Use the isc hmac-md5 routines instead of dst.

lib/omapi/Makefile.in

@@ -13,7 +13,7 @@
 # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.16 2001/01/09 21:59:53 bwelling Exp $
+# $Id: Makefile.in,v 1.17 2001/02/15 19:44:40 bwelling Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -27,7 +27,6 @@ top_srcdir =	@top_srcdir@
 
 CINCLUDES =	-I./include \
 		-I${srcdir}/include \
-		${DNS_INCLUDES} \
 		${ISC_INCLUDES}
 
 CDEFINES =

lib/omapi/auth.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: auth.c,v 1.16 2001/02/15 19:13:47 bwelling Exp $ */
+/* $Id: auth.c,v 1.17 2001/02/15 19:44:41 bwelling Exp $ */
 
 /* Principal Author: DCL */
 
@@ -42,8 +42,6 @@
 #include <isc/string.h>
 #include <isc/util.h>
 
-#include <dns/name.h>
-
 #include <dst/result.h>
 
 #include <omapi/private.h>
@@ -107,15 +105,9 @@ auth_find(const char *name, unsigned int algorithm, auth_t **ap) {
 
 
 isc_result_t
-auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key) {
+auth_makekey(const char *name, unsigned int algorithm, isc_region_t **key) {
 	isc_result_t result;
-	isc_buffer_t secret;
 	auth_t *auth = NULL;
-	unsigned int dst_algorithm;
-	unsigned int length;
-	dns_name_t dnsname;
-	char namebuf[1025];
-	isc_buffer_t srcb, dstb;
 
 	REQUIRE(name != NULL && algorithm != 0);
 	REQUIRE(key != NULL && *key == NULL);
@@ -127,7 +119,6 @@ auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key) {
 	if (result == ISC_R_SUCCESS) {
 		switch (algorithm) {
 		case OMAPI_AUTH_HMACMD5:
-			dst_algorithm = DST_ALG_HMACMD5;
 			break;
 		default:
 			UNEXPECTED_ERROR(__FILE__, __LINE__,
@@ -136,21 +127,14 @@ auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key) {
 			return (ISC_R_UNEXPECTED);
 		}
 
-		isc_buffer_init(&secret, auth->secret, auth->secretlen);
-		isc_buffer_add(&secret, auth->secretlen);
+		*key = isc_mem_get(omapi_mctx, sizeof(isc_region_t));
+		if (*key == NULL)
+			result = ISC_R_NOMEMORY;
 
-		length = strlen(auth->name);
-		isc_buffer_init(&srcb, auth->name, length);
-		isc_buffer_add(&srcb, length);
-		isc_buffer_init(&dstb, namebuf, sizeof(namebuf));
-
-		dns_name_init(&dnsname, NULL);
-		result = dns_name_fromtext(&dnsname, &srcb, dns_rootname,
-					   ISC_FALSE, &dstb);
-		if (result == ISC_R_SUCCESS)
-			result = dst_key_frombuffer(&dnsname, dst_algorithm,
-						    0, 0, dns_rdataclass_in,
-						    &secret, omapi_mctx, key);
+		if (result == ISC_R_SUCCESS) {
+			(*key)->base = auth->secret;
+			(*key)->length = auth->secretlen;
+		}
 	}
 
 	UNLOCK(&mutex);

lib/omapi/connection.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: connection.c,v 1.38 2001/02/06 22:54:27 bwelling Exp $ */
+/* $Id: connection.c,v 1.39 2001/02/15 19:44:42 bwelling Exp $ */
 
 /* Principal Author: DCL */
 
@@ -628,7 +628,6 @@ omapi_connection_putmem(omapi_object_t *c, const unsigned char *src,
 	omapi_protocol_t *protocol;
 	isc_buffer_t *buffer;
 	isc_bufferlist_t bufferlist;
-	isc_constregion_t region;
 	isc_result_t result;
 	unsigned int space_available;
 
@@ -643,14 +642,8 @@ omapi_connection_putmem(omapi_object_t *c, const unsigned char *src,
 	/*
 	 * XXX make the auth stuff a part of the connection object instead?
 	 */
-	if (protocol->dst_update) {
-		region.base = src;
-		region.length = len;
-		result = dst_context_adddata(protocol->dstctx,
-					     (isc_region_t *)&region);
-		if (result != ISC_R_SUCCESS)
-			return (result);
-	}
+	if (protocol->auth_update)
+		isc_hmacmd5_update(&protocol->hmacctx, src, len);
 
 	/*
 	 * Check for enough space in the output buffers.
@@ -739,10 +732,10 @@ connection_copyout(unsigned char *dst, omapi_connection_t *connection,
 		if (dst != NULL)
 			(void)memcpy(dst, region.base, copy_bytes);
 
-		if (protocol->dst_update &&
+		if (protocol->auth_update &&
 		    protocol->verify_result == ISC_R_SUCCESS)
-			protocol->verify_result =
-				dst_context_adddata(protocol->dstctx, &region);
+			isc_hmacmd5_update(&protocol->hmacctx,
+					   region.base, region.length);
 
 		isc_buffer_forward(buffer, copy_bytes);
 

lib/omapi/include/omapi/private.h

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: private.h,v 1.26 2001/01/09 22:00:28 bwelling Exp $ */
+/* $Id: private.h,v 1.27 2001/02/15 19:44:46 bwelling Exp $ */
 
 /*****
  ***** Private master include file for the OMAPI library.
@@ -25,12 +25,11 @@
 #define OMAPI_PRIVATE_H 1
 
 #include <isc/condition.h>
+#include <isc/hmacmd5.h>
 #include <isc/lang.h>
 #include <isc/mutex.h>
 #include <isc/socket.h>
 
-#include <dst/dst.h>
-
 #include <omapi/omapi.h>
 
 #define OMAPI_BUFFER_SIZE 4096
@@ -237,9 +236,9 @@ struct omapi_protocol {
 	 */
 	char *				authname;
 	unsigned int			algorithm;
-	isc_boolean_t			dst_update;
-	dst_key_t			*key;
-	dst_context_t			*dstctx;
+	isc_boolean_t			auth_update;
+	isc_region_t			*key;
+	isc_hmacmd5_t			hmacctx;
 	isc_region_t			signature_in;
 	isc_buffer_t			*signature_out;
 	isc_result_t			verify_result;
@@ -308,7 +307,7 @@ auth_destroy(void);
 
 #define auth_makekey omapi__auth_makekey
 isc_result_t
-auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key);
+auth_makekey(const char *name, unsigned int algorithm, isc_region_t **key);
 
 /*
  * Private library functions defined in connection.c.

lib/omapi/message.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: message.c,v 1.29 2001/01/09 22:00:02 bwelling Exp $ */
+/* $Id: message.c,v 1.30 2001/02/15 19:44:43 bwelling Exp $ */
 
 /*
  * Subroutines for dealing with message objects.
@@ -169,13 +169,9 @@ omapi_message_send(omapi_object_t *message, omapi_object_t *protocol) {
 	m = (omapi_message_t *)message;
 
 	if (p->key != NULL) {
-		p->dstctx = NULL;
-		result = dst_context_create(p->key, omapi_mctx, &p->dstctx);
-
-		if (result == ISC_R_SUCCESS)
-			result = dst_key_sigsize(p->key, &authlen);
-
-		p->dst_update = ISC_TRUE;
+		isc_hmacmd5_init(&p->hmacctx, p->key->base, p->key->length);
+		authlen = ISC_MD5_DIGESTLENGTH;
+		p->auth_update = ISC_TRUE;
 	}
 
 	if (result == ISC_R_SUCCESS)
@@ -251,13 +247,16 @@ omapi_message_send(omapi_object_t *message, omapi_object_t *protocol) {
 
 		isc_buffer_clear(p->signature_out);
 
-		result = dst_context_sign(p->dstctx, p->signature_out);
+		INSIST(isc_buffer_availablelength(p->signature_out) >=
+		       ISC_MD5_DIGESTLENGTH);
+		isc_hmacmd5_sign(&p->hmacctx,
+				 isc_buffer_base(p->signature_out));
 
-		dst_context_destroy(&p->dstctx);
+		isc_hmacmd5_invalidate(&p->hmacctx);
 
 		isc_buffer_region(p->signature_out, &r);
 
-		p->dst_update = ISC_FALSE;
+		p->auth_update = ISC_FALSE;
 
 		if (result == ISC_R_SUCCESS)
 			result = omapi_connection_putmem(connection,
@@ -377,13 +376,12 @@ message_process(omapi_object_t *mo, omapi_object_t *po) {
 		m = NULL;
 
 	if (protocol->key != NULL) {
-		if (protocol->verify_result == ISC_R_SUCCESS) {
-			protocol->verify_result =
-				dst_context_verify(protocol->dstctx,
-						   &protocol->signature_in);
+		if (protocol->signature_in.length < ISC_MD5_DIGESTLENGTH ||
+		    !isc_hmacmd5_verify(&protocol->hmacctx,
+					protocol->signature_in.base))
+			protocol->verify_result = ISC_R_FAILURE;
 
-			dst_context_destroy(&protocol->dstctx);
-		}
+			isc_hmacmd5_invalidate(&protocol->hmacctx);
 
 		if (protocol->verify_result != ISC_R_SUCCESS) {
 			if (connection->is_client) {

lib/omapi/protocol.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: protocol.c,v 1.33 2001/01/09 22:00:07 bwelling Exp $ */
+/* $Id: protocol.c,v 1.34 2001/02/15 19:44:45 bwelling Exp $ */
 
 /*
  * Functions supporting the object management protocol.
@@ -365,12 +365,11 @@ dispatch_messages(omapi_protocol_t *protocol,
 			break;
 
 		if (protocol->key != NULL) {
-			protocol->dstctx = NULL;
-			protocol->verify_result =
-				dst_context_create(protocol->key,
-						   omapi_mctx,
-						   &protocol->dstctx);
-			protocol->dst_update = ISC_TRUE;
+			isc_hmacmd5_init(&protocol->hmacctx,
+					 protocol->key->base,
+					 protocol->key->length);
+			protocol->verify_result = ISC_R_SUCCESS;
+			protocol->auth_update = ISC_TRUE;
 		}
 
 		/*
@@ -584,7 +583,7 @@ dispatch_messages(omapi_protocol_t *protocol,
 		 * Turn off the dst_verify updating while the signature
 		 * bytes are copied; they are not part of what was signed.
 		 */
-		protocol->dst_update = ISC_FALSE;
+		protocol->auth_update = ISC_FALSE;
 
 		connection_copyout(protocol->message->authenticator->
 				   u.buffer.value,
@@ -731,13 +730,15 @@ protocol_setvalue(omapi_object_t *h, omapi_string_t *name, omapi_data_t *value)
 				   p->verify_key_arg))
 			return (ISC_R_NOPERM);
 
-		if (p->key != NULL)
-			dst_key_free(&p->key);
+		if (p->key != NULL) {
+			isc_mem_put(omapi_mctx, p->key, sizeof(isc_region_t));
+			p->key = NULL;
+		}
 
 		result = auth_makekey(p->authname, p->algorithm, &p->key);
 
 		if (result == ISC_R_SUCCESS)
-			result = dst_key_sigsize(p->key, &sigsize);
+			sigsize = ISC_MD5_DIGESTLENGTH;
 
 		if (result == ISC_R_SUCCESS)
 			result = isc_buffer_allocate(omapi_mctx,
@@ -745,8 +746,11 @@ protocol_setvalue(omapi_object_t *h, omapi_string_t *name, omapi_data_t *value)
 						     sigsize);
 
 		if (result != ISC_R_SUCCESS) {
-			if (p->key != NULL)
-				dst_key_free(&p->key);
+			if (p->key != NULL) {
+				isc_mem_put(omapi_mctx, p->key,
+					    sizeof(isc_region_t));
+				p->key = NULL;
+			}
 			isc_mem_free(omapi_mctx, p->authname);
 			p->authname = NULL;
 			p->algorithm = 0;
@@ -791,7 +795,7 @@ protocol_destroy(omapi_object_t *h) {
 	}
 
 	if (p->key != NULL) {
-		dst_key_free(&p->key);
+		isc_mem_put(omapi_mctx, p->key, sizeof(isc_region_t));
 		p->key = NULL;
 	}
 }