From: Karel Slany Date: Tue, 21 Jun 2016 15:37:54 +0000 (+0200) Subject: Using new cookies API from libknot. X-Git-Tag: v1.1.0~2^2~96 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=41d5b144b4d966955eb52861baf6db718be87b60;p=thirdparty%2Fknot-resolver.git Using new cookies API from libknot. --- diff --git a/lib/cookies/alg_clnt.c b/lib/cookies/alg_clnt.c index f3d8e5219..25612c7d0 100644 --- a/lib/cookies/alg_clnt.c +++ b/lib/cookies/alg_clnt.c @@ -14,15 +14,15 @@ along with this program. If not, see . */ -#include /* inet_ntop() */ -#include -#include #include #include #include #include #include +#include +#include + #include "contrib/fnv/fnv.h" #include "lib/cookies/alg_clnt.h" @@ -34,18 +34,18 @@ * @param input Input parameters. * @param cc_out Buffer for computed client cookie. * @param cc_len Size of buffre/written data. - * @return kr_ok() on success, error code else. + * @return KNOT_EOK on success, error code else. */ -static int kr_clnt_cookie_alg_fnv64(const struct kr_clnt_cookie_input *input, +static int kr_clnt_cookie_alg_fnv64(const struct knot_ccookie_input *input, uint8_t *cc_out, uint16_t *cc_len) { if (!input || !cc_out || !cc_len) { - return kr_error(EINVAL); + return KNOT_EINVAL; } if ((!input->clnt_sockaddr && !input->srvr_sockaddr) || !(input->secret_data && input->secret_len)) { - return kr_error(EINVAL); + return KNOT_EINVAL; } const uint8_t *addr = NULL; @@ -55,8 +55,8 @@ static int kr_clnt_cookie_alg_fnv64(const struct kr_clnt_cookie_input *input, #if defined(CC_HASH_USE_CLIENT_ADDRESS) if (input->clnt_sockaddr) { - if (kr_ok() == kr_address_bytes(input->clnt_sockaddr, &addr, - &alen)) { + if (KNOT_EOK == knot_sockaddr_bytes(input->clnt_sockaddr, + &addr, &alen)) { assert(addr && alen); hash_val = fnv_64a_buf(addr, alen, hash_val); } @@ -64,8 +64,8 @@ static int kr_clnt_cookie_alg_fnv64(const struct kr_clnt_cookie_input *input, #endif /* defined(CC_HASH_USE_CLIENT_ADDRESS) */ if (input->srvr_sockaddr) { - if (kr_ok() == kr_address_bytes(input->srvr_sockaddr, &addr, - &alen)) { + if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_sockaddr, + &addr, &alen)) { assert(addr && alen); hash_val = fnv_64a_buf((void *) addr, alen, hash_val); } @@ -76,13 +76,13 @@ static int kr_clnt_cookie_alg_fnv64(const struct kr_clnt_cookie_input *input, assert(KNOT_OPT_COOKIE_CLNT == sizeof(hash_val)); if (*cc_len < KNOT_OPT_COOKIE_CLNT) { - return kr_error(ENOSPC); + return KNOT_ESPACE; } *cc_len = KNOT_OPT_COOKIE_CLNT; memcpy(cc_out, &hash_val, *cc_len); - return kr_ok(); + return KNOT_EOK; } /** @@ -91,18 +91,18 @@ static int kr_clnt_cookie_alg_fnv64(const struct kr_clnt_cookie_input *input, * @param input Input parameters. * @param cc_out Buffer for computed client cookie. * @param cc_len Size of buffre/written data. - * @return kr_ok() on success, error code else. + * @return KNOT_EOK on success, error code else. */ -static int kr_clnt_cookie_alg_hmac_sha256_64(const struct kr_clnt_cookie_input *input, +static int kr_clnt_cookie_alg_hmac_sha256_64(const struct knot_ccookie_input *input, uint8_t *cc_out, uint16_t *cc_len) { if (!input || !cc_out || !cc_len) { - return kr_error(EINVAL); + return KNOT_EINVAL; } if ((!input->clnt_sockaddr && !input->srvr_sockaddr) || !(input->secret_data && input->secret_len)) { - return kr_error(EINVAL); + return KNOT_EINVAL; } const uint8_t *addr = NULL; @@ -120,18 +120,18 @@ static int kr_clnt_cookie_alg_hmac_sha256_64(const struct kr_clnt_cookie_input * int ret = HMAC_Init_ex(&ctx, input->secret_data, input->secret_len, EVP_sha256(), NULL); if (ret != 1) { - ret = kr_error(EINVAL); + ret = KNOT_EINVAL; goto fail; } #if defined(CC_HASH_USE_CLIENT_ADDRESS) if (input->clnt_sockaddr) { - if (kr_ok() == kr_address_bytes(input->clnt_sockaddr, &addr, - &alen)) { + if (KNOT_EOK == knot_sockaddr_bytes(input->clnt_sockaddr, + &addr, &alen)) { assert(addr && alen); ret = HMAC_Update(&ctx, addr, alen); if (ret != 1) { - ret = kr_error(EINVAL); + ret = KNOT_EINVAL; goto fail; } } @@ -139,30 +139,30 @@ static int kr_clnt_cookie_alg_hmac_sha256_64(const struct kr_clnt_cookie_input * #endif /* defined(CC_HASH_USE_CLIENT_ADDRESS) */ if (input->srvr_sockaddr) { - if (kr_ok() == kr_address_bytes(input->srvr_sockaddr, &addr, - &alen)) { + if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_sockaddr, + &addr, &alen)) { assert(addr && alen); ret = HMAC_Update(&ctx, addr, alen); if (ret != 1) { - ret = kr_error(EINVAL); + ret = KNOT_EINVAL; goto fail; } } } if (1 != HMAC_Final(&ctx, digest, &digest_len)) { - ret = kr_error(EINVAL); + ret = KNOT_EINVAL; goto fail; } assert(KNOT_OPT_COOKIE_CLNT <= SHA256_DIGEST_LENGTH); if (*cc_len < KNOT_OPT_COOKIE_CLNT) { - return kr_error(ENOSPC); + return KNOT_ESPACE; } *cc_len = KNOT_OPT_COOKIE_CLNT; memcpy(cc_out, digest, *cc_len); - ret = kr_ok(); + ret = KNOT_EOK; fail: HMAC_CTX_cleanup(&ctx); @@ -170,9 +170,9 @@ fail: } const struct kr_clnt_cookie_alg_descr kr_clnt_cookie_algs[] = { - { "FNV-64", kr_clnt_cookie_alg_fnv64 }, - { "HMAC-SHA256-64", kr_clnt_cookie_alg_hmac_sha256_64 }, - { NULL, NULL } + { "FNV-64", { KNOT_OPT_COOKIE_CLNT, kr_clnt_cookie_alg_fnv64 } }, + { "HMAC-SHA256-64", { KNOT_OPT_COOKIE_CLNT, kr_clnt_cookie_alg_hmac_sha256_64 } }, + { NULL, { 0, NULL } } }; const struct kr_clnt_cookie_alg_descr *kr_clnt_cookie_alg(const struct kr_clnt_cookie_alg_descr cc_algs[], @@ -183,7 +183,7 @@ const struct kr_clnt_cookie_alg_descr *kr_clnt_cookie_alg(const struct kr_clnt_c } const struct kr_clnt_cookie_alg_descr *aux_ptr = cc_algs; - while (aux_ptr && aux_ptr->func) { + while (aux_ptr && aux_ptr->alg.gen_func) { assert(aux_ptr->name); if (strcmp(aux_ptr->name, name) == 0) { return aux_ptr; @@ -194,58 +194,15 @@ const struct kr_clnt_cookie_alg_descr *kr_clnt_cookie_alg(const struct kr_clnt_c return NULL; } -int kr_address_bytes(const void *sockaddr, const uint8_t **addr, size_t *len) -{ - if (!sockaddr || !addr || !len) { - return kr_error(EINVAL); - } - - int addr_family = ((struct sockaddr *) sockaddr)->sa_family; - - switch (addr_family) { - case AF_INET: - *addr = (uint8_t *) &((struct sockaddr_in *) sockaddr)->sin_addr; - *len = 4; - break; - case AF_INET6: - *addr = (uint8_t *) &((struct sockaddr_in6 *) sockaddr)->sin6_addr; - *len = 16; - break; - default: - *addr = NULL; - *len = 0; - addr_family = AF_UNSPEC; - return kr_error(EINVAL); - break; - } - - return kr_ok(); -} - int kr_clnt_cookie_check(const uint8_t *cc, uint16_t cc_len, - const struct kr_clnt_cookie_input *input, + const struct knot_ccookie_input *input, const struct kr_clnt_cookie_alg_descr *cc_alg) { - if (!cc || !cc_len || !input || !cc_alg || !cc_alg->func) { - return kr_error(EINVAL); - } - - uint8_t generated_cc[KNOT_OPT_COOKIE_CLNT] = {0, }; - uint16_t generated_cc_len = KNOT_OPT_COOKIE_CLNT; - - int ret = cc_alg->func(input, generated_cc, &generated_cc_len); - if (ret != kr_ok()) { - return ret; - } - - if (generated_cc_len != cc_len) { + if (!cc || !cc_len || !input || !cc_alg) { return kr_error(EINVAL); } - ret = memcmp(cc, generated_cc, generated_cc_len); - if (ret == 0) { - return kr_ok(); - } + int ret = knot_ccookie_check(cc, cc_len, input, &cc_alg->alg); - return kr_error(EINVAL); + return (ret == KNOT_EOK) ? kr_ok() : kr_error(EINVAL); } diff --git a/lib/cookies/alg_clnt.h b/lib/cookies/alg_clnt.h index ec29644c9..a093a99ec 100644 --- a/lib/cookies/alg_clnt.h +++ b/lib/cookies/alg_clnt.h @@ -16,35 +16,17 @@ #pragma once -#include +#include #include "lib/defines.h" /** Maximal size of a cookie option. */ #define KR_COOKIE_OPT_MAX_LEN (KNOT_EDNS_OPTION_HDRLEN + KNOT_OPT_COOKIE_CLNT + KNOT_OPT_COOKIE_SRVR_MAX) -/** Client cookie computation context. */ -struct kr_clnt_cookie_input { - const void *clnt_sockaddr; /**< Client (local) socket address. */ - const void *srvr_sockaddr; /**< Server (remote) socket address. */ - const uint8_t *secret_data; /**< Client secret data. */ - size_t secret_len; /**< Secret data length. */ -}; - -/** - * @brief Client cookie generator function type. - * @param input Data which to generate the cookie from. - * @param cc_out Buffer to write the resulting client cookie data into. - * @param cc_len Set to length of buffer. After successful return contains size of client cookie. - * @return kr_ok() or error code - */ -typedef int (clnt_cookie_alg_t)(const struct kr_clnt_cookie_input *input, - uint8_t *cc_out, uint16_t *cc_len); - /** Holds description of client cookie hashing algorithms. */ struct kr_clnt_cookie_alg_descr { - const char *name; /**< Hash function name. */ - clnt_cookie_alg_t *func; /**< Pointer to hash function. */ + const char *name; /**< Hash algorithgm name. */ + struct knot_cc_alg alg; /**< Hash algorithm. */ }; /** @@ -65,15 +47,6 @@ KR_EXPORT const struct kr_clnt_cookie_alg_descr *kr_clnt_cookie_alg(const struct kr_clnt_cookie_alg_descr cc_algs[], const char *name); -/** - * @brief Get pointers to IP address bytes. - * @param sockaddr socket address - * @param addr pointer to address - * @param len address length - * @return kr_ok() on success, error code else. - */ -int kr_address_bytes(const void *sockaddr, const uint8_t **addr, size_t *len); - /** * @brief Check whether supplied client cookie was generated from given client * secret and address. @@ -85,5 +58,5 @@ int kr_address_bytes(const void *sockaddr, const uint8_t **addr, size_t *len); */ KR_EXPORT int kr_clnt_cookie_check(const uint8_t *cc, uint16_t cc_len, - const struct kr_clnt_cookie_input *input, + const struct knot_ccookie_input *input, const struct kr_clnt_cookie_alg_descr *cc_alg); diff --git a/lib/cookies/alg_srvr.c b/lib/cookies/alg_srvr.c index a3ec3e649..3346f5b7c 100644 --- a/lib/cookies/alg_srvr.c +++ b/lib/cookies/alg_srvr.c @@ -22,8 +22,11 @@ #include #include +#include /* knot_sockaddr_bytes() */ +#include +#include + #include "contrib/fnv/fnv.h" -#include "lib/cookies/alg_clnt.h" /* kr_address_bytes() */ #include "lib/cookies/alg_srvr.h" /** @@ -31,17 +34,17 @@ * @note DNS Cookies -- Appendix B.1 */ static int srvr_cookie_parse_simple(const uint8_t *sc, uint16_t sc_len, - struct kr_srvr_cookie_inbound *inbound) + struct knot_scookie_inbound *inbound) { if (!sc || !sc_len || !inbound) { - return kr_error(EINVAL); + return KNOT_EINVAL; } //memset(inbound, 0, sizeof(*inbound)); inbound->hash_data = sc; /* Entire server cookie contains data. */ inbound->hash_len = sc_len; - return kr_ok(); + return KNOT_EOK; } /** @@ -49,14 +52,14 @@ static int srvr_cookie_parse_simple(const uint8_t *sc, uint16_t sc_len, * @note DNS Cookies -- Appendix B.2 */ static int srvr_cookie_parse(const uint8_t *sc, uint16_t sc_len, - struct kr_srvr_cookie_inbound *inbound) + struct knot_scookie_inbound *inbound) { if (!sc || !sc_len || !inbound) { - return kr_error(EINVAL); + return KNOT_EINVAL; } if (sc_len <= (2 * sizeof(uint32_t))) { /* nonce + time */ - return kr_error(EINVAL); + return KNOT_EINVAL; } uint32_t aux; @@ -68,7 +71,7 @@ static int srvr_cookie_parse(const uint8_t *sc, uint16_t sc_len, inbound->hash_data = sc + (2 * sizeof(aux)); inbound->hash_len = sc_len - (2 * sizeof(aux)); - return kr_ok(); + return KNOT_EOK; } #define SRVR_FNV64_SIMPLE_HASH_SIZE 8 @@ -77,18 +80,17 @@ static int srvr_cookie_parse(const uint8_t *sc, uint16_t sc_len, * @brief Compute server cookie using FNV-64 (hash only). * @note Server cookie = FNV-64( client IP | client cookie | server secret ) */ -static int kr_srvr_cookie_alg_fnv64_simple(const struct kr_srvr_cookie_input *input, +static int kr_srvr_cookie_alg_fnv64_simple(const struct knot_scookie_input *input, uint8_t *sc_out, uint16_t *sc_len) { if (!input || !sc_out || !sc_len || (*sc_len < SRVR_FNV64_SIMPLE_HASH_SIZE)) { - return kr_error(EINVAL); + return KNOT_EINVAL; } - if (!input->clnt_cookie || !input->clnt_cookie_len || - !input->srvr_data || + if (!input->cc || !input->cc_len || !input->srvr_data || !input->srvr_data->secret_data || !input->srvr_data->secret_len) { - return kr_error(EINVAL); + return KNOT_EINVAL; } const uint8_t *addr = NULL; @@ -96,14 +98,13 @@ static int kr_srvr_cookie_alg_fnv64_simple(const struct kr_srvr_cookie_input *in Fnv64_t hash_val = FNV1A_64_INIT; - if (kr_ok() == kr_address_bytes(input->srvr_data->clnt_sockaddr, &addr, - &alen)) { + if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_data->clnt_sockaddr, + &addr, &alen)) { assert(addr && alen); hash_val = fnv_64a_buf((void *) addr, alen, hash_val); } - hash_val = fnv_64a_buf((void *) input->clnt_cookie, - input->clnt_cookie_len, hash_val); + hash_val = fnv_64a_buf((void *) input->cc, input->cc_len, hash_val); hash_val = fnv_64a_buf((void *) input->srvr_data->secret_data, input->srvr_data->secret_len, hash_val); @@ -112,7 +113,7 @@ static int kr_srvr_cookie_alg_fnv64_simple(const struct kr_srvr_cookie_input *in *sc_len = sizeof(hash_val); assert(SRVR_FNV64_SIMPLE_HASH_SIZE == *sc_len); - return kr_ok(); + return KNOT_EOK; } #define SRVR_FNV64_SIZE 16 @@ -121,18 +122,17 @@ static int kr_srvr_cookie_alg_fnv64_simple(const struct kr_srvr_cookie_input *in * @brief Compute server cookie using FNV-64. * @note Server cookie = nonce | time | FNV-64( client IP | nonce| time | client cookie | server secret ) */ -static int kr_srvr_cookie_alg_fnv64(const struct kr_srvr_cookie_input *input, +static int kr_srvr_cookie_alg_fnv64(const struct knot_scookie_input *input, uint8_t *sc_out, uint16_t *sc_len) { if (!input || !sc_out || !sc_len || (*sc_len < SRVR_FNV64_SIZE)) { - return kr_error(EINVAL); + return KNOT_EINVAL; } - if (!input->clnt_cookie || !input->clnt_cookie_len || - !input->srvr_data || + if (!input->cc || !input->cc_len || !input->srvr_data || !input->srvr_data->secret_data || !input->srvr_data->secret_len) { - return kr_error(EINVAL); + return KNOT_EINVAL; } const uint8_t *addr = NULL; @@ -141,8 +141,8 @@ static int kr_srvr_cookie_alg_fnv64(const struct kr_srvr_cookie_input *input, Fnv64_t hash_val = FNV1A_64_INIT; if (input->srvr_data->clnt_sockaddr) { - if (kr_ok() == kr_address_bytes(input->srvr_data->clnt_sockaddr, - &addr, &alen)) { + if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_data->clnt_sockaddr, + &addr, &alen)) { assert(addr && alen); hash_val = fnv_64a_buf((void *) addr, alen, hash_val); } @@ -154,8 +154,7 @@ static int kr_srvr_cookie_alg_fnv64(const struct kr_srvr_cookie_input *input, hash_val = fnv_64a_buf((void *) &input->time, sizeof(input->time), hash_val); - hash_val = fnv_64a_buf((void *) input->clnt_cookie, - input->clnt_cookie_len, hash_val); + hash_val = fnv_64a_buf((void *) input->cc, input->cc_len, hash_val); hash_val = fnv_64a_buf((void *) input->srvr_data->secret_data, input->srvr_data->secret_len, hash_val); @@ -169,7 +168,7 @@ static int kr_srvr_cookie_alg_fnv64(const struct kr_srvr_cookie_input *input, *sc_len = (2 * sizeof(aux)) + sizeof(hash_val); assert(SRVR_FNV64_SIZE == *sc_len); - return kr_ok(); + return KNOT_EOK; } #define SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE 8 @@ -178,19 +177,18 @@ static int kr_srvr_cookie_alg_fnv64(const struct kr_srvr_cookie_input *input, * @brief Compute server cookie using HMAC-SHA256-64 (hash only). * @note Server cookie = HMAC-SHA256-64( server secret, client cookie | client IP ) */ -static int kr_srvr_cookie_alg_hmac_sha256_64_simple(const struct kr_srvr_cookie_input *input, +static int kr_srvr_cookie_alg_hmac_sha256_64_simple(const struct knot_scookie_input *input, uint8_t *sc_out, uint16_t *sc_len) { if (!input || !sc_out || !sc_len || (*sc_len < SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE)) { - return kr_error(EINVAL); + return KNOT_EINVAL; } - if (!input->clnt_cookie || !input->clnt_cookie_len || - !input->srvr_data || + if (!input->cc || !input->cc_len || !input->srvr_data || !input->srvr_data->secret_data || !input->srvr_data->secret_len) { - return kr_error(EINVAL); + return KNOT_EINVAL; } const uint8_t *addr = NULL; @@ -206,30 +204,30 @@ static int kr_srvr_cookie_alg_hmac_sha256_64_simple(const struct kr_srvr_cookie_ input->srvr_data->secret_len, EVP_sha256(), NULL); if (ret != 1) { - ret = kr_error(EINVAL); + ret = KNOT_EINVAL; goto fail; } - ret = HMAC_Update(&ctx, input->clnt_cookie, input->clnt_cookie_len); + ret = HMAC_Update(&ctx, input->cc, input->cc_len); if (ret != 1) { - ret = kr_error(EINVAL); + ret = KNOT_EINVAL; goto fail; } if (input->srvr_data->clnt_sockaddr) { - if (kr_ok() == kr_address_bytes(input->srvr_data->clnt_sockaddr, - &addr, &alen)) { + if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_data->clnt_sockaddr, + &addr, &alen)) { assert(addr && alen); ret = HMAC_Update(&ctx, addr, alen); if (ret != 1) { - ret = kr_error(EINVAL); + ret = KNOT_EINVAL; goto fail; } } } if (1 != HMAC_Final(&ctx, digest, &digest_len)) { - ret = kr_error(EINVAL); + ret = KNOT_EINVAL; goto fail; } @@ -238,7 +236,7 @@ static int kr_srvr_cookie_alg_hmac_sha256_64_simple(const struct kr_srvr_cookie_ memcpy(sc_out, digest, SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE); *sc_len = SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE; - ret = kr_ok(); + ret = KNOT_EOK; fail: HMAC_CTX_cleanup(&ctx); @@ -251,18 +249,17 @@ fail: * @brief Compute server cookie using HMAC-SHA256-64). * @note Server cookie = nonce | time | HMAC-SHA256-64( server secret, client cookie | nonce| time | client IP ) */ -static int kr_srvr_cookie_alg_hmac_sha256_64(const struct kr_srvr_cookie_input *input, +static int kr_srvr_cookie_alg_hmac_sha256_64(const struct knot_scookie_input *input, uint8_t *sc_out, uint16_t *sc_len) { if (!input || !sc_out || !sc_len || (*sc_len < SRVR_HMAC_SHA256_64_SIZE)) { - return kr_error(EINVAL); + return KNOT_EINVAL; } - if (!input->clnt_cookie || !input->clnt_cookie_len || - !input->srvr_data || + if (!input->cc || !input->cc_len || !input->srvr_data || !input->srvr_data->secret_data || !input->srvr_data->secret_len) { - return kr_error(EINVAL); + return KNOT_EINVAL; } const uint8_t *addr = NULL; @@ -278,42 +275,42 @@ static int kr_srvr_cookie_alg_hmac_sha256_64(const struct kr_srvr_cookie_input * input->srvr_data->secret_len, EVP_sha256(), NULL); if (ret != 1) { - ret = kr_error(EINVAL); + ret = KNOT_EINVAL; goto fail; } - ret = HMAC_Update(&ctx, input->clnt_cookie, input->clnt_cookie_len); + ret = HMAC_Update(&ctx, input->cc, input->cc_len); if (ret != 1) { - ret = kr_error(EINVAL); + ret = KNOT_EINVAL; goto fail; } ret = HMAC_Update(&ctx, (void *) &input->nonce, sizeof(input->nonce)); if (ret != 1) { - ret = kr_error(EINVAL); + ret = KNOT_EINVAL; goto fail; } ret = HMAC_Update(&ctx, (void *) &input->time, sizeof(input->time)); if (ret != 1) { - ret = kr_error(EINVAL); + ret = KNOT_EINVAL; goto fail; } if (input->srvr_data->clnt_sockaddr) { - if (kr_ok() == kr_address_bytes(input->srvr_data->clnt_sockaddr, - &addr, &alen)) { + if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_data->clnt_sockaddr, + &addr, &alen)) { assert(addr && alen); ret = HMAC_Update(&ctx, addr, alen); if (ret != 1) { - ret = kr_error(EINVAL); + ret = KNOT_EINVAL; goto fail; } } } if (1 != HMAC_Final(&ctx, digest, &digest_len)) { - ret = kr_error(EINVAL); + ret = KNOT_EINVAL; goto fail; } @@ -329,7 +326,7 @@ static int kr_srvr_cookie_alg_hmac_sha256_64(const struct kr_srvr_cookie_input * *sc_len = (2 * sizeof(aux)) + SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE; assert(SRVR_HMAC_SHA256_64_SIZE == *sc_len); - ret = kr_ok(); + ret = KNOT_EOK; fail: HMAC_CTX_cleanup(&ctx); @@ -337,11 +334,11 @@ fail: } const struct kr_srvr_cookie_alg_descr kr_srvr_cookie_algs[] = { - { "FNV-64-SIMPLE", SRVR_FNV64_SIMPLE_HASH_SIZE, srvr_cookie_parse_simple, kr_srvr_cookie_alg_fnv64_simple }, - { "FNV-64", SRVR_FNV64_SIZE, srvr_cookie_parse, kr_srvr_cookie_alg_fnv64 }, - { "HMAC-SHA256-64-SIMPLE", SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE, srvr_cookie_parse_simple, kr_srvr_cookie_alg_hmac_sha256_64_simple }, - { "HMAC-SHA256-64", SRVR_HMAC_SHA256_64_SIZE, srvr_cookie_parse, kr_srvr_cookie_alg_hmac_sha256_64 }, - { NULL, 0, NULL, NULL } + { "FNV-64-SIMPLE", { SRVR_FNV64_SIMPLE_HASH_SIZE, srvr_cookie_parse_simple, kr_srvr_cookie_alg_fnv64_simple } }, + { "FNV-64", { SRVR_FNV64_SIZE, srvr_cookie_parse, kr_srvr_cookie_alg_fnv64 } }, + { "HMAC-SHA256-64-SIMPLE", { SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE, srvr_cookie_parse_simple, kr_srvr_cookie_alg_hmac_sha256_64_simple } }, + { "HMAC-SHA256-64", { SRVR_HMAC_SHA256_64_SIZE, srvr_cookie_parse, kr_srvr_cookie_alg_hmac_sha256_64 } }, + { NULL, { 0, NULL, NULL } } }; const struct kr_srvr_cookie_alg_descr *kr_srvr_cookie_alg(const struct kr_srvr_cookie_alg_descr sc_algs[], @@ -352,7 +349,7 @@ const struct kr_srvr_cookie_alg_descr *kr_srvr_cookie_alg(const struct kr_srvr_c } const struct kr_srvr_cookie_alg_descr *aux_ptr = sc_algs; - while (aux_ptr && aux_ptr->gen_func) { + while (aux_ptr && aux_ptr->alg.gen_func) { assert(aux_ptr->name); if (strcmp(aux_ptr->name, name) == 0) { return aux_ptr; @@ -363,62 +360,15 @@ const struct kr_srvr_cookie_alg_descr *kr_srvr_cookie_alg(const struct kr_srvr_c return NULL; } -int kr_srvr_cookie_check(const struct kr_dns_cookies *cookies, - const struct kr_srvr_cookie_check_ctx *check_ctx, +int kr_srvr_cookie_check(const struct knot_dns_cookies *cookies, + const struct knot_scookie_check_ctx *check_ctx, const struct kr_srvr_cookie_alg_descr *sc_alg) { if (!cookies || !check_ctx || !sc_alg) { return kr_error(EINVAL); } - if (!cookies->cc || !cookies->cc_len || - !cookies->sc || !cookies->sc_len) { - return kr_error(EINVAL); - } + int ret = knot_scookie_check(cookies, check_ctx, sc_alg); - if (!check_ctx->clnt_sockaddr || - !check_ctx->secret_data || !check_ctx->secret_len) { - return kr_error(EINVAL); - } - - if (!sc_alg->srvr_cookie_size || - !sc_alg->opt_parse_func || !sc_alg->gen_func) { - return kr_error(EINVAL); - } - - if (cookies->sc_len != sc_alg->srvr_cookie_size) { - /* Cookie size does to match. */ - return kr_error(EBADMSG); - } - - struct kr_srvr_cookie_inbound inbound_sc = { 0, }; - - /* Obtain data from received server cookie. */ - int ret = sc_alg->opt_parse_func(cookies->sc, cookies->sc_len, - &inbound_sc); - if (ret != kr_ok()) { - return ret; - } - - uint8_t generated_sc[KNOT_OPT_COOKIE_SRVR_MAX] = { 0, }; - uint16_t generated_sc_len = KNOT_OPT_COOKIE_SRVR_MAX; - struct kr_srvr_cookie_input sc_input = { - .clnt_cookie = cookies->cc, - .clnt_cookie_len = cookies->cc_len, - .nonce = inbound_sc.nonce, - .time = inbound_sc.time, - .srvr_data = check_ctx - }; - - /* Generate a new server cookie. */ - ret = sc_alg->gen_func(&sc_input, generated_sc, &generated_sc_len); - if (ret != kr_ok()) { - return ret; - } - assert(generated_sc_len == sc_alg->srvr_cookie_size); - - ret = (memcmp(cookies->sc, generated_sc, generated_sc_len) == 0) ? - kr_ok() : kr_error(EBADMSG); - - return ret; + return (ret == KNOT_EOK) ? kr_ok() : kr_error(EINVAL); } diff --git a/lib/cookies/alg_srvr.h b/lib/cookies/alg_srvr.h index 711152ace..ba71dde91 100644 --- a/lib/cookies/alg_srvr.h +++ b/lib/cookies/alg_srvr.h @@ -16,67 +16,14 @@ #pragma once -#include +#include #include "lib/defines.h" -/** Convenience Structure holding both, server and client, cookies. */ -struct kr_dns_cookies { - const uint8_t *cc; /**< Client cookie. */ - uint16_t cc_len; /**< Client cookie size. */ - const uint8_t *sc; /**< Server cookie. */ - uint16_t sc_len; /**< Server cookie size. */ -}; - -/** Inbound server cookie checking context. */ -struct kr_srvr_cookie_check_ctx { - const void *clnt_sockaddr; /**< Client (remote) socket address. */ - const uint8_t *secret_data; /**< Server secret data. */ - size_t secret_len; /**< Server secret data length. */ -}; - -/** Inbound server cookie content structure. */ -struct kr_srvr_cookie_inbound { - uint32_t nonce; /**< Some value. */ - uint32_t time; /**< Time stamp. */ - const uint8_t *hash_data; /**< Hash data. */ - uint16_t hash_len; /**< Hash data length. */ -}; - -/** Server cookie creation context. */ -struct kr_srvr_cookie_input { - const uint8_t *clnt_cookie; /**< Client cookie. */ - uint16_t clnt_cookie_len; /**< Client cookie size. */ - uint32_t nonce; /**< Some generated value. */ - uint32_t time; /**< Cookie time stamp. */ - const struct kr_srvr_cookie_check_ctx *srvr_data; /**< Data known to the server. */ -}; - -/** - * @brief Server cookie parser function type. - * @param sc Server cookie data. - * @param data_len Server cookie data length. - * @param inbound Inbound cookie structure to be set. - * @return kr_ok() or error code. - */ -typedef int (srvr_cookie_parse_t)(const uint8_t *sc, uint16_t sc_len, - struct kr_srvr_cookie_inbound *inbound); -/** - * @brief Server cookie generator function type. - * @param input Data which to generate the cookie from. - * @param sc_out Buffer to write the resulting client cookie data into. - * @param sc_len On input must contain size of the buffer, on successful return contains size of actual written data. - * @return kr_ok() or error code - */ -typedef int (srvr_cookie_gen_t)(const struct kr_srvr_cookie_input *input, - uint8_t *sc_out, uint16_t *sc_len); - /** Holds description of server cookie hashing algorithms. */ struct kr_srvr_cookie_alg_descr { - const char *name; /**< Server cookie algorithm name. */ - const uint16_t srvr_cookie_size; /**< Size of the generated server cookie. */ - srvr_cookie_parse_t *opt_parse_func; /**< Cookie option parser function. */ - srvr_cookie_gen_t *gen_func; /**< Cookie generator function. */ + const char *name; /**< Algorithm name. */ + struct knot_sc_alg alg; /**< Algorithm. */ }; /** @@ -105,6 +52,6 @@ const struct kr_srvr_cookie_alg_descr *kr_srvr_cookie_alg(const struct kr_srvr_c * @return kr_ok() if check OK, error code else. */ KR_EXPORT -int kr_srvr_cookie_check(const struct kr_dns_cookies *cookies, - const struct kr_srvr_cookie_check_ctx *check_ctx, +int kr_srvr_cookie_check(const struct knot_dns_cookies *cookies, + const struct knot_scookie_check_ctx *check_ctx, const struct kr_srvr_cookie_alg_descr *sc_alg); diff --git a/lib/cookies/cache.c b/lib/cookies/cache.c index bbd84d7b6..1ec38c1ef 100644 --- a/lib/cookies/cache.c +++ b/lib/cookies/cache.c @@ -15,7 +15,11 @@ */ #include +#include +#include + #include +#include #include "contrib/cleanup.h" #include "lib/cdb_lmdb.h" @@ -39,7 +43,7 @@ static size_t cache_key(uint8_t *buf, uint8_t tag, const void *sockaddr) const uint8_t *addr = NULL; size_t addr_len = 0; - if (kr_ok() != kr_address_bytes(sockaddr, &addr, &addr_len)) { + if (kr_ok() != knot_sockaddr_bytes(sockaddr, &addr, &addr_len)) { return 0; } assert(addr_len > 0); diff --git a/lib/cookies/control.c b/lib/cookies/control.c index d6e935d60..8b8e1607a 100644 --- a/lib/cookies/control.c +++ b/lib/cookies/control.c @@ -141,7 +141,7 @@ int kr_request_put_cookie(const struct kr_clnt_cookie_settings *clnt_cntrl, /* Generate client cookie. * TODO -- generate client cookie from client address, server address * and secret quantity. */ - struct kr_clnt_cookie_input input = { + struct knot_ccookie_input input = { .clnt_sockaddr = clnt_sockaddr, .srvr_sockaddr = srvr_sockaddr, .secret_data = clnt_cntrl->csec->data, @@ -149,8 +149,8 @@ int kr_request_put_cookie(const struct kr_clnt_cookie_settings *clnt_cntrl, }; uint8_t cc[KNOT_OPT_COOKIE_CLNT]; uint16_t cc_len = KNOT_OPT_COOKIE_CLNT; - assert(clnt_cntrl->calg && clnt_cntrl->calg->func); - int ret = clnt_cntrl->calg->func(&input, cc, &cc_len); + assert(clnt_cntrl->calg && clnt_cntrl->calg->alg.gen_func); + int ret = clnt_cntrl->calg->alg.gen_func(&input, cc, &cc_len); if (ret != kr_ok()) { return ret; } @@ -188,15 +188,15 @@ int kr_request_put_cookie(const struct kr_clnt_cookie_settings *clnt_cntrl, return knot_pkt_put(pkt, KNOT_COMPR_HINT_NONE, pkt->opt_rr, KNOT_PF_FREE); } -int kr_answer_opt_rr_add_cookies(const struct kr_srvr_cookie_input *input, - const struct kr_srvr_cookie_alg_descr *alg, +int kr_answer_opt_rr_add_cookies(const struct knot_scookie_input *input, + const struct kr_srvr_cookie_alg_descr *sc_alg, knot_pkt_t *pkt) { - if (!input || !alg || pkt) { + if (!input || !sc_alg || pkt) { kr_error(EINVAL); } - uint16_t cookie_size = input->clnt_cookie_len + alg->srvr_cookie_size; + uint16_t cookie_size = input->cc_len + sc_alg->alg.sc_size; uint8_t *data = NULL; if (!pkt->opt_rr) { @@ -209,9 +209,9 @@ int kr_answer_opt_rr_add_cookies(const struct kr_srvr_cookie_input *input, return kr_error(ret); } - memcpy(data, input->clnt_cookie, input->clnt_cookie_len); - cookie_size = alg->srvr_cookie_size; - ret = alg->gen_func(input, data + input->clnt_cookie_len, &cookie_size); + memcpy(data, input->cc, input->cc_len); + cookie_size = sc_alg->alg.sc_size; + ret = sc_alg->alg.gen_func(input, data + input->cc_len, &cookie_size); if (ret != kr_ok()) { /* TODO -- Delete COOKIE option. */ return ret; @@ -247,7 +247,7 @@ uint8_t *kr_is_cookie_query(const knot_pkt_t *pkt) return knot_edns_get_option(pkt->opt_rr, KNOT_EDNS_OPTION_COOKIE); } -int kr_parse_cookie_opt(uint8_t *cookie_opt, struct kr_dns_cookies *cookies) +int kr_parse_cookie_opt(uint8_t *cookie_opt, struct knot_dns_cookies *cookies) { if (!cookie_opt || !cookies) { kr_error(EINVAL); diff --git a/lib/cookies/control.h b/lib/cookies/control.h index 8d481c042..30f479972 100644 --- a/lib/cookies/control.h +++ b/lib/cookies/control.h @@ -93,13 +93,13 @@ int kr_request_put_cookie(const struct kr_clnt_cookie_settings *clnt_cntrl, * @brief Add cookies into answer. * @note Data are only added into the OPT RR. * @param input input data to generate server cookie from - * @param alg algorithm to use + * @param sc_alg algorithm to use * @param pkt packet which to put cookie into * @return kr_ok() or error code */ KR_EXPORT -int kr_answer_opt_rr_add_cookies(const struct kr_srvr_cookie_input *input, - const struct kr_srvr_cookie_alg_descr *alg, +int kr_answer_opt_rr_add_cookies(const struct knot_scookie_input *input, + const struct kr_srvr_cookie_alg_descr *sc_alg, knot_pkt_t *pkt); /** @@ -127,4 +127,4 @@ uint8_t *kr_is_cookie_query(const knot_pkt_t *pkt); * @return kr_ok() on success, error if cookies are malformed. */ KR_EXPORT -int kr_parse_cookie_opt(uint8_t *cookie_opt, struct kr_dns_cookies *cookies); +int kr_parse_cookie_opt(uint8_t *cookie_opt, struct knot_dns_cookies *cookies); diff --git a/lib/layer/cookiemonster.c b/lib/layer/cookiemonster.c index b0851bdb9..333b93dfa 100644 --- a/lib/layer/cookiemonster.c +++ b/lib/layer/cookiemonster.c @@ -73,7 +73,7 @@ static const struct sockaddr *guess_server_addr(const struct kr_nsrep *nsrep, const struct sockaddr *sockaddr = NULL; - struct kr_clnt_cookie_input input = { + struct knot_ccookie_input input = { .clnt_sockaddr = NULL, .srvr_sockaddr = NULL, .secret_data = csecr->data, @@ -119,7 +119,7 @@ static int srvr_sockaddr_cc_check(const struct sockaddr **sockaddr, if (tmp_sockaddr) { assert(clnt_cntrl->current.csec); - struct kr_clnt_cookie_input input = { + struct knot_ccookie_input input = { .clnt_sockaddr = NULL, .srvr_sockaddr = tmp_sockaddr, .secret_data = clnt_cntrl->current.csec->data, @@ -398,7 +398,7 @@ static int check_request(knot_layer_t *ctx, void *module_param) return ctx->state; /* Don't do anything without cookies. */ } - struct kr_dns_cookies cookies = { 0, }; + struct knot_dns_cookies cookies = { 0, }; int ret = kr_parse_cookie_opt(req_cookie_opt, &cookies); if (ret != kr_ok()) { /* FORMERR -- malformed cookies. */ @@ -418,15 +418,15 @@ static int check_request(knot_layer_t *ctx, void *module_param) int return_state = ctx->state; - struct kr_srvr_cookie_check_ctx check_ctx = { + struct knot_scookie_check_ctx check_ctx = { .clnt_sockaddr = req->qsource.addr, .secret_data = srvr_cntrl->current.ssec->data, .secret_len = srvr_cntrl->current.ssec->size }; - struct kr_srvr_cookie_input input = { - .clnt_cookie = cookies.cc, - .clnt_cookie_len = cookies.cc_len, + struct knot_scookie_input input = { + .cc = cookies.cc, + .cc_len = cookies.cc_len, .nonce = kr_rand_uint(UINT32_MAX), .time = req->current_query->timestamp.tv_sec, .srvr_data = &check_ctx @@ -457,7 +457,7 @@ static int check_request(knot_layer_t *ctx, void *module_param) if (ret == kr_error(EBADMSG) && srvr_cntrl->recent.ssec && srvr_cntrl->recent.salg) { /* Try recent algorithm. */ - struct kr_srvr_cookie_check_ctx recent_ctx = { + struct knot_scookie_check_ctx recent_ctx = { .clnt_sockaddr = req->qsource.addr, .secret_data = srvr_cntrl->recent.ssec->data, .secret_len = srvr_cntrl->recent.ssec->size diff --git a/lib/resolve.c b/lib/resolve.c index 0266de469..8f9ed276f 100644 --- a/lib/resolve.c +++ b/lib/resolve.c @@ -400,7 +400,7 @@ int kr_resolve_begin(struct kr_request *request, struct kr_context *ctx, knot_pk */ static int cookie_answer(const void *clnt_sockaddr, const struct kr_srvr_cookie_ctx *srvr_cntrl, - struct kr_dns_cookies *cookies, knot_pkt_t *answer) + struct knot_dns_cookies *cookies, knot_pkt_t *answer) { assert(srvr_cntrl && cookies && answer); @@ -410,7 +410,7 @@ static int cookie_answer(const void *clnt_sockaddr, knot_wire_set_ra(answer->wire); knot_wire_set_rcode(answer->wire, KNOT_RCODE_NOERROR); - struct kr_srvr_cookie_check_ctx check_ctx = { + struct knot_scookie_check_ctx check_ctx = { .clnt_sockaddr = clnt_sockaddr, .secret_data = srvr_cntrl->current.ssec->data, .secret_len = srvr_cntrl->current.ssec->size @@ -419,9 +419,9 @@ static int cookie_answer(const void *clnt_sockaddr, struct timeval tv; gettimeofday(&tv, NULL); - struct kr_srvr_cookie_input input = { - .clnt_cookie = cookies->cc, - .clnt_cookie_len = cookies->cc_len, + struct knot_scookie_input input = { + .cc = cookies->cc, + .cc_len = cookies->cc_len, .nonce = kr_rand_uint(UINT32_MAX), .time = tv.tv_sec, .srvr_data = &check_ctx @@ -460,7 +460,7 @@ static int resolve_query(struct kr_request *request, const knot_pkt_t *packet) if (!qry) { #if defined(ENABLE_COOKIES) /* May be a DNS cookies query. */ - struct kr_dns_cookies cookies = { 0, }; + struct knot_dns_cookies cookies = { 0, }; uint8_t *cookie_opt = kr_is_cookie_query(packet); if (cookie_opt && kr_glob_cookie_ctx.clnt.enabled) { if (kr_ok() != kr_parse_cookie_opt(cookie_opt, diff --git a/modules/cookiectl/cookiectl.c b/modules/cookiectl/cookiectl.c index aacdb7fa5..847ce181e 100644 --- a/modules/cookiectl/cookiectl.c +++ b/modules/cookiectl/cookiectl.c @@ -251,7 +251,7 @@ static bool read_available_cc_hashes(JsonNode *root) } const struct kr_clnt_cookie_alg_descr *aux_ptr = kr_clnt_cookie_algs; - while (aux_ptr && aux_ptr->func) { + while (aux_ptr && aux_ptr->alg.gen_func) { assert(aux_ptr->name); JsonNode *element = json_mkstring(aux_ptr->name); if (!element) { @@ -282,7 +282,7 @@ static bool read_available_sc_hashes(JsonNode *root) } const struct kr_srvr_cookie_alg_descr *aux_ptr = kr_srvr_cookie_algs; - while (aux_ptr && aux_ptr->gen_func) { + while (aux_ptr && aux_ptr->alg.gen_func) { assert(aux_ptr->name); JsonNode *element = json_mkstring(aux_ptr->name); if (!element) {