Commit 1c4d5601 authored by Daniel Salzman's avatar Daniel Salzman

libknot: Merge algorithm sources

parent 4dce8cef
...@@ -135,8 +135,6 @@ src/libknot/consts.c ...@@ -135,8 +135,6 @@ src/libknot/consts.c
src/libknot/consts.h src/libknot/consts.h
src/libknot/dname.c src/libknot/dname.c
src/libknot/dname.h src/libknot/dname.h
src/libknot/dnssec/algorithm.c
src/libknot/dnssec/algorithm.h
src/libknot/dnssec/cleanup.h src/libknot/dnssec/cleanup.h
src/libknot/dnssec/config.h src/libknot/dnssec/config.h
src/libknot/dnssec/key.c src/libknot/dnssec/key.c
...@@ -238,7 +236,6 @@ src/zscanner/error.c ...@@ -238,7 +236,6 @@ src/zscanner/error.c
src/zscanner/error.h src/zscanner/error.h
src/zscanner/file_loader.c src/zscanner/file_loader.c
src/zscanner/file_loader.h src/zscanner/file_loader.h
src/zscanner/scanner.c
src/zscanner/scanner.h src/zscanner/scanner.h
src/zscanner/scanner.rl src/zscanner/scanner.rl
src/zscanner/scanner_body.rl src/zscanner/scanner_body.rl
......
...@@ -148,8 +148,6 @@ libknot_la_SOURCES = \ ...@@ -148,8 +148,6 @@ libknot_la_SOURCES = \
libknot/tsig-op.c \ libknot/tsig-op.c \
libknot/binary.h \ libknot/binary.h \
libknot/binary.c \ libknot/binary.c \
libknot/dnssec/algorithm.c \
libknot/dnssec/algorithm.h \
libknot/dnssec/cleanup.h \ libknot/dnssec/cleanup.h \
libknot/dnssec/config.h \ libknot/dnssec/config.h \
libknot/dnssec/key.c \ libknot/dnssec/key.c \
......
...@@ -80,6 +80,21 @@ knot_lookup_table_t knot_tsig_alg_dnames[] = { ...@@ -80,6 +80,21 @@ knot_lookup_table_t knot_tsig_alg_dnames[] = {
{ KNOT_TSIG_ALG_NULL, NULL } { KNOT_TSIG_ALG_NULL, NULL }
}; };
knot_lookup_table_t knot_dnssec_alg_names[] = {
{ KNOT_DNSSEC_ALG_RSAMD5, "RSAMD5" },
{ KNOT_DNSSEC_ALG_DH, "DH" },
{ KNOT_DNSSEC_ALG_DSA, "DSA" },
{ KNOT_DNSSEC_ALG_RSASHA1, "RSASHA1" },
{ KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1, "DSA_NSEC3_SHA1" },
{ KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1, "RSASHA1_NSEC3_SHA1" },
{ KNOT_DNSSEC_ALG_RSASHA256, "RSASHA256" },
{ KNOT_DNSSEC_ALG_RSASHA512, "RSASHA512" },
{ KNOT_DNSSEC_ALG_ECC_GOST, "ECC_GOST" },
{ KNOT_DNSSEC_ALG_ECDSAP256SHA256, "ECDSAP256SHA256" },
{ KNOT_DNSSEC_ALG_ECDSAP384SHA384, "ECDSAP384SHA384" },
{ 0, NULL }
};
size_t knot_tsig_digest_length(const uint8_t algorithm) size_t knot_tsig_digest_length(const uint8_t algorithm)
{ {
switch (algorithm) { switch (algorithm) {
...@@ -117,3 +132,30 @@ size_t knot_ds_digest_length(const uint8_t algorithm) ...@@ -117,3 +132,30 @@ size_t knot_ds_digest_length(const uint8_t algorithm)
return 0; return 0;
} }
} }
bool knot_dnssec_algorithm_is_zonesign(uint8_t algorithm, bool nsec3_enabled)
{
switch (algorithm) {
// NSEC only
case KNOT_DNSSEC_ALG_DSA:
case KNOT_DNSSEC_ALG_RSASHA1:
return !nsec3_enabled;
// NSEC3 only
case KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1:
case KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1:
return true; // allow even with NSEC
// both NSEC and NSEC3
case KNOT_DNSSEC_ALG_RSASHA256:
case KNOT_DNSSEC_ALG_RSASHA512:
case KNOT_DNSSEC_ALG_ECC_GOST:
case KNOT_DNSSEC_ALG_ECDSAP256SHA256:
case KNOT_DNSSEC_ALG_ECDSAP384SHA384:
return true;
// unsupported or unknown
default:
return false;
}
}
...@@ -27,6 +27,7 @@ ...@@ -27,6 +27,7 @@
#ifndef _KNOT_CONSTS_H_ #ifndef _KNOT_CONSTS_H_
#define _KNOT_CONSTS_H_ #define _KNOT_CONSTS_H_
#include <stdbool.h>
#include <stdint.h> #include <stdint.h>
#include "libknot/util/utils.h" #include "libknot/util/utils.h"
...@@ -153,6 +154,35 @@ typedef enum { ...@@ -153,6 +154,35 @@ typedef enum {
KNOT_DS_ALG_SHA384 = 4 KNOT_DS_ALG_SHA384 = 4
} knot_ds_algorithm_t; } knot_ds_algorithm_t;
/*!
* \brief DNSSEC algorithm numbers.
*
* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml
*/
typedef enum {
KNOT_DNSSEC_ALG_RSAMD5 = 1,
KNOT_DNSSEC_ALG_DH = 2,
KNOT_DNSSEC_ALG_DSA = 3,
KNOT_DNSSEC_ALG_RSASHA1 = 5,
KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1 = 6,
KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1 = 7,
KNOT_DNSSEC_ALG_RSASHA256 = 8,
KNOT_DNSSEC_ALG_RSASHA512 = 10,
KNOT_DNSSEC_ALG_ECC_GOST = 12,
KNOT_DNSSEC_ALG_ECDSAP256SHA256 = 13,
KNOT_DNSSEC_ALG_ECDSAP384SHA384 = 14
} knot_dnssec_algorithm_t;
/*!
* \brief NSEC3 hash algorithm numbers.
*/
typedef enum {
KNOT_NSEC3_ALGORITHM_SHA1 = 1
} knot_nsec3_hash_algorithm_t;
/*! /*!
* \brief DNS operation code names. * \brief DNS operation code names.
*/ */
...@@ -178,6 +208,11 @@ extern knot_lookup_table_t knot_tsig_alg_dnames_str[]; ...@@ -178,6 +208,11 @@ extern knot_lookup_table_t knot_tsig_alg_dnames_str[];
*/ */
extern knot_lookup_table_t knot_tsig_alg_dnames[]; extern knot_lookup_table_t knot_tsig_alg_dnames[];
/*!
* \brief DNSSEC algorithm names.
*/
extern knot_lookup_table_t knot_dnssec_alg_names[];
/*! /*!
* \brief Returns length of TSIG digest for given algorithm. * \brief Returns length of TSIG digest for given algorithm.
* *
...@@ -196,6 +231,16 @@ size_t knot_tsig_digest_length(const uint8_t algorithm); ...@@ -196,6 +231,16 @@ size_t knot_tsig_digest_length(const uint8_t algorithm);
*/ */
size_t knot_ds_digest_length(const uint8_t algorithm); size_t knot_ds_digest_length(const uint8_t algorithm);
/*!
* \brief Check if algorithm is supported for zone signing.
*
* \param algorithm Algorithm identification.
* \param nsec3_enabled NSEC3 enabled for signed zone.
*
* \return Given algorithm is allowed for zone signing.
*/
bool knot_dnssec_algorithm_is_zonesign(uint8_t algorithm, bool nsec3_enabled);
#endif /* _KNOT_CONSTS_H_ */ #endif /* _KNOT_CONSTS_H_ */
/*! @} */ /*! @} */
/* Copyright (C) 2013 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <config.h>
#include <stdbool.h>
#include <stdint.h>
#include "libknot/dnssec/algorithm.h"
/*!
* \brief Check if algorithm is supported for zone signing.
*/
bool knot_dnssec_algorithm_is_zonesign(uint8_t algorithm, bool nsec3_enabled)
{
switch (algorithm) {
// NSEC only
case KNOT_DNSSEC_ALG_DSA:
case KNOT_DNSSEC_ALG_RSASHA1:
return !nsec3_enabled;
// NSEC3 only
case KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1:
case KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1:
return true; // allow even with NSEC
// both NSEC and NSEC3
case KNOT_DNSSEC_ALG_RSASHA256:
case KNOT_DNSSEC_ALG_RSASHA512:
case KNOT_DNSSEC_ALG_ECC_GOST:
case KNOT_DNSSEC_ALG_ECDSAP256SHA256:
case KNOT_DNSSEC_ALG_ECDSAP384SHA384:
return true;
// unsupported or unknown
default:
return false;
}
}
knot_lookup_table_t knot_dnssec_alg_names[] = {
{ KNOT_DNSSEC_ALG_RSAMD5, "RSAMD5" },
{ KNOT_DNSSEC_ALG_DH, "DH" },
{ KNOT_DNSSEC_ALG_DSA, "DSA" },
{ KNOT_DNSSEC_ALG_RSASHA1, "RSASHA1" },
{ KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1, "DSA_NSEC3_SHA1" },
{ KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1, "RSASHA1_NSEC3_SHA1" },
{ KNOT_DNSSEC_ALG_RSASHA256, "RSASHA256" },
{ KNOT_DNSSEC_ALG_RSASHA512, "RSASHA512" },
{ KNOT_DNSSEC_ALG_ECC_GOST, "ECC_GOST" },
{ KNOT_DNSSEC_ALG_ECDSAP256SHA256, "ECDSAP256SHA256" },
{ KNOT_DNSSEC_ALG_ECDSAP384SHA384, "ECDSAP384SHA384" },
{ 0, NULL }
};
/* Copyright (C) 2013 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/*!
* \file algorithm.h
*
* \author Jan Vcelak <jan.vcelak@nic.cz>
*
* \brief DNSSEC key algorithm utilities.
*
* \addtogroup dnssec
* @{
*/
#ifndef _KNOT_DNSSEC_ALGORITHM_H_
#define _KNOT_DNSSEC_ALGORITHM_H_
#include <stdbool.h>
#include <stdint.h>
#include "libknot/util/utils.h"
/*!
* \brief DNSSEC algorithm numbers.
*
* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml
*/
typedef enum {
KNOT_DNSSEC_ALG_RSAMD5 = 1,
KNOT_DNSSEC_ALG_DH = 2,
KNOT_DNSSEC_ALG_DSA = 3,
KNOT_DNSSEC_ALG_RSASHA1 = 5,
KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1 = 6,
KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1 = 7,
KNOT_DNSSEC_ALG_RSASHA256 = 8,
KNOT_DNSSEC_ALG_RSASHA512 = 10,
KNOT_DNSSEC_ALG_ECC_GOST = 12,
KNOT_DNSSEC_ALG_ECDSAP256SHA256 = 13,
KNOT_DNSSEC_ALG_ECDSAP384SHA384 = 14
} knot_dnssec_algorithm_t;
/*!
* \brief DNSSEC algorithm names.
*/
extern knot_lookup_table_t knot_dnssec_alg_names[];
/*!
* \brief NSEC3 hash algorithm numbers.
*/
typedef enum {
KNOT_NSEC3_ALGORITHM_SHA1 = 1
} knot_nsec3_hash_algorithm_t;
/*!
* \brief Check if algorithm is supported for zone signing.
*
* \param algorithm Algorithm identification.
* \param nsec3_enabled NSEC3 enabled for signed zone.
*
* \return Given algorithm is allowed for zone signing.
*/
bool knot_dnssec_algorithm_is_zonesign(uint8_t algorithm, bool nsec3_enabled);
#endif // _KNOT_DNSSEC_ALGORITHM_H_
/*! @} */
...@@ -25,7 +25,7 @@ ...@@ -25,7 +25,7 @@
#include "common/descriptor.h" #include "common/descriptor.h"
#include "common/memdup.h" #include "common/memdup.h"
#include "libknot/common.h" #include "libknot/common.h"
#include "libknot/dnssec/algorithm.h" #include "libknot/consts.h"
#include "libknot/dnssec/nsec3.h" #include "libknot/dnssec/nsec3.h"
#include "libknot/rdata.h" #include "libknot/rdata.h"
#include "libknot/util/tolower.h" #include "libknot/util/tolower.h"
......
...@@ -32,7 +32,7 @@ ...@@ -32,7 +32,7 @@
#include <stdint.h> #include <stdint.h>
#include <string.h> #include <string.h>
#include "libknot/dnssec/algorithm.h" #include "libknot/consts.h"
#include "libknot/rrset.h" #include "libknot/rrset.h"
/*---------------------------------------------------------------------------*/ /*---------------------------------------------------------------------------*/
......
...@@ -23,7 +23,7 @@ ...@@ -23,7 +23,7 @@
#include "common/descriptor.h" #include "common/descriptor.h"
#include "common/errcode.h" #include "common/errcode.h"
#include "libknot/common.h" #include "libknot/common.h"
#include "libknot/dnssec/algorithm.h" #include "libknot/consts.h"
#include "libknot/dnssec/config.h" #include "libknot/dnssec/config.h"
#include "libknot/dnssec/key.h" #include "libknot/dnssec/key.h"
#include "libknot/dnssec/sign.h" #include "libknot/dnssec/sign.h"
......
...@@ -29,7 +29,7 @@ ...@@ -29,7 +29,7 @@
#include "common/descriptor.h" #include "common/descriptor.h"
#include "libknot/binary.h" #include "libknot/binary.h"
#include "libknot/dnssec/algorithm.h" #include "libknot/consts.h"
#include "libknot/dnssec/key.h" #include "libknot/dnssec/key.h"
/*! /*!
......
...@@ -20,7 +20,7 @@ ...@@ -20,7 +20,7 @@
#include <stdbool.h> #include <stdbool.h>
#include "common/errcode.h" #include "common/errcode.h"
#include "libknot/dname.h" #include "libknot/dname.h"
#include "libknot/dnssec/algorithm.h" #include "libknot/consts.h"
#include "libknot/dnssec/nsec3.h" #include "libknot/dnssec/nsec3.h"
#include "libknot/dnssec/sign.h" #include "libknot/dnssec/sign.h"
#include "libknot/dnssec/zone-keys.h" #include "libknot/dnssec/zone-keys.h"
......
...@@ -34,7 +34,6 @@ ...@@ -34,7 +34,6 @@
#include "common/base32hex.h" // base32hex #include "common/base32hex.h" // base32hex
#include "common/descriptor.h" // KNOT_RRTYPE #include "common/descriptor.h" // KNOT_RRTYPE
#include "libknot/dnssec/key.h" // knot_keytag #include "libknot/dnssec/key.h" // knot_keytag
#include "libknot/dnssec/algorithm.h" // knot_dnssec_alg_names
#include "libknot/consts.h" // knot_rcode_names #include "libknot/consts.h" // knot_rcode_names
#include "libknot/util/utils.h" // knot_wire_read_u16 #include "libknot/util/utils.h" // knot_wire_read_u16
......
...@@ -22,7 +22,7 @@ ...@@ -22,7 +22,7 @@
#include "common/descriptor.h" #include "common/descriptor.h"
#include "common/errcode.h" #include "common/errcode.h"
#include "libknot/dname.h" #include "libknot/dname.h"
#include "libknot/dnssec/algorithm.h" #include "libknot/consts.h"
#include "libknot/dnssec/nsec3.h" #include "libknot/dnssec/nsec3.h"
#include "libknot/rrset.h" #include "libknot/rrset.h"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment