uint8_t * ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *from, socklen_t *fromlen) { uint8_t *wire, *wireout; ssize_t wire_size; wire = LDNS_XMALLOC(uint8_t, LDNS_MAX_PACKETLEN); if (!wire) { *size = 0; return NULL; } wire_size = recvfrom(sockfd, (void*)wire, LDNS_MAX_PACKETLEN, 0, (struct sockaddr *)from, fromlen); /* recvfrom can also return 0 */ if (wire_size == -1 || wire_size == 0) { *size = 0; LDNS_FREE(wire); return NULL; } *size = (size_t)wire_size; wireout = LDNS_XREALLOC(wire, uint8_t, (size_t)wire_size); if(!wireout) LDNS_FREE(wire); return wireout; }
ssize_t ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit, int *line_nr) { /* we assume: keyword|sep|data */ char *fkeyword; ssize_t i; if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN) return -1; fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN); if(!fkeyword) return -1; i = ldns_fget_token(f, fkeyword, k_del, LDNS_MAX_KEYWORDLEN); if(i==0 || i==-1) { LDNS_FREE(fkeyword); return -1; } /* case??? i instead of strlen? */ if (strncmp(fkeyword, keyword, LDNS_MAX_KEYWORDLEN - 1) == 0) { /* whee! */ /* printf("%s\n%s\n", "Matching keyword", fkeyword); */ i = ldns_fget_token_l(f, data, d_del, data_limit, line_nr); LDNS_FREE(fkeyword); return i; } else { /*printf("no match for %s (read: %s)\n", keyword, fkeyword);*/ LDNS_FREE(fkeyword); return -1; } }
ssize_t ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit) { /* we assume: keyword|sep|data */ char *fkeyword; ssize_t i; if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN) return -1; fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN); if(!fkeyword) return -1; /* out of memory */ i = ldns_bget_token(b, fkeyword, k_del, data_limit); if(i==0 || i==-1) { LDNS_FREE(fkeyword); return -1; /* nothing read */ } /* case??? */ if (strncmp(fkeyword, keyword, strlen(keyword)) == 0) { LDNS_FREE(fkeyword); /* whee, the match! */ /* retrieve it's data */ i = ldns_bget_token(b, data, d_del, 0); return i; } else { LDNS_FREE(fkeyword); return -1; } }
uint8_t * ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout) { uint8_t *wire; uint16_t wire_size; ssize_t bytes = 0, rc = 0; wire = LDNS_XMALLOC(uint8_t, 2); if (!wire) { *size = 0; return NULL; } while (bytes < 2) { if(!ldns_sock_wait(sockfd, timeout, 0)) { *size = 0; LDNS_FREE(wire); return NULL; } rc = recv(sockfd, (void*) (wire + bytes), (size_t) (2 - bytes), 0); if (rc == -1 || rc == 0) { *size = 0; LDNS_FREE(wire); return NULL; } bytes += rc; } wire_size = ldns_read_uint16(wire); LDNS_FREE(wire); wire = LDNS_XMALLOC(uint8_t, wire_size); if (!wire) { *size = 0; return NULL; } bytes = 0; while (bytes < (ssize_t) wire_size) { if(!ldns_sock_wait(sockfd, timeout, 0)) { *size = 0; LDNS_FREE(wire); return NULL; } rc = recv(sockfd, (void*) (wire + bytes), (size_t) (wire_size - bytes), 0); if (rc == -1 || rc == 0) { LDNS_FREE(wire); *size = 0; return NULL; } bytes += rc; } *size = (size_t) bytes; return wire; }
void free_match_files() { size_t i; for (i = 0; i < match_file_count; i++) { LDNS_FREE(match_files[i].description); LDNS_FREE(match_files[i].query_match); LDNS_FREE(match_files[i].answer_match); } }
void ldns_buffer_free(ldns_buffer *buffer) { if (!buffer) { return; } if (!buffer->_fixed) LDNS_FREE(buffer->_data); LDNS_FREE(buffer); }
void ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone) { if (zone) { if (zone->names) { /* destroy all name structures within the tree */ ldns_traverse_postorder(zone->names, ldns_dnssec_name_node_deep_free, NULL); LDNS_FREE(zone->names); } LDNS_FREE(zone); } }
/* keep in mind that in DNS tcp messages the first 2 bytes signal the * amount data to expect */ static ldns_status ldns_tcp_send_from(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, const struct sockaddr_storage *from, socklen_t fromlen, struct timeval timeout, size_t *answer_size) { int sockfd; uint8_t *answer; sockfd = ldns_tcp_bgsend_from(qbin, to, tolen, from, fromlen, timeout); if (sockfd == 0) { return LDNS_STATUS_ERR; } answer = ldns_tcp_read_wire_timeout(sockfd, answer_size, timeout); #ifndef USE_WINSOCK close(sockfd); #else closesocket(sockfd); #endif if (*answer_size == 0) { /* oops */ return LDNS_STATUS_NETWORK_ERR; } /* resize accordingly */ *result = LDNS_XREALLOC(answer, uint8_t, (size_t)*answer_size); if(!*result) { LDNS_FREE(answer); return LDNS_STATUS_MEM_ERR; } return LDNS_STATUS_OK; }
static void ldns_dnssec_zone_hashed_names_from_nsec3( ldns_dnssec_zone* zone, ldns_rr* nsec3rr) { ldns_rbnode_t* current_node; ldns_dnssec_name* current_name; assert(zone != NULL); assert(nsec3rr != NULL); if (zone->hashed_names) { ldns_traverse_postorder(zone->hashed_names, ldns_hashed_names_node_free, NULL); LDNS_FREE(zone->hashed_names); } zone->_nsec3params = nsec3rr; /* So this is a NSEC3 zone. * Calculate hashes for all names already in the zone */ zone->hashed_names = ldns_rbtree_create(ldns_dname_compare_v); if (zone->hashed_names == NULL) { return; } for ( current_node = ldns_rbtree_first(zone->names) ; current_node != LDNS_RBTREE_NULL ; current_node = ldns_rbtree_next(current_node) ) { current_name = (ldns_dnssec_name *) current_node->data; ldns_dnssec_name_make_hashed_name(zone, current_name, nsec3rr); } }
static void ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone, ldns_dnssec_name* name, ldns_rr* nsec3rr) { ldns_rbnode_t* new_node; assert(name != NULL); if (! zone->_nsec3params) { if (! nsec3rr) { return; } ldns_dnssec_zone_hashed_names_from_nsec3(zone, nsec3rr); } else if (! nsec3rr) { nsec3rr = zone->_nsec3params; } name->hashed_name = ldns_nsec3_hash_name_frm_nsec3(nsec3rr, name->name); /* Also store in zone->hashed_names */ if ((new_node = LDNS_MALLOC(ldns_rbnode_t))) { new_node->key = name->hashed_name; new_node->data = name; if (ldns_rbtree_insert(zone->hashed_names, new_node) == NULL) { LDNS_FREE(new_node); } } }
void ldns_zone_deep_free(ldns_zone *zone) { ldns_rr_free(zone->_soa); ldns_rr_list_deep_free(zone->_rrs); LDNS_FREE(zone); }
INLINE void ldns_dnssec_name_free_internal(ldns_dnssec_name *name, int deep) { if (name) { if (name->name_alloced) { ldns_rdf_deep_free(name->name); } if (name->rrsets) { ldns_dnssec_rrsets_free_internal(name->rrsets, deep); } if (name->nsec && deep) { ldns_rr_free(name->nsec); } if (name->nsec_signatures) { ldns_dnssec_rrs_free_internal(name->nsec_signatures, deep); } if (name->hashed_name) { if (deep) { ldns_rdf_deep_free(name->hashed_name); } } LDNS_FREE(name); } }
/** * Sign data with DSA * * \param[in] to_sign The ldns_buffer containing raw data that is * to be signed * \param[in] key The DSA key structure to sign with * \return ldns_rdf for the RRSIG ldns_rr */ ldns_rdf * ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key) { unsigned char *sha1_hash; ldns_rdf *sigdata_rdf; ldns_buffer *b64sig; DSA_SIG *sig; uint8_t *data; size_t pad; b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); if (!b64sig) { return NULL; } sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign), ldns_buffer_position(to_sign), NULL); if (!sha1_hash) { ldns_buffer_free(b64sig); return NULL; } sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key); if(!sig) { ldns_buffer_free(b64sig); return NULL; } data = LDNS_XMALLOC(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH); if(!data) { ldns_buffer_free(b64sig); DSA_SIG_free(sig); return NULL; } data[0] = 1; pad = 20 - (size_t) BN_num_bytes(sig->r); if (pad > 0) { memset(data + 1, 0, pad); } BN_bn2bin(sig->r, (unsigned char *) (data + 1) + pad); pad = 20 - (size_t) BN_num_bytes(sig->s); if (pad > 0) { memset(data + 1 + SHA_DIGEST_LENGTH, 0, pad); } BN_bn2bin(sig->s, (unsigned char *) (data + 1 + SHA_DIGEST_LENGTH + pad)); sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, 1 + 2 * SHA_DIGEST_LENGTH, data); ldns_buffer_free(b64sig); LDNS_FREE(data); DSA_SIG_free(sig); return sigdata_rdf; }
/** check the packet and make sure that EDNS and DO and the type and RRSIG */ static int check_packet(uint8_t* wire, size_t len, int tp) { ldns_pkt *p = NULL; ldns_status s; if( (s=ldns_wire2pkt(&p, wire, len)) != LDNS_STATUS_OK) { if(verb) printf("error: %s\n", ldns_get_errorstr_by_id(s)); goto failed; } if(!p) { if(verb) printf("error: out of memory\n"); goto failed; } /* does DNS work? */ if(ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { char* r = ldns_pkt_rcode2str(ldns_pkt_get_rcode(p)); if(verb) printf("no answer, %s\n", r?r:"(out of memory)"); LDNS_FREE(r); goto failed; } /* test EDNS0 presence, of OPT record */ /* LDNS forgets during pkt parse, but we test the ARCOUNT; * 0 additionals means no EDNS(on the wire), and after parsing the * same additional RRs as before means no EDNS OPT */ if(LDNS_ARCOUNT(wire) == 0 || ldns_pkt_arcount(p) == LDNS_ARCOUNT(wire)) { if(verb) printf("no EDNS\n"); goto failed; } /* test if the type, RRSIG present */ if(!check_type_in_answer(p, tp) || !check_type_in_answer(p, LDNS_RR_TYPE_RRSIG)) { goto failed; } LDNS_FREE(wire); ldns_pkt_free(p); return 1; failed: LDNS_FREE(wire); ldns_pkt_free(p); return 0; }
void dump_hex(const ldns_pkt *pkt, const char *filename) { uint8_t *wire = NULL; size_t size, i; FILE *fp; ldns_status status; fp = fopen(filename, "w"); if (fp == NULL) { error("Unable to open %s for writing", filename); return; } status = ldns_pkt2wire(&wire, pkt, &size); if (status != LDNS_STATUS_OK) { error("Unable to convert packet: error code %u", status); LDNS_FREE(wire); fclose(fp); return; } fprintf(fp, "; 0"); for (i = 1; i < 20; i++) { fprintf(fp, " %2u", (unsigned int) i); } fprintf(fp, "\n"); fprintf(fp, ";--"); for (i = 1; i < 20; i++) { fprintf(fp, " --"); } fprintf(fp, "\n"); for (i = 0; i < size; i++) { if (i % 20 == 0 && i > 0) { fprintf(fp, "\t;\t%4u-%4u\n", (unsigned int) i-19, (unsigned int) i); } fprintf(fp, " %02x", (unsigned int)wire[i]); } fprintf(fp, "\n"); fclose(fp); LDNS_FREE(wire); }
/** test if type is present in returned packet */ static int check_type_in_answer(ldns_pkt* p, int t) { ldns_rr_list *l = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_ANSWER); if(!l) { char* s = ldns_rr_type2str(t); if(verb) printf("no DNSSEC %s\n", s?s:"(out of memory)"); LDNS_FREE(s); return 0; } ldns_rr_list_deep_free(l); return 1; }
INLINE void ldns_dnssec_rrs_free_internal(ldns_dnssec_rrs *rrs, int deep) { ldns_dnssec_rrs *next; while (rrs) { next = rrs->next; if (deep) { ldns_rr_free(rrs->rr); } LDNS_FREE(rrs); rrs = next; } }
void ldns_resolver_deep_free(ldns_resolver *res) { size_t i; if (res) { if (res->_searchlist) { for (i = 0; i < ldns_resolver_searchlist_count(res); i++) { ldns_rdf_deep_free(res->_searchlist[i]); } LDNS_FREE(res->_searchlist); } if (res->_nameservers) { for (i = 0; i < res->_nameserver_count; i++) { ldns_rdf_deep_free(res->_nameservers[i]); } LDNS_FREE(res->_nameservers); } if (ldns_resolver_domain(res)) { ldns_rdf_deep_free(ldns_resolver_domain(res)); } if (ldns_resolver_tsig_keyname(res)) { LDNS_FREE(res->_tsig_keyname); } if (res->_cur_axfr_pkt) { ldns_pkt_free(res->_cur_axfr_pkt); } if (res->_rtt) { LDNS_FREE(res->_rtt); } if (res->_dnssec_anchors) { ldns_rr_list_deep_free(res->_dnssec_anchors); } LDNS_FREE(res); } }
INLINE void ldns_dnssec_rrsets_free_internal(ldns_dnssec_rrsets *rrsets, int deep) { if (rrsets) { if (rrsets->rrs) { ldns_dnssec_rrs_free_internal(rrsets->rrs, deep); } if (rrsets->next) { ldns_dnssec_rrsets_free_internal(rrsets->next, deep); } if (rrsets->signatures) { ldns_dnssec_rrs_free_internal(rrsets->signatures, deep); } LDNS_FREE(rrsets); } }
bool ldns_rr_a_set_address(ldns_rr *r, ldns_rdf *f) { /* 2 types to check, cannot use the macro... */ ldns_rdf *pop; if (!r || (ldns_rr_get_type(r) != LDNS_RR_TYPE_A && ldns_rr_get_type(r) != LDNS_RR_TYPE_AAAA)) { return false; } pop = ldns_rr_set_rdf(r, f, 0); if (pop) { LDNS_FREE(pop); return true; } else { return false; } }
/** * Encode RR. * */ static int response_encode_rr(query_type* q, ldns_rr* rr, ldns_pkt_section section) { uint8_t *data = NULL; size_t size = 0; ldns_status status = LDNS_STATUS_OK; ods_log_assert(q); ods_log_assert(rr); ods_log_assert(section); status = ldns_rr2wire(&data, rr, section, &size); if (status != LDNS_STATUS_OK) { ods_log_error("[%s] unable to send good response: ldns_rr2wire() " "failed (%s)", query_str, ldns_get_errorstr_by_id(status)); return 0; } buffer_write(q->buffer, (const void*) data, size); LDNS_FREE(data); return 1; }
bool dump_hex(FILE *fp, const ldns_pkt *pkt) { uint8_t *wire; size_t size, i; ldns_status status; status = ldns_pkt2wire(&wire, pkt, &size); if (status != LDNS_STATUS_OK) { fprintf(stdout, "= Unable to convert packet back to wire: error code %u", status); fprintf(stdout, "= original hex:\n"); return false; } for (i = 0; i < size; i++) { fprintf(fp, "%02x", (unsigned int)wire[i]); } LDNS_FREE(wire); return true; }
void ldns_rr_soa_increment_func_data(ldns_rr *soa, ldns_soa_serial_increment_func_t f, void *data) { ldns_rdf *prev_soa_serial_rdf; if ( !soa || !f || ldns_rr_get_type(soa) != LDNS_RR_TYPE_SOA || !ldns_rr_rdf(soa, 2)) { return; } prev_soa_serial_rdf = ldns_rr_set_rdf( soa , ldns_native2rdf_int32( LDNS_RDF_TYPE_INT32 , (*f)( ldns_rdf2native_int32( ldns_rr_rdf(soa, 2)) , data ) ) , 2 ); LDNS_FREE(prev_soa_serial_rdf); }
/* code from rdata.c */ static struct sockaddr_storage * ldns_rdf2native_sockaddr_storage_port( const ldns_rdf *rd, uint16_t port, size_t *size) { struct sockaddr_storage *data; struct sockaddr_in *data_in; struct sockaddr_in6 *data_in6; data = LDNS_MALLOC(struct sockaddr_storage); if (!data) { return NULL; } /* zero the structure for portability */ memset(data, 0, sizeof(struct sockaddr_storage)); switch(ldns_rdf_get_type(rd)) { case LDNS_RDF_TYPE_A: #ifndef S_SPLINT_S data->ss_family = AF_INET; #endif data_in = (struct sockaddr_in*) data; data_in->sin_port = (in_port_t)htons(port); memcpy(&(data_in->sin_addr), ldns_rdf_data(rd), ldns_rdf_size(rd)); *size = sizeof(struct sockaddr_in); return data; case LDNS_RDF_TYPE_AAAA: #ifndef S_SPLINT_S data->ss_family = AF_INET6; #endif data_in6 = (struct sockaddr_in6*) data; data_in6->sin6_port = (in_port_t)htons(port); memcpy(&data_in6->sin6_addr, ldns_rdf_data(rd), ldns_rdf_size(rd)); *size = sizeof(struct sockaddr_in6); return data; default: LDNS_FREE(data); return NULL; } }
ssize_t ldns_tcp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen) { uint8_t *sendbuf; ssize_t bytes; /* add length of packet */ sendbuf = LDNS_XMALLOC(uint8_t, ldns_buffer_position(qbin) + 2); if(!sendbuf) return 0; ldns_write_uint16(sendbuf, ldns_buffer_position(qbin)); memcpy(sendbuf + 2, ldns_buffer_begin(qbin), ldns_buffer_position(qbin)); bytes = sendto(sockfd, (void*)sendbuf, ldns_buffer_position(qbin) + 2, 0, (struct sockaddr *)to, tolen); LDNS_FREE(sendbuf); if (bytes == -1 || (size_t) bytes != ldns_buffer_position(qbin) + 2 ) { return 0; } return bytes; }
ldns_buffer * ldns_buffer_new(size_t capacity) { ldns_buffer *buffer = LDNS_MALLOC(ldns_buffer); if (!buffer) { return NULL; } buffer->_data = (uint8_t *) LDNS_XMALLOC(uint8_t, capacity); if (!buffer->_data) { LDNS_FREE(buffer); return NULL; } buffer->_position = 0; buffer->_limit = buffer->_capacity = capacity; buffer->_fixed = 0; buffer->_status = LDNS_STATUS_OK; ldns_buffer_invariant(buffer); return buffer; }
void zkdns_start(const char* my_address, int port, const char* my_zone) { rp_handle = rp_initialize(my_zone); /* network */ int sock; ssize_t nb; struct sockaddr addr_me; struct sockaddr addr_him; socklen_t hislen = (socklen_t) sizeof(addr_him); uint8_t inbuf[INBUF_SIZE]; uint8_t *outbuf; /* dns */ ldns_status status; ldns_pkt *query_pkt; ldns_pkt *answer_pkt; size_t answer_size; ldns_rr *query_rr; ldns_rr_list *answer_qr; ldns_rr_list *answer_an; ldns_rr_list *answer_ns; ldns_rr_list *answer_ad; ldns_rdf *origin = NULL; /* zone */ ldns_zone *zone; int line_nr; FILE *zone_fp; if (ldns_str2rdf_dname(&origin, my_zone) != LDNS_STATUS_OK) { fprintf(stderr, "Bad origin, not a correct domain name\n"); exit(EXIT_FAILURE); } printf("Listening on port %d\n", port); sock = socket(AF_INET, SOCK_DGRAM, 0); if (sock < 0) { fprintf(stderr, "socket(): %s\n", strerror(errno)); exit(1); } memset(&addr_me, 0, sizeof(addr_me)); /* bind: try all ports in that range */ if (udp_bind(sock, port, my_address)) { fprintf(stderr, "cannot bind(): %s\n", strerror(errno)); exit(errno); } /* Done. Now receive */ while (1) { nb = recvfrom(sock, (void*)inbuf, INBUF_SIZE, 0, &addr_him, &hislen); if (nb < 1) { fprintf(stderr, "recvfrom(): %s\n", strerror(errno)); exit(1); } /* show(inbuf, nb, nn, hp, sp, ip, bp); */ status = ldns_wire2pkt(&query_pkt, inbuf, (size_t) nb); if (status != LDNS_STATUS_OK) { printf("Got bad packet: %s\n", ldns_get_errorstr_by_id(status)); } query_rr = ldns_rr_list_rr(ldns_pkt_question(query_pkt), 0); answer_qr = ldns_rr_list_new(); ldns_rr_list_push_rr(answer_qr, ldns_rr_clone(query_rr)); answer_an = get_rrset(zone, ldns_rr_owner(query_rr), ldns_rr_get_type(query_rr), ldns_rr_get_class(query_rr)); answer_pkt = ldns_pkt_new(); answer_ns = ldns_rr_list_new(); answer_ad = ldns_rr_list_new(); ldns_pkt_set_qr(answer_pkt, 1); ldns_pkt_set_aa(answer_pkt, 1); ldns_pkt_set_id(answer_pkt, ldns_pkt_id(query_pkt)); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_QUESTION, answer_qr); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_ANSWER, answer_an); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_AUTHORITY, answer_ns); ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_ADDITIONAL, answer_ad); status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size); if (status != LDNS_STATUS_OK) { printf("Error creating answer: %s\n", ldns_get_errorstr_by_id(status)); } else { nb = sendto(sock, (void*)outbuf, answer_size, 0, &addr_him, hislen); } ldns_pkt_free(query_pkt); ldns_pkt_free(answer_pkt); LDNS_FREE(outbuf); ldns_rr_list_free(answer_qr); ldns_rr_list_free(answer_an); ldns_rr_list_free(answer_ns); ldns_rr_list_free(answer_ad); } ldns_rdf_deep_free(origin); ldns_zone_deep_free(zone); rp_shutdown(rp_handle); }
ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only) { ldns_rr *tsig_rr; ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name); ldns_rdf *fudge_rdf = NULL; ldns_rdf *orig_id_rdf = NULL; ldns_rdf *algorithm_rdf; ldns_rdf *error_rdf = NULL; ldns_rdf *mac_rdf = NULL; ldns_rdf *other_data_rdf = NULL; ldns_status status = LDNS_STATUS_OK; uint8_t *pkt_wire = NULL; size_t pkt_wire_len; struct timeval tv_time_signed; uint8_t *time_signed = NULL; ldns_rdf *time_signed_rdf = NULL; algorithm_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, algorithm_name); if(!key_name_rdf || !algorithm_rdf) { status = LDNS_STATUS_MEM_ERR; goto clean; } /* eww don't have create tsigtime rdf yet :( */ /* bleh :p */ if (gettimeofday(&tv_time_signed, NULL) == 0) { time_signed = LDNS_XMALLOC(uint8_t, 6); if(!time_signed) { status = LDNS_STATUS_MEM_ERR; goto clean; } ldns_write_uint64_as_uint48(time_signed, (uint64_t)tv_time_signed.tv_sec); } else { status = LDNS_STATUS_INTERNAL_ERR; goto clean; } time_signed_rdf = ldns_rdf_new(LDNS_RDF_TYPE_TSIGTIME, 6, time_signed); if(!time_signed_rdf) { LDNS_FREE(time_signed); status = LDNS_STATUS_MEM_ERR; goto clean; } fudge_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, fudge); orig_id_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, ldns_pkt_id(pkt)); error_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, 0); other_data_rdf = ldns_native2rdf_int16_data(0, NULL); if(!fudge_rdf || !orig_id_rdf || !error_rdf || !other_data_rdf) { status = LDNS_STATUS_MEM_ERR; goto clean; } if (ldns_pkt2wire(&pkt_wire, pkt, &pkt_wire_len) != LDNS_STATUS_OK) { status = LDNS_STATUS_ERR; goto clean; } status = ldns_tsig_mac_new(&mac_rdf, pkt_wire, pkt_wire_len, key_data, key_name_rdf, fudge_rdf, algorithm_rdf, time_signed_rdf, error_rdf, other_data_rdf, query_mac, tsig_timers_only); if (!mac_rdf) { goto clean; } LDNS_FREE(pkt_wire); /* Create the TSIG RR */ tsig_rr = ldns_rr_new(); if(!tsig_rr) { status = LDNS_STATUS_MEM_ERR; goto clean; } ldns_rr_set_owner(tsig_rr, key_name_rdf); ldns_rr_set_class(tsig_rr, LDNS_RR_CLASS_ANY); ldns_rr_set_type(tsig_rr, LDNS_RR_TYPE_TSIG); ldns_rr_set_ttl(tsig_rr, 0); ldns_rr_push_rdf(tsig_rr, algorithm_rdf); ldns_rr_push_rdf(tsig_rr, time_signed_rdf); ldns_rr_push_rdf(tsig_rr, fudge_rdf); ldns_rr_push_rdf(tsig_rr, mac_rdf); ldns_rr_push_rdf(tsig_rr, orig_id_rdf); ldns_rr_push_rdf(tsig_rr, error_rdf); ldns_rr_push_rdf(tsig_rr, other_data_rdf); ldns_pkt_set_tsig(pkt, tsig_rr); return status; clean: LDNS_FREE(pkt_wire); ldns_rdf_free(key_name_rdf); ldns_rdf_free(algorithm_rdf); ldns_rdf_free(time_signed_rdf); ldns_rdf_free(fudge_rdf); ldns_rdf_free(orig_id_rdf); ldns_rdf_free(error_rdf); ldns_rdf_free(other_data_rdf); return status; }
bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char* key_name, const char *key_data, ldns_rdf *orig_mac_rdf, int tsig_timers_only) { ldns_rdf *fudge_rdf; ldns_rdf *algorithm_rdf; ldns_rdf *time_signed_rdf; ldns_rdf *orig_id_rdf; ldns_rdf *error_rdf; ldns_rdf *other_data_rdf; ldns_rdf *pkt_mac_rdf; ldns_rdf *my_mac_rdf; ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name); uint16_t pkt_id, orig_pkt_id; ldns_status status; uint8_t *prepared_wire = NULL; size_t prepared_wire_size = 0; ldns_rr *orig_tsig = ldns_pkt_tsig(pkt); if (!orig_tsig || ldns_rr_rd_count(orig_tsig) <= 6) { ldns_rdf_deep_free(key_name_rdf); return false; } algorithm_rdf = ldns_rr_rdf(orig_tsig, 0); time_signed_rdf = ldns_rr_rdf(orig_tsig, 1); fudge_rdf = ldns_rr_rdf(orig_tsig, 2); pkt_mac_rdf = ldns_rr_rdf(orig_tsig, 3); orig_id_rdf = ldns_rr_rdf(orig_tsig, 4); error_rdf = ldns_rr_rdf(orig_tsig, 5); other_data_rdf = ldns_rr_rdf(orig_tsig, 6); /* remove temporarily */ ldns_pkt_set_tsig(pkt, NULL); /* temporarily change the id to the original id */ pkt_id = ldns_pkt_id(pkt); orig_pkt_id = ldns_rdf2native_int16(orig_id_rdf); ldns_pkt_set_id(pkt, orig_pkt_id); prepared_wire = ldns_tsig_prepare_pkt_wire(wire, wirelen, &prepared_wire_size); status = ldns_tsig_mac_new(&my_mac_rdf, prepared_wire, prepared_wire_size, key_data, key_name_rdf, fudge_rdf, algorithm_rdf, time_signed_rdf, error_rdf, other_data_rdf, orig_mac_rdf, tsig_timers_only); LDNS_FREE(prepared_wire); if (status != LDNS_STATUS_OK) { ldns_rdf_deep_free(key_name_rdf); return false; } /* Put back the values */ ldns_pkt_set_tsig(pkt, orig_tsig); ldns_pkt_set_id(pkt, pkt_id); ldns_rdf_deep_free(key_name_rdf); if (ldns_rdf_compare(pkt_mac_rdf, my_mac_rdf) == 0) { ldns_rdf_deep_free(my_mac_rdf); return true; } else { ldns_rdf_deep_free(my_mac_rdf); return false; } }
static ldns_status ldns_tsig_mac_new(ldns_rdf **tsig_mac, uint8_t *pkt_wire, size_t pkt_wire_size, const char *key_data, ldns_rdf *key_name_rdf, ldns_rdf *fudge_rdf, ldns_rdf *algorithm_rdf, ldns_rdf *time_signed_rdf, ldns_rdf *error_rdf, ldns_rdf *other_data_rdf, ldns_rdf *orig_mac_rdf, int tsig_timers_only) { ldns_status status; char *wireformat; int wiresize; unsigned char *mac_bytes = NULL; unsigned char *key_bytes = NULL; int key_size; const EVP_MD *digester; char *algorithm_name = NULL; unsigned int md_len = EVP_MAX_MD_SIZE; ldns_rdf *result = NULL; ldns_buffer *data_buffer = NULL; ldns_rdf *canonical_key_name_rdf = NULL; ldns_rdf *canonical_algorithm_rdf = NULL; if (key_name_rdf == NULL || algorithm_rdf == NULL) { return LDNS_STATUS_NULL; } canonical_key_name_rdf = ldns_rdf_clone(key_name_rdf); if (canonical_key_name_rdf == NULL) { return LDNS_STATUS_MEM_ERR; } canonical_algorithm_rdf = ldns_rdf_clone(algorithm_rdf); if (canonical_algorithm_rdf == NULL) { ldns_rdf_deep_free(canonical_key_name_rdf); return LDNS_STATUS_MEM_ERR; } /* * prepare the digestable information */ data_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); if (!data_buffer) { status = LDNS_STATUS_MEM_ERR; goto clean; } /* if orig_mac is not NULL, add it too */ if (orig_mac_rdf) { (void) ldns_rdf2buffer_wire(data_buffer, orig_mac_rdf); } ldns_buffer_write(data_buffer, pkt_wire, pkt_wire_size); if (!tsig_timers_only) { ldns_dname2canonical(canonical_key_name_rdf); (void)ldns_rdf2buffer_wire(data_buffer, canonical_key_name_rdf); ldns_buffer_write_u16(data_buffer, LDNS_RR_CLASS_ANY); ldns_buffer_write_u32(data_buffer, 0); ldns_dname2canonical(canonical_algorithm_rdf); (void)ldns_rdf2buffer_wire(data_buffer, canonical_algorithm_rdf); } (void)ldns_rdf2buffer_wire(data_buffer, time_signed_rdf); (void)ldns_rdf2buffer_wire(data_buffer, fudge_rdf); if (!tsig_timers_only) { (void)ldns_rdf2buffer_wire(data_buffer, error_rdf); (void)ldns_rdf2buffer_wire(data_buffer, other_data_rdf); } wireformat = (char *) data_buffer->_data; wiresize = (int) ldns_buffer_position(data_buffer); algorithm_name = ldns_rdf2str(algorithm_rdf); if(!algorithm_name) { status = LDNS_STATUS_MEM_ERR; goto clean; } /* prepare the key */ key_bytes = LDNS_XMALLOC(unsigned char, ldns_b64_pton_calculate_size(strlen(key_data))); if(!key_bytes) { status = LDNS_STATUS_MEM_ERR; goto clean; } key_size = ldns_b64_pton(key_data, key_bytes, ldns_b64_pton_calculate_size(strlen(key_data))); if (key_size < 0) { status = LDNS_STATUS_INVALID_B64; goto clean; } /* hmac it */ /* 2 spare bytes for the length */ mac_bytes = LDNS_XMALLOC(unsigned char, md_len+2); if(!mac_bytes) { status = LDNS_STATUS_MEM_ERR; goto clean; } memset(mac_bytes, 0, md_len+2); digester = ldns_digest_function(algorithm_name); if (digester) { (void) HMAC(digester, key_bytes, key_size, (void *)wireformat, (size_t) wiresize, mac_bytes + 2, &md_len); ldns_write_uint16(mac_bytes, md_len); result = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16_DATA, md_len + 2, mac_bytes); } else { status = LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; goto clean; } *tsig_mac = result; status = LDNS_STATUS_OK; clean: LDNS_FREE(mac_bytes); LDNS_FREE(key_bytes); LDNS_FREE(algorithm_name); ldns_buffer_free(data_buffer); ldns_rdf_deep_free(canonical_algorithm_rdf); ldns_rdf_deep_free(canonical_key_name_rdf); return status; }