[apple/network_cmds.git] / unbound / validator / autotrust.h

/*
 * validator/autotrust.h - RFC5011 trust anchor management for unbound.
 *
 * Copyright (c) 2009, NLnet Labs. All rights reserved.
 *
 * This software is open source.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 
 * Redistributions of source code must retain the above copyright notice,
 * this list of conditions and the following disclaimer.
 * 
 * Redistributions in binary form must reproduce the above copyright notice,
 * this list of conditions and the following disclaimer in the documentation
 * and/or other materials provided with the distribution.
 * 
 * Neither the name of the NLNET LABS nor the names of its contributors may
 * be used to endorse or promote products derived from this software without
 * specific prior written permission.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

/**
 * \file
 *
 * Contains autotrust definitions.
 */

#ifndef VALIDATOR_AUTOTRUST_H
#define VALIDATOR_AUTOTRUST_H
#include "util/rbtree.h"
#include "util/data/packed_rrset.h"
struct val_anchors;
struct trust_anchor;
struct ub_packed_rrset_key;
struct module_env;
struct val_env;
struct sldns_buffer;

/** Autotrust anchor states */
typedef enum {
	AUTR_STATE_START   = 0,
	AUTR_STATE_ADDPEND = 1,
	AUTR_STATE_VALID   = 2,
	AUTR_STATE_MISSING = 3,
	AUTR_STATE_REVOKED = 4,
	AUTR_STATE_REMOVED = 5
} autr_state_t;

/** 
 * Autotrust metadata for one trust anchor key.
 */
struct autr_ta {
	/** next key */
	struct autr_ta* next;
	/** the RR */
	uint8_t* rr;
	/** length of rr */
	size_t rr_len, dname_len;
	/** last update of key state (new pending count keeps date the same) */
	time_t last_change;
	/** 5011 state */
	autr_state_t s;
	/** pending count */
	uint8_t pending_count;
	/** fresh TA was seen */
	uint8_t fetched;
	/** revoked TA was seen */
	uint8_t revoked;
};

/** 
 * Autotrust metadata for a trust point.
 * This is part of the struct trust_anchor data.
 */
struct autr_point_data {
	/** file to store the trust point in. chrootdir already applied. */
	char* file;
	/** rbtree node for probe sort, key is struct trust_anchor */
	rbnode_t pnode;

	/** the keys */
	struct autr_ta* keys;

	/** last queried DNSKEY set 
	 * Not all failures are captured in this entry.
	 * If the validator did not even start (e.g. timeout or localservfail),
	 * then the last_queried and query_failed values are not updated.
	 */
	time_t last_queried;
	/** last successful DNSKEY set */
	time_t last_success;
	/** next probe time */
	time_t next_probe_time;

	/** when to query if !failed */
	time_t query_interval;
	/** when to retry if failed */
	time_t retry_time;

	/** 
	 * How many times did it fail. diagnostic only (has no effect).
	 * Only updated if there was a dnskey rrset that failed to verify.
	 */
	uint8_t query_failed;
	/** true if the trust point has been revoked */
	uint8_t revoked;
};

/** 
 * Autotrust global metadata.
 */
struct autr_global_data {
	/** rbtree of autotrust anchors sorted by next probe time.
	 * When time is equal, sorted by anchor class, name. */
	rbtree_t probe;
};

/**
 * Create new global 5011 data structure.
 * @return new structure or NULL on malloc failure.
 */
struct autr_global_data* autr_global_create(void);

/**
 * Delete global 5011 data structure.
 * @param global: global autotrust state to delete.
 */
void autr_global_delete(struct autr_global_data* global);

/**
 * See if autotrust anchors are configured and how many.
 * @param anchors: the trust anchors structure.
 * @return number of autotrust trust anchors
 */
size_t autr_get_num_anchors(struct val_anchors* anchors);

/**
 * Process probe timer.  Add new probes if needed.
 * @param env: module environment with time, with anchors and with the mesh.
 * @return time of next probe (in seconds from now).
 * 	If 0, then there is no next probe anymore (trust points deleted).
 */
time_t autr_probe_timer(struct module_env* env);

/** probe tree compare function */
int probetree_cmp(const void* x, const void* y);

/**
 * Read autotrust file.
 * @param anchors: the anchors structure.
 * @param nm: name of the file (copied).
 * @return false on failure.
 */
int autr_read_file(struct val_anchors* anchors, const char* nm);

/**
 * Write autotrust file.
 * @param env: environment with scratch space.
 * @param tp: trust point to write.
 */
void autr_write_file(struct module_env* env, struct trust_anchor* tp);

/**
 * Delete autr anchor, deletes the autr data but does not do
 * unlinking from trees, caller does that.
 * @param tp: trust point to delete.
 */
void autr_point_delete(struct trust_anchor* tp);

/**
 * Perform autotrust processing.
 * @param env: qstate environment with the anchors structure.
 * @param ve: validator environment for verification of rrsigs.
 * @param tp: trust anchor to process.
 * @param dnskey_rrset: DNSKEY rrset probed (can be NULL if bad prime result).
 * 	allocated in a region. Has not been validated yet.
 * @return false if trust anchor was revoked completely.
 * 	Otherwise logs errors to log, does not change return value.
 * 	On errors, likely the trust point has been unchanged.
 */
int autr_process_prime(struct module_env* env, struct val_env* ve,
	struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset);

/**
 * Debug printout of rfc5011 tracked anchors
 * @param anchors: all the anchors.
 */
void autr_debug_print(struct val_anchors* anchors);

/** callback for query answer to 5011 probe */
void probe_answer_cb(void* arg, int rcode, struct sldns_buffer* buf, 
	enum sec_status sec, char* errinf);

#endif /* VALIDATOR_AUTOTRUST_H */
Commit	Line	Data
89c4ed63 A	1	/*
	2	* validator/autotrust.h - RFC5011 trust anchor management for unbound.
	3	*
	4	* Copyright (c) 2009, NLnet Labs. All rights reserved.
	5	*
	6	* This software is open source.
	7	*
	8	* Redistribution and use in source and binary forms, with or without
	9	* modification, are permitted provided that the following conditions
	10	* are met:
	11	*
	12	* Redistributions of source code must retain the above copyright notice,
	13	* this list of conditions and the following disclaimer.
	14	*
	15	* Redistributions in binary form must reproduce the above copyright notice,
	16	* this list of conditions and the following disclaimer in the documentation
	17	* and/or other materials provided with the distribution.
	18	*
	19	* Neither the name of the NLNET LABS nor the names of its contributors may
	20	* be used to endorse or promote products derived from this software without
	21	* specific prior written permission.
	22	*
	23	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	24	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	25	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
	26	* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
	27	* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	28	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
	29	* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
	30	* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
	31	* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	32	* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
	33	* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	34	*/
	35
	36	/**
	37	* \file
	38	*
	39	* Contains autotrust definitions.
	40	*/
	41
	42	#ifndef VALIDATOR_AUTOTRUST_H
	43	#define VALIDATOR_AUTOTRUST_H
	44	#include "util/rbtree.h"
	45	#include "util/data/packed_rrset.h"
	46	struct val_anchors;
	47	struct trust_anchor;
	48	struct ub_packed_rrset_key;
	49	struct module_env;
	50	struct val_env;
	51	struct sldns_buffer;
	52
	53	/** Autotrust anchor states */
	54	typedef enum {
	55	AUTR_STATE_START = 0,
	56	AUTR_STATE_ADDPEND = 1,
	57	AUTR_STATE_VALID = 2,
	58	AUTR_STATE_MISSING = 3,
	59	AUTR_STATE_REVOKED = 4,
	60	AUTR_STATE_REMOVED = 5
	61	} autr_state_t;
	62
	63	/**
	64	* Autotrust metadata for one trust anchor key.
65	*/
66	struct autr_ta {
67	/** next key */
68	struct autr_ta* next;
69	/** the RR */
70	uint8_t* rr;
71	/** length of rr */
72	size_t rr_len, dname_len;
73	/** last update of key state (new pending count keeps date the same) */
74	time_t last_change;
75	/** 5011 state */
76	autr_state_t s;
77	/** pending count */
78	uint8_t pending_count;
79	/** fresh TA was seen */
80	uint8_t fetched;
81	/** revoked TA was seen */
82	uint8_t revoked;
83	};
84
85	/**
86	* Autotrust metadata for a trust point.
87	* This is part of the struct trust_anchor data.
88	*/
89	struct autr_point_data {
90	/** file to store the trust point in. chrootdir already applied. */
91	char* file;
92	/** rbtree node for probe sort, key is struct trust_anchor */
93	rbnode_t pnode;
94
95	/** the keys */
96	struct autr_ta* keys;
97
98	/** last queried DNSKEY set
99	* Not all failures are captured in this entry.
100	* If the validator did not even start (e.g. timeout or localservfail),
101	* then the last_queried and query_failed values are not updated.
102	*/
103	time_t last_queried;
104	/** last successful DNSKEY set */
105	time_t last_success;
106	/** next probe time */
107	time_t next_probe_time;
108
109	/** when to query if !failed */
110	time_t query_interval;
111	/** when to retry if failed */
112	time_t retry_time;
113
114	/**
115	* How many times did it fail. diagnostic only (has no effect).
116	* Only updated if there was a dnskey rrset that failed to verify.
117	*/
118	uint8_t query_failed;
119	/** true if the trust point has been revoked */
120	uint8_t revoked;
121	};
122
123	/**
124	* Autotrust global metadata.
125	*/
126	struct autr_global_data {
127	/** rbtree of autotrust anchors sorted by next probe time.
128	* When time is equal, sorted by anchor class, name. */
129	rbtree_t probe;
130	};
131
132	/**
133	* Create new global 5011 data structure.
134	* @return new structure or NULL on malloc failure.
135	*/
136	struct autr_global_data* autr_global_create(void);
137
138	/**
139	* Delete global 5011 data structure.
140	* @param global: global autotrust state to delete.
141	*/
142	void autr_global_delete(struct autr_global_data* global);
143
144	/**
145	* See if autotrust anchors are configured and how many.
146	* @param anchors: the trust anchors structure.
147	* @return number of autotrust trust anchors
148	*/
149	size_t autr_get_num_anchors(struct val_anchors* anchors);
150
151	/**
152	* Process probe timer. Add new probes if needed.
153	* @param env: module environment with time, with anchors and with the mesh.
154	* @return time of next probe (in seconds from now).
155	* If 0, then there is no next probe anymore (trust points deleted).
156	*/
157	time_t autr_probe_timer(struct module_env* env);
158
159	/** probe tree compare function */
160	int probetree_cmp(const void* x, const void* y);
161
162	/**
163	* Read autotrust file.
164	* @param anchors: the anchors structure.
165	* @param nm: name of the file (copied).
166	* @return false on failure.
167	*/
168	int autr_read_file(struct val_anchors* anchors, const char* nm);
169
170	/**
171	* Write autotrust file.
172	* @param env: environment with scratch space.
173	* @param tp: trust point to write.
174	*/
175	void autr_write_file(struct module_env* env, struct trust_anchor* tp);
176
177	/**
178	* Delete autr anchor, deletes the autr data but does not do
179	* unlinking from trees, caller does that.
180	* @param tp: trust point to delete.
181	*/
182	void autr_point_delete(struct trust_anchor* tp);
183
184	/**
185	* Perform autotrust processing.
186	* @param env: qstate environment with the anchors structure.
187	* @param ve: validator environment for verification of rrsigs.
188	* @param tp: trust anchor to process.
189	* @param dnskey_rrset: DNSKEY rrset probed (can be NULL if bad prime result).
190	* allocated in a region. Has not been validated yet.
191	* @return false if trust anchor was revoked completely.
192	* Otherwise logs errors to log, does not change return value.
193	* On errors, likely the trust point has been unchanged.
194	*/
195	int autr_process_prime(struct module_env* env, struct val_env* ve,
196	struct trust_anchor* tp, struct ub_packed_rrset_key* dnskey_rrset);
197
198	/**
199	* Debug printout of rfc5011 tracked anchors
200	* @param anchors: all the anchors.
201	*/
202	void autr_debug_print(struct val_anchors* anchors);
203
204	/** callback for query answer to 5011 probe */
205	void probe_answer_cb(void* arg, int rcode, struct sldns_buffer* buf,
206	enum sec_status sec, char* errinf);
207
208	#endif /* VALIDATOR_AUTOTRUST_H */