]>
Commit | Line | Data |
---|---|---|
0d2cd476 LP |
1 | /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ |
2 | ||
3 | /*** | |
4 | This file is part of systemd. | |
5 | ||
6 | Copyright 2015 Lennart Poettering | |
7 | ||
8 | systemd is free software; you can redistribute it and/or modify it | |
9 | under the terms of the GNU Lesser General Public License as published by | |
10 | the Free Software Foundation; either version 2.1 of the License, or | |
11 | (at your option) any later version. | |
12 | ||
13 | systemd is distributed in the hope that it will be useful, but | |
14 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | Lesser General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU Lesser General Public License | |
19 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
20 | ***/ | |
21 | ||
22 | #include "alloc-util.h" | |
23 | #include "resolved-dns-trust-anchor.h" | |
24 | ||
25 | /* The DS RR from https://data.iana.org/root-anchors/root-anchors.xml */ | |
26 | static const uint8_t root_digest[] = | |
27 | { 0x49, 0xAA, 0xC1, 0x1D, 0x7B, 0x6F, 0x64, 0x46, 0x70, 0x2E, 0x54, 0xA1, 0x60, 0x73, 0x71, 0x60, | |
28 | 0x7A, 0x1A, 0x41, 0x85, 0x52, 0x00, 0xFD, 0x2C, 0xE1, 0xCD, 0xDE, 0x32, 0xF2, 0x4E, 0x8F, 0xB5 }; | |
29 | ||
30 | int dns_trust_anchor_load(DnsTrustAnchor *d) { | |
31 | _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL; | |
32 | _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL; | |
33 | int r; | |
34 | ||
35 | assert(d); | |
36 | ||
37 | r = hashmap_ensure_allocated(&d->by_key, &dns_resource_key_hash_ops); | |
38 | if (r < 0) | |
39 | return r; | |
40 | ||
41 | if (hashmap_get(d->by_key, &DNS_RESOURCE_KEY_CONST(DNS_CLASS_IN, DNS_TYPE_DS, "."))) | |
42 | return 0; | |
43 | ||
44 | /* Add the RR from https://data.iana.org/root-anchors/root-anchors.xml */ | |
45 | rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_DS, ""); | |
46 | if (!rr) | |
47 | return -ENOMEM; | |
48 | ||
49 | rr->ds.key_tag = 19036; | |
50 | rr->ds.algorithm = DNSSEC_ALGORITHM_RSASHA256; | |
51 | rr->ds.digest_type = DNSSEC_DIGEST_SHA256; | |
52 | rr->ds.digest_size = sizeof(root_digest); | |
53 | rr->ds.digest = memdup(root_digest, rr->ds.digest_size); | |
54 | if (!rr->ds.digest) | |
55 | return -ENOMEM; | |
56 | ||
57 | answer = dns_answer_new(1); | |
58 | if (!answer) | |
59 | return -ENOMEM; | |
60 | ||
61 | r = dns_answer_add(answer, rr, 0); | |
62 | if (r < 0) | |
63 | return r; | |
64 | ||
65 | r = hashmap_put(d->by_key, rr->key, answer); | |
66 | if (r < 0) | |
67 | return r; | |
68 | ||
69 | answer = NULL; | |
70 | return 0; | |
71 | } | |
72 | ||
73 | void dns_trust_anchor_flush(DnsTrustAnchor *d) { | |
74 | DnsAnswer *a; | |
75 | ||
76 | assert(d); | |
77 | ||
78 | while ((a = hashmap_steal_first(d->by_key))) | |
79 | dns_answer_unref(a); | |
80 | ||
81 | d->by_key = hashmap_free(d->by_key); | |
82 | } | |
83 | ||
84 | int dns_trust_anchor_lookup(DnsTrustAnchor *d, DnsResourceKey *key, DnsAnswer **ret) { | |
85 | DnsAnswer *a; | |
86 | ||
87 | assert(d); | |
88 | assert(key); | |
89 | assert(ret); | |
90 | ||
91 | /* We only serve DS and DNSKEY RRs. */ | |
92 | if (!IN_SET(key->type, DNS_TYPE_DS, DNS_TYPE_DNSKEY)) | |
93 | return 0; | |
94 | ||
95 | a = hashmap_get(d->by_key, key); | |
96 | if (!a) | |
97 | return 0; | |
98 | ||
99 | *ret = dns_answer_ref(a); | |
100 | return 1; | |
101 | } |