diff options
| author | Federico Lucifredi <flucifredi@acm.org> | 2008-01-21 07:05:36 +0000 |
|---|---|---|
| committer | Federico Lucifredi <flucifredi@acm.org> | 2008-01-21 07:05:36 +0000 |
| commit | c02ed28968bf163cc6c7d11f635247935662200f (patch) | |
| tree | 03a463a6ba58d9c70ecbdff59d8f8762caaf194d | |
| parent | 6197fe64852c19670e10451d29566a4035069930 (diff) | |
fixes.
git-svn-id: file:///home/lennart/svn/public/avahi/branches/federico2@1737 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe
| -rw-r--r-- | avahi-core/dns.c | 34 | ||||
| -rw-r--r-- | avahi-core/dns.h | 4 | ||||
| -rw-r--r-- | avahi-core/domain-util.c | 14 | ||||
| -rw-r--r-- | avahi-core/domain-util.h | 9 |
4 files changed, 33 insertions, 28 deletions
diff --git a/avahi-core/dns.c b/avahi-core/dns.c index 61f094b..6c7f5fc 100644 --- a/avahi-core/dns.c +++ b/avahi-core/dns.c @@ -35,6 +35,8 @@ #include <avahi-common/domain.h> #include <avahi-common/malloc.h> +#include <openssl/evp.h> + #include "dns.h" #include "log.h" @@ -940,21 +942,24 @@ AvahiRecord* avahi_get_local_zsk_pubkey(uint32_t ttl){ } /* invoke as avahi_dnssec_sign_record(<record>, <ttl>) */ -AvahiRecord avahi_dnssec_sign_record(AvahiRecord *s, uint32_t ttl){ +AvahiRecord* avahi_dnssec_sign_record(AvahiRecord *s, uint32_t ttl){ AvahiRecord *r; AvahiRecord *key; int result; char *canonic; /*used in conversions */ - AvahiDNSPacket *tmp; + AvahiDnsPacket *tmp; unsigned char signature[EVP_MAX_MD_SIZE]; /*used for signing */ - HMAC_CTX ctx; + EVP_MD_CTX ctx; unsigned signature_length; - r = avahi_record_new_full(keyname, AVAHI_DNS_CLASS_IN, AVAHI_DNS_TYPE_RRSIG, 0); + /* retrieve RRSIG record representing localhost's trust */ + key = avahi_get_local_zsk_pubkey(ttl); + + r = avahi_record_new_full(key->key->name, AVAHI_DNS_CLASS_IN, AVAHI_DNS_TYPE_RRSIG, 0); if (!r) { /* OOM check */ avahi_log_error("avahi_record_new_full() failed."); @@ -962,16 +967,16 @@ AvahiRecord avahi_dnssec_sign_record(AvahiRecord *s, uint32_t ttl){ } /* type of covered record */ - r->data.rrsig.type_covered = s->key.type; + r->data.rrsig.type_covered = s->key->type; /* SHA1 is mandatory in the spec (MUST), but other options are available */ r->data.rrsig.algorithm = AVAHI_DNSSEC_KEY_SHA1; /* label count */ - r->data.rrsig.labels = avahi_count_canonical_labels(avahi_c_to_canonical_string(s->key.name)); + r->data.rrsig.labels = avahi_count_canonical_labels(avahi_c_to_canonical_string(s->key->name)); /* original ttl */ - r->data.rrsig.ttl = ttl); /*this could be invalidated if TTL capping is later used in the packet dispatching call */ + r->ttl = ttl; /*this could be invalidated if TTL capping is later used in the packet dispatching call */ /* signature validity - ttl seconds from now is reasonable*/ r->data.rrsig.signature_expiration = time(NULL) + ttl; @@ -979,11 +984,8 @@ AvahiRecord avahi_dnssec_sign_record(AvahiRecord *s, uint32_t ttl){ /* when was the record signed? to allow for badly sync'd clocks, one conventionally claims signing 1 hour in the past */ r->data.rrsig.signature_inception = time(NULL) - AVAHI_DNSSEC_TIME_DRIFT; - /* retrieve RRSIG record representing localhost's trust */ - key = avahi_get_local_zsk_pubkey(ttl); - /* generate keytag of the localhost's pubkey */ - r->data.rrsig.keytag = avahi_keytag(key); + r->data.rrsig.key_tag = avahi_keytag(key); /* <localhost>+".local", to be retrieved from future *private* crypto config file along with local ZSK keypair */ r->data.rrsig.signers_name = avahi_strdup (key->key->name); @@ -994,7 +996,7 @@ AvahiRecord avahi_dnssec_sign_record(AvahiRecord *s, uint32_t ttl){ switch (r->data.dnskey.algorithm){ - case AVAHI_DNSSEC_KEY_SHA1 : EVP_SigInit(&ctx, EVP_sha1()); + case AVAHI_DNSSEC_KEY_SHA1 : EVP_SignInit(&ctx, EVP_sha1()); break; /* RSA SHA1 is only mandatory in the spec, others exist */ default: avahi_log_error("Unknown algorithm requested from avahi_dnssec_sign_record()"); @@ -1027,7 +1029,7 @@ AvahiRecord avahi_dnssec_sign_record(AvahiRecord *s, uint32_t ttl){ EVP_SignUpdate(&ctx, avahi_uint16_to_canonical_string(r->data.rrsig.key_tag), 2); /* authority */ - canonic = avahi_c_to_canonical_string(r->data->signers_name); /* signer's name in canonical wire format (DNS labels) */ + canonic = avahi_c_to_canonical_string(r->data.rrsig.signers_name); /* signer's name in canonical wire format (DNS labels) */ EVP_SignUpdate(&ctx, canonic, strlen(canonic) +1); /* now the DNS record that we are signing, complete and in wire format */ @@ -1053,7 +1055,7 @@ AvahiRecord avahi_dnssec_sign_record(AvahiRecord *s, uint32_t ttl){ EVP_SignUpdate(&ctx, AVAHI_DNS_PACKET_DATA(tmp) + AVAHI_DNS_PACKET_HEADER_SIZE, tmp->size - AVAHI_DNS_PACKET_HEADER_SIZE); /* now get the signature of the secure hash we just generated*/ - EVP_SignFinal(&ctx, signature, &signature_length, private_key); +/* EVP_SignFinal(&ctx, signature, &signature_length, private_key); */ avahi_free(tmp); @@ -1063,6 +1065,6 @@ AvahiRecord avahi_dnssec_sign_record(AvahiRecord *s, uint32_t ttl){ return r; } -AvahiRecord* avahi_get_local_trust_record(){ +/*AvahiRecord* avahi_get_local_trust_record(){ -}
\ No newline at end of file +}*/ diff --git a/avahi-core/dns.h b/avahi-core/dns.h index baabc8a..25bb3b6 100644 --- a/avahi-core/dns.h +++ b/avahi-core/dns.h @@ -80,8 +80,8 @@ int avahi_dns_packet_is_empty(AvahiDnsPacket *p); size_t avahi_dns_packet_space(AvahiDnsPacket *p); AvahiRecord* avahi_get_local_zsk_pubkey(uint32_t ttl); -AvahiRecord avahi_dnssec_sign_record(AvahiRecord *s, uint32_t ttl); -AvahiRecord* avahi_get_local_trust_record(); +AvahiRecord* avahi_dnssec_sign_record(AvahiRecord *s, uint32_t ttl); +/*AvahiRecord* avahi_get_local_trust_record();*/ #define AVAHI_DNS_FIELD_ID 0 diff --git a/avahi-core/domain-util.c b/avahi-core/domain-util.c index 07d1fb1..5728010 100644 --- a/avahi-core/domain-util.c +++ b/avahi-core/domain-util.c @@ -32,6 +32,8 @@ #include <stdio.h> #include <avahi-common/malloc.h> +#include <avahi-common/defs.h> +#include <avahi-core/dns.h> #include "log.h" #include "domain-util.h" @@ -193,7 +195,7 @@ unsigned char * avahi_c_to_canonical_string(const char* input) { char *label = avahi_malloc(AVAHI_LABEL_MAX); char *retval = avahi_malloc(AVAHI_DOMAIN_NAME_MAX); - char *result = retval; + unsigned char *result = retval; /* printf("invoked with: -%s-\n", input); */ @@ -273,11 +275,11 @@ uint16_t keytag(uint8_t key[], uint16_t keysize){ } /*invoke with avahi_keytag(<RR>); */ -uint16_t avahi_keytag(AvahiRecord r){ +uint16_t avahi_keytag(AvahiRecord *r){ uint16_t result; - AvahiDNSPacket *tmp; + AvahiDnsPacket *tmp; - if (r->key.type != AVAHI_DNS_TYPE_RRSIG) + if (r->key->type != AVAHI_DNS_TYPE_RRSIG) return NULL; /* invalid RRTYPE to generate keytag on */ tmp = avahi_dns_packet_new_query(0); /* MTU */ @@ -288,7 +290,7 @@ uint16_t avahi_keytag(AvahiRecord r){ } /* no TTL binding, leave record unaltered */ - result = avahi_dns_packet_append_record(tmp, key, 0, 0); + result = avahi_dns_packet_append_record(tmp, r, 0, 0); if (!result) { avahi_log_error("appending of rdata failed."); @@ -305,4 +307,4 @@ uint16_t avahi_keytag(AvahiRecord r){ avahi_free(tmp); return result; -}
\ No newline at end of file +} diff --git a/avahi-core/domain-util.h b/avahi-core/domain-util.h index 1fdb4f0..7e4ae52 100644 --- a/avahi-core/domain-util.h +++ b/avahi-core/domain-util.h @@ -27,6 +27,7 @@ #include <avahi-common/cdecl.h> #include <avahi-common/domain.h> +#include <avahi-core/rr.h> AVAHI_C_DECL_BEGIN @@ -54,11 +55,11 @@ unsigned char * avahi_uint32_to_canonical_string(uint32_t v); /** returns the number of labels in a canonical DNS domain */ uint8_t avahi_count_canonical_labels(const char* input); -/** returns keytag of a given DNSKEY record */ -uint16_t avahi_keytag(AvahiRecord r); - /* reference keytag generator from RFC 4034 */ -uint16_t avahi_keytag(uint8_t key[], uint16_t keysize); +uint16_t keytag(uint8_t key[], uint16_t keysize); + +/** returns keytag of a given DNSKEY record */ +uint16_t avahi_keytag(AvahiRecord* r); AVAHI_C_DECL_END |