tsig.c revision 65f9103cc5980fe49268739205a089774d130926
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer * Copyright (C) 1999 Internet Software Consortium.
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer * Permission to use, copy, modify, and distribute this software for any
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer * purpose with or without fee is hereby granted, provided that the above
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer * copyright notice and this permission notice appear in all copies.
15a44745412679c30a6d022733925af70a38b715David Lawrence * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
15a44745412679c30a6d022733925af70a38b715David Lawrence * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
15a44745412679c30a6d022733925af70a38b715David Lawrence * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
15a44745412679c30a6d022733925af70a38b715David Lawrence * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
15a44745412679c30a6d022733925af70a38b715David Lawrence * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
15a44745412679c30a6d022733925af70a38b715David Lawrence * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
15a44745412679c30a6d022733925af70a38b715David Lawrence * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
47058d17266420179fa294de6b82d8fb5b918df4Michael Sawyer * $Id: tsig.c,v 1.32 1999/11/05 20:19:24 halley Exp $
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer * Principal Author: Brian Wellington
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer#define VALID_TSIG_KEY(x) ((x) != NULL && (x)->magic == TSIG_MAGIC)
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer/* XXXBEW If an unsorted list isn't good enough, this can be updated */
38cf6e52ce4b33795713388824b69d78e430b115Michael Sawyer#define is_response(msg) (msg->flags & DNS_MESSAGEFLAG_QR)
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyerdns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
6c6a62933dda281cb9193de1d54d4c9e74515f5aMichael Sawyer unsigned char *secret, int length, isc_boolean_t generated,
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer dns_name_t *creator, isc_mem_t *mctx, dns_tsigkey_t **key)
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer if (!dns_name_equal(algorithm, DNS_TSIG_HMACMD5_NAME))
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer tkey = (dns_tsigkey_t *) isc_mem_get(mctx, sizeof(dns_tsigkey_t));
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer dns_name_downcase(&tkey->name, &tkey->name, NULL);
a5ed46c9fd270775c39770bfd0250a52d374ebf2Michael Sawyer ret = dns_name_dup(algorithm, mctx, &tkey->algorithm);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer dns_name_downcase(&tkey->algorithm, &tkey->algorithm, NULL);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer tkey->creator = isc_mem_get(mctx, sizeof(dns_name_t));
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dns_name_dup(algorithm, mctx, tkey->creator);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_mem_put(mctx, tkey->creator, sizeof(dns_name_t));
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_buffer_init(&nameb, namestr, sizeof(namestr) - 1,
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dns_name_totext(name, ISC_FALSE, &nameb);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_buffer_init(&b, secret, length, ISC_BUFFERTYPE_BINARY);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_rwlock_lock(&tsiglock, isc_rwlocktype_write);
cd720113a2fc8a781d4e33350b8a2b62857b31d8David Lawrence if (dns_name_equal(&tkey->name, &tmp->name)) {
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_rwlock_unlock(&tsiglock, isc_rwlocktype_write);
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer "isc_mutex_init() failed: %s",
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_mem_put(mctx, *key, sizeof(dns_tsigkey_t));
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer isc_rwlock_lock(&tsiglock, isc_rwlocktype_write);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_rwlock_unlock(&tsiglock, isc_rwlocktype_write);
37e6e0ca1337351642798b1a6aa24ae40bf86399Andreas Gustafsson dns_name_free(&tkey->algorithm, tkey->mctx);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_mem_put(tkey->mctx, tkey->creator, sizeof(dns_name_t));
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_mem_put(tkey->mctx, tkey, sizeof(dns_tsigkey_t));
a5ed46c9fd270775c39770bfd0250a52d374ebf2Michael Sawyer /* If this is a response, there should be a query tsig */
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer if (is_response(msg) && msg->querytsig == NULL)
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_mem_get(mctx, sizeof(dns_rdata_any_tsig_t));
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dns_name_dup(&key->algorithm, mctx, &tsig->algorithm);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_buffer_init(&databuf, data, sizeof(data), ISC_BUFFERTYPE_BINARY);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dst_sign(DST_SIGMODE_INIT, key->key, &ctx, NULL, NULL);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_buffer_putuint16(&databuf, msg->querytsig->siglen);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_buffer_add(&databuf, msg->querytsig->siglen);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r,
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer tsig->other = (unsigned char *) isc_mem_get(mctx, 6);
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer isc_buffer_init(&otherbuf, tsig->other, tsig->otherlen = 6,
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer 0xFFFFFFFF));
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer if (!dns_tsigkey_empty(key) && tsig->error != dns_tsigerror_badsig) {
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer /* Digest the header */
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer isc_buffer_init(&headerbuf, header, sizeof header,
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
37e6e0ca1337351642798b1a6aa24ae40bf86399Andreas Gustafsson /* Digest the remainder of the message */
38cf6e52ce4b33795713388824b69d78e430b115Michael Sawyer isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer /* Digest the name, class, ttl, alg */
37e6e0ca1337351642798b1a6aa24ae40bf86399Andreas Gustafsson ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r,
37e6e0ca1337351642798b1a6aa24ae40bf86399Andreas Gustafsson isc_buffer_putuint16(&databuf, dns_rdataclass_any);
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r,
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r,
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer /* Digest the timesigned and fudge */
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer 0xFFFFFFFF));
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer isc_uint64_t querysigned = msg->querytsig->timesigned;
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer 0xFFFFFFFF));
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r, NULL);
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer /* Digest the error and other data length */
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer isc_buffer_putuint16(&databuf, tsig->otherlen);
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer ret = dst_sign(DST_SIGMODE_UPDATE, key->key, &ctx, &r,
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer /* Digest the error and other data */
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer isc_buffer_init(&sigbuf, tsig->signature, tsig->siglen,
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer ret = dst_sign(DST_SIGMODE_FINAL, key->key, &ctx, NULL,
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer ret = isc_buffer_allocate(msg->mctx, &dynbuf, 512,
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer ret = dns_rdata_fromstruct(rdata, dns_rdataclass_any,
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer ret = isc_buffer_allocate(mctx, &dynbuf, r.length,
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dns_message_gettemprdatalist(msg, &datalist);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ISC_LIST_APPEND(datalist->rdata, rdata, link);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dns_message_gettemprdataset(msg, &dataset);
37e6e0ca1337351642798b1a6aa24ae40bf86399Andreas Gustafsson ISC_LIST_APPEND(owner->list, dataset, link);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer dns_message_addname(msg, owner, DNS_SECTION_TSIG);
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer isc_mem_put(mctx, tsig->signature, tsig->siglen);
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer isc_mem_put(mctx, tsig->other, tsig->otherlen);
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer isc_mem_put(mctx, tsig, sizeof(dns_rdata_any_tsig_t));
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyerdns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
37e6e0ca1337351642798b1a6aa24ae40bf86399Andreas Gustafsson isc_region_t r, source_r, header_r, sig_r;
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer /* There should be a TSIG record... */
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer if (ISC_LIST_EMPTY(msg->sections[DNS_SECTION_TSIG]))
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer * If this is a response and there's no key or query TSIG, there
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer * shouldn't be one on the response.
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer (msg->tsigkey == NULL || msg->querytsig == NULL))
37e6e0ca1337351642798b1a6aa24ae40bf86399Andreas Gustafsson * If we're here, we know the message is well formed and contains a
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer * TSIG record.
37e6e0ca1337351642798b1a6aa24ae40bf86399Andreas Gustafsson ret = dns_message_firstname(msg, DNS_SECTION_TSIG);
37e6e0ca1337351642798b1a6aa24ae40bf86399Andreas Gustafsson dns_message_currentname(msg, DNS_SECTION_TSIG, &keyname);
aa6054ec74819f754bcf19442ca9b39d948171adMichael Sawyer isc_mem_get(mctx, sizeof(dns_rdata_any_tsig_t));
aa6054ec74819f754bcf19442ca9b39d948171adMichael Sawyer ret = dns_rdata_tostruct(&rdata, tsig, mctx);
aa6054ec74819f754bcf19442ca9b39d948171adMichael Sawyer /* Do the key name and algorithm match that of the query? */
aa6054ec74819f754bcf19442ca9b39d948171adMichael Sawyer (!dns_name_equal(keyname, &msg->tsigkey->name) ||
aa6054ec74819f754bcf19442ca9b39d948171adMichael Sawyer !dns_name_equal(&tsig->algorithm, &msg->querytsig->algorithm)))
aa6054ec74819f754bcf19442ca9b39d948171adMichael Sawyer /* Find dns_tsigkey_t based on keyname */
5564b21be5cf3e7b8f751af268f2c1522c1744e3David Lawrence ret = dns_tsigkey_find(&tsigkey, keyname, &tsig->algorithm);
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer ret = dns_tsigkey_create(keyname, &tsig->algorithm,
aa6054ec74819f754bcf19442ca9b39d948171adMichael Sawyer /* Is the time ok? */
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer if (abs(now - tsig->timesigned) > tsig->fudge) {
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dst_verify(DST_SIGMODE_INIT, key, &ctx, NULL, &sig_r);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_buffer_init(&databuf, data, sizeof(data),
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_buffer_putuint16(&databuf, msg->querytsig->siglen);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r,
d821f1cd7e97552401296e880e7518c98c9ebea1Michael Sawyer /* Extract the header */
d821f1cd7e97552401296e880e7518c98c9ebea1Michael Sawyer memcpy(header, r.base, DNS_MESSAGE_HEADERLEN);
f8fec75ee8f429821137aee090f56ab678404a56Michael Sawyer isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
48674819ebf9176b5d5582ae851e485c324c1159Michael Sawyer /* Decrement the additional field counter */
48674819ebf9176b5d5582ae851e485c324c1159Michael Sawyer memcpy(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2);
48674819ebf9176b5d5582ae851e485c324c1159Michael Sawyer memcpy(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2);
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer /* Put in the original id */
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer /* Digest the modified header */
aa6054ec74819f754bcf19442ca9b39d948171adMichael Sawyer ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &header_r,
aa6054ec74819f754bcf19442ca9b39d948171adMichael Sawyer /* Digest all non-TSIG records. */
aa6054ec74819f754bcf19442ca9b39d948171adMichael Sawyer r.base = source_r.base + DNS_MESSAGE_HEADERLEN;
aa6054ec74819f754bcf19442ca9b39d948171adMichael Sawyer r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN;
aa6054ec74819f754bcf19442ca9b39d948171adMichael Sawyer ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer /* Digest the key name */
aa6054ec74819f754bcf19442ca9b39d948171adMichael Sawyer ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_buffer_init(&databuf, data, sizeof(data),
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_buffer_putuint16(&databuf, tsig->common.rdclass);
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer isc_buffer_putuint32(&databuf, dataset->ttl);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer /* Digest the key algorithm */
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer isc_buffer_putuint16(&databuf, (isc_uint16_t)(tsig->timesigned
48674819ebf9176b5d5582ae851e485c324c1159Michael Sawyer isc_buffer_putuint32(&databuf, (isc_uint32_t)(tsig->timesigned
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer & 0xFFFFFFFF));
cd720113a2fc8a781d4e33350b8a2b62857b31d8David Lawrence isc_buffer_putuint16(&databuf, tsig->otherlen);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, &sig_r);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dst_verify(DST_SIGMODE_UPDATE, key, &ctx, &r,
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dst_verify(DST_SIGMODE_FINAL, key, &ctx, NULL, &sig_r);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer else if (tsig->error != dns_tsigerror_badsig &&
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer /* XXXBEW Log a message */
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_mem_put(mctx, tsig, sizeof(dns_rdata_any_tsig_t));
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyerdns_tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dns_message_firstname(msg, DNS_SECTION_TSIG);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer dns_message_currentname(msg, DNS_SECTION_TSIG, &keyname);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_mem_get(mctx, sizeof(dns_rdata_any_tsig_t));
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dns_rdata_tostruct(&rdata, tsig, mctx);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer /* Do the key name and algorithm match that of the query? */
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer if (!dns_name_equal(keyname, &msg->tsigkey->name) ||
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer /* Is the time ok? */
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer if (abs(now - tsig->timesigned) > tsig->fudge) {
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dst_verify(DST_SIGMODE_INIT, key, &msg->tsigctx,
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_buffer_init(&databuf, data, sizeof(data),
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_buffer_putuint16(&databuf, msg->querytsig->siglen);
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dst_verify(DST_SIGMODE_UPDATE, key, &msg->tsigctx,
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer /* Extract the header */
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer memcpy(header, r.base, DNS_MESSAGE_HEADERLEN);
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer /* Decrement the additional field counter if necessary */
f8fec75ee8f429821137aee090f56ab678404a56Michael Sawyer memcpy(&addcount, &header[DNS_MESSAGE_HEADERLEN - 2], 2);
88301f84d1391e96ec87a9a308aa18f45553a56bAndreas Gustafsson memcpy(&header[DNS_MESSAGE_HEADERLEN - 2], &addcount, 2);
88301f84d1391e96ec87a9a308aa18f45553a56bAndreas Gustafsson /* Put in the original id */
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer /* Digest the modified header */
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dst_verify(DST_SIGMODE_UPDATE, key, &msg->tsigctx, &header_r,
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer /* Digest all non-TSIG records. */
844eaa56d6d647b38b2a5cf08f7ea5ab7b752690Michael Sawyer r.base = source_r.base + DNS_MESSAGE_HEADERLEN;
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN;
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer r.length = source_r.length - DNS_MESSAGE_HEADERLEN;
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer ret = dst_verify(DST_SIGMODE_UPDATE, key, &msg->tsigctx, &r, NULL);
9fe3676b8490319aa65182f2072cbf5086097979Michael Sawyer /* Digest the time signed and fudge */
9fe3676b8490319aa65182f2072cbf5086097979Michael Sawyer isc_buffer_init(&databuf, data, sizeof(data),
37e6e0ca1337351642798b1a6aa24ae40bf86399Andreas Gustafsson isc_buffer_putuint16(&databuf, (isc_uint16_t)(tsig->timesigned
6fe03d6c83ec02d4494edc870f5e892d419b6885Michael Sawyer isc_buffer_putuint32(&databuf, (isc_uint32_t)(tsig->timesigned
cefd68008fbba3488a077052ae62aa12b6de502bMichael Sawyer & 0xFFFFFFFF));
37e6e0ca1337351642798b1a6aa24ae40bf86399Andreas Gustafsson ret = dst_verify(DST_SIGMODE_UPDATE, key, &msg->tsigctx, &r,
1893b56ef9f5f2bc2a0fbe80d3c6b69df1bdc7c2Michael Sawyer ret = dst_verify(DST_SIGMODE_FINAL, key, &msg->tsigctx, NULL,
return (ISC_R_SUCCESS);
return (ret);
return (ISC_R_SUCCESS);
return (ISC_R_NOTFOUND);
static isc_result_t
int secretlen = 0;
goto failure;
goto failure;
goto failure;
goto failure;
goto failure;
goto failure;
goto failure;
goto failure;
return (ISC_R_SUCCESS);
return (ret);
return (DNS_R_UNEXPECTED);
return (ret);
return (ISC_R_NOMEMORY);
goto failure;
goto failure;
return (ISC_R_SUCCESS);
return (ret);
dns_tsig_destroy() {