ns_verify.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* Copyright 2001-2002 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Copyright (c) 1999 by Internet Software Consortium, Inc.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#ifndef lint
static const char rcsid[] = "$Id: ns_verify.c,v 8.14 2001/05/29 05:49:40 marka Exp $";
#endif
/* Import. */
#include "port_before.h"
#include "fd_setsize.h"
#include <errno.h>
#include <netdb.h>
#include <resolv.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
#include "port_after.h"
/* Private. */
do { \
return (NS_TSIG_ERROR_FORMERR); \
} \
} while (0)
/* Public. */
u_char *
int n, type;
return (NULL);
return (NULL);
return (NULL);
if (n < 0)
return (NULL);
cp += n;
if (n < 0)
return (NULL);
cp += n;
if (n < 0)
return (NULL);
cp += n;
if (n < 0)
return (NULL);
cp += n;
if (n < 0)
return (NULL);
cp += n;
return (NULL);
return (NULL);
return (start);
}
/* ns_verify
* Parameters:
* statp res stuff
* msg received message
* msglen length of message
* key tsig key used for verifying.
* querysig (response), the signature in the query
* querysiglen (response), the length of the signature in the query
* sig (query), a buffer to hold the signature
* siglen (query), input - length of signature buffer
* output - length of signature
*
* Errors:
* - bad input (-1)
* - invalid dns message (NS_TSIG_ERROR_FORMERR)
* - TSIG is not present (NS_TSIG_ERROR_NO_TSIG)
* - key doesn't match (-ns_r_badkey)
* - TSIG verification fails with BADKEY (-ns_r_badkey)
* - TSIG verification fails with BADSIG (-ns_r_badsig)
* - TSIG verification fails with BADTIME (-ns_r_badtime)
* - TSIG verification succeeds, error set to BAKEY (ns_r_badkey)
* - TSIG verification succeeds, error set to BADSIG (ns_r_badsig)
* - TSIG verification succeeds, error set to BADTIME (ns_r_badtime)
*/
int
{
int n;
int error;
dst_init();
return (-1);
return (NS_TSIG_ERROR_NO_TSIG);
/* Read the key name. */
if (n < 0)
return (NS_TSIG_ERROR_FORMERR);
cp += n;
/* Read the type. */
return (NS_TSIG_ERROR_NO_TSIG);
/* Skip the class and TTL, save the length. */
return (NS_TSIG_ERROR_FORMERR);
/* Read the algorithm name. */
rdatastart = cp;
if (n < 0)
return (NS_TSIG_ERROR_FORMERR);
return (-ns_r_badkey);
cp += n;
/* Read the time signed and fudge. */
/* Read the signature. */
cp += sigfieldlen;
/* Read the original id and error. */
/* Parse the other data. */
otherstart = cp;
cp += otherfieldlen;
return (NS_TSIG_ERROR_FORMERR);
/* Verify that the key used is OK. */
return (-ns_r_badkey);
return (-ns_r_badkey);
}
}
/*
* Do the verification.
*/
void *ctx;
/* Digest the query signature, if this is a response. */
}
/* Digest the message. */
NULL, 0);
/* Digest the key name. */
if (n < 0)
return (-1);
if (n < 0)
return (-1);
/* Digest the class and TTL. */
/* Digest the algorithm. */
if (n < 0)
return (-1);
if (n < 0)
return (-1);
/* Digest the time signed and fudge. */
/* Digest the error and other data. */
if (n < 0)
return (-ns_r_badsig);
if (*siglen < sigfieldlen)
return (NS_TSIG_ERROR_NO_SPACE);
*siglen = sigfieldlen;
}
} else {
if (sigfieldlen > 0)
return (NS_TSIG_ERROR_FORMERR);
*siglen = 0;
}
/* Reset the counter, since we still need to check for badtime. */
/* Verify the time. */
return (-ns_r_badtime);
if (nostrip == 0) {
}
return (error);
return (0);
}
int
{
dst_init();
return (-1);
return (-ns_r_badkey);
return (-1);
return (0);
}
int
int required)
{
unsigned int sigfieldlen, otherfieldlen;
return (-1);
}
if (required)
return (NS_TSIG_ERROR_NO_TSIG);
return (0);
}
/* Read the key name. */
if (n < 0)
return (NS_TSIG_ERROR_FORMERR);
cp += n;
/* Read the type. */
return (NS_TSIG_ERROR_NO_TSIG);
/* Skip the class and TTL, save the length. */
return (NS_TSIG_ERROR_FORMERR);
/* Read the algorithm name. */
rdatastart = cp;
if (n < 0)
return (NS_TSIG_ERROR_FORMERR);
return (-ns_r_badkey);
cp += n;
/* Verify that the key used is OK. */
return (-ns_r_badkey);
/* Read the time signed and fudge. */
/* Read the signature. */
cp += sigfieldlen;
/* Read the original id and error. */
/* Parse the other data. */
cp += otherfieldlen;
return (NS_TSIG_ERROR_FORMERR);
/*
* Do the verification.
*/
/* Digest the time signed and fudge. */
if (n < 0)
return (-ns_r_badsig);
return (NS_TSIG_ERROR_NO_SPACE);
/* Verify the time. */
return (-ns_r_badtime);
return (error);
return (0);
}