/**
* Inser canonical owner name into buffer.
* @param buf: buffer to insert into at current position.
* @param k: rrset with its owner name.
* @param sig: signature with signer name and label count.
* must be length checked, at least 18 bytes long.
* @param can_owner: position in buffer returned for future use.
* @param can_owner_len: length of canonical owner name.
*/
static void
insert_can_owner(ldns_buffer* buf, struct ub_packed_rrset_key* k,
uint8_t* sig, uint8_t** can_owner, size_t* can_owner_len)
{
int rrsig_labels = (int)sig[3];
int fqdn_labels = dname_signame_label_count(k->rk.dname);
*can_owner = ldns_buffer_current(buf);
if(rrsig_labels == fqdn_labels) {
/* no change */
ldns_buffer_write(buf, k->rk.dname, k->rk.dname_len);
query_dname_tolower(*can_owner);
*can_owner_len = k->rk.dname_len;
return;
}
log_assert(rrsig_labels < fqdn_labels);
/* *. | fqdn(rightmost rrsig_labels) */
if(rrsig_labels < fqdn_labels) {
int i;
uint8_t* nm = k->rk.dname;
size_t len = k->rk.dname_len;
/* so skip fqdn_labels-rrsig_labels */
for(i=0; i<fqdn_labels-rrsig_labels; i++) {
dname_remove_label(&nm, &len);
}
*can_owner_len = len+2;
ldns_buffer_write(buf, (uint8_t*)"\001*", 2);
ldns_buffer_write(buf, nm, len);
query_dname_tolower(*can_owner);
}
}
/**
* Create a DS digest for a DNSKEY entry.
*
* @param env: module environment. Uses scratch space.
* @param dnskey_rrset: DNSKEY rrset.
* @param dnskey_idx: index of RR in rrset.
* @param ds_rrset: DS rrset
* @param ds_idx: index of RR in DS rrset.
* @param digest: digest is returned in here (must be correctly sized).
* @return false on error.
*/
static int
ds_create_dnskey_digest(struct module_env* env,
struct ub_packed_rrset_key* dnskey_rrset, size_t dnskey_idx,
struct ub_packed_rrset_key* ds_rrset, size_t ds_idx,
uint8_t* digest)
{
ldns_buffer* b = env->scratch_buffer;
uint8_t* dnskey_rdata;
size_t dnskey_len;
rrset_get_rdata(dnskey_rrset, dnskey_idx, &dnskey_rdata, &dnskey_len);
/* create digest source material in buffer
* digest = digest_algorithm( DNSKEY owner name | DNSKEY RDATA);
* DNSKEY RDATA = Flags | Protocol | Algorithm | Public Key. */
ldns_buffer_clear(b);
ldns_buffer_write(b, dnskey_rrset->rk.dname,
dnskey_rrset->rk.dname_len);
query_dname_tolower(ldns_buffer_begin(b));
ldns_buffer_write(b, dnskey_rdata+2, dnskey_len-2); /* skip rdatalen*/
ldns_buffer_flip(b);
return secalgo_ds_digest(ds_get_digest_algo(ds_rrset, ds_idx),
(unsigned char*)ldns_buffer_begin(b), ldns_buffer_limit(b),
(unsigned char*)digest);
}
size_t
nsec3_get_hashed(ldns_buffer* buf, uint8_t* nm, size_t nmlen, int algo,
size_t iter, uint8_t* salt, size_t saltlen, uint8_t* res, size_t max)
{
size_t i, hash_len;
/* prepare buffer for first iteration */
ldns_buffer_clear(buf);
ldns_buffer_write(buf, nm, nmlen);
query_dname_tolower(ldns_buffer_begin(buf));
ldns_buffer_write(buf, salt, saltlen);
ldns_buffer_flip(buf);
switch(algo) {
#if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS)
case NSEC3_HASH_SHA1:
#ifdef HAVE_SSL
hash_len = SHA_DIGEST_LENGTH;
#else
hash_len = SHA1_LENGTH;
#endif
if(hash_len > max)
return 0;
# ifdef HAVE_SSL
(void)SHA1((unsigned char*)ldns_buffer_begin(buf),
(unsigned long)ldns_buffer_limit(buf),
(unsigned char*)res);
# else
(void)HASH_HashBuf(HASH_AlgSHA1, (unsigned char*)res,
(unsigned char*)ldns_buffer_begin(buf),
(unsigned long)ldns_buffer_limit(buf));
# endif
for(i=0; i<iter; i++) {
ldns_buffer_clear(buf);
ldns_buffer_write(buf, res, hash_len);
ldns_buffer_write(buf, salt, saltlen);
ldns_buffer_flip(buf);
# ifdef HAVE_SSL
(void)SHA1(
(unsigned char*)ldns_buffer_begin(buf),
(unsigned long)ldns_buffer_limit(buf),
(unsigned char*)res);
# else
(void)HASH_HashBuf(HASH_AlgSHA1,
(unsigned char*)res,
(unsigned char*)ldns_buffer_begin(buf),
(unsigned long)ldns_buffer_limit(buf));
# endif
}
break;
#endif /* HAVE_EVP_SHA1 or NSS */
default:
log_err("nsec3 hash of unknown algo %d", algo);
return 0;
}
return hash_len;
}
/** compress domain names in rdata, return RETVAL_* */
static int
compress_rdata(ldns_buffer* pkt, uint8_t* rdata, size_t todolen,
struct regional* region, struct compress_tree_node** tree,
const ldns_rr_descriptor* desc)
{
int labs, r, rdf = 0;
size_t dname_len, len, pos = ldns_buffer_position(pkt);
uint8_t count = desc->_dname_count;
ldns_buffer_skip(pkt, 2); /* rdata len fill in later */
/* space for rdatalen checked for already */
rdata += 2;
todolen -= 2;
while(todolen > 0 && count) {
switch(desc->_wireformat[rdf]) {
case LDNS_RDF_TYPE_DNAME:
labs = dname_count_size_labels(rdata, &dname_len);
if((r=compress_any_dname(rdata, pkt, labs, region,
tree)) != RETVAL_OK)
return r;
rdata += dname_len;
todolen -= dname_len;
count--;
len = 0;
break;
case LDNS_RDF_TYPE_STR:
len = *rdata + 1;
break;
default:
len = get_rdf_size(desc->_wireformat[rdf]);
}
if(len) {
/* copy over */
if(ldns_buffer_remaining(pkt) < len)
return RETVAL_TRUNC;
ldns_buffer_write(pkt, rdata, len);
todolen -= len;
rdata += len;
}
rdf++;
}
/* copy remainder */
if(todolen > 0) {
if(ldns_buffer_remaining(pkt) < todolen)
return RETVAL_TRUNC;
ldns_buffer_write(pkt, rdata, todolen);
}
/* set rdata len */
ldns_buffer_write_u16_at(pkt, pos, ldns_buffer_position(pkt)-pos-2);
return RETVAL_OK;
}
void
qinfo_query_encode(ldns_buffer* pkt, struct query_info* qinfo)
{
uint16_t flags = 0; /* QUERY, NOERROR */
ldns_buffer_clear(pkt);
log_assert(ldns_buffer_remaining(pkt) >= 12+255+4/*max query*/);
ldns_buffer_skip(pkt, 2); /* id done later */
ldns_buffer_write_u16(pkt, flags);
ldns_buffer_write_u16(pkt, 1); /* query count */
ldns_buffer_write(pkt, "\000\000\000\000\000\000", 6); /* counts */
ldns_buffer_write(pkt, qinfo->qname, qinfo->qname_len);
ldns_buffer_write_u16(pkt, qinfo->qtype);
ldns_buffer_write_u16(pkt, qinfo->qclass);
ldns_buffer_flip(pkt);
}
/** compress a domain name */
static int
write_compressed_dname(ldns_buffer* pkt, uint8_t* dname, int labs,
struct compress_tree_node* p)
{
/* compress it */
int labcopy = labs - p->labs;
uint8_t lablen;
uint16_t ptr;
if(labs == 1) {
/* write root label */
if(ldns_buffer_remaining(pkt) < 1)
return 0;
ldns_buffer_write_u8(pkt, 0);
return 1;
}
/* copy the first couple of labels */
while(labcopy--) {
lablen = *dname++;
if(ldns_buffer_remaining(pkt) < (size_t)lablen+1)
return 0;
ldns_buffer_write_u8(pkt, lablen);
ldns_buffer_write(pkt, dname, lablen);
dname += lablen;
}
/* insert compression ptr */
if(ldns_buffer_remaining(pkt) < 2)
return 0;
ptr = PTR_CREATE(p->offset);
ldns_buffer_write_u16(pkt, ptr);
return 1;
}
/**
* Fill CH class answer into buffer. Keeps query.
* @param pkt: buffer
* @param str: string to put into text record (<255).
* @param edns: edns reply information.
*/
static void
chaos_replystr(ldns_buffer* pkt, const char* str, struct edns_data* edns)
{
size_t len = strlen(str);
unsigned int rd = LDNS_RD_WIRE(ldns_buffer_begin(pkt));
unsigned int cd = LDNS_CD_WIRE(ldns_buffer_begin(pkt));
if(len>255) len=255; /* cap size of TXT record */
ldns_buffer_clear(pkt);
ldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip id */
ldns_buffer_write_u16(pkt, (uint16_t)(BIT_QR|BIT_RA));
if(rd) LDNS_RD_SET(ldns_buffer_begin(pkt));
if(cd) LDNS_CD_SET(ldns_buffer_begin(pkt));
ldns_buffer_write_u16(pkt, 1); /* qdcount */
ldns_buffer_write_u16(pkt, 1); /* ancount */
ldns_buffer_write_u16(pkt, 0); /* nscount */
ldns_buffer_write_u16(pkt, 0); /* arcount */
(void)query_dname_len(pkt); /* skip qname */
ldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qtype */
ldns_buffer_skip(pkt, (ssize_t)sizeof(uint16_t)); /* skip qclass */
ldns_buffer_write_u16(pkt, 0xc00c); /* compr ptr to query */
ldns_buffer_write_u16(pkt, LDNS_RR_TYPE_TXT);
ldns_buffer_write_u16(pkt, LDNS_RR_CLASS_CH);
ldns_buffer_write_u32(pkt, 0); /* TTL */
ldns_buffer_write_u16(pkt, sizeof(uint8_t) + len);
ldns_buffer_write_u8(pkt, len);
ldns_buffer_write(pkt, str, len);
ldns_buffer_flip(pkt);
edns->edns_version = EDNS_ADVERTISED_VERSION;
edns->udp_size = EDNS_ADVERTISED_SIZE;
edns->bits &= EDNS_DO;
attach_edns_record(pkt, edns);
}
/**
* Fill buffer with reply from the entry.
*/
static void
fill_buffer_with_reply(ldns_buffer* buffer, struct entry* entry, ldns_pkt* q)
{
ldns_status status;
ldns_pkt* answer_pkt = NULL;
log_assert(entry && entry->reply_list);
ldns_buffer_clear(buffer);
if(entry->reply_list->reply_from_hex) {
status = ldns_buffer2pkt_wire(&answer_pkt,
entry->reply_list->reply_from_hex);
if(status != LDNS_STATUS_OK) {
log_err("testbound: hex packet unparsable, used asis.");
ldns_buffer_write(buffer,
ldns_buffer_begin(entry->reply_list->reply_from_hex),
ldns_buffer_limit(entry->reply_list->reply_from_hex));
}
} else {
answer_pkt = ldns_pkt_clone(entry->reply_list->reply);
}
if(answer_pkt) {
if(q) adjust_packet(entry, answer_pkt, q);
status = ldns_pkt2buffer_wire(buffer, answer_pkt);
if(status != LDNS_STATUS_OK)
fatal_exit("ldns: cannot pkt2buffer_wire parsed pkt");
}
ldns_pkt_free(answer_pkt);
ldns_buffer_flip(buffer);
}
/** compress owner name of RR, return RETVAL_OUTMEM RETVAL_TRUNC */
static int
compress_owner(struct ub_packed_rrset_key* key, ldns_buffer* pkt,
struct regional* region, struct compress_tree_node** tree,
size_t owner_pos, uint16_t* owner_ptr, int owner_labs)
{
struct compress_tree_node* p;
struct compress_tree_node** insertpt;
if(!*owner_ptr) {
/* compress first time dname */
if((p = compress_tree_lookup(tree, key->rk.dname,
owner_labs, &insertpt))) {
if(p->labs == owner_labs)
/* avoid ptr chains, since some software is
* not capable of decoding ptr after a ptr. */
*owner_ptr = htons(PTR_CREATE(p->offset));
if(!write_compressed_dname(pkt, key->rk.dname,
owner_labs, p))
return RETVAL_TRUNC;
/* check if typeclass+4 ttl + rdatalen is available */
if(ldns_buffer_remaining(pkt) < 4+4+2)
return RETVAL_TRUNC;
} else {
/* no compress */
if(ldns_buffer_remaining(pkt) < key->rk.dname_len+4+4+2)
return RETVAL_TRUNC;
ldns_buffer_write(pkt, key->rk.dname,
key->rk.dname_len);
if(owner_pos <= PTR_MAX_OFFSET)
*owner_ptr = htons(PTR_CREATE(owner_pos));
}
if(!compress_tree_store(key->rk.dname, owner_labs,
owner_pos, region, p, insertpt))
return RETVAL_OUTMEM;
} else {
/* always compress 2nd-further RRs in RRset */
if(owner_labs == 1) {
if(ldns_buffer_remaining(pkt) < 1+4+4+2)
return RETVAL_TRUNC;
ldns_buffer_write_u8(pkt, 0);
} else {
if(ldns_buffer_remaining(pkt) < 2+4+4+2)
return RETVAL_TRUNC;
ldns_buffer_write(pkt, owner_ptr, 2);
}
}
return RETVAL_OK;
}
ldns_status
ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name)
{
if (ldns_buffer_reserve(buffer, ldns_rdf_size(name))) {
ldns_buffer_write(buffer, ldns_rdf_data(name), ldns_rdf_size(name));
}
return ldns_buffer_status(buffer);
}
ldns_status
ldns_rdf2buffer_wire(ldns_buffer *buffer, const ldns_rdf *rdf)
{
if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) {
ldns_buffer_write(buffer, ldns_rdf_data(rdf), ldns_rdf_size(rdf));
}
return ldns_buffer_status(buffer);
}
void
ldns_buffer_copy(ldns_buffer* result, ldns_buffer* from)
{
size_t tocopy = ldns_buffer_limit(from);
if(tocopy > ldns_buffer_capacity(result))
tocopy = ldns_buffer_capacity(result);
ldns_buffer_clear(result);
ldns_buffer_write(result, ldns_buffer_begin(from), tocopy);
ldns_buffer_flip(result);
}
struct waiting_tcp*
pending_tcp_query(struct outside_network* outnet, ldns_buffer* packet,
struct sockaddr_storage* addr, socklen_t addrlen, int timeout,
comm_point_callback_t* callback, void* callback_arg)
{
struct replay_runtime* runtime = (struct replay_runtime*)outnet->base;
struct fake_pending* pend = (struct fake_pending*)calloc(1,
sizeof(struct fake_pending));
ldns_status status;
log_assert(pend);
pend->buffer = ldns_buffer_new(ldns_buffer_capacity(packet));
log_assert(pend->buffer);
ldns_buffer_write(pend->buffer, ldns_buffer_begin(packet),
ldns_buffer_limit(packet));
ldns_buffer_flip(pend->buffer);
memcpy(&pend->addr, addr, addrlen);
pend->addrlen = addrlen;
pend->callback = callback;
pend->cb_arg = callback_arg;
pend->timeout = timeout;
pend->transport = transport_tcp;
pend->pkt = NULL;
pend->runtime = runtime;
pend->serviced = 0;
status = ldns_buffer2pkt_wire(&pend->pkt, packet);
if(status != LDNS_STATUS_OK) {
log_err("ldns error parsing tcp output packet: %s",
ldns_get_errorstr_by_id(status));
fatal_exit("Sending unparseable DNS packets to servers!");
}
log_pkt("pending tcp pkt: ", pend->pkt);
/* see if it matches the current moment */
if(runtime->now && runtime->now->evt_type == repevt_back_query &&
(runtime->now->addrlen == 0 || sockaddr_cmp(
&runtime->now->addr, runtime->now->addrlen,
&pend->addr, pend->addrlen) == 0) &&
find_match(runtime->now->match, pend->pkt, pend->transport)) {
log_info("testbound: matched pending to event. "
"advance time between events.");
log_info("testbound: do STEP %d %s", runtime->now->time_step,
repevt_string(runtime->now->evt_type));
advance_moment(runtime);
/* still create the pending, because we need it to callback */
}
log_info("testbound: created fake pending");
/* add to list */
pend->next = runtime->pending_list;
runtime->pending_list = pend;
return (struct waiting_tcp*)pend;
}
void
error_encode(ldns_buffer* buf, int r, struct query_info* qinfo,
uint16_t qid, uint16_t qflags, struct edns_data* edns)
{
uint16_t flags;
ldns_buffer_clear(buf);
ldns_buffer_write(buf, &qid, sizeof(uint16_t));
flags = (uint16_t)(BIT_QR | BIT_RA | r); /* QR and retcode*/
flags |= (qflags & (BIT_RD|BIT_CD)); /* copy RD and CD bit */
ldns_buffer_write_u16(buf, flags);
if(qinfo) flags = 1;
else flags = 0;
ldns_buffer_write_u16(buf, flags);
flags = 0;
ldns_buffer_write(buf, &flags, sizeof(uint16_t));
ldns_buffer_write(buf, &flags, sizeof(uint16_t));
ldns_buffer_write(buf, &flags, sizeof(uint16_t));
if(qinfo) {
if(ldns_buffer_current(buf) == qinfo->qname)
ldns_buffer_skip(buf, (ssize_t)qinfo->qname_len);
else ldns_buffer_write(buf, qinfo->qname, qinfo->qname_len);
ldns_buffer_write_u16(buf, qinfo->qtype);
ldns_buffer_write_u16(buf, qinfo->qclass);
}
ldns_buffer_flip(buf);
if(edns) {
struct edns_data es = *edns;
es.edns_version = EDNS_ADVERTISED_VERSION;
es.udp_size = EDNS_ADVERTISED_SIZE;
es.ext_rcode = 0;
es.bits &= EDNS_DO;
if(ldns_buffer_limit(buf) + calc_edns_field_size(&es) >
edns->udp_size)
return;
attach_edns_record(buf, &es);
}
}
/**
* Create canonical form of rrset in the scratch buffer.
* @param region: temporary region.
* @param buf: the buffer to use.
* @param k: the rrset to insert.
* @param sig: RRSIG rdata to include.
* @param siglen: RRSIG rdata len excluding signature field, but inclusive
* signer name length.
* @param sortree: if NULL is passed a new sorted rrset tree is built.
* Otherwise it is reused.
* @return false on alloc error.
*/
static int
rrset_canonical(struct regional* region, ldns_buffer* buf,
struct ub_packed_rrset_key* k, uint8_t* sig, size_t siglen,
struct rbtree_t** sortree)
{
struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data;
uint8_t* can_owner = NULL;
size_t can_owner_len = 0;
struct canon_rr* walk;
struct canon_rr* rrs;
if(!*sortree) {
*sortree = (struct rbtree_t*)regional_alloc(region,
sizeof(rbtree_t));
if(!*sortree)
return 0;
rrs = regional_alloc(region, sizeof(struct canon_rr)*d->count);
if(!rrs) {
*sortree = NULL;
return 0;
}
rbtree_init(*sortree, &canonical_tree_compare);
canonical_sort(k, d, *sortree, rrs);
}
ldns_buffer_clear(buf);
ldns_buffer_write(buf, sig, siglen);
/* canonicalize signer name */
query_dname_tolower(ldns_buffer_begin(buf)+18);
RBTREE_FOR(walk, struct canon_rr*, (*sortree)) {
/* see if there is enough space left in the buffer */
if(ldns_buffer_remaining(buf) < can_owner_len + 2 + 2 + 4
+ d->rr_len[walk->rr_idx]) {
log_err("verify: failed to canonicalize, "
"rrset too big");
return 0;
}
/* determine canonical owner name */
if(can_owner)
ldns_buffer_write(buf, can_owner, can_owner_len);
else insert_can_owner(buf, k, sig, &can_owner,
&can_owner_len);
ldns_buffer_write(buf, &k->rk.type, 2);
ldns_buffer_write(buf, &k->rk.rrset_class, 2);
ldns_buffer_write(buf, sig+4, 4);
ldns_buffer_write(buf, d->rr_data[walk->rr_idx],
d->rr_len[walk->rr_idx]);
canonicalize_rdata(buf, k, d->rr_len[walk->rr_idx]);
}
ldns_buffer_flip(buf);
return 1;
}
int
dname_buffer_write(ldns_buffer* pkt, uint8_t* dname)
{
uint8_t lablen;
if(ldns_buffer_remaining(pkt) < 1)
return 0;
lablen = *dname++;
ldns_buffer_write_u8(pkt, lablen);
while(lablen) {
if(ldns_buffer_remaining(pkt) < (size_t)lablen+1)
return 0;
ldns_buffer_write(pkt, dname, lablen);
dname += lablen;
lablen = *dname++;
ldns_buffer_write_u8(pkt, lablen);
}
return 1;
}
/** store query section in wireformat buffer, return RETVAL */
static int
insert_query(struct query_info* qinfo, struct compress_tree_node** tree,
ldns_buffer* buffer, struct regional* region)
{
if(ldns_buffer_remaining(buffer) <
qinfo->qname_len+sizeof(uint16_t)*2)
return RETVAL_TRUNC; /* buffer too small */
/* the query is the first name inserted into the tree */
if(!compress_tree_store(qinfo->qname,
dname_count_labels(qinfo->qname),
ldns_buffer_position(buffer), region, NULL, tree))
return RETVAL_OUTMEM;
if(ldns_buffer_current(buffer) == qinfo->qname)
ldns_buffer_skip(buffer, (ssize_t)qinfo->qname_len);
else ldns_buffer_write(buffer, qinfo->qname, qinfo->qname_len);
ldns_buffer_write_u16(buffer, qinfo->qtype);
ldns_buffer_write_u16(buffer, qinfo->qclass);
return RETVAL_OK;
}
/** entry to packet buffer with wireformat */
static void
entry_to_buf(struct entry* e, ldns_buffer* pkt)
{
unit_assert(e->reply_list);
if(e->reply_list->reply_from_hex) {
ldns_buffer_copy(pkt, e->reply_list->reply_from_hex);
} else {
ldns_status status;
size_t answer_size;
uint8_t* ans = NULL;
status = ldns_pkt2wire(&ans, e->reply_list->reply,
&answer_size);
if(status != LDNS_STATUS_OK) {
log_err("could not create reply: %s",
ldns_get_errorstr_by_id(status));
fatal_exit("error in test");
}
ldns_buffer_clear(pkt);
ldns_buffer_write(pkt, ans, answer_size);
ldns_buffer_flip(pkt);
free(ans);
}
}
ldns_status
ldns_rdf2buffer_wire_canonical(ldns_buffer *buffer, const ldns_rdf *rdf)
{
size_t i;
uint8_t *rdf_data;
if (ldns_rdf_get_type(rdf) == LDNS_RDF_TYPE_DNAME) {
if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) {
rdf_data = ldns_rdf_data(rdf);
for (i = 0; i < ldns_rdf_size(rdf); i++) {
ldns_buffer_write_u8(buffer,
LDNS_DNAME_NORMALIZE(rdf_data[i]));
}
}
} else {
/* direct copy for all other types */
if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) {
ldns_buffer_write(buffer,
ldns_rdf_data(rdf),
ldns_rdf_size(rdf));
}
}
return ldns_buffer_status(buffer);
}
/**
* read contents of trusted-keys{ ... ; clauses and insert keys into storage.
* @param anchors: where to store keys
* @param buf: buffer to use
* @param line: line number in file
* @param in: file to read from.
* @return 0 on error.
*/
static int
process_bind_contents(struct val_anchors* anchors, ldns_buffer* buf,
int* line, FILE* in)
{
/* loop over contents, collate strings before ; */
/* contents is (numbered): 0 1 2 3 4 5 6 7 8 */
/* name. 257 3 5 base64 base64 */
/* quoted value: 0 "111" 0 0 0 0 0 0 0 */
/* comments value: 1 "000" 1 1 1 "0 0 0 0" 1 */
int contnum = 0;
int quoted = 0;
int comments = 1;
int rdlen;
char* str = 0;
ldns_buffer_clear(buf);
while((rdlen=readkeyword_bindfile(in, buf, line, comments))) {
if(rdlen == 1 && ldns_buffer_position(buf) == 1
&& isspace((int)*ldns_buffer_begin(buf))) {
/* starting whitespace is removed */
ldns_buffer_clear(buf);
continue;
} else if(rdlen == 1 && ldns_buffer_current(buf)[-1] == '"') {
/* remove " from the string */
if(contnum == 0) {
quoted = 1;
comments = 0;
}
ldns_buffer_skip(buf, -1);
if(contnum > 0 && quoted) {
if(ldns_buffer_remaining(buf) < 8+1) {
log_err("line %d, too long", *line);
return 0;
}
ldns_buffer_write(buf, " DNSKEY ", 8);
quoted = 0;
comments = 1;
} else if(contnum > 0)
comments = !comments;
continue;
} else if(rdlen == 1 && ldns_buffer_current(buf)[-1] == ';') {
if(contnum < 5) {
ldns_buffer_write_u8(buf, 0);
log_err("line %d, bad key", *line);
return 0;
}
ldns_buffer_skip(buf, -1);
ldns_buffer_write_u8(buf, 0);
str = strdup((char*)ldns_buffer_begin(buf));
if(!str) {
log_err("line %d, allocation failure", *line);
return 0;
}
if(!anchor_store_str(anchors, buf, str)) {
log_err("line %d, bad key", *line);
free(str);
return 0;
}
free(str);
ldns_buffer_clear(buf);
contnum = 0;
quoted = 0;
comments = 1;
continue;
} else if(rdlen == 1 && ldns_buffer_current(buf)[-1] == '}') {
if(contnum > 0) {
ldns_buffer_write_u8(buf, 0);
log_err("line %d, bad key before }", *line);
return 0;
}
return 1;
} else if(rdlen == 1 &&
isspace((int)ldns_buffer_current(buf)[-1])) {
/* leave whitespace here */
} else {
/* not space or whatnot, so actual content */
contnum ++;
if(contnum == 1 && !quoted) {
if(ldns_buffer_remaining(buf) < 8+1) {
log_err("line %d, too long", *line);
return 0;
}
ldns_buffer_write(buf, " DNSKEY ", 8);
}
}
}
log_err("line %d, EOF before }", *line);
return 0;
}
static ldns_status
ldns_tsig_mac_new(ldns_rdf **tsig_mac, uint8_t *pkt_wire, size_t pkt_wire_size,
const char *key_data, ldns_rdf *key_name_rdf, ldns_rdf *fudge_rdf,
ldns_rdf *algorithm_rdf, ldns_rdf *time_signed_rdf, ldns_rdf *error_rdf,
ldns_rdf *other_data_rdf, ldns_rdf *orig_mac_rdf, int tsig_timers_only)
{
ldns_status status;
char *wireformat;
int wiresize;
unsigned char *mac_bytes = NULL;
unsigned char *key_bytes = NULL;
int key_size;
const EVP_MD *digester;
char *algorithm_name = NULL;
unsigned int md_len = EVP_MAX_MD_SIZE;
ldns_rdf *result = NULL;
ldns_buffer *data_buffer = NULL;
ldns_rdf *canonical_key_name_rdf = NULL;
ldns_rdf *canonical_algorithm_rdf = NULL;
if (key_name_rdf == NULL || algorithm_rdf == NULL) {
return LDNS_STATUS_NULL;
}
canonical_key_name_rdf = ldns_rdf_clone(key_name_rdf);
if (canonical_key_name_rdf == NULL) {
return LDNS_STATUS_MEM_ERR;
}
canonical_algorithm_rdf = ldns_rdf_clone(algorithm_rdf);
if (canonical_algorithm_rdf == NULL) {
ldns_rdf_deep_free(canonical_key_name_rdf);
return LDNS_STATUS_MEM_ERR;
}
/*
* prepare the digestable information
*/
data_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
if (!data_buffer) {
status = LDNS_STATUS_MEM_ERR;
goto clean;
}
/* if orig_mac is not NULL, add it too */
if (orig_mac_rdf) {
(void) ldns_rdf2buffer_wire(data_buffer, orig_mac_rdf);
}
ldns_buffer_write(data_buffer, pkt_wire, pkt_wire_size);
if (!tsig_timers_only) {
ldns_dname2canonical(canonical_key_name_rdf);
(void)ldns_rdf2buffer_wire(data_buffer,
canonical_key_name_rdf);
ldns_buffer_write_u16(data_buffer, LDNS_RR_CLASS_ANY);
ldns_buffer_write_u32(data_buffer, 0);
ldns_dname2canonical(canonical_algorithm_rdf);
(void)ldns_rdf2buffer_wire(data_buffer,
canonical_algorithm_rdf);
}
(void)ldns_rdf2buffer_wire(data_buffer, time_signed_rdf);
(void)ldns_rdf2buffer_wire(data_buffer, fudge_rdf);
if (!tsig_timers_only) {
(void)ldns_rdf2buffer_wire(data_buffer, error_rdf);
(void)ldns_rdf2buffer_wire(data_buffer, other_data_rdf);
}
wireformat = (char *) data_buffer->_data;
wiresize = (int) ldns_buffer_position(data_buffer);
algorithm_name = ldns_rdf2str(algorithm_rdf);
if(!algorithm_name) {
status = LDNS_STATUS_MEM_ERR;
goto clean;
}
/* prepare the key */
key_bytes = LDNS_XMALLOC(unsigned char,
ldns_b64_pton_calculate_size(strlen(key_data)));
if(!key_bytes) {
status = LDNS_STATUS_MEM_ERR;
goto clean;
}
key_size = ldns_b64_pton(key_data, key_bytes,
ldns_b64_pton_calculate_size(strlen(key_data)));
if (key_size < 0) {
status = LDNS_STATUS_INVALID_B64;
goto clean;
}
/* hmac it */
/* 2 spare bytes for the length */
mac_bytes = LDNS_XMALLOC(unsigned char, md_len+2);
if(!mac_bytes) {
status = LDNS_STATUS_MEM_ERR;
goto clean;
}
memset(mac_bytes, 0, md_len+2);
digester = ldns_digest_function(algorithm_name);
if (digester) {
(void) HMAC(digester, key_bytes, key_size, (void *)wireformat,
(size_t) wiresize, mac_bytes + 2, &md_len);
ldns_write_uint16(mac_bytes, md_len);
result = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16_DATA, md_len + 2,
mac_bytes);
} else {
status = LDNS_STATUS_CRYPTO_UNKNOWN_ALGO;
goto clean;
}
*tsig_mac = result;
status = LDNS_STATUS_OK;
clean:
LDNS_FREE(mac_bytes);
LDNS_FREE(key_bytes);
LDNS_FREE(algorithm_name);
ldns_buffer_free(data_buffer);
ldns_rdf_deep_free(canonical_algorithm_rdf);
ldns_rdf_deep_free(canonical_key_name_rdf);
return status;
}
/** store rrset in buffer in wireformat, return RETVAL_* */
static int
packed_rrset_encode(struct ub_packed_rrset_key* key, ldns_buffer* pkt,
uint16_t* num_rrs, uint32_t timenow, struct regional* region,
int do_data, int do_sig, struct compress_tree_node** tree,
ldns_pkt_section s, uint16_t qtype, int dnssec, size_t rr_offset)
{
size_t i, j, owner_pos;
int r, owner_labs;
uint16_t owner_ptr = 0;
struct packed_rrset_data* data = (struct packed_rrset_data*)
key->entry.data;
/* does this RR type belong in the answer? */
if(!rrset_belongs_in_reply(s, ntohs(key->rk.type), qtype, dnssec))
return RETVAL_OK;
owner_labs = dname_count_labels(key->rk.dname);
owner_pos = ldns_buffer_position(pkt);
if(do_data) {
const ldns_rr_descriptor* c = type_rdata_compressable(key);
for(i=0; i<data->count; i++) {
/* rrset roundrobin */
j = (i + rr_offset) % data->count;
if((r=compress_owner(key, pkt, region, tree,
owner_pos, &owner_ptr, owner_labs))
!= RETVAL_OK)
return r;
ldns_buffer_write(pkt, &key->rk.type, 2);
ldns_buffer_write(pkt, &key->rk.rrset_class, 2);
if(data->rr_ttl[j] < timenow)
ldns_buffer_write_u32(pkt, 0);
else ldns_buffer_write_u32(pkt,
data->rr_ttl[j]-timenow);
if(c) {
if((r=compress_rdata(pkt, data->rr_data[j],
data->rr_len[j], region, tree, c))
!= RETVAL_OK)
return r;
} else {
if(ldns_buffer_remaining(pkt) < data->rr_len[j])
return RETVAL_TRUNC;
ldns_buffer_write(pkt, data->rr_data[j],
data->rr_len[j]);
}
}
}
/* insert rrsigs */
if(do_sig && dnssec) {
size_t total = data->count+data->rrsig_count;
for(i=data->count; i<total; i++) {
if(owner_ptr && owner_labs != 1) {
if(ldns_buffer_remaining(pkt) <
2+4+4+data->rr_len[i])
return RETVAL_TRUNC;
ldns_buffer_write(pkt, &owner_ptr, 2);
} else {
if((r=compress_any_dname(key->rk.dname,
pkt, owner_labs, region, tree))
!= RETVAL_OK)
return r;
if(ldns_buffer_remaining(pkt) <
4+4+data->rr_len[i])
return RETVAL_TRUNC;
}
ldns_buffer_write_u16(pkt, LDNS_RR_TYPE_RRSIG);
ldns_buffer_write(pkt, &key->rk.rrset_class, 2);
if(data->rr_ttl[i] < timenow)
ldns_buffer_write_u32(pkt, 0);
else ldns_buffer_write_u32(pkt,
data->rr_ttl[i]-timenow);
/* rrsig rdata cannot be compressed, perform 100+ byte
* memcopy. */
ldns_buffer_write(pkt, data->rr_data[i],
data->rr_len[i]);
}
}
/* change rrnum only after we are sure it fits */
if(do_data)
*num_rrs += data->count;
if(do_sig && dnssec)
*num_rrs += data->rrsig_count;
return RETVAL_OK;
}
/** perform hash of name */
static int
nsec3_calc_hash(struct regional* region, ldns_buffer* buf,
struct nsec3_cached_hash* c)
{
int algo = nsec3_get_algo(c->nsec3, c->rr);
size_t iter = nsec3_get_iter(c->nsec3, c->rr);
uint8_t* salt;
size_t saltlen, i;
if(!nsec3_get_salt(c->nsec3, c->rr, &salt, &saltlen))
return -1;
/* prepare buffer for first iteration */
ldns_buffer_clear(buf);
ldns_buffer_write(buf, c->dname, c->dname_len);
query_dname_tolower(ldns_buffer_begin(buf));
ldns_buffer_write(buf, salt, saltlen);
ldns_buffer_flip(buf);
switch(algo) {
#if defined(HAVE_EVP_SHA1) || defined(HAVE_NSS)
case NSEC3_HASH_SHA1:
#ifdef HAVE_SSL
c->hash_len = SHA_DIGEST_LENGTH;
#else
c->hash_len = SHA1_LENGTH;
#endif
c->hash = (uint8_t*)regional_alloc(region,
c->hash_len);
if(!c->hash)
return 0;
# ifdef HAVE_SSL
(void)SHA1((unsigned char*)ldns_buffer_begin(buf),
(unsigned long)ldns_buffer_limit(buf),
(unsigned char*)c->hash);
# else
(void)HASH_HashBuf(HASH_AlgSHA1,
(unsigned char*)c->hash,
(unsigned char*)ldns_buffer_begin(buf),
(unsigned long)ldns_buffer_limit(buf));
# endif
for(i=0; i<iter; i++) {
ldns_buffer_clear(buf);
ldns_buffer_write(buf, c->hash, c->hash_len);
ldns_buffer_write(buf, salt, saltlen);
ldns_buffer_flip(buf);
# ifdef HAVE_SSL
(void)SHA1(
(unsigned char*)ldns_buffer_begin(buf),
(unsigned long)ldns_buffer_limit(buf),
(unsigned char*)c->hash);
# else
(void)HASH_HashBuf(HASH_AlgSHA1,
(unsigned char*)c->hash,
(unsigned char*)ldns_buffer_begin(buf),
(unsigned long)ldns_buffer_limit(buf));
# endif
}
break;
#endif /* HAVE_EVP_SHA1 or NSS */
default:
log_err("nsec3 hash of unknown algo %d", algo);
return -1;
}
return 1;
}
int
reply_info_encode(struct query_info* qinfo, struct reply_info* rep,
uint16_t id, uint16_t flags, ldns_buffer* buffer, uint32_t timenow,
struct regional* region, uint16_t udpsize, int dnssec)
{
uint16_t ancount=0, nscount=0, arcount=0;
struct compress_tree_node* tree = 0;
int r;
size_t rr_offset;
ldns_buffer_clear(buffer);
if(udpsize < ldns_buffer_limit(buffer))
ldns_buffer_set_limit(buffer, udpsize);
if(ldns_buffer_remaining(buffer) < LDNS_HEADER_SIZE)
return 0;
ldns_buffer_write(buffer, &id, sizeof(uint16_t));
ldns_buffer_write_u16(buffer, flags);
ldns_buffer_write_u16(buffer, rep->qdcount);
/* set an, ns, ar counts to zero in case of small packets */
ldns_buffer_write(buffer, "\000\000\000\000\000\000", 6);
/* insert query section */
if(rep->qdcount) {
if((r=insert_query(qinfo, &tree, buffer, region)) !=
RETVAL_OK) {
if(r == RETVAL_TRUNC) {
/* create truncated message */
ldns_buffer_write_u16_at(buffer, 4, 0);
LDNS_TC_SET(ldns_buffer_begin(buffer));
ldns_buffer_flip(buffer);
return 1;
}
return 0;
}
}
/* roundrobin offset. using query id for random number */
rr_offset = RRSET_ROUNDROBIN?id:0;
/* insert answer section */
if((r=insert_section(rep, rep->an_numrrsets, &ancount, buffer,
0, timenow, region, &tree, LDNS_SECTION_ANSWER, qinfo->qtype,
dnssec, rr_offset)) != RETVAL_OK) {
if(r == RETVAL_TRUNC) {
/* create truncated message */
ldns_buffer_write_u16_at(buffer, 6, ancount);
LDNS_TC_SET(ldns_buffer_begin(buffer));
ldns_buffer_flip(buffer);
return 1;
}
return 0;
}
ldns_buffer_write_u16_at(buffer, 6, ancount);
/* if response is positive answer, auth/add sections are not required */
if( ! (MINIMAL_RESPONSES && positive_answer(rep, qinfo->qtype)) ) {
/* insert auth section */
if((r=insert_section(rep, rep->ns_numrrsets, &nscount, buffer,
rep->an_numrrsets, timenow, region, &tree,
LDNS_SECTION_AUTHORITY, qinfo->qtype,
dnssec, rr_offset)) != RETVAL_OK) {
if(r == RETVAL_TRUNC) {
/* create truncated message */
ldns_buffer_write_u16_at(buffer, 8, nscount);
LDNS_TC_SET(ldns_buffer_begin(buffer));
ldns_buffer_flip(buffer);
return 1;
}
return 0;
}
ldns_buffer_write_u16_at(buffer, 8, nscount);
/* insert add section */
if((r=insert_section(rep, rep->ar_numrrsets, &arcount, buffer,
rep->an_numrrsets + rep->ns_numrrsets, timenow, region,
&tree, LDNS_SECTION_ADDITIONAL, qinfo->qtype,
dnssec, rr_offset)) != RETVAL_OK) {
if(r == RETVAL_TRUNC) {
/* no need to set TC bit, this is the additional */
ldns_buffer_write_u16_at(buffer, 10, arcount);
ldns_buffer_flip(buffer);
return 1;
}
return 0;
}
ldns_buffer_write_u16_at(buffer, 10, arcount);
} else {
ldns_buffer_write_u16_at(buffer, 8, nscount);
ldns_buffer_write_u16_at(buffer, 10, arcount);
}
ldns_buffer_flip(buffer);
return 1;
}
/** process answer from bg worker */
static int
process_answer_detail(struct ub_ctx* ctx, uint8_t* msg, uint32_t len,
ub_callback_t* cb, void** cbarg, int* err,
struct ub_result** res)
{
struct ctx_query* q;
if(context_serial_getcmd(msg, len) != UB_LIBCMD_ANSWER) {
log_err("error: bad data from bg worker %d",
(int)context_serial_getcmd(msg, len));
return 0;
}
lock_basic_lock(&ctx->cfglock);
q = context_deserialize_answer(ctx, msg, len, err);
if(!q) {
lock_basic_unlock(&ctx->cfglock);
/* probably simply the lookup that failed, i.e.
* response returned before cancel was sent out, so noerror */
return 1;
}
log_assert(q->async);
/* grab cb while locked */
if(q->cancelled) {
*cb = NULL;
*cbarg = NULL;
} else {
*cb = q->cb;
*cbarg = q->cb_arg;
}
if(*err) {
*res = NULL;
ub_resolve_free(q->res);
} else {
/* parse the message, extract rcode, fill result */
ldns_buffer* buf = ldns_buffer_new(q->msg_len);
struct regional* region = regional_create();
*res = q->res;
(*res)->rcode = LDNS_RCODE_SERVFAIL;
if(region && buf) {
ldns_buffer_clear(buf);
ldns_buffer_write(buf, q->msg, q->msg_len);
ldns_buffer_flip(buf);
libworker_enter_result(*res, buf, region,
q->msg_security);
}
(*res)->answer_packet = q->msg;
(*res)->answer_len = (int)q->msg_len;
q->msg = NULL;
ldns_buffer_free(buf);
regional_destroy(region);
}
q->res = NULL;
/* delete the q from list */
(void)rbtree_delete(&ctx->queries, q->node.key);
ctx->num_async--;
context_query_delete(q);
lock_basic_unlock(&ctx->cfglock);
if(*cb) return 2;
ub_resolve_free(*res);
return 1;
}
struct serviced_query* outnet_serviced_query(struct outside_network* outnet,
uint8_t* qname, size_t qnamelen, uint16_t qtype, uint16_t qclass,
uint16_t flags, int dnssec, int ATTR_UNUSED(want_dnssec),
struct sockaddr_storage* addr, socklen_t addrlen,
comm_point_callback_t* callback, void* callback_arg,
ldns_buffer* ATTR_UNUSED(buff), int (*arg_compare)(void*,void*))
{
struct replay_runtime* runtime = (struct replay_runtime*)outnet->base;
struct fake_pending* pend = (struct fake_pending*)calloc(1,
sizeof(struct fake_pending));
ldns_status status;
(void)arg_compare;
log_assert(pend);
log_nametypeclass(VERB_OPS, "pending serviced query",
qname, qtype, qclass);
verbose(VERB_OPS, "pending serviced query flags%s%s%s%s",
(flags&BIT_RD)?" RD":"", (flags&BIT_CD)?" CD":"",
(flags&~(BIT_RD|BIT_CD))?" MORE":"", (dnssec)?" DO":"");
/* create packet with EDNS */
pend->buffer = ldns_buffer_new(512);
log_assert(pend->buffer);
ldns_buffer_write_u16(pend->buffer, 0); /* id */
ldns_buffer_write_u16(pend->buffer, flags);
ldns_buffer_write_u16(pend->buffer, 1); /* qdcount */
ldns_buffer_write_u16(pend->buffer, 0); /* ancount */
ldns_buffer_write_u16(pend->buffer, 0); /* nscount */
ldns_buffer_write_u16(pend->buffer, 0); /* arcount */
ldns_buffer_write(pend->buffer, qname, qnamelen);
ldns_buffer_write_u16(pend->buffer, qtype);
ldns_buffer_write_u16(pend->buffer, qclass);
ldns_buffer_flip(pend->buffer);
if(1) {
/* add edns */
struct edns_data edns;
edns.edns_present = 1;
edns.ext_rcode = 0;
edns.edns_version = EDNS_ADVERTISED_VERSION;
edns.udp_size = EDNS_ADVERTISED_SIZE;
edns.bits = 0;
if(dnssec)
edns.bits = EDNS_DO;
attach_edns_record(pend->buffer, &edns);
}
memcpy(&pend->addr, addr, addrlen);
pend->addrlen = addrlen;
pend->callback = callback;
pend->cb_arg = callback_arg;
pend->timeout = UDP_AUTH_QUERY_TIMEOUT;
pend->transport = transport_udp; /* pretend UDP */
pend->pkt = NULL;
pend->runtime = runtime;
pend->serviced = 1;
status = ldns_buffer2pkt_wire(&pend->pkt, pend->buffer);
if(status != LDNS_STATUS_OK) {
log_err("ldns error parsing serviced output packet: %s",
ldns_get_errorstr_by_id(status));
fatal_exit("internal error");
}
/*log_pkt("pending serviced query: ", pend->pkt);*/
/* see if it matches the current moment */
if(runtime->now && runtime->now->evt_type == repevt_back_query &&
(runtime->now->addrlen == 0 || sockaddr_cmp(
&runtime->now->addr, runtime->now->addrlen,
&pend->addr, pend->addrlen) == 0) &&
find_match(runtime->now->match, pend->pkt, pend->transport)) {
log_info("testbound: matched pending to event. "
"advance time between events.");
log_info("testbound: do STEP %d %s", runtime->now->time_step,
repevt_string(runtime->now->evt_type));
advance_moment(runtime);
/* still create the pending, because we need it to callback */
}
log_info("testbound: created fake pending");
/* add to list */
pend->next = runtime->pending_list;
runtime->pending_list = pend;
return (struct serviced_query*)pend;
}
