From 0c5214b1797bd794556561e2e69303338d73eec6 Mon Sep 17 00:00:00 2001 From: Federico Lucifredi Date: Mon, 21 Jan 2008 00:24:37 +0000 Subject: added avahi_dnssec_sign_record() minus crypto pass. git-svn-id: file:///home/lennart/svn/public/avahi/branches/federico2@1734 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe --- avahi-core/dns.c | 58 ++++++++++++++++++++++++++++++++++++++++++++---- avahi-core/dns.h | 3 +++ avahi-core/domain-util.c | 2 +- avahi-core/rr.h | 4 +--- 4 files changed, 59 insertions(+), 8 deletions(-) diff --git a/avahi-core/dns.c b/avahi-core/dns.c index bfa6d60..3b88a20 100644 --- a/avahi-core/dns.c +++ b/avahi-core/dns.c @@ -768,7 +768,7 @@ static int append_rdata(AvahiDnsPacket *p, AvahiRecord *r) { break; - case AVAHI_DNS_TYPE_RRSIG: + case AVAHI_DNS_TYPE_RRSIG: if (!avahi_dns_packet_append_uint16(p, r->data.rrsig.type_covered)) return -1; @@ -914,9 +914,9 @@ AvahiRecord* avahi_get_local_zsk_pubkey(const unsigned char* keyname, uint32_t t r = avahi_record_new_full(keyname, AVAHI_DNS_CLASS_IN, AVAHI_DNS_TYPE_DNSKEY, 0); - if (!r) { - avahi_log_error("avahi_record_new_full() failed."); - return NULL; + if (!r) { /* OOM check */ + avahi_log_error("avahi_record_new_full() failed."); + return NULL; } r->ttl = ttl; /* TTL of records associated with a signature MUST match the record's */ @@ -937,3 +937,53 @@ AvahiRecord* avahi_get_local_zsk_pubkey(const unsigned char* keyname, uint32_t t return r; } + +/* invoke as avahi_dnssec_sign_record(, "reiker.local", ) */ +AvahiRecord avahi_dnssec_sign_record(AvahiRecord *s, const char *authority, uint32_t ttl){ + AvahiRecord *r; + + AvahiRecord *key; + int result; + + r = avahi_record_new_full(keyname, AVAHI_DNS_CLASS_IN, AVAHI_DNS_TYPE_RRSIG, 0); + + if (!r) { /* OOM check */ + avahi_log_error("avahi_record_new_full() failed."); + return NULL; + } + + /* type of covered record */ + r->data.rrsig.type_covered = s->key.clazz; + + /* SHA1 is mandatory in the spec (MUST), but other options are available */ + r->data.rrsig.algorithm = AVAHI_DNSSEC_KEY_SHA1; + + /* label count */ + r->data.rrsig.labels = avahi_count_canonical_labels(avahi_c_to_canonical_string(s->key.name)); + + /* original ttl */ + r->data.rrsig.ttl = ttl); /*this could be invalidated if TTL capping is later used in the packet dispatching call */ + + /* signature validity - ttl seconds from now is reasonable*/ + r->data.rrsig.signature_expiration = time(NULL) + ttl; + + /* when was the record signed? to allow for badly sync'd clocks, one conventionally claims signing 1 hour in the past */ + r->data.rrsig.signature_inception = time(NULL) - AVAHI_DNSSEC_TIME_DRIFT; + + /* retrieve RRSIG record representing localhost's trust */ + key = avahi_get_local_zsk_pubkey(authority, ttl); + + /* generate keytag of the localhos's pubkey */ + r->data.rrsig.keytag = avahi_keytag(key); + + avahi_free(key); + + /* +".local", to be retrieved from future *private* crypto config file along with local ZSK keypair */ + r->data.rrsig.signers_name = avahi_strdup (authority); + + return r; +} + +AvahiRecord* avahi_get_local_trust_record(){ + +} \ No newline at end of file diff --git a/avahi-core/dns.h b/avahi-core/dns.h index 363766c..01c92aa 100644 --- a/avahi-core/dns.h +++ b/avahi-core/dns.h @@ -80,6 +80,9 @@ int avahi_dns_packet_is_empty(AvahiDnsPacket *p); size_t avahi_dns_packet_space(AvahiDnsPacket *p); AvahiRecord* avahi_get_local_zsk_pubkey(const unsigned char* keyname, uint32_t ttl); +AvahiRecord avahi_dnssec_sign_record(AvahiRecord *s, const char *authority, uint32_t ttl); +AvahiRecord* avahi_get_local_trust_record(); + #define AVAHI_DNS_FIELD_ID 0 #define AVAHI_DNS_FIELD_FLAGS 1 diff --git a/avahi-core/domain-util.c b/avahi-core/domain-util.c index 627ce5d..f4bcdc0 100644 --- a/avahi-core/domain-util.c +++ b/avahi-core/domain-util.c @@ -281,7 +281,7 @@ uint16_t avahi_keytag(AvahiRecord r){ /* finally, generate keytag */ /* first arg is rdata address, second arg is rdlength */ - result = keytag(AVAHI_DNS_PACKET_DATA(tmp), sizeof(uint16_t) + 2*sizeof(uint8_t) + AVAHI_DNSSEC_SHA1_KEYLENGTH); + result = keytag(AVAHI_DNS_PACKET_DATA(tmp) + AVAHI_DNS_PACKET_HEADER_SIZE, tmp->size - AVAHI_DNS_PACKET_HEADER_SIZE); avahi_free(tmp); diff --git a/avahi-core/rr.h b/avahi-core/rr.h index 2df7ba1..baefb27 100644 --- a/avahi-core/rr.h +++ b/avahi-core/rr.h @@ -53,9 +53,7 @@ enum { enum { AVAHI_DNSSEC_PROTO = 0x3, - AVAHI_DNSSEC_VALIDITY = 30, - AVAHI_DNSSEC_TIME_DRIFT = 3600, - AVAHI_DNSSEC_SHA1_KEYLENGTH = 89 + AVAHI_DNSSEC_TIME_DRIFT = 3600 }; /** DNS record classes, see RFC 1035, in addition to those defined in defs.h */ -- cgit