OpenDNSSEC-signer  1.3.15
nsec3params.c
Go to the documentation of this file.
1 /*
2  * $Id: nsec3params.c 4627 2011-03-23 10:00:49Z matthijs $
3  *
4  * Copyright (c) 2009 NLNet Labs. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  *
27  */
28 
34 #include "shared/allocator.h"
35 #include "shared/log.h"
36 #include "shared/status.h"
37 #include "signer/backup.h"
38 #include "signer/nsec3params.h"
39 
40 #include <ctype.h>
41 #include <ldns/ldns.h>
42 #include <stdlib.h>
43 #include <string.h>
44 
45 static const char* nsec3_str = "nsec3";
46 
47 
53 nsec3params_create_salt(const char* salt_str, uint8_t* salt_len,
54  uint8_t** salt)
55 {
56  uint8_t c;
57  uint8_t* salt_tmp;
58 
59  if (!salt_str) {
60  *salt_len = 0;
61  *salt = NULL;
62  return ODS_STATUS_OK;
63  }
64 
65  *salt_len = (uint8_t) strlen(salt_str);
66  if (*salt_len == 1 && salt_str[0] == '-') {
67  *salt_len = 0;
68  *salt = NULL;
69  return ODS_STATUS_OK;
70  } else if (*salt_len % 2 != 0) {
71  ods_log_error("[%s] invalid salt %s", nsec3_str, salt_str);
72  *salt = NULL;
73  return ODS_STATUS_ERR;
74  }
75 
76  /* construct salt data */
77  salt_tmp = (uint8_t*) calloc(*salt_len / 2, sizeof(uint8_t));
78  for (c = 0; c < *salt_len; c += 2) {
79  if (isxdigit((int) salt_str[c]) && isxdigit((int) salt_str[c+1])) {
80  salt_tmp[c/2] = (uint8_t) ldns_hexdigit_to_int(salt_str[c]) * 16 +
81  ldns_hexdigit_to_int(salt_str[c+1]);
82  } else {
83  ods_log_error("[%s] invalid salt %s", nsec3_str, salt_str);
84  free((void*)salt_tmp);
85  *salt = NULL;
86  return ODS_STATUS_ERR;
87  }
88  }
89 
90  *salt_len = *salt_len / 2; /* update length */
91  *salt = salt_tmp;
92  return ODS_STATUS_OK;
93 }
94 
95 
101 nsec3params_create(uint8_t algo, uint8_t flags, uint16_t iter,
102  const char* salt)
103 {
104  nsec3params_type* nsec3params;
105  uint8_t salt_len; /* calculate salt len */
106  uint8_t* salt_data; /* calculate salt data */
107  allocator_type* allocator = allocator_create(malloc, free);
108  if (!allocator) {
109  ods_log_error("[%s] unable to create: create allocator failed",
110  nsec3_str);
111  return NULL;
112  }
113  ods_log_assert(allocator);
114 
115  nsec3params = (nsec3params_type*) allocator_alloc(allocator,
116  sizeof(nsec3params_type));
117  if (!nsec3params) {
118  ods_log_error("[%s] unable to create: allocator failed", nsec3_str);
119  allocator_cleanup(allocator);
120  return NULL;
121  }
122  ods_log_assert(nsec3params);
123 
124  nsec3params->allocator = allocator;
125  nsec3params->algorithm = algo; /* algorithm identifier */
126  nsec3params->flags = flags; /* flags */
127  nsec3params->iterations = iter; /* iterations */
128  /* construct the salt from the string */
129  if (nsec3params_create_salt(salt, &salt_len, &salt_data) != 0) {
130  free((void*)nsec3params);
131  return NULL;
132  }
133  nsec3params->salt_len = salt_len; /* salt length */
134  nsec3params->salt_data = salt_data; /* salt data */
135  nsec3params->rr = NULL;
136  return nsec3params;
137 }
138 
139 
144 void
145 nsec3params_backup(FILE* fd, uint8_t algo, uint8_t flags,
146  uint16_t iter, const char* salt, ldns_rr* rr)
147 {
148  if (!fd) {
149  return;
150  }
151  fprintf(fd, ";;Nsec3parameters: salt %s algorithm %u optout %u "
152  "iterations %u\n", salt?salt:"-", (unsigned) algo,
153  (unsigned) flags, (unsigned) iter);
154  if (rr) {
155  ldns_rr_print(fd, rr);
156  }
157  fprintf(fd, ";;Nsec3done\n");
158  fprintf(fd, ";;\n");
159  return;
160 }
161 
162 
168 nsec3params_recover_from_backup(FILE* fd, ldns_rr** rr)
169 {
170  const char* salt = NULL;
171  uint8_t algorithm = 0;
172  uint8_t flags = 0;
173  uint16_t iterations = 0;
174  ldns_rr* nsec3params_rr = NULL;
175  nsec3params_type* nsec3params = NULL;
176  uint8_t salt_len; /* calculate salt len */
177  uint8_t* salt_data; /* calculate salt data */
178 
179  ods_log_assert(fd);
180 
181  if (!backup_read_str(fd, &salt) ||
182  !backup_read_uint8_t(fd, &algorithm) ||
183  !backup_read_uint8_t(fd, &flags) ||
184  !backup_read_uint16_t(fd, &iterations) ||
185  ldns_rr_new_frm_fp(&nsec3params_rr, fd, NULL, NULL, NULL)
186  != LDNS_STATUS_OK ||
187  !backup_read_check_str(fd, ";END"))
188  {
189  ods_log_error("[%s] nsec3params part in backup file is corrupted", nsec3_str);
190  if (nsec3params_rr) {
191  ldns_rr_free(nsec3params_rr);
192  nsec3params_rr = NULL;
193  }
194  if (salt) {
195  free((void*) salt);
196  salt = NULL;
197  }
198  return NULL;
199  }
200 
201  nsec3params = (nsec3params_type*) malloc(sizeof(nsec3params_type));
202  nsec3params->algorithm = algorithm; /* algorithm identifier */
203  nsec3params->flags = flags; /* flags */
204  nsec3params->iterations = iterations; /* iterations */
205  /* construct the salt from the string */
206  if (nsec3params_create_salt(salt, &salt_len, &salt_data) != 0) {
207  free((void*)nsec3params);
208  free((void*)salt);
209  ldns_rr_free(nsec3params_rr);
210  return NULL;
211  }
212  free((void*) salt);
213  nsec3params->salt_len = salt_len; /* salt length */
214  nsec3params->salt_data = salt_data; /* salt data */
215  *rr = nsec3params_rr;
216  nsec3params->rr = ldns_rr_clone(nsec3params_rr);
217  return nsec3params;
218 }
219 
220 
225 const char*
227 {
228  uint8_t *data;
229  uint8_t salt_length = 0;
230  uint8_t salt_pos = 0;
231  int written = 0;
232  char* str = NULL;
233  ldns_buffer* buffer = NULL;
234 
235  salt_length = nsec3params->salt_len;
236  data = nsec3params->salt_data;
237 
238  /* from now there are variable length entries so remember pos */
239  if (salt_length == 0) {
240  buffer = ldns_buffer_new(2);
241  written = ldns_buffer_printf(buffer, "-");
242  } else {
243  buffer = ldns_buffer_new(salt_pos+1);
244  for (salt_pos = 0; salt_pos < salt_length; salt_pos++) {
245  written = ldns_buffer_printf(buffer, "%02x", data[salt_pos]);
246  }
247  }
248 
249  if (ldns_buffer_status(buffer) == LDNS_STATUS_OK) {
250  str = ldns_buffer2str(buffer);
251  } else {
252  ods_log_error("[%s] unable to convert nsec3 salt to string: %s",
253  nsec3_str, ldns_get_errorstr_by_id(ldns_buffer_status(buffer)));
254  }
255  ldns_buffer_free(buffer);
256  return (const char*) str;
257 }
258 
259 
264 void
266 {
267  allocator_type* allocator;
268  if (!nsec3params) {
269  return;
270  }
271  allocator = nsec3params->allocator;
272  ldns_rr_free(nsec3params->rr);
273  allocator_deallocate(allocator, (void*) nsec3params->salt_data);
274  allocator_deallocate(allocator, (void*) nsec3params);
275  allocator_cleanup(allocator);
276  return;
277 }