summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFederico Lucifredi <flucifredi@acm.org>2008-01-21 00:24:37 +0000
committerFederico Lucifredi <flucifredi@acm.org>2008-01-21 00:24:37 +0000
commit0c5214b1797bd794556561e2e69303338d73eec6 (patch)
treea37927a7d7a1fde5ecbc64141fef878f67ced0b0
parent6799b1cdf043101c29b99f1ef4b60c70b6e0ca34 (diff)
added avahi_dnssec_sign_record() minus crypto pass.
git-svn-id: file:///home/lennart/svn/public/avahi/branches/federico2@1734 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe
-rw-r--r--avahi-core/dns.c58
-rw-r--r--avahi-core/dns.h3
-rw-r--r--avahi-core/domain-util.c2
-rw-r--r--avahi-core/rr.h4
4 files changed, 59 insertions, 8 deletions
diff --git a/avahi-core/dns.c b/avahi-core/dns.c
index bfa6d60..3b88a20 100644
--- a/avahi-core/dns.c
+++ b/avahi-core/dns.c
@@ -768,7 +768,7 @@ static int append_rdata(AvahiDnsPacket *p, AvahiRecord *r) {
break;
- case AVAHI_DNS_TYPE_RRSIG:
+ case AVAHI_DNS_TYPE_RRSIG:
if (!avahi_dns_packet_append_uint16(p, r->data.rrsig.type_covered))
return -1;
@@ -914,9 +914,9 @@ AvahiRecord* avahi_get_local_zsk_pubkey(const unsigned char* keyname, uint32_t t
r = avahi_record_new_full(keyname, AVAHI_DNS_CLASS_IN, AVAHI_DNS_TYPE_DNSKEY, 0);
- if (!r) {
- avahi_log_error("avahi_record_new_full() failed.");
- return NULL;
+ if (!r) { /* OOM check */
+ avahi_log_error("avahi_record_new_full() failed.");
+ return NULL;
}
r->ttl = ttl; /* TTL of records associated with a signature MUST match the record's */
@@ -937,3 +937,53 @@ AvahiRecord* avahi_get_local_zsk_pubkey(const unsigned char* keyname, uint32_t t
return r;
}
+
+/* invoke as avahi_dnssec_sign_record(<record>, "reiker.local", <ttl>) */
+AvahiRecord avahi_dnssec_sign_record(AvahiRecord *s, const char *authority, uint32_t ttl){
+ AvahiRecord *r;
+
+ AvahiRecord *key;
+ int result;
+
+ r = avahi_record_new_full(keyname, AVAHI_DNS_CLASS_IN, AVAHI_DNS_TYPE_RRSIG, 0);
+
+ if (!r) { /* OOM check */
+ avahi_log_error("avahi_record_new_full() failed.");
+ return NULL;
+ }
+
+ /* type of covered record */
+ r->data.rrsig.type_covered = s->key.clazz;
+
+ /* SHA1 is mandatory in the spec (MUST), but other options are available */
+ r->data.rrsig.algorithm = AVAHI_DNSSEC_KEY_SHA1;
+
+ /* label count */
+ r->data.rrsig.labels = avahi_count_canonical_labels(avahi_c_to_canonical_string(s->key.name));
+
+ /* original ttl */
+ r->data.rrsig.ttl = ttl); /*this could be invalidated if TTL capping is later used in the packet dispatching call */
+
+ /* signature validity - ttl seconds from now is reasonable*/
+ r->data.rrsig.signature_expiration = time(NULL) + ttl;
+
+ /* when was the record signed? to allow for badly sync'd clocks, one conventionally claims signing 1 hour in the past */
+ r->data.rrsig.signature_inception = time(NULL) - AVAHI_DNSSEC_TIME_DRIFT;
+
+ /* retrieve RRSIG record representing localhost's trust */
+ key = avahi_get_local_zsk_pubkey(authority, ttl);
+
+ /* generate keytag of the localhos's pubkey */
+ r->data.rrsig.keytag = avahi_keytag(key);
+
+ avahi_free(key);
+
+ /* <localhost>+".local", to be retrieved from future *private* crypto config file along with local ZSK keypair */
+ r->data.rrsig.signers_name = avahi_strdup (authority);
+
+ return r;
+}
+
+AvahiRecord* avahi_get_local_trust_record(){
+
+} \ No newline at end of file
diff --git a/avahi-core/dns.h b/avahi-core/dns.h
index 363766c..01c92aa 100644
--- a/avahi-core/dns.h
+++ b/avahi-core/dns.h
@@ -80,6 +80,9 @@ int avahi_dns_packet_is_empty(AvahiDnsPacket *p);
size_t avahi_dns_packet_space(AvahiDnsPacket *p);
AvahiRecord* avahi_get_local_zsk_pubkey(const unsigned char* keyname, uint32_t ttl);
+AvahiRecord avahi_dnssec_sign_record(AvahiRecord *s, const char *authority, uint32_t ttl);
+AvahiRecord* avahi_get_local_trust_record();
+
#define AVAHI_DNS_FIELD_ID 0
#define AVAHI_DNS_FIELD_FLAGS 1
diff --git a/avahi-core/domain-util.c b/avahi-core/domain-util.c
index 627ce5d..f4bcdc0 100644
--- a/avahi-core/domain-util.c
+++ b/avahi-core/domain-util.c
@@ -281,7 +281,7 @@ uint16_t avahi_keytag(AvahiRecord r){
/* finally, generate keytag */
/* first arg is rdata address, second arg is rdlength */
- result = keytag(AVAHI_DNS_PACKET_DATA(tmp), sizeof(uint16_t) + 2*sizeof(uint8_t) + AVAHI_DNSSEC_SHA1_KEYLENGTH);
+ result = keytag(AVAHI_DNS_PACKET_DATA(tmp) + AVAHI_DNS_PACKET_HEADER_SIZE, tmp->size - AVAHI_DNS_PACKET_HEADER_SIZE);
avahi_free(tmp);
diff --git a/avahi-core/rr.h b/avahi-core/rr.h
index 2df7ba1..baefb27 100644
--- a/avahi-core/rr.h
+++ b/avahi-core/rr.h
@@ -53,9 +53,7 @@ enum {
enum {
AVAHI_DNSSEC_PROTO = 0x3,
- AVAHI_DNSSEC_VALIDITY = 30,
- AVAHI_DNSSEC_TIME_DRIFT = 3600,
- AVAHI_DNSSEC_SHA1_KEYLENGTH = 89
+ AVAHI_DNSSEC_TIME_DRIFT = 3600
};
/** DNS record classes, see RFC 1035, in addition to those defined in defs.h */