1 /* $NetBSD: tsec.c,v 1.1 2024/02/18 20:57:34 christos Exp $ */
2
3 /*
4 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
5 *
6 * SPDX-License-Identifier: MPL-2.0
7 *
8 * This Source Code Form is subject to the terms of the Mozilla Public
9 * License, v. 2.0. If a copy of the MPL was not distributed with this
10 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
11 *
12 * See the COPYRIGHT file distributed with this work for additional
13 * information regarding copyright ownership.
14 */
15
16 #include <isc/mem.h>
17 #include <isc/util.h>
18
19 #include <pk11/site.h>
20
21 #include <dns/result.h>
22 #include <dns/tsec.h>
23 #include <dns/tsig.h>
24
25 #include <dst/dst.h>
26
27 #define DNS_TSEC_MAGIC ISC_MAGIC('T', 's', 'e', 'c')
28 #define DNS_TSEC_VALID(t) ISC_MAGIC_VALID(t, DNS_TSEC_MAGIC)
29
30 /*%
31 * DNS Transaction Security object. We assume this is not shared by
32 * multiple threads, and so the structure does not contain a lock.
33 */
34 struct dns_tsec {
35 unsigned int magic;
36 dns_tsectype_t type;
37 isc_mem_t *mctx;
38 union {
39 dns_tsigkey_t *tsigkey;
40 dst_key_t *key;
41 } ukey;
42 };
43
44 isc_result_t
dns_tsec_create(isc_mem_t * mctx,dns_tsectype_t type,dst_key_t * key,dns_tsec_t ** tsecp)45 dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
46 dns_tsec_t **tsecp) {
47 isc_result_t result;
48 dns_tsec_t *tsec;
49 dns_tsigkey_t *tsigkey = NULL;
50 const dns_name_t *algname;
51
52 REQUIRE(mctx != NULL);
53 REQUIRE(tsecp != NULL && *tsecp == NULL);
54
55 tsec = isc_mem_get(mctx, sizeof(*tsec));
56
57 tsec->type = type;
58 tsec->mctx = mctx;
59
60 switch (type) {
61 case dns_tsectype_tsig:
62 switch (dst_key_alg(key)) {
63 case DST_ALG_HMACMD5:
64 algname = dns_tsig_hmacmd5_name;
65 break;
66 case DST_ALG_HMACSHA1:
67 algname = dns_tsig_hmacsha1_name;
68 break;
69 case DST_ALG_HMACSHA224:
70 algname = dns_tsig_hmacsha224_name;
71 break;
72 case DST_ALG_HMACSHA256:
73 algname = dns_tsig_hmacsha256_name;
74 break;
75 case DST_ALG_HMACSHA384:
76 algname = dns_tsig_hmacsha384_name;
77 break;
78 case DST_ALG_HMACSHA512:
79 algname = dns_tsig_hmacsha512_name;
80 break;
81 default:
82 isc_mem_put(mctx, tsec, sizeof(*tsec));
83 return (DNS_R_BADALG);
84 }
85 result = dns_tsigkey_createfromkey(dst_key_name(key), algname,
86 key, false, NULL, 0, 0, mctx,
87 NULL, &tsigkey);
88 if (result != ISC_R_SUCCESS) {
89 isc_mem_put(mctx, tsec, sizeof(*tsec));
90 return (result);
91 }
92 tsec->ukey.tsigkey = tsigkey;
93 break;
94 case dns_tsectype_sig0:
95 tsec->ukey.key = key;
96 break;
97 default:
98 UNREACHABLE();
99 }
100
101 tsec->magic = DNS_TSEC_MAGIC;
102
103 *tsecp = tsec;
104 return (ISC_R_SUCCESS);
105 }
106
107 void
dns_tsec_destroy(dns_tsec_t ** tsecp)108 dns_tsec_destroy(dns_tsec_t **tsecp) {
109 dns_tsec_t *tsec;
110
111 REQUIRE(tsecp != NULL && *tsecp != NULL);
112 tsec = *tsecp;
113 *tsecp = NULL;
114 REQUIRE(DNS_TSEC_VALID(tsec));
115
116 switch (tsec->type) {
117 case dns_tsectype_tsig:
118 dns_tsigkey_detach(&tsec->ukey.tsigkey);
119 break;
120 case dns_tsectype_sig0:
121 dst_key_free(&tsec->ukey.key);
122 break;
123 default:
124 UNREACHABLE();
125 }
126
127 tsec->magic = 0;
128 isc_mem_put(tsec->mctx, tsec, sizeof(*tsec));
129 }
130
131 dns_tsectype_t
dns_tsec_gettype(dns_tsec_t * tsec)132 dns_tsec_gettype(dns_tsec_t *tsec) {
133 REQUIRE(DNS_TSEC_VALID(tsec));
134
135 return (tsec->type);
136 }
137
138 void
dns_tsec_getkey(dns_tsec_t * tsec,void * keyp)139 dns_tsec_getkey(dns_tsec_t *tsec, void *keyp) {
140 REQUIRE(DNS_TSEC_VALID(tsec));
141 REQUIRE(keyp != NULL);
142
143 switch (tsec->type) {
144 case dns_tsectype_tsig:
145 dns_tsigkey_attach(tsec->ukey.tsigkey, (dns_tsigkey_t **)keyp);
146 break;
147 case dns_tsectype_sig0:
148 *(dst_key_t **)keyp = tsec->ukey.key;
149 break;
150 default:
151 UNREACHABLE();
152 }
153 }
154