1c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh/* $NetBSD: dnssec.c,v 1.4 2006/09/09 16:22:09 manu Exp $ */ 20a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 30a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* $KAME: dnssec.c,v 1.2 2001/08/05 18:46:07 itojun Exp $ */ 40a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 50a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang/* 60a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. 70a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * All rights reserved. 80a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 90a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * Redistribution and use in source and binary forms, with or without 100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * modification, are permitted provided that the following conditions 110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * are met: 120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 1. Redistributions of source code must retain the above copyright 130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer. 140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 2. Redistributions in binary form must reproduce the above copyright 150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * notice, this list of conditions and the following disclaimer in the 160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * documentation and/or other materials provided with the distribution. 170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 3. Neither the name of the project nor the names of its contributors 180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * may be used to endorse or promote products derived from this software 190a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * without specific prior written permission. 200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * 210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND 220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE 250a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 260a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 270a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 280a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 290a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 300a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 310a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang * SUCH DAMAGE. 320a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang */ 330a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 340a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "config.h" 350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/types.h> 370a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <sys/param.h> 380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <stdlib.h> 390a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include <string.h> 400a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 410a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "var.h" 420a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "vmbuf.h" 430a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "misc.h" 440a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "plog.h" 450a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "debug.h" 460a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 470a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp_var.h" 480a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "isakmp.h" 490a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "ipsec_doi.h" 500a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "oakley.h" 510a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "netdb_dnssec.h" 520a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "strnames.h" 530a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "dnssec.h" 540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang#include "gcmalloc.h" 550a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 560a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangextern int h_errno; 570a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 58c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehcert_t * 590a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wangdnssec_getcert(id) 600a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang vchar_t *id; 610a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang{ 62c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh cert_t *cert = NULL; 630a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct certinfo *res = NULL; 640a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang struct ipsecdoi_id_b *id_b; 650a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int type; 660a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang char *name = NULL; 670a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int namelen; 680a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang int error; 690a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 700a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang id_b = (struct ipsecdoi_id_b *)id->v; 710a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 720a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang namelen = id->l - sizeof(*id_b); 730a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang name = racoon_malloc(namelen + 1); 740a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (!name) { 750a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 760a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to get buffer.\n"); 770a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang return NULL; 780a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 790a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang memcpy(name, id_b + 1, namelen); 800a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang name[namelen] = '\0'; 810a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 820a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (id_b->type) { 830a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case IPSECDOI_ID_FQDN: 840a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang error = getcertsbyname(name, &res); 850a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (error != 0) { 860a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 870a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "getcertsbyname(\"%s\") failed.\n", name); 880a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto err; 890a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 900a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 910a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case IPSECDOI_ID_IPV4_ADDR: 920a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case IPSECDOI_ID_IPV6_ADDR: 930a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* XXX should be processed to query PTR ? */ 940a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 950a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 960a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "inpropper ID type passed %s " 970a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "though getcert method is dnssec.\n", 980a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang s_ipsecdoi_ident(id_b->type)); 990a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto err; 1000a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1010a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1020a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* check response */ 1030a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (res->ci_next != NULL) { 1040a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_WARNING, LOCATION, NULL, 1050a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "not supported multiple CERT RR.\n"); 1060a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1070a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang switch (res->ci_type) { 1080a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang case DNSSEC_TYPE_PKIX: 1090a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* XXX is it enough condition to set this type ? */ 1100a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang type = ISAKMP_CERT_X509SIGN; 1110a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang break; 1120a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang default: 1130a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1140a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "not supported CERT RR type %d.\n", res->ci_type); 1150a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto err; 1160a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 1170a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1180a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang /* create cert holder */ 119c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh cert = oakley_newcert(); 1200a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang if (cert == NULL) { 1210a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_ERROR, LOCATION, NULL, 1220a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang "failed to get cert buffer.\n"); 1230a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang goto err; 1240a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang } 125c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh cert->pl = vmalloc(res->ci_certlen + 1); 126c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (cert->pl == NULL) { 127c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plog(LLV_ERROR, LOCATION, NULL, 128c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh "failed to get cert buffer.\n"); 129c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto err; 130c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 131c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh memcpy(cert->pl->v + 1, res->ci_cert, res->ci_certlen); 132c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh cert->pl->v[0] = type; 133c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh cert->cert.v = cert->pl->v + 1; 134c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh cert->cert.l = cert->pl->l - 1; 1350a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 1360a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang plog(LLV_DEBUG, LOCATION, NULL, "created CERT payload:\n"); 137c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh plogdump(LLV_DEBUG, cert->pl->v, cert->pl->l); 1380a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang 139c91307af2622f6625525f3c1f9c954376df950adChia-chi Yehend: 140f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh if (res) 141f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh freecertinfo(res); 142c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 143f8a6a7636d53a5730c58ae041e4e09ae12e1657cChia-chi Yeh return cert; 144c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 145c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeherr: 146c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (name) 147c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh racoon_free(name); 148c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh if (cert) { 149c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh oakley_delcert(cert); 150c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh cert = NULL; 151c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh } 152c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh 153c91307af2622f6625525f3c1f9c954376df950adChia-chi Yeh goto end; 1540a1907d434839af6a9cb6329bbde60b237bf53dcChung-yih Wang} 155