Skip to content
GitLab
Menu
Projects
Groups
Snippets
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
c6d4f781
Commit
c6d4f781
authored
Jan 27, 2006
by
Mark Andrews
Browse files
1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
HMACSHA512 support. [RT #13606]
parent
d0207ee7
Changes
38
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
c6d4f781
1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
HMACSHA512 support. [RT #13606]
1972. [contrib] DBUS dynamic forwarders integation from
Jason Vas Dias <jvdias@redhat.com>.
...
...
bin/dig/dig.c
View file @
c6d4f781
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dig.c,v 1.21
0
2006/01/
0
7 0
0:23:35
marka Exp $ */
/* $Id: dig.c,v 1.21
1
2006/01/
2
7 0
2:35:14
marka Exp $ */
/*! \file */
...
...
@@ -42,6 +42,7 @@
#include <dns/rdatatype.h>
#include <dns/rdataclass.h>
#include <dns/result.h>
#include <dns/tsig.h>
#include <bind9/getaddresses.h>
...
...
@@ -152,7 +153,7 @@ help(void) {
" -t type (specify query type)
\n
"
" -c class (specify query class)
\n
"
" -k keyfile (specify tsig key file)
\n
"
" -y name:key
(specify named base64 tsig key)
\n
"
" -y
[hmac:]
name:key (specify named base64 tsig key)
\n
"
" -4 (use IPv4 query transport only)
\n
"
" -6 (use IPv6 query transport only)
\n
"
" d-opt is of the form +keyword[=value], where keyword is:
\n
"
...
...
@@ -1105,7 +1106,7 @@ static isc_boolean_t
dash_option
(
char
*
option
,
char
*
next
,
dig_lookup_t
**
lookup
,
isc_boolean_t
*
open_type_class
,
isc_boolean_t
config_only
)
{
char
opt
,
*
value
,
*
ptr
;
char
opt
,
*
value
,
*
ptr
,
*
ptr2
,
*
ptr3
;
isc_result_t
result
;
isc_boolean_t
value_from_next
;
isc_textregion_t
tr
;
...
...
@@ -1295,16 +1296,83 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
value
);
return
(
value_from_next
);
case
'y'
:
ptr
=
next_token
(
&
value
,
":"
);
ptr
=
next_token
(
&
value
,
":"
);
/* hmac type or name */
if
(
ptr
==
NULL
)
{
usage
();
}
ptr2
=
next_token
(
&
value
,
":"
);
/* name or secret */
if
(
ptr2
==
NULL
)
usage
();
ptr3
=
next_token
(
&
value
,
":"
);
/* secret or NULL */
if
(
ptr3
!=
NULL
)
{
if
(
strcasecmp
(
ptr
,
"hmac-md5"
)
==
0
)
{
hmacname
=
DNS_TSIG_HMACMD5_NAME
;
digestbits
=
0
;
}
else
if
(
strncasecmp
(
ptr
,
"hmac-md5-"
,
9
)
==
0
)
{
hmacname
=
DNS_TSIG_HMACMD5_NAME
;
digestbits
=
parse_uint
(
&
ptr
[
9
],
"digest-bits [0..128]"
,
128
);
digestbits
=
(
digestbits
+
7
)
&
~
0x7U
;
}
else
if
(
strcasecmp
(
ptr
,
"hmac-sha1"
)
==
0
)
{
hmacname
=
DNS_TSIG_HMACSHA1_NAME
;
digestbits
=
0
;
}
else
if
(
strncasecmp
(
ptr
,
"hmac-sha1-"
,
10
)
==
0
)
{
hmacname
=
DNS_TSIG_HMACSHA1_NAME
;
digestbits
=
parse_uint
(
&
ptr
[
10
],
"digest-bits [0..160]"
,
160
);
digestbits
=
(
digestbits
+
7
)
&
~
0x7U
;
}
else
if
(
strcasecmp
(
ptr
,
"hmac-sha224"
)
==
0
)
{
hmacname
=
DNS_TSIG_HMACSHA224_NAME
;
digestbits
=
0
;
}
else
if
(
strncasecmp
(
ptr
,
"hmac-sha224-"
,
12
)
==
0
)
{
hmacname
=
DNS_TSIG_HMACSHA224_NAME
;
digestbits
=
parse_uint
(
&
ptr
[
12
],
"digest-bits [0..224]"
,
224
);
digestbits
=
(
digestbits
+
7
)
&
~
0x7U
;
}
else
if
(
strcasecmp
(
ptr
,
"hmac-sha256"
)
==
0
)
{
hmacname
=
DNS_TSIG_HMACSHA256_NAME
;
digestbits
=
0
;
}
else
if
(
strncasecmp
(
ptr
,
"hmac-sha256-"
,
12
)
==
0
)
{
hmacname
=
DNS_TSIG_HMACSHA256_NAME
;
digestbits
=
parse_uint
(
&
ptr
[
12
],
"digest-bits [0..256]"
,
256
);
digestbits
=
(
digestbits
+
7
)
&
~
0x7U
;
}
else
if
(
strcasecmp
(
ptr
,
"hmac-sha384"
)
==
0
)
{
hmacname
=
DNS_TSIG_HMACSHA384_NAME
;
digestbits
=
0
;
}
else
if
(
strncasecmp
(
ptr
,
"hmac-sha384-"
,
12
)
==
0
)
{
hmacname
=
DNS_TSIG_HMACSHA384_NAME
;
digestbits
=
parse_uint
(
&
ptr
[
12
],
"digest-bits [0..384]"
,
384
);
digestbits
=
(
digestbits
+
7
)
&
~
0x7U
;
}
else
if
(
strcasecmp
(
ptr
,
"hmac-sha512"
)
==
0
)
{
hmacname
=
DNS_TSIG_HMACSHA512_NAME
;
digestbits
=
0
;
}
else
if
(
strncasecmp
(
ptr
,
"hmac-sha512-"
,
12
)
==
0
)
{
hmacname
=
DNS_TSIG_HMACSHA512_NAME
;
digestbits
=
parse_uint
(
&
ptr
[
12
],
"digest-bits [0..512]"
,
512
);
digestbits
=
(
digestbits
+
7
)
&
~
0x7U
;
}
else
{
fprintf
(
stderr
,
";; Warning, ignoring "
"invalid TSIG algorithm %s
\n
"
,
ptr
);
return
(
value_from_next
);
}
ptr
=
ptr2
;
ptr2
=
ptr3
;
}
else
{
hmacname
=
DNS_TSIG_HMACMD5_NAME
;
digestbits
=
0
;
}
strncpy
(
keynametext
,
ptr
,
sizeof
(
keynametext
));
keynametext
[
sizeof
(
keynametext
)
-
1
]
=
0
;
ptr
=
next_token
(
&
value
,
""
);
if
(
ptr
==
NULL
)
usage
();
strncpy
(
keysecret
,
ptr
,
sizeof
(
keysecret
));
strncpy
(
keysecret
,
ptr2
,
sizeof
(
keysecret
));
keysecret
[
sizeof
(
keysecret
)
-
1
]
=
0
;
return
(
value_from_next
);
case
'x'
:
...
...
bin/dig/dig.docbook
View file @
c6d4f781
...
...
@@ -18,7 +18,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: dig.docbook,v 1.2
8
200
5/10
/2
6
0
4
:35:
53
marka Exp $ -->
<!-- $Id: dig.docbook,v 1.2
9
200
6/01
/2
7
0
2
:35:
14
marka Exp $ -->
<refentry
id=
"man.dig"
>
<refentryinfo>
...
...
@@ -63,7 +63,7 @@
<arg><option>
-q
<replaceable
class=
"parameter"
>
name
</replaceable></option></arg>
<arg><option>
-t
<replaceable
class=
"parameter"
>
type
</replaceable></option></arg>
<arg><option>
-x
<replaceable
class=
"parameter"
>
addr
</replaceable></option></arg>
<arg><option>
-y
<replaceable
class=
"parameter"
>
name:key
</replaceable></option></arg>
<arg><option>
-y
<replaceable
class=
"parameter"
>
<optional>
hmac:
</optional>
name:key
</replaceable></option></arg>
<arg><option>
-4
</option></arg>
<arg><option>
-6
</option></arg>
<arg
choice=
"opt"
>
name
</arg>
...
...
@@ -281,6 +281,7 @@
responses using transaction signatures (TSIG), specify a TSIG key file
using the
<option>
-k
</option>
option. You can also specify the TSIG
key itself on the command line using the
<option>
-y
</option>
option;
<parameter>
hmac
</parameter>
is the type of the TSIG, default HMAC-MD5,
<parameter>
name
</parameter>
is the name of the TSIG key and
<parameter>
key
</parameter>
is the actual key. The key is a
base-64
...
...
bin/dig/dighost.c
View file @
c6d4f781
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dighost.c,v 1.29
0
2006/01/
0
7 0
0:23:35
marka Exp $ */
/* $Id: dighost.c,v 1.29
1
2006/01/
2
7 0
2:35:14
marka Exp $ */
/*! \file
* \note
...
...
@@ -161,6 +161,8 @@ int fatalexit = 0;
char
keynametext
[
MXNAME
];
char
keyfile
[
MXNAME
]
=
""
;
char
keysecret
[
MXNAME
]
=
""
;
dns_name_t
*
hmacname
=
NULL
;
unsigned
int
digestbits
=
0
;
isc_buffer_t
*
namebuf
=
NULL
;
dns_tsigkey_t
*
key
=
NULL
;
isc_boolean_t
validated
=
ISC_TRUE
;
...
...
@@ -890,14 +892,15 @@ setup_text_key(void) {
if
(
result
!=
ISC_R_SUCCESS
)
goto
failure
;
result
=
dns_tsigkey_create
(
&
keyname
,
dns_tsig_hmacmd5_name
,
secretstore
,
secretsize
,
ISC_FALSE
,
NULL
,
0
,
0
,
mctx
,
result
=
dns_tsigkey_create
(
&
keyname
,
hmacname
,
secretstore
,
secretsize
,
ISC_FALSE
,
NULL
,
0
,
0
,
mctx
,
NULL
,
&
key
);
failure:
if
(
result
!=
ISC_R_SUCCESS
)
printf
(
";; Couldn't create key %s: %s
\n
"
,
keynametext
,
isc_result_totext
(
result
));
else
dst_key_setbits
(
key
->
key
,
digestbits
);
isc_mem_free
(
mctx
,
secretstore
);
dns_name_invalidate
(
&
keyname
);
...
...
@@ -918,8 +921,31 @@ setup_file_key(void) {
goto
failure
;
}
result
=
dns_tsigkey_createfromkey
(
dst_key_name
(
dstkey
),
dns_tsig_hmacmd5_name
,
switch
(
dst_key_alg
(
dstkey
))
{
case
DST_ALG_HMACMD5
:
hmacname
=
DNS_TSIG_HMACMD5_NAME
;
break
;
case
DST_ALG_HMACSHA1
:
hmacname
=
DNS_TSIG_HMACSHA1_NAME
;
break
;
case
DST_ALG_HMACSHA224
:
hmacname
=
DNS_TSIG_HMACSHA224_NAME
;
break
;
case
DST_ALG_HMACSHA256
:
hmacname
=
DNS_TSIG_HMACSHA256_NAME
;
break
;
case
DST_ALG_HMACSHA384
:
hmacname
=
DNS_TSIG_HMACSHA384_NAME
;
break
;
case
DST_ALG_HMACSHA512
:
hmacname
=
DNS_TSIG_HMACSHA512_NAME
;
break
;
default:
printf
(
";; Couldn't create key %s: bad algorithm
\n
"
,
keynametext
);
goto
failure
;
}
result
=
dns_tsigkey_createfromkey
(
dst_key_name
(
dstkey
),
hmacname
,
dstkey
,
ISC_FALSE
,
NULL
,
0
,
0
,
mctx
,
NULL
,
&
key
);
if
(
result
!=
ISC_R_SUCCESS
)
{
...
...
bin/dig/include/dig/dig.h
View file @
c6d4f781
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dig.h,v 1.9
6
200
5
/0
8
/2
5
0
0:40:50
marka Exp $ */
/* $Id: dig.h,v 1.9
7
200
6
/0
1
/2
7
0
2:35:14
marka Exp $ */
#ifndef DIG_H
#define DIG_H
...
...
@@ -257,6 +257,8 @@ extern isc_sockaddr_t bind_address;
extern
char
keynametext
[
MXNAME
];
extern
char
keyfile
[
MXNAME
];
extern
char
keysecret
[
MXNAME
];
extern
dns_name_t
*
hmacname
;
extern
unsigned
int
digestbits
;
#ifdef DIG_SIGCHASE
extern
char
trustedkey
[
MXNAME
];
#endif
...
...
bin/dnssec/dnssec-keygen.c
View file @
c6d4f781
...
...
@@ -16,7 +16,7 @@
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.7
2
2006/01/
04
0
0
:3
7:2
4 marka Exp $ */
/* $Id: dnssec-keygen.c,v 1.7
3
2006/01/
27
0
2
:3
5:1
4 marka Exp $ */
/*! \file */
...
...
@@ -49,7 +49,9 @@
const
char
*
program
=
"dnssec-keygen"
;
int
verbose
;
static
const
char
*
algs
=
"RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5"
;
static
const
char
*
algs
=
"RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5 |"
" HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 | "
" HMAC-SHA384 | HMAC-SHA512"
;
static
isc_boolean_t
dsa_size_ok
(
int
size
)
{
...
...
@@ -70,10 +72,16 @@ usage(void) {
fprintf
(
stderr
,
" DH:
\t\t
[128..4096]
\n
"
);
fprintf
(
stderr
,
" DSA:
\t\t
[512..1024] and divisible by 64
\n
"
);
fprintf
(
stderr
,
" HMAC-MD5:
\t
[1..512]
\n
"
);
fprintf
(
stderr
,
" HMAC-SHA1:
\t
[1..160]
\n
"
);
fprintf
(
stderr
,
" HMAC-SHA224:
\t
[1..224]
\n
"
);
fprintf
(
stderr
,
" HMAC-SHA256:
\t
[1..256]
\n
"
);
fprintf
(
stderr
,
" HMAC-SHA384:
\t
[1..384]
\n
"
);
fprintf
(
stderr
,
" HMAC-SHA512:
\t
[1..512]
\n
"
);
fprintf
(
stderr
,
" -n nametype: ZONE | HOST | ENTITY | USER | OTHER
\n
"
);
fprintf
(
stderr
,
" name: owner of the key
\n
"
);
fprintf
(
stderr
,
"Other options:
\n
"
);
fprintf
(
stderr
,
" -c <class> (default: IN)
\n
"
);
fprintf
(
stderr
,
" -d <digest bits> (0 => max, default)
\n
"
);
fprintf
(
stderr
,
" -e use large exponent (RSAMD5/RSASHA1 only)
\n
"
);
fprintf
(
stderr
,
" -f keyflag: KSK
\n
"
);
fprintf
(
stderr
,
" -g <generator> use specified generator "
...
...
@@ -117,6 +125,7 @@ main(int argc, char **argv) {
isc_entropy_t
*
ectx
=
NULL
;
dns_rdataclass_t
rdclass
;
int
options
=
DST_TYPE_PRIVATE
|
DST_TYPE_PUBLIC
;
int
dbits
=
0
;
if
(
argc
==
1
)
usage
();
...
...
@@ -126,7 +135,7 @@ main(int argc, char **argv) {
dns_result_register
();
while
((
ch
=
isc_commandline_parse
(
argc
,
argv
,
"a:b:c:ef:g:kn:t:p:s:r:v:h"
))
!=
-
1
)
"a:b:c:
d:
ef:g:kn:t:p:s:r:v:h"
))
!=
-
1
)
{
switch
(
ch
)
{
case
'a'
:
...
...
@@ -140,6 +149,11 @@ main(int argc, char **argv) {
case
'c'
:
classname
=
isc_commandline_argument
;
break
;
case
'd'
:
dbits
=
strtol
(
isc_commandline_argument
,
&
endp
,
10
);
if
(
*
endp
!=
'\0'
||
dbits
<
0
)
fatal
(
"-d requires a non-negative number"
);
break
;
case
'e'
:
rsa_exp
=
1
;
break
;
...
...
@@ -221,6 +235,21 @@ main(int argc, char **argv) {
}
else
if
(
strcasecmp
(
algname
,
"HMAC-MD5"
)
==
0
)
{
options
|=
DST_TYPE_KEY
;
alg
=
DST_ALG_HMACMD5
;
}
else
if
(
strcasecmp
(
algname
,
"HMAC-SHA1"
)
==
0
)
{
options
|=
DST_TYPE_KEY
;
alg
=
DST_ALG_HMACSHA1
;
}
else
if
(
strcasecmp
(
algname
,
"HMAC-SHA224"
)
==
0
)
{
options
|=
DST_TYPE_KEY
;
alg
=
DST_ALG_HMACSHA224
;
}
else
if
(
strcasecmp
(
algname
,
"HMAC-SHA256"
)
==
0
)
{
options
|=
DST_TYPE_KEY
;
alg
=
DST_ALG_HMACSHA256
;
}
else
if
(
strcasecmp
(
algname
,
"HMAC-SHA384"
)
==
0
)
{
options
|=
DST_TYPE_KEY
;
alg
=
DST_ALG_HMACSHA384
;
}
else
if
(
strcasecmp
(
algname
,
"HMAC-SHA512"
)
==
0
)
{
options
|=
DST_TYPE_KEY
;
alg
=
DST_ALG_HMACSHA512
;
}
else
{
r
.
base
=
algname
;
r
.
length
=
strlen
(
algname
);
...
...
@@ -267,6 +296,56 @@ main(int argc, char **argv) {
case
DST_ALG_HMACMD5
:
if
(
size
<
1
||
size
>
512
)
fatal
(
"HMAC-MD5 key size %d out of range"
,
size
);
if
(
dbits
!=
0
&&
(
dbits
<
80
||
dbits
>
128
))
fatal
(
"HMAC-MD5 digest bits %d out of range"
,
dbits
);
if
((
dbits
%
8
)
!=
0
)
fatal
(
"HMAC-MD5 digest bits %d not divisible by 8"
,
dbits
);
break
;
case
DST_ALG_HMACSHA1
:
if
(
size
<
1
||
size
>
160
)
fatal
(
"HMAC-SHA1 key size %d out of range"
,
size
);
if
(
dbits
!=
0
&&
(
dbits
<
80
||
dbits
>
160
))
fatal
(
"HMAC-SHA1 digest bits %d out of range"
,
dbits
);
if
((
dbits
%
8
)
!=
0
)
fatal
(
"HMAC-SHA1 digest bits %d not divisible by 8"
,
dbits
);
break
;
case
DST_ALG_HMACSHA224
:
if
(
size
<
1
||
size
>
224
)
fatal
(
"HMAC-SHA224 key size %d out of range"
,
size
);
if
(
dbits
!=
0
&&
(
dbits
<
112
||
dbits
>
224
))
fatal
(
"HMAC-SHA224 digest bits %d out of range"
,
dbits
);
if
((
dbits
%
8
)
!=
0
)
fatal
(
"HMAC-SHA224 digest bits %d not divisible by 8"
,
dbits
);
break
;
case
DST_ALG_HMACSHA256
:
if
(
size
<
1
||
size
>
256
)
fatal
(
"HMAC-SHA256 key size %d out of range"
,
size
);
if
(
dbits
!=
0
&&
(
dbits
<
128
||
dbits
>
256
))
fatal
(
"HMAC-SHA256 digest bits %d out of range"
,
dbits
);
if
((
dbits
%
8
)
!=
0
)
fatal
(
"HMAC-SHA256 digest bits %d not divisible by 8"
,
dbits
);
break
;
case
DST_ALG_HMACSHA384
:
if
(
size
<
1
||
size
>
384
)
fatal
(
"HMAC-384 key size %d out of range"
,
size
);
if
(
dbits
!=
0
&&
(
dbits
<
192
||
dbits
>
384
))
fatal
(
"HMAC-SHA384 digest bits %d out of range"
,
dbits
);
if
((
dbits
%
8
)
!=
0
)
fatal
(
"HMAC-SHA384 digest bits %d not divisible by 8"
,
dbits
);
break
;
case
DST_ALG_HMACSHA512
:
if
(
size
<
1
||
size
>
512
)
fatal
(
"HMAC-SHA512 key size %d out of range"
,
size
);
if
(
dbits
!=
0
&&
(
dbits
<
256
||
dbits
>
512
))
fatal
(
"HMAC-SHA512 digest bits %d out of range"
,
dbits
);
if
((
dbits
%
8
)
!=
0
)
fatal
(
"HMAC-SHA512 digest bits %d not divisible by 8"
,
dbits
);
break
;
}
...
...
@@ -313,7 +392,10 @@ main(int argc, char **argv) {
}
if
((
flags
&
DNS_KEYFLAG_OWNERMASK
)
==
DNS_KEYOWNER_ZONE
&&
(
alg
==
DNS_KEYALG_DH
||
alg
==
DST_ALG_HMACMD5
))
(
alg
==
DNS_KEYALG_DH
||
alg
==
DST_ALG_HMACMD5
||
alg
==
DST_ALG_HMACSHA1
||
alg
==
DST_ALG_HMACSHA224
||
alg
==
DST_ALG_HMACSHA256
||
alg
==
DST_ALG_HMACSHA384
||
alg
==
DST_ALG_HMACSHA512
))
fatal
(
"a key with algorithm '%s' cannot be a zone key"
,
algname
);
...
...
@@ -337,6 +419,11 @@ main(int argc, char **argv) {
break
;
case
DNS_KEYALG_DSA
:
case
DST_ALG_HMACMD5
:
case
DST_ALG_HMACSHA1
:
case
DST_ALG_HMACSHA224
:
case
DST_ALG_HMACSHA256
:
case
DST_ALG_HMACSHA384
:
case
DST_ALG_HMACSHA512
:
param
=
0
;
break
;
}
...
...
@@ -365,6 +452,8 @@ main(int argc, char **argv) {
exit
(
-
1
);
}
dst_key_setbits
(
key
,
dbits
);
/*
* Try to read a key with the same name, alg and id from disk.
* If there is one we must continue generating a new one
...
...
bin/named/config.c
View file @
c6d4f781
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.c,v 1.6
7
2006/01/
05 23:45:33
marka Exp $ */
/* $Id: config.c,v 1.6
8
2006/01/
27 02:35:14
marka Exp $ */
/*! \file */
...
...
@@ -27,6 +27,7 @@
#include <isc/buffer.h>
#include <isc/log.h>
#include <isc/mem.h>
#include <isc/parseint.h>
#include <isc/region.h>
#include <isc/result.h>
#include <isc/sockaddr.h>
...
...
@@ -724,16 +725,65 @@ ns_config_getport(cfg_obj_t *config, in_port_t *portp) {
return
(
ISC_R_SUCCESS
);
}
struct
keyalgorithms
{
const
char
*
str
;
enum
{
hmacnone
,
hmacmd5
,
hmacsha1
,
hmacsha224
,
hmacsha256
,
hmacsha384
,
hmacsha512
}
hmac
;
isc_uint16_t
size
;
}
algorithms
[]
=
{
{
"hmac-md5"
,
hmacmd5
,
128
},
{
"hmac-md5.sig-alg.reg.int"
,
hmacmd5
,
0
},
{
"hmac-md5.sig-alg.reg.int."
,
hmacmd5
,
0
},
{
"hmac-sha1"
,
hmacsha1
,
160
},
{
"hmac-sha224"
,
hmacsha224
,
224
},
{
"hmac-sha256"
,
hmacsha256
,
256
},
{
"hmac-sha384"
,
hmacsha384
,
384
},
{
"hmac-sha512"
,
hmacsha512
,
512
},
{
NULL
,
hmacnone
,
0
}
};
isc_result_t
ns_config_getkeyalgorithm
(
const
char
*
str
,
dns_name_t
**
name
)
ns_config_getkeyalgorithm
(
const
char
*
str
,
dns_name_t
**
name
,
isc_uint16_t
*
digestbits
)
{
if
(
strcasecmp
(
str
,
"hmac-md5"
)
==
0
||
strcasecmp
(
str
,
"hmac-md5.sig-alg.reg.int"
)
==
0
||
strcasecmp
(
str
,
"hmac-md5.sig-alg.reg.int."
)
==
0
)
{
if
(
name
!=
NULL
)
*
name
=
dns_tsig_hmacmd5_name
;
return
(
ISC_R_SUCCESS
);
int
i
;
size_t
len
=
0
;
isc_uint16_t
bits
;
isc_result_t
result
;
for
(
i
=
0
;
algorithms
[
i
].
str
!=
NULL
;
i
++
)
{
len
=
strlen
(
algorithms
[
i
].
str
);
if
(
strncasecmp
(
algorithms
[
i
].
str
,
str
,
len
)
==
0
&&
(
str
[
len
]
==
'\0'
||
(
algorithms
[
i
].
size
!=
0
&&
str
[
len
]
==
'-'
)))
break
;
}
return
(
ISC_R_NOTFOUND
);
if
(
algorithms
[
i
].
str
==
NULL
)
return
(
ISC_R_NOTFOUND
);
if
(
str
[
len
]
==
'-'
)
{
result
=
isc_parse_uint16
(
&
bits
,
str
+
len
+
1
,
10
);
if
(
result
!=
ISC_R_SUCCESS
)
return
(
result
);
if
(
bits
>
algorithms
[
i
].
size
)
return
(
ISC_R_RANGE
);
}
else
if
(
algorithms
[
i
].
size
==
0
)
bits
=
128
;
else
bits
=
algorithms
[
i
].
size
;
if
(
name
!=
NULL
)
{
switch
(
algorithms
[
i
].
hmac
)
{
case
hmacmd5
:
*
name
=
dns_tsig_hmacmd5_name
;
break
;
case
hmacsha1
:
*
name
=
dns_tsig_hmacsha1_name
;
break
;
case
hmacsha224
:
*
name
=
dns_tsig_hmacsha224_name
;
break
;
case
hmacsha256
:
*
name
=
dns_tsig_hmacsha256_name
;
break
;
case
hmacsha384
:
*
name
=
dns_tsig_hmacsha384_name
;
break
;
case
hmacsha512
:
*
name
=
dns_tsig_hmacsha512_name
;
break
;
default:
INSIST
(
0
);
}
}
if
(
digestbits
!=
NULL
)
*
digestbits
=
bits
;
return
(
ISC_R_SUCCESS
);
}
bin/named/controlconf.c
View file @
c6d4f781
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: controlconf.c,v 1.4
7
200
5/11/30
0
3
:3
6:45
marka Exp $ */
/* $Id: controlconf.c,v 1.4
8
200
6/01/27
0
2
:3
5:14
marka Exp $ */
/*! \file */
...
...
@@ -758,7 +758,7 @@ register_keys(cfg_obj_t *control, cfg_obj_t *keylist,
algstr
=
cfg_obj_asstring
(
algobj
);
secretstr
=
cfg_obj_asstring
(
secretobj
);
if
(
ns_config_getkeyalgorithm
(
algstr
,
NULL
)
!=
if
(
ns_config_getkeyalgorithm
(
algstr
,
NULL
,
NULL
)
!=
ISC_R_SUCCESS
)
{
cfg_obj_log
(
control
,
ns_g_lctx
,
...
...
@@ -848,7 +848,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
algstr
=
cfg_obj_asstring
(
algobj
);
secretstr
=
cfg_obj_asstring
(
secretobj
);
if
(
ns_config_getkeyalgorithm
(
algstr
,
NULL
)
!=
ISC_R_SUCCESS
)
{
if
(
ns_config_getkeyalgorithm
(
algstr
,
NULL
,
NULL
)
!=
ISC_R_SUCCESS
)
{
cfg_obj_log
(
key
,
ns_g_lctx
,
ISC_LOG_WARNING
,
"unsupported algorithm '%s' in "
...
...
bin/named/include/named/config.h
View file @
c6d4f781
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.h,v 1.
9
200
5
/0
4
/2
9
0
0:22:30
marka Exp $ */
/* $Id: config.h,v 1.
10
200
6
/0
1
/2
7
0
2:35:14
marka Exp $ */
#ifndef NAMED_CONFIG_H
#define NAMED_CONFIG_H 1
...
...
@@ -72,6 +72,7 @@ isc_result_t
ns_config_getport
(
cfg_obj_t
*
config
,
in_port_t
*
portp
);
isc_result_t
ns_config_getkeyalgorithm
(
const
char
*
str
,
dns_name_t
**
name
);
ns_config_getkeyalgorithm
(
const
char
*
str
,
dns_name_t
**
name
,
isc_uint16_t
*
digestbits
);
#endif
/* NAMED_CONFIG_H */
bin/named/tsigconf.c
View file @
c6d4f781
...
...
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: tsigconf.c,v 1.2
5
200
5
/0
8
/2
3
02:3
6:07
marka Exp $ */
/* $Id: tsigconf.c,v 1.2
6
200
6
/0
1
/2
7
02:3
5:14
marka Exp $ */
/*! \file */
...
...
@@ -38,6 +38,7 @@
static
isc_result_t
add_initial_keys
(
cfg_obj_t
*
list
,
dns_tsig_keyring_t
*
ring
,
isc_mem_t
*
mctx
)
{
dns_tsigkey_t
*
tsigkey
=
NULL
;
cfg_listelt_t
*
element
;
cfg_obj_t
*
key
=
NULL
;
const
char
*
keyid
=
NULL
;
...
...
@@ -46,6 +47,7 @@ add_initial_keys(cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) {
int
secretlen
=
0
;
isc_result_t
ret
;
isc_stdtime_t
now
;
isc_uint16_t
bits
;
for
(
element
=
cfg_list_first
(
list
);
element
!=
NULL
;
...
...
@@ -86,10 +88,11 @@ add_initial_keys(cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) {
* Create the algorithm.
*/
algstr
=
cfg_obj_asstring
(
algobj
);
if
(
ns_config_getkeyalgorithm
(
algstr
,
&
alg
)
!=
ISC_R_SUCCESS
)
{
if
(
ns_config_getkeyalgorithm
(
algstr
,
&
alg
,
&
bits
)
!=
ISC_R_SUCCESS
)
{
cfg_obj_log
(
algobj
,
ns_g_lctx
,
ISC_LOG_ERROR
,
"key '%s':
the only
supported algorithm
"
"is hmac-md5"
,
keyid
);
"key '%s':
has a un
supported algorithm
'%s'"
,
keyid
,
algstr
);
ret
=
DNS_R_BADALG
;
goto
failure
;
}
...
...
@@ -110,11 +113,16 @@ add_initial_keys(cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) {
isc_stdtime_get
(
&
now
);
ret
=
dns_tsigkey_create
(
&
keyname
,
alg
,
secret
,
secretlen
,
ISC_FALSE
,
NULL
,
now
,
now
,
mctx
,
ring
,
NULL
);
mctx
,
ring
,
&
tsigkey
);
isc_mem_put
(
mctx
,
secret
,
secretalloc
);
secret
=
NULL
;
if
(
ret
!=
ISC_R_SUCCESS
)
goto
failure
;
/*
* Set digest bits.
*/
dst_key_setbits
(
tsigkey
->
key
,
bits
);
dns_tsigkey_detach
(
&
tsigkey
);
}
return
(
ISC_R_SUCCESS
);
...
...
@@ -127,7 +135,6 @@ add_initial_keys(cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) {
if
(
secret
!=
NULL
)
isc_mem_put
(
mctx
,
secret
,
secretalloc
);
return
(
ret
);
}
isc_result_t
...
...
bin/nsupdate/nsupdate.c
View file @
c6d4f781
...
...
@@ -15,7 +15,7 @@