+++ /dev/null
-/*
- * fnv - Fowler/Noll/Vo- hash code
- *
- * @(#) $Revision: 5.4 $
- * @(#) $Id: fnv.h,v 5.4 2009/07/30 22:49:13 chongo Exp $
- * @(#) $Source: /usr/local/src/cmd/fnv/RCS/fnv.h,v $
- *
- ***
- *
- * Fowler/Noll/Vo- hash
- *
- * The basis of this hash algorithm was taken from an idea sent
- * as reviewer comments to the IEEE POSIX P1003.2 committee by:
- *
- * Phong Vo (http://www.research.att.com/info/kpv/)
- * Glenn Fowler (http://www.research.att.com/~gsf/)
- *
- * In a subsequent ballot round:
- *
- * Landon Curt Noll (http://www.isthe.com/chongo/)
- *
- * improved on their algorithm. Some people tried this hash
- * and found that it worked rather well. In an EMail message
- * to Landon, they named it the ``Fowler/Noll/Vo'' or FNV hash.
- *
- * FNV hashes are designed to be fast while maintaining a low
- * collision rate. The FNV speed allows one to quickly hash lots
- * of data while maintaining a reasonable collision rate. See:
- *
- * http://www.isthe.com/chongo/tech/comp/fnv/index.html
- *
- * for more details as well as other forms of the FNV hash.
- *
- ***
- *
- * NOTE: The FNV-0 historic hash is not recommended. One should use
- * the FNV-1 hash instead.
- *
- * To use the 32 bit FNV-0 historic hash, pass FNV0_32_INIT as the
- * Fnv32_t hashval argument to fnv_32_buf() or fnv_32_str().
- *
- * To use the 64 bit FNV-0 historic hash, pass FNV0_64_INIT as the
- * Fnv64_t hashval argument to fnv_64_buf() or fnv_64_str().
- *
- * To use the recommended 32 bit FNV-1 hash, pass FNV1_32_INIT as the
- * Fnv32_t hashval argument to fnv_32_buf() or fnv_32_str().
- *
- * To use the recommended 64 bit FNV-1 hash, pass FNV1_64_INIT as the
- * Fnv64_t hashval argument to fnv_64_buf() or fnv_64_str().
- *
- * To use the recommended 32 bit FNV-1a hash, pass FNV1_32A_INIT as the
- * Fnv32_t hashval argument to fnv_32a_buf() or fnv_32a_str().
- *
- * To use the recommended 64 bit FNV-1a hash, pass FNV1A_64_INIT as the
- * Fnv64_t hashval argument to fnv_64a_buf() or fnv_64a_str().
- *
- ***
- *
- * Please do not copyright this code. This code is in the public domain.
- *
- * LANDON CURT NOLL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO
- * EVENT SHALL LANDON CURT NOLL BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- *
- * By:
- * chongo <Landon Curt Noll> /\oo/\
- * http://www.isthe.com/chongo/
- *
- * Share and Enjoy! :-)
- */
-
-#if !defined(__FNV_H__)
-#define __FNV_H__
-
-#include <sys/types.h>
-
-#define FNV_VERSION "5.0.2" /* @(#) FNV Version */
-
-
-/*
- * 32 bit FNV-0 hash type
- */
-typedef u_int32_t Fnv32_t;
-
-
-/*
- * 32 bit FNV-0 zero initial basis
- *
- * This historic hash is not recommended. One should use
- * the FNV-1 hash and initial basis instead.
- */
-#define FNV0_32_INIT ((Fnv32_t)0)
-
-
-/*
- * 32 bit FNV-1 and FNV-1a non-zero initial basis
- *
- * The FNV-1 initial basis is the FNV-0 hash of the following 32 octets:
- *
- * chongo <Landon Curt Noll> /\../\
- *
- * NOTE: The \'s above are not back-slashing escape characters.
- * They are literal ASCII backslash 0x5c characters.
- *
- * NOTE: The FNV-1a initial basis is the same value as FNV-1 by definition.
- */
-#define FNV1_32_INIT ((Fnv32_t)0x811c9dc5)
-#define FNV1_32A_INIT FNV1_32_INIT
-
-
-/*
- * determine how 64 bit unsigned values are represented
- */
-#include "longlong.h"
-
-
-/*
- * 64 bit FNV-0 hash
- */
-#if defined(HAVE_64BIT_LONG_LONG)
-typedef u_int64_t Fnv64_t;
-#else /* HAVE_64BIT_LONG_LONG */
-typedef struct {
- u_int32_t w32[2]; /* w32[0] is low order, w32[1] is high order word */
-} Fnv64_t;
-#endif /* HAVE_64BIT_LONG_LONG */
-
-
-/*
- * 64 bit FNV-0 zero initial basis
- *
- * This historic hash is not recommended. One should use
- * the FNV-1 hash and initial basis instead.
- */
-#if defined(HAVE_64BIT_LONG_LONG)
-#define FNV0_64_INIT ((Fnv64_t)0)
-#else /* HAVE_64BIT_LONG_LONG */
-extern const Fnv64_t fnv0_64_init;
-#define FNV0_64_INIT (fnv0_64_init)
-#endif /* HAVE_64BIT_LONG_LONG */
-
-
-/*
- * 64 bit FNV-1 non-zero initial basis
- *
- * The FNV-1 initial basis is the FNV-0 hash of the following 32 octets:
- *
- * chongo <Landon Curt Noll> /\../\
- *
- * NOTE: The \'s above are not back-slashing escape characters.
- * They are literal ASCII backslash 0x5c characters.
- *
- * NOTE: The FNV-1a initial basis is the same value as FNV-1 by definition.
- */
-#if defined(HAVE_64BIT_LONG_LONG)
-#define FNV1_64_INIT ((Fnv64_t)0xcbf29ce484222325ULL)
-#define FNV1A_64_INIT FNV1_64_INIT
-#else /* HAVE_64BIT_LONG_LONG */
-extern const fnv1_64_init;
-extern const Fnv64_t fnv1a_64_init;
-#define FNV1_64_INIT (fnv1_64_init)
-#define FNV1A_64_INIT (fnv1a_64_init)
-#endif /* HAVE_64BIT_LONG_LONG */
-
-
-/*
- * hash types
- */
-enum fnv_type {
- FNV_NONE = 0, /* invalid FNV hash type */
- FNV0_32 = 1, /* FNV-0 32 bit hash */
- FNV1_32 = 2, /* FNV-1 32 bit hash */
- FNV1a_32 = 3, /* FNV-1a 32 bit hash */
- FNV0_64 = 4, /* FNV-0 64 bit hash */
- FNV1_64 = 5, /* FNV-1 64 bit hash */
- FNV1a_64 = 6, /* FNV-1a 64 bit hash */
-};
-
-
-/*
- * these test vectors are used as part o the FNV test suite
- */
-struct test_vector {
- void *buf; /* start of test vector buffer */
- int len; /* length of test vector */
-};
-struct fnv0_32_test_vector {
- struct test_vector *test; /* test vector buffer to hash */
- Fnv32_t fnv0_32; /* expected FNV-0 32 bit hash value */
-};
-struct fnv1_32_test_vector {
- struct test_vector *test; /* test vector buffer to hash */
- Fnv32_t fnv1_32; /* expected FNV-1 32 bit hash value */
-};
-struct fnv1a_32_test_vector {
- struct test_vector *test; /* test vector buffer to hash */
- Fnv32_t fnv1a_32; /* expected FNV-1a 32 bit hash value */
-};
-struct fnv0_64_test_vector {
- struct test_vector *test; /* test vector buffer to hash */
- Fnv64_t fnv0_64; /* expected FNV-0 64 bit hash value */
-};
-struct fnv1_64_test_vector {
- struct test_vector *test; /* test vector buffer to hash */
- Fnv64_t fnv1_64; /* expected FNV-1 64 bit hash value */
-};
-struct fnv1a_64_test_vector {
- struct test_vector *test; /* test vector buffer to hash */
- Fnv64_t fnv1a_64; /* expected FNV-1a 64 bit hash value */
-};
-
-
-/*
- * external functions
- */
-/* hash_32.c */
-extern Fnv32_t fnv_32_buf(void *buf, size_t len, Fnv32_t hashval);
-extern Fnv32_t fnv_32_str(char *buf, Fnv32_t hashval);
-
-/* hash_32a.c */
-extern Fnv32_t fnv_32a_buf(void *buf, size_t len, Fnv32_t hashval);
-extern Fnv32_t fnv_32a_str(char *buf, Fnv32_t hashval);
-
-/* hash_64.c */
-extern Fnv64_t fnv_64_buf(void *buf, size_t len, Fnv64_t hashval);
-extern Fnv64_t fnv_64_str(char *buf, Fnv64_t hashval);
-
-/* hash_64a.c */
-extern Fnv64_t fnv_64a_buf(void *buf, size_t len, Fnv64_t hashval);
-extern Fnv64_t fnv_64a_str(char *buf, Fnv64_t hashval);
-
-/* test_fnv.c */
-extern struct test_vector fnv_test_str[];
-extern struct fnv0_32_test_vector fnv0_32_vector[];
-extern struct fnv1_32_test_vector fnv1_32_vector[];
-extern struct fnv1a_32_test_vector fnv1a_32_vector[];
-extern struct fnv0_64_test_vector fnv0_64_vector[];
-extern struct fnv1_64_test_vector fnv1_64_vector[];
-extern struct fnv1a_64_test_vector fnv1a_64_vector[];
-extern void unknown_hash_type(char *prog, enum fnv_type type, int code);
-extern void print_fnv32(Fnv32_t hval, Fnv32_t mask, int verbose, char *arg);
-extern void print_fnv64(Fnv64_t hval, Fnv64_t mask, int verbose, char *arg);
-
-
-#endif /* __FNV_H__ */
+++ /dev/null
-/*
- * hash_64 - 64 bit Fowler/Noll/Vo-0 FNV-1a hash code
- *
- * @(#) $Revision: 5.1 $
- * @(#) $Id: hash_64a.c,v 5.1 2009/06/30 09:01:38 chongo Exp $
- * @(#) $Source: /usr/local/src/cmd/fnv/RCS/hash_64a.c,v $
- *
- ***
- *
- * Fowler/Noll/Vo hash
- *
- * The basis of this hash algorithm was taken from an idea sent
- * as reviewer comments to the IEEE POSIX P1003.2 committee by:
- *
- * Phong Vo (http://www.research.att.com/info/kpv/)
- * Glenn Fowler (http://www.research.att.com/~gsf/)
- *
- * In a subsequent ballot round:
- *
- * Landon Curt Noll (http://www.isthe.com/chongo/)
- *
- * improved on their algorithm. Some people tried this hash
- * and found that it worked rather well. In an EMail message
- * to Landon, they named it the ``Fowler/Noll/Vo'' or FNV hash.
- *
- * FNV hashes are designed to be fast while maintaining a low
- * collision rate. The FNV speed allows one to quickly hash lots
- * of data while maintaining a reasonable collision rate. See:
- *
- * http://www.isthe.com/chongo/tech/comp/fnv/index.html
- *
- * for more details as well as other forms of the FNV hash.
- *
- ***
- *
- * To use the recommended 64 bit FNV-1a hash, pass FNV1A_64_INIT as the
- * Fnv64_t hashval argument to fnv_64a_buf() or fnv_64a_str().
- *
- ***
- *
- * Please do not copyright this code. This code is in the public domain.
- *
- * LANDON CURT NOLL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
- * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO
- * EVENT SHALL LANDON CURT NOLL BE LIABLE FOR ANY SPECIAL, INDIRECT OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- *
- * By:
- * chongo <Landon Curt Noll> /\oo/\
- * http://www.isthe.com/chongo/
- *
- * Share and Enjoy! :-)
- */
-
-#include <stdlib.h>
-#include "fnv.h"
-
-
-/*
- * FNV-1a defines the initial basis to be non-zero
- */
-#if !defined(HAVE_64BIT_LONG_LONG)
-const Fnv64_t fnv1a_64_init = { 0x84222325, 0xcbf29ce4 };
-#endif /* ! HAVE_64BIT_LONG_LONG */
-
-
-/*
- * 64 bit magic FNV-1a prime
- */
-#if defined(HAVE_64BIT_LONG_LONG)
-#define FNV_64_PRIME ((Fnv64_t)0x100000001b3ULL)
-#else /* HAVE_64BIT_LONG_LONG */
-#define FNV_64_PRIME_LOW ((unsigned long)0x1b3) /* lower bits of FNV prime */
-#define FNV_64_PRIME_SHIFT (8) /* top FNV prime shift above 2^32 */
-#endif /* HAVE_64BIT_LONG_LONG */
-
-
-/*
- * fnv_64a_buf - perform a 64 bit Fowler/Noll/Vo FNV-1a hash on a buffer
- *
- * input:
- * buf - start of buffer to hash
- * len - length of buffer in octets
- * hval - previous hash value or 0 if first call
- *
- * returns:
- * 64 bit hash as a static hash type
- *
- * NOTE: To use the recommended 64 bit FNV-1a hash, use FNV1A_64_INIT as the
- * hval arg on the first call to either fnv_64a_buf() or fnv_64a_str().
- */
-Fnv64_t
-fnv_64a_buf(void *buf, size_t len, Fnv64_t hval)
-{
- unsigned char *bp = (unsigned char *)buf; /* start of buffer */
- unsigned char *be = bp + len; /* beyond end of buffer */
-
-#if defined(HAVE_64BIT_LONG_LONG)
- /*
- * FNV-1a hash each octet of the buffer
- */
- while (bp < be) {
-
- /* xor the bottom with the current octet */
- hval ^= (Fnv64_t)*bp++;
-
- /* multiply by the 64 bit FNV magic prime mod 2^64 */
-#if defined(NO_FNV_GCC_OPTIMIZATION)
- hval *= FNV_64_PRIME;
-#else /* NO_FNV_GCC_OPTIMIZATION */
- hval += (hval << 1) + (hval << 4) + (hval << 5) +
- (hval << 7) + (hval << 8) + (hval << 40);
-#endif /* NO_FNV_GCC_OPTIMIZATION */
- }
-
-#else /* HAVE_64BIT_LONG_LONG */
-
- unsigned long val[4]; /* hash value in base 2^16 */
- unsigned long tmp[4]; /* tmp 64 bit value */
-
- /*
- * Convert Fnv64_t hval into a base 2^16 array
- */
- val[0] = hval.w32[0];
- val[1] = (val[0] >> 16);
- val[0] &= 0xffff;
- val[2] = hval.w32[1];
- val[3] = (val[2] >> 16);
- val[2] &= 0xffff;
-
- /*
- * FNV-1a hash each octet of the buffer
- */
- while (bp < be) {
-
- /* xor the bottom with the current octet */
- val[0] ^= (unsigned long)*bp++;
-
- /*
- * multiply by the 64 bit FNV magic prime mod 2^64
- *
- * Using 0x100000001b3 we have the following digits base 2^16:
- *
- * 0x0 0x100 0x0 0x1b3
- *
- * which is the same as:
- *
- * 0x0 1<<FNV_64_PRIME_SHIFT 0x0 FNV_64_PRIME_LOW
- */
- /* multiply by the lowest order digit base 2^16 */
- tmp[0] = val[0] * FNV_64_PRIME_LOW;
- tmp[1] = val[1] * FNV_64_PRIME_LOW;
- tmp[2] = val[2] * FNV_64_PRIME_LOW;
- tmp[3] = val[3] * FNV_64_PRIME_LOW;
- /* multiply by the other non-zero digit */
- tmp[2] += val[0] << FNV_64_PRIME_SHIFT; /* tmp[2] += val[0] * 0x100 */
- tmp[3] += val[1] << FNV_64_PRIME_SHIFT; /* tmp[3] += val[1] * 0x100 */
- /* propagate carries */
- tmp[1] += (tmp[0] >> 16);
- val[0] = tmp[0] & 0xffff;
- tmp[2] += (tmp[1] >> 16);
- val[1] = tmp[1] & 0xffff;
- val[3] = tmp[3] + (tmp[2] >> 16);
- val[2] = tmp[2] & 0xffff;
- /*
- * Doing a val[3] &= 0xffff; is not really needed since it simply
- * removes multiples of 2^64. We can discard these excess bits
- * outside of the loop when we convert to Fnv64_t.
- */
- }
-
- /*
- * Convert base 2^16 array back into an Fnv64_t
- */
- hval.w32[1] = ((val[3]<<16) | val[2]);
- hval.w32[0] = ((val[1]<<16) | val[0]);
-
-#endif /* HAVE_64BIT_LONG_LONG */
-
- /* return our new hash value */
- return hval;
-}
-
-
-/*
- * fnv_64a_str - perform a 64 bit Fowler/Noll/Vo FNV-1a hash on a buffer
- *
- * input:
- * buf - start of buffer to hash
- * hval - previous hash value or 0 if first call
- *
- * returns:
- * 64 bit hash as a static hash type
- *
- * NOTE: To use the recommended 64 bit FNV-1a hash, use FNV1A_64_INIT as the
- * hval arg on the first call to either fnv_64a_buf() or fnv_64a_str().
- */
-Fnv64_t
-fnv_64a_str(char *str, Fnv64_t hval)
-{
- unsigned char *s = (unsigned char *)str; /* unsigned string */
-
-#if defined(HAVE_64BIT_LONG_LONG)
-
- /*
- * FNV-1a hash each octet of the string
- */
- while (*s) {
-
- /* xor the bottom with the current octet */
- hval ^= (Fnv64_t)*s++;
-
- /* multiply by the 64 bit FNV magic prime mod 2^64 */
-#if defined(NO_FNV_GCC_OPTIMIZATION)
- hval *= FNV_64_PRIME;
-#else /* NO_FNV_GCC_OPTIMIZATION */
- hval += (hval << 1) + (hval << 4) + (hval << 5) +
- (hval << 7) + (hval << 8) + (hval << 40);
-#endif /* NO_FNV_GCC_OPTIMIZATION */
- }
-
-#else /* !HAVE_64BIT_LONG_LONG */
-
- unsigned long val[4]; /* hash value in base 2^16 */
- unsigned long tmp[4]; /* tmp 64 bit value */
-
- /*
- * Convert Fnv64_t hval into a base 2^16 array
- */
- val[0] = hval.w32[0];
- val[1] = (val[0] >> 16);
- val[0] &= 0xffff;
- val[2] = hval.w32[1];
- val[3] = (val[2] >> 16);
- val[2] &= 0xffff;
-
- /*
- * FNV-1a hash each octet of the string
- */
- while (*s) {
-
- /* xor the bottom with the current octet */
-
- /*
- * multiply by the 64 bit FNV magic prime mod 2^64
- *
- * Using 1099511628211, we have the following digits base 2^16:
- *
- * 0x0 0x100 0x0 0x1b3
- *
- * which is the same as:
- *
- * 0x0 1<<FNV_64_PRIME_SHIFT 0x0 FNV_64_PRIME_LOW
- */
- /* multiply by the lowest order digit base 2^16 */
- tmp[0] = val[0] * FNV_64_PRIME_LOW;
- tmp[1] = val[1] * FNV_64_PRIME_LOW;
- tmp[2] = val[2] * FNV_64_PRIME_LOW;
- tmp[3] = val[3] * FNV_64_PRIME_LOW;
- /* multiply by the other non-zero digit */
- tmp[2] += val[0] << FNV_64_PRIME_SHIFT; /* tmp[2] += val[0] * 0x100 */
- tmp[3] += val[1] << FNV_64_PRIME_SHIFT; /* tmp[3] += val[1] * 0x100 */
- /* propagate carries */
- tmp[1] += (tmp[0] >> 16);
- val[0] = tmp[0] & 0xffff;
- tmp[2] += (tmp[1] >> 16);
- val[1] = tmp[1] & 0xffff;
- val[3] = tmp[3] + (tmp[2] >> 16);
- val[2] = tmp[2] & 0xffff;
- /*
- * Doing a val[3] &= 0xffff; is not really needed since it simply
- * removes multiples of 2^64. We can discard these excess bits
- * outside of the loop when we convert to Fnv64_t.
- */
- val[0] ^= (unsigned long)(*s++);
- }
-
- /*
- * Convert base 2^16 array back into an Fnv64_t
- */
- hval.w32[1] = ((val[3]<<16) | val[2]);
- hval.w32[0] = ((val[1]<<16) | val[0]);
-
-#endif /* !HAVE_64BIT_LONG_LONG */
-
- /* return our new hash value */
- return hval;
-}
+++ /dev/null
-/*
- * DO NOT EDIT -- generated by the Makefile
- */
-
-#if !defined(__LONGLONG_H__)
-#define __LONGLONG_H__
-
-/* do we have/want to use a long long type? */
-#define HAVE_64BIT_LONG_LONG /* yes */
-
-/*
- * NO64BIT_LONG_LONG undef HAVE_64BIT_LONG_LONG
- */
-#if defined(NO64BIT_LONG_LONG)
-#undef HAVE_64BIT_LONG_LONG
-#endif /* NO64BIT_LONG_LONG */
-
-#endif /* !__LONGLONG_H__ */
+++ /dev/null
-/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <assert.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <openssl/hmac.h>
-#include <openssl/sha.h>
-
-#include <libknot/errcode.h>
-#include <libknot/rrtype/opt_cookie.h>
-
-#include "contrib/fnv/fnv.h"
-#include "lib/cookies/alg_clnt.h"
-
-//#define CC_HASH_USE_CLIENT_ADDRESS /* When defined, client address will be used when generating client cookie. */
-
-/**
- * Compute client cookie using FNV-64.
- * @note At least one of the arguments must be non-null.
- * @param input Input parameters.
- * @param cc_out Buffer for computed client cookie.
- * @param cc_len Size of buffre/written data.
- * @return KNOT_EOK on success, error code else.
- */
-static int kr_clnt_cookie_alg_fnv64(const struct knot_ccookie_input *input,
- uint8_t *cc_out, uint16_t *cc_len)
-{
- if (!input || !cc_out || !cc_len) {
- return KNOT_EINVAL;
- }
-
- if ((!input->clnt_sockaddr && !input->srvr_sockaddr) ||
- !(input->secret_data && input->secret_len)) {
- return KNOT_EINVAL;
- }
-
- const uint8_t *addr = NULL;
- size_t alen = 0; /* Address length. */
-
- Fnv64_t hash_val = FNV1A_64_INIT;
-
-#if defined(CC_HASH_USE_CLIENT_ADDRESS)
- if (input->clnt_sockaddr) {
- if (KNOT_EOK == knot_sockaddr_bytes(input->clnt_sockaddr,
- &addr, &alen)) {
- assert(addr && alen);
- hash_val = fnv_64a_buf(addr, alen, hash_val);
- }
- }
-#endif /* defined(CC_HASH_USE_CLIENT_ADDRESS) */
-
- if (input->srvr_sockaddr) {
- if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_sockaddr,
- &addr, &alen)) {
- assert(addr && alen);
- hash_val = fnv_64a_buf((void *) addr, alen, hash_val);
- }
- }
-
- hash_val = fnv_64a_buf((void *) input->secret_data, input->secret_len,
- hash_val);
-
- assert(KNOT_OPT_COOKIE_CLNT == sizeof(hash_val));
- if (*cc_len < KNOT_OPT_COOKIE_CLNT) {
- return KNOT_ESPACE;
- }
-
- *cc_len = KNOT_OPT_COOKIE_CLNT;
- memcpy(cc_out, &hash_val, *cc_len);
-
- return KNOT_EOK;
-}
-
-/**
- * Compute client cookie using HMAC_SHA256-64.
- * @note At least one of the arguments must be non-null.
- * @param input Input parameters.
- * @param cc_out Buffer for computed client cookie.
- * @param cc_len Size of buffre/written data.
- * @return KNOT_EOK on success, error code else.
- */
-static int kr_clnt_cookie_alg_hmac_sha256_64(const struct knot_ccookie_input *input,
- uint8_t *cc_out, uint16_t *cc_len)
-{
- if (!input || !cc_out || !cc_len) {
- return KNOT_EINVAL;
- }
-
- if ((!input->clnt_sockaddr && !input->srvr_sockaddr) ||
- !(input->secret_data && input->secret_len)) {
- return KNOT_EINVAL;
- }
-
- const uint8_t *addr = NULL;
- size_t alen = 0; /* Address length. */
-
- uint8_t digest[SHA256_DIGEST_LENGTH];
- unsigned int digest_len = SHA256_DIGEST_LENGTH;
-
- /* text: (client IP | server IP)
- * key: client secret */
-
- HMAC_CTX ctx;
- HMAC_CTX_init(&ctx);
-
- int ret = HMAC_Init_ex(&ctx, input->secret_data, input->secret_len,
- EVP_sha256(), NULL);
- if (ret != 1) {
- ret = KNOT_EINVAL;
- goto fail;
- }
-
-#if defined(CC_HASH_USE_CLIENT_ADDRESS)
- if (input->clnt_sockaddr) {
- if (KNOT_EOK == knot_sockaddr_bytes(input->clnt_sockaddr,
- &addr, &alen)) {
- assert(addr && alen);
- ret = HMAC_Update(&ctx, addr, alen);
- if (ret != 1) {
- ret = KNOT_EINVAL;
- goto fail;
- }
- }
- }
-#endif /* defined(CC_HASH_USE_CLIENT_ADDRESS) */
-
- if (input->srvr_sockaddr) {
- if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_sockaddr,
- &addr, &alen)) {
- assert(addr && alen);
- ret = HMAC_Update(&ctx, addr, alen);
- if (ret != 1) {
- ret = KNOT_EINVAL;
- goto fail;
- }
- }
- }
-
- if (1 != HMAC_Final(&ctx, digest, &digest_len)) {
- ret = KNOT_EINVAL;
- goto fail;
- }
-
- assert(KNOT_OPT_COOKIE_CLNT <= SHA256_DIGEST_LENGTH);
- if (*cc_len < KNOT_OPT_COOKIE_CLNT) {
- return KNOT_ESPACE;
- }
-
- *cc_len = KNOT_OPT_COOKIE_CLNT;
- memcpy(cc_out, digest, *cc_len);
- ret = KNOT_EOK;
-
-fail:
- HMAC_CTX_cleanup(&ctx);
- return ret;
-}
-
-const struct kr_clnt_cookie_alg_descr kr_clnt_cookie_algs[] = {
- { "FNV-64", { KNOT_OPT_COOKIE_CLNT, kr_clnt_cookie_alg_fnv64 } },
- { "HMAC-SHA256-64", { KNOT_OPT_COOKIE_CLNT, kr_clnt_cookie_alg_hmac_sha256_64 } },
- { NULL, { 0, NULL } }
-};
-
-const struct kr_clnt_cookie_alg_descr *kr_clnt_cookie_alg(const struct kr_clnt_cookie_alg_descr cc_algs[],
- const char *name)
-{
- if (!cc_algs || !name) {
- return NULL;
- }
-
- const struct kr_clnt_cookie_alg_descr *aux_ptr = cc_algs;
- while (aux_ptr && aux_ptr->alg.gen_func) {
- assert(aux_ptr->name);
- if (strcmp(aux_ptr->name, name) == 0) {
- return aux_ptr;
- }
- ++aux_ptr;
- }
-
- return NULL;
-}
-
-int kr_clnt_cookie_check(const uint8_t *cc, uint16_t cc_len,
- const struct knot_ccookie_input *input,
- const struct kr_clnt_cookie_alg_descr *cc_alg)
-{
- if (!cc || !cc_len || !input || !cc_alg) {
- return kr_error(EINVAL);
- }
-
- int ret = knot_ccookie_check(cc, cc_len, input, &cc_alg->alg);
-
- return (ret == KNOT_EOK) ? kr_ok() : kr_error(EINVAL);
-}
--- /dev/null
+/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <assert.h>
+#include <stdint.h>
+#include <stdlib.h>
+
+#include <libknot/cookies/alg-fnv64.h>
+
+#include "lib/cookies/alg_containers.h"
+#include "lib/cookies/alg_sha.h"
+
+const struct kr_cc_alg_descr kr_cc_algs[] = {
+ { "FNV-64", &knot_cc_alg_fnv64 },
+ { "HMAC-SHA256-64", &knot_cc_alg_hmac_sha256_64 },
+ { NULL, NULL }
+};
+
+const struct kr_cc_alg_descr *kr_cc_alg(const struct kr_cc_alg_descr cc_algs[],
+ const char *name)
+{
+ if (!cc_algs || !name) {
+ return NULL;
+ }
+
+ const struct kr_cc_alg_descr *aux_ptr = cc_algs;
+ while (aux_ptr && aux_ptr->alg && aux_ptr->alg->gen_func) {
+ assert(aux_ptr->name);
+ if (strcmp(aux_ptr->name, name) == 0) {
+ return aux_ptr;
+ }
+ ++aux_ptr;
+ }
+
+ return NULL;
+}
+
+const struct kr_sc_alg_descr kr_sc_algs[] = {
+ { "FNV-64-SIMPLE", &knot_sc_alg_fnv64_simple },
+ { "FNV-64", &knot_sc_alg_fnv64 },
+ { "HMAC-SHA256-64-SIMPLE", &knot_sc_alg_hmac_sha256_64_simple },
+ { "HMAC-SHA256-64", &knot_sc_alg_hmac_sha256_64 },
+ { NULL, NULL }
+};
+
+const struct kr_sc_alg_descr *kr_sc_alg(const struct kr_sc_alg_descr sc_algs[],
+ const char *name)
+{
+ if (!sc_algs || !name) {
+ return NULL;
+ }
+
+ const struct kr_sc_alg_descr *aux_ptr = sc_algs;
+ while (aux_ptr && aux_ptr->alg && aux_ptr->alg->gen_func) {
+ assert(aux_ptr->name);
+ if (strcmp(aux_ptr->name, name) == 0) {
+ return aux_ptr;
+ }
+ ++aux_ptr;
+ }
+
+ return NULL;
+}
#pragma once
#include <libknot/cookies/client.h>
+#include <libknot/cookies/server.h>
#include "lib/defines.h"
#define KR_COOKIE_OPT_MAX_LEN (KNOT_EDNS_OPTION_HDRLEN + KNOT_OPT_COOKIE_CLNT + KNOT_OPT_COOKIE_SRVR_MAX)
/** Holds description of client cookie hashing algorithms. */
-struct kr_clnt_cookie_alg_descr {
- const char *name; /**< Hash algorithgm name. */
- struct knot_cc_alg alg; /**< Hash algorithm. */
+struct kr_cc_alg_descr {
+ const char *name; /**< Algorithgm name. */
+ const struct knot_cc_alg *alg; /**< Algorithm. */
};
/**
* Last element contains all null entries.
*/
KR_EXPORT
-extern const struct kr_clnt_cookie_alg_descr kr_clnt_cookie_algs[];
+extern const struct kr_cc_alg_descr kr_cc_algs[];
/**
* @brief Return pointer to client cookie algorithm with given name.
* @return pointer to algorithm or NULL if not found.
*/
KR_EXPORT
-const struct kr_clnt_cookie_alg_descr *kr_clnt_cookie_alg(const struct kr_clnt_cookie_alg_descr cc_algs[],
- const char *name);
+const struct kr_cc_alg_descr *kr_cc_alg(const struct kr_cc_alg_descr cc_algs[],
+ const char *name);
+
+/** Holds description of server cookie hashing algorithms. */
+struct kr_sc_alg_descr {
+ const char *name; /**< Algorithm name. */
+ const struct knot_sc_alg *alg; /**< Algorithm. */
+};
+
+/**
+ * List of available server cookie algorithms.
+ *
+ * Last element contains all null entries.
+ */
+KR_EXPORT
+extern const struct kr_sc_alg_descr kr_sc_algs[];
/**
- * @brief Check whether supplied client cookie was generated from given client
- * secret and address.
- * @param cc Client cookie that should be checked.
- * @param cc_len Client cookie size.
- * @param input Input cookie algorithm parameters.
- * @param cc_alg Client cookie algorithm.
- * @return kr_ok() or error code
+ * @brief Return pointer to server cookie algorithm with given name.
+ * @param sc_algs List of available algorithms.
+ * @param name Algorithm name.
+ * @return pointer to algorithm or NULL if not found.
*/
KR_EXPORT
-int kr_clnt_cookie_check(const uint8_t *cc, uint16_t cc_len,
- const struct knot_ccookie_input *input,
- const struct kr_clnt_cookie_alg_descr *cc_alg);
+const struct kr_sc_alg_descr *kr_sc_alg(const struct kr_sc_alg_descr sc_algs[],
+ const char *name);
+++ /dev/null
-/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <arpa/inet.h> /* ntohl(), ... */
-#include <assert.h>
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/hmac.h>
-#include <openssl/sha.h>
-
-#include <libknot/cookies/client.h> /* knot_sockaddr_bytes() */
-#include <libknot/errcode.h>
-#include <libknot/rrtype/opt_cookie.h>
-
-#include "contrib/fnv/fnv.h"
-#include "lib/cookies/alg_srvr.h"
-
-/**
- * @brief Server cookie contains only hash value.
- * @note DNS Cookies -- Appendix B.1
- */
-static int srvr_cookie_parse_simple(const uint8_t *sc, uint16_t sc_len,
- struct knot_scookie_inbound *inbound)
-{
- if (!sc || !sc_len || !inbound) {
- return KNOT_EINVAL;
- }
-
- //memset(inbound, 0, sizeof(*inbound));
- inbound->hash_data = sc; /* Entire server cookie contains data. */
- inbound->hash_len = sc_len;
-
- return KNOT_EOK;
-}
-
-/**
- * @brief Server cookie contains also additional values.
- * @note DNS Cookies -- Appendix B.2
- */
-static int srvr_cookie_parse(const uint8_t *sc, uint16_t sc_len,
- struct knot_scookie_inbound *inbound)
-{
- if (!sc || !sc_len || !inbound) {
- return KNOT_EINVAL;
- }
-
- if (sc_len <= (2 * sizeof(uint32_t))) { /* nonce + time */
- return KNOT_EINVAL;
- }
-
- uint32_t aux;
-
- memcpy(&aux, sc, sizeof(aux));
- inbound->nonce = ntohl(aux);
- memcpy(&aux, sc + sizeof(aux), sizeof(aux));
- inbound->time = ntohl(aux);
- inbound->hash_data = sc + (2 * sizeof(aux));
- inbound->hash_len = sc_len - (2 * sizeof(aux));
-
- return KNOT_EOK;
-}
-
-#define SRVR_FNV64_SIMPLE_HASH_SIZE 8
-
-/**
- * @brief Compute server cookie using FNV-64 (hash only).
- * @note Server cookie = FNV-64( client IP | client cookie | server secret )
- */
-static int kr_srvr_cookie_alg_fnv64_simple(const struct knot_scookie_input *input,
- uint8_t *sc_out, uint16_t *sc_len)
-{
- if (!input || !sc_out ||
- !sc_len || (*sc_len < SRVR_FNV64_SIMPLE_HASH_SIZE)) {
- return KNOT_EINVAL;
- }
-
- if (!input->cc || !input->cc_len || !input->srvr_data ||
- !input->srvr_data->secret_data || !input->srvr_data->secret_len) {
- return KNOT_EINVAL;
- }
-
- const uint8_t *addr = NULL;
- size_t alen = 0; /* Address length. */
-
- Fnv64_t hash_val = FNV1A_64_INIT;
-
- if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_data->clnt_sockaddr,
- &addr, &alen)) {
- assert(addr && alen);
- hash_val = fnv_64a_buf((void *) addr, alen, hash_val);
- }
-
- hash_val = fnv_64a_buf((void *) input->cc, input->cc_len, hash_val);
-
- hash_val = fnv_64a_buf((void *) input->srvr_data->secret_data,
- input->srvr_data->secret_len, hash_val);
-
- memcpy(sc_out, &hash_val, sizeof(hash_val));
- *sc_len = sizeof(hash_val);
- assert(SRVR_FNV64_SIMPLE_HASH_SIZE == *sc_len);
-
- return KNOT_EOK;
-}
-
-#define SRVR_FNV64_SIZE 16
-
-/**
- * @brief Compute server cookie using FNV-64.
- * @note Server cookie = nonce | time | FNV-64( client IP | nonce| time | client cookie | server secret )
- */
-static int kr_srvr_cookie_alg_fnv64(const struct knot_scookie_input *input,
- uint8_t *sc_out, uint16_t *sc_len)
-{
- if (!input || !sc_out ||
- !sc_len || (*sc_len < SRVR_FNV64_SIZE)) {
- return KNOT_EINVAL;
- }
-
- if (!input->cc || !input->cc_len || !input->srvr_data ||
- !input->srvr_data->secret_data || !input->srvr_data->secret_len) {
- return KNOT_EINVAL;
- }
-
- const uint8_t *addr = NULL;
- size_t alen = 0; /* Address length. */
-
- Fnv64_t hash_val = FNV1A_64_INIT;
-
- if (input->srvr_data->clnt_sockaddr) {
- if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_data->clnt_sockaddr,
- &addr, &alen)) {
- assert(addr && alen);
- hash_val = fnv_64a_buf((void *) addr, alen, hash_val);
- }
- }
-
- hash_val = fnv_64a_buf((void *) &input->nonce, sizeof(input->nonce),
- hash_val);
-
- hash_val = fnv_64a_buf((void *) &input->time, sizeof(input->time),
- hash_val);
-
- hash_val = fnv_64a_buf((void *) input->cc, input->cc_len, hash_val);
-
- hash_val = fnv_64a_buf((void *) input->srvr_data->secret_data,
- input->srvr_data->secret_len, hash_val);
-
- uint32_t aux = htonl(input->nonce);
- memcpy(sc_out, &aux, sizeof(aux));
- aux = htonl(input->time);
- memcpy(sc_out + sizeof(aux), &aux, sizeof(aux));
-
- memcpy(sc_out + (2 * sizeof(aux)), &hash_val, sizeof(hash_val));
- *sc_len = (2 * sizeof(aux)) + sizeof(hash_val);
- assert(SRVR_FNV64_SIZE == *sc_len);
-
- return KNOT_EOK;
-}
-
-#define SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE 8
-
-/**
- * @brief Compute server cookie using HMAC-SHA256-64 (hash only).
- * @note Server cookie = HMAC-SHA256-64( server secret, client cookie | client IP )
- */
-static int kr_srvr_cookie_alg_hmac_sha256_64_simple(const struct knot_scookie_input *input,
- uint8_t *sc_out,
- uint16_t *sc_len)
-{
- if (!input || !sc_out ||
- !sc_len || (*sc_len < SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE)) {
- return KNOT_EINVAL;
- }
-
- if (!input->cc || !input->cc_len || !input->srvr_data ||
- !input->srvr_data->secret_data || !input->srvr_data->secret_len) {
- return KNOT_EINVAL;
- }
-
- const uint8_t *addr = NULL;
- size_t alen = 0; /* Address length. */
-
- uint8_t digest[SHA256_DIGEST_LENGTH];
- unsigned int digest_len = SHA256_DIGEST_LENGTH;
-
- HMAC_CTX ctx;
- HMAC_CTX_init(&ctx);
-
- int ret = HMAC_Init_ex(&ctx, input->srvr_data->secret_data,
- input->srvr_data->secret_len,
- EVP_sha256(), NULL);
- if (ret != 1) {
- ret = KNOT_EINVAL;
- goto fail;
- }
-
- ret = HMAC_Update(&ctx, input->cc, input->cc_len);
- if (ret != 1) {
- ret = KNOT_EINVAL;
- goto fail;
- }
-
- if (input->srvr_data->clnt_sockaddr) {
- if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_data->clnt_sockaddr,
- &addr, &alen)) {
- assert(addr && alen);
- ret = HMAC_Update(&ctx, addr, alen);
- if (ret != 1) {
- ret = KNOT_EINVAL;
- goto fail;
- }
- }
- }
-
- if (1 != HMAC_Final(&ctx, digest, &digest_len)) {
- ret = KNOT_EINVAL;
- goto fail;
- }
-
- assert(SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE <= SHA256_DIGEST_LENGTH);
-
- memcpy(sc_out, digest, SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE);
- *sc_len = SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE;
-
- ret = KNOT_EOK;
-
-fail:
- HMAC_CTX_cleanup(&ctx);
- return ret;
-}
-
-#define SRVR_HMAC_SHA256_64_SIZE 16
-
-/**
- * @brief Compute server cookie using HMAC-SHA256-64).
- * @note Server cookie = nonce | time | HMAC-SHA256-64( server secret, client cookie | nonce| time | client IP )
- */
-static int kr_srvr_cookie_alg_hmac_sha256_64(const struct knot_scookie_input *input,
- uint8_t *sc_out, uint16_t *sc_len)
-{
- if (!input || !sc_out ||
- !sc_len || (*sc_len < SRVR_HMAC_SHA256_64_SIZE)) {
- return KNOT_EINVAL;
- }
-
- if (!input->cc || !input->cc_len || !input->srvr_data ||
- !input->srvr_data->secret_data || !input->srvr_data->secret_len) {
- return KNOT_EINVAL;
- }
-
- const uint8_t *addr = NULL;
- size_t alen = 0; /* Address length. */
-
- uint8_t digest[SHA256_DIGEST_LENGTH];
- unsigned int digest_len = SHA256_DIGEST_LENGTH;
-
- HMAC_CTX ctx;
- HMAC_CTX_init(&ctx);
-
- int ret = HMAC_Init_ex(&ctx, input->srvr_data->secret_data,
- input->srvr_data->secret_len,
- EVP_sha256(), NULL);
- if (ret != 1) {
- ret = KNOT_EINVAL;
- goto fail;
- }
-
- ret = HMAC_Update(&ctx, input->cc, input->cc_len);
- if (ret != 1) {
- ret = KNOT_EINVAL;
- goto fail;
- }
-
- ret = HMAC_Update(&ctx, (void *) &input->nonce, sizeof(input->nonce));
- if (ret != 1) {
- ret = KNOT_EINVAL;
- goto fail;
- }
-
- ret = HMAC_Update(&ctx, (void *) &input->time, sizeof(input->time));
- if (ret != 1) {
- ret = KNOT_EINVAL;
- goto fail;
- }
-
- if (input->srvr_data->clnt_sockaddr) {
- if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_data->clnt_sockaddr,
- &addr, &alen)) {
- assert(addr && alen);
- ret = HMAC_Update(&ctx, addr, alen);
- if (ret != 1) {
- ret = KNOT_EINVAL;
- goto fail;
- }
- }
- }
-
- if (1 != HMAC_Final(&ctx, digest, &digest_len)) {
- ret = KNOT_EINVAL;
- goto fail;
- }
-
- uint32_t aux = htonl(input->nonce);
- memcpy(sc_out, &aux, sizeof(aux));
- aux = htonl(input->time);
- memcpy(sc_out + sizeof(aux), &aux, sizeof(aux));
-
- assert(SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE <= SHA256_DIGEST_LENGTH);
-
- memcpy(sc_out + (2 * sizeof(aux)), digest,
- SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE);
- *sc_len = (2 * sizeof(aux)) + SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE;
- assert(SRVR_HMAC_SHA256_64_SIZE == *sc_len);
-
- ret = KNOT_EOK;
-
-fail:
- HMAC_CTX_cleanup(&ctx);
- return ret;
-}
-
-const struct kr_srvr_cookie_alg_descr kr_srvr_cookie_algs[] = {
- { "FNV-64-SIMPLE", { SRVR_FNV64_SIMPLE_HASH_SIZE, srvr_cookie_parse_simple, kr_srvr_cookie_alg_fnv64_simple } },
- { "FNV-64", { SRVR_FNV64_SIZE, srvr_cookie_parse, kr_srvr_cookie_alg_fnv64 } },
- { "HMAC-SHA256-64-SIMPLE", { SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE, srvr_cookie_parse_simple, kr_srvr_cookie_alg_hmac_sha256_64_simple } },
- { "HMAC-SHA256-64", { SRVR_HMAC_SHA256_64_SIZE, srvr_cookie_parse, kr_srvr_cookie_alg_hmac_sha256_64 } },
- { NULL, { 0, NULL, NULL } }
-};
-
-const struct kr_srvr_cookie_alg_descr *kr_srvr_cookie_alg(const struct kr_srvr_cookie_alg_descr sc_algs[],
- const char *name)
-{
- if (!sc_algs || !name) {
- return NULL;
- }
-
- const struct kr_srvr_cookie_alg_descr *aux_ptr = sc_algs;
- while (aux_ptr && aux_ptr->alg.gen_func) {
- assert(aux_ptr->name);
- if (strcmp(aux_ptr->name, name) == 0) {
- return aux_ptr;
- }
- ++aux_ptr;
- }
-
- return NULL;
-}
-
-int kr_srvr_cookie_check(const struct knot_dns_cookies *cookies,
- const struct knot_scookie_check_ctx *check_ctx,
- const struct kr_srvr_cookie_alg_descr *sc_alg)
-{
- if (!cookies || !check_ctx || !sc_alg) {
- return kr_error(EINVAL);
- }
-
- int ret = knot_scookie_check(cookies, check_ctx, sc_alg);
-
- return (ret == KNOT_EOK) ? kr_ok() : kr_error(EINVAL);
-}
+++ /dev/null
-/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#pragma once
-
-#include <libknot/cookies/server.h>
-
-#include "lib/defines.h"
-
-/** Holds description of server cookie hashing algorithms. */
-struct kr_srvr_cookie_alg_descr {
- const char *name; /**< Algorithm name. */
- struct knot_sc_alg alg; /**< Algorithm. */
-};
-
-/**
- * List of available server cookie algorithms.
- *
- * Last element contains all null entries.
- */
-KR_EXPORT
-extern const struct kr_srvr_cookie_alg_descr kr_srvr_cookie_algs[];
-
-/**
- * @brief Return pointer to server cookie algorithm with given name.
- * @param sc_algs List of available algorithms.
- * @param name Algorithm name.
- * @return pointer to algorithm or NULL if not found.
- */
-KR_EXPORT
-const struct kr_srvr_cookie_alg_descr *kr_srvr_cookie_alg(const struct kr_srvr_cookie_alg_descr sc_algs[],
- const char *name);
-
-/**
- * @brief Check whether supplied client and server cookie match.
- * @param cookies Cookie data.
- * @param check_ctx Data known to the server needed for cookie validation.
- * @param sc_alg Server cookie algorithm.
- * @return kr_ok() if check OK, error code else.
- */
-KR_EXPORT
-int kr_srvr_cookie_check(const struct knot_dns_cookies *cookies,
- const struct knot_scookie_check_ctx *check_ctx,
- const struct kr_srvr_cookie_alg_descr *sc_alg);
};
uint8_t cc[KNOT_OPT_COOKIE_CLNT];
uint16_t cc_len = KNOT_OPT_COOKIE_CLNT;
- assert(clnt_cntrl->calg && clnt_cntrl->calg->alg.gen_func);
- int ret = clnt_cntrl->calg->alg.gen_func(&input, cc, &cc_len);
+ assert(clnt_cntrl->calg && clnt_cntrl->calg->alg &&
+ clnt_cntrl->calg->alg->gen_func);
+ int ret = clnt_cntrl->calg->alg->gen_func(&input, cc, &cc_len);
if (ret != kr_ok()) {
return ret;
}
}
int kr_answer_opt_rr_add_cookies(const struct knot_scookie_input *input,
- const struct kr_srvr_cookie_alg_descr *sc_alg,
+ const struct kr_sc_alg_descr *sc_alg,
knot_pkt_t *pkt)
{
- if (!input || !sc_alg || pkt) {
+ if (!input || !sc_alg || !sc_alg->alg || pkt) {
kr_error(EINVAL);
}
- uint16_t cookie_size = input->cc_len + sc_alg->alg.sc_size;
+ uint16_t cookie_size = input->cc_len + sc_alg->alg->sc_size;
uint8_t *data = NULL;
if (!pkt->opt_rr) {
}
memcpy(data, input->cc, input->cc_len);
- cookie_size = sc_alg->alg.sc_size;
- ret = sc_alg->alg.gen_func(input, data + input->cc_len, &cookie_size);
+ cookie_size = sc_alg->alg->sc_size;
+ ret = sc_alg->alg->gen_func(input, data + input->cc_len, &cookie_size);
if (ret != kr_ok()) {
/* TODO -- Delete COOKIE option. */
return ret;
#pragma once
#include <libknot/packet/pkt.h>
-#include <libknot/rrtype/opt_cookie.h>
+#include <libknot/rrtype/opt-cookie.h>
#include <stdbool.h>
-#include "lib/cookies/alg_clnt.h"
-#include "lib/cookies/alg_srvr.h"
+#include "lib/cookies/alg_containers.h"
#include "lib/cache.h"
#include "lib/defines.h"
/** Holds settings that have direct influence on client cookie values. */
struct kr_clnt_cookie_settings {
struct kr_cookie_secret *csec; /*!< Client secret data. */
- const struct kr_clnt_cookie_alg_descr *calg; /**< Client cookie algorithm. */
+ const struct kr_cc_alg_descr *calg; /**< Client cookie algorithm. */
};
/** Holds settings that control client behaviour. */
/** Holds settings that have direct influence on server cookie values. */
struct kr_srvr_cookie_settings {
struct kr_cookie_secret *ssec; /*!< Server secret data. */
- const struct kr_srvr_cookie_alg_descr *salg; /**< Server cookie algorithm. */
+ const struct kr_sc_alg_descr *salg; /**< Server cookie algorithm. */
};
/** Holds settings that control server behaviour. */
*/
KR_EXPORT
int kr_answer_opt_rr_add_cookies(const struct knot_scookie_input *input,
- const struct kr_srvr_cookie_alg_descr *sc_alg,
+ const struct kr_sc_alg_descr *sc_alg,
knot_pkt_t *pkt);
/**
#include <libknot/error.h>
#include <libknot/mm_ctx.h>
#include <libknot/packet/pkt.h>
-#include <libknot/rrtype/opt_cookie.h> // branch dns-cookies-wip
+#include <libknot/rrtype/opt-cookie.h> // branch dns-cookies-wip
#include <stdlib.h>
#include <string.h>
#include "daemon/engine.h"
-#include "lib/cookies/alg_clnt.h"
-#include "lib/cookies/alg_srvr.h"
+#include "lib/cookies/alg_containers.h"
#include "lib/cookies/cache.h"
#include "lib/cookies/control.h"
#include "lib/module.h"
static const struct sockaddr *guess_server_addr(const struct kr_nsrep *nsrep,
const uint8_t *cc, uint16_t cc_len,
const struct kr_cookie_secret *csecr,
- const struct kr_clnt_cookie_alg_descr *cc_alg)
+ const struct kr_cc_alg_descr *cc_alg)
{
assert(nsrep && cc && cc_len && csecr && cc_alg);
}
input.srvr_sockaddr = &nsrep->addr[i];
- int ret = kr_clnt_cookie_check(cc, cc_len, &input, cc_alg);
- if (ret == kr_ok()) {
+ int ret = knot_ccookie_check(cc, cc_len, &input, cc_alg->alg);
+ if (ret == KNOT_EOK) {
sockaddr = (struct sockaddr *) &nsrep->addr[i];
break;
}
.secret_data = clnt_cntrl->current.csec->data,
.secret_len = clnt_cntrl->current.csec->size
};
- int ret = kr_clnt_cookie_check(cc, cc_len, &input,
- clnt_cntrl->current.calg);
- bool have_current = (ret == kr_ok());
- if ((ret != kr_ok()) &&
+ int ret = knot_ccookie_check(cc, cc_len, &input,
+ clnt_cntrl->current.calg->alg);
+ bool have_current = (ret == KNOT_EOK);
+ if ((ret != KNOT_EOK) &&
clnt_cntrl->recent.csec && clnt_cntrl->recent.calg) {
input.secret_data = clnt_cntrl->recent.csec->data;
input.secret_len = clnt_cntrl->recent.csec->size;
- ret = kr_clnt_cookie_check(cc, cc_len, &input,
- clnt_cntrl->recent.calg);
+ ret = knot_ccookie_check(cc, cc_len, &input,
+ clnt_cntrl->recent.calg->alg);
}
- if (ret == kr_ok()) {
+ if (ret == KNOT_EOK) {
*sockaddr = tmp_sockaddr;
*is_current = have_current;
}
- return ret;
+ return (ret == KNOT_EOK) ? kr_ok() : kr_error(EINVAL);
}
// if (!cc || !clnt_cntrl) {
/* Check server cookie obtained in request. */
- ret = kr_srvr_cookie_check(&cookies, &check_ctx,
- srvr_cntrl->current.salg);
- if (ret == kr_error(EBADMSG) &&
- srvr_cntrl->recent.ssec && srvr_cntrl->recent.salg) {
+ ret = knot_scookie_check(&cookies, &check_ctx,
+ srvr_cntrl->current.salg->alg);
+ if (ret == KNOT_EINVAL &&
+ srvr_cntrl->recent.ssec && srvr_cntrl->recent.salg->alg) {
/* Try recent algorithm. */
struct knot_scookie_check_ctx recent_ctx = {
.clnt_sockaddr = req->qsource.addr,
.secret_data = srvr_cntrl->recent.ssec->data,
.secret_len = srvr_cntrl->recent.ssec->size
};
- ret = kr_srvr_cookie_check(&cookies, &recent_ctx,
- srvr_cntrl->recent.salg);
+ ret = knot_scookie_check(&cookies, &recent_ctx,
+ srvr_cntrl->recent.salg->alg);
}
- if (ret != kr_ok()) {
+ if (ret != KNOT_EOK) {
/* TODO -- Silently discard? */
if (!ignore_badcookie) {
/* Generate BADCOOKIE response. */
ifeq ($(HAS_libcrypto),yes)
libkres_SOURCES += \
- contrib/fnv/hash_64a.c \
lib/layer/cookiemonster.c \
- lib/cookies/alg_clnt.c \
- lib/cookies/alg_srvr.c \
+ lib/cookies/alg_containers.c \
+ lib/cookies/alg_sha.c \
lib/cookies/cache.c \
lib/cookies/control.c
libkres_HEADERS += \
- lib/cookies/alg_clnt.h \
- lib/cookies/alg_srvr.h \
+ lib/cookies/alg_containers..h \
+ lib/cookies/alg_sha.h \
lib/cookies/cache.h \
lib/cookies/control.h
}
/* Check server cookie only with current settings. */
- ret = kr_srvr_cookie_check(cookies, &check_ctx,
- srvr_cntrl->current.salg);
- if (ret != kr_ok()) {
+ ret = knot_scookie_check(cookies, &check_ctx,
+ srvr_cntrl->current.salg->alg);
+ if (ret != KNOT_EOK) {
kr_pkt_set_ext_rcode(answer, KNOT_RCODE_BADCOOKIE);
return KNOT_STATE_FAIL | KNOT_STATE_DONE;
}
#include <string.h>
#include "daemon/engine.h"
-#include "lib/cookies/alg_clnt.h"
-#include "lib/cookies/alg_srvr.h"
+#include "lib/cookies/alg_containers.h"
#include "lib/cookies/control.h"
#include "lib/layer.h"
const JsonNode *node)
{
if (node->tag == JSON_STRING) {
- const struct kr_clnt_cookie_alg_descr *cc_alg = kr_clnt_cookie_alg(kr_clnt_cookie_algs,
- node->string_);
+ const struct kr_cc_alg_descr *cc_alg = kr_cc_alg(kr_cc_algs,
+ node->string_);
if (!cc_alg) {
return false;
}
const JsonNode *node)
{
if (node->tag == JSON_STRING) {
- const struct kr_srvr_cookie_alg_descr *sc_alg = kr_srvr_cookie_alg(kr_srvr_cookie_algs,
- node->string_);
+ const struct kr_sc_alg_descr *sc_alg = kr_sc_alg(kr_sc_algs,
+ node->string_);
if (!sc_alg) {
return false;
}
return false;
}
- const struct kr_clnt_cookie_alg_descr *aux_ptr = kr_clnt_cookie_algs;
- while (aux_ptr && aux_ptr->alg.gen_func) {
+ const struct kr_cc_alg_descr *aux_ptr = kr_cc_algs;
+ while (aux_ptr && aux_ptr->alg && aux_ptr->alg->gen_func) {
assert(aux_ptr->name);
JsonNode *element = json_mkstring(aux_ptr->name);
if (!element) {
return false;
}
- const struct kr_srvr_cookie_alg_descr *aux_ptr = kr_srvr_cookie_algs;
- while (aux_ptr && aux_ptr->alg.gen_func) {
+ const struct kr_sc_alg_descr *aux_ptr = kr_sc_algs;
+ while (aux_ptr && aux_ptr->alg && aux_ptr->alg->gen_func) {
assert(aux_ptr->name);
JsonNode *element = json_mkstring(aux_ptr->name);
if (!element) {
kr_glob_cookie_ctx.clnt.enabled = false;
kr_glob_cookie_ctx.clnt.current.csec = cs;
- kr_glob_cookie_ctx.clnt.current.calg = kr_clnt_cookie_alg(kr_clnt_cookie_algs,
- "FNV-64");
+ kr_glob_cookie_ctx.clnt.current.calg = kr_cc_alg(kr_cc_algs, "FNV-64");
kr_glob_cookie_ctx.clnt.cache_ttl = DFLT_COOKIE_TTL;
kr_glob_cookie_ctx.srvr.enabled = false;
kr_glob_cookie_ctx.srvr.current.ssec = ss;
- kr_glob_cookie_ctx.srvr.current.salg = kr_srvr_cookie_alg(kr_srvr_cookie_algs,
- "HMAC-SHA256-64");
+ kr_glob_cookie_ctx.srvr.current.salg = kr_sc_alg(kr_sc_algs,
+ "HMAC-SHA256-64");
module->data = NULL;