tkey.c revision 1c1d1a5a96624c7e6382c97f8d78765e05c246a1
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * Copyright (C) 1999 Internet Software Consortium.
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * Permission to use, copy, modify, and distribute this software for any
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * purpose with or without fee is hereby granted, provided that the above
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * copyright notice and this permission notice appear in all copies.
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington * $Id: tkey.c,v 1.7 1999/10/28 20:00:04 bwelling Exp $
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * Principal Author: Brian Wellington
ff936a56ea2ec850748f82df46e67a8a614af49bBob Halley#define RETERR(x) do { \
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellingtondns_tkey_init(isc_log_t *lctx, dns_c_ctx_t *cfg, isc_mem_t *mctx) {
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_c_ctx_gettkeydhkey(lctx, cfg, &s, &n);
ff936a56ea2ec850748f82df46e67a8a614af49bBob Halley RETERR(dst_key_fromfile(s, n, DNS_KEYALG_DH, DST_TYPE_PRIVATE,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_c_ctx_gettkeydomain(lctx, cfg, &s));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington tkey_domain = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_buffer_init(&b, s, strlen(s), ISC_BUFFERTYPE_TEXT);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(isc_buffer_allocate(mctx, &namebuf, 1024,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_name_fromtext(tkey_domain, &b, dns_rootname, ISC_FALSE,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_mem_put(mctx, tkey_domain, sizeof(dns_name_t));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellingtonadd_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_uint32_t ttl, dns_namelist_t *namelist)
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_buffer_t *tmprdatabuf = NULL, *tmpnamebuf = NULL;
ff936a56ea2ec850748f82df46e67a8a614af49bBob Halley RETERR(dns_message_gettemprdata(msg, &newrdata));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(isc_buffer_allocate(msg->mctx, &tmprdatabuf, r.length,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_rdata_fromregion(newrdata, rdata->rdclass, rdata->type, &newr);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_message_gettempname(msg, &newname));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(isc_buffer_allocate(msg->mctx, &tmpnamebuf, r.length,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_message_gettemprdatalist(msg, &newlist));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington ISC_LIST_APPEND(newlist->rdata, newrdata, link);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_message_gettemprdataset(msg, &newset));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_rdatalist_tordataset(newlist, newset));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington ISC_LIST_APPEND(newname->list, newset, link);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_message_puttemprdatalist(msg, &newlist);
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellingtoncompute_secret(isc_buffer_t *shared, isc_region_t *randomness,
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington RETERR(dst_digest(DST_SIGMODE_INIT, DST_DIGEST_MD5, &ctx, NULL, NULL));
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington RETERR(dst_digest(DST_SIGMODE_UPDATE, DST_DIGEST_MD5, &ctx, &r, NULL));
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington RETERR(dst_digest(DST_SIGMODE_UPDATE, DST_DIGEST_MD5,
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington RETERR(dst_digest(DST_SIGMODE_FINAL, DST_DIGEST_MD5, &ctx, NULL,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellingtonprocess_dhtkey(dns_message_t *msg, dns_name_t *name,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_rdata_generic_tkey_t *tkeyout, dns_namelist_t *namelist)
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_boolean_t found_key = ISC_FALSE, found_incompatible = ISC_FALSE;
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington isc_buffer_t ourkeybuf, ournamein, ournameout, *shared = NULL;
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington unsigned char *randomdata = NULL, secretdata[TKEY_RANDOM_AMOUNT];
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington /* Look for a DH KEY record that will work with ours */
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_message_firstname(msg, DNS_SECTION_ADDITIONAL);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_message_currentname(msg, DNS_SECTION_ADDITIONAL, &keyname);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_message_findtype(keyname, dns_rdatatype_key, 0,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington if (dst_key_alg(pubkey) == DNS_KEYALG_DH) {
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_message_nextname(msg, DNS_SECTION_ADDITIONAL);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(add_rdata_to_list(msg, keyname, &keyrdata, keyset->ttl,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_buffer_init(&ourkeybuf, keydata, sizeof(keydata),
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dst_key_todns(tkey_dhkey, &ourkeybuf));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_rdata_fromregion(&ourkeyrdata, dns_rdataclass_in,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_buffer_init(&ournamein, dst_key_name(tkey_dhkey),
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington strlen(dst_key_name(tkey_dhkey)), ISC_BUFFERTYPE_TEXT);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_buffer_add(&ournamein, strlen(dst_key_name(tkey_dhkey)));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_buffer_init(&ournameout, namedata, sizeof(namedata),
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_name_fromtext(&ourname, &ournamein, dns_rootname, ISC_FALSE,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington /* Not sure how to do this without a view... */
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_dbtable_find(client->view->dbtable, &ourname, &db);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_db_find(db, &ourname, NULL, dns_rdatatype_key,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(add_rdata_to_list(msg, &ourname, &ourkeyrdata, ourttl,
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington RETERR(dst_secret_size(tkey_dhkey, &sharedsize));
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington RETERR(isc_buffer_allocate(msg->mctx, &shared, sharedsize,
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington RETERR(dst_computesecret(pubkey, tkey_dhkey, shared));
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington isc_buffer_init(&secret, secretdata, sizeof(secretdata),
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington randomdata = isc_mem_get(tkeyout->mctx, TKEY_RANDOM_AMOUNT);
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington isc_buffer_init(&randombuf, randomdata, TKEY_RANDOM_AMOUNT,
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington RETERR(dst_random_get(TKEY_RANDOM_AMOUNT, &randombuf));
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington RETERR(compute_secret(shared, &r, &secret));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_tsigkey_create(name, &tkeyin->algorithm, r.base, r.length,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington /* This key is good for a long time */
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_name_t *tname = ISC_LIST_HEAD(*namelist);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_name_t *next = ISC_LIST_NEXT(tname, link);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellingtonprocess_deletetkey(dns_message_t *msg, dns_name_t *name,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington /* Unused variables */
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_tsigkey_find(&tsigkey, name, &tkeyin->algorithm);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * Only allow a delete if the message is signed by the key to
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * be deleted or a key with the same creator.
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington if (!dns_name_equal(&msg->tsigkey->name, name)) {
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington !dst_key_compare(msg->tsigkey->creator, tsigkey->creator))
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington /* If tsigkey->creator is NULL, log a warning here... */
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * Set the key to be deleted when no references are left. If the key
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * was not generated with TKEY and is in the config file, it may be
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * reloaded later.
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington /* Release the reference */
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington /* Need to do this to determine if this should be freed later */
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington memset(&tkeyin, 0, sizeof(dns_rdata_generic_tkey_t));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington /* Interpret the question section */
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_message_firstname(msg, DNS_SECTION_QUESTION);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_message_currentname(msg, DNS_SECTION_QUESTION, &qname);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington /* Look for a TKEY record that matches the question */
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_message_findname(msg, DNS_SECTION_ADDITIONAL, qname,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_rdata_tostruct(&tkeyrdata, &tkeyin, msg->mctx));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington tkeyout.common.rdclass = tkeyin.common.rdclass;
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington tkeyout.common.rdtype = tkeyin.common.rdtype;
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_name_dup(&tkeyin.algorithm, msg->mctx, &tkeyout.algorithm));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * A delete operation must have a fully specified key name. If not,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * we do the following:
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * if qname is a subdomain of defaultdomain
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * keyname = qname.
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * else if (qname != ".")
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * keyname = qname + defaultdomain
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington * keyname = <random hex> + defaultdomain
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_message_gettempname(msg, &keyname);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(isc_buffer_allocate(msg->mctx, &buf, 256,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington if (!dns_name_equal(qname, dns_rootname)) {
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington unsigned int n = dns_name_countlabels(qname);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_name_getlabelsequence(qname, 0, n - 1, &prefix);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington static char hexdigits[16] = "0123456789ABCDEF";
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_buffer_init(&b, randomtext, sizeof(randomtext),
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dst_random_get(sizeof(randomtext)/2, &b);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington for (i = sizeof(randomtext) - 2; i >= 0; i -= 2) {
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_buffer_init(&b, randomtext, sizeof(randomtext),
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_name_fromtext(&prefix, &b, NULL,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_name_concatenate(&prefix, tkey_domain,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_tsigkey_find(&tsigkey, keyname, NULL);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington if (!dns_name_equal(&tkeyin.algorithm, DNS_TSIG_HMACMD5_NAME)) {
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(process_dhtkey(msg, keyname, &tkeyin,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(process_deletetkey(msg, keyname, &tkeyin,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_message_gettemprdata(msg, &rdata));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 128,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_rdata_fromstruct(rdata, tkeyout.common.rdclass,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(add_rdata_to_list(msg, keyname, rdata, 0, &namelist));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_name_t *next = ISC_LIST_NEXT(name, link);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_message_addname(msg, name, DNS_SECTION_ADDITIONAL);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington if (tkeyin.common.rdtype == dns_rdatatype_tkey)
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellingtonbuildquery(dns_message_t *msg, dns_name_t *name,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_rdataset_t *question = NULL, *tkeyset = NULL;
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington msg->id = 10; /* XXX should use isc_random_get */
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_message_gettempname(msg, &qname));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_message_gettempname(msg, &aname));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_message_gettemprdataset(msg, &question));
84ac4c606462387e8287cd60dc9bf86d736f9425Brian Wellington dns_rdataset_makequestion(question, dns_rdataclass_in /**/,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 512,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_message_gettemprdata(msg, &rdata));
84ac4c606462387e8287cd60dc9bf86d736f9425Brian Wellington RETERR(dns_rdata_fromstruct(rdata, dns_rdataclass_in /**/,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_message_gettemprdatalist(msg, &tkeylist));
84ac4c606462387e8287cd60dc9bf86d736f9425Brian Wellington tkeylist->rdclass = dns_rdataclass_in /**/;
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington ISC_LIST_APPEND(tkeylist->rdata, rdata, link);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_message_gettemprdataset(msg, &tkeyset));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_rdatalist_tordataset(tkeylist, tkeyset));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington ISC_LIST_APPEND(qname->list, question, link);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington ISC_LIST_APPEND(aname->list, tkeyset, link);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_message_addname(msg, qname, DNS_SECTION_QUESTION);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_message_addname(msg, aname, DNS_SECTION_ADDITIONAL);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_message_puttemprdataset(msg, &question);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellingtondns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, dns_name_t *name,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_name_t *algorithm, isc_buffer_t *nonce)
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington REQUIRE(dst_key_alg(key) == DNS_KEYALG_DH);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington nonce = nonce; /* until the new spec is done */
84ac4c606462387e8287cd60dc9bf86d736f9425Brian Wellington tkey.common.rdclass = dns_rdataclass_in /**/;
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_name_clone(algorithm, &tkey.algorithm);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_message_gettemprdata(msg, &rdata));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 1024,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_rdata_fromregion(rdata, dns_rdataclass_in,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_message_gettempname(msg, &keyname));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_buffer_init(&src, dst_key_name(key), strlen(dst_key_name(key)),
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_buffer_add(&src, strlen(dst_key_name(key)));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 1024,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_name_fromtext(keyname, &src, dns_rootname, ISC_FALSE,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(add_rdata_to_list(msg, keyname, rdata, 0, &namelist));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_message_addname(msg, ISC_LIST_HEAD(namelist),
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellingtondns_tkey_builddeletequery(dns_message_t *msg, dns_tsigkey_t *key) {
84ac4c606462387e8287cd60dc9bf86d736f9425Brian Wellington tkey.common.rdclass = dns_rdataclass_in /**/;
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_name_clone(&key->algorithm, &tkey.algorithm);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington return (buildquery(msg, &key->name, &tkey));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellingtonfind_tkey(dns_message_t *msg, dns_name_t **name, dns_rdata_t *rdata) {
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_message_firstname(msg, DNS_SECTION_ADDITIONAL);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_message_currentname(msg, DNS_SECTION_ADDITIONAL, name);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_message_findtype(*name, dns_rdatatype_tkey, 0,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_message_nextname(msg, DNS_SECTION_ADDITIONAL);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellingtondns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_name_t keyname, *tkeyname, *theirkeyname, *ourkeyname, *tempname;
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_rdataset_t *theirkeyset = NULL, *ourkeyset = NULL;
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington unsigned char keydata[1024], secretdata[16];
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington isc_buffer_t keysrc, keybuf, *shared = NULL, secret;
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington REQUIRE(dst_key_alg(key) == DNS_KEYALG_DH);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, rmsg->mctx));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(find_tkey(qmsg, &tempname, &qtkeyrdata));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, qmsg->mctx));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington rtkey.mode != DNS_TKEYMODE_DIFFIEHELLMAN ||
f879d3ee27d172ed7913bc0d6c36c610a3e48329Brian Wellington !dns_name_equal(&rtkey.algorithm, &qtkey.algorithm) ||
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_buffer_init(&keysrc, dst_key_name(key), strlen(dst_key_name(key)),
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_buffer_add(&keysrc, strlen(dst_key_name(key)));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington isc_buffer_init(&keybuf, keydata, sizeof(keydata),
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_name_fromtext(&keyname, &keysrc, dns_rootname,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_message_findname(rmsg, DNS_SECTION_ADDITIONAL, &keyname,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_message_firstname(rmsg, DNS_SECTION_ADDITIONAL);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_message_currentname(rmsg, DNS_SECTION_ADDITIONAL,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington if (dns_name_equal(theirkeyname, ourkeyname))
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_message_findtype(theirkeyname, dns_rdatatype_key,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_message_nextname(rmsg, DNS_SECTION_ADDITIONAL);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington dns_rdataset_current(theirkeyset, &theirkeyrdata);
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_dnssec_keyfromrdata(theirkeyname, &theirkeyrdata,
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington RETERR(isc_buffer_allocate(rmsg->mctx, &shared, sharedsize,
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington RETERR(dst_computesecret(theirkey, key, shared));
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington isc_buffer_init(&secret, secretdata, sizeof(secretdata),
1c1d1a5a96624c7e6382c97f8d78765e05c246a1Brian Wellington RETERR(compute_secret(shared, &r, &secret));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington result = dns_tsigkey_create(tkeyname, &rtkey.algorithm,
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellingtondns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg) {
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, rmsg->mctx));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(find_tkey(qmsg, &tempname, &qtkeyrdata));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, qmsg->mctx));
f879d3ee27d172ed7913bc0d6c36c610a3e48329Brian Wellington !dns_name_equal(&rtkey.algorithm, &qtkey.algorithm) ||
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington RETERR(dns_tsigkey_find(&tsigkey, tkeyname, &rtkey.algorithm));
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington /* Mark the key as deleted */
d864d899d729b9d84ba6c0b5511023aeab215ea1Brian Wellington /* Release the reference */