Commit 4fe87554 authored by Brian Wellington's avatar Brian Wellington

Use the new DST API

parent 011463c3
......@@ -37,12 +37,13 @@ char *current;
const char *tmp = "/tmp";
static void
use(dst_key_t *key) {
use(dst_key_t *key, isc_mem_t *mctx) {
isc_result_t ret;
const char *data = "This is some data";
unsigned char sig[512];
isc_buffer_t databuf, sigbuf;
isc_region_t datareg, sigreg;
dst_context_t *ctx = NULL;
isc_buffer_init(&sigbuf, sig, sizeof(sig));
/*
......@@ -54,15 +55,33 @@ use(dst_key_t *key) {
isc_buffer_add(&databuf, strlen(data));
isc_buffer_usedregion(&databuf, &datareg);
ret = dst_key_sign(DST_SIGMODE_ALL, key, NULL, &datareg, &sigbuf);
ret = dst_context_create(key, mctx, &ctx);
if (ret != ISC_R_SUCCESS)
printf("contextcreate(%d) returned: %s\n", dst_key_alg(key),
isc_result_totext(ret));
ret = dst_context_adddata(ctx, &datareg);
if (ret != ISC_R_SUCCESS)
printf("adddata(%d) returned: %s\n", dst_key_alg(key),
isc_result_totext(ret));
ret = dst_context_sign(ctx, &sigbuf);
printf("sign(%d) returned: %s\n", dst_key_alg(key),
isc_result_totext(ret));
dst_context_destroy(&ctx);
isc_buffer_forward(&sigbuf, 1);
isc_buffer_remainingregion(&sigbuf, &sigreg);
ret = dst_key_verify(DST_SIGMODE_ALL, key, NULL, &datareg, &sigreg);
ret = dst_context_create(key, mctx, &ctx);
if (ret != ISC_R_SUCCESS)
printf("contextcreate(%d) returned: %s\n", dst_key_alg(key),
isc_result_totext(ret));
ret = dst_context_adddata(ctx, &datareg);
if (ret != ISC_R_SUCCESS)
printf("adddata(%d) returned: %s\n", dst_key_alg(key),
isc_result_totext(ret));
ret = dst_context_verify(ctx, &sigreg);
printf("verify(%d) returned: %s\n", dst_key_alg(key),
isc_result_totext(ret));
dst_context_destroy(&ctx);
}
static void
......@@ -116,7 +135,7 @@ io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx) {
printf("write(%d) returned: %s\n", alg, isc_result_totext(ret));
if (ret != 0)
return;
use(key);
use(key, mctx);
dns(key, mctx);
dst_key_free(&key);
}
......@@ -192,7 +211,7 @@ generate(int alg, isc_mem_t *mctx) {
printf("generate(%d) returned: %s\n", alg, isc_result_totext(ret));
if (alg != DST_ALG_DH)
use(key);
use(key, mctx);
dst_key_free(&key);
}
......
......@@ -78,37 +78,68 @@ cleandir(char *path) {
}
static void
use(dst_key_t *key, isc_result_t exp_result, int *nfails) {
use(dst_key_t *key, isc_mem_t *mctx, isc_result_t exp_result, int *nfails) {
isc_result_t ret;
const char *data = "This is some data";
unsigned char sig[512];
isc_buffer_t databuf, sigbuf;
isc_region_t datareg, sigreg;
dst_context_t *ctx = NULL;
isc_buffer_init(&sigbuf, sig, sizeof(sig));
isc_buffer_init(&databuf, data, strlen(data));
isc_buffer_add(&databuf, strlen(data));
isc_buffer_usedregion(&databuf, &datareg);
ret = dst_key_sign(DST_SIGMODE_ALL, key, NULL, &datareg, &sigbuf);
ret = dst_context_create(key, mctx, &ctx);
if (ret != ISC_R_SUCCESS) {
t_info("dst_context_create(%d) returned (%s)\n",
dst_key_alg(key), dst_result_totext(ret));
++*nfails;
return;
}
ret = dst_context_adddata(ctx, &datareg);
if (ret != ISC_R_SUCCESS) {
t_info("dst_context_adddata(%d) returned (%s)\n",
dst_key_alg(key), dst_result_totext(ret));
++*nfails;
return;
}
ret = dst_context_sign(ctx, &sigbuf);
if (ret != exp_result) {
t_info("dst_sign(%d) returned (%s) expected (%s)\n",
t_info("dst_context_sign(%d) returned (%s) expected (%s)\n",
dst_key_alg(key), dst_result_totext(ret),
dst_result_totext(exp_result));
++*nfails;
return;
}
dst_context_destroy(&ctx);
isc_buffer_remainingregion(&sigbuf, &sigreg);
ret = dst_key_verify(DST_SIGMODE_ALL, key, NULL, &datareg, &sigreg);
ret = dst_context_create(key, mctx, &ctx);
if (ret != ISC_R_SUCCESS) {
t_info("dst_context_create(%d) returned (%s)\n",
dst_key_alg(key), dst_result_totext(ret));
++*nfails;
return;
}
ret = dst_context_adddata(ctx, &datareg);
if (ret != ISC_R_SUCCESS) {
t_info("dst_context_adddata(%d) returned (%s)\n",
dst_key_alg(key), dst_result_totext(ret));
++*nfails;
return;
}
ret = dst_context_verify(ctx, &sigreg);
if (ret != exp_result) {
t_info("dst_verify(%d) returned (%s) expected (%s)\n",
t_info("dst_context_verify(%d) returned (%s) expected (%s)\n",
dst_key_alg(key), dst_result_totext(ret),
dst_result_totext(exp_result));
++*nfails;
return;
}
dst_context_destroy(&ctx);
}
static void
......@@ -287,7 +318,7 @@ io(dns_name_t *name, int id, int alg, int type, isc_mem_t *mctx,
}
if (dst_key_alg(key) != DST_ALG_DH)
use(key, exp_result, nfails);
use(key, mctx, exp_result, nfails);
if (chdir(current)) {
t_info("chdir failed %d\n", errno);
......@@ -314,7 +345,7 @@ generate(int alg, isc_mem_t *mctx, int size, int *nfails) {
}
if (alg != DST_ALG_DH)
use(key, ISC_R_SUCCESS, nfails);
use(key, mctx, ISC_R_SUCCESS, nfails);
dst_key_free(&key);
}
......@@ -618,6 +649,7 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname,
dns_fixedname_t fname;
dns_name_t *name;
isc_buffer_t b;
dst_context_t *ctx = NULL;
/*
* Read data from file in a form usable by dst_verify.
......@@ -686,7 +718,25 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname,
memset(sig, 0, sizeof(sig));
isc_buffer_init(&sigbuf, sig, sizeof(sig));
isc_result = dst_sign(DST_SIGMODE_ALL, key, NULL, &datareg, &sigbuf);
isc_result = dst_context_create(key, mctx, &ctx);
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_context_create(%d) failed %s\n",
dst_result_totext(isc_result));
(void) free(data);
dst_key_free(&key);
++*nprobs;
return;
}
isc_result = dst_context_adddata(ctx, &datareg);
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_context_adddata(%d) failed %s\n",
dst_result_totext(isc_result));
(void) free(data);
dst_key_free(&key);
++*nprobs;
return;
}
isc_result = dst_context_sign(ctx, &sigbuf);
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_sign(%d) failed %s\n",
dst_result_totext(isc_result));
......@@ -695,6 +745,7 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname,
++*nprobs;
return;
}
dst_context_destroy(&ctx);
rval = sig_tofile(sigpath, &sigbuf);
if (rval != 0) {
......@@ -731,18 +782,30 @@ t2_sigchk(char *datapath, char *sigpath, char *keyname,
if (strstr(expected_result, "!"))
exp_res = 1;
isc_result = dst_key_verify(DST_SIGMODE_ALL, key, NULL, &datareg,
&sigreg);
isc_result = dst_context_create(key, mctx, &ctx);
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_context_create returned %s\n",
isc_result_totext(isc_result));
++*nfails;
}
isc_result = dst_context_adddata(ctx, &datareg);
if (isc_result != ISC_R_SUCCESS) {
t_info("dst_context_adddata returned %s\n",
isc_result_totext(isc_result));
++*nfails;
}
isc_result = dst_context_verify(ctx, &sigreg);
if ( ((exp_res == 0) && (isc_result != ISC_R_SUCCESS)) ||
((exp_res != 0) && (isc_result == ISC_R_SUCCESS))) {
t_info("dst_verify returned %s, expected %s\n",
t_info("dst_context_verify returned %s, expected %s\n",
isc_result_totext(isc_result),
expected_result);
++*nfails;
}
(void) free(data);
dst_context_destroy(&ctx);
dst_key_free(&key);
return;
}
......
......@@ -16,7 +16,7 @@
*/
/*
* $Id: dnssec.c,v 1.41 2000/06/01 18:25:29 tale Exp $
* $Id: dnssec.c,v 1.42 2000/06/02 18:59:12 bwelling Exp $
* Principal Author: Brian Wellington
*/
......@@ -55,12 +55,6 @@
#define TYPE_SIGN 0
#define TYPE_VERIFY 1
typedef struct digestctx {
dst_key_t *key;
dst_context_t context;
isc_uint8_t type;
} digestctx_t;
static isc_result_t
digest_callback(void *arg, isc_region_t *data);
......@@ -73,18 +67,9 @@ rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx,
static isc_result_t
digest_callback(void *arg, isc_region_t *data) {
digestctx_t *ctx = arg;
isc_result_t result;
REQUIRE(ctx->type == TYPE_SIGN || ctx->type == TYPE_VERIFY);
dst_context_t *ctx = arg;
if (ctx->type == TYPE_SIGN)
result = dst_key_sign(DST_SIGMODE_UPDATE, ctx->key,
&ctx->context, data, NULL);
else
result = dst_key_verify(DST_SIGMODE_UPDATE, ctx->key,
&ctx->context, data, NULL);
return (result);
return (dst_context_adddata(ctx, data));
}
/*
......@@ -169,10 +154,9 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
int nrdatas, i;
isc_buffer_t b, sigbuf, envbuf;
isc_region_t r;
dst_context_t ctx = NULL;
dst_context_t *ctx = NULL;
isc_result_t ret;
unsigned char data[300];
digestctx_t dctx;
isc_uint32_t flags;
unsigned int sigsize;
......@@ -230,15 +214,17 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
isc_buffer_usedregion(&b, &r);
ret = dst_context_create(key, mctx, &ctx);
if (ret != ISC_R_SUCCESS)
goto cleanup_signature;
/*
* Digest the SIG rdata.
*/
r.length -= sig.siglen;
ret = dst_key_sign(DST_SIGMODE_INIT | DST_SIGMODE_UPDATE,
key, &ctx, &r, NULL);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_signature;
goto cleanup_context;
dns_name_toregion(name, &r);
......@@ -252,14 +238,9 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
isc_buffer_putuint16(&envbuf, set->rdclass);
isc_buffer_putuint32(&envbuf, set->ttl);
memset(&dctx, 0, sizeof(dctx));
dctx.key = key;
dctx.context = ctx;
dctx.type = TYPE_SIGN;
ret = rdataset_to_sortedarray(set, mctx, &rdatas, &nrdatas);
if (ret != ISC_R_SUCCESS)
goto cleanup_signature;
goto cleanup_context;
isc_buffer_usedregion(&envbuf, &r);
for (i = 0; i < nrdatas; i++) {
......@@ -270,7 +251,7 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
/*
* Digest the envelope.
*/
ret = dst_key_sign(DST_SIGMODE_UPDATE, key, &ctx, &r, NULL);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_array;
......@@ -281,20 +262,20 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
INSIST(rdatas[i].length < 65536);
isc_buffer_putuint16(&lenbuf, (isc_uint16_t)rdatas[i].length);
isc_buffer_usedregion(&lenbuf, &lenr);
ret = dst_key_sign(DST_SIGMODE_UPDATE, key, &ctx, &lenr, NULL);
ret = dst_context_adddata(ctx, &lenr);
if (ret != ISC_R_SUCCESS)
goto cleanup_array;
/*
* Digest the rdata.
*/
ret = dns_rdata_digest(&rdatas[i], digest_callback, &dctx);
ret = dns_rdata_digest(&rdatas[i], digest_callback, ctx);
if (ret != ISC_R_SUCCESS)
goto cleanup_array;
}
isc_buffer_init(&sigbuf, sig.signature, sig.siglen);
ret = dst_key_sign(DST_SIGMODE_FINAL, key, &ctx, NULL, &sigbuf);
ret = dst_context_sign(ctx, &sigbuf);
if (ret != ISC_R_SUCCESS)
goto cleanup_array;
isc_buffer_usedregion(&sigbuf, &r);
......@@ -309,6 +290,8 @@ dns_dnssec_sign(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
cleanup_array:
isc_mem_put(mctx, rdatas, nrdatas * sizeof(dns_rdata_t));
cleanup_context:
dst_context_destroy(&ctx);
cleanup_signature:
isc_mem_put(mctx, sig.signature, sig.siglen);
......@@ -329,8 +312,7 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
isc_stdtime_t now;
isc_result_t ret;
unsigned char data[300];
dst_context_t ctx;
digestctx_t dctx;
dst_context_t *ctx = NULL;
int labels;
isc_uint32_t flags;
......@@ -372,8 +354,13 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
r.length -= sig.siglen;
RUNTIME_CHECK(r.length >= 19);
ret = dst_key_verify(DST_SIGMODE_INIT | DST_SIGMODE_UPDATE,
key, &ctx, &r, NULL);
ret = dst_context_create(key, mctx, &ctx);
if (ret != ISC_R_SUCCESS)
goto cleanup_struct;
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_struct;
/*
* If the name is an expanded wildcard, use the wildcard name.
......@@ -404,14 +391,10 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
isc_buffer_putuint16(&envbuf, set->rdclass);
isc_buffer_putuint32(&envbuf, sig.originalttl);
memset(&dctx, 0, sizeof(dctx));
dctx.key = key;
dctx.context = ctx;
dctx.type = TYPE_VERIFY;
ret = rdataset_to_sortedarray(set, mctx, &rdatas, &nrdatas);
if (ret != ISC_R_SUCCESS)
goto cleanup_struct;
goto cleanup_context;
isc_buffer_usedregion(&envbuf, &r);
for (i = 0; i < nrdatas; i++) {
......@@ -422,7 +405,7 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
/*
* Digest the envelope.
*/
ret = dst_key_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, NULL);
ret = dst_context_adddata(ctx, &r);
if (ret != ISC_R_SUCCESS)
goto cleanup_array;
......@@ -437,23 +420,24 @@ dns_dnssec_verify(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
/*
* Digest the rdata.
*/
ret = dst_key_verify(DST_SIGMODE_UPDATE, key, &ctx, &lenr,
NULL);
ret = dst_context_adddata(ctx, &lenr);
if (ret != ISC_R_SUCCESS)
goto cleanup_array;
ret = dns_rdata_digest(&rdatas[i], digest_callback, &dctx);
ret = dns_rdata_digest(&rdatas[i], digest_callback, ctx);
if (ret != ISC_R_SUCCESS)
goto cleanup_array;
}
r.base = sig.signature;
r.length = sig.siglen;
ret = dst_key_verify(DST_SIGMODE_FINAL, key, &ctx, NULL, &r);
if (ret == DST_R_VERIFYFINALFAILURE)
ret = dst_context_verify(ctx, &r);
if (ret == DST_R_VERIFYFAILURE)
ret = DNS_R_SIGINVALID;
cleanup_array:
isc_mem_put(mctx, rdatas, nrdatas * sizeof(dns_rdata_t));
cleanup_context:
dst_context_destroy(&ctx);
cleanup_struct:
dns_rdata_freestruct(&sig);
......@@ -534,7 +518,7 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
dns_rdataset_t *dataset;
isc_region_t r;
isc_stdtime_t now;
dst_context_t ctx;
dst_context_t *ctx = NULL;
isc_mem_t *mctx;
isc_result_t result;
isc_boolean_t signeedsfree = ISC_TRUE;
......@@ -573,11 +557,10 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
isc_buffer_init(&databuf, data, sizeof(data));
RETERR(dst_key_sign(DST_SIGMODE_INIT, key, &ctx, NULL, NULL));
RETERR(dst_context_create(key, mctx, &ctx));
if (is_response(msg))
RETERR(dst_key_sign(DST_SIGMODE_UPDATE, key, &ctx, msg->query,
NULL));
RETERR(dst_context_adddata(ctx, msg->query));
/*
* Digest the header.
......@@ -585,14 +568,14 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
isc_buffer_init(&headerbuf, header, sizeof(header));
dns_message_renderheader(msg, &headerbuf);
isc_buffer_usedregion(&headerbuf, &r);
RETERR(dst_key_sign(DST_SIGMODE_UPDATE, key, &ctx, &r, NULL));
RETERR(dst_context_adddata(ctx, &r));
/*
* Digest the remainder of the message.
*/
isc_buffer_usedregion(msg->buffer, &r);
isc_region_consume(&r, DNS_MESSAGE_HEADERLEN);
RETERR(dst_key_sign(DST_SIGMODE_UPDATE, key, &ctx, &r, NULL));
RETERR(dst_context_adddata(ctx, &r));
/*
* Digest the fields of the SIG - we can cheat and use
......@@ -603,7 +586,7 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
dns_rdatatype_sig, &sig, &databuf));
isc_buffer_usedregion(&databuf, &r);
r.length -= 2;
RETERR(dst_key_sign(DST_SIGMODE_UPDATE, key, &ctx, &r, NULL));
RETERR(dst_context_adddata(ctx, &r));
RETERR(dst_key_sigsize(key, &sigsize));
sig.siglen = sigsize;
......@@ -614,7 +597,7 @@ dns_dnssec_signmessage(dns_message_t *msg, dst_key_t *key) {
}
isc_buffer_init(&sigbuf, sig.signature, sig.siglen);
RETERR(dst_key_sign(DST_SIGMODE_FINAL, key, &ctx, NULL, &sigbuf));
RETERR(dst_context_sign(ctx, &sigbuf));
rdata = NULL;
RETERR(dns_message_gettemprdata(msg, &rdata));
......@@ -649,6 +632,8 @@ failure:
isc_buffer_free(&dynbuf);
if (signeedsfree)
isc_mem_put(mctx, sig.signature, sig.siglen);
if (ctx != NULL)
dst_context_destroy(&ctx);
return (result);
}
......@@ -663,7 +648,7 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
dns_name_t tname;
isc_region_t r, r2, source_r, sig_r, header_r;
isc_stdtime_t now;
dst_context_t ctx;
dst_context_t *ctx = NULL;
isc_mem_t *mctx;
isc_result_t result;
isc_uint16_t addcount;
......@@ -707,14 +692,13 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
/* XXXBEW ensure that sig.signer refers to this key */
RETERR(dst_key_verify(DST_SIGMODE_INIT, key, &ctx, NULL, NULL));
RETERR(dst_context_create(key, mctx, &ctx));
/*
* If this is a response, digest the query.
*/
if (is_response(msg))
RETERR(dst_key_verify(DST_SIGMODE_UPDATE, key, &ctx,
msg->query, NULL));
RETERR(dst_context_adddata(ctx, msg->query));
/*
* Extract the header.
......@@ -733,14 +717,14 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
*/
header_r.base = (unsigned char *) header;
header_r.length = DNS_MESSAGE_HEADERLEN;
RETERR(dst_key_verify(DST_SIGMODE_UPDATE, key, &ctx, &header_r, NULL));
RETERR(dst_context_adddata(ctx, &header_r));
/*
* Digest all non-SIG(0) records.
*/
r.base = source_r.base + DNS_MESSAGE_HEADERLEN;
r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN;
RETERR(dst_key_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, NULL));
RETERR(dst_context_adddata(ctx, &r));
/*
* Digest the SIG(0) record . Find the start of the record, skip
......@@ -754,11 +738,11 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
dns_name_toregion(&tname, &r2);
isc_region_consume(&r, r2.length + 10);
r.length -= (sig.siglen + 2);
RETERR(dst_key_verify(DST_SIGMODE_UPDATE, key, &ctx, &r, NULL));
RETERR(dst_context_adddata(ctx, &r));
sig_r.base = sig.signature;
sig_r.length = sig.siglen;
result = dst_key_verify(DST_SIGMODE_FINAL, key, &ctx, NULL, &sig_r);
result = dst_context_verify(ctx, &sig_r);
if (result != ISC_R_SUCCESS) {
msg->sig0status = dns_tsigerror_badsig;
goto failure;
......@@ -773,6 +757,8 @@ dns_dnssec_verifymessage(isc_buffer_t *source, dns_message_t *msg,
failure:
if (signeedsfree)
dns_rdata_freestruct(&sig);
if (ctx != NULL)
dst_context_destroy(&ctx);
return (result);
}
......@@ -201,7 +201,7 @@ struct dns_message {
dns_name_t *tsigname;
dns_rdataset_t *querytsig;
dns_tsigkey_t *tsigkey;
void *tsigctx;
dst_context_t *tsigctx;
int sigstart;
dns_name_t *sig0name;
......
......@@ -16,7 +16,7 @@
*/
/*
* $Id: tkey.c,v 1.41 2000/05/30 22:28:37 bwelling Exp $
* $Id: tkey.c,v 1.42 2000/06/02 18:59:14 bwelling Exp $
* Principal Author: Brian Wellington
*/
......@@ -148,9 +148,10 @@ add_rdata_to_list(dns_message_t *msg, dns_name_t *name, dns_rdata_t *rdata,
static isc_result_t
compute_secret(isc_buffer_t *shared, isc_region_t *queryrandomness,
isc_region_t *serverrandomness, isc_buffer_t *secret)
isc_region_t *serverrandomness, isc_mem_t *mctx,
isc_buffer_t *secret)
{
dst_context_t ctx;
dst_context_t *ctx = NULL;
isc_result_t result;
isc_region_t r, r2;
char digests[32];
......@@ -163,26 +164,20 @@ compute_secret(isc_buffer_t *shared, isc_region_t *queryrandomness,
/*
* MD5 ( query data | DH value ).
*/
RETERR(dst_key_digest(DST_SIGMODE_INIT, DST_DIGEST_MD5, &ctx, NULL,
NULL));
RETERR(dst_key_digest(DST_SIGMODE_UPDATE, DST_DIGEST_MD5, &ctx,
queryrandomness, NULL));
RETERR(dst_key_digest(DST_SIGMODE_UPDATE, DST_DIGEST_MD5, &ctx, &r,
NULL));
RETERR(dst_key_digest(DST_SIGMODE_FINAL, DST_DIGEST_MD5, &ctx, NULL,
&b));
RETERR(dst_context_create(DST_KEY_MD5, mctx, &ctx));
RETERR(dst_context_adddata(ctx, queryrandomness));
RETERR(dst_context_adddata(ctx, &r));
RETERR(dst_context_digest(ctx, &b));
dst_context_destroy(&ctx);
/*
* MD5 ( server data | DH value ).
*/
RETERR(dst_key_digest(DST_SIGMODE_INIT, DST_DIGEST_MD5, &ctx, NULL,
NULL));
RETERR(dst_key_digest(DST_SIGMODE_UPDATE, DST_DIGEST_MD5, &ctx,
serverrandomness, NULL));
RETERR(dst_key_digest(DST_SIGMODE_UPDATE, DST_DIGEST_MD5, &ctx, &r,
NULL));
RETERR(dst_key_digest(DST_SIGMODE_FINAL, DST_DIGEST_MD5, &ctx, NULL,
&b));
RETERR(dst_context_create(DST_KEY_MD5, mctx, &ctx));
RETERR(dst_context_adddata(ctx, serverrandomness));
RETERR(dst_context_adddata(ctx, &r));
RETERR(dst_context_digest(ctx, &b));
dst_context_destroy(&ctx);
/*
* XOR ( DH value, MD5-1 | MD5-2).
......@@ -205,7 +200,10 @@ compute_secret(isc_buffer_t *shared, isc_region_t *queryrandomness,
}
failure:
return result;