Commit db6015f3 authored by Karel Slaný's avatar Karel Slaný

Added functions checking basic sanity of inputs when generating DNS cookies.

parent 0d865a79
......@@ -59,12 +59,8 @@ static inline void update_hash(Fnv64_t *hash_val, const struct sockaddr *sa)
static uint16_t cc_gen_fnv64(const struct knot_cc_input *input,
uint8_t *cc_out, uint16_t cc_len)
{
if (!input || !cc_out || cc_len < KNOT_OPT_COOKIE_CLNT) {
return 0;
}
if ((!input->clnt_sockaddr && !input->srvr_sockaddr) ||
!(input->secret_data && input->secret_len)) {
if (!knot_cc_input_is_valid(input) ||
!cc_out || cc_len < KNOT_OPT_COOKIE_CLNT) {
return 0;
}
......@@ -108,12 +104,8 @@ static uint16_t cc_gen_fnv64(const struct knot_cc_input *input,
static uint16_t sc_gen_fnv64(const struct knot_sc_input *input,
uint8_t *hash_out, uint16_t hash_len)
{
if (!input || !hash_out || hash_len < SRVR_FNV64_HASH_SIZE) {
return 0;
}
if (!input->cc || !input->cc_len || !input->srvr_data ||
!input->srvr_data->secret_data || !input->srvr_data->secret_len) {
if (!knot_sc_input_is_valid(input) ||
!hash_out || hash_len < SRVR_FNV64_HASH_SIZE) {
return 0;
}
......
......@@ -16,6 +16,7 @@
#pragma once
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
......@@ -29,6 +30,25 @@ struct knot_cc_input {
size_t secret_len; /*!< Secret data length. */
};
/*!
* \brief Check client cookie input data for basic sanity.
*
* \param input Data which to generate the cookie from.
*
* \retval true if input contains at least one socket and secret data
* \retval false if input is insufficient or NULL pointer passed
*/
static inline bool knot_cc_input_is_valid(const struct knot_cc_input *input)
{
/*
* RFC7873 4.1 -- Client cookie should be generated from
* client IP address, server IP address and a secret quantity.
*/
return input && (input->clnt_sockaddr || input->srvr_sockaddr) &&
input->secret_data && input->secret_len > 0;
}
/*!
* \brief Client cookie generator function type.
*
......
......@@ -16,6 +16,7 @@
#pragma once
#include <stdbool.h>
#include <stdint.h>
#include <stdlib.h>
......@@ -66,6 +67,25 @@ struct knot_sc_input {
const struct knot_sc_private *srvr_data; /*!< Private data known to the server. */
};
/*!
* \brief Check server cookie input data for basic sanity.
*
* \param input Data which to generate the cookie from.
*
* \retval true if input contains client cookie and server secret data
* \retval false if input is insufficient or NULL pointer passed
*/
static inline bool knot_sc_input_is_valid(const struct knot_sc_input *input)
{
/*
* RFC7873 4.2 -- Server should be generated from request
* source IP address, a secret quantity and request client cookie.
*/
return input && input->cc && input->cc_len > 0 && input->srvr_data &&
input->srvr_data->secret_data && input->srvr_data->secret_len > 0;
}
/*!
* \brief Reads a server cookie that contains \a nonce_len bytes of data
* prefixed before the actual hash.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment