1/*
2 * Copyright (C) 2004-2012  Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1998-2003  Internet Software Consortium.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
16 */
17
18/* $Id$ */
19
20#include <config.h>
21#include <ctype.h>
22
23#include <isc/buffer.h>
24#include <isc/parseint.h>
25#include <isc/print.h>
26#include <isc/region.h>
27#include <isc/result.h>
28#include <isc/stdio.h>
29#include <isc/stdlib.h>
30#include <isc/string.h>
31#include <isc/types.h>
32#include <isc/util.h>
33
34#include <dns/cert.h>
35#include <dns/keyflags.h>
36#include <dns/keyvalues.h>
37#include <dns/rcode.h>
38#include <dns/rdataclass.h>
39#include <dns/result.h>
40#include <dns/secalg.h>
41#include <dns/secproto.h>
42
43#define RETERR(x) \
44	do { \
45		isc_result_t _r = (x); \
46		if (_r != ISC_R_SUCCESS) \
47			return (_r); \
48	} while (0)
49
50#define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */
51
52#define RCODENAMES \
53	/* standard rcodes */ \
54	{ dns_rcode_noerror, "NOERROR", 0}, \
55	{ dns_rcode_formerr, "FORMERR", 0}, \
56	{ dns_rcode_servfail, "SERVFAIL", 0}, \
57	{ dns_rcode_nxdomain, "NXDOMAIN", 0}, \
58	{ dns_rcode_notimp, "NOTIMP", 0}, \
59	{ dns_rcode_refused, "REFUSED", 0}, \
60	{ dns_rcode_yxdomain, "YXDOMAIN", 0}, \
61	{ dns_rcode_yxrrset, "YXRRSET", 0}, \
62	{ dns_rcode_nxrrset, "NXRRSET", 0}, \
63	{ dns_rcode_notauth, "NOTAUTH", 0}, \
64	{ dns_rcode_notzone, "NOTZONE", 0},
65
66#define ERCODENAMES \
67	/* extended rcodes */ \
68	{ dns_rcode_badvers, "BADVERS", 0}, \
69	{ 0, NULL, 0 }
70
71#define TSIGRCODENAMES \
72	/* extended rcodes */ \
73	{ dns_tsigerror_badsig, "BADSIG", 0}, \
74	{ dns_tsigerror_badkey, "BADKEY", 0}, \
75	{ dns_tsigerror_badtime, "BADTIME", 0}, \
76	{ dns_tsigerror_badmode, "BADMODE", 0}, \
77	{ dns_tsigerror_badname, "BADNAME", 0}, \
78	{ dns_tsigerror_badalg, "BADALG", 0}, \
79	{ dns_tsigerror_badtrunc, "BADTRUNC", 0}, \
80	{ 0, NULL, 0 }
81
82/* RFC4398 section 2.1 */
83
84#define CERTNAMES \
85	{ 1, "PKIX", 0}, \
86	{ 2, "SPKI", 0}, \
87	{ 3, "PGP", 0}, \
88	{ 4, "IPKIX", 0}, \
89	{ 5, "ISPKI", 0}, \
90	{ 6, "IPGP", 0}, \
91	{ 7, "ACPKIX", 0}, \
92	{ 8, "IACPKIX", 0}, \
93	{ 253, "URI", 0}, \
94	{ 254, "OID", 0}, \
95	{ 0, NULL, 0}
96
97/* RFC2535 section 7, RFC3110 */
98
99#define SECALGNAMES \
100	{ DNS_KEYALG_RSAMD5, "RSAMD5", 0 }, \
101	{ DNS_KEYALG_RSAMD5, "RSA", 0 }, \
102	{ DNS_KEYALG_DH, "DH", 0 }, \
103	{ DNS_KEYALG_DSA, "DSA", 0 }, \
104	{ DNS_KEYALG_NSEC3DSA, "NSEC3DSA", 0 }, \
105	{ DNS_KEYALG_ECC, "ECC", 0 }, \
106	{ DNS_KEYALG_RSASHA1, "RSASHA1", 0 }, \
107	{ DNS_KEYALG_NSEC3RSASHA1, "NSEC3RSASHA1", 0 }, \
108	{ DNS_KEYALG_RSASHA256, "RSASHA256", 0 }, \
109	{ DNS_KEYALG_RSASHA512, "RSASHA512", 0 }, \
110	{ DNS_KEYALG_ECCGOST, "ECCGOST", 0 }, \
111	{ DNS_KEYALG_INDIRECT, "INDIRECT", 0 }, \
112	{ DNS_KEYALG_PRIVATEDNS, "PRIVATEDNS", 0 }, \
113	{ DNS_KEYALG_PRIVATEOID, "PRIVATEOID", 0 }, \
114	{ 0, NULL, 0}
115
116/* RFC2535 section 7.1 */
117
118#define SECPROTONAMES \
119	{   0,    "NONE", 0 }, \
120	{   1,    "TLS", 0 }, \
121	{   2,    "EMAIL", 0 }, \
122	{   3,    "DNSSEC", 0 }, \
123	{   4,    "IPSEC", 0 }, \
124	{ 255,    "ALL", 0 }, \
125	{ 0, NULL, 0}
126
127#define HASHALGNAMES \
128	{ 1, "SHA-1", 0 }, \
129	{ 0, NULL, 0 }
130
131struct tbl {
132	unsigned int    value;
133	const char      *name;
134	int             flags;
135};
136
137static struct tbl rcodes[] = { RCODENAMES ERCODENAMES };
138static struct tbl tsigrcodes[] = { RCODENAMES TSIGRCODENAMES };
139static struct tbl certs[] = { CERTNAMES };
140static struct tbl secalgs[] = { SECALGNAMES };
141static struct tbl secprotos[] = { SECPROTONAMES };
142static struct tbl hashalgs[] = { HASHALGNAMES };
143
144static struct keyflag {
145	const char *name;
146	unsigned int value;
147	unsigned int mask;
148} keyflags[] = {
149	{ "NOCONF", 0x4000, 0xC000 },
150	{ "NOAUTH", 0x8000, 0xC000 },
151	{ "NOKEY",  0xC000, 0xC000 },
152	{ "FLAG2",  0x2000, 0x2000 },
153	{ "EXTEND", 0x1000, 0x1000 },
154	{ "FLAG4",  0x0800, 0x0800 },
155	{ "FLAG5",  0x0400, 0x0400 },
156	{ "USER",   0x0000, 0x0300 },
157	{ "ZONE",   0x0100, 0x0300 },
158	{ "HOST",   0x0200, 0x0300 },
159	{ "NTYP3",  0x0300, 0x0300 },
160	{ "FLAG8",  0x0080, 0x0080 },
161	{ "FLAG9",  0x0040, 0x0040 },
162	{ "FLAG10", 0x0020, 0x0020 },
163	{ "FLAG11", 0x0010, 0x0010 },
164	{ "SIG0",   0x0000, 0x000F },
165	{ "SIG1",   0x0001, 0x000F },
166	{ "SIG2",   0x0002, 0x000F },
167	{ "SIG3",   0x0003, 0x000F },
168	{ "SIG4",   0x0004, 0x000F },
169	{ "SIG5",   0x0005, 0x000F },
170	{ "SIG6",   0x0006, 0x000F },
171	{ "SIG7",   0x0007, 0x000F },
172	{ "SIG8",   0x0008, 0x000F },
173	{ "SIG9",   0x0009, 0x000F },
174	{ "SIG10",  0x000A, 0x000F },
175	{ "SIG11",  0x000B, 0x000F },
176	{ "SIG12",  0x000C, 0x000F },
177	{ "SIG13",  0x000D, 0x000F },
178	{ "SIG14",  0x000E, 0x000F },
179	{ "SIG15",  0x000F, 0x000F },
180	{ "KSK",  DNS_KEYFLAG_KSK, DNS_KEYFLAG_KSK },
181	{ NULL,     0, 0 }
182};
183
184static isc_result_t
185str_totext(const char *source, isc_buffer_t *target) {
186	unsigned int l;
187	isc_region_t region;
188
189	isc_buffer_availableregion(target, &region);
190	l = strlen(source);
191
192	if (l > region.length)
193		return (ISC_R_NOSPACE);
194
195	memcpy(region.base, source, l);
196	isc_buffer_add(target, l);
197	return (ISC_R_SUCCESS);
198}
199
200static isc_result_t
201maybe_numeric(unsigned int *valuep, isc_textregion_t *source,
202	      unsigned int max, isc_boolean_t hex_allowed)
203{
204	isc_result_t result;
205	isc_uint32_t n;
206	char buffer[NUMBERSIZE];
207
208	if (! isdigit(source->base[0] & 0xff) ||
209	    source->length > NUMBERSIZE - 1)
210		return (ISC_R_BADNUMBER);
211
212	/*
213	 * We have a potential number.  Try to parse it with
214	 * isc_parse_uint32().  isc_parse_uint32() requires
215	 * null termination, so we must make a copy.
216	 */
217	strncpy(buffer, source->base, NUMBERSIZE);
218	INSIST(buffer[source->length] == '\0');
219
220	result = isc_parse_uint32(&n, buffer, 10);
221	if (result == ISC_R_BADNUMBER && hex_allowed)
222		result = isc_parse_uint32(&n, buffer, 16);
223	if (result != ISC_R_SUCCESS)
224		return (result);
225	if (n > max)
226		return (ISC_R_RANGE);
227	*valuep = n;
228	return (ISC_R_SUCCESS);
229}
230
231static isc_result_t
232dns_mnemonic_fromtext(unsigned int *valuep, isc_textregion_t *source,
233		      struct tbl *table, unsigned int max)
234{
235	isc_result_t result;
236	int i;
237
238	result = maybe_numeric(valuep, source, max, ISC_FALSE);
239	if (result != ISC_R_BADNUMBER)
240		return (result);
241
242	for (i = 0; table[i].name != NULL; i++) {
243		unsigned int n;
244		n = strlen(table[i].name);
245		if (n == source->length &&
246		    strncasecmp(source->base, table[i].name, n) == 0) {
247			*valuep = table[i].value;
248			return (ISC_R_SUCCESS);
249		}
250	}
251	return (DNS_R_UNKNOWN);
252}
253
254static isc_result_t
255dns_mnemonic_totext(unsigned int value, isc_buffer_t *target,
256		    struct tbl *table)
257{
258	int i = 0;
259	char buf[sizeof("4294967296")];
260	while (table[i].name != NULL) {
261		if (table[i].value == value) {
262			return (str_totext(table[i].name, target));
263		}
264		i++;
265	}
266	snprintf(buf, sizeof(buf), "%u", value);
267	return (str_totext(buf, target));
268}
269
270isc_result_t
271dns_rcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source) {
272	unsigned int value;
273	RETERR(dns_mnemonic_fromtext(&value, source, rcodes, 0xffff));
274	*rcodep = value;
275	return (ISC_R_SUCCESS);
276}
277
278isc_result_t
279dns_rcode_totext(dns_rcode_t rcode, isc_buffer_t *target) {
280	return (dns_mnemonic_totext(rcode, target, rcodes));
281}
282
283isc_result_t
284dns_tsigrcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source) {
285	unsigned int value;
286	RETERR(dns_mnemonic_fromtext(&value, source, tsigrcodes, 0xffff));
287	*rcodep = value;
288	return (ISC_R_SUCCESS);
289}
290
291isc_result_t
292dns_tsigrcode_totext(dns_rcode_t rcode, isc_buffer_t *target) {
293	return (dns_mnemonic_totext(rcode, target, tsigrcodes));
294}
295
296isc_result_t
297dns_cert_fromtext(dns_cert_t *certp, isc_textregion_t *source) {
298	unsigned int value;
299	RETERR(dns_mnemonic_fromtext(&value, source, certs, 0xffff));
300	*certp = value;
301	return (ISC_R_SUCCESS);
302}
303
304isc_result_t
305dns_cert_totext(dns_cert_t cert, isc_buffer_t *target) {
306	return (dns_mnemonic_totext(cert, target, certs));
307}
308
309isc_result_t
310dns_secalg_fromtext(dns_secalg_t *secalgp, isc_textregion_t *source) {
311	unsigned int value;
312	RETERR(dns_mnemonic_fromtext(&value, source, secalgs, 0xff));
313	*secalgp = value;
314	return (ISC_R_SUCCESS);
315}
316
317isc_result_t
318dns_secalg_totext(dns_secalg_t secalg, isc_buffer_t *target) {
319	return (dns_mnemonic_totext(secalg, target, secalgs));
320}
321
322void
323dns_secalg_format(dns_secalg_t alg, char *cp, unsigned int size) {
324	isc_buffer_t b;
325	isc_region_t r;
326	isc_result_t result;
327
328	REQUIRE(cp != NULL && size > 0);
329	isc_buffer_init(&b, cp, size - 1);
330	result = dns_secalg_totext(alg, &b);
331	isc_buffer_usedregion(&b, &r);
332	r.base[r.length] = 0;
333	if (result != ISC_R_SUCCESS)
334		r.base[0] = 0;
335}
336
337isc_result_t
338dns_secproto_fromtext(dns_secproto_t *secprotop, isc_textregion_t *source) {
339	unsigned int value;
340	RETERR(dns_mnemonic_fromtext(&value, source, secprotos, 0xff));
341	*secprotop = value;
342	return (ISC_R_SUCCESS);
343}
344
345isc_result_t
346dns_secproto_totext(dns_secproto_t secproto, isc_buffer_t *target) {
347	return (dns_mnemonic_totext(secproto, target, secprotos));
348}
349
350isc_result_t
351dns_hashalg_fromtext(unsigned char *hashalg, isc_textregion_t *source) {
352	unsigned int value;
353	RETERR(dns_mnemonic_fromtext(&value, source, hashalgs, 0xff));
354	*hashalg = value;
355	return (ISC_R_SUCCESS);
356}
357
358isc_result_t
359dns_keyflags_fromtext(dns_keyflags_t *flagsp, isc_textregion_t *source)
360{
361	isc_result_t result;
362	char *text, *end;
363	unsigned int value, mask;
364
365	result = maybe_numeric(&value, source, 0xffff, ISC_TRUE);
366	if (result == ISC_R_SUCCESS) {
367		*flagsp = value;
368		return (ISC_R_SUCCESS);
369	}
370	if (result != ISC_R_BADNUMBER)
371		return (result);
372
373	text = source->base;
374	end = source->base + source->length;
375	value = mask = 0;
376
377	while (text < end) {
378		struct keyflag *p;
379		unsigned int len;
380		char *delim = memchr(text, '|', end - text);
381		if (delim != NULL)
382			len = delim - text;
383		else
384			len = end - text;
385		for (p = keyflags; p->name != NULL; p++) {
386			if (strncasecmp(p->name, text, len) == 0)
387				break;
388		}
389		if (p->name == NULL)
390			return (DNS_R_UNKNOWNFLAG);
391		value |= p->value;
392#ifdef notyet
393		if ((mask & p->mask) != 0)
394			warn("overlapping key flags");
395#endif
396		mask |= p->mask;
397		text += len;
398		if (delim != NULL)
399			text++; /* Skip "|" */
400	}
401	*flagsp = value;
402	return (ISC_R_SUCCESS);
403}
404
405/*
406 * This uses lots of hard coded values, but how often do we actually
407 * add classes?
408 */
409isc_result_t
410dns_rdataclass_fromtext(dns_rdataclass_t *classp, isc_textregion_t *source) {
411#define COMPARE(string, rdclass) \
412	if (((sizeof(string) - 1) == source->length) \
413	    && (strncasecmp(source->base, string, source->length) == 0)) { \
414		*classp = rdclass; \
415		return (ISC_R_SUCCESS); \
416	}
417
418	switch (tolower((unsigned char)source->base[0])) {
419	case 'a':
420		COMPARE("any", dns_rdataclass_any);
421		break;
422	case 'c':
423		/*
424		 * RFC1035 says the mnemonic for the CHAOS class is CH,
425		 * but historical BIND practice is to call it CHAOS.
426		 * We will accept both forms, but only generate CH.
427		 */
428		COMPARE("ch", dns_rdataclass_chaos);
429		COMPARE("chaos", dns_rdataclass_chaos);
430
431		if (source->length > 5 &&
432		    source->length < (5 + sizeof("65000")) &&
433		    strncasecmp("class", source->base, 5) == 0) {
434			char buf[sizeof("65000")];
435			char *endp;
436			unsigned int val;
437
438			strncpy(buf, source->base + 5, source->length - 5);
439			buf[source->length - 5] = '\0';
440			val = strtoul(buf, &endp, 10);
441			if (*endp == '\0' && val <= 0xffff) {
442				*classp = (dns_rdataclass_t)val;
443				return (ISC_R_SUCCESS);
444			}
445		}
446		break;
447	case 'h':
448		COMPARE("hs", dns_rdataclass_hs);
449		COMPARE("hesiod", dns_rdataclass_hs);
450		break;
451	case 'i':
452		COMPARE("in", dns_rdataclass_in);
453		break;
454	case 'n':
455		COMPARE("none", dns_rdataclass_none);
456		break;
457	case 'r':
458		COMPARE("reserved0", dns_rdataclass_reserved0);
459		break;
460	}
461
462#undef COMPARE
463
464	return (DNS_R_UNKNOWN);
465}
466
467isc_result_t
468dns_rdataclass_totext(dns_rdataclass_t rdclass, isc_buffer_t *target) {
469	char buf[sizeof("CLASS65535")];
470
471	switch (rdclass) {
472	case dns_rdataclass_any:
473		return (str_totext("ANY", target));
474	case dns_rdataclass_chaos:
475		return (str_totext("CH", target));
476	case dns_rdataclass_hs:
477		return (str_totext("HS", target));
478	case dns_rdataclass_in:
479		return (str_totext("IN", target));
480	case dns_rdataclass_none:
481		return (str_totext("NONE", target));
482	case dns_rdataclass_reserved0:
483		return (str_totext("RESERVED0", target));
484	default:
485		snprintf(buf, sizeof(buf), "CLASS%u", rdclass);
486		return (str_totext(buf, target));
487	}
488}
489
490void
491dns_rdataclass_format(dns_rdataclass_t rdclass,
492		      char *array, unsigned int size)
493{
494	isc_result_t result;
495	isc_buffer_t buf;
496
497	if (size == 0U)
498		return;
499
500	isc_buffer_init(&buf, array, size);
501	result = dns_rdataclass_totext(rdclass, &buf);
502	/*
503	 * Null terminate.
504	 */
505	if (result == ISC_R_SUCCESS) {
506		if (isc_buffer_availablelength(&buf) >= 1)
507			isc_buffer_putuint8(&buf, 0);
508		else
509			result = ISC_R_NOSPACE;
510	}
511	if (result != ISC_R_SUCCESS)
512		strlcpy(array, "<unknown>", size);
513}
514