Commit 1c4d5601 authored by Daniel Salzman's avatar Daniel Salzman

libknot: Merge algorithm sources

parent 4dce8cef
......@@ -135,8 +135,6 @@ src/libknot/consts.c
src/libknot/consts.h
src/libknot/dname.c
src/libknot/dname.h
src/libknot/dnssec/algorithm.c
src/libknot/dnssec/algorithm.h
src/libknot/dnssec/cleanup.h
src/libknot/dnssec/config.h
src/libknot/dnssec/key.c
......@@ -238,7 +236,6 @@ src/zscanner/error.c
src/zscanner/error.h
src/zscanner/file_loader.c
src/zscanner/file_loader.h
src/zscanner/scanner.c
src/zscanner/scanner.h
src/zscanner/scanner.rl
src/zscanner/scanner_body.rl
......
......@@ -148,8 +148,6 @@ libknot_la_SOURCES = \
libknot/tsig-op.c \
libknot/binary.h \
libknot/binary.c \
libknot/dnssec/algorithm.c \
libknot/dnssec/algorithm.h \
libknot/dnssec/cleanup.h \
libknot/dnssec/config.h \
libknot/dnssec/key.c \
......
......@@ -80,6 +80,21 @@ knot_lookup_table_t knot_tsig_alg_dnames[] = {
{ KNOT_TSIG_ALG_NULL, NULL }
};
knot_lookup_table_t knot_dnssec_alg_names[] = {
{ KNOT_DNSSEC_ALG_RSAMD5, "RSAMD5" },
{ KNOT_DNSSEC_ALG_DH, "DH" },
{ KNOT_DNSSEC_ALG_DSA, "DSA" },
{ KNOT_DNSSEC_ALG_RSASHA1, "RSASHA1" },
{ KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1, "DSA_NSEC3_SHA1" },
{ KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1, "RSASHA1_NSEC3_SHA1" },
{ KNOT_DNSSEC_ALG_RSASHA256, "RSASHA256" },
{ KNOT_DNSSEC_ALG_RSASHA512, "RSASHA512" },
{ KNOT_DNSSEC_ALG_ECC_GOST, "ECC_GOST" },
{ KNOT_DNSSEC_ALG_ECDSAP256SHA256, "ECDSAP256SHA256" },
{ KNOT_DNSSEC_ALG_ECDSAP384SHA384, "ECDSAP384SHA384" },
{ 0, NULL }
};
size_t knot_tsig_digest_length(const uint8_t algorithm)
{
switch (algorithm) {
......@@ -117,3 +132,30 @@ size_t knot_ds_digest_length(const uint8_t algorithm)
return 0;
}
}
bool knot_dnssec_algorithm_is_zonesign(uint8_t algorithm, bool nsec3_enabled)
{
switch (algorithm) {
// NSEC only
case KNOT_DNSSEC_ALG_DSA:
case KNOT_DNSSEC_ALG_RSASHA1:
return !nsec3_enabled;
// NSEC3 only
case KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1:
case KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1:
return true; // allow even with NSEC
// both NSEC and NSEC3
case KNOT_DNSSEC_ALG_RSASHA256:
case KNOT_DNSSEC_ALG_RSASHA512:
case KNOT_DNSSEC_ALG_ECC_GOST:
case KNOT_DNSSEC_ALG_ECDSAP256SHA256:
case KNOT_DNSSEC_ALG_ECDSAP384SHA384:
return true;
// unsupported or unknown
default:
return false;
}
}
......@@ -27,6 +27,7 @@
#ifndef _KNOT_CONSTS_H_
#define _KNOT_CONSTS_H_
#include <stdbool.h>
#include <stdint.h>
#include "libknot/util/utils.h"
......@@ -153,6 +154,35 @@ typedef enum {
KNOT_DS_ALG_SHA384 = 4
} knot_ds_algorithm_t;
/*!
* \brief DNSSEC algorithm numbers.
*
* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml
*/
typedef enum {
KNOT_DNSSEC_ALG_RSAMD5 = 1,
KNOT_DNSSEC_ALG_DH = 2,
KNOT_DNSSEC_ALG_DSA = 3,
KNOT_DNSSEC_ALG_RSASHA1 = 5,
KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1 = 6,
KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1 = 7,
KNOT_DNSSEC_ALG_RSASHA256 = 8,
KNOT_DNSSEC_ALG_RSASHA512 = 10,
KNOT_DNSSEC_ALG_ECC_GOST = 12,
KNOT_DNSSEC_ALG_ECDSAP256SHA256 = 13,
KNOT_DNSSEC_ALG_ECDSAP384SHA384 = 14
} knot_dnssec_algorithm_t;
/*!
* \brief NSEC3 hash algorithm numbers.
*/
typedef enum {
KNOT_NSEC3_ALGORITHM_SHA1 = 1
} knot_nsec3_hash_algorithm_t;
/*!
* \brief DNS operation code names.
*/
......@@ -178,6 +208,11 @@ extern knot_lookup_table_t knot_tsig_alg_dnames_str[];
*/
extern knot_lookup_table_t knot_tsig_alg_dnames[];
/*!
* \brief DNSSEC algorithm names.
*/
extern knot_lookup_table_t knot_dnssec_alg_names[];
/*!
* \brief Returns length of TSIG digest for given algorithm.
*
......@@ -196,6 +231,16 @@ size_t knot_tsig_digest_length(const uint8_t algorithm);
*/
size_t knot_ds_digest_length(const uint8_t algorithm);
/*!
* \brief Check if algorithm is supported for zone signing.
*
* \param algorithm Algorithm identification.
* \param nsec3_enabled NSEC3 enabled for signed zone.
*
* \return Given algorithm is allowed for zone signing.
*/
bool knot_dnssec_algorithm_is_zonesign(uint8_t algorithm, bool nsec3_enabled);
#endif /* _KNOT_CONSTS_H_ */
/*! @} */
/* Copyright (C) 2013 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdbool.h>
#include <stdint.h>
#include "libknot/dnssec/algorithm.h"
/*!
* \brief Check if algorithm is supported for zone signing.
*/
bool knot_dnssec_algorithm_is_zonesign(uint8_t algorithm, bool nsec3_enabled)
{
switch (algorithm) {
// NSEC only
case KNOT_DNSSEC_ALG_DSA:
case KNOT_DNSSEC_ALG_RSASHA1:
return !nsec3_enabled;
// NSEC3 only
case KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1:
case KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1:
return true; // allow even with NSEC
// both NSEC and NSEC3
case KNOT_DNSSEC_ALG_RSASHA256:
case KNOT_DNSSEC_ALG_RSASHA512:
case KNOT_DNSSEC_ALG_ECC_GOST:
case KNOT_DNSSEC_ALG_ECDSAP256SHA256:
case KNOT_DNSSEC_ALG_ECDSAP384SHA384:
return true;
// unsupported or unknown
default:
return false;
}
}
knot_lookup_table_t knot_dnssec_alg_names[] = {
{ KNOT_DNSSEC_ALG_RSAMD5, "RSAMD5" },
{ KNOT_DNSSEC_ALG_DH, "DH" },
{ KNOT_DNSSEC_ALG_DSA, "DSA" },
{ KNOT_DNSSEC_ALG_RSASHA1, "RSASHA1" },
{ KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1, "DSA_NSEC3_SHA1" },
{ KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1, "RSASHA1_NSEC3_SHA1" },
{ KNOT_DNSSEC_ALG_RSASHA256, "RSASHA256" },
{ KNOT_DNSSEC_ALG_RSASHA512, "RSASHA512" },
{ KNOT_DNSSEC_ALG_ECC_GOST, "ECC_GOST" },
{ KNOT_DNSSEC_ALG_ECDSAP256SHA256, "ECDSAP256SHA256" },
{ KNOT_DNSSEC_ALG_ECDSAP384SHA384, "ECDSAP384SHA384" },
{ 0, NULL }
};
/* Copyright (C) 2013 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*!
* \file algorithm.h
*
* \author Jan Vcelak <jan.vcelak@nic.cz>
*
* \brief DNSSEC key algorithm utilities.
*
* \addtogroup dnssec
* @{
*/
#ifndef _KNOT_DNSSEC_ALGORITHM_H_
#define _KNOT_DNSSEC_ALGORITHM_H_
#include <stdbool.h>
#include <stdint.h>
#include "libknot/util/utils.h"
/*!
* \brief DNSSEC algorithm numbers.
*
* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml
*/
typedef enum {
KNOT_DNSSEC_ALG_RSAMD5 = 1,
KNOT_DNSSEC_ALG_DH = 2,
KNOT_DNSSEC_ALG_DSA = 3,
KNOT_DNSSEC_ALG_RSASHA1 = 5,
KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1 = 6,
KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1 = 7,
KNOT_DNSSEC_ALG_RSASHA256 = 8,
KNOT_DNSSEC_ALG_RSASHA512 = 10,
KNOT_DNSSEC_ALG_ECC_GOST = 12,
KNOT_DNSSEC_ALG_ECDSAP256SHA256 = 13,
KNOT_DNSSEC_ALG_ECDSAP384SHA384 = 14
} knot_dnssec_algorithm_t;
/*!
* \brief DNSSEC algorithm names.
*/
extern knot_lookup_table_t knot_dnssec_alg_names[];
/*!
* \brief NSEC3 hash algorithm numbers.
*/
typedef enum {
KNOT_NSEC3_ALGORITHM_SHA1 = 1
} knot_nsec3_hash_algorithm_t;
/*!
* \brief Check if algorithm is supported for zone signing.
*
* \param algorithm Algorithm identification.
* \param nsec3_enabled NSEC3 enabled for signed zone.
*
* \return Given algorithm is allowed for zone signing.
*/
bool knot_dnssec_algorithm_is_zonesign(uint8_t algorithm, bool nsec3_enabled);
#endif // _KNOT_DNSSEC_ALGORITHM_H_
/*! @} */
......@@ -25,7 +25,7 @@
#include "common/descriptor.h"
#include "common/memdup.h"
#include "libknot/common.h"
#include "libknot/dnssec/algorithm.h"
#include "libknot/consts.h"
#include "libknot/dnssec/nsec3.h"
#include "libknot/rdata.h"
#include "libknot/util/tolower.h"
......
......@@ -32,7 +32,7 @@
#include <stdint.h>
#include <string.h>
#include "libknot/dnssec/algorithm.h"
#include "libknot/consts.h"
#include "libknot/rrset.h"
/*---------------------------------------------------------------------------*/
......
......@@ -23,7 +23,7 @@
#include "common/descriptor.h"
#include "common/errcode.h"
#include "libknot/common.h"
#include "libknot/dnssec/algorithm.h"
#include "libknot/consts.h"
#include "libknot/dnssec/config.h"
#include "libknot/dnssec/key.h"
#include "libknot/dnssec/sign.h"
......
......@@ -29,7 +29,7 @@
#include "common/descriptor.h"
#include "libknot/binary.h"
#include "libknot/dnssec/algorithm.h"
#include "libknot/consts.h"
#include "libknot/dnssec/key.h"
/*!
......
......@@ -20,7 +20,7 @@
#include <stdbool.h>
#include "common/errcode.h"
#include "libknot/dname.h"
#include "libknot/dnssec/algorithm.h"
#include "libknot/consts.h"
#include "libknot/dnssec/nsec3.h"
#include "libknot/dnssec/sign.h"
#include "libknot/dnssec/zone-keys.h"
......
......@@ -34,7 +34,6 @@
#include "common/base32hex.h" // base32hex
#include "common/descriptor.h" // KNOT_RRTYPE
#include "libknot/dnssec/key.h" // knot_keytag
#include "libknot/dnssec/algorithm.h" // knot_dnssec_alg_names
#include "libknot/consts.h" // knot_rcode_names
#include "libknot/util/utils.h" // knot_wire_read_u16
......
......@@ -22,7 +22,7 @@
#include "common/descriptor.h"
#include "common/errcode.h"
#include "libknot/dname.h"
#include "libknot/dnssec/algorithm.h"
#include "libknot/consts.h"
#include "libknot/dnssec/nsec3.h"
#include "libknot/rrset.h"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment