From 73bdbdcec09d29e6dc3f55938c6b0abf09da8517 Mon Sep 17 00:00:00 2001
From: Federico Lucifredi <flucifredi@acm.org>
Date: Thu, 27 Dec 2007 00:52:39 +0000
Subject: tying in draft HMAC coding.

git-svn-id: file:///home/lennart/svn/public/avahi/branches/federico@1634 941a03a8-eaeb-0310-b9a0-b1bbd8fe43fe
---
 avahi-core/wide-area.c | 41 ++++++++++++++++++++++++++++++++++++++---
 1 file changed, 38 insertions(+), 3 deletions(-)

(limited to 'avahi-core/wide-area.c')

diff --git a/avahi-core/wide-area.c b/avahi-core/wide-area.c
index fbe4330..89a187b 100644
--- a/avahi-core/wide-area.c
+++ b/avahi-core/wide-area.c
@@ -34,6 +34,8 @@
 #include <avahi-common/error.h>
 #include <avahi-common/timeval.h>
 
+#include <openssl/hmac.h>
+
 #include "internal.h"
 #include "browse.h"
 #include "socket.h"
@@ -724,9 +726,9 @@ int avahi_wide_area_has_servers(AvahiWideAreaLookupEngine *e) {
 
 /* TODO: should this be located in this file? */
 /* fill key with HEX format key */
-/* r = tsig_sign_packet("dynamic.endorfine.org", key,  p, AVAHI_TSIG_HMAC_MD5) */
+/* r = tsig_sign_packet("dynamic.endorfine.org", key, 16, p, AVAHI_TSIG_HMAC_MD5) */
 /* check for NULL on return */
-AvahiRecord* tsig_sign_packet(const char* keyname, const char* key, AvahiDnsPacket *p, unsigned algorithm) {
+AvahiRecord* tsig_sign_packet(const char* keyname, const char* key, unsigned keylength, AvahiDnsPacket *p, unsigned algorithm) {
     AvahiRecord *r;
 
     r = avahi_record_new_full(keyname, AVAHI_DNS_CLASS_ANY, AVAHI_DNS_TYPE_TSIG, 0);
@@ -770,10 +772,41 @@ AvahiRecord* tsig_sign_packet(const char* keyname, const char* key, AvahiDnsPack
 
     case AVAHI_TSIG_HMAC_SHA256: /*TODO: flesh specific. Test with latest Bind that now implements RFC 4635 */
                                    break;
-    default:   avahi_log_error("avahi_record_new_full() failed.");
+
+    default:   avahi_log_error("Invalid algorithm requested from tsig_sign_packet()");
+               return NULL;
+    }
+
+    /*generate MAC */
+
+    unsigned char keyed_hash[EVP_MAX_MD_SIZE];
+    HMAC_CTX ctx;
+    unsigned hash_length;
+
+    switch (algorithm){
+
+    case AVAHI_TSIG_HMAC_MD5   :   HMAC_Init(&ctx, key, keylength, EVP_md5());
+                                   break;
+
+    case AVAHI_TSIG_HMAC_SHA1  :   /*TODO: flesh specific. Test with latest Bind that now implements RFC 4635*/
+                                   HMAC_Init(&ctx, key, keylength, EVP_sha1());
+                                   break;
+
+    case AVAHI_TSIG_HMAC_SHA256:   /*TODO: flesh specific. Test with latest Bind that now implements RFC 4635*/
+                                   HMAC_Init(&ctx, key, keylength, EVP_sha256());
+                                   break;
+
+    default:   avahi_log_error("Invalid algorithm requested from tsig_sign_packet()");
                return NULL;
     }
 
+    /*HMAC_Update(&ctx, <data/>, <length/>);*/ /*feed all the data to be hashed in */
+
+    HMAC_Final((&ctx, keyed_hash, &hash_length);
+    HMAC_cleanup(&ctx);
+
+    r->data.tsig.mac = avahi_strndup(keyed_hash, hash_length);
+
     return r;
 }
 
@@ -819,4 +852,6 @@ void wide_area_publish(AvahiRecord *r, char *zone, uint16_t id) {
       assert(p);
     }
 
+
+
 }
-- 
cgit