Blame
Date:
Thu Sep 10 14:45:56 2020 UTC
Message:
I want to stick with ldns-verify-zone
0001
2020-04-10
pjp
/*
0002
2020-04-10
pjp
* Copyright (c) 2020 Peter J. Philipp
0003
2020-04-10
pjp
* All rights reserved.
0004
2020-04-10
pjp
*
0005
2020-04-10
pjp
* Redistribution and use in source and binary forms, with or without
0006
2020-04-10
pjp
* modification, are permitted provided that the following conditions
0007
2020-04-10
pjp
* are met:
0008
2020-04-10
pjp
* 1. Redistributions of source code must retain the above copyright
0009
2020-04-10
pjp
* notice, this list of conditions and the following disclaimer.
0010
2020-04-10
pjp
* 2. Redistributions in binary form must reproduce the above copyright
0011
2020-04-10
pjp
* notice, this list of conditions and the following disclaimer in the
0012
2020-04-10
pjp
* documentation and/or other materials provided with the distribution.
0013
2020-04-10
pjp
* 3. The name of the author may not be used to endorse or promote products
0014
2020-04-10
pjp
* derived from this software without specific prior written permission
0015
2020-04-10
pjp
*
0016
2020-04-10
pjp
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
0017
2020-04-10
pjp
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
0018
2020-04-10
pjp
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
0019
2020-04-10
pjp
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
0020
2020-04-10
pjp
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
0021
2020-04-10
pjp
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
0022
2020-04-10
pjp
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
0023
2020-04-10
pjp
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
0024
2020-04-10
pjp
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
0025
2020-04-10
pjp
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
0026
2020-04-10
pjp
*
0027
2020-04-10
pjp
*/
0028
2020-04-10
pjp
0029
2020-04-10
pjp
/*
0030
2020-08-24
pjp
* $Id: sign.c,v 1.14 2020/08/24 06:05:30 pjp Exp $
0031
2020-04-10
pjp
*/
0032
2020-04-10
pjp
0033
2020-08-11
pjp
#include <sys/param.h> /* for MIN() */
0034
2020-04-10
pjp
#include <sys/time.h>
0035
2020-04-10
pjp
#include <sys/stat.h>
0036
2020-04-10
pjp
#include <sys/uio.h>
0037
2020-04-10
pjp
#include <sys/socket.h>
0038
2020-04-10
pjp
0039
2020-04-10
pjp
#include <netinet/in.h>
0040
2020-04-10
pjp
#include <arpa/inet.h>
0041
2020-04-10
pjp
#include <netdb.h>
0042
2020-04-10
pjp
0043
2020-04-10
pjp
#include <stdio.h>
0044
2020-04-10
pjp
#include <stdlib.h>
0045
2020-04-10
pjp
#include <stdint.h>
0046
2020-04-10
pjp
#include <stdarg.h>
0047
2020-04-10
pjp
#include <string.h>
0048
2020-04-10
pjp
#include <unistd.h>
0049
2020-04-10
pjp
#include <syslog.h>
0050
2020-04-10
pjp
#include <fcntl.h>
0051
2020-04-10
pjp
#include <ctype.h>
0052
2020-04-10
pjp
0053
2020-04-10
pjp
#ifdef __linux__
0054
2020-04-10
pjp
#include <grp.h>
0055
2020-04-10
pjp
#define __USE_BSD 1
0056
2020-04-10
pjp
#include <endian.h>
0057
2020-04-10
pjp
#include <bsd/stdlib.h>
0058
2020-04-10
pjp
#include <bsd/string.h>
0059
2020-04-10
pjp
#include <bsd/unistd.h>
0060
2020-04-10
pjp
#include <bsd/sys/queue.h>
0061
2020-04-10
pjp
#define __unused
0062
2020-04-10
pjp
#include <bsd/sys/tree.h>
0063
2020-04-10
pjp
#include <bsd/sys/endian.h>
0064
2020-04-10
pjp
#include "imsg.h"
0065
2020-04-10
pjp
#else /* not linux */
0066
2020-04-10
pjp
#include <sys/queue.h>
0067
2020-04-10
pjp
#include <sys/tree.h>
0068
2020-04-10
pjp
#ifdef __FreeBSD__
0069
2020-04-10
pjp
#include "imsg.h"
0070
2020-04-10
pjp
#else
0071
2020-04-10
pjp
#include <imsg.h>
0072
2020-04-10
pjp
#endif /* __FreeBSD__ */
0073
2020-04-10
pjp
#endif /* __linux__ */
0074
2020-04-10
pjp
0075
2020-04-10
pjp
#ifndef NTOHS
0076
2020-04-10
pjp
#include "endian.h"
0077
2020-04-10
pjp
#endif
0078
2020-04-10
pjp
0079
2020-04-10
pjp
#include <openssl/bn.h>
0080
2020-04-10
pjp
#include <openssl/obj_mac.h>
0081
2020-04-10
pjp
#include <openssl/rsa.h>
0082
2020-04-10
pjp
#include <openssl/err.h>
0083
2020-04-10
pjp
#include <openssl/sha.h>
0084
2020-04-10
pjp
#include <openssl/ec.h>
0085
2020-04-10
pjp
#include <openssl/ecdsa.h>
0086
2020-04-10
pjp
0087
2020-04-10
pjp
#include <openssl/evp.h>
0088
2020-04-10
pjp
#include <openssl/hmac.h>
0089
2020-04-10
pjp
0090
2020-04-10
pjp
#include "ddd-dns.h"
0091
2020-04-10
pjp
#include "ddd-db.h"
0092
2020-04-10
pjp
#include "ddd-config.h"
0093
2020-04-10
pjp
0094
2020-04-10
pjp
0095
2020-04-10
pjp
SLIST_HEAD(, keysentry) keyshead;
0096
2020-04-10
pjp
0097
2020-04-10
pjp
static struct keysentry {
0098
2020-04-10
pjp
char *keyname;
0099
2020-04-10
pjp
uint32_t pid;
0100
2020-04-10
pjp
int sign;
0101
2020-04-10
pjp
int type;
0102
2020-04-10
pjp
0103
2020-04-10
pjp
/* key material in this struct */
0104
2020-04-10
pjp
char *key;
0105
2020-04-10
pjp
char *zone;
0106
2020-04-10
pjp
uint32_t ttl;
0107
2020-04-10
pjp
uint16_t flags;
0108
2020-04-10
pjp
uint8_t protocol;
0109
2020-04-10
pjp
uint8_t algorithm;
0110
2020-04-10
pjp
int keyid;
0111
2020-04-10
pjp
0112
2020-04-10
pjp
/* private key RSA */
0113
2020-04-10
pjp
BIGNUM *rsan;
0114
2020-04-10
pjp
BIGNUM *rsae;
0115
2020-04-10
pjp
BIGNUM *rsad;
0116
2020-04-10
pjp
BIGNUM *rsap;
0117
2020-04-10
pjp
BIGNUM *rsaq;
0118
2020-04-10
pjp
BIGNUM *rsadmp1;
0119
2020-04-10
pjp
BIGNUM *rsadmq1;
0120
2020-04-10
pjp
BIGNUM *rsaiqmp;
0121
2020-04-10
pjp
0122
2020-04-10
pjp
/* private key Elliptic Curve */
0123
2020-04-10
pjp
0124
2020-04-10
pjp
BIGNUM *ecprivate;
0125
2020-04-10
pjp
0126
2020-04-10
pjp
SLIST_ENTRY(keysentry) keys_entry;
0127
2020-04-10
pjp
} *kn, *knp;
0128
2020-04-10
pjp
0129
2020-04-11
pjp
u_int64_t expiredon, signedon;
0130
2020-04-10
pjp
0131
2020-04-10
pjp
/* prototypes */
0132
2020-04-10
pjp
0133
2020-04-10
pjp
int add_dnskey(ddDB *);
0134
2020-04-10
pjp
char * parse_keyfile(int, uint32_t *, uint16_t *, uint8_t *, uint8_t *, char *, int *);
0135
2020-04-10
pjp
char * key2zone(char *, uint32_t *, uint16_t *, uint8_t *, uint8_t *, char *, int *);
0136
2020-04-10
pjp
char * get_key(struct keysentry *,uint32_t *, uint16_t *, uint8_t *, uint8_t *, char *, int, int *);
0137
2020-04-10
pjp
0138
2020-04-10
pjp
char * create_key(char *, int, int, int, int, uint32_t *);
0139
2020-04-10
pjp
char * create_key_rsa(char *, int, int, int, int, uint32_t *);
0140
2020-04-10
pjp
char * create_key_ec(char *, int, int, int, int, uint32_t *);
0141
2020-04-10
pjp
int create_key_ec_getpid(EC_KEY *, EC_GROUP *, EC_POINT *, int, int);
0142
2020-04-10
pjp
0143
2020-04-10
pjp
char * alg_to_name(int);
0144
2020-04-10
pjp
int alg_to_rsa(int);
0145
2020-04-10
pjp
0146
2020-04-10
pjp
int construct_nsec3(ddDB *, char *, int, char *);
0147
2020-04-10
pjp
int calculate_rrsigs(ddDB *, char *, int, int);
0148
2020-04-10
pjp
0149
2020-07-23
pjp
static int sign_hinfo(ddDB *, char *, int, struct rbtree *, int);
0150
2020-07-23
pjp
static int sign_rp(ddDB *, char *, int, struct rbtree *, int);
0151
2020-07-23
pjp
static int sign_caa(ddDB *, char *, int, struct rbtree *, int);
0152
2020-04-10
pjp
static int sign_dnskey(ddDB *, char *, int, struct rbtree *, int);
0153
2020-04-10
pjp
static int sign_a(ddDB *, char *, int, struct rbtree *, int);
0154
2020-04-10
pjp
static int sign_mx(ddDB *, char *, int, struct rbtree *, int);
0155
2020-04-10
pjp
static int sign_ns(ddDB *, char *, int, struct rbtree *, int);
0156
2020-04-10
pjp
static int sign_srv(ddDB *, char *, int, struct rbtree *, int);
0157
2020-04-10
pjp
static int sign_cname(ddDB *, char *, int, struct rbtree *, int);
0158
2020-04-10
pjp
static int sign_soa(ddDB *, char *, int, struct rbtree *, int);
0159
2020-04-10
pjp
static int sign_txt(ddDB *, char *, int, struct rbtree *, int);
0160
2020-04-10
pjp
static int sign_aaaa(ddDB *, char *, int, struct rbtree *, int);
0161
2020-04-10
pjp
static int sign_ptr(ddDB *, char *, int, struct rbtree *, int);
0162
2020-04-10
pjp
static int sign_nsec3(ddDB *, char *, int, struct rbtree *, int);
0163
2020-04-10
pjp
static int sign_nsec3param(ddDB *, char *, int, struct rbtree *, int);
0164
2020-04-10
pjp
static int sign_naptr(ddDB *, char *, int, struct rbtree *, int);
0165
2020-04-10
pjp
static int sign_sshfp(ddDB *, char *, int, struct rbtree *, int);
0166
2020-04-10
pjp
static int sign_tlsa(ddDB *, char *, int, struct rbtree *, int);
0167
2020-04-10
pjp
static int sign_ds(ddDB *, char *, int, struct rbtree *, int);
0168
2020-04-10
pjp
0169
2020-04-10
pjp
int sign(int, char *, int, struct keysentry *, char *, int *);
0170
2020-04-10
pjp
int create_ds(ddDB *, char *, struct keysentry *);
0171
2020-04-10
pjp
u_int keytag(u_char *key, u_int keysize);
0172
2020-04-10
pjp
u_int dnskey_keytag(struct dnskey *dnskey);
0173
2020-04-10
pjp
void free_private_key(struct keysentry *);
0174
2020-04-10
pjp
RSA * get_private_key_rsa(struct keysentry *);
0175
2020-04-10
pjp
EC_KEY * get_private_key_ec(struct keysentry *);
0176
2020-04-10
pjp
int store_private_key(struct keysentry *, char *, int, int);
0177
2020-04-10
pjp
int print_rbt(FILE *, struct rbtree *);
0178
2020-04-10
pjp
int print_rbt_bind(FILE *, struct rbtree *);
0179
2020-04-10
pjp
int signmain(int argc, char *argv[]);
0180
2020-04-10
pjp
void init_keys(void);
0181
2020-04-10
pjp
uint32_t getkeypid(char *);
0182
2020-04-10
pjp
void update_soa_serial(ddDB *, char *, time_t);
0183
2020-04-10
pjp
void debug_bindump(const char *, int);
0184
2020-04-10
pjp
int dump_db(ddDB *, FILE *, char *);
0185
2020-04-10
pjp
int notglue(ddDB *, struct rbtree *, char *);
0186
2020-04-10
pjp
0187
2020-08-11
pjp
char * canonical_sort(char **, int, int *);
0188
2020-08-11
pjp
int cs_cmp(const void *, const void *);
0189
2020-08-11
pjp
0190
2020-04-10
pjp
#if OPENSSL_VERSION_NUMBER < 0x10100000L
0191
2020-04-10
pjp
0192
2020-04-10
pjp
BN_GENCB * BN_GENCB_new(void);
0193
2020-04-10
pjp
void BN_GENCB_free(BN_GENCB *);
0194
2020-04-10
pjp
0195
2020-04-10
pjp
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
0196
2020-04-10
pjp
int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
0197
2020-04-10
pjp
int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
0198
2020-04-10
pjp
0199
2020-04-10
pjp
void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
0200
2020-04-10
pjp
void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
0201
2020-04-10
pjp
void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
0202
2020-04-10
pjp
#endif
0203
2020-04-10
pjp
0204
2020-04-10
pjp
extern int debug;
0205
2020-04-10
pjp
extern int verbose;
0206
2020-04-10
pjp
extern int bytes_received;
0207
2020-04-10
pjp
extern int notify;
0208
2020-07-16
pjp
extern int passlist;
0209
2020-04-10
pjp
extern int bcount;
0210
2020-04-10
pjp
extern char *bind_list[255];
0211
2020-04-10
pjp
extern char *interface_list[255];
0212
2020-04-10
pjp
extern int bflag;
0213
2020-04-10
pjp
extern int ratelimit_packets_per_second;
0214
2020-04-10
pjp
extern int ratelimit;
0215
2020-04-10
pjp
extern int nflag;
0216
2020-04-10
pjp
extern int iflag;
0217
2020-04-10
pjp
extern int lflag;
0218
2020-04-10
pjp
extern int icount;
0219
2020-04-10
pjp
extern int vslen;
0220
2020-04-10
pjp
extern char *versionstring;
0221
2020-04-10
pjp
0222
2020-04-10
pjp
/* externs */
0223
2020-04-10
pjp
0224
2020-04-10
pjp
extern void dolog(int pri, char *fmt, ...);
0225
2020-04-10
pjp
extern uint32_t unpack32(char *);
0226
2020-04-10
pjp
extern uint16_t unpack16(char *);
0227
2020-04-10
pjp
extern void unpack(char *, char *, int);
0228
2020-04-10
pjp
0229
2020-04-10
pjp
extern void pack(char *, char *, int);
0230
2020-04-10
pjp
extern void pack32(char *, u_int32_t);
0231
2020-04-10
pjp
extern void pack16(char *, u_int16_t);
0232
2020-04-10
pjp
extern void pack8(char *, u_int8_t);
0233
2020-07-06
pjp
extern int fill_dnskey(ddDB *,char *, char *, u_int32_t, u_int16_t, u_int8_t, u_int8_t, char *);
0234
2020-07-06
pjp
extern int fill_rrsig(ddDB *,char *, char *, u_int32_t, char *, u_int8_t, u_int8_t, u_int32_t, u_int64_t, u_int64_t, u_int16_t, char *, char *);
0235
2020-07-06
pjp
extern int fill_nsec3param(ddDB *, char *, char *, u_int32_t, u_int8_t, u_int8_t, u_int16_t, char *);
0236
2020-07-06
pjp
extern int fill_nsec3(ddDB *, char *, char *, u_int32_t, u_int8_t, u_int8_t, u_int16_t, char *, char *, char *);
0237
2020-04-10
pjp
extern char * convert_name(char *name, int namelen);
0238
2020-04-10
pjp
0239
2020-04-10
pjp
extern int mybase64_encode(u_char const *, size_t, char *, size_t);
0240
2020-04-10
pjp
extern int mybase64_decode(char const *, u_char *, size_t);
0241
2020-04-10
pjp
extern struct rbtree * Lookup_zone(ddDB *, char *, int, int, int);
0242
2020-04-10
pjp
extern struct question *build_fake_question(char *, int, u_int16_t, char *, int);
0243
2020-04-10
pjp
extern char * dns_label(char *, int *);
0244
2020-04-10
pjp
extern int label_count(char *);
0245
2020-04-10
pjp
extern char *get_dns_type(int, int);
0246
2020-04-10
pjp
extern char * hash_name(char *, int, struct nsec3param *);
0247
2020-04-10
pjp
extern char * base32hex_encode(u_char *input, int len);
0248
2020-04-10
pjp
extern int init_entlist(ddDB *);
0249
2020-04-10
pjp
extern int check_ent(char *, int);
0250
2020-04-10
pjp
extern struct question *build_question(char *, int, int, char *);
0251
2020-04-10
pjp
struct rrtab *rrlookup(char *);
0252
2020-04-10
pjp
0253
2020-04-10
pjp
extern struct rbtree * find_rrset(ddDB *db, char *name, int len);
0254
2020-04-10
pjp
extern struct rrset * find_rr(struct rbtree *rbt, u_int16_t rrtype);
0255
2020-04-10
pjp
extern int add_rr(struct rbtree *rbt, char *name, int len, u_int16_t rrtype, void *rdata);
0256
2020-04-10
pjp
extern char * bin2hex(char *, int);
0257
2020-04-10
pjp
extern u_int64_t timethuman(time_t);
0258
2020-04-10
pjp
extern char * bitmap2human(char *, int);
0259
2020-04-10
pjp
extern int memcasecmp(u_char *, u_char *, int);
0260
2020-04-10
pjp
0261
2020-04-10
pjp
extern int insert_axfr(char *, char *);
0262
2020-04-10
pjp
extern int insert_filter(char *, char *);
0263
2020-07-16
pjp
extern int insert_passlist(char *, char *);
0264
2020-06-25
pjp
extern int insert_notifyddd(char *, char *);
0265
2020-04-10
pjp
0266
2020-04-10
pjp
extern int dnssec;
0267
2020-04-10
pjp
extern int tsig;
0268
2020-04-10
pjp
0269
2020-04-10
pjp
/* Aliases */
0270
2020-04-10
pjp
0271
2020-04-10
pjp
#define ROLLOVER_METHOD_PRE_PUBLICATION 0
0272
2020-04-10
pjp
#define ROLLOVER_METHOD_DOUBLE_SIGNATURE 1
0273
2020-04-10
pjp
0274
2020-04-10
pjp
#define KEYTYPE_NONE 0
0275
2020-04-10
pjp
#define KEYTYPE_KSK 1
0276
2020-04-10
pjp
#define KEYTYPE_ZSK 2
0277
2020-04-10
pjp
0278
2020-04-10
pjp
#define SCHEME_OFF 0
0279
2020-04-10
pjp
#define SCHEME_YYYY 1
0280
2020-04-10
pjp
#define SCHEME_TSTAMP 2
0281
2020-04-10
pjp
0282
2020-04-10
pjp
#define ALGORITHM_RSASHA1_NSEC3_SHA1 7 /* rfc 5155 */
0283
2020-04-10
pjp
#define ALGORITHM_RSASHA256 8 /* rfc 5702 */
0284
2020-04-10
pjp
#define ALGORITHM_RSASHA512 10 /* rfc 5702 */
0285
2020-04-10
pjp
#define ALGORITHM_ECDSAP256SHA256 13 /* rfc 6605 */
0286
2020-04-10
pjp
0287
2020-04-10
pjp
#define RSA_F5 0x100000001
0288
2020-04-10
pjp
0289
2020-04-10
pjp
#define PROVIDED_SIGNTIME 0
0290
2020-04-10
pjp
#define SIGNEDON 20161230073133
0291
2020-04-10
pjp
#define EXPIREDON 20170228073133
0292
2020-04-10
pjp
0293
2020-04-10
pjp
#define SIGNEDON_DRIFT (14 * 86400)
0294
2020-04-10
pjp
#define DEFAULT_EXPIRYTIME (60 * 86400)
0295
2020-04-10
pjp
0296
2020-04-10
pjp
#define DEFAULT_TTL 3600
0297
2020-04-10
pjp
#define DEFAULT_BITS 3072
0298
2020-04-10
pjp
0299
2020-04-10
pjp
/* define masks */
0300
2020-04-10
pjp
0301
2020-04-10
pjp
#define MASK_PARSE_BINDFILE 0x1
0302
2020-04-10
pjp
#define MASK_PARSE_FILE 0x2
0303
2020-04-10
pjp
#define MASK_ADD_DNSKEY 0x4
0304
2020-04-10
pjp
#define MASK_CONSTRUCT_NSEC3 0x8
0305
2020-04-10
pjp
#define MASK_CALCULATE_RRSIGS 0x10
0306
2020-04-10
pjp
#define MASK_CREATE_DS 0x20
0307
2020-04-10
pjp
#define MASK_DUMP_DB 0x40
0308
2020-04-10
pjp
#define MASK_DUMP_BIND 0x80
0309
2020-04-10
pjp
0310
2020-04-10
pjp
0311
2020-08-11
pjp
#define MAX_RECORDS_IN_RRSET 100
0312
2020-08-11
pjp
0313
2020-04-10
pjp
/*
0314
2020-04-10
pjp
* SIGNMAIN - the heart of dddctl sign ...
0315
2020-04-10
pjp
*/
0316
2020-04-10
pjp
0317
2020-04-10
pjp
int
0318
2020-04-10
pjp
signmain(int argc, char *argv[])
0319
2020-04-10
pjp
{
0320
2020-04-10
pjp
FILE *of = stdout;
0321
2020-04-10
pjp
struct stat sb;
0322
2020-04-10
pjp
0323
2020-04-10
pjp
int ch;
0324
2020-04-10
pjp
int bits = DEFAULT_BITS;
0325
2020-04-10
pjp
int ttl = DEFAULT_TTL;
0326
2020-04-10
pjp
int create_zsk = 0;
0327
2020-04-10
pjp
int create_ksk = 0;
0328
2020-04-10
pjp
int rollmethod = ROLLOVER_METHOD_PRE_PUBLICATION;
0329
2020-04-10
pjp
int algorithm = ALGORITHM_ECDSAP256SHA256;
0330
2020-04-10
pjp
int expiry = DEFAULT_EXPIRYTIME;
0331
2020-04-10
pjp
int iterations = 10;
0332
2020-04-10
pjp
u_int32_t mask = (MASK_PARSE_FILE | MASK_ADD_DNSKEY | MASK_CONSTRUCT_NSEC3 | MASK_CALCULATE_RRSIGS | MASK_CREATE_DS | MASK_DUMP_DB);
0333
2020-04-10
pjp
0334
2020-04-10
pjp
char *salt = "-";
0335
2020-04-10
pjp
char *zonefile = NULL;
0336
2020-04-10
pjp
char *zonename = NULL;
0337
2020-04-10
pjp
char *ep;
0338
2020-04-10
pjp
0339
2020-04-10
pjp
int ksk_key = 0, zsk_key = 0;
0340
2020-04-10
pjp
int numkeys = 0, search = 0;
0341
2020-04-10
pjp
0342
2020-04-10
pjp
int numksk = 0, numzsk = 0;
0343
2020-04-10
pjp
0344
2020-04-10
pjp
uint32_t pid = -1, newpid;
0345
2020-04-10
pjp
0346
2020-04-10
pjp
char key_key[4096];
0347
2020-04-10
pjp
char buf[512];
0348
2020-04-10
pjp
char *key_zone;
0349
2020-04-10
pjp
uint32_t key_ttl;
0350
2020-04-10
pjp
uint16_t key_flags;
0351
2020-04-10
pjp
uint8_t key_protocol;
0352
2020-04-10
pjp
uint8_t key_algorithm;
0353
2020-04-10
pjp
int key_keyid;
0354
2020-04-10
pjp
0355
2020-04-10
pjp
ddDB *db;
0356
2020-04-10
pjp
0357
2020-04-10
pjp
time_t now, serial = 0;
0358
2020-04-10
pjp
struct tm *tm;
0359
2020-04-10
pjp
uint32_t parseflags = PARSEFILE_FLAG_NOSOCKET;
0360
2020-04-10
pjp
0361
2020-04-10
pjp
#if __OpenBSD__
0362
2020-04-10
pjp
if (pledge("stdio rpath wpath cpath", NULL) < 0) {
0363
2020-04-10
pjp
perror("pledge");
0364
2020-04-10
pjp
exit(1);
0365
2020-04-10
pjp
}
0366
2020-04-10
pjp
#endif
0367
2020-04-10
pjp
0368
2020-04-10
pjp
0369
2020-04-10
pjp
while ((ch = getopt(argc, argv, "a:B:e:hI:i:Kk:m:n:o:R:S:s:t:vXx:Zz:")) != -1) {
0370
2020-04-10
pjp
switch (ch) {
0371
2020-04-10
pjp
case 'a':
0372
2020-04-10
pjp
/* algorithm */
0373
2020-04-10
pjp
algorithm = atoi(optarg);
0374
2020-04-10
pjp
break;
0375
2020-04-10
pjp
0376
2020-04-10
pjp
case 'B':
0377
2020-04-10
pjp
/* bits */
0378
2020-04-10
pjp
0379
2020-04-10
pjp
bits = atoi(optarg);
0380
2020-04-10
pjp
break;
0381
2020-04-10
pjp
case 'e':
0382
2020-04-10
pjp
/* expiry */
0383
2020-04-10
pjp
0384
2020-04-10
pjp
expiry = atoi(optarg);
0385
2020-04-10
pjp
break;
0386
2020-04-10
pjp
0387
2020-04-10
pjp
case 'I':
0388
2020-04-10
pjp
/* NSEC3 iterations */
0389
2020-04-10
pjp
iterations = atoi(optarg);
0390
2020-04-10
pjp
break;
0391
2020-04-10
pjp
0392
2020-04-10
pjp
case 'i':
0393
2020-04-10
pjp
/* inputfile */
0394
2020-04-10
pjp
zonefile = optarg;
0395
2020-04-10
pjp
0396
2020-04-10
pjp
break;
0397
2020-04-10
pjp
0398
2020-04-10
pjp
case 'K':
0399
2020-04-10
pjp
/* create KSK key */
0400
2020-04-10
pjp
create_ksk = 1;
0401
2020-04-10
pjp
0402
2020-04-10
pjp
break;
0403
2020-04-10
pjp
0404
2020-04-10
pjp
case 'k':
0405
2020-04-10
pjp
/* use KSK key */
0406
2020-04-10
pjp
kn = malloc(sizeof(struct keysentry));
0407
2020-04-10
pjp
if (kn == NULL) {
0408
2020-04-10
pjp
perror("malloc");
0409
2020-04-10
pjp
exit(1);
0410
2020-04-10
pjp
}
0411
2020-04-10
pjp
kn->keyname = strdup(optarg);
0412
2020-04-10
pjp
if (kn->keyname == NULL) {
0413
2020-04-10
pjp
perror("strdup");
0414
2020-04-10
pjp
exit(1);
0415
2020-04-10
pjp
}
0416
2020-04-10
pjp
kn->type = KEYTYPE_KSK;
0417
2020-04-10
pjp
kn->pid = getkeypid(kn->keyname);
0418
2020-04-10
pjp
#if DEBUG
0419
2020-04-10
pjp
printf("opened %s with pid %u\n", kn->keyname, kn->pid);
0420
2020-04-10
pjp
#endif
0421
2020-04-10
pjp
kn->sign = 0;
0422
2020-04-10
pjp
ksk_key = 1;
0423
2020-04-10
pjp
0424
2020-04-10
pjp
if ((key_zone = key2zone(kn->keyname, &key_ttl, &key_flags, &key_protocol, &key_algorithm, (char *)&key_key, &key_keyid)) == NULL) {
0425
2020-04-10
pjp
perror("key2zone");
0426
2020-04-10
pjp
exit(1);
0427
2020-04-10
pjp
}
0428
2020-04-10
pjp
0429
2020-04-10
pjp
kn->zone = strdup(key_zone);
0430
2020-04-10
pjp
if (kn->zone == NULL) {
0431
2020-04-10
pjp
perror("strdup");
0432
2020-04-10
pjp
exit(1);
0433
2020-04-10
pjp
}
0434
2020-04-10
pjp
kn->ttl = key_ttl;
0435
2020-04-10
pjp
kn->flags = key_flags;
0436
2020-04-10
pjp
kn->protocol = key_protocol;
0437
2020-04-10
pjp
kn->algorithm = key_algorithm;
0438
2020-04-10
pjp
kn->key = strdup(key_key);
0439
2020-04-10
pjp
if (kn->key == NULL) {
0440
2020-04-10
pjp
perror("strdup kn->key");
0441
2020-04-10
pjp
exit(1);
0442
2020-04-10
pjp
}
0443
2020-04-10
pjp
kn->keyid = key_keyid;
0444
2020-04-10
pjp
0445
2020-04-10
pjp
if (store_private_key(kn, kn->zone, kn->keyid, kn->algorithm) < 0) {
0446
2020-04-10
pjp
perror("store_private_key");
0447
2020-04-10
pjp
exit(1);
0448
2020-04-10
pjp
}
0449
2020-04-10
pjp
0450
2020-04-10
pjp
SLIST_INSERT_HEAD(&keyshead, kn, keys_entry);
0451
2020-04-10
pjp
numkeys++;
0452
2020-04-10
pjp
numksk++;
0453
2020-04-10
pjp
0454
2020-04-10
pjp
break;
0455
2020-04-10
pjp
0456
2020-04-10
pjp
case 'm':
0457
2020-04-10
pjp
/* mask */
0458
2020-04-10
pjp
mask = strtoull(optarg, &ep, 16);
0459
2020-04-10
pjp
break;
0460
2020-04-10
pjp
0461
2020-04-10
pjp
case 'n':
0462
2020-04-10
pjp
0463
2020-04-10
pjp
/* zone name */
0464
2020-04-10
pjp
zonename = optarg;
0465
2020-04-10
pjp
0466
2020-04-10
pjp
break;
0467
2020-04-10
pjp
0468
2020-04-10
pjp
case 'o':
0469
2020-04-10
pjp
/* output file */
0470
2020-04-10
pjp
if (optarg[0] == '-')
0471
2020-04-10
pjp
break;
0472
2020-04-10
pjp
0473
2020-04-10
pjp
errno = 0;
0474
2020-04-10
pjp
if (lstat(optarg, &sb) < 0 && errno != ENOENT) {
0475
2020-04-10
pjp
perror("lstat");
0476
2020-04-10
pjp
exit(1);
0477
2020-04-10
pjp
}
0478
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
0479
2020-04-10
pjp
fprintf(stderr, "%s is not a file!\n", optarg);
0480
2020-04-10
pjp
exit(1);
0481
2020-04-10
pjp
}
0482
2020-04-10
pjp
if ((of = fopen(optarg, "w")) == NULL) {
0483
2020-04-10
pjp
perror("fopen");
0484
2020-04-10
pjp
exit(1);
0485
2020-04-10
pjp
}
0486
2020-04-10
pjp
0487
2020-04-10
pjp
break;
0488
2020-04-10
pjp
case 'R':
0489
2020-04-10
pjp
/* rollover method see RFC 7583 section 2.1 */
0490
2020-04-10
pjp
if (strcmp(optarg, "prep") == 0) {
0491
2020-04-10
pjp
rollmethod = ROLLOVER_METHOD_PRE_PUBLICATION;
0492
2020-04-10
pjp
} else if (strcmp(optarg, "double") == 0) {
0493
2020-04-10
pjp
rollmethod = ROLLOVER_METHOD_DOUBLE_SIGNATURE;
0494
2020-04-10
pjp
}
0495
2020-04-10
pjp
0496
2020-04-10
pjp
break;
0497
2020-04-10
pjp
0498
2020-04-10
pjp
case 'S':
0499
2020-04-10
pjp
pid = atoi(optarg);
0500
2020-04-10
pjp
0501
2020-04-10
pjp
break;
0502
2020-04-10
pjp
0503
2020-04-10
pjp
case 's':
0504
2020-04-10
pjp
/* salt */
0505
2020-04-10
pjp
salt = optarg;
0506
2020-04-10
pjp
break;
0507
2020-04-10
pjp
0508
2020-04-10
pjp
case 't':
0509
2020-04-10
pjp
0510
2020-04-10
pjp
/* ttl of the zone */
0511
2020-04-10
pjp
ttl = atoi(optarg);
0512
2020-04-10
pjp
0513
2020-04-10
pjp
break;
0514
2020-04-10
pjp
0515
2020-04-10
pjp
case 'v':
0516
2020-04-10
pjp
/* version */
0517
2020-04-10
pjp
0518
2020-04-10
pjp
printf("%s\n", DD_CONVERT_VERSION);
0519
2020-04-10
pjp
exit(0);
0520
2020-04-10
pjp
0521
2020-04-10
pjp
case 'X':
0522
2020-04-10
pjp
/* update serial */
0523
2020-04-10
pjp
now = time(NULL);
0524
2020-04-10
pjp
tm = localtime(&now);
0525
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d01", tm);
0526
2020-04-10
pjp
serial = atoll(buf);
0527
2020-04-10
pjp
break;
0528
2020-04-10
pjp
0529
2020-04-10
pjp
case 'x':
0530
2020-04-10
pjp
serial = atoll(optarg);
0531
2020-04-10
pjp
break;
0532
2020-04-10
pjp
0533
2020-04-10
pjp
case 'Z':
0534
2020-04-10
pjp
/* create ZSK */
0535
2020-04-10
pjp
create_zsk = 1;
0536
2020-04-10
pjp
break;
0537
2020-04-10
pjp
0538
2020-04-10
pjp
case 'z':
0539
2020-04-10
pjp
/* use ZSK */
0540
2020-04-10
pjp
kn = malloc(sizeof(struct keysentry));
0541
2020-04-10
pjp
if (kn == NULL) {
0542
2020-04-10
pjp
perror("malloc");
0543
2020-04-10
pjp
exit(1);
0544
2020-04-10
pjp
}
0545
2020-04-10
pjp
kn->keyname = strdup(optarg);
0546
2020-04-10
pjp
if (kn->keyname == NULL) {
0547
2020-04-10
pjp
perror("strdup");
0548
2020-04-10
pjp
exit(1);
0549
2020-04-10
pjp
}
0550
2020-04-10
pjp
kn->type = KEYTYPE_ZSK;
0551
2020-04-10
pjp
kn->pid = getkeypid(kn->keyname);
0552
2020-04-10
pjp
#if DEBUG
0553
2020-04-10
pjp
printf("opened %s with pid %u\n", kn->keyname, kn->pid);
0554
2020-04-10
pjp
#endif
0555
2020-04-10
pjp
kn->sign = 0;
0556
2020-04-10
pjp
zsk_key = 1;
0557
2020-04-10
pjp
0558
2020-04-10
pjp
if ((key_zone = key2zone(kn->keyname, &key_ttl, &key_flags, &key_protocol, &key_algorithm, (char *)&key_key, &key_keyid)) == NULL) {
0559
2020-04-10
pjp
perror("key2zone");
0560
2020-04-10
pjp
exit(1);
0561
2020-04-10
pjp
}
0562
2020-04-10
pjp
0563
2020-04-10
pjp
kn->zone = strdup(key_zone);
0564
2020-04-10
pjp
if (kn->zone == NULL) {
0565
2020-04-10
pjp
perror("strdup");
0566
2020-04-10
pjp
exit(1);
0567
2020-04-10
pjp
}
0568
2020-04-10
pjp
kn->ttl = key_ttl;
0569
2020-04-10
pjp
kn->flags = key_flags;
0570
2020-04-10
pjp
kn->protocol = key_protocol;
0571
2020-04-10
pjp
kn->algorithm = key_algorithm;
0572
2020-04-10
pjp
kn->key = strdup(key_key);
0573
2020-04-10
pjp
if (kn->key == NULL) {
0574
2020-04-10
pjp
perror("strdup kn->key");
0575
2020-04-10
pjp
exit(1);
0576
2020-04-10
pjp
}
0577
2020-04-10
pjp
kn->keyid = key_keyid;
0578
2020-04-10
pjp
0579
2020-04-10
pjp
if (store_private_key(kn, kn->zone, kn->keyid, kn->algorithm) < 0) {
0580
2020-04-10
pjp
perror("store_private_key");
0581
2020-04-10
pjp
exit(1);
0582
2020-04-10
pjp
}
0583
2020-04-10
pjp
0584
2020-04-10
pjp
0585
2020-04-10
pjp
SLIST_INSERT_HEAD(&keyshead, kn, keys_entry);
0586
2020-04-10
pjp
numkeys++;
0587
2020-04-10
pjp
numzsk++;
0588
2020-04-10
pjp
0589
2020-04-10
pjp
break;
0590
2020-04-10
pjp
}
0591
2020-04-10
pjp
0592
2020-04-10
pjp
}
0593
2020-04-10
pjp
0594
2020-04-10
pjp
0595
2020-04-10
pjp
if (zonename == NULL) {
0596
2020-04-10
pjp
fprintf(stderr, "must provide a zonename with the -n flag\n");
0597
2020-04-10
pjp
exit(1);
0598
2020-04-10
pjp
}
0599
2020-04-10
pjp
0600
2020-04-10
pjp
if (create_ksk) {
0601
2020-04-10
pjp
kn = malloc(sizeof(struct keysentry));
0602
2020-04-10
pjp
if (kn == NULL) {
0603
2020-04-10
pjp
perror("malloc");
0604
2020-04-10
pjp
exit(1);
0605
2020-04-10
pjp
}
0606
2020-04-10
pjp
0607
2020-04-10
pjp
dolog(LOG_INFO, "creating new KSK (257) algorithm: %s with %d bits, pid ", alg_to_name(algorithm), bits);
0608
2020-04-10
pjp
kn->keyname = create_key(zonename, ttl, 257, algorithm, bits, &newpid);
0609
2020-04-10
pjp
if (kn->keyname == NULL) {
0610
2020-04-10
pjp
dolog(LOG_ERR, "failed.\n");
0611
2020-04-10
pjp
exit(1);
0612
2020-04-10
pjp
}
0613
2020-04-10
pjp
0614
2020-04-10
pjp
kn->type = KEYTYPE_KSK;
0615
2020-04-10
pjp
kn->pid = newpid;
0616
2020-04-10
pjp
kn->sign = 0;
0617
2020-04-10
pjp
ksk_key = 1;
0618
2020-04-10
pjp
0619
2020-04-10
pjp
dolog(LOG_INFO, "%d.\n", newpid);
0620
2020-04-10
pjp
0621
2020-04-10
pjp
if ((key_zone = key2zone(kn->keyname, &key_ttl, &key_flags, &key_protocol, &key_algorithm, (char *)&key_key, &key_keyid)) == NULL) {
0622
2020-04-10
pjp
perror("key2zone");
0623
2020-04-10
pjp
exit(1);
0624
2020-04-10
pjp
}
0625
2020-04-10
pjp
0626
2020-04-10
pjp
kn->zone = strdup(key_zone);
0627
2020-04-10
pjp
if (kn->zone == NULL) {
0628
2020-04-10
pjp
perror("strdup");
0629
2020-04-10
pjp
exit(1);
0630
2020-04-10
pjp
}
0631
2020-04-10
pjp
kn->ttl = key_ttl;
0632
2020-04-10
pjp
kn->flags = key_flags;
0633
2020-04-10
pjp
kn->protocol = key_protocol;
0634
2020-04-10
pjp
kn->algorithm = key_algorithm;
0635
2020-04-10
pjp
kn->key = strdup(key_key);
0636
2020-04-10
pjp
if (kn->key == NULL) {
0637
2020-04-10
pjp
perror("strdup kn->key");
0638
2020-04-10
pjp
exit(1);
0639
2020-04-10
pjp
}
0640
2020-04-10
pjp
kn->keyid = key_keyid;
0641
2020-04-10
pjp
0642
2020-04-10
pjp
0643
2020-04-10
pjp
if (store_private_key(kn, kn->zone, kn->keyid, kn->algorithm) < 0) {
0644
2020-04-10
pjp
perror("store_private_key");
0645
2020-04-10
pjp
exit(1);
0646
2020-04-10
pjp
}
0647
2020-04-10
pjp
0648
2020-04-10
pjp
SLIST_INSERT_HEAD(&keyshead, kn, keys_entry);
0649
2020-04-10
pjp
numkeys++;
0650
2020-04-10
pjp
numksk++;
0651
2020-04-10
pjp
}
0652
2020-04-10
pjp
if (create_zsk) {
0653
2020-04-10
pjp
kn = malloc(sizeof(struct keysentry));
0654
2020-04-10
pjp
if (kn == NULL) {
0655
2020-04-10
pjp
perror("malloc");
0656
2020-04-10
pjp
exit(1);
0657
2020-04-10
pjp
}
0658
2020-04-10
pjp
dolog(LOG_INFO, "creating new ZSK (256) algorithm: %s with %d bits, pid ", alg_to_name(algorithm), bits);
0659
2020-04-10
pjp
kn->keyname = create_key(zonename, ttl, 256, algorithm, bits, &newpid);
0660
2020-04-10
pjp
if (kn->keyname == NULL) {
0661
2020-04-10
pjp
dolog(LOG_ERR, "failed.\n");
0662
2020-04-10
pjp
exit(1);
0663
2020-04-10
pjp
}
0664
2020-04-10
pjp
0665
2020-04-10
pjp
kn->type = KEYTYPE_ZSK;
0666
2020-04-10
pjp
kn->pid = newpid;
0667
2020-04-10
pjp
kn->sign = 0;
0668
2020-04-10
pjp
zsk_key = 1;
0669
2020-04-10
pjp
0670
2020-04-10
pjp
dolog(LOG_INFO, "%d.\n", newpid);
0671
2020-04-10
pjp
0672
2020-04-10
pjp
if ((key_zone = key2zone(kn->keyname, &key_ttl, &key_flags, &key_protocol, &key_algorithm, (char *)&key_key, &key_keyid)) == NULL) {
0673
2020-04-10
pjp
perror("key2zone");
0674
2020-04-10
pjp
exit(1);
0675
2020-04-10
pjp
}
0676
2020-04-10
pjp
0677
2020-04-10
pjp
kn->zone = strdup(key_zone);
0678
2020-04-10
pjp
if (kn->zone == NULL) {
0679
2020-04-10
pjp
perror("strdup");
0680
2020-04-10
pjp
exit(1);
0681
2020-04-10
pjp
}
0682
2020-04-10
pjp
kn->ttl = key_ttl;
0683
2020-04-10
pjp
kn->flags = key_flags;
0684
2020-04-10
pjp
kn->protocol = key_protocol;
0685
2020-04-10
pjp
kn->algorithm = key_algorithm;
0686
2020-04-10
pjp
kn->key = strdup(key_key);
0687
2020-04-10
pjp
if (kn->key == NULL) {
0688
2020-04-10
pjp
perror("strdup kn->key");
0689
2020-04-10
pjp
exit(1);
0690
2020-04-10
pjp
}
0691
2020-04-10
pjp
kn->keyid = key_keyid;
0692
2020-04-10
pjp
0693
2020-04-10
pjp
if (store_private_key(kn, kn->zone, kn->keyid, kn->algorithm) < 0) {
0694
2020-04-10
pjp
perror("store_private_key");
0695
2020-04-10
pjp
exit(1);
0696
2020-04-10
pjp
}
0697
2020-04-10
pjp
0698
2020-04-10
pjp
0699
2020-04-10
pjp
SLIST_INSERT_HEAD(&keyshead, kn, keys_entry);
0700
2020-04-10
pjp
numkeys++;
0701
2020-04-10
pjp
numzsk++;
0702
2020-04-10
pjp
}
0703
2020-04-10
pjp
0704
2020-04-10
pjp
if (zonefile == NULL || zonename == NULL) {
0705
2020-04-10
pjp
if (create_zsk || create_ksk) {
0706
2020-04-10
pjp
fprintf(stderr, "key(s) created\n");
0707
2020-04-10
pjp
exit(0);
0708
2020-04-10
pjp
}
0709
2020-04-10
pjp
0710
2020-04-10
pjp
fprintf(stderr, "must provide a zonefile and a zonename!\n");
0711
2020-04-10
pjp
exit(1);
0712
2020-04-10
pjp
}
0713
2020-04-10
pjp
0714
2020-04-10
pjp
if (ksk_key == 0 || zsk_key == 0) {
0715
2020-04-10
pjp
dolog(LOG_INFO, "must specify both a ksk and a zsk key! or -z -k\n");
0716
2020-04-10
pjp
exit(1);
0717
2020-04-10
pjp
}
0718
2020-04-10
pjp
0719
2020-04-10
pjp
0720
2020-04-10
pjp
/* check what keys we sign or not */
0721
2020-04-10
pjp
if ((rollmethod == ROLLOVER_METHOD_PRE_PUBLICATION && numkeys > 3) ||
0722
2020-04-10
pjp
(rollmethod == ROLLOVER_METHOD_DOUBLE_SIGNATURE && numkeys > 4)) {
0723
2020-04-10
pjp
switch (rollmethod) {
0724
2020-04-10
pjp
case ROLLOVER_METHOD_PRE_PUBLICATION:
0725
2020-04-10
pjp
dolog(LOG_INFO, "rollover pre-publication method: can't roll-over more than 1 key at a time! numkeys > 3\n");
0726
2020-04-10
pjp
break;
0727
2020-04-10
pjp
case ROLLOVER_METHOD_DOUBLE_SIGNATURE:
0728
2020-04-10
pjp
dolog(LOG_INFO, "rollover double-signature method: can't roll-over more than 2 keys at a time! numkeys > 4\n");
0729
2020-04-10
pjp
break;
0730
2020-04-10
pjp
}
0731
2020-04-10
pjp
0732
2020-04-10
pjp
exit(1);
0733
2020-04-10
pjp
} else if ((numkeys > 2 && rollmethod == ROLLOVER_METHOD_DOUBLE_SIGNATURE) || numkeys == 2) {
0734
2020-04-10
pjp
#if 0
0735
2020-04-10
pjp
} else if (numkeys == 2) {
0736
2020-04-10
pjp
#endif
0737
2020-04-10
pjp
/* sign them all */
0738
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0739
2020-04-10
pjp
knp->sign = 1;
0740
2020-04-10
pjp
}
0741
2020-04-10
pjp
} else {
0742
2020-04-10
pjp
/* we can only be pre-publication method and have 3 keys now */
0743
2020-04-10
pjp
if (pid == -1) {
0744
2020-04-10
pjp
fprintf(stderr, "pre-publication rollover: you specified three keys, please select one for signing (with -S pid)!\n");
0745
2020-04-10
pjp
exit(1);
0746
2020-04-10
pjp
}
0747
2020-04-10
pjp
0748
2020-04-10
pjp
search = KEYTYPE_NONE;
0749
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0750
2020-04-10
pjp
if (knp->pid == pid) {
0751
2020-04-10
pjp
knp->sign = 1;
0752
2020-04-10
pjp
search = (knp->type == KEYTYPE_KSK) ? KEYTYPE_ZSK : KEYTYPE_KSK;
0753
2020-04-10
pjp
break;
0754
2020-04-10
pjp
}
0755
2020-04-10
pjp
}
0756
2020-04-10
pjp
0757
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0758
2020-04-10
pjp
if (search == knp->type && knp->sign == 0)
0759
2020-04-10
pjp
knp->sign = 1;
0760
2020-04-10
pjp
} /* SLIST_FOREACH */
0761
2020-04-10
pjp
} /* numkeys == 3 */
0762
2020-04-10
pjp
0763
2020-04-10
pjp
#if DEBUG
0764
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0765
2020-04-10
pjp
printf("%s pid: %u %s\n", knp->keyname, knp->pid, knp->sign ? "<--" : "" );
0766
2020-04-10
pjp
}
0767
2020-04-10
pjp
#endif
0768
2020-04-10
pjp
#if DEBUG
0769
2020-04-10
pjp
printf("zonefile is %s\n", zonefile);
0770
2020-04-10
pjp
#endif
0771
2020-04-10
pjp
0772
2020-04-10
pjp
/* open the database(s) */
0773
2020-04-10
pjp
db = dddbopen();
0774
2020-04-10
pjp
if (db == NULL) {
0775
2020-04-10
pjp
dolog(LOG_INFO, "dddbopen() failed\n");
0776
2020-04-10
pjp
exit(1);
0777
2020-04-10
pjp
}
0778
2020-04-10
pjp
0779
2020-04-10
pjp
/* now we start reading our configfile */
0780
2020-04-10
pjp
0781
2020-04-10
pjp
if ((mask & MASK_PARSE_FILE) && parse_file(db, zonefile, parseflags) < 0) {
0782
2020-04-10
pjp
dolog(LOG_INFO, "parsing config file failed\n");
0783
2020-04-10
pjp
exit(1);
0784
2020-04-10
pjp
}
0785
2020-04-10
pjp
0786
2020-04-10
pjp
/* create ENT list */
0787
2020-04-10
pjp
if (init_entlist(db) < 0) {
0788
2020-04-10
pjp
dolog(LOG_INFO, "creating entlist failed\n");
0789
2020-04-10
pjp
exit(1);
0790
2020-04-10
pjp
}
0791
2020-04-10
pjp
0792
2020-04-10
pjp
/* update any serial updates here */
0793
2020-04-10
pjp
if (serial)
0794
2020-04-10
pjp
update_soa_serial(db, zonename, serial);
0795
2020-04-10
pjp
0796
2020-04-10
pjp
/* three passes to "sign" our zones */
0797
2020-04-10
pjp
/* first pass, add dnskey records, on apex */
0798
2020-04-10
pjp
0799
2020-04-10
pjp
if ((mask & MASK_ADD_DNSKEY) && add_dnskey(db) < 0) {
0800
2020-04-10
pjp
dolog(LOG_INFO, "add_dnskey failed\n");
0801
2020-04-10
pjp
exit(1);
0802
2020-04-10
pjp
}
0803
2020-04-10
pjp
0804
2020-04-10
pjp
/* second pass construct NSEC3 records, including ENT's */
0805
2020-04-10
pjp
0806
2020-04-10
pjp
if ((mask & MASK_CONSTRUCT_NSEC3) && construct_nsec3(db, zonename, iterations, salt) < 0) {
0807
2020-04-10
pjp
dolog(LOG_INFO, "construct nsec3 failed\n");
0808
2020-04-10
pjp
exit(1);
0809
2020-04-10
pjp
}
0810
2020-04-10
pjp
0811
2020-04-10
pjp
/* third pass calculate RRSIG's for every RR set */
0812
2020-04-10
pjp
0813
2020-04-10
pjp
if ((mask & MASK_CALCULATE_RRSIGS) && calculate_rrsigs(db, zonename, expiry, rollmethod) < 0) {
0814
2020-04-10
pjp
dolog(LOG_INFO, "calculate rrsigs failed\n");
0815
2020-04-10
pjp
exit(1);
0816
2020-04-10
pjp
}
0817
2020-04-10
pjp
0818
2020-04-10
pjp
/* calculate ds */
0819
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0820
2020-04-10
pjp
if ((mask & MASK_CREATE_DS) && create_ds(db, zonename, knp) < 0) {
0821
2020-04-10
pjp
dolog(LOG_INFO, "create_ds failed\n");
0822
2020-04-10
pjp
exit(1);
0823
2020-04-10
pjp
}
0824
2020-04-10
pjp
}
0825
2020-04-10
pjp
0826
2020-04-10
pjp
/* free private keys */
0827
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0828
2020-04-10
pjp
free_private_key(knp);
0829
2020-04-10
pjp
}
0830
2020-04-10
pjp
0831
2020-04-10
pjp
/* write new zone file */
0832
2020-04-10
pjp
if ((mask & MASK_DUMP_DB) && dump_db(db, of, zonename) < 0)
0833
2020-04-10
pjp
exit (1);
0834
2020-04-10
pjp
0835
2020-04-10
pjp
0836
2020-04-10
pjp
exit(0);
0837
2020-04-10
pjp
}
0838
2020-04-10
pjp
0839
2020-04-10
pjp
0840
2020-04-10
pjp
int
0841
2020-04-10
pjp
add_dnskey(ddDB *db)
0842
2020-04-10
pjp
{
0843
2020-04-10
pjp
char key[4096];
0844
2020-04-10
pjp
char *zone;
0845
2020-04-10
pjp
uint32_t ttl;
0846
2020-04-10
pjp
uint16_t flags;
0847
2020-04-10
pjp
uint8_t protocol;
0848
2020-04-10
pjp
uint8_t algorithm;
0849
2020-04-10
pjp
int keyid;
0850
2020-04-10
pjp
0851
2020-04-10
pjp
/* first the zsk */
0852
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0853
2020-04-10
pjp
if (knp->type == KEYTYPE_ZSK) {
0854
2020-04-10
pjp
if ((zone = get_key(knp, &ttl, &flags, &protocol, &algorithm, (char *)&key, sizeof(key), &keyid)) == NULL) {
0855
2020-04-10
pjp
dolog(LOG_INFO, "get_key: %s\n", knp->keyname);
0856
2020-04-10
pjp
return -1;
0857
2020-04-10
pjp
}
0858
2020-07-06
pjp
if (fill_dnskey(db, zone, "dnskey", ttl, flags, protocol, algorithm, key) < 0) {
0859
2020-04-10
pjp
return -1;
0860
2020-04-10
pjp
}
0861
2020-04-10
pjp
} /* if ZSK */
0862
2020-04-10
pjp
} /* SLIST_FOREACH */
0863
2020-04-10
pjp
0864
2020-04-10
pjp
/* now the ksk */
0865
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
0866
2020-04-10
pjp
if (knp->type == KEYTYPE_KSK) {
0867
2020-04-10
pjp
if ((zone = get_key(knp, &ttl, &flags, &protocol, &algorithm, (char *)&key, sizeof(key), &keyid)) == NULL) {
0868
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", knp->keyname);
0869
2020-04-10
pjp
return -1;
0870
2020-04-10
pjp
}
0871
2020-07-06
pjp
if (fill_dnskey(db, zone, "dnskey", ttl, flags, protocol, algorithm, key) < 0) {
0872
2020-04-10
pjp
return -1;
0873
2020-04-10
pjp
}
0874
2020-04-10
pjp
} /* if KSK */
0875
2020-04-10
pjp
} /* SLIST_FOREACH */
0876
2020-04-10
pjp
0877
2020-04-10
pjp
return 0;
0878
2020-04-10
pjp
}
0879
2020-04-10
pjp
0880
2020-04-10
pjp
char *
0881
2020-04-10
pjp
parse_keyfile(int fd, uint32_t *ttl, uint16_t *flags, uint8_t *protocol, uint8_t *algorithm, char *key, int *keyid)
0882
2020-04-10
pjp
{
0883
2020-04-10
pjp
static char retbuf[256];
0884
2020-04-10
pjp
char buf[8192];
0885
2020-04-10
pjp
char *p, *q;
0886
2020-04-10
pjp
FILE *f;
0887
2020-04-10
pjp
0888
2020-04-10
pjp
if ((f = fdopen(fd, "r")) == NULL)
0889
2020-04-10
pjp
return NULL;
0890
2020-04-10
pjp
0891
2020-04-10
pjp
while (fgets(buf, sizeof(buf), f) != NULL) {
0892
2020-04-10
pjp
if (buf[0] == ';') {
0893
2020-04-10
pjp
if ((p = strstr(buf, "keyid ")) != NULL) {
0894
2020-04-10
pjp
p += 6;
0895
2020-04-10
pjp
q = strchr(p, ' ');
0896
2020-04-10
pjp
if (q == NULL)
0897
2020-04-10
pjp
return NULL;
0898
2020-04-10
pjp
*q = '\0';
0899
2020-04-10
pjp
pack32((char *)keyid, atoi(p));
0900
2020-04-10
pjp
}
0901
2020-04-10
pjp
0902
2020-04-10
pjp
continue;
0903
2020-04-10
pjp
}
0904
2020-04-10
pjp
}
0905
2020-04-10
pjp
0906
2020-04-10
pjp
/* name */
0907
2020-04-10
pjp
p = &buf[0];
0908
2020-04-10
pjp
q = strchr(p, ' ');
0909
2020-04-10
pjp
if (q == NULL) {
0910
2020-04-10
pjp
return NULL;
0911
2020-04-10
pjp
}
0912
2020-04-10
pjp
0913
2020-04-10
pjp
*q++ = '\0';
0914
2020-04-10
pjp
0915
2020-04-10
pjp
strlcpy(retbuf, p, sizeof(retbuf));
0916
2020-04-10
pjp
/* ttl */
0917
2020-04-10
pjp
p = q;
0918
2020-04-10
pjp
0919
2020-04-10
pjp
q = strchr(p, ' ');
0920
2020-04-10
pjp
if (q == NULL)
0921
2020-04-10
pjp
return NULL;
0922
2020-04-10
pjp
0923
2020-04-10
pjp
*q++ = '\0';
0924
2020-04-10
pjp
*ttl = atoi(p);
0925
2020-04-10
pjp
/* IN/DNSKEY/ flags */
0926
2020-04-10
pjp
p = q;
0927
2020-04-10
pjp
q = strchr(p, ' ');
0928
2020-04-10
pjp
if (q == NULL)
0929
2020-04-10
pjp
return NULL;
0930
2020-04-10
pjp
q++;
0931
2020-04-10
pjp
p = q;
0932
2020-04-10
pjp
q = strchr(p, ' ');
0933
2020-04-10
pjp
if (q == NULL)
0934
2020-04-10
pjp
return NULL;
0935
2020-04-10
pjp
q++;
0936
2020-04-10
pjp
p = q;
0937
2020-04-10
pjp
q = strchr(p, ' ');
0938
2020-04-10
pjp
if (q == NULL)
0939
2020-04-10
pjp
return NULL;
0940
2020-04-10
pjp
*q++ = '\0';
0941
2020-04-10
pjp
*flags = atoi(p);
0942
2020-04-10
pjp
/* protocol */
0943
2020-04-10
pjp
p = q;
0944
2020-04-10
pjp
q = strchr(p, ' ');
0945
2020-04-10
pjp
if (q == NULL)
0946
2020-04-10
pjp
return NULL;
0947
2020-04-10
pjp
*q++ = '\0';
0948
2020-04-10
pjp
*protocol = atoi(p);
0949
2020-04-10
pjp
/* algorithm */
0950
2020-04-10
pjp
p = q;
0951
2020-04-10
pjp
q = strchr(p, ' ');
0952
2020-04-10
pjp
if (q == NULL)
0953
2020-04-10
pjp
return NULL;
0954
2020-04-10
pjp
*q++ = '\0';
0955
2020-04-10
pjp
*algorithm = atoi(p);
0956
2020-04-10
pjp
/* key */
0957
2020-04-10
pjp
p = q;
0958
2020-04-10
pjp
0959
2020-04-10
pjp
q = key;
0960
2020-04-10
pjp
while (*p) {
0961
2020-04-10
pjp
if (*p == ' ' || *p == '\n' || *p == '\r') {
0962
2020-04-10
pjp
p++;
0963
2020-04-10
pjp
continue;
0964
2020-04-10
pjp
}
0965
2020-04-10
pjp
0966
2020-04-10
pjp
*q++ = *p++;
0967
2020-04-10
pjp
}
0968
2020-04-10
pjp
*q = '\0';
0969
2020-04-10
pjp
0970
2020-04-10
pjp
return (&retbuf[0]);
0971
2020-04-10
pjp
}
0972
2020-04-10
pjp
0973
2020-04-10
pjp
int
0974
2020-04-10
pjp
dump_db(ddDB *db, FILE *of, char *zonename)
0975
2020-04-10
pjp
{
0976
2020-04-10
pjp
int j, rs;
0977
2020-04-10
pjp
0978
2020-04-10
pjp
ddDBT key, data;
0979
2020-04-10
pjp
0980
2020-04-10
pjp
struct node *n, *nx;
0981
2020-04-10
pjp
struct rbtree *rbt0, *rbt;
0982
2020-04-10
pjp
0983
2020-04-10
pjp
char *dnsname;
0984
2020-04-10
pjp
int labellen;
0985
2020-04-10
pjp
0986
2020-04-10
pjp
fprintf(of, "; this file is automatically generated, do NOT edit\n");
0987
2020-04-10
pjp
fprintf(of, "; it was generated by dddctl.c\n");
0988
2020-04-10
pjp
0989
2020-04-10
pjp
fprintf(of, "zone \"%s\" {\n", zonename);
0990
2020-04-10
pjp
0991
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
0992
2020-04-10
pjp
if (dnsname == NULL)
0993
2020-04-10
pjp
return -1;
0994
2020-04-10
pjp
0995
2020-04-10
pjp
if ((rbt0 = Lookup_zone(db, dnsname, labellen, DNS_TYPE_SOA, 0)) == NULL) {
0996
2020-04-10
pjp
return -1;
0997
2020-04-10
pjp
}
0998
2020-04-10
pjp
0999
2020-04-10
pjp
if (print_rbt(of, rbt0) < 0) {
1000
2020-04-10
pjp
fprintf(stderr, "print_rbt error\n");
1001
2020-04-10
pjp
return -1;
1002
2020-04-10
pjp
}
1003
2020-04-10
pjp
1004
2020-04-10
pjp
memset(&key, 0, sizeof(key));
1005
2020-04-10
pjp
memset(&data, 0, sizeof(data));
1006
2020-04-10
pjp
1007
2020-04-10
pjp
j = 0;
1008
2020-04-10
pjp
RB_FOREACH_SAFE(n, domaintree, &db->head, nx) {
1009
2020-04-10
pjp
rs = n->datalen;
1010
2020-04-10
pjp
if ((rbt = calloc(1, rs)) == NULL) {
1011
2020-04-10
pjp
dolog(LOG_INFO, "calloc: %s\n", strerror(errno));
1012
2020-04-10
pjp
exit(1);
1013
2020-04-10
pjp
}
1014
2020-04-10
pjp
1015
2020-04-10
pjp
memcpy((char *)rbt, (char *)n->data, n->datalen);
1016
2020-04-10
pjp
1017
2020-04-10
pjp
if (rbt->zonelen == rbt0->zonelen &&
1018
2020-04-10
pjp
memcasecmp(rbt->zone, rbt0->zone, rbt->zonelen) == 0) {
1019
2020-04-10
pjp
continue;
1020
2020-04-10
pjp
}
1021
2020-04-10
pjp
1022
2020-04-10
pjp
if (print_rbt(of, rbt) < 0) {
1023
2020-04-10
pjp
fprintf(stderr, "print_rbt error\n");
1024
2020-04-10
pjp
return -1;
1025
2020-04-10
pjp
}
1026
2020-04-10
pjp
1027
2020-04-10
pjp
j++;
1028
2020-04-10
pjp
}
1029
2020-04-10
pjp
1030
2020-04-10
pjp
fprintf(of, "}\n");
1031
2020-04-10
pjp
1032
2020-04-10
pjp
#if DEBUG
1033
2020-04-10
pjp
printf("%d records\n", j);
1034
2020-04-10
pjp
#endif
1035
2020-04-10
pjp
return (0);
1036
2020-04-10
pjp
}
1037
2020-04-10
pjp
1038
2020-04-10
pjp
char *
1039
2020-04-10
pjp
create_key(char *zonename, int ttl, int flags, int algorithm, int bits, uint32_t *pid)
1040
2020-04-10
pjp
{
1041
2020-04-10
pjp
switch (algorithm) {
1042
2020-04-10
pjp
case ALGORITHM_RSASHA1_NSEC3_SHA1:
1043
2020-04-10
pjp
case ALGORITHM_RSASHA256:
1044
2020-04-10
pjp
case ALGORITHM_RSASHA512:
1045
2020-04-10
pjp
return (create_key_rsa(zonename, ttl, flags, algorithm, bits, pid));
1046
2020-04-10
pjp
break;
1047
2020-04-10
pjp
case ALGORITHM_ECDSAP256SHA256:
1048
2020-04-10
pjp
return (create_key_ec(zonename, ttl, flags, algorithm, bits, pid));
1049
2020-04-10
pjp
break;
1050
2020-04-10
pjp
default:
1051
2020-04-10
pjp
dolog(LOG_INFO, "invalid algorithm in key\n");
1052
2020-04-10
pjp
break;
1053
2020-04-10
pjp
}
1054
2020-04-10
pjp
1055
2020-04-10
pjp
return NULL;
1056
2020-04-10
pjp
}
1057
2020-04-10
pjp
1058
2020-04-10
pjp
char *
1059
2020-04-10
pjp
create_key_ec(char *zonename, int ttl, int flags, int algorithm, int bits, uint32_t *pid)
1060
2020-04-10
pjp
{
1061
2020-04-10
pjp
FILE *f;
1062
2020-04-10
pjp
EC_KEY *eckey;
1063
2020-04-10
pjp
EC_GROUP *ecgroup;
1064
2020-04-10
pjp
const BIGNUM *ecprivatekey;
1065
2020-04-10
pjp
const EC_POINT *ecpublickey;
1066
2020-04-10
pjp
1067
2020-04-10
pjp
struct stat sb;
1068
2020-04-10
pjp
1069
2020-04-10
pjp
char bin[4096];
1070
2020-04-10
pjp
char b64[4096];
1071
2020-04-10
pjp
char tmp[4096];
1072
2020-04-10
pjp
char buf[512];
1073
2020-04-10
pjp
char *retval;
1074
2020-04-10
pjp
char *p;
1075
2020-04-10
pjp
1076
2020-04-10
pjp
int binlen;
1077
2020-04-10
pjp
1078
2020-04-10
pjp
mode_t savemask;
1079
2020-04-10
pjp
time_t now;
1080
2020-04-10
pjp
struct tm *tm;
1081
2020-04-10
pjp
1082
2020-04-10
pjp
if (algorithm != ALGORITHM_ECDSAP256SHA256) {
1083
2020-04-10
pjp
return NULL;
1084
2020-04-10
pjp
}
1085
2020-04-10
pjp
1086
2020-04-10
pjp
eckey = EC_KEY_new();
1087
2020-04-10
pjp
if (eckey == NULL) {
1088
2020-04-10
pjp
dolog(LOG_ERR, "EC_KEY_new(): %s\n", strerror(errno));
1089
2020-04-10
pjp
return NULL;
1090
2020-04-10
pjp
}
1091
2020-04-10
pjp
1092
2020-04-10
pjp
ecgroup = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);
1093
2020-04-10
pjp
if (ecgroup == NULL) {
1094
2020-04-10
pjp
dolog(LOG_ERR, "EC_GROUP_new_by_curve_name(): %s\n", strerror(errno));
1095
2020-04-10
pjp
EC_KEY_free(eckey);
1096
2020-04-10
pjp
return NULL;
1097
2020-04-10
pjp
}
1098
2020-04-10
pjp
1099
2020-04-10
pjp
if (EC_KEY_set_group(eckey, ecgroup) != 1) {
1100
2020-04-10
pjp
dolog(LOG_ERR, "EC_KEY_set_group(): %s\n", strerror(errno));
1101
2020-04-10
pjp
goto out;
1102
2020-04-10
pjp
}
1103
2020-04-10
pjp
1104
2020-04-10
pjp
/* XXX create EC key here */
1105
2020-04-10
pjp
if (EC_KEY_generate_key(eckey) == 0) {
1106
2020-04-10
pjp
dolog(LOG_ERR, "EC_KEY_generate_key(): %s\n", strerror(errno));
1107
2020-04-10
pjp
goto out;
1108
2020-04-10
pjp
}
1109
2020-04-10
pjp
1110
2020-04-10
pjp
ecprivatekey = EC_KEY_get0_private_key(eckey);
1111
2020-04-10
pjp
if (ecprivatekey == NULL) {
1112
2020-04-10
pjp
dolog(LOG_INFO, "EC_KEY_get0_private_key(): %s\n", strerror(errno));
1113
2020-04-10
pjp
goto out;
1114
2020-04-10
pjp
}
1115
2020-04-10
pjp
1116
2020-04-10
pjp
ecpublickey = EC_KEY_get0_public_key(eckey);
1117
2020-04-10
pjp
if (ecpublickey == NULL) {
1118
2020-04-10
pjp
dolog(LOG_ERR, "EC_KEY_get0_public_key(): %s\n", strerror(errno));
1119
2020-04-10
pjp
goto out;
1120
2020-04-10
pjp
}
1121
2020-04-10
pjp
1122
2020-04-10
pjp
*pid = create_key_ec_getpid(eckey, ecgroup, (EC_POINT *)ecpublickey, algorithm, flags);
1123
2020-04-10
pjp
if (*pid == -1) {
1124
2020-04-10
pjp
dolog(LOG_ERR, "create_key_ec_getpid(): %s\n", strerror(errno));
1125
2020-04-10
pjp
goto out;
1126
2020-04-10
pjp
}
1127
2020-04-10
pjp
1128
2020-04-10
pjp
/* check for collisions, XXX should be rare */
1129
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
1130
2020-04-10
pjp
if (knp->pid == *pid)
1131
2020-04-10
pjp
break;
1132
2020-04-10
pjp
}
1133
2020-04-10
pjp
1134
2020-04-10
pjp
if (knp != NULL) {
1135
2020-04-10
pjp
dolog(LOG_INFO, "create_key: collision with existing pid %d\n", *pid);
1136
2020-04-10
pjp
EC_GROUP_free(ecgroup);
1137
2020-04-10
pjp
EC_KEY_free(eckey);
1138
2020-04-10
pjp
return (create_key_ec(zonename, ttl, flags, algorithm, bits, pid));
1139
2020-04-10
pjp
}
1140
2020-04-10
pjp
1141
2020-04-10
pjp
snprintf(buf, sizeof(buf), "K%s%s+%03d+%d", zonename,
1142
2020-04-10
pjp
(zonename[strlen(zonename) - 1] == '.') ? "" : ".",
1143
2020-04-10
pjp
algorithm, *pid);
1144
2020-04-10
pjp
1145
2020-04-10
pjp
retval = strdup(buf);
1146
2020-04-10
pjp
if (retval == NULL) {
1147
2020-04-10
pjp
dolog(LOG_INFO, "strdup: %s\n", strerror(errno));
1148
2020-04-10
pjp
goto out;
1149
2020-04-10
pjp
}
1150
2020-04-10
pjp
1151
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1152
2020-04-10
pjp
1153
2020-04-10
pjp
savemask = umask(077);
1154
2020-04-10
pjp
1155
2020-04-10
pjp
errno = 0;
1156
2020-04-10
pjp
if (lstat(buf, &sb) < 0 && errno != ENOENT) {
1157
2020-04-10
pjp
perror("lstat");
1158
2020-04-10
pjp
goto out;
1159
2020-04-10
pjp
}
1160
2020-04-10
pjp
1161
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
1162
2020-04-10
pjp
dolog(LOG_INFO, "%s is not a file!\n", buf);
1163
2020-04-10
pjp
goto out;
1164
2020-04-10
pjp
}
1165
2020-04-10
pjp
1166
2020-04-10
pjp
f = fopen(buf, "w+");
1167
2020-04-10
pjp
if (f == NULL) {
1168
2020-04-10
pjp
dolog(LOG_INFO, "fopen: %s\n", strerror(errno));
1169
2020-04-10
pjp
goto out;
1170
2020-04-10
pjp
}
1171
2020-04-10
pjp
1172
2020-04-10
pjp
fprintf(f, "Private-key-format: v1.3\n");
1173
2020-04-10
pjp
fprintf(f, "Algorithm: %d (%s)\n", algorithm, alg_to_name(algorithm));
1174
2020-04-10
pjp
/* PrivateKey */
1175
2020-04-10
pjp
binlen = BN_bn2bin(ecprivatekey, (char *)&bin);
1176
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1177
2020-04-10
pjp
fprintf(f, "PrivateKey: %s\n", b64);
1178
2020-04-10
pjp
1179
2020-04-10
pjp
now = time(NULL);
1180
2020-04-10
pjp
tm = gmtime(&now);
1181
2020-04-10
pjp
1182
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", tm);
1183
2020-04-10
pjp
fprintf(f, "Created: %s\n", buf);
1184
2020-04-10
pjp
fprintf(f, "Publish: %s\n", buf);
1185
2020-04-10
pjp
fprintf(f, "Activate: %s\n", buf);
1186
2020-04-10
pjp
fclose(f);
1187
2020-04-10
pjp
1188
2020-04-10
pjp
/* now for the EC public .key */
1189
2020-04-10
pjp
1190
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.key", retval);
1191
2020-04-10
pjp
umask(savemask);
1192
2020-04-10
pjp
1193
2020-04-10
pjp
errno = 0;
1194
2020-04-10
pjp
if (lstat(buf, &sb) < 0 && errno != ENOENT) {
1195
2020-04-10
pjp
perror("lstat");
1196
2020-04-10
pjp
goto out;
1197
2020-04-10
pjp
}
1198
2020-04-10
pjp
1199
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
1200
2020-04-10
pjp
dolog(LOG_INFO, "%s is not a file!\n", buf);
1201
2020-04-10
pjp
goto out;
1202
2020-04-10
pjp
}
1203
2020-04-10
pjp
1204
2020-04-10
pjp
f = fopen(buf, "w+");
1205
2020-04-10
pjp
if (f == NULL) {
1206
2020-04-10
pjp
dolog(LOG_INFO, "fopen: %s\n", strerror(errno));
1207
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1208
2020-04-10
pjp
unlink(buf);
1209
2020-04-10
pjp
goto out;
1210
2020-04-10
pjp
}
1211
2020-04-10
pjp
1212
2020-04-10
pjp
fprintf(f, "; This is a %s key, keyid %u, for %s%s\n", (flags == 257) ? "key-signing" : "zone-signing", *pid, zonename, (zonename[strlen(zonename) - 1] == '.') ? "" : ".");
1213
2020-04-10
pjp
1214
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", tm);
1215
2020-04-10
pjp
strftime(bin, sizeof(bin), "%c", tm);
1216
2020-04-10
pjp
fprintf(f, "; Created: %s (%s)\n", buf, bin);
1217
2020-04-10
pjp
fprintf(f, "; Publish: %s (%s)\n", buf, bin);
1218
2020-04-10
pjp
fprintf(f, "; Activate: %s (%s)\n", buf, bin);
1219
2020-04-10
pjp
1220
2020-04-10
pjp
if ((binlen = EC_POINT_point2oct(ecgroup, ecpublickey, POINT_CONVERSION_UNCOMPRESSED, tmp, sizeof(tmp), NULL)) == 0) {
1221
2020-04-10
pjp
dolog(LOG_ERR, "EC_POINT_point2oct(): %s\n", strerror(errno));
1222
2020-04-10
pjp
fclose(f);
1223
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1224
2020-04-10
pjp
unlink(buf);
1225
2020-04-10
pjp
goto out;
1226
2020-04-10
pjp
}
1227
2020-04-10
pjp
1228
2020-04-10
pjp
/*
1229
2020-04-10
pjp
* taken from PowerDNS's opensslsigners.cc, apparently to get to the
1230
2020-04-10
pjp
* real public key one has to take out a byte and reduce the length
1231
2020-04-10
pjp
*/
1232
2020-04-10
pjp
1233
2020-04-10
pjp
p = tmp;
1234
2020-04-10
pjp
p++;
1235
2020-04-10
pjp
binlen--;
1236
2020-04-10
pjp
1237
2020-08-08
pjp
mybase64_encode(p, binlen, b64, sizeof(b64));
1238
2020-04-10
pjp
fprintf(f, "%s%s %d IN DNSKEY %d 3 %d %s\n", zonename, (zonename[strlen(zonename) - 1] == '.') ? "" : ".", ttl, flags, algorithm, b64);
1239
2020-04-10
pjp
1240
2020-04-10
pjp
fclose(f);
1241
2020-04-10
pjp
1242
2020-04-10
pjp
EC_GROUP_free(ecgroup);
1243
2020-04-10
pjp
EC_KEY_free(eckey);
1244
2020-04-10
pjp
1245
2020-04-10
pjp
return (retval);
1246
2020-04-10
pjp
1247
2020-04-10
pjp
out:
1248
2020-04-10
pjp
EC_GROUP_free(ecgroup);
1249
2020-04-10
pjp
EC_KEY_free(eckey);
1250
2020-04-10
pjp
1251
2020-04-10
pjp
return NULL;
1252
2020-04-10
pjp
}
1253
2020-04-10
pjp
1254
2020-04-10
pjp
int
1255
2020-04-10
pjp
create_key_ec_getpid(EC_KEY *eckey, EC_GROUP *ecgroup, EC_POINT *ecpublickey, int algorithm, int flags)
1256
2020-04-10
pjp
{
1257
2020-04-10
pjp
int binlen;
1258
2020-04-10
pjp
char *tmp, *p, *q;
1259
2020-04-10
pjp
char bin[4096];
1260
2020-04-10
pjp
1261
2020-04-10
pjp
p = &bin[0];
1262
2020-04-10
pjp
pack16(p, htons(flags));
1263
2020-04-10
pjp
p += 2;
1264
2020-04-10
pjp
pack8(p, 3); /* protocol always 3 */
1265
2020-04-10
pjp
p++;
1266
2020-04-10
pjp
pack8(p, algorithm);
1267
2020-04-10
pjp
p++;
1268
2020-04-10
pjp
1269
2020-04-10
pjp
binlen = EC_POINT_point2oct(ecgroup, ecpublickey, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL);
1270
2020-04-10
pjp
1271
2020-04-10
pjp
if (binlen == 0) {
1272
2020-04-10
pjp
dolog(LOG_ERR, "EC_POINT_point2oct(): %s\n", strerror(errno));
1273
2020-04-10
pjp
return -1;
1274
2020-04-10
pjp
}
1275
2020-04-10
pjp
1276
2020-04-10
pjp
tmp = malloc(binlen);
1277
2020-04-10
pjp
if (tmp == NULL) {
1278
2020-04-10
pjp
dolog(LOG_ERR, "malloc: %s\n", strerror(errno));
1279
2020-04-10
pjp
return (-1);
1280
2020-04-10
pjp
}
1281
2020-04-10
pjp
1282
2020-04-10
pjp
if (EC_POINT_point2oct(ecgroup, ecpublickey, POINT_CONVERSION_UNCOMPRESSED, tmp, binlen, NULL) == 0) {
1283
2020-04-10
pjp
dolog(LOG_ERR, "EC_POINT_point2oct(): %s\n", strerror(errno));
1284
2020-04-10
pjp
return -1;
1285
2020-04-10
pjp
}
1286
2020-04-10
pjp
1287
2020-04-10
pjp
q = tmp;
1288
2020-04-10
pjp
q++;
1289
2020-04-10
pjp
binlen--;
1290
2020-04-10
pjp
1291
2020-04-10
pjp
pack(p, q, binlen);
1292
2020-04-10
pjp
p += binlen;
1293
2020-04-10
pjp
1294
2020-04-10
pjp
free(tmp);
1295
2020-04-10
pjp
binlen = (p - &bin[0]);
1296
2020-04-10
pjp
1297
2020-04-10
pjp
return (keytag(bin, binlen));
1298
2020-04-10
pjp
}
1299
2020-04-10
pjp
1300
2020-04-10
pjp
char *
1301
2020-04-10
pjp
create_key_rsa(char *zonename, int ttl, int flags, int algorithm, int bits, uint32_t *pid)
1302
2020-04-10
pjp
{
1303
2020-04-10
pjp
FILE *f;
1304
2020-04-10
pjp
RSA *rsa;
1305
2020-04-10
pjp
BIGNUM *e;
1306
2020-04-10
pjp
BIGNUM *rsan, *rsae, *rsad, *rsap, *rsaq;
1307
2020-04-10
pjp
BIGNUM *rsadmp1, *rsadmq1, *rsaiqmp;
1308
2020-04-10
pjp
BN_GENCB *cb;
1309
2020-04-10
pjp
char buf[512];
1310
2020-04-10
pjp
char bin[4096];
1311
2020-04-10
pjp
char b64[4096];
1312
2020-04-10
pjp
char tmp[4096];
1313
2020-08-08
pjp
int i, binlen;
1314
2020-04-10
pjp
char *retval;
1315
2020-04-10
pjp
char *p;
1316
2020-04-10
pjp
time_t now;
1317
2020-04-10
pjp
struct tm *tm;
1318
2020-04-10
pjp
struct stat sb;
1319
2020-04-10
pjp
mode_t savemask;
1320
2020-04-10
pjp
int rlen;
1321
2020-04-10
pjp
1322
2020-04-10
pjp
if ((rsa = RSA_new()) == NULL) {
1323
2020-04-10
pjp
dolog(LOG_INFO, "RSA_new: %s\n", strerror(errno));
1324
2020-04-10
pjp
return NULL;
1325
2020-04-10
pjp
}
1326
2020-04-10
pjp
1327
2020-04-10
pjp
if ((e = BN_new()) == NULL) {
1328
2020-04-10
pjp
dolog(LOG_INFO, "BN_new: %s\n", strerror(errno));
1329
2020-04-10
pjp
RSA_free(rsa);
1330
2020-04-10
pjp
return NULL;
1331
2020-04-10
pjp
}
1332
2020-04-10
pjp
if ((rsan = BN_new()) == NULL ||
1333
2020-04-10
pjp
(rsae = BN_new()) == NULL ||
1334
2020-04-10
pjp
(rsad = BN_new()) == NULL ||
1335
2020-04-10
pjp
(rsap = BN_new()) == NULL ||
1336
2020-04-10
pjp
(rsaq = BN_new()) == NULL ||
1337
2020-04-10
pjp
(rsadmp1 = BN_new()) == NULL ||
1338
2020-04-10
pjp
(rsadmq1 = BN_new()) == NULL ||
1339
2020-04-10
pjp
(rsaiqmp = BN_new()) == NULL) {
1340
2020-04-10
pjp
dolog(LOG_INFO, "BN_new: %s\n", strerror(errno));
1341
2020-04-10
pjp
RSA_free(rsa);
1342
2020-04-10
pjp
return NULL;
1343
2020-04-10
pjp
}
1344
2020-04-10
pjp
1345
2020-04-10
pjp
if ((cb = BN_GENCB_new()) == NULL) {
1346
2020-04-10
pjp
dolog(LOG_INFO, "BN_GENCB_new: %s\n", strerror(errno));
1347
2020-04-10
pjp
RSA_free(rsa);
1348
2020-04-10
pjp
return NULL;
1349
2020-04-10
pjp
}
1350
2020-04-10
pjp
1351
2020-04-10
pjp
for (i = 0; i < 32; i++) {
1352
2020-04-10
pjp
if (RSA_F4 & (1 << i)) {
1353
2020-04-10
pjp
BN_set_bit(e, i);
1354
2020-04-10
pjp
}
1355
2020-04-10
pjp
}
1356
2020-04-10
pjp
1357
2020-04-10
pjp
BN_GENCB_set_old(cb, NULL, NULL);
1358
2020-04-10
pjp
1359
2020-04-10
pjp
switch (algorithm) {
1360
2020-04-10
pjp
case ALGORITHM_RSASHA1_NSEC3_SHA1:
1361
2020-04-10
pjp
break;
1362
2020-04-10
pjp
case ALGORITHM_RSASHA256:
1363
2020-04-10
pjp
break;
1364
2020-04-10
pjp
case ALGORITHM_RSASHA512:
1365
2020-04-10
pjp
break;
1366
2020-04-10
pjp
default:
1367
2020-04-10
pjp
dolog(LOG_INFO, "invalid algorithm in key\n");
1368
2020-04-10
pjp
return NULL;
1369
2020-04-10
pjp
}
1370
2020-04-10
pjp
1371
2020-04-10
pjp
if (RSA_generate_key_ex(rsa, bits, e, cb) == 0) {
1372
2020-04-10
pjp
dolog(LOG_INFO, "RSA_generate_key_ex: %s\n", strerror(errno));
1373
2020-04-10
pjp
BN_free(e);
1374
2020-04-10
pjp
RSA_free(rsa);
1375
2020-04-10
pjp
BN_GENCB_free(cb);
1376
2020-04-10
pjp
return NULL;
1377
2020-04-10
pjp
}
1378
2020-04-10
pjp
1379
2020-04-10
pjp
/* cb is not used again */
1380
2020-04-10
pjp
BN_GENCB_free(cb);
1381
2020-04-10
pjp
1382
2020-04-10
pjp
/* get the bignums for now hidden struct */
1383
2020-04-10
pjp
RSA_get0_key(rsa, (const BIGNUM **)&rsan, (const BIGNUM **)&rsae, (const BIGNUM **)&rsad);
1384
2020-04-10
pjp
1385
2020-04-10
pjp
/* get the keytag, this is a bit of a hard process */
1386
2020-04-10
pjp
p = (char *)&bin[0];
1387
2020-04-10
pjp
pack16(p, htons(flags));
1388
2020-04-10
pjp
p+=2;
1389
2020-04-10
pjp
pack8(p, 3); /* protocol always 3 */
1390
2020-04-10
pjp
p++;
1391
2020-04-10
pjp
pack8(p, algorithm);
1392
2020-04-10
pjp
p++;
1393
2020-04-10
pjp
binlen = BN_bn2bin(rsae, (char *)tmp);
1394
2020-04-10
pjp
/* RFC 3110 */
1395
2020-04-10
pjp
if (binlen < 256) {
1396
2020-04-10
pjp
*p = binlen;
1397
2020-04-10
pjp
p++;
1398
2020-04-10
pjp
} else {
1399
2020-04-10
pjp
*p = 0;
1400
2020-04-10
pjp
p++;
1401
2020-04-10
pjp
pack16(p, htons(binlen));
1402
2020-04-10
pjp
p += 2;
1403
2020-04-10
pjp
}
1404
2020-04-10
pjp
1405
2020-04-10
pjp
pack(p, tmp, binlen);
1406
2020-04-10
pjp
p += binlen;
1407
2020-04-10
pjp
binlen = BN_bn2bin(rsan, (char *)tmp);
1408
2020-04-10
pjp
pack(p, tmp, binlen);
1409
2020-04-10
pjp
p += binlen;
1410
2020-04-10
pjp
rlen = (p - &bin[0]);
1411
2020-04-10
pjp
*pid = keytag(bin, rlen);
1412
2020-04-10
pjp
1413
2020-04-10
pjp
/* check for collisions, XXX should be rare */
1414
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
1415
2020-04-10
pjp
if (knp->pid == *pid)
1416
2020-04-10
pjp
break;
1417
2020-04-10
pjp
}
1418
2020-04-10
pjp
1419
2020-04-10
pjp
if (knp != NULL) {
1420
2020-04-10
pjp
dolog(LOG_INFO, "create_key: collision with existing pid %d\n", *pid);
1421
2020-04-10
pjp
RSA_free(rsa);
1422
2020-04-10
pjp
BN_free(e);
1423
2020-04-10
pjp
return (create_key_rsa(zonename, ttl, flags, algorithm, bits, pid));
1424
2020-04-10
pjp
}
1425
2020-04-10
pjp
1426
2020-04-10
pjp
snprintf(buf, sizeof(buf), "K%s%s+%03d+%d", zonename,
1427
2020-04-10
pjp
(zonename[strlen(zonename) - 1] == '.') ? "" : ".",
1428
2020-04-10
pjp
algorithm, *pid);
1429
2020-04-10
pjp
1430
2020-04-10
pjp
retval = strdup(buf);
1431
2020-04-10
pjp
if (retval == NULL) {
1432
2020-04-10
pjp
dolog(LOG_INFO, "strdup: %s\n", strerror(errno));
1433
2020-04-10
pjp
RSA_free(rsa);
1434
2020-04-10
pjp
BN_free(e);
1435
2020-04-10
pjp
return NULL;
1436
2020-04-10
pjp
}
1437
2020-04-10
pjp
1438
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1439
2020-04-10
pjp
1440
2020-04-10
pjp
savemask = umask(077);
1441
2020-04-10
pjp
1442
2020-04-10
pjp
errno = 0;
1443
2020-04-10
pjp
if (lstat(buf, &sb) < 0 && errno != ENOENT) {
1444
2020-04-10
pjp
perror("lstat");
1445
2020-04-10
pjp
exit(1);
1446
2020-04-10
pjp
}
1447
2020-04-10
pjp
1448
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
1449
2020-04-10
pjp
dolog(LOG_INFO, "%s is not a file!\n", buf);
1450
2020-04-10
pjp
RSA_free(rsa);
1451
2020-04-10
pjp
BN_free(e);
1452
2020-04-10
pjp
return NULL;
1453
2020-04-10
pjp
}
1454
2020-04-10
pjp
1455
2020-04-10
pjp
f = fopen(buf, "w+");
1456
2020-04-10
pjp
if (f == NULL) {
1457
2020-04-10
pjp
dolog(LOG_INFO, "fopen: %s\n", strerror(errno));
1458
2020-04-10
pjp
RSA_free(rsa);
1459
2020-04-10
pjp
BN_free(e);
1460
2020-04-10
pjp
return NULL;
1461
2020-04-10
pjp
}
1462
2020-04-10
pjp
1463
2020-04-10
pjp
fprintf(f, "Private-key-format: v1.3\n");
1464
2020-04-10
pjp
fprintf(f, "Algorithm: %d (%s)\n", algorithm, alg_to_name(algorithm));
1465
2020-04-10
pjp
/* modulus */
1466
2020-04-10
pjp
binlen = BN_bn2bin(rsan, (char *)&bin);
1467
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1468
2020-04-10
pjp
fprintf(f, "Modulus: %s\n", b64);
1469
2020-04-10
pjp
/* public exponent */
1470
2020-04-10
pjp
binlen = BN_bn2bin(rsae, (char *)&bin);
1471
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1472
2020-04-10
pjp
fprintf(f, "PublicExponent: %s\n", b64);
1473
2020-04-10
pjp
/* private exponent */
1474
2020-04-10
pjp
binlen = BN_bn2bin(rsad, (char *)&bin);
1475
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1476
2020-04-10
pjp
fprintf(f, "PrivateExponent: %s\n", b64);
1477
2020-04-10
pjp
/* get the RSA factors */
1478
2020-04-10
pjp
RSA_get0_factors(rsa, (const BIGNUM **)&rsap, (const BIGNUM **)&rsaq);
1479
2020-04-10
pjp
/* prime1 */
1480
2020-04-10
pjp
binlen = BN_bn2bin(rsap, (char *)&bin);
1481
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1482
2020-04-10
pjp
fprintf(f, "Prime1: %s\n", b64);
1483
2020-04-10
pjp
/* prime2 */
1484
2020-04-10
pjp
binlen = BN_bn2bin(rsaq, (char *)&bin);
1485
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1486
2020-04-10
pjp
fprintf(f, "Prime2: %s\n", b64);
1487
2020-04-10
pjp
/* get the RSA crt params */
1488
2020-04-10
pjp
RSA_get0_crt_params(rsa, (const BIGNUM **)&rsadmp1, (const BIGNUM **)&rsadmq1, (const BIGNUM **)&rsaiqmp);
1489
2020-04-10
pjp
/* exponent1 */
1490
2020-04-10
pjp
binlen = BN_bn2bin(rsadmp1, (char *)&bin);
1491
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1492
2020-04-10
pjp
fprintf(f, "Exponent1: %s\n", b64);
1493
2020-04-10
pjp
/* exponent2 */
1494
2020-04-10
pjp
binlen = BN_bn2bin(rsadmq1, (char *)&bin);
1495
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1496
2020-04-10
pjp
fprintf(f, "Exponent2: %s\n", b64);
1497
2020-04-10
pjp
/* coefficient */
1498
2020-04-10
pjp
binlen = BN_bn2bin(rsaiqmp, (char *)&bin);
1499
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1500
2020-04-10
pjp
fprintf(f, "Coefficient: %s\n", b64);
1501
2020-04-10
pjp
1502
2020-04-10
pjp
now = time(NULL);
1503
2020-04-10
pjp
tm = gmtime(&now);
1504
2020-04-10
pjp
1505
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", tm);
1506
2020-04-10
pjp
fprintf(f, "Created: %s\n", buf);
1507
2020-04-10
pjp
fprintf(f, "Publish: %s\n", buf);
1508
2020-04-10
pjp
fprintf(f, "Activate: %s\n", buf);
1509
2020-04-10
pjp
1510
2020-04-10
pjp
fclose(f);
1511
2020-04-10
pjp
BN_free(e);
1512
2020-04-10
pjp
1513
2020-04-10
pjp
/* now for the .key */
1514
2020-04-10
pjp
1515
2020-04-10
pjp
1516
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.key", retval);
1517
2020-04-10
pjp
umask(savemask);
1518
2020-04-10
pjp
1519
2020-04-10
pjp
errno = 0;
1520
2020-04-10
pjp
if (lstat(buf, &sb) < 0 && errno != ENOENT) {
1521
2020-04-10
pjp
perror("lstat");
1522
2020-04-10
pjp
exit(1);
1523
2020-04-10
pjp
}
1524
2020-04-10
pjp
1525
2020-04-10
pjp
if (errno != ENOENT && ! S_ISREG(sb.st_mode)) {
1526
2020-04-10
pjp
dolog(LOG_INFO, "%s is not a file!\n", buf);
1527
2020-04-10
pjp
RSA_free(rsa);
1528
2020-04-10
pjp
BN_free(e);
1529
2020-04-10
pjp
return NULL;
1530
2020-04-10
pjp
}
1531
2020-04-10
pjp
f = fopen(buf, "w+");
1532
2020-04-10
pjp
if (f == NULL) {
1533
2020-04-10
pjp
dolog(LOG_INFO, "fopen: %s\n", strerror(errno));
1534
2020-04-10
pjp
snprintf(buf, sizeof(buf), "%s.private", retval);
1535
2020-04-10
pjp
unlink(buf);
1536
2020-04-10
pjp
RSA_free(rsa);
1537
2020-04-10
pjp
return NULL;
1538
2020-04-10
pjp
}
1539
2020-04-10
pjp
1540
2020-04-10
pjp
fprintf(f, "; This is a %s key, keyid %u, for %s%s\n", (flags == 257) ? "key-signing" : "zone-signing", *pid, zonename, (zonename[strlen(zonename) - 1] == '.') ? "" : ".");
1541
2020-04-10
pjp
1542
2020-04-10
pjp
strftime(buf, sizeof(buf), "%Y%m%d%H%M%S", tm);
1543
2020-04-10
pjp
strftime(bin, sizeof(bin), "%c", tm);
1544
2020-04-10
pjp
fprintf(f, "; Created: %s (%s)\n", buf, bin);
1545
2020-04-10
pjp
fprintf(f, "; Publish: %s (%s)\n", buf, bin);
1546
2020-04-10
pjp
fprintf(f, "; Activate: %s (%s)\n", buf, bin);
1547
2020-04-10
pjp
1548
2020-04-10
pjp
/* RFC 3110, section 2 */
1549
2020-04-10
pjp
p = &bin[0];
1550
2020-04-10
pjp
binlen = BN_bn2bin(rsae, (char *)tmp);
1551
2020-04-10
pjp
if (binlen < 256) {
1552
2020-04-10
pjp
*p = binlen;
1553
2020-04-10
pjp
p++;
1554
2020-04-10
pjp
} else {
1555
2020-04-10
pjp
*p = 0;
1556
2020-04-10
pjp
p++;
1557
2020-04-10
pjp
pack16(p, htons(binlen));
1558
2020-04-10
pjp
p += 2;
1559
2020-04-10
pjp
}
1560
2020-04-10
pjp
pack(p, tmp, binlen);
1561
2020-04-10
pjp
p += binlen;
1562
2020-04-10
pjp
binlen = BN_bn2bin(rsan, (char *)tmp);
1563
2020-04-10
pjp
pack(p, tmp, binlen);
1564
2020-04-10
pjp
p += binlen;
1565
2020-04-10
pjp
binlen = (p - &bin[0]);
1566
2020-08-08
pjp
mybase64_encode(bin, binlen, b64, sizeof(b64));
1567
2020-04-10
pjp
fprintf(f, "%s%s %d IN DNSKEY %d 3 %d %s\n", zonename, (zonename[strlen(zonename) - 1] == '.') ? "" : ".", ttl, flags, algorithm, b64);
1568
2020-04-10
pjp
1569
2020-04-10
pjp
fclose(f);
1570
2020-04-10
pjp
RSA_free(rsa);
1571
2020-04-10
pjp
1572
2020-04-10
pjp
return (retval);
1573
2020-04-10
pjp
}
1574
2020-04-10
pjp
1575
2020-04-10
pjp
char *
1576
2020-04-10
pjp
alg_to_name(int algorithm)
1577
2020-04-10
pjp
{
1578
2020-04-10
pjp
1579
2020-04-10
pjp
switch (algorithm) {
1580
2020-04-10
pjp
case ALGORITHM_RSASHA1_NSEC3_SHA1:
1581
2020-04-10
pjp
return ("RSASHA1_NSEC3_SHA1");
1582
2020-04-10
pjp
break;
1583
2020-04-10
pjp
case ALGORITHM_RSASHA256:
1584
2020-04-10
pjp
return ("RSASHA256");
1585
2020-04-10
pjp
break;
1586
2020-04-10
pjp
case ALGORITHM_RSASHA512:
1587
2020-04-10
pjp
return ("RSASHA512");
1588
2020-04-10
pjp
break;
1589
2020-04-10
pjp
case ALGORITHM_ECDSAP256SHA256:
1590
2020-04-10
pjp
return ("ECDSAP256SHA256");
1591
2020-04-10
pjp
break;
1592
2020-04-10
pjp
}
1593
2020-04-10
pjp
1594
2020-04-10
pjp
return (NULL);
1595
2020-04-10
pjp
}
1596
2020-04-10
pjp
1597
2020-04-10
pjp
int
1598
2020-04-10
pjp
alg_to_rsa(int algorithm)
1599
2020-04-10
pjp
{
1600
2020-04-10
pjp
1601
2020-04-10
pjp
switch (algorithm) {
1602
2020-04-10
pjp
case ALGORITHM_RSASHA1_NSEC3_SHA1:
1603
2020-04-10
pjp
return (NID_sha1);
1604
2020-04-10
pjp
break;
1605
2020-04-10
pjp
case ALGORITHM_RSASHA256:
1606
2020-04-10
pjp
return (NID_sha256);
1607
2020-04-10
pjp
break;
1608
2020-04-10
pjp
case ALGORITHM_RSASHA512:
1609
2020-04-10
pjp
return (NID_sha512);
1610
2020-04-10
pjp
break;
1611
2020-04-10
pjp
}
1612
2020-04-10
pjp
1613
2020-04-10
pjp
return (-1);
1614
2020-04-10
pjp
}
1615
2020-04-10
pjp
1616
2020-04-10
pjp
int
1617
2020-04-10
pjp
calculate_rrsigs(ddDB *db, char *zonename, int expiry, int rollmethod)
1618
2020-04-10
pjp
{
1619
2020-04-10
pjp
struct node *n, *nx;
1620
2020-04-10
pjp
struct rbtree *rbt;
1621
2020-04-10
pjp
struct rrset *rrset = NULL;
1622
2020-04-10
pjp
int j, rs;
1623
2020-04-10
pjp
1624
2020-04-10
pjp
time_t now, twoweeksago;
1625
2020-04-10
pjp
char timebuf[32];
1626
2020-04-10
pjp
struct tm *tm;
1627
2020-04-10
pjp
1628
2020-04-10
pjp
/* set expiredon and signedon */
1629
2020-04-10
pjp
1630
2020-04-10
pjp
now = time(NULL);
1631
2020-04-10
pjp
twoweeksago = now - SIGNEDON_DRIFT;
1632
2020-04-10
pjp
tm = gmtime(&twoweeksago);
1633
2020-04-10
pjp
strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%S", tm);
1634
2020-04-10
pjp
signedon = atoll(timebuf);
1635
2020-04-10
pjp
now += expiry;
1636
2020-04-10
pjp
tm = gmtime(&now);
1637
2020-04-10
pjp
strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%S", tm);
1638
2020-04-10
pjp
expiredon = atoll(timebuf);
1639
2020-04-10
pjp
1640
2020-04-10
pjp
#if PROVIDED_SIGNTIME
1641
2020-04-10
pjp
signedon = SIGNEDON;
1642
2020-04-10
pjp
expiredon = EXPIREDON;
1643
2020-04-10
pjp
#endif
1644
2020-04-10
pjp
1645
2020-04-10
pjp
j = 0;
1646
2020-04-10
pjp
1647
2020-04-10
pjp
RB_FOREACH_SAFE(n, domaintree, &db->head, nx) {
1648
2020-04-10
pjp
rs = n->datalen;
1649
2020-04-10
pjp
if ((rbt = calloc(1, rs)) == NULL) {
1650
2020-04-10
pjp
dolog(LOG_INFO, "calloc: %s\n", strerror(errno));
1651
2020-04-10
pjp
exit(1);
1652
2020-04-10
pjp
}
1653
2020-04-10
pjp
1654
2020-04-10
pjp
memcpy((char *)rbt, (char *)n->data, n->datalen);
1655
2020-04-10
pjp
1656
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_DNSKEY)) != NULL) {
1657
2020-04-10
pjp
if (sign_dnskey(db, zonename, expiry, rbt, rollmethod) < 0) {
1658
2020-04-10
pjp
fprintf(stderr, "sign_dnskey error\n");
1659
2020-04-10
pjp
return -1;
1660
2020-04-10
pjp
}
1661
2020-04-10
pjp
}
1662
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_A)) != NULL) {
1663
2020-04-10
pjp
if (notglue(db, rbt, zonename) &&
1664
2020-04-10
pjp
sign_a(db, zonename, expiry, rbt, rollmethod) < 0) {
1665
2020-04-10
pjp
fprintf(stderr, "sign_a error\n");
1666
2020-04-10
pjp
return -1;
1667
2020-04-10
pjp
}
1668
2020-04-10
pjp
}
1669
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_MX)) != NULL) {
1670
2020-04-10
pjp
if (sign_mx(db, zonename, expiry, rbt, rollmethod) < 0) {
1671
2020-04-10
pjp
fprintf(stderr, "sign_mx error\n");
1672
2020-04-10
pjp
return -1;
1673
2020-04-10
pjp
}
1674
2020-04-10
pjp
}
1675
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NS)) != NULL) {
1676
2020-04-10
pjp
if (sign_ns(db, zonename, expiry, rbt, rollmethod) < 0) {
1677
2020-04-10
pjp
fprintf(stderr, "sign_ns error\n");
1678
2020-04-10
pjp
return -1;
1679
2020-04-10
pjp
}
1680
2020-04-10
pjp
}
1681
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_SOA)) != NULL) {
1682
2020-04-10
pjp
if (sign_soa(db, zonename, expiry, rbt, rollmethod) < 0) {
1683
2020-04-10
pjp
fprintf(stderr, "sign_soa error\n");
1684
2020-04-10
pjp
return -1;
1685
2020-04-10
pjp
}
1686
2020-04-10
pjp
}
1687
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_TXT)) != NULL) {
1688
2020-04-10
pjp
if (sign_txt(db, zonename, expiry, rbt, rollmethod) < 0) {
1689
2020-04-10
pjp
fprintf(stderr, "sign_txt error\n");
1690
2020-04-10
pjp
return -1;
1691
2020-04-10
pjp
}
1692
2020-04-10
pjp
}
1693
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_AAAA)) != NULL) {
1694
2020-04-10
pjp
/* find out if we're glue, if not sign */
1695
2020-04-10
pjp
if (notglue(db, rbt, zonename) &&
1696
2020-04-10
pjp
sign_aaaa(db, zonename, expiry, rbt, rollmethod) < 0) {
1697
2020-04-10
pjp
fprintf(stderr, "sign_aaaa error\n");
1698
2020-04-10
pjp
return -1;
1699
2020-04-10
pjp
}
1700
2020-04-10
pjp
}
1701
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3)) != NULL) {
1702
2020-04-10
pjp
if (sign_nsec3(db, zonename, expiry, rbt, rollmethod) < 0) {
1703
2020-04-10
pjp
fprintf(stderr, "sign_nsec3 error\n");
1704
2020-04-10
pjp
return -1;
1705
2020-04-10
pjp
}
1706
2020-04-10
pjp
}
1707
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3PARAM)) != NULL) {
1708
2020-04-10
pjp
if (sign_nsec3param(db, zonename, expiry, rbt, rollmethod) < 0) {
1709
2020-04-10
pjp
fprintf(stderr, "sign_nsec3param error\n");
1710
2020-04-10
pjp
return -1;
1711
2020-04-10
pjp
}
1712
2020-04-10
pjp
}
1713
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_CNAME)) != NULL) {
1714
2020-04-10
pjp
if (sign_cname(db, zonename, expiry, rbt, rollmethod) < 0) {
1715
2020-04-10
pjp
fprintf(stderr, "sign_cname error\n");
1716
2020-04-10
pjp
return -1;
1717
2020-04-10
pjp
}
1718
2020-04-10
pjp
}
1719
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_PTR)) != NULL) {
1720
2020-04-10
pjp
if (sign_ptr(db, zonename, expiry, rbt, rollmethod) < 0) {
1721
2020-04-10
pjp
fprintf(stderr, "sign_ptr error\n");
1722
2020-04-10
pjp
return -1;
1723
2020-04-10
pjp
}
1724
2020-04-10
pjp
}
1725
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NAPTR)) != NULL) {
1726
2020-04-10
pjp
if (sign_naptr(db, zonename, expiry, rbt, rollmethod) < 0) {
1727
2020-04-10
pjp
fprintf(stderr, "sign_naptr error\n");
1728
2020-04-10
pjp
return -1;
1729
2020-04-10
pjp
}
1730
2020-04-10
pjp
}
1731
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_SRV)) != NULL) {
1732
2020-04-10
pjp
if (sign_srv(db, zonename, expiry, rbt, rollmethod) < 0) {
1733
2020-04-10
pjp
fprintf(stderr, "sign_srv error\n");
1734
2020-04-10
pjp
return -1;
1735
2020-04-10
pjp
}
1736
2020-04-10
pjp
}
1737
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_SSHFP)) != NULL) {
1738
2020-04-10
pjp
if (sign_sshfp(db, zonename, expiry, rbt, rollmethod) < 0) {
1739
2020-04-10
pjp
fprintf(stderr, "sign_sshfp error\n");
1740
2020-04-10
pjp
return -1;
1741
2020-04-10
pjp
}
1742
2020-04-10
pjp
}
1743
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_TLSA)) != NULL) {
1744
2020-04-10
pjp
if (sign_tlsa(db, zonename, expiry, rbt, rollmethod) < 0) {
1745
2020-04-10
pjp
fprintf(stderr, "sign_tlsa error\n");
1746
2020-04-10
pjp
return -1;
1747
2020-04-10
pjp
}
1748
2020-04-10
pjp
}
1749
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_DS)) != NULL) {
1750
2020-04-10
pjp
if (sign_ds(db, zonename, expiry, rbt, rollmethod) < 0) {
1751
2020-04-10
pjp
fprintf(stderr, "sign_ds error\n");
1752
2020-04-10
pjp
return -1;
1753
2020-04-10
pjp
}
1754
2020-04-10
pjp
}
1755
2020-07-23
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_CAA)) != NULL) {
1756
2020-07-23
pjp
if (sign_caa(db, zonename, expiry, rbt, rollmethod) < 0) {
1757
2020-07-23
pjp
fprintf(stderr, "sign_caa error\n");
1758
2020-07-23
pjp
return -1;
1759
2020-07-23
pjp
}
1760
2020-07-23
pjp
}
1761
2020-07-23
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_RP)) != NULL) {
1762
2020-07-23
pjp
if (sign_rp(db, zonename, expiry, rbt, rollmethod) < 0) {
1763
2020-07-23
pjp
fprintf(stderr, "sign_rp error\n");
1764
2020-07-23
pjp
return -1;
1765
2020-07-23
pjp
}
1766
2020-07-23
pjp
}
1767
2020-07-23
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_HINFO)) != NULL) {
1768
2020-07-23
pjp
if (sign_hinfo(db, zonename, expiry, rbt, rollmethod) < 0) {
1769
2020-07-23
pjp
fprintf(stderr, "sign_hinfo error\n");
1770
2020-07-23
pjp
return -1;
1771
2020-07-23
pjp
}
1772
2020-07-23
pjp
}
1773
2020-04-10
pjp
1774
2020-04-10
pjp
j++;
1775
2020-04-10
pjp
}
1776
2020-04-10
pjp
1777
2020-04-10
pjp
1778
2020-04-10
pjp
return 0;
1779
2020-04-10
pjp
}
1780
2020-04-10
pjp
1781
2020-04-10
pjp
/*
1782
2020-04-10
pjp
* create a RRSIG for an SOA record
1783
2020-04-10
pjp
*/
1784
2020-04-10
pjp
1785
2020-04-10
pjp
static int
1786
2020-04-10
pjp
sign_soa(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
1787
2020-04-10
pjp
{
1788
2020-04-10
pjp
struct rrset *rrset = NULL;
1789
2020-04-10
pjp
struct rr *rrp = NULL;
1790
2020-04-10
pjp
struct keysentry **zsk_key;
1791
2020-04-10
pjp
1792
2020-04-10
pjp
char tmp[4096];
1793
2020-04-10
pjp
char signature[4096];
1794
2020-04-10
pjp
char shabuf[64];
1795
2020-04-10
pjp
1796
2020-04-10
pjp
1797
2020-04-10
pjp
char *dnsname;
1798
2020-04-10
pjp
char *p;
1799
2020-04-10
pjp
char *key;
1800
2020-04-10
pjp
char *zone;
1801
2020-04-10
pjp
1802
2020-04-10
pjp
uint32_t ttl;
1803
2020-04-10
pjp
uint16_t flags;
1804
2020-04-10
pjp
uint8_t protocol;
1805
2020-04-10
pjp
uint8_t algorithm;
1806
2020-04-10
pjp
1807
2020-04-10
pjp
int labellen;
1808
2020-04-10
pjp
int keyid;
1809
2020-04-10
pjp
int len;
1810
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
1811
2020-04-10
pjp
int labels;
1812
2020-04-10
pjp
int nzk = 0;
1813
2020-04-10
pjp
1814
2020-04-10
pjp
char timebuf[32];
1815
2020-04-10
pjp
struct tm tm;
1816
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
1817
2020-04-10
pjp
1818
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
1819
2020-04-10
pjp
1820
2020-04-10
pjp
key = malloc(10 * 4096);
1821
2020-04-10
pjp
if (key == NULL) {
1822
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
1823
2020-04-10
pjp
return -1;
1824
2020-04-10
pjp
}
1825
2020-04-10
pjp
1826
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
1827
2020-04-10
pjp
if (zsk_key == NULL) {
1828
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
1829
2020-04-10
pjp
return -1;
1830
2020-04-10
pjp
}
1831
2020-04-10
pjp
1832
2020-04-10
pjp
nzk = 0;
1833
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
1834
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
1835
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
1836
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
1837
2020-04-10
pjp
zsk_key[nzk++] = knp;
1838
2020-04-10
pjp
}
1839
2020-04-10
pjp
}
1840
2020-04-10
pjp
1841
2020-04-10
pjp
zsk_key[nzk] = NULL;
1842
2020-04-10
pjp
1843
2020-04-10
pjp
/* get the ZSK */
1844
2020-04-10
pjp
do {
1845
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
1846
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
1847
2020-04-10
pjp
return -1;
1848
2020-04-10
pjp
}
1849
2020-04-10
pjp
1850
2020-04-10
pjp
/* check the keytag supplied */
1851
2020-04-10
pjp
p = key;
1852
2020-04-10
pjp
pack16(p, htons(flags));
1853
2020-04-10
pjp
p += 2;
1854
2020-04-10
pjp
pack8(p, protocol);
1855
2020-04-10
pjp
p++;
1856
2020-04-10
pjp
pack8(p, algorithm);
1857
2020-04-10
pjp
p++;
1858
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
1859
2020-04-10
pjp
pack(p, signature, keylen);
1860
2020-04-10
pjp
p += keylen;
1861
2020-04-10
pjp
keylen = (p - key);
1862
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
1863
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
1864
2020-04-10
pjp
return -1;
1865
2020-04-10
pjp
}
1866
2020-04-10
pjp
1867
2020-04-10
pjp
labels = label_count(rbt->zone);
1868
2020-04-10
pjp
if (labels < 0) {
1869
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
1870
2020-04-10
pjp
return -1;
1871
2020-04-10
pjp
}
1872
2020-04-10
pjp
1873
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
1874
2020-04-10
pjp
if (dnsname == NULL)
1875
2020-04-10
pjp
return -1;
1876
2020-04-10
pjp
1877
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_SOA)) != NULL) {
1878
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
1879
2020-04-10
pjp
if (rrp == NULL) {
1880
2020-04-10
pjp
dolog(LOG_INFO, "no SOA records but have rrset entry!\n");
1881
2020-04-10
pjp
return -1;
1882
2020-04-10
pjp
}
1883
2020-04-10
pjp
} else {
1884
2020-04-10
pjp
dolog(LOG_INFO, "no SOA records\n");
1885
2020-04-10
pjp
return -1;
1886
2020-04-10
pjp
}
1887
2020-04-10
pjp
1888
2020-04-10
pjp
p = key;
1889
2020-04-10
pjp
1890
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_SOA));
1891
2020-04-10
pjp
p += 2;
1892
2020-04-10
pjp
pack8(p, algorithm);
1893
2020-04-10
pjp
p++;
1894
2020-04-10
pjp
pack8(p, labels);
1895
2020-04-10
pjp
p++;
1896
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
1897
2020-04-10
pjp
p += 4;
1898
2020-04-10
pjp
1899
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
1900
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
1901
2020-04-10
pjp
expiredon2 = timegm(&tm);
1902
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
1903
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
1904
2020-04-10
pjp
signedon2 = timegm(&tm);
1905
2020-04-10
pjp
1906
2020-04-10
pjp
pack32(p, htonl(expiredon2));
1907
2020-04-10
pjp
p += 4;
1908
2020-04-10
pjp
pack32(p, htonl(signedon2));
1909
2020-04-10
pjp
p += 4;
1910
2020-04-10
pjp
pack16(p, htons(keyid));
1911
2020-04-10
pjp
p += 2;
1912
2020-04-10
pjp
pack(p, dnsname, labellen);
1913
2020-04-10
pjp
p += labellen;
1914
2020-04-10
pjp
1915
2020-04-10
pjp
/* no signature here */
1916
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
1917
2020-04-10
pjp
1918
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
1919
2020-04-10
pjp
p += rbt->zonelen;
1920
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_SOA));
1921
2020-04-10
pjp
p += 2;
1922
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
1923
2020-04-10
pjp
p += 2;
1924
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
1925
2020-04-10
pjp
p += 4;
1926
2020-04-10
pjp
pack16(p, htons(((struct soa *)rrp->rdata)->nsserver_len + ((struct soa *)rrp->rdata)->rp_len + 4 + 4 + 4 + 4 + 4));
1927
2020-04-10
pjp
p += 2;
1928
2020-04-10
pjp
pack(p, ((struct soa *)rrp->rdata)->nsserver, ((struct soa *)rrp->rdata)->nsserver_len);
1929
2020-04-10
pjp
p += ((struct soa *)rrp->rdata)->nsserver_len;
1930
2020-04-10
pjp
pack(p, ((struct soa *)rrp->rdata)->responsible_person, ((struct soa *)rrp->rdata)->rp_len);
1931
2020-04-10
pjp
p += ((struct soa *)rrp->rdata)->rp_len;
1932
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->serial));
1933
2020-04-10
pjp
p += sizeof(u_int32_t);
1934
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->refresh));
1935
2020-04-10
pjp
p += sizeof(u_int32_t);
1936
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->retry));
1937
2020-04-10
pjp
p += sizeof(u_int32_t);
1938
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->expire));
1939
2020-04-10
pjp
p += sizeof(u_int32_t);
1940
2020-04-10
pjp
pack32(p, htonl(((struct soa *)rrp->rdata)->minttl));
1941
2020-04-10
pjp
p += sizeof(u_int32_t);
1942
2020-04-10
pjp
1943
2020-04-10
pjp
keylen = (p - key);
1944
2020-04-10
pjp
1945
2020-04-10
pjp
#if 0
1946
2020-04-10
pjp
debug_bindump(key, keylen);
1947
2020-04-10
pjp
1948
2020-04-10
pjp
#endif
1949
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
1950
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
1951
2020-04-10
pjp
return -1;
1952
2020-04-10
pjp
}
1953
2020-04-10
pjp
1954
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
1955
2020-04-10
pjp
tmp[len] = '\0';
1956
2020-04-10
pjp
1957
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "SOA", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
1958
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
1959
2020-04-10
pjp
return -1;
1960
2020-04-10
pjp
}
1961
2020-04-10
pjp
1962
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
1963
2020-04-10
pjp
1964
2020-04-10
pjp
return 0;
1965
2020-04-10
pjp
}
1966
2020-04-10
pjp
1967
2020-04-10
pjp
/*
1968
2020-04-10
pjp
* create a RRSIG for a TXT record
1969
2020-04-10
pjp
*/
1970
2020-04-10
pjp
1971
2020-04-10
pjp
static int
1972
2020-04-10
pjp
sign_txt(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
1973
2020-04-10
pjp
{
1974
2020-04-10
pjp
struct rrset *rrset = NULL;
1975
2020-04-10
pjp
struct rr *rrp = NULL, *rrp2 = NULL;
1976
2020-04-10
pjp
struct keysentry **zsk_key;
1977
2020-04-10
pjp
1978
2020-04-10
pjp
char tmp[4096];
1979
2020-04-10
pjp
char signature[4096];
1980
2020-04-10
pjp
char shabuf[64];
1981
2020-04-10
pjp
1982
2020-04-10
pjp
1983
2020-04-10
pjp
char *dnsname;
1984
2020-08-11
pjp
char *p, *q, *r;
1985
2020-08-11
pjp
char **canonsort;
1986
2020-04-10
pjp
char *key, *tmpkey = NULL;
1987
2020-04-10
pjp
char *zone;
1988
2020-04-10
pjp
1989
2020-04-10
pjp
uint32_t ttl;
1990
2020-04-10
pjp
uint16_t flags;
1991
2020-04-10
pjp
uint8_t protocol;
1992
2020-04-10
pjp
uint8_t algorithm;
1993
2020-04-10
pjp
1994
2020-04-10
pjp
int labellen;
1995
2020-04-10
pjp
int keyid;
1996
2020-08-11
pjp
int len, rlen, clen, i;
1997
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
1998
2020-04-10
pjp
int labels;
1999
2020-04-10
pjp
int nzk = 0;
2000
2020-08-11
pjp
int csort = 0;
2001
2020-04-10
pjp
2002
2020-04-10
pjp
char timebuf[32];
2003
2020-04-10
pjp
struct tm tm;
2004
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2005
2020-04-10
pjp
2006
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2007
2020-04-10
pjp
2008
2020-04-10
pjp
key = malloc(10 * 4096);
2009
2020-04-10
pjp
if (key == NULL) {
2010
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2011
2020-04-10
pjp
return -1;
2012
2020-04-10
pjp
}
2013
2020-04-10
pjp
2014
2020-04-10
pjp
tmpkey = malloc(10 * 4096);
2015
2020-04-10
pjp
if (tmpkey == NULL) {
2016
2020-04-10
pjp
dolog(LOG_INFO, "tmpkey out of memory\n");
2017
2020-04-10
pjp
return -1;
2018
2020-04-10
pjp
}
2019
2020-04-10
pjp
2020
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2021
2020-04-10
pjp
if (zsk_key == NULL) {
2022
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2023
2020-04-10
pjp
return -1;
2024
2020-04-10
pjp
}
2025
2020-04-10
pjp
2026
2020-04-10
pjp
nzk = 0;
2027
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2028
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2029
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2030
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2031
2020-04-10
pjp
zsk_key[nzk++] = knp;
2032
2020-04-10
pjp
}
2033
2020-04-10
pjp
}
2034
2020-04-10
pjp
2035
2020-04-10
pjp
zsk_key[nzk] = NULL;
2036
2020-04-10
pjp
2037
2020-04-10
pjp
/* get the ZSK */
2038
2020-04-10
pjp
do {
2039
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2040
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2041
2020-04-10
pjp
return -1;
2042
2020-04-10
pjp
}
2043
2020-04-10
pjp
2044
2020-04-10
pjp
/* check the keytag supplied */
2045
2020-04-10
pjp
p = key;
2046
2020-04-10
pjp
pack16(p, htons(flags));
2047
2020-04-10
pjp
p += 2;
2048
2020-04-10
pjp
pack8(p, protocol);
2049
2020-04-10
pjp
p++;
2050
2020-04-10
pjp
pack8(p, algorithm);
2051
2020-04-10
pjp
p++;
2052
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2053
2020-04-10
pjp
pack(p, signature, keylen);
2054
2020-04-10
pjp
p += keylen;
2055
2020-04-10
pjp
keylen = (p - key);
2056
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2057
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2058
2020-04-10
pjp
return -1;
2059
2020-04-10
pjp
}
2060
2020-04-10
pjp
2061
2020-04-10
pjp
labels = label_count(rbt->zone);
2062
2020-04-10
pjp
if (labels < 0) {
2063
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2064
2020-04-10
pjp
return -1;
2065
2020-04-10
pjp
}
2066
2020-04-10
pjp
2067
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2068
2020-04-10
pjp
if (dnsname == NULL)
2069
2020-04-10
pjp
return -1;
2070
2020-04-10
pjp
2071
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_TXT)) != NULL) {
2072
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2073
2020-04-10
pjp
if (rrp == NULL) {
2074
2020-04-10
pjp
dolog(LOG_INFO, "no TXT records but have rrset entry!\n");
2075
2020-04-10
pjp
return -1;
2076
2020-04-10
pjp
}
2077
2020-04-10
pjp
} else {
2078
2020-04-10
pjp
dolog(LOG_INFO, "no TXT records\n");
2079
2020-04-10
pjp
return -1;
2080
2020-04-10
pjp
}
2081
2020-04-10
pjp
2082
2020-04-10
pjp
p = key;
2083
2020-04-10
pjp
2084
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_TXT));
2085
2020-04-10
pjp
p += 2;
2086
2020-04-10
pjp
pack8(p, algorithm);
2087
2020-04-10
pjp
p++;
2088
2020-04-10
pjp
pack8(p, labels);
2089
2020-04-10
pjp
p++;
2090
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2091
2020-04-10
pjp
p += sizeof(u_int32_t);
2092
2020-04-10
pjp
2093
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2094
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2095
2020-04-10
pjp
expiredon2 = timegm(&tm);
2096
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2097
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2098
2020-04-10
pjp
signedon2 = timegm(&tm);
2099
2020-04-10
pjp
2100
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2101
2020-04-10
pjp
p += 4;
2102
2020-04-10
pjp
pack32(p, htonl(signedon2));
2103
2020-04-10
pjp
p += 4;
2104
2020-04-10
pjp
pack16(p, htons(keyid));
2105
2020-04-10
pjp
p += 2;
2106
2020-04-10
pjp
pack(p, dnsname, labellen);
2107
2020-04-10
pjp
p += labellen;
2108
2020-04-10
pjp
2109
2020-08-11
pjp
canonsort = (char **)calloc(MAX_RECORDS_IN_RRSET, sizeof(char *));
2110
2020-08-11
pjp
if (canonsort == NULL) {
2111
2020-08-11
pjp
dolog(LOG_INFO, "canonsort out of memory\n");
2112
2020-08-11
pjp
return -1;
2113
2020-08-11
pjp
}
2114
2020-08-11
pjp
2115
2020-08-11
pjp
csort = 0;
2116
2020-08-11
pjp
2117
2020-08-11
pjp
2118
2020-04-10
pjp
TAILQ_FOREACH(rrp2, &rrset->rr_head, entries) {
2119
2020-04-10
pjp
q = tmpkey;
2120
2020-04-10
pjp
pack(q, rbt->zone, rbt->zonelen);
2121
2020-04-10
pjp
q += rbt->zonelen;
2122
2020-04-10
pjp
pack16(q, htons(DNS_TYPE_TXT));
2123
2020-04-10
pjp
q += 2;
2124
2020-04-10
pjp
pack16(q, htons(DNS_CLASS_IN));
2125
2020-04-10
pjp
q += 2;
2126
2020-04-10
pjp
/* the below uses rrp! because we can't have an rrsig differ */
2127
2020-05-07
pjp
pack32(q, htonl(rrset->ttl));
2128
2020-04-10
pjp
q += 4;
2129
2020-04-10
pjp
pack16(q, htons(((struct txt *)rrp2->rdata)->txtlen));
2130
2020-04-10
pjp
q += 2;
2131
2020-04-10
pjp
pack(q, (char *)((struct txt *)rrp2->rdata)->txt, ((struct txt *)rrp2->rdata)->txtlen);
2132
2020-04-10
pjp
q += ((struct txt *)rrp2->rdata)->txtlen;
2133
2020-04-10
pjp
2134
2020-08-11
pjp
r = canonsort[csort] = malloc(68000);
2135
2020-08-11
pjp
if (r == NULL) {
2136
2020-04-10
pjp
dolog(LOG_INFO, "c1 out of memory\n");
2137
2020-04-10
pjp
return -1;
2138
2020-04-10
pjp
}
2139
2020-04-10
pjp
2140
2020-08-11
pjp
clen = (q - tmpkey);
2141
2020-08-11
pjp
pack16(r, clen);
2142
2020-08-11
pjp
r += 2;
2143
2020-08-11
pjp
pack(r, tmpkey, clen);
2144
2020-04-10
pjp
2145
2020-08-11
pjp
csort++;
2146
2020-08-11
pjp
}
2147
2020-04-10
pjp
2148
2020-04-10
pjp
2149
2020-08-11
pjp
r = canonical_sort(canonsort, csort, &rlen);
2150
2020-08-11
pjp
if (r == NULL) {
2151
2020-08-11
pjp
dolog(LOG_INFO, "canonical_sort failed\n");
2152
2020-08-11
pjp
return -1;
2153
2020-04-10
pjp
}
2154
2020-04-10
pjp
2155
2020-08-11
pjp
pack(p, r, rlen);
2156
2020-08-11
pjp
p += rlen;
2157
2020-04-10
pjp
2158
2020-08-11
pjp
free (r);
2159
2020-08-11
pjp
for (i = 0; i < csort; i++) {
2160
2020-08-11
pjp
free(canonsort[i]);
2161
2020-04-10
pjp
}
2162
2020-08-11
pjp
free(canonsort);
2163
2020-04-10
pjp
2164
2020-04-10
pjp
keylen = (p - key);
2165
2020-04-10
pjp
2166
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2167
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2168
2020-04-10
pjp
return -1;
2169
2020-04-10
pjp
}
2170
2020-04-10
pjp
2171
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2172
2020-04-10
pjp
tmp[len] = '\0';
2173
2020-04-10
pjp
2174
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "TXT", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
2175
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2176
2020-04-10
pjp
return -1;
2177
2020-04-10
pjp
}
2178
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2179
2020-04-10
pjp
2180
2020-04-10
pjp
return 0;
2181
2020-04-10
pjp
}
2182
2020-04-10
pjp
2183
2020-04-10
pjp
/*
2184
2020-04-10
pjp
* create a RRSIG for an AAAA record
2185
2020-04-10
pjp
*/
2186
2020-04-10
pjp
static int
2187
2020-04-10
pjp
sign_aaaa(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2188
2020-04-10
pjp
{
2189
2020-04-10
pjp
struct rrset *rrset = NULL;
2190
2020-04-10
pjp
struct rr *rrp = NULL;
2191
2020-04-10
pjp
struct rr *rrp2 = NULL;
2192
2020-04-10
pjp
struct keysentry **zsk_key;
2193
2020-04-10
pjp
2194
2020-04-10
pjp
char tmp[4096];
2195
2020-04-10
pjp
char signature[4096];
2196
2020-04-10
pjp
char shabuf[64];
2197
2020-04-10
pjp
2198
2020-04-10
pjp
2199
2020-04-10
pjp
char *dnsname;
2200
2020-08-11
pjp
char *p, *q, *r;
2201
2020-08-11
pjp
char **canonsort;
2202
2020-04-10
pjp
char *key, *tmpkey;
2203
2020-04-10
pjp
char *zone;
2204
2020-04-10
pjp
2205
2020-04-10
pjp
uint32_t ttl;
2206
2020-04-10
pjp
uint16_t flags;
2207
2020-04-10
pjp
uint8_t protocol;
2208
2020-04-10
pjp
uint8_t algorithm;
2209
2020-04-10
pjp
2210
2020-04-10
pjp
int labellen;
2211
2020-04-10
pjp
int keyid;
2212
2020-08-11
pjp
int len, rlen, clen, i;
2213
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
2214
2020-04-10
pjp
int labels;
2215
2020-04-10
pjp
int nzk = 0;
2216
2020-08-11
pjp
int csort = 0;
2217
2020-04-10
pjp
2218
2020-04-10
pjp
char timebuf[32];
2219
2020-04-10
pjp
struct tm tm;
2220
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2221
2020-04-10
pjp
2222
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2223
2020-04-10
pjp
2224
2020-04-10
pjp
key = malloc(10 * 4096);
2225
2020-04-10
pjp
if (key == NULL) {
2226
2020-04-10
pjp
dolog(LOG_INFO, "key out of memory\n");
2227
2020-04-10
pjp
return -1;
2228
2020-04-10
pjp
}
2229
2020-04-10
pjp
tmpkey = malloc(10 * 4096);
2230
2020-04-10
pjp
if (tmpkey == NULL) {
2231
2020-04-10
pjp
dolog(LOG_INFO, "tmpkey out of memory\n");
2232
2020-04-10
pjp
return -1;
2233
2020-04-10
pjp
}
2234
2020-04-10
pjp
2235
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2236
2020-04-10
pjp
if (zsk_key == NULL) {
2237
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2238
2020-04-10
pjp
return -1;
2239
2020-04-10
pjp
}
2240
2020-04-10
pjp
2241
2020-04-10
pjp
nzk = 0;
2242
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2243
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2244
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2245
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2246
2020-04-10
pjp
zsk_key[nzk++] = knp;
2247
2020-04-10
pjp
}
2248
2020-04-10
pjp
}
2249
2020-04-10
pjp
2250
2020-04-10
pjp
zsk_key[nzk] = NULL;
2251
2020-04-10
pjp
2252
2020-04-10
pjp
/* get the ZSK */
2253
2020-04-10
pjp
do {
2254
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2255
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2256
2020-04-10
pjp
return -1;
2257
2020-04-10
pjp
}
2258
2020-04-10
pjp
2259
2020-04-10
pjp
/* check the keytag supplied */
2260
2020-04-10
pjp
p = key;
2261
2020-04-10
pjp
pack16(p, htons(flags));
2262
2020-04-10
pjp
p += 2;
2263
2020-04-10
pjp
pack8(p, protocol);
2264
2020-04-10
pjp
p++;
2265
2020-04-10
pjp
pack8(p, algorithm);
2266
2020-04-10
pjp
p++;
2267
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2268
2020-04-10
pjp
pack(p, signature, keylen);
2269
2020-04-10
pjp
p += keylen;
2270
2020-04-10
pjp
keylen = (p - key);
2271
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2272
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2273
2020-04-10
pjp
return -1;
2274
2020-04-10
pjp
}
2275
2020-04-10
pjp
2276
2020-04-10
pjp
labels = label_count(rbt->zone);
2277
2020-04-10
pjp
if (labels < 0) {
2278
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2279
2020-04-10
pjp
return -1;
2280
2020-04-10
pjp
}
2281
2020-04-10
pjp
2282
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2283
2020-04-10
pjp
if (dnsname == NULL)
2284
2020-04-10
pjp
return -1;
2285
2020-04-10
pjp
2286
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_AAAA)) != NULL) {
2287
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2288
2020-04-10
pjp
if (rrp == NULL) {
2289
2020-04-10
pjp
dolog(LOG_INFO, "no AAAA records but have flags!\n");
2290
2020-04-10
pjp
return -1;
2291
2020-04-10
pjp
}
2292
2020-04-10
pjp
} else {
2293
2020-04-10
pjp
dolog(LOG_INFO, "no AAAA records\n");
2294
2020-04-10
pjp
return -1;
2295
2020-04-10
pjp
}
2296
2020-04-10
pjp
2297
2020-04-10
pjp
p = key;
2298
2020-04-10
pjp
2299
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_AAAA));
2300
2020-04-10
pjp
p += 2;
2301
2020-04-10
pjp
pack8(p, algorithm);
2302
2020-04-10
pjp
p++;
2303
2020-04-10
pjp
pack8(p, labels);
2304
2020-04-10
pjp
p++;
2305
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2306
2020-04-10
pjp
p += 4;
2307
2020-04-10
pjp
2308
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2309
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2310
2020-04-10
pjp
expiredon2 = timegm(&tm);
2311
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2312
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2313
2020-04-10
pjp
signedon2 = timegm(&tm);
2314
2020-04-10
pjp
2315
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2316
2020-04-10
pjp
p += 4;
2317
2020-04-10
pjp
pack32(p, htonl(signedon2));
2318
2020-04-10
pjp
p += 4;
2319
2020-04-10
pjp
pack16(p, htons(keyid));
2320
2020-04-10
pjp
p += 2;
2321
2020-04-10
pjp
pack(p, dnsname, labellen);
2322
2020-04-10
pjp
p += labellen;
2323
2020-04-10
pjp
2324
2020-04-10
pjp
/* no signature here */
2325
2020-08-11
pjp
canonsort = (char **)calloc(MAX_RECORDS_IN_RRSET, sizeof(char *));
2326
2020-08-11
pjp
if (canonsort == NULL) {
2327
2020-08-11
pjp
dolog(LOG_INFO, "canonsort out of memory\n");
2328
2020-08-11
pjp
return -1;
2329
2020-08-11
pjp
}
2330
2020-04-10
pjp
2331
2020-08-11
pjp
csort = 0;
2332
2020-08-11
pjp
2333
2020-08-11
pjp
2334
2020-04-10
pjp
TAILQ_FOREACH(rrp2, &rrset->rr_head, entries) {
2335
2020-04-10
pjp
q = tmpkey;
2336
2020-04-10
pjp
pack(q, rbt->zone, rbt->zonelen);
2337
2020-04-10
pjp
q += rbt->zonelen;
2338
2020-04-10
pjp
pack16(q, htons(DNS_TYPE_AAAA));
2339
2020-04-10
pjp
q += 2;
2340
2020-04-10
pjp
pack16(q, htons(DNS_CLASS_IN));
2341
2020-04-10
pjp
q += 2;
2342
2020-04-10
pjp
/* the below uses rrp! because we can't have an rrsig differ */
2343
2020-05-07
pjp
pack32(q, htonl(rrset->ttl));
2344
2020-04-10
pjp
q += 4;
2345
2020-04-10
pjp
pack16(q, htons(sizeof(struct in6_addr)));
2346
2020-04-10
pjp
q += 2;
2347
2020-04-10
pjp
pack(q, (char *)&((struct aaaa *)rrp2->rdata)->aaaa, sizeof(struct in6_addr));
2348
2020-04-10
pjp
q += sizeof(struct in6_addr);
2349
2020-04-10
pjp
2350
2020-08-11
pjp
r = canonsort[csort] = malloc(68000);
2351
2020-08-11
pjp
if (r == NULL) {
2352
2020-04-10
pjp
dolog(LOG_INFO, "c1 out of memory\n");
2353
2020-04-10
pjp
return -1;
2354
2020-04-10
pjp
}
2355
2020-04-10
pjp
2356
2020-08-11
pjp
clen = (q - tmpkey);
2357
2020-08-11
pjp
pack16(r, clen);
2358
2020-08-11
pjp
r += 2;
2359
2020-08-11
pjp
pack(r, tmpkey, clen);
2360
2020-04-10
pjp
2361
2020-08-11
pjp
csort++;
2362
2020-08-11
pjp
}
2363
2020-04-10
pjp
2364
2020-04-10
pjp
2365
2020-08-11
pjp
r = canonical_sort(canonsort, csort, &rlen);
2366
2020-08-11
pjp
if (r == NULL) {
2367
2020-08-11
pjp
dolog(LOG_INFO, "canonical_sort failed\n");
2368
2020-08-11
pjp
return -1;
2369
2020-04-10
pjp
}
2370
2020-04-10
pjp
2371
2020-08-11
pjp
pack(p, r, rlen);
2372
2020-08-11
pjp
p += rlen;
2373
2020-04-10
pjp
2374
2020-08-11
pjp
free (r);
2375
2020-08-11
pjp
for (i = 0; i < csort; i++) {
2376
2020-08-11
pjp
free(canonsort[i]);
2377
2020-04-10
pjp
}
2378
2020-08-11
pjp
free(canonsort);
2379
2020-04-10
pjp
2380
2020-04-10
pjp
keylen = (p - key);
2381
2020-04-10
pjp
2382
2020-04-10
pjp
#if 0
2383
2020-04-10
pjp
debug_bindump(key, keylen);
2384
2020-04-10
pjp
#endif
2385
2020-04-10
pjp
2386
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2387
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2388
2020-04-10
pjp
return -1;
2389
2020-04-10
pjp
}
2390
2020-04-10
pjp
2391
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2392
2020-04-10
pjp
tmp[len] = '\0';
2393
2020-04-10
pjp
2394
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "AAAA", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
2395
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2396
2020-04-10
pjp
return -1;
2397
2020-04-10
pjp
}
2398
2020-04-10
pjp
2399
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2400
2020-04-10
pjp
2401
2020-04-10
pjp
return 0;
2402
2020-04-10
pjp
}
2403
2020-04-10
pjp
2404
2020-04-10
pjp
/*
2405
2020-04-10
pjp
* create a RRSIG for an NSEC3 record
2406
2020-04-10
pjp
*/
2407
2020-04-10
pjp
2408
2020-04-10
pjp
static int
2409
2020-04-10
pjp
sign_nsec3(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2410
2020-04-10
pjp
{
2411
2020-04-10
pjp
struct rrset *rrset = NULL;
2412
2020-04-10
pjp
struct rr *rrp = NULL;
2413
2020-04-10
pjp
struct keysentry **zsk_key;
2414
2020-04-10
pjp
2415
2020-04-10
pjp
char tmp[4096];
2416
2020-04-10
pjp
char signature[4096];
2417
2020-04-10
pjp
char shabuf[64];
2418
2020-04-10
pjp
2419
2020-04-10
pjp
2420
2020-04-10
pjp
char *dnsname;
2421
2020-04-10
pjp
char *p;
2422
2020-04-10
pjp
char *key;
2423
2020-04-10
pjp
char *zone;
2424
2020-04-10
pjp
2425
2020-04-10
pjp
uint32_t ttl;
2426
2020-04-10
pjp
uint16_t flags;
2427
2020-04-10
pjp
uint8_t protocol;
2428
2020-04-10
pjp
uint8_t algorithm;
2429
2020-04-10
pjp
2430
2020-04-10
pjp
int labellen;
2431
2020-04-10
pjp
int keyid;
2432
2020-04-10
pjp
int len;
2433
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
2434
2020-04-10
pjp
int labels;
2435
2020-04-10
pjp
int nzk = 0;
2436
2020-04-10
pjp
2437
2020-04-10
pjp
char timebuf[32];
2438
2020-04-10
pjp
struct tm tm;
2439
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2440
2020-04-10
pjp
2441
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2442
2020-04-10
pjp
2443
2020-04-10
pjp
key = malloc(10 * 4096);
2444
2020-04-10
pjp
if (key == NULL) {
2445
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2446
2020-04-10
pjp
return -1;
2447
2020-04-10
pjp
}
2448
2020-04-10
pjp
2449
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2450
2020-04-10
pjp
if (zsk_key == NULL) {
2451
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2452
2020-04-10
pjp
return -1;
2453
2020-04-10
pjp
}
2454
2020-04-10
pjp
2455
2020-04-10
pjp
nzk = 0;
2456
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2457
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2458
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2459
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2460
2020-04-10
pjp
zsk_key[nzk++] = knp;
2461
2020-04-10
pjp
}
2462
2020-04-10
pjp
}
2463
2020-04-10
pjp
2464
2020-04-10
pjp
zsk_key[nzk] = NULL;
2465
2020-04-10
pjp
2466
2020-04-10
pjp
/* get the ZSK */
2467
2020-04-10
pjp
do {
2468
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2469
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2470
2020-04-10
pjp
return -1;
2471
2020-04-10
pjp
}
2472
2020-04-10
pjp
2473
2020-04-10
pjp
/* check the keytag supplied */
2474
2020-04-10
pjp
p = key;
2475
2020-04-10
pjp
pack16(p, htons(flags));
2476
2020-04-10
pjp
p += 2;
2477
2020-04-10
pjp
pack8(p, protocol);
2478
2020-04-10
pjp
p++;
2479
2020-04-10
pjp
pack8(p, algorithm);
2480
2020-04-10
pjp
p++;
2481
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2482
2020-04-10
pjp
pack(p, signature, keylen);
2483
2020-04-10
pjp
p += keylen;
2484
2020-04-10
pjp
keylen = (p - key);
2485
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2486
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2487
2020-04-10
pjp
return -1;
2488
2020-04-10
pjp
}
2489
2020-04-10
pjp
2490
2020-04-10
pjp
labels = label_count(rbt->zone);
2491
2020-04-10
pjp
if (labels < 0) {
2492
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2493
2020-04-10
pjp
return -1;
2494
2020-04-10
pjp
}
2495
2020-04-10
pjp
2496
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2497
2020-04-10
pjp
if (dnsname == NULL)
2498
2020-04-10
pjp
return -1;
2499
2020-04-10
pjp
2500
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3)) != NULL) {
2501
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2502
2020-04-10
pjp
if (rrp == NULL) {
2503
2020-04-10
pjp
dolog(LOG_INFO, "no NSEC3 records but have flags!\n");
2504
2020-04-10
pjp
return -1;
2505
2020-04-10
pjp
}
2506
2020-04-10
pjp
} else {
2507
2020-04-10
pjp
dolog(LOG_INFO, "no NSEC3 records\n");
2508
2020-04-10
pjp
return -1;
2509
2020-04-10
pjp
}
2510
2020-04-10
pjp
2511
2020-04-10
pjp
p = key;
2512
2020-04-10
pjp
2513
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_NSEC3));
2514
2020-04-10
pjp
p += 2;
2515
2020-04-10
pjp
pack8(p, algorithm);
2516
2020-04-10
pjp
p++;
2517
2020-04-10
pjp
pack8(p, labels);
2518
2020-04-10
pjp
p++;
2519
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2520
2020-04-10
pjp
p += 4;
2521
2020-04-10
pjp
2522
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2523
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2524
2020-04-10
pjp
expiredon2 = timegm(&tm);
2525
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2526
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2527
2020-04-10
pjp
signedon2 = timegm(&tm);
2528
2020-04-10
pjp
2529
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2530
2020-04-10
pjp
p += 4;
2531
2020-04-10
pjp
pack32(p, htonl(signedon2));
2532
2020-04-10
pjp
p += 4;
2533
2020-04-10
pjp
pack16(p, htons(keyid));
2534
2020-04-10
pjp
p += 2;
2535
2020-04-10
pjp
pack(p, dnsname, labellen);
2536
2020-04-10
pjp
p += labellen;
2537
2020-04-10
pjp
2538
2020-04-10
pjp
/* no signature here */
2539
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
2540
2020-04-10
pjp
2541
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
2542
2020-04-10
pjp
p += rbt->zonelen;
2543
2020-04-10
pjp
2544
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_NSEC3));
2545
2020-04-10
pjp
p += 2;
2546
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
2547
2020-04-10
pjp
p += 2;
2548
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2549
2020-04-10
pjp
p += 4;
2550
2020-04-10
pjp
pack16(p, htons(1 + 1 + 2 + 1 + ((struct nsec3 *)rrp->rdata)->saltlen + 1 + ((struct nsec3 *)rrp->rdata)->nextlen + ((struct nsec3 *)rrp->rdata)->bitmap_len));
2551
2020-04-10
pjp
p += 2;
2552
2020-04-10
pjp
pack8(p, ((struct nsec3 *)rrp->rdata)->algorithm);
2553
2020-04-10
pjp
p++;
2554
2020-04-10
pjp
pack8(p, ((struct nsec3 *)rrp->rdata)->flags);
2555
2020-04-10
pjp
p++;
2556
2020-04-10
pjp
pack16(p, htons(((struct nsec3 *)rrp->rdata)->iterations));
2557
2020-04-10
pjp
p += 2;
2558
2020-04-10
pjp
2559
2020-04-10
pjp
pack8(p, ((struct nsec3 *)rrp->rdata)->saltlen);
2560
2020-04-10
pjp
p++;
2561
2020-04-10
pjp
2562
2020-04-10
pjp
if (((struct nsec3 *)rrp->rdata)->saltlen) {
2563
2020-04-10
pjp
pack(p, ((struct nsec3 *)rrp->rdata)->salt, ((struct nsec3 *)rrp->rdata)->saltlen);
2564
2020-04-10
pjp
p += ((struct nsec3 *)rrp->rdata)->saltlen;
2565
2020-04-10
pjp
}
2566
2020-04-10
pjp
2567
2020-04-10
pjp
pack8(p, ((struct nsec3 *)rrp->rdata)->nextlen);
2568
2020-04-10
pjp
p++;
2569
2020-04-10
pjp
pack(p, ((struct nsec3 *)rrp->rdata)->next, ((struct nsec3 *)rrp->rdata)->nextlen);
2570
2020-04-10
pjp
p += ((struct nsec3 *)rrp->rdata)->nextlen;
2571
2020-04-10
pjp
if (((struct nsec3 *)rrp->rdata)->bitmap_len) {
2572
2020-04-10
pjp
pack(p, ((struct nsec3 *)rrp->rdata)->bitmap, ((struct nsec3 *)rrp->rdata)->bitmap_len);
2573
2020-04-10
pjp
p += ((struct nsec3 *)rrp->rdata)->bitmap_len;
2574
2020-04-10
pjp
}
2575
2020-04-10
pjp
2576
2020-04-10
pjp
keylen = (p - key);
2577
2020-04-10
pjp
2578
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2579
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2580
2020-04-10
pjp
return -1;
2581
2020-04-10
pjp
}
2582
2020-04-10
pjp
2583
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2584
2020-04-10
pjp
tmp[len] = '\0';
2585
2020-04-10
pjp
2586
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "NSEC3", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
2587
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2588
2020-04-10
pjp
return -1;
2589
2020-04-10
pjp
}
2590
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2591
2020-04-10
pjp
2592
2020-04-10
pjp
return 0;
2593
2020-04-10
pjp
}
2594
2020-04-10
pjp
2595
2020-04-10
pjp
2596
2020-04-10
pjp
/*
2597
2020-04-10
pjp
* create a RRSIG for an NSEC3PARAM record
2598
2020-04-10
pjp
*/
2599
2020-04-10
pjp
2600
2020-04-10
pjp
static int
2601
2020-04-10
pjp
sign_nsec3param(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2602
2020-04-10
pjp
{
2603
2020-04-10
pjp
struct rrset *rrset = NULL;
2604
2020-04-10
pjp
struct rr *rrp = NULL;
2605
2020-04-10
pjp
struct keysentry **zsk_key;
2606
2020-04-10
pjp
2607
2020-04-10
pjp
char tmp[4096];
2608
2020-04-10
pjp
char signature[4096];
2609
2020-04-10
pjp
char shabuf[64];
2610
2020-04-10
pjp
2611
2020-04-10
pjp
2612
2020-04-10
pjp
char *dnsname;
2613
2020-04-10
pjp
char *p;
2614
2020-04-10
pjp
char *key;
2615
2020-04-10
pjp
char *zone;
2616
2020-04-10
pjp
2617
2020-04-10
pjp
uint32_t ttl;
2618
2020-04-10
pjp
uint16_t flags;
2619
2020-04-10
pjp
uint8_t protocol;
2620
2020-04-10
pjp
uint8_t algorithm;
2621
2020-04-10
pjp
2622
2020-04-10
pjp
int labellen;
2623
2020-04-10
pjp
int keyid;
2624
2020-04-10
pjp
int len;
2625
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
2626
2020-04-10
pjp
int labels;
2627
2020-04-10
pjp
int nzk = 0;
2628
2020-04-10
pjp
2629
2020-04-10
pjp
char timebuf[32];
2630
2020-04-10
pjp
struct tm tm;
2631
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2632
2020-04-10
pjp
2633
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2634
2020-04-10
pjp
2635
2020-04-10
pjp
key = malloc(10 * 4096);
2636
2020-04-10
pjp
if (key == NULL) {
2637
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2638
2020-04-10
pjp
return -1;
2639
2020-04-10
pjp
}
2640
2020-04-10
pjp
2641
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2642
2020-04-10
pjp
if (zsk_key == NULL) {
2643
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2644
2020-04-10
pjp
return -1;
2645
2020-04-10
pjp
}
2646
2020-04-10
pjp
2647
2020-04-10
pjp
nzk = 0;
2648
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2649
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2650
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2651
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2652
2020-04-10
pjp
zsk_key[nzk++] = knp;
2653
2020-04-10
pjp
}
2654
2020-04-10
pjp
}
2655
2020-04-10
pjp
2656
2020-04-10
pjp
zsk_key[nzk] = NULL;
2657
2020-04-10
pjp
2658
2020-04-10
pjp
/* get the ZSK */
2659
2020-04-10
pjp
do {
2660
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2661
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2662
2020-04-10
pjp
return -1;
2663
2020-04-10
pjp
}
2664
2020-04-10
pjp
2665
2020-04-10
pjp
/* check the keytag supplied */
2666
2020-04-10
pjp
p = key;
2667
2020-04-10
pjp
pack16(p, htons(flags));
2668
2020-04-10
pjp
p += 2;
2669
2020-04-10
pjp
pack8(p, protocol);
2670
2020-04-10
pjp
p++;
2671
2020-04-10
pjp
pack8(p, algorithm);
2672
2020-04-10
pjp
p++;
2673
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2674
2020-04-10
pjp
pack(p, signature, keylen);
2675
2020-04-10
pjp
p += keylen;
2676
2020-04-10
pjp
keylen = (p - key);
2677
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2678
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2679
2020-04-10
pjp
return -1;
2680
2020-04-10
pjp
}
2681
2020-04-10
pjp
2682
2020-04-10
pjp
labels = label_count(rbt->zone);
2683
2020-04-10
pjp
if (labels < 0) {
2684
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2685
2020-04-10
pjp
return -1;
2686
2020-04-10
pjp
}
2687
2020-04-10
pjp
2688
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2689
2020-04-10
pjp
if (dnsname == NULL)
2690
2020-04-10
pjp
return -1;
2691
2020-04-10
pjp
2692
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_NSEC3PARAM)) != NULL) {
2693
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2694
2020-04-10
pjp
if (rrp == NULL) {
2695
2020-04-10
pjp
dolog(LOG_INFO, "no NSEC3PARAM records but have flags!\n");
2696
2020-04-10
pjp
return -1;
2697
2020-04-10
pjp
}
2698
2020-04-10
pjp
} else {
2699
2020-04-10
pjp
dolog(LOG_INFO, "no NSEC3PARAM records\n");
2700
2020-04-10
pjp
return -1;
2701
2020-04-10
pjp
}
2702
2020-04-10
pjp
2703
2020-04-10
pjp
p = key;
2704
2020-04-10
pjp
2705
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_NSEC3PARAM));
2706
2020-04-10
pjp
p += 2;
2707
2020-04-10
pjp
pack8(p, algorithm);
2708
2020-04-10
pjp
p++;
2709
2020-04-10
pjp
pack8(p, labels);
2710
2020-04-10
pjp
p++;
2711
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2712
2020-04-10
pjp
p += 4;
2713
2020-04-10
pjp
2714
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2715
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2716
2020-04-10
pjp
expiredon2 = timegm(&tm);
2717
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2718
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2719
2020-04-10
pjp
signedon2 = timegm(&tm);
2720
2020-04-10
pjp
2721
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2722
2020-04-10
pjp
p += 4;
2723
2020-04-10
pjp
pack32(p, htonl(signedon2));
2724
2020-04-10
pjp
p += 4;
2725
2020-04-10
pjp
pack16(p, htons(keyid));
2726
2020-04-10
pjp
p += 2;
2727
2020-04-10
pjp
pack(p, dnsname, labellen);
2728
2020-04-10
pjp
p += labellen;
2729
2020-04-10
pjp
2730
2020-04-10
pjp
/* no signature here */
2731
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
2732
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
2733
2020-04-10
pjp
p += rbt->zonelen;
2734
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_NSEC3PARAM));
2735
2020-04-10
pjp
p += 2;
2736
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
2737
2020-04-10
pjp
p += 2;
2738
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2739
2020-04-10
pjp
p += 4;
2740
2020-04-10
pjp
pack16(p, htons(1 + 1 + 2 + 1 + ((struct nsec3param *)rrp->rdata)->saltlen));
2741
2020-04-10
pjp
p += 2;
2742
2020-04-10
pjp
pack8(p, ((struct nsec3param *)rrp->rdata)->algorithm);
2743
2020-04-10
pjp
p++;
2744
2020-04-10
pjp
pack8(p, ((struct nsec3param *)rrp->rdata)->flags);
2745
2020-04-10
pjp
p++;
2746
2020-04-10
pjp
pack16(p, htons(((struct nsec3param *)rrp->rdata)->iterations));
2747
2020-04-10
pjp
p += 2;
2748
2020-04-10
pjp
2749
2020-04-10
pjp
pack8(p, ((struct nsec3param *)rrp->rdata)->saltlen);
2750
2020-04-10
pjp
p++;
2751
2020-04-10
pjp
2752
2020-04-10
pjp
if (((struct nsec3param *)rrp->rdata)->saltlen) {
2753
2020-04-10
pjp
pack(p, ((struct nsec3param *)rrp->rdata)->salt, ((struct nsec3param *)rrp->rdata)->saltlen);
2754
2020-04-10
pjp
p += ((struct nsec3param *)rrp->rdata)->saltlen;
2755
2020-04-10
pjp
}
2756
2020-04-10
pjp
2757
2020-04-10
pjp
keylen = (p - key);
2758
2020-04-10
pjp
2759
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2760
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2761
2020-04-10
pjp
return -1;
2762
2020-04-10
pjp
}
2763
2020-04-10
pjp
2764
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2765
2020-04-10
pjp
tmp[len] = '\0';
2766
2020-04-10
pjp
2767
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", 0, "NSEC3PARAM", algorithm, labels, 0, expiredon, signedon, keyid, zonename, tmp) < 0) {
2768
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2769
2020-04-10
pjp
return -1;
2770
2020-04-10
pjp
}
2771
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2772
2020-04-10
pjp
2773
2020-04-10
pjp
return 0;
2774
2020-04-10
pjp
}
2775
2020-04-10
pjp
2776
2020-04-10
pjp
/*
2777
2020-04-10
pjp
* create a RRSIG for a CNAME record
2778
2020-04-10
pjp
*/
2779
2020-04-10
pjp
2780
2020-04-10
pjp
static int
2781
2020-04-10
pjp
sign_cname(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2782
2020-04-10
pjp
{
2783
2020-04-10
pjp
struct rrset *rrset = NULL;
2784
2020-04-10
pjp
struct rr *rrp = NULL;
2785
2020-04-10
pjp
struct keysentry **zsk_key;
2786
2020-04-10
pjp
2787
2020-04-10
pjp
char tmp[4096];
2788
2020-04-10
pjp
char signature[4096];
2789
2020-04-10
pjp
char shabuf[64];
2790
2020-04-10
pjp
2791
2020-04-10
pjp
2792
2020-04-10
pjp
char *dnsname;
2793
2020-04-10
pjp
char *p;
2794
2020-04-10
pjp
char *key;
2795
2020-04-10
pjp
char *zone;
2796
2020-04-10
pjp
2797
2020-04-10
pjp
uint32_t ttl;
2798
2020-04-10
pjp
uint16_t flags;
2799
2020-04-10
pjp
uint8_t protocol;
2800
2020-04-10
pjp
uint8_t algorithm;
2801
2020-04-10
pjp
2802
2020-04-10
pjp
int labellen;
2803
2020-04-10
pjp
int keyid;
2804
2020-04-10
pjp
int len;
2805
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
2806
2020-04-10
pjp
int labels;
2807
2020-04-10
pjp
int nzk = 0;
2808
2020-04-10
pjp
2809
2020-04-10
pjp
char timebuf[32];
2810
2020-04-10
pjp
struct tm tm;
2811
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2812
2020-04-10
pjp
2813
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2814
2020-04-10
pjp
2815
2020-04-10
pjp
key = malloc(10 * 4096);
2816
2020-04-10
pjp
if (key == NULL) {
2817
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2818
2020-04-10
pjp
return -1;
2819
2020-04-10
pjp
}
2820
2020-04-10
pjp
2821
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2822
2020-04-10
pjp
if (zsk_key == NULL) {
2823
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2824
2020-04-10
pjp
return -1;
2825
2020-04-10
pjp
}
2826
2020-04-10
pjp
2827
2020-04-10
pjp
nzk = 0;
2828
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2829
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
2830
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
2831
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
2832
2020-04-10
pjp
zsk_key[nzk++] = knp;
2833
2020-04-10
pjp
}
2834
2020-04-10
pjp
}
2835
2020-04-10
pjp
2836
2020-04-10
pjp
zsk_key[nzk] = NULL;
2837
2020-04-10
pjp
2838
2020-04-10
pjp
/* get the ZSK */
2839
2020-04-10
pjp
do {
2840
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
2841
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
2842
2020-04-10
pjp
return -1;
2843
2020-04-10
pjp
}
2844
2020-04-10
pjp
2845
2020-04-10
pjp
/* check the keytag supplied */
2846
2020-04-10
pjp
p = key;
2847
2020-04-10
pjp
pack16(p, htons(flags));
2848
2020-04-10
pjp
p += 2;
2849
2020-04-10
pjp
pack8(p, protocol);
2850
2020-04-10
pjp
p++;
2851
2020-04-10
pjp
pack8(p, algorithm);
2852
2020-04-10
pjp
p++;
2853
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
2854
2020-04-10
pjp
pack(p, signature, keylen);
2855
2020-04-10
pjp
p += keylen;
2856
2020-04-10
pjp
keylen = (p - key);
2857
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
2858
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
2859
2020-04-10
pjp
return -1;
2860
2020-04-10
pjp
}
2861
2020-04-10
pjp
2862
2020-04-10
pjp
labels = label_count(rbt->zone);
2863
2020-04-10
pjp
if (labels < 0) {
2864
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
2865
2020-04-10
pjp
return -1;
2866
2020-04-10
pjp
}
2867
2020-04-10
pjp
2868
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
2869
2020-04-10
pjp
if (dnsname == NULL)
2870
2020-04-10
pjp
return -1;
2871
2020-04-10
pjp
2872
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_CNAME)) != NULL) {
2873
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
2874
2020-04-10
pjp
if (rrp == NULL) {
2875
2020-04-10
pjp
dolog(LOG_INFO, "no CNAME records but have flags!\n");
2876
2020-04-10
pjp
return -1;
2877
2020-04-10
pjp
}
2878
2020-04-10
pjp
} else {
2879
2020-04-10
pjp
dolog(LOG_INFO, "no CNAME records\n");
2880
2020-04-10
pjp
return -1;
2881
2020-04-10
pjp
2882
2020-04-10
pjp
}
2883
2020-04-10
pjp
2884
2020-04-10
pjp
p = key;
2885
2020-04-10
pjp
2886
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_CNAME));
2887
2020-04-10
pjp
p += 2;
2888
2020-04-10
pjp
pack8(p, algorithm);
2889
2020-04-10
pjp
p++;
2890
2020-04-10
pjp
pack8(p, labels);
2891
2020-04-10
pjp
p++;
2892
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2893
2020-04-10
pjp
p += 4;
2894
2020-04-10
pjp
2895
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
2896
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2897
2020-04-10
pjp
expiredon2 = timegm(&tm);
2898
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
2899
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
2900
2020-04-10
pjp
signedon2 = timegm(&tm);
2901
2020-04-10
pjp
2902
2020-04-10
pjp
pack32(p, htonl(expiredon2));
2903
2020-04-10
pjp
p += 4;
2904
2020-04-10
pjp
pack32(p, htonl(signedon2));
2905
2020-04-10
pjp
p += 4;
2906
2020-04-10
pjp
pack16(p, htons(keyid));
2907
2020-04-10
pjp
p += 2;
2908
2020-04-10
pjp
pack(p, dnsname, labellen);
2909
2020-04-10
pjp
p += labellen;
2910
2020-04-10
pjp
2911
2020-04-10
pjp
/* no signature here */
2912
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
2913
2020-04-10
pjp
2914
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
2915
2020-04-10
pjp
p += rbt->zonelen;
2916
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_CNAME));
2917
2020-04-10
pjp
p += 2;
2918
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
2919
2020-04-10
pjp
p += 2;
2920
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
2921
2020-04-10
pjp
p += 4;
2922
2020-04-10
pjp
pack16(p, htons(((struct cname *)rrp->rdata)->cnamelen));
2923
2020-04-10
pjp
p += 2;
2924
2020-04-10
pjp
pack(p, ((struct cname *)rrp->rdata)->cname, ((struct cname *)rrp->rdata)->cnamelen);
2925
2020-04-10
pjp
p += ((struct cname *)rrp->rdata)->cnamelen;
2926
2020-04-10
pjp
2927
2020-04-10
pjp
keylen = (p - key);
2928
2020-04-10
pjp
2929
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
2930
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
2931
2020-04-10
pjp
return -1;
2932
2020-04-10
pjp
}
2933
2020-04-10
pjp
2934
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
2935
2020-04-10
pjp
tmp[len] = '\0';
2936
2020-04-10
pjp
2937
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "CNAME", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
2938
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
2939
2020-04-10
pjp
return -1;
2940
2020-04-10
pjp
}
2941
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
2942
2020-04-10
pjp
2943
2020-04-10
pjp
return 0;
2944
2020-04-10
pjp
}
2945
2020-04-10
pjp
2946
2020-04-10
pjp
/*
2947
2020-04-10
pjp
* create a RRSIG for an NS record
2948
2020-04-10
pjp
*/
2949
2020-04-10
pjp
2950
2020-04-10
pjp
static int
2951
2020-04-10
pjp
sign_ptr(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
2952
2020-04-10
pjp
{
2953
2020-04-10
pjp
struct rrset *rrset = NULL;
2954
2020-04-10
pjp
struct rr *rrp = NULL;
2955
2020-04-10
pjp
struct keysentry **zsk_key;
2956
2020-04-10
pjp
2957
2020-04-10
pjp
char tmp[4096];
2958
2020-04-10
pjp
char signature[4096];
2959
2020-04-10
pjp
char shabuf[64];
2960
2020-04-10
pjp
2961
2020-04-10
pjp
2962
2020-04-10
pjp
char *dnsname;
2963
2020-04-10
pjp
char *p;
2964
2020-04-10
pjp
char *key;
2965
2020-04-10
pjp
char *zone;
2966
2020-04-10
pjp
2967
2020-04-10
pjp
uint32_t ttl;
2968
2020-04-10
pjp
uint16_t flags;
2969
2020-04-10
pjp
uint8_t protocol;
2970
2020-04-10
pjp
uint8_t algorithm;
2971
2020-04-10
pjp
2972
2020-04-10
pjp
int labellen;
2973
2020-04-10
pjp
int keyid;
2974
2020-04-10
pjp
int len;
2975
2020-04-10
pjp
int keylen, siglen = sizeof(signature);
2976
2020-04-10
pjp
int labels;
2977
2020-04-10
pjp
int nzk = 0;
2978
2020-04-10
pjp
2979
2020-04-10
pjp
char timebuf[32];
2980
2020-04-10
pjp
struct tm tm;
2981
2020-04-10
pjp
u_int32_t expiredon2, signedon2;
2982
2020-04-10
pjp
2983
2020-04-10
pjp
memset(&shabuf, 0, sizeof(shabuf));
2984
2020-04-10
pjp
2985
2020-04-10
pjp
key = malloc(10 * 4096);
2986
2020-04-10
pjp
if (key == NULL) {
2987
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2988
2020-04-10
pjp
return -1;
2989
2020-04-10
pjp
}
2990
2020-04-10
pjp
2991
2020-04-10
pjp
zsk_key = calloc(3, sizeof(struct keysentry *));
2992
2020-04-10
pjp
if (zsk_key == NULL) {
2993
2020-04-10
pjp
dolog(LOG_INFO, "out of memory\n");
2994
2020-04-10
pjp
return -1;
2995
2020-04-10
pjp
}
2996
2020-04-10
pjp
2997
2020-04-10
pjp
nzk = 0;
2998
2020-04-10
pjp
SLIST_FOREACH(knp, &keyshead, keys_entry) {
2999
2020-04-10
pjp
if ((knp->type == KEYTYPE_ZSK && rollmethod == \
3000
2020-04-10
pjp
ROLLOVER_METHOD_DOUBLE_SIGNATURE) || \
3001
2020-04-10
pjp
(knp->sign == 1 && knp->type == KEYTYPE_ZSK)) {
3002
2020-04-10
pjp
zsk_key[nzk++] = knp;
3003
2020-04-10
pjp
}
3004
2020-04-10
pjp
}
3005
2020-04-10
pjp
3006
2020-04-10
pjp
zsk_key[nzk] = NULL;
3007
2020-04-10
pjp
3008
2020-04-10
pjp
/* get the ZSK */
3009
2020-04-10
pjp
do {
3010
2020-04-10
pjp
if ((zone = get_key(*zsk_key, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, sizeof(tmp), &keyid)) == NULL) {
3011
2020-04-10
pjp
dolog(LOG_INFO, "get_key %s\n", (*zsk_key)->keyname);
3012
2020-04-10
pjp
return -1;
3013
2020-04-10
pjp
}
3014
2020-04-10
pjp
3015
2020-04-10
pjp
/* check the keytag supplied */
3016
2020-04-10
pjp
p = key;
3017
2020-04-10
pjp
pack16(p, htons(flags));
3018
2020-04-10
pjp
p += 2;
3019
2020-04-10
pjp
pack8(p, protocol);
3020
2020-04-10
pjp
p++;
3021
2020-04-10
pjp
pack8(p, algorithm);
3022
2020-04-10
pjp
p++;
3023
2020-04-10
pjp
keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
3024
2020-04-10
pjp
pack(p, signature, keylen);
3025
2020-04-10
pjp
p += keylen;
3026
2020-04-10
pjp
keylen = (p - key);
3027
2020-04-10
pjp
if (keyid != keytag(key, keylen)) {
3028
2020-04-10
pjp
dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
3029
2020-04-10
pjp
return -1;
3030
2020-04-10
pjp
}
3031
2020-04-10
pjp
3032
2020-04-10
pjp
labels = label_count(rbt->zone);
3033
2020-04-10
pjp
if (labels < 0) {
3034
2020-04-10
pjp
dolog(LOG_INFO, "label_count");
3035
2020-04-10
pjp
return -1;
3036
2020-04-10
pjp
}
3037
2020-04-10
pjp
3038
2020-04-10
pjp
dnsname = dns_label(zonename, &labellen);
3039
2020-04-10
pjp
if (dnsname == NULL)
3040
2020-04-10
pjp
return -1;
3041
2020-04-10
pjp
3042
2020-04-10
pjp
if ((rrset = find_rr(rbt, DNS_TYPE_PTR)) != NULL) {
3043
2020-04-10
pjp
rrp = TAILQ_FIRST(&rrset->rr_head);
3044
2020-04-10
pjp
if (rrp == NULL) {
3045
2020-04-10
pjp
dolog(LOG_INFO, "no PTR records but have flags!\n");
3046
2020-04-10
pjp
return -1;
3047
2020-04-10
pjp
}
3048
2020-04-10
pjp
} else {
3049
2020-04-10
pjp
dolog(LOG_INFO, "no PTR records\n");
3050
2020-04-10
pjp
return -1;
3051
2020-04-10
pjp
}
3052
2020-04-10
pjp
3053
2020-04-10
pjp
3054
2020-04-10
pjp
p = key;
3055
2020-04-10
pjp
3056
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_PTR));
3057
2020-04-10
pjp
p += 2;
3058
2020-04-10
pjp
pack8(p, algorithm);
3059
2020-04-10
pjp
p++;
3060
2020-04-10
pjp
pack8(p, labels);
3061
2020-04-10
pjp
p++;
3062
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
3063
2020-04-10
pjp
p += 4;
3064
2020-04-10
pjp
3065
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
3066
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
3067
2020-04-10
pjp
expiredon2 = timegm(&tm);
3068
2020-04-10
pjp
snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
3069
2020-04-10
pjp
strptime(timebuf, "%Y%m%d%H%M%S", &tm);
3070
2020-04-10
pjp
signedon2 = timegm(&tm);
3071
2020-04-10
pjp
3072
2020-04-10
pjp
pack32(p, htonl(expiredon2));
3073
2020-04-10
pjp
p += 4;
3074
2020-04-10
pjp
pack32(p, htonl(signedon2));
3075
2020-04-10
pjp
p += 4;
3076
2020-04-10
pjp
pack16(p, htons(keyid));
3077
2020-04-10
pjp
p += 2;
3078
2020-04-10
pjp
pack(p, dnsname, labellen);
3079
2020-04-10
pjp
p += labellen;
3080
2020-04-10
pjp
3081
2020-04-10
pjp
/* no signature here */
3082
2020-04-10
pjp
/* XXX this should probably be done on a canonical sorted records */
3083
2020-04-10
pjp
pack(p, rbt->zone, rbt->zonelen);
3084
2020-04-10
pjp
p += rbt->zonelen;
3085
2020-04-10
pjp
pack16(p, htons(DNS_TYPE_PTR));
3086
2020-04-10
pjp
p += 2;
3087
2020-04-10
pjp
pack16(p, htons(DNS_CLASS_IN));
3088
2020-04-10
pjp
p += 2;
3089
2020-05-07
pjp
pack32(p, htonl(rrset->ttl));
3090
2020-04-10
pjp
p += 4;
3091
2020-04-10
pjp
pack16(p, htons(((struct ptr *)rrp->rdata)->ptrlen));
3092
2020-04-10
pjp
p += 2;
3093
2020-04-10
pjp
pack(p, ((struct ptr *)rrp->rdata)->ptr, ((struct ptr *)rrp->rdata)->ptrlen);
3094
2020-04-10
pjp
p += ((struct ptr *)rrp->rdata)->ptrlen;
3095
2020-04-10
pjp
3096
2020-04-10
pjp
keylen = (p - key);
3097
2020-04-10
pjp
3098
2020-04-10
pjp
if (sign(algorithm, key, keylen, *zsk_key, (char *)&signature, &siglen) < 0) {
3099
2020-04-10
pjp
dolog(LOG_INFO, "signing failed\n");
3100
2020-04-10
pjp
return -1;
3101
2020-04-10
pjp
}
3102
2020-04-10
pjp
3103
2020-04-10
pjp
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
3104
2020-04-10
pjp
tmp[len] = '\0';
3105
2020-04-10
pjp
3106
2020-07-06
pjp
if (fill_rrsig(db, rbt->humanname, "RRSIG", rrset->ttl, "PTR", algorithm, labels, rrset->ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
3107
2020-04-10
pjp
dolog(LOG_INFO, "fill_rrsig\n");
3108
2020-04-10
pjp
return -1;
3109
2020-04-10
pjp
}
3110
2020-04-10
pjp
} while ((*++zsk_key) != NULL);
3111
2020-04-10
pjp
3112
2020-04-10
pjp
return 0;
3113
2020-04-10
pjp
}
3114
2020-04-10
pjp
3115
2020-04-10
pjp
/*
3116
2020-04-10
pjp
* create a RRSIG for a NAPTR record
3117
2020-04-10
pjp
*/
3118
2020-04-10
pjp
3119
2020-04-10
pjp
static int
3120
2020-04-10
pjp
sign_naptr(ddDB *db, char *zonename, int expiry, struct rbtree *rbt, int rollmethod)
3121
2020-04-10
pjp
{
3122
2020-04-10
pjp
struct rrset *rrset = NULL;
3123
2020-04-10
pjp
struct rr *rrp = NULL;
3124
2020-04-10
pjp
struct rr *rrp2 = NULL;
3125
2020-04-10
pjp
struct keysentry **zsk_key;
3126
2020-04-10
pjp
3127
2020-04-10
pjp
char tmp[4096];
3128
2020-04-10
pjp
char signature[4096];
3129
2020-04-10
pjp
char shabuf[64];
3130
2020-04-10
pjp
3131
2020-04-10
pjp
3132
2020-04-10
pjp
char *dnsname;
3133
2020-08-11
pjp
char *p, *q, *r;
3134
2020-08-11
pjp
char **canonsort;
3135
2020-04-10
pjp
char *key, *tmpkey;
3136
2020-04-10
pjp
char *zone;
3137
2020-04-10
pjp
3138
2020-04-10
pjp
uint32_t ttl;
3139
2020-04-10
pjp
uint16_t flags;
3140
2020-04-10
pjp
uint8_t protocol;
3141
2020-04-10
pjp
uint8_t algorithm;
3142
2020-04-10
pjp
3143
2020-04-10
pjp
int labellen;
3144
2020-04-10
pjp
int keyid;
3145
2020-08-11
pjp
int len, rlen, clen, i;
3146