17 #include <openssl/hmac.h> 18 #include <openssl/md5.h> 55 ldns_tsig_prepare_pkt_wire(uint8_t *wire,
size_t wire_len,
size_t *result_len)
57 uint8_t *wire2 = NULL;
86 for (i = 0; i < qd_count; i++) {
94 for (i = 0; i < an_count; i++) {
102 for (i = 0; i < ns_count; i++) {
110 for (i = 0; i < ar_count; i++) {
124 memcpy(wire2, wire, *result_len);
132 static const EVP_MD *
133 ldns_digest_function(
char *name)
137 if (strcasecmp(name,
"hmac-sha256.") == 0) {
138 #ifdef HAVE_EVP_SHA256 143 }
else if (strcasecmp(name,
"hmac-sha1.") == 0) {
145 }
else if (strcasecmp(name,
"hmac-md5.sig-alg.reg.int.") == 0) {
155 ldns_tsig_mac_new(
ldns_rdf **tsig_mac, uint8_t *pkt_wire,
size_t pkt_wire_size,
163 unsigned char *mac_bytes = NULL;
164 unsigned char *key_bytes = NULL;
166 const EVP_MD *digester;
167 char *algorithm_name = NULL;
168 unsigned int md_len = EVP_MAX_MD_SIZE;
171 ldns_rdf *canonical_key_name_rdf = NULL;
172 ldns_rdf *canonical_algorithm_rdf = NULL;
174 if (key_name_rdf == NULL || algorithm_rdf == NULL) {
178 if (canonical_key_name_rdf == NULL) {
182 if (canonical_algorithm_rdf == NULL) {
198 ldns_buffer_write(data_buffer, pkt_wire, pkt_wire_size);
199 if (!tsig_timers_only) {
202 canonical_key_name_rdf);
204 ldns_buffer_write_u32(data_buffer, 0);
207 canonical_algorithm_rdf);
211 if (!tsig_timers_only) {
216 wireformat = (
char *) data_buffer->
_data;
217 wiresize = (
int) ldns_buffer_position(data_buffer);
220 if(!algorithm_name) {
227 ldns_b64_pton_calculate_size(strlen(key_data)));
233 ldns_b64_pton_calculate_size(strlen(key_data)));
245 memset(mac_bytes, 0, md_len+2);
247 digester = ldns_digest_function(algorithm_name);
250 (void) HMAC(digester, key_bytes, key_size, (
void *)wireformat,
251 (size_t) wiresize, mac_bytes + 2, &md_len);
253 ldns_write_uint16(mac_bytes, md_len);
277 const char *key_data,
ldns_rdf *orig_mac_rdf)
284 const char *key_data,
ldns_rdf *orig_mac_rdf,
int tsig_timers_only)
295 uint16_t pkt_id, orig_pkt_id;
298 uint8_t *prepared_wire = NULL;
299 size_t prepared_wire_size = 0;
322 prepared_wire = ldns_tsig_prepare_pkt_wire(wire, wirelen, &prepared_wire_size);
324 status = ldns_tsig_mac_new(&my_mac_rdf, prepared_wire, prepared_wire_size,
325 key_data, key_name_rdf, fudge_rdf, algorithm_rdf,
326 time_signed_rdf, error_rdf, other_data_rdf, orig_mac_rdf, tsig_timers_only);
353 uint16_t fudge,
const char *algorithm_name,
ldns_rdf *query_mac)
360 uint16_t fudge,
const char *algorithm_name,
ldns_rdf *query_mac,
int tsig_timers_only)
373 uint8_t *pkt_wire = NULL;
376 struct timeval tv_time_signed;
377 uint8_t *time_signed = NULL;
381 if(!key_name_rdf || !algorithm_rdf) {
388 if (gettimeofday(&tv_time_signed, NULL) == 0) {
394 ldns_write_uint64_as_uint48(time_signed,
395 (uint64_t)tv_time_signed.tv_sec);
402 if(!time_signed_rdf) {
416 if(!fudge_rdf || !orig_id_rdf || !error_rdf || !other_data_rdf) {
426 status = ldns_tsig_mac_new(&mac_rdf, pkt_wire, pkt_wire_len,
427 key_data, key_name_rdf, fudge_rdf, algorithm_rdf,
428 time_signed_rdf, error_rdf, other_data_rdf, query_mac, tsig_timers_only);
ldns_rdf * ldns_rr_rdf(const ldns_rr *rr, size_t nr)
returns the rdata field member counter.
implementation of buffers to ease operations
void ldns_rdf_deep_free(ldns_rdf *rd)
frees a rdf structure and frees the data.
void ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type)
sets the type in the rr.
char * ldns_tsig_keydata_clone(ldns_tsig_credentials *tc)
ldns_rdf * ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value)
returns the rdf containing the native uint16_t representation.
ldns_status ldns_pkt2wire(uint8_t **dest, const ldns_pkt *packet, size_t *result_size)
Allocates an array of uint8_t at dest, and puts the wireformat of the given packet in that array...
char * ldns_tsig_keyname_clone(ldns_tsig_credentials *tc)
uint16_t ldns_pkt_id(const ldns_pkt *packet)
Read the packet id.
#define LDNS_XMALLOC(type, count)
void ldns_buffer_free(ldns_buffer *buffer)
frees the buffer.
ldns_rdf * ldns_rdf_clone(const ldns_rdf *rd)
clones a rdf structure.
void ldns_dname2canonical(const ldns_rdf *rd)
Put a dname into canonical fmt - ie.
size_t ldns_rr_rd_count(const ldns_rr *rr)
returns the rd_count of an rr structure.
bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char *key_name, const char *key_data, ldns_rdf *orig_mac_rdf)
verifies the tsig rr for the given packet and key.
#define LDNS_MAX_PACKETLEN
#define LDNS_QDCOUNT(wirebuf)
void ldns_rr_free(ldns_rr *rr)
frees an RR structure
#define LDNS_NSCOUNT(wirebuf)
void ldns_pkt_set_tsig(ldns_pkt *pkt, ldns_rr *rr)
Set the packet's tsig rr.
char * ldns_tsig_keyname(ldns_tsig_credentials *tc)
void ldns_rdf_free(ldns_rdf *rd)
frees a rdf structure, leaving the data pointer intact.
ldns_status ldns_rdf2buffer_wire(ldns_buffer *buffer, const ldns_rdf *rdf)
Copies the rdata data to the buffer in wire format.
Including this file will include all ldns files, and define some lookup tables.
void ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class)
sets the class in the rr.
bool ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char *key_name, const char *key_data, ldns_rdf *orig_mac_rdf, int tsig_timers_only)
verifies the tsig rr for the given packet and key.
variable length any type rdata where the length is specified by the first 2 bytes ...
uint16_t ldns_rdf2native_int16(const ldns_rdf *rd)
returns the native uint16_t representation from the rdf.
ldns_rdf * ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str)
creates a new rdf from a string.
void ldns_pkt_set_id(ldns_pkt *packet, uint16_t id)
Set the packet's id.
ldns_rdf * ldns_native2rdf_int16_data(size_t size, uint8_t *data)
returns an int16_data rdf that contains the data in the given array, preceded by an int16 specifying ...
void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner)
sets the owner in the rr structure.
char * ldns_tsig_algorithm(ldns_tsig_credentials *tc)
void ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl)
sets the ttl in the rr structure.
enum ldns_enum_status ldns_status
ldns_rdf * ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data)
allocates a new rdf structure and fills it.
ldns_buffer * ldns_buffer_new(size_t capacity)
creates a new buffer with the specified capacity.
ldns_rdf * ldns_rdf_new(ldns_rdf_type type, size_t size, void *data)
allocates a new rdf structure and fills it.
ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac)
creates a tsig rr for the given packet and key.
char * ldns_rdf2str(const ldns_rdf *rdf)
Converts the data in the rdata field to presentation format and returns that as a char *...
bool ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f)
sets rd_field member, it will be placed in the next available spot.
ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only)
creates a tsig rr for the given packet and key.
Resource record data field.
ldns_rr * ldns_pkt_tsig(const ldns_pkt *pkt)
Return the packet's tsig pseudo rr's.
ldns_rr * ldns_rr_new(void)
creates a new rr structure.
uint8_t * _data
The data contained in the buffer.
Contains credentials for TSIG.
#define LDNS_ANCOUNT(wirebuf)
#define LDNS_ARCOUNT(wirebuf)
int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize)
int ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2)
compares two rdf's on their wire formats.
ldns_status ldns_wire2rr(ldns_rr **rr_p, const uint8_t *wire, size_t max, size_t *pos, ldns_pkt_section section)
converts the data on the uint8_t bytearray (in wire format) to a DNS resource record.
char * ldns_tsig_keydata(ldns_tsig_credentials *tc)