diff --git a/lib/omapi/Makefile.in b/lib/omapi/Makefile.in index d8015a547b..b2f418e2a7 100644 --- a/lib/omapi/Makefile.in +++ b/lib/omapi/Makefile.in @@ -13,7 +13,7 @@ # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.16 2001/01/09 21:59:53 bwelling Exp $ +# $Id: Makefile.in,v 1.17 2001/02/15 19:44:40 bwelling Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -27,7 +27,6 @@ top_srcdir = @top_srcdir@ CINCLUDES = -I./include \ -I${srcdir}/include \ - ${DNS_INCLUDES} \ ${ISC_INCLUDES} CDEFINES = diff --git a/lib/omapi/auth.c b/lib/omapi/auth.c index 84139a0e70..5fe1263b3c 100644 --- a/lib/omapi/auth.c +++ b/lib/omapi/auth.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: auth.c,v 1.16 2001/02/15 19:13:47 bwelling Exp $ */ +/* $Id: auth.c,v 1.17 2001/02/15 19:44:41 bwelling Exp $ */ /* Principal Author: DCL */ @@ -42,8 +42,6 @@ #include #include -#include - #include #include @@ -107,15 +105,9 @@ auth_find(const char *name, unsigned int algorithm, auth_t **ap) { isc_result_t -auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key) { +auth_makekey(const char *name, unsigned int algorithm, isc_region_t **key) { isc_result_t result; - isc_buffer_t secret; auth_t *auth = NULL; - unsigned int dst_algorithm; - unsigned int length; - dns_name_t dnsname; - char namebuf[1025]; - isc_buffer_t srcb, dstb; REQUIRE(name != NULL && algorithm != 0); REQUIRE(key != NULL && *key == NULL); @@ -127,7 +119,6 @@ auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key) { if (result == ISC_R_SUCCESS) { switch (algorithm) { case OMAPI_AUTH_HMACMD5: - dst_algorithm = DST_ALG_HMACMD5; break; default: UNEXPECTED_ERROR(__FILE__, __LINE__, @@ -136,21 +127,14 @@ auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key) { return (ISC_R_UNEXPECTED); } - isc_buffer_init(&secret, auth->secret, auth->secretlen); - isc_buffer_add(&secret, auth->secretlen); + *key = isc_mem_get(omapi_mctx, sizeof(isc_region_t)); + if (*key == NULL) + result = ISC_R_NOMEMORY; - length = strlen(auth->name); - isc_buffer_init(&srcb, auth->name, length); - isc_buffer_add(&srcb, length); - isc_buffer_init(&dstb, namebuf, sizeof(namebuf)); - - dns_name_init(&dnsname, NULL); - result = dns_name_fromtext(&dnsname, &srcb, dns_rootname, - ISC_FALSE, &dstb); - if (result == ISC_R_SUCCESS) - result = dst_key_frombuffer(&dnsname, dst_algorithm, - 0, 0, dns_rdataclass_in, - &secret, omapi_mctx, key); + if (result == ISC_R_SUCCESS) { + (*key)->base = auth->secret; + (*key)->length = auth->secretlen; + } } UNLOCK(&mutex); diff --git a/lib/omapi/connection.c b/lib/omapi/connection.c index 8d9d8c2b62..63bc39cc3a 100644 --- a/lib/omapi/connection.c +++ b/lib/omapi/connection.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: connection.c,v 1.38 2001/02/06 22:54:27 bwelling Exp $ */ +/* $Id: connection.c,v 1.39 2001/02/15 19:44:42 bwelling Exp $ */ /* Principal Author: DCL */ @@ -628,7 +628,6 @@ omapi_connection_putmem(omapi_object_t *c, const unsigned char *src, omapi_protocol_t *protocol; isc_buffer_t *buffer; isc_bufferlist_t bufferlist; - isc_constregion_t region; isc_result_t result; unsigned int space_available; @@ -643,14 +642,8 @@ omapi_connection_putmem(omapi_object_t *c, const unsigned char *src, /* * XXX make the auth stuff a part of the connection object instead? */ - if (protocol->dst_update) { - region.base = src; - region.length = len; - result = dst_context_adddata(protocol->dstctx, - (isc_region_t *)®ion); - if (result != ISC_R_SUCCESS) - return (result); - } + if (protocol->auth_update) + isc_hmacmd5_update(&protocol->hmacctx, src, len); /* * Check for enough space in the output buffers. @@ -739,10 +732,10 @@ connection_copyout(unsigned char *dst, omapi_connection_t *connection, if (dst != NULL) (void)memcpy(dst, region.base, copy_bytes); - if (protocol->dst_update && + if (protocol->auth_update && protocol->verify_result == ISC_R_SUCCESS) - protocol->verify_result = - dst_context_adddata(protocol->dstctx, ®ion); + isc_hmacmd5_update(&protocol->hmacctx, + region.base, region.length); isc_buffer_forward(buffer, copy_bytes); diff --git a/lib/omapi/include/omapi/private.h b/lib/omapi/include/omapi/private.h index da3e8206f3..9b3a4c0ebf 100644 --- a/lib/omapi/include/omapi/private.h +++ b/lib/omapi/include/omapi/private.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: private.h,v 1.26 2001/01/09 22:00:28 bwelling Exp $ */ +/* $Id: private.h,v 1.27 2001/02/15 19:44:46 bwelling Exp $ */ /***** ***** Private master include file for the OMAPI library. @@ -25,12 +25,11 @@ #define OMAPI_PRIVATE_H 1 #include +#include #include #include #include -#include - #include #define OMAPI_BUFFER_SIZE 4096 @@ -237,9 +236,9 @@ struct omapi_protocol { */ char * authname; unsigned int algorithm; - isc_boolean_t dst_update; - dst_key_t *key; - dst_context_t *dstctx; + isc_boolean_t auth_update; + isc_region_t *key; + isc_hmacmd5_t hmacctx; isc_region_t signature_in; isc_buffer_t *signature_out; isc_result_t verify_result; @@ -308,7 +307,7 @@ auth_destroy(void); #define auth_makekey omapi__auth_makekey isc_result_t -auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key); +auth_makekey(const char *name, unsigned int algorithm, isc_region_t **key); /* * Private library functions defined in connection.c. diff --git a/lib/omapi/message.c b/lib/omapi/message.c index de7cc28f79..55c997a996 100644 --- a/lib/omapi/message.c +++ b/lib/omapi/message.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: message.c,v 1.29 2001/01/09 22:00:02 bwelling Exp $ */ +/* $Id: message.c,v 1.30 2001/02/15 19:44:43 bwelling Exp $ */ /* * Subroutines for dealing with message objects. @@ -169,13 +169,9 @@ omapi_message_send(omapi_object_t *message, omapi_object_t *protocol) { m = (omapi_message_t *)message; if (p->key != NULL) { - p->dstctx = NULL; - result = dst_context_create(p->key, omapi_mctx, &p->dstctx); - - if (result == ISC_R_SUCCESS) - result = dst_key_sigsize(p->key, &authlen); - - p->dst_update = ISC_TRUE; + isc_hmacmd5_init(&p->hmacctx, p->key->base, p->key->length); + authlen = ISC_MD5_DIGESTLENGTH; + p->auth_update = ISC_TRUE; } if (result == ISC_R_SUCCESS) @@ -251,13 +247,16 @@ omapi_message_send(omapi_object_t *message, omapi_object_t *protocol) { isc_buffer_clear(p->signature_out); - result = dst_context_sign(p->dstctx, p->signature_out); + INSIST(isc_buffer_availablelength(p->signature_out) >= + ISC_MD5_DIGESTLENGTH); + isc_hmacmd5_sign(&p->hmacctx, + isc_buffer_base(p->signature_out)); - dst_context_destroy(&p->dstctx); + isc_hmacmd5_invalidate(&p->hmacctx); isc_buffer_region(p->signature_out, &r); - p->dst_update = ISC_FALSE; + p->auth_update = ISC_FALSE; if (result == ISC_R_SUCCESS) result = omapi_connection_putmem(connection, @@ -377,13 +376,12 @@ message_process(omapi_object_t *mo, omapi_object_t *po) { m = NULL; if (protocol->key != NULL) { - if (protocol->verify_result == ISC_R_SUCCESS) { - protocol->verify_result = - dst_context_verify(protocol->dstctx, - &protocol->signature_in); + if (protocol->signature_in.length < ISC_MD5_DIGESTLENGTH || + !isc_hmacmd5_verify(&protocol->hmacctx, + protocol->signature_in.base)) + protocol->verify_result = ISC_R_FAILURE; - dst_context_destroy(&protocol->dstctx); - } + isc_hmacmd5_invalidate(&protocol->hmacctx); if (protocol->verify_result != ISC_R_SUCCESS) { if (connection->is_client) { diff --git a/lib/omapi/protocol.c b/lib/omapi/protocol.c index 079881601c..c830378c83 100644 --- a/lib/omapi/protocol.c +++ b/lib/omapi/protocol.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: protocol.c,v 1.33 2001/01/09 22:00:07 bwelling Exp $ */ +/* $Id: protocol.c,v 1.34 2001/02/15 19:44:45 bwelling Exp $ */ /* * Functions supporting the object management protocol. @@ -365,12 +365,11 @@ dispatch_messages(omapi_protocol_t *protocol, break; if (protocol->key != NULL) { - protocol->dstctx = NULL; - protocol->verify_result = - dst_context_create(protocol->key, - omapi_mctx, - &protocol->dstctx); - protocol->dst_update = ISC_TRUE; + isc_hmacmd5_init(&protocol->hmacctx, + protocol->key->base, + protocol->key->length); + protocol->verify_result = ISC_R_SUCCESS; + protocol->auth_update = ISC_TRUE; } /* @@ -584,7 +583,7 @@ dispatch_messages(omapi_protocol_t *protocol, * Turn off the dst_verify updating while the signature * bytes are copied; they are not part of what was signed. */ - protocol->dst_update = ISC_FALSE; + protocol->auth_update = ISC_FALSE; connection_copyout(protocol->message->authenticator-> u.buffer.value, @@ -731,13 +730,15 @@ protocol_setvalue(omapi_object_t *h, omapi_string_t *name, omapi_data_t *value) p->verify_key_arg)) return (ISC_R_NOPERM); - if (p->key != NULL) - dst_key_free(&p->key); + if (p->key != NULL) { + isc_mem_put(omapi_mctx, p->key, sizeof(isc_region_t)); + p->key = NULL; + } result = auth_makekey(p->authname, p->algorithm, &p->key); if (result == ISC_R_SUCCESS) - result = dst_key_sigsize(p->key, &sigsize); + sigsize = ISC_MD5_DIGESTLENGTH; if (result == ISC_R_SUCCESS) result = isc_buffer_allocate(omapi_mctx, @@ -745,8 +746,11 @@ protocol_setvalue(omapi_object_t *h, omapi_string_t *name, omapi_data_t *value) sigsize); if (result != ISC_R_SUCCESS) { - if (p->key != NULL) - dst_key_free(&p->key); + if (p->key != NULL) { + isc_mem_put(omapi_mctx, p->key, + sizeof(isc_region_t)); + p->key = NULL; + } isc_mem_free(omapi_mctx, p->authname); p->authname = NULL; p->algorithm = 0; @@ -791,7 +795,7 @@ protocol_destroy(omapi_object_t *h) { } if (p->key != NULL) { - dst_key_free(&p->key); + isc_mem_put(omapi_mctx, p->key, sizeof(isc_region_t)); p->key = NULL; } }