verify packets

diff --git a/dnssec.c b/dnssec.c
index 3aea52a88aed24c63a3851ed2ca5ede013acf297..7641cc3aceabe1ba870a9b6a79f102ca601a7d7b 100644 (file)
--- a/dnssec.c
+++ b/dnssec.c
@@ -1223,10 +1223,18 @@ ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o,
 {
        ldns_rr_list *rrset;
        ldns_rr_list *sigs;
+       ldns_rr_list *sigs_covered;
+       ldns_rdf *rdf_t;
+       ldns_rr_type t_netorder;
 
        if (!k) {
                return LDNS_STATUS_CRYPTO_NO_DNSKEY;
        }
+
+       if (t == LDNS_RR_TYPE_RRSIG) {
+               /* we don't have RRSIG(RRSIG) (yet? ;-) ) */
+               return LDNS_STATUS_ERR;
+       }
        
        if (s) {
                /* if s is not NULL, the sigs are given to use */
@@ -1244,11 +1252,25 @@ ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o,
        /* *sigh* rrsig are subtyped, so now we need to find the correct
         * sigs for the type t
         */
-
+       t_netorder = htons(t); /* rdf are in network order! */
+       rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, sizeof(ldns_rr_type), &t_netorder);
+       sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0);
        
        rrset = ldns_pkt_rr_list_by_name_and_type(p, o, t, LDNS_SECTION_ANY_NOQUESTION);
 
+       if (!rrset) {
+               return LDNS_STATUS_ERR;
+       }
+
+       if (!sigs_covered) {
+               return LDNS_STATUS_CRYPTO_NO_RRSIG;
+       }
+
+       printf("sigs\n");
        ldns_rr_list_print(stdout, sigs);
+       printf("sigs covered\n");
+       ldns_rr_list_print(stdout, sigs_covered);
+       printf("rrset\n");
        ldns_rr_list_print(stdout, rrset);
        printf("\n");
 

diff --git a/ldns/rr.h b/ldns/rr.h
index a22884581b765cc29d09b758220992de0390772c..3c1e2079761845dfb9562d404f6551a2bfe7c6bf 100644 (file)
--- a/ldns/rr.h
+++ b/ldns/rr.h
@@ -592,4 +592,17 @@ size_t ldns_rr_descriptor_maximum(const ldns_rr_descriptor *descriptor);
  */
 ldns_rdf_type ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor, size_t field);
 
+/**
+ * Return the rr_list which matches the rdf at position field. Think
+ * type-covered stuff for RRSIG
+ * 
+ * \param[in] l the rr_list to look in
+ * \param[in] r the rdf to use for the comparison
+ * \param[in] pos at which position can we find the rdf
+ * 
+ * \return a new rr list with only the RRs that match 
+ *
+ */
+ldns_rr_list *ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, uint16_t pos);
+
 #endif /* _LDNS_RR_H */

diff --git a/rr.c b/rr.c
index f4d4d217e9105c9fba546d5175fbb54c0986c81f..785a2aa423a177488e9744fbb330fcca24d96f4d 100644 (file)
--- a/rr.c
+++ b/rr.c
@@ -515,6 +515,38 @@ ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right)
        return cat;
 }
 
+ldns_rr_list *
+ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, uint16_t pos)
+{
+       uint16_t i;
+       ldns_rr_list *subtyped;
+       ldns_rdf *list_rdf;
+
+       subtyped = ldns_rr_list_new();
+
+       for(i = 0; i < ldns_rr_list_rr_count(l); i++) {
+               list_rdf = ldns_rr_rdf(
+                       ldns_rr_list_rr(l, i),
+                       pos);
+               if (!list_rdf) {
+                       /* pos is too large or any other error */
+                       return NULL;
+               }
+
+               if (ldns_rdf_compare(list_rdf, r) == 0) {
+                       /* a match */
+                       ldns_rr_list_push_rr(subtyped, 
+                                       ldns_rr_list_rr(l, i));
+               }
+       }
+
+       if (ldns_rr_list_rr_count(subtyped) > 0) {
+               return subtyped;
+       } else {
+               return NULL;
+       }
+}
+
 bool
 ldns_rr_list_push_rr(ldns_rr_list *rr_list, ldns_rr *rr)
 {