From: Miek Gieben <miekg@NLnetLabs.nl>
Date: Tue, 24 May 2005 11:54:01 +0000 (+0000)
Subject: verify packets
X-Git-Tag: release-0.60^2~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7e0d64201eb2c56cbb678c9e963fab95b38258af;p=thirdparty%2Fldns.git

verify packets
---

diff --git a/dnssec.c b/dnssec.c
index 3aea52a8..7641cc3a 100644
--- a/dnssec.c
+++ b/dnssec.c
@@ -1223,10 +1223,18 @@ ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o,
 {
 	ldns_rr_list *rrset;
 	ldns_rr_list *sigs;
+	ldns_rr_list *sigs_covered;
+	ldns_rdf *rdf_t;
+	ldns_rr_type t_netorder;
 
 	if (!k) {
 		return LDNS_STATUS_CRYPTO_NO_DNSKEY;
 	}
+
+	if (t == LDNS_RR_TYPE_RRSIG) {
+		/* we don't have RRSIG(RRSIG) (yet? ;-) ) */
+		return LDNS_STATUS_ERR;
+	}
 	
 	if (s) {
 		/* if s is not NULL, the sigs are given to use */
@@ -1244,11 +1252,25 @@ ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o,
 	/* *sigh* rrsig are subtyped, so now we need to find the correct
 	 * sigs for the type t
 	 */
-
+	t_netorder = htons(t); /* rdf are in network order! */
+	rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, sizeof(ldns_rr_type), &t_netorder);
+	sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0);
 	
 	rrset = ldns_pkt_rr_list_by_name_and_type(p, o, t, LDNS_SECTION_ANY_NOQUESTION);
 
+	if (!rrset) {
+		return LDNS_STATUS_ERR;
+	}
+
+	if (!sigs_covered) {
+		return LDNS_STATUS_CRYPTO_NO_RRSIG;
+	}
+
+	printf("sigs\n");
 	ldns_rr_list_print(stdout, sigs);
+	printf("sigs covered\n");
+	ldns_rr_list_print(stdout, sigs_covered);
+	printf("rrset\n");
 	ldns_rr_list_print(stdout, rrset);
 	printf("\n");
 
diff --git a/ldns/rr.h b/ldns/rr.h
index a2288458..3c1e2079 100644
--- a/ldns/rr.h
+++ b/ldns/rr.h
@@ -592,4 +592,17 @@ size_t ldns_rr_descriptor_maximum(const ldns_rr_descriptor *descriptor);
  */
 ldns_rdf_type ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor, size_t field);
 
+/**
+ * Return the rr_list which matches the rdf at position field. Think
+ * type-covered stuff for RRSIG
+ * 
+ * \param[in] l the rr_list to look in
+ * \param[in] r the rdf to use for the comparison
+ * \param[in] pos at which position can we find the rdf
+ * 
+ * \return a new rr list with only the RRs that match 
+ *
+ */
+ldns_rr_list *ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, uint16_t pos);
+
 #endif /* _LDNS_RR_H */
diff --git a/rr.c b/rr.c
index f4d4d217..785a2aa4 100644
--- a/rr.c
+++ b/rr.c
@@ -515,6 +515,38 @@ ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right)
 	return cat;
 }
 
+ldns_rr_list *
+ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, uint16_t pos)
+{
+	uint16_t i;
+	ldns_rr_list *subtyped;
+	ldns_rdf *list_rdf;
+
+	subtyped = ldns_rr_list_new();
+
+	for(i = 0; i < ldns_rr_list_rr_count(l); i++) {
+		list_rdf = ldns_rr_rdf(
+			ldns_rr_list_rr(l, i),
+			pos);
+		if (!list_rdf) {
+			/* pos is too large or any other error */
+			return NULL;
+		}
+
+		if (ldns_rdf_compare(list_rdf, r) == 0) {
+			/* a match */
+			ldns_rr_list_push_rr(subtyped, 
+					ldns_rr_list_rr(l, i));
+		}
+	}
+
+	if (ldns_rr_list_rr_count(subtyped) > 0) {
+		return subtyped;
+	} else {
+		return NULL;
+	}
+}
+
 bool
 ldns_rr_list_push_rr(ldns_rr_list *rr_list, ldns_rr *rr)
 {