tsig.c revision 4755b174df8221dff7e872f21d42b3572a74bf2f
499b34cea04a46823d003d4c0520c8b03e8513cbBrian Wellington * Copyright (C) 1999-2001 Internet Software Consortium.
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * Permission to use, copy, modify, and distribute this software for any
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * purpose with or without fee is hereby granted, provided that the above
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews * copyright notice and this permission notice appear in all copies.
15a44745412679c30a6d022733925af70a38b715David Lawrence * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
15a44745412679c30a6d022733925af70a38b715David Lawrence * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
15a44745412679c30a6d022733925af70a38b715David Lawrence * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
15a44745412679c30a6d022733925af70a38b715David Lawrence * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
15a44745412679c30a6d022733925af70a38b715David Lawrence * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
15a44745412679c30a6d022733925af70a38b715David Lawrence * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
15a44745412679c30a6d022733925af70a38b715David Lawrence * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
15a44745412679c30a6d022733925af70a38b715David Lawrence * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
96805adfc95a9e0c5b800869dd4afe55b5616f12James Brister * $Id: tsig.c,v 1.103 2001/01/11 21:07:21 gson Exp $
96805adfc95a9e0c5b800869dd4afe55b5616f12James Brister * Principal Author: Brian Wellington
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews#include <isc/string.h> /* Required for HP/UX (and others?) */
add4043305ca411202ed9cf1929a4179016515ceBrian Wellington#define VALID_TSIG_KEY(x) ISC_MAGIC_VALID(x, TSIG_MAGIC)
6e49e91bd08778d7eae45a2229dcf41ed97cc636David Lawrence#define is_response(msg) (msg->flags & DNS_MESSAGEFLAG_QR)
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsstatic unsigned char hmacmd5_ndata[] = "\010hmac-md5\007sig-alg\003reg\003int";
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsstatic unsigned char hmacmd5_offsets[] = { 0, 9, 17, 21, 25 };
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsstatic unsigned char gsstsig_ndata[] = "\010gss-tsig";
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsstatic unsigned char gsstsig_offsets[] = { 0, 9 };
62c1de9d9485003ea5af13061f1d30f081442ee9Michael Graff DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews/* It's nice of Microsoft to conform to their own standard. */
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsstatic unsigned char gsstsigms_ndata[] = "\003gss\011microsoft\003com";
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsstatic unsigned char gsstsigms_offsets[] = { 0, 4, 14, 18 };
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewsdns_name_t *dns_tsig_gssapims_name = &gsstsigms;
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewstsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrewstsig_log(dns_tsigkey_t *key, int level, const char *fmt, ...) {
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (isc_log_wouldlog(dns_lctx, level) == ISC_FALSE)
b589e90689c6e87bf9608424ca8d99571c18bc61Mark Andrews dns_name_format(&key->name, namestr, sizeof(namestr));
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_TSIG,
deaaf94332abbfdb3aff53675546acfed16e5eb6Mark Andrewsdns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm,
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence dns_tsig_keyring_t *ring, dns_tsigkey_t **key)
b589e90689c6e87bf9608424ca8d99571c18bc61Mark Andrews tkey = (dns_tsigkey_t *) isc_mem_get(mctx, sizeof(dns_tsigkey_t));
41aad56b6cc458cbf7b8483576d990a77ae9bac2Andreas Gustafsson ret = dns_name_dup(name, mctx, &tkey->name);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews dns_name_downcase(&tkey->name, &tkey->name, NULL);
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews if (dns_name_equal(algorithm, DNS_TSIG_HMACMD5_NAME))
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews else if (dns_name_equal(algorithm, DNS_TSIG_GSSAPI_NAME))
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews else if (dns_name_equal(algorithm, DNS_TSIG_GSSAPIMS_NAME))
5d51e67c3b4f35c1be742574aacc1d88fe6ed444Mark Andrews tkey->algorithm = isc_mem_get(mctx, sizeof(dns_name_t));
373ce67419680a398ba3dc51a14a486caaf0afb0Mark Andrews ret = dns_name_dup(algorithm, mctx, tkey->algorithm);
373ce67419680a398ba3dc51a14a486caaf0afb0Mark Andrews dns_name_downcase(tkey->algorithm, tkey->algorithm, NULL);
63cef8bde8b92aeb30ccdcf21d4e44c9be9cc6e3Andreas Gustafsson tkey->creator = isc_mem_get(mctx, sizeof(dns_name_t));
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff ret = dns_name_dup(creator, mctx, tkey->creator);
9281e7aa775026dc47c01745fdcc438645146877Mark Andrews isc_mem_put(mctx, tkey->creator, sizeof(dns_name_t));
9281e7aa775026dc47c01745fdcc438645146877Mark Andrews "isc_mutex_init() failed: %s",
3ddd814a97de1d152ba0913c592d6e6dc83d38a6Michael Graff if (dstkey != NULL && dst_key_size(dstkey) < 64) {
cdc50af0bff41accc02c613b9c6d8cd41b171ffeBrian Wellington isc_log_write(dns_lctx, DNS_LOGCATEGORY_DNSSEC,
f1b0e9107d5fc7669920b76b4e32f93e9d16c85cBob Halley "the TSIG key for '%s' is too short to "
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence isc_mem_put(mctx, tkey->algorithm, sizeof(dns_name_t));
e27a69f8bd9538e08f775265167ba6cc5f47c587Bob Halleydns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
e27a69f8bd9538e08f775265167ba6cc5f47c587Bob Halley unsigned char *secret, int length, isc_boolean_t generated,
if (length > 0)
return (DNS_R_BADALG);
if (length > 0) {
isc_buffer_t b;
return (result);
return (result);
if (should_free)
isc_region_t r;
unsigned int sigsize = 0;
return (DNS_R_EXPECTEDTSIG);
return (ret);
goto cleanup_context;
NULL);
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_signature;
goto cleanup_signature;
goto cleanup_signature;
goto cleanup_dynbuf;
goto cleanup_dynbuf;
goto cleanup_owner;
goto cleanup_owner;
goto cleanup_owner;
return (ISC_R_SUCCESS);
return (ret);
return (DNS_R_EXPECTEDTSIG);
return (DNS_R_UNEXPECTEDTSIG);
return (ret);
return (ret);
return (ret);
return (ret);
return (DNS_R_TSIGVERIFYFAILURE);
return (ret);
return (DNS_R_TSIGVERIFYFAILURE);
return (DNS_R_TSIGVERIFYFAILURE);
return (ret);
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
return (DNS_R_TSIGVERIFYFAILURE);
return (DNS_R_TSIGERRORSET);
return (ISC_R_SUCCESS);
return (ret);
static isc_result_t
return (ret);
return (ret);
goto cleanup_querystruct;
goto cleanup_querystruct;
goto cleanup_querystruct;
goto cleanup_querystruct;
goto cleanup_querystruct;
goto cleanup_context;
goto cleanup_context;
if (has_tsig) {
if (has_tsig) {
goto cleanup_context;
if (has_tsig)
goto cleanup_context;
if (has_tsig) {
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
goto cleanup_context;
return (ISC_R_SUCCESS);
return (ret);
return (ISC_R_NOTFOUND);
return (ISC_R_NOTFOUND);
return (ISC_R_NOTFOUND);
return (ISC_R_SUCCESS);
return (ISC_R_NOMEMORY);
return (ISC_R_UNEXPECTED);
return (result);
return (ISC_R_SUCCESS);