1 /* $NetBSD: ds.c,v 1.7 2014/12/10 04:37:58 christos Exp $ */
4 * Copyright (C) 2004-2007, 2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
5 * Copyright (C) 2002, 2003 Internet Software Consortium.
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 * PERFORMANCE OF THIS SOFTWARE.
20 /* Id: ds.c,v 1.13 2010/12/23 23:47:08 tbox Exp */
28 #include <isc/buffer.h>
29 #include <isc/region.h>
35 #include <dns/fixedname.h>
37 #include <dns/rdata.h>
38 #include <dns/rdatastruct.h>
39 #include <dns/result.h>
43 #if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST)
48 dns_ds_buildrdata(dns_name_t
*owner
, dns_rdata_t
*key
,
49 unsigned int digest_type
, unsigned char *buffer
,
52 dns_fixedname_t fname
;
54 unsigned char digest
[ISC_SHA384_DIGESTLENGTH
];
61 #if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST)
66 REQUIRE(key
->type
== dns_rdatatype_dnskey
);
68 if (!dst_ds_digest_supported(digest_type
))
69 return (ISC_R_NOTIMPLEMENTED
);
71 dns_fixedname_init(&fname
);
72 name
= dns_fixedname_name(&fname
);
73 (void)dns_name_downcase(owner
, name
, NULL
);
75 memset(buffer
, 0, DNS_DS_BUFFERSIZE
);
76 isc_buffer_init(&b
, buffer
, DNS_DS_BUFFERSIZE
);
78 switch (digest_type
) {
79 case DNS_DSDIGEST_SHA1
:
81 dns_name_toregion(name
, &r
);
82 isc_sha1_update(&sha1
, r
.base
, r
.length
);
83 dns_rdata_toregion(key
, &r
);
84 INSIST(r
.length
>= 4);
85 isc_sha1_update(&sha1
, r
.base
, r
.length
);
86 isc_sha1_final(&sha1
, digest
);
89 #if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST)
90 #define RETERR(x) do { \
91 isc_result_t ret = (x); \
92 if (ret != ISC_R_SUCCESS) { \
93 isc_gost_invalidate(&gost); \
96 } while (/*CONSTCOND*/0)
98 case DNS_DSDIGEST_GOST
:
99 RETERR(isc_gost_init(&gost
));
100 dns_name_toregion(name
, &r
);
101 RETERR(isc_gost_update(&gost
, r
.base
, r
.length
));
102 dns_rdata_toregion(key
, &r
);
103 INSIST(r
.length
>= 4);
104 RETERR(isc_gost_update(&gost
, r
.base
, r
.length
));
105 RETERR(isc_gost_final(&gost
, digest
));
109 case DNS_DSDIGEST_SHA384
:
110 isc_sha384_init(&sha384
);
111 dns_name_toregion(name
, &r
);
112 isc_sha384_update(&sha384
, r
.base
, r
.length
);
113 dns_rdata_toregion(key
, &r
);
114 INSIST(r
.length
>= 4);
115 isc_sha384_update(&sha384
, r
.base
, r
.length
);
116 isc_sha384_final(digest
, &sha384
);
119 case DNS_DSDIGEST_SHA256
:
121 isc_sha256_init(&sha256
);
122 dns_name_toregion(name
, &r
);
123 isc_sha256_update(&sha256
, r
.base
, r
.length
);
124 dns_rdata_toregion(key
, &r
);
125 INSIST(r
.length
>= 4);
126 isc_sha256_update(&sha256
, r
.base
, r
.length
);
127 isc_sha256_final(digest
, &sha256
);
132 ds
.common
.rdclass
= key
->rdclass
;
133 ds
.common
.rdtype
= dns_rdatatype_ds
;
134 ds
.algorithm
= r
.base
[3];
135 ds
.key_tag
= dst_region_computeid(&r
, ds
.algorithm
);
136 ds
.digest_type
= digest_type
;
137 switch (digest_type
) {
138 case DNS_DSDIGEST_SHA1
:
139 ds
.length
= ISC_SHA1_DIGESTLENGTH
;
142 #if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST)
143 case DNS_DSDIGEST_GOST
:
144 ds
.length
= ISC_GOST_DIGESTLENGTH
;
148 case DNS_DSDIGEST_SHA384
:
149 ds
.length
= ISC_SHA384_DIGESTLENGTH
;
152 case DNS_DSDIGEST_SHA256
:
154 ds
.length
= ISC_SHA256_DIGESTLENGTH
;
159 return (dns_rdata_fromstruct(rdata
, key
->rdclass
, dns_rdatatype_ds
,