BIND9 Internals: lib/dns/tsec.c Source File

00001 /*
00002  * Copyright (C) 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
00003  *
00004  * Permission to use, copy, modify, and/or distribute this software for any
00005  * purpose with or without fee is hereby granted, provided that the above
00006  * copyright notice and this permission notice appear in all copies.
00007  *
00008  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
00009  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
00010  * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
00011  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
00012  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
00013  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
00014  * PERFORMANCE OF THIS SOFTWARE.
00015  */
00016 
00017 /* $Id: tsec.c,v 1.7 2010/12/09 00:54:34 marka Exp $ */
00018 
00019 #include <config.h>
00020 
00021 #include <isc/mem.h>
00022 
00023 #include <dns/tsec.h>
00024 #include <dns/tsig.h>
00025 #include <dns/result.h>
00026 
00027 #include <dst/dst.h>
00028 
00029 #define DNS_TSEC_MAGIC                  ISC_MAGIC('T', 's', 'e', 'c')
00030 #define DNS_TSEC_VALID(t)               ISC_MAGIC_VALID(t, DNS_TSEC_MAGIC)
00031 
00032 /*%
00033  * DNS Transaction Security object.  We assume this is not shared by
00034  * multiple threads, and so the structure does not contain a lock.
00035  */
00036 struct dns_tsec {
00037         unsigned int            magic;
00038         dns_tsectype_t          type;
00039         isc_mem_t               *mctx;
00040         union {
00041                 dns_tsigkey_t   *tsigkey;
00042                 dst_key_t       *key;
00043         } ukey;
00044 };
00045 
00046 isc_result_t
00047 dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
00048                 dns_tsec_t **tsecp)
00049 {
00050         isc_result_t result;
00051         dns_tsec_t *tsec;
00052         dns_tsigkey_t *tsigkey = NULL;
00053         dns_name_t *algname;
00054 
00055         REQUIRE(mctx != NULL);
00056         REQUIRE(tsecp != NULL && *tsecp == NULL);
00057 
00058         tsec = isc_mem_get(mctx, sizeof(*tsec));
00059         if (tsec == NULL)
00060                 return (ISC_R_NOMEMORY);
00061 
00062         tsec->type = type;
00063         tsec->mctx = mctx;
00064 
00065         switch (type) {
00066         case dns_tsectype_tsig:
00067                 switch (dst_key_alg(key)) {
00068                 case DST_ALG_HMACMD5:
00069                         algname = dns_tsig_hmacmd5_name;
00070                         break;
00071                 case DST_ALG_HMACSHA1:
00072                         algname = dns_tsig_hmacsha1_name;
00073                         break;
00074                 case DST_ALG_HMACSHA224:
00075                         algname = dns_tsig_hmacsha224_name;
00076                         break;
00077                 case DST_ALG_HMACSHA256:
00078                         algname = dns_tsig_hmacsha256_name;
00079                         break;
00080                 case DST_ALG_HMACSHA384:
00081                         algname = dns_tsig_hmacsha384_name;
00082                         break;
00083                 case DST_ALG_HMACSHA512:
00084                         algname = dns_tsig_hmacsha512_name;
00085                         break;
00086                 default:
00087                         isc_mem_put(mctx, tsec, sizeof(*tsec));
00088                         return (DNS_R_BADALG);
00089                 }
00090                 result = dns_tsigkey_createfromkey(dst_key_name(key),
00091                                                    algname, key, ISC_FALSE,
00092                                                    NULL, 0, 0, mctx, NULL,
00093                                                    &tsigkey);
00094                 if (result != ISC_R_SUCCESS) {
00095                         isc_mem_put(mctx, tsec, sizeof(*tsec));
00096                         return (result);
00097                 }
00098                 tsec->ukey.tsigkey = tsigkey;
00099                 break;
00100         case dns_tsectype_sig0:
00101                 tsec->ukey.key = key;
00102                 break;
00103         default:
00104                 INSIST(0);
00105         }
00106 
00107         tsec->magic = DNS_TSEC_MAGIC;
00108 
00109         *tsecp = tsec;
00110         return (ISC_R_SUCCESS);
00111 }
00112 
00113 void
00114 dns_tsec_destroy(dns_tsec_t **tsecp) {
00115         dns_tsec_t *tsec;
00116 
00117         REQUIRE(tsecp != NULL && *tsecp != NULL);
00118         tsec = *tsecp;
00119         REQUIRE(DNS_TSEC_VALID(tsec));
00120 
00121         switch (tsec->type) {
00122         case dns_tsectype_tsig:
00123                 dns_tsigkey_detach(&tsec->ukey.tsigkey);
00124                 break;
00125         case dns_tsectype_sig0:
00126                 dst_key_free(&tsec->ukey.key);
00127                 break;
00128         default:
00129                 INSIST(0);
00130         }
00131 
00132         tsec->magic = 0;
00133         isc_mem_put(tsec->mctx, tsec, sizeof(*tsec));
00134 
00135         *tsecp = NULL;
00136 }
00137 
00138 dns_tsectype_t
00139 dns_tsec_gettype(dns_tsec_t *tsec) {
00140         REQUIRE(DNS_TSEC_VALID(tsec));
00141 
00142         return (tsec->type);
00143 }
00144 
00145 void
00146 dns_tsec_getkey(dns_tsec_t *tsec, void *keyp) {
00147         REQUIRE(DNS_TSEC_VALID(tsec));
00148         REQUIRE(keyp != NULL);
00149 
00150         switch (tsec->type) {
00151         case dns_tsectype_tsig:
00152                 dns_tsigkey_attach(tsec->ukey.tsigkey, (dns_tsigkey_t **)keyp);
00153                 break;
00154         case dns_tsectype_sig0:
00155                 *(dst_key_t **)keyp = tsec->ukey.key;
00156                 break;
00157         default:
00158                 INSIST(0);
00159         }
00160 }