, size_t src_text_length, + uint8_t* target_data_buffer, size_t target_data_buffer_size); + +int ldns_b32_pton_extended_hex(const char* src_text, size_t src_text_length, + uint8_t* target_data_buffer, size_t target_data_buffer_size); + +#if ! LDNS_BUILD_CONFIG_HAVE_B32_PTON + +int b32_pton(const char* src_text, size_t src_text_length, + uint8_t* target_data_buffer, size_t target_data_buffer_size); + +int b32_pton_extended_hex(const char* src_text, size_t src_text_length, + uint8_t* target_data_buffer, size_t target_data_buffer_size); + +#endif /* ! LDNS_BUILD_CONFIG_HAVE_B32_PTON */ + + +#ifdef __cplusplus +} +#endif + +#endif /* !_UTIL_H */ diff --git a/ldns/include/ldns/wire2host.h b/ldns/include/ldns/wire2host.h new file mode 100644 index 0000000..53155b3 --- /dev/null +++ b/ldns/include/ldns/wire2host.h @@ -0,0 +1,197 @@ +/* + * wire2host.h - from wire conversion routines + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Contains functions that translate dns data from the wire format (as sent + * by servers and clients) to the internal structures. + */ + +#ifndef LDNS_WIRE2HOST_H +#define LDNS_WIRE2HOST_H + +#include +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* The length of the header */ +#define LDNS_HEADER_SIZE 12 + +/* First octet of flags */ +#define LDNS_RD_MASK 0x01U +#define LDNS_RD_SHIFT 0 +#define LDNS_RD_WIRE(wirebuf) (*(wirebuf+2) & LDNS_RD_MASK) +#define LDNS_RD_SET(wirebuf) (*(wirebuf+2) |= LDNS_RD_MASK) +#define LDNS_RD_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_RD_MASK) + +#define LDNS_TC_MASK 0x02U +#define LDNS_TC_SHIFT 1 +#define LDNS_TC_WIRE(wirebuf) (*(wirebuf+2) & LDNS_TC_MASK) +#define LDNS_TC_SET(wirebuf) (*(wirebuf+2) |= LDNS_TC_MASK) +#define LDNS_TC_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_TC_MASK) + +#define LDNS_AA_MASK 0x04U +#define LDNS_AA_SHIFT 2 +#define LDNS_AA_WIRE(wirebuf) (*(wirebuf+2) & LDNS_AA_MASK) +#define LDNS_AA_SET(wirebuf) (*(wirebuf+2) |= LDNS_AA_MASK) +#define LDNS_AA_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_AA_MASK) + +#define LDNS_OPCODE_MASK 0x78U +#define LDNS_OPCODE_SHIFT 3 +#define LDNS_OPCODE_WIRE(wirebuf) ((*(wirebuf+2) & LDNS_OPCODE_MASK) >> LDNS_OPCODE_SHIFT) +#define LDNS_OPCODE_SET(wirebuf, opcode) \ + (*(wirebuf+2) = ((*(wirebuf+2)) & ~LDNS_OPCODE_MASK) | ((opcode) << LDNS_OPCODE_SHIFT)) + +#define LDNS_QR_MASK 0x80U +#define LDNS_QR_SHIFT 7 +#define LDNS_QR_WIRE(wirebuf) (*(wirebuf+2) & LDNS_QR_MASK) +#define LDNS_QR_SET(wirebuf) (*(wirebuf+2) |= LDNS_QR_MASK) +#define LDNS_QR_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_QR_MASK) + +/* Second octet of flags */ +#define LDNS_RCODE_MASK 0x0fU +#define LDNS_RCODE_SHIFT 0 +#define LDNS_RCODE_WIRE(wirebuf) (*(wirebuf+3) & LDNS_RCODE_MASK) +#define LDNS_RCODE_SET(wirebuf, rcode) \ + (*(wirebuf+3) = ((*(wirebuf+3)) & ~LDNS_RCODE_MASK) | (rcode)) + +#define LDNS_CD_MASK 0x10U +#define LDNS_CD_SHIFT 4 +#define LDNS_CD_WIRE(wirebuf) (*(wirebuf+3) & LDNS_CD_MASK) +#define LDNS_CD_SET(wirebuf) (*(wirebuf+3) |= LDNS_CD_MASK) +#define LDNS_CD_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_CD_MASK) + +#define LDNS_AD_MASK 0x20U +#define LDNS_AD_SHIFT 5 +#define LDNS_AD_WIRE(wirebuf) (*(wirebuf+3) & LDNS_AD_MASK) +#define LDNS_AD_SET(wirebuf) (*(wirebuf+3) |= LDNS_AD_MASK) +#define LDNS_AD_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_AD_MASK) + +#define LDNS_Z_MASK 0x40U +#define LDNS_Z_SHIFT 6 +#define LDNS_Z_WIRE(wirebuf) (*(wirebuf+3) & LDNS_Z_MASK) +#define LDNS_Z_SET(wirebuf) (*(wirebuf+3) |= LDNS_Z_MASK) +#define LDNS_Z_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_Z_MASK) + +#define LDNS_RA_MASK 0x80U +#define LDNS_RA_SHIFT 7 +#define LDNS_RA_WIRE(wirebuf) (*(wirebuf+3) & LDNS_RA_MASK) +#define LDNS_RA_SET(wirebuf) (*(wirebuf+3) |= LDNS_RA_MASK) +#define LDNS_RA_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_RA_MASK) + +/* Query ID */ +#define LDNS_ID_WIRE(wirebuf) (ldns_read_uint16(wirebuf)) +#define LDNS_ID_SET(wirebuf, id) (ldns_write_uint16(wirebuf, id)) + +/* Counter of the question section */ +#define LDNS_QDCOUNT_OFF 4 +/* +#define QDCOUNT(wirebuf) (ntohs(*(uint16_t *)(wirebuf+QDCOUNT_OFF))) +*/ +#define LDNS_QDCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_QDCOUNT_OFF)) + +/* Counter of the answer section */ +#define LDNS_ANCOUNT_OFF 6 +#define LDNS_ANCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_ANCOUNT_OFF)) + +/* Counter of the authority section */ +#define LDNS_NSCOUNT_OFF 8 +#define LDNS_NSCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_NSCOUNT_OFF)) + +/* Counter of the additional section */ +#define LDNS_ARCOUNT_OFF 10 +#define LDNS_ARCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_ARCOUNT_OFF)) + +/** + * converts the data on the uint8_t bytearray (in wire format) to a DNS packet. + * This function will initialize and allocate memory space for the packet + * structure. + * + * \param[in] packet pointer to the structure to hold the packet + * \param[in] data pointer to the buffer with the data + * \param[in] len the length of the data buffer (in bytes) + * \return LDNS_STATUS_OK if everything succeeds, error otherwise + */ +ldns_status ldns_wire2pkt(ldns_pkt **packet, const uint8_t *data, size_t len); + +/** + * converts the data on the uint8_t bytearray (in wire format) to a DNS packet. + * This function will initialize and allocate memory space for the packet + * structure. + * + * \param[in] packet pointer to the structure to hold the packet + * \param[in] buffer the buffer with the data + * \return LDNS_STATUS_OK if everything succeeds, error otherwise + */ +ldns_status ldns_buffer2pkt_wire(ldns_pkt **packet, ldns_buffer *buffer); + +/** + * converts the data on the uint8_t bytearray (in wire format) to a DNS + * dname rdata field. This function will initialize and allocate memory + * space for the dname structure. The length of the wiredata of this rdf + * is added to the *pos value. + * + * \param[in] dname pointer to the structure to hold the rdata value + * \param[in] wire pointer to the buffer with the data + * \param[in] max the length of the data buffer (in bytes) + * \param[in] pos the position of the rdf in the buffer (ie. the number of bytes + * from the start of the buffer) + * \return LDNS_STATUS_OK if everything succeeds, error otherwise + */ +ldns_status ldns_wire2dname(ldns_rdf **dname, const uint8_t *wire, size_t max, size_t *pos); + +/** + * converts the data on the uint8_t bytearray (in wire format) to DNS + * rdata fields, and adds them to the list of rdfs of the given rr. + * This function will initialize and allocate memory space for the dname + * structures. + * The length of the wiredata of these rdfs is added to the *pos value. + * + * All rdfs belonging to the RR are read; the rr should have no rdfs + * yet. An error is returned if the format cannot be parsed. + * + * \param[in] rr pointer to the ldns_rr structure to hold the rdata value + * \param[in] wire pointer to the buffer with the data + * \param[in] max the length of the data buffer (in bytes) + * \param[in] pos the position of the rdf in the buffer (ie. the number of bytes + * from the start of the buffer) + * \return LDNS_STATUS_OK if everything succeeds, error otherwise + */ +ldns_status ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos); + +/** + * converts the data on the uint8_t bytearray (in wire format) to a DNS + * resource record. + * This function will initialize and allocate memory space for the rr + * structure. + * The length of the wiredata of this rr is added to the *pos value. + * + * \param[in] rr pointer to the structure to hold the rdata value + * \param[in] wire pointer to the buffer with the data + * \param[in] max the length of the data buffer (in bytes) + * \param[in] pos the position of the rr in the buffer (ie. the number of bytes + * from the start of the buffer) + * \param[in] section the section in the packet the rr is meant for + * \return LDNS_STATUS_OK if everything succeeds, error otherwise + */ +ldns_status ldns_wire2rr(ldns_rr **rr, const uint8_t *wire, size_t max, size_t *pos, ldns_pkt_section section); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_WIRE2HOST_H */ diff --git a/ldns/include/ldns/zone.h b/ldns/include/ldns/zone.h new file mode 100644 index 0000000..0d129a0 --- /dev/null +++ b/ldns/include/ldns/zone.h @@ -0,0 +1,176 @@ +/** + * zone.h + * + * zone definitions + * - what is it + * - get_glue function + * - search etc + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Defines the ldns_zone structure and functions to manipulate it. + */ + + +#ifndef LDNS_ZONE_H +#define LDNS_ZONE_H + +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * DNS Zone + * + * A list of RR's with some + * extra information which comes from the SOA RR + * Note: nothing has been done to make this efficient (yet). + */ +struct ldns_struct_zone +{ + /** the soa defines a zone */ + ldns_rr *_soa; + /* basicly a zone is a list of rr's */ + ldns_rr_list *_rrs; + /* we could change this to be a b-tree etc etc todo */ +}; +typedef struct ldns_struct_zone ldns_zone; + +/** + * create a new ldns_zone structure + * \return a pointer to a ldns_zone structure + */ +ldns_zone * ldns_zone_new(void); + +/** + * Return the soa record of a zone + * \param[in] z the zone to read from + * \return the soa record in the zone + */ +ldns_rr * ldns_zone_soa(const ldns_zone *z); + +/** + * Returns the number of resource records in the zone, NOT counting the SOA record + * \param[in] z the zone to read from + * \return the number of rr's in the zone + */ +size_t ldns_zone_rr_count(const ldns_zone *z); + +/** + * Set the zone's soa record + * \param[in] z the zone to put the new soa in + * \param[in] soa the soa to set + */ +void ldns_zone_set_soa(ldns_zone *z, ldns_rr *soa); + +/** + * Get a list of a zone's content. Note that the SOA + * isn't included in this list. You need to get the + * with ldns_zone_soa. + * \param[in] z the zone to read from + * \return the rrs from this zone + */ +ldns_rr_list * ldns_zone_rrs(const ldns_zone *z); + +/** + * Set the zone's contents + * \param[in] z the zone to put the new soa in + * \param[in] rrlist the rrlist to use + */ +void ldns_zone_set_rrs(ldns_zone *z, ldns_rr_list *rrlist); + +/** + * push an rrlist to a zone structure. This function use pointer + * copying, so the rr_list structure inside z is modified! + * \param[in] z the zone to add to + * \param[in] list the list to add + * \return a true on succes otherwise falsed + */ +bool ldns_zone_push_rr_list(ldns_zone *z, ldns_rr_list *list); + +/** + * push an single rr to a zone structure. This function use pointer + * copying, so the rr_list structure inside z is modified! + * \param[in] z the zone to add to + * \param[in] rr the rr to add + * \return a true on succes otherwise falsed + */ +bool ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr); + +/** + * Retrieve all resource records from the zone that are glue + * records. The resulting list does are pointer references + * to the zone's data. + * + * Due to the current zone implementation (as a list of rr's), this + * function is extremely slow. Another (probably better) way to do this + * is to use an ldns_dnssec_zone structure and the + * ldns_dnssec_mark_and_get_glue() function. + * + * \param[in] z the zone to look for glue + * \return the rr_list with the glue + */ +ldns_rr_list *ldns_zone_glue_rr_list(const ldns_zone *z); + +/** + * Create a new zone from a file + * \param[out] z the new zone + * \param[in] *fp the filepointer to use + * \param[in] *origin the zones' origin + * \param[in] ttl default ttl to use + * \param[in] c default class to use (IN) + * + * \return ldns_status mesg with an error or LDNS_STATUS_OK + */ +ldns_status ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c); + +/** + * Create a new zone from a file, keep track of the line numbering + * \param[out] z the new zone + * \param[in] *fp the filepointer to use + * \param[in] *origin the zones' origin + * \param[in] ttl default ttl to use + * \param[in] c default class to use (IN) + * \param[out] line_nr used for error msg, to get to the line number + * + * \return ldns_status mesg with an error or LDNS_STATUS_OK + */ +ldns_status ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c, int *line_nr); + +/** + * Frees the allocated memory for the zone, and the rr_list structure in it + * \param[in] zone the zone to free + */ +void ldns_zone_free(ldns_zone *zone); + +/** + * Frees the allocated memory for the zone, the soa rr in it, + * and the rr_list structure in it, including the rr's in that. etc. + * \param[in] zone the zone to free + */ +void ldns_zone_deep_free(ldns_zone *zone); + +/** + * Sort the rrs in a zone, with the current impl. this is slow + * \param[in] zone the zone to sort + */ +void ldns_zone_sort(ldns_zone *zone); + +#ifdef __cplusplus +} +#endif + +#endif /* LDNS_ZONE_H */ diff --git a/ldns/src/buffer.c b/ldns/src/buffer.c new file mode 100644 index 0000000..fc6c17e --- /dev/null +++ b/ldns/src/buffer.c @@ -0,0 +1,177 @@ +/* + * buffer.c -- generic memory buffer . + * + * Copyright (c) 2001-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + * + */ + +#include + +#include +#include + +ldns_buffer * +ldns_buffer_new(size_t capacity) +{ + ldns_buffer *buffer = LDNS_MALLOC(ldns_buffer); + + if (!buffer) { + return NULL; + } + + buffer->_data = (uint8_t *) LDNS_XMALLOC(uint8_t, capacity); + if (!buffer->_data) { + LDNS_FREE(buffer); + return NULL; + } + + buffer->_position = 0; + buffer->_limit = buffer->_capacity = capacity; + buffer->_fixed = 0; + buffer->_status = LDNS_STATUS_OK; + + ldns_buffer_invariant(buffer); + + return buffer; +} + +void +ldns_buffer_new_frm_data(ldns_buffer *buffer, void *data, size_t size) +{ + assert(data != NULL); + + buffer->_position = 0; + buffer->_limit = buffer->_capacity = size; + buffer->_fixed = 0; + buffer->_data = LDNS_XMALLOC(uint8_t, size); + if(!buffer->_data) { + buffer->_status = LDNS_STATUS_MEM_ERR; + return; + } + memcpy(buffer->_data, data, size); + buffer->_status = LDNS_STATUS_OK; + + ldns_buffer_invariant(buffer); +} + +bool +ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity) +{ + void *data; + + ldns_buffer_invariant(buffer); + assert(buffer->_position <= capacity); + + data = (uint8_t *) LDNS_XREALLOC(buffer->_data, uint8_t, capacity); + if (!data) { + buffer->_status = LDNS_STATUS_MEM_ERR; + return false; + } else { + buffer->_data = data; + buffer->_limit = buffer->_capacity = capacity; + return true; + } +} + +bool +ldns_buffer_reserve(ldns_buffer *buffer, size_t amount) +{ + ldns_buffer_invariant(buffer); + assert(!buffer->_fixed); + if (buffer->_capacity < buffer->_position + amount) { + size_t new_capacity = buffer->_capacity * 3 / 2; + + if (new_capacity < buffer->_position + amount) { + new_capacity = buffer->_position + amount; + } + if (!ldns_buffer_set_capacity(buffer, new_capacity)) { + buffer->_status = LDNS_STATUS_MEM_ERR; + return false; + } + } + buffer->_limit = buffer->_capacity; + return true; +} + +int +ldns_buffer_printf(ldns_buffer *buffer, const char *format, ...) +{ + va_list args; + int written = 0; + size_t remaining; + + if (ldns_buffer_status_ok(buffer)) { + ldns_buffer_invariant(buffer); + assert(buffer->_limit == buffer->_capacity); + + remaining = ldns_buffer_remaining(buffer); + va_start(args, format); + written = vsnprintf((char *) ldns_buffer_current(buffer), remaining, + format, args); + va_end(args); + if (written == -1) { + buffer->_status = LDNS_STATUS_INTERNAL_ERR; + return -1; + } else if ((size_t) written >= remaining) { + if (!ldns_buffer_reserve(buffer, (size_t) written + 1)) { + buffer->_status = LDNS_STATUS_MEM_ERR; + return -1; + } + va_start(args, format); + written = vsnprintf((char *) ldns_buffer_current(buffer), + ldns_buffer_remaining(buffer), format, args); + va_end(args); + if (written == -1) { + buffer->_status = LDNS_STATUS_INTERNAL_ERR; + return -1; + } + } + buffer->_position += written; + } + return written; +} + +void +ldns_buffer_free(ldns_buffer *buffer) +{ + if (!buffer) { + return; + } + + if (!buffer->_fixed) + LDNS_FREE(buffer->_data); + + LDNS_FREE(buffer); +} + +void * +ldns_buffer_export(ldns_buffer *buffer) +{ + buffer->_fixed = 1; + return buffer->_data; +} + +int +ldns_bgetc(ldns_buffer *buffer) +{ + if (!ldns_buffer_available_at(buffer, buffer->_position, sizeof(uint8_t))) { + ldns_buffer_set_position(buffer, ldns_buffer_limit(buffer)); + /* ldns_buffer_rewind(buffer);*/ + return EOF; + } + return (int)ldns_buffer_read_u8(buffer); +} + +void +ldns_buffer_copy(ldns_buffer* result, ldns_buffer* from) +{ + size_t tocopy = ldns_buffer_limit(from); + + if(tocopy > ldns_buffer_capacity(result)) + tocopy = ldns_buffer_capacity(result); + ldns_buffer_clear(result); + ldns_buffer_write(result, ldns_buffer_begin(from), tocopy); + ldns_buffer_flip(result); +} diff --git a/ldns/src/compat/b64_ntop.c b/ldns/src/compat/b64_ntop.c new file mode 100644 index 0000000..6895aca --- /dev/null +++ b/ldns/src/compat/b64_ntop.c @@ -0,0 +1,185 @@ +/* + * Copyright (c) 1996, 1998 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ +#include +#include +#include +#include + +static const char Base64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +static const char Pad64 = '='; + +/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) + The following encoding technique is taken from RFC 1521 by Borenstein + and Freed. It is reproduced here in a slightly edited form for + convenience. + + A 65-character subset of US-ASCII is used, enabling 6 bits to be + represented per printable character. (The extra 65th character, "=", + is used to signify a special processing function.) + + The encoding process represents 24-bit groups of input bits as output + strings of 4 encoded characters. Proceeding from left to right, a + 24-bit input group is formed by concatenating 3 8-bit input groups. + These 24 bits are then treated as 4 concatenated 6-bit groups, each + of which is translated into a single digit in the base64 alphabet. + + Each 6-bit group is used as an index into an array of 64 printable + characters. The character referenced by the index is placed in the + output string. + + Table 1: The Base64 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 A 17 R 34 i 51 z + 1 B 18 S 35 j 52 0 + 2 C 19 T 36 k 53 1 + 3 D 20 U 37 l 54 2 + 4 E 21 V 38 m 55 3 + 5 F 22 W 39 n 56 4 + 6 G 23 X 40 o 57 5 + 7 H 24 Y 41 p 58 6 + 8 I 25 Z 42 q 59 7 + 9 J 26 a 43 r 60 8 + 10 K 27 b 44 s 61 9 + 11 L 28 c 45 t 62 + + 12 M 29 d 46 u 63 / + 13 N 30 e 47 v + 14 O 31 f 48 w (pad) = + 15 P 32 g 49 x + 16 Q 33 h 50 y + + Special processing is performed if fewer than 24 bits are available + at the end of the data being encoded. A full encoding quantum is + always completed at the end of a quantity. When fewer than 24 input + bits are available in an input group, zero bits are added (on the + right) to form an integral number of 6-bit groups. Padding at the + end of the data is performed using the '=' character. + + Since all base64 input is an integral number of octets, only the + ------------------------------------------------- + following cases can arise: + + (1) the final quantum of encoding input is an integral + multiple of 24 bits; here, the final unit of encoded + output will be an integral multiple of 4 characters + with no "=" padding, + (2) the final quantum of encoding input is exactly 8 bits; + here, the final unit of encoded output will be two + characters followed by two "=" padding characters, or + (3) the final quantum of encoding input is exactly 16 bits; + here, the final unit of encoded output will be three + characters followed by one "=" padding character. + */ + +int +ldns_b64_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize) { + size_t datalength = 0; + uint8_t input[3]; + uint8_t output[4]; + size_t i; + + if (srclength == 0) { + if (targsize > 0) { + target[0] = '\0'; + return 0; + } else { + return -1; + } + } + + while (2 < srclength) { + input[0] = *src++; + input[1] = *src++; + input[2] = *src++; + srclength -= 3; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + output[3] = input[2] & 0x3f; + assert(output[0] < 64); + assert(output[1] < 64); + assert(output[2] < 64); + assert(output[3] < 64); + + if (datalength + 4 > targsize) { + return (-1); + } + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + target[datalength++] = Base64[output[2]]; + target[datalength++] = Base64[output[3]]; + } + + /* Now we worry about padding. */ + if (0 != srclength) { + /* Get what's left. */ + input[0] = input[1] = input[2] = (uint8_t) '\0'; + for (i = 0; i < srclength; i++) + input[i] = *src++; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + assert(output[0] < 64); + assert(output[1] < 64); + assert(output[2] < 64); + + if (datalength + 4 > targsize) { + return (-2); + } + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + if (srclength == 1) { + target[datalength++] = Pad64; + } else { + target[datalength++] = Base64[output[2]]; + } + target[datalength++] = Pad64; + } + if (datalength >= targsize) { + return (-3); + } + target[datalength] = '\0'; /* Returned value doesn't count \0. */ + return (int) (datalength); +} diff --git a/ldns/src/compat/b64_pton.c b/ldns/src/compat/b64_pton.c new file mode 100644 index 0000000..18d8c8e --- /dev/null +++ b/ldns/src/compat/b64_pton.c @@ -0,0 +1,244 @@ +/* + * Copyright (c) 1996, 1998 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ +#include +#include +#include +#include + +static const char Base64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +static const char Pad64 = '='; + +/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) + The following encoding technique is taken from RFC 1521 by Borenstein + and Freed. It is reproduced here in a slightly edited form for + convenience. + + A 65-character subset of US-ASCII is used, enabling 6 bits to be + represented per printable character. (The extra 65th character, "=", + is used to signify a special processing function.) + + The encoding process represents 24-bit groups of input bits as output + strings of 4 encoded characters. Proceeding from left to right, a + 24-bit input group is formed by concatenating 3 8-bit input groups. + These 24 bits are then treated as 4 concatenated 6-bit groups, each + of which is translated into a single digit in the base64 alphabet. + + Each 6-bit group is used as an index into an array of 64 printable + characters. The character referenced by the index is placed in the + output string. + + Table 1: The Base64 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 A 17 R 34 i 51 z + 1 B 18 S 35 j 52 0 + 2 C 19 T 36 k 53 1 + 3 D 20 U 37 l 54 2 + 4 E 21 V 38 m 55 3 + 5 F 22 W 39 n 56 4 + 6 G 23 X 40 o 57 5 + 7 H 24 Y 41 p 58 6 + 8 I 25 Z 42 q 59 7 + 9 J 26 a 43 r 60 8 + 10 K 27 b 44 s 61 9 + 11 L 28 c 45 t 62 + + 12 M 29 d 46 u 63 / + 13 N 30 e 47 v + 14 O 31 f 48 w (pad) = + 15 P 32 g 49 x + 16 Q 33 h 50 y + + Special processing is performed if fewer than 24 bits are available + at the end of the data being encoded. A full encoding quantum is + always completed at the end of a quantity. When fewer than 24 input + bits are available in an input group, zero bits are added (on the + right) to form an integral number of 6-bit groups. Padding at the + end of the data is performed using the '=' character. + + Since all base64 input is an integral number of octets, only the + ------------------------------------------------- + following cases can arise: + + (1) the final quantum of encoding input is an integral + multiple of 24 bits; here, the final unit of encoded + output will be an integral multiple of 4 characters + with no "=" padding, + (2) the final quantum of encoding input is exactly 8 bits; + here, the final unit of encoded output will be two + characters followed by two "=" padding characters, or + (3) the final quantum of encoding input is exactly 16 bits; + here, the final unit of encoded output will be three + characters followed by one "=" padding character. + */ + +/* skips all whitespace anywhere. + converts characters, four at a time, starting at (or after) + src from base - 64 numbers into three 8 bit bytes in the target area. + it returns the number of data bytes stored at the target, or -1 on error. + */ + +int +ldns_b64_pton(char const *origsrc, uint8_t *target, size_t targsize) +{ + unsigned char const* src = (unsigned char*)origsrc; + int tarindex, state, ch; + char *pos; + + state = 0; + tarindex = 0; + + if (strlen(origsrc) == 0) { + return 0; + } + + while ((ch = *src++) != '\0') { + if (isspace((unsigned char)ch)) /* Skip whitespace anywhere. */ + continue; + + if (ch == Pad64) + break; + + pos = strchr(Base64, ch); + if (pos == 0) { + /* A non-base64 character. */ + return (-1); + } + + switch (state) { + case 0: + if (target) { + if ((size_t)tarindex >= targsize) + return (-1); + target[tarindex] = (pos - Base64) << 2; + } + state = 1; + break; + case 1: + if (target) { + if ((size_t)tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 4; + target[tarindex+1] = ((pos - Base64) & 0x0f) + << 4 ; + } + tarindex++; + state = 2; + break; + case 2: + if (target) { + if ((size_t)tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 2; + target[tarindex+1] = ((pos - Base64) & 0x03) + << 6; + } + tarindex++; + state = 3; + break; + case 3: + if (target) { + if ((size_t)tarindex >= targsize) + return (-1); + target[tarindex] |= (pos - Base64); + } + tarindex++; + state = 0; + break; + default: + abort(); + } + } + + /* + * We are done decoding Base-64 chars. Let's see if we ended + * on a byte boundary, and/or with erroneous trailing characters. + */ + + if (ch == Pad64) { /* We got a pad char. */ + ch = *src++; /* Skip it, get next. */ + switch (state) { + case 0: /* Invalid = in first position */ + case 1: /* Invalid = in second position */ + return (-1); + + case 2: /* Valid, means one byte of info */ + /* Skip any number of spaces. */ + for ((void)NULL; ch != '\0'; ch = *src++) + if (!isspace((unsigned char)ch)) + break; + /* Make sure there is another trailing = sign. */ + if (ch != Pad64) + return (-1); + ch = *src++; /* Skip the = */ + /* Fall through to "single trailing =" case. */ + /* FALLTHROUGH */ + + case 3: /* Valid, means two bytes of info */ + /* + * We know this char is an =. Is there anything but + * whitespace after it? + */ + for ((void)NULL; ch != '\0'; ch = *src++) + if (!isspace((unsigned char)ch)) + return (-1); + + /* + * Now make sure for cases 2 and 3 that the "extra" + * bits that slopped past the last full byte were + * zeros. If we don't check them, they become a + * subliminal channel. + */ + if (target && target[tarindex] != 0) + return (-1); + } + } else { + /* + * We ended by seeing the end of the string. Make sure we + * have no partial bytes lying around. + */ + if (state != 0) + return (-1); + } + + return (tarindex); +} diff --git a/ldns/src/compat/strlcpy.c b/ldns/src/compat/strlcpy.c new file mode 100644 index 0000000..d6c34c1 --- /dev/null +++ b/ldns/src/compat/strlcpy.c @@ -0,0 +1,57 @@ +/* from openssh 4.3p2 compat/strlcpy.c */ +/* + * Copyright (c) 1998 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */ + +#include +#ifndef HAVE_STRLCPY + +#include +#include + +/* + * Copy src to string dst of size siz. At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns strlen(src); if retval >= siz, truncation occurred. + */ +size_t +strlcpy(char *dst, const char *src, size_t siz) +{ + char *d = dst; + const char *s = src; + size_t n = siz; + + /* Copy as many bytes as will fit */ + if (n != 0 && --n != 0) { + do { + if ((*d++ = *s++) == 0) + break; + } while (--n != 0); + } + + /* Not enough room in dst, add NUL and traverse rest of src */ + if (n == 0) { + if (siz != 0) + *d = '\0'; /* NUL-terminate dst */ + while (*s++) + ; + } + + return(s - src - 1); /* count does not include NUL */ +} + +#endif /* !HAVE_STRLCPY */ diff --git a/ldns/src/dane.c b/ldns/src/dane.c new file mode 100644 index 0000000..675dfa8 --- /dev/null +++ b/ldns/src/dane.c @@ -0,0 +1,748 @@ +/* + * Verify or create TLS authentication with DANE (RFC6698) + * + * (c) NLnetLabs 2012 + * + * See the file LICENSE for the license. + * + */ + +#include +#ifdef USE_DANE + +#include +#include + +#include +#include +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif + +#ifdef HAVE_SSL +#include +#include +#include +#endif + +ldns_status +ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name, + uint16_t port, ldns_dane_transport transport) +{ + char buf[LDNS_MAX_DOMAINLEN]; + size_t s; + + assert(tlsa_owner != NULL); + assert(name != NULL); + assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME); + + s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port); + buf[0] = (char)(s - 1); + + switch(transport) { + case LDNS_DANE_TRANSPORT_TCP: + s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp"); + break; + + case LDNS_DANE_TRANSPORT_UDP: + s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp"); + break; + + case LDNS_DANE_TRANSPORT_SCTP: + s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp"); + break; + + default: + return LDNS_STATUS_DANE_UNKNOWN_TRANSPORT; + } + if (s + ldns_rdf_size(name) > LDNS_MAX_DOMAINLEN) { + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name)); + *tlsa_owner = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, + s + ldns_rdf_size(name), buf); + if (*tlsa_owner == NULL) { + return LDNS_STATUS_MEM_ERR; + } + return LDNS_STATUS_OK; +} + + +#ifdef HAVE_SSL +ldns_status +ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert, + ldns_tlsa_selector selector, + ldns_tlsa_matching_type matching_type) +{ + unsigned char* buf = NULL; + size_t len; + + X509_PUBKEY* xpubkey; + EVP_PKEY* epubkey; + + unsigned char* digest; + + assert(rdf != NULL); + assert(cert != NULL); + + switch(selector) { + case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE: + + len = (size_t)i2d_X509(cert, &buf); + break; + + case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO: + +#ifndef S_SPLINT_S + xpubkey = X509_get_X509_PUBKEY(cert); +#endif + if (! xpubkey) { + return LDNS_STATUS_SSL_ERR; + } + epubkey = X509_PUBKEY_get(xpubkey); + if (! epubkey) { + return LDNS_STATUS_SSL_ERR; + } + len = (size_t)i2d_PUBKEY(epubkey, &buf); + break; + + default: + return LDNS_STATUS_DANE_UNKNOWN_SELECTOR; + } + + switch(matching_type) { + case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED: + + *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf); + + return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; + break; + + case LDNS_TLSA_MATCHING_TYPE_SHA256: + + digest = LDNS_XMALLOC(unsigned char, LDNS_SHA256_DIGEST_LENGTH); + if (digest == NULL) { + LDNS_FREE(buf); + return LDNS_STATUS_MEM_ERR; + } + (void) ldns_sha256(buf, (unsigned int)len, digest); + *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA256_DIGEST_LENGTH, + digest); + LDNS_FREE(buf); + + return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; + break; + + case LDNS_TLSA_MATCHING_TYPE_SHA512: + + digest = LDNS_XMALLOC(unsigned char, LDNS_SHA512_DIGEST_LENGTH); + if (digest == NULL) { + LDNS_FREE(buf); + return LDNS_STATUS_MEM_ERR; + } + (void) ldns_sha512(buf, (unsigned int)len, digest); + *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA512_DIGEST_LENGTH, + digest); + LDNS_FREE(buf); + + return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; + break; + + default: + LDNS_FREE(buf); + return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE; + } +} + + +/* Ordinary PKIX validation of cert (with extra_certs to help) + * against the CA's in store + */ +static ldns_status +ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs, + X509_STORE* store) +{ + X509_STORE_CTX* vrfy_ctx; + ldns_status s; + + if (! store) { + return LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; + } + vrfy_ctx = X509_STORE_CTX_new(); + if (! vrfy_ctx) { + + return LDNS_STATUS_SSL_ERR; + + } else if (X509_STORE_CTX_init(vrfy_ctx, store, + cert, extra_certs) != 1) { + s = LDNS_STATUS_SSL_ERR; + + } else if (X509_verify_cert(vrfy_ctx) == 1) { + + s = LDNS_STATUS_OK; + + } else { + s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; + } + X509_STORE_CTX_free(vrfy_ctx); + return s; +} + + +/* Orinary PKIX validation of cert (with extra_certs to help) + * against the CA's in store, but also return the validation chain. + */ +static ldns_status +ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert, + STACK_OF(X509)* extra_certs, X509_STORE* store) +{ + ldns_status s; + X509_STORE* empty_store = NULL; + X509_STORE_CTX* vrfy_ctx; + + assert(chain != NULL); + + if (! store) { + store = empty_store = X509_STORE_new(); + } + s = LDNS_STATUS_SSL_ERR; + vrfy_ctx = X509_STORE_CTX_new(); + if (! vrfy_ctx) { + + goto exit_free_empty_store; + + } else if (X509_STORE_CTX_init(vrfy_ctx, store, + cert, extra_certs) != 1) { + goto exit_free_vrfy_ctx; + + } else if (X509_verify_cert(vrfy_ctx) == 1) { + + s = LDNS_STATUS_OK; + + } else { + s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; + } + *chain = X509_STORE_CTX_get1_chain(vrfy_ctx); + if (! *chain) { + s = LDNS_STATUS_SSL_ERR; + } + +exit_free_vrfy_ctx: + X509_STORE_CTX_free(vrfy_ctx); + +exit_free_empty_store: + if (empty_store) { + X509_STORE_free(empty_store); + } + return s; +} + + +/* Return the validation chain that can be build out of cert, with extra_certs. + */ +static ldns_status +ldns_dane_pkix_get_chain(STACK_OF(X509)** chain, + X509* cert, STACK_OF(X509)* extra_certs) +{ + ldns_status s; + X509_STORE* empty_store = NULL; + X509_STORE_CTX* vrfy_ctx; + + assert(chain != NULL); + + empty_store = X509_STORE_new(); + s = LDNS_STATUS_SSL_ERR; + vrfy_ctx = X509_STORE_CTX_new(); + if (! vrfy_ctx) { + + goto exit_free_empty_store; + + } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store, + cert, extra_certs) != 1) { + goto exit_free_vrfy_ctx; + } + (void) X509_verify_cert(vrfy_ctx); + *chain = X509_STORE_CTX_get1_chain(vrfy_ctx); + if (! *chain) { + s = LDNS_STATUS_SSL_ERR; + } else { + s = LDNS_STATUS_OK; + } +exit_free_vrfy_ctx: + X509_STORE_CTX_free(vrfy_ctx); + +exit_free_empty_store: + X509_STORE_free(empty_store); + return s; +} + + +/* Pop n+1 certs and return the last popped. + */ +static ldns_status +ldns_dane_get_nth_cert_from_validation_chain( + X509** cert, STACK_OF(X509)* chain, int n, bool ca) +{ + if (n >= sk_X509_num(chain) || n < 0) { + return LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE; + } + *cert = sk_X509_pop(chain); + while (n-- > 0) { + X509_free(*cert); + *cert = sk_X509_pop(chain); + } + if (ca && ! X509_check_ca(*cert)) { + return LDNS_STATUS_DANE_NON_CA_CERTIFICATE; + } + return LDNS_STATUS_OK; +} + + +/* Create validation chain with cert and extra_certs and returns the last + * self-signed (if present). + */ +static ldns_status +ldns_dane_pkix_get_last_self_signed(X509** out_cert, + X509* cert, STACK_OF(X509)* extra_certs) +{ + ldns_status s; + X509_STORE* empty_store = NULL; + X509_STORE_CTX* vrfy_ctx; + + assert(out_cert != NULL); + + empty_store = X509_STORE_new(); + s = LDNS_STATUS_SSL_ERR; + vrfy_ctx = X509_STORE_CTX_new(); + if (! vrfy_ctx) { + goto exit_free_empty_store; + + } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store, + cert, extra_certs) != 1) { + goto exit_free_vrfy_ctx; + + } + (void) X509_verify_cert(vrfy_ctx); + if (vrfy_ctx->error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN || + vrfy_ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){ + + *out_cert = X509_STORE_CTX_get_current_cert( vrfy_ctx); + s = LDNS_STATUS_OK; + } else { + s = LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR; + } +exit_free_vrfy_ctx: + X509_STORE_CTX_free(vrfy_ctx); + +exit_free_empty_store: + X509_STORE_free(empty_store); + return s; +} + + +ldns_status +ldns_dane_select_certificate(X509** selected_cert, + X509* cert, STACK_OF(X509)* extra_certs, + X509_STORE* pkix_validation_store, + ldns_tlsa_certificate_usage cert_usage, int offset) +{ + ldns_status s; + STACK_OF(X509)* pkix_validation_chain = NULL; + + assert(selected_cert != NULL); + assert(cert != NULL); + + /* With PKIX validation explicitely turned off (pkix_validation_store + * == NULL), treat the "CA constraint" and "Service certificate + * constraint" the same as "Trust anchor assertion" and "Domain issued + * certificate" respectively. + */ + if (pkix_validation_store == NULL) { + switch (cert_usage) { + + case LDNS_TLSA_USAGE_CA_CONSTRAINT: + + cert_usage = LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION; + break; + + case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: + + cert_usage = LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE; + break; + + default: + break; + } + } + + /* Now what to do with each Certificate usage... + */ + switch (cert_usage) { + + case LDNS_TLSA_USAGE_CA_CONSTRAINT: + + s = ldns_dane_pkix_validate_and_get_chain( + &pkix_validation_chain, + cert, extra_certs, + pkix_validation_store); + if (! pkix_validation_chain) { + return s; + } + if (s == LDNS_STATUS_OK) { + if (offset == -1) { + offset = 0; + } + s = ldns_dane_get_nth_cert_from_validation_chain( + selected_cert, pkix_validation_chain, + offset, true); + } + sk_X509_pop_free(pkix_validation_chain, X509_free); + return s; + break; + + + case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: + + *selected_cert = cert; + return ldns_dane_pkix_validate(cert, extra_certs, + pkix_validation_store); + break; + + + case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION: + + if (offset == -1) { + s = ldns_dane_pkix_get_last_self_signed( + selected_cert, cert, extra_certs); + return s; + } else { + s = ldns_dane_pkix_get_chain( + &pkix_validation_chain, + cert, extra_certs); + if (s == LDNS_STATUS_OK) { + s = + ldns_dane_get_nth_cert_from_validation_chain( + selected_cert, pkix_validation_chain, + offset, false); + } else if (! pkix_validation_chain) { + return s; + } + sk_X509_pop_free(pkix_validation_chain, X509_free); + return s; + } + break; + + + case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE: + + *selected_cert = cert; + return LDNS_STATUS_OK; + break; + + default: + return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE; + break; + } +} + + +ldns_status +ldns_dane_create_tlsa_rr(ldns_rr** tlsa, + ldns_tlsa_certificate_usage certificate_usage, + ldns_tlsa_selector selector, + ldns_tlsa_matching_type matching_type, + X509* cert) +{ + ldns_rdf* rdf; + ldns_status s; + + assert(tlsa != NULL); + assert(cert != NULL); + + /* create rr */ + *tlsa = ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA); + if (*tlsa == NULL) { + return LDNS_STATUS_MEM_ERR; + } + + rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, + (uint8_t)certificate_usage); + if (rdf == NULL) { + goto memerror; + } + (void) ldns_rr_set_rdf(*tlsa, rdf, 0); + + rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)selector); + if (rdf == NULL) { + goto memerror; + } + (void) ldns_rr_set_rdf(*tlsa, rdf, 1); + + rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)matching_type); + if (rdf == NULL) { + goto memerror; + } + (void) ldns_rr_set_rdf(*tlsa, rdf, 2); + + s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type); + if (s == LDNS_STATUS_OK) { + (void) ldns_rr_set_rdf(*tlsa, rdf, 3); + return LDNS_STATUS_OK; + } + ldns_rr_free(*tlsa); + *tlsa = NULL; + return s; + +memerror: + ldns_rr_free(*tlsa); + *tlsa = NULL; + return LDNS_STATUS_MEM_ERR; +} + + +/* Return tlsas that actually are TLSA resource records with known values + * for the Certificate usage, Selector and Matching type rdata fields. + */ +static ldns_rr_list* +ldns_dane_filter_unusable_records(const ldns_rr_list* tlsas) +{ + size_t i; + ldns_rr_list* r = ldns_rr_list_new(); + ldns_rr* tlsa_rr; + + if (! r) { + return NULL; + } + for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) { + tlsa_rr = ldns_rr_list_rr(tlsas, i); + if (ldns_rr_get_type(tlsa_rr) == LDNS_RR_TYPE_TLSA && + ldns_rr_rd_count(tlsa_rr) == 4 && + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) <= 3 && + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) <= 1 && + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) <= 2) { + + if (! ldns_rr_list_push_rr(r, tlsa_rr)) { + ldns_rr_list_free(r); + return NULL; + } + } + } + return r; +} + + +/* Return whether cert/selector/matching_type matches data. + */ +static ldns_status +ldns_dane_match_cert_with_data(X509* cert, ldns_tlsa_selector selector, + ldns_tlsa_matching_type matching_type, ldns_rdf* data) +{ + ldns_status s; + ldns_rdf* match_data; + + s = ldns_dane_cert2rdf(&match_data, cert, selector, matching_type); + if (s == LDNS_STATUS_OK) { + if (ldns_rdf_compare(data, match_data) != 0) { + s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; + } + ldns_rdf_free(match_data); + } + return s; +} + + +/* Return whether any certificate from the chain with selector/matching_type + * matches data. + * ca should be true if the certificate has to be a CA certificate too. + */ +static ldns_status +ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain, + ldns_tlsa_selector selector, + ldns_tlsa_matching_type matching_type, + ldns_rdf* data, bool ca) +{ + ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; + size_t n, i; + X509* cert; + + n = (size_t)sk_X509_num(chain); + for (i = 0; i < n; i++) { + cert = sk_X509_pop(chain); + if (! cert) { + s = LDNS_STATUS_SSL_ERR; + break; + } + s = ldns_dane_match_cert_with_data(cert, + selector, matching_type, data); + if (ca && s == LDNS_STATUS_OK && ! X509_check_ca(cert)) { + s = LDNS_STATUS_DANE_NON_CA_CERTIFICATE; + } + X509_free(cert); + if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) { + break; + } + /* when s == LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH, + * try to match the next certificate + */ + } + return s; +} + + +ldns_status +ldns_dane_verify_rr(const ldns_rr* tlsa_rr, + X509* cert, STACK_OF(X509)* extra_certs, + X509_STORE* pkix_validation_store) +{ + ldns_status s; + + STACK_OF(X509)* pkix_validation_chain = NULL; + + ldns_tlsa_certificate_usage cert_usage; + ldns_tlsa_selector selector; + ldns_tlsa_matching_type matching_type; + ldns_rdf* data; + + if (! tlsa_rr) { + /* No TLSA, so regular PKIX validation + */ + return ldns_dane_pkix_validate(cert, extra_certs, + pkix_validation_store); + } + cert_usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)); + selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)); + matching_type = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)); + data = ldns_rr_rdf(tlsa_rr, 3) ; + + switch (cert_usage) { + case LDNS_TLSA_USAGE_CA_CONSTRAINT: + s = ldns_dane_pkix_validate_and_get_chain( + &pkix_validation_chain, + cert, extra_certs, + pkix_validation_store); + if (! pkix_validation_chain) { + return s; + } + if (s == LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) { + /* + * NO PKIX validation. We still try to match *any* + * certificate from the chain, so we return + * TLSA errors over PKIX errors. + * + * i.e. When the TLSA matches no certificate, we return + * TLSA_DID_NOT_MATCH and not PKIX_DID_NOT_VALIDATE + */ + s = ldns_dane_match_any_cert_with_data( + pkix_validation_chain, + selector, matching_type, data, true); + + if (s == LDNS_STATUS_OK) { + /* A TLSA record did match a cert from the + * chain, thus the error is failed PKIX + * validation. + */ + s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; + } + + } else if (s == LDNS_STATUS_OK) { + /* PKIX validated, does the TLSA match too? */ + + s = ldns_dane_match_any_cert_with_data( + pkix_validation_chain, + selector, matching_type, data, true); + } + sk_X509_pop_free(pkix_validation_chain, X509_free); + return s; + break; + + case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: + s = ldns_dane_match_cert_with_data(cert, + selector, matching_type, data); + + if (s == LDNS_STATUS_OK) { + return ldns_dane_pkix_validate(cert, extra_certs, + pkix_validation_store); + } + return s; + break; + + case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION: + s = ldns_dane_pkix_get_chain(&pkix_validation_chain, + cert, extra_certs); + + if (s == LDNS_STATUS_OK) { + s = ldns_dane_match_any_cert_with_data( + pkix_validation_chain, + selector, matching_type, data, false); + + } else if (! pkix_validation_chain) { + return s; + } + sk_X509_pop_free(pkix_validation_chain, X509_free); + return s; + break; + + case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE: + return ldns_dane_match_cert_with_data(cert, + selector, matching_type, data); + break; + + default: + break; + } + return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE; +} + + +ldns_status +ldns_dane_verify(ldns_rr_list* tlsas, + X509* cert, STACK_OF(X509)* extra_certs, + X509_STORE* pkix_validation_store) +{ + size_t i; + ldns_rr* tlsa_rr; + ldns_status s = LDNS_STATUS_OK, ps; + + assert(cert != NULL); + + if (tlsas && ldns_rr_list_rr_count(tlsas) > 0) { + tlsas = ldns_dane_filter_unusable_records(tlsas); + if (! tlsas) { + return LDNS_STATUS_MEM_ERR; + } + } + if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0) { + /* No TLSA's, so regular PKIX validation + */ + return ldns_dane_pkix_validate(cert, extra_certs, + pkix_validation_store); + } else { + for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) { + tlsa_rr = ldns_rr_list_rr(tlsas, i); + ps = s; + s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs, + pkix_validation_store); + + if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH && + s != LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) { + + /* which would be LDNS_STATUS_OK (match) + * or some fatal error preventing use from + * trying the next TLSA record. + */ + break; + } + s = (s > ps ? s : ps); /* prefer PKIX_DID_NOT_VALIDATE + * over TLSA_DID_NOT_MATCH + */ + } + ldns_rr_list_free(tlsas); + } + return s; +} +#endif /* HAVE_SSL */ +#endif /* USE_DANE */ diff --git a/ldns/src/dname.c b/ldns/src/dname.c new file mode 100644 index 0000000..55aba5d --- /dev/null +++ b/ldns/src/dname.c @@ -0,0 +1,598 @@ +/* + * dname.c + * + * dname specific rdata implementations + * A dname is a rdf structure with type LDNS_RDF_TYPE_DNAME + * It is not a /real/ type! All function must therefor check + * for LDNS_RDF_TYPE_DNAME. + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif + +/* Returns whether the last label in the name is a root label (a empty label). + * Note that it is not enough to just test the last character to be 0, + * because it may be part of the last label itself. + */ +static bool +ldns_dname_last_label_is_root_label(const ldns_rdf* dname) +{ + size_t src_pos; + size_t len = 0; + + for (src_pos = 0; src_pos < ldns_rdf_size(dname); src_pos += len + 1) { + len = ldns_rdf_data(dname)[src_pos]; + } + assert(src_pos == ldns_rdf_size(dname)); + + return src_pos > 0 && len == 0; +} + +ldns_rdf * +ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2) +{ + ldns_rdf *new; + uint16_t new_size; + uint8_t *buf; + uint16_t left_size; + + if (ldns_rdf_get_type(rd1) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_get_type(rd2) != LDNS_RDF_TYPE_DNAME) { + return NULL; + } + + /* remove root label if it is present at the end of the left + * rd, by reducing the size with 1 + */ + left_size = ldns_rdf_size(rd1); + if (ldns_dname_last_label_is_root_label(rd1)) { + left_size--; + } + + /* we overwrite the nullbyte of rd1 */ + new_size = left_size + ldns_rdf_size(rd2); + buf = LDNS_XMALLOC(uint8_t, new_size); + if (!buf) { + return NULL; + } + + /* put the two dname's after each other */ + memcpy(buf, ldns_rdf_data(rd1), left_size); + memcpy(buf + left_size, ldns_rdf_data(rd2), ldns_rdf_size(rd2)); + + new = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, new_size, buf); + + LDNS_FREE(buf); + return new; +} + +ldns_status +ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2) +{ + uint16_t left_size; + uint16_t size; + uint8_t* newd; + + if (ldns_rdf_get_type(rd1) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_get_type(rd2) != LDNS_RDF_TYPE_DNAME) { + return LDNS_STATUS_ERR; + } + + /* remove root label if it is present at the end of the left + * rd, by reducing the size with 1 + */ + left_size = ldns_rdf_size(rd1); + if (ldns_dname_last_label_is_root_label(rd1)) { + left_size--; + } + + size = left_size + ldns_rdf_size(rd2); + newd = LDNS_XREALLOC(ldns_rdf_data(rd1), uint8_t, size); + if(!newd) { + return LDNS_STATUS_MEM_ERR; + } + + ldns_rdf_set_data(rd1, newd); + memcpy(ldns_rdf_data(rd1) + left_size, ldns_rdf_data(rd2), + ldns_rdf_size(rd2)); + ldns_rdf_set_size(rd1, size); + + return LDNS_STATUS_OK; +} + +ldns_rdf* +ldns_dname_reverse(const ldns_rdf *dname) +{ + size_t rd_size; + uint8_t* buf; + ldns_rdf* new; + size_t src_pos; + size_t len ; + + assert(ldns_rdf_get_type(dname) == LDNS_RDF_TYPE_DNAME); + + rd_size = ldns_rdf_size(dname); + buf = LDNS_XMALLOC(uint8_t, rd_size); + if (! buf) { + return NULL; + } + new = ldns_rdf_new(LDNS_RDF_TYPE_DNAME, rd_size, buf); + if (! new) { + LDNS_FREE(buf); + return NULL; + } + + /* If dname ends in a root label, the reverse should too. + */ + if (ldns_dname_last_label_is_root_label(dname)) { + buf[rd_size - 1] = 0; + rd_size -= 1; + } + for (src_pos = 0; src_pos < rd_size; src_pos += len + 1) { + len = ldns_rdf_data(dname)[src_pos]; + memcpy(&buf[rd_size - src_pos - len - 1], + &ldns_rdf_data(dname)[src_pos], len + 1); + } + return new; +} + +ldns_rdf * +ldns_dname_clone_from(const ldns_rdf *d, uint16_t n) +{ + uint8_t *data; + uint8_t label_size; + size_t data_size; + + if (!d || + ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME || + ldns_dname_label_count(d) < n) { + return NULL; + } + + data = ldns_rdf_data(d); + data_size = ldns_rdf_size(d); + while (n > 0) { + label_size = data[0] + 1; + data += label_size; + if (data_size < label_size) { + /* this label is very broken */ + return NULL; + } + data_size -= label_size; + n--; + } + + return ldns_dname_new_frm_data(data_size, data); +} + +ldns_rdf * +ldns_dname_left_chop(const ldns_rdf *d) +{ + uint8_t label_pos; + ldns_rdf *chop; + + if (!d) { + return NULL; + } + + if (ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME) { + return NULL; + } + if (ldns_dname_label_count(d) == 0) { + /* root label */ + return NULL; + } + /* 05blaat02nl00 */ + label_pos = ldns_rdf_data(d)[0]; + + chop = ldns_dname_new_frm_data(ldns_rdf_size(d) - label_pos - 1, + ldns_rdf_data(d) + label_pos + 1); + return chop; +} + +uint8_t +ldns_dname_label_count(const ldns_rdf *r) +{ + uint16_t src_pos; + uint16_t len; + uint8_t i; + size_t r_size; + + if (!r) { + return 0; + } + + i = 0; + src_pos = 0; + r_size = ldns_rdf_size(r); + + if (ldns_rdf_get_type(r) != LDNS_RDF_TYPE_DNAME) { + return 0; + } else { + len = ldns_rdf_data(r)[src_pos]; /* start of the label */ + + /* single root label */ + if (1 == r_size) { + return 0; + } else { + while ((len > 0) && src_pos < r_size) { + src_pos++; + src_pos += len; + len = ldns_rdf_data(r)[src_pos]; + i++; + } + } + } + return i; +} + +ldns_rdf * +ldns_dname_new(uint16_t s, void *d) +{ + ldns_rdf *rd; + + rd = LDNS_MALLOC(ldns_rdf); + if (!rd) { + return NULL; + } + ldns_rdf_set_size(rd, s); + ldns_rdf_set_type(rd, LDNS_RDF_TYPE_DNAME); + ldns_rdf_set_data(rd, d); + return rd; +} + +ldns_rdf * +ldns_dname_new_frm_str(const char *str) +{ + return ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, str); +} + +ldns_rdf * +ldns_dname_new_frm_data(uint16_t size, const void *data) +{ + return ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, size, data); +} + +void +ldns_dname2canonical(const ldns_rdf *rd) +{ + uint8_t *rdd; + uint16_t i; + + if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_DNAME) { + return; + } + + rdd = (uint8_t*)ldns_rdf_data(rd); + for (i = 0; i < ldns_rdf_size(rd); i++, rdd++) { + *rdd = (uint8_t)LDNS_DNAME_NORMALIZE((int)*rdd); + } +} + +bool +ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent) +{ + uint8_t sub_lab; + uint8_t par_lab; + int8_t i, j; + ldns_rdf *tmp_sub = NULL; + ldns_rdf *tmp_par = NULL; + ldns_rdf *sub_clone; + ldns_rdf *parent_clone; + bool result = true; + + if (ldns_rdf_get_type(sub) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_get_type(parent) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_compare(sub, parent) == 0) { + return false; + } + + /* would be nicer if we do not have to clone... */ + sub_clone = ldns_dname_clone_from(sub, 0); + parent_clone = ldns_dname_clone_from(parent, 0); + ldns_dname2canonical(sub_clone); + ldns_dname2canonical(parent_clone); + + sub_lab = ldns_dname_label_count(sub_clone); + par_lab = ldns_dname_label_count(parent_clone); + + /* if sub sits above parent, it cannot be a child/sub domain */ + if (sub_lab < par_lab) { + result = false; + } else { + /* check all labels the from the parent labels, from right to left. + * When they /all/ match we have found a subdomain + */ + j = sub_lab - 1; /* we count from zero, thank you */ + for (i = par_lab -1; i >= 0; i--) { + tmp_sub = ldns_dname_label(sub_clone, j); + tmp_par = ldns_dname_label(parent_clone, i); + if (!tmp_sub || !tmp_par) { + /* deep free does null check */ + ldns_rdf_deep_free(tmp_sub); + ldns_rdf_deep_free(tmp_par); + result = false; + break; + } + + if (ldns_rdf_compare(tmp_sub, tmp_par) != 0) { + /* they are not equal */ + ldns_rdf_deep_free(tmp_sub); + ldns_rdf_deep_free(tmp_par); + result = false; + break; + } + ldns_rdf_deep_free(tmp_sub); + ldns_rdf_deep_free(tmp_par); + j--; + } + } + ldns_rdf_deep_free(sub_clone); + ldns_rdf_deep_free(parent_clone); + return result; +} + +int +ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2) +{ + size_t lc1, lc2, lc1f, lc2f; + size_t i; + int result = 0; + uint8_t *lp1, *lp2; + + /* see RFC4034 for this algorithm */ + /* this algorithm assumes the names are normalized to case */ + + /* only when both are not NULL we can say anything about them */ + if (!dname1 && !dname2) { + return 0; + } + if (!dname1 || !dname2) { + return -1; + } + /* asserts must happen later as we are looking in the + * dname, which could be NULL. But this case is handled + * above + */ + assert(ldns_rdf_get_type(dname1) == LDNS_RDF_TYPE_DNAME); + assert(ldns_rdf_get_type(dname2) == LDNS_RDF_TYPE_DNAME); + + lc1 = ldns_dname_label_count(dname1); + lc2 = ldns_dname_label_count(dname2); + + if (lc1 == 0 && lc2 == 0) { + return 0; + } + if (lc1 == 0) { + return -1; + } + if (lc2 == 0) { + return 1; + } + lc1--; + lc2--; + /* we start at the last label */ + while (true) { + /* find the label first */ + lc1f = lc1; + lp1 = ldns_rdf_data(dname1); + while (lc1f > 0) { + lp1 += *lp1 + 1; + lc1f--; + } + + /* and find the other one */ + lc2f = lc2; + lp2 = ldns_rdf_data(dname2); + while (lc2f > 0) { + lp2 += *lp2 + 1; + lc2f--; + } + + /* now check the label character for character. */ + for (i = 1; i < (size_t)(*lp1 + 1); i++) { + if (i > *lp2) { + /* apparently label 1 is larger */ + result = 1; + goto done; + } + if (LDNS_DNAME_NORMALIZE((int) *(lp1 + i)) < + LDNS_DNAME_NORMALIZE((int) *(lp2 + i))) { + result = -1; + goto done; + } else if (LDNS_DNAME_NORMALIZE((int) *(lp1 + i)) > + LDNS_DNAME_NORMALIZE((int) *(lp2 + i))) { + result = 1; + goto done; + } + } + if (*lp1 < *lp2) { + /* apparently label 2 is larger */ + result = -1; + goto done; + } + if (lc1 == 0 && lc2 > 0) { + result = -1; + goto done; + } else if (lc1 > 0 && lc2 == 0) { + result = 1; + goto done; + } else if (lc1 == 0 && lc2 == 0) { + result = 0; + goto done; + } + lc1--; + lc2--; + } + + done: + return result; +} + +int +ldns_dname_is_wildcard(const ldns_rdf* dname) +{ + return ( ldns_dname_label_count(dname) > 0 && + ldns_rdf_data(dname)[0] == 1 && + ldns_rdf_data(dname)[1] == '*'); +} + +int +ldns_dname_match_wildcard(const ldns_rdf *dname, const ldns_rdf *wildcard) +{ + ldns_rdf *wc_chopped; + int result; + /* check whether it really is a wildcard */ + if (ldns_dname_is_wildcard(wildcard)) { + /* ok, so the dname needs to be a subdomain of the wildcard + * without the * + */ + wc_chopped = ldns_dname_left_chop(wildcard); + result = (int) ldns_dname_is_subdomain(dname, wc_chopped); + ldns_rdf_deep_free(wc_chopped); + } else { + result = (ldns_dname_compare(dname, wildcard) == 0); + } + return result; +} + +/* nsec test: does prev <= middle < next + * -1 = yes + * 0 = error/can't tell + * 1 = no + */ +int +ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle, + const ldns_rdf *next) +{ + int prev_check, next_check; + + assert(ldns_rdf_get_type(prev) == LDNS_RDF_TYPE_DNAME); + assert(ldns_rdf_get_type(middle) == LDNS_RDF_TYPE_DNAME); + assert(ldns_rdf_get_type(next) == LDNS_RDF_TYPE_DNAME); + + prev_check = ldns_dname_compare(prev, middle); + next_check = ldns_dname_compare(middle, next); + /* <= next. This cannot be the case for nsec, because then we would + * have gotten the nsec of next... + */ + if (next_check == 0) { + return 0; + } + + /* <= */ + if ((prev_check == -1 || prev_check == 0) && + /* < */ + next_check == -1) { + return -1; + } else { + return 1; + } +} + + +bool +ldns_dname_str_absolute(const char *dname_str) +{ + const char* s; + if(dname_str && strcmp(dname_str, ".") == 0) + return 1; + if(!dname_str || strlen(dname_str) < 2) + return 0; + if(dname_str[strlen(dname_str) - 1] != '.') + return 0; + if(dname_str[strlen(dname_str) - 2] != '\\') + return 1; /* ends in . and no \ before it */ + /* so we have the case of ends in . and there is \ before it */ + for(s=dname_str; *s; s++) { + if(*s == '\\') { + if(s[1] && s[2] && s[3] /* check length */ + && isdigit(s[1]) && isdigit(s[2]) && + isdigit(s[3])) + s += 3; + else if(!s[1] || isdigit(s[1])) /* escape of nul,0-9 */ + return 0; /* parse error */ + else s++; /* another character escaped */ + } + else if(!*(s+1) && *s == '.') + return 1; /* trailing dot, unescaped */ + } + return 0; +} + +bool +ldns_dname_absolute(const ldns_rdf *rdf) +{ + char *str = ldns_rdf2str(rdf); + if (str) { + bool r = ldns_dname_str_absolute(str); + LDNS_FREE(str); + return r; + } + return false; +} + +ldns_rdf * +ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos) +{ + uint8_t labelcnt; + uint16_t src_pos; + uint16_t len; + ldns_rdf *tmpnew; + size_t s; + uint8_t *data; + + if (ldns_rdf_get_type(rdf) != LDNS_RDF_TYPE_DNAME) { + return NULL; + } + + labelcnt = 0; + src_pos = 0; + s = ldns_rdf_size(rdf); + + len = ldns_rdf_data(rdf)[src_pos]; /* label start */ + while ((len > 0) && src_pos < s) { + if (labelcnt == labelpos) { + /* found our label */ + data = LDNS_XMALLOC(uint8_t, len + 2); + if (!data) { + return NULL; + } + memcpy(data, ldns_rdf_data(rdf) + src_pos, len + 1); + data[len + 2 - 1] = 0; + + tmpnew = ldns_rdf_new( LDNS_RDF_TYPE_DNAME + , len + 2, data); + if (!tmpnew) { + LDNS_FREE(data); + return NULL; + } + return tmpnew; + } + src_pos++; + src_pos += len; + len = ldns_rdf_data(rdf)[src_pos]; + labelcnt++; + } + return NULL; +} diff --git a/ldns/src/dnssec.c b/ldns/src/dnssec.c new file mode 100644 index 0000000..a41a9f6 --- /dev/null +++ b/ldns/src/dnssec.c @@ -0,0 +1,1869 @@ +/* + * dnssec.c + * + * contains the cryptographic function needed for DNSSEC in ldns + * The crypto library used is openssl + * + * (c) NLnet Labs, 2004-2008 + * + * See the file LICENSE for the license + */ + +#include + +#include +#include + +#include +#include + +#ifdef HAVE_SSL +#include +#include +#include +#include +#include +#endif + +ldns_rr * +ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name, + const ldns_rr_type type, + const ldns_rr_list *rrs) +{ + size_t i; + ldns_rr *candidate; + + if (!name || !rrs) { + return NULL; + } + + for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + candidate = ldns_rr_list_rr(rrs, i); + if (ldns_rr_get_type(candidate) == LDNS_RR_TYPE_RRSIG) { + if (ldns_dname_compare(ldns_rr_owner(candidate), + name) == 0 && + ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(candidate)) + == type + ) { + return candidate; + } + } + } + + return NULL; +} + +ldns_rr * +ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, + const ldns_rr_list *rrs) +{ + size_t i; + ldns_rr *candidate; + + if (!rrsig || !rrs) { + return NULL; + } + + for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + candidate = ldns_rr_list_rr(rrs, i); + if (ldns_rr_get_type(candidate) == LDNS_RR_TYPE_DNSKEY) { + if (ldns_dname_compare(ldns_rr_owner(candidate), + ldns_rr_rrsig_signame(rrsig)) == 0 && + ldns_rdf2native_int16(ldns_rr_rrsig_keytag(rrsig)) == + ldns_calc_keytag(candidate) + ) { + return candidate; + } + } + } + + return NULL; +} + +ldns_rdf * +ldns_nsec_get_bitmap(ldns_rr *nsec) { + if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC) { + return ldns_rr_rdf(nsec, 1); + } else if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC3) { + return ldns_rr_rdf(nsec, 5); + } else { + return NULL; + } +} + +/*return the owner name of the closest encloser for name from the list of rrs */ +/* this is NOT the hash, but the original name! */ +ldns_rdf * +ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname, + ATTR_UNUSED(ldns_rr_type qtype), + ldns_rr_list *nsec3s) +{ + /* remember parameters, they must match */ + uint8_t algorithm; + uint32_t iterations; + uint8_t salt_length; + uint8_t *salt; + + ldns_rdf *sname, *hashed_sname, *tmp; + bool flag; + + bool exact_match_found; + bool in_range_found; + + ldns_status status; + ldns_rdf *zone_name; + + size_t nsec_i; + ldns_rr *nsec; + ldns_rdf *result = NULL; + + if (!qname || !nsec3s || ldns_rr_list_rr_count(nsec3s) < 1) { + return NULL; + } + + nsec = ldns_rr_list_rr(nsec3s, 0); + algorithm = ldns_nsec3_algorithm(nsec); + salt_length = ldns_nsec3_salt_length(nsec); + salt = ldns_nsec3_salt_data(nsec); + iterations = ldns_nsec3_iterations(nsec); + + sname = ldns_rdf_clone(qname); + + flag = false; + + zone_name = ldns_dname_left_chop(ldns_rr_owner(nsec)); + + /* algorithm from nsec3-07 8.3 */ + while (ldns_dname_label_count(sname) > 0) { + exact_match_found = false; + in_range_found = false; + + hashed_sname = ldns_nsec3_hash_name(sname, + algorithm, + iterations, + salt_length, + salt); + + status = ldns_dname_cat(hashed_sname, zone_name); + if(status != LDNS_STATUS_OK) { + LDNS_FREE(salt); + ldns_rdf_deep_free(zone_name); + ldns_rdf_deep_free(sname); + return NULL; + } + + for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsec3s); nsec_i++) { + nsec = ldns_rr_list_rr(nsec3s, nsec_i); + + /* check values of iterations etc! */ + + /* exact match? */ + if (ldns_dname_compare(ldns_rr_owner(nsec), hashed_sname) == 0) { + exact_match_found = true; + } else if (ldns_nsec_covers_name(nsec, hashed_sname)) { + in_range_found = true; + } + + } + if (!exact_match_found && in_range_found) { + flag = true; + } else if (exact_match_found && flag) { + result = ldns_rdf_clone(sname); + /* RFC 5155: 8.3. 2.** "The proof is complete" */ + ldns_rdf_deep_free(hashed_sname); + goto done; + } else if (exact_match_found && !flag) { + /* error! */ + ldns_rdf_deep_free(hashed_sname); + goto done; + } else { + flag = false; + } + + ldns_rdf_deep_free(hashed_sname); + tmp = sname; + sname = ldns_dname_left_chop(sname); + ldns_rdf_deep_free(tmp); + } + + done: + LDNS_FREE(salt); + ldns_rdf_deep_free(zone_name); + ldns_rdf_deep_free(sname); + + return result; +} + +bool +ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt) +{ + size_t i; + for (i = 0; i < ldns_pkt_ancount(pkt); i++) { + if (ldns_rr_get_type(ldns_rr_list_rr(ldns_pkt_answer(pkt), i)) == + LDNS_RR_TYPE_RRSIG) { + return true; + } + } + for (i = 0; i < ldns_pkt_nscount(pkt); i++) { + if (ldns_rr_get_type(ldns_rr_list_rr(ldns_pkt_authority(pkt), i)) == + LDNS_RR_TYPE_RRSIG) { + return true; + } + } + return false; +} + +ldns_rr_list * +ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, + ldns_rdf *name, + ldns_rr_type type) +{ + uint16_t t_netorder; + ldns_rr_list *sigs; + ldns_rr_list *sigs_covered; + ldns_rdf *rdf_t; + + sigs = ldns_pkt_rr_list_by_name_and_type(pkt, + name, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANY_NOQUESTION + ); + + t_netorder = htons(type); /* rdf are in network order! */ + rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, LDNS_RDF_SIZE_WORD, &t_netorder); + sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0); + + ldns_rdf_free(rdf_t); + ldns_rr_list_deep_free(sigs); + + return sigs_covered; + +} + +ldns_rr_list * +ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type) +{ + uint16_t t_netorder; + ldns_rr_list *sigs; + ldns_rr_list *sigs_covered; + ldns_rdf *rdf_t; + + sigs = ldns_pkt_rr_list_by_type(pkt, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANY_NOQUESTION + ); + + t_netorder = htons(type); /* rdf are in network order! */ + rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, + 2, + &t_netorder); + sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0); + + ldns_rdf_free(rdf_t); + ldns_rr_list_deep_free(sigs); + + return sigs_covered; + +} + +/* used only on the public key RR */ +uint16_t +ldns_calc_keytag(const ldns_rr *key) +{ + uint16_t ac16; + ldns_buffer *keybuf; + size_t keysize; + + if (!key) { + return 0; + } + + if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY && + ldns_rr_get_type(key) != LDNS_RR_TYPE_KEY + ) { + return 0; + } + + /* rdata to buf - only put the rdata in a buffer */ + keybuf = ldns_buffer_new(LDNS_MIN_BUFLEN); /* grows */ + if (!keybuf) { + return 0; + } + (void)ldns_rr_rdata2buffer_wire(keybuf, key); + /* the current pos in the buffer is the keysize */ + keysize= ldns_buffer_position(keybuf); + + ac16 = ldns_calc_keytag_raw(ldns_buffer_begin(keybuf), keysize); + ldns_buffer_free(keybuf); + return ac16; +} + +uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize) +{ + unsigned int i; + uint32_t ac32; + uint16_t ac16; + + if(keysize < 4) { + return 0; + } + /* look at the algorithm field, copied from 2535bis */ + if (key[3] == LDNS_RSAMD5) { + ac16 = 0; + if (keysize > 4) { + memmove(&ac16, key + keysize - 3, 2); + } + ac16 = ntohs(ac16); + return (uint16_t) ac16; + } else { + ac32 = 0; + for (i = 0; (size_t)i < keysize; ++i) { + ac32 += (i & 1) ? key[i] : key[i] << 8; + } + ac32 += (ac32 >> 16) & 0xFFFF; + return (uint16_t) (ac32 & 0xFFFF); + } +} + +#ifdef HAVE_SSL +DSA * +ldns_key_buf2dsa(ldns_buffer *key) +{ + return ldns_key_buf2dsa_raw((unsigned char*)ldns_buffer_begin(key), + ldns_buffer_position(key)); +} + +DSA * +ldns_key_buf2dsa_raw(unsigned char* key, size_t len) +{ + uint8_t T; + uint16_t length; + uint16_t offset; + DSA *dsa; + BIGNUM *Q; BIGNUM *P; + BIGNUM *G; BIGNUM *Y; + + if(len == 0) + return NULL; + T = (uint8_t)key[0]; + length = (64 + T * 8); + offset = 1; + + if (T > 8) { + return NULL; + } + if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length) + return NULL; + + Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL); + offset += SHA_DIGEST_LENGTH; + + P = BN_bin2bn(key+offset, (int)length, NULL); + offset += length; + + G = BN_bin2bn(key+offset, (int)length, NULL); + offset += length; + + Y = BN_bin2bn(key+offset, (int)length, NULL); + offset += length; + + /* create the key and set its properties */ + if(!Q || !P || !G || !Y || !(dsa = DSA_new())) { + BN_free(Q); + BN_free(P); + BN_free(G); + BN_free(Y); + return NULL; + } +#ifndef S_SPLINT_S + dsa->p = P; + dsa->q = Q; + dsa->g = G; + dsa->pub_key = Y; +#endif /* splint */ + + return dsa; +} + +RSA * +ldns_key_buf2rsa(ldns_buffer *key) +{ + return ldns_key_buf2rsa_raw((unsigned char*)ldns_buffer_begin(key), + ldns_buffer_position(key)); +} + +RSA * +ldns_key_buf2rsa_raw(unsigned char* key, size_t len) +{ + uint16_t offset; + uint16_t exp; + uint16_t int16; + RSA *rsa; + BIGNUM *modulus; + BIGNUM *exponent; + + if (len == 0) + return NULL; + if (key[0] == 0) { + if(len < 3) + return NULL; + /* need some smart comment here XXX*/ + /* the exponent is too large so it's places + * futher...???? */ + memmove(&int16, key+1, 2); + exp = ntohs(int16); + offset = 3; + } else { + exp = key[0]; + offset = 1; + } + + /* key length at least one */ + if(len < (size_t)offset + exp + 1) + return NULL; + + /* Exponent */ + exponent = BN_new(); + if(!exponent) return NULL; + (void) BN_bin2bn(key+offset, (int)exp, exponent); + offset += exp; + + /* Modulus */ + modulus = BN_new(); + if(!modulus) { + BN_free(exponent); + return NULL; + } + /* length of the buffer must match the key length! */ + (void) BN_bin2bn(key+offset, (int)(len - offset), modulus); + + rsa = RSA_new(); + if(!rsa) { + BN_free(exponent); + BN_free(modulus); + return NULL; + } +#ifndef S_SPLINT_S + rsa->n = modulus; + rsa->e = exponent; +#endif /* splint */ + + return rsa; +} + +int +ldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest, + const EVP_MD* md) +{ + EVP_MD_CTX* ctx; + ctx = EVP_MD_CTX_create(); + if(!ctx) + return false; + if(!EVP_DigestInit_ex(ctx, md, NULL) || + !EVP_DigestUpdate(ctx, data, len) || + !EVP_DigestFinal_ex(ctx, dest, NULL)) { + EVP_MD_CTX_destroy(ctx); + return false; + } + EVP_MD_CTX_destroy(ctx); + return true; +} +#endif /* HAVE_SSL */ + +ldns_rr * +ldns_key_rr2ds(const ldns_rr *key, ldns_hash h) +{ + ldns_rdf *tmp; + ldns_rr *ds; + uint16_t keytag; + uint8_t sha1hash; + uint8_t *digest; + ldns_buffer *data_buf; +#ifdef USE_GOST + const EVP_MD* md = NULL; +#endif + + if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY) { + return NULL; + } + + ds = ldns_rr_new(); + if (!ds) { + return NULL; + } + ldns_rr_set_type(ds, LDNS_RR_TYPE_DS); + ldns_rr_set_owner(ds, ldns_rdf_clone( + ldns_rr_owner(key))); + ldns_rr_set_ttl(ds, ldns_rr_ttl(key)); + ldns_rr_set_class(ds, ldns_rr_get_class(key)); + + switch(h) { + default: + case LDNS_SHA1: + digest = LDNS_XMALLOC(uint8_t, LDNS_SHA1_DIGEST_LENGTH); + if (!digest) { + ldns_rr_free(ds); + return NULL; + } + break; + case LDNS_SHA256: + digest = LDNS_XMALLOC(uint8_t, LDNS_SHA256_DIGEST_LENGTH); + if (!digest) { + ldns_rr_free(ds); + return NULL; + } + break; + case LDNS_HASH_GOST: +#ifdef USE_GOST + (void)ldns_key_EVP_load_gost_id(); + md = EVP_get_digestbyname("md_gost94"); + if(!md) { + ldns_rr_free(ds); + return NULL; + } + digest = LDNS_XMALLOC(uint8_t, EVP_MD_size(md)); + if (!digest) { + ldns_rr_free(ds); + return NULL; + } + break; +#else + /* not implemented */ + ldns_rr_free(ds); + return NULL; +#endif + case LDNS_SHA384: +#ifdef USE_ECDSA + digest = LDNS_XMALLOC(uint8_t, SHA384_DIGEST_LENGTH); + if (!digest) { + ldns_rr_free(ds); + return NULL; + } + break; +#else + /* not implemented */ + ldns_rr_free(ds); + return NULL; +#endif + } + + data_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!data_buf) { + LDNS_FREE(digest); + ldns_rr_free(ds); + return NULL; + } + + /* keytag */ + keytag = htons(ldns_calc_keytag((ldns_rr*)key)); + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16, + sizeof(uint16_t), + &keytag); + ldns_rr_push_rdf(ds, tmp); + + /* copy the algorithm field */ + if ((tmp = ldns_rr_rdf(key, 2)) == NULL) { + LDNS_FREE(digest); + ldns_buffer_free(data_buf); + ldns_rr_free(ds); + return NULL; + } else { + ldns_rr_push_rdf(ds, ldns_rdf_clone( tmp )); + } + + /* digest hash type */ + sha1hash = (uint8_t)h; + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, + sizeof(uint8_t), + &sha1hash); + ldns_rr_push_rdf(ds, tmp); + + /* digest */ + /* owner name */ + tmp = ldns_rdf_clone(ldns_rr_owner(key)); + ldns_dname2canonical(tmp); + if (ldns_rdf2buffer_wire(data_buf, tmp) != LDNS_STATUS_OK) { + LDNS_FREE(digest); + ldns_buffer_free(data_buf); + ldns_rr_free(ds); + ldns_rdf_deep_free(tmp); + return NULL; + } + ldns_rdf_deep_free(tmp); + + /* all the rdata's */ + if (ldns_rr_rdata2buffer_wire(data_buf, + (ldns_rr*)key) != LDNS_STATUS_OK) { + LDNS_FREE(digest); + ldns_buffer_free(data_buf); + ldns_rr_free(ds); + return NULL; + } + switch(h) { + case LDNS_SHA1: + (void) ldns_sha1((unsigned char *) ldns_buffer_begin(data_buf), + (unsigned int) ldns_buffer_position(data_buf), + (unsigned char *) digest); + + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, + LDNS_SHA1_DIGEST_LENGTH, + digest); + ldns_rr_push_rdf(ds, tmp); + + break; + case LDNS_SHA256: + (void) ldns_sha256((unsigned char *) ldns_buffer_begin(data_buf), + (unsigned int) ldns_buffer_position(data_buf), + (unsigned char *) digest); + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, + LDNS_SHA256_DIGEST_LENGTH, + digest); + ldns_rr_push_rdf(ds, tmp); + break; + case LDNS_HASH_GOST: +#ifdef USE_GOST + if(!ldns_digest_evp((unsigned char *) ldns_buffer_begin(data_buf), + (unsigned int) ldns_buffer_position(data_buf), + (unsigned char *) digest, md)) { + LDNS_FREE(digest); + ldns_buffer_free(data_buf); + ldns_rr_free(ds); + return NULL; + } + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, + (size_t)EVP_MD_size(md), + digest); + ldns_rr_push_rdf(ds, tmp); +#endif + break; + case LDNS_SHA384: +#ifdef USE_ECDSA + (void) SHA384((unsigned char *) ldns_buffer_begin(data_buf), + (unsigned int) ldns_buffer_position(data_buf), + (unsigned char *) digest); + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, + SHA384_DIGEST_LENGTH, + digest); + ldns_rr_push_rdf(ds, tmp); +#endif + break; + } + + LDNS_FREE(digest); + ldns_buffer_free(data_buf); + return ds; +} + +/* From RFC3845: + * + * 2.1.2. The List of Type Bit Map(s) Field + * + * The RR type space is split into 256 window blocks, each representing + * the low-order 8 bits of the 16-bit RR type space. Each block that + * has at least one active RR type is encoded using a single octet + * window number (from 0 to 255), a single octet bitmap length (from 1 + * to 32) indicating the number of octets used for the window block's + * bitmap, and up to 32 octets (256 bits) of bitmap. + * + * Window blocks are present in the NSEC RR RDATA in increasing + * numerical order. + * + * "|" denotes concatenation + * + * Type Bit Map(s) Field = ( Window Block # | Bitmap Length | Bitmap ) + + * + * + * + * Blocks with no types present MUST NOT be included. Trailing zero + * octets in the bitmap MUST be omitted. The length of each block's + * bitmap is determined by the type code with the largest numerical + * value within that block, among the set of RR types present at the + * NSEC RR's owner name. Trailing zero octets not specified MUST be + * interpreted as zero octets. + */ +ldns_rdf * +ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[], + size_t size, + ldns_rr_type nsec_type) +{ + uint8_t window; /* most significant octet of type */ + uint8_t subtype; /* least significant octet of type */ + uint16_t windows[256] /* Max subtype per window */ +#ifndef S_SPLINT_S + = { 0 } /* Initialize ALL elements with 0 */ +#endif + ; + ldns_rr_type* d; /* used to traverse rr_type_list*/ + size_t i; /* used to traverse windows array */ + + size_t sz; /* size needed for type bitmap rdf */ + uint8_t* data = NULL; /* rdf data */ + uint8_t* dptr; /* used to itraverse rdf data */ + ldns_rdf* rdf; /* bitmap rdf to return */ + + if (nsec_type != LDNS_RR_TYPE_NSEC && + nsec_type != LDNS_RR_TYPE_NSEC3) { + return NULL; + } + + /* Which other windows need to be in the bitmap rdf? + */ + for (d = rr_type_list; d < rr_type_list + size; d++) { + window = *d >> 8; + subtype = *d & 0xff; + if (windows[window] < subtype) { + windows[window] = subtype; + } + } + + /* How much space do we need in the rdf for those windows? + */ + sz = 0; + for (i = 0; i < 256; i++) { + if (windows[i]) { + sz += windows[i] / 8 + 3; + } + } + if (sz > 0) { + /* Format rdf data according RFC3845 Section 2.1.2 (see above) + */ + dptr = data = LDNS_CALLOC(uint8_t, sz); + if (!data) { + return NULL; + } + for (i = 0; i < 256; i++) { + if (windows[i]) { + *dptr++ = (uint8_t)i; + *dptr++ = (uint8_t)(windows[i] / 8 + 1); + + /* Now let windows[i] index the bitmap + * within data + */ + windows[i] = (uint16_t)(dptr - data); + + dptr += dptr[-1]; + } + } + } + + /* Set the bits? + */ + for (d = rr_type_list; d < rr_type_list + size; d++) { + subtype = *d & 0xff; + data[windows[*d >> 8] + subtype/8] |= (0x80 >> (subtype % 8)); + } + + /* Allocate and return rdf structure for the data + */ + rdf = ldns_rdf_new(LDNS_RDF_TYPE_BITMAP, sz, data); + if (!rdf) { + LDNS_FREE(data); + return NULL; + } + return rdf; +} + +int +ldns_dnssec_rrsets_contains_type(ldns_dnssec_rrsets *rrsets, + ldns_rr_type type) +{ + ldns_dnssec_rrsets *cur_rrset = rrsets; + while (cur_rrset) { + if (cur_rrset->type == type) { + return 1; + } + cur_rrset = cur_rrset->next; + } + return 0; +} + +ldns_rr * +ldns_dnssec_create_nsec(ldns_dnssec_name *from, + ldns_dnssec_name *to, + ldns_rr_type nsec_type) +{ + ldns_rr *nsec_rr; + ldns_rr_type types[65536]; + size_t type_count = 0; + ldns_dnssec_rrsets *cur_rrsets; + int on_delegation_point; + + if (!from || !to || (nsec_type != LDNS_RR_TYPE_NSEC)) { + return NULL; + } + + nsec_rr = ldns_rr_new(); + ldns_rr_set_type(nsec_rr, nsec_type); + ldns_rr_set_owner(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(from))); + ldns_rr_push_rdf(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(to))); + + on_delegation_point = ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_SOA); + + cur_rrsets = from->rrsets; + while (cur_rrsets) { + /* Do not include non-authoritative rrsets on the delegation point + * in the type bitmap */ + if ((on_delegation_point && ( + cur_rrsets->type == LDNS_RR_TYPE_NS + || cur_rrsets->type == LDNS_RR_TYPE_DS)) + || (!on_delegation_point && + cur_rrsets->type != LDNS_RR_TYPE_RRSIG + && cur_rrsets->type != LDNS_RR_TYPE_NSEC)) { + + types[type_count] = cur_rrsets->type; + type_count++; + } + cur_rrsets = cur_rrsets->next; + + } + types[type_count] = LDNS_RR_TYPE_RRSIG; + type_count++; + types[type_count] = LDNS_RR_TYPE_NSEC; + type_count++; + + ldns_rr_push_rdf(nsec_rr, ldns_dnssec_create_nsec_bitmap(types, + type_count, + nsec_type)); + + return nsec_rr; +} + +ldns_rr * +ldns_dnssec_create_nsec3(ldns_dnssec_name *from, + ldns_dnssec_name *to, + ldns_rdf *zone_name, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt) +{ + ldns_rr *nsec_rr; + ldns_rr_type types[65536]; + size_t type_count = 0; + ldns_dnssec_rrsets *cur_rrsets; + ldns_status status; + int on_delegation_point; + + if (!from) { + return NULL; + } + + nsec_rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3); + ldns_rr_set_owner(nsec_rr, + ldns_nsec3_hash_name(ldns_dnssec_name_name(from), + algorithm, + iterations, + salt_length, + salt)); + status = ldns_dname_cat(ldns_rr_owner(nsec_rr), zone_name); + if(status != LDNS_STATUS_OK) { + ldns_rr_free(nsec_rr); + return NULL; + } + ldns_nsec3_add_param_rdfs(nsec_rr, + algorithm, + flags, + iterations, + salt_length, + salt); + + on_delegation_point = ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_SOA); + cur_rrsets = from->rrsets; + while (cur_rrsets) { + /* Do not include non-authoritative rrsets on the delegation point + * in the type bitmap. Potentionally not skipping insecure + * delegation should have been done earlier, in function + * ldns_dnssec_zone_create_nsec3s, or even earlier in: + * ldns_dnssec_zone_sign_nsec3_flg . + */ + if ((on_delegation_point && ( + cur_rrsets->type == LDNS_RR_TYPE_NS + || cur_rrsets->type == LDNS_RR_TYPE_DS)) + || (!on_delegation_point && + cur_rrsets->type != LDNS_RR_TYPE_RRSIG)) { + + types[type_count] = cur_rrsets->type; + type_count++; + } + cur_rrsets = cur_rrsets->next; + } + /* always add rrsig type if this is not an unsigned + * delegation + */ + if (type_count > 0 && + !(type_count == 1 && types[0] == LDNS_RR_TYPE_NS)) { + types[type_count] = LDNS_RR_TYPE_RRSIG; + type_count++; + } + + /* leave next rdata empty if they weren't precomputed yet */ + if (to && to->hashed_name) { + (void) ldns_rr_set_rdf(nsec_rr, + ldns_rdf_clone(to->hashed_name), + 4); + } else { + (void) ldns_rr_set_rdf(nsec_rr, NULL, 4); + } + + ldns_rr_push_rdf(nsec_rr, + ldns_dnssec_create_nsec_bitmap(types, + type_count, + LDNS_RR_TYPE_NSEC3)); + + return nsec_rr; +} + +ldns_rr * +ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs) +{ + /* we do not do any check here - garbage in, garbage out */ + + /* the the start and end names - get the type from the + * before rrlist */ + + /* inefficient, just give it a name, a next name, and a list of rrs */ + /* we make 1 big uberbitmap first, then windows */ + /* todo: make something more efficient :) */ + uint16_t i; + ldns_rr *i_rr; + uint16_t i_type; + + ldns_rr *nsec = NULL; + ldns_rr_type i_type_list[65536]; + size_t type_count = 0; + + nsec = ldns_rr_new(); + ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC); + ldns_rr_set_owner(nsec, ldns_rdf_clone(cur_owner)); + ldns_rr_push_rdf(nsec, ldns_rdf_clone(next_owner)); + + for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + i_rr = ldns_rr_list_rr(rrs, i); + if (ldns_rdf_compare(cur_owner, + ldns_rr_owner(i_rr)) == 0) { + i_type = ldns_rr_get_type(i_rr); + if (i_type != LDNS_RR_TYPE_RRSIG && i_type != LDNS_RR_TYPE_NSEC) { + if (type_count == 0 || i_type_list[type_count-1] != i_type) { + i_type_list[type_count] = i_type; + type_count++; + } + } + } + } + + i_type_list[type_count] = LDNS_RR_TYPE_RRSIG; + type_count++; + i_type_list[type_count] = LDNS_RR_TYPE_NSEC; + type_count++; + + ldns_rr_push_rdf(nsec, + ldns_dnssec_create_nsec_bitmap(i_type_list, + type_count, LDNS_RR_TYPE_NSEC)); + + return nsec; +} + +ldns_rdf * +ldns_nsec3_hash_name(ldns_rdf *name, + uint8_t algorithm, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt) +{ + size_t hashed_owner_str_len; + ldns_rdf *cann; + ldns_rdf *hashed_owner; + unsigned char *hashed_owner_str; + char *hashed_owner_b32; + size_t hashed_owner_b32_len; + uint32_t cur_it; + /* define to contain the largest possible hash, which is + * sha1 at the moment */ + unsigned char hash[LDNS_SHA1_DIGEST_LENGTH]; + ldns_status status; + + /* TODO: mnemonic list for hash algs SHA-1, default to 1 now (sha1) */ + if (algorithm != LDNS_SHA1) { + return NULL; + } + + /* prepare the owner name according to the draft section bla */ + cann = ldns_rdf_clone(name); + if(!cann) { +#ifdef STDERR_MSGS + fprintf(stderr, "Memory error\n"); +#endif + return NULL; + } + ldns_dname2canonical(cann); + + hashed_owner_str_len = salt_length + ldns_rdf_size(cann); + hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len); + if(!hashed_owner_str) { + ldns_rdf_deep_free(cann); + return NULL; + } + memcpy(hashed_owner_str, ldns_rdf_data(cann), ldns_rdf_size(cann)); + memcpy(hashed_owner_str + ldns_rdf_size(cann), salt, salt_length); + ldns_rdf_deep_free(cann); + + for (cur_it = iterations + 1; cur_it > 0; cur_it--) { + (void) ldns_sha1((unsigned char *) hashed_owner_str, + (unsigned int) hashed_owner_str_len, hash); + + LDNS_FREE(hashed_owner_str); + hashed_owner_str_len = salt_length + LDNS_SHA1_DIGEST_LENGTH; + hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len); + if (!hashed_owner_str) { + return NULL; + } + memcpy(hashed_owner_str, hash, LDNS_SHA1_DIGEST_LENGTH); + memcpy(hashed_owner_str + LDNS_SHA1_DIGEST_LENGTH, salt, salt_length); + hashed_owner_str_len = LDNS_SHA1_DIGEST_LENGTH + salt_length; + } + + LDNS_FREE(hashed_owner_str); + hashed_owner_str = hash; + hashed_owner_str_len = LDNS_SHA1_DIGEST_LENGTH; + + hashed_owner_b32 = LDNS_XMALLOC(char, + ldns_b32_ntop_calculate_size(hashed_owner_str_len) + 1); + if(!hashed_owner_b32) { + return NULL; + } + hashed_owner_b32_len = (size_t) ldns_b32_ntop_extended_hex( + (uint8_t *) hashed_owner_str, + hashed_owner_str_len, + hashed_owner_b32, + ldns_b32_ntop_calculate_size(hashed_owner_str_len)+1); + if (hashed_owner_b32_len < 1) { +#ifdef STDERR_MSGS + fprintf(stderr, "Error in base32 extended hex encoding "); + fprintf(stderr, "of hashed owner name (name: "); + ldns_rdf_print(stderr, name); + fprintf(stderr, ", return code: %u)\n", + (unsigned int) hashed_owner_b32_len); +#endif + LDNS_FREE(hashed_owner_b32); + return NULL; + } + hashed_owner_b32[hashed_owner_b32_len] = '\0'; + + status = ldns_str2rdf_dname(&hashed_owner, hashed_owner_b32); + if (status != LDNS_STATUS_OK) { +#ifdef STDERR_MSGS + fprintf(stderr, "Error creating rdf from %s\n", hashed_owner_b32); +#endif + LDNS_FREE(hashed_owner_b32); + return NULL; + } + + LDNS_FREE(hashed_owner_b32); + return hashed_owner; +} + +void +ldns_nsec3_add_param_rdfs(ldns_rr *rr, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt) +{ + ldns_rdf *salt_rdf = NULL; + uint8_t *salt_data = NULL; + ldns_rdf *old; + + old = ldns_rr_set_rdf(rr, + ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, + 1, (void*)&algorithm), + 0); + if (old) ldns_rdf_deep_free(old); + + old = ldns_rr_set_rdf(rr, + ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, + 1, (void*)&flags), + 1); + if (old) ldns_rdf_deep_free(old); + + old = ldns_rr_set_rdf(rr, + ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, + iterations), + 2); + if (old) ldns_rdf_deep_free(old); + + salt_data = LDNS_XMALLOC(uint8_t, salt_length + 1); + if(!salt_data) { + /* no way to return error */ + return; + } + salt_data[0] = salt_length; + memcpy(salt_data + 1, salt, salt_length); + salt_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT, + salt_length + 1, + salt_data); + if(!salt_rdf) { + LDNS_FREE(salt_data); + /* no way to return error */ + return; + } + + old = ldns_rr_set_rdf(rr, salt_rdf, 3); + if (old) ldns_rdf_deep_free(old); + LDNS_FREE(salt_data); +} + +static int +rr_list_delegation_only(ldns_rdf *origin, ldns_rr_list *rr_list) +{ + size_t i; + ldns_rr *cur_rr; + if (!origin || !rr_list) return 0; + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + cur_rr = ldns_rr_list_rr(rr_list, i); + if (ldns_dname_compare(ldns_rr_owner(cur_rr), origin) == 0) { + return 0; + } + if (ldns_rr_get_type(cur_rr) != LDNS_RR_TYPE_NS) { + return 0; + } + } + return 1; +} + +/* this will NOT return the NSEC3 completed, you will have to run the + finalize function on the rrlist later! */ +ldns_rr * +ldns_create_nsec3(ldns_rdf *cur_owner, + ldns_rdf *cur_zone, + ldns_rr_list *rrs, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt, + bool emptynonterminal) +{ + size_t i; + ldns_rr *i_rr; + uint16_t i_type; + + ldns_rr *nsec = NULL; + ldns_rdf *hashed_owner = NULL; + + ldns_status status; + + ldns_rr_type i_type_list[1024]; + size_t type_count = 0; + + hashed_owner = ldns_nsec3_hash_name(cur_owner, + algorithm, + iterations, + salt_length, + salt); + status = ldns_dname_cat(hashed_owner, cur_zone); + if(status != LDNS_STATUS_OK) { + ldns_rdf_deep_free(hashed_owner); + return NULL; + } + nsec = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3); + if(!nsec) { + ldns_rdf_deep_free(hashed_owner); + return NULL; + } + ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC3); + ldns_rr_set_owner(nsec, hashed_owner); + + ldns_nsec3_add_param_rdfs(nsec, + algorithm, + flags, + iterations, + salt_length, + salt); + (void) ldns_rr_set_rdf(nsec, NULL, 4); + + + for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + i_rr = ldns_rr_list_rr(rrs, i); + if (ldns_rdf_compare(cur_owner, + ldns_rr_owner(i_rr)) == 0) { + i_type = ldns_rr_get_type(i_rr); + if (type_count == 0 || i_type_list[type_count-1] != i_type) { + i_type_list[type_count] = i_type; + type_count++; + } + } + } + + /* add RRSIG anyway, but only if this is not an ENT or + * an unsigned delegation */ + if (!emptynonterminal && !rr_list_delegation_only(cur_zone, rrs)) { + i_type_list[type_count] = LDNS_RR_TYPE_RRSIG; + type_count++; + } + + /* and SOA if owner == zone */ + if (ldns_dname_compare(cur_zone, cur_owner) == 0) { + i_type_list[type_count] = LDNS_RR_TYPE_SOA; + type_count++; + } + + ldns_rr_push_rdf(nsec, + ldns_dnssec_create_nsec_bitmap(i_type_list, + type_count, LDNS_RR_TYPE_NSEC3)); + + return nsec; +} + +uint8_t +ldns_nsec3_algorithm(const ldns_rr *nsec3_rr) +{ + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + && (ldns_rr_rdf(nsec3_rr, 0) != NULL) + && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 0)) > 0) { + return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 0)); + } + return 0; +} + +uint8_t +ldns_nsec3_flags(const ldns_rr *nsec3_rr) +{ + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + && (ldns_rr_rdf(nsec3_rr, 1) != NULL) + && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 1)) > 0) { + return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 1)); + } + return 0; +} + +bool +ldns_nsec3_optout(const ldns_rr *nsec3_rr) +{ + return (ldns_nsec3_flags(nsec3_rr) & LDNS_NSEC3_VARS_OPTOUT_MASK); +} + +uint16_t +ldns_nsec3_iterations(const ldns_rr *nsec3_rr) +{ + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + && (ldns_rr_rdf(nsec3_rr, 2) != NULL) + && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 2)) > 0) { + return ldns_rdf2native_int16(ldns_rr_rdf(nsec3_rr, 2)); + } + return 0; + +} + +ldns_rdf * +ldns_nsec3_salt(const ldns_rr *nsec3_rr) +{ + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + ) { + return ldns_rr_rdf(nsec3_rr, 3); + } + return NULL; +} + +uint8_t +ldns_nsec3_salt_length(const ldns_rr *nsec3_rr) +{ + ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr); + if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) { + return (uint8_t) ldns_rdf_data(salt_rdf)[0]; + } + return 0; +} + +/* allocs data, free with LDNS_FREE() */ +uint8_t * +ldns_nsec3_salt_data(const ldns_rr *nsec3_rr) +{ + uint8_t salt_length; + uint8_t *salt; + + ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr); + if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) { + salt_length = ldns_rdf_data(salt_rdf)[0]; + salt = LDNS_XMALLOC(uint8_t, salt_length); + if(!salt) return NULL; + memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length); + return salt; + } + return NULL; +} + +ldns_rdf * +ldns_nsec3_next_owner(const ldns_rr *nsec3_rr) +{ + if (!nsec3_rr || ldns_rr_get_type(nsec3_rr) != LDNS_RR_TYPE_NSEC3) { + return NULL; + } else { + return ldns_rr_rdf(nsec3_rr, 4); + } +} + +ldns_rdf * +ldns_nsec3_bitmap(const ldns_rr *nsec3_rr) +{ + if (!nsec3_rr || ldns_rr_get_type(nsec3_rr) != LDNS_RR_TYPE_NSEC3) { + return NULL; + } else { + return ldns_rr_rdf(nsec3_rr, 5); + } +} + +ldns_rdf * +ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name) +{ + uint8_t algorithm; + uint16_t iterations; + uint8_t salt_length; + uint8_t *salt = 0; + + ldns_rdf *hashed_owner; + + algorithm = ldns_nsec3_algorithm(nsec); + salt_length = ldns_nsec3_salt_length(nsec); + salt = ldns_nsec3_salt_data(nsec); + iterations = ldns_nsec3_iterations(nsec); + + hashed_owner = ldns_nsec3_hash_name(name, + algorithm, + iterations, + salt_length, + salt); + + LDNS_FREE(salt); + return hashed_owner; +} + +bool +ldns_nsec_bitmap_covers_type(const ldns_rdf* bitmap, ldns_rr_type type) +{ + uint8_t* dptr; + uint8_t* dend; + + /* From RFC3845 Section 2.1.2: + * + * "The RR type space is split into 256 window blocks, each re- + * presenting the low-order 8 bits of the 16-bit RR type space." + */ + uint8_t window = type >> 8; + uint8_t subtype = type & 0xff; + + if (! bitmap) { + return false; + } + assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP); + + dptr = ldns_rdf_data(bitmap); + dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap); + + /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) + + * dptr[0] dptr[1] dptr[2:] + */ + while (dptr < dend && dptr[0] <= window) { + + if (dptr[0] == window && subtype / 8 < dptr[1] && + dptr + dptr[1] + 2 <= dend) { + + return dptr[2 + subtype / 8] & (0x80 >> (subtype % 8)); + } + dptr += dptr[1] + 2; /* next window */ + } + return false; +} + +ldns_status +ldns_nsec_bitmap_set_type(ldns_rdf* bitmap, ldns_rr_type type) +{ + uint8_t* dptr; + uint8_t* dend; + + /* From RFC3845 Section 2.1.2: + * + * "The RR type space is split into 256 window blocks, each re- + * presenting the low-order 8 bits of the 16-bit RR type space." + */ + uint8_t window = type >> 8; + uint8_t subtype = type & 0xff; + + if (! bitmap) { + return false; + } + assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP); + + dptr = ldns_rdf_data(bitmap); + dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap); + + /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) + + * dptr[0] dptr[1] dptr[2:] + */ + while (dptr < dend && dptr[0] <= window) { + + if (dptr[0] == window && subtype / 8 < dptr[1] && + dptr + dptr[1] + 2 <= dend) { + + dptr[2 + subtype / 8] |= (0x80 >> (subtype % 8)); + return LDNS_STATUS_OK; + } + dptr += dptr[1] + 2; /* next window */ + } + return LDNS_STATUS_TYPE_NOT_IN_BITMAP; +} + +ldns_status +ldns_nsec_bitmap_clear_type(ldns_rdf* bitmap, ldns_rr_type type) +{ + uint8_t* dptr; + uint8_t* dend; + + /* From RFC3845 Section 2.1.2: + * + * "The RR type space is split into 256 window blocks, each re- + * presenting the low-order 8 bits of the 16-bit RR type space." + */ + uint8_t window = type >> 8; + uint8_t subtype = type & 0xff; + + if (! bitmap) { + return false; + } + + assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP); + + dptr = ldns_rdf_data(bitmap); + dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap); + + /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) + + * dptr[0] dptr[1] dptr[2:] + */ + while (dptr < dend && dptr[0] <= window) { + + if (dptr[0] == window && subtype / 8 < dptr[1] && + dptr + dptr[1] + 2 <= dend) { + + dptr[2 + subtype / 8] &= ~(0x80 >> (subtype % 8)); + return LDNS_STATUS_OK; + } + dptr += dptr[1] + 2; /* next window */ + } + return LDNS_STATUS_TYPE_NOT_IN_BITMAP; +} + + +bool +ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name) +{ + ldns_rdf *nsec_owner = ldns_rr_owner(nsec); + ldns_rdf *hash_next; + char *next_hash_str; + ldns_rdf *nsec_next = NULL; + ldns_status status; + ldns_rdf *chopped_dname; + bool result; + + if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC) { + if (ldns_rr_rdf(nsec, 0) != NULL) { + nsec_next = ldns_rdf_clone(ldns_rr_rdf(nsec, 0)); + } else { + return false; + } + } else if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC3) { + hash_next = ldns_nsec3_next_owner(nsec); + next_hash_str = ldns_rdf2str(hash_next); + nsec_next = ldns_dname_new_frm_str(next_hash_str); + LDNS_FREE(next_hash_str); + chopped_dname = ldns_dname_left_chop(nsec_owner); + status = ldns_dname_cat(nsec_next, chopped_dname); + ldns_rdf_deep_free(chopped_dname); + if (status != LDNS_STATUS_OK) { + printf("error catting: %s\n", ldns_get_errorstr_by_id(status)); + } + } else { + ldns_rdf_deep_free(nsec_next); + return false; + } + + /* in the case of the last nsec */ + if(ldns_dname_compare(nsec_owner, nsec_next) > 0) { + result = (ldns_dname_compare(nsec_owner, name) <= 0 || + ldns_dname_compare(name, nsec_next) < 0); + } else if(ldns_dname_compare(nsec_owner, nsec_next) < 0) { + result = (ldns_dname_compare(nsec_owner, name) <= 0 && + ldns_dname_compare(name, nsec_next) < 0); + } else { + result = true; + } + + ldns_rdf_deep_free(nsec_next); + return result; +} + +#ifdef HAVE_SSL +/* sig may be null - if so look in the packet */ + +ldns_status +ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, + ldns_rr_list *k, ldns_rr_list *s, + time_t check_time, ldns_rr_list *good_keys) +{ + ldns_rr_list *rrset; + ldns_rr_list *sigs; + ldns_rr_list *sigs_covered; + ldns_rdf *rdf_t; + ldns_rr_type t_netorder; + + if (!k) { + return LDNS_STATUS_ERR; + /* return LDNS_STATUS_CRYPTO_NO_DNSKEY; */ + } + + if (t == LDNS_RR_TYPE_RRSIG) { + /* we don't have RRSIG(RRSIG) (yet? ;-) ) */ + return LDNS_STATUS_ERR; + } + + if (s) { + /* if s is not NULL, the sigs are given to use */ + sigs = s; + } else { + /* otherwise get them from the packet */ + sigs = ldns_pkt_rr_list_by_name_and_type(p, o, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANY_NOQUESTION); + if (!sigs) { + /* no sigs */ + return LDNS_STATUS_ERR; + /* return LDNS_STATUS_CRYPTO_NO_RRSIG; */ + } + } + + /* rrsig are subtyped, so now we need to find the correct + * sigs for the type t + */ + t_netorder = htons(t); /* rdf are in network order! */ + /* a type identifier is a 16-bit number, so the size is 2 bytes */ + rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, 2, &t_netorder); + + sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0); + ldns_rdf_free(rdf_t); + if (! sigs_covered) { + if (! s) { + ldns_rr_list_deep_free(sigs); + } + return LDNS_STATUS_ERR; + } + ldns_rr_list_deep_free(sigs_covered); + + rrset = ldns_pkt_rr_list_by_name_and_type(p, o, t, + LDNS_SECTION_ANY_NOQUESTION); + if (!rrset) { + if (! s) { + ldns_rr_list_deep_free(sigs); + } + return LDNS_STATUS_ERR; + } + return ldns_verify_time(rrset, sigs, k, check_time, good_keys); +} + +ldns_status +ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, + ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys) +{ + return ldns_pkt_verify_time(p, t, o, k, s, ldns_time(NULL), good_keys); +} +#endif /* HAVE_SSL */ + +ldns_status +ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs) +{ + size_t i; + char *next_nsec_owner_str; + ldns_rdf *next_nsec_owner_label; + ldns_rdf *next_nsec_rdf; + ldns_status status = LDNS_STATUS_OK; + + for (i = 0; i < ldns_rr_list_rr_count(nsec3_rrs); i++) { + if (i == ldns_rr_list_rr_count(nsec3_rrs) - 1) { + next_nsec_owner_label = + ldns_dname_label(ldns_rr_owner(ldns_rr_list_rr(nsec3_rrs, + 0)), 0); + next_nsec_owner_str = ldns_rdf2str(next_nsec_owner_label); + if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] + == '.') { + next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] + = '\0'; + } + status = ldns_str2rdf_b32_ext(&next_nsec_rdf, + next_nsec_owner_str); + if (!ldns_rr_set_rdf(ldns_rr_list_rr(nsec3_rrs, i), + next_nsec_rdf, 4)) { + /* todo: error */ + } + + ldns_rdf_deep_free(next_nsec_owner_label); + LDNS_FREE(next_nsec_owner_str); + } else { + next_nsec_owner_label = + ldns_dname_label(ldns_rr_owner(ldns_rr_list_rr(nsec3_rrs, + i + 1)), + 0); + next_nsec_owner_str = ldns_rdf2str(next_nsec_owner_label); + if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] + == '.') { + next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] + = '\0'; + } + status = ldns_str2rdf_b32_ext(&next_nsec_rdf, + next_nsec_owner_str); + ldns_rdf_deep_free(next_nsec_owner_label); + LDNS_FREE(next_nsec_owner_str); + if (!ldns_rr_set_rdf(ldns_rr_list_rr(nsec3_rrs, i), + next_nsec_rdf, 4)) { + /* todo: error */ + } + } + } + return status; +} + +int +qsort_rr_compare_nsec3(const void *a, const void *b) +{ + const ldns_rr *rr1 = * (const ldns_rr **) a; + const ldns_rr *rr2 = * (const ldns_rr **) b; + if (rr1 == NULL && rr2 == NULL) { + return 0; + } + if (rr1 == NULL) { + return -1; + } + if (rr2 == NULL) { + return 1; + } + return ldns_rdf_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)); +} + +void +ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted) +{ + qsort(unsorted->_rrs, + ldns_rr_list_rr_count(unsorted), + sizeof(ldns_rr *), + qsort_rr_compare_nsec3); +} + +int +ldns_dnssec_default_add_to_signatures( ATTR_UNUSED(ldns_rr *sig) + , ATTR_UNUSED(void *n) + ) +{ + return LDNS_SIGNATURE_LEAVE_ADD_NEW; +} + +int +ldns_dnssec_default_leave_signatures( ATTR_UNUSED(ldns_rr *sig) + , ATTR_UNUSED(void *n) + ) +{ + return LDNS_SIGNATURE_LEAVE_NO_ADD; +} + +int +ldns_dnssec_default_delete_signatures( ATTR_UNUSED(ldns_rr *sig) + , ATTR_UNUSED(void *n) + ) +{ + return LDNS_SIGNATURE_REMOVE_NO_ADD; +} + +int +ldns_dnssec_default_replace_signatures( ATTR_UNUSED(ldns_rr *sig) + , ATTR_UNUSED(void *n) + ) +{ + return LDNS_SIGNATURE_REMOVE_ADD_NEW; +} + +#ifdef HAVE_SSL +ldns_rdf * +ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig, + const long sig_len) +{ + ldns_rdf *sigdata_rdf; + DSA_SIG *dsasig; + unsigned char *dsasig_data = (unsigned char*)ldns_buffer_begin(sig); + size_t byte_offset; + + dsasig = d2i_DSA_SIG(NULL, + (const unsigned char **)&dsasig_data, + sig_len); + if (!dsasig) { + DSA_SIG_free(dsasig); + return NULL; + } + + dsasig_data = LDNS_XMALLOC(unsigned char, 41); + if(!dsasig_data) { + DSA_SIG_free(dsasig); + return NULL; + } + dsasig_data[0] = 0; + byte_offset = (size_t) (20 - BN_num_bytes(dsasig->r)); + if (byte_offset > 20) { + DSA_SIG_free(dsasig); + LDNS_FREE(dsasig_data); + return NULL; + } + memset(&dsasig_data[1], 0, byte_offset); + BN_bn2bin(dsasig->r, &dsasig_data[1 + byte_offset]); + byte_offset = (size_t) (20 - BN_num_bytes(dsasig->s)); + if (byte_offset > 20) { + DSA_SIG_free(dsasig); + LDNS_FREE(dsasig_data); + return NULL; + } + memset(&dsasig_data[21], 0, byte_offset); + BN_bn2bin(dsasig->s, &dsasig_data[21 + byte_offset]); + + sigdata_rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, 41, dsasig_data); + if(!sigdata_rdf) { + LDNS_FREE(dsasig_data); + } + DSA_SIG_free(dsasig); + + return sigdata_rdf; +} + +ldns_status +ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, + const ldns_rdf *sig_rdf) +{ + /* the EVP api wants the DER encoding of the signature... */ + BIGNUM *R, *S; + DSA_SIG *dsasig; + unsigned char *raw_sig = NULL; + int raw_sig_len; + + if(ldns_rdf_size(sig_rdf) < 1 + 2*SHA_DIGEST_LENGTH) + return LDNS_STATUS_SYNTAX_RDATA_ERR; + /* extract the R and S field from the sig buffer */ + R = BN_new(); + if(!R) return LDNS_STATUS_MEM_ERR; + (void) BN_bin2bn((unsigned char *) ldns_rdf_data(sig_rdf) + 1, + SHA_DIGEST_LENGTH, R); + S = BN_new(); + if(!S) { + BN_free(R); + return LDNS_STATUS_MEM_ERR; + } + (void) BN_bin2bn((unsigned char *) ldns_rdf_data(sig_rdf) + 21, + SHA_DIGEST_LENGTH, S); + + dsasig = DSA_SIG_new(); + if (!dsasig) { + BN_free(R); + BN_free(S); + return LDNS_STATUS_MEM_ERR; + } + + dsasig->r = R; + dsasig->s = S; + + raw_sig_len = i2d_DSA_SIG(dsasig, &raw_sig); + if (raw_sig_len < 0) { + DSA_SIG_free(dsasig); + free(raw_sig); + return LDNS_STATUS_SSL_ERR; + } + if (ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) { + ldns_buffer_write(target_buffer, raw_sig, (size_t)raw_sig_len); + } + + DSA_SIG_free(dsasig); + free(raw_sig); + + return ldns_buffer_status(target_buffer); +} + +#ifdef USE_ECDSA +#ifndef S_SPLINT_S +ldns_rdf * +ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len) +{ + ECDSA_SIG* ecdsa_sig; + unsigned char *data = (unsigned char*)ldns_buffer_begin(sig); + ldns_rdf* rdf; + ecdsa_sig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&data, sig_len); + if(!ecdsa_sig) return NULL; + + /* "r | s". */ + data = LDNS_XMALLOC(unsigned char, + BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s)); + if(!data) { + ECDSA_SIG_free(ecdsa_sig); + return NULL; + } + BN_bn2bin(ecdsa_sig->r, data); + BN_bn2bin(ecdsa_sig->s, data+BN_num_bytes(ecdsa_sig->r)); + rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, (size_t)( + BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s)), data); + ECDSA_SIG_free(ecdsa_sig); + return rdf; +} + +ldns_status +ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, + const ldns_rdf *sig_rdf) +{ + ECDSA_SIG* sig; + int raw_sig_len; + long bnsize = (long)ldns_rdf_size(sig_rdf) / 2; + /* if too short, or not even length, do not bother */ + if(bnsize < 16 || (size_t)bnsize*2 != ldns_rdf_size(sig_rdf)) + return LDNS_STATUS_ERR; + + /* use the raw data to parse two evenly long BIGNUMs, "r | s". */ + sig = ECDSA_SIG_new(); + if(!sig) return LDNS_STATUS_MEM_ERR; + sig->r = BN_bin2bn((const unsigned char*)ldns_rdf_data(sig_rdf), + bnsize, sig->r); + sig->s = BN_bin2bn((const unsigned char*)ldns_rdf_data(sig_rdf)+bnsize, + bnsize, sig->s); + if(!sig->r || !sig->s) { + ECDSA_SIG_free(sig); + return LDNS_STATUS_MEM_ERR; + } + + raw_sig_len = i2d_ECDSA_SIG(sig, NULL); + if (ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) { + unsigned char* pp = (unsigned char*) + ldns_buffer_current(target_buffer); + raw_sig_len = i2d_ECDSA_SIG(sig, &pp); + ldns_buffer_skip(target_buffer, (ssize_t) raw_sig_len); + } + ECDSA_SIG_free(sig); + + return ldns_buffer_status(target_buffer); +} + +#endif /* S_SPLINT_S */ +#endif /* USE_ECDSA */ +#endif /* HAVE_SSL */ diff --git a/ldns/src/dnssec_sign.c b/ldns/src/dnssec_sign.c new file mode 100644 index 0000000..4af882a --- /dev/null +++ b/ldns/src/dnssec_sign.c @@ -0,0 +1,1456 @@ +#include + +#include + +#include +#include + +#include +#include + +#ifdef HAVE_SSL +/* this entire file is rather useless when you don't have + * crypto... + */ +#include +#include +#include +#include +#include +#endif /* HAVE_SSL */ + +ldns_rr * +ldns_create_empty_rrsig(ldns_rr_list *rrset, + ldns_key *current_key) +{ + uint32_t orig_ttl; + ldns_rr_class orig_class; + time_t now; + ldns_rr *current_sig; + uint8_t label_count; + ldns_rdf *signame; + + label_count = ldns_dname_label_count(ldns_rr_owner(ldns_rr_list_rr(rrset, + 0))); + /* RFC4035 2.2: not counting the leftmost label if it is a wildcard */ + if(ldns_dname_is_wildcard(ldns_rr_owner(ldns_rr_list_rr(rrset, 0)))) + label_count --; + + current_sig = ldns_rr_new_frm_type(LDNS_RR_TYPE_RRSIG); + + /* set the type on the new signature */ + orig_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrset, 0)); + orig_class = ldns_rr_get_class(ldns_rr_list_rr(rrset, 0)); + + ldns_rr_set_ttl(current_sig, orig_ttl); + ldns_rr_set_class(current_sig, orig_class); + ldns_rr_set_owner(current_sig, + ldns_rdf_clone( + ldns_rr_owner( + ldns_rr_list_rr(rrset, + 0)))); + + /* fill in what we know of the signature */ + + /* set the orig_ttl */ + (void)ldns_rr_rrsig_set_origttl( + current_sig, + ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, + orig_ttl)); + /* the signers name */ + signame = ldns_rdf_clone(ldns_key_pubkey_owner(current_key)); + ldns_dname2canonical(signame); + (void)ldns_rr_rrsig_set_signame( + current_sig, + signame); + /* label count - get it from the first rr in the rr_list */ + (void)ldns_rr_rrsig_set_labels( + current_sig, + ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, + label_count)); + /* inception, expiration */ + now = time(NULL); + if (ldns_key_inception(current_key) != 0) { + (void)ldns_rr_rrsig_set_inception( + current_sig, + ldns_native2rdf_int32( + LDNS_RDF_TYPE_TIME, + ldns_key_inception(current_key))); + } else { + (void)ldns_rr_rrsig_set_inception( + current_sig, + ldns_native2rdf_int32(LDNS_RDF_TYPE_TIME, now)); + } + if (ldns_key_expiration(current_key) != 0) { + (void)ldns_rr_rrsig_set_expiration( + current_sig, + ldns_native2rdf_int32( + LDNS_RDF_TYPE_TIME, + ldns_key_expiration(current_key))); + } else { + (void)ldns_rr_rrsig_set_expiration( + current_sig, + ldns_native2rdf_int32( + LDNS_RDF_TYPE_TIME, + now + LDNS_DEFAULT_EXP_TIME)); + } + + (void)ldns_rr_rrsig_set_keytag( + current_sig, + ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, + ldns_key_keytag(current_key))); + + (void)ldns_rr_rrsig_set_algorithm( + current_sig, + ldns_native2rdf_int8( + LDNS_RDF_TYPE_ALG, + ldns_key_algorithm(current_key))); + + (void)ldns_rr_rrsig_set_typecovered( + current_sig, + ldns_native2rdf_int16( + LDNS_RDF_TYPE_TYPE, + ldns_rr_get_type(ldns_rr_list_rr(rrset, + 0)))); + return current_sig; +} + +#ifdef HAVE_SSL +ldns_rdf * +ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key) +{ + ldns_rdf *b64rdf = NULL; + + switch(ldns_key_algorithm(current_key)) { + case LDNS_SIGN_DSA: + case LDNS_SIGN_DSA_NSEC3: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_dss1()); + break; + case LDNS_SIGN_RSASHA1: + case LDNS_SIGN_RSASHA1_NSEC3: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_sha1()); + break; +#ifdef USE_SHA2 + case LDNS_SIGN_RSASHA256: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_sha256()); + break; + case LDNS_SIGN_RSASHA512: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_sha512()); + break; +#endif /* USE_SHA2 */ +#ifdef USE_GOST + case LDNS_SIGN_ECC_GOST: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_get_digestbyname("md_gost94")); + break; +#endif /* USE_GOST */ +#ifdef USE_ECDSA + case LDNS_SIGN_ECDSAP256SHA256: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_sha256()); + break; + case LDNS_SIGN_ECDSAP384SHA384: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_sha384()); + break; +#endif + case LDNS_SIGN_RSAMD5: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_md5()); + break; + default: + /* do _you_ know this alg? */ + printf("unknown algorithm, "); + printf("is the one used available on this system?\n"); + break; + } + + return b64rdf; +} + +/** + * use this function to sign with a public/private key alg + * return the created signatures + */ +ldns_rr_list * +ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys) +{ + ldns_rr_list *signatures; + ldns_rr_list *rrset_clone; + ldns_rr *current_sig; + ldns_rdf *b64rdf; + ldns_key *current_key; + size_t key_count; + uint16_t i; + ldns_buffer *sign_buf; + ldns_rdf *new_owner; + + if (!rrset || ldns_rr_list_rr_count(rrset) < 1 || !keys) { + return NULL; + } + + new_owner = NULL; + + signatures = ldns_rr_list_new(); + + /* prepare a signature and add all the know data + * prepare the rrset. Sign this together. */ + rrset_clone = ldns_rr_list_clone(rrset); + if (!rrset_clone) { + return NULL; + } + + /* make it canonical */ + for(i = 0; i < ldns_rr_list_rr_count(rrset_clone); i++) { + ldns_rr_set_ttl(ldns_rr_list_rr(rrset_clone, i), + ldns_rr_ttl(ldns_rr_list_rr(rrset, 0))); + ldns_rr2canonical(ldns_rr_list_rr(rrset_clone, i)); + } + /* sort */ + ldns_rr_list_sort(rrset_clone); + + for (key_count = 0; + key_count < ldns_key_list_key_count(keys); + key_count++) { + if (!ldns_key_use(ldns_key_list_key(keys, key_count))) { + continue; + } + sign_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!sign_buf) { + ldns_rr_list_free(rrset_clone); + ldns_rr_list_free(signatures); + ldns_rdf_free(new_owner); + return NULL; + } + b64rdf = NULL; + + current_key = ldns_key_list_key(keys, key_count); + /* sign all RRs with keys that have ZSKbit, !SEPbit. + sign DNSKEY RRs with keys that have ZSKbit&SEPbit */ + if (ldns_key_flags(current_key) & LDNS_KEY_ZONE_KEY) { + current_sig = ldns_create_empty_rrsig(rrset_clone, + current_key); + + /* right now, we have: a key, a semi-sig and an rrset. For + * which we can create the sig and base64 encode that and + * add that to the signature */ + + if (ldns_rrsig2buffer_wire(sign_buf, current_sig) + != LDNS_STATUS_OK) { + ldns_buffer_free(sign_buf); + /* ERROR */ + ldns_rr_list_deep_free(rrset_clone); + ldns_rr_free(current_sig); + ldns_rr_list_deep_free(signatures); + return NULL; + } + + /* add the rrset in sign_buf */ + if (ldns_rr_list2buffer_wire(sign_buf, rrset_clone) + != LDNS_STATUS_OK) { + ldns_buffer_free(sign_buf); + ldns_rr_list_deep_free(rrset_clone); + ldns_rr_free(current_sig); + ldns_rr_list_deep_free(signatures); + return NULL; + } + + b64rdf = ldns_sign_public_buffer(sign_buf, current_key); + + if (!b64rdf) { + /* signing went wrong */ + ldns_rr_list_deep_free(rrset_clone); + ldns_rr_free(current_sig); + ldns_rr_list_deep_free(signatures); + return NULL; + } + + ldns_rr_rrsig_set_sig(current_sig, b64rdf); + + /* push the signature to the signatures list */ + ldns_rr_list_push_rr(signatures, current_sig); + } + ldns_buffer_free(sign_buf); /* restart for the next key */ + } + ldns_rr_list_deep_free(rrset_clone); + + return signatures; +} + +/** + * Sign data with DSA + * + * \param[in] to_sign The ldns_buffer containing raw data that is + * to be signed + * \param[in] key The DSA key structure to sign with + * \return ldns_rdf for the RRSIG ldns_rr + */ +ldns_rdf * +ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key) +{ + unsigned char *sha1_hash; + ldns_rdf *sigdata_rdf; + ldns_buffer *b64sig; + + DSA_SIG *sig; + uint8_t *data; + size_t pad; + + b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!b64sig) { + return NULL; + } + + sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign), + ldns_buffer_position(to_sign), NULL); + if (!sha1_hash) { + ldns_buffer_free(b64sig); + return NULL; + } + + sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key); + if(!sig) { + ldns_buffer_free(b64sig); + return NULL; + } + + data = LDNS_XMALLOC(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH); + if(!data) { + ldns_buffer_free(b64sig); + DSA_SIG_free(sig); + return NULL; + } + + data[0] = 1; + pad = 20 - (size_t) BN_num_bytes(sig->r); + if (pad > 0) { + memset(data + 1, 0, pad); + } + BN_bn2bin(sig->r, (unsigned char *) (data + 1) + pad); + + pad = 20 - (size_t) BN_num_bytes(sig->s); + if (pad > 0) { + memset(data + 1 + SHA_DIGEST_LENGTH, 0, pad); + } + BN_bn2bin(sig->s, (unsigned char *) (data + 1 + SHA_DIGEST_LENGTH + pad)); + + sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, + 1 + 2 * SHA_DIGEST_LENGTH, + data); + + ldns_buffer_free(b64sig); + LDNS_FREE(data); + DSA_SIG_free(sig); + + return sigdata_rdf; +} + +#ifdef USE_ECDSA +#ifndef S_SPLINT_S +static int +ldns_pkey_is_ecdsa(EVP_PKEY* pkey) +{ + EC_KEY* ec; + const EC_GROUP* g; + if(EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) + return 0; + ec = EVP_PKEY_get1_EC_KEY(pkey); + g = EC_KEY_get0_group(ec); + if(!g) { + EC_KEY_free(ec); + return 0; + } + if(EC_GROUP_get_curve_name(g) == NID_secp224r1 || + EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1 || + EC_GROUP_get_curve_name(g) == NID_secp384r1) { + EC_KEY_free(ec); + return 1; + } + /* downref the eckey, the original is still inside the pkey */ + EC_KEY_free(ec); + return 0; +} +#endif /* splint */ +#endif /* USE_ECDSA */ + +ldns_rdf * +ldns_sign_public_evp(ldns_buffer *to_sign, + EVP_PKEY *key, + const EVP_MD *digest_type) +{ + unsigned int siglen; + ldns_rdf *sigdata_rdf; + ldns_buffer *b64sig; + EVP_MD_CTX ctx; + const EVP_MD *md_type; + int r; + + siglen = 0; + b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!b64sig) { + return NULL; + } + + /* initializes a signing context */ + md_type = digest_type; + if(!md_type) { + /* unknown message difest */ + ldns_buffer_free(b64sig); + return NULL; + } + + EVP_MD_CTX_init(&ctx); + r = EVP_SignInit(&ctx, md_type); + if(r == 1) { + r = EVP_SignUpdate(&ctx, (unsigned char*) + ldns_buffer_begin(to_sign), + ldns_buffer_position(to_sign)); + } else { + ldns_buffer_free(b64sig); + return NULL; + } + if(r == 1) { + r = EVP_SignFinal(&ctx, (unsigned char*) + ldns_buffer_begin(b64sig), &siglen, key); + } else { + ldns_buffer_free(b64sig); + return NULL; + } + if(r != 1) { + ldns_buffer_free(b64sig); + return NULL; + } + + /* unfortunately, OpenSSL output is differenct from DNS DSA format */ +#ifndef S_SPLINT_S + if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) { + sigdata_rdf = ldns_convert_dsa_rrsig_asn12rdf(b64sig, siglen); +#ifdef USE_ECDSA + } else if(EVP_PKEY_type(key->type) == EVP_PKEY_EC && + ldns_pkey_is_ecdsa(key)) { + sigdata_rdf = ldns_convert_ecdsa_rrsig_asn12rdf(b64sig, siglen); +#endif + } else { + /* ok output for other types is the same */ + sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, + ldns_buffer_begin(b64sig)); + } +#endif /* splint */ + ldns_buffer_free(b64sig); + EVP_MD_CTX_cleanup(&ctx); + return sigdata_rdf; +} + +ldns_rdf * +ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key) +{ + unsigned char *sha1_hash; + unsigned int siglen; + ldns_rdf *sigdata_rdf; + ldns_buffer *b64sig; + int result; + + siglen = 0; + b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!b64sig) { + return NULL; + } + + sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign), + ldns_buffer_position(to_sign), NULL); + if (!sha1_hash) { + ldns_buffer_free(b64sig); + return NULL; + } + + result = RSA_sign(NID_sha1, sha1_hash, SHA_DIGEST_LENGTH, + (unsigned char*)ldns_buffer_begin(b64sig), + &siglen, key); + if (result != 1) { + ldns_buffer_free(b64sig); + return NULL; + } + + sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, + ldns_buffer_begin(b64sig)); + ldns_buffer_free(b64sig); /* can't free this buffer ?? */ + return sigdata_rdf; +} + +ldns_rdf * +ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key) +{ + unsigned char *md5_hash; + unsigned int siglen; + ldns_rdf *sigdata_rdf; + ldns_buffer *b64sig; + + b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!b64sig) { + return NULL; + } + + md5_hash = MD5((unsigned char*)ldns_buffer_begin(to_sign), + ldns_buffer_position(to_sign), NULL); + if (!md5_hash) { + ldns_buffer_free(b64sig); + return NULL; + } + + RSA_sign(NID_md5, md5_hash, MD5_DIGEST_LENGTH, + (unsigned char*)ldns_buffer_begin(b64sig), + &siglen, key); + + sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, + ldns_buffer_begin(b64sig)); + ldns_buffer_free(b64sig); + return sigdata_rdf; +} +#endif /* HAVE_SSL */ + +/** + * Pushes all rrs from the rrsets of type A and AAAA on gluelist. + */ +static ldns_status +ldns_dnssec_addresses_on_glue_list( + ldns_dnssec_rrsets *cur_rrset, + ldns_rr_list *glue_list) +{ + ldns_dnssec_rrs *cur_rrs; + while (cur_rrset) { + if (cur_rrset->type == LDNS_RR_TYPE_A + || cur_rrset->type == LDNS_RR_TYPE_AAAA) { + for (cur_rrs = cur_rrset->rrs; + cur_rrs; + cur_rrs = cur_rrs->next) { + if (cur_rrs->rr) { + if (!ldns_rr_list_push_rr(glue_list, + cur_rrs->rr)) { + return LDNS_STATUS_MEM_ERR; + /* ldns_rr_list_push_rr() + * returns false when unable + * to increase the capacity + * of the ldsn_rr_list + */ + } + } + } + } + cur_rrset = cur_rrset->next; + } + return LDNS_STATUS_OK; +} + +/** + * Marks the names in the zone that are occluded. Those names will be skipped + * when walking the tree with the ldns_dnssec_name_node_next_nonglue() + * function. But watch out! Names that are partially occluded (like glue with + * the same name as the delegation) will not be marked and should specifically + * be taken into account separately. + * + * When glue_list is given (not NULL), in the process of marking the names, all + * glue resource records will be pushed to that list, even glue at delegation names. + * + * \param[in] zone the zone in which to mark the names + * \param[in] glue_list the list to which to push the glue rrs + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status +ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone, + ldns_rr_list *glue_list) +{ + ldns_rbnode_t *node; + ldns_dnssec_name *name; + ldns_rdf *owner; + ldns_rdf *cut = NULL; /* keeps track of zone cuts */ + /* When the cut is caused by a delegation, below_delegation will be 1. + * When caused by a DNAME, below_delegation will be 0. + */ + int below_delegation = -1; /* init suppresses comiler warning */ + ldns_status s; + + if (!zone || !zone->names) { + return LDNS_STATUS_NULL; + } + for (node = ldns_rbtree_first(zone->names); + node != LDNS_RBTREE_NULL; + node = ldns_rbtree_next(node)) { + name = (ldns_dnssec_name *) node->data; + owner = ldns_dnssec_name_name(name); + + if (cut) { + /* The previous node was a zone cut, or a subdomain + * below a zone cut. Is this node (still) a subdomain + * below the cut? Then the name is occluded. Unless + * the name contains a SOA, after which we are + * authoritative again. + * + * FIXME! If there are labels in between the SOA and + * the cut, going from the authoritative space (below + * the SOA) up into occluded space again, will not be + * detected with the contruct below! + */ + if (ldns_dname_is_subdomain(owner, cut) && + !ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_SOA)) { + + if (below_delegation && glue_list) { + s = ldns_dnssec_addresses_on_glue_list( + name->rrsets, glue_list); + if (s != LDNS_STATUS_OK) { + return s; + } + } + name->is_glue = true; /* Mark occluded name! */ + continue; + } else { + cut = NULL; + } + } + + /* The node is not below a zone cut. Is it a zone cut itself? + * Everything below a SOA is authoritative of course; Except + * when the name also contains a DNAME :). + */ + if (ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_SOA)) { + cut = owner; + below_delegation = 1; + if (glue_list) { /* record glue on the zone cut */ + s = ldns_dnssec_addresses_on_glue_list( + name->rrsets, glue_list); + if (s != LDNS_STATUS_OK) { + return s; + } + } + } else if (ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_DNAME)) { + cut = owner; + below_delegation = 0; + } + } + return LDNS_STATUS_OK; +} + +/** + * Marks the names in the zone that are occluded. Those names will be skipped + * when walking the tree with the ldns_dnssec_name_node_next_nonglue() + * function. But watch out! Names that are partially occluded (like glue with + * the same name as the delegation) will not be marked and should specifically + * be taken into account separately. + * + * \param[in] zone the zone in which to mark the names + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status +ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone) +{ + return ldns_dnssec_zone_mark_and_get_glue(zone, NULL); +} + +ldns_rbnode_t * +ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node) +{ + ldns_rbnode_t *next_node = NULL; + ldns_dnssec_name *next_name = NULL; + bool done = false; + + if (node == LDNS_RBTREE_NULL) { + return NULL; + } + next_node = node; + while (!done) { + if (next_node == LDNS_RBTREE_NULL) { + return NULL; + } else { + next_name = (ldns_dnssec_name *)next_node->data; + if (!next_name->is_glue) { + done = true; + } else { + next_node = ldns_rbtree_next(next_node); + } + } + } + return next_node; +} + +ldns_status +ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs) +{ + + ldns_rbnode_t *first_node, *cur_node, *next_node; + ldns_dnssec_name *cur_name, *next_name; + ldns_rr *nsec_rr; + uint32_t nsec_ttl; + ldns_dnssec_rrsets *soa; + + /* the TTL of NSEC rrs should be set to the minimum TTL of + * the zone SOA (RFC4035 Section 2.3) + */ + soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA); + + /* did the caller actually set it? if not, + * fall back to default ttl + */ + if (soa && soa->rrs && soa->rrs->rr + && (ldns_rr_rdf(soa->rrs->rr, 6) != NULL)) { + nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6)); + } else { + nsec_ttl = LDNS_DEFAULT_TTL; + } + + first_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_first(zone->names)); + cur_node = first_node; + if (cur_node) { + next_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_next(cur_node)); + } else { + next_node = NULL; + } + + while (cur_node && next_node) { + cur_name = (ldns_dnssec_name *)cur_node->data; + next_name = (ldns_dnssec_name *)next_node->data; + nsec_rr = ldns_dnssec_create_nsec(cur_name, + next_name, + LDNS_RR_TYPE_NSEC); + ldns_rr_set_ttl(nsec_rr, nsec_ttl); + if(ldns_dnssec_name_add_rr(cur_name, nsec_rr)!=LDNS_STATUS_OK){ + ldns_rr_free(nsec_rr); + return LDNS_STATUS_ERR; + } + ldns_rr_list_push_rr(new_rrs, nsec_rr); + cur_node = next_node; + if (cur_node) { + next_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_next(cur_node)); + } + } + + if (cur_node && !next_node) { + cur_name = (ldns_dnssec_name *)cur_node->data; + next_name = (ldns_dnssec_name *)first_node->data; + nsec_rr = ldns_dnssec_create_nsec(cur_name, + next_name, + LDNS_RR_TYPE_NSEC); + ldns_rr_set_ttl(nsec_rr, nsec_ttl); + if(ldns_dnssec_name_add_rr(cur_name, nsec_rr)!=LDNS_STATUS_OK){ + ldns_rr_free(nsec_rr); + return LDNS_STATUS_ERR; + } + ldns_rr_list_push_rr(new_rrs, nsec_rr); + } else { + printf("error\n"); + } + + return LDNS_STATUS_OK; +} + +#ifdef HAVE_SSL +static void +ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) { + (void) arg; + LDNS_FREE(node); +} + +static ldns_status +ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt, + ldns_rbtree_t **map) +{ + ldns_rbnode_t *first_name_node; + ldns_rbnode_t *current_name_node; + ldns_dnssec_name *current_name; + ldns_status result = LDNS_STATUS_OK; + ldns_rr *nsec_rr; + ldns_rr_list *nsec3_list; + uint32_t nsec_ttl; + ldns_dnssec_rrsets *soa; + ldns_rbnode_t *hashmap_node; + + if (!zone || !new_rrs || !zone->names) { + return LDNS_STATUS_ERR; + } + + /* the TTL of NSEC rrs should be set to the minimum TTL of + * the zone SOA (RFC4035 Section 2.3) + */ + soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA); + + /* did the caller actually set it? if not, + * fall back to default ttl + */ + if (soa && soa->rrs && soa->rrs->rr + && ldns_rr_rdf(soa->rrs->rr, 6) != NULL) { + nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6)); + } else { + nsec_ttl = LDNS_DEFAULT_TTL; + } + + if (zone->hashed_names) { + ldns_traverse_postorder(zone->hashed_names, + ldns_hashed_names_node_free, NULL); + LDNS_FREE(zone->hashed_names); + } + zone->hashed_names = ldns_rbtree_create(ldns_dname_compare_v); + if (zone->hashed_names && map) { + *map = zone->hashed_names; + } + + first_name_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_first(zone->names)); + + current_name_node = first_name_node; + + while (current_name_node && current_name_node != LDNS_RBTREE_NULL && + result == LDNS_STATUS_OK) { + + current_name = (ldns_dnssec_name *) current_name_node->data; + nsec_rr = ldns_dnssec_create_nsec3(current_name, + NULL, + zone->soa->name, + algorithm, + flags, + iterations, + salt_length, + salt); + /* by default, our nsec based generator adds rrsigs + * remove the bitmap for empty nonterminals */ + if (!current_name->rrsets) { + ldns_rdf_deep_free(ldns_rr_pop_rdf(nsec_rr)); + } + ldns_rr_set_ttl(nsec_rr, nsec_ttl); + result = ldns_dnssec_name_add_rr(current_name, nsec_rr); + ldns_rr_list_push_rr(new_rrs, nsec_rr); + if (ldns_rr_owner(nsec_rr)) { + hashmap_node = LDNS_MALLOC(ldns_rbnode_t); + if (hashmap_node == NULL) { + return LDNS_STATUS_MEM_ERR; + } + current_name->hashed_name = + ldns_dname_label(ldns_rr_owner(nsec_rr), 0); + + if (current_name->hashed_name == NULL) { + LDNS_FREE(hashmap_node); + return LDNS_STATUS_MEM_ERR; + } + hashmap_node->key = current_name->hashed_name; + hashmap_node->data = current_name; + + if (! ldns_rbtree_insert(zone->hashed_names + , hashmap_node)) { + LDNS_FREE(hashmap_node); + } + } + current_name_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_next(current_name_node)); + } + if (result != LDNS_STATUS_OK) { + return result; + } + + /* Make sorted list of nsec3s (via zone->hashed_names) + */ + nsec3_list = ldns_rr_list_new(); + if (nsec3_list == NULL) { + return LDNS_STATUS_MEM_ERR; + } + for ( hashmap_node = ldns_rbtree_first(zone->hashed_names) + ; hashmap_node != LDNS_RBTREE_NULL + ; hashmap_node = ldns_rbtree_next(hashmap_node) + ) { + current_name = (ldns_dnssec_name *) hashmap_node->data; + nsec_rr = ((ldns_dnssec_name *) hashmap_node->data)->nsec; + if (nsec_rr) { + ldns_rr_list_push_rr(nsec3_list, nsec_rr); + } + } + result = ldns_dnssec_chain_nsec3_list(nsec3_list); + ldns_rr_list_free(nsec3_list); + + return result; +} + +ldns_status +ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt) +{ + return ldns_dnssec_zone_create_nsec3s_mkmap(zone, new_rrs, algorithm, + flags, iterations, salt_length, salt, NULL); + +} +#endif /* HAVE_SSL */ + +ldns_dnssec_rrs * +ldns_dnssec_remove_signatures( ldns_dnssec_rrs *signatures + , ATTR_UNUSED(ldns_key_list *key_list) + , int (*func)(ldns_rr *, void *) + , void *arg + ) +{ + ldns_dnssec_rrs *base_rrs = signatures; + ldns_dnssec_rrs *cur_rr = base_rrs; + ldns_dnssec_rrs *prev_rr = NULL; + ldns_dnssec_rrs *next_rr; + + uint16_t keytag; + size_t i; + + if (!cur_rr) { + switch(func(NULL, arg)) { + case LDNS_SIGNATURE_LEAVE_ADD_NEW: + case LDNS_SIGNATURE_REMOVE_ADD_NEW: + break; + case LDNS_SIGNATURE_LEAVE_NO_ADD: + case LDNS_SIGNATURE_REMOVE_NO_ADD: + ldns_key_list_set_use(key_list, false); + break; + default: +#ifdef STDERR_MSGS + fprintf(stderr, "[XX] unknown return value from callback\n"); +#endif + break; + } + return NULL; + } + (void)func(cur_rr->rr, arg); + + while (cur_rr) { + next_rr = cur_rr->next; + + switch (func(cur_rr->rr, arg)) { + case LDNS_SIGNATURE_LEAVE_ADD_NEW: + prev_rr = cur_rr; + break; + case LDNS_SIGNATURE_LEAVE_NO_ADD: + keytag = ldns_rdf2native_int16( + ldns_rr_rrsig_keytag(cur_rr->rr)); + for (i = 0; i < ldns_key_list_key_count(key_list); i++) { + if (ldns_key_keytag(ldns_key_list_key(key_list, i)) == + keytag) { + ldns_key_set_use(ldns_key_list_key(key_list, i), + false); + } + } + prev_rr = cur_rr; + break; + case LDNS_SIGNATURE_REMOVE_NO_ADD: + keytag = ldns_rdf2native_int16( + ldns_rr_rrsig_keytag(cur_rr->rr)); + for (i = 0; i < ldns_key_list_key_count(key_list); i++) { + if (ldns_key_keytag(ldns_key_list_key(key_list, i)) + == keytag) { + ldns_key_set_use(ldns_key_list_key(key_list, i), + false); + } + } + if (prev_rr) { + prev_rr->next = next_rr; + } else { + base_rrs = next_rr; + } + LDNS_FREE(cur_rr); + break; + case LDNS_SIGNATURE_REMOVE_ADD_NEW: + if (prev_rr) { + prev_rr->next = next_rr; + } else { + base_rrs = next_rr; + } + LDNS_FREE(cur_rr); + break; + default: +#ifdef STDERR_MSGS + fprintf(stderr, "[XX] unknown return value from callback\n"); +#endif + break; + } + cur_rr = next_rr; + } + + return base_rrs; +} + +#ifdef HAVE_SSL +ldns_status +ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void*), + void *arg) +{ + return ldns_dnssec_zone_create_rrsigs_flg(zone, new_rrs, key_list, + func, arg, 0); +} + +/** If there are KSKs use only them and mark ZSKs unused */ +static void +ldns_key_list_filter_for_dnskey(ldns_key_list *key_list) +{ + int saw_ksk = 0; + size_t i; + for(i=0; inames); + while (cur_node != LDNS_RBTREE_NULL) { + cur_name = (ldns_dnssec_name *) cur_node->data; + + if (!cur_name->is_glue) { + on_delegation_point = ldns_dnssec_rrsets_contains_type( + cur_name->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + cur_name->rrsets, LDNS_RR_TYPE_SOA); + cur_rrset = cur_name->rrsets; + while (cur_rrset) { + /* reset keys to use */ + ldns_key_list_set_use(key_list, true); + + /* walk through old sigs, remove the old, + and mark which keys (not) to use) */ + cur_rrset->signatures = + ldns_dnssec_remove_signatures(cur_rrset->signatures, + key_list, + func, + arg); + if(!(flags&LDNS_SIGN_DNSKEY_WITH_ZSK) && + cur_rrset->type == LDNS_RR_TYPE_DNSKEY) + ldns_key_list_filter_for_dnskey(key_list); + + if(cur_rrset->type != LDNS_RR_TYPE_DNSKEY) + ldns_key_list_filter_for_non_dnskey(key_list); + + /* TODO: just set count to zero? */ + rr_list = ldns_rr_list_new(); + + cur_rr = cur_rrset->rrs; + while (cur_rr) { + ldns_rr_list_push_rr(rr_list, cur_rr->rr); + cur_rr = cur_rr->next; + } + + /* only sign non-delegation RRsets */ + /* (glue should have been marked earlier, + * except on the delegation points itself) */ + if (!on_delegation_point || + ldns_rr_list_type(rr_list) + == LDNS_RR_TYPE_DS || + ldns_rr_list_type(rr_list) + == LDNS_RR_TYPE_NSEC || + ldns_rr_list_type(rr_list) + == LDNS_RR_TYPE_NSEC3) { + siglist = ldns_sign_public(rr_list, key_list); + for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) { + if (cur_rrset->signatures) { + result = ldns_dnssec_rrs_add_rr(cur_rrset->signatures, + ldns_rr_list_rr(siglist, + i)); + } else { + cur_rrset->signatures = ldns_dnssec_rrs_new(); + cur_rrset->signatures->rr = + ldns_rr_list_rr(siglist, i); + } + if (new_rrs) { + ldns_rr_list_push_rr(new_rrs, + ldns_rr_list_rr(siglist, + i)); + } + } + ldns_rr_list_free(siglist); + } + + ldns_rr_list_free(rr_list); + + cur_rrset = cur_rrset->next; + } + + /* sign the nsec */ + ldns_key_list_set_use(key_list, true); + cur_name->nsec_signatures = + ldns_dnssec_remove_signatures(cur_name->nsec_signatures, + key_list, + func, + arg); + ldns_key_list_filter_for_non_dnskey(key_list); + + rr_list = ldns_rr_list_new(); + ldns_rr_list_push_rr(rr_list, cur_name->nsec); + siglist = ldns_sign_public(rr_list, key_list); + + for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) { + if (cur_name->nsec_signatures) { + result = ldns_dnssec_rrs_add_rr(cur_name->nsec_signatures, + ldns_rr_list_rr(siglist, i)); + } else { + cur_name->nsec_signatures = ldns_dnssec_rrs_new(); + cur_name->nsec_signatures->rr = + ldns_rr_list_rr(siglist, i); + } + if (new_rrs) { + ldns_rr_list_push_rr(new_rrs, + ldns_rr_list_rr(siglist, i)); + } + } + + ldns_rr_list_free(siglist); + ldns_rr_list_free(rr_list); + } + cur_node = ldns_rbtree_next(cur_node); + } + + ldns_rr_list_deep_free(pubkey_list); + return result; +} + +ldns_status +ldns_dnssec_zone_sign(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg) +{ + return ldns_dnssec_zone_sign_flg(zone, new_rrs, key_list, func, arg, 0); +} + +ldns_status +ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + int flags) +{ + ldns_status result = LDNS_STATUS_OK; + + if (!zone || !new_rrs || !key_list) { + return LDNS_STATUS_ERR; + } + + /* zone is already sorted */ + result = ldns_dnssec_zone_mark_glue(zone); + if (result != LDNS_STATUS_OK) { + return result; + } + + /* check whether we need to add nsecs */ + if (zone->names && !((ldns_dnssec_name *)zone->names->root->data)->nsec) { + result = ldns_dnssec_zone_create_nsecs(zone, new_rrs); + if (result != LDNS_STATUS_OK) { + return result; + } + } + + result = ldns_dnssec_zone_create_rrsigs_flg(zone, + new_rrs, + key_list, + func, + arg, + flags); + + return result; +} + +ldns_status +ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt) +{ + return ldns_dnssec_zone_sign_nsec3_flg_mkmap(zone, new_rrs, key_list, + func, arg, algorithm, flags, iterations, salt_length, salt, 0, + NULL); +} + +ldns_status +ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt, + int signflags, + ldns_rbtree_t **map) +{ + ldns_rr *nsec3, *nsec3param; + ldns_status result = LDNS_STATUS_OK; + + /* zone is already sorted */ + result = ldns_dnssec_zone_mark_glue(zone); + if (result != LDNS_STATUS_OK) { + return result; + } + + /* TODO if there are already nsec3s presents and their + * parameters are the same as these, we don't have to recreate + */ + if (zone->names) { + /* add empty nonterminals */ + result = ldns_dnssec_zone_add_empty_nonterminals(zone); + if (result != LDNS_STATUS_OK) { + return result; + } + + nsec3 = ((ldns_dnssec_name *)zone->names->root->data)->nsec; + if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) { + /* no need to recreate */ + } else { + if (!ldns_dnssec_zone_find_rrset(zone, + zone->soa->name, + LDNS_RR_TYPE_NSEC3PARAM)) { + /* create and add the nsec3param rr */ + nsec3param = + ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAM); + ldns_rr_set_owner(nsec3param, + ldns_rdf_clone(zone->soa->name)); + ldns_nsec3_add_param_rdfs(nsec3param, + algorithm, + flags, + iterations, + salt_length, + salt); + /* always set bit 7 of the flags to zero, according to + * rfc5155 section 11. The bits are counted from right to left, + * so bit 7 in rfc5155 is bit 0 in ldns */ + ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 0, 0); + result = ldns_dnssec_zone_add_rr(zone, nsec3param); + if (result != LDNS_STATUS_OK) { + return result; + } + ldns_rr_list_push_rr(new_rrs, nsec3param); + } + result = ldns_dnssec_zone_create_nsec3s_mkmap(zone, + new_rrs, + algorithm, + flags, + iterations, + salt_length, + salt, + map); + if (result != LDNS_STATUS_OK) { + return result; + } + } + + result = ldns_dnssec_zone_create_rrsigs_flg(zone, + new_rrs, + key_list, + func, + arg, + signflags); + } + + return result; +} + +ldns_status +ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt, + int signflags) +{ + return ldns_dnssec_zone_sign_nsec3_flg_mkmap(zone, new_rrs, key_list, + func, arg, algorithm, flags, iterations, salt_length, salt, + signflags, NULL); +} + +ldns_zone * +ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list) +{ + ldns_dnssec_zone *dnssec_zone; + ldns_zone *signed_zone; + ldns_rr_list *new_rrs; + size_t i; + + signed_zone = ldns_zone_new(); + dnssec_zone = ldns_dnssec_zone_new(); + + (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_zone_soa(zone)); + ldns_zone_set_soa(signed_zone, ldns_rr_clone(ldns_zone_soa(zone))); + + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { + (void) ldns_dnssec_zone_add_rr(dnssec_zone, + ldns_rr_list_rr(ldns_zone_rrs(zone), + i)); + ldns_zone_push_rr(signed_zone, + ldns_rr_clone(ldns_rr_list_rr(ldns_zone_rrs(zone), + i))); + } + + new_rrs = ldns_rr_list_new(); + (void) ldns_dnssec_zone_sign(dnssec_zone, + new_rrs, + key_list, + ldns_dnssec_default_replace_signatures, + NULL); + + for (i = 0; i < ldns_rr_list_rr_count(new_rrs); i++) { + ldns_rr_list_push_rr(ldns_zone_rrs(signed_zone), + ldns_rr_clone(ldns_rr_list_rr(new_rrs, i))); + } + + ldns_rr_list_deep_free(new_rrs); + ldns_dnssec_zone_free(dnssec_zone); + + return signed_zone; +} + +ldns_zone * +ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) +{ + ldns_dnssec_zone *dnssec_zone; + ldns_zone *signed_zone; + ldns_rr_list *new_rrs; + size_t i; + + signed_zone = ldns_zone_new(); + dnssec_zone = ldns_dnssec_zone_new(); + + (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_zone_soa(zone)); + ldns_zone_set_soa(signed_zone, ldns_rr_clone(ldns_zone_soa(zone))); + + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { + (void) ldns_dnssec_zone_add_rr(dnssec_zone, + ldns_rr_list_rr(ldns_zone_rrs(zone), + i)); + ldns_zone_push_rr(signed_zone, + ldns_rr_clone(ldns_rr_list_rr(ldns_zone_rrs(zone), + i))); + } + + new_rrs = ldns_rr_list_new(); + (void) ldns_dnssec_zone_sign_nsec3(dnssec_zone, + new_rrs, + key_list, + ldns_dnssec_default_replace_signatures, + NULL, + algorithm, + flags, + iterations, + salt_length, + salt); + + for (i = 0; i < ldns_rr_list_rr_count(new_rrs); i++) { + ldns_rr_list_push_rr(ldns_zone_rrs(signed_zone), + ldns_rr_clone(ldns_rr_list_rr(new_rrs, i))); + } + + ldns_rr_list_deep_free(new_rrs); + ldns_dnssec_zone_free(dnssec_zone); + + return signed_zone; +} +#endif /* HAVE_SSL */ + + diff --git a/ldns/src/dnssec_verify.c b/ldns/src/dnssec_verify.c new file mode 100644 index 0000000..1af6635 --- /dev/null +++ b/ldns/src/dnssec_verify.c @@ -0,0 +1,2684 @@ +#include + +#include + +#include +#include + +#ifdef HAVE_SSL +/* this entire file is rather useless when you don't have + * crypto... + */ +#include +#include +#include +#include +#include + +ldns_dnssec_data_chain * +ldns_dnssec_data_chain_new(void) +{ + ldns_dnssec_data_chain *nc = LDNS_CALLOC(ldns_dnssec_data_chain, 1); + if(!nc) return NULL; + /* + * not needed anymore because CALLOC initalizes everything to zero. + + nc->rrset = NULL; + nc->parent_type = 0; + nc->parent = NULL; + nc->signatures = NULL; + nc->packet_rcode = 0; + nc->packet_qtype = 0; + nc->packet_nodata = false; + + */ + return nc; +} + +void +ldns_dnssec_data_chain_free(ldns_dnssec_data_chain *chain) +{ + LDNS_FREE(chain); +} + +void +ldns_dnssec_data_chain_deep_free(ldns_dnssec_data_chain *chain) +{ + ldns_rr_list_deep_free(chain->rrset); + ldns_rr_list_deep_free(chain->signatures); + if (chain->parent) { + ldns_dnssec_data_chain_deep_free(chain->parent); + } + LDNS_FREE(chain); +} + +void +ldns_dnssec_data_chain_print_fmt(FILE *out, const ldns_output_format *fmt, + const ldns_dnssec_data_chain *chain) +{ + ldns_lookup_table *rcode; + const ldns_rr_descriptor *rr_descriptor; + if (chain) { + ldns_dnssec_data_chain_print_fmt(out, fmt, chain->parent); + if (ldns_rr_list_rr_count(chain->rrset) > 0) { + rcode = ldns_lookup_by_id(ldns_rcodes, + (int) chain->packet_rcode); + if (rcode) { + fprintf(out, ";; rcode: %s\n", rcode->name); + } + + rr_descriptor = ldns_rr_descript(chain->packet_qtype); + if (rr_descriptor && rr_descriptor->_name) { + fprintf(out, ";; qtype: %s\n", rr_descriptor->_name); + } else if (chain->packet_qtype != 0) { + fprintf(out, "TYPE%u", + chain->packet_qtype); + } + if (chain->packet_nodata) { + fprintf(out, ";; NODATA response\n"); + } + fprintf(out, "rrset:\n"); + ldns_rr_list_print_fmt(out, fmt, chain->rrset); + fprintf(out, "sigs:\n"); + ldns_rr_list_print_fmt(out, fmt, chain->signatures); + fprintf(out, "---\n"); + } else { + fprintf(out, "\n"); + } + } +} +void +ldns_dnssec_data_chain_print(FILE *out, const ldns_dnssec_data_chain *chain) +{ + ldns_dnssec_data_chain_print_fmt( + out, ldns_output_format_default, chain); +} + + +static void +ldns_dnssec_build_data_chain_dnskey(ldns_resolver *res, + uint16_t qflags, + const ldns_pkt *pkt, + ldns_rr_list *signatures, + ldns_dnssec_data_chain *new_chain, + ldns_rdf *key_name, + ldns_rr_class c) { + ldns_rr_list *keys; + ldns_pkt *my_pkt; + if (signatures && ldns_rr_list_rr_count(signatures) > 0) { + new_chain->signatures = ldns_rr_list_clone(signatures); + new_chain->parent_type = 0; + + keys = ldns_pkt_rr_list_by_name_and_type( + pkt, + key_name, + LDNS_RR_TYPE_DNSKEY, + LDNS_SECTION_ANY_NOQUESTION + ); + if (!keys) { + my_pkt = ldns_resolver_query(res, + key_name, + LDNS_RR_TYPE_DNSKEY, + c, + qflags); + if (my_pkt) { + keys = ldns_pkt_rr_list_by_name_and_type( + my_pkt, + key_name, + LDNS_RR_TYPE_DNSKEY, + LDNS_SECTION_ANY_NOQUESTION + ); + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + keys, + my_pkt, + NULL); + new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY; + ldns_pkt_free(my_pkt); + } + } else { + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + keys, + pkt, + NULL); + new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY; + } + ldns_rr_list_deep_free(keys); + } +} + +static void +ldns_dnssec_build_data_chain_other(ldns_resolver *res, + uint16_t qflags, + ldns_dnssec_data_chain *new_chain, + ldns_rdf *key_name, + ldns_rr_class c, + ldns_rr_list *dss) +{ + /* 'self-signed', parent is a DS */ + + /* okay, either we have other keys signing the current one, + * or the current + * one should have a DS record in the parent zone. + * How do we find this out? Try both? + * + * request DNSKEYS for current zone, + * add all signatures to current level + */ + ldns_pkt *my_pkt; + ldns_rr_list *signatures2; + + new_chain->parent_type = 1; + + my_pkt = ldns_resolver_query(res, + key_name, + LDNS_RR_TYPE_DS, + c, + qflags); + if (my_pkt) { + dss = ldns_pkt_rr_list_by_name_and_type(my_pkt, + key_name, + LDNS_RR_TYPE_DS, + LDNS_SECTION_ANY_NOQUESTION + ); + if (dss) { + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + dss, + my_pkt, + NULL); + new_chain->parent->packet_qtype = LDNS_RR_TYPE_DS; + ldns_rr_list_deep_free(dss); + } + ldns_pkt_free(my_pkt); + } + + my_pkt = ldns_resolver_query(res, + key_name, + LDNS_RR_TYPE_DNSKEY, + c, + qflags); + if (my_pkt) { + signatures2 = ldns_pkt_rr_list_by_name_and_type(my_pkt, + key_name, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANSWER); + if (signatures2) { + if (new_chain->signatures) { + printf("There were already sigs!\n"); + ldns_rr_list_deep_free(new_chain->signatures); + printf("replacing the old sigs\n"); + } + new_chain->signatures = signatures2; + } + ldns_pkt_free(my_pkt); + } +} + +static ldns_dnssec_data_chain * +ldns_dnssec_build_data_chain_nokeyname(ldns_resolver *res, + uint16_t qflags, + ldns_rr *orig_rr, + const ldns_rr_list *rrset, + ldns_dnssec_data_chain *new_chain) +{ + ldns_rdf *possible_parent_name; + ldns_pkt *my_pkt; + /* apparently we were not able to find a signing key, so + we assume the chain ends here + */ + /* try parents for auth denial of DS */ + if (orig_rr) { + possible_parent_name = ldns_rr_owner(orig_rr); + } else if (rrset && ldns_rr_list_rr_count(rrset) > 0) { + possible_parent_name = ldns_rr_owner(ldns_rr_list_rr(rrset, 0)); + } else { + /* no information to go on, give up */ + return new_chain; + } + + my_pkt = ldns_resolver_query(res, + possible_parent_name, + LDNS_RR_TYPE_DS, + LDNS_RR_CLASS_IN, + qflags); + if (!my_pkt) { + return new_chain; + } + + if (ldns_pkt_ancount(my_pkt) > 0) { + /* add error, no sigs but DS in parent */ + /*ldns_pkt_print(stdout, my_pkt);*/ + ldns_pkt_free(my_pkt); + } else { + /* are there signatures? */ + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + NULL, + my_pkt, + NULL); + + new_chain->parent->packet_qtype = LDNS_RR_TYPE_DS; + + } + return new_chain; +} + + +ldns_dnssec_data_chain * +ldns_dnssec_build_data_chain(ldns_resolver *res, + uint16_t qflags, + const ldns_rr_list *rrset, + const ldns_pkt *pkt, + ldns_rr *orig_rr) +{ + ldns_rr_list *signatures = NULL; + ldns_rr_list *dss = NULL; + + ldns_rr_list *my_rrset; + + ldns_pkt *my_pkt; + + ldns_rdf *name = NULL, *key_name = NULL; + ldns_rr_type type = 0; + ldns_rr_class c = 0; + + bool other_rrset = false; + + ldns_dnssec_data_chain *new_chain = ldns_dnssec_data_chain_new(); + + assert(pkt != NULL); + + if (!ldns_dnssec_pkt_has_rrsigs(pkt)) { + /* hmm. no dnssec data in the packet. go up to try and deny + * DS? */ + return new_chain; + } + + if (orig_rr) { + new_chain->rrset = ldns_rr_list_new(); + ldns_rr_list_push_rr(new_chain->rrset, orig_rr); + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + rrset, + pkt, + NULL); + new_chain->packet_rcode = ldns_pkt_get_rcode(pkt); + new_chain->packet_qtype = ldns_rr_get_type(orig_rr); + if (ldns_pkt_ancount(pkt) == 0) { + new_chain->packet_nodata = true; + } + return new_chain; + } + + if (!rrset || ldns_rr_list_rr_count(rrset) < 1) { + /* hmm, no data, do we have denial? only works if pkt was given, + otherwise caller has to do the check himself */ + new_chain->packet_nodata = true; + if (pkt) { + my_rrset = ldns_pkt_rr_list_by_type(pkt, + LDNS_RR_TYPE_NSEC, + LDNS_SECTION_ANY_NOQUESTION + ); + if (my_rrset) { + if (ldns_rr_list_rr_count(my_rrset) > 0) { + type = LDNS_RR_TYPE_NSEC; + other_rrset = true; + } else { + ldns_rr_list_deep_free(my_rrset); + my_rrset = NULL; + } + } else { + /* nothing, try nsec3 */ + my_rrset = ldns_pkt_rr_list_by_type(pkt, + LDNS_RR_TYPE_NSEC3, + LDNS_SECTION_ANY_NOQUESTION); + if (my_rrset) { + if (ldns_rr_list_rr_count(my_rrset) > 0) { + type = LDNS_RR_TYPE_NSEC3; + other_rrset = true; + } else { + ldns_rr_list_deep_free(my_rrset); + my_rrset = NULL; + } + } else { + /* nothing, stop */ + /* try parent zone? for denied insecure? */ + return new_chain; + } + } + } else { + return new_chain; + } + } else { + my_rrset = (ldns_rr_list *) rrset; + } + + if (my_rrset && ldns_rr_list_rr_count(my_rrset) > 0) { + new_chain->rrset = ldns_rr_list_clone(my_rrset); + name = ldns_rr_owner(ldns_rr_list_rr(my_rrset, 0)); + type = ldns_rr_get_type(ldns_rr_list_rr(my_rrset, 0)); + c = ldns_rr_get_class(ldns_rr_list_rr(my_rrset, 0)); + } + + if (other_rrset) { + ldns_rr_list_deep_free(my_rrset); + } + + /* normally there will only be 1 signature 'set' + but there can be more than 1 denial (wildcards) + so check for NSEC + */ + if (type == LDNS_RR_TYPE_NSEC || type == LDNS_RR_TYPE_NSEC3) { + /* just throw in all signatures, the tree builder must sort + this out */ + if (pkt) { + signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type); + } else { + my_pkt = ldns_resolver_query(res, name, type, c, qflags); + if (my_pkt) { + signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type); + ldns_pkt_free(my_pkt); + } + } + } else { + if (pkt) { + signatures = + ldns_dnssec_pkt_get_rrsigs_for_name_and_type(pkt, + name, + type); + } + if (!signatures) { + my_pkt = ldns_resolver_query(res, name, type, c, qflags); + if (my_pkt) { + signatures = + ldns_dnssec_pkt_get_rrsigs_for_name_and_type(my_pkt, + name, + type); + ldns_pkt_free(my_pkt); + } + } + } + + if (signatures && ldns_rr_list_rr_count(signatures) > 0) { + key_name = ldns_rr_rdf(ldns_rr_list_rr(signatures, 0), 7); + } + if (!key_name) { + if (signatures) { + ldns_rr_list_deep_free(signatures); + } + return ldns_dnssec_build_data_chain_nokeyname(res, + qflags, + orig_rr, + rrset, + new_chain); + } + if (type != LDNS_RR_TYPE_DNSKEY) { + ldns_dnssec_build_data_chain_dnskey(res, + qflags, + pkt, + signatures, + new_chain, + key_name, + c + ); + } else { + ldns_dnssec_build_data_chain_other(res, + qflags, + new_chain, + key_name, + c, + dss + ); + } + if (signatures) { + ldns_rr_list_deep_free(signatures); + } + return new_chain; +} + +ldns_dnssec_trust_tree * +ldns_dnssec_trust_tree_new(void) +{ + ldns_dnssec_trust_tree *new_tree = LDNS_XMALLOC(ldns_dnssec_trust_tree, + 1); + if(!new_tree) return NULL; + new_tree->rr = NULL; + new_tree->rrset = NULL; + new_tree->parent_count = 0; + + return new_tree; +} + +void +ldns_dnssec_trust_tree_free(ldns_dnssec_trust_tree *tree) +{ + size_t i; + if (tree) { + for (i = 0; i < tree->parent_count; i++) { + ldns_dnssec_trust_tree_free(tree->parents[i]); + } + } + LDNS_FREE(tree); +} + +size_t +ldns_dnssec_trust_tree_depth(ldns_dnssec_trust_tree *tree) +{ + size_t result = 0; + size_t parent = 0; + size_t i; + + for (i = 0; i < tree->parent_count; i++) { + parent = ldns_dnssec_trust_tree_depth(tree->parents[i]); + if (parent > result) { + result = parent; + } + } + return 1 + result; +} + +/* TODO ldns_ */ +static void +print_tabs(FILE *out, size_t nr, uint8_t *map, size_t treedepth) +{ + size_t i; + for (i = 0; i < nr; i++) { + if (i == nr - 1) { + fprintf(out, "|---"); + } else if (map && i < treedepth && map[i] == 1) { + fprintf(out, "| "); + } else { + fprintf(out, " "); + } + } +} + +static void +ldns_dnssec_trust_tree_print_sm_fmt(FILE *out, + const ldns_output_format *fmt, + ldns_dnssec_trust_tree *tree, + size_t tabs, + bool extended, + uint8_t *sibmap, + size_t treedepth) +{ + size_t i; + const ldns_rr_descriptor *descriptor; + bool mapset = false; + + if (!sibmap) { + treedepth = ldns_dnssec_trust_tree_depth(tree); + sibmap = LDNS_XMALLOC(uint8_t, treedepth); + if(!sibmap) + return; /* mem err */ + memset(sibmap, 0, treedepth); + mapset = true; + } + + if (tree) { + if (tree->rr) { + print_tabs(out, tabs, sibmap, treedepth); + ldns_rdf_print(out, ldns_rr_owner(tree->rr)); + descriptor = ldns_rr_descript(ldns_rr_get_type(tree->rr)); + + if (descriptor->_name) { + fprintf(out, " (%s", descriptor->_name); + } else { + fprintf(out, " (TYPE%d", + ldns_rr_get_type(tree->rr)); + } + if (tabs > 0) { + if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_DNSKEY) { + fprintf(out, " keytag: %u", + (unsigned int) ldns_calc_keytag(tree->rr)); + fprintf(out, " alg: "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 2)); + fprintf(out, " flags: "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0)); + } else if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_DS) { + fprintf(out, " keytag: "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0)); + fprintf(out, " digest type: "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 2)); + } + if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NSEC) { + fprintf(out, " "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0)); + fprintf(out, " "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 1)); + } + } + + fprintf(out, ")\n"); + for (i = 0; i < tree->parent_count; i++) { + if (tree->parent_count > 1 && i < tree->parent_count - 1) { + sibmap[tabs] = 1; + } else { + sibmap[tabs] = 0; + } + /* only print errors */ + if (ldns_rr_get_type(tree->parents[i]->rr) == + LDNS_RR_TYPE_NSEC || + ldns_rr_get_type(tree->parents[i]->rr) == + LDNS_RR_TYPE_NSEC3) { + if (tree->parent_status[i] == LDNS_STATUS_OK) { + print_tabs(out, tabs + 1, sibmap, treedepth); + if (tabs == 0 && + ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NS && + ldns_rr_rd_count(tree->rr) > 0) { + fprintf(out, "Existence of DS is denied by:\n"); + } else { + fprintf(out, "Existence is denied by:\n"); + } + } else { + /* NS records aren't signed */ + if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NS) { + fprintf(out, "Existence of DS is denied by:\n"); + } else { + print_tabs(out, tabs + 1, sibmap, treedepth); + fprintf(out, + "Error in denial of existence: %s\n", + ldns_get_errorstr_by_id( + tree->parent_status[i])); + } + } + } else + if (tree->parent_status[i] != LDNS_STATUS_OK) { + print_tabs(out, tabs + 1, sibmap, treedepth); + fprintf(out, + "%s:\n", + ldns_get_errorstr_by_id( + tree->parent_status[i])); + if (tree->parent_status[i] + == LDNS_STATUS_SSL_ERR) { + printf("; SSL Error: "); + ERR_load_crypto_strings(); + ERR_print_errors_fp(stdout); + printf("\n"); + } + ldns_rr_print_fmt(out, fmt, + tree-> + parent_signature[i]); + printf("For RRset:\n"); + ldns_rr_list_print_fmt(out, fmt, + tree->rrset); + printf("With key:\n"); + ldns_rr_print_fmt(out, fmt, + tree->parents[i]->rr); + } + ldns_dnssec_trust_tree_print_sm_fmt(out, fmt, + tree->parents[i], + tabs+1, + extended, + sibmap, + treedepth); + } + } else { + print_tabs(out, tabs, sibmap, treedepth); + fprintf(out, "\n"); + } + } else { + fprintf(out, "\n"); + } + + if (mapset) { + LDNS_FREE(sibmap); + } +} + +void +ldns_dnssec_trust_tree_print_fmt(FILE *out, const ldns_output_format *fmt, + ldns_dnssec_trust_tree *tree, + size_t tabs, + bool extended) +{ + ldns_dnssec_trust_tree_print_sm_fmt(out, fmt, + tree, tabs, extended, NULL, 0); +} + +void +ldns_dnssec_trust_tree_print(FILE *out, + ldns_dnssec_trust_tree *tree, + size_t tabs, + bool extended) +{ + ldns_dnssec_trust_tree_print_fmt(out, ldns_output_format_default, + tree, tabs, extended); +} + + +ldns_status +ldns_dnssec_trust_tree_add_parent(ldns_dnssec_trust_tree *tree, + const ldns_dnssec_trust_tree *parent, + const ldns_rr *signature, + const ldns_status parent_status) +{ + if (tree + && parent + && tree->parent_count < LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS) { + /* + printf("Add parent for: "); + ldns_rr_print(stdout, tree->rr); + printf("parent: "); + ldns_rr_print(stdout, parent->rr); + */ + tree->parents[tree->parent_count] = + (ldns_dnssec_trust_tree *) parent; + tree->parent_status[tree->parent_count] = parent_status; + tree->parent_signature[tree->parent_count] = (ldns_rr *) signature; + tree->parent_count++; + return LDNS_STATUS_OK; + } else { + return LDNS_STATUS_ERR; + } +} + +/* if rr is null, take the first from the rrset */ +ldns_dnssec_trust_tree * +ldns_dnssec_derive_trust_tree_time( + ldns_dnssec_data_chain *data_chain, + ldns_rr *rr, + time_t check_time + ) +{ + ldns_rr_list *cur_rrset; + ldns_rr_list *cur_sigs; + ldns_rr *cur_rr = NULL; + ldns_rr *cur_sig_rr; + size_t i, j; + + ldns_dnssec_trust_tree *new_tree = ldns_dnssec_trust_tree_new(); + if(!new_tree) + return NULL; + + if (data_chain && data_chain->rrset) { + cur_rrset = data_chain->rrset; + + cur_sigs = data_chain->signatures; + + if (rr) { + cur_rr = rr; + } + + if (!cur_rr && ldns_rr_list_rr_count(cur_rrset) > 0) { + cur_rr = ldns_rr_list_rr(cur_rrset, 0); + } + + if (cur_rr) { + new_tree->rr = cur_rr; + new_tree->rrset = cur_rrset; + /* there are three possibilities: + 1 - 'normal' rrset, signed by a key + 2 - dnskey signed by other dnskey + 3 - dnskey proven by higher level DS + (data denied by nsec is a special case that can + occur in multiple places) + + */ + if (cur_sigs) { + for (i = 0; i < ldns_rr_list_rr_count(cur_sigs); i++) { + /* find the appropriate key in the parent list */ + cur_sig_rr = ldns_rr_list_rr(cur_sigs, i); + + if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_NSEC) { + if (ldns_dname_compare(ldns_rr_owner(cur_sig_rr), + ldns_rr_owner(cur_rr))) + { + /* find first that does match */ + + for (j = 0; + j < ldns_rr_list_rr_count(cur_rrset) && + ldns_dname_compare(ldns_rr_owner(cur_sig_rr),ldns_rr_owner(cur_rr)) != 0; + j++) { + cur_rr = ldns_rr_list_rr(cur_rrset, j); + + } + if (ldns_dname_compare(ldns_rr_owner(cur_sig_rr), + ldns_rr_owner(cur_rr))) + { + break; + } + } + + } + /* option 1 */ + if (data_chain->parent) { + ldns_dnssec_derive_trust_tree_normal_rrset_time( + new_tree, + data_chain, + cur_sig_rr, + check_time); + } + + /* option 2 */ + ldns_dnssec_derive_trust_tree_dnskey_rrset_time( + new_tree, + data_chain, + cur_rr, + cur_sig_rr, + check_time); + } + + ldns_dnssec_derive_trust_tree_ds_rrset_time( + new_tree, data_chain, + cur_rr, check_time); + } else { + /* no signatures? maybe it's nsec data */ + + /* just add every rr from parent as new parent */ + ldns_dnssec_derive_trust_tree_no_sig_time( + new_tree, data_chain, check_time); + } + } + } + + return new_tree; +} + +ldns_dnssec_trust_tree * +ldns_dnssec_derive_trust_tree(ldns_dnssec_data_chain *data_chain, ldns_rr *rr) +{ + return ldns_dnssec_derive_trust_tree_time(data_chain, rr, ldns_time(NULL)); +} + +void +ldns_dnssec_derive_trust_tree_normal_rrset_time( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_sig_rr, + time_t check_time) +{ + size_t i, j; + ldns_rr_list *cur_rrset = ldns_rr_list_clone(data_chain->rrset); + ldns_dnssec_trust_tree *cur_parent_tree; + ldns_rr *cur_parent_rr; + uint16_t cur_keytag; + ldns_rr_list *tmp_rrset = NULL; + ldns_status cur_status; + + cur_keytag = ldns_rdf2native_int16(ldns_rr_rrsig_keytag(cur_sig_rr)); + + for (j = 0; j < ldns_rr_list_rr_count(data_chain->parent->rrset); j++) { + cur_parent_rr = ldns_rr_list_rr(data_chain->parent->rrset, j); + if (ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DNSKEY) { + if (ldns_calc_keytag(cur_parent_rr) == cur_keytag) { + + /* TODO: check wildcard nsec too */ + if (cur_rrset && ldns_rr_list_rr_count(cur_rrset) > 0) { + tmp_rrset = cur_rrset; + if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) + == LDNS_RR_TYPE_NSEC || + ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) + == LDNS_RR_TYPE_NSEC3) { + /* might contain different names! + sort and split */ + ldns_rr_list_sort(cur_rrset); + assert(tmp_rrset == cur_rrset); + tmp_rrset = ldns_rr_list_pop_rrset(cur_rrset); + + /* with nsecs, this might be the wrong one */ + while (tmp_rrset && + ldns_rr_list_rr_count(cur_rrset) > 0 && + ldns_dname_compare( + ldns_rr_owner(ldns_rr_list_rr( + tmp_rrset, 0)), + ldns_rr_owner(cur_sig_rr)) != 0) { + ldns_rr_list_deep_free(tmp_rrset); + tmp_rrset = + ldns_rr_list_pop_rrset(cur_rrset); + } + } + cur_status = ldns_verify_rrsig_time( + tmp_rrset, + cur_sig_rr, + cur_parent_rr, + check_time); + if (tmp_rrset && tmp_rrset != cur_rrset + ) { + ldns_rr_list_deep_free( + tmp_rrset); + tmp_rrset = NULL; + } + /* avoid dupes */ + for (i = 0; i < new_tree->parent_count; i++) { + if (cur_parent_rr == new_tree->parents[i]->rr) { + goto done; + } + } + + cur_parent_tree = + ldns_dnssec_derive_trust_tree_time( + data_chain->parent, + cur_parent_rr, + check_time); + (void)ldns_dnssec_trust_tree_add_parent(new_tree, + cur_parent_tree, + cur_sig_rr, + cur_status); + } + } + } + } + done: + ldns_rr_list_deep_free(cur_rrset); +} + +void +ldns_dnssec_derive_trust_tree_normal_rrset(ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_sig_rr) +{ + ldns_dnssec_derive_trust_tree_normal_rrset_time( + new_tree, data_chain, cur_sig_rr, ldns_time(NULL)); +} + +void +ldns_dnssec_derive_trust_tree_dnskey_rrset_time( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr, + ldns_rr *cur_sig_rr, + time_t check_time) +{ + size_t j; + ldns_rr_list *cur_rrset = data_chain->rrset; + ldns_dnssec_trust_tree *cur_parent_tree; + ldns_rr *cur_parent_rr; + uint16_t cur_keytag; + ldns_status cur_status; + + cur_keytag = ldns_rdf2native_int16(ldns_rr_rrsig_keytag(cur_sig_rr)); + + for (j = 0; j < ldns_rr_list_rr_count(cur_rrset); j++) { + cur_parent_rr = ldns_rr_list_rr(cur_rrset, j); + if (cur_parent_rr != cur_rr && + ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DNSKEY) { + if (ldns_calc_keytag(cur_parent_rr) == cur_keytag + ) { + cur_parent_tree = ldns_dnssec_trust_tree_new(); + cur_parent_tree->rr = cur_parent_rr; + cur_parent_tree->rrset = cur_rrset; + cur_status = ldns_verify_rrsig_time( + cur_rrset, cur_sig_rr, + cur_parent_rr, check_time); + (void) ldns_dnssec_trust_tree_add_parent(new_tree, + cur_parent_tree, cur_sig_rr, cur_status); + } + } + } +} + +void +ldns_dnssec_derive_trust_tree_dnskey_rrset(ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr, + ldns_rr *cur_sig_rr) +{ + ldns_dnssec_derive_trust_tree_dnskey_rrset_time( + new_tree, data_chain, cur_rr, cur_sig_rr, ldns_time(NULL)); +} + +void +ldns_dnssec_derive_trust_tree_ds_rrset_time( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr, + time_t check_time) +{ + size_t j, h; + ldns_rr_list *cur_rrset = data_chain->rrset; + ldns_dnssec_trust_tree *cur_parent_tree; + ldns_rr *cur_parent_rr; + + /* try the parent to see whether there are DSs there */ + if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_DNSKEY && + data_chain->parent && + data_chain->parent->rrset + ) { + for (j = 0; + j < ldns_rr_list_rr_count(data_chain->parent->rrset); + j++) { + cur_parent_rr = ldns_rr_list_rr(data_chain->parent->rrset, j); + if (ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DS) { + for (h = 0; h < ldns_rr_list_rr_count(cur_rrset); h++) { + cur_rr = ldns_rr_list_rr(cur_rrset, h); + if (ldns_rr_compare_ds(cur_rr, cur_parent_rr)) { + cur_parent_tree = + ldns_dnssec_derive_trust_tree_time( + data_chain->parent, + cur_parent_rr, + check_time); + (void) ldns_dnssec_trust_tree_add_parent( + new_tree, + cur_parent_tree, + NULL, + LDNS_STATUS_OK); + } else { + /*ldns_rr_print(stdout, cur_parent_rr);*/ + } + } + } + } + } +} + +void +ldns_dnssec_derive_trust_tree_ds_rrset(ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr) +{ + ldns_dnssec_derive_trust_tree_ds_rrset_time( + new_tree, data_chain, cur_rr, ldns_time(NULL)); +} + +void +ldns_dnssec_derive_trust_tree_no_sig_time( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + time_t check_time) +{ + size_t i; + ldns_rr_list *cur_rrset; + ldns_rr *cur_parent_rr; + ldns_dnssec_trust_tree *cur_parent_tree; + ldns_status result; + + if (data_chain->parent && data_chain->parent->rrset) { + cur_rrset = data_chain->parent->rrset; + /* nsec? */ + if (cur_rrset && ldns_rr_list_rr_count(cur_rrset) > 0) { + if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) == + LDNS_RR_TYPE_NSEC3) { + result = ldns_dnssec_verify_denial_nsec3( + new_tree->rr, + cur_rrset, + data_chain->parent->signatures, + data_chain->packet_rcode, + data_chain->packet_qtype, + data_chain->packet_nodata); + } else if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) == + LDNS_RR_TYPE_NSEC) { + result = ldns_dnssec_verify_denial( + new_tree->rr, + cur_rrset, + data_chain->parent->signatures); + } else { + /* unsigned zone, unsigned parent */ + result = LDNS_STATUS_OK; + } + } else { + result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED; + } + for (i = 0; i < ldns_rr_list_rr_count(cur_rrset); i++) { + cur_parent_rr = ldns_rr_list_rr(cur_rrset, i); + cur_parent_tree = + ldns_dnssec_derive_trust_tree_time( + data_chain->parent, + cur_parent_rr, + check_time); + (void) ldns_dnssec_trust_tree_add_parent(new_tree, + cur_parent_tree, NULL, result); + } + } +} + +void +ldns_dnssec_derive_trust_tree_no_sig(ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain) +{ + ldns_dnssec_derive_trust_tree_no_sig_time( + new_tree, data_chain, ldns_time(NULL)); +} + +/* + * returns OK if there is a path from tree to key with only OK + * the (first) error in between otherwise + * or NOT_FOUND if the key wasn't present at all + */ +ldns_status +ldns_dnssec_trust_tree_contains_keys(ldns_dnssec_trust_tree *tree, + ldns_rr_list *trusted_keys) +{ + size_t i; + ldns_status result = LDNS_STATUS_CRYPTO_NO_DNSKEY; + bool equal; + ldns_status parent_result; + + if (tree && trusted_keys && ldns_rr_list_rr_count(trusted_keys) > 0) + { if (tree->rr) { + for (i = 0; i < ldns_rr_list_rr_count(trusted_keys); i++) { + equal = ldns_rr_compare_ds( + tree->rr, + ldns_rr_list_rr(trusted_keys, i)); + if (equal) { + result = LDNS_STATUS_OK; + return result; + } + } + } + for (i = 0; i < tree->parent_count; i++) { + parent_result = + ldns_dnssec_trust_tree_contains_keys(tree->parents[i], + trusted_keys); + if (parent_result != LDNS_STATUS_CRYPTO_NO_DNSKEY) { + if (tree->parent_status[i] != LDNS_STATUS_OK) { + result = tree->parent_status[i]; + } else { + if (tree->rr && + ldns_rr_get_type(tree->rr) + == LDNS_RR_TYPE_NSEC && + parent_result == LDNS_STATUS_OK + ) { + result = + LDNS_STATUS_DNSSEC_EXISTENCE_DENIED; + } else { + result = parent_result; + } + } + } + } + } else { + result = LDNS_STATUS_ERR; + } + + return result; +} + +ldns_status +ldns_verify_time( + ldns_rr_list *rrset, + ldns_rr_list *rrsig, + const ldns_rr_list *keys, + time_t check_time, + ldns_rr_list *good_keys + ) +{ + uint16_t i; + ldns_status verify_result = LDNS_STATUS_ERR; + + if (!rrset || !rrsig || !keys) { + return LDNS_STATUS_ERR; + } + + if (ldns_rr_list_rr_count(rrset) < 1) { + return LDNS_STATUS_ERR; + } + + if (ldns_rr_list_rr_count(rrsig) < 1) { + return LDNS_STATUS_CRYPTO_NO_RRSIG; + } + + if (ldns_rr_list_rr_count(keys) < 1) { + verify_result = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY; + } else { + for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) { + ldns_status s = ldns_verify_rrsig_keylist_time( + rrset, ldns_rr_list_rr(rrsig, i), + keys, check_time, good_keys); + /* try a little to get more descriptive error */ + if(s == LDNS_STATUS_OK) { + verify_result = LDNS_STATUS_OK; + } else if(verify_result == LDNS_STATUS_ERR) + verify_result = s; + else if(s != LDNS_STATUS_ERR && verify_result == + LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) + verify_result = s; + } + } + return verify_result; +} + +ldns_status +ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, const ldns_rr_list *keys, + ldns_rr_list *good_keys) +{ + return ldns_verify_time(rrset, rrsig, keys, ldns_time(NULL), good_keys); +} + +ldns_status +ldns_verify_notime(ldns_rr_list *rrset, ldns_rr_list *rrsig, + const ldns_rr_list *keys, ldns_rr_list *good_keys) +{ + uint16_t i; + ldns_status verify_result = LDNS_STATUS_ERR; + + if (!rrset || !rrsig || !keys) { + return LDNS_STATUS_ERR; + } + + if (ldns_rr_list_rr_count(rrset) < 1) { + return LDNS_STATUS_ERR; + } + + if (ldns_rr_list_rr_count(rrsig) < 1) { + return LDNS_STATUS_CRYPTO_NO_RRSIG; + } + + if (ldns_rr_list_rr_count(keys) < 1) { + verify_result = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY; + } else { + for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) { + ldns_status s = ldns_verify_rrsig_keylist_notime(rrset, + ldns_rr_list_rr(rrsig, i), keys, good_keys); + + /* try a little to get more descriptive error */ + if (s == LDNS_STATUS_OK) { + verify_result = LDNS_STATUS_OK; + } else if (verify_result == LDNS_STATUS_ERR) { + verify_result = s; + } else if (s != LDNS_STATUS_ERR && verify_result == + LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) { + verify_result = s; + } + } + } + return verify_result; +} + +ldns_rr_list * +ldns_fetch_valid_domain_keys_time(const ldns_resolver *res, + const ldns_rdf *domain, + const ldns_rr_list *keys, + time_t check_time, + ldns_status *status) +{ + ldns_rr_list * trusted_keys = NULL; + ldns_rr_list * ds_keys = NULL; + ldns_rdf * prev_parent_domain; + ldns_rdf * parent_domain; + ldns_rr_list * parent_keys = NULL; + + if (res && domain && keys) { + + if ((trusted_keys = ldns_validate_domain_dnskey_time(res, + domain, keys, check_time))) { + *status = LDNS_STATUS_OK; + } else { + /* No trusted keys in this domain, we'll have to find some in the parent domain */ + *status = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY; + + parent_domain = ldns_dname_left_chop(domain); + while (parent_domain && /* Fail if we are at the root*/ + ldns_rdf_size(parent_domain) > 0) { + + if ((parent_keys = + ldns_fetch_valid_domain_keys_time(res, + parent_domain, + keys, + check_time, + status))) { + /* Check DS records */ + if ((ds_keys = + ldns_validate_domain_ds_time(res, + domain, + parent_keys, + check_time))) { + trusted_keys = + ldns_fetch_valid_domain_keys_time( + res, + domain, + ds_keys, + check_time, + status); + ldns_rr_list_deep_free(ds_keys); + } else { + /* No valid DS at the parent -- fail */ + *status = LDNS_STATUS_CRYPTO_NO_TRUSTED_DS ; + } + ldns_rr_list_deep_free(parent_keys); + break; + } else { + parent_domain = ldns_dname_left_chop(( + prev_parent_domain + = parent_domain + )); + ldns_rdf_deep_free(prev_parent_domain); + } + } + if (parent_domain) { + ldns_rdf_deep_free(parent_domain); + } + } + } + return trusted_keys; +} + +ldns_rr_list * +ldns_fetch_valid_domain_keys(const ldns_resolver *res, + const ldns_rdf *domain, + const ldns_rr_list *keys, + ldns_status *status) +{ + return ldns_fetch_valid_domain_keys_time( + res, domain, keys, ldns_time(NULL), status); +} + +ldns_rr_list * +ldns_validate_domain_dnskey_time( + const ldns_resolver * res, + const ldns_rdf * domain, + const ldns_rr_list * keys, + time_t check_time + ) +{ + ldns_pkt * keypkt; + ldns_rr * cur_key; + uint16_t key_i; uint16_t key_j; uint16_t key_k; + uint16_t sig_i; ldns_rr * cur_sig; + + ldns_rr_list * domain_keys = NULL; + ldns_rr_list * domain_sigs = NULL; + ldns_rr_list * trusted_keys = NULL; + + /* Fetch keys for the domain */ + keypkt = ldns_resolver_query(res, domain, + LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, LDNS_RD); + if (keypkt) { + domain_keys = ldns_pkt_rr_list_by_type(keypkt, + LDNS_RR_TYPE_DNSKEY, + LDNS_SECTION_ANSWER); + domain_sigs = ldns_pkt_rr_list_by_type(keypkt, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANSWER); + + /* Try to validate the record using our keys */ + for (key_i=0; key_i< ldns_rr_list_rr_count(domain_keys); key_i++) { + + cur_key = ldns_rr_list_rr(domain_keys, key_i); + for (key_j=0; key_j= ldns_dname_label_count(ldns_rr_owner(rr))) { + + /* Query name *is* the "next closer". */ + hashed_next_closer = hashed_name; + } else { + + /* "next closer" has less labels than the query name. + * Create the name and hash it. + */ + next_closer = ldns_dname_clone_from( + ldns_rr_owner(rr), + ldns_dname_label_count(ldns_rr_owner(rr)) + - (ldns_dname_label_count(closest_encloser) + 1) + ); + hashed_next_closer = ldns_nsec3_hash_name_frm_nsec3( + ldns_rr_list_rr(nsecs, 0), + next_closer + ); + (void) ldns_dname_cat(hashed_next_closer, zone_name); + } + /* Find the NSEC3 that covers the "next closer" */ + for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) { + if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, i), + hashed_next_closer) && + ldns_nsec3_optout(ldns_rr_list_rr(nsecs, i))) { + + result = LDNS_STATUS_OK; + if (match) { + *match = ldns_rr_list_rr(nsecs, i); + } + break; + } + } + if (ldns_dname_label_count(closest_encloser) + 1 + < ldns_dname_label_count(ldns_rr_owner(rr))) { + + /* "next closer" has less labels than the query name. + * Dispose of the temporary variables that held that name. + */ + ldns_rdf_deep_free(hashed_next_closer); + ldns_rdf_deep_free(next_closer); + } + ldns_rdf_deep_free(closest_encloser); + } + + done: + ldns_rdf_deep_free(zone_name); + return result; +} + +ldns_status +ldns_dnssec_verify_denial_nsec3(ldns_rr *rr, + ldns_rr_list *nsecs, + ldns_rr_list *rrsigs, + ldns_pkt_rcode packet_rcode, + ldns_rr_type packet_qtype, + bool packet_nodata) +{ + return ldns_dnssec_verify_denial_nsec3_match( + rr, nsecs, rrsigs, packet_rcode, + packet_qtype, packet_nodata, NULL + ); +} + +#ifdef USE_GOST +EVP_PKEY* +ldns_gost2pkey_raw(unsigned char* key, size_t keylen) +{ + /* prefix header for X509 encoding */ + uint8_t asn[37] = { 0x30, 0x63, 0x30, 0x1c, 0x06, 0x06, 0x2a, 0x85, + 0x03, 0x02, 0x02, 0x13, 0x30, 0x12, 0x06, 0x07, 0x2a, 0x85, + 0x03, 0x02, 0x02, 0x23, 0x01, 0x06, 0x07, 0x2a, 0x85, 0x03, + 0x02, 0x02, 0x1e, 0x01, 0x03, 0x43, 0x00, 0x04, 0x40}; + unsigned char encoded[37+64]; + const unsigned char* pp; + if(keylen != 64) { + /* key wrong size */ + return NULL; + } + + /* create evp_key */ + memmove(encoded, asn, 37); + memmove(encoded+37, key, 64); + pp = (unsigned char*)&encoded[0]; + + return d2i_PUBKEY(NULL, &pp, (int)sizeof(encoded)); +} + +static ldns_status +ldns_verify_rrsig_gost_raw(unsigned char* sig, size_t siglen, + ldns_buffer* rrset, unsigned char* key, size_t keylen) +{ + EVP_PKEY *evp_key; + ldns_status result; + + (void) ldns_key_EVP_load_gost_id(); + evp_key = ldns_gost2pkey_raw(key, keylen); + if(!evp_key) { + /* could not convert key */ + return LDNS_STATUS_CRYPTO_BOGUS; + } + + /* verify signature */ + result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, + evp_key, EVP_get_digestbyname("md_gost94")); + EVP_PKEY_free(evp_key); + + return result; +} +#endif + +#ifdef USE_ECDSA +EVP_PKEY* +ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo) +{ + unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */ + const unsigned char* pp = buf; + EVP_PKEY *evp_key; + EC_KEY *ec; + /* check length, which uncompressed must be 2 bignums */ + if(algo == LDNS_ECDSAP256SHA256) { + if(keylen != 2*256/8) return NULL; + ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + } else if(algo == LDNS_ECDSAP384SHA384) { + if(keylen != 2*384/8) return NULL; + ec = EC_KEY_new_by_curve_name(NID_secp384r1); + } else ec = NULL; + if(!ec) return NULL; + if(keylen+1 > sizeof(buf)) + return NULL; /* sanity check */ + /* prepend the 0x02 (from docs) (or actually 0x04 from implementation + * of openssl) for uncompressed data */ + buf[0] = POINT_CONVERSION_UNCOMPRESSED; + memmove(buf+1, key, keylen); + if(!o2i_ECPublicKey(&ec, &pp, (int)keylen+1)) { + EC_KEY_free(ec); + return NULL; + } + evp_key = EVP_PKEY_new(); + if(!evp_key) { + EC_KEY_free(ec); + return NULL; + } + if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) { + EVP_PKEY_free(evp_key); + EC_KEY_free(ec); + return NULL; + } + return evp_key; +} + +static ldns_status +ldns_verify_rrsig_ecdsa_raw(unsigned char* sig, size_t siglen, + ldns_buffer* rrset, unsigned char* key, size_t keylen, uint8_t algo) +{ + EVP_PKEY *evp_key; + ldns_status result; + const EVP_MD *d; + + evp_key = ldns_ecdsa2pkey_raw(key, keylen, algo); + if(!evp_key) { + /* could not convert key */ + return LDNS_STATUS_CRYPTO_BOGUS; + } + if(algo == LDNS_ECDSAP256SHA256) + d = EVP_sha256(); + else d = EVP_sha384(); /* LDNS_ECDSAP384SHA384 */ + result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, d); + EVP_PKEY_free(evp_key); + return result; +} +#endif + +ldns_status +ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf, ldns_buffer *verify_buf, + ldns_buffer *key_buf, uint8_t algo) +{ + return ldns_verify_rrsig_buffers_raw( + (unsigned char*)ldns_buffer_begin(rawsig_buf), + ldns_buffer_position(rawsig_buf), + verify_buf, + (unsigned char*)ldns_buffer_begin(key_buf), + ldns_buffer_position(key_buf), algo); +} + +ldns_status +ldns_verify_rrsig_buffers_raw(unsigned char* sig, size_t siglen, + ldns_buffer *verify_buf, unsigned char* key, size_t keylen, + uint8_t algo) +{ + /* check for right key */ + switch(algo) { + case LDNS_DSA: + case LDNS_DSA_NSEC3: + return ldns_verify_rrsig_dsa_raw(sig, + siglen, + verify_buf, + key, + keylen); + break; + case LDNS_RSASHA1: + case LDNS_RSASHA1_NSEC3: + return ldns_verify_rrsig_rsasha1_raw(sig, + siglen, + verify_buf, + key, + keylen); + break; +#ifdef USE_SHA2 + case LDNS_RSASHA256: + return ldns_verify_rrsig_rsasha256_raw(sig, + siglen, + verify_buf, + key, + keylen); + break; + case LDNS_RSASHA512: + return ldns_verify_rrsig_rsasha512_raw(sig, + siglen, + verify_buf, + key, + keylen); + break; +#endif +#ifdef USE_GOST + case LDNS_ECC_GOST: + return ldns_verify_rrsig_gost_raw(sig, siglen, verify_buf, + key, keylen); + break; +#endif +#ifdef USE_ECDSA + case LDNS_ECDSAP256SHA256: + case LDNS_ECDSAP384SHA384: + return ldns_verify_rrsig_ecdsa_raw(sig, siglen, verify_buf, + key, keylen, algo); + break; +#endif + case LDNS_RSAMD5: + return ldns_verify_rrsig_rsamd5_raw(sig, + siglen, + verify_buf, + key, + keylen); + break; + default: + /* do you know this alg?! */ + return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; + } +} + + +/** + * Reset the ttl in the rrset with the orig_ttl from the sig + * and update owner name if it was wildcard + * Also canonicalizes the rrset. + * @param rrset: rrset to modify + * @param sig: signature to take TTL and wildcard values from + */ +static void +ldns_rrset_use_signature_ttl(ldns_rr_list* rrset_clone, ldns_rr* rrsig) +{ + uint32_t orig_ttl; + uint16_t i; + uint8_t label_count; + ldns_rdf *wildcard_name; + ldns_rdf *wildcard_chopped; + ldns_rdf *wildcard_chopped_tmp; + + if ((rrsig == NULL) || ldns_rr_rd_count(rrsig) < 4) { + return; + } + + orig_ttl = ldns_rdf2native_int32( ldns_rr_rdf(rrsig, 3)); + label_count = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 2)); + + for(i = 0; i < ldns_rr_list_rr_count(rrset_clone); i++) { + if (label_count < + ldns_dname_label_count( + ldns_rr_owner(ldns_rr_list_rr(rrset_clone, i)))) { + (void) ldns_str2rdf_dname(&wildcard_name, "*"); + wildcard_chopped = ldns_rdf_clone(ldns_rr_owner( + ldns_rr_list_rr(rrset_clone, i))); + while (label_count < ldns_dname_label_count(wildcard_chopped)) { + wildcard_chopped_tmp = ldns_dname_left_chop( + wildcard_chopped); + ldns_rdf_deep_free(wildcard_chopped); + wildcard_chopped = wildcard_chopped_tmp; + } + (void) ldns_dname_cat(wildcard_name, wildcard_chopped); + ldns_rdf_deep_free(wildcard_chopped); + ldns_rdf_deep_free(ldns_rr_owner(ldns_rr_list_rr( + rrset_clone, i))); + ldns_rr_set_owner(ldns_rr_list_rr(rrset_clone, i), + wildcard_name); + } + ldns_rr_set_ttl(ldns_rr_list_rr(rrset_clone, i), orig_ttl); + /* convert to lowercase */ + ldns_rr2canonical(ldns_rr_list_rr(rrset_clone, i)); + } +} + +/** + * Make raw signature buffer out of rrsig + * @param rawsig_buf: raw signature buffer for result + * @param rrsig: signature to convert + * @return OK or more specific error. + */ +static ldns_status +ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, ldns_rr* rrsig) +{ + uint8_t sig_algo; + + if (rrsig == NULL) { + return LDNS_STATUS_CRYPTO_NO_RRSIG; + } + if (ldns_rr_rdf(rrsig, 1) == NULL) { + return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; + } + sig_algo = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 1)); + /* check for known and implemented algo's now (otherwise + * the function could return a wrong error + */ + /* create a buffer with signature rdata */ + /* for some algorithms we need other data than for others... */ + /* (the DSA API wants DER encoding for instance) */ + + switch(sig_algo) { + case LDNS_RSAMD5: + case LDNS_RSASHA1: + case LDNS_RSASHA1_NSEC3: +#ifdef USE_SHA2 + case LDNS_RSASHA256: + case LDNS_RSASHA512: +#endif +#ifdef USE_GOST + case LDNS_ECC_GOST: +#endif + if (ldns_rr_rdf(rrsig, 8) == NULL) { + return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; + } + if (ldns_rdf2buffer_wire(rawsig_buf, ldns_rr_rdf(rrsig, 8)) + != LDNS_STATUS_OK) { + return LDNS_STATUS_MEM_ERR; + } + break; + case LDNS_DSA: + case LDNS_DSA_NSEC3: + /* EVP takes rfc2459 format, which is a tad longer than dns format */ + if (ldns_rr_rdf(rrsig, 8) == NULL) { + return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; + } + if (ldns_convert_dsa_rrsig_rdf2asn1( + rawsig_buf, ldns_rr_rdf(rrsig, 8)) + != LDNS_STATUS_OK) { + /* + if (ldns_rdf2buffer_wire(rawsig_buf, + ldns_rr_rdf(rrsig, 8)) != LDNS_STATUS_OK) { + */ + return LDNS_STATUS_MEM_ERR; + } + break; +#ifdef USE_ECDSA + case LDNS_ECDSAP256SHA256: + case LDNS_ECDSAP384SHA384: + /* EVP produces an ASN prefix on the signature, which is + * not used in the DNS */ + if (ldns_rr_rdf(rrsig, 8) == NULL) { + return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; + } + if (ldns_convert_ecdsa_rrsig_rdf2asn1( + rawsig_buf, ldns_rr_rdf(rrsig, 8)) + != LDNS_STATUS_OK) { + return LDNS_STATUS_MEM_ERR; + } + break; +#endif + case LDNS_DH: + case LDNS_ECC: + case LDNS_INDIRECT: + return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL; + default: + return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; + } + return LDNS_STATUS_OK; +} + +/** + * Check RRSIG timestamps against the given 'now' time. + * @param rrsig: signature to check. + * @param now: the current time in seconds epoch. + * @return status code LDNS_STATUS_OK if all is fine. + */ +static ldns_status +ldns_rrsig_check_timestamps(ldns_rr* rrsig, time_t now) +{ + int32_t inception, expiration; + + /* check the signature time stamps */ + inception = (int32_t)ldns_rdf2native_time_t( + ldns_rr_rrsig_inception(rrsig)); + expiration = (int32_t)ldns_rdf2native_time_t( + ldns_rr_rrsig_expiration(rrsig)); + + if (expiration - inception < 0) { + /* bad sig, expiration before inception?? Tsssg */ + return LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION; + } + if (((int32_t) now) - inception < 0) { + /* bad sig, inception date has not yet come to pass */ + return LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED; + } + if (expiration - ((int32_t) now) < 0) { + /* bad sig, expiration date has passed */ + return LDNS_STATUS_CRYPTO_SIG_EXPIRED; + } + return LDNS_STATUS_OK; +} + +/** + * Prepare for verification. + * @param rawsig_buf: raw signature buffer made ready. + * @param verify_buf: data for verification buffer made ready. + * @param rrset_clone: made ready. + * @param rrsig: signature to prepare for. + * @return LDNS_STATUS_OK is all went well. Otherwise specific error. + */ +static ldns_status +ldns_prepare_for_verify(ldns_buffer* rawsig_buf, ldns_buffer* verify_buf, + ldns_rr_list* rrset_clone, ldns_rr* rrsig) +{ + ldns_status result; + + /* canonicalize the sig */ + ldns_dname2canonical(ldns_rr_owner(rrsig)); + + /* check if the typecovered is equal to the type checked */ + if (ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rrsig)) != + ldns_rr_get_type(ldns_rr_list_rr(rrset_clone, 0))) + return LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR; + + /* create a buffer with b64 signature rdata */ + result = ldns_rrsig2rawsig_buffer(rawsig_buf, rrsig); + if(result != LDNS_STATUS_OK) + return result; + + /* use TTL from signature. Use wildcard names for wildcards */ + /* also canonicalizes rrset_clone */ + ldns_rrset_use_signature_ttl(rrset_clone, rrsig); + + /* sort the rrset in canonical order */ + ldns_rr_list_sort(rrset_clone); + + /* put the signature rr (without the b64) to the verify_buf */ + if (ldns_rrsig2buffer_wire(verify_buf, rrsig) != LDNS_STATUS_OK) + return LDNS_STATUS_MEM_ERR; + + /* add the rrset in verify_buf */ + if(ldns_rr_list2buffer_wire(verify_buf, rrset_clone) + != LDNS_STATUS_OK) + return LDNS_STATUS_MEM_ERR; + + return LDNS_STATUS_OK; +} + +/** + * Check if a key matches a signature. + * Checks keytag, sigalgo and signature. + * @param rawsig_buf: raw signature buffer for verify + * @param verify_buf: raw data buffer for verify + * @param rrsig: the rrsig + * @param key: key to attempt. + * @return LDNS_STATUS_OK if OK, else some specific error. + */ +static ldns_status +ldns_verify_test_sig_key(ldns_buffer* rawsig_buf, ldns_buffer* verify_buf, + ldns_rr* rrsig, ldns_rr* key) +{ + uint8_t sig_algo; + + if (rrsig == NULL) { + return LDNS_STATUS_CRYPTO_NO_RRSIG; + } + if (ldns_rr_rdf(rrsig, 1) == NULL) { + return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; + } + sig_algo = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 1)); + + /* before anything, check if the keytags match */ + if (ldns_calc_keytag(key) + == + ldns_rdf2native_int16(ldns_rr_rrsig_keytag(rrsig)) + ) { + ldns_buffer* key_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + ldns_status result = LDNS_STATUS_ERR; + + /* put the key-data in a buffer, that's the third rdf, with + * the base64 encoded key data */ + if (ldns_rr_rdf(key, 3) == NULL) { + ldns_buffer_free(key_buf); + return LDNS_STATUS_MISSING_RDATA_FIELDS_KEY; + } + if (ldns_rdf2buffer_wire(key_buf, ldns_rr_rdf(key, 3)) + != LDNS_STATUS_OK) { + ldns_buffer_free(key_buf); + /* returning is bad might screw up + good keys later in the list + what to do? */ + return LDNS_STATUS_ERR; + } + + if (ldns_rr_rdf(key, 2) == NULL) { + result = LDNS_STATUS_MISSING_RDATA_FIELDS_KEY; + } + else if (sig_algo == ldns_rdf2native_int8( + ldns_rr_rdf(key, 2))) { + result = ldns_verify_rrsig_buffers(rawsig_buf, + verify_buf, key_buf, sig_algo); + } else { + /* No keys with the corresponding algorithm are found */ + result = LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY; + } + + ldns_buffer_free(key_buf); + return result; + } + else { + /* No keys with the corresponding keytag are found */ + return LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY; + } +} + +/* + * to verify: + * - create the wire fmt of the b64 key rdata + * - create the wire fmt of the sorted rrset + * - create the wire fmt of the b64 sig rdata + * - create the wire fmt of the sig without the b64 rdata + * - cat the sig data (without b64 rdata) to the rrset + * - verify the rrset+sig, with the b64 data and the b64 key data + */ +ldns_status +ldns_verify_rrsig_keylist_time( + ldns_rr_list *rrset, + ldns_rr *rrsig, + const ldns_rr_list *keys, + time_t check_time, + ldns_rr_list *good_keys) +{ + ldns_status result; + ldns_rr_list *valid = ldns_rr_list_new(); + if (!valid) + return LDNS_STATUS_MEM_ERR; + + result = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, valid); + if(result != LDNS_STATUS_OK) { + ldns_rr_list_free(valid); + return result; + } + + /* check timestamps last; its OK except time */ + result = ldns_rrsig_check_timestamps(rrsig, check_time); + if(result != LDNS_STATUS_OK) { + ldns_rr_list_free(valid); + return result; + } + + ldns_rr_list_cat(good_keys, valid); + ldns_rr_list_free(valid); + return LDNS_STATUS_OK; +} + +/* + * to verify: + * - create the wire fmt of the b64 key rdata + * - create the wire fmt of the sorted rrset + * - create the wire fmt of the b64 sig rdata + * - create the wire fmt of the sig without the b64 rdata + * - cat the sig data (without b64 rdata) to the rrset + * - verify the rrset+sig, with the b64 data and the b64 key data + */ +ldns_status +ldns_verify_rrsig_keylist(ldns_rr_list *rrset, + ldns_rr *rrsig, + const ldns_rr_list *keys, + ldns_rr_list *good_keys) +{ + return ldns_verify_rrsig_keylist_time( + rrset, rrsig, keys, ldns_time(NULL), good_keys); +} + +ldns_status +ldns_verify_rrsig_keylist_notime(ldns_rr_list *rrset, + ldns_rr *rrsig, + const ldns_rr_list *keys, + ldns_rr_list *good_keys) +{ + ldns_buffer *rawsig_buf; + ldns_buffer *verify_buf; + uint16_t i; + ldns_status result, status; + ldns_rr_list *rrset_clone; + ldns_rr_list *validkeys; + + if (!rrset) { + return LDNS_STATUS_ERR; + } + + validkeys = ldns_rr_list_new(); + if (!validkeys) { + return LDNS_STATUS_MEM_ERR; + } + + /* clone the rrset so that we can fiddle with it */ + rrset_clone = ldns_rr_list_clone(rrset); + + /* create the buffers which will certainly hold the raw data */ + rawsig_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + verify_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + + result = ldns_prepare_for_verify(rawsig_buf, verify_buf, + rrset_clone, rrsig); + if(result != LDNS_STATUS_OK) { + ldns_buffer_free(verify_buf); + ldns_buffer_free(rawsig_buf); + ldns_rr_list_deep_free(rrset_clone); + ldns_rr_list_free(validkeys); + return result; + } + + result = LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY; + for(i = 0; i < ldns_rr_list_rr_count(keys); i++) { + status = ldns_verify_test_sig_key(rawsig_buf, verify_buf, + rrsig, ldns_rr_list_rr(keys, i)); + if (status == LDNS_STATUS_OK) { + /* one of the keys has matched, don't break + * here, instead put the 'winning' key in + * the validkey list and return the list + * later */ + if (!ldns_rr_list_push_rr(validkeys, + ldns_rr_list_rr(keys,i))) { + /* couldn't push the key?? */ + ldns_buffer_free(rawsig_buf); + ldns_buffer_free(verify_buf); + ldns_rr_list_deep_free(rrset_clone); + ldns_rr_list_free(validkeys); + return LDNS_STATUS_MEM_ERR; + } + + result = status; + } + + if (result == LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) { + result = status; + } + } + + /* no longer needed */ + ldns_rr_list_deep_free(rrset_clone); + ldns_buffer_free(rawsig_buf); + ldns_buffer_free(verify_buf); + + if (ldns_rr_list_rr_count(validkeys) == 0) { + /* no keys were added, return last error */ + ldns_rr_list_free(validkeys); + return result; + } + + /* do not check timestamps */ + + ldns_rr_list_cat(good_keys, validkeys); + ldns_rr_list_free(validkeys); + return LDNS_STATUS_OK; +} + +ldns_status +ldns_verify_rrsig_time( + ldns_rr_list *rrset, + ldns_rr *rrsig, + ldns_rr *key, + time_t check_time) +{ + ldns_buffer *rawsig_buf; + ldns_buffer *verify_buf; + ldns_status result; + ldns_rr_list *rrset_clone; + + if (!rrset) { + return LDNS_STATUS_NO_DATA; + } + /* clone the rrset so that we can fiddle with it */ + rrset_clone = ldns_rr_list_clone(rrset); + /* create the buffers which will certainly hold the raw data */ + rawsig_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + verify_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + + result = ldns_prepare_for_verify(rawsig_buf, verify_buf, + rrset_clone, rrsig); + if(result != LDNS_STATUS_OK) { + ldns_rr_list_deep_free(rrset_clone); + ldns_buffer_free(rawsig_buf); + ldns_buffer_free(verify_buf); + return result; + } + result = ldns_verify_test_sig_key(rawsig_buf, verify_buf, + rrsig, key); + /* no longer needed */ + ldns_rr_list_deep_free(rrset_clone); + ldns_buffer_free(rawsig_buf); + ldns_buffer_free(verify_buf); + + /* check timestamp last, apart from time its OK */ + if(result == LDNS_STATUS_OK) + result = ldns_rrsig_check_timestamps(rrsig, check_time); + + return result; +} + +ldns_status +ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr *key) +{ + return ldns_verify_rrsig_time(rrset, rrsig, key, ldns_time(NULL)); +} + + +ldns_status +ldns_verify_rrsig_evp(ldns_buffer *sig, + ldns_buffer *rrset, + EVP_PKEY *key, + const EVP_MD *digest_type) +{ + return ldns_verify_rrsig_evp_raw( + (unsigned char*)ldns_buffer_begin(sig), + ldns_buffer_position(sig), + rrset, + key, + digest_type); +} + +ldns_status +ldns_verify_rrsig_evp_raw(unsigned char *sig, size_t siglen, + ldns_buffer *rrset, EVP_PKEY *key, const EVP_MD *digest_type) +{ + EVP_MD_CTX ctx; + int res; + + EVP_MD_CTX_init(&ctx); + + EVP_VerifyInit(&ctx, digest_type); + EVP_VerifyUpdate(&ctx, + ldns_buffer_begin(rrset), + ldns_buffer_position(rrset)); + res = EVP_VerifyFinal(&ctx, sig, (unsigned int) siglen, key); + + EVP_MD_CTX_cleanup(&ctx); + + if (res == 1) { + return LDNS_STATUS_OK; + } else if (res == 0) { + return LDNS_STATUS_CRYPTO_BOGUS; + } + /* TODO how to communicate internal SSL error? + let caller use ssl's get_error() */ + return LDNS_STATUS_SSL_ERR; +} + +ldns_status +ldns_verify_rrsig_dsa(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key) +{ + return ldns_verify_rrsig_dsa_raw( + (unsigned char*) ldns_buffer_begin(sig), + ldns_buffer_position(sig), + rrset, + (unsigned char*) ldns_buffer_begin(key), + ldns_buffer_position(key)); +} + +ldns_status +ldns_verify_rrsig_rsasha1(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key) +{ + return ldns_verify_rrsig_rsasha1_raw( + (unsigned char*)ldns_buffer_begin(sig), + ldns_buffer_position(sig), + rrset, + (unsigned char*) ldns_buffer_begin(key), + ldns_buffer_position(key)); +} + +ldns_status +ldns_verify_rrsig_rsamd5(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key) +{ + return ldns_verify_rrsig_rsamd5_raw( + (unsigned char*)ldns_buffer_begin(sig), + ldns_buffer_position(sig), + rrset, + (unsigned char*) ldns_buffer_begin(key), + ldns_buffer_position(key)); +} + +ldns_status +ldns_verify_rrsig_dsa_raw(unsigned char* sig, size_t siglen, + ldns_buffer* rrset, unsigned char* key, size_t keylen) +{ + EVP_PKEY *evp_key; + ldns_status result; + + evp_key = EVP_PKEY_new(); + if (EVP_PKEY_assign_DSA(evp_key, ldns_key_buf2dsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, + siglen, + rrset, + evp_key, + EVP_dss1()); + } else { + result = LDNS_STATUS_SSL_ERR; + } + EVP_PKEY_free(evp_key); + return result; + +} + +ldns_status +ldns_verify_rrsig_rsasha1_raw(unsigned char* sig, size_t siglen, + ldns_buffer* rrset, unsigned char* key, size_t keylen) +{ + EVP_PKEY *evp_key; + ldns_status result; + + evp_key = EVP_PKEY_new(); + if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, + siglen, + rrset, + evp_key, + EVP_sha1()); + } else { + result = LDNS_STATUS_SSL_ERR; + } + EVP_PKEY_free(evp_key); + + return result; +} + +ldns_status +ldns_verify_rrsig_rsasha256_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen) +{ +#ifdef USE_SHA2 + EVP_PKEY *evp_key; + ldns_status result; + + evp_key = EVP_PKEY_new(); + if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, + siglen, + rrset, + evp_key, + EVP_sha256()); + } else { + result = LDNS_STATUS_SSL_ERR; + } + EVP_PKEY_free(evp_key); + + return result; +#else + /* touch these to prevent compiler warnings */ + (void) sig; + (void) siglen; + (void) rrset; + (void) key; + (void) keylen; + return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; +#endif +} + +ldns_status +ldns_verify_rrsig_rsasha512_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen) +{ +#ifdef USE_SHA2 + EVP_PKEY *evp_key; + ldns_status result; + + evp_key = EVP_PKEY_new(); + if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, + siglen, + rrset, + evp_key, + EVP_sha512()); + } else { + result = LDNS_STATUS_SSL_ERR; + } + EVP_PKEY_free(evp_key); + + return result; +#else + /* touch these to prevent compiler warnings */ + (void) sig; + (void) siglen; + (void) rrset; + (void) key; + (void) keylen; + return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; +#endif +} + + +ldns_status +ldns_verify_rrsig_rsamd5_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen) +{ + EVP_PKEY *evp_key; + ldns_status result; + + evp_key = EVP_PKEY_new(); + if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, + siglen, + rrset, + evp_key, + EVP_md5()); + } else { + result = LDNS_STATUS_SSL_ERR; + } + EVP_PKEY_free(evp_key); + + return result; +} + +#endif diff --git a/ldns/src/dnssec_zone.c b/ldns/src/dnssec_zone.c new file mode 100644 index 0000000..0fec48c --- /dev/null +++ b/ldns/src/dnssec_zone.c @@ -0,0 +1,1192 @@ +/* + * special zone file structures and functions for better dnssec handling + */ + +#include + +#include + +ldns_dnssec_rrs * +ldns_dnssec_rrs_new(void) +{ + ldns_dnssec_rrs *new_rrs; + new_rrs = LDNS_MALLOC(ldns_dnssec_rrs); + if(!new_rrs) return NULL; + new_rrs->rr = NULL; + new_rrs->next = NULL; + return new_rrs; +} + +INLINE void +ldns_dnssec_rrs_free_internal(ldns_dnssec_rrs *rrs, int deep) +{ + ldns_dnssec_rrs *next; + while (rrs) { + next = rrs->next; + if (deep) { + ldns_rr_free(rrs->rr); + } + LDNS_FREE(rrs); + rrs = next; + } +} + +void +ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs) +{ + ldns_dnssec_rrs_free_internal(rrs, 0); +} + +void +ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs) +{ + ldns_dnssec_rrs_free_internal(rrs, 1); +} + +ldns_status +ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr) +{ + int cmp; + ldns_dnssec_rrs *new_rrs; + if (!rrs || !rr) { + return LDNS_STATUS_ERR; + } + + /* this could be done more efficiently; name and type should already + be equal */ + cmp = ldns_rr_compare(rrs->rr, rr); + if (cmp < 0) { + if (rrs->next) { + return ldns_dnssec_rrs_add_rr(rrs->next, rr); + } else { + new_rrs = ldns_dnssec_rrs_new(); + new_rrs->rr = rr; + rrs->next = new_rrs; + } + } else if (cmp > 0) { + /* put the current old rr in the new next, put the new + rr in the current container */ + new_rrs = ldns_dnssec_rrs_new(); + new_rrs->rr = rrs->rr; + new_rrs->next = rrs->next; + rrs->rr = rr; + rrs->next = new_rrs; + } + /* Silently ignore equal rr's */ + return LDNS_STATUS_OK; +} + +void +ldns_dnssec_rrs_print_fmt(FILE *out, const ldns_output_format *fmt, + ldns_dnssec_rrs *rrs) +{ + if (!rrs) { + if ((fmt->flags & LDNS_COMMENT_LAYOUT)) + fprintf(out, "; "); + } else { + if (rrs->rr) { + ldns_rr_print_fmt(out, fmt, rrs->rr); + } + if (rrs->next) { + ldns_dnssec_rrs_print_fmt(out, fmt, rrs->next); + } + } +} + +void +ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs) +{ + ldns_dnssec_rrs_print_fmt(out, ldns_output_format_default, rrs); +} + + +ldns_dnssec_rrsets * +ldns_dnssec_rrsets_new(void) +{ + ldns_dnssec_rrsets *new_rrsets; + new_rrsets = LDNS_MALLOC(ldns_dnssec_rrsets); + if(!new_rrsets) return NULL; + new_rrsets->rrs = NULL; + new_rrsets->type = 0; + new_rrsets->signatures = NULL; + new_rrsets->next = NULL; + return new_rrsets; +} + +INLINE void +ldns_dnssec_rrsets_free_internal(ldns_dnssec_rrsets *rrsets, int deep) +{ + if (rrsets) { + if (rrsets->rrs) { + ldns_dnssec_rrs_free_internal(rrsets->rrs, deep); + } + if (rrsets->next) { + ldns_dnssec_rrsets_free_internal(rrsets->next, deep); + } + if (rrsets->signatures) { + ldns_dnssec_rrs_free_internal(rrsets->signatures, deep); + } + LDNS_FREE(rrsets); + } +} + +void +ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets) +{ + ldns_dnssec_rrsets_free_internal(rrsets, 0); +} + +void +ldns_dnssec_rrsets_deep_free(ldns_dnssec_rrsets *rrsets) +{ + ldns_dnssec_rrsets_free_internal(rrsets, 1); +} + +ldns_rr_type +ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets) +{ + if (rrsets) { + return rrsets->type; + } else { + return 0; + } +} + +ldns_status +ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets, + ldns_rr_type type) +{ + if (rrsets) { + rrsets->type = type; + return LDNS_STATUS_OK; + } + return LDNS_STATUS_ERR; +} + +static ldns_dnssec_rrsets * +ldns_dnssec_rrsets_new_frm_rr(ldns_rr *rr) +{ + ldns_dnssec_rrsets *new_rrsets; + ldns_rr_type rr_type; + bool rrsig; + + new_rrsets = ldns_dnssec_rrsets_new(); + rr_type = ldns_rr_get_type(rr); + if (rr_type == LDNS_RR_TYPE_RRSIG) { + rrsig = true; + rr_type = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); + } else { + rrsig = false; + } + if (!rrsig) { + new_rrsets->rrs = ldns_dnssec_rrs_new(); + new_rrsets->rrs->rr = rr; + } else { + new_rrsets->signatures = ldns_dnssec_rrs_new(); + new_rrsets->signatures->rr = rr; + } + new_rrsets->type = rr_type; + return new_rrsets; +} + +ldns_status +ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr) +{ + ldns_dnssec_rrsets *new_rrsets; + ldns_rr_type rr_type; + bool rrsig = false; + ldns_status result = LDNS_STATUS_OK; + + if (!rrsets || !rr) { + return LDNS_STATUS_ERR; + } + + rr_type = ldns_rr_get_type(rr); + + if (rr_type == LDNS_RR_TYPE_RRSIG) { + rrsig = true; + rr_type = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); + } + + if (!rrsets->rrs && rrsets->type == 0 && !rrsets->signatures) { + if (!rrsig) { + rrsets->rrs = ldns_dnssec_rrs_new(); + rrsets->rrs->rr = rr; + rrsets->type = rr_type; + } else { + rrsets->signatures = ldns_dnssec_rrs_new(); + rrsets->signatures->rr = rr; + rrsets->type = rr_type; + } + return LDNS_STATUS_OK; + } + + if (rr_type > ldns_dnssec_rrsets_type(rrsets)) { + if (rrsets->next) { + result = ldns_dnssec_rrsets_add_rr(rrsets->next, rr); + } else { + new_rrsets = ldns_dnssec_rrsets_new_frm_rr(rr); + rrsets->next = new_rrsets; + } + } else if (rr_type < ldns_dnssec_rrsets_type(rrsets)) { + /* move the current one into the new next, + replace field of current with data from new rr */ + new_rrsets = ldns_dnssec_rrsets_new(); + new_rrsets->rrs = rrsets->rrs; + new_rrsets->type = rrsets->type; + new_rrsets->signatures = rrsets->signatures; + new_rrsets->next = rrsets->next; + if (!rrsig) { + rrsets->rrs = ldns_dnssec_rrs_new(); + rrsets->rrs->rr = rr; + rrsets->signatures = NULL; + } else { + rrsets->rrs = NULL; + rrsets->signatures = ldns_dnssec_rrs_new(); + rrsets->signatures->rr = rr; + } + rrsets->type = rr_type; + rrsets->next = new_rrsets; + } else { + /* equal, add to current rrsets */ + if (rrsig) { + if (rrsets->signatures) { + result = ldns_dnssec_rrs_add_rr(rrsets->signatures, rr); + } else { + rrsets->signatures = ldns_dnssec_rrs_new(); + rrsets->signatures->rr = rr; + } + } else { + if (rrsets->rrs) { + result = ldns_dnssec_rrs_add_rr(rrsets->rrs, rr); + } else { + rrsets->rrs = ldns_dnssec_rrs_new(); + rrsets->rrs->rr = rr; + } + } + } + + return result; +} + +static void +ldns_dnssec_rrsets_print_soa_fmt(FILE *out, const ldns_output_format *fmt, + ldns_dnssec_rrsets *rrsets, + bool follow, + bool show_soa) +{ + if (!rrsets) { + if ((fmt->flags & LDNS_COMMENT_LAYOUT)) + fprintf(out, "; \n"); + } else { + if (rrsets->rrs && + (show_soa || + ldns_rr_get_type(rrsets->rrs->rr) != LDNS_RR_TYPE_SOA + ) + ) { + ldns_dnssec_rrs_print_fmt(out, fmt, rrsets->rrs); + if (rrsets->signatures) { + ldns_dnssec_rrs_print_fmt(out, fmt, + rrsets->signatures); + } + } + if (follow && rrsets->next) { + ldns_dnssec_rrsets_print_soa_fmt(out, fmt, + rrsets->next, follow, show_soa); + } + } +} + + +void +ldns_dnssec_rrsets_print_fmt(FILE *out, const ldns_output_format *fmt, + ldns_dnssec_rrsets *rrsets, + bool follow) +{ + ldns_dnssec_rrsets_print_soa_fmt(out, fmt, rrsets, follow, true); +} + +void +ldns_dnssec_rrsets_print(FILE *out, ldns_dnssec_rrsets *rrsets, bool follow) +{ + ldns_dnssec_rrsets_print_fmt(out, ldns_output_format_default, + rrsets, follow); +} + +ldns_dnssec_name * +ldns_dnssec_name_new(void) +{ + ldns_dnssec_name *new_name; + + new_name = LDNS_CALLOC(ldns_dnssec_name, 1); + if (!new_name) { + return NULL; + } + /* + * not needed anymore because CALLOC initalizes everything to zero. + + new_name->name = NULL; + new_name->rrsets = NULL; + new_name->name_alloced = false; + new_name->nsec = NULL; + new_name->nsec_signatures = NULL; + + new_name->is_glue = false; + new_name->hashed_name = NULL; + + */ + return new_name; +} + +ldns_dnssec_name * +ldns_dnssec_name_new_frm_rr(ldns_rr *rr) +{ + ldns_dnssec_name *new_name = ldns_dnssec_name_new(); + + new_name->name = ldns_rr_owner(rr); + if(ldns_dnssec_name_add_rr(new_name, rr) != LDNS_STATUS_OK) { + ldns_dnssec_name_free(new_name); + return NULL; + } + + return new_name; +} + +INLINE void +ldns_dnssec_name_free_internal(ldns_dnssec_name *name, + int deep) +{ + if (name) { + if (name->name_alloced) { + ldns_rdf_deep_free(name->name); + } + if (name->rrsets) { + ldns_dnssec_rrsets_free_internal(name->rrsets, deep); + } + if (name->nsec && deep) { + ldns_rr_free(name->nsec); + } + if (name->nsec_signatures) { + ldns_dnssec_rrs_free_internal(name->nsec_signatures, deep); + } + if (name->hashed_name) { + if (deep) { + ldns_rdf_deep_free(name->hashed_name); + } + } + LDNS_FREE(name); + } +} + +void +ldns_dnssec_name_free(ldns_dnssec_name *name) +{ + ldns_dnssec_name_free_internal(name, 0); +} + +void +ldns_dnssec_name_deep_free(ldns_dnssec_name *name) +{ + ldns_dnssec_name_free_internal(name, 1); +} + +ldns_rdf * +ldns_dnssec_name_name(ldns_dnssec_name *name) +{ + if (name) { + return name->name; + } + return NULL; +} + +bool +ldns_dnssec_name_is_glue(ldns_dnssec_name *name) +{ + if (name) { + return name->is_glue; + } + return false; +} + +void +ldns_dnssec_name_set_name(ldns_dnssec_name *rrset, + ldns_rdf *dname) +{ + if (rrset && dname) { + rrset->name = dname; + } +} + + +void +ldns_dnssec_name_set_nsec(ldns_dnssec_name *rrset, ldns_rr *nsec) +{ + if (rrset && nsec) { + rrset->nsec = nsec; + } +} + +int +ldns_dnssec_name_cmp(const void *a, const void *b) +{ + ldns_dnssec_name *na = (ldns_dnssec_name *) a; + ldns_dnssec_name *nb = (ldns_dnssec_name *) b; + + if (na && nb) { + return ldns_dname_compare(ldns_dnssec_name_name(na), + ldns_dnssec_name_name(nb)); + } else if (na) { + return 1; + } else if (nb) { + return -1; + } else { + return 0; + } +} + +ldns_status +ldns_dnssec_name_add_rr(ldns_dnssec_name *name, + ldns_rr *rr) +{ + ldns_status result = LDNS_STATUS_OK; + ldns_rr_type rr_type; + ldns_rr_type typecovered = 0; + + /* special handling for NSEC3 and NSECX covering RRSIGS */ + + if (!name || !rr) { + return LDNS_STATUS_ERR; + } + + rr_type = ldns_rr_get_type(rr); + + if (rr_type == LDNS_RR_TYPE_RRSIG) { + typecovered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); + } + + if (rr_type == LDNS_RR_TYPE_NSEC || + rr_type == LDNS_RR_TYPE_NSEC3) { + /* XX check if is already set (and error?) */ + name->nsec = rr; + } else if (typecovered == LDNS_RR_TYPE_NSEC || + typecovered == LDNS_RR_TYPE_NSEC3) { + if (name->nsec_signatures) { + result = ldns_dnssec_rrs_add_rr(name->nsec_signatures, rr); + } else { + name->nsec_signatures = ldns_dnssec_rrs_new(); + name->nsec_signatures->rr = rr; + } + } else { + /* it's a 'normal' RR, add it to the right rrset */ + if (name->rrsets) { + result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr); + } else { + name->rrsets = ldns_dnssec_rrsets_new(); + result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr); + } + } + return result; +} + +ldns_dnssec_rrsets * +ldns_dnssec_name_find_rrset(ldns_dnssec_name *name, + ldns_rr_type type) { + ldns_dnssec_rrsets *result; + + result = name->rrsets; + while (result) { + if (result->type == type) { + return result; + } else { + result = result->next; + } + } + return NULL; +} + +ldns_dnssec_rrsets * +ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone, + ldns_rdf *dname, + ldns_rr_type type) +{ + ldns_rbnode_t *node; + + if (!zone || !dname || !zone->names) { + return NULL; + } + + node = ldns_rbtree_search(zone->names, dname); + if (node) { + return ldns_dnssec_name_find_rrset((ldns_dnssec_name *)node->data, + type); + } else { + return NULL; + } +} + +static void +ldns_dnssec_name_print_soa_fmt(FILE *out, const ldns_output_format *fmt, + ldns_dnssec_name *name, + bool show_soa) +{ + if (name) { + if(name->rrsets) { + ldns_dnssec_rrsets_print_soa_fmt(out, fmt, + name->rrsets, true, show_soa); + } else if ((fmt->flags & LDNS_COMMENT_LAYOUT)) { + fprintf(out, ";; Empty nonterminal: "); + ldns_rdf_print(out, name->name); + fprintf(out, "\n"); + } + if(name->nsec) { + ldns_rr_print_fmt(out, fmt, name->nsec); + } + if (name->nsec_signatures) { + ldns_dnssec_rrs_print_fmt(out, fmt, + name->nsec_signatures); + } + } else if ((fmt->flags & LDNS_COMMENT_LAYOUT)) { + fprintf(out, "; \n"); + } +} + + +void +ldns_dnssec_name_print_fmt(FILE *out, const ldns_output_format *fmt, + ldns_dnssec_name *name) +{ + ldns_dnssec_name_print_soa_fmt(out, fmt, name, true); +} + +void +ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name) +{ + ldns_dnssec_name_print_fmt(out, ldns_output_format_default, name); +} + + +ldns_dnssec_zone * +ldns_dnssec_zone_new(void) +{ + ldns_dnssec_zone *zone = LDNS_MALLOC(ldns_dnssec_zone); + if(!zone) return NULL; + zone->soa = NULL; + zone->names = NULL; + zone->hashed_names = NULL; + zone->_nsec3params = NULL; + + return zone; +} + +static bool +rr_is_rrsig_covering(ldns_rr* rr, ldns_rr_type t) +{ + return ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG + && ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)) == t; +} + +/* When the zone is first read into an list and then inserted into an + * ldns_dnssec_zone (rbtree) the nodes of the rbtree are allocated close (next) + * to each other. Because ldns-verify-zone (the only program that uses this + * function) uses the rbtree mostly for sequentual walking, this results + * in a speed increase (of 15% on linux) because we have less CPU-cache misses. + */ +#define FASTER_DNSSEC_ZONE_NEW_FRM_FP 1 /* Because of L2 cache efficiency */ + +static ldns_status +ldns_dnssec_zone_add_empty_nonterminals_nsec3( + ldns_dnssec_zone *zone, ldns_rbtree_t *nsec3s); + +static void +ldns_todo_nsec3_ents_node_free(ldns_rbnode_t *node, void *arg) { + (void) arg; + ldns_rdf_deep_free((ldns_rdf *)node->key); + LDNS_FREE(node); +} + +ldns_status +ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin, + uint32_t ttl, ldns_rr_class ATTR_UNUSED(c), int* line_nr) +{ + ldns_rr* cur_rr; + size_t i; + + ldns_rdf *my_origin = NULL; + ldns_rdf *my_prev = NULL; + + ldns_dnssec_zone *newzone = ldns_dnssec_zone_new(); + /* NSEC3s may occur before the names they refer to. We must remember + them and add them to the name later on, after the name is read. + We track not yet matching NSEC3s*n the todo_nsec3s list */ + ldns_rr_list* todo_nsec3s = ldns_rr_list_new(); + /* when reading NSEC3s, there is a chance that we encounter nsecs + for empty nonterminals, whose nonterminals we cannot derive yet + because the needed information is to be read later. + + nsec3_ents (where ent is e.n.t.; i.e. empty non terminal) will + hold the NSEC3s that still didn't have a matching name in the + zone tree, even after all names were read. They can only match + after the zone is equiped with all the empty non terminals. */ + ldns_rbtree_t todo_nsec3_ents; + ldns_rbnode_t *new_node; + ldns_rr_list* todo_nsec3_rrsigs = ldns_rr_list_new(); + + ldns_status status; + +#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP + ldns_zone* zone = NULL; +#else + uint32_t my_ttl = ttl; +#endif + + ldns_rbtree_init(&todo_nsec3_ents, ldns_dname_compare_v); + +#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP + status = ldns_zone_new_frm_fp_l(&zone, fp, origin,ttl, c, line_nr); + if (status != LDNS_STATUS_OK) + goto error; +#endif + if (!newzone || !todo_nsec3s || !todo_nsec3_rrsigs ) { + status = LDNS_STATUS_MEM_ERR; + goto error; + } + if (origin) { + if (!(my_origin = ldns_rdf_clone(origin))) { + status = LDNS_STATUS_MEM_ERR; + goto error; + } + if (!(my_prev = ldns_rdf_clone(origin))) { + status = LDNS_STATUS_MEM_ERR; + goto error; + } + } + +#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP + if (ldns_zone_soa(zone)) { + status = ldns_dnssec_zone_add_rr(newzone, ldns_zone_soa(zone)); + if (status != LDNS_STATUS_OK) + goto error; + } + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { + cur_rr = ldns_rr_list_rr(ldns_zone_rrs(zone), i); + status = LDNS_STATUS_OK; +#else + while (!feof(fp)) { + status = ldns_rr_new_frm_fp_l(&cur_rr, fp, &my_ttl, &my_origin, + &my_prev, line_nr); + +#endif + switch (status) { + case LDNS_STATUS_OK: + + status = ldns_dnssec_zone_add_rr(newzone, cur_rr); + if (status == + LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) { + + if (rr_is_rrsig_covering(cur_rr, + LDNS_RR_TYPE_NSEC3)){ + ldns_rr_list_push_rr(todo_nsec3_rrsigs, + cur_rr); + } else { + ldns_rr_list_push_rr(todo_nsec3s, + cur_rr); + } + status = LDNS_STATUS_OK; + + } else if (status != LDNS_STATUS_OK) + goto error; + + break; + + + case LDNS_STATUS_SYNTAX_EMPTY: /* empty line was seen */ + case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/ + case LDNS_STATUS_SYNTAX_ORIGIN: /* the origin was set*/ + status = LDNS_STATUS_OK; + break; + + case LDNS_STATUS_SYNTAX_INCLUDE:/* $include not implemented */ + status = LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL; + break; + + default: + goto error; + } + } + + for (i = 0; status == LDNS_STATUS_OK && + i < ldns_rr_list_rr_count(todo_nsec3s); i++) { + cur_rr = ldns_rr_list_rr(todo_nsec3s, i); + status = ldns_dnssec_zone_add_rr(newzone, cur_rr); + if (status == LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) { + if (!(new_node = LDNS_MALLOC(ldns_rbnode_t))) { + status = LDNS_STATUS_MEM_ERR; + break; + } + new_node->key = ldns_dname_label(ldns_rr_owner(cur_rr), 0); + new_node->data = cur_rr; + if (!ldns_rbtree_insert(&todo_nsec3_ents, new_node)) { + LDNS_FREE(new_node); + status = LDNS_STATUS_MEM_ERR; + break; + } + status = LDNS_STATUS_OK; + } + } + if (todo_nsec3_ents.count > 0) + (void) ldns_dnssec_zone_add_empty_nonterminals_nsec3( + newzone, &todo_nsec3_ents); + for (i = 0; status == LDNS_STATUS_OK && + i < ldns_rr_list_rr_count(todo_nsec3_rrsigs); i++) { + cur_rr = ldns_rr_list_rr(todo_nsec3_rrsigs, i); + status = ldns_dnssec_zone_add_rr(newzone, cur_rr); + } + if (z) { + *z = newzone; + newzone = NULL; + } else { + ldns_dnssec_zone_free(newzone); + } + +error: +#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP + if (zone) { + ldns_zone_free(zone); + } +#endif + ldns_rr_list_free(todo_nsec3_rrsigs); + ldns_traverse_postorder(&todo_nsec3_ents, + ldns_todo_nsec3_ents_node_free, NULL); + ldns_rr_list_free(todo_nsec3s); + + if (my_origin) { + ldns_rdf_deep_free(my_origin); + } + if (my_prev) { + ldns_rdf_deep_free(my_prev); + } + if (newzone) { + ldns_dnssec_zone_free(newzone); + } + return status; +} + +ldns_status +ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin, + uint32_t ttl, ldns_rr_class ATTR_UNUSED(c)) +{ + return ldns_dnssec_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL); +} + +static void +ldns_dnssec_name_node_free(ldns_rbnode_t *node, void *arg) { + (void) arg; + ldns_dnssec_name_free((ldns_dnssec_name *)node->data); + LDNS_FREE(node); +} + +static void +ldns_dnssec_name_node_deep_free(ldns_rbnode_t *node, void *arg) { + (void) arg; + ldns_dnssec_name_deep_free((ldns_dnssec_name *)node->data); + LDNS_FREE(node); +} + +void +ldns_dnssec_zone_free(ldns_dnssec_zone *zone) +{ + if (zone) { + if (zone->names) { + /* destroy all name structures within the tree */ + ldns_traverse_postorder(zone->names, + ldns_dnssec_name_node_free, + NULL); + LDNS_FREE(zone->names); + } + LDNS_FREE(zone); + } +} + +void +ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone) +{ + if (zone) { + if (zone->names) { + /* destroy all name structures within the tree */ + ldns_traverse_postorder(zone->names, + ldns_dnssec_name_node_deep_free, + NULL); + LDNS_FREE(zone->names); + } + LDNS_FREE(zone); + } +} + +/* use for dname comparison in tree */ +int +ldns_dname_compare_v(const void *a, const void *b) { + return ldns_dname_compare((ldns_rdf *)a, (ldns_rdf *)b); +} + +static void +ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone, + ldns_dnssec_name* name, ldns_rr* nsec3rr); + +static void +ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) { + (void) arg; + LDNS_FREE(node); +} + +static void +ldns_dnssec_zone_hashed_names_from_nsec3( + ldns_dnssec_zone* zone, ldns_rr* nsec3rr) +{ + ldns_rbnode_t* current_node; + ldns_dnssec_name* current_name; + + assert(zone != NULL); + assert(nsec3rr != NULL); + + if (zone->hashed_names) { + ldns_traverse_postorder(zone->hashed_names, + ldns_hashed_names_node_free, NULL); + LDNS_FREE(zone->hashed_names); + } + zone->_nsec3params = nsec3rr; + + /* So this is a NSEC3 zone. + * Calculate hashes for all names already in the zone + */ + zone->hashed_names = ldns_rbtree_create(ldns_dname_compare_v); + if (zone->hashed_names == NULL) { + return; + } + for ( current_node = ldns_rbtree_first(zone->names) + ; current_node != LDNS_RBTREE_NULL + ; current_node = ldns_rbtree_next(current_node) + ) { + current_name = (ldns_dnssec_name *) current_node->data; + ldns_dnssec_name_make_hashed_name(zone, current_name, nsec3rr); + + } +} + +static void +ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone, + ldns_dnssec_name* name, ldns_rr* nsec3rr) +{ + ldns_rbnode_t* new_node; + + assert(name != NULL); + if (! zone->_nsec3params) { + if (! nsec3rr) { + return; + } + ldns_dnssec_zone_hashed_names_from_nsec3(zone, nsec3rr); + + } else if (! nsec3rr) { + nsec3rr = zone->_nsec3params; + } + name->hashed_name = ldns_nsec3_hash_name_frm_nsec3(nsec3rr, name->name); + + /* Also store in zone->hashed_names */ + if ((new_node = LDNS_MALLOC(ldns_rbnode_t))) { + + new_node->key = name->hashed_name; + new_node->data = name; + + if (ldns_rbtree_insert(zone->hashed_names, new_node) == NULL) { + + LDNS_FREE(new_node); + } + } +} + + +static ldns_rbnode_t * +ldns_dnssec_zone_find_nsec3_original(ldns_dnssec_zone *zone, ldns_rr *rr) { + ldns_rdf *hashed_name; + + hashed_name = ldns_dname_label(ldns_rr_owner(rr), 0); + if (hashed_name == NULL) { + return NULL; + } + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NSEC3 && ! zone->_nsec3params){ + + ldns_dnssec_zone_hashed_names_from_nsec3(zone, rr); + } + if (zone->hashed_names == NULL) { + ldns_rdf_deep_free(hashed_name); + return NULL; + } + return ldns_rbtree_search(zone->hashed_names, hashed_name); +} + +ldns_status +ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr) +{ + ldns_status result = LDNS_STATUS_OK; + ldns_dnssec_name *cur_name; + ldns_rbnode_t *cur_node; + ldns_rr_type type_covered = 0; + + if (!zone || !rr) { + return LDNS_STATUS_ERR; + } + + if (!zone->names) { + zone->names = ldns_rbtree_create(ldns_dname_compare_v); + if(!zone->names) return LDNS_STATUS_MEM_ERR; + } + + /* we need the original of the hashed name if this is + an NSEC3, or an RRSIG that covers an NSEC3 */ + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) { + type_covered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); + } + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NSEC3 || + type_covered == LDNS_RR_TYPE_NSEC3) { + cur_node = ldns_dnssec_zone_find_nsec3_original(zone, rr); + if (!cur_node) { + return LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND; + } + } else { + cur_node = ldns_rbtree_search(zone->names, ldns_rr_owner(rr)); + } + if (!cur_node) { + /* add */ + cur_name = ldns_dnssec_name_new_frm_rr(rr); + if(!cur_name) return LDNS_STATUS_MEM_ERR; + cur_node = LDNS_MALLOC(ldns_rbnode_t); + if(!cur_node) { + ldns_dnssec_name_free(cur_name); + return LDNS_STATUS_MEM_ERR; + } + cur_node->key = ldns_rr_owner(rr); + cur_node->data = cur_name; + (void)ldns_rbtree_insert(zone->names, cur_node); + ldns_dnssec_name_make_hashed_name(zone, cur_name, NULL); + } else { + cur_name = (ldns_dnssec_name *) cur_node->data; + result = ldns_dnssec_name_add_rr(cur_name, rr); + } + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) { + zone->soa = cur_name; + } + return result; +} + +void +ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt, + ldns_rbtree_t *tree, + bool print_soa) +{ + ldns_rbnode_t *node; + ldns_dnssec_name *name; + + node = ldns_rbtree_first(tree); + while (node != LDNS_RBTREE_NULL) { + name = (ldns_dnssec_name *) node->data; + ldns_dnssec_name_print_soa_fmt(out, fmt, name, print_soa); + if ((fmt->flags & LDNS_COMMENT_LAYOUT)) + fprintf(out, ";\n"); + node = ldns_rbtree_next(node); + } +} + +void +ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa) +{ + ldns_dnssec_zone_names_print_fmt(out, ldns_output_format_default, + tree, print_soa); +} + +void +ldns_dnssec_zone_print_fmt(FILE *out, const ldns_output_format *fmt, + ldns_dnssec_zone *zone) +{ + if (zone) { + if (zone->soa) { + if ((fmt->flags & LDNS_COMMENT_LAYOUT)) { + fprintf(out, ";; Zone: "); + ldns_rdf_print(out, ldns_dnssec_name_name( + zone->soa)); + fprintf(out, "\n;\n"); + } + ldns_dnssec_rrsets_print_fmt(out, fmt, + ldns_dnssec_name_find_rrset( + zone->soa, + LDNS_RR_TYPE_SOA), + false); + if ((fmt->flags & LDNS_COMMENT_LAYOUT)) + fprintf(out, ";\n"); + } + + if (zone->names) { + ldns_dnssec_zone_names_print_fmt(out, fmt, + zone->names, false); + } + } +} + +void +ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone) +{ + ldns_dnssec_zone_print_fmt(out, ldns_output_format_default, zone); +} + +static ldns_status +ldns_dnssec_zone_add_empty_nonterminals_nsec3( + ldns_dnssec_zone *zone, ldns_rbtree_t *nsec3s) +{ + ldns_dnssec_name *new_name; + ldns_rdf *cur_name; + ldns_rdf *next_name; + ldns_rbnode_t *cur_node, *next_node, *new_node; + + /* for the detection */ + uint16_t i, cur_label_count, next_label_count; + uint16_t soa_label_count = 0; + ldns_rdf *l1, *l2; + int lpos; + + if (!zone) { + return LDNS_STATUS_ERR; + } + if (zone->soa && zone->soa->name) { + soa_label_count = ldns_dname_label_count(zone->soa->name); + } + + cur_node = ldns_rbtree_first(zone->names); + while (cur_node != LDNS_RBTREE_NULL) { + next_node = ldns_rbtree_next(cur_node); + + /* skip glue */ + while (next_node != LDNS_RBTREE_NULL && + next_node->data && + ((ldns_dnssec_name *)next_node->data)->is_glue + ) { + next_node = ldns_rbtree_next(next_node); + } + + if (next_node == LDNS_RBTREE_NULL) { + next_node = ldns_rbtree_first(zone->names); + } + if (! cur_node->data || ! next_node->data) { + return LDNS_STATUS_ERR; + } + cur_name = ((ldns_dnssec_name *)cur_node->data)->name; + next_name = ((ldns_dnssec_name *)next_node->data)->name; + cur_label_count = ldns_dname_label_count(cur_name); + next_label_count = ldns_dname_label_count(next_name); + + /* Since the names are in canonical order, we can + * recognize empty non-terminals by their labels; + * every label after the first one on the next owner + * name is a non-terminal if it either does not exist + * in the current name or is different from the same + * label in the current name (counting from the end) + */ + for (i = 1; i < next_label_count - soa_label_count; i++) { + lpos = (int)cur_label_count - (int)next_label_count + (int)i; + if (lpos >= 0) { + l1 = ldns_dname_clone_from(cur_name, (uint8_t)lpos); + } else { + l1 = NULL; + } + l2 = ldns_dname_clone_from(next_name, i); + + if (!l1 || ldns_dname_compare(l1, l2) != 0) { + /* We have an empty nonterminal, add it to the + * tree + */ + ldns_rbnode_t *node = NULL; + ldns_rdf *ent_name; + + if (!(ent_name = ldns_dname_clone_from( + next_name, i))) + return LDNS_STATUS_MEM_ERR; + + if (nsec3s && zone->_nsec3params) { + ldns_rdf *ent_hashed_name; + + if (!(ent_hashed_name = + ldns_nsec3_hash_name_frm_nsec3( + zone->_nsec3params, + ent_name))) + return LDNS_STATUS_MEM_ERR; + node = ldns_rbtree_search(nsec3s, + ent_hashed_name); + if (!node) { + ldns_rdf_deep_free(l1); + ldns_rdf_deep_free(l2); + continue; + } + } + new_name = ldns_dnssec_name_new(); + if (!new_name) { + return LDNS_STATUS_MEM_ERR; + } + new_name->name = ent_name; + if (!new_name->name) { + ldns_dnssec_name_free(new_name); + return LDNS_STATUS_MEM_ERR; + } + new_name->name_alloced = true; + new_node = LDNS_MALLOC(ldns_rbnode_t); + if (!new_node) { + ldns_dnssec_name_free(new_name); + return LDNS_STATUS_MEM_ERR; + } + new_node->key = new_name->name; + new_node->data = new_name; + (void)ldns_rbtree_insert(zone->names, new_node); + ldns_dnssec_name_make_hashed_name( + zone, new_name, NULL); + if (node) + (void) ldns_dnssec_zone_add_rr(zone, + (ldns_rr *)node->data); + } + ldns_rdf_deep_free(l1); + ldns_rdf_deep_free(l2); + } + + /* we might have inserted a new node after + * the current one so we can't just use next() + */ + if (next_node != ldns_rbtree_first(zone->names)) { + cur_node = next_node; + } else { + cur_node = LDNS_RBTREE_NULL; + } + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone) +{ + return ldns_dnssec_zone_add_empty_nonterminals_nsec3(zone, NULL); +} + +bool +ldns_dnssec_zone_is_nsec3_optout(ldns_dnssec_zone* zone) +{ + ldns_rr* nsec3; + ldns_rbnode_t* node; + + if (ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_NSEC3PARAM)) { + node = ldns_rbtree_first(zone->names); + while (node != LDNS_RBTREE_NULL) { + nsec3 = ((ldns_dnssec_name*)node->data)->nsec; + if (nsec3 &&ldns_rr_get_type(nsec3) + == LDNS_RR_TYPE_NSEC3 && + ldns_nsec3_optout(nsec3)) { + return true; + } + node = ldns_rbtree_next(node); + } + } + return false; +} diff --git a/ldns/src/duration.c b/ldns/src/duration.c new file mode 100644 index 0000000..6d0a388 --- /dev/null +++ b/ldns/src/duration.c @@ -0,0 +1,354 @@ +/* + * $Id: duration.c 4518 2011-02-24 15:39:09Z matthijs $ + * + * Copyright (c) 2009 NLNet Labs. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER + * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN + * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * + * This file is copied from the OpenDNSSEC source repository + * and only slightly adapted to make it fit. + */ + +/** + * + * Durations. + */ + +#include +#include + +#include +#include +#include +#include + + +/** + * Create a new 'instant' duration. + * + */ +ldns_duration_type* +ldns_duration_create(void) +{ + ldns_duration_type* duration; + + duration = malloc(sizeof(ldns_duration_type)); + if (!duration) { + return NULL; + } + duration->years = 0; + duration->months = 0; + duration->weeks = 0; + duration->days = 0; + duration->hours = 0; + duration->minutes = 0; + duration->seconds = 0; + return duration; +} + + +/** + * Compare durations. + * + */ +int +ldns_duration_compare(ldns_duration_type* d1, ldns_duration_type* d2) +{ + if (!d1 && !d2) { + return 0; + } + if (!d1 || !d2) { + return d1?-1:1; + } + + if (d1->years != d2->years) { + return (int) (d1->years - d2->years); + } + if (d1->months != d2->months) { + return (int) (d1->months - d2->months); + } + if (d1->weeks != d2->weeks) { + return (int) (d1->weeks - d2->weeks); + } + if (d1->days != d2->days) { + return (int) (d1->days - d2->days); + } + if (d1->hours != d2->hours) { + return (int) (d1->hours - d2->hours); + } + if (d1->minutes != d2->minutes) { + return (int) (d1->minutes - d2->minutes); + } + if (d1->seconds != d2->seconds) { + return (int) (d1->seconds - d2->seconds); + } + + return 0; +} + + +/** + * Create a duration from string. + * + */ +ldns_duration_type* +ldns_duration_create_from_string(const char* str) +{ + ldns_duration_type* duration = ldns_duration_create(); + char* P, *X, *T, *W; + int not_weeks = 0; + + if (!duration) { + return NULL; + } + if (!str) { + return duration; + } + + P = strchr(str, 'P'); + if (!P) { + ldns_duration_cleanup(duration); + return NULL; + } + + T = strchr(str, 'T'); + X = strchr(str, 'Y'); + if (X) { + duration->years = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + X = strchr(str, 'M'); + if (X && (!T || (size_t) (X-P) < (size_t) (T-P))) { + duration->months = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + X = strchr(str, 'D'); + if (X) { + duration->days = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + if (T) { + str = T; + not_weeks = 1; + } + X = strchr(str, 'H'); + if (X && T) { + duration->hours = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + X = strrchr(str, 'M'); + if (X && T && (size_t) (X-P) > (size_t) (T-P)) { + duration->minutes = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + X = strchr(str, 'S'); + if (X && T) { + duration->seconds = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + + W = strchr(str, 'W'); + if (W) { + if (not_weeks) { + ldns_duration_cleanup(duration); + return NULL; + } else { + duration->weeks = (time_t) atoi(str+1); + str = W; + } + } + return duration; +} + + +/** + * Get the number of digits in a number. + * + */ +static size_t +digits_in_number(time_t duration) +{ + uint32_t period = (uint32_t) duration; + size_t count = 0; + + while (period > 0) { + count++; + period /= 10; + } + return count; +} + + +/** + * Convert a duration to a string. + * + */ +char* +ldns_duration2string(ldns_duration_type* duration) +{ + char* str = NULL, *num = NULL; + size_t count = 2; + int T = 0; + + if (!duration) { + return NULL; + } + + if (duration->years > 0) { + count = count + 1 + digits_in_number(duration->years); + } + if (duration->months > 0) { + count = count + 1 + digits_in_number(duration->months); + } + if (duration->weeks > 0) { + count = count + 1 + digits_in_number(duration->weeks); + } + if (duration->days > 0) { + count = count + 1 + digits_in_number(duration->days); + } + if (duration->hours > 0) { + count = count + 1 + digits_in_number(duration->hours); + T = 1; + } + if (duration->minutes > 0) { + count = count + 1 + digits_in_number(duration->minutes); + T = 1; + } + if (duration->seconds > 0) { + count = count + 1 + digits_in_number(duration->seconds); + T = 1; + } + if (T) { + count++; + } + + str = (char*) calloc(count, sizeof(char)); + str[0] = 'P'; + str[1] = '\0'; + + if (duration->years > 0) { + count = digits_in_number(duration->years); + num = (char*) calloc(count+2, sizeof(char)); + snprintf(num, count+2, "%uY", (unsigned int) duration->years); + str = strncat(str, num, count+2); + free((void*) num); + } + if (duration->months > 0) { + count = digits_in_number(duration->months); + num = (char*) calloc(count+2, sizeof(char)); + snprintf(num, count+2, "%uM", (unsigned int) duration->months); + str = strncat(str, num, count+2); + free((void*) num); + } + if (duration->weeks > 0) { + count = digits_in_number(duration->weeks); + num = (char*) calloc(count+2, sizeof(char)); + snprintf(num, count+2, "%uW", (unsigned int) duration->weeks); + str = strncat(str, num, count+2); + free((void*) num); + } + if (duration->days > 0) { + count = digits_in_number(duration->days); + num = (char*) calloc(count+2, sizeof(char)); + snprintf(num, count+2, "%uD", (unsigned int) duration->days); + str = strncat(str, num, count+2); + free((void*) num); + } + if (T) { + str = strncat(str, "T", 1); + } + if (duration->hours > 0) { + count = digits_in_number(duration->hours); + num = (char*) calloc(count+2, sizeof(char)); + snprintf(num, count+2, "%uH", (unsigned int) duration->hours); + str = strncat(str, num, count+2); + free((void*) num); + } + if (duration->minutes > 0) { + count = digits_in_number(duration->minutes); + num = (char*) calloc(count+2, sizeof(char)); + snprintf(num, count+2, "%uM", (unsigned int) duration->minutes); + str = strncat(str, num, count+2); + free((void*) num); + } + if (duration->seconds > 0) { + count = digits_in_number(duration->seconds); + num = (char*) calloc(count+2, sizeof(char)); + snprintf(num, count+2, "%uS", (unsigned int) duration->seconds); + str = strncat(str, num, count+2); + free((void*) num); + } + return str; +} + + +/** + * Convert a duration to a time. + * + */ +time_t +ldns_duration2time(ldns_duration_type* duration) +{ + time_t period = 0; + + if (duration) { + period += (duration->seconds); + period += (duration->minutes)*60; + period += (duration->hours)*3600; + period += (duration->days)*86400; + period += (duration->weeks)*86400*7; + period += (duration->months)*86400*31; + period += (duration->years)*86400*365; + + /* [TODO] calculate correct number of days in this month/year */ + /* + if (duration->months || duration->years) { + } + */ + } + return period; +} + + +/** + * Clean up duration. + * + */ +void +ldns_duration_cleanup(ldns_duration_type* duration) +{ + if (!duration) { + return; + } + free(duration); + return; +} diff --git a/ldns/src/error.c b/ldns/src/error.c new file mode 100644 index 0000000..82ea61a --- /dev/null +++ b/ldns/src/error.c @@ -0,0 +1,160 @@ +/* + * a error2str function to make sense of all the + * error codes we have laying ardoun + * + * a Net::DNS like library for C + * LibDNS Team @ NLnet Labs + * (c) NLnet Labs, 2005-2006 + * See the file LICENSE for the license + */ + +#include + +#include + +ldns_lookup_table ldns_error_str[] = { + { LDNS_STATUS_OK, "All OK" }, + { LDNS_STATUS_EMPTY_LABEL, "Empty label" }, + { LDNS_STATUS_LABEL_OVERFLOW, "Label length overflow" }, + { LDNS_STATUS_DOMAINNAME_OVERFLOW, "Domainname length overflow" }, + { LDNS_STATUS_DOMAINNAME_UNDERFLOW, "Domainname length underflow (zero length)" }, + { LDNS_STATUS_DDD_OVERFLOW, "\\DDD sequence overflow (>255)" }, + { LDNS_STATUS_PACKET_OVERFLOW, "Packet size overflow" }, + { LDNS_STATUS_INVALID_POINTER, "Invalid compression pointer" }, + { LDNS_STATUS_MEM_ERR, "General memory error" }, + { LDNS_STATUS_INTERNAL_ERR, "Internal error, this should not happen" }, + { LDNS_STATUS_SSL_ERR, "Error in SSL library" }, + { LDNS_STATUS_ERR, "General LDNS error" }, + { LDNS_STATUS_INVALID_INT, "Conversion error, integer expected" }, + { LDNS_STATUS_INVALID_IP4, "Conversion error, ip4 addr expected" }, + { LDNS_STATUS_INVALID_IP6, "Conversion error, ip6 addr expected" }, + { LDNS_STATUS_INVALID_STR, "Conversion error, string expected" }, + { LDNS_STATUS_INVALID_B32_EXT, "Conversion error, b32 ext encoding expected" }, + { LDNS_STATUS_INVALID_B64, "Conversion error, b64 encoding expected" }, + { LDNS_STATUS_INVALID_HEX, "Conversion error, hex encoding expected" }, + { LDNS_STATUS_INVALID_TIME, "Conversion error, time encoding expected" }, + { LDNS_STATUS_NETWORK_ERR, "Could not send or receive, because of network error" }, + { LDNS_STATUS_ADDRESS_ERR, "Could not start AXFR, because of address error" }, + { LDNS_STATUS_FILE_ERR, "Could not open the files" }, + { LDNS_STATUS_UNKNOWN_INET, "Uknown address family" }, + { LDNS_STATUS_NOT_IMPL, "This function is not implemented (yet), please notify the developers - or not..." }, + { LDNS_STATUS_NULL, "Supplied value pointer null" }, + { LDNS_STATUS_CRYPTO_UNKNOWN_ALGO, "Unknown cryptographic algorithm" }, + { LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL, "Cryptographic algorithm not implemented" }, + { LDNS_STATUS_CRYPTO_NO_RRSIG, "No DNSSEC signature(s)" }, + { LDNS_STATUS_CRYPTO_NO_DNSKEY, "No DNSSEC public key(s)" }, + { LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR, "The signature does not cover this RRset" }, + { LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY, "No signatures found for trusted DNSSEC public key(s)" }, + { LDNS_STATUS_CRYPTO_NO_DS, "No DS record(s)" }, + { LDNS_STATUS_CRYPTO_NO_TRUSTED_DS, "Could not validate DS record(s)" }, + { LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY, "No keys with the keytag and algorithm from the RRSIG found" }, + { LDNS_STATUS_CRYPTO_VALIDATED, "Valid DNSSEC signature" }, + { LDNS_STATUS_CRYPTO_BOGUS, "Bogus DNSSEC signature" }, + { LDNS_STATUS_CRYPTO_SIG_EXPIRED, "DNSSEC signature has expired" }, + { LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED, "DNSSEC signature not incepted yet" }, + { LDNS_STATUS_CRYPTO_TSIG_BOGUS, "Bogus TSIG signature" }, + { LDNS_STATUS_CRYPTO_TSIG_ERR, "Could not create TSIG signature" }, + { LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION, "DNSSEC signature has expiration date earlier than inception date" }, + { LDNS_STATUS_ENGINE_KEY_NOT_LOADED, "Unable to load private key from engine" }, + { LDNS_STATUS_NSEC3_ERR, "Error in NSEC3 denial of existence proof" }, + { LDNS_STATUS_RES_NO_NS, "No (valid) nameservers defined in the resolver" }, + { LDNS_STATUS_RES_QUERY, "No correct query given to resolver" }, + { LDNS_STATUS_WIRE_INCOMPLETE_HEADER, "header section incomplete" }, + { LDNS_STATUS_WIRE_INCOMPLETE_QUESTION, "question section incomplete" }, + { LDNS_STATUS_WIRE_INCOMPLETE_ANSWER, "answer section incomplete" }, + { LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY, "authority section incomplete" }, + { LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL, "additional section incomplete" }, + { LDNS_STATUS_NO_DATA, "No data" }, + { LDNS_STATUS_EXISTS_ERR, "Element already exists" }, + { LDNS_STATUS_CERT_BAD_ALGORITHM, "Bad algorithm type for CERT record" }, + { LDNS_STATUS_SYNTAX_TYPE_ERR, "Syntax error, could not parse the RR's type" }, + { LDNS_STATUS_SYNTAX_CLASS_ERR, "Syntax error, could not parse the RR's class" }, + { LDNS_STATUS_SYNTAX_TTL_ERR, "Syntax error, could not parse the RR's TTL" }, + { LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL, "Syntax error, $INCLUDE not implemented" }, + { LDNS_STATUS_SYNTAX_RDATA_ERR, "Syntax error, could not parse the RR's rdata" }, + { LDNS_STATUS_SYNTAX_DNAME_ERR, "Syntax error, could not parse the RR's dname(s)" }, + { LDNS_STATUS_SYNTAX_VERSION_ERR, "Syntax error, version mismatch" }, + { LDNS_STATUS_SYNTAX_ALG_ERR, "Syntax error, algorithm unknown or non parseable" }, + { LDNS_STATUS_SYNTAX_KEYWORD_ERR, "Syntax error, unknown keyword in input" }, + { LDNS_STATUS_SYNTAX_ERR, "Syntax error, could not parse the RR" }, + { LDNS_STATUS_SYNTAX_EMPTY, "Empty line was returned" }, + { LDNS_STATUS_SYNTAX_TTL, "$TTL directive was seen in the zone" }, + { LDNS_STATUS_SYNTAX_ORIGIN, "$ORIGIN directive was seen in the zone" }, + { LDNS_STATUS_SYNTAX_INCLUDE, "$INCLUDE directive was seen in the zone" }, + { LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW, "Iterations count for NSEC3 record higher than maximum" }, + { LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR, "Syntax error, value expected" }, + { LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer value too large" }, + { LDNS_STATUS_SYNTAX_BAD_ESCAPE, "Syntax error, bad escape sequence" }, + { LDNS_STATUS_SOCKET_ERROR, "Error creating socket" }, + { LDNS_STATUS_DNSSEC_EXISTENCE_DENIED, "Existence denied by NSEC" }, + { LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED, "RR not covered by the given NSEC RRs" }, + { LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED, "wildcard not covered by the given NSEC RRs" }, + { LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND, "original of NSEC3 hashed name could not be found" }, + { LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG, "The RRSIG has to few rdata fields" }, + { LDNS_STATUS_MISSING_RDATA_FIELDS_KEY, "The DNSKEY has to few rdata fields" }, + { LDNS_STATUS_CRYPTO_SIG_EXPIRED_WITHIN_MARGIN, + "DNSSEC signature will expire too soon" }, + { LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED_WITHIN_MARGIN, + "DNSSEC signature not incepted long enough" }, + { LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE, + "Unknown TLSA Certificate Usage" }, + { LDNS_STATUS_DANE_UNKNOWN_SELECTOR, "Unknown TLSA Selector" }, + { LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE, + "Unknown TLSA Matching Type" }, + { LDNS_STATUS_DANE_UNKNOWN_PROTOCOL, + "Unknown protocol. Only IPv4 and IPv6 are understood" }, + { LDNS_STATUS_DANE_UNKNOWN_TRANSPORT, + "Unknown transport. Should be one of {tcp, udp, sctp}" }, + { LDNS_STATUS_DANE_MISSING_EXTRA_CERTS, /* Trust anchor assertion */ + "More than one certificate should be provided" }, + { LDNS_STATUS_DANE_EXTRA_CERTS_NOT_USED, /* Trust anchor assertion */ + "Non of the extra certificates is used to sign the first" }, + { LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE, /* Trust anchor assertion */ + "The offset was out of range" }, + { LDNS_STATUS_DANE_INSECURE, /* Unused by library */ + "The queried resource records were insecure" }, + { LDNS_STATUS_DANE_BOGUS, /* Unused by library */ + "The queried resource records were bogus" }, + { LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH, + "The TLSA record(s) " + "did not match with the server certificate (chain)" }, + { LDNS_STATUS_DANE_NON_CA_CERTIFICATE, + "The certificate was not a CA certificate" }, + { LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE, + "Could not PKIX validate" }, + { LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR, + "The validation path " + "did not end in a self-signed certificate" }, + { LDNS_STATUS_INVALID_ILNP64, + "Conversion error, 4 colon separated hex numbers expected" }, + { LDNS_STATUS_INVALID_EUI48, + "Conversion error, 6 two character hex numbers " + "separated by dashes expected (i.e. xx-xx-xx-xx-xx-xx" }, + { LDNS_STATUS_INVALID_EUI64, + "Conversion error, 8 two character hex numbers " + "separated by dashes expected (i.e. xx-xx-xx-xx-xx-xx-xx-xx" }, + { LDNS_STATUS_WIRE_RDATA_ERR, "invalid rdata in wire format" }, + { LDNS_STATUS_INVALID_TAG, + "Conversion error, a non-zero sequence of US-ASCII letters " + "and numbers in lower case expected" }, + { LDNS_STATUS_TYPE_NOT_IN_BITMAP, + "The RR type bitmap rdata field did not have " + "a bit reserved for the specific RR type" }, + { LDNS_STATUS_INVALID_RDF_TYPE, + "The rdata field was not of the expected type" }, + { LDNS_STATUS_RDATA_OVERFLOW, "Rdata size overflow" }, + { 0, NULL } +}; + +const char * +ldns_get_errorstr_by_id(ldns_status err) +{ + ldns_lookup_table *lt; + + lt = ldns_lookup_by_id(ldns_error_str, err); + + if (lt) { + return lt->name; + } + return NULL; +} diff --git a/ldns/src/higher.c b/ldns/src/higher.c new file mode 100644 index 0000000..8ce86a4 --- /dev/null +++ b/ldns/src/higher.c @@ -0,0 +1,344 @@ +/* + * higher.c + * + * Specify some higher level functions that would + * be usefull to would be developers + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +#ifdef HAVE_SSL +#include +#include +#endif /* HAVE_SSL */ + +ldns_rr_list * +ldns_get_rr_list_addr_by_name(ldns_resolver *res, ldns_rdf *name, ldns_rr_class c, + uint16_t flags) +{ + ldns_pkt *pkt; + ldns_rr_list *aaaa; + ldns_rr_list *a; + ldns_rr_list *result = NULL; + ldns_rr_list *hostsfilenames; + size_t i; + uint8_t ip6; + + a = NULL; + aaaa = NULL; + result = NULL; + + if (!res) { + return NULL; + } + if (ldns_rdf_get_type(name) != LDNS_RDF_TYPE_DNAME) { + return NULL; + } + + ip6 = ldns_resolver_ip6(res); /* we use INET_ANY here, save + what was there */ + + ldns_resolver_set_ip6(res, LDNS_RESOLV_INETANY); + + hostsfilenames = ldns_get_rr_list_hosts_frm_file(NULL); + for (i = 0; i < ldns_rr_list_rr_count(hostsfilenames); i++) { + if (ldns_rdf_compare(name, + ldns_rr_owner(ldns_rr_list_rr(hostsfilenames, + i))) == 0) { + if (!result) { + result = ldns_rr_list_new(); + } + ldns_rr_list_push_rr(result, + ldns_rr_clone(ldns_rr_list_rr(hostsfilenames, i))); + } + } + ldns_rr_list_deep_free(hostsfilenames); + + if (result) { + return result; + } + + /* add the RD flags, because we want an answer */ + pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_AAAA, c, flags | LDNS_RD); + if (pkt) { + /* extract the data we need */ + aaaa = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_AAAA, + LDNS_SECTION_ANSWER); + ldns_pkt_free(pkt); + } + + pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_A, c, flags | LDNS_RD); + if (pkt) { + /* extract the data we need */ + a = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_A, LDNS_SECTION_ANSWER); + ldns_pkt_free(pkt); + } + ldns_resolver_set_ip6(res, ip6); + + if (aaaa && a) { + result = ldns_rr_list_cat_clone(aaaa, a); + ldns_rr_list_deep_free(aaaa); + ldns_rr_list_deep_free(a); + return result; + } + + if (aaaa) { + result = ldns_rr_list_clone(aaaa); + } + + if (a) { + result = ldns_rr_list_clone(a); + } + + ldns_rr_list_deep_free(aaaa); + ldns_rr_list_deep_free(a); + return result; +} + +ldns_rr_list * +ldns_get_rr_list_name_by_addr(ldns_resolver *res, ldns_rdf *addr, ldns_rr_class c, + uint16_t flags) +{ + ldns_pkt *pkt; + ldns_rr_list *names; + ldns_rdf *name; + + names = NULL; + + if (!res || !addr) { + return NULL; + } + + if (ldns_rdf_get_type(addr) != LDNS_RDF_TYPE_A && + ldns_rdf_get_type(addr) != LDNS_RDF_TYPE_AAAA) { + return NULL; + } + + name = ldns_rdf_address_reverse(addr); + + /* add the RD flags, because we want an answer */ + pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_PTR, c, flags | LDNS_RD); + ldns_rdf_deep_free(name); + if (pkt) { + /* extract the data we need */ + names = ldns_pkt_rr_list_by_type(pkt, + LDNS_RR_TYPE_PTR, LDNS_SECTION_ANSWER); + ldns_pkt_free(pkt); + } + return names; +} + +/* read a line, put it in a buffer, parse the buffer */ +ldns_rr_list * +ldns_get_rr_list_hosts_frm_fp(FILE *fp) +{ + return ldns_get_rr_list_hosts_frm_fp_l(fp, NULL); +} + +ldns_rr_list * +ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr) +{ + ssize_t i, j; + size_t cnt; + char *line; + char *word; + char *addr; + char *rr_str; + ldns_buffer *linebuf; + ldns_rr *rr; + ldns_rr_list *list; + ldns_rdf *tmp; + bool ip6; + ldns_status parse_result; + + line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); + word = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); + addr = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); + rr_str = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); + ip6 = false; + list = ldns_rr_list_new(); + rr = NULL; + if(!line || !word || !addr || !rr_str || !list) { + LDNS_FREE(line); + LDNS_FREE(word); + LDNS_FREE(addr); + LDNS_FREE(rr_str); + ldns_rr_list_free(list); + return NULL; + } + + for(i = ldns_fget_token_l(fp, line, "\n", LDNS_MAX_LINELEN, line_nr); + i > 0; i = ldns_fget_token_l(fp, line, "\n", LDNS_MAX_LINELEN, line_nr)) { + /* # is comment */ + if (line[0] == '#') { + continue; + } + /* put it in a buffer for further processing */ + linebuf = LDNS_MALLOC(ldns_buffer); + if(!linebuf) { + LDNS_FREE(line); + LDNS_FREE(word); + LDNS_FREE(addr); + LDNS_FREE(rr_str); + ldns_rr_list_deep_free(list); + return NULL; + } + + ldns_buffer_new_frm_data(linebuf, line, (size_t) i); + for(cnt = 0, j = ldns_bget_token(linebuf, word, LDNS_PARSE_NO_NL, LDNS_MAX_LINELEN); + j > 0; + j = ldns_bget_token(linebuf, word, LDNS_PARSE_NO_NL, LDNS_MAX_LINELEN), cnt++) { + if (cnt == 0) { + /* the address */ + if ((tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, + word))) { + /* ip6 */ + ldns_rdf_deep_free(tmp); + ip6 = true; + } else { + if ((tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, + word))) { + /* ip4 */ + ldns_rdf_deep_free(tmp); + ip6 = false; + } else { + /* kaput */ + break; + } + } + (void)strlcpy(addr, word, LDNS_MAX_LINELEN+1); + } else { + /* la al la la */ + if (ip6) { + snprintf(rr_str, LDNS_MAX_LINELEN, + "%s IN AAAA %s", word, addr); + } else { + snprintf(rr_str, LDNS_MAX_LINELEN, + "%s IN A %s", word, addr); + } + parse_result = ldns_rr_new_frm_str(&rr, rr_str, 0, NULL, NULL); + if (parse_result == LDNS_STATUS_OK && ldns_rr_owner(rr) && ldns_rr_rd_count(rr) > 0) { + ldns_rr_list_push_rr(list, ldns_rr_clone(rr)); + } + ldns_rr_free(rr); + } + } + ldns_buffer_free(linebuf); + } + LDNS_FREE(line); + LDNS_FREE(word); + LDNS_FREE(addr); + LDNS_FREE(rr_str); + return list; +} + +ldns_rr_list * +ldns_get_rr_list_hosts_frm_file(char *filename) +{ + ldns_rr_list *names; + FILE *fp; + + if (!filename) { + fp = fopen(LDNS_RESOLV_HOSTS, "r"); + + } else { + fp = fopen(filename, "r"); + } + if (!fp) { + return NULL; + } + + names = ldns_get_rr_list_hosts_frm_fp(fp); + fclose(fp); + return names; +} + +uint16_t +ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c, + ldns_rr_list **ret) +{ + ldns_rdf_type t; + uint16_t names_found; + ldns_resolver *r; + ldns_status s; + + t = ldns_rdf_get_type(node); + names_found = 0; + r = res; + + if (res == NULL) { + /* prepare a new resolver, using /etc/resolv.conf as a guide */ + s = ldns_resolver_new_frm_file(&r, NULL); + if (s != LDNS_STATUS_OK) { + return 0; + } + } + + if (t == LDNS_RDF_TYPE_DNAME) { + /* we're asked to query for a name */ + *ret = ldns_get_rr_list_addr_by_name(r, node, c, 0); + names_found = ldns_rr_list_rr_count(*ret); + } + + if (t == LDNS_RDF_TYPE_A || t == LDNS_RDF_TYPE_AAAA) { + /* an address */ + *ret = ldns_get_rr_list_name_by_addr(r, node, c, 0); + names_found = ldns_rr_list_rr_count(*ret); + } + + if (res == NULL) { + ldns_resolver_deep_free(r); + } + + return names_found; +} + +bool +ldns_nsec_type_check(ldns_rr *nsec, ldns_rr_type t) +{ + switch (ldns_rr_get_type(nsec)) { + case LDNS_RR_TYPE_NSEC : if (ldns_rr_rd_count(nsec) < 2) { + return false; + } + return ldns_nsec_bitmap_covers_type( + ldns_rr_rdf(nsec, 1), t); + + case LDNS_RR_TYPE_NSEC3 : if (ldns_rr_rd_count(nsec) < 6) { + return false; + } + return ldns_nsec_bitmap_covers_type( + ldns_rr_rdf(nsec, 5), t); + + default : return false; + } +} + +void +ldns_print_rr_rdf(FILE *fp, ldns_rr *r, int rdfnum, ...) +{ + int16_t rdf; + ldns_rdf *rd; + va_list va_rdf; + va_start(va_rdf, rdfnum); + + for (rdf = (int16_t)rdfnum; rdf != -1; rdf = (int16_t)va_arg(va_rdf, int)) + { + rd = ldns_rr_rdf(r, rdf); + if (!rd) { + continue; + } else { + ldns_rdf_print(fp, rd); + fprintf(fp, " "); /* not sure if we want to do this */ + } + } + va_end(va_rdf); +} + diff --git a/ldns/src/host2str.c b/ldns/src/host2str.c new file mode 100644 index 0000000..3445254 --- /dev/null +++ b/ldns/src/host2str.c @@ -0,0 +1,2635 @@ +/* + * host2str.c + * + * conversion routines from the host format + * to the presentation format (strings) + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ +#include + +#include + +#include + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#include +#include + +#ifndef INET_ADDRSTRLEN +#define INET_ADDRSTRLEN 16 +#endif +#ifndef INET6_ADDRSTRLEN +#define INET6_ADDRSTRLEN 46 +#endif + +/* lookup tables for standard DNS stuff */ + +/* Taken from RFC 2535, section 7. */ +ldns_lookup_table ldns_algorithms[] = { + { LDNS_RSAMD5, "RSAMD5" }, + { LDNS_DH, "DH" }, + { LDNS_DSA, "DSA" }, + { LDNS_ECC, "ECC" }, + { LDNS_RSASHA1, "RSASHA1" }, + { LDNS_DSA_NSEC3, "DSA-NSEC3-SHA1" }, + { LDNS_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" }, +#ifdef USE_SHA2 + { LDNS_RSASHA256, "RSASHA256"}, + { LDNS_RSASHA512, "RSASHA512"}, +#endif +#ifdef USE_GOST + { LDNS_ECC_GOST, "ECC-GOST"}, +#endif +#ifdef USE_ECDSA + { LDNS_ECDSAP256SHA256, "ECDSAP256SHA256"}, + { LDNS_ECDSAP384SHA384, "ECDSAP384SHA384"}, +#endif + { LDNS_INDIRECT, "INDIRECT" }, + { LDNS_PRIVATEDNS, "PRIVATEDNS" }, + { LDNS_PRIVATEOID, "PRIVATEOID" }, + { 0, NULL } +}; + +/* Taken from RFC 4398 */ +ldns_lookup_table ldns_cert_algorithms[] = { + { LDNS_CERT_PKIX, "PKIX" }, + { LDNS_CERT_SPKI, "SPKI" }, + { LDNS_CERT_PGP, "PGP" }, + { LDNS_CERT_IPKIX, "IPKIX" }, + { LDNS_CERT_ISPKI, "ISPKI" }, + { LDNS_CERT_IPGP, "IPGP" }, + { LDNS_CERT_ACPKIX, "ACPKIX" }, + { LDNS_CERT_IACPKIX, "IACPKIX" }, + { LDNS_CERT_URI, "URI" }, + { LDNS_CERT_OID, "OID" }, + { 0, NULL } +}; + +/* classes */ +ldns_lookup_table ldns_rr_classes[] = { + { LDNS_RR_CLASS_IN, "IN" }, + { LDNS_RR_CLASS_CH, "CH" }, + { LDNS_RR_CLASS_HS, "HS" }, + { LDNS_RR_CLASS_NONE, "NONE" }, + { LDNS_RR_CLASS_ANY, "ANY" }, + { 0, NULL } +}; + +/* if these are used elsewhere */ +ldns_lookup_table ldns_rcodes[] = { + { LDNS_RCODE_NOERROR, "NOERROR" }, + { LDNS_RCODE_FORMERR, "FORMERR" }, + { LDNS_RCODE_SERVFAIL, "SERVFAIL" }, + { LDNS_RCODE_NXDOMAIN, "NXDOMAIN" }, + { LDNS_RCODE_NOTIMPL, "NOTIMPL" }, + { LDNS_RCODE_REFUSED, "REFUSED" }, + { LDNS_RCODE_YXDOMAIN, "YXDOMAIN" }, + { LDNS_RCODE_YXRRSET, "YXRRSET" }, + { LDNS_RCODE_NXRRSET, "NXRRSET" }, + { LDNS_RCODE_NOTAUTH, "NOTAUTH" }, + { LDNS_RCODE_NOTZONE, "NOTZONE" }, + { 0, NULL } +}; + +ldns_lookup_table ldns_opcodes[] = { + { LDNS_PACKET_QUERY, "QUERY" }, + { LDNS_PACKET_IQUERY, "IQUERY" }, + { LDNS_PACKET_STATUS, "STATUS" }, + { LDNS_PACKET_NOTIFY, "NOTIFY" }, + { LDNS_PACKET_UPDATE, "UPDATE" }, + { 0, NULL } +}; + +const ldns_output_format ldns_output_format_nocomments_record = { 0, NULL }; +const ldns_output_format *ldns_output_format_nocomments + = &ldns_output_format_nocomments_record; +const ldns_output_format ldns_output_format_onlykeyids_record = { + LDNS_COMMENT_KEY, NULL +}; +const ldns_output_format *ldns_output_format_onlykeyids + = &ldns_output_format_onlykeyids_record; +const ldns_output_format *ldns_output_format_default + = &ldns_output_format_onlykeyids_record; + +const ldns_output_format ldns_output_format_bubblebabble_record = { + LDNS_COMMENT_KEY | LDNS_COMMENT_BUBBLEBABBLE | LDNS_COMMENT_FLAGS, NULL +}; +const ldns_output_format *ldns_output_format_bubblebabble + = &ldns_output_format_bubblebabble_record; + +static bool +ldns_output_format_covers_type(const ldns_output_format* fmt, ldns_rr_type t) +{ + return fmt && (fmt->flags & LDNS_FMT_RFC3597) && + ((ldns_output_format_storage*)fmt)->bitmap && + ldns_nsec_bitmap_covers_type( + ((ldns_output_format_storage*)fmt)->bitmap, t); +} + +ldns_status +ldns_output_format_set_type(ldns_output_format* fmt, ldns_rr_type t) +{ + ldns_output_format_storage* fmt_st = (ldns_output_format_storage*)fmt; + ldns_status s; + + assert(fmt != NULL); + + if (!(fmt_st->flags & LDNS_FMT_RFC3597)) { + ldns_output_format_set(fmt, LDNS_FMT_RFC3597); + } + if (! fmt_st->bitmap) { + s = ldns_rdf_bitmap_known_rr_types_space(&fmt_st->bitmap); + if (s != LDNS_STATUS_OK) { + return s; + } + } + return ldns_nsec_bitmap_set_type(fmt_st->bitmap, t); +} + +ldns_status +ldns_output_format_clear_type(ldns_output_format* fmt, ldns_rr_type t) +{ + ldns_output_format_storage* fmt_st = (ldns_output_format_storage*)fmt; + ldns_status s; + + assert(fmt != NULL); + + if (!(fmt_st->flags & LDNS_FMT_RFC3597)) { + ldns_output_format_set(fmt, LDNS_FMT_RFC3597); + } + if (! fmt_st->bitmap) { + s = ldns_rdf_bitmap_known_rr_types(&fmt_st->bitmap); + if (s != LDNS_STATUS_OK) { + return s; + } + } + return ldns_nsec_bitmap_clear_type(fmt_st->bitmap, t); +} + +ldns_status +ldns_pkt_opcode2buffer_str(ldns_buffer *output, ldns_pkt_opcode opcode) +{ + ldns_lookup_table *lt = ldns_lookup_by_id(ldns_opcodes, opcode); + if (lt && lt->name) { + ldns_buffer_printf(output, "%s", lt->name); + } else { + ldns_buffer_printf(output, "OPCODE%u", opcode); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_pkt_rcode2buffer_str(ldns_buffer *output, ldns_pkt_rcode rcode) +{ + ldns_lookup_table *lt = ldns_lookup_by_id(ldns_rcodes, rcode); + if (lt && lt->name) { + ldns_buffer_printf(output, "%s", lt->name); + } else { + ldns_buffer_printf(output, "RCODE%u", rcode); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_algorithm2buffer_str(ldns_buffer *output, + ldns_algorithm algorithm) +{ + ldns_lookup_table *lt = ldns_lookup_by_id(ldns_algorithms, + algorithm); + if (lt && lt->name) { + ldns_buffer_printf(output, "%s", lt->name); + } else { + ldns_buffer_printf(output, "ALG%u", algorithm); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_cert_algorithm2buffer_str(ldns_buffer *output, + ldns_cert_algorithm cert_algorithm) +{ + ldns_lookup_table *lt = ldns_lookup_by_id(ldns_cert_algorithms, + cert_algorithm); + if (lt && lt->name) { + ldns_buffer_printf(output, "%s", lt->name); + } else { + ldns_buffer_printf(output, "CERT_ALG%u", + cert_algorithm); + } + return ldns_buffer_status(output); +} + +char * +ldns_pkt_opcode2str(ldns_pkt_opcode opcode) +{ + char *str; + ldns_buffer *buf; + + buf = ldns_buffer_new(12); + if (!buf) { + return NULL; + } + + str = NULL; + if (ldns_pkt_opcode2buffer_str(buf, opcode) == LDNS_STATUS_OK) { + str = ldns_buffer_export2str(buf); + } + + ldns_buffer_free(buf); + return str; +} + +char * +ldns_pkt_rcode2str(ldns_pkt_rcode rcode) +{ + char *str; + ldns_buffer *buf; + + buf = ldns_buffer_new(10); + if (!buf) { + return NULL; + } + + str = NULL; + if (ldns_pkt_rcode2buffer_str(buf, rcode) == LDNS_STATUS_OK) { + str = ldns_buffer_export2str(buf); + } + + ldns_buffer_free(buf); + return str; +} + +char * +ldns_pkt_algorithm2str(ldns_algorithm algorithm) +{ + char *str; + ldns_buffer *buf; + + buf = ldns_buffer_new(10); + if (!buf) { + return NULL; + } + + str = NULL; + if (ldns_algorithm2buffer_str(buf, algorithm) + == LDNS_STATUS_OK) { + str = ldns_buffer_export2str(buf); + } + + ldns_buffer_free(buf); + return str; +} + +char * +ldns_pkt_cert_algorithm2str(ldns_cert_algorithm cert_algorithm) +{ + char *str; + ldns_buffer *buf; + + buf = ldns_buffer_new(10); + if (!buf) { + return NULL; + } + + str = NULL; + if (ldns_cert_algorithm2buffer_str(buf, cert_algorithm) + == LDNS_STATUS_OK) { + str = ldns_buffer_export2str(buf); + } + + ldns_buffer_free(buf); + return str; +} + + +/* do NOT pass compressed data here :p */ +ldns_status +ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname) +{ + /* can we do with 1 pos var? or without at all? */ + uint8_t src_pos = 0; + uint8_t len; + uint8_t *data; + uint8_t i; + unsigned char c; + + data = (uint8_t*)ldns_rdf_data(dname); + len = data[src_pos]; + + if (ldns_rdf_size(dname) > LDNS_MAX_DOMAINLEN) { + /* too large, return */ + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + + /* special case: root label */ + if (1 == ldns_rdf_size(dname)) { + ldns_buffer_printf(output, "."); + } else { + while ((len > 0) && src_pos < ldns_rdf_size(dname)) { + src_pos++; + for(i = 0; i < len; i++) { + /* paranoia check for various 'strange' + characters in dnames + */ + c = (unsigned char) data[src_pos]; + if(c == '.' || c == ';' || + c == '(' || c == ')' || + c == '\\') { + ldns_buffer_printf(output, "\\%c", + data[src_pos]); + } else if (!(isascii(c) && isgraph(c))) { + ldns_buffer_printf(output, "\\%03u", + data[src_pos]); + } else { + ldns_buffer_printf(output, "%c", data[src_pos]); + } + src_pos++; + } + + if (src_pos < ldns_rdf_size(dname)) { + ldns_buffer_printf(output, "."); + } + len = data[src_pos]; + } + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_int8(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint8_t data = ldns_rdf_data(rdf)[0]; + ldns_buffer_printf(output, "%lu", (unsigned long) data); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_int16(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf)); + ldns_buffer_printf(output, "%lu", (unsigned long) data); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint32_t data = ldns_read_uint32(ldns_rdf_data(rdf)); + ldns_buffer_printf(output, "%lu", (unsigned long) data); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf) +{ + /* create a YYYYMMDDHHMMSS string if possible */ + struct tm tm; + char date_buf[16]; + + memset(&tm, 0, sizeof(tm)); + if (ldns_serial_arithmitics_gmtime_r(ldns_rdf2native_int32(rdf), time(NULL), &tm) + && strftime(date_buf, 15, "%Y%m%d%H%M%S", &tm)) { + ldns_buffer_printf(output, "%s", date_buf); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_a(ldns_buffer *output, const ldns_rdf *rdf) +{ + char str[INET_ADDRSTRLEN]; + + if (inet_ntop(AF_INET, ldns_rdf_data(rdf), str, INET_ADDRSTRLEN)) { + ldns_buffer_printf(output, "%s", str); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_aaaa(ldns_buffer *output, const ldns_rdf *rdf) +{ + char str[INET6_ADDRSTRLEN]; + + if (inet_ntop(AF_INET6, ldns_rdf_data(rdf), str, INET6_ADDRSTRLEN)) { + ldns_buffer_printf(output, "%s", str); + } + + return ldns_buffer_status(output); +} + +static void +ldns_characters2buffer_str(ldns_buffer* output, + size_t amount, const uint8_t* characters) +{ + uint8_t ch; + while (amount > 0) { + ch = *characters++; + if (isprint((int)ch) || ch == '\t') { + if (ch == '\"' || ch == '\\') + ldns_buffer_printf(output, "\\%c", ch); + else + ldns_buffer_printf(output, "%c", ch); + } else { + ldns_buffer_printf(output, "\\%03u", + (unsigned)(uint8_t) ch); + } + amount--; + } +} + +ldns_status +ldns_rdf2buffer_str_str(ldns_buffer *output, const ldns_rdf *rdf) +{ + if(ldns_rdf_size(rdf) < 1) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + if((int)ldns_rdf_size(rdf) < (int)ldns_rdf_data(rdf)[0] + 1) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + ldns_buffer_printf(output, "\""); + ldns_characters2buffer_str(output, + ldns_rdf_data(rdf)[0], ldns_rdf_data(rdf) + 1); + ldns_buffer_printf(output, "\""); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_b64(ldns_buffer *output, const ldns_rdf *rdf) +{ + size_t size = ldns_b64_ntop_calculate_size(ldns_rdf_size(rdf)); + char *b64 = LDNS_XMALLOC(char, size); + if(!b64) return LDNS_STATUS_MEM_ERR; + if (ldns_b64_ntop(ldns_rdf_data(rdf), ldns_rdf_size(rdf), b64, size)) { + ldns_buffer_printf(output, "%s", b64); + } + LDNS_FREE(b64); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_b32_ext(ldns_buffer *output, const ldns_rdf *rdf) +{ + size_t size; + char *b32; + if(ldns_rdf_size(rdf) == 0) + return LDNS_STATUS_OK; + /* remove -1 for the b32-hash-len octet */ + size = ldns_b32_ntop_calculate_size(ldns_rdf_size(rdf) - 1); + /* add one for the end nul for the string */ + b32 = LDNS_XMALLOC(char, size + 1); + if(!b32) return LDNS_STATUS_MEM_ERR; + size = (size_t) ldns_b32_ntop_extended_hex(ldns_rdf_data(rdf) + 1, + ldns_rdf_size(rdf) - 1, b32, size+1); + if (size > 0) { + ldns_buffer_printf(output, "%s", b32); + } + LDNS_FREE(b32); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_hex(ldns_buffer *output, const ldns_rdf *rdf) +{ + size_t i; + for (i = 0; i < ldns_rdf_size(rdf); i++) { + ldns_buffer_printf(output, "%02x", ldns_rdf_data(rdf)[i]); + } + + return ldns_buffer_status(output); +} + +static ldns_status +ldns_rdf2buffer_str_type_fmt(ldns_buffer *output, + const ldns_output_format* fmt, const ldns_rdf *rdf) +{ + uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf)); + + if (! ldns_output_format_covers_type(fmt, data) && + ldns_rr_descript(data) && + ldns_rr_descript(data)->_name) { + + ldns_buffer_printf(output, "%s",ldns_rr_descript(data)->_name); + } else { + ldns_buffer_printf(output, "TYPE%u", data); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_type(ldns_buffer *output, const ldns_rdf *rdf) +{ + return ldns_rdf2buffer_str_type_fmt(output, + ldns_output_format_default, rdf); +} + +ldns_status +ldns_rdf2buffer_str_class(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf)); + ldns_lookup_table *lt; + + lt = ldns_lookup_by_id(ldns_rr_classes, (int) data); + if (lt) { + ldns_buffer_printf(output, "\t%s", lt->name); + } else { + ldns_buffer_printf(output, "\tCLASS%d", data); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_cert_alg(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf)); + ldns_lookup_table *lt; + lt = ldns_lookup_by_id(ldns_cert_algorithms, (int) data); + if (lt) { + ldns_buffer_printf(output, "%s", lt->name); + } else { + ldns_buffer_printf(output, "%d", data); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_alg(ldns_buffer *output, const ldns_rdf *rdf) +{ + return ldns_rdf2buffer_str_int8(output, rdf); +} + +static void +loc_cm_print(ldns_buffer *output, uint8_t mantissa, uint8_t exponent) +{ + uint8_t i; + /* is it 0. ? */ + if(exponent < 2) { + if(exponent == 1) + mantissa *= 10; + ldns_buffer_printf(output, "0.%02ld", (long)mantissa); + return; + } + /* always */ + ldns_buffer_printf(output, "%d", (int)mantissa); + for(i=0; i_name) { + ldns_buffer_printf(output, "%s", descriptor->_name); + } else { + ldns_buffer_printf(output, "TYPE%u", type); + } + } + return ldns_buffer_status(output); +} + +char * +ldns_rr_type2str(const ldns_rr_type type) +{ + char *str; + ldns_buffer *buf; + + buf = ldns_buffer_new(10); + if (!buf) { + return NULL; + } + + str = NULL; + if (ldns_rr_type2buffer_str(buf, type) == LDNS_STATUS_OK) { + str = ldns_buffer_export2str(buf); + } + + ldns_buffer_free(buf); + return str; +} + + +ldns_status +ldns_rr_class2buffer_str(ldns_buffer *output, + const ldns_rr_class klass) +{ + ldns_lookup_table *lt; + + lt = ldns_lookup_by_id(ldns_rr_classes, klass); + if (lt) { + ldns_buffer_printf(output, "%s", lt->name); + } else { + ldns_buffer_printf(output, "CLASS%d", klass); + } + return ldns_buffer_status(output); +} + +char * +ldns_rr_class2str(const ldns_rr_class klass) +{ + ldns_buffer *buf; + char *str; + + buf = ldns_buffer_new(10); + if (!buf) { + return NULL; + } + + str = NULL; + if (ldns_rr_class2buffer_str(buf, klass) == LDNS_STATUS_OK) { + str = ldns_buffer_export2str(buf); + } + ldns_buffer_free(buf); + return str; +} + +ldns_status +ldns_rdf2buffer_str_loc(ldns_buffer *output, const ldns_rdf *rdf) +{ + /* we could do checking (ie degrees < 90 etc)? */ + uint8_t version; + uint8_t size; + uint8_t horizontal_precision; + uint8_t vertical_precision; + uint32_t longitude; + uint32_t latitude; + uint32_t altitude; + char northerness; + char easterness; + uint32_t h; + uint32_t m; + double s; + + uint32_t equator = (uint32_t) ldns_power(2, 31); + + if(ldns_rdf_size(rdf) < 1) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + version = ldns_rdf_data(rdf)[0]; + if (version == 0) { + if(ldns_rdf_size(rdf) < 16) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + size = ldns_rdf_data(rdf)[1]; + horizontal_precision = ldns_rdf_data(rdf)[2]; + vertical_precision = ldns_rdf_data(rdf)[3]; + + latitude = ldns_read_uint32(&ldns_rdf_data(rdf)[4]); + longitude = ldns_read_uint32(&ldns_rdf_data(rdf)[8]); + altitude = ldns_read_uint32(&ldns_rdf_data(rdf)[12]); + + if (latitude > equator) { + northerness = 'N'; + latitude = latitude - equator; + } else { + northerness = 'S'; + latitude = equator - latitude; + } + h = latitude / (1000 * 60 * 60); + latitude = latitude % (1000 * 60 * 60); + m = latitude / (1000 * 60); + latitude = latitude % (1000 * 60); + s = (double) latitude / 1000.0; + ldns_buffer_printf(output, "%02u %02u %0.3f %c ", + h, m, s, northerness); + + if (longitude > equator) { + easterness = 'E'; + longitude = longitude - equator; + } else { + easterness = 'W'; + longitude = equator - longitude; + } + h = longitude / (1000 * 60 * 60); + longitude = longitude % (1000 * 60 * 60); + m = longitude / (1000 * 60); + longitude = longitude % (1000 * 60); + s = (double) longitude / (1000.0); + ldns_buffer_printf(output, "%02u %02u %0.3f %c ", + h, m, s, easterness); + + + s = ((double) altitude) / 100; + s -= 100000; + + if(altitude%100 != 0) + ldns_buffer_printf(output, "%.2f", s); + else + ldns_buffer_printf(output, "%.0f", s); + + ldns_buffer_printf(output, "m "); + + loc_cm_print(output, (size & 0xf0) >> 4, size & 0x0f); + ldns_buffer_printf(output, "m "); + + loc_cm_print(output, (horizontal_precision & 0xf0) >> 4, + horizontal_precision & 0x0f); + ldns_buffer_printf(output, "m "); + + loc_cm_print(output, (vertical_precision & 0xf0) >> 4, + vertical_precision & 0x0f); + ldns_buffer_printf(output, "m"); + + return ldns_buffer_status(output); + } else { + return ldns_rdf2buffer_str_hex(output, rdf); + } +} + +ldns_status +ldns_rdf2buffer_str_unknown(ldns_buffer *output, const ldns_rdf *rdf) +{ + ldns_buffer_printf(output, "\\# %u ", ldns_rdf_size(rdf)); + return ldns_rdf2buffer_str_hex(output, rdf); +} + +ldns_status +ldns_rdf2buffer_str_nsap(ldns_buffer *output, const ldns_rdf *rdf) +{ + ldns_buffer_printf(output, "0x"); + return ldns_rdf2buffer_str_hex(output, rdf); +} + +ldns_status +ldns_rdf2buffer_str_atma(ldns_buffer *output, const ldns_rdf *rdf) +{ + return ldns_rdf2buffer_str_hex(output, rdf); +} + +ldns_status +ldns_rdf2buffer_str_wks(ldns_buffer *output, const ldns_rdf *rdf) +{ + /* protocol, followed by bitmap of services */ + struct protoent *protocol; + char *proto_name = NULL; + uint8_t protocol_nr; + struct servent *service; + uint16_t current_service; + + if(ldns_rdf_size(rdf) < 1) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + protocol_nr = ldns_rdf_data(rdf)[0]; + protocol = getprotobynumber((int) protocol_nr); + if (protocol && (protocol->p_name != NULL)) { + proto_name = protocol->p_name; + ldns_buffer_printf(output, "%s ", protocol->p_name); + } else { + ldns_buffer_printf(output, "%u ", protocol_nr); + } + +#ifdef HAVE_ENDPROTOENT + endprotoent(); +#endif + + for (current_service = 0; + current_service < (ldns_rdf_size(rdf)-1)*8; current_service++) { + if (ldns_get_bit(&(ldns_rdf_data(rdf)[1]), current_service)) { + service = getservbyport((int) htons(current_service), + proto_name); + if (service && service->s_name) { + ldns_buffer_printf(output, "%s ", service->s_name); + } else { + ldns_buffer_printf(output, "%u ", current_service); + } +#ifdef HAVE_ENDSERVENT + endservent(); +#endif + } + } + return ldns_buffer_status(output); +} + +static ldns_status +ldns_rdf2buffer_str_nsec_fmt(ldns_buffer *output, + const ldns_output_format* fmt, const ldns_rdf *rdf) +{ + /* Note: this code is duplicated in higher.c in + * ldns_nsec_type_check() function + */ + uint8_t window_block_nr; + uint8_t bitmap_length; + uint16_t type; + uint16_t pos = 0; + uint16_t bit_pos; + uint8_t *data = ldns_rdf_data(rdf); + + while((size_t)(pos + 2) < ldns_rdf_size(rdf)) { + window_block_nr = data[pos]; + bitmap_length = data[pos + 1]; + pos += 2; + if (ldns_rdf_size(rdf) < pos + bitmap_length) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + for (bit_pos = 0; bit_pos < (bitmap_length) * 8; bit_pos++) { + if (! ldns_get_bit(&data[pos], bit_pos)) { + continue; + } + type = 256 * (uint16_t) window_block_nr + bit_pos; + + if (! ldns_output_format_covers_type(fmt, type) && + ldns_rr_descript(type) && + ldns_rr_descript(type)->_name){ + + ldns_buffer_printf(output, "%s ", + ldns_rr_descript(type)->_name); + } else { + ldns_buffer_printf(output, "TYPE%u ", type); + } + } + pos += (uint16_t) bitmap_length; + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_nsec(ldns_buffer *output, const ldns_rdf *rdf) +{ + return ldns_rdf2buffer_str_nsec_fmt(output, + ldns_output_format_default, rdf); +} + +ldns_status +ldns_rdf2buffer_str_nsec3_salt(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint8_t salt_length; + uint8_t salt_pos; + + uint8_t *data = ldns_rdf_data(rdf); + + if(ldns_rdf_size(rdf) < 1) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + salt_length = data[0]; + /* from now there are variable length entries so remember pos */ + if (salt_length == 0 || ((size_t)salt_length)+1 > ldns_rdf_size(rdf)) { + ldns_buffer_printf(output, "- "); + } else { + for (salt_pos = 0; salt_pos < salt_length; salt_pos++) { + ldns_buffer_printf(output, "%02x", data[1 + salt_pos]); + } + ldns_buffer_printf(output, " "); + } + + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_period(ldns_buffer *output, const ldns_rdf *rdf) +{ + /* period is the number of seconds */ + if (ldns_rdf_size(rdf) != 4) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + ldns_buffer_printf(output, "%u", ldns_read_uint32(ldns_rdf_data(rdf))); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_tsigtime(ldns_buffer *output,const ldns_rdf *rdf) +{ + /* tsigtime is 48 bits network order unsigned integer */ + uint64_t tsigtime = 0; + uint8_t *data = ldns_rdf_data(rdf); + uint64_t d0, d1, d2, d3, d4, d5; + + if (ldns_rdf_size(rdf) < 6) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + d0 = data[0]; /* cast to uint64 for shift operations */ + d1 = data[1]; + d2 = data[2]; + d3 = data[3]; + d4 = data[4]; + d5 = data[5]; + tsigtime = (d0<<40) | (d1<<32) | (d2<<24) | (d3<<16) | (d4<<8) | d5; + + ldns_buffer_printf(output, "%llu ", (long long)tsigtime); + + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_apl(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint8_t *data = ldns_rdf_data(rdf); + uint16_t address_family; + uint8_t prefix; + bool negation; + uint8_t adf_length; + size_t i; + size_t pos = 0; + + while (pos < (unsigned int) ldns_rdf_size(rdf)) { + if(pos + 3 >= (unsigned)ldns_rdf_size(rdf)) + return LDNS_STATUS_WIRE_RDATA_ERR; + address_family = ldns_read_uint16(&data[pos]); + prefix = data[pos + 2]; + negation = data[pos + 3] & LDNS_APL_NEGATION; + adf_length = data[pos + 3] & LDNS_APL_MASK; + if (address_family == LDNS_APL_IP4) { + /* check if prefix < 32? */ + if (negation) { + ldns_buffer_printf(output, "!"); + } + ldns_buffer_printf(output, "%u:", address_family); + /* address is variable length 0 - 4 */ + for (i = 0; i < 4; i++) { + if (i > 0) { + ldns_buffer_printf(output, "."); + } + if (i < (unsigned short) adf_length) { + if(pos+i+4 >= ldns_rdf_size(rdf)) + return LDNS_STATUS_WIRE_RDATA_ERR; + ldns_buffer_printf(output, "%d", + data[pos + i + 4]); + } else { + ldns_buffer_printf(output, "0"); + } + } + ldns_buffer_printf(output, "/%u ", prefix); + } else if (address_family == LDNS_APL_IP6) { + /* check if prefix < 128? */ + if (negation) { + ldns_buffer_printf(output, "!"); + } + ldns_buffer_printf(output, "%u:", address_family); + /* address is variable length 0 - 16 */ + for (i = 0; i < 16; i++) { + if (i % 2 == 0 && i > 0) { + ldns_buffer_printf(output, ":"); + } + if (i < (unsigned short) adf_length) { + if(pos+i+4 >= ldns_rdf_size(rdf)) + return LDNS_STATUS_WIRE_RDATA_ERR; + ldns_buffer_printf(output, "%02x", + data[pos + i + 4]); + } else { + ldns_buffer_printf(output, "00"); + } + } + ldns_buffer_printf(output, "/%u ", prefix); + + } else { + /* unknown address family */ + ldns_buffer_printf(output, + "Unknown address family: %u data: ", + address_family); + for (i = 1; i < (unsigned short) (4 + adf_length); i++) { + if(pos+i >= ldns_rdf_size(rdf)) + return LDNS_STATUS_WIRE_RDATA_ERR; + ldns_buffer_printf(output, "%02x", data[i]); + } + } + pos += 4 + adf_length; + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_int16_data(ldns_buffer *output, const ldns_rdf *rdf) +{ + size_t size; + char *b64; + if (ldns_rdf_size(rdf) < 2) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + /* Subtract the size (2) of the number that specifies the length */ + size = ldns_b64_ntop_calculate_size(ldns_rdf_size(rdf) - 2); + ldns_buffer_printf(output, "%u ", ldns_rdf_size(rdf) - 2); + if (ldns_rdf_size(rdf) > 2) { + b64 = LDNS_XMALLOC(char, size); + if(!b64) + return LDNS_STATUS_MEM_ERR; + + if (ldns_rdf_size(rdf) > 2 && + ldns_b64_ntop(ldns_rdf_data(rdf) + 2, + ldns_rdf_size(rdf) - 2, + b64, size)) { + ldns_buffer_printf(output, "%s", b64); + } + LDNS_FREE(b64); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf) +{ + /* wire format from + http://www.ietf.org/internet-drafts/draft-ietf-ipseckey-rr-12.txt + */ + uint8_t *data = ldns_rdf_data(rdf); + uint8_t precedence; + uint8_t gateway_type; + uint8_t algorithm; + + ldns_rdf *gateway = NULL; + uint8_t *gateway_data; + + size_t public_key_size; + uint8_t *public_key_data; + ldns_rdf *public_key; + + size_t offset = 0; + ldns_status status; + + if (ldns_rdf_size(rdf) < 3) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + precedence = data[0]; + gateway_type = data[1]; + algorithm = data[2]; + offset = 3; + + switch (gateway_type) { + case 0: + /* no gateway */ + break; + case 1: + gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP4ADDRLEN); + if(!gateway_data) + return LDNS_STATUS_MEM_ERR; + if (ldns_rdf_size(rdf) < offset + LDNS_IP4ADDRLEN) { + return LDNS_STATUS_ERR; + } + memcpy(gateway_data, &data[offset], LDNS_IP4ADDRLEN); + gateway = ldns_rdf_new(LDNS_RDF_TYPE_A, + LDNS_IP4ADDRLEN , gateway_data); + offset += LDNS_IP4ADDRLEN; + if(!gateway) { + LDNS_FREE(gateway_data); + return LDNS_STATUS_MEM_ERR; + } + break; + case 2: + gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP6ADDRLEN); + if(!gateway_data) + return LDNS_STATUS_MEM_ERR; + if (ldns_rdf_size(rdf) < offset + LDNS_IP6ADDRLEN) { + return LDNS_STATUS_ERR; + } + memcpy(gateway_data, &data[offset], LDNS_IP6ADDRLEN); + offset += LDNS_IP6ADDRLEN; + gateway = + ldns_rdf_new(LDNS_RDF_TYPE_AAAA, + LDNS_IP6ADDRLEN, gateway_data); + if(!gateway) { + LDNS_FREE(gateway_data); + return LDNS_STATUS_MEM_ERR; + } + break; + case 3: + status = ldns_wire2dname(&gateway, data, + ldns_rdf_size(rdf), &offset); + if(status != LDNS_STATUS_OK) + return status; + break; + default: + /* error? */ + break; + } + + if (ldns_rdf_size(rdf) <= offset) { + return LDNS_STATUS_ERR; + } + public_key_size = ldns_rdf_size(rdf) - offset; + public_key_data = LDNS_XMALLOC(uint8_t, public_key_size); + if(!public_key_data) { + ldns_rdf_free(gateway); + return LDNS_STATUS_MEM_ERR; + } + memcpy(public_key_data, &data[offset], public_key_size); + public_key = ldns_rdf_new(LDNS_RDF_TYPE_B64, + public_key_size, public_key_data); + if(!public_key) { + LDNS_FREE(public_key_data); + ldns_rdf_free(gateway); + return LDNS_STATUS_MEM_ERR; + } + + ldns_buffer_printf(output, "%u %u %u ", precedence, gateway_type, algorithm); + if (gateway) + (void) ldns_rdf2buffer_str(output, gateway); + else + ldns_buffer_printf(output, "."); + ldns_buffer_printf(output, " "); + (void) ldns_rdf2buffer_str(output, public_key); + + ldns_rdf_free(gateway); + ldns_rdf_free(public_key); + + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_ilnp64(ldns_buffer *output, const ldns_rdf *rdf) +{ + if (ldns_rdf_size(rdf) != 8) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + ldns_buffer_printf(output,"%.4x:%.4x:%.4x:%.4x", + ldns_read_uint16(ldns_rdf_data(rdf)), + ldns_read_uint16(ldns_rdf_data(rdf)+2), + ldns_read_uint16(ldns_rdf_data(rdf)+4), + ldns_read_uint16(ldns_rdf_data(rdf)+6)); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_eui48(ldns_buffer *output, const ldns_rdf *rdf) +{ + if (ldns_rdf_size(rdf) != 6) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + ldns_buffer_printf(output,"%.2x-%.2x-%.2x-%.2x-%.2x-%.2x", + ldns_rdf_data(rdf)[0], ldns_rdf_data(rdf)[1], + ldns_rdf_data(rdf)[2], ldns_rdf_data(rdf)[3], + ldns_rdf_data(rdf)[4], ldns_rdf_data(rdf)[5]); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_eui64(ldns_buffer *output, const ldns_rdf *rdf) +{ + if (ldns_rdf_size(rdf) != 8) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + ldns_buffer_printf(output,"%.2x-%.2x-%.2x-%.2x-%.2x-%.2x-%.2x-%.2x", + ldns_rdf_data(rdf)[0], ldns_rdf_data(rdf)[1], + ldns_rdf_data(rdf)[2], ldns_rdf_data(rdf)[3], + ldns_rdf_data(rdf)[4], ldns_rdf_data(rdf)[5], + ldns_rdf_data(rdf)[6], ldns_rdf_data(rdf)[7]); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_tag(ldns_buffer *output, const ldns_rdf *rdf) +{ + size_t nchars; + const uint8_t* chars; + char ch; + if (ldns_rdf_size(rdf) < 2) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + nchars = ldns_rdf_data(rdf)[0]; + if (nchars >= ldns_rdf_size(rdf) || /* should be rdf_size - 1 */ + nchars < 1) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + chars = ldns_rdf_data(rdf) + 1; + while (nchars > 0) { + ch = (char)*chars++; + if (! isalnum(ch)) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + ldns_buffer_printf(output, "%c", ch); + nchars--; + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_long_str(ldns_buffer *output, const ldns_rdf *rdf) +{ + + ldns_buffer_printf(output, "\""); + ldns_characters2buffer_str(output, + ldns_rdf_size(rdf), ldns_rdf_data(rdf)); + ldns_buffer_printf(output, "\""); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_hip(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint8_t *data = ldns_rdf_data(rdf); + size_t rdf_size = ldns_rdf_size(rdf); + uint8_t hit_size; + uint16_t pk_size; + int written; + + if (rdf_size < 6) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + if ((hit_size = data[0]) == 0 || + (pk_size = ldns_read_uint16(data + 2)) == 0 || + rdf_size < (size_t) hit_size + pk_size + 4) { + + return LDNS_STATUS_WIRE_RDATA_ERR; + } + + ldns_buffer_printf(output, "%d ", (int) data[1]); + + for (data += 4; hit_size > 0; hit_size--, data++) { + + ldns_buffer_printf(output, "%02x", (int) *data); + } + ldns_buffer_write_u8(output, (uint8_t) ' '); + + if (ldns_buffer_reserve(output, + ldns_b64_ntop_calculate_size(pk_size))) { + + written = ldns_b64_ntop(data, pk_size, + (char *) ldns_buffer_current(output), + ldns_buffer_remaining(output)); + + if (written > 0 && + written < (int) ldns_buffer_remaining(output)) { + + output->_position += written; + } + } + return ldns_buffer_status(output); +} + +static ldns_status +ldns_rdf2buffer_str_fmt(ldns_buffer *buffer, + const ldns_output_format* fmt, const ldns_rdf *rdf) +{ + ldns_status res = LDNS_STATUS_OK; + + /*ldns_buffer_printf(buffer, "%u:", ldns_rdf_get_type(rdf));*/ + if (rdf) { + switch(ldns_rdf_get_type(rdf)) { + case LDNS_RDF_TYPE_NONE: + break; + case LDNS_RDF_TYPE_DNAME: + res = ldns_rdf2buffer_str_dname(buffer, rdf); + break; + case LDNS_RDF_TYPE_INT8: /* Don't output mnemonics for these */ + case LDNS_RDF_TYPE_ALG: + case LDNS_RDF_TYPE_CERTIFICATE_USAGE: + case LDNS_RDF_TYPE_SELECTOR: + case LDNS_RDF_TYPE_MATCHING_TYPE: + res = ldns_rdf2buffer_str_int8(buffer, rdf); + break; + case LDNS_RDF_TYPE_INT16: + res = ldns_rdf2buffer_str_int16(buffer, rdf); + break; + case LDNS_RDF_TYPE_INT32: + res = ldns_rdf2buffer_str_int32(buffer, rdf); + break; + case LDNS_RDF_TYPE_PERIOD: + res = ldns_rdf2buffer_str_period(buffer, rdf); + break; + case LDNS_RDF_TYPE_TSIGTIME: + res = ldns_rdf2buffer_str_tsigtime(buffer, rdf); + break; + case LDNS_RDF_TYPE_A: + res = ldns_rdf2buffer_str_a(buffer, rdf); + break; + case LDNS_RDF_TYPE_AAAA: + res = ldns_rdf2buffer_str_aaaa(buffer, rdf); + break; + case LDNS_RDF_TYPE_STR: + res = ldns_rdf2buffer_str_str(buffer, rdf); + break; + case LDNS_RDF_TYPE_APL: + res = ldns_rdf2buffer_str_apl(buffer, rdf); + break; + case LDNS_RDF_TYPE_B32_EXT: + res = ldns_rdf2buffer_str_b32_ext(buffer, rdf); + break; + case LDNS_RDF_TYPE_B64: + res = ldns_rdf2buffer_str_b64(buffer, rdf); + break; + case LDNS_RDF_TYPE_HEX: + res = ldns_rdf2buffer_str_hex(buffer, rdf); + break; + case LDNS_RDF_TYPE_NSEC: + res = ldns_rdf2buffer_str_nsec_fmt(buffer, fmt, rdf); + break; + case LDNS_RDF_TYPE_NSEC3_SALT: + res = ldns_rdf2buffer_str_nsec3_salt(buffer, rdf); + break; + case LDNS_RDF_TYPE_TYPE: + res = ldns_rdf2buffer_str_type_fmt(buffer, fmt, rdf); + break; + case LDNS_RDF_TYPE_CLASS: + res = ldns_rdf2buffer_str_class(buffer, rdf); + break; + case LDNS_RDF_TYPE_CERT_ALG: + res = ldns_rdf2buffer_str_cert_alg(buffer, rdf); + break; + case LDNS_RDF_TYPE_UNKNOWN: + res = ldns_rdf2buffer_str_unknown(buffer, rdf); + break; + case LDNS_RDF_TYPE_TIME: + res = ldns_rdf2buffer_str_time(buffer, rdf); + break; + case LDNS_RDF_TYPE_HIP: + res = ldns_rdf2buffer_str_hip(buffer, rdf); + break; + case LDNS_RDF_TYPE_LOC: + res = ldns_rdf2buffer_str_loc(buffer, rdf); + break; + case LDNS_RDF_TYPE_WKS: + case LDNS_RDF_TYPE_SERVICE: + res = ldns_rdf2buffer_str_wks(buffer, rdf); + break; + case LDNS_RDF_TYPE_NSAP: + res = ldns_rdf2buffer_str_nsap(buffer, rdf); + break; + case LDNS_RDF_TYPE_ATMA: + res = ldns_rdf2buffer_str_atma(buffer, rdf); + break; + case LDNS_RDF_TYPE_IPSECKEY: + res = ldns_rdf2buffer_str_ipseckey(buffer, rdf); + break; + case LDNS_RDF_TYPE_INT16_DATA: + res = ldns_rdf2buffer_str_int16_data(buffer, rdf); + break; + case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER: + res = ldns_rdf2buffer_str_b32_ext(buffer, rdf); + break; + case LDNS_RDF_TYPE_ILNP64: + res = ldns_rdf2buffer_str_ilnp64(buffer, rdf); + break; + case LDNS_RDF_TYPE_EUI48: + res = ldns_rdf2buffer_str_eui48(buffer, rdf); + break; + case LDNS_RDF_TYPE_EUI64: + res = ldns_rdf2buffer_str_eui64(buffer, rdf); + break; + case LDNS_RDF_TYPE_TAG: + res = ldns_rdf2buffer_str_tag(buffer, rdf); + break; + case LDNS_RDF_TYPE_LONG_STR: + res = ldns_rdf2buffer_str_long_str(buffer, rdf); + break; + } + } else { + /** This will write mangled RRs */ + ldns_buffer_printf(buffer, "(null) "); + res = LDNS_STATUS_ERR; + } + return res; +} + +ldns_status +ldns_rdf2buffer_str(ldns_buffer *buffer, const ldns_rdf *rdf) +{ + return ldns_rdf2buffer_str_fmt(buffer,ldns_output_format_default,rdf); +} + +static ldns_rdf * +ldns_b32_ext2dname(const ldns_rdf *rdf) +{ + size_t size; + char *b32; + ldns_rdf *out; + if(ldns_rdf_size(rdf) == 0) + return NULL; + /* remove -1 for the b32-hash-len octet */ + size = ldns_b32_ntop_calculate_size(ldns_rdf_size(rdf) - 1); + /* add one for the end nul for the string */ + b32 = LDNS_XMALLOC(char, size + 2); + if (b32) { + if (ldns_b32_ntop_extended_hex(ldns_rdf_data(rdf) + 1, + ldns_rdf_size(rdf) - 1, b32, size+1) > 0) { + b32[size] = '.'; + b32[size+1] = '\0'; + if (ldns_str2rdf_dname(&out, b32) == LDNS_STATUS_OK) { + LDNS_FREE(b32); + return out; + } + } + LDNS_FREE(b32); + } + return NULL; +} + +static ldns_status +ldns_rr2buffer_str_rfc3597(ldns_buffer *output, const ldns_rr *rr) +{ + size_t total_rdfsize = 0; + size_t i, j; + + ldns_buffer_printf(output, "TYPE%u\t", ldns_rr_get_type(rr)); + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + total_rdfsize += ldns_rdf_size(ldns_rr_rdf(rr, i)); + } + if (total_rdfsize == 0) { + ldns_buffer_printf(output, "\\# 0\n"); + return ldns_buffer_status(output); + } + ldns_buffer_printf(output, "\\# %d ", total_rdfsize); + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + for (j = 0; j < ldns_rdf_size(ldns_rr_rdf(rr, i)); j++) { + ldns_buffer_printf(output, "%.2x", + ldns_rdf_data(ldns_rr_rdf(rr, i))[j]); + } + } + ldns_buffer_printf(output, "\n"); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rr2buffer_str_fmt(ldns_buffer *output, + const ldns_output_format *fmt, const ldns_rr *rr) +{ + uint16_t i, flags; + ldns_status status = LDNS_STATUS_OK; + ldns_output_format_storage* fmt_st = (ldns_output_format_storage*)fmt; + + if (fmt_st == NULL) { + fmt_st = (ldns_output_format_storage*) + ldns_output_format_default; + } + if (!rr) { + if (LDNS_COMMENT_NULLS & fmt_st->flags) { + ldns_buffer_printf(output, "; (null)\n"); + } + return ldns_buffer_status(output); + } + if (ldns_rr_owner(rr)) { + status = ldns_rdf2buffer_str_dname(output, ldns_rr_owner(rr)); + } + if (status != LDNS_STATUS_OK) { + return status; + } + + /* TTL should NOT be printed if it is a question */ + if (!ldns_rr_is_question(rr)) { + ldns_buffer_printf(output, "\t%d", ldns_rr_ttl(rr)); + } + + ldns_buffer_printf(output, "\t"); + status = ldns_rr_class2buffer_str(output, ldns_rr_get_class(rr)); + if (status != LDNS_STATUS_OK) { + return status; + } + ldns_buffer_printf(output, "\t"); + + if (ldns_output_format_covers_type(fmt, ldns_rr_get_type(rr))) { + return ldns_rr2buffer_str_rfc3597(output, rr); + } + status = ldns_rr_type2buffer_str(output, ldns_rr_get_type(rr)); + if (status != LDNS_STATUS_OK) { + return status; + } + + if (ldns_rr_rd_count(rr) > 0) { + ldns_buffer_printf(output, "\t"); + } else if (!ldns_rr_is_question(rr)) { + ldns_buffer_printf(output, "\t\\# 0"); + } + + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + /* ldns_rdf2buffer_str handles NULL input fine! */ + if ((fmt_st->flags & LDNS_FMT_ZEROIZE_RRSIGS) && + (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) && + ((/* inception */ i == 4 && + ldns_rdf_get_type(ldns_rr_rdf(rr, 4)) == + LDNS_RDF_TYPE_TIME) || + (/* expiration */ i == 5 && + ldns_rdf_get_type(ldns_rr_rdf(rr, 5)) == + LDNS_RDF_TYPE_TIME) || + (/* signature */ i == 8 && + ldns_rdf_get_type(ldns_rr_rdf(rr, 8)) == + LDNS_RDF_TYPE_B64))) { + + ldns_buffer_printf(output, "(null)"); + status = ldns_buffer_status(output); + } else if ((fmt_st->flags & LDNS_FMT_PAD_SOA_SERIAL) && + (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) && + /* serial */ i == 2 && + ldns_rdf_get_type(ldns_rr_rdf(rr, 2)) == + LDNS_RDF_TYPE_INT32) { + ldns_buffer_printf(output, "%10lu", + (unsigned long) ldns_read_uint32( + ldns_rdf_data(ldns_rr_rdf(rr, 2)))); + status = ldns_buffer_status(output); + } else { + status = ldns_rdf2buffer_str_fmt(output, + fmt, ldns_rr_rdf(rr, i)); + } + if(status != LDNS_STATUS_OK) + return status; + if (i < ldns_rr_rd_count(rr) - 1) { + ldns_buffer_printf(output, " "); + } + } + /* per RR special comments - handy for DNSSEC types */ + /* check to prevent question sec. rr from + * getting here */ + if (ldns_rr_rd_count(rr) > 0) { + switch (ldns_rr_get_type(rr)) { + case LDNS_RR_TYPE_DNSKEY: + /* if ldns_rr_rd_count(rr) > 0 + then ldns_rr_rdf(rr, 0) exists! */ + if (! (fmt_st->flags & LDNS_COMMENT_KEY)) { + break; + } + flags = ldns_rdf2native_int16(ldns_rr_rdf(rr, 0)); + ldns_buffer_printf(output, " ;{"); + if (fmt_st->flags & LDNS_COMMENT_KEY_ID) { + ldns_buffer_printf(output, "id = %u", + (unsigned int) ldns_calc_keytag(rr)); + } + if ((fmt_st->flags & LDNS_COMMENT_KEY_TYPE) && + (flags & LDNS_KEY_ZONE_KEY)){ + + if (flags & LDNS_KEY_SEP_KEY) { + ldns_buffer_printf(output, " (ksk)"); + } else { + ldns_buffer_printf(output, " (zsk)"); + } + if (fmt_st->flags & LDNS_COMMENT_KEY_SIZE){ + ldns_buffer_printf(output, ", "); + } + } else if (fmt_st->flags + & (LDNS_COMMENT_KEY_ID + |LDNS_COMMENT_KEY_SIZE)) { + ldns_buffer_printf( output, ", "); + } + if (fmt_st->flags & LDNS_COMMENT_KEY_SIZE) { + ldns_buffer_printf(output, "size = %db", + ldns_rr_dnskey_key_size(rr)); + } + ldns_buffer_printf(output, "}"); + break; + case LDNS_RR_TYPE_RRSIG: + if ((fmt_st->flags & LDNS_COMMENT_KEY) + && (fmt_st->flags& LDNS_COMMENT_RRSIGS) + && ldns_rr_rdf(rr, 6) != NULL) { + ldns_buffer_printf(output, " ;{id = %d}", + ldns_rdf2native_int16( + ldns_rr_rdf(rr, 6))); + } + break; + case LDNS_RR_TYPE_DS: + if ((fmt_st->flags & LDNS_COMMENT_BUBBLEBABBLE) && + ldns_rr_rdf(rr, 3) != NULL) { + + uint8_t *data = ldns_rdf_data( + ldns_rr_rdf(rr, 3)); + size_t len = ldns_rdf_size(ldns_rr_rdf(rr, 3)); + char *babble = ldns_bubblebabble(data, len); + if(babble) { + ldns_buffer_printf(output, + " ;{%s}", babble); + } + LDNS_FREE(babble); + } + break; + case LDNS_RR_TYPE_NSEC3: + if (! (fmt_st->flags & LDNS_COMMENT_FLAGS) && + ! (fmt_st->flags & LDNS_COMMENT_NSEC3_CHAIN)) { + break; + } + ldns_buffer_printf(output, " ;{"); + if ((fmt_st->flags & LDNS_COMMENT_FLAGS)) { + if (ldns_nsec3_optout(rr)) { + ldns_buffer_printf(output, + " flags: optout"); + } else { + ldns_buffer_printf(output," flags: -"); + } + if (fmt_st->flags & LDNS_COMMENT_NSEC3_CHAIN && + fmt_st->hashmap != NULL) { + ldns_buffer_printf(output, ", "); + } + } + if (fmt_st->flags & LDNS_COMMENT_NSEC3_CHAIN && + fmt_st->hashmap != NULL) { + ldns_rbnode_t *node; + ldns_rdf *key = ldns_dname_label( + ldns_rr_owner(rr), 0); + if (key) { + node = ldns_rbtree_search( + fmt_st->hashmap, + (void *) key); + if (node->data) { + ldns_buffer_printf(output, + "from: "); + (void) ldns_rdf2buffer_str( + output, + ldns_dnssec_name_name( + (ldns_dnssec_name*) + node->data + )); + } + ldns_rdf_free(key); + } + key = ldns_b32_ext2dname( + ldns_nsec3_next_owner(rr)); + if (key) { + node = ldns_rbtree_search( + fmt_st->hashmap, + (void *) key); + if (node->data) { + ldns_buffer_printf(output, + " to: "); + (void) ldns_rdf2buffer_str( + output, + ldns_dnssec_name_name( + (ldns_dnssec_name*) + node->data + )); + } + ldns_rdf_free(key); + } + } + ldns_buffer_printf(output, "}"); + break; + default: + break; + + } + } + /* last */ + ldns_buffer_printf(output, "\n"); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rr2buffer_str(ldns_buffer *output, const ldns_rr *rr) +{ + return ldns_rr2buffer_str_fmt(output, ldns_output_format_default, rr); +} + +ldns_status +ldns_rr_list2buffer_str_fmt(ldns_buffer *output, + const ldns_output_format *fmt, const ldns_rr_list *list) +{ + uint16_t i; + + for(i = 0; i < ldns_rr_list_rr_count(list); i++) { + (void) ldns_rr2buffer_str_fmt(output, fmt, + ldns_rr_list_rr(list, i)); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rr_list2buffer_str(ldns_buffer *output, const ldns_rr_list *list) +{ + return ldns_rr_list2buffer_str_fmt( + output, ldns_output_format_default, list); +} + +ldns_status +ldns_pktheader2buffer_str(ldns_buffer *output, const ldns_pkt *pkt) +{ + ldns_lookup_table *opcode = ldns_lookup_by_id(ldns_opcodes, + (int) ldns_pkt_get_opcode(pkt)); + ldns_lookup_table *rcode = ldns_lookup_by_id(ldns_rcodes, + (int) ldns_pkt_get_rcode(pkt)); + + ldns_buffer_printf(output, ";; ->>HEADER<<- "); + if (opcode) { + ldns_buffer_printf(output, "opcode: %s, ", opcode->name); + } else { + ldns_buffer_printf(output, "opcode: ?? (%u), ", + ldns_pkt_get_opcode(pkt)); + } + if (rcode) { + ldns_buffer_printf(output, "rcode: %s, ", rcode->name); + } else { + ldns_buffer_printf(output, "rcode: ?? (%u), ", ldns_pkt_get_rcode(pkt)); + } + ldns_buffer_printf(output, "id: %d\n", ldns_pkt_id(pkt)); + ldns_buffer_printf(output, ";; flags: "); + + if (ldns_pkt_qr(pkt)) { + ldns_buffer_printf(output, "qr "); + } + if (ldns_pkt_aa(pkt)) { + ldns_buffer_printf(output, "aa "); + } + if (ldns_pkt_tc(pkt)) { + ldns_buffer_printf(output, "tc "); + } + if (ldns_pkt_rd(pkt)) { + ldns_buffer_printf(output, "rd "); + } + if (ldns_pkt_cd(pkt)) { + ldns_buffer_printf(output, "cd "); + } + if (ldns_pkt_ra(pkt)) { + ldns_buffer_printf(output, "ra "); + } + if (ldns_pkt_ad(pkt)) { + ldns_buffer_printf(output, "ad "); + } + ldns_buffer_printf(output, "; "); + ldns_buffer_printf(output, "QUERY: %u, ", ldns_pkt_qdcount(pkt)); + ldns_buffer_printf(output, "ANSWER: %u, ", ldns_pkt_ancount(pkt)); + ldns_buffer_printf(output, "AUTHORITY: %u, ", ldns_pkt_nscount(pkt)); + ldns_buffer_printf(output, "ADDITIONAL: %u ", ldns_pkt_arcount(pkt)); + return ldns_buffer_status(output); +} + +ldns_status +ldns_pkt2buffer_str_fmt(ldns_buffer *output, + const ldns_output_format *fmt, const ldns_pkt *pkt) +{ + uint16_t i; + ldns_status status = LDNS_STATUS_OK; + char *tmp; + struct timeval time; + time_t time_tt; + + if (!pkt) { + ldns_buffer_printf(output, "null"); + return LDNS_STATUS_OK; + } + + if (ldns_buffer_status_ok(output)) { + status = ldns_pktheader2buffer_str(output, pkt); + if (status != LDNS_STATUS_OK) { + return status; + } + + ldns_buffer_printf(output, "\n"); + + ldns_buffer_printf(output, ";; QUESTION SECTION:\n;; "); + + + for (i = 0; i < ldns_pkt_qdcount(pkt); i++) { + status = ldns_rr2buffer_str_fmt(output, fmt, + ldns_rr_list_rr( + ldns_pkt_question(pkt), i)); + if (status != LDNS_STATUS_OK) { + return status; + } + } + ldns_buffer_printf(output, "\n"); + + ldns_buffer_printf(output, ";; ANSWER SECTION:\n"); + for (i = 0; i < ldns_pkt_ancount(pkt); i++) { + status = ldns_rr2buffer_str_fmt(output, fmt, + ldns_rr_list_rr( + ldns_pkt_answer(pkt), i)); + if (status != LDNS_STATUS_OK) { + return status; + } + + } + ldns_buffer_printf(output, "\n"); + + ldns_buffer_printf(output, ";; AUTHORITY SECTION:\n"); + + for (i = 0; i < ldns_pkt_nscount(pkt); i++) { + status = ldns_rr2buffer_str_fmt(output, fmt, + ldns_rr_list_rr( + ldns_pkt_authority(pkt), i)); + if (status != LDNS_STATUS_OK) { + return status; + } + } + ldns_buffer_printf(output, "\n"); + + ldns_buffer_printf(output, ";; ADDITIONAL SECTION:\n"); + for (i = 0; i < ldns_pkt_arcount(pkt); i++) { + status = ldns_rr2buffer_str_fmt(output, fmt, + ldns_rr_list_rr( + ldns_pkt_additional(pkt), i)); + if (status != LDNS_STATUS_OK) { + return status; + } + + } + ldns_buffer_printf(output, "\n"); + /* add some futher fields */ + ldns_buffer_printf(output, ";; Query time: %d msec\n", + ldns_pkt_querytime(pkt)); + if (ldns_pkt_edns(pkt)) { + ldns_buffer_printf(output, + ";; EDNS: version %u; flags:", + ldns_pkt_edns_version(pkt)); + if (ldns_pkt_edns_do(pkt)) { + ldns_buffer_printf(output, " do"); + } + /* the extended rcode is the value set, shifted four bits, + * and or'd with the original rcode */ + if (ldns_pkt_edns_extended_rcode(pkt)) { + ldns_buffer_printf(output, " ; ext-rcode: %d", + (ldns_pkt_edns_extended_rcode(pkt) << 4 | ldns_pkt_get_rcode(pkt))); + } + ldns_buffer_printf(output, " ; udp: %u\n", + ldns_pkt_edns_udp_size(pkt)); + + if (ldns_pkt_edns_data(pkt)) { + ldns_buffer_printf(output, ";; Data: "); + (void)ldns_rdf2buffer_str(output, + ldns_pkt_edns_data(pkt)); + ldns_buffer_printf(output, "\n"); + } + } + if (ldns_pkt_tsig(pkt)) { + ldns_buffer_printf(output, ";; TSIG:\n;; "); + (void) ldns_rr2buffer_str_fmt( + output, fmt, ldns_pkt_tsig(pkt)); + ldns_buffer_printf(output, "\n"); + } + if (ldns_pkt_answerfrom(pkt)) { + tmp = ldns_rdf2str(ldns_pkt_answerfrom(pkt)); + ldns_buffer_printf(output, ";; SERVER: %s\n", tmp); + LDNS_FREE(tmp); + } + time = ldns_pkt_timestamp(pkt); + time_tt = (time_t)time.tv_sec; + ldns_buffer_printf(output, ";; WHEN: %s", + (char*)ctime(&time_tt)); + + ldns_buffer_printf(output, ";; MSG SIZE rcvd: %d\n", + (int)ldns_pkt_size(pkt)); + } else { + return ldns_buffer_status(output); + } + return status; +} + +ldns_status +ldns_pkt2buffer_str(ldns_buffer *output, const ldns_pkt *pkt) +{ + return ldns_pkt2buffer_str_fmt(output, ldns_output_format_default, pkt); +} + + +#ifdef HAVE_SSL +static ldns_status +ldns_hmac_key2buffer_str(ldns_buffer *output, const ldns_key *k) +{ + ldns_status status; + size_t i; + ldns_rdf *b64_bignum; + + ldns_buffer_printf(output, "Key: "); + + i = ldns_key_hmac_size(k); + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, ldns_key_hmac_key(k)); + status = ldns_rdf2buffer_str(output, b64_bignum); + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + return status; +} +#endif + +#if defined(HAVE_SSL) && defined(USE_GOST) +static ldns_status +ldns_gost_key2buffer_str(ldns_buffer *output, EVP_PKEY *p) +{ + unsigned char* pp = NULL; + int ret; + ldns_rdf *b64_bignum; + ldns_status status; + + ldns_buffer_printf(output, "GostAsn1: "); + + ret = i2d_PrivateKey(p, &pp); + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, (size_t)ret, pp); + status = ldns_rdf2buffer_str(output, b64_bignum); + + ldns_rdf_deep_free(b64_bignum); + OPENSSL_free(pp); + ldns_buffer_printf(output, "\n"); + return status; +} +#endif + +ldns_status +ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k) +{ + ldns_status status = LDNS_STATUS_OK; + unsigned char *bignum; +#ifdef HAVE_SSL +# ifndef S_SPLINT_S + uint16_t i; +# endif + /* not used when ssl is not defined */ + /*@unused@*/ + ldns_rdf *b64_bignum = NULL; + + RSA *rsa; + DSA *dsa; +#endif /* HAVE_SSL */ + + if (!k) { + return LDNS_STATUS_ERR; + } + + bignum = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); + if (!bignum) { + return LDNS_STATUS_ERR; + } + + if (ldns_buffer_status_ok(output)) { +#ifdef HAVE_SSL + switch(ldns_key_algorithm(k)) { + case LDNS_SIGN_RSASHA1: + case LDNS_SIGN_RSASHA1_NSEC3: + case LDNS_SIGN_RSASHA256: + case LDNS_SIGN_RSASHA512: + case LDNS_SIGN_RSAMD5: + /* copied by looking at dnssec-keygen output */ + /* header */ + rsa = ldns_key_rsa_key(k); + + ldns_buffer_printf(output,"Private-key-format: v1.2\n"); + switch(ldns_key_algorithm(k)) { + case LDNS_SIGN_RSAMD5: + ldns_buffer_printf(output, + "Algorithm: %u (RSA)\n", + LDNS_RSAMD5); + break; + case LDNS_SIGN_RSASHA1: + ldns_buffer_printf(output, + "Algorithm: %u (RSASHA1)\n", + LDNS_RSASHA1); + break; + case LDNS_SIGN_RSASHA1_NSEC3: + ldns_buffer_printf(output, + "Algorithm: %u (RSASHA1_NSEC3)\n", + LDNS_RSASHA1_NSEC3); + break; +#ifdef USE_SHA2 + case LDNS_SIGN_RSASHA256: + ldns_buffer_printf(output, + "Algorithm: %u (RSASHA256)\n", + LDNS_RSASHA256); + break; + case LDNS_SIGN_RSASHA512: + ldns_buffer_printf(output, + "Algorithm: %u (RSASHA512)\n", + LDNS_RSASHA512); + break; +#endif + default: +#ifdef STDERR_MSGS + fprintf(stderr, "Warning: unknown signature "); + fprintf(stderr, + "algorithm type %u\n", + ldns_key_algorithm(k)); +#endif + ldns_buffer_printf(output, + "Algorithm: %u (Unknown)\n", + ldns_key_algorithm(k)); + break; + } + + /* print to buf, convert to bin, convert to b64, + * print to buf */ + ldns_buffer_printf(output, "Modulus: "); +#ifndef S_SPLINT_S + i = (uint16_t)BN_bn2bin(rsa->n, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + ldns_rdf_deep_free(b64_bignum); + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + ldns_buffer_printf(output, "PublicExponent: "); + i = (uint16_t)BN_bn2bin(rsa->e, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + ldns_rdf_deep_free(b64_bignum); + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + + ldns_buffer_printf(output, "PrivateExponent: "); + if (rsa->d) { + i = (uint16_t)BN_bn2bin(rsa->d, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + ldns_rdf_deep_free(b64_bignum); + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + ldns_buffer_printf(output, "(Not available)\n"); + } + + ldns_buffer_printf(output, "Prime1: "); + if (rsa->p) { + i = (uint16_t)BN_bn2bin(rsa->p, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + ldns_rdf_deep_free(b64_bignum); + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + ldns_buffer_printf(output, "(Not available)\n"); + } + + ldns_buffer_printf(output, "Prime2: "); + if (rsa->q) { + i = (uint16_t)BN_bn2bin(rsa->q, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + ldns_rdf_deep_free(b64_bignum); + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + ldns_buffer_printf(output, "(Not available)\n"); + } + + ldns_buffer_printf(output, "Exponent1: "); + if (rsa->dmp1) { + i = (uint16_t)BN_bn2bin(rsa->dmp1, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + ldns_rdf_deep_free(b64_bignum); + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + ldns_buffer_printf(output, "(Not available)\n"); + } + + ldns_buffer_printf(output, "Exponent2: "); + if (rsa->dmq1) { + i = (uint16_t)BN_bn2bin(rsa->dmq1, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + ldns_rdf_deep_free(b64_bignum); + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + ldns_buffer_printf(output, "(Not available)\n"); + } + + ldns_buffer_printf(output, "Coefficient: "); + if (rsa->iqmp) { + i = (uint16_t)BN_bn2bin(rsa->iqmp, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + ldns_rdf_deep_free(b64_bignum); + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + ldns_buffer_printf(output, "(Not available)\n"); + } +#endif /* splint */ + + RSA_free(rsa); + break; + case LDNS_SIGN_DSA: + case LDNS_SIGN_DSA_NSEC3: + dsa = ldns_key_dsa_key(k); + + ldns_buffer_printf(output,"Private-key-format: v1.2\n"); + if (ldns_key_algorithm(k) == LDNS_SIGN_DSA) { + ldns_buffer_printf(output,"Algorithm: 3 (DSA)\n"); + } else if (ldns_key_algorithm(k) == LDNS_SIGN_DSA_NSEC3) { + ldns_buffer_printf(output,"Algorithm: 6 (DSA_NSEC3)\n"); + } + + /* print to buf, convert to bin, convert to b64, + * print to buf */ + ldns_buffer_printf(output, "Prime(p): "); +#ifndef S_SPLINT_S + if (dsa->p) { + i = (uint16_t)BN_bn2bin(dsa->p, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + ldns_rdf_deep_free(b64_bignum); + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + printf("(Not available)\n"); + } + + ldns_buffer_printf(output, "Subprime(q): "); + if (dsa->q) { + i = (uint16_t)BN_bn2bin(dsa->q, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + ldns_rdf_deep_free(b64_bignum); + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + printf("(Not available)\n"); + } + + ldns_buffer_printf(output, "Base(g): "); + if (dsa->g) { + i = (uint16_t)BN_bn2bin(dsa->g, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + ldns_rdf_deep_free(b64_bignum); + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + printf("(Not available)\n"); + } + + ldns_buffer_printf(output, "Private_value(x): "); + if (dsa->priv_key) { + i = (uint16_t)BN_bn2bin(dsa->priv_key, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + ldns_rdf_deep_free(b64_bignum); + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + printf("(Not available)\n"); + } + + ldns_buffer_printf(output, "Public_value(y): "); + if (dsa->pub_key) { + i = (uint16_t)BN_bn2bin(dsa->pub_key, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + ldns_rdf_deep_free(b64_bignum); + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + printf("(Not available)\n"); + } +#endif /* splint */ + break; + case LDNS_SIGN_ECC_GOST: + /* no format defined, use blob */ +#if defined(HAVE_SSL) && defined(USE_GOST) + ldns_buffer_printf(output, "Private-key-format: v1.2\n"); + ldns_buffer_printf(output, "Algorithm: %d (ECC-GOST)\n", LDNS_SIGN_ECC_GOST); + status = ldns_gost_key2buffer_str(output, +#ifndef S_SPLINT_S + k->_key.key +#else + NULL +#endif + ); +#else + goto error; +#endif /* GOST */ + break; + case LDNS_SIGN_ECDSAP256SHA256: + case LDNS_SIGN_ECDSAP384SHA384: +#ifdef USE_ECDSA + ldns_buffer_printf(output, "Private-key-format: v1.2\n"); + ldns_buffer_printf(output, "Algorithm: %d (", ldns_key_algorithm(k)); + status=ldns_algorithm2buffer_str(output, (ldns_algorithm)ldns_key_algorithm(k)); +#ifndef S_SPLINT_S + ldns_buffer_printf(output, ")\n"); + if(k->_key.key) { + EC_KEY* ec = EVP_PKEY_get1_EC_KEY(k->_key.key); + const BIGNUM* b = EC_KEY_get0_private_key(ec); + ldns_buffer_printf(output, "PrivateKey: "); + i = (uint16_t)BN_bn2bin(b, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + ldns_rdf_deep_free(b64_bignum); + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + /* down reference count in EC_KEY + * its still assigned to the PKEY */ + EC_KEY_free(ec); + } +#endif /* splint */ +#else + goto error; +#endif /* ECDSA */ + break; + case LDNS_SIGN_HMACMD5: + /* there's not much of a format defined for TSIG */ + /* It's just a binary blob, Same for all algorithms */ + ldns_buffer_printf(output, "Private-key-format: v1.2\n"); + ldns_buffer_printf(output, "Algorithm: 157 (HMAC_MD5)\n"); + status = ldns_hmac_key2buffer_str(output, k); + break; + case LDNS_SIGN_HMACSHA1: + ldns_buffer_printf(output, "Private-key-format: v1.2\n"); + ldns_buffer_printf(output, "Algorithm: 158 (HMAC_SHA1)\n"); + status = ldns_hmac_key2buffer_str(output, k); + break; + case LDNS_SIGN_HMACSHA256: + ldns_buffer_printf(output, "Private-key-format: v1.2\n"); + ldns_buffer_printf(output, "Algorithm: 159 (HMAC_SHA256)\n"); + status = ldns_hmac_key2buffer_str(output, k); + break; + } +#endif /* HAVE_SSL */ + } else { + LDNS_FREE(bignum); + return ldns_buffer_status(output); + } + LDNS_FREE(bignum); + return status; + +#ifdef HAVE_SSL + /* compiles warn the label isn't used */ +error: + LDNS_FREE(bignum); + return LDNS_STATUS_ERR; +#endif /* HAVE_SSL */ + +} + +/* + * Zero terminate the buffer and copy data. + */ +char * +ldns_buffer2str(ldns_buffer *buffer) +{ + char *str; + + /* check if buffer ends with \0, if not, and + if there is space, add it */ + if (*(ldns_buffer_at(buffer, ldns_buffer_position(buffer))) != 0) { + if (!ldns_buffer_reserve(buffer, 1)) { + return NULL; + } + ldns_buffer_write_u8(buffer, (uint8_t) '\0'); + if (!ldns_buffer_set_capacity(buffer, ldns_buffer_position(buffer))) { + return NULL; + } + } + + str = strdup((const char *)ldns_buffer_begin(buffer)); + if(!str) { + return NULL; + } + return str; +} + +/* + * Zero terminate the buffer and export data. + */ +char * +ldns_buffer_export2str(ldns_buffer *buffer) +{ + /* Append '\0' as string terminator */ + if (! ldns_buffer_reserve(buffer, 1)) { + return NULL; + } + ldns_buffer_write_u8(buffer, 0); + + /* reallocate memory to the size of the string and export */ + ldns_buffer_set_capacity(buffer, ldns_buffer_position(buffer)); + return ldns_buffer_export(buffer); +} + +char * +ldns_rdf2str(const ldns_rdf *rdf) +{ + char *result = NULL; + ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); + + if (!tmp_buffer) { + return NULL; + } + if (ldns_rdf2buffer_str(tmp_buffer, rdf) == LDNS_STATUS_OK) { + /* export and return string, destroy rest */ + result = ldns_buffer_export2str(tmp_buffer); + } + ldns_buffer_free(tmp_buffer); + return result; +} + +char * +ldns_rr2str_fmt(const ldns_output_format *fmt, const ldns_rr *rr) +{ + char *result = NULL; + ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); + + if (!tmp_buffer) { + return NULL; + } + if (ldns_rr2buffer_str_fmt(tmp_buffer, fmt, rr) + == LDNS_STATUS_OK) { + /* export and return string, destroy rest */ + result = ldns_buffer_export2str(tmp_buffer); + } + ldns_buffer_free(tmp_buffer); + return result; +} + +char * +ldns_rr2str(const ldns_rr *rr) +{ + return ldns_rr2str_fmt(ldns_output_format_default, rr); +} + +char * +ldns_pkt2str_fmt(const ldns_output_format *fmt, const ldns_pkt *pkt) +{ + char *result = NULL; + ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); + + if (!tmp_buffer) { + return NULL; + } + if (ldns_pkt2buffer_str_fmt(tmp_buffer, fmt, pkt) + == LDNS_STATUS_OK) { + /* export and return string, destroy rest */ + result = ldns_buffer_export2str(tmp_buffer); + } + + ldns_buffer_free(tmp_buffer); + return result; +} + +char * +ldns_pkt2str(const ldns_pkt *pkt) +{ + return ldns_pkt2str_fmt(ldns_output_format_default, pkt); +} + +char * +ldns_key2str(const ldns_key *k) +{ + char *result = NULL; + ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); + + if (!tmp_buffer) { + return NULL; + } + if (ldns_key2buffer_str(tmp_buffer, k) == LDNS_STATUS_OK) { + /* export and return string, destroy rest */ + result = ldns_buffer_export2str(tmp_buffer); + } + ldns_buffer_free(tmp_buffer); + return result; +} + +char * +ldns_rr_list2str_fmt(const ldns_output_format *fmt, const ldns_rr_list *list) +{ + char *result = NULL; + ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); + + if (!tmp_buffer) { + return NULL; + } + if (list) { + if (ldns_rr_list2buffer_str_fmt( + tmp_buffer, fmt, list) + == LDNS_STATUS_OK) { + } + } else { + if (fmt == NULL) { + fmt = ldns_output_format_default; + } + if (fmt->flags & LDNS_COMMENT_NULLS) { + ldns_buffer_printf(tmp_buffer, "; (null)\n"); + } + } + + /* export and return string, destroy rest */ + result = ldns_buffer_export2str(tmp_buffer); + ldns_buffer_free(tmp_buffer); + return result; +} + +char * +ldns_rr_list2str(const ldns_rr_list *list) +{ + return ldns_rr_list2str_fmt(ldns_output_format_default, list); +} + +void +ldns_rdf_print(FILE *output, const ldns_rdf *rdf) +{ + char *str = ldns_rdf2str(rdf); + if (str) { + fprintf(output, "%s", str); + } else { + fprintf(output, ";Unable to convert rdf to string\n"); + } + LDNS_FREE(str); +} + +void +ldns_rr_print_fmt(FILE *output, + const ldns_output_format *fmt, const ldns_rr *rr) +{ + char *str = ldns_rr2str_fmt(fmt, rr); + if (str) { + fprintf(output, "%s", str); + } else { + fprintf(output, ";Unable to convert rr to string\n"); + } + LDNS_FREE(str); +} + +void +ldns_rr_print(FILE *output, const ldns_rr *rr) +{ + ldns_rr_print_fmt(output, ldns_output_format_default, rr); +} + +void +ldns_pkt_print_fmt(FILE *output, + const ldns_output_format *fmt, const ldns_pkt *pkt) +{ + char *str = ldns_pkt2str_fmt(fmt, pkt); + if (str) { + fprintf(output, "%s", str); + } else { + fprintf(output, ";Unable to convert packet to string\n"); + } + LDNS_FREE(str); +} + +void +ldns_pkt_print(FILE *output, const ldns_pkt *pkt) +{ + ldns_pkt_print_fmt(output, ldns_output_format_default, pkt); +} + +void +ldns_rr_list_print_fmt(FILE *output, + const ldns_output_format *fmt, const ldns_rr_list *lst) +{ + size_t i; + for (i = 0; i < ldns_rr_list_rr_count(lst); i++) { + ldns_rr_print_fmt(output, fmt, ldns_rr_list_rr(lst, i)); + } +} + +void +ldns_rr_list_print(FILE *output, const ldns_rr_list *lst) +{ + ldns_rr_list_print_fmt(output, ldns_output_format_default, lst); +} + +void +ldns_resolver_print_fmt(FILE *output, + const ldns_output_format *fmt, const ldns_resolver *r) +{ + uint16_t i; + ldns_rdf **n; + ldns_rdf **s; + size_t *rtt; + if (!r) { + return; + } + n = ldns_resolver_nameservers(r); + s = ldns_resolver_searchlist(r); + rtt = ldns_resolver_rtt(r); + + fprintf(output, "port: %d\n", (int)ldns_resolver_port(r)); + fprintf(output, "edns0 size: %d\n", (int)ldns_resolver_edns_udp_size(r)); + fprintf(output, "use ip6: %d\n", (int)ldns_resolver_ip6(r)); + + fprintf(output, "recursive: %d\n", ldns_resolver_recursive(r)); + fprintf(output, "usevc: %d\n", ldns_resolver_usevc(r)); + fprintf(output, "igntc: %d\n", ldns_resolver_igntc(r)); + fprintf(output, "fail: %d\n", ldns_resolver_fail(r)); + fprintf(output, "retry: %d\n", (int)ldns_resolver_retry(r)); + fprintf(output, "retrans: %d\n", (int)ldns_resolver_retrans(r)); + fprintf(output, "fallback: %d\n", ldns_resolver_fallback(r)); + fprintf(output, "random: %d\n", ldns_resolver_random(r)); + fprintf(output, "timeout: %d\n", (int)ldns_resolver_timeout(r).tv_sec); + fprintf(output, "dnssec: %d\n", ldns_resolver_dnssec(r)); + fprintf(output, "dnssec cd: %d\n", ldns_resolver_dnssec_cd(r)); + fprintf(output, "trust anchors (%d listed):\n", + (int)ldns_rr_list_rr_count(ldns_resolver_dnssec_anchors(r))); + ldns_rr_list_print_fmt(output, fmt, ldns_resolver_dnssec_anchors(r)); + fprintf(output, "tsig: %s %s\n", + ldns_resolver_tsig_keyname(r)?ldns_resolver_tsig_keyname(r):"-", + ldns_resolver_tsig_algorithm(r)?ldns_resolver_tsig_algorithm(r):"-"); + fprintf(output, "debug: %d\n", ldns_resolver_debug(r)); + + fprintf(output, "default domain: "); + ldns_rdf_print(output, ldns_resolver_domain(r)); + fprintf(output, "\n"); + fprintf(output, "apply default domain: %d\n", ldns_resolver_defnames(r)); + + fprintf(output, "searchlist (%d listed):\n", (int)ldns_resolver_searchlist_count(r)); + for (i = 0; i < ldns_resolver_searchlist_count(r); i++) { + fprintf(output, "\t"); + ldns_rdf_print(output, s[i]); + fprintf(output, "\n"); + } + fprintf(output, "apply search list: %d\n", ldns_resolver_dnsrch(r)); + + fprintf(output, "nameservers (%d listed):\n", (int)ldns_resolver_nameserver_count(r)); + for (i = 0; i < ldns_resolver_nameserver_count(r); i++) { + fprintf(output, "\t"); + ldns_rdf_print(output, n[i]); + + switch ((int)rtt[i]) { + case LDNS_RESOLV_RTT_MIN: + fprintf(output, " - reachable\n"); + break; + case LDNS_RESOLV_RTT_INF: + fprintf(output, " - unreachable\n"); + break; + } + } +} + +void +ldns_resolver_print(FILE *output, const ldns_resolver *r) +{ + ldns_resolver_print_fmt(output, ldns_output_format_default, r); +} + +void +ldns_zone_print_fmt(FILE *output, + const ldns_output_format *fmt, const ldns_zone *z) +{ + if(ldns_zone_soa(z)) + ldns_rr_print_fmt(output, fmt, ldns_zone_soa(z)); + ldns_rr_list_print_fmt(output, fmt, ldns_zone_rrs(z)); +} +void +ldns_zone_print(FILE *output, const ldns_zone *z) +{ + ldns_zone_print_fmt(output, ldns_output_format_default, z); +} diff --git a/ldns/src/host2wire.c b/ldns/src/host2wire.c new file mode 100644 index 0000000..06f45ba --- /dev/null +++ b/ldns/src/host2wire.c @@ -0,0 +1,494 @@ +/* + * host2wire.c + * + * conversion routines from the host to the wire format. + * This will usually just a re-ordering of the + * data (as we store it in network format) + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +ldns_status +ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name) +{ + return ldns_dname2buffer_wire_compress(buffer, name, NULL); +} + +ldns_status +ldns_dname2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *name, ldns_rbtree_t *compression_data) +{ + ldns_rbnode_t *node; + uint8_t *data; + size_t size; + ldns_rdf *label; + ldns_rdf *rest; + ldns_status s; + + /* If no tree, just add the data */ + if(!compression_data) + { + if (ldns_buffer_reserve(buffer, ldns_rdf_size(name))) + { + ldns_buffer_write(buffer, ldns_rdf_data(name), ldns_rdf_size(name)); + } + return ldns_buffer_status(buffer); + } + + /* No labels left, write final zero */ + if(ldns_dname_label_count(name)==0) + { + if(ldns_buffer_reserve(buffer,1)) + { + ldns_buffer_write_u8(buffer, 0); + } + return ldns_buffer_status(buffer); + } + + /* Can we find the name in the tree? */ + if((node = ldns_rbtree_search(compression_data, ldns_rdf_data(name))) != NULL) + { + /* Found */ + uint16_t position = (uint16_t) (intptr_t) node->data | 0xC000; + if (ldns_buffer_reserve(buffer, 2)) + { + ldns_buffer_write_u16(buffer, position); + } + return ldns_buffer_status(buffer); + } + else + { + /* Not found. Write cache entry, take off first label, write it, */ + /* try again with the rest of the name. */ + ldns_rbnode_t *node = LDNS_MALLOC(ldns_rbnode_t); + if(!node) + { + return LDNS_STATUS_MEM_ERR; + } + if (ldns_buffer_position(buffer) < 16384) { + node->key = strdup((const char *)ldns_rdf_data(name)); + node->data = (void *) (intptr_t) ldns_buffer_position(buffer); + if(!ldns_rbtree_insert(compression_data,node)) + { + /* fprintf(stderr,"Name not found but now it's there?\n"); */ + } + } + label = ldns_dname_label(name, 0); + rest = ldns_dname_left_chop(name); + size = ldns_rdf_size(label) - 1; /* Don't want the final zero */ + data = ldns_rdf_data(label); + if(ldns_buffer_reserve(buffer, size)) + { + ldns_buffer_write(buffer, data, size); + } + ldns_rdf_deep_free(label); + s = ldns_dname2buffer_wire_compress(buffer, rest, compression_data); + ldns_rdf_deep_free(rest); + return s; + } +} + +ldns_status +ldns_rdf2buffer_wire(ldns_buffer *buffer, const ldns_rdf *rdf) +{ + return ldns_rdf2buffer_wire_compress(buffer, rdf, NULL); +} + +ldns_status +ldns_rdf2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *rdf, ldns_rbtree_t *compression_data) +{ + /* If it's a DNAME, call that function to get compression */ + if(compression_data && ldns_rdf_get_type(rdf) == LDNS_RDF_TYPE_DNAME) + { + return ldns_dname2buffer_wire_compress(buffer,rdf,compression_data); + } + + if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) { + ldns_buffer_write(buffer, ldns_rdf_data(rdf), ldns_rdf_size(rdf)); + } + return ldns_buffer_status(buffer); +} + +ldns_status +ldns_rdf2buffer_wire_canonical(ldns_buffer *buffer, const ldns_rdf *rdf) +{ + size_t i; + uint8_t *rdf_data; + + if (ldns_rdf_get_type(rdf) == LDNS_RDF_TYPE_DNAME) { + if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) { + rdf_data = ldns_rdf_data(rdf); + for (i = 0; i < ldns_rdf_size(rdf); i++) { + ldns_buffer_write_u8(buffer, + (uint8_t) LDNS_DNAME_NORMALIZE((int)rdf_data[i])); + } + } + } else { + /* direct copy for all other types */ + if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) { + ldns_buffer_write(buffer, + ldns_rdf_data(rdf), + ldns_rdf_size(rdf)); + } + } + return ldns_buffer_status(buffer); +} + +/* convert a rr list to wireformat */ +ldns_status +ldns_rr_list2buffer_wire(ldns_buffer *buffer,const ldns_rr_list *rr_list) +{ + uint16_t rr_count; + uint16_t i; + + rr_count = ldns_rr_list_rr_count(rr_list); + for(i = 0; i < rr_count; i++) { + (void)ldns_rr2buffer_wire(buffer, ldns_rr_list_rr(rr_list, i), + LDNS_SECTION_ANY); + } + return ldns_buffer_status(buffer); +} + + +ldns_status +ldns_rr2buffer_wire_canonical(ldns_buffer *buffer, + const ldns_rr *rr, + int section) +{ + uint16_t i; + uint16_t rdl_pos = 0; + bool pre_rfc3597 = false; + switch (ldns_rr_get_type(rr)) { + case LDNS_RR_TYPE_NS: + case LDNS_RR_TYPE_MD: + case LDNS_RR_TYPE_MF: + case LDNS_RR_TYPE_CNAME: + case LDNS_RR_TYPE_SOA: + case LDNS_RR_TYPE_MB: + case LDNS_RR_TYPE_MG: + case LDNS_RR_TYPE_MR: + case LDNS_RR_TYPE_PTR: + case LDNS_RR_TYPE_HINFO: + case LDNS_RR_TYPE_MINFO: + case LDNS_RR_TYPE_MX: + case LDNS_RR_TYPE_RP: + case LDNS_RR_TYPE_AFSDB: + case LDNS_RR_TYPE_RT: + case LDNS_RR_TYPE_SIG: + case LDNS_RR_TYPE_PX: + case LDNS_RR_TYPE_NXT: + case LDNS_RR_TYPE_NAPTR: + case LDNS_RR_TYPE_KX: + case LDNS_RR_TYPE_SRV: + case LDNS_RR_TYPE_DNAME: + case LDNS_RR_TYPE_A6: + case LDNS_RR_TYPE_RRSIG: + pre_rfc3597 = true; + break; + default: + break; + } + + if (ldns_rr_owner(rr)) { + (void) ldns_rdf2buffer_wire_canonical(buffer, ldns_rr_owner(rr)); + } + + if (ldns_buffer_reserve(buffer, 4)) { + (void) ldns_buffer_write_u16(buffer, ldns_rr_get_type(rr)); + (void) ldns_buffer_write_u16(buffer, ldns_rr_get_class(rr)); + } + + if (section != LDNS_SECTION_QUESTION) { + if (ldns_buffer_reserve(buffer, 6)) { + ldns_buffer_write_u32(buffer, ldns_rr_ttl(rr)); + /* remember pos for later */ + rdl_pos = ldns_buffer_position(buffer); + ldns_buffer_write_u16(buffer, 0); + } + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + if (pre_rfc3597) { + (void) ldns_rdf2buffer_wire_canonical( + buffer, ldns_rr_rdf(rr, i)); + } else { + (void) ldns_rdf2buffer_wire( + buffer, ldns_rr_rdf(rr, i)); + } + } + if (rdl_pos != 0) { + ldns_buffer_write_u16_at(buffer, rdl_pos, + ldns_buffer_position(buffer) + - rdl_pos - 2); + } + } + return ldns_buffer_status(buffer); +} + +ldns_status +ldns_rr2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr, int section) +{ + return ldns_rr2buffer_wire_compress(buffer,rr,section,NULL); +} + +ldns_status +ldns_rr2buffer_wire_compress(ldns_buffer *buffer, const ldns_rr *rr, int section, ldns_rbtree_t *compression_data) +{ + uint16_t i; + uint16_t rdl_pos = 0; + + if (ldns_rr_owner(rr)) { + (void) ldns_dname2buffer_wire_compress(buffer, ldns_rr_owner(rr), compression_data); + } + + if (ldns_buffer_reserve(buffer, 4)) { + (void) ldns_buffer_write_u16(buffer, ldns_rr_get_type(rr)); + (void) ldns_buffer_write_u16(buffer, ldns_rr_get_class(rr)); + } + + if (section != LDNS_SECTION_QUESTION) { + if (ldns_buffer_reserve(buffer, 6)) { + ldns_buffer_write_u32(buffer, ldns_rr_ttl(rr)); + /* remember pos for later */ + rdl_pos = ldns_buffer_position(buffer); + ldns_buffer_write_u16(buffer, 0); + } + if (LDNS_RR_COMPRESS == + ldns_rr_descript(ldns_rr_get_type(rr))->_compress) { + + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + (void) ldns_rdf2buffer_wire_compress(buffer, + ldns_rr_rdf(rr, i), compression_data); + } + } else { + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + (void) ldns_rdf2buffer_wire( + buffer, ldns_rr_rdf(rr, i)); + } + } + if (rdl_pos != 0) { + ldns_buffer_write_u16_at(buffer, rdl_pos, + ldns_buffer_position(buffer) + - rdl_pos - 2); + } + } + return ldns_buffer_status(buffer); +} + +ldns_status +ldns_rrsig2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr) +{ + uint16_t i; + + /* it must be a sig RR */ + if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) { + return LDNS_STATUS_ERR; + } + + /* Convert all the rdfs, except the actual signature data + * rdf number 8 - the last, hence: -1 */ + for (i = 0; i < ldns_rr_rd_count(rr) - 1; i++) { + (void) ldns_rdf2buffer_wire_canonical(buffer, + ldns_rr_rdf(rr, i)); + } + + return ldns_buffer_status(buffer); +} + +ldns_status +ldns_rr_rdata2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr) +{ + uint16_t i; + + /* convert all the rdf's */ + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + (void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr,i)); + } + return ldns_buffer_status(buffer); +} + +/* + * Copies the packet header data to the buffer in wire format + */ +static ldns_status +ldns_hdr2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet) +{ + uint8_t flags; + uint16_t arcount; + + if (ldns_buffer_reserve(buffer, 12)) { + ldns_buffer_write_u16(buffer, ldns_pkt_id(packet)); + + flags = ldns_pkt_qr(packet) << 7 + | ldns_pkt_get_opcode(packet) << 3 + | ldns_pkt_aa(packet) << 2 + | ldns_pkt_tc(packet) << 1 | ldns_pkt_rd(packet); + ldns_buffer_write_u8(buffer, flags); + + flags = ldns_pkt_ra(packet) << 7 + /*| ldns_pkt_z(packet) << 6*/ + | ldns_pkt_ad(packet) << 5 + | ldns_pkt_cd(packet) << 4 + | ldns_pkt_get_rcode(packet); + ldns_buffer_write_u8(buffer, flags); + + ldns_buffer_write_u16(buffer, ldns_pkt_qdcount(packet)); + ldns_buffer_write_u16(buffer, ldns_pkt_ancount(packet)); + ldns_buffer_write_u16(buffer, ldns_pkt_nscount(packet)); + /* add EDNS0 and TSIG to additional if they are there */ + arcount = ldns_pkt_arcount(packet); + if (ldns_pkt_tsig(packet)) { + arcount++; + } + if (ldns_pkt_edns(packet)) { + arcount++; + } + ldns_buffer_write_u16(buffer, arcount); + } + + return ldns_buffer_status(buffer); +} + +void +compression_node_free(ldns_rbnode_t *node, void *arg) +{ + (void)arg; /* Yes, dear compiler, it is used */ + free((void *)node->key); + LDNS_FREE(node); +} + +ldns_status +ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet) +{ + ldns_rr_list *rr_list; + uint16_t i; + + /* edns tmp vars */ + ldns_rr *edns_rr; + uint8_t edata[4]; + + ldns_rbtree_t *compression_data = ldns_rbtree_create((int (*)(const void *, const void *))strcasecmp); + + (void) ldns_hdr2buffer_wire(buffer, packet); + + rr_list = ldns_pkt_question(packet); + if (rr_list) { + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + (void) ldns_rr2buffer_wire_compress(buffer, + ldns_rr_list_rr(rr_list, i), LDNS_SECTION_QUESTION, compression_data); + } + } + rr_list = ldns_pkt_answer(packet); + if (rr_list) { + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + (void) ldns_rr2buffer_wire_compress(buffer, + ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ANSWER, compression_data); + } + } + rr_list = ldns_pkt_authority(packet); + if (rr_list) { + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + (void) ldns_rr2buffer_wire_compress(buffer, + ldns_rr_list_rr(rr_list, i), LDNS_SECTION_AUTHORITY, compression_data); + } + } + rr_list = ldns_pkt_additional(packet); + if (rr_list) { + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + (void) ldns_rr2buffer_wire_compress(buffer, + ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ADDITIONAL, compression_data); + } + } + + /* add EDNS to additional if it is needed */ + if (ldns_pkt_edns(packet)) { + edns_rr = ldns_rr_new(); + if(!edns_rr) return LDNS_STATUS_MEM_ERR; + ldns_rr_set_owner(edns_rr, + ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, ".")); + ldns_rr_set_type(edns_rr, LDNS_RR_TYPE_OPT); + ldns_rr_set_class(edns_rr, ldns_pkt_edns_udp_size(packet)); + edata[0] = ldns_pkt_edns_extended_rcode(packet); + edata[1] = ldns_pkt_edns_version(packet); + ldns_write_uint16(&edata[2], ldns_pkt_edns_z(packet)); + ldns_rr_set_ttl(edns_rr, ldns_read_uint32(edata)); + /* don't forget to add the edns rdata (if any) */ + if (packet->_edns_data) + ldns_rr_push_rdf (edns_rr, packet->_edns_data); + (void)ldns_rr2buffer_wire_compress(buffer, edns_rr, LDNS_SECTION_ADDITIONAL, compression_data); + /* take the edns rdata back out of the rr before we free rr */ + if (packet->_edns_data) + (void)ldns_rr_pop_rdf (edns_rr); + ldns_rr_free(edns_rr); + } + + /* add TSIG to additional if it is there */ + if (ldns_pkt_tsig(packet)) { + (void) ldns_rr2buffer_wire_compress(buffer, + ldns_pkt_tsig(packet), LDNS_SECTION_ADDITIONAL, compression_data); + } + + ldns_traverse_postorder(compression_data,compression_node_free,NULL); + ldns_rbtree_free(compression_data); + + return LDNS_STATUS_OK; +} + +ldns_status +ldns_rdf2wire(uint8_t **dest, const ldns_rdf *rdf, size_t *result_size) +{ + ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); + ldns_status status; + *result_size = 0; + *dest = NULL; + if(!buffer) return LDNS_STATUS_MEM_ERR; + + status = ldns_rdf2buffer_wire(buffer, rdf); + if (status == LDNS_STATUS_OK) { + *result_size = ldns_buffer_position(buffer); + *dest = (uint8_t *) ldns_buffer_export(buffer); + } + ldns_buffer_free(buffer); + return status; +} + +ldns_status +ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int section, size_t *result_size) +{ + ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); + ldns_status status; + *result_size = 0; + *dest = NULL; + if(!buffer) return LDNS_STATUS_MEM_ERR; + + status = ldns_rr2buffer_wire(buffer, rr, section); + if (status == LDNS_STATUS_OK) { + *result_size = ldns_buffer_position(buffer); + *dest = (uint8_t *) ldns_buffer_export(buffer); + } + ldns_buffer_free(buffer); + return status; +} + +ldns_status +ldns_pkt2wire(uint8_t **dest, const ldns_pkt *packet, size_t *result_size) +{ + ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); + ldns_status status; + *result_size = 0; + *dest = NULL; + if(!buffer) return LDNS_STATUS_MEM_ERR; + + status = ldns_pkt2buffer_wire(buffer, packet); + if (status == LDNS_STATUS_OK) { + *result_size = ldns_buffer_position(buffer); + *dest = (uint8_t *) ldns_buffer_export(buffer); + } + ldns_buffer_free(buffer); + return status; +} diff --git a/ldns/src/keys.c b/ldns/src/keys.c new file mode 100644 index 0000000..8b43821 --- /dev/null +++ b/ldns/src/keys.c @@ -0,0 +1,1726 @@ +/* + * keys.c handle private keys for use in DNSSEC + * + * This module should hide some of the openSSL complexities + * and give a general interface for private keys and hmac + * handling + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +#ifdef HAVE_SSL +#include +#include +#include +#endif /* HAVE_SSL */ + +ldns_lookup_table ldns_signing_algorithms[] = { + { LDNS_SIGN_RSAMD5, "RSAMD5" }, + { LDNS_SIGN_RSASHA1, "RSASHA1" }, + { LDNS_SIGN_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" }, +#ifdef USE_SHA2 + { LDNS_SIGN_RSASHA256, "RSASHA256" }, + { LDNS_SIGN_RSASHA512, "RSASHA512" }, +#endif +#ifdef USE_GOST + { LDNS_SIGN_ECC_GOST, "ECC-GOST" }, +#endif +#ifdef USE_ECDSA + { LDNS_SIGN_ECDSAP256SHA256, "ECDSAP256SHA256" }, + { LDNS_SIGN_ECDSAP384SHA384, "ECDSAP384SHA384" }, +#endif + { LDNS_SIGN_DSA, "DSA" }, + { LDNS_SIGN_DSA_NSEC3, "DSA-NSEC3-SHA1" }, + { LDNS_SIGN_HMACMD5, "hmac-md5.sig-alg.reg.int" }, + { LDNS_SIGN_HMACSHA1, "hmac-sha1" }, + { LDNS_SIGN_HMACSHA256, "hmac-sha256" }, + { 0, NULL } +}; + +ldns_key_list * +ldns_key_list_new(void) +{ + ldns_key_list *key_list = LDNS_MALLOC(ldns_key_list); + if (!key_list) { + return NULL; + } else { + key_list->_key_count = 0; + key_list->_keys = NULL; + return key_list; + } +} + +ldns_key * +ldns_key_new(void) +{ + ldns_key *newkey; + + newkey = LDNS_MALLOC(ldns_key); + if (!newkey) { + return NULL; + } else { + /* some defaults - not sure wether to do this */ + ldns_key_set_use(newkey, true); + ldns_key_set_flags(newkey, LDNS_KEY_ZONE_KEY); + ldns_key_set_origttl(newkey, 0); + ldns_key_set_keytag(newkey, 0); + ldns_key_set_inception(newkey, 0); + ldns_key_set_expiration(newkey, 0); + ldns_key_set_pubkey_owner(newkey, NULL); +#ifdef HAVE_SSL + ldns_key_set_evp_key(newkey, NULL); +#endif /* HAVE_SSL */ + ldns_key_set_hmac_key(newkey, NULL); + ldns_key_set_external_key(newkey, NULL); + return newkey; + } +} + +ldns_status +ldns_key_new_frm_fp(ldns_key **k, FILE *fp) +{ + return ldns_key_new_frm_fp_l(k, fp, NULL); +} + +#ifdef HAVE_SSL +ldns_status +ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg) +{ + ldns_key *k; + + k = ldns_key_new(); + if(!k) return LDNS_STATUS_MEM_ERR; +#ifndef S_SPLINT_S + k->_key.key = ENGINE_load_private_key(e, key_id, UI_OpenSSL(), NULL); + if(!k->_key.key) { + ldns_key_free(k); + return LDNS_STATUS_ERR; + } + ldns_key_set_algorithm(k, (ldns_signing_algorithm) alg); + if (!k->_key.key) { + ldns_key_free(k); + return LDNS_STATUS_ENGINE_KEY_NOT_LOADED; + } +#endif /* splint */ + *key = k; + return LDNS_STATUS_OK; +} +#endif + +#ifdef USE_GOST +/** store GOST engine reference loaded into OpenSSL library */ +ENGINE* ldns_gost_engine = NULL; + +int +ldns_key_EVP_load_gost_id(void) +{ + static int gost_id = 0; + const EVP_PKEY_ASN1_METHOD* meth; + ENGINE* e; + + if(gost_id) return gost_id; + + /* see if configuration loaded gost implementation from other engine*/ + meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1); + if(meth) { + EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); + return gost_id; + } + + /* see if engine can be loaded already */ + e = ENGINE_by_id("gost"); + if(!e) { + /* load it ourself, in case statically linked */ + ENGINE_load_builtin_engines(); + ENGINE_load_dynamic(); + e = ENGINE_by_id("gost"); + } + if(!e) { + /* no gost engine in openssl */ + return 0; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { + ENGINE_finish(e); + ENGINE_free(e); + return 0; + } + + meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1); + if(!meth) { + /* algo not found */ + ENGINE_finish(e); + ENGINE_free(e); + return 0; + } + /* Note: do not ENGINE_finish and ENGINE_free the acquired engine + * on some platforms this frees up the meth and unloads gost stuff */ + ldns_gost_engine = e; + + EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); + return gost_id; +} + +void ldns_key_EVP_unload_gost(void) +{ + if(ldns_gost_engine) { + ENGINE_finish(ldns_gost_engine); + ENGINE_free(ldns_gost_engine); + ldns_gost_engine = NULL; + } +} + +/** read GOST private key */ +static EVP_PKEY* +ldns_key_new_frm_fp_gost_l(FILE* fp, int* line_nr) +{ + char token[16384]; + const unsigned char* pp; + int gost_id; + EVP_PKEY* pkey; + ldns_rdf* b64rdf = NULL; + + gost_id = ldns_key_EVP_load_gost_id(); + if(!gost_id) + return NULL; + + if (ldns_fget_keyword_data_l(fp, "GostAsn1", ": ", token, "\n", + sizeof(token), line_nr) == -1) + return NULL; + while(strlen(token) < 96) { + /* read more b64 from the file, b64 split on multiple lines */ + if(ldns_fget_token_l(fp, token+strlen(token), "\n", + sizeof(token)-strlen(token), line_nr) == -1) + return NULL; + } + if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK) + return NULL; + pp = (unsigned char*)ldns_rdf_data(b64rdf); + pkey = d2i_PrivateKey(gost_id, NULL, &pp, (int)ldns_rdf_size(b64rdf)); + ldns_rdf_deep_free(b64rdf); + return pkey; +} +#endif + +#ifdef USE_ECDSA +/** calculate public key from private key */ +static int +ldns_EC_KEY_calc_public(EC_KEY* ec) +{ + EC_POINT* pub_key; + const EC_GROUP* group; + group = EC_KEY_get0_group(ec); + pub_key = EC_POINT_new(group); + if(!pub_key) return 0; + if(!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { + EC_POINT_free(pub_key); + return 0; + } + if(!EC_POINT_mul(group, pub_key, EC_KEY_get0_private_key(ec), + NULL, NULL, NULL)) { + EC_POINT_free(pub_key); + return 0; + } + if(EC_KEY_set_public_key(ec, pub_key) == 0) { + EC_POINT_free(pub_key); + return 0; + } + EC_POINT_free(pub_key); + return 1; +} + +/** read ECDSA private key */ +static EVP_PKEY* +ldns_key_new_frm_fp_ecdsa_l(FILE* fp, ldns_algorithm alg, int* line_nr) +{ + char token[16384]; + ldns_rdf* b64rdf = NULL; + unsigned char* pp; + BIGNUM* bn; + EVP_PKEY* evp_key; + EC_KEY* ec; + if (ldns_fget_keyword_data_l(fp, "PrivateKey", ": ", token, "\n", + sizeof(token), line_nr) == -1) + return NULL; + if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK) + return NULL; + pp = (unsigned char*)ldns_rdf_data(b64rdf); + + if(alg == LDNS_ECDSAP256SHA256) + ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + else if(alg == LDNS_ECDSAP384SHA384) + ec = EC_KEY_new_by_curve_name(NID_secp384r1); + else ec = NULL; + if(!ec) { + ldns_rdf_deep_free(b64rdf); + return NULL; + } + bn = BN_bin2bn(pp, (int)ldns_rdf_size(b64rdf), NULL); + ldns_rdf_deep_free(b64rdf); + if(!bn) { + EC_KEY_free(ec); + return NULL; + } + EC_KEY_set_private_key(ec, bn); + BN_free(bn); + if(!ldns_EC_KEY_calc_public(ec)) { + EC_KEY_free(ec); + return NULL; + } + + evp_key = EVP_PKEY_new(); + if(!evp_key) { + EC_KEY_free(ec); + return NULL; + } + if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) { + EVP_PKEY_free(evp_key); + EC_KEY_free(ec); + return NULL; + } + return evp_key; +} +#endif + +ldns_status +ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr) +{ + ldns_key *k; + char *d; + ldns_signing_algorithm alg; + ldns_rr *key_rr; +#ifdef HAVE_SSL + RSA *rsa; + DSA *dsa; + unsigned char *hmac; + size_t hmac_size; +#endif /* HAVE_SSL */ + + k = ldns_key_new(); + + d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN); + if (!k || !d) { + ldns_key_free(k); + LDNS_FREE(d); + return LDNS_STATUS_MEM_ERR; + } + + alg = 0; + + /* the file is highly structured. Do this in sequence */ + /* RSA: + * Private-key-format: v1.x. + * Algorithm: 1 (RSA) + + */ + /* get the key format version number */ + if (ldns_fget_keyword_data_l(fp, "Private-key-format", ": ", d, "\n", + LDNS_MAX_LINELEN, line_nr) == -1) { + /* no version information */ + ldns_key_free(k); + LDNS_FREE(d); + return LDNS_STATUS_SYNTAX_ERR; + } + if (strncmp(d, "v1.", 3) != 0) { + ldns_key_free(k); + LDNS_FREE(d); + return LDNS_STATUS_SYNTAX_VERSION_ERR; + } + + /* get the algorithm type, our file function strip ( ) so there are + * not in the return string! */ + if (ldns_fget_keyword_data_l(fp, "Algorithm", ": ", d, "\n", + LDNS_MAX_LINELEN, line_nr) == -1) { + /* no alg information */ + ldns_key_free(k); + LDNS_FREE(d); + return LDNS_STATUS_SYNTAX_ALG_ERR; + } + + if (strncmp(d, "1 RSA", 2) == 0) { + alg = LDNS_SIGN_RSAMD5; + } + if (strncmp(d, "2 DH", 2) == 0) { + alg = (ldns_signing_algorithm)LDNS_DH; + } + if (strncmp(d, "3 DSA", 2) == 0) { + alg = LDNS_SIGN_DSA; + } + if (strncmp(d, "4 ECC", 2) == 0) { + alg = (ldns_signing_algorithm)LDNS_ECC; + } + if (strncmp(d, "5 RSASHA1", 2) == 0) { + alg = LDNS_SIGN_RSASHA1; + } + if (strncmp(d, "6 DSA", 2) == 0) { + alg = LDNS_SIGN_DSA_NSEC3; + } + if (strncmp(d, "7 RSASHA1", 2) == 0) { + alg = LDNS_SIGN_RSASHA1_NSEC3; + } + + if (strncmp(d, "8 RSASHA256", 2) == 0) { +#ifdef USE_SHA2 + alg = LDNS_SIGN_RSASHA256; +#else +# ifdef STDERR_MSGS + fprintf(stderr, "Warning: SHA256 not compiled into this "); + fprintf(stderr, "version of ldns\n"); +# endif +#endif + } + if (strncmp(d, "10 RSASHA512", 3) == 0) { +#ifdef USE_SHA2 + alg = LDNS_SIGN_RSASHA512; +#else +# ifdef STDERR_MSGS + fprintf(stderr, "Warning: SHA512 not compiled into this "); + fprintf(stderr, "version of ldns\n"); +# endif +#endif + } + if (strncmp(d, "12 ECC-GOST", 3) == 0) { +#ifdef USE_GOST + alg = LDNS_SIGN_ECC_GOST; +#else +# ifdef STDERR_MSGS + fprintf(stderr, "Warning: ECC-GOST not compiled into this "); + fprintf(stderr, "version of ldns, use --enable-gost\n"); +# endif +#endif + } + if (strncmp(d, "13 ECDSAP256SHA256", 3) == 0) { +#ifdef USE_ECDSA + alg = LDNS_SIGN_ECDSAP256SHA256; +#else +# ifdef STDERR_MSGS + fprintf(stderr, "Warning: ECDSA not compiled into this "); + fprintf(stderr, "version of ldns, use --enable-ecdsa\n"); +# endif +#endif + } + if (strncmp(d, "14 ECDSAP384SHA384", 3) == 0) { +#ifdef USE_ECDSA + alg = LDNS_SIGN_ECDSAP384SHA384; +#else +# ifdef STDERR_MSGS + fprintf(stderr, "Warning: ECDSA not compiled into this "); + fprintf(stderr, "version of ldns, use --enable-ecdsa\n"); +# endif +#endif + } + if (strncmp(d, "157 HMAC-MD5", 4) == 0) { + alg = LDNS_SIGN_HMACMD5; + } + if (strncmp(d, "158 HMAC-SHA1", 4) == 0) { + alg = LDNS_SIGN_HMACSHA1; + } + if (strncmp(d, "159 HMAC-SHA256", 4) == 0) { + alg = LDNS_SIGN_HMACSHA256; + } + + LDNS_FREE(d); + + switch(alg) { + case LDNS_SIGN_RSAMD5: + case LDNS_SIGN_RSASHA1: + case LDNS_SIGN_RSASHA1_NSEC3: +#ifdef USE_SHA2 + case LDNS_SIGN_RSASHA256: + case LDNS_SIGN_RSASHA512: +#endif + ldns_key_set_algorithm(k, alg); +#ifdef HAVE_SSL + rsa = ldns_key_new_frm_fp_rsa_l(fp, line_nr); + if (!rsa) { + ldns_key_free(k); + return LDNS_STATUS_ERR; + } + ldns_key_assign_rsa_key(k, rsa); +#endif /* HAVE_SSL */ + break; + case LDNS_SIGN_DSA: + case LDNS_SIGN_DSA_NSEC3: + ldns_key_set_algorithm(k, alg); +#ifdef HAVE_SSL + dsa = ldns_key_new_frm_fp_dsa_l(fp, line_nr); + if (!dsa) { + ldns_key_free(k); + return LDNS_STATUS_ERR; + } + ldns_key_assign_dsa_key(k, dsa); +#endif /* HAVE_SSL */ + break; + case LDNS_SIGN_HMACMD5: + case LDNS_SIGN_HMACSHA1: + case LDNS_SIGN_HMACSHA256: + ldns_key_set_algorithm(k, alg); +#ifdef HAVE_SSL + hmac = ldns_key_new_frm_fp_hmac_l(fp, line_nr, &hmac_size); + if (!hmac) { + ldns_key_free(k); + return LDNS_STATUS_ERR; + } + ldns_key_set_hmac_size(k, hmac_size); + ldns_key_set_hmac_key(k, hmac); +#endif /* HAVE_SSL */ + break; + case LDNS_SIGN_ECC_GOST: + ldns_key_set_algorithm(k, alg); +#if defined(HAVE_SSL) && defined(USE_GOST) + if(!ldns_key_EVP_load_gost_id()) { + ldns_key_free(k); + return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL; + } + ldns_key_set_evp_key(k, + ldns_key_new_frm_fp_gost_l(fp, line_nr)); +#ifndef S_SPLINT_S + if(!k->_key.key) { + ldns_key_free(k); + return LDNS_STATUS_ERR; + } +#endif /* splint */ +#endif + break; +#ifdef USE_ECDSA + case LDNS_SIGN_ECDSAP256SHA256: + case LDNS_SIGN_ECDSAP384SHA384: + ldns_key_set_algorithm(k, alg); + ldns_key_set_evp_key(k, + ldns_key_new_frm_fp_ecdsa_l(fp, (ldns_algorithm)alg, line_nr)); +#ifndef S_SPLINT_S + if(!k->_key.key) { + ldns_key_free(k); + return LDNS_STATUS_ERR; + } +#endif /* splint */ + break; +#endif + default: + ldns_key_free(k); + return LDNS_STATUS_SYNTAX_ALG_ERR; + } + key_rr = ldns_key2rr(k); + ldns_key_set_keytag(k, ldns_calc_keytag(key_rr)); + ldns_rr_free(key_rr); + + if (key) { + *key = k; + return LDNS_STATUS_OK; + } + ldns_key_free(k); + return LDNS_STATUS_ERR; +} + +#ifdef HAVE_SSL +RSA * +ldns_key_new_frm_fp_rsa(FILE *f) +{ + return ldns_key_new_frm_fp_rsa_l(f, NULL); +} + +RSA * +ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr) +{ + /* we parse + * Modulus: + * PublicExponent: + * PrivateExponent: + * Prime1: + * Prime2: + * Exponent1: + * Exponent2: + * Coefficient: + * + * man 3 RSA: + * + * struct + * { + * BIGNUM *n; // public modulus + * BIGNUM *e; // public exponent + * BIGNUM *d; // private exponent + * BIGNUM *p; // secret prime factor + * BIGNUM *q; // secret prime factor + * BIGNUM *dmp1; // d mod (p-1) + * BIGNUM *dmq1; // d mod (q-1) + * BIGNUM *iqmp; // q^-1 mod p + * // ... + * + */ + char *d; + RSA *rsa; + uint8_t *buf; + int i; + + d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN); + buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN); + rsa = RSA_new(); + if (!d || !rsa || !buf) { + goto error; + } + + /* I could use functions again, but that seems an overkill, + * allthough this also looks tedious + */ + + /* Modules, rsa->n */ + if (ldns_fget_keyword_data_l(f, "Modulus", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); +#ifndef S_SPLINT_S + rsa->n = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->n) { + goto error; + } + + /* PublicExponent, rsa->e */ + if (ldns_fget_keyword_data_l(f, "PublicExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->e = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->e) { + goto error; + } + + /* PrivateExponent, rsa->d */ + if (ldns_fget_keyword_data_l(f, "PrivateExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->d = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->d) { + goto error; + } + + /* Prime1, rsa->p */ + if (ldns_fget_keyword_data_l(f, "Prime1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->p) { + goto error; + } + + /* Prime2, rsa->q */ + if (ldns_fget_keyword_data_l(f, "Prime2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->q) { + goto error; + } + + /* Exponent1, rsa->dmp1 */ + if (ldns_fget_keyword_data_l(f, "Exponent1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->dmp1 = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->dmp1) { + goto error; + } + + /* Exponent2, rsa->dmq1 */ + if (ldns_fget_keyword_data_l(f, "Exponent2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->dmq1 = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->dmq1) { + goto error; + } + + /* Coefficient, rsa->iqmp */ + if (ldns_fget_keyword_data_l(f, "Coefficient", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->iqmp = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->iqmp) { + goto error; + } +#endif /* splint */ + + LDNS_FREE(buf); + LDNS_FREE(d); + return rsa; + +error: + RSA_free(rsa); + LDNS_FREE(d); + LDNS_FREE(buf); + return NULL; +} + +DSA * +ldns_key_new_frm_fp_dsa(FILE *f) +{ + return ldns_key_new_frm_fp_dsa_l(f, NULL); +} + +DSA * +ldns_key_new_frm_fp_dsa_l(FILE *f, ATTR_UNUSED(int *line_nr)) +{ + int i; + char *d; + DSA *dsa; + uint8_t *buf; + + d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN); + buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN); + dsa = DSA_new(); + if (!d || !dsa || !buf) { + goto error; + } + + /* the line parser removes the () from the input... */ + + /* Prime, dsa->p */ + if (ldns_fget_keyword_data_l(f, "Primep", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); +#ifndef S_SPLINT_S + dsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!dsa->p) { + goto error; + } + + /* Subprime, dsa->q */ + if (ldns_fget_keyword_data_l(f, "Subprimeq", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + dsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!dsa->q) { + goto error; + } + + /* Base, dsa->g */ + if (ldns_fget_keyword_data_l(f, "Baseg", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + dsa->g = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!dsa->g) { + goto error; + } + + /* Private key, dsa->priv_key */ + if (ldns_fget_keyword_data_l(f, "Private_valuex", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + dsa->priv_key = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!dsa->priv_key) { + goto error; + } + + /* Public key, dsa->priv_key */ + if (ldns_fget_keyword_data_l(f, "Public_valuey", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + dsa->pub_key = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!dsa->pub_key) { + goto error; + } +#endif /* splint */ + + LDNS_FREE(buf); + LDNS_FREE(d); + + return dsa; + +error: + LDNS_FREE(d); + LDNS_FREE(buf); + DSA_free(dsa); + return NULL; +} + +unsigned char * +ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size) +{ + return ldns_key_new_frm_fp_hmac_l(f, NULL, hmac_size); +} + +unsigned char * +ldns_key_new_frm_fp_hmac_l( FILE *f + , ATTR_UNUSED(int *line_nr) + , size_t *hmac_size + ) +{ + size_t i, bufsz; + char d[LDNS_MAX_LINELEN]; + unsigned char *buf = NULL; + + if (ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + bufsz = ldns_b64_ntop_calculate_size(strlen(d)); + buf = LDNS_XMALLOC(unsigned char, bufsz); + i = (size_t) ldns_b64_pton((const char*)d, buf, bufsz); + + *hmac_size = i; + return buf; + + error: + LDNS_FREE(buf); + *hmac_size = 0; + return NULL; +} +#endif /* HAVE_SSL */ + +#ifdef USE_GOST +static EVP_PKEY* +ldns_gen_gost_key(void) +{ + EVP_PKEY_CTX* ctx; + EVP_PKEY* p = NULL; + int gost_id = ldns_key_EVP_load_gost_id(); + if(!gost_id) + return NULL; + ctx = EVP_PKEY_CTX_new_id(gost_id, NULL); + if(!ctx) { + /* the id should be available now */ + return NULL; + } + if(EVP_PKEY_CTX_ctrl_str(ctx, "paramset", "A") <= 0) { + /* cannot set paramset */ + EVP_PKEY_CTX_free(ctx); + return NULL; + } + + if(EVP_PKEY_keygen_init(ctx) <= 0) { + EVP_PKEY_CTX_free(ctx); + return NULL; + } + if(EVP_PKEY_keygen(ctx, &p) <= 0) { + EVP_PKEY_free(p); + EVP_PKEY_CTX_free(ctx); + return NULL; + } + EVP_PKEY_CTX_free(ctx); + return p; +} +#endif + +ldns_key * +ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size) +{ + ldns_key *k; +#ifdef HAVE_SSL + DSA *d; + RSA *r; +# ifdef USE_ECDSA + EC_KEY *ec = NULL; +# endif +#else + int i; + uint16_t offset = 0; +#endif + unsigned char *hmac; + + k = ldns_key_new(); + if (!k) { + return NULL; + } + switch(alg) { + case LDNS_SIGN_RSAMD5: + case LDNS_SIGN_RSASHA1: + case LDNS_SIGN_RSASHA1_NSEC3: + case LDNS_SIGN_RSASHA256: + case LDNS_SIGN_RSASHA512: +#ifdef HAVE_SSL + r = RSA_generate_key((int)size, RSA_F4, NULL, NULL); + if(!r) { + ldns_key_free(k); + return NULL; + } + if (RSA_check_key(r) != 1) { + ldns_key_free(k); + return NULL; + } + ldns_key_set_rsa_key(k, r); + RSA_free(r); +#endif /* HAVE_SSL */ + break; + case LDNS_SIGN_DSA: + case LDNS_SIGN_DSA_NSEC3: +#ifdef HAVE_SSL + d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL); + if (!d) { + ldns_key_free(k); + return NULL; + } + if (DSA_generate_key(d) != 1) { + ldns_key_free(k); + return NULL; + } + ldns_key_set_dsa_key(k, d); + DSA_free(d); +#endif /* HAVE_SSL */ + break; + case LDNS_SIGN_HMACMD5: + case LDNS_SIGN_HMACSHA1: + case LDNS_SIGN_HMACSHA256: +#ifdef HAVE_SSL +#ifndef S_SPLINT_S + k->_key.key = NULL; +#endif /* splint */ +#endif /* HAVE_SSL */ + size = size / 8; + ldns_key_set_hmac_size(k, size); + + hmac = LDNS_XMALLOC(unsigned char, size); + if(!hmac) { + ldns_key_free(k); + return NULL; + } +#ifdef HAVE_SSL + if (RAND_bytes(hmac, (int) size) != 1) { + LDNS_FREE(hmac); + ldns_key_free(k); + return NULL; + } +#else + while (offset + sizeof(i) < size) { + i = random(); + memcpy(&hmac[offset], &i, sizeof(i)); + offset += sizeof(i); + } + if (offset < size) { + i = random(); + memcpy(&hmac[offset], &i, size - offset); + } +#endif /* HAVE_SSL */ + ldns_key_set_hmac_key(k, hmac); + + ldns_key_set_flags(k, 0); + break; + case LDNS_SIGN_ECC_GOST: +#if defined(HAVE_SSL) && defined(USE_GOST) + ldns_key_set_evp_key(k, ldns_gen_gost_key()); +#ifndef S_SPLINT_S + if(!k->_key.key) { + ldns_key_free(k); + return NULL; + } +#endif /* splint */ +#else + ldns_key_free(k); + return NULL; +#endif /* HAVE_SSL and USE_GOST */ + break; + case LDNS_SIGN_ECDSAP256SHA256: + case LDNS_SIGN_ECDSAP384SHA384: +#ifdef USE_ECDSA + if(alg == LDNS_SIGN_ECDSAP256SHA256) + ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + else if(alg == LDNS_SIGN_ECDSAP384SHA384) + ec = EC_KEY_new_by_curve_name(NID_secp384r1); + if(!ec) { + ldns_key_free(k); + return NULL; + } + if(!EC_KEY_generate_key(ec)) { + ldns_key_free(k); + EC_KEY_free(ec); + return NULL; + } +#ifndef S_SPLINT_S + k->_key.key = EVP_PKEY_new(); + if(!k->_key.key) { + ldns_key_free(k); + EC_KEY_free(ec); + return NULL; + } + if (!EVP_PKEY_assign_EC_KEY(k->_key.key, ec)) { + ldns_key_free(k); + EC_KEY_free(ec); + return NULL; + } +#endif /* splint */ +#else + ldns_key_free(k); + return NULL; +#endif /* ECDSA */ + break; + } + ldns_key_set_algorithm(k, alg); + return k; +} + +void +ldns_key_print(FILE *output, const ldns_key *k) +{ + char *str = ldns_key2str(k); + if (str) { + fprintf(output, "%s", str); + } else { + fprintf(output, "Unable to convert private key to string\n"); + } + LDNS_FREE(str); +} + + +void +ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l) +{ + k->_alg = l; +} + +void +ldns_key_set_flags(ldns_key *k, uint16_t f) +{ + k->_extra.dnssec.flags = f; +} + +#ifdef HAVE_SSL +#ifndef S_SPLINT_S +void +ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e) +{ + k->_key.key = e; +} + +void +ldns_key_set_rsa_key(ldns_key *k, RSA *r) +{ + EVP_PKEY *key = EVP_PKEY_new(); + EVP_PKEY_set1_RSA(key, r); + k->_key.key = key; +} + +void +ldns_key_set_dsa_key(ldns_key *k, DSA *d) +{ + EVP_PKEY *key = EVP_PKEY_new(); + EVP_PKEY_set1_DSA(key, d); + k->_key.key = key; +} + +void +ldns_key_assign_rsa_key(ldns_key *k, RSA *r) +{ + EVP_PKEY *key = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(key, r); + k->_key.key = key; +} + +void +ldns_key_assign_dsa_key(ldns_key *k, DSA *d) +{ + EVP_PKEY *key = EVP_PKEY_new(); + EVP_PKEY_assign_DSA(key, d); + k->_key.key = key; +} +#endif /* splint */ +#endif /* HAVE_SSL */ + +void +ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac) +{ + k->_key.hmac.key = hmac; +} + +void +ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size) +{ + k->_key.hmac.size = hmac_size; +} + +void +ldns_key_set_external_key(ldns_key *k, void *external_key) +{ + k->_key.external_key = external_key; +} + +void +ldns_key_set_origttl(ldns_key *k, uint32_t t) +{ + k->_extra.dnssec.orig_ttl = t; +} + +void +ldns_key_set_inception(ldns_key *k, uint32_t i) +{ + k->_extra.dnssec.inception = i; +} + +void +ldns_key_set_expiration(ldns_key *k, uint32_t e) +{ + k->_extra.dnssec.expiration = e; +} + +void +ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r) +{ + k->_pubkey_owner = r; +} + +void +ldns_key_set_keytag(ldns_key *k, uint16_t tag) +{ + k->_extra.dnssec.keytag = tag; +} + +/* read */ +size_t +ldns_key_list_key_count(const ldns_key_list *key_list) +{ + return key_list->_key_count; +} + +ldns_key * +ldns_key_list_key(const ldns_key_list *key, size_t nr) +{ + if (nr < ldns_key_list_key_count(key)) { + return key->_keys[nr]; + } else { + return NULL; + } +} + +ldns_signing_algorithm +ldns_key_algorithm(const ldns_key *k) +{ + return k->_alg; +} + +void +ldns_key_set_use(ldns_key *k, bool v) +{ + if (k) { + k->_use = v; + } +} + +bool +ldns_key_use(const ldns_key *k) +{ + if (k) { + return k->_use; + } + return false; +} + +#ifdef HAVE_SSL +#ifndef S_SPLINT_S +EVP_PKEY * +ldns_key_evp_key(const ldns_key *k) +{ + return k->_key.key; +} + +RSA * +ldns_key_rsa_key(const ldns_key *k) +{ + if (k->_key.key) { + return EVP_PKEY_get1_RSA(k->_key.key); + } else { + return NULL; + } +} + +DSA * +ldns_key_dsa_key(const ldns_key *k) +{ + if (k->_key.key) { + return EVP_PKEY_get1_DSA(k->_key.key); + } else { + return NULL; + } +} +#endif /* splint */ +#endif /* HAVE_SSL */ + +unsigned char * +ldns_key_hmac_key(const ldns_key *k) +{ + if (k->_key.hmac.key) { + return k->_key.hmac.key; + } else { + return NULL; + } +} + +size_t +ldns_key_hmac_size(const ldns_key *k) +{ + if (k->_key.hmac.size) { + return k->_key.hmac.size; + } else { + return 0; + } +} + +void * +ldns_key_external_key(const ldns_key *k) +{ + return k->_key.external_key; +} + +uint32_t +ldns_key_origttl(const ldns_key *k) +{ + return k->_extra.dnssec.orig_ttl; +} + +uint16_t +ldns_key_flags(const ldns_key *k) +{ + return k->_extra.dnssec.flags; +} + +uint32_t +ldns_key_inception(const ldns_key *k) +{ + return k->_extra.dnssec.inception; +} + +uint32_t +ldns_key_expiration(const ldns_key *k) +{ + return k->_extra.dnssec.expiration; +} + +uint16_t +ldns_key_keytag(const ldns_key *k) +{ + return k->_extra.dnssec.keytag; +} + +ldns_rdf * +ldns_key_pubkey_owner(const ldns_key *k) +{ + return k->_pubkey_owner; +} + +/* write */ +void +ldns_key_list_set_use(ldns_key_list *keys, bool v) +{ + size_t i; + + for (i = 0; i < ldns_key_list_key_count(keys); i++) { + ldns_key_set_use(ldns_key_list_key(keys, i), v); + } +} + +void +ldns_key_list_set_key_count(ldns_key_list *key, size_t count) +{ + key->_key_count = count; +} + +bool +ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key) +{ + size_t key_count; + ldns_key **keys; + + key_count = ldns_key_list_key_count(key_list); + + /* grow the array */ + keys = LDNS_XREALLOC( + key_list->_keys, ldns_key *, key_count + 1); + if (!keys) { + return false; + } + + /* add the new member */ + key_list->_keys = keys; + key_list->_keys[key_count] = key; + + ldns_key_list_set_key_count(key_list, key_count + 1); + return true; +} + +ldns_key * +ldns_key_list_pop_key(ldns_key_list *key_list) +{ + size_t key_count; + ldns_key** a; + ldns_key *pop; + + if (!key_list) { + return NULL; + } + + key_count = ldns_key_list_key_count(key_list); + if (key_count == 0) { + return NULL; + } + + pop = ldns_key_list_key(key_list, key_count); + + /* shrink the array */ + a = LDNS_XREALLOC(key_list->_keys, ldns_key *, key_count - 1); + if(a) { + key_list->_keys = a; + } + + ldns_key_list_set_key_count(key_list, key_count - 1); + + return pop; +} + +#ifdef HAVE_SSL +#ifndef S_SPLINT_S +/* data pointer must be large enough (LDNS_MAX_KEYLEN) */ +static bool +ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size) +{ + int i,j; + + if (!k) { + return false; + } + + if (BN_num_bytes(k->e) <= 256) { + /* normally only this path is executed (small factors are + * more common + */ + data[0] = (unsigned char) BN_num_bytes(k->e); + i = BN_bn2bin(k->e, data + 1); + j = BN_bn2bin(k->n, data + i + 1); + *size = (uint16_t) i + j; + } else if (BN_num_bytes(k->e) <= 65536) { + data[0] = 0; + /* BN_bn2bin does bigendian, _uint16 also */ + ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(k->e)); + + BN_bn2bin(k->e, data + 3); + BN_bn2bin(k->n, data + 4 + BN_num_bytes(k->e)); + *size = (uint16_t) BN_num_bytes(k->n) + 6; + } else { + return false; + } + return true; +} + +/* data pointer must be large enough (LDNS_MAX_KEYLEN) */ +static bool +ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size) +{ + uint8_t T; + + if (!k) { + return false; + } + + /* See RFC2536 */ + *size = (uint16_t)BN_num_bytes(k->p); + T = (*size - 64) / 8; + + if (T > 8) { +#ifdef STDERR_MSGS + fprintf(stderr, "DSA key with T > 8 (ie. > 1024 bits)"); + fprintf(stderr, " not implemented\n"); +#endif + return false; + } + + /* size = 64 + (T * 8); */ + memset(data, 0, 21 + *size * 3); + data[0] = (unsigned char)T; + BN_bn2bin(k->q, data + 1 ); /* 20 octects */ + BN_bn2bin(k->p, data + 21 ); /* offset octects */ + BN_bn2bin(k->g, data + 21 + *size * 2 - BN_num_bytes(k->g)); + BN_bn2bin(k->pub_key,data + 21 + *size * 3 - BN_num_bytes(k->pub_key)); + *size = 21 + *size * 3; + return true; +} + +#ifdef USE_GOST +static bool +ldns_key_gost2bin(unsigned char* data, EVP_PKEY* k, uint16_t* size) +{ + int i; + unsigned char* pp = NULL; + if(i2d_PUBKEY(k, &pp) != 37 + 64) { + /* expect 37 byte(ASN header) and 64 byte(X and Y) */ + CRYPTO_free(pp); + return false; + } + /* omit ASN header */ + for(i=0; i<64; i++) + data[i] = pp[i+37]; + CRYPTO_free(pp); + *size = 64; + return true; +} +#endif /* USE_GOST */ +#endif /* splint */ +#endif /* HAVE_SSL */ + +ldns_rr * +ldns_key2rr(const ldns_key *k) +{ + /* this function will convert a the keydata contained in + * rsa/dsa pointers to a DNSKEY rr. It will fill in as + * much as it can, but it does not know about key-flags + * for instance + */ + ldns_rr *pubkey; + ldns_rdf *keybin; + unsigned char *bin = NULL; + uint16_t size = 0; +#ifdef HAVE_SSL + RSA *rsa = NULL; + DSA *dsa = NULL; +#endif /* HAVE_SSL */ +#ifdef USE_ECDSA + EC_KEY* ec; +#endif + int internal_data = 0; + + if (!k) { + return NULL; + } + pubkey = ldns_rr_new(); + + switch (ldns_key_algorithm(k)) { + case LDNS_SIGN_HMACMD5: + case LDNS_SIGN_HMACSHA1: + case LDNS_SIGN_HMACSHA256: + ldns_rr_set_type(pubkey, LDNS_RR_TYPE_KEY); + break; + default: + ldns_rr_set_type(pubkey, LDNS_RR_TYPE_DNSKEY); + break; + } + /* zero-th rdf - flags */ + ldns_rr_push_rdf(pubkey, + ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, + ldns_key_flags(k))); + /* first - proto */ + ldns_rr_push_rdf(pubkey, + ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, LDNS_DNSSEC_KEYPROTO)); + + if (ldns_key_pubkey_owner(k)) { + ldns_rr_set_owner(pubkey, ldns_rdf_clone(ldns_key_pubkey_owner(k))); + } + + /* third - da algorithm */ + switch(ldns_key_algorithm(k)) { + case LDNS_SIGN_RSAMD5: + case LDNS_SIGN_RSASHA1: + case LDNS_SIGN_RSASHA1_NSEC3: + case LDNS_SIGN_RSASHA256: + case LDNS_SIGN_RSASHA512: + ldns_rr_push_rdf(pubkey, + ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k))); +#ifdef HAVE_SSL + rsa = ldns_key_rsa_key(k); + if (rsa) { + bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); + if (!bin) { + ldns_rr_free(pubkey); + return NULL; + } + if (!ldns_key_rsa2bin(bin, rsa, &size)) { + LDNS_FREE(bin); + ldns_rr_free(pubkey); + return NULL; + } + RSA_free(rsa); + internal_data = 1; + } +#endif + size++; + break; + case LDNS_SIGN_DSA: + ldns_rr_push_rdf(pubkey, + ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA)); +#ifdef HAVE_SSL + dsa = ldns_key_dsa_key(k); + if (dsa) { + bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); + if (!bin) { + ldns_rr_free(pubkey); + return NULL; + } + if (!ldns_key_dsa2bin(bin, dsa, &size)) { + LDNS_FREE(bin); + ldns_rr_free(pubkey); + return NULL; + } + DSA_free(dsa); + internal_data = 1; + } +#endif /* HAVE_SSL */ + break; + case LDNS_SIGN_DSA_NSEC3: + ldns_rr_push_rdf(pubkey, + ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3)); +#ifdef HAVE_SSL + dsa = ldns_key_dsa_key(k); + if (dsa) { + bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); + if (!bin) { + ldns_rr_free(pubkey); + return NULL; + } + if (!ldns_key_dsa2bin(bin, dsa, &size)) { + LDNS_FREE(bin); + ldns_rr_free(pubkey); + return NULL; + } + DSA_free(dsa); + internal_data = 1; + } +#endif /* HAVE_SSL */ + break; + case LDNS_SIGN_ECC_GOST: + ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8( + LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k))); +#if defined(HAVE_SSL) && defined(USE_GOST) + bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); + if (!bin) { + ldns_rr_free(pubkey); + return NULL; + } +#ifndef S_SPLINT_S + if (!ldns_key_gost2bin(bin, k->_key.key, &size)) { + LDNS_FREE(bin); + ldns_rr_free(pubkey); + return NULL; + } +#endif /* splint */ + internal_data = 1; +#else + ldns_rr_free(pubkey); + return NULL; +#endif /* HAVE_SSL and USE_GOST */ + break; + case LDNS_SIGN_ECDSAP256SHA256: + case LDNS_SIGN_ECDSAP384SHA384: +#ifdef USE_ECDSA + ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8( + LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k))); + bin = NULL; +#ifndef S_SPLINT_S + ec = EVP_PKEY_get1_EC_KEY(k->_key.key); +#endif + EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED); + size = (uint16_t)i2o_ECPublicKey(ec, NULL); + if(!i2o_ECPublicKey(ec, &bin)) { + EC_KEY_free(ec); + ldns_rr_free(pubkey); + return NULL; + } + if(size > 1) { + /* move back one byte to shave off the 0x02 + * 'uncompressed' indicator that openssl made + * Actually its 0x04 (from implementation). + */ + assert(bin[0] == POINT_CONVERSION_UNCOMPRESSED); + size -= 1; + memmove(bin, bin+1, size); + } + /* down the reference count for ec, its still assigned + * to the pkey */ + EC_KEY_free(ec); + internal_data = 1; +#else + ldns_rr_free(pubkey); + return NULL; +#endif /* ECDSA */ + break; + case LDNS_SIGN_HMACMD5: + case LDNS_SIGN_HMACSHA1: + case LDNS_SIGN_HMACSHA256: + bin = LDNS_XMALLOC(unsigned char, ldns_key_hmac_size(k)); + if (!bin) { + ldns_rr_free(pubkey); + return NULL; + } + ldns_rr_push_rdf(pubkey, + ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, + ldns_key_algorithm(k))); + size = ldns_key_hmac_size(k); + memcpy(bin, ldns_key_hmac_key(k), size); + internal_data = 1; + break; + } + /* fourth the key bin material */ + if (internal_data) { + keybin = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, size, bin); + LDNS_FREE(bin); + ldns_rr_push_rdf(pubkey, keybin); + } + return pubkey; +} + +void +ldns_key_free(ldns_key *key) +{ + LDNS_FREE(key); +} + +void +ldns_key_deep_free(ldns_key *key) +{ + unsigned char* hmac; + if (ldns_key_pubkey_owner(key)) { + ldns_rdf_deep_free(ldns_key_pubkey_owner(key)); + } +#ifdef HAVE_SSL + if (ldns_key_evp_key(key)) { + EVP_PKEY_free(ldns_key_evp_key(key)); + } +#endif /* HAVE_SSL */ + if (ldns_key_hmac_key(key)) { + hmac = ldns_key_hmac_key(key); + LDNS_FREE(hmac); + } + LDNS_FREE(key); +} + +void +ldns_key_list_free(ldns_key_list *key_list) +{ + size_t i; + for (i = 0; i < ldns_key_list_key_count(key_list); i++) { + ldns_key_deep_free(ldns_key_list_key(key_list, i)); + } + LDNS_FREE(key_list->_keys); + LDNS_FREE(key_list); +} + +ldns_rr * +ldns_read_anchor_file(const char *filename) +{ + FILE *fp; + /*char line[LDNS_MAX_PACKETLEN];*/ + char *line = LDNS_XMALLOC(char, LDNS_MAX_PACKETLEN); + int c; + size_t i = 0; + ldns_rr *r; + ldns_status status; + if(!line) { + return NULL; + } + + fp = fopen(filename, "r"); + if (!fp) { +#ifdef STDERR_MSGS + fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno)); +#endif + LDNS_FREE(line); + return NULL; + } + + while ((c = fgetc(fp)) && i+1 < LDNS_MAX_PACKETLEN && c != EOF) { + line[i] = c; + i++; + } + line[i] = '\0'; + + fclose(fp); + + if (i <= 0) { +#ifdef STDERR_MSGS + fprintf(stderr, "nothing read from %s", filename); +#endif + LDNS_FREE(line); + return NULL; + } else { + status = ldns_rr_new_frm_str(&r, line, 0, NULL, NULL); + if (status == LDNS_STATUS_OK && (ldns_rr_get_type(r) == LDNS_RR_TYPE_DNSKEY || ldns_rr_get_type(r) == LDNS_RR_TYPE_DS)) { + LDNS_FREE(line); + return r; + } else { +#ifdef STDERR_MSGS + fprintf(stderr, "Error creating DNSKEY or DS rr from %s: %s\n", filename, ldns_get_errorstr_by_id(status)); +#endif + LDNS_FREE(line); + return NULL; + } + } +} + +char * +ldns_key_get_file_base_name(ldns_key *key) +{ + ldns_buffer *buffer; + char *file_base_name; + + buffer = ldns_buffer_new(255); + ldns_buffer_printf(buffer, "K"); + (void)ldns_rdf2buffer_str_dname(buffer, ldns_key_pubkey_owner(key)); + ldns_buffer_printf(buffer, + "+%03u+%05u", + ldns_key_algorithm(key), + ldns_key_keytag(key)); + file_base_name = ldns_buffer_export(buffer); + ldns_buffer_free(buffer); + return file_base_name; +} + +int ldns_key_algo_supported(int algo) +{ + ldns_lookup_table *lt = ldns_signing_algorithms; + while(lt->name) { + if(lt->id == algo) + return 1; + lt++; + } + return 0; +} + +ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name) +{ + /* list of (signing algorithm id, alias_name) */ + ldns_lookup_table aliases[] = { + /* from bind dnssec-keygen */ + {LDNS_SIGN_HMACMD5, "HMAC-MD5"}, + {LDNS_SIGN_DSA_NSEC3, "NSEC3DSA"}, + {LDNS_SIGN_RSASHA1_NSEC3, "NSEC3RSASHA1"}, + /* old ldns usage, now RFC names */ + {LDNS_SIGN_DSA_NSEC3, "DSA_NSEC3" }, + {LDNS_SIGN_RSASHA1_NSEC3, "RSASHA1_NSEC3" }, +#ifdef USE_GOST + {LDNS_SIGN_ECC_GOST, "GOST"}, +#endif + /* compat with possible output */ + {LDNS_DH, "DH"}, + {LDNS_ECC, "ECC"}, + {LDNS_INDIRECT, "INDIRECT"}, + {LDNS_PRIVATEDNS, "PRIVATEDNS"}, + {LDNS_PRIVATEOID, "PRIVATEOID"}, + {0, NULL}}; + ldns_lookup_table* lt = ldns_signing_algorithms; + ldns_signing_algorithm a; + char *endptr; + + while(lt->name) { + if(strcasecmp(lt->name, name) == 0) + return lt->id; + lt++; + } + lt = aliases; + while(lt->name) { + if(strcasecmp(lt->name, name) == 0) + return lt->id; + lt++; + } + a = strtol(name, &endptr, 10); + if (*name && !*endptr) + return a; + + return 0; +} diff --git a/ldns/src/net.c b/ldns/src/net.c new file mode 100644 index 0000000..b8a5385 --- /dev/null +++ b/ldns/src/net.c @@ -0,0 +1,1002 @@ +/* + * net.c + * + * Network implementation + * All network related functions are grouped here + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#include +#include +#include + +ldns_status +ldns_send(ldns_pkt **result_packet, ldns_resolver *r, const ldns_pkt *query_pkt) +{ + ldns_buffer *qb; + ldns_status result; + ldns_rdf *tsig_mac = NULL; + + qb = ldns_buffer_new(LDNS_MIN_BUFLEN); + + if (query_pkt && ldns_pkt_tsig(query_pkt)) { + tsig_mac = ldns_rr_rdf(ldns_pkt_tsig(query_pkt), 3); + } + + if (!query_pkt || + ldns_pkt2buffer_wire(qb, query_pkt) != LDNS_STATUS_OK) { + result = LDNS_STATUS_ERR; + } else { + result = ldns_send_buffer(result_packet, r, qb, tsig_mac); + } + + ldns_buffer_free(qb); + + return result; +} + +/* code from rdata.c */ +static struct sockaddr_storage * +ldns_rdf2native_sockaddr_storage_port( + const ldns_rdf *rd, uint16_t port, size_t *size) +{ + struct sockaddr_storage *data; + struct sockaddr_in *data_in; + struct sockaddr_in6 *data_in6; + + data = LDNS_MALLOC(struct sockaddr_storage); + if (!data) { + return NULL; + } + /* zero the structure for portability */ + memset(data, 0, sizeof(struct sockaddr_storage)); + + switch(ldns_rdf_get_type(rd)) { + case LDNS_RDF_TYPE_A: +#ifndef S_SPLINT_S + data->ss_family = AF_INET; +#endif + data_in = (struct sockaddr_in*) data; + data_in->sin_port = (in_port_t)htons(port); + memcpy(&(data_in->sin_addr), ldns_rdf_data(rd), ldns_rdf_size(rd)); + *size = sizeof(struct sockaddr_in); + return data; + case LDNS_RDF_TYPE_AAAA: +#ifndef S_SPLINT_S + data->ss_family = AF_INET6; +#endif + data_in6 = (struct sockaddr_in6*) data; + data_in6->sin6_port = (in_port_t)htons(port); + memcpy(&data_in6->sin6_addr, ldns_rdf_data(rd), ldns_rdf_size(rd)); + *size = sizeof(struct sockaddr_in6); + return data; + default: + LDNS_FREE(data); + return NULL; + } +} + +struct sockaddr_storage * +ldns_rdf2native_sockaddr_storage( + const ldns_rdf *rd, uint16_t port, size_t *size) +{ + return ldns_rdf2native_sockaddr_storage_port( + rd, (port == 0 ? (uint16_t)LDNS_PORT : port), size); +} + +/** best effort to set nonblocking */ +static void +ldns_sock_nonblock(int sockfd) +{ +#ifdef HAVE_FCNTL + int flag; + if((flag = fcntl(sockfd, F_GETFL)) != -1) { + flag |= O_NONBLOCK; + if(fcntl(sockfd, F_SETFL, flag) == -1) { + /* ignore error, continue blockingly */ + } + } +#elif defined(HAVE_IOCTLSOCKET) + unsigned long on = 1; + if(ioctlsocket(sockfd, FIONBIO, &on) != 0) { + /* ignore error, continue blockingly */ + } +#endif +} + +/** best effort to set blocking */ +static void +ldns_sock_block(int sockfd) +{ +#ifdef HAVE_FCNTL + int flag; + if((flag = fcntl(sockfd, F_GETFL)) != -1) { + flag &= ~O_NONBLOCK; + if(fcntl(sockfd, F_SETFL, flag) == -1) { + /* ignore error, continue */ + } + } +#elif defined(HAVE_IOCTLSOCKET) + unsigned long off = 0; + if(ioctlsocket(sockfd, FIONBIO, &off) != 0) { + /* ignore error, continue */ + } +#endif +} + +/** wait for a socket to become ready */ +static int +ldns_sock_wait(int sockfd, struct timeval timeout, int write) +{ + int ret; +#ifndef S_SPLINT_S + fd_set fds; + FD_ZERO(&fds); + FD_SET(FD_SET_T sockfd, &fds); + if(write) + ret = select(sockfd+1, NULL, &fds, NULL, &timeout); + else + ret = select(sockfd+1, &fds, NULL, NULL, &timeout); +#endif + if(ret == 0) + /* timeout expired */ + return 0; + else if(ret == -1) + /* error */ + return 0; + return 1; +} + + +static int +ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen, + const struct sockaddr_storage *from, socklen_t fromlen, + struct timeval timeout) +{ + int sockfd; + +#ifndef S_SPLINT_S + if ((sockfd = socket((int)((struct sockaddr*)to)->sa_family, SOCK_STREAM, + IPPROTO_TCP)) == -1) { + return 0; + } +#endif + if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == -1){ + return 0; + } + + /* perform nonblocking connect, to be able to wait with select() */ + ldns_sock_nonblock(sockfd); + if (connect(sockfd, (struct sockaddr*)to, tolen) == -1) { +#ifndef USE_WINSOCK +#ifdef EINPROGRESS + if(errno != EINPROGRESS) { +#else + if(1) { +#endif + close(sockfd); + return 0; + } +#else /* USE_WINSOCK */ + if(WSAGetLastError() != WSAEINPROGRESS && + WSAGetLastError() != WSAEWOULDBLOCK) { + closesocket(sockfd); + return 0; + } +#endif + /* error was only telling us that it would block */ + } + + /* wait(write) until connected or error */ + while(1) { + int error = 0; + socklen_t len = (socklen_t)sizeof(error); + + if(!ldns_sock_wait(sockfd, timeout, 1)) { +#ifndef USE_WINSOCK + close(sockfd); +#else + closesocket(sockfd); +#endif + return 0; + } + + /* check if there is a pending error for nonblocking connect */ + if(getsockopt(sockfd, SOL_SOCKET, SO_ERROR, (void*)&error, + &len) < 0) { +#ifndef USE_WINSOCK + error = errno; /* on solaris errno is error */ +#else + error = WSAGetLastError(); +#endif + } +#ifndef USE_WINSOCK +#if defined(EINPROGRESS) && defined(EWOULDBLOCK) + if(error == EINPROGRESS || error == EWOULDBLOCK) + continue; /* try again */ +#endif + else if(error != 0) { + close(sockfd); + /* error in errno for our user */ + errno = error; + return 0; + } +#else /* USE_WINSOCK */ + if(error == WSAEINPROGRESS) + continue; + else if(error == WSAEWOULDBLOCK) + continue; + else if(error != 0) { + closesocket(sockfd); + errno = error; + return 0; + } +#endif /* USE_WINSOCK */ + /* connected */ + break; + } + + /* set the socket blocking again */ + ldns_sock_block(sockfd); + + return sockfd; +} + +int +ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen, + struct timeval timeout) +{ + return ldns_tcp_connect_from(to, tolen, NULL, 0, timeout); +} + +static int +ldns_tcp_bgsend_from(ldns_buffer *qbin, + const struct sockaddr_storage *to, socklen_t tolen, + const struct sockaddr_storage *from, socklen_t fromlen, + struct timeval timeout) +{ + int sockfd; + + sockfd = ldns_tcp_connect_from(to, tolen, from, fromlen, timeout); + + if (sockfd == 0) { + return 0; + } + + if (ldns_tcp_send_query(qbin, sockfd, to, tolen) == 0) { +#ifndef USE_WINSOCK + close(sockfd); +#else + closesocket(sockfd); +#endif + return 0; + } + + return sockfd; +} + +int +ldns_tcp_bgsend(ldns_buffer *qbin, + const struct sockaddr_storage *to, socklen_t tolen, + struct timeval timeout) +{ + return ldns_tcp_bgsend_from(qbin, to, tolen, NULL, 0, timeout); +} + + +/* keep in mind that in DNS tcp messages the first 2 bytes signal the + * amount data to expect + */ +static ldns_status +ldns_tcp_send_from(uint8_t **result, ldns_buffer *qbin, + const struct sockaddr_storage *to, socklen_t tolen, + const struct sockaddr_storage *from, socklen_t fromlen, + struct timeval timeout, size_t *answer_size) +{ + int sockfd; + uint8_t *answer; + + sockfd = ldns_tcp_bgsend_from(qbin, to, tolen, from, fromlen, timeout); + + if (sockfd == 0) { + return LDNS_STATUS_ERR; + } + + answer = ldns_tcp_read_wire_timeout(sockfd, answer_size, timeout); +#ifndef USE_WINSOCK + close(sockfd); +#else + closesocket(sockfd); +#endif + + if (*answer_size == 0) { + /* oops */ + return LDNS_STATUS_NETWORK_ERR; + } + + /* resize accordingly */ + *result = LDNS_XREALLOC(answer, uint8_t, (size_t)*answer_size); + if(!*result) { + LDNS_FREE(answer); + return LDNS_STATUS_MEM_ERR; + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_tcp_send(uint8_t **result, ldns_buffer *qbin, + const struct sockaddr_storage *to, socklen_t tolen, + struct timeval timeout, size_t *answer_size) +{ + return ldns_tcp_send_from(result, qbin, + to, tolen, NULL, 0, timeout, answer_size); +} + +int +ldns_udp_connect(const struct sockaddr_storage *to, struct timeval ATTR_UNUSED(timeout)) +{ + int sockfd; + +#ifndef S_SPLINT_S + if ((sockfd = socket((int)((struct sockaddr*)to)->sa_family, SOCK_DGRAM, + IPPROTO_UDP)) + == -1) { + return 0; + } +#endif + return sockfd; +} + +static int +ldns_udp_bgsend_from(ldns_buffer *qbin, + const struct sockaddr_storage *to , socklen_t tolen, + const struct sockaddr_storage *from, socklen_t fromlen, + struct timeval timeout) +{ + int sockfd; + + sockfd = ldns_udp_connect(to, timeout); + + if (sockfd == 0) { + return 0; + } + + if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == -1){ + return 0; + } + + if (ldns_udp_send_query(qbin, sockfd, to, tolen) == 0) { +#ifndef USE_WINSOCK + close(sockfd); +#else + closesocket(sockfd); +#endif + return 0; + } + return sockfd; +} + +int +ldns_udp_bgsend(ldns_buffer *qbin, + const struct sockaddr_storage *to , socklen_t tolen, + struct timeval timeout) +{ + return ldns_udp_bgsend_from(qbin, to, tolen, NULL, 0, timeout); +} + +static ldns_status +ldns_udp_send_from(uint8_t **result, ldns_buffer *qbin, + const struct sockaddr_storage *to , socklen_t tolen, + const struct sockaddr_storage *from, socklen_t fromlen, + struct timeval timeout, size_t *answer_size) +{ + int sockfd; + uint8_t *answer; + + sockfd = ldns_udp_bgsend_from(qbin, to, tolen, from, fromlen, timeout); + + if (sockfd == 0) { + return LDNS_STATUS_SOCKET_ERROR; + } + + /* wait for an response*/ + if(!ldns_sock_wait(sockfd, timeout, 0)) { +#ifndef USE_WINSOCK + close(sockfd); +#else + closesocket(sockfd); +#endif + return LDNS_STATUS_NETWORK_ERR; + } + + /* set to nonblocking, so if the checksum is bad, it becomes + * an EGAIN error and the ldns_udp_send function does not block, + * but returns a 'NETWORK_ERROR' much like a timeout. */ + ldns_sock_nonblock(sockfd); + + answer = ldns_udp_read_wire(sockfd, answer_size, NULL, NULL); +#ifndef USE_WINSOCK + close(sockfd); +#else + closesocket(sockfd); +#endif + + if (*answer_size == 0) { + /* oops */ + return LDNS_STATUS_NETWORK_ERR; + } + + *result = answer; + return LDNS_STATUS_OK; +} + +ldns_status +ldns_udp_send(uint8_t **result, ldns_buffer *qbin, + const struct sockaddr_storage *to , socklen_t tolen, + struct timeval timeout, size_t *answer_size) +{ + return ldns_udp_send_from(result, qbin, to, tolen, NULL, 0, + timeout, answer_size); +} + +ldns_status +ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf *tsig_mac) +{ + uint8_t i; + + struct sockaddr_storage *src = NULL; + size_t src_len; + struct sockaddr_storage *ns; + size_t ns_len; + struct timeval tv_s; + struct timeval tv_e; + + ldns_rdf **ns_array; + size_t *rtt; + ldns_pkt *reply; + bool all_servers_rtt_inf; + uint8_t retries; + + uint8_t *reply_bytes = NULL; + size_t reply_size = 0; + ldns_status status, send_status; + + assert(r != NULL); + + status = LDNS_STATUS_OK; + rtt = ldns_resolver_rtt(r); + ns_array = ldns_resolver_nameservers(r); + reply = NULL; + ns_len = 0; + + all_servers_rtt_inf = true; + + if (ldns_resolver_random(r)) { + ldns_resolver_nameservers_randomize(r); + } + + if(ldns_resolver_source(r)) { + src = ldns_rdf2native_sockaddr_storage_port( + ldns_resolver_source(r), 0, &src_len); + } + + /* loop through all defined nameservers */ + for (i = 0; i < ldns_resolver_nameserver_count(r); i++) { + if (rtt[i] == LDNS_RESOLV_RTT_INF) { + /* not reachable nameserver! */ + continue; + } + + /* maybe verbosity setting? + printf("Sending to "); + ldns_rdf_print(stdout, ns_array[i]); + printf("\n"); + */ + ns = ldns_rdf2native_sockaddr_storage(ns_array[i], + ldns_resolver_port(r), &ns_len); + + +#ifndef S_SPLINT_S + if ((ns->ss_family == AF_INET) && + (ldns_resolver_ip6(r) == LDNS_RESOLV_INET6)) { + /* not reachable */ + LDNS_FREE(ns); + continue; + } + + if ((ns->ss_family == AF_INET6) && + (ldns_resolver_ip6(r) == LDNS_RESOLV_INET)) { + /* not reachable */ + LDNS_FREE(ns); + continue; + } +#endif + + all_servers_rtt_inf = false; + + gettimeofday(&tv_s, NULL); + + send_status = LDNS_STATUS_ERR; + + /* reply_bytes implicitly handles our error */ + if (ldns_resolver_usevc(r)) { + for (retries = ldns_resolver_retry(r); retries > 0; retries--) { + send_status = + ldns_tcp_send_from(&reply_bytes, qb, + ns, (socklen_t)ns_len, + src, (socklen_t)src_len, + ldns_resolver_timeout(r), + &reply_size); + if (send_status == LDNS_STATUS_OK) { + break; + } + } + } else { + for (retries = ldns_resolver_retry(r); retries > 0; retries--) { + /* ldns_rdf_print(stdout, ns_array[i]); */ + send_status = + ldns_udp_send_from(&reply_bytes, qb, + ns, (socklen_t)ns_len, + src, (socklen_t)src_len, + ldns_resolver_timeout(r), + &reply_size); + if (send_status == LDNS_STATUS_OK) { + break; + } + } + } + + if (send_status != LDNS_STATUS_OK) { + ldns_resolver_set_nameserver_rtt(r, i, LDNS_RESOLV_RTT_INF); + status = send_status; + } + + /* obey the fail directive */ + if (!reply_bytes) { + /* the current nameserver seems to have a problem, blacklist it */ + if (ldns_resolver_fail(r)) { + LDNS_FREE(ns); + return LDNS_STATUS_ERR; + } else { + LDNS_FREE(ns); + continue; + } + } + + status = ldns_wire2pkt(&reply, reply_bytes, reply_size); + if (status != LDNS_STATUS_OK) { + LDNS_FREE(reply_bytes); + LDNS_FREE(ns); + return status; + } + + LDNS_FREE(ns); + gettimeofday(&tv_e, NULL); + + if (reply) { + ldns_pkt_set_querytime(reply, (uint32_t) + ((tv_e.tv_sec - tv_s.tv_sec) * 1000) + + (tv_e.tv_usec - tv_s.tv_usec) / 1000); + ldns_pkt_set_answerfrom(reply, + ldns_rdf_clone(ns_array[i])); + ldns_pkt_set_timestamp(reply, tv_s); + ldns_pkt_set_size(reply, reply_size); + break; + } else { + if (ldns_resolver_fail(r)) { + /* if fail is set bail out, after the first + * one */ + break; + } + } + + /* wait retrans seconds... */ + sleep((unsigned int) ldns_resolver_retrans(r)); + } + + if(src) { + LDNS_FREE(src); + } + if (all_servers_rtt_inf) { + LDNS_FREE(reply_bytes); + return LDNS_STATUS_RES_NO_NS; + } +#ifdef HAVE_SSL + if (tsig_mac && reply && reply_bytes) { + if (!ldns_pkt_tsig_verify(reply, + reply_bytes, + reply_size, + ldns_resolver_tsig_keyname(r), + ldns_resolver_tsig_keydata(r), tsig_mac)) { + status = LDNS_STATUS_CRYPTO_TSIG_BOGUS; + } + } +#else + (void)tsig_mac; +#endif /* HAVE_SSL */ + + LDNS_FREE(reply_bytes); + if (result) { + *result = reply; + } + + return status; +} + +ssize_t +ldns_tcp_send_query(ldns_buffer *qbin, int sockfd, + const struct sockaddr_storage *to, socklen_t tolen) +{ + uint8_t *sendbuf; + ssize_t bytes; + + /* add length of packet */ + sendbuf = LDNS_XMALLOC(uint8_t, ldns_buffer_position(qbin) + 2); + if(!sendbuf) return 0; + ldns_write_uint16(sendbuf, ldns_buffer_position(qbin)); + memcpy(sendbuf + 2, ldns_buffer_begin(qbin), ldns_buffer_position(qbin)); + + bytes = sendto(sockfd, (void*)sendbuf, + ldns_buffer_position(qbin) + 2, 0, (struct sockaddr *)to, tolen); + + LDNS_FREE(sendbuf); + + if (bytes == -1 || (size_t) bytes != ldns_buffer_position(qbin) + 2 ) { + return 0; + } + return bytes; +} + +/* don't wait for an answer */ +ssize_t +ldns_udp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, + socklen_t tolen) +{ + ssize_t bytes; + + bytes = sendto(sockfd, (void*)ldns_buffer_begin(qbin), + ldns_buffer_position(qbin), 0, (struct sockaddr *)to, tolen); + + if (bytes == -1 || (size_t)bytes != ldns_buffer_position(qbin)) { + return 0; + } + if ((size_t) bytes != ldns_buffer_position(qbin)) { + return 0; + } + return bytes; +} + +uint8_t * +ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *from, + socklen_t *fromlen) +{ + uint8_t *wire, *wireout; + ssize_t wire_size; + + wire = LDNS_XMALLOC(uint8_t, LDNS_MAX_PACKETLEN); + if (!wire) { + *size = 0; + return NULL; + } + + wire_size = recvfrom(sockfd, (void*)wire, LDNS_MAX_PACKETLEN, 0, + (struct sockaddr *)from, fromlen); + + /* recvfrom can also return 0 */ + if (wire_size == -1 || wire_size == 0) { + *size = 0; + LDNS_FREE(wire); + return NULL; + } + + *size = (size_t)wire_size; + wireout = LDNS_XREALLOC(wire, uint8_t, (size_t)wire_size); + if(!wireout) LDNS_FREE(wire); + + return wireout; +} + +uint8_t * +ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout) +{ + uint8_t *wire; + uint16_t wire_size; + ssize_t bytes = 0, rc = 0; + + wire = LDNS_XMALLOC(uint8_t, 2); + if (!wire) { + *size = 0; + return NULL; + } + + while (bytes < 2) { + if(!ldns_sock_wait(sockfd, timeout, 0)) { + *size = 0; + LDNS_FREE(wire); + return NULL; + } + rc = recv(sockfd, (void*) (wire + bytes), + (size_t) (2 - bytes), 0); + if (rc == -1 || rc == 0) { + *size = 0; + LDNS_FREE(wire); + return NULL; + } + bytes += rc; + } + + wire_size = ldns_read_uint16(wire); + + LDNS_FREE(wire); + wire = LDNS_XMALLOC(uint8_t, wire_size); + if (!wire) { + *size = 0; + return NULL; + } + bytes = 0; + + while (bytes < (ssize_t) wire_size) { + if(!ldns_sock_wait(sockfd, timeout, 0)) { + *size = 0; + LDNS_FREE(wire); + return NULL; + } + rc = recv(sockfd, (void*) (wire + bytes), + (size_t) (wire_size - bytes), 0); + if (rc == -1 || rc == 0) { + LDNS_FREE(wire); + *size = 0; + return NULL; + } + bytes += rc; + } + + *size = (size_t) bytes; + return wire; +} + +uint8_t * +ldns_tcp_read_wire(int sockfd, size_t *size) +{ + uint8_t *wire; + uint16_t wire_size; + ssize_t bytes = 0, rc = 0; + + wire = LDNS_XMALLOC(uint8_t, 2); + if (!wire) { + *size = 0; + return NULL; + } + + while (bytes < 2) { + rc = recv(sockfd, (void*) (wire + bytes), + (size_t) (2 - bytes), 0); + if (rc == -1 || rc == 0) { + *size = 0; + LDNS_FREE(wire); + return NULL; + } + bytes += rc; + } + + wire_size = ldns_read_uint16(wire); + + LDNS_FREE(wire); + wire = LDNS_XMALLOC(uint8_t, wire_size); + if (!wire) { + *size = 0; + return NULL; + } + bytes = 0; + + while (bytes < (ssize_t) wire_size) { + rc = recv(sockfd, (void*) (wire + bytes), + (size_t) (wire_size - bytes), 0); + if (rc == -1 || rc == 0) { + LDNS_FREE(wire); + *size = 0; + return NULL; + } + bytes += rc; + } + + *size = (size_t) bytes; + return wire; +} + +#ifndef S_SPLINT_S +ldns_rdf * +ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port) +{ + ldns_rdf *addr; + struct sockaddr_in *data_in; + struct sockaddr_in6 *data_in6; + + switch(sock->ss_family) { + case AF_INET: + data_in = (struct sockaddr_in*)sock; + if (port) { + *port = ntohs((uint16_t)data_in->sin_port); + } + addr = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_A, + LDNS_IP4ADDRLEN, &data_in->sin_addr); + break; + case AF_INET6: + data_in6 = (struct sockaddr_in6*)sock; + if (port) { + *port = ntohs((uint16_t)data_in6->sin6_port); + } + addr = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_AAAA, + LDNS_IP6ADDRLEN, &data_in6->sin6_addr); + break; + default: + if (port) { + *port = 0; + } + return NULL; + } + return addr; +} +#endif + +/* code from resolver.c */ +ldns_status +ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class) +{ + ldns_pkt *query; + ldns_buffer *query_wire; + + struct sockaddr_storage *src = NULL; + size_t src_len = 0; + struct sockaddr_storage *ns = NULL; + size_t ns_len = 0; + size_t ns_i; + ldns_status status; + + if (!resolver || ldns_resolver_nameserver_count(resolver) < 1) { + return LDNS_STATUS_ERR; + } + + query = ldns_pkt_query_new(ldns_rdf_clone(domain), LDNS_RR_TYPE_AXFR, class, 0); + + if (!query) { + return LDNS_STATUS_ADDRESS_ERR; + } + if(ldns_resolver_source(resolver)) { + src = ldns_rdf2native_sockaddr_storage_port( + ldns_resolver_source(resolver), 0, &src_len); + } + /* For AXFR, we have to make the connection ourselves */ + /* try all nameservers (which usually would mean v4 fallback if + * @hostname is used */ + for (ns_i = 0; + ns_i < ldns_resolver_nameserver_count(resolver) && + resolver->_socket == 0; + ns_i++) { + if (ns != NULL) { + LDNS_FREE(ns); + } + ns = ldns_rdf2native_sockaddr_storage( + resolver->_nameservers[ns_i], + ldns_resolver_port(resolver), &ns_len); + + resolver->_socket = ldns_tcp_connect_from( + ns, (socklen_t)ns_len, + src, (socklen_t)src_len, + ldns_resolver_timeout(resolver)); + } + + if (resolver->_socket == 0) { + ldns_pkt_free(query); + LDNS_FREE(ns); + return LDNS_STATUS_NETWORK_ERR; + } + +#ifdef HAVE_SSL + if (ldns_resolver_tsig_keyname(resolver) && ldns_resolver_tsig_keydata(resolver)) { + status = ldns_pkt_tsig_sign(query, + ldns_resolver_tsig_keyname(resolver), + ldns_resolver_tsig_keydata(resolver), + 300, ldns_resolver_tsig_algorithm(resolver), NULL); + if (status != LDNS_STATUS_OK) { + /* to prevent problems on subsequent calls to + * ldns_axfr_start we have to close the socket here! */ +#ifndef USE_WINSOCK + close(resolver->_socket); +#else + closesocket(resolver->_socket); +#endif + resolver->_socket = 0; + + ldns_pkt_free(query); + LDNS_FREE(ns); + + return LDNS_STATUS_CRYPTO_TSIG_ERR; + } + } +#endif /* HAVE_SSL */ + + /* Convert the query to a buffer + * Is this necessary? + */ + query_wire = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if(!query_wire) { + ldns_pkt_free(query); + LDNS_FREE(ns); +#ifndef USE_WINSOCK + close(resolver->_socket); +#else + closesocket(resolver->_socket); +#endif + resolver->_socket = 0; + + return LDNS_STATUS_MEM_ERR; + } + status = ldns_pkt2buffer_wire(query_wire, query); + if (status != LDNS_STATUS_OK) { + ldns_pkt_free(query); + ldns_buffer_free(query_wire); + LDNS_FREE(ns); + + /* to prevent problems on subsequent calls to ldns_axfr_start + * we have to close the socket here! */ +#ifndef USE_WINSOCK + close(resolver->_socket); +#else + closesocket(resolver->_socket); +#endif + resolver->_socket = 0; + + return status; + } + /* Send the query */ + if (ldns_tcp_send_query(query_wire, resolver->_socket, ns, + (socklen_t)ns_len) == 0) { + ldns_pkt_free(query); + ldns_buffer_free(query_wire); + LDNS_FREE(ns); + + /* to prevent problems on subsequent calls to ldns_axfr_start + * we have to close the socket here! */ + +#ifndef USE_WINSOCK + close(resolver->_socket); +#else + closesocket(resolver->_socket); +#endif + resolver->_socket = 0; + + return LDNS_STATUS_NETWORK_ERR; + } + + ldns_pkt_free(query); + ldns_buffer_free(query_wire); + LDNS_FREE(ns); + + /* + * The AXFR is done once the second SOA record is sent + */ + resolver->_axfr_soa_count = 0; + return LDNS_STATUS_OK; +} diff --git a/ldns/src/packet.c b/ldns/src/packet.c new file mode 100644 index 0000000..62bfd07 --- /dev/null +++ b/ldns/src/packet.c @@ -0,0 +1,1159 @@ +/* + * packet.c + * + * dns packet implementation + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +#include +#include + +#ifdef HAVE_SSL +#include +#endif + +/* Access functions + * do this as functions to get type checking + */ + +#define LDNS_EDNS_MASK_DO_BIT 0x8000 + +/* TODO defines for 3600 */ +/* convert to and from numerical flag values */ +ldns_lookup_table ldns_edns_flags[] = { + { 3600, "do"}, + { 0, NULL} +}; + +/* read */ +uint16_t +ldns_pkt_id(const ldns_pkt *packet) +{ + return packet->_header->_id; +} + +bool +ldns_pkt_qr(const ldns_pkt *packet) +{ + return packet->_header->_qr; +} + +bool +ldns_pkt_aa(const ldns_pkt *packet) +{ + return packet->_header->_aa; +} + +bool +ldns_pkt_tc(const ldns_pkt *packet) +{ + return packet->_header->_tc; +} + +bool +ldns_pkt_rd(const ldns_pkt *packet) +{ + return packet->_header->_rd; +} + +bool +ldns_pkt_cd(const ldns_pkt *packet) +{ + return packet->_header->_cd; +} + +bool +ldns_pkt_ra(const ldns_pkt *packet) +{ + return packet->_header->_ra; +} + +bool +ldns_pkt_ad(const ldns_pkt *packet) +{ + return packet->_header->_ad; +} + +ldns_pkt_opcode +ldns_pkt_get_opcode(const ldns_pkt *packet) +{ + return packet->_header->_opcode; +} + +ldns_pkt_rcode +ldns_pkt_get_rcode(const ldns_pkt *packet) +{ + return packet->_header->_rcode; +} + +uint16_t +ldns_pkt_qdcount(const ldns_pkt *packet) +{ + return packet->_header->_qdcount; +} + +uint16_t +ldns_pkt_ancount(const ldns_pkt *packet) +{ + return packet->_header->_ancount; +} + +uint16_t +ldns_pkt_nscount(const ldns_pkt *packet) +{ + return packet->_header->_nscount; +} + +uint16_t +ldns_pkt_arcount(const ldns_pkt *packet) +{ + return packet->_header->_arcount; +} + +ldns_rr_list * +ldns_pkt_question(const ldns_pkt *packet) +{ + return packet->_question; +} + +ldns_rr_list * +ldns_pkt_answer(const ldns_pkt *packet) +{ + return packet->_answer; +} + +ldns_rr_list * +ldns_pkt_authority(const ldns_pkt *packet) +{ + return packet->_authority; +} + +ldns_rr_list * +ldns_pkt_additional(const ldns_pkt *packet) +{ + return packet->_additional; +} + +/* return ALL section concatenated */ +ldns_rr_list * +ldns_pkt_all(const ldns_pkt *packet) +{ + ldns_rr_list *all, *prev_all; + + all = ldns_rr_list_cat_clone( + ldns_pkt_question(packet), + ldns_pkt_answer(packet)); + prev_all = all; + all = ldns_rr_list_cat_clone(all, + ldns_pkt_authority(packet)); + ldns_rr_list_deep_free(prev_all); + prev_all = all; + all = ldns_rr_list_cat_clone(all, + ldns_pkt_additional(packet)); + ldns_rr_list_deep_free(prev_all); + return all; +} + +ldns_rr_list * +ldns_pkt_all_noquestion(const ldns_pkt *packet) +{ + ldns_rr_list *all, *all2; + + all = ldns_rr_list_cat_clone( + ldns_pkt_answer(packet), + ldns_pkt_authority(packet)); + all2 = ldns_rr_list_cat_clone(all, + ldns_pkt_additional(packet)); + + ldns_rr_list_deep_free(all); + return all2; +} + +size_t +ldns_pkt_size(const ldns_pkt *packet) +{ + return packet->_size; +} + +uint32_t +ldns_pkt_querytime(const ldns_pkt *packet) +{ + return packet->_querytime; +} + +ldns_rdf * +ldns_pkt_answerfrom(const ldns_pkt *packet) +{ + return packet->_answerfrom; +} + +struct timeval +ldns_pkt_timestamp(const ldns_pkt *packet) +{ + return packet->timestamp; +} + +uint16_t +ldns_pkt_edns_udp_size(const ldns_pkt *packet) +{ + return packet->_edns_udp_size; +} + +uint8_t +ldns_pkt_edns_extended_rcode(const ldns_pkt *packet) +{ + return packet->_edns_extended_rcode; +} + +uint8_t +ldns_pkt_edns_version(const ldns_pkt *packet) +{ + return packet->_edns_version; +} + +uint16_t +ldns_pkt_edns_z(const ldns_pkt *packet) +{ + return packet->_edns_z; +} + +bool +ldns_pkt_edns_do(const ldns_pkt *packet) +{ + return (packet->_edns_z & LDNS_EDNS_MASK_DO_BIT); +} + +void +ldns_pkt_set_edns_do(ldns_pkt *packet, bool value) +{ + if (value) { + packet->_edns_z = packet->_edns_z | LDNS_EDNS_MASK_DO_BIT; + } else { + packet->_edns_z = packet->_edns_z & ~LDNS_EDNS_MASK_DO_BIT; + } +} + +ldns_rdf * +ldns_pkt_edns_data(const ldns_pkt *packet) +{ + return packet->_edns_data; +} + +/* return only those rr that share the ownername */ +ldns_rr_list * +ldns_pkt_rr_list_by_name(ldns_pkt *packet, + ldns_rdf *ownername, + ldns_pkt_section sec) +{ + ldns_rr_list *rrs; + ldns_rr_list *ret; + uint16_t i; + + if (!packet) { + return NULL; + } + + rrs = ldns_pkt_get_section_clone(packet, sec); + ret = NULL; + + for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + if (ldns_dname_compare(ldns_rr_owner( + ldns_rr_list_rr(rrs, i)), + ownername) == 0) { + /* owner names match */ + if (ret == NULL) { + ret = ldns_rr_list_new(); + } + ldns_rr_list_push_rr(ret, + ldns_rr_clone( + ldns_rr_list_rr(rrs, i)) + ); + } + } + + ldns_rr_list_deep_free(rrs); + + return ret; +} + +/* return only those rr that share a type */ +ldns_rr_list * +ldns_pkt_rr_list_by_type(const ldns_pkt *packet, + ldns_rr_type type, + ldns_pkt_section sec) +{ + ldns_rr_list *rrs; + ldns_rr_list *new; + uint16_t i; + + if(!packet) { + return NULL; + } + + rrs = ldns_pkt_get_section_clone(packet, sec); + new = ldns_rr_list_new(); + + for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + if (type == ldns_rr_get_type(ldns_rr_list_rr(rrs, i))) { + /* types match */ + ldns_rr_list_push_rr(new, + ldns_rr_clone( + ldns_rr_list_rr(rrs, i)) + ); + } + } + ldns_rr_list_deep_free(rrs); + + if (ldns_rr_list_rr_count(new) == 0) { + ldns_rr_list_free(new); + return NULL; + } else { + return new; + } +} + +/* return only those rrs that share name and type */ +ldns_rr_list * +ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet, + const ldns_rdf *ownername, + ldns_rr_type type, + ldns_pkt_section sec) +{ + ldns_rr_list *rrs; + ldns_rr_list *new; + ldns_rr_list *ret; + uint16_t i; + + if(!packet) { + return NULL; + } + + rrs = ldns_pkt_get_section_clone(packet, sec); + new = ldns_rr_list_new(); + ret = NULL; + + for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + if (type == ldns_rr_get_type(ldns_rr_list_rr(rrs, i)) && + ldns_dname_compare(ldns_rr_owner(ldns_rr_list_rr(rrs, i)), + ownername + ) == 0 + ) { + /* types match */ + ldns_rr_list_push_rr(new, ldns_rr_clone(ldns_rr_list_rr(rrs, i))); + ret = new; + } + } + ldns_rr_list_deep_free(rrs); + if (!ret) { + ldns_rr_list_free(new); + } + return ret; +} + +bool +ldns_pkt_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr) +{ + bool result = false; + + switch (sec) { + case LDNS_SECTION_QUESTION: + return ldns_rr_list_contains_rr(ldns_pkt_question(pkt), rr); + case LDNS_SECTION_ANSWER: + return ldns_rr_list_contains_rr(ldns_pkt_answer(pkt), rr); + case LDNS_SECTION_AUTHORITY: + return ldns_rr_list_contains_rr(ldns_pkt_authority(pkt), rr); + case LDNS_SECTION_ADDITIONAL: + return ldns_rr_list_contains_rr(ldns_pkt_additional(pkt), rr); + case LDNS_SECTION_ANY: + result = ldns_rr_list_contains_rr(ldns_pkt_question(pkt), rr); + case LDNS_SECTION_ANY_NOQUESTION: + result = result + || ldns_rr_list_contains_rr(ldns_pkt_answer(pkt), rr) + || ldns_rr_list_contains_rr(ldns_pkt_authority(pkt), rr) + || ldns_rr_list_contains_rr(ldns_pkt_additional(pkt), rr); + } + + return result; +} + +uint16_t +ldns_pkt_section_count(const ldns_pkt *packet, ldns_pkt_section s) +{ + switch(s) { + case LDNS_SECTION_QUESTION: + return ldns_pkt_qdcount(packet); + case LDNS_SECTION_ANSWER: + return ldns_pkt_ancount(packet); + case LDNS_SECTION_AUTHORITY: + return ldns_pkt_nscount(packet); + case LDNS_SECTION_ADDITIONAL: + return ldns_pkt_arcount(packet); + case LDNS_SECTION_ANY: + return ldns_pkt_qdcount(packet) + + ldns_pkt_ancount(packet) + + ldns_pkt_nscount(packet) + + ldns_pkt_arcount(packet); + case LDNS_SECTION_ANY_NOQUESTION: + return ldns_pkt_ancount(packet) + + ldns_pkt_nscount(packet) + + ldns_pkt_arcount(packet); + default: + return 0; + } +} + +bool +ldns_pkt_empty(ldns_pkt *p) +{ + if (!p) { + return true; /* NULL is empty? */ + } + if (ldns_pkt_section_count(p, LDNS_SECTION_ANY) > 0) { + return false; + } else { + return true; + } +} + + +ldns_rr_list * +ldns_pkt_get_section_clone(const ldns_pkt *packet, ldns_pkt_section s) +{ + switch(s) { + case LDNS_SECTION_QUESTION: + return ldns_rr_list_clone(ldns_pkt_question(packet)); + case LDNS_SECTION_ANSWER: + return ldns_rr_list_clone(ldns_pkt_answer(packet)); + case LDNS_SECTION_AUTHORITY: + return ldns_rr_list_clone(ldns_pkt_authority(packet)); + case LDNS_SECTION_ADDITIONAL: + return ldns_rr_list_clone(ldns_pkt_additional(packet)); + case LDNS_SECTION_ANY: + /* these are already clones */ + return ldns_pkt_all(packet); + case LDNS_SECTION_ANY_NOQUESTION: + return ldns_pkt_all_noquestion(packet); + default: + return NULL; + } +} + +ldns_rr *ldns_pkt_tsig(const ldns_pkt *pkt) { + return pkt->_tsig_rr; +} + +/* write */ +void +ldns_pkt_set_id(ldns_pkt *packet, uint16_t id) +{ + packet->_header->_id = id; +} + +void +ldns_pkt_set_random_id(ldns_pkt *packet) +{ + uint16_t rid = ldns_get_random(); + ldns_pkt_set_id(packet, rid); +} + + +void +ldns_pkt_set_qr(ldns_pkt *packet, bool qr) +{ + packet->_header->_qr = qr; +} + +void +ldns_pkt_set_aa(ldns_pkt *packet, bool aa) +{ + packet->_header->_aa = aa; +} + +void +ldns_pkt_set_tc(ldns_pkt *packet, bool tc) +{ + packet->_header->_tc = tc; +} + +void +ldns_pkt_set_rd(ldns_pkt *packet, bool rd) +{ + packet->_header->_rd = rd; +} + +void +ldns_pkt_set_additional(ldns_pkt *p, ldns_rr_list *rr) +{ + p->_additional = rr; +} + +void +ldns_pkt_set_question(ldns_pkt *p, ldns_rr_list *rr) +{ + p->_question = rr; +} + +void +ldns_pkt_set_answer(ldns_pkt *p, ldns_rr_list *rr) +{ + p->_answer = rr; +} + +void +ldns_pkt_set_authority(ldns_pkt *p, ldns_rr_list *rr) +{ + p->_authority = rr; +} + +void +ldns_pkt_set_cd(ldns_pkt *packet, bool cd) +{ + packet->_header->_cd = cd; +} + +void +ldns_pkt_set_ra(ldns_pkt *packet, bool ra) +{ + packet->_header->_ra = ra; +} + +void +ldns_pkt_set_ad(ldns_pkt *packet, bool ad) +{ + packet->_header->_ad = ad; +} + +void +ldns_pkt_set_opcode(ldns_pkt *packet, ldns_pkt_opcode opcode) +{ + packet->_header->_opcode = opcode; +} + +void +ldns_pkt_set_rcode(ldns_pkt *packet, uint8_t rcode) +{ + packet->_header->_rcode = rcode; +} + +void +ldns_pkt_set_qdcount(ldns_pkt *packet, uint16_t qdcount) +{ + packet->_header->_qdcount = qdcount; +} + +void +ldns_pkt_set_ancount(ldns_pkt *packet, uint16_t ancount) +{ + packet->_header->_ancount = ancount; +} + +void +ldns_pkt_set_nscount(ldns_pkt *packet, uint16_t nscount) +{ + packet->_header->_nscount = nscount; +} + +void +ldns_pkt_set_arcount(ldns_pkt *packet, uint16_t arcount) +{ + packet->_header->_arcount = arcount; +} + +void +ldns_pkt_set_querytime(ldns_pkt *packet, uint32_t time) +{ + packet->_querytime = time; +} + +void +ldns_pkt_set_answerfrom(ldns_pkt *packet, ldns_rdf *answerfrom) +{ + packet->_answerfrom = answerfrom; +} + +void +ldns_pkt_set_timestamp(ldns_pkt *packet, struct timeval timeval) +{ + packet->timestamp.tv_sec = timeval.tv_sec; + packet->timestamp.tv_usec = timeval.tv_usec; +} + +void +ldns_pkt_set_size(ldns_pkt *packet, size_t s) +{ + packet->_size = s; +} + +void +ldns_pkt_set_edns_udp_size(ldns_pkt *packet, uint16_t s) +{ + packet->_edns_udp_size = s; +} + +void +ldns_pkt_set_edns_extended_rcode(ldns_pkt *packet, uint8_t c) +{ + packet->_edns_extended_rcode = c; +} + +void +ldns_pkt_set_edns_version(ldns_pkt *packet, uint8_t v) +{ + packet->_edns_version = v; +} + +void +ldns_pkt_set_edns_z(ldns_pkt *packet, uint16_t z) +{ + packet->_edns_z = z; +} + +void +ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *data) +{ + packet->_edns_data = data; +} + +void +ldns_pkt_set_section_count(ldns_pkt *packet, ldns_pkt_section s, uint16_t count) +{ + switch(s) { + case LDNS_SECTION_QUESTION: + ldns_pkt_set_qdcount(packet, count); + break; + case LDNS_SECTION_ANSWER: + ldns_pkt_set_ancount(packet, count); + break; + case LDNS_SECTION_AUTHORITY: + ldns_pkt_set_nscount(packet, count); + break; + case LDNS_SECTION_ADDITIONAL: + ldns_pkt_set_arcount(packet, count); + break; + case LDNS_SECTION_ANY: + case LDNS_SECTION_ANY_NOQUESTION: + break; + } +} + +void ldns_pkt_set_tsig(ldns_pkt *pkt, ldns_rr *rr) +{ + pkt->_tsig_rr = rr; +} + +bool +ldns_pkt_push_rr(ldns_pkt *packet, ldns_pkt_section section, ldns_rr *rr) +{ + switch(section) { + case LDNS_SECTION_QUESTION: + if (!ldns_rr_list_push_rr(ldns_pkt_question(packet), rr)) { + return false; + } + ldns_pkt_set_qdcount(packet, ldns_pkt_qdcount(packet) + 1); + break; + case LDNS_SECTION_ANSWER: + if (!ldns_rr_list_push_rr(ldns_pkt_answer(packet), rr)) { + return false; + } + ldns_pkt_set_ancount(packet, ldns_pkt_ancount(packet) + 1); + break; + case LDNS_SECTION_AUTHORITY: + if (!ldns_rr_list_push_rr(ldns_pkt_authority(packet), rr)) { + return false; + } + ldns_pkt_set_nscount(packet, ldns_pkt_nscount(packet) + 1); + break; + case LDNS_SECTION_ADDITIONAL: + if (!ldns_rr_list_push_rr(ldns_pkt_additional(packet), rr)) { + return false; + } + ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet) + 1); + break; + case LDNS_SECTION_ANY: + case LDNS_SECTION_ANY_NOQUESTION: + /* shouldn't this error? */ + break; + } + return true; +} + +bool +ldns_pkt_safe_push_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr) +{ + + /* check to see if its there */ + if (ldns_pkt_rr(pkt, sec, rr)) { + /* already there */ + return false; + } + return ldns_pkt_push_rr(pkt, sec, rr); +} + +bool +ldns_pkt_push_rr_list(ldns_pkt *p, ldns_pkt_section s, ldns_rr_list *list) +{ + size_t i; + for(i = 0; i < ldns_rr_list_rr_count(list); i++) { + if (!ldns_pkt_push_rr(p, s, ldns_rr_list_rr(list, i))) { + return false; + } + } + return true; +} + +bool +ldns_pkt_safe_push_rr_list(ldns_pkt *p, ldns_pkt_section s, ldns_rr_list *list) +{ + size_t i; + for(i = 0; i < ldns_rr_list_rr_count(list); i++) { + if (!ldns_pkt_safe_push_rr(p, s, ldns_rr_list_rr(list, i))) { + return false; + } + } + return true; +} + +bool +ldns_pkt_edns(const ldns_pkt *pkt) { + return (ldns_pkt_edns_udp_size(pkt) > 0 || + ldns_pkt_edns_extended_rcode(pkt) > 0 || + ldns_pkt_edns_data(pkt) || + ldns_pkt_edns_do(pkt) || + pkt->_edns_present + ); +} + + +/* Create/destroy/convert functions + */ +ldns_pkt * +ldns_pkt_new(void) +{ + ldns_pkt *packet; + packet = LDNS_MALLOC(ldns_pkt); + if (!packet) { + return NULL; + } + + packet->_header = LDNS_MALLOC(ldns_hdr); + if (!packet->_header) { + LDNS_FREE(packet); + return NULL; + } + + packet->_question = ldns_rr_list_new(); + packet->_answer = ldns_rr_list_new(); + packet->_authority = ldns_rr_list_new(); + packet->_additional = ldns_rr_list_new(); + + /* default everything to false */ + ldns_pkt_set_qr(packet, false); + ldns_pkt_set_aa(packet, false); + ldns_pkt_set_tc(packet, false); + ldns_pkt_set_rd(packet, false); + ldns_pkt_set_ra(packet, false); + ldns_pkt_set_ad(packet, false); + ldns_pkt_set_cd(packet, false); + + ldns_pkt_set_opcode(packet, LDNS_PACKET_QUERY); + ldns_pkt_set_rcode(packet, 0); + ldns_pkt_set_id(packet, 0); + ldns_pkt_set_size(packet, 0); + ldns_pkt_set_querytime(packet, 0); + memset(&packet->timestamp, 0, sizeof(packet->timestamp)); + ldns_pkt_set_answerfrom(packet, NULL); + ldns_pkt_set_section_count(packet, LDNS_SECTION_QUESTION, 0); + ldns_pkt_set_section_count(packet, LDNS_SECTION_ANSWER, 0); + ldns_pkt_set_section_count(packet, LDNS_SECTION_AUTHORITY, 0); + ldns_pkt_set_section_count(packet, LDNS_SECTION_ADDITIONAL, 0); + + ldns_pkt_set_edns_udp_size(packet, 0); + ldns_pkt_set_edns_extended_rcode(packet, 0); + ldns_pkt_set_edns_version(packet, 0); + ldns_pkt_set_edns_z(packet, 0); + ldns_pkt_set_edns_data(packet, NULL); + packet->_edns_present = false; + + ldns_pkt_set_tsig(packet, NULL); + + return packet; +} + +void +ldns_pkt_free(ldns_pkt *packet) +{ + if (packet) { + LDNS_FREE(packet->_header); + ldns_rr_list_deep_free(packet->_question); + ldns_rr_list_deep_free(packet->_answer); + ldns_rr_list_deep_free(packet->_authority); + ldns_rr_list_deep_free(packet->_additional); + ldns_rr_free(packet->_tsig_rr); + ldns_rdf_deep_free(packet->_edns_data); + ldns_rdf_deep_free(packet->_answerfrom); + LDNS_FREE(packet); + } +} + +bool +ldns_pkt_set_flags(ldns_pkt *packet, uint16_t flags) +{ + if (!packet) { + return false; + } + if ((flags & LDNS_QR) == LDNS_QR) { + ldns_pkt_set_qr(packet, true); + } + if ((flags & LDNS_AA) == LDNS_AA) { + ldns_pkt_set_aa(packet, true); + } + if ((flags & LDNS_RD) == LDNS_RD) { + ldns_pkt_set_rd(packet, true); + } + if ((flags & LDNS_TC) == LDNS_TC) { + ldns_pkt_set_tc(packet, true); + } + if ((flags & LDNS_CD) == LDNS_CD) { + ldns_pkt_set_cd(packet, true); + } + if ((flags & LDNS_RA) == LDNS_RA) { + ldns_pkt_set_ra(packet, true); + } + if ((flags & LDNS_AD) == LDNS_AD) { + ldns_pkt_set_ad(packet, true); + } + return true; +} + + +static ldns_rr* +ldns_pkt_authsoa(ldns_rdf* rr_name, ldns_rr_class rr_class) +{ + ldns_rr* soa_rr = ldns_rr_new(); + ldns_rdf *owner_rdf; + ldns_rdf *mname_rdf; + ldns_rdf *rname_rdf; + ldns_rdf *serial_rdf; + ldns_rdf *refresh_rdf; + ldns_rdf *retry_rdf; + ldns_rdf *expire_rdf; + ldns_rdf *minimum_rdf; + + if (!soa_rr) { + return NULL; + } + owner_rdf = ldns_rdf_clone(rr_name); + if (!owner_rdf) { + ldns_rr_free(soa_rr); + return NULL; + } + + ldns_rr_set_owner(soa_rr, owner_rdf); + ldns_rr_set_type(soa_rr, LDNS_RR_TYPE_SOA); + ldns_rr_set_class(soa_rr, rr_class); + ldns_rr_set_question(soa_rr, false); + + if (ldns_str2rdf_dname(&mname_rdf, ".") != LDNS_STATUS_OK) { + ldns_rr_free(soa_rr); + return NULL; + } else { + ldns_rr_push_rdf(soa_rr, mname_rdf); + } + if (ldns_str2rdf_dname(&rname_rdf, ".") != LDNS_STATUS_OK) { + ldns_rr_free(soa_rr); + return NULL; + } else { + ldns_rr_push_rdf(soa_rr, rname_rdf); + } + serial_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); + if (!serial_rdf) { + ldns_rr_free(soa_rr); + return NULL; + } else { + ldns_rr_push_rdf(soa_rr, serial_rdf); + } + refresh_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); + if (!refresh_rdf) { + ldns_rr_free(soa_rr); + return NULL; + } else { + ldns_rr_push_rdf(soa_rr, refresh_rdf); + } + retry_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); + if (!retry_rdf) { + ldns_rr_free(soa_rr); + return NULL; + } else { + ldns_rr_push_rdf(soa_rr, retry_rdf); + } + expire_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); + if (!expire_rdf) { + ldns_rr_free(soa_rr); + return NULL; + } else { + ldns_rr_push_rdf(soa_rr, expire_rdf); + } + minimum_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); + if (!minimum_rdf) { + ldns_rr_free(soa_rr); + return NULL; + } else { + ldns_rr_push_rdf(soa_rr, minimum_rdf); + } + return soa_rr; +} + + +static ldns_status +ldns_pkt_query_new_frm_str_internal(ldns_pkt **p, const char *name, + ldns_rr_type rr_type, ldns_rr_class rr_class, uint16_t flags, + ldns_rr* authsoa_rr) +{ + ldns_pkt *packet; + ldns_rr *question_rr; + ldns_rdf *name_rdf; + + packet = ldns_pkt_new(); + if (!packet) { + return LDNS_STATUS_MEM_ERR; + } + + if (!ldns_pkt_set_flags(packet, flags)) { + return LDNS_STATUS_ERR; + } + + question_rr = ldns_rr_new(); + if (!question_rr) { + return LDNS_STATUS_MEM_ERR; + } + + if (rr_type == 0) { + rr_type = LDNS_RR_TYPE_A; + } + if (rr_class == 0) { + rr_class = LDNS_RR_CLASS_IN; + } + + if (ldns_str2rdf_dname(&name_rdf, name) == LDNS_STATUS_OK) { + ldns_rr_set_owner(question_rr, name_rdf); + ldns_rr_set_type(question_rr, rr_type); + ldns_rr_set_class(question_rr, rr_class); + ldns_rr_set_question(question_rr, true); + + ldns_pkt_push_rr(packet, LDNS_SECTION_QUESTION, question_rr); + } else { + ldns_rr_free(question_rr); + ldns_pkt_free(packet); + return LDNS_STATUS_ERR; + } + + if (authsoa_rr) { + ldns_pkt_push_rr(packet, LDNS_SECTION_AUTHORITY, authsoa_rr); + } + + packet->_tsig_rr = NULL; + ldns_pkt_set_answerfrom(packet, NULL); + if (p) { + *p = packet; + return LDNS_STATUS_OK; + } else { + ldns_pkt_free(packet); + return LDNS_STATUS_NULL; + } +} + +ldns_status +ldns_pkt_query_new_frm_str(ldns_pkt **p, const char *name, + ldns_rr_type rr_type, ldns_rr_class rr_class, uint16_t flags) +{ + return ldns_pkt_query_new_frm_str_internal(p, name, rr_type, + rr_class, flags, NULL); +} + +ldns_status +ldns_pkt_ixfr_request_new_frm_str(ldns_pkt **p, const char *name, + ldns_rr_class rr_class, uint16_t flags, ldns_rr *soa) +{ + ldns_rr* authsoa_rr = soa; + if (!authsoa_rr) { + ldns_rdf *name_rdf; + if (ldns_str2rdf_dname(&name_rdf, name) == LDNS_STATUS_OK) { + authsoa_rr = ldns_pkt_authsoa(name_rdf, rr_class); + } + ldns_rdf_free(name_rdf); + } + return ldns_pkt_query_new_frm_str_internal(p, name, LDNS_RR_TYPE_IXFR, + rr_class, flags, authsoa_rr); +} + +static ldns_pkt * +ldns_pkt_query_new_internal(ldns_rdf *rr_name, ldns_rr_type rr_type, + ldns_rr_class rr_class, uint16_t flags, ldns_rr* authsoa_rr) +{ + ldns_pkt *packet; + ldns_rr *question_rr; + + packet = ldns_pkt_new(); + if (!packet) { + return NULL; + } + + if (!ldns_pkt_set_flags(packet, flags)) { + return NULL; + } + + question_rr = ldns_rr_new(); + if (!question_rr) { + ldns_pkt_free(packet); + return NULL; + } + + if (rr_type == 0) { + rr_type = LDNS_RR_TYPE_A; + } + if (rr_class == 0) { + rr_class = LDNS_RR_CLASS_IN; + } + + ldns_rr_set_owner(question_rr, rr_name); + ldns_rr_set_type(question_rr, rr_type); + ldns_rr_set_class(question_rr, rr_class); + ldns_rr_set_question(question_rr, true); + ldns_pkt_push_rr(packet, LDNS_SECTION_QUESTION, question_rr); + + if (authsoa_rr) { + ldns_pkt_push_rr(packet, LDNS_SECTION_AUTHORITY, authsoa_rr); + } + + packet->_tsig_rr = NULL; + return packet; +} + +ldns_pkt * +ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type, + ldns_rr_class rr_class, uint16_t flags) +{ + return ldns_pkt_query_new_internal(rr_name, rr_type, + rr_class, flags, NULL); +} + +ldns_pkt * +ldns_pkt_ixfr_request_new(ldns_rdf *rr_name, ldns_rr_class rr_class, + uint16_t flags, ldns_rr* soa) +{ + ldns_rr* authsoa_rr = soa; + if (!authsoa_rr) { + authsoa_rr = ldns_pkt_authsoa(rr_name, rr_class); + } + return ldns_pkt_query_new_internal(rr_name, LDNS_RR_TYPE_IXFR, + rr_class, flags, authsoa_rr); +} + +ldns_pkt_type +ldns_pkt_reply_type(ldns_pkt *p) +{ + ldns_rr_list *tmp; + + if (!p) { + return LDNS_PACKET_UNKNOWN; + } + + if (ldns_pkt_get_rcode(p) == LDNS_RCODE_NXDOMAIN) { + return LDNS_PACKET_NXDOMAIN; + } + + if (ldns_pkt_ancount(p) == 0 && ldns_pkt_arcount(p) == 0 + && ldns_pkt_nscount(p) == 1) { + + /* check for SOA */ + tmp = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_SOA, + LDNS_SECTION_AUTHORITY); + if (tmp) { + ldns_rr_list_deep_free(tmp); + return LDNS_PACKET_NODATA; + } else { + /* I have no idea ... */ + } + } + + if (ldns_pkt_ancount(p) == 0 && ldns_pkt_nscount(p) > 0) { + tmp = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_NS, + LDNS_SECTION_AUTHORITY); + if (tmp) { + /* there are nameservers here */ + ldns_rr_list_deep_free(tmp); + return LDNS_PACKET_REFERRAL; + } else { + /* I have no idea */ + } + ldns_rr_list_deep_free(tmp); + } + + /* if we cannot determine the packet type, we say it's an + * answer... + */ + return LDNS_PACKET_ANSWER; +} + +ldns_pkt * +ldns_pkt_clone(const ldns_pkt *pkt) +{ + ldns_pkt *new_pkt; + + if (!pkt) { + return NULL; + } + new_pkt = ldns_pkt_new(); + + ldns_pkt_set_id(new_pkt, ldns_pkt_id(pkt)); + ldns_pkt_set_qr(new_pkt, ldns_pkt_qr(pkt)); + ldns_pkt_set_aa(new_pkt, ldns_pkt_aa(pkt)); + ldns_pkt_set_tc(new_pkt, ldns_pkt_tc(pkt)); + ldns_pkt_set_rd(new_pkt, ldns_pkt_rd(pkt)); + ldns_pkt_set_cd(new_pkt, ldns_pkt_cd(pkt)); + ldns_pkt_set_ra(new_pkt, ldns_pkt_ra(pkt)); + ldns_pkt_set_ad(new_pkt, ldns_pkt_ad(pkt)); + ldns_pkt_set_opcode(new_pkt, ldns_pkt_get_opcode(pkt)); + ldns_pkt_set_rcode(new_pkt, ldns_pkt_get_rcode(pkt)); + ldns_pkt_set_qdcount(new_pkt, ldns_pkt_qdcount(pkt)); + ldns_pkt_set_ancount(new_pkt, ldns_pkt_ancount(pkt)); + ldns_pkt_set_nscount(new_pkt, ldns_pkt_nscount(pkt)); + ldns_pkt_set_arcount(new_pkt, ldns_pkt_arcount(pkt)); + if (ldns_pkt_answerfrom(pkt)) + ldns_pkt_set_answerfrom(new_pkt, + ldns_rdf_clone(ldns_pkt_answerfrom(pkt))); + ldns_pkt_set_timestamp(new_pkt, ldns_pkt_timestamp(pkt)); + ldns_pkt_set_querytime(new_pkt, ldns_pkt_querytime(pkt)); + ldns_pkt_set_size(new_pkt, ldns_pkt_size(pkt)); + ldns_pkt_set_tsig(new_pkt, ldns_rr_clone(ldns_pkt_tsig(pkt))); + + ldns_pkt_set_edns_udp_size(new_pkt, ldns_pkt_edns_udp_size(pkt)); + ldns_pkt_set_edns_extended_rcode(new_pkt, + ldns_pkt_edns_extended_rcode(pkt)); + ldns_pkt_set_edns_version(new_pkt, ldns_pkt_edns_version(pkt)); + new_pkt->_edns_present = pkt->_edns_present; + ldns_pkt_set_edns_z(new_pkt, ldns_pkt_edns_z(pkt)); + if(ldns_pkt_edns_data(pkt)) + ldns_pkt_set_edns_data(new_pkt, + ldns_rdf_clone(ldns_pkt_edns_data(pkt))); + ldns_pkt_set_edns_do(new_pkt, ldns_pkt_edns_do(pkt)); + + ldns_rr_list_deep_free(new_pkt->_question); + ldns_rr_list_deep_free(new_pkt->_answer); + ldns_rr_list_deep_free(new_pkt->_authority); + ldns_rr_list_deep_free(new_pkt->_additional); + new_pkt->_question = ldns_rr_list_clone(ldns_pkt_question(pkt)); + new_pkt->_answer = ldns_rr_list_clone(ldns_pkt_answer(pkt)); + new_pkt->_authority = ldns_rr_list_clone(ldns_pkt_authority(pkt)); + new_pkt->_additional = ldns_rr_list_clone(ldns_pkt_additional(pkt)); + return new_pkt; +} diff --git a/ldns/src/parse.c b/ldns/src/parse.c new file mode 100644 index 0000000..e68627c --- /dev/null +++ b/ldns/src/parse.c @@ -0,0 +1,434 @@ +/* + * a generic (simple) parser. Use to parse rr's, private key + * information and /etc/resolv.conf files + * + * a Net::DNS like library for C + * LibDNS Team @ NLnet Labs + * (c) NLnet Labs, 2005-2006 + * See the file LICENSE for the license + */ +#include +#include + +#include +#include + +ldns_lookup_table ldns_directive_types[] = { + { LDNS_DIR_TTL, "$TTL" }, + { LDNS_DIR_ORIGIN, "$ORIGIN" }, + { LDNS_DIR_INCLUDE, "$INCLUDE" }, + { 0, NULL } +}; + +/* add max_limit here? */ +ssize_t +ldns_fget_token(FILE *f, char *token, const char *delim, size_t limit) +{ + return ldns_fget_token_l(f, token, delim, limit, NULL); +} + +ssize_t +ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr) +{ + int c, prev_c; + int p; /* 0 -> no parenthese seen, >0 nr of ( seen */ + int com, quoted; + char *t; + size_t i; + const char *d; + const char *del; + + /* standard delimeters */ + if (!delim) { + /* from isspace(3) */ + del = LDNS_PARSE_NORMAL; + } else { + del = delim; + } + + p = 0; + i = 0; + com = 0; + quoted = 0; + prev_c = 0; + t = token; + if (del[0] == '"') { + quoted = 1; + } + while ((c = getc(f)) != EOF) { + if (c == '\r') /* carriage return */ + c = ' '; + if (c == '(' && prev_c != '\\' && !quoted) { + /* this only counts for non-comments */ + if (com == 0) { + p++; + } + prev_c = c; + continue; + } + + if (c == ')' && prev_c != '\\' && !quoted) { + /* this only counts for non-comments */ + if (com == 0) { + p--; + } + prev_c = c; + continue; + } + + if (p < 0) { + /* more ) then ( - close off the string */ + *t = '\0'; + return 0; + } + + /* do something with comments ; */ + if (c == ';' && quoted == 0) { + if (prev_c != '\\') { + com = 1; + } + } + if (c == '\"' && com == 0 && prev_c != '\\') { + quoted = 1 - quoted; + } + + if (c == '\n' && com != 0) { + /* comments */ + com = 0; + *t = ' '; + if (line_nr) { + *line_nr = *line_nr + 1; + } + if (p == 0 && i > 0) { + goto tokenread; + } else { + prev_c = c; + continue; + } + } + + if (com == 1) { + *t = ' '; + prev_c = c; + continue; + } + + if (c == '\n' && p != 0 && t > token) { + /* in parentheses */ + if (line_nr) { + *line_nr = *line_nr + 1; + } + *t++ = ' '; + prev_c = c; + continue; + } + + /* check if we hit the delim */ + for (d = del; *d; d++) { + if (c == *d && i > 0 && prev_c != '\\' && p == 0) { + if (c == '\n' && line_nr) { + *line_nr = *line_nr + 1; + } + goto tokenread; + } + } + if (c != '\0' && c != '\n') { + i++; + } + if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { + *t = '\0'; + return -1; + } + if (c != '\0' && c != '\n') { + *t++ = c; + } + if (c == '\\' && prev_c == '\\') + prev_c = 0; + else prev_c = c; + } + *t = '\0'; + if (c == EOF) { + return (ssize_t)i; + } + + if (i == 0) { + /* nothing read */ + return -1; + } + if (p != 0) { + return -1; + } + return (ssize_t)i; + +tokenread: + if(*del == '"') /* do not skip over quotes, they are significant */ + ldns_fskipcs_l(f, del+1, line_nr); + else ldns_fskipcs_l(f, del, line_nr); + *t = '\0'; + if (p != 0) { + return -1; + } + + return (ssize_t)i; +} + +ssize_t +ldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data, + const char *d_del, size_t data_limit) +{ + return ldns_fget_keyword_data_l(f, keyword, k_del, data, d_del, + data_limit, NULL); +} + +ssize_t +ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, + const char *d_del, size_t data_limit, int *line_nr) +{ + /* we assume: keyword|sep|data */ + char *fkeyword; + ssize_t i; + + if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN) + return -1; + fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN); + if(!fkeyword) + return -1; + + i = ldns_fget_token(f, fkeyword, k_del, LDNS_MAX_KEYWORDLEN); + if(i==0 || i==-1) { + LDNS_FREE(fkeyword); + return -1; + } + + /* case??? i instead of strlen? */ + if (strncmp(fkeyword, keyword, LDNS_MAX_KEYWORDLEN - 1) == 0) { + /* whee! */ + /* printf("%s\n%s\n", "Matching keyword", fkeyword); */ + i = ldns_fget_token_l(f, data, d_del, data_limit, line_nr); + LDNS_FREE(fkeyword); + return i; + } else { + /*printf("no match for %s (read: %s)\n", keyword, fkeyword);*/ + LDNS_FREE(fkeyword); + return -1; + } +} + + +ssize_t +ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit) +{ + int c, lc; + int p; /* 0 -> no parenthese seen, >0 nr of ( seen */ + int com, quoted; + char *t; + size_t i; + const char *d; + const char *del; + + /* standard delimiters */ + if (!delim) { + /* from isspace(3) */ + del = LDNS_PARSE_NORMAL; + } else { + del = delim; + } + + p = 0; + i = 0; + com = 0; + quoted = 0; + t = token; + lc = 0; + if (del[0] == '"') { + quoted = 1; + } + + while ((c = ldns_bgetc(b)) != EOF) { + if (c == '\r') /* carriage return */ + c = ' '; + if (c == '(' && lc != '\\' && !quoted) { + /* this only counts for non-comments */ + if (com == 0) { + p++; + } + lc = c; + continue; + } + + if (c == ')' && lc != '\\' && !quoted) { + /* this only counts for non-comments */ + if (com == 0) { + p--; + } + lc = c; + continue; + } + + if (p < 0) { + /* more ) then ( */ + *t = '\0'; + return 0; + } + + /* do something with comments ; */ + if (c == ';' && quoted == 0) { + if (lc != '\\') { + com = 1; + } + } + if (c == '"' && com == 0 && lc != '\\') { + quoted = 1 - quoted; + } + + if (c == '\n' && com != 0) { + /* comments */ + com = 0; + *t = ' '; + lc = c; + continue; + } + + if (com == 1) { + *t = ' '; + lc = c; + continue; + } + + if (c == '\n' && p != 0) { + /* in parentheses */ + *t++ = ' '; + lc = c; + continue; + } + + /* check if we hit the delim */ + for (d = del; *d; d++) { + if (c == *d && lc != '\\' && p == 0) { + goto tokenread; + } + } + + i++; + if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { + *t = '\0'; + return -1; + } + *t++ = c; + + if (c == '\\' && lc == '\\') { + lc = 0; + } else { + lc = c; + } + } + *t = '\0'; + if (i == 0) { + /* nothing read */ + return -1; + } + if (p != 0) { + return -1; + } + return (ssize_t)i; + +tokenread: + if(*del == '"') /* do not skip over quotes, they are significant */ + ldns_bskipcs(b, del+1); + else ldns_bskipcs(b, del); + *t = '\0'; + + if (p != 0) { + return -1; + } + return (ssize_t)i; +} + + +void +ldns_bskipcs(ldns_buffer *buffer, const char *s) +{ + bool found; + char c; + const char *d; + + while(ldns_buffer_available_at(buffer, buffer->_position, sizeof(char))) { + c = (char) ldns_buffer_read_u8_at(buffer, buffer->_position); + found = false; + for (d = s; *d; d++) { + if (*d == c) { + found = true; + } + } + if (found && buffer->_limit > buffer->_position) { + buffer->_position += sizeof(char); + } else { + return; + } + } +} + +void +ldns_fskipcs(FILE *fp, const char *s) +{ + ldns_fskipcs_l(fp, s, NULL); +} + +void +ldns_fskipcs_l(FILE *fp, const char *s, int *line_nr) +{ + bool found; + int c; + const char *d; + + while ((c = fgetc(fp)) != EOF) { + if (line_nr && c == '\n') { + *line_nr = *line_nr + 1; + } + found = false; + for (d = s; *d; d++) { + if (*d == c) { + found = true; + } + } + if (!found) { + /* with getc, we've read too far */ + ungetc(c, fp); + return; + } + } +} + +ssize_t +ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, char +*data, const char *d_del, size_t data_limit) +{ + /* we assume: keyword|sep|data */ + char *fkeyword; + ssize_t i; + + if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN) + return -1; + fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN); + if(!fkeyword) + return -1; /* out of memory */ + + i = ldns_bget_token(b, fkeyword, k_del, data_limit); + if(i==0 || i==-1) { + LDNS_FREE(fkeyword); + return -1; /* nothing read */ + } + + /* case??? */ + if (strncmp(fkeyword, keyword, strlen(keyword)) == 0) { + LDNS_FREE(fkeyword); + /* whee, the match! */ + /* retrieve it's data */ + i = ldns_bget_token(b, data, d_del, 0); + return i; + } else { + LDNS_FREE(fkeyword); + return -1; + } +} + diff --git a/ldns/src/radix.c b/ldns/src/radix.c new file mode 100644 index 0000000..7aac258 --- /dev/null +++ b/ldns/src/radix.c @@ -0,0 +1,1590 @@ +/* + * radix.c -- generic radix tree + * + * Taken from NSD4, modified for ldns + * + * Copyright (c) 2012, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * \file + * Implementation of a radix tree. + */ + +#include +#include +#include +#include + +/** Helper functions */ +static ldns_radix_node_t* ldns_radix_new_node(void* data, uint8_t* key, + radix_strlen_t len); +static int ldns_radix_find_prefix(ldns_radix_t* tree, uint8_t* key, + radix_strlen_t len, ldns_radix_node_t** result, radix_strlen_t* pos); +static int ldns_radix_array_space(ldns_radix_node_t* node, uint8_t byte); +static int ldns_radix_array_grow(ldns_radix_node_t* node, unsigned need); +static int ldns_radix_str_create(ldns_radix_array_t* array, uint8_t* key, + radix_strlen_t pos, radix_strlen_t len); +static int ldns_radix_prefix_remainder(radix_strlen_t prefix_len, + uint8_t* longer_str, radix_strlen_t longer_len, uint8_t** split_str, + radix_strlen_t* split_len); +static int ldns_radix_array_split(ldns_radix_array_t* array, uint8_t* key, + radix_strlen_t pos, radix_strlen_t len, ldns_radix_node_t* add); +static int ldns_radix_str_is_prefix(uint8_t* str1, radix_strlen_t len1, + uint8_t* str2, radix_strlen_t len2); +static radix_strlen_t ldns_radix_str_common(uint8_t* str1, radix_strlen_t len1, + uint8_t* str2, radix_strlen_t len2); +static ldns_radix_node_t* ldns_radix_next_in_subtree(ldns_radix_node_t* node); +static ldns_radix_node_t* ldns_radix_prev_from_index(ldns_radix_node_t* node, + uint8_t index); +static ldns_radix_node_t* ldns_radix_last_in_subtree_incl_self( + ldns_radix_node_t* node); +static ldns_radix_node_t* ldns_radix_last_in_subtree(ldns_radix_node_t* node); +static void ldns_radix_del_fix(ldns_radix_t* tree, ldns_radix_node_t* node); +static void ldns_radix_cleanup_onechild(ldns_radix_node_t* node); +static void ldns_radix_cleanup_leaf(ldns_radix_node_t* node); +static void ldns_radix_node_free(ldns_radix_node_t* node, void* arg); +static void ldns_radix_node_array_free(ldns_radix_node_t* node); +static void ldns_radix_node_array_free_front(ldns_radix_node_t* node); +static void ldns_radix_node_array_free_end(ldns_radix_node_t* node); +static void ldns_radix_array_reduce(ldns_radix_node_t* node); +static void ldns_radix_self_or_prev(ldns_radix_node_t* node, + ldns_radix_node_t** result); + + +/** + * Create a new radix node. + * + */ +static ldns_radix_node_t* +ldns_radix_new_node(void* data, uint8_t* key, radix_strlen_t len) +{ + ldns_radix_node_t* node = LDNS_MALLOC(ldns_radix_node_t); + if (!node) { + return NULL; + } + node->data = data; + node->key = key; + node->klen = len; + node->parent = NULL; + node->parent_index = 0; + node->len = 0; + node->offset = 0; + node->capacity = 0; + node->array = NULL; + return node; +} + + +/** + * Create a new radix tree. + * + */ +ldns_radix_t * +ldns_radix_create(void) +{ + ldns_radix_t* tree; + + /** Allocate memory for it */ + tree = (ldns_radix_t *) LDNS_MALLOC(ldns_radix_t); + if (!tree) { + return NULL; + } + /** Initialize it */ + ldns_radix_init(tree); + return tree; +} + + +/** + * Initialize radix tree. + * + */ +void +ldns_radix_init(ldns_radix_t* tree) +{ + /** Initialize it */ + if (tree) { + tree->root = NULL; + tree->count = 0; + } + return; +} + + +/** + * Free radix tree. + * + */ +void +ldns_radix_free(ldns_radix_t* tree) +{ + if (tree) { + if (tree->root) { + ldns_radix_traverse_postorder(tree->root, + ldns_radix_node_free, NULL); + } + LDNS_FREE(tree); + } + return; +} + + +/** + * Insert data into the tree. + * + */ +ldns_status +ldns_radix_insert(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len, + void* data) +{ + radix_strlen_t pos = 0; + ldns_radix_node_t* add = NULL; + ldns_radix_node_t* prefix = NULL; + + if (!tree || !key || !data) { + return LDNS_STATUS_NULL; + } + add = ldns_radix_new_node(data, key, len); + if (!add) { + return LDNS_STATUS_MEM_ERR; + } + /** Search the trie until we can make no further process. */ + if (!ldns_radix_find_prefix(tree, key, len, &prefix, &pos)) { + /** No prefix found */ + assert(tree->root == NULL); + if (len == 0) { + /** + * Example 1: The root: + * | [0] + **/ + tree->root = add; + } else { + /** Example 2: 'dns': + * | [0] + * --| [d+ns] dns + **/ + prefix = ldns_radix_new_node(NULL, (uint8_t*)"", 0); + if (!prefix) { + LDNS_FREE(add); + return LDNS_STATUS_MEM_ERR; + } + /** Find some space in the array for the first byte */ + if (!ldns_radix_array_space(prefix, key[0])) { + LDNS_FREE(add); + LDNS_FREE(prefix->array); + LDNS_FREE(prefix); + return LDNS_STATUS_MEM_ERR; + } + /** Set relational pointers */ + add->parent = prefix; + add->parent_index = 0; + prefix->array[0].edge = add; + if (len > 1) { + /** Store the remainder of the prefix */ + if (!ldns_radix_prefix_remainder(1, key, + len, &prefix->array[0].str, + &prefix->array[0].len)) { + LDNS_FREE(add); + LDNS_FREE(prefix->array); + LDNS_FREE(prefix); + return LDNS_STATUS_MEM_ERR; + } + } + tree->root = prefix; + } + } else if (pos == len) { + /** Exact match found */ + if (prefix->data) { + /* Element already exists */ + LDNS_FREE(add); + return LDNS_STATUS_EXISTS_ERR; + } + prefix->data = data; + prefix->key = key; + prefix->klen = len; /* redundant */ + } else { + /** Prefix found */ + uint8_t byte = key[pos]; + assert(pos < len); + if (byte < prefix->offset || + (byte - prefix->offset) >= prefix->len) { + /** Find some space in the array for the byte. */ + /** + * Example 3: 'ldns' + * | [0] + * --| [d+ns] dns + * --| [l+dns] ldns + **/ + if (!ldns_radix_array_space(prefix, byte)) { + LDNS_FREE(add); + return LDNS_STATUS_MEM_ERR; + } + assert(byte >= prefix->offset); + assert((byte - prefix->offset) <= prefix->len); + byte -= prefix->offset; + if (pos+1 < len) { + /** Create remainder of the string. */ + if (!ldns_radix_str_create( + &prefix->array[byte], key, pos+1, + len)) { + LDNS_FREE(add); + return LDNS_STATUS_MEM_ERR; + } + } + /** Add new node. */ + add->parent = prefix; + add->parent_index = byte; + prefix->array[byte].edge = add; + } else if (prefix->array[byte-prefix->offset].edge == NULL) { + /** Use existing element. */ + /** + * Example 4: 'edns' + * | [0] + * --| [d+ns] dns + * --| [e+dns] edns + * --| [l+dns] ldns + **/ + byte -= prefix->offset; + if (pos+1 < len) { + /** Create remainder of the string. */ + if (!ldns_radix_str_create( + &prefix->array[byte], key, pos+1, + len)) { + LDNS_FREE(add); + return LDNS_STATUS_MEM_ERR; + } + } + /** Add new node. */ + add->parent = prefix; + add->parent_index = byte; + prefix->array[byte].edge = add; + } else { + /** + * Use existing element, but it has a shared prefix, + * we need a split. + */ + if (!ldns_radix_array_split(&prefix->array[byte-(prefix->offset)], + key, pos+1, len, add)) { + LDNS_FREE(add); + return LDNS_STATUS_MEM_ERR; + } + } + } + + tree->count ++; + return LDNS_STATUS_OK; +} + + +/** + * Delete data from the tree. + * + */ +void* ldns_radix_delete(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len) +{ + ldns_radix_node_t* del = ldns_radix_search(tree, key, len); + void* data = NULL; + if (del) { + tree->count--; + data = del->data; + del->data = NULL; + ldns_radix_del_fix(tree, del); + return data; + } + return NULL; +} + + +/** + * Search data in the tree. + * + */ +ldns_radix_node_t* +ldns_radix_search(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len) +{ + ldns_radix_node_t* node = NULL; + radix_strlen_t pos = 0; + uint8_t byte = 0; + + if (!tree || !key) { + return NULL; + } + node = tree->root; + while (node) { + if (pos == len) { + return node->data?node:NULL; + } + byte = key[pos]; + if (byte < node->offset) { + return NULL; + } + byte -= node->offset; + if (byte >= node->len) { + return NULL; + } + pos++; + if (node->array[byte].len > 0) { + /** Must match additional string. */ + if (pos + node->array[byte].len > len) { + return NULL; + } + if (memcmp(&key[pos], node->array[byte].str, + node->array[byte].len) != 0) { + return NULL; + } + pos += node->array[byte].len; + } + node = node->array[byte].edge; + } + return NULL; +} + + +/** + * Search data in the tree, and if not found, find the closest smaller + * element in the tree. + * + */ +int +ldns_radix_find_less_equal(ldns_radix_t* tree, uint8_t* key, + radix_strlen_t len, ldns_radix_node_t** result) +{ + ldns_radix_node_t* node = NULL; + radix_strlen_t pos = 0; + uint8_t byte; + int memcmp_res = 0; + + if (!tree || !tree->root || !key) { + *result = NULL; + return 0; + } + + node = tree->root; + while (pos < len) { + byte = key[pos]; + if (byte < node->offset) { + /** + * No exact match. The lesser is in this or the + * previous node. + */ + ldns_radix_self_or_prev(node, result); + return 0; + } + byte -= node->offset; + if (byte >= node->len) { + /** + * No exact match. The lesser is in this node or the + * last of this array, or something before this node. + */ + *result = ldns_radix_last_in_subtree_incl_self(node); + if (*result == NULL) { + *result = ldns_radix_prev(node); + } + return 0; + } + pos++; + if (!node->array[byte].edge) { + /** + * No exact match. Find the previous in the array + * from this index. + */ + *result = ldns_radix_prev_from_index(node, byte); + if (*result == NULL) { + ldns_radix_self_or_prev(node, result); + } + return 0; + } + if (node->array[byte].len != 0) { + /** Must match additional string. */ + if (pos + node->array[byte].len > len) { + /** Additional string is longer than key. */ + if (memcmp(&key[pos], node->array[byte].str, + len-pos) <= 0) { + /** Key is before this node. */ + *result = ldns_radix_prev( + node->array[byte].edge); + } else { + /** Key is after additional string. */ + *result = ldns_radix_last_in_subtree_incl_self(node->array[byte].edge); + if (*result == NULL) { + *result = ldns_radix_prev(node->array[byte].edge); + } + } + return 0; + } + memcmp_res = memcmp(&key[pos], node->array[byte].str, + node->array[byte].len); + if (memcmp_res < 0) { + *result = ldns_radix_prev( + node->array[byte].edge); + return 0; + } else if (memcmp_res > 0) { + *result = ldns_radix_last_in_subtree_incl_self(node->array[byte].edge); + if (*result == NULL) { + *result = ldns_radix_prev(node->array[byte].edge); + } + return 0; + } + + pos += node->array[byte].len; + } + node = node->array[byte].edge; + } + if (node->data) { + /** Exact match. */ + *result = node; + return 1; + } + /** There is a node which is an exact match, but has no element. */ + *result = ldns_radix_prev(node); + return 0; +} + + +/** + * Get the first element in the tree. + * + */ +ldns_radix_node_t* +ldns_radix_first(ldns_radix_t* tree) +{ + ldns_radix_node_t* first = NULL; + if (!tree || !tree->root) { + return NULL; + } + first = tree->root; + if (first->data) { + return first; + } + return ldns_radix_next(first); +} + + +/** + * Get the last element in the tree. + * + */ +ldns_radix_node_t* +ldns_radix_last(ldns_radix_t* tree) +{ + if (!tree || !tree->root) { + return NULL; + } + return ldns_radix_last_in_subtree_incl_self(tree->root); +} + + +/** + * Next element. + * + */ +ldns_radix_node_t* +ldns_radix_next(ldns_radix_node_t* node) +{ + if (!node) { + return NULL; + } + if (node->len) { + /** Go down: most-left child is the next. */ + ldns_radix_node_t* next = ldns_radix_next_in_subtree(node); + if (next) { + return next; + } + } + /** No elements in subtree, get to parent and go down next branch. */ + while (node->parent) { + uint8_t index = node->parent_index; + node = node->parent; + index++; + for (; index < node->len; index++) { + if (node->array[index].edge) { + ldns_radix_node_t* next; + /** Node itself. */ + if (node->array[index].edge->data) { + return node->array[index].edge; + } + /** Dive into subtree. */ + next = ldns_radix_next_in_subtree(node); + if (next) { + return next; + } + } + } + } + return NULL; +} + + +/** + * Previous element. + * + */ +ldns_radix_node_t* +ldns_radix_prev(ldns_radix_node_t* node) +{ + if (!node) { + return NULL; + } + + /** Get to parent and go down previous branch. */ + while (node->parent) { + uint8_t index = node->parent_index; + ldns_radix_node_t* prev; + node = node->parent; + assert(node->len > 0); + prev = ldns_radix_prev_from_index(node, index); + if (prev) { + return prev; + } + if (node->data) { + return node; + } + } + return NULL; +} + + +/** + * Print node. + * + */ +static void +ldns_radix_node_print(FILE* fd, ldns_radix_node_t* node, + uint8_t i, uint8_t* str, radix_strlen_t len, unsigned d) +{ + uint8_t j; + if (!node) { + return; + } + for (j = 0; j < d; j++) { + fprintf(fd, "--"); + } + if (str) { + radix_strlen_t l; + fprintf(fd, "| [%u+", (unsigned) i); + for (l=0; l < len; l++) { + fprintf(fd, "%c", (char) str[l]); + } + fprintf(fd, "]%u", (unsigned) len); + } else { + fprintf(fd, "| [%u]", (unsigned) i); + } + + if (node->data) { + fprintf(fd, " %s", (char*) node->data); + } + fprintf(fd, "\n"); + + for (j = 0; j < node->len; j++) { + if (node->array[j].edge) { + ldns_radix_node_print(fd, node->array[j].edge, j, + node->array[j].str, node->array[j].len, d+1); + } + } + return; +} + + +/** + * Print radix tree. + * + */ +void +ldns_radix_printf(FILE* fd, ldns_radix_t* tree) +{ + if (!fd || !tree) { + return; + } + if (!tree->root) { + fprintf(fd, "; empty radix tree\n"); + return; + } + ldns_radix_node_print(fd, tree->root, 0, NULL, 0, 0); + return; +} + + +/** + * Join two radix trees. + * + */ +ldns_status +ldns_radix_join(ldns_radix_t* tree1, ldns_radix_t* tree2) +{ + ldns_radix_node_t* cur_node, *next_node; + ldns_status status; + if (!tree2 || !tree2->root) { + return LDNS_STATUS_OK; + } + /** Add all elements from tree2 into tree1. */ + + cur_node = ldns_radix_first(tree2); + while (cur_node) { + status = LDNS_STATUS_NO_DATA; + /** Insert current node into tree1 */ + if (cur_node->data) { + status = ldns_radix_insert(tree1, cur_node->key, + cur_node->klen, cur_node->data); + /** Exist errors may occur */ + if (status != LDNS_STATUS_OK && + status != LDNS_STATUS_EXISTS_ERR) { + return status; + } + } + next_node = ldns_radix_next(cur_node); + if (status == LDNS_STATUS_OK) { + (void) ldns_radix_delete(tree2, cur_node->key, + cur_node->klen); + } + cur_node = next_node; + } + + return LDNS_STATUS_OK; +} + + +/** + * Split a radix tree intwo. + * + */ +ldns_status +ldns_radix_split(ldns_radix_t* tree1, size_t num, ldns_radix_t** tree2) +{ + size_t count = 0; + ldns_radix_node_t* cur_node; + ldns_status status = LDNS_STATUS_OK; + if (!tree1 || !tree1->root || num == 0) { + return LDNS_STATUS_OK; + } + if (!tree2) { + return LDNS_STATUS_NULL; + } + if (!*tree2) { + *tree2 = ldns_radix_create(); + if (!*tree2) { + return LDNS_STATUS_MEM_ERR; + } + } + cur_node = ldns_radix_first(tree1); + while (count < num && cur_node) { + if (cur_node->data) { + /** Delete current node from tree1. */ + uint8_t* cur_key = cur_node->key; + radix_strlen_t cur_len = cur_node->klen; + void* cur_data = ldns_radix_delete(tree1, cur_key, + cur_len); + /** Insert current node into tree2/ */ + if (!cur_data) { + return LDNS_STATUS_NO_DATA; + } + status = ldns_radix_insert(*tree2, cur_key, cur_len, + cur_data); + if (status != LDNS_STATUS_OK && + status != LDNS_STATUS_EXISTS_ERR) { + return status; + } +/* + if (status == LDNS_STATUS_OK) { + cur_node->key = NULL; + cur_node->klen = 0; + } +*/ + /** Update count; get first element from tree1 again. */ + count++; + cur_node = ldns_radix_first(tree1); + } else { + cur_node = ldns_radix_next(cur_node); + } + } + return LDNS_STATUS_OK; +} + + +/** + * Call function for all nodes in the tree, such that leaf nodes are + * called before parent nodes. + * + */ +void +ldns_radix_traverse_postorder(ldns_radix_node_t* node, + void (*func)(ldns_radix_node_t*, void*), void* arg) +{ + uint8_t i; + if (!node) { + return; + } + for (i=0; i < node->len; i++) { + ldns_radix_traverse_postorder(node->array[i].edge, + func, arg); + } + /** Call user function */ + (*func)(node, arg); + return; +} + + +/** Static helper functions */ + +/** + * Find a prefix of the key. + * @param tree: tree. + * @param key: key. + * @param len: length of key. + * @param result: the longest prefix, the entry itself if *pos==len, + * otherwise an array entry. + * @param pos: position in string where next unmatched byte is. + * If *pos==len, an exact match is found. + * If *pos== 0, a "" match was found. + * @return 0 (false) if no prefix found. + * + */ +static int +ldns_radix_find_prefix(ldns_radix_t* tree, uint8_t* key, + radix_strlen_t len, ldns_radix_node_t** result, radix_strlen_t* respos) +{ + /** Start searching at the root node */ + ldns_radix_node_t* n = tree->root; + radix_strlen_t pos = 0; + uint8_t byte; + *respos = 0; + *result = n; + if (!n) { + /** No root, no prefix found */ + return 0; + } + /** For each node, look if we can make further progress */ + while (n) { + if (pos == len) { + /** Exact match */ + return 1; + } + byte = key[pos]; + if (byte < n->offset) { + /** key < node */ + return 1; + } + byte -= n->offset; + if (byte >= n->len) { + /** key > node */ + return 1; + } + /** So far, the trie matches */ + pos++; + if (n->array[byte].len != 0) { + /** Must match additional string */ + if (pos + n->array[byte].len > len) { + return 1; /* no match at child node */ + } + if (memcmp(&key[pos], n->array[byte].str, + n->array[byte].len) != 0) { + return 1; /* no match at child node */ + } + pos += n->array[byte].len; + } + /** Continue searching prefix at this child node */ + n = n->array[byte].edge; + if (!n) { + return 1; + } + /** Update the prefix node */ + *respos = pos; + *result = n; + } + /** Done */ + return 1; +} + + +/** + * Make space in the node's array for another byte. + * @param node: node. + * @param byte: byte. + * @return 1 if successful, 0 otherwise. + * + */ +static int +ldns_radix_array_space(ldns_radix_node_t* node, uint8_t byte) +{ + /** Is there an array? */ + if (!node->array) { + assert(node->capacity == 0); + /** No array, create new array */ + node->array = LDNS_MALLOC(ldns_radix_array_t); + if (!node->array) { + return 0; + } + memset(&node->array[0], 0, sizeof(ldns_radix_array_t)); + node->len = 1; + node->capacity = 1; + node->offset = byte; + return 1; + } + /** Array exist */ + assert(node->array != NULL); + assert(node->capacity > 0); + + if (node->len == 0) { + /** Unused array */ + node->len = 1; + node->offset = byte; + } else if (byte < node->offset) { + /** Byte is below the offset */ + uint8_t index; + uint16_t need = node->offset - byte; + /** Is there enough capacity? */ + if (node->len + need > node->capacity) { + /** Not enough capacity, grow array */ + if (!ldns_radix_array_grow(node, + (unsigned) (node->len + need))) { + return 0; /* failed to grow array */ + } + } + /** Move items to the end */ + memmove(&node->array[need], &node->array[0], + node->len*sizeof(ldns_radix_array_t)); + /** Fix parent index */ + for (index = 0; index < node->len; index++) { + if (node->array[index+need].edge) { + node->array[index+need].edge->parent_index = + index + need; + } + } + /** Zero the first */ + memset(&node->array[0], 0, need*sizeof(ldns_radix_array_t)); + node->len += need; + node->offset = byte; + } else if (byte - node->offset >= node->len) { + /** Byte does not fit in array */ + uint16_t need = (byte - node->offset) - node->len + 1; + /** Is there enough capacity? */ + if (node->len + need > node->capacity) { + /** Not enough capacity, grow array */ + if (!ldns_radix_array_grow(node, + (unsigned) (node->len + need))) { + return 0; /* failed to grow array */ + } + } + /** Zero the added items */ + memset(&node->array[node->len], 0, + need*sizeof(ldns_radix_array_t)); + node->len += need; + } + return 1; +} + + +/** + * Grow the array. + * @param node: node. + * @param need: number of elements the array at least need to grow. + * Can't be bigger than 256. + * @return: 0 if failed, 1 if was successful. + * + */ +static int +ldns_radix_array_grow(ldns_radix_node_t* node, unsigned need) +{ + unsigned size = ((unsigned)node->capacity)*2; + ldns_radix_array_t* a = NULL; + if (need > size) { + size = need; + } + if (size > 256) { + size = 256; + } + a = LDNS_XMALLOC(ldns_radix_array_t, size); + if (!a) { + return 0; + } + assert(node->len <= node->capacity); + assert(node->capacity < size); + memcpy(&a[0], &node->array[0], node->len*sizeof(ldns_radix_array_t)); + LDNS_FREE(node->array); + node->array = a; + node->capacity = size; + return 1; +} + + +/** + * Create a prefix in the array string. + * @param array: array. + * @param key: key. + * @param pos: start position in key. + * @param len: length of key. + * @return 0 if failed, 1 if was successful. + * + */ +static int +ldns_radix_str_create(ldns_radix_array_t* array, uint8_t* key, + radix_strlen_t pos, radix_strlen_t len) +{ + array->str = LDNS_XMALLOC(uint8_t, (len-pos)); + if (!array->str) { + return 0; + } + memmove(array->str, key+pos, len-pos); + array->len = (len-pos); + return 1; +} + + +/** + * Allocate remainder from prefixes for a split. + * @param prefixlen: length of prefix. + * @param longer_str: the longer string. + * @param longer_len: the longer string length. + * @param split_str: the split string. + * @param split_len: the split string length. + * @return 0 if failed, 1 if successful. + * + */ +static int +ldns_radix_prefix_remainder(radix_strlen_t prefix_len, + uint8_t* longer_str, radix_strlen_t longer_len, + uint8_t** split_str, radix_strlen_t* split_len) +{ + *split_len = longer_len - prefix_len; + *split_str = LDNS_XMALLOC(uint8_t, (*split_len)); + if (!*split_str) { + return 0; + } + memmove(*split_str, longer_str+prefix_len, longer_len-prefix_len); + return 1; +} + + +/** + * Create a split when two nodes have a shared prefix. + * @param array: array. + * @param key: key. + * @param pos: start position in key. + * @param len: length of the key. + * @param add: node to be added. + * @return 0 if failed, 1 if was successful. + * + */ +static int +ldns_radix_array_split(ldns_radix_array_t* array, uint8_t* key, + radix_strlen_t pos, radix_strlen_t len, ldns_radix_node_t* add) +{ + uint8_t* str_to_add = key + pos; + radix_strlen_t strlen_to_add = len - pos; + + if (ldns_radix_str_is_prefix(str_to_add, strlen_to_add, + array->str, array->len)) { + /** The string to add is a prefix of the existing string */ + uint8_t* split_str = NULL, *dup_str = NULL; + radix_strlen_t split_len = 0; + /** + * Example 5: 'ld' + * | [0] + * --| [d+ns] dns + * --| [e+dns] edns + * --| [l+d] ld + * ----| [n+s] ldns + **/ + assert(strlen_to_add < array->len); + /** Store the remainder in the split string */ + if (array->len - strlen_to_add > 1) { + if (!ldns_radix_prefix_remainder(strlen_to_add+1, + array->str, array->len, &split_str, + &split_len)) { + return 0; + } + } + /** Duplicate the string to add */ + if (strlen_to_add != 0) { + dup_str = LDNS_XMALLOC(uint8_t, strlen_to_add); + if (!dup_str) { + LDNS_FREE(split_str); + return 0; + } + memcpy(dup_str, str_to_add, strlen_to_add); + } + /** Make space in array for the new node */ + if (!ldns_radix_array_space(add, + array->str[strlen_to_add])) { + LDNS_FREE(split_str); + LDNS_FREE(dup_str); + return 0; + } + /** + * The added node should go direct under the existing parent. + * The existing node should go under the added node. + */ + add->parent = array->edge->parent; + add->parent_index = array->edge->parent_index; + add->array[0].edge = array->edge; + add->array[0].str = split_str; + add->array[0].len = split_len; + array->edge->parent = add; + array->edge->parent_index = 0; + LDNS_FREE(array->str); + array->edge = add; + array->str = dup_str; + array->len = strlen_to_add; + } else if (ldns_radix_str_is_prefix(array->str, array->len, + str_to_add, strlen_to_add)) { + /** The existing string is a prefix of the string to add */ + /** + * Example 6: 'dns-ng' + * | [0] + * --| [d+ns] dns + * ----| [-+ng] dns-ng + * --| [e+dns] edns + * --| [l+d] ld + * ----| [n+s] ldns + **/ + uint8_t* split_str = NULL; + radix_strlen_t split_len = 0; + assert(array->len < strlen_to_add); + if (strlen_to_add - array->len > 1) { + if (!ldns_radix_prefix_remainder(array->len+1, + str_to_add, strlen_to_add, &split_str, + &split_len)) { + return 0; + } + } + /** Make space in array for the new node */ + if (!ldns_radix_array_space(array->edge, + str_to_add[array->len])) { + LDNS_FREE(split_str); + return 0; + } + /** + * The added node should go direct under the existing node. + */ + add->parent = array->edge; + add->parent_index = str_to_add[array->len] - + array->edge->offset; + array->edge->array[add->parent_index].edge = add; + array->edge->array[add->parent_index].str = split_str; + array->edge->array[add->parent_index].len = split_len; + } else { + /** Create a new split node. */ + /** + * Example 7: 'dndns' + * | [0] + * --| [d+n] + * ----| [d+ns] dndns + * ----| [s] dns + * ------| [-+ng] dns-ng + * --| [e+dns] edns + * --| [l+d] ld + * ----| [n+s] ldns + **/ + ldns_radix_node_t* common = NULL; + uint8_t* common_str = NULL, *s1 = NULL, *s2 = NULL; + radix_strlen_t common_len = 0, l1 = 0, l2 = 0; + common_len = ldns_radix_str_common(array->str, array->len, + str_to_add, strlen_to_add); + assert(common_len < array->len); + assert(common_len < strlen_to_add); + /** Create the new common node. */ + common = ldns_radix_new_node(NULL, (uint8_t*)"", 0); + if (!common) { + return 0; + } + if (array->len - common_len > 1) { + if (!ldns_radix_prefix_remainder(common_len+1, + array->str, array->len, &s1, &l1)) { + return 0; + } + } + if (strlen_to_add - common_len > 1) { + if (!ldns_radix_prefix_remainder(common_len+1, + str_to_add, strlen_to_add, &s2, &l2)) { + return 0; + } + } + /** Create the shared prefix. */ + if (common_len > 0) { + common_str = LDNS_XMALLOC(uint8_t, common_len); + if (!common_str) { + LDNS_FREE(common); + LDNS_FREE(s1); + LDNS_FREE(s2); + return 0; + } + memcpy(common_str, str_to_add, common_len); + } + /** Make space in the common node array. */ + if (!ldns_radix_array_space(common, array->str[common_len]) || + !ldns_radix_array_space(common, str_to_add[common_len])) { + LDNS_FREE(common->array); + LDNS_FREE(common); + LDNS_FREE(common_str); + LDNS_FREE(s1); + LDNS_FREE(s2); + return 0; + } + /** + * The common node should go direct under the parent node. + * The added and existing nodes go under the common node. + */ + common->parent = array->edge->parent; + common->parent_index = array->edge->parent_index; + array->edge->parent = common; + array->edge->parent_index = array->str[common_len] - + common->offset; + add->parent = common; + add->parent_index = str_to_add[common_len] - common->offset; + common->array[array->edge->parent_index].edge = array->edge; + common->array[array->edge->parent_index].str = s1; + common->array[array->edge->parent_index].len = l1; + common->array[add->parent_index].edge = add; + common->array[add->parent_index].str = s2; + common->array[add->parent_index].len = l2; + LDNS_FREE(array->str); + array->edge = common; + array->str = common_str; + array->len = common_len; + } + return 1; +} + + +/** + * Check if one string prefix of other string. + * @param str1: one string. + * @param len1: one string length. + * @param str2: other string. + * @param len2: other string length. + * @return 1 if prefix, 0 otherwise. + * + */ +static int +ldns_radix_str_is_prefix(uint8_t* str1, radix_strlen_t len1, + uint8_t* str2, radix_strlen_t len2) +{ + if (len1 == 0) { + return 1; /* empty prefix is also a prefix */ + } + if (len1 > len2) { + return 0; /* len1 is longer so str1 cannot be a prefix */ + } + return (memcmp(str1, str2, len1) == 0); +} + + +/** + * Return the number of bytes in common for the two strings. + * @param str1: one string. + * @param len1: one string length. + * @param str2: other string. + * @param len2: other string length. + * @return length of substring that the two strings have in common. + * + */ +static radix_strlen_t +ldns_radix_str_common(uint8_t* str1, radix_strlen_t len1, + uint8_t* str2, radix_strlen_t len2) +{ + radix_strlen_t i, max = (len1len; i++) { + if (node->array[i].edge) { + /** Node itself. */ + if (node->array[i].edge->data) { + return node->array[i].edge; + } + /** Dive into subtree. */ + next = ldns_radix_next_in_subtree(node->array[i].edge); + if (next) { + return next; + } + } + } + return NULL; +} + + +/** + * Find the previous element in the array of this node, from index. + * @param node: node. + * @param index: index. + * @return previous node from index. + * + */ +static ldns_radix_node_t* +ldns_radix_prev_from_index(ldns_radix_node_t* node, uint8_t index) +{ + uint8_t i = index; + while (i > 0) { + i--; + if (node->array[i].edge) { + ldns_radix_node_t* prev = + ldns_radix_last_in_subtree_incl_self(node); + if (prev) { + return prev; + } + } + } + return NULL; +} + + +/** + * Find last node in subtree, or this node (if have data). + * @param node: node. + * @return last node in subtree, or this node, or NULL. + * + */ +static ldns_radix_node_t* +ldns_radix_last_in_subtree_incl_self(ldns_radix_node_t* node) +{ + ldns_radix_node_t* last = ldns_radix_last_in_subtree(node); + if (last) { + return last; + } else if (node->data) { + return node; + } + return NULL; +} + + +/** + * Find last node in subtree. + * @param node: node. + * @return last node in subtree. + * + */ +static ldns_radix_node_t* +ldns_radix_last_in_subtree(ldns_radix_node_t* node) +{ + int i; + /** Look for the most right leaf node. */ + for (i=(int)(node->len)-1; i >= 0; i--) { + if (node->array[i].edge) { + /** Keep looking for the most right leaf node. */ + if (node->array[i].edge->len > 0) { + ldns_radix_node_t* last = + ldns_radix_last_in_subtree( + node->array[i].edge); + if (last) { + return last; + } + } + /** Could this be the most right leaf node? */ + if (node->array[i].edge->data) { + return node->array[i].edge; + } + } + } + return NULL; +} + + +/** + * Fix tree after deleting element. + * @param tree: tree. + * @param node: node with deleted element. + * + */ +static void +ldns_radix_del_fix(ldns_radix_t* tree, ldns_radix_node_t* node) +{ + while (node) { + if (node->data) { + /** Thou should not delete nodes with data attached. */ + return; + } else if (node->len == 1 && node->parent) { + /** Node with one child is fold back into. */ + ldns_radix_cleanup_onechild(node); + return; + } else if (node->len == 0) { + /** Leaf node. */ + ldns_radix_node_t* parent = node->parent; + if (!parent) { + /** The root is a leaf node. */ + ldns_radix_node_free(node, NULL); + tree->root = NULL; + return; + } + /** Cleanup leaf node and continue with parent. */ + ldns_radix_cleanup_leaf(node); + node = parent; + } else { + /** + * Node cannot be deleted, because it has edge nodes + * and no parent to fix up to. + */ + return; + } + } + /** Not reached. */ + return; +} + + +/** + * Clean up a node with one child. + * @param node: node with one child. + * + */ +static void +ldns_radix_cleanup_onechild(ldns_radix_node_t* node) +{ + uint8_t* join_str; + radix_strlen_t join_len; + uint8_t parent_index = node->parent_index; + ldns_radix_node_t* child = node->array[0].edge; + ldns_radix_node_t* parent = node->parent; + + /** Node has one child, merge the child node into the parent node. */ + assert(parent_index < parent->len); + join_len = parent->array[parent_index].len + node->array[0].len + 1; + + join_str = LDNS_XMALLOC(uint8_t, join_len); + if (!join_str) { + /** + * Cleanup failed due to out of memory. + * This tree is now inefficient, with the empty node still + * existing, but it is still valid. + */ + return; + } + + memcpy(join_str, parent->array[parent_index].str, + parent->array[parent_index].len); + join_str[parent->array[parent_index].len] = child->parent_index + + node->offset; + memmove(join_str + parent->array[parent_index].len+1, + node->array[0].str, node->array[0].len); + + LDNS_FREE(parent->array[parent_index].str); + parent->array[parent_index].str = join_str; + parent->array[parent_index].len = join_len; + parent->array[parent_index].edge = child; + child->parent = parent; + child->parent_index = parent_index; + ldns_radix_node_free(node, NULL); + return; +} + + +/** + * Clean up a leaf node. + * @param node: leaf node. + * + */ +static void +ldns_radix_cleanup_leaf(ldns_radix_node_t* node) +{ + uint8_t parent_index = node->parent_index; + ldns_radix_node_t* parent = node->parent; + /** Delete lead node and fix parent array. */ + assert(parent_index < parent->len); + ldns_radix_node_free(node, NULL); + LDNS_FREE(parent->array[parent_index].str); + parent->array[parent_index].str = NULL; + parent->array[parent_index].len = 0; + parent->array[parent_index].edge = NULL; + /** Fix array in parent. */ + if (parent->len == 1) { + ldns_radix_node_array_free(parent); + } else if (parent_index == 0) { + ldns_radix_node_array_free_front(parent); + } else { + ldns_radix_node_array_free_end(parent); + } + return; +} + + +/** + * Free a radix node. + * @param node: node. + * @param arg: user argument. + * + */ +static void +ldns_radix_node_free(ldns_radix_node_t* node, void* arg) +{ + uint16_t i; + (void) arg; + if (!node) { + return; + } + for (i=0; i < node->len; i++) { + LDNS_FREE(node->array[i].str); + } + node->key = NULL; + node->klen = 0; + LDNS_FREE(node->array); + LDNS_FREE(node); + return; +} + + +/** + * Free select edge array. + * @param node: node. + * + */ +static void +ldns_radix_node_array_free(ldns_radix_node_t* node) +{ + node->offset = 0; + node->len = 0; + LDNS_FREE(node->array); + node->array = NULL; + node->capacity = 0; + return; +} + + +/** + * Free front of select edge array. + * @param node: node. + * + */ +static void +ldns_radix_node_array_free_front(ldns_radix_node_t* node) +{ + uint16_t i, n = 0; + /** Remove until a non NULL entry. */ + while (n < node->len && node->array[n].edge == NULL) { + n++; + } + if (n == 0) { + return; + } + if (n == node->len) { + ldns_radix_node_array_free(node); + return; + } + assert(n < node->len); + assert((int) n <= (255 - (int) node->offset)); + memmove(&node->array[0], &node->array[n], + (node->len - n)*sizeof(ldns_radix_array_t)); + node->offset += n; + node->len -= n; + for (i=0; i < node->len; i++) { + if (node->array[i].edge) { + node->array[i].edge->parent_index = i; + } + } + ldns_radix_array_reduce(node); + return; +} + + +/** + * Free front of select edge array. + * @param node: node. + * + */ +static void +ldns_radix_node_array_free_end(ldns_radix_node_t* node) +{ + uint16_t n = 0; + /** Shorten array. */ + while (n < node->len && node->array[node->len-1-n].edge == NULL) { + n++; + } + if (n == 0) { + return; + } + if (n == node->len) { + ldns_radix_node_array_free(node); + return; + } + assert(n < node->len); + node->len -= n; + ldns_radix_array_reduce(node); + return; +} + + +/** + * Reduce the capacity of the array if needed. + * @param node: node. + * + */ +static void +ldns_radix_array_reduce(ldns_radix_node_t* node) +{ + if (node->len <= node->capacity/2 && node->len != node->capacity) { + ldns_radix_array_t* a = LDNS_XMALLOC(ldns_radix_array_t, + node->len); + if (!a) { + return; + } + memcpy(a, node->array, sizeof(ldns_radix_array_t)*node->len); + LDNS_FREE(node->array); + node->array = a; + node->capacity = node->len; + } + return; +} + + +/** + * Return this element if it exists, the previous otherwise. + * @param node: from this node. + * @param result: result node. + * + */ +static void +ldns_radix_self_or_prev(ldns_radix_node_t* node, ldns_radix_node_t** result) +{ + if (node->data) { + *result = node; + } else { + *result = ldns_radix_prev(node); + } + return; +} diff --git a/ldns/src/rbtree.c b/ldns/src/rbtree.c new file mode 100644 index 0000000..b89dff7 --- /dev/null +++ b/ldns/src/rbtree.c @@ -0,0 +1,670 @@ +/* + * rbtree.c -- generic red black tree + * + * Taken from Unbound, modified for ldns + * + * Copyright (c) 2001-2008, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * \file + * Implementation of a redblack tree. + */ + +#include +#include +#include +#include + +/** Node colour black */ +#define BLACK 0 +/** Node colour red */ +#define RED 1 + +/** the NULL node, global alloc */ +ldns_rbnode_t ldns_rbtree_null_node = { + LDNS_RBTREE_NULL, /* Parent. */ + LDNS_RBTREE_NULL, /* Left. */ + LDNS_RBTREE_NULL, /* Right. */ + NULL, /* Key. */ + NULL, /* Data. */ + BLACK /* Color. */ +}; + +/** rotate subtree left (to preserve redblack property) */ +static void ldns_rbtree_rotate_left(ldns_rbtree_t *rbtree, ldns_rbnode_t *node); +/** rotate subtree right (to preserve redblack property) */ +static void ldns_rbtree_rotate_right(ldns_rbtree_t *rbtree, ldns_rbnode_t *node); +/** Fixup node colours when insert happened */ +static void ldns_rbtree_insert_fixup(ldns_rbtree_t *rbtree, ldns_rbnode_t *node); +/** Fixup node colours when delete happened */ +static void ldns_rbtree_delete_fixup(ldns_rbtree_t* rbtree, ldns_rbnode_t* child, ldns_rbnode_t* child_parent); + +/* + * Creates a new red black tree, intializes and returns a pointer to it. + * + * Return NULL on failure. + * + */ +ldns_rbtree_t * +ldns_rbtree_create (int (*cmpf)(const void *, const void *)) +{ + ldns_rbtree_t *rbtree; + + /* Allocate memory for it */ + rbtree = (ldns_rbtree_t *) LDNS_MALLOC(ldns_rbtree_t); + if (!rbtree) { + return NULL; + } + + /* Initialize it */ + ldns_rbtree_init(rbtree, cmpf); + + return rbtree; +} + +void +ldns_rbtree_init(ldns_rbtree_t *rbtree, int (*cmpf)(const void *, const void *)) +{ + /* Initialize it */ + rbtree->root = LDNS_RBTREE_NULL; + rbtree->count = 0; + rbtree->cmp = cmpf; +} + +void +ldns_rbtree_free(ldns_rbtree_t *rbtree) +{ + LDNS_FREE(rbtree); +} + +/* + * Rotates the node to the left. + * + */ +static void +ldns_rbtree_rotate_left(ldns_rbtree_t *rbtree, ldns_rbnode_t *node) +{ + ldns_rbnode_t *right = node->right; + node->right = right->left; + if (right->left != LDNS_RBTREE_NULL) + right->left->parent = node; + + right->parent = node->parent; + + if (node->parent != LDNS_RBTREE_NULL) { + if (node == node->parent->left) { + node->parent->left = right; + } else { + node->parent->right = right; + } + } else { + rbtree->root = right; + } + right->left = node; + node->parent = right; +} + +/* + * Rotates the node to the right. + * + */ +static void +ldns_rbtree_rotate_right(ldns_rbtree_t *rbtree, ldns_rbnode_t *node) +{ + ldns_rbnode_t *left = node->left; + node->left = left->right; + if (left->right != LDNS_RBTREE_NULL) + left->right->parent = node; + + left->parent = node->parent; + + if (node->parent != LDNS_RBTREE_NULL) { + if (node == node->parent->right) { + node->parent->right = left; + } else { + node->parent->left = left; + } + } else { + rbtree->root = left; + } + left->right = node; + node->parent = left; +} + +static void +ldns_rbtree_insert_fixup(ldns_rbtree_t *rbtree, ldns_rbnode_t *node) +{ + ldns_rbnode_t *uncle; + + /* While not at the root and need fixing... */ + while (node != rbtree->root && node->parent->color == RED) { + /* If our parent is left child of our grandparent... */ + if (node->parent == node->parent->parent->left) { + uncle = node->parent->parent->right; + + /* If our uncle is red... */ + if (uncle->color == RED) { + /* Paint the parent and the uncle black... */ + node->parent->color = BLACK; + uncle->color = BLACK; + + /* And the grandparent red... */ + node->parent->parent->color = RED; + + /* And continue fixing the grandparent */ + node = node->parent->parent; + } else { /* Our uncle is black... */ + /* Are we the right child? */ + if (node == node->parent->right) { + node = node->parent; + ldns_rbtree_rotate_left(rbtree, node); + } + /* Now we're the left child, repaint and rotate... */ + node->parent->color = BLACK; + node->parent->parent->color = RED; + ldns_rbtree_rotate_right(rbtree, node->parent->parent); + } + } else { + uncle = node->parent->parent->left; + + /* If our uncle is red... */ + if (uncle->color == RED) { + /* Paint the parent and the uncle black... */ + node->parent->color = BLACK; + uncle->color = BLACK; + + /* And the grandparent red... */ + node->parent->parent->color = RED; + + /* And continue fixing the grandparent */ + node = node->parent->parent; + } else { /* Our uncle is black... */ + /* Are we the right child? */ + if (node == node->parent->left) { + node = node->parent; + ldns_rbtree_rotate_right(rbtree, node); + } + /* Now we're the right child, repaint and rotate... */ + node->parent->color = BLACK; + node->parent->parent->color = RED; + ldns_rbtree_rotate_left(rbtree, node->parent->parent); + } + } + } + rbtree->root->color = BLACK; +} + +void +ldns_rbtree_insert_vref(ldns_rbnode_t *data, void *rbtree) +{ + (void) ldns_rbtree_insert((ldns_rbtree_t *) rbtree, + data); +} + +/* + * Inserts a node into a red black tree. + * + * Returns NULL on failure or the pointer to the newly added node + * otherwise. + */ +ldns_rbnode_t * +ldns_rbtree_insert (ldns_rbtree_t *rbtree, ldns_rbnode_t *data) +{ + /* XXX Not necessary, but keeps compiler quiet... */ + int r = 0; + + /* We start at the root of the tree */ + ldns_rbnode_t *node = rbtree->root; + ldns_rbnode_t *parent = LDNS_RBTREE_NULL; + + /* Lets find the new parent... */ + while (node != LDNS_RBTREE_NULL) { + /* Compare two keys, do we have a duplicate? */ + if ((r = rbtree->cmp(data->key, node->key)) == 0) { + return NULL; + } + parent = node; + + if (r < 0) { + node = node->left; + } else { + node = node->right; + } + } + + /* Initialize the new node */ + data->parent = parent; + data->left = data->right = LDNS_RBTREE_NULL; + data->color = RED; + rbtree->count++; + + /* Insert it into the tree... */ + if (parent != LDNS_RBTREE_NULL) { + if (r < 0) { + parent->left = data; + } else { + parent->right = data; + } + } else { + rbtree->root = data; + } + + /* Fix up the red-black properties... */ + ldns_rbtree_insert_fixup(rbtree, data); + + return data; +} + +/* + * Searches the red black tree, returns the data if key is found or NULL otherwise. + * + */ +ldns_rbnode_t * +ldns_rbtree_search (ldns_rbtree_t *rbtree, const void *key) +{ + ldns_rbnode_t *node; + + if (ldns_rbtree_find_less_equal(rbtree, key, &node)) { + return node; + } else { + return NULL; + } +} + +/** helpers for delete: swap node colours */ +static void swap_int8(uint8_t* x, uint8_t* y) +{ + uint8_t t = *x; *x = *y; *y = t; +} + +/** helpers for delete: swap node pointers */ +static void swap_np(ldns_rbnode_t** x, ldns_rbnode_t** y) +{ + ldns_rbnode_t* t = *x; *x = *y; *y = t; +} + +/** Update parent pointers of child trees of 'parent' */ +static void change_parent_ptr(ldns_rbtree_t* rbtree, ldns_rbnode_t* parent, ldns_rbnode_t* old, ldns_rbnode_t* new) +{ + if(parent == LDNS_RBTREE_NULL) + { + if(rbtree->root == old) rbtree->root = new; + return; + } + if(parent->left == old) parent->left = new; + if(parent->right == old) parent->right = new; +} +/** Update parent pointer of a node 'child' */ +static void change_child_ptr(ldns_rbnode_t* child, ldns_rbnode_t* old, ldns_rbnode_t* new) +{ + if(child == LDNS_RBTREE_NULL) return; + if(child->parent == old) child->parent = new; +} + +ldns_rbnode_t* +ldns_rbtree_delete(ldns_rbtree_t *rbtree, const void *key) +{ + ldns_rbnode_t *to_delete; + ldns_rbnode_t *child; + if((to_delete = ldns_rbtree_search(rbtree, key)) == 0) return 0; + rbtree->count--; + + /* make sure we have at most one non-leaf child */ + if(to_delete->left != LDNS_RBTREE_NULL && + to_delete->right != LDNS_RBTREE_NULL) + { + /* swap with smallest from right subtree (or largest from left) */ + ldns_rbnode_t *smright = to_delete->right; + while(smright->left != LDNS_RBTREE_NULL) + smright = smright->left; + /* swap the smright and to_delete elements in the tree, + * but the ldns_rbnode_t is first part of user data struct + * so cannot just swap the keys and data pointers. Instead + * readjust the pointers left,right,parent */ + + /* swap colors - colors are tied to the position in the tree */ + swap_int8(&to_delete->color, &smright->color); + + /* swap child pointers in parents of smright/to_delete */ + change_parent_ptr(rbtree, to_delete->parent, to_delete, smright); + if(to_delete->right != smright) + change_parent_ptr(rbtree, smright->parent, smright, to_delete); + + /* swap parent pointers in children of smright/to_delete */ + change_child_ptr(smright->left, smright, to_delete); + change_child_ptr(smright->left, smright, to_delete); + change_child_ptr(smright->right, smright, to_delete); + change_child_ptr(smright->right, smright, to_delete); + change_child_ptr(to_delete->left, to_delete, smright); + if(to_delete->right != smright) + change_child_ptr(to_delete->right, to_delete, smright); + if(to_delete->right == smright) + { + /* set up so after swap they work */ + to_delete->right = to_delete; + smright->parent = smright; + } + + /* swap pointers in to_delete/smright nodes */ + swap_np(&to_delete->parent, &smright->parent); + swap_np(&to_delete->left, &smright->left); + swap_np(&to_delete->right, &smright->right); + + /* now delete to_delete (which is at the location where the smright previously was) */ + } + + if(to_delete->left != LDNS_RBTREE_NULL) child = to_delete->left; + else child = to_delete->right; + + /* unlink to_delete from the tree, replace to_delete with child */ + change_parent_ptr(rbtree, to_delete->parent, to_delete, child); + change_child_ptr(child, to_delete, to_delete->parent); + + if(to_delete->color == RED) + { + /* if node is red then the child (black) can be swapped in */ + } + else if(child->color == RED) + { + /* change child to BLACK, removing a RED node is no problem */ + if(child!=LDNS_RBTREE_NULL) child->color = BLACK; + } + else ldns_rbtree_delete_fixup(rbtree, child, to_delete->parent); + + /* unlink completely */ + to_delete->parent = LDNS_RBTREE_NULL; + to_delete->left = LDNS_RBTREE_NULL; + to_delete->right = LDNS_RBTREE_NULL; + to_delete->color = BLACK; + return to_delete; +} + +static void ldns_rbtree_delete_fixup(ldns_rbtree_t* rbtree, ldns_rbnode_t* child, ldns_rbnode_t* child_parent) +{ + ldns_rbnode_t* sibling; + int go_up = 1; + + /* determine sibling to the node that is one-black short */ + if(child_parent->right == child) sibling = child_parent->left; + else sibling = child_parent->right; + + while(go_up) + { + if(child_parent == LDNS_RBTREE_NULL) + { + /* removed parent==black from root, every path, so ok */ + return; + } + + if(sibling->color == RED) + { /* rotate to get a black sibling */ + child_parent->color = RED; + sibling->color = BLACK; + if(child_parent->right == child) + ldns_rbtree_rotate_right(rbtree, child_parent); + else ldns_rbtree_rotate_left(rbtree, child_parent); + /* new sibling after rotation */ + if(child_parent->right == child) sibling = child_parent->left; + else sibling = child_parent->right; + } + + if(child_parent->color == BLACK + && sibling->color == BLACK + && sibling->left->color == BLACK + && sibling->right->color == BLACK) + { /* fixup local with recolor of sibling */ + if(sibling != LDNS_RBTREE_NULL) + sibling->color = RED; + + child = child_parent; + child_parent = child_parent->parent; + /* prepare to go up, new sibling */ + if(child_parent->right == child) sibling = child_parent->left; + else sibling = child_parent->right; + } + else go_up = 0; + } + + if(child_parent->color == RED + && sibling->color == BLACK + && sibling->left->color == BLACK + && sibling->right->color == BLACK) + { + /* move red to sibling to rebalance */ + if(sibling != LDNS_RBTREE_NULL) + sibling->color = RED; + child_parent->color = BLACK; + return; + } + + /* get a new sibling, by rotating at sibling. See which child + of sibling is red */ + if(child_parent->right == child + && sibling->color == BLACK + && sibling->right->color == RED + && sibling->left->color == BLACK) + { + sibling->color = RED; + sibling->right->color = BLACK; + ldns_rbtree_rotate_left(rbtree, sibling); + /* new sibling after rotation */ + if(child_parent->right == child) sibling = child_parent->left; + else sibling = child_parent->right; + } + else if(child_parent->left == child + && sibling->color == BLACK + && sibling->left->color == RED + && sibling->right->color == BLACK) + { + sibling->color = RED; + sibling->left->color = BLACK; + ldns_rbtree_rotate_right(rbtree, sibling); + /* new sibling after rotation */ + if(child_parent->right == child) sibling = child_parent->left; + else sibling = child_parent->right; + } + + /* now we have a black sibling with a red child. rotate and exchange colors. */ + sibling->color = child_parent->color; + child_parent->color = BLACK; + if(child_parent->right == child) + { + sibling->left->color = BLACK; + ldns_rbtree_rotate_right(rbtree, child_parent); + } + else + { + sibling->right->color = BLACK; + ldns_rbtree_rotate_left(rbtree, child_parent); + } +} + +int +ldns_rbtree_find_less_equal(ldns_rbtree_t *rbtree, const void *key, ldns_rbnode_t **result) +{ + int r; + ldns_rbnode_t *node; + + /* We start at root... */ + node = rbtree->root; + + *result = NULL; + + /* While there are children... */ + while (node != LDNS_RBTREE_NULL) { + r = rbtree->cmp(key, node->key); + if (r == 0) { + /* Exact match */ + *result = node; + return 1; + } + if (r < 0) { + node = node->left; + } else { + /* Temporary match */ + *result = node; + node = node->right; + } + } + return 0; +} + +/* + * Finds the first element in the red black tree + * + */ +ldns_rbnode_t * +ldns_rbtree_first (ldns_rbtree_t *rbtree) +{ + ldns_rbnode_t *node = rbtree->root; + + if (rbtree->root != LDNS_RBTREE_NULL) { + for (node = rbtree->root; node->left != LDNS_RBTREE_NULL; node = node->left); + } + return node; +} + +ldns_rbnode_t * +ldns_rbtree_last (ldns_rbtree_t *rbtree) +{ + ldns_rbnode_t *node = rbtree->root; + + if (rbtree->root != LDNS_RBTREE_NULL) { + for (node = rbtree->root; node->right != LDNS_RBTREE_NULL; node = node->right); + } + return node; +} + +/* + * Returns the next node... + * + */ +ldns_rbnode_t * +ldns_rbtree_next (ldns_rbnode_t *node) +{ + ldns_rbnode_t *parent; + + if (node->right != LDNS_RBTREE_NULL) { + /* One right, then keep on going left... */ + for (node = node->right; + node->left != LDNS_RBTREE_NULL; + node = node->left); + } else { + parent = node->parent; + while (parent != LDNS_RBTREE_NULL && node == parent->right) { + node = parent; + parent = parent->parent; + } + node = parent; + } + return node; +} + +ldns_rbnode_t * +ldns_rbtree_previous(ldns_rbnode_t *node) +{ + ldns_rbnode_t *parent; + + if (node->left != LDNS_RBTREE_NULL) { + /* One left, then keep on going right... */ + for (node = node->left; + node->right != LDNS_RBTREE_NULL; + node = node->right); + } else { + parent = node->parent; + while (parent != LDNS_RBTREE_NULL && node == parent->left) { + node = parent; + parent = parent->parent; + } + node = parent; + } + return node; +} + +/** + * split off elements number of elements from the start + * of the name tree and return a new tree + */ +ldns_rbtree_t * +ldns_rbtree_split(ldns_rbtree_t *tree, + size_t elements) +{ + ldns_rbtree_t *new_tree; + ldns_rbnode_t *cur_node; + ldns_rbnode_t *move_node; + size_t count = 0; + + new_tree = ldns_rbtree_create(tree->cmp); + + cur_node = ldns_rbtree_first(tree); + while (count < elements && cur_node != LDNS_RBTREE_NULL) { + move_node = ldns_rbtree_delete(tree, cur_node->key); + (void)ldns_rbtree_insert(new_tree, move_node); + cur_node = ldns_rbtree_first(tree); + count++; + } + + return new_tree; +} + +/* + * add all node from the second tree to the first (removing them from the + * second), and fix up nsec(3)s if present + */ +void +ldns_rbtree_join(ldns_rbtree_t *tree1, ldns_rbtree_t *tree2) +{ + ldns_traverse_postorder(tree2, ldns_rbtree_insert_vref, tree1); +} + +/** recursive descent traverse */ +static void +traverse_post(void (*func)(ldns_rbnode_t*, void*), void* arg, + ldns_rbnode_t* node) +{ + if(!node || node == LDNS_RBTREE_NULL) + return; + /* recurse */ + traverse_post(func, arg, node->left); + traverse_post(func, arg, node->right); + /* call user func */ + (*func)(node, arg); +} + +void +ldns_traverse_postorder(ldns_rbtree_t* tree, + void (*func)(ldns_rbnode_t*, void*), void* arg) +{ + traverse_post(func, arg, tree->root); +} diff --git a/ldns/src/rdata.c b/ldns/src/rdata.c new file mode 100644 index 0000000..6eb0096 --- /dev/null +++ b/ldns/src/rdata.c @@ -0,0 +1,757 @@ +/* + * rdata.c + * + * rdata implementation + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +/* + * Access functions + * do this as functions to get type checking + */ + +/* read */ +size_t +ldns_rdf_size(const ldns_rdf *rd) +{ + assert(rd != NULL); + return rd->_size; +} + +ldns_rdf_type +ldns_rdf_get_type(const ldns_rdf *rd) +{ + assert(rd != NULL); + return rd->_type; +} + +uint8_t * +ldns_rdf_data(const ldns_rdf *rd) +{ + assert(rd != NULL); + return rd->_data; +} + +/* write */ +void +ldns_rdf_set_size(ldns_rdf *rd, size_t size) +{ + assert(rd != NULL); + rd->_size = size; +} + +void +ldns_rdf_set_type(ldns_rdf *rd, ldns_rdf_type type) +{ + assert(rd != NULL); + rd->_type = type; +} + +void +ldns_rdf_set_data(ldns_rdf *rd, void *data) +{ + /* only copy the pointer */ + assert(rd != NULL); + rd->_data = data; +} + +/* for types that allow it, return + * the native/host order type */ +uint8_t +ldns_rdf2native_int8(const ldns_rdf *rd) +{ + uint8_t data; + + /* only allow 8 bit rdfs */ + if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_BYTE) { + return 0; + } + + memcpy(&data, ldns_rdf_data(rd), sizeof(data)); + return data; +} + +uint16_t +ldns_rdf2native_int16(const ldns_rdf *rd) +{ + uint16_t data; + + /* only allow 16 bit rdfs */ + if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_WORD) { + return 0; + } + + memcpy(&data, ldns_rdf_data(rd), sizeof(data)); + return ntohs(data); +} + +uint32_t +ldns_rdf2native_int32(const ldns_rdf *rd) +{ + uint32_t data; + + /* only allow 32 bit rdfs */ + if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_DOUBLEWORD) { + return 0; + } + + memcpy(&data, ldns_rdf_data(rd), sizeof(data)); + return ntohl(data); +} + +time_t +ldns_rdf2native_time_t(const ldns_rdf *rd) +{ + uint32_t data; + + /* only allow 32 bit rdfs */ + if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_DOUBLEWORD || + ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_TIME) { + return 0; + } + memcpy(&data, ldns_rdf_data(rd), sizeof(data)); + return (time_t)ntohl(data); +} + +ldns_rdf * +ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value) +{ + return ldns_rdf_new_frm_data(type, LDNS_RDF_SIZE_BYTE, &value); +} + +ldns_rdf * +ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value) +{ + uint16_t *rdf_data = LDNS_XMALLOC(uint16_t, 1); + ldns_rdf* rdf; + if (!rdf_data) { + return NULL; + } + ldns_write_uint16(rdf_data, value); + rdf = ldns_rdf_new(type, LDNS_RDF_SIZE_WORD, rdf_data); + if(!rdf) + LDNS_FREE(rdf_data); + return rdf; +} + +ldns_rdf * +ldns_native2rdf_int32(ldns_rdf_type type, uint32_t value) +{ + uint32_t *rdf_data = LDNS_XMALLOC(uint32_t, 1); + ldns_rdf* rdf; + if (!rdf_data) { + return NULL; + } + ldns_write_uint32(rdf_data, value); + rdf = ldns_rdf_new(type, LDNS_RDF_SIZE_DOUBLEWORD, rdf_data); + if(!rdf) + LDNS_FREE(rdf_data); + return rdf; +} + +ldns_rdf * +ldns_native2rdf_int16_data(size_t size, uint8_t *data) +{ + uint8_t *rdf_data = LDNS_XMALLOC(uint8_t, size + 2); + ldns_rdf* rdf; + if (!rdf_data) { + return NULL; + } + ldns_write_uint16(rdf_data, size); + memcpy(rdf_data + 2, data, size); + rdf = ldns_rdf_new(LDNS_RDF_TYPE_INT16_DATA, size + 2, rdf_data); + if(!rdf) + LDNS_FREE(rdf_data); + return rdf; +} + +/* note: data must be allocated memory */ +ldns_rdf * +ldns_rdf_new(ldns_rdf_type type, size_t size, void *data) +{ + ldns_rdf *rd; + rd = LDNS_MALLOC(ldns_rdf); + if (!rd) { + return NULL; + } + ldns_rdf_set_size(rd, size); + ldns_rdf_set_type(rd, type); + ldns_rdf_set_data(rd, data); + return rd; +} + +ldns_rdf * +ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data) +{ + ldns_rdf *rdf; + + /* if the size is too big, fail */ + if (size > LDNS_MAX_RDFLEN) { + return NULL; + } + + /* allocate space */ + rdf = LDNS_MALLOC(ldns_rdf); + if (!rdf) { + return NULL; + } + rdf->_data = LDNS_XMALLOC(uint8_t, size); + if (!rdf->_data) { + LDNS_FREE(rdf); + return NULL; + } + + /* set the values */ + ldns_rdf_set_type(rdf, type); + ldns_rdf_set_size(rdf, size); + memcpy(rdf->_data, data, size); + + return rdf; +} + +ldns_rdf * +ldns_rdf_clone(const ldns_rdf *rd) +{ + assert(rd != NULL); + return (ldns_rdf_new_frm_data( ldns_rdf_get_type(rd), + ldns_rdf_size(rd), ldns_rdf_data(rd))); +} + +void +ldns_rdf_deep_free(ldns_rdf *rd) +{ + if (rd) { + if (rd->_data) { + LDNS_FREE(rd->_data); + } + LDNS_FREE(rd); + } +} + +void +ldns_rdf_free(ldns_rdf *rd) +{ + if (rd) { + LDNS_FREE(rd); + } +} + +ldns_rdf * +ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str) +{ + ldns_rdf *rdf = NULL; + ldns_status status; + + switch (type) { + case LDNS_RDF_TYPE_DNAME: + status = ldns_str2rdf_dname(&rdf, str); + break; + case LDNS_RDF_TYPE_INT8: + status = ldns_str2rdf_int8(&rdf, str); + break; + case LDNS_RDF_TYPE_INT16: + status = ldns_str2rdf_int16(&rdf, str); + break; + case LDNS_RDF_TYPE_INT32: + status = ldns_str2rdf_int32(&rdf, str); + break; + case LDNS_RDF_TYPE_A: + status = ldns_str2rdf_a(&rdf, str); + break; + case LDNS_RDF_TYPE_AAAA: + status = ldns_str2rdf_aaaa(&rdf, str); + break; + case LDNS_RDF_TYPE_STR: + status = ldns_str2rdf_str(&rdf, str); + break; + case LDNS_RDF_TYPE_APL: + status = ldns_str2rdf_apl(&rdf, str); + break; + case LDNS_RDF_TYPE_B64: + status = ldns_str2rdf_b64(&rdf, str); + break; + case LDNS_RDF_TYPE_B32_EXT: + status = ldns_str2rdf_b32_ext(&rdf, str); + break; + case LDNS_RDF_TYPE_HEX: + status = ldns_str2rdf_hex(&rdf, str); + break; + case LDNS_RDF_TYPE_NSEC: + status = ldns_str2rdf_nsec(&rdf, str); + break; + case LDNS_RDF_TYPE_TYPE: + status = ldns_str2rdf_type(&rdf, str); + break; + case LDNS_RDF_TYPE_CLASS: + status = ldns_str2rdf_class(&rdf, str); + break; + case LDNS_RDF_TYPE_CERT_ALG: + status = ldns_str2rdf_cert_alg(&rdf, str); + break; + case LDNS_RDF_TYPE_ALG: + status = ldns_str2rdf_alg(&rdf, str); + break; + case LDNS_RDF_TYPE_UNKNOWN: + status = ldns_str2rdf_unknown(&rdf, str); + break; + case LDNS_RDF_TYPE_TIME: + status = ldns_str2rdf_time(&rdf, str); + break; + case LDNS_RDF_TYPE_PERIOD: + status = ldns_str2rdf_period(&rdf, str); + break; + case LDNS_RDF_TYPE_HIP: + status = ldns_str2rdf_hip(&rdf, str); + break; + case LDNS_RDF_TYPE_SERVICE: + status = ldns_str2rdf_service(&rdf, str); + break; + case LDNS_RDF_TYPE_LOC: + status = ldns_str2rdf_loc(&rdf, str); + break; + case LDNS_RDF_TYPE_WKS: + status = ldns_str2rdf_wks(&rdf, str); + break; + case LDNS_RDF_TYPE_NSAP: + status = ldns_str2rdf_nsap(&rdf, str); + break; + case LDNS_RDF_TYPE_ATMA: + status = ldns_str2rdf_atma(&rdf, str); + break; + case LDNS_RDF_TYPE_IPSECKEY: + status = ldns_str2rdf_ipseckey(&rdf, str); + break; + case LDNS_RDF_TYPE_NSEC3_SALT: + status = ldns_str2rdf_nsec3_salt(&rdf, str); + break; + case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER: + status = ldns_str2rdf_b32_ext(&rdf, str); + break; + case LDNS_RDF_TYPE_ILNP64: + status = ldns_str2rdf_ilnp64(&rdf, str); + break; + case LDNS_RDF_TYPE_EUI48: + status = ldns_str2rdf_eui48(&rdf, str); + break; + case LDNS_RDF_TYPE_EUI64: + status = ldns_str2rdf_eui64(&rdf, str); + break; + case LDNS_RDF_TYPE_TAG: + status = ldns_str2rdf_tag(&rdf, str); + break; + case LDNS_RDF_TYPE_LONG_STR: + status = ldns_str2rdf_long_str(&rdf, str); + break; + case LDNS_RDF_TYPE_CERTIFICATE_USAGE: + status = ldns_str2rdf_certificate_usage(&rdf, str); + break; + case LDNS_RDF_TYPE_SELECTOR: + status = ldns_str2rdf_selector(&rdf, str); + break; + case LDNS_RDF_TYPE_MATCHING_TYPE: + status = ldns_str2rdf_matching_type(&rdf, str); + break; + case LDNS_RDF_TYPE_NONE: + default: + /* default default ??? */ + status = LDNS_STATUS_ERR; + break; + } + if (LDNS_STATUS_OK == status) { + ldns_rdf_set_type(rdf, type); + return rdf; + } + if (rdf) { + LDNS_FREE(rdf); + } + return NULL; +} + +ldns_status +ldns_rdf_new_frm_fp(ldns_rdf **rdf, ldns_rdf_type type, FILE *fp) +{ + return ldns_rdf_new_frm_fp_l(rdf, type, fp, NULL); +} + +ldns_status +ldns_rdf_new_frm_fp_l(ldns_rdf **rdf, ldns_rdf_type type, FILE *fp, int *line_nr) +{ + char *line; + ldns_rdf *r; + ssize_t t; + + line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); + if (!line) { + return LDNS_STATUS_MEM_ERR; + } + + /* read an entire line in from the file */ + if ((t = ldns_fget_token_l(fp, line, LDNS_PARSE_SKIP_SPACE, 0, line_nr)) == -1 || t == 0) { + LDNS_FREE(line); + return LDNS_STATUS_SYNTAX_RDATA_ERR; + } + r = ldns_rdf_new_frm_str(type, (const char*) line); + LDNS_FREE(line); + if (rdf) { + *rdf = r; + return LDNS_STATUS_OK; + } else { + return LDNS_STATUS_NULL; + } +} + +ldns_rdf * +ldns_rdf_address_reverse(ldns_rdf *rd) +{ + uint8_t buf_4[LDNS_IP4ADDRLEN]; + uint8_t buf_6[LDNS_IP6ADDRLEN * 2]; + ldns_rdf *rev; + ldns_rdf *in_addr; + ldns_rdf *ret_dname; + uint8_t octet; + uint8_t nnibble; + uint8_t nibble; + uint8_t i, j; + + char *char_dname; + int nbit; + + if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_A && + ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_AAAA) { + return NULL; + } + + in_addr = NULL; + ret_dname = NULL; + + switch(ldns_rdf_get_type(rd)) { + case LDNS_RDF_TYPE_A: + /* the length of the buffer is 4 */ + buf_4[3] = ldns_rdf_data(rd)[0]; + buf_4[2] = ldns_rdf_data(rd)[1]; + buf_4[1] = ldns_rdf_data(rd)[2]; + buf_4[0] = ldns_rdf_data(rd)[3]; + in_addr = ldns_dname_new_frm_str("in-addr.arpa."); + if (!in_addr) { + return NULL; + } + /* make a new rdf and convert that back */ + rev = ldns_rdf_new_frm_data( LDNS_RDF_TYPE_A, + LDNS_IP4ADDRLEN, (void*)&buf_4); + if (!rev) { + LDNS_FREE(in_addr); + return NULL; + } + + /* convert rev to a string */ + char_dname = ldns_rdf2str(rev); + if (!char_dname) { + LDNS_FREE(in_addr); + ldns_rdf_deep_free(rev); + return NULL; + } + /* transform back to rdf with type dname */ + ret_dname = ldns_dname_new_frm_str(char_dname); + if (!ret_dname) { + LDNS_FREE(in_addr); + ldns_rdf_deep_free(rev); + LDNS_FREE(char_dname); + return NULL; + } + /* not needed anymore */ + ldns_rdf_deep_free(rev); + LDNS_FREE(char_dname); + break; + case LDNS_RDF_TYPE_AAAA: + /* some foo magic to reverse the nibbles ... */ + + for (nbit = 127; nbit >= 0; nbit = nbit - 4) { + /* calculate octett (8 bit) */ + octet = ( ((unsigned int) nbit) & 0x78) >> 3; + /* calculate nibble */ + nnibble = ( ((unsigned int) nbit) & 0x04) >> 2; + /* extract nibble */ + nibble = (ldns_rdf_data(rd)[octet] & ( 0xf << (4 * (1 - + nnibble)) ) ) >> ( 4 * (1 - + nnibble)); + + buf_6[(LDNS_IP6ADDRLEN * 2 - 1) - + (octet * 2 + nnibble)] = + (uint8_t)ldns_int_to_hexdigit((int)nibble); + } + + char_dname = LDNS_XMALLOC(char, (LDNS_IP6ADDRLEN * 4)); + if (!char_dname) { + return NULL; + } + char_dname[LDNS_IP6ADDRLEN * 4 - 1] = '\0'; /* closure */ + + /* walk the string and add . 's */ + for (i = 0, j = 0; i < LDNS_IP6ADDRLEN * 2; i++, j = j + 2) { + char_dname[j] = (char)buf_6[i]; + if (i != LDNS_IP6ADDRLEN * 2 - 1) { + char_dname[j + 1] = '.'; + } + } + in_addr = ldns_dname_new_frm_str("ip6.arpa."); + if (!in_addr) { + LDNS_FREE(char_dname); + return NULL; + } + + /* convert rev to a string */ + ret_dname = ldns_dname_new_frm_str(char_dname); + LDNS_FREE(char_dname); + if (!ret_dname) { + ldns_rdf_deep_free(in_addr); + return NULL; + } + break; + default: + break; + } + /* add the suffix */ + rev = ldns_dname_cat_clone(ret_dname, in_addr); + + ldns_rdf_deep_free(ret_dname); + ldns_rdf_deep_free(in_addr); + return rev; +} + +ldns_status +ldns_rdf_hip_get_alg_hit_pk(ldns_rdf *rdf, uint8_t* alg, + uint8_t *hit_size, uint8_t** hit, + uint16_t *pk_size, uint8_t** pk) +{ + uint8_t *data; + size_t rdf_size; + + if (! rdf || ! alg || ! hit || ! hit_size || ! pk || ! pk_size) { + return LDNS_STATUS_INVALID_POINTER; + } else if (ldns_rdf_get_type(rdf) != LDNS_RDF_TYPE_HIP) { + return LDNS_STATUS_INVALID_RDF_TYPE; + } else if ((rdf_size = ldns_rdf_size(rdf)) < 6) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + data = ldns_rdf_data(rdf); + *hit_size = data[0]; + *alg = data[1]; + *pk_size = ldns_read_uint16(data + 2); + *hit = data + 4; + *pk = data + 4 + *hit_size; + if (*hit_size == 0 || *pk_size == 0 || + rdf_size < (size_t) *hit_size + *pk_size + 4) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_rdf_hip_new_frm_alg_hit_pk(ldns_rdf** rdf, uint8_t alg, + uint8_t hit_size, uint8_t *hit, + uint16_t pk_size, uint8_t *pk) +{ + uint8_t *data; + + if (! rdf) { + return LDNS_STATUS_INVALID_POINTER; + } + if (4 + hit_size + pk_size > LDNS_MAX_RDFLEN) { + return LDNS_STATUS_RDATA_OVERFLOW; + } + data = LDNS_XMALLOC(uint8_t, 4 + hit_size + pk_size); + if (data == NULL) { + return LDNS_STATUS_MEM_ERR; + } + data[0] = hit_size; + data[1] = alg; + ldns_write_uint16(data + 2, pk_size); + memcpy(data + 4, hit, hit_size); + memcpy(data + 4 + hit_size, pk, pk_size); + *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HIP, 4 + hit_size + pk_size, data); + if (! *rdf) { + LDNS_FREE(data); + return LDNS_STATUS_MEM_ERR; + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_octet(char *word, size_t *length) +{ + char *s; + char *p; + *length = 0; + + for (s = p = word; *s != '\0'; s++,p++) { + switch (*s) { + case '.': + if (s[1] == '.') { + return LDNS_STATUS_EMPTY_LABEL; + } + *p = *s; + (*length)++; + break; + case '\\': + if ('0' <= s[1] && s[1] <= '9' && + '0' <= s[2] && s[2] <= '9' && + '0' <= s[3] && s[3] <= '9') { + /* \DDD seen */ + int val = ((s[1] - '0') * 100 + + (s[2] - '0') * 10 + (s[3] - '0')); + + if (0 <= val && val <= 255) { + /* this also handles \0 */ + s += 3; + *p = val; + (*length)++; + } else { + return LDNS_STATUS_DDD_OVERFLOW; + } + } else { + /* an espaced character, like \ ? + * remove the '\' keep the rest */ + *p = *++s; + (*length)++; + } + break; + case '\"': + /* non quoted " Is either first or the last character in + * the string */ + + *p = *++s; /* skip it */ + (*length)++; + /* I'm not sure if this is needed in libdns... MG */ + if ( *s == '\0' ) { + /* ok, it was the last one */ + *p = '\0'; + return LDNS_STATUS_OK; + } + break; + default: + *p = *s; + (*length)++; + break; + } + } + *p = '\0'; + return LDNS_STATUS_OK; +} + +int +ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2) +{ + uint16_t i1, i2, i; + uint8_t *d1, *d2; + + /* only when both are not NULL we can say anything about them */ + if (!rd1 && !rd2) { + return 0; + } + if (!rd1 || !rd2) { + return -1; + } + i1 = ldns_rdf_size(rd1); + i2 = ldns_rdf_size(rd2); + + if (i1 < i2) { + return -1; + } else if (i1 > i2) { + return +1; + } else { + d1 = (uint8_t*)ldns_rdf_data(rd1); + d2 = (uint8_t*)ldns_rdf_data(rd2); + for(i = 0; i < i1; i++) { + if (d1[i] < d2[i]) { + return -1; + } else if (d1[i] > d2[i]) { + return +1; + } + } + } + return 0; +} + +uint32_t +ldns_str2period(const char *nptr, const char **endptr) +{ + int sign = 0; + uint32_t i = 0; + uint32_t seconds = 0; + + for(*endptr = nptr; **endptr; (*endptr)++) { + switch (**endptr) { + case ' ': + case '\t': + break; + case '-': + if(sign == 0) { + sign = -1; + } else { + return seconds; + } + break; + case '+': + if(sign == 0) { + sign = 1; + } else { + return seconds; + } + break; + case 's': + case 'S': + seconds += i; + i = 0; + break; + case 'm': + case 'M': + seconds += i * 60; + i = 0; + break; + case 'h': + case 'H': + seconds += i * 60 * 60; + i = 0; + break; + case 'd': + case 'D': + seconds += i * 60 * 60 * 24; + i = 0; + break; + case 'w': + case 'W': + seconds += i * 60 * 60 * 24 * 7; + i = 0; + break; + case '0': + case '1': + case '2': + case '3': + case '4': + case '5': + case '6': + case '7': + case '8': + case '9': + i *= 10; + i += (**endptr - '0'); + break; + default: + seconds += i; + /* disregard signedness */ + return seconds; + } + } + seconds += i; + /* disregard signedness */ + return seconds; +} diff --git a/ldns/src/resolver.c b/ldns/src/resolver.c new file mode 100644 index 0000000..b092404 --- /dev/null +++ b/ldns/src/resolver.c @@ -0,0 +1,1603 @@ +/* + * resolver.c + * + * resolver implementation + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include +#include + +/* Access function for reading + * and setting the different Resolver + * options */ + +/* read */ +uint16_t +ldns_resolver_port(const ldns_resolver *r) +{ + return r->_port; +} + +ldns_rdf * +ldns_resolver_source(const ldns_resolver *r) +{ + return r->_source; +} + +uint16_t +ldns_resolver_edns_udp_size(const ldns_resolver *r) +{ + return r->_edns_udp_size; +} + +uint8_t +ldns_resolver_retry(const ldns_resolver *r) +{ + return r->_retry; +} + +uint8_t +ldns_resolver_retrans(const ldns_resolver *r) +{ + return r->_retrans; +} + +bool +ldns_resolver_fallback(const ldns_resolver *r) +{ + return r->_fallback; +} + +uint8_t +ldns_resolver_ip6(const ldns_resolver *r) +{ + return r->_ip6; +} + +bool +ldns_resolver_recursive(const ldns_resolver *r) +{ + return r->_recursive; +} + +bool +ldns_resolver_debug(const ldns_resolver *r) +{ + return r->_debug; +} + +bool +ldns_resolver_dnsrch(const ldns_resolver *r) +{ + return r->_dnsrch; +} + +bool +ldns_resolver_fail(const ldns_resolver *r) +{ + return r->_fail; +} + +bool +ldns_resolver_defnames(const ldns_resolver *r) +{ + return r->_defnames; +} + +ldns_rdf * +ldns_resolver_domain(const ldns_resolver *r) +{ + return r->_domain; +} + +ldns_rdf ** +ldns_resolver_searchlist(const ldns_resolver *r) +{ + return r->_searchlist; +} + +ldns_rdf ** +ldns_resolver_nameservers(const ldns_resolver *r) +{ + return r->_nameservers; +} + +size_t +ldns_resolver_nameserver_count(const ldns_resolver *r) +{ + return r->_nameserver_count; +} + +bool +ldns_resolver_dnssec(const ldns_resolver *r) +{ + return r->_dnssec; +} + +bool +ldns_resolver_dnssec_cd(const ldns_resolver *r) +{ + return r->_dnssec_cd; +} + +ldns_rr_list * +ldns_resolver_dnssec_anchors(const ldns_resolver *r) +{ + return r->_dnssec_anchors; +} + +bool +ldns_resolver_trusted_key(const ldns_resolver *r, ldns_rr_list * keys, ldns_rr_list * trusted_keys) +{ + size_t i; + bool result = false; + + ldns_rr_list * trust_anchors; + ldns_rr * cur_rr; + + if (!r || !keys) { return false; } + + trust_anchors = ldns_resolver_dnssec_anchors(r); + + if (!trust_anchors) { return false; } + + for (i = 0; i < ldns_rr_list_rr_count(keys); i++) { + + cur_rr = ldns_rr_list_rr(keys, i); + if (ldns_rr_list_contains_rr(trust_anchors, cur_rr)) { + if (trusted_keys) { ldns_rr_list_push_rr(trusted_keys, cur_rr); } + result = true; + } + } + + return result; +} + +bool +ldns_resolver_igntc(const ldns_resolver *r) +{ + return r->_igntc; +} + +bool +ldns_resolver_usevc(const ldns_resolver *r) +{ + return r->_usevc; +} + +size_t * +ldns_resolver_rtt(const ldns_resolver *r) +{ + return r->_rtt; +} + +size_t +ldns_resolver_nameserver_rtt(const ldns_resolver *r, size_t pos) +{ + size_t *rtt; + + assert(r != NULL); + + rtt = ldns_resolver_rtt(r); + + if (pos >= ldns_resolver_nameserver_count(r)) { + /* error ?*/ + return 0; + } else { + return rtt[pos]; + } + +} + +struct timeval +ldns_resolver_timeout(const ldns_resolver *r) +{ + return r->_timeout; +} + +char * +ldns_resolver_tsig_keyname(const ldns_resolver *r) +{ + return r->_tsig_keyname; +} + +char * +ldns_resolver_tsig_algorithm(const ldns_resolver *r) +{ + return r->_tsig_algorithm; +} + +char * +ldns_resolver_tsig_keydata(const ldns_resolver *r) +{ + return r->_tsig_keydata; +} + +bool +ldns_resolver_random(const ldns_resolver *r) +{ + return r->_random; +} + +size_t +ldns_resolver_searchlist_count(const ldns_resolver *r) +{ + return r->_searchlist_count; +} + +/* write */ +void +ldns_resolver_set_port(ldns_resolver *r, uint16_t p) +{ + r->_port = p; +} + +void +ldns_resolver_set_source(ldns_resolver *r, ldns_rdf *s) +{ + r->_source = s; +} + +ldns_rdf * +ldns_resolver_pop_nameserver(ldns_resolver *r) +{ + ldns_rdf **nameservers; + ldns_rdf *pop; + size_t ns_count; + size_t *rtt; + + assert(r != NULL); + + ns_count = ldns_resolver_nameserver_count(r); + nameservers = ldns_resolver_nameservers(r); + rtt = ldns_resolver_rtt(r); + if (ns_count == 0 || !nameservers) { + return NULL; + } + + pop = nameservers[ns_count - 1]; + + if (ns_count == 1) { + LDNS_FREE(nameservers); + LDNS_FREE(rtt); + + ldns_resolver_set_nameservers(r, NULL); + ldns_resolver_set_rtt(r, NULL); + } else { + nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *, + (ns_count - 1)); + rtt = LDNS_XREALLOC(rtt, size_t, (ns_count - 1)); + + ldns_resolver_set_nameservers(r, nameservers); + ldns_resolver_set_rtt(r, rtt); + } + /* decr the count */ + ldns_resolver_dec_nameserver_count(r); + return pop; +} + +ldns_status +ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n) +{ + ldns_rdf **nameservers; + size_t ns_count; + size_t *rtt; + + if (ldns_rdf_get_type(n) != LDNS_RDF_TYPE_A && + ldns_rdf_get_type(n) != LDNS_RDF_TYPE_AAAA) { + return LDNS_STATUS_ERR; + } + + ns_count = ldns_resolver_nameserver_count(r); + nameservers = ldns_resolver_nameservers(r); + rtt = ldns_resolver_rtt(r); + + /* make room for the next one */ + if (ns_count == 0) { + nameservers = LDNS_XMALLOC(ldns_rdf *, 1); + } else { + nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *, (ns_count + 1)); + } + if(!nameservers) + return LDNS_STATUS_MEM_ERR; + + /* set the new value in the resolver */ + ldns_resolver_set_nameservers(r, nameservers); + + /* don't forget the rtt */ + if (ns_count == 0) { + rtt = LDNS_XMALLOC(size_t, 1); + } else { + rtt = LDNS_XREALLOC(rtt, size_t, (ns_count + 1)); + } + if(!rtt) + return LDNS_STATUS_MEM_ERR; + + /* slide n in its slot. */ + /* we clone it here, because then we can free the original + * rr's where it stood */ + nameservers[ns_count] = ldns_rdf_clone(n); + rtt[ns_count] = LDNS_RESOLV_RTT_MIN; + ldns_resolver_incr_nameserver_count(r); + ldns_resolver_set_rtt(r, rtt); + return LDNS_STATUS_OK; +} + +ldns_status +ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr) +{ + ldns_rdf *address; + if ((!rr) || (ldns_rr_get_type(rr) != LDNS_RR_TYPE_A && + ldns_rr_get_type(rr) != LDNS_RR_TYPE_AAAA)) { + return LDNS_STATUS_ERR; + } + address = ldns_rr_rdf(rr, 0); /* extract the ip number */ + if (address) { + return ldns_resolver_push_nameserver(r, address); + } else { + return LDNS_STATUS_ERR; + } +} + +ldns_status +ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list *rrlist) +{ + ldns_rr *rr; + ldns_status stat; + size_t i; + + stat = LDNS_STATUS_OK; + if (rrlist) { + for(i = 0; i < ldns_rr_list_rr_count(rrlist); i++) { + rr = ldns_rr_list_rr(rrlist, i); + if (ldns_resolver_push_nameserver_rr(r, rr) != LDNS_STATUS_OK) { + stat = LDNS_STATUS_ERR; + break; + } + } + return stat; + } else { + return LDNS_STATUS_ERR; + } +} + +void +ldns_resolver_set_edns_udp_size(ldns_resolver *r, uint16_t s) +{ + r->_edns_udp_size = s; +} + +void +ldns_resolver_set_recursive(ldns_resolver *r, bool re) +{ + r->_recursive = re; +} + +void +ldns_resolver_set_dnssec(ldns_resolver *r, bool d) +{ + r->_dnssec = d; +} + +void +ldns_resolver_set_dnssec_cd(ldns_resolver *r, bool d) +{ + r->_dnssec_cd = d; +} + +void +ldns_resolver_set_dnssec_anchors(ldns_resolver *r, ldns_rr_list * l) +{ + r->_dnssec_anchors = l; +} + +ldns_status +ldns_resolver_push_dnssec_anchor(ldns_resolver *r, ldns_rr *rr) +{ + ldns_rr_list * trust_anchors; + + if ((!rr) || (ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY && + ldns_rr_get_type(rr) != LDNS_RR_TYPE_DS)) { + + return LDNS_STATUS_ERR; + } + + if (!(trust_anchors = ldns_resolver_dnssec_anchors(r))) { /* Initialize */ + trust_anchors = ldns_rr_list_new(); + ldns_resolver_set_dnssec_anchors(r, trust_anchors); + } + + return (ldns_rr_list_push_rr(trust_anchors, ldns_rr_clone(rr))) ? LDNS_STATUS_OK : LDNS_STATUS_ERR; +} + +void +ldns_resolver_set_igntc(ldns_resolver *r, bool i) +{ + r->_igntc = i; +} + +void +ldns_resolver_set_usevc(ldns_resolver *r, bool vc) +{ + r->_usevc = vc; +} + +void +ldns_resolver_set_debug(ldns_resolver *r, bool d) +{ + r->_debug = d; +} + +void +ldns_resolver_set_ip6(ldns_resolver *r, uint8_t ip6) +{ + r->_ip6 = ip6; +} + +void +ldns_resolver_set_fail(ldns_resolver *r, bool f) +{ + r->_fail =f; +} + +static void +ldns_resolver_set_searchlist_count(ldns_resolver *r, size_t c) +{ + r->_searchlist_count = c; +} + +void +ldns_resolver_set_nameserver_count(ldns_resolver *r, size_t c) +{ + r->_nameserver_count = c; +} + +void +ldns_resolver_set_dnsrch(ldns_resolver *r, bool d) +{ + r->_dnsrch = d; +} + +void +ldns_resolver_set_retry(ldns_resolver *r, uint8_t retry) +{ + r->_retry = retry; +} + +void +ldns_resolver_set_retrans(ldns_resolver *r, uint8_t retrans) +{ + r->_retrans = retrans; +} + +void +ldns_resolver_set_fallback(ldns_resolver *r, bool fallback) +{ + r->_fallback = fallback; +} + +void +ldns_resolver_set_nameservers(ldns_resolver *r, ldns_rdf **n) +{ + r->_nameservers = n; +} + +void +ldns_resolver_set_defnames(ldns_resolver *r, bool d) +{ + r->_defnames = d; +} + +void +ldns_resolver_set_rtt(ldns_resolver *r, size_t *rtt) +{ + r->_rtt = rtt; +} + +void +ldns_resolver_set_nameserver_rtt(ldns_resolver *r, size_t pos, size_t value) +{ + size_t *rtt; + + assert(r != NULL); + + rtt = ldns_resolver_rtt(r); + + if (pos >= ldns_resolver_nameserver_count(r)) { + /* error ?*/ + } else { + rtt[pos] = value; + } + +} + +void +ldns_resolver_incr_nameserver_count(ldns_resolver *r) +{ + size_t c; + + c = ldns_resolver_nameserver_count(r); + ldns_resolver_set_nameserver_count(r, ++c); +} + +void +ldns_resolver_dec_nameserver_count(ldns_resolver *r) +{ + size_t c; + + c = ldns_resolver_nameserver_count(r); + if (c == 0) { + return; + } else { + ldns_resolver_set_nameserver_count(r, --c); + } +} + +void +ldns_resolver_set_domain(ldns_resolver *r, ldns_rdf *d) +{ + r->_domain = d; +} + +void +ldns_resolver_set_timeout(ldns_resolver *r, struct timeval timeout) +{ + r->_timeout.tv_sec = timeout.tv_sec; + r->_timeout.tv_usec = timeout.tv_usec; +} + +void +ldns_resolver_push_searchlist(ldns_resolver *r, ldns_rdf *d) +{ + ldns_rdf **searchlist; + size_t list_count; + + if (ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME) { + return; + } + + list_count = ldns_resolver_searchlist_count(r); + searchlist = ldns_resolver_searchlist(r); + + searchlist = LDNS_XREALLOC(searchlist, ldns_rdf *, (list_count + 1)); + if (searchlist) { + r->_searchlist = searchlist; + + searchlist[list_count] = ldns_rdf_clone(d); + ldns_resolver_set_searchlist_count(r, list_count + 1); + } /* no way to report mem err */ +} + +void +ldns_resolver_set_tsig_keyname(ldns_resolver *r, char *tsig_keyname) +{ + LDNS_FREE(r->_tsig_keyname); + r->_tsig_keyname = strdup(tsig_keyname); +} + +void +ldns_resolver_set_tsig_algorithm(ldns_resolver *r, char *tsig_algorithm) +{ + LDNS_FREE(r->_tsig_algorithm); + r->_tsig_algorithm = strdup(tsig_algorithm); +} + +void +ldns_resolver_set_tsig_keydata(ldns_resolver *r, char *tsig_keydata) +{ + LDNS_FREE(r->_tsig_keydata); + r->_tsig_keydata = strdup(tsig_keydata); +} + +void +ldns_resolver_set_random(ldns_resolver *r, bool b) +{ + r->_random = b; +} + +/* more sophisticated functions */ +ldns_resolver * +ldns_resolver_new(void) +{ + ldns_resolver *r; + + r = LDNS_MALLOC(ldns_resolver); + if (!r) { + return NULL; + } + + r->_searchlist = NULL; + r->_nameservers = NULL; + r->_rtt = NULL; + + /* defaults are filled out */ + ldns_resolver_set_searchlist_count(r, 0); + ldns_resolver_set_nameserver_count(r, 0); + ldns_resolver_set_usevc(r, 0); + ldns_resolver_set_port(r, LDNS_PORT); + ldns_resolver_set_domain(r, NULL); + ldns_resolver_set_defnames(r, false); + ldns_resolver_set_retry(r, 3); + ldns_resolver_set_retrans(r, 2); + ldns_resolver_set_fallback(r, true); + ldns_resolver_set_fail(r, false); + ldns_resolver_set_edns_udp_size(r, 0); + ldns_resolver_set_dnssec(r, false); + ldns_resolver_set_dnssec_cd(r, false); + ldns_resolver_set_dnssec_anchors(r, NULL); + ldns_resolver_set_ip6(r, LDNS_RESOLV_INETANY); + ldns_resolver_set_igntc(r, false); + ldns_resolver_set_recursive(r, false); + ldns_resolver_set_dnsrch(r, true); + ldns_resolver_set_source(r, NULL); + ldns_resolver_set_ixfr_serial(r, 0); + + /* randomize the nameserver to be queried + * when there are multiple + */ + ldns_resolver_set_random(r, true); + + ldns_resolver_set_debug(r, 0); + + r->_timeout.tv_sec = LDNS_DEFAULT_TIMEOUT_SEC; + r->_timeout.tv_usec = LDNS_DEFAULT_TIMEOUT_USEC; + + /* TODO: fd=0 is actually a valid socket (stdin), + replace with -1 */ + r->_socket = 0; + r->_axfr_soa_count = 0; + r->_axfr_i = 0; + r->_cur_axfr_pkt = NULL; + + r->_tsig_keyname = NULL; + r->_tsig_keydata = NULL; + r->_tsig_algorithm = NULL; + return r; +} + +ldns_resolver * +ldns_resolver_clone(ldns_resolver *src) +{ + ldns_resolver *dst; + size_t i; + + assert(src != NULL); + + if (!(dst = LDNS_MALLOC(ldns_resolver))) return NULL; + (void) memcpy(dst, src, sizeof(ldns_resolver)); + + if (dst->_searchlist_count == 0) + dst->_searchlist = NULL; + else { + if (!(dst->_searchlist = + LDNS_XMALLOC(ldns_rdf *, dst->_searchlist_count))) + goto error; + for (i = 0; i < dst->_searchlist_count; i++) + if (!(dst->_searchlist[i] = + ldns_rdf_clone(src->_searchlist[i]))) { + dst->_searchlist_count = i; + goto error_searchlist; + } + } + if (dst->_nameserver_count == 0) { + dst->_nameservers = NULL; + dst->_rtt = NULL; + } else { + if (!(dst->_nameservers = + LDNS_XMALLOC(ldns_rdf *, dst->_nameserver_count))) + goto error_searchlist; + for (i = 0; i < dst->_nameserver_count; i++) + if (!(dst->_nameservers[i] = + ldns_rdf_clone(src->_nameservers[i]))) { + dst->_nameserver_count = i; + goto error_nameservers; + } + if (!(dst->_rtt = + LDNS_XMALLOC(size_t, dst->_nameserver_count))) + goto error_nameservers; + (void) memcpy(dst->_rtt, src->_rtt, + sizeof(size_t) * dst->_nameserver_count); + } + if (dst->_domain && (!(dst->_domain = ldns_rdf_clone(src->_domain)))) + goto error_rtt; + + if (dst->_tsig_keyname && + (!(dst->_tsig_keyname = strdup(src->_tsig_keyname)))) + goto error_domain; + + if (dst->_tsig_keydata && + (!(dst->_tsig_keydata = strdup(src->_tsig_keydata)))) + goto error_tsig_keyname; + + if (dst->_tsig_algorithm && + (!(dst->_tsig_algorithm = strdup(src->_tsig_algorithm)))) + goto error_tsig_keydata; + + if (dst->_cur_axfr_pkt && + (!(dst->_cur_axfr_pkt = ldns_pkt_clone(src->_cur_axfr_pkt)))) + goto error_tsig_algorithm; + + if (dst->_dnssec_anchors && + (!(dst->_dnssec_anchors=ldns_rr_list_clone(src->_dnssec_anchors)))) + goto error_cur_axfr_pkt; + + return dst; + +error_cur_axfr_pkt: + ldns_pkt_free(dst->_cur_axfr_pkt); +error_tsig_algorithm: + LDNS_FREE(dst->_tsig_algorithm); +error_tsig_keydata: + LDNS_FREE(dst->_tsig_keydata); +error_tsig_keyname: + LDNS_FREE(dst->_tsig_keyname); +error_domain: + ldns_rdf_deep_free(dst->_domain); +error_rtt: + LDNS_FREE(dst->_rtt); +error_nameservers: + for (i = 0; i < dst->_nameserver_count; i++) + ldns_rdf_deep_free(dst->_nameservers[i]); + LDNS_FREE(dst->_nameservers); +error_searchlist: + for (i = 0; i < dst->_searchlist_count; i++) + ldns_rdf_deep_free(dst->_searchlist[i]); + LDNS_FREE(dst->_searchlist); +error: + LDNS_FREE(dst); + return NULL; +} + + +ldns_status +ldns_resolver_new_frm_fp(ldns_resolver **res, FILE *fp) +{ + return ldns_resolver_new_frm_fp_l(res, fp, NULL); +} + +ldns_status +ldns_resolver_new_frm_fp_l(ldns_resolver **res, FILE *fp, int *line_nr) +{ + ldns_resolver *r; + const char *keyword[LDNS_RESOLV_KEYWORDS]; + char word[LDNS_MAX_LINELEN + 1]; + int8_t expect; + uint8_t i; + ldns_rdf *tmp; +#ifdef HAVE_SSL + ldns_rr *tmp_rr; +#endif + ssize_t gtr, bgtr; + ldns_buffer *b; + int lnr = 0, oldline; + FILE* myfp = fp; + if(!line_nr) line_nr = &lnr; + + if(!fp) { + myfp = fopen("/etc/resolv.conf", "r"); + if(!myfp) + return LDNS_STATUS_FILE_ERR; + } + + /* do this better + * expect = + * 0: keyword + * 1: default domain dname + * 2: NS aaaa or a record + */ + + /* recognized keywords */ + keyword[LDNS_RESOLV_NAMESERVER] = "nameserver"; + keyword[LDNS_RESOLV_DEFDOMAIN] = "domain"; + keyword[LDNS_RESOLV_SEARCH] = "search"; + /* these two are read but not used atm TODO */ + keyword[LDNS_RESOLV_SORTLIST] = "sortlist"; + keyword[LDNS_RESOLV_OPTIONS] = "options"; + keyword[LDNS_RESOLV_ANCHOR] = "anchor"; + expect = LDNS_RESOLV_KEYWORD; + + r = ldns_resolver_new(); + if (!r) { + if(!fp) fclose(myfp); + return LDNS_STATUS_MEM_ERR; + } + + gtr = 1; + word[0] = 0; + oldline = *line_nr; + expect = LDNS_RESOLV_KEYWORD; + while (gtr > 0) { + /* check comments */ + if (word[0] == '#') { + word[0]='x'; + if(oldline == *line_nr) { + /* skip until end of line */ + int c; + do { + c = fgetc(myfp); + } while(c != EOF && c != '\n'); + if(c=='\n') (*line_nr)++; + } + /* and read next to prepare for further parsing */ + oldline = *line_nr; + continue; + } + oldline = *line_nr; + switch(expect) { + case LDNS_RESOLV_KEYWORD: + /* keyword */ + gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); + if (gtr != 0) { + if(word[0] == '#') continue; + for(i = 0; i < LDNS_RESOLV_KEYWORDS; i++) { + if (strcasecmp(keyword[i], word) == 0) { + /* chosen the keyword and + * expect values carefully + */ + expect = i; + break; + } + } + /* no keyword recognized */ + if (expect == LDNS_RESOLV_KEYWORD) { + /* skip line */ + /* + ldns_resolver_deep_free(r); + if(!fp) fclose(myfp); + return LDNS_STATUS_SYNTAX_KEYWORD_ERR; + */ + } + } + break; + case LDNS_RESOLV_DEFDOMAIN: + /* default domain dname */ + gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); + if (gtr == 0) { + if(!fp) fclose(myfp); + return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; + } + if(word[0] == '#') { + expect = LDNS_RESOLV_KEYWORD; + continue; + } + tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word); + if (!tmp) { + ldns_resolver_deep_free(r); + if(!fp) fclose(myfp); + return LDNS_STATUS_SYNTAX_DNAME_ERR; + } + + /* DOn't free, because we copy the pointer */ + ldns_resolver_set_domain(r, tmp); + expect = LDNS_RESOLV_KEYWORD; + break; + case LDNS_RESOLV_NAMESERVER: + /* NS aaaa or a record */ + gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); + if (gtr == 0) { + if(!fp) fclose(myfp); + return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; + } + if(word[0] == '#') { + expect = LDNS_RESOLV_KEYWORD; + continue; + } + if(strchr(word, '%')) { + /* snip off interface labels, + * fe80::222:19ff:fe31:4222%eth0 */ + strchr(word, '%')[0]=0; + } + tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, word); + if (!tmp) { + /* try ip4 */ + tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, word); + } + /* could not parse it, exit */ + if (!tmp) { + ldns_resolver_deep_free(r); + if(!fp) fclose(myfp); + return LDNS_STATUS_SYNTAX_ERR; + } + (void)ldns_resolver_push_nameserver(r, tmp); + ldns_rdf_deep_free(tmp); + expect = LDNS_RESOLV_KEYWORD; + break; + case LDNS_RESOLV_SEARCH: + /* search list domain dname */ + gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); + b = LDNS_MALLOC(ldns_buffer); + if(!b) { + ldns_resolver_deep_free(r); + if(!fp) fclose(myfp); + return LDNS_STATUS_MEM_ERR; + } + + ldns_buffer_new_frm_data(b, word, (size_t) gtr); + if(ldns_buffer_status(b) != LDNS_STATUS_OK) { + LDNS_FREE(b); + ldns_resolver_deep_free(r); + if(!fp) fclose(myfp); + return LDNS_STATUS_MEM_ERR; + } + bgtr = ldns_bget_token(b, word, LDNS_PARSE_NORMAL, (size_t) gtr + 1); + while (bgtr > 0) { + gtr -= bgtr; + if(word[0] == '#') { + expect = LDNS_RESOLV_KEYWORD; + break; + } + tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word); + if (!tmp) { + ldns_resolver_deep_free(r); + ldns_buffer_free(b); + if(!fp) fclose(myfp); + return LDNS_STATUS_SYNTAX_DNAME_ERR; + } + + ldns_resolver_push_searchlist(r, tmp); + + ldns_rdf_deep_free(tmp); + bgtr = ldns_bget_token(b, word, LDNS_PARSE_NORMAL, + (size_t) gtr + 1); + } + ldns_buffer_free(b); + if (expect != LDNS_RESOLV_KEYWORD) { + gtr = 1; + expect = LDNS_RESOLV_KEYWORD; + } + break; + case LDNS_RESOLV_SORTLIST: + gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); + /* sortlist not implemented atm */ + expect = LDNS_RESOLV_KEYWORD; + break; + case LDNS_RESOLV_OPTIONS: + gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); + /* options not implemented atm */ + expect = LDNS_RESOLV_KEYWORD; + break; + case LDNS_RESOLV_ANCHOR: + /* a file containing a DNSSEC trust anchor */ + gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); + if (gtr == 0) { + ldns_resolver_deep_free(r); + if(!fp) fclose(myfp); + return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; + } + if(word[0] == '#') { + expect = LDNS_RESOLV_KEYWORD; + continue; + } + +#ifdef HAVE_SSL + tmp_rr = ldns_read_anchor_file(word); + (void) ldns_resolver_push_dnssec_anchor(r, tmp_rr); + ldns_rr_free(tmp_rr); +#endif + expect = LDNS_RESOLV_KEYWORD; + break; + } + } + + if(!fp) + fclose(myfp); + + if (res) { + *res = r; + return LDNS_STATUS_OK; + } else { + ldns_resolver_deep_free(r); + return LDNS_STATUS_NULL; + } +} + +ldns_status +ldns_resolver_new_frm_file(ldns_resolver **res, const char *filename) +{ + ldns_resolver *r; + FILE *fp; + ldns_status s; + + if (!filename) { + fp = fopen(LDNS_RESOLV_CONF, "r"); + + } else { + fp = fopen(filename, "r"); + } + if (!fp) { + return LDNS_STATUS_FILE_ERR; + } + + s = ldns_resolver_new_frm_fp(&r, fp); + fclose(fp); + if (s == LDNS_STATUS_OK) { + if (res) { + *res = r; + return LDNS_STATUS_OK; + } else { + ldns_resolver_free(r); + return LDNS_STATUS_NULL; + } + } + return s; +} + +void +ldns_resolver_free(ldns_resolver *res) +{ + LDNS_FREE(res); +} + +void +ldns_resolver_deep_free(ldns_resolver *res) +{ + size_t i; + + if (res) { + if (res->_searchlist) { + for (i = 0; i < ldns_resolver_searchlist_count(res); i++) { + ldns_rdf_deep_free(res->_searchlist[i]); + } + LDNS_FREE(res->_searchlist); + } + if (res->_nameservers) { + for (i = 0; i < res->_nameserver_count; i++) { + ldns_rdf_deep_free(res->_nameservers[i]); + } + LDNS_FREE(res->_nameservers); + } + if (ldns_resolver_domain(res)) { + ldns_rdf_deep_free(ldns_resolver_domain(res)); + } + if (res->_tsig_keyname) { + LDNS_FREE(res->_tsig_keyname); + } + if (res->_tsig_keydata) { + LDNS_FREE(res->_tsig_keydata); + } + if (res->_tsig_algorithm) { + LDNS_FREE(res->_tsig_algorithm); + } + + if (res->_cur_axfr_pkt) { + ldns_pkt_free(res->_cur_axfr_pkt); + } + + if (res->_rtt) { + LDNS_FREE(res->_rtt); + } + if (res->_dnssec_anchors) { + ldns_rr_list_deep_free(res->_dnssec_anchors); + } + LDNS_FREE(res); + } +} + +ldns_status +ldns_resolver_search_status(ldns_pkt** pkt, + ldns_resolver *r, const ldns_rdf *name, + ldns_rr_type t, ldns_rr_class c, uint16_t flags) +{ + ldns_rdf *new_name; + ldns_rdf **search_list; + size_t i; + ldns_status s = LDNS_STATUS_OK; + ldns_rdf root_dname = { 1, LDNS_RDF_TYPE_DNAME, (void *)"" }; + + if (ldns_dname_absolute(name)) { + /* query as-is */ + return ldns_resolver_query_status(pkt, r, name, t, c, flags); + } else if (ldns_resolver_dnsrch(r)) { + search_list = ldns_resolver_searchlist(r); + for (i = 0; i <= ldns_resolver_searchlist_count(r); i++) { + if (i == ldns_resolver_searchlist_count(r)) { + new_name = ldns_dname_cat_clone(name, + &root_dname); + } else { + new_name = ldns_dname_cat_clone(name, + search_list[i]); + } + + s = ldns_resolver_query_status(pkt, r, + new_name, t, c, flags); + ldns_rdf_free(new_name); + if (pkt && *pkt) { + if (s == LDNS_STATUS_OK && + ldns_pkt_get_rcode(*pkt) == + LDNS_RCODE_NOERROR) { + + return LDNS_STATUS_OK; + } + ldns_pkt_free(*pkt); + *pkt = NULL; + } + } + } + return s; +} + +ldns_pkt * +ldns_resolver_search(const ldns_resolver *r,const ldns_rdf *name, + ldns_rr_type t, ldns_rr_class c, uint16_t flags) +{ + ldns_pkt* pkt = NULL; + if (ldns_resolver_search_status(&pkt, (ldns_resolver *)r, + name, t, c, flags) != LDNS_STATUS_OK) { + ldns_pkt_free(pkt); + } + return pkt; +} + +ldns_status +ldns_resolver_query_status(ldns_pkt** pkt, + ldns_resolver *r, const ldns_rdf *name, + ldns_rr_type t, ldns_rr_class c, uint16_t flags) +{ + ldns_rdf *newname; + ldns_status status; + + if (!ldns_resolver_defnames(r) || !ldns_resolver_domain(r)) { + return ldns_resolver_send(pkt, r, name, t, c, flags); + } + + newname = ldns_dname_cat_clone(name, ldns_resolver_domain(r)); + if (!newname) { + return LDNS_STATUS_MEM_ERR; + } + status = ldns_resolver_send(pkt, r, newname, t, c, flags); + ldns_rdf_free(newname); + return status; +} + +ldns_pkt * +ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name, + ldns_rr_type t, ldns_rr_class c, uint16_t flags) +{ + ldns_pkt* pkt = NULL; + if (ldns_resolver_query_status(&pkt, (ldns_resolver *)r, + name, t, c, flags) != LDNS_STATUS_OK) { + ldns_pkt_free(pkt); + } + return pkt; +} + +static size_t * +ldns_resolver_backup_rtt(ldns_resolver *r) +{ + size_t *new_rtt; + size_t *old_rtt = ldns_resolver_rtt(r); + + if (old_rtt && ldns_resolver_nameserver_count(r)) { + new_rtt = LDNS_XMALLOC(size_t + , ldns_resolver_nameserver_count(r)); + memcpy(new_rtt, old_rtt, sizeof(size_t) + * ldns_resolver_nameserver_count(r)); + ldns_resolver_set_rtt(r, new_rtt); + return old_rtt; + } + return NULL; +} + +static void +ldns_resolver_restore_rtt(ldns_resolver *r, size_t *old_rtt) +{ + size_t *cur_rtt = ldns_resolver_rtt(r); + + if (cur_rtt) { + LDNS_FREE(cur_rtt); + } + ldns_resolver_set_rtt(r, old_rtt); +} + +ldns_status +ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r, + ldns_pkt *query_pkt) +{ + ldns_pkt *answer_pkt = NULL; + ldns_status stat = LDNS_STATUS_OK; + size_t *rtt; + + stat = ldns_send(&answer_pkt, (ldns_resolver *)r, query_pkt); + if (stat != LDNS_STATUS_OK) { + if(answer_pkt) { + ldns_pkt_free(answer_pkt); + answer_pkt = NULL; + } + } else { + /* if tc=1 fall back to EDNS and/or TCP */ + /* check for tcp first (otherwise we don't care about tc=1) */ + if (!ldns_resolver_usevc(r) && ldns_resolver_fallback(r)) { + if (ldns_pkt_tc(answer_pkt)) { + /* was EDNS0 set? */ + if (ldns_pkt_edns_udp_size(query_pkt) == 0) { + ldns_pkt_set_edns_udp_size(query_pkt + , 4096); + ldns_pkt_free(answer_pkt); + answer_pkt = NULL; + /* Nameservers should not become + * unreachable because fragments are + * dropped (network error). We might + * still have success with TCP. + * Therefore maintain reachability + * statuses of the nameservers by + * backup and restore the rtt list. + */ + rtt = ldns_resolver_backup_rtt(r); + stat = ldns_send(&answer_pkt, r + , query_pkt); + ldns_resolver_restore_rtt(r, rtt); + } + /* either way, if it is still truncated, use TCP */ + if (stat != LDNS_STATUS_OK || + ldns_pkt_tc(answer_pkt)) { + ldns_resolver_set_usevc(r, true); + ldns_pkt_free(answer_pkt); + stat = ldns_send(&answer_pkt, r, query_pkt); + ldns_resolver_set_usevc(r, false); + } + } + } + } + + if (answer) { + *answer = answer_pkt; + } + + return stat; +} + +ldns_status +ldns_resolver_prepare_query_pkt(ldns_pkt **query_pkt, ldns_resolver *r, + const ldns_rdf *name, ldns_rr_type t, + ldns_rr_class c, uint16_t flags) +{ + struct timeval now; + ldns_rr* soa = NULL; + + /* prepare a question pkt from the parameters + * and then send this */ + if (t == LDNS_RR_TYPE_IXFR) { + ldns_rdf *owner_rdf; + ldns_rdf *mname_rdf; + ldns_rdf *rname_rdf; + ldns_rdf *serial_rdf; + ldns_rdf *refresh_rdf; + ldns_rdf *retry_rdf; + ldns_rdf *expire_rdf; + ldns_rdf *minimum_rdf; + soa = ldns_rr_new(); + + if (!soa) { + return LDNS_STATUS_ERR; + } + owner_rdf = ldns_rdf_clone(name); + if (!owner_rdf) { + ldns_rr_free(soa); + return LDNS_STATUS_ERR; + } + ldns_rr_set_owner(soa, owner_rdf); + ldns_rr_set_type(soa, LDNS_RR_TYPE_SOA); + ldns_rr_set_class(soa, c); + ldns_rr_set_question(soa, false); + if (ldns_str2rdf_dname(&mname_rdf, ".") != LDNS_STATUS_OK) { + ldns_rr_free(soa); + return LDNS_STATUS_ERR; + } else ldns_rr_push_rdf(soa, mname_rdf); + if (ldns_str2rdf_dname(&rname_rdf, ".") != LDNS_STATUS_OK) { + ldns_rr_free(soa); + return LDNS_STATUS_ERR; + } else ldns_rr_push_rdf(soa, rname_rdf); + serial_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, ldns_resolver_get_ixfr_serial(r)); + if (!serial_rdf) { + ldns_rr_free(soa); + return LDNS_STATUS_ERR; + } else ldns_rr_push_rdf(soa, serial_rdf); + refresh_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); + if (!refresh_rdf) { + ldns_rr_free(soa); + return LDNS_STATUS_ERR; + } else ldns_rr_push_rdf(soa, refresh_rdf); + retry_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); + if (!retry_rdf) { + ldns_rr_free(soa); + return LDNS_STATUS_ERR; + } else ldns_rr_push_rdf(soa, retry_rdf); + expire_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); + if (!expire_rdf) { + ldns_rr_free(soa); + return LDNS_STATUS_ERR; + } else ldns_rr_push_rdf(soa, expire_rdf); + minimum_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); + if (!minimum_rdf) { + ldns_rr_free(soa); + return LDNS_STATUS_ERR; + } else ldns_rr_push_rdf(soa, minimum_rdf); + + *query_pkt = ldns_pkt_ixfr_request_new(ldns_rdf_clone(name), + c, flags, soa); + } else { + *query_pkt = ldns_pkt_query_new(ldns_rdf_clone(name), t, c, flags); + } + if (!*query_pkt) { + ldns_rr_free(soa); + return LDNS_STATUS_ERR; + } + + /* set DO bit if necessary */ + if (ldns_resolver_dnssec(r)) { + if (ldns_resolver_edns_udp_size(r) == 0) { + ldns_resolver_set_edns_udp_size(r, 4096); + } + ldns_pkt_set_edns_do(*query_pkt, true); + if (ldns_resolver_dnssec_cd(r) || (flags & LDNS_CD)) { + ldns_pkt_set_cd(*query_pkt, true); + } + } + + /* transfer the udp_edns_size from the resolver to the packet */ + if (ldns_resolver_edns_udp_size(r) != 0) { + ldns_pkt_set_edns_udp_size(*query_pkt, ldns_resolver_edns_udp_size(r)); + } + + /* set the timestamp */ + now.tv_sec = time(NULL); + now.tv_usec = 0; + ldns_pkt_set_timestamp(*query_pkt, now); + + + if (ldns_resolver_debug(r)) { + ldns_pkt_print(stdout, *query_pkt); + } + + /* only set the id if it is not set yet */ + if (ldns_pkt_id(*query_pkt) == 0) { + ldns_pkt_set_random_id(*query_pkt); + } + + return LDNS_STATUS_OK; +} + +ldns_status +ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name, + ldns_rr_type t, ldns_rr_class c, uint16_t flags) +{ + ldns_pkt *query_pkt; + ldns_pkt *answer_pkt; + ldns_status status; + + assert(r != NULL); + assert(name != NULL); + + answer_pkt = NULL; + + /* do all the preprocessing here, then fire of an query to + * the network */ + + if (0 == t) { + t= LDNS_RR_TYPE_A; + } + if (0 == c) { + c= LDNS_RR_CLASS_IN; + } + if (0 == ldns_resolver_nameserver_count(r)) { + return LDNS_STATUS_RES_NO_NS; + } + if (ldns_rdf_get_type(name) != LDNS_RDF_TYPE_DNAME) { + return LDNS_STATUS_RES_QUERY; + } + + status = ldns_resolver_prepare_query_pkt(&query_pkt, r, name, + t, c, flags); + if (status != LDNS_STATUS_OK) { + return status; + } + + /* if tsig values are set, tsign it */ + /* TODO: make last 3 arguments optional too? maybe make complete + rr instead of separate values in resolver (and packet) + Jelte + should this go in pkt_prepare? + */ + if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r)) { +#ifdef HAVE_SSL + status = ldns_pkt_tsig_sign(query_pkt, + ldns_resolver_tsig_keyname(r), + ldns_resolver_tsig_keydata(r), + 300, ldns_resolver_tsig_algorithm(r), NULL); + if (status != LDNS_STATUS_OK) { + ldns_pkt_free(query_pkt); + return LDNS_STATUS_CRYPTO_TSIG_ERR; + } +#else + ldns_pkt_free(query_pkt); + return LDNS_STATUS_CRYPTO_TSIG_ERR; +#endif /* HAVE_SSL */ + } + + status = ldns_resolver_send_pkt(&answer_pkt, r, query_pkt); + ldns_pkt_free(query_pkt); + + /* allows answer to be NULL when not interested in return value */ + if (answer) { + *answer = answer_pkt; + } + return status; +} + +ldns_rr * +ldns_axfr_next(ldns_resolver *resolver) +{ + ldns_rr *cur_rr; + uint8_t *packet_wire; + size_t packet_wire_size; + ldns_status status; + + /* check if start() has been called */ + if (!resolver || resolver->_socket == 0) { + return NULL; + } + + if (resolver->_cur_axfr_pkt) { + if (resolver->_axfr_i == ldns_pkt_ancount(resolver->_cur_axfr_pkt)) { + ldns_pkt_free(resolver->_cur_axfr_pkt); + resolver->_cur_axfr_pkt = NULL; + return ldns_axfr_next(resolver); + } + cur_rr = ldns_rr_clone(ldns_rr_list_rr( + ldns_pkt_answer(resolver->_cur_axfr_pkt), + resolver->_axfr_i)); + resolver->_axfr_i++; + if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_SOA) { + resolver->_axfr_soa_count++; + if (resolver->_axfr_soa_count >= 2) { +#ifndef USE_WINSOCK + close(resolver->_socket); +#else + closesocket(resolver->_socket); +#endif + resolver->_socket = 0; + ldns_pkt_free(resolver->_cur_axfr_pkt); + resolver->_cur_axfr_pkt = NULL; + } + } + return cur_rr; + } else { + packet_wire = ldns_tcp_read_wire_timeout(resolver->_socket, &packet_wire_size, resolver->_timeout); + if(!packet_wire) + return NULL; + + status = ldns_wire2pkt(&resolver->_cur_axfr_pkt, packet_wire, + packet_wire_size); + LDNS_FREE(packet_wire); + + resolver->_axfr_i = 0; + if (status != LDNS_STATUS_OK) { + /* TODO: make status return type of this function (...api change) */ +#ifdef STDERR_MSGS + fprintf(stderr, "Error parsing rr during AXFR: %s\n", ldns_get_errorstr_by_id(status)); +#endif + + /* we must now also close the socket, otherwise subsequent uses of the + same resolver structure will fail because the link is still open or + in an undefined state */ +#ifndef USE_WINSOCK + close(resolver->_socket); +#else + closesocket(resolver->_socket); +#endif + resolver->_socket = 0; + + return NULL; + } else if (ldns_pkt_get_rcode(resolver->_cur_axfr_pkt) != 0) { +#ifdef STDERR_MSGS + ldns_lookup_table *rcode = ldns_lookup_by_id( + ldns_rcodes,(int) ldns_pkt_get_rcode( + resolver->_cur_axfr_pkt)); + if (rcode) { + fprintf(stderr, "Error in AXFR: %s\n", + rcode->name); + } else { + fprintf(stderr, "Error in AXFR: %d\n", + (int) ldns_pkt_get_rcode( + resolver->_cur_axfr_pkt)); + } +#endif + + /* we must now also close the socket, otherwise subsequent uses of the + same resolver structure will fail because the link is still open or + in an undefined state */ +#ifndef USE_WINSOCK + close(resolver->_socket); +#else + closesocket(resolver->_socket); +#endif + resolver->_socket = 0; + + return NULL; + } else { + return ldns_axfr_next(resolver); + } + + } + +} + +/* this function is needed to abort a transfer that is in progress; + * without it an aborted transfer will lead to the AXFR code in the + * library staying in an indetermined state because the socket for the + * AXFR is never closed + */ +void +ldns_axfr_abort(ldns_resolver *resolver) +{ + /* Only abort if an actual AXFR is in progress */ + if (resolver->_socket != 0) + { +#ifndef USE_WINSOCK + close(resolver->_socket); +#else + closesocket(resolver->_socket); +#endif + resolver->_socket = 0; + } +} + +bool +ldns_axfr_complete(const ldns_resolver *res) +{ + /* complete when soa count is 2? */ + return res->_axfr_soa_count == 2; +} + +ldns_pkt * +ldns_axfr_last_pkt(const ldns_resolver *res) +{ + return res->_cur_axfr_pkt; +} + +void +ldns_resolver_set_ixfr_serial(ldns_resolver *r, uint32_t serial) +{ + r->_serial = serial; +} + +uint32_t +ldns_resolver_get_ixfr_serial(const ldns_resolver *res) +{ + return res->_serial; +} + + +/* random isn't really that good */ +void +ldns_resolver_nameservers_randomize(ldns_resolver *r) +{ + uint16_t i, j; + ldns_rdf **ns, *tmpns; + size_t *rtt, tmprtt; + + /* should I check for ldns_resolver_random?? */ + assert(r != NULL); + + ns = ldns_resolver_nameservers(r); + rtt = ldns_resolver_rtt(r); + for (i = 0; i < ldns_resolver_nameserver_count(r); i++) { + j = ldns_get_random() % ldns_resolver_nameserver_count(r); + tmpns = ns[i]; + ns[i] = ns[j]; + ns[j] = tmpns; + tmprtt = rtt[i]; + rtt[i] = rtt[j]; + rtt[j] = tmprtt; + } + ldns_resolver_set_nameservers(r, ns); +} + diff --git a/ldns/src/rr.c b/ldns/src/rr.c new file mode 100644 index 0000000..e52ea80 --- /dev/null +++ b/ldns/src/rr.c @@ -0,0 +1,2705 @@ +/* rr.c + * + * access functions for ldns_rr - + * a Net::DNS like library for C + * LibDNS Team @ NLnet Labs + * + * (c) NLnet Labs, 2004-2006 + * See the file LICENSE for the license + */ +#include + +#include + +#include +#include + +#include + +#define LDNS_SYNTAX_DATALEN 16 +#define LDNS_TTL_DATALEN 21 +#define LDNS_RRLIST_INIT 8 + +ldns_rr * +ldns_rr_new(void) +{ + ldns_rr *rr; + rr = LDNS_MALLOC(ldns_rr); + if (!rr) { + return NULL; + } + + ldns_rr_set_owner(rr, NULL); + ldns_rr_set_question(rr, false); + ldns_rr_set_rd_count(rr, 0); + rr->_rdata_fields = NULL; + ldns_rr_set_class(rr, LDNS_RR_CLASS_IN); + ldns_rr_set_ttl(rr, LDNS_DEFAULT_TTL); + return rr; +} + +ldns_rr * +ldns_rr_new_frm_type(ldns_rr_type t) +{ + ldns_rr *rr; + const ldns_rr_descriptor *desc; + size_t i; + + rr = LDNS_MALLOC(ldns_rr); + if (!rr) { + return NULL; + } + + desc = ldns_rr_descript(t); + + rr->_rdata_fields = LDNS_XMALLOC(ldns_rdf *, ldns_rr_descriptor_minimum(desc)); + if(!rr->_rdata_fields) { + LDNS_FREE(rr); + return NULL; + } + for (i = 0; i < ldns_rr_descriptor_minimum(desc); i++) { + rr->_rdata_fields[i] = NULL; + } + + ldns_rr_set_owner(rr, NULL); + ldns_rr_set_question(rr, false); + /* set the count to minimum */ + ldns_rr_set_rd_count(rr, ldns_rr_descriptor_minimum(desc)); + ldns_rr_set_class(rr, LDNS_RR_CLASS_IN); + ldns_rr_set_ttl(rr, LDNS_DEFAULT_TTL); + ldns_rr_set_type(rr, t); + return rr; +} + +void +ldns_rr_free(ldns_rr *rr) +{ + size_t i; + if (rr) { + if (ldns_rr_owner(rr)) { + ldns_rdf_deep_free(ldns_rr_owner(rr)); + } + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + ldns_rdf_deep_free(ldns_rr_rdf(rr, i)); + } + LDNS_FREE(rr->_rdata_fields); + LDNS_FREE(rr); + } +} + +/* Syntactic sugar for ldns_rr_new_frm_str_internal */ +INLINE bool +ldns_rdf_type_maybe_quoted(ldns_rdf_type rdf_type) +{ + return rdf_type == LDNS_RDF_TYPE_STR || + rdf_type == LDNS_RDF_TYPE_LONG_STR; +} + +/* + * trailing spaces are allowed + * leading spaces are not allowed + * allow ttl to be optional + * class is optional too + * if ttl is missing, and default_ttl is 0, use DEF_TTL + * allow ttl to be written as 1d3h + * So the RR should look like. e.g. + * miek.nl. 3600 IN MX 10 elektron.atoom.net + * or + * miek.nl. 1h IN MX 10 elektron.atoom.net + * or + * miek.nl. IN MX 10 elektron.atoom.net + */ +static ldns_status +ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str, + uint32_t default_ttl, ldns_rdf *origin, + ldns_rdf **prev, bool question) +{ + ldns_rr *new; + const ldns_rr_descriptor *desc; + ldns_rr_type rr_type; + ldns_buffer *rr_buf = NULL; + ldns_buffer *rd_buf = NULL; + uint32_t ttl_val; + char *owner = NULL; + char *ttl = NULL; + ldns_rr_class clas_val; + char *clas = NULL; + char *type = NULL; + char *rdata = NULL; + char *rd = NULL; + char *xtok = NULL; /* For RDF types with spaces (i.e. extra tokens) */ + size_t rd_strlen; + const char *delimiters; + ssize_t c; + ldns_rdf *owner_dname; + const char* endptr; + int was_unknown_rr_format = 0; + ldns_status status = LDNS_STATUS_OK; + + /* used for types with unknown number of rdatas */ + bool done; + bool quoted; + + ldns_rdf *r = NULL; + uint16_t r_cnt; + uint16_t r_min; + uint16_t r_max; + size_t pre_data_pos; + + uint16_t hex_data_size; + char *hex_data_str = NULL; + uint16_t cur_hex_data_size; + size_t hex_pos = 0; + uint8_t *hex_data = NULL; + + new = ldns_rr_new(); + + owner = LDNS_XMALLOC(char, LDNS_MAX_DOMAINLEN + 1); + ttl = LDNS_XMALLOC(char, LDNS_TTL_DATALEN); + clas = LDNS_XMALLOC(char, LDNS_SYNTAX_DATALEN); + rdata = LDNS_XMALLOC(char, LDNS_MAX_PACKETLEN + 1); + rr_buf = LDNS_MALLOC(ldns_buffer); + rd_buf = LDNS_MALLOC(ldns_buffer); + rd = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN); + xtok = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN); + if (rr_buf) { + rr_buf->_data = NULL; + } + if (rd_buf) { + rd_buf->_data = NULL; + } + if (!new || !owner || !ttl || !clas || !rdata || + !rr_buf || !rd_buf || !rd || !xtok) { + + goto memerror; + } + + ldns_buffer_new_frm_data(rr_buf, (char*)str, strlen(str)); + + /* split the rr in its parts -1 signals trouble */ + if (ldns_bget_token(rr_buf, owner, "\t\n ", LDNS_MAX_DOMAINLEN) == -1){ + + status = LDNS_STATUS_SYNTAX_ERR; + goto error; + } + + if (ldns_bget_token(rr_buf, ttl, "\t\n ", LDNS_TTL_DATALEN) == -1) { + + status = LDNS_STATUS_SYNTAX_TTL_ERR; + goto error; + } + ttl_val = (uint32_t) ldns_str2period(ttl, &endptr); + + if (strlen(ttl) > 0 && !isdigit((int) ttl[0])) { + /* ah, it's not there or something */ + if (default_ttl == 0) { + ttl_val = LDNS_DEFAULT_TTL; + } else { + ttl_val = default_ttl; + } + /* we not ASSUMING the TTL is missing and that + * the rest of the RR is still there. That is + * CLASS TYPE RDATA + * so ttl value we read is actually the class + */ + clas_val = ldns_get_rr_class_by_name(ttl); + /* class can be left out too, assume IN, current + * token must be type + */ + if (clas_val == 0) { + clas_val = LDNS_RR_CLASS_IN; + type = LDNS_XMALLOC(char, strlen(ttl) + 1); + if (!type) { + goto memerror; + } + strncpy(type, ttl, strlen(ttl) + 1); + } + } else { + if (-1 == ldns_bget_token( + rr_buf, clas, "\t\n ", LDNS_SYNTAX_DATALEN)) { + + status = LDNS_STATUS_SYNTAX_CLASS_ERR; + goto error; + } + clas_val = ldns_get_rr_class_by_name(clas); + /* class can be left out too, assume IN, current + * token must be type + */ + if (clas_val == 0) { + clas_val = LDNS_RR_CLASS_IN; + type = LDNS_XMALLOC(char, strlen(clas) + 1); + if (!type) { + goto memerror; + } + strncpy(type, clas, strlen(clas) + 1); + } + } + /* the rest should still be waiting for us */ + + if (!type) { + type = LDNS_XMALLOC(char, LDNS_SYNTAX_DATALEN); + if (!type) { + goto memerror; + } + if (-1 == ldns_bget_token( + rr_buf, type, "\t\n ", LDNS_SYNTAX_DATALEN)) { + + status = LDNS_STATUS_SYNTAX_TYPE_ERR; + goto error; + } + } + + if (ldns_bget_token(rr_buf, rdata, "\0", LDNS_MAX_PACKETLEN) == -1) { + /* apparently we are done, and it's only a question RR + * so do not set status and go to ldnserror here + */ + } + ldns_buffer_new_frm_data(rd_buf, rdata, strlen(rdata)); + + if (strlen(owner) <= 1 && strncmp(owner, "@", 1) == 0) { + if (origin) { + ldns_rr_set_owner(new, ldns_rdf_clone(origin)); + } else if (prev && *prev) { + ldns_rr_set_owner(new, ldns_rdf_clone(*prev)); + } else { + /* default to root */ + ldns_rr_set_owner(new, ldns_dname_new_frm_str(".")); + } + + /* @ also overrides prev */ + if (prev) { + ldns_rdf_deep_free(*prev); + *prev = ldns_rdf_clone(ldns_rr_owner(new)); + if (!*prev) { + goto memerror; + } + } + } else { + if (strlen(owner) == 0) { + /* no ownername was given, try prev, if that fails + * origin, else default to root */ + if (prev && *prev) { + ldns_rr_set_owner(new, ldns_rdf_clone(*prev)); + } else if (origin) { + ldns_rr_set_owner(new, ldns_rdf_clone(origin)); + } else { + ldns_rr_set_owner(new, + ldns_dname_new_frm_str(".")); + } + if(!ldns_rr_owner(new)) { + goto memerror; + } + } else { + owner_dname = ldns_dname_new_frm_str(owner); + if (!owner_dname) { + status = LDNS_STATUS_SYNTAX_ERR; + goto error; + } + + ldns_rr_set_owner(new, owner_dname); + if (!ldns_dname_str_absolute(owner) && origin) { + if(ldns_dname_cat(ldns_rr_owner(new), origin) + != LDNS_STATUS_OK) { + + status = LDNS_STATUS_SYNTAX_ERR; + goto error; + } + } + if (prev) { + ldns_rdf_deep_free(*prev); + *prev = ldns_rdf_clone(ldns_rr_owner(new)); + if (!*prev) { + goto error; + } + } + } + } + LDNS_FREE(owner); + + ldns_rr_set_question(new, question); + + ldns_rr_set_ttl(new, ttl_val); + LDNS_FREE(ttl); + + ldns_rr_set_class(new, clas_val); + LDNS_FREE(clas); + + rr_type = ldns_get_rr_type_by_name(type); + LDNS_FREE(type); + + desc = ldns_rr_descript((uint16_t)rr_type); + ldns_rr_set_type(new, rr_type); + if (desc) { + /* only the rdata remains */ + r_max = ldns_rr_descriptor_maximum(desc); + r_min = ldns_rr_descriptor_minimum(desc); + } else { + r_min = 0; + r_max = 1; + } + + for (done = false, r_cnt = 0; !done && r_cnt < r_max; r_cnt++) { + quoted = false; + + switch (ldns_rr_descriptor_field_type(desc, r_cnt)) { + case LDNS_RDF_TYPE_B64 : + case LDNS_RDF_TYPE_HEX : /* These rdf types may con- */ + case LDNS_RDF_TYPE_LOC : /* tain whitespace, only if */ + case LDNS_RDF_TYPE_WKS : /* it is the last rd field. */ + case LDNS_RDF_TYPE_IPSECKEY : + case LDNS_RDF_TYPE_NSEC : if (r_cnt == r_max - 1) { + delimiters = "\n"; + break; + } + default : delimiters = "\n\t "; + } + + if (ldns_rdf_type_maybe_quoted( + ldns_rr_descriptor_field_type( + desc, r_cnt)) && + ldns_buffer_remaining(rd_buf) > 0){ + + /* skip spaces */ + while (*(ldns_buffer_current(rd_buf)) == ' ') { + ldns_buffer_skip(rd_buf, 1); + } + + if (*(ldns_buffer_current(rd_buf)) == '\"') { + delimiters = "\"\0"; + ldns_buffer_skip(rd_buf, 1); + quoted = true; + } + } + + /* because number of fields can be variable, we can't rely on + * _maximum() only + */ + + /* skip spaces */ + while (ldns_buffer_position(rd_buf) < ldns_buffer_limit(rd_buf) + && *(ldns_buffer_current(rd_buf)) == ' ' + && !quoted) { + + ldns_buffer_skip(rd_buf, 1); + } + + pre_data_pos = ldns_buffer_position(rd_buf); + if (-1 == (c = ldns_bget_token( + rd_buf, rd, delimiters, LDNS_MAX_RDFLEN))) { + + done = true; + break; + } + /* hmmz, rfc3597 specifies that any type can be represented + * with \# method, which can contain spaces... + * it does specify size though... + */ + rd_strlen = strlen(rd); + + /* unknown RR data */ + if (strncmp(rd, "\\#", 2) == 0 && !quoted && + (rd_strlen == 2 || rd[2]==' ')) { + + was_unknown_rr_format = 1; + /* go back to before \# + * and skip it while setting delimiters better + */ + ldns_buffer_set_position(rd_buf, pre_data_pos); + delimiters = "\n\t "; + (void)ldns_bget_token(rd_buf, rd, + delimiters, LDNS_MAX_RDFLEN); + /* read rdata octet length */ + c = ldns_bget_token(rd_buf, rd, + delimiters, LDNS_MAX_RDFLEN); + if (c == -1) { + /* something goes very wrong here */ + status = LDNS_STATUS_SYNTAX_RDATA_ERR; + goto error; + } + hex_data_size = (uint16_t) atoi(rd); + /* copy hex chars into hex str (2 chars per byte) */ + hex_data_str = LDNS_XMALLOC(char, 2*hex_data_size + 1); + if (!hex_data_str) { + /* malloc error */ + goto memerror; + } + cur_hex_data_size = 0; + while(cur_hex_data_size < 2 * hex_data_size) { + c = ldns_bget_token(rd_buf, rd, + delimiters, LDNS_MAX_RDFLEN); + if (c != -1) { + rd_strlen = strlen(rd); + } + if (c == -1 || + (size_t)cur_hex_data_size + rd_strlen > + 2 * (size_t)hex_data_size) { + + status = LDNS_STATUS_SYNTAX_RDATA_ERR; + goto error; + } + strncpy(hex_data_str + cur_hex_data_size, rd, + rd_strlen); + + cur_hex_data_size += rd_strlen; + } + hex_data_str[cur_hex_data_size] = '\0'; + + /* correct the rdf type */ + /* if *we* know the type, interpret it as wireformat */ + if (desc) { + hex_pos = 0; + hex_data = + LDNS_XMALLOC(uint8_t, hex_data_size+2); + + if (!hex_data) { + goto memerror; + } + ldns_write_uint16(hex_data, hex_data_size); + ldns_hexstring_to_data( + hex_data + 2, hex_data_str); + status = ldns_wire2rdf(new, hex_data, + hex_data_size + 2, &hex_pos); + if (status != LDNS_STATUS_OK) { + goto error; + } + LDNS_FREE(hex_data); + } else { + r = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_HEX, + hex_data_str); + if (!r) { + goto memerror; + } + ldns_rdf_set_type(r, LDNS_RDF_TYPE_UNKNOWN); + if (!ldns_rr_push_rdf(new, r)) { + goto memerror; + } + } + LDNS_FREE(hex_data_str); + + } else if(rd_strlen > 0 || quoted) { + /* Normal RR */ + switch(ldns_rr_descriptor_field_type(desc, r_cnt)) { + + case LDNS_RDF_TYPE_HEX: + case LDNS_RDF_TYPE_B64: + /* When this is the last rdata field, then the + * rest should be read in (cause then these + * rdf types may contain spaces). + */ + if (r_cnt == r_max - 1) { + c = ldns_bget_token(rd_buf, xtok, + "\n", LDNS_MAX_RDFLEN); + if (c != -1) { + (void) strncat(rd, xtok, + LDNS_MAX_RDFLEN - + strlen(rd) - 1); + } + } + r = ldns_rdf_new_frm_str( + ldns_rr_descriptor_field_type( + desc, r_cnt), rd); + break; + + case LDNS_RDF_TYPE_HIP: + /* + * In presentation format this RDATA type has + * three tokens: An algorithm byte, then a + * variable length HIT (in hexbytes) and then + * a variable length Public Key (in base64). + * + * We have just read the algorithm, so we need + * two more tokens: HIT and Public Key. + */ + do { + /* Read and append HIT */ + if (ldns_bget_token(rd_buf, + xtok, delimiters, + LDNS_MAX_RDFLEN) == -1) + break; + + (void) strncat(rd, " ", + LDNS_MAX_RDFLEN - + strlen(rd) - 1); + (void) strncat(rd, xtok, + LDNS_MAX_RDFLEN - + strlen(rd) - 1); + + /* Read and append Public Key*/ + if (ldns_bget_token(rd_buf, + xtok, delimiters, + LDNS_MAX_RDFLEN) == -1) + break; + + (void) strncat(rd, " ", + LDNS_MAX_RDFLEN - + strlen(rd) - 1); + (void) strncat(rd, xtok, + LDNS_MAX_RDFLEN - + strlen(rd) - 1); + } while (false); + + r = ldns_rdf_new_frm_str( + ldns_rr_descriptor_field_type( + desc, r_cnt), rd); + break; + + case LDNS_RDF_TYPE_DNAME: + r = ldns_rdf_new_frm_str( + ldns_rr_descriptor_field_type( + desc, r_cnt), rd); + + /* check if the origin should be used + * or concatenated + */ + if (r && ldns_rdf_size(r) > 1 && + ldns_rdf_data(r)[0] == 1 && + ldns_rdf_data(r)[1] == '@') { + + ldns_rdf_deep_free(r); + + r = origin ? ldns_rdf_clone(origin) + + : ( rr_type == LDNS_RR_TYPE_SOA ? + + ldns_rdf_clone( + ldns_rr_owner(new)) + + : ldns_rdf_new_frm_str( + LDNS_RDF_TYPE_DNAME, ".") + ); + + } else if (r && rd_strlen >= 1 && origin && + !ldns_dname_str_absolute(rd)) { + + status = ldns_dname_cat(r, origin); + if (status != LDNS_STATUS_OK) { + goto error; + } + } + break; + default: + r = ldns_rdf_new_frm_str( + ldns_rr_descriptor_field_type( + desc, r_cnt), rd); + break; + } + if (!r) { + status = LDNS_STATUS_SYNTAX_RDATA_ERR; + goto error; + } + ldns_rr_push_rdf(new, r); + } + if (quoted) { + if (ldns_buffer_available(rd_buf, 1)) { + ldns_buffer_skip(rd_buf, 1); + } else { + done = true; + } + } + + } /* for (done = false, r_cnt = 0; !done && r_cnt < r_max; r_cnt++) */ + LDNS_FREE(rd); + LDNS_FREE(xtok); + ldns_buffer_free(rd_buf); + ldns_buffer_free(rr_buf); + LDNS_FREE(rdata); + + if (!question && desc && !was_unknown_rr_format && + ldns_rr_rd_count(new) < r_min) { + + ldns_rr_free(new); + return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; + } + + if (newrr) { + *newrr = new; + } else { + /* Maybe the caller just wanted to see if it would parse? */ + ldns_rr_free(new); + } + return LDNS_STATUS_OK; + +memerror: + status = LDNS_STATUS_MEM_ERR; +error: + if (rd_buf && rd_buf->_data) { + ldns_buffer_free(rd_buf); + } else { + LDNS_FREE(rd_buf); + } + if (rr_buf && rr_buf->_data) { + ldns_buffer_free(rr_buf); + } else { + LDNS_FREE(rr_buf); + } + LDNS_FREE(type); + LDNS_FREE(owner); + LDNS_FREE(ttl); + LDNS_FREE(clas); + LDNS_FREE(hex_data); + LDNS_FREE(hex_data_str); + LDNS_FREE(xtok); + LDNS_FREE(rd); + LDNS_FREE(rdata); + ldns_rr_free(new); + return status; +} + +ldns_status +ldns_rr_new_frm_str(ldns_rr **newrr, const char *str, + uint32_t default_ttl, ldns_rdf *origin, + ldns_rdf **prev) +{ + return ldns_rr_new_frm_str_internal(newrr, + str, + default_ttl, + origin, + prev, + false); +} + +ldns_status +ldns_rr_new_question_frm_str(ldns_rr **newrr, const char *str, + ldns_rdf *origin, ldns_rdf **prev) +{ + return ldns_rr_new_frm_str_internal(newrr, + str, + 0, + origin, + prev, + true); +} + +/* Strip whitespace from the start and the end of . */ +static char * +ldns_strip_ws(char *line) +{ + char *s = line, *e; + + for (s = line; *s && isspace(*s); s++) + ; + + for (e = strchr(s, 0); e > s+2 && isspace(e[-1]) && e[-2] != '\\'; e--) + ; + *e = 0; + + return s; +} + +ldns_status +ldns_rr_new_frm_fp(ldns_rr **newrr, FILE *fp, uint32_t *ttl, ldns_rdf **origin, ldns_rdf **prev) +{ + return ldns_rr_new_frm_fp_l(newrr, fp, ttl, origin, prev, NULL); +} + +ldns_status +ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr) +{ + char *line; + const char *endptr; /* unused */ + ldns_rr *rr; + uint32_t ttl; + ldns_rdf *tmp; + ldns_status s; + ssize_t size; + + if (default_ttl) { + ttl = *default_ttl; + } else { + ttl = 0; + } + + line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); + if (!line) { + return LDNS_STATUS_MEM_ERR; + } + + /* read an entire line in from the file */ + if ((size = ldns_fget_token_l(fp, line, LDNS_PARSE_SKIP_SPACE, LDNS_MAX_LINELEN, line_nr)) == -1) { + LDNS_FREE(line); + /* if last line was empty, we are now at feof, which is not + * always a parse error (happens when for instance last line + * was a comment) + */ + return LDNS_STATUS_SYNTAX_ERR; + } + + /* we can have the situation, where we've read ok, but still got + * no bytes to play with, in this case size is 0 + */ + if (size == 0) { + LDNS_FREE(line); + return LDNS_STATUS_SYNTAX_EMPTY; + } + + if (strncmp(line, "$ORIGIN", 7) == 0 && isspace(line[7])) { + if (*origin) { + ldns_rdf_deep_free(*origin); + *origin = NULL; + } + tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, + ldns_strip_ws(line + 8)); + if (!tmp) { + /* could not parse what next to $ORIGIN */ + LDNS_FREE(line); + return LDNS_STATUS_SYNTAX_DNAME_ERR; + } + *origin = tmp; + s = LDNS_STATUS_SYNTAX_ORIGIN; + } else if (strncmp(line, "$TTL", 4) == 0 && isspace(line[4])) { + if (default_ttl) { + *default_ttl = ldns_str2period( + ldns_strip_ws(line + 5), &endptr); + } + s = LDNS_STATUS_SYNTAX_TTL; + } else if (strncmp(line, "$INCLUDE", 8) == 0) { + s = LDNS_STATUS_SYNTAX_INCLUDE; + } else if (!*ldns_strip_ws(line)) { + LDNS_FREE(line); + return LDNS_STATUS_SYNTAX_EMPTY; + } else { + if (origin && *origin) { + s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, *origin, prev); + } else { + s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, NULL, prev); + } + } + LDNS_FREE(line); + if (s == LDNS_STATUS_OK) { + if (newrr) { + *newrr = rr; + } else { + /* Just testing if it would parse? */ + ldns_rr_free(rr); + } + } + return s; +} + +void +ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner) +{ + rr->_owner = owner; +} + +void +ldns_rr_set_question(ldns_rr *rr, bool question) +{ + rr->_rr_question = question; +} + +void +ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl) +{ + rr->_ttl = ttl; +} + +void +ldns_rr_set_rd_count(ldns_rr *rr, size_t count) +{ + rr->_rd_count = count; +} + +void +ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type) +{ + rr->_rr_type = rr_type; +} + +void +ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class) +{ + rr->_rr_class = rr_class; +} + +ldns_rdf * +ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position) +{ + size_t rd_count; + ldns_rdf *pop; + + rd_count = ldns_rr_rd_count(rr); + if (position < rd_count) { + /* dicard the old one */ + pop = rr->_rdata_fields[position]; + rr->_rdata_fields[position] = (ldns_rdf*)f; + return pop; + } else { + return NULL; + } +} + +bool +ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f) +{ + size_t rd_count; + ldns_rdf **rdata_fields; + + rd_count = ldns_rr_rd_count(rr); + + /* grow the array */ + rdata_fields = LDNS_XREALLOC( + rr->_rdata_fields, ldns_rdf *, rd_count + 1); + if (!rdata_fields) { + return false; + } + + /* add the new member */ + rr->_rdata_fields = rdata_fields; + rr->_rdata_fields[rd_count] = (ldns_rdf*)f; + + ldns_rr_set_rd_count(rr, rd_count + 1); + return true; +} + +ldns_rdf * +ldns_rr_pop_rdf(ldns_rr *rr) +{ + size_t rd_count; + ldns_rdf *pop; + ldns_rdf** newrd; + + rd_count = ldns_rr_rd_count(rr); + + if (rd_count == 0) { + return NULL; + } + + pop = rr->_rdata_fields[rd_count - 1]; + + /* try to shrink the array */ + if(rd_count > 1) { + newrd = LDNS_XREALLOC( + rr->_rdata_fields, ldns_rdf *, rd_count - 1); + if(newrd) + rr->_rdata_fields = newrd; + } else { + LDNS_FREE(rr->_rdata_fields); + } + + ldns_rr_set_rd_count(rr, rd_count - 1); + return pop; +} + +ldns_rdf * +ldns_rr_rdf(const ldns_rr *rr, size_t nr) +{ + if (rr && nr < ldns_rr_rd_count(rr)) { + return rr->_rdata_fields[nr]; + } else { + return NULL; + } +} + +ldns_rdf * +ldns_rr_owner(const ldns_rr *rr) +{ + return rr->_owner; +} + +bool +ldns_rr_is_question(const ldns_rr *rr) +{ + return rr->_rr_question; +} + +uint32_t +ldns_rr_ttl(const ldns_rr *rr) +{ + return rr->_ttl; +} + +size_t +ldns_rr_rd_count(const ldns_rr *rr) +{ + return rr->_rd_count; +} + +ldns_rr_type +ldns_rr_get_type(const ldns_rr *rr) +{ + return rr->_rr_type; +} + +ldns_rr_class +ldns_rr_get_class(const ldns_rr *rr) +{ + return rr->_rr_class; +} + +/* rr_lists */ + +size_t +ldns_rr_list_rr_count(const ldns_rr_list *rr_list) +{ + if (rr_list) { + return rr_list->_rr_count; + } else { + return 0; + } +} + +ldns_rr * +ldns_rr_list_set_rr(ldns_rr_list *rr_list, const ldns_rr *r, size_t count) +{ + ldns_rr *old; + + if (count > ldns_rr_list_rr_count(rr_list)) { + return NULL; + } + + old = ldns_rr_list_rr(rr_list, count); + + /* overwrite old's pointer */ + rr_list->_rrs[count] = (ldns_rr*)r; + return old; +} + +void +ldns_rr_list_set_rr_count(ldns_rr_list *rr_list, size_t count) +{ + assert(count <= rr_list->_rr_capacity); + rr_list->_rr_count = count; +} + +ldns_rr * +ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr) +{ + if (nr < ldns_rr_list_rr_count(rr_list)) { + return rr_list->_rrs[nr]; + } else { + return NULL; + } +} + +ldns_rr_list * +ldns_rr_list_new(void) +{ + ldns_rr_list *rr_list = LDNS_MALLOC(ldns_rr_list); + if(!rr_list) return NULL; + rr_list->_rr_count = 0; + rr_list->_rr_capacity = 0; + rr_list->_rrs = NULL; + return rr_list; +} + +void +ldns_rr_list_free(ldns_rr_list *rr_list) +{ + if (rr_list) { + LDNS_FREE(rr_list->_rrs); + LDNS_FREE(rr_list); + } +} + +void +ldns_rr_list_deep_free(ldns_rr_list *rr_list) +{ + size_t i; + + if (rr_list) { + for (i=0; i < ldns_rr_list_rr_count(rr_list); i++) { + ldns_rr_free(ldns_rr_list_rr(rr_list, i)); + } + LDNS_FREE(rr_list->_rrs); + LDNS_FREE(rr_list); + } +} + + +/* add right to left. So we modify *left! */ +bool +ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right) +{ + size_t r_rr_count; + size_t i; + + if (!left) { + return false; + } + + if (right) { + r_rr_count = ldns_rr_list_rr_count(right); + } else { + r_rr_count = 0; + } + + /* push right to left */ + for(i = 0; i < r_rr_count; i++) { + ldns_rr_list_push_rr(left, ldns_rr_list_rr(right, i)); + } + return true; +} + +ldns_rr_list * +ldns_rr_list_cat_clone(ldns_rr_list *left, ldns_rr_list *right) +{ + size_t l_rr_count; + size_t r_rr_count; + size_t i; + ldns_rr_list *cat; + + if (left) { + l_rr_count = ldns_rr_list_rr_count(left); + } else { + return ldns_rr_list_clone(right); + } + + if (right) { + r_rr_count = ldns_rr_list_rr_count(right); + } else { + r_rr_count = 0; + } + + cat = ldns_rr_list_new(); + + if (!cat) { + return NULL; + } + + /* left */ + for(i = 0; i < l_rr_count; i++) { + ldns_rr_list_push_rr(cat, + ldns_rr_clone(ldns_rr_list_rr(left, i))); + } + /* right */ + for(i = 0; i < r_rr_count; i++) { + ldns_rr_list_push_rr(cat, + ldns_rr_clone(ldns_rr_list_rr(right, i))); + } + return cat; +} + +ldns_rr_list * +ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, size_t pos) +{ + size_t i; + ldns_rr_list *subtyped; + ldns_rdf *list_rdf; + + subtyped = ldns_rr_list_new(); + + for(i = 0; i < ldns_rr_list_rr_count(l); i++) { + list_rdf = ldns_rr_rdf( + ldns_rr_list_rr(l, i), + pos); + if (!list_rdf) { + /* pos is too large or any other error */ + ldns_rr_list_deep_free(subtyped); + return NULL; + } + + if (ldns_rdf_compare(list_rdf, r) == 0) { + /* a match */ + ldns_rr_list_push_rr(subtyped, + ldns_rr_clone(ldns_rr_list_rr(l, i))); + } + } + + if (ldns_rr_list_rr_count(subtyped) > 0) { + return subtyped; + } else { + ldns_rr_list_free(subtyped); + return NULL; + } +} + +bool +ldns_rr_list_push_rr(ldns_rr_list *rr_list, const ldns_rr *rr) +{ + size_t rr_count; + size_t cap; + + rr_count = ldns_rr_list_rr_count(rr_list); + cap = rr_list->_rr_capacity; + + /* grow the array */ + if(rr_count+1 > cap) { + ldns_rr **rrs; + + if(cap == 0) + cap = LDNS_RRLIST_INIT; /* initial list size */ + else cap *= 2; + rrs = LDNS_XREALLOC(rr_list->_rrs, ldns_rr *, cap); + if (!rrs) { + return false; + } + rr_list->_rrs = rrs; + rr_list->_rr_capacity = cap; + } + + /* add the new member */ + rr_list->_rrs[rr_count] = (ldns_rr*)rr; + + ldns_rr_list_set_rr_count(rr_list, rr_count + 1); + return true; +} + +bool +ldns_rr_list_push_rr_list(ldns_rr_list *rr_list, const ldns_rr_list *push_list) +{ + size_t i; + + for(i = 0; i < ldns_rr_list_rr_count(push_list); i++) { + if (!ldns_rr_list_push_rr(rr_list, + ldns_rr_list_rr(push_list, i))) { + return false; + } + } + return true; +} + +ldns_rr * +ldns_rr_list_pop_rr(ldns_rr_list *rr_list) +{ + size_t rr_count; + size_t cap; + ldns_rr *pop; + + rr_count = ldns_rr_list_rr_count(rr_list); + + if (rr_count == 0) { + return NULL; + } + + cap = rr_list->_rr_capacity; + pop = ldns_rr_list_rr(rr_list, rr_count - 1); + + /* shrink the array */ + if(cap > LDNS_RRLIST_INIT && rr_count-1 <= cap/2) { + ldns_rr** a; + cap /= 2; + a = LDNS_XREALLOC(rr_list->_rrs, ldns_rr *, cap); + if(a) { + rr_list->_rrs = a; + rr_list->_rr_capacity = cap; + } + } + + ldns_rr_list_set_rr_count(rr_list, rr_count - 1); + + return pop; +} + +ldns_rr_list * +ldns_rr_list_pop_rr_list(ldns_rr_list *rr_list, size_t howmany) +{ + /* pop a number of rr's and put them in a rr_list */ + ldns_rr_list *popped; + ldns_rr *p; + size_t i = howmany; + + popped = ldns_rr_list_new(); + + if (!popped) { + return NULL; + } + + + while(i > 0 && + (p = ldns_rr_list_pop_rr(rr_list)) != NULL) { + ldns_rr_list_push_rr(popped, p); + i--; + } + + if (i == howmany) { /* so i <= 0 */ + ldns_rr_list_free(popped); + return NULL; + } else { + return popped; + } +} + + +bool +ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, ldns_rr *rr) +{ + size_t i; + + if (!rr_list || !rr || ldns_rr_list_rr_count(rr_list) == 0) { + return false; + } + + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + if (rr == ldns_rr_list_rr(rr_list, i)) { + return true; + } else if (ldns_rr_compare(rr, ldns_rr_list_rr(rr_list, i)) == 0) { + return true; + } + } + return false; +} + +bool +ldns_is_rrset(ldns_rr_list *rr_list) +{ + ldns_rr_type t; + ldns_rr_class c; + ldns_rdf *o; + ldns_rr *tmp; + size_t i; + + if (!rr_list || ldns_rr_list_rr_count(rr_list) == 0) { + return false; + } + + tmp = ldns_rr_list_rr(rr_list, 0); + + t = ldns_rr_get_type(tmp); + c = ldns_rr_get_class(tmp); + o = ldns_rr_owner(tmp); + + /* compare these with the rest of the rr_list, start with 1 */ + for (i = 1; i < ldns_rr_list_rr_count(rr_list); i++) { + tmp = ldns_rr_list_rr(rr_list, i); + if (t != ldns_rr_get_type(tmp)) { + return false; + } + if (c != ldns_rr_get_class(tmp)) { + return false; + } + if (ldns_rdf_compare(o, ldns_rr_owner(tmp)) != 0) { + return false; + } + } + return true; +} + +bool +ldns_rr_set_push_rr(ldns_rr_list *rr_list, ldns_rr *rr) +{ + size_t rr_count; + size_t i; + ldns_rr *last; + + assert(rr != NULL); + + rr_count = ldns_rr_list_rr_count(rr_list); + + if (rr_count == 0) { + /* nothing there, so checking it is + * not needed */ + return ldns_rr_list_push_rr(rr_list, rr); + } else { + /* check with the final rr in the rr_list */ + last = ldns_rr_list_rr(rr_list, rr_count - 1); + + if (ldns_rr_get_class(last) != ldns_rr_get_class(rr)) { + return false; + } + if (ldns_rr_get_type(last) != ldns_rr_get_type(rr)) { + return false; + } + /* only check if not equal to RRSIG */ + if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) { + if (ldns_rr_ttl(last) != ldns_rr_ttl(rr)) { + return false; + } + } + if (ldns_rdf_compare(ldns_rr_owner(last), + ldns_rr_owner(rr)) != 0) { + return false; + } + /* ok, still alive - check if the rr already + * exists - if so, dont' add it */ + for(i = 0; i < rr_count; i++) { + if(ldns_rr_compare( + ldns_rr_list_rr(rr_list, i), rr) == 0) { + return false; + } + } + /* it's safe, push it */ + return ldns_rr_list_push_rr(rr_list, rr); + } +} + +ldns_rr * +ldns_rr_set_pop_rr(ldns_rr_list *rr_list) +{ + return ldns_rr_list_pop_rr(rr_list); +} + +ldns_rr_list * +ldns_rr_list_pop_rrset(ldns_rr_list *rr_list) +{ + ldns_rr_list *rrset; + ldns_rr *last_rr = NULL; + ldns_rr *next_rr; + + if (!rr_list) { + return NULL; + } + + rrset = ldns_rr_list_new(); + if (!last_rr) { + last_rr = ldns_rr_list_pop_rr(rr_list); + if (!last_rr) { + ldns_rr_list_free(rrset); + return NULL; + } else { + ldns_rr_list_push_rr(rrset, last_rr); + } + } + + if (ldns_rr_list_rr_count(rr_list) > 0) { + next_rr = ldns_rr_list_rr(rr_list, ldns_rr_list_rr_count(rr_list) - 1); + } else { + next_rr = NULL; + } + + while (next_rr) { + if ( + ldns_rdf_compare(ldns_rr_owner(next_rr), + ldns_rr_owner(last_rr)) == 0 + && + ldns_rr_get_type(next_rr) == ldns_rr_get_type(last_rr) + && + ldns_rr_get_class(next_rr) == ldns_rr_get_class(last_rr) + ) { + ldns_rr_list_push_rr(rrset, ldns_rr_list_pop_rr(rr_list)); + if (ldns_rr_list_rr_count(rr_list) > 0) { + last_rr = next_rr; + next_rr = ldns_rr_list_rr(rr_list, ldns_rr_list_rr_count(rr_list) - 1); + } else { + next_rr = NULL; + } + } else { + next_rr = NULL; + } + } + + return rrset; +} + +ldns_rr * +ldns_rr_clone(const ldns_rr *rr) +{ + size_t i; + ldns_rr *new_rr; + + if (!rr) { + return NULL; + } + + new_rr = ldns_rr_new(); + if (!new_rr) { + return NULL; + } + if (ldns_rr_owner(rr)) { + ldns_rr_set_owner(new_rr, ldns_rdf_clone(ldns_rr_owner(rr))); + } + ldns_rr_set_ttl(new_rr, ldns_rr_ttl(rr)); + ldns_rr_set_type(new_rr, ldns_rr_get_type(rr)); + ldns_rr_set_class(new_rr, ldns_rr_get_class(rr)); + ldns_rr_set_question(new_rr, ldns_rr_is_question(rr)); + + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + if (ldns_rr_rdf(rr,i)) { + ldns_rr_push_rdf(new_rr, ldns_rdf_clone(ldns_rr_rdf(rr, i))); + } + } + + return new_rr; +} + +ldns_rr_list * +ldns_rr_list_clone(const ldns_rr_list *rrlist) +{ + size_t i; + ldns_rr_list *new_list; + ldns_rr *r; + + if (!rrlist) { + return NULL; + } + + new_list = ldns_rr_list_new(); + if (!new_list) { + return NULL; + } + for (i = 0; i < ldns_rr_list_rr_count(rrlist); i++) { + r = ldns_rr_clone( + ldns_rr_list_rr(rrlist, i) + ); + if (!r) { + /* huh, failure in cloning */ + ldns_rr_list_deep_free(new_list); + return NULL; + } + ldns_rr_list_push_rr(new_list, r); + } + return new_list; +} + + +static int +qsort_schwartz_rr_compare(const void *a, const void *b) +{ + int result = 0; + ldns_rr *rr1, *rr2; + ldns_buffer *rr1_buf, *rr2_buf; + struct ldns_schwartzian_compare_struct *sa = *(struct ldns_schwartzian_compare_struct **) a; + struct ldns_schwartzian_compare_struct *sb = *(struct ldns_schwartzian_compare_struct **) b; + /* if we are doing 2wire, we need to do lowercasing on the dname (and maybe on the rdata) + * this must be done for comparison only, so we need to have a temp var for both buffers, + * which is only used when the transformed object value isn't there yet + */ + ldns_rr *canonical_a, *canonical_b; + + rr1 = (ldns_rr *) sa->original_object; + rr2 = (ldns_rr *) sb->original_object; + + result = ldns_rr_compare_no_rdata(rr1, rr2); + + if (result == 0) { + if (!sa->transformed_object) { + canonical_a = ldns_rr_clone(sa->original_object); + ldns_rr2canonical(canonical_a); + sa->transformed_object = ldns_buffer_new(ldns_rr_uncompressed_size(canonical_a)); + if (ldns_rr2buffer_wire(sa->transformed_object, canonical_a, LDNS_SECTION_ANY) != LDNS_STATUS_OK) { + ldns_buffer_free((ldns_buffer *)sa->transformed_object); + sa->transformed_object = NULL; + ldns_rr_free(canonical_a); + return 0; + } + ldns_rr_free(canonical_a); + } + if (!sb->transformed_object) { + canonical_b = ldns_rr_clone(sb->original_object); + ldns_rr2canonical(canonical_b); + sb->transformed_object = ldns_buffer_new(ldns_rr_uncompressed_size(canonical_b)); + if (ldns_rr2buffer_wire(sb->transformed_object, canonical_b, LDNS_SECTION_ANY) != LDNS_STATUS_OK) { + ldns_buffer_free((ldns_buffer *)sa->transformed_object); + ldns_buffer_free((ldns_buffer *)sb->transformed_object); + sa->transformed_object = NULL; + sb->transformed_object = NULL; + ldns_rr_free(canonical_b); + return 0; + } + ldns_rr_free(canonical_b); + } + rr1_buf = (ldns_buffer *) sa->transformed_object; + rr2_buf = (ldns_buffer *) sb->transformed_object; + + result = ldns_rr_compare_wire(rr1_buf, rr2_buf); + } + + return result; +} + +void +ldns_rr_list_sort(ldns_rr_list *unsorted) +{ + struct ldns_schwartzian_compare_struct **sortables; + size_t item_count; + size_t i; + + if (unsorted) { + item_count = ldns_rr_list_rr_count(unsorted); + + sortables = LDNS_XMALLOC(struct ldns_schwartzian_compare_struct *, + item_count); + if(!sortables) return; /* no way to return error */ + for (i = 0; i < item_count; i++) { + sortables[i] = LDNS_XMALLOC(struct ldns_schwartzian_compare_struct, 1); + if(!sortables[i]) { + /* free the allocated parts */ + while(i>0) { + i--; + LDNS_FREE(sortables[i]); + } + /* no way to return error */ + LDNS_FREE(sortables); + return; + } + sortables[i]->original_object = ldns_rr_list_rr(unsorted, i); + sortables[i]->transformed_object = NULL; + } + qsort(sortables, + item_count, + sizeof(struct ldns_schwartzian_compare_struct *), + qsort_schwartz_rr_compare); + for (i = 0; i < item_count; i++) { + unsorted->_rrs[i] = sortables[i]->original_object; + if (sortables[i]->transformed_object) { + ldns_buffer_free(sortables[i]->transformed_object); + } + LDNS_FREE(sortables[i]); + } + LDNS_FREE(sortables); + } +} + +int +ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2) +{ + size_t rr1_len; + size_t rr2_len; + size_t offset; + + assert(rr1 != NULL); + assert(rr2 != NULL); + + rr1_len = ldns_rr_uncompressed_size(rr1); + rr2_len = ldns_rr_uncompressed_size(rr2); + + if (ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)) < 0) { + return -1; + } else if (ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)) > 0) { + return 1; + } + + /* should return -1 if rr1 comes before rr2, so need to do rr1 - rr2, not rr2 - rr1 */ + if (ldns_rr_get_class(rr1) != ldns_rr_get_class(rr2)) { + return ldns_rr_get_class(rr1) - ldns_rr_get_class(rr2); + } + + /* should return -1 if rr1 comes before rr2, so need to do rr1 - rr2, not rr2 - rr1 */ + if (ldns_rr_get_type(rr1) != ldns_rr_get_type(rr2)) { + return ldns_rr_get_type(rr1) - ldns_rr_get_type(rr2); + } + + /* offset is the owername length + ttl + type + class + rdlen == start of wire format rdata */ + offset = ldns_rdf_size(ldns_rr_owner(rr1)) + 4 + 2 + 2 + 2; + /* if either record doesn't have any RDATA... */ + if (offset > rr1_len || offset > rr2_len) { + if (rr1_len == rr2_len) { + return 0; + } + return ((int) rr2_len - (int) rr1_len); + } + + return 0; +} + +int ldns_rr_compare_wire(ldns_buffer *rr1_buf, ldns_buffer *rr2_buf) +{ + size_t rr1_len, rr2_len, min_len, i, offset; + + rr1_len = ldns_buffer_capacity(rr1_buf); + rr2_len = ldns_buffer_capacity(rr2_buf); + + /* jump past dname (checked in earlier part) + * and especially past TTL */ + offset = 0; + while (offset < rr1_len && *ldns_buffer_at(rr1_buf, offset) != 0) { + offset += *ldns_buffer_at(rr1_buf, offset) + 1; + } + /* jump to rdata section (PAST the rdata length field, otherwise + rrs with different lengths might be sorted erroneously */ + offset += 11; + min_len = (rr1_len < rr2_len) ? rr1_len : rr2_len; + /* Compare RRs RDATA byte for byte. */ + for(i = offset; i < min_len; i++) { + if (*ldns_buffer_at(rr1_buf,i) < *ldns_buffer_at(rr2_buf,i)) { + return -1; + } else if (*ldns_buffer_at(rr1_buf,i) > *ldns_buffer_at(rr2_buf,i)) { + return +1; + } + } + + /* If both RDATAs are the same up to min_len, then the shorter one sorts first. */ + if (rr1_len < rr2_len) { + return -1; + } else if (rr1_len > rr2_len) { + return +1; + } + /* The RDATAs are equal. */ + return 0; + +} + +int +ldns_rr_compare(const ldns_rr *rr1, const ldns_rr *rr2) +{ + int result; + size_t rr1_len, rr2_len; + + ldns_buffer *rr1_buf; + ldns_buffer *rr2_buf; + + result = ldns_rr_compare_no_rdata(rr1, rr2); + if (result == 0) { + rr1_len = ldns_rr_uncompressed_size(rr1); + rr2_len = ldns_rr_uncompressed_size(rr2); + + rr1_buf = ldns_buffer_new(rr1_len); + rr2_buf = ldns_buffer_new(rr2_len); + + if (ldns_rr2buffer_wire_canonical(rr1_buf, + rr1, + LDNS_SECTION_ANY) + != LDNS_STATUS_OK) { + ldns_buffer_free(rr1_buf); + ldns_buffer_free(rr2_buf); + return 0; + } + if (ldns_rr2buffer_wire_canonical(rr2_buf, + rr2, + LDNS_SECTION_ANY) + != LDNS_STATUS_OK) { + ldns_buffer_free(rr1_buf); + ldns_buffer_free(rr2_buf); + return 0; + } + + result = ldns_rr_compare_wire(rr1_buf, rr2_buf); + + ldns_buffer_free(rr1_buf); + ldns_buffer_free(rr2_buf); + } + + return result; +} + +/* convert dnskey to a ds with the given algorithm, + * then compare the result with the given ds */ +static int +ldns_rr_compare_ds_dnskey(ldns_rr *ds, + ldns_rr *dnskey) +{ + ldns_rr *ds_gen; + bool result = false; + ldns_hash algo; + + if (!dnskey || !ds || + ldns_rr_get_type(ds) != LDNS_RR_TYPE_DS || + ldns_rr_get_type(dnskey) != LDNS_RR_TYPE_DNSKEY) { + return false; + } + + if (ldns_rr_rdf(ds, 2) == NULL) { + return false; + } + algo = ldns_rdf2native_int8(ldns_rr_rdf(ds, 2)); + + ds_gen = ldns_key_rr2ds(dnskey, algo); + if (ds_gen) { + result = ldns_rr_compare(ds, ds_gen) == 0; + ldns_rr_free(ds_gen); + } + return result; +} + +bool +ldns_rr_compare_ds(const ldns_rr *orr1, const ldns_rr *orr2) +{ + bool result; + ldns_rr *rr1 = ldns_rr_clone(orr1); + ldns_rr *rr2 = ldns_rr_clone(orr2); + + /* set ttls to zero */ + ldns_rr_set_ttl(rr1, 0); + ldns_rr_set_ttl(rr2, 0); + + if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DS && + ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DNSKEY) { + result = ldns_rr_compare_ds_dnskey(rr1, rr2); + } else if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DNSKEY && + ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DS) { + result = ldns_rr_compare_ds_dnskey(rr2, rr1); + } else { + result = (ldns_rr_compare(rr1, rr2) == 0); + } + + ldns_rr_free(rr1); + ldns_rr_free(rr2); + + return result; +} + +int +ldns_rr_list_compare(const ldns_rr_list *rrl1, const ldns_rr_list *rrl2) +{ + size_t i = 0; + int rr_cmp; + + assert(rrl1 != NULL); + assert(rrl2 != NULL); + + for (i = 0; i < ldns_rr_list_rr_count(rrl1) && i < ldns_rr_list_rr_count(rrl2); i++) { + rr_cmp = ldns_rr_compare(ldns_rr_list_rr(rrl1, i), ldns_rr_list_rr(rrl2, i)); + if (rr_cmp != 0) { + return rr_cmp; + } + } + + if (i == ldns_rr_list_rr_count(rrl1) && + i != ldns_rr_list_rr_count(rrl2)) { + return 1; + } else if (i == ldns_rr_list_rr_count(rrl2) && + i != ldns_rr_list_rr_count(rrl1)) { + return -1; + } else { + return 0; + } +} + +size_t +ldns_rr_uncompressed_size(const ldns_rr *r) +{ + size_t rrsize; + size_t i; + + rrsize = 0; + /* add all the rdf sizes */ + for(i = 0; i < ldns_rr_rd_count(r); i++) { + rrsize += ldns_rdf_size(ldns_rr_rdf(r, i)); + } + /* ownername */ + rrsize += ldns_rdf_size(ldns_rr_owner(r)); + rrsize += LDNS_RR_OVERHEAD; + return rrsize; +} + +void +ldns_rr2canonical(ldns_rr *rr) +{ + uint16_t i; + + if (!rr) { + return; + } + + ldns_dname2canonical(ldns_rr_owner(rr)); + + /* + * lowercase the rdata dnames if the rr type is one + * of the list in chapter 7 of RFC3597 + * Also added RRSIG, because a "Signer's Name" should be canonicalized + * too. See dnssec-bis-updates-16. We can add it to this list because + * the "Signer's Name" is the only dname type rdata field in a RRSIG. + */ + switch(ldns_rr_get_type(rr)) { + case LDNS_RR_TYPE_NS: + case LDNS_RR_TYPE_MD: + case LDNS_RR_TYPE_MF: + case LDNS_RR_TYPE_CNAME: + case LDNS_RR_TYPE_SOA: + case LDNS_RR_TYPE_MB: + case LDNS_RR_TYPE_MG: + case LDNS_RR_TYPE_MR: + case LDNS_RR_TYPE_PTR: + case LDNS_RR_TYPE_MINFO: + case LDNS_RR_TYPE_MX: + case LDNS_RR_TYPE_RP: + case LDNS_RR_TYPE_AFSDB: + case LDNS_RR_TYPE_RT: + case LDNS_RR_TYPE_SIG: + case LDNS_RR_TYPE_PX: + case LDNS_RR_TYPE_NXT: + case LDNS_RR_TYPE_NAPTR: + case LDNS_RR_TYPE_KX: + case LDNS_RR_TYPE_SRV: + case LDNS_RR_TYPE_DNAME: + case LDNS_RR_TYPE_A6: + case LDNS_RR_TYPE_RRSIG: + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + ldns_dname2canonical(ldns_rr_rdf(rr, i)); + } + return; + default: + /* do nothing */ + return; + } +} + +void +ldns_rr_list2canonical(ldns_rr_list *rr_list) +{ + size_t i; + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + ldns_rr2canonical(ldns_rr_list_rr(rr_list, i)); + } +} + +uint8_t +ldns_rr_label_count(ldns_rr *rr) +{ + if (!rr) { + return 0; + } + return ldns_dname_label_count( + ldns_rr_owner(rr)); +} + +/** \cond */ +static const ldns_rdf_type type_0_wireformat[] = { LDNS_RDF_TYPE_UNKNOWN }; +static const ldns_rdf_type type_a_wireformat[] = { LDNS_RDF_TYPE_A }; +static const ldns_rdf_type type_ns_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_md_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_mf_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_cname_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_soa_wireformat[] = { + LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_INT32, + LDNS_RDF_TYPE_PERIOD, LDNS_RDF_TYPE_PERIOD, LDNS_RDF_TYPE_PERIOD, + LDNS_RDF_TYPE_PERIOD +}; +static const ldns_rdf_type type_mb_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_mg_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_mr_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_wks_wireformat[] = { + LDNS_RDF_TYPE_A, LDNS_RDF_TYPE_WKS +}; +static const ldns_rdf_type type_ptr_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_hinfo_wireformat[] = { + LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR +}; +static const ldns_rdf_type type_minfo_wireformat[] = { + LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_mx_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_rp_wireformat[] = { + LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_afsdb_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_x25_wireformat[] = { LDNS_RDF_TYPE_STR }; +static const ldns_rdf_type type_isdn_wireformat[] = { + LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR +}; +static const ldns_rdf_type type_rt_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_nsap_wireformat[] = { + LDNS_RDF_TYPE_NSAP +}; +static const ldns_rdf_type type_nsap_ptr_wireformat[] = { + LDNS_RDF_TYPE_STR +}; +static const ldns_rdf_type type_sig_wireformat[] = { + LDNS_RDF_TYPE_TYPE, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT32, + LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_key_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_px_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_gpos_wireformat[] = { + LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR +}; +static const ldns_rdf_type type_aaaa_wireformat[] = { LDNS_RDF_TYPE_AAAA }; +static const ldns_rdf_type type_loc_wireformat[] = { LDNS_RDF_TYPE_LOC }; +static const ldns_rdf_type type_nxt_wireformat[] = { + LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_UNKNOWN +}; +static const ldns_rdf_type type_eid_wireformat[] = { + LDNS_RDF_TYPE_HEX +}; +static const ldns_rdf_type type_nimloc_wireformat[] = { + LDNS_RDF_TYPE_HEX +}; +static const ldns_rdf_type type_srv_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_atma_wireformat[] = { + LDNS_RDF_TYPE_ATMA +}; +static const ldns_rdf_type type_naptr_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_kx_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_cert_wireformat[] = { + LDNS_RDF_TYPE_CERT_ALG, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_a6_wireformat[] = { LDNS_RDF_TYPE_UNKNOWN }; +static const ldns_rdf_type type_dname_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_sink_wireformat[] = { LDNS_RDF_TYPE_INT8, + LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_apl_wireformat[] = { + LDNS_RDF_TYPE_APL +}; +static const ldns_rdf_type type_ds_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX +}; +static const ldns_rdf_type type_sshfp_wireformat[] = { + LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX +}; +static const ldns_rdf_type type_ipseckey_wireformat[] = { + LDNS_RDF_TYPE_IPSECKEY +}; +static const ldns_rdf_type type_rrsig_wireformat[] = { + LDNS_RDF_TYPE_TYPE, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT32, + LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_nsec_wireformat[] = { + LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_NSEC +}; +static const ldns_rdf_type type_dhcid_wireformat[] = { + LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_talink_wireformat[] = { + LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME +}; +/*@unused@*/ static const ldns_rdf_type type_openpgpkey_wireformat[] = { + LDNS_RDF_TYPE_B64 +}; +/* nsec3 is some vars, followed by same type of data of nsec */ +static const ldns_rdf_type type_nsec3_wireformat[] = { +/* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/ + LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_NSEC3_SALT, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC +}; + +static const ldns_rdf_type type_nsec3param_wireformat[] = { +/* LDNS_RDF_TYPE_NSEC3_PARAMS_VARS*/ + LDNS_RDF_TYPE_INT8, + LDNS_RDF_TYPE_INT8, + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_NSEC3_SALT +}; + +static const ldns_rdf_type type_dnskey_wireformat[] = { + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_INT8, + LDNS_RDF_TYPE_ALG, + LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_tkey_wireformat[] = { + LDNS_RDF_TYPE_DNAME, + LDNS_RDF_TYPE_TIME, + LDNS_RDF_TYPE_TIME, + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_INT16_DATA, + LDNS_RDF_TYPE_INT16_DATA, +}; +static const ldns_rdf_type type_tsig_wireformat[] = { + LDNS_RDF_TYPE_DNAME, + LDNS_RDF_TYPE_TSIGTIME, + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_INT16_DATA, + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_INT16_DATA +}; +static const ldns_rdf_type type_tlsa_wireformat[] = { + LDNS_RDF_TYPE_CERTIFICATE_USAGE, + LDNS_RDF_TYPE_SELECTOR, + LDNS_RDF_TYPE_MATCHING_TYPE, + LDNS_RDF_TYPE_HEX +}; +static const ldns_rdf_type type_hip_wireformat[] = { + LDNS_RDF_TYPE_HIP +}; +static const ldns_rdf_type type_nid_wireformat[] = { + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_ILNP64 +}; +static const ldns_rdf_type type_l32_wireformat[] = { + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_A +}; +static const ldns_rdf_type type_l64_wireformat[] = { + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_ILNP64 +}; +static const ldns_rdf_type type_lp_wireformat[] = { + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_eui48_wireformat[] = { + LDNS_RDF_TYPE_EUI48 +}; +static const ldns_rdf_type type_eui64_wireformat[] = { + LDNS_RDF_TYPE_EUI64 +}; +#ifdef RRTYPE_URI +static const ldns_rdf_type type_uri_wireformat[] = { + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_LONG_STR +}; +#endif +static const ldns_rdf_type type_caa_wireformat[] = { + LDNS_RDF_TYPE_INT8, + LDNS_RDF_TYPE_TAG, + LDNS_RDF_TYPE_LONG_STR +}; +/** \endcond */ + +/** \cond */ +/* All RR's defined in 1035 are well known and can thus + * be compressed. See RFC3597. These RR's are: + * CNAME HINFO MB MD MF MG MINFO MR MX NULL NS PTR SOA TXT + */ +static ldns_rr_descriptor rdata_field_descriptors[] = { + /* 0 */ + { 0, NULL, 0, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 1 */ + {LDNS_RR_TYPE_A, "A", 1, 1, type_a_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 2 */ + {LDNS_RR_TYPE_NS, "NS", 1, 1, type_ns_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 3 */ + {LDNS_RR_TYPE_MD, "MD", 1, 1, type_md_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 4 */ + {LDNS_RR_TYPE_MF, "MF", 1, 1, type_mf_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 5 */ + {LDNS_RR_TYPE_CNAME, "CNAME", 1, 1, type_cname_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 6 */ + {LDNS_RR_TYPE_SOA, "SOA", 7, 7, type_soa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 2 }, + /* 7 */ + {LDNS_RR_TYPE_MB, "MB", 1, 1, type_mb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 8 */ + {LDNS_RR_TYPE_MG, "MG", 1, 1, type_mg_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 9 */ + {LDNS_RR_TYPE_MR, "MR", 1, 1, type_mr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 10 */ + {LDNS_RR_TYPE_NULL, "NULL", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 11 */ + {LDNS_RR_TYPE_WKS, "WKS", 2, 2, type_wks_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 12 */ + {LDNS_RR_TYPE_PTR, "PTR", 1, 1, type_ptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 13 */ + {LDNS_RR_TYPE_HINFO, "HINFO", 2, 2, type_hinfo_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 14 */ + {LDNS_RR_TYPE_MINFO, "MINFO", 2, 2, type_minfo_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 2 }, + /* 15 */ + {LDNS_RR_TYPE_MX, "MX", 2, 2, type_mx_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 16 */ + {LDNS_RR_TYPE_TXT, "TXT", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, + /* 17 */ + {LDNS_RR_TYPE_RP, "RP", 2, 2, type_rp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 }, + /* 18 */ + {LDNS_RR_TYPE_AFSDB, "AFSDB", 2, 2, type_afsdb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 19 */ + {LDNS_RR_TYPE_X25, "X25", 1, 1, type_x25_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 20 */ + {LDNS_RR_TYPE_ISDN, "ISDN", 1, 2, type_isdn_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 21 */ + {LDNS_RR_TYPE_RT, "RT", 2, 2, type_rt_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 22 */ + {LDNS_RR_TYPE_NSAP, "NSAP", 1, 1, type_nsap_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 23 */ + {LDNS_RR_TYPE_NSAP_PTR, "NSAP-PTR", 1, 1, type_nsap_ptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 24 */ + {LDNS_RR_TYPE_SIG, "SIG", 9, 9, type_sig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 25 */ + {LDNS_RR_TYPE_KEY, "KEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 26 */ + {LDNS_RR_TYPE_PX, "PX", 3, 3, type_px_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 }, + /* 27 */ + {LDNS_RR_TYPE_GPOS, "GPOS", 3, 3, type_gpos_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 28 */ + {LDNS_RR_TYPE_AAAA, "AAAA", 1, 1, type_aaaa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 29 */ + {LDNS_RR_TYPE_LOC, "LOC", 1, 1, type_loc_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 30 */ + {LDNS_RR_TYPE_NXT, "NXT", 2, 2, type_nxt_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 31 */ + {LDNS_RR_TYPE_EID, "EID", 1, 1, type_eid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 32 */ + {LDNS_RR_TYPE_NIMLOC, "NIMLOC", 1, 1, type_nimloc_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 33 */ + {LDNS_RR_TYPE_SRV, "SRV", 4, 4, type_srv_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 34 */ + {LDNS_RR_TYPE_ATMA, "ATMA", 1, 1, type_atma_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 35 */ + {LDNS_RR_TYPE_NAPTR, "NAPTR", 6, 6, type_naptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 36 */ + {LDNS_RR_TYPE_KX, "KX", 2, 2, type_kx_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 37 */ + {LDNS_RR_TYPE_CERT, "CERT", 4, 4, type_cert_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 38 */ + {LDNS_RR_TYPE_A6, "A6", 1, 1, type_a6_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 39 */ + {LDNS_RR_TYPE_DNAME, "DNAME", 1, 1, type_dname_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 40 */ + {LDNS_RR_TYPE_SINK, "SINK", 1, 1, type_sink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 41 */ + {LDNS_RR_TYPE_OPT, "OPT", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 42 */ + {LDNS_RR_TYPE_APL, "APL", 0, 0, type_apl_wireformat, LDNS_RDF_TYPE_APL, LDNS_RR_NO_COMPRESS, 0 }, + /* 43 */ + {LDNS_RR_TYPE_DS, "DS", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 44 */ + {LDNS_RR_TYPE_SSHFP, "SSHFP", 3, 3, type_sshfp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 45 */ + {LDNS_RR_TYPE_IPSECKEY, "IPSECKEY", 1, 1, type_ipseckey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 46 */ + {LDNS_RR_TYPE_RRSIG, "RRSIG", 9, 9, type_rrsig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 47 */ + {LDNS_RR_TYPE_NSEC, "NSEC", 1, 2, type_nsec_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 48 */ + {LDNS_RR_TYPE_DNSKEY, "DNSKEY", 4, 4, type_dnskey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 49 */ + {LDNS_RR_TYPE_DHCID, "DHCID", 1, 1, type_dhcid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 50 */ + {LDNS_RR_TYPE_NSEC3, "NSEC3", 5, 6, type_nsec3_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 51 */ + {LDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 52 */ + {LDNS_RR_TYPE_TLSA, "TLSA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + +{LDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + + /* 55 + * Hip ends with 0 or more Rendezvous Servers represented as dname's. + * Hence the LDNS_RDF_TYPE_DNAME _variable field and the _maximum field + * set to 0. + */ + {LDNS_RR_TYPE_HIP, "HIP", 1, 1, type_hip_wireformat, LDNS_RDF_TYPE_DNAME, LDNS_RR_NO_COMPRESS, 0 }, + +#ifdef RRTYPE_NINFO + /* 56 */ + {LDNS_RR_TYPE_NINFO, "NINFO", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, +#else +{LDNS_RR_TYPE_NULL, "TYPE56", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#endif +#ifdef RRTYPE_RKEY + /* 57 */ + {LDNS_RR_TYPE_RKEY, "RKEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#else +{LDNS_RR_TYPE_NULL, "TYPE57", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#endif + /* 58 */ + {LDNS_RR_TYPE_TALINK, "TALINK", 2, 2, type_talink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 }, + + /* 59 */ + {LDNS_RR_TYPE_CDS, "CDS", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 60 */ + {LDNS_RR_TYPE_CDNSKEY, "CDNSKEY", 4, 4, type_dnskey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + +#ifdef RRTYPE_OPENPGPKEY + /* 61 */ + {LDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#else +{LDNS_RR_TYPE_NULL, "TYPE61", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#endif + +{LDNS_RR_TYPE_NULL, "TYPE62", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE69", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE70", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE71", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE72", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE73", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE74", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE75", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE76", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE77", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE78", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE79", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE80", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE81", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE82", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE83", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE84", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE85", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE86", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE87", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE88", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE89", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE90", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE91", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE92", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE93", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE94", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE95", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE96", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE97", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE98", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + + /* 99 */ + {LDNS_RR_TYPE_SPF, "SPF", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, + + /* UINFO [IANA-Reserved] */ +{LDNS_RR_TYPE_NULL, "TYPE100", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* UID [IANA-Reserved] */ +{LDNS_RR_TYPE_NULL, "TYPE101", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* GID [IANA-Reserved] */ +{LDNS_RR_TYPE_NULL, "TYPE102", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* UNSPEC [IANA-Reserved] */ +{LDNS_RR_TYPE_NULL, "TYPE103", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + + /* 104 */ + {LDNS_RR_TYPE_NID, "NID", 2, 2, type_nid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 105 */ + {LDNS_RR_TYPE_L32, "L32", 2, 2, type_l32_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 106 */ + {LDNS_RR_TYPE_L64, "L64", 2, 2, type_l64_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 107 */ + {LDNS_RR_TYPE_LP, "LP", 2, 2, type_lp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 108 */ + {LDNS_RR_TYPE_EUI48, "EUI48", 1, 1, type_eui48_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 109 */ + {LDNS_RR_TYPE_EUI64, "EUI64", 1, 1, type_eui64_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + +{LDNS_RR_TYPE_NULL, "TYPE110", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE111", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE112", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE113", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE114", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE115", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE116", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE117", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE118", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE119", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE120", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE121", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE122", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE123", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE124", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE125", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE126", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE127", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE128", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE129", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE130", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE131", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE132", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE133", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE134", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE135", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE136", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE137", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE138", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE139", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE140", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE141", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE142", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE143", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE144", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE145", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE146", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE147", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE148", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE149", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE150", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE151", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE152", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE153", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE154", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE155", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE156", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE157", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE158", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE159", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE160", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE161", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE162", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE163", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE164", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE165", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE166", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE167", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE168", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE169", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE170", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE171", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE172", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE173", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE174", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE175", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE176", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE177", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE178", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE179", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE180", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE181", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE182", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE183", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE184", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE185", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE186", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE187", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE188", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE189", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE190", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE191", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE192", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE193", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE194", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE195", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE196", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE197", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE198", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE199", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE200", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE201", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE202", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE203", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE204", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE205", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE206", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE207", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE208", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE209", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE210", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE211", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE212", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE213", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE214", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE215", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE216", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE217", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE218", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE219", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE220", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE221", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE222", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE223", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE224", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE225", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE226", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE227", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE228", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE229", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE230", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE231", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE232", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE233", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE234", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE235", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE236", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE237", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE238", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE239", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE240", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE241", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE242", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE243", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE244", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE245", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE246", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE247", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE248", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + + /* LDNS_RDF_TYPE_INT16_DATA takes two fields (length and data) as one. + * So, unlike RFC 2930 spec, we have 7 min/max rdf's i.s.o. 8/9. + */ + /* 249 */ + {LDNS_RR_TYPE_TKEY, "TKEY", 7, 7, type_tkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* LDNS_RDF_TYPE_INT16_DATA takes two fields (length and data) as one. + * So, unlike RFC 2930 spec, we have 7 min/max rdf's i.s.o. 8/9. + */ + /* 250 */ + {LDNS_RR_TYPE_TSIG, "TSIG", 7, 7, type_tsig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + + /* IXFR: A request for a transfer of an incremental zone transfer */ +{LDNS_RR_TYPE_NULL, "TYPE251", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* AXFR: A request for a transfer of an entire zone */ +{LDNS_RR_TYPE_NULL, "TYPE252", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* MAILB: A request for mailbox-related records (MB, MG or MR) */ +{LDNS_RR_TYPE_NULL, "TYPE253", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* MAILA: A request for mail agent RRs (Obsolete - see MX) */ +{LDNS_RR_TYPE_NULL, "TYPE254", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* ANY: A request for all (available) records */ +{LDNS_RR_TYPE_NULL, "TYPE255", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + +#ifdef RRTYPE_URI + /* 256 */ + {LDNS_RR_TYPE_URI, "URI", 3, 3, type_uri_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#else +{LDNS_RR_TYPE_NULL, "TYPE256", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#endif + /* 257 */ + {LDNS_RR_TYPE_CAA, "CAA", 3, 3, type_caa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + +/* split in array, no longer contiguous */ + +#ifdef RRTYPE_TA + /* 32768 */ + {LDNS_RR_TYPE_TA, "TA", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#else +{LDNS_RR_TYPE_NULL, "TYPE32768", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +#endif + /* 32769 */ + {LDNS_RR_TYPE_DLV, "DLV", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 } +}; +/** \endcond */ + +/** + * \def LDNS_RDATA_FIELD_DESCRIPTORS_COUNT + * computes the number of rdata fields + */ +#define LDNS_RDATA_FIELD_DESCRIPTORS_COUNT \ + (sizeof(rdata_field_descriptors)/sizeof(rdata_field_descriptors[0])) + + +/*---------------------------------------------------------------------------* + * The functions below return an bitmap RDF with the space required to set + * or unset all known RR types. Arguably these functions are better situated + * in rdata.c, however for the space calculation it is necesarry to walk + * through rdata_field_descriptors which is not easily possible from anywhere + * other than rr.c where it is declared static. + * + * Alternatively rr.c could have provided an iterator for rr_type or + * rdf_descriptors, but this seemed overkill for internal use only. + */ +static ldns_rr_descriptor* rdata_field_descriptors_end = + &rdata_field_descriptors[LDNS_RDATA_FIELD_DESCRIPTORS_COUNT]; + +/* From RFC3845: + * + * 2.1.2. The List of Type Bit Map(s) Field + * + * The RR type space is split into 256 window blocks, each representing + * the low-order 8 bits of the 16-bit RR type space. Each block that + * has at least one active RR type is encoded using a single octet + * window number (from 0 to 255), a single octet bitmap length (from 1 + * to 32) indicating the number of octets used for the window block's + * bitmap, and up to 32 octets (256 bits) of bitmap. + * + * Window blocks are present in the NSEC RR RDATA in increasing + * numerical order. + * + * "|" denotes concatenation + * + * Type Bit Map(s) Field = ( Window Block # | Bitmap Length | Bitmap ) + + * + * + * + * Blocks with no types present MUST NOT be included. Trailing zero + * octets in the bitmap MUST be omitted. The length of each block's + * bitmap is determined by the type code with the largest numerical + * value within that block, among the set of RR types present at the + * NSEC RR's owner name. Trailing zero octets not specified MUST be + * interpreted as zero octets. + */ +static ldns_status +ldns_rdf_bitmap_known_rr_types_set(ldns_rdf** rdf, int value) +{ + uint8_t window; /* most significant octet of type */ + uint8_t subtype; /* least significant octet of type */ + uint16_t windows[256] /* Max subtype per window */ +#ifndef S_SPLINT_S + = { 0 } +#endif + ; + ldns_rr_descriptor* d; /* used to traverse rdata_field_descriptors */ + size_t i; /* used to traverse windows array */ + + size_t sz; /* size needed for type bitmap rdf */ + uint8_t* data = NULL; /* rdf data */ + uint8_t* dptr; /* used to itraverse rdf data */ + + assert(rdf != NULL); + + /* Which windows need to be in the bitmap rdf? + */ + for (d=rdata_field_descriptors; d < rdata_field_descriptors_end; d++) { + window = d->_type >> 8; + subtype = d->_type & 0xff; + if (windows[window] < subtype) { + windows[window] = subtype; + } + } + + /* How much space do we need in the rdf for those windows? + */ + sz = 0; + for (i = 0; i < 256; i++) { + if (windows[i]) { + sz += windows[i] / 8 + 3; + } + } + if (sz > 0) { + /* Format rdf data according RFC3845 Section 2.1.2 (see above) + */ + dptr = data = LDNS_XMALLOC(uint8_t, sz); + memset(data, value, sz); + if (!data) { + return LDNS_STATUS_MEM_ERR; + } + for (i = 0; i < 256; i++) { + if (windows[i]) { + *dptr++ = (uint8_t)i; + *dptr++ = (uint8_t)(windows[i] / 8 + 1); + dptr += dptr[-1]; + } + } + } + /* Allocate and return rdf structure for the data + */ + *rdf = ldns_rdf_new(LDNS_RDF_TYPE_BITMAP, sz, data); + if (!*rdf) { + LDNS_FREE(data); + return LDNS_STATUS_MEM_ERR; + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_rdf_bitmap_known_rr_types_space(ldns_rdf** rdf) +{ + return ldns_rdf_bitmap_known_rr_types_set(rdf, 0); +} + +ldns_status +ldns_rdf_bitmap_known_rr_types(ldns_rdf** rdf) +{ + return ldns_rdf_bitmap_known_rr_types_set(rdf, 255); +} +/* End of RDF bitmap functions + *---------------------------------------------------------------------------*/ + + +const ldns_rr_descriptor * +ldns_rr_descript(uint16_t type) +{ + size_t i; + if (type < LDNS_RDATA_FIELD_DESCRIPTORS_COMMON) { + return &rdata_field_descriptors[type]; + } else { + /* because not all array index equals type code */ + for (i = LDNS_RDATA_FIELD_DESCRIPTORS_COMMON; + i < LDNS_RDATA_FIELD_DESCRIPTORS_COUNT; + i++) { + if (rdata_field_descriptors[i]._type == type) { + return &rdata_field_descriptors[i]; + } + } + return &rdata_field_descriptors[0]; + } +} + +size_t +ldns_rr_descriptor_minimum(const ldns_rr_descriptor *descriptor) +{ + if (descriptor) { + return descriptor->_minimum; + } else { + return 0; + } +} + +size_t +ldns_rr_descriptor_maximum(const ldns_rr_descriptor *descriptor) +{ + if (descriptor) { + if (descriptor->_variable != LDNS_RDF_TYPE_NONE) { + /* Should really be SIZE_MAX... bad FreeBSD. */ + return UINT_MAX; + } else { + return descriptor->_maximum; + } + } else { + return 0; + } +} + +ldns_rdf_type +ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor, + size_t index) +{ + assert(descriptor != NULL); + assert(index < descriptor->_maximum + || descriptor->_variable != LDNS_RDF_TYPE_NONE); + if (index < descriptor->_maximum) { + return descriptor->_wireformat[index]; + } else { + return descriptor->_variable; + } +} + +ldns_rr_type +ldns_get_rr_type_by_name(const char *name) +{ + unsigned int i; + const char *desc_name; + const ldns_rr_descriptor *desc; + + /* TYPEXX representation */ + if (strlen(name) > 4 && strncasecmp(name, "TYPE", 4) == 0) { + return atoi(name + 4); + } + + /* Normal types */ + for (i = 0; i < (unsigned int) LDNS_RDATA_FIELD_DESCRIPTORS_COUNT; i++) { + desc = &rdata_field_descriptors[i]; + desc_name = desc->_name; + if(desc_name && + strlen(name) == strlen(desc_name) && + strncasecmp(name, desc_name, strlen(desc_name)) == 0) { + /* because not all array index equals type code */ + return desc->_type; + } + } + + /* special cases for query types */ + if (strlen(name) == 4 && strncasecmp(name, "IXFR", 4) == 0) { + return 251; + } else if (strlen(name) == 4 && strncasecmp(name, "AXFR", 4) == 0) { + return 252; + } else if (strlen(name) == 5 && strncasecmp(name, "MAILB", 5) == 0) { + return 253; + } else if (strlen(name) == 5 && strncasecmp(name, "MAILA", 5) == 0) { + return 254; + } else if (strlen(name) == 3 && strncasecmp(name, "ANY", 3) == 0) { + return 255; + } + + return 0; +} + +ldns_rr_class +ldns_get_rr_class_by_name(const char *name) +{ + ldns_lookup_table *lt; + + /* CLASSXX representation */ + if (strlen(name) > 5 && strncasecmp(name, "CLASS", 5) == 0) { + return atoi(name + 5); + } + + /* Normal types */ + lt = ldns_lookup_by_name(ldns_rr_classes, name); + + if (lt) { + return lt->id; + } + return 0; +} + + +ldns_rr_type +ldns_rdf2rr_type(const ldns_rdf *rd) +{ + ldns_rr_type r; + + if (!rd) { + return 0; + } + + if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_TYPE) { + return 0; + } + + r = (ldns_rr_type) ldns_rdf2native_int16(rd); + return r; +} + +ldns_rr_type +ldns_rr_list_type(const ldns_rr_list *rr_list) +{ + if (rr_list && ldns_rr_list_rr_count(rr_list) > 0) { + return ldns_rr_get_type(ldns_rr_list_rr(rr_list, 0)); + } else { + return 0; + } +} + +ldns_rdf * +ldns_rr_list_owner(const ldns_rr_list *rr_list) +{ + if (rr_list && ldns_rr_list_rr_count(rr_list) > 0) { + return ldns_rr_owner(ldns_rr_list_rr(rr_list, 0)); + } else { + return NULL; + } +} diff --git a/ldns/src/rr_functions.c b/ldns/src/rr_functions.c new file mode 100644 index 0000000..b03751b --- /dev/null +++ b/ldns/src/rr_functions.c @@ -0,0 +1,419 @@ +/* + * rr_function.c + * + * function that operate on specific rr types + * + * (c) NLnet Labs, 2004-2006 + * See the file LICENSE for the license + */ + +/* + * These come strait from perldoc Net::DNS::RR::xxx + * first the read variant, then the write. This is + * not complete. + */ + +#include + +#include + +#include +#include + +/** + * return a specific rdf + * \param[in] type type of RR + * \param[in] rr the rr itself + * \param[in] pos at which postion to get it + * \return the rdf sought + */ +static ldns_rdf * +ldns_rr_function(ldns_rr_type type, const ldns_rr *rr, size_t pos) +{ + if (!rr || ldns_rr_get_type(rr) != type) { + return NULL; + } + return ldns_rr_rdf(rr, pos); +} + +/** + * set a specific rdf + * \param[in] type type of RR + * \param[in] rr the rr itself + * \param[in] rdf the rdf to set + * \param[in] pos at which postion to set it + * \return true or false + */ +static bool +ldns_rr_set_function(ldns_rr_type type, ldns_rr *rr, ldns_rdf *rdf, size_t pos) +{ + ldns_rdf *pop; + if (!rr || ldns_rr_get_type(rr) != type) { + return false; + } + pop = ldns_rr_set_rdf(rr, rdf, pos); + ldns_rdf_deep_free(pop); + return true; +} + +/* A/AAAA records */ +ldns_rdf * +ldns_rr_a_address(const ldns_rr *r) +{ + /* 2 types to check, cannot use the macro */ + if (!r || (ldns_rr_get_type(r) != LDNS_RR_TYPE_A && + ldns_rr_get_type(r) != LDNS_RR_TYPE_AAAA)) { + return NULL; + } + return ldns_rr_rdf(r, 0); +} + +bool +ldns_rr_a_set_address(ldns_rr *r, ldns_rdf *f) +{ + /* 2 types to check, cannot use the macro... */ + ldns_rdf *pop; + if (!r || (ldns_rr_get_type(r) != LDNS_RR_TYPE_A && + ldns_rr_get_type(r) != LDNS_RR_TYPE_AAAA)) { + return false; + } + pop = ldns_rr_set_rdf(r, f, 0); + if (pop) { + LDNS_FREE(pop); + return true; + } else { + return false; + } +} + +/* NS record */ +ldns_rdf * +ldns_rr_ns_nsdname(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_NS, r, 0); +} + +/* MX record */ +ldns_rdf * +ldns_rr_mx_preference(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_MX, r, 0); +} + +ldns_rdf * +ldns_rr_mx_exchange(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_MX, r, 1); +} + +/* RRSIG record */ +ldns_rdf * +ldns_rr_rrsig_typecovered(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 0); +} + +bool +ldns_rr_rrsig_set_typecovered(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 0); +} + +ldns_rdf * +ldns_rr_rrsig_algorithm(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 1); +} + +bool +ldns_rr_rrsig_set_algorithm(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 1); +} + +ldns_rdf * +ldns_rr_rrsig_labels(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 2); +} + +bool +ldns_rr_rrsig_set_labels(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 2); +} + +ldns_rdf * +ldns_rr_rrsig_origttl(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 3); +} + +bool +ldns_rr_rrsig_set_origttl(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 3); +} + +ldns_rdf * +ldns_rr_rrsig_expiration(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 4); +} + +bool +ldns_rr_rrsig_set_expiration(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 4); +} + +ldns_rdf * +ldns_rr_rrsig_inception(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 5); +} + +bool +ldns_rr_rrsig_set_inception(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 5); +} + +ldns_rdf * +ldns_rr_rrsig_keytag(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 6); +} + +bool +ldns_rr_rrsig_set_keytag(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 6); +} + +ldns_rdf * +ldns_rr_rrsig_signame(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 7); +} + +bool +ldns_rr_rrsig_set_signame(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 7); +} + +ldns_rdf * +ldns_rr_rrsig_sig(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 8); +} + +bool +ldns_rr_rrsig_set_sig(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 8); +} + +/* DNSKEY record */ +ldns_rdf * +ldns_rr_dnskey_flags(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 0); +} + +bool +ldns_rr_dnskey_set_flags(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 0); +} + +ldns_rdf * +ldns_rr_dnskey_protocol(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 1); +} + +bool +ldns_rr_dnskey_set_protocol(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 1); +} + +ldns_rdf * +ldns_rr_dnskey_algorithm(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 2); +} + +bool +ldns_rr_dnskey_set_algorithm(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 2); +} + +ldns_rdf * +ldns_rr_dnskey_key(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 3); +} + +bool +ldns_rr_dnskey_set_key(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 3); +} + +size_t +ldns_rr_dnskey_key_size_raw(const unsigned char* keydata, + const size_t len, + const ldns_algorithm alg) +{ + /* for DSA keys */ + uint8_t t; + + /* for RSA keys */ + uint16_t exp; + uint16_t int16; + + switch ((ldns_signing_algorithm)alg) { + case LDNS_SIGN_DSA: + case LDNS_SIGN_DSA_NSEC3: + if (len > 0) { + t = keydata[0]; + return (64 + t*8)*8; + } else { + return 0; + } + break; + case LDNS_SIGN_RSAMD5: + case LDNS_SIGN_RSASHA1: + case LDNS_SIGN_RSASHA1_NSEC3: +#ifdef USE_SHA2 + case LDNS_SIGN_RSASHA256: + case LDNS_SIGN_RSASHA512: +#endif + if (len > 0) { + if (keydata[0] == 0) { + /* big exponent */ + if (len > 3) { + memmove(&int16, keydata + 1, 2); + exp = ntohs(int16); + return (len - exp - 3)*8; + } else { + return 0; + } + } else { + exp = keydata[0]; + return (len-exp-1)*8; + } + } else { + return 0; + } + break; +#ifdef USE_GOST + case LDNS_SIGN_ECC_GOST: + return 512; +#endif +#ifdef USE_ECDSA + case LDNS_SIGN_ECDSAP256SHA256: + return 256; + case LDNS_SIGN_ECDSAP384SHA384: + return 384; +#endif + case LDNS_SIGN_HMACMD5: + return len; + default: + return 0; + } +} + +size_t +ldns_rr_dnskey_key_size(const ldns_rr *key) +{ + if (!key || !ldns_rr_dnskey_key(key) + || !ldns_rr_dnskey_algorithm(key)) { + return 0; + } + return ldns_rr_dnskey_key_size_raw((unsigned char*)ldns_rdf_data(ldns_rr_dnskey_key(key)), + ldns_rdf_size(ldns_rr_dnskey_key(key)), + ldns_rdf2native_int8(ldns_rr_dnskey_algorithm(key)) + ); +} + +uint32_t ldns_soa_serial_identity(uint32_t ATTR_UNUSED(unused), void *data) +{ + return (uint32_t) (intptr_t) data; +} + +uint32_t ldns_soa_serial_increment(uint32_t s, void *ATTR_UNUSED(unused)) +{ + return ldns_soa_serial_increment_by(s, (void *)1); +} + +uint32_t ldns_soa_serial_increment_by(uint32_t s, void *data) +{ + return s + (intptr_t) data; +} + +uint32_t ldns_soa_serial_datecounter(uint32_t s, void *data) +{ + struct tm tm; + char s_str[11]; + int32_t new_s; + time_t t = data ? (time_t) (intptr_t) data : ldns_time(NULL); + + (void) strftime(s_str, 11, "%Y%m%d00", localtime_r(&t, &tm)); + new_s = (int32_t) atoi(s_str); + return new_s - ((int32_t) s) <= 0 ? s+1 : ((uint32_t) new_s); +} + +uint32_t ldns_soa_serial_unixtime(uint32_t s, void *data) +{ + int32_t new_s = data ? (int32_t) (intptr_t) data + : (int32_t) ldns_time(NULL); + return new_s - ((int32_t) s) <= 0 ? s+1 : ((uint32_t) new_s); +} + +void +ldns_rr_soa_increment(ldns_rr *soa) +{ + ldns_rr_soa_increment_func_data(soa, ldns_soa_serial_increment, NULL); +} + +void +ldns_rr_soa_increment_func(ldns_rr *soa, ldns_soa_serial_increment_func_t f) +{ + ldns_rr_soa_increment_func_data(soa, f, NULL); +} + +void +ldns_rr_soa_increment_func_data(ldns_rr *soa, + ldns_soa_serial_increment_func_t f, void *data) +{ + ldns_rdf *prev_soa_serial_rdf; + if ( !soa || !f || ldns_rr_get_type(soa) != LDNS_RR_TYPE_SOA + || !ldns_rr_rdf(soa, 2)) { + return; + } + prev_soa_serial_rdf = ldns_rr_set_rdf( + soa + , ldns_native2rdf_int32( + LDNS_RDF_TYPE_INT32 + , (*f)( ldns_rdf2native_int32( + ldns_rr_rdf(soa, 2)) + , data + ) + ) + , 2 + ); + LDNS_FREE(prev_soa_serial_rdf); +} + +void +ldns_rr_soa_increment_func_int(ldns_rr *soa, + ldns_soa_serial_increment_func_t f, int data) +{ + ldns_rr_soa_increment_func_data(soa, f, (void *) (intptr_t) data); +} + diff --git a/ldns/src/sha1.c b/ldns/src/sha1.c new file mode 100644 index 0000000..18a4dd2 --- /dev/null +++ b/ldns/src/sha1.c @@ -0,0 +1,177 @@ +/* + * modified for ldns by Jelte Jansen, original taken from OpenBSD: + * + * SHA-1 in C + * By Steve Reid + * 100% Public Domain + * + * Test Vectors (from FIPS PUB 180-1) + * "abc" + * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D + * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 + * A million repetitions of "a" + * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F +*/ + +/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */ + +#include +#include +#include + +#define SHA1HANDSOFF 1 /* Copies data before messing with it. */ +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +#if BYTE_ORDER == LITTLE_ENDIAN +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ + |(rol(block->l[i],8)&0x00FF00FF)) +#else +#define blk0(i) block->l[i] +#endif +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ + ^block->l[(i+2)&15]^block->l[i&15],1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); + +/* Hash a single 512-bit block. This is the core of the algorithm. */ + +void +ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]) +{ + uint32_t a, b, c, d, e; + typedef union { + unsigned char c[64]; + unsigned int l[16]; + } CHAR64LONG16; + CHAR64LONG16* block; +#ifdef SHA1HANDSOFF + unsigned char workspace[LDNS_SHA1_BLOCK_LENGTH]; + + block = (CHAR64LONG16 *)workspace; + memmove(block, buffer, LDNS_SHA1_BLOCK_LENGTH); +#else + block = (CHAR64LONG16 *)buffer; +#endif + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; +} + + +/* SHA1Init - Initialize new context */ + +void +ldns_sha1_init(ldns_sha1_ctx *context) +{ + /* SHA1 initialization constants */ + context->count = 0; + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; +} + + +/* Run your data through this. */ + +void +ldns_sha1_update(ldns_sha1_ctx *context, const unsigned char *data, unsigned int len) +{ + unsigned int i; + unsigned int j; + + j = (unsigned)(uint32_t)((context->count >> 3) & 63); + context->count += (len << 3); + if ((j + len) > 63) { + memmove(&context->buffer[j], data, (i = 64 - j)); + ldns_sha1_transform(context->state, context->buffer); + for ( ; i + 63 < len; i += 64) { + ldns_sha1_transform(context->state, &data[i]); + } + j = 0; + } + else i = 0; + memmove(&context->buffer[j], &data[i], len - i); +} + + +/* Add padding and return the message digest. */ + +void +ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context) +{ + unsigned int i; + unsigned char finalcount[8]; + + for (i = 0; i < 8; i++) { + finalcount[i] = (unsigned char)((context->count >> + ((7 - (i & 7)) * 8)) & 255); /* Endian independent */ + } + ldns_sha1_update(context, (unsigned char *)"\200", 1); + while ((context->count & 504) != 448) { + ldns_sha1_update(context, (unsigned char *)"\0", 1); + } + ldns_sha1_update(context, finalcount, 8); /* Should cause a SHA1Transform() */ + + if (digest != NULL) + for (i = 0; i < LDNS_SHA1_DIGEST_LENGTH; i++) { + digest[i] = (unsigned char)((context->state[i >> 2] >> + ((3 - (i & 3)) * 8)) & 255); + } +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite its own static vars */ + ldns_sha1_transform(context->state, context->buffer); +#endif +} + +unsigned char * +ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest) +{ + ldns_sha1_ctx ctx; + ldns_sha1_init(&ctx); + ldns_sha1_update(&ctx, data, data_len); + ldns_sha1_final(digest, &ctx); + return digest; +} diff --git a/ldns/src/sha2.c b/ldns/src/sha2.c new file mode 100644 index 0000000..9a27122 --- /dev/null +++ b/ldns/src/sha2.c @@ -0,0 +1,991 @@ +/* + * FILE: sha2.c + * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/ + * + * Copyright (c) 2000-2001, Aaron D. Gifford + * All rights reserved. + * + * Modified by Jelte Jansen to fit in ldns, and not clash with any + * system-defined SHA code. + * Changes: + * - Renamed (external) functions and constants to fit ldns style + * - Removed _End and _Data functions + * - Added ldns_shaX(data, len, digest) convenience functions + * - Removed prototypes of _Transform functions and made those static + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ + */ + +#include +#include /* memcpy()/memset() or bcopy()/bzero() */ +#include /* assert() */ +#include + +/* + * ASSERT NOTE: + * Some sanity checking code is included using assert(). On my FreeBSD + * system, this additional code can be removed by compiling with NDEBUG + * defined. Check your own systems manpage on assert() to see how to + * compile WITHOUT the sanity checking code on your system. + * + * UNROLLED TRANSFORM LOOP NOTE: + * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform + * loop version for the hash transform rounds (defined using macros + * later in this file). Either define on the command line, for example: + * + * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c + * + * or define below: + * + * #define SHA2_UNROLL_TRANSFORM + * + */ + + +/*** SHA-256/384/512 Machine Architecture Definitions *****************/ +/* + * BYTE_ORDER NOTE: + * + * Please make sure that your system defines BYTE_ORDER. If your + * architecture is little-endian, make sure it also defines + * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are + * equivilent. + * + * If your system does not define the above, then you can do so by + * hand like this: + * + * #define LITTLE_ENDIAN 1234 + * #define BIG_ENDIAN 4321 + * + * And for little-endian machines, add: + * + * #define BYTE_ORDER LITTLE_ENDIAN + * + * Or for big-endian machines: + * + * #define BYTE_ORDER BIG_ENDIAN + * + * The FreeBSD machine this was written on defines BYTE_ORDER + * appropriately by including (which in turn includes + * where the appropriate definitions are actually + * made). + */ +#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) +#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN +#endif + +typedef uint8_t sha2_byte; /* Exactly 1 byte */ +typedef uint32_t sha2_word32; /* Exactly 4 bytes */ +#ifdef S_SPLINT_S +typedef unsigned long long sha2_word64; /* lint 8 bytes */ +#else +typedef uint64_t sha2_word64; /* Exactly 8 bytes */ +#endif + +/*** SHA-256/384/512 Various Length Definitions ***********************/ +/* NOTE: Most of these are in sha2.h */ +#define ldns_sha256_SHORT_BLOCK_LENGTH (LDNS_SHA256_BLOCK_LENGTH - 8) +#define ldns_sha384_SHORT_BLOCK_LENGTH (LDNS_SHA384_BLOCK_LENGTH - 16) +#define ldns_sha512_SHORT_BLOCK_LENGTH (LDNS_SHA512_BLOCK_LENGTH - 16) + + +/*** ENDIAN REVERSAL MACROS *******************************************/ +#if BYTE_ORDER == LITTLE_ENDIAN +#define REVERSE32(w,x) { \ + sha2_word32 tmp = (w); \ + tmp = (tmp >> 16) | (tmp << 16); \ + (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ +} +#ifndef S_SPLINT_S +#define REVERSE64(w,x) { \ + sha2_word64 tmp = (w); \ + tmp = (tmp >> 32) | (tmp << 32); \ + tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ + ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ + (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ + ((tmp & 0x0000ffff0000ffffULL) << 16); \ +} +#else /* splint */ +#define REVERSE64(w,x) /* splint */ +#endif /* splint */ +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + +/* + * Macro for incrementally adding the unsigned 64-bit integer n to the + * unsigned 128-bit integer (represented using a two-element array of + * 64-bit words): + */ +#define ADDINC128(w,n) { \ + (w)[0] += (sha2_word64)(n); \ + if ((w)[0] < (n)) { \ + (w)[1]++; \ + } \ +} +#ifdef S_SPLINT_S +#undef ADDINC128 +#define ADDINC128(w,n) /* splint */ +#endif + +/* + * Macros for copying blocks of memory and for zeroing out ranges + * of memory. Using these macros makes it easy to switch from + * using memset()/memcpy() and using bzero()/bcopy(). + * + * Please define either SHA2_USE_MEMSET_MEMCPY or define + * SHA2_USE_BZERO_BCOPY depending on which function set you + * choose to use: + */ +#if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY) +/* Default to memset()/memcpy() if no option is specified */ +#define SHA2_USE_MEMSET_MEMCPY 1 +#endif +#if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY) +/* Abort with an error if BOTH options are defined */ +#error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both! +#endif + +#ifdef SHA2_USE_MEMSET_MEMCPY +#define MEMSET_BZERO(p,l) memset((p), 0, (l)) +#define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l)) +#endif +#ifdef SHA2_USE_BZERO_BCOPY +#define MEMSET_BZERO(p,l) bzero((p), (l)) +#define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l)) +#endif + + +/*** THE SIX LOGICAL FUNCTIONS ****************************************/ +/* + * Bit shifting and rotation (used by the six SHA-XYZ logical functions: + * + * NOTE: The naming of R and S appears backwards here (R is a SHIFT and + * S is a ROTATION) because the SHA-256/384/512 description document + * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this + * same "backwards" definition. + */ +/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ +#define R(b,x) ((x) >> (b)) +/* 32-bit Rotate-right (used in SHA-256): */ +#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) +/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ +#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) + +/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +/* Four of six logical functions used in SHA-256: */ +#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) +#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) +#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) +#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) + +/* Four of six logical functions used in SHA-384 and SHA-512: */ +#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) +#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) +#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) +#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) + +/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ +/* Hash constant words K for SHA-256: */ +static const sha2_word32 K256[64] = { + 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, + 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, + 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, + 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, + 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, + 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, + 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, + 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, + 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, + 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, + 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, + 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, + 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, + 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, + 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, + 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL +}; + +/* initial hash value H for SHA-256: */ +static const sha2_word32 ldns_sha256_initial_hash_value[8] = { + 0x6a09e667UL, + 0xbb67ae85UL, + 0x3c6ef372UL, + 0xa54ff53aUL, + 0x510e527fUL, + 0x9b05688cUL, + 0x1f83d9abUL, + 0x5be0cd19UL +}; + +/* Hash constant words K for SHA-384 and SHA-512: */ +static const sha2_word64 K512[80] = { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, + 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, + 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, + 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, + 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, + 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, + 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, + 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, + 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, + 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, + 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, + 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, + 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, + 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, + 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, + 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, + 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, + 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, + 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, + 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, + 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, + 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, + 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, + 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, + 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, + 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, + 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +/* initial hash value H for SHA-384 */ +static const sha2_word64 sha384_initial_hash_value[8] = { + 0xcbbb9d5dc1059ed8ULL, + 0x629a292a367cd507ULL, + 0x9159015a3070dd17ULL, + 0x152fecd8f70e5939ULL, + 0x67332667ffc00b31ULL, + 0x8eb44a8768581511ULL, + 0xdb0c2e0d64f98fa7ULL, + 0x47b5481dbefa4fa4ULL +}; + +/* initial hash value H for SHA-512 */ +static const sha2_word64 sha512_initial_hash_value[8] = { + 0x6a09e667f3bcc908ULL, + 0xbb67ae8584caa73bULL, + 0x3c6ef372fe94f82bULL, + 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, + 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, + 0x5be0cd19137e2179ULL +}; + +/*** SHA-256: *********************************************************/ +void ldns_sha256_init(ldns_sha256_CTX* context) { + if (context == (ldns_sha256_CTX*)0) { + return; + } + MEMCPY_BCOPY(context->state, ldns_sha256_initial_hash_value, LDNS_SHA256_DIGEST_LENGTH); + MEMSET_BZERO(context->buffer, LDNS_SHA256_BLOCK_LENGTH); + context->bitcount = 0; +} + +#ifdef SHA2_UNROLL_TRANSFORM + +/* Unrolled SHA-256 round macros: */ + +#if BYTE_ORDER == LITTLE_ENDIAN + +#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ + REVERSE32(*data++, W256[j]); \ + T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ + K256[j] + W256[j]; \ + (d) += T1; \ + (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ + j++ + + +#else /* BYTE_ORDER == LITTLE_ENDIAN */ + +#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ + T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ + K256[j] + (W256[j] = *data++); \ + (d) += T1; \ + (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ + j++ + +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + +#define ROUND256(a,b,c,d,e,f,g,h) \ + s0 = W256[(j+1)&0x0f]; \ + s0 = sigma0_256(s0); \ + s1 = W256[(j+14)&0x0f]; \ + s1 = sigma1_256(s1); \ + T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \ + (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ + (d) += T1; \ + (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ + j++ + +static void ldns_sha256_Transform(ldns_sha256_CTX* context, + const sha2_word32* data) { + sha2_word32 a, b, c, d, e, f, g, h, s0, s1; + sha2_word32 T1, *W256; + int j; + + W256 = (sha2_word32*)context->buffer; + + /* initialize registers with the prev. intermediate value */ + a = context->state[0]; + b = context->state[1]; + c = context->state[2]; + d = context->state[3]; + e = context->state[4]; + f = context->state[5]; + g = context->state[6]; + h = context->state[7]; + + j = 0; + do { + /* Rounds 0 to 15 (unrolled): */ + ROUND256_0_TO_15(a,b,c,d,e,f,g,h); + ROUND256_0_TO_15(h,a,b,c,d,e,f,g); + ROUND256_0_TO_15(g,h,a,b,c,d,e,f); + ROUND256_0_TO_15(f,g,h,a,b,c,d,e); + ROUND256_0_TO_15(e,f,g,h,a,b,c,d); + ROUND256_0_TO_15(d,e,f,g,h,a,b,c); + ROUND256_0_TO_15(c,d,e,f,g,h,a,b); + ROUND256_0_TO_15(b,c,d,e,f,g,h,a); + } while (j < 16); + + /* Now for the remaining rounds to 64: */ + do { + ROUND256(a,b,c,d,e,f,g,h); + ROUND256(h,a,b,c,d,e,f,g); + ROUND256(g,h,a,b,c,d,e,f); + ROUND256(f,g,h,a,b,c,d,e); + ROUND256(e,f,g,h,a,b,c,d); + ROUND256(d,e,f,g,h,a,b,c); + ROUND256(c,d,e,f,g,h,a,b); + ROUND256(b,c,d,e,f,g,h,a); + } while (j < 64); + + /* Compute the current intermediate hash value */ + context->state[0] += a; + context->state[1] += b; + context->state[2] += c; + context->state[3] += d; + context->state[4] += e; + context->state[5] += f; + context->state[6] += g; + context->state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = 0; +} + +#else /* SHA2_UNROLL_TRANSFORM */ + +static void ldns_sha256_Transform(ldns_sha256_CTX* context, + const sha2_word32* data) { + sha2_word32 a, b, c, d, e, f, g, h, s0, s1; + sha2_word32 T1, T2, *W256; + int j; + + W256 = (sha2_word32*)context->buffer; + + /* initialize registers with the prev. intermediate value */ + a = context->state[0]; + b = context->state[1]; + c = context->state[2]; + d = context->state[3]; + e = context->state[4]; + f = context->state[5]; + g = context->state[6]; + h = context->state[7]; + + j = 0; + do { +#if BYTE_ORDER == LITTLE_ENDIAN + /* Copy data while converting to host byte order */ + REVERSE32(*data++,W256[j]); + /* Apply the SHA-256 compression function to update a..h */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; +#else /* BYTE_ORDER == LITTLE_ENDIAN */ + /* Apply the SHA-256 compression function to update a..h with copy */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++); +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + T2 = Sigma0_256(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 16); + + do { + /* Part of the message block expansion: */ + s0 = W256[(j+1)&0x0f]; + s0 = sigma0_256(s0); + s1 = W256[(j+14)&0x0f]; + s1 = sigma1_256(s1); + + /* Apply the SHA-256 compression function to update a..h */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + + (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); + T2 = Sigma0_256(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 64); + + /* Compute the current intermediate hash value */ + context->state[0] += a; + context->state[1] += b; + context->state[2] += c; + context->state[3] += d; + context->state[4] += e; + context->state[5] += f; + context->state[6] += g; + context->state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = T2 = 0; +} + +#endif /* SHA2_UNROLL_TRANSFORM */ + +void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t len) { + size_t freespace, usedspace; + + if (len == 0) { + /* Calling with no data is valid - we do nothing */ + return; + } + + /* Sanity check: */ + assert(context != (ldns_sha256_CTX*)0 && data != (sha2_byte*)0); + + usedspace = (context->bitcount >> 3) % LDNS_SHA256_BLOCK_LENGTH; + if (usedspace > 0) { + /* Calculate how much free space is available in the buffer */ + freespace = LDNS_SHA256_BLOCK_LENGTH - usedspace; + + if (len >= freespace) { + /* Fill the buffer completely and process it */ + MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace); + context->bitcount += freespace << 3; + len -= freespace; + data += freespace; + ldns_sha256_Transform(context, (sha2_word32*)context->buffer); + } else { + /* The buffer is not yet full */ + MEMCPY_BCOPY(&context->buffer[usedspace], data, len); + context->bitcount += len << 3; + /* Clean up: */ + usedspace = freespace = 0; + return; + } + } + while (len >= LDNS_SHA256_BLOCK_LENGTH) { + /* Process as many complete blocks as we can */ + ldns_sha256_Transform(context, (sha2_word32*)data); + context->bitcount += LDNS_SHA256_BLOCK_LENGTH << 3; + len -= LDNS_SHA256_BLOCK_LENGTH; + data += LDNS_SHA256_BLOCK_LENGTH; + } + if (len > 0) { + /* There's left-overs, so save 'em */ + MEMCPY_BCOPY(context->buffer, data, len); + context->bitcount += len << 3; + } + /* Clean up: */ + usedspace = freespace = 0; +} + +typedef union _ldns_sha2_buffer_union { + uint8_t* theChars; + uint64_t* theLongs; +} ldns_sha2_buffer_union; + +void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) { + sha2_word32 *d = (sha2_word32*)digest; + size_t usedspace; + ldns_sha2_buffer_union cast_var; + + /* Sanity check: */ + assert(context != (ldns_sha256_CTX*)0); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != (sha2_byte*)0) { + usedspace = (context->bitcount >> 3) % LDNS_SHA256_BLOCK_LENGTH; +#if BYTE_ORDER == LITTLE_ENDIAN + /* Convert FROM host byte order */ + REVERSE64(context->bitcount,context->bitcount); +#endif + if (usedspace > 0) { + /* Begin padding with a 1 bit: */ + context->buffer[usedspace++] = 0x80; + + if (usedspace <= ldns_sha256_SHORT_BLOCK_LENGTH) { + /* Set-up for the last transform: */ + MEMSET_BZERO(&context->buffer[usedspace], ldns_sha256_SHORT_BLOCK_LENGTH - usedspace); + } else { + if (usedspace < LDNS_SHA256_BLOCK_LENGTH) { + MEMSET_BZERO(&context->buffer[usedspace], LDNS_SHA256_BLOCK_LENGTH - usedspace); + } + /* Do second-to-last transform: */ + ldns_sha256_Transform(context, (sha2_word32*)context->buffer); + + /* And set-up for the last transform: */ + MEMSET_BZERO(context->buffer, ldns_sha256_SHORT_BLOCK_LENGTH); + } + } else { + /* Set-up for the last transform: */ + MEMSET_BZERO(context->buffer, ldns_sha256_SHORT_BLOCK_LENGTH); + + /* Begin padding with a 1 bit: */ + *context->buffer = 0x80; + } + /* Set the bit count: */ + cast_var.theChars = context->buffer; + cast_var.theLongs[ldns_sha256_SHORT_BLOCK_LENGTH / 8] = context->bitcount; + + /* final transform: */ + ldns_sha256_Transform(context, (sha2_word32*)context->buffer); + +#if BYTE_ORDER == LITTLE_ENDIAN + { + /* Convert TO host byte order */ + int j; + for (j = 0; j < 8; j++) { + REVERSE32(context->state[j],context->state[j]); + *d++ = context->state[j]; + } + } +#else + MEMCPY_BCOPY(d, context->state, LDNS_SHA256_DIGEST_LENGTH); +#endif + } + + /* Clean up state data: */ + MEMSET_BZERO(context, sizeof(ldns_sha256_CTX)); + usedspace = 0; +} + +unsigned char * +ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest) +{ + ldns_sha256_CTX ctx; + ldns_sha256_init(&ctx); + ldns_sha256_update(&ctx, data, data_len); + ldns_sha256_final(digest, &ctx); + return digest; +} + +/*** SHA-512: *********************************************************/ +void ldns_sha512_init(ldns_sha512_CTX* context) { + if (context == (ldns_sha512_CTX*)0) { + return; + } + MEMCPY_BCOPY(context->state, sha512_initial_hash_value, LDNS_SHA512_DIGEST_LENGTH); + MEMSET_BZERO(context->buffer, LDNS_SHA512_BLOCK_LENGTH); + context->bitcount[0] = context->bitcount[1] = 0; +} + +#ifdef SHA2_UNROLL_TRANSFORM + +/* Unrolled SHA-512 round macros: */ +#if BYTE_ORDER == LITTLE_ENDIAN + +#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ + REVERSE64(*data++, W512[j]); \ + T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ + K512[j] + W512[j]; \ + (d) += T1, \ + (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \ + j++ + + +#else /* BYTE_ORDER == LITTLE_ENDIAN */ + +#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ + T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ + K512[j] + (W512[j] = *data++); \ + (d) += T1; \ + (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ + j++ + +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + +#define ROUND512(a,b,c,d,e,f,g,h) \ + s0 = W512[(j+1)&0x0f]; \ + s0 = sigma0_512(s0); \ + s1 = W512[(j+14)&0x0f]; \ + s1 = sigma1_512(s1); \ + T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ + (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ + (d) += T1; \ + (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ + j++ + +static void ldns_sha512_Transform(ldns_sha512_CTX* context, + const sha2_word64* data) { + sha2_word64 a, b, c, d, e, f, g, h, s0, s1; + sha2_word64 T1, *W512 = (sha2_word64*)context->buffer; + int j; + + /* initialize registers with the prev. intermediate value */ + a = context->state[0]; + b = context->state[1]; + c = context->state[2]; + d = context->state[3]; + e = context->state[4]; + f = context->state[5]; + g = context->state[6]; + h = context->state[7]; + + j = 0; + do { + ROUND512_0_TO_15(a,b,c,d,e,f,g,h); + ROUND512_0_TO_15(h,a,b,c,d,e,f,g); + ROUND512_0_TO_15(g,h,a,b,c,d,e,f); + ROUND512_0_TO_15(f,g,h,a,b,c,d,e); + ROUND512_0_TO_15(e,f,g,h,a,b,c,d); + ROUND512_0_TO_15(d,e,f,g,h,a,b,c); + ROUND512_0_TO_15(c,d,e,f,g,h,a,b); + ROUND512_0_TO_15(b,c,d,e,f,g,h,a); + } while (j < 16); + + /* Now for the remaining rounds up to 79: */ + do { + ROUND512(a,b,c,d,e,f,g,h); + ROUND512(h,a,b,c,d,e,f,g); + ROUND512(g,h,a,b,c,d,e,f); + ROUND512(f,g,h,a,b,c,d,e); + ROUND512(e,f,g,h,a,b,c,d); + ROUND512(d,e,f,g,h,a,b,c); + ROUND512(c,d,e,f,g,h,a,b); + ROUND512(b,c,d,e,f,g,h,a); + } while (j < 80); + + /* Compute the current intermediate hash value */ + context->state[0] += a; + context->state[1] += b; + context->state[2] += c; + context->state[3] += d; + context->state[4] += e; + context->state[5] += f; + context->state[6] += g; + context->state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = 0; +} + +#else /* SHA2_UNROLL_TRANSFORM */ + +static void ldns_sha512_Transform(ldns_sha512_CTX* context, + const sha2_word64* data) { + sha2_word64 a, b, c, d, e, f, g, h, s0, s1; + sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer; + int j; + + /* initialize registers with the prev. intermediate value */ + a = context->state[0]; + b = context->state[1]; + c = context->state[2]; + d = context->state[3]; + e = context->state[4]; + f = context->state[5]; + g = context->state[6]; + h = context->state[7]; + + j = 0; + do { +#if BYTE_ORDER == LITTLE_ENDIAN + /* Convert TO host byte order */ + REVERSE64(*data++, W512[j]); + /* Apply the SHA-512 compression function to update a..h */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; +#else /* BYTE_ORDER == LITTLE_ENDIAN */ + /* Apply the SHA-512 compression function to update a..h with copy */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + T2 = Sigma0_512(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 16); + + do { + /* Part of the message block expansion: */ + s0 = W512[(j+1)&0x0f]; + s0 = sigma0_512(s0); + s1 = W512[(j+14)&0x0f]; + s1 = sigma1_512(s1); + + /* Apply the SHA-512 compression function to update a..h */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + + (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); + T2 = Sigma0_512(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 80); + + /* Compute the current intermediate hash value */ + context->state[0] += a; + context->state[1] += b; + context->state[2] += c; + context->state[3] += d; + context->state[4] += e; + context->state[5] += f; + context->state[6] += g; + context->state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = T2 = 0; +} + +#endif /* SHA2_UNROLL_TRANSFORM */ + +void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t len) { + size_t freespace, usedspace; + + if (len == 0) { + /* Calling with no data is valid - we do nothing */ + return; + } + + /* Sanity check: */ + assert(context != (ldns_sha512_CTX*)0 && data != (sha2_byte*)0); + + usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH; + if (usedspace > 0) { + /* Calculate how much free space is available in the buffer */ + freespace = LDNS_SHA512_BLOCK_LENGTH - usedspace; + + if (len >= freespace) { + /* Fill the buffer completely and process it */ + MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace); + ADDINC128(context->bitcount, freespace << 3); + len -= freespace; + data += freespace; + ldns_sha512_Transform(context, (sha2_word64*)context->buffer); + } else { + /* The buffer is not yet full */ + MEMCPY_BCOPY(&context->buffer[usedspace], data, len); + ADDINC128(context->bitcount, len << 3); + /* Clean up: */ + usedspace = freespace = 0; + return; + } + } + while (len >= LDNS_SHA512_BLOCK_LENGTH) { + /* Process as many complete blocks as we can */ + ldns_sha512_Transform(context, (sha2_word64*)data); + ADDINC128(context->bitcount, LDNS_SHA512_BLOCK_LENGTH << 3); + len -= LDNS_SHA512_BLOCK_LENGTH; + data += LDNS_SHA512_BLOCK_LENGTH; + } + if (len > 0) { + /* There's left-overs, so save 'em */ + MEMCPY_BCOPY(context->buffer, data, len); + ADDINC128(context->bitcount, len << 3); + } + /* Clean up: */ + usedspace = freespace = 0; +} + +static void ldns_sha512_Last(ldns_sha512_CTX* context) { + size_t usedspace; + ldns_sha2_buffer_union cast_var; + + usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH; +#if BYTE_ORDER == LITTLE_ENDIAN + /* Convert FROM host byte order */ + REVERSE64(context->bitcount[0],context->bitcount[0]); + REVERSE64(context->bitcount[1],context->bitcount[1]); +#endif + if (usedspace > 0) { + /* Begin padding with a 1 bit: */ + context->buffer[usedspace++] = 0x80; + + if (usedspace <= ldns_sha512_SHORT_BLOCK_LENGTH) { + /* Set-up for the last transform: */ + MEMSET_BZERO(&context->buffer[usedspace], ldns_sha512_SHORT_BLOCK_LENGTH - usedspace); + } else { + if (usedspace < LDNS_SHA512_BLOCK_LENGTH) { + MEMSET_BZERO(&context->buffer[usedspace], LDNS_SHA512_BLOCK_LENGTH - usedspace); + } + /* Do second-to-last transform: */ + ldns_sha512_Transform(context, (sha2_word64*)context->buffer); + + /* And set-up for the last transform: */ + MEMSET_BZERO(context->buffer, LDNS_SHA512_BLOCK_LENGTH - 2); + } + } else { + /* Prepare for final transform: */ + MEMSET_BZERO(context->buffer, ldns_sha512_SHORT_BLOCK_LENGTH); + + /* Begin padding with a 1 bit: */ + *context->buffer = 0x80; + } + /* Store the length of input data (in bits): */ + cast_var.theChars = context->buffer; + cast_var.theLongs[ldns_sha512_SHORT_BLOCK_LENGTH / 8] = context->bitcount[1]; + cast_var.theLongs[ldns_sha512_SHORT_BLOCK_LENGTH / 8 + 1] = context->bitcount[0]; + + /* final transform: */ + ldns_sha512_Transform(context, (sha2_word64*)context->buffer); +} + +void ldns_sha512_final(sha2_byte digest[], ldns_sha512_CTX* context) { + sha2_word64 *d = (sha2_word64*)digest; + + /* Sanity check: */ + assert(context != (ldns_sha512_CTX*)0); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != (sha2_byte*)0) { + ldns_sha512_Last(context); + + /* Save the hash data for output: */ +#if BYTE_ORDER == LITTLE_ENDIAN + { + /* Convert TO host byte order */ + int j; + for (j = 0; j < 8; j++) { + REVERSE64(context->state[j],context->state[j]); + *d++ = context->state[j]; + } + } +#else + MEMCPY_BCOPY(d, context->state, LDNS_SHA512_DIGEST_LENGTH); +#endif + } + + /* Zero out state data */ + MEMSET_BZERO(context, sizeof(ldns_sha512_CTX)); +} + +unsigned char * +ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest) +{ + ldns_sha512_CTX ctx; + ldns_sha512_init(&ctx); + ldns_sha512_update(&ctx, data, data_len); + ldns_sha512_final(digest, &ctx); + return digest; +} + +/*** SHA-384: *********************************************************/ +void ldns_sha384_init(ldns_sha384_CTX* context) { + if (context == (ldns_sha384_CTX*)0) { + return; + } + MEMCPY_BCOPY(context->state, sha384_initial_hash_value, LDNS_SHA512_DIGEST_LENGTH); + MEMSET_BZERO(context->buffer, LDNS_SHA384_BLOCK_LENGTH); + context->bitcount[0] = context->bitcount[1] = 0; +} + +void ldns_sha384_update(ldns_sha384_CTX* context, const sha2_byte* data, size_t len) { + ldns_sha512_update((ldns_sha512_CTX*)context, data, len); +} + +void ldns_sha384_final(sha2_byte digest[], ldns_sha384_CTX* context) { + sha2_word64 *d = (sha2_word64*)digest; + + /* Sanity check: */ + assert(context != (ldns_sha384_CTX*)0); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != (sha2_byte*)0) { + ldns_sha512_Last((ldns_sha512_CTX*)context); + + /* Save the hash data for output: */ +#if BYTE_ORDER == LITTLE_ENDIAN + { + /* Convert TO host byte order */ + int j; + for (j = 0; j < 6; j++) { + REVERSE64(context->state[j],context->state[j]); + *d++ = context->state[j]; + } + } +#else + MEMCPY_BCOPY(d, context->state, LDNS_SHA384_DIGEST_LENGTH); +#endif + } + + /* Zero out state data */ + MEMSET_BZERO(context, sizeof(ldns_sha384_CTX)); +} + +unsigned char * +ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest) +{ + ldns_sha384_CTX ctx; + ldns_sha384_init(&ctx); + ldns_sha384_update(&ctx, data, data_len); + ldns_sha384_final(digest, &ctx); + return digest; +} diff --git a/ldns/src/str2host.c b/ldns/src/str2host.c new file mode 100644 index 0000000..cd07c89 --- /dev/null +++ b/ldns/src/str2host.c @@ -0,0 +1,1604 @@ +/* + * str2host.c + * + * conversion routines from the presentation format + * to the host format + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ +#include + +#include + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#include + +#include +#ifdef HAVE_NETDB_H +#include +#endif + +#include +#ifdef HAVE_SYS_PARAM_H +#include +#endif + +ldns_status +ldns_str2rdf_int16(ldns_rdf **rd, const char *shortstr) +{ + char *end = NULL; + uint16_t *r; + r = LDNS_MALLOC(uint16_t); + if(!r) return LDNS_STATUS_MEM_ERR; + + *r = htons((uint16_t)strtol((char *)shortstr, &end, 10)); + + if(*end != 0) { + LDNS_FREE(r); + return LDNS_STATUS_INVALID_INT; + } else { + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_INT16, sizeof(uint16_t), r); + LDNS_FREE(r); + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; + } +} + +ldns_status +ldns_str2rdf_time(ldns_rdf **rd, const char *time) +{ + /* convert a time YYYYDDMMHHMMSS to wireformat */ + uint16_t *r = NULL; + struct tm tm; + uint32_t l; + char *end; + + /* Try to scan the time... */ + r = (uint16_t*)LDNS_MALLOC(uint32_t); + if(!r) return LDNS_STATUS_MEM_ERR; + + memset(&tm, 0, sizeof(tm)); + + if (strlen(time) == 14 && + sscanf(time, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) == 6 + ) { + tm.tm_year -= 1900; + tm.tm_mon--; + /* Check values */ + if (tm.tm_year < 70) { + goto bad_format; + } + if (tm.tm_mon < 0 || tm.tm_mon > 11) { + goto bad_format; + } + if (tm.tm_mday < 1 || tm.tm_mday > 31) { + goto bad_format; + } + + if (tm.tm_hour < 0 || tm.tm_hour > 23) { + goto bad_format; + } + + if (tm.tm_min < 0 || tm.tm_min > 59) { + goto bad_format; + } + + if (tm.tm_sec < 0 || tm.tm_sec > 59) { + goto bad_format; + } + + l = htonl(ldns_mktime_from_utc(&tm)); + memcpy(r, &l, sizeof(uint32_t)); + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_TIME, sizeof(uint32_t), r); + LDNS_FREE(r); + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; + } else { + /* handle it as 32 bits timestamp */ + l = htonl((uint32_t)strtol((char*)time, &end, 10)); + if(*end != 0) { + LDNS_FREE(r); + return LDNS_STATUS_ERR; + } else { + memcpy(r, &l, sizeof(uint32_t)); + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_INT32, sizeof(uint32_t), r); + LDNS_FREE(r); + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; + } + } + + bad_format: + LDNS_FREE(r); + return LDNS_STATUS_INVALID_TIME; +} + +ldns_status +ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *salt_str) +{ + uint8_t salt_length; + int c; + int salt_length_str; + + uint8_t *salt; + uint8_t *data; + if(rd == NULL) { + return LDNS_STATUS_NULL; + } + + salt_length_str = (int)strlen(salt_str); + if (salt_length_str == 1 && salt_str[0] == '-') { + salt_length_str = 0; + } else if (salt_length_str % 2 != 0) { + return LDNS_STATUS_INVALID_HEX; + } + if (salt_length_str > 512) { + return LDNS_STATUS_INVALID_HEX; + } + + salt = LDNS_XMALLOC(uint8_t, salt_length_str / 2); + if(!salt) { + return LDNS_STATUS_MEM_ERR; + } + for (c = 0; c < salt_length_str; c += 2) { + if (isxdigit((int) salt_str[c]) && isxdigit((int) salt_str[c+1])) { + salt[c/2] = (uint8_t) ldns_hexdigit_to_int(salt_str[c]) * 16 + + ldns_hexdigit_to_int(salt_str[c+1]); + } else { + LDNS_FREE(salt); + return LDNS_STATUS_INVALID_HEX; + } + } + salt_length = (uint8_t) (salt_length_str / 2); + + data = LDNS_XMALLOC(uint8_t, 1 + salt_length); + if(!data) { + LDNS_FREE(salt); + return LDNS_STATUS_MEM_ERR; + } + data[0] = salt_length; + memcpy(&data[1], salt, salt_length); + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT, 1 + salt_length, data); + LDNS_FREE(data); + LDNS_FREE(salt); + + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; +} + +ldns_status +ldns_str2rdf_period(ldns_rdf **rd,const char *period) +{ + uint32_t p; + const char *end; + + /* Allocate required space... */ + p = ldns_str2period(period, &end); + + if (*end != 0) { + return LDNS_STATUS_ERR; + } else { + p = (uint32_t) htonl(p); + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_PERIOD, sizeof(uint32_t), &p); + } + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; +} + +ldns_status +ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr) +{ + char *end; + uint16_t *r = NULL; + uint32_t l; + + r = (uint16_t*)LDNS_MALLOC(uint32_t); + if(!r) return LDNS_STATUS_MEM_ERR; + errno = 0; /* must set to zero before call, + note race condition on errno */ + if(*longstr == '-') + l = htonl((uint32_t)strtol((char*)longstr, &end, 10)); + else l = htonl((uint32_t)strtoul((char*)longstr, &end, 10)); + + if(*end != 0) { + LDNS_FREE(r); + return LDNS_STATUS_ERR; + } else { + if (errno == ERANGE) { + LDNS_FREE(r); + return LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW; + } + memcpy(r, &l, sizeof(uint32_t)); + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_INT32, sizeof(uint32_t), r); + LDNS_FREE(r); + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; + } +} + +ldns_status +ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr) +{ + char *end; + uint8_t *r = NULL; + + r = LDNS_MALLOC(uint8_t); + if(!r) return LDNS_STATUS_MEM_ERR; + + *r = (uint8_t)strtol((char*)bytestr, &end, 10); + + if(*end != 0) { + LDNS_FREE(r); + return LDNS_STATUS_ERR; + } else { + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_INT8, sizeof(uint8_t), r); + LDNS_FREE(r); + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; + } +} + + +/* + * Checks whether the escaped value at **s is an decimal value or + * a 'normally' escaped character (and not eos) + * + * The string pointer at *s is increased by either 0 (on error), 1 (on + * normal escapes), or 3 (on decimals) + * + * Returns the number of bytes read from the escaped string, or + * 0 on error + */ +INLINE bool +parse_escape(uint8_t *ch_p, const char** str_p) +{ + uint16_t val; + + if ((*str_p)[0] && isdigit((*str_p)[0]) && + (*str_p)[1] && isdigit((*str_p)[1]) && + (*str_p)[2] && isdigit((*str_p)[2])) { + + val = (uint16_t)(((*str_p)[0] - '0') * 100 + + ((*str_p)[1] - '0') * 10 + + ((*str_p)[2] - '0')); + + if (val > 255) { + goto error; + } + *ch_p = (uint8_t)val; + *str_p += 3; + return true; + + } else if ((*str_p)[0] && !isdigit((*str_p)[0])) { + + *ch_p = (uint8_t)*(*str_p)++; + return true; + } +error: + *str_p = NULL; + return false; /* LDNS_STATUS_SYNTAX_BAD_ESCAPE */ +} + +INLINE bool +parse_char(uint8_t *ch_p, const char** str_p) +{ + switch (**str_p) { + + case '\0': return false; + + case '\\': *str_p += 1; + return parse_escape(ch_p, str_p); + + default: *ch_p = (uint8_t)*(*str_p)++; + return true; + } +} + +/* + * No special care is taken, all dots are translated into + * label seperators. + * Could be made more efficient....we do 3 memcpy's in total... + */ +ldns_status +ldns_str2rdf_dname(ldns_rdf **d, const char *str) +{ + size_t len; + + const char *s; + uint8_t *q, *pq, label_len; + uint8_t buf[LDNS_MAX_DOMAINLEN + 1]; + *d = NULL; + + len = strlen((char*)str); + /* octet representation can make strings a lot longer than actual length */ + if (len > LDNS_MAX_DOMAINLEN * 4) { + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + if (0 == len) { + return LDNS_STATUS_DOMAINNAME_UNDERFLOW; + } + + /* root label */ + if (1 == len && *str == '.') { + *d = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, 1, "\0"); + return LDNS_STATUS_OK; + } + + /* get on with the rest */ + + /* s is on the current character in the string + * pq points to where the labellength is going to go + * label_len keeps track of the current label's length + * q builds the dname inside the buf array + */ + len = 0; + q = buf+1; + pq = buf; + label_len = 0; + for (s = str; *s; s++, q++) { + if (q > buf + LDNS_MAX_DOMAINLEN) { + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + *q = 0; + switch (*s) { + case '.': + if (label_len > LDNS_MAX_LABELLEN) { + return LDNS_STATUS_LABEL_OVERFLOW; + } + if (label_len == 0) { + return LDNS_STATUS_EMPTY_LABEL; + } + len += label_len + 1; + *pq = label_len; + label_len = 0; + pq = q; + break; + case '\\': + /* octet value or literal char */ + s += 1; + if (! parse_escape(q, &s)) { + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + } + s -= 1; + label_len++; + break; + default: + *q = (uint8_t)*s; + label_len++; + } + } + + /* add root label if last char was not '.' */ + if (!ldns_dname_str_absolute(str)) { + if (q > buf + LDNS_MAX_DOMAINLEN) { + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + if (label_len > LDNS_MAX_LABELLEN) { + return LDNS_STATUS_LABEL_OVERFLOW; + } + if (label_len == 0) { /* label_len 0 but not . at end? */ + return LDNS_STATUS_EMPTY_LABEL; + } + len += label_len + 1; + *pq = label_len; + *q = 0; + } + len++; + + *d = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, len, buf); + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_a(ldns_rdf **rd, const char *str) +{ + in_addr_t address; + if (inet_pton(AF_INET, (char*)str, &address) != 1) { + return LDNS_STATUS_INVALID_IP4; + } else { + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_A, sizeof(address), &address); + } + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; +} + +ldns_status +ldns_str2rdf_aaaa(ldns_rdf **rd, const char *str) +{ + uint8_t address[LDNS_IP6ADDRLEN + 1]; + + if (inet_pton(AF_INET6, (char*)str, address) != 1) { + return LDNS_STATUS_INVALID_IP6; + } else { + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_AAAA, sizeof(address) - 1, &address); + } + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; +} + +ldns_status +ldns_str2rdf_str(ldns_rdf **rd, const char *str) +{ + uint8_t *data, *dp, ch = 0; + size_t length; + + /* Worst case space requirement. We'll realloc to actual size later. */ + dp = data = LDNS_XMALLOC(uint8_t, strlen(str) > 255 ? 256 : (strlen(str) + 1)); + if (! data) { + return LDNS_STATUS_MEM_ERR; + } + + /* Fill data (up to 255 characters) */ + while (parse_char(&ch, &str)) { + if (dp - data >= 255) { + LDNS_FREE(data); + return LDNS_STATUS_INVALID_STR; + } + *++dp = ch; + } + if (! str) { + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + } + length = (size_t)(dp - data); + /* Fix last length byte */ + data[0] = (uint8_t)length; + + /* Lose the overmeasure */ + data = LDNS_XREALLOC(dp = data, uint8_t, length + 1); + if (! data) { + LDNS_FREE(dp); + return LDNS_STATUS_MEM_ERR; + } + + /* Create rdf */ + *rd = ldns_rdf_new(LDNS_RDF_TYPE_STR, length + 1, data); + if (! *rd) { + LDNS_FREE(data); + return LDNS_STATUS_MEM_ERR; + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_apl(ldns_rdf **rd, const char *str) +{ + const char *my_str = str; + + char *my_ip_str; + size_t ip_str_len; + + uint16_t family; + bool negation; + uint8_t afdlength = 0; + uint8_t *afdpart; + uint8_t prefix; + + uint8_t *data; + + size_t i = 0; + + /* [!]afi:address/prefix */ + if (strlen(my_str) < 2 + || strchr(my_str, ':') == NULL + || strchr(my_str, '/') == NULL + || strchr(my_str, ':') > strchr(my_str, '/')) { + return LDNS_STATUS_INVALID_STR; + } + + if (my_str[0] == '!') { + negation = true; + my_str += 1; + } else { + negation = false; + } + + family = (uint16_t) atoi(my_str); + + my_str = strchr(my_str, ':') + 1; + + /* need ip addr and only ip addr for inet_pton */ + ip_str_len = (size_t) (strchr(my_str, '/') - my_str); + my_ip_str = LDNS_XMALLOC(char, ip_str_len + 1); + if(!my_ip_str) return LDNS_STATUS_MEM_ERR; + strncpy(my_ip_str, my_str, ip_str_len + 1); + my_ip_str[ip_str_len] = '\0'; + + if (family == 1) { + /* ipv4 */ + afdpart = LDNS_XMALLOC(uint8_t, 4); + if(!afdpart) { + LDNS_FREE(my_ip_str); + return LDNS_STATUS_MEM_ERR; + } + if (inet_pton(AF_INET, my_ip_str, afdpart) == 0) { + LDNS_FREE(my_ip_str); + LDNS_FREE(afdpart); + return LDNS_STATUS_INVALID_STR; + } + for (i = 0; i < 4; i++) { + if (afdpart[i] != 0) { + afdlength = i + 1; + } + } + } else if (family == 2) { + /* ipv6 */ + afdpart = LDNS_XMALLOC(uint8_t, 16); + if(!afdpart) { + LDNS_FREE(my_ip_str); + return LDNS_STATUS_MEM_ERR; + } + if (inet_pton(AF_INET6, my_ip_str, afdpart) == 0) { + LDNS_FREE(my_ip_str); + LDNS_FREE(afdpart); + return LDNS_STATUS_INVALID_STR; + } + for (i = 0; i < 16; i++) { + if (afdpart[i] != 0) { + afdlength = i + 1; + } + } + } else { + /* unknown family */ + LDNS_FREE(my_ip_str); + return LDNS_STATUS_INVALID_STR; + } + + my_str = strchr(my_str, '/') + 1; + prefix = (uint8_t) atoi(my_str); + + data = LDNS_XMALLOC(uint8_t, 4 + afdlength); + if(!data) { + LDNS_FREE(afdpart); + LDNS_FREE(my_ip_str); + return LDNS_STATUS_INVALID_STR; + } + ldns_write_uint16(data, family); + data[2] = prefix; + data[3] = afdlength; + if (negation) { + /* set bit 1 of byte 3 */ + data[3] = data[3] | 0x80; + } + + memcpy(data + 4, afdpart, afdlength); + + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_APL, afdlength + 4, data); + LDNS_FREE(afdpart); + LDNS_FREE(data); + LDNS_FREE(my_ip_str); + + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; +} + +ldns_status +ldns_str2rdf_b64(ldns_rdf **rd, const char *str) +{ + uint8_t *buffer; + int16_t i; + + buffer = LDNS_XMALLOC(uint8_t, ldns_b64_ntop_calculate_size(strlen(str))); + if(!buffer) { + return LDNS_STATUS_MEM_ERR; + } + + i = (uint16_t)ldns_b64_pton((const char*)str, buffer, + ldns_b64_ntop_calculate_size(strlen(str))); + if (-1 == i) { + LDNS_FREE(buffer); + return LDNS_STATUS_INVALID_B64; + } else { + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_B64, (uint16_t) i, buffer); + } + LDNS_FREE(buffer); + + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; +} + +ldns_status +ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str) +{ + uint8_t *buffer; + int i; + /* first byte contains length of actual b32 data */ + uint8_t len = ldns_b32_pton_calculate_size(strlen(str)); + buffer = LDNS_XMALLOC(uint8_t, len + 1); + if(!buffer) { + return LDNS_STATUS_MEM_ERR; + } + buffer[0] = len; + + i = ldns_b32_pton_extended_hex((const char*)str, strlen(str), buffer + 1, + ldns_b32_ntop_calculate_size(strlen(str))); + if (i < 0) { + LDNS_FREE(buffer); + return LDNS_STATUS_INVALID_B32_EXT; + } else { + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_B32_EXT, (uint16_t) i + 1, buffer); + } + LDNS_FREE(buffer); + + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; +} + +ldns_status +ldns_str2rdf_hex(ldns_rdf **rd, const char *str) +{ + uint8_t *t, *t_orig; + int i; + size_t len; + + len = strlen(str); + + if (len > LDNS_MAX_RDFLEN * 2) { + return LDNS_STATUS_LABEL_OVERFLOW; + } else { + t = LDNS_XMALLOC(uint8_t, (len / 2) + 1); + if(!t) { + return LDNS_STATUS_MEM_ERR; + } + t_orig = t; + /* Now process octet by octet... */ + while (*str) { + *t = 0; + if (isspace((int) *str)) { + str++; + } else { + for (i = 16; i >= 1; i -= 15) { + while (*str && isspace((int) *str)) { str++; } + if (*str) { + if (isxdigit((int) *str)) { + *t += ldns_hexdigit_to_int(*str) * i; + } else { + LDNS_FREE(t_orig); + return LDNS_STATUS_ERR; + } + ++str; + } + } + ++t; + } + } + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, + (size_t) (t - t_orig), + t_orig); + LDNS_FREE(t_orig); + } + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; +} + +ldns_status +ldns_str2rdf_nsec(ldns_rdf **rd, const char *str) +{ + const char *delimiters = "\n\t "; + char *token = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN); + ldns_buffer *str_buf; + ssize_t c; + uint16_t cur_type; + size_t type_count = 0; + ldns_rr_type type_list[65536]; + if(!token) return LDNS_STATUS_MEM_ERR; + if(rd == NULL) { + LDNS_FREE(token); + return LDNS_STATUS_NULL; + } + + str_buf = LDNS_MALLOC(ldns_buffer); + if(!str_buf) { + LDNS_FREE(token); + return LDNS_STATUS_MEM_ERR; + } + ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str)); + if(ldns_buffer_status(str_buf) != LDNS_STATUS_OK) { + LDNS_FREE(str_buf); + LDNS_FREE(token); + return LDNS_STATUS_MEM_ERR; + } + + while ((c = ldns_bget_token(str_buf, token, delimiters, LDNS_MAX_RDFLEN)) != -1 && c != 0) { + if(type_count >= sizeof(type_list)) { + LDNS_FREE(str_buf); + LDNS_FREE(token); + return LDNS_STATUS_ERR; + } + cur_type = ldns_get_rr_type_by_name(token); + type_list[type_count] = cur_type; + type_count++; + } + + *rd = ldns_dnssec_create_nsec_bitmap(type_list, + type_count, + LDNS_RR_TYPE_NSEC); + + LDNS_FREE(token); + ldns_buffer_free(str_buf); + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; +} + +ldns_status +ldns_str2rdf_type(ldns_rdf **rd, const char *str) +{ + uint16_t type; + type = htons(ldns_get_rr_type_by_name(str)); + /* ldns_rr_type is a 16 bit value */ + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_TYPE, sizeof(uint16_t), &type); + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; +} + +ldns_status +ldns_str2rdf_class(ldns_rdf **rd, const char *str) +{ + uint16_t klass; + klass = htons(ldns_get_rr_class_by_name(str)); + /* class is 16 bit */ + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_CLASS, sizeof(uint16_t), &klass); + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; +} + +/* An certificate alg field can either be specified as a 8 bits number + * or by its symbolic name. Handle both + */ +ldns_status +ldns_str2rdf_cert_alg(ldns_rdf **rd, const char *str) +{ + ldns_lookup_table *lt; + ldns_status st; + uint8_t idd[2]; + lt = ldns_lookup_by_name(ldns_cert_algorithms, str); + st = LDNS_STATUS_OK; + + if (lt) { + ldns_write_uint16(idd, (uint16_t) lt->id); + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_INT16, sizeof(uint16_t), idd); + if (!*rd) { + st = LDNS_STATUS_ERR; + } + } else { + /* try as-is (a number) */ + st = ldns_str2rdf_int16(rd, str); + if (st == LDNS_STATUS_OK && + ldns_rdf2native_int16(*rd) == 0) { + st = LDNS_STATUS_CERT_BAD_ALGORITHM; + } + } + + return st; +} + +static ldns_lookup_table ldns_tlsa_certificate_usages[] = { + { LDNS_TLSA_USAGE_PKIX_TA , "PKIX-TA" }, + { LDNS_TLSA_USAGE_PKIX_EE , "PKIX-EE" }, + { LDNS_TLSA_USAGE_DANE_TA , "DANE-TA" }, + { LDNS_TLSA_USAGE_DANE_EE , "DANE-EE" }, + { LDNS_TLSA_USAGE_PRIVCERT , "PrivCert" } +}; + +static ldns_lookup_table ldns_tlsa_selectors[] = { + { LDNS_TLSA_SELECTOR_CERT , "Cert" }, + { LDNS_TLSA_SELECTOR_SPKI , "SPKI" }, + { LDNS_TLSA_SELECTOR_PRIVSEL , "PrivSel" } +}; + +static ldns_lookup_table ldns_tlsa_matching_types[] = { + { LDNS_TLSA_MATCHING_TYPE_FULL , "Full" }, + { LDNS_TLSA_MATCHING_TYPE_SHA2_256 , "SHA2-256" }, + { LDNS_TLSA_MATCHING_TYPE_SHA2_512 , "SHA2-512" }, + { LDNS_TLSA_MATCHING_TYPE_PRIVMATCH , "PrivMatch" } +}; + +static ldns_status +ldns_str2rdf_mnemonic4int8(ldns_lookup_table *lt, + ldns_rdf **rd, const char *str) +{ + if ((lt = ldns_lookup_by_name(lt, str))) { + /* it was given as a integer */ + *rd = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t) lt->id); + if (!*rd) + return LDNS_STATUS_ERR; + else + return LDNS_STATUS_OK; + } + return ldns_str2rdf_int8(rd, str); +} + +/* An alg field can either be specified as a 8 bits number + * or by its symbolic name. Handle both + */ +ldns_status +ldns_str2rdf_alg(ldns_rdf **rd, const char *str) +{ + return ldns_str2rdf_mnemonic4int8(ldns_algorithms, rd, str); +} + +ldns_status +ldns_str2rdf_certificate_usage(ldns_rdf **rd, const char *str) +{ + return ldns_str2rdf_mnemonic4int8( + ldns_tlsa_certificate_usages, rd, str); +} + +ldns_status +ldns_str2rdf_selector(ldns_rdf **rd, const char *str) +{ + return ldns_str2rdf_mnemonic4int8(ldns_tlsa_selectors, rd, str); +} + +ldns_status +ldns_str2rdf_matching_type(ldns_rdf **rd, const char *str) +{ + return ldns_str2rdf_mnemonic4int8(ldns_tlsa_matching_types, rd, str); +} + +ldns_status +ldns_str2rdf_unknown( ATTR_UNUSED(ldns_rdf **rd) + , ATTR_UNUSED(const char *str) + ) +{ + /* this should be caught in an earlier time (general str2host for + rr's */ + return LDNS_STATUS_NOT_IMPL; +} + +ldns_status +ldns_str2rdf_service( ATTR_UNUSED(ldns_rdf **rd) + , ATTR_UNUSED(const char *str) + ) +{ + /* is this used? is this actually WKS? or SRV? */ + return LDNS_STATUS_NOT_IMPL; +} + +static int +loc_parse_cm(char* my_str, char** endstr, uint8_t* m, uint8_t* e) +{ + /* read [.][mM] */ + /* into mantissa exponent format for LOC type */ + uint32_t meters = 0, cm = 0, val; + while (isblank(*my_str)) { + my_str++; + } + meters = (uint32_t)strtol(my_str, &my_str, 10); + if (*my_str == '.') { + my_str++; + cm = (uint32_t)strtol(my_str, &my_str, 10); + } + if (meters >= 1) { + *e = 2; + val = meters; + } else { + *e = 0; + val = cm; + } + while(val >= 10) { + (*e)++; + val /= 10; + } + *m = (uint8_t)val; + + if (*e > 9) + return 0; + if (*my_str == 'm' || *my_str == 'M') { + my_str++; + } + *endstr = my_str; + return 1; +} + +ldns_status +ldns_str2rdf_loc(ldns_rdf **rd, const char *str) +{ + uint32_t latitude = 0; + uint32_t longitude = 0; + uint32_t altitude = 0; + + uint8_t *data; + uint32_t equator = (uint32_t) ldns_power(2, 31); + + uint32_t h = 0; + uint32_t m = 0; + uint8_t size_b = 1, size_e = 2; + uint8_t horiz_pre_b = 1, horiz_pre_e = 6; + uint8_t vert_pre_b = 1, vert_pre_e = 3; + + double s = 0.0; + bool northerness; + bool easterness; + + char *my_str = (char *) str; + + /* only support version 0 */ + if (isdigit((int) *my_str)) { + h = (uint32_t) strtol(my_str, &my_str, 10); + } else { + return LDNS_STATUS_INVALID_STR; + } + + while (isblank((int) *my_str)) { + my_str++; + } + + if (isdigit((int) *my_str)) { + m = (uint32_t) strtol(my_str, &my_str, 10); + } else if (*my_str == 'N' || *my_str == 'S') { + goto north; + } else { + return LDNS_STATUS_INVALID_STR; + } + + while (isblank((int) *my_str)) { + my_str++; + } + + if (isdigit((int) *my_str)) { + s = strtod(my_str, &my_str); + } +north: + while (isblank((int) *my_str)) { + my_str++; + } + + if (*my_str == 'N') { + northerness = true; + } else if (*my_str == 'S') { + northerness = false; + } else { + return LDNS_STATUS_INVALID_STR; + } + + my_str++; + + /* store number */ + s = 1000.0 * s; + /* add a little to make floor in conversion a round */ + s += 0.0005; + latitude = (uint32_t) s; + latitude += 1000 * 60 * m; + latitude += 1000 * 60 * 60 * h; + if (northerness) { + latitude = equator + latitude; + } else { + latitude = equator - latitude; + } + while (isblank(*my_str)) { + my_str++; + } + + if (isdigit((int) *my_str)) { + h = (uint32_t) strtol(my_str, &my_str, 10); + } else { + return LDNS_STATUS_INVALID_STR; + } + + while (isblank((int) *my_str)) { + my_str++; + } + + if (isdigit((int) *my_str)) { + m = (uint32_t) strtol(my_str, &my_str, 10); + } else if (*my_str == 'E' || *my_str == 'W') { + goto east; + } else { + return LDNS_STATUS_INVALID_STR; + } + + while (isblank(*my_str)) { + my_str++; + } + + if (isdigit((int) *my_str)) { + s = strtod(my_str, &my_str); + } + +east: + while (isblank(*my_str)) { + my_str++; + } + + if (*my_str == 'E') { + easterness = true; + } else if (*my_str == 'W') { + easterness = false; + } else { + return LDNS_STATUS_INVALID_STR; + } + + my_str++; + + /* store number */ + s *= 1000.0; + /* add a little to make floor in conversion a round */ + s += 0.0005; + longitude = (uint32_t) s; + longitude += 1000 * 60 * m; + longitude += 1000 * 60 * 60 * h; + + if (easterness) { + longitude += equator; + } else { + longitude = equator - longitude; + } + + altitude = (uint32_t)(strtod(my_str, &my_str)*100.0 + + 10000000.0 + 0.5); + if (*my_str == 'm' || *my_str == 'M') { + my_str++; + } + + if (strlen(my_str) > 0) { + if(!loc_parse_cm(my_str, &my_str, &size_b, &size_e)) + return LDNS_STATUS_INVALID_STR; + } + + if (strlen(my_str) > 0) { + if(!loc_parse_cm(my_str, &my_str, &horiz_pre_b, &horiz_pre_e)) + return LDNS_STATUS_INVALID_STR; + } + + if (strlen(my_str) > 0) { + if(!loc_parse_cm(my_str, &my_str, &vert_pre_b, &vert_pre_e)) + return LDNS_STATUS_INVALID_STR; + } + + data = LDNS_XMALLOC(uint8_t, 16); + if(!data) { + return LDNS_STATUS_MEM_ERR; + } + data[0] = 0; + data[1] = 0; + data[1] = ((size_b << 4) & 0xf0) | (size_e & 0x0f); + data[2] = ((horiz_pre_b << 4) & 0xf0) | (horiz_pre_e & 0x0f); + data[3] = ((vert_pre_b << 4) & 0xf0) | (vert_pre_e & 0x0f); + ldns_write_uint32(data + 4, latitude); + ldns_write_uint32(data + 8, longitude); + ldns_write_uint32(data + 12, altitude); + + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_LOC, 16, data); + + LDNS_FREE(data); + return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; +} + +ldns_status +ldns_str2rdf_wks(ldns_rdf **rd, const char *str) +{ + uint8_t *bitmap = NULL; + uint8_t *data; + int bm_len = 0; + + struct protoent *proto = NULL; + struct servent *serv = NULL; + int serv_port; + + ldns_buffer *str_buf; + + char *proto_str = NULL; + char *token; + if(strlen(str) == 0) + token = LDNS_XMALLOC(char, 50); + else token = LDNS_XMALLOC(char, strlen(str)+2); + if(!token) return LDNS_STATUS_MEM_ERR; + + str_buf = LDNS_MALLOC(ldns_buffer); + if(!str_buf) {LDNS_FREE(token); return LDNS_STATUS_MEM_ERR;} + ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str)); + if(ldns_buffer_status(str_buf) != LDNS_STATUS_OK) { + LDNS_FREE(str_buf); + LDNS_FREE(token); + return LDNS_STATUS_MEM_ERR; + } + + while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) { + if (!proto_str) { + proto_str = strdup(token); + if (!proto_str) { + LDNS_FREE(bitmap); + LDNS_FREE(token); + ldns_buffer_free(str_buf); + return LDNS_STATUS_INVALID_STR; + } + } else { + serv = getservbyname(token, proto_str); + if (serv) { + serv_port = (int) ntohs((uint16_t) serv->s_port); + } else { + serv_port = atoi(token); + } + if (serv_port / 8 >= bm_len) { + uint8_t *b2 = LDNS_XREALLOC(bitmap, uint8_t, (serv_port / 8) + 1); + if(!b2) { + LDNS_FREE(bitmap); + LDNS_FREE(token); + ldns_buffer_free(str_buf); + free(proto_str); + return LDNS_STATUS_INVALID_STR; + } + bitmap = b2; + /* set to zero to be sure */ + for (; bm_len <= serv_port / 8; bm_len++) { + bitmap[bm_len] = 0; + } + } + ldns_set_bit(bitmap + (serv_port / 8), 7 - (serv_port % 8), true); + } + } + + if (!proto_str || !bitmap) { + LDNS_FREE(bitmap); + LDNS_FREE(token); + ldns_buffer_free(str_buf); + free(proto_str); + return LDNS_STATUS_INVALID_STR; + } + + data = LDNS_XMALLOC(uint8_t, bm_len + 1); + if(!data) { + LDNS_FREE(token); + ldns_buffer_free(str_buf); + LDNS_FREE(bitmap); + free(proto_str); + return LDNS_STATUS_INVALID_STR; + } + if (proto_str) + proto = getprotobyname(proto_str); + if (proto) { + data[0] = (uint8_t) proto->p_proto; + } else if (proto_str) { + data[0] = (uint8_t) atoi(proto_str); + } + memcpy(data + 1, bitmap, (size_t) bm_len); + + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_WKS, (uint16_t) (bm_len + 1), data); + + LDNS_FREE(data); + LDNS_FREE(token); + ldns_buffer_free(str_buf); + LDNS_FREE(bitmap); + free(proto_str); +#ifdef HAVE_ENDSERVENT + endservent(); +#endif +#ifdef HAVE_ENDPROTOENT + endprotoent(); +#endif + + if(!*rd) return LDNS_STATUS_MEM_ERR; + + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_nsap(ldns_rdf **rd, const char *str) +{ + size_t len, i; + char* nsap_str = (char*) str; + + /* just a hex string with optional dots? */ + if (str[0] != '0' || str[1] != 'x') { + return LDNS_STATUS_INVALID_STR; + } else { + len = strlen(str); + for (i=0; i < len; i++) { + if (nsap_str[i] == '.') + nsap_str[i] = ' '; + } + return ldns_str2rdf_hex(rd, str+2); + } +} + +ldns_status +ldns_str2rdf_atma(ldns_rdf **rd, const char *str) +{ + size_t len, i; + char* atma_str = (char*) str; + ldns_status status; + + /* just a hex string with optional dots? */ + len = strlen(str); + for (i=0; i < len; i++) { + if (atma_str[i] == '.') + atma_str[i] = ' '; + } + status = ldns_str2rdf_hex(rd, str); + if (status != LDNS_STATUS_OK) { + ; /* probably in e.164 format than */ + } + return status; +} + +ldns_status +ldns_str2rdf_ipseckey(ldns_rdf **rd, const char *str) +{ + uint8_t precedence = 0; + uint8_t gateway_type = 0; + uint8_t algorithm = 0; + char* gateway = NULL; + char* publickey = NULL; + uint8_t *data; + ldns_buffer *str_buf; + char *token; + int token_count = 0; + int ipseckey_len = 0; + ldns_rdf* gateway_rdf = NULL; + ldns_rdf* publickey_rdf = NULL; + ldns_status status = LDNS_STATUS_OK; + + if(strlen(str) == 0) + token = LDNS_XMALLOC(char, 256); + else token = LDNS_XMALLOC(char, strlen(str)+2); + if(!token) return LDNS_STATUS_MEM_ERR; + + str_buf = LDNS_MALLOC(ldns_buffer); + if(!str_buf) {LDNS_FREE(token); return LDNS_STATUS_MEM_ERR;} + ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str)); + if(ldns_buffer_status(str_buf) != LDNS_STATUS_OK) { + LDNS_FREE(str_buf); + LDNS_FREE(token); + return LDNS_STATUS_MEM_ERR; + } + while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) { + switch (token_count) { + case 0: + precedence = (uint8_t)atoi(token); + break; + case 1: + gateway_type = (uint8_t)atoi(token); + break; + case 2: + algorithm = (uint8_t)atoi(token); + break; + case 3: + gateway = strdup(token); + if (!gateway || (gateway_type == 0 && + (token[0] != '.' || token[1] != '\0'))) { + LDNS_FREE(gateway); + LDNS_FREE(token); + ldns_buffer_free(str_buf); + return LDNS_STATUS_INVALID_STR; + } + break; + case 4: + publickey = strdup(token); + break; + default: + LDNS_FREE(token); + ldns_buffer_free(str_buf); + return LDNS_STATUS_INVALID_STR; + break; + } + token_count++; + } + + if (!gateway || !publickey) { + if (gateway) + LDNS_FREE(gateway); + if (publickey) + LDNS_FREE(publickey); + LDNS_FREE(token); + ldns_buffer_free(str_buf); + return LDNS_STATUS_INVALID_STR; + } + + if (gateway_type == 1) { + status = ldns_str2rdf_a(&gateway_rdf, gateway); + } else if (gateway_type == 2) { + status = ldns_str2rdf_aaaa(&gateway_rdf, gateway); + } else if (gateway_type == 3) { + status = ldns_str2rdf_dname(&gateway_rdf, gateway); + } + + if (status != LDNS_STATUS_OK) { + if (gateway) + LDNS_FREE(gateway); + if (publickey) + LDNS_FREE(publickey); + LDNS_FREE(token); + ldns_buffer_free(str_buf); + return LDNS_STATUS_INVALID_STR; + } + + status = ldns_str2rdf_b64(&publickey_rdf, publickey); + + if (status != LDNS_STATUS_OK) { + if (gateway) + LDNS_FREE(gateway); + if (publickey) + LDNS_FREE(publickey); + LDNS_FREE(token); + ldns_buffer_free(str_buf); + if (gateway_rdf) ldns_rdf_free(gateway_rdf); + return LDNS_STATUS_INVALID_STR; + } + + /* now copy all into one ipseckey rdf */ + if (gateway_type) + ipseckey_len = 3 + (int)ldns_rdf_size(gateway_rdf) + (int)ldns_rdf_size(publickey_rdf); + else + ipseckey_len = 3 + (int)ldns_rdf_size(publickey_rdf); + + data = LDNS_XMALLOC(uint8_t, ipseckey_len); + if(!data) { + if (gateway) + LDNS_FREE(gateway); + if (publickey) + LDNS_FREE(publickey); + LDNS_FREE(token); + ldns_buffer_free(str_buf); + if (gateway_rdf) ldns_rdf_free(gateway_rdf); + if (publickey_rdf) ldns_rdf_free(publickey_rdf); + return LDNS_STATUS_MEM_ERR; + } + + data[0] = precedence; + data[1] = gateway_type; + data[2] = algorithm; + + if (gateway_type) { + memcpy(data + 3, + ldns_rdf_data(gateway_rdf), ldns_rdf_size(gateway_rdf)); + memcpy(data + 3 + ldns_rdf_size(gateway_rdf), + ldns_rdf_data(publickey_rdf), ldns_rdf_size(publickey_rdf)); + } else { + memcpy(data + 3, + ldns_rdf_data(publickey_rdf), ldns_rdf_size(publickey_rdf)); + } + + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_IPSECKEY, (uint16_t) ipseckey_len, data); + + if (gateway) + LDNS_FREE(gateway); + if (publickey) + LDNS_FREE(publickey); + LDNS_FREE(token); + ldns_buffer_free(str_buf); + ldns_rdf_free(gateway_rdf); + ldns_rdf_free(publickey_rdf); + LDNS_FREE(data); + if(!*rd) return LDNS_STATUS_MEM_ERR; + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_ilnp64(ldns_rdf **rd, const char *str) +{ + unsigned int a, b, c, d; + uint16_t shorts[4]; + int l; + + if (sscanf(str, "%4x:%4x:%4x:%4x%n", &a, &b, &c, &d, &l) != 4 || + l != (int)strlen(str) || /* more data to read */ + strpbrk(str, "+-") /* signed hexes */ + ) { + return LDNS_STATUS_INVALID_ILNP64; + } else { + shorts[0] = htons(a); + shorts[1] = htons(b); + shorts[2] = htons(c); + shorts[3] = htons(d); + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_ILNP64, 4 * sizeof(uint16_t), &shorts); + } + return *rd ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; +} + +ldns_status +ldns_str2rdf_eui48(ldns_rdf **rd, const char *str) +{ + unsigned int a, b, c, d, e, f; + uint8_t bytes[6]; + int l; + + if (sscanf(str, "%2x-%2x-%2x-%2x-%2x-%2x%n", + &a, &b, &c, &d, &e, &f, &l) != 6 || + l != (int)strlen(str)) { + return LDNS_STATUS_INVALID_EUI48; + } else { + bytes[0] = a; + bytes[1] = b; + bytes[2] = c; + bytes[3] = d; + bytes[4] = e; + bytes[5] = f; + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_EUI48, 6, &bytes); + } + return *rd ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; +} + +ldns_status +ldns_str2rdf_eui64(ldns_rdf **rd, const char *str) +{ + unsigned int a, b, c, d, e, f, g, h; + uint8_t bytes[8]; + int l; + + if (sscanf(str, "%2x-%2x-%2x-%2x-%2x-%2x-%2x-%2x%n", + &a, &b, &c, &d, &e, &f, &g, &h, &l) != 8 || + l != (int)strlen(str)) { + return LDNS_STATUS_INVALID_EUI64; + } else { + bytes[0] = a; + bytes[1] = b; + bytes[2] = c; + bytes[3] = d; + bytes[4] = e; + bytes[5] = f; + bytes[6] = g; + bytes[7] = h; + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_EUI64, 8, &bytes); + } + return *rd ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; +} + +ldns_status +ldns_str2rdf_tag(ldns_rdf **rd, const char *str) +{ + uint8_t *data; + const char* ptr; + + if (strlen(str) > 255) { + return LDNS_STATUS_INVALID_TAG; + } + for (ptr = str; *ptr; ptr++) { + if (! isalnum(*ptr)) { + return LDNS_STATUS_INVALID_TAG; + } + } + data = LDNS_XMALLOC(uint8_t, strlen(str) + 1); + if (!data) { + return LDNS_STATUS_MEM_ERR; + } + data[0] = strlen(str); + memcpy(data + 1, str, strlen(str)); + + *rd = ldns_rdf_new(LDNS_RDF_TYPE_TAG, strlen(str) + 1, data); + if (!*rd) { + LDNS_FREE(data); + return LDNS_STATUS_MEM_ERR; + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_long_str(ldns_rdf **rd, const char *str) +{ + uint8_t *data, *dp, ch = 0; + size_t length; + + /* Worst case space requirement. We'll realloc to actual size later. */ + dp = data = LDNS_XMALLOC(uint8_t, strlen(str)); + if (! data) { + return LDNS_STATUS_MEM_ERR; + } + + /* Fill data with parsed bytes */ + while (parse_char(&ch, &str)) { + *dp++ = ch; + if (dp - data > LDNS_MAX_RDFLEN) { + LDNS_FREE(data); + return LDNS_STATUS_INVALID_STR; + } + } + if (! str) { + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + } + length = (size_t)(dp - data); + + /* Lose the overmeasure */ + data = LDNS_XREALLOC(dp = data, uint8_t, length); + if (! data) { + LDNS_FREE(dp); + return LDNS_STATUS_MEM_ERR; + } + + /* Create rdf */ + *rd = ldns_rdf_new(LDNS_RDF_TYPE_LONG_STR, length, data); + if (! *rd) { + LDNS_FREE(data); + return LDNS_STATUS_MEM_ERR; + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_hip(ldns_rdf **rd, const char *str) +{ + const char *hit = strchr(str, ' ') + 1; + const char *pk = hit == NULL ? NULL : strchr(hit, ' ') + 1; + size_t hit_size = hit == NULL ? 0 + : pk == NULL ? strlen(hit) : (size_t) (pk - hit) - 1; + size_t pk_size = pk == NULL ? 0 : strlen(pk); + size_t hit_wire_size = (hit_size + 1) / 2; + size_t pk_wire_size = ldns_b64_pton_calculate_size(pk_size); + size_t rdf_size = 4 + hit_wire_size + pk_wire_size; + + char *endptr; /* utility var for strtol usage */ + int algorithm = strtol(str, &endptr, 10); + + uint8_t *data, *dp; + int hi, lo, written; + + if (hit_size == 0 || pk_size == 0 || (hit_size + 1) / 2 > 255 + || rdf_size > LDNS_MAX_RDFLEN + || algorithm < 0 || algorithm > 255 + || (errno != 0 && algorithm == 0) /* out of range */ + || endptr == str /* no digits */) { + + return LDNS_STATUS_SYNTAX_ERR; + } + if ((data = LDNS_XMALLOC(uint8_t, rdf_size)) == NULL) { + + return LDNS_STATUS_MEM_ERR; + } + /* From RFC 5205 section 5. HIP RR Storage Format: + ************************************************* + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | HIT length | PK algorithm | PK length | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + ~ HIT ~ + | | + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | | + +-+-+-+-+-+-+-+-+-+-+-+ + + | Public Key | + ~ ~ + | | + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | | + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + | | + ~ Rendezvous Servers ~ + | | + + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | | + +-+-+-+-+-+-+-+ */ + + data[0] = (uint8_t) hit_wire_size; + data[1] = (uint8_t) algorithm; + + for (dp = data + 4; *hit && *hit != ' '; dp++) { + + if ((hi = ldns_hexdigit_to_int(*hit++)) == -1 || + (lo = ldns_hexdigit_to_int(*hit++)) == -1) { + + LDNS_FREE(data); + return LDNS_STATUS_INVALID_HEX; + } + *dp = (uint8_t) hi << 4 | lo; + } + if ((written = ldns_b64_pton(pk, dp, pk_wire_size)) <= 0) { + + LDNS_FREE(data); + return LDNS_STATUS_INVALID_B64; + } + + /* Because ldns_b64_pton_calculate_size isn't always correct: + * (we have to fix it at some point) + */ + pk_wire_size = (uint16_t) written; + ldns_write_uint16(data + 2, pk_wire_size); + rdf_size = 4 + hit_wire_size + pk_wire_size; + + /* Create rdf */ + if (! (*rd = ldns_rdf_new(LDNS_RDF_TYPE_HIP, rdf_size, data))) { + + LDNS_FREE(data); + return LDNS_STATUS_MEM_ERR; + } + return LDNS_STATUS_OK; +} diff --git a/ldns/src/tsig.c b/ldns/src/tsig.c new file mode 100644 index 0000000..53aa85e --- /dev/null +++ b/ldns/src/tsig.c @@ -0,0 +1,470 @@ +/* + * tsig.c + * + * contains the functions needed for TSIG [RFC2845] + * + * (c) 2005-2006 NLnet Labs + * See the file LICENSE for the license + */ + +#include + +#include + +#include + +#ifdef HAVE_SSL +#include +#include +#endif /* HAVE_SSL */ + +char * +ldns_tsig_algorithm(ldns_tsig_credentials *tc) +{ + return tc->algorithm; +} + +char * +ldns_tsig_keyname(ldns_tsig_credentials *tc) +{ + return tc->keyname; +} + +char * +ldns_tsig_keydata(ldns_tsig_credentials *tc) +{ + return tc->keydata; +} + +char * +ldns_tsig_keyname_clone(ldns_tsig_credentials *tc) +{ + return strdup(tc->keyname); +} + +char * +ldns_tsig_keydata_clone(ldns_tsig_credentials *tc) +{ + return strdup(tc->keydata); +} + +/* + * Makes an exact copy of the wire, but with the tsig rr removed + */ +static uint8_t * +ldns_tsig_prepare_pkt_wire(uint8_t *wire, size_t wire_len, size_t *result_len) +{ + uint8_t *wire2 = NULL; + uint16_t qd_count; + uint16_t an_count; + uint16_t ns_count; + uint16_t ar_count; + ldns_rr *rr; + + size_t pos; + uint16_t i; + + ldns_status status; + + if(wire_len < LDNS_HEADER_SIZE) { + return NULL; + } + /* fake parse the wire */ + qd_count = LDNS_QDCOUNT(wire); + an_count = LDNS_ANCOUNT(wire); + ns_count = LDNS_NSCOUNT(wire); + ar_count = LDNS_ARCOUNT(wire); + + if (ar_count > 0) { + ar_count--; + } else { + return NULL; + } + + pos = LDNS_HEADER_SIZE; + + for (i = 0; i < qd_count; i++) { + status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_QUESTION); + if (status != LDNS_STATUS_OK) { + return NULL; + } + ldns_rr_free(rr); + } + + for (i = 0; i < an_count; i++) { + status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_ANSWER); + if (status != LDNS_STATUS_OK) { + return NULL; + } + ldns_rr_free(rr); + } + + for (i = 0; i < ns_count; i++) { + status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_AUTHORITY); + if (status != LDNS_STATUS_OK) { + return NULL; + } + ldns_rr_free(rr); + } + + for (i = 0; i < ar_count; i++) { + status = ldns_wire2rr(&rr, wire, wire_len, &pos, + LDNS_SECTION_ADDITIONAL); + if (status != LDNS_STATUS_OK) { + return NULL; + } + ldns_rr_free(rr); + } + + *result_len = pos; + wire2 = LDNS_XMALLOC(uint8_t, *result_len); + if(!wire2) { + return NULL; + } + memcpy(wire2, wire, *result_len); + + ldns_write_uint16(wire2 + LDNS_ARCOUNT_OFF, ar_count); + + return wire2; +} + +#ifdef HAVE_SSL +static const EVP_MD * +ldns_digest_function(char *name) +{ + /* these are the mandatory algorithms from RFC4635 */ + /* The optional algorithms are not yet implemented */ + if (strcasecmp(name, "hmac-sha256.") == 0) { +#ifdef HAVE_EVP_SHA256 + return EVP_sha256(); +#else + return NULL; +#endif + } else if (strcasecmp(name, "hmac-sha1.") == 0) { + return EVP_sha1(); + } else if (strcasecmp(name, "hmac-md5.sig-alg.reg.int.") == 0) { + return EVP_md5(); + } else { + return NULL; + } +} +#endif + +#ifdef HAVE_SSL +static ldns_status +ldns_tsig_mac_new(ldns_rdf **tsig_mac, uint8_t *pkt_wire, size_t pkt_wire_size, + const char *key_data, ldns_rdf *key_name_rdf, ldns_rdf *fudge_rdf, + ldns_rdf *algorithm_rdf, ldns_rdf *time_signed_rdf, ldns_rdf *error_rdf, + ldns_rdf *other_data_rdf, ldns_rdf *orig_mac_rdf, int tsig_timers_only) +{ + ldns_status status; + char *wireformat; + int wiresize; + unsigned char *mac_bytes = NULL; + unsigned char *key_bytes = NULL; + int key_size; + const EVP_MD *digester; + char *algorithm_name = NULL; + unsigned int md_len = EVP_MAX_MD_SIZE; + ldns_rdf *result = NULL; + ldns_buffer *data_buffer = NULL; + ldns_rdf *canonical_key_name_rdf = NULL; + ldns_rdf *canonical_algorithm_rdf = NULL; + + if (key_name_rdf == NULL || algorithm_rdf == NULL) { + return LDNS_STATUS_NULL; + } + canonical_key_name_rdf = ldns_rdf_clone(key_name_rdf); + if (canonical_key_name_rdf == NULL) { + return LDNS_STATUS_MEM_ERR; + } + canonical_algorithm_rdf = ldns_rdf_clone(algorithm_rdf); + if (canonical_algorithm_rdf == NULL) { + ldns_rdf_deep_free(canonical_key_name_rdf); + return LDNS_STATUS_MEM_ERR; + } + /* + * prepare the digestable information + */ + data_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!data_buffer) { + status = LDNS_STATUS_MEM_ERR; + goto clean; + } + /* if orig_mac is not NULL, add it too */ + if (orig_mac_rdf) { + (void) ldns_rdf2buffer_wire(data_buffer, orig_mac_rdf); + } + ldns_buffer_write(data_buffer, pkt_wire, pkt_wire_size); + if (!tsig_timers_only) { + ldns_dname2canonical(canonical_key_name_rdf); + (void)ldns_rdf2buffer_wire(data_buffer, + canonical_key_name_rdf); + ldns_buffer_write_u16(data_buffer, LDNS_RR_CLASS_ANY); + ldns_buffer_write_u32(data_buffer, 0); + ldns_dname2canonical(canonical_algorithm_rdf); + (void)ldns_rdf2buffer_wire(data_buffer, + canonical_algorithm_rdf); + } + (void)ldns_rdf2buffer_wire(data_buffer, time_signed_rdf); + (void)ldns_rdf2buffer_wire(data_buffer, fudge_rdf); + if (!tsig_timers_only) { + (void)ldns_rdf2buffer_wire(data_buffer, error_rdf); + (void)ldns_rdf2buffer_wire(data_buffer, other_data_rdf); + } + + wireformat = (char *) data_buffer->_data; + wiresize = (int) ldns_buffer_position(data_buffer); + + algorithm_name = ldns_rdf2str(algorithm_rdf); + if(!algorithm_name) { + status = LDNS_STATUS_MEM_ERR; + goto clean; + } + + /* prepare the key */ + key_bytes = LDNS_XMALLOC(unsigned char, + ldns_b64_pton_calculate_size(strlen(key_data))); + if(!key_bytes) { + status = LDNS_STATUS_MEM_ERR; + goto clean; + } + key_size = ldns_b64_pton(key_data, key_bytes, + ldns_b64_pton_calculate_size(strlen(key_data))); + if (key_size < 0) { + status = LDNS_STATUS_INVALID_B64; + goto clean; + } + /* hmac it */ + /* 2 spare bytes for the length */ + mac_bytes = LDNS_XMALLOC(unsigned char, md_len+2); + if(!mac_bytes) { + status = LDNS_STATUS_MEM_ERR; + goto clean; + } + memset(mac_bytes, 0, md_len+2); + + digester = ldns_digest_function(algorithm_name); + + if (digester) { + (void) HMAC(digester, key_bytes, key_size, (void *)wireformat, + (size_t) wiresize, mac_bytes + 2, &md_len); + + ldns_write_uint16(mac_bytes, md_len); + result = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16_DATA, md_len + 2, + mac_bytes); + } else { + status = LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; + goto clean; + } + *tsig_mac = result; + status = LDNS_STATUS_OK; + clean: + LDNS_FREE(mac_bytes); + LDNS_FREE(key_bytes); + LDNS_FREE(algorithm_name); + ldns_buffer_free(data_buffer); + ldns_rdf_deep_free(canonical_algorithm_rdf); + ldns_rdf_deep_free(canonical_key_name_rdf); + return status; +} +#endif /* HAVE_SSL */ + + +#ifdef HAVE_SSL +bool +ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char *key_name, + const char *key_data, ldns_rdf *orig_mac_rdf) +{ + return ldns_pkt_tsig_verify_next(pkt, wire, wirelen, key_name, key_data, orig_mac_rdf, 0); +} + +bool +ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char* key_name, + const char *key_data, ldns_rdf *orig_mac_rdf, int tsig_timers_only) +{ + ldns_rdf *fudge_rdf; + ldns_rdf *algorithm_rdf; + ldns_rdf *time_signed_rdf; + ldns_rdf *orig_id_rdf; + ldns_rdf *error_rdf; + ldns_rdf *other_data_rdf; + ldns_rdf *pkt_mac_rdf; + ldns_rdf *my_mac_rdf; + ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name); + uint16_t pkt_id, orig_pkt_id; + ldns_status status; + + uint8_t *prepared_wire = NULL; + size_t prepared_wire_size = 0; + + ldns_rr *orig_tsig = ldns_pkt_tsig(pkt); + + if (!orig_tsig || ldns_rr_rd_count(orig_tsig) <= 6) { + ldns_rdf_deep_free(key_name_rdf); + return false; + } + algorithm_rdf = ldns_rr_rdf(orig_tsig, 0); + time_signed_rdf = ldns_rr_rdf(orig_tsig, 1); + fudge_rdf = ldns_rr_rdf(orig_tsig, 2); + pkt_mac_rdf = ldns_rr_rdf(orig_tsig, 3); + orig_id_rdf = ldns_rr_rdf(orig_tsig, 4); + error_rdf = ldns_rr_rdf(orig_tsig, 5); + other_data_rdf = ldns_rr_rdf(orig_tsig, 6); + + /* remove temporarily */ + ldns_pkt_set_tsig(pkt, NULL); + /* temporarily change the id to the original id */ + pkt_id = ldns_pkt_id(pkt); + orig_pkt_id = ldns_rdf2native_int16(orig_id_rdf); + ldns_pkt_set_id(pkt, orig_pkt_id); + + prepared_wire = ldns_tsig_prepare_pkt_wire(wire, wirelen, &prepared_wire_size); + + status = ldns_tsig_mac_new(&my_mac_rdf, prepared_wire, prepared_wire_size, + key_data, key_name_rdf, fudge_rdf, algorithm_rdf, + time_signed_rdf, error_rdf, other_data_rdf, orig_mac_rdf, tsig_timers_only); + + LDNS_FREE(prepared_wire); + + if (status != LDNS_STATUS_OK) { + ldns_rdf_deep_free(key_name_rdf); + return false; + } + /* Put back the values */ + ldns_pkt_set_tsig(pkt, orig_tsig); + ldns_pkt_set_id(pkt, pkt_id); + + ldns_rdf_deep_free(key_name_rdf); + + if (ldns_rdf_compare(pkt_mac_rdf, my_mac_rdf) == 0) { + ldns_rdf_deep_free(my_mac_rdf); + return true; + } else { + ldns_rdf_deep_free(my_mac_rdf); + return false; + } +} +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +ldns_status +ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, + uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac) +{ + return ldns_pkt_tsig_sign_next(pkt, key_name, key_data, fudge, algorithm_name, query_mac, 0); +} + +ldns_status +ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, + uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only) +{ + ldns_rr *tsig_rr; + ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name); + ldns_rdf *fudge_rdf = NULL; + ldns_rdf *orig_id_rdf = NULL; + ldns_rdf *algorithm_rdf; + ldns_rdf *error_rdf = NULL; + ldns_rdf *mac_rdf = NULL; + ldns_rdf *other_data_rdf = NULL; + + ldns_status status = LDNS_STATUS_OK; + + uint8_t *pkt_wire = NULL; + size_t pkt_wire_len; + + struct timeval tv_time_signed; + uint8_t *time_signed = NULL; + ldns_rdf *time_signed_rdf = NULL; + + algorithm_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, algorithm_name); + if(!key_name_rdf || !algorithm_rdf) { + status = LDNS_STATUS_MEM_ERR; + goto clean; + } + + /* eww don't have create tsigtime rdf yet :( */ + /* bleh :p */ + if (gettimeofday(&tv_time_signed, NULL) == 0) { + time_signed = LDNS_XMALLOC(uint8_t, 6); + if(!time_signed) { + status = LDNS_STATUS_MEM_ERR; + goto clean; + } + ldns_write_uint64_as_uint48(time_signed, + (uint64_t)tv_time_signed.tv_sec); + } else { + status = LDNS_STATUS_INTERNAL_ERR; + goto clean; + } + + time_signed_rdf = ldns_rdf_new(LDNS_RDF_TYPE_TSIGTIME, 6, time_signed); + if(!time_signed_rdf) { + LDNS_FREE(time_signed); + status = LDNS_STATUS_MEM_ERR; + goto clean; + } + + fudge_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, fudge); + + orig_id_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, ldns_pkt_id(pkt)); + + error_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, 0); + + other_data_rdf = ldns_native2rdf_int16_data(0, NULL); + + if(!fudge_rdf || !orig_id_rdf || !error_rdf || !other_data_rdf) { + status = LDNS_STATUS_MEM_ERR; + goto clean; + } + + if (ldns_pkt2wire(&pkt_wire, pkt, &pkt_wire_len) != LDNS_STATUS_OK) { + status = LDNS_STATUS_ERR; + goto clean; + } + + status = ldns_tsig_mac_new(&mac_rdf, pkt_wire, pkt_wire_len, + key_data, key_name_rdf, fudge_rdf, algorithm_rdf, + time_signed_rdf, error_rdf, other_data_rdf, query_mac, tsig_timers_only); + + if (!mac_rdf) { + goto clean; + } + + LDNS_FREE(pkt_wire); + + /* Create the TSIG RR */ + tsig_rr = ldns_rr_new(); + if(!tsig_rr) { + status = LDNS_STATUS_MEM_ERR; + goto clean; + } + ldns_rr_set_owner(tsig_rr, key_name_rdf); + ldns_rr_set_class(tsig_rr, LDNS_RR_CLASS_ANY); + ldns_rr_set_type(tsig_rr, LDNS_RR_TYPE_TSIG); + ldns_rr_set_ttl(tsig_rr, 0); + + ldns_rr_push_rdf(tsig_rr, algorithm_rdf); + ldns_rr_push_rdf(tsig_rr, time_signed_rdf); + ldns_rr_push_rdf(tsig_rr, fudge_rdf); + ldns_rr_push_rdf(tsig_rr, mac_rdf); + ldns_rr_push_rdf(tsig_rr, orig_id_rdf); + ldns_rr_push_rdf(tsig_rr, error_rdf); + ldns_rr_push_rdf(tsig_rr, other_data_rdf); + + ldns_pkt_set_tsig(pkt, tsig_rr); + + return status; + + clean: + LDNS_FREE(pkt_wire); + ldns_rdf_free(key_name_rdf); + ldns_rdf_free(algorithm_rdf); + ldns_rdf_free(time_signed_rdf); + ldns_rdf_free(fudge_rdf); + ldns_rdf_free(orig_id_rdf); + ldns_rdf_free(error_rdf); + ldns_rdf_free(other_data_rdf); + return status; +} +#endif /* HAVE_SSL */ diff --git a/ldns/src/update.c b/ldns/src/update.c new file mode 100644 index 0000000..74e9d19 --- /dev/null +++ b/ldns/src/update.c @@ -0,0 +1,325 @@ +/* update.c + * + * Functions for RFC 2136 Dynamic Update + * + * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + */ + +#include + +#include + +#include +#include +#include + +/* + * RFC 2136 sections mapped to RFC 1035: + * zone/ZO -- QD/question + * prerequisites/PR -- AN/answers + * updates/UP -- NS/authority records + * additional data/AD -- AR/additional records + */ + +ldns_pkt * +ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class c, + ldns_rr_list *pr_rrlist, ldns_rr_list *up_rrlist, ldns_rr_list *ad_rrlist) +{ + ldns_pkt *p; + + if (!zone_rdf || !up_rrlist) { + return NULL; + } + + if (c == 0) { + c = LDNS_RR_CLASS_IN; + } + + /* Create packet, fill in Zone Section. */ + p = ldns_pkt_query_new(zone_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); + if (!p) { + return NULL; + } + zone_rdf = NULL; /* No longer safe to use. */ + + ldns_pkt_set_opcode(p, LDNS_PACKET_UPDATE); + + ldns_rr_list_deep_free(p->_authority); + + ldns_pkt_set_authority(p, ldns_rr_list_clone(up_rrlist)); + + ldns_update_set_upcount(p, ldns_rr_list_rr_count(up_rrlist)); + + if (pr_rrlist) { + ldns_rr_list_deep_free(p->_answer); /*XXX access function */ + ldns_pkt_set_answer(p, ldns_rr_list_clone(pr_rrlist)); + ldns_update_set_prcount(p, ldns_rr_list_rr_count(pr_rrlist)); + } + + if (ad_rrlist) { + ldns_rr_list_deep_free(p->_additional); + ldns_pkt_set_additional(p, ldns_rr_list_clone(ad_rrlist)); + ldns_update_set_adcount(p, ldns_rr_list_rr_count(ad_rrlist)); + } + return p; +} + +ldns_status +ldns_update_pkt_tsig_add(ldns_pkt *p, ldns_resolver *r) +{ +#ifdef HAVE_SSL + uint16_t fudge = 300; /* Recommended fudge. [RFC2845 6.4] */ + if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r)) + return ldns_pkt_tsig_sign(p, ldns_resolver_tsig_keyname(r), + ldns_resolver_tsig_keydata(r), fudge, + ldns_resolver_tsig_algorithm(r), NULL); +#else + /* do nothing */ + (void)p; + (void)r; +#endif /* HAVE_SSL */ + /* No TSIG to do. */ + return LDNS_STATUS_OK; +} + +/* Move to higher.c or similar? */ +/* XXX doc */ +ldns_status +ldns_update_soa_mname(ldns_rdf *zone, ldns_resolver *r, + ldns_rr_class c, ldns_rdf **mname) +{ + ldns_rr *soa_rr; + ldns_pkt *query, *resp; + + /* Nondestructive, so clone 'zone' here */ + query = ldns_pkt_query_new(ldns_rdf_clone(zone), LDNS_RR_TYPE_SOA, + c, LDNS_RD); + if (!query) { + return LDNS_STATUS_ERR; + } + + ldns_pkt_set_random_id(query); + if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { + ldns_pkt_free(query); + return LDNS_STATUS_ERR; + } + ldns_pkt_free(query); + if (!resp) { + return LDNS_STATUS_ERR; + } + + /* Expect a SOA answer. */ + *mname = NULL; + while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_answer(resp)))) { + if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA + || ldns_rr_rdf(soa_rr, 0) == NULL) + continue; + /* [RFC1035 3.3.13] */ + *mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); + break; + } + ldns_pkt_free(resp); + + return *mname ? LDNS_STATUS_OK : LDNS_STATUS_ERR; +} + +/* Try to get zone and MNAME from SOA queries. */ +ldns_status +ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r, + ldns_rr_class c, ldns_rdf **zone_rdf, ldns_rdf **mname_rdf) +{ + ldns_rr *soa_rr, *rr; + ldns_rdf *soa_zone = NULL, *soa_mname = NULL; + ldns_rdf *ipaddr, *fqdn_rdf, *tmp; + ldns_rdf **nslist; + ldns_pkt *query, *resp; + ldns_resolver *tmp_r; + size_t i; + + /* + * XXX Ok, this cannot be the best way to find this...? + * XXX (I run into weird cache-related stuff here) + */ + + /* Step 1 - first find a nameserver that should know *something* */ + fqdn_rdf = ldns_dname_new_frm_str(fqdn); + query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); + if (!query) { + return LDNS_STATUS_ERR; + } + fqdn_rdf = NULL; + + ldns_pkt_set_random_id(query); + if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { + ldns_pkt_free(query); + return LDNS_STATUS_ERR; + } + ldns_pkt_free(query); + if (!resp) { + return LDNS_STATUS_ERR; + } + + /* XXX Is it safe to only look in authority section here? */ + while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_authority(resp)))) { + if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA + || ldns_rr_rdf(soa_rr, 0) == NULL) + continue; + /* [RFC1035 3.3.13] */ + soa_mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); + break; + } + ldns_pkt_free(resp); + if (!soa_rr) { + return LDNS_STATUS_ERR; + } + + /* Step 2 - find SOA MNAME IP address, add to resolver */ + query = ldns_pkt_query_new(soa_mname, LDNS_RR_TYPE_A, c, LDNS_RD); + if (!query) { + return LDNS_STATUS_ERR; + } + soa_mname = NULL; + + ldns_pkt_set_random_id(query); + if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { + ldns_pkt_free(query); + return LDNS_STATUS_ERR; + } + ldns_pkt_free(query); + if (!resp) { + return LDNS_STATUS_ERR; + } + + if (ldns_pkt_ancount(resp) == 0) { + ldns_pkt_free(resp); + return LDNS_STATUS_ERR; + } + + /* XXX There may be more than one answer RR here. */ + rr = ldns_rr_list_pop_rr(ldns_pkt_answer(resp)); + ipaddr = ldns_rr_rdf(rr, 0); + + /* Put the SOA mname IP first in the nameserver list. */ + if (!(tmp_r = ldns_resolver_clone(r))) { + return LDNS_STATUS_MEM_ERR; + } + nslist = ldns_resolver_nameservers(tmp_r); + for (i = 0; i < ldns_resolver_nameserver_count(tmp_r); i++) { + if (ldns_rdf_compare(ipaddr, nslist[i]) == 0) { + if (i) { + tmp = nslist[0]; + nslist[0] = nslist[i]; + nslist[i] = tmp; + } + break; + } + } + if (i >= ldns_resolver_nameserver_count(tmp_r)) { + /* SOA mname was not part of the resolver so add it first. */ + (void) ldns_resolver_push_nameserver(tmp_r, ipaddr); + nslist = ldns_resolver_nameservers(tmp_r); + i = ldns_resolver_nameserver_count(tmp_r) - 1; + tmp = nslist[0]; + nslist[0] = nslist[i]; + nslist[i] = tmp; + } + ldns_pkt_free(resp); + + /* Make sure to ask the first in the list, i.e SOA mname */ + ldns_resolver_set_random(tmp_r, false); + + /* Step 3 - Redo SOA query, sending to SOA MNAME directly. */ + fqdn_rdf = ldns_dname_new_frm_str(fqdn); + query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); + if (!query) { + ldns_resolver_free(tmp_r); + return LDNS_STATUS_ERR; + } + fqdn_rdf = NULL; + + ldns_pkt_set_random_id(query); + if (ldns_resolver_send_pkt(&resp, tmp_r, query) != LDNS_STATUS_OK) { + ldns_pkt_free(query); + ldns_resolver_free(tmp_r); + return LDNS_STATUS_ERR; + } + ldns_resolver_free(tmp_r); + ldns_pkt_free(query); + if (!resp) { + return LDNS_STATUS_ERR; + } + + /* XXX Is it safe to only look in authority section here, too? */ + while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_authority(resp)))) { + if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA + || ldns_rr_rdf(soa_rr, 0) == NULL) + continue; + /* [RFC1035 3.3.13] */ + soa_mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); + soa_zone = ldns_rdf_clone(ldns_rr_owner(soa_rr)); + break; + } + ldns_pkt_free(resp); + if (!soa_rr) { + return LDNS_STATUS_ERR; + } + + /* That seems to have worked, pass results to caller. */ + *zone_rdf = soa_zone; + *mname_rdf = soa_mname; + return LDNS_STATUS_OK; +} + +/* + * ldns_update_{get,set}_{zo,pr,up,ad}count + */ + +uint16_t +ldns_update_zocount(const ldns_pkt *p) +{ + return ldns_pkt_qdcount(p); +} + +uint16_t +ldns_update_prcount(const ldns_pkt *p) +{ + return ldns_pkt_ancount(p); +} + +uint16_t +ldns_update_upcount(const ldns_pkt *p) +{ + return ldns_pkt_nscount(p); +} + +uint16_t +ldns_update_ad(const ldns_pkt *p) +{ + return ldns_pkt_arcount(p); +} + +void +ldns_update_set_zo(ldns_pkt *p, uint16_t v) +{ + ldns_pkt_set_qdcount(p, v); +} + +void +ldns_update_set_prcount(ldns_pkt *p, uint16_t v) +{ + ldns_pkt_set_ancount(p, v); +} + +void +ldns_update_set_upcount(ldns_pkt *p, uint16_t v) +{ + ldns_pkt_set_nscount(p, v); +} + +void +ldns_update_set_adcount(ldns_pkt *p, uint16_t v) +{ + ldns_pkt_set_arcount(p, v); +} diff --git a/ldns/src/util.c b/ldns/src/util.c new file mode 100644 index 0000000..33060d9 --- /dev/null +++ b/ldns/src/util.c @@ -0,0 +1,773 @@ +/* + * util.c + * + * some general memory functions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_SSL +#include +#endif + +ldns_lookup_table * +ldns_lookup_by_name(ldns_lookup_table *table, const char *name) +{ + while (table->name != NULL) { + if (strcasecmp(name, table->name) == 0) + return table; + table++; + } + return NULL; +} + +ldns_lookup_table * +ldns_lookup_by_id(ldns_lookup_table *table, int id) +{ + while (table->name != NULL) { + if (table->id == id) + return table; + table++; + } + return NULL; +} + +int +ldns_get_bit(uint8_t bits[], size_t index) +{ + /* + * The bits are counted from left to right, so bit #0 is the + * left most bit. + */ + return (int) (bits[index / 8] & (1 << (7 - index % 8))); +} + +int +ldns_get_bit_r(uint8_t bits[], size_t index) +{ + /* + * The bits are counted from right to left, so bit #0 is the + * right most bit. + */ + return (int) bits[index / 8] & (1 << (index % 8)); +} + +void +ldns_set_bit(uint8_t *byte, int bit_nr, bool value) +{ + /* + * The bits are counted from right to left, so bit #0 is the + * right most bit. + */ + if (bit_nr >= 0 && bit_nr < 8) { + if (value) { + *byte = *byte | (0x01 << bit_nr); + } else { + *byte = *byte & ~(0x01 << bit_nr); + } + } +} + +int +ldns_hexdigit_to_int(char ch) +{ + switch (ch) { + case '0': return 0; + case '1': return 1; + case '2': return 2; + case '3': return 3; + case '4': return 4; + case '5': return 5; + case '6': return 6; + case '7': return 7; + case '8': return 8; + case '9': return 9; + case 'a': case 'A': return 10; + case 'b': case 'B': return 11; + case 'c': case 'C': return 12; + case 'd': case 'D': return 13; + case 'e': case 'E': return 14; + case 'f': case 'F': return 15; + default: + return -1; + } +} + +char +ldns_int_to_hexdigit(int i) +{ + switch (i) { + case 0: return '0'; + case 1: return '1'; + case 2: return '2'; + case 3: return '3'; + case 4: return '4'; + case 5: return '5'; + case 6: return '6'; + case 7: return '7'; + case 8: return '8'; + case 9: return '9'; + case 10: return 'a'; + case 11: return 'b'; + case 12: return 'c'; + case 13: return 'd'; + case 14: return 'e'; + case 15: return 'f'; + default: + abort(); + } +} + +int +ldns_hexstring_to_data(uint8_t *data, const char *str) +{ + size_t i; + + if (!str || !data) { + return -1; + } + + if (strlen(str) % 2 != 0) { + return -2; + } + + for (i = 0; i < strlen(str) / 2; i++) { + data[i] = + 16 * (uint8_t) ldns_hexdigit_to_int(str[i*2]) + + (uint8_t) ldns_hexdigit_to_int(str[i*2 + 1]); + } + + return (int) i; +} + +const char * +ldns_version(void) +{ + return (char*)LDNS_VERSION; +} + +/* Number of days per month (except for February in leap years). */ +static const int mdays[] = { + 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 +}; + +#define LDNS_MOD(x,y) (((x) % (y) < 0) ? ((x) % (y) + (y)) : ((x) % (y))) +#define LDNS_DIV(x,y) (((x) % (y) < 0) ? ((x) / (y) - 1 ) : ((x) / (y))) + +static int +is_leap_year(int year) +{ + return LDNS_MOD(year, 4) == 0 && (LDNS_MOD(year, 100) != 0 + || LDNS_MOD(year, 400) == 0); +} + +static int +leap_days(int y1, int y2) +{ + --y1; + --y2; + return (LDNS_DIV(y2, 4) - LDNS_DIV(y1, 4)) - + (LDNS_DIV(y2, 100) - LDNS_DIV(y1, 100)) + + (LDNS_DIV(y2, 400) - LDNS_DIV(y1, 400)); +} + +/* + * Code adapted from Python 2.4.1 sources (Lib/calendar.py). + */ +time_t +ldns_mktime_from_utc(const struct tm *tm) +{ + int year = 1900 + tm->tm_year; + time_t days = 365 * ((time_t) year - 1970) + leap_days(1970, year); + time_t hours; + time_t minutes; + time_t seconds; + int i; + + for (i = 0; i < tm->tm_mon; ++i) { + days += mdays[i]; + } + if (tm->tm_mon > 1 && is_leap_year(year)) { + ++days; + } + days += tm->tm_mday - 1; + + hours = days * 24 + tm->tm_hour; + minutes = hours * 60 + tm->tm_min; + seconds = minutes * 60 + tm->tm_sec; + + return seconds; +} + +time_t +mktime_from_utc(const struct tm *tm) +{ + return ldns_mktime_from_utc(tm); +} + +#if SIZEOF_TIME_T <= 4 + +static void +ldns_year_and_yday_from_days_since_epoch(int64_t days, struct tm *result) +{ + int year = 1970; + int new_year; + + while (days < 0 || days >= (int64_t) (is_leap_year(year) ? 366 : 365)) { + new_year = year + (int) LDNS_DIV(days, 365); + days -= (new_year - year) * 365; + days -= leap_days(year, new_year); + year = new_year; + } + result->tm_year = year; + result->tm_yday = (int) days; +} + +/* Number of days per month in a leap year. */ +static const int leap_year_mdays[] = { + 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 +}; + +static void +ldns_mon_and_mday_from_year_and_yday(struct tm *result) +{ + int idays = result->tm_yday; + const int *mon_lengths = is_leap_year(result->tm_year) ? + leap_year_mdays : mdays; + + result->tm_mon = 0; + while (idays >= mon_lengths[result->tm_mon]) { + idays -= mon_lengths[result->tm_mon++]; + } + result->tm_mday = idays + 1; +} + +static void +ldns_wday_from_year_and_yday(struct tm *result) +{ + result->tm_wday = 4 /* 1-1-1970 was a thursday */ + + LDNS_MOD((result->tm_year - 1970), 7) * LDNS_MOD(365, 7) + + leap_days(1970, result->tm_year) + + result->tm_yday; + result->tm_wday = LDNS_MOD(result->tm_wday, 7); + if (result->tm_wday < 0) { + result->tm_wday += 7; + } +} + +static struct tm * +ldns_gmtime64_r(int64_t clock, struct tm *result) +{ + result->tm_isdst = 0; + result->tm_sec = (int) LDNS_MOD(clock, 60); + clock = LDNS_DIV(clock, 60); + result->tm_min = (int) LDNS_MOD(clock, 60); + clock = LDNS_DIV(clock, 60); + result->tm_hour = (int) LDNS_MOD(clock, 24); + clock = LDNS_DIV(clock, 24); + + ldns_year_and_yday_from_days_since_epoch(clock, result); + ldns_mon_and_mday_from_year_and_yday(result); + ldns_wday_from_year_and_yday(result); + result->tm_year -= 1900; + + return result; +} + +#endif /* SIZEOF_TIME_T <= 4 */ + +static int64_t +ldns_serial_arithmitics_time(int32_t time, time_t now) +{ + int32_t offset = time - (int32_t) now; + return (int64_t) now + offset; +} + + +struct tm * +ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result) +{ +#if SIZEOF_TIME_T <= 4 + int64_t secs_since_epoch = ldns_serial_arithmitics_time(time, now); + return ldns_gmtime64_r(secs_since_epoch, result); +#else + time_t secs_since_epoch = ldns_serial_arithmitics_time(time, now); + return gmtime_r(&secs_since_epoch, result); +#endif +} + +/** + * Init the random source + * applications should call this if they need entropy data within ldns + * If openSSL is available, it is automatically seeded from /dev/urandom + * or /dev/random + * + * If you need more entropy, or have no openssl available, this function + * MUST be called at the start of the program + * + * If openssl *is* available, this function just adds more entropy + **/ +int +ldns_init_random(FILE *fd, unsigned int size) +{ + /* if fp is given, seed srandom with data from file + otherwise use /dev/urandom */ + FILE *rand_f; + uint8_t *seed; + size_t read = 0; + unsigned int seed_i; + struct timeval tv; + + /* we'll need at least sizeof(unsigned int) bytes for the + standard prng seed */ + if (size < (unsigned int) sizeof(seed_i)){ + size = (unsigned int) sizeof(seed_i); + } + + seed = LDNS_XMALLOC(uint8_t, size); + if(!seed) { + return 1; + } + + if (!fd) { + if ((rand_f = fopen("/dev/urandom", "r")) == NULL) { + /* no readable /dev/urandom, try /dev/random */ + if ((rand_f = fopen("/dev/random", "r")) == NULL) { + /* no readable /dev/random either, and no entropy + source given. we'll have to improvise */ + for (read = 0; read < size; read++) { + gettimeofday(&tv, NULL); + seed[read] = (uint8_t) (tv.tv_usec % 256); + } + } else { + read = fread(seed, 1, size, rand_f); + } + } else { + read = fread(seed, 1, size, rand_f); + } + } else { + rand_f = fd; + read = fread(seed, 1, size, rand_f); + } + + if (read < size) { + LDNS_FREE(seed); + if (!fd) fclose(rand_f); + return 1; + } else { +#ifdef HAVE_SSL + /* Seed the OpenSSL prng (most systems have it seeded + automatically, in that case this call just adds entropy */ + RAND_seed(seed, (int) size); +#else + /* Seed the standard prng, only uses the first + * unsigned sizeof(unsiged int) bytes found in the entropy pool + */ + memcpy(&seed_i, seed, sizeof(seed_i)); + srandom(seed_i); +#endif + LDNS_FREE(seed); + } + + if (!fd) { + if (rand_f) fclose(rand_f); + } + + return 0; +} + +/** + * Get random number. + * + */ +uint16_t +ldns_get_random(void) +{ + uint16_t rid = 0; +#ifdef HAVE_SSL + if (RAND_bytes((unsigned char*)&rid, 2) != 1) { + rid = (uint16_t) random(); + } +#else + rid = (uint16_t) random(); +#endif + return rid; +} + +/* + * BubbleBabble code taken from OpenSSH + * Copyright (c) 2001 Carsten Raskgaard. All rights reserved. + */ +char * +ldns_bubblebabble(uint8_t *data, size_t len) +{ + char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; + char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', + 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' }; + size_t i, j = 0, rounds, seed = 1; + char *retval; + + rounds = (len / 2) + 1; + retval = LDNS_XMALLOC(char, rounds * 6); + if(!retval) return NULL; + retval[j++] = 'x'; + for (i = 0; i < rounds; i++) { + size_t idx0, idx1, idx2, idx3, idx4; + if ((i + 1 < rounds) || (len % 2 != 0)) { + idx0 = (((((size_t)(data[2 * i])) >> 6) & 3) + + seed) % 6; + idx1 = (((size_t)(data[2 * i])) >> 2) & 15; + idx2 = ((((size_t)(data[2 * i])) & 3) + + (seed / 6)) % 6; + retval[j++] = vowels[idx0]; + retval[j++] = consonants[idx1]; + retval[j++] = vowels[idx2]; + if ((i + 1) < rounds) { + idx3 = (((size_t)(data[(2 * i) + 1])) >> 4) & 15; + idx4 = (((size_t)(data[(2 * i) + 1]))) & 15; + retval[j++] = consonants[idx3]; + retval[j++] = '-'; + retval[j++] = consonants[idx4]; + seed = ((seed * 5) + + ((((size_t)(data[2 * i])) * 7) + + ((size_t)(data[(2 * i) + 1])))) % 36; + } + } else { + idx0 = seed % 6; + idx1 = 16; + idx2 = seed / 6; + retval[j++] = vowels[idx0]; + retval[j++] = consonants[idx1]; + retval[j++] = vowels[idx2]; + } + } + retval[j++] = 'x'; + retval[j++] = '\0'; + return retval; +} + +/* + * For backwards compatibility, because we have always exported this symbol. + */ +#ifdef HAVE_B64_NTOP +int ldns_b64_ntop(const uint8_t* src, size_t srclength, + char *target, size_t targsize); +{ + return b64_ntop(src, srclength, target, targsize); +} +#endif + +/* + * For backwards compatibility, because we have always exported this symbol. + */ +#ifdef HAVE_B64_PTON +int ldns_b64_pton(const char* src, uint8_t *target, size_t targsize) +{ + return b64_pton(src, target, targsize); +} +#endif + + +static int +ldns_b32_ntop_base(const uint8_t* src, size_t src_sz, + char* dst, size_t dst_sz, + bool extended_hex, bool add_padding) +{ + size_t ret_sz; + const char* b32 = extended_hex ? "0123456789abcdefghijklmnopqrstuv" + : "abcdefghijklmnopqrstuvwxyz234567"; + + size_t c = 0; /* c is used to carry partial base32 character over + * byte boundaries for sizes with a remainder. + * (i.e. src_sz % 5 != 0) + */ + + ret_sz = add_padding ? ldns_b32_ntop_calculate_size(src_sz) + : ldns_b32_ntop_calculate_size_no_padding(src_sz); + + /* Do we have enough space? */ + if (dst_sz < ret_sz + 1) + return -1; + + /* We know the size; terminate the string */ + dst[ret_sz] = '\0'; + + /* First process all chunks of five */ + while (src_sz >= 5) { + /* 00000... ........ ........ ........ ........ */ + dst[0] = b32[(src[0] ) >> 3]; + + /* .....111 11...... ........ ........ ........ */ + dst[1] = b32[(src[0] & 0x07) << 2 | src[1] >> 6]; + + /* ........ ..22222. ........ ........ ........ */ + dst[2] = b32[(src[1] & 0x3e) >> 1]; + + /* ........ .......3 3333.... ........ ........ */ + dst[3] = b32[(src[1] & 0x01) << 4 | src[2] >> 4]; + + /* ........ ........ ....4444 4....... ........ */ + dst[4] = b32[(src[2] & 0x0f) << 1 | src[3] >> 7]; + + /* ........ ........ ........ .55555.. ........ */ + dst[5] = b32[(src[3] & 0x7c) >> 2]; + + /* ........ ........ ........ ......66 666..... */ + dst[6] = b32[(src[3] & 0x03) << 3 | src[4] >> 5]; + + /* ........ ........ ........ ........ ...77777 */ + dst[7] = b32[(src[4] & 0x1f) ]; + + src_sz -= 5; + src += 5; + dst += 8; + } + /* Process what remains */ + switch (src_sz) { + case 4: /* ........ ........ ........ ......66 666..... */ + dst[6] = b32[(src[3] & 0x03) << 3]; + + /* ........ ........ ........ .55555.. ........ */ + dst[5] = b32[(src[3] & 0x7c) >> 2]; + + /* ........ ........ ....4444 4....... ........ */ + c = src[3] >> 7 ; + case 3: dst[4] = b32[(src[2] & 0x0f) << 1 | c]; + + /* ........ .......3 3333.... ........ ........ */ + c = src[2] >> 4 ; + case 2: dst[3] = b32[(src[1] & 0x01) << 4 | c]; + + /* ........ ..22222. ........ ........ ........ */ + dst[2] = b32[(src[1] & 0x3e) >> 1]; + + /* .....111 11...... ........ ........ ........ */ + c = src[1] >> 6 ; + case 1: dst[1] = b32[(src[0] & 0x07) << 2 | c]; + + /* 00000... ........ ........ ........ ........ */ + dst[0] = b32[ src[0] >> 3]; + } + /* Add padding */ + if (add_padding) { + switch (src_sz) { + case 1: dst[2] = '='; + dst[3] = '='; + case 2: dst[4] = '='; + case 3: dst[5] = '='; + dst[6] = '='; + case 4: dst[7] = '='; + } + } + return (int)ret_sz; +} + +int +ldns_b32_ntop(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz) +{ + return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, false, true); +} + +int +ldns_b32_ntop_extended_hex(const uint8_t* src, size_t src_sz, + char* dst, size_t dst_sz) +{ + return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, true, true); +} + +#ifndef HAVE_B32_NTOP + +int +b32_ntop(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz) +{ + return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, false, true); +} + +int +b32_ntop_extended_hex(const uint8_t* src, size_t src_sz, + char* dst, size_t dst_sz) +{ + return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, true, true); +} + +#endif /* ! HAVE_B32_NTOP */ + +static int +ldns_b32_pton_base(const char* src, size_t src_sz, + uint8_t* dst, size_t dst_sz, + bool extended_hex, bool check_padding) +{ + size_t i = 0; + char ch = '\0'; + uint8_t buf[8]; + uint8_t* start = dst; + + while (src_sz) { + /* Collect 8 characters in buf (if possible) */ + for (i = 0; i < 8; i++) { + + do { + ch = *src++; + --src_sz; + + } while (isspace(ch) && src_sz > 0); + + if (ch == '=' || ch == '\0') + break; + + else if (extended_hex) + + if (ch >= '0' && ch <= '9') + buf[i] = (uint8_t)ch - '0'; + else if (ch >= 'a' && ch <= 'v') + buf[i] = (uint8_t)ch - 'a' + 10; + else if (ch >= 'A' && ch <= 'V') + buf[i] = (uint8_t)ch - 'A' + 10; + else + return -1; + + else if (ch >= 'a' && ch <= 'z') + buf[i] = (uint8_t)ch - 'a'; + else if (ch >= 'A' && ch <= 'Z') + buf[i] = (uint8_t)ch - 'A'; + else if (ch >= '2' && ch <= '7') + buf[i] = (uint8_t)ch - '2' + 26; + else + return -1; + } + /* Less that 8 characters. We're done. */ + if (i < 8) + break; + + /* Enough space available at the destination? */ + if (dst_sz < 5) + return -1; + + /* 00000... ........ ........ ........ ........ */ + /* .....111 11...... ........ ........ ........ */ + dst[0] = buf[0] << 3 | buf[1] >> 2; + + /* .....111 11...... ........ ........ ........ */ + /* ........ ..22222. ........ ........ ........ */ + /* ........ .......3 3333.... ........ ........ */ + dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4; + + /* ........ .......3 3333.... ........ ........ */ + /* ........ ........ ....4444 4....... ........ */ + dst[2] = buf[3] << 4 | buf[4] >> 1; + + /* ........ ........ ....4444 4....... ........ */ + /* ........ ........ ........ .55555.. ........ */ + /* ........ ........ ........ ......66 666..... */ + dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3; + + /* ........ ........ ........ ......66 666..... */ + /* ........ ........ ........ ........ ...77777 */ + dst[4] = buf[6] << 5 | buf[7]; + + dst += 5; + dst_sz -= 5; + } + /* Not ending on a eight byte boundary? */ + if (i > 0 && i < 8) { + + /* Enough space available at the destination? */ + if (dst_sz < (i + 1) / 2) + return -1; + + switch (i) { + case 7: /* ........ ........ ........ ......66 666..... */ + /* ........ ........ ........ .55555.. ........ */ + /* ........ ........ ....4444 4....... ........ */ + dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3; + + case 5: /* ........ ........ ....4444 4....... ........ */ + /* ........ .......3 3333.... ........ ........ */ + dst[2] = buf[3] << 4 | buf[4] >> 1; + + case 4: /* ........ .......3 3333.... ........ ........ */ + /* ........ ..22222. ........ ........ ........ */ + /* .....111 11...... ........ ........ ........ */ + dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4; + + case 2: /* .....111 11...... ........ ........ ........ */ + /* 00000... ........ ........ ........ ........ */ + dst[0] = buf[0] << 3 | buf[1] >> 2; + + break; + + default: + return -1; + } + dst += (i + 1) / 2; + + if (check_padding) { + /* Check remaining padding characters */ + if (ch != '=') + return -1; + + /* One down, 8 - i - 1 more to come... */ + for (i = 8 - i - 1; i > 0; i--) { + + do { + if (src_sz == 0) + return -1; + ch = *src++; + src_sz--; + + } while (isspace(ch)); + + if (ch != '=') + return -1; + } + } + } + return dst - start; +} + +int +ldns_b32_pton(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz) +{ + return ldns_b32_pton_base(src, src_sz, dst, dst_sz, false, true); +} + +int +ldns_b32_pton_extended_hex(const char* src, size_t src_sz, + uint8_t* dst, size_t dst_sz) +{ + return ldns_b32_pton_base(src, src_sz, dst, dst_sz, true, true); +} + +#ifndef HAVE_B32_PTON + +int +b32_pton(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz) +{ + return ldns_b32_pton_base(src, src_sz, dst, dst_sz, false, true); +} + +int +b32_pton_extended_hex(const char* src, size_t src_sz, + uint8_t* dst, size_t dst_sz) +{ + return ldns_b32_pton_base(src, src_sz, dst, dst_sz, true, true); +} + +#endif /* ! HAVE_B32_PTON */ + diff --git a/ldns/src/wire2host.c b/ldns/src/wire2host.c new file mode 100644 index 0000000..e492215 --- /dev/null +++ b/ldns/src/wire2host.c @@ -0,0 +1,491 @@ +/* + * wire2host.c + * + * conversion routines from the wire to the host + * format. + * This will usually just a re-ordering of the + * data (as we store it in network format) + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + + +#include + +#include +/*#include */ + +#include +#include + + + +/* + * Set of macro's to deal with the dns message header as specified + * in RFC1035 in portable way. + * + */ + +/* + * + * 1 1 1 1 1 1 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | ID | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * |QR| Opcode |AA|TC|RD|RA| Z|AD|CD| RCODE | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | QDCOUNT | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | ANCOUNT | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | NSCOUNT | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | ARCOUNT | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * + */ + + +/* allocates memory to *dname! */ +ldns_status +ldns_wire2dname(ldns_rdf **dname, const uint8_t *wire, size_t max, size_t *pos) +{ + uint8_t label_size; + uint16_t pointer_target; + uint8_t pointer_target_buf[2]; + size_t dname_pos = 0; + size_t uncompressed_length = 0; + size_t compression_pos = 0; + uint8_t tmp_dname[LDNS_MAX_DOMAINLEN]; + unsigned int pointer_count = 0; + + if (pos == NULL) { + return LDNS_STATUS_WIRE_RDATA_ERR; + } + if (*pos >= max) { + return LDNS_STATUS_PACKET_OVERFLOW; + } + label_size = wire[*pos]; + while (label_size > 0) { + /* compression */ + while (label_size >= 192) { + if (compression_pos == 0) { + compression_pos = *pos + 2; + } + + pointer_count++; + + /* remove first two bits */ + if (*pos + 2 > max) { + return LDNS_STATUS_PACKET_OVERFLOW; + } + pointer_target_buf[0] = wire[*pos] & 63; + pointer_target_buf[1] = wire[*pos + 1]; + pointer_target = ldns_read_uint16(pointer_target_buf); + + if (pointer_target == 0) { + return LDNS_STATUS_INVALID_POINTER; + } else if (pointer_target >= max) { + return LDNS_STATUS_INVALID_POINTER; + } else if (pointer_count > LDNS_MAX_POINTERS) { + return LDNS_STATUS_INVALID_POINTER; + } + *pos = pointer_target; + label_size = wire[*pos]; + } + if(label_size == 0) + break; /* break from pointer to 0 byte */ + if (label_size > LDNS_MAX_LABELLEN) { + return LDNS_STATUS_LABEL_OVERFLOW; + } + if (*pos + 1 + label_size > max) { + return LDNS_STATUS_LABEL_OVERFLOW; + } + + /* check space for labelcount itself */ + if (dname_pos + 1 > LDNS_MAX_DOMAINLEN) { + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + tmp_dname[dname_pos] = label_size; + if (label_size > 0) { + dname_pos++; + } + *pos = *pos + 1; + if (dname_pos + label_size > LDNS_MAX_DOMAINLEN) { + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + memcpy(&tmp_dname[dname_pos], &wire[*pos], label_size); + uncompressed_length += label_size + 1; + dname_pos += label_size; + *pos = *pos + label_size; + + if (*pos < max) { + label_size = wire[*pos]; + } + } + + if (compression_pos > 0) { + *pos = compression_pos; + } else { + *pos = *pos + 1; + } + + if (dname_pos >= LDNS_MAX_DOMAINLEN) { + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + + tmp_dname[dname_pos] = 0; + dname_pos++; + + *dname = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, + (uint16_t) dname_pos, tmp_dname); + if (!*dname) { + return LDNS_STATUS_MEM_ERR; + } + return LDNS_STATUS_OK; +} + +/* maybe make this a goto error so data can be freed or something/ */ +#define LDNS_STATUS_CHECK_RETURN(st) {if (st != LDNS_STATUS_OK) { return st; }} +#define LDNS_STATUS_CHECK_GOTO(st, label) {if (st != LDNS_STATUS_OK) { /*printf("STG %s:%d: status code %d\n", __FILE__, __LINE__, st);*/ goto label; }} + +ldns_status +ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos) +{ + size_t end; + size_t cur_rdf_length; + uint8_t rdf_index; + uint8_t *data; + uint16_t rd_length; + ldns_rdf *cur_rdf = NULL; + ldns_rdf_type cur_rdf_type; + const ldns_rr_descriptor *descriptor; + ldns_status status; + + assert(rr != NULL); + + descriptor = ldns_rr_descript(ldns_rr_get_type(rr)); + + if (*pos + 2 > max) { + return LDNS_STATUS_PACKET_OVERFLOW; + } + + rd_length = ldns_read_uint16(&wire[*pos]); + *pos = *pos + 2; + + if (*pos + rd_length > max) { + return LDNS_STATUS_PACKET_OVERFLOW; + } + + end = *pos + (size_t) rd_length; + + rdf_index = 0; + while (*pos < end && + rdf_index < ldns_rr_descriptor_maximum(descriptor)) { + + cur_rdf_length = 0; + + cur_rdf_type = ldns_rr_descriptor_field_type( + descriptor, rdf_index); + + /* handle special cases immediately, set length + for fixed length rdata and do them below */ + switch (cur_rdf_type) { + case LDNS_RDF_TYPE_DNAME: + status = ldns_wire2dname(&cur_rdf, wire, max, pos); + LDNS_STATUS_CHECK_RETURN(status); + break; + case LDNS_RDF_TYPE_CLASS: + case LDNS_RDF_TYPE_ALG: + case LDNS_RDF_TYPE_CERTIFICATE_USAGE: + case LDNS_RDF_TYPE_SELECTOR: + case LDNS_RDF_TYPE_MATCHING_TYPE: + case LDNS_RDF_TYPE_INT8: + cur_rdf_length = LDNS_RDF_SIZE_BYTE; + break; + case LDNS_RDF_TYPE_TYPE: + case LDNS_RDF_TYPE_INT16: + case LDNS_RDF_TYPE_CERT_ALG: + cur_rdf_length = LDNS_RDF_SIZE_WORD; + break; + case LDNS_RDF_TYPE_TIME: + case LDNS_RDF_TYPE_INT32: + case LDNS_RDF_TYPE_A: + case LDNS_RDF_TYPE_PERIOD: + cur_rdf_length = LDNS_RDF_SIZE_DOUBLEWORD; + break; + case LDNS_RDF_TYPE_TSIGTIME: + case LDNS_RDF_TYPE_EUI48: + cur_rdf_length = LDNS_RDF_SIZE_6BYTES; + break; + case LDNS_RDF_TYPE_ILNP64: + case LDNS_RDF_TYPE_EUI64: + cur_rdf_length = LDNS_RDF_SIZE_8BYTES; + break; + case LDNS_RDF_TYPE_AAAA: + cur_rdf_length = LDNS_RDF_SIZE_16BYTES; + break; + case LDNS_RDF_TYPE_STR: + case LDNS_RDF_TYPE_NSEC3_SALT: + case LDNS_RDF_TYPE_TAG: + /* len is stored in first byte + * it should be in the rdf too, so just + * copy len+1 from this position + */ + cur_rdf_length = ((size_t) wire[*pos]) + 1; + break; + + case LDNS_RDF_TYPE_INT16_DATA: + if (*pos + 2 > end) { + return LDNS_STATUS_PACKET_OVERFLOW; + } + cur_rdf_length = + (size_t) ldns_read_uint16(&wire[*pos]) + 2; + break; + case LDNS_RDF_TYPE_HIP: + if (*pos + 4 > end) { + return LDNS_STATUS_PACKET_OVERFLOW; + } + cur_rdf_length = + (size_t) wire[*pos] + + (size_t) ldns_read_uint16(&wire[*pos + 2]) + 4; + break; + case LDNS_RDF_TYPE_B32_EXT: + case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER: + /* length is stored in first byte */ + cur_rdf_length = ((size_t) wire[*pos]) + 1; + break; + case LDNS_RDF_TYPE_APL: + case LDNS_RDF_TYPE_B64: + case LDNS_RDF_TYPE_HEX: + case LDNS_RDF_TYPE_NSEC: + case LDNS_RDF_TYPE_UNKNOWN: + case LDNS_RDF_TYPE_SERVICE: + case LDNS_RDF_TYPE_LOC: + case LDNS_RDF_TYPE_WKS: + case LDNS_RDF_TYPE_NSAP: + case LDNS_RDF_TYPE_ATMA: + case LDNS_RDF_TYPE_IPSECKEY: + case LDNS_RDF_TYPE_LONG_STR: + case LDNS_RDF_TYPE_NONE: + /* + * Read to end of rr rdata + */ + cur_rdf_length = end - *pos; + break; + } + + /* fixed length rdata */ + if (cur_rdf_length > 0) { + if (cur_rdf_length + *pos > end) { + return LDNS_STATUS_PACKET_OVERFLOW; + } + data = LDNS_XMALLOC(uint8_t, rd_length); + if (!data) { + return LDNS_STATUS_MEM_ERR; + } + memcpy(data, &wire[*pos], cur_rdf_length); + + cur_rdf = ldns_rdf_new(cur_rdf_type, + cur_rdf_length, data); + *pos = *pos + cur_rdf_length; + } + + if (cur_rdf) { + ldns_rr_push_rdf(rr, cur_rdf); + cur_rdf = NULL; + } + + rdf_index++; + + } /* while (rdf_index < ldns_rr_descriptor_maximum(descriptor)) */ + + + return LDNS_STATUS_OK; +} + + +/* TODO: + can *pos be incremented at READ_INT? or maybe use something like + RR_CLASS(wire)? + uhhm Jelte?? +*/ +ldns_status +ldns_wire2rr(ldns_rr **rr_p, const uint8_t *wire, size_t max, + size_t *pos, ldns_pkt_section section) +{ + ldns_rdf *owner = NULL; + ldns_rr *rr = ldns_rr_new(); + ldns_status status; + + status = ldns_wire2dname(&owner, wire, max, pos); + LDNS_STATUS_CHECK_GOTO(status, status_error); + + ldns_rr_set_owner(rr, owner); + + if (*pos + 4 > max) { + status = LDNS_STATUS_PACKET_OVERFLOW; + goto status_error; + } + + ldns_rr_set_type(rr, ldns_read_uint16(&wire[*pos])); + *pos = *pos + 2; + + ldns_rr_set_class(rr, ldns_read_uint16(&wire[*pos])); + *pos = *pos + 2; + + if (section != LDNS_SECTION_QUESTION) { + if (*pos + 4 > max) { + status = LDNS_STATUS_PACKET_OVERFLOW; + goto status_error; + } + ldns_rr_set_ttl(rr, ldns_read_uint32(&wire[*pos])); + + *pos = *pos + 4; + status = ldns_wire2rdf(rr, wire, max, pos); + + LDNS_STATUS_CHECK_GOTO(status, status_error); + ldns_rr_set_question(rr, false); + } else { + ldns_rr_set_question(rr, true); + } + + *rr_p = rr; + return LDNS_STATUS_OK; + +status_error: + ldns_rr_free(rr); + return status; +} + +static ldns_status +ldns_wire2pkt_hdr(ldns_pkt *packet, const uint8_t *wire, size_t max, size_t *pos) +{ + if (*pos + LDNS_HEADER_SIZE > max) { + return LDNS_STATUS_WIRE_INCOMPLETE_HEADER; + } else { + ldns_pkt_set_id(packet, LDNS_ID_WIRE(wire)); + ldns_pkt_set_qr(packet, LDNS_QR_WIRE(wire)); + ldns_pkt_set_opcode(packet, LDNS_OPCODE_WIRE(wire)); + ldns_pkt_set_aa(packet, LDNS_AA_WIRE(wire)); + ldns_pkt_set_tc(packet, LDNS_TC_WIRE(wire)); + ldns_pkt_set_rd(packet, LDNS_RD_WIRE(wire)); + ldns_pkt_set_ra(packet, LDNS_RA_WIRE(wire)); + ldns_pkt_set_ad(packet, LDNS_AD_WIRE(wire)); + ldns_pkt_set_cd(packet, LDNS_CD_WIRE(wire)); + ldns_pkt_set_rcode(packet, LDNS_RCODE_WIRE(wire)); + + ldns_pkt_set_qdcount(packet, LDNS_QDCOUNT(wire)); + ldns_pkt_set_ancount(packet, LDNS_ANCOUNT(wire)); + ldns_pkt_set_nscount(packet, LDNS_NSCOUNT(wire)); + ldns_pkt_set_arcount(packet, LDNS_ARCOUNT(wire)); + + *pos += LDNS_HEADER_SIZE; + + return LDNS_STATUS_OK; + } +} + +ldns_status +ldns_buffer2pkt_wire(ldns_pkt **packet, ldns_buffer *buffer) +{ + /* lazy */ + return ldns_wire2pkt(packet, ldns_buffer_begin(buffer), + ldns_buffer_limit(buffer)); + +} + +ldns_status +ldns_wire2pkt(ldns_pkt **packet_p, const uint8_t *wire, size_t max) +{ + size_t pos = 0; + uint16_t i; + ldns_rr *rr; + ldns_pkt *packet = ldns_pkt_new(); + ldns_status status = LDNS_STATUS_OK; + uint8_t have_edns = 0; + + uint8_t data[4]; + + status = ldns_wire2pkt_hdr(packet, wire, max, &pos); + LDNS_STATUS_CHECK_GOTO(status, status_error); + + for (i = 0; i < ldns_pkt_qdcount(packet); i++) { + + status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_QUESTION); + if (status == LDNS_STATUS_PACKET_OVERFLOW) { + status = LDNS_STATUS_WIRE_INCOMPLETE_QUESTION; + } + LDNS_STATUS_CHECK_GOTO(status, status_error); + if (!ldns_rr_list_push_rr(ldns_pkt_question(packet), rr)) { + ldns_pkt_free(packet); + return LDNS_STATUS_INTERNAL_ERR; + } + } + for (i = 0; i < ldns_pkt_ancount(packet); i++) { + status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_ANSWER); + if (status == LDNS_STATUS_PACKET_OVERFLOW) { + status = LDNS_STATUS_WIRE_INCOMPLETE_ANSWER; + } + LDNS_STATUS_CHECK_GOTO(status, status_error); + if (!ldns_rr_list_push_rr(ldns_pkt_answer(packet), rr)) { + ldns_pkt_free(packet); + return LDNS_STATUS_INTERNAL_ERR; + } + } + for (i = 0; i < ldns_pkt_nscount(packet); i++) { + status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_AUTHORITY); + if (status == LDNS_STATUS_PACKET_OVERFLOW) { + status = LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY; + } + LDNS_STATUS_CHECK_GOTO(status, status_error); + if (!ldns_rr_list_push_rr(ldns_pkt_authority(packet), rr)) { + ldns_pkt_free(packet); + return LDNS_STATUS_INTERNAL_ERR; + } + } + for (i = 0; i < ldns_pkt_arcount(packet); i++) { + status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_ADDITIONAL); + if (status == LDNS_STATUS_PACKET_OVERFLOW) { + status = LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL; + } + LDNS_STATUS_CHECK_GOTO(status, status_error); + + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_OPT) { + ldns_pkt_set_edns_udp_size(packet, ldns_rr_get_class(rr)); + ldns_write_uint32(data, ldns_rr_ttl(rr)); + ldns_pkt_set_edns_extended_rcode(packet, data[0]); + ldns_pkt_set_edns_version(packet, data[1]); + ldns_pkt_set_edns_z(packet, ldns_read_uint16(&data[2])); + /* edns might not have rdfs */ + if (ldns_rr_rdf(rr, 0)) { + ldns_pkt_set_edns_data(packet, ldns_rdf_clone(ldns_rr_rdf(rr, 0))); + } + ldns_rr_free(rr); + have_edns += 1; + } else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_TSIG) { + ldns_pkt_set_tsig(packet, rr); + ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet) - 1); + } else if (!ldns_rr_list_push_rr(ldns_pkt_additional(packet), rr)) { + ldns_pkt_free(packet); + return LDNS_STATUS_INTERNAL_ERR; + } + } + ldns_pkt_set_size(packet, max); + if(have_edns) + ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet) + - have_edns); + packet->_edns_present = have_edns; + + *packet_p = packet; + return status; + +status_error: + ldns_pkt_free(packet); + return status; +} diff --git a/ldns/src/zone.c b/ldns/src/zone.c new file mode 100644 index 0000000..d97a81e --- /dev/null +++ b/ldns/src/zone.c @@ -0,0 +1,318 @@ +/* zone.c + * + * Functions for ldns_zone structure + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * See the file LICENSE for the license + */ +#include + +#include + +#include +#include + +ldns_rr * +ldns_zone_soa(const ldns_zone *z) +{ + return z->_soa; +} + +size_t +ldns_zone_rr_count(const ldns_zone *z) +{ + return ldns_rr_list_rr_count(z->_rrs); +} + +void +ldns_zone_set_soa(ldns_zone *z, ldns_rr *soa) +{ + z->_soa = soa; +} + +ldns_rr_list * +ldns_zone_rrs(const ldns_zone *z) +{ + return z->_rrs; +} + +void +ldns_zone_set_rrs(ldns_zone *z, ldns_rr_list *rrlist) +{ + z->_rrs = rrlist; +} + +bool +ldns_zone_push_rr_list(ldns_zone *z, ldns_rr_list *list) +{ + return ldns_rr_list_cat(ldns_zone_rrs(z), list); + +} + +bool +ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr) +{ + return ldns_rr_list_push_rr( ldns_zone_rrs(z), rr); +} + + +/* + * Get the list of glue records in a zone + * XXX: there should be a way for this to return error, other than NULL, + * since NULL is a valid return + */ +ldns_rr_list * +ldns_zone_glue_rr_list(const ldns_zone *z) +{ + /* when do we find glue? It means we find an IP address + * (AAAA/A) for a nameserver listed in the zone + * + * Alg used here: + * first find all the zonecuts (NS records) + * find all the AAAA or A records (can be done it the + * above loop). + * + * Check if the aaaa/a list are subdomains under the + * NS domains. + * If yes -> glue, if no -> not glue + */ + + ldns_rr_list *zone_cuts; + ldns_rr_list *addr; + ldns_rr_list *glue; + ldns_rr *r, *ns, *a; + ldns_rdf *dname_a, *ns_owner; + size_t i,j; + + zone_cuts = NULL; + addr = NULL; + glue = NULL; + + /* we cannot determine glue in a 'zone' without a SOA */ + if (!ldns_zone_soa(z)) { + return NULL; + } + + zone_cuts = ldns_rr_list_new(); + if (!zone_cuts) goto memory_error; + addr = ldns_rr_list_new(); + if (!addr) goto memory_error; + glue = ldns_rr_list_new(); + if (!glue) goto memory_error; + + for(i = 0; i < ldns_zone_rr_count(z); i++) { + r = ldns_rr_list_rr(ldns_zone_rrs(z), i); + if (ldns_rr_get_type(r) == LDNS_RR_TYPE_A || + ldns_rr_get_type(r) == LDNS_RR_TYPE_AAAA) { + /* possibly glue */ + if (!ldns_rr_list_push_rr(addr, r)) goto memory_error; + continue; + } + if (ldns_rr_get_type(r) == LDNS_RR_TYPE_NS) { + /* multiple zones will end up here - + * for now; not a problem + */ + /* don't add NS records for the current zone itself */ + if (ldns_rdf_compare(ldns_rr_owner(r), + ldns_rr_owner(ldns_zone_soa(z))) != 0) { + if (!ldns_rr_list_push_rr(zone_cuts, r)) goto memory_error; + } + continue; + } + } + + /* will sorting make it quicker ?? */ + for(i = 0; i < ldns_rr_list_rr_count(zone_cuts); i++) { + ns = ldns_rr_list_rr(zone_cuts, i); + ns_owner = ldns_rr_owner(ns); + + for(j = 0; j < ldns_rr_list_rr_count(addr); j++) { + a = ldns_rr_list_rr(addr, j); + dname_a = ldns_rr_owner(a); + + if (ldns_dname_is_subdomain(dname_a, ns_owner) || + ldns_dname_compare(dname_a, ns_owner) == 0) { + /* GLUE! */ + if (!ldns_rr_list_push_rr(glue, a)) goto memory_error; + } + } + } + + ldns_rr_list_free(addr); + ldns_rr_list_free(zone_cuts); + + if (ldns_rr_list_rr_count(glue) == 0) { + ldns_rr_list_free(glue); + return NULL; + } else { + return glue; + } + +memory_error: + if (zone_cuts) { + LDNS_FREE(zone_cuts); + } + if (addr) { + ldns_rr_list_free(addr); + } + if (glue) { + ldns_rr_list_free(glue); + } + return NULL; +} + +ldns_zone * +ldns_zone_new(void) +{ + ldns_zone *z; + + z = LDNS_MALLOC(ldns_zone); + if (!z) { + return NULL; + } + + z->_rrs = ldns_rr_list_new(); + if (!z->_rrs) { + LDNS_FREE(z); + return NULL; + } + ldns_zone_set_soa(z, NULL); + return z; +} + +/* we regocnize: + * $TTL, $ORIGIN + */ +ldns_status +ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c) +{ + return ldns_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL); +} + +/* XXX: class is never used */ +ldns_status +ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, + ldns_rr_class ATTR_UNUSED(c), int *line_nr) +{ + ldns_zone *newzone; + ldns_rr *rr; + uint32_t my_ttl; + ldns_rdf *my_origin; + ldns_rdf *my_prev; + bool soa_seen = false; /* 2 soa are an error */ + ldns_status s; + ldns_status ret; + + /* most cases of error are memory problems */ + ret = LDNS_STATUS_MEM_ERR; + + newzone = NULL; + my_origin = NULL; + my_prev = NULL; + + my_ttl = ttl; + + if (origin) { + my_origin = ldns_rdf_clone(origin); + if (!my_origin) goto error; + /* also set the prev */ + my_prev = ldns_rdf_clone(origin); + if (!my_prev) goto error; + } + + newzone = ldns_zone_new(); + if (!newzone) goto error; + + while(!feof(fp)) { + s = ldns_rr_new_frm_fp_l(&rr, fp, &my_ttl, &my_origin, &my_prev, line_nr); + switch (s) { + case LDNS_STATUS_OK: + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) { + if (soa_seen) { + /* second SOA + * just skip, maybe we want to say + * something??? */ + ldns_rr_free(rr); + continue; + } + soa_seen = true; + ldns_zone_set_soa(newzone, rr); + /* set origin to soa if not specified */ + if (!my_origin) { + my_origin = ldns_rdf_clone(ldns_rr_owner(rr)); + } + continue; + } + + /* a normal RR - as sofar the DNS is normal */ + if (!ldns_zone_push_rr(newzone, rr)) goto error; + + case LDNS_STATUS_SYNTAX_EMPTY: + /* empty line was seen */ + case LDNS_STATUS_SYNTAX_TTL: + /* the function set the ttl */ + break; + case LDNS_STATUS_SYNTAX_ORIGIN: + /* the function set the origin */ + break; + case LDNS_STATUS_SYNTAX_INCLUDE: + ret = LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL; + break; + default: + ret = s; + goto error; + } + } + + if (my_origin) { + ldns_rdf_deep_free(my_origin); + } + if (my_prev) { + ldns_rdf_deep_free(my_prev); + } + if (z) { + *z = newzone; + } else { + ldns_zone_free(newzone); + } + + return LDNS_STATUS_OK; + +error: + if (my_origin) { + ldns_rdf_deep_free(my_origin); + } + if (my_prev) { + ldns_rdf_deep_free(my_prev); + } + if (newzone) { + ldns_zone_free(newzone); + } + return ret; +} + +void +ldns_zone_sort(ldns_zone *zone) +{ + ldns_rr_list *zrr; + assert(zone != NULL); + + zrr = ldns_zone_rrs(zone); + ldns_rr_list_sort(zrr); +} + +void +ldns_zone_free(ldns_zone *zone) +{ + ldns_rr_list_free(zone->_rrs); + LDNS_FREE(zone); +} + +void +ldns_zone_deep_free(ldns_zone *zone) +{ + ldns_rr_free(zone->_soa); + ldns_rr_list_deep_free(zone->_rrs); + LDNS_FREE(zone); +} diff --git a/src/ldns/buffer.c b/src/ldns/buffer.c deleted file mode 100644 index fc6c17e..0000000 --- a/src/ldns/buffer.c +++ /dev/null @@ -1,177 +0,0 @@ -/* - * buffer.c -- generic memory buffer . - * - * Copyright (c) 2001-2008, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. - * - */ - -#include - -#include -#include - -ldns_buffer * -ldns_buffer_new(size_t capacity) -{ - ldns_buffer *buffer = LDNS_MALLOC(ldns_buffer); - - if (!buffer) { - return NULL; - } - - buffer->_data = (uint8_t *) LDNS_XMALLOC(uint8_t, capacity); - if (!buffer->_data) { - LDNS_FREE(buffer); - return NULL; - } - - buffer->_position = 0; - buffer->_limit = buffer->_capacity = capacity; - buffer->_fixed = 0; - buffer->_status = LDNS_STATUS_OK; - - ldns_buffer_invariant(buffer); - - return buffer; -} - -void -ldns_buffer_new_frm_data(ldns_buffer *buffer, void *data, size_t size) -{ - assert(data != NULL); - - buffer->_position = 0; - buffer->_limit = buffer->_capacity = size; - buffer->_fixed = 0; - buffer->_data = LDNS_XMALLOC(uint8_t, size); - if(!buffer->_data) { - buffer->_status = LDNS_STATUS_MEM_ERR; - return; - } - memcpy(buffer->_data, data, size); - buffer->_status = LDNS_STATUS_OK; - - ldns_buffer_invariant(buffer); -} - -bool -ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity) -{ - void *data; - - ldns_buffer_invariant(buffer); - assert(buffer->_position <= capacity); - - data = (uint8_t *) LDNS_XREALLOC(buffer->_data, uint8_t, capacity); - if (!data) { - buffer->_status = LDNS_STATUS_MEM_ERR; - return false; - } else { - buffer->_data = data; - buffer->_limit = buffer->_capacity = capacity; - return true; - } -} - -bool -ldns_buffer_reserve(ldns_buffer *buffer, size_t amount) -{ - ldns_buffer_invariant(buffer); - assert(!buffer->_fixed); - if (buffer->_capacity < buffer->_position + amount) { - size_t new_capacity = buffer->_capacity * 3 / 2; - - if (new_capacity < buffer->_position + amount) { - new_capacity = buffer->_position + amount; - } - if (!ldns_buffer_set_capacity(buffer, new_capacity)) { - buffer->_status = LDNS_STATUS_MEM_ERR; - return false; - } - } - buffer->_limit = buffer->_capacity; - return true; -} - -int -ldns_buffer_printf(ldns_buffer *buffer, const char *format, ...) -{ - va_list args; - int written = 0; - size_t remaining; - - if (ldns_buffer_status_ok(buffer)) { - ldns_buffer_invariant(buffer); - assert(buffer->_limit == buffer->_capacity); - - remaining = ldns_buffer_remaining(buffer); - va_start(args, format); - written = vsnprintf((char *) ldns_buffer_current(buffer), remaining, - format, args); - va_end(args); - if (written == -1) { - buffer->_status = LDNS_STATUS_INTERNAL_ERR; - return -1; - } else if ((size_t) written >= remaining) { - if (!ldns_buffer_reserve(buffer, (size_t) written + 1)) { - buffer->_status = LDNS_STATUS_MEM_ERR; - return -1; - } - va_start(args, format); - written = vsnprintf((char *) ldns_buffer_current(buffer), - ldns_buffer_remaining(buffer), format, args); - va_end(args); - if (written == -1) { - buffer->_status = LDNS_STATUS_INTERNAL_ERR; - return -1; - } - } - buffer->_position += written; - } - return written; -} - -void -ldns_buffer_free(ldns_buffer *buffer) -{ - if (!buffer) { - return; - } - - if (!buffer->_fixed) - LDNS_FREE(buffer->_data); - - LDNS_FREE(buffer); -} - -void * -ldns_buffer_export(ldns_buffer *buffer) -{ - buffer->_fixed = 1; - return buffer->_data; -} - -int -ldns_bgetc(ldns_buffer *buffer) -{ - if (!ldns_buffer_available_at(buffer, buffer->_position, sizeof(uint8_t))) { - ldns_buffer_set_position(buffer, ldns_buffer_limit(buffer)); - /* ldns_buffer_rewind(buffer);*/ - return EOF; - } - return (int)ldns_buffer_read_u8(buffer); -} - -void -ldns_buffer_copy(ldns_buffer* result, ldns_buffer* from) -{ - size_t tocopy = ldns_buffer_limit(from); - - if(tocopy > ldns_buffer_capacity(result)) - tocopy = ldns_buffer_capacity(result); - ldns_buffer_clear(result); - ldns_buffer_write(result, ldns_buffer_begin(from), tocopy); - ldns_buffer_flip(result); -} diff --git a/src/ldns/compat/b64_ntop.c b/src/ldns/compat/b64_ntop.c deleted file mode 100644 index 6895aca..0000000 --- a/src/ldns/compat/b64_ntop.c +++ /dev/null @@ -1,185 +0,0 @@ -/* - * Copyright (c) 1996, 1998 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1995 by International Business Machines, Inc. - * - * International Business Machines, Inc. (hereinafter called IBM) grants - * permission under its copyrights to use, copy, modify, and distribute this - * Software with or without fee, provided that the above copyright notice and - * all paragraphs of this notice appear in all copies, and that the name of IBM - * not be used in connection with the marketing of any product incorporating - * the Software or modifications thereof, without specific, written prior - * permission. - * - * To the extent it has a right to do so, IBM grants an immunity from suit - * under its patents, if any, for the use, sale or manufacture of products to - * the extent that such products are used for performing Domain Name System - * dynamic updates in TCP/IP networks by means of the Software. No immunity is - * granted for any product per se or for any other function of any product. - * - * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, - * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN - * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ -#include -#include -#include -#include - -static const char Base64[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -static const char Pad64 = '='; - -/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) - The following encoding technique is taken from RFC 1521 by Borenstein - and Freed. It is reproduced here in a slightly edited form for - convenience. - - A 65-character subset of US-ASCII is used, enabling 6 bits to be - represented per printable character. (The extra 65th character, "=", - is used to signify a special processing function.) - - The encoding process represents 24-bit groups of input bits as output - strings of 4 encoded characters. Proceeding from left to right, a - 24-bit input group is formed by concatenating 3 8-bit input groups. - These 24 bits are then treated as 4 concatenated 6-bit groups, each - of which is translated into a single digit in the base64 alphabet. - - Each 6-bit group is used as an index into an array of 64 printable - characters. The character referenced by the index is placed in the - output string. - - Table 1: The Base64 Alphabet - - Value Encoding Value Encoding Value Encoding Value Encoding - 0 A 17 R 34 i 51 z - 1 B 18 S 35 j 52 0 - 2 C 19 T 36 k 53 1 - 3 D 20 U 37 l 54 2 - 4 E 21 V 38 m 55 3 - 5 F 22 W 39 n 56 4 - 6 G 23 X 40 o 57 5 - 7 H 24 Y 41 p 58 6 - 8 I 25 Z 42 q 59 7 - 9 J 26 a 43 r 60 8 - 10 K 27 b 44 s 61 9 - 11 L 28 c 45 t 62 + - 12 M 29 d 46 u 63 / - 13 N 30 e 47 v - 14 O 31 f 48 w (pad) = - 15 P 32 g 49 x - 16 Q 33 h 50 y - - Special processing is performed if fewer than 24 bits are available - at the end of the data being encoded. A full encoding quantum is - always completed at the end of a quantity. When fewer than 24 input - bits are available in an input group, zero bits are added (on the - right) to form an integral number of 6-bit groups. Padding at the - end of the data is performed using the '=' character. - - Since all base64 input is an integral number of octets, only the - ------------------------------------------------- - following cases can arise: - - (1) the final quantum of encoding input is an integral - multiple of 24 bits; here, the final unit of encoded - output will be an integral multiple of 4 characters - with no "=" padding, - (2) the final quantum of encoding input is exactly 8 bits; - here, the final unit of encoded output will be two - characters followed by two "=" padding characters, or - (3) the final quantum of encoding input is exactly 16 bits; - here, the final unit of encoded output will be three - characters followed by one "=" padding character. - */ - -int -ldns_b64_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize) { - size_t datalength = 0; - uint8_t input[3]; - uint8_t output[4]; - size_t i; - - if (srclength == 0) { - if (targsize > 0) { - target[0] = '\0'; - return 0; - } else { - return -1; - } - } - - while (2 < srclength) { - input[0] = *src++; - input[1] = *src++; - input[2] = *src++; - srclength -= 3; - - output[0] = input[0] >> 2; - output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); - output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); - output[3] = input[2] & 0x3f; - assert(output[0] < 64); - assert(output[1] < 64); - assert(output[2] < 64); - assert(output[3] < 64); - - if (datalength + 4 > targsize) { - return (-1); - } - target[datalength++] = Base64[output[0]]; - target[datalength++] = Base64[output[1]]; - target[datalength++] = Base64[output[2]]; - target[datalength++] = Base64[output[3]]; - } - - /* Now we worry about padding. */ - if (0 != srclength) { - /* Get what's left. */ - input[0] = input[1] = input[2] = (uint8_t) '\0'; - for (i = 0; i < srclength; i++) - input[i] = *src++; - - output[0] = input[0] >> 2; - output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); - output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); - assert(output[0] < 64); - assert(output[1] < 64); - assert(output[2] < 64); - - if (datalength + 4 > targsize) { - return (-2); - } - target[datalength++] = Base64[output[0]]; - target[datalength++] = Base64[output[1]]; - if (srclength == 1) { - target[datalength++] = Pad64; - } else { - target[datalength++] = Base64[output[2]]; - } - target[datalength++] = Pad64; - } - if (datalength >= targsize) { - return (-3); - } - target[datalength] = '\0'; /* Returned value doesn't count \0. */ - return (int) (datalength); -} diff --git a/src/ldns/compat/b64_pton.c b/src/ldns/compat/b64_pton.c deleted file mode 100644 index 18d8c8e..0000000 --- a/src/ldns/compat/b64_pton.c +++ /dev/null @@ -1,244 +0,0 @@ -/* - * Copyright (c) 1996, 1998 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1995 by International Business Machines, Inc. - * - * International Business Machines, Inc. (hereinafter called IBM) grants - * permission under its copyrights to use, copy, modify, and distribute this - * Software with or without fee, provided that the above copyright notice and - * all paragraphs of this notice appear in all copies, and that the name of IBM - * not be used in connection with the marketing of any product incorporating - * the Software or modifications thereof, without specific, written prior - * permission. - * - * To the extent it has a right to do so, IBM grants an immunity from suit - * under its patents, if any, for the use, sale or manufacture of products to - * the extent that such products are used for performing Domain Name System - * dynamic updates in TCP/IP networks by means of the Software. No immunity is - * granted for any product per se or for any other function of any product. - * - * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, - * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN - * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ -#include -#include -#include -#include - -static const char Base64[] = - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; -static const char Pad64 = '='; - -/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) - The following encoding technique is taken from RFC 1521 by Borenstein - and Freed. It is reproduced here in a slightly edited form for - convenience. - - A 65-character subset of US-ASCII is used, enabling 6 bits to be - represented per printable character. (The extra 65th character, "=", - is used to signify a special processing function.) - - The encoding process represents 24-bit groups of input bits as output - strings of 4 encoded characters. Proceeding from left to right, a - 24-bit input group is formed by concatenating 3 8-bit input groups. - These 24 bits are then treated as 4 concatenated 6-bit groups, each - of which is translated into a single digit in the base64 alphabet. - - Each 6-bit group is used as an index into an array of 64 printable - characters. The character referenced by the index is placed in the - output string. - - Table 1: The Base64 Alphabet - - Value Encoding Value Encoding Value Encoding Value Encoding - 0 A 17 R 34 i 51 z - 1 B 18 S 35 j 52 0 - 2 C 19 T 36 k 53 1 - 3 D 20 U 37 l 54 2 - 4 E 21 V 38 m 55 3 - 5 F 22 W 39 n 56 4 - 6 G 23 X 40 o 57 5 - 7 H 24 Y 41 p 58 6 - 8 I 25 Z 42 q 59 7 - 9 J 26 a 43 r 60 8 - 10 K 27 b 44 s 61 9 - 11 L 28 c 45 t 62 + - 12 M 29 d 46 u 63 / - 13 N 30 e 47 v - 14 O 31 f 48 w (pad) = - 15 P 32 g 49 x - 16 Q 33 h 50 y - - Special processing is performed if fewer than 24 bits are available - at the end of the data being encoded. A full encoding quantum is - always completed at the end of a quantity. When fewer than 24 input - bits are available in an input group, zero bits are added (on the - right) to form an integral number of 6-bit groups. Padding at the - end of the data is performed using the '=' character. - - Since all base64 input is an integral number of octets, only the - ------------------------------------------------- - following cases can arise: - - (1) the final quantum of encoding input is an integral - multiple of 24 bits; here, the final unit of encoded - output will be an integral multiple of 4 characters - with no "=" padding, - (2) the final quantum of encoding input is exactly 8 bits; - here, the final unit of encoded output will be two - characters followed by two "=" padding characters, or - (3) the final quantum of encoding input is exactly 16 bits; - here, the final unit of encoded output will be three - characters followed by one "=" padding character. - */ - -/* skips all whitespace anywhere. - converts characters, four at a time, starting at (or after) - src from base - 64 numbers into three 8 bit bytes in the target area. - it returns the number of data bytes stored at the target, or -1 on error. - */ - -int -ldns_b64_pton(char const *origsrc, uint8_t *target, size_t targsize) -{ - unsigned char const* src = (unsigned char*)origsrc; - int tarindex, state, ch; - char *pos; - - state = 0; - tarindex = 0; - - if (strlen(origsrc) == 0) { - return 0; - } - - while ((ch = *src++) != '\0') { - if (isspace((unsigned char)ch)) /* Skip whitespace anywhere. */ - continue; - - if (ch == Pad64) - break; - - pos = strchr(Base64, ch); - if (pos == 0) { - /* A non-base64 character. */ - return (-1); - } - - switch (state) { - case 0: - if (target) { - if ((size_t)tarindex >= targsize) - return (-1); - target[tarindex] = (pos - Base64) << 2; - } - state = 1; - break; - case 1: - if (target) { - if ((size_t)tarindex + 1 >= targsize) - return (-1); - target[tarindex] |= (pos - Base64) >> 4; - target[tarindex+1] = ((pos - Base64) & 0x0f) - << 4 ; - } - tarindex++; - state = 2; - break; - case 2: - if (target) { - if ((size_t)tarindex + 1 >= targsize) - return (-1); - target[tarindex] |= (pos - Base64) >> 2; - target[tarindex+1] = ((pos - Base64) & 0x03) - << 6; - } - tarindex++; - state = 3; - break; - case 3: - if (target) { - if ((size_t)tarindex >= targsize) - return (-1); - target[tarindex] |= (pos - Base64); - } - tarindex++; - state = 0; - break; - default: - abort(); - } - } - - /* - * We are done decoding Base-64 chars. Let's see if we ended - * on a byte boundary, and/or with erroneous trailing characters. - */ - - if (ch == Pad64) { /* We got a pad char. */ - ch = *src++; /* Skip it, get next. */ - switch (state) { - case 0: /* Invalid = in first position */ - case 1: /* Invalid = in second position */ - return (-1); - - case 2: /* Valid, means one byte of info */ - /* Skip any number of spaces. */ - for ((void)NULL; ch != '\0'; ch = *src++) - if (!isspace((unsigned char)ch)) - break; - /* Make sure there is another trailing = sign. */ - if (ch != Pad64) - return (-1); - ch = *src++; /* Skip the = */ - /* Fall through to "single trailing =" case. */ - /* FALLTHROUGH */ - - case 3: /* Valid, means two bytes of info */ - /* - * We know this char is an =. Is there anything but - * whitespace after it? - */ - for ((void)NULL; ch != '\0'; ch = *src++) - if (!isspace((unsigned char)ch)) - return (-1); - - /* - * Now make sure for cases 2 and 3 that the "extra" - * bits that slopped past the last full byte were - * zeros. If we don't check them, they become a - * subliminal channel. - */ - if (target && target[tarindex] != 0) - return (-1); - } - } else { - /* - * We ended by seeing the end of the string. Make sure we - * have no partial bytes lying around. - */ - if (state != 0) - return (-1); - } - - return (tarindex); -} diff --git a/src/ldns/compat/strlcpy.c b/src/ldns/compat/strlcpy.c deleted file mode 100644 index d6c34c1..0000000 --- a/src/ldns/compat/strlcpy.c +++ /dev/null @@ -1,57 +0,0 @@ -/* from openssh 4.3p2 compat/strlcpy.c */ -/* - * Copyright (c) 1998 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */ - -#include -#ifndef HAVE_STRLCPY - -#include -#include - -/* - * Copy src to string dst of size siz. At most siz-1 characters - * will be copied. Always NUL terminates (unless siz == 0). - * Returns strlen(src); if retval >= siz, truncation occurred. - */ -size_t -strlcpy(char *dst, const char *src, size_t siz) -{ - char *d = dst; - const char *s = src; - size_t n = siz; - - /* Copy as many bytes as will fit */ - if (n != 0 && --n != 0) { - do { - if ((*d++ = *s++) == 0) - break; - } while (--n != 0); - } - - /* Not enough room in dst, add NUL and traverse rest of src */ - if (n == 0) { - if (siz != 0) - *d = '\0'; /* NUL-terminate dst */ - while (*s++) - ; - } - - return(s - src - 1); /* count does not include NUL */ -} - -#endif /* !HAVE_STRLCPY */ diff --git a/src/ldns/dane.c b/src/ldns/dane.c deleted file mode 100644 index 675dfa8..0000000 --- a/src/ldns/dane.c +++ /dev/null @@ -1,748 +0,0 @@ -/* - * Verify or create TLS authentication with DANE (RFC6698) - * - * (c) NLnetLabs 2012 - * - * See the file LICENSE for the license. - * - */ - -#include -#ifdef USE_DANE - -#include -#include - -#include -#include -#include -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETDB_H -#include -#endif - -#ifdef HAVE_SSL -#include -#include -#include -#endif - -ldns_status -ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name, - uint16_t port, ldns_dane_transport transport) -{ - char buf[LDNS_MAX_DOMAINLEN]; - size_t s; - - assert(tlsa_owner != NULL); - assert(name != NULL); - assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME); - - s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port); - buf[0] = (char)(s - 1); - - switch(transport) { - case LDNS_DANE_TRANSPORT_TCP: - s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp"); - break; - - case LDNS_DANE_TRANSPORT_UDP: - s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp"); - break; - - case LDNS_DANE_TRANSPORT_SCTP: - s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp"); - break; - - default: - return LDNS_STATUS_DANE_UNKNOWN_TRANSPORT; - } - if (s + ldns_rdf_size(name) > LDNS_MAX_DOMAINLEN) { - return LDNS_STATUS_DOMAINNAME_OVERFLOW; - } - memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name)); - *tlsa_owner = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, - s + ldns_rdf_size(name), buf); - if (*tlsa_owner == NULL) { - return LDNS_STATUS_MEM_ERR; - } - return LDNS_STATUS_OK; -} - - -#ifdef HAVE_SSL -ldns_status -ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert, - ldns_tlsa_selector selector, - ldns_tlsa_matching_type matching_type) -{ - unsigned char* buf = NULL; - size_t len; - - X509_PUBKEY* xpubkey; - EVP_PKEY* epubkey; - - unsigned char* digest; - - assert(rdf != NULL); - assert(cert != NULL); - - switch(selector) { - case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE: - - len = (size_t)i2d_X509(cert, &buf); - break; - - case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO: - -#ifndef S_SPLINT_S - xpubkey = X509_get_X509_PUBKEY(cert); -#endif - if (! xpubkey) { - return LDNS_STATUS_SSL_ERR; - } - epubkey = X509_PUBKEY_get(xpubkey); - if (! epubkey) { - return LDNS_STATUS_SSL_ERR; - } - len = (size_t)i2d_PUBKEY(epubkey, &buf); - break; - - default: - return LDNS_STATUS_DANE_UNKNOWN_SELECTOR; - } - - switch(matching_type) { - case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED: - - *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf); - - return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; - break; - - case LDNS_TLSA_MATCHING_TYPE_SHA256: - - digest = LDNS_XMALLOC(unsigned char, LDNS_SHA256_DIGEST_LENGTH); - if (digest == NULL) { - LDNS_FREE(buf); - return LDNS_STATUS_MEM_ERR; - } - (void) ldns_sha256(buf, (unsigned int)len, digest); - *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA256_DIGEST_LENGTH, - digest); - LDNS_FREE(buf); - - return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; - break; - - case LDNS_TLSA_MATCHING_TYPE_SHA512: - - digest = LDNS_XMALLOC(unsigned char, LDNS_SHA512_DIGEST_LENGTH); - if (digest == NULL) { - LDNS_FREE(buf); - return LDNS_STATUS_MEM_ERR; - } - (void) ldns_sha512(buf, (unsigned int)len, digest); - *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA512_DIGEST_LENGTH, - digest); - LDNS_FREE(buf); - - return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; - break; - - default: - LDNS_FREE(buf); - return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE; - } -} - - -/* Ordinary PKIX validation of cert (with extra_certs to help) - * against the CA's in store - */ -static ldns_status -ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs, - X509_STORE* store) -{ - X509_STORE_CTX* vrfy_ctx; - ldns_status s; - - if (! store) { - return LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; - } - vrfy_ctx = X509_STORE_CTX_new(); - if (! vrfy_ctx) { - - return LDNS_STATUS_SSL_ERR; - - } else if (X509_STORE_CTX_init(vrfy_ctx, store, - cert, extra_certs) != 1) { - s = LDNS_STATUS_SSL_ERR; - - } else if (X509_verify_cert(vrfy_ctx) == 1) { - - s = LDNS_STATUS_OK; - - } else { - s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; - } - X509_STORE_CTX_free(vrfy_ctx); - return s; -} - - -/* Orinary PKIX validation of cert (with extra_certs to help) - * against the CA's in store, but also return the validation chain. - */ -static ldns_status -ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert, - STACK_OF(X509)* extra_certs, X509_STORE* store) -{ - ldns_status s; - X509_STORE* empty_store = NULL; - X509_STORE_CTX* vrfy_ctx; - - assert(chain != NULL); - - if (! store) { - store = empty_store = X509_STORE_new(); - } - s = LDNS_STATUS_SSL_ERR; - vrfy_ctx = X509_STORE_CTX_new(); - if (! vrfy_ctx) { - - goto exit_free_empty_store; - - } else if (X509_STORE_CTX_init(vrfy_ctx, store, - cert, extra_certs) != 1) { - goto exit_free_vrfy_ctx; - - } else if (X509_verify_cert(vrfy_ctx) == 1) { - - s = LDNS_STATUS_OK; - - } else { - s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; - } - *chain = X509_STORE_CTX_get1_chain(vrfy_ctx); - if (! *chain) { - s = LDNS_STATUS_SSL_ERR; - } - -exit_free_vrfy_ctx: - X509_STORE_CTX_free(vrfy_ctx); - -exit_free_empty_store: - if (empty_store) { - X509_STORE_free(empty_store); - } - return s; -} - - -/* Return the validation chain that can be build out of cert, with extra_certs. - */ -static ldns_status -ldns_dane_pkix_get_chain(STACK_OF(X509)** chain, - X509* cert, STACK_OF(X509)* extra_certs) -{ - ldns_status s; - X509_STORE* empty_store = NULL; - X509_STORE_CTX* vrfy_ctx; - - assert(chain != NULL); - - empty_store = X509_STORE_new(); - s = LDNS_STATUS_SSL_ERR; - vrfy_ctx = X509_STORE_CTX_new(); - if (! vrfy_ctx) { - - goto exit_free_empty_store; - - } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store, - cert, extra_certs) != 1) { - goto exit_free_vrfy_ctx; - } - (void) X509_verify_cert(vrfy_ctx); - *chain = X509_STORE_CTX_get1_chain(vrfy_ctx); - if (! *chain) { - s = LDNS_STATUS_SSL_ERR; - } else { - s = LDNS_STATUS_OK; - } -exit_free_vrfy_ctx: - X509_STORE_CTX_free(vrfy_ctx); - -exit_free_empty_store: - X509_STORE_free(empty_store); - return s; -} - - -/* Pop n+1 certs and return the last popped. - */ -static ldns_status -ldns_dane_get_nth_cert_from_validation_chain( - X509** cert, STACK_OF(X509)* chain, int n, bool ca) -{ - if (n >= sk_X509_num(chain) || n < 0) { - return LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE; - } - *cert = sk_X509_pop(chain); - while (n-- > 0) { - X509_free(*cert); - *cert = sk_X509_pop(chain); - } - if (ca && ! X509_check_ca(*cert)) { - return LDNS_STATUS_DANE_NON_CA_CERTIFICATE; - } - return LDNS_STATUS_OK; -} - - -/* Create validation chain with cert and extra_certs and returns the last - * self-signed (if present). - */ -static ldns_status -ldns_dane_pkix_get_last_self_signed(X509** out_cert, - X509* cert, STACK_OF(X509)* extra_certs) -{ - ldns_status s; - X509_STORE* empty_store = NULL; - X509_STORE_CTX* vrfy_ctx; - - assert(out_cert != NULL); - - empty_store = X509_STORE_new(); - s = LDNS_STATUS_SSL_ERR; - vrfy_ctx = X509_STORE_CTX_new(); - if (! vrfy_ctx) { - goto exit_free_empty_store; - - } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store, - cert, extra_certs) != 1) { - goto exit_free_vrfy_ctx; - - } - (void) X509_verify_cert(vrfy_ctx); - if (vrfy_ctx->error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN || - vrfy_ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){ - - *out_cert = X509_STORE_CTX_get_current_cert( vrfy_ctx); - s = LDNS_STATUS_OK; - } else { - s = LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR; - } -exit_free_vrfy_ctx: - X509_STORE_CTX_free(vrfy_ctx); - -exit_free_empty_store: - X509_STORE_free(empty_store); - return s; -} - - -ldns_status -ldns_dane_select_certificate(X509** selected_cert, - X509* cert, STACK_OF(X509)* extra_certs, - X509_STORE* pkix_validation_store, - ldns_tlsa_certificate_usage cert_usage, int offset) -{ - ldns_status s; - STACK_OF(X509)* pkix_validation_chain = NULL; - - assert(selected_cert != NULL); - assert(cert != NULL); - - /* With PKIX validation explicitely turned off (pkix_validation_store - * == NULL), treat the "CA constraint" and "Service certificate - * constraint" the same as "Trust anchor assertion" and "Domain issued - * certificate" respectively. - */ - if (pkix_validation_store == NULL) { - switch (cert_usage) { - - case LDNS_TLSA_USAGE_CA_CONSTRAINT: - - cert_usage = LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION; - break; - - case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: - - cert_usage = LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE; - break; - - default: - break; - } - } - - /* Now what to do with each Certificate usage... - */ - switch (cert_usage) { - - case LDNS_TLSA_USAGE_CA_CONSTRAINT: - - s = ldns_dane_pkix_validate_and_get_chain( - &pkix_validation_chain, - cert, extra_certs, - pkix_validation_store); - if (! pkix_validation_chain) { - return s; - } - if (s == LDNS_STATUS_OK) { - if (offset == -1) { - offset = 0; - } - s = ldns_dane_get_nth_cert_from_validation_chain( - selected_cert, pkix_validation_chain, - offset, true); - } - sk_X509_pop_free(pkix_validation_chain, X509_free); - return s; - break; - - - case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: - - *selected_cert = cert; - return ldns_dane_pkix_validate(cert, extra_certs, - pkix_validation_store); - break; - - - case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION: - - if (offset == -1) { - s = ldns_dane_pkix_get_last_self_signed( - selected_cert, cert, extra_certs); - return s; - } else { - s = ldns_dane_pkix_get_chain( - &pkix_validation_chain, - cert, extra_certs); - if (s == LDNS_STATUS_OK) { - s = - ldns_dane_get_nth_cert_from_validation_chain( - selected_cert, pkix_validation_chain, - offset, false); - } else if (! pkix_validation_chain) { - return s; - } - sk_X509_pop_free(pkix_validation_chain, X509_free); - return s; - } - break; - - - case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE: - - *selected_cert = cert; - return LDNS_STATUS_OK; - break; - - default: - return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE; - break; - } -} - - -ldns_status -ldns_dane_create_tlsa_rr(ldns_rr** tlsa, - ldns_tlsa_certificate_usage certificate_usage, - ldns_tlsa_selector selector, - ldns_tlsa_matching_type matching_type, - X509* cert) -{ - ldns_rdf* rdf; - ldns_status s; - - assert(tlsa != NULL); - assert(cert != NULL); - - /* create rr */ - *tlsa = ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA); - if (*tlsa == NULL) { - return LDNS_STATUS_MEM_ERR; - } - - rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, - (uint8_t)certificate_usage); - if (rdf == NULL) { - goto memerror; - } - (void) ldns_rr_set_rdf(*tlsa, rdf, 0); - - rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)selector); - if (rdf == NULL) { - goto memerror; - } - (void) ldns_rr_set_rdf(*tlsa, rdf, 1); - - rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)matching_type); - if (rdf == NULL) { - goto memerror; - } - (void) ldns_rr_set_rdf(*tlsa, rdf, 2); - - s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type); - if (s == LDNS_STATUS_OK) { - (void) ldns_rr_set_rdf(*tlsa, rdf, 3); - return LDNS_STATUS_OK; - } - ldns_rr_free(*tlsa); - *tlsa = NULL; - return s; - -memerror: - ldns_rr_free(*tlsa); - *tlsa = NULL; - return LDNS_STATUS_MEM_ERR; -} - - -/* Return tlsas that actually are TLSA resource records with known values - * for the Certificate usage, Selector and Matching type rdata fields. - */ -static ldns_rr_list* -ldns_dane_filter_unusable_records(const ldns_rr_list* tlsas) -{ - size_t i; - ldns_rr_list* r = ldns_rr_list_new(); - ldns_rr* tlsa_rr; - - if (! r) { - return NULL; - } - for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) { - tlsa_rr = ldns_rr_list_rr(tlsas, i); - if (ldns_rr_get_type(tlsa_rr) == LDNS_RR_TYPE_TLSA && - ldns_rr_rd_count(tlsa_rr) == 4 && - ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) <= 3 && - ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) <= 1 && - ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) <= 2) { - - if (! ldns_rr_list_push_rr(r, tlsa_rr)) { - ldns_rr_list_free(r); - return NULL; - } - } - } - return r; -} - - -/* Return whether cert/selector/matching_type matches data. - */ -static ldns_status -ldns_dane_match_cert_with_data(X509* cert, ldns_tlsa_selector selector, - ldns_tlsa_matching_type matching_type, ldns_rdf* data) -{ - ldns_status s; - ldns_rdf* match_data; - - s = ldns_dane_cert2rdf(&match_data, cert, selector, matching_type); - if (s == LDNS_STATUS_OK) { - if (ldns_rdf_compare(data, match_data) != 0) { - s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; - } - ldns_rdf_free(match_data); - } - return s; -} - - -/* Return whether any certificate from the chain with selector/matching_type - * matches data. - * ca should be true if the certificate has to be a CA certificate too. - */ -static ldns_status -ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain, - ldns_tlsa_selector selector, - ldns_tlsa_matching_type matching_type, - ldns_rdf* data, bool ca) -{ - ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; - size_t n, i; - X509* cert; - - n = (size_t)sk_X509_num(chain); - for (i = 0; i < n; i++) { - cert = sk_X509_pop(chain); - if (! cert) { - s = LDNS_STATUS_SSL_ERR; - break; - } - s = ldns_dane_match_cert_with_data(cert, - selector, matching_type, data); - if (ca && s == LDNS_STATUS_OK && ! X509_check_ca(cert)) { - s = LDNS_STATUS_DANE_NON_CA_CERTIFICATE; - } - X509_free(cert); - if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) { - break; - } - /* when s == LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH, - * try to match the next certificate - */ - } - return s; -} - - -ldns_status -ldns_dane_verify_rr(const ldns_rr* tlsa_rr, - X509* cert, STACK_OF(X509)* extra_certs, - X509_STORE* pkix_validation_store) -{ - ldns_status s; - - STACK_OF(X509)* pkix_validation_chain = NULL; - - ldns_tlsa_certificate_usage cert_usage; - ldns_tlsa_selector selector; - ldns_tlsa_matching_type matching_type; - ldns_rdf* data; - - if (! tlsa_rr) { - /* No TLSA, so regular PKIX validation - */ - return ldns_dane_pkix_validate(cert, extra_certs, - pkix_validation_store); - } - cert_usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)); - selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)); - matching_type = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)); - data = ldns_rr_rdf(tlsa_rr, 3) ; - - switch (cert_usage) { - case LDNS_TLSA_USAGE_CA_CONSTRAINT: - s = ldns_dane_pkix_validate_and_get_chain( - &pkix_validation_chain, - cert, extra_certs, - pkix_validation_store); - if (! pkix_validation_chain) { - return s; - } - if (s == LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) { - /* - * NO PKIX validation. We still try to match *any* - * certificate from the chain, so we return - * TLSA errors over PKIX errors. - * - * i.e. When the TLSA matches no certificate, we return - * TLSA_DID_NOT_MATCH and not PKIX_DID_NOT_VALIDATE - */ - s = ldns_dane_match_any_cert_with_data( - pkix_validation_chain, - selector, matching_type, data, true); - - if (s == LDNS_STATUS_OK) { - /* A TLSA record did match a cert from the - * chain, thus the error is failed PKIX - * validation. - */ - s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; - } - - } else if (s == LDNS_STATUS_OK) { - /* PKIX validated, does the TLSA match too? */ - - s = ldns_dane_match_any_cert_with_data( - pkix_validation_chain, - selector, matching_type, data, true); - } - sk_X509_pop_free(pkix_validation_chain, X509_free); - return s; - break; - - case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: - s = ldns_dane_match_cert_with_data(cert, - selector, matching_type, data); - - if (s == LDNS_STATUS_OK) { - return ldns_dane_pkix_validate(cert, extra_certs, - pkix_validation_store); - } - return s; - break; - - case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION: - s = ldns_dane_pkix_get_chain(&pkix_validation_chain, - cert, extra_certs); - - if (s == LDNS_STATUS_OK) { - s = ldns_dane_match_any_cert_with_data( - pkix_validation_chain, - selector, matching_type, data, false); - - } else if (! pkix_validation_chain) { - return s; - } - sk_X509_pop_free(pkix_validation_chain, X509_free); - return s; - break; - - case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE: - return ldns_dane_match_cert_with_data(cert, - selector, matching_type, data); - break; - - default: - break; - } - return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE; -} - - -ldns_status -ldns_dane_verify(ldns_rr_list* tlsas, - X509* cert, STACK_OF(X509)* extra_certs, - X509_STORE* pkix_validation_store) -{ - size_t i; - ldns_rr* tlsa_rr; - ldns_status s = LDNS_STATUS_OK, ps; - - assert(cert != NULL); - - if (tlsas && ldns_rr_list_rr_count(tlsas) > 0) { - tlsas = ldns_dane_filter_unusable_records(tlsas); - if (! tlsas) { - return LDNS_STATUS_MEM_ERR; - } - } - if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0) { - /* No TLSA's, so regular PKIX validation - */ - return ldns_dane_pkix_validate(cert, extra_certs, - pkix_validation_store); - } else { - for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) { - tlsa_rr = ldns_rr_list_rr(tlsas, i); - ps = s; - s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs, - pkix_validation_store); - - if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH && - s != LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) { - - /* which would be LDNS_STATUS_OK (match) - * or some fatal error preventing use from - * trying the next TLSA record. - */ - break; - } - s = (s > ps ? s : ps); /* prefer PKIX_DID_NOT_VALIDATE - * over TLSA_DID_NOT_MATCH - */ - } - ldns_rr_list_free(tlsas); - } - return s; -} -#endif /* HAVE_SSL */ -#endif /* USE_DANE */ diff --git a/src/ldns/dname.c b/src/ldns/dname.c deleted file mode 100644 index 55aba5d..0000000 --- a/src/ldns/dname.c +++ /dev/null @@ -1,598 +0,0 @@ -/* - * dname.c - * - * dname specific rdata implementations - * A dname is a rdf structure with type LDNS_RDF_TYPE_DNAME - * It is not a /real/ type! All function must therefor check - * for LDNS_RDF_TYPE_DNAME. - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ - -#include - -#include - -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETDB_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif - -/* Returns whether the last label in the name is a root label (a empty label). - * Note that it is not enough to just test the last character to be 0, - * because it may be part of the last label itself. - */ -static bool -ldns_dname_last_label_is_root_label(const ldns_rdf* dname) -{ - size_t src_pos; - size_t len = 0; - - for (src_pos = 0; src_pos < ldns_rdf_size(dname); src_pos += len + 1) { - len = ldns_rdf_data(dname)[src_pos]; - } - assert(src_pos == ldns_rdf_size(dname)); - - return src_pos > 0 && len == 0; -} - -ldns_rdf * -ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2) -{ - ldns_rdf *new; - uint16_t new_size; - uint8_t *buf; - uint16_t left_size; - - if (ldns_rdf_get_type(rd1) != LDNS_RDF_TYPE_DNAME || - ldns_rdf_get_type(rd2) != LDNS_RDF_TYPE_DNAME) { - return NULL; - } - - /* remove root label if it is present at the end of the left - * rd, by reducing the size with 1 - */ - left_size = ldns_rdf_size(rd1); - if (ldns_dname_last_label_is_root_label(rd1)) { - left_size--; - } - - /* we overwrite the nullbyte of rd1 */ - new_size = left_size + ldns_rdf_size(rd2); - buf = LDNS_XMALLOC(uint8_t, new_size); - if (!buf) { - return NULL; - } - - /* put the two dname's after each other */ - memcpy(buf, ldns_rdf_data(rd1), left_size); - memcpy(buf + left_size, ldns_rdf_data(rd2), ldns_rdf_size(rd2)); - - new = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, new_size, buf); - - LDNS_FREE(buf); - return new; -} - -ldns_status -ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2) -{ - uint16_t left_size; - uint16_t size; - uint8_t* newd; - - if (ldns_rdf_get_type(rd1) != LDNS_RDF_TYPE_DNAME || - ldns_rdf_get_type(rd2) != LDNS_RDF_TYPE_DNAME) { - return LDNS_STATUS_ERR; - } - - /* remove root label if it is present at the end of the left - * rd, by reducing the size with 1 - */ - left_size = ldns_rdf_size(rd1); - if (ldns_dname_last_label_is_root_label(rd1)) { - left_size--; - } - - size = left_size + ldns_rdf_size(rd2); - newd = LDNS_XREALLOC(ldns_rdf_data(rd1), uint8_t, size); - if(!newd) { - return LDNS_STATUS_MEM_ERR; - } - - ldns_rdf_set_data(rd1, newd); - memcpy(ldns_rdf_data(rd1) + left_size, ldns_rdf_data(rd2), - ldns_rdf_size(rd2)); - ldns_rdf_set_size(rd1, size); - - return LDNS_STATUS_OK; -} - -ldns_rdf* -ldns_dname_reverse(const ldns_rdf *dname) -{ - size_t rd_size; - uint8_t* buf; - ldns_rdf* new; - size_t src_pos; - size_t len ; - - assert(ldns_rdf_get_type(dname) == LDNS_RDF_TYPE_DNAME); - - rd_size = ldns_rdf_size(dname); - buf = LDNS_XMALLOC(uint8_t, rd_size); - if (! buf) { - return NULL; - } - new = ldns_rdf_new(LDNS_RDF_TYPE_DNAME, rd_size, buf); - if (! new) { - LDNS_FREE(buf); - return NULL; - } - - /* If dname ends in a root label, the reverse should too. - */ - if (ldns_dname_last_label_is_root_label(dname)) { - buf[rd_size - 1] = 0; - rd_size -= 1; - } - for (src_pos = 0; src_pos < rd_size; src_pos += len + 1) { - len = ldns_rdf_data(dname)[src_pos]; - memcpy(&buf[rd_size - src_pos - len - 1], - &ldns_rdf_data(dname)[src_pos], len + 1); - } - return new; -} - -ldns_rdf * -ldns_dname_clone_from(const ldns_rdf *d, uint16_t n) -{ - uint8_t *data; - uint8_t label_size; - size_t data_size; - - if (!d || - ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME || - ldns_dname_label_count(d) < n) { - return NULL; - } - - data = ldns_rdf_data(d); - data_size = ldns_rdf_size(d); - while (n > 0) { - label_size = data[0] + 1; - data += label_size; - if (data_size < label_size) { - /* this label is very broken */ - return NULL; - } - data_size -= label_size; - n--; - } - - return ldns_dname_new_frm_data(data_size, data); -} - -ldns_rdf * -ldns_dname_left_chop(const ldns_rdf *d) -{ - uint8_t label_pos; - ldns_rdf *chop; - - if (!d) { - return NULL; - } - - if (ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME) { - return NULL; - } - if (ldns_dname_label_count(d) == 0) { - /* root label */ - return NULL; - } - /* 05blaat02nl00 */ - label_pos = ldns_rdf_data(d)[0]; - - chop = ldns_dname_new_frm_data(ldns_rdf_size(d) - label_pos - 1, - ldns_rdf_data(d) + label_pos + 1); - return chop; -} - -uint8_t -ldns_dname_label_count(const ldns_rdf *r) -{ - uint16_t src_pos; - uint16_t len; - uint8_t i; - size_t r_size; - - if (!r) { - return 0; - } - - i = 0; - src_pos = 0; - r_size = ldns_rdf_size(r); - - if (ldns_rdf_get_type(r) != LDNS_RDF_TYPE_DNAME) { - return 0; - } else { - len = ldns_rdf_data(r)[src_pos]; /* start of the label */ - - /* single root label */ - if (1 == r_size) { - return 0; - } else { - while ((len > 0) && src_pos < r_size) { - src_pos++; - src_pos += len; - len = ldns_rdf_data(r)[src_pos]; - i++; - } - } - } - return i; -} - -ldns_rdf * -ldns_dname_new(uint16_t s, void *d) -{ - ldns_rdf *rd; - - rd = LDNS_MALLOC(ldns_rdf); - if (!rd) { - return NULL; - } - ldns_rdf_set_size(rd, s); - ldns_rdf_set_type(rd, LDNS_RDF_TYPE_DNAME); - ldns_rdf_set_data(rd, d); - return rd; -} - -ldns_rdf * -ldns_dname_new_frm_str(const char *str) -{ - return ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, str); -} - -ldns_rdf * -ldns_dname_new_frm_data(uint16_t size, const void *data) -{ - return ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, size, data); -} - -void -ldns_dname2canonical(const ldns_rdf *rd) -{ - uint8_t *rdd; - uint16_t i; - - if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_DNAME) { - return; - } - - rdd = (uint8_t*)ldns_rdf_data(rd); - for (i = 0; i < ldns_rdf_size(rd); i++, rdd++) { - *rdd = (uint8_t)LDNS_DNAME_NORMALIZE((int)*rdd); - } -} - -bool -ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent) -{ - uint8_t sub_lab; - uint8_t par_lab; - int8_t i, j; - ldns_rdf *tmp_sub = NULL; - ldns_rdf *tmp_par = NULL; - ldns_rdf *sub_clone; - ldns_rdf *parent_clone; - bool result = true; - - if (ldns_rdf_get_type(sub) != LDNS_RDF_TYPE_DNAME || - ldns_rdf_get_type(parent) != LDNS_RDF_TYPE_DNAME || - ldns_rdf_compare(sub, parent) == 0) { - return false; - } - - /* would be nicer if we do not have to clone... */ - sub_clone = ldns_dname_clone_from(sub, 0); - parent_clone = ldns_dname_clone_from(parent, 0); - ldns_dname2canonical(sub_clone); - ldns_dname2canonical(parent_clone); - - sub_lab = ldns_dname_label_count(sub_clone); - par_lab = ldns_dname_label_count(parent_clone); - - /* if sub sits above parent, it cannot be a child/sub domain */ - if (sub_lab < par_lab) { - result = false; - } else { - /* check all labels the from the parent labels, from right to left. - * When they /all/ match we have found a subdomain - */ - j = sub_lab - 1; /* we count from zero, thank you */ - for (i = par_lab -1; i >= 0; i--) { - tmp_sub = ldns_dname_label(sub_clone, j); - tmp_par = ldns_dname_label(parent_clone, i); - if (!tmp_sub || !tmp_par) { - /* deep free does null check */ - ldns_rdf_deep_free(tmp_sub); - ldns_rdf_deep_free(tmp_par); - result = false; - break; - } - - if (ldns_rdf_compare(tmp_sub, tmp_par) != 0) { - /* they are not equal */ - ldns_rdf_deep_free(tmp_sub); - ldns_rdf_deep_free(tmp_par); - result = false; - break; - } - ldns_rdf_deep_free(tmp_sub); - ldns_rdf_deep_free(tmp_par); - j--; - } - } - ldns_rdf_deep_free(sub_clone); - ldns_rdf_deep_free(parent_clone); - return result; -} - -int -ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2) -{ - size_t lc1, lc2, lc1f, lc2f; - size_t i; - int result = 0; - uint8_t *lp1, *lp2; - - /* see RFC4034 for this algorithm */ - /* this algorithm assumes the names are normalized to case */ - - /* only when both are not NULL we can say anything about them */ - if (!dname1 && !dname2) { - return 0; - } - if (!dname1 || !dname2) { - return -1; - } - /* asserts must happen later as we are looking in the - * dname, which could be NULL. But this case is handled - * above - */ - assert(ldns_rdf_get_type(dname1) == LDNS_RDF_TYPE_DNAME); - assert(ldns_rdf_get_type(dname2) == LDNS_RDF_TYPE_DNAME); - - lc1 = ldns_dname_label_count(dname1); - lc2 = ldns_dname_label_count(dname2); - - if (lc1 == 0 && lc2 == 0) { - return 0; - } - if (lc1 == 0) { - return -1; - } - if (lc2 == 0) { - return 1; - } - lc1--; - lc2--; - /* we start at the last label */ - while (true) { - /* find the label first */ - lc1f = lc1; - lp1 = ldns_rdf_data(dname1); - while (lc1f > 0) { - lp1 += *lp1 + 1; - lc1f--; - } - - /* and find the other one */ - lc2f = lc2; - lp2 = ldns_rdf_data(dname2); - while (lc2f > 0) { - lp2 += *lp2 + 1; - lc2f--; - } - - /* now check the label character for character. */ - for (i = 1; i < (size_t)(*lp1 + 1); i++) { - if (i > *lp2) { - /* apparently label 1 is larger */ - result = 1; - goto done; - } - if (LDNS_DNAME_NORMALIZE((int) *(lp1 + i)) < - LDNS_DNAME_NORMALIZE((int) *(lp2 + i))) { - result = -1; - goto done; - } else if (LDNS_DNAME_NORMALIZE((int) *(lp1 + i)) > - LDNS_DNAME_NORMALIZE((int) *(lp2 + i))) { - result = 1; - goto done; - } - } - if (*lp1 < *lp2) { - /* apparently label 2 is larger */ - result = -1; - goto done; - } - if (lc1 == 0 && lc2 > 0) { - result = -1; - goto done; - } else if (lc1 > 0 && lc2 == 0) { - result = 1; - goto done; - } else if (lc1 == 0 && lc2 == 0) { - result = 0; - goto done; - } - lc1--; - lc2--; - } - - done: - return result; -} - -int -ldns_dname_is_wildcard(const ldns_rdf* dname) -{ - return ( ldns_dname_label_count(dname) > 0 && - ldns_rdf_data(dname)[0] == 1 && - ldns_rdf_data(dname)[1] == '*'); -} - -int -ldns_dname_match_wildcard(const ldns_rdf *dname, const ldns_rdf *wildcard) -{ - ldns_rdf *wc_chopped; - int result; - /* check whether it really is a wildcard */ - if (ldns_dname_is_wildcard(wildcard)) { - /* ok, so the dname needs to be a subdomain of the wildcard - * without the * - */ - wc_chopped = ldns_dname_left_chop(wildcard); - result = (int) ldns_dname_is_subdomain(dname, wc_chopped); - ldns_rdf_deep_free(wc_chopped); - } else { - result = (ldns_dname_compare(dname, wildcard) == 0); - } - return result; -} - -/* nsec test: does prev <= middle < next - * -1 = yes - * 0 = error/can't tell - * 1 = no - */ -int -ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle, - const ldns_rdf *next) -{ - int prev_check, next_check; - - assert(ldns_rdf_get_type(prev) == LDNS_RDF_TYPE_DNAME); - assert(ldns_rdf_get_type(middle) == LDNS_RDF_TYPE_DNAME); - assert(ldns_rdf_get_type(next) == LDNS_RDF_TYPE_DNAME); - - prev_check = ldns_dname_compare(prev, middle); - next_check = ldns_dname_compare(middle, next); - /* <= next. This cannot be the case for nsec, because then we would - * have gotten the nsec of next... - */ - if (next_check == 0) { - return 0; - } - - /* <= */ - if ((prev_check == -1 || prev_check == 0) && - /* < */ - next_check == -1) { - return -1; - } else { - return 1; - } -} - - -bool -ldns_dname_str_absolute(const char *dname_str) -{ - const char* s; - if(dname_str && strcmp(dname_str, ".") == 0) - return 1; - if(!dname_str || strlen(dname_str) < 2) - return 0; - if(dname_str[strlen(dname_str) - 1] != '.') - return 0; - if(dname_str[strlen(dname_str) - 2] != '\\') - return 1; /* ends in . and no \ before it */ - /* so we have the case of ends in . and there is \ before it */ - for(s=dname_str; *s; s++) { - if(*s == '\\') { - if(s[1] && s[2] && s[3] /* check length */ - && isdigit(s[1]) && isdigit(s[2]) && - isdigit(s[3])) - s += 3; - else if(!s[1] || isdigit(s[1])) /* escape of nul,0-9 */ - return 0; /* parse error */ - else s++; /* another character escaped */ - } - else if(!*(s+1) && *s == '.') - return 1; /* trailing dot, unescaped */ - } - return 0; -} - -bool -ldns_dname_absolute(const ldns_rdf *rdf) -{ - char *str = ldns_rdf2str(rdf); - if (str) { - bool r = ldns_dname_str_absolute(str); - LDNS_FREE(str); - return r; - } - return false; -} - -ldns_rdf * -ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos) -{ - uint8_t labelcnt; - uint16_t src_pos; - uint16_t len; - ldns_rdf *tmpnew; - size_t s; - uint8_t *data; - - if (ldns_rdf_get_type(rdf) != LDNS_RDF_TYPE_DNAME) { - return NULL; - } - - labelcnt = 0; - src_pos = 0; - s = ldns_rdf_size(rdf); - - len = ldns_rdf_data(rdf)[src_pos]; /* label start */ - while ((len > 0) && src_pos < s) { - if (labelcnt == labelpos) { - /* found our label */ - data = LDNS_XMALLOC(uint8_t, len + 2); - if (!data) { - return NULL; - } - memcpy(data, ldns_rdf_data(rdf) + src_pos, len + 1); - data[len + 2 - 1] = 0; - - tmpnew = ldns_rdf_new( LDNS_RDF_TYPE_DNAME - , len + 2, data); - if (!tmpnew) { - LDNS_FREE(data); - return NULL; - } - return tmpnew; - } - src_pos++; - src_pos += len; - len = ldns_rdf_data(rdf)[src_pos]; - labelcnt++; - } - return NULL; -} diff --git a/src/ldns/dnssec.c b/src/ldns/dnssec.c deleted file mode 100644 index a41a9f6..0000000 --- a/src/ldns/dnssec.c +++ /dev/null @@ -1,1869 +0,0 @@ -/* - * dnssec.c - * - * contains the cryptographic function needed for DNSSEC in ldns - * The crypto library used is openssl - * - * (c) NLnet Labs, 2004-2008 - * - * See the file LICENSE for the license - */ - -#include - -#include -#include - -#include -#include - -#ifdef HAVE_SSL -#include -#include -#include -#include -#include -#endif - -ldns_rr * -ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name, - const ldns_rr_type type, - const ldns_rr_list *rrs) -{ - size_t i; - ldns_rr *candidate; - - if (!name || !rrs) { - return NULL; - } - - for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { - candidate = ldns_rr_list_rr(rrs, i); - if (ldns_rr_get_type(candidate) == LDNS_RR_TYPE_RRSIG) { - if (ldns_dname_compare(ldns_rr_owner(candidate), - name) == 0 && - ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(candidate)) - == type - ) { - return candidate; - } - } - } - - return NULL; -} - -ldns_rr * -ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, - const ldns_rr_list *rrs) -{ - size_t i; - ldns_rr *candidate; - - if (!rrsig || !rrs) { - return NULL; - } - - for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { - candidate = ldns_rr_list_rr(rrs, i); - if (ldns_rr_get_type(candidate) == LDNS_RR_TYPE_DNSKEY) { - if (ldns_dname_compare(ldns_rr_owner(candidate), - ldns_rr_rrsig_signame(rrsig)) == 0 && - ldns_rdf2native_int16(ldns_rr_rrsig_keytag(rrsig)) == - ldns_calc_keytag(candidate) - ) { - return candidate; - } - } - } - - return NULL; -} - -ldns_rdf * -ldns_nsec_get_bitmap(ldns_rr *nsec) { - if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC) { - return ldns_rr_rdf(nsec, 1); - } else if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC3) { - return ldns_rr_rdf(nsec, 5); - } else { - return NULL; - } -} - -/*return the owner name of the closest encloser for name from the list of rrs */ -/* this is NOT the hash, but the original name! */ -ldns_rdf * -ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname, - ATTR_UNUSED(ldns_rr_type qtype), - ldns_rr_list *nsec3s) -{ - /* remember parameters, they must match */ - uint8_t algorithm; - uint32_t iterations; - uint8_t salt_length; - uint8_t *salt; - - ldns_rdf *sname, *hashed_sname, *tmp; - bool flag; - - bool exact_match_found; - bool in_range_found; - - ldns_status status; - ldns_rdf *zone_name; - - size_t nsec_i; - ldns_rr *nsec; - ldns_rdf *result = NULL; - - if (!qname || !nsec3s || ldns_rr_list_rr_count(nsec3s) < 1) { - return NULL; - } - - nsec = ldns_rr_list_rr(nsec3s, 0); - algorithm = ldns_nsec3_algorithm(nsec); - salt_length = ldns_nsec3_salt_length(nsec); - salt = ldns_nsec3_salt_data(nsec); - iterations = ldns_nsec3_iterations(nsec); - - sname = ldns_rdf_clone(qname); - - flag = false; - - zone_name = ldns_dname_left_chop(ldns_rr_owner(nsec)); - - /* algorithm from nsec3-07 8.3 */ - while (ldns_dname_label_count(sname) > 0) { - exact_match_found = false; - in_range_found = false; - - hashed_sname = ldns_nsec3_hash_name(sname, - algorithm, - iterations, - salt_length, - salt); - - status = ldns_dname_cat(hashed_sname, zone_name); - if(status != LDNS_STATUS_OK) { - LDNS_FREE(salt); - ldns_rdf_deep_free(zone_name); - ldns_rdf_deep_free(sname); - return NULL; - } - - for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsec3s); nsec_i++) { - nsec = ldns_rr_list_rr(nsec3s, nsec_i); - - /* check values of iterations etc! */ - - /* exact match? */ - if (ldns_dname_compare(ldns_rr_owner(nsec), hashed_sname) == 0) { - exact_match_found = true; - } else if (ldns_nsec_covers_name(nsec, hashed_sname)) { - in_range_found = true; - } - - } - if (!exact_match_found && in_range_found) { - flag = true; - } else if (exact_match_found && flag) { - result = ldns_rdf_clone(sname); - /* RFC 5155: 8.3. 2.** "The proof is complete" */ - ldns_rdf_deep_free(hashed_sname); - goto done; - } else if (exact_match_found && !flag) { - /* error! */ - ldns_rdf_deep_free(hashed_sname); - goto done; - } else { - flag = false; - } - - ldns_rdf_deep_free(hashed_sname); - tmp = sname; - sname = ldns_dname_left_chop(sname); - ldns_rdf_deep_free(tmp); - } - - done: - LDNS_FREE(salt); - ldns_rdf_deep_free(zone_name); - ldns_rdf_deep_free(sname); - - return result; -} - -bool -ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt) -{ - size_t i; - for (i = 0; i < ldns_pkt_ancount(pkt); i++) { - if (ldns_rr_get_type(ldns_rr_list_rr(ldns_pkt_answer(pkt), i)) == - LDNS_RR_TYPE_RRSIG) { - return true; - } - } - for (i = 0; i < ldns_pkt_nscount(pkt); i++) { - if (ldns_rr_get_type(ldns_rr_list_rr(ldns_pkt_authority(pkt), i)) == - LDNS_RR_TYPE_RRSIG) { - return true; - } - } - return false; -} - -ldns_rr_list * -ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, - ldns_rdf *name, - ldns_rr_type type) -{ - uint16_t t_netorder; - ldns_rr_list *sigs; - ldns_rr_list *sigs_covered; - ldns_rdf *rdf_t; - - sigs = ldns_pkt_rr_list_by_name_and_type(pkt, - name, - LDNS_RR_TYPE_RRSIG, - LDNS_SECTION_ANY_NOQUESTION - ); - - t_netorder = htons(type); /* rdf are in network order! */ - rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, LDNS_RDF_SIZE_WORD, &t_netorder); - sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0); - - ldns_rdf_free(rdf_t); - ldns_rr_list_deep_free(sigs); - - return sigs_covered; - -} - -ldns_rr_list * -ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type) -{ - uint16_t t_netorder; - ldns_rr_list *sigs; - ldns_rr_list *sigs_covered; - ldns_rdf *rdf_t; - - sigs = ldns_pkt_rr_list_by_type(pkt, - LDNS_RR_TYPE_RRSIG, - LDNS_SECTION_ANY_NOQUESTION - ); - - t_netorder = htons(type); /* rdf are in network order! */ - rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, - 2, - &t_netorder); - sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0); - - ldns_rdf_free(rdf_t); - ldns_rr_list_deep_free(sigs); - - return sigs_covered; - -} - -/* used only on the public key RR */ -uint16_t -ldns_calc_keytag(const ldns_rr *key) -{ - uint16_t ac16; - ldns_buffer *keybuf; - size_t keysize; - - if (!key) { - return 0; - } - - if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY && - ldns_rr_get_type(key) != LDNS_RR_TYPE_KEY - ) { - return 0; - } - - /* rdata to buf - only put the rdata in a buffer */ - keybuf = ldns_buffer_new(LDNS_MIN_BUFLEN); /* grows */ - if (!keybuf) { - return 0; - } - (void)ldns_rr_rdata2buffer_wire(keybuf, key); - /* the current pos in the buffer is the keysize */ - keysize= ldns_buffer_position(keybuf); - - ac16 = ldns_calc_keytag_raw(ldns_buffer_begin(keybuf), keysize); - ldns_buffer_free(keybuf); - return ac16; -} - -uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize) -{ - unsigned int i; - uint32_t ac32; - uint16_t ac16; - - if(keysize < 4) { - return 0; - } - /* look at the algorithm field, copied from 2535bis */ - if (key[3] == LDNS_RSAMD5) { - ac16 = 0; - if (keysize > 4) { - memmove(&ac16, key + keysize - 3, 2); - } - ac16 = ntohs(ac16); - return (uint16_t) ac16; - } else { - ac32 = 0; - for (i = 0; (size_t)i < keysize; ++i) { - ac32 += (i & 1) ? key[i] : key[i] << 8; - } - ac32 += (ac32 >> 16) & 0xFFFF; - return (uint16_t) (ac32 & 0xFFFF); - } -} - -#ifdef HAVE_SSL -DSA * -ldns_key_buf2dsa(ldns_buffer *key) -{ - return ldns_key_buf2dsa_raw((unsigned char*)ldns_buffer_begin(key), - ldns_buffer_position(key)); -} - -DSA * -ldns_key_buf2dsa_raw(unsigned char* key, size_t len) -{ - uint8_t T; - uint16_t length; - uint16_t offset; - DSA *dsa; - BIGNUM *Q; BIGNUM *P; - BIGNUM *G; BIGNUM *Y; - - if(len == 0) - return NULL; - T = (uint8_t)key[0]; - length = (64 + T * 8); - offset = 1; - - if (T > 8) { - return NULL; - } - if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length) - return NULL; - - Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL); - offset += SHA_DIGEST_LENGTH; - - P = BN_bin2bn(key+offset, (int)length, NULL); - offset += length; - - G = BN_bin2bn(key+offset, (int)length, NULL); - offset += length; - - Y = BN_bin2bn(key+offset, (int)length, NULL); - offset += length; - - /* create the key and set its properties */ - if(!Q || !P || !G || !Y || !(dsa = DSA_new())) { - BN_free(Q); - BN_free(P); - BN_free(G); - BN_free(Y); - return NULL; - } -#ifndef S_SPLINT_S - dsa->p = P; - dsa->q = Q; - dsa->g = G; - dsa->pub_key = Y; -#endif /* splint */ - - return dsa; -} - -RSA * -ldns_key_buf2rsa(ldns_buffer *key) -{ - return ldns_key_buf2rsa_raw((unsigned char*)ldns_buffer_begin(key), - ldns_buffer_position(key)); -} - -RSA * -ldns_key_buf2rsa_raw(unsigned char* key, size_t len) -{ - uint16_t offset; - uint16_t exp; - uint16_t int16; - RSA *rsa; - BIGNUM *modulus; - BIGNUM *exponent; - - if (len == 0) - return NULL; - if (key[0] == 0) { - if(len < 3) - return NULL; - /* need some smart comment here XXX*/ - /* the exponent is too large so it's places - * futher...???? */ - memmove(&int16, key+1, 2); - exp = ntohs(int16); - offset = 3; - } else { - exp = key[0]; - offset = 1; - } - - /* key length at least one */ - if(len < (size_t)offset + exp + 1) - return NULL; - - /* Exponent */ - exponent = BN_new(); - if(!exponent) return NULL; - (void) BN_bin2bn(key+offset, (int)exp, exponent); - offset += exp; - - /* Modulus */ - modulus = BN_new(); - if(!modulus) { - BN_free(exponent); - return NULL; - } - /* length of the buffer must match the key length! */ - (void) BN_bin2bn(key+offset, (int)(len - offset), modulus); - - rsa = RSA_new(); - if(!rsa) { - BN_free(exponent); - BN_free(modulus); - return NULL; - } -#ifndef S_SPLINT_S - rsa->n = modulus; - rsa->e = exponent; -#endif /* splint */ - - return rsa; -} - -int -ldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest, - const EVP_MD* md) -{ - EVP_MD_CTX* ctx; - ctx = EVP_MD_CTX_create(); - if(!ctx) - return false; - if(!EVP_DigestInit_ex(ctx, md, NULL) || - !EVP_DigestUpdate(ctx, data, len) || - !EVP_DigestFinal_ex(ctx, dest, NULL)) { - EVP_MD_CTX_destroy(ctx); - return false; - } - EVP_MD_CTX_destroy(ctx); - return true; -} -#endif /* HAVE_SSL */ - -ldns_rr * -ldns_key_rr2ds(const ldns_rr *key, ldns_hash h) -{ - ldns_rdf *tmp; - ldns_rr *ds; - uint16_t keytag; - uint8_t sha1hash; - uint8_t *digest; - ldns_buffer *data_buf; -#ifdef USE_GOST - const EVP_MD* md = NULL; -#endif - - if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY) { - return NULL; - } - - ds = ldns_rr_new(); - if (!ds) { - return NULL; - } - ldns_rr_set_type(ds, LDNS_RR_TYPE_DS); - ldns_rr_set_owner(ds, ldns_rdf_clone( - ldns_rr_owner(key))); - ldns_rr_set_ttl(ds, ldns_rr_ttl(key)); - ldns_rr_set_class(ds, ldns_rr_get_class(key)); - - switch(h) { - default: - case LDNS_SHA1: - digest = LDNS_XMALLOC(uint8_t, LDNS_SHA1_DIGEST_LENGTH); - if (!digest) { - ldns_rr_free(ds); - return NULL; - } - break; - case LDNS_SHA256: - digest = LDNS_XMALLOC(uint8_t, LDNS_SHA256_DIGEST_LENGTH); - if (!digest) { - ldns_rr_free(ds); - return NULL; - } - break; - case LDNS_HASH_GOST: -#ifdef USE_GOST - (void)ldns_key_EVP_load_gost_id(); - md = EVP_get_digestbyname("md_gost94"); - if(!md) { - ldns_rr_free(ds); - return NULL; - } - digest = LDNS_XMALLOC(uint8_t, EVP_MD_size(md)); - if (!digest) { - ldns_rr_free(ds); - return NULL; - } - break; -#else - /* not implemented */ - ldns_rr_free(ds); - return NULL; -#endif - case LDNS_SHA384: -#ifdef USE_ECDSA - digest = LDNS_XMALLOC(uint8_t, SHA384_DIGEST_LENGTH); - if (!digest) { - ldns_rr_free(ds); - return NULL; - } - break; -#else - /* not implemented */ - ldns_rr_free(ds); - return NULL; -#endif - } - - data_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); - if (!data_buf) { - LDNS_FREE(digest); - ldns_rr_free(ds); - return NULL; - } - - /* keytag */ - keytag = htons(ldns_calc_keytag((ldns_rr*)key)); - tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16, - sizeof(uint16_t), - &keytag); - ldns_rr_push_rdf(ds, tmp); - - /* copy the algorithm field */ - if ((tmp = ldns_rr_rdf(key, 2)) == NULL) { - LDNS_FREE(digest); - ldns_buffer_free(data_buf); - ldns_rr_free(ds); - return NULL; - } else { - ldns_rr_push_rdf(ds, ldns_rdf_clone( tmp )); - } - - /* digest hash type */ - sha1hash = (uint8_t)h; - tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, - sizeof(uint8_t), - &sha1hash); - ldns_rr_push_rdf(ds, tmp); - - /* digest */ - /* owner name */ - tmp = ldns_rdf_clone(ldns_rr_owner(key)); - ldns_dname2canonical(tmp); - if (ldns_rdf2buffer_wire(data_buf, tmp) != LDNS_STATUS_OK) { - LDNS_FREE(digest); - ldns_buffer_free(data_buf); - ldns_rr_free(ds); - ldns_rdf_deep_free(tmp); - return NULL; - } - ldns_rdf_deep_free(tmp); - - /* all the rdata's */ - if (ldns_rr_rdata2buffer_wire(data_buf, - (ldns_rr*)key) != LDNS_STATUS_OK) { - LDNS_FREE(digest); - ldns_buffer_free(data_buf); - ldns_rr_free(ds); - return NULL; - } - switch(h) { - case LDNS_SHA1: - (void) ldns_sha1((unsigned char *) ldns_buffer_begin(data_buf), - (unsigned int) ldns_buffer_position(data_buf), - (unsigned char *) digest); - - tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, - LDNS_SHA1_DIGEST_LENGTH, - digest); - ldns_rr_push_rdf(ds, tmp); - - break; - case LDNS_SHA256: - (void) ldns_sha256((unsigned char *) ldns_buffer_begin(data_buf), - (unsigned int) ldns_buffer_position(data_buf), - (unsigned char *) digest); - tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, - LDNS_SHA256_DIGEST_LENGTH, - digest); - ldns_rr_push_rdf(ds, tmp); - break; - case LDNS_HASH_GOST: -#ifdef USE_GOST - if(!ldns_digest_evp((unsigned char *) ldns_buffer_begin(data_buf), - (unsigned int) ldns_buffer_position(data_buf), - (unsigned char *) digest, md)) { - LDNS_FREE(digest); - ldns_buffer_free(data_buf); - ldns_rr_free(ds); - return NULL; - } - tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, - (size_t)EVP_MD_size(md), - digest); - ldns_rr_push_rdf(ds, tmp); -#endif - break; - case LDNS_SHA384: -#ifdef USE_ECDSA - (void) SHA384((unsigned char *) ldns_buffer_begin(data_buf), - (unsigned int) ldns_buffer_position(data_buf), - (unsigned char *) digest); - tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, - SHA384_DIGEST_LENGTH, - digest); - ldns_rr_push_rdf(ds, tmp); -#endif - break; - } - - LDNS_FREE(digest); - ldns_buffer_free(data_buf); - return ds; -} - -/* From RFC3845: - * - * 2.1.2. The List of Type Bit Map(s) Field - * - * The RR type space is split into 256 window blocks, each representing - * the low-order 8 bits of the 16-bit RR type space. Each block that - * has at least one active RR type is encoded using a single octet - * window number (from 0 to 255), a single octet bitmap length (from 1 - * to 32) indicating the number of octets used for the window block's - * bitmap, and up to 32 octets (256 bits) of bitmap. - * - * Window blocks are present in the NSEC RR RDATA in increasing - * numerical order. - * - * "|" denotes concatenation - * - * Type Bit Map(s) Field = ( Window Block # | Bitmap Length | Bitmap ) + - * - * - * - * Blocks with no types present MUST NOT be included. Trailing zero - * octets in the bitmap MUST be omitted. The length of each block's - * bitmap is determined by the type code with the largest numerical - * value within that block, among the set of RR types present at the - * NSEC RR's owner name. Trailing zero octets not specified MUST be - * interpreted as zero octets. - */ -ldns_rdf * -ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[], - size_t size, - ldns_rr_type nsec_type) -{ - uint8_t window; /* most significant octet of type */ - uint8_t subtype; /* least significant octet of type */ - uint16_t windows[256] /* Max subtype per window */ -#ifndef S_SPLINT_S - = { 0 } /* Initialize ALL elements with 0 */ -#endif - ; - ldns_rr_type* d; /* used to traverse rr_type_list*/ - size_t i; /* used to traverse windows array */ - - size_t sz; /* size needed for type bitmap rdf */ - uint8_t* data = NULL; /* rdf data */ - uint8_t* dptr; /* used to itraverse rdf data */ - ldns_rdf* rdf; /* bitmap rdf to return */ - - if (nsec_type != LDNS_RR_TYPE_NSEC && - nsec_type != LDNS_RR_TYPE_NSEC3) { - return NULL; - } - - /* Which other windows need to be in the bitmap rdf? - */ - for (d = rr_type_list; d < rr_type_list + size; d++) { - window = *d >> 8; - subtype = *d & 0xff; - if (windows[window] < subtype) { - windows[window] = subtype; - } - } - - /* How much space do we need in the rdf for those windows? - */ - sz = 0; - for (i = 0; i < 256; i++) { - if (windows[i]) { - sz += windows[i] / 8 + 3; - } - } - if (sz > 0) { - /* Format rdf data according RFC3845 Section 2.1.2 (see above) - */ - dptr = data = LDNS_CALLOC(uint8_t, sz); - if (!data) { - return NULL; - } - for (i = 0; i < 256; i++) { - if (windows[i]) { - *dptr++ = (uint8_t)i; - *dptr++ = (uint8_t)(windows[i] / 8 + 1); - - /* Now let windows[i] index the bitmap - * within data - */ - windows[i] = (uint16_t)(dptr - data); - - dptr += dptr[-1]; - } - } - } - - /* Set the bits? - */ - for (d = rr_type_list; d < rr_type_list + size; d++) { - subtype = *d & 0xff; - data[windows[*d >> 8] + subtype/8] |= (0x80 >> (subtype % 8)); - } - - /* Allocate and return rdf structure for the data - */ - rdf = ldns_rdf_new(LDNS_RDF_TYPE_BITMAP, sz, data); - if (!rdf) { - LDNS_FREE(data); - return NULL; - } - return rdf; -} - -int -ldns_dnssec_rrsets_contains_type(ldns_dnssec_rrsets *rrsets, - ldns_rr_type type) -{ - ldns_dnssec_rrsets *cur_rrset = rrsets; - while (cur_rrset) { - if (cur_rrset->type == type) { - return 1; - } - cur_rrset = cur_rrset->next; - } - return 0; -} - -ldns_rr * -ldns_dnssec_create_nsec(ldns_dnssec_name *from, - ldns_dnssec_name *to, - ldns_rr_type nsec_type) -{ - ldns_rr *nsec_rr; - ldns_rr_type types[65536]; - size_t type_count = 0; - ldns_dnssec_rrsets *cur_rrsets; - int on_delegation_point; - - if (!from || !to || (nsec_type != LDNS_RR_TYPE_NSEC)) { - return NULL; - } - - nsec_rr = ldns_rr_new(); - ldns_rr_set_type(nsec_rr, nsec_type); - ldns_rr_set_owner(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(from))); - ldns_rr_push_rdf(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(to))); - - on_delegation_point = ldns_dnssec_rrsets_contains_type( - from->rrsets, LDNS_RR_TYPE_NS) - && !ldns_dnssec_rrsets_contains_type( - from->rrsets, LDNS_RR_TYPE_SOA); - - cur_rrsets = from->rrsets; - while (cur_rrsets) { - /* Do not include non-authoritative rrsets on the delegation point - * in the type bitmap */ - if ((on_delegation_point && ( - cur_rrsets->type == LDNS_RR_TYPE_NS - || cur_rrsets->type == LDNS_RR_TYPE_DS)) - || (!on_delegation_point && - cur_rrsets->type != LDNS_RR_TYPE_RRSIG - && cur_rrsets->type != LDNS_RR_TYPE_NSEC)) { - - types[type_count] = cur_rrsets->type; - type_count++; - } - cur_rrsets = cur_rrsets->next; - - } - types[type_count] = LDNS_RR_TYPE_RRSIG; - type_count++; - types[type_count] = LDNS_RR_TYPE_NSEC; - type_count++; - - ldns_rr_push_rdf(nsec_rr, ldns_dnssec_create_nsec_bitmap(types, - type_count, - nsec_type)); - - return nsec_rr; -} - -ldns_rr * -ldns_dnssec_create_nsec3(ldns_dnssec_name *from, - ldns_dnssec_name *to, - ldns_rdf *zone_name, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt) -{ - ldns_rr *nsec_rr; - ldns_rr_type types[65536]; - size_t type_count = 0; - ldns_dnssec_rrsets *cur_rrsets; - ldns_status status; - int on_delegation_point; - - if (!from) { - return NULL; - } - - nsec_rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3); - ldns_rr_set_owner(nsec_rr, - ldns_nsec3_hash_name(ldns_dnssec_name_name(from), - algorithm, - iterations, - salt_length, - salt)); - status = ldns_dname_cat(ldns_rr_owner(nsec_rr), zone_name); - if(status != LDNS_STATUS_OK) { - ldns_rr_free(nsec_rr); - return NULL; - } - ldns_nsec3_add_param_rdfs(nsec_rr, - algorithm, - flags, - iterations, - salt_length, - salt); - - on_delegation_point = ldns_dnssec_rrsets_contains_type( - from->rrsets, LDNS_RR_TYPE_NS) - && !ldns_dnssec_rrsets_contains_type( - from->rrsets, LDNS_RR_TYPE_SOA); - cur_rrsets = from->rrsets; - while (cur_rrsets) { - /* Do not include non-authoritative rrsets on the delegation point - * in the type bitmap. Potentionally not skipping insecure - * delegation should have been done earlier, in function - * ldns_dnssec_zone_create_nsec3s, or even earlier in: - * ldns_dnssec_zone_sign_nsec3_flg . - */ - if ((on_delegation_point && ( - cur_rrsets->type == LDNS_RR_TYPE_NS - || cur_rrsets->type == LDNS_RR_TYPE_DS)) - || (!on_delegation_point && - cur_rrsets->type != LDNS_RR_TYPE_RRSIG)) { - - types[type_count] = cur_rrsets->type; - type_count++; - } - cur_rrsets = cur_rrsets->next; - } - /* always add rrsig type if this is not an unsigned - * delegation - */ - if (type_count > 0 && - !(type_count == 1 && types[0] == LDNS_RR_TYPE_NS)) { - types[type_count] = LDNS_RR_TYPE_RRSIG; - type_count++; - } - - /* leave next rdata empty if they weren't precomputed yet */ - if (to && to->hashed_name) { - (void) ldns_rr_set_rdf(nsec_rr, - ldns_rdf_clone(to->hashed_name), - 4); - } else { - (void) ldns_rr_set_rdf(nsec_rr, NULL, 4); - } - - ldns_rr_push_rdf(nsec_rr, - ldns_dnssec_create_nsec_bitmap(types, - type_count, - LDNS_RR_TYPE_NSEC3)); - - return nsec_rr; -} - -ldns_rr * -ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs) -{ - /* we do not do any check here - garbage in, garbage out */ - - /* the the start and end names - get the type from the - * before rrlist */ - - /* inefficient, just give it a name, a next name, and a list of rrs */ - /* we make 1 big uberbitmap first, then windows */ - /* todo: make something more efficient :) */ - uint16_t i; - ldns_rr *i_rr; - uint16_t i_type; - - ldns_rr *nsec = NULL; - ldns_rr_type i_type_list[65536]; - size_t type_count = 0; - - nsec = ldns_rr_new(); - ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC); - ldns_rr_set_owner(nsec, ldns_rdf_clone(cur_owner)); - ldns_rr_push_rdf(nsec, ldns_rdf_clone(next_owner)); - - for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { - i_rr = ldns_rr_list_rr(rrs, i); - if (ldns_rdf_compare(cur_owner, - ldns_rr_owner(i_rr)) == 0) { - i_type = ldns_rr_get_type(i_rr); - if (i_type != LDNS_RR_TYPE_RRSIG && i_type != LDNS_RR_TYPE_NSEC) { - if (type_count == 0 || i_type_list[type_count-1] != i_type) { - i_type_list[type_count] = i_type; - type_count++; - } - } - } - } - - i_type_list[type_count] = LDNS_RR_TYPE_RRSIG; - type_count++; - i_type_list[type_count] = LDNS_RR_TYPE_NSEC; - type_count++; - - ldns_rr_push_rdf(nsec, - ldns_dnssec_create_nsec_bitmap(i_type_list, - type_count, LDNS_RR_TYPE_NSEC)); - - return nsec; -} - -ldns_rdf * -ldns_nsec3_hash_name(ldns_rdf *name, - uint8_t algorithm, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt) -{ - size_t hashed_owner_str_len; - ldns_rdf *cann; - ldns_rdf *hashed_owner; - unsigned char *hashed_owner_str; - char *hashed_owner_b32; - size_t hashed_owner_b32_len; - uint32_t cur_it; - /* define to contain the largest possible hash, which is - * sha1 at the moment */ - unsigned char hash[LDNS_SHA1_DIGEST_LENGTH]; - ldns_status status; - - /* TODO: mnemonic list for hash algs SHA-1, default to 1 now (sha1) */ - if (algorithm != LDNS_SHA1) { - return NULL; - } - - /* prepare the owner name according to the draft section bla */ - cann = ldns_rdf_clone(name); - if(!cann) { -#ifdef STDERR_MSGS - fprintf(stderr, "Memory error\n"); -#endif - return NULL; - } - ldns_dname2canonical(cann); - - hashed_owner_str_len = salt_length + ldns_rdf_size(cann); - hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len); - if(!hashed_owner_str) { - ldns_rdf_deep_free(cann); - return NULL; - } - memcpy(hashed_owner_str, ldns_rdf_data(cann), ldns_rdf_size(cann)); - memcpy(hashed_owner_str + ldns_rdf_size(cann), salt, salt_length); - ldns_rdf_deep_free(cann); - - for (cur_it = iterations + 1; cur_it > 0; cur_it--) { - (void) ldns_sha1((unsigned char *) hashed_owner_str, - (unsigned int) hashed_owner_str_len, hash); - - LDNS_FREE(hashed_owner_str); - hashed_owner_str_len = salt_length + LDNS_SHA1_DIGEST_LENGTH; - hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len); - if (!hashed_owner_str) { - return NULL; - } - memcpy(hashed_owner_str, hash, LDNS_SHA1_DIGEST_LENGTH); - memcpy(hashed_owner_str + LDNS_SHA1_DIGEST_LENGTH, salt, salt_length); - hashed_owner_str_len = LDNS_SHA1_DIGEST_LENGTH + salt_length; - } - - LDNS_FREE(hashed_owner_str); - hashed_owner_str = hash; - hashed_owner_str_len = LDNS_SHA1_DIGEST_LENGTH; - - hashed_owner_b32 = LDNS_XMALLOC(char, - ldns_b32_ntop_calculate_size(hashed_owner_str_len) + 1); - if(!hashed_owner_b32) { - return NULL; - } - hashed_owner_b32_len = (size_t) ldns_b32_ntop_extended_hex( - (uint8_t *) hashed_owner_str, - hashed_owner_str_len, - hashed_owner_b32, - ldns_b32_ntop_calculate_size(hashed_owner_str_len)+1); - if (hashed_owner_b32_len < 1) { -#ifdef STDERR_MSGS - fprintf(stderr, "Error in base32 extended hex encoding "); - fprintf(stderr, "of hashed owner name (name: "); - ldns_rdf_print(stderr, name); - fprintf(stderr, ", return code: %u)\n", - (unsigned int) hashed_owner_b32_len); -#endif - LDNS_FREE(hashed_owner_b32); - return NULL; - } - hashed_owner_b32[hashed_owner_b32_len] = '\0'; - - status = ldns_str2rdf_dname(&hashed_owner, hashed_owner_b32); - if (status != LDNS_STATUS_OK) { -#ifdef STDERR_MSGS - fprintf(stderr, "Error creating rdf from %s\n", hashed_owner_b32); -#endif - LDNS_FREE(hashed_owner_b32); - return NULL; - } - - LDNS_FREE(hashed_owner_b32); - return hashed_owner; -} - -void -ldns_nsec3_add_param_rdfs(ldns_rr *rr, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt) -{ - ldns_rdf *salt_rdf = NULL; - uint8_t *salt_data = NULL; - ldns_rdf *old; - - old = ldns_rr_set_rdf(rr, - ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, - 1, (void*)&algorithm), - 0); - if (old) ldns_rdf_deep_free(old); - - old = ldns_rr_set_rdf(rr, - ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, - 1, (void*)&flags), - 1); - if (old) ldns_rdf_deep_free(old); - - old = ldns_rr_set_rdf(rr, - ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, - iterations), - 2); - if (old) ldns_rdf_deep_free(old); - - salt_data = LDNS_XMALLOC(uint8_t, salt_length + 1); - if(!salt_data) { - /* no way to return error */ - return; - } - salt_data[0] = salt_length; - memcpy(salt_data + 1, salt, salt_length); - salt_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT, - salt_length + 1, - salt_data); - if(!salt_rdf) { - LDNS_FREE(salt_data); - /* no way to return error */ - return; - } - - old = ldns_rr_set_rdf(rr, salt_rdf, 3); - if (old) ldns_rdf_deep_free(old); - LDNS_FREE(salt_data); -} - -static int -rr_list_delegation_only(ldns_rdf *origin, ldns_rr_list *rr_list) -{ - size_t i; - ldns_rr *cur_rr; - if (!origin || !rr_list) return 0; - for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { - cur_rr = ldns_rr_list_rr(rr_list, i); - if (ldns_dname_compare(ldns_rr_owner(cur_rr), origin) == 0) { - return 0; - } - if (ldns_rr_get_type(cur_rr) != LDNS_RR_TYPE_NS) { - return 0; - } - } - return 1; -} - -/* this will NOT return the NSEC3 completed, you will have to run the - finalize function on the rrlist later! */ -ldns_rr * -ldns_create_nsec3(ldns_rdf *cur_owner, - ldns_rdf *cur_zone, - ldns_rr_list *rrs, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt, - bool emptynonterminal) -{ - size_t i; - ldns_rr *i_rr; - uint16_t i_type; - - ldns_rr *nsec = NULL; - ldns_rdf *hashed_owner = NULL; - - ldns_status status; - - ldns_rr_type i_type_list[1024]; - size_t type_count = 0; - - hashed_owner = ldns_nsec3_hash_name(cur_owner, - algorithm, - iterations, - salt_length, - salt); - status = ldns_dname_cat(hashed_owner, cur_zone); - if(status != LDNS_STATUS_OK) { - ldns_rdf_deep_free(hashed_owner); - return NULL; - } - nsec = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3); - if(!nsec) { - ldns_rdf_deep_free(hashed_owner); - return NULL; - } - ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC3); - ldns_rr_set_owner(nsec, hashed_owner); - - ldns_nsec3_add_param_rdfs(nsec, - algorithm, - flags, - iterations, - salt_length, - salt); - (void) ldns_rr_set_rdf(nsec, NULL, 4); - - - for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { - i_rr = ldns_rr_list_rr(rrs, i); - if (ldns_rdf_compare(cur_owner, - ldns_rr_owner(i_rr)) == 0) { - i_type = ldns_rr_get_type(i_rr); - if (type_count == 0 || i_type_list[type_count-1] != i_type) { - i_type_list[type_count] = i_type; - type_count++; - } - } - } - - /* add RRSIG anyway, but only if this is not an ENT or - * an unsigned delegation */ - if (!emptynonterminal && !rr_list_delegation_only(cur_zone, rrs)) { - i_type_list[type_count] = LDNS_RR_TYPE_RRSIG; - type_count++; - } - - /* and SOA if owner == zone */ - if (ldns_dname_compare(cur_zone, cur_owner) == 0) { - i_type_list[type_count] = LDNS_RR_TYPE_SOA; - type_count++; - } - - ldns_rr_push_rdf(nsec, - ldns_dnssec_create_nsec_bitmap(i_type_list, - type_count, LDNS_RR_TYPE_NSEC3)); - - return nsec; -} - -uint8_t -ldns_nsec3_algorithm(const ldns_rr *nsec3_rr) -{ - if (nsec3_rr && - (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || - ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) - && (ldns_rr_rdf(nsec3_rr, 0) != NULL) - && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 0)) > 0) { - return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 0)); - } - return 0; -} - -uint8_t -ldns_nsec3_flags(const ldns_rr *nsec3_rr) -{ - if (nsec3_rr && - (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || - ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) - && (ldns_rr_rdf(nsec3_rr, 1) != NULL) - && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 1)) > 0) { - return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 1)); - } - return 0; -} - -bool -ldns_nsec3_optout(const ldns_rr *nsec3_rr) -{ - return (ldns_nsec3_flags(nsec3_rr) & LDNS_NSEC3_VARS_OPTOUT_MASK); -} - -uint16_t -ldns_nsec3_iterations(const ldns_rr *nsec3_rr) -{ - if (nsec3_rr && - (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || - ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) - && (ldns_rr_rdf(nsec3_rr, 2) != NULL) - && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 2)) > 0) { - return ldns_rdf2native_int16(ldns_rr_rdf(nsec3_rr, 2)); - } - return 0; - -} - -ldns_rdf * -ldns_nsec3_salt(const ldns_rr *nsec3_rr) -{ - if (nsec3_rr && - (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || - ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) - ) { - return ldns_rr_rdf(nsec3_rr, 3); - } - return NULL; -} - -uint8_t -ldns_nsec3_salt_length(const ldns_rr *nsec3_rr) -{ - ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr); - if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) { - return (uint8_t) ldns_rdf_data(salt_rdf)[0]; - } - return 0; -} - -/* allocs data, free with LDNS_FREE() */ -uint8_t * -ldns_nsec3_salt_data(const ldns_rr *nsec3_rr) -{ - uint8_t salt_length; - uint8_t *salt; - - ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr); - if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) { - salt_length = ldns_rdf_data(salt_rdf)[0]; - salt = LDNS_XMALLOC(uint8_t, salt_length); - if(!salt) return NULL; - memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length); - return salt; - } - return NULL; -} - -ldns_rdf * -ldns_nsec3_next_owner(const ldns_rr *nsec3_rr) -{ - if (!nsec3_rr || ldns_rr_get_type(nsec3_rr) != LDNS_RR_TYPE_NSEC3) { - return NULL; - } else { - return ldns_rr_rdf(nsec3_rr, 4); - } -} - -ldns_rdf * -ldns_nsec3_bitmap(const ldns_rr *nsec3_rr) -{ - if (!nsec3_rr || ldns_rr_get_type(nsec3_rr) != LDNS_RR_TYPE_NSEC3) { - return NULL; - } else { - return ldns_rr_rdf(nsec3_rr, 5); - } -} - -ldns_rdf * -ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name) -{ - uint8_t algorithm; - uint16_t iterations; - uint8_t salt_length; - uint8_t *salt = 0; - - ldns_rdf *hashed_owner; - - algorithm = ldns_nsec3_algorithm(nsec); - salt_length = ldns_nsec3_salt_length(nsec); - salt = ldns_nsec3_salt_data(nsec); - iterations = ldns_nsec3_iterations(nsec); - - hashed_owner = ldns_nsec3_hash_name(name, - algorithm, - iterations, - salt_length, - salt); - - LDNS_FREE(salt); - return hashed_owner; -} - -bool -ldns_nsec_bitmap_covers_type(const ldns_rdf* bitmap, ldns_rr_type type) -{ - uint8_t* dptr; - uint8_t* dend; - - /* From RFC3845 Section 2.1.2: - * - * "The RR type space is split into 256 window blocks, each re- - * presenting the low-order 8 bits of the 16-bit RR type space." - */ - uint8_t window = type >> 8; - uint8_t subtype = type & 0xff; - - if (! bitmap) { - return false; - } - assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP); - - dptr = ldns_rdf_data(bitmap); - dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap); - - /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) + - * dptr[0] dptr[1] dptr[2:] - */ - while (dptr < dend && dptr[0] <= window) { - - if (dptr[0] == window && subtype / 8 < dptr[1] && - dptr + dptr[1] + 2 <= dend) { - - return dptr[2 + subtype / 8] & (0x80 >> (subtype % 8)); - } - dptr += dptr[1] + 2; /* next window */ - } - return false; -} - -ldns_status -ldns_nsec_bitmap_set_type(ldns_rdf* bitmap, ldns_rr_type type) -{ - uint8_t* dptr; - uint8_t* dend; - - /* From RFC3845 Section 2.1.2: - * - * "The RR type space is split into 256 window blocks, each re- - * presenting the low-order 8 bits of the 16-bit RR type space." - */ - uint8_t window = type >> 8; - uint8_t subtype = type & 0xff; - - if (! bitmap) { - return false; - } - assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP); - - dptr = ldns_rdf_data(bitmap); - dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap); - - /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) + - * dptr[0] dptr[1] dptr[2:] - */ - while (dptr < dend && dptr[0] <= window) { - - if (dptr[0] == window && subtype / 8 < dptr[1] && - dptr + dptr[1] + 2 <= dend) { - - dptr[2 + subtype / 8] |= (0x80 >> (subtype % 8)); - return LDNS_STATUS_OK; - } - dptr += dptr[1] + 2; /* next window */ - } - return LDNS_STATUS_TYPE_NOT_IN_BITMAP; -} - -ldns_status -ldns_nsec_bitmap_clear_type(ldns_rdf* bitmap, ldns_rr_type type) -{ - uint8_t* dptr; - uint8_t* dend; - - /* From RFC3845 Section 2.1.2: - * - * "The RR type space is split into 256 window blocks, each re- - * presenting the low-order 8 bits of the 16-bit RR type space." - */ - uint8_t window = type >> 8; - uint8_t subtype = type & 0xff; - - if (! bitmap) { - return false; - } - - assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP); - - dptr = ldns_rdf_data(bitmap); - dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap); - - /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) + - * dptr[0] dptr[1] dptr[2:] - */ - while (dptr < dend && dptr[0] <= window) { - - if (dptr[0] == window && subtype / 8 < dptr[1] && - dptr + dptr[1] + 2 <= dend) { - - dptr[2 + subtype / 8] &= ~(0x80 >> (subtype % 8)); - return LDNS_STATUS_OK; - } - dptr += dptr[1] + 2; /* next window */ - } - return LDNS_STATUS_TYPE_NOT_IN_BITMAP; -} - - -bool -ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name) -{ - ldns_rdf *nsec_owner = ldns_rr_owner(nsec); - ldns_rdf *hash_next; - char *next_hash_str; - ldns_rdf *nsec_next = NULL; - ldns_status status; - ldns_rdf *chopped_dname; - bool result; - - if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC) { - if (ldns_rr_rdf(nsec, 0) != NULL) { - nsec_next = ldns_rdf_clone(ldns_rr_rdf(nsec, 0)); - } else { - return false; - } - } else if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC3) { - hash_next = ldns_nsec3_next_owner(nsec); - next_hash_str = ldns_rdf2str(hash_next); - nsec_next = ldns_dname_new_frm_str(next_hash_str); - LDNS_FREE(next_hash_str); - chopped_dname = ldns_dname_left_chop(nsec_owner); - status = ldns_dname_cat(nsec_next, chopped_dname); - ldns_rdf_deep_free(chopped_dname); - if (status != LDNS_STATUS_OK) { - printf("error catting: %s\n", ldns_get_errorstr_by_id(status)); - } - } else { - ldns_rdf_deep_free(nsec_next); - return false; - } - - /* in the case of the last nsec */ - if(ldns_dname_compare(nsec_owner, nsec_next) > 0) { - result = (ldns_dname_compare(nsec_owner, name) <= 0 || - ldns_dname_compare(name, nsec_next) < 0); - } else if(ldns_dname_compare(nsec_owner, nsec_next) < 0) { - result = (ldns_dname_compare(nsec_owner, name) <= 0 && - ldns_dname_compare(name, nsec_next) < 0); - } else { - result = true; - } - - ldns_rdf_deep_free(nsec_next); - return result; -} - -#ifdef HAVE_SSL -/* sig may be null - if so look in the packet */ - -ldns_status -ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, - ldns_rr_list *k, ldns_rr_list *s, - time_t check_time, ldns_rr_list *good_keys) -{ - ldns_rr_list *rrset; - ldns_rr_list *sigs; - ldns_rr_list *sigs_covered; - ldns_rdf *rdf_t; - ldns_rr_type t_netorder; - - if (!k) { - return LDNS_STATUS_ERR; - /* return LDNS_STATUS_CRYPTO_NO_DNSKEY; */ - } - - if (t == LDNS_RR_TYPE_RRSIG) { - /* we don't have RRSIG(RRSIG) (yet? ;-) ) */ - return LDNS_STATUS_ERR; - } - - if (s) { - /* if s is not NULL, the sigs are given to use */ - sigs = s; - } else { - /* otherwise get them from the packet */ - sigs = ldns_pkt_rr_list_by_name_and_type(p, o, - LDNS_RR_TYPE_RRSIG, - LDNS_SECTION_ANY_NOQUESTION); - if (!sigs) { - /* no sigs */ - return LDNS_STATUS_ERR; - /* return LDNS_STATUS_CRYPTO_NO_RRSIG; */ - } - } - - /* rrsig are subtyped, so now we need to find the correct - * sigs for the type t - */ - t_netorder = htons(t); /* rdf are in network order! */ - /* a type identifier is a 16-bit number, so the size is 2 bytes */ - rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, 2, &t_netorder); - - sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0); - ldns_rdf_free(rdf_t); - if (! sigs_covered) { - if (! s) { - ldns_rr_list_deep_free(sigs); - } - return LDNS_STATUS_ERR; - } - ldns_rr_list_deep_free(sigs_covered); - - rrset = ldns_pkt_rr_list_by_name_and_type(p, o, t, - LDNS_SECTION_ANY_NOQUESTION); - if (!rrset) { - if (! s) { - ldns_rr_list_deep_free(sigs); - } - return LDNS_STATUS_ERR; - } - return ldns_verify_time(rrset, sigs, k, check_time, good_keys); -} - -ldns_status -ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, - ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys) -{ - return ldns_pkt_verify_time(p, t, o, k, s, ldns_time(NULL), good_keys); -} -#endif /* HAVE_SSL */ - -ldns_status -ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs) -{ - size_t i; - char *next_nsec_owner_str; - ldns_rdf *next_nsec_owner_label; - ldns_rdf *next_nsec_rdf; - ldns_status status = LDNS_STATUS_OK; - - for (i = 0; i < ldns_rr_list_rr_count(nsec3_rrs); i++) { - if (i == ldns_rr_list_rr_count(nsec3_rrs) - 1) { - next_nsec_owner_label = - ldns_dname_label(ldns_rr_owner(ldns_rr_list_rr(nsec3_rrs, - 0)), 0); - next_nsec_owner_str = ldns_rdf2str(next_nsec_owner_label); - if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] - == '.') { - next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] - = '\0'; - } - status = ldns_str2rdf_b32_ext(&next_nsec_rdf, - next_nsec_owner_str); - if (!ldns_rr_set_rdf(ldns_rr_list_rr(nsec3_rrs, i), - next_nsec_rdf, 4)) { - /* todo: error */ - } - - ldns_rdf_deep_free(next_nsec_owner_label); - LDNS_FREE(next_nsec_owner_str); - } else { - next_nsec_owner_label = - ldns_dname_label(ldns_rr_owner(ldns_rr_list_rr(nsec3_rrs, - i + 1)), - 0); - next_nsec_owner_str = ldns_rdf2str(next_nsec_owner_label); - if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] - == '.') { - next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] - = '\0'; - } - status = ldns_str2rdf_b32_ext(&next_nsec_rdf, - next_nsec_owner_str); - ldns_rdf_deep_free(next_nsec_owner_label); - LDNS_FREE(next_nsec_owner_str); - if (!ldns_rr_set_rdf(ldns_rr_list_rr(nsec3_rrs, i), - next_nsec_rdf, 4)) { - /* todo: error */ - } - } - } - return status; -} - -int -qsort_rr_compare_nsec3(const void *a, const void *b) -{ - const ldns_rr *rr1 = * (const ldns_rr **) a; - const ldns_rr *rr2 = * (const ldns_rr **) b; - if (rr1 == NULL && rr2 == NULL) { - return 0; - } - if (rr1 == NULL) { - return -1; - } - if (rr2 == NULL) { - return 1; - } - return ldns_rdf_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)); -} - -void -ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted) -{ - qsort(unsorted->_rrs, - ldns_rr_list_rr_count(unsorted), - sizeof(ldns_rr *), - qsort_rr_compare_nsec3); -} - -int -ldns_dnssec_default_add_to_signatures( ATTR_UNUSED(ldns_rr *sig) - , ATTR_UNUSED(void *n) - ) -{ - return LDNS_SIGNATURE_LEAVE_ADD_NEW; -} - -int -ldns_dnssec_default_leave_signatures( ATTR_UNUSED(ldns_rr *sig) - , ATTR_UNUSED(void *n) - ) -{ - return LDNS_SIGNATURE_LEAVE_NO_ADD; -} - -int -ldns_dnssec_default_delete_signatures( ATTR_UNUSED(ldns_rr *sig) - , ATTR_UNUSED(void *n) - ) -{ - return LDNS_SIGNATURE_REMOVE_NO_ADD; -} - -int -ldns_dnssec_default_replace_signatures( ATTR_UNUSED(ldns_rr *sig) - , ATTR_UNUSED(void *n) - ) -{ - return LDNS_SIGNATURE_REMOVE_ADD_NEW; -} - -#ifdef HAVE_SSL -ldns_rdf * -ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig, - const long sig_len) -{ - ldns_rdf *sigdata_rdf; - DSA_SIG *dsasig; - unsigned char *dsasig_data = (unsigned char*)ldns_buffer_begin(sig); - size_t byte_offset; - - dsasig = d2i_DSA_SIG(NULL, - (const unsigned char **)&dsasig_data, - sig_len); - if (!dsasig) { - DSA_SIG_free(dsasig); - return NULL; - } - - dsasig_data = LDNS_XMALLOC(unsigned char, 41); - if(!dsasig_data) { - DSA_SIG_free(dsasig); - return NULL; - } - dsasig_data[0] = 0; - byte_offset = (size_t) (20 - BN_num_bytes(dsasig->r)); - if (byte_offset > 20) { - DSA_SIG_free(dsasig); - LDNS_FREE(dsasig_data); - return NULL; - } - memset(&dsasig_data[1], 0, byte_offset); - BN_bn2bin(dsasig->r, &dsasig_data[1 + byte_offset]); - byte_offset = (size_t) (20 - BN_num_bytes(dsasig->s)); - if (byte_offset > 20) { - DSA_SIG_free(dsasig); - LDNS_FREE(dsasig_data); - return NULL; - } - memset(&dsasig_data[21], 0, byte_offset); - BN_bn2bin(dsasig->s, &dsasig_data[21 + byte_offset]); - - sigdata_rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, 41, dsasig_data); - if(!sigdata_rdf) { - LDNS_FREE(dsasig_data); - } - DSA_SIG_free(dsasig); - - return sigdata_rdf; -} - -ldns_status -ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, - const ldns_rdf *sig_rdf) -{ - /* the EVP api wants the DER encoding of the signature... */ - BIGNUM *R, *S; - DSA_SIG *dsasig; - unsigned char *raw_sig = NULL; - int raw_sig_len; - - if(ldns_rdf_size(sig_rdf) < 1 + 2*SHA_DIGEST_LENGTH) - return LDNS_STATUS_SYNTAX_RDATA_ERR; - /* extract the R and S field from the sig buffer */ - R = BN_new(); - if(!R) return LDNS_STATUS_MEM_ERR; - (void) BN_bin2bn((unsigned char *) ldns_rdf_data(sig_rdf) + 1, - SHA_DIGEST_LENGTH, R); - S = BN_new(); - if(!S) { - BN_free(R); - return LDNS_STATUS_MEM_ERR; - } - (void) BN_bin2bn((unsigned char *) ldns_rdf_data(sig_rdf) + 21, - SHA_DIGEST_LENGTH, S); - - dsasig = DSA_SIG_new(); - if (!dsasig) { - BN_free(R); - BN_free(S); - return LDNS_STATUS_MEM_ERR; - } - - dsasig->r = R; - dsasig->s = S; - - raw_sig_len = i2d_DSA_SIG(dsasig, &raw_sig); - if (raw_sig_len < 0) { - DSA_SIG_free(dsasig); - free(raw_sig); - return LDNS_STATUS_SSL_ERR; - } - if (ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) { - ldns_buffer_write(target_buffer, raw_sig, (size_t)raw_sig_len); - } - - DSA_SIG_free(dsasig); - free(raw_sig); - - return ldns_buffer_status(target_buffer); -} - -#ifdef USE_ECDSA -#ifndef S_SPLINT_S -ldns_rdf * -ldns_convert_ecdsa_rrsig_asn12rdf(const ldns_buffer *sig, const long sig_len) -{ - ECDSA_SIG* ecdsa_sig; - unsigned char *data = (unsigned char*)ldns_buffer_begin(sig); - ldns_rdf* rdf; - ecdsa_sig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&data, sig_len); - if(!ecdsa_sig) return NULL; - - /* "r | s". */ - data = LDNS_XMALLOC(unsigned char, - BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s)); - if(!data) { - ECDSA_SIG_free(ecdsa_sig); - return NULL; - } - BN_bn2bin(ecdsa_sig->r, data); - BN_bn2bin(ecdsa_sig->s, data+BN_num_bytes(ecdsa_sig->r)); - rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, (size_t)( - BN_num_bytes(ecdsa_sig->r) + BN_num_bytes(ecdsa_sig->s)), data); - ECDSA_SIG_free(ecdsa_sig); - return rdf; -} - -ldns_status -ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, - const ldns_rdf *sig_rdf) -{ - ECDSA_SIG* sig; - int raw_sig_len; - long bnsize = (long)ldns_rdf_size(sig_rdf) / 2; - /* if too short, or not even length, do not bother */ - if(bnsize < 16 || (size_t)bnsize*2 != ldns_rdf_size(sig_rdf)) - return LDNS_STATUS_ERR; - - /* use the raw data to parse two evenly long BIGNUMs, "r | s". */ - sig = ECDSA_SIG_new(); - if(!sig) return LDNS_STATUS_MEM_ERR; - sig->r = BN_bin2bn((const unsigned char*)ldns_rdf_data(sig_rdf), - bnsize, sig->r); - sig->s = BN_bin2bn((const unsigned char*)ldns_rdf_data(sig_rdf)+bnsize, - bnsize, sig->s); - if(!sig->r || !sig->s) { - ECDSA_SIG_free(sig); - return LDNS_STATUS_MEM_ERR; - } - - raw_sig_len = i2d_ECDSA_SIG(sig, NULL); - if (ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) { - unsigned char* pp = (unsigned char*) - ldns_buffer_current(target_buffer); - raw_sig_len = i2d_ECDSA_SIG(sig, &pp); - ldns_buffer_skip(target_buffer, (ssize_t) raw_sig_len); - } - ECDSA_SIG_free(sig); - - return ldns_buffer_status(target_buffer); -} - -#endif /* S_SPLINT_S */ -#endif /* USE_ECDSA */ -#endif /* HAVE_SSL */ diff --git a/src/ldns/dnssec_sign.c b/src/ldns/dnssec_sign.c deleted file mode 100644 index 4af882a..0000000 --- a/src/ldns/dnssec_sign.c +++ /dev/null @@ -1,1456 +0,0 @@ -#include - -#include - -#include -#include - -#include -#include - -#ifdef HAVE_SSL -/* this entire file is rather useless when you don't have - * crypto... - */ -#include -#include -#include -#include -#include -#endif /* HAVE_SSL */ - -ldns_rr * -ldns_create_empty_rrsig(ldns_rr_list *rrset, - ldns_key *current_key) -{ - uint32_t orig_ttl; - ldns_rr_class orig_class; - time_t now; - ldns_rr *current_sig; - uint8_t label_count; - ldns_rdf *signame; - - label_count = ldns_dname_label_count(ldns_rr_owner(ldns_rr_list_rr(rrset, - 0))); - /* RFC4035 2.2: not counting the leftmost label if it is a wildcard */ - if(ldns_dname_is_wildcard(ldns_rr_owner(ldns_rr_list_rr(rrset, 0)))) - label_count --; - - current_sig = ldns_rr_new_frm_type(LDNS_RR_TYPE_RRSIG); - - /* set the type on the new signature */ - orig_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrset, 0)); - orig_class = ldns_rr_get_class(ldns_rr_list_rr(rrset, 0)); - - ldns_rr_set_ttl(current_sig, orig_ttl); - ldns_rr_set_class(current_sig, orig_class); - ldns_rr_set_owner(current_sig, - ldns_rdf_clone( - ldns_rr_owner( - ldns_rr_list_rr(rrset, - 0)))); - - /* fill in what we know of the signature */ - - /* set the orig_ttl */ - (void)ldns_rr_rrsig_set_origttl( - current_sig, - ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, - orig_ttl)); - /* the signers name */ - signame = ldns_rdf_clone(ldns_key_pubkey_owner(current_key)); - ldns_dname2canonical(signame); - (void)ldns_rr_rrsig_set_signame( - current_sig, - signame); - /* label count - get it from the first rr in the rr_list */ - (void)ldns_rr_rrsig_set_labels( - current_sig, - ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, - label_count)); - /* inception, expiration */ - now = time(NULL); - if (ldns_key_inception(current_key) != 0) { - (void)ldns_rr_rrsig_set_inception( - current_sig, - ldns_native2rdf_int32( - LDNS_RDF_TYPE_TIME, - ldns_key_inception(current_key))); - } else { - (void)ldns_rr_rrsig_set_inception( - current_sig, - ldns_native2rdf_int32(LDNS_RDF_TYPE_TIME, now)); - } - if (ldns_key_expiration(current_key) != 0) { - (void)ldns_rr_rrsig_set_expiration( - current_sig, - ldns_native2rdf_int32( - LDNS_RDF_TYPE_TIME, - ldns_key_expiration(current_key))); - } else { - (void)ldns_rr_rrsig_set_expiration( - current_sig, - ldns_native2rdf_int32( - LDNS_RDF_TYPE_TIME, - now + LDNS_DEFAULT_EXP_TIME)); - } - - (void)ldns_rr_rrsig_set_keytag( - current_sig, - ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, - ldns_key_keytag(current_key))); - - (void)ldns_rr_rrsig_set_algorithm( - current_sig, - ldns_native2rdf_int8( - LDNS_RDF_TYPE_ALG, - ldns_key_algorithm(current_key))); - - (void)ldns_rr_rrsig_set_typecovered( - current_sig, - ldns_native2rdf_int16( - LDNS_RDF_TYPE_TYPE, - ldns_rr_get_type(ldns_rr_list_rr(rrset, - 0)))); - return current_sig; -} - -#ifdef HAVE_SSL -ldns_rdf * -ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key) -{ - ldns_rdf *b64rdf = NULL; - - switch(ldns_key_algorithm(current_key)) { - case LDNS_SIGN_DSA: - case LDNS_SIGN_DSA_NSEC3: - b64rdf = ldns_sign_public_evp( - sign_buf, - ldns_key_evp_key(current_key), - EVP_dss1()); - break; - case LDNS_SIGN_RSASHA1: - case LDNS_SIGN_RSASHA1_NSEC3: - b64rdf = ldns_sign_public_evp( - sign_buf, - ldns_key_evp_key(current_key), - EVP_sha1()); - break; -#ifdef USE_SHA2 - case LDNS_SIGN_RSASHA256: - b64rdf = ldns_sign_public_evp( - sign_buf, - ldns_key_evp_key(current_key), - EVP_sha256()); - break; - case LDNS_SIGN_RSASHA512: - b64rdf = ldns_sign_public_evp( - sign_buf, - ldns_key_evp_key(current_key), - EVP_sha512()); - break; -#endif /* USE_SHA2 */ -#ifdef USE_GOST - case LDNS_SIGN_ECC_GOST: - b64rdf = ldns_sign_public_evp( - sign_buf, - ldns_key_evp_key(current_key), - EVP_get_digestbyname("md_gost94")); - break; -#endif /* USE_GOST */ -#ifdef USE_ECDSA - case LDNS_SIGN_ECDSAP256SHA256: - b64rdf = ldns_sign_public_evp( - sign_buf, - ldns_key_evp_key(current_key), - EVP_sha256()); - break; - case LDNS_SIGN_ECDSAP384SHA384: - b64rdf = ldns_sign_public_evp( - sign_buf, - ldns_key_evp_key(current_key), - EVP_sha384()); - break; -#endif - case LDNS_SIGN_RSAMD5: - b64rdf = ldns_sign_public_evp( - sign_buf, - ldns_key_evp_key(current_key), - EVP_md5()); - break; - default: - /* do _you_ know this alg? */ - printf("unknown algorithm, "); - printf("is the one used available on this system?\n"); - break; - } - - return b64rdf; -} - -/** - * use this function to sign with a public/private key alg - * return the created signatures - */ -ldns_rr_list * -ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys) -{ - ldns_rr_list *signatures; - ldns_rr_list *rrset_clone; - ldns_rr *current_sig; - ldns_rdf *b64rdf; - ldns_key *current_key; - size_t key_count; - uint16_t i; - ldns_buffer *sign_buf; - ldns_rdf *new_owner; - - if (!rrset || ldns_rr_list_rr_count(rrset) < 1 || !keys) { - return NULL; - } - - new_owner = NULL; - - signatures = ldns_rr_list_new(); - - /* prepare a signature and add all the know data - * prepare the rrset. Sign this together. */ - rrset_clone = ldns_rr_list_clone(rrset); - if (!rrset_clone) { - return NULL; - } - - /* make it canonical */ - for(i = 0; i < ldns_rr_list_rr_count(rrset_clone); i++) { - ldns_rr_set_ttl(ldns_rr_list_rr(rrset_clone, i), - ldns_rr_ttl(ldns_rr_list_rr(rrset, 0))); - ldns_rr2canonical(ldns_rr_list_rr(rrset_clone, i)); - } - /* sort */ - ldns_rr_list_sort(rrset_clone); - - for (key_count = 0; - key_count < ldns_key_list_key_count(keys); - key_count++) { - if (!ldns_key_use(ldns_key_list_key(keys, key_count))) { - continue; - } - sign_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); - if (!sign_buf) { - ldns_rr_list_free(rrset_clone); - ldns_rr_list_free(signatures); - ldns_rdf_free(new_owner); - return NULL; - } - b64rdf = NULL; - - current_key = ldns_key_list_key(keys, key_count); - /* sign all RRs with keys that have ZSKbit, !SEPbit. - sign DNSKEY RRs with keys that have ZSKbit&SEPbit */ - if (ldns_key_flags(current_key) & LDNS_KEY_ZONE_KEY) { - current_sig = ldns_create_empty_rrsig(rrset_clone, - current_key); - - /* right now, we have: a key, a semi-sig and an rrset. For - * which we can create the sig and base64 encode that and - * add that to the signature */ - - if (ldns_rrsig2buffer_wire(sign_buf, current_sig) - != LDNS_STATUS_OK) { - ldns_buffer_free(sign_buf); - /* ERROR */ - ldns_rr_list_deep_free(rrset_clone); - ldns_rr_free(current_sig); - ldns_rr_list_deep_free(signatures); - return NULL; - } - - /* add the rrset in sign_buf */ - if (ldns_rr_list2buffer_wire(sign_buf, rrset_clone) - != LDNS_STATUS_OK) { - ldns_buffer_free(sign_buf); - ldns_rr_list_deep_free(rrset_clone); - ldns_rr_free(current_sig); - ldns_rr_list_deep_free(signatures); - return NULL; - } - - b64rdf = ldns_sign_public_buffer(sign_buf, current_key); - - if (!b64rdf) { - /* signing went wrong */ - ldns_rr_list_deep_free(rrset_clone); - ldns_rr_free(current_sig); - ldns_rr_list_deep_free(signatures); - return NULL; - } - - ldns_rr_rrsig_set_sig(current_sig, b64rdf); - - /* push the signature to the signatures list */ - ldns_rr_list_push_rr(signatures, current_sig); - } - ldns_buffer_free(sign_buf); /* restart for the next key */ - } - ldns_rr_list_deep_free(rrset_clone); - - return signatures; -} - -/** - * Sign data with DSA - * - * \param[in] to_sign The ldns_buffer containing raw data that is - * to be signed - * \param[in] key The DSA key structure to sign with - * \return ldns_rdf for the RRSIG ldns_rr - */ -ldns_rdf * -ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key) -{ - unsigned char *sha1_hash; - ldns_rdf *sigdata_rdf; - ldns_buffer *b64sig; - - DSA_SIG *sig; - uint8_t *data; - size_t pad; - - b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); - if (!b64sig) { - return NULL; - } - - sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign), - ldns_buffer_position(to_sign), NULL); - if (!sha1_hash) { - ldns_buffer_free(b64sig); - return NULL; - } - - sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key); - if(!sig) { - ldns_buffer_free(b64sig); - return NULL; - } - - data = LDNS_XMALLOC(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH); - if(!data) { - ldns_buffer_free(b64sig); - DSA_SIG_free(sig); - return NULL; - } - - data[0] = 1; - pad = 20 - (size_t) BN_num_bytes(sig->r); - if (pad > 0) { - memset(data + 1, 0, pad); - } - BN_bn2bin(sig->r, (unsigned char *) (data + 1) + pad); - - pad = 20 - (size_t) BN_num_bytes(sig->s); - if (pad > 0) { - memset(data + 1 + SHA_DIGEST_LENGTH, 0, pad); - } - BN_bn2bin(sig->s, (unsigned char *) (data + 1 + SHA_DIGEST_LENGTH + pad)); - - sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, - 1 + 2 * SHA_DIGEST_LENGTH, - data); - - ldns_buffer_free(b64sig); - LDNS_FREE(data); - DSA_SIG_free(sig); - - return sigdata_rdf; -} - -#ifdef USE_ECDSA -#ifndef S_SPLINT_S -static int -ldns_pkey_is_ecdsa(EVP_PKEY* pkey) -{ - EC_KEY* ec; - const EC_GROUP* g; - if(EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) - return 0; - ec = EVP_PKEY_get1_EC_KEY(pkey); - g = EC_KEY_get0_group(ec); - if(!g) { - EC_KEY_free(ec); - return 0; - } - if(EC_GROUP_get_curve_name(g) == NID_secp224r1 || - EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1 || - EC_GROUP_get_curve_name(g) == NID_secp384r1) { - EC_KEY_free(ec); - return 1; - } - /* downref the eckey, the original is still inside the pkey */ - EC_KEY_free(ec); - return 0; -} -#endif /* splint */ -#endif /* USE_ECDSA */ - -ldns_rdf * -ldns_sign_public_evp(ldns_buffer *to_sign, - EVP_PKEY *key, - const EVP_MD *digest_type) -{ - unsigned int siglen; - ldns_rdf *sigdata_rdf; - ldns_buffer *b64sig; - EVP_MD_CTX ctx; - const EVP_MD *md_type; - int r; - - siglen = 0; - b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); - if (!b64sig) { - return NULL; - } - - /* initializes a signing context */ - md_type = digest_type; - if(!md_type) { - /* unknown message difest */ - ldns_buffer_free(b64sig); - return NULL; - } - - EVP_MD_CTX_init(&ctx); - r = EVP_SignInit(&ctx, md_type); - if(r == 1) { - r = EVP_SignUpdate(&ctx, (unsigned char*) - ldns_buffer_begin(to_sign), - ldns_buffer_position(to_sign)); - } else { - ldns_buffer_free(b64sig); - return NULL; - } - if(r == 1) { - r = EVP_SignFinal(&ctx, (unsigned char*) - ldns_buffer_begin(b64sig), &siglen, key); - } else { - ldns_buffer_free(b64sig); - return NULL; - } - if(r != 1) { - ldns_buffer_free(b64sig); - return NULL; - } - - /* unfortunately, OpenSSL output is differenct from DNS DSA format */ -#ifndef S_SPLINT_S - if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) { - sigdata_rdf = ldns_convert_dsa_rrsig_asn12rdf(b64sig, siglen); -#ifdef USE_ECDSA - } else if(EVP_PKEY_type(key->type) == EVP_PKEY_EC && - ldns_pkey_is_ecdsa(key)) { - sigdata_rdf = ldns_convert_ecdsa_rrsig_asn12rdf(b64sig, siglen); -#endif - } else { - /* ok output for other types is the same */ - sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, - ldns_buffer_begin(b64sig)); - } -#endif /* splint */ - ldns_buffer_free(b64sig); - EVP_MD_CTX_cleanup(&ctx); - return sigdata_rdf; -} - -ldns_rdf * -ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key) -{ - unsigned char *sha1_hash; - unsigned int siglen; - ldns_rdf *sigdata_rdf; - ldns_buffer *b64sig; - int result; - - siglen = 0; - b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); - if (!b64sig) { - return NULL; - } - - sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign), - ldns_buffer_position(to_sign), NULL); - if (!sha1_hash) { - ldns_buffer_free(b64sig); - return NULL; - } - - result = RSA_sign(NID_sha1, sha1_hash, SHA_DIGEST_LENGTH, - (unsigned char*)ldns_buffer_begin(b64sig), - &siglen, key); - if (result != 1) { - ldns_buffer_free(b64sig); - return NULL; - } - - sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, - ldns_buffer_begin(b64sig)); - ldns_buffer_free(b64sig); /* can't free this buffer ?? */ - return sigdata_rdf; -} - -ldns_rdf * -ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key) -{ - unsigned char *md5_hash; - unsigned int siglen; - ldns_rdf *sigdata_rdf; - ldns_buffer *b64sig; - - b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); - if (!b64sig) { - return NULL; - } - - md5_hash = MD5((unsigned char*)ldns_buffer_begin(to_sign), - ldns_buffer_position(to_sign), NULL); - if (!md5_hash) { - ldns_buffer_free(b64sig); - return NULL; - } - - RSA_sign(NID_md5, md5_hash, MD5_DIGEST_LENGTH, - (unsigned char*)ldns_buffer_begin(b64sig), - &siglen, key); - - sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, - ldns_buffer_begin(b64sig)); - ldns_buffer_free(b64sig); - return sigdata_rdf; -} -#endif /* HAVE_SSL */ - -/** - * Pushes all rrs from the rrsets of type A and AAAA on gluelist. - */ -static ldns_status -ldns_dnssec_addresses_on_glue_list( - ldns_dnssec_rrsets *cur_rrset, - ldns_rr_list *glue_list) -{ - ldns_dnssec_rrs *cur_rrs; - while (cur_rrset) { - if (cur_rrset->type == LDNS_RR_TYPE_A - || cur_rrset->type == LDNS_RR_TYPE_AAAA) { - for (cur_rrs = cur_rrset->rrs; - cur_rrs; - cur_rrs = cur_rrs->next) { - if (cur_rrs->rr) { - if (!ldns_rr_list_push_rr(glue_list, - cur_rrs->rr)) { - return LDNS_STATUS_MEM_ERR; - /* ldns_rr_list_push_rr() - * returns false when unable - * to increase the capacity - * of the ldsn_rr_list - */ - } - } - } - } - cur_rrset = cur_rrset->next; - } - return LDNS_STATUS_OK; -} - -/** - * Marks the names in the zone that are occluded. Those names will be skipped - * when walking the tree with the ldns_dnssec_name_node_next_nonglue() - * function. But watch out! Names that are partially occluded (like glue with - * the same name as the delegation) will not be marked and should specifically - * be taken into account separately. - * - * When glue_list is given (not NULL), in the process of marking the names, all - * glue resource records will be pushed to that list, even glue at delegation names. - * - * \param[in] zone the zone in which to mark the names - * \param[in] glue_list the list to which to push the glue rrs - * \return LDNS_STATUS_OK on success, an error code otherwise - */ -ldns_status -ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone, - ldns_rr_list *glue_list) -{ - ldns_rbnode_t *node; - ldns_dnssec_name *name; - ldns_rdf *owner; - ldns_rdf *cut = NULL; /* keeps track of zone cuts */ - /* When the cut is caused by a delegation, below_delegation will be 1. - * When caused by a DNAME, below_delegation will be 0. - */ - int below_delegation = -1; /* init suppresses comiler warning */ - ldns_status s; - - if (!zone || !zone->names) { - return LDNS_STATUS_NULL; - } - for (node = ldns_rbtree_first(zone->names); - node != LDNS_RBTREE_NULL; - node = ldns_rbtree_next(node)) { - name = (ldns_dnssec_name *) node->data; - owner = ldns_dnssec_name_name(name); - - if (cut) { - /* The previous node was a zone cut, or a subdomain - * below a zone cut. Is this node (still) a subdomain - * below the cut? Then the name is occluded. Unless - * the name contains a SOA, after which we are - * authoritative again. - * - * FIXME! If there are labels in between the SOA and - * the cut, going from the authoritative space (below - * the SOA) up into occluded space again, will not be - * detected with the contruct below! - */ - if (ldns_dname_is_subdomain(owner, cut) && - !ldns_dnssec_rrsets_contains_type( - name->rrsets, LDNS_RR_TYPE_SOA)) { - - if (below_delegation && glue_list) { - s = ldns_dnssec_addresses_on_glue_list( - name->rrsets, glue_list); - if (s != LDNS_STATUS_OK) { - return s; - } - } - name->is_glue = true; /* Mark occluded name! */ - continue; - } else { - cut = NULL; - } - } - - /* The node is not below a zone cut. Is it a zone cut itself? - * Everything below a SOA is authoritative of course; Except - * when the name also contains a DNAME :). - */ - if (ldns_dnssec_rrsets_contains_type( - name->rrsets, LDNS_RR_TYPE_NS) - && !ldns_dnssec_rrsets_contains_type( - name->rrsets, LDNS_RR_TYPE_SOA)) { - cut = owner; - below_delegation = 1; - if (glue_list) { /* record glue on the zone cut */ - s = ldns_dnssec_addresses_on_glue_list( - name->rrsets, glue_list); - if (s != LDNS_STATUS_OK) { - return s; - } - } - } else if (ldns_dnssec_rrsets_contains_type( - name->rrsets, LDNS_RR_TYPE_DNAME)) { - cut = owner; - below_delegation = 0; - } - } - return LDNS_STATUS_OK; -} - -/** - * Marks the names in the zone that are occluded. Those names will be skipped - * when walking the tree with the ldns_dnssec_name_node_next_nonglue() - * function. But watch out! Names that are partially occluded (like glue with - * the same name as the delegation) will not be marked and should specifically - * be taken into account separately. - * - * \param[in] zone the zone in which to mark the names - * \return LDNS_STATUS_OK on success, an error code otherwise - */ -ldns_status -ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone) -{ - return ldns_dnssec_zone_mark_and_get_glue(zone, NULL); -} - -ldns_rbnode_t * -ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node) -{ - ldns_rbnode_t *next_node = NULL; - ldns_dnssec_name *next_name = NULL; - bool done = false; - - if (node == LDNS_RBTREE_NULL) { - return NULL; - } - next_node = node; - while (!done) { - if (next_node == LDNS_RBTREE_NULL) { - return NULL; - } else { - next_name = (ldns_dnssec_name *)next_node->data; - if (!next_name->is_glue) { - done = true; - } else { - next_node = ldns_rbtree_next(next_node); - } - } - } - return next_node; -} - -ldns_status -ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs) -{ - - ldns_rbnode_t *first_node, *cur_node, *next_node; - ldns_dnssec_name *cur_name, *next_name; - ldns_rr *nsec_rr; - uint32_t nsec_ttl; - ldns_dnssec_rrsets *soa; - - /* the TTL of NSEC rrs should be set to the minimum TTL of - * the zone SOA (RFC4035 Section 2.3) - */ - soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA); - - /* did the caller actually set it? if not, - * fall back to default ttl - */ - if (soa && soa->rrs && soa->rrs->rr - && (ldns_rr_rdf(soa->rrs->rr, 6) != NULL)) { - nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6)); - } else { - nsec_ttl = LDNS_DEFAULT_TTL; - } - - first_node = ldns_dnssec_name_node_next_nonglue( - ldns_rbtree_first(zone->names)); - cur_node = first_node; - if (cur_node) { - next_node = ldns_dnssec_name_node_next_nonglue( - ldns_rbtree_next(cur_node)); - } else { - next_node = NULL; - } - - while (cur_node && next_node) { - cur_name = (ldns_dnssec_name *)cur_node->data; - next_name = (ldns_dnssec_name *)next_node->data; - nsec_rr = ldns_dnssec_create_nsec(cur_name, - next_name, - LDNS_RR_TYPE_NSEC); - ldns_rr_set_ttl(nsec_rr, nsec_ttl); - if(ldns_dnssec_name_add_rr(cur_name, nsec_rr)!=LDNS_STATUS_OK){ - ldns_rr_free(nsec_rr); - return LDNS_STATUS_ERR; - } - ldns_rr_list_push_rr(new_rrs, nsec_rr); - cur_node = next_node; - if (cur_node) { - next_node = ldns_dnssec_name_node_next_nonglue( - ldns_rbtree_next(cur_node)); - } - } - - if (cur_node && !next_node) { - cur_name = (ldns_dnssec_name *)cur_node->data; - next_name = (ldns_dnssec_name *)first_node->data; - nsec_rr = ldns_dnssec_create_nsec(cur_name, - next_name, - LDNS_RR_TYPE_NSEC); - ldns_rr_set_ttl(nsec_rr, nsec_ttl); - if(ldns_dnssec_name_add_rr(cur_name, nsec_rr)!=LDNS_STATUS_OK){ - ldns_rr_free(nsec_rr); - return LDNS_STATUS_ERR; - } - ldns_rr_list_push_rr(new_rrs, nsec_rr); - } else { - printf("error\n"); - } - - return LDNS_STATUS_OK; -} - -#ifdef HAVE_SSL -static void -ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) { - (void) arg; - LDNS_FREE(node); -} - -static ldns_status -ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt, - ldns_rbtree_t **map) -{ - ldns_rbnode_t *first_name_node; - ldns_rbnode_t *current_name_node; - ldns_dnssec_name *current_name; - ldns_status result = LDNS_STATUS_OK; - ldns_rr *nsec_rr; - ldns_rr_list *nsec3_list; - uint32_t nsec_ttl; - ldns_dnssec_rrsets *soa; - ldns_rbnode_t *hashmap_node; - - if (!zone || !new_rrs || !zone->names) { - return LDNS_STATUS_ERR; - } - - /* the TTL of NSEC rrs should be set to the minimum TTL of - * the zone SOA (RFC4035 Section 2.3) - */ - soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA); - - /* did the caller actually set it? if not, - * fall back to default ttl - */ - if (soa && soa->rrs && soa->rrs->rr - && ldns_rr_rdf(soa->rrs->rr, 6) != NULL) { - nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf(soa->rrs->rr, 6)); - } else { - nsec_ttl = LDNS_DEFAULT_TTL; - } - - if (zone->hashed_names) { - ldns_traverse_postorder(zone->hashed_names, - ldns_hashed_names_node_free, NULL); - LDNS_FREE(zone->hashed_names); - } - zone->hashed_names = ldns_rbtree_create(ldns_dname_compare_v); - if (zone->hashed_names && map) { - *map = zone->hashed_names; - } - - first_name_node = ldns_dnssec_name_node_next_nonglue( - ldns_rbtree_first(zone->names)); - - current_name_node = first_name_node; - - while (current_name_node && current_name_node != LDNS_RBTREE_NULL && - result == LDNS_STATUS_OK) { - - current_name = (ldns_dnssec_name *) current_name_node->data; - nsec_rr = ldns_dnssec_create_nsec3(current_name, - NULL, - zone->soa->name, - algorithm, - flags, - iterations, - salt_length, - salt); - /* by default, our nsec based generator adds rrsigs - * remove the bitmap for empty nonterminals */ - if (!current_name->rrsets) { - ldns_rdf_deep_free(ldns_rr_pop_rdf(nsec_rr)); - } - ldns_rr_set_ttl(nsec_rr, nsec_ttl); - result = ldns_dnssec_name_add_rr(current_name, nsec_rr); - ldns_rr_list_push_rr(new_rrs, nsec_rr); - if (ldns_rr_owner(nsec_rr)) { - hashmap_node = LDNS_MALLOC(ldns_rbnode_t); - if (hashmap_node == NULL) { - return LDNS_STATUS_MEM_ERR; - } - current_name->hashed_name = - ldns_dname_label(ldns_rr_owner(nsec_rr), 0); - - if (current_name->hashed_name == NULL) { - LDNS_FREE(hashmap_node); - return LDNS_STATUS_MEM_ERR; - } - hashmap_node->key = current_name->hashed_name; - hashmap_node->data = current_name; - - if (! ldns_rbtree_insert(zone->hashed_names - , hashmap_node)) { - LDNS_FREE(hashmap_node); - } - } - current_name_node = ldns_dnssec_name_node_next_nonglue( - ldns_rbtree_next(current_name_node)); - } - if (result != LDNS_STATUS_OK) { - return result; - } - - /* Make sorted list of nsec3s (via zone->hashed_names) - */ - nsec3_list = ldns_rr_list_new(); - if (nsec3_list == NULL) { - return LDNS_STATUS_MEM_ERR; - } - for ( hashmap_node = ldns_rbtree_first(zone->hashed_names) - ; hashmap_node != LDNS_RBTREE_NULL - ; hashmap_node = ldns_rbtree_next(hashmap_node) - ) { - current_name = (ldns_dnssec_name *) hashmap_node->data; - nsec_rr = ((ldns_dnssec_name *) hashmap_node->data)->nsec; - if (nsec_rr) { - ldns_rr_list_push_rr(nsec3_list, nsec_rr); - } - } - result = ldns_dnssec_chain_nsec3_list(nsec3_list); - ldns_rr_list_free(nsec3_list); - - return result; -} - -ldns_status -ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt) -{ - return ldns_dnssec_zone_create_nsec3s_mkmap(zone, new_rrs, algorithm, - flags, iterations, salt_length, salt, NULL); - -} -#endif /* HAVE_SSL */ - -ldns_dnssec_rrs * -ldns_dnssec_remove_signatures( ldns_dnssec_rrs *signatures - , ATTR_UNUSED(ldns_key_list *key_list) - , int (*func)(ldns_rr *, void *) - , void *arg - ) -{ - ldns_dnssec_rrs *base_rrs = signatures; - ldns_dnssec_rrs *cur_rr = base_rrs; - ldns_dnssec_rrs *prev_rr = NULL; - ldns_dnssec_rrs *next_rr; - - uint16_t keytag; - size_t i; - - if (!cur_rr) { - switch(func(NULL, arg)) { - case LDNS_SIGNATURE_LEAVE_ADD_NEW: - case LDNS_SIGNATURE_REMOVE_ADD_NEW: - break; - case LDNS_SIGNATURE_LEAVE_NO_ADD: - case LDNS_SIGNATURE_REMOVE_NO_ADD: - ldns_key_list_set_use(key_list, false); - break; - default: -#ifdef STDERR_MSGS - fprintf(stderr, "[XX] unknown return value from callback\n"); -#endif - break; - } - return NULL; - } - (void)func(cur_rr->rr, arg); - - while (cur_rr) { - next_rr = cur_rr->next; - - switch (func(cur_rr->rr, arg)) { - case LDNS_SIGNATURE_LEAVE_ADD_NEW: - prev_rr = cur_rr; - break; - case LDNS_SIGNATURE_LEAVE_NO_ADD: - keytag = ldns_rdf2native_int16( - ldns_rr_rrsig_keytag(cur_rr->rr)); - for (i = 0; i < ldns_key_list_key_count(key_list); i++) { - if (ldns_key_keytag(ldns_key_list_key(key_list, i)) == - keytag) { - ldns_key_set_use(ldns_key_list_key(key_list, i), - false); - } - } - prev_rr = cur_rr; - break; - case LDNS_SIGNATURE_REMOVE_NO_ADD: - keytag = ldns_rdf2native_int16( - ldns_rr_rrsig_keytag(cur_rr->rr)); - for (i = 0; i < ldns_key_list_key_count(key_list); i++) { - if (ldns_key_keytag(ldns_key_list_key(key_list, i)) - == keytag) { - ldns_key_set_use(ldns_key_list_key(key_list, i), - false); - } - } - if (prev_rr) { - prev_rr->next = next_rr; - } else { - base_rrs = next_rr; - } - LDNS_FREE(cur_rr); - break; - case LDNS_SIGNATURE_REMOVE_ADD_NEW: - if (prev_rr) { - prev_rr->next = next_rr; - } else { - base_rrs = next_rr; - } - LDNS_FREE(cur_rr); - break; - default: -#ifdef STDERR_MSGS - fprintf(stderr, "[XX] unknown return value from callback\n"); -#endif - break; - } - cur_rr = next_rr; - } - - return base_rrs; -} - -#ifdef HAVE_SSL -ldns_status -ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void*), - void *arg) -{ - return ldns_dnssec_zone_create_rrsigs_flg(zone, new_rrs, key_list, - func, arg, 0); -} - -/** If there are KSKs use only them and mark ZSKs unused */ -static void -ldns_key_list_filter_for_dnskey(ldns_key_list *key_list) -{ - int saw_ksk = 0; - size_t i; - for(i=0; inames); - while (cur_node != LDNS_RBTREE_NULL) { - cur_name = (ldns_dnssec_name *) cur_node->data; - - if (!cur_name->is_glue) { - on_delegation_point = ldns_dnssec_rrsets_contains_type( - cur_name->rrsets, LDNS_RR_TYPE_NS) - && !ldns_dnssec_rrsets_contains_type( - cur_name->rrsets, LDNS_RR_TYPE_SOA); - cur_rrset = cur_name->rrsets; - while (cur_rrset) { - /* reset keys to use */ - ldns_key_list_set_use(key_list, true); - - /* walk through old sigs, remove the old, - and mark which keys (not) to use) */ - cur_rrset->signatures = - ldns_dnssec_remove_signatures(cur_rrset->signatures, - key_list, - func, - arg); - if(!(flags&LDNS_SIGN_DNSKEY_WITH_ZSK) && - cur_rrset->type == LDNS_RR_TYPE_DNSKEY) - ldns_key_list_filter_for_dnskey(key_list); - - if(cur_rrset->type != LDNS_RR_TYPE_DNSKEY) - ldns_key_list_filter_for_non_dnskey(key_list); - - /* TODO: just set count to zero? */ - rr_list = ldns_rr_list_new(); - - cur_rr = cur_rrset->rrs; - while (cur_rr) { - ldns_rr_list_push_rr(rr_list, cur_rr->rr); - cur_rr = cur_rr->next; - } - - /* only sign non-delegation RRsets */ - /* (glue should have been marked earlier, - * except on the delegation points itself) */ - if (!on_delegation_point || - ldns_rr_list_type(rr_list) - == LDNS_RR_TYPE_DS || - ldns_rr_list_type(rr_list) - == LDNS_RR_TYPE_NSEC || - ldns_rr_list_type(rr_list) - == LDNS_RR_TYPE_NSEC3) { - siglist = ldns_sign_public(rr_list, key_list); - for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) { - if (cur_rrset->signatures) { - result = ldns_dnssec_rrs_add_rr(cur_rrset->signatures, - ldns_rr_list_rr(siglist, - i)); - } else { - cur_rrset->signatures = ldns_dnssec_rrs_new(); - cur_rrset->signatures->rr = - ldns_rr_list_rr(siglist, i); - } - if (new_rrs) { - ldns_rr_list_push_rr(new_rrs, - ldns_rr_list_rr(siglist, - i)); - } - } - ldns_rr_list_free(siglist); - } - - ldns_rr_list_free(rr_list); - - cur_rrset = cur_rrset->next; - } - - /* sign the nsec */ - ldns_key_list_set_use(key_list, true); - cur_name->nsec_signatures = - ldns_dnssec_remove_signatures(cur_name->nsec_signatures, - key_list, - func, - arg); - ldns_key_list_filter_for_non_dnskey(key_list); - - rr_list = ldns_rr_list_new(); - ldns_rr_list_push_rr(rr_list, cur_name->nsec); - siglist = ldns_sign_public(rr_list, key_list); - - for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) { - if (cur_name->nsec_signatures) { - result = ldns_dnssec_rrs_add_rr(cur_name->nsec_signatures, - ldns_rr_list_rr(siglist, i)); - } else { - cur_name->nsec_signatures = ldns_dnssec_rrs_new(); - cur_name->nsec_signatures->rr = - ldns_rr_list_rr(siglist, i); - } - if (new_rrs) { - ldns_rr_list_push_rr(new_rrs, - ldns_rr_list_rr(siglist, i)); - } - } - - ldns_rr_list_free(siglist); - ldns_rr_list_free(rr_list); - } - cur_node = ldns_rbtree_next(cur_node); - } - - ldns_rr_list_deep_free(pubkey_list); - return result; -} - -ldns_status -ldns_dnssec_zone_sign(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void *), - void *arg) -{ - return ldns_dnssec_zone_sign_flg(zone, new_rrs, key_list, func, arg, 0); -} - -ldns_status -ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void *), - void *arg, - int flags) -{ - ldns_status result = LDNS_STATUS_OK; - - if (!zone || !new_rrs || !key_list) { - return LDNS_STATUS_ERR; - } - - /* zone is already sorted */ - result = ldns_dnssec_zone_mark_glue(zone); - if (result != LDNS_STATUS_OK) { - return result; - } - - /* check whether we need to add nsecs */ - if (zone->names && !((ldns_dnssec_name *)zone->names->root->data)->nsec) { - result = ldns_dnssec_zone_create_nsecs(zone, new_rrs); - if (result != LDNS_STATUS_OK) { - return result; - } - } - - result = ldns_dnssec_zone_create_rrsigs_flg(zone, - new_rrs, - key_list, - func, - arg, - flags); - - return result; -} - -ldns_status -ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void *), - void *arg, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt) -{ - return ldns_dnssec_zone_sign_nsec3_flg_mkmap(zone, new_rrs, key_list, - func, arg, algorithm, flags, iterations, salt_length, salt, 0, - NULL); -} - -ldns_status -ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void *), - void *arg, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt, - int signflags, - ldns_rbtree_t **map) -{ - ldns_rr *nsec3, *nsec3param; - ldns_status result = LDNS_STATUS_OK; - - /* zone is already sorted */ - result = ldns_dnssec_zone_mark_glue(zone); - if (result != LDNS_STATUS_OK) { - return result; - } - - /* TODO if there are already nsec3s presents and their - * parameters are the same as these, we don't have to recreate - */ - if (zone->names) { - /* add empty nonterminals */ - result = ldns_dnssec_zone_add_empty_nonterminals(zone); - if (result != LDNS_STATUS_OK) { - return result; - } - - nsec3 = ((ldns_dnssec_name *)zone->names->root->data)->nsec; - if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) { - /* no need to recreate */ - } else { - if (!ldns_dnssec_zone_find_rrset(zone, - zone->soa->name, - LDNS_RR_TYPE_NSEC3PARAM)) { - /* create and add the nsec3param rr */ - nsec3param = - ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAM); - ldns_rr_set_owner(nsec3param, - ldns_rdf_clone(zone->soa->name)); - ldns_nsec3_add_param_rdfs(nsec3param, - algorithm, - flags, - iterations, - salt_length, - salt); - /* always set bit 7 of the flags to zero, according to - * rfc5155 section 11. The bits are counted from right to left, - * so bit 7 in rfc5155 is bit 0 in ldns */ - ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 0, 0); - result = ldns_dnssec_zone_add_rr(zone, nsec3param); - if (result != LDNS_STATUS_OK) { - return result; - } - ldns_rr_list_push_rr(new_rrs, nsec3param); - } - result = ldns_dnssec_zone_create_nsec3s_mkmap(zone, - new_rrs, - algorithm, - flags, - iterations, - salt_length, - salt, - map); - if (result != LDNS_STATUS_OK) { - return result; - } - } - - result = ldns_dnssec_zone_create_rrsigs_flg(zone, - new_rrs, - key_list, - func, - arg, - signflags); - } - - return result; -} - -ldns_status -ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone, - ldns_rr_list *new_rrs, - ldns_key_list *key_list, - int (*func)(ldns_rr *, void *), - void *arg, - uint8_t algorithm, - uint8_t flags, - uint16_t iterations, - uint8_t salt_length, - uint8_t *salt, - int signflags) -{ - return ldns_dnssec_zone_sign_nsec3_flg_mkmap(zone, new_rrs, key_list, - func, arg, algorithm, flags, iterations, salt_length, salt, - signflags, NULL); -} - -ldns_zone * -ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list) -{ - ldns_dnssec_zone *dnssec_zone; - ldns_zone *signed_zone; - ldns_rr_list *new_rrs; - size_t i; - - signed_zone = ldns_zone_new(); - dnssec_zone = ldns_dnssec_zone_new(); - - (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_zone_soa(zone)); - ldns_zone_set_soa(signed_zone, ldns_rr_clone(ldns_zone_soa(zone))); - - for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { - (void) ldns_dnssec_zone_add_rr(dnssec_zone, - ldns_rr_list_rr(ldns_zone_rrs(zone), - i)); - ldns_zone_push_rr(signed_zone, - ldns_rr_clone(ldns_rr_list_rr(ldns_zone_rrs(zone), - i))); - } - - new_rrs = ldns_rr_list_new(); - (void) ldns_dnssec_zone_sign(dnssec_zone, - new_rrs, - key_list, - ldns_dnssec_default_replace_signatures, - NULL); - - for (i = 0; i < ldns_rr_list_rr_count(new_rrs); i++) { - ldns_rr_list_push_rr(ldns_zone_rrs(signed_zone), - ldns_rr_clone(ldns_rr_list_rr(new_rrs, i))); - } - - ldns_rr_list_deep_free(new_rrs); - ldns_dnssec_zone_free(dnssec_zone); - - return signed_zone; -} - -ldns_zone * -ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) -{ - ldns_dnssec_zone *dnssec_zone; - ldns_zone *signed_zone; - ldns_rr_list *new_rrs; - size_t i; - - signed_zone = ldns_zone_new(); - dnssec_zone = ldns_dnssec_zone_new(); - - (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_zone_soa(zone)); - ldns_zone_set_soa(signed_zone, ldns_rr_clone(ldns_zone_soa(zone))); - - for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { - (void) ldns_dnssec_zone_add_rr(dnssec_zone, - ldns_rr_list_rr(ldns_zone_rrs(zone), - i)); - ldns_zone_push_rr(signed_zone, - ldns_rr_clone(ldns_rr_list_rr(ldns_zone_rrs(zone), - i))); - } - - new_rrs = ldns_rr_list_new(); - (void) ldns_dnssec_zone_sign_nsec3(dnssec_zone, - new_rrs, - key_list, - ldns_dnssec_default_replace_signatures, - NULL, - algorithm, - flags, - iterations, - salt_length, - salt); - - for (i = 0; i < ldns_rr_list_rr_count(new_rrs); i++) { - ldns_rr_list_push_rr(ldns_zone_rrs(signed_zone), - ldns_rr_clone(ldns_rr_list_rr(new_rrs, i))); - } - - ldns_rr_list_deep_free(new_rrs); - ldns_dnssec_zone_free(dnssec_zone); - - return signed_zone; -} -#endif /* HAVE_SSL */ - - diff --git a/src/ldns/dnssec_verify.c b/src/ldns/dnssec_verify.c deleted file mode 100644 index 1af6635..0000000 --- a/src/ldns/dnssec_verify.c +++ /dev/null @@ -1,2684 +0,0 @@ -#include - -#include - -#include -#include - -#ifdef HAVE_SSL -/* this entire file is rather useless when you don't have - * crypto... - */ -#include -#include -#include -#include -#include - -ldns_dnssec_data_chain * -ldns_dnssec_data_chain_new(void) -{ - ldns_dnssec_data_chain *nc = LDNS_CALLOC(ldns_dnssec_data_chain, 1); - if(!nc) return NULL; - /* - * not needed anymore because CALLOC initalizes everything to zero. - - nc->rrset = NULL; - nc->parent_type = 0; - nc->parent = NULL; - nc->signatures = NULL; - nc->packet_rcode = 0; - nc->packet_qtype = 0; - nc->packet_nodata = false; - - */ - return nc; -} - -void -ldns_dnssec_data_chain_free(ldns_dnssec_data_chain *chain) -{ - LDNS_FREE(chain); -} - -void -ldns_dnssec_data_chain_deep_free(ldns_dnssec_data_chain *chain) -{ - ldns_rr_list_deep_free(chain->rrset); - ldns_rr_list_deep_free(chain->signatures); - if (chain->parent) { - ldns_dnssec_data_chain_deep_free(chain->parent); - } - LDNS_FREE(chain); -} - -void -ldns_dnssec_data_chain_print_fmt(FILE *out, const ldns_output_format *fmt, - const ldns_dnssec_data_chain *chain) -{ - ldns_lookup_table *rcode; - const ldns_rr_descriptor *rr_descriptor; - if (chain) { - ldns_dnssec_data_chain_print_fmt(out, fmt, chain->parent); - if (ldns_rr_list_rr_count(chain->rrset) > 0) { - rcode = ldns_lookup_by_id(ldns_rcodes, - (int) chain->packet_rcode); - if (rcode) { - fprintf(out, ";; rcode: %s\n", rcode->name); - } - - rr_descriptor = ldns_rr_descript(chain->packet_qtype); - if (rr_descriptor && rr_descriptor->_name) { - fprintf(out, ";; qtype: %s\n", rr_descriptor->_name); - } else if (chain->packet_qtype != 0) { - fprintf(out, "TYPE%u", - chain->packet_qtype); - } - if (chain->packet_nodata) { - fprintf(out, ";; NODATA response\n"); - } - fprintf(out, "rrset:\n"); - ldns_rr_list_print_fmt(out, fmt, chain->rrset); - fprintf(out, "sigs:\n"); - ldns_rr_list_print_fmt(out, fmt, chain->signatures); - fprintf(out, "---\n"); - } else { - fprintf(out, "\n"); - } - } -} -void -ldns_dnssec_data_chain_print(FILE *out, const ldns_dnssec_data_chain *chain) -{ - ldns_dnssec_data_chain_print_fmt( - out, ldns_output_format_default, chain); -} - - -static void -ldns_dnssec_build_data_chain_dnskey(ldns_resolver *res, - uint16_t qflags, - const ldns_pkt *pkt, - ldns_rr_list *signatures, - ldns_dnssec_data_chain *new_chain, - ldns_rdf *key_name, - ldns_rr_class c) { - ldns_rr_list *keys; - ldns_pkt *my_pkt; - if (signatures && ldns_rr_list_rr_count(signatures) > 0) { - new_chain->signatures = ldns_rr_list_clone(signatures); - new_chain->parent_type = 0; - - keys = ldns_pkt_rr_list_by_name_and_type( - pkt, - key_name, - LDNS_RR_TYPE_DNSKEY, - LDNS_SECTION_ANY_NOQUESTION - ); - if (!keys) { - my_pkt = ldns_resolver_query(res, - key_name, - LDNS_RR_TYPE_DNSKEY, - c, - qflags); - if (my_pkt) { - keys = ldns_pkt_rr_list_by_name_and_type( - my_pkt, - key_name, - LDNS_RR_TYPE_DNSKEY, - LDNS_SECTION_ANY_NOQUESTION - ); - new_chain->parent = ldns_dnssec_build_data_chain(res, - qflags, - keys, - my_pkt, - NULL); - new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY; - ldns_pkt_free(my_pkt); - } - } else { - new_chain->parent = ldns_dnssec_build_data_chain(res, - qflags, - keys, - pkt, - NULL); - new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY; - } - ldns_rr_list_deep_free(keys); - } -} - -static void -ldns_dnssec_build_data_chain_other(ldns_resolver *res, - uint16_t qflags, - ldns_dnssec_data_chain *new_chain, - ldns_rdf *key_name, - ldns_rr_class c, - ldns_rr_list *dss) -{ - /* 'self-signed', parent is a DS */ - - /* okay, either we have other keys signing the current one, - * or the current - * one should have a DS record in the parent zone. - * How do we find this out? Try both? - * - * request DNSKEYS for current zone, - * add all signatures to current level - */ - ldns_pkt *my_pkt; - ldns_rr_list *signatures2; - - new_chain->parent_type = 1; - - my_pkt = ldns_resolver_query(res, - key_name, - LDNS_RR_TYPE_DS, - c, - qflags); - if (my_pkt) { - dss = ldns_pkt_rr_list_by_name_and_type(my_pkt, - key_name, - LDNS_RR_TYPE_DS, - LDNS_SECTION_ANY_NOQUESTION - ); - if (dss) { - new_chain->parent = ldns_dnssec_build_data_chain(res, - qflags, - dss, - my_pkt, - NULL); - new_chain->parent->packet_qtype = LDNS_RR_TYPE_DS; - ldns_rr_list_deep_free(dss); - } - ldns_pkt_free(my_pkt); - } - - my_pkt = ldns_resolver_query(res, - key_name, - LDNS_RR_TYPE_DNSKEY, - c, - qflags); - if (my_pkt) { - signatures2 = ldns_pkt_rr_list_by_name_and_type(my_pkt, - key_name, - LDNS_RR_TYPE_RRSIG, - LDNS_SECTION_ANSWER); - if (signatures2) { - if (new_chain->signatures) { - printf("There were already sigs!\n"); - ldns_rr_list_deep_free(new_chain->signatures); - printf("replacing the old sigs\n"); - } - new_chain->signatures = signatures2; - } - ldns_pkt_free(my_pkt); - } -} - -static ldns_dnssec_data_chain * -ldns_dnssec_build_data_chain_nokeyname(ldns_resolver *res, - uint16_t qflags, - ldns_rr *orig_rr, - const ldns_rr_list *rrset, - ldns_dnssec_data_chain *new_chain) -{ - ldns_rdf *possible_parent_name; - ldns_pkt *my_pkt; - /* apparently we were not able to find a signing key, so - we assume the chain ends here - */ - /* try parents for auth denial of DS */ - if (orig_rr) { - possible_parent_name = ldns_rr_owner(orig_rr); - } else if (rrset && ldns_rr_list_rr_count(rrset) > 0) { - possible_parent_name = ldns_rr_owner(ldns_rr_list_rr(rrset, 0)); - } else { - /* no information to go on, give up */ - return new_chain; - } - - my_pkt = ldns_resolver_query(res, - possible_parent_name, - LDNS_RR_TYPE_DS, - LDNS_RR_CLASS_IN, - qflags); - if (!my_pkt) { - return new_chain; - } - - if (ldns_pkt_ancount(my_pkt) > 0) { - /* add error, no sigs but DS in parent */ - /*ldns_pkt_print(stdout, my_pkt);*/ - ldns_pkt_free(my_pkt); - } else { - /* are there signatures? */ - new_chain->parent = ldns_dnssec_build_data_chain(res, - qflags, - NULL, - my_pkt, - NULL); - - new_chain->parent->packet_qtype = LDNS_RR_TYPE_DS; - - } - return new_chain; -} - - -ldns_dnssec_data_chain * -ldns_dnssec_build_data_chain(ldns_resolver *res, - uint16_t qflags, - const ldns_rr_list *rrset, - const ldns_pkt *pkt, - ldns_rr *orig_rr) -{ - ldns_rr_list *signatures = NULL; - ldns_rr_list *dss = NULL; - - ldns_rr_list *my_rrset; - - ldns_pkt *my_pkt; - - ldns_rdf *name = NULL, *key_name = NULL; - ldns_rr_type type = 0; - ldns_rr_class c = 0; - - bool other_rrset = false; - - ldns_dnssec_data_chain *new_chain = ldns_dnssec_data_chain_new(); - - assert(pkt != NULL); - - if (!ldns_dnssec_pkt_has_rrsigs(pkt)) { - /* hmm. no dnssec data in the packet. go up to try and deny - * DS? */ - return new_chain; - } - - if (orig_rr) { - new_chain->rrset = ldns_rr_list_new(); - ldns_rr_list_push_rr(new_chain->rrset, orig_rr); - new_chain->parent = ldns_dnssec_build_data_chain(res, - qflags, - rrset, - pkt, - NULL); - new_chain->packet_rcode = ldns_pkt_get_rcode(pkt); - new_chain->packet_qtype = ldns_rr_get_type(orig_rr); - if (ldns_pkt_ancount(pkt) == 0) { - new_chain->packet_nodata = true; - } - return new_chain; - } - - if (!rrset || ldns_rr_list_rr_count(rrset) < 1) { - /* hmm, no data, do we have denial? only works if pkt was given, - otherwise caller has to do the check himself */ - new_chain->packet_nodata = true; - if (pkt) { - my_rrset = ldns_pkt_rr_list_by_type(pkt, - LDNS_RR_TYPE_NSEC, - LDNS_SECTION_ANY_NOQUESTION - ); - if (my_rrset) { - if (ldns_rr_list_rr_count(my_rrset) > 0) { - type = LDNS_RR_TYPE_NSEC; - other_rrset = true; - } else { - ldns_rr_list_deep_free(my_rrset); - my_rrset = NULL; - } - } else { - /* nothing, try nsec3 */ - my_rrset = ldns_pkt_rr_list_by_type(pkt, - LDNS_RR_TYPE_NSEC3, - LDNS_SECTION_ANY_NOQUESTION); - if (my_rrset) { - if (ldns_rr_list_rr_count(my_rrset) > 0) { - type = LDNS_RR_TYPE_NSEC3; - other_rrset = true; - } else { - ldns_rr_list_deep_free(my_rrset); - my_rrset = NULL; - } - } else { - /* nothing, stop */ - /* try parent zone? for denied insecure? */ - return new_chain; - } - } - } else { - return new_chain; - } - } else { - my_rrset = (ldns_rr_list *) rrset; - } - - if (my_rrset && ldns_rr_list_rr_count(my_rrset) > 0) { - new_chain->rrset = ldns_rr_list_clone(my_rrset); - name = ldns_rr_owner(ldns_rr_list_rr(my_rrset, 0)); - type = ldns_rr_get_type(ldns_rr_list_rr(my_rrset, 0)); - c = ldns_rr_get_class(ldns_rr_list_rr(my_rrset, 0)); - } - - if (other_rrset) { - ldns_rr_list_deep_free(my_rrset); - } - - /* normally there will only be 1 signature 'set' - but there can be more than 1 denial (wildcards) - so check for NSEC - */ - if (type == LDNS_RR_TYPE_NSEC || type == LDNS_RR_TYPE_NSEC3) { - /* just throw in all signatures, the tree builder must sort - this out */ - if (pkt) { - signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type); - } else { - my_pkt = ldns_resolver_query(res, name, type, c, qflags); - if (my_pkt) { - signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type); - ldns_pkt_free(my_pkt); - } - } - } else { - if (pkt) { - signatures = - ldns_dnssec_pkt_get_rrsigs_for_name_and_type(pkt, - name, - type); - } - if (!signatures) { - my_pkt = ldns_resolver_query(res, name, type, c, qflags); - if (my_pkt) { - signatures = - ldns_dnssec_pkt_get_rrsigs_for_name_and_type(my_pkt, - name, - type); - ldns_pkt_free(my_pkt); - } - } - } - - if (signatures && ldns_rr_list_rr_count(signatures) > 0) { - key_name = ldns_rr_rdf(ldns_rr_list_rr(signatures, 0), 7); - } - if (!key_name) { - if (signatures) { - ldns_rr_list_deep_free(signatures); - } - return ldns_dnssec_build_data_chain_nokeyname(res, - qflags, - orig_rr, - rrset, - new_chain); - } - if (type != LDNS_RR_TYPE_DNSKEY) { - ldns_dnssec_build_data_chain_dnskey(res, - qflags, - pkt, - signatures, - new_chain, - key_name, - c - ); - } else { - ldns_dnssec_build_data_chain_other(res, - qflags, - new_chain, - key_name, - c, - dss - ); - } - if (signatures) { - ldns_rr_list_deep_free(signatures); - } - return new_chain; -} - -ldns_dnssec_trust_tree * -ldns_dnssec_trust_tree_new(void) -{ - ldns_dnssec_trust_tree *new_tree = LDNS_XMALLOC(ldns_dnssec_trust_tree, - 1); - if(!new_tree) return NULL; - new_tree->rr = NULL; - new_tree->rrset = NULL; - new_tree->parent_count = 0; - - return new_tree; -} - -void -ldns_dnssec_trust_tree_free(ldns_dnssec_trust_tree *tree) -{ - size_t i; - if (tree) { - for (i = 0; i < tree->parent_count; i++) { - ldns_dnssec_trust_tree_free(tree->parents[i]); - } - } - LDNS_FREE(tree); -} - -size_t -ldns_dnssec_trust_tree_depth(ldns_dnssec_trust_tree *tree) -{ - size_t result = 0; - size_t parent = 0; - size_t i; - - for (i = 0; i < tree->parent_count; i++) { - parent = ldns_dnssec_trust_tree_depth(tree->parents[i]); - if (parent > result) { - result = parent; - } - } - return 1 + result; -} - -/* TODO ldns_ */ -static void -print_tabs(FILE *out, size_t nr, uint8_t *map, size_t treedepth) -{ - size_t i; - for (i = 0; i < nr; i++) { - if (i == nr - 1) { - fprintf(out, "|---"); - } else if (map && i < treedepth && map[i] == 1) { - fprintf(out, "| "); - } else { - fprintf(out, " "); - } - } -} - -static void -ldns_dnssec_trust_tree_print_sm_fmt(FILE *out, - const ldns_output_format *fmt, - ldns_dnssec_trust_tree *tree, - size_t tabs, - bool extended, - uint8_t *sibmap, - size_t treedepth) -{ - size_t i; - const ldns_rr_descriptor *descriptor; - bool mapset = false; - - if (!sibmap) { - treedepth = ldns_dnssec_trust_tree_depth(tree); - sibmap = LDNS_XMALLOC(uint8_t, treedepth); - if(!sibmap) - return; /* mem err */ - memset(sibmap, 0, treedepth); - mapset = true; - } - - if (tree) { - if (tree->rr) { - print_tabs(out, tabs, sibmap, treedepth); - ldns_rdf_print(out, ldns_rr_owner(tree->rr)); - descriptor = ldns_rr_descript(ldns_rr_get_type(tree->rr)); - - if (descriptor->_name) { - fprintf(out, " (%s", descriptor->_name); - } else { - fprintf(out, " (TYPE%d", - ldns_rr_get_type(tree->rr)); - } - if (tabs > 0) { - if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_DNSKEY) { - fprintf(out, " keytag: %u", - (unsigned int) ldns_calc_keytag(tree->rr)); - fprintf(out, " alg: "); - ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 2)); - fprintf(out, " flags: "); - ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0)); - } else if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_DS) { - fprintf(out, " keytag: "); - ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0)); - fprintf(out, " digest type: "); - ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 2)); - } - if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NSEC) { - fprintf(out, " "); - ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0)); - fprintf(out, " "); - ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 1)); - } - } - - fprintf(out, ")\n"); - for (i = 0; i < tree->parent_count; i++) { - if (tree->parent_count > 1 && i < tree->parent_count - 1) { - sibmap[tabs] = 1; - } else { - sibmap[tabs] = 0; - } - /* only print errors */ - if (ldns_rr_get_type(tree->parents[i]->rr) == - LDNS_RR_TYPE_NSEC || - ldns_rr_get_type(tree->parents[i]->rr) == - LDNS_RR_TYPE_NSEC3) { - if (tree->parent_status[i] == LDNS_STATUS_OK) { - print_tabs(out, tabs + 1, sibmap, treedepth); - if (tabs == 0 && - ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NS && - ldns_rr_rd_count(tree->rr) > 0) { - fprintf(out, "Existence of DS is denied by:\n"); - } else { - fprintf(out, "Existence is denied by:\n"); - } - } else { - /* NS records aren't signed */ - if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NS) { - fprintf(out, "Existence of DS is denied by:\n"); - } else { - print_tabs(out, tabs + 1, sibmap, treedepth); - fprintf(out, - "Error in denial of existence: %s\n", - ldns_get_errorstr_by_id( - tree->parent_status[i])); - } - } - } else - if (tree->parent_status[i] != LDNS_STATUS_OK) { - print_tabs(out, tabs + 1, sibmap, treedepth); - fprintf(out, - "%s:\n", - ldns_get_errorstr_by_id( - tree->parent_status[i])); - if (tree->parent_status[i] - == LDNS_STATUS_SSL_ERR) { - printf("; SSL Error: "); - ERR_load_crypto_strings(); - ERR_print_errors_fp(stdout); - printf("\n"); - } - ldns_rr_print_fmt(out, fmt, - tree-> - parent_signature[i]); - printf("For RRset:\n"); - ldns_rr_list_print_fmt(out, fmt, - tree->rrset); - printf("With key:\n"); - ldns_rr_print_fmt(out, fmt, - tree->parents[i]->rr); - } - ldns_dnssec_trust_tree_print_sm_fmt(out, fmt, - tree->parents[i], - tabs+1, - extended, - sibmap, - treedepth); - } - } else { - print_tabs(out, tabs, sibmap, treedepth); - fprintf(out, "\n"); - } - } else { - fprintf(out, "\n"); - } - - if (mapset) { - LDNS_FREE(sibmap); - } -} - -void -ldns_dnssec_trust_tree_print_fmt(FILE *out, const ldns_output_format *fmt, - ldns_dnssec_trust_tree *tree, - size_t tabs, - bool extended) -{ - ldns_dnssec_trust_tree_print_sm_fmt(out, fmt, - tree, tabs, extended, NULL, 0); -} - -void -ldns_dnssec_trust_tree_print(FILE *out, - ldns_dnssec_trust_tree *tree, - size_t tabs, - bool extended) -{ - ldns_dnssec_trust_tree_print_fmt(out, ldns_output_format_default, - tree, tabs, extended); -} - - -ldns_status -ldns_dnssec_trust_tree_add_parent(ldns_dnssec_trust_tree *tree, - const ldns_dnssec_trust_tree *parent, - const ldns_rr *signature, - const ldns_status parent_status) -{ - if (tree - && parent - && tree->parent_count < LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS) { - /* - printf("Add parent for: "); - ldns_rr_print(stdout, tree->rr); - printf("parent: "); - ldns_rr_print(stdout, parent->rr); - */ - tree->parents[tree->parent_count] = - (ldns_dnssec_trust_tree *) parent; - tree->parent_status[tree->parent_count] = parent_status; - tree->parent_signature[tree->parent_count] = (ldns_rr *) signature; - tree->parent_count++; - return LDNS_STATUS_OK; - } else { - return LDNS_STATUS_ERR; - } -} - -/* if rr is null, take the first from the rrset */ -ldns_dnssec_trust_tree * -ldns_dnssec_derive_trust_tree_time( - ldns_dnssec_data_chain *data_chain, - ldns_rr *rr, - time_t check_time - ) -{ - ldns_rr_list *cur_rrset; - ldns_rr_list *cur_sigs; - ldns_rr *cur_rr = NULL; - ldns_rr *cur_sig_rr; - size_t i, j; - - ldns_dnssec_trust_tree *new_tree = ldns_dnssec_trust_tree_new(); - if(!new_tree) - return NULL; - - if (data_chain && data_chain->rrset) { - cur_rrset = data_chain->rrset; - - cur_sigs = data_chain->signatures; - - if (rr) { - cur_rr = rr; - } - - if (!cur_rr && ldns_rr_list_rr_count(cur_rrset) > 0) { - cur_rr = ldns_rr_list_rr(cur_rrset, 0); - } - - if (cur_rr) { - new_tree->rr = cur_rr; - new_tree->rrset = cur_rrset; - /* there are three possibilities: - 1 - 'normal' rrset, signed by a key - 2 - dnskey signed by other dnskey - 3 - dnskey proven by higher level DS - (data denied by nsec is a special case that can - occur in multiple places) - - */ - if (cur_sigs) { - for (i = 0; i < ldns_rr_list_rr_count(cur_sigs); i++) { - /* find the appropriate key in the parent list */ - cur_sig_rr = ldns_rr_list_rr(cur_sigs, i); - - if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_NSEC) { - if (ldns_dname_compare(ldns_rr_owner(cur_sig_rr), - ldns_rr_owner(cur_rr))) - { - /* find first that does match */ - - for (j = 0; - j < ldns_rr_list_rr_count(cur_rrset) && - ldns_dname_compare(ldns_rr_owner(cur_sig_rr),ldns_rr_owner(cur_rr)) != 0; - j++) { - cur_rr = ldns_rr_list_rr(cur_rrset, j); - - } - if (ldns_dname_compare(ldns_rr_owner(cur_sig_rr), - ldns_rr_owner(cur_rr))) - { - break; - } - } - - } - /* option 1 */ - if (data_chain->parent) { - ldns_dnssec_derive_trust_tree_normal_rrset_time( - new_tree, - data_chain, - cur_sig_rr, - check_time); - } - - /* option 2 */ - ldns_dnssec_derive_trust_tree_dnskey_rrset_time( - new_tree, - data_chain, - cur_rr, - cur_sig_rr, - check_time); - } - - ldns_dnssec_derive_trust_tree_ds_rrset_time( - new_tree, data_chain, - cur_rr, check_time); - } else { - /* no signatures? maybe it's nsec data */ - - /* just add every rr from parent as new parent */ - ldns_dnssec_derive_trust_tree_no_sig_time( - new_tree, data_chain, check_time); - } - } - } - - return new_tree; -} - -ldns_dnssec_trust_tree * -ldns_dnssec_derive_trust_tree(ldns_dnssec_data_chain *data_chain, ldns_rr *rr) -{ - return ldns_dnssec_derive_trust_tree_time(data_chain, rr, ldns_time(NULL)); -} - -void -ldns_dnssec_derive_trust_tree_normal_rrset_time( - ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain, - ldns_rr *cur_sig_rr, - time_t check_time) -{ - size_t i, j; - ldns_rr_list *cur_rrset = ldns_rr_list_clone(data_chain->rrset); - ldns_dnssec_trust_tree *cur_parent_tree; - ldns_rr *cur_parent_rr; - uint16_t cur_keytag; - ldns_rr_list *tmp_rrset = NULL; - ldns_status cur_status; - - cur_keytag = ldns_rdf2native_int16(ldns_rr_rrsig_keytag(cur_sig_rr)); - - for (j = 0; j < ldns_rr_list_rr_count(data_chain->parent->rrset); j++) { - cur_parent_rr = ldns_rr_list_rr(data_chain->parent->rrset, j); - if (ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DNSKEY) { - if (ldns_calc_keytag(cur_parent_rr) == cur_keytag) { - - /* TODO: check wildcard nsec too */ - if (cur_rrset && ldns_rr_list_rr_count(cur_rrset) > 0) { - tmp_rrset = cur_rrset; - if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) - == LDNS_RR_TYPE_NSEC || - ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) - == LDNS_RR_TYPE_NSEC3) { - /* might contain different names! - sort and split */ - ldns_rr_list_sort(cur_rrset); - assert(tmp_rrset == cur_rrset); - tmp_rrset = ldns_rr_list_pop_rrset(cur_rrset); - - /* with nsecs, this might be the wrong one */ - while (tmp_rrset && - ldns_rr_list_rr_count(cur_rrset) > 0 && - ldns_dname_compare( - ldns_rr_owner(ldns_rr_list_rr( - tmp_rrset, 0)), - ldns_rr_owner(cur_sig_rr)) != 0) { - ldns_rr_list_deep_free(tmp_rrset); - tmp_rrset = - ldns_rr_list_pop_rrset(cur_rrset); - } - } - cur_status = ldns_verify_rrsig_time( - tmp_rrset, - cur_sig_rr, - cur_parent_rr, - check_time); - if (tmp_rrset && tmp_rrset != cur_rrset - ) { - ldns_rr_list_deep_free( - tmp_rrset); - tmp_rrset = NULL; - } - /* avoid dupes */ - for (i = 0; i < new_tree->parent_count; i++) { - if (cur_parent_rr == new_tree->parents[i]->rr) { - goto done; - } - } - - cur_parent_tree = - ldns_dnssec_derive_trust_tree_time( - data_chain->parent, - cur_parent_rr, - check_time); - (void)ldns_dnssec_trust_tree_add_parent(new_tree, - cur_parent_tree, - cur_sig_rr, - cur_status); - } - } - } - } - done: - ldns_rr_list_deep_free(cur_rrset); -} - -void -ldns_dnssec_derive_trust_tree_normal_rrset(ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain, - ldns_rr *cur_sig_rr) -{ - ldns_dnssec_derive_trust_tree_normal_rrset_time( - new_tree, data_chain, cur_sig_rr, ldns_time(NULL)); -} - -void -ldns_dnssec_derive_trust_tree_dnskey_rrset_time( - ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain, - ldns_rr *cur_rr, - ldns_rr *cur_sig_rr, - time_t check_time) -{ - size_t j; - ldns_rr_list *cur_rrset = data_chain->rrset; - ldns_dnssec_trust_tree *cur_parent_tree; - ldns_rr *cur_parent_rr; - uint16_t cur_keytag; - ldns_status cur_status; - - cur_keytag = ldns_rdf2native_int16(ldns_rr_rrsig_keytag(cur_sig_rr)); - - for (j = 0; j < ldns_rr_list_rr_count(cur_rrset); j++) { - cur_parent_rr = ldns_rr_list_rr(cur_rrset, j); - if (cur_parent_rr != cur_rr && - ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DNSKEY) { - if (ldns_calc_keytag(cur_parent_rr) == cur_keytag - ) { - cur_parent_tree = ldns_dnssec_trust_tree_new(); - cur_parent_tree->rr = cur_parent_rr; - cur_parent_tree->rrset = cur_rrset; - cur_status = ldns_verify_rrsig_time( - cur_rrset, cur_sig_rr, - cur_parent_rr, check_time); - (void) ldns_dnssec_trust_tree_add_parent(new_tree, - cur_parent_tree, cur_sig_rr, cur_status); - } - } - } -} - -void -ldns_dnssec_derive_trust_tree_dnskey_rrset(ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain, - ldns_rr *cur_rr, - ldns_rr *cur_sig_rr) -{ - ldns_dnssec_derive_trust_tree_dnskey_rrset_time( - new_tree, data_chain, cur_rr, cur_sig_rr, ldns_time(NULL)); -} - -void -ldns_dnssec_derive_trust_tree_ds_rrset_time( - ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain, - ldns_rr *cur_rr, - time_t check_time) -{ - size_t j, h; - ldns_rr_list *cur_rrset = data_chain->rrset; - ldns_dnssec_trust_tree *cur_parent_tree; - ldns_rr *cur_parent_rr; - - /* try the parent to see whether there are DSs there */ - if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_DNSKEY && - data_chain->parent && - data_chain->parent->rrset - ) { - for (j = 0; - j < ldns_rr_list_rr_count(data_chain->parent->rrset); - j++) { - cur_parent_rr = ldns_rr_list_rr(data_chain->parent->rrset, j); - if (ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DS) { - for (h = 0; h < ldns_rr_list_rr_count(cur_rrset); h++) { - cur_rr = ldns_rr_list_rr(cur_rrset, h); - if (ldns_rr_compare_ds(cur_rr, cur_parent_rr)) { - cur_parent_tree = - ldns_dnssec_derive_trust_tree_time( - data_chain->parent, - cur_parent_rr, - check_time); - (void) ldns_dnssec_trust_tree_add_parent( - new_tree, - cur_parent_tree, - NULL, - LDNS_STATUS_OK); - } else { - /*ldns_rr_print(stdout, cur_parent_rr);*/ - } - } - } - } - } -} - -void -ldns_dnssec_derive_trust_tree_ds_rrset(ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain, - ldns_rr *cur_rr) -{ - ldns_dnssec_derive_trust_tree_ds_rrset_time( - new_tree, data_chain, cur_rr, ldns_time(NULL)); -} - -void -ldns_dnssec_derive_trust_tree_no_sig_time( - ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain, - time_t check_time) -{ - size_t i; - ldns_rr_list *cur_rrset; - ldns_rr *cur_parent_rr; - ldns_dnssec_trust_tree *cur_parent_tree; - ldns_status result; - - if (data_chain->parent && data_chain->parent->rrset) { - cur_rrset = data_chain->parent->rrset; - /* nsec? */ - if (cur_rrset && ldns_rr_list_rr_count(cur_rrset) > 0) { - if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) == - LDNS_RR_TYPE_NSEC3) { - result = ldns_dnssec_verify_denial_nsec3( - new_tree->rr, - cur_rrset, - data_chain->parent->signatures, - data_chain->packet_rcode, - data_chain->packet_qtype, - data_chain->packet_nodata); - } else if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) == - LDNS_RR_TYPE_NSEC) { - result = ldns_dnssec_verify_denial( - new_tree->rr, - cur_rrset, - data_chain->parent->signatures); - } else { - /* unsigned zone, unsigned parent */ - result = LDNS_STATUS_OK; - } - } else { - result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED; - } - for (i = 0; i < ldns_rr_list_rr_count(cur_rrset); i++) { - cur_parent_rr = ldns_rr_list_rr(cur_rrset, i); - cur_parent_tree = - ldns_dnssec_derive_trust_tree_time( - data_chain->parent, - cur_parent_rr, - check_time); - (void) ldns_dnssec_trust_tree_add_parent(new_tree, - cur_parent_tree, NULL, result); - } - } -} - -void -ldns_dnssec_derive_trust_tree_no_sig(ldns_dnssec_trust_tree *new_tree, - ldns_dnssec_data_chain *data_chain) -{ - ldns_dnssec_derive_trust_tree_no_sig_time( - new_tree, data_chain, ldns_time(NULL)); -} - -/* - * returns OK if there is a path from tree to key with only OK - * the (first) error in between otherwise - * or NOT_FOUND if the key wasn't present at all - */ -ldns_status -ldns_dnssec_trust_tree_contains_keys(ldns_dnssec_trust_tree *tree, - ldns_rr_list *trusted_keys) -{ - size_t i; - ldns_status result = LDNS_STATUS_CRYPTO_NO_DNSKEY; - bool equal; - ldns_status parent_result; - - if (tree && trusted_keys && ldns_rr_list_rr_count(trusted_keys) > 0) - { if (tree->rr) { - for (i = 0; i < ldns_rr_list_rr_count(trusted_keys); i++) { - equal = ldns_rr_compare_ds( - tree->rr, - ldns_rr_list_rr(trusted_keys, i)); - if (equal) { - result = LDNS_STATUS_OK; - return result; - } - } - } - for (i = 0; i < tree->parent_count; i++) { - parent_result = - ldns_dnssec_trust_tree_contains_keys(tree->parents[i], - trusted_keys); - if (parent_result != LDNS_STATUS_CRYPTO_NO_DNSKEY) { - if (tree->parent_status[i] != LDNS_STATUS_OK) { - result = tree->parent_status[i]; - } else { - if (tree->rr && - ldns_rr_get_type(tree->rr) - == LDNS_RR_TYPE_NSEC && - parent_result == LDNS_STATUS_OK - ) { - result = - LDNS_STATUS_DNSSEC_EXISTENCE_DENIED; - } else { - result = parent_result; - } - } - } - } - } else { - result = LDNS_STATUS_ERR; - } - - return result; -} - -ldns_status -ldns_verify_time( - ldns_rr_list *rrset, - ldns_rr_list *rrsig, - const ldns_rr_list *keys, - time_t check_time, - ldns_rr_list *good_keys - ) -{ - uint16_t i; - ldns_status verify_result = LDNS_STATUS_ERR; - - if (!rrset || !rrsig || !keys) { - return LDNS_STATUS_ERR; - } - - if (ldns_rr_list_rr_count(rrset) < 1) { - return LDNS_STATUS_ERR; - } - - if (ldns_rr_list_rr_count(rrsig) < 1) { - return LDNS_STATUS_CRYPTO_NO_RRSIG; - } - - if (ldns_rr_list_rr_count(keys) < 1) { - verify_result = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY; - } else { - for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) { - ldns_status s = ldns_verify_rrsig_keylist_time( - rrset, ldns_rr_list_rr(rrsig, i), - keys, check_time, good_keys); - /* try a little to get more descriptive error */ - if(s == LDNS_STATUS_OK) { - verify_result = LDNS_STATUS_OK; - } else if(verify_result == LDNS_STATUS_ERR) - verify_result = s; - else if(s != LDNS_STATUS_ERR && verify_result == - LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) - verify_result = s; - } - } - return verify_result; -} - -ldns_status -ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, const ldns_rr_list *keys, - ldns_rr_list *good_keys) -{ - return ldns_verify_time(rrset, rrsig, keys, ldns_time(NULL), good_keys); -} - -ldns_status -ldns_verify_notime(ldns_rr_list *rrset, ldns_rr_list *rrsig, - const ldns_rr_list *keys, ldns_rr_list *good_keys) -{ - uint16_t i; - ldns_status verify_result = LDNS_STATUS_ERR; - - if (!rrset || !rrsig || !keys) { - return LDNS_STATUS_ERR; - } - - if (ldns_rr_list_rr_count(rrset) < 1) { - return LDNS_STATUS_ERR; - } - - if (ldns_rr_list_rr_count(rrsig) < 1) { - return LDNS_STATUS_CRYPTO_NO_RRSIG; - } - - if (ldns_rr_list_rr_count(keys) < 1) { - verify_result = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY; - } else { - for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) { - ldns_status s = ldns_verify_rrsig_keylist_notime(rrset, - ldns_rr_list_rr(rrsig, i), keys, good_keys); - - /* try a little to get more descriptive error */ - if (s == LDNS_STATUS_OK) { - verify_result = LDNS_STATUS_OK; - } else if (verify_result == LDNS_STATUS_ERR) { - verify_result = s; - } else if (s != LDNS_STATUS_ERR && verify_result == - LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) { - verify_result = s; - } - } - } - return verify_result; -} - -ldns_rr_list * -ldns_fetch_valid_domain_keys_time(const ldns_resolver *res, - const ldns_rdf *domain, - const ldns_rr_list *keys, - time_t check_time, - ldns_status *status) -{ - ldns_rr_list * trusted_keys = NULL; - ldns_rr_list * ds_keys = NULL; - ldns_rdf * prev_parent_domain; - ldns_rdf * parent_domain; - ldns_rr_list * parent_keys = NULL; - - if (res && domain && keys) { - - if ((trusted_keys = ldns_validate_domain_dnskey_time(res, - domain, keys, check_time))) { - *status = LDNS_STATUS_OK; - } else { - /* No trusted keys in this domain, we'll have to find some in the parent domain */ - *status = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY; - - parent_domain = ldns_dname_left_chop(domain); - while (parent_domain && /* Fail if we are at the root*/ - ldns_rdf_size(parent_domain) > 0) { - - if ((parent_keys = - ldns_fetch_valid_domain_keys_time(res, - parent_domain, - keys, - check_time, - status))) { - /* Check DS records */ - if ((ds_keys = - ldns_validate_domain_ds_time(res, - domain, - parent_keys, - check_time))) { - trusted_keys = - ldns_fetch_valid_domain_keys_time( - res, - domain, - ds_keys, - check_time, - status); - ldns_rr_list_deep_free(ds_keys); - } else { - /* No valid DS at the parent -- fail */ - *status = LDNS_STATUS_CRYPTO_NO_TRUSTED_DS ; - } - ldns_rr_list_deep_free(parent_keys); - break; - } else { - parent_domain = ldns_dname_left_chop(( - prev_parent_domain - = parent_domain - )); - ldns_rdf_deep_free(prev_parent_domain); - } - } - if (parent_domain) { - ldns_rdf_deep_free(parent_domain); - } - } - } - return trusted_keys; -} - -ldns_rr_list * -ldns_fetch_valid_domain_keys(const ldns_resolver *res, - const ldns_rdf *domain, - const ldns_rr_list *keys, - ldns_status *status) -{ - return ldns_fetch_valid_domain_keys_time( - res, domain, keys, ldns_time(NULL), status); -} - -ldns_rr_list * -ldns_validate_domain_dnskey_time( - const ldns_resolver * res, - const ldns_rdf * domain, - const ldns_rr_list * keys, - time_t check_time - ) -{ - ldns_pkt * keypkt; - ldns_rr * cur_key; - uint16_t key_i; uint16_t key_j; uint16_t key_k; - uint16_t sig_i; ldns_rr * cur_sig; - - ldns_rr_list * domain_keys = NULL; - ldns_rr_list * domain_sigs = NULL; - ldns_rr_list * trusted_keys = NULL; - - /* Fetch keys for the domain */ - keypkt = ldns_resolver_query(res, domain, - LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, LDNS_RD); - if (keypkt) { - domain_keys = ldns_pkt_rr_list_by_type(keypkt, - LDNS_RR_TYPE_DNSKEY, - LDNS_SECTION_ANSWER); - domain_sigs = ldns_pkt_rr_list_by_type(keypkt, - LDNS_RR_TYPE_RRSIG, - LDNS_SECTION_ANSWER); - - /* Try to validate the record using our keys */ - for (key_i=0; key_i< ldns_rr_list_rr_count(domain_keys); key_i++) { - - cur_key = ldns_rr_list_rr(domain_keys, key_i); - for (key_j=0; key_j= ldns_dname_label_count(ldns_rr_owner(rr))) { - - /* Query name *is* the "next closer". */ - hashed_next_closer = hashed_name; - } else { - - /* "next closer" has less labels than the query name. - * Create the name and hash it. - */ - next_closer = ldns_dname_clone_from( - ldns_rr_owner(rr), - ldns_dname_label_count(ldns_rr_owner(rr)) - - (ldns_dname_label_count(closest_encloser) + 1) - ); - hashed_next_closer = ldns_nsec3_hash_name_frm_nsec3( - ldns_rr_list_rr(nsecs, 0), - next_closer - ); - (void) ldns_dname_cat(hashed_next_closer, zone_name); - } - /* Find the NSEC3 that covers the "next closer" */ - for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) { - if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, i), - hashed_next_closer) && - ldns_nsec3_optout(ldns_rr_list_rr(nsecs, i))) { - - result = LDNS_STATUS_OK; - if (match) { - *match = ldns_rr_list_rr(nsecs, i); - } - break; - } - } - if (ldns_dname_label_count(closest_encloser) + 1 - < ldns_dname_label_count(ldns_rr_owner(rr))) { - - /* "next closer" has less labels than the query name. - * Dispose of the temporary variables that held that name. - */ - ldns_rdf_deep_free(hashed_next_closer); - ldns_rdf_deep_free(next_closer); - } - ldns_rdf_deep_free(closest_encloser); - } - - done: - ldns_rdf_deep_free(zone_name); - return result; -} - -ldns_status -ldns_dnssec_verify_denial_nsec3(ldns_rr *rr, - ldns_rr_list *nsecs, - ldns_rr_list *rrsigs, - ldns_pkt_rcode packet_rcode, - ldns_rr_type packet_qtype, - bool packet_nodata) -{ - return ldns_dnssec_verify_denial_nsec3_match( - rr, nsecs, rrsigs, packet_rcode, - packet_qtype, packet_nodata, NULL - ); -} - -#ifdef USE_GOST -EVP_PKEY* -ldns_gost2pkey_raw(unsigned char* key, size_t keylen) -{ - /* prefix header for X509 encoding */ - uint8_t asn[37] = { 0x30, 0x63, 0x30, 0x1c, 0x06, 0x06, 0x2a, 0x85, - 0x03, 0x02, 0x02, 0x13, 0x30, 0x12, 0x06, 0x07, 0x2a, 0x85, - 0x03, 0x02, 0x02, 0x23, 0x01, 0x06, 0x07, 0x2a, 0x85, 0x03, - 0x02, 0x02, 0x1e, 0x01, 0x03, 0x43, 0x00, 0x04, 0x40}; - unsigned char encoded[37+64]; - const unsigned char* pp; - if(keylen != 64) { - /* key wrong size */ - return NULL; - } - - /* create evp_key */ - memmove(encoded, asn, 37); - memmove(encoded+37, key, 64); - pp = (unsigned char*)&encoded[0]; - - return d2i_PUBKEY(NULL, &pp, (int)sizeof(encoded)); -} - -static ldns_status -ldns_verify_rrsig_gost_raw(unsigned char* sig, size_t siglen, - ldns_buffer* rrset, unsigned char* key, size_t keylen) -{ - EVP_PKEY *evp_key; - ldns_status result; - - (void) ldns_key_EVP_load_gost_id(); - evp_key = ldns_gost2pkey_raw(key, keylen); - if(!evp_key) { - /* could not convert key */ - return LDNS_STATUS_CRYPTO_BOGUS; - } - - /* verify signature */ - result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, - evp_key, EVP_get_digestbyname("md_gost94")); - EVP_PKEY_free(evp_key); - - return result; -} -#endif - -#ifdef USE_ECDSA -EVP_PKEY* -ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo) -{ - unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */ - const unsigned char* pp = buf; - EVP_PKEY *evp_key; - EC_KEY *ec; - /* check length, which uncompressed must be 2 bignums */ - if(algo == LDNS_ECDSAP256SHA256) { - if(keylen != 2*256/8) return NULL; - ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - } else if(algo == LDNS_ECDSAP384SHA384) { - if(keylen != 2*384/8) return NULL; - ec = EC_KEY_new_by_curve_name(NID_secp384r1); - } else ec = NULL; - if(!ec) return NULL; - if(keylen+1 > sizeof(buf)) - return NULL; /* sanity check */ - /* prepend the 0x02 (from docs) (or actually 0x04 from implementation - * of openssl) for uncompressed data */ - buf[0] = POINT_CONVERSION_UNCOMPRESSED; - memmove(buf+1, key, keylen); - if(!o2i_ECPublicKey(&ec, &pp, (int)keylen+1)) { - EC_KEY_free(ec); - return NULL; - } - evp_key = EVP_PKEY_new(); - if(!evp_key) { - EC_KEY_free(ec); - return NULL; - } - if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) { - EVP_PKEY_free(evp_key); - EC_KEY_free(ec); - return NULL; - } - return evp_key; -} - -static ldns_status -ldns_verify_rrsig_ecdsa_raw(unsigned char* sig, size_t siglen, - ldns_buffer* rrset, unsigned char* key, size_t keylen, uint8_t algo) -{ - EVP_PKEY *evp_key; - ldns_status result; - const EVP_MD *d; - - evp_key = ldns_ecdsa2pkey_raw(key, keylen, algo); - if(!evp_key) { - /* could not convert key */ - return LDNS_STATUS_CRYPTO_BOGUS; - } - if(algo == LDNS_ECDSAP256SHA256) - d = EVP_sha256(); - else d = EVP_sha384(); /* LDNS_ECDSAP384SHA384 */ - result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, d); - EVP_PKEY_free(evp_key); - return result; -} -#endif - -ldns_status -ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf, ldns_buffer *verify_buf, - ldns_buffer *key_buf, uint8_t algo) -{ - return ldns_verify_rrsig_buffers_raw( - (unsigned char*)ldns_buffer_begin(rawsig_buf), - ldns_buffer_position(rawsig_buf), - verify_buf, - (unsigned char*)ldns_buffer_begin(key_buf), - ldns_buffer_position(key_buf), algo); -} - -ldns_status -ldns_verify_rrsig_buffers_raw(unsigned char* sig, size_t siglen, - ldns_buffer *verify_buf, unsigned char* key, size_t keylen, - uint8_t algo) -{ - /* check for right key */ - switch(algo) { - case LDNS_DSA: - case LDNS_DSA_NSEC3: - return ldns_verify_rrsig_dsa_raw(sig, - siglen, - verify_buf, - key, - keylen); - break; - case LDNS_RSASHA1: - case LDNS_RSASHA1_NSEC3: - return ldns_verify_rrsig_rsasha1_raw(sig, - siglen, - verify_buf, - key, - keylen); - break; -#ifdef USE_SHA2 - case LDNS_RSASHA256: - return ldns_verify_rrsig_rsasha256_raw(sig, - siglen, - verify_buf, - key, - keylen); - break; - case LDNS_RSASHA512: - return ldns_verify_rrsig_rsasha512_raw(sig, - siglen, - verify_buf, - key, - keylen); - break; -#endif -#ifdef USE_GOST - case LDNS_ECC_GOST: - return ldns_verify_rrsig_gost_raw(sig, siglen, verify_buf, - key, keylen); - break; -#endif -#ifdef USE_ECDSA - case LDNS_ECDSAP256SHA256: - case LDNS_ECDSAP384SHA384: - return ldns_verify_rrsig_ecdsa_raw(sig, siglen, verify_buf, - key, keylen, algo); - break; -#endif - case LDNS_RSAMD5: - return ldns_verify_rrsig_rsamd5_raw(sig, - siglen, - verify_buf, - key, - keylen); - break; - default: - /* do you know this alg?! */ - return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; - } -} - - -/** - * Reset the ttl in the rrset with the orig_ttl from the sig - * and update owner name if it was wildcard - * Also canonicalizes the rrset. - * @param rrset: rrset to modify - * @param sig: signature to take TTL and wildcard values from - */ -static void -ldns_rrset_use_signature_ttl(ldns_rr_list* rrset_clone, ldns_rr* rrsig) -{ - uint32_t orig_ttl; - uint16_t i; - uint8_t label_count; - ldns_rdf *wildcard_name; - ldns_rdf *wildcard_chopped; - ldns_rdf *wildcard_chopped_tmp; - - if ((rrsig == NULL) || ldns_rr_rd_count(rrsig) < 4) { - return; - } - - orig_ttl = ldns_rdf2native_int32( ldns_rr_rdf(rrsig, 3)); - label_count = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 2)); - - for(i = 0; i < ldns_rr_list_rr_count(rrset_clone); i++) { - if (label_count < - ldns_dname_label_count( - ldns_rr_owner(ldns_rr_list_rr(rrset_clone, i)))) { - (void) ldns_str2rdf_dname(&wildcard_name, "*"); - wildcard_chopped = ldns_rdf_clone(ldns_rr_owner( - ldns_rr_list_rr(rrset_clone, i))); - while (label_count < ldns_dname_label_count(wildcard_chopped)) { - wildcard_chopped_tmp = ldns_dname_left_chop( - wildcard_chopped); - ldns_rdf_deep_free(wildcard_chopped); - wildcard_chopped = wildcard_chopped_tmp; - } - (void) ldns_dname_cat(wildcard_name, wildcard_chopped); - ldns_rdf_deep_free(wildcard_chopped); - ldns_rdf_deep_free(ldns_rr_owner(ldns_rr_list_rr( - rrset_clone, i))); - ldns_rr_set_owner(ldns_rr_list_rr(rrset_clone, i), - wildcard_name); - } - ldns_rr_set_ttl(ldns_rr_list_rr(rrset_clone, i), orig_ttl); - /* convert to lowercase */ - ldns_rr2canonical(ldns_rr_list_rr(rrset_clone, i)); - } -} - -/** - * Make raw signature buffer out of rrsig - * @param rawsig_buf: raw signature buffer for result - * @param rrsig: signature to convert - * @return OK or more specific error. - */ -static ldns_status -ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, ldns_rr* rrsig) -{ - uint8_t sig_algo; - - if (rrsig == NULL) { - return LDNS_STATUS_CRYPTO_NO_RRSIG; - } - if (ldns_rr_rdf(rrsig, 1) == NULL) { - return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; - } - sig_algo = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 1)); - /* check for known and implemented algo's now (otherwise - * the function could return a wrong error - */ - /* create a buffer with signature rdata */ - /* for some algorithms we need other data than for others... */ - /* (the DSA API wants DER encoding for instance) */ - - switch(sig_algo) { - case LDNS_RSAMD5: - case LDNS_RSASHA1: - case LDNS_RSASHA1_NSEC3: -#ifdef USE_SHA2 - case LDNS_RSASHA256: - case LDNS_RSASHA512: -#endif -#ifdef USE_GOST - case LDNS_ECC_GOST: -#endif - if (ldns_rr_rdf(rrsig, 8) == NULL) { - return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; - } - if (ldns_rdf2buffer_wire(rawsig_buf, ldns_rr_rdf(rrsig, 8)) - != LDNS_STATUS_OK) { - return LDNS_STATUS_MEM_ERR; - } - break; - case LDNS_DSA: - case LDNS_DSA_NSEC3: - /* EVP takes rfc2459 format, which is a tad longer than dns format */ - if (ldns_rr_rdf(rrsig, 8) == NULL) { - return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; - } - if (ldns_convert_dsa_rrsig_rdf2asn1( - rawsig_buf, ldns_rr_rdf(rrsig, 8)) - != LDNS_STATUS_OK) { - /* - if (ldns_rdf2buffer_wire(rawsig_buf, - ldns_rr_rdf(rrsig, 8)) != LDNS_STATUS_OK) { - */ - return LDNS_STATUS_MEM_ERR; - } - break; -#ifdef USE_ECDSA - case LDNS_ECDSAP256SHA256: - case LDNS_ECDSAP384SHA384: - /* EVP produces an ASN prefix on the signature, which is - * not used in the DNS */ - if (ldns_rr_rdf(rrsig, 8) == NULL) { - return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; - } - if (ldns_convert_ecdsa_rrsig_rdf2asn1( - rawsig_buf, ldns_rr_rdf(rrsig, 8)) - != LDNS_STATUS_OK) { - return LDNS_STATUS_MEM_ERR; - } - break; -#endif - case LDNS_DH: - case LDNS_ECC: - case LDNS_INDIRECT: - return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL; - default: - return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; - } - return LDNS_STATUS_OK; -} - -/** - * Check RRSIG timestamps against the given 'now' time. - * @param rrsig: signature to check. - * @param now: the current time in seconds epoch. - * @return status code LDNS_STATUS_OK if all is fine. - */ -static ldns_status -ldns_rrsig_check_timestamps(ldns_rr* rrsig, time_t now) -{ - int32_t inception, expiration; - - /* check the signature time stamps */ - inception = (int32_t)ldns_rdf2native_time_t( - ldns_rr_rrsig_inception(rrsig)); - expiration = (int32_t)ldns_rdf2native_time_t( - ldns_rr_rrsig_expiration(rrsig)); - - if (expiration - inception < 0) { - /* bad sig, expiration before inception?? Tsssg */ - return LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION; - } - if (((int32_t) now) - inception < 0) { - /* bad sig, inception date has not yet come to pass */ - return LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED; - } - if (expiration - ((int32_t) now) < 0) { - /* bad sig, expiration date has passed */ - return LDNS_STATUS_CRYPTO_SIG_EXPIRED; - } - return LDNS_STATUS_OK; -} - -/** - * Prepare for verification. - * @param rawsig_buf: raw signature buffer made ready. - * @param verify_buf: data for verification buffer made ready. - * @param rrset_clone: made ready. - * @param rrsig: signature to prepare for. - * @return LDNS_STATUS_OK is all went well. Otherwise specific error. - */ -static ldns_status -ldns_prepare_for_verify(ldns_buffer* rawsig_buf, ldns_buffer* verify_buf, - ldns_rr_list* rrset_clone, ldns_rr* rrsig) -{ - ldns_status result; - - /* canonicalize the sig */ - ldns_dname2canonical(ldns_rr_owner(rrsig)); - - /* check if the typecovered is equal to the type checked */ - if (ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rrsig)) != - ldns_rr_get_type(ldns_rr_list_rr(rrset_clone, 0))) - return LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR; - - /* create a buffer with b64 signature rdata */ - result = ldns_rrsig2rawsig_buffer(rawsig_buf, rrsig); - if(result != LDNS_STATUS_OK) - return result; - - /* use TTL from signature. Use wildcard names for wildcards */ - /* also canonicalizes rrset_clone */ - ldns_rrset_use_signature_ttl(rrset_clone, rrsig); - - /* sort the rrset in canonical order */ - ldns_rr_list_sort(rrset_clone); - - /* put the signature rr (without the b64) to the verify_buf */ - if (ldns_rrsig2buffer_wire(verify_buf, rrsig) != LDNS_STATUS_OK) - return LDNS_STATUS_MEM_ERR; - - /* add the rrset in verify_buf */ - if(ldns_rr_list2buffer_wire(verify_buf, rrset_clone) - != LDNS_STATUS_OK) - return LDNS_STATUS_MEM_ERR; - - return LDNS_STATUS_OK; -} - -/** - * Check if a key matches a signature. - * Checks keytag, sigalgo and signature. - * @param rawsig_buf: raw signature buffer for verify - * @param verify_buf: raw data buffer for verify - * @param rrsig: the rrsig - * @param key: key to attempt. - * @return LDNS_STATUS_OK if OK, else some specific error. - */ -static ldns_status -ldns_verify_test_sig_key(ldns_buffer* rawsig_buf, ldns_buffer* verify_buf, - ldns_rr* rrsig, ldns_rr* key) -{ - uint8_t sig_algo; - - if (rrsig == NULL) { - return LDNS_STATUS_CRYPTO_NO_RRSIG; - } - if (ldns_rr_rdf(rrsig, 1) == NULL) { - return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; - } - sig_algo = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 1)); - - /* before anything, check if the keytags match */ - if (ldns_calc_keytag(key) - == - ldns_rdf2native_int16(ldns_rr_rrsig_keytag(rrsig)) - ) { - ldns_buffer* key_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); - ldns_status result = LDNS_STATUS_ERR; - - /* put the key-data in a buffer, that's the third rdf, with - * the base64 encoded key data */ - if (ldns_rr_rdf(key, 3) == NULL) { - ldns_buffer_free(key_buf); - return LDNS_STATUS_MISSING_RDATA_FIELDS_KEY; - } - if (ldns_rdf2buffer_wire(key_buf, ldns_rr_rdf(key, 3)) - != LDNS_STATUS_OK) { - ldns_buffer_free(key_buf); - /* returning is bad might screw up - good keys later in the list - what to do? */ - return LDNS_STATUS_ERR; - } - - if (ldns_rr_rdf(key, 2) == NULL) { - result = LDNS_STATUS_MISSING_RDATA_FIELDS_KEY; - } - else if (sig_algo == ldns_rdf2native_int8( - ldns_rr_rdf(key, 2))) { - result = ldns_verify_rrsig_buffers(rawsig_buf, - verify_buf, key_buf, sig_algo); - } else { - /* No keys with the corresponding algorithm are found */ - result = LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY; - } - - ldns_buffer_free(key_buf); - return result; - } - else { - /* No keys with the corresponding keytag are found */ - return LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY; - } -} - -/* - * to verify: - * - create the wire fmt of the b64 key rdata - * - create the wire fmt of the sorted rrset - * - create the wire fmt of the b64 sig rdata - * - create the wire fmt of the sig without the b64 rdata - * - cat the sig data (without b64 rdata) to the rrset - * - verify the rrset+sig, with the b64 data and the b64 key data - */ -ldns_status -ldns_verify_rrsig_keylist_time( - ldns_rr_list *rrset, - ldns_rr *rrsig, - const ldns_rr_list *keys, - time_t check_time, - ldns_rr_list *good_keys) -{ - ldns_status result; - ldns_rr_list *valid = ldns_rr_list_new(); - if (!valid) - return LDNS_STATUS_MEM_ERR; - - result = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, valid); - if(result != LDNS_STATUS_OK) { - ldns_rr_list_free(valid); - return result; - } - - /* check timestamps last; its OK except time */ - result = ldns_rrsig_check_timestamps(rrsig, check_time); - if(result != LDNS_STATUS_OK) { - ldns_rr_list_free(valid); - return result; - } - - ldns_rr_list_cat(good_keys, valid); - ldns_rr_list_free(valid); - return LDNS_STATUS_OK; -} - -/* - * to verify: - * - create the wire fmt of the b64 key rdata - * - create the wire fmt of the sorted rrset - * - create the wire fmt of the b64 sig rdata - * - create the wire fmt of the sig without the b64 rdata - * - cat the sig data (without b64 rdata) to the rrset - * - verify the rrset+sig, with the b64 data and the b64 key data - */ -ldns_status -ldns_verify_rrsig_keylist(ldns_rr_list *rrset, - ldns_rr *rrsig, - const ldns_rr_list *keys, - ldns_rr_list *good_keys) -{ - return ldns_verify_rrsig_keylist_time( - rrset, rrsig, keys, ldns_time(NULL), good_keys); -} - -ldns_status -ldns_verify_rrsig_keylist_notime(ldns_rr_list *rrset, - ldns_rr *rrsig, - const ldns_rr_list *keys, - ldns_rr_list *good_keys) -{ - ldns_buffer *rawsig_buf; - ldns_buffer *verify_buf; - uint16_t i; - ldns_status result, status; - ldns_rr_list *rrset_clone; - ldns_rr_list *validkeys; - - if (!rrset) { - return LDNS_STATUS_ERR; - } - - validkeys = ldns_rr_list_new(); - if (!validkeys) { - return LDNS_STATUS_MEM_ERR; - } - - /* clone the rrset so that we can fiddle with it */ - rrset_clone = ldns_rr_list_clone(rrset); - - /* create the buffers which will certainly hold the raw data */ - rawsig_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); - verify_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); - - result = ldns_prepare_for_verify(rawsig_buf, verify_buf, - rrset_clone, rrsig); - if(result != LDNS_STATUS_OK) { - ldns_buffer_free(verify_buf); - ldns_buffer_free(rawsig_buf); - ldns_rr_list_deep_free(rrset_clone); - ldns_rr_list_free(validkeys); - return result; - } - - result = LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY; - for(i = 0; i < ldns_rr_list_rr_count(keys); i++) { - status = ldns_verify_test_sig_key(rawsig_buf, verify_buf, - rrsig, ldns_rr_list_rr(keys, i)); - if (status == LDNS_STATUS_OK) { - /* one of the keys has matched, don't break - * here, instead put the 'winning' key in - * the validkey list and return the list - * later */ - if (!ldns_rr_list_push_rr(validkeys, - ldns_rr_list_rr(keys,i))) { - /* couldn't push the key?? */ - ldns_buffer_free(rawsig_buf); - ldns_buffer_free(verify_buf); - ldns_rr_list_deep_free(rrset_clone); - ldns_rr_list_free(validkeys); - return LDNS_STATUS_MEM_ERR; - } - - result = status; - } - - if (result == LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) { - result = status; - } - } - - /* no longer needed */ - ldns_rr_list_deep_free(rrset_clone); - ldns_buffer_free(rawsig_buf); - ldns_buffer_free(verify_buf); - - if (ldns_rr_list_rr_count(validkeys) == 0) { - /* no keys were added, return last error */ - ldns_rr_list_free(validkeys); - return result; - } - - /* do not check timestamps */ - - ldns_rr_list_cat(good_keys, validkeys); - ldns_rr_list_free(validkeys); - return LDNS_STATUS_OK; -} - -ldns_status -ldns_verify_rrsig_time( - ldns_rr_list *rrset, - ldns_rr *rrsig, - ldns_rr *key, - time_t check_time) -{ - ldns_buffer *rawsig_buf; - ldns_buffer *verify_buf; - ldns_status result; - ldns_rr_list *rrset_clone; - - if (!rrset) { - return LDNS_STATUS_NO_DATA; - } - /* clone the rrset so that we can fiddle with it */ - rrset_clone = ldns_rr_list_clone(rrset); - /* create the buffers which will certainly hold the raw data */ - rawsig_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); - verify_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); - - result = ldns_prepare_for_verify(rawsig_buf, verify_buf, - rrset_clone, rrsig); - if(result != LDNS_STATUS_OK) { - ldns_rr_list_deep_free(rrset_clone); - ldns_buffer_free(rawsig_buf); - ldns_buffer_free(verify_buf); - return result; - } - result = ldns_verify_test_sig_key(rawsig_buf, verify_buf, - rrsig, key); - /* no longer needed */ - ldns_rr_list_deep_free(rrset_clone); - ldns_buffer_free(rawsig_buf); - ldns_buffer_free(verify_buf); - - /* check timestamp last, apart from time its OK */ - if(result == LDNS_STATUS_OK) - result = ldns_rrsig_check_timestamps(rrsig, check_time); - - return result; -} - -ldns_status -ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr *key) -{ - return ldns_verify_rrsig_time(rrset, rrsig, key, ldns_time(NULL)); -} - - -ldns_status -ldns_verify_rrsig_evp(ldns_buffer *sig, - ldns_buffer *rrset, - EVP_PKEY *key, - const EVP_MD *digest_type) -{ - return ldns_verify_rrsig_evp_raw( - (unsigned char*)ldns_buffer_begin(sig), - ldns_buffer_position(sig), - rrset, - key, - digest_type); -} - -ldns_status -ldns_verify_rrsig_evp_raw(unsigned char *sig, size_t siglen, - ldns_buffer *rrset, EVP_PKEY *key, const EVP_MD *digest_type) -{ - EVP_MD_CTX ctx; - int res; - - EVP_MD_CTX_init(&ctx); - - EVP_VerifyInit(&ctx, digest_type); - EVP_VerifyUpdate(&ctx, - ldns_buffer_begin(rrset), - ldns_buffer_position(rrset)); - res = EVP_VerifyFinal(&ctx, sig, (unsigned int) siglen, key); - - EVP_MD_CTX_cleanup(&ctx); - - if (res == 1) { - return LDNS_STATUS_OK; - } else if (res == 0) { - return LDNS_STATUS_CRYPTO_BOGUS; - } - /* TODO how to communicate internal SSL error? - let caller use ssl's get_error() */ - return LDNS_STATUS_SSL_ERR; -} - -ldns_status -ldns_verify_rrsig_dsa(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key) -{ - return ldns_verify_rrsig_dsa_raw( - (unsigned char*) ldns_buffer_begin(sig), - ldns_buffer_position(sig), - rrset, - (unsigned char*) ldns_buffer_begin(key), - ldns_buffer_position(key)); -} - -ldns_status -ldns_verify_rrsig_rsasha1(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key) -{ - return ldns_verify_rrsig_rsasha1_raw( - (unsigned char*)ldns_buffer_begin(sig), - ldns_buffer_position(sig), - rrset, - (unsigned char*) ldns_buffer_begin(key), - ldns_buffer_position(key)); -} - -ldns_status -ldns_verify_rrsig_rsamd5(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key) -{ - return ldns_verify_rrsig_rsamd5_raw( - (unsigned char*)ldns_buffer_begin(sig), - ldns_buffer_position(sig), - rrset, - (unsigned char*) ldns_buffer_begin(key), - ldns_buffer_position(key)); -} - -ldns_status -ldns_verify_rrsig_dsa_raw(unsigned char* sig, size_t siglen, - ldns_buffer* rrset, unsigned char* key, size_t keylen) -{ - EVP_PKEY *evp_key; - ldns_status result; - - evp_key = EVP_PKEY_new(); - if (EVP_PKEY_assign_DSA(evp_key, ldns_key_buf2dsa_raw(key, keylen))) { - result = ldns_verify_rrsig_evp_raw(sig, - siglen, - rrset, - evp_key, - EVP_dss1()); - } else { - result = LDNS_STATUS_SSL_ERR; - } - EVP_PKEY_free(evp_key); - return result; - -} - -ldns_status -ldns_verify_rrsig_rsasha1_raw(unsigned char* sig, size_t siglen, - ldns_buffer* rrset, unsigned char* key, size_t keylen) -{ - EVP_PKEY *evp_key; - ldns_status result; - - evp_key = EVP_PKEY_new(); - if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { - result = ldns_verify_rrsig_evp_raw(sig, - siglen, - rrset, - evp_key, - EVP_sha1()); - } else { - result = LDNS_STATUS_SSL_ERR; - } - EVP_PKEY_free(evp_key); - - return result; -} - -ldns_status -ldns_verify_rrsig_rsasha256_raw(unsigned char* sig, - size_t siglen, - ldns_buffer* rrset, - unsigned char* key, - size_t keylen) -{ -#ifdef USE_SHA2 - EVP_PKEY *evp_key; - ldns_status result; - - evp_key = EVP_PKEY_new(); - if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { - result = ldns_verify_rrsig_evp_raw(sig, - siglen, - rrset, - evp_key, - EVP_sha256()); - } else { - result = LDNS_STATUS_SSL_ERR; - } - EVP_PKEY_free(evp_key); - - return result; -#else - /* touch these to prevent compiler warnings */ - (void) sig; - (void) siglen; - (void) rrset; - (void) key; - (void) keylen; - return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; -#endif -} - -ldns_status -ldns_verify_rrsig_rsasha512_raw(unsigned char* sig, - size_t siglen, - ldns_buffer* rrset, - unsigned char* key, - size_t keylen) -{ -#ifdef USE_SHA2 - EVP_PKEY *evp_key; - ldns_status result; - - evp_key = EVP_PKEY_new(); - if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { - result = ldns_verify_rrsig_evp_raw(sig, - siglen, - rrset, - evp_key, - EVP_sha512()); - } else { - result = LDNS_STATUS_SSL_ERR; - } - EVP_PKEY_free(evp_key); - - return result; -#else - /* touch these to prevent compiler warnings */ - (void) sig; - (void) siglen; - (void) rrset; - (void) key; - (void) keylen; - return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; -#endif -} - - -ldns_status -ldns_verify_rrsig_rsamd5_raw(unsigned char* sig, - size_t siglen, - ldns_buffer* rrset, - unsigned char* key, - size_t keylen) -{ - EVP_PKEY *evp_key; - ldns_status result; - - evp_key = EVP_PKEY_new(); - if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { - result = ldns_verify_rrsig_evp_raw(sig, - siglen, - rrset, - evp_key, - EVP_md5()); - } else { - result = LDNS_STATUS_SSL_ERR; - } - EVP_PKEY_free(evp_key); - - return result; -} - -#endif diff --git a/src/ldns/dnssec_zone.c b/src/ldns/dnssec_zone.c deleted file mode 100644 index 0fec48c..0000000 --- a/src/ldns/dnssec_zone.c +++ /dev/null @@ -1,1192 +0,0 @@ -/* - * special zone file structures and functions for better dnssec handling - */ - -#include - -#include - -ldns_dnssec_rrs * -ldns_dnssec_rrs_new(void) -{ - ldns_dnssec_rrs *new_rrs; - new_rrs = LDNS_MALLOC(ldns_dnssec_rrs); - if(!new_rrs) return NULL; - new_rrs->rr = NULL; - new_rrs->next = NULL; - return new_rrs; -} - -INLINE void -ldns_dnssec_rrs_free_internal(ldns_dnssec_rrs *rrs, int deep) -{ - ldns_dnssec_rrs *next; - while (rrs) { - next = rrs->next; - if (deep) { - ldns_rr_free(rrs->rr); - } - LDNS_FREE(rrs); - rrs = next; - } -} - -void -ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs) -{ - ldns_dnssec_rrs_free_internal(rrs, 0); -} - -void -ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs) -{ - ldns_dnssec_rrs_free_internal(rrs, 1); -} - -ldns_status -ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr) -{ - int cmp; - ldns_dnssec_rrs *new_rrs; - if (!rrs || !rr) { - return LDNS_STATUS_ERR; - } - - /* this could be done more efficiently; name and type should already - be equal */ - cmp = ldns_rr_compare(rrs->rr, rr); - if (cmp < 0) { - if (rrs->next) { - return ldns_dnssec_rrs_add_rr(rrs->next, rr); - } else { - new_rrs = ldns_dnssec_rrs_new(); - new_rrs->rr = rr; - rrs->next = new_rrs; - } - } else if (cmp > 0) { - /* put the current old rr in the new next, put the new - rr in the current container */ - new_rrs = ldns_dnssec_rrs_new(); - new_rrs->rr = rrs->rr; - new_rrs->next = rrs->next; - rrs->rr = rr; - rrs->next = new_rrs; - } - /* Silently ignore equal rr's */ - return LDNS_STATUS_OK; -} - -void -ldns_dnssec_rrs_print_fmt(FILE *out, const ldns_output_format *fmt, - ldns_dnssec_rrs *rrs) -{ - if (!rrs) { - if ((fmt->flags & LDNS_COMMENT_LAYOUT)) - fprintf(out, "; "); - } else { - if (rrs->rr) { - ldns_rr_print_fmt(out, fmt, rrs->rr); - } - if (rrs->next) { - ldns_dnssec_rrs_print_fmt(out, fmt, rrs->next); - } - } -} - -void -ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs) -{ - ldns_dnssec_rrs_print_fmt(out, ldns_output_format_default, rrs); -} - - -ldns_dnssec_rrsets * -ldns_dnssec_rrsets_new(void) -{ - ldns_dnssec_rrsets *new_rrsets; - new_rrsets = LDNS_MALLOC(ldns_dnssec_rrsets); - if(!new_rrsets) return NULL; - new_rrsets->rrs = NULL; - new_rrsets->type = 0; - new_rrsets->signatures = NULL; - new_rrsets->next = NULL; - return new_rrsets; -} - -INLINE void -ldns_dnssec_rrsets_free_internal(ldns_dnssec_rrsets *rrsets, int deep) -{ - if (rrsets) { - if (rrsets->rrs) { - ldns_dnssec_rrs_free_internal(rrsets->rrs, deep); - } - if (rrsets->next) { - ldns_dnssec_rrsets_free_internal(rrsets->next, deep); - } - if (rrsets->signatures) { - ldns_dnssec_rrs_free_internal(rrsets->signatures, deep); - } - LDNS_FREE(rrsets); - } -} - -void -ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets) -{ - ldns_dnssec_rrsets_free_internal(rrsets, 0); -} - -void -ldns_dnssec_rrsets_deep_free(ldns_dnssec_rrsets *rrsets) -{ - ldns_dnssec_rrsets_free_internal(rrsets, 1); -} - -ldns_rr_type -ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets) -{ - if (rrsets) { - return rrsets->type; - } else { - return 0; - } -} - -ldns_status -ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets, - ldns_rr_type type) -{ - if (rrsets) { - rrsets->type = type; - return LDNS_STATUS_OK; - } - return LDNS_STATUS_ERR; -} - -static ldns_dnssec_rrsets * -ldns_dnssec_rrsets_new_frm_rr(ldns_rr *rr) -{ - ldns_dnssec_rrsets *new_rrsets; - ldns_rr_type rr_type; - bool rrsig; - - new_rrsets = ldns_dnssec_rrsets_new(); - rr_type = ldns_rr_get_type(rr); - if (rr_type == LDNS_RR_TYPE_RRSIG) { - rrsig = true; - rr_type = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); - } else { - rrsig = false; - } - if (!rrsig) { - new_rrsets->rrs = ldns_dnssec_rrs_new(); - new_rrsets->rrs->rr = rr; - } else { - new_rrsets->signatures = ldns_dnssec_rrs_new(); - new_rrsets->signatures->rr = rr; - } - new_rrsets->type = rr_type; - return new_rrsets; -} - -ldns_status -ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr) -{ - ldns_dnssec_rrsets *new_rrsets; - ldns_rr_type rr_type; - bool rrsig = false; - ldns_status result = LDNS_STATUS_OK; - - if (!rrsets || !rr) { - return LDNS_STATUS_ERR; - } - - rr_type = ldns_rr_get_type(rr); - - if (rr_type == LDNS_RR_TYPE_RRSIG) { - rrsig = true; - rr_type = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); - } - - if (!rrsets->rrs && rrsets->type == 0 && !rrsets->signatures) { - if (!rrsig) { - rrsets->rrs = ldns_dnssec_rrs_new(); - rrsets->rrs->rr = rr; - rrsets->type = rr_type; - } else { - rrsets->signatures = ldns_dnssec_rrs_new(); - rrsets->signatures->rr = rr; - rrsets->type = rr_type; - } - return LDNS_STATUS_OK; - } - - if (rr_type > ldns_dnssec_rrsets_type(rrsets)) { - if (rrsets->next) { - result = ldns_dnssec_rrsets_add_rr(rrsets->next, rr); - } else { - new_rrsets = ldns_dnssec_rrsets_new_frm_rr(rr); - rrsets->next = new_rrsets; - } - } else if (rr_type < ldns_dnssec_rrsets_type(rrsets)) { - /* move the current one into the new next, - replace field of current with data from new rr */ - new_rrsets = ldns_dnssec_rrsets_new(); - new_rrsets->rrs = rrsets->rrs; - new_rrsets->type = rrsets->type; - new_rrsets->signatures = rrsets->signatures; - new_rrsets->next = rrsets->next; - if (!rrsig) { - rrsets->rrs = ldns_dnssec_rrs_new(); - rrsets->rrs->rr = rr; - rrsets->signatures = NULL; - } else { - rrsets->rrs = NULL; - rrsets->signatures = ldns_dnssec_rrs_new(); - rrsets->signatures->rr = rr; - } - rrsets->type = rr_type; - rrsets->next = new_rrsets; - } else { - /* equal, add to current rrsets */ - if (rrsig) { - if (rrsets->signatures) { - result = ldns_dnssec_rrs_add_rr(rrsets->signatures, rr); - } else { - rrsets->signatures = ldns_dnssec_rrs_new(); - rrsets->signatures->rr = rr; - } - } else { - if (rrsets->rrs) { - result = ldns_dnssec_rrs_add_rr(rrsets->rrs, rr); - } else { - rrsets->rrs = ldns_dnssec_rrs_new(); - rrsets->rrs->rr = rr; - } - } - } - - return result; -} - -static void -ldns_dnssec_rrsets_print_soa_fmt(FILE *out, const ldns_output_format *fmt, - ldns_dnssec_rrsets *rrsets, - bool follow, - bool show_soa) -{ - if (!rrsets) { - if ((fmt->flags & LDNS_COMMENT_LAYOUT)) - fprintf(out, "; \n"); - } else { - if (rrsets->rrs && - (show_soa || - ldns_rr_get_type(rrsets->rrs->rr) != LDNS_RR_TYPE_SOA - ) - ) { - ldns_dnssec_rrs_print_fmt(out, fmt, rrsets->rrs); - if (rrsets->signatures) { - ldns_dnssec_rrs_print_fmt(out, fmt, - rrsets->signatures); - } - } - if (follow && rrsets->next) { - ldns_dnssec_rrsets_print_soa_fmt(out, fmt, - rrsets->next, follow, show_soa); - } - } -} - - -void -ldns_dnssec_rrsets_print_fmt(FILE *out, const ldns_output_format *fmt, - ldns_dnssec_rrsets *rrsets, - bool follow) -{ - ldns_dnssec_rrsets_print_soa_fmt(out, fmt, rrsets, follow, true); -} - -void -ldns_dnssec_rrsets_print(FILE *out, ldns_dnssec_rrsets *rrsets, bool follow) -{ - ldns_dnssec_rrsets_print_fmt(out, ldns_output_format_default, - rrsets, follow); -} - -ldns_dnssec_name * -ldns_dnssec_name_new(void) -{ - ldns_dnssec_name *new_name; - - new_name = LDNS_CALLOC(ldns_dnssec_name, 1); - if (!new_name) { - return NULL; - } - /* - * not needed anymore because CALLOC initalizes everything to zero. - - new_name->name = NULL; - new_name->rrsets = NULL; - new_name->name_alloced = false; - new_name->nsec = NULL; - new_name->nsec_signatures = NULL; - - new_name->is_glue = false; - new_name->hashed_name = NULL; - - */ - return new_name; -} - -ldns_dnssec_name * -ldns_dnssec_name_new_frm_rr(ldns_rr *rr) -{ - ldns_dnssec_name *new_name = ldns_dnssec_name_new(); - - new_name->name = ldns_rr_owner(rr); - if(ldns_dnssec_name_add_rr(new_name, rr) != LDNS_STATUS_OK) { - ldns_dnssec_name_free(new_name); - return NULL; - } - - return new_name; -} - -INLINE void -ldns_dnssec_name_free_internal(ldns_dnssec_name *name, - int deep) -{ - if (name) { - if (name->name_alloced) { - ldns_rdf_deep_free(name->name); - } - if (name->rrsets) { - ldns_dnssec_rrsets_free_internal(name->rrsets, deep); - } - if (name->nsec && deep) { - ldns_rr_free(name->nsec); - } - if (name->nsec_signatures) { - ldns_dnssec_rrs_free_internal(name->nsec_signatures, deep); - } - if (name->hashed_name) { - if (deep) { - ldns_rdf_deep_free(name->hashed_name); - } - } - LDNS_FREE(name); - } -} - -void -ldns_dnssec_name_free(ldns_dnssec_name *name) -{ - ldns_dnssec_name_free_internal(name, 0); -} - -void -ldns_dnssec_name_deep_free(ldns_dnssec_name *name) -{ - ldns_dnssec_name_free_internal(name, 1); -} - -ldns_rdf * -ldns_dnssec_name_name(ldns_dnssec_name *name) -{ - if (name) { - return name->name; - } - return NULL; -} - -bool -ldns_dnssec_name_is_glue(ldns_dnssec_name *name) -{ - if (name) { - return name->is_glue; - } - return false; -} - -void -ldns_dnssec_name_set_name(ldns_dnssec_name *rrset, - ldns_rdf *dname) -{ - if (rrset && dname) { - rrset->name = dname; - } -} - - -void -ldns_dnssec_name_set_nsec(ldns_dnssec_name *rrset, ldns_rr *nsec) -{ - if (rrset && nsec) { - rrset->nsec = nsec; - } -} - -int -ldns_dnssec_name_cmp(const void *a, const void *b) -{ - ldns_dnssec_name *na = (ldns_dnssec_name *) a; - ldns_dnssec_name *nb = (ldns_dnssec_name *) b; - - if (na && nb) { - return ldns_dname_compare(ldns_dnssec_name_name(na), - ldns_dnssec_name_name(nb)); - } else if (na) { - return 1; - } else if (nb) { - return -1; - } else { - return 0; - } -} - -ldns_status -ldns_dnssec_name_add_rr(ldns_dnssec_name *name, - ldns_rr *rr) -{ - ldns_status result = LDNS_STATUS_OK; - ldns_rr_type rr_type; - ldns_rr_type typecovered = 0; - - /* special handling for NSEC3 and NSECX covering RRSIGS */ - - if (!name || !rr) { - return LDNS_STATUS_ERR; - } - - rr_type = ldns_rr_get_type(rr); - - if (rr_type == LDNS_RR_TYPE_RRSIG) { - typecovered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); - } - - if (rr_type == LDNS_RR_TYPE_NSEC || - rr_type == LDNS_RR_TYPE_NSEC3) { - /* XX check if is already set (and error?) */ - name->nsec = rr; - } else if (typecovered == LDNS_RR_TYPE_NSEC || - typecovered == LDNS_RR_TYPE_NSEC3) { - if (name->nsec_signatures) { - result = ldns_dnssec_rrs_add_rr(name->nsec_signatures, rr); - } else { - name->nsec_signatures = ldns_dnssec_rrs_new(); - name->nsec_signatures->rr = rr; - } - } else { - /* it's a 'normal' RR, add it to the right rrset */ - if (name->rrsets) { - result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr); - } else { - name->rrsets = ldns_dnssec_rrsets_new(); - result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr); - } - } - return result; -} - -ldns_dnssec_rrsets * -ldns_dnssec_name_find_rrset(ldns_dnssec_name *name, - ldns_rr_type type) { - ldns_dnssec_rrsets *result; - - result = name->rrsets; - while (result) { - if (result->type == type) { - return result; - } else { - result = result->next; - } - } - return NULL; -} - -ldns_dnssec_rrsets * -ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone, - ldns_rdf *dname, - ldns_rr_type type) -{ - ldns_rbnode_t *node; - - if (!zone || !dname || !zone->names) { - return NULL; - } - - node = ldns_rbtree_search(zone->names, dname); - if (node) { - return ldns_dnssec_name_find_rrset((ldns_dnssec_name *)node->data, - type); - } else { - return NULL; - } -} - -static void -ldns_dnssec_name_print_soa_fmt(FILE *out, const ldns_output_format *fmt, - ldns_dnssec_name *name, - bool show_soa) -{ - if (name) { - if(name->rrsets) { - ldns_dnssec_rrsets_print_soa_fmt(out, fmt, - name->rrsets, true, show_soa); - } else if ((fmt->flags & LDNS_COMMENT_LAYOUT)) { - fprintf(out, ";; Empty nonterminal: "); - ldns_rdf_print(out, name->name); - fprintf(out, "\n"); - } - if(name->nsec) { - ldns_rr_print_fmt(out, fmt, name->nsec); - } - if (name->nsec_signatures) { - ldns_dnssec_rrs_print_fmt(out, fmt, - name->nsec_signatures); - } - } else if ((fmt->flags & LDNS_COMMENT_LAYOUT)) { - fprintf(out, "; \n"); - } -} - - -void -ldns_dnssec_name_print_fmt(FILE *out, const ldns_output_format *fmt, - ldns_dnssec_name *name) -{ - ldns_dnssec_name_print_soa_fmt(out, fmt, name, true); -} - -void -ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name) -{ - ldns_dnssec_name_print_fmt(out, ldns_output_format_default, name); -} - - -ldns_dnssec_zone * -ldns_dnssec_zone_new(void) -{ - ldns_dnssec_zone *zone = LDNS_MALLOC(ldns_dnssec_zone); - if(!zone) return NULL; - zone->soa = NULL; - zone->names = NULL; - zone->hashed_names = NULL; - zone->_nsec3params = NULL; - - return zone; -} - -static bool -rr_is_rrsig_covering(ldns_rr* rr, ldns_rr_type t) -{ - return ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG - && ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)) == t; -} - -/* When the zone is first read into an list and then inserted into an - * ldns_dnssec_zone (rbtree) the nodes of the rbtree are allocated close (next) - * to each other. Because ldns-verify-zone (the only program that uses this - * function) uses the rbtree mostly for sequentual walking, this results - * in a speed increase (of 15% on linux) because we have less CPU-cache misses. - */ -#define FASTER_DNSSEC_ZONE_NEW_FRM_FP 1 /* Because of L2 cache efficiency */ - -static ldns_status -ldns_dnssec_zone_add_empty_nonterminals_nsec3( - ldns_dnssec_zone *zone, ldns_rbtree_t *nsec3s); - -static void -ldns_todo_nsec3_ents_node_free(ldns_rbnode_t *node, void *arg) { - (void) arg; - ldns_rdf_deep_free((ldns_rdf *)node->key); - LDNS_FREE(node); -} - -ldns_status -ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin, - uint32_t ttl, ldns_rr_class ATTR_UNUSED(c), int* line_nr) -{ - ldns_rr* cur_rr; - size_t i; - - ldns_rdf *my_origin = NULL; - ldns_rdf *my_prev = NULL; - - ldns_dnssec_zone *newzone = ldns_dnssec_zone_new(); - /* NSEC3s may occur before the names they refer to. We must remember - them and add them to the name later on, after the name is read. - We track not yet matching NSEC3s*n the todo_nsec3s list */ - ldns_rr_list* todo_nsec3s = ldns_rr_list_new(); - /* when reading NSEC3s, there is a chance that we encounter nsecs - for empty nonterminals, whose nonterminals we cannot derive yet - because the needed information is to be read later. - - nsec3_ents (where ent is e.n.t.; i.e. empty non terminal) will - hold the NSEC3s that still didn't have a matching name in the - zone tree, even after all names were read. They can only match - after the zone is equiped with all the empty non terminals. */ - ldns_rbtree_t todo_nsec3_ents; - ldns_rbnode_t *new_node; - ldns_rr_list* todo_nsec3_rrsigs = ldns_rr_list_new(); - - ldns_status status; - -#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP - ldns_zone* zone = NULL; -#else - uint32_t my_ttl = ttl; -#endif - - ldns_rbtree_init(&todo_nsec3_ents, ldns_dname_compare_v); - -#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP - status = ldns_zone_new_frm_fp_l(&zone, fp, origin,ttl, c, line_nr); - if (status != LDNS_STATUS_OK) - goto error; -#endif - if (!newzone || !todo_nsec3s || !todo_nsec3_rrsigs ) { - status = LDNS_STATUS_MEM_ERR; - goto error; - } - if (origin) { - if (!(my_origin = ldns_rdf_clone(origin))) { - status = LDNS_STATUS_MEM_ERR; - goto error; - } - if (!(my_prev = ldns_rdf_clone(origin))) { - status = LDNS_STATUS_MEM_ERR; - goto error; - } - } - -#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP - if (ldns_zone_soa(zone)) { - status = ldns_dnssec_zone_add_rr(newzone, ldns_zone_soa(zone)); - if (status != LDNS_STATUS_OK) - goto error; - } - for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { - cur_rr = ldns_rr_list_rr(ldns_zone_rrs(zone), i); - status = LDNS_STATUS_OK; -#else - while (!feof(fp)) { - status = ldns_rr_new_frm_fp_l(&cur_rr, fp, &my_ttl, &my_origin, - &my_prev, line_nr); - -#endif - switch (status) { - case LDNS_STATUS_OK: - - status = ldns_dnssec_zone_add_rr(newzone, cur_rr); - if (status == - LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) { - - if (rr_is_rrsig_covering(cur_rr, - LDNS_RR_TYPE_NSEC3)){ - ldns_rr_list_push_rr(todo_nsec3_rrsigs, - cur_rr); - } else { - ldns_rr_list_push_rr(todo_nsec3s, - cur_rr); - } - status = LDNS_STATUS_OK; - - } else if (status != LDNS_STATUS_OK) - goto error; - - break; - - - case LDNS_STATUS_SYNTAX_EMPTY: /* empty line was seen */ - case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/ - case LDNS_STATUS_SYNTAX_ORIGIN: /* the origin was set*/ - status = LDNS_STATUS_OK; - break; - - case LDNS_STATUS_SYNTAX_INCLUDE:/* $include not implemented */ - status = LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL; - break; - - default: - goto error; - } - } - - for (i = 0; status == LDNS_STATUS_OK && - i < ldns_rr_list_rr_count(todo_nsec3s); i++) { - cur_rr = ldns_rr_list_rr(todo_nsec3s, i); - status = ldns_dnssec_zone_add_rr(newzone, cur_rr); - if (status == LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) { - if (!(new_node = LDNS_MALLOC(ldns_rbnode_t))) { - status = LDNS_STATUS_MEM_ERR; - break; - } - new_node->key = ldns_dname_label(ldns_rr_owner(cur_rr), 0); - new_node->data = cur_rr; - if (!ldns_rbtree_insert(&todo_nsec3_ents, new_node)) { - LDNS_FREE(new_node); - status = LDNS_STATUS_MEM_ERR; - break; - } - status = LDNS_STATUS_OK; - } - } - if (todo_nsec3_ents.count > 0) - (void) ldns_dnssec_zone_add_empty_nonterminals_nsec3( - newzone, &todo_nsec3_ents); - for (i = 0; status == LDNS_STATUS_OK && - i < ldns_rr_list_rr_count(todo_nsec3_rrsigs); i++) { - cur_rr = ldns_rr_list_rr(todo_nsec3_rrsigs, i); - status = ldns_dnssec_zone_add_rr(newzone, cur_rr); - } - if (z) { - *z = newzone; - newzone = NULL; - } else { - ldns_dnssec_zone_free(newzone); - } - -error: -#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP - if (zone) { - ldns_zone_free(zone); - } -#endif - ldns_rr_list_free(todo_nsec3_rrsigs); - ldns_traverse_postorder(&todo_nsec3_ents, - ldns_todo_nsec3_ents_node_free, NULL); - ldns_rr_list_free(todo_nsec3s); - - if (my_origin) { - ldns_rdf_deep_free(my_origin); - } - if (my_prev) { - ldns_rdf_deep_free(my_prev); - } - if (newzone) { - ldns_dnssec_zone_free(newzone); - } - return status; -} - -ldns_status -ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin, - uint32_t ttl, ldns_rr_class ATTR_UNUSED(c)) -{ - return ldns_dnssec_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL); -} - -static void -ldns_dnssec_name_node_free(ldns_rbnode_t *node, void *arg) { - (void) arg; - ldns_dnssec_name_free((ldns_dnssec_name *)node->data); - LDNS_FREE(node); -} - -static void -ldns_dnssec_name_node_deep_free(ldns_rbnode_t *node, void *arg) { - (void) arg; - ldns_dnssec_name_deep_free((ldns_dnssec_name *)node->data); - LDNS_FREE(node); -} - -void -ldns_dnssec_zone_free(ldns_dnssec_zone *zone) -{ - if (zone) { - if (zone->names) { - /* destroy all name structures within the tree */ - ldns_traverse_postorder(zone->names, - ldns_dnssec_name_node_free, - NULL); - LDNS_FREE(zone->names); - } - LDNS_FREE(zone); - } -} - -void -ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone) -{ - if (zone) { - if (zone->names) { - /* destroy all name structures within the tree */ - ldns_traverse_postorder(zone->names, - ldns_dnssec_name_node_deep_free, - NULL); - LDNS_FREE(zone->names); - } - LDNS_FREE(zone); - } -} - -/* use for dname comparison in tree */ -int -ldns_dname_compare_v(const void *a, const void *b) { - return ldns_dname_compare((ldns_rdf *)a, (ldns_rdf *)b); -} - -static void -ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone, - ldns_dnssec_name* name, ldns_rr* nsec3rr); - -static void -ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) { - (void) arg; - LDNS_FREE(node); -} - -static void -ldns_dnssec_zone_hashed_names_from_nsec3( - ldns_dnssec_zone* zone, ldns_rr* nsec3rr) -{ - ldns_rbnode_t* current_node; - ldns_dnssec_name* current_name; - - assert(zone != NULL); - assert(nsec3rr != NULL); - - if (zone->hashed_names) { - ldns_traverse_postorder(zone->hashed_names, - ldns_hashed_names_node_free, NULL); - LDNS_FREE(zone->hashed_names); - } - zone->_nsec3params = nsec3rr; - - /* So this is a NSEC3 zone. - * Calculate hashes for all names already in the zone - */ - zone->hashed_names = ldns_rbtree_create(ldns_dname_compare_v); - if (zone->hashed_names == NULL) { - return; - } - for ( current_node = ldns_rbtree_first(zone->names) - ; current_node != LDNS_RBTREE_NULL - ; current_node = ldns_rbtree_next(current_node) - ) { - current_name = (ldns_dnssec_name *) current_node->data; - ldns_dnssec_name_make_hashed_name(zone, current_name, nsec3rr); - - } -} - -static void -ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone, - ldns_dnssec_name* name, ldns_rr* nsec3rr) -{ - ldns_rbnode_t* new_node; - - assert(name != NULL); - if (! zone->_nsec3params) { - if (! nsec3rr) { - return; - } - ldns_dnssec_zone_hashed_names_from_nsec3(zone, nsec3rr); - - } else if (! nsec3rr) { - nsec3rr = zone->_nsec3params; - } - name->hashed_name = ldns_nsec3_hash_name_frm_nsec3(nsec3rr, name->name); - - /* Also store in zone->hashed_names */ - if ((new_node = LDNS_MALLOC(ldns_rbnode_t))) { - - new_node->key = name->hashed_name; - new_node->data = name; - - if (ldns_rbtree_insert(zone->hashed_names, new_node) == NULL) { - - LDNS_FREE(new_node); - } - } -} - - -static ldns_rbnode_t * -ldns_dnssec_zone_find_nsec3_original(ldns_dnssec_zone *zone, ldns_rr *rr) { - ldns_rdf *hashed_name; - - hashed_name = ldns_dname_label(ldns_rr_owner(rr), 0); - if (hashed_name == NULL) { - return NULL; - } - if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NSEC3 && ! zone->_nsec3params){ - - ldns_dnssec_zone_hashed_names_from_nsec3(zone, rr); - } - if (zone->hashed_names == NULL) { - ldns_rdf_deep_free(hashed_name); - return NULL; - } - return ldns_rbtree_search(zone->hashed_names, hashed_name); -} - -ldns_status -ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr) -{ - ldns_status result = LDNS_STATUS_OK; - ldns_dnssec_name *cur_name; - ldns_rbnode_t *cur_node; - ldns_rr_type type_covered = 0; - - if (!zone || !rr) { - return LDNS_STATUS_ERR; - } - - if (!zone->names) { - zone->names = ldns_rbtree_create(ldns_dname_compare_v); - if(!zone->names) return LDNS_STATUS_MEM_ERR; - } - - /* we need the original of the hashed name if this is - an NSEC3, or an RRSIG that covers an NSEC3 */ - if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) { - type_covered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); - } - if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NSEC3 || - type_covered == LDNS_RR_TYPE_NSEC3) { - cur_node = ldns_dnssec_zone_find_nsec3_original(zone, rr); - if (!cur_node) { - return LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND; - } - } else { - cur_node = ldns_rbtree_search(zone->names, ldns_rr_owner(rr)); - } - if (!cur_node) { - /* add */ - cur_name = ldns_dnssec_name_new_frm_rr(rr); - if(!cur_name) return LDNS_STATUS_MEM_ERR; - cur_node = LDNS_MALLOC(ldns_rbnode_t); - if(!cur_node) { - ldns_dnssec_name_free(cur_name); - return LDNS_STATUS_MEM_ERR; - } - cur_node->key = ldns_rr_owner(rr); - cur_node->data = cur_name; - (void)ldns_rbtree_insert(zone->names, cur_node); - ldns_dnssec_name_make_hashed_name(zone, cur_name, NULL); - } else { - cur_name = (ldns_dnssec_name *) cur_node->data; - result = ldns_dnssec_name_add_rr(cur_name, rr); - } - if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) { - zone->soa = cur_name; - } - return result; -} - -void -ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt, - ldns_rbtree_t *tree, - bool print_soa) -{ - ldns_rbnode_t *node; - ldns_dnssec_name *name; - - node = ldns_rbtree_first(tree); - while (node != LDNS_RBTREE_NULL) { - name = (ldns_dnssec_name *) node->data; - ldns_dnssec_name_print_soa_fmt(out, fmt, name, print_soa); - if ((fmt->flags & LDNS_COMMENT_LAYOUT)) - fprintf(out, ";\n"); - node = ldns_rbtree_next(node); - } -} - -void -ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa) -{ - ldns_dnssec_zone_names_print_fmt(out, ldns_output_format_default, - tree, print_soa); -} - -void -ldns_dnssec_zone_print_fmt(FILE *out, const ldns_output_format *fmt, - ldns_dnssec_zone *zone) -{ - if (zone) { - if (zone->soa) { - if ((fmt->flags & LDNS_COMMENT_LAYOUT)) { - fprintf(out, ";; Zone: "); - ldns_rdf_print(out, ldns_dnssec_name_name( - zone->soa)); - fprintf(out, "\n;\n"); - } - ldns_dnssec_rrsets_print_fmt(out, fmt, - ldns_dnssec_name_find_rrset( - zone->soa, - LDNS_RR_TYPE_SOA), - false); - if ((fmt->flags & LDNS_COMMENT_LAYOUT)) - fprintf(out, ";\n"); - } - - if (zone->names) { - ldns_dnssec_zone_names_print_fmt(out, fmt, - zone->names, false); - } - } -} - -void -ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone) -{ - ldns_dnssec_zone_print_fmt(out, ldns_output_format_default, zone); -} - -static ldns_status -ldns_dnssec_zone_add_empty_nonterminals_nsec3( - ldns_dnssec_zone *zone, ldns_rbtree_t *nsec3s) -{ - ldns_dnssec_name *new_name; - ldns_rdf *cur_name; - ldns_rdf *next_name; - ldns_rbnode_t *cur_node, *next_node, *new_node; - - /* for the detection */ - uint16_t i, cur_label_count, next_label_count; - uint16_t soa_label_count = 0; - ldns_rdf *l1, *l2; - int lpos; - - if (!zone) { - return LDNS_STATUS_ERR; - } - if (zone->soa && zone->soa->name) { - soa_label_count = ldns_dname_label_count(zone->soa->name); - } - - cur_node = ldns_rbtree_first(zone->names); - while (cur_node != LDNS_RBTREE_NULL) { - next_node = ldns_rbtree_next(cur_node); - - /* skip glue */ - while (next_node != LDNS_RBTREE_NULL && - next_node->data && - ((ldns_dnssec_name *)next_node->data)->is_glue - ) { - next_node = ldns_rbtree_next(next_node); - } - - if (next_node == LDNS_RBTREE_NULL) { - next_node = ldns_rbtree_first(zone->names); - } - if (! cur_node->data || ! next_node->data) { - return LDNS_STATUS_ERR; - } - cur_name = ((ldns_dnssec_name *)cur_node->data)->name; - next_name = ((ldns_dnssec_name *)next_node->data)->name; - cur_label_count = ldns_dname_label_count(cur_name); - next_label_count = ldns_dname_label_count(next_name); - - /* Since the names are in canonical order, we can - * recognize empty non-terminals by their labels; - * every label after the first one on the next owner - * name is a non-terminal if it either does not exist - * in the current name or is different from the same - * label in the current name (counting from the end) - */ - for (i = 1; i < next_label_count - soa_label_count; i++) { - lpos = (int)cur_label_count - (int)next_label_count + (int)i; - if (lpos >= 0) { - l1 = ldns_dname_clone_from(cur_name, (uint8_t)lpos); - } else { - l1 = NULL; - } - l2 = ldns_dname_clone_from(next_name, i); - - if (!l1 || ldns_dname_compare(l1, l2) != 0) { - /* We have an empty nonterminal, add it to the - * tree - */ - ldns_rbnode_t *node = NULL; - ldns_rdf *ent_name; - - if (!(ent_name = ldns_dname_clone_from( - next_name, i))) - return LDNS_STATUS_MEM_ERR; - - if (nsec3s && zone->_nsec3params) { - ldns_rdf *ent_hashed_name; - - if (!(ent_hashed_name = - ldns_nsec3_hash_name_frm_nsec3( - zone->_nsec3params, - ent_name))) - return LDNS_STATUS_MEM_ERR; - node = ldns_rbtree_search(nsec3s, - ent_hashed_name); - if (!node) { - ldns_rdf_deep_free(l1); - ldns_rdf_deep_free(l2); - continue; - } - } - new_name = ldns_dnssec_name_new(); - if (!new_name) { - return LDNS_STATUS_MEM_ERR; - } - new_name->name = ent_name; - if (!new_name->name) { - ldns_dnssec_name_free(new_name); - return LDNS_STATUS_MEM_ERR; - } - new_name->name_alloced = true; - new_node = LDNS_MALLOC(ldns_rbnode_t); - if (!new_node) { - ldns_dnssec_name_free(new_name); - return LDNS_STATUS_MEM_ERR; - } - new_node->key = new_name->name; - new_node->data = new_name; - (void)ldns_rbtree_insert(zone->names, new_node); - ldns_dnssec_name_make_hashed_name( - zone, new_name, NULL); - if (node) - (void) ldns_dnssec_zone_add_rr(zone, - (ldns_rr *)node->data); - } - ldns_rdf_deep_free(l1); - ldns_rdf_deep_free(l2); - } - - /* we might have inserted a new node after - * the current one so we can't just use next() - */ - if (next_node != ldns_rbtree_first(zone->names)) { - cur_node = next_node; - } else { - cur_node = LDNS_RBTREE_NULL; - } - } - return LDNS_STATUS_OK; -} - -ldns_status -ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone) -{ - return ldns_dnssec_zone_add_empty_nonterminals_nsec3(zone, NULL); -} - -bool -ldns_dnssec_zone_is_nsec3_optout(ldns_dnssec_zone* zone) -{ - ldns_rr* nsec3; - ldns_rbnode_t* node; - - if (ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_NSEC3PARAM)) { - node = ldns_rbtree_first(zone->names); - while (node != LDNS_RBTREE_NULL) { - nsec3 = ((ldns_dnssec_name*)node->data)->nsec; - if (nsec3 &&ldns_rr_get_type(nsec3) - == LDNS_RR_TYPE_NSEC3 && - ldns_nsec3_optout(nsec3)) { - return true; - } - node = ldns_rbtree_next(node); - } - } - return false; -} diff --git a/src/ldns/duration.c b/src/ldns/duration.c deleted file mode 100644 index 6d0a388..0000000 --- a/src/ldns/duration.c +++ /dev/null @@ -1,354 +0,0 @@ -/* - * $Id: duration.c 4518 2011-02-24 15:39:09Z matthijs $ - * - * Copyright (c) 2009 NLNet Labs. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED - * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE - * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER - * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN - * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * - * This file is copied from the OpenDNSSEC source repository - * and only slightly adapted to make it fit. - */ - -/** - * - * Durations. - */ - -#include -#include - -#include -#include -#include -#include - - -/** - * Create a new 'instant' duration. - * - */ -ldns_duration_type* -ldns_duration_create(void) -{ - ldns_duration_type* duration; - - duration = malloc(sizeof(ldns_duration_type)); - if (!duration) { - return NULL; - } - duration->years = 0; - duration->months = 0; - duration->weeks = 0; - duration->days = 0; - duration->hours = 0; - duration->minutes = 0; - duration->seconds = 0; - return duration; -} - - -/** - * Compare durations. - * - */ -int -ldns_duration_compare(ldns_duration_type* d1, ldns_duration_type* d2) -{ - if (!d1 && !d2) { - return 0; - } - if (!d1 || !d2) { - return d1?-1:1; - } - - if (d1->years != d2->years) { - return (int) (d1->years - d2->years); - } - if (d1->months != d2->months) { - return (int) (d1->months - d2->months); - } - if (d1->weeks != d2->weeks) { - return (int) (d1->weeks - d2->weeks); - } - if (d1->days != d2->days) { - return (int) (d1->days - d2->days); - } - if (d1->hours != d2->hours) { - return (int) (d1->hours - d2->hours); - } - if (d1->minutes != d2->minutes) { - return (int) (d1->minutes - d2->minutes); - } - if (d1->seconds != d2->seconds) { - return (int) (d1->seconds - d2->seconds); - } - - return 0; -} - - -/** - * Create a duration from string. - * - */ -ldns_duration_type* -ldns_duration_create_from_string(const char* str) -{ - ldns_duration_type* duration = ldns_duration_create(); - char* P, *X, *T, *W; - int not_weeks = 0; - - if (!duration) { - return NULL; - } - if (!str) { - return duration; - } - - P = strchr(str, 'P'); - if (!P) { - ldns_duration_cleanup(duration); - return NULL; - } - - T = strchr(str, 'T'); - X = strchr(str, 'Y'); - if (X) { - duration->years = (time_t) atoi(str+1); - str = X; - not_weeks = 1; - } - X = strchr(str, 'M'); - if (X && (!T || (size_t) (X-P) < (size_t) (T-P))) { - duration->months = (time_t) atoi(str+1); - str = X; - not_weeks = 1; - } - X = strchr(str, 'D'); - if (X) { - duration->days = (time_t) atoi(str+1); - str = X; - not_weeks = 1; - } - if (T) { - str = T; - not_weeks = 1; - } - X = strchr(str, 'H'); - if (X && T) { - duration->hours = (time_t) atoi(str+1); - str = X; - not_weeks = 1; - } - X = strrchr(str, 'M'); - if (X && T && (size_t) (X-P) > (size_t) (T-P)) { - duration->minutes = (time_t) atoi(str+1); - str = X; - not_weeks = 1; - } - X = strchr(str, 'S'); - if (X && T) { - duration->seconds = (time_t) atoi(str+1); - str = X; - not_weeks = 1; - } - - W = strchr(str, 'W'); - if (W) { - if (not_weeks) { - ldns_duration_cleanup(duration); - return NULL; - } else { - duration->weeks = (time_t) atoi(str+1); - str = W; - } - } - return duration; -} - - -/** - * Get the number of digits in a number. - * - */ -static size_t -digits_in_number(time_t duration) -{ - uint32_t period = (uint32_t) duration; - size_t count = 0; - - while (period > 0) { - count++; - period /= 10; - } - return count; -} - - -/** - * Convert a duration to a string. - * - */ -char* -ldns_duration2string(ldns_duration_type* duration) -{ - char* str = NULL, *num = NULL; - size_t count = 2; - int T = 0; - - if (!duration) { - return NULL; - } - - if (duration->years > 0) { - count = count + 1 + digits_in_number(duration->years); - } - if (duration->months > 0) { - count = count + 1 + digits_in_number(duration->months); - } - if (duration->weeks > 0) { - count = count + 1 + digits_in_number(duration->weeks); - } - if (duration->days > 0) { - count = count + 1 + digits_in_number(duration->days); - } - if (duration->hours > 0) { - count = count + 1 + digits_in_number(duration->hours); - T = 1; - } - if (duration->minutes > 0) { - count = count + 1 + digits_in_number(duration->minutes); - T = 1; - } - if (duration->seconds > 0) { - count = count + 1 + digits_in_number(duration->seconds); - T = 1; - } - if (T) { - count++; - } - - str = (char*) calloc(count, sizeof(char)); - str[0] = 'P'; - str[1] = '\0'; - - if (duration->years > 0) { - count = digits_in_number(duration->years); - num = (char*) calloc(count+2, sizeof(char)); - snprintf(num, count+2, "%uY", (unsigned int) duration->years); - str = strncat(str, num, count+2); - free((void*) num); - } - if (duration->months > 0) { - count = digits_in_number(duration->months); - num = (char*) calloc(count+2, sizeof(char)); - snprintf(num, count+2, "%uM", (unsigned int) duration->months); - str = strncat(str, num, count+2); - free((void*) num); - } - if (duration->weeks > 0) { - count = digits_in_number(duration->weeks); - num = (char*) calloc(count+2, sizeof(char)); - snprintf(num, count+2, "%uW", (unsigned int) duration->weeks); - str = strncat(str, num, count+2); - free((void*) num); - } - if (duration->days > 0) { - count = digits_in_number(duration->days); - num = (char*) calloc(count+2, sizeof(char)); - snprintf(num, count+2, "%uD", (unsigned int) duration->days); - str = strncat(str, num, count+2); - free((void*) num); - } - if (T) { - str = strncat(str, "T", 1); - } - if (duration->hours > 0) { - count = digits_in_number(duration->hours); - num = (char*) calloc(count+2, sizeof(char)); - snprintf(num, count+2, "%uH", (unsigned int) duration->hours); - str = strncat(str, num, count+2); - free((void*) num); - } - if (duration->minutes > 0) { - count = digits_in_number(duration->minutes); - num = (char*) calloc(count+2, sizeof(char)); - snprintf(num, count+2, "%uM", (unsigned int) duration->minutes); - str = strncat(str, num, count+2); - free((void*) num); - } - if (duration->seconds > 0) { - count = digits_in_number(duration->seconds); - num = (char*) calloc(count+2, sizeof(char)); - snprintf(num, count+2, "%uS", (unsigned int) duration->seconds); - str = strncat(str, num, count+2); - free((void*) num); - } - return str; -} - - -/** - * Convert a duration to a time. - * - */ -time_t -ldns_duration2time(ldns_duration_type* duration) -{ - time_t period = 0; - - if (duration) { - period += (duration->seconds); - period += (duration->minutes)*60; - period += (duration->hours)*3600; - period += (duration->days)*86400; - period += (duration->weeks)*86400*7; - period += (duration->months)*86400*31; - period += (duration->years)*86400*365; - - /* [TODO] calculate correct number of days in this month/year */ - /* - if (duration->months || duration->years) { - } - */ - } - return period; -} - - -/** - * Clean up duration. - * - */ -void -ldns_duration_cleanup(ldns_duration_type* duration) -{ - if (!duration) { - return; - } - free(duration); - return; -} diff --git a/src/ldns/error.c b/src/ldns/error.c deleted file mode 100644 index 82ea61a..0000000 --- a/src/ldns/error.c +++ /dev/null @@ -1,160 +0,0 @@ -/* - * a error2str function to make sense of all the - * error codes we have laying ardoun - * - * a Net::DNS like library for C - * LibDNS Team @ NLnet Labs - * (c) NLnet Labs, 2005-2006 - * See the file LICENSE for the license - */ - -#include - -#include - -ldns_lookup_table ldns_error_str[] = { - { LDNS_STATUS_OK, "All OK" }, - { LDNS_STATUS_EMPTY_LABEL, "Empty label" }, - { LDNS_STATUS_LABEL_OVERFLOW, "Label length overflow" }, - { LDNS_STATUS_DOMAINNAME_OVERFLOW, "Domainname length overflow" }, - { LDNS_STATUS_DOMAINNAME_UNDERFLOW, "Domainname length underflow (zero length)" }, - { LDNS_STATUS_DDD_OVERFLOW, "\\DDD sequence overflow (>255)" }, - { LDNS_STATUS_PACKET_OVERFLOW, "Packet size overflow" }, - { LDNS_STATUS_INVALID_POINTER, "Invalid compression pointer" }, - { LDNS_STATUS_MEM_ERR, "General memory error" }, - { LDNS_STATUS_INTERNAL_ERR, "Internal error, this should not happen" }, - { LDNS_STATUS_SSL_ERR, "Error in SSL library" }, - { LDNS_STATUS_ERR, "General LDNS error" }, - { LDNS_STATUS_INVALID_INT, "Conversion error, integer expected" }, - { LDNS_STATUS_INVALID_IP4, "Conversion error, ip4 addr expected" }, - { LDNS_STATUS_INVALID_IP6, "Conversion error, ip6 addr expected" }, - { LDNS_STATUS_INVALID_STR, "Conversion error, string expected" }, - { LDNS_STATUS_INVALID_B32_EXT, "Conversion error, b32 ext encoding expected" }, - { LDNS_STATUS_INVALID_B64, "Conversion error, b64 encoding expected" }, - { LDNS_STATUS_INVALID_HEX, "Conversion error, hex encoding expected" }, - { LDNS_STATUS_INVALID_TIME, "Conversion error, time encoding expected" }, - { LDNS_STATUS_NETWORK_ERR, "Could not send or receive, because of network error" }, - { LDNS_STATUS_ADDRESS_ERR, "Could not start AXFR, because of address error" }, - { LDNS_STATUS_FILE_ERR, "Could not open the files" }, - { LDNS_STATUS_UNKNOWN_INET, "Uknown address family" }, - { LDNS_STATUS_NOT_IMPL, "This function is not implemented (yet), please notify the developers - or not..." }, - { LDNS_STATUS_NULL, "Supplied value pointer null" }, - { LDNS_STATUS_CRYPTO_UNKNOWN_ALGO, "Unknown cryptographic algorithm" }, - { LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL, "Cryptographic algorithm not implemented" }, - { LDNS_STATUS_CRYPTO_NO_RRSIG, "No DNSSEC signature(s)" }, - { LDNS_STATUS_CRYPTO_NO_DNSKEY, "No DNSSEC public key(s)" }, - { LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR, "The signature does not cover this RRset" }, - { LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY, "No signatures found for trusted DNSSEC public key(s)" }, - { LDNS_STATUS_CRYPTO_NO_DS, "No DS record(s)" }, - { LDNS_STATUS_CRYPTO_NO_TRUSTED_DS, "Could not validate DS record(s)" }, - { LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY, "No keys with the keytag and algorithm from the RRSIG found" }, - { LDNS_STATUS_CRYPTO_VALIDATED, "Valid DNSSEC signature" }, - { LDNS_STATUS_CRYPTO_BOGUS, "Bogus DNSSEC signature" }, - { LDNS_STATUS_CRYPTO_SIG_EXPIRED, "DNSSEC signature has expired" }, - { LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED, "DNSSEC signature not incepted yet" }, - { LDNS_STATUS_CRYPTO_TSIG_BOGUS, "Bogus TSIG signature" }, - { LDNS_STATUS_CRYPTO_TSIG_ERR, "Could not create TSIG signature" }, - { LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION, "DNSSEC signature has expiration date earlier than inception date" }, - { LDNS_STATUS_ENGINE_KEY_NOT_LOADED, "Unable to load private key from engine" }, - { LDNS_STATUS_NSEC3_ERR, "Error in NSEC3 denial of existence proof" }, - { LDNS_STATUS_RES_NO_NS, "No (valid) nameservers defined in the resolver" }, - { LDNS_STATUS_RES_QUERY, "No correct query given to resolver" }, - { LDNS_STATUS_WIRE_INCOMPLETE_HEADER, "header section incomplete" }, - { LDNS_STATUS_WIRE_INCOMPLETE_QUESTION, "question section incomplete" }, - { LDNS_STATUS_WIRE_INCOMPLETE_ANSWER, "answer section incomplete" }, - { LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY, "authority section incomplete" }, - { LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL, "additional section incomplete" }, - { LDNS_STATUS_NO_DATA, "No data" }, - { LDNS_STATUS_EXISTS_ERR, "Element already exists" }, - { LDNS_STATUS_CERT_BAD_ALGORITHM, "Bad algorithm type for CERT record" }, - { LDNS_STATUS_SYNTAX_TYPE_ERR, "Syntax error, could not parse the RR's type" }, - { LDNS_STATUS_SYNTAX_CLASS_ERR, "Syntax error, could not parse the RR's class" }, - { LDNS_STATUS_SYNTAX_TTL_ERR, "Syntax error, could not parse the RR's TTL" }, - { LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL, "Syntax error, $INCLUDE not implemented" }, - { LDNS_STATUS_SYNTAX_RDATA_ERR, "Syntax error, could not parse the RR's rdata" }, - { LDNS_STATUS_SYNTAX_DNAME_ERR, "Syntax error, could not parse the RR's dname(s)" }, - { LDNS_STATUS_SYNTAX_VERSION_ERR, "Syntax error, version mismatch" }, - { LDNS_STATUS_SYNTAX_ALG_ERR, "Syntax error, algorithm unknown or non parseable" }, - { LDNS_STATUS_SYNTAX_KEYWORD_ERR, "Syntax error, unknown keyword in input" }, - { LDNS_STATUS_SYNTAX_ERR, "Syntax error, could not parse the RR" }, - { LDNS_STATUS_SYNTAX_EMPTY, "Empty line was returned" }, - { LDNS_STATUS_SYNTAX_TTL, "$TTL directive was seen in the zone" }, - { LDNS_STATUS_SYNTAX_ORIGIN, "$ORIGIN directive was seen in the zone" }, - { LDNS_STATUS_SYNTAX_INCLUDE, "$INCLUDE directive was seen in the zone" }, - { LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW, "Iterations count for NSEC3 record higher than maximum" }, - { LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR, "Syntax error, value expected" }, - { LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer value too large" }, - { LDNS_STATUS_SYNTAX_BAD_ESCAPE, "Syntax error, bad escape sequence" }, - { LDNS_STATUS_SOCKET_ERROR, "Error creating socket" }, - { LDNS_STATUS_DNSSEC_EXISTENCE_DENIED, "Existence denied by NSEC" }, - { LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED, "RR not covered by the given NSEC RRs" }, - { LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED, "wildcard not covered by the given NSEC RRs" }, - { LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND, "original of NSEC3 hashed name could not be found" }, - { LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG, "The RRSIG has to few rdata fields" }, - { LDNS_STATUS_MISSING_RDATA_FIELDS_KEY, "The DNSKEY has to few rdata fields" }, - { LDNS_STATUS_CRYPTO_SIG_EXPIRED_WITHIN_MARGIN, - "DNSSEC signature will expire too soon" }, - { LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED_WITHIN_MARGIN, - "DNSSEC signature not incepted long enough" }, - { LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE, - "Unknown TLSA Certificate Usage" }, - { LDNS_STATUS_DANE_UNKNOWN_SELECTOR, "Unknown TLSA Selector" }, - { LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE, - "Unknown TLSA Matching Type" }, - { LDNS_STATUS_DANE_UNKNOWN_PROTOCOL, - "Unknown protocol. Only IPv4 and IPv6 are understood" }, - { LDNS_STATUS_DANE_UNKNOWN_TRANSPORT, - "Unknown transport. Should be one of {tcp, udp, sctp}" }, - { LDNS_STATUS_DANE_MISSING_EXTRA_CERTS, /* Trust anchor assertion */ - "More than one certificate should be provided" }, - { LDNS_STATUS_DANE_EXTRA_CERTS_NOT_USED, /* Trust anchor assertion */ - "Non of the extra certificates is used to sign the first" }, - { LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE, /* Trust anchor assertion */ - "The offset was out of range" }, - { LDNS_STATUS_DANE_INSECURE, /* Unused by library */ - "The queried resource records were insecure" }, - { LDNS_STATUS_DANE_BOGUS, /* Unused by library */ - "The queried resource records were bogus" }, - { LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH, - "The TLSA record(s) " - "did not match with the server certificate (chain)" }, - { LDNS_STATUS_DANE_NON_CA_CERTIFICATE, - "The certificate was not a CA certificate" }, - { LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE, - "Could not PKIX validate" }, - { LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR, - "The validation path " - "did not end in a self-signed certificate" }, - { LDNS_STATUS_INVALID_ILNP64, - "Conversion error, 4 colon separated hex numbers expected" }, - { LDNS_STATUS_INVALID_EUI48, - "Conversion error, 6 two character hex numbers " - "separated by dashes expected (i.e. xx-xx-xx-xx-xx-xx" }, - { LDNS_STATUS_INVALID_EUI64, - "Conversion error, 8 two character hex numbers " - "separated by dashes expected (i.e. xx-xx-xx-xx-xx-xx-xx-xx" }, - { LDNS_STATUS_WIRE_RDATA_ERR, "invalid rdata in wire format" }, - { LDNS_STATUS_INVALID_TAG, - "Conversion error, a non-zero sequence of US-ASCII letters " - "and numbers in lower case expected" }, - { LDNS_STATUS_TYPE_NOT_IN_BITMAP, - "The RR type bitmap rdata field did not have " - "a bit reserved for the specific RR type" }, - { LDNS_STATUS_INVALID_RDF_TYPE, - "The rdata field was not of the expected type" }, - { LDNS_STATUS_RDATA_OVERFLOW, "Rdata size overflow" }, - { 0, NULL } -}; - -const char * -ldns_get_errorstr_by_id(ldns_status err) -{ - ldns_lookup_table *lt; - - lt = ldns_lookup_by_id(ldns_error_str, err); - - if (lt) { - return lt->name; - } - return NULL; -} diff --git a/src/ldns/higher.c b/src/ldns/higher.c deleted file mode 100644 index 8ce86a4..0000000 --- a/src/ldns/higher.c +++ /dev/null @@ -1,344 +0,0 @@ -/* - * higher.c - * - * Specify some higher level functions that would - * be usefull to would be developers - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ - -#include - -#include - -#ifdef HAVE_SSL -#include -#include -#endif /* HAVE_SSL */ - -ldns_rr_list * -ldns_get_rr_list_addr_by_name(ldns_resolver *res, ldns_rdf *name, ldns_rr_class c, - uint16_t flags) -{ - ldns_pkt *pkt; - ldns_rr_list *aaaa; - ldns_rr_list *a; - ldns_rr_list *result = NULL; - ldns_rr_list *hostsfilenames; - size_t i; - uint8_t ip6; - - a = NULL; - aaaa = NULL; - result = NULL; - - if (!res) { - return NULL; - } - if (ldns_rdf_get_type(name) != LDNS_RDF_TYPE_DNAME) { - return NULL; - } - - ip6 = ldns_resolver_ip6(res); /* we use INET_ANY here, save - what was there */ - - ldns_resolver_set_ip6(res, LDNS_RESOLV_INETANY); - - hostsfilenames = ldns_get_rr_list_hosts_frm_file(NULL); - for (i = 0; i < ldns_rr_list_rr_count(hostsfilenames); i++) { - if (ldns_rdf_compare(name, - ldns_rr_owner(ldns_rr_list_rr(hostsfilenames, - i))) == 0) { - if (!result) { - result = ldns_rr_list_new(); - } - ldns_rr_list_push_rr(result, - ldns_rr_clone(ldns_rr_list_rr(hostsfilenames, i))); - } - } - ldns_rr_list_deep_free(hostsfilenames); - - if (result) { - return result; - } - - /* add the RD flags, because we want an answer */ - pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_AAAA, c, flags | LDNS_RD); - if (pkt) { - /* extract the data we need */ - aaaa = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_AAAA, - LDNS_SECTION_ANSWER); - ldns_pkt_free(pkt); - } - - pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_A, c, flags | LDNS_RD); - if (pkt) { - /* extract the data we need */ - a = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_A, LDNS_SECTION_ANSWER); - ldns_pkt_free(pkt); - } - ldns_resolver_set_ip6(res, ip6); - - if (aaaa && a) { - result = ldns_rr_list_cat_clone(aaaa, a); - ldns_rr_list_deep_free(aaaa); - ldns_rr_list_deep_free(a); - return result; - } - - if (aaaa) { - result = ldns_rr_list_clone(aaaa); - } - - if (a) { - result = ldns_rr_list_clone(a); - } - - ldns_rr_list_deep_free(aaaa); - ldns_rr_list_deep_free(a); - return result; -} - -ldns_rr_list * -ldns_get_rr_list_name_by_addr(ldns_resolver *res, ldns_rdf *addr, ldns_rr_class c, - uint16_t flags) -{ - ldns_pkt *pkt; - ldns_rr_list *names; - ldns_rdf *name; - - names = NULL; - - if (!res || !addr) { - return NULL; - } - - if (ldns_rdf_get_type(addr) != LDNS_RDF_TYPE_A && - ldns_rdf_get_type(addr) != LDNS_RDF_TYPE_AAAA) { - return NULL; - } - - name = ldns_rdf_address_reverse(addr); - - /* add the RD flags, because we want an answer */ - pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_PTR, c, flags | LDNS_RD); - ldns_rdf_deep_free(name); - if (pkt) { - /* extract the data we need */ - names = ldns_pkt_rr_list_by_type(pkt, - LDNS_RR_TYPE_PTR, LDNS_SECTION_ANSWER); - ldns_pkt_free(pkt); - } - return names; -} - -/* read a line, put it in a buffer, parse the buffer */ -ldns_rr_list * -ldns_get_rr_list_hosts_frm_fp(FILE *fp) -{ - return ldns_get_rr_list_hosts_frm_fp_l(fp, NULL); -} - -ldns_rr_list * -ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr) -{ - ssize_t i, j; - size_t cnt; - char *line; - char *word; - char *addr; - char *rr_str; - ldns_buffer *linebuf; - ldns_rr *rr; - ldns_rr_list *list; - ldns_rdf *tmp; - bool ip6; - ldns_status parse_result; - - line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); - word = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); - addr = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); - rr_str = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); - ip6 = false; - list = ldns_rr_list_new(); - rr = NULL; - if(!line || !word || !addr || !rr_str || !list) { - LDNS_FREE(line); - LDNS_FREE(word); - LDNS_FREE(addr); - LDNS_FREE(rr_str); - ldns_rr_list_free(list); - return NULL; - } - - for(i = ldns_fget_token_l(fp, line, "\n", LDNS_MAX_LINELEN, line_nr); - i > 0; i = ldns_fget_token_l(fp, line, "\n", LDNS_MAX_LINELEN, line_nr)) { - /* # is comment */ - if (line[0] == '#') { - continue; - } - /* put it in a buffer for further processing */ - linebuf = LDNS_MALLOC(ldns_buffer); - if(!linebuf) { - LDNS_FREE(line); - LDNS_FREE(word); - LDNS_FREE(addr); - LDNS_FREE(rr_str); - ldns_rr_list_deep_free(list); - return NULL; - } - - ldns_buffer_new_frm_data(linebuf, line, (size_t) i); - for(cnt = 0, j = ldns_bget_token(linebuf, word, LDNS_PARSE_NO_NL, LDNS_MAX_LINELEN); - j > 0; - j = ldns_bget_token(linebuf, word, LDNS_PARSE_NO_NL, LDNS_MAX_LINELEN), cnt++) { - if (cnt == 0) { - /* the address */ - if ((tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, - word))) { - /* ip6 */ - ldns_rdf_deep_free(tmp); - ip6 = true; - } else { - if ((tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, - word))) { - /* ip4 */ - ldns_rdf_deep_free(tmp); - ip6 = false; - } else { - /* kaput */ - break; - } - } - (void)strlcpy(addr, word, LDNS_MAX_LINELEN+1); - } else { - /* la al la la */ - if (ip6) { - snprintf(rr_str, LDNS_MAX_LINELEN, - "%s IN AAAA %s", word, addr); - } else { - snprintf(rr_str, LDNS_MAX_LINELEN, - "%s IN A %s", word, addr); - } - parse_result = ldns_rr_new_frm_str(&rr, rr_str, 0, NULL, NULL); - if (parse_result == LDNS_STATUS_OK && ldns_rr_owner(rr) && ldns_rr_rd_count(rr) > 0) { - ldns_rr_list_push_rr(list, ldns_rr_clone(rr)); - } - ldns_rr_free(rr); - } - } - ldns_buffer_free(linebuf); - } - LDNS_FREE(line); - LDNS_FREE(word); - LDNS_FREE(addr); - LDNS_FREE(rr_str); - return list; -} - -ldns_rr_list * -ldns_get_rr_list_hosts_frm_file(char *filename) -{ - ldns_rr_list *names; - FILE *fp; - - if (!filename) { - fp = fopen(LDNS_RESOLV_HOSTS, "r"); - - } else { - fp = fopen(filename, "r"); - } - if (!fp) { - return NULL; - } - - names = ldns_get_rr_list_hosts_frm_fp(fp); - fclose(fp); - return names; -} - -uint16_t -ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c, - ldns_rr_list **ret) -{ - ldns_rdf_type t; - uint16_t names_found; - ldns_resolver *r; - ldns_status s; - - t = ldns_rdf_get_type(node); - names_found = 0; - r = res; - - if (res == NULL) { - /* prepare a new resolver, using /etc/resolv.conf as a guide */ - s = ldns_resolver_new_frm_file(&r, NULL); - if (s != LDNS_STATUS_OK) { - return 0; - } - } - - if (t == LDNS_RDF_TYPE_DNAME) { - /* we're asked to query for a name */ - *ret = ldns_get_rr_list_addr_by_name(r, node, c, 0); - names_found = ldns_rr_list_rr_count(*ret); - } - - if (t == LDNS_RDF_TYPE_A || t == LDNS_RDF_TYPE_AAAA) { - /* an address */ - *ret = ldns_get_rr_list_name_by_addr(r, node, c, 0); - names_found = ldns_rr_list_rr_count(*ret); - } - - if (res == NULL) { - ldns_resolver_deep_free(r); - } - - return names_found; -} - -bool -ldns_nsec_type_check(ldns_rr *nsec, ldns_rr_type t) -{ - switch (ldns_rr_get_type(nsec)) { - case LDNS_RR_TYPE_NSEC : if (ldns_rr_rd_count(nsec) < 2) { - return false; - } - return ldns_nsec_bitmap_covers_type( - ldns_rr_rdf(nsec, 1), t); - - case LDNS_RR_TYPE_NSEC3 : if (ldns_rr_rd_count(nsec) < 6) { - return false; - } - return ldns_nsec_bitmap_covers_type( - ldns_rr_rdf(nsec, 5), t); - - default : return false; - } -} - -void -ldns_print_rr_rdf(FILE *fp, ldns_rr *r, int rdfnum, ...) -{ - int16_t rdf; - ldns_rdf *rd; - va_list va_rdf; - va_start(va_rdf, rdfnum); - - for (rdf = (int16_t)rdfnum; rdf != -1; rdf = (int16_t)va_arg(va_rdf, int)) - { - rd = ldns_rr_rdf(r, rdf); - if (!rd) { - continue; - } else { - ldns_rdf_print(fp, rd); - fprintf(fp, " "); /* not sure if we want to do this */ - } - } - va_end(va_rdf); -} - diff --git a/src/ldns/host2str.c b/src/ldns/host2str.c deleted file mode 100644 index 3445254..0000000 --- a/src/ldns/host2str.c +++ /dev/null @@ -1,2635 +0,0 @@ -/* - * host2str.c - * - * conversion routines from the host format - * to the presentation format (strings) - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ -#include - -#include - -#include - -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif -#ifdef HAVE_NETDB_H -#include -#endif -#include -#include - -#ifndef INET_ADDRSTRLEN -#define INET_ADDRSTRLEN 16 -#endif -#ifndef INET6_ADDRSTRLEN -#define INET6_ADDRSTRLEN 46 -#endif - -/* lookup tables for standard DNS stuff */ - -/* Taken from RFC 2535, section 7. */ -ldns_lookup_table ldns_algorithms[] = { - { LDNS_RSAMD5, "RSAMD5" }, - { LDNS_DH, "DH" }, - { LDNS_DSA, "DSA" }, - { LDNS_ECC, "ECC" }, - { LDNS_RSASHA1, "RSASHA1" }, - { LDNS_DSA_NSEC3, "DSA-NSEC3-SHA1" }, - { LDNS_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" }, -#ifdef USE_SHA2 - { LDNS_RSASHA256, "RSASHA256"}, - { LDNS_RSASHA512, "RSASHA512"}, -#endif -#ifdef USE_GOST - { LDNS_ECC_GOST, "ECC-GOST"}, -#endif -#ifdef USE_ECDSA - { LDNS_ECDSAP256SHA256, "ECDSAP256SHA256"}, - { LDNS_ECDSAP384SHA384, "ECDSAP384SHA384"}, -#endif - { LDNS_INDIRECT, "INDIRECT" }, - { LDNS_PRIVATEDNS, "PRIVATEDNS" }, - { LDNS_PRIVATEOID, "PRIVATEOID" }, - { 0, NULL } -}; - -/* Taken from RFC 4398 */ -ldns_lookup_table ldns_cert_algorithms[] = { - { LDNS_CERT_PKIX, "PKIX" }, - { LDNS_CERT_SPKI, "SPKI" }, - { LDNS_CERT_PGP, "PGP" }, - { LDNS_CERT_IPKIX, "IPKIX" }, - { LDNS_CERT_ISPKI, "ISPKI" }, - { LDNS_CERT_IPGP, "IPGP" }, - { LDNS_CERT_ACPKIX, "ACPKIX" }, - { LDNS_CERT_IACPKIX, "IACPKIX" }, - { LDNS_CERT_URI, "URI" }, - { LDNS_CERT_OID, "OID" }, - { 0, NULL } -}; - -/* classes */ -ldns_lookup_table ldns_rr_classes[] = { - { LDNS_RR_CLASS_IN, "IN" }, - { LDNS_RR_CLASS_CH, "CH" }, - { LDNS_RR_CLASS_HS, "HS" }, - { LDNS_RR_CLASS_NONE, "NONE" }, - { LDNS_RR_CLASS_ANY, "ANY" }, - { 0, NULL } -}; - -/* if these are used elsewhere */ -ldns_lookup_table ldns_rcodes[] = { - { LDNS_RCODE_NOERROR, "NOERROR" }, - { LDNS_RCODE_FORMERR, "FORMERR" }, - { LDNS_RCODE_SERVFAIL, "SERVFAIL" }, - { LDNS_RCODE_NXDOMAIN, "NXDOMAIN" }, - { LDNS_RCODE_NOTIMPL, "NOTIMPL" }, - { LDNS_RCODE_REFUSED, "REFUSED" }, - { LDNS_RCODE_YXDOMAIN, "YXDOMAIN" }, - { LDNS_RCODE_YXRRSET, "YXRRSET" }, - { LDNS_RCODE_NXRRSET, "NXRRSET" }, - { LDNS_RCODE_NOTAUTH, "NOTAUTH" }, - { LDNS_RCODE_NOTZONE, "NOTZONE" }, - { 0, NULL } -}; - -ldns_lookup_table ldns_opcodes[] = { - { LDNS_PACKET_QUERY, "QUERY" }, - { LDNS_PACKET_IQUERY, "IQUERY" }, - { LDNS_PACKET_STATUS, "STATUS" }, - { LDNS_PACKET_NOTIFY, "NOTIFY" }, - { LDNS_PACKET_UPDATE, "UPDATE" }, - { 0, NULL } -}; - -const ldns_output_format ldns_output_format_nocomments_record = { 0, NULL }; -const ldns_output_format *ldns_output_format_nocomments - = &ldns_output_format_nocomments_record; -const ldns_output_format ldns_output_format_onlykeyids_record = { - LDNS_COMMENT_KEY, NULL -}; -const ldns_output_format *ldns_output_format_onlykeyids - = &ldns_output_format_onlykeyids_record; -const ldns_output_format *ldns_output_format_default - = &ldns_output_format_onlykeyids_record; - -const ldns_output_format ldns_output_format_bubblebabble_record = { - LDNS_COMMENT_KEY | LDNS_COMMENT_BUBBLEBABBLE | LDNS_COMMENT_FLAGS, NULL -}; -const ldns_output_format *ldns_output_format_bubblebabble - = &ldns_output_format_bubblebabble_record; - -static bool -ldns_output_format_covers_type(const ldns_output_format* fmt, ldns_rr_type t) -{ - return fmt && (fmt->flags & LDNS_FMT_RFC3597) && - ((ldns_output_format_storage*)fmt)->bitmap && - ldns_nsec_bitmap_covers_type( - ((ldns_output_format_storage*)fmt)->bitmap, t); -} - -ldns_status -ldns_output_format_set_type(ldns_output_format* fmt, ldns_rr_type t) -{ - ldns_output_format_storage* fmt_st = (ldns_output_format_storage*)fmt; - ldns_status s; - - assert(fmt != NULL); - - if (!(fmt_st->flags & LDNS_FMT_RFC3597)) { - ldns_output_format_set(fmt, LDNS_FMT_RFC3597); - } - if (! fmt_st->bitmap) { - s = ldns_rdf_bitmap_known_rr_types_space(&fmt_st->bitmap); - if (s != LDNS_STATUS_OK) { - return s; - } - } - return ldns_nsec_bitmap_set_type(fmt_st->bitmap, t); -} - -ldns_status -ldns_output_format_clear_type(ldns_output_format* fmt, ldns_rr_type t) -{ - ldns_output_format_storage* fmt_st = (ldns_output_format_storage*)fmt; - ldns_status s; - - assert(fmt != NULL); - - if (!(fmt_st->flags & LDNS_FMT_RFC3597)) { - ldns_output_format_set(fmt, LDNS_FMT_RFC3597); - } - if (! fmt_st->bitmap) { - s = ldns_rdf_bitmap_known_rr_types(&fmt_st->bitmap); - if (s != LDNS_STATUS_OK) { - return s; - } - } - return ldns_nsec_bitmap_clear_type(fmt_st->bitmap, t); -} - -ldns_status -ldns_pkt_opcode2buffer_str(ldns_buffer *output, ldns_pkt_opcode opcode) -{ - ldns_lookup_table *lt = ldns_lookup_by_id(ldns_opcodes, opcode); - if (lt && lt->name) { - ldns_buffer_printf(output, "%s", lt->name); - } else { - ldns_buffer_printf(output, "OPCODE%u", opcode); - } - return ldns_buffer_status(output); -} - -ldns_status -ldns_pkt_rcode2buffer_str(ldns_buffer *output, ldns_pkt_rcode rcode) -{ - ldns_lookup_table *lt = ldns_lookup_by_id(ldns_rcodes, rcode); - if (lt && lt->name) { - ldns_buffer_printf(output, "%s", lt->name); - } else { - ldns_buffer_printf(output, "RCODE%u", rcode); - } - return ldns_buffer_status(output); -} - -ldns_status -ldns_algorithm2buffer_str(ldns_buffer *output, - ldns_algorithm algorithm) -{ - ldns_lookup_table *lt = ldns_lookup_by_id(ldns_algorithms, - algorithm); - if (lt && lt->name) { - ldns_buffer_printf(output, "%s", lt->name); - } else { - ldns_buffer_printf(output, "ALG%u", algorithm); - } - return ldns_buffer_status(output); -} - -ldns_status -ldns_cert_algorithm2buffer_str(ldns_buffer *output, - ldns_cert_algorithm cert_algorithm) -{ - ldns_lookup_table *lt = ldns_lookup_by_id(ldns_cert_algorithms, - cert_algorithm); - if (lt && lt->name) { - ldns_buffer_printf(output, "%s", lt->name); - } else { - ldns_buffer_printf(output, "CERT_ALG%u", - cert_algorithm); - } - return ldns_buffer_status(output); -} - -char * -ldns_pkt_opcode2str(ldns_pkt_opcode opcode) -{ - char *str; - ldns_buffer *buf; - - buf = ldns_buffer_new(12); - if (!buf) { - return NULL; - } - - str = NULL; - if (ldns_pkt_opcode2buffer_str(buf, opcode) == LDNS_STATUS_OK) { - str = ldns_buffer_export2str(buf); - } - - ldns_buffer_free(buf); - return str; -} - -char * -ldns_pkt_rcode2str(ldns_pkt_rcode rcode) -{ - char *str; - ldns_buffer *buf; - - buf = ldns_buffer_new(10); - if (!buf) { - return NULL; - } - - str = NULL; - if (ldns_pkt_rcode2buffer_str(buf, rcode) == LDNS_STATUS_OK) { - str = ldns_buffer_export2str(buf); - } - - ldns_buffer_free(buf); - return str; -} - -char * -ldns_pkt_algorithm2str(ldns_algorithm algorithm) -{ - char *str; - ldns_buffer *buf; - - buf = ldns_buffer_new(10); - if (!buf) { - return NULL; - } - - str = NULL; - if (ldns_algorithm2buffer_str(buf, algorithm) - == LDNS_STATUS_OK) { - str = ldns_buffer_export2str(buf); - } - - ldns_buffer_free(buf); - return str; -} - -char * -ldns_pkt_cert_algorithm2str(ldns_cert_algorithm cert_algorithm) -{ - char *str; - ldns_buffer *buf; - - buf = ldns_buffer_new(10); - if (!buf) { - return NULL; - } - - str = NULL; - if (ldns_cert_algorithm2buffer_str(buf, cert_algorithm) - == LDNS_STATUS_OK) { - str = ldns_buffer_export2str(buf); - } - - ldns_buffer_free(buf); - return str; -} - - -/* do NOT pass compressed data here :p */ -ldns_status -ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname) -{ - /* can we do with 1 pos var? or without at all? */ - uint8_t src_pos = 0; - uint8_t len; - uint8_t *data; - uint8_t i; - unsigned char c; - - data = (uint8_t*)ldns_rdf_data(dname); - len = data[src_pos]; - - if (ldns_rdf_size(dname) > LDNS_MAX_DOMAINLEN) { - /* too large, return */ - return LDNS_STATUS_DOMAINNAME_OVERFLOW; - } - - /* special case: root label */ - if (1 == ldns_rdf_size(dname)) { - ldns_buffer_printf(output, "."); - } else { - while ((len > 0) && src_pos < ldns_rdf_size(dname)) { - src_pos++; - for(i = 0; i < len; i++) { - /* paranoia check for various 'strange' - characters in dnames - */ - c = (unsigned char) data[src_pos]; - if(c == '.' || c == ';' || - c == '(' || c == ')' || - c == '\\') { - ldns_buffer_printf(output, "\\%c", - data[src_pos]); - } else if (!(isascii(c) && isgraph(c))) { - ldns_buffer_printf(output, "\\%03u", - data[src_pos]); - } else { - ldns_buffer_printf(output, "%c", data[src_pos]); - } - src_pos++; - } - - if (src_pos < ldns_rdf_size(dname)) { - ldns_buffer_printf(output, "."); - } - len = data[src_pos]; - } - } - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_int8(ldns_buffer *output, const ldns_rdf *rdf) -{ - uint8_t data = ldns_rdf_data(rdf)[0]; - ldns_buffer_printf(output, "%lu", (unsigned long) data); - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_int16(ldns_buffer *output, const ldns_rdf *rdf) -{ - uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf)); - ldns_buffer_printf(output, "%lu", (unsigned long) data); - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf) -{ - uint32_t data = ldns_read_uint32(ldns_rdf_data(rdf)); - ldns_buffer_printf(output, "%lu", (unsigned long) data); - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf) -{ - /* create a YYYYMMDDHHMMSS string if possible */ - struct tm tm; - char date_buf[16]; - - memset(&tm, 0, sizeof(tm)); - if (ldns_serial_arithmitics_gmtime_r(ldns_rdf2native_int32(rdf), time(NULL), &tm) - && strftime(date_buf, 15, "%Y%m%d%H%M%S", &tm)) { - ldns_buffer_printf(output, "%s", date_buf); - } - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_a(ldns_buffer *output, const ldns_rdf *rdf) -{ - char str[INET_ADDRSTRLEN]; - - if (inet_ntop(AF_INET, ldns_rdf_data(rdf), str, INET_ADDRSTRLEN)) { - ldns_buffer_printf(output, "%s", str); - } - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_aaaa(ldns_buffer *output, const ldns_rdf *rdf) -{ - char str[INET6_ADDRSTRLEN]; - - if (inet_ntop(AF_INET6, ldns_rdf_data(rdf), str, INET6_ADDRSTRLEN)) { - ldns_buffer_printf(output, "%s", str); - } - - return ldns_buffer_status(output); -} - -static void -ldns_characters2buffer_str(ldns_buffer* output, - size_t amount, const uint8_t* characters) -{ - uint8_t ch; - while (amount > 0) { - ch = *characters++; - if (isprint((int)ch) || ch == '\t') { - if (ch == '\"' || ch == '\\') - ldns_buffer_printf(output, "\\%c", ch); - else - ldns_buffer_printf(output, "%c", ch); - } else { - ldns_buffer_printf(output, "\\%03u", - (unsigned)(uint8_t) ch); - } - amount--; - } -} - -ldns_status -ldns_rdf2buffer_str_str(ldns_buffer *output, const ldns_rdf *rdf) -{ - if(ldns_rdf_size(rdf) < 1) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - if((int)ldns_rdf_size(rdf) < (int)ldns_rdf_data(rdf)[0] + 1) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - ldns_buffer_printf(output, "\""); - ldns_characters2buffer_str(output, - ldns_rdf_data(rdf)[0], ldns_rdf_data(rdf) + 1); - ldns_buffer_printf(output, "\""); - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_b64(ldns_buffer *output, const ldns_rdf *rdf) -{ - size_t size = ldns_b64_ntop_calculate_size(ldns_rdf_size(rdf)); - char *b64 = LDNS_XMALLOC(char, size); - if(!b64) return LDNS_STATUS_MEM_ERR; - if (ldns_b64_ntop(ldns_rdf_data(rdf), ldns_rdf_size(rdf), b64, size)) { - ldns_buffer_printf(output, "%s", b64); - } - LDNS_FREE(b64); - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_b32_ext(ldns_buffer *output, const ldns_rdf *rdf) -{ - size_t size; - char *b32; - if(ldns_rdf_size(rdf) == 0) - return LDNS_STATUS_OK; - /* remove -1 for the b32-hash-len octet */ - size = ldns_b32_ntop_calculate_size(ldns_rdf_size(rdf) - 1); - /* add one for the end nul for the string */ - b32 = LDNS_XMALLOC(char, size + 1); - if(!b32) return LDNS_STATUS_MEM_ERR; - size = (size_t) ldns_b32_ntop_extended_hex(ldns_rdf_data(rdf) + 1, - ldns_rdf_size(rdf) - 1, b32, size+1); - if (size > 0) { - ldns_buffer_printf(output, "%s", b32); - } - LDNS_FREE(b32); - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_hex(ldns_buffer *output, const ldns_rdf *rdf) -{ - size_t i; - for (i = 0; i < ldns_rdf_size(rdf); i++) { - ldns_buffer_printf(output, "%02x", ldns_rdf_data(rdf)[i]); - } - - return ldns_buffer_status(output); -} - -static ldns_status -ldns_rdf2buffer_str_type_fmt(ldns_buffer *output, - const ldns_output_format* fmt, const ldns_rdf *rdf) -{ - uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf)); - - if (! ldns_output_format_covers_type(fmt, data) && - ldns_rr_descript(data) && - ldns_rr_descript(data)->_name) { - - ldns_buffer_printf(output, "%s",ldns_rr_descript(data)->_name); - } else { - ldns_buffer_printf(output, "TYPE%u", data); - } - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_type(ldns_buffer *output, const ldns_rdf *rdf) -{ - return ldns_rdf2buffer_str_type_fmt(output, - ldns_output_format_default, rdf); -} - -ldns_status -ldns_rdf2buffer_str_class(ldns_buffer *output, const ldns_rdf *rdf) -{ - uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf)); - ldns_lookup_table *lt; - - lt = ldns_lookup_by_id(ldns_rr_classes, (int) data); - if (lt) { - ldns_buffer_printf(output, "\t%s", lt->name); - } else { - ldns_buffer_printf(output, "\tCLASS%d", data); - } - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_cert_alg(ldns_buffer *output, const ldns_rdf *rdf) -{ - uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf)); - ldns_lookup_table *lt; - lt = ldns_lookup_by_id(ldns_cert_algorithms, (int) data); - if (lt) { - ldns_buffer_printf(output, "%s", lt->name); - } else { - ldns_buffer_printf(output, "%d", data); - } - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_alg(ldns_buffer *output, const ldns_rdf *rdf) -{ - return ldns_rdf2buffer_str_int8(output, rdf); -} - -static void -loc_cm_print(ldns_buffer *output, uint8_t mantissa, uint8_t exponent) -{ - uint8_t i; - /* is it 0. ? */ - if(exponent < 2) { - if(exponent == 1) - mantissa *= 10; - ldns_buffer_printf(output, "0.%02ld", (long)mantissa); - return; - } - /* always */ - ldns_buffer_printf(output, "%d", (int)mantissa); - for(i=0; i_name) { - ldns_buffer_printf(output, "%s", descriptor->_name); - } else { - ldns_buffer_printf(output, "TYPE%u", type); - } - } - return ldns_buffer_status(output); -} - -char * -ldns_rr_type2str(const ldns_rr_type type) -{ - char *str; - ldns_buffer *buf; - - buf = ldns_buffer_new(10); - if (!buf) { - return NULL; - } - - str = NULL; - if (ldns_rr_type2buffer_str(buf, type) == LDNS_STATUS_OK) { - str = ldns_buffer_export2str(buf); - } - - ldns_buffer_free(buf); - return str; -} - - -ldns_status -ldns_rr_class2buffer_str(ldns_buffer *output, - const ldns_rr_class klass) -{ - ldns_lookup_table *lt; - - lt = ldns_lookup_by_id(ldns_rr_classes, klass); - if (lt) { - ldns_buffer_printf(output, "%s", lt->name); - } else { - ldns_buffer_printf(output, "CLASS%d", klass); - } - return ldns_buffer_status(output); -} - -char * -ldns_rr_class2str(const ldns_rr_class klass) -{ - ldns_buffer *buf; - char *str; - - buf = ldns_buffer_new(10); - if (!buf) { - return NULL; - } - - str = NULL; - if (ldns_rr_class2buffer_str(buf, klass) == LDNS_STATUS_OK) { - str = ldns_buffer_export2str(buf); - } - ldns_buffer_free(buf); - return str; -} - -ldns_status -ldns_rdf2buffer_str_loc(ldns_buffer *output, const ldns_rdf *rdf) -{ - /* we could do checking (ie degrees < 90 etc)? */ - uint8_t version; - uint8_t size; - uint8_t horizontal_precision; - uint8_t vertical_precision; - uint32_t longitude; - uint32_t latitude; - uint32_t altitude; - char northerness; - char easterness; - uint32_t h; - uint32_t m; - double s; - - uint32_t equator = (uint32_t) ldns_power(2, 31); - - if(ldns_rdf_size(rdf) < 1) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - version = ldns_rdf_data(rdf)[0]; - if (version == 0) { - if(ldns_rdf_size(rdf) < 16) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - size = ldns_rdf_data(rdf)[1]; - horizontal_precision = ldns_rdf_data(rdf)[2]; - vertical_precision = ldns_rdf_data(rdf)[3]; - - latitude = ldns_read_uint32(&ldns_rdf_data(rdf)[4]); - longitude = ldns_read_uint32(&ldns_rdf_data(rdf)[8]); - altitude = ldns_read_uint32(&ldns_rdf_data(rdf)[12]); - - if (latitude > equator) { - northerness = 'N'; - latitude = latitude - equator; - } else { - northerness = 'S'; - latitude = equator - latitude; - } - h = latitude / (1000 * 60 * 60); - latitude = latitude % (1000 * 60 * 60); - m = latitude / (1000 * 60); - latitude = latitude % (1000 * 60); - s = (double) latitude / 1000.0; - ldns_buffer_printf(output, "%02u %02u %0.3f %c ", - h, m, s, northerness); - - if (longitude > equator) { - easterness = 'E'; - longitude = longitude - equator; - } else { - easterness = 'W'; - longitude = equator - longitude; - } - h = longitude / (1000 * 60 * 60); - longitude = longitude % (1000 * 60 * 60); - m = longitude / (1000 * 60); - longitude = longitude % (1000 * 60); - s = (double) longitude / (1000.0); - ldns_buffer_printf(output, "%02u %02u %0.3f %c ", - h, m, s, easterness); - - - s = ((double) altitude) / 100; - s -= 100000; - - if(altitude%100 != 0) - ldns_buffer_printf(output, "%.2f", s); - else - ldns_buffer_printf(output, "%.0f", s); - - ldns_buffer_printf(output, "m "); - - loc_cm_print(output, (size & 0xf0) >> 4, size & 0x0f); - ldns_buffer_printf(output, "m "); - - loc_cm_print(output, (horizontal_precision & 0xf0) >> 4, - horizontal_precision & 0x0f); - ldns_buffer_printf(output, "m "); - - loc_cm_print(output, (vertical_precision & 0xf0) >> 4, - vertical_precision & 0x0f); - ldns_buffer_printf(output, "m"); - - return ldns_buffer_status(output); - } else { - return ldns_rdf2buffer_str_hex(output, rdf); - } -} - -ldns_status -ldns_rdf2buffer_str_unknown(ldns_buffer *output, const ldns_rdf *rdf) -{ - ldns_buffer_printf(output, "\\# %u ", ldns_rdf_size(rdf)); - return ldns_rdf2buffer_str_hex(output, rdf); -} - -ldns_status -ldns_rdf2buffer_str_nsap(ldns_buffer *output, const ldns_rdf *rdf) -{ - ldns_buffer_printf(output, "0x"); - return ldns_rdf2buffer_str_hex(output, rdf); -} - -ldns_status -ldns_rdf2buffer_str_atma(ldns_buffer *output, const ldns_rdf *rdf) -{ - return ldns_rdf2buffer_str_hex(output, rdf); -} - -ldns_status -ldns_rdf2buffer_str_wks(ldns_buffer *output, const ldns_rdf *rdf) -{ - /* protocol, followed by bitmap of services */ - struct protoent *protocol; - char *proto_name = NULL; - uint8_t protocol_nr; - struct servent *service; - uint16_t current_service; - - if(ldns_rdf_size(rdf) < 1) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - protocol_nr = ldns_rdf_data(rdf)[0]; - protocol = getprotobynumber((int) protocol_nr); - if (protocol && (protocol->p_name != NULL)) { - proto_name = protocol->p_name; - ldns_buffer_printf(output, "%s ", protocol->p_name); - } else { - ldns_buffer_printf(output, "%u ", protocol_nr); - } - -#ifdef HAVE_ENDPROTOENT - endprotoent(); -#endif - - for (current_service = 0; - current_service < (ldns_rdf_size(rdf)-1)*8; current_service++) { - if (ldns_get_bit(&(ldns_rdf_data(rdf)[1]), current_service)) { - service = getservbyport((int) htons(current_service), - proto_name); - if (service && service->s_name) { - ldns_buffer_printf(output, "%s ", service->s_name); - } else { - ldns_buffer_printf(output, "%u ", current_service); - } -#ifdef HAVE_ENDSERVENT - endservent(); -#endif - } - } - return ldns_buffer_status(output); -} - -static ldns_status -ldns_rdf2buffer_str_nsec_fmt(ldns_buffer *output, - const ldns_output_format* fmt, const ldns_rdf *rdf) -{ - /* Note: this code is duplicated in higher.c in - * ldns_nsec_type_check() function - */ - uint8_t window_block_nr; - uint8_t bitmap_length; - uint16_t type; - uint16_t pos = 0; - uint16_t bit_pos; - uint8_t *data = ldns_rdf_data(rdf); - - while((size_t)(pos + 2) < ldns_rdf_size(rdf)) { - window_block_nr = data[pos]; - bitmap_length = data[pos + 1]; - pos += 2; - if (ldns_rdf_size(rdf) < pos + bitmap_length) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - for (bit_pos = 0; bit_pos < (bitmap_length) * 8; bit_pos++) { - if (! ldns_get_bit(&data[pos], bit_pos)) { - continue; - } - type = 256 * (uint16_t) window_block_nr + bit_pos; - - if (! ldns_output_format_covers_type(fmt, type) && - ldns_rr_descript(type) && - ldns_rr_descript(type)->_name){ - - ldns_buffer_printf(output, "%s ", - ldns_rr_descript(type)->_name); - } else { - ldns_buffer_printf(output, "TYPE%u ", type); - } - } - pos += (uint16_t) bitmap_length; - } - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_nsec(ldns_buffer *output, const ldns_rdf *rdf) -{ - return ldns_rdf2buffer_str_nsec_fmt(output, - ldns_output_format_default, rdf); -} - -ldns_status -ldns_rdf2buffer_str_nsec3_salt(ldns_buffer *output, const ldns_rdf *rdf) -{ - uint8_t salt_length; - uint8_t salt_pos; - - uint8_t *data = ldns_rdf_data(rdf); - - if(ldns_rdf_size(rdf) < 1) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - salt_length = data[0]; - /* from now there are variable length entries so remember pos */ - if (salt_length == 0 || ((size_t)salt_length)+1 > ldns_rdf_size(rdf)) { - ldns_buffer_printf(output, "- "); - } else { - for (salt_pos = 0; salt_pos < salt_length; salt_pos++) { - ldns_buffer_printf(output, "%02x", data[1 + salt_pos]); - } - ldns_buffer_printf(output, " "); - } - - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_period(ldns_buffer *output, const ldns_rdf *rdf) -{ - /* period is the number of seconds */ - if (ldns_rdf_size(rdf) != 4) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - ldns_buffer_printf(output, "%u", ldns_read_uint32(ldns_rdf_data(rdf))); - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_tsigtime(ldns_buffer *output,const ldns_rdf *rdf) -{ - /* tsigtime is 48 bits network order unsigned integer */ - uint64_t tsigtime = 0; - uint8_t *data = ldns_rdf_data(rdf); - uint64_t d0, d1, d2, d3, d4, d5; - - if (ldns_rdf_size(rdf) < 6) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - d0 = data[0]; /* cast to uint64 for shift operations */ - d1 = data[1]; - d2 = data[2]; - d3 = data[3]; - d4 = data[4]; - d5 = data[5]; - tsigtime = (d0<<40) | (d1<<32) | (d2<<24) | (d3<<16) | (d4<<8) | d5; - - ldns_buffer_printf(output, "%llu ", (long long)tsigtime); - - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_apl(ldns_buffer *output, const ldns_rdf *rdf) -{ - uint8_t *data = ldns_rdf_data(rdf); - uint16_t address_family; - uint8_t prefix; - bool negation; - uint8_t adf_length; - size_t i; - size_t pos = 0; - - while (pos < (unsigned int) ldns_rdf_size(rdf)) { - if(pos + 3 >= (unsigned)ldns_rdf_size(rdf)) - return LDNS_STATUS_WIRE_RDATA_ERR; - address_family = ldns_read_uint16(&data[pos]); - prefix = data[pos + 2]; - negation = data[pos + 3] & LDNS_APL_NEGATION; - adf_length = data[pos + 3] & LDNS_APL_MASK; - if (address_family == LDNS_APL_IP4) { - /* check if prefix < 32? */ - if (negation) { - ldns_buffer_printf(output, "!"); - } - ldns_buffer_printf(output, "%u:", address_family); - /* address is variable length 0 - 4 */ - for (i = 0; i < 4; i++) { - if (i > 0) { - ldns_buffer_printf(output, "."); - } - if (i < (unsigned short) adf_length) { - if(pos+i+4 >= ldns_rdf_size(rdf)) - return LDNS_STATUS_WIRE_RDATA_ERR; - ldns_buffer_printf(output, "%d", - data[pos + i + 4]); - } else { - ldns_buffer_printf(output, "0"); - } - } - ldns_buffer_printf(output, "/%u ", prefix); - } else if (address_family == LDNS_APL_IP6) { - /* check if prefix < 128? */ - if (negation) { - ldns_buffer_printf(output, "!"); - } - ldns_buffer_printf(output, "%u:", address_family); - /* address is variable length 0 - 16 */ - for (i = 0; i < 16; i++) { - if (i % 2 == 0 && i > 0) { - ldns_buffer_printf(output, ":"); - } - if (i < (unsigned short) adf_length) { - if(pos+i+4 >= ldns_rdf_size(rdf)) - return LDNS_STATUS_WIRE_RDATA_ERR; - ldns_buffer_printf(output, "%02x", - data[pos + i + 4]); - } else { - ldns_buffer_printf(output, "00"); - } - } - ldns_buffer_printf(output, "/%u ", prefix); - - } else { - /* unknown address family */ - ldns_buffer_printf(output, - "Unknown address family: %u data: ", - address_family); - for (i = 1; i < (unsigned short) (4 + adf_length); i++) { - if(pos+i >= ldns_rdf_size(rdf)) - return LDNS_STATUS_WIRE_RDATA_ERR; - ldns_buffer_printf(output, "%02x", data[i]); - } - } - pos += 4 + adf_length; - } - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_int16_data(ldns_buffer *output, const ldns_rdf *rdf) -{ - size_t size; - char *b64; - if (ldns_rdf_size(rdf) < 2) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - /* Subtract the size (2) of the number that specifies the length */ - size = ldns_b64_ntop_calculate_size(ldns_rdf_size(rdf) - 2); - ldns_buffer_printf(output, "%u ", ldns_rdf_size(rdf) - 2); - if (ldns_rdf_size(rdf) > 2) { - b64 = LDNS_XMALLOC(char, size); - if(!b64) - return LDNS_STATUS_MEM_ERR; - - if (ldns_rdf_size(rdf) > 2 && - ldns_b64_ntop(ldns_rdf_data(rdf) + 2, - ldns_rdf_size(rdf) - 2, - b64, size)) { - ldns_buffer_printf(output, "%s", b64); - } - LDNS_FREE(b64); - } - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf) -{ - /* wire format from - http://www.ietf.org/internet-drafts/draft-ietf-ipseckey-rr-12.txt - */ - uint8_t *data = ldns_rdf_data(rdf); - uint8_t precedence; - uint8_t gateway_type; - uint8_t algorithm; - - ldns_rdf *gateway = NULL; - uint8_t *gateway_data; - - size_t public_key_size; - uint8_t *public_key_data; - ldns_rdf *public_key; - - size_t offset = 0; - ldns_status status; - - if (ldns_rdf_size(rdf) < 3) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - precedence = data[0]; - gateway_type = data[1]; - algorithm = data[2]; - offset = 3; - - switch (gateway_type) { - case 0: - /* no gateway */ - break; - case 1: - gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP4ADDRLEN); - if(!gateway_data) - return LDNS_STATUS_MEM_ERR; - if (ldns_rdf_size(rdf) < offset + LDNS_IP4ADDRLEN) { - return LDNS_STATUS_ERR; - } - memcpy(gateway_data, &data[offset], LDNS_IP4ADDRLEN); - gateway = ldns_rdf_new(LDNS_RDF_TYPE_A, - LDNS_IP4ADDRLEN , gateway_data); - offset += LDNS_IP4ADDRLEN; - if(!gateway) { - LDNS_FREE(gateway_data); - return LDNS_STATUS_MEM_ERR; - } - break; - case 2: - gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP6ADDRLEN); - if(!gateway_data) - return LDNS_STATUS_MEM_ERR; - if (ldns_rdf_size(rdf) < offset + LDNS_IP6ADDRLEN) { - return LDNS_STATUS_ERR; - } - memcpy(gateway_data, &data[offset], LDNS_IP6ADDRLEN); - offset += LDNS_IP6ADDRLEN; - gateway = - ldns_rdf_new(LDNS_RDF_TYPE_AAAA, - LDNS_IP6ADDRLEN, gateway_data); - if(!gateway) { - LDNS_FREE(gateway_data); - return LDNS_STATUS_MEM_ERR; - } - break; - case 3: - status = ldns_wire2dname(&gateway, data, - ldns_rdf_size(rdf), &offset); - if(status != LDNS_STATUS_OK) - return status; - break; - default: - /* error? */ - break; - } - - if (ldns_rdf_size(rdf) <= offset) { - return LDNS_STATUS_ERR; - } - public_key_size = ldns_rdf_size(rdf) - offset; - public_key_data = LDNS_XMALLOC(uint8_t, public_key_size); - if(!public_key_data) { - ldns_rdf_free(gateway); - return LDNS_STATUS_MEM_ERR; - } - memcpy(public_key_data, &data[offset], public_key_size); - public_key = ldns_rdf_new(LDNS_RDF_TYPE_B64, - public_key_size, public_key_data); - if(!public_key) { - LDNS_FREE(public_key_data); - ldns_rdf_free(gateway); - return LDNS_STATUS_MEM_ERR; - } - - ldns_buffer_printf(output, "%u %u %u ", precedence, gateway_type, algorithm); - if (gateway) - (void) ldns_rdf2buffer_str(output, gateway); - else - ldns_buffer_printf(output, "."); - ldns_buffer_printf(output, " "); - (void) ldns_rdf2buffer_str(output, public_key); - - ldns_rdf_free(gateway); - ldns_rdf_free(public_key); - - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_ilnp64(ldns_buffer *output, const ldns_rdf *rdf) -{ - if (ldns_rdf_size(rdf) != 8) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - ldns_buffer_printf(output,"%.4x:%.4x:%.4x:%.4x", - ldns_read_uint16(ldns_rdf_data(rdf)), - ldns_read_uint16(ldns_rdf_data(rdf)+2), - ldns_read_uint16(ldns_rdf_data(rdf)+4), - ldns_read_uint16(ldns_rdf_data(rdf)+6)); - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_eui48(ldns_buffer *output, const ldns_rdf *rdf) -{ - if (ldns_rdf_size(rdf) != 6) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - ldns_buffer_printf(output,"%.2x-%.2x-%.2x-%.2x-%.2x-%.2x", - ldns_rdf_data(rdf)[0], ldns_rdf_data(rdf)[1], - ldns_rdf_data(rdf)[2], ldns_rdf_data(rdf)[3], - ldns_rdf_data(rdf)[4], ldns_rdf_data(rdf)[5]); - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_eui64(ldns_buffer *output, const ldns_rdf *rdf) -{ - if (ldns_rdf_size(rdf) != 8) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - ldns_buffer_printf(output,"%.2x-%.2x-%.2x-%.2x-%.2x-%.2x-%.2x-%.2x", - ldns_rdf_data(rdf)[0], ldns_rdf_data(rdf)[1], - ldns_rdf_data(rdf)[2], ldns_rdf_data(rdf)[3], - ldns_rdf_data(rdf)[4], ldns_rdf_data(rdf)[5], - ldns_rdf_data(rdf)[6], ldns_rdf_data(rdf)[7]); - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_tag(ldns_buffer *output, const ldns_rdf *rdf) -{ - size_t nchars; - const uint8_t* chars; - char ch; - if (ldns_rdf_size(rdf) < 2) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - nchars = ldns_rdf_data(rdf)[0]; - if (nchars >= ldns_rdf_size(rdf) || /* should be rdf_size - 1 */ - nchars < 1) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - chars = ldns_rdf_data(rdf) + 1; - while (nchars > 0) { - ch = (char)*chars++; - if (! isalnum(ch)) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - ldns_buffer_printf(output, "%c", ch); - nchars--; - } - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_long_str(ldns_buffer *output, const ldns_rdf *rdf) -{ - - ldns_buffer_printf(output, "\""); - ldns_characters2buffer_str(output, - ldns_rdf_size(rdf), ldns_rdf_data(rdf)); - ldns_buffer_printf(output, "\""); - return ldns_buffer_status(output); -} - -ldns_status -ldns_rdf2buffer_str_hip(ldns_buffer *output, const ldns_rdf *rdf) -{ - uint8_t *data = ldns_rdf_data(rdf); - size_t rdf_size = ldns_rdf_size(rdf); - uint8_t hit_size; - uint16_t pk_size; - int written; - - if (rdf_size < 6) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - if ((hit_size = data[0]) == 0 || - (pk_size = ldns_read_uint16(data + 2)) == 0 || - rdf_size < (size_t) hit_size + pk_size + 4) { - - return LDNS_STATUS_WIRE_RDATA_ERR; - } - - ldns_buffer_printf(output, "%d ", (int) data[1]); - - for (data += 4; hit_size > 0; hit_size--, data++) { - - ldns_buffer_printf(output, "%02x", (int) *data); - } - ldns_buffer_write_u8(output, (uint8_t) ' '); - - if (ldns_buffer_reserve(output, - ldns_b64_ntop_calculate_size(pk_size))) { - - written = ldns_b64_ntop(data, pk_size, - (char *) ldns_buffer_current(output), - ldns_buffer_remaining(output)); - - if (written > 0 && - written < (int) ldns_buffer_remaining(output)) { - - output->_position += written; - } - } - return ldns_buffer_status(output); -} - -static ldns_status -ldns_rdf2buffer_str_fmt(ldns_buffer *buffer, - const ldns_output_format* fmt, const ldns_rdf *rdf) -{ - ldns_status res = LDNS_STATUS_OK; - - /*ldns_buffer_printf(buffer, "%u:", ldns_rdf_get_type(rdf));*/ - if (rdf) { - switch(ldns_rdf_get_type(rdf)) { - case LDNS_RDF_TYPE_NONE: - break; - case LDNS_RDF_TYPE_DNAME: - res = ldns_rdf2buffer_str_dname(buffer, rdf); - break; - case LDNS_RDF_TYPE_INT8: /* Don't output mnemonics for these */ - case LDNS_RDF_TYPE_ALG: - case LDNS_RDF_TYPE_CERTIFICATE_USAGE: - case LDNS_RDF_TYPE_SELECTOR: - case LDNS_RDF_TYPE_MATCHING_TYPE: - res = ldns_rdf2buffer_str_int8(buffer, rdf); - break; - case LDNS_RDF_TYPE_INT16: - res = ldns_rdf2buffer_str_int16(buffer, rdf); - break; - case LDNS_RDF_TYPE_INT32: - res = ldns_rdf2buffer_str_int32(buffer, rdf); - break; - case LDNS_RDF_TYPE_PERIOD: - res = ldns_rdf2buffer_str_period(buffer, rdf); - break; - case LDNS_RDF_TYPE_TSIGTIME: - res = ldns_rdf2buffer_str_tsigtime(buffer, rdf); - break; - case LDNS_RDF_TYPE_A: - res = ldns_rdf2buffer_str_a(buffer, rdf); - break; - case LDNS_RDF_TYPE_AAAA: - res = ldns_rdf2buffer_str_aaaa(buffer, rdf); - break; - case LDNS_RDF_TYPE_STR: - res = ldns_rdf2buffer_str_str(buffer, rdf); - break; - case LDNS_RDF_TYPE_APL: - res = ldns_rdf2buffer_str_apl(buffer, rdf); - break; - case LDNS_RDF_TYPE_B32_EXT: - res = ldns_rdf2buffer_str_b32_ext(buffer, rdf); - break; - case LDNS_RDF_TYPE_B64: - res = ldns_rdf2buffer_str_b64(buffer, rdf); - break; - case LDNS_RDF_TYPE_HEX: - res = ldns_rdf2buffer_str_hex(buffer, rdf); - break; - case LDNS_RDF_TYPE_NSEC: - res = ldns_rdf2buffer_str_nsec_fmt(buffer, fmt, rdf); - break; - case LDNS_RDF_TYPE_NSEC3_SALT: - res = ldns_rdf2buffer_str_nsec3_salt(buffer, rdf); - break; - case LDNS_RDF_TYPE_TYPE: - res = ldns_rdf2buffer_str_type_fmt(buffer, fmt, rdf); - break; - case LDNS_RDF_TYPE_CLASS: - res = ldns_rdf2buffer_str_class(buffer, rdf); - break; - case LDNS_RDF_TYPE_CERT_ALG: - res = ldns_rdf2buffer_str_cert_alg(buffer, rdf); - break; - case LDNS_RDF_TYPE_UNKNOWN: - res = ldns_rdf2buffer_str_unknown(buffer, rdf); - break; - case LDNS_RDF_TYPE_TIME: - res = ldns_rdf2buffer_str_time(buffer, rdf); - break; - case LDNS_RDF_TYPE_HIP: - res = ldns_rdf2buffer_str_hip(buffer, rdf); - break; - case LDNS_RDF_TYPE_LOC: - res = ldns_rdf2buffer_str_loc(buffer, rdf); - break; - case LDNS_RDF_TYPE_WKS: - case LDNS_RDF_TYPE_SERVICE: - res = ldns_rdf2buffer_str_wks(buffer, rdf); - break; - case LDNS_RDF_TYPE_NSAP: - res = ldns_rdf2buffer_str_nsap(buffer, rdf); - break; - case LDNS_RDF_TYPE_ATMA: - res = ldns_rdf2buffer_str_atma(buffer, rdf); - break; - case LDNS_RDF_TYPE_IPSECKEY: - res = ldns_rdf2buffer_str_ipseckey(buffer, rdf); - break; - case LDNS_RDF_TYPE_INT16_DATA: - res = ldns_rdf2buffer_str_int16_data(buffer, rdf); - break; - case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER: - res = ldns_rdf2buffer_str_b32_ext(buffer, rdf); - break; - case LDNS_RDF_TYPE_ILNP64: - res = ldns_rdf2buffer_str_ilnp64(buffer, rdf); - break; - case LDNS_RDF_TYPE_EUI48: - res = ldns_rdf2buffer_str_eui48(buffer, rdf); - break; - case LDNS_RDF_TYPE_EUI64: - res = ldns_rdf2buffer_str_eui64(buffer, rdf); - break; - case LDNS_RDF_TYPE_TAG: - res = ldns_rdf2buffer_str_tag(buffer, rdf); - break; - case LDNS_RDF_TYPE_LONG_STR: - res = ldns_rdf2buffer_str_long_str(buffer, rdf); - break; - } - } else { - /** This will write mangled RRs */ - ldns_buffer_printf(buffer, "(null) "); - res = LDNS_STATUS_ERR; - } - return res; -} - -ldns_status -ldns_rdf2buffer_str(ldns_buffer *buffer, const ldns_rdf *rdf) -{ - return ldns_rdf2buffer_str_fmt(buffer,ldns_output_format_default,rdf); -} - -static ldns_rdf * -ldns_b32_ext2dname(const ldns_rdf *rdf) -{ - size_t size; - char *b32; - ldns_rdf *out; - if(ldns_rdf_size(rdf) == 0) - return NULL; - /* remove -1 for the b32-hash-len octet */ - size = ldns_b32_ntop_calculate_size(ldns_rdf_size(rdf) - 1); - /* add one for the end nul for the string */ - b32 = LDNS_XMALLOC(char, size + 2); - if (b32) { - if (ldns_b32_ntop_extended_hex(ldns_rdf_data(rdf) + 1, - ldns_rdf_size(rdf) - 1, b32, size+1) > 0) { - b32[size] = '.'; - b32[size+1] = '\0'; - if (ldns_str2rdf_dname(&out, b32) == LDNS_STATUS_OK) { - LDNS_FREE(b32); - return out; - } - } - LDNS_FREE(b32); - } - return NULL; -} - -static ldns_status -ldns_rr2buffer_str_rfc3597(ldns_buffer *output, const ldns_rr *rr) -{ - size_t total_rdfsize = 0; - size_t i, j; - - ldns_buffer_printf(output, "TYPE%u\t", ldns_rr_get_type(rr)); - for (i = 0; i < ldns_rr_rd_count(rr); i++) { - total_rdfsize += ldns_rdf_size(ldns_rr_rdf(rr, i)); - } - if (total_rdfsize == 0) { - ldns_buffer_printf(output, "\\# 0\n"); - return ldns_buffer_status(output); - } - ldns_buffer_printf(output, "\\# %d ", total_rdfsize); - for (i = 0; i < ldns_rr_rd_count(rr); i++) { - for (j = 0; j < ldns_rdf_size(ldns_rr_rdf(rr, i)); j++) { - ldns_buffer_printf(output, "%.2x", - ldns_rdf_data(ldns_rr_rdf(rr, i))[j]); - } - } - ldns_buffer_printf(output, "\n"); - return ldns_buffer_status(output); -} - -ldns_status -ldns_rr2buffer_str_fmt(ldns_buffer *output, - const ldns_output_format *fmt, const ldns_rr *rr) -{ - uint16_t i, flags; - ldns_status status = LDNS_STATUS_OK; - ldns_output_format_storage* fmt_st = (ldns_output_format_storage*)fmt; - - if (fmt_st == NULL) { - fmt_st = (ldns_output_format_storage*) - ldns_output_format_default; - } - if (!rr) { - if (LDNS_COMMENT_NULLS & fmt_st->flags) { - ldns_buffer_printf(output, "; (null)\n"); - } - return ldns_buffer_status(output); - } - if (ldns_rr_owner(rr)) { - status = ldns_rdf2buffer_str_dname(output, ldns_rr_owner(rr)); - } - if (status != LDNS_STATUS_OK) { - return status; - } - - /* TTL should NOT be printed if it is a question */ - if (!ldns_rr_is_question(rr)) { - ldns_buffer_printf(output, "\t%d", ldns_rr_ttl(rr)); - } - - ldns_buffer_printf(output, "\t"); - status = ldns_rr_class2buffer_str(output, ldns_rr_get_class(rr)); - if (status != LDNS_STATUS_OK) { - return status; - } - ldns_buffer_printf(output, "\t"); - - if (ldns_output_format_covers_type(fmt, ldns_rr_get_type(rr))) { - return ldns_rr2buffer_str_rfc3597(output, rr); - } - status = ldns_rr_type2buffer_str(output, ldns_rr_get_type(rr)); - if (status != LDNS_STATUS_OK) { - return status; - } - - if (ldns_rr_rd_count(rr) > 0) { - ldns_buffer_printf(output, "\t"); - } else if (!ldns_rr_is_question(rr)) { - ldns_buffer_printf(output, "\t\\# 0"); - } - - for (i = 0; i < ldns_rr_rd_count(rr); i++) { - /* ldns_rdf2buffer_str handles NULL input fine! */ - if ((fmt_st->flags & LDNS_FMT_ZEROIZE_RRSIGS) && - (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) && - ((/* inception */ i == 4 && - ldns_rdf_get_type(ldns_rr_rdf(rr, 4)) == - LDNS_RDF_TYPE_TIME) || - (/* expiration */ i == 5 && - ldns_rdf_get_type(ldns_rr_rdf(rr, 5)) == - LDNS_RDF_TYPE_TIME) || - (/* signature */ i == 8 && - ldns_rdf_get_type(ldns_rr_rdf(rr, 8)) == - LDNS_RDF_TYPE_B64))) { - - ldns_buffer_printf(output, "(null)"); - status = ldns_buffer_status(output); - } else if ((fmt_st->flags & LDNS_FMT_PAD_SOA_SERIAL) && - (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) && - /* serial */ i == 2 && - ldns_rdf_get_type(ldns_rr_rdf(rr, 2)) == - LDNS_RDF_TYPE_INT32) { - ldns_buffer_printf(output, "%10lu", - (unsigned long) ldns_read_uint32( - ldns_rdf_data(ldns_rr_rdf(rr, 2)))); - status = ldns_buffer_status(output); - } else { - status = ldns_rdf2buffer_str_fmt(output, - fmt, ldns_rr_rdf(rr, i)); - } - if(status != LDNS_STATUS_OK) - return status; - if (i < ldns_rr_rd_count(rr) - 1) { - ldns_buffer_printf(output, " "); - } - } - /* per RR special comments - handy for DNSSEC types */ - /* check to prevent question sec. rr from - * getting here */ - if (ldns_rr_rd_count(rr) > 0) { - switch (ldns_rr_get_type(rr)) { - case LDNS_RR_TYPE_DNSKEY: - /* if ldns_rr_rd_count(rr) > 0 - then ldns_rr_rdf(rr, 0) exists! */ - if (! (fmt_st->flags & LDNS_COMMENT_KEY)) { - break; - } - flags = ldns_rdf2native_int16(ldns_rr_rdf(rr, 0)); - ldns_buffer_printf(output, " ;{"); - if (fmt_st->flags & LDNS_COMMENT_KEY_ID) { - ldns_buffer_printf(output, "id = %u", - (unsigned int) ldns_calc_keytag(rr)); - } - if ((fmt_st->flags & LDNS_COMMENT_KEY_TYPE) && - (flags & LDNS_KEY_ZONE_KEY)){ - - if (flags & LDNS_KEY_SEP_KEY) { - ldns_buffer_printf(output, " (ksk)"); - } else { - ldns_buffer_printf(output, " (zsk)"); - } - if (fmt_st->flags & LDNS_COMMENT_KEY_SIZE){ - ldns_buffer_printf(output, ", "); - } - } else if (fmt_st->flags - & (LDNS_COMMENT_KEY_ID - |LDNS_COMMENT_KEY_SIZE)) { - ldns_buffer_printf( output, ", "); - } - if (fmt_st->flags & LDNS_COMMENT_KEY_SIZE) { - ldns_buffer_printf(output, "size = %db", - ldns_rr_dnskey_key_size(rr)); - } - ldns_buffer_printf(output, "}"); - break; - case LDNS_RR_TYPE_RRSIG: - if ((fmt_st->flags & LDNS_COMMENT_KEY) - && (fmt_st->flags& LDNS_COMMENT_RRSIGS) - && ldns_rr_rdf(rr, 6) != NULL) { - ldns_buffer_printf(output, " ;{id = %d}", - ldns_rdf2native_int16( - ldns_rr_rdf(rr, 6))); - } - break; - case LDNS_RR_TYPE_DS: - if ((fmt_st->flags & LDNS_COMMENT_BUBBLEBABBLE) && - ldns_rr_rdf(rr, 3) != NULL) { - - uint8_t *data = ldns_rdf_data( - ldns_rr_rdf(rr, 3)); - size_t len = ldns_rdf_size(ldns_rr_rdf(rr, 3)); - char *babble = ldns_bubblebabble(data, len); - if(babble) { - ldns_buffer_printf(output, - " ;{%s}", babble); - } - LDNS_FREE(babble); - } - break; - case LDNS_RR_TYPE_NSEC3: - if (! (fmt_st->flags & LDNS_COMMENT_FLAGS) && - ! (fmt_st->flags & LDNS_COMMENT_NSEC3_CHAIN)) { - break; - } - ldns_buffer_printf(output, " ;{"); - if ((fmt_st->flags & LDNS_COMMENT_FLAGS)) { - if (ldns_nsec3_optout(rr)) { - ldns_buffer_printf(output, - " flags: optout"); - } else { - ldns_buffer_printf(output," flags: -"); - } - if (fmt_st->flags & LDNS_COMMENT_NSEC3_CHAIN && - fmt_st->hashmap != NULL) { - ldns_buffer_printf(output, ", "); - } - } - if (fmt_st->flags & LDNS_COMMENT_NSEC3_CHAIN && - fmt_st->hashmap != NULL) { - ldns_rbnode_t *node; - ldns_rdf *key = ldns_dname_label( - ldns_rr_owner(rr), 0); - if (key) { - node = ldns_rbtree_search( - fmt_st->hashmap, - (void *) key); - if (node->data) { - ldns_buffer_printf(output, - "from: "); - (void) ldns_rdf2buffer_str( - output, - ldns_dnssec_name_name( - (ldns_dnssec_name*) - node->data - )); - } - ldns_rdf_free(key); - } - key = ldns_b32_ext2dname( - ldns_nsec3_next_owner(rr)); - if (key) { - node = ldns_rbtree_search( - fmt_st->hashmap, - (void *) key); - if (node->data) { - ldns_buffer_printf(output, - " to: "); - (void) ldns_rdf2buffer_str( - output, - ldns_dnssec_name_name( - (ldns_dnssec_name*) - node->data - )); - } - ldns_rdf_free(key); - } - } - ldns_buffer_printf(output, "}"); - break; - default: - break; - - } - } - /* last */ - ldns_buffer_printf(output, "\n"); - return ldns_buffer_status(output); -} - -ldns_status -ldns_rr2buffer_str(ldns_buffer *output, const ldns_rr *rr) -{ - return ldns_rr2buffer_str_fmt(output, ldns_output_format_default, rr); -} - -ldns_status -ldns_rr_list2buffer_str_fmt(ldns_buffer *output, - const ldns_output_format *fmt, const ldns_rr_list *list) -{ - uint16_t i; - - for(i = 0; i < ldns_rr_list_rr_count(list); i++) { - (void) ldns_rr2buffer_str_fmt(output, fmt, - ldns_rr_list_rr(list, i)); - } - return ldns_buffer_status(output); -} - -ldns_status -ldns_rr_list2buffer_str(ldns_buffer *output, const ldns_rr_list *list) -{ - return ldns_rr_list2buffer_str_fmt( - output, ldns_output_format_default, list); -} - -ldns_status -ldns_pktheader2buffer_str(ldns_buffer *output, const ldns_pkt *pkt) -{ - ldns_lookup_table *opcode = ldns_lookup_by_id(ldns_opcodes, - (int) ldns_pkt_get_opcode(pkt)); - ldns_lookup_table *rcode = ldns_lookup_by_id(ldns_rcodes, - (int) ldns_pkt_get_rcode(pkt)); - - ldns_buffer_printf(output, ";; ->>HEADER<<- "); - if (opcode) { - ldns_buffer_printf(output, "opcode: %s, ", opcode->name); - } else { - ldns_buffer_printf(output, "opcode: ?? (%u), ", - ldns_pkt_get_opcode(pkt)); - } - if (rcode) { - ldns_buffer_printf(output, "rcode: %s, ", rcode->name); - } else { - ldns_buffer_printf(output, "rcode: ?? (%u), ", ldns_pkt_get_rcode(pkt)); - } - ldns_buffer_printf(output, "id: %d\n", ldns_pkt_id(pkt)); - ldns_buffer_printf(output, ";; flags: "); - - if (ldns_pkt_qr(pkt)) { - ldns_buffer_printf(output, "qr "); - } - if (ldns_pkt_aa(pkt)) { - ldns_buffer_printf(output, "aa "); - } - if (ldns_pkt_tc(pkt)) { - ldns_buffer_printf(output, "tc "); - } - if (ldns_pkt_rd(pkt)) { - ldns_buffer_printf(output, "rd "); - } - if (ldns_pkt_cd(pkt)) { - ldns_buffer_printf(output, "cd "); - } - if (ldns_pkt_ra(pkt)) { - ldns_buffer_printf(output, "ra "); - } - if (ldns_pkt_ad(pkt)) { - ldns_buffer_printf(output, "ad "); - } - ldns_buffer_printf(output, "; "); - ldns_buffer_printf(output, "QUERY: %u, ", ldns_pkt_qdcount(pkt)); - ldns_buffer_printf(output, "ANSWER: %u, ", ldns_pkt_ancount(pkt)); - ldns_buffer_printf(output, "AUTHORITY: %u, ", ldns_pkt_nscount(pkt)); - ldns_buffer_printf(output, "ADDITIONAL: %u ", ldns_pkt_arcount(pkt)); - return ldns_buffer_status(output); -} - -ldns_status -ldns_pkt2buffer_str_fmt(ldns_buffer *output, - const ldns_output_format *fmt, const ldns_pkt *pkt) -{ - uint16_t i; - ldns_status status = LDNS_STATUS_OK; - char *tmp; - struct timeval time; - time_t time_tt; - - if (!pkt) { - ldns_buffer_printf(output, "null"); - return LDNS_STATUS_OK; - } - - if (ldns_buffer_status_ok(output)) { - status = ldns_pktheader2buffer_str(output, pkt); - if (status != LDNS_STATUS_OK) { - return status; - } - - ldns_buffer_printf(output, "\n"); - - ldns_buffer_printf(output, ";; QUESTION SECTION:\n;; "); - - - for (i = 0; i < ldns_pkt_qdcount(pkt); i++) { - status = ldns_rr2buffer_str_fmt(output, fmt, - ldns_rr_list_rr( - ldns_pkt_question(pkt), i)); - if (status != LDNS_STATUS_OK) { - return status; - } - } - ldns_buffer_printf(output, "\n"); - - ldns_buffer_printf(output, ";; ANSWER SECTION:\n"); - for (i = 0; i < ldns_pkt_ancount(pkt); i++) { - status = ldns_rr2buffer_str_fmt(output, fmt, - ldns_rr_list_rr( - ldns_pkt_answer(pkt), i)); - if (status != LDNS_STATUS_OK) { - return status; - } - - } - ldns_buffer_printf(output, "\n"); - - ldns_buffer_printf(output, ";; AUTHORITY SECTION:\n"); - - for (i = 0; i < ldns_pkt_nscount(pkt); i++) { - status = ldns_rr2buffer_str_fmt(output, fmt, - ldns_rr_list_rr( - ldns_pkt_authority(pkt), i)); - if (status != LDNS_STATUS_OK) { - return status; - } - } - ldns_buffer_printf(output, "\n"); - - ldns_buffer_printf(output, ";; ADDITIONAL SECTION:\n"); - for (i = 0; i < ldns_pkt_arcount(pkt); i++) { - status = ldns_rr2buffer_str_fmt(output, fmt, - ldns_rr_list_rr( - ldns_pkt_additional(pkt), i)); - if (status != LDNS_STATUS_OK) { - return status; - } - - } - ldns_buffer_printf(output, "\n"); - /* add some futher fields */ - ldns_buffer_printf(output, ";; Query time: %d msec\n", - ldns_pkt_querytime(pkt)); - if (ldns_pkt_edns(pkt)) { - ldns_buffer_printf(output, - ";; EDNS: version %u; flags:", - ldns_pkt_edns_version(pkt)); - if (ldns_pkt_edns_do(pkt)) { - ldns_buffer_printf(output, " do"); - } - /* the extended rcode is the value set, shifted four bits, - * and or'd with the original rcode */ - if (ldns_pkt_edns_extended_rcode(pkt)) { - ldns_buffer_printf(output, " ; ext-rcode: %d", - (ldns_pkt_edns_extended_rcode(pkt) << 4 | ldns_pkt_get_rcode(pkt))); - } - ldns_buffer_printf(output, " ; udp: %u\n", - ldns_pkt_edns_udp_size(pkt)); - - if (ldns_pkt_edns_data(pkt)) { - ldns_buffer_printf(output, ";; Data: "); - (void)ldns_rdf2buffer_str(output, - ldns_pkt_edns_data(pkt)); - ldns_buffer_printf(output, "\n"); - } - } - if (ldns_pkt_tsig(pkt)) { - ldns_buffer_printf(output, ";; TSIG:\n;; "); - (void) ldns_rr2buffer_str_fmt( - output, fmt, ldns_pkt_tsig(pkt)); - ldns_buffer_printf(output, "\n"); - } - if (ldns_pkt_answerfrom(pkt)) { - tmp = ldns_rdf2str(ldns_pkt_answerfrom(pkt)); - ldns_buffer_printf(output, ";; SERVER: %s\n", tmp); - LDNS_FREE(tmp); - } - time = ldns_pkt_timestamp(pkt); - time_tt = (time_t)time.tv_sec; - ldns_buffer_printf(output, ";; WHEN: %s", - (char*)ctime(&time_tt)); - - ldns_buffer_printf(output, ";; MSG SIZE rcvd: %d\n", - (int)ldns_pkt_size(pkt)); - } else { - return ldns_buffer_status(output); - } - return status; -} - -ldns_status -ldns_pkt2buffer_str(ldns_buffer *output, const ldns_pkt *pkt) -{ - return ldns_pkt2buffer_str_fmt(output, ldns_output_format_default, pkt); -} - - -#ifdef HAVE_SSL -static ldns_status -ldns_hmac_key2buffer_str(ldns_buffer *output, const ldns_key *k) -{ - ldns_status status; - size_t i; - ldns_rdf *b64_bignum; - - ldns_buffer_printf(output, "Key: "); - - i = ldns_key_hmac_size(k); - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, ldns_key_hmac_key(k)); - status = ldns_rdf2buffer_str(output, b64_bignum); - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - return status; -} -#endif - -#if defined(HAVE_SSL) && defined(USE_GOST) -static ldns_status -ldns_gost_key2buffer_str(ldns_buffer *output, EVP_PKEY *p) -{ - unsigned char* pp = NULL; - int ret; - ldns_rdf *b64_bignum; - ldns_status status; - - ldns_buffer_printf(output, "GostAsn1: "); - - ret = i2d_PrivateKey(p, &pp); - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, (size_t)ret, pp); - status = ldns_rdf2buffer_str(output, b64_bignum); - - ldns_rdf_deep_free(b64_bignum); - OPENSSL_free(pp); - ldns_buffer_printf(output, "\n"); - return status; -} -#endif - -ldns_status -ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k) -{ - ldns_status status = LDNS_STATUS_OK; - unsigned char *bignum; -#ifdef HAVE_SSL -# ifndef S_SPLINT_S - uint16_t i; -# endif - /* not used when ssl is not defined */ - /*@unused@*/ - ldns_rdf *b64_bignum = NULL; - - RSA *rsa; - DSA *dsa; -#endif /* HAVE_SSL */ - - if (!k) { - return LDNS_STATUS_ERR; - } - - bignum = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); - if (!bignum) { - return LDNS_STATUS_ERR; - } - - if (ldns_buffer_status_ok(output)) { -#ifdef HAVE_SSL - switch(ldns_key_algorithm(k)) { - case LDNS_SIGN_RSASHA1: - case LDNS_SIGN_RSASHA1_NSEC3: - case LDNS_SIGN_RSASHA256: - case LDNS_SIGN_RSASHA512: - case LDNS_SIGN_RSAMD5: - /* copied by looking at dnssec-keygen output */ - /* header */ - rsa = ldns_key_rsa_key(k); - - ldns_buffer_printf(output,"Private-key-format: v1.2\n"); - switch(ldns_key_algorithm(k)) { - case LDNS_SIGN_RSAMD5: - ldns_buffer_printf(output, - "Algorithm: %u (RSA)\n", - LDNS_RSAMD5); - break; - case LDNS_SIGN_RSASHA1: - ldns_buffer_printf(output, - "Algorithm: %u (RSASHA1)\n", - LDNS_RSASHA1); - break; - case LDNS_SIGN_RSASHA1_NSEC3: - ldns_buffer_printf(output, - "Algorithm: %u (RSASHA1_NSEC3)\n", - LDNS_RSASHA1_NSEC3); - break; -#ifdef USE_SHA2 - case LDNS_SIGN_RSASHA256: - ldns_buffer_printf(output, - "Algorithm: %u (RSASHA256)\n", - LDNS_RSASHA256); - break; - case LDNS_SIGN_RSASHA512: - ldns_buffer_printf(output, - "Algorithm: %u (RSASHA512)\n", - LDNS_RSASHA512); - break; -#endif - default: -#ifdef STDERR_MSGS - fprintf(stderr, "Warning: unknown signature "); - fprintf(stderr, - "algorithm type %u\n", - ldns_key_algorithm(k)); -#endif - ldns_buffer_printf(output, - "Algorithm: %u (Unknown)\n", - ldns_key_algorithm(k)); - break; - } - - /* print to buf, convert to bin, convert to b64, - * print to buf */ - ldns_buffer_printf(output, "Modulus: "); -#ifndef S_SPLINT_S - i = (uint16_t)BN_bn2bin(rsa->n, bignum); - if (i > LDNS_MAX_KEYLEN) { - goto error; - } - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); - if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { - ldns_rdf_deep_free(b64_bignum); - goto error; - } - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - ldns_buffer_printf(output, "PublicExponent: "); - i = (uint16_t)BN_bn2bin(rsa->e, bignum); - if (i > LDNS_MAX_KEYLEN) { - goto error; - } - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); - if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { - ldns_rdf_deep_free(b64_bignum); - goto error; - } - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - - ldns_buffer_printf(output, "PrivateExponent: "); - if (rsa->d) { - i = (uint16_t)BN_bn2bin(rsa->d, bignum); - if (i > LDNS_MAX_KEYLEN) { - goto error; - } - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); - if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { - ldns_rdf_deep_free(b64_bignum); - goto error; - } - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - } else { - ldns_buffer_printf(output, "(Not available)\n"); - } - - ldns_buffer_printf(output, "Prime1: "); - if (rsa->p) { - i = (uint16_t)BN_bn2bin(rsa->p, bignum); - if (i > LDNS_MAX_KEYLEN) { - goto error; - } - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); - if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { - ldns_rdf_deep_free(b64_bignum); - goto error; - } - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - } else { - ldns_buffer_printf(output, "(Not available)\n"); - } - - ldns_buffer_printf(output, "Prime2: "); - if (rsa->q) { - i = (uint16_t)BN_bn2bin(rsa->q, bignum); - if (i > LDNS_MAX_KEYLEN) { - goto error; - } - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); - if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { - ldns_rdf_deep_free(b64_bignum); - goto error; - } - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - } else { - ldns_buffer_printf(output, "(Not available)\n"); - } - - ldns_buffer_printf(output, "Exponent1: "); - if (rsa->dmp1) { - i = (uint16_t)BN_bn2bin(rsa->dmp1, bignum); - if (i > LDNS_MAX_KEYLEN) { - goto error; - } - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); - if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { - ldns_rdf_deep_free(b64_bignum); - goto error; - } - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - } else { - ldns_buffer_printf(output, "(Not available)\n"); - } - - ldns_buffer_printf(output, "Exponent2: "); - if (rsa->dmq1) { - i = (uint16_t)BN_bn2bin(rsa->dmq1, bignum); - if (i > LDNS_MAX_KEYLEN) { - goto error; - } - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); - if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { - ldns_rdf_deep_free(b64_bignum); - goto error; - } - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - } else { - ldns_buffer_printf(output, "(Not available)\n"); - } - - ldns_buffer_printf(output, "Coefficient: "); - if (rsa->iqmp) { - i = (uint16_t)BN_bn2bin(rsa->iqmp, bignum); - if (i > LDNS_MAX_KEYLEN) { - goto error; - } - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); - if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { - ldns_rdf_deep_free(b64_bignum); - goto error; - } - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - } else { - ldns_buffer_printf(output, "(Not available)\n"); - } -#endif /* splint */ - - RSA_free(rsa); - break; - case LDNS_SIGN_DSA: - case LDNS_SIGN_DSA_NSEC3: - dsa = ldns_key_dsa_key(k); - - ldns_buffer_printf(output,"Private-key-format: v1.2\n"); - if (ldns_key_algorithm(k) == LDNS_SIGN_DSA) { - ldns_buffer_printf(output,"Algorithm: 3 (DSA)\n"); - } else if (ldns_key_algorithm(k) == LDNS_SIGN_DSA_NSEC3) { - ldns_buffer_printf(output,"Algorithm: 6 (DSA_NSEC3)\n"); - } - - /* print to buf, convert to bin, convert to b64, - * print to buf */ - ldns_buffer_printf(output, "Prime(p): "); -#ifndef S_SPLINT_S - if (dsa->p) { - i = (uint16_t)BN_bn2bin(dsa->p, bignum); - if (i > LDNS_MAX_KEYLEN) { - goto error; - } - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); - if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { - ldns_rdf_deep_free(b64_bignum); - goto error; - } - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - } else { - printf("(Not available)\n"); - } - - ldns_buffer_printf(output, "Subprime(q): "); - if (dsa->q) { - i = (uint16_t)BN_bn2bin(dsa->q, bignum); - if (i > LDNS_MAX_KEYLEN) { - goto error; - } - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); - if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { - ldns_rdf_deep_free(b64_bignum); - goto error; - } - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - } else { - printf("(Not available)\n"); - } - - ldns_buffer_printf(output, "Base(g): "); - if (dsa->g) { - i = (uint16_t)BN_bn2bin(dsa->g, bignum); - if (i > LDNS_MAX_KEYLEN) { - goto error; - } - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); - if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { - ldns_rdf_deep_free(b64_bignum); - goto error; - } - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - } else { - printf("(Not available)\n"); - } - - ldns_buffer_printf(output, "Private_value(x): "); - if (dsa->priv_key) { - i = (uint16_t)BN_bn2bin(dsa->priv_key, bignum); - if (i > LDNS_MAX_KEYLEN) { - goto error; - } - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); - if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { - ldns_rdf_deep_free(b64_bignum); - goto error; - } - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - } else { - printf("(Not available)\n"); - } - - ldns_buffer_printf(output, "Public_value(y): "); - if (dsa->pub_key) { - i = (uint16_t)BN_bn2bin(dsa->pub_key, bignum); - if (i > LDNS_MAX_KEYLEN) { - goto error; - } - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); - if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { - ldns_rdf_deep_free(b64_bignum); - goto error; - } - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - } else { - printf("(Not available)\n"); - } -#endif /* splint */ - break; - case LDNS_SIGN_ECC_GOST: - /* no format defined, use blob */ -#if defined(HAVE_SSL) && defined(USE_GOST) - ldns_buffer_printf(output, "Private-key-format: v1.2\n"); - ldns_buffer_printf(output, "Algorithm: %d (ECC-GOST)\n", LDNS_SIGN_ECC_GOST); - status = ldns_gost_key2buffer_str(output, -#ifndef S_SPLINT_S - k->_key.key -#else - NULL -#endif - ); -#else - goto error; -#endif /* GOST */ - break; - case LDNS_SIGN_ECDSAP256SHA256: - case LDNS_SIGN_ECDSAP384SHA384: -#ifdef USE_ECDSA - ldns_buffer_printf(output, "Private-key-format: v1.2\n"); - ldns_buffer_printf(output, "Algorithm: %d (", ldns_key_algorithm(k)); - status=ldns_algorithm2buffer_str(output, (ldns_algorithm)ldns_key_algorithm(k)); -#ifndef S_SPLINT_S - ldns_buffer_printf(output, ")\n"); - if(k->_key.key) { - EC_KEY* ec = EVP_PKEY_get1_EC_KEY(k->_key.key); - const BIGNUM* b = EC_KEY_get0_private_key(ec); - ldns_buffer_printf(output, "PrivateKey: "); - i = (uint16_t)BN_bn2bin(b, bignum); - if (i > LDNS_MAX_KEYLEN) { - goto error; - } - b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); - if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { - ldns_rdf_deep_free(b64_bignum); - goto error; - } - ldns_rdf_deep_free(b64_bignum); - ldns_buffer_printf(output, "\n"); - /* down reference count in EC_KEY - * its still assigned to the PKEY */ - EC_KEY_free(ec); - } -#endif /* splint */ -#else - goto error; -#endif /* ECDSA */ - break; - case LDNS_SIGN_HMACMD5: - /* there's not much of a format defined for TSIG */ - /* It's just a binary blob, Same for all algorithms */ - ldns_buffer_printf(output, "Private-key-format: v1.2\n"); - ldns_buffer_printf(output, "Algorithm: 157 (HMAC_MD5)\n"); - status = ldns_hmac_key2buffer_str(output, k); - break; - case LDNS_SIGN_HMACSHA1: - ldns_buffer_printf(output, "Private-key-format: v1.2\n"); - ldns_buffer_printf(output, "Algorithm: 158 (HMAC_SHA1)\n"); - status = ldns_hmac_key2buffer_str(output, k); - break; - case LDNS_SIGN_HMACSHA256: - ldns_buffer_printf(output, "Private-key-format: v1.2\n"); - ldns_buffer_printf(output, "Algorithm: 159 (HMAC_SHA256)\n"); - status = ldns_hmac_key2buffer_str(output, k); - break; - } -#endif /* HAVE_SSL */ - } else { - LDNS_FREE(bignum); - return ldns_buffer_status(output); - } - LDNS_FREE(bignum); - return status; - -#ifdef HAVE_SSL - /* compiles warn the label isn't used */ -error: - LDNS_FREE(bignum); - return LDNS_STATUS_ERR; -#endif /* HAVE_SSL */ - -} - -/* - * Zero terminate the buffer and copy data. - */ -char * -ldns_buffer2str(ldns_buffer *buffer) -{ - char *str; - - /* check if buffer ends with \0, if not, and - if there is space, add it */ - if (*(ldns_buffer_at(buffer, ldns_buffer_position(buffer))) != 0) { - if (!ldns_buffer_reserve(buffer, 1)) { - return NULL; - } - ldns_buffer_write_u8(buffer, (uint8_t) '\0'); - if (!ldns_buffer_set_capacity(buffer, ldns_buffer_position(buffer))) { - return NULL; - } - } - - str = strdup((const char *)ldns_buffer_begin(buffer)); - if(!str) { - return NULL; - } - return str; -} - -/* - * Zero terminate the buffer and export data. - */ -char * -ldns_buffer_export2str(ldns_buffer *buffer) -{ - /* Append '\0' as string terminator */ - if (! ldns_buffer_reserve(buffer, 1)) { - return NULL; - } - ldns_buffer_write_u8(buffer, 0); - - /* reallocate memory to the size of the string and export */ - ldns_buffer_set_capacity(buffer, ldns_buffer_position(buffer)); - return ldns_buffer_export(buffer); -} - -char * -ldns_rdf2str(const ldns_rdf *rdf) -{ - char *result = NULL; - ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); - - if (!tmp_buffer) { - return NULL; - } - if (ldns_rdf2buffer_str(tmp_buffer, rdf) == LDNS_STATUS_OK) { - /* export and return string, destroy rest */ - result = ldns_buffer_export2str(tmp_buffer); - } - ldns_buffer_free(tmp_buffer); - return result; -} - -char * -ldns_rr2str_fmt(const ldns_output_format *fmt, const ldns_rr *rr) -{ - char *result = NULL; - ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); - - if (!tmp_buffer) { - return NULL; - } - if (ldns_rr2buffer_str_fmt(tmp_buffer, fmt, rr) - == LDNS_STATUS_OK) { - /* export and return string, destroy rest */ - result = ldns_buffer_export2str(tmp_buffer); - } - ldns_buffer_free(tmp_buffer); - return result; -} - -char * -ldns_rr2str(const ldns_rr *rr) -{ - return ldns_rr2str_fmt(ldns_output_format_default, rr); -} - -char * -ldns_pkt2str_fmt(const ldns_output_format *fmt, const ldns_pkt *pkt) -{ - char *result = NULL; - ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); - - if (!tmp_buffer) { - return NULL; - } - if (ldns_pkt2buffer_str_fmt(tmp_buffer, fmt, pkt) - == LDNS_STATUS_OK) { - /* export and return string, destroy rest */ - result = ldns_buffer_export2str(tmp_buffer); - } - - ldns_buffer_free(tmp_buffer); - return result; -} - -char * -ldns_pkt2str(const ldns_pkt *pkt) -{ - return ldns_pkt2str_fmt(ldns_output_format_default, pkt); -} - -char * -ldns_key2str(const ldns_key *k) -{ - char *result = NULL; - ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); - - if (!tmp_buffer) { - return NULL; - } - if (ldns_key2buffer_str(tmp_buffer, k) == LDNS_STATUS_OK) { - /* export and return string, destroy rest */ - result = ldns_buffer_export2str(tmp_buffer); - } - ldns_buffer_free(tmp_buffer); - return result; -} - -char * -ldns_rr_list2str_fmt(const ldns_output_format *fmt, const ldns_rr_list *list) -{ - char *result = NULL; - ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); - - if (!tmp_buffer) { - return NULL; - } - if (list) { - if (ldns_rr_list2buffer_str_fmt( - tmp_buffer, fmt, list) - == LDNS_STATUS_OK) { - } - } else { - if (fmt == NULL) { - fmt = ldns_output_format_default; - } - if (fmt->flags & LDNS_COMMENT_NULLS) { - ldns_buffer_printf(tmp_buffer, "; (null)\n"); - } - } - - /* export and return string, destroy rest */ - result = ldns_buffer_export2str(tmp_buffer); - ldns_buffer_free(tmp_buffer); - return result; -} - -char * -ldns_rr_list2str(const ldns_rr_list *list) -{ - return ldns_rr_list2str_fmt(ldns_output_format_default, list); -} - -void -ldns_rdf_print(FILE *output, const ldns_rdf *rdf) -{ - char *str = ldns_rdf2str(rdf); - if (str) { - fprintf(output, "%s", str); - } else { - fprintf(output, ";Unable to convert rdf to string\n"); - } - LDNS_FREE(str); -} - -void -ldns_rr_print_fmt(FILE *output, - const ldns_output_format *fmt, const ldns_rr *rr) -{ - char *str = ldns_rr2str_fmt(fmt, rr); - if (str) { - fprintf(output, "%s", str); - } else { - fprintf(output, ";Unable to convert rr to string\n"); - } - LDNS_FREE(str); -} - -void -ldns_rr_print(FILE *output, const ldns_rr *rr) -{ - ldns_rr_print_fmt(output, ldns_output_format_default, rr); -} - -void -ldns_pkt_print_fmt(FILE *output, - const ldns_output_format *fmt, const ldns_pkt *pkt) -{ - char *str = ldns_pkt2str_fmt(fmt, pkt); - if (str) { - fprintf(output, "%s", str); - } else { - fprintf(output, ";Unable to convert packet to string\n"); - } - LDNS_FREE(str); -} - -void -ldns_pkt_print(FILE *output, const ldns_pkt *pkt) -{ - ldns_pkt_print_fmt(output, ldns_output_format_default, pkt); -} - -void -ldns_rr_list_print_fmt(FILE *output, - const ldns_output_format *fmt, const ldns_rr_list *lst) -{ - size_t i; - for (i = 0; i < ldns_rr_list_rr_count(lst); i++) { - ldns_rr_print_fmt(output, fmt, ldns_rr_list_rr(lst, i)); - } -} - -void -ldns_rr_list_print(FILE *output, const ldns_rr_list *lst) -{ - ldns_rr_list_print_fmt(output, ldns_output_format_default, lst); -} - -void -ldns_resolver_print_fmt(FILE *output, - const ldns_output_format *fmt, const ldns_resolver *r) -{ - uint16_t i; - ldns_rdf **n; - ldns_rdf **s; - size_t *rtt; - if (!r) { - return; - } - n = ldns_resolver_nameservers(r); - s = ldns_resolver_searchlist(r); - rtt = ldns_resolver_rtt(r); - - fprintf(output, "port: %d\n", (int)ldns_resolver_port(r)); - fprintf(output, "edns0 size: %d\n", (int)ldns_resolver_edns_udp_size(r)); - fprintf(output, "use ip6: %d\n", (int)ldns_resolver_ip6(r)); - - fprintf(output, "recursive: %d\n", ldns_resolver_recursive(r)); - fprintf(output, "usevc: %d\n", ldns_resolver_usevc(r)); - fprintf(output, "igntc: %d\n", ldns_resolver_igntc(r)); - fprintf(output, "fail: %d\n", ldns_resolver_fail(r)); - fprintf(output, "retry: %d\n", (int)ldns_resolver_retry(r)); - fprintf(output, "retrans: %d\n", (int)ldns_resolver_retrans(r)); - fprintf(output, "fallback: %d\n", ldns_resolver_fallback(r)); - fprintf(output, "random: %d\n", ldns_resolver_random(r)); - fprintf(output, "timeout: %d\n", (int)ldns_resolver_timeout(r).tv_sec); - fprintf(output, "dnssec: %d\n", ldns_resolver_dnssec(r)); - fprintf(output, "dnssec cd: %d\n", ldns_resolver_dnssec_cd(r)); - fprintf(output, "trust anchors (%d listed):\n", - (int)ldns_rr_list_rr_count(ldns_resolver_dnssec_anchors(r))); - ldns_rr_list_print_fmt(output, fmt, ldns_resolver_dnssec_anchors(r)); - fprintf(output, "tsig: %s %s\n", - ldns_resolver_tsig_keyname(r)?ldns_resolver_tsig_keyname(r):"-", - ldns_resolver_tsig_algorithm(r)?ldns_resolver_tsig_algorithm(r):"-"); - fprintf(output, "debug: %d\n", ldns_resolver_debug(r)); - - fprintf(output, "default domain: "); - ldns_rdf_print(output, ldns_resolver_domain(r)); - fprintf(output, "\n"); - fprintf(output, "apply default domain: %d\n", ldns_resolver_defnames(r)); - - fprintf(output, "searchlist (%d listed):\n", (int)ldns_resolver_searchlist_count(r)); - for (i = 0; i < ldns_resolver_searchlist_count(r); i++) { - fprintf(output, "\t"); - ldns_rdf_print(output, s[i]); - fprintf(output, "\n"); - } - fprintf(output, "apply search list: %d\n", ldns_resolver_dnsrch(r)); - - fprintf(output, "nameservers (%d listed):\n", (int)ldns_resolver_nameserver_count(r)); - for (i = 0; i < ldns_resolver_nameserver_count(r); i++) { - fprintf(output, "\t"); - ldns_rdf_print(output, n[i]); - - switch ((int)rtt[i]) { - case LDNS_RESOLV_RTT_MIN: - fprintf(output, " - reachable\n"); - break; - case LDNS_RESOLV_RTT_INF: - fprintf(output, " - unreachable\n"); - break; - } - } -} - -void -ldns_resolver_print(FILE *output, const ldns_resolver *r) -{ - ldns_resolver_print_fmt(output, ldns_output_format_default, r); -} - -void -ldns_zone_print_fmt(FILE *output, - const ldns_output_format *fmt, const ldns_zone *z) -{ - if(ldns_zone_soa(z)) - ldns_rr_print_fmt(output, fmt, ldns_zone_soa(z)); - ldns_rr_list_print_fmt(output, fmt, ldns_zone_rrs(z)); -} -void -ldns_zone_print(FILE *output, const ldns_zone *z) -{ - ldns_zone_print_fmt(output, ldns_output_format_default, z); -} diff --git a/src/ldns/host2wire.c b/src/ldns/host2wire.c deleted file mode 100644 index 06f45ba..0000000 --- a/src/ldns/host2wire.c +++ /dev/null @@ -1,494 +0,0 @@ -/* - * host2wire.c - * - * conversion routines from the host to the wire format. - * This will usually just a re-ordering of the - * data (as we store it in network format) - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ - -#include - -#include - -ldns_status -ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name) -{ - return ldns_dname2buffer_wire_compress(buffer, name, NULL); -} - -ldns_status -ldns_dname2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *name, ldns_rbtree_t *compression_data) -{ - ldns_rbnode_t *node; - uint8_t *data; - size_t size; - ldns_rdf *label; - ldns_rdf *rest; - ldns_status s; - - /* If no tree, just add the data */ - if(!compression_data) - { - if (ldns_buffer_reserve(buffer, ldns_rdf_size(name))) - { - ldns_buffer_write(buffer, ldns_rdf_data(name), ldns_rdf_size(name)); - } - return ldns_buffer_status(buffer); - } - - /* No labels left, write final zero */ - if(ldns_dname_label_count(name)==0) - { - if(ldns_buffer_reserve(buffer,1)) - { - ldns_buffer_write_u8(buffer, 0); - } - return ldns_buffer_status(buffer); - } - - /* Can we find the name in the tree? */ - if((node = ldns_rbtree_search(compression_data, ldns_rdf_data(name))) != NULL) - { - /* Found */ - uint16_t position = (uint16_t) (intptr_t) node->data | 0xC000; - if (ldns_buffer_reserve(buffer, 2)) - { - ldns_buffer_write_u16(buffer, position); - } - return ldns_buffer_status(buffer); - } - else - { - /* Not found. Write cache entry, take off first label, write it, */ - /* try again with the rest of the name. */ - ldns_rbnode_t *node = LDNS_MALLOC(ldns_rbnode_t); - if(!node) - { - return LDNS_STATUS_MEM_ERR; - } - if (ldns_buffer_position(buffer) < 16384) { - node->key = strdup((const char *)ldns_rdf_data(name)); - node->data = (void *) (intptr_t) ldns_buffer_position(buffer); - if(!ldns_rbtree_insert(compression_data,node)) - { - /* fprintf(stderr,"Name not found but now it's there?\n"); */ - } - } - label = ldns_dname_label(name, 0); - rest = ldns_dname_left_chop(name); - size = ldns_rdf_size(label) - 1; /* Don't want the final zero */ - data = ldns_rdf_data(label); - if(ldns_buffer_reserve(buffer, size)) - { - ldns_buffer_write(buffer, data, size); - } - ldns_rdf_deep_free(label); - s = ldns_dname2buffer_wire_compress(buffer, rest, compression_data); - ldns_rdf_deep_free(rest); - return s; - } -} - -ldns_status -ldns_rdf2buffer_wire(ldns_buffer *buffer, const ldns_rdf *rdf) -{ - return ldns_rdf2buffer_wire_compress(buffer, rdf, NULL); -} - -ldns_status -ldns_rdf2buffer_wire_compress(ldns_buffer *buffer, const ldns_rdf *rdf, ldns_rbtree_t *compression_data) -{ - /* If it's a DNAME, call that function to get compression */ - if(compression_data && ldns_rdf_get_type(rdf) == LDNS_RDF_TYPE_DNAME) - { - return ldns_dname2buffer_wire_compress(buffer,rdf,compression_data); - } - - if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) { - ldns_buffer_write(buffer, ldns_rdf_data(rdf), ldns_rdf_size(rdf)); - } - return ldns_buffer_status(buffer); -} - -ldns_status -ldns_rdf2buffer_wire_canonical(ldns_buffer *buffer, const ldns_rdf *rdf) -{ - size_t i; - uint8_t *rdf_data; - - if (ldns_rdf_get_type(rdf) == LDNS_RDF_TYPE_DNAME) { - if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) { - rdf_data = ldns_rdf_data(rdf); - for (i = 0; i < ldns_rdf_size(rdf); i++) { - ldns_buffer_write_u8(buffer, - (uint8_t) LDNS_DNAME_NORMALIZE((int)rdf_data[i])); - } - } - } else { - /* direct copy for all other types */ - if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) { - ldns_buffer_write(buffer, - ldns_rdf_data(rdf), - ldns_rdf_size(rdf)); - } - } - return ldns_buffer_status(buffer); -} - -/* convert a rr list to wireformat */ -ldns_status -ldns_rr_list2buffer_wire(ldns_buffer *buffer,const ldns_rr_list *rr_list) -{ - uint16_t rr_count; - uint16_t i; - - rr_count = ldns_rr_list_rr_count(rr_list); - for(i = 0; i < rr_count; i++) { - (void)ldns_rr2buffer_wire(buffer, ldns_rr_list_rr(rr_list, i), - LDNS_SECTION_ANY); - } - return ldns_buffer_status(buffer); -} - - -ldns_status -ldns_rr2buffer_wire_canonical(ldns_buffer *buffer, - const ldns_rr *rr, - int section) -{ - uint16_t i; - uint16_t rdl_pos = 0; - bool pre_rfc3597 = false; - switch (ldns_rr_get_type(rr)) { - case LDNS_RR_TYPE_NS: - case LDNS_RR_TYPE_MD: - case LDNS_RR_TYPE_MF: - case LDNS_RR_TYPE_CNAME: - case LDNS_RR_TYPE_SOA: - case LDNS_RR_TYPE_MB: - case LDNS_RR_TYPE_MG: - case LDNS_RR_TYPE_MR: - case LDNS_RR_TYPE_PTR: - case LDNS_RR_TYPE_HINFO: - case LDNS_RR_TYPE_MINFO: - case LDNS_RR_TYPE_MX: - case LDNS_RR_TYPE_RP: - case LDNS_RR_TYPE_AFSDB: - case LDNS_RR_TYPE_RT: - case LDNS_RR_TYPE_SIG: - case LDNS_RR_TYPE_PX: - case LDNS_RR_TYPE_NXT: - case LDNS_RR_TYPE_NAPTR: - case LDNS_RR_TYPE_KX: - case LDNS_RR_TYPE_SRV: - case LDNS_RR_TYPE_DNAME: - case LDNS_RR_TYPE_A6: - case LDNS_RR_TYPE_RRSIG: - pre_rfc3597 = true; - break; - default: - break; - } - - if (ldns_rr_owner(rr)) { - (void) ldns_rdf2buffer_wire_canonical(buffer, ldns_rr_owner(rr)); - } - - if (ldns_buffer_reserve(buffer, 4)) { - (void) ldns_buffer_write_u16(buffer, ldns_rr_get_type(rr)); - (void) ldns_buffer_write_u16(buffer, ldns_rr_get_class(rr)); - } - - if (section != LDNS_SECTION_QUESTION) { - if (ldns_buffer_reserve(buffer, 6)) { - ldns_buffer_write_u32(buffer, ldns_rr_ttl(rr)); - /* remember pos for later */ - rdl_pos = ldns_buffer_position(buffer); - ldns_buffer_write_u16(buffer, 0); - } - for (i = 0; i < ldns_rr_rd_count(rr); i++) { - if (pre_rfc3597) { - (void) ldns_rdf2buffer_wire_canonical( - buffer, ldns_rr_rdf(rr, i)); - } else { - (void) ldns_rdf2buffer_wire( - buffer, ldns_rr_rdf(rr, i)); - } - } - if (rdl_pos != 0) { - ldns_buffer_write_u16_at(buffer, rdl_pos, - ldns_buffer_position(buffer) - - rdl_pos - 2); - } - } - return ldns_buffer_status(buffer); -} - -ldns_status -ldns_rr2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr, int section) -{ - return ldns_rr2buffer_wire_compress(buffer,rr,section,NULL); -} - -ldns_status -ldns_rr2buffer_wire_compress(ldns_buffer *buffer, const ldns_rr *rr, int section, ldns_rbtree_t *compression_data) -{ - uint16_t i; - uint16_t rdl_pos = 0; - - if (ldns_rr_owner(rr)) { - (void) ldns_dname2buffer_wire_compress(buffer, ldns_rr_owner(rr), compression_data); - } - - if (ldns_buffer_reserve(buffer, 4)) { - (void) ldns_buffer_write_u16(buffer, ldns_rr_get_type(rr)); - (void) ldns_buffer_write_u16(buffer, ldns_rr_get_class(rr)); - } - - if (section != LDNS_SECTION_QUESTION) { - if (ldns_buffer_reserve(buffer, 6)) { - ldns_buffer_write_u32(buffer, ldns_rr_ttl(rr)); - /* remember pos for later */ - rdl_pos = ldns_buffer_position(buffer); - ldns_buffer_write_u16(buffer, 0); - } - if (LDNS_RR_COMPRESS == - ldns_rr_descript(ldns_rr_get_type(rr))->_compress) { - - for (i = 0; i < ldns_rr_rd_count(rr); i++) { - (void) ldns_rdf2buffer_wire_compress(buffer, - ldns_rr_rdf(rr, i), compression_data); - } - } else { - for (i = 0; i < ldns_rr_rd_count(rr); i++) { - (void) ldns_rdf2buffer_wire( - buffer, ldns_rr_rdf(rr, i)); - } - } - if (rdl_pos != 0) { - ldns_buffer_write_u16_at(buffer, rdl_pos, - ldns_buffer_position(buffer) - - rdl_pos - 2); - } - } - return ldns_buffer_status(buffer); -} - -ldns_status -ldns_rrsig2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr) -{ - uint16_t i; - - /* it must be a sig RR */ - if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) { - return LDNS_STATUS_ERR; - } - - /* Convert all the rdfs, except the actual signature data - * rdf number 8 - the last, hence: -1 */ - for (i = 0; i < ldns_rr_rd_count(rr) - 1; i++) { - (void) ldns_rdf2buffer_wire_canonical(buffer, - ldns_rr_rdf(rr, i)); - } - - return ldns_buffer_status(buffer); -} - -ldns_status -ldns_rr_rdata2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr) -{ - uint16_t i; - - /* convert all the rdf's */ - for (i = 0; i < ldns_rr_rd_count(rr); i++) { - (void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr,i)); - } - return ldns_buffer_status(buffer); -} - -/* - * Copies the packet header data to the buffer in wire format - */ -static ldns_status -ldns_hdr2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet) -{ - uint8_t flags; - uint16_t arcount; - - if (ldns_buffer_reserve(buffer, 12)) { - ldns_buffer_write_u16(buffer, ldns_pkt_id(packet)); - - flags = ldns_pkt_qr(packet) << 7 - | ldns_pkt_get_opcode(packet) << 3 - | ldns_pkt_aa(packet) << 2 - | ldns_pkt_tc(packet) << 1 | ldns_pkt_rd(packet); - ldns_buffer_write_u8(buffer, flags); - - flags = ldns_pkt_ra(packet) << 7 - /*| ldns_pkt_z(packet) << 6*/ - | ldns_pkt_ad(packet) << 5 - | ldns_pkt_cd(packet) << 4 - | ldns_pkt_get_rcode(packet); - ldns_buffer_write_u8(buffer, flags); - - ldns_buffer_write_u16(buffer, ldns_pkt_qdcount(packet)); - ldns_buffer_write_u16(buffer, ldns_pkt_ancount(packet)); - ldns_buffer_write_u16(buffer, ldns_pkt_nscount(packet)); - /* add EDNS0 and TSIG to additional if they are there */ - arcount = ldns_pkt_arcount(packet); - if (ldns_pkt_tsig(packet)) { - arcount++; - } - if (ldns_pkt_edns(packet)) { - arcount++; - } - ldns_buffer_write_u16(buffer, arcount); - } - - return ldns_buffer_status(buffer); -} - -void -compression_node_free(ldns_rbnode_t *node, void *arg) -{ - (void)arg; /* Yes, dear compiler, it is used */ - free((void *)node->key); - LDNS_FREE(node); -} - -ldns_status -ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet) -{ - ldns_rr_list *rr_list; - uint16_t i; - - /* edns tmp vars */ - ldns_rr *edns_rr; - uint8_t edata[4]; - - ldns_rbtree_t *compression_data = ldns_rbtree_create((int (*)(const void *, const void *))strcasecmp); - - (void) ldns_hdr2buffer_wire(buffer, packet); - - rr_list = ldns_pkt_question(packet); - if (rr_list) { - for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { - (void) ldns_rr2buffer_wire_compress(buffer, - ldns_rr_list_rr(rr_list, i), LDNS_SECTION_QUESTION, compression_data); - } - } - rr_list = ldns_pkt_answer(packet); - if (rr_list) { - for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { - (void) ldns_rr2buffer_wire_compress(buffer, - ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ANSWER, compression_data); - } - } - rr_list = ldns_pkt_authority(packet); - if (rr_list) { - for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { - (void) ldns_rr2buffer_wire_compress(buffer, - ldns_rr_list_rr(rr_list, i), LDNS_SECTION_AUTHORITY, compression_data); - } - } - rr_list = ldns_pkt_additional(packet); - if (rr_list) { - for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { - (void) ldns_rr2buffer_wire_compress(buffer, - ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ADDITIONAL, compression_data); - } - } - - /* add EDNS to additional if it is needed */ - if (ldns_pkt_edns(packet)) { - edns_rr = ldns_rr_new(); - if(!edns_rr) return LDNS_STATUS_MEM_ERR; - ldns_rr_set_owner(edns_rr, - ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, ".")); - ldns_rr_set_type(edns_rr, LDNS_RR_TYPE_OPT); - ldns_rr_set_class(edns_rr, ldns_pkt_edns_udp_size(packet)); - edata[0] = ldns_pkt_edns_extended_rcode(packet); - edata[1] = ldns_pkt_edns_version(packet); - ldns_write_uint16(&edata[2], ldns_pkt_edns_z(packet)); - ldns_rr_set_ttl(edns_rr, ldns_read_uint32(edata)); - /* don't forget to add the edns rdata (if any) */ - if (packet->_edns_data) - ldns_rr_push_rdf (edns_rr, packet->_edns_data); - (void)ldns_rr2buffer_wire_compress(buffer, edns_rr, LDNS_SECTION_ADDITIONAL, compression_data); - /* take the edns rdata back out of the rr before we free rr */ - if (packet->_edns_data) - (void)ldns_rr_pop_rdf (edns_rr); - ldns_rr_free(edns_rr); - } - - /* add TSIG to additional if it is there */ - if (ldns_pkt_tsig(packet)) { - (void) ldns_rr2buffer_wire_compress(buffer, - ldns_pkt_tsig(packet), LDNS_SECTION_ADDITIONAL, compression_data); - } - - ldns_traverse_postorder(compression_data,compression_node_free,NULL); - ldns_rbtree_free(compression_data); - - return LDNS_STATUS_OK; -} - -ldns_status -ldns_rdf2wire(uint8_t **dest, const ldns_rdf *rdf, size_t *result_size) -{ - ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); - ldns_status status; - *result_size = 0; - *dest = NULL; - if(!buffer) return LDNS_STATUS_MEM_ERR; - - status = ldns_rdf2buffer_wire(buffer, rdf); - if (status == LDNS_STATUS_OK) { - *result_size = ldns_buffer_position(buffer); - *dest = (uint8_t *) ldns_buffer_export(buffer); - } - ldns_buffer_free(buffer); - return status; -} - -ldns_status -ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int section, size_t *result_size) -{ - ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); - ldns_status status; - *result_size = 0; - *dest = NULL; - if(!buffer) return LDNS_STATUS_MEM_ERR; - - status = ldns_rr2buffer_wire(buffer, rr, section); - if (status == LDNS_STATUS_OK) { - *result_size = ldns_buffer_position(buffer); - *dest = (uint8_t *) ldns_buffer_export(buffer); - } - ldns_buffer_free(buffer); - return status; -} - -ldns_status -ldns_pkt2wire(uint8_t **dest, const ldns_pkt *packet, size_t *result_size) -{ - ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); - ldns_status status; - *result_size = 0; - *dest = NULL; - if(!buffer) return LDNS_STATUS_MEM_ERR; - - status = ldns_pkt2buffer_wire(buffer, packet); - if (status == LDNS_STATUS_OK) { - *result_size = ldns_buffer_position(buffer); - *dest = (uint8_t *) ldns_buffer_export(buffer); - } - ldns_buffer_free(buffer); - return status; -} diff --git a/src/ldns/keys.c b/src/ldns/keys.c deleted file mode 100644 index 8b43821..0000000 --- a/src/ldns/keys.c +++ /dev/null @@ -1,1726 +0,0 @@ -/* - * keys.c handle private keys for use in DNSSEC - * - * This module should hide some of the openSSL complexities - * and give a general interface for private keys and hmac - * handling - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ - -#include - -#include - -#ifdef HAVE_SSL -#include -#include -#include -#endif /* HAVE_SSL */ - -ldns_lookup_table ldns_signing_algorithms[] = { - { LDNS_SIGN_RSAMD5, "RSAMD5" }, - { LDNS_SIGN_RSASHA1, "RSASHA1" }, - { LDNS_SIGN_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" }, -#ifdef USE_SHA2 - { LDNS_SIGN_RSASHA256, "RSASHA256" }, - { LDNS_SIGN_RSASHA512, "RSASHA512" }, -#endif -#ifdef USE_GOST - { LDNS_SIGN_ECC_GOST, "ECC-GOST" }, -#endif -#ifdef USE_ECDSA - { LDNS_SIGN_ECDSAP256SHA256, "ECDSAP256SHA256" }, - { LDNS_SIGN_ECDSAP384SHA384, "ECDSAP384SHA384" }, -#endif - { LDNS_SIGN_DSA, "DSA" }, - { LDNS_SIGN_DSA_NSEC3, "DSA-NSEC3-SHA1" }, - { LDNS_SIGN_HMACMD5, "hmac-md5.sig-alg.reg.int" }, - { LDNS_SIGN_HMACSHA1, "hmac-sha1" }, - { LDNS_SIGN_HMACSHA256, "hmac-sha256" }, - { 0, NULL } -}; - -ldns_key_list * -ldns_key_list_new(void) -{ - ldns_key_list *key_list = LDNS_MALLOC(ldns_key_list); - if (!key_list) { - return NULL; - } else { - key_list->_key_count = 0; - key_list->_keys = NULL; - return key_list; - } -} - -ldns_key * -ldns_key_new(void) -{ - ldns_key *newkey; - - newkey = LDNS_MALLOC(ldns_key); - if (!newkey) { - return NULL; - } else { - /* some defaults - not sure wether to do this */ - ldns_key_set_use(newkey, true); - ldns_key_set_flags(newkey, LDNS_KEY_ZONE_KEY); - ldns_key_set_origttl(newkey, 0); - ldns_key_set_keytag(newkey, 0); - ldns_key_set_inception(newkey, 0); - ldns_key_set_expiration(newkey, 0); - ldns_key_set_pubkey_owner(newkey, NULL); -#ifdef HAVE_SSL - ldns_key_set_evp_key(newkey, NULL); -#endif /* HAVE_SSL */ - ldns_key_set_hmac_key(newkey, NULL); - ldns_key_set_external_key(newkey, NULL); - return newkey; - } -} - -ldns_status -ldns_key_new_frm_fp(ldns_key **k, FILE *fp) -{ - return ldns_key_new_frm_fp_l(k, fp, NULL); -} - -#ifdef HAVE_SSL -ldns_status -ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg) -{ - ldns_key *k; - - k = ldns_key_new(); - if(!k) return LDNS_STATUS_MEM_ERR; -#ifndef S_SPLINT_S - k->_key.key = ENGINE_load_private_key(e, key_id, UI_OpenSSL(), NULL); - if(!k->_key.key) { - ldns_key_free(k); - return LDNS_STATUS_ERR; - } - ldns_key_set_algorithm(k, (ldns_signing_algorithm) alg); - if (!k->_key.key) { - ldns_key_free(k); - return LDNS_STATUS_ENGINE_KEY_NOT_LOADED; - } -#endif /* splint */ - *key = k; - return LDNS_STATUS_OK; -} -#endif - -#ifdef USE_GOST -/** store GOST engine reference loaded into OpenSSL library */ -ENGINE* ldns_gost_engine = NULL; - -int -ldns_key_EVP_load_gost_id(void) -{ - static int gost_id = 0; - const EVP_PKEY_ASN1_METHOD* meth; - ENGINE* e; - - if(gost_id) return gost_id; - - /* see if configuration loaded gost implementation from other engine*/ - meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1); - if(meth) { - EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); - return gost_id; - } - - /* see if engine can be loaded already */ - e = ENGINE_by_id("gost"); - if(!e) { - /* load it ourself, in case statically linked */ - ENGINE_load_builtin_engines(); - ENGINE_load_dynamic(); - e = ENGINE_by_id("gost"); - } - if(!e) { - /* no gost engine in openssl */ - return 0; - } - if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { - ENGINE_finish(e); - ENGINE_free(e); - return 0; - } - - meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1); - if(!meth) { - /* algo not found */ - ENGINE_finish(e); - ENGINE_free(e); - return 0; - } - /* Note: do not ENGINE_finish and ENGINE_free the acquired engine - * on some platforms this frees up the meth and unloads gost stuff */ - ldns_gost_engine = e; - - EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); - return gost_id; -} - -void ldns_key_EVP_unload_gost(void) -{ - if(ldns_gost_engine) { - ENGINE_finish(ldns_gost_engine); - ENGINE_free(ldns_gost_engine); - ldns_gost_engine = NULL; - } -} - -/** read GOST private key */ -static EVP_PKEY* -ldns_key_new_frm_fp_gost_l(FILE* fp, int* line_nr) -{ - char token[16384]; - const unsigned char* pp; - int gost_id; - EVP_PKEY* pkey; - ldns_rdf* b64rdf = NULL; - - gost_id = ldns_key_EVP_load_gost_id(); - if(!gost_id) - return NULL; - - if (ldns_fget_keyword_data_l(fp, "GostAsn1", ": ", token, "\n", - sizeof(token), line_nr) == -1) - return NULL; - while(strlen(token) < 96) { - /* read more b64 from the file, b64 split on multiple lines */ - if(ldns_fget_token_l(fp, token+strlen(token), "\n", - sizeof(token)-strlen(token), line_nr) == -1) - return NULL; - } - if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK) - return NULL; - pp = (unsigned char*)ldns_rdf_data(b64rdf); - pkey = d2i_PrivateKey(gost_id, NULL, &pp, (int)ldns_rdf_size(b64rdf)); - ldns_rdf_deep_free(b64rdf); - return pkey; -} -#endif - -#ifdef USE_ECDSA -/** calculate public key from private key */ -static int -ldns_EC_KEY_calc_public(EC_KEY* ec) -{ - EC_POINT* pub_key; - const EC_GROUP* group; - group = EC_KEY_get0_group(ec); - pub_key = EC_POINT_new(group); - if(!pub_key) return 0; - if(!EC_POINT_copy(pub_key, EC_GROUP_get0_generator(group))) { - EC_POINT_free(pub_key); - return 0; - } - if(!EC_POINT_mul(group, pub_key, EC_KEY_get0_private_key(ec), - NULL, NULL, NULL)) { - EC_POINT_free(pub_key); - return 0; - } - if(EC_KEY_set_public_key(ec, pub_key) == 0) { - EC_POINT_free(pub_key); - return 0; - } - EC_POINT_free(pub_key); - return 1; -} - -/** read ECDSA private key */ -static EVP_PKEY* -ldns_key_new_frm_fp_ecdsa_l(FILE* fp, ldns_algorithm alg, int* line_nr) -{ - char token[16384]; - ldns_rdf* b64rdf = NULL; - unsigned char* pp; - BIGNUM* bn; - EVP_PKEY* evp_key; - EC_KEY* ec; - if (ldns_fget_keyword_data_l(fp, "PrivateKey", ": ", token, "\n", - sizeof(token), line_nr) == -1) - return NULL; - if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK) - return NULL; - pp = (unsigned char*)ldns_rdf_data(b64rdf); - - if(alg == LDNS_ECDSAP256SHA256) - ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - else if(alg == LDNS_ECDSAP384SHA384) - ec = EC_KEY_new_by_curve_name(NID_secp384r1); - else ec = NULL; - if(!ec) { - ldns_rdf_deep_free(b64rdf); - return NULL; - } - bn = BN_bin2bn(pp, (int)ldns_rdf_size(b64rdf), NULL); - ldns_rdf_deep_free(b64rdf); - if(!bn) { - EC_KEY_free(ec); - return NULL; - } - EC_KEY_set_private_key(ec, bn); - BN_free(bn); - if(!ldns_EC_KEY_calc_public(ec)) { - EC_KEY_free(ec); - return NULL; - } - - evp_key = EVP_PKEY_new(); - if(!evp_key) { - EC_KEY_free(ec); - return NULL; - } - if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) { - EVP_PKEY_free(evp_key); - EC_KEY_free(ec); - return NULL; - } - return evp_key; -} -#endif - -ldns_status -ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr) -{ - ldns_key *k; - char *d; - ldns_signing_algorithm alg; - ldns_rr *key_rr; -#ifdef HAVE_SSL - RSA *rsa; - DSA *dsa; - unsigned char *hmac; - size_t hmac_size; -#endif /* HAVE_SSL */ - - k = ldns_key_new(); - - d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN); - if (!k || !d) { - ldns_key_free(k); - LDNS_FREE(d); - return LDNS_STATUS_MEM_ERR; - } - - alg = 0; - - /* the file is highly structured. Do this in sequence */ - /* RSA: - * Private-key-format: v1.x. - * Algorithm: 1 (RSA) - - */ - /* get the key format version number */ - if (ldns_fget_keyword_data_l(fp, "Private-key-format", ": ", d, "\n", - LDNS_MAX_LINELEN, line_nr) == -1) { - /* no version information */ - ldns_key_free(k); - LDNS_FREE(d); - return LDNS_STATUS_SYNTAX_ERR; - } - if (strncmp(d, "v1.", 3) != 0) { - ldns_key_free(k); - LDNS_FREE(d); - return LDNS_STATUS_SYNTAX_VERSION_ERR; - } - - /* get the algorithm type, our file function strip ( ) so there are - * not in the return string! */ - if (ldns_fget_keyword_data_l(fp, "Algorithm", ": ", d, "\n", - LDNS_MAX_LINELEN, line_nr) == -1) { - /* no alg information */ - ldns_key_free(k); - LDNS_FREE(d); - return LDNS_STATUS_SYNTAX_ALG_ERR; - } - - if (strncmp(d, "1 RSA", 2) == 0) { - alg = LDNS_SIGN_RSAMD5; - } - if (strncmp(d, "2 DH", 2) == 0) { - alg = (ldns_signing_algorithm)LDNS_DH; - } - if (strncmp(d, "3 DSA", 2) == 0) { - alg = LDNS_SIGN_DSA; - } - if (strncmp(d, "4 ECC", 2) == 0) { - alg = (ldns_signing_algorithm)LDNS_ECC; - } - if (strncmp(d, "5 RSASHA1", 2) == 0) { - alg = LDNS_SIGN_RSASHA1; - } - if (strncmp(d, "6 DSA", 2) == 0) { - alg = LDNS_SIGN_DSA_NSEC3; - } - if (strncmp(d, "7 RSASHA1", 2) == 0) { - alg = LDNS_SIGN_RSASHA1_NSEC3; - } - - if (strncmp(d, "8 RSASHA256", 2) == 0) { -#ifdef USE_SHA2 - alg = LDNS_SIGN_RSASHA256; -#else -# ifdef STDERR_MSGS - fprintf(stderr, "Warning: SHA256 not compiled into this "); - fprintf(stderr, "version of ldns\n"); -# endif -#endif - } - if (strncmp(d, "10 RSASHA512", 3) == 0) { -#ifdef USE_SHA2 - alg = LDNS_SIGN_RSASHA512; -#else -# ifdef STDERR_MSGS - fprintf(stderr, "Warning: SHA512 not compiled into this "); - fprintf(stderr, "version of ldns\n"); -# endif -#endif - } - if (strncmp(d, "12 ECC-GOST", 3) == 0) { -#ifdef USE_GOST - alg = LDNS_SIGN_ECC_GOST; -#else -# ifdef STDERR_MSGS - fprintf(stderr, "Warning: ECC-GOST not compiled into this "); - fprintf(stderr, "version of ldns, use --enable-gost\n"); -# endif -#endif - } - if (strncmp(d, "13 ECDSAP256SHA256", 3) == 0) { -#ifdef USE_ECDSA - alg = LDNS_SIGN_ECDSAP256SHA256; -#else -# ifdef STDERR_MSGS - fprintf(stderr, "Warning: ECDSA not compiled into this "); - fprintf(stderr, "version of ldns, use --enable-ecdsa\n"); -# endif -#endif - } - if (strncmp(d, "14 ECDSAP384SHA384", 3) == 0) { -#ifdef USE_ECDSA - alg = LDNS_SIGN_ECDSAP384SHA384; -#else -# ifdef STDERR_MSGS - fprintf(stderr, "Warning: ECDSA not compiled into this "); - fprintf(stderr, "version of ldns, use --enable-ecdsa\n"); -# endif -#endif - } - if (strncmp(d, "157 HMAC-MD5", 4) == 0) { - alg = LDNS_SIGN_HMACMD5; - } - if (strncmp(d, "158 HMAC-SHA1", 4) == 0) { - alg = LDNS_SIGN_HMACSHA1; - } - if (strncmp(d, "159 HMAC-SHA256", 4) == 0) { - alg = LDNS_SIGN_HMACSHA256; - } - - LDNS_FREE(d); - - switch(alg) { - case LDNS_SIGN_RSAMD5: - case LDNS_SIGN_RSASHA1: - case LDNS_SIGN_RSASHA1_NSEC3: -#ifdef USE_SHA2 - case LDNS_SIGN_RSASHA256: - case LDNS_SIGN_RSASHA512: -#endif - ldns_key_set_algorithm(k, alg); -#ifdef HAVE_SSL - rsa = ldns_key_new_frm_fp_rsa_l(fp, line_nr); - if (!rsa) { - ldns_key_free(k); - return LDNS_STATUS_ERR; - } - ldns_key_assign_rsa_key(k, rsa); -#endif /* HAVE_SSL */ - break; - case LDNS_SIGN_DSA: - case LDNS_SIGN_DSA_NSEC3: - ldns_key_set_algorithm(k, alg); -#ifdef HAVE_SSL - dsa = ldns_key_new_frm_fp_dsa_l(fp, line_nr); - if (!dsa) { - ldns_key_free(k); - return LDNS_STATUS_ERR; - } - ldns_key_assign_dsa_key(k, dsa); -#endif /* HAVE_SSL */ - break; - case LDNS_SIGN_HMACMD5: - case LDNS_SIGN_HMACSHA1: - case LDNS_SIGN_HMACSHA256: - ldns_key_set_algorithm(k, alg); -#ifdef HAVE_SSL - hmac = ldns_key_new_frm_fp_hmac_l(fp, line_nr, &hmac_size); - if (!hmac) { - ldns_key_free(k); - return LDNS_STATUS_ERR; - } - ldns_key_set_hmac_size(k, hmac_size); - ldns_key_set_hmac_key(k, hmac); -#endif /* HAVE_SSL */ - break; - case LDNS_SIGN_ECC_GOST: - ldns_key_set_algorithm(k, alg); -#if defined(HAVE_SSL) && defined(USE_GOST) - if(!ldns_key_EVP_load_gost_id()) { - ldns_key_free(k); - return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL; - } - ldns_key_set_evp_key(k, - ldns_key_new_frm_fp_gost_l(fp, line_nr)); -#ifndef S_SPLINT_S - if(!k->_key.key) { - ldns_key_free(k); - return LDNS_STATUS_ERR; - } -#endif /* splint */ -#endif - break; -#ifdef USE_ECDSA - case LDNS_SIGN_ECDSAP256SHA256: - case LDNS_SIGN_ECDSAP384SHA384: - ldns_key_set_algorithm(k, alg); - ldns_key_set_evp_key(k, - ldns_key_new_frm_fp_ecdsa_l(fp, (ldns_algorithm)alg, line_nr)); -#ifndef S_SPLINT_S - if(!k->_key.key) { - ldns_key_free(k); - return LDNS_STATUS_ERR; - } -#endif /* splint */ - break; -#endif - default: - ldns_key_free(k); - return LDNS_STATUS_SYNTAX_ALG_ERR; - } - key_rr = ldns_key2rr(k); - ldns_key_set_keytag(k, ldns_calc_keytag(key_rr)); - ldns_rr_free(key_rr); - - if (key) { - *key = k; - return LDNS_STATUS_OK; - } - ldns_key_free(k); - return LDNS_STATUS_ERR; -} - -#ifdef HAVE_SSL -RSA * -ldns_key_new_frm_fp_rsa(FILE *f) -{ - return ldns_key_new_frm_fp_rsa_l(f, NULL); -} - -RSA * -ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr) -{ - /* we parse - * Modulus: - * PublicExponent: - * PrivateExponent: - * Prime1: - * Prime2: - * Exponent1: - * Exponent2: - * Coefficient: - * - * man 3 RSA: - * - * struct - * { - * BIGNUM *n; // public modulus - * BIGNUM *e; // public exponent - * BIGNUM *d; // private exponent - * BIGNUM *p; // secret prime factor - * BIGNUM *q; // secret prime factor - * BIGNUM *dmp1; // d mod (p-1) - * BIGNUM *dmq1; // d mod (q-1) - * BIGNUM *iqmp; // q^-1 mod p - * // ... - * - */ - char *d; - RSA *rsa; - uint8_t *buf; - int i; - - d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN); - buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN); - rsa = RSA_new(); - if (!d || !rsa || !buf) { - goto error; - } - - /* I could use functions again, but that seems an overkill, - * allthough this also looks tedious - */ - - /* Modules, rsa->n */ - if (ldns_fget_keyword_data_l(f, "Modulus", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { - goto error; - } - i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); -#ifndef S_SPLINT_S - rsa->n = BN_bin2bn((const char unsigned*)buf, i, NULL); - if (!rsa->n) { - goto error; - } - - /* PublicExponent, rsa->e */ - if (ldns_fget_keyword_data_l(f, "PublicExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { - goto error; - } - i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); - rsa->e = BN_bin2bn((const char unsigned*)buf, i, NULL); - if (!rsa->e) { - goto error; - } - - /* PrivateExponent, rsa->d */ - if (ldns_fget_keyword_data_l(f, "PrivateExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { - goto error; - } - i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); - rsa->d = BN_bin2bn((const char unsigned*)buf, i, NULL); - if (!rsa->d) { - goto error; - } - - /* Prime1, rsa->p */ - if (ldns_fget_keyword_data_l(f, "Prime1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { - goto error; - } - i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); - rsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL); - if (!rsa->p) { - goto error; - } - - /* Prime2, rsa->q */ - if (ldns_fget_keyword_data_l(f, "Prime2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { - goto error; - } - i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); - rsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL); - if (!rsa->q) { - goto error; - } - - /* Exponent1, rsa->dmp1 */ - if (ldns_fget_keyword_data_l(f, "Exponent1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { - goto error; - } - i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); - rsa->dmp1 = BN_bin2bn((const char unsigned*)buf, i, NULL); - if (!rsa->dmp1) { - goto error; - } - - /* Exponent2, rsa->dmq1 */ - if (ldns_fget_keyword_data_l(f, "Exponent2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { - goto error; - } - i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); - rsa->dmq1 = BN_bin2bn((const char unsigned*)buf, i, NULL); - if (!rsa->dmq1) { - goto error; - } - - /* Coefficient, rsa->iqmp */ - if (ldns_fget_keyword_data_l(f, "Coefficient", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { - goto error; - } - i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); - rsa->iqmp = BN_bin2bn((const char unsigned*)buf, i, NULL); - if (!rsa->iqmp) { - goto error; - } -#endif /* splint */ - - LDNS_FREE(buf); - LDNS_FREE(d); - return rsa; - -error: - RSA_free(rsa); - LDNS_FREE(d); - LDNS_FREE(buf); - return NULL; -} - -DSA * -ldns_key_new_frm_fp_dsa(FILE *f) -{ - return ldns_key_new_frm_fp_dsa_l(f, NULL); -} - -DSA * -ldns_key_new_frm_fp_dsa_l(FILE *f, ATTR_UNUSED(int *line_nr)) -{ - int i; - char *d; - DSA *dsa; - uint8_t *buf; - - d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN); - buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN); - dsa = DSA_new(); - if (!d || !dsa || !buf) { - goto error; - } - - /* the line parser removes the () from the input... */ - - /* Prime, dsa->p */ - if (ldns_fget_keyword_data_l(f, "Primep", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { - goto error; - } - i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); -#ifndef S_SPLINT_S - dsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL); - if (!dsa->p) { - goto error; - } - - /* Subprime, dsa->q */ - if (ldns_fget_keyword_data_l(f, "Subprimeq", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { - goto error; - } - i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); - dsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL); - if (!dsa->q) { - goto error; - } - - /* Base, dsa->g */ - if (ldns_fget_keyword_data_l(f, "Baseg", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { - goto error; - } - i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); - dsa->g = BN_bin2bn((const char unsigned*)buf, i, NULL); - if (!dsa->g) { - goto error; - } - - /* Private key, dsa->priv_key */ - if (ldns_fget_keyword_data_l(f, "Private_valuex", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { - goto error; - } - i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); - dsa->priv_key = BN_bin2bn((const char unsigned*)buf, i, NULL); - if (!dsa->priv_key) { - goto error; - } - - /* Public key, dsa->priv_key */ - if (ldns_fget_keyword_data_l(f, "Public_valuey", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { - goto error; - } - i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); - dsa->pub_key = BN_bin2bn((const char unsigned*)buf, i, NULL); - if (!dsa->pub_key) { - goto error; - } -#endif /* splint */ - - LDNS_FREE(buf); - LDNS_FREE(d); - - return dsa; - -error: - LDNS_FREE(d); - LDNS_FREE(buf); - DSA_free(dsa); - return NULL; -} - -unsigned char * -ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size) -{ - return ldns_key_new_frm_fp_hmac_l(f, NULL, hmac_size); -} - -unsigned char * -ldns_key_new_frm_fp_hmac_l( FILE *f - , ATTR_UNUSED(int *line_nr) - , size_t *hmac_size - ) -{ - size_t i, bufsz; - char d[LDNS_MAX_LINELEN]; - unsigned char *buf = NULL; - - if (ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { - goto error; - } - bufsz = ldns_b64_ntop_calculate_size(strlen(d)); - buf = LDNS_XMALLOC(unsigned char, bufsz); - i = (size_t) ldns_b64_pton((const char*)d, buf, bufsz); - - *hmac_size = i; - return buf; - - error: - LDNS_FREE(buf); - *hmac_size = 0; - return NULL; -} -#endif /* HAVE_SSL */ - -#ifdef USE_GOST -static EVP_PKEY* -ldns_gen_gost_key(void) -{ - EVP_PKEY_CTX* ctx; - EVP_PKEY* p = NULL; - int gost_id = ldns_key_EVP_load_gost_id(); - if(!gost_id) - return NULL; - ctx = EVP_PKEY_CTX_new_id(gost_id, NULL); - if(!ctx) { - /* the id should be available now */ - return NULL; - } - if(EVP_PKEY_CTX_ctrl_str(ctx, "paramset", "A") <= 0) { - /* cannot set paramset */ - EVP_PKEY_CTX_free(ctx); - return NULL; - } - - if(EVP_PKEY_keygen_init(ctx) <= 0) { - EVP_PKEY_CTX_free(ctx); - return NULL; - } - if(EVP_PKEY_keygen(ctx, &p) <= 0) { - EVP_PKEY_free(p); - EVP_PKEY_CTX_free(ctx); - return NULL; - } - EVP_PKEY_CTX_free(ctx); - return p; -} -#endif - -ldns_key * -ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size) -{ - ldns_key *k; -#ifdef HAVE_SSL - DSA *d; - RSA *r; -# ifdef USE_ECDSA - EC_KEY *ec = NULL; -# endif -#else - int i; - uint16_t offset = 0; -#endif - unsigned char *hmac; - - k = ldns_key_new(); - if (!k) { - return NULL; - } - switch(alg) { - case LDNS_SIGN_RSAMD5: - case LDNS_SIGN_RSASHA1: - case LDNS_SIGN_RSASHA1_NSEC3: - case LDNS_SIGN_RSASHA256: - case LDNS_SIGN_RSASHA512: -#ifdef HAVE_SSL - r = RSA_generate_key((int)size, RSA_F4, NULL, NULL); - if(!r) { - ldns_key_free(k); - return NULL; - } - if (RSA_check_key(r) != 1) { - ldns_key_free(k); - return NULL; - } - ldns_key_set_rsa_key(k, r); - RSA_free(r); -#endif /* HAVE_SSL */ - break; - case LDNS_SIGN_DSA: - case LDNS_SIGN_DSA_NSEC3: -#ifdef HAVE_SSL - d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL); - if (!d) { - ldns_key_free(k); - return NULL; - } - if (DSA_generate_key(d) != 1) { - ldns_key_free(k); - return NULL; - } - ldns_key_set_dsa_key(k, d); - DSA_free(d); -#endif /* HAVE_SSL */ - break; - case LDNS_SIGN_HMACMD5: - case LDNS_SIGN_HMACSHA1: - case LDNS_SIGN_HMACSHA256: -#ifdef HAVE_SSL -#ifndef S_SPLINT_S - k->_key.key = NULL; -#endif /* splint */ -#endif /* HAVE_SSL */ - size = size / 8; - ldns_key_set_hmac_size(k, size); - - hmac = LDNS_XMALLOC(unsigned char, size); - if(!hmac) { - ldns_key_free(k); - return NULL; - } -#ifdef HAVE_SSL - if (RAND_bytes(hmac, (int) size) != 1) { - LDNS_FREE(hmac); - ldns_key_free(k); - return NULL; - } -#else - while (offset + sizeof(i) < size) { - i = random(); - memcpy(&hmac[offset], &i, sizeof(i)); - offset += sizeof(i); - } - if (offset < size) { - i = random(); - memcpy(&hmac[offset], &i, size - offset); - } -#endif /* HAVE_SSL */ - ldns_key_set_hmac_key(k, hmac); - - ldns_key_set_flags(k, 0); - break; - case LDNS_SIGN_ECC_GOST: -#if defined(HAVE_SSL) && defined(USE_GOST) - ldns_key_set_evp_key(k, ldns_gen_gost_key()); -#ifndef S_SPLINT_S - if(!k->_key.key) { - ldns_key_free(k); - return NULL; - } -#endif /* splint */ -#else - ldns_key_free(k); - return NULL; -#endif /* HAVE_SSL and USE_GOST */ - break; - case LDNS_SIGN_ECDSAP256SHA256: - case LDNS_SIGN_ECDSAP384SHA384: -#ifdef USE_ECDSA - if(alg == LDNS_SIGN_ECDSAP256SHA256) - ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); - else if(alg == LDNS_SIGN_ECDSAP384SHA384) - ec = EC_KEY_new_by_curve_name(NID_secp384r1); - if(!ec) { - ldns_key_free(k); - return NULL; - } - if(!EC_KEY_generate_key(ec)) { - ldns_key_free(k); - EC_KEY_free(ec); - return NULL; - } -#ifndef S_SPLINT_S - k->_key.key = EVP_PKEY_new(); - if(!k->_key.key) { - ldns_key_free(k); - EC_KEY_free(ec); - return NULL; - } - if (!EVP_PKEY_assign_EC_KEY(k->_key.key, ec)) { - ldns_key_free(k); - EC_KEY_free(ec); - return NULL; - } -#endif /* splint */ -#else - ldns_key_free(k); - return NULL; -#endif /* ECDSA */ - break; - } - ldns_key_set_algorithm(k, alg); - return k; -} - -void -ldns_key_print(FILE *output, const ldns_key *k) -{ - char *str = ldns_key2str(k); - if (str) { - fprintf(output, "%s", str); - } else { - fprintf(output, "Unable to convert private key to string\n"); - } - LDNS_FREE(str); -} - - -void -ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l) -{ - k->_alg = l; -} - -void -ldns_key_set_flags(ldns_key *k, uint16_t f) -{ - k->_extra.dnssec.flags = f; -} - -#ifdef HAVE_SSL -#ifndef S_SPLINT_S -void -ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e) -{ - k->_key.key = e; -} - -void -ldns_key_set_rsa_key(ldns_key *k, RSA *r) -{ - EVP_PKEY *key = EVP_PKEY_new(); - EVP_PKEY_set1_RSA(key, r); - k->_key.key = key; -} - -void -ldns_key_set_dsa_key(ldns_key *k, DSA *d) -{ - EVP_PKEY *key = EVP_PKEY_new(); - EVP_PKEY_set1_DSA(key, d); - k->_key.key = key; -} - -void -ldns_key_assign_rsa_key(ldns_key *k, RSA *r) -{ - EVP_PKEY *key = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(key, r); - k->_key.key = key; -} - -void -ldns_key_assign_dsa_key(ldns_key *k, DSA *d) -{ - EVP_PKEY *key = EVP_PKEY_new(); - EVP_PKEY_assign_DSA(key, d); - k->_key.key = key; -} -#endif /* splint */ -#endif /* HAVE_SSL */ - -void -ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac) -{ - k->_key.hmac.key = hmac; -} - -void -ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size) -{ - k->_key.hmac.size = hmac_size; -} - -void -ldns_key_set_external_key(ldns_key *k, void *external_key) -{ - k->_key.external_key = external_key; -} - -void -ldns_key_set_origttl(ldns_key *k, uint32_t t) -{ - k->_extra.dnssec.orig_ttl = t; -} - -void -ldns_key_set_inception(ldns_key *k, uint32_t i) -{ - k->_extra.dnssec.inception = i; -} - -void -ldns_key_set_expiration(ldns_key *k, uint32_t e) -{ - k->_extra.dnssec.expiration = e; -} - -void -ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r) -{ - k->_pubkey_owner = r; -} - -void -ldns_key_set_keytag(ldns_key *k, uint16_t tag) -{ - k->_extra.dnssec.keytag = tag; -} - -/* read */ -size_t -ldns_key_list_key_count(const ldns_key_list *key_list) -{ - return key_list->_key_count; -} - -ldns_key * -ldns_key_list_key(const ldns_key_list *key, size_t nr) -{ - if (nr < ldns_key_list_key_count(key)) { - return key->_keys[nr]; - } else { - return NULL; - } -} - -ldns_signing_algorithm -ldns_key_algorithm(const ldns_key *k) -{ - return k->_alg; -} - -void -ldns_key_set_use(ldns_key *k, bool v) -{ - if (k) { - k->_use = v; - } -} - -bool -ldns_key_use(const ldns_key *k) -{ - if (k) { - return k->_use; - } - return false; -} - -#ifdef HAVE_SSL -#ifndef S_SPLINT_S -EVP_PKEY * -ldns_key_evp_key(const ldns_key *k) -{ - return k->_key.key; -} - -RSA * -ldns_key_rsa_key(const ldns_key *k) -{ - if (k->_key.key) { - return EVP_PKEY_get1_RSA(k->_key.key); - } else { - return NULL; - } -} - -DSA * -ldns_key_dsa_key(const ldns_key *k) -{ - if (k->_key.key) { - return EVP_PKEY_get1_DSA(k->_key.key); - } else { - return NULL; - } -} -#endif /* splint */ -#endif /* HAVE_SSL */ - -unsigned char * -ldns_key_hmac_key(const ldns_key *k) -{ - if (k->_key.hmac.key) { - return k->_key.hmac.key; - } else { - return NULL; - } -} - -size_t -ldns_key_hmac_size(const ldns_key *k) -{ - if (k->_key.hmac.size) { - return k->_key.hmac.size; - } else { - return 0; - } -} - -void * -ldns_key_external_key(const ldns_key *k) -{ - return k->_key.external_key; -} - -uint32_t -ldns_key_origttl(const ldns_key *k) -{ - return k->_extra.dnssec.orig_ttl; -} - -uint16_t -ldns_key_flags(const ldns_key *k) -{ - return k->_extra.dnssec.flags; -} - -uint32_t -ldns_key_inception(const ldns_key *k) -{ - return k->_extra.dnssec.inception; -} - -uint32_t -ldns_key_expiration(const ldns_key *k) -{ - return k->_extra.dnssec.expiration; -} - -uint16_t -ldns_key_keytag(const ldns_key *k) -{ - return k->_extra.dnssec.keytag; -} - -ldns_rdf * -ldns_key_pubkey_owner(const ldns_key *k) -{ - return k->_pubkey_owner; -} - -/* write */ -void -ldns_key_list_set_use(ldns_key_list *keys, bool v) -{ - size_t i; - - for (i = 0; i < ldns_key_list_key_count(keys); i++) { - ldns_key_set_use(ldns_key_list_key(keys, i), v); - } -} - -void -ldns_key_list_set_key_count(ldns_key_list *key, size_t count) -{ - key->_key_count = count; -} - -bool -ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key) -{ - size_t key_count; - ldns_key **keys; - - key_count = ldns_key_list_key_count(key_list); - - /* grow the array */ - keys = LDNS_XREALLOC( - key_list->_keys, ldns_key *, key_count + 1); - if (!keys) { - return false; - } - - /* add the new member */ - key_list->_keys = keys; - key_list->_keys[key_count] = key; - - ldns_key_list_set_key_count(key_list, key_count + 1); - return true; -} - -ldns_key * -ldns_key_list_pop_key(ldns_key_list *key_list) -{ - size_t key_count; - ldns_key** a; - ldns_key *pop; - - if (!key_list) { - return NULL; - } - - key_count = ldns_key_list_key_count(key_list); - if (key_count == 0) { - return NULL; - } - - pop = ldns_key_list_key(key_list, key_count); - - /* shrink the array */ - a = LDNS_XREALLOC(key_list->_keys, ldns_key *, key_count - 1); - if(a) { - key_list->_keys = a; - } - - ldns_key_list_set_key_count(key_list, key_count - 1); - - return pop; -} - -#ifdef HAVE_SSL -#ifndef S_SPLINT_S -/* data pointer must be large enough (LDNS_MAX_KEYLEN) */ -static bool -ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size) -{ - int i,j; - - if (!k) { - return false; - } - - if (BN_num_bytes(k->e) <= 256) { - /* normally only this path is executed (small factors are - * more common - */ - data[0] = (unsigned char) BN_num_bytes(k->e); - i = BN_bn2bin(k->e, data + 1); - j = BN_bn2bin(k->n, data + i + 1); - *size = (uint16_t) i + j; - } else if (BN_num_bytes(k->e) <= 65536) { - data[0] = 0; - /* BN_bn2bin does bigendian, _uint16 also */ - ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(k->e)); - - BN_bn2bin(k->e, data + 3); - BN_bn2bin(k->n, data + 4 + BN_num_bytes(k->e)); - *size = (uint16_t) BN_num_bytes(k->n) + 6; - } else { - return false; - } - return true; -} - -/* data pointer must be large enough (LDNS_MAX_KEYLEN) */ -static bool -ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size) -{ - uint8_t T; - - if (!k) { - return false; - } - - /* See RFC2536 */ - *size = (uint16_t)BN_num_bytes(k->p); - T = (*size - 64) / 8; - - if (T > 8) { -#ifdef STDERR_MSGS - fprintf(stderr, "DSA key with T > 8 (ie. > 1024 bits)"); - fprintf(stderr, " not implemented\n"); -#endif - return false; - } - - /* size = 64 + (T * 8); */ - memset(data, 0, 21 + *size * 3); - data[0] = (unsigned char)T; - BN_bn2bin(k->q, data + 1 ); /* 20 octects */ - BN_bn2bin(k->p, data + 21 ); /* offset octects */ - BN_bn2bin(k->g, data + 21 + *size * 2 - BN_num_bytes(k->g)); - BN_bn2bin(k->pub_key,data + 21 + *size * 3 - BN_num_bytes(k->pub_key)); - *size = 21 + *size * 3; - return true; -} - -#ifdef USE_GOST -static bool -ldns_key_gost2bin(unsigned char* data, EVP_PKEY* k, uint16_t* size) -{ - int i; - unsigned char* pp = NULL; - if(i2d_PUBKEY(k, &pp) != 37 + 64) { - /* expect 37 byte(ASN header) and 64 byte(X and Y) */ - CRYPTO_free(pp); - return false; - } - /* omit ASN header */ - for(i=0; i<64; i++) - data[i] = pp[i+37]; - CRYPTO_free(pp); - *size = 64; - return true; -} -#endif /* USE_GOST */ -#endif /* splint */ -#endif /* HAVE_SSL */ - -ldns_rr * -ldns_key2rr(const ldns_key *k) -{ - /* this function will convert a the keydata contained in - * rsa/dsa pointers to a DNSKEY rr. It will fill in as - * much as it can, but it does not know about key-flags - * for instance - */ - ldns_rr *pubkey; - ldns_rdf *keybin; - unsigned char *bin = NULL; - uint16_t size = 0; -#ifdef HAVE_SSL - RSA *rsa = NULL; - DSA *dsa = NULL; -#endif /* HAVE_SSL */ -#ifdef USE_ECDSA - EC_KEY* ec; -#endif - int internal_data = 0; - - if (!k) { - return NULL; - } - pubkey = ldns_rr_new(); - - switch (ldns_key_algorithm(k)) { - case LDNS_SIGN_HMACMD5: - case LDNS_SIGN_HMACSHA1: - case LDNS_SIGN_HMACSHA256: - ldns_rr_set_type(pubkey, LDNS_RR_TYPE_KEY); - break; - default: - ldns_rr_set_type(pubkey, LDNS_RR_TYPE_DNSKEY); - break; - } - /* zero-th rdf - flags */ - ldns_rr_push_rdf(pubkey, - ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, - ldns_key_flags(k))); - /* first - proto */ - ldns_rr_push_rdf(pubkey, - ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, LDNS_DNSSEC_KEYPROTO)); - - if (ldns_key_pubkey_owner(k)) { - ldns_rr_set_owner(pubkey, ldns_rdf_clone(ldns_key_pubkey_owner(k))); - } - - /* third - da algorithm */ - switch(ldns_key_algorithm(k)) { - case LDNS_SIGN_RSAMD5: - case LDNS_SIGN_RSASHA1: - case LDNS_SIGN_RSASHA1_NSEC3: - case LDNS_SIGN_RSASHA256: - case LDNS_SIGN_RSASHA512: - ldns_rr_push_rdf(pubkey, - ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k))); -#ifdef HAVE_SSL - rsa = ldns_key_rsa_key(k); - if (rsa) { - bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); - if (!bin) { - ldns_rr_free(pubkey); - return NULL; - } - if (!ldns_key_rsa2bin(bin, rsa, &size)) { - LDNS_FREE(bin); - ldns_rr_free(pubkey); - return NULL; - } - RSA_free(rsa); - internal_data = 1; - } -#endif - size++; - break; - case LDNS_SIGN_DSA: - ldns_rr_push_rdf(pubkey, - ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA)); -#ifdef HAVE_SSL - dsa = ldns_key_dsa_key(k); - if (dsa) { - bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); - if (!bin) { - ldns_rr_free(pubkey); - return NULL; - } - if (!ldns_key_dsa2bin(bin, dsa, &size)) { - LDNS_FREE(bin); - ldns_rr_free(pubkey); - return NULL; - } - DSA_free(dsa); - internal_data = 1; - } -#endif /* HAVE_SSL */ - break; - case LDNS_SIGN_DSA_NSEC3: - ldns_rr_push_rdf(pubkey, - ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3)); -#ifdef HAVE_SSL - dsa = ldns_key_dsa_key(k); - if (dsa) { - bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); - if (!bin) { - ldns_rr_free(pubkey); - return NULL; - } - if (!ldns_key_dsa2bin(bin, dsa, &size)) { - LDNS_FREE(bin); - ldns_rr_free(pubkey); - return NULL; - } - DSA_free(dsa); - internal_data = 1; - } -#endif /* HAVE_SSL */ - break; - case LDNS_SIGN_ECC_GOST: - ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8( - LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k))); -#if defined(HAVE_SSL) && defined(USE_GOST) - bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); - if (!bin) { - ldns_rr_free(pubkey); - return NULL; - } -#ifndef S_SPLINT_S - if (!ldns_key_gost2bin(bin, k->_key.key, &size)) { - LDNS_FREE(bin); - ldns_rr_free(pubkey); - return NULL; - } -#endif /* splint */ - internal_data = 1; -#else - ldns_rr_free(pubkey); - return NULL; -#endif /* HAVE_SSL and USE_GOST */ - break; - case LDNS_SIGN_ECDSAP256SHA256: - case LDNS_SIGN_ECDSAP384SHA384: -#ifdef USE_ECDSA - ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8( - LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k))); - bin = NULL; -#ifndef S_SPLINT_S - ec = EVP_PKEY_get1_EC_KEY(k->_key.key); -#endif - EC_KEY_set_conv_form(ec, POINT_CONVERSION_UNCOMPRESSED); - size = (uint16_t)i2o_ECPublicKey(ec, NULL); - if(!i2o_ECPublicKey(ec, &bin)) { - EC_KEY_free(ec); - ldns_rr_free(pubkey); - return NULL; - } - if(size > 1) { - /* move back one byte to shave off the 0x02 - * 'uncompressed' indicator that openssl made - * Actually its 0x04 (from implementation). - */ - assert(bin[0] == POINT_CONVERSION_UNCOMPRESSED); - size -= 1; - memmove(bin, bin+1, size); - } - /* down the reference count for ec, its still assigned - * to the pkey */ - EC_KEY_free(ec); - internal_data = 1; -#else - ldns_rr_free(pubkey); - return NULL; -#endif /* ECDSA */ - break; - case LDNS_SIGN_HMACMD5: - case LDNS_SIGN_HMACSHA1: - case LDNS_SIGN_HMACSHA256: - bin = LDNS_XMALLOC(unsigned char, ldns_key_hmac_size(k)); - if (!bin) { - ldns_rr_free(pubkey); - return NULL; - } - ldns_rr_push_rdf(pubkey, - ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, - ldns_key_algorithm(k))); - size = ldns_key_hmac_size(k); - memcpy(bin, ldns_key_hmac_key(k), size); - internal_data = 1; - break; - } - /* fourth the key bin material */ - if (internal_data) { - keybin = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, size, bin); - LDNS_FREE(bin); - ldns_rr_push_rdf(pubkey, keybin); - } - return pubkey; -} - -void -ldns_key_free(ldns_key *key) -{ - LDNS_FREE(key); -} - -void -ldns_key_deep_free(ldns_key *key) -{ - unsigned char* hmac; - if (ldns_key_pubkey_owner(key)) { - ldns_rdf_deep_free(ldns_key_pubkey_owner(key)); - } -#ifdef HAVE_SSL - if (ldns_key_evp_key(key)) { - EVP_PKEY_free(ldns_key_evp_key(key)); - } -#endif /* HAVE_SSL */ - if (ldns_key_hmac_key(key)) { - hmac = ldns_key_hmac_key(key); - LDNS_FREE(hmac); - } - LDNS_FREE(key); -} - -void -ldns_key_list_free(ldns_key_list *key_list) -{ - size_t i; - for (i = 0; i < ldns_key_list_key_count(key_list); i++) { - ldns_key_deep_free(ldns_key_list_key(key_list, i)); - } - LDNS_FREE(key_list->_keys); - LDNS_FREE(key_list); -} - -ldns_rr * -ldns_read_anchor_file(const char *filename) -{ - FILE *fp; - /*char line[LDNS_MAX_PACKETLEN];*/ - char *line = LDNS_XMALLOC(char, LDNS_MAX_PACKETLEN); - int c; - size_t i = 0; - ldns_rr *r; - ldns_status status; - if(!line) { - return NULL; - } - - fp = fopen(filename, "r"); - if (!fp) { -#ifdef STDERR_MSGS - fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno)); -#endif - LDNS_FREE(line); - return NULL; - } - - while ((c = fgetc(fp)) && i+1 < LDNS_MAX_PACKETLEN && c != EOF) { - line[i] = c; - i++; - } - line[i] = '\0'; - - fclose(fp); - - if (i <= 0) { -#ifdef STDERR_MSGS - fprintf(stderr, "nothing read from %s", filename); -#endif - LDNS_FREE(line); - return NULL; - } else { - status = ldns_rr_new_frm_str(&r, line, 0, NULL, NULL); - if (status == LDNS_STATUS_OK && (ldns_rr_get_type(r) == LDNS_RR_TYPE_DNSKEY || ldns_rr_get_type(r) == LDNS_RR_TYPE_DS)) { - LDNS_FREE(line); - return r; - } else { -#ifdef STDERR_MSGS - fprintf(stderr, "Error creating DNSKEY or DS rr from %s: %s\n", filename, ldns_get_errorstr_by_id(status)); -#endif - LDNS_FREE(line); - return NULL; - } - } -} - -char * -ldns_key_get_file_base_name(ldns_key *key) -{ - ldns_buffer *buffer; - char *file_base_name; - - buffer = ldns_buffer_new(255); - ldns_buffer_printf(buffer, "K"); - (void)ldns_rdf2buffer_str_dname(buffer, ldns_key_pubkey_owner(key)); - ldns_buffer_printf(buffer, - "+%03u+%05u", - ldns_key_algorithm(key), - ldns_key_keytag(key)); - file_base_name = ldns_buffer_export(buffer); - ldns_buffer_free(buffer); - return file_base_name; -} - -int ldns_key_algo_supported(int algo) -{ - ldns_lookup_table *lt = ldns_signing_algorithms; - while(lt->name) { - if(lt->id == algo) - return 1; - lt++; - } - return 0; -} - -ldns_signing_algorithm ldns_get_signing_algorithm_by_name(const char* name) -{ - /* list of (signing algorithm id, alias_name) */ - ldns_lookup_table aliases[] = { - /* from bind dnssec-keygen */ - {LDNS_SIGN_HMACMD5, "HMAC-MD5"}, - {LDNS_SIGN_DSA_NSEC3, "NSEC3DSA"}, - {LDNS_SIGN_RSASHA1_NSEC3, "NSEC3RSASHA1"}, - /* old ldns usage, now RFC names */ - {LDNS_SIGN_DSA_NSEC3, "DSA_NSEC3" }, - {LDNS_SIGN_RSASHA1_NSEC3, "RSASHA1_NSEC3" }, -#ifdef USE_GOST - {LDNS_SIGN_ECC_GOST, "GOST"}, -#endif - /* compat with possible output */ - {LDNS_DH, "DH"}, - {LDNS_ECC, "ECC"}, - {LDNS_INDIRECT, "INDIRECT"}, - {LDNS_PRIVATEDNS, "PRIVATEDNS"}, - {LDNS_PRIVATEOID, "PRIVATEOID"}, - {0, NULL}}; - ldns_lookup_table* lt = ldns_signing_algorithms; - ldns_signing_algorithm a; - char *endptr; - - while(lt->name) { - if(strcasecmp(lt->name, name) == 0) - return lt->id; - lt++; - } - lt = aliases; - while(lt->name) { - if(strcasecmp(lt->name, name) == 0) - return lt->id; - lt++; - } - a = strtol(name, &endptr, 10); - if (*name && !*endptr) - return a; - - return 0; -} diff --git a/src/ldns/net.c b/src/ldns/net.c deleted file mode 100644 index b8a5385..0000000 --- a/src/ldns/net.c +++ /dev/null @@ -1,1002 +0,0 @@ -/* - * net.c - * - * Network implementation - * All network related functions are grouped here - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ - -#include - -#include - -#ifdef HAVE_NETINET_IN_H -#include -#endif -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_NETDB_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif -#include -#include -#include - -ldns_status -ldns_send(ldns_pkt **result_packet, ldns_resolver *r, const ldns_pkt *query_pkt) -{ - ldns_buffer *qb; - ldns_status result; - ldns_rdf *tsig_mac = NULL; - - qb = ldns_buffer_new(LDNS_MIN_BUFLEN); - - if (query_pkt && ldns_pkt_tsig(query_pkt)) { - tsig_mac = ldns_rr_rdf(ldns_pkt_tsig(query_pkt), 3); - } - - if (!query_pkt || - ldns_pkt2buffer_wire(qb, query_pkt) != LDNS_STATUS_OK) { - result = LDNS_STATUS_ERR; - } else { - result = ldns_send_buffer(result_packet, r, qb, tsig_mac); - } - - ldns_buffer_free(qb); - - return result; -} - -/* code from rdata.c */ -static struct sockaddr_storage * -ldns_rdf2native_sockaddr_storage_port( - const ldns_rdf *rd, uint16_t port, size_t *size) -{ - struct sockaddr_storage *data; - struct sockaddr_in *data_in; - struct sockaddr_in6 *data_in6; - - data = LDNS_MALLOC(struct sockaddr_storage); - if (!data) { - return NULL; - } - /* zero the structure for portability */ - memset(data, 0, sizeof(struct sockaddr_storage)); - - switch(ldns_rdf_get_type(rd)) { - case LDNS_RDF_TYPE_A: -#ifndef S_SPLINT_S - data->ss_family = AF_INET; -#endif - data_in = (struct sockaddr_in*) data; - data_in->sin_port = (in_port_t)htons(port); - memcpy(&(data_in->sin_addr), ldns_rdf_data(rd), ldns_rdf_size(rd)); - *size = sizeof(struct sockaddr_in); - return data; - case LDNS_RDF_TYPE_AAAA: -#ifndef S_SPLINT_S - data->ss_family = AF_INET6; -#endif - data_in6 = (struct sockaddr_in6*) data; - data_in6->sin6_port = (in_port_t)htons(port); - memcpy(&data_in6->sin6_addr, ldns_rdf_data(rd), ldns_rdf_size(rd)); - *size = sizeof(struct sockaddr_in6); - return data; - default: - LDNS_FREE(data); - return NULL; - } -} - -struct sockaddr_storage * -ldns_rdf2native_sockaddr_storage( - const ldns_rdf *rd, uint16_t port, size_t *size) -{ - return ldns_rdf2native_sockaddr_storage_port( - rd, (port == 0 ? (uint16_t)LDNS_PORT : port), size); -} - -/** best effort to set nonblocking */ -static void -ldns_sock_nonblock(int sockfd) -{ -#ifdef HAVE_FCNTL - int flag; - if((flag = fcntl(sockfd, F_GETFL)) != -1) { - flag |= O_NONBLOCK; - if(fcntl(sockfd, F_SETFL, flag) == -1) { - /* ignore error, continue blockingly */ - } - } -#elif defined(HAVE_IOCTLSOCKET) - unsigned long on = 1; - if(ioctlsocket(sockfd, FIONBIO, &on) != 0) { - /* ignore error, continue blockingly */ - } -#endif -} - -/** best effort to set blocking */ -static void -ldns_sock_block(int sockfd) -{ -#ifdef HAVE_FCNTL - int flag; - if((flag = fcntl(sockfd, F_GETFL)) != -1) { - flag &= ~O_NONBLOCK; - if(fcntl(sockfd, F_SETFL, flag) == -1) { - /* ignore error, continue */ - } - } -#elif defined(HAVE_IOCTLSOCKET) - unsigned long off = 0; - if(ioctlsocket(sockfd, FIONBIO, &off) != 0) { - /* ignore error, continue */ - } -#endif -} - -/** wait for a socket to become ready */ -static int -ldns_sock_wait(int sockfd, struct timeval timeout, int write) -{ - int ret; -#ifndef S_SPLINT_S - fd_set fds; - FD_ZERO(&fds); - FD_SET(FD_SET_T sockfd, &fds); - if(write) - ret = select(sockfd+1, NULL, &fds, NULL, &timeout); - else - ret = select(sockfd+1, &fds, NULL, NULL, &timeout); -#endif - if(ret == 0) - /* timeout expired */ - return 0; - else if(ret == -1) - /* error */ - return 0; - return 1; -} - - -static int -ldns_tcp_connect_from(const struct sockaddr_storage *to, socklen_t tolen, - const struct sockaddr_storage *from, socklen_t fromlen, - struct timeval timeout) -{ - int sockfd; - -#ifndef S_SPLINT_S - if ((sockfd = socket((int)((struct sockaddr*)to)->sa_family, SOCK_STREAM, - IPPROTO_TCP)) == -1) { - return 0; - } -#endif - if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == -1){ - return 0; - } - - /* perform nonblocking connect, to be able to wait with select() */ - ldns_sock_nonblock(sockfd); - if (connect(sockfd, (struct sockaddr*)to, tolen) == -1) { -#ifndef USE_WINSOCK -#ifdef EINPROGRESS - if(errno != EINPROGRESS) { -#else - if(1) { -#endif - close(sockfd); - return 0; - } -#else /* USE_WINSOCK */ - if(WSAGetLastError() != WSAEINPROGRESS && - WSAGetLastError() != WSAEWOULDBLOCK) { - closesocket(sockfd); - return 0; - } -#endif - /* error was only telling us that it would block */ - } - - /* wait(write) until connected or error */ - while(1) { - int error = 0; - socklen_t len = (socklen_t)sizeof(error); - - if(!ldns_sock_wait(sockfd, timeout, 1)) { -#ifndef USE_WINSOCK - close(sockfd); -#else - closesocket(sockfd); -#endif - return 0; - } - - /* check if there is a pending error for nonblocking connect */ - if(getsockopt(sockfd, SOL_SOCKET, SO_ERROR, (void*)&error, - &len) < 0) { -#ifndef USE_WINSOCK - error = errno; /* on solaris errno is error */ -#else - error = WSAGetLastError(); -#endif - } -#ifndef USE_WINSOCK -#if defined(EINPROGRESS) && defined(EWOULDBLOCK) - if(error == EINPROGRESS || error == EWOULDBLOCK) - continue; /* try again */ -#endif - else if(error != 0) { - close(sockfd); - /* error in errno for our user */ - errno = error; - return 0; - } -#else /* USE_WINSOCK */ - if(error == WSAEINPROGRESS) - continue; - else if(error == WSAEWOULDBLOCK) - continue; - else if(error != 0) { - closesocket(sockfd); - errno = error; - return 0; - } -#endif /* USE_WINSOCK */ - /* connected */ - break; - } - - /* set the socket blocking again */ - ldns_sock_block(sockfd); - - return sockfd; -} - -int -ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen, - struct timeval timeout) -{ - return ldns_tcp_connect_from(to, tolen, NULL, 0, timeout); -} - -static int -ldns_tcp_bgsend_from(ldns_buffer *qbin, - const struct sockaddr_storage *to, socklen_t tolen, - const struct sockaddr_storage *from, socklen_t fromlen, - struct timeval timeout) -{ - int sockfd; - - sockfd = ldns_tcp_connect_from(to, tolen, from, fromlen, timeout); - - if (sockfd == 0) { - return 0; - } - - if (ldns_tcp_send_query(qbin, sockfd, to, tolen) == 0) { -#ifndef USE_WINSOCK - close(sockfd); -#else - closesocket(sockfd); -#endif - return 0; - } - - return sockfd; -} - -int -ldns_tcp_bgsend(ldns_buffer *qbin, - const struct sockaddr_storage *to, socklen_t tolen, - struct timeval timeout) -{ - return ldns_tcp_bgsend_from(qbin, to, tolen, NULL, 0, timeout); -} - - -/* keep in mind that in DNS tcp messages the first 2 bytes signal the - * amount data to expect - */ -static ldns_status -ldns_tcp_send_from(uint8_t **result, ldns_buffer *qbin, - const struct sockaddr_storage *to, socklen_t tolen, - const struct sockaddr_storage *from, socklen_t fromlen, - struct timeval timeout, size_t *answer_size) -{ - int sockfd; - uint8_t *answer; - - sockfd = ldns_tcp_bgsend_from(qbin, to, tolen, from, fromlen, timeout); - - if (sockfd == 0) { - return LDNS_STATUS_ERR; - } - - answer = ldns_tcp_read_wire_timeout(sockfd, answer_size, timeout); -#ifndef USE_WINSOCK - close(sockfd); -#else - closesocket(sockfd); -#endif - - if (*answer_size == 0) { - /* oops */ - return LDNS_STATUS_NETWORK_ERR; - } - - /* resize accordingly */ - *result = LDNS_XREALLOC(answer, uint8_t, (size_t)*answer_size); - if(!*result) { - LDNS_FREE(answer); - return LDNS_STATUS_MEM_ERR; - } - return LDNS_STATUS_OK; -} - -ldns_status -ldns_tcp_send(uint8_t **result, ldns_buffer *qbin, - const struct sockaddr_storage *to, socklen_t tolen, - struct timeval timeout, size_t *answer_size) -{ - return ldns_tcp_send_from(result, qbin, - to, tolen, NULL, 0, timeout, answer_size); -} - -int -ldns_udp_connect(const struct sockaddr_storage *to, struct timeval ATTR_UNUSED(timeout)) -{ - int sockfd; - -#ifndef S_SPLINT_S - if ((sockfd = socket((int)((struct sockaddr*)to)->sa_family, SOCK_DGRAM, - IPPROTO_UDP)) - == -1) { - return 0; - } -#endif - return sockfd; -} - -static int -ldns_udp_bgsend_from(ldns_buffer *qbin, - const struct sockaddr_storage *to , socklen_t tolen, - const struct sockaddr_storage *from, socklen_t fromlen, - struct timeval timeout) -{ - int sockfd; - - sockfd = ldns_udp_connect(to, timeout); - - if (sockfd == 0) { - return 0; - } - - if (from && bind(sockfd, (const struct sockaddr*)from, fromlen) == -1){ - return 0; - } - - if (ldns_udp_send_query(qbin, sockfd, to, tolen) == 0) { -#ifndef USE_WINSOCK - close(sockfd); -#else - closesocket(sockfd); -#endif - return 0; - } - return sockfd; -} - -int -ldns_udp_bgsend(ldns_buffer *qbin, - const struct sockaddr_storage *to , socklen_t tolen, - struct timeval timeout) -{ - return ldns_udp_bgsend_from(qbin, to, tolen, NULL, 0, timeout); -} - -static ldns_status -ldns_udp_send_from(uint8_t **result, ldns_buffer *qbin, - const struct sockaddr_storage *to , socklen_t tolen, - const struct sockaddr_storage *from, socklen_t fromlen, - struct timeval timeout, size_t *answer_size) -{ - int sockfd; - uint8_t *answer; - - sockfd = ldns_udp_bgsend_from(qbin, to, tolen, from, fromlen, timeout); - - if (sockfd == 0) { - return LDNS_STATUS_SOCKET_ERROR; - } - - /* wait for an response*/ - if(!ldns_sock_wait(sockfd, timeout, 0)) { -#ifndef USE_WINSOCK - close(sockfd); -#else - closesocket(sockfd); -#endif - return LDNS_STATUS_NETWORK_ERR; - } - - /* set to nonblocking, so if the checksum is bad, it becomes - * an EGAIN error and the ldns_udp_send function does not block, - * but returns a 'NETWORK_ERROR' much like a timeout. */ - ldns_sock_nonblock(sockfd); - - answer = ldns_udp_read_wire(sockfd, answer_size, NULL, NULL); -#ifndef USE_WINSOCK - close(sockfd); -#else - closesocket(sockfd); -#endif - - if (*answer_size == 0) { - /* oops */ - return LDNS_STATUS_NETWORK_ERR; - } - - *result = answer; - return LDNS_STATUS_OK; -} - -ldns_status -ldns_udp_send(uint8_t **result, ldns_buffer *qbin, - const struct sockaddr_storage *to , socklen_t tolen, - struct timeval timeout, size_t *answer_size) -{ - return ldns_udp_send_from(result, qbin, to, tolen, NULL, 0, - timeout, answer_size); -} - -ldns_status -ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf *tsig_mac) -{ - uint8_t i; - - struct sockaddr_storage *src = NULL; - size_t src_len; - struct sockaddr_storage *ns; - size_t ns_len; - struct timeval tv_s; - struct timeval tv_e; - - ldns_rdf **ns_array; - size_t *rtt; - ldns_pkt *reply; - bool all_servers_rtt_inf; - uint8_t retries; - - uint8_t *reply_bytes = NULL; - size_t reply_size = 0; - ldns_status status, send_status; - - assert(r != NULL); - - status = LDNS_STATUS_OK; - rtt = ldns_resolver_rtt(r); - ns_array = ldns_resolver_nameservers(r); - reply = NULL; - ns_len = 0; - - all_servers_rtt_inf = true; - - if (ldns_resolver_random(r)) { - ldns_resolver_nameservers_randomize(r); - } - - if(ldns_resolver_source(r)) { - src = ldns_rdf2native_sockaddr_storage_port( - ldns_resolver_source(r), 0, &src_len); - } - - /* loop through all defined nameservers */ - for (i = 0; i < ldns_resolver_nameserver_count(r); i++) { - if (rtt[i] == LDNS_RESOLV_RTT_INF) { - /* not reachable nameserver! */ - continue; - } - - /* maybe verbosity setting? - printf("Sending to "); - ldns_rdf_print(stdout, ns_array[i]); - printf("\n"); - */ - ns = ldns_rdf2native_sockaddr_storage(ns_array[i], - ldns_resolver_port(r), &ns_len); - - -#ifndef S_SPLINT_S - if ((ns->ss_family == AF_INET) && - (ldns_resolver_ip6(r) == LDNS_RESOLV_INET6)) { - /* not reachable */ - LDNS_FREE(ns); - continue; - } - - if ((ns->ss_family == AF_INET6) && - (ldns_resolver_ip6(r) == LDNS_RESOLV_INET)) { - /* not reachable */ - LDNS_FREE(ns); - continue; - } -#endif - - all_servers_rtt_inf = false; - - gettimeofday(&tv_s, NULL); - - send_status = LDNS_STATUS_ERR; - - /* reply_bytes implicitly handles our error */ - if (ldns_resolver_usevc(r)) { - for (retries = ldns_resolver_retry(r); retries > 0; retries--) { - send_status = - ldns_tcp_send_from(&reply_bytes, qb, - ns, (socklen_t)ns_len, - src, (socklen_t)src_len, - ldns_resolver_timeout(r), - &reply_size); - if (send_status == LDNS_STATUS_OK) { - break; - } - } - } else { - for (retries = ldns_resolver_retry(r); retries > 0; retries--) { - /* ldns_rdf_print(stdout, ns_array[i]); */ - send_status = - ldns_udp_send_from(&reply_bytes, qb, - ns, (socklen_t)ns_len, - src, (socklen_t)src_len, - ldns_resolver_timeout(r), - &reply_size); - if (send_status == LDNS_STATUS_OK) { - break; - } - } - } - - if (send_status != LDNS_STATUS_OK) { - ldns_resolver_set_nameserver_rtt(r, i, LDNS_RESOLV_RTT_INF); - status = send_status; - } - - /* obey the fail directive */ - if (!reply_bytes) { - /* the current nameserver seems to have a problem, blacklist it */ - if (ldns_resolver_fail(r)) { - LDNS_FREE(ns); - return LDNS_STATUS_ERR; - } else { - LDNS_FREE(ns); - continue; - } - } - - status = ldns_wire2pkt(&reply, reply_bytes, reply_size); - if (status != LDNS_STATUS_OK) { - LDNS_FREE(reply_bytes); - LDNS_FREE(ns); - return status; - } - - LDNS_FREE(ns); - gettimeofday(&tv_e, NULL); - - if (reply) { - ldns_pkt_set_querytime(reply, (uint32_t) - ((tv_e.tv_sec - tv_s.tv_sec) * 1000) + - (tv_e.tv_usec - tv_s.tv_usec) / 1000); - ldns_pkt_set_answerfrom(reply, - ldns_rdf_clone(ns_array[i])); - ldns_pkt_set_timestamp(reply, tv_s); - ldns_pkt_set_size(reply, reply_size); - break; - } else { - if (ldns_resolver_fail(r)) { - /* if fail is set bail out, after the first - * one */ - break; - } - } - - /* wait retrans seconds... */ - sleep((unsigned int) ldns_resolver_retrans(r)); - } - - if(src) { - LDNS_FREE(src); - } - if (all_servers_rtt_inf) { - LDNS_FREE(reply_bytes); - return LDNS_STATUS_RES_NO_NS; - } -#ifdef HAVE_SSL - if (tsig_mac && reply && reply_bytes) { - if (!ldns_pkt_tsig_verify(reply, - reply_bytes, - reply_size, - ldns_resolver_tsig_keyname(r), - ldns_resolver_tsig_keydata(r), tsig_mac)) { - status = LDNS_STATUS_CRYPTO_TSIG_BOGUS; - } - } -#else - (void)tsig_mac; -#endif /* HAVE_SSL */ - - LDNS_FREE(reply_bytes); - if (result) { - *result = reply; - } - - return status; -} - -ssize_t -ldns_tcp_send_query(ldns_buffer *qbin, int sockfd, - const struct sockaddr_storage *to, socklen_t tolen) -{ - uint8_t *sendbuf; - ssize_t bytes; - - /* add length of packet */ - sendbuf = LDNS_XMALLOC(uint8_t, ldns_buffer_position(qbin) + 2); - if(!sendbuf) return 0; - ldns_write_uint16(sendbuf, ldns_buffer_position(qbin)); - memcpy(sendbuf + 2, ldns_buffer_begin(qbin), ldns_buffer_position(qbin)); - - bytes = sendto(sockfd, (void*)sendbuf, - ldns_buffer_position(qbin) + 2, 0, (struct sockaddr *)to, tolen); - - LDNS_FREE(sendbuf); - - if (bytes == -1 || (size_t) bytes != ldns_buffer_position(qbin) + 2 ) { - return 0; - } - return bytes; -} - -/* don't wait for an answer */ -ssize_t -ldns_udp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, - socklen_t tolen) -{ - ssize_t bytes; - - bytes = sendto(sockfd, (void*)ldns_buffer_begin(qbin), - ldns_buffer_position(qbin), 0, (struct sockaddr *)to, tolen); - - if (bytes == -1 || (size_t)bytes != ldns_buffer_position(qbin)) { - return 0; - } - if ((size_t) bytes != ldns_buffer_position(qbin)) { - return 0; - } - return bytes; -} - -uint8_t * -ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *from, - socklen_t *fromlen) -{ - uint8_t *wire, *wireout; - ssize_t wire_size; - - wire = LDNS_XMALLOC(uint8_t, LDNS_MAX_PACKETLEN); - if (!wire) { - *size = 0; - return NULL; - } - - wire_size = recvfrom(sockfd, (void*)wire, LDNS_MAX_PACKETLEN, 0, - (struct sockaddr *)from, fromlen); - - /* recvfrom can also return 0 */ - if (wire_size == -1 || wire_size == 0) { - *size = 0; - LDNS_FREE(wire); - return NULL; - } - - *size = (size_t)wire_size; - wireout = LDNS_XREALLOC(wire, uint8_t, (size_t)wire_size); - if(!wireout) LDNS_FREE(wire); - - return wireout; -} - -uint8_t * -ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout) -{ - uint8_t *wire; - uint16_t wire_size; - ssize_t bytes = 0, rc = 0; - - wire = LDNS_XMALLOC(uint8_t, 2); - if (!wire) { - *size = 0; - return NULL; - } - - while (bytes < 2) { - if(!ldns_sock_wait(sockfd, timeout, 0)) { - *size = 0; - LDNS_FREE(wire); - return NULL; - } - rc = recv(sockfd, (void*) (wire + bytes), - (size_t) (2 - bytes), 0); - if (rc == -1 || rc == 0) { - *size = 0; - LDNS_FREE(wire); - return NULL; - } - bytes += rc; - } - - wire_size = ldns_read_uint16(wire); - - LDNS_FREE(wire); - wire = LDNS_XMALLOC(uint8_t, wire_size); - if (!wire) { - *size = 0; - return NULL; - } - bytes = 0; - - while (bytes < (ssize_t) wire_size) { - if(!ldns_sock_wait(sockfd, timeout, 0)) { - *size = 0; - LDNS_FREE(wire); - return NULL; - } - rc = recv(sockfd, (void*) (wire + bytes), - (size_t) (wire_size - bytes), 0); - if (rc == -1 || rc == 0) { - LDNS_FREE(wire); - *size = 0; - return NULL; - } - bytes += rc; - } - - *size = (size_t) bytes; - return wire; -} - -uint8_t * -ldns_tcp_read_wire(int sockfd, size_t *size) -{ - uint8_t *wire; - uint16_t wire_size; - ssize_t bytes = 0, rc = 0; - - wire = LDNS_XMALLOC(uint8_t, 2); - if (!wire) { - *size = 0; - return NULL; - } - - while (bytes < 2) { - rc = recv(sockfd, (void*) (wire + bytes), - (size_t) (2 - bytes), 0); - if (rc == -1 || rc == 0) { - *size = 0; - LDNS_FREE(wire); - return NULL; - } - bytes += rc; - } - - wire_size = ldns_read_uint16(wire); - - LDNS_FREE(wire); - wire = LDNS_XMALLOC(uint8_t, wire_size); - if (!wire) { - *size = 0; - return NULL; - } - bytes = 0; - - while (bytes < (ssize_t) wire_size) { - rc = recv(sockfd, (void*) (wire + bytes), - (size_t) (wire_size - bytes), 0); - if (rc == -1 || rc == 0) { - LDNS_FREE(wire); - *size = 0; - return NULL; - } - bytes += rc; - } - - *size = (size_t) bytes; - return wire; -} - -#ifndef S_SPLINT_S -ldns_rdf * -ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port) -{ - ldns_rdf *addr; - struct sockaddr_in *data_in; - struct sockaddr_in6 *data_in6; - - switch(sock->ss_family) { - case AF_INET: - data_in = (struct sockaddr_in*)sock; - if (port) { - *port = ntohs((uint16_t)data_in->sin_port); - } - addr = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_A, - LDNS_IP4ADDRLEN, &data_in->sin_addr); - break; - case AF_INET6: - data_in6 = (struct sockaddr_in6*)sock; - if (port) { - *port = ntohs((uint16_t)data_in6->sin6_port); - } - addr = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_AAAA, - LDNS_IP6ADDRLEN, &data_in6->sin6_addr); - break; - default: - if (port) { - *port = 0; - } - return NULL; - } - return addr; -} -#endif - -/* code from resolver.c */ -ldns_status -ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class) -{ - ldns_pkt *query; - ldns_buffer *query_wire; - - struct sockaddr_storage *src = NULL; - size_t src_len = 0; - struct sockaddr_storage *ns = NULL; - size_t ns_len = 0; - size_t ns_i; - ldns_status status; - - if (!resolver || ldns_resolver_nameserver_count(resolver) < 1) { - return LDNS_STATUS_ERR; - } - - query = ldns_pkt_query_new(ldns_rdf_clone(domain), LDNS_RR_TYPE_AXFR, class, 0); - - if (!query) { - return LDNS_STATUS_ADDRESS_ERR; - } - if(ldns_resolver_source(resolver)) { - src = ldns_rdf2native_sockaddr_storage_port( - ldns_resolver_source(resolver), 0, &src_len); - } - /* For AXFR, we have to make the connection ourselves */ - /* try all nameservers (which usually would mean v4 fallback if - * @hostname is used */ - for (ns_i = 0; - ns_i < ldns_resolver_nameserver_count(resolver) && - resolver->_socket == 0; - ns_i++) { - if (ns != NULL) { - LDNS_FREE(ns); - } - ns = ldns_rdf2native_sockaddr_storage( - resolver->_nameservers[ns_i], - ldns_resolver_port(resolver), &ns_len); - - resolver->_socket = ldns_tcp_connect_from( - ns, (socklen_t)ns_len, - src, (socklen_t)src_len, - ldns_resolver_timeout(resolver)); - } - - if (resolver->_socket == 0) { - ldns_pkt_free(query); - LDNS_FREE(ns); - return LDNS_STATUS_NETWORK_ERR; - } - -#ifdef HAVE_SSL - if (ldns_resolver_tsig_keyname(resolver) && ldns_resolver_tsig_keydata(resolver)) { - status = ldns_pkt_tsig_sign(query, - ldns_resolver_tsig_keyname(resolver), - ldns_resolver_tsig_keydata(resolver), - 300, ldns_resolver_tsig_algorithm(resolver), NULL); - if (status != LDNS_STATUS_OK) { - /* to prevent problems on subsequent calls to - * ldns_axfr_start we have to close the socket here! */ -#ifndef USE_WINSOCK - close(resolver->_socket); -#else - closesocket(resolver->_socket); -#endif - resolver->_socket = 0; - - ldns_pkt_free(query); - LDNS_FREE(ns); - - return LDNS_STATUS_CRYPTO_TSIG_ERR; - } - } -#endif /* HAVE_SSL */ - - /* Convert the query to a buffer - * Is this necessary? - */ - query_wire = ldns_buffer_new(LDNS_MAX_PACKETLEN); - if(!query_wire) { - ldns_pkt_free(query); - LDNS_FREE(ns); -#ifndef USE_WINSOCK - close(resolver->_socket); -#else - closesocket(resolver->_socket); -#endif - resolver->_socket = 0; - - return LDNS_STATUS_MEM_ERR; - } - status = ldns_pkt2buffer_wire(query_wire, query); - if (status != LDNS_STATUS_OK) { - ldns_pkt_free(query); - ldns_buffer_free(query_wire); - LDNS_FREE(ns); - - /* to prevent problems on subsequent calls to ldns_axfr_start - * we have to close the socket here! */ -#ifndef USE_WINSOCK - close(resolver->_socket); -#else - closesocket(resolver->_socket); -#endif - resolver->_socket = 0; - - return status; - } - /* Send the query */ - if (ldns_tcp_send_query(query_wire, resolver->_socket, ns, - (socklen_t)ns_len) == 0) { - ldns_pkt_free(query); - ldns_buffer_free(query_wire); - LDNS_FREE(ns); - - /* to prevent problems on subsequent calls to ldns_axfr_start - * we have to close the socket here! */ - -#ifndef USE_WINSOCK - close(resolver->_socket); -#else - closesocket(resolver->_socket); -#endif - resolver->_socket = 0; - - return LDNS_STATUS_NETWORK_ERR; - } - - ldns_pkt_free(query); - ldns_buffer_free(query_wire); - LDNS_FREE(ns); - - /* - * The AXFR is done once the second SOA record is sent - */ - resolver->_axfr_soa_count = 0; - return LDNS_STATUS_OK; -} diff --git a/src/ldns/packet.c b/src/ldns/packet.c deleted file mode 100644 index 62bfd07..0000000 --- a/src/ldns/packet.c +++ /dev/null @@ -1,1159 +0,0 @@ -/* - * packet.c - * - * dns packet implementation - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ - -#include - -#include - -#include -#include - -#ifdef HAVE_SSL -#include -#endif - -/* Access functions - * do this as functions to get type checking - */ - -#define LDNS_EDNS_MASK_DO_BIT 0x8000 - -/* TODO defines for 3600 */ -/* convert to and from numerical flag values */ -ldns_lookup_table ldns_edns_flags[] = { - { 3600, "do"}, - { 0, NULL} -}; - -/* read */ -uint16_t -ldns_pkt_id(const ldns_pkt *packet) -{ - return packet->_header->_id; -} - -bool -ldns_pkt_qr(const ldns_pkt *packet) -{ - return packet->_header->_qr; -} - -bool -ldns_pkt_aa(const ldns_pkt *packet) -{ - return packet->_header->_aa; -} - -bool -ldns_pkt_tc(const ldns_pkt *packet) -{ - return packet->_header->_tc; -} - -bool -ldns_pkt_rd(const ldns_pkt *packet) -{ - return packet->_header->_rd; -} - -bool -ldns_pkt_cd(const ldns_pkt *packet) -{ - return packet->_header->_cd; -} - -bool -ldns_pkt_ra(const ldns_pkt *packet) -{ - return packet->_header->_ra; -} - -bool -ldns_pkt_ad(const ldns_pkt *packet) -{ - return packet->_header->_ad; -} - -ldns_pkt_opcode -ldns_pkt_get_opcode(const ldns_pkt *packet) -{ - return packet->_header->_opcode; -} - -ldns_pkt_rcode -ldns_pkt_get_rcode(const ldns_pkt *packet) -{ - return packet->_header->_rcode; -} - -uint16_t -ldns_pkt_qdcount(const ldns_pkt *packet) -{ - return packet->_header->_qdcount; -} - -uint16_t -ldns_pkt_ancount(const ldns_pkt *packet) -{ - return packet->_header->_ancount; -} - -uint16_t -ldns_pkt_nscount(const ldns_pkt *packet) -{ - return packet->_header->_nscount; -} - -uint16_t -ldns_pkt_arcount(const ldns_pkt *packet) -{ - return packet->_header->_arcount; -} - -ldns_rr_list * -ldns_pkt_question(const ldns_pkt *packet) -{ - return packet->_question; -} - -ldns_rr_list * -ldns_pkt_answer(const ldns_pkt *packet) -{ - return packet->_answer; -} - -ldns_rr_list * -ldns_pkt_authority(const ldns_pkt *packet) -{ - return packet->_authority; -} - -ldns_rr_list * -ldns_pkt_additional(const ldns_pkt *packet) -{ - return packet->_additional; -} - -/* return ALL section concatenated */ -ldns_rr_list * -ldns_pkt_all(const ldns_pkt *packet) -{ - ldns_rr_list *all, *prev_all; - - all = ldns_rr_list_cat_clone( - ldns_pkt_question(packet), - ldns_pkt_answer(packet)); - prev_all = all; - all = ldns_rr_list_cat_clone(all, - ldns_pkt_authority(packet)); - ldns_rr_list_deep_free(prev_all); - prev_all = all; - all = ldns_rr_list_cat_clone(all, - ldns_pkt_additional(packet)); - ldns_rr_list_deep_free(prev_all); - return all; -} - -ldns_rr_list * -ldns_pkt_all_noquestion(const ldns_pkt *packet) -{ - ldns_rr_list *all, *all2; - - all = ldns_rr_list_cat_clone( - ldns_pkt_answer(packet), - ldns_pkt_authority(packet)); - all2 = ldns_rr_list_cat_clone(all, - ldns_pkt_additional(packet)); - - ldns_rr_list_deep_free(all); - return all2; -} - -size_t -ldns_pkt_size(const ldns_pkt *packet) -{ - return packet->_size; -} - -uint32_t -ldns_pkt_querytime(const ldns_pkt *packet) -{ - return packet->_querytime; -} - -ldns_rdf * -ldns_pkt_answerfrom(const ldns_pkt *packet) -{ - return packet->_answerfrom; -} - -struct timeval -ldns_pkt_timestamp(const ldns_pkt *packet) -{ - return packet->timestamp; -} - -uint16_t -ldns_pkt_edns_udp_size(const ldns_pkt *packet) -{ - return packet->_edns_udp_size; -} - -uint8_t -ldns_pkt_edns_extended_rcode(const ldns_pkt *packet) -{ - return packet->_edns_extended_rcode; -} - -uint8_t -ldns_pkt_edns_version(const ldns_pkt *packet) -{ - return packet->_edns_version; -} - -uint16_t -ldns_pkt_edns_z(const ldns_pkt *packet) -{ - return packet->_edns_z; -} - -bool -ldns_pkt_edns_do(const ldns_pkt *packet) -{ - return (packet->_edns_z & LDNS_EDNS_MASK_DO_BIT); -} - -void -ldns_pkt_set_edns_do(ldns_pkt *packet, bool value) -{ - if (value) { - packet->_edns_z = packet->_edns_z | LDNS_EDNS_MASK_DO_BIT; - } else { - packet->_edns_z = packet->_edns_z & ~LDNS_EDNS_MASK_DO_BIT; - } -} - -ldns_rdf * -ldns_pkt_edns_data(const ldns_pkt *packet) -{ - return packet->_edns_data; -} - -/* return only those rr that share the ownername */ -ldns_rr_list * -ldns_pkt_rr_list_by_name(ldns_pkt *packet, - ldns_rdf *ownername, - ldns_pkt_section sec) -{ - ldns_rr_list *rrs; - ldns_rr_list *ret; - uint16_t i; - - if (!packet) { - return NULL; - } - - rrs = ldns_pkt_get_section_clone(packet, sec); - ret = NULL; - - for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) { - if (ldns_dname_compare(ldns_rr_owner( - ldns_rr_list_rr(rrs, i)), - ownername) == 0) { - /* owner names match */ - if (ret == NULL) { - ret = ldns_rr_list_new(); - } - ldns_rr_list_push_rr(ret, - ldns_rr_clone( - ldns_rr_list_rr(rrs, i)) - ); - } - } - - ldns_rr_list_deep_free(rrs); - - return ret; -} - -/* return only those rr that share a type */ -ldns_rr_list * -ldns_pkt_rr_list_by_type(const ldns_pkt *packet, - ldns_rr_type type, - ldns_pkt_section sec) -{ - ldns_rr_list *rrs; - ldns_rr_list *new; - uint16_t i; - - if(!packet) { - return NULL; - } - - rrs = ldns_pkt_get_section_clone(packet, sec); - new = ldns_rr_list_new(); - - for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) { - if (type == ldns_rr_get_type(ldns_rr_list_rr(rrs, i))) { - /* types match */ - ldns_rr_list_push_rr(new, - ldns_rr_clone( - ldns_rr_list_rr(rrs, i)) - ); - } - } - ldns_rr_list_deep_free(rrs); - - if (ldns_rr_list_rr_count(new) == 0) { - ldns_rr_list_free(new); - return NULL; - } else { - return new; - } -} - -/* return only those rrs that share name and type */ -ldns_rr_list * -ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet, - const ldns_rdf *ownername, - ldns_rr_type type, - ldns_pkt_section sec) -{ - ldns_rr_list *rrs; - ldns_rr_list *new; - ldns_rr_list *ret; - uint16_t i; - - if(!packet) { - return NULL; - } - - rrs = ldns_pkt_get_section_clone(packet, sec); - new = ldns_rr_list_new(); - ret = NULL; - - for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) { - if (type == ldns_rr_get_type(ldns_rr_list_rr(rrs, i)) && - ldns_dname_compare(ldns_rr_owner(ldns_rr_list_rr(rrs, i)), - ownername - ) == 0 - ) { - /* types match */ - ldns_rr_list_push_rr(new, ldns_rr_clone(ldns_rr_list_rr(rrs, i))); - ret = new; - } - } - ldns_rr_list_deep_free(rrs); - if (!ret) { - ldns_rr_list_free(new); - } - return ret; -} - -bool -ldns_pkt_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr) -{ - bool result = false; - - switch (sec) { - case LDNS_SECTION_QUESTION: - return ldns_rr_list_contains_rr(ldns_pkt_question(pkt), rr); - case LDNS_SECTION_ANSWER: - return ldns_rr_list_contains_rr(ldns_pkt_answer(pkt), rr); - case LDNS_SECTION_AUTHORITY: - return ldns_rr_list_contains_rr(ldns_pkt_authority(pkt), rr); - case LDNS_SECTION_ADDITIONAL: - return ldns_rr_list_contains_rr(ldns_pkt_additional(pkt), rr); - case LDNS_SECTION_ANY: - result = ldns_rr_list_contains_rr(ldns_pkt_question(pkt), rr); - case LDNS_SECTION_ANY_NOQUESTION: - result = result - || ldns_rr_list_contains_rr(ldns_pkt_answer(pkt), rr) - || ldns_rr_list_contains_rr(ldns_pkt_authority(pkt), rr) - || ldns_rr_list_contains_rr(ldns_pkt_additional(pkt), rr); - } - - return result; -} - -uint16_t -ldns_pkt_section_count(const ldns_pkt *packet, ldns_pkt_section s) -{ - switch(s) { - case LDNS_SECTION_QUESTION: - return ldns_pkt_qdcount(packet); - case LDNS_SECTION_ANSWER: - return ldns_pkt_ancount(packet); - case LDNS_SECTION_AUTHORITY: - return ldns_pkt_nscount(packet); - case LDNS_SECTION_ADDITIONAL: - return ldns_pkt_arcount(packet); - case LDNS_SECTION_ANY: - return ldns_pkt_qdcount(packet) + - ldns_pkt_ancount(packet) + - ldns_pkt_nscount(packet) + - ldns_pkt_arcount(packet); - case LDNS_SECTION_ANY_NOQUESTION: - return ldns_pkt_ancount(packet) + - ldns_pkt_nscount(packet) + - ldns_pkt_arcount(packet); - default: - return 0; - } -} - -bool -ldns_pkt_empty(ldns_pkt *p) -{ - if (!p) { - return true; /* NULL is empty? */ - } - if (ldns_pkt_section_count(p, LDNS_SECTION_ANY) > 0) { - return false; - } else { - return true; - } -} - - -ldns_rr_list * -ldns_pkt_get_section_clone(const ldns_pkt *packet, ldns_pkt_section s) -{ - switch(s) { - case LDNS_SECTION_QUESTION: - return ldns_rr_list_clone(ldns_pkt_question(packet)); - case LDNS_SECTION_ANSWER: - return ldns_rr_list_clone(ldns_pkt_answer(packet)); - case LDNS_SECTION_AUTHORITY: - return ldns_rr_list_clone(ldns_pkt_authority(packet)); - case LDNS_SECTION_ADDITIONAL: - return ldns_rr_list_clone(ldns_pkt_additional(packet)); - case LDNS_SECTION_ANY: - /* these are already clones */ - return ldns_pkt_all(packet); - case LDNS_SECTION_ANY_NOQUESTION: - return ldns_pkt_all_noquestion(packet); - default: - return NULL; - } -} - -ldns_rr *ldns_pkt_tsig(const ldns_pkt *pkt) { - return pkt->_tsig_rr; -} - -/* write */ -void -ldns_pkt_set_id(ldns_pkt *packet, uint16_t id) -{ - packet->_header->_id = id; -} - -void -ldns_pkt_set_random_id(ldns_pkt *packet) -{ - uint16_t rid = ldns_get_random(); - ldns_pkt_set_id(packet, rid); -} - - -void -ldns_pkt_set_qr(ldns_pkt *packet, bool qr) -{ - packet->_header->_qr = qr; -} - -void -ldns_pkt_set_aa(ldns_pkt *packet, bool aa) -{ - packet->_header->_aa = aa; -} - -void -ldns_pkt_set_tc(ldns_pkt *packet, bool tc) -{ - packet->_header->_tc = tc; -} - -void -ldns_pkt_set_rd(ldns_pkt *packet, bool rd) -{ - packet->_header->_rd = rd; -} - -void -ldns_pkt_set_additional(ldns_pkt *p, ldns_rr_list *rr) -{ - p->_additional = rr; -} - -void -ldns_pkt_set_question(ldns_pkt *p, ldns_rr_list *rr) -{ - p->_question = rr; -} - -void -ldns_pkt_set_answer(ldns_pkt *p, ldns_rr_list *rr) -{ - p->_answer = rr; -} - -void -ldns_pkt_set_authority(ldns_pkt *p, ldns_rr_list *rr) -{ - p->_authority = rr; -} - -void -ldns_pkt_set_cd(ldns_pkt *packet, bool cd) -{ - packet->_header->_cd = cd; -} - -void -ldns_pkt_set_ra(ldns_pkt *packet, bool ra) -{ - packet->_header->_ra = ra; -} - -void -ldns_pkt_set_ad(ldns_pkt *packet, bool ad) -{ - packet->_header->_ad = ad; -} - -void -ldns_pkt_set_opcode(ldns_pkt *packet, ldns_pkt_opcode opcode) -{ - packet->_header->_opcode = opcode; -} - -void -ldns_pkt_set_rcode(ldns_pkt *packet, uint8_t rcode) -{ - packet->_header->_rcode = rcode; -} - -void -ldns_pkt_set_qdcount(ldns_pkt *packet, uint16_t qdcount) -{ - packet->_header->_qdcount = qdcount; -} - -void -ldns_pkt_set_ancount(ldns_pkt *packet, uint16_t ancount) -{ - packet->_header->_ancount = ancount; -} - -void -ldns_pkt_set_nscount(ldns_pkt *packet, uint16_t nscount) -{ - packet->_header->_nscount = nscount; -} - -void -ldns_pkt_set_arcount(ldns_pkt *packet, uint16_t arcount) -{ - packet->_header->_arcount = arcount; -} - -void -ldns_pkt_set_querytime(ldns_pkt *packet, uint32_t time) -{ - packet->_querytime = time; -} - -void -ldns_pkt_set_answerfrom(ldns_pkt *packet, ldns_rdf *answerfrom) -{ - packet->_answerfrom = answerfrom; -} - -void -ldns_pkt_set_timestamp(ldns_pkt *packet, struct timeval timeval) -{ - packet->timestamp.tv_sec = timeval.tv_sec; - packet->timestamp.tv_usec = timeval.tv_usec; -} - -void -ldns_pkt_set_size(ldns_pkt *packet, size_t s) -{ - packet->_size = s; -} - -void -ldns_pkt_set_edns_udp_size(ldns_pkt *packet, uint16_t s) -{ - packet->_edns_udp_size = s; -} - -void -ldns_pkt_set_edns_extended_rcode(ldns_pkt *packet, uint8_t c) -{ - packet->_edns_extended_rcode = c; -} - -void -ldns_pkt_set_edns_version(ldns_pkt *packet, uint8_t v) -{ - packet->_edns_version = v; -} - -void -ldns_pkt_set_edns_z(ldns_pkt *packet, uint16_t z) -{ - packet->_edns_z = z; -} - -void -ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *data) -{ - packet->_edns_data = data; -} - -void -ldns_pkt_set_section_count(ldns_pkt *packet, ldns_pkt_section s, uint16_t count) -{ - switch(s) { - case LDNS_SECTION_QUESTION: - ldns_pkt_set_qdcount(packet, count); - break; - case LDNS_SECTION_ANSWER: - ldns_pkt_set_ancount(packet, count); - break; - case LDNS_SECTION_AUTHORITY: - ldns_pkt_set_nscount(packet, count); - break; - case LDNS_SECTION_ADDITIONAL: - ldns_pkt_set_arcount(packet, count); - break; - case LDNS_SECTION_ANY: - case LDNS_SECTION_ANY_NOQUESTION: - break; - } -} - -void ldns_pkt_set_tsig(ldns_pkt *pkt, ldns_rr *rr) -{ - pkt->_tsig_rr = rr; -} - -bool -ldns_pkt_push_rr(ldns_pkt *packet, ldns_pkt_section section, ldns_rr *rr) -{ - switch(section) { - case LDNS_SECTION_QUESTION: - if (!ldns_rr_list_push_rr(ldns_pkt_question(packet), rr)) { - return false; - } - ldns_pkt_set_qdcount(packet, ldns_pkt_qdcount(packet) + 1); - break; - case LDNS_SECTION_ANSWER: - if (!ldns_rr_list_push_rr(ldns_pkt_answer(packet), rr)) { - return false; - } - ldns_pkt_set_ancount(packet, ldns_pkt_ancount(packet) + 1); - break; - case LDNS_SECTION_AUTHORITY: - if (!ldns_rr_list_push_rr(ldns_pkt_authority(packet), rr)) { - return false; - } - ldns_pkt_set_nscount(packet, ldns_pkt_nscount(packet) + 1); - break; - case LDNS_SECTION_ADDITIONAL: - if (!ldns_rr_list_push_rr(ldns_pkt_additional(packet), rr)) { - return false; - } - ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet) + 1); - break; - case LDNS_SECTION_ANY: - case LDNS_SECTION_ANY_NOQUESTION: - /* shouldn't this error? */ - break; - } - return true; -} - -bool -ldns_pkt_safe_push_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr) -{ - - /* check to see if its there */ - if (ldns_pkt_rr(pkt, sec, rr)) { - /* already there */ - return false; - } - return ldns_pkt_push_rr(pkt, sec, rr); -} - -bool -ldns_pkt_push_rr_list(ldns_pkt *p, ldns_pkt_section s, ldns_rr_list *list) -{ - size_t i; - for(i = 0; i < ldns_rr_list_rr_count(list); i++) { - if (!ldns_pkt_push_rr(p, s, ldns_rr_list_rr(list, i))) { - return false; - } - } - return true; -} - -bool -ldns_pkt_safe_push_rr_list(ldns_pkt *p, ldns_pkt_section s, ldns_rr_list *list) -{ - size_t i; - for(i = 0; i < ldns_rr_list_rr_count(list); i++) { - if (!ldns_pkt_safe_push_rr(p, s, ldns_rr_list_rr(list, i))) { - return false; - } - } - return true; -} - -bool -ldns_pkt_edns(const ldns_pkt *pkt) { - return (ldns_pkt_edns_udp_size(pkt) > 0 || - ldns_pkt_edns_extended_rcode(pkt) > 0 || - ldns_pkt_edns_data(pkt) || - ldns_pkt_edns_do(pkt) || - pkt->_edns_present - ); -} - - -/* Create/destroy/convert functions - */ -ldns_pkt * -ldns_pkt_new(void) -{ - ldns_pkt *packet; - packet = LDNS_MALLOC(ldns_pkt); - if (!packet) { - return NULL; - } - - packet->_header = LDNS_MALLOC(ldns_hdr); - if (!packet->_header) { - LDNS_FREE(packet); - return NULL; - } - - packet->_question = ldns_rr_list_new(); - packet->_answer = ldns_rr_list_new(); - packet->_authority = ldns_rr_list_new(); - packet->_additional = ldns_rr_list_new(); - - /* default everything to false */ - ldns_pkt_set_qr(packet, false); - ldns_pkt_set_aa(packet, false); - ldns_pkt_set_tc(packet, false); - ldns_pkt_set_rd(packet, false); - ldns_pkt_set_ra(packet, false); - ldns_pkt_set_ad(packet, false); - ldns_pkt_set_cd(packet, false); - - ldns_pkt_set_opcode(packet, LDNS_PACKET_QUERY); - ldns_pkt_set_rcode(packet, 0); - ldns_pkt_set_id(packet, 0); - ldns_pkt_set_size(packet, 0); - ldns_pkt_set_querytime(packet, 0); - memset(&packet->timestamp, 0, sizeof(packet->timestamp)); - ldns_pkt_set_answerfrom(packet, NULL); - ldns_pkt_set_section_count(packet, LDNS_SECTION_QUESTION, 0); - ldns_pkt_set_section_count(packet, LDNS_SECTION_ANSWER, 0); - ldns_pkt_set_section_count(packet, LDNS_SECTION_AUTHORITY, 0); - ldns_pkt_set_section_count(packet, LDNS_SECTION_ADDITIONAL, 0); - - ldns_pkt_set_edns_udp_size(packet, 0); - ldns_pkt_set_edns_extended_rcode(packet, 0); - ldns_pkt_set_edns_version(packet, 0); - ldns_pkt_set_edns_z(packet, 0); - ldns_pkt_set_edns_data(packet, NULL); - packet->_edns_present = false; - - ldns_pkt_set_tsig(packet, NULL); - - return packet; -} - -void -ldns_pkt_free(ldns_pkt *packet) -{ - if (packet) { - LDNS_FREE(packet->_header); - ldns_rr_list_deep_free(packet->_question); - ldns_rr_list_deep_free(packet->_answer); - ldns_rr_list_deep_free(packet->_authority); - ldns_rr_list_deep_free(packet->_additional); - ldns_rr_free(packet->_tsig_rr); - ldns_rdf_deep_free(packet->_edns_data); - ldns_rdf_deep_free(packet->_answerfrom); - LDNS_FREE(packet); - } -} - -bool -ldns_pkt_set_flags(ldns_pkt *packet, uint16_t flags) -{ - if (!packet) { - return false; - } - if ((flags & LDNS_QR) == LDNS_QR) { - ldns_pkt_set_qr(packet, true); - } - if ((flags & LDNS_AA) == LDNS_AA) { - ldns_pkt_set_aa(packet, true); - } - if ((flags & LDNS_RD) == LDNS_RD) { - ldns_pkt_set_rd(packet, true); - } - if ((flags & LDNS_TC) == LDNS_TC) { - ldns_pkt_set_tc(packet, true); - } - if ((flags & LDNS_CD) == LDNS_CD) { - ldns_pkt_set_cd(packet, true); - } - if ((flags & LDNS_RA) == LDNS_RA) { - ldns_pkt_set_ra(packet, true); - } - if ((flags & LDNS_AD) == LDNS_AD) { - ldns_pkt_set_ad(packet, true); - } - return true; -} - - -static ldns_rr* -ldns_pkt_authsoa(ldns_rdf* rr_name, ldns_rr_class rr_class) -{ - ldns_rr* soa_rr = ldns_rr_new(); - ldns_rdf *owner_rdf; - ldns_rdf *mname_rdf; - ldns_rdf *rname_rdf; - ldns_rdf *serial_rdf; - ldns_rdf *refresh_rdf; - ldns_rdf *retry_rdf; - ldns_rdf *expire_rdf; - ldns_rdf *minimum_rdf; - - if (!soa_rr) { - return NULL; - } - owner_rdf = ldns_rdf_clone(rr_name); - if (!owner_rdf) { - ldns_rr_free(soa_rr); - return NULL; - } - - ldns_rr_set_owner(soa_rr, owner_rdf); - ldns_rr_set_type(soa_rr, LDNS_RR_TYPE_SOA); - ldns_rr_set_class(soa_rr, rr_class); - ldns_rr_set_question(soa_rr, false); - - if (ldns_str2rdf_dname(&mname_rdf, ".") != LDNS_STATUS_OK) { - ldns_rr_free(soa_rr); - return NULL; - } else { - ldns_rr_push_rdf(soa_rr, mname_rdf); - } - if (ldns_str2rdf_dname(&rname_rdf, ".") != LDNS_STATUS_OK) { - ldns_rr_free(soa_rr); - return NULL; - } else { - ldns_rr_push_rdf(soa_rr, rname_rdf); - } - serial_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); - if (!serial_rdf) { - ldns_rr_free(soa_rr); - return NULL; - } else { - ldns_rr_push_rdf(soa_rr, serial_rdf); - } - refresh_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); - if (!refresh_rdf) { - ldns_rr_free(soa_rr); - return NULL; - } else { - ldns_rr_push_rdf(soa_rr, refresh_rdf); - } - retry_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); - if (!retry_rdf) { - ldns_rr_free(soa_rr); - return NULL; - } else { - ldns_rr_push_rdf(soa_rr, retry_rdf); - } - expire_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); - if (!expire_rdf) { - ldns_rr_free(soa_rr); - return NULL; - } else { - ldns_rr_push_rdf(soa_rr, expire_rdf); - } - minimum_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); - if (!minimum_rdf) { - ldns_rr_free(soa_rr); - return NULL; - } else { - ldns_rr_push_rdf(soa_rr, minimum_rdf); - } - return soa_rr; -} - - -static ldns_status -ldns_pkt_query_new_frm_str_internal(ldns_pkt **p, const char *name, - ldns_rr_type rr_type, ldns_rr_class rr_class, uint16_t flags, - ldns_rr* authsoa_rr) -{ - ldns_pkt *packet; - ldns_rr *question_rr; - ldns_rdf *name_rdf; - - packet = ldns_pkt_new(); - if (!packet) { - return LDNS_STATUS_MEM_ERR; - } - - if (!ldns_pkt_set_flags(packet, flags)) { - return LDNS_STATUS_ERR; - } - - question_rr = ldns_rr_new(); - if (!question_rr) { - return LDNS_STATUS_MEM_ERR; - } - - if (rr_type == 0) { - rr_type = LDNS_RR_TYPE_A; - } - if (rr_class == 0) { - rr_class = LDNS_RR_CLASS_IN; - } - - if (ldns_str2rdf_dname(&name_rdf, name) == LDNS_STATUS_OK) { - ldns_rr_set_owner(question_rr, name_rdf); - ldns_rr_set_type(question_rr, rr_type); - ldns_rr_set_class(question_rr, rr_class); - ldns_rr_set_question(question_rr, true); - - ldns_pkt_push_rr(packet, LDNS_SECTION_QUESTION, question_rr); - } else { - ldns_rr_free(question_rr); - ldns_pkt_free(packet); - return LDNS_STATUS_ERR; - } - - if (authsoa_rr) { - ldns_pkt_push_rr(packet, LDNS_SECTION_AUTHORITY, authsoa_rr); - } - - packet->_tsig_rr = NULL; - ldns_pkt_set_answerfrom(packet, NULL); - if (p) { - *p = packet; - return LDNS_STATUS_OK; - } else { - ldns_pkt_free(packet); - return LDNS_STATUS_NULL; - } -} - -ldns_status -ldns_pkt_query_new_frm_str(ldns_pkt **p, const char *name, - ldns_rr_type rr_type, ldns_rr_class rr_class, uint16_t flags) -{ - return ldns_pkt_query_new_frm_str_internal(p, name, rr_type, - rr_class, flags, NULL); -} - -ldns_status -ldns_pkt_ixfr_request_new_frm_str(ldns_pkt **p, const char *name, - ldns_rr_class rr_class, uint16_t flags, ldns_rr *soa) -{ - ldns_rr* authsoa_rr = soa; - if (!authsoa_rr) { - ldns_rdf *name_rdf; - if (ldns_str2rdf_dname(&name_rdf, name) == LDNS_STATUS_OK) { - authsoa_rr = ldns_pkt_authsoa(name_rdf, rr_class); - } - ldns_rdf_free(name_rdf); - } - return ldns_pkt_query_new_frm_str_internal(p, name, LDNS_RR_TYPE_IXFR, - rr_class, flags, authsoa_rr); -} - -static ldns_pkt * -ldns_pkt_query_new_internal(ldns_rdf *rr_name, ldns_rr_type rr_type, - ldns_rr_class rr_class, uint16_t flags, ldns_rr* authsoa_rr) -{ - ldns_pkt *packet; - ldns_rr *question_rr; - - packet = ldns_pkt_new(); - if (!packet) { - return NULL; - } - - if (!ldns_pkt_set_flags(packet, flags)) { - return NULL; - } - - question_rr = ldns_rr_new(); - if (!question_rr) { - ldns_pkt_free(packet); - return NULL; - } - - if (rr_type == 0) { - rr_type = LDNS_RR_TYPE_A; - } - if (rr_class == 0) { - rr_class = LDNS_RR_CLASS_IN; - } - - ldns_rr_set_owner(question_rr, rr_name); - ldns_rr_set_type(question_rr, rr_type); - ldns_rr_set_class(question_rr, rr_class); - ldns_rr_set_question(question_rr, true); - ldns_pkt_push_rr(packet, LDNS_SECTION_QUESTION, question_rr); - - if (authsoa_rr) { - ldns_pkt_push_rr(packet, LDNS_SECTION_AUTHORITY, authsoa_rr); - } - - packet->_tsig_rr = NULL; - return packet; -} - -ldns_pkt * -ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type, - ldns_rr_class rr_class, uint16_t flags) -{ - return ldns_pkt_query_new_internal(rr_name, rr_type, - rr_class, flags, NULL); -} - -ldns_pkt * -ldns_pkt_ixfr_request_new(ldns_rdf *rr_name, ldns_rr_class rr_class, - uint16_t flags, ldns_rr* soa) -{ - ldns_rr* authsoa_rr = soa; - if (!authsoa_rr) { - authsoa_rr = ldns_pkt_authsoa(rr_name, rr_class); - } - return ldns_pkt_query_new_internal(rr_name, LDNS_RR_TYPE_IXFR, - rr_class, flags, authsoa_rr); -} - -ldns_pkt_type -ldns_pkt_reply_type(ldns_pkt *p) -{ - ldns_rr_list *tmp; - - if (!p) { - return LDNS_PACKET_UNKNOWN; - } - - if (ldns_pkt_get_rcode(p) == LDNS_RCODE_NXDOMAIN) { - return LDNS_PACKET_NXDOMAIN; - } - - if (ldns_pkt_ancount(p) == 0 && ldns_pkt_arcount(p) == 0 - && ldns_pkt_nscount(p) == 1) { - - /* check for SOA */ - tmp = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_SOA, - LDNS_SECTION_AUTHORITY); - if (tmp) { - ldns_rr_list_deep_free(tmp); - return LDNS_PACKET_NODATA; - } else { - /* I have no idea ... */ - } - } - - if (ldns_pkt_ancount(p) == 0 && ldns_pkt_nscount(p) > 0) { - tmp = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_NS, - LDNS_SECTION_AUTHORITY); - if (tmp) { - /* there are nameservers here */ - ldns_rr_list_deep_free(tmp); - return LDNS_PACKET_REFERRAL; - } else { - /* I have no idea */ - } - ldns_rr_list_deep_free(tmp); - } - - /* if we cannot determine the packet type, we say it's an - * answer... - */ - return LDNS_PACKET_ANSWER; -} - -ldns_pkt * -ldns_pkt_clone(const ldns_pkt *pkt) -{ - ldns_pkt *new_pkt; - - if (!pkt) { - return NULL; - } - new_pkt = ldns_pkt_new(); - - ldns_pkt_set_id(new_pkt, ldns_pkt_id(pkt)); - ldns_pkt_set_qr(new_pkt, ldns_pkt_qr(pkt)); - ldns_pkt_set_aa(new_pkt, ldns_pkt_aa(pkt)); - ldns_pkt_set_tc(new_pkt, ldns_pkt_tc(pkt)); - ldns_pkt_set_rd(new_pkt, ldns_pkt_rd(pkt)); - ldns_pkt_set_cd(new_pkt, ldns_pkt_cd(pkt)); - ldns_pkt_set_ra(new_pkt, ldns_pkt_ra(pkt)); - ldns_pkt_set_ad(new_pkt, ldns_pkt_ad(pkt)); - ldns_pkt_set_opcode(new_pkt, ldns_pkt_get_opcode(pkt)); - ldns_pkt_set_rcode(new_pkt, ldns_pkt_get_rcode(pkt)); - ldns_pkt_set_qdcount(new_pkt, ldns_pkt_qdcount(pkt)); - ldns_pkt_set_ancount(new_pkt, ldns_pkt_ancount(pkt)); - ldns_pkt_set_nscount(new_pkt, ldns_pkt_nscount(pkt)); - ldns_pkt_set_arcount(new_pkt, ldns_pkt_arcount(pkt)); - if (ldns_pkt_answerfrom(pkt)) - ldns_pkt_set_answerfrom(new_pkt, - ldns_rdf_clone(ldns_pkt_answerfrom(pkt))); - ldns_pkt_set_timestamp(new_pkt, ldns_pkt_timestamp(pkt)); - ldns_pkt_set_querytime(new_pkt, ldns_pkt_querytime(pkt)); - ldns_pkt_set_size(new_pkt, ldns_pkt_size(pkt)); - ldns_pkt_set_tsig(new_pkt, ldns_rr_clone(ldns_pkt_tsig(pkt))); - - ldns_pkt_set_edns_udp_size(new_pkt, ldns_pkt_edns_udp_size(pkt)); - ldns_pkt_set_edns_extended_rcode(new_pkt, - ldns_pkt_edns_extended_rcode(pkt)); - ldns_pkt_set_edns_version(new_pkt, ldns_pkt_edns_version(pkt)); - new_pkt->_edns_present = pkt->_edns_present; - ldns_pkt_set_edns_z(new_pkt, ldns_pkt_edns_z(pkt)); - if(ldns_pkt_edns_data(pkt)) - ldns_pkt_set_edns_data(new_pkt, - ldns_rdf_clone(ldns_pkt_edns_data(pkt))); - ldns_pkt_set_edns_do(new_pkt, ldns_pkt_edns_do(pkt)); - - ldns_rr_list_deep_free(new_pkt->_question); - ldns_rr_list_deep_free(new_pkt->_answer); - ldns_rr_list_deep_free(new_pkt->_authority); - ldns_rr_list_deep_free(new_pkt->_additional); - new_pkt->_question = ldns_rr_list_clone(ldns_pkt_question(pkt)); - new_pkt->_answer = ldns_rr_list_clone(ldns_pkt_answer(pkt)); - new_pkt->_authority = ldns_rr_list_clone(ldns_pkt_authority(pkt)); - new_pkt->_additional = ldns_rr_list_clone(ldns_pkt_additional(pkt)); - return new_pkt; -} diff --git a/src/ldns/parse.c b/src/ldns/parse.c deleted file mode 100644 index e68627c..0000000 --- a/src/ldns/parse.c +++ /dev/null @@ -1,434 +0,0 @@ -/* - * a generic (simple) parser. Use to parse rr's, private key - * information and /etc/resolv.conf files - * - * a Net::DNS like library for C - * LibDNS Team @ NLnet Labs - * (c) NLnet Labs, 2005-2006 - * See the file LICENSE for the license - */ -#include -#include - -#include -#include - -ldns_lookup_table ldns_directive_types[] = { - { LDNS_DIR_TTL, "$TTL" }, - { LDNS_DIR_ORIGIN, "$ORIGIN" }, - { LDNS_DIR_INCLUDE, "$INCLUDE" }, - { 0, NULL } -}; - -/* add max_limit here? */ -ssize_t -ldns_fget_token(FILE *f, char *token, const char *delim, size_t limit) -{ - return ldns_fget_token_l(f, token, delim, limit, NULL); -} - -ssize_t -ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr) -{ - int c, prev_c; - int p; /* 0 -> no parenthese seen, >0 nr of ( seen */ - int com, quoted; - char *t; - size_t i; - const char *d; - const char *del; - - /* standard delimeters */ - if (!delim) { - /* from isspace(3) */ - del = LDNS_PARSE_NORMAL; - } else { - del = delim; - } - - p = 0; - i = 0; - com = 0; - quoted = 0; - prev_c = 0; - t = token; - if (del[0] == '"') { - quoted = 1; - } - while ((c = getc(f)) != EOF) { - if (c == '\r') /* carriage return */ - c = ' '; - if (c == '(' && prev_c != '\\' && !quoted) { - /* this only counts for non-comments */ - if (com == 0) { - p++; - } - prev_c = c; - continue; - } - - if (c == ')' && prev_c != '\\' && !quoted) { - /* this only counts for non-comments */ - if (com == 0) { - p--; - } - prev_c = c; - continue; - } - - if (p < 0) { - /* more ) then ( - close off the string */ - *t = '\0'; - return 0; - } - - /* do something with comments ; */ - if (c == ';' && quoted == 0) { - if (prev_c != '\\') { - com = 1; - } - } - if (c == '\"' && com == 0 && prev_c != '\\') { - quoted = 1 - quoted; - } - - if (c == '\n' && com != 0) { - /* comments */ - com = 0; - *t = ' '; - if (line_nr) { - *line_nr = *line_nr + 1; - } - if (p == 0 && i > 0) { - goto tokenread; - } else { - prev_c = c; - continue; - } - } - - if (com == 1) { - *t = ' '; - prev_c = c; - continue; - } - - if (c == '\n' && p != 0 && t > token) { - /* in parentheses */ - if (line_nr) { - *line_nr = *line_nr + 1; - } - *t++ = ' '; - prev_c = c; - continue; - } - - /* check if we hit the delim */ - for (d = del; *d; d++) { - if (c == *d && i > 0 && prev_c != '\\' && p == 0) { - if (c == '\n' && line_nr) { - *line_nr = *line_nr + 1; - } - goto tokenread; - } - } - if (c != '\0' && c != '\n') { - i++; - } - if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { - *t = '\0'; - return -1; - } - if (c != '\0' && c != '\n') { - *t++ = c; - } - if (c == '\\' && prev_c == '\\') - prev_c = 0; - else prev_c = c; - } - *t = '\0'; - if (c == EOF) { - return (ssize_t)i; - } - - if (i == 0) { - /* nothing read */ - return -1; - } - if (p != 0) { - return -1; - } - return (ssize_t)i; - -tokenread: - if(*del == '"') /* do not skip over quotes, they are significant */ - ldns_fskipcs_l(f, del+1, line_nr); - else ldns_fskipcs_l(f, del, line_nr); - *t = '\0'; - if (p != 0) { - return -1; - } - - return (ssize_t)i; -} - -ssize_t -ldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data, - const char *d_del, size_t data_limit) -{ - return ldns_fget_keyword_data_l(f, keyword, k_del, data, d_del, - data_limit, NULL); -} - -ssize_t -ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, - const char *d_del, size_t data_limit, int *line_nr) -{ - /* we assume: keyword|sep|data */ - char *fkeyword; - ssize_t i; - - if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN) - return -1; - fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN); - if(!fkeyword) - return -1; - - i = ldns_fget_token(f, fkeyword, k_del, LDNS_MAX_KEYWORDLEN); - if(i==0 || i==-1) { - LDNS_FREE(fkeyword); - return -1; - } - - /* case??? i instead of strlen? */ - if (strncmp(fkeyword, keyword, LDNS_MAX_KEYWORDLEN - 1) == 0) { - /* whee! */ - /* printf("%s\n%s\n", "Matching keyword", fkeyword); */ - i = ldns_fget_token_l(f, data, d_del, data_limit, line_nr); - LDNS_FREE(fkeyword); - return i; - } else { - /*printf("no match for %s (read: %s)\n", keyword, fkeyword);*/ - LDNS_FREE(fkeyword); - return -1; - } -} - - -ssize_t -ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit) -{ - int c, lc; - int p; /* 0 -> no parenthese seen, >0 nr of ( seen */ - int com, quoted; - char *t; - size_t i; - const char *d; - const char *del; - - /* standard delimiters */ - if (!delim) { - /* from isspace(3) */ - del = LDNS_PARSE_NORMAL; - } else { - del = delim; - } - - p = 0; - i = 0; - com = 0; - quoted = 0; - t = token; - lc = 0; - if (del[0] == '"') { - quoted = 1; - } - - while ((c = ldns_bgetc(b)) != EOF) { - if (c == '\r') /* carriage return */ - c = ' '; - if (c == '(' && lc != '\\' && !quoted) { - /* this only counts for non-comments */ - if (com == 0) { - p++; - } - lc = c; - continue; - } - - if (c == ')' && lc != '\\' && !quoted) { - /* this only counts for non-comments */ - if (com == 0) { - p--; - } - lc = c; - continue; - } - - if (p < 0) { - /* more ) then ( */ - *t = '\0'; - return 0; - } - - /* do something with comments ; */ - if (c == ';' && quoted == 0) { - if (lc != '\\') { - com = 1; - } - } - if (c == '"' && com == 0 && lc != '\\') { - quoted = 1 - quoted; - } - - if (c == '\n' && com != 0) { - /* comments */ - com = 0; - *t = ' '; - lc = c; - continue; - } - - if (com == 1) { - *t = ' '; - lc = c; - continue; - } - - if (c == '\n' && p != 0) { - /* in parentheses */ - *t++ = ' '; - lc = c; - continue; - } - - /* check if we hit the delim */ - for (d = del; *d; d++) { - if (c == *d && lc != '\\' && p == 0) { - goto tokenread; - } - } - - i++; - if (limit > 0 && (i >= limit || (size_t)(t-token) >= limit)) { - *t = '\0'; - return -1; - } - *t++ = c; - - if (c == '\\' && lc == '\\') { - lc = 0; - } else { - lc = c; - } - } - *t = '\0'; - if (i == 0) { - /* nothing read */ - return -1; - } - if (p != 0) { - return -1; - } - return (ssize_t)i; - -tokenread: - if(*del == '"') /* do not skip over quotes, they are significant */ - ldns_bskipcs(b, del+1); - else ldns_bskipcs(b, del); - *t = '\0'; - - if (p != 0) { - return -1; - } - return (ssize_t)i; -} - - -void -ldns_bskipcs(ldns_buffer *buffer, const char *s) -{ - bool found; - char c; - const char *d; - - while(ldns_buffer_available_at(buffer, buffer->_position, sizeof(char))) { - c = (char) ldns_buffer_read_u8_at(buffer, buffer->_position); - found = false; - for (d = s; *d; d++) { - if (*d == c) { - found = true; - } - } - if (found && buffer->_limit > buffer->_position) { - buffer->_position += sizeof(char); - } else { - return; - } - } -} - -void -ldns_fskipcs(FILE *fp, const char *s) -{ - ldns_fskipcs_l(fp, s, NULL); -} - -void -ldns_fskipcs_l(FILE *fp, const char *s, int *line_nr) -{ - bool found; - int c; - const char *d; - - while ((c = fgetc(fp)) != EOF) { - if (line_nr && c == '\n') { - *line_nr = *line_nr + 1; - } - found = false; - for (d = s; *d; d++) { - if (*d == c) { - found = true; - } - } - if (!found) { - /* with getc, we've read too far */ - ungetc(c, fp); - return; - } - } -} - -ssize_t -ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, char -*data, const char *d_del, size_t data_limit) -{ - /* we assume: keyword|sep|data */ - char *fkeyword; - ssize_t i; - - if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN) - return -1; - fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN); - if(!fkeyword) - return -1; /* out of memory */ - - i = ldns_bget_token(b, fkeyword, k_del, data_limit); - if(i==0 || i==-1) { - LDNS_FREE(fkeyword); - return -1; /* nothing read */ - } - - /* case??? */ - if (strncmp(fkeyword, keyword, strlen(keyword)) == 0) { - LDNS_FREE(fkeyword); - /* whee, the match! */ - /* retrieve it's data */ - i = ldns_bget_token(b, data, d_del, 0); - return i; - } else { - LDNS_FREE(fkeyword); - return -1; - } -} - diff --git a/src/ldns/radix.c b/src/ldns/radix.c deleted file mode 100644 index 7aac258..0000000 --- a/src/ldns/radix.c +++ /dev/null @@ -1,1590 +0,0 @@ -/* - * radix.c -- generic radix tree - * - * Taken from NSD4, modified for ldns - * - * Copyright (c) 2012, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * \file - * Implementation of a radix tree. - */ - -#include -#include -#include -#include - -/** Helper functions */ -static ldns_radix_node_t* ldns_radix_new_node(void* data, uint8_t* key, - radix_strlen_t len); -static int ldns_radix_find_prefix(ldns_radix_t* tree, uint8_t* key, - radix_strlen_t len, ldns_radix_node_t** result, radix_strlen_t* pos); -static int ldns_radix_array_space(ldns_radix_node_t* node, uint8_t byte); -static int ldns_radix_array_grow(ldns_radix_node_t* node, unsigned need); -static int ldns_radix_str_create(ldns_radix_array_t* array, uint8_t* key, - radix_strlen_t pos, radix_strlen_t len); -static int ldns_radix_prefix_remainder(radix_strlen_t prefix_len, - uint8_t* longer_str, radix_strlen_t longer_len, uint8_t** split_str, - radix_strlen_t* split_len); -static int ldns_radix_array_split(ldns_radix_array_t* array, uint8_t* key, - radix_strlen_t pos, radix_strlen_t len, ldns_radix_node_t* add); -static int ldns_radix_str_is_prefix(uint8_t* str1, radix_strlen_t len1, - uint8_t* str2, radix_strlen_t len2); -static radix_strlen_t ldns_radix_str_common(uint8_t* str1, radix_strlen_t len1, - uint8_t* str2, radix_strlen_t len2); -static ldns_radix_node_t* ldns_radix_next_in_subtree(ldns_radix_node_t* node); -static ldns_radix_node_t* ldns_radix_prev_from_index(ldns_radix_node_t* node, - uint8_t index); -static ldns_radix_node_t* ldns_radix_last_in_subtree_incl_self( - ldns_radix_node_t* node); -static ldns_radix_node_t* ldns_radix_last_in_subtree(ldns_radix_node_t* node); -static void ldns_radix_del_fix(ldns_radix_t* tree, ldns_radix_node_t* node); -static void ldns_radix_cleanup_onechild(ldns_radix_node_t* node); -static void ldns_radix_cleanup_leaf(ldns_radix_node_t* node); -static void ldns_radix_node_free(ldns_radix_node_t* node, void* arg); -static void ldns_radix_node_array_free(ldns_radix_node_t* node); -static void ldns_radix_node_array_free_front(ldns_radix_node_t* node); -static void ldns_radix_node_array_free_end(ldns_radix_node_t* node); -static void ldns_radix_array_reduce(ldns_radix_node_t* node); -static void ldns_radix_self_or_prev(ldns_radix_node_t* node, - ldns_radix_node_t** result); - - -/** - * Create a new radix node. - * - */ -static ldns_radix_node_t* -ldns_radix_new_node(void* data, uint8_t* key, radix_strlen_t len) -{ - ldns_radix_node_t* node = LDNS_MALLOC(ldns_radix_node_t); - if (!node) { - return NULL; - } - node->data = data; - node->key = key; - node->klen = len; - node->parent = NULL; - node->parent_index = 0; - node->len = 0; - node->offset = 0; - node->capacity = 0; - node->array = NULL; - return node; -} - - -/** - * Create a new radix tree. - * - */ -ldns_radix_t * -ldns_radix_create(void) -{ - ldns_radix_t* tree; - - /** Allocate memory for it */ - tree = (ldns_radix_t *) LDNS_MALLOC(ldns_radix_t); - if (!tree) { - return NULL; - } - /** Initialize it */ - ldns_radix_init(tree); - return tree; -} - - -/** - * Initialize radix tree. - * - */ -void -ldns_radix_init(ldns_radix_t* tree) -{ - /** Initialize it */ - if (tree) { - tree->root = NULL; - tree->count = 0; - } - return; -} - - -/** - * Free radix tree. - * - */ -void -ldns_radix_free(ldns_radix_t* tree) -{ - if (tree) { - if (tree->root) { - ldns_radix_traverse_postorder(tree->root, - ldns_radix_node_free, NULL); - } - LDNS_FREE(tree); - } - return; -} - - -/** - * Insert data into the tree. - * - */ -ldns_status -ldns_radix_insert(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len, - void* data) -{ - radix_strlen_t pos = 0; - ldns_radix_node_t* add = NULL; - ldns_radix_node_t* prefix = NULL; - - if (!tree || !key || !data) { - return LDNS_STATUS_NULL; - } - add = ldns_radix_new_node(data, key, len); - if (!add) { - return LDNS_STATUS_MEM_ERR; - } - /** Search the trie until we can make no further process. */ - if (!ldns_radix_find_prefix(tree, key, len, &prefix, &pos)) { - /** No prefix found */ - assert(tree->root == NULL); - if (len == 0) { - /** - * Example 1: The root: - * | [0] - **/ - tree->root = add; - } else { - /** Example 2: 'dns': - * | [0] - * --| [d+ns] dns - **/ - prefix = ldns_radix_new_node(NULL, (uint8_t*)"", 0); - if (!prefix) { - LDNS_FREE(add); - return LDNS_STATUS_MEM_ERR; - } - /** Find some space in the array for the first byte */ - if (!ldns_radix_array_space(prefix, key[0])) { - LDNS_FREE(add); - LDNS_FREE(prefix->array); - LDNS_FREE(prefix); - return LDNS_STATUS_MEM_ERR; - } - /** Set relational pointers */ - add->parent = prefix; - add->parent_index = 0; - prefix->array[0].edge = add; - if (len > 1) { - /** Store the remainder of the prefix */ - if (!ldns_radix_prefix_remainder(1, key, - len, &prefix->array[0].str, - &prefix->array[0].len)) { - LDNS_FREE(add); - LDNS_FREE(prefix->array); - LDNS_FREE(prefix); - return LDNS_STATUS_MEM_ERR; - } - } - tree->root = prefix; - } - } else if (pos == len) { - /** Exact match found */ - if (prefix->data) { - /* Element already exists */ - LDNS_FREE(add); - return LDNS_STATUS_EXISTS_ERR; - } - prefix->data = data; - prefix->key = key; - prefix->klen = len; /* redundant */ - } else { - /** Prefix found */ - uint8_t byte = key[pos]; - assert(pos < len); - if (byte < prefix->offset || - (byte - prefix->offset) >= prefix->len) { - /** Find some space in the array for the byte. */ - /** - * Example 3: 'ldns' - * | [0] - * --| [d+ns] dns - * --| [l+dns] ldns - **/ - if (!ldns_radix_array_space(prefix, byte)) { - LDNS_FREE(add); - return LDNS_STATUS_MEM_ERR; - } - assert(byte >= prefix->offset); - assert((byte - prefix->offset) <= prefix->len); - byte -= prefix->offset; - if (pos+1 < len) { - /** Create remainder of the string. */ - if (!ldns_radix_str_create( - &prefix->array[byte], key, pos+1, - len)) { - LDNS_FREE(add); - return LDNS_STATUS_MEM_ERR; - } - } - /** Add new node. */ - add->parent = prefix; - add->parent_index = byte; - prefix->array[byte].edge = add; - } else if (prefix->array[byte-prefix->offset].edge == NULL) { - /** Use existing element. */ - /** - * Example 4: 'edns' - * | [0] - * --| [d+ns] dns - * --| [e+dns] edns - * --| [l+dns] ldns - **/ - byte -= prefix->offset; - if (pos+1 < len) { - /** Create remainder of the string. */ - if (!ldns_radix_str_create( - &prefix->array[byte], key, pos+1, - len)) { - LDNS_FREE(add); - return LDNS_STATUS_MEM_ERR; - } - } - /** Add new node. */ - add->parent = prefix; - add->parent_index = byte; - prefix->array[byte].edge = add; - } else { - /** - * Use existing element, but it has a shared prefix, - * we need a split. - */ - if (!ldns_radix_array_split(&prefix->array[byte-(prefix->offset)], - key, pos+1, len, add)) { - LDNS_FREE(add); - return LDNS_STATUS_MEM_ERR; - } - } - } - - tree->count ++; - return LDNS_STATUS_OK; -} - - -/** - * Delete data from the tree. - * - */ -void* ldns_radix_delete(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len) -{ - ldns_radix_node_t* del = ldns_radix_search(tree, key, len); - void* data = NULL; - if (del) { - tree->count--; - data = del->data; - del->data = NULL; - ldns_radix_del_fix(tree, del); - return data; - } - return NULL; -} - - -/** - * Search data in the tree. - * - */ -ldns_radix_node_t* -ldns_radix_search(ldns_radix_t* tree, uint8_t* key, radix_strlen_t len) -{ - ldns_radix_node_t* node = NULL; - radix_strlen_t pos = 0; - uint8_t byte = 0; - - if (!tree || !key) { - return NULL; - } - node = tree->root; - while (node) { - if (pos == len) { - return node->data?node:NULL; - } - byte = key[pos]; - if (byte < node->offset) { - return NULL; - } - byte -= node->offset; - if (byte >= node->len) { - return NULL; - } - pos++; - if (node->array[byte].len > 0) { - /** Must match additional string. */ - if (pos + node->array[byte].len > len) { - return NULL; - } - if (memcmp(&key[pos], node->array[byte].str, - node->array[byte].len) != 0) { - return NULL; - } - pos += node->array[byte].len; - } - node = node->array[byte].edge; - } - return NULL; -} - - -/** - * Search data in the tree, and if not found, find the closest smaller - * element in the tree. - * - */ -int -ldns_radix_find_less_equal(ldns_radix_t* tree, uint8_t* key, - radix_strlen_t len, ldns_radix_node_t** result) -{ - ldns_radix_node_t* node = NULL; - radix_strlen_t pos = 0; - uint8_t byte; - int memcmp_res = 0; - - if (!tree || !tree->root || !key) { - *result = NULL; - return 0; - } - - node = tree->root; - while (pos < len) { - byte = key[pos]; - if (byte < node->offset) { - /** - * No exact match. The lesser is in this or the - * previous node. - */ - ldns_radix_self_or_prev(node, result); - return 0; - } - byte -= node->offset; - if (byte >= node->len) { - /** - * No exact match. The lesser is in this node or the - * last of this array, or something before this node. - */ - *result = ldns_radix_last_in_subtree_incl_self(node); - if (*result == NULL) { - *result = ldns_radix_prev(node); - } - return 0; - } - pos++; - if (!node->array[byte].edge) { - /** - * No exact match. Find the previous in the array - * from this index. - */ - *result = ldns_radix_prev_from_index(node, byte); - if (*result == NULL) { - ldns_radix_self_or_prev(node, result); - } - return 0; - } - if (node->array[byte].len != 0) { - /** Must match additional string. */ - if (pos + node->array[byte].len > len) { - /** Additional string is longer than key. */ - if (memcmp(&key[pos], node->array[byte].str, - len-pos) <= 0) { - /** Key is before this node. */ - *result = ldns_radix_prev( - node->array[byte].edge); - } else { - /** Key is after additional string. */ - *result = ldns_radix_last_in_subtree_incl_self(node->array[byte].edge); - if (*result == NULL) { - *result = ldns_radix_prev(node->array[byte].edge); - } - } - return 0; - } - memcmp_res = memcmp(&key[pos], node->array[byte].str, - node->array[byte].len); - if (memcmp_res < 0) { - *result = ldns_radix_prev( - node->array[byte].edge); - return 0; - } else if (memcmp_res > 0) { - *result = ldns_radix_last_in_subtree_incl_self(node->array[byte].edge); - if (*result == NULL) { - *result = ldns_radix_prev(node->array[byte].edge); - } - return 0; - } - - pos += node->array[byte].len; - } - node = node->array[byte].edge; - } - if (node->data) { - /** Exact match. */ - *result = node; - return 1; - } - /** There is a node which is an exact match, but has no element. */ - *result = ldns_radix_prev(node); - return 0; -} - - -/** - * Get the first element in the tree. - * - */ -ldns_radix_node_t* -ldns_radix_first(ldns_radix_t* tree) -{ - ldns_radix_node_t* first = NULL; - if (!tree || !tree->root) { - return NULL; - } - first = tree->root; - if (first->data) { - return first; - } - return ldns_radix_next(first); -} - - -/** - * Get the last element in the tree. - * - */ -ldns_radix_node_t* -ldns_radix_last(ldns_radix_t* tree) -{ - if (!tree || !tree->root) { - return NULL; - } - return ldns_radix_last_in_subtree_incl_self(tree->root); -} - - -/** - * Next element. - * - */ -ldns_radix_node_t* -ldns_radix_next(ldns_radix_node_t* node) -{ - if (!node) { - return NULL; - } - if (node->len) { - /** Go down: most-left child is the next. */ - ldns_radix_node_t* next = ldns_radix_next_in_subtree(node); - if (next) { - return next; - } - } - /** No elements in subtree, get to parent and go down next branch. */ - while (node->parent) { - uint8_t index = node->parent_index; - node = node->parent; - index++; - for (; index < node->len; index++) { - if (node->array[index].edge) { - ldns_radix_node_t* next; - /** Node itself. */ - if (node->array[index].edge->data) { - return node->array[index].edge; - } - /** Dive into subtree. */ - next = ldns_radix_next_in_subtree(node); - if (next) { - return next; - } - } - } - } - return NULL; -} - - -/** - * Previous element. - * - */ -ldns_radix_node_t* -ldns_radix_prev(ldns_radix_node_t* node) -{ - if (!node) { - return NULL; - } - - /** Get to parent and go down previous branch. */ - while (node->parent) { - uint8_t index = node->parent_index; - ldns_radix_node_t* prev; - node = node->parent; - assert(node->len > 0); - prev = ldns_radix_prev_from_index(node, index); - if (prev) { - return prev; - } - if (node->data) { - return node; - } - } - return NULL; -} - - -/** - * Print node. - * - */ -static void -ldns_radix_node_print(FILE* fd, ldns_radix_node_t* node, - uint8_t i, uint8_t* str, radix_strlen_t len, unsigned d) -{ - uint8_t j; - if (!node) { - return; - } - for (j = 0; j < d; j++) { - fprintf(fd, "--"); - } - if (str) { - radix_strlen_t l; - fprintf(fd, "| [%u+", (unsigned) i); - for (l=0; l < len; l++) { - fprintf(fd, "%c", (char) str[l]); - } - fprintf(fd, "]%u", (unsigned) len); - } else { - fprintf(fd, "| [%u]", (unsigned) i); - } - - if (node->data) { - fprintf(fd, " %s", (char*) node->data); - } - fprintf(fd, "\n"); - - for (j = 0; j < node->len; j++) { - if (node->array[j].edge) { - ldns_radix_node_print(fd, node->array[j].edge, j, - node->array[j].str, node->array[j].len, d+1); - } - } - return; -} - - -/** - * Print radix tree. - * - */ -void -ldns_radix_printf(FILE* fd, ldns_radix_t* tree) -{ - if (!fd || !tree) { - return; - } - if (!tree->root) { - fprintf(fd, "; empty radix tree\n"); - return; - } - ldns_radix_node_print(fd, tree->root, 0, NULL, 0, 0); - return; -} - - -/** - * Join two radix trees. - * - */ -ldns_status -ldns_radix_join(ldns_radix_t* tree1, ldns_radix_t* tree2) -{ - ldns_radix_node_t* cur_node, *next_node; - ldns_status status; - if (!tree2 || !tree2->root) { - return LDNS_STATUS_OK; - } - /** Add all elements from tree2 into tree1. */ - - cur_node = ldns_radix_first(tree2); - while (cur_node) { - status = LDNS_STATUS_NO_DATA; - /** Insert current node into tree1 */ - if (cur_node->data) { - status = ldns_radix_insert(tree1, cur_node->key, - cur_node->klen, cur_node->data); - /** Exist errors may occur */ - if (status != LDNS_STATUS_OK && - status != LDNS_STATUS_EXISTS_ERR) { - return status; - } - } - next_node = ldns_radix_next(cur_node); - if (status == LDNS_STATUS_OK) { - (void) ldns_radix_delete(tree2, cur_node->key, - cur_node->klen); - } - cur_node = next_node; - } - - return LDNS_STATUS_OK; -} - - -/** - * Split a radix tree intwo. - * - */ -ldns_status -ldns_radix_split(ldns_radix_t* tree1, size_t num, ldns_radix_t** tree2) -{ - size_t count = 0; - ldns_radix_node_t* cur_node; - ldns_status status = LDNS_STATUS_OK; - if (!tree1 || !tree1->root || num == 0) { - return LDNS_STATUS_OK; - } - if (!tree2) { - return LDNS_STATUS_NULL; - } - if (!*tree2) { - *tree2 = ldns_radix_create(); - if (!*tree2) { - return LDNS_STATUS_MEM_ERR; - } - } - cur_node = ldns_radix_first(tree1); - while (count < num && cur_node) { - if (cur_node->data) { - /** Delete current node from tree1. */ - uint8_t* cur_key = cur_node->key; - radix_strlen_t cur_len = cur_node->klen; - void* cur_data = ldns_radix_delete(tree1, cur_key, - cur_len); - /** Insert current node into tree2/ */ - if (!cur_data) { - return LDNS_STATUS_NO_DATA; - } - status = ldns_radix_insert(*tree2, cur_key, cur_len, - cur_data); - if (status != LDNS_STATUS_OK && - status != LDNS_STATUS_EXISTS_ERR) { - return status; - } -/* - if (status == LDNS_STATUS_OK) { - cur_node->key = NULL; - cur_node->klen = 0; - } -*/ - /** Update count; get first element from tree1 again. */ - count++; - cur_node = ldns_radix_first(tree1); - } else { - cur_node = ldns_radix_next(cur_node); - } - } - return LDNS_STATUS_OK; -} - - -/** - * Call function for all nodes in the tree, such that leaf nodes are - * called before parent nodes. - * - */ -void -ldns_radix_traverse_postorder(ldns_radix_node_t* node, - void (*func)(ldns_radix_node_t*, void*), void* arg) -{ - uint8_t i; - if (!node) { - return; - } - for (i=0; i < node->len; i++) { - ldns_radix_traverse_postorder(node->array[i].edge, - func, arg); - } - /** Call user function */ - (*func)(node, arg); - return; -} - - -/** Static helper functions */ - -/** - * Find a prefix of the key. - * @param tree: tree. - * @param key: key. - * @param len: length of key. - * @param result: the longest prefix, the entry itself if *pos==len, - * otherwise an array entry. - * @param pos: position in string where next unmatched byte is. - * If *pos==len, an exact match is found. - * If *pos== 0, a "" match was found. - * @return 0 (false) if no prefix found. - * - */ -static int -ldns_radix_find_prefix(ldns_radix_t* tree, uint8_t* key, - radix_strlen_t len, ldns_radix_node_t** result, radix_strlen_t* respos) -{ - /** Start searching at the root node */ - ldns_radix_node_t* n = tree->root; - radix_strlen_t pos = 0; - uint8_t byte; - *respos = 0; - *result = n; - if (!n) { - /** No root, no prefix found */ - return 0; - } - /** For each node, look if we can make further progress */ - while (n) { - if (pos == len) { - /** Exact match */ - return 1; - } - byte = key[pos]; - if (byte < n->offset) { - /** key < node */ - return 1; - } - byte -= n->offset; - if (byte >= n->len) { - /** key > node */ - return 1; - } - /** So far, the trie matches */ - pos++; - if (n->array[byte].len != 0) { - /** Must match additional string */ - if (pos + n->array[byte].len > len) { - return 1; /* no match at child node */ - } - if (memcmp(&key[pos], n->array[byte].str, - n->array[byte].len) != 0) { - return 1; /* no match at child node */ - } - pos += n->array[byte].len; - } - /** Continue searching prefix at this child node */ - n = n->array[byte].edge; - if (!n) { - return 1; - } - /** Update the prefix node */ - *respos = pos; - *result = n; - } - /** Done */ - return 1; -} - - -/** - * Make space in the node's array for another byte. - * @param node: node. - * @param byte: byte. - * @return 1 if successful, 0 otherwise. - * - */ -static int -ldns_radix_array_space(ldns_radix_node_t* node, uint8_t byte) -{ - /** Is there an array? */ - if (!node->array) { - assert(node->capacity == 0); - /** No array, create new array */ - node->array = LDNS_MALLOC(ldns_radix_array_t); - if (!node->array) { - return 0; - } - memset(&node->array[0], 0, sizeof(ldns_radix_array_t)); - node->len = 1; - node->capacity = 1; - node->offset = byte; - return 1; - } - /** Array exist */ - assert(node->array != NULL); - assert(node->capacity > 0); - - if (node->len == 0) { - /** Unused array */ - node->len = 1; - node->offset = byte; - } else if (byte < node->offset) { - /** Byte is below the offset */ - uint8_t index; - uint16_t need = node->offset - byte; - /** Is there enough capacity? */ - if (node->len + need > node->capacity) { - /** Not enough capacity, grow array */ - if (!ldns_radix_array_grow(node, - (unsigned) (node->len + need))) { - return 0; /* failed to grow array */ - } - } - /** Move items to the end */ - memmove(&node->array[need], &node->array[0], - node->len*sizeof(ldns_radix_array_t)); - /** Fix parent index */ - for (index = 0; index < node->len; index++) { - if (node->array[index+need].edge) { - node->array[index+need].edge->parent_index = - index + need; - } - } - /** Zero the first */ - memset(&node->array[0], 0, need*sizeof(ldns_radix_array_t)); - node->len += need; - node->offset = byte; - } else if (byte - node->offset >= node->len) { - /** Byte does not fit in array */ - uint16_t need = (byte - node->offset) - node->len + 1; - /** Is there enough capacity? */ - if (node->len + need > node->capacity) { - /** Not enough capacity, grow array */ - if (!ldns_radix_array_grow(node, - (unsigned) (node->len + need))) { - return 0; /* failed to grow array */ - } - } - /** Zero the added items */ - memset(&node->array[node->len], 0, - need*sizeof(ldns_radix_array_t)); - node->len += need; - } - return 1; -} - - -/** - * Grow the array. - * @param node: node. - * @param need: number of elements the array at least need to grow. - * Can't be bigger than 256. - * @return: 0 if failed, 1 if was successful. - * - */ -static int -ldns_radix_array_grow(ldns_radix_node_t* node, unsigned need) -{ - unsigned size = ((unsigned)node->capacity)*2; - ldns_radix_array_t* a = NULL; - if (need > size) { - size = need; - } - if (size > 256) { - size = 256; - } - a = LDNS_XMALLOC(ldns_radix_array_t, size); - if (!a) { - return 0; - } - assert(node->len <= node->capacity); - assert(node->capacity < size); - memcpy(&a[0], &node->array[0], node->len*sizeof(ldns_radix_array_t)); - LDNS_FREE(node->array); - node->array = a; - node->capacity = size; - return 1; -} - - -/** - * Create a prefix in the array string. - * @param array: array. - * @param key: key. - * @param pos: start position in key. - * @param len: length of key. - * @return 0 if failed, 1 if was successful. - * - */ -static int -ldns_radix_str_create(ldns_radix_array_t* array, uint8_t* key, - radix_strlen_t pos, radix_strlen_t len) -{ - array->str = LDNS_XMALLOC(uint8_t, (len-pos)); - if (!array->str) { - return 0; - } - memmove(array->str, key+pos, len-pos); - array->len = (len-pos); - return 1; -} - - -/** - * Allocate remainder from prefixes for a split. - * @param prefixlen: length of prefix. - * @param longer_str: the longer string. - * @param longer_len: the longer string length. - * @param split_str: the split string. - * @param split_len: the split string length. - * @return 0 if failed, 1 if successful. - * - */ -static int -ldns_radix_prefix_remainder(radix_strlen_t prefix_len, - uint8_t* longer_str, radix_strlen_t longer_len, - uint8_t** split_str, radix_strlen_t* split_len) -{ - *split_len = longer_len - prefix_len; - *split_str = LDNS_XMALLOC(uint8_t, (*split_len)); - if (!*split_str) { - return 0; - } - memmove(*split_str, longer_str+prefix_len, longer_len-prefix_len); - return 1; -} - - -/** - * Create a split when two nodes have a shared prefix. - * @param array: array. - * @param key: key. - * @param pos: start position in key. - * @param len: length of the key. - * @param add: node to be added. - * @return 0 if failed, 1 if was successful. - * - */ -static int -ldns_radix_array_split(ldns_radix_array_t* array, uint8_t* key, - radix_strlen_t pos, radix_strlen_t len, ldns_radix_node_t* add) -{ - uint8_t* str_to_add = key + pos; - radix_strlen_t strlen_to_add = len - pos; - - if (ldns_radix_str_is_prefix(str_to_add, strlen_to_add, - array->str, array->len)) { - /** The string to add is a prefix of the existing string */ - uint8_t* split_str = NULL, *dup_str = NULL; - radix_strlen_t split_len = 0; - /** - * Example 5: 'ld' - * | [0] - * --| [d+ns] dns - * --| [e+dns] edns - * --| [l+d] ld - * ----| [n+s] ldns - **/ - assert(strlen_to_add < array->len); - /** Store the remainder in the split string */ - if (array->len - strlen_to_add > 1) { - if (!ldns_radix_prefix_remainder(strlen_to_add+1, - array->str, array->len, &split_str, - &split_len)) { - return 0; - } - } - /** Duplicate the string to add */ - if (strlen_to_add != 0) { - dup_str = LDNS_XMALLOC(uint8_t, strlen_to_add); - if (!dup_str) { - LDNS_FREE(split_str); - return 0; - } - memcpy(dup_str, str_to_add, strlen_to_add); - } - /** Make space in array for the new node */ - if (!ldns_radix_array_space(add, - array->str[strlen_to_add])) { - LDNS_FREE(split_str); - LDNS_FREE(dup_str); - return 0; - } - /** - * The added node should go direct under the existing parent. - * The existing node should go under the added node. - */ - add->parent = array->edge->parent; - add->parent_index = array->edge->parent_index; - add->array[0].edge = array->edge; - add->array[0].str = split_str; - add->array[0].len = split_len; - array->edge->parent = add; - array->edge->parent_index = 0; - LDNS_FREE(array->str); - array->edge = add; - array->str = dup_str; - array->len = strlen_to_add; - } else if (ldns_radix_str_is_prefix(array->str, array->len, - str_to_add, strlen_to_add)) { - /** The existing string is a prefix of the string to add */ - /** - * Example 6: 'dns-ng' - * | [0] - * --| [d+ns] dns - * ----| [-+ng] dns-ng - * --| [e+dns] edns - * --| [l+d] ld - * ----| [n+s] ldns - **/ - uint8_t* split_str = NULL; - radix_strlen_t split_len = 0; - assert(array->len < strlen_to_add); - if (strlen_to_add - array->len > 1) { - if (!ldns_radix_prefix_remainder(array->len+1, - str_to_add, strlen_to_add, &split_str, - &split_len)) { - return 0; - } - } - /** Make space in array for the new node */ - if (!ldns_radix_array_space(array->edge, - str_to_add[array->len])) { - LDNS_FREE(split_str); - return 0; - } - /** - * The added node should go direct under the existing node. - */ - add->parent = array->edge; - add->parent_index = str_to_add[array->len] - - array->edge->offset; - array->edge->array[add->parent_index].edge = add; - array->edge->array[add->parent_index].str = split_str; - array->edge->array[add->parent_index].len = split_len; - } else { - /** Create a new split node. */ - /** - * Example 7: 'dndns' - * | [0] - * --| [d+n] - * ----| [d+ns] dndns - * ----| [s] dns - * ------| [-+ng] dns-ng - * --| [e+dns] edns - * --| [l+d] ld - * ----| [n+s] ldns - **/ - ldns_radix_node_t* common = NULL; - uint8_t* common_str = NULL, *s1 = NULL, *s2 = NULL; - radix_strlen_t common_len = 0, l1 = 0, l2 = 0; - common_len = ldns_radix_str_common(array->str, array->len, - str_to_add, strlen_to_add); - assert(common_len < array->len); - assert(common_len < strlen_to_add); - /** Create the new common node. */ - common = ldns_radix_new_node(NULL, (uint8_t*)"", 0); - if (!common) { - return 0; - } - if (array->len - common_len > 1) { - if (!ldns_radix_prefix_remainder(common_len+1, - array->str, array->len, &s1, &l1)) { - return 0; - } - } - if (strlen_to_add - common_len > 1) { - if (!ldns_radix_prefix_remainder(common_len+1, - str_to_add, strlen_to_add, &s2, &l2)) { - return 0; - } - } - /** Create the shared prefix. */ - if (common_len > 0) { - common_str = LDNS_XMALLOC(uint8_t, common_len); - if (!common_str) { - LDNS_FREE(common); - LDNS_FREE(s1); - LDNS_FREE(s2); - return 0; - } - memcpy(common_str, str_to_add, common_len); - } - /** Make space in the common node array. */ - if (!ldns_radix_array_space(common, array->str[common_len]) || - !ldns_radix_array_space(common, str_to_add[common_len])) { - LDNS_FREE(common->array); - LDNS_FREE(common); - LDNS_FREE(common_str); - LDNS_FREE(s1); - LDNS_FREE(s2); - return 0; - } - /** - * The common node should go direct under the parent node. - * The added and existing nodes go under the common node. - */ - common->parent = array->edge->parent; - common->parent_index = array->edge->parent_index; - array->edge->parent = common; - array->edge->parent_index = array->str[common_len] - - common->offset; - add->parent = common; - add->parent_index = str_to_add[common_len] - common->offset; - common->array[array->edge->parent_index].edge = array->edge; - common->array[array->edge->parent_index].str = s1; - common->array[array->edge->parent_index].len = l1; - common->array[add->parent_index].edge = add; - common->array[add->parent_index].str = s2; - common->array[add->parent_index].len = l2; - LDNS_FREE(array->str); - array->edge = common; - array->str = common_str; - array->len = common_len; - } - return 1; -} - - -/** - * Check if one string prefix of other string. - * @param str1: one string. - * @param len1: one string length. - * @param str2: other string. - * @param len2: other string length. - * @return 1 if prefix, 0 otherwise. - * - */ -static int -ldns_radix_str_is_prefix(uint8_t* str1, radix_strlen_t len1, - uint8_t* str2, radix_strlen_t len2) -{ - if (len1 == 0) { - return 1; /* empty prefix is also a prefix */ - } - if (len1 > len2) { - return 0; /* len1 is longer so str1 cannot be a prefix */ - } - return (memcmp(str1, str2, len1) == 0); -} - - -/** - * Return the number of bytes in common for the two strings. - * @param str1: one string. - * @param len1: one string length. - * @param str2: other string. - * @param len2: other string length. - * @return length of substring that the two strings have in common. - * - */ -static radix_strlen_t -ldns_radix_str_common(uint8_t* str1, radix_strlen_t len1, - uint8_t* str2, radix_strlen_t len2) -{ - radix_strlen_t i, max = (len1len; i++) { - if (node->array[i].edge) { - /** Node itself. */ - if (node->array[i].edge->data) { - return node->array[i].edge; - } - /** Dive into subtree. */ - next = ldns_radix_next_in_subtree(node->array[i].edge); - if (next) { - return next; - } - } - } - return NULL; -} - - -/** - * Find the previous element in the array of this node, from index. - * @param node: node. - * @param index: index. - * @return previous node from index. - * - */ -static ldns_radix_node_t* -ldns_radix_prev_from_index(ldns_radix_node_t* node, uint8_t index) -{ - uint8_t i = index; - while (i > 0) { - i--; - if (node->array[i].edge) { - ldns_radix_node_t* prev = - ldns_radix_last_in_subtree_incl_self(node); - if (prev) { - return prev; - } - } - } - return NULL; -} - - -/** - * Find last node in subtree, or this node (if have data). - * @param node: node. - * @return last node in subtree, or this node, or NULL. - * - */ -static ldns_radix_node_t* -ldns_radix_last_in_subtree_incl_self(ldns_radix_node_t* node) -{ - ldns_radix_node_t* last = ldns_radix_last_in_subtree(node); - if (last) { - return last; - } else if (node->data) { - return node; - } - return NULL; -} - - -/** - * Find last node in subtree. - * @param node: node. - * @return last node in subtree. - * - */ -static ldns_radix_node_t* -ldns_radix_last_in_subtree(ldns_radix_node_t* node) -{ - int i; - /** Look for the most right leaf node. */ - for (i=(int)(node->len)-1; i >= 0; i--) { - if (node->array[i].edge) { - /** Keep looking for the most right leaf node. */ - if (node->array[i].edge->len > 0) { - ldns_radix_node_t* last = - ldns_radix_last_in_subtree( - node->array[i].edge); - if (last) { - return last; - } - } - /** Could this be the most right leaf node? */ - if (node->array[i].edge->data) { - return node->array[i].edge; - } - } - } - return NULL; -} - - -/** - * Fix tree after deleting element. - * @param tree: tree. - * @param node: node with deleted element. - * - */ -static void -ldns_radix_del_fix(ldns_radix_t* tree, ldns_radix_node_t* node) -{ - while (node) { - if (node->data) { - /** Thou should not delete nodes with data attached. */ - return; - } else if (node->len == 1 && node->parent) { - /** Node with one child is fold back into. */ - ldns_radix_cleanup_onechild(node); - return; - } else if (node->len == 0) { - /** Leaf node. */ - ldns_radix_node_t* parent = node->parent; - if (!parent) { - /** The root is a leaf node. */ - ldns_radix_node_free(node, NULL); - tree->root = NULL; - return; - } - /** Cleanup leaf node and continue with parent. */ - ldns_radix_cleanup_leaf(node); - node = parent; - } else { - /** - * Node cannot be deleted, because it has edge nodes - * and no parent to fix up to. - */ - return; - } - } - /** Not reached. */ - return; -} - - -/** - * Clean up a node with one child. - * @param node: node with one child. - * - */ -static void -ldns_radix_cleanup_onechild(ldns_radix_node_t* node) -{ - uint8_t* join_str; - radix_strlen_t join_len; - uint8_t parent_index = node->parent_index; - ldns_radix_node_t* child = node->array[0].edge; - ldns_radix_node_t* parent = node->parent; - - /** Node has one child, merge the child node into the parent node. */ - assert(parent_index < parent->len); - join_len = parent->array[parent_index].len + node->array[0].len + 1; - - join_str = LDNS_XMALLOC(uint8_t, join_len); - if (!join_str) { - /** - * Cleanup failed due to out of memory. - * This tree is now inefficient, with the empty node still - * existing, but it is still valid. - */ - return; - } - - memcpy(join_str, parent->array[parent_index].str, - parent->array[parent_index].len); - join_str[parent->array[parent_index].len] = child->parent_index + - node->offset; - memmove(join_str + parent->array[parent_index].len+1, - node->array[0].str, node->array[0].len); - - LDNS_FREE(parent->array[parent_index].str); - parent->array[parent_index].str = join_str; - parent->array[parent_index].len = join_len; - parent->array[parent_index].edge = child; - child->parent = parent; - child->parent_index = parent_index; - ldns_radix_node_free(node, NULL); - return; -} - - -/** - * Clean up a leaf node. - * @param node: leaf node. - * - */ -static void -ldns_radix_cleanup_leaf(ldns_radix_node_t* node) -{ - uint8_t parent_index = node->parent_index; - ldns_radix_node_t* parent = node->parent; - /** Delete lead node and fix parent array. */ - assert(parent_index < parent->len); - ldns_radix_node_free(node, NULL); - LDNS_FREE(parent->array[parent_index].str); - parent->array[parent_index].str = NULL; - parent->array[parent_index].len = 0; - parent->array[parent_index].edge = NULL; - /** Fix array in parent. */ - if (parent->len == 1) { - ldns_radix_node_array_free(parent); - } else if (parent_index == 0) { - ldns_radix_node_array_free_front(parent); - } else { - ldns_radix_node_array_free_end(parent); - } - return; -} - - -/** - * Free a radix node. - * @param node: node. - * @param arg: user argument. - * - */ -static void -ldns_radix_node_free(ldns_radix_node_t* node, void* arg) -{ - uint16_t i; - (void) arg; - if (!node) { - return; - } - for (i=0; i < node->len; i++) { - LDNS_FREE(node->array[i].str); - } - node->key = NULL; - node->klen = 0; - LDNS_FREE(node->array); - LDNS_FREE(node); - return; -} - - -/** - * Free select edge array. - * @param node: node. - * - */ -static void -ldns_radix_node_array_free(ldns_radix_node_t* node) -{ - node->offset = 0; - node->len = 0; - LDNS_FREE(node->array); - node->array = NULL; - node->capacity = 0; - return; -} - - -/** - * Free front of select edge array. - * @param node: node. - * - */ -static void -ldns_radix_node_array_free_front(ldns_radix_node_t* node) -{ - uint16_t i, n = 0; - /** Remove until a non NULL entry. */ - while (n < node->len && node->array[n].edge == NULL) { - n++; - } - if (n == 0) { - return; - } - if (n == node->len) { - ldns_radix_node_array_free(node); - return; - } - assert(n < node->len); - assert((int) n <= (255 - (int) node->offset)); - memmove(&node->array[0], &node->array[n], - (node->len - n)*sizeof(ldns_radix_array_t)); - node->offset += n; - node->len -= n; - for (i=0; i < node->len; i++) { - if (node->array[i].edge) { - node->array[i].edge->parent_index = i; - } - } - ldns_radix_array_reduce(node); - return; -} - - -/** - * Free front of select edge array. - * @param node: node. - * - */ -static void -ldns_radix_node_array_free_end(ldns_radix_node_t* node) -{ - uint16_t n = 0; - /** Shorten array. */ - while (n < node->len && node->array[node->len-1-n].edge == NULL) { - n++; - } - if (n == 0) { - return; - } - if (n == node->len) { - ldns_radix_node_array_free(node); - return; - } - assert(n < node->len); - node->len -= n; - ldns_radix_array_reduce(node); - return; -} - - -/** - * Reduce the capacity of the array if needed. - * @param node: node. - * - */ -static void -ldns_radix_array_reduce(ldns_radix_node_t* node) -{ - if (node->len <= node->capacity/2 && node->len != node->capacity) { - ldns_radix_array_t* a = LDNS_XMALLOC(ldns_radix_array_t, - node->len); - if (!a) { - return; - } - memcpy(a, node->array, sizeof(ldns_radix_array_t)*node->len); - LDNS_FREE(node->array); - node->array = a; - node->capacity = node->len; - } - return; -} - - -/** - * Return this element if it exists, the previous otherwise. - * @param node: from this node. - * @param result: result node. - * - */ -static void -ldns_radix_self_or_prev(ldns_radix_node_t* node, ldns_radix_node_t** result) -{ - if (node->data) { - *result = node; - } else { - *result = ldns_radix_prev(node); - } - return; -} diff --git a/src/ldns/rbtree.c b/src/ldns/rbtree.c deleted file mode 100644 index b89dff7..0000000 --- a/src/ldns/rbtree.c +++ /dev/null @@ -1,670 +0,0 @@ -/* - * rbtree.c -- generic red black tree - * - * Taken from Unbound, modified for ldns - * - * Copyright (c) 2001-2008, NLnet Labs. All rights reserved. - * - * This software is open source. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * Redistributions of source code must retain the above copyright notice, - * this list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of the NLNET LABS nor the names of its contributors may - * be used to endorse or promote products derived from this software without - * specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED - * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR - * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF - * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING - * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS - * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -/** - * \file - * Implementation of a redblack tree. - */ - -#include -#include -#include -#include - -/** Node colour black */ -#define BLACK 0 -/** Node colour red */ -#define RED 1 - -/** the NULL node, global alloc */ -ldns_rbnode_t ldns_rbtree_null_node = { - LDNS_RBTREE_NULL, /* Parent. */ - LDNS_RBTREE_NULL, /* Left. */ - LDNS_RBTREE_NULL, /* Right. */ - NULL, /* Key. */ - NULL, /* Data. */ - BLACK /* Color. */ -}; - -/** rotate subtree left (to preserve redblack property) */ -static void ldns_rbtree_rotate_left(ldns_rbtree_t *rbtree, ldns_rbnode_t *node); -/** rotate subtree right (to preserve redblack property) */ -static void ldns_rbtree_rotate_right(ldns_rbtree_t *rbtree, ldns_rbnode_t *node); -/** Fixup node colours when insert happened */ -static void ldns_rbtree_insert_fixup(ldns_rbtree_t *rbtree, ldns_rbnode_t *node); -/** Fixup node colours when delete happened */ -static void ldns_rbtree_delete_fixup(ldns_rbtree_t* rbtree, ldns_rbnode_t* child, ldns_rbnode_t* child_parent); - -/* - * Creates a new red black tree, intializes and returns a pointer to it. - * - * Return NULL on failure. - * - */ -ldns_rbtree_t * -ldns_rbtree_create (int (*cmpf)(const void *, const void *)) -{ - ldns_rbtree_t *rbtree; - - /* Allocate memory for it */ - rbtree = (ldns_rbtree_t *) LDNS_MALLOC(ldns_rbtree_t); - if (!rbtree) { - return NULL; - } - - /* Initialize it */ - ldns_rbtree_init(rbtree, cmpf); - - return rbtree; -} - -void -ldns_rbtree_init(ldns_rbtree_t *rbtree, int (*cmpf)(const void *, const void *)) -{ - /* Initialize it */ - rbtree->root = LDNS_RBTREE_NULL; - rbtree->count = 0; - rbtree->cmp = cmpf; -} - -void -ldns_rbtree_free(ldns_rbtree_t *rbtree) -{ - LDNS_FREE(rbtree); -} - -/* - * Rotates the node to the left. - * - */ -static void -ldns_rbtree_rotate_left(ldns_rbtree_t *rbtree, ldns_rbnode_t *node) -{ - ldns_rbnode_t *right = node->right; - node->right = right->left; - if (right->left != LDNS_RBTREE_NULL) - right->left->parent = node; - - right->parent = node->parent; - - if (node->parent != LDNS_RBTREE_NULL) { - if (node == node->parent->left) { - node->parent->left = right; - } else { - node->parent->right = right; - } - } else { - rbtree->root = right; - } - right->left = node; - node->parent = right; -} - -/* - * Rotates the node to the right. - * - */ -static void -ldns_rbtree_rotate_right(ldns_rbtree_t *rbtree, ldns_rbnode_t *node) -{ - ldns_rbnode_t *left = node->left; - node->left = left->right; - if (left->right != LDNS_RBTREE_NULL) - left->right->parent = node; - - left->parent = node->parent; - - if (node->parent != LDNS_RBTREE_NULL) { - if (node == node->parent->right) { - node->parent->right = left; - } else { - node->parent->left = left; - } - } else { - rbtree->root = left; - } - left->right = node; - node->parent = left; -} - -static void -ldns_rbtree_insert_fixup(ldns_rbtree_t *rbtree, ldns_rbnode_t *node) -{ - ldns_rbnode_t *uncle; - - /* While not at the root and need fixing... */ - while (node != rbtree->root && node->parent->color == RED) { - /* If our parent is left child of our grandparent... */ - if (node->parent == node->parent->parent->left) { - uncle = node->parent->parent->right; - - /* If our uncle is red... */ - if (uncle->color == RED) { - /* Paint the parent and the uncle black... */ - node->parent->color = BLACK; - uncle->color = BLACK; - - /* And the grandparent red... */ - node->parent->parent->color = RED; - - /* And continue fixing the grandparent */ - node = node->parent->parent; - } else { /* Our uncle is black... */ - /* Are we the right child? */ - if (node == node->parent->right) { - node = node->parent; - ldns_rbtree_rotate_left(rbtree, node); - } - /* Now we're the left child, repaint and rotate... */ - node->parent->color = BLACK; - node->parent->parent->color = RED; - ldns_rbtree_rotate_right(rbtree, node->parent->parent); - } - } else { - uncle = node->parent->parent->left; - - /* If our uncle is red... */ - if (uncle->color == RED) { - /* Paint the parent and the uncle black... */ - node->parent->color = BLACK; - uncle->color = BLACK; - - /* And the grandparent red... */ - node->parent->parent->color = RED; - - /* And continue fixing the grandparent */ - node = node->parent->parent; - } else { /* Our uncle is black... */ - /* Are we the right child? */ - if (node == node->parent->left) { - node = node->parent; - ldns_rbtree_rotate_right(rbtree, node); - } - /* Now we're the right child, repaint and rotate... */ - node->parent->color = BLACK; - node->parent->parent->color = RED; - ldns_rbtree_rotate_left(rbtree, node->parent->parent); - } - } - } - rbtree->root->color = BLACK; -} - -void -ldns_rbtree_insert_vref(ldns_rbnode_t *data, void *rbtree) -{ - (void) ldns_rbtree_insert((ldns_rbtree_t *) rbtree, - data); -} - -/* - * Inserts a node into a red black tree. - * - * Returns NULL on failure or the pointer to the newly added node - * otherwise. - */ -ldns_rbnode_t * -ldns_rbtree_insert (ldns_rbtree_t *rbtree, ldns_rbnode_t *data) -{ - /* XXX Not necessary, but keeps compiler quiet... */ - int r = 0; - - /* We start at the root of the tree */ - ldns_rbnode_t *node = rbtree->root; - ldns_rbnode_t *parent = LDNS_RBTREE_NULL; - - /* Lets find the new parent... */ - while (node != LDNS_RBTREE_NULL) { - /* Compare two keys, do we have a duplicate? */ - if ((r = rbtree->cmp(data->key, node->key)) == 0) { - return NULL; - } - parent = node; - - if (r < 0) { - node = node->left; - } else { - node = node->right; - } - } - - /* Initialize the new node */ - data->parent = parent; - data->left = data->right = LDNS_RBTREE_NULL; - data->color = RED; - rbtree->count++; - - /* Insert it into the tree... */ - if (parent != LDNS_RBTREE_NULL) { - if (r < 0) { - parent->left = data; - } else { - parent->right = data; - } - } else { - rbtree->root = data; - } - - /* Fix up the red-black properties... */ - ldns_rbtree_insert_fixup(rbtree, data); - - return data; -} - -/* - * Searches the red black tree, returns the data if key is found or NULL otherwise. - * - */ -ldns_rbnode_t * -ldns_rbtree_search (ldns_rbtree_t *rbtree, const void *key) -{ - ldns_rbnode_t *node; - - if (ldns_rbtree_find_less_equal(rbtree, key, &node)) { - return node; - } else { - return NULL; - } -} - -/** helpers for delete: swap node colours */ -static void swap_int8(uint8_t* x, uint8_t* y) -{ - uint8_t t = *x; *x = *y; *y = t; -} - -/** helpers for delete: swap node pointers */ -static void swap_np(ldns_rbnode_t** x, ldns_rbnode_t** y) -{ - ldns_rbnode_t* t = *x; *x = *y; *y = t; -} - -/** Update parent pointers of child trees of 'parent' */ -static void change_parent_ptr(ldns_rbtree_t* rbtree, ldns_rbnode_t* parent, ldns_rbnode_t* old, ldns_rbnode_t* new) -{ - if(parent == LDNS_RBTREE_NULL) - { - if(rbtree->root == old) rbtree->root = new; - return; - } - if(parent->left == old) parent->left = new; - if(parent->right == old) parent->right = new; -} -/** Update parent pointer of a node 'child' */ -static void change_child_ptr(ldns_rbnode_t* child, ldns_rbnode_t* old, ldns_rbnode_t* new) -{ - if(child == LDNS_RBTREE_NULL) return; - if(child->parent == old) child->parent = new; -} - -ldns_rbnode_t* -ldns_rbtree_delete(ldns_rbtree_t *rbtree, const void *key) -{ - ldns_rbnode_t *to_delete; - ldns_rbnode_t *child; - if((to_delete = ldns_rbtree_search(rbtree, key)) == 0) return 0; - rbtree->count--; - - /* make sure we have at most one non-leaf child */ - if(to_delete->left != LDNS_RBTREE_NULL && - to_delete->right != LDNS_RBTREE_NULL) - { - /* swap with smallest from right subtree (or largest from left) */ - ldns_rbnode_t *smright = to_delete->right; - while(smright->left != LDNS_RBTREE_NULL) - smright = smright->left; - /* swap the smright and to_delete elements in the tree, - * but the ldns_rbnode_t is first part of user data struct - * so cannot just swap the keys and data pointers. Instead - * readjust the pointers left,right,parent */ - - /* swap colors - colors are tied to the position in the tree */ - swap_int8(&to_delete->color, &smright->color); - - /* swap child pointers in parents of smright/to_delete */ - change_parent_ptr(rbtree, to_delete->parent, to_delete, smright); - if(to_delete->right != smright) - change_parent_ptr(rbtree, smright->parent, smright, to_delete); - - /* swap parent pointers in children of smright/to_delete */ - change_child_ptr(smright->left, smright, to_delete); - change_child_ptr(smright->left, smright, to_delete); - change_child_ptr(smright->right, smright, to_delete); - change_child_ptr(smright->right, smright, to_delete); - change_child_ptr(to_delete->left, to_delete, smright); - if(to_delete->right != smright) - change_child_ptr(to_delete->right, to_delete, smright); - if(to_delete->right == smright) - { - /* set up so after swap they work */ - to_delete->right = to_delete; - smright->parent = smright; - } - - /* swap pointers in to_delete/smright nodes */ - swap_np(&to_delete->parent, &smright->parent); - swap_np(&to_delete->left, &smright->left); - swap_np(&to_delete->right, &smright->right); - - /* now delete to_delete (which is at the location where the smright previously was) */ - } - - if(to_delete->left != LDNS_RBTREE_NULL) child = to_delete->left; - else child = to_delete->right; - - /* unlink to_delete from the tree, replace to_delete with child */ - change_parent_ptr(rbtree, to_delete->parent, to_delete, child); - change_child_ptr(child, to_delete, to_delete->parent); - - if(to_delete->color == RED) - { - /* if node is red then the child (black) can be swapped in */ - } - else if(child->color == RED) - { - /* change child to BLACK, removing a RED node is no problem */ - if(child!=LDNS_RBTREE_NULL) child->color = BLACK; - } - else ldns_rbtree_delete_fixup(rbtree, child, to_delete->parent); - - /* unlink completely */ - to_delete->parent = LDNS_RBTREE_NULL; - to_delete->left = LDNS_RBTREE_NULL; - to_delete->right = LDNS_RBTREE_NULL; - to_delete->color = BLACK; - return to_delete; -} - -static void ldns_rbtree_delete_fixup(ldns_rbtree_t* rbtree, ldns_rbnode_t* child, ldns_rbnode_t* child_parent) -{ - ldns_rbnode_t* sibling; - int go_up = 1; - - /* determine sibling to the node that is one-black short */ - if(child_parent->right == child) sibling = child_parent->left; - else sibling = child_parent->right; - - while(go_up) - { - if(child_parent == LDNS_RBTREE_NULL) - { - /* removed parent==black from root, every path, so ok */ - return; - } - - if(sibling->color == RED) - { /* rotate to get a black sibling */ - child_parent->color = RED; - sibling->color = BLACK; - if(child_parent->right == child) - ldns_rbtree_rotate_right(rbtree, child_parent); - else ldns_rbtree_rotate_left(rbtree, child_parent); - /* new sibling after rotation */ - if(child_parent->right == child) sibling = child_parent->left; - else sibling = child_parent->right; - } - - if(child_parent->color == BLACK - && sibling->color == BLACK - && sibling->left->color == BLACK - && sibling->right->color == BLACK) - { /* fixup local with recolor of sibling */ - if(sibling != LDNS_RBTREE_NULL) - sibling->color = RED; - - child = child_parent; - child_parent = child_parent->parent; - /* prepare to go up, new sibling */ - if(child_parent->right == child) sibling = child_parent->left; - else sibling = child_parent->right; - } - else go_up = 0; - } - - if(child_parent->color == RED - && sibling->color == BLACK - && sibling->left->color == BLACK - && sibling->right->color == BLACK) - { - /* move red to sibling to rebalance */ - if(sibling != LDNS_RBTREE_NULL) - sibling->color = RED; - child_parent->color = BLACK; - return; - } - - /* get a new sibling, by rotating at sibling. See which child - of sibling is red */ - if(child_parent->right == child - && sibling->color == BLACK - && sibling->right->color == RED - && sibling->left->color == BLACK) - { - sibling->color = RED; - sibling->right->color = BLACK; - ldns_rbtree_rotate_left(rbtree, sibling); - /* new sibling after rotation */ - if(child_parent->right == child) sibling = child_parent->left; - else sibling = child_parent->right; - } - else if(child_parent->left == child - && sibling->color == BLACK - && sibling->left->color == RED - && sibling->right->color == BLACK) - { - sibling->color = RED; - sibling->left->color = BLACK; - ldns_rbtree_rotate_right(rbtree, sibling); - /* new sibling after rotation */ - if(child_parent->right == child) sibling = child_parent->left; - else sibling = child_parent->right; - } - - /* now we have a black sibling with a red child. rotate and exchange colors. */ - sibling->color = child_parent->color; - child_parent->color = BLACK; - if(child_parent->right == child) - { - sibling->left->color = BLACK; - ldns_rbtree_rotate_right(rbtree, child_parent); - } - else - { - sibling->right->color = BLACK; - ldns_rbtree_rotate_left(rbtree, child_parent); - } -} - -int -ldns_rbtree_find_less_equal(ldns_rbtree_t *rbtree, const void *key, ldns_rbnode_t **result) -{ - int r; - ldns_rbnode_t *node; - - /* We start at root... */ - node = rbtree->root; - - *result = NULL; - - /* While there are children... */ - while (node != LDNS_RBTREE_NULL) { - r = rbtree->cmp(key, node->key); - if (r == 0) { - /* Exact match */ - *result = node; - return 1; - } - if (r < 0) { - node = node->left; - } else { - /* Temporary match */ - *result = node; - node = node->right; - } - } - return 0; -} - -/* - * Finds the first element in the red black tree - * - */ -ldns_rbnode_t * -ldns_rbtree_first (ldns_rbtree_t *rbtree) -{ - ldns_rbnode_t *node = rbtree->root; - - if (rbtree->root != LDNS_RBTREE_NULL) { - for (node = rbtree->root; node->left != LDNS_RBTREE_NULL; node = node->left); - } - return node; -} - -ldns_rbnode_t * -ldns_rbtree_last (ldns_rbtree_t *rbtree) -{ - ldns_rbnode_t *node = rbtree->root; - - if (rbtree->root != LDNS_RBTREE_NULL) { - for (node = rbtree->root; node->right != LDNS_RBTREE_NULL; node = node->right); - } - return node; -} - -/* - * Returns the next node... - * - */ -ldns_rbnode_t * -ldns_rbtree_next (ldns_rbnode_t *node) -{ - ldns_rbnode_t *parent; - - if (node->right != LDNS_RBTREE_NULL) { - /* One right, then keep on going left... */ - for (node = node->right; - node->left != LDNS_RBTREE_NULL; - node = node->left); - } else { - parent = node->parent; - while (parent != LDNS_RBTREE_NULL && node == parent->right) { - node = parent; - parent = parent->parent; - } - node = parent; - } - return node; -} - -ldns_rbnode_t * -ldns_rbtree_previous(ldns_rbnode_t *node) -{ - ldns_rbnode_t *parent; - - if (node->left != LDNS_RBTREE_NULL) { - /* One left, then keep on going right... */ - for (node = node->left; - node->right != LDNS_RBTREE_NULL; - node = node->right); - } else { - parent = node->parent; - while (parent != LDNS_RBTREE_NULL && node == parent->left) { - node = parent; - parent = parent->parent; - } - node = parent; - } - return node; -} - -/** - * split off elements number of elements from the start - * of the name tree and return a new tree - */ -ldns_rbtree_t * -ldns_rbtree_split(ldns_rbtree_t *tree, - size_t elements) -{ - ldns_rbtree_t *new_tree; - ldns_rbnode_t *cur_node; - ldns_rbnode_t *move_node; - size_t count = 0; - - new_tree = ldns_rbtree_create(tree->cmp); - - cur_node = ldns_rbtree_first(tree); - while (count < elements && cur_node != LDNS_RBTREE_NULL) { - move_node = ldns_rbtree_delete(tree, cur_node->key); - (void)ldns_rbtree_insert(new_tree, move_node); - cur_node = ldns_rbtree_first(tree); - count++; - } - - return new_tree; -} - -/* - * add all node from the second tree to the first (removing them from the - * second), and fix up nsec(3)s if present - */ -void -ldns_rbtree_join(ldns_rbtree_t *tree1, ldns_rbtree_t *tree2) -{ - ldns_traverse_postorder(tree2, ldns_rbtree_insert_vref, tree1); -} - -/** recursive descent traverse */ -static void -traverse_post(void (*func)(ldns_rbnode_t*, void*), void* arg, - ldns_rbnode_t* node) -{ - if(!node || node == LDNS_RBTREE_NULL) - return; - /* recurse */ - traverse_post(func, arg, node->left); - traverse_post(func, arg, node->right); - /* call user func */ - (*func)(node, arg); -} - -void -ldns_traverse_postorder(ldns_rbtree_t* tree, - void (*func)(ldns_rbnode_t*, void*), void* arg) -{ - traverse_post(func, arg, tree->root); -} diff --git a/src/ldns/rdata.c b/src/ldns/rdata.c deleted file mode 100644 index 6eb0096..0000000 --- a/src/ldns/rdata.c +++ /dev/null @@ -1,757 +0,0 @@ -/* - * rdata.c - * - * rdata implementation - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ - -#include - -#include - -/* - * Access functions - * do this as functions to get type checking - */ - -/* read */ -size_t -ldns_rdf_size(const ldns_rdf *rd) -{ - assert(rd != NULL); - return rd->_size; -} - -ldns_rdf_type -ldns_rdf_get_type(const ldns_rdf *rd) -{ - assert(rd != NULL); - return rd->_type; -} - -uint8_t * -ldns_rdf_data(const ldns_rdf *rd) -{ - assert(rd != NULL); - return rd->_data; -} - -/* write */ -void -ldns_rdf_set_size(ldns_rdf *rd, size_t size) -{ - assert(rd != NULL); - rd->_size = size; -} - -void -ldns_rdf_set_type(ldns_rdf *rd, ldns_rdf_type type) -{ - assert(rd != NULL); - rd->_type = type; -} - -void -ldns_rdf_set_data(ldns_rdf *rd, void *data) -{ - /* only copy the pointer */ - assert(rd != NULL); - rd->_data = data; -} - -/* for types that allow it, return - * the native/host order type */ -uint8_t -ldns_rdf2native_int8(const ldns_rdf *rd) -{ - uint8_t data; - - /* only allow 8 bit rdfs */ - if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_BYTE) { - return 0; - } - - memcpy(&data, ldns_rdf_data(rd), sizeof(data)); - return data; -} - -uint16_t -ldns_rdf2native_int16(const ldns_rdf *rd) -{ - uint16_t data; - - /* only allow 16 bit rdfs */ - if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_WORD) { - return 0; - } - - memcpy(&data, ldns_rdf_data(rd), sizeof(data)); - return ntohs(data); -} - -uint32_t -ldns_rdf2native_int32(const ldns_rdf *rd) -{ - uint32_t data; - - /* only allow 32 bit rdfs */ - if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_DOUBLEWORD) { - return 0; - } - - memcpy(&data, ldns_rdf_data(rd), sizeof(data)); - return ntohl(data); -} - -time_t -ldns_rdf2native_time_t(const ldns_rdf *rd) -{ - uint32_t data; - - /* only allow 32 bit rdfs */ - if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_DOUBLEWORD || - ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_TIME) { - return 0; - } - memcpy(&data, ldns_rdf_data(rd), sizeof(data)); - return (time_t)ntohl(data); -} - -ldns_rdf * -ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value) -{ - return ldns_rdf_new_frm_data(type, LDNS_RDF_SIZE_BYTE, &value); -} - -ldns_rdf * -ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value) -{ - uint16_t *rdf_data = LDNS_XMALLOC(uint16_t, 1); - ldns_rdf* rdf; - if (!rdf_data) { - return NULL; - } - ldns_write_uint16(rdf_data, value); - rdf = ldns_rdf_new(type, LDNS_RDF_SIZE_WORD, rdf_data); - if(!rdf) - LDNS_FREE(rdf_data); - return rdf; -} - -ldns_rdf * -ldns_native2rdf_int32(ldns_rdf_type type, uint32_t value) -{ - uint32_t *rdf_data = LDNS_XMALLOC(uint32_t, 1); - ldns_rdf* rdf; - if (!rdf_data) { - return NULL; - } - ldns_write_uint32(rdf_data, value); - rdf = ldns_rdf_new(type, LDNS_RDF_SIZE_DOUBLEWORD, rdf_data); - if(!rdf) - LDNS_FREE(rdf_data); - return rdf; -} - -ldns_rdf * -ldns_native2rdf_int16_data(size_t size, uint8_t *data) -{ - uint8_t *rdf_data = LDNS_XMALLOC(uint8_t, size + 2); - ldns_rdf* rdf; - if (!rdf_data) { - return NULL; - } - ldns_write_uint16(rdf_data, size); - memcpy(rdf_data + 2, data, size); - rdf = ldns_rdf_new(LDNS_RDF_TYPE_INT16_DATA, size + 2, rdf_data); - if(!rdf) - LDNS_FREE(rdf_data); - return rdf; -} - -/* note: data must be allocated memory */ -ldns_rdf * -ldns_rdf_new(ldns_rdf_type type, size_t size, void *data) -{ - ldns_rdf *rd; - rd = LDNS_MALLOC(ldns_rdf); - if (!rd) { - return NULL; - } - ldns_rdf_set_size(rd, size); - ldns_rdf_set_type(rd, type); - ldns_rdf_set_data(rd, data); - return rd; -} - -ldns_rdf * -ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data) -{ - ldns_rdf *rdf; - - /* if the size is too big, fail */ - if (size > LDNS_MAX_RDFLEN) { - return NULL; - } - - /* allocate space */ - rdf = LDNS_MALLOC(ldns_rdf); - if (!rdf) { - return NULL; - } - rdf->_data = LDNS_XMALLOC(uint8_t, size); - if (!rdf->_data) { - LDNS_FREE(rdf); - return NULL; - } - - /* set the values */ - ldns_rdf_set_type(rdf, type); - ldns_rdf_set_size(rdf, size); - memcpy(rdf->_data, data, size); - - return rdf; -} - -ldns_rdf * -ldns_rdf_clone(const ldns_rdf *rd) -{ - assert(rd != NULL); - return (ldns_rdf_new_frm_data( ldns_rdf_get_type(rd), - ldns_rdf_size(rd), ldns_rdf_data(rd))); -} - -void -ldns_rdf_deep_free(ldns_rdf *rd) -{ - if (rd) { - if (rd->_data) { - LDNS_FREE(rd->_data); - } - LDNS_FREE(rd); - } -} - -void -ldns_rdf_free(ldns_rdf *rd) -{ - if (rd) { - LDNS_FREE(rd); - } -} - -ldns_rdf * -ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str) -{ - ldns_rdf *rdf = NULL; - ldns_status status; - - switch (type) { - case LDNS_RDF_TYPE_DNAME: - status = ldns_str2rdf_dname(&rdf, str); - break; - case LDNS_RDF_TYPE_INT8: - status = ldns_str2rdf_int8(&rdf, str); - break; - case LDNS_RDF_TYPE_INT16: - status = ldns_str2rdf_int16(&rdf, str); - break; - case LDNS_RDF_TYPE_INT32: - status = ldns_str2rdf_int32(&rdf, str); - break; - case LDNS_RDF_TYPE_A: - status = ldns_str2rdf_a(&rdf, str); - break; - case LDNS_RDF_TYPE_AAAA: - status = ldns_str2rdf_aaaa(&rdf, str); - break; - case LDNS_RDF_TYPE_STR: - status = ldns_str2rdf_str(&rdf, str); - break; - case LDNS_RDF_TYPE_APL: - status = ldns_str2rdf_apl(&rdf, str); - break; - case LDNS_RDF_TYPE_B64: - status = ldns_str2rdf_b64(&rdf, str); - break; - case LDNS_RDF_TYPE_B32_EXT: - status = ldns_str2rdf_b32_ext(&rdf, str); - break; - case LDNS_RDF_TYPE_HEX: - status = ldns_str2rdf_hex(&rdf, str); - break; - case LDNS_RDF_TYPE_NSEC: - status = ldns_str2rdf_nsec(&rdf, str); - break; - case LDNS_RDF_TYPE_TYPE: - status = ldns_str2rdf_type(&rdf, str); - break; - case LDNS_RDF_TYPE_CLASS: - status = ldns_str2rdf_class(&rdf, str); - break; - case LDNS_RDF_TYPE_CERT_ALG: - status = ldns_str2rdf_cert_alg(&rdf, str); - break; - case LDNS_RDF_TYPE_ALG: - status = ldns_str2rdf_alg(&rdf, str); - break; - case LDNS_RDF_TYPE_UNKNOWN: - status = ldns_str2rdf_unknown(&rdf, str); - break; - case LDNS_RDF_TYPE_TIME: - status = ldns_str2rdf_time(&rdf, str); - break; - case LDNS_RDF_TYPE_PERIOD: - status = ldns_str2rdf_period(&rdf, str); - break; - case LDNS_RDF_TYPE_HIP: - status = ldns_str2rdf_hip(&rdf, str); - break; - case LDNS_RDF_TYPE_SERVICE: - status = ldns_str2rdf_service(&rdf, str); - break; - case LDNS_RDF_TYPE_LOC: - status = ldns_str2rdf_loc(&rdf, str); - break; - case LDNS_RDF_TYPE_WKS: - status = ldns_str2rdf_wks(&rdf, str); - break; - case LDNS_RDF_TYPE_NSAP: - status = ldns_str2rdf_nsap(&rdf, str); - break; - case LDNS_RDF_TYPE_ATMA: - status = ldns_str2rdf_atma(&rdf, str); - break; - case LDNS_RDF_TYPE_IPSECKEY: - status = ldns_str2rdf_ipseckey(&rdf, str); - break; - case LDNS_RDF_TYPE_NSEC3_SALT: - status = ldns_str2rdf_nsec3_salt(&rdf, str); - break; - case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER: - status = ldns_str2rdf_b32_ext(&rdf, str); - break; - case LDNS_RDF_TYPE_ILNP64: - status = ldns_str2rdf_ilnp64(&rdf, str); - break; - case LDNS_RDF_TYPE_EUI48: - status = ldns_str2rdf_eui48(&rdf, str); - break; - case LDNS_RDF_TYPE_EUI64: - status = ldns_str2rdf_eui64(&rdf, str); - break; - case LDNS_RDF_TYPE_TAG: - status = ldns_str2rdf_tag(&rdf, str); - break; - case LDNS_RDF_TYPE_LONG_STR: - status = ldns_str2rdf_long_str(&rdf, str); - break; - case LDNS_RDF_TYPE_CERTIFICATE_USAGE: - status = ldns_str2rdf_certificate_usage(&rdf, str); - break; - case LDNS_RDF_TYPE_SELECTOR: - status = ldns_str2rdf_selector(&rdf, str); - break; - case LDNS_RDF_TYPE_MATCHING_TYPE: - status = ldns_str2rdf_matching_type(&rdf, str); - break; - case LDNS_RDF_TYPE_NONE: - default: - /* default default ??? */ - status = LDNS_STATUS_ERR; - break; - } - if (LDNS_STATUS_OK == status) { - ldns_rdf_set_type(rdf, type); - return rdf; - } - if (rdf) { - LDNS_FREE(rdf); - } - return NULL; -} - -ldns_status -ldns_rdf_new_frm_fp(ldns_rdf **rdf, ldns_rdf_type type, FILE *fp) -{ - return ldns_rdf_new_frm_fp_l(rdf, type, fp, NULL); -} - -ldns_status -ldns_rdf_new_frm_fp_l(ldns_rdf **rdf, ldns_rdf_type type, FILE *fp, int *line_nr) -{ - char *line; - ldns_rdf *r; - ssize_t t; - - line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); - if (!line) { - return LDNS_STATUS_MEM_ERR; - } - - /* read an entire line in from the file */ - if ((t = ldns_fget_token_l(fp, line, LDNS_PARSE_SKIP_SPACE, 0, line_nr)) == -1 || t == 0) { - LDNS_FREE(line); - return LDNS_STATUS_SYNTAX_RDATA_ERR; - } - r = ldns_rdf_new_frm_str(type, (const char*) line); - LDNS_FREE(line); - if (rdf) { - *rdf = r; - return LDNS_STATUS_OK; - } else { - return LDNS_STATUS_NULL; - } -} - -ldns_rdf * -ldns_rdf_address_reverse(ldns_rdf *rd) -{ - uint8_t buf_4[LDNS_IP4ADDRLEN]; - uint8_t buf_6[LDNS_IP6ADDRLEN * 2]; - ldns_rdf *rev; - ldns_rdf *in_addr; - ldns_rdf *ret_dname; - uint8_t octet; - uint8_t nnibble; - uint8_t nibble; - uint8_t i, j; - - char *char_dname; - int nbit; - - if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_A && - ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_AAAA) { - return NULL; - } - - in_addr = NULL; - ret_dname = NULL; - - switch(ldns_rdf_get_type(rd)) { - case LDNS_RDF_TYPE_A: - /* the length of the buffer is 4 */ - buf_4[3] = ldns_rdf_data(rd)[0]; - buf_4[2] = ldns_rdf_data(rd)[1]; - buf_4[1] = ldns_rdf_data(rd)[2]; - buf_4[0] = ldns_rdf_data(rd)[3]; - in_addr = ldns_dname_new_frm_str("in-addr.arpa."); - if (!in_addr) { - return NULL; - } - /* make a new rdf and convert that back */ - rev = ldns_rdf_new_frm_data( LDNS_RDF_TYPE_A, - LDNS_IP4ADDRLEN, (void*)&buf_4); - if (!rev) { - LDNS_FREE(in_addr); - return NULL; - } - - /* convert rev to a string */ - char_dname = ldns_rdf2str(rev); - if (!char_dname) { - LDNS_FREE(in_addr); - ldns_rdf_deep_free(rev); - return NULL; - } - /* transform back to rdf with type dname */ - ret_dname = ldns_dname_new_frm_str(char_dname); - if (!ret_dname) { - LDNS_FREE(in_addr); - ldns_rdf_deep_free(rev); - LDNS_FREE(char_dname); - return NULL; - } - /* not needed anymore */ - ldns_rdf_deep_free(rev); - LDNS_FREE(char_dname); - break; - case LDNS_RDF_TYPE_AAAA: - /* some foo magic to reverse the nibbles ... */ - - for (nbit = 127; nbit >= 0; nbit = nbit - 4) { - /* calculate octett (8 bit) */ - octet = ( ((unsigned int) nbit) & 0x78) >> 3; - /* calculate nibble */ - nnibble = ( ((unsigned int) nbit) & 0x04) >> 2; - /* extract nibble */ - nibble = (ldns_rdf_data(rd)[octet] & ( 0xf << (4 * (1 - - nnibble)) ) ) >> ( 4 * (1 - - nnibble)); - - buf_6[(LDNS_IP6ADDRLEN * 2 - 1) - - (octet * 2 + nnibble)] = - (uint8_t)ldns_int_to_hexdigit((int)nibble); - } - - char_dname = LDNS_XMALLOC(char, (LDNS_IP6ADDRLEN * 4)); - if (!char_dname) { - return NULL; - } - char_dname[LDNS_IP6ADDRLEN * 4 - 1] = '\0'; /* closure */ - - /* walk the string and add . 's */ - for (i = 0, j = 0; i < LDNS_IP6ADDRLEN * 2; i++, j = j + 2) { - char_dname[j] = (char)buf_6[i]; - if (i != LDNS_IP6ADDRLEN * 2 - 1) { - char_dname[j + 1] = '.'; - } - } - in_addr = ldns_dname_new_frm_str("ip6.arpa."); - if (!in_addr) { - LDNS_FREE(char_dname); - return NULL; - } - - /* convert rev to a string */ - ret_dname = ldns_dname_new_frm_str(char_dname); - LDNS_FREE(char_dname); - if (!ret_dname) { - ldns_rdf_deep_free(in_addr); - return NULL; - } - break; - default: - break; - } - /* add the suffix */ - rev = ldns_dname_cat_clone(ret_dname, in_addr); - - ldns_rdf_deep_free(ret_dname); - ldns_rdf_deep_free(in_addr); - return rev; -} - -ldns_status -ldns_rdf_hip_get_alg_hit_pk(ldns_rdf *rdf, uint8_t* alg, - uint8_t *hit_size, uint8_t** hit, - uint16_t *pk_size, uint8_t** pk) -{ - uint8_t *data; - size_t rdf_size; - - if (! rdf || ! alg || ! hit || ! hit_size || ! pk || ! pk_size) { - return LDNS_STATUS_INVALID_POINTER; - } else if (ldns_rdf_get_type(rdf) != LDNS_RDF_TYPE_HIP) { - return LDNS_STATUS_INVALID_RDF_TYPE; - } else if ((rdf_size = ldns_rdf_size(rdf)) < 6) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - data = ldns_rdf_data(rdf); - *hit_size = data[0]; - *alg = data[1]; - *pk_size = ldns_read_uint16(data + 2); - *hit = data + 4; - *pk = data + 4 + *hit_size; - if (*hit_size == 0 || *pk_size == 0 || - rdf_size < (size_t) *hit_size + *pk_size + 4) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - return LDNS_STATUS_OK; -} - -ldns_status -ldns_rdf_hip_new_frm_alg_hit_pk(ldns_rdf** rdf, uint8_t alg, - uint8_t hit_size, uint8_t *hit, - uint16_t pk_size, uint8_t *pk) -{ - uint8_t *data; - - if (! rdf) { - return LDNS_STATUS_INVALID_POINTER; - } - if (4 + hit_size + pk_size > LDNS_MAX_RDFLEN) { - return LDNS_STATUS_RDATA_OVERFLOW; - } - data = LDNS_XMALLOC(uint8_t, 4 + hit_size + pk_size); - if (data == NULL) { - return LDNS_STATUS_MEM_ERR; - } - data[0] = hit_size; - data[1] = alg; - ldns_write_uint16(data + 2, pk_size); - memcpy(data + 4, hit, hit_size); - memcpy(data + 4 + hit_size, pk, pk_size); - *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HIP, 4 + hit_size + pk_size, data); - if (! *rdf) { - LDNS_FREE(data); - return LDNS_STATUS_MEM_ERR; - } - return LDNS_STATUS_OK; -} - -ldns_status -ldns_octet(char *word, size_t *length) -{ - char *s; - char *p; - *length = 0; - - for (s = p = word; *s != '\0'; s++,p++) { - switch (*s) { - case '.': - if (s[1] == '.') { - return LDNS_STATUS_EMPTY_LABEL; - } - *p = *s; - (*length)++; - break; - case '\\': - if ('0' <= s[1] && s[1] <= '9' && - '0' <= s[2] && s[2] <= '9' && - '0' <= s[3] && s[3] <= '9') { - /* \DDD seen */ - int val = ((s[1] - '0') * 100 + - (s[2] - '0') * 10 + (s[3] - '0')); - - if (0 <= val && val <= 255) { - /* this also handles \0 */ - s += 3; - *p = val; - (*length)++; - } else { - return LDNS_STATUS_DDD_OVERFLOW; - } - } else { - /* an espaced character, like \ ? - * remove the '\' keep the rest */ - *p = *++s; - (*length)++; - } - break; - case '\"': - /* non quoted " Is either first or the last character in - * the string */ - - *p = *++s; /* skip it */ - (*length)++; - /* I'm not sure if this is needed in libdns... MG */ - if ( *s == '\0' ) { - /* ok, it was the last one */ - *p = '\0'; - return LDNS_STATUS_OK; - } - break; - default: - *p = *s; - (*length)++; - break; - } - } - *p = '\0'; - return LDNS_STATUS_OK; -} - -int -ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2) -{ - uint16_t i1, i2, i; - uint8_t *d1, *d2; - - /* only when both are not NULL we can say anything about them */ - if (!rd1 && !rd2) { - return 0; - } - if (!rd1 || !rd2) { - return -1; - } - i1 = ldns_rdf_size(rd1); - i2 = ldns_rdf_size(rd2); - - if (i1 < i2) { - return -1; - } else if (i1 > i2) { - return +1; - } else { - d1 = (uint8_t*)ldns_rdf_data(rd1); - d2 = (uint8_t*)ldns_rdf_data(rd2); - for(i = 0; i < i1; i++) { - if (d1[i] < d2[i]) { - return -1; - } else if (d1[i] > d2[i]) { - return +1; - } - } - } - return 0; -} - -uint32_t -ldns_str2period(const char *nptr, const char **endptr) -{ - int sign = 0; - uint32_t i = 0; - uint32_t seconds = 0; - - for(*endptr = nptr; **endptr; (*endptr)++) { - switch (**endptr) { - case ' ': - case '\t': - break; - case '-': - if(sign == 0) { - sign = -1; - } else { - return seconds; - } - break; - case '+': - if(sign == 0) { - sign = 1; - } else { - return seconds; - } - break; - case 's': - case 'S': - seconds += i; - i = 0; - break; - case 'm': - case 'M': - seconds += i * 60; - i = 0; - break; - case 'h': - case 'H': - seconds += i * 60 * 60; - i = 0; - break; - case 'd': - case 'D': - seconds += i * 60 * 60 * 24; - i = 0; - break; - case 'w': - case 'W': - seconds += i * 60 * 60 * 24 * 7; - i = 0; - break; - case '0': - case '1': - case '2': - case '3': - case '4': - case '5': - case '6': - case '7': - case '8': - case '9': - i *= 10; - i += (**endptr - '0'); - break; - default: - seconds += i; - /* disregard signedness */ - return seconds; - } - } - seconds += i; - /* disregard signedness */ - return seconds; -} diff --git a/src/ldns/resolver.c b/src/ldns/resolver.c deleted file mode 100644 index b092404..0000000 --- a/src/ldns/resolver.c +++ /dev/null @@ -1,1603 +0,0 @@ -/* - * resolver.c - * - * resolver implementation - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ - -#include - -#include -#include - -/* Access function for reading - * and setting the different Resolver - * options */ - -/* read */ -uint16_t -ldns_resolver_port(const ldns_resolver *r) -{ - return r->_port; -} - -ldns_rdf * -ldns_resolver_source(const ldns_resolver *r) -{ - return r->_source; -} - -uint16_t -ldns_resolver_edns_udp_size(const ldns_resolver *r) -{ - return r->_edns_udp_size; -} - -uint8_t -ldns_resolver_retry(const ldns_resolver *r) -{ - return r->_retry; -} - -uint8_t -ldns_resolver_retrans(const ldns_resolver *r) -{ - return r->_retrans; -} - -bool -ldns_resolver_fallback(const ldns_resolver *r) -{ - return r->_fallback; -} - -uint8_t -ldns_resolver_ip6(const ldns_resolver *r) -{ - return r->_ip6; -} - -bool -ldns_resolver_recursive(const ldns_resolver *r) -{ - return r->_recursive; -} - -bool -ldns_resolver_debug(const ldns_resolver *r) -{ - return r->_debug; -} - -bool -ldns_resolver_dnsrch(const ldns_resolver *r) -{ - return r->_dnsrch; -} - -bool -ldns_resolver_fail(const ldns_resolver *r) -{ - return r->_fail; -} - -bool -ldns_resolver_defnames(const ldns_resolver *r) -{ - return r->_defnames; -} - -ldns_rdf * -ldns_resolver_domain(const ldns_resolver *r) -{ - return r->_domain; -} - -ldns_rdf ** -ldns_resolver_searchlist(const ldns_resolver *r) -{ - return r->_searchlist; -} - -ldns_rdf ** -ldns_resolver_nameservers(const ldns_resolver *r) -{ - return r->_nameservers; -} - -size_t -ldns_resolver_nameserver_count(const ldns_resolver *r) -{ - return r->_nameserver_count; -} - -bool -ldns_resolver_dnssec(const ldns_resolver *r) -{ - return r->_dnssec; -} - -bool -ldns_resolver_dnssec_cd(const ldns_resolver *r) -{ - return r->_dnssec_cd; -} - -ldns_rr_list * -ldns_resolver_dnssec_anchors(const ldns_resolver *r) -{ - return r->_dnssec_anchors; -} - -bool -ldns_resolver_trusted_key(const ldns_resolver *r, ldns_rr_list * keys, ldns_rr_list * trusted_keys) -{ - size_t i; - bool result = false; - - ldns_rr_list * trust_anchors; - ldns_rr * cur_rr; - - if (!r || !keys) { return false; } - - trust_anchors = ldns_resolver_dnssec_anchors(r); - - if (!trust_anchors) { return false; } - - for (i = 0; i < ldns_rr_list_rr_count(keys); i++) { - - cur_rr = ldns_rr_list_rr(keys, i); - if (ldns_rr_list_contains_rr(trust_anchors, cur_rr)) { - if (trusted_keys) { ldns_rr_list_push_rr(trusted_keys, cur_rr); } - result = true; - } - } - - return result; -} - -bool -ldns_resolver_igntc(const ldns_resolver *r) -{ - return r->_igntc; -} - -bool -ldns_resolver_usevc(const ldns_resolver *r) -{ - return r->_usevc; -} - -size_t * -ldns_resolver_rtt(const ldns_resolver *r) -{ - return r->_rtt; -} - -size_t -ldns_resolver_nameserver_rtt(const ldns_resolver *r, size_t pos) -{ - size_t *rtt; - - assert(r != NULL); - - rtt = ldns_resolver_rtt(r); - - if (pos >= ldns_resolver_nameserver_count(r)) { - /* error ?*/ - return 0; - } else { - return rtt[pos]; - } - -} - -struct timeval -ldns_resolver_timeout(const ldns_resolver *r) -{ - return r->_timeout; -} - -char * -ldns_resolver_tsig_keyname(const ldns_resolver *r) -{ - return r->_tsig_keyname; -} - -char * -ldns_resolver_tsig_algorithm(const ldns_resolver *r) -{ - return r->_tsig_algorithm; -} - -char * -ldns_resolver_tsig_keydata(const ldns_resolver *r) -{ - return r->_tsig_keydata; -} - -bool -ldns_resolver_random(const ldns_resolver *r) -{ - return r->_random; -} - -size_t -ldns_resolver_searchlist_count(const ldns_resolver *r) -{ - return r->_searchlist_count; -} - -/* write */ -void -ldns_resolver_set_port(ldns_resolver *r, uint16_t p) -{ - r->_port = p; -} - -void -ldns_resolver_set_source(ldns_resolver *r, ldns_rdf *s) -{ - r->_source = s; -} - -ldns_rdf * -ldns_resolver_pop_nameserver(ldns_resolver *r) -{ - ldns_rdf **nameservers; - ldns_rdf *pop; - size_t ns_count; - size_t *rtt; - - assert(r != NULL); - - ns_count = ldns_resolver_nameserver_count(r); - nameservers = ldns_resolver_nameservers(r); - rtt = ldns_resolver_rtt(r); - if (ns_count == 0 || !nameservers) { - return NULL; - } - - pop = nameservers[ns_count - 1]; - - if (ns_count == 1) { - LDNS_FREE(nameservers); - LDNS_FREE(rtt); - - ldns_resolver_set_nameservers(r, NULL); - ldns_resolver_set_rtt(r, NULL); - } else { - nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *, - (ns_count - 1)); - rtt = LDNS_XREALLOC(rtt, size_t, (ns_count - 1)); - - ldns_resolver_set_nameservers(r, nameservers); - ldns_resolver_set_rtt(r, rtt); - } - /* decr the count */ - ldns_resolver_dec_nameserver_count(r); - return pop; -} - -ldns_status -ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n) -{ - ldns_rdf **nameservers; - size_t ns_count; - size_t *rtt; - - if (ldns_rdf_get_type(n) != LDNS_RDF_TYPE_A && - ldns_rdf_get_type(n) != LDNS_RDF_TYPE_AAAA) { - return LDNS_STATUS_ERR; - } - - ns_count = ldns_resolver_nameserver_count(r); - nameservers = ldns_resolver_nameservers(r); - rtt = ldns_resolver_rtt(r); - - /* make room for the next one */ - if (ns_count == 0) { - nameservers = LDNS_XMALLOC(ldns_rdf *, 1); - } else { - nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *, (ns_count + 1)); - } - if(!nameservers) - return LDNS_STATUS_MEM_ERR; - - /* set the new value in the resolver */ - ldns_resolver_set_nameservers(r, nameservers); - - /* don't forget the rtt */ - if (ns_count == 0) { - rtt = LDNS_XMALLOC(size_t, 1); - } else { - rtt = LDNS_XREALLOC(rtt, size_t, (ns_count + 1)); - } - if(!rtt) - return LDNS_STATUS_MEM_ERR; - - /* slide n in its slot. */ - /* we clone it here, because then we can free the original - * rr's where it stood */ - nameservers[ns_count] = ldns_rdf_clone(n); - rtt[ns_count] = LDNS_RESOLV_RTT_MIN; - ldns_resolver_incr_nameserver_count(r); - ldns_resolver_set_rtt(r, rtt); - return LDNS_STATUS_OK; -} - -ldns_status -ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr) -{ - ldns_rdf *address; - if ((!rr) || (ldns_rr_get_type(rr) != LDNS_RR_TYPE_A && - ldns_rr_get_type(rr) != LDNS_RR_TYPE_AAAA)) { - return LDNS_STATUS_ERR; - } - address = ldns_rr_rdf(rr, 0); /* extract the ip number */ - if (address) { - return ldns_resolver_push_nameserver(r, address); - } else { - return LDNS_STATUS_ERR; - } -} - -ldns_status -ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list *rrlist) -{ - ldns_rr *rr; - ldns_status stat; - size_t i; - - stat = LDNS_STATUS_OK; - if (rrlist) { - for(i = 0; i < ldns_rr_list_rr_count(rrlist); i++) { - rr = ldns_rr_list_rr(rrlist, i); - if (ldns_resolver_push_nameserver_rr(r, rr) != LDNS_STATUS_OK) { - stat = LDNS_STATUS_ERR; - break; - } - } - return stat; - } else { - return LDNS_STATUS_ERR; - } -} - -void -ldns_resolver_set_edns_udp_size(ldns_resolver *r, uint16_t s) -{ - r->_edns_udp_size = s; -} - -void -ldns_resolver_set_recursive(ldns_resolver *r, bool re) -{ - r->_recursive = re; -} - -void -ldns_resolver_set_dnssec(ldns_resolver *r, bool d) -{ - r->_dnssec = d; -} - -void -ldns_resolver_set_dnssec_cd(ldns_resolver *r, bool d) -{ - r->_dnssec_cd = d; -} - -void -ldns_resolver_set_dnssec_anchors(ldns_resolver *r, ldns_rr_list * l) -{ - r->_dnssec_anchors = l; -} - -ldns_status -ldns_resolver_push_dnssec_anchor(ldns_resolver *r, ldns_rr *rr) -{ - ldns_rr_list * trust_anchors; - - if ((!rr) || (ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY && - ldns_rr_get_type(rr) != LDNS_RR_TYPE_DS)) { - - return LDNS_STATUS_ERR; - } - - if (!(trust_anchors = ldns_resolver_dnssec_anchors(r))) { /* Initialize */ - trust_anchors = ldns_rr_list_new(); - ldns_resolver_set_dnssec_anchors(r, trust_anchors); - } - - return (ldns_rr_list_push_rr(trust_anchors, ldns_rr_clone(rr))) ? LDNS_STATUS_OK : LDNS_STATUS_ERR; -} - -void -ldns_resolver_set_igntc(ldns_resolver *r, bool i) -{ - r->_igntc = i; -} - -void -ldns_resolver_set_usevc(ldns_resolver *r, bool vc) -{ - r->_usevc = vc; -} - -void -ldns_resolver_set_debug(ldns_resolver *r, bool d) -{ - r->_debug = d; -} - -void -ldns_resolver_set_ip6(ldns_resolver *r, uint8_t ip6) -{ - r->_ip6 = ip6; -} - -void -ldns_resolver_set_fail(ldns_resolver *r, bool f) -{ - r->_fail =f; -} - -static void -ldns_resolver_set_searchlist_count(ldns_resolver *r, size_t c) -{ - r->_searchlist_count = c; -} - -void -ldns_resolver_set_nameserver_count(ldns_resolver *r, size_t c) -{ - r->_nameserver_count = c; -} - -void -ldns_resolver_set_dnsrch(ldns_resolver *r, bool d) -{ - r->_dnsrch = d; -} - -void -ldns_resolver_set_retry(ldns_resolver *r, uint8_t retry) -{ - r->_retry = retry; -} - -void -ldns_resolver_set_retrans(ldns_resolver *r, uint8_t retrans) -{ - r->_retrans = retrans; -} - -void -ldns_resolver_set_fallback(ldns_resolver *r, bool fallback) -{ - r->_fallback = fallback; -} - -void -ldns_resolver_set_nameservers(ldns_resolver *r, ldns_rdf **n) -{ - r->_nameservers = n; -} - -void -ldns_resolver_set_defnames(ldns_resolver *r, bool d) -{ - r->_defnames = d; -} - -void -ldns_resolver_set_rtt(ldns_resolver *r, size_t *rtt) -{ - r->_rtt = rtt; -} - -void -ldns_resolver_set_nameserver_rtt(ldns_resolver *r, size_t pos, size_t value) -{ - size_t *rtt; - - assert(r != NULL); - - rtt = ldns_resolver_rtt(r); - - if (pos >= ldns_resolver_nameserver_count(r)) { - /* error ?*/ - } else { - rtt[pos] = value; - } - -} - -void -ldns_resolver_incr_nameserver_count(ldns_resolver *r) -{ - size_t c; - - c = ldns_resolver_nameserver_count(r); - ldns_resolver_set_nameserver_count(r, ++c); -} - -void -ldns_resolver_dec_nameserver_count(ldns_resolver *r) -{ - size_t c; - - c = ldns_resolver_nameserver_count(r); - if (c == 0) { - return; - } else { - ldns_resolver_set_nameserver_count(r, --c); - } -} - -void -ldns_resolver_set_domain(ldns_resolver *r, ldns_rdf *d) -{ - r->_domain = d; -} - -void -ldns_resolver_set_timeout(ldns_resolver *r, struct timeval timeout) -{ - r->_timeout.tv_sec = timeout.tv_sec; - r->_timeout.tv_usec = timeout.tv_usec; -} - -void -ldns_resolver_push_searchlist(ldns_resolver *r, ldns_rdf *d) -{ - ldns_rdf **searchlist; - size_t list_count; - - if (ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME) { - return; - } - - list_count = ldns_resolver_searchlist_count(r); - searchlist = ldns_resolver_searchlist(r); - - searchlist = LDNS_XREALLOC(searchlist, ldns_rdf *, (list_count + 1)); - if (searchlist) { - r->_searchlist = searchlist; - - searchlist[list_count] = ldns_rdf_clone(d); - ldns_resolver_set_searchlist_count(r, list_count + 1); - } /* no way to report mem err */ -} - -void -ldns_resolver_set_tsig_keyname(ldns_resolver *r, char *tsig_keyname) -{ - LDNS_FREE(r->_tsig_keyname); - r->_tsig_keyname = strdup(tsig_keyname); -} - -void -ldns_resolver_set_tsig_algorithm(ldns_resolver *r, char *tsig_algorithm) -{ - LDNS_FREE(r->_tsig_algorithm); - r->_tsig_algorithm = strdup(tsig_algorithm); -} - -void -ldns_resolver_set_tsig_keydata(ldns_resolver *r, char *tsig_keydata) -{ - LDNS_FREE(r->_tsig_keydata); - r->_tsig_keydata = strdup(tsig_keydata); -} - -void -ldns_resolver_set_random(ldns_resolver *r, bool b) -{ - r->_random = b; -} - -/* more sophisticated functions */ -ldns_resolver * -ldns_resolver_new(void) -{ - ldns_resolver *r; - - r = LDNS_MALLOC(ldns_resolver); - if (!r) { - return NULL; - } - - r->_searchlist = NULL; - r->_nameservers = NULL; - r->_rtt = NULL; - - /* defaults are filled out */ - ldns_resolver_set_searchlist_count(r, 0); - ldns_resolver_set_nameserver_count(r, 0); - ldns_resolver_set_usevc(r, 0); - ldns_resolver_set_port(r, LDNS_PORT); - ldns_resolver_set_domain(r, NULL); - ldns_resolver_set_defnames(r, false); - ldns_resolver_set_retry(r, 3); - ldns_resolver_set_retrans(r, 2); - ldns_resolver_set_fallback(r, true); - ldns_resolver_set_fail(r, false); - ldns_resolver_set_edns_udp_size(r, 0); - ldns_resolver_set_dnssec(r, false); - ldns_resolver_set_dnssec_cd(r, false); - ldns_resolver_set_dnssec_anchors(r, NULL); - ldns_resolver_set_ip6(r, LDNS_RESOLV_INETANY); - ldns_resolver_set_igntc(r, false); - ldns_resolver_set_recursive(r, false); - ldns_resolver_set_dnsrch(r, true); - ldns_resolver_set_source(r, NULL); - ldns_resolver_set_ixfr_serial(r, 0); - - /* randomize the nameserver to be queried - * when there are multiple - */ - ldns_resolver_set_random(r, true); - - ldns_resolver_set_debug(r, 0); - - r->_timeout.tv_sec = LDNS_DEFAULT_TIMEOUT_SEC; - r->_timeout.tv_usec = LDNS_DEFAULT_TIMEOUT_USEC; - - /* TODO: fd=0 is actually a valid socket (stdin), - replace with -1 */ - r->_socket = 0; - r->_axfr_soa_count = 0; - r->_axfr_i = 0; - r->_cur_axfr_pkt = NULL; - - r->_tsig_keyname = NULL; - r->_tsig_keydata = NULL; - r->_tsig_algorithm = NULL; - return r; -} - -ldns_resolver * -ldns_resolver_clone(ldns_resolver *src) -{ - ldns_resolver *dst; - size_t i; - - assert(src != NULL); - - if (!(dst = LDNS_MALLOC(ldns_resolver))) return NULL; - (void) memcpy(dst, src, sizeof(ldns_resolver)); - - if (dst->_searchlist_count == 0) - dst->_searchlist = NULL; - else { - if (!(dst->_searchlist = - LDNS_XMALLOC(ldns_rdf *, dst->_searchlist_count))) - goto error; - for (i = 0; i < dst->_searchlist_count; i++) - if (!(dst->_searchlist[i] = - ldns_rdf_clone(src->_searchlist[i]))) { - dst->_searchlist_count = i; - goto error_searchlist; - } - } - if (dst->_nameserver_count == 0) { - dst->_nameservers = NULL; - dst->_rtt = NULL; - } else { - if (!(dst->_nameservers = - LDNS_XMALLOC(ldns_rdf *, dst->_nameserver_count))) - goto error_searchlist; - for (i = 0; i < dst->_nameserver_count; i++) - if (!(dst->_nameservers[i] = - ldns_rdf_clone(src->_nameservers[i]))) { - dst->_nameserver_count = i; - goto error_nameservers; - } - if (!(dst->_rtt = - LDNS_XMALLOC(size_t, dst->_nameserver_count))) - goto error_nameservers; - (void) memcpy(dst->_rtt, src->_rtt, - sizeof(size_t) * dst->_nameserver_count); - } - if (dst->_domain && (!(dst->_domain = ldns_rdf_clone(src->_domain)))) - goto error_rtt; - - if (dst->_tsig_keyname && - (!(dst->_tsig_keyname = strdup(src->_tsig_keyname)))) - goto error_domain; - - if (dst->_tsig_keydata && - (!(dst->_tsig_keydata = strdup(src->_tsig_keydata)))) - goto error_tsig_keyname; - - if (dst->_tsig_algorithm && - (!(dst->_tsig_algorithm = strdup(src->_tsig_algorithm)))) - goto error_tsig_keydata; - - if (dst->_cur_axfr_pkt && - (!(dst->_cur_axfr_pkt = ldns_pkt_clone(src->_cur_axfr_pkt)))) - goto error_tsig_algorithm; - - if (dst->_dnssec_anchors && - (!(dst->_dnssec_anchors=ldns_rr_list_clone(src->_dnssec_anchors)))) - goto error_cur_axfr_pkt; - - return dst; - -error_cur_axfr_pkt: - ldns_pkt_free(dst->_cur_axfr_pkt); -error_tsig_algorithm: - LDNS_FREE(dst->_tsig_algorithm); -error_tsig_keydata: - LDNS_FREE(dst->_tsig_keydata); -error_tsig_keyname: - LDNS_FREE(dst->_tsig_keyname); -error_domain: - ldns_rdf_deep_free(dst->_domain); -error_rtt: - LDNS_FREE(dst->_rtt); -error_nameservers: - for (i = 0; i < dst->_nameserver_count; i++) - ldns_rdf_deep_free(dst->_nameservers[i]); - LDNS_FREE(dst->_nameservers); -error_searchlist: - for (i = 0; i < dst->_searchlist_count; i++) - ldns_rdf_deep_free(dst->_searchlist[i]); - LDNS_FREE(dst->_searchlist); -error: - LDNS_FREE(dst); - return NULL; -} - - -ldns_status -ldns_resolver_new_frm_fp(ldns_resolver **res, FILE *fp) -{ - return ldns_resolver_new_frm_fp_l(res, fp, NULL); -} - -ldns_status -ldns_resolver_new_frm_fp_l(ldns_resolver **res, FILE *fp, int *line_nr) -{ - ldns_resolver *r; - const char *keyword[LDNS_RESOLV_KEYWORDS]; - char word[LDNS_MAX_LINELEN + 1]; - int8_t expect; - uint8_t i; - ldns_rdf *tmp; -#ifdef HAVE_SSL - ldns_rr *tmp_rr; -#endif - ssize_t gtr, bgtr; - ldns_buffer *b; - int lnr = 0, oldline; - FILE* myfp = fp; - if(!line_nr) line_nr = &lnr; - - if(!fp) { - myfp = fopen("/etc/resolv.conf", "r"); - if(!myfp) - return LDNS_STATUS_FILE_ERR; - } - - /* do this better - * expect = - * 0: keyword - * 1: default domain dname - * 2: NS aaaa or a record - */ - - /* recognized keywords */ - keyword[LDNS_RESOLV_NAMESERVER] = "nameserver"; - keyword[LDNS_RESOLV_DEFDOMAIN] = "domain"; - keyword[LDNS_RESOLV_SEARCH] = "search"; - /* these two are read but not used atm TODO */ - keyword[LDNS_RESOLV_SORTLIST] = "sortlist"; - keyword[LDNS_RESOLV_OPTIONS] = "options"; - keyword[LDNS_RESOLV_ANCHOR] = "anchor"; - expect = LDNS_RESOLV_KEYWORD; - - r = ldns_resolver_new(); - if (!r) { - if(!fp) fclose(myfp); - return LDNS_STATUS_MEM_ERR; - } - - gtr = 1; - word[0] = 0; - oldline = *line_nr; - expect = LDNS_RESOLV_KEYWORD; - while (gtr > 0) { - /* check comments */ - if (word[0] == '#') { - word[0]='x'; - if(oldline == *line_nr) { - /* skip until end of line */ - int c; - do { - c = fgetc(myfp); - } while(c != EOF && c != '\n'); - if(c=='\n') (*line_nr)++; - } - /* and read next to prepare for further parsing */ - oldline = *line_nr; - continue; - } - oldline = *line_nr; - switch(expect) { - case LDNS_RESOLV_KEYWORD: - /* keyword */ - gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); - if (gtr != 0) { - if(word[0] == '#') continue; - for(i = 0; i < LDNS_RESOLV_KEYWORDS; i++) { - if (strcasecmp(keyword[i], word) == 0) { - /* chosen the keyword and - * expect values carefully - */ - expect = i; - break; - } - } - /* no keyword recognized */ - if (expect == LDNS_RESOLV_KEYWORD) { - /* skip line */ - /* - ldns_resolver_deep_free(r); - if(!fp) fclose(myfp); - return LDNS_STATUS_SYNTAX_KEYWORD_ERR; - */ - } - } - break; - case LDNS_RESOLV_DEFDOMAIN: - /* default domain dname */ - gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); - if (gtr == 0) { - if(!fp) fclose(myfp); - return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; - } - if(word[0] == '#') { - expect = LDNS_RESOLV_KEYWORD; - continue; - } - tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word); - if (!tmp) { - ldns_resolver_deep_free(r); - if(!fp) fclose(myfp); - return LDNS_STATUS_SYNTAX_DNAME_ERR; - } - - /* DOn't free, because we copy the pointer */ - ldns_resolver_set_domain(r, tmp); - expect = LDNS_RESOLV_KEYWORD; - break; - case LDNS_RESOLV_NAMESERVER: - /* NS aaaa or a record */ - gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); - if (gtr == 0) { - if(!fp) fclose(myfp); - return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; - } - if(word[0] == '#') { - expect = LDNS_RESOLV_KEYWORD; - continue; - } - if(strchr(word, '%')) { - /* snip off interface labels, - * fe80::222:19ff:fe31:4222%eth0 */ - strchr(word, '%')[0]=0; - } - tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, word); - if (!tmp) { - /* try ip4 */ - tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, word); - } - /* could not parse it, exit */ - if (!tmp) { - ldns_resolver_deep_free(r); - if(!fp) fclose(myfp); - return LDNS_STATUS_SYNTAX_ERR; - } - (void)ldns_resolver_push_nameserver(r, tmp); - ldns_rdf_deep_free(tmp); - expect = LDNS_RESOLV_KEYWORD; - break; - case LDNS_RESOLV_SEARCH: - /* search list domain dname */ - gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); - b = LDNS_MALLOC(ldns_buffer); - if(!b) { - ldns_resolver_deep_free(r); - if(!fp) fclose(myfp); - return LDNS_STATUS_MEM_ERR; - } - - ldns_buffer_new_frm_data(b, word, (size_t) gtr); - if(ldns_buffer_status(b) != LDNS_STATUS_OK) { - LDNS_FREE(b); - ldns_resolver_deep_free(r); - if(!fp) fclose(myfp); - return LDNS_STATUS_MEM_ERR; - } - bgtr = ldns_bget_token(b, word, LDNS_PARSE_NORMAL, (size_t) gtr + 1); - while (bgtr > 0) { - gtr -= bgtr; - if(word[0] == '#') { - expect = LDNS_RESOLV_KEYWORD; - break; - } - tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word); - if (!tmp) { - ldns_resolver_deep_free(r); - ldns_buffer_free(b); - if(!fp) fclose(myfp); - return LDNS_STATUS_SYNTAX_DNAME_ERR; - } - - ldns_resolver_push_searchlist(r, tmp); - - ldns_rdf_deep_free(tmp); - bgtr = ldns_bget_token(b, word, LDNS_PARSE_NORMAL, - (size_t) gtr + 1); - } - ldns_buffer_free(b); - if (expect != LDNS_RESOLV_KEYWORD) { - gtr = 1; - expect = LDNS_RESOLV_KEYWORD; - } - break; - case LDNS_RESOLV_SORTLIST: - gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); - /* sortlist not implemented atm */ - expect = LDNS_RESOLV_KEYWORD; - break; - case LDNS_RESOLV_OPTIONS: - gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); - /* options not implemented atm */ - expect = LDNS_RESOLV_KEYWORD; - break; - case LDNS_RESOLV_ANCHOR: - /* a file containing a DNSSEC trust anchor */ - gtr = ldns_fget_token_l(myfp, word, LDNS_PARSE_NORMAL, 0, line_nr); - if (gtr == 0) { - ldns_resolver_deep_free(r); - if(!fp) fclose(myfp); - return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; - } - if(word[0] == '#') { - expect = LDNS_RESOLV_KEYWORD; - continue; - } - -#ifdef HAVE_SSL - tmp_rr = ldns_read_anchor_file(word); - (void) ldns_resolver_push_dnssec_anchor(r, tmp_rr); - ldns_rr_free(tmp_rr); -#endif - expect = LDNS_RESOLV_KEYWORD; - break; - } - } - - if(!fp) - fclose(myfp); - - if (res) { - *res = r; - return LDNS_STATUS_OK; - } else { - ldns_resolver_deep_free(r); - return LDNS_STATUS_NULL; - } -} - -ldns_status -ldns_resolver_new_frm_file(ldns_resolver **res, const char *filename) -{ - ldns_resolver *r; - FILE *fp; - ldns_status s; - - if (!filename) { - fp = fopen(LDNS_RESOLV_CONF, "r"); - - } else { - fp = fopen(filename, "r"); - } - if (!fp) { - return LDNS_STATUS_FILE_ERR; - } - - s = ldns_resolver_new_frm_fp(&r, fp); - fclose(fp); - if (s == LDNS_STATUS_OK) { - if (res) { - *res = r; - return LDNS_STATUS_OK; - } else { - ldns_resolver_free(r); - return LDNS_STATUS_NULL; - } - } - return s; -} - -void -ldns_resolver_free(ldns_resolver *res) -{ - LDNS_FREE(res); -} - -void -ldns_resolver_deep_free(ldns_resolver *res) -{ - size_t i; - - if (res) { - if (res->_searchlist) { - for (i = 0; i < ldns_resolver_searchlist_count(res); i++) { - ldns_rdf_deep_free(res->_searchlist[i]); - } - LDNS_FREE(res->_searchlist); - } - if (res->_nameservers) { - for (i = 0; i < res->_nameserver_count; i++) { - ldns_rdf_deep_free(res->_nameservers[i]); - } - LDNS_FREE(res->_nameservers); - } - if (ldns_resolver_domain(res)) { - ldns_rdf_deep_free(ldns_resolver_domain(res)); - } - if (res->_tsig_keyname) { - LDNS_FREE(res->_tsig_keyname); - } - if (res->_tsig_keydata) { - LDNS_FREE(res->_tsig_keydata); - } - if (res->_tsig_algorithm) { - LDNS_FREE(res->_tsig_algorithm); - } - - if (res->_cur_axfr_pkt) { - ldns_pkt_free(res->_cur_axfr_pkt); - } - - if (res->_rtt) { - LDNS_FREE(res->_rtt); - } - if (res->_dnssec_anchors) { - ldns_rr_list_deep_free(res->_dnssec_anchors); - } - LDNS_FREE(res); - } -} - -ldns_status -ldns_resolver_search_status(ldns_pkt** pkt, - ldns_resolver *r, const ldns_rdf *name, - ldns_rr_type t, ldns_rr_class c, uint16_t flags) -{ - ldns_rdf *new_name; - ldns_rdf **search_list; - size_t i; - ldns_status s = LDNS_STATUS_OK; - ldns_rdf root_dname = { 1, LDNS_RDF_TYPE_DNAME, (void *)"" }; - - if (ldns_dname_absolute(name)) { - /* query as-is */ - return ldns_resolver_query_status(pkt, r, name, t, c, flags); - } else if (ldns_resolver_dnsrch(r)) { - search_list = ldns_resolver_searchlist(r); - for (i = 0; i <= ldns_resolver_searchlist_count(r); i++) { - if (i == ldns_resolver_searchlist_count(r)) { - new_name = ldns_dname_cat_clone(name, - &root_dname); - } else { - new_name = ldns_dname_cat_clone(name, - search_list[i]); - } - - s = ldns_resolver_query_status(pkt, r, - new_name, t, c, flags); - ldns_rdf_free(new_name); - if (pkt && *pkt) { - if (s == LDNS_STATUS_OK && - ldns_pkt_get_rcode(*pkt) == - LDNS_RCODE_NOERROR) { - - return LDNS_STATUS_OK; - } - ldns_pkt_free(*pkt); - *pkt = NULL; - } - } - } - return s; -} - -ldns_pkt * -ldns_resolver_search(const ldns_resolver *r,const ldns_rdf *name, - ldns_rr_type t, ldns_rr_class c, uint16_t flags) -{ - ldns_pkt* pkt = NULL; - if (ldns_resolver_search_status(&pkt, (ldns_resolver *)r, - name, t, c, flags) != LDNS_STATUS_OK) { - ldns_pkt_free(pkt); - } - return pkt; -} - -ldns_status -ldns_resolver_query_status(ldns_pkt** pkt, - ldns_resolver *r, const ldns_rdf *name, - ldns_rr_type t, ldns_rr_class c, uint16_t flags) -{ - ldns_rdf *newname; - ldns_status status; - - if (!ldns_resolver_defnames(r) || !ldns_resolver_domain(r)) { - return ldns_resolver_send(pkt, r, name, t, c, flags); - } - - newname = ldns_dname_cat_clone(name, ldns_resolver_domain(r)); - if (!newname) { - return LDNS_STATUS_MEM_ERR; - } - status = ldns_resolver_send(pkt, r, newname, t, c, flags); - ldns_rdf_free(newname); - return status; -} - -ldns_pkt * -ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name, - ldns_rr_type t, ldns_rr_class c, uint16_t flags) -{ - ldns_pkt* pkt = NULL; - if (ldns_resolver_query_status(&pkt, (ldns_resolver *)r, - name, t, c, flags) != LDNS_STATUS_OK) { - ldns_pkt_free(pkt); - } - return pkt; -} - -static size_t * -ldns_resolver_backup_rtt(ldns_resolver *r) -{ - size_t *new_rtt; - size_t *old_rtt = ldns_resolver_rtt(r); - - if (old_rtt && ldns_resolver_nameserver_count(r)) { - new_rtt = LDNS_XMALLOC(size_t - , ldns_resolver_nameserver_count(r)); - memcpy(new_rtt, old_rtt, sizeof(size_t) - * ldns_resolver_nameserver_count(r)); - ldns_resolver_set_rtt(r, new_rtt); - return old_rtt; - } - return NULL; -} - -static void -ldns_resolver_restore_rtt(ldns_resolver *r, size_t *old_rtt) -{ - size_t *cur_rtt = ldns_resolver_rtt(r); - - if (cur_rtt) { - LDNS_FREE(cur_rtt); - } - ldns_resolver_set_rtt(r, old_rtt); -} - -ldns_status -ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r, - ldns_pkt *query_pkt) -{ - ldns_pkt *answer_pkt = NULL; - ldns_status stat = LDNS_STATUS_OK; - size_t *rtt; - - stat = ldns_send(&answer_pkt, (ldns_resolver *)r, query_pkt); - if (stat != LDNS_STATUS_OK) { - if(answer_pkt) { - ldns_pkt_free(answer_pkt); - answer_pkt = NULL; - } - } else { - /* if tc=1 fall back to EDNS and/or TCP */ - /* check for tcp first (otherwise we don't care about tc=1) */ - if (!ldns_resolver_usevc(r) && ldns_resolver_fallback(r)) { - if (ldns_pkt_tc(answer_pkt)) { - /* was EDNS0 set? */ - if (ldns_pkt_edns_udp_size(query_pkt) == 0) { - ldns_pkt_set_edns_udp_size(query_pkt - , 4096); - ldns_pkt_free(answer_pkt); - answer_pkt = NULL; - /* Nameservers should not become - * unreachable because fragments are - * dropped (network error). We might - * still have success with TCP. - * Therefore maintain reachability - * statuses of the nameservers by - * backup and restore the rtt list. - */ - rtt = ldns_resolver_backup_rtt(r); - stat = ldns_send(&answer_pkt, r - , query_pkt); - ldns_resolver_restore_rtt(r, rtt); - } - /* either way, if it is still truncated, use TCP */ - if (stat != LDNS_STATUS_OK || - ldns_pkt_tc(answer_pkt)) { - ldns_resolver_set_usevc(r, true); - ldns_pkt_free(answer_pkt); - stat = ldns_send(&answer_pkt, r, query_pkt); - ldns_resolver_set_usevc(r, false); - } - } - } - } - - if (answer) { - *answer = answer_pkt; - } - - return stat; -} - -ldns_status -ldns_resolver_prepare_query_pkt(ldns_pkt **query_pkt, ldns_resolver *r, - const ldns_rdf *name, ldns_rr_type t, - ldns_rr_class c, uint16_t flags) -{ - struct timeval now; - ldns_rr* soa = NULL; - - /* prepare a question pkt from the parameters - * and then send this */ - if (t == LDNS_RR_TYPE_IXFR) { - ldns_rdf *owner_rdf; - ldns_rdf *mname_rdf; - ldns_rdf *rname_rdf; - ldns_rdf *serial_rdf; - ldns_rdf *refresh_rdf; - ldns_rdf *retry_rdf; - ldns_rdf *expire_rdf; - ldns_rdf *minimum_rdf; - soa = ldns_rr_new(); - - if (!soa) { - return LDNS_STATUS_ERR; - } - owner_rdf = ldns_rdf_clone(name); - if (!owner_rdf) { - ldns_rr_free(soa); - return LDNS_STATUS_ERR; - } - ldns_rr_set_owner(soa, owner_rdf); - ldns_rr_set_type(soa, LDNS_RR_TYPE_SOA); - ldns_rr_set_class(soa, c); - ldns_rr_set_question(soa, false); - if (ldns_str2rdf_dname(&mname_rdf, ".") != LDNS_STATUS_OK) { - ldns_rr_free(soa); - return LDNS_STATUS_ERR; - } else ldns_rr_push_rdf(soa, mname_rdf); - if (ldns_str2rdf_dname(&rname_rdf, ".") != LDNS_STATUS_OK) { - ldns_rr_free(soa); - return LDNS_STATUS_ERR; - } else ldns_rr_push_rdf(soa, rname_rdf); - serial_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, ldns_resolver_get_ixfr_serial(r)); - if (!serial_rdf) { - ldns_rr_free(soa); - return LDNS_STATUS_ERR; - } else ldns_rr_push_rdf(soa, serial_rdf); - refresh_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); - if (!refresh_rdf) { - ldns_rr_free(soa); - return LDNS_STATUS_ERR; - } else ldns_rr_push_rdf(soa, refresh_rdf); - retry_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); - if (!retry_rdf) { - ldns_rr_free(soa); - return LDNS_STATUS_ERR; - } else ldns_rr_push_rdf(soa, retry_rdf); - expire_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); - if (!expire_rdf) { - ldns_rr_free(soa); - return LDNS_STATUS_ERR; - } else ldns_rr_push_rdf(soa, expire_rdf); - minimum_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0); - if (!minimum_rdf) { - ldns_rr_free(soa); - return LDNS_STATUS_ERR; - } else ldns_rr_push_rdf(soa, minimum_rdf); - - *query_pkt = ldns_pkt_ixfr_request_new(ldns_rdf_clone(name), - c, flags, soa); - } else { - *query_pkt = ldns_pkt_query_new(ldns_rdf_clone(name), t, c, flags); - } - if (!*query_pkt) { - ldns_rr_free(soa); - return LDNS_STATUS_ERR; - } - - /* set DO bit if necessary */ - if (ldns_resolver_dnssec(r)) { - if (ldns_resolver_edns_udp_size(r) == 0) { - ldns_resolver_set_edns_udp_size(r, 4096); - } - ldns_pkt_set_edns_do(*query_pkt, true); - if (ldns_resolver_dnssec_cd(r) || (flags & LDNS_CD)) { - ldns_pkt_set_cd(*query_pkt, true); - } - } - - /* transfer the udp_edns_size from the resolver to the packet */ - if (ldns_resolver_edns_udp_size(r) != 0) { - ldns_pkt_set_edns_udp_size(*query_pkt, ldns_resolver_edns_udp_size(r)); - } - - /* set the timestamp */ - now.tv_sec = time(NULL); - now.tv_usec = 0; - ldns_pkt_set_timestamp(*query_pkt, now); - - - if (ldns_resolver_debug(r)) { - ldns_pkt_print(stdout, *query_pkt); - } - - /* only set the id if it is not set yet */ - if (ldns_pkt_id(*query_pkt) == 0) { - ldns_pkt_set_random_id(*query_pkt); - } - - return LDNS_STATUS_OK; -} - -ldns_status -ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name, - ldns_rr_type t, ldns_rr_class c, uint16_t flags) -{ - ldns_pkt *query_pkt; - ldns_pkt *answer_pkt; - ldns_status status; - - assert(r != NULL); - assert(name != NULL); - - answer_pkt = NULL; - - /* do all the preprocessing here, then fire of an query to - * the network */ - - if (0 == t) { - t= LDNS_RR_TYPE_A; - } - if (0 == c) { - c= LDNS_RR_CLASS_IN; - } - if (0 == ldns_resolver_nameserver_count(r)) { - return LDNS_STATUS_RES_NO_NS; - } - if (ldns_rdf_get_type(name) != LDNS_RDF_TYPE_DNAME) { - return LDNS_STATUS_RES_QUERY; - } - - status = ldns_resolver_prepare_query_pkt(&query_pkt, r, name, - t, c, flags); - if (status != LDNS_STATUS_OK) { - return status; - } - - /* if tsig values are set, tsign it */ - /* TODO: make last 3 arguments optional too? maybe make complete - rr instead of separate values in resolver (and packet) - Jelte - should this go in pkt_prepare? - */ - if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r)) { -#ifdef HAVE_SSL - status = ldns_pkt_tsig_sign(query_pkt, - ldns_resolver_tsig_keyname(r), - ldns_resolver_tsig_keydata(r), - 300, ldns_resolver_tsig_algorithm(r), NULL); - if (status != LDNS_STATUS_OK) { - ldns_pkt_free(query_pkt); - return LDNS_STATUS_CRYPTO_TSIG_ERR; - } -#else - ldns_pkt_free(query_pkt); - return LDNS_STATUS_CRYPTO_TSIG_ERR; -#endif /* HAVE_SSL */ - } - - status = ldns_resolver_send_pkt(&answer_pkt, r, query_pkt); - ldns_pkt_free(query_pkt); - - /* allows answer to be NULL when not interested in return value */ - if (answer) { - *answer = answer_pkt; - } - return status; -} - -ldns_rr * -ldns_axfr_next(ldns_resolver *resolver) -{ - ldns_rr *cur_rr; - uint8_t *packet_wire; - size_t packet_wire_size; - ldns_status status; - - /* check if start() has been called */ - if (!resolver || resolver->_socket == 0) { - return NULL; - } - - if (resolver->_cur_axfr_pkt) { - if (resolver->_axfr_i == ldns_pkt_ancount(resolver->_cur_axfr_pkt)) { - ldns_pkt_free(resolver->_cur_axfr_pkt); - resolver->_cur_axfr_pkt = NULL; - return ldns_axfr_next(resolver); - } - cur_rr = ldns_rr_clone(ldns_rr_list_rr( - ldns_pkt_answer(resolver->_cur_axfr_pkt), - resolver->_axfr_i)); - resolver->_axfr_i++; - if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_SOA) { - resolver->_axfr_soa_count++; - if (resolver->_axfr_soa_count >= 2) { -#ifndef USE_WINSOCK - close(resolver->_socket); -#else - closesocket(resolver->_socket); -#endif - resolver->_socket = 0; - ldns_pkt_free(resolver->_cur_axfr_pkt); - resolver->_cur_axfr_pkt = NULL; - } - } - return cur_rr; - } else { - packet_wire = ldns_tcp_read_wire_timeout(resolver->_socket, &packet_wire_size, resolver->_timeout); - if(!packet_wire) - return NULL; - - status = ldns_wire2pkt(&resolver->_cur_axfr_pkt, packet_wire, - packet_wire_size); - LDNS_FREE(packet_wire); - - resolver->_axfr_i = 0; - if (status != LDNS_STATUS_OK) { - /* TODO: make status return type of this function (...api change) */ -#ifdef STDERR_MSGS - fprintf(stderr, "Error parsing rr during AXFR: %s\n", ldns_get_errorstr_by_id(status)); -#endif - - /* we must now also close the socket, otherwise subsequent uses of the - same resolver structure will fail because the link is still open or - in an undefined state */ -#ifndef USE_WINSOCK - close(resolver->_socket); -#else - closesocket(resolver->_socket); -#endif - resolver->_socket = 0; - - return NULL; - } else if (ldns_pkt_get_rcode(resolver->_cur_axfr_pkt) != 0) { -#ifdef STDERR_MSGS - ldns_lookup_table *rcode = ldns_lookup_by_id( - ldns_rcodes,(int) ldns_pkt_get_rcode( - resolver->_cur_axfr_pkt)); - if (rcode) { - fprintf(stderr, "Error in AXFR: %s\n", - rcode->name); - } else { - fprintf(stderr, "Error in AXFR: %d\n", - (int) ldns_pkt_get_rcode( - resolver->_cur_axfr_pkt)); - } -#endif - - /* we must now also close the socket, otherwise subsequent uses of the - same resolver structure will fail because the link is still open or - in an undefined state */ -#ifndef USE_WINSOCK - close(resolver->_socket); -#else - closesocket(resolver->_socket); -#endif - resolver->_socket = 0; - - return NULL; - } else { - return ldns_axfr_next(resolver); - } - - } - -} - -/* this function is needed to abort a transfer that is in progress; - * without it an aborted transfer will lead to the AXFR code in the - * library staying in an indetermined state because the socket for the - * AXFR is never closed - */ -void -ldns_axfr_abort(ldns_resolver *resolver) -{ - /* Only abort if an actual AXFR is in progress */ - if (resolver->_socket != 0) - { -#ifndef USE_WINSOCK - close(resolver->_socket); -#else - closesocket(resolver->_socket); -#endif - resolver->_socket = 0; - } -} - -bool -ldns_axfr_complete(const ldns_resolver *res) -{ - /* complete when soa count is 2? */ - return res->_axfr_soa_count == 2; -} - -ldns_pkt * -ldns_axfr_last_pkt(const ldns_resolver *res) -{ - return res->_cur_axfr_pkt; -} - -void -ldns_resolver_set_ixfr_serial(ldns_resolver *r, uint32_t serial) -{ - r->_serial = serial; -} - -uint32_t -ldns_resolver_get_ixfr_serial(const ldns_resolver *res) -{ - return res->_serial; -} - - -/* random isn't really that good */ -void -ldns_resolver_nameservers_randomize(ldns_resolver *r) -{ - uint16_t i, j; - ldns_rdf **ns, *tmpns; - size_t *rtt, tmprtt; - - /* should I check for ldns_resolver_random?? */ - assert(r != NULL); - - ns = ldns_resolver_nameservers(r); - rtt = ldns_resolver_rtt(r); - for (i = 0; i < ldns_resolver_nameserver_count(r); i++) { - j = ldns_get_random() % ldns_resolver_nameserver_count(r); - tmpns = ns[i]; - ns[i] = ns[j]; - ns[j] = tmpns; - tmprtt = rtt[i]; - rtt[i] = rtt[j]; - rtt[j] = tmprtt; - } - ldns_resolver_set_nameservers(r, ns); -} - diff --git a/src/ldns/rr.c b/src/ldns/rr.c deleted file mode 100644 index e52ea80..0000000 --- a/src/ldns/rr.c +++ /dev/null @@ -1,2705 +0,0 @@ -/* rr.c - * - * access functions for ldns_rr - - * a Net::DNS like library for C - * LibDNS Team @ NLnet Labs - * - * (c) NLnet Labs, 2004-2006 - * See the file LICENSE for the license - */ -#include - -#include - -#include -#include - -#include - -#define LDNS_SYNTAX_DATALEN 16 -#define LDNS_TTL_DATALEN 21 -#define LDNS_RRLIST_INIT 8 - -ldns_rr * -ldns_rr_new(void) -{ - ldns_rr *rr; - rr = LDNS_MALLOC(ldns_rr); - if (!rr) { - return NULL; - } - - ldns_rr_set_owner(rr, NULL); - ldns_rr_set_question(rr, false); - ldns_rr_set_rd_count(rr, 0); - rr->_rdata_fields = NULL; - ldns_rr_set_class(rr, LDNS_RR_CLASS_IN); - ldns_rr_set_ttl(rr, LDNS_DEFAULT_TTL); - return rr; -} - -ldns_rr * -ldns_rr_new_frm_type(ldns_rr_type t) -{ - ldns_rr *rr; - const ldns_rr_descriptor *desc; - size_t i; - - rr = LDNS_MALLOC(ldns_rr); - if (!rr) { - return NULL; - } - - desc = ldns_rr_descript(t); - - rr->_rdata_fields = LDNS_XMALLOC(ldns_rdf *, ldns_rr_descriptor_minimum(desc)); - if(!rr->_rdata_fields) { - LDNS_FREE(rr); - return NULL; - } - for (i = 0; i < ldns_rr_descriptor_minimum(desc); i++) { - rr->_rdata_fields[i] = NULL; - } - - ldns_rr_set_owner(rr, NULL); - ldns_rr_set_question(rr, false); - /* set the count to minimum */ - ldns_rr_set_rd_count(rr, ldns_rr_descriptor_minimum(desc)); - ldns_rr_set_class(rr, LDNS_RR_CLASS_IN); - ldns_rr_set_ttl(rr, LDNS_DEFAULT_TTL); - ldns_rr_set_type(rr, t); - return rr; -} - -void -ldns_rr_free(ldns_rr *rr) -{ - size_t i; - if (rr) { - if (ldns_rr_owner(rr)) { - ldns_rdf_deep_free(ldns_rr_owner(rr)); - } - for (i = 0; i < ldns_rr_rd_count(rr); i++) { - ldns_rdf_deep_free(ldns_rr_rdf(rr, i)); - } - LDNS_FREE(rr->_rdata_fields); - LDNS_FREE(rr); - } -} - -/* Syntactic sugar for ldns_rr_new_frm_str_internal */ -INLINE bool -ldns_rdf_type_maybe_quoted(ldns_rdf_type rdf_type) -{ - return rdf_type == LDNS_RDF_TYPE_STR || - rdf_type == LDNS_RDF_TYPE_LONG_STR; -} - -/* - * trailing spaces are allowed - * leading spaces are not allowed - * allow ttl to be optional - * class is optional too - * if ttl is missing, and default_ttl is 0, use DEF_TTL - * allow ttl to be written as 1d3h - * So the RR should look like. e.g. - * miek.nl. 3600 IN MX 10 elektron.atoom.net - * or - * miek.nl. 1h IN MX 10 elektron.atoom.net - * or - * miek.nl. IN MX 10 elektron.atoom.net - */ -static ldns_status -ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str, - uint32_t default_ttl, ldns_rdf *origin, - ldns_rdf **prev, bool question) -{ - ldns_rr *new; - const ldns_rr_descriptor *desc; - ldns_rr_type rr_type; - ldns_buffer *rr_buf = NULL; - ldns_buffer *rd_buf = NULL; - uint32_t ttl_val; - char *owner = NULL; - char *ttl = NULL; - ldns_rr_class clas_val; - char *clas = NULL; - char *type = NULL; - char *rdata = NULL; - char *rd = NULL; - char *xtok = NULL; /* For RDF types with spaces (i.e. extra tokens) */ - size_t rd_strlen; - const char *delimiters; - ssize_t c; - ldns_rdf *owner_dname; - const char* endptr; - int was_unknown_rr_format = 0; - ldns_status status = LDNS_STATUS_OK; - - /* used for types with unknown number of rdatas */ - bool done; - bool quoted; - - ldns_rdf *r = NULL; - uint16_t r_cnt; - uint16_t r_min; - uint16_t r_max; - size_t pre_data_pos; - - uint16_t hex_data_size; - char *hex_data_str = NULL; - uint16_t cur_hex_data_size; - size_t hex_pos = 0; - uint8_t *hex_data = NULL; - - new = ldns_rr_new(); - - owner = LDNS_XMALLOC(char, LDNS_MAX_DOMAINLEN + 1); - ttl = LDNS_XMALLOC(char, LDNS_TTL_DATALEN); - clas = LDNS_XMALLOC(char, LDNS_SYNTAX_DATALEN); - rdata = LDNS_XMALLOC(char, LDNS_MAX_PACKETLEN + 1); - rr_buf = LDNS_MALLOC(ldns_buffer); - rd_buf = LDNS_MALLOC(ldns_buffer); - rd = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN); - xtok = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN); - if (rr_buf) { - rr_buf->_data = NULL; - } - if (rd_buf) { - rd_buf->_data = NULL; - } - if (!new || !owner || !ttl || !clas || !rdata || - !rr_buf || !rd_buf || !rd || !xtok) { - - goto memerror; - } - - ldns_buffer_new_frm_data(rr_buf, (char*)str, strlen(str)); - - /* split the rr in its parts -1 signals trouble */ - if (ldns_bget_token(rr_buf, owner, "\t\n ", LDNS_MAX_DOMAINLEN) == -1){ - - status = LDNS_STATUS_SYNTAX_ERR; - goto error; - } - - if (ldns_bget_token(rr_buf, ttl, "\t\n ", LDNS_TTL_DATALEN) == -1) { - - status = LDNS_STATUS_SYNTAX_TTL_ERR; - goto error; - } - ttl_val = (uint32_t) ldns_str2period(ttl, &endptr); - - if (strlen(ttl) > 0 && !isdigit((int) ttl[0])) { - /* ah, it's not there or something */ - if (default_ttl == 0) { - ttl_val = LDNS_DEFAULT_TTL; - } else { - ttl_val = default_ttl; - } - /* we not ASSUMING the TTL is missing and that - * the rest of the RR is still there. That is - * CLASS TYPE RDATA - * so ttl value we read is actually the class - */ - clas_val = ldns_get_rr_class_by_name(ttl); - /* class can be left out too, assume IN, current - * token must be type - */ - if (clas_val == 0) { - clas_val = LDNS_RR_CLASS_IN; - type = LDNS_XMALLOC(char, strlen(ttl) + 1); - if (!type) { - goto memerror; - } - strncpy(type, ttl, strlen(ttl) + 1); - } - } else { - if (-1 == ldns_bget_token( - rr_buf, clas, "\t\n ", LDNS_SYNTAX_DATALEN)) { - - status = LDNS_STATUS_SYNTAX_CLASS_ERR; - goto error; - } - clas_val = ldns_get_rr_class_by_name(clas); - /* class can be left out too, assume IN, current - * token must be type - */ - if (clas_val == 0) { - clas_val = LDNS_RR_CLASS_IN; - type = LDNS_XMALLOC(char, strlen(clas) + 1); - if (!type) { - goto memerror; - } - strncpy(type, clas, strlen(clas) + 1); - } - } - /* the rest should still be waiting for us */ - - if (!type) { - type = LDNS_XMALLOC(char, LDNS_SYNTAX_DATALEN); - if (!type) { - goto memerror; - } - if (-1 == ldns_bget_token( - rr_buf, type, "\t\n ", LDNS_SYNTAX_DATALEN)) { - - status = LDNS_STATUS_SYNTAX_TYPE_ERR; - goto error; - } - } - - if (ldns_bget_token(rr_buf, rdata, "\0", LDNS_MAX_PACKETLEN) == -1) { - /* apparently we are done, and it's only a question RR - * so do not set status and go to ldnserror here - */ - } - ldns_buffer_new_frm_data(rd_buf, rdata, strlen(rdata)); - - if (strlen(owner) <= 1 && strncmp(owner, "@", 1) == 0) { - if (origin) { - ldns_rr_set_owner(new, ldns_rdf_clone(origin)); - } else if (prev && *prev) { - ldns_rr_set_owner(new, ldns_rdf_clone(*prev)); - } else { - /* default to root */ - ldns_rr_set_owner(new, ldns_dname_new_frm_str(".")); - } - - /* @ also overrides prev */ - if (prev) { - ldns_rdf_deep_free(*prev); - *prev = ldns_rdf_clone(ldns_rr_owner(new)); - if (!*prev) { - goto memerror; - } - } - } else { - if (strlen(owner) == 0) { - /* no ownername was given, try prev, if that fails - * origin, else default to root */ - if (prev && *prev) { - ldns_rr_set_owner(new, ldns_rdf_clone(*prev)); - } else if (origin) { - ldns_rr_set_owner(new, ldns_rdf_clone(origin)); - } else { - ldns_rr_set_owner(new, - ldns_dname_new_frm_str(".")); - } - if(!ldns_rr_owner(new)) { - goto memerror; - } - } else { - owner_dname = ldns_dname_new_frm_str(owner); - if (!owner_dname) { - status = LDNS_STATUS_SYNTAX_ERR; - goto error; - } - - ldns_rr_set_owner(new, owner_dname); - if (!ldns_dname_str_absolute(owner) && origin) { - if(ldns_dname_cat(ldns_rr_owner(new), origin) - != LDNS_STATUS_OK) { - - status = LDNS_STATUS_SYNTAX_ERR; - goto error; - } - } - if (prev) { - ldns_rdf_deep_free(*prev); - *prev = ldns_rdf_clone(ldns_rr_owner(new)); - if (!*prev) { - goto error; - } - } - } - } - LDNS_FREE(owner); - - ldns_rr_set_question(new, question); - - ldns_rr_set_ttl(new, ttl_val); - LDNS_FREE(ttl); - - ldns_rr_set_class(new, clas_val); - LDNS_FREE(clas); - - rr_type = ldns_get_rr_type_by_name(type); - LDNS_FREE(type); - - desc = ldns_rr_descript((uint16_t)rr_type); - ldns_rr_set_type(new, rr_type); - if (desc) { - /* only the rdata remains */ - r_max = ldns_rr_descriptor_maximum(desc); - r_min = ldns_rr_descriptor_minimum(desc); - } else { - r_min = 0; - r_max = 1; - } - - for (done = false, r_cnt = 0; !done && r_cnt < r_max; r_cnt++) { - quoted = false; - - switch (ldns_rr_descriptor_field_type(desc, r_cnt)) { - case LDNS_RDF_TYPE_B64 : - case LDNS_RDF_TYPE_HEX : /* These rdf types may con- */ - case LDNS_RDF_TYPE_LOC : /* tain whitespace, only if */ - case LDNS_RDF_TYPE_WKS : /* it is the last rd field. */ - case LDNS_RDF_TYPE_IPSECKEY : - case LDNS_RDF_TYPE_NSEC : if (r_cnt == r_max - 1) { - delimiters = "\n"; - break; - } - default : delimiters = "\n\t "; - } - - if (ldns_rdf_type_maybe_quoted( - ldns_rr_descriptor_field_type( - desc, r_cnt)) && - ldns_buffer_remaining(rd_buf) > 0){ - - /* skip spaces */ - while (*(ldns_buffer_current(rd_buf)) == ' ') { - ldns_buffer_skip(rd_buf, 1); - } - - if (*(ldns_buffer_current(rd_buf)) == '\"') { - delimiters = "\"\0"; - ldns_buffer_skip(rd_buf, 1); - quoted = true; - } - } - - /* because number of fields can be variable, we can't rely on - * _maximum() only - */ - - /* skip spaces */ - while (ldns_buffer_position(rd_buf) < ldns_buffer_limit(rd_buf) - && *(ldns_buffer_current(rd_buf)) == ' ' - && !quoted) { - - ldns_buffer_skip(rd_buf, 1); - } - - pre_data_pos = ldns_buffer_position(rd_buf); - if (-1 == (c = ldns_bget_token( - rd_buf, rd, delimiters, LDNS_MAX_RDFLEN))) { - - done = true; - break; - } - /* hmmz, rfc3597 specifies that any type can be represented - * with \# method, which can contain spaces... - * it does specify size though... - */ - rd_strlen = strlen(rd); - - /* unknown RR data */ - if (strncmp(rd, "\\#", 2) == 0 && !quoted && - (rd_strlen == 2 || rd[2]==' ')) { - - was_unknown_rr_format = 1; - /* go back to before \# - * and skip it while setting delimiters better - */ - ldns_buffer_set_position(rd_buf, pre_data_pos); - delimiters = "\n\t "; - (void)ldns_bget_token(rd_buf, rd, - delimiters, LDNS_MAX_RDFLEN); - /* read rdata octet length */ - c = ldns_bget_token(rd_buf, rd, - delimiters, LDNS_MAX_RDFLEN); - if (c == -1) { - /* something goes very wrong here */ - status = LDNS_STATUS_SYNTAX_RDATA_ERR; - goto error; - } - hex_data_size = (uint16_t) atoi(rd); - /* copy hex chars into hex str (2 chars per byte) */ - hex_data_str = LDNS_XMALLOC(char, 2*hex_data_size + 1); - if (!hex_data_str) { - /* malloc error */ - goto memerror; - } - cur_hex_data_size = 0; - while(cur_hex_data_size < 2 * hex_data_size) { - c = ldns_bget_token(rd_buf, rd, - delimiters, LDNS_MAX_RDFLEN); - if (c != -1) { - rd_strlen = strlen(rd); - } - if (c == -1 || - (size_t)cur_hex_data_size + rd_strlen > - 2 * (size_t)hex_data_size) { - - status = LDNS_STATUS_SYNTAX_RDATA_ERR; - goto error; - } - strncpy(hex_data_str + cur_hex_data_size, rd, - rd_strlen); - - cur_hex_data_size += rd_strlen; - } - hex_data_str[cur_hex_data_size] = '\0'; - - /* correct the rdf type */ - /* if *we* know the type, interpret it as wireformat */ - if (desc) { - hex_pos = 0; - hex_data = - LDNS_XMALLOC(uint8_t, hex_data_size+2); - - if (!hex_data) { - goto memerror; - } - ldns_write_uint16(hex_data, hex_data_size); - ldns_hexstring_to_data( - hex_data + 2, hex_data_str); - status = ldns_wire2rdf(new, hex_data, - hex_data_size + 2, &hex_pos); - if (status != LDNS_STATUS_OK) { - goto error; - } - LDNS_FREE(hex_data); - } else { - r = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_HEX, - hex_data_str); - if (!r) { - goto memerror; - } - ldns_rdf_set_type(r, LDNS_RDF_TYPE_UNKNOWN); - if (!ldns_rr_push_rdf(new, r)) { - goto memerror; - } - } - LDNS_FREE(hex_data_str); - - } else if(rd_strlen > 0 || quoted) { - /* Normal RR */ - switch(ldns_rr_descriptor_field_type(desc, r_cnt)) { - - case LDNS_RDF_TYPE_HEX: - case LDNS_RDF_TYPE_B64: - /* When this is the last rdata field, then the - * rest should be read in (cause then these - * rdf types may contain spaces). - */ - if (r_cnt == r_max - 1) { - c = ldns_bget_token(rd_buf, xtok, - "\n", LDNS_MAX_RDFLEN); - if (c != -1) { - (void) strncat(rd, xtok, - LDNS_MAX_RDFLEN - - strlen(rd) - 1); - } - } - r = ldns_rdf_new_frm_str( - ldns_rr_descriptor_field_type( - desc, r_cnt), rd); - break; - - case LDNS_RDF_TYPE_HIP: - /* - * In presentation format this RDATA type has - * three tokens: An algorithm byte, then a - * variable length HIT (in hexbytes) and then - * a variable length Public Key (in base64). - * - * We have just read the algorithm, so we need - * two more tokens: HIT and Public Key. - */ - do { - /* Read and append HIT */ - if (ldns_bget_token(rd_buf, - xtok, delimiters, - LDNS_MAX_RDFLEN) == -1) - break; - - (void) strncat(rd, " ", - LDNS_MAX_RDFLEN - - strlen(rd) - 1); - (void) strncat(rd, xtok, - LDNS_MAX_RDFLEN - - strlen(rd) - 1); - - /* Read and append Public Key*/ - if (ldns_bget_token(rd_buf, - xtok, delimiters, - LDNS_MAX_RDFLEN) == -1) - break; - - (void) strncat(rd, " ", - LDNS_MAX_RDFLEN - - strlen(rd) - 1); - (void) strncat(rd, xtok, - LDNS_MAX_RDFLEN - - strlen(rd) - 1); - } while (false); - - r = ldns_rdf_new_frm_str( - ldns_rr_descriptor_field_type( - desc, r_cnt), rd); - break; - - case LDNS_RDF_TYPE_DNAME: - r = ldns_rdf_new_frm_str( - ldns_rr_descriptor_field_type( - desc, r_cnt), rd); - - /* check if the origin should be used - * or concatenated - */ - if (r && ldns_rdf_size(r) > 1 && - ldns_rdf_data(r)[0] == 1 && - ldns_rdf_data(r)[1] == '@') { - - ldns_rdf_deep_free(r); - - r = origin ? ldns_rdf_clone(origin) - - : ( rr_type == LDNS_RR_TYPE_SOA ? - - ldns_rdf_clone( - ldns_rr_owner(new)) - - : ldns_rdf_new_frm_str( - LDNS_RDF_TYPE_DNAME, ".") - ); - - } else if (r && rd_strlen >= 1 && origin && - !ldns_dname_str_absolute(rd)) { - - status = ldns_dname_cat(r, origin); - if (status != LDNS_STATUS_OK) { - goto error; - } - } - break; - default: - r = ldns_rdf_new_frm_str( - ldns_rr_descriptor_field_type( - desc, r_cnt), rd); - break; - } - if (!r) { - status = LDNS_STATUS_SYNTAX_RDATA_ERR; - goto error; - } - ldns_rr_push_rdf(new, r); - } - if (quoted) { - if (ldns_buffer_available(rd_buf, 1)) { - ldns_buffer_skip(rd_buf, 1); - } else { - done = true; - } - } - - } /* for (done = false, r_cnt = 0; !done && r_cnt < r_max; r_cnt++) */ - LDNS_FREE(rd); - LDNS_FREE(xtok); - ldns_buffer_free(rd_buf); - ldns_buffer_free(rr_buf); - LDNS_FREE(rdata); - - if (!question && desc && !was_unknown_rr_format && - ldns_rr_rd_count(new) < r_min) { - - ldns_rr_free(new); - return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; - } - - if (newrr) { - *newrr = new; - } else { - /* Maybe the caller just wanted to see if it would parse? */ - ldns_rr_free(new); - } - return LDNS_STATUS_OK; - -memerror: - status = LDNS_STATUS_MEM_ERR; -error: - if (rd_buf && rd_buf->_data) { - ldns_buffer_free(rd_buf); - } else { - LDNS_FREE(rd_buf); - } - if (rr_buf && rr_buf->_data) { - ldns_buffer_free(rr_buf); - } else { - LDNS_FREE(rr_buf); - } - LDNS_FREE(type); - LDNS_FREE(owner); - LDNS_FREE(ttl); - LDNS_FREE(clas); - LDNS_FREE(hex_data); - LDNS_FREE(hex_data_str); - LDNS_FREE(xtok); - LDNS_FREE(rd); - LDNS_FREE(rdata); - ldns_rr_free(new); - return status; -} - -ldns_status -ldns_rr_new_frm_str(ldns_rr **newrr, const char *str, - uint32_t default_ttl, ldns_rdf *origin, - ldns_rdf **prev) -{ - return ldns_rr_new_frm_str_internal(newrr, - str, - default_ttl, - origin, - prev, - false); -} - -ldns_status -ldns_rr_new_question_frm_str(ldns_rr **newrr, const char *str, - ldns_rdf *origin, ldns_rdf **prev) -{ - return ldns_rr_new_frm_str_internal(newrr, - str, - 0, - origin, - prev, - true); -} - -/* Strip whitespace from the start and the end of . */ -static char * -ldns_strip_ws(char *line) -{ - char *s = line, *e; - - for (s = line; *s && isspace(*s); s++) - ; - - for (e = strchr(s, 0); e > s+2 && isspace(e[-1]) && e[-2] != '\\'; e--) - ; - *e = 0; - - return s; -} - -ldns_status -ldns_rr_new_frm_fp(ldns_rr **newrr, FILE *fp, uint32_t *ttl, ldns_rdf **origin, ldns_rdf **prev) -{ - return ldns_rr_new_frm_fp_l(newrr, fp, ttl, origin, prev, NULL); -} - -ldns_status -ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr) -{ - char *line; - const char *endptr; /* unused */ - ldns_rr *rr; - uint32_t ttl; - ldns_rdf *tmp; - ldns_status s; - ssize_t size; - - if (default_ttl) { - ttl = *default_ttl; - } else { - ttl = 0; - } - - line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); - if (!line) { - return LDNS_STATUS_MEM_ERR; - } - - /* read an entire line in from the file */ - if ((size = ldns_fget_token_l(fp, line, LDNS_PARSE_SKIP_SPACE, LDNS_MAX_LINELEN, line_nr)) == -1) { - LDNS_FREE(line); - /* if last line was empty, we are now at feof, which is not - * always a parse error (happens when for instance last line - * was a comment) - */ - return LDNS_STATUS_SYNTAX_ERR; - } - - /* we can have the situation, where we've read ok, but still got - * no bytes to play with, in this case size is 0 - */ - if (size == 0) { - LDNS_FREE(line); - return LDNS_STATUS_SYNTAX_EMPTY; - } - - if (strncmp(line, "$ORIGIN", 7) == 0 && isspace(line[7])) { - if (*origin) { - ldns_rdf_deep_free(*origin); - *origin = NULL; - } - tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, - ldns_strip_ws(line + 8)); - if (!tmp) { - /* could not parse what next to $ORIGIN */ - LDNS_FREE(line); - return LDNS_STATUS_SYNTAX_DNAME_ERR; - } - *origin = tmp; - s = LDNS_STATUS_SYNTAX_ORIGIN; - } else if (strncmp(line, "$TTL", 4) == 0 && isspace(line[4])) { - if (default_ttl) { - *default_ttl = ldns_str2period( - ldns_strip_ws(line + 5), &endptr); - } - s = LDNS_STATUS_SYNTAX_TTL; - } else if (strncmp(line, "$INCLUDE", 8) == 0) { - s = LDNS_STATUS_SYNTAX_INCLUDE; - } else if (!*ldns_strip_ws(line)) { - LDNS_FREE(line); - return LDNS_STATUS_SYNTAX_EMPTY; - } else { - if (origin && *origin) { - s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, *origin, prev); - } else { - s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, NULL, prev); - } - } - LDNS_FREE(line); - if (s == LDNS_STATUS_OK) { - if (newrr) { - *newrr = rr; - } else { - /* Just testing if it would parse? */ - ldns_rr_free(rr); - } - } - return s; -} - -void -ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner) -{ - rr->_owner = owner; -} - -void -ldns_rr_set_question(ldns_rr *rr, bool question) -{ - rr->_rr_question = question; -} - -void -ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl) -{ - rr->_ttl = ttl; -} - -void -ldns_rr_set_rd_count(ldns_rr *rr, size_t count) -{ - rr->_rd_count = count; -} - -void -ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type) -{ - rr->_rr_type = rr_type; -} - -void -ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class) -{ - rr->_rr_class = rr_class; -} - -ldns_rdf * -ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position) -{ - size_t rd_count; - ldns_rdf *pop; - - rd_count = ldns_rr_rd_count(rr); - if (position < rd_count) { - /* dicard the old one */ - pop = rr->_rdata_fields[position]; - rr->_rdata_fields[position] = (ldns_rdf*)f; - return pop; - } else { - return NULL; - } -} - -bool -ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f) -{ - size_t rd_count; - ldns_rdf **rdata_fields; - - rd_count = ldns_rr_rd_count(rr); - - /* grow the array */ - rdata_fields = LDNS_XREALLOC( - rr->_rdata_fields, ldns_rdf *, rd_count + 1); - if (!rdata_fields) { - return false; - } - - /* add the new member */ - rr->_rdata_fields = rdata_fields; - rr->_rdata_fields[rd_count] = (ldns_rdf*)f; - - ldns_rr_set_rd_count(rr, rd_count + 1); - return true; -} - -ldns_rdf * -ldns_rr_pop_rdf(ldns_rr *rr) -{ - size_t rd_count; - ldns_rdf *pop; - ldns_rdf** newrd; - - rd_count = ldns_rr_rd_count(rr); - - if (rd_count == 0) { - return NULL; - } - - pop = rr->_rdata_fields[rd_count - 1]; - - /* try to shrink the array */ - if(rd_count > 1) { - newrd = LDNS_XREALLOC( - rr->_rdata_fields, ldns_rdf *, rd_count - 1); - if(newrd) - rr->_rdata_fields = newrd; - } else { - LDNS_FREE(rr->_rdata_fields); - } - - ldns_rr_set_rd_count(rr, rd_count - 1); - return pop; -} - -ldns_rdf * -ldns_rr_rdf(const ldns_rr *rr, size_t nr) -{ - if (rr && nr < ldns_rr_rd_count(rr)) { - return rr->_rdata_fields[nr]; - } else { - return NULL; - } -} - -ldns_rdf * -ldns_rr_owner(const ldns_rr *rr) -{ - return rr->_owner; -} - -bool -ldns_rr_is_question(const ldns_rr *rr) -{ - return rr->_rr_question; -} - -uint32_t -ldns_rr_ttl(const ldns_rr *rr) -{ - return rr->_ttl; -} - -size_t -ldns_rr_rd_count(const ldns_rr *rr) -{ - return rr->_rd_count; -} - -ldns_rr_type -ldns_rr_get_type(const ldns_rr *rr) -{ - return rr->_rr_type; -} - -ldns_rr_class -ldns_rr_get_class(const ldns_rr *rr) -{ - return rr->_rr_class; -} - -/* rr_lists */ - -size_t -ldns_rr_list_rr_count(const ldns_rr_list *rr_list) -{ - if (rr_list) { - return rr_list->_rr_count; - } else { - return 0; - } -} - -ldns_rr * -ldns_rr_list_set_rr(ldns_rr_list *rr_list, const ldns_rr *r, size_t count) -{ - ldns_rr *old; - - if (count > ldns_rr_list_rr_count(rr_list)) { - return NULL; - } - - old = ldns_rr_list_rr(rr_list, count); - - /* overwrite old's pointer */ - rr_list->_rrs[count] = (ldns_rr*)r; - return old; -} - -void -ldns_rr_list_set_rr_count(ldns_rr_list *rr_list, size_t count) -{ - assert(count <= rr_list->_rr_capacity); - rr_list->_rr_count = count; -} - -ldns_rr * -ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr) -{ - if (nr < ldns_rr_list_rr_count(rr_list)) { - return rr_list->_rrs[nr]; - } else { - return NULL; - } -} - -ldns_rr_list * -ldns_rr_list_new(void) -{ - ldns_rr_list *rr_list = LDNS_MALLOC(ldns_rr_list); - if(!rr_list) return NULL; - rr_list->_rr_count = 0; - rr_list->_rr_capacity = 0; - rr_list->_rrs = NULL; - return rr_list; -} - -void -ldns_rr_list_free(ldns_rr_list *rr_list) -{ - if (rr_list) { - LDNS_FREE(rr_list->_rrs); - LDNS_FREE(rr_list); - } -} - -void -ldns_rr_list_deep_free(ldns_rr_list *rr_list) -{ - size_t i; - - if (rr_list) { - for (i=0; i < ldns_rr_list_rr_count(rr_list); i++) { - ldns_rr_free(ldns_rr_list_rr(rr_list, i)); - } - LDNS_FREE(rr_list->_rrs); - LDNS_FREE(rr_list); - } -} - - -/* add right to left. So we modify *left! */ -bool -ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right) -{ - size_t r_rr_count; - size_t i; - - if (!left) { - return false; - } - - if (right) { - r_rr_count = ldns_rr_list_rr_count(right); - } else { - r_rr_count = 0; - } - - /* push right to left */ - for(i = 0; i < r_rr_count; i++) { - ldns_rr_list_push_rr(left, ldns_rr_list_rr(right, i)); - } - return true; -} - -ldns_rr_list * -ldns_rr_list_cat_clone(ldns_rr_list *left, ldns_rr_list *right) -{ - size_t l_rr_count; - size_t r_rr_count; - size_t i; - ldns_rr_list *cat; - - if (left) { - l_rr_count = ldns_rr_list_rr_count(left); - } else { - return ldns_rr_list_clone(right); - } - - if (right) { - r_rr_count = ldns_rr_list_rr_count(right); - } else { - r_rr_count = 0; - } - - cat = ldns_rr_list_new(); - - if (!cat) { - return NULL; - } - - /* left */ - for(i = 0; i < l_rr_count; i++) { - ldns_rr_list_push_rr(cat, - ldns_rr_clone(ldns_rr_list_rr(left, i))); - } - /* right */ - for(i = 0; i < r_rr_count; i++) { - ldns_rr_list_push_rr(cat, - ldns_rr_clone(ldns_rr_list_rr(right, i))); - } - return cat; -} - -ldns_rr_list * -ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, size_t pos) -{ - size_t i; - ldns_rr_list *subtyped; - ldns_rdf *list_rdf; - - subtyped = ldns_rr_list_new(); - - for(i = 0; i < ldns_rr_list_rr_count(l); i++) { - list_rdf = ldns_rr_rdf( - ldns_rr_list_rr(l, i), - pos); - if (!list_rdf) { - /* pos is too large or any other error */ - ldns_rr_list_deep_free(subtyped); - return NULL; - } - - if (ldns_rdf_compare(list_rdf, r) == 0) { - /* a match */ - ldns_rr_list_push_rr(subtyped, - ldns_rr_clone(ldns_rr_list_rr(l, i))); - } - } - - if (ldns_rr_list_rr_count(subtyped) > 0) { - return subtyped; - } else { - ldns_rr_list_free(subtyped); - return NULL; - } -} - -bool -ldns_rr_list_push_rr(ldns_rr_list *rr_list, const ldns_rr *rr) -{ - size_t rr_count; - size_t cap; - - rr_count = ldns_rr_list_rr_count(rr_list); - cap = rr_list->_rr_capacity; - - /* grow the array */ - if(rr_count+1 > cap) { - ldns_rr **rrs; - - if(cap == 0) - cap = LDNS_RRLIST_INIT; /* initial list size */ - else cap *= 2; - rrs = LDNS_XREALLOC(rr_list->_rrs, ldns_rr *, cap); - if (!rrs) { - return false; - } - rr_list->_rrs = rrs; - rr_list->_rr_capacity = cap; - } - - /* add the new member */ - rr_list->_rrs[rr_count] = (ldns_rr*)rr; - - ldns_rr_list_set_rr_count(rr_list, rr_count + 1); - return true; -} - -bool -ldns_rr_list_push_rr_list(ldns_rr_list *rr_list, const ldns_rr_list *push_list) -{ - size_t i; - - for(i = 0; i < ldns_rr_list_rr_count(push_list); i++) { - if (!ldns_rr_list_push_rr(rr_list, - ldns_rr_list_rr(push_list, i))) { - return false; - } - } - return true; -} - -ldns_rr * -ldns_rr_list_pop_rr(ldns_rr_list *rr_list) -{ - size_t rr_count; - size_t cap; - ldns_rr *pop; - - rr_count = ldns_rr_list_rr_count(rr_list); - - if (rr_count == 0) { - return NULL; - } - - cap = rr_list->_rr_capacity; - pop = ldns_rr_list_rr(rr_list, rr_count - 1); - - /* shrink the array */ - if(cap > LDNS_RRLIST_INIT && rr_count-1 <= cap/2) { - ldns_rr** a; - cap /= 2; - a = LDNS_XREALLOC(rr_list->_rrs, ldns_rr *, cap); - if(a) { - rr_list->_rrs = a; - rr_list->_rr_capacity = cap; - } - } - - ldns_rr_list_set_rr_count(rr_list, rr_count - 1); - - return pop; -} - -ldns_rr_list * -ldns_rr_list_pop_rr_list(ldns_rr_list *rr_list, size_t howmany) -{ - /* pop a number of rr's and put them in a rr_list */ - ldns_rr_list *popped; - ldns_rr *p; - size_t i = howmany; - - popped = ldns_rr_list_new(); - - if (!popped) { - return NULL; - } - - - while(i > 0 && - (p = ldns_rr_list_pop_rr(rr_list)) != NULL) { - ldns_rr_list_push_rr(popped, p); - i--; - } - - if (i == howmany) { /* so i <= 0 */ - ldns_rr_list_free(popped); - return NULL; - } else { - return popped; - } -} - - -bool -ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, ldns_rr *rr) -{ - size_t i; - - if (!rr_list || !rr || ldns_rr_list_rr_count(rr_list) == 0) { - return false; - } - - for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { - if (rr == ldns_rr_list_rr(rr_list, i)) { - return true; - } else if (ldns_rr_compare(rr, ldns_rr_list_rr(rr_list, i)) == 0) { - return true; - } - } - return false; -} - -bool -ldns_is_rrset(ldns_rr_list *rr_list) -{ - ldns_rr_type t; - ldns_rr_class c; - ldns_rdf *o; - ldns_rr *tmp; - size_t i; - - if (!rr_list || ldns_rr_list_rr_count(rr_list) == 0) { - return false; - } - - tmp = ldns_rr_list_rr(rr_list, 0); - - t = ldns_rr_get_type(tmp); - c = ldns_rr_get_class(tmp); - o = ldns_rr_owner(tmp); - - /* compare these with the rest of the rr_list, start with 1 */ - for (i = 1; i < ldns_rr_list_rr_count(rr_list); i++) { - tmp = ldns_rr_list_rr(rr_list, i); - if (t != ldns_rr_get_type(tmp)) { - return false; - } - if (c != ldns_rr_get_class(tmp)) { - return false; - } - if (ldns_rdf_compare(o, ldns_rr_owner(tmp)) != 0) { - return false; - } - } - return true; -} - -bool -ldns_rr_set_push_rr(ldns_rr_list *rr_list, ldns_rr *rr) -{ - size_t rr_count; - size_t i; - ldns_rr *last; - - assert(rr != NULL); - - rr_count = ldns_rr_list_rr_count(rr_list); - - if (rr_count == 0) { - /* nothing there, so checking it is - * not needed */ - return ldns_rr_list_push_rr(rr_list, rr); - } else { - /* check with the final rr in the rr_list */ - last = ldns_rr_list_rr(rr_list, rr_count - 1); - - if (ldns_rr_get_class(last) != ldns_rr_get_class(rr)) { - return false; - } - if (ldns_rr_get_type(last) != ldns_rr_get_type(rr)) { - return false; - } - /* only check if not equal to RRSIG */ - if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) { - if (ldns_rr_ttl(last) != ldns_rr_ttl(rr)) { - return false; - } - } - if (ldns_rdf_compare(ldns_rr_owner(last), - ldns_rr_owner(rr)) != 0) { - return false; - } - /* ok, still alive - check if the rr already - * exists - if so, dont' add it */ - for(i = 0; i < rr_count; i++) { - if(ldns_rr_compare( - ldns_rr_list_rr(rr_list, i), rr) == 0) { - return false; - } - } - /* it's safe, push it */ - return ldns_rr_list_push_rr(rr_list, rr); - } -} - -ldns_rr * -ldns_rr_set_pop_rr(ldns_rr_list *rr_list) -{ - return ldns_rr_list_pop_rr(rr_list); -} - -ldns_rr_list * -ldns_rr_list_pop_rrset(ldns_rr_list *rr_list) -{ - ldns_rr_list *rrset; - ldns_rr *last_rr = NULL; - ldns_rr *next_rr; - - if (!rr_list) { - return NULL; - } - - rrset = ldns_rr_list_new(); - if (!last_rr) { - last_rr = ldns_rr_list_pop_rr(rr_list); - if (!last_rr) { - ldns_rr_list_free(rrset); - return NULL; - } else { - ldns_rr_list_push_rr(rrset, last_rr); - } - } - - if (ldns_rr_list_rr_count(rr_list) > 0) { - next_rr = ldns_rr_list_rr(rr_list, ldns_rr_list_rr_count(rr_list) - 1); - } else { - next_rr = NULL; - } - - while (next_rr) { - if ( - ldns_rdf_compare(ldns_rr_owner(next_rr), - ldns_rr_owner(last_rr)) == 0 - && - ldns_rr_get_type(next_rr) == ldns_rr_get_type(last_rr) - && - ldns_rr_get_class(next_rr) == ldns_rr_get_class(last_rr) - ) { - ldns_rr_list_push_rr(rrset, ldns_rr_list_pop_rr(rr_list)); - if (ldns_rr_list_rr_count(rr_list) > 0) { - last_rr = next_rr; - next_rr = ldns_rr_list_rr(rr_list, ldns_rr_list_rr_count(rr_list) - 1); - } else { - next_rr = NULL; - } - } else { - next_rr = NULL; - } - } - - return rrset; -} - -ldns_rr * -ldns_rr_clone(const ldns_rr *rr) -{ - size_t i; - ldns_rr *new_rr; - - if (!rr) { - return NULL; - } - - new_rr = ldns_rr_new(); - if (!new_rr) { - return NULL; - } - if (ldns_rr_owner(rr)) { - ldns_rr_set_owner(new_rr, ldns_rdf_clone(ldns_rr_owner(rr))); - } - ldns_rr_set_ttl(new_rr, ldns_rr_ttl(rr)); - ldns_rr_set_type(new_rr, ldns_rr_get_type(rr)); - ldns_rr_set_class(new_rr, ldns_rr_get_class(rr)); - ldns_rr_set_question(new_rr, ldns_rr_is_question(rr)); - - for (i = 0; i < ldns_rr_rd_count(rr); i++) { - if (ldns_rr_rdf(rr,i)) { - ldns_rr_push_rdf(new_rr, ldns_rdf_clone(ldns_rr_rdf(rr, i))); - } - } - - return new_rr; -} - -ldns_rr_list * -ldns_rr_list_clone(const ldns_rr_list *rrlist) -{ - size_t i; - ldns_rr_list *new_list; - ldns_rr *r; - - if (!rrlist) { - return NULL; - } - - new_list = ldns_rr_list_new(); - if (!new_list) { - return NULL; - } - for (i = 0; i < ldns_rr_list_rr_count(rrlist); i++) { - r = ldns_rr_clone( - ldns_rr_list_rr(rrlist, i) - ); - if (!r) { - /* huh, failure in cloning */ - ldns_rr_list_deep_free(new_list); - return NULL; - } - ldns_rr_list_push_rr(new_list, r); - } - return new_list; -} - - -static int -qsort_schwartz_rr_compare(const void *a, const void *b) -{ - int result = 0; - ldns_rr *rr1, *rr2; - ldns_buffer *rr1_buf, *rr2_buf; - struct ldns_schwartzian_compare_struct *sa = *(struct ldns_schwartzian_compare_struct **) a; - struct ldns_schwartzian_compare_struct *sb = *(struct ldns_schwartzian_compare_struct **) b; - /* if we are doing 2wire, we need to do lowercasing on the dname (and maybe on the rdata) - * this must be done for comparison only, so we need to have a temp var for both buffers, - * which is only used when the transformed object value isn't there yet - */ - ldns_rr *canonical_a, *canonical_b; - - rr1 = (ldns_rr *) sa->original_object; - rr2 = (ldns_rr *) sb->original_object; - - result = ldns_rr_compare_no_rdata(rr1, rr2); - - if (result == 0) { - if (!sa->transformed_object) { - canonical_a = ldns_rr_clone(sa->original_object); - ldns_rr2canonical(canonical_a); - sa->transformed_object = ldns_buffer_new(ldns_rr_uncompressed_size(canonical_a)); - if (ldns_rr2buffer_wire(sa->transformed_object, canonical_a, LDNS_SECTION_ANY) != LDNS_STATUS_OK) { - ldns_buffer_free((ldns_buffer *)sa->transformed_object); - sa->transformed_object = NULL; - ldns_rr_free(canonical_a); - return 0; - } - ldns_rr_free(canonical_a); - } - if (!sb->transformed_object) { - canonical_b = ldns_rr_clone(sb->original_object); - ldns_rr2canonical(canonical_b); - sb->transformed_object = ldns_buffer_new(ldns_rr_uncompressed_size(canonical_b)); - if (ldns_rr2buffer_wire(sb->transformed_object, canonical_b, LDNS_SECTION_ANY) != LDNS_STATUS_OK) { - ldns_buffer_free((ldns_buffer *)sa->transformed_object); - ldns_buffer_free((ldns_buffer *)sb->transformed_object); - sa->transformed_object = NULL; - sb->transformed_object = NULL; - ldns_rr_free(canonical_b); - return 0; - } - ldns_rr_free(canonical_b); - } - rr1_buf = (ldns_buffer *) sa->transformed_object; - rr2_buf = (ldns_buffer *) sb->transformed_object; - - result = ldns_rr_compare_wire(rr1_buf, rr2_buf); - } - - return result; -} - -void -ldns_rr_list_sort(ldns_rr_list *unsorted) -{ - struct ldns_schwartzian_compare_struct **sortables; - size_t item_count; - size_t i; - - if (unsorted) { - item_count = ldns_rr_list_rr_count(unsorted); - - sortables = LDNS_XMALLOC(struct ldns_schwartzian_compare_struct *, - item_count); - if(!sortables) return; /* no way to return error */ - for (i = 0; i < item_count; i++) { - sortables[i] = LDNS_XMALLOC(struct ldns_schwartzian_compare_struct, 1); - if(!sortables[i]) { - /* free the allocated parts */ - while(i>0) { - i--; - LDNS_FREE(sortables[i]); - } - /* no way to return error */ - LDNS_FREE(sortables); - return; - } - sortables[i]->original_object = ldns_rr_list_rr(unsorted, i); - sortables[i]->transformed_object = NULL; - } - qsort(sortables, - item_count, - sizeof(struct ldns_schwartzian_compare_struct *), - qsort_schwartz_rr_compare); - for (i = 0; i < item_count; i++) { - unsorted->_rrs[i] = sortables[i]->original_object; - if (sortables[i]->transformed_object) { - ldns_buffer_free(sortables[i]->transformed_object); - } - LDNS_FREE(sortables[i]); - } - LDNS_FREE(sortables); - } -} - -int -ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2) -{ - size_t rr1_len; - size_t rr2_len; - size_t offset; - - assert(rr1 != NULL); - assert(rr2 != NULL); - - rr1_len = ldns_rr_uncompressed_size(rr1); - rr2_len = ldns_rr_uncompressed_size(rr2); - - if (ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)) < 0) { - return -1; - } else if (ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)) > 0) { - return 1; - } - - /* should return -1 if rr1 comes before rr2, so need to do rr1 - rr2, not rr2 - rr1 */ - if (ldns_rr_get_class(rr1) != ldns_rr_get_class(rr2)) { - return ldns_rr_get_class(rr1) - ldns_rr_get_class(rr2); - } - - /* should return -1 if rr1 comes before rr2, so need to do rr1 - rr2, not rr2 - rr1 */ - if (ldns_rr_get_type(rr1) != ldns_rr_get_type(rr2)) { - return ldns_rr_get_type(rr1) - ldns_rr_get_type(rr2); - } - - /* offset is the owername length + ttl + type + class + rdlen == start of wire format rdata */ - offset = ldns_rdf_size(ldns_rr_owner(rr1)) + 4 + 2 + 2 + 2; - /* if either record doesn't have any RDATA... */ - if (offset > rr1_len || offset > rr2_len) { - if (rr1_len == rr2_len) { - return 0; - } - return ((int) rr2_len - (int) rr1_len); - } - - return 0; -} - -int ldns_rr_compare_wire(ldns_buffer *rr1_buf, ldns_buffer *rr2_buf) -{ - size_t rr1_len, rr2_len, min_len, i, offset; - - rr1_len = ldns_buffer_capacity(rr1_buf); - rr2_len = ldns_buffer_capacity(rr2_buf); - - /* jump past dname (checked in earlier part) - * and especially past TTL */ - offset = 0; - while (offset < rr1_len && *ldns_buffer_at(rr1_buf, offset) != 0) { - offset += *ldns_buffer_at(rr1_buf, offset) + 1; - } - /* jump to rdata section (PAST the rdata length field, otherwise - rrs with different lengths might be sorted erroneously */ - offset += 11; - min_len = (rr1_len < rr2_len) ? rr1_len : rr2_len; - /* Compare RRs RDATA byte for byte. */ - for(i = offset; i < min_len; i++) { - if (*ldns_buffer_at(rr1_buf,i) < *ldns_buffer_at(rr2_buf,i)) { - return -1; - } else if (*ldns_buffer_at(rr1_buf,i) > *ldns_buffer_at(rr2_buf,i)) { - return +1; - } - } - - /* If both RDATAs are the same up to min_len, then the shorter one sorts first. */ - if (rr1_len < rr2_len) { - return -1; - } else if (rr1_len > rr2_len) { - return +1; - } - /* The RDATAs are equal. */ - return 0; - -} - -int -ldns_rr_compare(const ldns_rr *rr1, const ldns_rr *rr2) -{ - int result; - size_t rr1_len, rr2_len; - - ldns_buffer *rr1_buf; - ldns_buffer *rr2_buf; - - result = ldns_rr_compare_no_rdata(rr1, rr2); - if (result == 0) { - rr1_len = ldns_rr_uncompressed_size(rr1); - rr2_len = ldns_rr_uncompressed_size(rr2); - - rr1_buf = ldns_buffer_new(rr1_len); - rr2_buf = ldns_buffer_new(rr2_len); - - if (ldns_rr2buffer_wire_canonical(rr1_buf, - rr1, - LDNS_SECTION_ANY) - != LDNS_STATUS_OK) { - ldns_buffer_free(rr1_buf); - ldns_buffer_free(rr2_buf); - return 0; - } - if (ldns_rr2buffer_wire_canonical(rr2_buf, - rr2, - LDNS_SECTION_ANY) - != LDNS_STATUS_OK) { - ldns_buffer_free(rr1_buf); - ldns_buffer_free(rr2_buf); - return 0; - } - - result = ldns_rr_compare_wire(rr1_buf, rr2_buf); - - ldns_buffer_free(rr1_buf); - ldns_buffer_free(rr2_buf); - } - - return result; -} - -/* convert dnskey to a ds with the given algorithm, - * then compare the result with the given ds */ -static int -ldns_rr_compare_ds_dnskey(ldns_rr *ds, - ldns_rr *dnskey) -{ - ldns_rr *ds_gen; - bool result = false; - ldns_hash algo; - - if (!dnskey || !ds || - ldns_rr_get_type(ds) != LDNS_RR_TYPE_DS || - ldns_rr_get_type(dnskey) != LDNS_RR_TYPE_DNSKEY) { - return false; - } - - if (ldns_rr_rdf(ds, 2) == NULL) { - return false; - } - algo = ldns_rdf2native_int8(ldns_rr_rdf(ds, 2)); - - ds_gen = ldns_key_rr2ds(dnskey, algo); - if (ds_gen) { - result = ldns_rr_compare(ds, ds_gen) == 0; - ldns_rr_free(ds_gen); - } - return result; -} - -bool -ldns_rr_compare_ds(const ldns_rr *orr1, const ldns_rr *orr2) -{ - bool result; - ldns_rr *rr1 = ldns_rr_clone(orr1); - ldns_rr *rr2 = ldns_rr_clone(orr2); - - /* set ttls to zero */ - ldns_rr_set_ttl(rr1, 0); - ldns_rr_set_ttl(rr2, 0); - - if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DS && - ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DNSKEY) { - result = ldns_rr_compare_ds_dnskey(rr1, rr2); - } else if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DNSKEY && - ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DS) { - result = ldns_rr_compare_ds_dnskey(rr2, rr1); - } else { - result = (ldns_rr_compare(rr1, rr2) == 0); - } - - ldns_rr_free(rr1); - ldns_rr_free(rr2); - - return result; -} - -int -ldns_rr_list_compare(const ldns_rr_list *rrl1, const ldns_rr_list *rrl2) -{ - size_t i = 0; - int rr_cmp; - - assert(rrl1 != NULL); - assert(rrl2 != NULL); - - for (i = 0; i < ldns_rr_list_rr_count(rrl1) && i < ldns_rr_list_rr_count(rrl2); i++) { - rr_cmp = ldns_rr_compare(ldns_rr_list_rr(rrl1, i), ldns_rr_list_rr(rrl2, i)); - if (rr_cmp != 0) { - return rr_cmp; - } - } - - if (i == ldns_rr_list_rr_count(rrl1) && - i != ldns_rr_list_rr_count(rrl2)) { - return 1; - } else if (i == ldns_rr_list_rr_count(rrl2) && - i != ldns_rr_list_rr_count(rrl1)) { - return -1; - } else { - return 0; - } -} - -size_t -ldns_rr_uncompressed_size(const ldns_rr *r) -{ - size_t rrsize; - size_t i; - - rrsize = 0; - /* add all the rdf sizes */ - for(i = 0; i < ldns_rr_rd_count(r); i++) { - rrsize += ldns_rdf_size(ldns_rr_rdf(r, i)); - } - /* ownername */ - rrsize += ldns_rdf_size(ldns_rr_owner(r)); - rrsize += LDNS_RR_OVERHEAD; - return rrsize; -} - -void -ldns_rr2canonical(ldns_rr *rr) -{ - uint16_t i; - - if (!rr) { - return; - } - - ldns_dname2canonical(ldns_rr_owner(rr)); - - /* - * lowercase the rdata dnames if the rr type is one - * of the list in chapter 7 of RFC3597 - * Also added RRSIG, because a "Signer's Name" should be canonicalized - * too. See dnssec-bis-updates-16. We can add it to this list because - * the "Signer's Name" is the only dname type rdata field in a RRSIG. - */ - switch(ldns_rr_get_type(rr)) { - case LDNS_RR_TYPE_NS: - case LDNS_RR_TYPE_MD: - case LDNS_RR_TYPE_MF: - case LDNS_RR_TYPE_CNAME: - case LDNS_RR_TYPE_SOA: - case LDNS_RR_TYPE_MB: - case LDNS_RR_TYPE_MG: - case LDNS_RR_TYPE_MR: - case LDNS_RR_TYPE_PTR: - case LDNS_RR_TYPE_MINFO: - case LDNS_RR_TYPE_MX: - case LDNS_RR_TYPE_RP: - case LDNS_RR_TYPE_AFSDB: - case LDNS_RR_TYPE_RT: - case LDNS_RR_TYPE_SIG: - case LDNS_RR_TYPE_PX: - case LDNS_RR_TYPE_NXT: - case LDNS_RR_TYPE_NAPTR: - case LDNS_RR_TYPE_KX: - case LDNS_RR_TYPE_SRV: - case LDNS_RR_TYPE_DNAME: - case LDNS_RR_TYPE_A6: - case LDNS_RR_TYPE_RRSIG: - for (i = 0; i < ldns_rr_rd_count(rr); i++) { - ldns_dname2canonical(ldns_rr_rdf(rr, i)); - } - return; - default: - /* do nothing */ - return; - } -} - -void -ldns_rr_list2canonical(ldns_rr_list *rr_list) -{ - size_t i; - for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { - ldns_rr2canonical(ldns_rr_list_rr(rr_list, i)); - } -} - -uint8_t -ldns_rr_label_count(ldns_rr *rr) -{ - if (!rr) { - return 0; - } - return ldns_dname_label_count( - ldns_rr_owner(rr)); -} - -/** \cond */ -static const ldns_rdf_type type_0_wireformat[] = { LDNS_RDF_TYPE_UNKNOWN }; -static const ldns_rdf_type type_a_wireformat[] = { LDNS_RDF_TYPE_A }; -static const ldns_rdf_type type_ns_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const ldns_rdf_type type_md_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const ldns_rdf_type type_mf_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const ldns_rdf_type type_cname_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const ldns_rdf_type type_soa_wireformat[] = { - LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_INT32, - LDNS_RDF_TYPE_PERIOD, LDNS_RDF_TYPE_PERIOD, LDNS_RDF_TYPE_PERIOD, - LDNS_RDF_TYPE_PERIOD -}; -static const ldns_rdf_type type_mb_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const ldns_rdf_type type_mg_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const ldns_rdf_type type_mr_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const ldns_rdf_type type_wks_wireformat[] = { - LDNS_RDF_TYPE_A, LDNS_RDF_TYPE_WKS -}; -static const ldns_rdf_type type_ptr_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const ldns_rdf_type type_hinfo_wireformat[] = { - LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR -}; -static const ldns_rdf_type type_minfo_wireformat[] = { - LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME -}; -static const ldns_rdf_type type_mx_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME -}; -static const ldns_rdf_type type_rp_wireformat[] = { - LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME -}; -static const ldns_rdf_type type_afsdb_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME -}; -static const ldns_rdf_type type_x25_wireformat[] = { LDNS_RDF_TYPE_STR }; -static const ldns_rdf_type type_isdn_wireformat[] = { - LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR -}; -static const ldns_rdf_type type_rt_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME -}; -static const ldns_rdf_type type_nsap_wireformat[] = { - LDNS_RDF_TYPE_NSAP -}; -static const ldns_rdf_type type_nsap_ptr_wireformat[] = { - LDNS_RDF_TYPE_STR -}; -static const ldns_rdf_type type_sig_wireformat[] = { - LDNS_RDF_TYPE_TYPE, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT32, - LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_B64 -}; -static const ldns_rdf_type type_key_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_B64 -}; -static const ldns_rdf_type type_px_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME -}; -static const ldns_rdf_type type_gpos_wireformat[] = { - LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR -}; -static const ldns_rdf_type type_aaaa_wireformat[] = { LDNS_RDF_TYPE_AAAA }; -static const ldns_rdf_type type_loc_wireformat[] = { LDNS_RDF_TYPE_LOC }; -static const ldns_rdf_type type_nxt_wireformat[] = { - LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_UNKNOWN -}; -static const ldns_rdf_type type_eid_wireformat[] = { - LDNS_RDF_TYPE_HEX -}; -static const ldns_rdf_type type_nimloc_wireformat[] = { - LDNS_RDF_TYPE_HEX -}; -static const ldns_rdf_type type_srv_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME -}; -static const ldns_rdf_type type_atma_wireformat[] = { - LDNS_RDF_TYPE_ATMA -}; -static const ldns_rdf_type type_naptr_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_DNAME -}; -static const ldns_rdf_type type_kx_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME -}; -static const ldns_rdf_type type_cert_wireformat[] = { - LDNS_RDF_TYPE_CERT_ALG, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_B64 -}; -static const ldns_rdf_type type_a6_wireformat[] = { LDNS_RDF_TYPE_UNKNOWN }; -static const ldns_rdf_type type_dname_wireformat[] = { LDNS_RDF_TYPE_DNAME }; -static const ldns_rdf_type type_sink_wireformat[] = { LDNS_RDF_TYPE_INT8, - LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_B64 -}; -static const ldns_rdf_type type_apl_wireformat[] = { - LDNS_RDF_TYPE_APL -}; -static const ldns_rdf_type type_ds_wireformat[] = { - LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX -}; -static const ldns_rdf_type type_sshfp_wireformat[] = { - LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX -}; -static const ldns_rdf_type type_ipseckey_wireformat[] = { - LDNS_RDF_TYPE_IPSECKEY -}; -static const ldns_rdf_type type_rrsig_wireformat[] = { - LDNS_RDF_TYPE_TYPE, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT32, - LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_B64 -}; -static const ldns_rdf_type type_nsec_wireformat[] = { - LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_NSEC -}; -static const ldns_rdf_type type_dhcid_wireformat[] = { - LDNS_RDF_TYPE_B64 -}; -static const ldns_rdf_type type_talink_wireformat[] = { - LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME -}; -/*@unused@*/ static const ldns_rdf_type type_openpgpkey_wireformat[] = { - LDNS_RDF_TYPE_B64 -}; -/* nsec3 is some vars, followed by same type of data of nsec */ -static const ldns_rdf_type type_nsec3_wireformat[] = { -/* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/ - LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_NSEC3_SALT, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC -}; - -static const ldns_rdf_type type_nsec3param_wireformat[] = { -/* LDNS_RDF_TYPE_NSEC3_PARAMS_VARS*/ - LDNS_RDF_TYPE_INT8, - LDNS_RDF_TYPE_INT8, - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_NSEC3_SALT -}; - -static const ldns_rdf_type type_dnskey_wireformat[] = { - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_INT8, - LDNS_RDF_TYPE_ALG, - LDNS_RDF_TYPE_B64 -}; -static const ldns_rdf_type type_tkey_wireformat[] = { - LDNS_RDF_TYPE_DNAME, - LDNS_RDF_TYPE_TIME, - LDNS_RDF_TYPE_TIME, - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_INT16_DATA, - LDNS_RDF_TYPE_INT16_DATA, -}; -static const ldns_rdf_type type_tsig_wireformat[] = { - LDNS_RDF_TYPE_DNAME, - LDNS_RDF_TYPE_TSIGTIME, - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_INT16_DATA, - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_INT16_DATA -}; -static const ldns_rdf_type type_tlsa_wireformat[] = { - LDNS_RDF_TYPE_CERTIFICATE_USAGE, - LDNS_RDF_TYPE_SELECTOR, - LDNS_RDF_TYPE_MATCHING_TYPE, - LDNS_RDF_TYPE_HEX -}; -static const ldns_rdf_type type_hip_wireformat[] = { - LDNS_RDF_TYPE_HIP -}; -static const ldns_rdf_type type_nid_wireformat[] = { - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_ILNP64 -}; -static const ldns_rdf_type type_l32_wireformat[] = { - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_A -}; -static const ldns_rdf_type type_l64_wireformat[] = { - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_ILNP64 -}; -static const ldns_rdf_type type_lp_wireformat[] = { - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_DNAME -}; -static const ldns_rdf_type type_eui48_wireformat[] = { - LDNS_RDF_TYPE_EUI48 -}; -static const ldns_rdf_type type_eui64_wireformat[] = { - LDNS_RDF_TYPE_EUI64 -}; -#ifdef RRTYPE_URI -static const ldns_rdf_type type_uri_wireformat[] = { - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_INT16, - LDNS_RDF_TYPE_LONG_STR -}; -#endif -static const ldns_rdf_type type_caa_wireformat[] = { - LDNS_RDF_TYPE_INT8, - LDNS_RDF_TYPE_TAG, - LDNS_RDF_TYPE_LONG_STR -}; -/** \endcond */ - -/** \cond */ -/* All RR's defined in 1035 are well known and can thus - * be compressed. See RFC3597. These RR's are: - * CNAME HINFO MB MD MF MG MINFO MR MX NULL NS PTR SOA TXT - */ -static ldns_rr_descriptor rdata_field_descriptors[] = { - /* 0 */ - { 0, NULL, 0, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 1 */ - {LDNS_RR_TYPE_A, "A", 1, 1, type_a_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 2 */ - {LDNS_RR_TYPE_NS, "NS", 1, 1, type_ns_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 3 */ - {LDNS_RR_TYPE_MD, "MD", 1, 1, type_md_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 4 */ - {LDNS_RR_TYPE_MF, "MF", 1, 1, type_mf_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 5 */ - {LDNS_RR_TYPE_CNAME, "CNAME", 1, 1, type_cname_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 6 */ - {LDNS_RR_TYPE_SOA, "SOA", 7, 7, type_soa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 2 }, - /* 7 */ - {LDNS_RR_TYPE_MB, "MB", 1, 1, type_mb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 8 */ - {LDNS_RR_TYPE_MG, "MG", 1, 1, type_mg_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 9 */ - {LDNS_RR_TYPE_MR, "MR", 1, 1, type_mr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 10 */ - {LDNS_RR_TYPE_NULL, "NULL", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 11 */ - {LDNS_RR_TYPE_WKS, "WKS", 2, 2, type_wks_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 12 */ - {LDNS_RR_TYPE_PTR, "PTR", 1, 1, type_ptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 13 */ - {LDNS_RR_TYPE_HINFO, "HINFO", 2, 2, type_hinfo_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 14 */ - {LDNS_RR_TYPE_MINFO, "MINFO", 2, 2, type_minfo_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 2 }, - /* 15 */ - {LDNS_RR_TYPE_MX, "MX", 2, 2, type_mx_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, - /* 16 */ - {LDNS_RR_TYPE_TXT, "TXT", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, - /* 17 */ - {LDNS_RR_TYPE_RP, "RP", 2, 2, type_rp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 }, - /* 18 */ - {LDNS_RR_TYPE_AFSDB, "AFSDB", 2, 2, type_afsdb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 19 */ - {LDNS_RR_TYPE_X25, "X25", 1, 1, type_x25_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 20 */ - {LDNS_RR_TYPE_ISDN, "ISDN", 1, 2, type_isdn_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 21 */ - {LDNS_RR_TYPE_RT, "RT", 2, 2, type_rt_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 22 */ - {LDNS_RR_TYPE_NSAP, "NSAP", 1, 1, type_nsap_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 23 */ - {LDNS_RR_TYPE_NSAP_PTR, "NSAP-PTR", 1, 1, type_nsap_ptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 24 */ - {LDNS_RR_TYPE_SIG, "SIG", 9, 9, type_sig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 25 */ - {LDNS_RR_TYPE_KEY, "KEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 26 */ - {LDNS_RR_TYPE_PX, "PX", 3, 3, type_px_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 }, - /* 27 */ - {LDNS_RR_TYPE_GPOS, "GPOS", 3, 3, type_gpos_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 28 */ - {LDNS_RR_TYPE_AAAA, "AAAA", 1, 1, type_aaaa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 29 */ - {LDNS_RR_TYPE_LOC, "LOC", 1, 1, type_loc_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 30 */ - {LDNS_RR_TYPE_NXT, "NXT", 2, 2, type_nxt_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 31 */ - {LDNS_RR_TYPE_EID, "EID", 1, 1, type_eid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 32 */ - {LDNS_RR_TYPE_NIMLOC, "NIMLOC", 1, 1, type_nimloc_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 33 */ - {LDNS_RR_TYPE_SRV, "SRV", 4, 4, type_srv_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 34 */ - {LDNS_RR_TYPE_ATMA, "ATMA", 1, 1, type_atma_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 35 */ - {LDNS_RR_TYPE_NAPTR, "NAPTR", 6, 6, type_naptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 36 */ - {LDNS_RR_TYPE_KX, "KX", 2, 2, type_kx_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 37 */ - {LDNS_RR_TYPE_CERT, "CERT", 4, 4, type_cert_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 38 */ - {LDNS_RR_TYPE_A6, "A6", 1, 1, type_a6_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 39 */ - {LDNS_RR_TYPE_DNAME, "DNAME", 1, 1, type_dname_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 40 */ - {LDNS_RR_TYPE_SINK, "SINK", 1, 1, type_sink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 41 */ - {LDNS_RR_TYPE_OPT, "OPT", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 42 */ - {LDNS_RR_TYPE_APL, "APL", 0, 0, type_apl_wireformat, LDNS_RDF_TYPE_APL, LDNS_RR_NO_COMPRESS, 0 }, - /* 43 */ - {LDNS_RR_TYPE_DS, "DS", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 44 */ - {LDNS_RR_TYPE_SSHFP, "SSHFP", 3, 3, type_sshfp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 45 */ - {LDNS_RR_TYPE_IPSECKEY, "IPSECKEY", 1, 1, type_ipseckey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 46 */ - {LDNS_RR_TYPE_RRSIG, "RRSIG", 9, 9, type_rrsig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 47 */ - {LDNS_RR_TYPE_NSEC, "NSEC", 1, 2, type_nsec_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 48 */ - {LDNS_RR_TYPE_DNSKEY, "DNSKEY", 4, 4, type_dnskey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 49 */ - {LDNS_RR_TYPE_DHCID, "DHCID", 1, 1, type_dhcid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 50 */ - {LDNS_RR_TYPE_NSEC3, "NSEC3", 5, 6, type_nsec3_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 51 */ - {LDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 52 */ - {LDNS_RR_TYPE_TLSA, "TLSA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - -{LDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - - /* 55 - * Hip ends with 0 or more Rendezvous Servers represented as dname's. - * Hence the LDNS_RDF_TYPE_DNAME _variable field and the _maximum field - * set to 0. - */ - {LDNS_RR_TYPE_HIP, "HIP", 1, 1, type_hip_wireformat, LDNS_RDF_TYPE_DNAME, LDNS_RR_NO_COMPRESS, 0 }, - -#ifdef RRTYPE_NINFO - /* 56 */ - {LDNS_RR_TYPE_NINFO, "NINFO", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, -#else -{LDNS_RR_TYPE_NULL, "TYPE56", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#endif -#ifdef RRTYPE_RKEY - /* 57 */ - {LDNS_RR_TYPE_RKEY, "RKEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#else -{LDNS_RR_TYPE_NULL, "TYPE57", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#endif - /* 58 */ - {LDNS_RR_TYPE_TALINK, "TALINK", 2, 2, type_talink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 }, - - /* 59 */ - {LDNS_RR_TYPE_CDS, "CDS", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 60 */ - {LDNS_RR_TYPE_CDNSKEY, "CDNSKEY", 4, 4, type_dnskey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - -#ifdef RRTYPE_OPENPGPKEY - /* 61 */ - {LDNS_RR_TYPE_OPENPGPKEY, "OPENPGPKEY", 1, 1, type_openpgpkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#else -{LDNS_RR_TYPE_NULL, "TYPE61", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#endif - -{LDNS_RR_TYPE_NULL, "TYPE62", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE69", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE70", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE71", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE72", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE73", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE74", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE75", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE76", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE77", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE78", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE79", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE80", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE81", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE82", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE83", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE84", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE85", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE86", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE87", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE88", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE89", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE90", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE91", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE92", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE93", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE94", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE95", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE96", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE97", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE98", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - - /* 99 */ - {LDNS_RR_TYPE_SPF, "SPF", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, - - /* UINFO [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE100", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* UID [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE101", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* GID [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE102", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* UNSPEC [IANA-Reserved] */ -{LDNS_RR_TYPE_NULL, "TYPE103", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - - /* 104 */ - {LDNS_RR_TYPE_NID, "NID", 2, 2, type_nid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 105 */ - {LDNS_RR_TYPE_L32, "L32", 2, 2, type_l32_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 106 */ - {LDNS_RR_TYPE_L64, "L64", 2, 2, type_l64_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 107 */ - {LDNS_RR_TYPE_LP, "LP", 2, 2, type_lp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* 108 */ - {LDNS_RR_TYPE_EUI48, "EUI48", 1, 1, type_eui48_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* 109 */ - {LDNS_RR_TYPE_EUI64, "EUI64", 1, 1, type_eui64_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - -{LDNS_RR_TYPE_NULL, "TYPE110", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE111", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE112", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE113", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE114", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE115", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE116", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE117", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE118", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE119", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE120", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE121", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE122", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE123", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE124", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE125", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE126", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE127", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE128", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE129", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE130", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE131", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE132", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE133", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE134", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE135", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE136", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE137", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE138", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE139", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE140", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE141", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE142", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE143", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE144", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE145", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE146", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE147", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE148", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE149", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE150", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE151", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE152", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE153", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE154", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE155", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE156", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE157", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE158", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE159", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE160", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE161", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE162", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE163", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE164", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE165", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE166", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE167", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE168", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE169", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE170", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE171", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE172", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE173", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE174", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE175", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE176", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE177", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE178", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE179", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE180", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE181", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE182", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE183", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE184", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE185", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE186", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE187", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE188", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE189", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE190", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE191", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE192", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE193", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE194", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE195", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE196", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE197", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE198", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE199", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE200", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE201", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE202", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE203", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE204", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE205", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE206", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE207", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE208", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE209", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE210", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE211", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE212", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE213", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE214", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE215", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE216", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE217", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE218", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE219", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE220", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE221", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE222", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE223", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE224", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE225", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE226", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE227", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE228", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE229", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE230", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE231", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE232", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE233", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE234", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE235", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE236", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE237", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE238", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE239", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE240", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE241", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE242", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE243", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE244", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE245", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE246", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE247", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -{LDNS_RR_TYPE_NULL, "TYPE248", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - - /* LDNS_RDF_TYPE_INT16_DATA takes two fields (length and data) as one. - * So, unlike RFC 2930 spec, we have 7 min/max rdf's i.s.o. 8/9. - */ - /* 249 */ - {LDNS_RR_TYPE_TKEY, "TKEY", 7, 7, type_tkey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - /* LDNS_RDF_TYPE_INT16_DATA takes two fields (length and data) as one. - * So, unlike RFC 2930 spec, we have 7 min/max rdf's i.s.o. 8/9. - */ - /* 250 */ - {LDNS_RR_TYPE_TSIG, "TSIG", 7, 7, type_tsig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, - - /* IXFR: A request for a transfer of an incremental zone transfer */ -{LDNS_RR_TYPE_NULL, "TYPE251", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* AXFR: A request for a transfer of an entire zone */ -{LDNS_RR_TYPE_NULL, "TYPE252", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* MAILB: A request for mailbox-related records (MB, MG or MR) */ -{LDNS_RR_TYPE_NULL, "TYPE253", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* MAILA: A request for mail agent RRs (Obsolete - see MX) */ -{LDNS_RR_TYPE_NULL, "TYPE254", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - /* ANY: A request for all (available) records */ -{LDNS_RR_TYPE_NULL, "TYPE255", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - -#ifdef RRTYPE_URI - /* 256 */ - {LDNS_RR_TYPE_URI, "URI", 3, 3, type_uri_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#else -{LDNS_RR_TYPE_NULL, "TYPE256", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#endif - /* 257 */ - {LDNS_RR_TYPE_CAA, "CAA", 3, 3, type_caa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, - -/* split in array, no longer contiguous */ - -#ifdef RRTYPE_TA - /* 32768 */ - {LDNS_RR_TYPE_TA, "TA", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#else -{LDNS_RR_TYPE_NULL, "TYPE32768", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, -#endif - /* 32769 */ - {LDNS_RR_TYPE_DLV, "DLV", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 } -}; -/** \endcond */ - -/** - * \def LDNS_RDATA_FIELD_DESCRIPTORS_COUNT - * computes the number of rdata fields - */ -#define LDNS_RDATA_FIELD_DESCRIPTORS_COUNT \ - (sizeof(rdata_field_descriptors)/sizeof(rdata_field_descriptors[0])) - - -/*---------------------------------------------------------------------------* - * The functions below return an bitmap RDF with the space required to set - * or unset all known RR types. Arguably these functions are better situated - * in rdata.c, however for the space calculation it is necesarry to walk - * through rdata_field_descriptors which is not easily possible from anywhere - * other than rr.c where it is declared static. - * - * Alternatively rr.c could have provided an iterator for rr_type or - * rdf_descriptors, but this seemed overkill for internal use only. - */ -static ldns_rr_descriptor* rdata_field_descriptors_end = - &rdata_field_descriptors[LDNS_RDATA_FIELD_DESCRIPTORS_COUNT]; - -/* From RFC3845: - * - * 2.1.2. The List of Type Bit Map(s) Field - * - * The RR type space is split into 256 window blocks, each representing - * the low-order 8 bits of the 16-bit RR type space. Each block that - * has at least one active RR type is encoded using a single octet - * window number (from 0 to 255), a single octet bitmap length (from 1 - * to 32) indicating the number of octets used for the window block's - * bitmap, and up to 32 octets (256 bits) of bitmap. - * - * Window blocks are present in the NSEC RR RDATA in increasing - * numerical order. - * - * "|" denotes concatenation - * - * Type Bit Map(s) Field = ( Window Block # | Bitmap Length | Bitmap ) + - * - * - * - * Blocks with no types present MUST NOT be included. Trailing zero - * octets in the bitmap MUST be omitted. The length of each block's - * bitmap is determined by the type code with the largest numerical - * value within that block, among the set of RR types present at the - * NSEC RR's owner name. Trailing zero octets not specified MUST be - * interpreted as zero octets. - */ -static ldns_status -ldns_rdf_bitmap_known_rr_types_set(ldns_rdf** rdf, int value) -{ - uint8_t window; /* most significant octet of type */ - uint8_t subtype; /* least significant octet of type */ - uint16_t windows[256] /* Max subtype per window */ -#ifndef S_SPLINT_S - = { 0 } -#endif - ; - ldns_rr_descriptor* d; /* used to traverse rdata_field_descriptors */ - size_t i; /* used to traverse windows array */ - - size_t sz; /* size needed for type bitmap rdf */ - uint8_t* data = NULL; /* rdf data */ - uint8_t* dptr; /* used to itraverse rdf data */ - - assert(rdf != NULL); - - /* Which windows need to be in the bitmap rdf? - */ - for (d=rdata_field_descriptors; d < rdata_field_descriptors_end; d++) { - window = d->_type >> 8; - subtype = d->_type & 0xff; - if (windows[window] < subtype) { - windows[window] = subtype; - } - } - - /* How much space do we need in the rdf for those windows? - */ - sz = 0; - for (i = 0; i < 256; i++) { - if (windows[i]) { - sz += windows[i] / 8 + 3; - } - } - if (sz > 0) { - /* Format rdf data according RFC3845 Section 2.1.2 (see above) - */ - dptr = data = LDNS_XMALLOC(uint8_t, sz); - memset(data, value, sz); - if (!data) { - return LDNS_STATUS_MEM_ERR; - } - for (i = 0; i < 256; i++) { - if (windows[i]) { - *dptr++ = (uint8_t)i; - *dptr++ = (uint8_t)(windows[i] / 8 + 1); - dptr += dptr[-1]; - } - } - } - /* Allocate and return rdf structure for the data - */ - *rdf = ldns_rdf_new(LDNS_RDF_TYPE_BITMAP, sz, data); - if (!*rdf) { - LDNS_FREE(data); - return LDNS_STATUS_MEM_ERR; - } - return LDNS_STATUS_OK; -} - -ldns_status -ldns_rdf_bitmap_known_rr_types_space(ldns_rdf** rdf) -{ - return ldns_rdf_bitmap_known_rr_types_set(rdf, 0); -} - -ldns_status -ldns_rdf_bitmap_known_rr_types(ldns_rdf** rdf) -{ - return ldns_rdf_bitmap_known_rr_types_set(rdf, 255); -} -/* End of RDF bitmap functions - *---------------------------------------------------------------------------*/ - - -const ldns_rr_descriptor * -ldns_rr_descript(uint16_t type) -{ - size_t i; - if (type < LDNS_RDATA_FIELD_DESCRIPTORS_COMMON) { - return &rdata_field_descriptors[type]; - } else { - /* because not all array index equals type code */ - for (i = LDNS_RDATA_FIELD_DESCRIPTORS_COMMON; - i < LDNS_RDATA_FIELD_DESCRIPTORS_COUNT; - i++) { - if (rdata_field_descriptors[i]._type == type) { - return &rdata_field_descriptors[i]; - } - } - return &rdata_field_descriptors[0]; - } -} - -size_t -ldns_rr_descriptor_minimum(const ldns_rr_descriptor *descriptor) -{ - if (descriptor) { - return descriptor->_minimum; - } else { - return 0; - } -} - -size_t -ldns_rr_descriptor_maximum(const ldns_rr_descriptor *descriptor) -{ - if (descriptor) { - if (descriptor->_variable != LDNS_RDF_TYPE_NONE) { - /* Should really be SIZE_MAX... bad FreeBSD. */ - return UINT_MAX; - } else { - return descriptor->_maximum; - } - } else { - return 0; - } -} - -ldns_rdf_type -ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor, - size_t index) -{ - assert(descriptor != NULL); - assert(index < descriptor->_maximum - || descriptor->_variable != LDNS_RDF_TYPE_NONE); - if (index < descriptor->_maximum) { - return descriptor->_wireformat[index]; - } else { - return descriptor->_variable; - } -} - -ldns_rr_type -ldns_get_rr_type_by_name(const char *name) -{ - unsigned int i; - const char *desc_name; - const ldns_rr_descriptor *desc; - - /* TYPEXX representation */ - if (strlen(name) > 4 && strncasecmp(name, "TYPE", 4) == 0) { - return atoi(name + 4); - } - - /* Normal types */ - for (i = 0; i < (unsigned int) LDNS_RDATA_FIELD_DESCRIPTORS_COUNT; i++) { - desc = &rdata_field_descriptors[i]; - desc_name = desc->_name; - if(desc_name && - strlen(name) == strlen(desc_name) && - strncasecmp(name, desc_name, strlen(desc_name)) == 0) { - /* because not all array index equals type code */ - return desc->_type; - } - } - - /* special cases for query types */ - if (strlen(name) == 4 && strncasecmp(name, "IXFR", 4) == 0) { - return 251; - } else if (strlen(name) == 4 && strncasecmp(name, "AXFR", 4) == 0) { - return 252; - } else if (strlen(name) == 5 && strncasecmp(name, "MAILB", 5) == 0) { - return 253; - } else if (strlen(name) == 5 && strncasecmp(name, "MAILA", 5) == 0) { - return 254; - } else if (strlen(name) == 3 && strncasecmp(name, "ANY", 3) == 0) { - return 255; - } - - return 0; -} - -ldns_rr_class -ldns_get_rr_class_by_name(const char *name) -{ - ldns_lookup_table *lt; - - /* CLASSXX representation */ - if (strlen(name) > 5 && strncasecmp(name, "CLASS", 5) == 0) { - return atoi(name + 5); - } - - /* Normal types */ - lt = ldns_lookup_by_name(ldns_rr_classes, name); - - if (lt) { - return lt->id; - } - return 0; -} - - -ldns_rr_type -ldns_rdf2rr_type(const ldns_rdf *rd) -{ - ldns_rr_type r; - - if (!rd) { - return 0; - } - - if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_TYPE) { - return 0; - } - - r = (ldns_rr_type) ldns_rdf2native_int16(rd); - return r; -} - -ldns_rr_type -ldns_rr_list_type(const ldns_rr_list *rr_list) -{ - if (rr_list && ldns_rr_list_rr_count(rr_list) > 0) { - return ldns_rr_get_type(ldns_rr_list_rr(rr_list, 0)); - } else { - return 0; - } -} - -ldns_rdf * -ldns_rr_list_owner(const ldns_rr_list *rr_list) -{ - if (rr_list && ldns_rr_list_rr_count(rr_list) > 0) { - return ldns_rr_owner(ldns_rr_list_rr(rr_list, 0)); - } else { - return NULL; - } -} diff --git a/src/ldns/rr_functions.c b/src/ldns/rr_functions.c deleted file mode 100644 index b03751b..0000000 --- a/src/ldns/rr_functions.c +++ /dev/null @@ -1,419 +0,0 @@ -/* - * rr_function.c - * - * function that operate on specific rr types - * - * (c) NLnet Labs, 2004-2006 - * See the file LICENSE for the license - */ - -/* - * These come strait from perldoc Net::DNS::RR::xxx - * first the read variant, then the write. This is - * not complete. - */ - -#include - -#include - -#include -#include - -/** - * return a specific rdf - * \param[in] type type of RR - * \param[in] rr the rr itself - * \param[in] pos at which postion to get it - * \return the rdf sought - */ -static ldns_rdf * -ldns_rr_function(ldns_rr_type type, const ldns_rr *rr, size_t pos) -{ - if (!rr || ldns_rr_get_type(rr) != type) { - return NULL; - } - return ldns_rr_rdf(rr, pos); -} - -/** - * set a specific rdf - * \param[in] type type of RR - * \param[in] rr the rr itself - * \param[in] rdf the rdf to set - * \param[in] pos at which postion to set it - * \return true or false - */ -static bool -ldns_rr_set_function(ldns_rr_type type, ldns_rr *rr, ldns_rdf *rdf, size_t pos) -{ - ldns_rdf *pop; - if (!rr || ldns_rr_get_type(rr) != type) { - return false; - } - pop = ldns_rr_set_rdf(rr, rdf, pos); - ldns_rdf_deep_free(pop); - return true; -} - -/* A/AAAA records */ -ldns_rdf * -ldns_rr_a_address(const ldns_rr *r) -{ - /* 2 types to check, cannot use the macro */ - if (!r || (ldns_rr_get_type(r) != LDNS_RR_TYPE_A && - ldns_rr_get_type(r) != LDNS_RR_TYPE_AAAA)) { - return NULL; - } - return ldns_rr_rdf(r, 0); -} - -bool -ldns_rr_a_set_address(ldns_rr *r, ldns_rdf *f) -{ - /* 2 types to check, cannot use the macro... */ - ldns_rdf *pop; - if (!r || (ldns_rr_get_type(r) != LDNS_RR_TYPE_A && - ldns_rr_get_type(r) != LDNS_RR_TYPE_AAAA)) { - return false; - } - pop = ldns_rr_set_rdf(r, f, 0); - if (pop) { - LDNS_FREE(pop); - return true; - } else { - return false; - } -} - -/* NS record */ -ldns_rdf * -ldns_rr_ns_nsdname(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_NS, r, 0); -} - -/* MX record */ -ldns_rdf * -ldns_rr_mx_preference(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_MX, r, 0); -} - -ldns_rdf * -ldns_rr_mx_exchange(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_MX, r, 1); -} - -/* RRSIG record */ -ldns_rdf * -ldns_rr_rrsig_typecovered(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 0); -} - -bool -ldns_rr_rrsig_set_typecovered(ldns_rr *r, ldns_rdf *f) -{ - return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 0); -} - -ldns_rdf * -ldns_rr_rrsig_algorithm(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 1); -} - -bool -ldns_rr_rrsig_set_algorithm(ldns_rr *r, ldns_rdf *f) -{ - return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 1); -} - -ldns_rdf * -ldns_rr_rrsig_labels(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 2); -} - -bool -ldns_rr_rrsig_set_labels(ldns_rr *r, ldns_rdf *f) -{ - return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 2); -} - -ldns_rdf * -ldns_rr_rrsig_origttl(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 3); -} - -bool -ldns_rr_rrsig_set_origttl(ldns_rr *r, ldns_rdf *f) -{ - return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 3); -} - -ldns_rdf * -ldns_rr_rrsig_expiration(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 4); -} - -bool -ldns_rr_rrsig_set_expiration(ldns_rr *r, ldns_rdf *f) -{ - return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 4); -} - -ldns_rdf * -ldns_rr_rrsig_inception(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 5); -} - -bool -ldns_rr_rrsig_set_inception(ldns_rr *r, ldns_rdf *f) -{ - return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 5); -} - -ldns_rdf * -ldns_rr_rrsig_keytag(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 6); -} - -bool -ldns_rr_rrsig_set_keytag(ldns_rr *r, ldns_rdf *f) -{ - return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 6); -} - -ldns_rdf * -ldns_rr_rrsig_signame(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 7); -} - -bool -ldns_rr_rrsig_set_signame(ldns_rr *r, ldns_rdf *f) -{ - return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 7); -} - -ldns_rdf * -ldns_rr_rrsig_sig(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 8); -} - -bool -ldns_rr_rrsig_set_sig(ldns_rr *r, ldns_rdf *f) -{ - return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 8); -} - -/* DNSKEY record */ -ldns_rdf * -ldns_rr_dnskey_flags(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 0); -} - -bool -ldns_rr_dnskey_set_flags(ldns_rr *r, ldns_rdf *f) -{ - return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 0); -} - -ldns_rdf * -ldns_rr_dnskey_protocol(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 1); -} - -bool -ldns_rr_dnskey_set_protocol(ldns_rr *r, ldns_rdf *f) -{ - return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 1); -} - -ldns_rdf * -ldns_rr_dnskey_algorithm(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 2); -} - -bool -ldns_rr_dnskey_set_algorithm(ldns_rr *r, ldns_rdf *f) -{ - return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 2); -} - -ldns_rdf * -ldns_rr_dnskey_key(const ldns_rr *r) -{ - return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 3); -} - -bool -ldns_rr_dnskey_set_key(ldns_rr *r, ldns_rdf *f) -{ - return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 3); -} - -size_t -ldns_rr_dnskey_key_size_raw(const unsigned char* keydata, - const size_t len, - const ldns_algorithm alg) -{ - /* for DSA keys */ - uint8_t t; - - /* for RSA keys */ - uint16_t exp; - uint16_t int16; - - switch ((ldns_signing_algorithm)alg) { - case LDNS_SIGN_DSA: - case LDNS_SIGN_DSA_NSEC3: - if (len > 0) { - t = keydata[0]; - return (64 + t*8)*8; - } else { - return 0; - } - break; - case LDNS_SIGN_RSAMD5: - case LDNS_SIGN_RSASHA1: - case LDNS_SIGN_RSASHA1_NSEC3: -#ifdef USE_SHA2 - case LDNS_SIGN_RSASHA256: - case LDNS_SIGN_RSASHA512: -#endif - if (len > 0) { - if (keydata[0] == 0) { - /* big exponent */ - if (len > 3) { - memmove(&int16, keydata + 1, 2); - exp = ntohs(int16); - return (len - exp - 3)*8; - } else { - return 0; - } - } else { - exp = keydata[0]; - return (len-exp-1)*8; - } - } else { - return 0; - } - break; -#ifdef USE_GOST - case LDNS_SIGN_ECC_GOST: - return 512; -#endif -#ifdef USE_ECDSA - case LDNS_SIGN_ECDSAP256SHA256: - return 256; - case LDNS_SIGN_ECDSAP384SHA384: - return 384; -#endif - case LDNS_SIGN_HMACMD5: - return len; - default: - return 0; - } -} - -size_t -ldns_rr_dnskey_key_size(const ldns_rr *key) -{ - if (!key || !ldns_rr_dnskey_key(key) - || !ldns_rr_dnskey_algorithm(key)) { - return 0; - } - return ldns_rr_dnskey_key_size_raw((unsigned char*)ldns_rdf_data(ldns_rr_dnskey_key(key)), - ldns_rdf_size(ldns_rr_dnskey_key(key)), - ldns_rdf2native_int8(ldns_rr_dnskey_algorithm(key)) - ); -} - -uint32_t ldns_soa_serial_identity(uint32_t ATTR_UNUSED(unused), void *data) -{ - return (uint32_t) (intptr_t) data; -} - -uint32_t ldns_soa_serial_increment(uint32_t s, void *ATTR_UNUSED(unused)) -{ - return ldns_soa_serial_increment_by(s, (void *)1); -} - -uint32_t ldns_soa_serial_increment_by(uint32_t s, void *data) -{ - return s + (intptr_t) data; -} - -uint32_t ldns_soa_serial_datecounter(uint32_t s, void *data) -{ - struct tm tm; - char s_str[11]; - int32_t new_s; - time_t t = data ? (time_t) (intptr_t) data : ldns_time(NULL); - - (void) strftime(s_str, 11, "%Y%m%d00", localtime_r(&t, &tm)); - new_s = (int32_t) atoi(s_str); - return new_s - ((int32_t) s) <= 0 ? s+1 : ((uint32_t) new_s); -} - -uint32_t ldns_soa_serial_unixtime(uint32_t s, void *data) -{ - int32_t new_s = data ? (int32_t) (intptr_t) data - : (int32_t) ldns_time(NULL); - return new_s - ((int32_t) s) <= 0 ? s+1 : ((uint32_t) new_s); -} - -void -ldns_rr_soa_increment(ldns_rr *soa) -{ - ldns_rr_soa_increment_func_data(soa, ldns_soa_serial_increment, NULL); -} - -void -ldns_rr_soa_increment_func(ldns_rr *soa, ldns_soa_serial_increment_func_t f) -{ - ldns_rr_soa_increment_func_data(soa, f, NULL); -} - -void -ldns_rr_soa_increment_func_data(ldns_rr *soa, - ldns_soa_serial_increment_func_t f, void *data) -{ - ldns_rdf *prev_soa_serial_rdf; - if ( !soa || !f || ldns_rr_get_type(soa) != LDNS_RR_TYPE_SOA - || !ldns_rr_rdf(soa, 2)) { - return; - } - prev_soa_serial_rdf = ldns_rr_set_rdf( - soa - , ldns_native2rdf_int32( - LDNS_RDF_TYPE_INT32 - , (*f)( ldns_rdf2native_int32( - ldns_rr_rdf(soa, 2)) - , data - ) - ) - , 2 - ); - LDNS_FREE(prev_soa_serial_rdf); -} - -void -ldns_rr_soa_increment_func_int(ldns_rr *soa, - ldns_soa_serial_increment_func_t f, int data) -{ - ldns_rr_soa_increment_func_data(soa, f, (void *) (intptr_t) data); -} - diff --git a/src/ldns/sha1.c b/src/ldns/sha1.c deleted file mode 100644 index 18a4dd2..0000000 --- a/src/ldns/sha1.c +++ /dev/null @@ -1,177 +0,0 @@ -/* - * modified for ldns by Jelte Jansen, original taken from OpenBSD: - * - * SHA-1 in C - * By Steve Reid - * 100% Public Domain - * - * Test Vectors (from FIPS PUB 180-1) - * "abc" - * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D - * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" - * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 - * A million repetitions of "a" - * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F -*/ - -/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */ - -#include -#include -#include - -#define SHA1HANDSOFF 1 /* Copies data before messing with it. */ -#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) - -/* blk0() and blk() perform the initial expand. */ -/* I got the idea of expanding during the round function from SSLeay */ -#if BYTE_ORDER == LITTLE_ENDIAN -#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ - |(rol(block->l[i],8)&0x00FF00FF)) -#else -#define blk0(i) block->l[i] -#endif -#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ - ^block->l[(i+2)&15]^block->l[i&15],1)) - -/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ -#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); -#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); -#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); -#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); -#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); - -/* Hash a single 512-bit block. This is the core of the algorithm. */ - -void -ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]) -{ - uint32_t a, b, c, d, e; - typedef union { - unsigned char c[64]; - unsigned int l[16]; - } CHAR64LONG16; - CHAR64LONG16* block; -#ifdef SHA1HANDSOFF - unsigned char workspace[LDNS_SHA1_BLOCK_LENGTH]; - - block = (CHAR64LONG16 *)workspace; - memmove(block, buffer, LDNS_SHA1_BLOCK_LENGTH); -#else - block = (CHAR64LONG16 *)buffer; -#endif - /* Copy context->state[] to working vars */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - - /* 4 rounds of 20 operations each. Loop unrolled. */ - R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); - R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); - R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); - R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); - R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); - R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); - R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); - R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); - R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); - R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); - R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); - R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); - R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); - R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); - R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); - R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); - R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); - R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); - R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); - R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); - - /* Add the working vars back into context.state[] */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - /* Wipe variables */ - a = b = c = d = e = 0; -} - - -/* SHA1Init - Initialize new context */ - -void -ldns_sha1_init(ldns_sha1_ctx *context) -{ - /* SHA1 initialization constants */ - context->count = 0; - context->state[0] = 0x67452301; - context->state[1] = 0xEFCDAB89; - context->state[2] = 0x98BADCFE; - context->state[3] = 0x10325476; - context->state[4] = 0xC3D2E1F0; -} - - -/* Run your data through this. */ - -void -ldns_sha1_update(ldns_sha1_ctx *context, const unsigned char *data, unsigned int len) -{ - unsigned int i; - unsigned int j; - - j = (unsigned)(uint32_t)((context->count >> 3) & 63); - context->count += (len << 3); - if ((j + len) > 63) { - memmove(&context->buffer[j], data, (i = 64 - j)); - ldns_sha1_transform(context->state, context->buffer); - for ( ; i + 63 < len; i += 64) { - ldns_sha1_transform(context->state, &data[i]); - } - j = 0; - } - else i = 0; - memmove(&context->buffer[j], &data[i], len - i); -} - - -/* Add padding and return the message digest. */ - -void -ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context) -{ - unsigned int i; - unsigned char finalcount[8]; - - for (i = 0; i < 8; i++) { - finalcount[i] = (unsigned char)((context->count >> - ((7 - (i & 7)) * 8)) & 255); /* Endian independent */ - } - ldns_sha1_update(context, (unsigned char *)"\200", 1); - while ((context->count & 504) != 448) { - ldns_sha1_update(context, (unsigned char *)"\0", 1); - } - ldns_sha1_update(context, finalcount, 8); /* Should cause a SHA1Transform() */ - - if (digest != NULL) - for (i = 0; i < LDNS_SHA1_DIGEST_LENGTH; i++) { - digest[i] = (unsigned char)((context->state[i >> 2] >> - ((3 - (i & 3)) * 8)) & 255); - } -#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite its own static vars */ - ldns_sha1_transform(context->state, context->buffer); -#endif -} - -unsigned char * -ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest) -{ - ldns_sha1_ctx ctx; - ldns_sha1_init(&ctx); - ldns_sha1_update(&ctx, data, data_len); - ldns_sha1_final(digest, &ctx); - return digest; -} diff --git a/src/ldns/sha2.c b/src/ldns/sha2.c deleted file mode 100644 index 9a27122..0000000 --- a/src/ldns/sha2.c +++ /dev/null @@ -1,991 +0,0 @@ -/* - * FILE: sha2.c - * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/ - * - * Copyright (c) 2000-2001, Aaron D. Gifford - * All rights reserved. - * - * Modified by Jelte Jansen to fit in ldns, and not clash with any - * system-defined SHA code. - * Changes: - * - Renamed (external) functions and constants to fit ldns style - * - Removed _End and _Data functions - * - Added ldns_shaX(data, len, digest) convenience functions - * - Removed prototypes of _Transform functions and made those static - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the copyright holder nor the names of contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * $Id: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ - */ - -#include -#include /* memcpy()/memset() or bcopy()/bzero() */ -#include /* assert() */ -#include - -/* - * ASSERT NOTE: - * Some sanity checking code is included using assert(). On my FreeBSD - * system, this additional code can be removed by compiling with NDEBUG - * defined. Check your own systems manpage on assert() to see how to - * compile WITHOUT the sanity checking code on your system. - * - * UNROLLED TRANSFORM LOOP NOTE: - * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform - * loop version for the hash transform rounds (defined using macros - * later in this file). Either define on the command line, for example: - * - * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c - * - * or define below: - * - * #define SHA2_UNROLL_TRANSFORM - * - */ - - -/*** SHA-256/384/512 Machine Architecture Definitions *****************/ -/* - * BYTE_ORDER NOTE: - * - * Please make sure that your system defines BYTE_ORDER. If your - * architecture is little-endian, make sure it also defines - * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are - * equivilent. - * - * If your system does not define the above, then you can do so by - * hand like this: - * - * #define LITTLE_ENDIAN 1234 - * #define BIG_ENDIAN 4321 - * - * And for little-endian machines, add: - * - * #define BYTE_ORDER LITTLE_ENDIAN - * - * Or for big-endian machines: - * - * #define BYTE_ORDER BIG_ENDIAN - * - * The FreeBSD machine this was written on defines BYTE_ORDER - * appropriately by including (which in turn includes - * where the appropriate definitions are actually - * made). - */ -#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) -#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN -#endif - -typedef uint8_t sha2_byte; /* Exactly 1 byte */ -typedef uint32_t sha2_word32; /* Exactly 4 bytes */ -#ifdef S_SPLINT_S -typedef unsigned long long sha2_word64; /* lint 8 bytes */ -#else -typedef uint64_t sha2_word64; /* Exactly 8 bytes */ -#endif - -/*** SHA-256/384/512 Various Length Definitions ***********************/ -/* NOTE: Most of these are in sha2.h */ -#define ldns_sha256_SHORT_BLOCK_LENGTH (LDNS_SHA256_BLOCK_LENGTH - 8) -#define ldns_sha384_SHORT_BLOCK_LENGTH (LDNS_SHA384_BLOCK_LENGTH - 16) -#define ldns_sha512_SHORT_BLOCK_LENGTH (LDNS_SHA512_BLOCK_LENGTH - 16) - - -/*** ENDIAN REVERSAL MACROS *******************************************/ -#if BYTE_ORDER == LITTLE_ENDIAN -#define REVERSE32(w,x) { \ - sha2_word32 tmp = (w); \ - tmp = (tmp >> 16) | (tmp << 16); \ - (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ -} -#ifndef S_SPLINT_S -#define REVERSE64(w,x) { \ - sha2_word64 tmp = (w); \ - tmp = (tmp >> 32) | (tmp << 32); \ - tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ - ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ - (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ - ((tmp & 0x0000ffff0000ffffULL) << 16); \ -} -#else /* splint */ -#define REVERSE64(w,x) /* splint */ -#endif /* splint */ -#endif /* BYTE_ORDER == LITTLE_ENDIAN */ - -/* - * Macro for incrementally adding the unsigned 64-bit integer n to the - * unsigned 128-bit integer (represented using a two-element array of - * 64-bit words): - */ -#define ADDINC128(w,n) { \ - (w)[0] += (sha2_word64)(n); \ - if ((w)[0] < (n)) { \ - (w)[1]++; \ - } \ -} -#ifdef S_SPLINT_S -#undef ADDINC128 -#define ADDINC128(w,n) /* splint */ -#endif - -/* - * Macros for copying blocks of memory and for zeroing out ranges - * of memory. Using these macros makes it easy to switch from - * using memset()/memcpy() and using bzero()/bcopy(). - * - * Please define either SHA2_USE_MEMSET_MEMCPY or define - * SHA2_USE_BZERO_BCOPY depending on which function set you - * choose to use: - */ -#if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY) -/* Default to memset()/memcpy() if no option is specified */ -#define SHA2_USE_MEMSET_MEMCPY 1 -#endif -#if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY) -/* Abort with an error if BOTH options are defined */ -#error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both! -#endif - -#ifdef SHA2_USE_MEMSET_MEMCPY -#define MEMSET_BZERO(p,l) memset((p), 0, (l)) -#define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l)) -#endif -#ifdef SHA2_USE_BZERO_BCOPY -#define MEMSET_BZERO(p,l) bzero((p), (l)) -#define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l)) -#endif - - -/*** THE SIX LOGICAL FUNCTIONS ****************************************/ -/* - * Bit shifting and rotation (used by the six SHA-XYZ logical functions: - * - * NOTE: The naming of R and S appears backwards here (R is a SHIFT and - * S is a ROTATION) because the SHA-256/384/512 description document - * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this - * same "backwards" definition. - */ -/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ -#define R(b,x) ((x) >> (b)) -/* 32-bit Rotate-right (used in SHA-256): */ -#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) -/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ -#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) - -/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ -#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) -#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) - -/* Four of six logical functions used in SHA-256: */ -#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) -#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) -#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) -#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) - -/* Four of six logical functions used in SHA-384 and SHA-512: */ -#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) -#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) -#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) -#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) - -/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ -/* Hash constant words K for SHA-256: */ -static const sha2_word32 K256[64] = { - 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, - 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, - 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, - 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, - 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, - 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, - 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, - 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, - 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, - 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, - 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, - 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, - 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, - 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, - 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, - 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL -}; - -/* initial hash value H for SHA-256: */ -static const sha2_word32 ldns_sha256_initial_hash_value[8] = { - 0x6a09e667UL, - 0xbb67ae85UL, - 0x3c6ef372UL, - 0xa54ff53aUL, - 0x510e527fUL, - 0x9b05688cUL, - 0x1f83d9abUL, - 0x5be0cd19UL -}; - -/* Hash constant words K for SHA-384 and SHA-512: */ -static const sha2_word64 K512[80] = { - 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, - 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, - 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, - 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, - 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, - 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, - 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, - 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, - 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, - 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, - 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, - 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, - 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, - 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, - 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, - 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, - 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, - 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, - 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, - 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, - 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, - 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, - 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, - 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, - 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, - 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, - 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, - 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, - 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, - 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, - 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, - 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, - 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, - 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, - 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, - 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, - 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, - 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, - 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, - 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL -}; - -/* initial hash value H for SHA-384 */ -static const sha2_word64 sha384_initial_hash_value[8] = { - 0xcbbb9d5dc1059ed8ULL, - 0x629a292a367cd507ULL, - 0x9159015a3070dd17ULL, - 0x152fecd8f70e5939ULL, - 0x67332667ffc00b31ULL, - 0x8eb44a8768581511ULL, - 0xdb0c2e0d64f98fa7ULL, - 0x47b5481dbefa4fa4ULL -}; - -/* initial hash value H for SHA-512 */ -static const sha2_word64 sha512_initial_hash_value[8] = { - 0x6a09e667f3bcc908ULL, - 0xbb67ae8584caa73bULL, - 0x3c6ef372fe94f82bULL, - 0xa54ff53a5f1d36f1ULL, - 0x510e527fade682d1ULL, - 0x9b05688c2b3e6c1fULL, - 0x1f83d9abfb41bd6bULL, - 0x5be0cd19137e2179ULL -}; - -/*** SHA-256: *********************************************************/ -void ldns_sha256_init(ldns_sha256_CTX* context) { - if (context == (ldns_sha256_CTX*)0) { - return; - } - MEMCPY_BCOPY(context->state, ldns_sha256_initial_hash_value, LDNS_SHA256_DIGEST_LENGTH); - MEMSET_BZERO(context->buffer, LDNS_SHA256_BLOCK_LENGTH); - context->bitcount = 0; -} - -#ifdef SHA2_UNROLL_TRANSFORM - -/* Unrolled SHA-256 round macros: */ - -#if BYTE_ORDER == LITTLE_ENDIAN - -#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ - REVERSE32(*data++, W256[j]); \ - T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ - K256[j] + W256[j]; \ - (d) += T1; \ - (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ - j++ - - -#else /* BYTE_ORDER == LITTLE_ENDIAN */ - -#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ - T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ - K256[j] + (W256[j] = *data++); \ - (d) += T1; \ - (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ - j++ - -#endif /* BYTE_ORDER == LITTLE_ENDIAN */ - -#define ROUND256(a,b,c,d,e,f,g,h) \ - s0 = W256[(j+1)&0x0f]; \ - s0 = sigma0_256(s0); \ - s1 = W256[(j+14)&0x0f]; \ - s1 = sigma1_256(s1); \ - T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \ - (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ - (d) += T1; \ - (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ - j++ - -static void ldns_sha256_Transform(ldns_sha256_CTX* context, - const sha2_word32* data) { - sha2_word32 a, b, c, d, e, f, g, h, s0, s1; - sha2_word32 T1, *W256; - int j; - - W256 = (sha2_word32*)context->buffer; - - /* initialize registers with the prev. intermediate value */ - a = context->state[0]; - b = context->state[1]; - c = context->state[2]; - d = context->state[3]; - e = context->state[4]; - f = context->state[5]; - g = context->state[6]; - h = context->state[7]; - - j = 0; - do { - /* Rounds 0 to 15 (unrolled): */ - ROUND256_0_TO_15(a,b,c,d,e,f,g,h); - ROUND256_0_TO_15(h,a,b,c,d,e,f,g); - ROUND256_0_TO_15(g,h,a,b,c,d,e,f); - ROUND256_0_TO_15(f,g,h,a,b,c,d,e); - ROUND256_0_TO_15(e,f,g,h,a,b,c,d); - ROUND256_0_TO_15(d,e,f,g,h,a,b,c); - ROUND256_0_TO_15(c,d,e,f,g,h,a,b); - ROUND256_0_TO_15(b,c,d,e,f,g,h,a); - } while (j < 16); - - /* Now for the remaining rounds to 64: */ - do { - ROUND256(a,b,c,d,e,f,g,h); - ROUND256(h,a,b,c,d,e,f,g); - ROUND256(g,h,a,b,c,d,e,f); - ROUND256(f,g,h,a,b,c,d,e); - ROUND256(e,f,g,h,a,b,c,d); - ROUND256(d,e,f,g,h,a,b,c); - ROUND256(c,d,e,f,g,h,a,b); - ROUND256(b,c,d,e,f,g,h,a); - } while (j < 64); - - /* Compute the current intermediate hash value */ - context->state[0] += a; - context->state[1] += b; - context->state[2] += c; - context->state[3] += d; - context->state[4] += e; - context->state[5] += f; - context->state[6] += g; - context->state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = 0; -} - -#else /* SHA2_UNROLL_TRANSFORM */ - -static void ldns_sha256_Transform(ldns_sha256_CTX* context, - const sha2_word32* data) { - sha2_word32 a, b, c, d, e, f, g, h, s0, s1; - sha2_word32 T1, T2, *W256; - int j; - - W256 = (sha2_word32*)context->buffer; - - /* initialize registers with the prev. intermediate value */ - a = context->state[0]; - b = context->state[1]; - c = context->state[2]; - d = context->state[3]; - e = context->state[4]; - f = context->state[5]; - g = context->state[6]; - h = context->state[7]; - - j = 0; - do { -#if BYTE_ORDER == LITTLE_ENDIAN - /* Copy data while converting to host byte order */ - REVERSE32(*data++,W256[j]); - /* Apply the SHA-256 compression function to update a..h */ - T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; -#else /* BYTE_ORDER == LITTLE_ENDIAN */ - /* Apply the SHA-256 compression function to update a..h with copy */ - T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++); -#endif /* BYTE_ORDER == LITTLE_ENDIAN */ - T2 = Sigma0_256(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 16); - - do { - /* Part of the message block expansion: */ - s0 = W256[(j+1)&0x0f]; - s0 = sigma0_256(s0); - s1 = W256[(j+14)&0x0f]; - s1 = sigma1_256(s1); - - /* Apply the SHA-256 compression function to update a..h */ - T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + - (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); - T2 = Sigma0_256(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 64); - - /* Compute the current intermediate hash value */ - context->state[0] += a; - context->state[1] += b; - context->state[2] += c; - context->state[3] += d; - context->state[4] += e; - context->state[5] += f; - context->state[6] += g; - context->state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = T2 = 0; -} - -#endif /* SHA2_UNROLL_TRANSFORM */ - -void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t len) { - size_t freespace, usedspace; - - if (len == 0) { - /* Calling with no data is valid - we do nothing */ - return; - } - - /* Sanity check: */ - assert(context != (ldns_sha256_CTX*)0 && data != (sha2_byte*)0); - - usedspace = (context->bitcount >> 3) % LDNS_SHA256_BLOCK_LENGTH; - if (usedspace > 0) { - /* Calculate how much free space is available in the buffer */ - freespace = LDNS_SHA256_BLOCK_LENGTH - usedspace; - - if (len >= freespace) { - /* Fill the buffer completely and process it */ - MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace); - context->bitcount += freespace << 3; - len -= freespace; - data += freespace; - ldns_sha256_Transform(context, (sha2_word32*)context->buffer); - } else { - /* The buffer is not yet full */ - MEMCPY_BCOPY(&context->buffer[usedspace], data, len); - context->bitcount += len << 3; - /* Clean up: */ - usedspace = freespace = 0; - return; - } - } - while (len >= LDNS_SHA256_BLOCK_LENGTH) { - /* Process as many complete blocks as we can */ - ldns_sha256_Transform(context, (sha2_word32*)data); - context->bitcount += LDNS_SHA256_BLOCK_LENGTH << 3; - len -= LDNS_SHA256_BLOCK_LENGTH; - data += LDNS_SHA256_BLOCK_LENGTH; - } - if (len > 0) { - /* There's left-overs, so save 'em */ - MEMCPY_BCOPY(context->buffer, data, len); - context->bitcount += len << 3; - } - /* Clean up: */ - usedspace = freespace = 0; -} - -typedef union _ldns_sha2_buffer_union { - uint8_t* theChars; - uint64_t* theLongs; -} ldns_sha2_buffer_union; - -void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) { - sha2_word32 *d = (sha2_word32*)digest; - size_t usedspace; - ldns_sha2_buffer_union cast_var; - - /* Sanity check: */ - assert(context != (ldns_sha256_CTX*)0); - - /* If no digest buffer is passed, we don't bother doing this: */ - if (digest != (sha2_byte*)0) { - usedspace = (context->bitcount >> 3) % LDNS_SHA256_BLOCK_LENGTH; -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert FROM host byte order */ - REVERSE64(context->bitcount,context->bitcount); -#endif - if (usedspace > 0) { - /* Begin padding with a 1 bit: */ - context->buffer[usedspace++] = 0x80; - - if (usedspace <= ldns_sha256_SHORT_BLOCK_LENGTH) { - /* Set-up for the last transform: */ - MEMSET_BZERO(&context->buffer[usedspace], ldns_sha256_SHORT_BLOCK_LENGTH - usedspace); - } else { - if (usedspace < LDNS_SHA256_BLOCK_LENGTH) { - MEMSET_BZERO(&context->buffer[usedspace], LDNS_SHA256_BLOCK_LENGTH - usedspace); - } - /* Do second-to-last transform: */ - ldns_sha256_Transform(context, (sha2_word32*)context->buffer); - - /* And set-up for the last transform: */ - MEMSET_BZERO(context->buffer, ldns_sha256_SHORT_BLOCK_LENGTH); - } - } else { - /* Set-up for the last transform: */ - MEMSET_BZERO(context->buffer, ldns_sha256_SHORT_BLOCK_LENGTH); - - /* Begin padding with a 1 bit: */ - *context->buffer = 0x80; - } - /* Set the bit count: */ - cast_var.theChars = context->buffer; - cast_var.theLongs[ldns_sha256_SHORT_BLOCK_LENGTH / 8] = context->bitcount; - - /* final transform: */ - ldns_sha256_Transform(context, (sha2_word32*)context->buffer); - -#if BYTE_ORDER == LITTLE_ENDIAN - { - /* Convert TO host byte order */ - int j; - for (j = 0; j < 8; j++) { - REVERSE32(context->state[j],context->state[j]); - *d++ = context->state[j]; - } - } -#else - MEMCPY_BCOPY(d, context->state, LDNS_SHA256_DIGEST_LENGTH); -#endif - } - - /* Clean up state data: */ - MEMSET_BZERO(context, sizeof(ldns_sha256_CTX)); - usedspace = 0; -} - -unsigned char * -ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest) -{ - ldns_sha256_CTX ctx; - ldns_sha256_init(&ctx); - ldns_sha256_update(&ctx, data, data_len); - ldns_sha256_final(digest, &ctx); - return digest; -} - -/*** SHA-512: *********************************************************/ -void ldns_sha512_init(ldns_sha512_CTX* context) { - if (context == (ldns_sha512_CTX*)0) { - return; - } - MEMCPY_BCOPY(context->state, sha512_initial_hash_value, LDNS_SHA512_DIGEST_LENGTH); - MEMSET_BZERO(context->buffer, LDNS_SHA512_BLOCK_LENGTH); - context->bitcount[0] = context->bitcount[1] = 0; -} - -#ifdef SHA2_UNROLL_TRANSFORM - -/* Unrolled SHA-512 round macros: */ -#if BYTE_ORDER == LITTLE_ENDIAN - -#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ - REVERSE64(*data++, W512[j]); \ - T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ - K512[j] + W512[j]; \ - (d) += T1, \ - (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \ - j++ - - -#else /* BYTE_ORDER == LITTLE_ENDIAN */ - -#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ - T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ - K512[j] + (W512[j] = *data++); \ - (d) += T1; \ - (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ - j++ - -#endif /* BYTE_ORDER == LITTLE_ENDIAN */ - -#define ROUND512(a,b,c,d,e,f,g,h) \ - s0 = W512[(j+1)&0x0f]; \ - s0 = sigma0_512(s0); \ - s1 = W512[(j+14)&0x0f]; \ - s1 = sigma1_512(s1); \ - T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ - (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ - (d) += T1; \ - (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ - j++ - -static void ldns_sha512_Transform(ldns_sha512_CTX* context, - const sha2_word64* data) { - sha2_word64 a, b, c, d, e, f, g, h, s0, s1; - sha2_word64 T1, *W512 = (sha2_word64*)context->buffer; - int j; - - /* initialize registers with the prev. intermediate value */ - a = context->state[0]; - b = context->state[1]; - c = context->state[2]; - d = context->state[3]; - e = context->state[4]; - f = context->state[5]; - g = context->state[6]; - h = context->state[7]; - - j = 0; - do { - ROUND512_0_TO_15(a,b,c,d,e,f,g,h); - ROUND512_0_TO_15(h,a,b,c,d,e,f,g); - ROUND512_0_TO_15(g,h,a,b,c,d,e,f); - ROUND512_0_TO_15(f,g,h,a,b,c,d,e); - ROUND512_0_TO_15(e,f,g,h,a,b,c,d); - ROUND512_0_TO_15(d,e,f,g,h,a,b,c); - ROUND512_0_TO_15(c,d,e,f,g,h,a,b); - ROUND512_0_TO_15(b,c,d,e,f,g,h,a); - } while (j < 16); - - /* Now for the remaining rounds up to 79: */ - do { - ROUND512(a,b,c,d,e,f,g,h); - ROUND512(h,a,b,c,d,e,f,g); - ROUND512(g,h,a,b,c,d,e,f); - ROUND512(f,g,h,a,b,c,d,e); - ROUND512(e,f,g,h,a,b,c,d); - ROUND512(d,e,f,g,h,a,b,c); - ROUND512(c,d,e,f,g,h,a,b); - ROUND512(b,c,d,e,f,g,h,a); - } while (j < 80); - - /* Compute the current intermediate hash value */ - context->state[0] += a; - context->state[1] += b; - context->state[2] += c; - context->state[3] += d; - context->state[4] += e; - context->state[5] += f; - context->state[6] += g; - context->state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = 0; -} - -#else /* SHA2_UNROLL_TRANSFORM */ - -static void ldns_sha512_Transform(ldns_sha512_CTX* context, - const sha2_word64* data) { - sha2_word64 a, b, c, d, e, f, g, h, s0, s1; - sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer; - int j; - - /* initialize registers with the prev. intermediate value */ - a = context->state[0]; - b = context->state[1]; - c = context->state[2]; - d = context->state[3]; - e = context->state[4]; - f = context->state[5]; - g = context->state[6]; - h = context->state[7]; - - j = 0; - do { -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert TO host byte order */ - REVERSE64(*data++, W512[j]); - /* Apply the SHA-512 compression function to update a..h */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; -#else /* BYTE_ORDER == LITTLE_ENDIAN */ - /* Apply the SHA-512 compression function to update a..h with copy */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); -#endif /* BYTE_ORDER == LITTLE_ENDIAN */ - T2 = Sigma0_512(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 16); - - do { - /* Part of the message block expansion: */ - s0 = W512[(j+1)&0x0f]; - s0 = sigma0_512(s0); - s1 = W512[(j+14)&0x0f]; - s1 = sigma1_512(s1); - - /* Apply the SHA-512 compression function to update a..h */ - T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + - (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); - T2 = Sigma0_512(a) + Maj(a, b, c); - h = g; - g = f; - f = e; - e = d + T1; - d = c; - c = b; - b = a; - a = T1 + T2; - - j++; - } while (j < 80); - - /* Compute the current intermediate hash value */ - context->state[0] += a; - context->state[1] += b; - context->state[2] += c; - context->state[3] += d; - context->state[4] += e; - context->state[5] += f; - context->state[6] += g; - context->state[7] += h; - - /* Clean up */ - a = b = c = d = e = f = g = h = T1 = T2 = 0; -} - -#endif /* SHA2_UNROLL_TRANSFORM */ - -void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t len) { - size_t freespace, usedspace; - - if (len == 0) { - /* Calling with no data is valid - we do nothing */ - return; - } - - /* Sanity check: */ - assert(context != (ldns_sha512_CTX*)0 && data != (sha2_byte*)0); - - usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH; - if (usedspace > 0) { - /* Calculate how much free space is available in the buffer */ - freespace = LDNS_SHA512_BLOCK_LENGTH - usedspace; - - if (len >= freespace) { - /* Fill the buffer completely and process it */ - MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace); - ADDINC128(context->bitcount, freespace << 3); - len -= freespace; - data += freespace; - ldns_sha512_Transform(context, (sha2_word64*)context->buffer); - } else { - /* The buffer is not yet full */ - MEMCPY_BCOPY(&context->buffer[usedspace], data, len); - ADDINC128(context->bitcount, len << 3); - /* Clean up: */ - usedspace = freespace = 0; - return; - } - } - while (len >= LDNS_SHA512_BLOCK_LENGTH) { - /* Process as many complete blocks as we can */ - ldns_sha512_Transform(context, (sha2_word64*)data); - ADDINC128(context->bitcount, LDNS_SHA512_BLOCK_LENGTH << 3); - len -= LDNS_SHA512_BLOCK_LENGTH; - data += LDNS_SHA512_BLOCK_LENGTH; - } - if (len > 0) { - /* There's left-overs, so save 'em */ - MEMCPY_BCOPY(context->buffer, data, len); - ADDINC128(context->bitcount, len << 3); - } - /* Clean up: */ - usedspace = freespace = 0; -} - -static void ldns_sha512_Last(ldns_sha512_CTX* context) { - size_t usedspace; - ldns_sha2_buffer_union cast_var; - - usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH; -#if BYTE_ORDER == LITTLE_ENDIAN - /* Convert FROM host byte order */ - REVERSE64(context->bitcount[0],context->bitcount[0]); - REVERSE64(context->bitcount[1],context->bitcount[1]); -#endif - if (usedspace > 0) { - /* Begin padding with a 1 bit: */ - context->buffer[usedspace++] = 0x80; - - if (usedspace <= ldns_sha512_SHORT_BLOCK_LENGTH) { - /* Set-up for the last transform: */ - MEMSET_BZERO(&context->buffer[usedspace], ldns_sha512_SHORT_BLOCK_LENGTH - usedspace); - } else { - if (usedspace < LDNS_SHA512_BLOCK_LENGTH) { - MEMSET_BZERO(&context->buffer[usedspace], LDNS_SHA512_BLOCK_LENGTH - usedspace); - } - /* Do second-to-last transform: */ - ldns_sha512_Transform(context, (sha2_word64*)context->buffer); - - /* And set-up for the last transform: */ - MEMSET_BZERO(context->buffer, LDNS_SHA512_BLOCK_LENGTH - 2); - } - } else { - /* Prepare for final transform: */ - MEMSET_BZERO(context->buffer, ldns_sha512_SHORT_BLOCK_LENGTH); - - /* Begin padding with a 1 bit: */ - *context->buffer = 0x80; - } - /* Store the length of input data (in bits): */ - cast_var.theChars = context->buffer; - cast_var.theLongs[ldns_sha512_SHORT_BLOCK_LENGTH / 8] = context->bitcount[1]; - cast_var.theLongs[ldns_sha512_SHORT_BLOCK_LENGTH / 8 + 1] = context->bitcount[0]; - - /* final transform: */ - ldns_sha512_Transform(context, (sha2_word64*)context->buffer); -} - -void ldns_sha512_final(sha2_byte digest[], ldns_sha512_CTX* context) { - sha2_word64 *d = (sha2_word64*)digest; - - /* Sanity check: */ - assert(context != (ldns_sha512_CTX*)0); - - /* If no digest buffer is passed, we don't bother doing this: */ - if (digest != (sha2_byte*)0) { - ldns_sha512_Last(context); - - /* Save the hash data for output: */ -#if BYTE_ORDER == LITTLE_ENDIAN - { - /* Convert TO host byte order */ - int j; - for (j = 0; j < 8; j++) { - REVERSE64(context->state[j],context->state[j]); - *d++ = context->state[j]; - } - } -#else - MEMCPY_BCOPY(d, context->state, LDNS_SHA512_DIGEST_LENGTH); -#endif - } - - /* Zero out state data */ - MEMSET_BZERO(context, sizeof(ldns_sha512_CTX)); -} - -unsigned char * -ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest) -{ - ldns_sha512_CTX ctx; - ldns_sha512_init(&ctx); - ldns_sha512_update(&ctx, data, data_len); - ldns_sha512_final(digest, &ctx); - return digest; -} - -/*** SHA-384: *********************************************************/ -void ldns_sha384_init(ldns_sha384_CTX* context) { - if (context == (ldns_sha384_CTX*)0) { - return; - } - MEMCPY_BCOPY(context->state, sha384_initial_hash_value, LDNS_SHA512_DIGEST_LENGTH); - MEMSET_BZERO(context->buffer, LDNS_SHA384_BLOCK_LENGTH); - context->bitcount[0] = context->bitcount[1] = 0; -} - -void ldns_sha384_update(ldns_sha384_CTX* context, const sha2_byte* data, size_t len) { - ldns_sha512_update((ldns_sha512_CTX*)context, data, len); -} - -void ldns_sha384_final(sha2_byte digest[], ldns_sha384_CTX* context) { - sha2_word64 *d = (sha2_word64*)digest; - - /* Sanity check: */ - assert(context != (ldns_sha384_CTX*)0); - - /* If no digest buffer is passed, we don't bother doing this: */ - if (digest != (sha2_byte*)0) { - ldns_sha512_Last((ldns_sha512_CTX*)context); - - /* Save the hash data for output: */ -#if BYTE_ORDER == LITTLE_ENDIAN - { - /* Convert TO host byte order */ - int j; - for (j = 0; j < 6; j++) { - REVERSE64(context->state[j],context->state[j]); - *d++ = context->state[j]; - } - } -#else - MEMCPY_BCOPY(d, context->state, LDNS_SHA384_DIGEST_LENGTH); -#endif - } - - /* Zero out state data */ - MEMSET_BZERO(context, sizeof(ldns_sha384_CTX)); -} - -unsigned char * -ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest) -{ - ldns_sha384_CTX ctx; - ldns_sha384_init(&ctx); - ldns_sha384_update(&ctx, data, data_len); - ldns_sha384_final(digest, &ctx); - return digest; -} diff --git a/src/ldns/str2host.c b/src/ldns/str2host.c deleted file mode 100644 index cd07c89..0000000 --- a/src/ldns/str2host.c +++ /dev/null @@ -1,1604 +0,0 @@ -/* - * str2host.c - * - * conversion routines from the presentation format - * to the host format - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ -#include - -#include - -#ifdef HAVE_SYS_SOCKET_H -#include -#endif -#ifdef HAVE_ARPA_INET_H -#include -#endif -#include - -#include -#ifdef HAVE_NETDB_H -#include -#endif - -#include -#ifdef HAVE_SYS_PARAM_H -#include -#endif - -ldns_status -ldns_str2rdf_int16(ldns_rdf **rd, const char *shortstr) -{ - char *end = NULL; - uint16_t *r; - r = LDNS_MALLOC(uint16_t); - if(!r) return LDNS_STATUS_MEM_ERR; - - *r = htons((uint16_t)strtol((char *)shortstr, &end, 10)); - - if(*end != 0) { - LDNS_FREE(r); - return LDNS_STATUS_INVALID_INT; - } else { - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_INT16, sizeof(uint16_t), r); - LDNS_FREE(r); - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; - } -} - -ldns_status -ldns_str2rdf_time(ldns_rdf **rd, const char *time) -{ - /* convert a time YYYYDDMMHHMMSS to wireformat */ - uint16_t *r = NULL; - struct tm tm; - uint32_t l; - char *end; - - /* Try to scan the time... */ - r = (uint16_t*)LDNS_MALLOC(uint32_t); - if(!r) return LDNS_STATUS_MEM_ERR; - - memset(&tm, 0, sizeof(tm)); - - if (strlen(time) == 14 && - sscanf(time, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) == 6 - ) { - tm.tm_year -= 1900; - tm.tm_mon--; - /* Check values */ - if (tm.tm_year < 70) { - goto bad_format; - } - if (tm.tm_mon < 0 || tm.tm_mon > 11) { - goto bad_format; - } - if (tm.tm_mday < 1 || tm.tm_mday > 31) { - goto bad_format; - } - - if (tm.tm_hour < 0 || tm.tm_hour > 23) { - goto bad_format; - } - - if (tm.tm_min < 0 || tm.tm_min > 59) { - goto bad_format; - } - - if (tm.tm_sec < 0 || tm.tm_sec > 59) { - goto bad_format; - } - - l = htonl(ldns_mktime_from_utc(&tm)); - memcpy(r, &l, sizeof(uint32_t)); - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_TIME, sizeof(uint32_t), r); - LDNS_FREE(r); - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; - } else { - /* handle it as 32 bits timestamp */ - l = htonl((uint32_t)strtol((char*)time, &end, 10)); - if(*end != 0) { - LDNS_FREE(r); - return LDNS_STATUS_ERR; - } else { - memcpy(r, &l, sizeof(uint32_t)); - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_INT32, sizeof(uint32_t), r); - LDNS_FREE(r); - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; - } - } - - bad_format: - LDNS_FREE(r); - return LDNS_STATUS_INVALID_TIME; -} - -ldns_status -ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *salt_str) -{ - uint8_t salt_length; - int c; - int salt_length_str; - - uint8_t *salt; - uint8_t *data; - if(rd == NULL) { - return LDNS_STATUS_NULL; - } - - salt_length_str = (int)strlen(salt_str); - if (salt_length_str == 1 && salt_str[0] == '-') { - salt_length_str = 0; - } else if (salt_length_str % 2 != 0) { - return LDNS_STATUS_INVALID_HEX; - } - if (salt_length_str > 512) { - return LDNS_STATUS_INVALID_HEX; - } - - salt = LDNS_XMALLOC(uint8_t, salt_length_str / 2); - if(!salt) { - return LDNS_STATUS_MEM_ERR; - } - for (c = 0; c < salt_length_str; c += 2) { - if (isxdigit((int) salt_str[c]) && isxdigit((int) salt_str[c+1])) { - salt[c/2] = (uint8_t) ldns_hexdigit_to_int(salt_str[c]) * 16 + - ldns_hexdigit_to_int(salt_str[c+1]); - } else { - LDNS_FREE(salt); - return LDNS_STATUS_INVALID_HEX; - } - } - salt_length = (uint8_t) (salt_length_str / 2); - - data = LDNS_XMALLOC(uint8_t, 1 + salt_length); - if(!data) { - LDNS_FREE(salt); - return LDNS_STATUS_MEM_ERR; - } - data[0] = salt_length; - memcpy(&data[1], salt, salt_length); - *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT, 1 + salt_length, data); - LDNS_FREE(data); - LDNS_FREE(salt); - - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; -} - -ldns_status -ldns_str2rdf_period(ldns_rdf **rd,const char *period) -{ - uint32_t p; - const char *end; - - /* Allocate required space... */ - p = ldns_str2period(period, &end); - - if (*end != 0) { - return LDNS_STATUS_ERR; - } else { - p = (uint32_t) htonl(p); - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_PERIOD, sizeof(uint32_t), &p); - } - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; -} - -ldns_status -ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr) -{ - char *end; - uint16_t *r = NULL; - uint32_t l; - - r = (uint16_t*)LDNS_MALLOC(uint32_t); - if(!r) return LDNS_STATUS_MEM_ERR; - errno = 0; /* must set to zero before call, - note race condition on errno */ - if(*longstr == '-') - l = htonl((uint32_t)strtol((char*)longstr, &end, 10)); - else l = htonl((uint32_t)strtoul((char*)longstr, &end, 10)); - - if(*end != 0) { - LDNS_FREE(r); - return LDNS_STATUS_ERR; - } else { - if (errno == ERANGE) { - LDNS_FREE(r); - return LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW; - } - memcpy(r, &l, sizeof(uint32_t)); - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_INT32, sizeof(uint32_t), r); - LDNS_FREE(r); - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; - } -} - -ldns_status -ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr) -{ - char *end; - uint8_t *r = NULL; - - r = LDNS_MALLOC(uint8_t); - if(!r) return LDNS_STATUS_MEM_ERR; - - *r = (uint8_t)strtol((char*)bytestr, &end, 10); - - if(*end != 0) { - LDNS_FREE(r); - return LDNS_STATUS_ERR; - } else { - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_INT8, sizeof(uint8_t), r); - LDNS_FREE(r); - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; - } -} - - -/* - * Checks whether the escaped value at **s is an decimal value or - * a 'normally' escaped character (and not eos) - * - * The string pointer at *s is increased by either 0 (on error), 1 (on - * normal escapes), or 3 (on decimals) - * - * Returns the number of bytes read from the escaped string, or - * 0 on error - */ -INLINE bool -parse_escape(uint8_t *ch_p, const char** str_p) -{ - uint16_t val; - - if ((*str_p)[0] && isdigit((*str_p)[0]) && - (*str_p)[1] && isdigit((*str_p)[1]) && - (*str_p)[2] && isdigit((*str_p)[2])) { - - val = (uint16_t)(((*str_p)[0] - '0') * 100 + - ((*str_p)[1] - '0') * 10 + - ((*str_p)[2] - '0')); - - if (val > 255) { - goto error; - } - *ch_p = (uint8_t)val; - *str_p += 3; - return true; - - } else if ((*str_p)[0] && !isdigit((*str_p)[0])) { - - *ch_p = (uint8_t)*(*str_p)++; - return true; - } -error: - *str_p = NULL; - return false; /* LDNS_STATUS_SYNTAX_BAD_ESCAPE */ -} - -INLINE bool -parse_char(uint8_t *ch_p, const char** str_p) -{ - switch (**str_p) { - - case '\0': return false; - - case '\\': *str_p += 1; - return parse_escape(ch_p, str_p); - - default: *ch_p = (uint8_t)*(*str_p)++; - return true; - } -} - -/* - * No special care is taken, all dots are translated into - * label seperators. - * Could be made more efficient....we do 3 memcpy's in total... - */ -ldns_status -ldns_str2rdf_dname(ldns_rdf **d, const char *str) -{ - size_t len; - - const char *s; - uint8_t *q, *pq, label_len; - uint8_t buf[LDNS_MAX_DOMAINLEN + 1]; - *d = NULL; - - len = strlen((char*)str); - /* octet representation can make strings a lot longer than actual length */ - if (len > LDNS_MAX_DOMAINLEN * 4) { - return LDNS_STATUS_DOMAINNAME_OVERFLOW; - } - if (0 == len) { - return LDNS_STATUS_DOMAINNAME_UNDERFLOW; - } - - /* root label */ - if (1 == len && *str == '.') { - *d = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, 1, "\0"); - return LDNS_STATUS_OK; - } - - /* get on with the rest */ - - /* s is on the current character in the string - * pq points to where the labellength is going to go - * label_len keeps track of the current label's length - * q builds the dname inside the buf array - */ - len = 0; - q = buf+1; - pq = buf; - label_len = 0; - for (s = str; *s; s++, q++) { - if (q > buf + LDNS_MAX_DOMAINLEN) { - return LDNS_STATUS_DOMAINNAME_OVERFLOW; - } - *q = 0; - switch (*s) { - case '.': - if (label_len > LDNS_MAX_LABELLEN) { - return LDNS_STATUS_LABEL_OVERFLOW; - } - if (label_len == 0) { - return LDNS_STATUS_EMPTY_LABEL; - } - len += label_len + 1; - *pq = label_len; - label_len = 0; - pq = q; - break; - case '\\': - /* octet value or literal char */ - s += 1; - if (! parse_escape(q, &s)) { - return LDNS_STATUS_SYNTAX_BAD_ESCAPE; - } - s -= 1; - label_len++; - break; - default: - *q = (uint8_t)*s; - label_len++; - } - } - - /* add root label if last char was not '.' */ - if (!ldns_dname_str_absolute(str)) { - if (q > buf + LDNS_MAX_DOMAINLEN) { - return LDNS_STATUS_DOMAINNAME_OVERFLOW; - } - if (label_len > LDNS_MAX_LABELLEN) { - return LDNS_STATUS_LABEL_OVERFLOW; - } - if (label_len == 0) { /* label_len 0 but not . at end? */ - return LDNS_STATUS_EMPTY_LABEL; - } - len += label_len + 1; - *pq = label_len; - *q = 0; - } - len++; - - *d = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, len, buf); - return LDNS_STATUS_OK; -} - -ldns_status -ldns_str2rdf_a(ldns_rdf **rd, const char *str) -{ - in_addr_t address; - if (inet_pton(AF_INET, (char*)str, &address) != 1) { - return LDNS_STATUS_INVALID_IP4; - } else { - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_A, sizeof(address), &address); - } - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; -} - -ldns_status -ldns_str2rdf_aaaa(ldns_rdf **rd, const char *str) -{ - uint8_t address[LDNS_IP6ADDRLEN + 1]; - - if (inet_pton(AF_INET6, (char*)str, address) != 1) { - return LDNS_STATUS_INVALID_IP6; - } else { - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_AAAA, sizeof(address) - 1, &address); - } - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; -} - -ldns_status -ldns_str2rdf_str(ldns_rdf **rd, const char *str) -{ - uint8_t *data, *dp, ch = 0; - size_t length; - - /* Worst case space requirement. We'll realloc to actual size later. */ - dp = data = LDNS_XMALLOC(uint8_t, strlen(str) > 255 ? 256 : (strlen(str) + 1)); - if (! data) { - return LDNS_STATUS_MEM_ERR; - } - - /* Fill data (up to 255 characters) */ - while (parse_char(&ch, &str)) { - if (dp - data >= 255) { - LDNS_FREE(data); - return LDNS_STATUS_INVALID_STR; - } - *++dp = ch; - } - if (! str) { - return LDNS_STATUS_SYNTAX_BAD_ESCAPE; - } - length = (size_t)(dp - data); - /* Fix last length byte */ - data[0] = (uint8_t)length; - - /* Lose the overmeasure */ - data = LDNS_XREALLOC(dp = data, uint8_t, length + 1); - if (! data) { - LDNS_FREE(dp); - return LDNS_STATUS_MEM_ERR; - } - - /* Create rdf */ - *rd = ldns_rdf_new(LDNS_RDF_TYPE_STR, length + 1, data); - if (! *rd) { - LDNS_FREE(data); - return LDNS_STATUS_MEM_ERR; - } - return LDNS_STATUS_OK; -} - -ldns_status -ldns_str2rdf_apl(ldns_rdf **rd, const char *str) -{ - const char *my_str = str; - - char *my_ip_str; - size_t ip_str_len; - - uint16_t family; - bool negation; - uint8_t afdlength = 0; - uint8_t *afdpart; - uint8_t prefix; - - uint8_t *data; - - size_t i = 0; - - /* [!]afi:address/prefix */ - if (strlen(my_str) < 2 - || strchr(my_str, ':') == NULL - || strchr(my_str, '/') == NULL - || strchr(my_str, ':') > strchr(my_str, '/')) { - return LDNS_STATUS_INVALID_STR; - } - - if (my_str[0] == '!') { - negation = true; - my_str += 1; - } else { - negation = false; - } - - family = (uint16_t) atoi(my_str); - - my_str = strchr(my_str, ':') + 1; - - /* need ip addr and only ip addr for inet_pton */ - ip_str_len = (size_t) (strchr(my_str, '/') - my_str); - my_ip_str = LDNS_XMALLOC(char, ip_str_len + 1); - if(!my_ip_str) return LDNS_STATUS_MEM_ERR; - strncpy(my_ip_str, my_str, ip_str_len + 1); - my_ip_str[ip_str_len] = '\0'; - - if (family == 1) { - /* ipv4 */ - afdpart = LDNS_XMALLOC(uint8_t, 4); - if(!afdpart) { - LDNS_FREE(my_ip_str); - return LDNS_STATUS_MEM_ERR; - } - if (inet_pton(AF_INET, my_ip_str, afdpart) == 0) { - LDNS_FREE(my_ip_str); - LDNS_FREE(afdpart); - return LDNS_STATUS_INVALID_STR; - } - for (i = 0; i < 4; i++) { - if (afdpart[i] != 0) { - afdlength = i + 1; - } - } - } else if (family == 2) { - /* ipv6 */ - afdpart = LDNS_XMALLOC(uint8_t, 16); - if(!afdpart) { - LDNS_FREE(my_ip_str); - return LDNS_STATUS_MEM_ERR; - } - if (inet_pton(AF_INET6, my_ip_str, afdpart) == 0) { - LDNS_FREE(my_ip_str); - LDNS_FREE(afdpart); - return LDNS_STATUS_INVALID_STR; - } - for (i = 0; i < 16; i++) { - if (afdpart[i] != 0) { - afdlength = i + 1; - } - } - } else { - /* unknown family */ - LDNS_FREE(my_ip_str); - return LDNS_STATUS_INVALID_STR; - } - - my_str = strchr(my_str, '/') + 1; - prefix = (uint8_t) atoi(my_str); - - data = LDNS_XMALLOC(uint8_t, 4 + afdlength); - if(!data) { - LDNS_FREE(afdpart); - LDNS_FREE(my_ip_str); - return LDNS_STATUS_INVALID_STR; - } - ldns_write_uint16(data, family); - data[2] = prefix; - data[3] = afdlength; - if (negation) { - /* set bit 1 of byte 3 */ - data[3] = data[3] | 0x80; - } - - memcpy(data + 4, afdpart, afdlength); - - *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_APL, afdlength + 4, data); - LDNS_FREE(afdpart); - LDNS_FREE(data); - LDNS_FREE(my_ip_str); - - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; -} - -ldns_status -ldns_str2rdf_b64(ldns_rdf **rd, const char *str) -{ - uint8_t *buffer; - int16_t i; - - buffer = LDNS_XMALLOC(uint8_t, ldns_b64_ntop_calculate_size(strlen(str))); - if(!buffer) { - return LDNS_STATUS_MEM_ERR; - } - - i = (uint16_t)ldns_b64_pton((const char*)str, buffer, - ldns_b64_ntop_calculate_size(strlen(str))); - if (-1 == i) { - LDNS_FREE(buffer); - return LDNS_STATUS_INVALID_B64; - } else { - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_B64, (uint16_t) i, buffer); - } - LDNS_FREE(buffer); - - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; -} - -ldns_status -ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str) -{ - uint8_t *buffer; - int i; - /* first byte contains length of actual b32 data */ - uint8_t len = ldns_b32_pton_calculate_size(strlen(str)); - buffer = LDNS_XMALLOC(uint8_t, len + 1); - if(!buffer) { - return LDNS_STATUS_MEM_ERR; - } - buffer[0] = len; - - i = ldns_b32_pton_extended_hex((const char*)str, strlen(str), buffer + 1, - ldns_b32_ntop_calculate_size(strlen(str))); - if (i < 0) { - LDNS_FREE(buffer); - return LDNS_STATUS_INVALID_B32_EXT; - } else { - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_B32_EXT, (uint16_t) i + 1, buffer); - } - LDNS_FREE(buffer); - - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; -} - -ldns_status -ldns_str2rdf_hex(ldns_rdf **rd, const char *str) -{ - uint8_t *t, *t_orig; - int i; - size_t len; - - len = strlen(str); - - if (len > LDNS_MAX_RDFLEN * 2) { - return LDNS_STATUS_LABEL_OVERFLOW; - } else { - t = LDNS_XMALLOC(uint8_t, (len / 2) + 1); - if(!t) { - return LDNS_STATUS_MEM_ERR; - } - t_orig = t; - /* Now process octet by octet... */ - while (*str) { - *t = 0; - if (isspace((int) *str)) { - str++; - } else { - for (i = 16; i >= 1; i -= 15) { - while (*str && isspace((int) *str)) { str++; } - if (*str) { - if (isxdigit((int) *str)) { - *t += ldns_hexdigit_to_int(*str) * i; - } else { - LDNS_FREE(t_orig); - return LDNS_STATUS_ERR; - } - ++str; - } - } - ++t; - } - } - *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, - (size_t) (t - t_orig), - t_orig); - LDNS_FREE(t_orig); - } - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; -} - -ldns_status -ldns_str2rdf_nsec(ldns_rdf **rd, const char *str) -{ - const char *delimiters = "\n\t "; - char *token = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN); - ldns_buffer *str_buf; - ssize_t c; - uint16_t cur_type; - size_t type_count = 0; - ldns_rr_type type_list[65536]; - if(!token) return LDNS_STATUS_MEM_ERR; - if(rd == NULL) { - LDNS_FREE(token); - return LDNS_STATUS_NULL; - } - - str_buf = LDNS_MALLOC(ldns_buffer); - if(!str_buf) { - LDNS_FREE(token); - return LDNS_STATUS_MEM_ERR; - } - ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str)); - if(ldns_buffer_status(str_buf) != LDNS_STATUS_OK) { - LDNS_FREE(str_buf); - LDNS_FREE(token); - return LDNS_STATUS_MEM_ERR; - } - - while ((c = ldns_bget_token(str_buf, token, delimiters, LDNS_MAX_RDFLEN)) != -1 && c != 0) { - if(type_count >= sizeof(type_list)) { - LDNS_FREE(str_buf); - LDNS_FREE(token); - return LDNS_STATUS_ERR; - } - cur_type = ldns_get_rr_type_by_name(token); - type_list[type_count] = cur_type; - type_count++; - } - - *rd = ldns_dnssec_create_nsec_bitmap(type_list, - type_count, - LDNS_RR_TYPE_NSEC); - - LDNS_FREE(token); - ldns_buffer_free(str_buf); - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; -} - -ldns_status -ldns_str2rdf_type(ldns_rdf **rd, const char *str) -{ - uint16_t type; - type = htons(ldns_get_rr_type_by_name(str)); - /* ldns_rr_type is a 16 bit value */ - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_TYPE, sizeof(uint16_t), &type); - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; -} - -ldns_status -ldns_str2rdf_class(ldns_rdf **rd, const char *str) -{ - uint16_t klass; - klass = htons(ldns_get_rr_class_by_name(str)); - /* class is 16 bit */ - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_CLASS, sizeof(uint16_t), &klass); - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; -} - -/* An certificate alg field can either be specified as a 8 bits number - * or by its symbolic name. Handle both - */ -ldns_status -ldns_str2rdf_cert_alg(ldns_rdf **rd, const char *str) -{ - ldns_lookup_table *lt; - ldns_status st; - uint8_t idd[2]; - lt = ldns_lookup_by_name(ldns_cert_algorithms, str); - st = LDNS_STATUS_OK; - - if (lt) { - ldns_write_uint16(idd, (uint16_t) lt->id); - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_INT16, sizeof(uint16_t), idd); - if (!*rd) { - st = LDNS_STATUS_ERR; - } - } else { - /* try as-is (a number) */ - st = ldns_str2rdf_int16(rd, str); - if (st == LDNS_STATUS_OK && - ldns_rdf2native_int16(*rd) == 0) { - st = LDNS_STATUS_CERT_BAD_ALGORITHM; - } - } - - return st; -} - -static ldns_lookup_table ldns_tlsa_certificate_usages[] = { - { LDNS_TLSA_USAGE_PKIX_TA , "PKIX-TA" }, - { LDNS_TLSA_USAGE_PKIX_EE , "PKIX-EE" }, - { LDNS_TLSA_USAGE_DANE_TA , "DANE-TA" }, - { LDNS_TLSA_USAGE_DANE_EE , "DANE-EE" }, - { LDNS_TLSA_USAGE_PRIVCERT , "PrivCert" } -}; - -static ldns_lookup_table ldns_tlsa_selectors[] = { - { LDNS_TLSA_SELECTOR_CERT , "Cert" }, - { LDNS_TLSA_SELECTOR_SPKI , "SPKI" }, - { LDNS_TLSA_SELECTOR_PRIVSEL , "PrivSel" } -}; - -static ldns_lookup_table ldns_tlsa_matching_types[] = { - { LDNS_TLSA_MATCHING_TYPE_FULL , "Full" }, - { LDNS_TLSA_MATCHING_TYPE_SHA2_256 , "SHA2-256" }, - { LDNS_TLSA_MATCHING_TYPE_SHA2_512 , "SHA2-512" }, - { LDNS_TLSA_MATCHING_TYPE_PRIVMATCH , "PrivMatch" } -}; - -static ldns_status -ldns_str2rdf_mnemonic4int8(ldns_lookup_table *lt, - ldns_rdf **rd, const char *str) -{ - if ((lt = ldns_lookup_by_name(lt, str))) { - /* it was given as a integer */ - *rd = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t) lt->id); - if (!*rd) - return LDNS_STATUS_ERR; - else - return LDNS_STATUS_OK; - } - return ldns_str2rdf_int8(rd, str); -} - -/* An alg field can either be specified as a 8 bits number - * or by its symbolic name. Handle both - */ -ldns_status -ldns_str2rdf_alg(ldns_rdf **rd, const char *str) -{ - return ldns_str2rdf_mnemonic4int8(ldns_algorithms, rd, str); -} - -ldns_status -ldns_str2rdf_certificate_usage(ldns_rdf **rd, const char *str) -{ - return ldns_str2rdf_mnemonic4int8( - ldns_tlsa_certificate_usages, rd, str); -} - -ldns_status -ldns_str2rdf_selector(ldns_rdf **rd, const char *str) -{ - return ldns_str2rdf_mnemonic4int8(ldns_tlsa_selectors, rd, str); -} - -ldns_status -ldns_str2rdf_matching_type(ldns_rdf **rd, const char *str) -{ - return ldns_str2rdf_mnemonic4int8(ldns_tlsa_matching_types, rd, str); -} - -ldns_status -ldns_str2rdf_unknown( ATTR_UNUSED(ldns_rdf **rd) - , ATTR_UNUSED(const char *str) - ) -{ - /* this should be caught in an earlier time (general str2host for - rr's */ - return LDNS_STATUS_NOT_IMPL; -} - -ldns_status -ldns_str2rdf_service( ATTR_UNUSED(ldns_rdf **rd) - , ATTR_UNUSED(const char *str) - ) -{ - /* is this used? is this actually WKS? or SRV? */ - return LDNS_STATUS_NOT_IMPL; -} - -static int -loc_parse_cm(char* my_str, char** endstr, uint8_t* m, uint8_t* e) -{ - /* read [.][mM] */ - /* into mantissa exponent format for LOC type */ - uint32_t meters = 0, cm = 0, val; - while (isblank(*my_str)) { - my_str++; - } - meters = (uint32_t)strtol(my_str, &my_str, 10); - if (*my_str == '.') { - my_str++; - cm = (uint32_t)strtol(my_str, &my_str, 10); - } - if (meters >= 1) { - *e = 2; - val = meters; - } else { - *e = 0; - val = cm; - } - while(val >= 10) { - (*e)++; - val /= 10; - } - *m = (uint8_t)val; - - if (*e > 9) - return 0; - if (*my_str == 'm' || *my_str == 'M') { - my_str++; - } - *endstr = my_str; - return 1; -} - -ldns_status -ldns_str2rdf_loc(ldns_rdf **rd, const char *str) -{ - uint32_t latitude = 0; - uint32_t longitude = 0; - uint32_t altitude = 0; - - uint8_t *data; - uint32_t equator = (uint32_t) ldns_power(2, 31); - - uint32_t h = 0; - uint32_t m = 0; - uint8_t size_b = 1, size_e = 2; - uint8_t horiz_pre_b = 1, horiz_pre_e = 6; - uint8_t vert_pre_b = 1, vert_pre_e = 3; - - double s = 0.0; - bool northerness; - bool easterness; - - char *my_str = (char *) str; - - /* only support version 0 */ - if (isdigit((int) *my_str)) { - h = (uint32_t) strtol(my_str, &my_str, 10); - } else { - return LDNS_STATUS_INVALID_STR; - } - - while (isblank((int) *my_str)) { - my_str++; - } - - if (isdigit((int) *my_str)) { - m = (uint32_t) strtol(my_str, &my_str, 10); - } else if (*my_str == 'N' || *my_str == 'S') { - goto north; - } else { - return LDNS_STATUS_INVALID_STR; - } - - while (isblank((int) *my_str)) { - my_str++; - } - - if (isdigit((int) *my_str)) { - s = strtod(my_str, &my_str); - } -north: - while (isblank((int) *my_str)) { - my_str++; - } - - if (*my_str == 'N') { - northerness = true; - } else if (*my_str == 'S') { - northerness = false; - } else { - return LDNS_STATUS_INVALID_STR; - } - - my_str++; - - /* store number */ - s = 1000.0 * s; - /* add a little to make floor in conversion a round */ - s += 0.0005; - latitude = (uint32_t) s; - latitude += 1000 * 60 * m; - latitude += 1000 * 60 * 60 * h; - if (northerness) { - latitude = equator + latitude; - } else { - latitude = equator - latitude; - } - while (isblank(*my_str)) { - my_str++; - } - - if (isdigit((int) *my_str)) { - h = (uint32_t) strtol(my_str, &my_str, 10); - } else { - return LDNS_STATUS_INVALID_STR; - } - - while (isblank((int) *my_str)) { - my_str++; - } - - if (isdigit((int) *my_str)) { - m = (uint32_t) strtol(my_str, &my_str, 10); - } else if (*my_str == 'E' || *my_str == 'W') { - goto east; - } else { - return LDNS_STATUS_INVALID_STR; - } - - while (isblank(*my_str)) { - my_str++; - } - - if (isdigit((int) *my_str)) { - s = strtod(my_str, &my_str); - } - -east: - while (isblank(*my_str)) { - my_str++; - } - - if (*my_str == 'E') { - easterness = true; - } else if (*my_str == 'W') { - easterness = false; - } else { - return LDNS_STATUS_INVALID_STR; - } - - my_str++; - - /* store number */ - s *= 1000.0; - /* add a little to make floor in conversion a round */ - s += 0.0005; - longitude = (uint32_t) s; - longitude += 1000 * 60 * m; - longitude += 1000 * 60 * 60 * h; - - if (easterness) { - longitude += equator; - } else { - longitude = equator - longitude; - } - - altitude = (uint32_t)(strtod(my_str, &my_str)*100.0 + - 10000000.0 + 0.5); - if (*my_str == 'm' || *my_str == 'M') { - my_str++; - } - - if (strlen(my_str) > 0) { - if(!loc_parse_cm(my_str, &my_str, &size_b, &size_e)) - return LDNS_STATUS_INVALID_STR; - } - - if (strlen(my_str) > 0) { - if(!loc_parse_cm(my_str, &my_str, &horiz_pre_b, &horiz_pre_e)) - return LDNS_STATUS_INVALID_STR; - } - - if (strlen(my_str) > 0) { - if(!loc_parse_cm(my_str, &my_str, &vert_pre_b, &vert_pre_e)) - return LDNS_STATUS_INVALID_STR; - } - - data = LDNS_XMALLOC(uint8_t, 16); - if(!data) { - return LDNS_STATUS_MEM_ERR; - } - data[0] = 0; - data[1] = 0; - data[1] = ((size_b << 4) & 0xf0) | (size_e & 0x0f); - data[2] = ((horiz_pre_b << 4) & 0xf0) | (horiz_pre_e & 0x0f); - data[3] = ((vert_pre_b << 4) & 0xf0) | (vert_pre_e & 0x0f); - ldns_write_uint32(data + 4, latitude); - ldns_write_uint32(data + 8, longitude); - ldns_write_uint32(data + 12, altitude); - - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_LOC, 16, data); - - LDNS_FREE(data); - return *rd?LDNS_STATUS_OK:LDNS_STATUS_MEM_ERR; -} - -ldns_status -ldns_str2rdf_wks(ldns_rdf **rd, const char *str) -{ - uint8_t *bitmap = NULL; - uint8_t *data; - int bm_len = 0; - - struct protoent *proto = NULL; - struct servent *serv = NULL; - int serv_port; - - ldns_buffer *str_buf; - - char *proto_str = NULL; - char *token; - if(strlen(str) == 0) - token = LDNS_XMALLOC(char, 50); - else token = LDNS_XMALLOC(char, strlen(str)+2); - if(!token) return LDNS_STATUS_MEM_ERR; - - str_buf = LDNS_MALLOC(ldns_buffer); - if(!str_buf) {LDNS_FREE(token); return LDNS_STATUS_MEM_ERR;} - ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str)); - if(ldns_buffer_status(str_buf) != LDNS_STATUS_OK) { - LDNS_FREE(str_buf); - LDNS_FREE(token); - return LDNS_STATUS_MEM_ERR; - } - - while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) { - if (!proto_str) { - proto_str = strdup(token); - if (!proto_str) { - LDNS_FREE(bitmap); - LDNS_FREE(token); - ldns_buffer_free(str_buf); - return LDNS_STATUS_INVALID_STR; - } - } else { - serv = getservbyname(token, proto_str); - if (serv) { - serv_port = (int) ntohs((uint16_t) serv->s_port); - } else { - serv_port = atoi(token); - } - if (serv_port / 8 >= bm_len) { - uint8_t *b2 = LDNS_XREALLOC(bitmap, uint8_t, (serv_port / 8) + 1); - if(!b2) { - LDNS_FREE(bitmap); - LDNS_FREE(token); - ldns_buffer_free(str_buf); - free(proto_str); - return LDNS_STATUS_INVALID_STR; - } - bitmap = b2; - /* set to zero to be sure */ - for (; bm_len <= serv_port / 8; bm_len++) { - bitmap[bm_len] = 0; - } - } - ldns_set_bit(bitmap + (serv_port / 8), 7 - (serv_port % 8), true); - } - } - - if (!proto_str || !bitmap) { - LDNS_FREE(bitmap); - LDNS_FREE(token); - ldns_buffer_free(str_buf); - free(proto_str); - return LDNS_STATUS_INVALID_STR; - } - - data = LDNS_XMALLOC(uint8_t, bm_len + 1); - if(!data) { - LDNS_FREE(token); - ldns_buffer_free(str_buf); - LDNS_FREE(bitmap); - free(proto_str); - return LDNS_STATUS_INVALID_STR; - } - if (proto_str) - proto = getprotobyname(proto_str); - if (proto) { - data[0] = (uint8_t) proto->p_proto; - } else if (proto_str) { - data[0] = (uint8_t) atoi(proto_str); - } - memcpy(data + 1, bitmap, (size_t) bm_len); - - *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_WKS, (uint16_t) (bm_len + 1), data); - - LDNS_FREE(data); - LDNS_FREE(token); - ldns_buffer_free(str_buf); - LDNS_FREE(bitmap); - free(proto_str); -#ifdef HAVE_ENDSERVENT - endservent(); -#endif -#ifdef HAVE_ENDPROTOENT - endprotoent(); -#endif - - if(!*rd) return LDNS_STATUS_MEM_ERR; - - return LDNS_STATUS_OK; -} - -ldns_status -ldns_str2rdf_nsap(ldns_rdf **rd, const char *str) -{ - size_t len, i; - char* nsap_str = (char*) str; - - /* just a hex string with optional dots? */ - if (str[0] != '0' || str[1] != 'x') { - return LDNS_STATUS_INVALID_STR; - } else { - len = strlen(str); - for (i=0; i < len; i++) { - if (nsap_str[i] == '.') - nsap_str[i] = ' '; - } - return ldns_str2rdf_hex(rd, str+2); - } -} - -ldns_status -ldns_str2rdf_atma(ldns_rdf **rd, const char *str) -{ - size_t len, i; - char* atma_str = (char*) str; - ldns_status status; - - /* just a hex string with optional dots? */ - len = strlen(str); - for (i=0; i < len; i++) { - if (atma_str[i] == '.') - atma_str[i] = ' '; - } - status = ldns_str2rdf_hex(rd, str); - if (status != LDNS_STATUS_OK) { - ; /* probably in e.164 format than */ - } - return status; -} - -ldns_status -ldns_str2rdf_ipseckey(ldns_rdf **rd, const char *str) -{ - uint8_t precedence = 0; - uint8_t gateway_type = 0; - uint8_t algorithm = 0; - char* gateway = NULL; - char* publickey = NULL; - uint8_t *data; - ldns_buffer *str_buf; - char *token; - int token_count = 0; - int ipseckey_len = 0; - ldns_rdf* gateway_rdf = NULL; - ldns_rdf* publickey_rdf = NULL; - ldns_status status = LDNS_STATUS_OK; - - if(strlen(str) == 0) - token = LDNS_XMALLOC(char, 256); - else token = LDNS_XMALLOC(char, strlen(str)+2); - if(!token) return LDNS_STATUS_MEM_ERR; - - str_buf = LDNS_MALLOC(ldns_buffer); - if(!str_buf) {LDNS_FREE(token); return LDNS_STATUS_MEM_ERR;} - ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str)); - if(ldns_buffer_status(str_buf) != LDNS_STATUS_OK) { - LDNS_FREE(str_buf); - LDNS_FREE(token); - return LDNS_STATUS_MEM_ERR; - } - while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) { - switch (token_count) { - case 0: - precedence = (uint8_t)atoi(token); - break; - case 1: - gateway_type = (uint8_t)atoi(token); - break; - case 2: - algorithm = (uint8_t)atoi(token); - break; - case 3: - gateway = strdup(token); - if (!gateway || (gateway_type == 0 && - (token[0] != '.' || token[1] != '\0'))) { - LDNS_FREE(gateway); - LDNS_FREE(token); - ldns_buffer_free(str_buf); - return LDNS_STATUS_INVALID_STR; - } - break; - case 4: - publickey = strdup(token); - break; - default: - LDNS_FREE(token); - ldns_buffer_free(str_buf); - return LDNS_STATUS_INVALID_STR; - break; - } - token_count++; - } - - if (!gateway || !publickey) { - if (gateway) - LDNS_FREE(gateway); - if (publickey) - LDNS_FREE(publickey); - LDNS_FREE(token); - ldns_buffer_free(str_buf); - return LDNS_STATUS_INVALID_STR; - } - - if (gateway_type == 1) { - status = ldns_str2rdf_a(&gateway_rdf, gateway); - } else if (gateway_type == 2) { - status = ldns_str2rdf_aaaa(&gateway_rdf, gateway); - } else if (gateway_type == 3) { - status = ldns_str2rdf_dname(&gateway_rdf, gateway); - } - - if (status != LDNS_STATUS_OK) { - if (gateway) - LDNS_FREE(gateway); - if (publickey) - LDNS_FREE(publickey); - LDNS_FREE(token); - ldns_buffer_free(str_buf); - return LDNS_STATUS_INVALID_STR; - } - - status = ldns_str2rdf_b64(&publickey_rdf, publickey); - - if (status != LDNS_STATUS_OK) { - if (gateway) - LDNS_FREE(gateway); - if (publickey) - LDNS_FREE(publickey); - LDNS_FREE(token); - ldns_buffer_free(str_buf); - if (gateway_rdf) ldns_rdf_free(gateway_rdf); - return LDNS_STATUS_INVALID_STR; - } - - /* now copy all into one ipseckey rdf */ - if (gateway_type) - ipseckey_len = 3 + (int)ldns_rdf_size(gateway_rdf) + (int)ldns_rdf_size(publickey_rdf); - else - ipseckey_len = 3 + (int)ldns_rdf_size(publickey_rdf); - - data = LDNS_XMALLOC(uint8_t, ipseckey_len); - if(!data) { - if (gateway) - LDNS_FREE(gateway); - if (publickey) - LDNS_FREE(publickey); - LDNS_FREE(token); - ldns_buffer_free(str_buf); - if (gateway_rdf) ldns_rdf_free(gateway_rdf); - if (publickey_rdf) ldns_rdf_free(publickey_rdf); - return LDNS_STATUS_MEM_ERR; - } - - data[0] = precedence; - data[1] = gateway_type; - data[2] = algorithm; - - if (gateway_type) { - memcpy(data + 3, - ldns_rdf_data(gateway_rdf), ldns_rdf_size(gateway_rdf)); - memcpy(data + 3 + ldns_rdf_size(gateway_rdf), - ldns_rdf_data(publickey_rdf), ldns_rdf_size(publickey_rdf)); - } else { - memcpy(data + 3, - ldns_rdf_data(publickey_rdf), ldns_rdf_size(publickey_rdf)); - } - - *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_IPSECKEY, (uint16_t) ipseckey_len, data); - - if (gateway) - LDNS_FREE(gateway); - if (publickey) - LDNS_FREE(publickey); - LDNS_FREE(token); - ldns_buffer_free(str_buf); - ldns_rdf_free(gateway_rdf); - ldns_rdf_free(publickey_rdf); - LDNS_FREE(data); - if(!*rd) return LDNS_STATUS_MEM_ERR; - return LDNS_STATUS_OK; -} - -ldns_status -ldns_str2rdf_ilnp64(ldns_rdf **rd, const char *str) -{ - unsigned int a, b, c, d; - uint16_t shorts[4]; - int l; - - if (sscanf(str, "%4x:%4x:%4x:%4x%n", &a, &b, &c, &d, &l) != 4 || - l != (int)strlen(str) || /* more data to read */ - strpbrk(str, "+-") /* signed hexes */ - ) { - return LDNS_STATUS_INVALID_ILNP64; - } else { - shorts[0] = htons(a); - shorts[1] = htons(b); - shorts[2] = htons(c); - shorts[3] = htons(d); - *rd = ldns_rdf_new_frm_data( - LDNS_RDF_TYPE_ILNP64, 4 * sizeof(uint16_t), &shorts); - } - return *rd ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; -} - -ldns_status -ldns_str2rdf_eui48(ldns_rdf **rd, const char *str) -{ - unsigned int a, b, c, d, e, f; - uint8_t bytes[6]; - int l; - - if (sscanf(str, "%2x-%2x-%2x-%2x-%2x-%2x%n", - &a, &b, &c, &d, &e, &f, &l) != 6 || - l != (int)strlen(str)) { - return LDNS_STATUS_INVALID_EUI48; - } else { - bytes[0] = a; - bytes[1] = b; - bytes[2] = c; - bytes[3] = d; - bytes[4] = e; - bytes[5] = f; - *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_EUI48, 6, &bytes); - } - return *rd ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; -} - -ldns_status -ldns_str2rdf_eui64(ldns_rdf **rd, const char *str) -{ - unsigned int a, b, c, d, e, f, g, h; - uint8_t bytes[8]; - int l; - - if (sscanf(str, "%2x-%2x-%2x-%2x-%2x-%2x-%2x-%2x%n", - &a, &b, &c, &d, &e, &f, &g, &h, &l) != 8 || - l != (int)strlen(str)) { - return LDNS_STATUS_INVALID_EUI64; - } else { - bytes[0] = a; - bytes[1] = b; - bytes[2] = c; - bytes[3] = d; - bytes[4] = e; - bytes[5] = f; - bytes[6] = g; - bytes[7] = h; - *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_EUI64, 8, &bytes); - } - return *rd ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; -} - -ldns_status -ldns_str2rdf_tag(ldns_rdf **rd, const char *str) -{ - uint8_t *data; - const char* ptr; - - if (strlen(str) > 255) { - return LDNS_STATUS_INVALID_TAG; - } - for (ptr = str; *ptr; ptr++) { - if (! isalnum(*ptr)) { - return LDNS_STATUS_INVALID_TAG; - } - } - data = LDNS_XMALLOC(uint8_t, strlen(str) + 1); - if (!data) { - return LDNS_STATUS_MEM_ERR; - } - data[0] = strlen(str); - memcpy(data + 1, str, strlen(str)); - - *rd = ldns_rdf_new(LDNS_RDF_TYPE_TAG, strlen(str) + 1, data); - if (!*rd) { - LDNS_FREE(data); - return LDNS_STATUS_MEM_ERR; - } - return LDNS_STATUS_OK; -} - -ldns_status -ldns_str2rdf_long_str(ldns_rdf **rd, const char *str) -{ - uint8_t *data, *dp, ch = 0; - size_t length; - - /* Worst case space requirement. We'll realloc to actual size later. */ - dp = data = LDNS_XMALLOC(uint8_t, strlen(str)); - if (! data) { - return LDNS_STATUS_MEM_ERR; - } - - /* Fill data with parsed bytes */ - while (parse_char(&ch, &str)) { - *dp++ = ch; - if (dp - data > LDNS_MAX_RDFLEN) { - LDNS_FREE(data); - return LDNS_STATUS_INVALID_STR; - } - } - if (! str) { - return LDNS_STATUS_SYNTAX_BAD_ESCAPE; - } - length = (size_t)(dp - data); - - /* Lose the overmeasure */ - data = LDNS_XREALLOC(dp = data, uint8_t, length); - if (! data) { - LDNS_FREE(dp); - return LDNS_STATUS_MEM_ERR; - } - - /* Create rdf */ - *rd = ldns_rdf_new(LDNS_RDF_TYPE_LONG_STR, length, data); - if (! *rd) { - LDNS_FREE(data); - return LDNS_STATUS_MEM_ERR; - } - return LDNS_STATUS_OK; -} - -ldns_status -ldns_str2rdf_hip(ldns_rdf **rd, const char *str) -{ - const char *hit = strchr(str, ' ') + 1; - const char *pk = hit == NULL ? NULL : strchr(hit, ' ') + 1; - size_t hit_size = hit == NULL ? 0 - : pk == NULL ? strlen(hit) : (size_t) (pk - hit) - 1; - size_t pk_size = pk == NULL ? 0 : strlen(pk); - size_t hit_wire_size = (hit_size + 1) / 2; - size_t pk_wire_size = ldns_b64_pton_calculate_size(pk_size); - size_t rdf_size = 4 + hit_wire_size + pk_wire_size; - - char *endptr; /* utility var for strtol usage */ - int algorithm = strtol(str, &endptr, 10); - - uint8_t *data, *dp; - int hi, lo, written; - - if (hit_size == 0 || pk_size == 0 || (hit_size + 1) / 2 > 255 - || rdf_size > LDNS_MAX_RDFLEN - || algorithm < 0 || algorithm > 255 - || (errno != 0 && algorithm == 0) /* out of range */ - || endptr == str /* no digits */) { - - return LDNS_STATUS_SYNTAX_ERR; - } - if ((data = LDNS_XMALLOC(uint8_t, rdf_size)) == NULL) { - - return LDNS_STATUS_MEM_ERR; - } - /* From RFC 5205 section 5. HIP RR Storage Format: - ************************************************* - - 0 1 2 3 - 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | HIT length | PK algorithm | PK length | - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | | - ~ HIT ~ - | | - + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | | | - +-+-+-+-+-+-+-+-+-+-+-+ + - | Public Key | - ~ ~ - | | - + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | | | - +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + - | | - ~ Rendezvous Servers ~ - | | - + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | | - +-+-+-+-+-+-+-+ */ - - data[0] = (uint8_t) hit_wire_size; - data[1] = (uint8_t) algorithm; - - for (dp = data + 4; *hit && *hit != ' '; dp++) { - - if ((hi = ldns_hexdigit_to_int(*hit++)) == -1 || - (lo = ldns_hexdigit_to_int(*hit++)) == -1) { - - LDNS_FREE(data); - return LDNS_STATUS_INVALID_HEX; - } - *dp = (uint8_t) hi << 4 | lo; - } - if ((written = ldns_b64_pton(pk, dp, pk_wire_size)) <= 0) { - - LDNS_FREE(data); - return LDNS_STATUS_INVALID_B64; - } - - /* Because ldns_b64_pton_calculate_size isn't always correct: - * (we have to fix it at some point) - */ - pk_wire_size = (uint16_t) written; - ldns_write_uint16(data + 2, pk_wire_size); - rdf_size = 4 + hit_wire_size + pk_wire_size; - - /* Create rdf */ - if (! (*rd = ldns_rdf_new(LDNS_RDF_TYPE_HIP, rdf_size, data))) { - - LDNS_FREE(data); - return LDNS_STATUS_MEM_ERR; - } - return LDNS_STATUS_OK; -} diff --git a/src/ldns/tsig.c b/src/ldns/tsig.c deleted file mode 100644 index 53aa85e..0000000 --- a/src/ldns/tsig.c +++ /dev/null @@ -1,470 +0,0 @@ -/* - * tsig.c - * - * contains the functions needed for TSIG [RFC2845] - * - * (c) 2005-2006 NLnet Labs - * See the file LICENSE for the license - */ - -#include - -#include - -#include - -#ifdef HAVE_SSL -#include -#include -#endif /* HAVE_SSL */ - -char * -ldns_tsig_algorithm(ldns_tsig_credentials *tc) -{ - return tc->algorithm; -} - -char * -ldns_tsig_keyname(ldns_tsig_credentials *tc) -{ - return tc->keyname; -} - -char * -ldns_tsig_keydata(ldns_tsig_credentials *tc) -{ - return tc->keydata; -} - -char * -ldns_tsig_keyname_clone(ldns_tsig_credentials *tc) -{ - return strdup(tc->keyname); -} - -char * -ldns_tsig_keydata_clone(ldns_tsig_credentials *tc) -{ - return strdup(tc->keydata); -} - -/* - * Makes an exact copy of the wire, but with the tsig rr removed - */ -static uint8_t * -ldns_tsig_prepare_pkt_wire(uint8_t *wire, size_t wire_len, size_t *result_len) -{ - uint8_t *wire2 = NULL; - uint16_t qd_count; - uint16_t an_count; - uint16_t ns_count; - uint16_t ar_count; - ldns_rr *rr; - - size_t pos; - uint16_t i; - - ldns_status status; - - if(wire_len < LDNS_HEADER_SIZE) { - return NULL; - } - /* fake parse the wire */ - qd_count = LDNS_QDCOUNT(wire); - an_count = LDNS_ANCOUNT(wire); - ns_count = LDNS_NSCOUNT(wire); - ar_count = LDNS_ARCOUNT(wire); - - if (ar_count > 0) { - ar_count--; - } else { - return NULL; - } - - pos = LDNS_HEADER_SIZE; - - for (i = 0; i < qd_count; i++) { - status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_QUESTION); - if (status != LDNS_STATUS_OK) { - return NULL; - } - ldns_rr_free(rr); - } - - for (i = 0; i < an_count; i++) { - status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_ANSWER); - if (status != LDNS_STATUS_OK) { - return NULL; - } - ldns_rr_free(rr); - } - - for (i = 0; i < ns_count; i++) { - status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_AUTHORITY); - if (status != LDNS_STATUS_OK) { - return NULL; - } - ldns_rr_free(rr); - } - - for (i = 0; i < ar_count; i++) { - status = ldns_wire2rr(&rr, wire, wire_len, &pos, - LDNS_SECTION_ADDITIONAL); - if (status != LDNS_STATUS_OK) { - return NULL; - } - ldns_rr_free(rr); - } - - *result_len = pos; - wire2 = LDNS_XMALLOC(uint8_t, *result_len); - if(!wire2) { - return NULL; - } - memcpy(wire2, wire, *result_len); - - ldns_write_uint16(wire2 + LDNS_ARCOUNT_OFF, ar_count); - - return wire2; -} - -#ifdef HAVE_SSL -static const EVP_MD * -ldns_digest_function(char *name) -{ - /* these are the mandatory algorithms from RFC4635 */ - /* The optional algorithms are not yet implemented */ - if (strcasecmp(name, "hmac-sha256.") == 0) { -#ifdef HAVE_EVP_SHA256 - return EVP_sha256(); -#else - return NULL; -#endif - } else if (strcasecmp(name, "hmac-sha1.") == 0) { - return EVP_sha1(); - } else if (strcasecmp(name, "hmac-md5.sig-alg.reg.int.") == 0) { - return EVP_md5(); - } else { - return NULL; - } -} -#endif - -#ifdef HAVE_SSL -static ldns_status -ldns_tsig_mac_new(ldns_rdf **tsig_mac, uint8_t *pkt_wire, size_t pkt_wire_size, - const char *key_data, ldns_rdf *key_name_rdf, ldns_rdf *fudge_rdf, - ldns_rdf *algorithm_rdf, ldns_rdf *time_signed_rdf, ldns_rdf *error_rdf, - ldns_rdf *other_data_rdf, ldns_rdf *orig_mac_rdf, int tsig_timers_only) -{ - ldns_status status; - char *wireformat; - int wiresize; - unsigned char *mac_bytes = NULL; - unsigned char *key_bytes = NULL; - int key_size; - const EVP_MD *digester; - char *algorithm_name = NULL; - unsigned int md_len = EVP_MAX_MD_SIZE; - ldns_rdf *result = NULL; - ldns_buffer *data_buffer = NULL; - ldns_rdf *canonical_key_name_rdf = NULL; - ldns_rdf *canonical_algorithm_rdf = NULL; - - if (key_name_rdf == NULL || algorithm_rdf == NULL) { - return LDNS_STATUS_NULL; - } - canonical_key_name_rdf = ldns_rdf_clone(key_name_rdf); - if (canonical_key_name_rdf == NULL) { - return LDNS_STATUS_MEM_ERR; - } - canonical_algorithm_rdf = ldns_rdf_clone(algorithm_rdf); - if (canonical_algorithm_rdf == NULL) { - ldns_rdf_deep_free(canonical_key_name_rdf); - return LDNS_STATUS_MEM_ERR; - } - /* - * prepare the digestable information - */ - data_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); - if (!data_buffer) { - status = LDNS_STATUS_MEM_ERR; - goto clean; - } - /* if orig_mac is not NULL, add it too */ - if (orig_mac_rdf) { - (void) ldns_rdf2buffer_wire(data_buffer, orig_mac_rdf); - } - ldns_buffer_write(data_buffer, pkt_wire, pkt_wire_size); - if (!tsig_timers_only) { - ldns_dname2canonical(canonical_key_name_rdf); - (void)ldns_rdf2buffer_wire(data_buffer, - canonical_key_name_rdf); - ldns_buffer_write_u16(data_buffer, LDNS_RR_CLASS_ANY); - ldns_buffer_write_u32(data_buffer, 0); - ldns_dname2canonical(canonical_algorithm_rdf); - (void)ldns_rdf2buffer_wire(data_buffer, - canonical_algorithm_rdf); - } - (void)ldns_rdf2buffer_wire(data_buffer, time_signed_rdf); - (void)ldns_rdf2buffer_wire(data_buffer, fudge_rdf); - if (!tsig_timers_only) { - (void)ldns_rdf2buffer_wire(data_buffer, error_rdf); - (void)ldns_rdf2buffer_wire(data_buffer, other_data_rdf); - } - - wireformat = (char *) data_buffer->_data; - wiresize = (int) ldns_buffer_position(data_buffer); - - algorithm_name = ldns_rdf2str(algorithm_rdf); - if(!algorithm_name) { - status = LDNS_STATUS_MEM_ERR; - goto clean; - } - - /* prepare the key */ - key_bytes = LDNS_XMALLOC(unsigned char, - ldns_b64_pton_calculate_size(strlen(key_data))); - if(!key_bytes) { - status = LDNS_STATUS_MEM_ERR; - goto clean; - } - key_size = ldns_b64_pton(key_data, key_bytes, - ldns_b64_pton_calculate_size(strlen(key_data))); - if (key_size < 0) { - status = LDNS_STATUS_INVALID_B64; - goto clean; - } - /* hmac it */ - /* 2 spare bytes for the length */ - mac_bytes = LDNS_XMALLOC(unsigned char, md_len+2); - if(!mac_bytes) { - status = LDNS_STATUS_MEM_ERR; - goto clean; - } - memset(mac_bytes, 0, md_len+2); - - digester = ldns_digest_function(algorithm_name); - - if (digester) { - (void) HMAC(digester, key_bytes, key_size, (void *)wireformat, - (size_t) wiresize, mac_bytes + 2, &md_len); - - ldns_write_uint16(mac_bytes, md_len); - result = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16_DATA, md_len + 2, - mac_bytes); - } else { - status = LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; - goto clean; - } - *tsig_mac = result; - status = LDNS_STATUS_OK; - clean: - LDNS_FREE(mac_bytes); - LDNS_FREE(key_bytes); - LDNS_FREE(algorithm_name); - ldns_buffer_free(data_buffer); - ldns_rdf_deep_free(canonical_algorithm_rdf); - ldns_rdf_deep_free(canonical_key_name_rdf); - return status; -} -#endif /* HAVE_SSL */ - - -#ifdef HAVE_SSL -bool -ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char *key_name, - const char *key_data, ldns_rdf *orig_mac_rdf) -{ - return ldns_pkt_tsig_verify_next(pkt, wire, wirelen, key_name, key_data, orig_mac_rdf, 0); -} - -bool -ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char* key_name, - const char *key_data, ldns_rdf *orig_mac_rdf, int tsig_timers_only) -{ - ldns_rdf *fudge_rdf; - ldns_rdf *algorithm_rdf; - ldns_rdf *time_signed_rdf; - ldns_rdf *orig_id_rdf; - ldns_rdf *error_rdf; - ldns_rdf *other_data_rdf; - ldns_rdf *pkt_mac_rdf; - ldns_rdf *my_mac_rdf; - ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name); - uint16_t pkt_id, orig_pkt_id; - ldns_status status; - - uint8_t *prepared_wire = NULL; - size_t prepared_wire_size = 0; - - ldns_rr *orig_tsig = ldns_pkt_tsig(pkt); - - if (!orig_tsig || ldns_rr_rd_count(orig_tsig) <= 6) { - ldns_rdf_deep_free(key_name_rdf); - return false; - } - algorithm_rdf = ldns_rr_rdf(orig_tsig, 0); - time_signed_rdf = ldns_rr_rdf(orig_tsig, 1); - fudge_rdf = ldns_rr_rdf(orig_tsig, 2); - pkt_mac_rdf = ldns_rr_rdf(orig_tsig, 3); - orig_id_rdf = ldns_rr_rdf(orig_tsig, 4); - error_rdf = ldns_rr_rdf(orig_tsig, 5); - other_data_rdf = ldns_rr_rdf(orig_tsig, 6); - - /* remove temporarily */ - ldns_pkt_set_tsig(pkt, NULL); - /* temporarily change the id to the original id */ - pkt_id = ldns_pkt_id(pkt); - orig_pkt_id = ldns_rdf2native_int16(orig_id_rdf); - ldns_pkt_set_id(pkt, orig_pkt_id); - - prepared_wire = ldns_tsig_prepare_pkt_wire(wire, wirelen, &prepared_wire_size); - - status = ldns_tsig_mac_new(&my_mac_rdf, prepared_wire, prepared_wire_size, - key_data, key_name_rdf, fudge_rdf, algorithm_rdf, - time_signed_rdf, error_rdf, other_data_rdf, orig_mac_rdf, tsig_timers_only); - - LDNS_FREE(prepared_wire); - - if (status != LDNS_STATUS_OK) { - ldns_rdf_deep_free(key_name_rdf); - return false; - } - /* Put back the values */ - ldns_pkt_set_tsig(pkt, orig_tsig); - ldns_pkt_set_id(pkt, pkt_id); - - ldns_rdf_deep_free(key_name_rdf); - - if (ldns_rdf_compare(pkt_mac_rdf, my_mac_rdf) == 0) { - ldns_rdf_deep_free(my_mac_rdf); - return true; - } else { - ldns_rdf_deep_free(my_mac_rdf); - return false; - } -} -#endif /* HAVE_SSL */ - -#ifdef HAVE_SSL -ldns_status -ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, - uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac) -{ - return ldns_pkt_tsig_sign_next(pkt, key_name, key_data, fudge, algorithm_name, query_mac, 0); -} - -ldns_status -ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, - uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only) -{ - ldns_rr *tsig_rr; - ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name); - ldns_rdf *fudge_rdf = NULL; - ldns_rdf *orig_id_rdf = NULL; - ldns_rdf *algorithm_rdf; - ldns_rdf *error_rdf = NULL; - ldns_rdf *mac_rdf = NULL; - ldns_rdf *other_data_rdf = NULL; - - ldns_status status = LDNS_STATUS_OK; - - uint8_t *pkt_wire = NULL; - size_t pkt_wire_len; - - struct timeval tv_time_signed; - uint8_t *time_signed = NULL; - ldns_rdf *time_signed_rdf = NULL; - - algorithm_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, algorithm_name); - if(!key_name_rdf || !algorithm_rdf) { - status = LDNS_STATUS_MEM_ERR; - goto clean; - } - - /* eww don't have create tsigtime rdf yet :( */ - /* bleh :p */ - if (gettimeofday(&tv_time_signed, NULL) == 0) { - time_signed = LDNS_XMALLOC(uint8_t, 6); - if(!time_signed) { - status = LDNS_STATUS_MEM_ERR; - goto clean; - } - ldns_write_uint64_as_uint48(time_signed, - (uint64_t)tv_time_signed.tv_sec); - } else { - status = LDNS_STATUS_INTERNAL_ERR; - goto clean; - } - - time_signed_rdf = ldns_rdf_new(LDNS_RDF_TYPE_TSIGTIME, 6, time_signed); - if(!time_signed_rdf) { - LDNS_FREE(time_signed); - status = LDNS_STATUS_MEM_ERR; - goto clean; - } - - fudge_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, fudge); - - orig_id_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, ldns_pkt_id(pkt)); - - error_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, 0); - - other_data_rdf = ldns_native2rdf_int16_data(0, NULL); - - if(!fudge_rdf || !orig_id_rdf || !error_rdf || !other_data_rdf) { - status = LDNS_STATUS_MEM_ERR; - goto clean; - } - - if (ldns_pkt2wire(&pkt_wire, pkt, &pkt_wire_len) != LDNS_STATUS_OK) { - status = LDNS_STATUS_ERR; - goto clean; - } - - status = ldns_tsig_mac_new(&mac_rdf, pkt_wire, pkt_wire_len, - key_data, key_name_rdf, fudge_rdf, algorithm_rdf, - time_signed_rdf, error_rdf, other_data_rdf, query_mac, tsig_timers_only); - - if (!mac_rdf) { - goto clean; - } - - LDNS_FREE(pkt_wire); - - /* Create the TSIG RR */ - tsig_rr = ldns_rr_new(); - if(!tsig_rr) { - status = LDNS_STATUS_MEM_ERR; - goto clean; - } - ldns_rr_set_owner(tsig_rr, key_name_rdf); - ldns_rr_set_class(tsig_rr, LDNS_RR_CLASS_ANY); - ldns_rr_set_type(tsig_rr, LDNS_RR_TYPE_TSIG); - ldns_rr_set_ttl(tsig_rr, 0); - - ldns_rr_push_rdf(tsig_rr, algorithm_rdf); - ldns_rr_push_rdf(tsig_rr, time_signed_rdf); - ldns_rr_push_rdf(tsig_rr, fudge_rdf); - ldns_rr_push_rdf(tsig_rr, mac_rdf); - ldns_rr_push_rdf(tsig_rr, orig_id_rdf); - ldns_rr_push_rdf(tsig_rr, error_rdf); - ldns_rr_push_rdf(tsig_rr, other_data_rdf); - - ldns_pkt_set_tsig(pkt, tsig_rr); - - return status; - - clean: - LDNS_FREE(pkt_wire); - ldns_rdf_free(key_name_rdf); - ldns_rdf_free(algorithm_rdf); - ldns_rdf_free(time_signed_rdf); - ldns_rdf_free(fudge_rdf); - ldns_rdf_free(orig_id_rdf); - ldns_rdf_free(error_rdf); - ldns_rdf_free(other_data_rdf); - return status; -} -#endif /* HAVE_SSL */ diff --git a/src/ldns/update.c b/src/ldns/update.c deleted file mode 100644 index 74e9d19..0000000 --- a/src/ldns/update.c +++ /dev/null @@ -1,325 +0,0 @@ -/* update.c - * - * Functions for RFC 2136 Dynamic Update - * - * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. - * - * See LICENSE for the license. - */ - -#include - -#include - -#include -#include -#include - -/* - * RFC 2136 sections mapped to RFC 1035: - * zone/ZO -- QD/question - * prerequisites/PR -- AN/answers - * updates/UP -- NS/authority records - * additional data/AD -- AR/additional records - */ - -ldns_pkt * -ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class c, - ldns_rr_list *pr_rrlist, ldns_rr_list *up_rrlist, ldns_rr_list *ad_rrlist) -{ - ldns_pkt *p; - - if (!zone_rdf || !up_rrlist) { - return NULL; - } - - if (c == 0) { - c = LDNS_RR_CLASS_IN; - } - - /* Create packet, fill in Zone Section. */ - p = ldns_pkt_query_new(zone_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); - if (!p) { - return NULL; - } - zone_rdf = NULL; /* No longer safe to use. */ - - ldns_pkt_set_opcode(p, LDNS_PACKET_UPDATE); - - ldns_rr_list_deep_free(p->_authority); - - ldns_pkt_set_authority(p, ldns_rr_list_clone(up_rrlist)); - - ldns_update_set_upcount(p, ldns_rr_list_rr_count(up_rrlist)); - - if (pr_rrlist) { - ldns_rr_list_deep_free(p->_answer); /*XXX access function */ - ldns_pkt_set_answer(p, ldns_rr_list_clone(pr_rrlist)); - ldns_update_set_prcount(p, ldns_rr_list_rr_count(pr_rrlist)); - } - - if (ad_rrlist) { - ldns_rr_list_deep_free(p->_additional); - ldns_pkt_set_additional(p, ldns_rr_list_clone(ad_rrlist)); - ldns_update_set_adcount(p, ldns_rr_list_rr_count(ad_rrlist)); - } - return p; -} - -ldns_status -ldns_update_pkt_tsig_add(ldns_pkt *p, ldns_resolver *r) -{ -#ifdef HAVE_SSL - uint16_t fudge = 300; /* Recommended fudge. [RFC2845 6.4] */ - if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r)) - return ldns_pkt_tsig_sign(p, ldns_resolver_tsig_keyname(r), - ldns_resolver_tsig_keydata(r), fudge, - ldns_resolver_tsig_algorithm(r), NULL); -#else - /* do nothing */ - (void)p; - (void)r; -#endif /* HAVE_SSL */ - /* No TSIG to do. */ - return LDNS_STATUS_OK; -} - -/* Move to higher.c or similar? */ -/* XXX doc */ -ldns_status -ldns_update_soa_mname(ldns_rdf *zone, ldns_resolver *r, - ldns_rr_class c, ldns_rdf **mname) -{ - ldns_rr *soa_rr; - ldns_pkt *query, *resp; - - /* Nondestructive, so clone 'zone' here */ - query = ldns_pkt_query_new(ldns_rdf_clone(zone), LDNS_RR_TYPE_SOA, - c, LDNS_RD); - if (!query) { - return LDNS_STATUS_ERR; - } - - ldns_pkt_set_random_id(query); - if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { - ldns_pkt_free(query); - return LDNS_STATUS_ERR; - } - ldns_pkt_free(query); - if (!resp) { - return LDNS_STATUS_ERR; - } - - /* Expect a SOA answer. */ - *mname = NULL; - while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_answer(resp)))) { - if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA - || ldns_rr_rdf(soa_rr, 0) == NULL) - continue; - /* [RFC1035 3.3.13] */ - *mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); - break; - } - ldns_pkt_free(resp); - - return *mname ? LDNS_STATUS_OK : LDNS_STATUS_ERR; -} - -/* Try to get zone and MNAME from SOA queries. */ -ldns_status -ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r, - ldns_rr_class c, ldns_rdf **zone_rdf, ldns_rdf **mname_rdf) -{ - ldns_rr *soa_rr, *rr; - ldns_rdf *soa_zone = NULL, *soa_mname = NULL; - ldns_rdf *ipaddr, *fqdn_rdf, *tmp; - ldns_rdf **nslist; - ldns_pkt *query, *resp; - ldns_resolver *tmp_r; - size_t i; - - /* - * XXX Ok, this cannot be the best way to find this...? - * XXX (I run into weird cache-related stuff here) - */ - - /* Step 1 - first find a nameserver that should know *something* */ - fqdn_rdf = ldns_dname_new_frm_str(fqdn); - query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); - if (!query) { - return LDNS_STATUS_ERR; - } - fqdn_rdf = NULL; - - ldns_pkt_set_random_id(query); - if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { - ldns_pkt_free(query); - return LDNS_STATUS_ERR; - } - ldns_pkt_free(query); - if (!resp) { - return LDNS_STATUS_ERR; - } - - /* XXX Is it safe to only look in authority section here? */ - while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_authority(resp)))) { - if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA - || ldns_rr_rdf(soa_rr, 0) == NULL) - continue; - /* [RFC1035 3.3.13] */ - soa_mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); - break; - } - ldns_pkt_free(resp); - if (!soa_rr) { - return LDNS_STATUS_ERR; - } - - /* Step 2 - find SOA MNAME IP address, add to resolver */ - query = ldns_pkt_query_new(soa_mname, LDNS_RR_TYPE_A, c, LDNS_RD); - if (!query) { - return LDNS_STATUS_ERR; - } - soa_mname = NULL; - - ldns_pkt_set_random_id(query); - if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { - ldns_pkt_free(query); - return LDNS_STATUS_ERR; - } - ldns_pkt_free(query); - if (!resp) { - return LDNS_STATUS_ERR; - } - - if (ldns_pkt_ancount(resp) == 0) { - ldns_pkt_free(resp); - return LDNS_STATUS_ERR; - } - - /* XXX There may be more than one answer RR here. */ - rr = ldns_rr_list_pop_rr(ldns_pkt_answer(resp)); - ipaddr = ldns_rr_rdf(rr, 0); - - /* Put the SOA mname IP first in the nameserver list. */ - if (!(tmp_r = ldns_resolver_clone(r))) { - return LDNS_STATUS_MEM_ERR; - } - nslist = ldns_resolver_nameservers(tmp_r); - for (i = 0; i < ldns_resolver_nameserver_count(tmp_r); i++) { - if (ldns_rdf_compare(ipaddr, nslist[i]) == 0) { - if (i) { - tmp = nslist[0]; - nslist[0] = nslist[i]; - nslist[i] = tmp; - } - break; - } - } - if (i >= ldns_resolver_nameserver_count(tmp_r)) { - /* SOA mname was not part of the resolver so add it first. */ - (void) ldns_resolver_push_nameserver(tmp_r, ipaddr); - nslist = ldns_resolver_nameservers(tmp_r); - i = ldns_resolver_nameserver_count(tmp_r) - 1; - tmp = nslist[0]; - nslist[0] = nslist[i]; - nslist[i] = tmp; - } - ldns_pkt_free(resp); - - /* Make sure to ask the first in the list, i.e SOA mname */ - ldns_resolver_set_random(tmp_r, false); - - /* Step 3 - Redo SOA query, sending to SOA MNAME directly. */ - fqdn_rdf = ldns_dname_new_frm_str(fqdn); - query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); - if (!query) { - ldns_resolver_free(tmp_r); - return LDNS_STATUS_ERR; - } - fqdn_rdf = NULL; - - ldns_pkt_set_random_id(query); - if (ldns_resolver_send_pkt(&resp, tmp_r, query) != LDNS_STATUS_OK) { - ldns_pkt_free(query); - ldns_resolver_free(tmp_r); - return LDNS_STATUS_ERR; - } - ldns_resolver_free(tmp_r); - ldns_pkt_free(query); - if (!resp) { - return LDNS_STATUS_ERR; - } - - /* XXX Is it safe to only look in authority section here, too? */ - while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_authority(resp)))) { - if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA - || ldns_rr_rdf(soa_rr, 0) == NULL) - continue; - /* [RFC1035 3.3.13] */ - soa_mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); - soa_zone = ldns_rdf_clone(ldns_rr_owner(soa_rr)); - break; - } - ldns_pkt_free(resp); - if (!soa_rr) { - return LDNS_STATUS_ERR; - } - - /* That seems to have worked, pass results to caller. */ - *zone_rdf = soa_zone; - *mname_rdf = soa_mname; - return LDNS_STATUS_OK; -} - -/* - * ldns_update_{get,set}_{zo,pr,up,ad}count - */ - -uint16_t -ldns_update_zocount(const ldns_pkt *p) -{ - return ldns_pkt_qdcount(p); -} - -uint16_t -ldns_update_prcount(const ldns_pkt *p) -{ - return ldns_pkt_ancount(p); -} - -uint16_t -ldns_update_upcount(const ldns_pkt *p) -{ - return ldns_pkt_nscount(p); -} - -uint16_t -ldns_update_ad(const ldns_pkt *p) -{ - return ldns_pkt_arcount(p); -} - -void -ldns_update_set_zo(ldns_pkt *p, uint16_t v) -{ - ldns_pkt_set_qdcount(p, v); -} - -void -ldns_update_set_prcount(ldns_pkt *p, uint16_t v) -{ - ldns_pkt_set_ancount(p, v); -} - -void -ldns_update_set_upcount(ldns_pkt *p, uint16_t v) -{ - ldns_pkt_set_nscount(p, v); -} - -void -ldns_update_set_adcount(ldns_pkt *p, uint16_t v) -{ - ldns_pkt_set_arcount(p, v); -} diff --git a/src/ldns/util.c b/src/ldns/util.c deleted file mode 100644 index 33060d9..0000000 --- a/src/ldns/util.c +++ /dev/null @@ -1,773 +0,0 @@ -/* - * util.c - * - * some general memory functions - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ - -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#ifdef HAVE_SSL -#include -#endif - -ldns_lookup_table * -ldns_lookup_by_name(ldns_lookup_table *table, const char *name) -{ - while (table->name != NULL) { - if (strcasecmp(name, table->name) == 0) - return table; - table++; - } - return NULL; -} - -ldns_lookup_table * -ldns_lookup_by_id(ldns_lookup_table *table, int id) -{ - while (table->name != NULL) { - if (table->id == id) - return table; - table++; - } - return NULL; -} - -int -ldns_get_bit(uint8_t bits[], size_t index) -{ - /* - * The bits are counted from left to right, so bit #0 is the - * left most bit. - */ - return (int) (bits[index / 8] & (1 << (7 - index % 8))); -} - -int -ldns_get_bit_r(uint8_t bits[], size_t index) -{ - /* - * The bits are counted from right to left, so bit #0 is the - * right most bit. - */ - return (int) bits[index / 8] & (1 << (index % 8)); -} - -void -ldns_set_bit(uint8_t *byte, int bit_nr, bool value) -{ - /* - * The bits are counted from right to left, so bit #0 is the - * right most bit. - */ - if (bit_nr >= 0 && bit_nr < 8) { - if (value) { - *byte = *byte | (0x01 << bit_nr); - } else { - *byte = *byte & ~(0x01 << bit_nr); - } - } -} - -int -ldns_hexdigit_to_int(char ch) -{ - switch (ch) { - case '0': return 0; - case '1': return 1; - case '2': return 2; - case '3': return 3; - case '4': return 4; - case '5': return 5; - case '6': return 6; - case '7': return 7; - case '8': return 8; - case '9': return 9; - case 'a': case 'A': return 10; - case 'b': case 'B': return 11; - case 'c': case 'C': return 12; - case 'd': case 'D': return 13; - case 'e': case 'E': return 14; - case 'f': case 'F': return 15; - default: - return -1; - } -} - -char -ldns_int_to_hexdigit(int i) -{ - switch (i) { - case 0: return '0'; - case 1: return '1'; - case 2: return '2'; - case 3: return '3'; - case 4: return '4'; - case 5: return '5'; - case 6: return '6'; - case 7: return '7'; - case 8: return '8'; - case 9: return '9'; - case 10: return 'a'; - case 11: return 'b'; - case 12: return 'c'; - case 13: return 'd'; - case 14: return 'e'; - case 15: return 'f'; - default: - abort(); - } -} - -int -ldns_hexstring_to_data(uint8_t *data, const char *str) -{ - size_t i; - - if (!str || !data) { - return -1; - } - - if (strlen(str) % 2 != 0) { - return -2; - } - - for (i = 0; i < strlen(str) / 2; i++) { - data[i] = - 16 * (uint8_t) ldns_hexdigit_to_int(str[i*2]) + - (uint8_t) ldns_hexdigit_to_int(str[i*2 + 1]); - } - - return (int) i; -} - -const char * -ldns_version(void) -{ - return (char*)LDNS_VERSION; -} - -/* Number of days per month (except for February in leap years). */ -static const int mdays[] = { - 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 -}; - -#define LDNS_MOD(x,y) (((x) % (y) < 0) ? ((x) % (y) + (y)) : ((x) % (y))) -#define LDNS_DIV(x,y) (((x) % (y) < 0) ? ((x) / (y) - 1 ) : ((x) / (y))) - -static int -is_leap_year(int year) -{ - return LDNS_MOD(year, 4) == 0 && (LDNS_MOD(year, 100) != 0 - || LDNS_MOD(year, 400) == 0); -} - -static int -leap_days(int y1, int y2) -{ - --y1; - --y2; - return (LDNS_DIV(y2, 4) - LDNS_DIV(y1, 4)) - - (LDNS_DIV(y2, 100) - LDNS_DIV(y1, 100)) + - (LDNS_DIV(y2, 400) - LDNS_DIV(y1, 400)); -} - -/* - * Code adapted from Python 2.4.1 sources (Lib/calendar.py). - */ -time_t -ldns_mktime_from_utc(const struct tm *tm) -{ - int year = 1900 + tm->tm_year; - time_t days = 365 * ((time_t) year - 1970) + leap_days(1970, year); - time_t hours; - time_t minutes; - time_t seconds; - int i; - - for (i = 0; i < tm->tm_mon; ++i) { - days += mdays[i]; - } - if (tm->tm_mon > 1 && is_leap_year(year)) { - ++days; - } - days += tm->tm_mday - 1; - - hours = days * 24 + tm->tm_hour; - minutes = hours * 60 + tm->tm_min; - seconds = minutes * 60 + tm->tm_sec; - - return seconds; -} - -time_t -mktime_from_utc(const struct tm *tm) -{ - return ldns_mktime_from_utc(tm); -} - -#if SIZEOF_TIME_T <= 4 - -static void -ldns_year_and_yday_from_days_since_epoch(int64_t days, struct tm *result) -{ - int year = 1970; - int new_year; - - while (days < 0 || days >= (int64_t) (is_leap_year(year) ? 366 : 365)) { - new_year = year + (int) LDNS_DIV(days, 365); - days -= (new_year - year) * 365; - days -= leap_days(year, new_year); - year = new_year; - } - result->tm_year = year; - result->tm_yday = (int) days; -} - -/* Number of days per month in a leap year. */ -static const int leap_year_mdays[] = { - 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 -}; - -static void -ldns_mon_and_mday_from_year_and_yday(struct tm *result) -{ - int idays = result->tm_yday; - const int *mon_lengths = is_leap_year(result->tm_year) ? - leap_year_mdays : mdays; - - result->tm_mon = 0; - while (idays >= mon_lengths[result->tm_mon]) { - idays -= mon_lengths[result->tm_mon++]; - } - result->tm_mday = idays + 1; -} - -static void -ldns_wday_from_year_and_yday(struct tm *result) -{ - result->tm_wday = 4 /* 1-1-1970 was a thursday */ - + LDNS_MOD((result->tm_year - 1970), 7) * LDNS_MOD(365, 7) - + leap_days(1970, result->tm_year) - + result->tm_yday; - result->tm_wday = LDNS_MOD(result->tm_wday, 7); - if (result->tm_wday < 0) { - result->tm_wday += 7; - } -} - -static struct tm * -ldns_gmtime64_r(int64_t clock, struct tm *result) -{ - result->tm_isdst = 0; - result->tm_sec = (int) LDNS_MOD(clock, 60); - clock = LDNS_DIV(clock, 60); - result->tm_min = (int) LDNS_MOD(clock, 60); - clock = LDNS_DIV(clock, 60); - result->tm_hour = (int) LDNS_MOD(clock, 24); - clock = LDNS_DIV(clock, 24); - - ldns_year_and_yday_from_days_since_epoch(clock, result); - ldns_mon_and_mday_from_year_and_yday(result); - ldns_wday_from_year_and_yday(result); - result->tm_year -= 1900; - - return result; -} - -#endif /* SIZEOF_TIME_T <= 4 */ - -static int64_t -ldns_serial_arithmitics_time(int32_t time, time_t now) -{ - int32_t offset = time - (int32_t) now; - return (int64_t) now + offset; -} - - -struct tm * -ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result) -{ -#if SIZEOF_TIME_T <= 4 - int64_t secs_since_epoch = ldns_serial_arithmitics_time(time, now); - return ldns_gmtime64_r(secs_since_epoch, result); -#else - time_t secs_since_epoch = ldns_serial_arithmitics_time(time, now); - return gmtime_r(&secs_since_epoch, result); -#endif -} - -/** - * Init the random source - * applications should call this if they need entropy data within ldns - * If openSSL is available, it is automatically seeded from /dev/urandom - * or /dev/random - * - * If you need more entropy, or have no openssl available, this function - * MUST be called at the start of the program - * - * If openssl *is* available, this function just adds more entropy - **/ -int -ldns_init_random(FILE *fd, unsigned int size) -{ - /* if fp is given, seed srandom with data from file - otherwise use /dev/urandom */ - FILE *rand_f; - uint8_t *seed; - size_t read = 0; - unsigned int seed_i; - struct timeval tv; - - /* we'll need at least sizeof(unsigned int) bytes for the - standard prng seed */ - if (size < (unsigned int) sizeof(seed_i)){ - size = (unsigned int) sizeof(seed_i); - } - - seed = LDNS_XMALLOC(uint8_t, size); - if(!seed) { - return 1; - } - - if (!fd) { - if ((rand_f = fopen("/dev/urandom", "r")) == NULL) { - /* no readable /dev/urandom, try /dev/random */ - if ((rand_f = fopen("/dev/random", "r")) == NULL) { - /* no readable /dev/random either, and no entropy - source given. we'll have to improvise */ - for (read = 0; read < size; read++) { - gettimeofday(&tv, NULL); - seed[read] = (uint8_t) (tv.tv_usec % 256); - } - } else { - read = fread(seed, 1, size, rand_f); - } - } else { - read = fread(seed, 1, size, rand_f); - } - } else { - rand_f = fd; - read = fread(seed, 1, size, rand_f); - } - - if (read < size) { - LDNS_FREE(seed); - if (!fd) fclose(rand_f); - return 1; - } else { -#ifdef HAVE_SSL - /* Seed the OpenSSL prng (most systems have it seeded - automatically, in that case this call just adds entropy */ - RAND_seed(seed, (int) size); -#else - /* Seed the standard prng, only uses the first - * unsigned sizeof(unsiged int) bytes found in the entropy pool - */ - memcpy(&seed_i, seed, sizeof(seed_i)); - srandom(seed_i); -#endif - LDNS_FREE(seed); - } - - if (!fd) { - if (rand_f) fclose(rand_f); - } - - return 0; -} - -/** - * Get random number. - * - */ -uint16_t -ldns_get_random(void) -{ - uint16_t rid = 0; -#ifdef HAVE_SSL - if (RAND_bytes((unsigned char*)&rid, 2) != 1) { - rid = (uint16_t) random(); - } -#else - rid = (uint16_t) random(); -#endif - return rid; -} - -/* - * BubbleBabble code taken from OpenSSH - * Copyright (c) 2001 Carsten Raskgaard. All rights reserved. - */ -char * -ldns_bubblebabble(uint8_t *data, size_t len) -{ - char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; - char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', - 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' }; - size_t i, j = 0, rounds, seed = 1; - char *retval; - - rounds = (len / 2) + 1; - retval = LDNS_XMALLOC(char, rounds * 6); - if(!retval) return NULL; - retval[j++] = 'x'; - for (i = 0; i < rounds; i++) { - size_t idx0, idx1, idx2, idx3, idx4; - if ((i + 1 < rounds) || (len % 2 != 0)) { - idx0 = (((((size_t)(data[2 * i])) >> 6) & 3) + - seed) % 6; - idx1 = (((size_t)(data[2 * i])) >> 2) & 15; - idx2 = ((((size_t)(data[2 * i])) & 3) + - (seed / 6)) % 6; - retval[j++] = vowels[idx0]; - retval[j++] = consonants[idx1]; - retval[j++] = vowels[idx2]; - if ((i + 1) < rounds) { - idx3 = (((size_t)(data[(2 * i) + 1])) >> 4) & 15; - idx4 = (((size_t)(data[(2 * i) + 1]))) & 15; - retval[j++] = consonants[idx3]; - retval[j++] = '-'; - retval[j++] = consonants[idx4]; - seed = ((seed * 5) + - ((((size_t)(data[2 * i])) * 7) + - ((size_t)(data[(2 * i) + 1])))) % 36; - } - } else { - idx0 = seed % 6; - idx1 = 16; - idx2 = seed / 6; - retval[j++] = vowels[idx0]; - retval[j++] = consonants[idx1]; - retval[j++] = vowels[idx2]; - } - } - retval[j++] = 'x'; - retval[j++] = '\0'; - return retval; -} - -/* - * For backwards compatibility, because we have always exported this symbol. - */ -#ifdef HAVE_B64_NTOP -int ldns_b64_ntop(const uint8_t* src, size_t srclength, - char *target, size_t targsize); -{ - return b64_ntop(src, srclength, target, targsize); -} -#endif - -/* - * For backwards compatibility, because we have always exported this symbol. - */ -#ifdef HAVE_B64_PTON -int ldns_b64_pton(const char* src, uint8_t *target, size_t targsize) -{ - return b64_pton(src, target, targsize); -} -#endif - - -static int -ldns_b32_ntop_base(const uint8_t* src, size_t src_sz, - char* dst, size_t dst_sz, - bool extended_hex, bool add_padding) -{ - size_t ret_sz; - const char* b32 = extended_hex ? "0123456789abcdefghijklmnopqrstuv" - : "abcdefghijklmnopqrstuvwxyz234567"; - - size_t c = 0; /* c is used to carry partial base32 character over - * byte boundaries for sizes with a remainder. - * (i.e. src_sz % 5 != 0) - */ - - ret_sz = add_padding ? ldns_b32_ntop_calculate_size(src_sz) - : ldns_b32_ntop_calculate_size_no_padding(src_sz); - - /* Do we have enough space? */ - if (dst_sz < ret_sz + 1) - return -1; - - /* We know the size; terminate the string */ - dst[ret_sz] = '\0'; - - /* First process all chunks of five */ - while (src_sz >= 5) { - /* 00000... ........ ........ ........ ........ */ - dst[0] = b32[(src[0] ) >> 3]; - - /* .....111 11...... ........ ........ ........ */ - dst[1] = b32[(src[0] & 0x07) << 2 | src[1] >> 6]; - - /* ........ ..22222. ........ ........ ........ */ - dst[2] = b32[(src[1] & 0x3e) >> 1]; - - /* ........ .......3 3333.... ........ ........ */ - dst[3] = b32[(src[1] & 0x01) << 4 | src[2] >> 4]; - - /* ........ ........ ....4444 4....... ........ */ - dst[4] = b32[(src[2] & 0x0f) << 1 | src[3] >> 7]; - - /* ........ ........ ........ .55555.. ........ */ - dst[5] = b32[(src[3] & 0x7c) >> 2]; - - /* ........ ........ ........ ......66 666..... */ - dst[6] = b32[(src[3] & 0x03) << 3 | src[4] >> 5]; - - /* ........ ........ ........ ........ ...77777 */ - dst[7] = b32[(src[4] & 0x1f) ]; - - src_sz -= 5; - src += 5; - dst += 8; - } - /* Process what remains */ - switch (src_sz) { - case 4: /* ........ ........ ........ ......66 666..... */ - dst[6] = b32[(src[3] & 0x03) << 3]; - - /* ........ ........ ........ .55555.. ........ */ - dst[5] = b32[(src[3] & 0x7c) >> 2]; - - /* ........ ........ ....4444 4....... ........ */ - c = src[3] >> 7 ; - case 3: dst[4] = b32[(src[2] & 0x0f) << 1 | c]; - - /* ........ .......3 3333.... ........ ........ */ - c = src[2] >> 4 ; - case 2: dst[3] = b32[(src[1] & 0x01) << 4 | c]; - - /* ........ ..22222. ........ ........ ........ */ - dst[2] = b32[(src[1] & 0x3e) >> 1]; - - /* .....111 11...... ........ ........ ........ */ - c = src[1] >> 6 ; - case 1: dst[1] = b32[(src[0] & 0x07) << 2 | c]; - - /* 00000... ........ ........ ........ ........ */ - dst[0] = b32[ src[0] >> 3]; - } - /* Add padding */ - if (add_padding) { - switch (src_sz) { - case 1: dst[2] = '='; - dst[3] = '='; - case 2: dst[4] = '='; - case 3: dst[5] = '='; - dst[6] = '='; - case 4: dst[7] = '='; - } - } - return (int)ret_sz; -} - -int -ldns_b32_ntop(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz) -{ - return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, false, true); -} - -int -ldns_b32_ntop_extended_hex(const uint8_t* src, size_t src_sz, - char* dst, size_t dst_sz) -{ - return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, true, true); -} - -#ifndef HAVE_B32_NTOP - -int -b32_ntop(const uint8_t* src, size_t src_sz, char* dst, size_t dst_sz) -{ - return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, false, true); -} - -int -b32_ntop_extended_hex(const uint8_t* src, size_t src_sz, - char* dst, size_t dst_sz) -{ - return ldns_b32_ntop_base(src, src_sz, dst, dst_sz, true, true); -} - -#endif /* ! HAVE_B32_NTOP */ - -static int -ldns_b32_pton_base(const char* src, size_t src_sz, - uint8_t* dst, size_t dst_sz, - bool extended_hex, bool check_padding) -{ - size_t i = 0; - char ch = '\0'; - uint8_t buf[8]; - uint8_t* start = dst; - - while (src_sz) { - /* Collect 8 characters in buf (if possible) */ - for (i = 0; i < 8; i++) { - - do { - ch = *src++; - --src_sz; - - } while (isspace(ch) && src_sz > 0); - - if (ch == '=' || ch == '\0') - break; - - else if (extended_hex) - - if (ch >= '0' && ch <= '9') - buf[i] = (uint8_t)ch - '0'; - else if (ch >= 'a' && ch <= 'v') - buf[i] = (uint8_t)ch - 'a' + 10; - else if (ch >= 'A' && ch <= 'V') - buf[i] = (uint8_t)ch - 'A' + 10; - else - return -1; - - else if (ch >= 'a' && ch <= 'z') - buf[i] = (uint8_t)ch - 'a'; - else if (ch >= 'A' && ch <= 'Z') - buf[i] = (uint8_t)ch - 'A'; - else if (ch >= '2' && ch <= '7') - buf[i] = (uint8_t)ch - '2' + 26; - else - return -1; - } - /* Less that 8 characters. We're done. */ - if (i < 8) - break; - - /* Enough space available at the destination? */ - if (dst_sz < 5) - return -1; - - /* 00000... ........ ........ ........ ........ */ - /* .....111 11...... ........ ........ ........ */ - dst[0] = buf[0] << 3 | buf[1] >> 2; - - /* .....111 11...... ........ ........ ........ */ - /* ........ ..22222. ........ ........ ........ */ - /* ........ .......3 3333.... ........ ........ */ - dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4; - - /* ........ .......3 3333.... ........ ........ */ - /* ........ ........ ....4444 4....... ........ */ - dst[2] = buf[3] << 4 | buf[4] >> 1; - - /* ........ ........ ....4444 4....... ........ */ - /* ........ ........ ........ .55555.. ........ */ - /* ........ ........ ........ ......66 666..... */ - dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3; - - /* ........ ........ ........ ......66 666..... */ - /* ........ ........ ........ ........ ...77777 */ - dst[4] = buf[6] << 5 | buf[7]; - - dst += 5; - dst_sz -= 5; - } - /* Not ending on a eight byte boundary? */ - if (i > 0 && i < 8) { - - /* Enough space available at the destination? */ - if (dst_sz < (i + 1) / 2) - return -1; - - switch (i) { - case 7: /* ........ ........ ........ ......66 666..... */ - /* ........ ........ ........ .55555.. ........ */ - /* ........ ........ ....4444 4....... ........ */ - dst[3] = buf[4] << 7 | buf[5] << 2 | buf[6] >> 3; - - case 5: /* ........ ........ ....4444 4....... ........ */ - /* ........ .......3 3333.... ........ ........ */ - dst[2] = buf[3] << 4 | buf[4] >> 1; - - case 4: /* ........ .......3 3333.... ........ ........ */ - /* ........ ..22222. ........ ........ ........ */ - /* .....111 11...... ........ ........ ........ */ - dst[1] = buf[1] << 6 | buf[2] << 1 | buf[3] >> 4; - - case 2: /* .....111 11...... ........ ........ ........ */ - /* 00000... ........ ........ ........ ........ */ - dst[0] = buf[0] << 3 | buf[1] >> 2; - - break; - - default: - return -1; - } - dst += (i + 1) / 2; - - if (check_padding) { - /* Check remaining padding characters */ - if (ch != '=') - return -1; - - /* One down, 8 - i - 1 more to come... */ - for (i = 8 - i - 1; i > 0; i--) { - - do { - if (src_sz == 0) - return -1; - ch = *src++; - src_sz--; - - } while (isspace(ch)); - - if (ch != '=') - return -1; - } - } - } - return dst - start; -} - -int -ldns_b32_pton(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz) -{ - return ldns_b32_pton_base(src, src_sz, dst, dst_sz, false, true); -} - -int -ldns_b32_pton_extended_hex(const char* src, size_t src_sz, - uint8_t* dst, size_t dst_sz) -{ - return ldns_b32_pton_base(src, src_sz, dst, dst_sz, true, true); -} - -#ifndef HAVE_B32_PTON - -int -b32_pton(const char* src, size_t src_sz, uint8_t* dst, size_t dst_sz) -{ - return ldns_b32_pton_base(src, src_sz, dst, dst_sz, false, true); -} - -int -b32_pton_extended_hex(const char* src, size_t src_sz, - uint8_t* dst, size_t dst_sz) -{ - return ldns_b32_pton_base(src, src_sz, dst, dst_sz, true, true); -} - -#endif /* ! HAVE_B32_PTON */ - diff --git a/src/ldns/wire2host.c b/src/ldns/wire2host.c deleted file mode 100644 index e492215..0000000 --- a/src/ldns/wire2host.c +++ /dev/null @@ -1,491 +0,0 @@ -/* - * wire2host.c - * - * conversion routines from the wire to the host - * format. - * This will usually just a re-ordering of the - * data (as we store it in network format) - * - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ - - -#include - -#include -/*#include */ - -#include -#include - - - -/* - * Set of macro's to deal with the dns message header as specified - * in RFC1035 in portable way. - * - */ - -/* - * - * 1 1 1 1 1 1 - * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 - * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - * | ID | - * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - * |QR| Opcode |AA|TC|RD|RA| Z|AD|CD| RCODE | - * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - * | QDCOUNT | - * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - * | ANCOUNT | - * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - * | NSCOUNT | - * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - * | ARCOUNT | - * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ - * - */ - - -/* allocates memory to *dname! */ -ldns_status -ldns_wire2dname(ldns_rdf **dname, const uint8_t *wire, size_t max, size_t *pos) -{ - uint8_t label_size; - uint16_t pointer_target; - uint8_t pointer_target_buf[2]; - size_t dname_pos = 0; - size_t uncompressed_length = 0; - size_t compression_pos = 0; - uint8_t tmp_dname[LDNS_MAX_DOMAINLEN]; - unsigned int pointer_count = 0; - - if (pos == NULL) { - return LDNS_STATUS_WIRE_RDATA_ERR; - } - if (*pos >= max) { - return LDNS_STATUS_PACKET_OVERFLOW; - } - label_size = wire[*pos]; - while (label_size > 0) { - /* compression */ - while (label_size >= 192) { - if (compression_pos == 0) { - compression_pos = *pos + 2; - } - - pointer_count++; - - /* remove first two bits */ - if (*pos + 2 > max) { - return LDNS_STATUS_PACKET_OVERFLOW; - } - pointer_target_buf[0] = wire[*pos] & 63; - pointer_target_buf[1] = wire[*pos + 1]; - pointer_target = ldns_read_uint16(pointer_target_buf); - - if (pointer_target == 0) { - return LDNS_STATUS_INVALID_POINTER; - } else if (pointer_target >= max) { - return LDNS_STATUS_INVALID_POINTER; - } else if (pointer_count > LDNS_MAX_POINTERS) { - return LDNS_STATUS_INVALID_POINTER; - } - *pos = pointer_target; - label_size = wire[*pos]; - } - if(label_size == 0) - break; /* break from pointer to 0 byte */ - if (label_size > LDNS_MAX_LABELLEN) { - return LDNS_STATUS_LABEL_OVERFLOW; - } - if (*pos + 1 + label_size > max) { - return LDNS_STATUS_LABEL_OVERFLOW; - } - - /* check space for labelcount itself */ - if (dname_pos + 1 > LDNS_MAX_DOMAINLEN) { - return LDNS_STATUS_DOMAINNAME_OVERFLOW; - } - tmp_dname[dname_pos] = label_size; - if (label_size > 0) { - dname_pos++; - } - *pos = *pos + 1; - if (dname_pos + label_size > LDNS_MAX_DOMAINLEN) { - return LDNS_STATUS_DOMAINNAME_OVERFLOW; - } - memcpy(&tmp_dname[dname_pos], &wire[*pos], label_size); - uncompressed_length += label_size + 1; - dname_pos += label_size; - *pos = *pos + label_size; - - if (*pos < max) { - label_size = wire[*pos]; - } - } - - if (compression_pos > 0) { - *pos = compression_pos; - } else { - *pos = *pos + 1; - } - - if (dname_pos >= LDNS_MAX_DOMAINLEN) { - return LDNS_STATUS_DOMAINNAME_OVERFLOW; - } - - tmp_dname[dname_pos] = 0; - dname_pos++; - - *dname = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, - (uint16_t) dname_pos, tmp_dname); - if (!*dname) { - return LDNS_STATUS_MEM_ERR; - } - return LDNS_STATUS_OK; -} - -/* maybe make this a goto error so data can be freed or something/ */ -#define LDNS_STATUS_CHECK_RETURN(st) {if (st != LDNS_STATUS_OK) { return st; }} -#define LDNS_STATUS_CHECK_GOTO(st, label) {if (st != LDNS_STATUS_OK) { /*printf("STG %s:%d: status code %d\n", __FILE__, __LINE__, st);*/ goto label; }} - -ldns_status -ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos) -{ - size_t end; - size_t cur_rdf_length; - uint8_t rdf_index; - uint8_t *data; - uint16_t rd_length; - ldns_rdf *cur_rdf = NULL; - ldns_rdf_type cur_rdf_type; - const ldns_rr_descriptor *descriptor; - ldns_status status; - - assert(rr != NULL); - - descriptor = ldns_rr_descript(ldns_rr_get_type(rr)); - - if (*pos + 2 > max) { - return LDNS_STATUS_PACKET_OVERFLOW; - } - - rd_length = ldns_read_uint16(&wire[*pos]); - *pos = *pos + 2; - - if (*pos + rd_length > max) { - return LDNS_STATUS_PACKET_OVERFLOW; - } - - end = *pos + (size_t) rd_length; - - rdf_index = 0; - while (*pos < end && - rdf_index < ldns_rr_descriptor_maximum(descriptor)) { - - cur_rdf_length = 0; - - cur_rdf_type = ldns_rr_descriptor_field_type( - descriptor, rdf_index); - - /* handle special cases immediately, set length - for fixed length rdata and do them below */ - switch (cur_rdf_type) { - case LDNS_RDF_TYPE_DNAME: - status = ldns_wire2dname(&cur_rdf, wire, max, pos); - LDNS_STATUS_CHECK_RETURN(status); - break; - case LDNS_RDF_TYPE_CLASS: - case LDNS_RDF_TYPE_ALG: - case LDNS_RDF_TYPE_CERTIFICATE_USAGE: - case LDNS_RDF_TYPE_SELECTOR: - case LDNS_RDF_TYPE_MATCHING_TYPE: - case LDNS_RDF_TYPE_INT8: - cur_rdf_length = LDNS_RDF_SIZE_BYTE; - break; - case LDNS_RDF_TYPE_TYPE: - case LDNS_RDF_TYPE_INT16: - case LDNS_RDF_TYPE_CERT_ALG: - cur_rdf_length = LDNS_RDF_SIZE_WORD; - break; - case LDNS_RDF_TYPE_TIME: - case LDNS_RDF_TYPE_INT32: - case LDNS_RDF_TYPE_A: - case LDNS_RDF_TYPE_PERIOD: - cur_rdf_length = LDNS_RDF_SIZE_DOUBLEWORD; - break; - case LDNS_RDF_TYPE_TSIGTIME: - case LDNS_RDF_TYPE_EUI48: - cur_rdf_length = LDNS_RDF_SIZE_6BYTES; - break; - case LDNS_RDF_TYPE_ILNP64: - case LDNS_RDF_TYPE_EUI64: - cur_rdf_length = LDNS_RDF_SIZE_8BYTES; - break; - case LDNS_RDF_TYPE_AAAA: - cur_rdf_length = LDNS_RDF_SIZE_16BYTES; - break; - case LDNS_RDF_TYPE_STR: - case LDNS_RDF_TYPE_NSEC3_SALT: - case LDNS_RDF_TYPE_TAG: - /* len is stored in first byte - * it should be in the rdf too, so just - * copy len+1 from this position - */ - cur_rdf_length = ((size_t) wire[*pos]) + 1; - break; - - case LDNS_RDF_TYPE_INT16_DATA: - if (*pos + 2 > end) { - return LDNS_STATUS_PACKET_OVERFLOW; - } - cur_rdf_length = - (size_t) ldns_read_uint16(&wire[*pos]) + 2; - break; - case LDNS_RDF_TYPE_HIP: - if (*pos + 4 > end) { - return LDNS_STATUS_PACKET_OVERFLOW; - } - cur_rdf_length = - (size_t) wire[*pos] + - (size_t) ldns_read_uint16(&wire[*pos + 2]) + 4; - break; - case LDNS_RDF_TYPE_B32_EXT: - case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER: - /* length is stored in first byte */ - cur_rdf_length = ((size_t) wire[*pos]) + 1; - break; - case LDNS_RDF_TYPE_APL: - case LDNS_RDF_TYPE_B64: - case LDNS_RDF_TYPE_HEX: - case LDNS_RDF_TYPE_NSEC: - case LDNS_RDF_TYPE_UNKNOWN: - case LDNS_RDF_TYPE_SERVICE: - case LDNS_RDF_TYPE_LOC: - case LDNS_RDF_TYPE_WKS: - case LDNS_RDF_TYPE_NSAP: - case LDNS_RDF_TYPE_ATMA: - case LDNS_RDF_TYPE_IPSECKEY: - case LDNS_RDF_TYPE_LONG_STR: - case LDNS_RDF_TYPE_NONE: - /* - * Read to end of rr rdata - */ - cur_rdf_length = end - *pos; - break; - } - - /* fixed length rdata */ - if (cur_rdf_length > 0) { - if (cur_rdf_length + *pos > end) { - return LDNS_STATUS_PACKET_OVERFLOW; - } - data = LDNS_XMALLOC(uint8_t, rd_length); - if (!data) { - return LDNS_STATUS_MEM_ERR; - } - memcpy(data, &wire[*pos], cur_rdf_length); - - cur_rdf = ldns_rdf_new(cur_rdf_type, - cur_rdf_length, data); - *pos = *pos + cur_rdf_length; - } - - if (cur_rdf) { - ldns_rr_push_rdf(rr, cur_rdf); - cur_rdf = NULL; - } - - rdf_index++; - - } /* while (rdf_index < ldns_rr_descriptor_maximum(descriptor)) */ - - - return LDNS_STATUS_OK; -} - - -/* TODO: - can *pos be incremented at READ_INT? or maybe use something like - RR_CLASS(wire)? - uhhm Jelte?? -*/ -ldns_status -ldns_wire2rr(ldns_rr **rr_p, const uint8_t *wire, size_t max, - size_t *pos, ldns_pkt_section section) -{ - ldns_rdf *owner = NULL; - ldns_rr *rr = ldns_rr_new(); - ldns_status status; - - status = ldns_wire2dname(&owner, wire, max, pos); - LDNS_STATUS_CHECK_GOTO(status, status_error); - - ldns_rr_set_owner(rr, owner); - - if (*pos + 4 > max) { - status = LDNS_STATUS_PACKET_OVERFLOW; - goto status_error; - } - - ldns_rr_set_type(rr, ldns_read_uint16(&wire[*pos])); - *pos = *pos + 2; - - ldns_rr_set_class(rr, ldns_read_uint16(&wire[*pos])); - *pos = *pos + 2; - - if (section != LDNS_SECTION_QUESTION) { - if (*pos + 4 > max) { - status = LDNS_STATUS_PACKET_OVERFLOW; - goto status_error; - } - ldns_rr_set_ttl(rr, ldns_read_uint32(&wire[*pos])); - - *pos = *pos + 4; - status = ldns_wire2rdf(rr, wire, max, pos); - - LDNS_STATUS_CHECK_GOTO(status, status_error); - ldns_rr_set_question(rr, false); - } else { - ldns_rr_set_question(rr, true); - } - - *rr_p = rr; - return LDNS_STATUS_OK; - -status_error: - ldns_rr_free(rr); - return status; -} - -static ldns_status -ldns_wire2pkt_hdr(ldns_pkt *packet, const uint8_t *wire, size_t max, size_t *pos) -{ - if (*pos + LDNS_HEADER_SIZE > max) { - return LDNS_STATUS_WIRE_INCOMPLETE_HEADER; - } else { - ldns_pkt_set_id(packet, LDNS_ID_WIRE(wire)); - ldns_pkt_set_qr(packet, LDNS_QR_WIRE(wire)); - ldns_pkt_set_opcode(packet, LDNS_OPCODE_WIRE(wire)); - ldns_pkt_set_aa(packet, LDNS_AA_WIRE(wire)); - ldns_pkt_set_tc(packet, LDNS_TC_WIRE(wire)); - ldns_pkt_set_rd(packet, LDNS_RD_WIRE(wire)); - ldns_pkt_set_ra(packet, LDNS_RA_WIRE(wire)); - ldns_pkt_set_ad(packet, LDNS_AD_WIRE(wire)); - ldns_pkt_set_cd(packet, LDNS_CD_WIRE(wire)); - ldns_pkt_set_rcode(packet, LDNS_RCODE_WIRE(wire)); - - ldns_pkt_set_qdcount(packet, LDNS_QDCOUNT(wire)); - ldns_pkt_set_ancount(packet, LDNS_ANCOUNT(wire)); - ldns_pkt_set_nscount(packet, LDNS_NSCOUNT(wire)); - ldns_pkt_set_arcount(packet, LDNS_ARCOUNT(wire)); - - *pos += LDNS_HEADER_SIZE; - - return LDNS_STATUS_OK; - } -} - -ldns_status -ldns_buffer2pkt_wire(ldns_pkt **packet, ldns_buffer *buffer) -{ - /* lazy */ - return ldns_wire2pkt(packet, ldns_buffer_begin(buffer), - ldns_buffer_limit(buffer)); - -} - -ldns_status -ldns_wire2pkt(ldns_pkt **packet_p, const uint8_t *wire, size_t max) -{ - size_t pos = 0; - uint16_t i; - ldns_rr *rr; - ldns_pkt *packet = ldns_pkt_new(); - ldns_status status = LDNS_STATUS_OK; - uint8_t have_edns = 0; - - uint8_t data[4]; - - status = ldns_wire2pkt_hdr(packet, wire, max, &pos); - LDNS_STATUS_CHECK_GOTO(status, status_error); - - for (i = 0; i < ldns_pkt_qdcount(packet); i++) { - - status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_QUESTION); - if (status == LDNS_STATUS_PACKET_OVERFLOW) { - status = LDNS_STATUS_WIRE_INCOMPLETE_QUESTION; - } - LDNS_STATUS_CHECK_GOTO(status, status_error); - if (!ldns_rr_list_push_rr(ldns_pkt_question(packet), rr)) { - ldns_pkt_free(packet); - return LDNS_STATUS_INTERNAL_ERR; - } - } - for (i = 0; i < ldns_pkt_ancount(packet); i++) { - status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_ANSWER); - if (status == LDNS_STATUS_PACKET_OVERFLOW) { - status = LDNS_STATUS_WIRE_INCOMPLETE_ANSWER; - } - LDNS_STATUS_CHECK_GOTO(status, status_error); - if (!ldns_rr_list_push_rr(ldns_pkt_answer(packet), rr)) { - ldns_pkt_free(packet); - return LDNS_STATUS_INTERNAL_ERR; - } - } - for (i = 0; i < ldns_pkt_nscount(packet); i++) { - status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_AUTHORITY); - if (status == LDNS_STATUS_PACKET_OVERFLOW) { - status = LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY; - } - LDNS_STATUS_CHECK_GOTO(status, status_error); - if (!ldns_rr_list_push_rr(ldns_pkt_authority(packet), rr)) { - ldns_pkt_free(packet); - return LDNS_STATUS_INTERNAL_ERR; - } - } - for (i = 0; i < ldns_pkt_arcount(packet); i++) { - status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_ADDITIONAL); - if (status == LDNS_STATUS_PACKET_OVERFLOW) { - status = LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL; - } - LDNS_STATUS_CHECK_GOTO(status, status_error); - - if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_OPT) { - ldns_pkt_set_edns_udp_size(packet, ldns_rr_get_class(rr)); - ldns_write_uint32(data, ldns_rr_ttl(rr)); - ldns_pkt_set_edns_extended_rcode(packet, data[0]); - ldns_pkt_set_edns_version(packet, data[1]); - ldns_pkt_set_edns_z(packet, ldns_read_uint16(&data[2])); - /* edns might not have rdfs */ - if (ldns_rr_rdf(rr, 0)) { - ldns_pkt_set_edns_data(packet, ldns_rdf_clone(ldns_rr_rdf(rr, 0))); - } - ldns_rr_free(rr); - have_edns += 1; - } else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_TSIG) { - ldns_pkt_set_tsig(packet, rr); - ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet) - 1); - } else if (!ldns_rr_list_push_rr(ldns_pkt_additional(packet), rr)) { - ldns_pkt_free(packet); - return LDNS_STATUS_INTERNAL_ERR; - } - } - ldns_pkt_set_size(packet, max); - if(have_edns) - ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet) - - have_edns); - packet->_edns_present = have_edns; - - *packet_p = packet; - return status; - -status_error: - ldns_pkt_free(packet); - return status; -} diff --git a/src/ldns/zone.c b/src/ldns/zone.c deleted file mode 100644 index d97a81e..0000000 --- a/src/ldns/zone.c +++ /dev/null @@ -1,318 +0,0 @@ -/* zone.c - * - * Functions for ldns_zone structure - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2005-2006 - * See the file LICENSE for the license - */ -#include - -#include - -#include -#include - -ldns_rr * -ldns_zone_soa(const ldns_zone *z) -{ - return z->_soa; -} - -size_t -ldns_zone_rr_count(const ldns_zone *z) -{ - return ldns_rr_list_rr_count(z->_rrs); -} - -void -ldns_zone_set_soa(ldns_zone *z, ldns_rr *soa) -{ - z->_soa = soa; -} - -ldns_rr_list * -ldns_zone_rrs(const ldns_zone *z) -{ - return z->_rrs; -} - -void -ldns_zone_set_rrs(ldns_zone *z, ldns_rr_list *rrlist) -{ - z->_rrs = rrlist; -} - -bool -ldns_zone_push_rr_list(ldns_zone *z, ldns_rr_list *list) -{ - return ldns_rr_list_cat(ldns_zone_rrs(z), list); - -} - -bool -ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr) -{ - return ldns_rr_list_push_rr( ldns_zone_rrs(z), rr); -} - - -/* - * Get the list of glue records in a zone - * XXX: there should be a way for this to return error, other than NULL, - * since NULL is a valid return - */ -ldns_rr_list * -ldns_zone_glue_rr_list(const ldns_zone *z) -{ - /* when do we find glue? It means we find an IP address - * (AAAA/A) for a nameserver listed in the zone - * - * Alg used here: - * first find all the zonecuts (NS records) - * find all the AAAA or A records (can be done it the - * above loop). - * - * Check if the aaaa/a list are subdomains under the - * NS domains. - * If yes -> glue, if no -> not glue - */ - - ldns_rr_list *zone_cuts; - ldns_rr_list *addr; - ldns_rr_list *glue; - ldns_rr *r, *ns, *a; - ldns_rdf *dname_a, *ns_owner; - size_t i,j; - - zone_cuts = NULL; - addr = NULL; - glue = NULL; - - /* we cannot determine glue in a 'zone' without a SOA */ - if (!ldns_zone_soa(z)) { - return NULL; - } - - zone_cuts = ldns_rr_list_new(); - if (!zone_cuts) goto memory_error; - addr = ldns_rr_list_new(); - if (!addr) goto memory_error; - glue = ldns_rr_list_new(); - if (!glue) goto memory_error; - - for(i = 0; i < ldns_zone_rr_count(z); i++) { - r = ldns_rr_list_rr(ldns_zone_rrs(z), i); - if (ldns_rr_get_type(r) == LDNS_RR_TYPE_A || - ldns_rr_get_type(r) == LDNS_RR_TYPE_AAAA) { - /* possibly glue */ - if (!ldns_rr_list_push_rr(addr, r)) goto memory_error; - continue; - } - if (ldns_rr_get_type(r) == LDNS_RR_TYPE_NS) { - /* multiple zones will end up here - - * for now; not a problem - */ - /* don't add NS records for the current zone itself */ - if (ldns_rdf_compare(ldns_rr_owner(r), - ldns_rr_owner(ldns_zone_soa(z))) != 0) { - if (!ldns_rr_list_push_rr(zone_cuts, r)) goto memory_error; - } - continue; - } - } - - /* will sorting make it quicker ?? */ - for(i = 0; i < ldns_rr_list_rr_count(zone_cuts); i++) { - ns = ldns_rr_list_rr(zone_cuts, i); - ns_owner = ldns_rr_owner(ns); - - for(j = 0; j < ldns_rr_list_rr_count(addr); j++) { - a = ldns_rr_list_rr(addr, j); - dname_a = ldns_rr_owner(a); - - if (ldns_dname_is_subdomain(dname_a, ns_owner) || - ldns_dname_compare(dname_a, ns_owner) == 0) { - /* GLUE! */ - if (!ldns_rr_list_push_rr(glue, a)) goto memory_error; - } - } - } - - ldns_rr_list_free(addr); - ldns_rr_list_free(zone_cuts); - - if (ldns_rr_list_rr_count(glue) == 0) { - ldns_rr_list_free(glue); - return NULL; - } else { - return glue; - } - -memory_error: - if (zone_cuts) { - LDNS_FREE(zone_cuts); - } - if (addr) { - ldns_rr_list_free(addr); - } - if (glue) { - ldns_rr_list_free(glue); - } - return NULL; -} - -ldns_zone * -ldns_zone_new(void) -{ - ldns_zone *z; - - z = LDNS_MALLOC(ldns_zone); - if (!z) { - return NULL; - } - - z->_rrs = ldns_rr_list_new(); - if (!z->_rrs) { - LDNS_FREE(z); - return NULL; - } - ldns_zone_set_soa(z, NULL); - return z; -} - -/* we regocnize: - * $TTL, $ORIGIN - */ -ldns_status -ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c) -{ - return ldns_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL); -} - -/* XXX: class is never used */ -ldns_status -ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, - ldns_rr_class ATTR_UNUSED(c), int *line_nr) -{ - ldns_zone *newzone; - ldns_rr *rr; - uint32_t my_ttl; - ldns_rdf *my_origin; - ldns_rdf *my_prev; - bool soa_seen = false; /* 2 soa are an error */ - ldns_status s; - ldns_status ret; - - /* most cases of error are memory problems */ - ret = LDNS_STATUS_MEM_ERR; - - newzone = NULL; - my_origin = NULL; - my_prev = NULL; - - my_ttl = ttl; - - if (origin) { - my_origin = ldns_rdf_clone(origin); - if (!my_origin) goto error; - /* also set the prev */ - my_prev = ldns_rdf_clone(origin); - if (!my_prev) goto error; - } - - newzone = ldns_zone_new(); - if (!newzone) goto error; - - while(!feof(fp)) { - s = ldns_rr_new_frm_fp_l(&rr, fp, &my_ttl, &my_origin, &my_prev, line_nr); - switch (s) { - case LDNS_STATUS_OK: - if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) { - if (soa_seen) { - /* second SOA - * just skip, maybe we want to say - * something??? */ - ldns_rr_free(rr); - continue; - } - soa_seen = true; - ldns_zone_set_soa(newzone, rr); - /* set origin to soa if not specified */ - if (!my_origin) { - my_origin = ldns_rdf_clone(ldns_rr_owner(rr)); - } - continue; - } - - /* a normal RR - as sofar the DNS is normal */ - if (!ldns_zone_push_rr(newzone, rr)) goto error; - - case LDNS_STATUS_SYNTAX_EMPTY: - /* empty line was seen */ - case LDNS_STATUS_SYNTAX_TTL: - /* the function set the ttl */ - break; - case LDNS_STATUS_SYNTAX_ORIGIN: - /* the function set the origin */ - break; - case LDNS_STATUS_SYNTAX_INCLUDE: - ret = LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL; - break; - default: - ret = s; - goto error; - } - } - - if (my_origin) { - ldns_rdf_deep_free(my_origin); - } - if (my_prev) { - ldns_rdf_deep_free(my_prev); - } - if (z) { - *z = newzone; - } else { - ldns_zone_free(newzone); - } - - return LDNS_STATUS_OK; - -error: - if (my_origin) { - ldns_rdf_deep_free(my_origin); - } - if (my_prev) { - ldns_rdf_deep_free(my_prev); - } - if (newzone) { - ldns_zone_free(newzone); - } - return ret; -} - -void -ldns_zone_sort(ldns_zone *zone) -{ - ldns_rr_list *zrr; - assert(zone != NULL); - - zrr = ldns_zone_rrs(zone); - ldns_rr_list_sort(zrr); -} - -void -ldns_zone_free(ldns_zone *zone) -{ - ldns_rr_list_free(zone->_rrs); - LDNS_FREE(zone); -} - -void -ldns_zone_deep_free(ldns_zone *zone) -{ - ldns_rr_free(zone->_soa); - ldns_rr_list_deep_free(zone->_rrs); - LDNS_FREE(zone); -}