Commit 9795ffeb authored by Jan Včelák's avatar Jan Včelák 🚀

server: use NSEC3PARAM from libdnssec

parent 21144c36
......@@ -16,6 +16,7 @@
#include <assert.h>
#include "dnssec/nsec.h"
#include "libknot/dname.h"
#include "knot/dnssec/nsec-chain.h"
#include "knot/dnssec/nsec3-chain.h"
......@@ -175,13 +176,13 @@ static void free_nsec3_tree(zone_tree_t *nodes)
/*!
* \brief Get NSEC3 RDATA size.
*/
static size_t nsec3_rdata_size(const knot_nsec3_params_t *params,
static size_t nsec3_rdata_size(const dnssec_nsec3_params_t *params,
const dnssec_nsec_bitmap_t *rr_types)
{
assert(params);
assert(rr_types);
return 6 + params->salt_length
return 6 + params->salt.size
+ dnssec_nsec3_hash_length(params->algorithm)
+ dnssec_nsec_bitmap_size(rr_types);
}
......@@ -192,7 +193,7 @@ static size_t nsec3_rdata_size(const knot_nsec3_params_t *params,
* \note Content of next hash field is not changed.
*/
static int nsec3_fill_rdata(uint8_t *rdata, size_t rdata_len,
const knot_nsec3_params_t *params,
const dnssec_nsec3_params_t *params,
const dnssec_nsec_bitmap_t *rr_types,
const uint8_t *next_hashed)
{
......@@ -204,15 +205,15 @@ static int nsec3_fill_rdata(uint8_t *rdata, size_t rdata_len,
wire_ctx_t wire = wire_ctx_init(rdata, rdata_len);
wire_ctx_write_u8(&wire, params->algorithm); // hash algorithm
wire_ctx_write_u8(&wire, 0); // flags
wire_ctx_write_u16(&wire, params->iterations); // itertions
wire_ctx_write_u8(&wire, params->salt_length); // salt length
wire_ctx_write(&wire, params->salt, params->salt_length); // salt
wire_ctx_write_u8(&wire, hash_length); // hash length
wire_ctx_write_u8(&wire, params->algorithm);
wire_ctx_write_u8(&wire, params->flags);
wire_ctx_write_u16(&wire, params->iterations);
wire_ctx_write_u8(&wire, params->salt.size);
wire_ctx_write(&wire, params->salt.data, params->salt.size);
wire_ctx_write_u8(&wire, hash_length);
if (next_hashed != NULL) {
wire_ctx_write(&wire, next_hashed, hash_length); // hash
wire_ctx_write(&wire, next_hashed, hash_length);
} else {
wire_ctx_skip(&wire, hash_length);
}
......@@ -221,7 +222,7 @@ static int nsec3_fill_rdata(uint8_t *rdata, size_t rdata_len,
return wire.error;
}
dnssec_nsec_bitmap_write(rr_types, wire.position); // RR types bit map
dnssec_nsec_bitmap_write(rr_types, wire.position);
return KNOT_EOK;
}
......@@ -239,7 +240,7 @@ static int nsec3_fill_rdata(uint8_t *rdata, size_t rdata_len,
*/
static int create_nsec3_rrset(knot_rrset_t *rrset,
knot_dname_t *owner,
const knot_nsec3_params_t *params,
const dnssec_nsec3_params_t *params,
const dnssec_nsec_bitmap_t *rr_types,
const uint8_t *next_hashed,
uint32_t ttl)
......@@ -266,7 +267,7 @@ static int create_nsec3_rrset(knot_rrset_t *rrset,
* \brief Create NSEC3 node.
*/
static zone_node_t *create_nsec3_node(knot_dname_t *owner,
const knot_nsec3_params_t *nsec3_params,
const dnssec_nsec3_params_t *nsec3_params,
zone_node_t *apex_node,
const dnssec_nsec_bitmap_t *rr_types,
uint32_t ttl)
......@@ -313,7 +314,7 @@ static zone_node_t *create_nsec3_node(knot_dname_t *owner,
*/
static zone_node_t *create_nsec3_node_for_node(zone_node_t *node,
zone_node_t *apex,
const knot_nsec3_params_t *params,
const dnssec_nsec3_params_t *params,
uint32_t ttl)
{
assert(node);
......
......@@ -165,7 +165,7 @@ knot_dname_t *knot_nsec3_hash_to_dname(const uint8_t *hash, size_t hash_size,
knot_dname_t *knot_create_nsec3_owner(const knot_dname_t *owner,
const knot_dname_t *zone_apex,
const knot_nsec3_params_t *params)
const dnssec_nsec3_params_t *params)
{
if (owner == NULL || zone_apex == NULL || params == NULL) {
return NULL;
......@@ -181,19 +181,9 @@ knot_dname_t *knot_create_nsec3_owner(const knot_dname_t *owner,
.size = owner_size
};
dnssec_nsec3_params_t xparams = {
.algorithm = params->algorithm,
.flags = params->flags,
.iterations = params->iterations,
.salt = {
.data = params->salt,
.size = params->salt_length
}
};
dnssec_binary_t hash = { 0 };
int ret = dnssec_nsec3_hash(&data, &xparams, &hash);
int ret = dnssec_nsec3_hash(&data, params, &hash);
if (ret != DNSSEC_EOK) {
return NULL;
}
......
......@@ -25,6 +25,7 @@
#pragma once
#include <stdbool.h>
#include "dnssec/nsec.h"
#include "knot/dnssec/context.h"
#include "knot/dnssec/zone-keys.h"
#include "knot/updates/changesets.h"
......@@ -62,7 +63,7 @@ knot_dname_t *knot_nsec3_hash_to_dname(const uint8_t *hash, size_t hash_size,
*/
knot_dname_t *knot_create_nsec3_owner(const knot_dname_t *owner,
const knot_dname_t *zone_apex,
const knot_nsec3_params_t *params);
const dnssec_nsec3_params_t *params);
/*!
* \brief Create NSEC or NSEC3 chain in the zone.
......
......@@ -546,7 +546,7 @@ void update_free_zone(zone_contents_t **contents)
zone_tree_deep_free(&(*contents)->nodes);
zone_tree_deep_free(&(*contents)->nsec3_nodes);
knot_nsec3param_free(&(*contents)->nsec3_params);
dnssec_nsec3_params_free(&(*contents)->nsec3_params);
free(*contents);
*contents = NULL;
......
......@@ -338,7 +338,7 @@ static bool find_in_tree(zone_tree_t *tree, const knot_dname_t *name,
}
static bool nsec3_params_match(const knot_rdataset_t *rrs,
const knot_nsec3_params_t *params,
const dnssec_nsec3_params_t *params,
size_t rdata_pos)
{
assert(rrs != NULL);
......@@ -346,9 +346,9 @@ static bool nsec3_params_match(const knot_rdataset_t *rrs,
return (knot_nsec3_algorithm(rrs, rdata_pos) == params->algorithm
&& knot_nsec3_iterations(rrs, rdata_pos) == params->iterations
&& knot_nsec3_salt_length(rrs, rdata_pos) == params->salt_length
&& memcmp(knot_nsec3_salt(rrs, rdata_pos), params->salt,
params->salt_length) == 0);
&& knot_nsec3_salt_length(rrs, rdata_pos) == params->salt.size
&& memcmp(knot_nsec3_salt(rrs, rdata_pos), params->salt.data,
params->salt.size) == 0);
}
zone_contents_t *zone_contents_new(const knot_dname_t *apex_name)
......@@ -933,15 +933,24 @@ static int load_nsec3param(zone_contents_t *contents)
assert(contents);
assert(contents->apex);
const knot_rdataset_t *rrs = node_rdataset(contents->apex,
KNOT_RRTYPE_NSEC3PARAM);
const knot_rdataset_t *rrs = NULL;
rrs = node_rdataset(contents->apex, KNOT_RRTYPE_NSEC3PARAM);
if (rrs == NULL) {
knot_nsec3param_free(&contents->nsec3_params);
memset(&contents->nsec3_params, 0, sizeof(knot_nsec3_params_t));
dnssec_nsec3_params_free(&contents->nsec3_params);
return KNOT_EOK;
}
return knot_nsec3param_from_wire(&contents->nsec3_params, rrs);
if (rrs->rr_count < 1) {
return KNOT_EINVAL;
}
const knot_rdata_t *rr = knot_rdataset_at(rrs, 0);
dnssec_binary_t rdata = {
.size = knot_rdata_rdlen(rr),
.data = knot_rdata_data(rr)
};
return dnssec_nsec3_params_from_rdata(&contents->nsec3_params, &rdata);
}
static int contents_adjust(zone_contents_t *contents, bool normal)
......@@ -1065,7 +1074,7 @@ void zone_contents_free(zone_contents_t **contents)
zone_tree_free(&(*contents)->nodes);
zone_tree_free(&(*contents)->nsec3_nodes);
knot_nsec3param_free(&(*contents)->nsec3_params);
dnssec_nsec3_params_free(&(*contents)->nsec3_params);
free(*contents);
*contents = NULL;
......
......@@ -24,6 +24,7 @@
#pragma once
#include "dnssec/nsec.h"
#include "libknot/rrtype/nsec3param.h"
#include "knot/zone/node.h"
#include "knot/zone/zone-tree.h"
......@@ -39,7 +40,7 @@ typedef struct zone_contents {
zone_tree_t *nodes;
zone_tree_t *nsec3_nodes;
knot_nsec3_params_t nsec3_params;
dnssec_nsec3_params_t nsec3_params;
} zone_contents_t;
/*!
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment