17 #include <openssl/hmac.h>
18 #include <openssl/md5.h>
57 uint8_t *wire2 = NULL;
86 for (i = 0; i < qd_count; i++) {
94 for (i = 0; i < an_count; i++) {
102 for (i = 0; i < ns_count; i++) {
110 for (i = 0; i < ar_count; i++) {
124 memcpy(wire2, wire, *result_len);
132 static const EVP_MD *
133 ldns_digest_function(
char *name)
137 if (strlen(name) == 12
138 && strncasecmp(name,
"hmac-sha256.", 11) == 0) {
139 #ifdef HAVE_EVP_SHA256
144 }
else if (strlen(name) == 10
145 && strncasecmp(name,
"hmac-sha1.", 9) == 0) {
147 }
else if (strlen(name) == 25
148 && strncasecmp(name,
"hmac-md5.sig-alg.reg.int.", 25)
159 ldns_tsig_mac_new(
ldns_rdf **tsig_mac, uint8_t *pkt_wire,
size_t pkt_wire_size,
167 unsigned char *mac_bytes = NULL;
168 unsigned char *key_bytes = NULL;
170 const EVP_MD *digester;
171 char *algorithm_name = NULL;
172 unsigned int md_len = EVP_MAX_MD_SIZE;
175 ldns_rdf *canonical_key_name_rdf = NULL;
176 ldns_rdf *canonical_algorithm_rdf = NULL;
178 if (key_name_rdf == NULL || algorithm_rdf == NULL) {
182 if (canonical_key_name_rdf == NULL) {
186 if (canonical_algorithm_rdf == NULL) {
202 ldns_buffer_write(data_buffer, pkt_wire, pkt_wire_size);
203 if (!tsig_timers_only) {
206 canonical_key_name_rdf);
208 ldns_buffer_write_u32(data_buffer, 0);
211 canonical_algorithm_rdf);
215 if (!tsig_timers_only) {
220 wireformat = (
char *) data_buffer->
_data;
221 wiresize = (
int) ldns_buffer_position(data_buffer);
224 if(!algorithm_name) {
231 ldns_b64_pton_calculate_size(strlen(key_data)));
237 ldns_b64_pton_calculate_size(strlen(key_data)));
249 memset(mac_bytes, 0, md_len+2);
251 digester = ldns_digest_function(algorithm_name);
254 (void) HMAC(digester, key_bytes, key_size, (
void *)wireformat,
255 (size_t) wiresize, mac_bytes + 2, &md_len);
257 ldns_write_uint16(mac_bytes, md_len);
281 const char *key_data,
ldns_rdf *orig_mac_rdf)
288 const char *key_data,
ldns_rdf *orig_mac_rdf,
int tsig_timers_only)
299 uint16_t pkt_id, orig_pkt_id;
302 uint8_t *prepared_wire = NULL;
303 size_t prepared_wire_size = 0;
328 status = ldns_tsig_mac_new(&my_mac_rdf, prepared_wire, prepared_wire_size,
329 key_data, key_name_rdf, fudge_rdf, algorithm_rdf,
330 time_signed_rdf, error_rdf, other_data_rdf, orig_mac_rdf, tsig_timers_only);
357 uint16_t fudge,
const char *algorithm_name,
ldns_rdf *query_mac)
364 uint16_t fudge,
const char *algorithm_name,
ldns_rdf *query_mac,
int tsig_timers_only)
377 uint8_t *pkt_wire = NULL;
380 struct timeval tv_time_signed;
381 uint8_t *time_signed = NULL;
385 if(!key_name_rdf || !algorithm_rdf) {
392 if (gettimeofday(&tv_time_signed, NULL) == 0) {
398 ldns_write_uint64_as_uint48(time_signed,
399 (uint64_t)tv_time_signed.tv_sec);
406 if(!time_signed_rdf) {
420 if(!fudge_rdf || !orig_id_rdf || !error_rdf || !other_data_rdf) {
430 status = ldns_tsig_mac_new(&mac_rdf, pkt_wire, pkt_wire_len,
431 key_data, key_name_rdf, fudge_rdf, algorithm_rdf,
432 time_signed_rdf, error_rdf, other_data_rdf, query_mac, tsig_timers_only);