tkey.c revision d62314ba318df0f5fe769e1fd97790472a69b25f
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
/*
* $Id: tkey.c,v 1.28 2000/04/19 18:50:00 halley Exp $
* Principal Author: Brian Wellington
*/
#include <config.h>
#include <stdlib.h>
#include <string.h>
#include <isc/assertions.h>
#include <dns/keyvalues.h>
#include <dns/rdatalist.h>
#include <dns/rdataset.h>
#include <dns/rdatastruct.h>
#define TKEY_RANDOM_AMOUNT 16
#define RETERR(x) do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
return (ISC_R_NOMEMORY);
return (ISC_R_SUCCESS);
}
void
}
}
static isc_result_t
{
isc_region_t r, newr;
dns_rdata_toregion(rdata, &r);
dns_name_toregion(name, &r);
return (ISC_R_SUCCESS);
}
return (result);
}
static isc_result_t
{
isc_region_t r, r2;
char digests[32];
isc_buffer_t b;
unsigned int i;
isc_buffer_used(shared, &r);
/* MD5 ( query data | DH value ) */
queryrandomness, NULL));
/* MD5 ( server data | DH value ) */
serverrandomness, NULL));
/* XOR ( DH value, MD5-1 | MD5-2) */
isc_buffer_available(secret, &r);
return (ISC_R_NOSPACE);
for (i = 0; i < sizeof(digests); i++)
}
else {
}
return result;
}
static isc_result_t
{
unsigned char keydata[DST_KEY_MAXSIZE];
unsigned char namedata[1024];
unsigned int sharedsize;
/* Look for a DH KEY record that will work with ours */
while (result == ISC_R_SUCCESS) {
&keyset);
if (result == ISC_R_SUCCESS) {
while (result == ISC_R_SUCCESS) {
&keyrdata,
&pubkey);
if (result != ISC_R_SUCCESS) {
continue;
}
{
goto got_key;
}
else
}
}
}
}
if (!found_key) {
if (found_incompatible) {
return (ISC_R_SUCCESS);
}
return (DNS_R_FORMERR);
}
namelist));
&ournameout));
ourttl = 0;
#if 0
/* Not sure how to do this without a view... */
if (result == ISC_R_SUCCESS) {
DNS_DBFIND_NOWILD, 0, NULL,
if (result == ISC_R_SUCCESS) {
}
}
#endif
namelist));
if (randomdata == NULL) {
goto failure;
}
isc_buffer_used(&randombuf, &r);
isc_buffer_used(&secret, &r);
if (result == ISC_R_NOTFOUND) {
return (ISC_R_SUCCESS);
}
if (result != ISC_R_SUCCESS)
goto failure;
/* This key is good for a long time */
return (ISC_R_SUCCESS);
if (!ISC_LIST_EMPTY(*namelist)) {
}
}
return (result);
}
static isc_result_t
{
/* Unused variables */
if (result != ISC_R_SUCCESS)
/*
* Only allow a delete if the identity that created the key is the
* same as the identity that signed the message.
*/
return (DNS_R_REFUSED);
/*
* Set the key to be deleted when no references are left. If the key
* was not generated with TKEY and is in the config file, it may be
* reloaded later.
*/
/* Release the reference */
return (ISC_R_SUCCESS);
}
{
/* Need to do this to determine if this should be freed later */
/* Interpret the question section */
/* Look for a TKEY record that matches the question */
if (result != ISC_R_SUCCESS) {
goto failure;
}
if (result != ISC_R_SUCCESS) {
goto failure;
}
goto failure;
}
/*
* Before we go any farther, verify that the message was signed.
* GSSAPI TKEY doesn't require a signature, the rest do.
*/
if (result != ISC_R_SUCCESS &&
{
goto failure;
}
/*
* A delete operation must have a fully specified key name. If this
* is not a delete, we do the following:
* if (qname != ".")
* keyname = qname + defaultdomain
* else
* keyname = <random hex> + defaultdomain
*/
unsigned char tdata[64];
keyname = &tempkeyname;
unsigned int n = dns_name_countlabels(qname);
}
else {
static char hexdigits[16] = {
'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
unsigned char randomtext[32];
isc_buffer_t b, b2;
int i;
if (result != ISC_R_SUCCESS) {
goto failure;
}
}
isc_buffer_add(&b, sizeof(randomtext));
if (result != ISC_R_SUCCESS) {
goto failure;
}
}
if (result != ISC_R_SUCCESS)
goto failure;
if (result == ISC_R_SUCCESS) {
goto failure_with_tkey;
}
else if (result != ISC_R_NOTFOUND)
goto failure;
}
else
goto failure_with_tkey;
}
break;
case DNS_TKEYMODE_DELETE:
break;
case DNS_TKEYMODE_GSSAPI:
goto failure;
default:
}
if (result != ISC_R_SUCCESS)
goto failure;
}
return (ISC_R_SUCCESS);
return (result);
}
static isc_result_t
{
return (ISC_R_SUCCESS);
}
return (result);
}
{
isc_region_t r;
isc_buffer_region(nonce, &r);
else {
r.length = 0;
}
isc_buffer_used(dynbuf, &r);
dns_rdatatype_key, &r);
dynbuf));
return (ISC_R_SUCCESS);
return (result);
}
}
static isc_result_t
int section)
{
while (result == ISC_R_SUCCESS) {
&tkeyset);
if (result == ISC_R_SUCCESS) {
if (result != ISC_R_SUCCESS)
return (result);
return (ISC_R_SUCCESS);
}
}
if (result == ISC_R_NOMORE)
return (ISC_R_NOTFOUND);
return (result);
}
{
unsigned int sharedsize;
isc_region_t r, r2;
{
goto failure;
}
ourkeyname = NULL;
dns_rdatatype_key, 0, &ourkeyname,
&ourkeyset));
while (result == ISC_R_SUCCESS) {
theirkeyname = NULL;
&theirkeyname);
goto next;
theirkeyset = NULL;
0, &theirkeyset);
if (result == ISC_R_SUCCESS) {
break;
}
next:
}
if (theirkeyset == NULL) {
goto failure;
}
else {
}
isc_buffer_used(&secret, &r);
return (result);
return (result);
}
{
{
goto failure;
}
/* Mark the key as deleted */
/* Release the reference */
return (result);
}