Blame
Date:
Sat Aug 1 09:01:52 2020 UTC
Message:
move extended RCODE's out of the RCODE section those are only 0x00 through 0x0F make a section that shows extended RCODE's that are added to a EDNS0 tag.
0001
2020-04-10
pjp
/*
0002
2020-04-10
pjp
* Copyright (c) 2020 Peter J. Philipp
0003
2020-04-10
pjp
* All rights reserved.
0004
2020-04-10
pjp
*
0005
2020-04-10
pjp
* Redistribution and use in source and binary forms, with or without
0006
2020-04-10
pjp
* modification, are permitted provided that the following conditions
0007
2020-04-10
pjp
* are met:
0008
2020-04-10
pjp
* 1. Redistributions of source code must retain the above copyright
0009
2020-04-10
pjp
* notice, this list of conditions and the following disclaimer.
0010
2020-04-10
pjp
* 2. Redistributions in binary form must reproduce the above copyright
0011
2020-04-10
pjp
* notice, this list of conditions and the following disclaimer in the
0012
2020-04-10
pjp
* documentation and/or other materials provided with the distribution.
0013
2020-04-10
pjp
* 3. The name of the author may not be used to endorse or promote products
0014
2020-04-10
pjp
* derived from this software without specific prior written permission
0015
2020-04-10
pjp
*
0016
2020-04-10
pjp
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
0017
2020-04-10
pjp
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
0018
2020-04-10
pjp
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
0019
2020-04-10
pjp
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
0020
2020-04-10
pjp
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
0021
2020-04-10
pjp
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
0022
2020-04-10
pjp
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
0023
2020-04-10
pjp
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
0024
2020-04-10
pjp
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
0025
2020-04-10
pjp
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
0026
2020-04-10
pjp
*
0027
2020-04-10
pjp
*/
0028
2020-04-10
pjp
0029
2020-04-10
pjp
/*
0030
2020-07-23
pjp
* $Id: sign.c,v 1.10 2020/07/23 16:04:01 pjp Exp $
0031
2020-04-10
pjp
*/
0032
2020-04-10
pjp
0033
2020-04-10
pjp
#include <sys/types.h>
0034
2020-04-10
pjp
#include <sys/time.h>
0035
2020-04-10
pjp
#include <sys/stat.h>
0036
2020-04-10
pjp
#include <sys/uio.h>
0037
2020-04-10
pjp
#include <sys/socket.h>
0038
2020-04-10
pjp
0039
2020-04-10
pjp
#include <netinet/in.h>
0040
2020-04-10
pjp
#include <arpa/inet.h>
0041
2020-04-10
pjp
#include <netdb.h>
0042
2020-04-10
pjp
0043
2020-04-10
pjp
#include <stdio.h>
0044
2020-04-10
pjp
#include <stdlib.h>
0045
2020-04-10
pjp
#include <stdint.h>
0046
2020-04-10
pjp
#include <stdarg.h>
0047
2020-04-10
pjp
#include <string.h>
0048
2020-04-10
pjp
#include <unistd.h>
0049
2020-04-10
pjp
#include <syslog.h>
0050
2020-04-10
pjp
#include <fcntl.h>
0051
2020-04-10
pjp
#include <ctype.h>
0052
2020-04-10
pjp
0053
2020-04-10
pjp
#ifdef __linux__
0054
2020-04-10
pjp
#include <grp.h>
0055
2020-04-10
pjp
#define __USE_BSD 1
0056
2020-04-10
pjp
#include <endian.h>
0057
2020-04-10
pjp
#include <bsd/stdlib.h>
0058
2020-04-10
pjp
#include <bsd/string.h>
0059
2020-04-10
pjp
#include <bsd/unistd.h>
0060
2020-04-10
pjp
#include <bsd/sys/queue.h>
0061
2020-04-10
pjp
#define __unused
0062
2020-04-10
pjp
#include <bsd/sys/tree.h>
0063
2020-04-10
pjp
#include <bsd/sys/endian.h>
0064
2020-04-10
pjp
#include "imsg.h"
0065
2020-04-10
pjp
#else /* not linux */
0066
2020-04-10
pjp
#include <sys/queue.h>
0067
2020-04-10
pjp
#include <sys/tree.h>
0068
2020-04-10
pjp
#ifdef __FreeBSD__
0069
2020-04-10
pjp
#include "imsg.h"
0070
2020-04-10
pjp
#else
0071
2020-04-10
pjp
#include <imsg.h>
0072
2020-04-10
pjp
#endif /* __FreeBSD__ */
0073
2020-04-10
pjp
#endif /* __linux__ */
0074
2020-04-10
pjp
0075
2020-04-10
pjp
#ifndef NTOHS
0076
2020-04-10
pjp
#include "endian.h"
0077
2020-04-10
pjp
#endif
0078
2020-04-10
pjp
0079
2020-04-10
pjp
#include <openssl/bn.h>
0080
2020-04-10
pjp
#include <openssl/obj_mac.h>
0081
2020-04-10
pjp
#include <openssl/rsa.h>
0082
2020-04-10
pjp
#include <openssl/err.h>
0083
2020-04-10
pjp
#include <openssl/sha.h>
0084
2020-04-10
pjp
#include <openssl/ec.h>
0085
2020-04-10
pjp
#include <openssl/ecdsa.h>
0086
2020-04-10
pjp
0087
2020-04-10
pjp
#include <openssl/evp.h>
0088
2020-04-10
pjp
#include <openssl/hmac.h>
0089
2020-04-10
pjp
0090
2020-04-10
pjp
#include "ddd-dns.h"
0091
2020-04-10
pjp
#include "ddd-db.h"
0092
2020-04-10
pjp
#include "ddd-config.h"
0093
2020-04-10
pjp
0094
2020-04-10
pjp
0095
2020-04-10
pjp
SLIST_HEAD(, keysentry) keyshead;
0096
2020-04-10
pjp
0097
2020-04-10
pjp
static struct keysentry {
0098
2020-04-10
pjp
char *keyname;
0099
2020-04-10
pjp
uint32_t pid;
0100
2020-04-10
pjp
int sign;
0101
2020-04-10
pjp
int type;
0102
2020-04-10
pjp
0103
2020-04-10
pjp
/* key material in this struct */
0104
2020-04-10
pjp
char *key;
0105
2020-04-10
pjp
char *zone;
0106
2020-04-10
pjp
uint32_t ttl;
0107
2020-04-10
pjp
uint16_t flags;
0108
2020-04-10
pjp
uint8_t protocol;
0109
2020-04-10
pjp
uint8_t algorithm;
0110
2020-04-10
pjp
int keyid;
0111
2020-04-10
pjp
0112
2020-04-10
pjp
/* private key RSA */
0113
2020-04-10
pjp
BIGNUM *rsan;
0114
2020-04-10
pjp
BIGNUM *rsae;
0115
2020-04-10
pjp
BIGNUM *rsad;
0116
2020-04-10
pjp
BIGNUM *rsap;
0117
2020-04-10
pjp
BIGNUM *rsaq;
0118
2020-04-10
pjp
BIGNUM *rsadmp1;
0119
2020-04-10
pjp
BIGNUM *rsadmq1;
0120
2020-04-10
pjp
BIGNUM *rsaiqmp;
0121
2020-04-10
pjp
0122
2020-04-10
pjp
/* private key Elliptic Curve */
0123
2020-04-10
pjp
0124
2020-04-10
pjp
BIGNUM *ecprivate;
0125
2020-04-10
pjp
0126
2020-04-10
pjp
SLIST_ENTRY(keysentry) keys_entry;
0127
2020-04-10
pjp
} *kn, *knp;
0128
2020-04-10
pjp
0129
2020-04-11
pjp
u_int64_t expiredon, signedon;
0130
2020-04-10
pjp
0131
2020-04-10
pjp
/* prototypes */
0132
2020-04-10
pjp
0133
2020-04-10
pjp
int add_dnskey(ddDB *);
0134
2020-04-10
pjp
char * parse_keyfile(int, uint32_t *, uint16_t *, uint8_t *, uint8_t *, char *, int *);
0135
2020-04-10
pjp
char * key2zone(char *, uint32_t *, uint16_t *, uint8_t *, uint8_t *, char *, int *);
0136
2020-04-10
pjp
char * get_key(struct keysentry *,uint32_t *, uint16_t *, uint8_t *, uint8_t *, char *, int, int *);
0137
2020-04-10
pjp
0138
2020-04-10
pjp
char * create_key(char *, int, int, int, int, uint32_t *);
0139
2020-04-10
pjp
char * create_key_rsa(char *, int, int, int, int, uint32_t *);
0140
2020-04-10
pjp
char * create_key_ec(char *, int, int, int, int, uint32_t *);
0141
2020-04-10
pjp
int create_key_ec_getpid(EC_KEY *, EC_GROUP *, EC_POINT *, int, int);
0142
2020-04-10
pjp
0143
2020-04-10
pjp
char * alg_to_name(int);
0144
2020-04-10
pjp
int alg_to_rsa(int);
0145
2020-04-10
pjp
0146
2020-04-10
pjp
int construct_nsec3(ddDB *, char *, int, char *);
0147
2020-04-10
pjp
int calculate_rrsigs(ddDB *, char *, int, int);
0148
2020-04-10
pjp
0149
2020-07-23
pjp
static int sign_hinfo(ddDB *, char *, int, struct rbtree *, int);
0150
2020-07-23
pjp
static int sign_rp(ddDB *, char *, int, struct rbtree *, int);
0151
2020-07-23
pjp
static int sign_caa(ddDB *, char *, int, struct rbtree *, int);
0152
2020-04-10
pjp
static int sign_dnskey(ddDB *, char *, int, struct rbtree *, int);
0153
2020-04-10
pjp
static int sign_a(ddDB *, char *, int, struct rbtree *, int);
0154
2020-04-10
pjp
static int sign_mx(ddDB *, char *, int, struct rbtree *, int);
0155
2020-04-10
pjp
static int sign_ns(ddDB *, char *, int, struct rbtree *, int);
0156
2020-04-10
pjp
static int sign_srv(ddDB *, char *, int, struct rbtree *, int);
0157
2020-04-10
pjp
static int sign_cname(ddDB *, char *, int, struct rbtree *, int);
0158
2020-04-10
pjp
static int sign_soa(ddDB *, char *, int, struct rbtree *, int);
0159
2020-04-10
pjp
static int sign_txt(ddDB *, char *, int, struct rbtree *, int);
0160
2020-04-10
pjp
static int sign_aaaa(ddDB *, char *, int, struct rbtree *, int);
0161
2020-04-10
pjp
static int sign_ptr(ddDB *, char *, int, struct rbtree *, int);
0162
2020-04-10
pjp
static int sign_nsec3(ddDB *, char *, int, struct rbtree *, int);
0163
2020-04-10
pjp
static int sign_nsec3param(ddDB *, char *, int, struct rbtree *, int);
0164
2020-04-10
pjp
static int sign_naptr(ddDB *, char *, int, struct rbtree *, int);
0165
2020-04-10
pjp
static int sign_sshfp(ddDB *, char *, int, struct rbtree *, int);
0166
2020-04-10
pjp
static int sign_tlsa(ddDB *, char *, int, struct rbtree *, int);
0167
2020-04-10
pjp
static int sign_ds(ddDB *, char *, int, struct rbtree *, int);
0168
2020-04-10
pjp
0169
2020-04-10
pjp
int sign(int, char *, int, struct keysentry *, char *, int *);
0170
2020-04-10
pjp
int create_ds(ddDB *, char *, struct keysentry *);
0171
2020-04-10
pjp
u_int keytag(u_char *key, u_int keysize);
0172
2020-04-10
pjp
u_int dnskey_keytag(struct dnskey *dnskey);
0173
2020-04-10
pjp
void free_private_key(struct keysentry *);
0174
2020-04-10
pjp
RSA * get_private_key_rsa(struct keysentry *);
0175
2020-04-10
pjp
EC_KEY * get_private_key_ec(struct keysentry *);
0176
2020-04-10
pjp
int store_private_key(struct keysentry *, char *, int, int);
0177
2020-04-10
pjp
int print_rbt(FILE *, struct rbtree *);
0178
2020-04-10
pjp
int print_rbt_bind(FILE *, struct rbtree *);
0179
2020-04-10
pjp
int signmain(int argc, char *argv[]);
0180
2020-04-10
pjp
void init_keys(void);
0181
2020-04-10
pjp
uint32_t getkeypid(char *);
0182
2020-04-10
pjp
void update_soa_serial(ddDB *, char *, time_t);
0183
2020-04-10
pjp
void debug_bindump(const char *, int);
0184
2020-04-10
pjp
int dump_db(ddDB *, FILE *, char *);
0185
2020-04-10
pjp
int notglue(ddDB *, struct rbtree *, char *);
0186
2020-04-10
pjp
char * dnskey_wire_rdata(struct rr *, int *);
0187
2020-04-10
pjp
0188
2020-04-10
pjp
#if OPENSSL_VERSION_NUMBER < 0x10100000L
0189
2020-04-10
pjp
0190
2020-04-10
pjp
BN_GENCB * BN_GENCB_new(void);
0191
2020-04-10
pjp
void BN_GENCB_free(BN_GENCB *);
0192
2020-04-10
pjp
0193
2020-04-10
pjp
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
0194
2020-04-10
pjp
int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
0195
2020-04-10
pjp
int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
0196
2020-04-10
pjp
0197
2020-04-10
pjp
void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
0198
2020-04-10
pjp
void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
0199
2020-04-10
pjp
void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
0200
2020-04-10
pjp
#endif
0201
2020-04-10
pjp
0202
2020-04-10
pjp
extern int debug;
0203
2020-04-10
pjp
extern int verbose;
0204
2020-04-10
pjp
extern int bytes_received;
0205
2020-04-10
pjp
extern int notify;
0206
2020-07-16
pjp
extern int passlist;
0207
2020-04-10
pjp
extern int bcount;
0208
2020-04-10
pjp
extern char *bind_list[255];
0209
2020-04-10
pjp
extern char *interface_list[255];
0210
2020-04-10
pjp
extern int bflag;
0211
2020-04-10
pjp
extern int ratelimit_packets_per_second;
0212
2020-04-10
pjp
extern int ratelimit;
0213
2020-04-10
pjp
extern int nflag;
0214
2020-04-10
pjp
extern int iflag;
0215
2020-04-10
pjp
extern int lflag;
0216
2020-04-10
pjp
extern int icount;
0217
2020-04-10
pjp
extern int vslen;
0218
2020-04-10
pjp
extern char *versionstring;
0219
2020-04-10
pjp
0220
2020-04-10
pjp
/* externs */
0221
2020-04-10
pjp
0222
2020-04-10
pjp
extern void dolog(int pri, char *fmt, ...);
0223
2020-04-10
pjp
extern uint32_t unpack32(char *);
0224
2020-04-10
pjp
extern uint16_t unpack16(char *);
0225
2020-04-10
pjp
extern void unpack(char *, char *, int);
0226
2020-04-10
pjp
0227
2020-04-10
pjp
extern void pack(char *, char *, int);
0228
2020-04-10
pjp
extern void pack32(char *, u_int32_t);
0229
2020-04-10
pjp
extern void pack16(char *, u_int16_t);
0230
2020-04-10
pjp
extern void pack8(char *, u_int8_t);
0231
2020-07-06
pjp
extern int fill_dnskey(ddDB *,char *, char *, u_int32_t, u_int16_t, u_int8_t, u_int8_t, char *);
0232
2020-07-06
pjp
extern int fill_rrsig(ddDB *,char *, char *, u_int32_t, char *, u_int8_t, u_int8_t, u_int32_t, u_int64_t, u_int64_t, u_int16_t, char *, char *);
0233
2020-07-06
pjp
extern int fill_nsec3param(ddDB *, char *, char *, u_int32_t, u_int8_t, u_int8_t, u_int16_t, char *);
0234
2020-07-06
pjp
extern int fill_nsec3(ddDB *, char *, char *, u_int32_t, u_int8_t, u_int8_t, u_int16_t, char *, char *, char *);
0235
2020-04-10
pjp
extern char * convert_name(char *name, int namelen);
0236
2020-04-10
pjp
0237
2020-04-10
pjp
extern int mybase64_encode(u_char const *, size_t, char *, size_t);
0238
2020-04-10
pjp
extern int mybase64_decode(char const *, u_char *, size_t);
0239
2020-04-10
pjp
extern struct rbtree * Lookup_zone(ddDB *, char *, int, int, int);
0240
2020-04-10
pjp
extern struct question *build_fake_question(char *, int, u_int16_t, char *, int);
0241
2020-04-10
pjp
extern char * dns_label(char *, int *);
0242
2020-04-10
pjp
extern int label_count(char *);
0243
2020-04-10
pjp
extern char *get_dns_type(int, int);
0244
2020-04-10
pjp
extern char * hash_name(char *, int, struct nsec3param *);
0245
2020-04-10
pjp
extern char * base32hex_encode(u_char *input, int len);
0246
2020-04-10
pjp
extern int init_entlist(ddDB *);
0247
2020-04-10
pjp
extern int check_ent(char *, int);
0248
2020-04-10
pjp
extern struct question *build_question(char *, int, int, char *);
0249
2020-04-10
pjp
struct rrtab *rrlookup(char *);
0250
2020-04-10
pjp
0251
2020-04-10
pjp
extern struct rbtree * find_rrset(ddDB *db, char *name, int len);
0252
2020-04-10
pjp
extern struct rrset * find_rr(struct rbtree *rbt, u_int16_t rrtype);
0253
2020-04-10
pjp
extern int add_rr(struct rbtree *rbt, char *name, int len, u_int16_t rrtype, void *rdata);
0254
2020-04-10
pjp
extern char * bin2hex(char *, int);
0255
2020-04-10
pjp
extern u_int64_t timethuman(time_t);
0256
2020-04-10
pjp
extern char * bitmap2human(char *, int);
0257
2020-04-10
pjp
extern int memcasecmp(u_char *, u_char *, int);
0258
2020-04-10
pjp
0259
2020-04-10
pjp
extern int insert_axfr(char *, char *);
0260
2020-04-10
pjp
extern int insert_filter(char *, char *);
0261
2020-07-16
pjp
extern int insert_passlist(char *, char *);
0262
2020-06-25
pjp
extern int insert_notifyddd(char *, char *);
0263
2020-04-10
pjp
0264
2020-04-10
pjp
extern int dnssec;
0265
2020-04-10
pjp
extern int tsig;
0266
2020-04-10
pjp
0267
2020-04-10
pjp
/* Aliases */
0268
2020-04-10
pjp
0269
2020-04-10
pjp
#define ROLLOVER_METHOD_PRE_PUBLICATION 0
0270
2020-04-10
pjp
#define ROLLOVER_METHOD_DOUBLE_SIGNATURE 1
0271
2020-04-10
pjp
0272
2020-04-10
pjp
#define KEYTYPE_NONE 0
0273
2020-04-10
pjp
#define KEYTYPE_KSK 1
0274
2020-04-10
pjp
#define KEYTYPE_ZSK 2
0275
2020-04-10
pjp
0276
2020-04-10
pjp
#define SCHEME_OFF 0
0277
2020-04-10
pjp
#define SCHEME_YYYY 1
0278
2020-04-10
pjp
#define SCHEME_TSTAMP 2
0279
2020-04-10
pjp
0280
2020-04-10
pjp
#define ALGORITHM_RSASHA1_NSEC3_SHA1 7 /* rfc 5155 */
0281
2020-04-10
pjp
#define ALGORITHM_RSASHA256 8 /* rfc 5702 */
0282
2020-04-10
pjp
#define ALGORITHM_RSASHA512 10 /* rfc 5702 */
0283
2020-04-10
pjp
#define ALGORITHM_ECDSAP256SHA256 13 /* rfc 6605 */
0284
2020-04-10
pjp
0285
2020-04-10
pjp
#define RSA_F5 0x100000001
0286
2020-04-10
pjp
0287
2020-04-10
pjp
#define PROVIDED_SIGNTIME 0
0288
2020-04-10
pjp
#define SIGNEDON 20161230073133
0289
2020-04-10
pjp
#define EXPIREDON 20170228073133
0290
2020-04-10
pjp
0291
2020-04-10
pjp
#define SIGNEDON_DRIFT (14 * 86400)
0292
2020-04-10
pjp
#define DEFAULT_EXPIRYTIME (60 * 86400)
0293
2020-04-10
pjp
0294
2020-04-10
pjp
#define DEFAULT_TTL 3600
0295
2020-04-10
pjp
#define DEFAULT_BITS 3072
0296
2020-04-10
pjp
0297
2020-04-10
pjp
/* define masks */
0298
2020-04-10
pjp
0299
2020-04-10
pjp
#define MASK_PARSE_BINDFILE 0x1
0300
2020-04-10
pjp
#define MASK_PARSE_FILE 0x2
0301
2020-04-10
pjp
#define MASK_ADD_DNSKEY 0x4
0302
2020-04-10
pjp
#define MASK_CONSTRUCT_NSEC3 0x8
0303
2020-04-10
pjp
#define MASK_CALCULATE_RRSIGS 0x10
0304
2020-04-10
pjp
#define MASK_CREATE_DS 0x20
0305
2020-04-10
pjp
#define MASK_DUMP_DB 0x40
0306
2020-04-10
pjp
#define MASK_DUMP_BIND 0x80
0307
2020-04-10
pjp
0308
2020-04-10
pjp
0309
2020-04-10
pjp
/*
0310
2020-04-10
pjp
* SIGNMAIN - the heart of dddctl sign ...
0311
2020-04-10
pjp
*/
0312
2020-04-10
pjp
0313
2020-04-10
pjp
int
0314
2020-04-10
pjp
signmain(int argc, char *argv[])
0315
2020-04-10
pjp
{
0316
2020-04-10
pjp
FILE *of = stdout;
0317
2020-04-10
pjp
struct stat sb;
0318
2020-04-10
pjp
0319
2020-04-10
pjp
int ch;
0320
2020-04-10
pjp
int bits = DEFAULT_BITS;
0321
2020-04-10
pjp
int ttl = DEFAULT_TTL;
0322
2020-04-10
pjp
int create_zsk = 0;
0323
2020-04-10
pjp
int create_ksk = 0;
0324
2020-04-10
pjp
int rollmethod = ROLLOVER_METHOD_PRE_PUBLICATION;
0325
2020-04-10
pjp
int algorithm = ALGORITHM_ECDSAP256SHA256;
0326
2020-04-10
pjp
int expiry = DEFAULT_EXPIRYTIME;
0327
2020-04-10
pjp
int iterations = 10;
0328
2020-04-10
pjp
u_int32_t mask = (MASK_PARSE_FILE | MASK_ADD_DNSKEY | MASK_CONSTRUCT_NSEC3 | MASK_CALCULATE_RRSIGS | MASK_CREATE_DS | MASK_DUMP_DB);
0329
2020-04-10
pjp
0330
2020-04-10
pjp
char *salt = "-";
0331
2020-04-10
pjp
char *zonefile = NULL;
0332
2020-04-10
pjp
char *zonename = NULL;
0333
2020-04-10
pjp
char *ep;
0334
2020-04-10
pjp
0335
2020-04-10
pjp
int ksk_key = 0, zsk_key = 0;
0336
2020-04-10
pjp
int numkeys = 0, search = 0;
0337
2020-04-10
pjp
0338
2020-04-10
pjp
int numksk = 0, numzsk = 0;
0339
2020-04-10
pjp
0340
2020-04-10
pjp
uint32_t pid = -1, newpid;
0341
2020-04-10
pjp
0342
2020-04-10
pjp
char key_key[4096];
0343
2020-04-10
pjp
char buf[512];
0344
2020-04-10
pjp
char *key_zone;
0345
2020-04-10
pjp
uint32_t key_ttl;
0346
2020-04-10
pjp
uint16_t key_flags;
0347
2020-04-10
pjp
uint8_t key_protocol;
0348
2020-04-10
pjp
uint8_t key_algorithm;
0349
2020-04-10
pjp
int key_keyid;
0350
2020-04-10
pjp
0351
2020-04-10
pjp
ddDB *db;
0352
2020-04-10
pjp
0353
2020-04-10
pjp
time_t now, serial = 0;
0354
2020-04-10
pjp
struct tm *tm;
0355
2020-04-10
pjp
uint32_t parseflags = PARSEFILE_FLAG_NOSOCKET;
0356
2020-04-10
pjp
0357
2020-04-10
pjp
#if __OpenBSD__
0358
2020-04-10
pjp
if (pledge("stdio rpath wpath cpath", NULL) < 0) {
0359
2020-04-10
pjp
perror("pledge");
0360
2020-04-10
pjp
exit(1);
0361
2020-04-10
pjp
}
0362
2020-04-10
pjp
#endif
0363
2020-04-10
pjp
0364
2020-04-10
pjp
0365
2020-04-10
pjp
while ((ch = getopt(argc, argv, "a:B:e:hI:i:Kk:m:n:o:R:S:s:t:vXx:Zz:")) != -1) {
0366
2020-04-10
pjp
switch (ch) {
0367
2020-04-10
pjp
case 'a':
0368
2020-04-10
pjp
/* algorithm */
0369
2020-04-10
pjp
algorithm = atoi(optarg);
0370
2020-04-10
pjp
break;
0371
2020-04-10
pjp
0372
2020-04-10
pjp
case 'B':
0373
2020-04-10
pjp
/* bits */
0374
2020-04-10
pjp
0375
2020-04-10
pjp
bits = atoi(optarg);
0376
2020-04-10
pjp
break;
0377
2020-04-10
pjp
case 'e':
0378
2020-04-10
pjp
/* expiry */
0379
2020-04-10
pjp
0380
2020-04-10
pjp
expiry = atoi(optarg);
0381
2020-04-10
pjp
break;
0382
2020-04-10
pjp
0383
2020-04-10
pjp
case 'I':
0384
2020-04-10
pjp
/* NSEC3 iterations */
0385
2020-04-10
pjp
iterations = atoi(optarg);
0386
2020-04-10
pjp
break;
0387
2020-04-10
pjp
0388
2020-04-10
pjp
case 'i':
0389
2020-04-10
pjp
/* inputfile */
0390
2020-04-10
pjp
zonefile = optarg;
0391
2020-04-10
pjp
0392
2020-04-10
pjp
break;
0393
2020-04-10
pjp
0394
2020-04-10
pjp
case 'K':
0395
2020-04-10
pjp
/* create KSK key */
0396
2020-04-10
pjp
create_ksk = 1;
0397
2020-04-10
pjp
0398
2020-04-10
pjp
break;
0399
2020-04-10
pjp
0400
2020-04-10
pjp
case 'k':
0401
2020-04-10
pjp
/* use KSK key */
0402
2020-04-10
pjp
kn = malloc(sizeof(struct keysentry));
0403
2020-04-10
pjp
if (kn == NULL) {
0404
2020-04-10
pjp
perror("malloc");
0405
2020-04-10
pjp
exit(1);
0406
2020-04-10
pjp
}
0407
2020-04-10
pjp
kn->keyname = strdup(optarg);
0408
2020-04-10
pjp
if (kn->keyname == NULL) {
0409
2020-04-10
pjp
perror("strdup");
0410
2020-04-10
pjp
exit(1);
0411
2020-04-10
pjp
}
0412
2020-04-10
pjp
kn->type = KEYTYPE_KSK;
0413
2020-04-10
pjp
kn->pid = getkeypid(kn->keyname);
0414
2020-04-10
pjp
#if DEBUG
0415
2020-04-10
pjp
printf("opened %s with pid %u\n", kn->keyname, kn->pid);
0416
2020-04-10
pjp
#endif
0417
2020-04-10
pjp
kn->sign = 0;
0418
2020-04-10
pjp
ksk_key = 1;
0419
2020-04-10
pjp
0420
2020-04-10
pjp
if ((key_zone = key2zone(kn->keyname, &key_ttl, &key_flags, &key_protocol, &key_algorithm, (char *)&key_key, &key_keyid)) == NULL) {
0421
2020-04-10
pjp
perror("key2zone");
0422
2020-04-10
pjp
exit(1);
0423
2020-04-10
pjp
}
0424
2020-04-10
pjp
0425
2020-04-10
pjp
kn->zone = strdup(key_zone);
0426
2020-04-10
pjp
if (kn->zone == NULL) {
0427
2020-04-10
pjp
perror("strdup");
0428
2020-04-10
pjp
exit(1);
0429
2020-04-10
pjp
}
0430
2020-04-10
pjp
kn->ttl = key_ttl;
0431
2020-04-10
pjp
kn->flags = key_flags;
0432
2020-04-10
pjp
kn->protocol = key_protocol;
0433
2020-04-10
pjp
kn->algorithm = key_algorithm;
0434
2020-04-10
pjp
kn->key = strdup(key_key);
0435
2020-04-10
pjp
if (kn->key == NULL) {
0436
2020-04-10
pjp
perror("strdup kn->key");
0437
2020-04-10
pjp
exit(1);
0438
2020-04-10
pjp
}
0439
2020-04-10
pjp
kn->keyid = key_keyid;
0440
2020-04-10
pjp
0441
2020-04-10
pjp
if (store_private_key(kn, kn->zone, kn->keyid, kn->algorithm) < 0) {
0442
2020-04-10
pjp
perror("store_private_key");
0443
2020-04-10
pjp
exit(1);
0444
2020-04-10
pjp
}
0445
2020-04-10
pjp
0446
2020-04-10
pjp
SLIST_INSERT_HEAD(&keyshead, kn, keys_entry);
0447
2020-04-10
pjp
numkeys++;
0448
2020-04-10
pjp
numksk++;
0449
2020-04-10
pjp
0450
2020-04-10
pjp
break;
0451
2020-04-10
pjp
0452
2020-04-10
pjp
case 'm':
0453
2020-04-10
pjp
/* mask */
0454
2020-04-10
pjp
mask = strtoull(optarg, &ep, 16);
0455
2020-04-10
pjp
break;
0456
2020-04-10
pjp
0457
2020-04-10
pjp
case 'n':
0458
2020-04-10
pjp
0459
2020-04-10
pjp
/* zone name */
0460
2020-04-10
pjp
zonename = optarg;
0461
2020-04-10
pjp
0462
2020-04-10
pjp
break;
0463
2020-04-10
pjp
0464
2020-04-10
pjp
case 'o':
0465
2020-04-10
pjp
/* output file */
0466
2020-04-10
pjp
if (optarg[0] == '-')
0467
2020-04-10
pjp
break;
0468
2020-04-10
pjp
0469
2020-04-10
pjp
errno = 0;
0470
2020-04-10
pjp
if (lstat(optarg, &sb) < 0 && errno != ENOENT) {
0471
2020-04-10
pjp
perror("lstat");
0472
2020-04-10
pjp
exit(1);
0473
2020-04-10
pjp
}
0474
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
0475
2020-04-10
pjp
fprintf(stderr, "%s is not a file!\n", optarg);
0476
2020-04-10
pjp
exit(1);
0477
2020-04-10
pjp
}
0478
2020-04-10
pjp
if ((of = fopen(optarg, "w")) == NULL) {
0479
2020-04-10
pjp
perror("fopen");
0480
2020-04-10
pjp
exit(1);
0481
2020-04-10
pjp
}
0482
2020-04-10
pjp
0483
2020-04-10
pjp
break;
0484
2020-04-10
pjp
case 'R':
0485
2020-04-10
pjp
/* rollover method see RFC 7583 section 2.1 */
0486
2020-04-10
pjp
if (strcmp(optarg, "prep") == 0) {
0487
2020-04-10
pjp
rollmethod = ROLLOVER_METHOD_PRE_PUBLICATION;
0488
2020-04-10
pjp
} else if (strcmp(optarg, "double") == 0) {
0489
2020-04-10
pjp
rollmethod = ROLLOVER_METHOD_DOUBLE_SIGNATURE;
0490
2020-04-10
pjp
}
0491
2020-04-10
pjp
0492
2020-04-10
pjp
break;
0493
2020-04-10
pjp
0494
2020-04-10
pjp
case 'S':
0495
2020-04-10
pjp
pid = atoi(optarg);
0496
2020-04-10
pjp
0497
2020-04-10
pjp
break;
0498
2020-04-10
pjp
0499
2020-04-10
pjp
case 's':
0500
2020-04-10
pjp
/* salt */
0501
2020-04-10
pjp
salt = optarg;
0502
2020-04-10
pjp
break;
0503
2020-04-10
pjp
0504
2020-04-10
pjp
case 't':
0505
2020-04-10
pjp
0506
2020-04-10
pjp
/* ttl of the zone */
0507
2020-04-10
pjp
ttl = atoi(optarg);
0508
2020-04-10
pjp
0509
2020-04-10
pjp
break;
0510
2020-04-10
pjp
0511
2020-04-10
pjp
case 'v':
0512
2020-04-10
pjp
/* version */
0513
2020-04-10
pjp
0514
2020-04-10
pjp
printf("%s\n", DD_CONVERT_VERSION);
0515
2020-04-10
pjp
exit(0);
0516
2020-04-10
pjp
0517
2020-04-10
pjp
case 'X':
0518
2020-04-10
pjp
/* update serial */
0519
2020-04-10
pjp
now = time(NULL);
0520
2020-04-10
pjp
tm = localtime(&now);
0521
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d01", tm);
0522
2020-04-10
pjp
serial = atoll(buf);
0523
2020-04-10
pjp
break;
0524
2020-04-10
pjp
0525
2020-04-10
pjp
case 'x':
0526
2020-04-10
pjp
serial = atoll(optarg);
0527
2020-04-10
pjp
break;
0528
2020-04-10
pjp
0529
2020-04-10
pjp
case 'Z':
0530
2020-04-10
pjp
/* create ZSK */
0531
2020-04-10
pjp
create_zsk = 1;
0532
2020-04-10
pjp
break;
0533
2020-04-10
pjp
0534
2020-04-10
pjp
case 'z':
0535
2020-04-10
pjp
/* use ZSK */
0536
2020-04-10
pjp
kn = malloc(sizeof(struct keysentry));
0537
2020-04-10
pjp
if (kn == NULL) {
0538
2020-04-10
pjp
perror("malloc");
0539
2020-04-10
pjp
exit(1);
0540
2020-04-10
pjp
}
0541
2020-04-10
pjp
kn->keyname = strdup(optarg);
0542
2020-04-10
pjp
if (kn->keyname == NULL) {
0543
2020-04-10
pjp
perror("strdup");
0544
2020-04-10
pjp
exit(1);
0545
2020-04-10
pjp
}
0546
2020-04-10
pjp
kn->type = KEYTYPE_ZSK;
0547
2020-04-10
pjp
kn->pid = getkeypid(kn->keyname);
0548
2020-04-10
pjp
#if DEBUG
0549
2020-04-10
pjp
printf("opened %s with pid %u\n", kn->keyname, kn->pid);
0550
2020-04-10
pjp
#endif
0551
2020-04-10
pjp
kn->sign = 0;
0552
2020-04-10
pjp
zsk_key = 1;
0553
2020-04-10
pjp
0554
2020-04-10
pjp
if ((key_zone = key2zone(kn->keyname, &key_ttl, &key_flags, &key_protocol, &key_algorithm, (char *)&key_key, &key_keyid)) == NULL) {
0555
2020-04-10
pjp
perror("key2zone");
0556
2020-04-10
pjp
exit(1);
0557
2020-04-10
pjp
}
0558
2020-04-10
pjp
0559
2020-04-10
pjp
kn->zone = strdup(key_zone);
0560
2020-04-10
pjp
if (kn->zone == NULL) {
0561
2020-04-10
pjp
perror("strdup");
0562
2020-04-10
pjp
exit(1);
0563
2020-04-10
pjp
}
0564
2020-04-10
pjp
kn->ttl = key_ttl;
0565
2020-04-10
pjp
kn->flags = key_flags;
0566
2020-04-10
pjp
kn->protocol = key_protocol;
0567
2020-04-10
pjp
kn->algorithm = key_algorithm;
0568
2020-04-10
pjp
kn->key = strdup(key_key);
0569
2020-04-10
pjp
if (kn->key == NULL) {
0570
2020-04-10
pjp
perror("strdup kn->key");
0571
2020-04-10
pjp
exit(1);
0572
2020-04-10
pjp
}
0573
2020-04-10
pjp
kn->keyid = key_keyid;
0574
2020-04-10
pjp
0575
2020-04-10
pjp
if (store_private_key(kn, kn->zone, kn->keyid, kn->algorithm) < 0) {
0576
2020-04-10
pjp
perror("store_private_key");
0577
2020-04-10
pjp
exit(1);
0578
2020-04-10
pjp
}
0579
2020-04-10
pjp
0580
2020-04-10
pjp
0581
2020-04-10
pjp
SLIST_INSERT_HEAD(&keyshead, kn, keys_entry);
0582
2020-04-10
pjp
numkeys++;
0583
2020-04-10
pjp
numzsk++;
0584
2020-04-10
pjp
0585
2020-04-10
pjp
break;
0586
2020-04-10
pjp
}
0587
2020-04-10
pjp
0588
2020-04-10
pjp
}
0589
2020-04-10
pjp
0590
2020-04-10
pjp
0591
2020-04-10
pjp
if (zonename == NULL) {
0592
2020-04-10
pjp
fprintf(stderr, "must provide a zonename with the -n flag\n");
0593
2020-04-10
pjp
exit(1);
0594
2020-04-10
pjp
}
0595
2020-04-10
pjp
0596
2020-04-10
pjp
if (create_ksk) {
0597
2020-04-10
pjp
kn = malloc(sizeof(struct keysentry));
0598
2020-04-10
pjp
if (kn == NULL) {
0599
2020-04-10
pjp
perror("malloc");
0600
2020-04-10
pjp
exit(1);
0601
2020-04-10
pjp
}
0602
2020-04-10
pjp
0603
2020-04-10
pjp
dolog(LOG_INFO, "creating new KSK (257) algorithm: %s with %d bits, pid ", alg_to_name(algorithm), bits);
0604
2020-04-10
pjp
kn->keyname = create_key(zonename, ttl, 257, algorithm, bits, &newpid);
0605
2020-04-10
pjp
if (kn->keyname == NULL) {
0606
2020-04-10
pjp
dolog(LOG_ERR, "failed.\n");
0607
2020-04-10
pjp
exit(1);
0608
2020-04-10
pjp
}
0609
2020-04-10
pjp
0610
2020-04-10
pjp
kn->type = KEYTYPE_KSK;
0611
2020-04-10
pjp
kn->pid = newpid;
0612
2020-04-10
pjp
kn->sign = 0;
0613
2020-04-10
pjp
ksk_key = 1;
0614
2020-04-10
pjp
0615
2020-04-10
pjp
dolog(LOG_INFO, "%d.\n", newpid);
0616
2020-04-10
pjp
0617
2020-04-10
pjp
if ((key_zone = key2zone(kn->keyname, &key_ttl, &key_flags, &key_protocol, &key_algorithm, (char *)&key_key, &key_keyid)) == NULL) {
0618
2020-04-10
pjp
perror("key2zone");
0619
2020-04-10
pjp
exit(1);
0620
2020-04-10
pjp
}
0621
2020-04-10
pjp
0622
2020-04-10
pjp
kn->zone = strdup(key_zone);
0623
2020-04-10
pjp
if (kn->zone == NULL) {
0624
2020-04-10
pjp
perror("strdup");
0625
2020-04-10
pjp
exit(1);
0626
2020-04-10
pjp
}
0627
2020-04-10
pjp
kn->ttl = key_ttl;
0628
2020-04-10
pjp
kn->flags = key_flags;
0629
2020-04-10
pjp
kn->protocol = key_protocol;
0630
2020-04-10
pjp
kn->algorithm = key_algorithm;
0631
2020-04-10
pjp
kn->key = strdup(key_key);
0632
2020-04-10
pjp
if (kn->key == NULL) {
0633
2020-04-10
pjp
perror("strdup kn->key");
0634
2020-04-10
pjp
exit(1);
0635
2020-04-10
pjp
}
0636
2020-04-10
pjp
kn->keyid = key_keyid;
0637
2020-04-10
pjp
0638
2020-04-10
pjp
0639
2020-04-10
pjp
if (store_private_key(kn, kn->zone, kn->keyid, kn->algorithm) < 0) {
0640
2020-04-10
pjp
perror("store_private_key");
0641
2020-04-10
pjp
exit(1);
0642
2020-04-10
pjp
}
0643
2020-04-10
pjp
0644
2020-04-10
pjp
SLIST_INSERT_HEAD(&keyshead, kn, keys_entry);
0645
2020-04-10
pjp
numkeys++;
0646
2020-04-10
pjp
numksk++;
0647
2020-04-10
pjp
}
0648
2020-04-10
pjp
if (create_zsk) {
0649
2020-04-10
pjp
kn = malloc(sizeof(struct keysentry));
0650
2020-04-10
pjp
if (kn == NULL) {
0651
2020-04-10
pjp
perror("malloc");
0652
2020-04-10
pjp
exit(1);
0653
2020-04-10
pjp
}
0654
2020-04-10
pjp
dolog(LOG_INFO, "creating new ZSK (256) algorithm: %s with %d bits, pid ", alg_to_name(algorithm), bits);
0655
2020-04-10
pjp
kn->keyname = create_key(zonename, ttl, 256, algorithm, bits, &newpid);
0656
2020-04-10
pjp
if (kn->keyname == NULL) {
0657
2020-04-10
pjp
dolog(LOG_ERR, "failed.\n");
0658
2020-04-10
pjp
exit(1);
0659
2020-04-10
pjp
}
0660
2020-04-10
pjp
0661
2020-04-10
pjp
kn->type = KEYTYPE_ZSK;
0662
2020-04-10
pjp
kn->pid = newpid;
0663
2020-04-10
pjp
kn->sign = 0;
0664
2020-04-10
pjp
zsk_key = 1;
0665
2020-04-10
pjp
0666
2020-04-10
pjp
dolog(LOG_INFO, "%d.\n", newpid);
0667
2020-04-10
pjp
0668
2020-04-10
pjp
if ((key_zone = key2zone(kn->keyname, &key_ttl, &key_flags, &key_protocol, &key_algorithm, (char *)&key_key, &key_keyid)) == NULL) {
0669
2020-04-10
pjp
perror("key2zone");
0670
2020-04-10
pjp
exit(1);
0671
2020-04-10
pjp
}
0672
2020-04-10
pjp
0673
2020-04-10
pjp
kn->zone = strdup(key_zone);
0674
2020-04-10
pjp
if (kn->zone == NULL) {
0675
2020-04-10
pjp
perror("strdup");
0676
2020-04-10
pjp
exit(1);
0677
2020-04-10
pjp
}
0678
2020-04-10
pjp
kn->ttl = key_ttl;
0679
2020-04-10
pjp
kn->flags = key_flags;
0680
2020-04-10
pjp
kn->protocol = key_protocol;
0681
2020-04-10
pjp
kn->algorithm = key_algorithm;
0682
2020-04-10
pjp
kn->key = strdup(key_key);
0683
2020-04-10
pjp
if (kn->key == NULL) {
0684
2020-04-10
pjp
perror("strdup kn->key");
0685
2020-04-10
pjp
exit(1);
0686
2020-04-10
pjp
}
0687
2020-04-10
pjp
kn->keyid = key_keyid;
0688
2020-04-10
pjp
0689
2020-04-10
pjp
if (store_private_key(kn, kn->zone, kn->keyid, kn->algorithm) < 0) {
0690
2020-04-10
pjp
perror("store_private_key");
0691
2020-04-10
pjp
exit(1);
0692
2020-04-10
pjp
}
0693
2020-04-10
pjp
0694
2020-04-10
pjp
0695
2020-04-10
pjp
SLIST_INSERT_HEAD(&keyshead, kn, keys_entry);
0696
2020-04-10
pjp
numkeys++;
0697
2020-04-10
pjp
numzsk++;
0698
2020-04-10
pjp
}
0699
2020-04-10
pjp
0700
2020-04-10
pjp
if (zonefile == NULL || zonename == NULL) {
0701
2020-04-10
pjp
if (create_zsk || create_ksk) {
0702
2020-04-10
pjp
fprintf(stderr, "key(s) created\n");
0703
2020-04-10
pjp
exit(0);
0704
2020-04-10
pjp
}
0705
2020-04-10
pjp
0706
2020-04-10
pjp
fprintf(stderr, "must provide a zonefile and a zonename!\n");
0707
2020-04-10
pjp
exit(1);
0708
2020-04-10
pjp
}
0709
2020-04-10
pjp
0710
2020-04-10
pjp
if (ksk_key == 0 || zsk_key == 0) {
0711
2020-04-10
pjp
dolog(LOG_INFO, "must specify both a ksk and a zsk key! or -z -k\n");
0712
2020-04-10
pjp
exit(1);
0713
2020-04-10
pjp
}
0714
2020-04-10
pjp
0715
2020-04-10
pjp
0716
2020-04-10
pjp
/* check what keys we sign or not */
0717
2020-04-10
pjp
if ((rollmethod == ROLLOVER_METHOD_PRE_PUBLICATION && numkeys > 3) ||
0718
2020-04-10
pjp
(rollmethod == ROLLOVER_METHOD_DOUBLE_SIGNATURE && numkeys > 4)) {
0719
2020-04-10
pjp
switch (rollmethod) {
0720
2020-04-10
pjp
case ROLLOVER_METHOD_PRE_PUBLICATION:
0721
2020-04-10
pjp
dolog(LOG_INFO, "rollover pre-publication method: can't roll-over more than 1 key at a time! numkeys > 3\n");
0722
2020-04-10
pjp
break;
0723
2020-04-10
pjp
case ROLLOVER_METHOD_DOUBLE_SIGNATURE:
0724
2020-04-10
pjp
dolog(LOG_INFO, "rollover double-signature method: can't roll-over more than 2 keys at a time! numkeys > 4\n");
0725
2020-04-10
pjp
break;
0726
2020-04-10
pjp
}
0727
2020-04-10
pjp
0728
2020-04-10
pjp
exit(1);
0729
2020-04-10
pjp
} else if ((numkeys > 2 && rollmethod == ROLLOVER_METHOD_DOUBLE_SIGNATURE) || numkeys == 2) {
0730
2020-04-10
pjp
#if 0
0731
2020-04-10
pjp
} else if (numkeys == 2) {
0732
2020-04-10
pjp
#endif
0733
2020-04-10
pjp
/* sign them all */
0734
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0735
2020-04-10
pjp
knp->sign = 1;
0736
2020-04-10
pjp
}
0737
2020-04-10
pjp
} else {
0738
2020-04-10
pjp
/* we can only be pre-publication method and have 3 keys now */
0739
2020-04-10
pjp
if (pid == -1) {
0740
2020-04-10
pjp
fprintf(stderr, "pre-publication rollover: you specified three keys, please select one for signing (with -S pid)!\n");
0741
2020-04-10
pjp
exit(1);
0742
2020-04-10
pjp
}
0743
2020-04-10
pjp
0744
2020-04-10
pjp
search = KEYTYPE_NONE;
0745
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0746
2020-04-10
pjp
if (knp->pid == pid) {
0747
2020-04-10
pjp
knp->sign = 1;
0748
2020-04-10
pjp
search = (knp->type == KEYTYPE_KSK) ? KEYTYPE_ZSK : KEYTYPE_KSK;
0749
2020-04-10
pjp
break;
0750
2020-04-10
pjp
}
0751
2020-04-10
pjp
}
0752
2020-04-10
pjp
0753
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0754
2020-04-10
pjp
if (search == knp->type && knp->sign == 0)
0755
2020-04-10
pjp
knp->sign = 1;
0756
2020-04-10
pjp
} /* SLIST_FOREACH */
0757
2020-04-10
pjp
} /* numkeys == 3 */
0758
2020-04-10
pjp
0759
2020-04-10
pjp
#if DEBUG
0760
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0761
2020-04-10
pjp
printf("%s pid: %u %s\n", knp->keyname, knp->pid, knp->sign ? "<--" : "" );
0762
2020-04-10
pjp
}
0763
2020-04-10
pjp
#endif
0764
2020-04-10
pjp
#if DEBUG
0765
2020-04-10
pjp
printf("zonefile is %s\n", zonefile);
0766
2020-04-10
pjp
#endif
0767
2020-04-10
pjp
0768
2020-04-10
pjp
/* open the database(s) */
0769
2020-04-10
pjp
db = dddbopen();
0770
2020-04-10
pjp
if (db == NULL) {
0771
2020-04-10
pjp
dolog(LOG_INFO, "dddbopen() failed\n");
0772
2020-04-10
pjp
exit(1);
0773
2020-04-10
pjp
}
0774
2020-04-10
pjp
0775
2020-04-10
pjp
/* now we start reading our configfile */
0776
2020-04-10
pjp
0777
2020-04-10
pjp
if ((mask & MASK_PARSE_FILE) && parse_file(db, zonefile, parseflags) < 0) {
0778
2020-04-10
pjp
dolog(LOG_INFO, "parsing config file failed\n");
0779
2020-04-10
pjp
exit(1);
0780
2020-04-10
pjp
}
0781
2020-04-10
pjp
0782
2020-04-10
pjp
/* create ENT list */
0783
2020-04-10
pjp
if (init_entlist(db) < 0) {
0784
2020-04-10
pjp
dolog(LOG_INFO, "creating entlist failed\n");
0785
2020-04-10
pjp
exit(1);
0786
2020-04-10
pjp
}
0787
2020-04-10
pjp
0788
2020-04-10
pjp
/* update any serial updates here */
0789
2020-04-10
pjp
if (serial)
0790
2020-04-10
pjp
update_soa_serial(db, zonename, serial);
0791
2020-04-10
pjp
0792
2020-04-10
pjp
/* three passes to "sign" our zones */
0793
2020-04-10
pjp
/* first pass, add dnskey records, on apex */
0794
2020-04-10
pjp
0795
2020-04-10
pjp
if ((mask & MASK_ADD_DNSKEY) && add_dnskey(db) < 0) {
0796
2020-04-10
pjp
dolog(LOG_INFO, "add_dnskey failed\n");
0797
2020-04-10
pjp
exit(1);
0798
2020-04-10
pjp
}
0799
2020-04-10
pjp
0800
2020-04-10
pjp
/* second pass construct NSEC3 records, including ENT's */
0801
2020-04-10
pjp
0802
2020-04-10
pjp
if ((mask & MASK_CONSTRUCT_NSEC3) && construct_nsec3(db, zonename, iterations, salt) < 0) {
0803
2020-04-10
pjp
dolog(LOG_INFO, "construct nsec3 failed\n");
0804
2020-04-10
pjp
exit(1);
0805
2020-04-10
pjp
}
0806
2020-04-10
pjp
0807
2020-04-10
pjp
/* third pass calculate RRSIG's for every RR set */
0808
2020-04-10
pjp
0809
2020-04-10
pjp
if ((mask & MASK_CALCULATE_RRSIGS) && calculate_rrsigs(db, zonename, expiry, rollmethod) < 0) {
0810
2020-04-10
pjp
dolog(LOG_INFO, "calculate rrsigs failed\n");
0811
2020-04-10
pjp
exit(1);
0812
2020-04-10
pjp
}
0813
2020-04-10
pjp
0814
2020-04-10
pjp
/* calculate ds */
0815
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0816
2020-04-10
pjp
if ((mask & MASK_CREATE_DS) && create_ds(db, zonename, knp) < 0) {
0817
2020-04-10
pjp
dolog(LOG_INFO, "create_ds failed\n");
0818
2020-04-10
pjp
exit(1);
0819
2020-04-10
pjp
}
0820
2020-04-10
pjp
}
0821
2020-04-10
pjp
0822
2020-04-10
pjp
/* free private keys */
0823
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0824
2020-04-10
pjp
free_private_key(knp);
0825
2020-04-10
pjp
}
0826
2020-04-10
pjp
0827
2020-04-10
pjp
/* write new zone file */
0828
2020-04-10
pjp
if ((mask & MASK_DUMP_DB) && dump_db(db, of, zonename) < 0)
0829
2020-04-10
pjp
exit (1);
0830
2020-04-10
pjp
0831
2020-04-10
pjp
0832
2020-04-10
pjp
exit(0);
0833
2020-04-10
pjp
}
0834
2020-04-10
pjp
0835
2020-04-10
pjp
0836
2020-04-10
pjp
int
0837
2020-04-10
pjp
add_dnskey(ddDB *db)
0838
2020-04-10
pjp
{
0839
2020-04-10
pjp
char key[4096];
0840
2020-04-10
pjp
char *zone;
0841
2020-04-10
pjp
uint32_t ttl;
0842
2020-04-10
pjp
uint16_t flags;
0843
2020-04-10
pjp
uint8_t protocol;
0844
2020-04-10
pjp
uint8_t algorithm;
0845
2020-04-10
pjp
int keyid;
0846
2020-04-10
pjp
0847
2020-04-10
pjp
/* first the zsk */
0848
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0849
2020-04-10
pjp
if (knp->type == KEYTYPE_ZSK) {
0850
2020-04-10
pjp
if ((zone = get_key(knp, &ttl, &flags, &protocol, &algorithm, (char *)&key, sizeof(key), &keyid)) == NULL) {
0851
2020-04-10
pjp
dolog(LOG_INFO, "get_key: %s\n", knp->keyname);
0852
2020-04-10
pjp
return -1;
0853
2020-04-10
pjp
}
0854
2020-07-06
pjp
if (fill_dnskey(db, zone, "dnskey", ttl, flags, protocol, algorithm, key) < 0) {
0855
2020-04-10
pjp
return -1;
0856
2020-04-10
pjp
}
0857
2020-04-10
pjp
} /* if ZSK */
0858
2020-04-10
pjp
} /* SLIST_FOREACH */
0859
2020-04-10
pjp
0860
2020-04-10
pjp
/* now the ksk */
0861
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0862
2020-04-10
pjp
if (knp->type == KEYTYPE_KSK) {
0863
2020-04-10
pjp
if ((zone = get_key(knp, &ttl, &flags, &protocol, &algorithm, (char *)&key, sizeof(key), &keyid)) == NULL) {
0864
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", knp->keyname);
0865
2020-04-10
pjp
return -1;
0866
2020-04-10
pjp
}
0867
2020-07-06
pjp
if (fill_dnskey(db, zone, "dnskey", ttl, flags, protocol, algorithm, key) < 0) {
0868
2020-04-10
pjp
return -1;
0869
2020-04-10
pjp
}
0870
2020-04-10
pjp
} /* if KSK */
0871
2020-04-10
pjp
} /* SLIST_FOREACH */
0872
2020-04-10
pjp
0873
2020-04-10
pjp
return 0;
0874
2020-04-10
pjp
}
0875
2020-04-10
pjp
0876
2020-04-10
pjp
char *
0877
2020-04-10
pjp
parse_keyfile(int fd, uint32_t *ttl, uint16_t *flags, uint8_t *protocol, uint8_t *algorithm, char *key, int *keyid)
0878
2020-04-10
pjp
{
0879
2020-04-10
pjp
static char retbuf[256];
0880
2020-04-10
pjp
char buf[8192];
0881
2020-04-10
pjp
char *p, *q;
0882
2020-04-10
pjp
FILE *f;
0883
2020-04-10
pjp
0884
2020-04-10
pjp
if ((f = fdopen(fd, "r")) == NULL)
0885
2020-04-10
pjp
return NULL;
0886
2020-04-10
pjp
0887
2020-04-10
pjp
while (fgets(buf, sizeof(buf), f) != NULL) {
0888
2020-04-10
pjp
if (buf[0] == ';') {
0889
2020-04-10
pjp
if ((p = strstr(buf, "keyid ")) != NULL) {
0890
2020-04-10
pjp
p += 6;
0891
2020-04-10
pjp
q = strchr(p, ' ');
0892
2020-04-10
pjp
if (q == NULL)
0893
2020-04-10
pjp
return NULL;
0894
2020-04-10
pjp
*q = '\0';
0895
2020-04-10
pjp
pack32((char *)keyid, atoi(p));
0896
2020-04-10
pjp
}
0897
2020-04-10
pjp
0898
2020-04-10
pjp
continue;
0899
2020-04-10
pjp
}
0900
2020-04-10
pjp
}
0901
2020-04-10
pjp
0902
2020-04-10
pjp
/* name */
0903
2020-04-10
pjp
p = &buf[0];
0904
2020-04-10
pjp
q = strchr(p, ' ');
0905
2020-04-10
pjp
if (q == NULL) {
0906
2020-04-10
pjp
return NULL;
0907
2020-04-10
pjp
}
0908
2020-04-10
pjp
0909
2020-04-10
pjp
*q++ = '\0';
0910
2020-04-10
pjp
0911
2020-04-10
pjp
strlcpy(retbuf, p, sizeof(retbuf));
0912
2020-04-10
pjp
/* ttl */
0913
2020-04-10
pjp
p = q;
0914
2020-04-10
pjp
0915
2020-04-10
pjp
q = strchr(p, ' ');
0916
2020-04-10
pjp
if (q == NULL)
0917
2020-04-10
pjp
return NULL;
0918
2020-04-10
pjp
0919
2020-04-10
pjp
*q++ = '\0';
0920
2020-04-10
pjp
*ttl = atoi(p);
0921
2020-04-10
pjp
/* IN/DNSKEY/ flags */
0922
2020-04-10
pjp
p = q;
0923
2020-04-10
pjp
q = strchr(p, ' ');
0924
2020-04-10
pjp
if (q == NULL)
0925
2020-04-10
pjp
return NULL;
0926
2020-04-10
pjp
q++;
0927
2020-04-10
pjp
p = q;
0928
2020-04-10
pjp
q = strchr(p, ' ');
0929
2020-04-10
pjp
if (q == NULL)
0930
2020-04-10
pjp
return NULL;
0931
2020-04-10
pjp
q++;
0932
2020-04-10
pjp
p = q;
0933
2020-04-10
pjp
q = strchr(p, ' ');
0934
2020-04-10
pjp
if (q == NULL)
0935
2020-04-10
pjp
return NULL;
0936
2020-04-10
pjp
*q++ = '\0';
0937
2020-04-10
pjp
*flags = atoi(p);
0938
2020-04-10
pjp
/* protocol */
0939
2020-04-10
pjp
p = q;
0940
2020-04-10
pjp
q = strchr(p, ' ');
0941
2020-04-10
pjp
if (q == NULL)
0942
2020-04-10
pjp
return NULL;
0943
2020-04-10
pjp
*q++ = '\0';
0944
2020-04-10
pjp
*protocol = atoi(p);
0945
2020-04-10
pjp
/* algorithm */
0946
2020-04-10
pjp
p = q;
0947
2020-04-10
pjp
q = strchr(p, ' ');
0948
2020-04-10
pjp
if (q == NULL)
0949
2020-04-10
pjp
return NULL;
0950
2020-04-10
pjp
*q++ = '\0';
0951
2020-04-10
pjp
*algorithm = atoi(p);
0952
2020-04-10
pjp
/* key */
0953
2020-04-10
pjp
p = q;
0954
2020-04-10
pjp
0955
2020-04-10
pjp
q = key;
0956
2020-04-10
pjp
while (*p) {
0957
2020-04-10
pjp
if (*p == ' ' || *p == '\n' || *p == '\r') {
0958
2020-04-10
pjp
p++;
0959
2020-04-10
pjp
continue;
0960
2020-04-10
pjp
}
0961
2020-04-10
pjp
0962
2020-04-10
pjp
*q++ = *p++;
0963
2020-04-10
pjp
}
0964
2020-04-10
pjp
*q = '\0';
0965
2020-04-10
pjp
0966
2020-04-10
pjp
return (&retbuf[0]);
0967
2020-04-10
pjp
}
0968
2020-04-10
pjp
0969
2020-04-10
pjp
int
0970
2020-04-10
pjp
dump_db(ddDB *db, FILE *of, char *zonename)
0971
2020-04-10
pjp
{
0972
2020-04-10
pjp
int j, rs;
0973
2020-04-10
pjp
0974
2020-04-10
pjp
ddDBT key, data;
0975
2020-04-10
pjp
0976
2020-04-10
pjp
struct node *n, *nx;
0977
2020-04-10
pjp
struct rbtree *rbt0, *rbt;
0978
2020-04-10
pjp
0979
2020-04-10
pjp
char *dnsname;
0980
2020-04-10
pjp
int labellen;
0981
2020-04-10
pjp
0982
2020-04-10
pjp
fprintf(of, "; this file is automatically generated, do NOT edit\n");
0983
2020-04-10
pjp
fprintf(of, "; it was generated by dddctl.c\n");
0984
2020-04-10
pjp
0985
2020-04-10
pjp
fprintf(of, "zone \"%s\" {\n", zonename);
0986
2020-04-10
pjp
0987
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
0988
2020-04-10
pjp
if (dnsname == NULL)
0989
2020-04-10
pjp
return -1;
0990
2020-04-10
pjp
0991
2020-04-10
pjp
if ((rbt0 = Lookup_zone(db, dnsname, labellen, DNS_TYPE_SOA, 0)) == NULL) {
0992
2020-04-10
pjp
return -1;
0993
2020-04-10
pjp
}
0994
2020-04-10
pjp
0995
2020-04-10
pjp
if (print_rbt(of, rbt0) < 0) {
0996
2020-04-10
pjp
fprintf(stderr, "print_rbt error\n");
0997
2020-04-10
pjp
return -1;
0998
2020-04-10
pjp
}
0999
2020-04-10
pjp
1000
2020-04-10
pjp
memset(&key, 0, sizeof(key));
1001
2020-04-10
pjp
memset(&data, 0, sizeof(data));
1002
2020-04-10
pjp
1003
2020-04-10
pjp
j = 0;
1004
2020-04-10
pjp
RB_FOREACH_SAFE(n, domaintree, &db->head, nx) {
1005
2020-04-10
pjp
rs = n->datalen;
1006
2020-04-10
pjp
if ((rbt = calloc(1, rs)) == NULL) {
1007
2020-04-10
pjp
dolog(LOG_INFO, "calloc: %s\n", strerror(errno));
1008
2020-04-10
pjp
exit(1);
1009
2020-04-10
pjp
}
1010
2020-04-10
pjp
1011
2020-04-10
pjp
memcpy((char *)rbt, (char *)n->data, n->datalen);
1012
2020-04-10
pjp
1013
2020-04-10
pjp
if (rbt->zonelen == rbt0->zonelen &&
1014
2020-04-10
pjp
memcasecmp(rbt->zone, rbt0->zone, rbt->zonelen) == 0) {
1015
2020-04-10
pjp
continue;
1016
2020-04-10
pjp
}
1017
2020-04-10
pjp
1018
2020-04-10
pjp
if (print_rbt(of, rbt) < 0) {
1019
2020-04-10
pjp
fprintf(stderr, "print_rbt error\n");
1020
2020-04-10
pjp
return -1;
1021
2020-04-10
pjp
}
1022
2020-04-10
pjp
1023
2020-04-10
pjp
j++;
1024
2020-04-10
pjp
}
1025
2020-04-10
pjp
1026
2020-04-10
pjp
fprintf(of, "}\n");
1027
2020-04-10
pjp
1028
2020-04-10
pjp
#if DEBUG
1029
2020-04-10
pjp
printf("%d records\n", j);
1030
2020-04-10
pjp
#endif
1031
2020-04-10
pjp
return (0);
1032
2020-04-10
pjp
}
1033
2020-04-10
pjp
1034
2020-04-10
pjp
char *
1035
2020-04-10
pjp
create_key(char *zonename, int ttl, int flags, int algorithm, int bits, uint32_t *pid)
1036
2020-04-10
pjp
{
1037
2020-04-10
pjp
switch (algorithm) {
1038
2020-04-10
pjp
case ALGORITHM_RSASHA1_NSEC3_SHA1:
1039
2020-04-10
pjp
case ALGORITHM_RSASHA256:
1040
2020-04-10
pjp
case ALGORITHM_RSASHA512:
1041
2020-04-10
pjp
return (create_key_rsa(zonename, ttl, flags, algorithm, bits, pid));
1042
2020-04-10
pjp
break;
1043
2020-04-10
pjp
case ALGORITHM_ECDSAP256SHA256:
1044
2020-04-10
pjp
return (create_key_ec(zonename, ttl, flags, algorithm, bits, pid));
1045
2020-04-10
pjp
break;
1046
2020-04-10
pjp
default:
1047
2020-04-10
pjp
dolog(LOG_INFO, "invalid algorithm in key\n");
1048
2020-04-10
pjp
break;
1049
2020-04-10
pjp
}
1050
2020-04-10
pjp
1051
2020-04-10
pjp
return NULL;
1052
2020-04-10
pjp
}
1053
2020-04-10
pjp
1054
2020-04-10
pjp
char *
1055
2020-04-10
pjp
create_key_ec(char *zonename, int ttl, int flags, int algorithm, int bits, uint32_t *pid)
1056
2020-04-10
pjp
{
1057
2020-04-10
pjp
FILE *f;
1058
2020-04-10
pjp
EC_KEY *eckey;
1059
2020-04-10
pjp
EC_GROUP *ecgroup;
1060
2020-04-10
pjp
const BIGNUM *ecprivatekey;
1061
2020-04-10
pjp
const EC_POINT *ecpublickey;
1062
2020-04-10
pjp
1063
2020-04-10
pjp
struct stat sb;
1064
2020-04-10
pjp
1065
2020-04-10
pjp
char bin[4096];
1066
2020-04-10
pjp
char b64[4096];
1067
2020-04-10
pjp
char tmp[4096];
1068
2020-04-10
pjp
char buf[512];
1069
2020-04-10
pjp
char *retval;
1070
2020-04-10
pjp
char *p;
1071
2020-04-10
pjp
1072
2020-04-10
pjp
int binlen;
1073
2020-04-10
pjp
int len;
1074
2020-04-10
pjp
1075
2020-04-10
pjp
mode_t savemask;
1076
2020-04-10
pjp
time_t now;
1077
2020-04-10
pjp
struct tm *tm;
1078
2020-04-10
pjp
1079
2020-04-10
pjp
if (algorithm != ALGORITHM_ECDSAP256SHA256) {
1080
2020-04-10
pjp
return NULL;
1081
2020-04-10
pjp
}
1082
2020-04-10
pjp
1083
2020-04-10
pjp
eckey = EC_KEY_new();
1084
2020-04-10
pjp
if (eckey == NULL) {
1085
2020-04-10
pjp
dolog(LOG_ERR, "EC_KEY_new(): %s\n", strerror(errno));
1086
2020-04-10
pjp
return NULL;
1087
2020-04-10
pjp
}
1088
2020-04-10
pjp
1089
2020-04-10
pjp
ecgroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
1090
2020-04-10
pjp
if (ecgroup == NULL) {
1091
2020-04-10
pjp
dolog(LOG_ERR, "EC_GROUP_new_by_curve_name(): %s\n", strerror(errno));
1092
2020-04-10
pjp
EC_KEY_free(eckey);
1093
2020-04-10
pjp
return NULL;
1094
2020-04-10
pjp
}
1095
2020-04-10
pjp
1096
2020-04-10
pjp
if (EC_KEY_set_group(eckey, ecgroup) != 1) {
1097
2020-04-10
pjp
dolog(LOG_ERR, "EC_KEY_set_group(): %s\n", strerror(errno));
1098
2020-04-10
pjp
goto out;
1099
2020-04-10
pjp
}
1100
2020-04-10
pjp
1101
2020-04-10
pjp
/* XXX create EC key here */
1102
2020-04-10
pjp
if (EC_KEY_generate_key(eckey) == 0) {
1103
2020-04-10
pjp
dolog(LOG_ERR, "EC_KEY_generate_key(): %s\n", strerror(errno));
1104
2020-04-10
pjp
goto out;
1105
2020-04-10
pjp
}
1106
2020-04-10
pjp
1107
2020-04-10
pjp
ecprivatekey = EC_KEY_get0_private_key(eckey);
1108
2020-04-10
pjp
if (ecprivatekey == NULL) {
1109
2020-04-10
pjp
dolog(LOG_INFO, "EC_KEY_get0_private_key(): %s\n", strerror(errno));
1110
2020-04-10
pjp
goto out;
1111
2020-04-10
pjp
}
1112
2020-04-10
pjp
1113
2020-04-10
pjp
ecpublickey = EC_KEY_get0_public_key(eckey);
1114
2020-04-10
pjp
if (ecpublickey == NULL) {
1115
2020-04-10
pjp
dolog(LOG_ERR, "EC_KEY_get0_public_key(): %s\n", strerror(errno));
1116
2020-04-10
pjp
goto out;
1117
2020-04-10
pjp
}
1118
2020-04-10
pjp
1119
2020-04-10
pjp
*pid = create_key_ec_getpid(eckey, ecgroup, (EC_POINT *)ecpublickey, algorithm, flags);
1120
2020-04-10
pjp
if (*pid == -1) {
1121
2020-04-10
pjp
dolog(LOG_ERR, "create_key_ec_getpid(): %s\n", strerror(errno));
1122
2020-04-10
pjp
goto out;
1123
2020-04-10
pjp
}
1124
2020-04-10
pjp
1125
2020-04-10
pjp
/* check for collisions, XXX should be rare */
1126
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
1127
2020-04-10
pjp
if (knp->pid == *pid)
1128
2020-04-10
pjp
break;
1129
2020-04-10
pjp
}
1130
2020-04-10
pjp
1131
2020-04-10
pjp
if (knp != NULL) {
1132
2020-04-10
pjp
dolog(LOG_INFO, "create_key: collision with existing pid %d\n", *pid);
1133
2020-04-10
pjp
EC_GROUP_free(ecgroup);
1134
2020-04-10
pjp
EC_KEY_free(eckey);
1135
2020-04-10
pjp
return (create_key_ec(zonename, ttl, flags, algorithm, bits, pid));
1136
2020-04-10
pjp
}
1137
2020-04-10
pjp
1138
2020-04-10
pjp
snprintf(buf, sizeof(buf), "K%s%s+%03d+%d", zonename,
1139
2020-04-10
pjp
(zonename[strlen(zonename) - 1] == '.') ? "" : ".",
1140
2020-04-10
pjp
algorithm, *pid);
1141
2020-04-10
pjp
1142
2020-04-10
pjp
retval = strdup(buf);
1143
2020-04-10
pjp
if (retval == NULL) {
1144
2020-04-10
pjp
dolog(LOG_INFO, "strdup: %s\n", strerror(errno));
1145
2020-04-10
pjp
goto out;
1146
2020-04-10
pjp
}
1147
2020-04-10
pjp
1148
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1149
2020-04-10
pjp
1150
2020-04-10
pjp
savemask = umask(077);
1151
2020-04-10
pjp
1152
2020-04-10
pjp
errno = 0;
1153
2020-04-10
pjp
if (lstat(buf, &sb) < 0 && errno != ENOENT) {
1154
2020-04-10
pjp
perror("lstat");
1155
2020-04-10
pjp
goto out;
1156
2020-04-10
pjp
}
1157
2020-04-10
pjp
1158
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
1159
2020-04-10
pjp
dolog(LOG_INFO, "%s is not a file!\n", buf);
1160
2020-04-10
pjp
goto out;
1161
2020-04-10
pjp
}
1162
2020-04-10
pjp
1163
2020-04-10
pjp
f = fopen(buf, "w+");
1164
2020-04-10
pjp
if (f == NULL) {
1165
2020-04-10
pjp
dolog(LOG_INFO, "fopen: %s\n", strerror(errno));
1166
2020-04-10
pjp
goto out;
1167
2020-04-10
pjp
}
1168
2020-04-10
pjp
1169
2020-04-10
pjp
fprintf(f, "Private-key-format: v1.3\n");
1170
2020-04-10
pjp
fprintf(f, "Algorithm: %d (%s)\n", algorithm, alg_to_name(algorithm));
1171
2020-04-10
pjp
/* PrivateKey */
1172
2020-04-10
pjp
binlen = BN_bn2bin(ecprivatekey, (char *)&bin);
1173
2020-04-10
pjp
len = mybase64_encode(bin, binlen, b64, sizeof(b64));
1174
2020-04-10
pjp
fprintf(f, "PrivateKey: %s\n", b64);
1175
2020-04-10
pjp
1176
2020-04-10
pjp
now = time(NULL);
1177
2020-04-10
pjp
tm = gmtime(&now);
1178
2020-04-10
pjp
1179
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", tm);
1180
2020-04-10
pjp
fprintf(f, "Created: %s\n", buf);
1181
2020-04-10
pjp
fprintf(f, "Publish: %s\n", buf);
1182
2020-04-10
pjp
fprintf(f, "Activate: %s\n", buf);
1183
2020-04-10
pjp
fclose(f);
1184
2020-04-10
pjp
1185
2020-04-10
pjp
/* now for the EC public .key */
1186
2020-04-10
pjp
1187
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.key", retval);
1188
2020-04-10
pjp
umask(savemask);
1189
2020-04-10
pjp
1190
2020-04-10
pjp
errno = 0;
1191
2020-04-10
pjp
if (lstat(buf, &sb) < 0 && errno != ENOENT) {
1192
2020-04-10
pjp
perror("lstat");
1193
2020-04-10
pjp
goto out;
1194
2020-04-10
pjp
}
1195
2020-04-10
pjp
1196
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
1197
2020-04-10
pjp
dolog(LOG_INFO, "%s is not a file!\n", buf);
1198
2020-04-10
pjp
goto out;
1199
2020-04-10
pjp
}
1200
2020-04-10
pjp
1201
2020-04-10
pjp
f = fopen(buf, "w+");
1202
2020-04-10
pjp
if (f == NULL) {
1203
2020-04-10
pjp
dolog(LOG_INFO, "fopen: %s\n", strerror(errno));
1204
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1205
2020-04-10
pjp
unlink(buf);
1206
2020-04-10
pjp
goto out;
1207
2020-04-10
pjp
}
1208
2020-04-10
pjp
1209
2020-04-10
pjp
fprintf(f, "; This is a %s key, keyid %u, for %s%s\n", (flags == 257) ? "key-signing" : "zone-signing", *pid, zonename, (zonename[strlen(zonename) - 1] == '.') ? "" : ".");
1210
2020-04-10
pjp
1211
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", tm);
1212
2020-04-10
pjp
strftime(bin, sizeof(bin), "%c", tm);
1213
2020-04-10
pjp
fprintf(f, "; Created: %s (%s)\n", buf, bin);
1214
2020-04-10
pjp
fprintf(f, "; Publish: %s (%s)\n", buf, bin);
1215
2020-04-10
pjp
fprintf(f, "; Activate: %s (%s)\n", buf, bin);
1216
2020-04-10
pjp
1217
2020-04-10
pjp
if ((binlen = EC_POINT_point2oct(ecgroup, ecpublickey, POINT_CONVERSION_UNCOMPRESSED, tmp, sizeof(tmp), NULL)) == 0) {
1218
2020-04-10
pjp
dolog(LOG_ERR, "EC_POINT_point2oct(): %s\n", strerror(errno));
1219
2020-04-10
pjp
fclose(f);
1220
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1221
2020-04-10
pjp
unlink(buf);
1222
2020-04-10
pjp
goto out;
1223
2020-04-10
pjp
}
1224
2020-04-10
pjp
1225
2020-04-10
pjp
/*
1226
2020-04-10
pjp
* taken from PowerDNS's opensslsigners.cc, apparently to get to the
1227
2020-04-10
pjp
* real public key one has to take out a byte and reduce the length
1228
2020-04-10
pjp
*/
1229
2020-04-10
pjp
1230
2020-04-10
pjp
p = tmp;
1231
2020-04-10
pjp
p++;
1232
2020-04-10
pjp
binlen--;
1233
2020-04-10
pjp
1234
2020-04-10
pjp
len = mybase64_encode(p, binlen, b64, sizeof(b64));
1235
2020-04-10
pjp
fprintf(f, "%s%s %d IN DNSKEY %d 3 %d %s\n", zonename, (zonename[strlen(zonename) - 1] == '.') ? "" : ".", ttl, flags, algorithm, b64);
1236
2020-04-10
pjp
1237
2020-04-10
pjp
fclose(f);
1238
2020-04-10
pjp
1239
2020-04-10
pjp
EC_GROUP_free(ecgroup);
1240
2020-04-10
pjp
EC_KEY_free(eckey);
1241
2020-04-10
pjp
1242
2020-04-10
pjp
return (retval);
1243
2020-04-10
pjp
1244
2020-04-10
pjp
out:
1245
2020-04-10
pjp
EC_GROUP_free(ecgroup);
1246
2020-04-10
pjp
EC_KEY_free(eckey);
1247
2020-04-10
pjp
1248
2020-04-10
pjp
return NULL;
1249
2020-04-10
pjp
}
1250
2020-04-10
pjp
1251
2020-04-10
pjp
int
1252
2020-04-10
pjp
create_key_ec_getpid(EC_KEY *eckey, EC_GROUP *ecgroup, EC_POINT *ecpublickey, int algorithm, int flags)
1253
2020-04-10
pjp
{
1254
2020-04-10
pjp
int binlen;
1255
2020-04-10
pjp
char *tmp, *p, *q;
1256
2020-04-10
pjp
char bin[4096];
1257
2020-04-10
pjp
1258
2020-04-10
pjp
p = &bin[0];
1259
2020-04-10
pjp
pack16(p, htons(flags));
1260
2020-04-10
pjp
p += 2;
1261
2020-04-10
pjp
pack8(p, 3); /* protocol always 3 */
1262
2020-04-10
pjp
p++;
1263
2020-04-10
pjp
pack8(p, algorithm);
1264
2020-04-10
pjp
p++;
1265
2020-04-10
pjp
1266
2020-04-10
pjp
binlen = EC_POINT_point2oct(ecgroup, ecpublickey, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
1267
2020-04-10
pjp
1268
2020-04-10
pjp
if (binlen == 0) {
1269
2020-04-10
pjp
dolog(LOG_ERR, "EC_POINT_point2oct(): %s\n", strerror(errno));
1270
2020-04-10
pjp
return -1;
1271
2020-04-10
pjp
}
1272
2020-04-10
pjp
1273
2020-04-10
pjp
tmp = malloc(binlen);
1274
2020-04-10
pjp
if (tmp == NULL) {
1275
2020-04-10
pjp
dolog(LOG_ERR, "malloc: %s\n", strerror(errno));
1276
2020-04-10
pjp
return (-1);
1277
2020-04-10
pjp
}
1278
2020-04-10
pjp
1279
2020-04-10
pjp
if (EC_POINT_point2oct(ecgroup, ecpublickey, POINT_CONVERSION_UNCOMPRESSED, tmp, binlen, NULL) == 0) {
1280
2020-04-10
pjp
dolog(LOG_ERR, "EC_POINT_point2oct(): %s\n", strerror(errno));
1281
2020-04-10
pjp
return -1;
1282
2020-04-10
pjp
}
1283
2020-04-10
pjp
1284
2020-04-10
pjp
q = tmp;
1285
2020-04-10
pjp
q++;
1286
2020-04-10
pjp
binlen--;
1287
2020-04-10
pjp
1288
2020-04-10
pjp
pack(p, q, binlen);
1289
2020-04-10
pjp
p += binlen;
1290
2020-04-10
pjp
1291
2020-04-10
pjp
free(tmp);
1292
2020-04-10
pjp
binlen = (p - &bin[0]);
1293
2020-04-10
pjp
1294
2020-04-10
pjp
return (keytag(bin, binlen));
1295
2020-04-10
pjp
}
1296
2020-04-10
pjp
1297
2020-04-10
pjp
char *
1298
2020-04-10
pjp
create_key_rsa(char *zonename, int ttl, int flags, int algorithm, int bits, uint32_t *pid)
1299
2020-04-10
pjp
{
1300
2020-04-10
pjp
FILE *f;
1301
2020-04-10
pjp
RSA *rsa;
1302
2020-04-10
pjp
BIGNUM *e;
1303
2020-04-10
pjp
BIGNUM *rsan, *rsae, *rsad, *rsap, *rsaq;
1304
2020-04-10
pjp
BIGNUM *rsadmp1, *rsadmq1, *rsaiqmp;
1305
2020-04-10
pjp
BN_GENCB *cb;
1306
2020-04-10
pjp
char buf[512];
1307
2020-04-10
pjp
char bin[4096];
1308
2020-04-10
pjp
char b64[4096];
1309
2020-04-10
pjp
char tmp[4096];
1310
2020-04-10
pjp
int i, binlen, len;
1311
2020-04-10
pjp
char *retval;
1312
2020-04-10
pjp
char *p;
1313
2020-04-10
pjp
time_t now;
1314
2020-04-10
pjp
struct tm *tm;
1315
2020-04-10
pjp
struct stat sb;
1316
2020-04-10
pjp
mode_t savemask;
1317
2020-04-10
pjp
int rlen;
1318
2020-04-10
pjp
1319
2020-04-10
pjp
if ((rsa = RSA_new()) == NULL) {
1320
2020-04-10
pjp
dolog(LOG_INFO, "RSA_new: %s\n", strerror(errno));
1321
2020-04-10
pjp
return NULL;
1322
2020-04-10
pjp
}
1323
2020-04-10
pjp
1324
2020-04-10
pjp
if ((e = BN_new()) == NULL) {
1325
2020-04-10
pjp
dolog(LOG_INFO, "BN_new: %s\n", strerror(errno));
1326
2020-04-10
pjp
RSA_free(rsa);
1327
2020-04-10
pjp
return NULL;
1328
2020-04-10
pjp
}
1329
2020-04-10
pjp
if ((rsan = BN_new()) == NULL ||
1330
2020-04-10
pjp
(rsae = BN_new()) == NULL ||
1331
2020-04-10
pjp
(rsad = BN_new()) == NULL ||
1332
2020-04-10
pjp
(rsap = BN_new()) == NULL ||
1333
2020-04-10
pjp
(rsaq = BN_new()) == NULL ||
1334
2020-04-10
pjp
(rsadmp1 = BN_new()) == NULL ||
1335
2020-04-10
pjp
(rsadmq1 = BN_new()) == NULL ||
1336
2020-04-10
pjp
(rsaiqmp = BN_new()) == NULL) {
1337
2020-04-10
pjp
dolog(LOG_INFO, "BN_new: %s\n", strerror(errno));
1338
2020-04-10
pjp
RSA_free(rsa);
1339
2020-04-10
pjp
return NULL;
1340
2020-04-10
pjp
}
1341
2020-04-10
pjp
1342
2020-04-10
pjp
if ((cb = BN_GENCB_new()) == NULL) {
1343
2020-04-10
pjp
dolog(LOG_INFO, "BN_GENCB_new: %s\n", strerror(errno));
1344
2020-04-10
pjp
RSA_free(rsa);
1345
2020-04-10
pjp
return NULL;
1346
2020-04-10
pjp
}
1347
2020-04-10
pjp
1348
2020-04-10
pjp
for (i = 0; i < 32; i++) {
1349
2020-04-10
pjp
if (RSA_F4 & (1 << i)) {
1350
2020-04-10
pjp
BN_set_bit(e, i);
1351
2020-04-10
pjp
}
1352
2020-04-10
pjp
}
1353
2020-04-10
pjp
1354
2020-04-10
pjp
BN_GENCB_set_old(cb, NULL, NULL);
1355
2020-04-10
pjp
1356
2020-04-10
pjp
switch (algorithm) {
1357
2020-04-10
pjp
case ALGORITHM_RSASHA1_NSEC3_SHA1:
1358
2020-04-10
pjp
break;
1359
2020-04-10
pjp
case ALGORITHM_RSASHA256:
1360
2020-04-10
pjp
break;
1361
2020-04-10
pjp
case ALGORITHM_RSASHA512:
1362
2020-04-10
pjp
break;
1363
2020-04-10
pjp
default:
1364
2020-04-10
pjp
dolog(LOG_INFO, "invalid algorithm in key\n");
1365
2020-04-10
pjp
return NULL;
1366
2020-04-10
pjp
}
1367
2020-04-10
pjp
1368
2020-04-10
pjp
if (RSA_generate_key_ex(rsa, bits, e, cb) == 0) {
1369
2020-04-10
pjp
dolog(LOG_INFO, "RSA_generate_key_ex: %s\n", strerror(errno));
1370
2020-04-10
pjp
BN_free(e);
1371
2020-04-10
pjp
RSA_free(rsa);
1372
2020-04-10
pjp
BN_GENCB_free(cb);
1373
2020-04-10
pjp
return NULL;
1374
2020-04-10
pjp
}
1375
2020-04-10
pjp
1376
2020-04-10
pjp
/* cb is not used again */
1377
2020-04-10
pjp
BN_GENCB_free(cb);
1378
2020-04-10
pjp
1379
2020-04-10
pjp
/* get the bignums for now hidden struct */
1380
2020-04-10
pjp
RSA_get0_key(rsa, (const BIGNUM **)&rsan, (const BIGNUM **)&rsae, (const BIGNUM **)&rsad);
1381
2020-04-10
pjp
1382
2020-04-10
pjp
/* get the keytag, this is a bit of a hard process */
1383
2020-04-10
pjp
p = (char *)&bin[0];
1384
2020-04-10
pjp
pack16(p, htons(flags));
1385
2020-04-10
pjp
p+=2;
1386
2020-04-10
pjp
pack8(p, 3); /* protocol always 3 */
1387
2020-04-10
pjp
p++;
1388
2020-04-10
pjp
pack8(p, algorithm);
1389
2020-04-10
pjp
p++;
1390
2020-04-10
pjp
binlen = BN_bn2bin(rsae, (char *)tmp);
1391
2020-04-10
pjp
/* RFC 3110 */
1392
2020-04-10
pjp
if (binlen < 256) {
1393
2020-04-10
pjp
*p = binlen;
1394
2020-04-10
pjp
p++;
1395
2020-04-10
pjp
} else {
1396
2020-04-10
pjp
*p = 0;
1397
2020-04-10
pjp
p++;
1398
2020-04-10
pjp
pack16(p, htons(binlen));
1399
2020-04-10
pjp
p += 2;
1400
2020-04-10
pjp
}
1401
2020-04-10
pjp
1402
2020-04-10
pjp
pack(p, tmp, binlen);
1403
2020-04-10
pjp
p += binlen;
1404
2020-04-10
pjp
binlen = BN_bn2bin(rsan, (char *)tmp);
1405
2020-04-10
pjp
pack(p, tmp, binlen);
1406
2020-04-10
pjp
p += binlen;
1407
2020-04-10
pjp
rlen = (p - &bin[0]);
1408
2020-04-10
pjp
*pid = keytag(bin, rlen);
1409
2020-04-10
pjp
1410
2020-04-10
pjp
/* check for collisions, XXX should be rare */
1411
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
1412
2020-04-10
pjp
if (knp->pid == *pid)
1413
2020-04-10
pjp
break;
1414
2020-04-10
pjp
}
1415
2020-04-10
pjp
1416
2020-04-10
pjp
if (knp != NULL) {
1417
2020-04-10
pjp
dolog(LOG_INFO, "create_key: collision with existing pid %d\n", *pid);
1418
2020-04-10
pjp
RSA_free(rsa);
1419
2020-04-10
pjp
BN_free(e);
1420
2020-04-10
pjp
return (create_key_rsa(zonename, ttl, flags, algorithm, bits, pid));
1421
2020-04-10
pjp
}
1422
2020-04-10
pjp
1423
2020-04-10
pjp
snprintf(buf, sizeof(buf), "K%s%s+%03d+%d", zonename,
1424
2020-04-10
pjp
(zonename[strlen(zonename) - 1] == '.') ? "" : ".",
1425
2020-04-10
pjp
algorithm, *pid);
1426
2020-04-10
pjp
1427
2020-04-10
pjp
retval = strdup(buf);
1428
2020-04-10
pjp
if (retval == NULL) {
1429
2020-04-10
pjp
dolog(LOG_INFO, "strdup: %s\n", strerror(errno));
1430
2020-04-10
pjp
RSA_free(rsa);
1431
2020-04-10
pjp
BN_free(e);
1432
2020-04-10
pjp
return NULL;
1433
2020-04-10
pjp
}
1434
2020-04-10
pjp
1435
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1436
2020-04-10
pjp
1437
2020-04-10
pjp
savemask = umask(077);
1438
2020-04-10
pjp
1439
2020-04-10
pjp
errno = 0;
1440
2020-04-10
pjp
if (lstat(buf, &sb) < 0 && errno != ENOENT) {
1441
2020-04-10
pjp
perror("lstat");
1442
2020-04-10
pjp
exit(1);
1443
2020-04-10
pjp
}
1444
2020-04-10
pjp
1445
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
1446
2020-04-10
pjp
dolog(LOG_INFO, "%s is not a file!\n", buf);
1447
2020-04-10
pjp
RSA_free(rsa);
1448
2020-04-10
pjp
BN_free(e);
1449
2020-04-10
pjp
return NULL;
1450
2020-04-10
pjp
}
1451
2020-04-10
pjp
1452
2020-04-10
pjp
f = fopen(buf, "w+");
1453
2020-04-10
pjp
if (f == NULL) {
1454
2020-04-10
pjp
dolog(LOG_INFO, "fopen: %s\n", strerror(errno));
1455
2020-04-10
pjp
RSA_free(rsa);
1456
2020-04-10
pjp
BN_free(e);
1457
2020-04-10
pjp
return NULL;
1458
2020-04-10
pjp
}
1459
2020-04-10
pjp
1460
2020-04-10
pjp
fprintf(f, "Private-key-format: v1.3\n");
1461
2020-04-10
pjp
fprintf(f, "Algorithm: %d (%s)\n", algorithm, alg_to_name(algorithm));
1462
2020-04-10
pjp
/* modulus */
1463
2020-04-10
pjp
binlen = BN_bn2bin(rsan, (char *)&bin);
1464
2020-04-10
pjp
len = mybase64_encode(bin, binlen, b64, sizeof(b64));
1465
2020-04-10
pjp
fprintf(f, "Modulus: %s\n", b64);
1466
2020-04-10
pjp
/* public exponent */
1467
2020-04-10
pjp
binlen = BN_bn2bin(rsae, (char *)&bin);
1468
2020-04-10
pjp
len = mybase64_encode(bin, binlen, b64, sizeof(b64));
1469
2020-04-10
pjp
fprintf(f, "PublicExponent: %s\n", b64);
1470
2020-04-10
pjp
/* private exponent */
1471
2020-04-10
pjp
binlen = BN_bn2bin(rsad, (char *)&bin);
1472
2020-04-10
pjp
len = mybase64_encode(bin, binlen, b64, sizeof(b64));
1473
2020-04-10
pjp
fprintf(f, "PrivateExponent: %s\n", b64);
1474
2020-04-10
pjp
/* get the RSA factors */
1475
2020-04-10
pjp
RSA_get0_factors(rsa, (const BIGNUM **)&rsap, (const BIGNUM **)&rsaq);
1476
2020-04-10
pjp
/* prime1 */
1477
2020-04-10
pjp
binlen = BN_bn2bin(rsap, (char *)&bin);
1478
2020-04-10
pjp
len = mybase64_encode(bin, binlen, b64, sizeof(b64));
1479
2020-04-10
pjp
fprintf(f, "Prime1: %s\n", b64);
1480
2020-04-10
pjp
/* prime2 */
1481
2020-04-10
pjp
binlen = BN_bn2bin(rsaq, (char *)&bin);
1482
2020-04-10
pjp
len = mybase64_encode(bin, binlen, b64, sizeof(b64));
1483
2020-04-10
pjp
fprintf(f, "Prime2: %s\n", b64);
1484
2020-04-10
pjp
/* get the RSA crt params */
1485
2020-04-10
pjp
RSA_get0_crt_params(rsa, (const BIGNUM **)&rsadmp1, (const BIGNUM **)&rsadmq1, (const BIGNUM **)&rsaiqmp);
1486
2020-04-10
pjp
/* exponent1 */
1487
2020-04-10
pjp
binlen = BN_bn2bin(rsadmp1, (char *)&bin);
1488
2020-04-10
pjp
len = mybase64_encode(bin, binlen, b64, sizeof(b64));
1489
2020-04-10
pjp
fprintf(f, "Exponent1: %s\n", b64);
1490
2020-04-10
pjp
/* exponent2 */
1491
2020-04-10
pjp
binlen = BN_bn2bin(rsadmq1, (char *)&bin);
1492
2020-04-10
pjp
len = mybase64_encode(bin, binlen, b64, sizeof(b64));
1493
2020-04-10
pjp
fprintf(f, "Exponent2: %s\n", b64);
1494
2020-04-10
pjp
/* coefficient */
1495
2020-04-10
pjp
binlen = BN_bn2bin(rsaiqmp, (char *)&bin);
1496
2020-04-10
pjp
len = mybase64_encode(bin, binlen, b64, sizeof(b64));
1497
2020-04-10
pjp
fprintf(f, "Coefficient: %s\n", b64);
1498
2020-04-10
pjp
1499
2020-04-10
pjp
now = time(NULL);
1500
2020-04-10
pjp
tm = gmtime(&now);
1501
2020-04-10
pjp
1502
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", tm);
1503
2020-04-10
pjp
fprintf(f, "Created: %s\n", buf);
1504
2020-04-10
pjp
fprintf(f, "Publish: %s\n", buf);
1505
2020-04-10
pjp
fprintf(f, "Activate: %s\n", buf);
1506
2020-04-10
pjp
1507
2020-04-10
pjp
fclose(f);
1508
2020-04-10
pjp
BN_free(e);
1509
2020-04-10
pjp
1510
2020-04-10
pjp
/* now for the .key */
1511
2020-04-10
pjp
1512
2020-04-10
pjp
1513
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.key", retval);
1514
2020-04-10
pjp
umask(savemask);
1515
2020-04-10
pjp
1516
2020-04-10
pjp
errno = 0;
1517
2020-04-10
pjp
if (lstat(buf, &sb) < 0 && errno != ENOENT) {
1518
2020-04-10
pjp
perror("lstat");
1519
2020-04-10
pjp
exit(1);
1520
2020-04-10
pjp
}
1521
2020-04-10
pjp
1522
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
1523
2020-04-10
pjp
dolog(LOG_INFO, "%s is not a file!\n", buf);
1524
2020-04-10
pjp
RSA_free(rsa);
1525
2020-04-10
pjp
BN_free(e);
1526
2020-04-10
pjp
return NULL;
1527
2020-04-10
pjp
}
1528
2020-04-10
pjp
f = fopen(buf, "w+");
1529
2020-04-10
pjp
if (f == NULL) {
1530
2020-04-10
pjp
dolog(LOG_INFO, "fopen: %s\n", strerror(errno));
1531
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1532
2020-04-10
pjp
unlink(buf);
1533
2020-04-10
pjp
RSA_free(rsa);
1534
2020-04-10
pjp
return NULL;
1535
2020-04-10
pjp
}
1536
2020-04-10
pjp
1537
2020-04-10
pjp
fprintf(f, "; This is a %s key, keyid %u, for %s%s\n", (flags == 257) ? "key-signing" : "zone-signing", *pid, zonename, (zonename[strlen(zonename) - 1] == '.') ? "" : ".");
1538
2020-04-10
pjp
1539
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", tm);
1540
2020-04-10
pjp
strftime(bin, sizeof(bin), "%c", tm);
1541
2020-04-10
pjp
fprintf(f, "; Created: %s (%s)\n", buf, bin);
1542
2020-04-10
pjp
fprintf(f, "; Publish: %s (%s)\n", buf, bin);
1543
2020-04-10
pjp
fprintf(f, "; Activate: %s (%s)\n", buf, bin);
1544
2020-04-10
pjp
1545
2020-04-10
pjp
/* RFC 3110, section 2 */
1546
2020-04-10
pjp
p = &bin[0];
1547
2020-04-10
pjp
binlen = BN_bn2bin(rsae, (char *)tmp);
1548
2020-04-10
pjp
if (binlen < 256) {
1549
2020-04-10
pjp
*p = binlen;
1550
2020-04-10
pjp
p++;
1551
2020-04-10
pjp
} else {
1552
2020-04-10
pjp
*p = 0;
1553
2020-04-10
pjp
p++;
1554
2020-04-10
pjp
pack16(p, htons(binlen));
1555
2020-04-10
pjp
p += 2;
1556
2020-04-10
pjp
}
1557
2020-04-10
pjp
pack(p, tmp, binlen);
1558
2020-04-10
pjp
p += binlen;
1559
2020-04-10
pjp
binlen = BN_bn2bin(rsan, (char *)tmp);
1560
2020-04-10
pjp
pack(p, tmp, binlen);
1561
2020-04-10
pjp
p += binlen;
1562
2020-04-10
pjp
binlen = (p - &bin[0]);
1563
2020-04-10
pjp
len = mybase64_encode(bin, binlen, b64, sizeof(b64));
1564
2020-04-10
pjp
fprintf(f, "%s%s %d IN DNSKEY %d 3 %d %s\n", zonename, (zonename[strlen(zonename) - 1] == '.') ? "" : ".", ttl, flags, algorithm, b64);
1565
2020-04-10
pjp
1566
2020-04-10
pjp
fclose(f);
1567
2020-04-10
pjp
RSA_free(rsa);
1568
2020-04-10
pjp
1569
2020-04-10
pjp
return (retval);
1570
2020-04-10
pjp
}
1571
2020-04-10
pjp
1572
2020-04-10
pjp
char *
1573
2020-04-10
pjp
alg_to_name(int algorithm)
1574
2020-04-10
pjp
{
1575
2020-04-10
pjp
1576
2020-04-10
pjp
switch (algorithm) {
1577
2020-04-10
pjp
case ALGORITHM_RSASHA1_NSEC3_SHA1:
1578
2020-04-10
pjp
return ("RSASHA1_NSEC3_SHA1");
1579
2020-04-10
pjp
break;
1580
2020-04-10
pjp
case ALGORITHM_RSASHA256:
1581
2020-04-10
pjp
return ("RSASHA256");
1582
2020-04-10
pjp
break;
1583
2020-04-10
pjp
case ALGORITHM_RSASHA512:
1584
2020-04-10
pjp
return ("RSASHA512");
1585
2020-04-10
pjp
break;
1586
2020-04-10
pjp
case ALGORITHM_ECDSAP256SHA256:
1587
2020-04-10
pjp
return ("ECDSAP256SHA256");
1588
2020-04-10
pjp
break;
1589
2020-04-10
pjp
}
1590
2020-04-10
pjp
1591
2020-04-10
pjp
return (NULL);
1592
2020-04-10
pjp
}
1593
2020-04-10
pjp
1594
2020-04-10
pjp
int
1595
2020-04-10
pjp
alg_to_rsa(int algorithm)
1596
2020-04-10
pjp
{
1597
2020-04-10
pjp
1598
2020-04-10
pjp
switch (algorithm) {
1599
2020-04-10
pjp
case ALGORITHM_RSASHA1_NSEC3_SHA1:
1600
2020-04-10
pjp
return (NID_sha1);
1601
2020-04-10
pjp
break;
1602
2020-04-10
pjp
case ALGORITHM_RSASHA256:
1603
2020-04-10
pjp
return (NID_sha256);
1604
2020-04-10
pjp
break;
1605
2020-04-10
pjp
case ALGORITHM_RSASHA512:
1606
2020-04-10
pjp
return (NID_sha512);
1607
2020-04-10
pjp
break;
1608
2020-04-10
pjp
}
1609
2020-04-10
pjp
1610
2020-04-10
pjp
return (-1);
1611
2020-04-10
pjp
}
1612
2020-04-10
pjp
1613
2020-04-10
pjp
int
1614
2020-04-10
pjp
calculate_rrsigs(ddDB *db, char *zonename, int expiry, int rollmethod)
1615
2020-04-10
pjp
{
1616
2020-04-10
pjp
struct node *n, *nx;
1617
2020-04-10
pjp
struct rbtree *rbt;
1618
2020-04-10
pjp
struct rrset *rrset = NULL;
1619
2020-04-10
pjp
int j, rs;
1620
2020-04-10
pjp
1621
2020-04-10
pjp
time_t now, twoweeksago;
1622
2020-04-10
pjp
char timebuf[32];
1623
2020-04-10
pjp
struct tm *tm;
1624
2020-04-10
pjp
1625
2020-04-10
pjp
/* set expiredon and signedon */
1626
2020-04-10
pjp
1627
2020-04-10
pjp
now = time(NULL);
1628
2020-04-10
pjp
twoweeksago = now - SIGNEDON_DRIFT;
1629
2020-04-10
pjp
tm = gmtime(&twoweeksago);
1630
2020-04-10
pjp
strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%S", tm);
1631
2020-04-10
pjp
signedon = atoll(timebuf);
1632
2020-04-10
pjp
now += expiry;
1633
2020-04-10
pjp
tm = gmtime(&now);
1634
2020-04-10
pjp
strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%S", tm);
1635
2020-04-10
pjp
expiredon = atoll(timebuf);
1636
2020-04-10
pjp
1637
2020-04-10
pjp
#if PROVIDED_SIGNTIME
1638
2020-04-10
pjp
signedon = SIGNEDON;
1639
2020-04-10
pjp
expiredon = EXPIREDON;
1640
2020-04-10
pjp
#endif
1641
2020-04-10
pjp
1642
2020-04-10
pjp
j = 0;
1643
2020-04-10
pjp
1644
2020-04-10
pjp
RB_FOREACH_SAFE(n, domaintree, &db->head, nx) {
1645
2020-04-10
pjp
rs = n->datalen;
1646
2020-04-10
pjp
if ((rbt = calloc(1, rs)) == NULL) {
1647
2020-04-10
pjp
dolog(LOG_INFO, "calloc: %s\n", strerror(errno));
1648
2020-04-10
pjp
exit(1);
1649
2020-04-10
pjp
}
1650
2020-04-10
pjp
1651
2020-04-10
pjp
memcpy((char *)rbt, (char *)n->data, n->datalen);
1652
2020-04-10
pjp
1653
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_DNSKEY)) != NULL) {
1654
2020-04-10
pjp
if (sign_dnskey(db, zonename, expiry, rbt, rollmethod) < 0) {
1655
2020-04-10
pjp
fprintf(stderr, "sign_dnskey error\n");
1656
2020-04-10
pjp
return -1;
1657
2020-04-10
pjp
}
1658
2020-04-10
pjp
}
1659
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_A)) != NULL) {
1660
2020-04-10
pjp
if (notglue(db, rbt, zonename) &&
1661
2020-04-10
pjp
sign_a(db, zonename, expiry, rbt, rollmethod) < 0) {
1662
2020-04-10
pjp
fprintf(stderr, "sign_a error\n");
1663
2020-04-10
pjp
return -1;
1664
2020-04-10
pjp
}
1665
2020-04-10
pjp
}
1666
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_MX)) != NULL) {
1667
2020-04-10
pjp
if (sign_mx(db, zonename, expiry, rbt, rollmethod) < 0) {
1668
2020-04-10
pjp
fprintf(stderr, "sign_mx error\n");
1669
2020-04-10
pjp
return -1;
1670
2020-04-10
pjp
}
1671
2020-04-10
pjp
}
1672
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NS)) != NULL) {
1673
2020-04-10
pjp
if (sign_ns(db, zonename, expiry, rbt, rollmethod) < 0) {
1674
2020-04-10
pjp
fprintf(stderr, "sign_ns error\n");
1675
2020-04-10
pjp
return -1;
1676
2020-04-10
pjp
}
1677
2020-04-10
pjp
}
1678
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_SOA)) != NULL) {
1679
2020-04-10
pjp
if (sign_soa(db, zonename, expiry, rbt, rollmethod) < 0) {
1680
2020-04-10
pjp
fprintf(stderr, "sign_soa error\n");
1681
2020-04-10
pjp
return -1;
1682
2020-04-10
pjp
}
1683
2020-04-10
pjp
}
1684
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_TXT)) != NULL) {
1685
2020-04-10
pjp
if (sign_txt(db, zonename, expiry, rbt, rollmethod) < 0) {
1686
2020-04-10
pjp
fprintf(stderr, "sign_txt error\n");
1687
2020-04-10
pjp
return -1;
1688
2020-04-10
pjp
}
1689
2020-04-10
pjp
}
1690
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_AAAA)) != NULL) {
1691
2020-04-10
pjp
/* find out if we're glue, if not sign */
1692
2020-04-10
pjp
if (notglue(db, rbt, zonename) &&
1693
2020-04-10
pjp
sign_aaaa(db, zonename, expiry, rbt, rollmethod) < 0) {
1694
2020-04-10
pjp
fprintf(stderr, "sign_aaaa error\n");
1695
2020-04-10
pjp
return -1;
1696
2020-04-10
pjp
}
1697
2020-04-10
pjp
}
1698
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3)) != NULL) {
1699
2020-04-10
pjp
if (sign_nsec3(db, zonename, expiry, rbt, rollmethod) < 0) {
1700
2020-04-10
pjp
fprintf(stderr, "sign_nsec3 error\n");
1701
2020-04-10
pjp
return -1;
1702
2020-04-10
pjp
}
1703
2020-04-10
pjp
}
1704
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3PARAM)) != NULL) {
1705
2020-04-10
pjp
if (sign_nsec3param(db, zonename, expiry, rbt, rollmethod) < 0) {
1706
2020-04-10
pjp
fprintf(stderr, "sign_nsec3param error\n");
1707
2020-04-10
pjp
return -1;
1708
2020-04-10
pjp
}
1709
2020-04-10
pjp
}
1710
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_CNAME)) != NULL) {
1711
2020-04-10
pjp
if (sign_cname(db, zonename, expiry, rbt, rollmethod) < 0) {
1712
2020-04-10
pjp
fprintf(stderr, "sign_cname error\n");
1713
2020-04-10
pjp
return -1;
1714
2020-04-10
pjp
}
1715
2020-04-10
pjp
}
1716
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_PTR)) != NULL) {
1717
2020-04-10
pjp
if (sign_ptr(db, zonename, expiry, rbt, rollmethod) < 0) {
1718
2020-04-10
pjp
fprintf(stderr, "sign_ptr error\n");
1719
2020-04-10
pjp
return -1;
1720
2020-04-10
pjp
}
1721
2020-04-10
pjp
}
1722
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NAPTR)) != NULL) {
1723
2020-04-10
pjp
if (sign_naptr(db, zonename, expiry, rbt, rollmethod) < 0) {
1724
2020-04-10
pjp
fprintf(stderr, "sign_naptr error\n");
1725
2020-04-10
pjp
return -1;
1726
2020-04-10
pjp
}
1727
2020-04-10
pjp
}
1728
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_SRV)) != NULL) {
1729
2020-04-10
pjp
if (sign_srv(db, zonename, expiry, rbt, rollmethod) < 0) {
1730
2020-04-10
pjp
fprintf(stderr, "sign_srv error\n");
1731
2020-04-10
pjp
return -1;
1732
2020-04-10
pjp
}
1733
2020-04-10
pjp
}
1734
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_SSHFP)) != NULL) {
1735
2020-04-10
pjp
if (sign_sshfp(db, zonename, expiry, rbt, rollmethod) < 0) {
1736
2020-04-10
pjp
fprintf(stderr, "sign_sshfp error\n");
1737
2020-04-10
pjp
return -1;
1738
2020-04-10
pjp
}
1739
2020-04-10
pjp
}
1740
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_TLSA)) != NULL) {
1741
2020-04-10
pjp
if (sign_tlsa(db, zonename, expiry, rbt, rollmethod) < 0) {
1742
2020-04-10
pjp
fprintf(stderr, "sign_tlsa error\n");
1743
2020-04-10
pjp
return -1;
1744
2020-04-10
pjp
}
1745
2020-04-10
pjp
}
1746
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_DS)) != NULL) {
1747
2020-04-10
pjp
if (sign_ds(db, zonename, expiry, rbt, rollmethod) < 0) {
1748
2020-04-10
pjp
fprintf(stderr, "sign_ds error\n");
1749
2020-04-10
pjp
return -1;
1750
2020-04-10
pjp
}
1751
2020-04-10
pjp
}
1752
2020-07-23
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_CAA)) != NULL) {
1753
2020-07-23
pjp
if (sign_caa(db, zonename, expiry, rbt, rollmethod) < 0) {
1754
2020-07-23
pjp
fprintf(stderr, "sign_caa error\n");
1755
2020-07-23
pjp
return -1;
1756
2020-07-23
pjp
}
1757
2020-07-23
pjp
}
1758
2020-07-23
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_RP)) != NULL) {
1759
2020-07-23
pjp
if (sign_rp(db, zonename, expiry, rbt, rollmethod) < 0) {
1760
2020-07-23
pjp
fprintf(stderr, "sign_rp error\n");
1761
2020-07-23
pjp
return -1;
1762
2020-07-23
pjp
}
1763
2020-07-23
pjp
}
1764
2020-07-23
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_HINFO)) != NULL) {
1765
2020-07-23
pjp
if (sign_hinfo(db, zonename, expiry, rbt, rollmethod) < 0) {
1766
2020-07-23
pjp
fprintf(stderr, "sign_hinfo error\n");
1767
2020-07-23
pjp
return -1;
1768
2020-07-23
pjp
}
1769
2020-07-23
pjp
}
1770
2020-04-10
pjp
1771
2020-04-10
pjp
j++;
1772
2020-04-10
pjp
}
1773
2020-04-10
pjp
1774
2020-04-10
pjp
1775
2020-04-10
pjp
return 0;
1776
2020-04-10
pjp
}
1777
2020-04-10
pjp
1778
2020-04-10
pjp
/*
1779
2020-04-10
pjp
* create a RRSIG for an SOA record
1780
2020-04-10
pjp
*/
1781
2020-04-10
pjp
1782
2020-04-10
pjp
static int
1783
2020-04-10
pjp
sign_soa(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
1784
2020-04-10
pjp
{
1785
2020-04-10
pjp
struct rrset *rrset = NULL;
1786
2020-04-10
pjp
struct rr *rrp = NULL;
1787
2020-04-10
pjp
struct keysentry **zsk_key;
1788
2020-04-10
pjp
1789
2020-04-10
pjp
char tmp[4096];
1790
2020-04-10
pjp
char signature[4096];
1791
2020-04-10
pjp
char shabuf[64];
1792
2020-04-10
pjp
1793
2020-04-10
pjp
1794
2020-04-10
pjp
char *dnsname;
1795
2020-04-10
pjp
char *p;
1796
2020-04-10
pjp
char *key;
1797
2020-04-10
pjp
char *zone;
1798
2020-04-10
pjp
1799
2020-04-10
pjp
uint32_t ttl;
1800
2020-04-10
pjp
uint16_t flags;
1801
2020-04-10
pjp
uint8_t protocol;
1802
2020-04-10
pjp
uint8_t algorithm;
1803
2020-04-10
pjp
1804
2020-04-10
pjp
int labellen;
1805
2020-04-10
pjp
int keyid;
1806
2020-04-10
pjp
int len;
1807
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
1808
2020-04-10
pjp
int labels;
1809
2020-04-10
pjp
int nzk = 0;
1810
2020-04-10
pjp
1811
2020-04-10
pjp
char timebuf[32];
1812
2020-04-10
pjp
struct tm tm;
1813
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
1814
2020-04-10
pjp
1815
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
1816
2020-04-10
pjp
1817
2020-04-10
pjp
key = malloc(10 * 4096);
1818
2020-04-10
pjp
if (key == NULL) {
1819
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
1820
2020-04-10
pjp
return -1;
1821
2020-04-10
pjp
}
1822
2020-04-10
pjp
1823
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
1824
2020-04-10
pjp
if (zsk_key == NULL) {
1825
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
1826
2020-04-10
pjp
return -1;
1827
2020-04-10
pjp
}
1828
2020-04-10
pjp
1829
2020-04-10
pjp
nzk = 0;
1830
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
1831
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
1832
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
1833
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
1834
2020-04-10
pjp
zsk_key[nzk++] = knp;
1835
2020-04-10
pjp
}
1836
2020-04-10
pjp
}
1837
2020-04-10
pjp
1838
2020-04-10
pjp
zsk_key[nzk] = NULL;
1839
2020-04-10
pjp
1840
2020-04-10
pjp
/* get the ZSK */
1841
2020-04-10
pjp
do {
1842
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
1843
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
1844
2020-04-10
pjp
return -1;
1845
2020-04-10
pjp
}
1846
2020-04-10
pjp
1847
2020-04-10
pjp
/* check the keytag supplied */
1848
2020-04-10
pjp
p = key;
1849
2020-04-10
pjp
pack16(p, htons(flags));
1850
2020-04-10
pjp
p += 2;
1851
2020-04-10
pjp
pack8(p, protocol);
1852
2020-04-10
pjp
p++;
1853
2020-04-10
pjp
pack8(p, algorithm);
1854
2020-04-10
pjp
p++;
1855
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
1856
2020-04-10
pjp
pack(p, signature, keylen);
1857
2020-04-10
pjp
p += keylen;
1858
2020-04-10
pjp
keylen = (p - key);
1859
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
1860
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
1861
2020-04-10
pjp
return -1;
1862
2020-04-10
pjp
}
1863
2020-04-10
pjp
1864
2020-04-10
pjp
labels = label_count(rbt->zone);
1865
2020-04-10
pjp
if (labels < 0) {
1866
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
1867
2020-04-10
pjp
return -1;
1868
2020-04-10
pjp
}
1869
2020-04-10
pjp
1870
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
1871
2020-04-10
pjp
if (dnsname == NULL)
1872
2020-04-10
pjp
return -1;
1873
2020-04-10
pjp
1874
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_SOA)) != NULL) {
1875
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
1876
2020-04-10
pjp
if (rrp == NULL) {
1877
2020-04-10
pjp
dolog(LOG_INFO, "no SOA records but have rrset entry!\n");
1878
2020-04-10
pjp
return -1;
1879
2020-04-10
pjp
}
1880
2020-04-10
pjp
} else {
1881
2020-04-10
pjp
dolog(LOG_INFO, "no SOA records\n");
1882
2020-04-10
pjp
return -1;
1883
2020-04-10
pjp
}
1884
2020-04-10
pjp
1885
2020-04-10
pjp
p = key;
1886
2020-04-10
pjp
1887
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_SOA));
1888
2020-04-10
pjp
p += 2;
1889
2020-04-10
pjp
pack8(p, algorithm);
1890
2020-04-10
pjp
p++;
1891
2020-04-10
pjp
pack8(p, labels);
1892
2020-04-10
pjp
p++;
1893
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
1894
2020-04-10
pjp
p += 4;
1895
2020-04-10
pjp
1896
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
1897
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
1898
2020-04-10
pjp
expiredon2 = timegm(&tm);
1899
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
1900
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
1901
2020-04-10
pjp
signedon2 = timegm(&tm);
1902
2020-04-10
pjp
1903
2020-04-10
pjp
pack32(p, htonl(expiredon2));
1904
2020-04-10
pjp
p += 4;
1905
2020-04-10
pjp
pack32(p, htonl(signedon2));
1906
2020-04-10
pjp
p += 4;
1907
2020-04-10
pjp
pack16(p, htons(keyid));
1908
2020-04-10
pjp
p += 2;
1909
2020-04-10
pjp
pack(p, dnsname, labellen);
1910
2020-04-10
pjp
p += labellen;
1911
2020-04-10
pjp
1912
2020-04-10
pjp
/* no signature here */
1913
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
1914
2020-04-10
pjp
1915
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
1916
2020-04-10
pjp
p += rbt->zonelen;
1917
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_SOA));
1918
2020-04-10
pjp
p += 2;
1919
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
1920
2020-04-10
pjp
p += 2;
1921
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
1922
2020-04-10
pjp
p += 4;
1923
2020-04-10
pjp
pack16(p, htons(((struct soa *)rrp->rdata)->nsserver_len + ((struct soa *)rrp->rdata)->rp_len + 4 + 4 + 4 + 4 + 4));
1924
2020-04-10
pjp
p += 2;
1925
2020-04-10
pjp
pack(p, ((struct soa *)rrp->rdata)->nsserver, ((struct soa *)rrp->rdata)->nsserver_len);
1926
2020-04-10
pjp
p += ((struct soa *)rrp->rdata)->nsserver_len;
1927
2020-04-10
pjp
pack(p, ((struct soa *)rrp->rdata)->responsible_person, ((struct soa *)rrp->rdata)->rp_len);
1928
2020-04-10
pjp
p += ((struct soa *)rrp->rdata)->rp_len;
1929
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->serial));
1930
2020-04-10
pjp
p += sizeof(u_int32_t);
1931
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->refresh));
1932
2020-04-10
pjp
p += sizeof(u_int32_t);
1933
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->retry));
1934
2020-04-10
pjp
p += sizeof(u_int32_t);
1935
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->expire));
1936
2020-04-10
pjp
p += sizeof(u_int32_t);
1937
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->minttl));
1938
2020-04-10
pjp
p += sizeof(u_int32_t);
1939
2020-04-10
pjp
1940
2020-04-10
pjp
keylen = (p - key);
1941
2020-04-10
pjp
1942
2020-04-10
pjp
#if 0
1943
2020-04-10
pjp
debug_bindump(key, keylen);
1944
2020-04-10
pjp
1945
2020-04-10
pjp
#endif
1946
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
1947
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
1948
2020-04-10
pjp
return -1;
1949
2020-04-10
pjp
}
1950
2020-04-10
pjp
1951
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
1952
2020-04-10
pjp
tmp[len] = '\0';
1953
2020-04-10
pjp
1954
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "SOA", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
1955
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
1956
2020-04-10
pjp
return -1;
1957
2020-04-10
pjp
}
1958
2020-04-10
pjp
1959
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
1960
2020-04-10
pjp
1961
2020-04-10
pjp
return 0;
1962
2020-04-10
pjp
}
1963
2020-04-10
pjp
1964
2020-04-10
pjp
/*
1965
2020-04-10
pjp
* create a RRSIG for a TXT record
1966
2020-04-10
pjp
*/
1967
2020-04-10
pjp
1968
2020-04-10
pjp
static int
1969
2020-04-10
pjp
sign_txt(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
1970
2020-04-10
pjp
{
1971
2020-04-10
pjp
struct rrset *rrset = NULL;
1972
2020-04-10
pjp
struct rr *rrp = NULL, *rrp2 = NULL;
1973
2020-04-10
pjp
struct keysentry **zsk_key;
1974
2020-04-10
pjp
1975
2020-04-10
pjp
char tmp[4096];
1976
2020-04-10
pjp
char signature[4096];
1977
2020-04-10
pjp
char shabuf[64];
1978
2020-04-10
pjp
1979
2020-04-10
pjp
1980
2020-04-10
pjp
char *dnsname;
1981
2020-04-10
pjp
char *p, *q;
1982
2020-04-10
pjp
char *key, *tmpkey = NULL;
1983
2020-04-10
pjp
char *zone;
1984
2020-04-10
pjp
1985
2020-04-10
pjp
uint32_t ttl;
1986
2020-04-10
pjp
uint16_t flags;
1987
2020-04-10
pjp
uint8_t protocol;
1988
2020-04-10
pjp
uint8_t algorithm;
1989
2020-04-10
pjp
1990
2020-04-10
pjp
int labellen;
1991
2020-04-10
pjp
int keyid;
1992
2020-04-10
pjp
int len;
1993
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
1994
2020-04-10
pjp
int labels;
1995
2020-04-10
pjp
int nzk = 0;
1996
2020-04-10
pjp
1997
2020-04-10
pjp
char timebuf[32];
1998
2020-04-10
pjp
struct tm tm;
1999
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2000
2020-04-10
pjp
2001
2020-04-10
pjp
TAILQ_HEAD(listhead, canonical) head;
2002
2020-04-10
pjp
2003
2020-04-10
pjp
struct canonical {
2004
2020-04-10
pjp
char *data;
2005
2020-04-10
pjp
int len;
2006
2020-04-10
pjp
TAILQ_ENTRY(canonical) entries;
2007
2020-04-10
pjp
} *c1, *c2, *cp;
2008
2020-04-10
pjp
2009
2020-04-10
pjp
2010
2020-04-10
pjp
TAILQ_INIT(&head);
2011
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2012
2020-04-10
pjp
2013
2020-04-10
pjp
key = malloc(10 * 4096);
2014
2020-04-10
pjp
if (key == NULL) {
2015
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2016
2020-04-10
pjp
return -1;
2017
2020-04-10
pjp
}
2018
2020-04-10
pjp
2019
2020-04-10
pjp
tmpkey = malloc(10 * 4096);
2020
2020-04-10
pjp
if (tmpkey == NULL) {
2021
2020-04-10
pjp
dolog(LOG_INFO, "tmpkey out of memory\n");
2022
2020-04-10
pjp
return -1;
2023
2020-04-10
pjp
}
2024
2020-04-10
pjp
2025
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2026
2020-04-10
pjp
if (zsk_key == NULL) {
2027
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2028
2020-04-10
pjp
return -1;
2029
2020-04-10
pjp
}
2030
2020-04-10
pjp
2031
2020-04-10
pjp
nzk = 0;
2032
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2033
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2034
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2035
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2036
2020-04-10
pjp
zsk_key[nzk++] = knp;
2037
2020-04-10
pjp
}
2038
2020-04-10
pjp
}
2039
2020-04-10
pjp
2040
2020-04-10
pjp
zsk_key[nzk] = NULL;
2041
2020-04-10
pjp
2042
2020-04-10
pjp
/* get the ZSK */
2043
2020-04-10
pjp
do {
2044
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2045
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2046
2020-04-10
pjp
return -1;
2047
2020-04-10
pjp
}
2048
2020-04-10
pjp
2049
2020-04-10
pjp
/* check the keytag supplied */
2050
2020-04-10
pjp
p = key;
2051
2020-04-10
pjp
pack16(p, htons(flags));
2052
2020-04-10
pjp
p += 2;
2053
2020-04-10
pjp
pack8(p, protocol);
2054
2020-04-10
pjp
p++;
2055
2020-04-10
pjp
pack8(p, algorithm);
2056
2020-04-10
pjp
p++;
2057
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2058
2020-04-10
pjp
pack(p, signature, keylen);
2059
2020-04-10
pjp
p += keylen;
2060
2020-04-10
pjp
keylen = (p - key);
2061
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2062
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2063
2020-04-10
pjp
return -1;
2064
2020-04-10
pjp
}
2065
2020-04-10
pjp
2066
2020-04-10
pjp
labels = label_count(rbt->zone);
2067
2020-04-10
pjp
if (labels < 0) {
2068
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2069
2020-04-10
pjp
return -1;
2070
2020-04-10
pjp
}
2071
2020-04-10
pjp
2072
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2073
2020-04-10
pjp
if (dnsname == NULL)
2074
2020-04-10
pjp
return -1;
2075
2020-04-10
pjp
2076
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_TXT)) != NULL) {
2077
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2078
2020-04-10
pjp
if (rrp == NULL) {
2079
2020-04-10
pjp
dolog(LOG_INFO, "no TXT records but have rrset entry!\n");
2080
2020-04-10
pjp
return -1;
2081
2020-04-10
pjp
}
2082
2020-04-10
pjp
} else {
2083
2020-04-10
pjp
dolog(LOG_INFO, "no TXT records\n");
2084
2020-04-10
pjp
return -1;
2085
2020-04-10
pjp
}
2086
2020-04-10
pjp
2087
2020-04-10
pjp
p = key;
2088
2020-04-10
pjp
2089
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_TXT));
2090
2020-04-10
pjp
p += 2;
2091
2020-04-10
pjp
pack8(p, algorithm);
2092
2020-04-10
pjp
p++;
2093
2020-04-10
pjp
pack8(p, labels);
2094
2020-04-10
pjp
p++;
2095
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2096
2020-04-10
pjp
p += sizeof(u_int32_t);
2097
2020-04-10
pjp
2098
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2099
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2100
2020-04-10
pjp
expiredon2 = timegm(&tm);
2101
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2102
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2103
2020-04-10
pjp
signedon2 = timegm(&tm);
2104
2020-04-10
pjp
2105
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2106
2020-04-10
pjp
p += 4;
2107
2020-04-10
pjp
pack32(p, htonl(signedon2));
2108
2020-04-10
pjp
p += 4;
2109
2020-04-10
pjp
pack16(p, htons(keyid));
2110
2020-04-10
pjp
p += 2;
2111
2020-04-10
pjp
pack(p, dnsname, labellen);
2112
2020-04-10
pjp
p += labellen;
2113
2020-04-10
pjp
2114
2020-04-10
pjp
TAILQ_FOREACH(rrp2, &rrset->rr_head, entries) {
2115
2020-04-10
pjp
q = tmpkey;
2116
2020-04-10
pjp
pack(q, rbt->zone, rbt->zonelen);
2117
2020-04-10
pjp
q += rbt->zonelen;
2118
2020-04-10
pjp
pack16(q, htons(DNS_TYPE_TXT));
2119
2020-04-10
pjp
q += 2;
2120
2020-04-10
pjp
pack16(q, htons(DNS_CLASS_IN));
2121
2020-04-10
pjp
q += 2;
2122
2020-04-10
pjp
/* the below uses rrp! because we can't have an rrsig differ */
2123
2020-05-07
pjp
pack32(q, htonl(rrset->ttl));
2124
2020-04-10
pjp
q += 4;
2125
2020-04-10
pjp
pack16(q, htons(((struct txt *)rrp2->rdata)->txtlen));
2126
2020-04-10
pjp
q += 2;
2127
2020-04-10
pjp
pack(q, (char *)((struct txt *)rrp2->rdata)->txt, ((struct txt *)rrp2->rdata)->txtlen);
2128
2020-04-10
pjp
q += ((struct txt *)rrp2->rdata)->txtlen;
2129
2020-04-10
pjp
2130
2020-04-10
pjp
c1 = malloc(sizeof(struct canonical));
2131
2020-04-10
pjp
if (c1 == NULL) {
2132
2020-04-10
pjp
dolog(LOG_INFO, "c1 out of memory\n");
2133
2020-04-10
pjp
return -1;
2134
2020-04-10
pjp
}
2135
2020-04-10
pjp
2136
2020-04-10
pjp
c1->len = (q - tmpkey);
2137
2020-04-10
pjp
c1->data = malloc(c1->len);
2138
2020-04-10
pjp
if (c1->data == NULL) {
2139
2020-04-10
pjp
dolog(LOG_INFO, "c1->data out of memory\n");
2140
2020-04-10
pjp
return -1;
2141
2020-04-10
pjp
}
2142
2020-04-10
pjp
2143
2020-04-10
pjp
memcpy(c1->data, tmpkey, c1->len);
2144
2020-04-10
pjp
2145
2020-04-10
pjp
if (TAILQ_EMPTY(&head))
2146
2020-04-10
pjp
TAILQ_INSERT_TAIL(&head, c1, entries);
2147
2020-04-10
pjp
else {
2148
2020-04-10
pjp
TAILQ_FOREACH(c2, &head, entries) {
2149
2020-04-10
pjp
if (c1->len < c2->len)
2150
2020-04-10
pjp
break;
2151
2020-04-10
pjp
else if (c2->len == c1->len &&
2152
2020-04-10
pjp
memcmp(c1->data, c2->data, c1->len) < 0)
2153
2020-04-10
pjp
break;
2154
2020-04-10
pjp
}
2155
2020-04-10
pjp
2156
2020-04-10
pjp
if (c2 != NULL)
2157
2020-04-10
pjp
TAILQ_INSERT_BEFORE(c2, c1, entries);
2158
2020-04-10
pjp
else
2159
2020-04-10
pjp
TAILQ_INSERT_TAIL(&head, c1, entries);
2160
2020-04-10
pjp
}
2161
2020-04-10
pjp
}
2162
2020-04-10
pjp
2163
2020-04-10
pjp
TAILQ_FOREACH_SAFE(c2, &head, entries, cp) {
2164
2020-04-10
pjp
pack(p, c2->data, c2->len);
2165
2020-04-10
pjp
p += c2->len;
2166
2020-04-10
pjp
2167
2020-04-10
pjp
TAILQ_REMOVE(&head, c2, entries);
2168
2020-04-10
pjp
}
2169
2020-04-10
pjp
2170
2020-04-10
pjp
keylen = (p - key);
2171
2020-04-10
pjp
2172
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2173
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2174
2020-04-10
pjp
return -1;
2175
2020-04-10
pjp
}
2176
2020-04-10
pjp
2177
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2178
2020-04-10
pjp
tmp[len] = '\0';
2179
2020-04-10
pjp
2180
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "TXT", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
2181
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2182
2020-04-10
pjp
return -1;
2183
2020-04-10
pjp
}
2184
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2185
2020-04-10
pjp
2186
2020-04-10
pjp
return 0;
2187
2020-04-10
pjp
}
2188
2020-04-10
pjp
2189
2020-04-10
pjp
/*
2190
2020-04-10
pjp
* create a RRSIG for an AAAA record
2191
2020-04-10
pjp
*/
2192
2020-04-10
pjp
static int
2193
2020-04-10
pjp
sign_aaaa(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2194
2020-04-10
pjp
{
2195
2020-04-10
pjp
struct rrset *rrset = NULL;
2196
2020-04-10
pjp
struct rr *rrp = NULL;
2197
2020-04-10
pjp
struct rr *rrp2 = NULL;
2198
2020-04-10
pjp
struct keysentry **zsk_key;
2199
2020-04-10
pjp
2200
2020-04-10
pjp
char tmp[4096];
2201
2020-04-10
pjp
char signature[4096];
2202
2020-04-10
pjp
char shabuf[64];
2203
2020-04-10
pjp
2204
2020-04-10
pjp
2205
2020-04-10
pjp
char *dnsname;
2206
2020-04-10
pjp
char *p, *q;
2207
2020-04-10
pjp
char *key, *tmpkey;
2208
2020-04-10
pjp
char *zone;
2209
2020-04-10
pjp
2210
2020-04-10
pjp
uint32_t ttl;
2211
2020-04-10
pjp
uint16_t flags;
2212
2020-04-10
pjp
uint8_t protocol;
2213
2020-04-10
pjp
uint8_t algorithm;
2214
2020-04-10
pjp
2215
2020-04-10
pjp
int labellen;
2216
2020-04-10
pjp
int keyid;
2217
2020-04-10
pjp
int len;
2218
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
2219
2020-04-10
pjp
int labels;
2220
2020-04-10
pjp
int nzk = 0;
2221
2020-04-10
pjp
2222
2020-04-10
pjp
char timebuf[32];
2223
2020-04-10
pjp
struct tm tm;
2224
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2225
2020-04-10
pjp
TAILQ_HEAD(listhead, canonical) head;
2226
2020-04-10
pjp
2227
2020-04-10
pjp
struct canonical {
2228
2020-04-10
pjp
char *data;
2229
2020-04-10
pjp
int len;
2230
2020-04-10
pjp
TAILQ_ENTRY(canonical) entries;
2231
2020-04-10
pjp
} *c1, *c2, *cp;
2232
2020-04-10
pjp
2233
2020-04-10
pjp
2234
2020-04-10
pjp
TAILQ_INIT(&head);
2235
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2236
2020-04-10
pjp
2237
2020-04-10
pjp
key = malloc(10 * 4096);
2238
2020-04-10
pjp
if (key == NULL) {
2239
2020-04-10
pjp
dolog(LOG_INFO, "key out of memory\n");
2240
2020-04-10
pjp
return -1;
2241
2020-04-10
pjp
}
2242
2020-04-10
pjp
tmpkey = malloc(10 * 4096);
2243
2020-04-10
pjp
if (tmpkey == NULL) {
2244
2020-04-10
pjp
dolog(LOG_INFO, "tmpkey out of memory\n");
2245
2020-04-10
pjp
return -1;
2246
2020-04-10
pjp
}
2247
2020-04-10
pjp
2248
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2249
2020-04-10
pjp
if (zsk_key == NULL) {
2250
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2251
2020-04-10
pjp
return -1;
2252
2020-04-10
pjp
}
2253
2020-04-10
pjp
2254
2020-04-10
pjp
nzk = 0;
2255
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2256
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2257
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2258
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2259
2020-04-10
pjp
zsk_key[nzk++] = knp;
2260
2020-04-10
pjp
}
2261
2020-04-10
pjp
}
2262
2020-04-10
pjp
2263
2020-04-10
pjp
zsk_key[nzk] = NULL;
2264
2020-04-10
pjp
2265
2020-04-10
pjp
/* get the ZSK */
2266
2020-04-10
pjp
do {
2267
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2268
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2269
2020-04-10
pjp
return -1;
2270
2020-04-10
pjp
}
2271
2020-04-10
pjp
2272
2020-04-10
pjp
/* check the keytag supplied */
2273
2020-04-10
pjp
p = key;
2274
2020-04-10
pjp
pack16(p, htons(flags));
2275
2020-04-10
pjp
p += 2;
2276
2020-04-10
pjp
pack8(p, protocol);
2277
2020-04-10
pjp
p++;
2278
2020-04-10
pjp
pack8(p, algorithm);
2279
2020-04-10
pjp
p++;
2280
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2281
2020-04-10
pjp
pack(p, signature, keylen);
2282
2020-04-10
pjp
p += keylen;
2283
2020-04-10
pjp
keylen = (p - key);
2284
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2285
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2286
2020-04-10
pjp
return -1;
2287
2020-04-10
pjp
}
2288
2020-04-10
pjp
2289
2020-04-10
pjp
labels = label_count(rbt->zone);
2290
2020-04-10
pjp
if (labels < 0) {
2291
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2292
2020-04-10
pjp
return -1;
2293
2020-04-10
pjp
}
2294
2020-04-10
pjp
2295
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2296
2020-04-10
pjp
if (dnsname == NULL)
2297
2020-04-10
pjp
return -1;
2298
2020-04-10
pjp
2299
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_AAAA)) != NULL) {
2300
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2301
2020-04-10
pjp
if (rrp == NULL) {
2302
2020-04-10
pjp
dolog(LOG_INFO, "no AAAA records but have flags!\n");
2303
2020-04-10
pjp
return -1;
2304
2020-04-10
pjp
}
2305
2020-04-10
pjp
} else {
2306
2020-04-10
pjp
dolog(LOG_INFO, "no AAAA records\n");
2307
2020-04-10
pjp
return -1;
2308
2020-04-10
pjp
}
2309
2020-04-10
pjp
2310
2020-04-10
pjp
p = key;
2311
2020-04-10
pjp
2312
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_AAAA));
2313
2020-04-10
pjp
p += 2;
2314
2020-04-10
pjp
pack8(p, algorithm);
2315
2020-04-10
pjp
p++;
2316
2020-04-10
pjp
pack8(p, labels);
2317
2020-04-10
pjp
p++;
2318
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2319
2020-04-10
pjp
p += 4;
2320
2020-04-10
pjp
2321
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2322
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2323
2020-04-10
pjp
expiredon2 = timegm(&tm);
2324
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2325
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2326
2020-04-10
pjp
signedon2 = timegm(&tm);
2327
2020-04-10
pjp
2328
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2329
2020-04-10
pjp
p += 4;
2330
2020-04-10
pjp
pack32(p, htonl(signedon2));
2331
2020-04-10
pjp
p += 4;
2332
2020-04-10
pjp
pack16(p, htons(keyid));
2333
2020-04-10
pjp
p += 2;
2334
2020-04-10
pjp
pack(p, dnsname, labellen);
2335
2020-04-10
pjp
p += labellen;
2336
2020-04-10
pjp
2337
2020-04-10
pjp
/* no signature here */
2338
2020-04-10
pjp
2339
2020-04-10
pjp
TAILQ_FOREACH(rrp2, &rrset->rr_head, entries) {
2340
2020-04-10
pjp
q = tmpkey;
2341
2020-04-10
pjp
pack(q, rbt->zone, rbt->zonelen);
2342
2020-04-10
pjp
q += rbt->zonelen;
2343
2020-04-10
pjp
pack16(q, htons(DNS_TYPE_AAAA));
2344
2020-04-10
pjp
q += 2;
2345
2020-04-10
pjp
pack16(q, htons(DNS_CLASS_IN));
2346
2020-04-10
pjp
q += 2;
2347
2020-04-10
pjp
/* the below uses rrp! because we can't have an rrsig differ */
2348
2020-05-07
pjp
pack32(q, htonl(rrset->ttl));
2349
2020-04-10
pjp
q += 4;
2350
2020-04-10
pjp
pack16(q, htons(sizeof(struct in6_addr)));
2351
2020-04-10
pjp
q += 2;
2352
2020-04-10
pjp
pack(q, (char *)&((struct aaaa *)rrp2->rdata)->aaaa, sizeof(struct in6_addr));
2353
2020-04-10
pjp
q += sizeof(struct in6_addr);
2354
2020-04-10
pjp
2355
2020-04-10
pjp
c1 = malloc(sizeof(struct canonical));
2356
2020-04-10
pjp
if (c1 == NULL) {
2357
2020-04-10
pjp
dolog(LOG_INFO, "c1 out of memory\n");
2358
2020-04-10
pjp
return -1;
2359
2020-04-10
pjp
}
2360
2020-04-10
pjp
2361
2020-04-10
pjp
c1->len = (q - tmpkey);
2362
2020-04-10
pjp
c1->data = malloc(c1->len);
2363
2020-04-10
pjp
if (c1->data == NULL) {
2364
2020-04-10
pjp
dolog(LOG_INFO, "c1->data out of memory\n");
2365
2020-04-10
pjp
return -1;
2366
2020-04-10
pjp
}
2367
2020-04-10
pjp
2368
2020-04-10
pjp
memcpy(c1->data, tmpkey, c1->len);
2369
2020-04-10
pjp
2370
2020-04-10
pjp
if (TAILQ_EMPTY(&head))
2371
2020-04-10
pjp
TAILQ_INSERT_TAIL(&head, c1, entries);
2372
2020-04-10
pjp
else {
2373
2020-04-10
pjp
TAILQ_FOREACH(c2, &head, entries) {
2374
2020-04-10
pjp
if (c1->len < c2->len)
2375
2020-04-10
pjp
break;
2376
2020-04-10
pjp
else if (c2->len == c1->len &&
2377
2020-04-10
pjp
memcmp(c1->data, c2->data, c1->len) < 0)
2378
2020-04-10
pjp
break;
2379
2020-04-10
pjp
}
2380
2020-04-10
pjp
2381
2020-04-10
pjp
if (c2 != NULL)
2382
2020-04-10
pjp
TAILQ_INSERT_BEFORE(c2, c1, entries);
2383
2020-04-10
pjp
else
2384
2020-04-10
pjp
TAILQ_INSERT_TAIL(&head, c1, entries);
2385
2020-04-10
pjp
}
2386
2020-04-10
pjp
}
2387
2020-04-10
pjp
2388
2020-04-10
pjp
TAILQ_FOREACH_SAFE(c2, &head, entries, cp) {
2389
2020-04-10
pjp
pack(p, c2->data, c2->len);
2390
2020-04-10
pjp
p += c2->len;
2391
2020-04-10
pjp
2392
2020-04-10
pjp
TAILQ_REMOVE(&head, c2, entries);
2393
2020-04-10
pjp
}
2394
2020-04-10
pjp
2395
2020-04-10
pjp
keylen = (p - key);
2396
2020-04-10
pjp
2397
2020-04-10
pjp
#if 0
2398
2020-04-10
pjp
debug_bindump(key, keylen);
2399
2020-04-10
pjp
#endif
2400
2020-04-10
pjp
2401
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2402
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2403
2020-04-10
pjp
return -1;
2404
2020-04-10
pjp
}
2405
2020-04-10
pjp
2406
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2407
2020-04-10
pjp
tmp[len] = '\0';
2408
2020-04-10
pjp
2409
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "AAAA", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
2410
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2411
2020-04-10
pjp
return -1;
2412
2020-04-10
pjp
}
2413
2020-04-10
pjp
2414
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2415
2020-04-10
pjp
2416
2020-04-10
pjp
return 0;
2417
2020-04-10
pjp
}
2418
2020-04-10
pjp
2419
2020-04-10
pjp
/*
2420
2020-04-10
pjp
* create a RRSIG for an NSEC3 record
2421
2020-04-10
pjp
*/
2422
2020-04-10
pjp
2423
2020-04-10
pjp
static int
2424
2020-04-10
pjp
sign_nsec3(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2425
2020-04-10
pjp
{
2426
2020-04-10
pjp
struct rrset *rrset = NULL;
2427
2020-04-10
pjp
struct rr *rrp = NULL;
2428
2020-04-10
pjp
struct keysentry **zsk_key;
2429
2020-04-10
pjp
2430
2020-04-10
pjp
char tmp[4096];
2431
2020-04-10
pjp
char signature[4096];
2432
2020-04-10
pjp
char shabuf[64];
2433
2020-04-10
pjp
2434
2020-04-10
pjp
2435
2020-04-10
pjp
char *dnsname;
2436
2020-04-10
pjp
char *p;
2437
2020-04-10
pjp
char *key;
2438
2020-04-10
pjp
char *zone;
2439
2020-04-10
pjp
2440
2020-04-10
pjp
uint32_t ttl;
2441
2020-04-10
pjp
uint16_t flags;
2442
2020-04-10
pjp
uint8_t protocol;
2443
2020-04-10
pjp
uint8_t algorithm;
2444
2020-04-10
pjp
2445
2020-04-10
pjp
int labellen;
2446
2020-04-10
pjp
int keyid;
2447
2020-04-10
pjp
int len;
2448
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
2449
2020-04-10
pjp
int labels;
2450
2020-04-10
pjp
int nzk = 0;
2451
2020-04-10
pjp
2452
2020-04-10
pjp
char timebuf[32];
2453
2020-04-10
pjp
struct tm tm;
2454
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2455
2020-04-10
pjp
2456
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2457
2020-04-10
pjp
2458
2020-04-10
pjp
key = malloc(10 * 4096);
2459
2020-04-10
pjp
if (key == NULL) {
2460
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2461
2020-04-10
pjp
return -1;
2462
2020-04-10
pjp
}
2463
2020-04-10
pjp
2464
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2465
2020-04-10
pjp
if (zsk_key == NULL) {
2466
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2467
2020-04-10
pjp
return -1;
2468
2020-04-10
pjp
}
2469
2020-04-10
pjp
2470
2020-04-10
pjp
nzk = 0;
2471
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2472
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2473
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2474
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2475
2020-04-10
pjp
zsk_key[nzk++] = knp;
2476
2020-04-10
pjp
}
2477
2020-04-10
pjp
}
2478
2020-04-10
pjp
2479
2020-04-10
pjp
zsk_key[nzk] = NULL;
2480
2020-04-10
pjp
2481
2020-04-10
pjp
/* get the ZSK */
2482
2020-04-10
pjp
do {
2483
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2484
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2485
2020-04-10
pjp
return -1;
2486
2020-04-10
pjp
}
2487
2020-04-10
pjp
2488
2020-04-10
pjp
/* check the keytag supplied */
2489
2020-04-10
pjp
p = key;
2490
2020-04-10
pjp
pack16(p, htons(flags));
2491
2020-04-10
pjp
p += 2;
2492
2020-04-10
pjp
pack8(p, protocol);
2493
2020-04-10
pjp
p++;
2494
2020-04-10
pjp
pack8(p, algorithm);
2495
2020-04-10
pjp
p++;
2496
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2497
2020-04-10
pjp
pack(p, signature, keylen);
2498
2020-04-10
pjp
p += keylen;
2499
2020-04-10
pjp
keylen = (p - key);
2500
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2501
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2502
2020-04-10
pjp
return -1;
2503
2020-04-10
pjp
}
2504
2020-04-10
pjp
2505
2020-04-10
pjp
labels = label_count(rbt->zone);
2506
2020-04-10
pjp
if (labels < 0) {
2507
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2508
2020-04-10
pjp
return -1;
2509
2020-04-10
pjp
}
2510
2020-04-10
pjp
2511
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2512
2020-04-10
pjp
if (dnsname == NULL)
2513
2020-04-10
pjp
return -1;
2514
2020-04-10
pjp
2515
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3)) != NULL) {
2516
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2517
2020-04-10
pjp
if (rrp == NULL) {
2518
2020-04-10
pjp
dolog(LOG_INFO, "no NSEC3 records but have flags!\n");
2519
2020-04-10
pjp
return -1;
2520
2020-04-10
pjp
}
2521
2020-04-10
pjp
} else {
2522
2020-04-10
pjp
dolog(LOG_INFO, "no NSEC3 records\n");
2523
2020-04-10
pjp
return -1;
2524
2020-04-10
pjp
}
2525
2020-04-10
pjp
2526
2020-04-10
pjp
p = key;
2527
2020-04-10
pjp
2528
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_NSEC3));
2529
2020-04-10
pjp
p += 2;
2530
2020-04-10
pjp
pack8(p, algorithm);
2531
2020-04-10
pjp
p++;
2532
2020-04-10
pjp
pack8(p, labels);
2533
2020-04-10
pjp
p++;
2534
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2535
2020-04-10
pjp
p += 4;
2536
2020-04-10
pjp
2537
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2538
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2539
2020-04-10
pjp
expiredon2 = timegm(&tm);
2540
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2541
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2542
2020-04-10
pjp
signedon2 = timegm(&tm);
2543
2020-04-10
pjp
2544
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2545
2020-04-10
pjp
p += 4;
2546
2020-04-10
pjp
pack32(p, htonl(signedon2));
2547
2020-04-10
pjp
p += 4;
2548
2020-04-10
pjp
pack16(p, htons(keyid));
2549
2020-04-10
pjp
p += 2;
2550
2020-04-10
pjp
pack(p, dnsname, labellen);
2551
2020-04-10
pjp
p += labellen;
2552
2020-04-10
pjp
2553
2020-04-10
pjp
/* no signature here */
2554
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
2555
2020-04-10
pjp
2556
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
2557
2020-04-10
pjp
p += rbt->zonelen;
2558
2020-04-10
pjp
2559
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_NSEC3));
2560
2020-04-10
pjp
p += 2;
2561
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
2562
2020-04-10
pjp
p += 2;
2563
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2564
2020-04-10
pjp
p += 4;
2565
2020-04-10
pjp
pack16(p, htons(1 + 1 + 2 + 1 + ((struct nsec3 *)rrp->rdata)->saltlen + 1 + ((struct nsec3 *)rrp->rdata)->nextlen + ((struct nsec3 *)rrp->rdata)->bitmap_len));
2566
2020-04-10
pjp
p += 2;
2567
2020-04-10
pjp
pack8(p, ((struct nsec3 *)rrp->rdata)->algorithm);
2568
2020-04-10
pjp
p++;
2569
2020-04-10
pjp
pack8(p, ((struct nsec3 *)rrp->rdata)->flags);
2570
2020-04-10
pjp
p++;
2571
2020-04-10
pjp
pack16(p, htons(((struct nsec3 *)rrp->rdata)->iterations));
2572
2020-04-10
pjp
p += 2;
2573
2020-04-10
pjp
2574
2020-04-10
pjp
pack8(p, ((struct nsec3 *)rrp->rdata)->saltlen);
2575
2020-04-10
pjp
p++;
2576
2020-04-10
pjp
2577
2020-04-10
pjp
if (((struct nsec3 *)rrp->rdata)->saltlen) {
2578
2020-04-10
pjp
pack(p, ((struct nsec3 *)rrp->rdata)->salt, ((struct nsec3 *)rrp->rdata)->saltlen);
2579
2020-04-10
pjp
p += ((struct nsec3 *)rrp->rdata)->saltlen;
2580
2020-04-10
pjp
}
2581
2020-04-10
pjp
2582
2020-04-10
pjp
pack8(p, ((struct nsec3 *)rrp->rdata)->nextlen);
2583
2020-04-10
pjp
p++;
2584
2020-04-10
pjp
pack(p, ((struct nsec3 *)rrp->rdata)->next, ((struct nsec3 *)rrp->rdata)->nextlen);
2585
2020-04-10
pjp
p += ((struct nsec3 *)rrp->rdata)->nextlen;
2586
2020-04-10
pjp
if (((struct nsec3 *)rrp->rdata)->bitmap_len) {
2587
2020-04-10
pjp
pack(p, ((struct nsec3 *)rrp->rdata)->bitmap, ((struct nsec3 *)rrp->rdata)->bitmap_len);
2588
2020-04-10
pjp
p += ((struct nsec3 *)rrp->rdata)->bitmap_len;
2589
2020-04-10
pjp
}
2590
2020-04-10
pjp
2591
2020-04-10
pjp
keylen = (p - key);
2592
2020-04-10
pjp
2593
2020-04-10
pjp
#if 0
2594
2020-04-10
pjp
debug_bindump(key, keylen);
2595
2020-04-10
pjp
#endif
2596
2020-04-10
pjp
2597
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2598
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2599
2020-04-10
pjp
return -1;
2600
2020-04-10
pjp
}
2601
2020-04-10
pjp
2602
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2603
2020-04-10
pjp
tmp[len] = '\0';
2604
2020-04-10
pjp
2605
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "NSEC3", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
2606
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2607
2020-04-10
pjp
return -1;
2608
2020-04-10
pjp
}
2609
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2610
2020-04-10
pjp
2611
2020-04-10
pjp
return 0;
2612
2020-04-10
pjp
}
2613
2020-04-10
pjp
2614
2020-04-10
pjp
2615
2020-04-10
pjp
/*
2616
2020-04-10
pjp
* create a RRSIG for an NSEC3PARAM record
2617
2020-04-10
pjp
*/
2618
2020-04-10
pjp
2619
2020-04-10
pjp
static int
2620
2020-04-10
pjp
sign_nsec3param(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2621
2020-04-10
pjp
{
2622
2020-04-10
pjp
struct rrset *rrset = NULL;
2623
2020-04-10
pjp
struct rr *rrp = NULL;
2624
2020-04-10
pjp
struct keysentry **zsk_key;
2625
2020-04-10
pjp
2626
2020-04-10
pjp
char tmp[4096];
2627
2020-04-10
pjp
char signature[4096];
2628
2020-04-10
pjp
char shabuf[64];
2629
2020-04-10
pjp
2630
2020-04-10
pjp
2631
2020-04-10
pjp
char *dnsname;
2632
2020-04-10
pjp
char *p;
2633
2020-04-10
pjp
char *key;
2634
2020-04-10
pjp
char *zone;
2635
2020-04-10
pjp
2636
2020-04-10
pjp
uint32_t ttl;
2637
2020-04-10
pjp
uint16_t flags;
2638
2020-04-10
pjp
uint8_t protocol;
2639
2020-04-10
pjp
uint8_t algorithm;
2640
2020-04-10
pjp
2641
2020-04-10
pjp
int labellen;
2642
2020-04-10
pjp
int keyid;
2643
2020-04-10
pjp
int len;
2644
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
2645
2020-04-10
pjp
int labels;
2646
2020-04-10
pjp
int nzk = 0;
2647
2020-04-10
pjp
2648
2020-04-10
pjp
char timebuf[32];
2649
2020-04-10
pjp
struct tm tm;
2650
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2651
2020-04-10
pjp
2652
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2653
2020-04-10
pjp
2654
2020-04-10
pjp
key = malloc(10 * 4096);
2655
2020-04-10
pjp
if (key == NULL) {
2656
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2657
2020-04-10
pjp
return -1;
2658
2020-04-10
pjp
}
2659
2020-04-10
pjp
2660
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2661
2020-04-10
pjp
if (zsk_key == NULL) {
2662
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2663
2020-04-10
pjp
return -1;
2664
2020-04-10
pjp
}
2665
2020-04-10
pjp
2666
2020-04-10
pjp
nzk = 0;
2667
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2668
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2669
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2670
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2671
2020-04-10
pjp
zsk_key[nzk++] = knp;
2672
2020-04-10
pjp
}
2673
2020-04-10
pjp
}
2674
2020-04-10
pjp
2675
2020-04-10
pjp
zsk_key[nzk] = NULL;
2676
2020-04-10
pjp
2677
2020-04-10
pjp
/* get the ZSK */
2678
2020-04-10
pjp
do {
2679
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2680
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2681
2020-04-10
pjp
return -1;
2682
2020-04-10
pjp
}
2683
2020-04-10
pjp
2684
2020-04-10
pjp
/* check the keytag supplied */
2685
2020-04-10
pjp
p = key;
2686
2020-04-10
pjp
pack16(p, htons(flags));
2687
2020-04-10
pjp
p += 2;
2688
2020-04-10
pjp
pack8(p, protocol);
2689
2020-04-10
pjp
p++;
2690
2020-04-10
pjp
pack8(p, algorithm);
2691
2020-04-10
pjp
p++;
2692
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2693
2020-04-10
pjp
pack(p, signature, keylen);
2694
2020-04-10
pjp
p += keylen;
2695
2020-04-10
pjp
keylen = (p - key);
2696
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2697
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2698
2020-04-10
pjp
return -1;
2699
2020-04-10
pjp
}
2700
2020-04-10
pjp
2701
2020-04-10
pjp
labels = label_count(rbt->zone);
2702
2020-04-10
pjp
if (labels < 0) {
2703
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2704
2020-04-10
pjp
return -1;
2705
2020-04-10
pjp
}
2706
2020-04-10
pjp
2707
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2708
2020-04-10
pjp
if (dnsname == NULL)
2709
2020-04-10
pjp
return -1;
2710
2020-04-10
pjp
2711
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3PARAM)) != NULL) {
2712
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2713
2020-04-10
pjp
if (rrp == NULL) {
2714
2020-04-10
pjp
dolog(LOG_INFO, "no NSEC3PARAM records but have flags!\n");
2715
2020-04-10
pjp
return -1;
2716
2020-04-10
pjp
}
2717
2020-04-10
pjp
} else {
2718
2020-04-10
pjp
dolog(LOG_INFO, "no NSEC3PARAM records\n");
2719
2020-04-10
pjp
return -1;
2720
2020-04-10
pjp
}
2721
2020-04-10
pjp
2722
2020-04-10
pjp
p = key;
2723
2020-04-10
pjp
2724
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_NSEC3PARAM));
2725
2020-04-10
pjp
p += 2;
2726
2020-04-10
pjp
pack8(p, algorithm);
2727
2020-04-10
pjp
p++;
2728
2020-04-10
pjp
pack8(p, labels);
2729
2020-04-10
pjp
p++;
2730
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2731
2020-04-10
pjp
p += 4;
2732
2020-04-10
pjp
2733
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2734
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2735
2020-04-10
pjp
expiredon2 = timegm(&tm);
2736
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2737
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2738
2020-04-10
pjp
signedon2 = timegm(&tm);
2739
2020-04-10
pjp
2740
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2741
2020-04-10
pjp
p += 4;
2742
2020-04-10
pjp
pack32(p, htonl(signedon2));
2743
2020-04-10
pjp
p += 4;
2744
2020-04-10
pjp
pack16(p, htons(keyid));
2745
2020-04-10
pjp
p += 2;
2746
2020-04-10
pjp
pack(p, dnsname, labellen);
2747
2020-04-10
pjp
p += labellen;
2748
2020-04-10
pjp
2749
2020-04-10
pjp
/* no signature here */
2750
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
2751
2020-04-10
pjp
2752
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
2753
2020-04-10
pjp
p += rbt->zonelen;
2754
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_NSEC3PARAM));
2755
2020-04-10
pjp
p += 2;
2756
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
2757
2020-04-10
pjp
p += 2;
2758
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2759
2020-04-10
pjp
p += 4;
2760
2020-04-10
pjp
pack16(p, htons(1 + 1 + 2 + 1 + ((struct nsec3param *)rrp->rdata)->saltlen));
2761
2020-04-10
pjp
p += 2;
2762
2020-04-10
pjp
pack8(p, ((struct nsec3param *)rrp->rdata)->algorithm);
2763
2020-04-10
pjp
p++;
2764
2020-04-10
pjp
pack8(p, ((struct nsec3param *)rrp->rdata)->flags);
2765
2020-04-10
pjp
p++;
2766
2020-04-10
pjp
pack16(p, htons(((struct nsec3param *)rrp->rdata)->iterations));
2767
2020-04-10
pjp
p += 2;
2768
2020-04-10
pjp
2769
2020-04-10
pjp
pack8(p, ((struct nsec3param *)rrp->rdata)->saltlen);
2770
2020-04-10
pjp
p++;
2771
2020-04-10
pjp
2772
2020-04-10
pjp
if (((struct nsec3param *)rrp->rdata)->saltlen) {
2773
2020-04-10
pjp
pack(p, ((struct nsec3param *)rrp->rdata)->salt, ((struct nsec3param *)rrp->rdata)->saltlen);
2774
2020-04-10
pjp
p += ((struct nsec3param *)rrp->rdata)->saltlen;
2775
2020-04-10
pjp
}
2776
2020-04-10
pjp
2777
2020-04-10
pjp
keylen = (p - key);
2778
2020-04-10
pjp
2779
2020-04-10
pjp
#if 0
2780
2020-04-10
pjp
debug_bindump(key, keylen);
2781
2020-04-10
pjp
#endif
2782
2020-04-10
pjp
2783
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2784
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2785
2020-04-10
pjp
return -1;
2786
2020-04-10
pjp
}
2787
2020-04-10
pjp
2788
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2789
2020-04-10
pjp
tmp[len] = '\0';
2790
2020-04-10
pjp
2791
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", 0, "NSEC3PARAM", algorithm, labels, 0, expiredon, signedon, keyid, zonename, tmp) < 0) {
2792
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2793
2020-04-10
pjp
return -1;
2794
2020-04-10
pjp
}
2795
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2796
2020-04-10
pjp
2797
2020-04-10
pjp
return 0;
2798
2020-04-10
pjp
}
2799
2020-04-10
pjp
2800
2020-04-10
pjp
/*
2801
2020-04-10
pjp
* create a RRSIG for a CNAME record
2802
2020-04-10
pjp
*/
2803
2020-04-10
pjp
2804
2020-04-10
pjp
static int
2805
2020-04-10
pjp
sign_cname(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2806
2020-04-10
pjp
{
2807
2020-04-10
pjp
struct rrset *rrset = NULL;
2808
2020-04-10
pjp
struct rr *rrp = NULL;
2809
2020-04-10
pjp
struct keysentry **zsk_key;
2810
2020-04-10
pjp
2811
2020-04-10
pjp
char tmp[4096];
2812
2020-04-10
pjp
char signature[4096];
2813
2020-04-10
pjp
char shabuf[64];
2814
2020-04-10
pjp
2815
2020-04-10
pjp
2816
2020-04-10
pjp
char *dnsname;
2817
2020-04-10
pjp
char *p;
2818
2020-04-10
pjp
char *key;
2819
2020-04-10
pjp
char *zone;
2820
2020-04-10
pjp
2821
2020-04-10
pjp
uint32_t ttl;
2822
2020-04-10
pjp
uint16_t flags;
2823
2020-04-10
pjp
uint8_t protocol;
2824
2020-04-10
pjp
uint8_t algorithm;
2825
2020-04-10
pjp
2826
2020-04-10
pjp
int labellen;
2827
2020-04-10
pjp
int keyid;
2828
2020-04-10
pjp
int len;
2829
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
2830
2020-04-10
pjp
int labels;
2831
2020-04-10
pjp
int nzk = 0;
2832
2020-04-10
pjp
2833
2020-04-10
pjp
char timebuf[32];
2834
2020-04-10
pjp
struct tm tm;
2835
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2836
2020-04-10
pjp
2837
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2838
2020-04-10
pjp
2839
2020-04-10
pjp
key = malloc(10 * 4096);
2840
2020-04-10
pjp
if (key == NULL) {
2841
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2842
2020-04-10
pjp
return -1;
2843
2020-04-10
pjp
}
2844
2020-04-10
pjp
2845
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2846
2020-04-10
pjp
if (zsk_key == NULL) {
2847
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2848
2020-04-10
pjp
return -1;
2849
2020-04-10
pjp
}
2850
2020-04-10
pjp
2851
2020-04-10
pjp
nzk = 0;
2852
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2853
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2854
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2855
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2856
2020-04-10
pjp
zsk_key[nzk++] = knp;
2857
2020-04-10
pjp
}
2858
2020-04-10
pjp
}
2859
2020-04-10
pjp
2860
2020-04-10
pjp
zsk_key[nzk] = NULL;
2861
2020-04-10
pjp
2862
2020-04-10
pjp
/* get the ZSK */
2863
2020-04-10
pjp
do {
2864
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2865
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2866
2020-04-10
pjp
return -1;
2867
2020-04-10
pjp
}
2868
2020-04-10
pjp
2869
2020-04-10
pjp
/* check the keytag supplied */
2870
2020-04-10
pjp
p = key;
2871
2020-04-10
pjp
pack16(p, htons(flags));
2872
2020-04-10
pjp
p += 2;
2873
2020-04-10
pjp
pack8(p, protocol);
2874
2020-04-10
pjp
p++;
2875
2020-04-10
pjp
pack8(p, algorithm);
2876
2020-04-10
pjp
p++;
2877
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2878
2020-04-10
pjp
pack(p, signature, keylen);
2879
2020-04-10
pjp
p += keylen;
2880
2020-04-10
pjp
keylen = (p - key);
2881
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2882
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2883
2020-04-10
pjp
return -1;
2884
2020-04-10
pjp
}
2885
2020-04-10
pjp
2886
2020-04-10
pjp
labels = label_count(rbt->zone);
2887
2020-04-10
pjp
if (labels < 0) {
2888
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2889
2020-04-10
pjp
return -1;
2890
2020-04-10
pjp
}
2891
2020-04-10
pjp
2892
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2893
2020-04-10
pjp
if (dnsname == NULL)
2894
2020-04-10
pjp
return -1;
2895
2020-04-10
pjp
2896
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_CNAME)) != NULL) {
2897
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2898
2020-04-10
pjp
if (rrp == NULL) {
2899
2020-04-10
pjp
dolog(LOG_INFO, "no CNAME records but have flags!\n");
2900
2020-04-10
pjp
return -1;
2901
2020-04-10
pjp
}
2902
2020-04-10
pjp
} else {
2903
2020-04-10
pjp
dolog(LOG_INFO, "no CNAME records\n");
2904
2020-04-10
pjp
return -1;
2905
2020-04-10
pjp
2906
2020-04-10
pjp
}
2907
2020-04-10
pjp
2908
2020-04-10
pjp
p = key;
2909
2020-04-10
pjp
2910
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_CNAME));
2911
2020-04-10
pjp
p += 2;
2912
2020-04-10
pjp
pack8(p, algorithm);
2913
2020-04-10
pjp
p++;
2914
2020-04-10
pjp
pack8(p, labels);
2915
2020-04-10
pjp
p++;
2916
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2917
2020-04-10
pjp
p += 4;
2918
2020-04-10
pjp
2919
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2920
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2921
2020-04-10
pjp
expiredon2 = timegm(&tm);
2922
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2923
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2924
2020-04-10
pjp
signedon2 = timegm(&tm);
2925
2020-04-10
pjp
2926
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2927
2020-04-10
pjp
p += 4;
2928
2020-04-10
pjp
pack32(p, htonl(signedon2));
2929
2020-04-10
pjp
p += 4;
2930
2020-04-10
pjp
pack16(p, htons(keyid));
2931
2020-04-10
pjp
p += 2;
2932
2020-04-10
pjp
pack(p, dnsname, labellen);
2933
2020-04-10
pjp
p += labellen;
2934
2020-04-10
pjp
2935
2020-04-10
pjp
/* no signature here */
2936
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
2937
2020-04-10
pjp
2938
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
2939
2020-04-10
pjp
p += rbt->zonelen;
2940
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_CNAME));
2941
2020-04-10
pjp
p += 2;
2942
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
2943
2020-04-10
pjp
p += 2;
2944
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2945
2020-04-10
pjp
p += 4;
2946
2020-04-10
pjp
pack16(p, htons(((struct cname *)rrp->rdata)->cnamelen));
2947
2020-04-10
pjp
p += 2;
2948
2020-04-10
pjp
pack(p, ((struct cname *)rrp->rdata)->cname, ((struct cname *)rrp->rdata)->cnamelen);
2949
2020-04-10
pjp
p += ((struct cname *)rrp->rdata)->cnamelen;
2950
2020-04-10
pjp
2951
2020-04-10
pjp
keylen = (p - key);
2952
2020-04-10
pjp
2953
2020-04-10
pjp
#if 0
2954
2020-04-10
pjp
debug_bindump(key, keylen);
2955
2020-04-10
pjp
#endif
2956
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2957
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2958
2020-04-10
pjp
return -1;
2959
2020-04-10
pjp
}
2960
2020-04-10
pjp
2961
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2962
2020-04-10
pjp
tmp[len] = '\0';
2963
2020-04-10
pjp
2964
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "CNAME", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
2965
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2966
2020-04-10
pjp
return -1;
2967
2020-04-10
pjp
}
2968
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2969
2020-04-10
pjp
2970
2020-04-10
pjp
return 0;
2971
2020-04-10
pjp
}
2972
2020-04-10
pjp
2973
2020-04-10
pjp
/*
2974
2020-04-10
pjp
* create a RRSIG for an NS record
2975
2020-04-10
pjp
*/
2976
2020-04-10
pjp
2977
2020-04-10
pjp
static int
2978
2020-04-10
pjp
sign_ptr(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2979
2020-04-10
pjp
{
2980
2020-04-10
pjp
struct rrset *rrset = NULL;
2981
2020-04-10
pjp
struct rr *rrp = NULL;
2982
2020-04-10
pjp
struct keysentry **zsk_key;
2983
2020-04-10
pjp
2984
2020-04-10
pjp
char tmp[4096];
2985
2020-04-10
pjp
char signature[4096];
2986
2020-04-10
pjp
char shabuf[64];
2987
2020-04-10
pjp
2988
2020-04-10
pjp
2989
2020-04-10
pjp
char *dnsname;
2990
2020-04-10
pjp
char *p;
2991
2020-04-10
pjp
char *key;
2992
2020-04-10
pjp
char *zone;
2993
2020-04-10
pjp
2994
2020-04-10
pjp
uint32_t ttl;
2995
2020-04-10
pjp
uint16_t flags;
2996
2020-04-10
pjp
uint8_t protocol;
2997
2020-04-10
pjp
uint8_t algorithm;
2998
2020-04-10
pjp
2999
2020-04-10
pjp
int labellen;
3000
2020-04-10
pjp
int keyid;
3001
2020-04-10
pjp
int len;
3002
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
3003
2020-04-10
pjp
int labels;
3004
2020-04-10
pjp
int nzk = 0;
3005
2020-04-10
pjp
3006
2020-04-10
pjp
char timebuf[32];
3007
2020-04-10
pjp
struct tm tm;
3008
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
3009
2020-04-10
pjp
3010
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
3011
2020-04-10
pjp
3012
2020-04-10
pjp
key = malloc(10 * 4096);
3013
2020-04-10
pjp
if (key == NULL) {
3014
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
3015
2020-04-10
pjp
return -1;
3016
2020-04-10
pjp
}
3017
2020-04-10
pjp
3018
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
3019
2020-04-10
pjp
if (zsk_key == NULL) {
3020
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
3021
2020-04-10
pjp
return -1;
3022
2020-04-10
pjp
}
3023
2020-04-10
pjp
3024
2020-04-10
pjp
nzk = 0;
3025
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
3026
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
3027
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
3028
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
3029
2020-04-10
pjp
zsk_key[nzk++] = knp;
3030
2020-04-10
pjp
}
3031
2020-04-10
pjp
}
3032
2020-04-10
pjp
3033
2020-04-10
pjp
zsk_key[nzk] = NULL;
3034
2020-04-10
pjp
3035
2020-04-10
pjp
/* get the ZSK */
3036
2020-04-10
pjp
do {
3037
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
3038
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
3039
2020-04-10
pjp
return -1;
3040
2020-04-10
pjp
}
3041
2020-04-10
pjp
3042
2020-04-10
pjp
/* check the keytag supplied */
3043
2020-04-10
pjp
p = key;
3044
2020-04-10
pjp
pack16(p, htons(flags));
3045
2020-04-10
pjp
p += 2;
3046
2020-04-10
pjp
pack8(p, protocol);
3047
2020-04-10
pjp
p++;
3048
2020-04-10
pjp
pack8(p, algorithm);
3049
2020-04-10
pjp
p++;
3050
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
3051
2020-04-10
pjp
pack(p, signature, keylen);
3052
2020-04-10
pjp
p += keylen;
3053
2020-04-10
pjp
keylen = (p - key);
3054
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
3055
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
3056
2020-04-10
pjp
return -1;
3057
2020-04-10
pjp
}
3058
2020-04-10
pjp
3059
2020-04-10
pjp
labels = label_count(rbt->zone);
3060
2020-04-10
pjp
if (labels < 0) {
3061
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
3062
2020-04-10
pjp
return -1;
3063
2020-04-10
pjp
}
3064
2020-04-10
pjp
3065
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
3066
2020-04-10
pjp
if (dnsname == NULL)
3067
2020-04-10
pjp
return -1;
3068
2020-04-10
pjp
3069
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_PTR)) != NULL) {
3070
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
3071
2020-04-10
pjp
if (rrp == NULL) {
3072
2020-04-10
pjp
dolog(LOG_INFO, "no PTR records but have flags!\n");
3073
2020-04-10
pjp
return -1;
3074
2020-04-10
pjp
}
3075
2020-04-10
pjp
} else {
3076
2020-04-10
pjp
dolog(LOG_INFO, "no PTR records\n");
3077
2020-04-10
pjp
return -1;
3078
2020-04-10
pjp
}
3079
2020-04-10
pjp
3080
2020-04-10
pjp
3081
2020-04-10
pjp
p = key;
3082
2020-04-10
pjp
3083
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_PTR));
3084
2020-04-10
pjp
p += 2;
3085
2020-04-10
pjp
pack8(p, algorithm);
3086
2020-04-10
pjp
p++;
3087
2020-04-10
pjp
pack8(p, labels);
3088
2020-04-10
pjp
p++;
3089
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
3090
2020-04-10
pjp
p += 4;
3091
2020-04-10
pjp
3092
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
3093
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
3094
2020-04-10
pjp
expiredon2 = timegm(&tm);
3095
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
3096
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
3097
2020-04-10
pjp
signedon2 = timegm(&tm);
3098
2020-04-10
pjp
3099
2020-04-10
pjp
pack32(p, htonl(expiredon2));
3100
2020-04-10
pjp
p += 4;
3101
2020-04-10
pjp
pack32(p, htonl(signedon2));
3102
2020-04-10
pjp
p += 4;
3103
2020-04-10
pjp
pack16(p, htons(keyid));
3104
2020-04-10
pjp
p += 2;
3105
2020-04-10
pjp
pack(p, dnsname, labellen);
3106
2020-04-10
pjp
p += labellen;
3107
2020-04-10
pjp
3108
2020-04-10
pjp
/* no signature here */
3109
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
3110
2020-04-10
pjp
3111
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
3112
2020-04-10
pjp
p += rbt->zonelen;
3113
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_PTR));
3114
2020-04-10
pjp
p += 2;
3115
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
3116
2020-04-10
pjp
p += 2;
3117
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
3118
2020-04-10
pjp
p += 4;
3119
2020-04-10
pjp
pack16(p, htons(((struct ptr *)rrp->rdata)->ptrlen));
3120
2020-04-10
pjp
p += 2;
3121
2020-04-10
pjp
pack(p, ((struct ptr *)rrp->rdata)->ptr, ((struct ptr *)rrp->rdata)->ptrlen);
3122
2020-04-10
pjp
p += ((struct ptr *)rrp->rdata)->ptrlen;
3123
2020-04-10
pjp
3124
2020-04-10
pjp
keylen = (p - key);
3125
2020-04-10
pjp
3126
2020-04-10
pjp
#if 0
3127
2020-04-10
pjp
debug_bindump(key, keylen);
3128
2020-04-10
pjp
#endif
3129
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
3130
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
3131
2020-04-10
pjp
return -1;
3132
2020-04-10
pjp
}
3133
2020-04-10
pjp
3134
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
3135
2020-04-10
pjp
tmp[len] = '\0';
3136
2020-04-10
pjp
3137
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "PTR", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
3138
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
3139
2020-04-10
pjp
return -1;
3140
2020-04-10
pjp
}
3141
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
3142
2020-04-10
pjp
3143
2020-04-10
pjp
return 0;
3144