dnssec: compute NSEC bitmaps using the new library

Knot.files

@@ -3,6 +3,9 @@ KNOWN_ISSUES
 Makefile.am
 README
 configure.ac
+dnssec/Makefile.am
+dnssec/tests/Makefile.am
+dnssec/utils/Makefile.am
 doc/Makefile.am
 doc/configuration.texi
 doc/indices.texi
@@ -183,7 +186,6 @@ src/libknot/consts.c
 src/libknot/consts.h
 src/libknot/dname.c
 src/libknot/dname.h
-src/libknot/dnssec/bitmap.h
 src/libknot/dnssec/config.h
 src/libknot/dnssec/crypto.c
 src/libknot/dnssec/crypto.h

src/Makefile.am

@@ -146,7 +146,6 @@ libknot_la_SOURCES =				\
 	libknot/dnssec/crypto.h			\
 	libknot/dnssec/key.c			\
 	libknot/dnssec/key.h			\
-	libknot/dnssec/bitmap.h			\
 	libknot/dnssec/policy.c			\
 	libknot/dnssec/policy.h			\
 	libknot/dnssec/random.h			\
@@ -297,7 +296,7 @@ libknotd_la_SOURCES =				\
 
 # libraries
 libknot_la_LIBADD  = libknots.la zscanner/libzscanner.la
-libknotd_la_LIBADD = libknots.la libknot.la
+libknotd_la_LIBADD = libknots.la libknot.la ../dnssec/libdnssec.la
 
 # sbin programs
 knotd_LDADD = libknot.la libknotd.la

src/dnssec

+../dnssec/lib/dnssec
\ No newline at end of file

src/knot/dnssec/nsec-chain.c

@@ -47,23 +47,28 @@ static knot_rrset_t *create_nsec_rrset(const knot_node_t *from,
 	}
 
 	// Create bitmap
-	bitmap_t rr_types = { 0 };
-	bitmap_add_node_rrsets(&rr_types, from);
-	bitmap_add_type(&rr_types, KNOT_RRTYPE_NSEC);
-	bitmap_add_type(&rr_types, KNOT_RRTYPE_RRSIG);
+	dnssec_nsec_bitmap_t *rr_types = dnssec_nsec_bitmap_new();
+	if (!rr_types) {
+		return NULL;
+	}
+
+	bitmap_add_node_rrsets(rr_types, from);
+	dnssec_nsec_bitmap_add(rr_types, KNOT_RRTYPE_NSEC);
+	dnssec_nsec_bitmap_add(rr_types, KNOT_RRTYPE_RRSIG);
 	if (knot_node_rrtype_exists(from, KNOT_RRTYPE_SOA)) {
-		bitmap_add_type(&rr_types, KNOT_RRTYPE_DNSKEY);
+		dnssec_nsec_bitmap_add(rr_types, KNOT_RRTYPE_DNSKEY);
 	}
 
 	// Create RDATA
 	assert(to->owner);
 	size_t next_owner_size = knot_dname_size(to->owner);
-	size_t rdata_size = next_owner_size + bitmap_size(&rr_types);
+	size_t rdata_size = next_owner_size + dnssec_nsec_bitmap_size(rr_types);
 	uint8_t rdata[rdata_size];
 
 	// Fill RDATA
 	memcpy(rdata, to->owner, next_owner_size);
-	bitmap_write(&rr_types, rdata + next_owner_size);
+	dnssec_nsec_bitmap_write(rr_types, rdata + next_owner_size);
+	dnssec_nsec_bitmap_free(rr_types);
 
 	int ret = knot_rrset_add_rdata(rrset, rdata, rdata_size, ttl, NULL);
 	if (ret != KNOT_EOK) {

src/knot/dnssec/nsec-chain.h

@@ -32,7 +32,7 @@
 
 #include "knot/zone/zone-contents.h"
 #include "knot/updates/changesets.h"
-#include "libknot/dnssec/bitmap.h"
+#include "dnssec/nsec.h"
 
 /*!
  * \brief Parameters to be used in connect_nsec_nodes callback.
@@ -59,14 +59,14 @@ typedef int (*chain_iterate_create_cb)(knot_node_t *, knot_node_t *,
 /*!
  * \brief Add all RR types from a node into the bitmap.
  */
-inline static void bitmap_add_node_rrsets(bitmap_t *bitmap,
+inline static void bitmap_add_node_rrsets(dnssec_nsec_bitmap_t *bitmap,
                                           const knot_node_t *node)
 {
 	for (int i = 0; i < node->rrset_count; i++) {
 		knot_rrset_t rr = knot_node_rrset_at(node, i);
 		if (rr.type != KNOT_RRTYPE_NSEC &&
 		    rr.type != KNOT_RRTYPE_RRSIG) {
-			bitmap_add_type(bitmap, rr.type);
+			dnssec_nsec_bitmap_add(bitmap, rr.type);
 		}
 	}
 }

src/knot/dnssec/nsec3-chain.c

@@ -25,7 +25,7 @@
 #include "knot/dnssec/nsec-chain.h"
 #include "knot/dnssec/zone-sign.h"
 #include "knot/dnssec/zone-nsec.h"
-#include "libknot/dnssec/bitmap.h"
+#include "dnssec/nsec.h"
 #include "libknot/rdata/nsec3.h"
 
 /* - Forward declarations --------------------------------------------------- */
@@ -33,7 +33,7 @@
 static int create_nsec3_rrset(knot_rrset_t *rrset,
                               knot_dname_t *dname,
                               const knot_nsec3_params_t *,
-                              const bitmap_t *,
+                              const dnssec_nsec_bitmap_t *,
                               const uint8_t *,
                               uint32_t);
 
@@ -192,14 +192,14 @@ static void free_nsec3_tree(knot_zone_tree_t *nodes)
  * \brief Get NSEC3 RDATA size.
  */
 static size_t nsec3_rdata_size(const knot_nsec3_params_t *params,
-                               const bitmap_t *rr_types)
+                               const dnssec_nsec_bitmap_t *rr_types)
 {
 	assert(params);
 	assert(rr_types);
 
 	return 6 + params->salt_length
 	       + knot_nsec3_hash_length(params->algorithm)
-	       + bitmap_size(rr_types);
+	       + dnssec_nsec_bitmap_size(rr_types);
 }
 
 /*!
@@ -208,7 +208,7 @@ static size_t nsec3_rdata_size(const knot_nsec3_params_t *params,
  * \note Content of next hash field is not changed.
  */
 static void nsec3_fill_rdata(uint8_t *rdata, const knot_nsec3_params_t *params,
-                             const bitmap_t *rr_types,
+                             const dnssec_nsec_bitmap_t *rr_types,
                              const uint8_t *next_hashed, uint32_t ttl)
 {
 	assert(rdata);
@@ -234,7 +234,7 @@ static void nsec3_fill_rdata(uint8_t *rdata, const knot_nsec3_params_t *params,
 		memcpy(rdata, next_hashed, hash_length);
 	}
 	rdata += hash_length;
-	bitmap_write(rr_types, rdata);                    // RR types bit map
+	dnssec_nsec_bitmap_write(rr_types, rdata);        // RR types bit map
 }
 
 /*!
@@ -251,7 +251,7 @@ static void nsec3_fill_rdata(uint8_t *rdata, const knot_nsec3_params_t *params,
 static int create_nsec3_rrset(knot_rrset_t *rrset,
                               knot_dname_t *owner,
                               const knot_nsec3_params_t *params,
-                              const bitmap_t *rr_types,
+                              const dnssec_nsec_bitmap_t *rr_types,
                               const uint8_t *next_hashed,
                               uint32_t ttl)
 {
@@ -275,7 +275,7 @@ static int create_nsec3_rrset(knot_rrset_t *rrset,
 static knot_node_t *create_nsec3_node(knot_dname_t *owner,
                                       const knot_nsec3_params_t *nsec3_params,
                                       knot_node_t *apex_node,
-                                      const bitmap_t *rr_types,
+                                      const dnssec_nsec_bitmap_t *rr_types,
                                       uint32_t ttl)
 {
 	assert(owner);
@@ -332,17 +332,22 @@ static knot_node_t *create_nsec3_node_for_node(knot_node_t *node,
 		return NULL;
 	}
 
-	bitmap_t rr_types = { 0 };
-	bitmap_add_node_rrsets(&rr_types, node);
+	dnssec_nsec_bitmap_t *rr_types = dnssec_nsec_bitmap_new();
+	if (!rr_types) {
+		return NULL;
+	}
+
+	bitmap_add_node_rrsets(rr_types, node);
 	if (node->rrset_count > 0 && node_should_be_signed_nsec3(node)) {
-		bitmap_add_type(&rr_types, KNOT_RRTYPE_RRSIG);
+		dnssec_nsec_bitmap_add(rr_types, KNOT_RRTYPE_RRSIG);
 	}
 	if (node == apex) {
-		bitmap_add_type(&rr_types, KNOT_RRTYPE_DNSKEY);
+		dnssec_nsec_bitmap_add(rr_types, KNOT_RRTYPE_DNSKEY);
 	}
 
 	knot_node_t *nsec3_node;
-	nsec3_node = create_nsec3_node(nsec3_owner, params, apex, &rr_types, ttl);
+	nsec3_node = create_nsec3_node(nsec3_owner, params, apex, rr_types, ttl);
+	dnssec_nsec_bitmap_free(rr_types);
 
 	return nsec3_node;
 }

src/knot/dnssec/zone-nsec.c

@@ -24,7 +24,7 @@
 #include "common/debug.h"
 #include "common/descriptor.h"
 #include "common/hhash.h"
-#include "libknot/dnssec/bitmap.h"
+#include "dnssec/nsec.h"
 #include "libknot/util/utils.h"
 #include "libknot/packet/wire.h"
 #include "libknot/rdata/soa.h"

src/knot/dnssec/zone-nsec.h

@@ -34,7 +34,7 @@
 #include "knot/zone/zone-contents.h"
 #include "libknot/dnssec/policy.h"
 #include "knot/dnssec/zone-keys.h"
-#include "libknot/dnssec/bitmap.h"
+#include "dnssec/nsec.h"
 
 /*!
  * Check if NSEC3 is enabled for the given zone.

src/libknot/dnssec/bitmap.h

-/*  Copyright (C) 2011 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
- */
-/*!
- * \file bitmap.h
- *
- * \author Jan Vcelak <jan.vcelak@nic.cz>
- *
- * \brief RR bitmap used in NSEC/NSEC3 records (RFC 4034).
- *
- * \addtogroup dnssec
- * @{
- */
-
-#ifndef _KNOT_DNSSEC_ZONE_NSEC_BITMAP_H_
-#define _KNOT_DNSSEC_ZONE_NSEC_BITMAP_H_
-
-#include <stdint.h>
-#include <string.h>
-#include <limits.h>
-#include "common/descriptor.h"
-
-#define BITMAP_WINDOW_SIZE 256
-#define BITMAP_WINDOW_BYTES (BITMAP_WINDOW_SIZE/CHAR_BIT)
-#define BITMAP_WINDOW_COUNT 256
-
-/*!
- * \brief One window of a bitmap.
- */
-typedef struct {
-	uint8_t used;
-	uint8_t data[BITMAP_WINDOW_BYTES];
-} bitmap_window_t;
-
-/*!
- * \brief Bitmap of RR types.
- */
-typedef struct {
-	int used;
-	bitmap_window_t windows[BITMAP_WINDOW_COUNT];
-} bitmap_t;
-
-/*!
- * \brief Add one RR type into the bitmap.
- */
-inline static void bitmap_add_type(bitmap_t *bitmap, uint16_t type)
-{
-	int win = type / BITMAP_WINDOW_SIZE;
-	int bit = type % BITMAP_WINDOW_SIZE;
-
-	if (bitmap->used <= win) {
-		bitmap->used = win + 1;
-	}
-
-	int win_byte = bit / CHAR_BIT;
-	int win_bit  = bit % CHAR_BIT;
-
-	bitmap_window_t *window = &bitmap->windows[win];
-	window->data[win_byte] |= 0x80 >> win_bit;
-	if (window->used <= win_byte) {
-		window->used = win_byte + 1;
-	}
-}
-
-/*!
- * \brief Compute the size of the bitmap in NSEC RDATA format.
- */
-inline static size_t bitmap_size(const bitmap_t *bitmap)
-{
-	size_t result = 0;
-
-	for (int i = 0; i < bitmap->used; i++) {
-		int used = bitmap->windows[i].used;
-		if (used == 0) {
-			continue;
-		}
-
-		result += 2 + used; // windows number, window size, data
-	}
-
-	return result;
-}
-
-/*!
- * \brief Write bitmap in NSEC RDATA format.
- */
-inline static void bitmap_write(const bitmap_t *bitmap, uint8_t *output)
-{
-	uint8_t *write_ptr = output;
-	for (int win = 0; win < bitmap->used; win++) {
-		int used = bitmap->windows[win].used;
-		if (used == 0) {
-			continue;
-		}
-
-		*write_ptr = (uint8_t)win;
-		write_ptr += 1;
-
-		*write_ptr = (uint8_t)used;
-		write_ptr += 1;
-
-		memcpy(write_ptr, bitmap->windows[win].data, used);
-		write_ptr += used;
-	}
-}
-
-#endif // _KNOT_DNSSEC_ZONE_NSEC_BITMAP_H_
-
-/*! @} */