From: Jelte Jansen <jeltejan@NLnetLabs.nl>
Date: Wed, 17 Aug 2005 10:25:28 +0000 (+0000)
Subject: towards a working signer
X-Git-Tag: release-1.0.0~277
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d581412d2f3a03e7578bcf5718af722e693e7315;p=thirdparty%2Fldns.git

towards a working signer
---

diff --git a/dnssec.c b/dnssec.c
index d0a2e1b3..2b92e951 100644
--- a/dnssec.c
+++ b/dnssec.c
@@ -1014,7 +1014,7 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
 	key_count = 0;
 	signatures = ldns_rr_list_new();
 
-	ldns_rr_list_print(stdout, rrset);
+	/*ldns_rr_list_print(stdout, rrset);*/
 
 	/* prepare a signature and add all the know data
 	 * prepare the rrset. Sign this together.  */
@@ -1216,8 +1216,12 @@ ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key)
 	return sigdata_rdf;
 }
 
+/*
 ldns_rr *
 ldns_create_nsec(ldns_rr_list *before, ldns_rr_list *after)
+*/
+ldns_rr *
+ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs)
 {
 	/* we do not do any check here - garbage in, garbage out */
 	
@@ -1226,13 +1230,83 @@ ldns_create_nsec(ldns_rr_list *before, ldns_rr_list *after)
 
 	/* we don't have an nsec encoder... :( */
 
-	ldns_rdf *owner;
-	ldns_rdf *nsec_types;
+	/* inefficient, just give it a name, a next name, and a list of rrs */
+	/* we make 1 big uberbitmap first, then windows */
+	/* todo: make something more efficient :) */
+	int i;
+	ldns_rr *i_rr;
+
+	uint8_t *bitmap = LDNS_XMALLOC(uint8_t, 1);
+	int bm_len = 0;
+	uint16_t i_type;
+
+	ldns_rr *nsec = NULL;
+
+	uint8_t *data = NULL;
+	uint8_t cur_data[32];
+	uint8_t cur_window = 0;
+	uint8_t cur_window_max = 0;
+	int cur_data_size = 0;
+
+	nsec = ldns_rr_new();
+	ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC);
+	ldns_rr_set_owner(nsec, ldns_rdf_clone(cur_owner));
+	/* TODO: TTL */
+	ldns_rr_push_rdf(nsec, ldns_rdf_clone(next_owner));
+
+	bitmap[0] = 0;
+	for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
+		i_rr = ldns_rr_list_rr(rrs, i);
+
+		if (ldns_rdf_compare(cur_owner,
+		                     ldns_rr_owner(i_rr)) == 0) {
+			/* add type to bitmap */
+			i_type = ldns_rr_get_type(i_rr);
+			if (i_type / 8 > bm_len) {
+				bitmap = LDNS_XREALLOC(bitmap, uint8_t, i_type / 8);
+				/* set to 0 */
+				for (; bm_len <= i_type / 8; bm_len++) {
+					bitmap[bm_len] = 0;
+				}
+			}
+			ldns_set_bit(bitmap + i_type / 8, 7 - (i_type % 8), true);
+		}
+	}
+
+	memset(cur_data, 0, 32);
+	for (i = 0; i < bm_len; i++) {
+		if (i / 32 > cur_window) {
+			/* check, copy, new */
+			if (cur_window_max > 0) {
+				/* this window has stuff, add it */
+				data = LDNS_XREALLOC(data, uint8_t, cur_data_size + cur_window_max + 2);
+				data[cur_data_size] = cur_window;
+				data[cur_data_size + 1] = cur_window_max;
+				memcpy(data + cur_data_size + 2, cur_data, cur_window_max);
+				cur_data_size += cur_window_max + 2;
+			}
+			cur_window++;
+			cur_window_max = 0;
+			memset(cur_data, 0, 32);
+		} else {
+			cur_data[i%32] = bitmap[i];
+			if (bitmap[i] > 0) {
+				cur_window_max = i;
+			}
+		}
+	}
+	if (cur_window_max > 0) {
+		/* this window has stuff, add it */
+		data = LDNS_XREALLOC(data, uint8_t, cur_data_size + cur_window_max + 2);
+		data[cur_data_size] = cur_window;
+		data[cur_data_size + 1] = cur_window_max;
+		memcpy(data + cur_data_size + 2, cur_data, cur_window_max);
+		cur_data_size += cur_window_max + 2;
+	}
 
-	before = before ; after = after;
-	owner = owner; nsec_types = nsec_types;
+	ldns_rr_push_rdf(nsec, ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC, cur_data_size, data));
 
-	return NULL;
+	return nsec;
 }
 
 /* sig may be null - if so look in the packet */
@@ -1316,21 +1390,32 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list)
 	 
 	ldns_zone *signed_zone;
 	ldns_rr_list *cur_rrset;
+	ldns_rr_list *soa_rrset;
 	ldns_rr_list *cur_rrsigs;
 	ldns_rr_list *orig_zone_rrs;
+	ldns_rr_list *signed_zone_rrs;
+	ldns_rdf *cur_dname = NULL;
+	ldns_rdf *next_dname = NULL;
+	ldns_rr *nsec;
+	int i;
 	
+	ldns_rr_list *next_rrset;
+
 	signed_zone = ldns_zone_new();
 	
 	/* there should only be 1 SOA, so the soa record is 1 rrset */
-	cur_rrset = ldns_rr_list_new();
-	ldns_rr_list_push_rr(cur_rrset, ldns_zone_soa(zone));
-	cur_rrsigs = ldns_sign_public(cur_rrset, key_list);
-
+	soa_rrset = ldns_rr_list_new();
+	ldns_rr_list_push_rr(soa_rrset, ldns_zone_soa(zone));
+	cur_rrsigs = ldns_sign_public(soa_rrset, key_list);
+	cur_dname = ldns_rr_owner(ldns_rr_list_rr(soa_rrset, 0));
 
 	ldns_zone_set_soa(signed_zone, ldns_rr_clone(ldns_zone_soa(zone)));
 	ldns_zone_push_rr_list(signed_zone, cur_rrsigs);
 	
 	orig_zone_rrs = ldns_rr_list_clone(ldns_zone_rrs(zone));
+	signed_zone_rrs = ldns_rr_list_new();
+	next_rrset = ldns_rr_list_pop_rrset(orig_zone_rrs);
+	next_dname = ldns_rr_owner(ldns_rr_list_rr(next_rrset, 0));
 
 	/*
 	printf("UNSORTED:\n");
@@ -1342,23 +1427,30 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list)
 	printf("SORTED:\n");
 	ldns_rr_list_print(stdout, orig_zone_rrs);
 	*/
-	cur_rrset = ldns_rr_list_pop_rrset(orig_zone_rrs);
+	/* add nsecs */
+	for (i = 0; i < ldns_rr_list_rr_count(orig_zone_rrs); i++) {
+		cur_dname = ldns_rr_owner(ldns_rr_list_rr(orig_zone_rrs, i));
+		if (i < ldns_rr_list_rr_count(orig_zone_rrs) - 1) {
+			next_dname = ldns_rr_owner(ldns_rr_list_rr(orig_zone_rrs, i+1));
+		} else {
+			next_dname = ldns_rr_owner(ldns_zone_soa(zone));
+		}
+		ldns_rr_list_push_rr(signed_zone_rrs, ldns_rr_list_rr(orig_zone_rrs, i));
+		if (ldns_rdf_compare(cur_dname, next_dname) != 0) {
+			nsec = ldns_create_nsec(cur_dname, 
+			                        next_dname,
+			                        orig_zone_rrs);
+			ldns_rr_list_push_rr(signed_zone_rrs, nsec);
+		}
+	}
+	ldns_rr_list_free(orig_zone_rrs);
+
+	cur_rrset = ldns_rr_list_pop_rrset(signed_zone_rrs);
 	while (cur_rrset) {
-		/*
-		printf("NEXT RRSET:\n");
-		ldns_rr_list_print(stdout, cur_rrset);
-		printf("\n");
-		*/
 		cur_rrsigs = ldns_sign_public(cur_rrset, key_list);
 		ldns_zone_push_rr_list(signed_zone, cur_rrset);
 		ldns_zone_push_rr_list(signed_zone, cur_rrsigs);
-		
-/*
-		ldns_rr_list_free(cur_rrset);
-		ldns_rr_list_free(cur_rrsigs);
-*/
-
-		cur_rrset = ldns_rr_list_pop_rrset(orig_zone_rrs);
+		cur_rrset = ldns_rr_list_pop_rrset(signed_zone_rrs);
 	}
 	
 	return signed_zone;
diff --git a/host2str.c b/host2str.c
index 0641b32f..2b4adc1f 100644
--- a/host2str.c
+++ b/host2str.c
@@ -770,7 +770,7 @@ ldns_rdf2buffer_str(ldns_buffer *buffer, ldns_rdf *rdf)
 			break;
 		}
 	} else {
-		ldns_buffer_printf(buffer, "(null) ");
+		ldns_buffer_printf(buffer, "(null no rdf...) ");
 	}
 	return LDNS_STATUS_OK;
 }
@@ -784,7 +784,7 @@ ldns_rr2buffer_str(ldns_buffer *output, ldns_rr *rr)
 	const ldns_rr_descriptor *descriptor;
 	
 	if (!rr) {
-		ldns_buffer_printf(output, "(null)\n");
+		ldns_buffer_printf(output, "(null no rr)\n");
 	} else {
 		if (ldns_rr_owner(rr)) {
 			status = ldns_rdf2buffer_str_dname(output, ldns_rr_owner(rr)); 
@@ -1235,7 +1235,7 @@ ldns_rr_list2str(ldns_rr_list *list)
 		if (ldns_rr_list2buffer_str(tmp_buffer, list) == LDNS_STATUS_OK) {
 		}
 	} else {
-		ldns_buffer_printf(tmp_buffer, "(null)\n");
+		ldns_buffer_printf(tmp_buffer, "(null no list)\n");
 	}
 
 	/* export and return string, destroy rest */
diff --git a/ldns/dnssec.h b/ldns/dnssec.h
index 7464f51e..832121f2 100644
--- a/ldns/dnssec.h
+++ b/ldns/dnssec.h
@@ -155,11 +155,12 @@ ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key);
 
 /**
  * Create a NSEC record
- * \param[in] before the rrlist which should be taken as the starting point
- * \param[in] after the rrlist which the nsec rr should point to 
+ * \param[in] cur_owner the current owner which should be taken as the starting point
+ * \param[in] next_owner the rrlist which the nsec rr should point to 
+ * \param[in] rrs all rrs from the zone, to find all RR types of cur_owner in
  * \return a ldns_rr with the nsec record in it
  */
-ldns_rr * ldns_create_nsec(ldns_rr_list *before, ldns_rr_list *after);
+ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs);
 
 /**
  *
diff --git a/rr.c b/rr.c
index 25b490f3..b2a46f20 100644
--- a/rr.c
+++ b/rr.c
@@ -291,7 +291,7 @@ ldns_rr_new_frm_str(const char *str, uint16_t default_ttl, ldns_rdf *origin)
 	/* depending on the rr_type we need to extract
 	 * the rdata differently, e.g. NSEC */
 	switch(rr_type) {
-		case LDNS_RR_TYPE_NSEC:
+		/*case LDNS_RR_TYPE_NSEC:*/
 		/*case LDNS_RR_TYPE_LOC:*/
 			/* blalba do something different */
 			break;
diff --git a/signzone.c b/signzone.c
index 1ac20f25..b51027c4 100644
--- a/signzone.c
+++ b/signzone.c
@@ -44,6 +44,7 @@ main(int argc, char *argv[])
 
 	ldns_zone *signed_zone = NULL;
 	
+	int line_nr = 0;
 	time_t now;
 	
 	if (argc < 3) {
@@ -105,7 +106,7 @@ main(int argc, char *argv[])
 	if (!zonefile) {
 		fprintf(stderr, "Error: unable to read %s (%s)\n", zonefile_name, strerror(errno));
 	} else {
-		orig_zone = ldns_zone_new_frm_fp(zonefile, origin, ttl, class);
+		orig_zone = ldns_zone_new_frm_fp_l(zonefile, origin, ttl, class, &line_nr);
 		
 		if (!orig_zone) {
 			fprintf(stderr, "Zone not read\n");