diff options
author | Francis Dupont <fdupont@isc.org> | 2015-05-31 14:00:07 +0200 |
---|---|---|
committer | Francis Dupont <fdupont@isc.org> | 2015-05-31 14:00:07 +0200 |
commit | f3d09a10b0c6567959e479605e6b22049286ca73 (patch) | |
tree | 22455b8eed4fd4779b904be6e21065eea8f82801 | |
parent | c097caaac89aa00a40a9a6721b93a212a3d24c99 (diff) | |
download | isc-dhcp-f3d09a10b0c6567959e479605e6b22049286ca73.tar.gz |
add timestamp
-rw-r--r-- | client/dhc6.c | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/client/dhc6.c b/client/dhc6.c index 416ea52c..fc8b8165 100644 --- a/client/dhc6.c +++ b/client/dhc6.c @@ -5173,7 +5173,10 @@ static void secure_dhc6_add(struct data_string *packet) { struct data_string tbs; + struct data_string tmstmp; struct data_string sign; + isc_uint64_t sec; + isc_uint64_t fraction; dst_context_t *ctx = NULL; isc_region_t r; isc_buffer_t sigbuf; @@ -5183,6 +5186,7 @@ secure_dhc6_add(struct data_string *packet) /* Prepare a to be signed copy of the packet */ memset(&tbs, 0, sizeof(tbs)); + memset(&tmstmp, 0, sizeof(tmstmp)); memset(&sign, 0, sizeof(sign)); if (!buffer_allocate(&tbs.buffer, packet->len, MDL)) { log_error("Unable to allocate memory for to be signed."); @@ -5200,16 +5204,44 @@ secure_dhc6_add(struct data_string *packet) return; } + /* Prepare the timestamp option */ + if (!buffer_allocate(&tmstmp.buffer, 8, MDL)) { + log_error("Unable to allocate memory for timestamp."); + data_string_forget(&tbs, MDL); + return; + } + tmstmp.data = tmstmp.buffer->data; + tmstmp.len = 8; + sec = (isc_uint64_t) cur_tv.tv_sec + 2208988800UL; + tmstmp.buffer->data[0] = (sec >> 40) & 0xff; + tmstmp.buffer->data[1] = (sec >> 32) & 0xff; + tmstmp.buffer->data[2] = (sec >> 24) & 0xff; + tmstmp.buffer->data[3] = (sec >> 16) & 0xff; + tmstmp.buffer->data[4] = (sec >> 8) & 0xff; + tmstmp.buffer->data[5] = sec & 0xff; + fraction = (((isc_uint64_t) cur_tv.tv_usec) * 65536) / 1000000; + tmstmp.buffer->data[6] = (fraction >> 8) & 0xff; + tmstmp.buffer->data[7] = fraction & 0xff; + + /* Push the timestamp option */ + if (!append_option(&tbs, &dhcpv6_universe, timestmp_option, &tmstmp)) { + data_string_forget(&tbs, MDL); + data_string_forget(&tmstmp, MDL); + return; + } + /* Prepare the signature option */ result = dst_key_sigsize(key, &siglen); if (result != ISC_R_SUCCESS) { log_error("dst_key_sigsize: %s.", isc_result_totext(result)); data_string_forget(&tbs, MDL); + data_string_forget(&tmstmp, MDL); return; } if (!buffer_allocate(&sign.buffer, siglen, MDL)) { log_error("Unable to allocate memory for signature."); data_string_forget(&tbs, MDL); + data_string_forget(&tmstmp, MDL); return; } memset(sign.buffer->data, 0, siglen + 2); @@ -5222,6 +5254,7 @@ secure_dhc6_add(struct data_string *packet) /* Push the signature on the to be signed copy */ if (!append_option(&tbs, &dhcpv6_universe, sign_option, &sign)) { data_string_forget(&tbs, MDL); + data_string_forget(&tmstmp, MDL); data_string_forget(&sign, MDL); return; } @@ -5232,6 +5265,7 @@ secure_dhc6_add(struct data_string *packet) log_error("dst_context_create: %s.", isc_result_totext(result)); data_string_forget(&tbs, MDL); + data_string_forget(&tmstmp, MDL); data_string_forget(&sign, MDL); return; } @@ -5244,6 +5278,7 @@ secure_dhc6_add(struct data_string *packet) log_error("dst_context_adddata: %s.", isc_result_totext(result)); data_string_forget(&tbs, MDL); + data_string_forget(&tmstmp, MDL); data_string_forget(&sign, MDL); dst_context_destroy(&ctx); return; @@ -5257,6 +5292,7 @@ secure_dhc6_add(struct data_string *packet) if (result != ISC_R_SUCCESS) { log_error("dst_context_sign: %s.", isc_result_totext(result)); + data_string_forget(&tmstmp, MDL); data_string_forget(&sign, MDL); return; } @@ -5265,9 +5301,19 @@ secure_dhc6_add(struct data_string *packet) if (!append_option(packet, &dhcpv6_universe, is_secure == 1 ? pubkey_option : cert_option, &der)) { + data_string_forget(&tmstmp, MDL); + data_string_forget(&sign, MDL); + return; + } + + /* Push the timestamp option on the packet */ + if (!append_option(packet, &dhcpv6_universe, + timestmp_option, &tmstmp)) { + data_string_forget(&tmstmp, MDL); data_string_forget(&sign, MDL); return; } + data_string_forget(&tmstmp, MDL); /* Push the final signature on the packet */ if (!append_option(packet, &dhcpv6_universe, sign_option, &sign)) { |