Commit c9e998ea authored by Brian Wellington's avatar Brian Wellington
Browse files

A bit of gss-tsig code. Don't expect this to work.

parent 12a5fa5d
......@@ -13,7 +13,7 @@
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.15 2000/08/01 01:27:43 tale Exp $
# $Id: Makefile.in,v 1.16 2000/08/17 02:04:17 bwelling Exp $
srcdir = @srcdir@
VPATH = @srcdir@
......@@ -24,20 +24,21 @@ top_srcdir = @top_srcdir@
CINCLUDES = -I${srcdir} \
-I${srcdir}/../dnssafe \
-I${srcdir}/../openssl/include \
${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
${DNS_INCLUDES} ${ISC_INCLUDES} \
@DST_OPENSSL_INC@ @DST_GSSAPI_INC@
CDEFINES = -DUSE_MD5 -DDNSSAFE -DOPENSSL @DST_PRIVATEOPENSSL@
CDEFINES = -DUSE_MD5 -DDNSSAFE -DOPENSSL @DST_PRIVATEOPENSSL@ @USE_GSSAPI@
CWARNINGS =
LIBS = @LIBS@
# Alphabetically
OBJS = bsafe_link.@O@ dst_api.@O@ dst_parse.@O@ hmac_link.@O@ \
openssl_link.@O@ openssldh_link.@O@ \
openssl_link.@O@ openssldh_link.@O@ gssapi_link.@O@ \
dst_result.@O@ dst_lib.@O@
SRCS = bsafe_link.c dst_api.c dst_parse.c hmac_link.c \
openssl_link.c openssldh_link.c \
openssl_link.c openssldh_link.c gssapi_link.c \
dst_result.c dst_lib.c
SUBDIRS = include
......
......@@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.58 2000/08/01 01:27:45 tale Exp $
* $Id: dst_api.c,v 1.59 2000/08/17 02:04:19 bwelling Exp $
*/
#include <config.h>
......@@ -95,7 +95,15 @@ dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) {
REQUIRE(mctx != NULL && ectx != NULL);
REQUIRE(dst_initialized == ISC_FALSE);
isc_mem_attach(mctx, &dst_memory_pool);
dst_memory_pool = NULL;
/*
* When using --with-openssl, there seems to be no good way of not
* leaking memory due to the openssl error handling mechanism.
* Avoid assertions by using a local memory context and not checking
* for leaks on exit.
*/
RETERR(isc_mem_create(0, 0, &dst_memory_pool));
isc_mem_setdestroycheck(dst_memory_pool, ISC_FALSE);
isc_entropy_attach(ectx, &dst_entropy_pool);
dst_entropy_flags = eflags;
......@@ -111,6 +119,9 @@ dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) {
RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA]));
RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
#endif
#ifdef GSSAPI
RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
#endif
dst_initialized = ISC_TRUE;
return (ISC_R_SUCCESS);
......@@ -133,6 +144,9 @@ dst_lib_destroy(void) {
dst__openssldsa_destroy();
dst__openssldh_destroy();
dst__openssl_destroy();
#endif
#ifdef GSSAPI
dst__gssapi_destroy();
#endif
if (dst_memory_pool != NULL)
isc_mem_detach(&dst_memory_pool);
......@@ -493,6 +507,24 @@ dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) {
return (key->func->todns(key, target));
}
isc_result_t
dst_key_fromgssapi(dns_name_t *name, void *opaque, isc_mem_t *mctx,
dst_key_t **keyp)
{
dst_key_t *key;
REQUIRE(opaque != NULL);
REQUIRE(keyp != NULL && *keyp == NULL);
key = get_key_struct(name, DST_ALG_GSSAPI, 0, DNS_KEYPROTO_DNSSEC,
0, mctx);
if (key == NULL)
return (ISC_R_NOMEMORY);
key->opaque = opaque;
*keyp = key;
return (ISC_R_SUCCESS);
}
isc_result_t
dst_key_generate(dns_name_t *name, const unsigned int alg,
const unsigned int bits, const unsigned int param,
......@@ -694,6 +726,9 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
case DST_ALG_HMACMD5:
*n = 16;
break;
case DST_ALG_GSSAPI:
*n = 128; /* XXX */
break;
case DST_ALG_DH:
default:
return (DST_R_UNSUPPORTEDALG);
......
......@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dst_internal.h,v 1.27 2000/08/01 01:27:46 tale Exp $ */
/* $Id: dst_internal.h,v 1.28 2000/08/17 02:04:21 bwelling Exp $ */
#ifndef DST_DST_INTERNAL_H
#define DST_DST_INTERNAL_H 1
......@@ -99,6 +99,7 @@ isc_result_t dst__hmacmd5_init(struct dst_func **funcp);
isc_result_t dst__dnssafersa_init(struct dst_func **funcp);
isc_result_t dst__openssldsa_init(struct dst_func **funcp);
isc_result_t dst__openssldh_init(struct dst_func **funcp);
isc_result_t dst__gssapi_init(struct dst_func **funcp);
/*
* Destructors
......@@ -109,6 +110,7 @@ void dst__hmacmd5_destroy(void);
void dst__dnssafersa_destroy(void);
void dst__openssldsa_destroy(void);
void dst__openssldh_destroy(void);
void dst__gssapi_destroy(void);
/*
* Memory allocators using the DST memory pool.
......
/*
* Portions Copyright (C) 1999, 2000 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND
* NETWORK ASSOCIATES DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
* SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
* FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR NETWORK
* ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/*
* $Id: gssapi_link.c,v 1.1 2000/08/17 02:04:22 bwelling Exp $
*/
#ifdef GSSAPI
#include <config.h>
#include <isc/buffer.h>
#include <isc/mem.h>
#include <isc/string.h>
#include <isc/util.h>
#include <gssapi/gssapi.h>
#include <dst/result.h>
#include "dst_internal.h"
#include "dst_parse.h"
#define INITIAL_BUFFER_SIZE 1024
#define BUFFER_EXTRA 1024
#define REGION_TO_GBUFFER(r, gb) \
do { \
(gb).length = (r).length; \
(gb).value = (r).base; \
} while (0)
typedef struct gssapi_ctx {
isc_buffer_t *buffer;
gss_ctx_id_t *context_id;
} gssapi_ctx_t;
static isc_result_t
gssapi_createctx(dst_key_t *key, dst_context_t *dctx) {
gssapi_ctx_t *ctx;
isc_result_t result;
UNUSED(key);
ctx = isc_mem_get(dctx->mctx, sizeof(gssapi_ctx_t));
if (ctx == NULL)
return (ISC_R_NOMEMORY);
ctx->buffer = NULL;
result = isc_buffer_allocate(dctx->mctx, &ctx->buffer,
INITIAL_BUFFER_SIZE);
if (result != ISC_R_SUCCESS) {
isc_mem_put(dctx->mctx, ctx, sizeof(gssapi_ctx_t));
return (result);
}
ctx->context_id = key->opaque;
dctx->opaque = ctx;
return (ISC_R_SUCCESS);
}
static void
gssapi_destroyctx(dst_context_t *dctx) {
gssapi_ctx_t *ctx = dctx->opaque;
if (ctx != NULL) {
if (ctx->buffer != NULL)
isc_buffer_free(&ctx->buffer);
isc_mem_put(dctx->mctx, ctx, sizeof(gssapi_ctx_t));
dctx->opaque = NULL;
}
}
static isc_result_t
gssapi_adddata(dst_context_t *dctx, const isc_region_t *data) {
gssapi_ctx_t *ctx = dctx->opaque;
isc_buffer_t *newbuffer = NULL;
isc_region_t r;
unsigned int length;
isc_result_t result;
result = isc_buffer_copyregion(ctx->buffer, data);
if (result == ISC_R_SUCCESS)
return (ISC_R_SUCCESS);
length = isc_buffer_length(ctx->buffer) + data->length + BUFFER_EXTRA;
result = isc_buffer_allocate(dctx->mctx, &newbuffer, length);
if (result != ISC_R_SUCCESS)
return (result);
isc_buffer_usedregion(ctx->buffer, &r);
(void) isc_buffer_copyregion(newbuffer, &r);
(void) isc_buffer_copyregion(newbuffer, data);
isc_buffer_free(&ctx->buffer);
ctx->buffer = newbuffer;
return (ISC_R_SUCCESS);
}
static isc_result_t
gssapi_sign(dst_context_t *dctx, isc_buffer_t *sig) {
gssapi_ctx_t *ctx = dctx->opaque;
isc_region_t message;
gss_buffer_desc gmessage, gsig;
OM_uint32 minor, gret;
isc_buffer_usedregion(ctx->buffer, &message);
REGION_TO_GBUFFER(message, gmessage);
gret = gss_get_mic(&minor, ctx->context_id,
GSS_C_QOP_DEFAULT, &gmessage, &gsig);
if (gret != 0)
return (ISC_R_FAILURE);
if (gsig.length > isc_buffer_availablelength(sig)) {
gss_release_buffer(&minor, &gsig);
return (ISC_R_NOSPACE);
}
isc_buffer_putmem(sig, gsig.value, gsig.length);
gss_release_buffer(&minor, &gsig);
return (ISC_R_SUCCESS);
}
static isc_result_t
gssapi_verify(dst_context_t *dctx, const isc_region_t *sig) {
gssapi_ctx_t *ctx = dctx->opaque;
isc_region_t message;
gss_buffer_desc gmessage, gsig;
OM_uint32 minor, gret;
isc_buffer_usedregion(ctx->buffer, &message);
REGION_TO_GBUFFER(message, gmessage);
REGION_TO_GBUFFER(*sig, gsig);
gret = gss_verify_mic(&minor, ctx->context_id, &gmessage, &gsig, NULL);
if (gret != 0)
return (ISC_R_FAILURE);
return (ISC_R_SUCCESS);
}
static isc_boolean_t
gssapi_compare(const dst_key_t *key1, const dst_key_t *key2) {
gss_ctx_id_t gsskey1 = key1->opaque;
gss_ctx_id_t gsskey2 = key2->opaque;
/* No idea */
return (ISC_TF(gsskey1 == gsskey2));
}
static isc_result_t
gssapi_generate(dst_key_t *key, int unused) {
UNUSED(key);
UNUSED(unused);
/* No idea */
return (ISC_R_FAILURE);
}
static isc_boolean_t
gssapi_isprivate(const dst_key_t *key) {
UNUSED(key);
return (ISC_TRUE);
}
static void
gssapi_destroy(dst_key_t *key) {
UNUSED(key);
/* No idea */
}
static dst_func_t gssapi_functions = {
gssapi_createctx,
gssapi_destroyctx,
gssapi_adddata,
gssapi_sign,
gssapi_verify,
NULL, /* computesecret */
gssapi_compare,
NULL, /* paramcompare */
gssapi_generate,
gssapi_isprivate,
gssapi_destroy,
NULL, /* todns */
NULL, /* fromdns */
NULL, /* tofile */
NULL, /* fromfile */
};
isc_result_t
dst__gssapi_init(dst_func_t **funcp) {
REQUIRE(funcp != NULL && *funcp == NULL);
*funcp = &gssapi_functions;
return (ISC_R_SUCCESS);
}
void
dst__gssapi_destroy(void) {
}
#endif
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dst.h,v 1.34 2000/08/01 01:27:58 tale Exp $ */
/* $Id: dst.h,v 1.35 2000/08/17 02:04:22 bwelling Exp $ */
#ifndef DST_DST_H
#define DST_DST_H 1
......@@ -45,9 +45,10 @@ typedef struct dst_context dst_context_t;
#define DST_ALG_DH 2
#define DST_ALG_DSA 3
#define DST_ALG_HMACMD5 157
#define DST_ALG_GSSAPI 160
#define DST_ALG_PRIVATE 254
#define DST_ALG_EXPAND 255
#define DST_MAX_ALGS (DST_ALG_HMACMD5 + 1)
#define DST_MAX_ALGS 255
/* A buffer of this size is large enough to hold any key */
#define DST_KEY_MAXSIZE 1024
......@@ -336,6 +337,27 @@ dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target);
* If successful, the used pointer in 'target' is advanced.
*/
isc_result_t
dst_key_fromgssapi(dns_name_t *name, void *opaque, isc_mem_t *mctx,
dst_key_t **keyp);
/*
* Converts a GSSAPI opaque context id into a DST key.
*
* Requires:
* "name" is a valid absolute dns name.
* "opaque" is a GSSAPI context id.
* "mctx" is a valid memory context.
* "keyp" is not NULL and "*keyp" is NULL.
*
* Returns:
* ISC_R_SUCCESS
* any other result indicates failure
*
* Ensures:
* If successful, *keyp will contain a valid key and be responsible for
* the context id.
*/
isc_result_t
dst_key_generate(dns_name_t *name, const unsigned int alg,
const unsigned int bits, const unsigned int param,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment