1 /* $NetBSD: tsec.c,v 1.1 2024/02/18 20:57:34 christos Exp $ */ 2 3 /* 4 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 * 6 * SPDX-License-Identifier: MPL-2.0 7 * 8 * This Source Code Form is subject to the terms of the Mozilla Public 9 * License, v. 2.0. If a copy of the MPL was not distributed with this 10 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 11 * 12 * See the COPYRIGHT file distributed with this work for additional 13 * information regarding copyright ownership. 14 */ 15 16 #include <isc/mem.h> 17 #include <isc/util.h> 18 19 #include <pk11/site.h> 20 21 #include <dns/result.h> 22 #include <dns/tsec.h> 23 #include <dns/tsig.h> 24 25 #include <dst/dst.h> 26 27 #define DNS_TSEC_MAGIC ISC_MAGIC('T', 's', 'e', 'c') 28 #define DNS_TSEC_VALID(t) ISC_MAGIC_VALID(t, DNS_TSEC_MAGIC) 29 30 /*% 31 * DNS Transaction Security object. We assume this is not shared by 32 * multiple threads, and so the structure does not contain a lock. 33 */ 34 struct dns_tsec { 35 unsigned int magic; 36 dns_tsectype_t type; 37 isc_mem_t *mctx; 38 union { 39 dns_tsigkey_t *tsigkey; 40 dst_key_t *key; 41 } ukey; 42 }; 43 44 isc_result_t 45 dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key, 46 dns_tsec_t **tsecp) { 47 isc_result_t result; 48 dns_tsec_t *tsec; 49 dns_tsigkey_t *tsigkey = NULL; 50 const dns_name_t *algname; 51 52 REQUIRE(mctx != NULL); 53 REQUIRE(tsecp != NULL && *tsecp == NULL); 54 55 tsec = isc_mem_get(mctx, sizeof(*tsec)); 56 57 tsec->type = type; 58 tsec->mctx = mctx; 59 60 switch (type) { 61 case dns_tsectype_tsig: 62 switch (dst_key_alg(key)) { 63 case DST_ALG_HMACMD5: 64 algname = dns_tsig_hmacmd5_name; 65 break; 66 case DST_ALG_HMACSHA1: 67 algname = dns_tsig_hmacsha1_name; 68 break; 69 case DST_ALG_HMACSHA224: 70 algname = dns_tsig_hmacsha224_name; 71 break; 72 case DST_ALG_HMACSHA256: 73 algname = dns_tsig_hmacsha256_name; 74 break; 75 case DST_ALG_HMACSHA384: 76 algname = dns_tsig_hmacsha384_name; 77 break; 78 case DST_ALG_HMACSHA512: 79 algname = dns_tsig_hmacsha512_name; 80 break; 81 default: 82 isc_mem_put(mctx, tsec, sizeof(*tsec)); 83 return (DNS_R_BADALG); 84 } 85 result = dns_tsigkey_createfromkey(dst_key_name(key), algname, 86 key, false, NULL, 0, 0, mctx, 87 NULL, &tsigkey); 88 if (result != ISC_R_SUCCESS) { 89 isc_mem_put(mctx, tsec, sizeof(*tsec)); 90 return (result); 91 } 92 tsec->ukey.tsigkey = tsigkey; 93 break; 94 case dns_tsectype_sig0: 95 tsec->ukey.key = key; 96 break; 97 default: 98 UNREACHABLE(); 99 } 100 101 tsec->magic = DNS_TSEC_MAGIC; 102 103 *tsecp = tsec; 104 return (ISC_R_SUCCESS); 105 } 106 107 void 108 dns_tsec_destroy(dns_tsec_t **tsecp) { 109 dns_tsec_t *tsec; 110 111 REQUIRE(tsecp != NULL && *tsecp != NULL); 112 tsec = *tsecp; 113 *tsecp = NULL; 114 REQUIRE(DNS_TSEC_VALID(tsec)); 115 116 switch (tsec->type) { 117 case dns_tsectype_tsig: 118 dns_tsigkey_detach(&tsec->ukey.tsigkey); 119 break; 120 case dns_tsectype_sig0: 121 dst_key_free(&tsec->ukey.key); 122 break; 123 default: 124 UNREACHABLE(); 125 } 126 127 tsec->magic = 0; 128 isc_mem_put(tsec->mctx, tsec, sizeof(*tsec)); 129 } 130 131 dns_tsectype_t 132 dns_tsec_gettype(dns_tsec_t *tsec) { 133 REQUIRE(DNS_TSEC_VALID(tsec)); 134 135 return (tsec->type); 136 } 137 138 void 139 dns_tsec_getkey(dns_tsec_t *tsec, void *keyp) { 140 REQUIRE(DNS_TSEC_VALID(tsec)); 141 REQUIRE(keyp != NULL); 142 143 switch (tsec->type) { 144 case dns_tsectype_tsig: 145 dns_tsigkey_attach(tsec->ukey.tsigkey, (dns_tsigkey_t **)keyp); 146 break; 147 case dns_tsectype_sig0: 148 *(dst_key_t **)keyp = tsec->ukey.key; 149 break; 150 default: 151 UNREACHABLE(); 152 } 153 } 154
Indexes created Wed Mar 04 15:26:31 UTC 2026