summaryrefslogtreecommitdiff
path: root/src/libknot/tsig.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/libknot/tsig.c')
-rw-r--r--src/libknot/tsig.c572
1 files changed, 193 insertions, 379 deletions
diff --git a/src/libknot/tsig.c b/src/libknot/tsig.c
index a4a8f1b..fd59709 100644
--- a/src/libknot/tsig.c
+++ b/src/libknot/tsig.c
@@ -14,9 +14,11 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <config.h>
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
+#include <inttypes.h>
#include <assert.h>
#include <time.h>
@@ -25,296 +27,225 @@
#include "common.h"
#include "util/utils.h"
#include "rrset.h"
-#include "rdata.h"
#include "dname.h"
-
-/*! \brief TSIG algorithms table. */
-#define TSIG_ALG_TABLE_SIZE 8
-static knot_lookup_table_t tsig_alg_table[TSIG_ALG_TABLE_SIZE] = {
- { KNOT_TSIG_ALG_NULL, "gss-tsig." },
- { KNOT_TSIG_ALG_HMAC_MD5, "hmac-md5.sig-alg.reg.int." },
- { KNOT_TSIG_ALG_HMAC_SHA1, "hmac-sha1." },
- { KNOT_TSIG_ALG_HMAC_SHA224, "hmac-sha224." },
- { KNOT_TSIG_ALG_HMAC_SHA256, "hmac-sha256." },
- { KNOT_TSIG_ALG_HMAC_SHA384, "hmac-sha384." },
- { KNOT_TSIG_ALG_HMAC_SHA512, "hmac-sha512." },
- { KNOT_TSIG_ALG_NULL, NULL }
-};
-
-int tsig_rdata_init(knot_rrset_t *tsig)
+#include "consts.h"
+
+/*! \brief TSIG field offsets. */
+typedef enum tsig_off_t {
+ TSIG_ALGNAME_O = 0,
+ TSIG_TSIGNED_O,
+ TSIG_FUDGE_O,
+ TSIG_MACLEN_O,
+ TSIG_MAC_O,
+ TSIG_ORIGID_O,
+ TSIG_ERROR_O,
+ TSIG_OLEN_O,
+ TSIG_OTHER_O
+} tsig_off_t;
+
+/* Helpers for r offset calculation. */
+#define TSIG_NAMELEN (sizeof(knot_dname_t*))
+#define TSIG_OTHER_MAXLEN (3 * sizeof(uint16_t))
+#define TSIG_OFF_MACLEN (TSIG_NAMELEN + 4 * sizeof(uint16_t))
+#define TSIG_FIXED_RDLEN (TSIG_NAMELEN + 11 * sizeof(uint16_t))
+
+/*!
+ * \brief Seek offset of a TSIG RR field.
+ *
+ * \param rr TSIG RR.
+ * \param id Field index.
+ * \param nb Required number of bytes after the offset (for boundaries check).
+ * \return pointer to field on wire or NULL.
+ */
+static uint8_t* tsig_rdata_seek(const knot_rrset_t *rr, tsig_off_t id, size_t nb)
{
- if (!tsig) {
- return KNOT_EINVAL;
+ uint8_t *rd = knot_rrset_get_rdata(rr, 0);
+ if (rd == NULL) {
+ return NULL;
}
- /* Initializes rdata. */
- tsig->rdata = knot_rdata_new();
- if (!tsig->rdata) {
- return KNOT_ENOMEM;
+ /* Check if fixed part is readable. */
+ uint16_t lim = rrset_rdata_item_size(rr, 0);
+ if (lim < TSIG_NAMELEN + 5 * sizeof(uint16_t)) {
+ dbg_tsig("TSIG: rdata: not enough items "
+ "(has %"PRIu16", min %zu).\n",
+ lim, TSIG_NAMELEN + 5 * sizeof(uint16_t));
+ return NULL;
}
- tsig->rdata->items =
- malloc(sizeof(knot_rdata_item_t) * KNOT_TSIG_ITEM_COUNT);
- if (!tsig->rdata->items) {
- return KNOT_ENOMEM;
+ /* Not pretty, but fast. */
+ uint8_t *bp = rd;
+ switch(id) {
+ case TSIG_ALGNAME_O: break;
+ case TSIG_TSIGNED_O: rd += TSIG_NAMELEN; break;
+ case TSIG_FUDGE_O: rd += TSIG_NAMELEN + 3 * sizeof(uint16_t); break;
+ case TSIG_MACLEN_O: rd += TSIG_NAMELEN + 4 * sizeof(uint16_t); break;
+ case TSIG_MAC_O: rd += TSIG_NAMELEN + 5 * sizeof(uint16_t); break;
+ case TSIG_ORIGID_O:
+ rd += TSIG_NAMELEN + 4 * sizeof(uint16_t);
+ rd += knot_wire_read_u16(rd) + sizeof(uint16_t);
+ break;
+
+ case TSIG_ERROR_O:
+ rd += TSIG_NAMELEN + 4 * sizeof(uint16_t);
+ rd += knot_wire_read_u16(rd) + 2 * sizeof(uint16_t);
+ break;
+ case TSIG_OLEN_O:
+ rd += TSIG_NAMELEN + 4 * sizeof(uint16_t);
+ rd += knot_wire_read_u16(rd) + 3 * sizeof(uint16_t);
+ break;
+ case TSIG_OTHER_O:
+ rd += TSIG_NAMELEN + 4 * sizeof(uint16_t);
+ rd += knot_wire_read_u16(rd) + 4 * sizeof(uint16_t);
+ break;
+ }
+
+ /* Check remaining bytes. */
+ if (rd + nb > bp + lim) {
+ dbg_tsig("TSIG: rdata: not enough items (needs %zu, has %u).\n",
+ (rd-bp)+nb, lim);
+ return NULL;
}
- memset(tsig->rdata->items, 0,
- sizeof(knot_rdata_item_t) * KNOT_TSIG_ITEM_COUNT);
+ return rd;
+}
+
+static int tsig_rdata_set_tsig_error(knot_rrset_t *tsig, uint16_t tsig_error)
+{
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_ERROR_O, sizeof(uint16_t));
+ if (!rd) {
+ return KNOT_ERROR;
+ }
+ knot_wire_write_u16(rd, tsig_error);
return KNOT_EOK;
}
-int tsig_rdata_set_alg_name(knot_rrset_t *tsig, knot_dname_t *alg_name)
+int tsig_create_rdata(knot_rrset_t *rr, uint16_t maclen, uint16_t tsig_err)
{
- if (!tsig) {
+ if (!rr) {
return KNOT_EINVAL;
}
- knot_rdata_t *rdata = knot_rrset_get_rdata(tsig);
- if (!rdata) {
- return KNOT_EINVAL;
+ /* We already checked rr and know rdlen > 0, no need to check rets. */
+ size_t rdlen = TSIG_FIXED_RDLEN + maclen;
+ if (tsig_err != KNOT_RCODE_BADTIME) {
+ rdlen -= TSIG_OTHER_MAXLEN;
}
- assert(knot_rdata_item_count(rdata) >= 1);
+ uint8_t *rd = knot_rrset_create_rdata(rr, rdlen);
+ memset(rd, 0, rdlen);
- knot_dname_t *alg_name_copy = knot_dname_deep_copy(alg_name);
- if (!alg_name_copy) {
- return KNOT_ENOMEM;
- }
+ /* Set MAC variable length in advance. */
+ rd += TSIG_OFF_MACLEN;
+ knot_wire_write_u16(rd, maclen);
- knot_rdata_item_set_dname(rdata, 0, alg_name_copy);
-
- /* Release the dname. We want it to have 1 reference only. */
- knot_dname_release(alg_name_copy);
+ /* Set error. */
+ tsig_rdata_set_tsig_error(rr, tsig_err);
return KNOT_EOK;
}
-int tsig_rdata_set_alg(knot_rrset_t *tsig, tsig_algorithm_t alg)
+int tsig_rdata_set_alg_name(knot_rrset_t *tsig, knot_dname_t *alg_name)
{
- if (!tsig) {
- return KNOT_EINVAL;
- }
-
- knot_rdata_t *rdata = knot_rrset_get_rdata(tsig);
- if (!rdata) {
- return KNOT_EINVAL;
- }
- assert(knot_rdata_item_count(rdata) >= 1);
-
- const char *alg_str = tsig_alg_to_str(alg);
- knot_dname_t *alg_name_copy = knot_dname_new_from_str(alg_str,
- strlen(alg_str),
- NULL);
- if (!alg_name_copy) {
- return KNOT_ENOMEM;
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_ALGNAME_O, TSIG_NAMELEN);
+ if (!rd) {
+ return KNOT_ERROR;
}
-
- knot_rdata_item_set_dname(rdata, 0, alg_name_copy);
-
- /* Release the dname. We want it to have 1 reference only. */
- knot_dname_release(alg_name_copy);
+ memcpy(rd, &alg_name, sizeof(knot_dname_t*));
+ knot_dname_retain(alg_name);
return KNOT_EOK;
}
-int tsig_rdata_set_time_signed(knot_rrset_t *tsig, uint64_t time)
+int tsig_rdata_set_alg(knot_rrset_t *tsig, knot_tsig_algorithm_t alg)
{
- if (!tsig) {
- return KNOT_EINVAL;
- }
-
- knot_rdata_t *rdata = knot_rrset_get_rdata(tsig);
- if (!rdata) {
- return KNOT_EINVAL;
- }
- assert(knot_rdata_item_count(rdata) >= 2);
+ const char *s = tsig_alg_to_str(alg);
+ knot_dname_t *alg_name = knot_dname_new_from_str(s, strlen(s), NULL);
+ int ret = tsig_rdata_set_alg_name(tsig, alg_name);
+ knot_dname_release(alg_name);
+ return ret;
+}
- /* Create the wire format. */
- uint16_t *wire = malloc(sizeof(uint8_t) * 6 + sizeof(uint16_t));
- if (!wire) {
- ERR_ALLOC_FAILED;
- return KNOT_ENOMEM;
+int tsig_rdata_set_time_signed(knot_rrset_t *tsig, uint64_t time)
+{
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_TSIGNED_O, 3*sizeof(uint16_t));
+ if (!rd) {
+ return KNOT_ERROR;
}
- /* Write the length - 6. */
- wire[0] = 6;
- knot_wire_write_u48((uint8_t *)(wire + 1), time);
-
- knot_rdata_item_set_raw_data(rdata, 1, wire);
-
+ knot_wire_write_u48(rd, time);
return KNOT_EOK;
}
int tsig_rdata_set_fudge(knot_rrset_t *tsig, uint16_t fudge)
{
- if (!tsig) {
- return KNOT_EINVAL;
- }
-
- knot_rdata_t *rdata = knot_rrset_get_rdata(tsig);
- if (!rdata) {
- return KNOT_EINVAL;
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_FUDGE_O, sizeof(uint16_t));
+ if (!rd) {
+ return KNOT_ERROR;
}
- assert(knot_rdata_item_count(rdata) >= 3);
-
- /* Create the wire format. */
- uint16_t *wire = malloc(sizeof(uint8_t) * 2 + sizeof(uint16_t));
- if (!wire) {
- ERR_ALLOC_FAILED;
- return KNOT_ENOMEM;
- }
-
- /* Write the length - 2. */
- wire[0] = sizeof(uint16_t);
- knot_wire_write_u16((uint8_t *)(wire + 1), fudge);
-
- knot_rdata_item_set_raw_data(rdata, 2, wire);
+ knot_wire_write_u16(rd, fudge);
return KNOT_EOK;
}
int tsig_rdata_set_mac(knot_rrset_t *tsig, uint16_t length, const uint8_t *mac)
{
- if (!tsig) {
- return KNOT_EINVAL;
- }
-
- knot_rdata_t *rdata = knot_rrset_get_rdata(tsig);
- if (!rdata) {
- return KNOT_EINVAL;
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_MAC_O, length);
+ if (!rd) {
+ return KNOT_ERROR;
}
- assert(knot_rdata_item_count(rdata) >= 4);
- /* Create the wire format. */
- uint16_t *wire = malloc(sizeof(uint8_t) * length + 2 * sizeof(uint16_t));
- if (!wire) {
- ERR_ALLOC_FAILED;
- return KNOT_ENOMEM;
- }
+ /*! \note Cannot change length, as rdata is already preallocd. */
- /* Write the length. */
- wire[0] = length + sizeof(uint16_t);
- knot_wire_write_u16((uint8_t *)(wire + 1), length);
/* Copy the actual MAC. */
- memcpy((uint8_t *)(wire + 2), mac, sizeof(uint8_t) * length);
- knot_rdata_item_set_raw_data(rdata, 3, wire);
-
+ memcpy(rd, mac, length);
return KNOT_EOK;
}
int tsig_rdata_set_orig_id(knot_rrset_t *tsig, uint16_t id)
{
- if (!tsig) {
- return KNOT_EINVAL;
- }
-
- knot_rdata_t *rdata = knot_rrset_get_rdata(tsig);
- if (!rdata) {
- return KNOT_EINVAL;
- }
- assert(knot_rdata_item_count(rdata) >= 5);
-
- /* Create the wire format. */
- uint16_t *wire = malloc(sizeof(uint8_t) * 2 + sizeof(uint16_t));
- if (!wire) {
- ERR_ALLOC_FAILED;
- return KNOT_ENOMEM;
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_ORIGID_O, sizeof(uint16_t));
+ if (!rd) {
+ return KNOT_ERROR;
}
/* Write the length - 2. */
- wire[0] = sizeof(uint16_t);
- knot_wire_write_u16((uint8_t *)(wire + 1), id);
-
- knot_rdata_item_set_raw_data(rdata, 4, wire);
-
+ knot_wire_write_u16(rd, id);
return KNOT_EOK;
}
-int tsig_rdata_set_tsig_error(knot_rrset_t *tsig, uint16_t tsig_error)
-{
- if (!tsig) {
- return KNOT_EINVAL;
- }
-
- knot_rdata_t *rdata = knot_rrset_get_rdata(tsig);
- if (!rdata) {
- return KNOT_EINVAL;
- }
- assert(knot_rdata_item_count(rdata) >= 6);
-
- /* Create the wire format. */
- uint16_t *wire = malloc(sizeof(uint8_t) * 2 + sizeof(uint16_t));
- if (!wire) {
- ERR_ALLOC_FAILED;
- return KNOT_ENOMEM;
- }
-
- /* Write the length - 2. */
- wire[0] = sizeof(uint16_t);
- knot_wire_write_u16((uint8_t *)(wire + 1), tsig_error);
-
- knot_rdata_item_set_raw_data(rdata, 5, wire);
-
- return KNOT_EOK;
-}
-
-int tsig_rdata_set_other_data(knot_rrset_t *tsig, uint16_t length,
+int tsig_rdata_set_other_data(knot_rrset_t *tsig, uint16_t len,
const uint8_t *other_data)
{
- if (!tsig) {
+ if (len > TSIG_OTHER_MAXLEN) {
+ dbg_tsig("TSIG: rdata: other len > %zu B\n", TSIG_OTHER_MAXLEN);
return KNOT_EINVAL;
}
- knot_rdata_t *rdata = knot_rrset_get_rdata(tsig);
- if (!rdata) {
- return KNOT_EINVAL;
- }
- assert(knot_rdata_item_count(rdata) >= 6);
-
- /* Create the wire format. */
- uint16_t *wire = malloc(sizeof(uint8_t) * length + 2 * sizeof(uint16_t));
- if (!wire) {
- ERR_ALLOC_FAILED;
- return KNOT_ENOMEM;
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_OLEN_O, len+sizeof(uint16_t));
+ if (!rd) {
+ return KNOT_ERROR;
}
/* Write the length. */
- wire[0] = length + 2;
- knot_wire_write_u16((uint8_t *)(wire + 1), length);
- /* Copy the actual data. */
- memcpy(wire + 2, other_data, sizeof(uint8_t) * length);
- knot_rdata_item_set_raw_data(rdata, 6, wire);
+ knot_wire_write_u16(rd, len);
+ /* Copy the actual data. */
+ memcpy(rd + sizeof(uint16_t), other_data, len);
return KNOT_EOK;
}
const knot_dname_t *tsig_rdata_alg_name(const knot_rrset_t *tsig)
{
- if (!tsig) {
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_ALGNAME_O, TSIG_NAMELEN);
+ if (!rd) {
return NULL;
}
-
- const knot_rdata_t *rdata = knot_rrset_rdata(tsig);
- if (!rdata) {
- dbg_tsig("TSIG: rdata: alg name: no rdata.\n");
- return NULL;
- }
-
- if (knot_rdata_item_count(rdata) < 1) {
- dbg_tsig("TSIG: rdata: alg name: not enough items.\n");
- return NULL;
- }
-
- return knot_rdata_item(rdata, 0)->dname;
+ return *((knot_dname_t**)rd);
}
-tsig_algorithm_t tsig_rdata_alg(const knot_rrset_t *tsig)
+knot_tsig_algorithm_t tsig_rdata_alg(const knot_rrset_t *tsig)
{
- if (!tsig) {
- return KNOT_TSIG_ALG_NULL;
- }
-
/* Get the algorithm name. */
const knot_dname_t *alg_name = tsig_rdata_alg_name(tsig);
if (!alg_name) {
@@ -329,183 +260,87 @@ tsig_algorithm_t tsig_rdata_alg(const knot_rrset_t *tsig)
return KNOT_TSIG_ALG_NULL;
}
- knot_lookup_table_t *item = knot_lookup_by_name(tsig_alg_table, name);
+ knot_lookup_table_t *item = knot_lookup_by_name(
+ knot_tsig_alg_domain_names, name);
free(name);
if (!item) {
dbg_tsig("TSIG: rdata: unknown algorithm.\n");
return KNOT_TSIG_ALG_NULL;
}
-
return item->id;
}
uint64_t tsig_rdata_time_signed(const knot_rrset_t *tsig)
{
- /*! \note How about assert. Or maybe change API??? */
- if (!tsig) {
- return 0;
- }
-
- const knot_rdata_t *rdata = knot_rrset_rdata(tsig);
- if (!rdata) {
+ /*! \todo How to return invalid value? */
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_TSIGNED_O, 3*sizeof(uint16_t));
+ if (!rd) {
return 0;
}
-
- if (knot_rdata_item_count(rdata) < 2) {
- return 0;
- }
-
- uint16_t *wire = knot_rdata_item(rdata, 1)->raw_data;
- assert(wire[0] == 6);
- /* Skip the size. */
- wire++;
-
- return knot_wire_read_u48((uint8_t *)wire);
+ return knot_wire_read_u48(rd);
}
uint16_t tsig_rdata_fudge(const knot_rrset_t *tsig)
{
- /*! \note How about assert. Or maybe change API??? */
- if (!tsig) {
- return 0;
- }
-
- const knot_rdata_t *rdata = knot_rrset_rdata(tsig);
- if (!rdata) {
- return 0;
- }
-
- if (knot_rdata_item_count(rdata) < 3) {
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_FUDGE_O, sizeof(uint16_t));
+ if (!rd) {
return 0;
}
-
- uint16_t *wire = knot_rdata_item(rdata, 2)->raw_data;
- assert(wire[0] == 2);
- /* Skip the size. */
- wire++;
-
- return knot_wire_read_u16((uint8_t *)wire);
+ return knot_wire_read_u16(rd);
}
const uint8_t *tsig_rdata_mac(const knot_rrset_t *tsig)
{
- /*! \note How about assert. Or maybe change API??? */
- if (!tsig) {
- return 0;
- }
-
- const knot_rdata_t *rdata = knot_rrset_rdata(tsig);
- if (!rdata) {
- return 0;
- }
-
- if (knot_rdata_item_count(rdata) < 4) {
- return 0;
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_MAC_O, 0);
+ if (!rd) {
+ return NULL;
}
-
- return (uint8_t*)(knot_rdata_item(rdata, 3)->raw_data + 2);
+ return rd;
}
size_t tsig_rdata_mac_length(const knot_rrset_t *tsig)
{
- if (!tsig) {
- return 0;
- }
-
- const knot_rdata_t *rdata = knot_rrset_rdata(tsig);
- if (!rdata || knot_rdata_item_count(rdata) < 4) {
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_MACLEN_O, sizeof(uint16_t));
+ if (!rd) {
return 0;
}
-
- return knot_wire_read_u16(
- (uint8_t *)(knot_rdata_item(rdata, 3)->raw_data + 1));
+ return knot_wire_read_u16(rd);
}
uint16_t tsig_rdata_orig_id(const knot_rrset_t *tsig)
{
- /*! \note How about assert. Or maybe change API??? */
- if (!tsig) {
- return 0;
- }
-
- const knot_rdata_t *rdata = knot_rrset_rdata(tsig);
- if (!rdata) {
- return 0;
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_ORIGID_O, sizeof(uint16_t));
+ if (!rd) {
+ return KNOT_ERROR;
}
-
- if (knot_rdata_item_count(rdata) < 5) {
- return 0;
- }
-
- uint16_t *wire = knot_rdata_item(rdata, 4)->raw_data;
- assert(wire[0] == 2);
- /* Skip the size. */
- wire++;
-
- return knot_wire_read_u16((uint8_t *)wire);
+ return knot_wire_read_u16(rd);
}
uint16_t tsig_rdata_error(const knot_rrset_t *tsig)
{
- /*! \note How about assert. Or maybe change API??? */
- if (!tsig) {
- return 0;
- }
-
- const knot_rdata_t *rdata = knot_rrset_rdata(tsig);
- if (!rdata) {
- return 0;
- }
-
- if (knot_rdata_item_count(rdata) < 6) {
- return 0;
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_ERROR_O, sizeof(uint16_t));
+ if (!rd) {
+ return KNOT_ERROR;
}
-
- uint16_t *wire = knot_rdata_item(rdata, 5)->raw_data;
- assert(wire[0] == 2);
- /* Skip the size. */
- wire++;
-
- return knot_wire_read_u16((uint8_t *)wire);
+ return knot_wire_read_u16(rd);
}
const uint8_t *tsig_rdata_other_data(const knot_rrset_t *tsig)
{
- /*! \note How about assert. Or maybe change API??? */
- if (!tsig) {
- return 0;
- }
-
- const knot_rdata_t *rdata = knot_rrset_rdata(tsig);
- if (!rdata) {
- return 0;
- }
-
- if (knot_rdata_item_count(rdata) < 7) {
- return 0;
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_OTHER_O, 0);
+ if (!rd) {
+ return NULL;
}
-
- return (uint8_t *)(knot_rdata_item(rdata, 6)->raw_data + 2);
+ return rd;
}
uint16_t tsig_rdata_other_data_length(const knot_rrset_t *tsig)
{
- /*! \note How about assert. Or maybe change API??? */
- if (!tsig) {
- return 0;
- }
-
- const knot_rdata_t *rdata = knot_rrset_rdata(tsig);
- if (!rdata) {
- return 0;
- }
-
- if (knot_rdata_item_count(rdata) < 7) {
- return 0;
+ uint8_t *rd = tsig_rdata_seek(tsig, TSIG_OLEN_O, sizeof(uint16_t));
+ if (!rd) {
+ return KNOT_ERROR;
}
-
- return knot_wire_read_u16((uint8_t *)
- (knot_rdata_item(rdata, 6)->raw_data + 1));
+ return knot_wire_read_u16(rd);
}
int tsig_alg_from_name(const knot_dname_t *alg_name)
@@ -520,7 +355,7 @@ int tsig_alg_from_name(const knot_dname_t *alg_name)
}
knot_lookup_table_t *found =
- knot_lookup_by_name(tsig_alg_table, name);
+ knot_lookup_by_name(knot_tsig_alg_domain_names, name);
if (!found) {
dbg_tsig("Unknown algorithm: %s \n", name);
@@ -533,28 +368,6 @@ int tsig_alg_from_name(const knot_dname_t *alg_name)
return found->id;
}
-uint16_t tsig_alg_digest_length(tsig_algorithm_t alg)
-{
- switch (alg) {
- case KNOT_TSIG_ALG_GSS_TSIG:
- return KNOT_TSIG_ALG_DIG_LENGTH_GSS_TSIG;
- case KNOT_TSIG_ALG_HMAC_MD5:
- return KNOT_TSIG_ALG_DIG_LENGTH_HMAC_MD5;
- case KNOT_TSIG_ALG_HMAC_SHA1:
- return KNOT_TSIG_ALG_DIG_LENGTH_SHA1;
- case KNOT_TSIG_ALG_HMAC_SHA224:
- return KNOT_TSIG_ALG_DIG_LENGTH_SHA224;
- case KNOT_TSIG_ALG_HMAC_SHA256:
- return KNOT_TSIG_ALG_DIG_LENGTH_SHA256;
- case KNOT_TSIG_ALG_HMAC_SHA384:
- return KNOT_TSIG_ALG_DIG_LENGTH_SHA384;
- case KNOT_TSIG_ALG_HMAC_SHA512:
- return KNOT_TSIG_ALG_DIG_LENGTH_SHA512;
- default:
- return 0;
- } /* switch(alg) */
-}
-
size_t tsig_rdata_tsig_variables_length(const knot_rrset_t *tsig)
{
if (tsig == NULL) {
@@ -579,6 +392,7 @@ size_t tsig_rdata_tsig_variables_length(const knot_rrset_t *tsig)
size_t tsig_rdata_tsig_timers_length()
{
+ /*! \todo Cleanup */
return KNOT_TSIG_TIMERS_LENGTH;
}
@@ -594,25 +408,24 @@ int tsig_rdata_store_current_time(knot_rrset_t *tsig)
return KNOT_EOK;
}
-const char* tsig_alg_to_str(tsig_algorithm_t alg)
+const char* tsig_alg_to_str(knot_tsig_algorithm_t alg)
{
- for (unsigned i = 0; i < TSIG_ALG_TABLE_SIZE; ++i) {
- if (tsig_alg_table[i].id == alg) {
- return tsig_alg_table[i].name;
- }
- }
+ knot_lookup_table_t *item;
+
+ item = knot_lookup_by_id(knot_tsig_alg_domain_names, alg);
- return "";
+ if (item != NULL) {
+ return item->name;
+ } else {
+ return "";
+ }
}
-size_t tsig_wire_maxsize(const knot_key_t* key)
+size_t tsig_wire_maxsize(const knot_tsig_key_t *key)
{
- if (key == NULL) {
- return 0;
- }
-
size_t alg_name_size = strlen(tsig_alg_to_str(key->algorithm)) + 1;
+ /*! \todo Used fixed size as a base. */
return knot_dname_size(key->name) +
sizeof(uint16_t) + /* TYPE */
sizeof(uint16_t) + /* CLASS */
@@ -622,7 +435,7 @@ size_t tsig_wire_maxsize(const knot_key_t* key)
6 * sizeof(uint8_t) + /* Time signed */
sizeof(uint16_t) + /* Fudge */
sizeof(uint16_t) + /* MAC size */
- tsig_alg_digest_length(key->algorithm) + /* MAC */
+ knot_tsig_digest_length(key->algorithm) + /* MAC */
sizeof(uint16_t) + /* Original ID */
sizeof(uint16_t) + /* Error */
sizeof(uint16_t) + /* Other len */
@@ -634,7 +447,8 @@ size_t tsig_wire_actsize(const knot_rrset_t *tsig)
if (tsig == NULL) {
return 0;
}
-
+
+ /*! \todo Used fixed size as a base. */
return knot_dname_size(knot_rrset_owner(tsig)) +
sizeof(uint16_t) + /* TYPE */
sizeof(uint16_t) + /* CLASS */
@@ -653,10 +467,10 @@ size_t tsig_wire_actsize(const knot_rrset_t *tsig)
int tsig_rdata_is_ok(const knot_rrset_t *tsig)
{
+ /*! \todo Check size, needs to check variable-length fields. */
return (tsig
- && knot_rrset_rdata(tsig) != NULL
- && knot_rdata_item_count(knot_rrset_rdata(tsig)) >= 7
+ && knot_rrset_get_rdata(tsig, 0) != NULL
+ && tsig_rdata_seek(tsig, TSIG_OTHER_O, 0) != NULL
&& tsig_rdata_alg_name(tsig) != NULL
&& tsig_rdata_time_signed(tsig) != 0);
}
-
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-30 04:47:15 +0000