Blame
Date:
Thu Nov 19 09:25:28 2020 UTC
Message:
update README before 1.5.0 release
0001
2020-04-10
pjp
/*
0002
2020-04-10
pjp
* Copyright (c) 2020 Peter J. Philipp
0003
2020-04-10
pjp
* All rights reserved.
0004
2020-04-10
pjp
*
0005
2020-04-10
pjp
* Redistribution and use in source and binary forms, with or without
0006
2020-04-10
pjp
* modification, are permitted provided that the following conditions
0007
2020-04-10
pjp
* are met:
0008
2020-04-10
pjp
* 1. Redistributions of source code must retain the above copyright
0009
2020-04-10
pjp
* notice, this list of conditions and the following disclaimer.
0010
2020-04-10
pjp
* 2. Redistributions in binary form must reproduce the above copyright
0011
2020-04-10
pjp
* notice, this list of conditions and the following disclaimer in the
0012
2020-04-10
pjp
* documentation and/or other materials provided with the distribution.
0013
2020-04-10
pjp
* 3. The name of the author may not be used to endorse or promote products
0014
2020-04-10
pjp
* derived from this software without specific prior written permission
0015
2020-04-10
pjp
*
0016
2020-04-10
pjp
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
0017
2020-04-10
pjp
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
0018
2020-04-10
pjp
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
0019
2020-04-10
pjp
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
0020
2020-04-10
pjp
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
0021
2020-04-10
pjp
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
0022
2020-04-10
pjp
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
0023
2020-04-10
pjp
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
0024
2020-04-10
pjp
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
0025
2020-04-10
pjp
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
0026
2020-04-10
pjp
*
0027
2020-04-10
pjp
*/
0028
2020-04-10
pjp
0029
2020-04-10
pjp
/*
0030
2020-09-17
pjp
* $Id: sign.c,v 1.15 2020/09/17 12:14:16 pjp Exp $
0031
2020-04-10
pjp
*/
0032
2020-04-10
pjp
0033
2020-08-11
pjp
#include <sys/param.h> /* for MIN() */
0034
2020-04-10
pjp
#include <sys/time.h>
0035
2020-04-10
pjp
#include <sys/stat.h>
0036
2020-04-10
pjp
#include <sys/uio.h>
0037
2020-04-10
pjp
#include <sys/socket.h>
0038
2020-04-10
pjp
0039
2020-04-10
pjp
#include <netinet/in.h>
0040
2020-04-10
pjp
#include <arpa/inet.h>
0041
2020-04-10
pjp
#include <netdb.h>
0042
2020-04-10
pjp
0043
2020-04-10
pjp
#include <stdio.h>
0044
2020-04-10
pjp
#include <stdlib.h>
0045
2020-04-10
pjp
#include <stdint.h>
0046
2020-04-10
pjp
#include <stdarg.h>
0047
2020-04-10
pjp
#include <string.h>
0048
2020-04-10
pjp
#include <unistd.h>
0049
2020-04-10
pjp
#include <syslog.h>
0050
2020-04-10
pjp
#include <fcntl.h>
0051
2020-04-10
pjp
#include <ctype.h>
0052
2020-04-10
pjp
0053
2020-04-10
pjp
#ifdef __linux__
0054
2020-04-10
pjp
#include <grp.h>
0055
2020-04-10
pjp
#define __USE_BSD 1
0056
2020-04-10
pjp
#include <endian.h>
0057
2020-04-10
pjp
#include <bsd/stdlib.h>
0058
2020-04-10
pjp
#include <bsd/string.h>
0059
2020-04-10
pjp
#include <bsd/unistd.h>
0060
2020-04-10
pjp
#include <bsd/sys/queue.h>
0061
2020-04-10
pjp
#define __unused
0062
2020-04-10
pjp
#include <bsd/sys/tree.h>
0063
2020-04-10
pjp
#include <bsd/sys/endian.h>
0064
2020-04-10
pjp
#include "imsg.h"
0065
2020-04-10
pjp
#else /* not linux */
0066
2020-04-10
pjp
#include <sys/queue.h>
0067
2020-04-10
pjp
#include <sys/tree.h>
0068
2020-04-10
pjp
#ifdef __FreeBSD__
0069
2020-04-10
pjp
#include "imsg.h"
0070
2020-04-10
pjp
#else
0071
2020-04-10
pjp
#include <imsg.h>
0072
2020-04-10
pjp
#endif /* __FreeBSD__ */
0073
2020-04-10
pjp
#endif /* __linux__ */
0074
2020-04-10
pjp
0075
2020-04-10
pjp
#ifndef NTOHS
0076
2020-04-10
pjp
#include "endian.h"
0077
2020-04-10
pjp
#endif
0078
2020-04-10
pjp
0079
2020-04-10
pjp
#include <openssl/bn.h>
0080
2020-04-10
pjp
#include <openssl/obj_mac.h>
0081
2020-04-10
pjp
#include <openssl/rsa.h>
0082
2020-04-10
pjp
#include <openssl/err.h>
0083
2020-04-10
pjp
#include <openssl/sha.h>
0084
2020-04-10
pjp
#include <openssl/ec.h>
0085
2020-04-10
pjp
#include <openssl/ecdsa.h>
0086
2020-04-10
pjp
0087
2020-04-10
pjp
#include <openssl/evp.h>
0088
2020-04-10
pjp
#include <openssl/hmac.h>
0089
2020-04-10
pjp
0090
2020-04-10
pjp
#include "ddd-dns.h"
0091
2020-04-10
pjp
#include "ddd-db.h"
0092
2020-04-10
pjp
#include "ddd-config.h"
0093
2020-04-10
pjp
0094
2020-04-10
pjp
0095
2020-04-10
pjp
SLIST_HEAD(, keysentry) keyshead;
0096
2020-04-10
pjp
0097
2020-04-10
pjp
static struct keysentry {
0098
2020-04-10
pjp
char *keyname;
0099
2020-04-10
pjp
uint32_t pid;
0100
2020-04-10
pjp
int sign;
0101
2020-04-10
pjp
int type;
0102
2020-04-10
pjp
0103
2020-04-10
pjp
/* key material in this struct */
0104
2020-04-10
pjp
char *key;
0105
2020-04-10
pjp
char *zone;
0106
2020-04-10
pjp
uint32_t ttl;
0107
2020-04-10
pjp
uint16_t flags;
0108
2020-04-10
pjp
uint8_t protocol;
0109
2020-04-10
pjp
uint8_t algorithm;
0110
2020-04-10
pjp
int keyid;
0111
2020-04-10
pjp
0112
2020-04-10
pjp
/* private key RSA */
0113
2020-04-10
pjp
BIGNUM *rsan;
0114
2020-04-10
pjp
BIGNUM *rsae;
0115
2020-04-10
pjp
BIGNUM *rsad;
0116
2020-04-10
pjp
BIGNUM *rsap;
0117
2020-04-10
pjp
BIGNUM *rsaq;
0118
2020-04-10
pjp
BIGNUM *rsadmp1;
0119
2020-04-10
pjp
BIGNUM *rsadmq1;
0120
2020-04-10
pjp
BIGNUM *rsaiqmp;
0121
2020-04-10
pjp
0122
2020-04-10
pjp
/* private key Elliptic Curve */
0123
2020-04-10
pjp
0124
2020-04-10
pjp
BIGNUM *ecprivate;
0125
2020-04-10
pjp
0126
2020-04-10
pjp
SLIST_ENTRY(keysentry) keys_entry;
0127
2020-04-10
pjp
} *kn, *knp;
0128
2020-04-10
pjp
0129
2020-04-11
pjp
u_int64_t expiredon, signedon;
0130
2020-04-10
pjp
0131
2020-04-10
pjp
/* prototypes */
0132
2020-04-10
pjp
0133
2020-04-10
pjp
int add_dnskey(ddDB *);
0134
2020-04-10
pjp
char * parse_keyfile(int, uint32_t *, uint16_t *, uint8_t *, uint8_t *, char *, int *);
0135
2020-04-10
pjp
char * key2zone(char *, uint32_t *, uint16_t *, uint8_t *, uint8_t *, char *, int *);
0136
2020-04-10
pjp
char * get_key(struct keysentry *,uint32_t *, uint16_t *, uint8_t *, uint8_t *, char *, int, int *);
0137
2020-04-10
pjp
0138
2020-04-10
pjp
char * create_key(char *, int, int, int, int, uint32_t *);
0139
2020-04-10
pjp
char * create_key_rsa(char *, int, int, int, int, uint32_t *);
0140
2020-04-10
pjp
char * create_key_ec(char *, int, int, int, int, uint32_t *);
0141
2020-04-10
pjp
int create_key_ec_getpid(EC_KEY *, EC_GROUP *, EC_POINT *, int, int);
0142
2020-04-10
pjp
0143
2020-04-10
pjp
char * alg_to_name(int);
0144
2020-04-10
pjp
int alg_to_rsa(int);
0145
2020-04-10
pjp
0146
2020-04-10
pjp
int construct_nsec3(ddDB *, char *, int, char *);
0147
2020-04-10
pjp
int calculate_rrsigs(ddDB *, char *, int, int);
0148
2020-04-10
pjp
0149
2020-07-23
pjp
static int sign_hinfo(ddDB *, char *, int, struct rbtree *, int);
0150
2020-07-23
pjp
static int sign_rp(ddDB *, char *, int, struct rbtree *, int);
0151
2020-07-23
pjp
static int sign_caa(ddDB *, char *, int, struct rbtree *, int);
0152
2020-04-10
pjp
static int sign_dnskey(ddDB *, char *, int, struct rbtree *, int);
0153
2020-04-10
pjp
static int sign_a(ddDB *, char *, int, struct rbtree *, int);
0154
2020-04-10
pjp
static int sign_mx(ddDB *, char *, int, struct rbtree *, int);
0155
2020-04-10
pjp
static int sign_ns(ddDB *, char *, int, struct rbtree *, int);
0156
2020-04-10
pjp
static int sign_srv(ddDB *, char *, int, struct rbtree *, int);
0157
2020-04-10
pjp
static int sign_cname(ddDB *, char *, int, struct rbtree *, int);
0158
2020-04-10
pjp
static int sign_soa(ddDB *, char *, int, struct rbtree *, int);
0159
2020-04-10
pjp
static int sign_txt(ddDB *, char *, int, struct rbtree *, int);
0160
2020-04-10
pjp
static int sign_aaaa(ddDB *, char *, int, struct rbtree *, int);
0161
2020-04-10
pjp
static int sign_ptr(ddDB *, char *, int, struct rbtree *, int);
0162
2020-04-10
pjp
static int sign_nsec3(ddDB *, char *, int, struct rbtree *, int);
0163
2020-04-10
pjp
static int sign_nsec3param(ddDB *, char *, int, struct rbtree *, int);
0164
2020-04-10
pjp
static int sign_naptr(ddDB *, char *, int, struct rbtree *, int);
0165
2020-04-10
pjp
static int sign_sshfp(ddDB *, char *, int, struct rbtree *, int);
0166
2020-04-10
pjp
static int sign_tlsa(ddDB *, char *, int, struct rbtree *, int);
0167
2020-04-10
pjp
static int sign_ds(ddDB *, char *, int, struct rbtree *, int);
0168
2020-04-10
pjp
0169
2020-04-10
pjp
int sign(int, char *, int, struct keysentry *, char *, int *);
0170
2020-04-10
pjp
int create_ds(ddDB *, char *, struct keysentry *);
0171
2020-04-10
pjp
u_int keytag(u_char *key, u_int keysize);
0172
2020-04-10
pjp
u_int dnskey_keytag(struct dnskey *dnskey);
0173
2020-04-10
pjp
void free_private_key(struct keysentry *);
0174
2020-04-10
pjp
RSA * get_private_key_rsa(struct keysentry *);
0175
2020-04-10
pjp
EC_KEY * get_private_key_ec(struct keysentry *);
0176
2020-04-10
pjp
int store_private_key(struct keysentry *, char *, int, int);
0177
2020-04-10
pjp
int print_rbt(FILE *, struct rbtree *);
0178
2020-04-10
pjp
int print_rbt_bind(FILE *, struct rbtree *);
0179
2020-04-10
pjp
int signmain(int argc, char *argv[]);
0180
2020-04-10
pjp
void init_keys(void);
0181
2020-04-10
pjp
uint32_t getkeypid(char *);
0182
2020-04-10
pjp
void update_soa_serial(ddDB *, char *, time_t);
0183
2020-04-10
pjp
void debug_bindump(const char *, int);
0184
2020-04-10
pjp
int dump_db(ddDB *, FILE *, char *);
0185
2020-04-10
pjp
int notglue(ddDB *, struct rbtree *, char *);
0186
2020-04-10
pjp
0187
2020-08-11
pjp
char * canonical_sort(char **, int, int *);
0188
2020-08-11
pjp
int cs_cmp(const void *, const void *);
0189
2020-04-10
pjp
0190
2020-04-10
pjp
extern int debug;
0191
2020-04-10
pjp
extern int verbose;
0192
2020-04-10
pjp
extern int bytes_received;
0193
2020-04-10
pjp
extern int notify;
0194
2020-07-16
pjp
extern int passlist;
0195
2020-04-10
pjp
extern int bcount;
0196
2020-04-10
pjp
extern char *bind_list[255];
0197
2020-04-10
pjp
extern char *interface_list[255];
0198
2020-04-10
pjp
extern int bflag;
0199
2020-04-10
pjp
extern int ratelimit_packets_per_second;
0200
2020-04-10
pjp
extern int ratelimit;
0201
2020-04-10
pjp
extern int nflag;
0202
2020-04-10
pjp
extern int iflag;
0203
2020-04-10
pjp
extern int lflag;
0204
2020-04-10
pjp
extern int icount;
0205
2020-04-10
pjp
extern int vslen;
0206
2020-04-10
pjp
extern char *versionstring;
0207
2020-04-10
pjp
0208
2020-04-10
pjp
/* externs */
0209
2020-04-10
pjp
0210
2020-04-10
pjp
extern void dolog(int pri, char *fmt, ...);
0211
2020-04-10
pjp
extern uint32_t unpack32(char *);
0212
2020-04-10
pjp
extern uint16_t unpack16(char *);
0213
2020-04-10
pjp
extern void unpack(char *, char *, int);
0214
2020-04-10
pjp
0215
2020-04-10
pjp
extern void pack(char *, char *, int);
0216
2020-04-10
pjp
extern void pack32(char *, u_int32_t);
0217
2020-04-10
pjp
extern void pack16(char *, u_int16_t);
0218
2020-04-10
pjp
extern void pack8(char *, u_int8_t);
0219
2020-07-06
pjp
extern int fill_dnskey(ddDB *,char *, char *, u_int32_t, u_int16_t, u_int8_t, u_int8_t, char *);
0220
2020-07-06
pjp
extern int fill_rrsig(ddDB *,char *, char *, u_int32_t, char *, u_int8_t, u_int8_t, u_int32_t, u_int64_t, u_int64_t, u_int16_t, char *, char *);
0221
2020-07-06
pjp
extern int fill_nsec3param(ddDB *, char *, char *, u_int32_t, u_int8_t, u_int8_t, u_int16_t, char *);
0222
2020-07-06
pjp
extern int fill_nsec3(ddDB *, char *, char *, u_int32_t, u_int8_t, u_int8_t, u_int16_t, char *, char *, char *);
0223
2020-04-10
pjp
extern char * convert_name(char *name, int namelen);
0224
2020-04-10
pjp
0225
2020-04-10
pjp
extern int mybase64_encode(u_char const *, size_t, char *, size_t);
0226
2020-04-10
pjp
extern int mybase64_decode(char const *, u_char *, size_t);
0227
2020-04-10
pjp
extern struct rbtree * Lookup_zone(ddDB *, char *, int, int, int);
0228
2020-04-10
pjp
extern struct question *build_fake_question(char *, int, u_int16_t, char *, int);
0229
2020-04-10
pjp
extern char * dns_label(char *, int *);
0230
2020-04-10
pjp
extern int label_count(char *);
0231
2020-04-10
pjp
extern char *get_dns_type(int, int);
0232
2020-04-10
pjp
extern char * hash_name(char *, int, struct nsec3param *);
0233
2020-04-10
pjp
extern char * base32hex_encode(u_char *input, int len);
0234
2020-04-10
pjp
extern int init_entlist(ddDB *);
0235
2020-04-10
pjp
extern int check_ent(char *, int);
0236
2020-04-10
pjp
extern struct question *build_question(char *, int, int, char *);
0237
2020-04-10
pjp
struct rrtab *rrlookup(char *);
0238
2020-04-10
pjp
0239
2020-04-10
pjp
extern struct rbtree * find_rrset(ddDB *db, char *name, int len);
0240
2020-04-10
pjp
extern struct rrset * find_rr(struct rbtree *rbt, u_int16_t rrtype);
0241
2020-04-10
pjp
extern int add_rr(struct rbtree *rbt, char *name, int len, u_int16_t rrtype, void *rdata);
0242
2020-04-10
pjp
extern char * bin2hex(char *, int);
0243
2020-04-10
pjp
extern u_int64_t timethuman(time_t);
0244
2020-04-10
pjp
extern char * bitmap2human(char *, int);
0245
2020-04-10
pjp
extern int memcasecmp(u_char *, u_char *, int);
0246
2020-04-10
pjp
0247
2020-04-10
pjp
extern int insert_axfr(char *, char *);
0248
2020-04-10
pjp
extern int insert_filter(char *, char *);
0249
2020-07-16
pjp
extern int insert_passlist(char *, char *);
0250
2020-06-25
pjp
extern int insert_notifyddd(char *, char *);
0251
2020-04-10
pjp
0252
2020-04-10
pjp
extern int dnssec;
0253
2020-04-10
pjp
extern int tsig;
0254
2020-04-10
pjp
0255
2020-04-10
pjp
/* Aliases */
0256
2020-04-10
pjp
0257
2020-04-10
pjp
#define ROLLOVER_METHOD_PRE_PUBLICATION 0
0258
2020-04-10
pjp
#define ROLLOVER_METHOD_DOUBLE_SIGNATURE 1
0259
2020-04-10
pjp
0260
2020-04-10
pjp
#define KEYTYPE_NONE 0
0261
2020-04-10
pjp
#define KEYTYPE_KSK 1
0262
2020-04-10
pjp
#define KEYTYPE_ZSK 2
0263
2020-04-10
pjp
0264
2020-04-10
pjp
#define SCHEME_OFF 0
0265
2020-04-10
pjp
#define SCHEME_YYYY 1
0266
2020-04-10
pjp
#define SCHEME_TSTAMP 2
0267
2020-04-10
pjp
0268
2020-04-10
pjp
#define ALGORITHM_RSASHA1_NSEC3_SHA1 7 /* rfc 5155 */
0269
2020-04-10
pjp
#define ALGORITHM_RSASHA256 8 /* rfc 5702 */
0270
2020-04-10
pjp
#define ALGORITHM_RSASHA512 10 /* rfc 5702 */
0271
2020-04-10
pjp
#define ALGORITHM_ECDSAP256SHA256 13 /* rfc 6605 */
0272
2020-04-10
pjp
0273
2020-04-10
pjp
#define RSA_F5 0x100000001
0274
2020-04-10
pjp
0275
2020-04-10
pjp
#define PROVIDED_SIGNTIME 0
0276
2020-04-10
pjp
#define SIGNEDON 20161230073133
0277
2020-04-10
pjp
#define EXPIREDON 20170228073133
0278
2020-04-10
pjp
0279
2020-04-10
pjp
#define SIGNEDON_DRIFT (14 * 86400)
0280
2020-04-10
pjp
#define DEFAULT_EXPIRYTIME (60 * 86400)
0281
2020-04-10
pjp
0282
2020-04-10
pjp
#define DEFAULT_TTL 3600
0283
2020-04-10
pjp
#define DEFAULT_BITS 3072
0284
2020-04-10
pjp
0285
2020-04-10
pjp
/* define masks */
0286
2020-04-10
pjp
0287
2020-04-10
pjp
#define MASK_PARSE_BINDFILE 0x1
0288
2020-04-10
pjp
#define MASK_PARSE_FILE 0x2
0289
2020-04-10
pjp
#define MASK_ADD_DNSKEY 0x4
0290
2020-04-10
pjp
#define MASK_CONSTRUCT_NSEC3 0x8
0291
2020-04-10
pjp
#define MASK_CALCULATE_RRSIGS 0x10
0292
2020-04-10
pjp
#define MASK_CREATE_DS 0x20
0293
2020-04-10
pjp
#define MASK_DUMP_DB 0x40
0294
2020-04-10
pjp
#define MASK_DUMP_BIND 0x80
0295
2020-04-10
pjp
0296
2020-04-10
pjp
0297
2020-08-11
pjp
#define MAX_RECORDS_IN_RRSET 100
0298
2020-08-11
pjp
0299
2020-04-10
pjp
/*
0300
2020-04-10
pjp
* SIGNMAIN - the heart of dddctl sign ...
0301
2020-04-10
pjp
*/
0302
2020-04-10
pjp
0303
2020-04-10
pjp
int
0304
2020-04-10
pjp
signmain(int argc, char *argv[])
0305
2020-04-10
pjp
{
0306
2020-04-10
pjp
FILE *of = stdout;
0307
2020-04-10
pjp
struct stat sb;
0308
2020-04-10
pjp
0309
2020-04-10
pjp
int ch;
0310
2020-04-10
pjp
int bits = DEFAULT_BITS;
0311
2020-04-10
pjp
int ttl = DEFAULT_TTL;
0312
2020-04-10
pjp
int create_zsk = 0;
0313
2020-04-10
pjp
int create_ksk = 0;
0314
2020-04-10
pjp
int rollmethod = ROLLOVER_METHOD_PRE_PUBLICATION;
0315
2020-04-10
pjp
int algorithm = ALGORITHM_ECDSAP256SHA256;
0316
2020-04-10
pjp
int expiry = DEFAULT_EXPIRYTIME;
0317
2020-04-10
pjp
int iterations = 10;
0318
2020-04-10
pjp
u_int32_t mask = (MASK_PARSE_FILE | MASK_ADD_DNSKEY | MASK_CONSTRUCT_NSEC3 | MASK_CALCULATE_RRSIGS | MASK_CREATE_DS | MASK_DUMP_DB);
0319
2020-04-10
pjp
0320
2020-04-10
pjp
char *salt = "-";
0321
2020-04-10
pjp
char *zonefile = NULL;
0322
2020-04-10
pjp
char *zonename = NULL;
0323
2020-04-10
pjp
char *ep;
0324
2020-04-10
pjp
0325
2020-04-10
pjp
int ksk_key = 0, zsk_key = 0;
0326
2020-04-10
pjp
int numkeys = 0, search = 0;
0327
2020-04-10
pjp
0328
2020-04-10
pjp
int numksk = 0, numzsk = 0;
0329
2020-04-10
pjp
0330
2020-04-10
pjp
uint32_t pid = -1, newpid;
0331
2020-04-10
pjp
0332
2020-04-10
pjp
char key_key[4096];
0333
2020-04-10
pjp
char buf[512];
0334
2020-04-10
pjp
char *key_zone;
0335
2020-04-10
pjp
uint32_t key_ttl;
0336
2020-04-10
pjp
uint16_t key_flags;
0337
2020-04-10
pjp
uint8_t key_protocol;
0338
2020-04-10
pjp
uint8_t key_algorithm;
0339
2020-04-10
pjp
int key_keyid;
0340
2020-04-10
pjp
0341
2020-04-10
pjp
ddDB *db;
0342
2020-04-10
pjp
0343
2020-04-10
pjp
time_t now, serial = 0;
0344
2020-04-10
pjp
struct tm *tm;
0345
2020-04-10
pjp
uint32_t parseflags = PARSEFILE_FLAG_NOSOCKET;
0346
2020-04-10
pjp
0347
2020-04-10
pjp
#if __OpenBSD__
0348
2020-04-10
pjp
if (pledge("stdio rpath wpath cpath", NULL) < 0) {
0349
2020-04-10
pjp
perror("pledge");
0350
2020-04-10
pjp
exit(1);
0351
2020-04-10
pjp
}
0352
2020-04-10
pjp
#endif
0353
2020-04-10
pjp
0354
2020-04-10
pjp
0355
2020-04-10
pjp
while ((ch = getopt(argc, argv, "a:B:e:hI:i:Kk:m:n:o:R:S:s:t:vXx:Zz:")) != -1) {
0356
2020-04-10
pjp
switch (ch) {
0357
2020-04-10
pjp
case 'a':
0358
2020-04-10
pjp
/* algorithm */
0359
2020-04-10
pjp
algorithm = atoi(optarg);
0360
2020-04-10
pjp
break;
0361
2020-04-10
pjp
0362
2020-04-10
pjp
case 'B':
0363
2020-04-10
pjp
/* bits */
0364
2020-04-10
pjp
0365
2020-04-10
pjp
bits = atoi(optarg);
0366
2020-04-10
pjp
break;
0367
2020-04-10
pjp
case 'e':
0368
2020-04-10
pjp
/* expiry */
0369
2020-04-10
pjp
0370
2020-04-10
pjp
expiry = atoi(optarg);
0371
2020-04-10
pjp
break;
0372
2020-04-10
pjp
0373
2020-04-10
pjp
case 'I':
0374
2020-04-10
pjp
/* NSEC3 iterations */
0375
2020-04-10
pjp
iterations = atoi(optarg);
0376
2020-04-10
pjp
break;
0377
2020-04-10
pjp
0378
2020-04-10
pjp
case 'i':
0379
2020-04-10
pjp
/* inputfile */
0380
2020-04-10
pjp
zonefile = optarg;
0381
2020-04-10
pjp
0382
2020-04-10
pjp
break;
0383
2020-04-10
pjp
0384
2020-04-10
pjp
case 'K':
0385
2020-04-10
pjp
/* create KSK key */
0386
2020-04-10
pjp
create_ksk = 1;
0387
2020-04-10
pjp
0388
2020-04-10
pjp
break;
0389
2020-04-10
pjp
0390
2020-04-10
pjp
case 'k':
0391
2020-04-10
pjp
/* use KSK key */
0392
2020-04-10
pjp
kn = malloc(sizeof(struct keysentry));
0393
2020-04-10
pjp
if (kn == NULL) {
0394
2020-04-10
pjp
perror("malloc");
0395
2020-04-10
pjp
exit(1);
0396
2020-04-10
pjp
}
0397
2020-04-10
pjp
kn->keyname = strdup(optarg);
0398
2020-04-10
pjp
if (kn->keyname == NULL) {
0399
2020-04-10
pjp
perror("strdup");
0400
2020-04-10
pjp
exit(1);
0401
2020-04-10
pjp
}
0402
2020-04-10
pjp
kn->type = KEYTYPE_KSK;
0403
2020-04-10
pjp
kn->pid = getkeypid(kn->keyname);
0404
2020-04-10
pjp
#if DEBUG
0405
2020-04-10
pjp
printf("opened %s with pid %u\n", kn->keyname, kn->pid);
0406
2020-04-10
pjp
#endif
0407
2020-04-10
pjp
kn->sign = 0;
0408
2020-04-10
pjp
ksk_key = 1;
0409
2020-04-10
pjp
0410
2020-04-10
pjp
if ((key_zone = key2zone(kn->keyname, &key_ttl, &key_flags, &key_protocol, &key_algorithm, (char *)&key_key, &key_keyid)) == NULL) {
0411
2020-04-10
pjp
perror("key2zone");
0412
2020-04-10
pjp
exit(1);
0413
2020-04-10
pjp
}
0414
2020-04-10
pjp
0415
2020-04-10
pjp
kn->zone = strdup(key_zone);
0416
2020-04-10
pjp
if (kn->zone == NULL) {
0417
2020-04-10
pjp
perror("strdup");
0418
2020-04-10
pjp
exit(1);
0419
2020-04-10
pjp
}
0420
2020-04-10
pjp
kn->ttl = key_ttl;
0421
2020-04-10
pjp
kn->flags = key_flags;
0422
2020-04-10
pjp
kn->protocol = key_protocol;
0423
2020-04-10
pjp
kn->algorithm = key_algorithm;
0424
2020-04-10
pjp
kn->key = strdup(key_key);
0425
2020-04-10
pjp
if (kn->key == NULL) {
0426
2020-04-10
pjp
perror("strdup kn->key");
0427
2020-04-10
pjp
exit(1);
0428
2020-04-10
pjp
}
0429
2020-04-10
pjp
kn->keyid = key_keyid;
0430
2020-04-10
pjp
0431
2020-04-10
pjp
if (store_private_key(kn, kn->zone, kn->keyid, kn->algorithm) < 0) {
0432
2020-04-10
pjp
perror("store_private_key");
0433
2020-04-10
pjp
exit(1);
0434
2020-04-10
pjp
}
0435
2020-04-10
pjp
0436
2020-04-10
pjp
SLIST_INSERT_HEAD(&keyshead, kn, keys_entry);
0437
2020-04-10
pjp
numkeys++;
0438
2020-04-10
pjp
numksk++;
0439
2020-04-10
pjp
0440
2020-04-10
pjp
break;
0441
2020-04-10
pjp
0442
2020-04-10
pjp
case 'm':
0443
2020-04-10
pjp
/* mask */
0444
2020-04-10
pjp
mask = strtoull(optarg, &ep, 16);
0445
2020-04-10
pjp
break;
0446
2020-04-10
pjp
0447
2020-04-10
pjp
case 'n':
0448
2020-04-10
pjp
0449
2020-04-10
pjp
/* zone name */
0450
2020-04-10
pjp
zonename = optarg;
0451
2020-04-10
pjp
0452
2020-04-10
pjp
break;
0453
2020-04-10
pjp
0454
2020-04-10
pjp
case 'o':
0455
2020-04-10
pjp
/* output file */
0456
2020-04-10
pjp
if (optarg[0] == '-')
0457
2020-04-10
pjp
break;
0458
2020-04-10
pjp
0459
2020-04-10
pjp
errno = 0;
0460
2020-04-10
pjp
if (lstat(optarg, &sb) < 0 && errno != ENOENT) {
0461
2020-04-10
pjp
perror("lstat");
0462
2020-04-10
pjp
exit(1);
0463
2020-04-10
pjp
}
0464
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
0465
2020-04-10
pjp
fprintf(stderr, "%s is not a file!\n", optarg);
0466
2020-04-10
pjp
exit(1);
0467
2020-04-10
pjp
}
0468
2020-04-10
pjp
if ((of = fopen(optarg, "w")) == NULL) {
0469
2020-04-10
pjp
perror("fopen");
0470
2020-04-10
pjp
exit(1);
0471
2020-04-10
pjp
}
0472
2020-04-10
pjp
0473
2020-04-10
pjp
break;
0474
2020-04-10
pjp
case 'R':
0475
2020-04-10
pjp
/* rollover method see RFC 7583 section 2.1 */
0476
2020-04-10
pjp
if (strcmp(optarg, "prep") == 0) {
0477
2020-04-10
pjp
rollmethod = ROLLOVER_METHOD_PRE_PUBLICATION;
0478
2020-04-10
pjp
} else if (strcmp(optarg, "double") == 0) {
0479
2020-04-10
pjp
rollmethod = ROLLOVER_METHOD_DOUBLE_SIGNATURE;
0480
2020-04-10
pjp
}
0481
2020-04-10
pjp
0482
2020-04-10
pjp
break;
0483
2020-04-10
pjp
0484
2020-04-10
pjp
case 'S':
0485
2020-04-10
pjp
pid = atoi(optarg);
0486
2020-04-10
pjp
0487
2020-04-10
pjp
break;
0488
2020-04-10
pjp
0489
2020-04-10
pjp
case 's':
0490
2020-04-10
pjp
/* salt */
0491
2020-04-10
pjp
salt = optarg;
0492
2020-04-10
pjp
break;
0493
2020-04-10
pjp
0494
2020-04-10
pjp
case 't':
0495
2020-04-10
pjp
0496
2020-04-10
pjp
/* ttl of the zone */
0497
2020-04-10
pjp
ttl = atoi(optarg);
0498
2020-04-10
pjp
0499
2020-04-10
pjp
break;
0500
2020-04-10
pjp
0501
2020-04-10
pjp
case 'v':
0502
2020-04-10
pjp
/* version */
0503
2020-04-10
pjp
0504
2020-04-10
pjp
printf("%s\n", DD_CONVERT_VERSION);
0505
2020-04-10
pjp
exit(0);
0506
2020-04-10
pjp
0507
2020-04-10
pjp
case 'X':
0508
2020-04-10
pjp
/* update serial */
0509
2020-04-10
pjp
now = time(NULL);
0510
2020-04-10
pjp
tm = localtime(&now);
0511
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d01", tm);
0512
2020-04-10
pjp
serial = atoll(buf);
0513
2020-04-10
pjp
break;
0514
2020-04-10
pjp
0515
2020-04-10
pjp
case 'x':
0516
2020-04-10
pjp
serial = atoll(optarg);
0517
2020-04-10
pjp
break;
0518
2020-04-10
pjp
0519
2020-04-10
pjp
case 'Z':
0520
2020-04-10
pjp
/* create ZSK */
0521
2020-04-10
pjp
create_zsk = 1;
0522
2020-04-10
pjp
break;
0523
2020-04-10
pjp
0524
2020-04-10
pjp
case 'z':
0525
2020-04-10
pjp
/* use ZSK */
0526
2020-04-10
pjp
kn = malloc(sizeof(struct keysentry));
0527
2020-04-10
pjp
if (kn == NULL) {
0528
2020-04-10
pjp
perror("malloc");
0529
2020-04-10
pjp
exit(1);
0530
2020-04-10
pjp
}
0531
2020-04-10
pjp
kn->keyname = strdup(optarg);
0532
2020-04-10
pjp
if (kn->keyname == NULL) {
0533
2020-04-10
pjp
perror("strdup");
0534
2020-04-10
pjp
exit(1);
0535
2020-04-10
pjp
}
0536
2020-04-10
pjp
kn->type = KEYTYPE_ZSK;
0537
2020-04-10
pjp
kn->pid = getkeypid(kn->keyname);
0538
2020-04-10
pjp
#if DEBUG
0539
2020-04-10
pjp
printf("opened %s with pid %u\n", kn->keyname, kn->pid);
0540
2020-04-10
pjp
#endif
0541
2020-04-10
pjp
kn->sign = 0;
0542
2020-04-10
pjp
zsk_key = 1;
0543
2020-04-10
pjp
0544
2020-04-10
pjp
if ((key_zone = key2zone(kn->keyname, &key_ttl, &key_flags, &key_protocol, &key_algorithm, (char *)&key_key, &key_keyid)) == NULL) {
0545
2020-04-10
pjp
perror("key2zone");
0546
2020-04-10
pjp
exit(1);
0547
2020-04-10
pjp
}
0548
2020-04-10
pjp
0549
2020-04-10
pjp
kn->zone = strdup(key_zone);
0550
2020-04-10
pjp
if (kn->zone == NULL) {
0551
2020-04-10
pjp
perror("strdup");
0552
2020-04-10
pjp
exit(1);
0553
2020-04-10
pjp
}
0554
2020-04-10
pjp
kn->ttl = key_ttl;
0555
2020-04-10
pjp
kn->flags = key_flags;
0556
2020-04-10
pjp
kn->protocol = key_protocol;
0557
2020-04-10
pjp
kn->algorithm = key_algorithm;
0558
2020-04-10
pjp
kn->key = strdup(key_key);
0559
2020-04-10
pjp
if (kn->key == NULL) {
0560
2020-04-10
pjp
perror("strdup kn->key");
0561
2020-04-10
pjp
exit(1);
0562
2020-04-10
pjp
}
0563
2020-04-10
pjp
kn->keyid = key_keyid;
0564
2020-04-10
pjp
0565
2020-04-10
pjp
if (store_private_key(kn, kn->zone, kn->keyid, kn->algorithm) < 0) {
0566
2020-04-10
pjp
perror("store_private_key");
0567
2020-04-10
pjp
exit(1);
0568
2020-04-10
pjp
}
0569
2020-04-10
pjp
0570
2020-04-10
pjp
0571
2020-04-10
pjp
SLIST_INSERT_HEAD(&keyshead, kn, keys_entry);
0572
2020-04-10
pjp
numkeys++;
0573
2020-04-10
pjp
numzsk++;
0574
2020-04-10
pjp
0575
2020-04-10
pjp
break;
0576
2020-04-10
pjp
}
0577
2020-04-10
pjp
0578
2020-04-10
pjp
}
0579
2020-04-10
pjp
0580
2020-04-10
pjp
0581
2020-04-10
pjp
if (zonename == NULL) {
0582
2020-04-10
pjp
fprintf(stderr, "must provide a zonename with the -n flag\n");
0583
2020-04-10
pjp
exit(1);
0584
2020-04-10
pjp
}
0585
2020-04-10
pjp
0586
2020-04-10
pjp
if (create_ksk) {
0587
2020-04-10
pjp
kn = malloc(sizeof(struct keysentry));
0588
2020-04-10
pjp
if (kn == NULL) {
0589
2020-04-10
pjp
perror("malloc");
0590
2020-04-10
pjp
exit(1);
0591
2020-04-10
pjp
}
0592
2020-04-10
pjp
0593
2020-04-10
pjp
dolog(LOG_INFO, "creating new KSK (257) algorithm: %s with %d bits, pid ", alg_to_name(algorithm), bits);
0594
2020-04-10
pjp
kn->keyname = create_key(zonename, ttl, 257, algorithm, bits, &newpid);
0595
2020-04-10
pjp
if (kn->keyname == NULL) {
0596
2020-04-10
pjp
dolog(LOG_ERR, "failed.\n");
0597
2020-04-10
pjp
exit(1);
0598
2020-04-10
pjp
}
0599
2020-04-10
pjp
0600
2020-04-10
pjp
kn->type = KEYTYPE_KSK;
0601
2020-04-10
pjp
kn->pid = newpid;
0602
2020-04-10
pjp
kn->sign = 0;
0603
2020-04-10
pjp
ksk_key = 1;
0604
2020-04-10
pjp
0605
2020-04-10
pjp
dolog(LOG_INFO, "%d.\n", newpid);
0606
2020-04-10
pjp
0607
2020-04-10
pjp
if ((key_zone = key2zone(kn->keyname, &key_ttl, &key_flags, &key_protocol, &key_algorithm, (char *)&key_key, &key_keyid)) == NULL) {
0608
2020-04-10
pjp
perror("key2zone");
0609
2020-04-10
pjp
exit(1);
0610
2020-04-10
pjp
}
0611
2020-04-10
pjp
0612
2020-04-10
pjp
kn->zone = strdup(key_zone);
0613
2020-04-10
pjp
if (kn->zone == NULL) {
0614
2020-04-10
pjp
perror("strdup");
0615
2020-04-10
pjp
exit(1);
0616
2020-04-10
pjp
}
0617
2020-04-10
pjp
kn->ttl = key_ttl;
0618
2020-04-10
pjp
kn->flags = key_flags;
0619
2020-04-10
pjp
kn->protocol = key_protocol;
0620
2020-04-10
pjp
kn->algorithm = key_algorithm;
0621
2020-04-10
pjp
kn->key = strdup(key_key);
0622
2020-04-10
pjp
if (kn->key == NULL) {
0623
2020-04-10
pjp
perror("strdup kn->key");
0624
2020-04-10
pjp
exit(1);
0625
2020-04-10
pjp
}
0626
2020-04-10
pjp
kn->keyid = key_keyid;
0627
2020-04-10
pjp
0628
2020-04-10
pjp
0629
2020-04-10
pjp
if (store_private_key(kn, kn->zone, kn->keyid, kn->algorithm) < 0) {
0630
2020-04-10
pjp
perror("store_private_key");
0631
2020-04-10
pjp
exit(1);
0632
2020-04-10
pjp
}
0633
2020-04-10
pjp
0634
2020-04-10
pjp
SLIST_INSERT_HEAD(&keyshead, kn, keys_entry);
0635
2020-04-10
pjp
numkeys++;
0636
2020-04-10
pjp
numksk++;
0637
2020-04-10
pjp
}
0638
2020-04-10
pjp
if (create_zsk) {
0639
2020-04-10
pjp
kn = malloc(sizeof(struct keysentry));
0640
2020-04-10
pjp
if (kn == NULL) {
0641
2020-04-10
pjp
perror("malloc");
0642
2020-04-10
pjp
exit(1);
0643
2020-04-10
pjp
}
0644
2020-04-10
pjp
dolog(LOG_INFO, "creating new ZSK (256) algorithm: %s with %d bits, pid ", alg_to_name(algorithm), bits);
0645
2020-04-10
pjp
kn->keyname = create_key(zonename, ttl, 256, algorithm, bits, &newpid);
0646
2020-04-10
pjp
if (kn->keyname == NULL) {
0647
2020-04-10
pjp
dolog(LOG_ERR, "failed.\n");
0648
2020-04-10
pjp
exit(1);
0649
2020-04-10
pjp
}
0650
2020-04-10
pjp
0651
2020-04-10
pjp
kn->type = KEYTYPE_ZSK;
0652
2020-04-10
pjp
kn->pid = newpid;
0653
2020-04-10
pjp
kn->sign = 0;
0654
2020-04-10
pjp
zsk_key = 1;
0655
2020-04-10
pjp
0656
2020-04-10
pjp
dolog(LOG_INFO, "%d.\n", newpid);
0657
2020-04-10
pjp
0658
2020-04-10
pjp
if ((key_zone = key2zone(kn->keyname, &key_ttl, &key_flags, &key_protocol, &key_algorithm, (char *)&key_key, &key_keyid)) == NULL) {
0659
2020-04-10
pjp
perror("key2zone");
0660
2020-04-10
pjp
exit(1);
0661
2020-04-10
pjp
}
0662
2020-04-10
pjp
0663
2020-04-10
pjp
kn->zone = strdup(key_zone);
0664
2020-04-10
pjp
if (kn->zone == NULL) {
0665
2020-04-10
pjp
perror("strdup");
0666
2020-04-10
pjp
exit(1);
0667
2020-04-10
pjp
}
0668
2020-04-10
pjp
kn->ttl = key_ttl;
0669
2020-04-10
pjp
kn->flags = key_flags;
0670
2020-04-10
pjp
kn->protocol = key_protocol;
0671
2020-04-10
pjp
kn->algorithm = key_algorithm;
0672
2020-04-10
pjp
kn->key = strdup(key_key);
0673
2020-04-10
pjp
if (kn->key == NULL) {
0674
2020-04-10
pjp
perror("strdup kn->key");
0675
2020-04-10
pjp
exit(1);
0676
2020-04-10
pjp
}
0677
2020-04-10
pjp
kn->keyid = key_keyid;
0678
2020-04-10
pjp
0679
2020-04-10
pjp
if (store_private_key(kn, kn->zone, kn->keyid, kn->algorithm) < 0) {
0680
2020-04-10
pjp
perror("store_private_key");
0681
2020-04-10
pjp
exit(1);
0682
2020-04-10
pjp
}
0683
2020-04-10
pjp
0684
2020-04-10
pjp
0685
2020-04-10
pjp
SLIST_INSERT_HEAD(&keyshead, kn, keys_entry);
0686
2020-04-10
pjp
numkeys++;
0687
2020-04-10
pjp
numzsk++;
0688
2020-04-10
pjp
}
0689
2020-04-10
pjp
0690
2020-04-10
pjp
if (zonefile == NULL || zonename == NULL) {
0691
2020-04-10
pjp
if (create_zsk || create_ksk) {
0692
2020-04-10
pjp
fprintf(stderr, "key(s) created\n");
0693
2020-04-10
pjp
exit(0);
0694
2020-04-10
pjp
}
0695
2020-04-10
pjp
0696
2020-04-10
pjp
fprintf(stderr, "must provide a zonefile and a zonename!\n");
0697
2020-04-10
pjp
exit(1);
0698
2020-04-10
pjp
}
0699
2020-04-10
pjp
0700
2020-04-10
pjp
if (ksk_key == 0 || zsk_key == 0) {
0701
2020-04-10
pjp
dolog(LOG_INFO, "must specify both a ksk and a zsk key! or -z -k\n");
0702
2020-04-10
pjp
exit(1);
0703
2020-04-10
pjp
}
0704
2020-04-10
pjp
0705
2020-04-10
pjp
0706
2020-04-10
pjp
/* check what keys we sign or not */
0707
2020-04-10
pjp
if ((rollmethod == ROLLOVER_METHOD_PRE_PUBLICATION && numkeys > 3) ||
0708
2020-04-10
pjp
(rollmethod == ROLLOVER_METHOD_DOUBLE_SIGNATURE && numkeys > 4)) {
0709
2020-04-10
pjp
switch (rollmethod) {
0710
2020-04-10
pjp
case ROLLOVER_METHOD_PRE_PUBLICATION:
0711
2020-04-10
pjp
dolog(LOG_INFO, "rollover pre-publication method: can't roll-over more than 1 key at a time! numkeys > 3\n");
0712
2020-04-10
pjp
break;
0713
2020-04-10
pjp
case ROLLOVER_METHOD_DOUBLE_SIGNATURE:
0714
2020-04-10
pjp
dolog(LOG_INFO, "rollover double-signature method: can't roll-over more than 2 keys at a time! numkeys > 4\n");
0715
2020-04-10
pjp
break;
0716
2020-04-10
pjp
}
0717
2020-04-10
pjp
0718
2020-04-10
pjp
exit(1);
0719
2020-04-10
pjp
} else if ((numkeys > 2 && rollmethod == ROLLOVER_METHOD_DOUBLE_SIGNATURE) || numkeys == 2) {
0720
2020-04-10
pjp
#if 0
0721
2020-04-10
pjp
} else if (numkeys == 2) {
0722
2020-04-10
pjp
#endif
0723
2020-04-10
pjp
/* sign them all */
0724
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0725
2020-04-10
pjp
knp->sign = 1;
0726
2020-04-10
pjp
}
0727
2020-04-10
pjp
} else {
0728
2020-04-10
pjp
/* we can only be pre-publication method and have 3 keys now */
0729
2020-04-10
pjp
if (pid == -1) {
0730
2020-04-10
pjp
fprintf(stderr, "pre-publication rollover: you specified three keys, please select one for signing (with -S pid)!\n");
0731
2020-04-10
pjp
exit(1);
0732
2020-04-10
pjp
}
0733
2020-04-10
pjp
0734
2020-04-10
pjp
search = KEYTYPE_NONE;
0735
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0736
2020-04-10
pjp
if (knp->pid == pid) {
0737
2020-04-10
pjp
knp->sign = 1;
0738
2020-04-10
pjp
search = (knp->type == KEYTYPE_KSK) ? KEYTYPE_ZSK : KEYTYPE_KSK;
0739
2020-04-10
pjp
break;
0740
2020-04-10
pjp
}
0741
2020-04-10
pjp
}
0742
2020-04-10
pjp
0743
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0744
2020-04-10
pjp
if (search == knp->type && knp->sign == 0)
0745
2020-04-10
pjp
knp->sign = 1;
0746
2020-04-10
pjp
} /* SLIST_FOREACH */
0747
2020-04-10
pjp
} /* numkeys == 3 */
0748
2020-04-10
pjp
0749
2020-04-10
pjp
#if DEBUG
0750
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0751
2020-04-10
pjp
printf("%s pid: %u %s\n", knp->keyname, knp->pid, knp->sign ? "<--" : "" );
0752
2020-04-10
pjp
}
0753
2020-04-10
pjp
#endif
0754
2020-04-10
pjp
#if DEBUG
0755
2020-04-10
pjp
printf("zonefile is %s\n", zonefile);
0756
2020-04-10
pjp
#endif
0757
2020-04-10
pjp
0758
2020-04-10
pjp
/* open the database(s) */
0759
2020-04-10
pjp
db = dddbopen();
0760
2020-04-10
pjp
if (db == NULL) {
0761
2020-04-10
pjp
dolog(LOG_INFO, "dddbopen() failed\n");
0762
2020-04-10
pjp
exit(1);
0763
2020-04-10
pjp
}
0764
2020-04-10
pjp
0765
2020-04-10
pjp
/* now we start reading our configfile */
0766
2020-04-10
pjp
0767
2020-04-10
pjp
if ((mask & MASK_PARSE_FILE) && parse_file(db, zonefile, parseflags) < 0) {
0768
2020-04-10
pjp
dolog(LOG_INFO, "parsing config file failed\n");
0769
2020-04-10
pjp
exit(1);
0770
2020-04-10
pjp
}
0771
2020-04-10
pjp
0772
2020-04-10
pjp
/* create ENT list */
0773
2020-04-10
pjp
if (init_entlist(db) < 0) {
0774
2020-04-10
pjp
dolog(LOG_INFO, "creating entlist failed\n");
0775
2020-04-10
pjp
exit(1);
0776
2020-04-10
pjp
}
0777
2020-04-10
pjp
0778
2020-04-10
pjp
/* update any serial updates here */
0779
2020-04-10
pjp
if (serial)
0780
2020-04-10
pjp
update_soa_serial(db, zonename, serial);
0781
2020-04-10
pjp
0782
2020-04-10
pjp
/* three passes to "sign" our zones */
0783
2020-04-10
pjp
/* first pass, add dnskey records, on apex */
0784
2020-04-10
pjp
0785
2020-04-10
pjp
if ((mask & MASK_ADD_DNSKEY) && add_dnskey(db) < 0) {
0786
2020-04-10
pjp
dolog(LOG_INFO, "add_dnskey failed\n");
0787
2020-04-10
pjp
exit(1);
0788
2020-04-10
pjp
}
0789
2020-04-10
pjp
0790
2020-04-10
pjp
/* second pass construct NSEC3 records, including ENT's */
0791
2020-04-10
pjp
0792
2020-04-10
pjp
if ((mask & MASK_CONSTRUCT_NSEC3) && construct_nsec3(db, zonename, iterations, salt) < 0) {
0793
2020-04-10
pjp
dolog(LOG_INFO, "construct nsec3 failed\n");
0794
2020-04-10
pjp
exit(1);
0795
2020-04-10
pjp
}
0796
2020-04-10
pjp
0797
2020-04-10
pjp
/* third pass calculate RRSIG's for every RR set */
0798
2020-04-10
pjp
0799
2020-04-10
pjp
if ((mask & MASK_CALCULATE_RRSIGS) && calculate_rrsigs(db, zonename, expiry, rollmethod) < 0) {
0800
2020-04-10
pjp
dolog(LOG_INFO, "calculate rrsigs failed\n");
0801
2020-04-10
pjp
exit(1);
0802
2020-04-10
pjp
}
0803
2020-04-10
pjp
0804
2020-04-10
pjp
/* calculate ds */
0805
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0806
2020-04-10
pjp
if ((mask & MASK_CREATE_DS) && create_ds(db, zonename, knp) < 0) {
0807
2020-04-10
pjp
dolog(LOG_INFO, "create_ds failed\n");
0808
2020-04-10
pjp
exit(1);
0809
2020-04-10
pjp
}
0810
2020-04-10
pjp
}
0811
2020-04-10
pjp
0812
2020-04-10
pjp
/* free private keys */
0813
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0814
2020-04-10
pjp
free_private_key(knp);
0815
2020-04-10
pjp
}
0816
2020-04-10
pjp
0817
2020-04-10
pjp
/* write new zone file */
0818
2020-04-10
pjp
if ((mask & MASK_DUMP_DB) && dump_db(db, of, zonename) < 0)
0819
2020-04-10
pjp
exit (1);
0820
2020-04-10
pjp
0821
2020-04-10
pjp
0822
2020-04-10
pjp
exit(0);
0823
2020-04-10
pjp
}
0824
2020-04-10
pjp
0825
2020-04-10
pjp
0826
2020-04-10
pjp
int
0827
2020-04-10
pjp
add_dnskey(ddDB *db)
0828
2020-04-10
pjp
{
0829
2020-04-10
pjp
char key[4096];
0830
2020-04-10
pjp
char *zone;
0831
2020-04-10
pjp
uint32_t ttl;
0832
2020-04-10
pjp
uint16_t flags;
0833
2020-04-10
pjp
uint8_t protocol;
0834
2020-04-10
pjp
uint8_t algorithm;
0835
2020-04-10
pjp
int keyid;
0836
2020-04-10
pjp
0837
2020-04-10
pjp
/* first the zsk */
0838
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0839
2020-04-10
pjp
if (knp->type == KEYTYPE_ZSK) {
0840
2020-04-10
pjp
if ((zone = get_key(knp, &ttl, &flags, &protocol, &algorithm, (char *)&key, sizeof(key), &keyid)) == NULL) {
0841
2020-04-10
pjp
dolog(LOG_INFO, "get_key: %s\n", knp->keyname);
0842
2020-04-10
pjp
return -1;
0843
2020-04-10
pjp
}
0844
2020-07-06
pjp
if (fill_dnskey(db, zone, "dnskey", ttl, flags, protocol, algorithm, key) < 0) {
0845
2020-04-10
pjp
return -1;
0846
2020-04-10
pjp
}
0847
2020-04-10
pjp
} /* if ZSK */
0848
2020-04-10
pjp
} /* SLIST_FOREACH */
0849
2020-04-10
pjp
0850
2020-04-10
pjp
/* now the ksk */
0851
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0852
2020-04-10
pjp
if (knp->type == KEYTYPE_KSK) {
0853
2020-04-10
pjp
if ((zone = get_key(knp, &ttl, &flags, &protocol, &algorithm, (char *)&key, sizeof(key), &keyid)) == NULL) {
0854
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", knp->keyname);
0855
2020-04-10
pjp
return -1;
0856
2020-04-10
pjp
}
0857
2020-07-06
pjp
if (fill_dnskey(db, zone, "dnskey", ttl, flags, protocol, algorithm, key) < 0) {
0858
2020-04-10
pjp
return -1;
0859
2020-04-10
pjp
}
0860
2020-04-10
pjp
} /* if KSK */
0861
2020-04-10
pjp
} /* SLIST_FOREACH */
0862
2020-04-10
pjp
0863
2020-04-10
pjp
return 0;
0864
2020-04-10
pjp
}
0865
2020-04-10
pjp
0866
2020-04-10
pjp
char *
0867
2020-04-10
pjp
parse_keyfile(int fd, uint32_t *ttl, uint16_t *flags, uint8_t *protocol, uint8_t *algorithm, char *key, int *keyid)
0868
2020-04-10
pjp
{
0869
2020-04-10
pjp
static char retbuf[256];
0870
2020-04-10
pjp
char buf[8192];
0871
2020-04-10
pjp
char *p, *q;
0872
2020-04-10
pjp
FILE *f;
0873
2020-04-10
pjp
0874
2020-04-10
pjp
if ((f = fdopen(fd, "r")) == NULL)
0875
2020-04-10
pjp
return NULL;
0876
2020-04-10
pjp
0877
2020-04-10
pjp
while (fgets(buf, sizeof(buf), f) != NULL) {
0878
2020-04-10
pjp
if (buf[0] == ';') {
0879
2020-04-10
pjp
if ((p = strstr(buf, "keyid ")) != NULL) {
0880
2020-04-10
pjp
p += 6;
0881
2020-04-10
pjp
q = strchr(p, ' ');
0882
2020-04-10
pjp
if (q == NULL)
0883
2020-04-10
pjp
return NULL;
0884
2020-04-10
pjp
*q = '\0';
0885
2020-04-10
pjp
pack32((char *)keyid, atoi(p));
0886
2020-04-10
pjp
}
0887
2020-04-10
pjp
0888
2020-04-10
pjp
continue;
0889
2020-04-10
pjp
}
0890
2020-04-10
pjp
}
0891
2020-04-10
pjp
0892
2020-04-10
pjp
/* name */
0893
2020-04-10
pjp
p = &buf[0];
0894
2020-04-10
pjp
q = strchr(p, ' ');
0895
2020-04-10
pjp
if (q == NULL) {
0896
2020-04-10
pjp
return NULL;
0897
2020-04-10
pjp
}
0898
2020-04-10
pjp
0899
2020-04-10
pjp
*q++ = '\0';
0900
2020-04-10
pjp
0901
2020-04-10
pjp
strlcpy(retbuf, p, sizeof(retbuf));
0902
2020-04-10
pjp
/* ttl */
0903
2020-04-10
pjp
p = q;
0904
2020-04-10
pjp
0905
2020-04-10
pjp
q = strchr(p, ' ');
0906
2020-04-10
pjp
if (q == NULL)
0907
2020-04-10
pjp
return NULL;
0908
2020-04-10
pjp
0909
2020-04-10
pjp
*q++ = '\0';
0910
2020-04-10
pjp
*ttl = atoi(p);
0911
2020-04-10
pjp
/* IN/DNSKEY/ flags */
0912
2020-04-10
pjp
p = q;
0913
2020-04-10
pjp
q = strchr(p, ' ');
0914
2020-04-10
pjp
if (q == NULL)
0915
2020-04-10
pjp
return NULL;
0916
2020-04-10
pjp
q++;
0917
2020-04-10
pjp
p = q;
0918
2020-04-10
pjp
q = strchr(p, ' ');
0919
2020-04-10
pjp
if (q == NULL)
0920
2020-04-10
pjp
return NULL;
0921
2020-04-10
pjp
q++;
0922
2020-04-10
pjp
p = q;
0923
2020-04-10
pjp
q = strchr(p, ' ');
0924
2020-04-10
pjp
if (q == NULL)
0925
2020-04-10
pjp
return NULL;
0926
2020-04-10
pjp
*q++ = '\0';
0927
2020-04-10
pjp
*flags = atoi(p);
0928
2020-04-10
pjp
/* protocol */
0929
2020-04-10
pjp
p = q;
0930
2020-04-10
pjp
q = strchr(p, ' ');
0931
2020-04-10
pjp
if (q == NULL)
0932
2020-04-10
pjp
return NULL;
0933
2020-04-10
pjp
*q++ = '\0';
0934
2020-04-10
pjp
*protocol = atoi(p);
0935
2020-04-10
pjp
/* algorithm */
0936
2020-04-10
pjp
p = q;
0937
2020-04-10
pjp
q = strchr(p, ' ');
0938
2020-04-10
pjp
if (q == NULL)
0939
2020-04-10
pjp
return NULL;
0940
2020-04-10
pjp
*q++ = '\0';
0941
2020-04-10
pjp
*algorithm = atoi(p);
0942
2020-04-10
pjp
/* key */
0943
2020-04-10
pjp
p = q;
0944
2020-04-10
pjp
0945
2020-04-10
pjp
q = key;
0946
2020-04-10
pjp
while (*p) {
0947
2020-04-10
pjp
if (*p == ' ' || *p == '\n' || *p == '\r') {
0948
2020-04-10
pjp
p++;
0949
2020-04-10
pjp
continue;
0950
2020-04-10
pjp
}
0951
2020-04-10
pjp
0952
2020-04-10
pjp
*q++ = *p++;
0953
2020-04-10
pjp
}
0954
2020-04-10
pjp
*q = '\0';
0955
2020-04-10
pjp
0956
2020-04-10
pjp
return (&retbuf[0]);
0957
2020-04-10
pjp
}
0958
2020-04-10
pjp
0959
2020-04-10
pjp
int
0960
2020-04-10
pjp
dump_db(ddDB *db, FILE *of, char *zonename)
0961
2020-04-10
pjp
{
0962
2020-04-10
pjp
int j, rs;
0963
2020-04-10
pjp
0964
2020-04-10
pjp
ddDBT key, data;
0965
2020-04-10
pjp
0966
2020-04-10
pjp
struct node *n, *nx;
0967
2020-04-10
pjp
struct rbtree *rbt0, *rbt;
0968
2020-04-10
pjp
0969
2020-04-10
pjp
char *dnsname;
0970
2020-04-10
pjp
int labellen;
0971
2020-04-10
pjp
0972
2020-04-10
pjp
fprintf(of, "; this file is automatically generated, do NOT edit\n");
0973
2020-04-10
pjp
fprintf(of, "; it was generated by dddctl.c\n");
0974
2020-04-10
pjp
0975
2020-04-10
pjp
fprintf(of, "zone \"%s\" {\n", zonename);
0976
2020-04-10
pjp
0977
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
0978
2020-04-10
pjp
if (dnsname == NULL)
0979
2020-04-10
pjp
return -1;
0980
2020-04-10
pjp
0981
2020-04-10
pjp
if ((rbt0 = Lookup_zone(db, dnsname, labellen, DNS_TYPE_SOA, 0)) == NULL) {
0982
2020-04-10
pjp
return -1;
0983
2020-04-10
pjp
}
0984
2020-04-10
pjp
0985
2020-04-10
pjp
if (print_rbt(of, rbt0) < 0) {
0986
2020-04-10
pjp
fprintf(stderr, "print_rbt error\n");
0987
2020-04-10
pjp
return -1;
0988
2020-04-10
pjp
}
0989
2020-04-10
pjp
0990
2020-04-10
pjp
memset(&key, 0, sizeof(key));
0991
2020-04-10
pjp
memset(&data, 0, sizeof(data));
0992
2020-04-10
pjp
0993
2020-04-10
pjp
j = 0;
0994
2020-04-10
pjp
RB_FOREACH_SAFE(n, domaintree, &db->head, nx) {
0995
2020-04-10
pjp
rs = n->datalen;
0996
2020-04-10
pjp
if ((rbt = calloc(1, rs)) == NULL) {
0997
2020-04-10
pjp
dolog(LOG_INFO, "calloc: %s\n", strerror(errno));
0998
2020-04-10
pjp
exit(1);
0999
2020-04-10
pjp
}
1000
2020-04-10
pjp
1001
2020-04-10
pjp
memcpy((char *)rbt, (char *)n->data, n->datalen);
1002
2020-04-10
pjp
1003
2020-04-10
pjp
if (rbt->zonelen == rbt0->zonelen &&
1004
2020-04-10
pjp
memcasecmp(rbt->zone, rbt0->zone, rbt->zonelen) == 0) {
1005
2020-04-10
pjp
continue;
1006
2020-04-10
pjp
}
1007
2020-04-10
pjp
1008
2020-04-10
pjp
if (print_rbt(of, rbt) < 0) {
1009
2020-04-10
pjp
fprintf(stderr, "print_rbt error\n");
1010
2020-04-10
pjp
return -1;
1011
2020-04-10
pjp
}
1012
2020-04-10
pjp
1013
2020-04-10
pjp
j++;
1014
2020-04-10
pjp
}
1015
2020-04-10
pjp
1016
2020-04-10
pjp
fprintf(of, "}\n");
1017
2020-04-10
pjp
1018
2020-04-10
pjp
#if DEBUG
1019
2020-04-10
pjp
printf("%d records\n", j);
1020
2020-04-10
pjp
#endif
1021
2020-04-10
pjp
return (0);
1022
2020-04-10
pjp
}
1023
2020-04-10
pjp
1024
2020-04-10
pjp
char *
1025
2020-04-10
pjp
create_key(char *zonename, int ttl, int flags, int algorithm, int bits, uint32_t *pid)
1026
2020-04-10
pjp
{
1027
2020-04-10
pjp
switch (algorithm) {
1028
2020-04-10
pjp
case ALGORITHM_RSASHA1_NSEC3_SHA1:
1029
2020-04-10
pjp
case ALGORITHM_RSASHA256:
1030
2020-04-10
pjp
case ALGORITHM_RSASHA512:
1031
2020-04-10
pjp
return (create_key_rsa(zonename, ttl, flags, algorithm, bits, pid));
1032
2020-04-10
pjp
break;
1033
2020-04-10
pjp
case ALGORITHM_ECDSAP256SHA256:
1034
2020-04-10
pjp
return (create_key_ec(zonename, ttl, flags, algorithm, bits, pid));
1035
2020-04-10
pjp
break;
1036
2020-04-10
pjp
default:
1037
2020-04-10
pjp
dolog(LOG_INFO, "invalid algorithm in key\n");
1038
2020-04-10
pjp
break;
1039
2020-04-10
pjp
}
1040
2020-04-10
pjp
1041
2020-04-10
pjp
return NULL;
1042
2020-04-10
pjp
}
1043
2020-04-10
pjp
1044
2020-04-10
pjp
char *
1045
2020-04-10
pjp
create_key_ec(char *zonename, int ttl, int flags, int algorithm, int bits, uint32_t *pid)
1046
2020-04-10
pjp
{
1047
2020-04-10
pjp
FILE *f;
1048
2020-04-10
pjp
EC_KEY *eckey;
1049
2020-04-10
pjp
EC_GROUP *ecgroup;
1050
2020-04-10
pjp
const BIGNUM *ecprivatekey;
1051
2020-04-10
pjp
const EC_POINT *ecpublickey;
1052
2020-04-10
pjp
1053
2020-04-10
pjp
struct stat sb;
1054
2020-04-10
pjp
1055
2020-04-10
pjp
char bin[4096];
1056
2020-04-10
pjp
char b64[4096];
1057
2020-04-10
pjp
char tmp[4096];
1058
2020-04-10
pjp
char buf[512];
1059
2020-04-10
pjp
char *retval;
1060
2020-04-10
pjp
char *p;
1061
2020-04-10
pjp
1062
2020-04-10
pjp
int binlen;
1063
2020-04-10
pjp
1064
2020-04-10
pjp
mode_t savemask;
1065
2020-04-10
pjp
time_t now;
1066
2020-04-10
pjp
struct tm *tm;
1067
2020-04-10
pjp
1068
2020-04-10
pjp
if (algorithm != ALGORITHM_ECDSAP256SHA256) {
1069
2020-04-10
pjp
return NULL;
1070
2020-04-10
pjp
}
1071
2020-04-10
pjp
1072
2020-04-10
pjp
eckey = EC_KEY_new();
1073
2020-04-10
pjp
if (eckey == NULL) {
1074
2020-04-10
pjp
dolog(LOG_ERR, "EC_KEY_new(): %s\n", strerror(errno));
1075
2020-04-10
pjp
return NULL;
1076
2020-04-10
pjp
}
1077
2020-04-10
pjp
1078
2020-04-10
pjp
ecgroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
1079
2020-04-10
pjp
if (ecgroup == NULL) {
1080
2020-04-10
pjp
dolog(LOG_ERR, "EC_GROUP_new_by_curve_name(): %s\n", strerror(errno));
1081
2020-04-10
pjp
EC_KEY_free(eckey);
1082
2020-04-10
pjp
return NULL;
1083
2020-04-10
pjp
}
1084
2020-04-10
pjp
1085
2020-04-10
pjp
if (EC_KEY_set_group(eckey, ecgroup) != 1) {
1086
2020-04-10
pjp
dolog(LOG_ERR, "EC_KEY_set_group(): %s\n", strerror(errno));
1087
2020-04-10
pjp
goto out;
1088
2020-04-10
pjp
}
1089
2020-04-10
pjp
1090
2020-04-10
pjp
/* XXX create EC key here */
1091
2020-04-10
pjp
if (EC_KEY_generate_key(eckey) == 0) {
1092
2020-04-10
pjp
dolog(LOG_ERR, "EC_KEY_generate_key(): %s\n", strerror(errno));
1093
2020-04-10
pjp
goto out;
1094
2020-04-10
pjp
}
1095
2020-04-10
pjp
1096
2020-04-10
pjp
ecprivatekey = EC_KEY_get0_private_key(eckey);
1097
2020-04-10
pjp
if (ecprivatekey == NULL) {
1098
2020-04-10
pjp
dolog(LOG_INFO, "EC_KEY_get0_private_key(): %s\n", strerror(errno));
1099
2020-04-10
pjp
goto out;
1100
2020-04-10
pjp
}
1101
2020-04-10
pjp
1102
2020-04-10
pjp
ecpublickey = EC_KEY_get0_public_key(eckey);
1103
2020-04-10
pjp
if (ecpublickey == NULL) {
1104
2020-04-10
pjp
dolog(LOG_ERR, "EC_KEY_get0_public_key(): %s\n", strerror(errno));
1105
2020-04-10
pjp
goto out;
1106
2020-04-10
pjp
}
1107
2020-04-10
pjp
1108
2020-04-10
pjp
*pid = create_key_ec_getpid(eckey, ecgroup, (EC_POINT *)ecpublickey, algorithm, flags);
1109
2020-04-10
pjp
if (*pid == -1) {
1110
2020-04-10
pjp
dolog(LOG_ERR, "create_key_ec_getpid(): %s\n", strerror(errno));
1111
2020-04-10
pjp
goto out;
1112
2020-04-10
pjp
}
1113
2020-04-10
pjp
1114
2020-04-10
pjp
/* check for collisions, XXX should be rare */
1115
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
1116
2020-04-10
pjp
if (knp->pid == *pid)
1117
2020-04-10
pjp
break;
1118
2020-04-10
pjp
}
1119
2020-04-10
pjp
1120
2020-04-10
pjp
if (knp != NULL) {
1121
2020-04-10
pjp
dolog(LOG_INFO, "create_key: collision with existing pid %d\n", *pid);
1122
2020-04-10
pjp
EC_GROUP_free(ecgroup);
1123
2020-04-10
pjp
EC_KEY_free(eckey);
1124
2020-04-10
pjp
return (create_key_ec(zonename, ttl, flags, algorithm, bits, pid));
1125
2020-04-10
pjp
}
1126
2020-04-10
pjp
1127
2020-04-10
pjp
snprintf(buf, sizeof(buf), "K%s%s+%03d+%d", zonename,
1128
2020-04-10
pjp
(zonename[strlen(zonename) - 1] == '.') ? "" : ".",
1129
2020-04-10
pjp
algorithm, *pid);
1130
2020-04-10
pjp
1131
2020-04-10
pjp
retval = strdup(buf);
1132
2020-04-10
pjp
if (retval == NULL) {
1133
2020-04-10
pjp
dolog(LOG_INFO, "strdup: %s\n", strerror(errno));
1134
2020-04-10
pjp
goto out;
1135
2020-04-10
pjp
}
1136
2020-04-10
pjp
1137
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1138
2020-04-10
pjp
1139
2020-04-10
pjp
savemask = umask(077);
1140
2020-04-10
pjp
1141
2020-04-10
pjp
errno = 0;
1142
2020-04-10
pjp
if (lstat(buf, &sb) < 0 && errno != ENOENT) {
1143
2020-04-10
pjp
perror("lstat");
1144
2020-04-10
pjp
goto out;
1145
2020-04-10
pjp
}
1146
2020-04-10
pjp
1147
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
1148
2020-04-10
pjp
dolog(LOG_INFO, "%s is not a file!\n", buf);
1149
2020-04-10
pjp
goto out;
1150
2020-04-10
pjp
}
1151
2020-04-10
pjp
1152
2020-04-10
pjp
f = fopen(buf, "w+");
1153
2020-04-10
pjp
if (f == NULL) {
1154
2020-04-10
pjp
dolog(LOG_INFO, "fopen: %s\n", strerror(errno));
1155
2020-04-10
pjp
goto out;
1156
2020-04-10
pjp
}
1157
2020-04-10
pjp
1158
2020-04-10
pjp
fprintf(f, "Private-key-format: v1.3\n");
1159
2020-04-10
pjp
fprintf(f, "Algorithm: %d (%s)\n", algorithm, alg_to_name(algorithm));
1160
2020-04-10
pjp
/* PrivateKey */
1161
2020-04-10
pjp
binlen = BN_bn2bin(ecprivatekey, (char *)&bin);
1162
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1163
2020-04-10
pjp
fprintf(f, "PrivateKey: %s\n", b64);
1164
2020-04-10
pjp
1165
2020-04-10
pjp
now = time(NULL);
1166
2020-04-10
pjp
tm = gmtime(&now);
1167
2020-04-10
pjp
1168
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", tm);
1169
2020-04-10
pjp
fprintf(f, "Created: %s\n", buf);
1170
2020-04-10
pjp
fprintf(f, "Publish: %s\n", buf);
1171
2020-04-10
pjp
fprintf(f, "Activate: %s\n", buf);
1172
2020-04-10
pjp
fclose(f);
1173
2020-04-10
pjp
1174
2020-04-10
pjp
/* now for the EC public .key */
1175
2020-04-10
pjp
1176
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.key", retval);
1177
2020-04-10
pjp
umask(savemask);
1178
2020-04-10
pjp
1179
2020-04-10
pjp
errno = 0;
1180
2020-04-10
pjp
if (lstat(buf, &sb) < 0 && errno != ENOENT) {
1181
2020-04-10
pjp
perror("lstat");
1182
2020-04-10
pjp
goto out;
1183
2020-04-10
pjp
}
1184
2020-04-10
pjp
1185
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
1186
2020-04-10
pjp
dolog(LOG_INFO, "%s is not a file!\n", buf);
1187
2020-04-10
pjp
goto out;
1188
2020-04-10
pjp
}
1189
2020-04-10
pjp
1190
2020-04-10
pjp
f = fopen(buf, "w+");
1191
2020-04-10
pjp
if (f == NULL) {
1192
2020-04-10
pjp
dolog(LOG_INFO, "fopen: %s\n", strerror(errno));
1193
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1194
2020-04-10
pjp
unlink(buf);
1195
2020-04-10
pjp
goto out;
1196
2020-04-10
pjp
}
1197
2020-04-10
pjp
1198
2020-04-10
pjp
fprintf(f, "; This is a %s key, keyid %u, for %s%s\n", (flags == 257) ? "key-signing" : "zone-signing", *pid, zonename, (zonename[strlen(zonename) - 1] == '.') ? "" : ".");
1199
2020-04-10
pjp
1200
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", tm);
1201
2020-04-10
pjp
strftime(bin, sizeof(bin), "%c", tm);
1202
2020-04-10
pjp
fprintf(f, "; Created: %s (%s)\n", buf, bin);
1203
2020-04-10
pjp
fprintf(f, "; Publish: %s (%s)\n", buf, bin);
1204
2020-04-10
pjp
fprintf(f, "; Activate: %s (%s)\n", buf, bin);
1205
2020-04-10
pjp
1206
2020-04-10
pjp
if ((binlen = EC_POINT_point2oct(ecgroup, ecpublickey, POINT_CONVERSION_UNCOMPRESSED, tmp, sizeof(tmp), NULL)) == 0) {
1207
2020-04-10
pjp
dolog(LOG_ERR, "EC_POINT_point2oct(): %s\n", strerror(errno));
1208
2020-04-10
pjp
fclose(f);
1209
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1210
2020-04-10
pjp
unlink(buf);
1211
2020-04-10
pjp
goto out;
1212
2020-04-10
pjp
}
1213
2020-04-10
pjp
1214
2020-04-10
pjp
/*
1215
2020-04-10
pjp
* taken from PowerDNS's opensslsigners.cc, apparently to get to the
1216
2020-04-10
pjp
* real public key one has to take out a byte and reduce the length
1217
2020-04-10
pjp
*/
1218
2020-04-10
pjp
1219
2020-04-10
pjp
p = tmp;
1220
2020-04-10
pjp
p++;
1221
2020-04-10
pjp
binlen--;
1222
2020-04-10
pjp
1223
2020-08-08
pjp
mybase64_encode(p, binlen, b64, sizeof(b64));
1224
2020-04-10
pjp
fprintf(f, "%s%s %d IN DNSKEY %d 3 %d %s\n", zonename, (zonename[strlen(zonename) - 1] == '.') ? "" : ".", ttl, flags, algorithm, b64);
1225
2020-04-10
pjp
1226
2020-04-10
pjp
fclose(f);
1227
2020-04-10
pjp
1228
2020-04-10
pjp
EC_GROUP_free(ecgroup);
1229
2020-04-10
pjp
EC_KEY_free(eckey);
1230
2020-04-10
pjp
1231
2020-04-10
pjp
return (retval);
1232
2020-04-10
pjp
1233
2020-04-10
pjp
out:
1234
2020-04-10
pjp
EC_GROUP_free(ecgroup);
1235
2020-04-10
pjp
EC_KEY_free(eckey);
1236
2020-04-10
pjp
1237
2020-04-10
pjp
return NULL;
1238
2020-04-10
pjp
}
1239
2020-04-10
pjp
1240
2020-04-10
pjp
int
1241
2020-04-10
pjp
create_key_ec_getpid(EC_KEY *eckey, EC_GROUP *ecgroup, EC_POINT *ecpublickey, int algorithm, int flags)
1242
2020-04-10
pjp
{
1243
2020-04-10
pjp
int binlen;
1244
2020-04-10
pjp
char *tmp, *p, *q;
1245
2020-04-10
pjp
char bin[4096];
1246
2020-04-10
pjp
1247
2020-04-10
pjp
p = &bin[0];
1248
2020-04-10
pjp
pack16(p, htons(flags));
1249
2020-04-10
pjp
p += 2;
1250
2020-04-10
pjp
pack8(p, 3); /* protocol always 3 */
1251
2020-04-10
pjp
p++;
1252
2020-04-10
pjp
pack8(p, algorithm);
1253
2020-04-10
pjp
p++;
1254
2020-04-10
pjp
1255
2020-04-10
pjp
binlen = EC_POINT_point2oct(ecgroup, ecpublickey, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
1256
2020-04-10
pjp
1257
2020-04-10
pjp
if (binlen == 0) {
1258
2020-04-10
pjp
dolog(LOG_ERR, "EC_POINT_point2oct(): %s\n", strerror(errno));
1259
2020-04-10
pjp
return -1;
1260
2020-04-10
pjp
}
1261
2020-04-10
pjp
1262
2020-04-10
pjp
tmp = malloc(binlen);
1263
2020-04-10
pjp
if (tmp == NULL) {
1264
2020-04-10
pjp
dolog(LOG_ERR, "malloc: %s\n", strerror(errno));
1265
2020-04-10
pjp
return (-1);
1266
2020-04-10
pjp
}
1267
2020-04-10
pjp
1268
2020-04-10
pjp
if (EC_POINT_point2oct(ecgroup, ecpublickey, POINT_CONVERSION_UNCOMPRESSED, tmp, binlen, NULL) == 0) {
1269
2020-04-10
pjp
dolog(LOG_ERR, "EC_POINT_point2oct(): %s\n", strerror(errno));
1270
2020-04-10
pjp
return -1;
1271
2020-04-10
pjp
}
1272
2020-04-10
pjp
1273
2020-04-10
pjp
q = tmp;
1274
2020-04-10
pjp
q++;
1275
2020-04-10
pjp
binlen--;
1276
2020-04-10
pjp
1277
2020-04-10
pjp
pack(p, q, binlen);
1278
2020-04-10
pjp
p += binlen;
1279
2020-04-10
pjp
1280
2020-04-10
pjp
free(tmp);
1281
2020-04-10
pjp
binlen = (p - &bin[0]);
1282
2020-04-10
pjp
1283
2020-04-10
pjp
return (keytag(bin, binlen));
1284
2020-04-10
pjp
}
1285
2020-04-10
pjp
1286
2020-04-10
pjp
char *
1287
2020-04-10
pjp
create_key_rsa(char *zonename, int ttl, int flags, int algorithm, int bits, uint32_t *pid)
1288
2020-04-10
pjp
{
1289
2020-04-10
pjp
FILE *f;
1290
2020-04-10
pjp
RSA *rsa;
1291
2020-04-10
pjp
BIGNUM *e;
1292
2020-04-10
pjp
BIGNUM *rsan, *rsae, *rsad, *rsap, *rsaq;
1293
2020-04-10
pjp
BIGNUM *rsadmp1, *rsadmq1, *rsaiqmp;
1294
2020-04-10
pjp
BN_GENCB *cb;
1295
2020-04-10
pjp
char buf[512];
1296
2020-04-10
pjp
char bin[4096];
1297
2020-04-10
pjp
char b64[4096];
1298
2020-04-10
pjp
char tmp[4096];
1299
2020-08-08
pjp
int i, binlen;
1300
2020-04-10
pjp
char *retval;
1301
2020-04-10
pjp
char *p;
1302
2020-04-10
pjp
time_t now;
1303
2020-04-10
pjp
struct tm *tm;
1304
2020-04-10
pjp
struct stat sb;
1305
2020-04-10
pjp
mode_t savemask;
1306
2020-04-10
pjp
int rlen;
1307
2020-04-10
pjp
1308
2020-04-10
pjp
if ((rsa = RSA_new()) == NULL) {
1309
2020-04-10
pjp
dolog(LOG_INFO, "RSA_new: %s\n", strerror(errno));
1310
2020-04-10
pjp
return NULL;
1311
2020-04-10
pjp
}
1312
2020-04-10
pjp
1313
2020-04-10
pjp
if ((e = BN_new()) == NULL) {
1314
2020-04-10
pjp
dolog(LOG_INFO, "BN_new: %s\n", strerror(errno));
1315
2020-04-10
pjp
RSA_free(rsa);
1316
2020-04-10
pjp
return NULL;
1317
2020-04-10
pjp
}
1318
2020-04-10
pjp
if ((rsan = BN_new()) == NULL ||
1319
2020-04-10
pjp
(rsae = BN_new()) == NULL ||
1320
2020-04-10
pjp
(rsad = BN_new()) == NULL ||
1321
2020-04-10
pjp
(rsap = BN_new()) == NULL ||
1322
2020-04-10
pjp
(rsaq = BN_new()) == NULL ||
1323
2020-04-10
pjp
(rsadmp1 = BN_new()) == NULL ||
1324
2020-04-10
pjp
(rsadmq1 = BN_new()) == NULL ||
1325
2020-04-10
pjp
(rsaiqmp = BN_new()) == NULL) {
1326
2020-04-10
pjp
dolog(LOG_INFO, "BN_new: %s\n", strerror(errno));
1327
2020-04-10
pjp
RSA_free(rsa);
1328
2020-04-10
pjp
return NULL;
1329
2020-04-10
pjp
}
1330
2020-04-10
pjp
1331
2020-04-10
pjp
if ((cb = BN_GENCB_new()) == NULL) {
1332
2020-04-10
pjp
dolog(LOG_INFO, "BN_GENCB_new: %s\n", strerror(errno));
1333
2020-04-10
pjp
RSA_free(rsa);
1334
2020-04-10
pjp
return NULL;
1335
2020-04-10
pjp
}
1336
2020-04-10
pjp
1337
2020-04-10
pjp
for (i = 0; i < 32; i++) {
1338
2020-04-10
pjp
if (RSA_F4 & (1 << i)) {
1339
2020-04-10
pjp
BN_set_bit(e, i);
1340
2020-04-10
pjp
}
1341
2020-04-10
pjp
}
1342
2020-04-10
pjp
1343
2020-04-10
pjp
BN_GENCB_set_old(cb, NULL, NULL);
1344
2020-04-10
pjp
1345
2020-04-10
pjp
switch (algorithm) {
1346
2020-04-10
pjp
case ALGORITHM_RSASHA1_NSEC3_SHA1:
1347
2020-04-10
pjp
break;
1348
2020-04-10
pjp
case ALGORITHM_RSASHA256:
1349
2020-04-10
pjp
break;
1350
2020-04-10
pjp
case ALGORITHM_RSASHA512:
1351
2020-04-10
pjp
break;
1352
2020-04-10
pjp
default:
1353
2020-04-10
pjp
dolog(LOG_INFO, "invalid algorithm in key\n");
1354
2020-04-10
pjp
return NULL;
1355
2020-04-10
pjp
}
1356
2020-04-10
pjp
1357
2020-04-10
pjp
if (RSA_generate_key_ex(rsa, bits, e, cb) == 0) {
1358
2020-04-10
pjp
dolog(LOG_INFO, "RSA_generate_key_ex: %s\n", strerror(errno));
1359
2020-04-10
pjp
BN_free(e);
1360
2020-04-10
pjp
RSA_free(rsa);
1361
2020-04-10
pjp
BN_GENCB_free(cb);
1362
2020-04-10
pjp
return NULL;
1363
2020-04-10
pjp
}
1364
2020-04-10
pjp
1365
2020-04-10
pjp
/* cb is not used again */
1366
2020-04-10
pjp
BN_GENCB_free(cb);
1367
2020-04-10
pjp
1368
2020-04-10
pjp
/* get the bignums for now hidden struct */
1369
2020-04-10
pjp
RSA_get0_key(rsa, (const BIGNUM **)&rsan, (const BIGNUM **)&rsae, (const BIGNUM **)&rsad);
1370
2020-04-10
pjp
1371
2020-04-10
pjp
/* get the keytag, this is a bit of a hard process */
1372
2020-04-10
pjp
p = (char *)&bin[0];
1373
2020-04-10
pjp
pack16(p, htons(flags));
1374
2020-04-10
pjp
p+=2;
1375
2020-04-10
pjp
pack8(p, 3); /* protocol always 3 */
1376
2020-04-10
pjp
p++;
1377
2020-04-10
pjp
pack8(p, algorithm);
1378
2020-04-10
pjp
p++;
1379
2020-04-10
pjp
binlen = BN_bn2bin(rsae, (char *)tmp);
1380
2020-04-10
pjp
/* RFC 3110 */
1381
2020-04-10
pjp
if (binlen < 256) {
1382
2020-04-10
pjp
*p = binlen;
1383
2020-04-10
pjp
p++;
1384
2020-04-10
pjp
} else {
1385
2020-04-10
pjp
*p = 0;
1386
2020-04-10
pjp
p++;
1387
2020-04-10
pjp
pack16(p, htons(binlen));
1388
2020-04-10
pjp
p += 2;
1389
2020-04-10
pjp
}
1390
2020-04-10
pjp
1391
2020-04-10
pjp
pack(p, tmp, binlen);
1392
2020-04-10
pjp
p += binlen;
1393
2020-04-10
pjp
binlen = BN_bn2bin(rsan, (char *)tmp);
1394
2020-04-10
pjp
pack(p, tmp, binlen);
1395
2020-04-10
pjp
p += binlen;
1396
2020-04-10
pjp
rlen = (p - &bin[0]);
1397
2020-04-10
pjp
*pid = keytag(bin, rlen);
1398
2020-04-10
pjp
1399
2020-04-10
pjp
/* check for collisions, XXX should be rare */
1400
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
1401
2020-04-10
pjp
if (knp->pid == *pid)
1402
2020-04-10
pjp
break;
1403
2020-04-10
pjp
}
1404
2020-04-10
pjp
1405
2020-04-10
pjp
if (knp != NULL) {
1406
2020-04-10
pjp
dolog(LOG_INFO, "create_key: collision with existing pid %d\n", *pid);
1407
2020-04-10
pjp
RSA_free(rsa);
1408
2020-04-10
pjp
BN_free(e);
1409
2020-04-10
pjp
return (create_key_rsa(zonename, ttl, flags, algorithm, bits, pid));
1410
2020-04-10
pjp
}
1411
2020-04-10
pjp
1412
2020-04-10
pjp
snprintf(buf, sizeof(buf), "K%s%s+%03d+%d", zonename,
1413
2020-04-10
pjp
(zonename[strlen(zonename) - 1] == '.') ? "" : ".",
1414
2020-04-10
pjp
algorithm, *pid);
1415
2020-04-10
pjp
1416
2020-04-10
pjp
retval = strdup(buf);
1417
2020-04-10
pjp
if (retval == NULL) {
1418
2020-04-10
pjp
dolog(LOG_INFO, "strdup: %s\n", strerror(errno));
1419
2020-04-10
pjp
RSA_free(rsa);
1420
2020-04-10
pjp
BN_free(e);
1421
2020-04-10
pjp
return NULL;
1422
2020-04-10
pjp
}
1423
2020-04-10
pjp
1424
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1425
2020-04-10
pjp
1426
2020-04-10
pjp
savemask = umask(077);
1427
2020-04-10
pjp
1428
2020-04-10
pjp
errno = 0;
1429
2020-04-10
pjp
if (lstat(buf, &sb) < 0 && errno != ENOENT) {
1430
2020-04-10
pjp
perror("lstat");
1431
2020-04-10
pjp
exit(1);
1432
2020-04-10
pjp
}
1433
2020-04-10
pjp
1434
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
1435
2020-04-10
pjp
dolog(LOG_INFO, "%s is not a file!\n", buf);
1436
2020-04-10
pjp
RSA_free(rsa);
1437
2020-04-10
pjp
BN_free(e);
1438
2020-04-10
pjp
return NULL;
1439
2020-04-10
pjp
}
1440
2020-04-10
pjp
1441
2020-04-10
pjp
f = fopen(buf, "w+");
1442
2020-04-10
pjp
if (f == NULL) {
1443
2020-04-10
pjp
dolog(LOG_INFO, "fopen: %s\n", strerror(errno));
1444
2020-04-10
pjp
RSA_free(rsa);
1445
2020-04-10
pjp
BN_free(e);
1446
2020-04-10
pjp
return NULL;
1447
2020-04-10
pjp
}
1448
2020-04-10
pjp
1449
2020-04-10
pjp
fprintf(f, "Private-key-format: v1.3\n");
1450
2020-04-10
pjp
fprintf(f, "Algorithm: %d (%s)\n", algorithm, alg_to_name(algorithm));
1451
2020-04-10
pjp
/* modulus */
1452
2020-04-10
pjp
binlen = BN_bn2bin(rsan, (char *)&bin);
1453
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1454
2020-04-10
pjp
fprintf(f, "Modulus: %s\n", b64);
1455
2020-04-10
pjp
/* public exponent */
1456
2020-04-10
pjp
binlen = BN_bn2bin(rsae, (char *)&bin);
1457
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1458
2020-04-10
pjp
fprintf(f, "PublicExponent: %s\n", b64);
1459
2020-04-10
pjp
/* private exponent */
1460
2020-04-10
pjp
binlen = BN_bn2bin(rsad, (char *)&bin);
1461
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1462
2020-04-10
pjp
fprintf(f, "PrivateExponent: %s\n", b64);
1463
2020-04-10
pjp
/* get the RSA factors */
1464
2020-04-10
pjp
RSA_get0_factors(rsa, (const BIGNUM **)&rsap, (const BIGNUM **)&rsaq);
1465
2020-04-10
pjp
/* prime1 */
1466
2020-04-10
pjp
binlen = BN_bn2bin(rsap, (char *)&bin);
1467
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1468
2020-04-10
pjp
fprintf(f, "Prime1: %s\n", b64);
1469
2020-04-10
pjp
/* prime2 */
1470
2020-04-10
pjp
binlen = BN_bn2bin(rsaq, (char *)&bin);
1471
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1472
2020-04-10
pjp
fprintf(f, "Prime2: %s\n", b64);
1473
2020-04-10
pjp
/* get the RSA crt params */
1474
2020-04-10
pjp
RSA_get0_crt_params(rsa, (const BIGNUM **)&rsadmp1, (const BIGNUM **)&rsadmq1, (const BIGNUM **)&rsaiqmp);
1475
2020-04-10
pjp
/* exponent1 */
1476
2020-04-10
pjp
binlen = BN_bn2bin(rsadmp1, (char *)&bin);
1477
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1478
2020-04-10
pjp
fprintf(f, "Exponent1: %s\n", b64);
1479
2020-04-10
pjp
/* exponent2 */
1480
2020-04-10
pjp
binlen = BN_bn2bin(rsadmq1, (char *)&bin);
1481
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1482
2020-04-10
pjp
fprintf(f, "Exponent2: %s\n", b64);
1483
2020-04-10
pjp
/* coefficient */
1484
2020-04-10
pjp
binlen = BN_bn2bin(rsaiqmp, (char *)&bin);
1485
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1486
2020-04-10
pjp
fprintf(f, "Coefficient: %s\n", b64);
1487
2020-04-10
pjp
1488
2020-04-10
pjp
now = time(NULL);
1489
2020-04-10
pjp
tm = gmtime(&now);
1490
2020-04-10
pjp
1491
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", tm);
1492
2020-04-10
pjp
fprintf(f, "Created: %s\n", buf);
1493
2020-04-10
pjp
fprintf(f, "Publish: %s\n", buf);
1494
2020-04-10
pjp
fprintf(f, "Activate: %s\n", buf);
1495
2020-04-10
pjp
1496
2020-04-10
pjp
fclose(f);
1497
2020-04-10
pjp
BN_free(e);
1498
2020-04-10
pjp
1499
2020-04-10
pjp
/* now for the .key */
1500
2020-04-10
pjp
1501
2020-04-10
pjp
1502
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.key", retval);
1503
2020-04-10
pjp
umask(savemask);
1504
2020-04-10
pjp
1505
2020-04-10
pjp
errno = 0;
1506
2020-04-10
pjp
if (lstat(buf, &sb) < 0 && errno != ENOENT) {
1507
2020-04-10
pjp
perror("lstat");
1508
2020-04-10
pjp
exit(1);
1509
2020-04-10
pjp
}
1510
2020-04-10
pjp
1511
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
1512
2020-04-10
pjp
dolog(LOG_INFO, "%s is not a file!\n", buf);
1513
2020-04-10
pjp
RSA_free(rsa);
1514
2020-04-10
pjp
BN_free(e);
1515
2020-04-10
pjp
return NULL;
1516
2020-04-10
pjp
}
1517
2020-04-10
pjp
f = fopen(buf, "w+");
1518
2020-04-10
pjp
if (f == NULL) {
1519
2020-04-10
pjp
dolog(LOG_INFO, "fopen: %s\n", strerror(errno));
1520
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1521
2020-04-10
pjp
unlink(buf);
1522
2020-04-10
pjp
RSA_free(rsa);
1523
2020-04-10
pjp
return NULL;
1524
2020-04-10
pjp
}
1525
2020-04-10
pjp
1526
2020-04-10
pjp
fprintf(f, "; This is a %s key, keyid %u, for %s%s\n", (flags == 257) ? "key-signing" : "zone-signing", *pid, zonename, (zonename[strlen(zonename) - 1] == '.') ? "" : ".");
1527
2020-04-10
pjp
1528
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", tm);
1529
2020-04-10
pjp
strftime(bin, sizeof(bin), "%c", tm);
1530
2020-04-10
pjp
fprintf(f, "; Created: %s (%s)\n", buf, bin);
1531
2020-04-10
pjp
fprintf(f, "; Publish: %s (%s)\n", buf, bin);
1532
2020-04-10
pjp
fprintf(f, "; Activate: %s (%s)\n", buf, bin);
1533
2020-04-10
pjp
1534
2020-04-10
pjp
/* RFC 3110, section 2 */
1535
2020-04-10
pjp
p = &bin[0];
1536
2020-04-10
pjp
binlen = BN_bn2bin(rsae, (char *)tmp);
1537
2020-04-10
pjp
if (binlen < 256) {
1538
2020-04-10
pjp
*p = binlen;
1539
2020-04-10
pjp
p++;
1540
2020-04-10
pjp
} else {
1541
2020-04-10
pjp
*p = 0;
1542
2020-04-10
pjp
p++;
1543
2020-04-10
pjp
pack16(p, htons(binlen));
1544
2020-04-10
pjp
p += 2;
1545
2020-04-10
pjp
}
1546
2020-04-10
pjp
pack(p, tmp, binlen);
1547
2020-04-10
pjp
p += binlen;
1548
2020-04-10
pjp
binlen = BN_bn2bin(rsan, (char *)tmp);
1549
2020-04-10
pjp
pack(p, tmp, binlen);
1550
2020-04-10
pjp
p += binlen;
1551
2020-04-10
pjp
binlen = (p - &bin[0]);
1552
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1553
2020-04-10
pjp
fprintf(f, "%s%s %d IN DNSKEY %d 3 %d %s\n", zonename, (zonename[strlen(zonename) - 1] == '.') ? "" : ".", ttl, flags, algorithm, b64);
1554
2020-04-10
pjp
1555
2020-04-10
pjp
fclose(f);
1556
2020-04-10
pjp
RSA_free(rsa);
1557
2020-04-10
pjp
1558
2020-04-10
pjp
return (retval);
1559
2020-04-10
pjp
}
1560
2020-04-10
pjp
1561
2020-04-10
pjp
char *
1562
2020-04-10
pjp
alg_to_name(int algorithm)
1563
2020-04-10
pjp
{
1564
2020-04-10
pjp
1565
2020-04-10
pjp
switch (algorithm) {
1566
2020-04-10
pjp
case ALGORITHM_RSASHA1_NSEC3_SHA1:
1567
2020-04-10
pjp
return ("RSASHA1_NSEC3_SHA1");
1568
2020-04-10
pjp
break;
1569
2020-04-10
pjp
case ALGORITHM_RSASHA256:
1570
2020-04-10
pjp
return ("RSASHA256");
1571
2020-04-10
pjp
break;
1572
2020-04-10
pjp
case ALGORITHM_RSASHA512:
1573
2020-04-10
pjp
return ("RSASHA512");
1574
2020-04-10
pjp
break;
1575
2020-04-10
pjp
case ALGORITHM_ECDSAP256SHA256:
1576
2020-04-10
pjp
return ("ECDSAP256SHA256");
1577
2020-04-10
pjp
break;
1578
2020-04-10
pjp
}
1579
2020-04-10
pjp
1580
2020-04-10
pjp
return (NULL);
1581
2020-04-10
pjp
}
1582
2020-04-10
pjp
1583
2020-04-10
pjp
int
1584
2020-04-10
pjp
alg_to_rsa(int algorithm)
1585
2020-04-10
pjp
{
1586
2020-04-10
pjp
1587
2020-04-10
pjp
switch (algorithm) {
1588
2020-04-10
pjp
case ALGORITHM_RSASHA1_NSEC3_SHA1:
1589
2020-04-10
pjp
return (NID_sha1);
1590
2020-04-10
pjp
break;
1591
2020-04-10
pjp
case ALGORITHM_RSASHA256:
1592
2020-04-10
pjp
return (NID_sha256);
1593
2020-04-10
pjp
break;
1594
2020-04-10
pjp
case ALGORITHM_RSASHA512:
1595
2020-04-10
pjp
return (NID_sha512);
1596
2020-04-10
pjp
break;
1597
2020-04-10
pjp
}
1598
2020-04-10
pjp
1599
2020-04-10
pjp
return (-1);
1600
2020-04-10
pjp
}
1601
2020-04-10
pjp
1602
2020-04-10
pjp
int
1603
2020-04-10
pjp
calculate_rrsigs(ddDB *db, char *zonename, int expiry, int rollmethod)
1604
2020-04-10
pjp
{
1605
2020-04-10
pjp
struct node *n, *nx;
1606
2020-04-10
pjp
struct rbtree *rbt;
1607
2020-04-10
pjp
struct rrset *rrset = NULL;
1608
2020-04-10
pjp
int j, rs;
1609
2020-04-10
pjp
1610
2020-04-10
pjp
time_t now, twoweeksago;
1611
2020-04-10
pjp
char timebuf[32];
1612
2020-04-10
pjp
struct tm *tm;
1613
2020-04-10
pjp
1614
2020-04-10
pjp
/* set expiredon and signedon */
1615
2020-04-10
pjp
1616
2020-04-10
pjp
now = time(NULL);
1617
2020-04-10
pjp
twoweeksago = now - SIGNEDON_DRIFT;
1618
2020-04-10
pjp
tm = gmtime(&twoweeksago);
1619
2020-04-10
pjp
strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%S", tm);
1620
2020-04-10
pjp
signedon = atoll(timebuf);
1621
2020-04-10
pjp
now += expiry;
1622
2020-04-10
pjp
tm = gmtime(&now);
1623
2020-04-10
pjp
strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%S", tm);
1624
2020-04-10
pjp
expiredon = atoll(timebuf);
1625
2020-04-10
pjp
1626
2020-04-10
pjp
#if PROVIDED_SIGNTIME
1627
2020-04-10
pjp
signedon = SIGNEDON;
1628
2020-04-10
pjp
expiredon = EXPIREDON;
1629
2020-04-10
pjp
#endif
1630
2020-04-10
pjp
1631
2020-04-10
pjp
j = 0;
1632
2020-04-10
pjp
1633
2020-04-10
pjp
RB_FOREACH_SAFE(n, domaintree, &db->head, nx) {
1634
2020-04-10
pjp
rs = n->datalen;
1635
2020-04-10
pjp
if ((rbt = calloc(1, rs)) == NULL) {
1636
2020-04-10
pjp
dolog(LOG_INFO, "calloc: %s\n", strerror(errno));
1637
2020-04-10
pjp
exit(1);
1638
2020-04-10
pjp
}
1639
2020-04-10
pjp
1640
2020-04-10
pjp
memcpy((char *)rbt, (char *)n->data, n->datalen);
1641
2020-04-10
pjp
1642
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_DNSKEY)) != NULL) {
1643
2020-04-10
pjp
if (sign_dnskey(db, zonename, expiry, rbt, rollmethod) < 0) {
1644
2020-04-10
pjp
fprintf(stderr, "sign_dnskey error\n");
1645
2020-04-10
pjp
return -1;
1646
2020-04-10
pjp
}
1647
2020-04-10
pjp
}
1648
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_A)) != NULL) {
1649
2020-04-10
pjp
if (notglue(db, rbt, zonename) &&
1650
2020-04-10
pjp
sign_a(db, zonename, expiry, rbt, rollmethod) < 0) {
1651
2020-04-10
pjp
fprintf(stderr, "sign_a error\n");
1652
2020-04-10
pjp
return -1;
1653
2020-04-10
pjp
}
1654
2020-04-10
pjp
}
1655
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_MX)) != NULL) {
1656
2020-04-10
pjp
if (sign_mx(db, zonename, expiry, rbt, rollmethod) < 0) {
1657
2020-04-10
pjp
fprintf(stderr, "sign_mx error\n");
1658
2020-04-10
pjp
return -1;
1659
2020-04-10
pjp
}
1660
2020-04-10
pjp
}
1661
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NS)) != NULL) {
1662
2020-04-10
pjp
if (sign_ns(db, zonename, expiry, rbt, rollmethod) < 0) {
1663
2020-04-10
pjp
fprintf(stderr, "sign_ns error\n");
1664
2020-04-10
pjp
return -1;
1665
2020-04-10
pjp
}
1666
2020-04-10
pjp
}
1667
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_SOA)) != NULL) {
1668
2020-04-10
pjp
if (sign_soa(db, zonename, expiry, rbt, rollmethod) < 0) {
1669
2020-04-10
pjp
fprintf(stderr, "sign_soa error\n");
1670
2020-04-10
pjp
return -1;
1671
2020-04-10
pjp
}
1672
2020-04-10
pjp
}
1673
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_TXT)) != NULL) {
1674
2020-04-10
pjp
if (sign_txt(db, zonename, expiry, rbt, rollmethod) < 0) {
1675
2020-04-10
pjp
fprintf(stderr, "sign_txt error\n");
1676
2020-04-10
pjp
return -1;
1677
2020-04-10
pjp
}
1678
2020-04-10
pjp
}
1679
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_AAAA)) != NULL) {
1680
2020-04-10
pjp
/* find out if we're glue, if not sign */
1681
2020-04-10
pjp
if (notglue(db, rbt, zonename) &&
1682
2020-04-10
pjp
sign_aaaa(db, zonename, expiry, rbt, rollmethod) < 0) {
1683
2020-04-10
pjp
fprintf(stderr, "sign_aaaa error\n");
1684
2020-04-10
pjp
return -1;
1685
2020-04-10
pjp
}
1686
2020-04-10
pjp
}
1687
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3)) != NULL) {
1688
2020-04-10
pjp
if (sign_nsec3(db, zonename, expiry, rbt, rollmethod) < 0) {
1689
2020-04-10
pjp
fprintf(stderr, "sign_nsec3 error\n");
1690
2020-04-10
pjp
return -1;
1691
2020-04-10
pjp
}
1692
2020-04-10
pjp
}
1693
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3PARAM)) != NULL) {
1694
2020-04-10
pjp
if (sign_nsec3param(db, zonename, expiry, rbt, rollmethod) < 0) {
1695
2020-04-10
pjp
fprintf(stderr, "sign_nsec3param error\n");
1696
2020-04-10
pjp
return -1;
1697
2020-04-10
pjp
}
1698
2020-04-10
pjp
}
1699
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_CNAME)) != NULL) {
1700
2020-04-10
pjp
if (sign_cname(db, zonename, expiry, rbt, rollmethod) < 0) {
1701
2020-04-10
pjp
fprintf(stderr, "sign_cname error\n");
1702
2020-04-10
pjp
return -1;
1703
2020-04-10
pjp
}
1704
2020-04-10
pjp
}
1705
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_PTR)) != NULL) {
1706
2020-04-10
pjp
if (sign_ptr(db, zonename, expiry, rbt, rollmethod) < 0) {
1707
2020-04-10
pjp
fprintf(stderr, "sign_ptr error\n");
1708
2020-04-10
pjp
return -1;
1709
2020-04-10
pjp
}
1710
2020-04-10
pjp
}
1711
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NAPTR)) != NULL) {
1712
2020-04-10
pjp
if (sign_naptr(db, zonename, expiry, rbt, rollmethod) < 0) {
1713
2020-04-10
pjp
fprintf(stderr, "sign_naptr error\n");
1714
2020-04-10
pjp
return -1;
1715
2020-04-10
pjp
}
1716
2020-04-10
pjp
}
1717
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_SRV)) != NULL) {
1718
2020-04-10
pjp
if (sign_srv(db, zonename, expiry, rbt, rollmethod) < 0) {
1719
2020-04-10
pjp
fprintf(stderr, "sign_srv error\n");
1720
2020-04-10
pjp
return -1;
1721
2020-04-10
pjp
}
1722
2020-04-10
pjp
}
1723
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_SSHFP)) != NULL) {
1724
2020-04-10
pjp
if (sign_sshfp(db, zonename, expiry, rbt, rollmethod) < 0) {
1725
2020-04-10
pjp
fprintf(stderr, "sign_sshfp error\n");
1726
2020-04-10
pjp
return -1;
1727
2020-04-10
pjp
}
1728
2020-04-10
pjp
}
1729
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_TLSA)) != NULL) {
1730
2020-04-10
pjp
if (sign_tlsa(db, zonename, expiry, rbt, rollmethod) < 0) {
1731
2020-04-10
pjp
fprintf(stderr, "sign_tlsa error\n");
1732
2020-04-10
pjp
return -1;
1733
2020-04-10
pjp
}
1734
2020-04-10
pjp
}
1735
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_DS)) != NULL) {
1736
2020-04-10
pjp
if (sign_ds(db, zonename, expiry, rbt, rollmethod) < 0) {
1737
2020-04-10
pjp
fprintf(stderr, "sign_ds error\n");
1738
2020-04-10
pjp
return -1;
1739
2020-04-10
pjp
}
1740
2020-04-10
pjp
}
1741
2020-07-23
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_CAA)) != NULL) {
1742
2020-07-23
pjp
if (sign_caa(db, zonename, expiry, rbt, rollmethod) < 0) {
1743
2020-07-23
pjp
fprintf(stderr, "sign_caa error\n");
1744
2020-07-23
pjp
return -1;
1745
2020-07-23
pjp
}
1746
2020-07-23
pjp
}
1747
2020-07-23
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_RP)) != NULL) {
1748
2020-07-23
pjp
if (sign_rp(db, zonename, expiry, rbt, rollmethod) < 0) {
1749
2020-07-23
pjp
fprintf(stderr, "sign_rp error\n");
1750
2020-07-23
pjp
return -1;
1751
2020-07-23
pjp
}
1752
2020-07-23
pjp
}
1753
2020-07-23
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_HINFO)) != NULL) {
1754
2020-07-23
pjp
if (sign_hinfo(db, zonename, expiry, rbt, rollmethod) < 0) {
1755
2020-07-23
pjp
fprintf(stderr, "sign_hinfo error\n");
1756
2020-07-23
pjp
return -1;
1757
2020-07-23
pjp
}
1758
2020-07-23
pjp
}
1759
2020-04-10
pjp
1760
2020-04-10
pjp
j++;
1761
2020-04-10
pjp
}
1762
2020-04-10
pjp
1763
2020-04-10
pjp
1764
2020-04-10
pjp
return 0;
1765
2020-04-10
pjp
}
1766
2020-04-10
pjp
1767
2020-04-10
pjp
/*
1768
2020-04-10
pjp
* create a RRSIG for an SOA record
1769
2020-04-10
pjp
*/
1770
2020-04-10
pjp
1771
2020-04-10
pjp
static int
1772
2020-04-10
pjp
sign_soa(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
1773
2020-04-10
pjp
{
1774
2020-04-10
pjp
struct rrset *rrset = NULL;
1775
2020-04-10
pjp
struct rr *rrp = NULL;
1776
2020-04-10
pjp
struct keysentry **zsk_key;
1777
2020-04-10
pjp
1778
2020-04-10
pjp
char tmp[4096];
1779
2020-04-10
pjp
char signature[4096];
1780
2020-04-10
pjp
char shabuf[64];
1781
2020-04-10
pjp
1782
2020-04-10
pjp
1783
2020-04-10
pjp
char *dnsname;
1784
2020-04-10
pjp
char *p;
1785
2020-04-10
pjp
char *key;
1786
2020-04-10
pjp
char *zone;
1787
2020-04-10
pjp
1788
2020-04-10
pjp
uint32_t ttl;
1789
2020-04-10
pjp
uint16_t flags;
1790
2020-04-10
pjp
uint8_t protocol;
1791
2020-04-10
pjp
uint8_t algorithm;
1792
2020-04-10
pjp
1793
2020-04-10
pjp
int labellen;
1794
2020-04-10
pjp
int keyid;
1795
2020-04-10
pjp
int len;
1796
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
1797
2020-04-10
pjp
int labels;
1798
2020-04-10
pjp
int nzk = 0;
1799
2020-04-10
pjp
1800
2020-04-10
pjp
char timebuf[32];
1801
2020-04-10
pjp
struct tm tm;
1802
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
1803
2020-04-10
pjp
1804
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
1805
2020-04-10
pjp
1806
2020-04-10
pjp
key = malloc(10 * 4096);
1807
2020-04-10
pjp
if (key == NULL) {
1808
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
1809
2020-04-10
pjp
return -1;
1810
2020-04-10
pjp
}
1811
2020-04-10
pjp
1812
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
1813
2020-04-10
pjp
if (zsk_key == NULL) {
1814
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
1815
2020-04-10
pjp
return -1;
1816
2020-04-10
pjp
}
1817
2020-04-10
pjp
1818
2020-04-10
pjp
nzk = 0;
1819
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
1820
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
1821
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
1822
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
1823
2020-04-10
pjp
zsk_key[nzk++] = knp;
1824
2020-04-10
pjp
}
1825
2020-04-10
pjp
}
1826
2020-04-10
pjp
1827
2020-04-10
pjp
zsk_key[nzk] = NULL;
1828
2020-04-10
pjp
1829
2020-04-10
pjp
/* get the ZSK */
1830
2020-04-10
pjp
do {
1831
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
1832
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
1833
2020-04-10
pjp
return -1;
1834
2020-04-10
pjp
}
1835
2020-04-10
pjp
1836
2020-04-10
pjp
/* check the keytag supplied */
1837
2020-04-10
pjp
p = key;
1838
2020-04-10
pjp
pack16(p, htons(flags));
1839
2020-04-10
pjp
p += 2;
1840
2020-04-10
pjp
pack8(p, protocol);
1841
2020-04-10
pjp
p++;
1842
2020-04-10
pjp
pack8(p, algorithm);
1843
2020-04-10
pjp
p++;
1844
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
1845
2020-04-10
pjp
pack(p, signature, keylen);
1846
2020-04-10
pjp
p += keylen;
1847
2020-04-10
pjp
keylen = (p - key);
1848
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
1849
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
1850
2020-04-10
pjp
return -1;
1851
2020-04-10
pjp
}
1852
2020-04-10
pjp
1853
2020-04-10
pjp
labels = label_count(rbt->zone);
1854
2020-04-10
pjp
if (labels < 0) {
1855
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
1856
2020-04-10
pjp
return -1;
1857
2020-04-10
pjp
}
1858
2020-04-10
pjp
1859
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
1860
2020-04-10
pjp
if (dnsname == NULL)
1861
2020-04-10
pjp
return -1;
1862
2020-04-10
pjp
1863
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_SOA)) != NULL) {
1864
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
1865
2020-04-10
pjp
if (rrp == NULL) {
1866
2020-04-10
pjp
dolog(LOG_INFO, "no SOA records but have rrset entry!\n");
1867
2020-04-10
pjp
return -1;
1868
2020-04-10
pjp
}
1869
2020-04-10
pjp
} else {
1870
2020-04-10
pjp
dolog(LOG_INFO, "no SOA records\n");
1871
2020-04-10
pjp
return -1;
1872
2020-04-10
pjp
}
1873
2020-04-10
pjp
1874
2020-04-10
pjp
p = key;
1875
2020-04-10
pjp
1876
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_SOA));
1877
2020-04-10
pjp
p += 2;
1878
2020-04-10
pjp
pack8(p, algorithm);
1879
2020-04-10
pjp
p++;
1880
2020-04-10
pjp
pack8(p, labels);
1881
2020-04-10
pjp
p++;
1882
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
1883
2020-04-10
pjp
p += 4;
1884
2020-04-10
pjp
1885
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
1886
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
1887
2020-04-10
pjp
expiredon2 = timegm(&tm);
1888
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
1889
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
1890
2020-04-10
pjp
signedon2 = timegm(&tm);
1891
2020-04-10
pjp
1892
2020-04-10
pjp
pack32(p, htonl(expiredon2));
1893
2020-04-10
pjp
p += 4;
1894
2020-04-10
pjp
pack32(p, htonl(signedon2));
1895
2020-04-10
pjp
p += 4;
1896
2020-04-10
pjp
pack16(p, htons(keyid));
1897
2020-04-10
pjp
p += 2;
1898
2020-04-10
pjp
pack(p, dnsname, labellen);
1899
2020-04-10
pjp
p += labellen;
1900
2020-04-10
pjp
1901
2020-04-10
pjp
/* no signature here */
1902
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
1903
2020-04-10
pjp
1904
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
1905
2020-04-10
pjp
p += rbt->zonelen;
1906
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_SOA));
1907
2020-04-10
pjp
p += 2;
1908
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
1909
2020-04-10
pjp
p += 2;
1910
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
1911
2020-04-10
pjp
p += 4;
1912
2020-04-10
pjp
pack16(p, htons(((struct soa *)rrp->rdata)->nsserver_len + ((struct soa *)rrp->rdata)->rp_len + 4 + 4 + 4 + 4 + 4));
1913
2020-04-10
pjp
p += 2;
1914
2020-04-10
pjp
pack(p, ((struct soa *)rrp->rdata)->nsserver, ((struct soa *)rrp->rdata)->nsserver_len);
1915
2020-04-10
pjp
p += ((struct soa *)rrp->rdata)->nsserver_len;
1916
2020-04-10
pjp
pack(p, ((struct soa *)rrp->rdata)->responsible_person, ((struct soa *)rrp->rdata)->rp_len);
1917
2020-04-10
pjp
p += ((struct soa *)rrp->rdata)->rp_len;
1918
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->serial));
1919
2020-04-10
pjp
p += sizeof(u_int32_t);
1920
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->refresh));
1921
2020-04-10
pjp
p += sizeof(u_int32_t);
1922
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->retry));
1923
2020-04-10
pjp
p += sizeof(u_int32_t);
1924
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->expire));
1925
2020-04-10
pjp
p += sizeof(u_int32_t);
1926
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->minttl));
1927
2020-04-10
pjp
p += sizeof(u_int32_t);
1928
2020-04-10
pjp
1929
2020-04-10
pjp
keylen = (p - key);
1930
2020-04-10
pjp
1931
2020-04-10
pjp
#if 0
1932
2020-04-10
pjp
debug_bindump(key, keylen);
1933
2020-04-10
pjp
1934
2020-04-10
pjp
#endif
1935
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
1936
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
1937
2020-04-10
pjp
return -1;
1938
2020-04-10
pjp
}
1939
2020-04-10
pjp
1940
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
1941
2020-04-10
pjp
tmp[len] = '\0';
1942
2020-04-10
pjp
1943
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "SOA", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
1944
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
1945
2020-04-10
pjp
return -1;
1946
2020-04-10
pjp
}
1947
2020-04-10
pjp
1948
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
1949
2020-04-10
pjp
1950
2020-04-10
pjp
return 0;
1951
2020-04-10
pjp
}
1952
2020-04-10
pjp
1953
2020-04-10
pjp
/*
1954
2020-04-10
pjp
* create a RRSIG for a TXT record
1955
2020-04-10
pjp
*/
1956
2020-04-10
pjp
1957
2020-04-10
pjp
static int
1958
2020-04-10
pjp
sign_txt(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
1959
2020-04-10
pjp
{
1960
2020-04-10
pjp
struct rrset *rrset = NULL;
1961
2020-04-10
pjp
struct rr *rrp = NULL, *rrp2 = NULL;
1962
2020-04-10
pjp
struct keysentry **zsk_key;
1963
2020-04-10
pjp
1964
2020-04-10
pjp
char tmp[4096];
1965
2020-04-10
pjp
char signature[4096];
1966
2020-04-10
pjp
char shabuf[64];
1967
2020-04-10
pjp
1968
2020-04-10
pjp
1969
2020-04-10
pjp
char *dnsname;
1970
2020-08-11
pjp
char *p, *q, *r;
1971
2020-08-11
pjp
char **canonsort;
1972
2020-04-10
pjp
char *key, *tmpkey = NULL;
1973
2020-04-10
pjp
char *zone;
1974
2020-04-10
pjp
1975
2020-04-10
pjp
uint32_t ttl;
1976
2020-04-10
pjp
uint16_t flags;
1977
2020-04-10
pjp
uint8_t protocol;
1978
2020-04-10
pjp
uint8_t algorithm;
1979
2020-04-10
pjp
1980
2020-04-10
pjp
int labellen;
1981
2020-04-10
pjp
int keyid;
1982
2020-08-11
pjp
int len, rlen, clen, i;
1983
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
1984
2020-04-10
pjp
int labels;
1985
2020-04-10
pjp
int nzk = 0;
1986
2020-08-11
pjp
int csort = 0;
1987
2020-04-10
pjp
1988
2020-04-10
pjp
char timebuf[32];
1989
2020-04-10
pjp
struct tm tm;
1990
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
1991
2020-04-10
pjp
1992
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
1993
2020-04-10
pjp
1994
2020-04-10
pjp
key = malloc(10 * 4096);
1995
2020-04-10
pjp
if (key == NULL) {
1996
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
1997
2020-04-10
pjp
return -1;
1998
2020-04-10
pjp
}
1999
2020-04-10
pjp
2000
2020-04-10
pjp
tmpkey = malloc(10 * 4096);
2001
2020-04-10
pjp
if (tmpkey == NULL) {
2002
2020-04-10
pjp
dolog(LOG_INFO, "tmpkey out of memory\n");
2003
2020-04-10
pjp
return -1;
2004
2020-04-10
pjp
}
2005
2020-04-10
pjp
2006
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2007
2020-04-10
pjp
if (zsk_key == NULL) {
2008
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2009
2020-04-10
pjp
return -1;
2010
2020-04-10
pjp
}
2011
2020-04-10
pjp
2012
2020-04-10
pjp
nzk = 0;
2013
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2014
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2015
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2016
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2017
2020-04-10
pjp
zsk_key[nzk++] = knp;
2018
2020-04-10
pjp
}
2019
2020-04-10
pjp
}
2020
2020-04-10
pjp
2021
2020-04-10
pjp
zsk_key[nzk] = NULL;
2022
2020-04-10
pjp
2023
2020-04-10
pjp
/* get the ZSK */
2024
2020-04-10
pjp
do {
2025
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2026
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2027
2020-04-10
pjp
return -1;
2028
2020-04-10
pjp
}
2029
2020-04-10
pjp
2030
2020-04-10
pjp
/* check the keytag supplied */
2031
2020-04-10
pjp
p = key;
2032
2020-04-10
pjp
pack16(p, htons(flags));
2033
2020-04-10
pjp
p += 2;
2034
2020-04-10
pjp
pack8(p, protocol);
2035
2020-04-10
pjp
p++;
2036
2020-04-10
pjp
pack8(p, algorithm);
2037
2020-04-10
pjp
p++;
2038
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2039
2020-04-10
pjp
pack(p, signature, keylen);
2040
2020-04-10
pjp
p += keylen;
2041
2020-04-10
pjp
keylen = (p - key);
2042
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2043
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2044
2020-04-10
pjp
return -1;
2045
2020-04-10
pjp
}
2046
2020-04-10
pjp
2047
2020-04-10
pjp
labels = label_count(rbt->zone);
2048
2020-04-10
pjp
if (labels < 0) {
2049
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2050
2020-04-10
pjp
return -1;
2051
2020-04-10
pjp
}
2052
2020-04-10
pjp
2053
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2054
2020-04-10
pjp
if (dnsname == NULL)
2055
2020-04-10
pjp
return -1;
2056
2020-04-10
pjp
2057
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_TXT)) != NULL) {
2058
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2059
2020-04-10
pjp
if (rrp == NULL) {
2060
2020-04-10
pjp
dolog(LOG_INFO, "no TXT records but have rrset entry!\n");
2061
2020-04-10
pjp
return -1;
2062
2020-04-10
pjp
}
2063
2020-04-10
pjp
} else {
2064
2020-04-10
pjp
dolog(LOG_INFO, "no TXT records\n");
2065
2020-04-10
pjp
return -1;
2066
2020-04-10
pjp
}
2067
2020-04-10
pjp
2068
2020-04-10
pjp
p = key;
2069
2020-04-10
pjp
2070
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_TXT));
2071
2020-04-10
pjp
p += 2;
2072
2020-04-10
pjp
pack8(p, algorithm);
2073
2020-04-10
pjp
p++;
2074
2020-04-10
pjp
pack8(p, labels);
2075
2020-04-10
pjp
p++;
2076
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2077
2020-04-10
pjp
p += sizeof(u_int32_t);
2078
2020-04-10
pjp
2079
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2080
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2081
2020-04-10
pjp
expiredon2 = timegm(&tm);
2082
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2083
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2084
2020-04-10
pjp
signedon2 = timegm(&tm);
2085
2020-04-10
pjp
2086
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2087
2020-04-10
pjp
p += 4;
2088
2020-04-10
pjp
pack32(p, htonl(signedon2));
2089
2020-04-10
pjp
p += 4;
2090
2020-04-10
pjp
pack16(p, htons(keyid));
2091
2020-04-10
pjp
p += 2;
2092
2020-04-10
pjp
pack(p, dnsname, labellen);
2093
2020-04-10
pjp
p += labellen;
2094
2020-04-10
pjp
2095
2020-08-11
pjp
canonsort = (char **)calloc(MAX_RECORDS_IN_RRSET, sizeof(char *));
2096
2020-08-11
pjp
if (canonsort == NULL) {
2097
2020-08-11
pjp
dolog(LOG_INFO, "canonsort out of memory\n");
2098
2020-08-11
pjp
return -1;
2099
2020-08-11
pjp
}
2100
2020-08-11
pjp
2101
2020-08-11
pjp
csort = 0;
2102
2020-08-11
pjp
2103
2020-08-11
pjp
2104
2020-04-10
pjp
TAILQ_FOREACH(rrp2, &rrset->rr_head, entries) {
2105
2020-04-10
pjp
q = tmpkey;
2106
2020-04-10
pjp
pack(q, rbt->zone, rbt->zonelen);
2107
2020-04-10
pjp
q += rbt->zonelen;
2108
2020-04-10
pjp
pack16(q, htons(DNS_TYPE_TXT));
2109
2020-04-10
pjp
q += 2;
2110
2020-04-10
pjp
pack16(q, htons(DNS_CLASS_IN));
2111
2020-04-10
pjp
q += 2;
2112
2020-04-10
pjp
/* the below uses rrp! because we can't have an rrsig differ */
2113
2020-05-07
pjp
pack32(q, htonl(rrset->ttl));
2114
2020-04-10
pjp
q += 4;
2115
2020-04-10
pjp
pack16(q, htons(((struct txt *)rrp2->rdata)->txtlen));
2116
2020-04-10
pjp
q += 2;
2117
2020-04-10
pjp
pack(q, (char *)((struct txt *)rrp2->rdata)->txt, ((struct txt *)rrp2->rdata)->txtlen);
2118
2020-04-10
pjp
q += ((struct txt *)rrp2->rdata)->txtlen;
2119
2020-04-10
pjp
2120
2020-08-11
pjp
r = canonsort[csort] = malloc(68000);
2121
2020-08-11
pjp
if (r == NULL) {
2122
2020-04-10
pjp
dolog(LOG_INFO, "c1 out of memory\n");
2123
2020-04-10
pjp
return -1;
2124
2020-04-10
pjp
}
2125
2020-04-10
pjp
2126
2020-08-11
pjp
clen = (q - tmpkey);
2127
2020-08-11
pjp
pack16(r, clen);
2128
2020-08-11
pjp
r += 2;
2129
2020-08-11
pjp
pack(r, tmpkey, clen);
2130
2020-04-10
pjp
2131
2020-08-11
pjp
csort++;
2132
2020-08-11
pjp
}
2133
2020-04-10
pjp
2134
2020-04-10
pjp
2135
2020-08-11
pjp
r = canonical_sort(canonsort, csort, &rlen);
2136
2020-08-11
pjp
if (r == NULL) {
2137
2020-08-11
pjp
dolog(LOG_INFO, "canonical_sort failed\n");
2138
2020-08-11
pjp
return -1;
2139
2020-04-10
pjp
}
2140
2020-04-10
pjp
2141
2020-08-11
pjp
pack(p, r, rlen);
2142
2020-08-11
pjp
p += rlen;
2143
2020-04-10
pjp
2144
2020-08-11
pjp
free (r);
2145
2020-08-11
pjp
for (i = 0; i < csort; i++) {
2146
2020-08-11
pjp
free(canonsort[i]);
2147
2020-04-10
pjp
}
2148
2020-08-11
pjp
free(canonsort);
2149
2020-04-10
pjp
2150
2020-04-10
pjp
keylen = (p - key);
2151
2020-04-10
pjp
2152
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2153
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2154
2020-04-10
pjp
return -1;
2155
2020-04-10
pjp
}
2156
2020-04-10
pjp
2157
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2158
2020-04-10
pjp
tmp[len] = '\0';
2159
2020-04-10
pjp
2160
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "TXT", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
2161
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2162
2020-04-10
pjp
return -1;
2163
2020-04-10
pjp
}
2164
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2165
2020-04-10
pjp
2166
2020-04-10
pjp
return 0;
2167
2020-04-10
pjp
}
2168
2020-04-10
pjp
2169
2020-04-10
pjp
/*
2170
2020-04-10
pjp
* create a RRSIG for an AAAA record
2171
2020-04-10
pjp
*/
2172
2020-04-10
pjp
static int
2173
2020-04-10
pjp
sign_aaaa(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2174
2020-04-10
pjp
{
2175
2020-04-10
pjp
struct rrset *rrset = NULL;
2176
2020-04-10
pjp
struct rr *rrp = NULL;
2177
2020-04-10
pjp
struct rr *rrp2 = NULL;
2178
2020-04-10
pjp
struct keysentry **zsk_key;
2179
2020-04-10
pjp
2180
2020-04-10
pjp
char tmp[4096];
2181
2020-04-10
pjp
char signature[4096];
2182
2020-04-10
pjp
char shabuf[64];
2183
2020-04-10
pjp
2184
2020-04-10
pjp
2185
2020-04-10
pjp
char *dnsname;
2186
2020-08-11
pjp
char *p, *q, *r;
2187
2020-08-11
pjp
char **canonsort;
2188
2020-04-10
pjp
char *key, *tmpkey;
2189
2020-04-10
pjp
char *zone;
2190
2020-04-10
pjp
2191
2020-04-10
pjp
uint32_t ttl;
2192
2020-04-10
pjp
uint16_t flags;
2193
2020-04-10
pjp
uint8_t protocol;
2194
2020-04-10
pjp
uint8_t algorithm;
2195
2020-04-10
pjp
2196
2020-04-10
pjp
int labellen;
2197
2020-04-10
pjp
int keyid;
2198
2020-08-11
pjp
int len, rlen, clen, i;
2199
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
2200
2020-04-10
pjp
int labels;
2201
2020-04-10
pjp
int nzk = 0;
2202
2020-08-11
pjp
int csort = 0;
2203
2020-04-10
pjp
2204
2020-04-10
pjp
char timebuf[32];
2205
2020-04-10
pjp
struct tm tm;
2206
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2207
2020-04-10
pjp
2208
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2209
2020-04-10
pjp
2210
2020-04-10
pjp
key = malloc(10 * 4096);
2211
2020-04-10
pjp
if (key == NULL) {
2212
2020-04-10
pjp
dolog(LOG_INFO, "key out of memory\n");
2213
2020-04-10
pjp
return -1;
2214
2020-04-10
pjp
}
2215
2020-04-10
pjp
tmpkey = malloc(10 * 4096);
2216
2020-04-10
pjp
if (tmpkey == NULL) {
2217
2020-04-10
pjp
dolog(LOG_INFO, "tmpkey out of memory\n");
2218
2020-04-10
pjp
return -1;
2219
2020-04-10
pjp
}
2220
2020-04-10
pjp
2221
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2222
2020-04-10
pjp
if (zsk_key == NULL) {
2223
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2224
2020-04-10
pjp
return -1;
2225
2020-04-10
pjp
}
2226
2020-04-10
pjp
2227
2020-04-10
pjp
nzk = 0;
2228
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2229
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2230
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2231
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2232
2020-04-10
pjp
zsk_key[nzk++] = knp;
2233
2020-04-10
pjp
}
2234
2020-04-10
pjp
}
2235
2020-04-10
pjp
2236
2020-04-10
pjp
zsk_key[nzk] = NULL;
2237
2020-04-10
pjp
2238
2020-04-10
pjp
/* get the ZSK */
2239
2020-04-10
pjp
do {
2240
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2241
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2242
2020-04-10
pjp
return -1;
2243
2020-04-10
pjp
}
2244
2020-04-10
pjp
2245
2020-04-10
pjp
/* check the keytag supplied */
2246
2020-04-10
pjp
p = key;
2247
2020-04-10
pjp
pack16(p, htons(flags));
2248
2020-04-10
pjp
p += 2;
2249
2020-04-10
pjp
pack8(p, protocol);
2250
2020-04-10
pjp
p++;
2251
2020-04-10
pjp
pack8(p, algorithm);
2252
2020-04-10
pjp
p++;
2253
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2254
2020-04-10
pjp
pack(p, signature, keylen);
2255
2020-04-10
pjp
p += keylen;
2256
2020-04-10
pjp
keylen = (p - key);
2257
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2258
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2259
2020-04-10
pjp
return -1;
2260
2020-04-10
pjp
}
2261
2020-04-10
pjp
2262
2020-04-10
pjp
labels = label_count(rbt->zone);
2263
2020-04-10
pjp
if (labels < 0) {
2264
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2265
2020-04-10
pjp
return -1;
2266
2020-04-10
pjp
}
2267
2020-04-10
pjp
2268
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2269
2020-04-10
pjp
if (dnsname == NULL)
2270
2020-04-10
pjp
return -1;
2271
2020-04-10
pjp
2272
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_AAAA)) != NULL) {
2273
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2274
2020-04-10
pjp
if (rrp == NULL) {
2275
2020-04-10
pjp
dolog(LOG_INFO, "no AAAA records but have flags!\n");
2276
2020-04-10
pjp
return -1;
2277
2020-04-10
pjp
}
2278
2020-04-10
pjp
} else {
2279
2020-04-10
pjp
dolog(LOG_INFO, "no AAAA records\n");
2280
2020-04-10
pjp
return -1;
2281
2020-04-10
pjp
}
2282
2020-04-10
pjp
2283
2020-04-10
pjp
p = key;
2284
2020-04-10
pjp
2285
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_AAAA));
2286
2020-04-10
pjp
p += 2;
2287
2020-04-10
pjp
pack8(p, algorithm);
2288
2020-04-10
pjp
p++;
2289
2020-04-10
pjp
pack8(p, labels);
2290
2020-04-10
pjp
p++;
2291
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2292
2020-04-10
pjp
p += 4;
2293
2020-04-10
pjp
2294
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2295
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2296
2020-04-10
pjp
expiredon2 = timegm(&tm);
2297
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2298
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2299
2020-04-10
pjp
signedon2 = timegm(&tm);
2300
2020-04-10
pjp
2301
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2302
2020-04-10
pjp
p += 4;
2303
2020-04-10
pjp
pack32(p, htonl(signedon2));
2304
2020-04-10
pjp
p += 4;
2305
2020-04-10
pjp
pack16(p, htons(keyid));
2306
2020-04-10
pjp
p += 2;
2307
2020-04-10
pjp
pack(p, dnsname, labellen);
2308
2020-04-10
pjp
p += labellen;
2309
2020-04-10
pjp
2310
2020-04-10
pjp
/* no signature here */
2311
2020-08-11
pjp
canonsort = (char **)calloc(MAX_RECORDS_IN_RRSET, sizeof(char *));
2312
2020-08-11
pjp
if (canonsort == NULL) {
2313
2020-08-11
pjp
dolog(LOG_INFO, "canonsort out of memory\n");
2314
2020-08-11
pjp
return -1;
2315
2020-08-11
pjp
}
2316
2020-04-10
pjp
2317
2020-08-11
pjp
csort = 0;
2318
2020-08-11
pjp
2319
2020-08-11
pjp
2320
2020-04-10
pjp
TAILQ_FOREACH(rrp2, &rrset->rr_head, entries) {
2321
2020-04-10
pjp
q = tmpkey;
2322
2020-04-10
pjp
pack(q, rbt->zone, rbt->zonelen);
2323
2020-04-10
pjp
q += rbt->zonelen;
2324
2020-04-10
pjp
pack16(q, htons(DNS_TYPE_AAAA));
2325
2020-04-10
pjp
q += 2;
2326
2020-04-10
pjp
pack16(q, htons(DNS_CLASS_IN));
2327
2020-04-10
pjp
q += 2;
2328
2020-04-10
pjp
/* the below uses rrp! because we can't have an rrsig differ */
2329
2020-05-07
pjp
pack32(q, htonl(rrset->ttl));
2330
2020-04-10
pjp
q += 4;
2331
2020-04-10
pjp
pack16(q, htons(sizeof(struct in6_addr)));
2332
2020-04-10
pjp
q += 2;
2333
2020-04-10
pjp
pack(q, (char *)&((struct aaaa *)rrp2->rdata)->aaaa, sizeof(struct in6_addr));
2334
2020-04-10
pjp
q += sizeof(struct in6_addr);
2335
2020-04-10
pjp
2336
2020-08-11
pjp
r = canonsort[csort] = malloc(68000);
2337
2020-08-11
pjp
if (r == NULL) {
2338
2020-04-10
pjp
dolog(LOG_INFO, "c1 out of memory\n");
2339
2020-04-10
pjp
return -1;
2340
2020-04-10
pjp
}
2341
2020-04-10
pjp
2342
2020-08-11
pjp
clen = (q - tmpkey);
2343
2020-08-11
pjp
pack16(r, clen);
2344
2020-08-11
pjp
r += 2;
2345
2020-08-11
pjp
pack(r, tmpkey, clen);
2346
2020-04-10
pjp
2347
2020-08-11
pjp
csort++;
2348
2020-08-11
pjp
}
2349
2020-04-10
pjp
2350
2020-04-10
pjp
2351
2020-08-11
pjp
r = canonical_sort(canonsort, csort, &rlen);
2352
2020-08-11
pjp
if (r == NULL) {
2353
2020-08-11
pjp
dolog(LOG_INFO, "canonical_sort failed\n");
2354
2020-08-11
pjp
return -1;
2355
2020-04-10
pjp
}
2356
2020-04-10
pjp
2357
2020-08-11
pjp
pack(p, r, rlen);
2358
2020-08-11
pjp
p += rlen;
2359
2020-04-10
pjp
2360
2020-08-11
pjp
free (r);
2361
2020-08-11
pjp
for (i = 0; i < csort; i++) {
2362
2020-08-11
pjp
free(canonsort[i]);
2363
2020-04-10
pjp
}
2364
2020-08-11
pjp
free(canonsort);
2365
2020-04-10
pjp
2366
2020-04-10
pjp
keylen = (p - key);
2367
2020-04-10
pjp
2368
2020-04-10
pjp
#if 0
2369
2020-04-10
pjp
debug_bindump(key, keylen);
2370
2020-04-10
pjp
#endif
2371
2020-04-10
pjp
2372
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2373
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2374
2020-04-10
pjp
return -1;
2375
2020-04-10
pjp
}
2376
2020-04-10
pjp
2377
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2378
2020-04-10
pjp
tmp[len] = '\0';
2379
2020-04-10
pjp
2380
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "AAAA", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
2381
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2382
2020-04-10
pjp
return -1;
2383
2020-04-10
pjp
}
2384
2020-04-10
pjp
2385
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2386
2020-04-10
pjp
2387
2020-04-10
pjp
return 0;
2388
2020-04-10
pjp
}
2389
2020-04-10
pjp
2390
2020-04-10
pjp
/*
2391
2020-04-10
pjp
* create a RRSIG for an NSEC3 record
2392
2020-04-10
pjp
*/
2393
2020-04-10
pjp
2394
2020-04-10
pjp
static int
2395
2020-04-10
pjp
sign_nsec3(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2396
2020-04-10
pjp
{
2397
2020-04-10
pjp
struct rrset *rrset = NULL;
2398
2020-04-10
pjp
struct rr *rrp = NULL;
2399
2020-04-10
pjp
struct keysentry **zsk_key;
2400
2020-04-10
pjp
2401
2020-04-10
pjp
char tmp[4096];
2402
2020-04-10
pjp
char signature[4096];
2403
2020-04-10
pjp
char shabuf[64];
2404
2020-04-10
pjp
2405
2020-04-10
pjp
2406
2020-04-10
pjp
char *dnsname;
2407
2020-04-10
pjp
char *p;
2408
2020-04-10
pjp
char *key;
2409
2020-04-10
pjp
char *zone;
2410
2020-04-10
pjp
2411
2020-04-10
pjp
uint32_t ttl;
2412
2020-04-10
pjp
uint16_t flags;
2413
2020-04-10
pjp
uint8_t protocol;
2414
2020-04-10
pjp
uint8_t algorithm;
2415
2020-04-10
pjp
2416
2020-04-10
pjp
int labellen;
2417
2020-04-10
pjp
int keyid;
2418
2020-04-10
pjp
int len;
2419
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
2420
2020-04-10
pjp
int labels;
2421
2020-04-10
pjp
int nzk = 0;
2422
2020-04-10
pjp
2423
2020-04-10
pjp
char timebuf[32];
2424
2020-04-10
pjp
struct tm tm;
2425
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2426
2020-04-10
pjp
2427
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2428
2020-04-10
pjp
2429
2020-04-10
pjp
key = malloc(10 * 4096);
2430
2020-04-10
pjp
if (key == NULL) {
2431
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2432
2020-04-10
pjp
return -1;
2433
2020-04-10
pjp
}
2434
2020-04-10
pjp
2435
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2436
2020-04-10
pjp
if (zsk_key == NULL) {
2437
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2438
2020-04-10
pjp
return -1;
2439
2020-04-10
pjp
}
2440
2020-04-10
pjp
2441
2020-04-10
pjp
nzk = 0;
2442
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2443
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2444
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2445
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2446
2020-04-10
pjp
zsk_key[nzk++] = knp;
2447
2020-04-10
pjp
}
2448
2020-04-10
pjp
}
2449
2020-04-10
pjp
2450
2020-04-10
pjp
zsk_key[nzk] = NULL;
2451
2020-04-10
pjp
2452
2020-04-10
pjp
/* get the ZSK */
2453
2020-04-10
pjp
do {
2454
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2455
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2456
2020-04-10
pjp
return -1;
2457
2020-04-10
pjp
}
2458
2020-04-10
pjp
2459
2020-04-10
pjp
/* check the keytag supplied */
2460
2020-04-10
pjp
p = key;
2461
2020-04-10
pjp
pack16(p, htons(flags));
2462
2020-04-10
pjp
p += 2;
2463
2020-04-10
pjp
pack8(p, protocol);
2464
2020-04-10
pjp
p++;
2465
2020-04-10
pjp
pack8(p, algorithm);
2466
2020-04-10
pjp
p++;
2467
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2468
2020-04-10
pjp
pack(p, signature, keylen);
2469
2020-04-10
pjp
p += keylen;
2470
2020-04-10
pjp
keylen = (p - key);
2471
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2472
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2473
2020-04-10
pjp
return -1;
2474
2020-04-10
pjp
}
2475
2020-04-10
pjp
2476
2020-04-10
pjp
labels = label_count(rbt->zone);
2477
2020-04-10
pjp
if (labels < 0) {
2478
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2479
2020-04-10
pjp
return -1;
2480
2020-04-10
pjp
}
2481
2020-04-10
pjp
2482
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2483
2020-04-10
pjp
if (dnsname == NULL)
2484
2020-04-10
pjp
return -1;
2485
2020-04-10
pjp
2486
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3)) != NULL) {
2487
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2488
2020-04-10
pjp
if (rrp == NULL) {
2489
2020-04-10
pjp
dolog(LOG_INFO, "no NSEC3 records but have flags!\n");
2490
2020-04-10
pjp
return -1;
2491
2020-04-10
pjp
}
2492
2020-04-10
pjp
} else {
2493
2020-04-10
pjp
dolog(LOG_INFO, "no NSEC3 records\n");
2494
2020-04-10
pjp
return -1;
2495
2020-04-10
pjp
}
2496
2020-04-10
pjp
2497
2020-04-10
pjp
p = key;
2498
2020-04-10
pjp
2499
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_NSEC3));
2500
2020-04-10
pjp
p += 2;
2501
2020-04-10
pjp
pack8(p, algorithm);
2502
2020-04-10
pjp
p++;
2503
2020-04-10
pjp
pack8(p, labels);
2504
2020-04-10
pjp
p++;
2505
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2506
2020-04-10
pjp
p += 4;
2507
2020-04-10
pjp
2508
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2509
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2510
2020-04-10
pjp
expiredon2 = timegm(&tm);
2511
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2512
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2513
2020-04-10
pjp
signedon2 = timegm(&tm);
2514
2020-04-10
pjp
2515
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2516
2020-04-10
pjp
p += 4;
2517
2020-04-10
pjp
pack32(p, htonl(signedon2));
2518
2020-04-10
pjp
p += 4;
2519
2020-04-10
pjp
pack16(p, htons(keyid));
2520
2020-04-10
pjp
p += 2;
2521
2020-04-10
pjp
pack(p, dnsname, labellen);
2522
2020-04-10
pjp
p += labellen;
2523
2020-04-10
pjp
2524
2020-04-10
pjp
/* no signature here */
2525
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
2526
2020-04-10
pjp
2527
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
2528
2020-04-10
pjp
p += rbt->zonelen;
2529
2020-04-10
pjp
2530
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_NSEC3));
2531
2020-04-10
pjp
p += 2;
2532
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
2533
2020-04-10
pjp
p += 2;
2534
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2535
2020-04-10
pjp
p += 4;
2536
2020-04-10
pjp
pack16(p, htons(1 + 1 + 2 + 1 + ((struct nsec3 *)rrp->rdata)->saltlen + 1 + ((struct nsec3 *)rrp->rdata)->nextlen + ((struct nsec3 *)rrp->rdata)->bitmap_len));
2537
2020-04-10
pjp
p += 2;
2538
2020-04-10
pjp
pack8(p, ((struct nsec3 *)rrp->rdata)->algorithm);
2539
2020-04-10
pjp
p++;
2540
2020-04-10
pjp
pack8(p, ((struct nsec3 *)rrp->rdata)->flags);
2541
2020-04-10
pjp
p++;
2542
2020-04-10
pjp
pack16(p, htons(((struct nsec3 *)rrp->rdata)->iterations));
2543
2020-04-10
pjp
p += 2;
2544
2020-04-10
pjp
2545
2020-04-10
pjp
pack8(p, ((struct nsec3 *)rrp->rdata)->saltlen);
2546
2020-04-10
pjp
p++;
2547
2020-04-10
pjp
2548
2020-04-10
pjp
if (((struct nsec3 *)rrp->rdata)->saltlen) {
2549
2020-04-10
pjp
pack(p, ((struct nsec3 *)rrp->rdata)->salt, ((struct nsec3 *)rrp->rdata)->saltlen);
2550
2020-04-10
pjp
p += ((struct nsec3 *)rrp->rdata)->saltlen;
2551
2020-04-10
pjp
}
2552
2020-04-10
pjp
2553
2020-04-10
pjp
pack8(p, ((struct nsec3 *)rrp->rdata)->nextlen);
2554
2020-04-10
pjp
p++;
2555
2020-04-10
pjp
pack(p, ((struct nsec3 *)rrp->rdata)->next, ((struct nsec3 *)rrp->rdata)->nextlen);
2556
2020-04-10
pjp
p += ((struct nsec3 *)rrp->rdata)->nextlen;
2557
2020-04-10
pjp
if (((struct nsec3 *)rrp->rdata)->bitmap_len) {
2558
2020-04-10
pjp
pack(p, ((struct nsec3 *)rrp->rdata)->bitmap, ((struct nsec3 *)rrp->rdata)->bitmap_len);
2559
2020-04-10
pjp
p += ((struct nsec3 *)rrp->rdata)->bitmap_len;
2560
2020-04-10
pjp
}
2561
2020-04-10
pjp
2562
2020-04-10
pjp
keylen = (p - key);
2563
2020-04-10
pjp
2564
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2565
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2566
2020-04-10
pjp
return -1;
2567
2020-04-10
pjp
}
2568
2020-04-10
pjp
2569
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2570
2020-04-10
pjp
tmp[len] = '\0';
2571
2020-04-10
pjp
2572
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "NSEC3", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
2573
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2574
2020-04-10
pjp
return -1;
2575
2020-04-10
pjp
}
2576
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2577
2020-04-10
pjp
2578
2020-04-10
pjp
return 0;
2579
2020-04-10
pjp
}
2580
2020-04-10
pjp
2581
2020-04-10
pjp
2582
2020-04-10
pjp
/*
2583
2020-04-10
pjp
* create a RRSIG for an NSEC3PARAM record
2584
2020-04-10
pjp
*/
2585
2020-04-10
pjp
2586
2020-04-10
pjp
static int
2587
2020-04-10
pjp
sign_nsec3param(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2588
2020-04-10
pjp
{
2589
2020-04-10
pjp
struct rrset *rrset = NULL;
2590
2020-04-10
pjp
struct rr *rrp = NULL;
2591
2020-04-10
pjp
struct keysentry **zsk_key;
2592
2020-04-10
pjp
2593
2020-04-10
pjp
char tmp[4096];
2594
2020-04-10
pjp
char signature[4096];
2595
2020-04-10
pjp
char shabuf[64];
2596
2020-04-10
pjp
2597
2020-04-10
pjp
2598
2020-04-10
pjp
char *dnsname;
2599
2020-04-10
pjp
char *p;
2600
2020-04-10
pjp
char *key;
2601
2020-04-10
pjp
char *zone;
2602
2020-04-10
pjp
2603
2020-04-10
pjp
uint32_t ttl;
2604
2020-04-10
pjp
uint16_t flags;
2605
2020-04-10
pjp
uint8_t protocol;
2606
2020-04-10
pjp
uint8_t algorithm;
2607
2020-04-10
pjp
2608
2020-04-10
pjp
int labellen;
2609
2020-04-10
pjp
int keyid;
2610
2020-04-10
pjp
int len;
2611
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
2612
2020-04-10
pjp
int labels;
2613
2020-04-10
pjp
int nzk = 0;
2614
2020-04-10
pjp
2615
2020-04-10
pjp
char timebuf[32];
2616
2020-04-10
pjp
struct tm tm;
2617
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2618
2020-04-10
pjp
2619
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2620
2020-04-10
pjp
2621
2020-04-10
pjp
key = malloc(10 * 4096);
2622
2020-04-10
pjp
if (key == NULL) {
2623
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2624
2020-04-10
pjp
return -1;
2625
2020-04-10
pjp
}
2626
2020-04-10
pjp
2627
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2628
2020-04-10
pjp
if (zsk_key == NULL) {
2629
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2630
2020-04-10
pjp
return -1;
2631
2020-04-10
pjp
}
2632
2020-04-10
pjp
2633
2020-04-10
pjp
nzk = 0;
2634
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2635
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2636
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2637
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2638
2020-04-10
pjp
zsk_key[nzk++] = knp;
2639
2020-04-10
pjp
}
2640
2020-04-10
pjp
}
2641
2020-04-10
pjp
2642
2020-04-10
pjp
zsk_key[nzk] = NULL;
2643
2020-04-10
pjp
2644
2020-04-10
pjp
/* get the ZSK */
2645
2020-04-10
pjp
do {
2646
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2647
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2648
2020-04-10
pjp
return -1;
2649
2020-04-10
pjp
}
2650
2020-04-10
pjp
2651
2020-04-10
pjp
/* check the keytag supplied */
2652
2020-04-10
pjp
p = key;
2653
2020-04-10
pjp
pack16(p, htons(flags));
2654
2020-04-10
pjp
p += 2;
2655
2020-04-10
pjp
pack8(p, protocol);
2656
2020-04-10
pjp
p++;
2657
2020-04-10
pjp
pack8(p, algorithm);
2658
2020-04-10
pjp
p++;
2659
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2660
2020-04-10
pjp
pack(p, signature, keylen);
2661
2020-04-10
pjp
p += keylen;
2662
2020-04-10
pjp
keylen = (p - key);
2663
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2664
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2665
2020-04-10
pjp
return -1;
2666
2020-04-10
pjp
}
2667
2020-04-10
pjp
2668
2020-04-10
pjp
labels = label_count(rbt->zone);
2669
2020-04-10
pjp
if (labels < 0) {
2670
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2671
2020-04-10
pjp
return -1;
2672
2020-04-10
pjp
}
2673
2020-04-10
pjp
2674
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2675
2020-04-10
pjp
if (dnsname == NULL)
2676
2020-04-10
pjp
return -1;
2677
2020-04-10
pjp
2678
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3PARAM)) != NULL) {
2679
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2680
2020-04-10
pjp
if (rrp == NULL) {
2681
2020-04-10
pjp
dolog(LOG_INFO, "no NSEC3PARAM records but have flags!\n");
2682
2020-04-10
pjp
return -1;
2683
2020-04-10
pjp
}
2684
2020-04-10
pjp
} else {
2685
2020-04-10
pjp
dolog(LOG_INFO, "no NSEC3PARAM records\n");
2686
2020-04-10
pjp
return -1;
2687
2020-04-10
pjp
}
2688
2020-04-10
pjp
2689
2020-04-10
pjp
p = key;
2690
2020-04-10
pjp
2691
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_NSEC3PARAM));
2692
2020-04-10
pjp
p += 2;
2693
2020-04-10
pjp
pack8(p, algorithm);
2694
2020-04-10
pjp
p++;
2695
2020-04-10
pjp
pack8(p, labels);
2696
2020-04-10
pjp
p++;
2697
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2698
2020-04-10
pjp
p += 4;
2699
2020-04-10
pjp
2700
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2701
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2702
2020-04-10
pjp
expiredon2 = timegm(&tm);
2703
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2704
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2705
2020-04-10
pjp
signedon2 = timegm(&tm);
2706
2020-04-10
pjp
2707
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2708
2020-04-10
pjp
p += 4;
2709
2020-04-10
pjp
pack32(p, htonl(signedon2));
2710
2020-04-10
pjp
p += 4;
2711
2020-04-10
pjp
pack16(p, htons(keyid));
2712
2020-04-10
pjp
p += 2;
2713
2020-04-10
pjp
pack(p, dnsname, labellen);
2714
2020-04-10
pjp
p += labellen;
2715
2020-04-10
pjp
2716
2020-04-10
pjp
/* no signature here */
2717
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
2718
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
2719
2020-04-10
pjp
p += rbt->zonelen;
2720
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_NSEC3PARAM));
2721
2020-04-10
pjp
p += 2;
2722
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
2723
2020-04-10
pjp
p += 2;
2724
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2725
2020-04-10
pjp
p += 4;
2726
2020-04-10
pjp
pack16(p, htons(1 + 1 + 2 + 1 + ((struct nsec3param *)rrp->rdata)->saltlen));
2727
2020-04-10
pjp
p += 2;
2728
2020-04-10
pjp
pack8(p, ((struct nsec3param *)rrp->rdata)->algorithm);
2729
2020-04-10
pjp
p++;
2730
2020-04-10
pjp
pack8(p, ((struct nsec3param *)rrp->rdata)->flags);
2731
2020-04-10
pjp
p++;
2732
2020-04-10
pjp
pack16(p, htons(((struct nsec3param *)rrp->rdata)->iterations));
2733
2020-04-10
pjp
p += 2;
2734
2020-04-10
pjp
2735
2020-04-10
pjp
pack8(p, ((struct nsec3param *)rrp->rdata)->saltlen);
2736
2020-04-10
pjp
p++;
2737
2020-04-10
pjp
2738
2020-04-10
pjp
if (((struct nsec3param *)rrp->rdata)->saltlen) {
2739
2020-04-10
pjp
pack(p, ((struct nsec3param *)rrp->rdata)->salt, ((struct nsec3param *)rrp->rdata)->saltlen);
2740
2020-04-10
pjp
p += ((struct nsec3param *)rrp->rdata)->saltlen;
2741
2020-04-10
pjp
}
2742
2020-04-10
pjp
2743
2020-04-10
pjp
keylen = (p - key);
2744
2020-04-10
pjp
2745
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2746
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2747
2020-04-10
pjp
return -1;
2748
2020-04-10
pjp
}
2749
2020-04-10
pjp
2750
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2751
2020-04-10
pjp
tmp[len] = '\0';
2752
2020-04-10
pjp
2753
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", 0, "NSEC3PARAM", algorithm, labels, 0, expiredon, signedon, keyid, zonename, tmp) < 0) {
2754
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2755
2020-04-10
pjp
return -1;
2756
2020-04-10
pjp
}
2757
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2758
2020-04-10
pjp
2759
2020-04-10
pjp
return 0;
2760
2020-04-10
pjp
}
2761
2020-04-10
pjp
2762
2020-04-10
pjp
/*
2763
2020-04-10
pjp
* create a RRSIG for a CNAME record
2764
2020-04-10
pjp
*/
2765
2020-04-10
pjp
2766
2020-04-10
pjp
static int
2767
2020-04-10
pjp
sign_cname(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2768
2020-04-10
pjp
{
2769
2020-04-10
pjp
struct rrset *rrset = NULL;
2770
2020-04-10
pjp
struct rr *rrp = NULL;
2771
2020-04-10
pjp
struct keysentry **zsk_key;
2772
2020-04-10
pjp
2773
2020-04-10
pjp
char tmp[4096];
2774
2020-04-10
pjp
char signature[4096];
2775
2020-04-10
pjp
char shabuf[64];
2776
2020-04-10
pjp
2777
2020-04-10
pjp
2778
2020-04-10
pjp
char *dnsname;
2779
2020-04-10
pjp
char *p;
2780
2020-04-10
pjp
char *key;
2781
2020-04-10
pjp
char *zone;
2782
2020-04-10
pjp
2783
2020-04-10
pjp
uint32_t ttl;
2784
2020-04-10
pjp
uint16_t flags;
2785
2020-04-10
pjp
uint8_t protocol;
2786
2020-04-10
pjp
uint8_t algorithm;
2787
2020-04-10
pjp
2788
2020-04-10
pjp
int labellen;
2789
2020-04-10
pjp
int keyid;
2790
2020-04-10
pjp
int len;
2791
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
2792
2020-04-10
pjp
int labels;
2793
2020-04-10
pjp
int nzk = 0;
2794
2020-04-10
pjp
2795
2020-04-10
pjp
char timebuf[32];
2796
2020-04-10
pjp
struct tm tm;
2797
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2798
2020-04-10
pjp
2799
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2800
2020-04-10
pjp
2801
2020-04-10
pjp
key = malloc(10 * 4096);
2802
2020-04-10
pjp
if (key == NULL) {
2803
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2804
2020-04-10
pjp
return -1;
2805
2020-04-10
pjp
}
2806
2020-04-10
pjp
2807
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2808
2020-04-10
pjp
if (zsk_key == NULL) {
2809
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2810
2020-04-10
pjp
return -1;
2811
2020-04-10
pjp
}
2812
2020-04-10
pjp
2813
2020-04-10
pjp
nzk = 0;
2814
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2815
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2816
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2817
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2818
2020-04-10
pjp
zsk_key[nzk++] = knp;
2819
2020-04-10
pjp
}
2820
2020-04-10
pjp
}
2821
2020-04-10
pjp
2822
2020-04-10
pjp
zsk_key[nzk] = NULL;
2823
2020-04-10
pjp
2824
2020-04-10
pjp
/* get the ZSK */
2825
2020-04-10
pjp
do {
2826
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2827
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2828
2020-04-10
pjp
return -1;
2829
2020-04-10
pjp
}
2830
2020-04-10
pjp
2831
2020-04-10
pjp
/* check the keytag supplied */
2832
2020-04-10
pjp
p = key;
2833
2020-04-10
pjp
pack16(p, htons(flags));
2834
2020-04-10
pjp
p += 2;
2835
2020-04-10
pjp
pack8(p, protocol);
2836
2020-04-10
pjp
p++;
2837
2020-04-10
pjp
pack8(p, algorithm);
2838
2020-04-10
pjp
p++;
2839
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2840
2020-04-10
pjp
pack(p, signature, keylen);
2841
2020-04-10
pjp
p += keylen;
2842
2020-04-10
pjp
keylen = (p - key);
2843
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2844
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2845
2020-04-10
pjp
return -1;
2846
2020-04-10
pjp
}
2847
2020-04-10
pjp
2848
2020-04-10
pjp
labels = label_count(rbt->zone);
2849
2020-04-10
pjp
if (labels < 0) {
2850
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2851
2020-04-10
pjp
return -1;
2852
2020-04-10
pjp
}
2853
2020-04-10
pjp
2854
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2855
2020-04-10
pjp
if (dnsname == NULL)
2856
2020-04-10
pjp
return -1;
2857
2020-04-10
pjp
2858
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_CNAME)) != NULL) {
2859
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2860
2020-04-10
pjp
if (rrp == NULL) {
2861
2020-04-10
pjp
dolog(LOG_INFO, "no CNAME records but have flags!\n");
2862
2020-04-10
pjp
return -1;
2863
2020-04-10
pjp
}
2864
2020-04-10
pjp
} else {
2865
2020-04-10
pjp
dolog(LOG_INFO, "no CNAME records\n");
2866
2020-04-10
pjp
return -1;
2867
2020-04-10
pjp
2868
2020-04-10
pjp
}
2869
2020-04-10
pjp
2870
2020-04-10
pjp
p = key;
2871
2020-04-10
pjp
2872
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_CNAME));
2873
2020-04-10
pjp
p += 2;
2874
2020-04-10
pjp
pack8(p, algorithm);
2875
2020-04-10
pjp
p++;
2876
2020-04-10
pjp
pack8(p, labels);
2877
2020-04-10
pjp
p++;
2878
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2879
2020-04-10
pjp
p += 4;
2880
2020-04-10
pjp
2881
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2882
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2883
2020-04-10
pjp
expiredon2 = timegm(&tm);
2884
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2885
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2886
2020-04-10
pjp
signedon2 = timegm(&tm);
2887
2020-04-10
pjp
2888
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2889
2020-04-10
pjp
p += 4;
2890
2020-04-10
pjp
pack32(p, htonl(signedon2));
2891
2020-04-10
pjp
p += 4;
2892
2020-04-10
pjp
pack16(p, htons(keyid));
2893
2020-04-10
pjp
p += 2;
2894
2020-04-10
pjp
pack(p, dnsname, labellen);
2895
2020-04-10
pjp
p += labellen;
2896
2020-04-10
pjp
2897
2020-04-10
pjp
/* no signature here */
2898
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
2899
2020-04-10
pjp
2900
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
2901
2020-04-10
pjp
p += rbt->zonelen;
2902
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_CNAME));
2903
2020-04-10
pjp
p += 2;
2904
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
2905
2020-04-10
pjp
p += 2;
2906
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2907
2020-04-10
pjp
p += 4;
2908
2020-04-10
pjp
pack16(p, htons(((struct cname *)rrp->rdata)->cnamelen));
2909
2020-04-10
pjp
p += 2;
2910
2020-04-10
pjp
pack(p, ((struct cname *)rrp->rdata)->cname, ((struct cname *)rrp->rdata)->cnamelen);
2911
2020-04-10
pjp
p += ((struct cname *)rrp->rdata)->cnamelen;
2912
2020-04-10
pjp
2913
2020-04-10
pjp
keylen = (p - key);
2914
2020-04-10
pjp
2915
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2916
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2917
2020-04-10
pjp
return -1;
2918
2020-04-10
pjp
}
2919
2020-04-10
pjp
2920
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2921
2020-04-10
pjp
tmp[len] = '\0';
2922
2020-04-10
pjp
2923
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "CNAME", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
2924
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2925
2020-04-10
pjp
return -1;
2926
2020-04-10
pjp
}
2927
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2928
2020-04-10
pjp
2929
2020-04-10
pjp
return 0;
2930
2020-04-10
pjp
}
2931
2020-04-10
pjp
2932
2020-04-10
pjp
/*
2933
2020-04-10
pjp
* create a RRSIG for an NS record
2934
2020-04-10
pjp
*/
2935
2020-04-10
pjp
2936
2020-04-10
pjp
static int
2937
2020-04-10
pjp
sign_ptr(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2938
2020-04-10
pjp
{
2939
2020-04-10
pjp
struct rrset *rrset = NULL;
2940
2020-04-10
pjp
struct rr *rrp = NULL;
2941
2020-04-10
pjp
struct keysentry **zsk_key;
2942
2020-04-10
pjp
2943
2020-04-10
pjp
char tmp[4096];
2944
2020-04-10
pjp
char signature[4096];
2945
2020-04-10
pjp
char shabuf[64];
2946
2020-04-10
pjp
2947
2020-04-10
pjp
2948
2020-04-10
pjp
char *dnsname;
2949
2020-04-10
pjp
char *p;
2950
2020-04-10
pjp
char *key;
2951
2020-04-10
pjp
char *zone;
2952
2020-04-10
pjp
2953
2020-04-10
pjp
uint32_t ttl;
2954
2020-04-10
pjp
uint16_t flags;
2955
2020-04-10
pjp
uint8_t protocol;
2956
2020-04-10
pjp
uint8_t algorithm;
2957
2020-04-10
pjp
2958
2020-04-10
pjp
int labellen;
2959
2020-04-10
pjp
int keyid;
2960
2020-04-10
pjp
int len;
2961
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
2962
2020-04-10
pjp
int labels;
2963
2020-04-10
pjp
int nzk = 0;
2964
2020-04-10
pjp
2965
2020-04-10
pjp
char timebuf[32];
2966
2020-04-10
pjp
struct tm tm;
2967
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2968
2020-04-10
pjp
2969
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2970
2020-04-10
pjp
2971
2020-04-10
pjp
key = malloc(10 * 4096);
2972
2020-04-10
pjp
if (key == NULL) {
2973
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2974
2020-04-10
pjp
return -1;
2975
2020-04-10
pjp
}
2976
2020-04-10
pjp
2977
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2978
2020-04-10
pjp
if (zsk_key == NULL) {
2979
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2980
2020-04-10
pjp
return -1;
2981
2020-04-10
pjp
}
2982
2020-04-10
pjp
2983
2020-04-10
pjp
nzk = 0;
2984
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2985
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2986
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2987
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2988
2020-04-10
pjp
zsk_key[nzk++] = knp;
2989
2020-04-10
pjp
}
2990
2020-04-10
pjp
}
2991
2020-04-10
pjp
2992
2020-04-10
pjp
zsk_key[nzk] = NULL;
2993
2020-04-10
pjp
2994
2020-04-10
pjp
/* get the ZSK */
2995
2020-04-10
pjp
do {
2996
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2997
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2998
2020-04-10
pjp
return -1;
2999
2020-04-10
pjp
}
3000
2020-04-10
pjp
3001
2020-04-10
pjp
/* check the keytag supplied */
3002
2020-04-10
pjp
p = key;
3003
2020-04-10
pjp
pack16(p, htons(flags));
3004
2020-04-10
pjp
p += 2;
3005
2020-04-10
pjp
pack8(p, protocol);
3006
2020-04-10
pjp
p++;
3007
2020-04-10
pjp
pack8(p, algorithm);
3008
2020-04-10
pjp
p++;
3009
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
3010
2020-04-10
pjp
pack(p, signature, keylen);
3011
2020-04-10
pjp
p += keylen;
3012
2020-04-10
pjp
keylen = (p - key);
3013
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
3014
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
3015
2020-04-10
pjp
return -1;
3016
2020-04-10
pjp
}
3017
2020-04-10
pjp
3018
2020-04-10
pjp
labels = label_count(rbt->zone);
3019
2020-04-10
pjp
if (labels < 0) {
3020
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
3021
2020-04-10
pjp
return -1;
3022
2020-04-10
pjp
}
3023
2020-04-10
pjp
3024
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
3025
2020-04-10
pjp
if (dnsname == NULL)
3026
2020-04-10
pjp
return -1;
3027
2020-04-10
pjp
3028
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_PTR)) != NULL) {
3029
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
3030
2020-04-10
pjp
if (rrp == NULL) {
3031
2020-04-10
pjp
dolog(LOG_INFO, "no PTR records but have flags!\n");
3032
2020-04-10
pjp
return -1;
3033
2020-04-10
pjp
}
3034
2020-04-10
pjp
} else {
3035
2020-04-10
pjp
dolog(LOG_INFO, "no PTR records\n");
3036
2020-04-10
pjp
return -1;
3037
2020-04-10
pjp
}
3038
2020-04-10
pjp
3039
2020-04-10
pjp
3040
2020-04-10
pjp
p = key;
3041
2020-04-10
pjp
3042
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_PTR));
3043
2020-04-10
pjp
p += 2;
3044
2020-04-10
pjp
pack8(p, algorithm);
3045
2020-04-10
pjp
p++;
3046
2020-04-10
pjp
pack8(p, labels);
3047
2020-04-10
pjp
p++;
3048
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
3049
2020-04-10
pjp
p += 4;
3050
2020-04-10
pjp
3051
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
3052
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
3053
2020-04-10
pjp
expiredon2 = timegm(&tm);
3054
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
3055
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
3056
2020-04-10
pjp
signedon2 = timegm(&tm);
3057
2020-04-10
pjp
3058
2020-04-10
pjp
pack32(p, htonl(expiredon2));
3059
2020-04-10
pjp
p += 4;
3060
2020-04-10
pjp
pack32(p, htonl(signedon2));
3061
2020-04-10
pjp
p += 4;
3062
2020-04-10
pjp
pack16(p, htons(keyid));
3063
2020-04-10
pjp
p += 2;
3064
2020-04-10
pjp
pack(p, dnsname, labellen);
3065
2020-04-10
pjp
p += labellen;
3066
2020-04-10
pjp
3067
2020-04-10
pjp
/* no signature here */
3068
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
3069
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
3070
2020-04-10
pjp
p += rbt->zonelen;
3071
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_PTR));
3072
2020-04-10
pjp
p += 2;
3073
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
3074
2020-04-10
pjp
p += 2;
3075
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
3076
2020-04-10
pjp
p += 4;
3077
2020-04-10
pjp
pack16(p, htons(((struct ptr *)rrp->rdata)->ptrlen));
3078
2020-04-10
pjp
p += 2;
3079
2020-04-10
pjp
pack(p, ((struct ptr *)rrp->rdata)->ptr, ((struct ptr *)rrp->rdata)->ptrlen);
3080
2020-04-10
pjp
p += ((struct ptr *)rrp->rdata)->ptrlen;
3081
2020-04-10
pjp
3082
2020-04-10
pjp
keylen = (p - key);
3083
2020-04-10
pjp
3084
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
3085
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
3086
2020-04-10
pjp
return -1;
3087
2020-04-10
pjp
}
3088
2020-04-10
pjp
3089
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
3090
2020-04-10
pjp
tmp[len] = '\0';
3091
2020-04-10
pjp
3092
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "PTR", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
3093
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
3094
2020-04-10
pjp
return -1;
3095
2020-04-10
pjp
}
3096
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
3097
2020-04-10
pjp
3098
2020-04-10
pjp
return 0;
3099
2020-04-10
pjp
}
3100
2020-04-10
pjp
3101
2020-04-10
pjp
/*
3102
2020-04-10
pjp
* create a RRSIG for a NAPTR record
3103
2020-04-10
pjp
*/
3104
2020-04-10
pjp
3105
2020-04-10
pjp
static int
3106
2020-04-10
pjp
sign_naptr(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
3107
2020-04-10
pjp
{
3108
2020-04-10
pjp
struct rrset *rrset = NULL;
3109
2020-04-10
pjp
struct rr *rrp = NULL;
3110
2020-04-10
pjp
struct rr *rrp2 = NULL;
3111
2020-04-10
pjp
struct keysentry **zsk_key;
3112
2020-04-10
pjp
3113
2020-04-10
pjp
char tmp[4096];
3114
2020-04-10
pjp
char signature[4096];
3115
2020-04-10
pjp
char shabuf[64];
3116
2020-04-10
pjp
3117
2020-04-10
pjp
3118
2020-04-10
pjp
char *dnsname;
3119
2020-08-11
pjp
char *p, *q, *r;
3120
2020-08-11
pjp
char **canonsort;
3121
2020-04-10
pjp
char *key, *tmpkey;
3122
2020-04-10
pjp
char *zone;
3123
2020-04-10
pjp
3124
2020-04-10
pjp
uint32_t ttl;
3125
2020-04-10
pjp
uint16_t flags;
3126
2020-04-10
pjp
uint8_t protocol;
3127
2020-04-10
pjp
uint8_t algorithm;
3128
2020-04-10
pjp
3129
2020-04-10
pjp
int labellen;
3130
2020-04-10
pjp
int keyid;
3131
2020-08-11
pjp
int len, rlen, clen, i;
3132
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
3133
2020-04-10
pjp
int labels;
3134
2020-04-10
pjp
int nzk = 0;
3135
2020-08-11
pjp
int csort = 0;
3136
2020-04-10
pjp
3137
2020-04-10
pjp
char timebuf[32];
3138
2020-04-10
pjp
struct tm tm;
3139
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
3140
2020-04-10
pjp
3141
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
3142
2020-04-10
pjp
3143
2020-04-10
pjp
key = malloc(10 * 4096);
3144
2020-04-10
pjp
if (key == NULL) {
3145
2020-04-10
pjp
dolog(LOG_INFO, "key out of memory\n");
3146
2020-04-10
pjp
return -1;
3147