nsec3_50.cc 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347
  1. // Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
  2. //
  3. // Permission to use, copy, modify, and/or distribute this software for any
  4. // purpose with or without fee is hereby granted, provided that the above
  5. // copyright notice and this permission notice appear in all copies.
  6. //
  7. // THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  8. // REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  9. // AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  10. // INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  11. // LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  12. // OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  13. // PERFORMANCE OF THIS SOFTWARE.
  14. #include <iostream>
  15. #include <iomanip>
  16. #include <string>
  17. #include <sstream>
  18. #include <vector>
  19. #include <boost/lexical_cast.hpp>
  20. #include <dns/util/base32hex.h>
  21. #include <dns/buffer.h>
  22. #include <dns/exceptions.h>
  23. #include <dns/util/hex.h>
  24. #include <dns/messagerenderer.h>
  25. #include <dns/name.h>
  26. #include <dns/rrtype.h>
  27. #include <dns/rrttl.h>
  28. #include <dns/rdata.h>
  29. #include <dns/rdataclass.h>
  30. #include <dns/rdata/generic/detail/nsec_bitmap.h>
  31. #include <stdio.h>
  32. #include <time.h>
  33. using namespace std;
  34. using namespace isc::dns::rdata::generic::detail::nsec;
  35. // BEGIN_ISC_NAMESPACE
  36. // BEGIN_RDATA_NAMESPACE
  37. struct NSEC3Impl {
  38. // straightforward representation of NSEC3 RDATA fields
  39. NSEC3Impl(uint8_t hashalg, uint8_t flags, uint16_t iterations,
  40. vector<uint8_t>salt, vector<uint8_t>next,
  41. vector<uint8_t> typebits) :
  42. hashalg_(hashalg), flags_(flags), iterations_(iterations),
  43. salt_(salt), next_(next), typebits_(typebits)
  44. {}
  45. uint8_t hashalg_;
  46. uint8_t flags_;
  47. uint16_t iterations_;
  48. vector<uint8_t> salt_;
  49. vector<uint8_t> next_;
  50. vector<uint8_t> typebits_;
  51. };
  52. NSEC3::NSEC3(const string& nsec3_str) :
  53. impl_(NULL)
  54. {
  55. istringstream iss(nsec3_str);
  56. unsigned int hashalg, flags, iterations;
  57. string iterations_str, salthex, nexthash;
  58. stringbuf bitmaps;
  59. iss >> hashalg >> flags >> iterations_str >> salthex >> nexthash
  60. >> &bitmaps;
  61. if (iss.bad() || iss.fail()) {
  62. isc_throw(InvalidRdataText, "Invalid NSEC3 text: " << nsec3_str);
  63. }
  64. if (hashalg > 0xff) {
  65. isc_throw(InvalidRdataText,
  66. "NSEC3 hash algorithm out of range: " << hashalg);
  67. }
  68. if (flags > 0xff) {
  69. isc_throw(InvalidRdataText, "NSEC3 flags out of range: " << flags);
  70. }
  71. // Convert iteration. To reject an invalid case where there's no space
  72. // between iteration and salt, we extract this field as string and convert
  73. // to integer.
  74. try {
  75. iterations = lexical_cast<unsigned int>(iterations_str);
  76. } catch (const bad_lexical_cast&) {
  77. isc_throw(InvalidRdataText, "Bad NSEC3 iteration: " << iterations_str);
  78. }
  79. if (iterations > 0xffff) {
  80. isc_throw(InvalidRdataText, "NSEC3 iterations out of range: " <<
  81. iterations);
  82. }
  83. vector<uint8_t> salt;
  84. if (salthex != "-") { // "-" means a 0-length salt
  85. decodeHex(salthex, salt);
  86. }
  87. if (salt.size() > 255) {
  88. isc_throw(InvalidRdataText, "NSEC3 salt is too long: "
  89. << salt.size() << " bytes");
  90. }
  91. vector<uint8_t> next;
  92. decodeBase32Hex(nexthash, next);
  93. if (next.size() > 255) {
  94. isc_throw(InvalidRdataText, "NSEC3 hash is too long: "
  95. << next.size() << " bytes");
  96. }
  97. stringstream bitmap_stream(bitmaps.str());
  98. uint8_t bitmap[8 * 1024]; // 64k bits
  99. vector<uint8_t> typebits;
  100. memset(bitmap, 0, sizeof(bitmap));
  101. do {
  102. string type;
  103. int code;
  104. bitmap_stream >> type;
  105. if (type.length() != 0) {
  106. try {
  107. code = RRType(type).getCode();
  108. bitmap[code / 8] |= (0x80 >> (code % 8));
  109. } catch (...) {
  110. isc_throw(InvalidRdataText, "Invalid RRtype in NSEC3");
  111. }
  112. }
  113. } while (!bitmap_stream.eof());
  114. for (int window = 0; window < 256; window++) {
  115. int octet;
  116. for (octet = 31; octet >= 0; octet--) {
  117. if (bitmap[window * 32 + octet] != 0) {
  118. break;
  119. }
  120. }
  121. if (octet < 0)
  122. continue;
  123. typebits.push_back(window);
  124. typebits.push_back(octet + 1);
  125. for (int i = 0; i <= octet; i++) {
  126. typebits.push_back(bitmap[window * 32 + i]);
  127. }
  128. }
  129. impl_ = new NSEC3Impl(hashalg, flags, iterations, salt, next, typebits);
  130. }
  131. NSEC3::NSEC3(InputBuffer& buffer, size_t rdata_len) {
  132. // NSEC3 RR must have at least 5 octets:
  133. // hash algorithm(1), flags(1), iteration(2), saltlen(1)
  134. if (rdata_len < 5) {
  135. isc_throw(DNSMessageFORMERR, "NSEC3 too short, length: " << rdata_len);
  136. }
  137. const uint8_t hashalg = buffer.readUint8();
  138. const uint8_t flags = buffer.readUint8();
  139. const uint16_t iterations = buffer.readUint16();
  140. const uint8_t saltlen = buffer.readUint8();
  141. rdata_len -= 5;
  142. if (rdata_len < saltlen) {
  143. isc_throw(DNSMessageFORMERR, "NSEC3 salt length is too large: " <<
  144. static_cast<unsigned int>(saltlen));
  145. }
  146. vector<uint8_t> salt(saltlen);
  147. if (saltlen > 0) {
  148. buffer.readData(&salt[0], saltlen);
  149. rdata_len -= saltlen;
  150. }
  151. const uint8_t nextlen = buffer.readUint8();
  152. --rdata_len;
  153. if (nextlen == 0 || rdata_len <= nextlen) {
  154. isc_throw(DNSMessageFORMERR, "NSEC3 invalid hash length: " <<
  155. static_cast<unsigned int>(nextlen));
  156. }
  157. vector<uint8_t> next(nextlen);
  158. buffer.readData(&next[0], nextlen);
  159. rdata_len -= nextlen;
  160. vector<uint8_t> typebits(rdata_len);
  161. buffer.readData(&typebits[0], rdata_len);
  162. checkRRTypeBitmaps("NSEC3", typebits);
  163. impl_ = new NSEC3Impl(hashalg, flags, iterations, salt, next, typebits);
  164. }
  165. NSEC3::NSEC3(const NSEC3& source) :
  166. Rdata(), impl_(new NSEC3Impl(*source.impl_))
  167. {}
  168. NSEC3&
  169. NSEC3::operator=(const NSEC3& source) {
  170. if (impl_ == source.impl_) {
  171. return (*this);
  172. }
  173. NSEC3Impl* newimpl = new NSEC3Impl(*source.impl_);
  174. delete impl_;
  175. impl_ = newimpl;
  176. return (*this);
  177. }
  178. NSEC3::~NSEC3() {
  179. delete impl_;
  180. }
  181. string
  182. NSEC3::toText() const {
  183. ostringstream s;
  184. int len = 0;
  185. for (int i = 0; i < impl_->typebits_.size(); i += len) {
  186. assert(i + 2 <= impl_->typebits_.size());
  187. int window = impl_->typebits_[i];
  188. len = impl_->typebits_[i + 1];
  189. assert(len >= 0 && len < 32);
  190. i += 2;
  191. for (int j = 0; j < len; j++) {
  192. if (impl_->typebits_[i + j] == 0) {
  193. continue;
  194. }
  195. for (int k = 0; k < 8; k++) {
  196. if ((impl_->typebits_[i + j] & (0x80 >> k)) == 0) {
  197. continue;
  198. }
  199. int t = window * 256 + j * 8 + k;
  200. s << " " << RRType(t).toText();
  201. }
  202. }
  203. }
  204. using namespace boost;
  205. return (lexical_cast<string>(static_cast<int>(impl_->hashalg_)) +
  206. " " + lexical_cast<string>(static_cast<int>(impl_->flags_)) +
  207. " " + lexical_cast<string>(static_cast<int>(impl_->iterations_)) +
  208. " " + encodeHex(impl_->salt_) +
  209. " " + encodeBase32Hex(impl_->next_) + s.str());
  210. }
  211. void
  212. NSEC3::toWire(OutputBuffer& buffer) const {
  213. buffer.writeUint8(impl_->hashalg_);
  214. buffer.writeUint8(impl_->flags_);
  215. buffer.writeUint16(impl_->iterations_);
  216. buffer.writeUint8(impl_->salt_.size());
  217. buffer.writeData(&impl_->salt_[0], impl_->salt_.size());
  218. buffer.writeUint8(impl_->next_.size());
  219. buffer.writeData(&impl_->next_[0], impl_->next_.size());
  220. buffer.writeData(&impl_->typebits_[0], impl_->typebits_.size());
  221. }
  222. void
  223. NSEC3::toWire(MessageRenderer& renderer) const {
  224. renderer.writeUint8(impl_->hashalg_);
  225. renderer.writeUint8(impl_->flags_);
  226. renderer.writeUint16(impl_->iterations_);
  227. renderer.writeUint8(impl_->salt_.size());
  228. renderer.writeData(&impl_->salt_[0], impl_->salt_.size());
  229. renderer.writeUint8(impl_->next_.size());
  230. renderer.writeData(&impl_->next_[0], impl_->next_.size());
  231. renderer.writeData(&impl_->typebits_[0], impl_->typebits_.size());
  232. }
  233. int
  234. NSEC3::compare(const Rdata& other) const {
  235. const NSEC3& other_nsec3 = dynamic_cast<const NSEC3&>(other);
  236. if (impl_->hashalg_ != other_nsec3.impl_->hashalg_) {
  237. return (impl_->hashalg_ < other_nsec3.impl_->hashalg_ ? -1 : 1);
  238. }
  239. if (impl_->flags_ != other_nsec3.impl_->flags_) {
  240. return (impl_->flags_ < other_nsec3.impl_->flags_ ? -1 : 1);
  241. }
  242. if (impl_->iterations_ != other_nsec3.impl_->iterations_) {
  243. return (impl_->iterations_ < other_nsec3.impl_->iterations_ ? -1 : 1);
  244. }
  245. size_t this_len = impl_->salt_.size();
  246. size_t other_len = other_nsec3.impl_->salt_.size();
  247. size_t cmplen = min(this_len, other_len);
  248. int cmp = memcmp(&impl_->salt_[0], &other_nsec3.impl_->salt_[0], cmplen);
  249. if (cmp != 0) {
  250. return (cmp);
  251. } else if (this_len < other_len) {
  252. return (-1);
  253. } else if (this_len > other_len) {
  254. return (1);
  255. }
  256. this_len = impl_->salt_.size();
  257. other_len = other_nsec3.impl_->salt_.size();
  258. cmplen = min(this_len, other_len);
  259. cmp = memcmp(&impl_->next_[0], &other_nsec3.impl_->next_[0], cmplen);
  260. if (cmp != 0) {
  261. return (cmp);
  262. } else if (this_len < other_len) {
  263. return (-1);
  264. } else if (this_len > other_len) {
  265. return (1);
  266. }
  267. this_len = impl_->typebits_.size();
  268. other_len = other_nsec3.impl_->typebits_.size();
  269. cmplen = min(this_len, other_len);
  270. cmp = memcmp(&impl_->typebits_[0], &other_nsec3.impl_->typebits_[0],
  271. cmplen);
  272. if (cmp != 0) {
  273. return (cmp);
  274. } else if (this_len < other_len) {
  275. return (-1);
  276. } else if (this_len > other_len) {
  277. return (1);
  278. } else {
  279. return (0);
  280. }
  281. }
  282. uint8_t
  283. NSEC3::getHashalg() const {
  284. return (impl_->hashalg_);
  285. }
  286. uint8_t
  287. NSEC3::getFlags() const {
  288. return (impl_->flags_);
  289. }
  290. uint16_t
  291. NSEC3::getIterations() const {
  292. return (impl_->iterations_);
  293. }
  294. const vector<uint8_t>&
  295. NSEC3::getSalt() const {
  296. return (impl_->salt_);
  297. }
  298. const vector<uint8_t>&
  299. NSEC3::getNext() const {
  300. return (impl_->next_);
  301. }
  302. // END_RDATA_NAMESPACE
  303. // END_ISC_NAMESPACE