1 /*
2 * Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1998-2003 Internet Software Consortium.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 /* $Id$ */
19
20 #include <config.h>
21 #include <ctype.h>
22
23 #include <isc/buffer.h>
24 #include <isc/parseint.h>
25 #include <isc/print.h>
26 #include <isc/region.h>
27 #include <isc/result.h>
28 #include <isc/stdio.h>
29 #include <isc/stdlib.h>
30 #include <isc/string.h>
31 #include <isc/types.h>
32 #include <isc/util.h>
33
34 #include <dns/cert.h>
35 #include <dns/keyflags.h>
36 #include <dns/keyvalues.h>
37 #include <dns/rcode.h>
38 #include <dns/rdataclass.h>
39 #include <dns/result.h>
40 #include <dns/secalg.h>
41 #include <dns/secproto.h>
42
43 #define RETERR(x) \
44 do { \
45 isc_result_t _r = (x); \
46 if (_r != ISC_R_SUCCESS) \
47 return (_r); \
48 } while (0)
49
50 #define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */
51
52 #define TOTEXTONLY 0x01
53
54 #define RCODENAMES \
55 /* standard rcodes */ \
56 { dns_rcode_noerror, "NOERROR", 0}, \
57 { dns_rcode_formerr, "FORMERR", 0}, \
58 { dns_rcode_servfail, "SERVFAIL", 0}, \
59 { dns_rcode_nxdomain, "NXDOMAIN", 0}, \
60 { dns_rcode_notimp, "NOTIMP", 0}, \
61 { dns_rcode_refused, "REFUSED", 0}, \
62 { dns_rcode_yxdomain, "YXDOMAIN", 0}, \
63 { dns_rcode_yxrrset, "YXRRSET", 0}, \
64 { dns_rcode_nxrrset, "NXRRSET", 0}, \
65 { dns_rcode_notauth, "NOTAUTH", 0}, \
66 { dns_rcode_notzone, "NOTZONE", 0}, \
67 { 11, "RESERVED11", TOTEXTONLY}, \
68 { 12, "RESERVED12", TOTEXTONLY}, \
69 { 13, "RESERVED13", TOTEXTONLY}, \
70 { 14, "RESERVED14", TOTEXTONLY}, \
71 { 15, "RESERVED15", TOTEXTONLY},
72
73 #define ERCODENAMES \
74 /* extended rcodes */ \
75 { dns_rcode_badvers, "BADVERS", 0}, \
76 { 0, NULL, 0 }
77
78 #define TSIGRCODENAMES \
79 /* extended rcodes */ \
80 { dns_tsigerror_badsig, "BADSIG", 0}, \
81 { dns_tsigerror_badkey, "BADKEY", 0}, \
82 { dns_tsigerror_badtime, "BADTIME", 0}, \
83 { dns_tsigerror_badmode, "BADMODE", 0}, \
84 { dns_tsigerror_badname, "BADNAME", 0}, \
85 { dns_tsigerror_badalg, "BADALG", 0}, \
86 { dns_tsigerror_badtrunc, "BADTRUNC", 0}, \
87 { 0, NULL, 0 }
88
89 /* RFC4398 section 2.1 */
90
91 #define CERTNAMES \
92 { 1, "PKIX", 0}, \
93 { 2, "SPKI", 0}, \
94 { 3, "PGP", 0}, \
95 { 4, "IPKIX", 0}, \
96 { 5, "ISPKI", 0}, \
97 { 6, "IPGP", 0}, \
98 { 7, "ACPKIX", 0}, \
99 { 8, "IACPKIX", 0}, \
100 { 253, "URI", 0}, \
101 { 254, "OID", 0}, \
102 { 0, NULL, 0}
103
104 /* RFC2535 section 7, RFC3110 */
105
106 #define SECALGNAMES \
107 { DNS_KEYALG_RSAMD5, "RSAMD5", 0 }, \
108 { DNS_KEYALG_RSAMD5, "RSA", 0 }, \
109 { DNS_KEYALG_DH, "DH", 0 }, \
110 { DNS_KEYALG_DSA, "DSA", 0 }, \
111 { DNS_KEYALG_NSEC3DSA, "NSEC3DSA", 0 }, \
112 { DNS_KEYALG_ECC, "ECC", 0 }, \
113 { DNS_KEYALG_RSASHA1, "RSASHA1", 0 }, \
114 { DNS_KEYALG_NSEC3RSASHA1, "NSEC3RSASHA1", 0 }, \
115 { DNS_KEYALG_RSASHA256, "RSASHA256", 0 }, \
116 { DNS_KEYALG_RSASHA512, "RSASHA512", 0 }, \
117 { DNS_KEYALG_ECCGOST, "ECCGOST", 0 }, \
118 { DNS_KEYALG_ECDSA256, "ECDSAP256SHA256", 0 }, \
119 { DNS_KEYALG_ECDSA384, "ECDSAP384SHA384", 0 }, \
120 { DNS_KEYALG_INDIRECT, "INDIRECT", 0 }, \
121 { DNS_KEYALG_PRIVATEDNS, "PRIVATEDNS", 0 }, \
122 { DNS_KEYALG_PRIVATEOID, "PRIVATEOID", 0 }, \
123 { 0, NULL, 0}
124
125 /* RFC2535 section 7.1 */
126
127 #define SECPROTONAMES \
128 { 0, "NONE", 0 }, \
129 { 1, "TLS", 0 }, \
130 { 2, "EMAIL", 0 }, \
131 { 3, "DNSSEC", 0 }, \
132 { 4, "IPSEC", 0 }, \
133 { 255, "ALL", 0 }, \
134 { 0, NULL, 0}
135
136 #define HASHALGNAMES \
137 { 1, "SHA-1", 0 }, \
138 { 0, NULL, 0 }
139
140 struct tbl {
141 unsigned int value;
142 const char *name;
143 int flags;
144 };
145
146 static struct tbl rcodes[] = { RCODENAMES ERCODENAMES };
147 static struct tbl tsigrcodes[] = { RCODENAMES TSIGRCODENAMES };
148 static struct tbl certs[] = { CERTNAMES };
149 static struct tbl secalgs[] = { SECALGNAMES };
150 static struct tbl secprotos[] = { SECPROTONAMES };
151 static struct tbl hashalgs[] = { HASHALGNAMES };
152
153 static struct keyflag {
154 const char *name;
155 unsigned int value;
156 unsigned int mask;
157 } keyflags[] = {
158 { "NOCONF", 0x4000, 0xC000 },
159 { "NOAUTH", 0x8000, 0xC000 },
160 { "NOKEY", 0xC000, 0xC000 },
161 { "FLAG2", 0x2000, 0x2000 },
162 { "EXTEND", 0x1000, 0x1000 },
163 { "FLAG4", 0x0800, 0x0800 },
164 { "FLAG5", 0x0400, 0x0400 },
165 { "USER", 0x0000, 0x0300 },
166 { "ZONE", 0x0100, 0x0300 },
167 { "HOST", 0x0200, 0x0300 },
168 { "NTYP3", 0x0300, 0x0300 },
169 { "FLAG8", 0x0080, 0x0080 },
170 { "FLAG9", 0x0040, 0x0040 },
171 { "FLAG10", 0x0020, 0x0020 },
172 { "FLAG11", 0x0010, 0x0010 },
173 { "SIG0", 0x0000, 0x000F },
174 { "SIG1", 0x0001, 0x000F },
175 { "SIG2", 0x0002, 0x000F },
176 { "SIG3", 0x0003, 0x000F },
177 { "SIG4", 0x0004, 0x000F },
178 { "SIG5", 0x0005, 0x000F },
179 { "SIG6", 0x0006, 0x000F },
180 { "SIG7", 0x0007, 0x000F },
181 { "SIG8", 0x0008, 0x000F },
182 { "SIG9", 0x0009, 0x000F },
183 { "SIG10", 0x000A, 0x000F },
184 { "SIG11", 0x000B, 0x000F },
185 { "SIG12", 0x000C, 0x000F },
186 { "SIG13", 0x000D, 0x000F },
187 { "SIG14", 0x000E, 0x000F },
188 { "SIG15", 0x000F, 0x000F },
189 { "KSK", DNS_KEYFLAG_KSK, DNS_KEYFLAG_KSK },
190 { NULL, 0, 0 }
191 };
192
193 static isc_result_t
str_totext(const char * source,isc_buffer_t * target)194 str_totext(const char *source, isc_buffer_t *target) {
195 unsigned int l;
196 isc_region_t region;
197
198 isc_buffer_availableregion(target, ®ion);
199 l = strlen(source);
200
201 if (l > region.length)
202 return (ISC_R_NOSPACE);
203
204 memmove(region.base, source, l);
205 isc_buffer_add(target, l);
206 return (ISC_R_SUCCESS);
207 }
208
209 static isc_result_t
maybe_numeric(unsigned int * valuep,isc_textregion_t * source,unsigned int max,isc_boolean_t hex_allowed)210 maybe_numeric(unsigned int *valuep, isc_textregion_t *source,
211 unsigned int max, isc_boolean_t hex_allowed)
212 {
213 isc_result_t result;
214 isc_uint32_t n;
215 char buffer[NUMBERSIZE];
216
217 if (! isdigit(source->base[0] & 0xff) ||
218 source->length > NUMBERSIZE - 1)
219 return (ISC_R_BADNUMBER);
220
221 /*
222 * We have a potential number. Try to parse it with
223 * isc_parse_uint32(). isc_parse_uint32() requires
224 * null termination, so we must make a copy.
225 */
226 strncpy(buffer, source->base, sizeof(buffer));
227 buffer[sizeof(buffer) - 1] = '\0';
228
229 INSIST(buffer[source->length] == '\0');
230
231 result = isc_parse_uint32(&n, buffer, 10);
232 if (result == ISC_R_BADNUMBER && hex_allowed)
233 result = isc_parse_uint32(&n, buffer, 16);
234 if (result != ISC_R_SUCCESS)
235 return (result);
236 if (n > max)
237 return (ISC_R_RANGE);
238 *valuep = n;
239 return (ISC_R_SUCCESS);
240 }
241
242 static isc_result_t
dns_mnemonic_fromtext(unsigned int * valuep,isc_textregion_t * source,struct tbl * table,unsigned int max)243 dns_mnemonic_fromtext(unsigned int *valuep, isc_textregion_t *source,
244 struct tbl *table, unsigned int max)
245 {
246 isc_result_t result;
247 int i;
248
249 result = maybe_numeric(valuep, source, max, ISC_FALSE);
250 if (result != ISC_R_BADNUMBER)
251 return (result);
252
253 for (i = 0; table[i].name != NULL; i++) {
254 unsigned int n;
255 n = strlen(table[i].name);
256 if (n == source->length &&
257 (table[i].flags & TOTEXTONLY) == 0 &&
258 strncasecmp(source->base, table[i].name, n) == 0) {
259 *valuep = table[i].value;
260 return (ISC_R_SUCCESS);
261 }
262 }
263 return (DNS_R_UNKNOWN);
264 }
265
266 static isc_result_t
dns_mnemonic_totext(unsigned int value,isc_buffer_t * target,struct tbl * table)267 dns_mnemonic_totext(unsigned int value, isc_buffer_t *target,
268 struct tbl *table)
269 {
270 int i = 0;
271 char buf[sizeof("4294967296")];
272 while (table[i].name != NULL) {
273 if (table[i].value == value) {
274 return (str_totext(table[i].name, target));
275 }
276 i++;
277 }
278 snprintf(buf, sizeof(buf), "%u", value);
279 return (str_totext(buf, target));
280 }
281
282 isc_result_t
dns_rcode_fromtext(dns_rcode_t * rcodep,isc_textregion_t * source)283 dns_rcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source) {
284 unsigned int value;
285 RETERR(dns_mnemonic_fromtext(&value, source, rcodes, 0xffff));
286 *rcodep = value;
287 return (ISC_R_SUCCESS);
288 }
289
290 isc_result_t
dns_rcode_totext(dns_rcode_t rcode,isc_buffer_t * target)291 dns_rcode_totext(dns_rcode_t rcode, isc_buffer_t *target) {
292 return (dns_mnemonic_totext(rcode, target, rcodes));
293 }
294
295 isc_result_t
dns_tsigrcode_fromtext(dns_rcode_t * rcodep,isc_textregion_t * source)296 dns_tsigrcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source) {
297 unsigned int value;
298 RETERR(dns_mnemonic_fromtext(&value, source, tsigrcodes, 0xffff));
299 *rcodep = value;
300 return (ISC_R_SUCCESS);
301 }
302
303 isc_result_t
dns_tsigrcode_totext(dns_rcode_t rcode,isc_buffer_t * target)304 dns_tsigrcode_totext(dns_rcode_t rcode, isc_buffer_t *target) {
305 return (dns_mnemonic_totext(rcode, target, tsigrcodes));
306 }
307
308 isc_result_t
dns_cert_fromtext(dns_cert_t * certp,isc_textregion_t * source)309 dns_cert_fromtext(dns_cert_t *certp, isc_textregion_t *source) {
310 unsigned int value;
311 RETERR(dns_mnemonic_fromtext(&value, source, certs, 0xffff));
312 *certp = value;
313 return (ISC_R_SUCCESS);
314 }
315
316 isc_result_t
dns_cert_totext(dns_cert_t cert,isc_buffer_t * target)317 dns_cert_totext(dns_cert_t cert, isc_buffer_t *target) {
318 return (dns_mnemonic_totext(cert, target, certs));
319 }
320
321 isc_result_t
dns_secalg_fromtext(dns_secalg_t * secalgp,isc_textregion_t * source)322 dns_secalg_fromtext(dns_secalg_t *secalgp, isc_textregion_t *source) {
323 unsigned int value;
324 RETERR(dns_mnemonic_fromtext(&value, source, secalgs, 0xff));
325 *secalgp = value;
326 return (ISC_R_SUCCESS);
327 }
328
329 isc_result_t
dns_secalg_totext(dns_secalg_t secalg,isc_buffer_t * target)330 dns_secalg_totext(dns_secalg_t secalg, isc_buffer_t *target) {
331 return (dns_mnemonic_totext(secalg, target, secalgs));
332 }
333
334 void
dns_secalg_format(dns_secalg_t alg,char * cp,unsigned int size)335 dns_secalg_format(dns_secalg_t alg, char *cp, unsigned int size) {
336 isc_buffer_t b;
337 isc_region_t r;
338 isc_result_t result;
339
340 REQUIRE(cp != NULL && size > 0);
341 isc_buffer_init(&b, cp, size - 1);
342 result = dns_secalg_totext(alg, &b);
343 isc_buffer_usedregion(&b, &r);
344 r.base[r.length] = 0;
345 if (result != ISC_R_SUCCESS)
346 r.base[0] = 0;
347 }
348
349 isc_result_t
dns_secproto_fromtext(dns_secproto_t * secprotop,isc_textregion_t * source)350 dns_secproto_fromtext(dns_secproto_t *secprotop, isc_textregion_t *source) {
351 unsigned int value;
352 RETERR(dns_mnemonic_fromtext(&value, source, secprotos, 0xff));
353 *secprotop = value;
354 return (ISC_R_SUCCESS);
355 }
356
357 isc_result_t
dns_secproto_totext(dns_secproto_t secproto,isc_buffer_t * target)358 dns_secproto_totext(dns_secproto_t secproto, isc_buffer_t *target) {
359 return (dns_mnemonic_totext(secproto, target, secprotos));
360 }
361
362 isc_result_t
dns_hashalg_fromtext(unsigned char * hashalg,isc_textregion_t * source)363 dns_hashalg_fromtext(unsigned char *hashalg, isc_textregion_t *source) {
364 unsigned int value;
365 RETERR(dns_mnemonic_fromtext(&value, source, hashalgs, 0xff));
366 *hashalg = value;
367 return (ISC_R_SUCCESS);
368 }
369
370 isc_result_t
dns_keyflags_fromtext(dns_keyflags_t * flagsp,isc_textregion_t * source)371 dns_keyflags_fromtext(dns_keyflags_t *flagsp, isc_textregion_t *source)
372 {
373 isc_result_t result;
374 char *text, *end;
375 unsigned int value, mask;
376
377 result = maybe_numeric(&value, source, 0xffff, ISC_TRUE);
378 if (result == ISC_R_SUCCESS) {
379 *flagsp = value;
380 return (ISC_R_SUCCESS);
381 }
382 if (result != ISC_R_BADNUMBER)
383 return (result);
384
385 text = source->base;
386 end = source->base + source->length;
387 value = mask = 0;
388
389 while (text < end) {
390 struct keyflag *p;
391 unsigned int len;
392 char *delim = memchr(text, '|', end - text);
393 if (delim != NULL)
394 len = (unsigned int)(delim - text);
395 else
396 len = (unsigned int)(end - text);
397 for (p = keyflags; p->name != NULL; p++) {
398 if (strncasecmp(p->name, text, len) == 0)
399 break;
400 }
401 if (p->name == NULL)
402 return (DNS_R_UNKNOWNFLAG);
403 value |= p->value;
404 #ifdef notyet
405 if ((mask & p->mask) != 0)
406 warn("overlapping key flags");
407 #endif
408 mask |= p->mask;
409 text += len;
410 if (delim != NULL)
411 text++; /* Skip "|" */
412 }
413 *flagsp = value;
414 return (ISC_R_SUCCESS);
415 }
416
417 /*
418 * This uses lots of hard coded values, but how often do we actually
419 * add classes?
420 */
421 isc_result_t
dns_rdataclass_fromtext(dns_rdataclass_t * classp,isc_textregion_t * source)422 dns_rdataclass_fromtext(dns_rdataclass_t *classp, isc_textregion_t *source) {
423 #define COMPARE(string, rdclass) \
424 if (((sizeof(string) - 1) == source->length) \
425 && (strncasecmp(source->base, string, source->length) == 0)) { \
426 *classp = rdclass; \
427 return (ISC_R_SUCCESS); \
428 }
429
430 switch (tolower((unsigned char)source->base[0])) {
431 case 'a':
432 COMPARE("any", dns_rdataclass_any);
433 break;
434 case 'c':
435 /*
436 * RFC1035 says the mnemonic for the CHAOS class is CH,
437 * but historical BIND practice is to call it CHAOS.
438 * We will accept both forms, but only generate CH.
439 */
440 COMPARE("ch", dns_rdataclass_chaos);
441 COMPARE("chaos", dns_rdataclass_chaos);
442
443 if (source->length > 5 &&
444 source->length < (5 + sizeof("65000")) &&
445 strncasecmp("class", source->base, 5) == 0) {
446 char buf[sizeof("65000")];
447 char *endp;
448 unsigned int val;
449
450 strncpy(buf, source->base + 5, source->length - 5);
451 buf[source->length - 5] = '\0';
452 val = strtoul(buf, &endp, 10);
453 if (*endp == '\0' && val <= 0xffff) {
454 *classp = (dns_rdataclass_t)val;
455 return (ISC_R_SUCCESS);
456 }
457 }
458 break;
459 case 'h':
460 COMPARE("hs", dns_rdataclass_hs);
461 COMPARE("hesiod", dns_rdataclass_hs);
462 break;
463 case 'i':
464 COMPARE("in", dns_rdataclass_in);
465 break;
466 case 'n':
467 COMPARE("none", dns_rdataclass_none);
468 break;
469 case 'r':
470 COMPARE("reserved0", dns_rdataclass_reserved0);
471 break;
472 }
473
474 #undef COMPARE
475
476 return (DNS_R_UNKNOWN);
477 }
478
479 isc_result_t
dns_rdataclass_totext(dns_rdataclass_t rdclass,isc_buffer_t * target)480 dns_rdataclass_totext(dns_rdataclass_t rdclass, isc_buffer_t *target) {
481 char buf[sizeof("CLASS65535")];
482
483 switch (rdclass) {
484 case dns_rdataclass_any:
485 return (str_totext("ANY", target));
486 case dns_rdataclass_chaos:
487 return (str_totext("CH", target));
488 case dns_rdataclass_hs:
489 return (str_totext("HS", target));
490 case dns_rdataclass_in:
491 return (str_totext("IN", target));
492 case dns_rdataclass_none:
493 return (str_totext("NONE", target));
494 case dns_rdataclass_reserved0:
495 return (str_totext("RESERVED0", target));
496 default:
497 snprintf(buf, sizeof(buf), "CLASS%u", rdclass);
498 return (str_totext(buf, target));
499 }
500 }
501
502 void
dns_rdataclass_format(dns_rdataclass_t rdclass,char * array,unsigned int size)503 dns_rdataclass_format(dns_rdataclass_t rdclass,
504 char *array, unsigned int size)
505 {
506 isc_result_t result;
507 isc_buffer_t buf;
508
509 if (size == 0U)
510 return;
511
512 isc_buffer_init(&buf, array, size);
513 result = dns_rdataclass_totext(rdclass, &buf);
514 /*
515 * Null terminate.
516 */
517 if (result == ISC_R_SUCCESS) {
518 if (isc_buffer_availablelength(&buf) >= 1)
519 isc_buffer_putuint8(&buf, 0);
520 else
521 result = ISC_R_NOSPACE;
522 }
523 if (result != ISC_R_SUCCESS)
524 strlcpy(array, "<unknown>", size);
525 }
526