tkey.c revision 7d86ce8dfc42d4122c95bde3935bda6d08df5a84
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews * Copyright (C) 1999 Internet Software Consortium.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * Permission to use, copy, modify, and distribute this software for any
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * purpose with or without fee is hereby granted, provided that the above
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * copyright notice and this permission notice appear in all copies.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
0c310d16b05ee94743d33f6920907edee6084fc8Michael Graff * $Id: tkey.c,v 1.20 2000/01/24 20:19:51 bwelling Exp $
0c310d16b05ee94743d33f6920907edee6084fc8Michael Graff * Principal Author: Brian Wellington
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson#define RETERR(x) do { \
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsdns_tkeyctx_create(isc_mem_t *mctx, dns_tkey_ctx_t **tctx) {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews *tctx = isc_mem_get(mctx, sizeof(dns_tkey_ctx_t));
3a4ec3da9fa14511cbc3660f75817cfacb3f4d1eMark Andrews isc_mem_put((*tctx)->mctx, (*tctx)->domain, sizeof(dns_name_t));
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews isc_mem_put(mctx, *tctx, sizeof(dns_tkey_ctx_t));
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrewsadd_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata,
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson isc_buffer_t *tmprdatabuf = NULL, *tmpnamebuf = NULL;
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews RETERR(dns_message_gettemprdata(msg, &newrdata));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(isc_buffer_allocate(msg->mctx, &tmprdatabuf, r.length,
bed8e84810a80dad3d37870be927d1dfd015f480Mark Andrews dns_rdata_fromregion(newrdata, rdata->rdclass, rdata->type, &newr);
fcf8db89e6c5740822838380c3a4ffcfb7754992Mark Andrews RETERR(dns_message_gettempname(msg, &newname));
bed8e84810a80dad3d37870be927d1dfd015f480Mark Andrews RETERR(isc_buffer_allocate(msg->mctx, &tmpnamebuf, r.length,
bed8e84810a80dad3d37870be927d1dfd015f480Mark Andrews RETERR(dns_message_gettemprdatalist(msg, &newlist));
bed8e84810a80dad3d37870be927d1dfd015f480Mark Andrews ISC_LIST_APPEND(newlist->rdata, newrdata, link);
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews RETERR(dns_message_gettemprdataset(msg, &newset));
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews RETERR(dns_rdatalist_tordataset(newlist, newset));
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrewscompute_secret(isc_buffer_t *shared, isc_region_t *queryrandomness,
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews isc_region_t *serverrandomness, isc_buffer_t *secret)
bcd7fdf06ca76eb2f6eb157f56b612c503e062a7Mark Andrews unsigned int i;
bcd7fdf06ca76eb2f6eb157f56b612c503e062a7Mark Andrews isc_buffer_init(&b, digests, sizeof(digests), ISC_BUFFERTYPE_BINARY);
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews /* MD5 ( query data | DH value ) */
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews RETERR(dst_digest(DST_SIGMODE_INIT, DST_DIGEST_MD5, &ctx, NULL, NULL));
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews RETERR(dst_digest(DST_SIGMODE_UPDATE, DST_DIGEST_MD5, &ctx,
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews RETERR(dst_digest(DST_SIGMODE_UPDATE, DST_DIGEST_MD5, &ctx, &r, NULL));
bed8e84810a80dad3d37870be927d1dfd015f480Mark Andrews RETERR(dst_digest(DST_SIGMODE_FINAL, DST_DIGEST_MD5, &ctx, NULL, &b));
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews /* MD5 ( server data | DH value ) */
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews RETERR(dst_digest(DST_SIGMODE_INIT, DST_DIGEST_MD5, &ctx, NULL, NULL));
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews RETERR(dst_digest(DST_SIGMODE_UPDATE, DST_DIGEST_MD5, &ctx,
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews RETERR(dst_digest(DST_SIGMODE_UPDATE, DST_DIGEST_MD5, &ctx, &r, NULL));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(dst_digest(DST_SIGMODE_FINAL, DST_DIGEST_MD5, &ctx, NULL, &b));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews /* XOR ( DH value, MD5-1 | MD5-2) */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (r.length < sizeof(digests) || r.length < r2.length)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews for (i = 0; i < sizeof(digests); i++)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsprocess_dhtkey(dns_message_t *msg, dns_name_t *name,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_rdata_generic_tkey_t *tkeyin, dns_tkey_ctx_t *tctx,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_tsig_keyring_t *ring, dns_namelist_t *namelist)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_name_t *keyname, ourname, signer, *creator;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_boolean_t found_key = ISC_FALSE, found_incompatible = ISC_FALSE;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_t ourkeybuf, ournamein, ournameout, *shared = NULL;
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews unsigned char *randomdata = NULL, secretdata[256];
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews /* Look for a DH KEY record that will work with ours */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = dns_message_firstname(msg, DNS_SECTION_ADDITIONAL);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_message_currentname(msg, DNS_SECTION_ADDITIONAL, &keyname);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = dns_message_findtype(keyname, dns_rdatatype_key, 0,
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews result = dns_message_nextname(msg, DNS_SECTION_ADDITIONAL);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(add_rdata_to_list(msg, keyname, &keyrdata, keyset->ttl,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_init(&ourkeybuf, keydata, sizeof(keydata),
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(dst_key_todns(tctx->dhkey, &ourkeybuf));
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews dns_rdata_fromregion(&ourkeyrdata, dns_rdataclass_in,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_init(&ournamein, dst_key_name(tctx->dhkey),
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews strlen(dst_key_name(tctx->dhkey)), ISC_BUFFERTYPE_TEXT);
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews isc_buffer_add(&ournamein, strlen(dst_key_name(tctx->dhkey)));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_init(&ournameout, namedata, sizeof(namedata),
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(dns_name_fromtext(&ourname, &ournamein, dns_rootname, ISC_FALSE,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews /* Not sure how to do this without a view... */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = dns_dbtable_find(client->view->dbtable, &ourname, &db);
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews result = dns_db_find(db, &ourname, NULL, dns_rdatatype_key,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(add_rdata_to_list(msg, &ourname, &ourkeyrdata, ourttl,
f0a5bb8f86631ce638cb2b6c65bbb9bcf9b0cdc0Bob Halley RETERR(dst_secret_size(tctx->dhkey, &sharedsize));
f0a5bb8f86631ce638cb2b6c65bbb9bcf9b0cdc0Bob Halley RETERR(isc_buffer_allocate(msg->mctx, &shared, sharedsize,
f0a5bb8f86631ce638cb2b6c65bbb9bcf9b0cdc0Bob Halley RETERR(dst_computesecret(pubkey, tctx->dhkey, shared));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_init(&secret, secretdata, sizeof(secretdata),
c1e7aff941dbf40090fec49300e728ad017d4f0cMark Andrews randomdata = isc_mem_get(tkeyout->mctx, TKEY_RANDOM_AMOUNT);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_init(&randombuf, randomdata, TKEY_RANDOM_AMOUNT,
0e8cf9a887c70f96ac448b06c069d90b830215ccMark Andrews RETERR(dst_random_get(TKEY_RANDOM_AMOUNT, &randombuf));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(compute_secret(shared, &r2, &r, &secret));
f305d86668bfd4d4727c3e0f70e7e97a2fa1b772Bob Halley /* handle DNS_R_NOTVERIFIEDYET */
19d365e4448f1782611280b020987988b7ac3210Mark Andrews result = dns_tsigkey_create(name, &tkeyin->algorithm, r.base, r.length,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews /* This key is good for a long time */
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrewsprocess_deletetkey(dns_message_t *msg, dns_name_t *name,
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews /* Unused variables */
82d05588933a3c765aa8518fe455d6477d640b99Mark Andrews result = dns_tsigkey_find(&tsigkey, name, &tkeyin->algorithm, ring);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * Only allow a delete if the identity that created the key is the
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * same as the identity that signed the message.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews /* handle DNS_R_NOTVERIFIEDYET */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * Special case - there is no identity associated with the
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * TSIG key that signed the message, but it's that key
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * being deleted. This is OK.
19d365e4448f1782611280b020987988b7ac3210Mark Andrews dns_name_t *identity = dns_tsigkey_identity(tsigkey);
5fc7ba3e1ac5d72239e9971e0f469dd5796738f9Andreas Gustafsson if (identity == NULL || !dns_name_equal(identity, &signer))
f8aae502686e2448c48f56697c212a50e2a1cbaeAndreas Gustafsson * Set the key to be deleted when no references are left. If the key
f8aae502686e2448c48f56697c212a50e2a1cbaeAndreas Gustafsson * was not generated with TKEY and is in the config file, it may be
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * reloaded later.
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews /* Release the reference */
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafssondns_tkey_processquery(dns_message_t *msg, dns_tkey_ctx_t *tctx,
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson dns_rdata_generic_tkey_t tkeyin, tkeyout;
7ab0e69f61e61e81d489c95c7ebd981e74e7ef16Andreas Gustafsson dns_name_t *qname, *name, *keyname, tempkeyname;
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson /* Need to do this to determine if this should be freed later */
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson memset(&tkeyin, 0, sizeof(dns_rdata_generic_tkey_t));
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson /* Interpret the question section */
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson result = dns_message_firstname(msg, DNS_SECTION_QUESTION);
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson dns_message_currentname(msg, DNS_SECTION_QUESTION, &qname);
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson /* Look for a TKEY record that matches the question */
0c8649cea98afc061dd2938fd315df53b8fc35caAndreas Gustafsson result = dns_message_findname(msg, DNS_SECTION_ADDITIONAL, qname,
19d365e4448f1782611280b020987988b7ac3210Mark Andrews RETERR(dns_rdata_tostruct(&tkeyrdata, &tkeyin, msg->mctx));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews tkeyout.common.rdclass = tkeyin.common.rdclass;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(dns_name_dup(&tkeyin.algorithm, msg->mctx, &tkeyout.algorithm));
19d365e4448f1782611280b020987988b7ac3210Mark Andrews * A delete operation must have a fully specified key name. If this
19d365e4448f1782611280b020987988b7ac3210Mark Andrews * is not a delete, we do the following:
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * if (qname != ".")
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * keyname = qname + defaultdomain
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews * keyname = <random hex> + defaultdomain
94a3bcd132e515b4baa0884ba9dd0f361d2e17bcMark Andrews RETERR(isc_buffer_allocate(msg->mctx, &buf, 256,
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews dns_name_getlabelsequence(qname, 0, n - 1, &prefix);
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews isc_buffer_init(&b, randomtext, sizeof(randomtext),
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews result = dst_random_get(sizeof(randomtext)/2, &b);
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews for (i = sizeof(randomtext) - 2; i >= 0; i -= 2) {
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews isc_buffer_init(&b, randomtext, sizeof(randomtext),
a98551ef592e9be6008e0141ceeb32efd586c5efMark Andrews result = dns_name_concatenate(&prefix, tctx->domain,
bed8e84810a80dad3d37870be927d1dfd015f480Mark Andrews result = dns_tsigkey_find(&tsigkey, keyname, NULL, ring);
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews if (!dns_name_equal(&tkeyin.algorithm, DNS_TSIG_HMACMD5_NAME)) {
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews RETERR(process_dhtkey(msg, keyname, &tkeyin, tctx,
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews RETERR(process_deletetkey(msg, keyname, &tkeyin,
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 128,
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews result = dns_rdata_fromstruct(rdata, tkeyout.common.rdclass,
8d3e74b1683f714a484bbcf73249e8ee470e36d7Mark Andrews RETERR(add_rdata_to_list(msg, keyname, rdata, 0, &namelist));
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews dns_message_addname(msg, name, DNS_SECTION_ADDITIONAL);
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews if (tkeyin.common.rdtype == dns_rdatatype_tkey)
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrewsbuildquery(dns_message_t *msg, dns_name_t *name,
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews dns_rdataset_t *question = NULL, *tkeyset = NULL;
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews RETERR(dns_message_gettemprdataset(msg, &question));
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews dns_rdataset_makequestion(question, dns_rdataclass_in /* _any */,
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 512,
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews RETERR(dns_rdata_fromstruct(rdata, dns_rdataclass_in /* _any */,
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews RETERR(dns_message_gettemprdatalist(msg, &tkeylist));
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews tkeylist->rdclass = dns_rdataclass_in /* _any */;
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews RETERR(dns_message_gettemprdataset(msg, &tkeyset));
54c26ab21c61c6d6b1e484bb88dc3ac263845d17Mark Andrews RETERR(dns_rdatalist_tordataset(tkeylist, tkeyset));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_message_addname(msg, qname, DNS_SECTION_QUESTION);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_message_addname(msg, aname, DNS_SECTION_ADDITIONAL);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsdns_tkey_builddhquery(dns_message_t *msg, dst_key_t *key, dns_name_t *name,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews tkey.common.rdclass = dns_rdataclass_in /* _any */;
f0ff273b530afa730025e1c5ad311950f7ff4328Mark Andrews RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 1024,
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews RETERR(dns_message_gettempname(msg, &keyname));
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews isc_buffer_init(&src, dst_key_name(key), strlen(dst_key_name(key)),
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews isc_buffer_add(&src, strlen(dst_key_name(key)));
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews RETERR(isc_buffer_allocate(msg->mctx, &dynbuf, 1024,
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews RETERR(dns_name_fromtext(keyname, &src, dns_rootname, ISC_FALSE,
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews RETERR(add_rdata_to_list(msg, keyname, rdata, 0, &namelist));
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews dns_message_addname(msg, ISC_LIST_HEAD(namelist),
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrewsdns_tkey_builddeletequery(dns_message_t *msg, dns_tsigkey_t *key) {
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews tkey.common.rdclass = dns_rdataclass_in /* _any */;
7d62ddffbb4d1cc97b8d80b7ee4944554a57523eMark Andrews dns_name_clone(&key->algorithm, &tkey.algorithm);
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrewsfind_tkey(dns_message_t *msg, dns_name_t **name, dns_rdata_t *rdata) {
3d5cad69ec20157912e95cf3b79316dfb0a314f3Mark Andrews result = dns_message_firstname(msg, DNS_SECTION_ADDITIONAL);
bfb2a81b65579882a80855c279cedc45aebd62e8Mark Andrews dns_message_currentname(msg, DNS_SECTION_ADDITIONAL, name);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = dns_message_findtype(*name, dns_rdatatype_tkey, 0,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = dns_message_nextname(msg, DNS_SECTION_ADDITIONAL);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsdns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_name_t keyname, *tkeyname, *theirkeyname, *ourkeyname, *tempname;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_rdataset_t *theirkeyset = NULL, *ourkeyset = NULL;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_t keysrc, keybuf, *shared = NULL, secret;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews return(ISC_RESULTCLASS_DNSRCODE + rmsg->rcode);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, rmsg->mctx));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(find_tkey(qmsg, &tempname, &qtkeyrdata));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, qmsg->mctx));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews !dns_name_equal(&rtkey.algorithm, &qtkey.algorithm) ||
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_init(&keysrc, dst_key_name(key), strlen(dst_key_name(key)),
ffe74cc719aa0f10c38fbc1f2f3ea7db0960cb8fMark Andrews isc_buffer_add(&keysrc, strlen(dst_key_name(key)));
15330e4fa27c82ac04cc2ce234ec930e4b6b42d3Mark Andrews isc_buffer_init(&keybuf, keydata, sizeof(keydata),
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(dns_name_fromtext(&keyname, &keysrc, dns_rootname,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(dns_message_findname(rmsg, DNS_SECTION_ADDITIONAL, &keyname,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = dns_message_firstname(rmsg, DNS_SECTION_ADDITIONAL);
1c3191528684f3dd93ebb122298c2f8ebfc6d397Mark Andrews dns_message_currentname(rmsg, DNS_SECTION_ADDITIONAL,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews result = dns_message_findtype(theirkeyname, dns_rdatatype_key,
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson result = dns_message_nextname(rmsg, DNS_SECTION_ADDITIONAL);
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson dns_rdataset_current(theirkeyset, &theirkeyrdata);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(dns_dnssec_keyfromrdata(theirkeyname, &theirkeyrdata,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(isc_buffer_allocate(rmsg->mctx, &shared, sharedsize,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews RETERR(dst_computesecret(theirkey, key, shared));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_buffer_init(&secret, secretdata, sizeof(secretdata),
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson RETERR(compute_secret(shared, &r2, &r, &secret));
5a219d878f0bd786e86da2c9b92999260dda3f8dAndreas Gustafsson result = dns_tsigkey_create(tkeyname, &rtkey.algorithm,
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrewsdns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg,
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews return(ISC_RESULTCLASS_DNSRCODE + rmsg->rcode);
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata));
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, rmsg->mctx));
2192b4497348ccab94ca6f3f779cec399c72a8efMark Andrews RETERR(find_tkey(qmsg, &tempname, &qtkeyrdata));
2192b4497348ccab94ca6f3f779cec399c72a8efMark Andrews RETERR(dns_rdata_tostruct(&qtkeyrdata, &qtkey, qmsg->mctx));
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews !dns_name_equal(&rtkey.algorithm, &qtkey.algorithm) ||
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews RETERR(dns_tsigkey_find(&tsigkey, tkeyname, &rtkey.algorithm, ring));
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews /* Mark the key as deleted */
44a966dff66061ac3f266c6b451a70733eb78e82Mark Andrews /* Release the reference */