From: Karel Slany Date: Wed, 22 Jun 2016 09:20:12 +0000 (+0200) Subject: Cookie algorithms based on FNV-64 have been moved into libknot. X-Git-Tag: v1.1.0~2^2~95 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=55eb194abc2fd325d5d0597210d0bf25481a5a6d;p=thirdparty%2Fknot-resolver.git Cookie algorithms based on FNV-64 have been moved into libknot. --- diff --git a/contrib/fnv/fnv.h b/contrib/fnv/fnv.h deleted file mode 100644 index 2083a4aa2..000000000 --- a/contrib/fnv/fnv.h +++ /dev/null @@ -1,249 +0,0 @@ -/* - * fnv - Fowler/Noll/Vo- hash code - * - * @(#) $Revision: 5.4 $ - * @(#) $Id: fnv.h,v 5.4 2009/07/30 22:49:13 chongo Exp $ - * @(#) $Source: /usr/local/src/cmd/fnv/RCS/fnv.h,v $ - * - *** - * - * Fowler/Noll/Vo- hash - * - * The basis of this hash algorithm was taken from an idea sent - * as reviewer comments to the IEEE POSIX P1003.2 committee by: - * - * Phong Vo (http://www.research.att.com/info/kpv/) - * Glenn Fowler (http://www.research.att.com/~gsf/) - * - * In a subsequent ballot round: - * - * Landon Curt Noll (http://www.isthe.com/chongo/) - * - * improved on their algorithm. Some people tried this hash - * and found that it worked rather well. In an EMail message - * to Landon, they named it the ``Fowler/Noll/Vo'' or FNV hash. - * - * FNV hashes are designed to be fast while maintaining a low - * collision rate. The FNV speed allows one to quickly hash lots - * of data while maintaining a reasonable collision rate. See: - * - * http://www.isthe.com/chongo/tech/comp/fnv/index.html - * - * for more details as well as other forms of the FNV hash. - * - *** - * - * NOTE: The FNV-0 historic hash is not recommended. One should use - * the FNV-1 hash instead. - * - * To use the 32 bit FNV-0 historic hash, pass FNV0_32_INIT as the - * Fnv32_t hashval argument to fnv_32_buf() or fnv_32_str(). - * - * To use the 64 bit FNV-0 historic hash, pass FNV0_64_INIT as the - * Fnv64_t hashval argument to fnv_64_buf() or fnv_64_str(). - * - * To use the recommended 32 bit FNV-1 hash, pass FNV1_32_INIT as the - * Fnv32_t hashval argument to fnv_32_buf() or fnv_32_str(). - * - * To use the recommended 64 bit FNV-1 hash, pass FNV1_64_INIT as the - * Fnv64_t hashval argument to fnv_64_buf() or fnv_64_str(). - * - * To use the recommended 32 bit FNV-1a hash, pass FNV1_32A_INIT as the - * Fnv32_t hashval argument to fnv_32a_buf() or fnv_32a_str(). - * - * To use the recommended 64 bit FNV-1a hash, pass FNV1A_64_INIT as the - * Fnv64_t hashval argument to fnv_64a_buf() or fnv_64a_str(). - * - *** - * - * Please do not copyright this code. This code is in the public domain. - * - * LANDON CURT NOLL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO - * EVENT SHALL LANDON CURT NOLL BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - * - * By: - * chongo /\oo/\ - * http://www.isthe.com/chongo/ - * - * Share and Enjoy! :-) - */ - -#if !defined(__FNV_H__) -#define __FNV_H__ - -#include - -#define FNV_VERSION "5.0.2" /* @(#) FNV Version */ - - -/* - * 32 bit FNV-0 hash type - */ -typedef u_int32_t Fnv32_t; - - -/* - * 32 bit FNV-0 zero initial basis - * - * This historic hash is not recommended. One should use - * the FNV-1 hash and initial basis instead. - */ -#define FNV0_32_INIT ((Fnv32_t)0) - - -/* - * 32 bit FNV-1 and FNV-1a non-zero initial basis - * - * The FNV-1 initial basis is the FNV-0 hash of the following 32 octets: - * - * chongo /\../\ - * - * NOTE: The \'s above are not back-slashing escape characters. - * They are literal ASCII backslash 0x5c characters. - * - * NOTE: The FNV-1a initial basis is the same value as FNV-1 by definition. - */ -#define FNV1_32_INIT ((Fnv32_t)0x811c9dc5) -#define FNV1_32A_INIT FNV1_32_INIT - - -/* - * determine how 64 bit unsigned values are represented - */ -#include "longlong.h" - - -/* - * 64 bit FNV-0 hash - */ -#if defined(HAVE_64BIT_LONG_LONG) -typedef u_int64_t Fnv64_t; -#else /* HAVE_64BIT_LONG_LONG */ -typedef struct { - u_int32_t w32[2]; /* w32[0] is low order, w32[1] is high order word */ -} Fnv64_t; -#endif /* HAVE_64BIT_LONG_LONG */ - - -/* - * 64 bit FNV-0 zero initial basis - * - * This historic hash is not recommended. One should use - * the FNV-1 hash and initial basis instead. - */ -#if defined(HAVE_64BIT_LONG_LONG) -#define FNV0_64_INIT ((Fnv64_t)0) -#else /* HAVE_64BIT_LONG_LONG */ -extern const Fnv64_t fnv0_64_init; -#define FNV0_64_INIT (fnv0_64_init) -#endif /* HAVE_64BIT_LONG_LONG */ - - -/* - * 64 bit FNV-1 non-zero initial basis - * - * The FNV-1 initial basis is the FNV-0 hash of the following 32 octets: - * - * chongo /\../\ - * - * NOTE: The \'s above are not back-slashing escape characters. - * They are literal ASCII backslash 0x5c characters. - * - * NOTE: The FNV-1a initial basis is the same value as FNV-1 by definition. - */ -#if defined(HAVE_64BIT_LONG_LONG) -#define FNV1_64_INIT ((Fnv64_t)0xcbf29ce484222325ULL) -#define FNV1A_64_INIT FNV1_64_INIT -#else /* HAVE_64BIT_LONG_LONG */ -extern const fnv1_64_init; -extern const Fnv64_t fnv1a_64_init; -#define FNV1_64_INIT (fnv1_64_init) -#define FNV1A_64_INIT (fnv1a_64_init) -#endif /* HAVE_64BIT_LONG_LONG */ - - -/* - * hash types - */ -enum fnv_type { - FNV_NONE = 0, /* invalid FNV hash type */ - FNV0_32 = 1, /* FNV-0 32 bit hash */ - FNV1_32 = 2, /* FNV-1 32 bit hash */ - FNV1a_32 = 3, /* FNV-1a 32 bit hash */ - FNV0_64 = 4, /* FNV-0 64 bit hash */ - FNV1_64 = 5, /* FNV-1 64 bit hash */ - FNV1a_64 = 6, /* FNV-1a 64 bit hash */ -}; - - -/* - * these test vectors are used as part o the FNV test suite - */ -struct test_vector { - void *buf; /* start of test vector buffer */ - int len; /* length of test vector */ -}; -struct fnv0_32_test_vector { - struct test_vector *test; /* test vector buffer to hash */ - Fnv32_t fnv0_32; /* expected FNV-0 32 bit hash value */ -}; -struct fnv1_32_test_vector { - struct test_vector *test; /* test vector buffer to hash */ - Fnv32_t fnv1_32; /* expected FNV-1 32 bit hash value */ -}; -struct fnv1a_32_test_vector { - struct test_vector *test; /* test vector buffer to hash */ - Fnv32_t fnv1a_32; /* expected FNV-1a 32 bit hash value */ -}; -struct fnv0_64_test_vector { - struct test_vector *test; /* test vector buffer to hash */ - Fnv64_t fnv0_64; /* expected FNV-0 64 bit hash value */ -}; -struct fnv1_64_test_vector { - struct test_vector *test; /* test vector buffer to hash */ - Fnv64_t fnv1_64; /* expected FNV-1 64 bit hash value */ -}; -struct fnv1a_64_test_vector { - struct test_vector *test; /* test vector buffer to hash */ - Fnv64_t fnv1a_64; /* expected FNV-1a 64 bit hash value */ -}; - - -/* - * external functions - */ -/* hash_32.c */ -extern Fnv32_t fnv_32_buf(void *buf, size_t len, Fnv32_t hashval); -extern Fnv32_t fnv_32_str(char *buf, Fnv32_t hashval); - -/* hash_32a.c */ -extern Fnv32_t fnv_32a_buf(void *buf, size_t len, Fnv32_t hashval); -extern Fnv32_t fnv_32a_str(char *buf, Fnv32_t hashval); - -/* hash_64.c */ -extern Fnv64_t fnv_64_buf(void *buf, size_t len, Fnv64_t hashval); -extern Fnv64_t fnv_64_str(char *buf, Fnv64_t hashval); - -/* hash_64a.c */ -extern Fnv64_t fnv_64a_buf(void *buf, size_t len, Fnv64_t hashval); -extern Fnv64_t fnv_64a_str(char *buf, Fnv64_t hashval); - -/* test_fnv.c */ -extern struct test_vector fnv_test_str[]; -extern struct fnv0_32_test_vector fnv0_32_vector[]; -extern struct fnv1_32_test_vector fnv1_32_vector[]; -extern struct fnv1a_32_test_vector fnv1a_32_vector[]; -extern struct fnv0_64_test_vector fnv0_64_vector[]; -extern struct fnv1_64_test_vector fnv1_64_vector[]; -extern struct fnv1a_64_test_vector fnv1a_64_vector[]; -extern void unknown_hash_type(char *prog, enum fnv_type type, int code); -extern void print_fnv32(Fnv32_t hval, Fnv32_t mask, int verbose, char *arg); -extern void print_fnv64(Fnv64_t hval, Fnv64_t mask, int verbose, char *arg); - - -#endif /* __FNV_H__ */ diff --git a/contrib/fnv/hash_64a.c b/contrib/fnv/hash_64a.c deleted file mode 100644 index 6660f92dd..000000000 --- a/contrib/fnv/hash_64a.c +++ /dev/null @@ -1,291 +0,0 @@ -/* - * hash_64 - 64 bit Fowler/Noll/Vo-0 FNV-1a hash code - * - * @(#) $Revision: 5.1 $ - * @(#) $Id: hash_64a.c,v 5.1 2009/06/30 09:01:38 chongo Exp $ - * @(#) $Source: /usr/local/src/cmd/fnv/RCS/hash_64a.c,v $ - * - *** - * - * Fowler/Noll/Vo hash - * - * The basis of this hash algorithm was taken from an idea sent - * as reviewer comments to the IEEE POSIX P1003.2 committee by: - * - * Phong Vo (http://www.research.att.com/info/kpv/) - * Glenn Fowler (http://www.research.att.com/~gsf/) - * - * In a subsequent ballot round: - * - * Landon Curt Noll (http://www.isthe.com/chongo/) - * - * improved on their algorithm. Some people tried this hash - * and found that it worked rather well. In an EMail message - * to Landon, they named it the ``Fowler/Noll/Vo'' or FNV hash. - * - * FNV hashes are designed to be fast while maintaining a low - * collision rate. The FNV speed allows one to quickly hash lots - * of data while maintaining a reasonable collision rate. See: - * - * http://www.isthe.com/chongo/tech/comp/fnv/index.html - * - * for more details as well as other forms of the FNV hash. - * - *** - * - * To use the recommended 64 bit FNV-1a hash, pass FNV1A_64_INIT as the - * Fnv64_t hashval argument to fnv_64a_buf() or fnv_64a_str(). - * - *** - * - * Please do not copyright this code. This code is in the public domain. - * - * LANDON CURT NOLL DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO - * EVENT SHALL LANDON CURT NOLL BE LIABLE FOR ANY SPECIAL, INDIRECT OR - * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF - * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR - * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - * - * By: - * chongo /\oo/\ - * http://www.isthe.com/chongo/ - * - * Share and Enjoy! :-) - */ - -#include -#include "fnv.h" - - -/* - * FNV-1a defines the initial basis to be non-zero - */ -#if !defined(HAVE_64BIT_LONG_LONG) -const Fnv64_t fnv1a_64_init = { 0x84222325, 0xcbf29ce4 }; -#endif /* ! HAVE_64BIT_LONG_LONG */ - - -/* - * 64 bit magic FNV-1a prime - */ -#if defined(HAVE_64BIT_LONG_LONG) -#define FNV_64_PRIME ((Fnv64_t)0x100000001b3ULL) -#else /* HAVE_64BIT_LONG_LONG */ -#define FNV_64_PRIME_LOW ((unsigned long)0x1b3) /* lower bits of FNV prime */ -#define FNV_64_PRIME_SHIFT (8) /* top FNV prime shift above 2^32 */ -#endif /* HAVE_64BIT_LONG_LONG */ - - -/* - * fnv_64a_buf - perform a 64 bit Fowler/Noll/Vo FNV-1a hash on a buffer - * - * input: - * buf - start of buffer to hash - * len - length of buffer in octets - * hval - previous hash value or 0 if first call - * - * returns: - * 64 bit hash as a static hash type - * - * NOTE: To use the recommended 64 bit FNV-1a hash, use FNV1A_64_INIT as the - * hval arg on the first call to either fnv_64a_buf() or fnv_64a_str(). - */ -Fnv64_t -fnv_64a_buf(void *buf, size_t len, Fnv64_t hval) -{ - unsigned char *bp = (unsigned char *)buf; /* start of buffer */ - unsigned char *be = bp + len; /* beyond end of buffer */ - -#if defined(HAVE_64BIT_LONG_LONG) - /* - * FNV-1a hash each octet of the buffer - */ - while (bp < be) { - - /* xor the bottom with the current octet */ - hval ^= (Fnv64_t)*bp++; - - /* multiply by the 64 bit FNV magic prime mod 2^64 */ -#if defined(NO_FNV_GCC_OPTIMIZATION) - hval *= FNV_64_PRIME; -#else /* NO_FNV_GCC_OPTIMIZATION */ - hval += (hval << 1) + (hval << 4) + (hval << 5) + - (hval << 7) + (hval << 8) + (hval << 40); -#endif /* NO_FNV_GCC_OPTIMIZATION */ - } - -#else /* HAVE_64BIT_LONG_LONG */ - - unsigned long val[4]; /* hash value in base 2^16 */ - unsigned long tmp[4]; /* tmp 64 bit value */ - - /* - * Convert Fnv64_t hval into a base 2^16 array - */ - val[0] = hval.w32[0]; - val[1] = (val[0] >> 16); - val[0] &= 0xffff; - val[2] = hval.w32[1]; - val[3] = (val[2] >> 16); - val[2] &= 0xffff; - - /* - * FNV-1a hash each octet of the buffer - */ - while (bp < be) { - - /* xor the bottom with the current octet */ - val[0] ^= (unsigned long)*bp++; - - /* - * multiply by the 64 bit FNV magic prime mod 2^64 - * - * Using 0x100000001b3 we have the following digits base 2^16: - * - * 0x0 0x100 0x0 0x1b3 - * - * which is the same as: - * - * 0x0 1<> 16); - val[0] = tmp[0] & 0xffff; - tmp[2] += (tmp[1] >> 16); - val[1] = tmp[1] & 0xffff; - val[3] = tmp[3] + (tmp[2] >> 16); - val[2] = tmp[2] & 0xffff; - /* - * Doing a val[3] &= 0xffff; is not really needed since it simply - * removes multiples of 2^64. We can discard these excess bits - * outside of the loop when we convert to Fnv64_t. - */ - } - - /* - * Convert base 2^16 array back into an Fnv64_t - */ - hval.w32[1] = ((val[3]<<16) | val[2]); - hval.w32[0] = ((val[1]<<16) | val[0]); - -#endif /* HAVE_64BIT_LONG_LONG */ - - /* return our new hash value */ - return hval; -} - - -/* - * fnv_64a_str - perform a 64 bit Fowler/Noll/Vo FNV-1a hash on a buffer - * - * input: - * buf - start of buffer to hash - * hval - previous hash value or 0 if first call - * - * returns: - * 64 bit hash as a static hash type - * - * NOTE: To use the recommended 64 bit FNV-1a hash, use FNV1A_64_INIT as the - * hval arg on the first call to either fnv_64a_buf() or fnv_64a_str(). - */ -Fnv64_t -fnv_64a_str(char *str, Fnv64_t hval) -{ - unsigned char *s = (unsigned char *)str; /* unsigned string */ - -#if defined(HAVE_64BIT_LONG_LONG) - - /* - * FNV-1a hash each octet of the string - */ - while (*s) { - - /* xor the bottom with the current octet */ - hval ^= (Fnv64_t)*s++; - - /* multiply by the 64 bit FNV magic prime mod 2^64 */ -#if defined(NO_FNV_GCC_OPTIMIZATION) - hval *= FNV_64_PRIME; -#else /* NO_FNV_GCC_OPTIMIZATION */ - hval += (hval << 1) + (hval << 4) + (hval << 5) + - (hval << 7) + (hval << 8) + (hval << 40); -#endif /* NO_FNV_GCC_OPTIMIZATION */ - } - -#else /* !HAVE_64BIT_LONG_LONG */ - - unsigned long val[4]; /* hash value in base 2^16 */ - unsigned long tmp[4]; /* tmp 64 bit value */ - - /* - * Convert Fnv64_t hval into a base 2^16 array - */ - val[0] = hval.w32[0]; - val[1] = (val[0] >> 16); - val[0] &= 0xffff; - val[2] = hval.w32[1]; - val[3] = (val[2] >> 16); - val[2] &= 0xffff; - - /* - * FNV-1a hash each octet of the string - */ - while (*s) { - - /* xor the bottom with the current octet */ - - /* - * multiply by the 64 bit FNV magic prime mod 2^64 - * - * Using 1099511628211, we have the following digits base 2^16: - * - * 0x0 0x100 0x0 0x1b3 - * - * which is the same as: - * - * 0x0 1<> 16); - val[0] = tmp[0] & 0xffff; - tmp[2] += (tmp[1] >> 16); - val[1] = tmp[1] & 0xffff; - val[3] = tmp[3] + (tmp[2] >> 16); - val[2] = tmp[2] & 0xffff; - /* - * Doing a val[3] &= 0xffff; is not really needed since it simply - * removes multiples of 2^64. We can discard these excess bits - * outside of the loop when we convert to Fnv64_t. - */ - val[0] ^= (unsigned long)(*s++); - } - - /* - * Convert base 2^16 array back into an Fnv64_t - */ - hval.w32[1] = ((val[3]<<16) | val[2]); - hval.w32[0] = ((val[1]<<16) | val[0]); - -#endif /* !HAVE_64BIT_LONG_LONG */ - - /* return our new hash value */ - return hval; -} diff --git a/contrib/fnv/longlong.h b/contrib/fnv/longlong.h deleted file mode 100644 index c8cfe48f2..000000000 --- a/contrib/fnv/longlong.h +++ /dev/null @@ -1,18 +0,0 @@ -/* - * DO NOT EDIT -- generated by the Makefile - */ - -#if !defined(__LONGLONG_H__) -#define __LONGLONG_H__ - -/* do we have/want to use a long long type? */ -#define HAVE_64BIT_LONG_LONG /* yes */ - -/* - * NO64BIT_LONG_LONG undef HAVE_64BIT_LONG_LONG - */ -#if defined(NO64BIT_LONG_LONG) -#undef HAVE_64BIT_LONG_LONG -#endif /* NO64BIT_LONG_LONG */ - -#endif /* !__LONGLONG_H__ */ diff --git a/lib/cookies/alg_clnt.c b/lib/cookies/alg_clnt.c deleted file mode 100644 index 25612c7d0..000000000 --- a/lib/cookies/alg_clnt.c +++ /dev/null @@ -1,208 +0,0 @@ -/* Copyright (C) 2016 CZ.NIC, z.s.p.o. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - */ - -#include -#include -#include -#include -#include - -#include -#include - -#include "contrib/fnv/fnv.h" -#include "lib/cookies/alg_clnt.h" - -//#define CC_HASH_USE_CLIENT_ADDRESS /* When defined, client address will be used when generating client cookie. */ - -/** - * Compute client cookie using FNV-64. - * @note At least one of the arguments must be non-null. - * @param input Input parameters. - * @param cc_out Buffer for computed client cookie. - * @param cc_len Size of buffre/written data. - * @return KNOT_EOK on success, error code else. - */ -static int kr_clnt_cookie_alg_fnv64(const struct knot_ccookie_input *input, - uint8_t *cc_out, uint16_t *cc_len) -{ - if (!input || !cc_out || !cc_len) { - return KNOT_EINVAL; - } - - if ((!input->clnt_sockaddr && !input->srvr_sockaddr) || - !(input->secret_data && input->secret_len)) { - return KNOT_EINVAL; - } - - const uint8_t *addr = NULL; - size_t alen = 0; /* Address length. */ - - Fnv64_t hash_val = FNV1A_64_INIT; - -#if defined(CC_HASH_USE_CLIENT_ADDRESS) - if (input->clnt_sockaddr) { - if (KNOT_EOK == knot_sockaddr_bytes(input->clnt_sockaddr, - &addr, &alen)) { - assert(addr && alen); - hash_val = fnv_64a_buf(addr, alen, hash_val); - } - } -#endif /* defined(CC_HASH_USE_CLIENT_ADDRESS) */ - - if (input->srvr_sockaddr) { - if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_sockaddr, - &addr, &alen)) { - assert(addr && alen); - hash_val = fnv_64a_buf((void *) addr, alen, hash_val); - } - } - - hash_val = fnv_64a_buf((void *) input->secret_data, input->secret_len, - hash_val); - - assert(KNOT_OPT_COOKIE_CLNT == sizeof(hash_val)); - if (*cc_len < KNOT_OPT_COOKIE_CLNT) { - return KNOT_ESPACE; - } - - *cc_len = KNOT_OPT_COOKIE_CLNT; - memcpy(cc_out, &hash_val, *cc_len); - - return KNOT_EOK; -} - -/** - * Compute client cookie using HMAC_SHA256-64. - * @note At least one of the arguments must be non-null. - * @param input Input parameters. - * @param cc_out Buffer for computed client cookie. - * @param cc_len Size of buffre/written data. - * @return KNOT_EOK on success, error code else. - */ -static int kr_clnt_cookie_alg_hmac_sha256_64(const struct knot_ccookie_input *input, - uint8_t *cc_out, uint16_t *cc_len) -{ - if (!input || !cc_out || !cc_len) { - return KNOT_EINVAL; - } - - if ((!input->clnt_sockaddr && !input->srvr_sockaddr) || - !(input->secret_data && input->secret_len)) { - return KNOT_EINVAL; - } - - const uint8_t *addr = NULL; - size_t alen = 0; /* Address length. */ - - uint8_t digest[SHA256_DIGEST_LENGTH]; - unsigned int digest_len = SHA256_DIGEST_LENGTH; - - /* text: (client IP | server IP) - * key: client secret */ - - HMAC_CTX ctx; - HMAC_CTX_init(&ctx); - - int ret = HMAC_Init_ex(&ctx, input->secret_data, input->secret_len, - EVP_sha256(), NULL); - if (ret != 1) { - ret = KNOT_EINVAL; - goto fail; - } - -#if defined(CC_HASH_USE_CLIENT_ADDRESS) - if (input->clnt_sockaddr) { - if (KNOT_EOK == knot_sockaddr_bytes(input->clnt_sockaddr, - &addr, &alen)) { - assert(addr && alen); - ret = HMAC_Update(&ctx, addr, alen); - if (ret != 1) { - ret = KNOT_EINVAL; - goto fail; - } - } - } -#endif /* defined(CC_HASH_USE_CLIENT_ADDRESS) */ - - if (input->srvr_sockaddr) { - if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_sockaddr, - &addr, &alen)) { - assert(addr && alen); - ret = HMAC_Update(&ctx, addr, alen); - if (ret != 1) { - ret = KNOT_EINVAL; - goto fail; - } - } - } - - if (1 != HMAC_Final(&ctx, digest, &digest_len)) { - ret = KNOT_EINVAL; - goto fail; - } - - assert(KNOT_OPT_COOKIE_CLNT <= SHA256_DIGEST_LENGTH); - if (*cc_len < KNOT_OPT_COOKIE_CLNT) { - return KNOT_ESPACE; - } - - *cc_len = KNOT_OPT_COOKIE_CLNT; - memcpy(cc_out, digest, *cc_len); - ret = KNOT_EOK; - -fail: - HMAC_CTX_cleanup(&ctx); - return ret; -} - -const struct kr_clnt_cookie_alg_descr kr_clnt_cookie_algs[] = { - { "FNV-64", { KNOT_OPT_COOKIE_CLNT, kr_clnt_cookie_alg_fnv64 } }, - { "HMAC-SHA256-64", { KNOT_OPT_COOKIE_CLNT, kr_clnt_cookie_alg_hmac_sha256_64 } }, - { NULL, { 0, NULL } } -}; - -const struct kr_clnt_cookie_alg_descr *kr_clnt_cookie_alg(const struct kr_clnt_cookie_alg_descr cc_algs[], - const char *name) -{ - if (!cc_algs || !name) { - return NULL; - } - - const struct kr_clnt_cookie_alg_descr *aux_ptr = cc_algs; - while (aux_ptr && aux_ptr->alg.gen_func) { - assert(aux_ptr->name); - if (strcmp(aux_ptr->name, name) == 0) { - return aux_ptr; - } - ++aux_ptr; - } - - return NULL; -} - -int kr_clnt_cookie_check(const uint8_t *cc, uint16_t cc_len, - const struct knot_ccookie_input *input, - const struct kr_clnt_cookie_alg_descr *cc_alg) -{ - if (!cc || !cc_len || !input || !cc_alg) { - return kr_error(EINVAL); - } - - int ret = knot_ccookie_check(cc, cc_len, input, &cc_alg->alg); - - return (ret == KNOT_EOK) ? kr_ok() : kr_error(EINVAL); -} diff --git a/lib/cookies/alg_containers.c b/lib/cookies/alg_containers.c new file mode 100644 index 000000000..13d002d1f --- /dev/null +++ b/lib/cookies/alg_containers.c @@ -0,0 +1,76 @@ +/* Copyright (C) 2016 CZ.NIC, z.s.p.o. + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + */ + +#include +#include +#include + +#include + +#include "lib/cookies/alg_containers.h" +#include "lib/cookies/alg_sha.h" + +const struct kr_cc_alg_descr kr_cc_algs[] = { + { "FNV-64", &knot_cc_alg_fnv64 }, + { "HMAC-SHA256-64", &knot_cc_alg_hmac_sha256_64 }, + { NULL, NULL } +}; + +const struct kr_cc_alg_descr *kr_cc_alg(const struct kr_cc_alg_descr cc_algs[], + const char *name) +{ + if (!cc_algs || !name) { + return NULL; + } + + const struct kr_cc_alg_descr *aux_ptr = cc_algs; + while (aux_ptr && aux_ptr->alg && aux_ptr->alg->gen_func) { + assert(aux_ptr->name); + if (strcmp(aux_ptr->name, name) == 0) { + return aux_ptr; + } + ++aux_ptr; + } + + return NULL; +} + +const struct kr_sc_alg_descr kr_sc_algs[] = { + { "FNV-64-SIMPLE", &knot_sc_alg_fnv64_simple }, + { "FNV-64", &knot_sc_alg_fnv64 }, + { "HMAC-SHA256-64-SIMPLE", &knot_sc_alg_hmac_sha256_64_simple }, + { "HMAC-SHA256-64", &knot_sc_alg_hmac_sha256_64 }, + { NULL, NULL } +}; + +const struct kr_sc_alg_descr *kr_sc_alg(const struct kr_sc_alg_descr sc_algs[], + const char *name) +{ + if (!sc_algs || !name) { + return NULL; + } + + const struct kr_sc_alg_descr *aux_ptr = sc_algs; + while (aux_ptr && aux_ptr->alg && aux_ptr->alg->gen_func) { + assert(aux_ptr->name); + if (strcmp(aux_ptr->name, name) == 0) { + return aux_ptr; + } + ++aux_ptr; + } + + return NULL; +} diff --git a/lib/cookies/alg_clnt.h b/lib/cookies/alg_containers.h similarity index 56% rename from lib/cookies/alg_clnt.h rename to lib/cookies/alg_containers.h index a093a99ec..1a5aa0038 100644 --- a/lib/cookies/alg_clnt.h +++ b/lib/cookies/alg_containers.h @@ -17,6 +17,7 @@ #pragma once #include +#include #include "lib/defines.h" @@ -24,9 +25,9 @@ #define KR_COOKIE_OPT_MAX_LEN (KNOT_EDNS_OPTION_HDRLEN + KNOT_OPT_COOKIE_CLNT + KNOT_OPT_COOKIE_SRVR_MAX) /** Holds description of client cookie hashing algorithms. */ -struct kr_clnt_cookie_alg_descr { - const char *name; /**< Hash algorithgm name. */ - struct knot_cc_alg alg; /**< Hash algorithm. */ +struct kr_cc_alg_descr { + const char *name; /**< Algorithgm name. */ + const struct knot_cc_alg *alg; /**< Algorithm. */ }; /** @@ -35,7 +36,7 @@ struct kr_clnt_cookie_alg_descr { * Last element contains all null entries. */ KR_EXPORT -extern const struct kr_clnt_cookie_alg_descr kr_clnt_cookie_algs[]; +extern const struct kr_cc_alg_descr kr_cc_algs[]; /** * @brief Return pointer to client cookie algorithm with given name. @@ -44,19 +45,29 @@ extern const struct kr_clnt_cookie_alg_descr kr_clnt_cookie_algs[]; * @return pointer to algorithm or NULL if not found. */ KR_EXPORT -const struct kr_clnt_cookie_alg_descr *kr_clnt_cookie_alg(const struct kr_clnt_cookie_alg_descr cc_algs[], - const char *name); +const struct kr_cc_alg_descr *kr_cc_alg(const struct kr_cc_alg_descr cc_algs[], + const char *name); + +/** Holds description of server cookie hashing algorithms. */ +struct kr_sc_alg_descr { + const char *name; /**< Algorithm name. */ + const struct knot_sc_alg *alg; /**< Algorithm. */ +}; + +/** + * List of available server cookie algorithms. + * + * Last element contains all null entries. + */ +KR_EXPORT +extern const struct kr_sc_alg_descr kr_sc_algs[]; /** - * @brief Check whether supplied client cookie was generated from given client - * secret and address. - * @param cc Client cookie that should be checked. - * @param cc_len Client cookie size. - * @param input Input cookie algorithm parameters. - * @param cc_alg Client cookie algorithm. - * @return kr_ok() or error code + * @brief Return pointer to server cookie algorithm with given name. + * @param sc_algs List of available algorithms. + * @param name Algorithm name. + * @return pointer to algorithm or NULL if not found. */ KR_EXPORT -int kr_clnt_cookie_check(const uint8_t *cc, uint16_t cc_len, - const struct knot_ccookie_input *input, - const struct kr_clnt_cookie_alg_descr *cc_alg); +const struct kr_sc_alg_descr *kr_sc_alg(const struct kr_sc_alg_descr sc_algs[], + const char *name); diff --git a/lib/cookies/alg_srvr.c b/lib/cookies/alg_srvr.c deleted file mode 100644 index 3346f5b7c..000000000 --- a/lib/cookies/alg_srvr.c +++ /dev/null @@ -1,374 +0,0 @@ -/* Copyright (C) 2016 CZ.NIC, z.s.p.o. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - */ - -#include /* ntohl(), ... */ -#include -#include -#include -#include -#include -#include - -#include /* knot_sockaddr_bytes() */ -#include -#include - -#include "contrib/fnv/fnv.h" -#include "lib/cookies/alg_srvr.h" - -/** - * @brief Server cookie contains only hash value. - * @note DNS Cookies -- Appendix B.1 - */ -static int srvr_cookie_parse_simple(const uint8_t *sc, uint16_t sc_len, - struct knot_scookie_inbound *inbound) -{ - if (!sc || !sc_len || !inbound) { - return KNOT_EINVAL; - } - - //memset(inbound, 0, sizeof(*inbound)); - inbound->hash_data = sc; /* Entire server cookie contains data. */ - inbound->hash_len = sc_len; - - return KNOT_EOK; -} - -/** - * @brief Server cookie contains also additional values. - * @note DNS Cookies -- Appendix B.2 - */ -static int srvr_cookie_parse(const uint8_t *sc, uint16_t sc_len, - struct knot_scookie_inbound *inbound) -{ - if (!sc || !sc_len || !inbound) { - return KNOT_EINVAL; - } - - if (sc_len <= (2 * sizeof(uint32_t))) { /* nonce + time */ - return KNOT_EINVAL; - } - - uint32_t aux; - - memcpy(&aux, sc, sizeof(aux)); - inbound->nonce = ntohl(aux); - memcpy(&aux, sc + sizeof(aux), sizeof(aux)); - inbound->time = ntohl(aux); - inbound->hash_data = sc + (2 * sizeof(aux)); - inbound->hash_len = sc_len - (2 * sizeof(aux)); - - return KNOT_EOK; -} - -#define SRVR_FNV64_SIMPLE_HASH_SIZE 8 - -/** - * @brief Compute server cookie using FNV-64 (hash only). - * @note Server cookie = FNV-64( client IP | client cookie | server secret ) - */ -static int kr_srvr_cookie_alg_fnv64_simple(const struct knot_scookie_input *input, - uint8_t *sc_out, uint16_t *sc_len) -{ - if (!input || !sc_out || - !sc_len || (*sc_len < SRVR_FNV64_SIMPLE_HASH_SIZE)) { - return KNOT_EINVAL; - } - - if (!input->cc || !input->cc_len || !input->srvr_data || - !input->srvr_data->secret_data || !input->srvr_data->secret_len) { - return KNOT_EINVAL; - } - - const uint8_t *addr = NULL; - size_t alen = 0; /* Address length. */ - - Fnv64_t hash_val = FNV1A_64_INIT; - - if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_data->clnt_sockaddr, - &addr, &alen)) { - assert(addr && alen); - hash_val = fnv_64a_buf((void *) addr, alen, hash_val); - } - - hash_val = fnv_64a_buf((void *) input->cc, input->cc_len, hash_val); - - hash_val = fnv_64a_buf((void *) input->srvr_data->secret_data, - input->srvr_data->secret_len, hash_val); - - memcpy(sc_out, &hash_val, sizeof(hash_val)); - *sc_len = sizeof(hash_val); - assert(SRVR_FNV64_SIMPLE_HASH_SIZE == *sc_len); - - return KNOT_EOK; -} - -#define SRVR_FNV64_SIZE 16 - -/** - * @brief Compute server cookie using FNV-64. - * @note Server cookie = nonce | time | FNV-64( client IP | nonce| time | client cookie | server secret ) - */ -static int kr_srvr_cookie_alg_fnv64(const struct knot_scookie_input *input, - uint8_t *sc_out, uint16_t *sc_len) -{ - if (!input || !sc_out || - !sc_len || (*sc_len < SRVR_FNV64_SIZE)) { - return KNOT_EINVAL; - } - - if (!input->cc || !input->cc_len || !input->srvr_data || - !input->srvr_data->secret_data || !input->srvr_data->secret_len) { - return KNOT_EINVAL; - } - - const uint8_t *addr = NULL; - size_t alen = 0; /* Address length. */ - - Fnv64_t hash_val = FNV1A_64_INIT; - - if (input->srvr_data->clnt_sockaddr) { - if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_data->clnt_sockaddr, - &addr, &alen)) { - assert(addr && alen); - hash_val = fnv_64a_buf((void *) addr, alen, hash_val); - } - } - - hash_val = fnv_64a_buf((void *) &input->nonce, sizeof(input->nonce), - hash_val); - - hash_val = fnv_64a_buf((void *) &input->time, sizeof(input->time), - hash_val); - - hash_val = fnv_64a_buf((void *) input->cc, input->cc_len, hash_val); - - hash_val = fnv_64a_buf((void *) input->srvr_data->secret_data, - input->srvr_data->secret_len, hash_val); - - uint32_t aux = htonl(input->nonce); - memcpy(sc_out, &aux, sizeof(aux)); - aux = htonl(input->time); - memcpy(sc_out + sizeof(aux), &aux, sizeof(aux)); - - memcpy(sc_out + (2 * sizeof(aux)), &hash_val, sizeof(hash_val)); - *sc_len = (2 * sizeof(aux)) + sizeof(hash_val); - assert(SRVR_FNV64_SIZE == *sc_len); - - return KNOT_EOK; -} - -#define SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE 8 - -/** - * @brief Compute server cookie using HMAC-SHA256-64 (hash only). - * @note Server cookie = HMAC-SHA256-64( server secret, client cookie | client IP ) - */ -static int kr_srvr_cookie_alg_hmac_sha256_64_simple(const struct knot_scookie_input *input, - uint8_t *sc_out, - uint16_t *sc_len) -{ - if (!input || !sc_out || - !sc_len || (*sc_len < SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE)) { - return KNOT_EINVAL; - } - - if (!input->cc || !input->cc_len || !input->srvr_data || - !input->srvr_data->secret_data || !input->srvr_data->secret_len) { - return KNOT_EINVAL; - } - - const uint8_t *addr = NULL; - size_t alen = 0; /* Address length. */ - - uint8_t digest[SHA256_DIGEST_LENGTH]; - unsigned int digest_len = SHA256_DIGEST_LENGTH; - - HMAC_CTX ctx; - HMAC_CTX_init(&ctx); - - int ret = HMAC_Init_ex(&ctx, input->srvr_data->secret_data, - input->srvr_data->secret_len, - EVP_sha256(), NULL); - if (ret != 1) { - ret = KNOT_EINVAL; - goto fail; - } - - ret = HMAC_Update(&ctx, input->cc, input->cc_len); - if (ret != 1) { - ret = KNOT_EINVAL; - goto fail; - } - - if (input->srvr_data->clnt_sockaddr) { - if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_data->clnt_sockaddr, - &addr, &alen)) { - assert(addr && alen); - ret = HMAC_Update(&ctx, addr, alen); - if (ret != 1) { - ret = KNOT_EINVAL; - goto fail; - } - } - } - - if (1 != HMAC_Final(&ctx, digest, &digest_len)) { - ret = KNOT_EINVAL; - goto fail; - } - - assert(SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE <= SHA256_DIGEST_LENGTH); - - memcpy(sc_out, digest, SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE); - *sc_len = SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE; - - ret = KNOT_EOK; - -fail: - HMAC_CTX_cleanup(&ctx); - return ret; -} - -#define SRVR_HMAC_SHA256_64_SIZE 16 - -/** - * @brief Compute server cookie using HMAC-SHA256-64). - * @note Server cookie = nonce | time | HMAC-SHA256-64( server secret, client cookie | nonce| time | client IP ) - */ -static int kr_srvr_cookie_alg_hmac_sha256_64(const struct knot_scookie_input *input, - uint8_t *sc_out, uint16_t *sc_len) -{ - if (!input || !sc_out || - !sc_len || (*sc_len < SRVR_HMAC_SHA256_64_SIZE)) { - return KNOT_EINVAL; - } - - if (!input->cc || !input->cc_len || !input->srvr_data || - !input->srvr_data->secret_data || !input->srvr_data->secret_len) { - return KNOT_EINVAL; - } - - const uint8_t *addr = NULL; - size_t alen = 0; /* Address length. */ - - uint8_t digest[SHA256_DIGEST_LENGTH]; - unsigned int digest_len = SHA256_DIGEST_LENGTH; - - HMAC_CTX ctx; - HMAC_CTX_init(&ctx); - - int ret = HMAC_Init_ex(&ctx, input->srvr_data->secret_data, - input->srvr_data->secret_len, - EVP_sha256(), NULL); - if (ret != 1) { - ret = KNOT_EINVAL; - goto fail; - } - - ret = HMAC_Update(&ctx, input->cc, input->cc_len); - if (ret != 1) { - ret = KNOT_EINVAL; - goto fail; - } - - ret = HMAC_Update(&ctx, (void *) &input->nonce, sizeof(input->nonce)); - if (ret != 1) { - ret = KNOT_EINVAL; - goto fail; - } - - ret = HMAC_Update(&ctx, (void *) &input->time, sizeof(input->time)); - if (ret != 1) { - ret = KNOT_EINVAL; - goto fail; - } - - if (input->srvr_data->clnt_sockaddr) { - if (KNOT_EOK == knot_sockaddr_bytes(input->srvr_data->clnt_sockaddr, - &addr, &alen)) { - assert(addr && alen); - ret = HMAC_Update(&ctx, addr, alen); - if (ret != 1) { - ret = KNOT_EINVAL; - goto fail; - } - } - } - - if (1 != HMAC_Final(&ctx, digest, &digest_len)) { - ret = KNOT_EINVAL; - goto fail; - } - - uint32_t aux = htonl(input->nonce); - memcpy(sc_out, &aux, sizeof(aux)); - aux = htonl(input->time); - memcpy(sc_out + sizeof(aux), &aux, sizeof(aux)); - - assert(SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE <= SHA256_DIGEST_LENGTH); - - memcpy(sc_out + (2 * sizeof(aux)), digest, - SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE); - *sc_len = (2 * sizeof(aux)) + SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE; - assert(SRVR_HMAC_SHA256_64_SIZE == *sc_len); - - ret = KNOT_EOK; - -fail: - HMAC_CTX_cleanup(&ctx); - return ret; -} - -const struct kr_srvr_cookie_alg_descr kr_srvr_cookie_algs[] = { - { "FNV-64-SIMPLE", { SRVR_FNV64_SIMPLE_HASH_SIZE, srvr_cookie_parse_simple, kr_srvr_cookie_alg_fnv64_simple } }, - { "FNV-64", { SRVR_FNV64_SIZE, srvr_cookie_parse, kr_srvr_cookie_alg_fnv64 } }, - { "HMAC-SHA256-64-SIMPLE", { SRVR_HMAC_SHA256_64_SIMPLE_HASH_SIZE, srvr_cookie_parse_simple, kr_srvr_cookie_alg_hmac_sha256_64_simple } }, - { "HMAC-SHA256-64", { SRVR_HMAC_SHA256_64_SIZE, srvr_cookie_parse, kr_srvr_cookie_alg_hmac_sha256_64 } }, - { NULL, { 0, NULL, NULL } } -}; - -const struct kr_srvr_cookie_alg_descr *kr_srvr_cookie_alg(const struct kr_srvr_cookie_alg_descr sc_algs[], - const char *name) -{ - if (!sc_algs || !name) { - return NULL; - } - - const struct kr_srvr_cookie_alg_descr *aux_ptr = sc_algs; - while (aux_ptr && aux_ptr->alg.gen_func) { - assert(aux_ptr->name); - if (strcmp(aux_ptr->name, name) == 0) { - return aux_ptr; - } - ++aux_ptr; - } - - return NULL; -} - -int kr_srvr_cookie_check(const struct knot_dns_cookies *cookies, - const struct knot_scookie_check_ctx *check_ctx, - const struct kr_srvr_cookie_alg_descr *sc_alg) -{ - if (!cookies || !check_ctx || !sc_alg) { - return kr_error(EINVAL); - } - - int ret = knot_scookie_check(cookies, check_ctx, sc_alg); - - return (ret == KNOT_EOK) ? kr_ok() : kr_error(EINVAL); -} diff --git a/lib/cookies/alg_srvr.h b/lib/cookies/alg_srvr.h deleted file mode 100644 index ba71dde91..000000000 --- a/lib/cookies/alg_srvr.h +++ /dev/null @@ -1,57 +0,0 @@ -/* Copyright (C) 2016 CZ.NIC, z.s.p.o. - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - */ - -#pragma once - -#include - -#include "lib/defines.h" - -/** Holds description of server cookie hashing algorithms. */ -struct kr_srvr_cookie_alg_descr { - const char *name; /**< Algorithm name. */ - struct knot_sc_alg alg; /**< Algorithm. */ -}; - -/** - * List of available server cookie algorithms. - * - * Last element contains all null entries. - */ -KR_EXPORT -extern const struct kr_srvr_cookie_alg_descr kr_srvr_cookie_algs[]; - -/** - * @brief Return pointer to server cookie algorithm with given name. - * @param sc_algs List of available algorithms. - * @param name Algorithm name. - * @return pointer to algorithm or NULL if not found. - */ -KR_EXPORT -const struct kr_srvr_cookie_alg_descr *kr_srvr_cookie_alg(const struct kr_srvr_cookie_alg_descr sc_algs[], - const char *name); - -/** - * @brief Check whether supplied client and server cookie match. - * @param cookies Cookie data. - * @param check_ctx Data known to the server needed for cookie validation. - * @param sc_alg Server cookie algorithm. - * @return kr_ok() if check OK, error code else. - */ -KR_EXPORT -int kr_srvr_cookie_check(const struct knot_dns_cookies *cookies, - const struct knot_scookie_check_ctx *check_ctx, - const struct kr_srvr_cookie_alg_descr *sc_alg); diff --git a/lib/cookies/control.c b/lib/cookies/control.c index 8b8e1607a..c2f2c5524 100644 --- a/lib/cookies/control.c +++ b/lib/cookies/control.c @@ -149,8 +149,9 @@ int kr_request_put_cookie(const struct kr_clnt_cookie_settings *clnt_cntrl, }; uint8_t cc[KNOT_OPT_COOKIE_CLNT]; uint16_t cc_len = KNOT_OPT_COOKIE_CLNT; - assert(clnt_cntrl->calg && clnt_cntrl->calg->alg.gen_func); - int ret = clnt_cntrl->calg->alg.gen_func(&input, cc, &cc_len); + assert(clnt_cntrl->calg && clnt_cntrl->calg->alg && + clnt_cntrl->calg->alg->gen_func); + int ret = clnt_cntrl->calg->alg->gen_func(&input, cc, &cc_len); if (ret != kr_ok()) { return ret; } @@ -189,14 +190,14 @@ int kr_request_put_cookie(const struct kr_clnt_cookie_settings *clnt_cntrl, } int kr_answer_opt_rr_add_cookies(const struct knot_scookie_input *input, - const struct kr_srvr_cookie_alg_descr *sc_alg, + const struct kr_sc_alg_descr *sc_alg, knot_pkt_t *pkt) { - if (!input || !sc_alg || pkt) { + if (!input || !sc_alg || !sc_alg->alg || pkt) { kr_error(EINVAL); } - uint16_t cookie_size = input->cc_len + sc_alg->alg.sc_size; + uint16_t cookie_size = input->cc_len + sc_alg->alg->sc_size; uint8_t *data = NULL; if (!pkt->opt_rr) { @@ -210,8 +211,8 @@ int kr_answer_opt_rr_add_cookies(const struct knot_scookie_input *input, } memcpy(data, input->cc, input->cc_len); - cookie_size = sc_alg->alg.sc_size; - ret = sc_alg->alg.gen_func(input, data + input->cc_len, &cookie_size); + cookie_size = sc_alg->alg->sc_size; + ret = sc_alg->alg->gen_func(input, data + input->cc_len, &cookie_size); if (ret != kr_ok()) { /* TODO -- Delete COOKIE option. */ return ret; diff --git a/lib/cookies/control.h b/lib/cookies/control.h index 30f479972..e3bf44738 100644 --- a/lib/cookies/control.h +++ b/lib/cookies/control.h @@ -17,11 +17,10 @@ #pragma once #include -#include +#include #include -#include "lib/cookies/alg_clnt.h" -#include "lib/cookies/alg_srvr.h" +#include "lib/cookies/alg_containers.h" #include "lib/cache.h" #include "lib/defines.h" @@ -37,7 +36,7 @@ struct kr_cookie_secret { /** Holds settings that have direct influence on client cookie values. */ struct kr_clnt_cookie_settings { struct kr_cookie_secret *csec; /*!< Client secret data. */ - const struct kr_clnt_cookie_alg_descr *calg; /**< Client cookie algorithm. */ + const struct kr_cc_alg_descr *calg; /**< Client cookie algorithm. */ }; /** Holds settings that control client behaviour. */ @@ -53,7 +52,7 @@ struct kr_clnt_cookie_ctx { /** Holds settings that have direct influence on server cookie values. */ struct kr_srvr_cookie_settings { struct kr_cookie_secret *ssec; /*!< Server secret data. */ - const struct kr_srvr_cookie_alg_descr *salg; /**< Server cookie algorithm. */ + const struct kr_sc_alg_descr *salg; /**< Server cookie algorithm. */ }; /** Holds settings that control server behaviour. */ @@ -99,7 +98,7 @@ int kr_request_put_cookie(const struct kr_clnt_cookie_settings *clnt_cntrl, */ KR_EXPORT int kr_answer_opt_rr_add_cookies(const struct knot_scookie_input *input, - const struct kr_srvr_cookie_alg_descr *sc_alg, + const struct kr_sc_alg_descr *sc_alg, knot_pkt_t *pkt); /** diff --git a/lib/layer/cookiemonster.c b/lib/layer/cookiemonster.c index 333b93dfa..a46bcb0ba 100644 --- a/lib/layer/cookiemonster.c +++ b/lib/layer/cookiemonster.c @@ -20,13 +20,12 @@ #include #include #include -#include // branch dns-cookies-wip +#include // branch dns-cookies-wip #include #include #include "daemon/engine.h" -#include "lib/cookies/alg_clnt.h" -#include "lib/cookies/alg_srvr.h" +#include "lib/cookies/alg_containers.h" #include "lib/cookies/cache.h" #include "lib/cookies/control.h" #include "lib/module.h" @@ -67,7 +66,7 @@ static const struct sockaddr *passed_server_sockaddr(const struct kr_query *qry) static const struct sockaddr *guess_server_addr(const struct kr_nsrep *nsrep, const uint8_t *cc, uint16_t cc_len, const struct kr_cookie_secret *csecr, - const struct kr_clnt_cookie_alg_descr *cc_alg) + const struct kr_cc_alg_descr *cc_alg) { assert(nsrep && cc && cc_len && csecr && cc_alg); @@ -87,8 +86,8 @@ static const struct sockaddr *guess_server_addr(const struct kr_nsrep *nsrep, } input.srvr_sockaddr = &nsrep->addr[i]; - int ret = kr_clnt_cookie_check(cc, cc_len, &input, cc_alg); - if (ret == kr_ok()) { + int ret = knot_ccookie_check(cc, cc_len, &input, cc_alg->alg); + if (ret == KNOT_EOK) { sockaddr = (struct sockaddr *) &nsrep->addr[i]; break; } @@ -125,21 +124,21 @@ static int srvr_sockaddr_cc_check(const struct sockaddr **sockaddr, .secret_data = clnt_cntrl->current.csec->data, .secret_len = clnt_cntrl->current.csec->size }; - int ret = kr_clnt_cookie_check(cc, cc_len, &input, - clnt_cntrl->current.calg); - bool have_current = (ret == kr_ok()); - if ((ret != kr_ok()) && + int ret = knot_ccookie_check(cc, cc_len, &input, + clnt_cntrl->current.calg->alg); + bool have_current = (ret == KNOT_EOK); + if ((ret != KNOT_EOK) && clnt_cntrl->recent.csec && clnt_cntrl->recent.calg) { input.secret_data = clnt_cntrl->recent.csec->data; input.secret_len = clnt_cntrl->recent.csec->size; - ret = kr_clnt_cookie_check(cc, cc_len, &input, - clnt_cntrl->recent.calg); + ret = knot_ccookie_check(cc, cc_len, &input, + clnt_cntrl->recent.calg->alg); } - if (ret == kr_ok()) { + if (ret == KNOT_EOK) { *sockaddr = tmp_sockaddr; *is_current = have_current; } - return ret; + return (ret == KNOT_EOK) ? kr_ok() : kr_error(EINVAL); } // if (!cc || !clnt_cntrl) { @@ -452,20 +451,20 @@ static int check_request(knot_layer_t *ctx, void *module_param) /* Check server cookie obtained in request. */ - ret = kr_srvr_cookie_check(&cookies, &check_ctx, - srvr_cntrl->current.salg); - if (ret == kr_error(EBADMSG) && - srvr_cntrl->recent.ssec && srvr_cntrl->recent.salg) { + ret = knot_scookie_check(&cookies, &check_ctx, + srvr_cntrl->current.salg->alg); + if (ret == KNOT_EINVAL && + srvr_cntrl->recent.ssec && srvr_cntrl->recent.salg->alg) { /* Try recent algorithm. */ struct knot_scookie_check_ctx recent_ctx = { .clnt_sockaddr = req->qsource.addr, .secret_data = srvr_cntrl->recent.ssec->data, .secret_len = srvr_cntrl->recent.ssec->size }; - ret = kr_srvr_cookie_check(&cookies, &recent_ctx, - srvr_cntrl->recent.salg); + ret = knot_scookie_check(&cookies, &recent_ctx, + srvr_cntrl->recent.salg->alg); } - if (ret != kr_ok()) { + if (ret != KNOT_EOK) { /* TODO -- Silently discard? */ if (!ignore_badcookie) { /* Generate BADCOOKIE response. */ diff --git a/lib/lib.mk b/lib/lib.mk index 33bdc7a3b..17b845670 100644 --- a/lib/lib.mk +++ b/lib/lib.mk @@ -46,16 +46,15 @@ libkres_TARGET := -L$(abspath lib) -lkres ifeq ($(HAS_libcrypto),yes) libkres_SOURCES += \ - contrib/fnv/hash_64a.c \ lib/layer/cookiemonster.c \ - lib/cookies/alg_clnt.c \ - lib/cookies/alg_srvr.c \ + lib/cookies/alg_containers.c \ + lib/cookies/alg_sha.c \ lib/cookies/cache.c \ lib/cookies/control.c libkres_HEADERS += \ - lib/cookies/alg_clnt.h \ - lib/cookies/alg_srvr.h \ + lib/cookies/alg_containers..h \ + lib/cookies/alg_sha.h \ lib/cookies/cache.h \ lib/cookies/control.h diff --git a/lib/resolve.c b/lib/resolve.c index 8f9ed276f..e9e2728d8 100644 --- a/lib/resolve.c +++ b/lib/resolve.c @@ -439,9 +439,9 @@ static int cookie_answer(const void *clnt_sockaddr, } /* Check server cookie only with current settings. */ - ret = kr_srvr_cookie_check(cookies, &check_ctx, - srvr_cntrl->current.salg); - if (ret != kr_ok()) { + ret = knot_scookie_check(cookies, &check_ctx, + srvr_cntrl->current.salg->alg); + if (ret != KNOT_EOK) { kr_pkt_set_ext_rcode(answer, KNOT_RCODE_BADCOOKIE); return KNOT_STATE_FAIL | KNOT_STATE_DONE; } diff --git a/modules/cookiectl/cookiectl.c b/modules/cookiectl/cookiectl.c index 847ce181e..23849b65c 100644 --- a/modules/cookiectl/cookiectl.c +++ b/modules/cookiectl/cookiectl.c @@ -21,8 +21,7 @@ #include #include "daemon/engine.h" -#include "lib/cookies/alg_clnt.h" -#include "lib/cookies/alg_srvr.h" +#include "lib/cookies/alg_containers.h" #include "lib/cookies/control.h" #include "lib/layer.h" @@ -146,8 +145,8 @@ static bool apply_client_hash_func(struct kr_cookie_ctx *cntrl, const JsonNode *node) { if (node->tag == JSON_STRING) { - const struct kr_clnt_cookie_alg_descr *cc_alg = kr_clnt_cookie_alg(kr_clnt_cookie_algs, - node->string_); + const struct kr_cc_alg_descr *cc_alg = kr_cc_alg(kr_cc_algs, + node->string_); if (!cc_alg) { return false; } @@ -162,8 +161,8 @@ static bool apply_server_hash_func(struct kr_cookie_ctx *cntrl, const JsonNode *node) { if (node->tag == JSON_STRING) { - const struct kr_srvr_cookie_alg_descr *sc_alg = kr_srvr_cookie_alg(kr_srvr_cookie_algs, - node->string_); + const struct kr_sc_alg_descr *sc_alg = kr_sc_alg(kr_sc_algs, + node->string_); if (!sc_alg) { return false; } @@ -250,8 +249,8 @@ static bool read_available_cc_hashes(JsonNode *root) return false; } - const struct kr_clnt_cookie_alg_descr *aux_ptr = kr_clnt_cookie_algs; - while (aux_ptr && aux_ptr->alg.gen_func) { + const struct kr_cc_alg_descr *aux_ptr = kr_cc_algs; + while (aux_ptr && aux_ptr->alg && aux_ptr->alg->gen_func) { assert(aux_ptr->name); JsonNode *element = json_mkstring(aux_ptr->name); if (!element) { @@ -281,8 +280,8 @@ static bool read_available_sc_hashes(JsonNode *root) return false; } - const struct kr_srvr_cookie_alg_descr *aux_ptr = kr_srvr_cookie_algs; - while (aux_ptr && aux_ptr->alg.gen_func) { + const struct kr_sc_alg_descr *aux_ptr = kr_sc_algs; + while (aux_ptr && aux_ptr->alg && aux_ptr->alg->gen_func) { assert(aux_ptr->name); JsonNode *element = json_mkstring(aux_ptr->name); if (!element) { @@ -473,14 +472,13 @@ int cookiectl_init(struct kr_module *module) kr_glob_cookie_ctx.clnt.enabled = false; kr_glob_cookie_ctx.clnt.current.csec = cs; - kr_glob_cookie_ctx.clnt.current.calg = kr_clnt_cookie_alg(kr_clnt_cookie_algs, - "FNV-64"); + kr_glob_cookie_ctx.clnt.current.calg = kr_cc_alg(kr_cc_algs, "FNV-64"); kr_glob_cookie_ctx.clnt.cache_ttl = DFLT_COOKIE_TTL; kr_glob_cookie_ctx.srvr.enabled = false; kr_glob_cookie_ctx.srvr.current.ssec = ss; - kr_glob_cookie_ctx.srvr.current.salg = kr_srvr_cookie_alg(kr_srvr_cookie_algs, - "HMAC-SHA256-64"); + kr_glob_cookie_ctx.srvr.current.salg = kr_sc_alg(kr_sc_algs, + "HMAC-SHA256-64"); module->data = NULL;