dnssec.c revision 499b34cea04a46823d003d4c0520c8b03e8513cb
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * Copyright (C) 1999-2001 Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * Permission to use, copy, modify, and distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * purpose with or without fee is hereby granted, provided that the above
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * copyright notice and this permission notice appear in all copies.
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
d7201de09b85929a86b157f4b2d91667c68c6b52Automatic Updater * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
9eae5f2a7a189353bd4fcbb939c2b61094b3bfe9Tatuya JINMEI 神明達哉 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
9eae5f2a7a189353bd4fcbb939c2b61094b3bfe9Tatuya JINMEI 神明達哉 * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 * $Id: dnssec.c,v 1.59 2001/01/09 21:50:49 bwelling Exp $
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉#include <dns/tsig.h> /* for DNS_TSIG_FUDGE */
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉#define is_response(msg) (msg->flags & DNS_MESSAGEFLAG_QR)
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉#define RETERR(x) do { \
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉digest_callback(void *arg, isc_region_t *data);
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉rdata_compare_wrapper(const void *rdata1, const void *rdata2);
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx,
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉digest_callback(void *arg, isc_region_t *data) {
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 * Make qsort happy.
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉rdata_compare_wrapper(const void *rdata1, const void *rdata2) {
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 return (dns_rdata_compare((const dns_rdata_t *)rdata1,
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 * Sort the rdataset into an array.
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx,
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt int i = 0, n;
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 data = isc_mem_get(mctx, n * sizeof(dns_rdata_t));
62f016d5d301713c72a59e83d3ab41170a77f674Mark Andrews isc_mem_put(mctx, data, n * sizeof(dns_rdata_t));
62f016d5d301713c72a59e83d3ab41170a77f674Mark Andrews * Put them in the array.
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 } while (dns_rdataset_next(set) == ISC_R_SUCCESS);
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt * Sort the array.
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 qsort(data, n, sizeof(dns_rdata_t), rdata_compare_wrapper);
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Huntdns_dnssec_keyfromrdata(dns_name_t *name, dns_rdata_t *rdata, isc_mem_t *mctx,
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 return (dst_key_fromdns(name, rdata->rdclass, &b, mctx, key));
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 isc_stdtime_t *inception, isc_stdtime_t *expire,
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt isc_mem_t *mctx, isc_buffer_t *buffer, dns_rdata_t *sigrdata)
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt unsigned int sigsize;
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 * Is the key allowed to sign data?
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt if ((flags & DNS_KEYFLAG_OWNERMASK) != DNS_KEYOWNER_ZONE)
db93c0def5c3e1e0ea40c7596482ad3fca4ed03bMukund Sivaraman sig.signature = isc_mem_get(mctx, sig.siglen);
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt ret = dns_rdata_fromstruct(NULL, sig.common.rdclass,
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt * Digest the SIG rdata.
b454c0319685041db3f3e8fd7671e1b364fd20c5Evan Hunt * Create an envelope for each rdata: <name|type|class|ttl>.
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt ret = rdataset_to_sortedarray(set, mctx, &rdatas, &nrdatas);
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt for (i = 0; i < nrdatas; i++) {
b99bfa184bc9375421b5df915eea7dfac6a68a99Evan Hunt * Digest the envelope.
goto cleanup_array;
goto cleanup_array;
goto cleanup_array;
goto cleanup_array;
goto cleanup_array;
return (ret);
isc_region_t r;
int nrdatas, i;
int labels;
return (ret);
if (!ignoretime) {
return (DNS_R_SIGFUTURE);
return (DNS_R_SIGEXPIRED);
return (DNS_R_KEYUNAUTHORIZED);
return (DNS_R_KEYUNAUTHORIZED);
goto cleanup_struct;
goto cleanup_struct;
goto cleanup_context;
for (i = 0; i < nrdatas; i++) {
goto cleanup_array;
goto cleanup_array;
goto cleanup_array;
return (ret);
unsigned int *nkeys)
unsigned int count = 0;
*nkeys = 0;
goto next;
NULL,
goto next;
goto failure;
goto next;
count++;
next:
goto failure;
if (count == 0)
return (result);
unsigned int sigsize;
isc_region_t r;
goto failure;
return (ISC_R_SUCCESS);
if (signeedsfree)
return (result);
goto failure;
goto failure;
goto failure;
goto failure;
goto failure;
return (ISC_R_SUCCESS);
if (signeedsfree)
return (result);
return (ISC_FALSE);
return (iszonekey);