external/bsd/bind/dist/lib/dns/tsec.c

   1 /*      $NetBSD: tsec.c,v 1.4 2014/12/10 04:37:58 christos Exp $        */
   2
   3 /*
   4  * Copyright (C) 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
   5  *
   6  * Permission to use, copy, modify, and/or distribute this software for any
   7  * purpose with or without fee is hereby granted, provided that the above
   8  * copyright notice and this permission notice appear in all copies.
   9  *
  10  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  11  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  12  * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  13  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  14  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  15  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  16  * PERFORMANCE OF THIS SOFTWARE.
  17  */
  18
  19 /* Id: tsec.c,v 1.7 2010/12/09 00:54:34 marka Exp  */
  20
  21 #include <config.h>
  22
  23 #include <isc/mem.h>
  24
  25 #include <dns/tsec.h>
  26 #include <dns/tsig.h>
  27 #include <dns/result.h>
  28
  29 #include <dst/dst.h>
  30
  31 #define DNS_TSEC_MAGIC                  ISC_MAGIC('T', 's', 'e', 'c')
  32 #define DNS_TSEC_VALID(t)               ISC_MAGIC_VALID(t, DNS_TSEC_MAGIC)
  33
  34 /*%
  35  * DNS Transaction Security object.  We assume this is not shared by
  36  * multiple threads, and so the structure does not contain a lock.
  37  */
  38 struct dns_tsec {
  39         unsigned int            magic;
  40         dns_tsectype_t          type;
  41         isc_mem_t               *mctx;
  42         union {
  43                 dns_tsigkey_t   *tsigkey;
  44                 dst_key_t       *key;
  45         } ukey;
  46 };
  47
  48 isc_result_t
  49 dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
  50                 dns_tsec_t **tsecp)
  51 {
  52         isc_result_t result;
  53         dns_tsec_t *tsec;
  54         dns_tsigkey_t *tsigkey = NULL;
  55         dns_name_t *algname;
  56
  57         REQUIRE(mctx != NULL);
  58         REQUIRE(tsecp != NULL && *tsecp == NULL);
  59
  60         tsec = isc_mem_get(mctx, sizeof(*tsec));
  61         if (tsec == NULL)
  62                 return (ISC_R_NOMEMORY);
  63
  64         tsec->type = type;
  65         tsec->mctx = mctx;
  66
  67         switch (type) {
  68         case dns_tsectype_tsig:
  69                 switch (dst_key_alg(key)) {
  70                 case DST_ALG_HMACMD5:
  71                         algname = dns_tsig_hmacmd5_name;
  72                         break;
  73                 case DST_ALG_HMACSHA1:
  74                         algname = dns_tsig_hmacsha1_name;
  75                         break;
  76                 case DST_ALG_HMACSHA224:
  77                         algname = dns_tsig_hmacsha224_name;
  78                         break;
  79                 case DST_ALG_HMACSHA256:
  80                         algname = dns_tsig_hmacsha256_name;
  81                         break;
  82                 case DST_ALG_HMACSHA384:
  83                         algname = dns_tsig_hmacsha384_name;
  84                         break;
  85                 case DST_ALG_HMACSHA512:
  86                         algname = dns_tsig_hmacsha512_name;
  87                         break;
  88                 default:
  89                         isc_mem_put(mctx, tsec, sizeof(*tsec));
  90                         return (DNS_R_BADALG);
  91                 }
  92                 result = dns_tsigkey_createfromkey(dst_key_name(key),
  93                                                    algname, key, ISC_FALSE,
  94                                                    NULL, 0, 0, mctx, NULL,
  95                                                    &tsigkey);
  96                 if (result != ISC_R_SUCCESS) {
  97                         isc_mem_put(mctx, tsec, sizeof(*tsec));
  98                         return (result);
  99                 }
 100                 tsec->ukey.tsigkey = tsigkey;
 101                 break;
 102         case dns_tsectype_sig0:
 103                 tsec->ukey.key = key;
 104                 break;
 105         default:
 106                 INSIST(0);
 107         }
 108
 109         tsec->magic = DNS_TSEC_MAGIC;
 110
 111         *tsecp = tsec;
 112         return (ISC_R_SUCCESS);
 113 }
 114
 115 void
 116 dns_tsec_destroy(dns_tsec_t **tsecp) {
 117         dns_tsec_t *tsec;
 118
 119         REQUIRE(tsecp != NULL && *tsecp != NULL);
 120         tsec = *tsecp;
 121         REQUIRE(DNS_TSEC_VALID(tsec));
 122
 123         switch (tsec->type) {
 124         case dns_tsectype_tsig:
 125                 dns_tsigkey_detach(&tsec->ukey.tsigkey);
 126                 break;
 127         case dns_tsectype_sig0:
 128                 dst_key_free(&tsec->ukey.key);
 129                 break;
 130         default:
 131                 INSIST(0);
 132         }
 133
 134         tsec->magic = 0;
 135         isc_mem_put(tsec->mctx, tsec, sizeof(*tsec));
 136
 137         *tsecp = NULL;
 138 }
 139
 140 dns_tsectype_t
 141 dns_tsec_gettype(dns_tsec_t *tsec) {
 142         REQUIRE(DNS_TSEC_VALID(tsec));
 143
 144         return (tsec->type);
 145 }
 146
 147 void
 148 dns_tsec_getkey(dns_tsec_t *tsec, void *keyp) {
 149         REQUIRE(DNS_TSEC_VALID(tsec));
 150         REQUIRE(keyp != NULL);
 151
 152         switch (tsec->type) {
 153         case dns_tsectype_tsig:
 154                 dns_tsigkey_attach(tsec->ukey.tsigkey, (dns_tsigkey_t **)keyp);
 155                 break;
 156         case dns_tsectype_sig0:
 157                 *(dst_key_t **)keyp = tsec->ukey.key;
 158                 break;
 159         default:
 160                 INSIST(0);
 161         }
 162 }