Remove building with NOCRYPTO option
[minix.git] / external / bsd / bind / dist / lib / dns / ds.c
blobae860a17bec4e142e283f75442ac2f3b355f974d
1 /* $NetBSD: ds.c,v 1.7 2014/12/10 04:37:58 christos Exp $ */
3 /*
4 * Copyright (C) 2004-2007, 2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
5 * Copyright (C) 2002, 2003 Internet Software Consortium.
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 * PERFORMANCE OF THIS SOFTWARE.
20 /* Id: ds.c,v 1.13 2010/12/23 23:47:08 tbox Exp */
22 /*! \file */
24 #include <config.h>
26 #include <string.h>
28 #include <isc/buffer.h>
29 #include <isc/region.h>
30 #include <isc/sha1.h>
31 #include <isc/sha2.h>
32 #include <isc/util.h>
34 #include <dns/ds.h>
35 #include <dns/fixedname.h>
36 #include <dns/name.h>
37 #include <dns/rdata.h>
38 #include <dns/rdatastruct.h>
39 #include <dns/result.h>
41 #include <dst/dst.h>
43 #if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST)
44 #include "dst_gost.h"
45 #endif
47 isc_result_t
48 dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
49 unsigned int digest_type, unsigned char *buffer,
50 dns_rdata_t *rdata)
52 dns_fixedname_t fname;
53 dns_name_t *name;
54 unsigned char digest[ISC_SHA384_DIGESTLENGTH];
55 isc_region_t r;
56 isc_buffer_t b;
57 dns_rdata_ds_t ds;
58 isc_sha1_t sha1;
59 isc_sha256_t sha256;
60 isc_sha384_t sha384;
61 #if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST)
62 isc_gost_t gost;
63 #endif
65 REQUIRE(key != NULL);
66 REQUIRE(key->type == dns_rdatatype_dnskey);
68 if (!dst_ds_digest_supported(digest_type))
69 return (ISC_R_NOTIMPLEMENTED);
71 dns_fixedname_init(&fname);
72 name = dns_fixedname_name(&fname);
73 (void)dns_name_downcase(owner, name, NULL);
75 memset(buffer, 0, DNS_DS_BUFFERSIZE);
76 isc_buffer_init(&b, buffer, DNS_DS_BUFFERSIZE);
78 switch (digest_type) {
79 case DNS_DSDIGEST_SHA1:
80 isc_sha1_init(&sha1);
81 dns_name_toregion(name, &r);
82 isc_sha1_update(&sha1, r.base, r.length);
83 dns_rdata_toregion(key, &r);
84 INSIST(r.length >= 4);
85 isc_sha1_update(&sha1, r.base, r.length);
86 isc_sha1_final(&sha1, digest);
87 break;
89 #if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST)
90 #define RETERR(x) do { \
91 isc_result_t ret = (x); \
92 if (ret != ISC_R_SUCCESS) { \
93 isc_gost_invalidate(&gost); \
94 return (ret); \
95 } \
96 } while (/*CONSTCOND*/0)
98 case DNS_DSDIGEST_GOST:
99 RETERR(isc_gost_init(&gost));
100 dns_name_toregion(name, &r);
101 RETERR(isc_gost_update(&gost, r.base, r.length));
102 dns_rdata_toregion(key, &r);
103 INSIST(r.length >= 4);
104 RETERR(isc_gost_update(&gost, r.base, r.length));
105 RETERR(isc_gost_final(&gost, digest));
106 break;
107 #endif
109 case DNS_DSDIGEST_SHA384:
110 isc_sha384_init(&sha384);
111 dns_name_toregion(name, &r);
112 isc_sha384_update(&sha384, r.base, r.length);
113 dns_rdata_toregion(key, &r);
114 INSIST(r.length >= 4);
115 isc_sha384_update(&sha384, r.base, r.length);
116 isc_sha384_final(digest, &sha384);
117 break;
119 case DNS_DSDIGEST_SHA256:
120 default:
121 isc_sha256_init(&sha256);
122 dns_name_toregion(name, &r);
123 isc_sha256_update(&sha256, r.base, r.length);
124 dns_rdata_toregion(key, &r);
125 INSIST(r.length >= 4);
126 isc_sha256_update(&sha256, r.base, r.length);
127 isc_sha256_final(digest, &sha256);
128 break;
131 ds.mctx = NULL;
132 ds.common.rdclass = key->rdclass;
133 ds.common.rdtype = dns_rdatatype_ds;
134 ds.algorithm = r.base[3];
135 ds.key_tag = dst_region_computeid(&r, ds.algorithm);
136 ds.digest_type = digest_type;
137 switch (digest_type) {
138 case DNS_DSDIGEST_SHA1:
139 ds.length = ISC_SHA1_DIGESTLENGTH;
140 break;
142 #if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST)
143 case DNS_DSDIGEST_GOST:
144 ds.length = ISC_GOST_DIGESTLENGTH;
145 break;
146 #endif
148 case DNS_DSDIGEST_SHA384:
149 ds.length = ISC_SHA384_DIGESTLENGTH;
150 break;
152 case DNS_DSDIGEST_SHA256:
153 default:
154 ds.length = ISC_SHA256_DIGESTLENGTH;
155 break;
157 ds.digest = digest;
159 return (dns_rdata_fromstruct(rdata, key->rdclass, dns_rdatatype_ds,
160 &ds, &b));