1/* 2 * validator/val_anchor.h - validator trust anchor storage. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
| 1/* 2 * validator/val_anchor.h - validator trust anchor storage. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 25 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 26 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE 27 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 28 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 29 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 30 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 31 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 32 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 33 * POSSIBILITY OF SUCH DAMAGE.
| 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
34 */ 35 36/** 37 * \file 38 * 39 * This file contains storage for the trust anchors for the validator. 40 */ 41 42#ifndef VALIDATOR_VAL_ANCHOR_H 43#define VALIDATOR_VAL_ANCHOR_H 44#include "util/rbtree.h" 45#include "util/locks.h" 46struct trust_anchor; 47struct config_file; 48struct ub_packed_rrset_key; 49struct autr_point_data; 50struct autr_global_data;
| 34 */ 35 36/** 37 * \file 38 * 39 * This file contains storage for the trust anchors for the validator. 40 */ 41 42#ifndef VALIDATOR_VAL_ANCHOR_H 43#define VALIDATOR_VAL_ANCHOR_H 44#include "util/rbtree.h" 45#include "util/locks.h" 46struct trust_anchor; 47struct config_file; 48struct ub_packed_rrset_key; 49struct autr_point_data; 50struct autr_global_data;
|
| 51struct sldns_buffer;
|
51 52/** 53 * Trust anchor store. 54 * The tree must be locked, while no other locks (from trustanchors) are held. 55 * And then an anchor searched for. Which can be locked or deleted. Then 56 * the tree can be unlocked again. This means you have to release the lock 57 * on a trust anchor and look it up again to delete it. 58 */ 59struct val_anchors { 60 /** lock on trees */ 61 lock_basic_t lock; 62 /** 63 * Anchors are store in this tree. Sort order is chosen, so that 64 * dnames are in nsec-like order. A lookup on class, name will return 65 * an exact match of the closest match, with the ancestor needed. 66 * contents of type trust_anchor. 67 */ 68 rbtree_t* tree; 69 /** The DLV trust anchor (if one is configured, else NULL) */ 70 struct trust_anchor* dlv_anchor; 71 /** Autotrust global data, anchors sorted by next probe time */ 72 struct autr_global_data* autr; 73}; 74 75/** 76 * Trust anchor key 77 */ 78struct ta_key { 79 /** next in list */ 80 struct ta_key* next; 81 /** rdata, in wireformat of the key RR. starts with rdlength. */ 82 uint8_t* data; 83 /** length of the rdata (including rdlength). */ 84 size_t len; 85 /** DNS type (host format) of the key, DS or DNSKEY */ 86 uint16_t type; 87}; 88 89/** 90 * A trust anchor in the trust anchor store. 91 * Unique by name, class. 92 */ 93struct trust_anchor { 94 /** rbtree node, key is this structure */ 95 rbnode_t node; 96 /** lock on the entire anchor and its keys; for autotrust changes */ 97 lock_basic_t lock; 98 /** name of this trust anchor */ 99 uint8_t* name; 100 /** length of name */ 101 size_t namelen; 102 /** number of labels in name of rrset */ 103 int namelabs; 104 /** the ancestor in the trustanchor tree */ 105 struct trust_anchor* parent; 106 /** 107 * List of DS or DNSKEY rrs that form the trust anchor. 108 */ 109 struct ta_key* keylist; 110 /** Autotrust anchor point data, or NULL */ 111 struct autr_point_data* autr; 112 /** number of DSs in the keylist */ 113 size_t numDS; 114 /** number of DNSKEYs in the keylist */ 115 size_t numDNSKEY; 116 /** the DS RRset */ 117 struct ub_packed_rrset_key* ds_rrset; 118 /** The DNSKEY RRset */ 119 struct ub_packed_rrset_key* dnskey_rrset; 120 /** class of the trust anchor */ 121 uint16_t dclass; 122}; 123 124/** 125 * Create trust anchor storage 126 * @return new storage or NULL on error. 127 */ 128struct val_anchors* anchors_create(void); 129 130/** 131 * Delete trust anchor storage. 132 * @param anchors: to delete. 133 */ 134void anchors_delete(struct val_anchors* anchors); 135 136/** 137 * Process trust anchor config. 138 * @param anchors: struct anchor storage 139 * @param cfg: config options. 140 * @return 0 on error. 141 */ 142int anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg); 143 144/** 145 * Recalculate parent pointers. The caller must hold the lock on the 146 * anchors structure (say after removing an item from the rbtree). 147 * Caller must not hold any locks on trust anchors. 148 * After the call is complete the parent pointers are updated and an item 149 * just removed is no longer referenced in parent pointers. 150 * @param anchors: the structure to update. 151 */ 152void anchors_init_parents_locked(struct val_anchors* anchors); 153 154/** 155 * Given a qname/qclass combination, find the trust anchor closest above it. 156 * Or return NULL if none exists. 157 * 158 * @param anchors: struct anchor storage 159 * @param qname: query name, uncompressed wireformat. 160 * @param qname_len: length of qname. 161 * @param qclass: class to query for. 162 * @return the trust anchor or NULL if none is found. The anchor is locked. 163 */ 164struct trust_anchor* anchors_lookup(struct val_anchors* anchors, 165 uint8_t* qname, size_t qname_len, uint16_t qclass); 166 167/** 168 * Find a trust anchor. Exact matching. 169 * @param anchors: anchor storage. 170 * @param name: name of trust anchor (wireformat) 171 * @param namelabs: labels in name 172 * @param namelen: length of name 173 * @param dclass: class of trust anchor 174 * @return NULL if not found. The anchor is locked. 175 */ 176struct trust_anchor* anchor_find(struct val_anchors* anchors, 177 uint8_t* name, int namelabs, size_t namelen, uint16_t dclass); 178 179/** 180 * Store one string as trust anchor RR. 181 * @param anchors: anchor storage. 182 * @param buffer: parsing buffer, to generate the RR wireformat in. 183 * @param str: string. 184 * @return NULL on error. 185 */ 186struct trust_anchor* anchor_store_str(struct val_anchors* anchors,
| 52 53/** 54 * Trust anchor store. 55 * The tree must be locked, while no other locks (from trustanchors) are held. 56 * And then an anchor searched for. Which can be locked or deleted. Then 57 * the tree can be unlocked again. This means you have to release the lock 58 * on a trust anchor and look it up again to delete it. 59 */ 60struct val_anchors { 61 /** lock on trees */ 62 lock_basic_t lock; 63 /** 64 * Anchors are store in this tree. Sort order is chosen, so that 65 * dnames are in nsec-like order. A lookup on class, name will return 66 * an exact match of the closest match, with the ancestor needed. 67 * contents of type trust_anchor. 68 */ 69 rbtree_t* tree; 70 /** The DLV trust anchor (if one is configured, else NULL) */ 71 struct trust_anchor* dlv_anchor; 72 /** Autotrust global data, anchors sorted by next probe time */ 73 struct autr_global_data* autr; 74}; 75 76/** 77 * Trust anchor key 78 */ 79struct ta_key { 80 /** next in list */ 81 struct ta_key* next; 82 /** rdata, in wireformat of the key RR. starts with rdlength. */ 83 uint8_t* data; 84 /** length of the rdata (including rdlength). */ 85 size_t len; 86 /** DNS type (host format) of the key, DS or DNSKEY */ 87 uint16_t type; 88}; 89 90/** 91 * A trust anchor in the trust anchor store. 92 * Unique by name, class. 93 */ 94struct trust_anchor { 95 /** rbtree node, key is this structure */ 96 rbnode_t node; 97 /** lock on the entire anchor and its keys; for autotrust changes */ 98 lock_basic_t lock; 99 /** name of this trust anchor */ 100 uint8_t* name; 101 /** length of name */ 102 size_t namelen; 103 /** number of labels in name of rrset */ 104 int namelabs; 105 /** the ancestor in the trustanchor tree */ 106 struct trust_anchor* parent; 107 /** 108 * List of DS or DNSKEY rrs that form the trust anchor. 109 */ 110 struct ta_key* keylist; 111 /** Autotrust anchor point data, or NULL */ 112 struct autr_point_data* autr; 113 /** number of DSs in the keylist */ 114 size_t numDS; 115 /** number of DNSKEYs in the keylist */ 116 size_t numDNSKEY; 117 /** the DS RRset */ 118 struct ub_packed_rrset_key* ds_rrset; 119 /** The DNSKEY RRset */ 120 struct ub_packed_rrset_key* dnskey_rrset; 121 /** class of the trust anchor */ 122 uint16_t dclass; 123}; 124 125/** 126 * Create trust anchor storage 127 * @return new storage or NULL on error. 128 */ 129struct val_anchors* anchors_create(void); 130 131/** 132 * Delete trust anchor storage. 133 * @param anchors: to delete. 134 */ 135void anchors_delete(struct val_anchors* anchors); 136 137/** 138 * Process trust anchor config. 139 * @param anchors: struct anchor storage 140 * @param cfg: config options. 141 * @return 0 on error. 142 */ 143int anchors_apply_cfg(struct val_anchors* anchors, struct config_file* cfg); 144 145/** 146 * Recalculate parent pointers. The caller must hold the lock on the 147 * anchors structure (say after removing an item from the rbtree). 148 * Caller must not hold any locks on trust anchors. 149 * After the call is complete the parent pointers are updated and an item 150 * just removed is no longer referenced in parent pointers. 151 * @param anchors: the structure to update. 152 */ 153void anchors_init_parents_locked(struct val_anchors* anchors); 154 155/** 156 * Given a qname/qclass combination, find the trust anchor closest above it. 157 * Or return NULL if none exists. 158 * 159 * @param anchors: struct anchor storage 160 * @param qname: query name, uncompressed wireformat. 161 * @param qname_len: length of qname. 162 * @param qclass: class to query for. 163 * @return the trust anchor or NULL if none is found. The anchor is locked. 164 */ 165struct trust_anchor* anchors_lookup(struct val_anchors* anchors, 166 uint8_t* qname, size_t qname_len, uint16_t qclass); 167 168/** 169 * Find a trust anchor. Exact matching. 170 * @param anchors: anchor storage. 171 * @param name: name of trust anchor (wireformat) 172 * @param namelabs: labels in name 173 * @param namelen: length of name 174 * @param dclass: class of trust anchor 175 * @return NULL if not found. The anchor is locked. 176 */ 177struct trust_anchor* anchor_find(struct val_anchors* anchors, 178 uint8_t* name, int namelabs, size_t namelen, uint16_t dclass); 179 180/** 181 * Store one string as trust anchor RR. 182 * @param anchors: anchor storage. 183 * @param buffer: parsing buffer, to generate the RR wireformat in. 184 * @param str: string. 185 * @return NULL on error. 186 */ 187struct trust_anchor* anchor_store_str(struct val_anchors* anchors,
|
187 ldns_buffer* buffer, const char* str);
| 188 struct sldns_buffer* buffer, const char* str);
|
188 189/** 190 * Get memory in use by the trust anchor storage 191 * @param anchors: anchor storage. 192 * @return memory in use in bytes. 193 */ 194size_t anchors_get_mem(struct val_anchors* anchors); 195 196/** compare two trust anchors */ 197int anchor_cmp(const void* k1, const void* k2); 198 199/** 200 * Add insecure point trust anchor. For external use (locks and init_parents) 201 * @param anchors: anchor storage. 202 * @param c: class. 203 * @param nm: name of insecure trust point. 204 * @return false on alloc failure. 205 */ 206int anchors_add_insecure(struct val_anchors* anchors, uint16_t c, uint8_t* nm); 207 208/** 209 * Delete insecure point trust anchor. Does not remove if no such point. 210 * For external use (locks and init_parents) 211 * @param anchors: anchor storage. 212 * @param c: class. 213 * @param nm: name of insecure trust point. 214 */ 215void anchors_delete_insecure(struct val_anchors* anchors, uint16_t c, 216 uint8_t* nm); 217 218#endif /* VALIDATOR_VAL_ANCHOR_H */
| 189 190/** 191 * Get memory in use by the trust anchor storage 192 * @param anchors: anchor storage. 193 * @return memory in use in bytes. 194 */ 195size_t anchors_get_mem(struct val_anchors* anchors); 196 197/** compare two trust anchors */ 198int anchor_cmp(const void* k1, const void* k2); 199 200/** 201 * Add insecure point trust anchor. For external use (locks and init_parents) 202 * @param anchors: anchor storage. 203 * @param c: class. 204 * @param nm: name of insecure trust point. 205 * @return false on alloc failure. 206 */ 207int anchors_add_insecure(struct val_anchors* anchors, uint16_t c, uint8_t* nm); 208 209/** 210 * Delete insecure point trust anchor. Does not remove if no such point. 211 * For external use (locks and init_parents) 212 * @param anchors: anchor storage. 213 * @param c: class. 214 * @param nm: name of insecure trust point. 215 */ 216void anchors_delete_insecure(struct val_anchors* anchors, uint16_t c, 217 uint8_t* nm); 218 219#endif /* VALIDATOR_VAL_ANCHOR_H */
|