Commit 4063de10 authored by Karel Slaný's avatar Karel Slaný Committed by Ondřej Surý

Reduced the number of kr_answer_write_cookie() arguments.

parent 8200e470
......@@ -162,18 +162,21 @@ int kr_request_put_cookie(const struct kr_cookie_comp *clnt_comp,
return ret;
}
int kr_answer_write_cookie(const struct knot_sc_private *srvr_data,
const uint8_t *cc, uint16_t cc_len,
int kr_answer_write_cookie(struct knot_sc_input *sc_input,
const struct kr_nonce_input *nonce,
const struct knot_sc_alg *alg,
knot_pkt_t *pkt)
const struct knot_sc_alg *alg, knot_pkt_t *pkt)
{
if (!srvr_data || !srvr_data->clnt_sockaddr ||
!srvr_data->secret_data|| !srvr_data->secret_len) {
if (!sc_input || !sc_input->cc || sc_input->cc_len == 0) {
return kr_error(EINVAL);
}
if (!cc || cc_len == 0 || !nonce) {
if (!sc_input->srvr_data || !sc_input->srvr_data->clnt_sockaddr ||
!sc_input->srvr_data->secret_data ||
!sc_input->srvr_data->secret_len) {
return kr_error(EINVAL);
}
if (!nonce) {
return kr_error(EINVAL);
}
......@@ -181,7 +184,7 @@ int kr_answer_write_cookie(const struct knot_sc_private *srvr_data,
return kr_error(EINVAL);
}
if (!pkt && !pkt->opt_rr) {
if (!pkt || !pkt->opt_rr) {
return kr_error(EINVAL);
}
......@@ -189,11 +192,11 @@ int kr_answer_write_cookie(const struct knot_sc_private *srvr_data,
uint16_t hash_len = alg->hash_size;
/*
* Space for cookie is reserved inside the EDNS OPT RR inside
* Space for cookie is reserved inside the EDNS OPT RR of
* the answer packet.
*/
uint8_t *cookie = NULL;
uint16_t cookie_len = knot_edns_opt_cookie_data_len(cc_len,
uint16_t cookie_len = knot_edns_opt_cookie_data_len(sc_input->cc_len,
nonce_len + hash_len);
if (cookie_len == 0) {
return kr_error(EINVAL);
......@@ -206,35 +209,36 @@ int kr_answer_write_cookie(const struct knot_sc_private *srvr_data,
if (ret != KNOT_EOK) {
return kr_error(ENOMEM);
}
assert(cookie != NULL);
/*
* Function knot_edns_opt_cookie_data_len() returns the sum of its
* parameters or zero. Anyway, let's check again.
*/
if (cookie_len < (cc_len + nonce_len + hash_len)) {
if (cookie_len < (sc_input->cc_len + nonce_len + hash_len)) {
return kr_error(EINVAL);
}
struct knot_sc_input input = {
.cc = cookie,
.cc_len = cc_len,
.srvr_data = srvr_data
};
memcpy(cookie, cc, cc_len);
/* Copy client cookie data portion. */
memcpy(cookie, sc_input->cc, sc_input->cc_len);
if (nonce_len) {
kr_nonce_write_wire(cookie + cc_len, nonce_len, nonce);
/* Write nonce data portion. */
kr_nonce_write_wire(cookie + sc_input->cc_len, nonce_len,
nonce);
/* Adjust input for written nonce value. */
input.nonce = cookie + cc_len;
input.nonce_len = nonce_len;
sc_input->nonce = cookie + sc_input->cc_len;
sc_input->nonce_len = nonce_len;
}
hash_len = alg->hash_func(&input, cookie + cc_len + nonce_len, hash_len);
if (hash_len == 0) {
return kr_error(EINVAL);
}
hash_len = alg->hash_func(sc_input,
cookie + sc_input->cc_len + nonce_len,
hash_len);
/* Zero nonce values. */
sc_input->nonce = NULL;
sc_input->nonce_len = 0;
return kr_ok();
return (hash_len != 0) ? kr_ok() : kr_error(EINVAL);
}
int kr_pkt_set_ext_rcode(knot_pkt_t *pkt, uint16_t whole_rcode)
......
......@@ -45,19 +45,17 @@ int kr_request_put_cookie(const struct kr_cookie_comp *clnt_comp,
/**
* @brief Inserts a cookie option into the OPT RR. It does not write any
* wire data.
* @param srvr_data server knowledge
* @param cc client cookie
* @param cc_len client cookie length
* @param nonce nonce value
* @note The content of @a sc_input is modified. Any pre-set nonce value is
* ignored. After retuning its nonce value will be null.
* @param sc_input data needed to compute server cookie, nonce is ignored
* @param nonce nonce value that is actually used
* @param alg hash algorithm
* @param pkt DNS response packet
*/
KR_EXPORT
int kr_answer_write_cookie(const struct knot_sc_private *srvr_data,
const uint8_t *cc, uint16_t cc_len,
int kr_answer_write_cookie(struct knot_sc_input *sc_input,
const struct kr_nonce_input *nonce,
const struct knot_sc_alg *alg,
knot_pkt_t *pkt);
const struct knot_sc_alg *alg, knot_pkt_t *pkt);
/**
* @brief Set RCODE and extended RCODE.
......
......@@ -364,8 +364,6 @@ int check_request(knot_layer_t *ctx, void *module_param)
}
if (!srvr_sett->enabled) {
/* TODO -- IS there a way how to determine whether the original
* request came via TCP? */
if (knot_pkt_has_edns(answer)) {
/* Delete any cookies. */
knot_edns_remove_options(answer->opt_rr,
......@@ -374,6 +372,11 @@ int check_request(knot_layer_t *ctx, void *module_param)
return ctx->state;
}
/*
* TODO -- Would it be of any benefit to know whether the request came
* via TCP?
*/
uint8_t *req_cookie_opt = req_cookie_option(req);
if (!req_cookie_opt) {
return ctx->state; /* Don't do anything without cookies. */
......@@ -405,6 +408,13 @@ int check_request(knot_layer_t *ctx, void *module_param)
.secret_len = srvr_sett->current.secr->size
};
struct knot_sc_input sc_input = {
.cc = cookies.cc,
.cc_len = cookies.cc_len,
/* Don't set nonce here. */
.srvr_data = &srvr_data
};
struct kr_nonce_input nonce = {
.rand = kr_rand_uint(UINT32_MAX),
.time = req->current_query->timestamp.tv_sec
......@@ -452,8 +462,7 @@ int check_request(knot_layer_t *ctx, void *module_param)
answer_add_cookies:
/* Add server cookie into response. */
ret = kr_answer_write_cookie(&srvr_data, cookies.cc, cookies.cc_len,
&nonce, current_sc_alg, answer);
ret = kr_answer_write_cookie(&sc_input, &nonce, current_sc_alg, answer);
if (ret != kr_ok()) {
return_state = KNOT_STATE_FAIL;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment