getdns_return_t getdns_convert_dns_name_to_fqdn( const struct getdns_bindata *dns_name_wire_fmt, char **fqdn_as_string) { ldns_rdf *rdf = ldns_rdf_new(LDNS_RDF_TYPE_DNAME, dns_name_wire_fmt->size, (void *)dns_name_wire_fmt->data); /* unconst is safe here */ if (!rdf) return GETDNS_RETURN_MEMORY_ERROR; *fqdn_as_string = ldns_rdf2str(rdf); ldns_rdf_free(rdf); return *fqdn_as_string ? GETDNS_RETURN_GOOD : GETDNS_RETURN_GENERIC_ERROR; }
ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only) { ldns_rr *tsig_rr; ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name); ldns_rdf *fudge_rdf = NULL; ldns_rdf *orig_id_rdf = NULL; ldns_rdf *algorithm_rdf; ldns_rdf *error_rdf = NULL; ldns_rdf *mac_rdf = NULL; ldns_rdf *other_data_rdf = NULL; ldns_status status = LDNS_STATUS_OK; uint8_t *pkt_wire = NULL; size_t pkt_wire_len; struct timeval tv_time_signed; uint8_t *time_signed = NULL; ldns_rdf *time_signed_rdf = NULL; algorithm_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, algorithm_name); if(!key_name_rdf || !algorithm_rdf) { status = LDNS_STATUS_MEM_ERR; goto clean; } /* eww don't have create tsigtime rdf yet :( */ /* bleh :p */ if (gettimeofday(&tv_time_signed, NULL) == 0) { time_signed = LDNS_XMALLOC(uint8_t, 6); if(!time_signed) { status = LDNS_STATUS_MEM_ERR; goto clean; } ldns_write_uint64_as_uint48(time_signed, (uint64_t)tv_time_signed.tv_sec); } else { status = LDNS_STATUS_INTERNAL_ERR; goto clean; } time_signed_rdf = ldns_rdf_new(LDNS_RDF_TYPE_TSIGTIME, 6, time_signed); if(!time_signed_rdf) { LDNS_FREE(time_signed); status = LDNS_STATUS_MEM_ERR; goto clean; } fudge_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, fudge); orig_id_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, ldns_pkt_id(pkt)); error_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, 0); other_data_rdf = ldns_native2rdf_int16_data(0, NULL); if(!fudge_rdf || !orig_id_rdf || !error_rdf || !other_data_rdf) { status = LDNS_STATUS_MEM_ERR; goto clean; } if (ldns_pkt2wire(&pkt_wire, pkt, &pkt_wire_len) != LDNS_STATUS_OK) { status = LDNS_STATUS_ERR; goto clean; } status = ldns_tsig_mac_new(&mac_rdf, pkt_wire, pkt_wire_len, key_data, key_name_rdf, fudge_rdf, algorithm_rdf, time_signed_rdf, error_rdf, other_data_rdf, query_mac, tsig_timers_only); if (!mac_rdf) { goto clean; } LDNS_FREE(pkt_wire); /* Create the TSIG RR */ tsig_rr = ldns_rr_new(); if(!tsig_rr) { status = LDNS_STATUS_MEM_ERR; goto clean; } ldns_rr_set_owner(tsig_rr, key_name_rdf); ldns_rr_set_class(tsig_rr, LDNS_RR_CLASS_ANY); ldns_rr_set_type(tsig_rr, LDNS_RR_TYPE_TSIG); ldns_rr_set_ttl(tsig_rr, 0); ldns_rr_push_rdf(tsig_rr, algorithm_rdf); ldns_rr_push_rdf(tsig_rr, time_signed_rdf); ldns_rr_push_rdf(tsig_rr, fudge_rdf); ldns_rr_push_rdf(tsig_rr, mac_rdf); ldns_rr_push_rdf(tsig_rr, orig_id_rdf); ldns_rr_push_rdf(tsig_rr, error_rdf); ldns_rr_push_rdf(tsig_rr, other_data_rdf); ldns_pkt_set_tsig(pkt, tsig_rr); return status; clean: LDNS_FREE(pkt_wire); ldns_rdf_free(key_name_rdf); ldns_rdf_free(algorithm_rdf); ldns_rdf_free(time_signed_rdf); ldns_rdf_free(fudge_rdf); ldns_rdf_free(orig_id_rdf); ldns_rdf_free(error_rdf); ldns_rdf_free(other_data_rdf); return status; }
ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert, ldns_tlsa_selector selector, ldns_tlsa_matching_type matching_type) { unsigned char* buf = NULL; size_t len; X509_PUBKEY* xpubkey; EVP_PKEY* epubkey; unsigned char* digest; assert(rdf != NULL); assert(cert != NULL); switch(selector) { case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE: len = (size_t)i2d_X509(cert, &buf); break; case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO: #ifndef S_SPLINT_S xpubkey = X509_get_X509_PUBKEY(cert); #endif if (! xpubkey) { return LDNS_STATUS_SSL_ERR; } epubkey = X509_PUBKEY_get(xpubkey); if (! epubkey) { return LDNS_STATUS_SSL_ERR; } len = (size_t)i2d_PUBKEY(epubkey, &buf); break; default: return LDNS_STATUS_DANE_UNKNOWN_SELECTOR; } switch(matching_type) { case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED: *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf); return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; break; case LDNS_TLSA_MATCHING_TYPE_SHA256: digest = LDNS_XMALLOC(unsigned char, SHA256_DIGEST_LENGTH); if (digest == NULL) { LDNS_FREE(buf); return LDNS_STATUS_MEM_ERR; } (void) ldns_sha256(buf, (unsigned int)len, digest); *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, SHA256_DIGEST_LENGTH, digest); LDNS_FREE(buf); return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; break; case LDNS_TLSA_MATCHING_TYPE_SHA512: digest = LDNS_XMALLOC(unsigned char, SHA512_DIGEST_LENGTH); if (digest == NULL) { LDNS_FREE(buf); return LDNS_STATUS_MEM_ERR; } (void) ldns_sha512(buf, (unsigned int)len, digest); *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, SHA512_DIGEST_LENGTH, digest); LDNS_FREE(buf); return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; break; default: LDNS_FREE(buf); return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE; } }