#ifdef HAVE_CRYPTO_SHORTHASH // we can do siphash-based cookies
DNSPacket::s_doEDNSCookieProcessing = true;
try {
- if (::arg()["edns-cookie-secret"].size() != EDNSCOOKIESECRETSIZE) {
- throw std::range_error("wrong size (" + std::to_string(::arg()["edns-cookie-secret"].size()) + "), must be " + std::to_string(EDNSCOOKIESECRETSIZE));
+ if (::arg()["edns-cookie-secret"].size() != EDNSCookiesOpt::EDNSCookieSecretSize) {
+ throw std::range_error("wrong size (" + std::to_string(::arg()["edns-cookie-secret"].size()) + "), must be " + std::to_string(EDNSCookiesOpt::EDNSCookieSecretSize));
}
DNSPacket::s_EDNSCookieKey = makeBytesFromHex(::arg()["edns-cookie-secret"]);
} catch(const std::range_error &e) {
if (d_haveednscookie) {
if (d_eco.isWellFormed()) {
- optsize += EDNSCOOKIEOPTSIZE;
+ optsize += EDNSCookiesOpt::EDNSCookieOptSize;
}
}
bool EDNSCookiesOpt::makeServerCookie(const string& secret, const ComboAddress& source)
{
#ifdef HAVE_CRYPTO_SHORTHASH
+ static_assert(EDNSCookieSecretSize == crypto_shorthash_KEYBYTES * 2, "The EDNSCookieSecretSize is not twice crypto_shorthash_KEYBYTES");
+
if (isValid(secret, source) && !shouldRefresh()) {
return true;
}
#include "namespaces.hh"
#include "iputils.hh"
-#define EDNSCOOKIESECRETSIZE 32
-#define EDNSCOOKIEOPTSIZE 24
-
struct EDNSCookiesOpt
{
+ static const size_t EDNSCookieSecretSize = 32;
+ static const size_t EDNSCookieOptSize = 24;
+
EDNSCookiesOpt(){};
EDNSCookiesOpt(const std::string& option);
EDNSCookiesOpt(const char* option, unsigned int len);
projects / thirdparty / pdns.git / commitdiff
