mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 06:55:30 +00:00
Code Issues Releases Wiki Activity

tkey cleanups and conversion to the entropy api

Browse Source
This commit is contained in:
Brian Wellington
2000-06-09 22:33:08 +00:00
parent 09a1a618cd
commit 14c5931d3d
7 changed files with 64 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
bin/named/include/named/tkeyconf.h
View File

@@ -26,8 +26,8 @@
ISC_LANG_BEGINDECLS ISC_LANG_BEGINDECLS
isc_result_t isc_result_t
dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
dns_tkey_ctx_t **tctxp); dns_tkeyctx_t **tctxp);
/* /*
* Create a TKEY context and configure it, including the default DH key * Create a TKEY context and configure it, including the default DH key
* and default domain, according to 'cfg'. * and default domain, according to 'cfg'.
@@ -35,6 +35,7 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
* Requires: * Requires:
* 'cfg' is a valid configuration context. * 'cfg' is a valid configuration context.
* 'mctx' is not NULL * 'mctx' is not NULL
* 'ectx' is not NULL
* 'tctx' is not NULL * 'tctx' is not NULL
* '*tctx' is NULL * '*tctx' is NULL
* *

8
bin/named/tkeyconf.c
View File

@@ -34,18 +34,18 @@
isc_result_t isc_result_t
dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
dns_tkey_ctx_t **tctxp) dns_tkeyctx_t **tctxp)
{ {
isc_result_t result; isc_result_t result;
dns_tkey_ctx_t *tctx = NULL; dns_tkeyctx_t *tctx = NULL;
char *s; char *s;
isc_uint32_t n; isc_uint32_t n;
isc_buffer_t b, namebuf; isc_buffer_t b, namebuf;
unsigned char data[1024]; unsigned char data[1024];
dns_name_t domain, keyname; dns_name_t domain, keyname;
result = dns_tkeyctx_create(mctx, &tctx); result = dns_tkeyctx_create(mctx, ectx, &tctx);
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
return (result); return (result);

10
lib/dns/include/dns/tkey.h
View File

@@ -19,6 +19,7 @@
#define DNS_TKEY_H 1 #define DNS_TKEY_H 1
#include <isc/lang.h> #include <isc/lang.h>
#include <isc/types.h>
#include <dns/types.h> #include <dns/types.h>
@@ -33,14 +34,15 @@ ISC_LANG_BEGINDECLS
#define DNS_TKEYMODE_RESOLVERASSIGNED 4 #define DNS_TKEYMODE_RESOLVERASSIGNED 4
#define DNS_TKEYMODE_DELETE 5 #define DNS_TKEYMODE_DELETE 5
struct dns_tkey_ctx { struct dns_tkeyctx {
dst_key_t *dhkey; dst_key_t *dhkey;
dns_name_t *domain; dns_name_t *domain;
isc_mem_t *mctx; isc_mem_t *mctx;
isc_entropy_t *ectx;
}; };
isc_result_t isc_result_t
dns_tkeyctx_create(isc_mem_t *mctx, dns_tkey_ctx_t **tctx); dns_tkeyctx_create(isc_mem_t *mctx, isc_entropy_t *ectx, dns_tkeyctx_t **tctxp);
/* /*
* Create an empty TKEY context. * Create an empty TKEY context.
* *
@@ -56,7 +58,7 @@ dns_tkeyctx_create(isc_mem_t *mctx, dns_tkey_ctx_t **tctx);
*/ */
void void
dns_tkeyctx_destroy(dns_tkey_ctx_t **tctx); dns_tkeyctx_destroy(dns_tkeyctx_t **tctxp);
/* /*
* Frees all data associated with the TKEY context * Frees all data associated with the TKEY context
* *
@@ -66,7 +68,7 @@ dns_tkeyctx_destroy(dns_tkey_ctx_t **tctx);
*/ */
isc_result_t isc_result_t
dns_tkey_processquery(dns_message_t *msg, dns_tkey_ctx_t *tctx, dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
dns_tsig_keyring_t *ring); dns_tsig_keyring_t *ring);
/* /*
* Processes a query containing a TKEY record, adding or deleting TSIG * Processes a query containing a TKEY record, adding or deleting TSIG

5
lib/dns/include/dns/tkeyconf.h
View File

@@ -26,8 +26,8 @@
ISC_LANG_BEGINDECLS ISC_LANG_BEGINDECLS
isc_result_t isc_result_t
dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
dns_tkey_ctx_t **tctxp); dns_tkeyctx_t **tctxp);
/* /*
* Create a TKEY context and configure it, including the default DH key * Create a TKEY context and configure it, including the default DH key
* and default domain, according to 'cfg'. * and default domain, according to 'cfg'.
@@ -35,6 +35,7 @@ dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
* Requires: * Requires:
* 'cfg' is a valid configuration context. * 'cfg' is a valid configuration context.
* 'mctx' is not NULL * 'mctx' is not NULL
* 'ectx' is not NULL
* 'tctx' is not NULL * 'tctx' is not NULL
* '*tctx' is NULL * '*tctx' is NULL
* *

2
lib/dns/include/dns/types.h
View File

@@ -88,7 +88,7 @@ typedef isc_uint8_t dns_secproto_t;
typedef struct dns_signature dns_signature_t; typedef struct dns_signature dns_signature_t;
typedef struct dns_ssurule dns_ssurule_t; typedef struct dns_ssurule dns_ssurule_t;
typedef struct dns_ssutable dns_ssutable_t; typedef struct dns_ssutable dns_ssutable_t;
typedef struct dns_tkey_ctx dns_tkey_ctx_t; typedef struct dns_tkeyctx dns_tkeyctx_t;
typedef isc_uint16_t dns_trust_t; typedef isc_uint16_t dns_trust_t;
typedef struct dns_tsig_keyring dns_tsig_keyring_t; typedef struct dns_tsig_keyring dns_tsig_keyring_t;
typedef struct dns_tsigkey dns_tsigkey_t; typedef struct dns_tsigkey dns_tsigkey_t;

72
lib/dns/tkey.c
View File

@@ -16,13 +16,14 @@
*/ */
/* /*
* $Id: tkey.c,v 1.44 2000/06/08 06:16:09 marka Exp $ * $Id: tkey.c,v 1.45 2000/06/09 22:33:03 bwelling Exp $
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
*/ */
#include <config.h> #include <config.h>
#include <isc/buffer.h> #include <isc/buffer.h>
#include <isc/entropy.h>
#include <isc/md5.h> #include <isc/md5.h>
#include <isc/mem.h> #include <isc/mem.h>
#include <isc/string.h> #include <isc/string.h>
@@ -50,38 +51,48 @@
isc_result_t isc_result_t
dns_tkeyctx_create(isc_mem_t *mctx, dns_tkey_ctx_t **tctx) { dns_tkeyctx_create(isc_mem_t *mctx, isc_entropy_t *ectx, dns_tkeyctx_t **tctxp)
{
dns_tkeyctx_t *tctx;
REQUIRE(mctx != NULL); REQUIRE(mctx != NULL);
REQUIRE(tctx != NULL); REQUIRE(ectx != NULL);
REQUIRE(*tctx == NULL); REQUIRE(tctxp != NULL && *tctxp == NULL);
*tctx = isc_mem_get(mctx, sizeof(dns_tkey_ctx_t)); tctx = isc_mem_get(mctx, sizeof(dns_tkeyctx_t));
if (*tctx == NULL) if (tctx == NULL)
return (ISC_R_NOMEMORY); return (ISC_R_NOMEMORY);
(*tctx)->mctx = mctx; tctx->mctx = NULL;
(*tctx)->dhkey = NULL; isc_mem_attach(mctx, &tctx->mctx);
(*tctx)->domain = NULL; tctx->ectx = NULL;
isc_entropy_attach(ectx, &tctx->ectx);
tctx->dhkey = NULL;
tctx->domain = NULL;
*tctxp = tctx;
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
} }
void void
dns_tkeyctx_destroy(dns_tkey_ctx_t **tctx) { dns_tkeyctx_destroy(dns_tkeyctx_t **tctxp) {
isc_mem_t *mctx; isc_mem_t *mctx;
dns_tkeyctx_t *tctx;
REQUIRE(tctx != NULL); REQUIRE(tctxp != NULL && *tctxp != NULL);
REQUIRE(*tctx != NULL);
if ((*tctx)->dhkey != NULL) tctx = *tctxp;
dst_key_free(&(*tctx)->dhkey); mctx = tctx->mctx;
if ((*tctx)->domain != NULL) {
dns_name_free((*tctx)->domain, (*tctx)->mctx); if (tctx->dhkey != NULL)
isc_mem_put((*tctx)->mctx, (*tctx)->domain, dst_key_free(&tctx->dhkey);
sizeof(dns_name_t)); if (tctx->domain != NULL) {
dns_name_free(tctx->domain, mctx);
isc_mem_put(mctx, tctx->domain, sizeof(dns_name_t));
} }
isc_entropy_detach(&tctx->ectx);
mctx = (*tctx)->mctx; isc_mem_put(mctx, tctx, sizeof(dns_tkeyctx_t));
isc_mem_put(mctx, *tctx, sizeof(dns_tkey_ctx_t)); isc_mem_detach(&mctx);
*tctxp = NULL;
} }
static isc_result_t static isc_result_t
@@ -200,7 +211,7 @@ compute_secret(isc_buffer_t *shared, isc_region_t *queryrandomness,
static isc_result_t static isc_result_t
process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name, process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
dns_rdata_tkey_t *tkeyin, dns_tkey_ctx_t *tctx, dns_rdata_tkey_t *tkeyin, dns_tkeyctx_t *tctx,
dns_rdata_tkey_t *tkeyout, dns_rdata_tkey_t *tkeyout,
dns_tsig_keyring_t *ring, dns_namelist_t *namelist) dns_tsig_keyring_t *ring, dns_namelist_t *namelist)
{ {
@@ -215,7 +226,7 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
isc_uint32_t ourttl; isc_uint32_t ourttl;
unsigned char keydata[DST_KEY_MAXSIZE]; unsigned char keydata[DST_KEY_MAXSIZE];
unsigned int sharedsize; unsigned int sharedsize;
isc_buffer_t randombuf, secret; isc_buffer_t secret;
unsigned char *randomdata = NULL, secretdata[256]; unsigned char *randomdata = NULL, secretdata[256];
isc_stdtime_t now; isc_stdtime_t now;
@@ -318,10 +329,11 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
result = ISC_R_NOMEMORY; result = ISC_R_NOMEMORY;
goto failure; goto failure;
} }
isc_buffer_init(&randombuf, randomdata, TKEY_RANDOM_AMOUNT); RETERR(isc_entropy_getdata(tctx->ectx, randomdata, TKEY_RANDOM_AMOUNT,
RETERR(dst_random_get(TKEY_RANDOM_AMOUNT, &randombuf)); NULL, 0));
isc_buffer_usedregion(&randombuf, &r); r.base = randomdata;
r.length = TKEY_RANDOM_AMOUNT;
r2.base = tkeyin->key; r2.base = tkeyin->key;
r2.length = tkeyin->keylen; r2.length = tkeyin->keylen;
RETERR(compute_secret(shared, &r2, &r, &secret)); RETERR(compute_secret(shared, &r2, &r, &secret));
@@ -411,7 +423,7 @@ process_deletetkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
} }
isc_result_t isc_result_t
dns_tkey_processquery(dns_message_t *msg, dns_tkey_ctx_t *tctx, dns_tkey_processquery(dns_message_t *msg, dns_tkeyctx_t *tctx,
dns_tsig_keyring_t *ring) dns_tsig_keyring_t *ring)
{ {
isc_result_t result = ISC_R_SUCCESS; isc_result_t result = ISC_R_SUCCESS;
@@ -525,8 +537,10 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkey_ctx_t *tctx,
isc_buffer_t b, b2; isc_buffer_t b, b2;
int i; int i;
isc_buffer_init(&b, randomtext, sizeof(randomtext)); result = isc_entropy_getdata(tctx->ectx,
result = dst_random_get(sizeof(randomtext)/2, &b); randomtext,
sizeof(randomtext),
NULL, 0);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
dns_message_takebuffer(msg, &buf); dns_message_takebuffer(msg, &buf);
goto failure; goto failure;

8
lib/dns/tkeyconf.c
View File

@@ -34,18 +34,18 @@
isc_result_t isc_result_t
dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, isc_entropy_t *ectx,
dns_tkey_ctx_t **tctxp) dns_tkeyctx_t **tctxp)
{ {
isc_result_t result; isc_result_t result;
dns_tkey_ctx_t *tctx = NULL; dns_tkeyctx_t *tctx = NULL;
char *s; char *s;
isc_uint32_t n; isc_uint32_t n;
isc_buffer_t b, namebuf; isc_buffer_t b, namebuf;
unsigned char data[1024]; unsigned char data[1024];
dns_name_t domain, keyname; dns_name_t domain, keyname;
result = dns_tkeyctx_create(mctx, &tctx); result = dns_tkeyctx_create(mctx, ectx, &tctx);
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
return (result); return (result);