Commit d18bfe91 authored by Daniel Salzman's avatar Daniel Salzman

all: move some alg. codes and alg. names to the libknot/consts.h

refs #2137

Change-Id: Ic8adef04228925e5c8131431c2a126d31310a488
parent b9f6d32d
......@@ -135,6 +135,7 @@ src/knot/zone/zone-load.h
src/libknot/binary.c
src/libknot/binary.h
src/libknot/common.h
src/libknot/consts.c
src/libknot/consts.h
src/libknot/dname.c
src/libknot/dname.h
......
......@@ -136,6 +136,8 @@ unittests_xfr_SOURCES = \
tests/xfr_tests.h
libknot_la_SOURCES = \
libknot/consts.h \
libknot/consts.c \
libknot/util/utils.c \
libknot/util/debug.c \
libknot/util/debug.h \
......
......@@ -36,17 +36,6 @@ static knot_lookup_table_t dns_classes[] = {
{ 0, NULL }
};
/*!
* \brief DS digest lengths.
*/
enum knot_ds_algorithm_len
{
KNOT_DS_DIGEST_LEN_SHA1 = 20, /* 20B - RFC 3658 */
KNOT_DS_DIGEST_LEN_SHA256 = 32, /* 32B - RFC 4509 */
KNOT_DS_DIGEST_LEN_GOST = 32, /* 32B - RFC 5933 */
KNOT_DS_DIGEST_LEN_SHA384 = 48, /* 48B - RFC 6605 */
};
/*!
* \brief RR type descriptors.
*/
......@@ -294,19 +283,3 @@ int knot_rrtype_is_metatype(const uint16_t type)
type == KNOT_RRTYPE_AXFR ||
type == KNOT_RRTYPE_ANY;
}
size_t knot_ds_digest_length(const uint8_t algorithm)
{
switch (algorithm) {
case KNOT_DS_ALG_SHA1:
return KNOT_DS_DIGEST_LEN_SHA1;
case KNOT_DS_ALG_SHA256:
return KNOT_DS_DIGEST_LEN_SHA256;
case KNOT_DS_ALG_GOST:
return KNOT_DS_DIGEST_LEN_GOST;
case KNOT_DS_ALG_SHA384:
return KNOT_DS_DIGEST_LEN_SHA384;
default:
return 0;
}
}
......@@ -37,11 +37,16 @@ enum knot_rr_class {
KNOT_CLASS_IN = 1,
KNOT_CLASS_CH = 2,
KNOT_CLASS_NONE = 254,
KNOT_CLASS_ANY = 255,
KNOT_CLASS_ANY = 255
};
/*!
* \brief Resource record type constants.
*
* http://www.iana.org/assignments/dns-parameters/dns-parameters.xml
*
* METATYPE: Contains DNS data that can't be in a zone file.
* QTYPE: Specifies DNS query type; can't be in a zone file.
*/
enum knot_rr_type {
KNOT_RRTYPE_A = 1, /*!< An IPv4 host address. */
......@@ -97,7 +102,7 @@ enum knot_rr_type {
KNOT_RRTYPE_IXFR = 251, /*!< QTYPE. Incremental zone transfer. */
KNOT_RRTYPE_AXFR = 252, /*!< QTYPE. Authoritative zone transfer. */
KNOT_RRTYPE_ANY = 255, /*!< QTYPE. Any record. */
KNOT_RRTYPE_ANY = 255 /*!< QTYPE. Any record. */
};
/*!
......@@ -115,42 +120,7 @@ enum knot_rdata_wireformat {
/*!< Uninteresting final part of a record. */
KNOT_RDATA_WF_REMAINDER,
/*!< The last descriptor in array. */
KNOT_RDATA_WF_END = 0,
};
/*!
* \brief DNSSEC Algorithm Numbers
*
* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml
*/
typedef enum {
KNOT_DNSSEC_ALG_RSAMD5 = 1,
KNOT_DNSSEC_ALG_DH = 2,
KNOT_DNSSEC_ALG_DSA = 3,
KNOT_DNSSEC_ALG_RSASHA1 = 5,
KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1 = 6,
KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1 = 7,
KNOT_DNSSEC_ALG_RSASHA256 = 8,
KNOT_DNSSEC_ALG_RSASHA512 = 10,
KNOT_DNSSEC_ALG_ECC_GOST = 12,
KNOT_DNSSEC_ALG_ECDSAP256SHA256 = 13,
KNOT_DNSSEC_ALG_ECDSAP384SHA384 = 14,
} knot_dnssec_algorithm_t;
/*!
* \brief Constants for DNSSEC algorithm types.
*
* Source: http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xml
*/
enum knot_ds_algorithm
{
KNOT_DS_ALG_SHA1 = 1,
KNOT_DS_ALG_SHA256 = 2,
KNOT_DS_ALG_GOST = 3,
KNOT_DS_ALG_SHA384 = 4,
KNOT_RDATA_WF_END = 0
};
/*!
......@@ -273,15 +243,6 @@ int descriptor_item_is_remainder(const int item);
*/
int knot_rrtype_is_metatype(const uint16_t type);
/*!
* \brief Returns length of DS digest for given algorithm.
*
* \param algorithm Algorithm code to be used.
*
* \retval Digest length for given algorithm.
*/
size_t knot_ds_digest_length(const uint8_t algorithm);
#endif // _KNOT_DESCRIPTOR_H_
/*! @} */
......@@ -372,7 +372,7 @@ static int conf_mask(void* scanner, int nval, int prefixlen) {
char *t;
long i;
size_t l;
tsig_algorithm_t alg;
knot_tsig_algorithm_t alg;
} tok;
}
......@@ -560,7 +560,7 @@ keys:
KEYS '{'
| keys TEXT TSIG_ALGO_NAME TEXT ';' {
/* Check algorithm length. */
if (tsig_alg_digest_length($3.alg) == 0) {
if (knot_tsig_digest_length($3.alg) == 0) {
cf_error(scanner, "unsupported digest algorithm");
}
......
......@@ -283,7 +283,7 @@ static int tsig_parse_str(knot_tsig_key_t *key, const char *str)
if (s) {
*s++ = '\0'; /* Last part separator */
knot_lookup_table_t *alg = NULL;
alg = knot_lookup_by_name(tsig_alg_table, h);
alg = knot_lookup_by_name(knot_tsig_alg_domain_names, h);
if (alg) {
algorithm = alg->id;
} else {
......@@ -332,7 +332,9 @@ static int tsig_parse_line(knot_tsig_key_t *k, char *l)
}
/* Lookup algorithm. */
knot_lookup_table_t *alg = knot_lookup_by_name(tsig_alg_table, a);
knot_lookup_table_t *alg;
alg = knot_lookup_by_name(knot_tsig_alg_domain_names, a);
if (!alg) {
return KNOT_EMALF;
}
......
......@@ -711,7 +711,7 @@ int remote_query_sign(uint8_t *wire, size_t *size, size_t maxlen,
return KNOT_EINVAL;
}
size_t dlen = tsig_alg_digest_length(key->algorithm);
size_t dlen = knot_tsig_digest_length(key->algorithm);
uint8_t *digest = malloc(dlen);
if (!digest) {
return KNOT_ENOMEM;
......
......@@ -213,7 +213,7 @@ static int xfr_task_setsig(knot_ns_xfr_t *rq, knot_tsig_key_t *key)
int ret = KNOT_EOK;
rq->tsig_key = key;
rq->tsig_size = tsig_wire_maxsize(key);
rq->digest_max_size = tsig_alg_digest_length(key->algorithm);
rq->digest_max_size = knot_tsig_digest_length(key->algorithm);
rq->digest = malloc(rq->digest_max_size);
if (rq->digest == NULL) {
rq->tsig_key = NULL;
......@@ -840,8 +840,8 @@ static int xfr_check_tsig(knot_ns_xfr_t *xfr, knot_rcode_t *rcode, char **tag)
return KNOT_EDENIED;
}
if (tsig_rr) {
tsig_algorithm_t alg = tsig_rdata_alg(tsig_rr);
if (tsig_alg_digest_length(alg) == 0) {
knot_tsig_algorithm_t alg = tsig_rdata_alg(tsig_rr);
if (knot_tsig_digest_length(alg) == 0) {
*rcode = KNOT_RCODE_NOTAUTH;
xfr->tsig_key = NULL;
xfr->tsig_rcode = KNOT_RCODE_BADKEY;
......
......@@ -2183,7 +2183,7 @@ int zones_normal_query_answer(knot_nameserver_t *nameserver,
knot_packet_tsig(knot_packet_query(resp));
size_t digest_max_size =
tsig_alg_digest_length(
knot_tsig_digest_length(
tsig_key_zone->algorithm);
uint8_t *digest = (uint8_t *)malloc(
digest_max_size);
......@@ -2254,7 +2254,7 @@ int zones_normal_query_answer(knot_nameserver_t *nameserver,
knot_packet_query(resp));
size_t digest_max_size =
tsig_alg_digest_length(
knot_tsig_digest_length(
tsig_key_zone->algorithm);
uint8_t *digest = (uint8_t *)malloc(
digest_max_size);
......@@ -2428,7 +2428,7 @@ int zones_process_update(knot_nameserver_t *nameserver,
dbg_zones_verb("Adding TSIG = %s\n", knot_strerror(ret));
} else if (tsig_key_zone) {
dbg_zones_verb("Signing message with TSIG.\n");
size_t digest_len = tsig_alg_digest_length(tsig_key_zone->algorithm);
size_t digest_len = knot_tsig_digest_length(tsig_key_zone->algorithm);
uint8_t *digest = (uint8_t *)malloc(digest_len);
if (digest == NULL) {
knot_packet_free(&resp);
......@@ -3300,8 +3300,8 @@ int zones_verify_tsig_query(const knot_packet_t *query,
/*
* 1) Check if we support the requested algorithm.
*/
tsig_algorithm_t alg = tsig_rdata_alg(tsig_rr);
if (tsig_alg_digest_length(alg) == 0) {
knot_tsig_algorithm_t alg = tsig_rdata_alg(tsig_rr);
if (knot_tsig_digest_length(alg) == 0) {
log_answer_info("Unsupported digest algorithm "
"requested, treating as bad key\n");
/*! \todo [TSIG] It is unclear from RFC if I
......@@ -3335,7 +3335,7 @@ int zones_verify_tsig_query(const knot_packet_t *query,
/* Prepare variables for TSIG */
/*! \todo These need to be saved to the response somehow. */
//size_t tsig_size = tsig_wire_maxsize(key);
size_t digest_max_size = tsig_alg_digest_length(key->algorithm);
size_t digest_max_size = knot_tsig_digest_length(key->algorithm);
//size_t digest_size = 0;
//uint64_t tsig_prev_time_signed = 0;
//uint8_t *digest = (uint8_t *)malloc(digest_max_size);
......
/* Copyright (C) 2011 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <libknot/consts.h>
knot_lookup_table_t knot_opcode_names[] = {
{ KNOT_OPCODE_QUERY, "QUERY" },
{ KNOT_OPCODE_IQUERY, "IQUERY" },
{ KNOT_OPCODE_STATUS, "STATUS" },
{ KNOT_OPCODE_NOTIFY, "NOTIFY" },
{ KNOT_OPCODE_UPDATE, "UPDATE" },
{ 0, NULL }
};
knot_lookup_table_t knot_rcode_names[] = {
{ KNOT_RCODE_NOERROR, "NOERROR" },
{ KNOT_RCODE_FORMERR, "FORMERR" },
{ KNOT_RCODE_SERVFAIL, "SERVFAIL" },
{ KNOT_RCODE_NXDOMAIN, "NXDOMAIN" },
{ KNOT_RCODE_NOTIMPL, "NOTIMPL" },
{ KNOT_RCODE_REFUSED, "REFUSED" },
{ KNOT_RCODE_YXDOMAIN, "YXDOMAIN" },
{ KNOT_RCODE_YXRRSET, "YXRRSET" },
{ KNOT_RCODE_NXRRSET, "NXRRSET" },
{ KNOT_RCODE_NOTAUTH, "NOTAUTH" },
{ KNOT_RCODE_NOTZONE, "NOTZONE" },
{ KNOT_RCODE_BADSIG, "BADSIG" },
{ KNOT_RCODE_BADKEY, "BADKEY" },
{ KNOT_RCODE_BADTIME, "BADTIME" },
{ KNOT_RCODE_BADMODE, "BADMODE" },
{ KNOT_RCODE_BADNAME, "BADNAME" },
{ KNOT_RCODE_BADALG, "BADALG" },
{ KNOT_RCODE_BADTRUNC, "BADTRUNC" },
{ 0, NULL }
};
knot_lookup_table_t knot_tsig_alg_names[] = {
{ KNOT_TSIG_ALG_HMAC_MD5, "hmac-md5" },
{ KNOT_TSIG_ALG_HMAC_SHA1, "hmac-sha1" },
{ KNOT_TSIG_ALG_HMAC_SHA224, "hmac-sha224" },
{ KNOT_TSIG_ALG_HMAC_SHA256, "hmac-sha256" },
{ KNOT_TSIG_ALG_HMAC_SHA384, "hmac-sha384" },
{ KNOT_TSIG_ALG_HMAC_SHA512, "hmac-sha512" },
{ KNOT_TSIG_ALG_NULL, NULL }
};
knot_lookup_table_t knot_tsig_alg_domain_names[] = {
{ KNOT_TSIG_ALG_GSS_TSIG, "gss-tsig." },
{ KNOT_TSIG_ALG_HMAC_MD5, "hmac-md5.sig-alg.reg.int." },
{ KNOT_TSIG_ALG_HMAC_SHA1, "hmac-sha1." },
{ KNOT_TSIG_ALG_HMAC_SHA224, "hmac-sha224." },
{ KNOT_TSIG_ALG_HMAC_SHA256, "hmac-sha256." },
{ KNOT_TSIG_ALG_HMAC_SHA384, "hmac-sha384." },
{ KNOT_TSIG_ALG_HMAC_SHA512, "hmac-sha512." },
{ KNOT_TSIG_ALG_NULL, NULL }
};
size_t knot_tsig_digest_length(const uint8_t algorithm)
{
switch (algorithm) {
case KNOT_TSIG_ALG_GSS_TSIG:
return KNOT_TSIG_ALG_DIG_LENGTH_GSS_TSIG;
case KNOT_TSIG_ALG_HMAC_MD5:
return KNOT_TSIG_ALG_DIG_LENGTH_HMAC_MD5;
case KNOT_TSIG_ALG_HMAC_SHA1:
return KNOT_TSIG_ALG_DIG_LENGTH_SHA1;
case KNOT_TSIG_ALG_HMAC_SHA224:
return KNOT_TSIG_ALG_DIG_LENGTH_SHA224;
case KNOT_TSIG_ALG_HMAC_SHA256:
return KNOT_TSIG_ALG_DIG_LENGTH_SHA256;
case KNOT_TSIG_ALG_HMAC_SHA384:
return KNOT_TSIG_ALG_DIG_LENGTH_SHA384;
case KNOT_TSIG_ALG_HMAC_SHA512:
return KNOT_TSIG_ALG_DIG_LENGTH_SHA512;
default:
return 0;
}
}
size_t knot_ds_digest_length(const uint8_t algorithm)
{
switch (algorithm) {
case KNOT_DS_ALG_SHA1:
return KNOT_DS_DIGEST_LEN_SHA1;
case KNOT_DS_ALG_SHA256:
return KNOT_DS_DIGEST_LEN_SHA256;
case KNOT_DS_ALG_GOST:
return KNOT_DS_DIGEST_LEN_GOST;
case KNOT_DS_ALG_SHA384:
return KNOT_DS_DIGEST_LEN_SHA384;
default:
return 0;
}
}
......@@ -29,6 +29,8 @@
#include <stdint.h>
#include "libknot/util/utils.h"
/*!
* \brief Basic limits for domain names (RFC 1035).
*/
......@@ -96,6 +98,118 @@ typedef enum {
KNOT_RESPONSE_UPDATE /*!< Dynamic update response. */
} knot_packet_type_t;
/*!
* \brief TSIG algorithm numbers.
*
* These constants were taken from the Bind file key format (dnssec-keygen).
*/
typedef enum {
KNOT_TSIG_ALG_NULL = 0,
KNOT_TSIG_ALG_GSS_TSIG = 128,
KNOT_TSIG_ALG_HMAC_MD5 = 157,
KNOT_TSIG_ALG_HMAC_SHA1 = 161,
KNOT_TSIG_ALG_HMAC_SHA224 = 162,
KNOT_TSIG_ALG_HMAC_SHA256 = 163,
KNOT_TSIG_ALG_HMAC_SHA384 = 164,
KNOT_TSIG_ALG_HMAC_SHA512 = 165
} knot_tsig_algorithm_t;
/*!
* \brief Lengths of TSIG algorithm digests.
*/
typedef enum {
KNOT_TSIG_ALG_DIG_LENGTH_GSS_TSIG = 0,
KNOT_TSIG_ALG_DIG_LENGTH_HMAC_MD5 = 16,
KNOT_TSIG_ALG_DIG_LENGTH_SHA1 = 20,
KNOT_TSIG_ALG_DIG_LENGTH_SHA224 = 28,
KNOT_TSIG_ALG_DIG_LENGTH_SHA256 = 32,
KNOT_TSIG_ALG_DIG_LENGTH_SHA384 = 48,
KNOT_TSIG_ALG_DIG_LENGTH_SHA512 = 64
} knot_tsig_algorithm_digest_length_t;
/*!
* \brief DNSSEC algorithm numbers.
*
* http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml
*/
typedef enum {
KNOT_DNSSEC_ALG_RSAMD5 = 1,
KNOT_DNSSEC_ALG_DH = 2,
KNOT_DNSSEC_ALG_DSA = 3,
KNOT_DNSSEC_ALG_RSASHA1 = 5,
KNOT_DNSSEC_ALG_DSA_NSEC3_SHA1 = 6,
KNOT_DNSSEC_ALG_RSASHA1_NSEC3_SHA1 = 7,
KNOT_DNSSEC_ALG_RSASHA256 = 8,
KNOT_DNSSEC_ALG_RSASHA512 = 10,
KNOT_DNSSEC_ALG_ECC_GOST = 12,
KNOT_DNSSEC_ALG_ECDSAP256SHA256 = 13,
KNOT_DNSSEC_ALG_ECDSAP384SHA384 = 14
} knot_dnssec_algorithm_t;
/*!
* \brief DS digest lengths.
*/
enum knot_ds_algorithm_len
{
KNOT_DS_DIGEST_LEN_SHA1 = 20, /*!< RFC 3658 */
KNOT_DS_DIGEST_LEN_SHA256 = 32, /*!< RFC 4509 */
KNOT_DS_DIGEST_LEN_GOST = 32, /*!< RFC 5933 */
KNOT_DS_DIGEST_LEN_SHA384 = 48 /*!< RFC 6605 */
};
/*!
* \brief Constants for DNSSEC algorithm types.
*
* Source: http://www.iana.org/assignments/ds-rr-types/ds-rr-types.xml
*/
typedef enum {
KNOT_DS_ALG_SHA1 = 1,
KNOT_DS_ALG_SHA256 = 2,
KNOT_DS_ALG_GOST = 3,
KNOT_DS_ALG_SHA384 = 4
} knot_ds_algorithm_t;
/*!
* \brief DNS operation code names.
*/
extern knot_lookup_table_t knot_opcode_names[];
/*!
* \brief DNS reply code names.
*/
extern knot_lookup_table_t knot_rcode_names[];
/*!
* \brief TSIG key algorithm names.
*/
extern knot_lookup_table_t knot_tsig_alg_names[];
/*!
* \brief TSIG key algorithm names in a domain form.
*/
extern knot_lookup_table_t knot_tsig_alg_domain_names[];
/*!
* \brief Returns length of TSIG digest for given algorithm.
*
* \param algorithm Algorithm code to be used.
*
* \retval Digest length for given algorithm.
*/
size_t knot_tsig_digest_length(const uint8_t algorithm);
/*!
* \brief Returns length of DS digest for given algorithm.
*
* \param algorithm Algorithm code to be used.
*
* \retval Digest length for given algorithm.
*/
size_t knot_ds_digest_length(const uint8_t algorithm);
#endif /* _KNOT_CONSTS_H_ */
/*! @} */
......@@ -21,6 +21,7 @@
#include <stdio.h>
#include <inttypes.h>
#include "consts.h"
#include "common.h"
#include "common/mempattern.h"
#include "rrset.h"
......
......@@ -44,7 +44,7 @@ static int knot_tsig_check_algorithm(const knot_rrset_t *tsig_rr)
return KNOT_EMALF;
}
tsig_algorithm_t alg = tsig_alg_from_name(alg_name);
knot_tsig_algorithm_t alg = tsig_alg_from_name(alg_name);
if (alg == 0) {
/*!< \todo is this error OK? */
dbg_tsig("TSIG: unknown algorithm.\n");
......@@ -96,7 +96,7 @@ static int knot_tsig_compute_digest(const uint8_t *wire, size_t wire_len,
return KNOT_EMALF;
}
tsig_algorithm_t tsig_alg = key->algorithm;
knot_tsig_algorithm_t tsig_alg = key->algorithm;
if (tsig_alg == 0) {
dbg_tsig("TSIG: digest: unknown algorithm\n");
return KNOT_TSIG_EBADSIG;
......@@ -119,10 +119,22 @@ static int knot_tsig_compute_digest(const uint8_t *wire, size_t wire_len,
HMAC_Init(&ctx, key->secret.data,
key->secret.size, EVP_sha1());
break;
case KNOT_TSIG_ALG_HMAC_SHA224:
HMAC_Init(&ctx, key->secret.data,
key->secret.size, EVP_sha224());
break;
case KNOT_TSIG_ALG_HMAC_SHA256:
HMAC_Init(&ctx, key->secret.data,
key->secret.size, EVP_sha256());
break;
case KNOT_TSIG_ALG_HMAC_SHA384:
HMAC_Init(&ctx, key->secret.data,
key->secret.size, EVP_sha384());
break;
case KNOT_TSIG_ALG_HMAC_SHA512:
HMAC_Init(&ctx, key->secret.data,
key->secret.size, EVP_sha512());
break;
default:
return KNOT_ENOTSUP;
} /* switch */
......@@ -469,7 +481,7 @@ int knot_tsig_sign(uint8_t *msg, size_t *msg_len,
}
/* Create rdata for TSIG RR. */
tsig_create_rdata(tmp_tsig, tsig_alg_digest_length(key->algorithm),
tsig_create_rdata(tmp_tsig, knot_tsig_digest_length(key->algorithm),
(tsig_rcode == KNOT_RCODE_BADTIME)
? tsig_rcode
: 0);
......@@ -574,7 +586,7 @@ int knot_tsig_sign_next(uint8_t *msg, size_t *msg_len, size_t msg_max_len,
}
/* Create rdata for TSIG RR. */
tsig_create_rdata(tmp_tsig, tsig_alg_digest_length(key->algorithm), 0);
tsig_create_rdata(tmp_tsig, knot_tsig_digest_length(key->algorithm), 0);
tsig_rdata_set_alg(tmp_tsig, key->algorithm);
tsig_rdata_store_current_time(tmp_tsig);
tsig_rdata_set_fudge(tmp_tsig, KNOT_TSIG_FUDGE_DEFAULT);
......@@ -756,13 +768,13 @@ static int knot_tsig_check_digest(const knot_rrset_t *tsig_rr,
/*!< \todo move to function. */
const knot_dname_t *alg_name = tsig_rdata_alg_name(tsig_rr);
tsig_algorithm_t alg = tsig_alg_from_name(alg_name);
knot_tsig_algorithm_t alg = tsig_alg_from_name(alg_name);
/*! \todo [TSIG] TRUNCATION */
uint16_t mac_length = tsig_rdata_mac_length(tsig_rr);
const uint8_t *tsig_mac = tsig_rdata_mac(tsig_rr);
if (mac_length != tsig_alg_digest_length(alg)) {
if (mac_length != knot_tsig_digest_length(alg)) {
dbg_tsig("TSIG: calculated digest length and given length do "
"not match!\n");
return KNOT_TSIG_EBADSIG;
......@@ -855,7 +867,7 @@ int knot_tsig_add(uint8_t *msg, size_t *msg_len, size_t msg_max_len,
/* Create rdata for TSIG RR. */
tsig_algorithm_t alg = tsig_alg_from_name(alg_name);
knot_tsig_algorithm_t alg = tsig_alg_from_name(alg_name);
if (alg == KNOT_TSIG_ALG_NULL) {
dbg_tsig("TSIG: refusing to use NULL algorithm\n");
knot_rrset_deep_free(&tmp_tsig, 1, 1);
......
......@@ -29,18 +29,6 @@
#include "dname.h"
#include "consts.h"
/*! \brief TSIG algorithms table. */
knot_lookup_table_t tsig_alg_table[TSIG_ALG_TABLE_SIZE] = {
{ KNOT_TSIG_ALG_NULL, "gss-tsig." },
{ KNOT_TSIG_ALG_HMAC_MD5, "hmac-md5.sig-alg.reg.int." },
{ KNOT_TSIG_ALG_HMAC_SHA1, "hmac-sha1." },
{ KNOT_TSIG_ALG_HMAC_SHA224, "hmac-sha224." },
{ KNOT_TSIG_ALG_HMAC_SHA256, "hmac-sha256." },
{ KNOT_TSIG_ALG_HMAC_SHA384, "hmac-sha384." },
{ KNOT_TSIG_ALG_HMAC_SHA512, "hmac-sha512." },
{ KNOT_TSIG_ALG_NULL, NULL }
};
/*! \brief TSIG field offsets. */
typedef enum tsig_off_t {
TSIG_ALGNAME_O = 0,
......@@ -168,7 +156,7 @@ int tsig_rdata_set_alg_name(knot_rrset_t *tsig, knot_dname_t *alg_name)
return KNOT_EOK;
}
int tsig_rdata_set_alg(knot_rrset_t *tsig, tsig_algorithm_t alg)
int tsig_rdata_set_alg(knot_rrset_t *tsig, knot_tsig_algorithm_t alg)
{
const char *s = tsig_alg_to_str(alg);
knot_dname_t *alg_name = knot_dname_new_from_str(s, strlen(s), NULL);
......@@ -255,7 +243,7 @@ const knot_dname_t *tsig_rdata_alg_name(const knot_rrset_t *tsig)
return *((knot_dname_t**)rd);
}
tsig_algorithm_t tsig_rdata_alg(const knot_rrset_t *tsig)
knot_tsig_algorithm_t tsig_rdata_alg(const knot_rrset_t *tsig)
{
/* Get the algorithm name. */
const knot_dname_t *alg_name = tsig_rdata_alg_name(tsig);
......@@ -271,7 +259,8 @@ tsig_algorithm_t tsig_rdata_alg(const knot_rrset_t *tsig)
return KNOT_TSIG_ALG_NULL;
}
knot_lookup_table_t *item = knot_lookup_by_name(tsig_alg_table, name);
knot_lookup_table_t *item = knot_lookup_by_name(
knot_tsig_alg_domain_names, name);
free(name);
if (!item) {
dbg_tsig("TSIG: rdata: unknown algorithm.\n");
......@@ -365,7 +354,7 @@ int tsig_alg_from_name(const knot_dname_t *alg_name)
}
knot_lookup_table_t *found =
knot_lookup_by_name(tsig_alg_table, name);
knot_lookup_by_name(knot_tsig_alg_domain_names, name);
if (!found) {
dbg_tsig("Unknown algorithm: %s \n", name);
......@@ -378,28 +367,6 @@ int tsig_alg_from_name(const knot_dname_t *alg_name)
return found->id;
}
uint16_t tsig_alg_digest_length(tsig_algorithm_t alg)
{
switch (alg) {
case KNOT_TSIG_ALG_GSS_TSIG:
return KNOT_TSIG_ALG_DIG_LENGTH_GSS_TSIG;
case KNOT_TSIG_ALG_HMAC_MD5:
return KNOT_TSIG_ALG_DIG_LENGTH_HMAC_MD5;
case KNOT_TSIG_ALG_HMAC_SHA1:
return KNOT_TSIG_ALG_DIG_LENGTH_SHA1;
case KNOT_TSIG_ALG_HMAC_SHA224:
return KNOT_TSIG_ALG_DIG_LENGTH_SHA224;
case KNOT_TSIG_ALG_HMAC_SHA256:
return KNOT_TSIG_ALG_DIG_LENGTH_SHA256;
case KNOT_TSIG_ALG_HMAC_SHA384:
return KNOT_TSIG_ALG_DIG_LENGTH_SHA384;
case KNOT_TSIG_ALG_HMAC_SHA512:
return KNOT_TSIG_ALG_DIG_LENGTH_SHA512;
default:
return 0;
} /* switch(alg) */
}
size_t tsig_rdata_tsig_variables_length(const knot_rrset_t *tsig)
{
if (tsig == NULL) {
......@@ -440,16 +407,17 @@ int tsig_rdata_store_current_time(knot_rrset_t *tsig)
return KNOT_EOK;
}
const char* tsig_alg_to_str(tsig_algorithm_t alg)
const char* tsig_alg_to_str(knot_tsig_algorithm_t alg)
{
for (unsigned i = 0; i < TSIG_ALG_TABLE_SIZE; ++i) {
if (tsig_alg_table[i].id == alg) {
return tsig_alg_table[i].name;
}
}
knot_lookup_table_t *item;
/*! \todo Why not NULL? */
return "";
item = knot_lookup_by_id(knot_tsig_alg_domain_names, alg);
if (item != NULL) {
return item->name;
} else {
return "";
}
}
size_t tsig_wire_maxsize(const knot_tsig_key_t *key)
......@@ -466,7 +434,7 @@ size_t tsig_wire_maxsize(const knot_tsig_key_t *key)
6 * sizeof(uint8_t) + /* Time signed */
sizeof(uint16_t) + /* Fudge */
sizeof(uint16_t) + /* MAC size */
tsig_alg_digest_length(key->algorithm) + /* MAC */
knot_tsig_digest_length(key->algorithm) + /* MAC */
sizeof(uint16_t) + /* Original ID */
sizeof(uint16_t) + /* Error */
sizeof(uint16_t) + /* Other len */
......@@ -505,6 +473,3 @@ int tsig_rdata_is_ok(const knot_rrset_t *tsig)
&& tsig_rdata_alg_name(tsig) != NULL
&& tsig_rdata_time_signed(tsig) != 0);
}
......@@ -32,40 +32,16 @@
#include "rrset.h"
#include "binary.h"
#include "util/utils.h"
/* The assigned numbers should not begin with 0 - reserved for error. */
enum tsig_algorithm {
KNOT_TSIG_ALG_NULL = 0,
KNOT_TSIG_ALG_GSS_TSIG = 128, /*!< \brief gss-tsig. */
KNOT_TSIG_ALG_HMAC_MD5 = 157, /*!< \brief HMAC-MD5.SIG-ALG.REG.INT. */
KNOT_TSIG_ALG_HMAC_SHA1, /*!< \brief hmac-sha1. */
KNOT_TSIG_ALG_HMAC_SHA224, /*!< \brief hmac-sha224. */
KNOT_TSIG_ALG_HMAC_SHA256, /*!< \brief hmac-sha256. */
KNOT_TSIG_ALG_HMAC_SHA384, /*!< \brief hmac-sha384. */
KNOT_TSIG_ALG_HMAC_SHA512 /*!< \brief hmac-sha512. */
};
typedef enum tsig_algorithm tsig_algorithm_t;
#include "libknot/consts.h"
struct knot_tsig_key {
knot_dname_t *name;
tsig_algorithm_t algorithm;
knot_tsig_algorithm_t algorithm;
knot_binary_t secret;
};
typedef struct knot_tsig_key knot_tsig_key_t;
/*!< \todo FIND ALG LENGTHS */
enum tsig_algorithm_digest_length {
KNOT_TSIG_ALG_DIG_LENGTH_GSS_TSIG = 0,
KNOT_TSIG_ALG_DIG_LENGTH_HMAC_MD5 = 16,
KNOT_TSIG_ALG_DIG_LENGTH_SHA1 = 20,
KNOT_TSIG_ALG_DIG_LENGTH_SHA224 = 0,
KNOT_TSIG_ALG_DIG_LENGTH_SHA256 = 32,
KNOT_TSIG_ALG_DIG_LENGTH_SHA384 = 0,
KNOT_TSIG_ALG_DIG_LENGTH_SHA512 = 0
};
enum tsig_consts {
KNOT_TSIG_ITEM_COUNT = 7,
KNOT_TSIG_VARIABLES_LENGTH = sizeof(uint16_t) // class
......@@ -78,25 +54,12 @@ enum tsig_consts {
+ 6 // time signed
};
/*! TSIG algorithm/string table. */
#define TSIG_ALG_TABLE_SIZE 8
extern knot_lookup_table_t tsig_alg_table[TSIG_ALG_TABLE_SIZE];