diff --git a/src/Makefile.am b/src/Makefile.am
index e1f0ec8b268666bfea9bd224a2edf5dbcd3d4eed..8a56975b50fc06acc893a572f3d8eb810bae8a15 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -107,7 +107,6 @@ nobase_libknot_la_HEADERS = \
libknot/cookies/alg-fnv64.h \
libknot/cookies/client.h \
libknot/cookies/server.h \
- libknot/cookies/server-parse.h \
libknot/descriptor.h \
libknot/dname.h \
libknot/errcode.h \
@@ -152,7 +151,6 @@ libknot_la_SOURCES = \
libknot/cookies/alg-fnv64.c \
libknot/cookies/client.c \
libknot/cookies/server.c \
- libknot/cookies/server-parse.c \
libknot/descriptor.c \
libknot/dname.c \
libknot/error.c \
diff --git a/src/libknot/cookies/alg-fnv64.c b/src/libknot/cookies/alg-fnv64.c
index c4a9c4adc5b8939f0cc987e8bb0ff7a8aefc315b..5a4db3fa5e485dd7785f334c40199c41b8d9272e 100644
--- a/src/libknot/cookies/alg-fnv64.c
+++ b/src/libknot/cookies/alg-fnv64.c
@@ -14,7 +14,6 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include <arpa/inet.h> /* htonl(), ... */
#include <assert.h>
#include <stdint.h>
#include <stdlib.h>
@@ -23,7 +22,6 @@
#include "contrib/fnv/fnv.h"
#include "contrib/sockaddr.h"
#include "libknot/cookies/alg-fnv64.h"
-#include "libknot/cookies/server-parse.h"
#include "libknot/rrtype/opt-cookie.h"
#include "libknot/errcode.h"
@@ -38,7 +36,7 @@
*
* \return KNOT_EOK on success, error code else.
*/
-static int cc_gen_fnv64(const struct knot_ccookie_input *input,
+static int cc_gen_fnv64(const struct knot_cc_input *input,
uint8_t *cc_out, uint16_t *cc_len)
{
if (!input || !cc_out || !cc_len || *cc_len< KNOT_OPT_COOKIE_CLNT) {
@@ -84,73 +82,26 @@ static int cc_gen_fnv64(const struct knot_ccookie_input *input,
return KNOT_EOK;
}
-#define SRVR_FNV64_SIMPLE_HASH_SIZE 8
+#define SRVR_FNV64_HASH_SIZE 8
/*!
- * \brief Compute server cookie using FNV-64 (hash only).
+ * \brief Compute server cookie hash using FNV-64.
*
- * Server cookie = FNV-64(client IP | client cookie | server secret)
+ * Server cookie = nonce | FNV-64(client IP | nonce | client cookie | server secret)
*
- * \param[in] input Data to compute cookie from.
- * \param[in] sc_out Server cookie output buffer.
- * \param[in,out] sc_len Buffer size/written data size.
+ * \note This function computes only the hash value.
*
- * \return KNOT_EOK or error code.
- */
-static int sc_gen_fnv64_simple(const struct knot_scookie_input *input,
- uint8_t *sc_out, uint16_t *sc_len)
-{
- if (!input || !sc_out ||
- !sc_len || (*sc_len < SRVR_FNV64_SIMPLE_HASH_SIZE)) {
- return KNOT_EINVAL;
- }
-
- if (!input->cc || !input->cc_len || !input->srvr_data ||
- !input->srvr_data->secret_data || !input->srvr_data->secret_len) {
- return KNOT_EINVAL;
- }
-
- const uint8_t *addr = NULL;
- size_t addr_len = 0;
-
- Fnv64_t hash_val = FNV1A_64_INIT;
-
- addr = sockaddr_raw((struct sockaddr_storage *)input->srvr_data->clnt_sockaddr,
- &addr_len);
- if (addr) {
- assert(addr_len);
- hash_val = fnv_64a_buf((void *)addr, addr_len, hash_val);
- }
-
- hash_val = fnv_64a_buf((void *)input->cc, input->cc_len, hash_val);
-
- hash_val = fnv_64a_buf((void *)input->srvr_data->secret_data,
- input->srvr_data->secret_len, hash_val);
-
- memcpy(sc_out, &hash_val, sizeof(hash_val));
- *sc_len = sizeof(hash_val);
- assert(SRVR_FNV64_SIMPLE_HASH_SIZE == *sc_len);
-
- return KNOT_EOK;
-}
-
-#define SRVR_FNV64_SIZE 16
-
-/**
- * \brief Compute server cookie using FNV-64.
- *
- * Server cookie = nonce | time | FNV-64(client IP | nonce | time | client cookie | server secret)
- *
- * \param[in] input Data to compute cookie from.
- * \param[in] sc_out Server cookie output buffer.
- * \param[in,out] sc_len Buffer size/written data size.
+ * \param[in] input Data to compute cookie from.
+ * \param[in] hash_out Buffer to write the resulting hash data into.
+ * \param[in,out] hash_len On input set to hash buffer size. On successful
+ * return contains size of written hash.
*
* \return KNOT_EOK or error code.
*/
-static int sc_gen_fnv64(const struct knot_scookie_input *input,
- uint8_t *sc_out, uint16_t *sc_len)
+static int sc_gen_fnv64(const struct knot_sc_input *input,
+ uint8_t *hash_out, uint16_t *hash_len)
{
- if (!input || !sc_out || !sc_len || (*sc_len < SRVR_FNV64_SIZE)) {
+ if (!input || !hash_out || !hash_len || (*hash_len < SRVR_FNV64_HASH_SIZE)) {
return KNOT_EINVAL;
}
@@ -173,25 +124,19 @@ static int sc_gen_fnv64(const struct knot_scookie_input *input,
}
}
- hash_val = fnv_64a_buf((void *)&input->nonce, sizeof(input->nonce),
- hash_val);
-
- hash_val = fnv_64a_buf((void *)&input->time, sizeof(input->time),
- hash_val);
+ if (input->nonce && input->nonce_len) {
+ hash_val = fnv_64a_buf((void *)&input->nonce, input->nonce_len,
+ hash_val);
+ }
hash_val = fnv_64a_buf((void *)input->cc, input->cc_len, hash_val);
hash_val = fnv_64a_buf((void *)input->srvr_data->secret_data,
input->srvr_data->secret_len, hash_val);
- uint32_t aux = htonl(input->nonce);
- memcpy(sc_out, &aux, sizeof(aux));
- aux = htonl(input->time);
- memcpy(sc_out + sizeof(aux), &aux, sizeof(aux));
-
- memcpy(sc_out + (2 * sizeof(aux)), &hash_val, sizeof(hash_val));
- *sc_len = (2 * sizeof(aux)) + sizeof(hash_val);
- assert(SRVR_FNV64_SIZE == *sc_len);
+ *hash_len = sizeof(hash_val);
+ memcpy(hash_out, &hash_val, *hash_len);
+ assert(SRVR_FNV64_HASH_SIZE == *hash_len);
return KNOT_EOK;
}
@@ -202,16 +147,8 @@ const struct knot_cc_alg knot_cc_alg_fnv64 = {
cc_gen_fnv64
};
-_public_
-const struct knot_sc_alg knot_sc_alg_fnv64_simple = {
- SRVR_FNV64_SIMPLE_HASH_SIZE,
- knot_scookie_parse_simple,
- sc_gen_fnv64_simple
-};
-
_public_
const struct knot_sc_alg knot_sc_alg_fnv64 = {
- SRVR_FNV64_SIZE,
- knot_scookie_parse,
+ SRVR_FNV64_HASH_SIZE,
sc_gen_fnv64
};
diff --git a/src/libknot/cookies/alg-fnv64.h b/src/libknot/cookies/alg-fnv64.h
index 1f54e391246dc3a95eeebad048de61a1e54e7600..3d7b52a3832981dfcccd2862adf7c2e455714025 100644
--- a/src/libknot/cookies/alg-fnv64.h
+++ b/src/libknot/cookies/alg-fnv64.h
@@ -25,14 +25,7 @@
extern const struct knot_cc_alg knot_cc_alg_fnv64;
/*!
- * \brief FNV-64 simple server cookie algorithm.
- *
- * \note The algorithm only expects a hash value in the server cookie.
- */
-extern const struct knot_sc_alg knot_sc_alg_fnv64_simple;
-
-/*!
- * \brief FNV-64 server cookie algorithm.
+ * \brief FNV-64 server hash algorithm.
*
* \note The algorithm expects a nonce value, time stamp and hash value.
*/
diff --git a/src/libknot/cookies/client.c b/src/libknot/cookies/client.c
index 5d39b9a9e6cf6bd640784ba705a2b45d9c2257c0..cc2630e9b48c34de4327aba2542a3c56f87d7808 100644
--- a/src/libknot/cookies/client.c
+++ b/src/libknot/cookies/client.c
@@ -14,9 +14,6 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include <arpa/inet.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
#include <string.h>
#include "libknot/attribute.h"
@@ -25,9 +22,9 @@
#include "libknot/rrtype/opt-cookie.h"
_public_
-int knot_ccookie_check(const uint8_t *cc, uint16_t cc_len,
- const struct knot_ccookie_input *input,
- const struct knot_cc_alg *cc_alg)
+int knot_cc_check(const uint8_t *cc, uint16_t cc_len,
+ const struct knot_cc_input *input,
+ const struct knot_cc_alg *cc_alg)
{
if (!cc || !cc_len || !input ||
!cc_alg || !cc_alg->cc_size || cc_alg->gen_func) {
diff --git a/src/libknot/cookies/client.h b/src/libknot/cookies/client.h
index 76185b5f7a1815fd18f24891672e9f06d3d0c1c0..47959fb37379bd962e6688daab53f3724bec0750 100644
--- a/src/libknot/cookies/client.h
+++ b/src/libknot/cookies/client.h
@@ -22,7 +22,7 @@
/*!
* \brief Input data needed to compute the client cookie value.
*/
-struct knot_ccookie_input {
+struct knot_cc_input {
const struct sockaddr *clnt_sockaddr; /*!< Client (local) socket address. */
const struct sockaddr *srvr_sockaddr; /*!< Server (remote) socket address. */
const uint8_t *secret_data; /*!< Client secret data. */
@@ -41,7 +41,7 @@ struct knot_ccookie_input {
* \retval KNOT_ESPACE
* \retval KNOT_EINVAL
*/
-typedef int (knot_cc_gen_t)(const struct knot_ccookie_input *input,
+typedef int (knot_cc_gen_t)(const struct knot_cc_input *input,
uint8_t *cc_out, uint16_t *cc_len);
/*!
@@ -64,6 +64,6 @@ struct knot_cc_alg {
* \retval KNOT_ESPACE
* \retval KNOT_EINVAL
*/
-int knot_ccookie_check(const uint8_t *cc, uint16_t cc_len,
- const struct knot_ccookie_input *input,
- const struct knot_cc_alg *cc_alg);
+int knot_cc_check(const uint8_t *cc, uint16_t cc_len,
+ const struct knot_cc_input *input,
+ const struct knot_cc_alg *cc_alg);
diff --git a/src/libknot/cookies/server-parse.c b/src/libknot/cookies/server-parse.c
deleted file mode 100644
index f2b1cf85f7b1221295e459dce453d4e64a667e97..0000000000000000000000000000000000000000
--- a/src/libknot/cookies/server-parse.c
+++ /dev/null
@@ -1,63 +0,0 @@
-/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#include <arpa/inet.h> /* ntohl() */
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "libknot/attribute.h"
-#include "libknot/cookies/server-parse.h"
-#include "libknot/errcode.h"
-
-_public_
-int knot_scookie_parse_simple(const uint8_t *sc, uint16_t sc_len,
- struct knot_scookie_inbound *inbound)
-{
- if (!sc || !sc_len || !inbound) {
- return KNOT_EINVAL;
- }
-
- //memset(inbound, 0, sizeof(*inbound));
- inbound->hash_data = sc; /* Entire server cookie contains data. */
- inbound->hash_len = sc_len;
-
- return KNOT_EOK;
-}
-
-_public_
-int knot_scookie_parse(const uint8_t *sc, uint16_t sc_len,
- struct knot_scookie_inbound *inbound)
-{
- if (!sc || !sc_len || !inbound) {
- return KNOT_EINVAL;
- }
-
- if (sc_len <= (2 * sizeof(uint32_t))) { /* nonce + time */
- return KNOT_EINVAL;
- }
-
- uint32_t aux;
-
- memcpy(&aux, sc, sizeof(aux));
- inbound->nonce = ntohl(aux);
- memcpy(&aux, sc + sizeof(aux), sizeof(aux));
- inbound->time = ntohl(aux);
- inbound->hash_data = sc + (2 * sizeof(aux));
- inbound->hash_len = sc_len - (2 * sizeof(aux));
-
- return KNOT_EOK;
-}
diff --git a/src/libknot/cookies/server-parse.h b/src/libknot/cookies/server-parse.h
deleted file mode 100644
index 7a31bc4e40b23ba83c26f8be967214b73caa51fc..0000000000000000000000000000000000000000
--- a/src/libknot/cookies/server-parse.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
-
- This program is free software: you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-#pragma once
-
-#include "libknot/cookies/server.h"
-
-/*!
- * \brief Reads a server cookie that consists only of a hash value.
- *
- * \see DNS Cookies, RFC 7873, Appendix B.1
- *
- * \param sc Server cookie.
- * \param sc_len Server cookie length.
- * \param inbound Inbound server cookie structure to be populated.
- *
- * \retval KNOT_EOK
- * \retval KNOT_EINVAL
- */
-int knot_scookie_parse_simple(const uint8_t *sc, uint16_t sc_len,
- struct knot_scookie_inbound *inbound);
-
-/*!
- * \brief Reads a server cookie contains nonce and times stamp before actual hash value.
- *
- * \see DNS Cookies, RFC 7873, Appendix B.2
- *
- * \param sc Server cookie.
- * \param sc_len Server cookie length.
- * \param inbound Inbound server cookie structure to be populated.
- *
- * \retval KNOT_EOK
- * \retval KNOT_EINVAL
- */
-int knot_scookie_parse(const uint8_t *sc, uint16_t sc_len,
- struct knot_scookie_inbound *inbound);
diff --git a/src/libknot/cookies/server.c b/src/libknot/cookies/server.c
index 09be8d9ab4e344edd6e2c545c30d4bf0e57298cc..87ff6474f06ae5835342e7be609696484b686a9b 100644
--- a/src/libknot/cookies/server.c
+++ b/src/libknot/cookies/server.c
@@ -22,11 +22,32 @@
#include "libknot/rrtype/opt-cookie.h"
_public_
-int knot_scookie_check(const struct knot_dns_cookies *cookies,
- const struct knot_scookie_check_ctx *check_ctx,
- const struct knot_sc_alg *sc_alg)
+int knot_sc_parse(uint16_t nonce_len, const uint8_t *sc, uint16_t sc_len,
+ struct knot_sc_content *content)
{
- if (!cookies || !check_ctx || !sc_alg) {
+ if (!sc || !sc_len || !content) {
+ return KNOT_EINVAL;
+ }
+
+ if (nonce_len >= sc_len) {
+ return KNOT_EINVAL;
+ }
+
+ content->nonce = nonce_len ? sc : NULL;
+ content->nonce_len = nonce_len;
+ /* Rest of server cookie contains hash. */
+ content->hash = sc + nonce_len;
+ content->hash_len = sc_len - nonce_len;
+
+ return KNOT_EOK;
+}
+
+_public_
+int knot_sc_check(uint16_t nonce_len, const struct knot_dns_cookies *cookies,
+ const struct knot_sc_private *srvr_data,
+ const struct knot_sc_alg *sc_alg)
+{
+ if (!cookies || !srvr_data || !sc_alg) {
return KNOT_EINVAL;
}
@@ -35,49 +56,50 @@ int knot_scookie_check(const struct knot_dns_cookies *cookies,
return KNOT_EINVAL;
}
- if (!check_ctx->clnt_sockaddr ||
- !check_ctx->secret_data || !check_ctx->secret_len) {
+ if (!srvr_data->clnt_sockaddr ||
+ !srvr_data->secret_data || !srvr_data->secret_len) {
return KNOT_EINVAL;
}
- if (!sc_alg->sc_size || !sc_alg->parse_func || !sc_alg->gen_func) {
+ if (!sc_alg->hash_size || !sc_alg->hash_func) {
return KNOT_EINVAL;
}
- if (sc_alg->sc_size > KNOT_OPT_COOKIE_SRVR_MAX) {
+ if ((nonce_len + sc_alg->hash_size) > KNOT_OPT_COOKIE_SRVR_MAX) {
return KNOT_ESPACE;
}
- if (cookies->sc_len != sc_alg->sc_size) {
+ if (cookies->sc_len != (nonce_len + sc_alg->hash_size)) {
/* Cookie size does to match. */
return KNOT_EINVAL;
}
- struct knot_scookie_inbound inbound = { 0, };
+ struct knot_sc_content content = { 0, };
/* Obtain data from received server cookie. */
- int ret = sc_alg->parse_func(cookies->sc, cookies->sc_len, &inbound);
+ int ret = knot_sc_parse(nonce_len, cookies->sc, cookies->sc_len, &content);
if (ret != KNOT_EOK) {
return ret;
}
- uint8_t generated_sc[KNOT_OPT_COOKIE_SRVR_MAX] = { 0, };
- uint16_t generated_sc_len = KNOT_OPT_COOKIE_SRVR_MAX;
- struct knot_scookie_input sc_input = {
+ uint8_t generated_hash[KNOT_OPT_COOKIE_SRVR_MAX] = { 0, };
+ uint16_t generated_hash_len = KNOT_OPT_COOKIE_SRVR_MAX;
+ struct knot_sc_input sc_input = {
.cc = cookies->cc,
.cc_len = cookies->cc_len,
- .nonce = inbound.nonce,
- .time = inbound.time,
- .srvr_data = check_ctx
+ .nonce = content.nonce,
+ .nonce_len = content.nonce_len,
+ .srvr_data = srvr_data
};
- /* Generate a new server cookie. */
- ret = sc_alg->gen_func(&sc_input, generated_sc, &generated_sc_len);
+ /* Generate a new hash. */
+ ret = sc_alg->hash_func(&sc_input, generated_hash, &generated_hash_len);
if (ret != KNOT_EOK) {
return ret;
}
- ret = memcmp(cookies->sc, generated_sc, generated_sc_len);
+ /* Compare hashes. */
+ ret = memcmp(content.hash, generated_hash, generated_hash_len);
if (ret != 0) {
return KNOT_EINVAL;
}
diff --git a/src/libknot/cookies/server.h b/src/libknot/cookies/server.h
index fc312fd35fbd8a862c06d6c848d9f2c619eb55f9..080c88106fa4c96fc3983028391d579f54a5f0c2 100644
--- a/src/libknot/cookies/server.h
+++ b/src/libknot/cookies/server.h
@@ -30,11 +30,12 @@ struct knot_dns_cookies {
};
/*!
- * \brief Inbound server cookie checking context.
+ * \brief Private data known to the server.
*
- * Additional data needed to check the inbound server cookie.
+ * \note Contains data needed to check the inbound server cookie and to
+ * generate a new one.
*/
-struct knot_scookie_check_ctx {
+struct knot_sc_private {
const struct sockaddr *clnt_sockaddr; /*!< Client (remote) socket address. */
const uint8_t *secret_data; /*!< Server secret data. */
size_t secret_len; /*!< Secret data length. */
@@ -42,72 +43,85 @@ struct knot_scookie_check_ctx {
/*!
* \brief Inbound server cookie content structure.
+ *
+ * \note These data are obtained from an incoming server cookie.
*/
-struct knot_scookie_inbound {
- uint32_t nonce; /*!< Some value. */
- uint32_t time; /*!< Time stamp. */
- const uint8_t *hash_data; /*!< Hash data. */
- uint16_t hash_len; /*!< Hash data length. */
+struct knot_sc_content {
+ const uint8_t *nonce; /*!< Some value prefixed to the hash. */
+ uint16_t nonce_len; /*!< Nonce data length. */
+ const uint8_t *hash; /*!< Hash data. */
+ uint16_t hash_len; /*!< Hash data length. */
};
/*!
- * \brief Input data needed to compute the client cookie value.
+ * \brief Input data needed to compute the server cookie value.
+ *
+ * \note All these data are needed to generate a new server cookie hash.
*/
-struct knot_scookie_input {
- const uint8_t *cc; /*!< Client cookie. */
- uint16_t cc_len; /*!< Client cookie size. */
- uint32_t nonce; /*!< Some generated value. */
- uint32_t time; /*!< Time stamp. */
- const struct knot_scookie_check_ctx *srvr_data; /*!< Private data known to the server. */
+struct knot_sc_input {
+ const uint8_t *cc; /*!< Client cookie. */
+ uint16_t cc_len; /*!< Client cookie size. */
+ const uint8_t *nonce; /*!< Some value prefixed before the hash. */
+ uint16_t nonce_len; /*!< Nonce data length. */
+ const struct knot_sc_private *srvr_data; /*!< Private data known to the server. */
};
/*!
- * \brief Server cookie parser function type.
+ * \brief Reads a server cookie that contains \a nonce_len bytes of data
+ * prefixed before the actual hash.
*
- * \param sc Server cookie data.
- * \param data_len Server cookie data length.
- * \param inbound Inbound cookie structure to be set.
+ * \see DNS Cookies, RFC 7873, Appendix B.1 and B.2
+ *
+ * \param nonce_len Expected nonce data size.
+ * \param sc Server cookie.
+ * \param sc_len Server cookie length.
+ * \param content Server cookie content structure to be set.
*
* \retval KNOT_EOK
* \retval KNOT_EINVAL
*/
-typedef int (knot_sc_parse_t)(const uint8_t *sc, uint16_t sc_len,
- struct knot_scookie_inbound *inbound);
+int knot_sc_parse(uint16_t nonce_len, const uint8_t *sc, uint16_t sc_len,
+ struct knot_sc_content *content);
+
/*!
- * \brief Server cookie generator function type.
+ * \brief Hash generator function type.
+ *
+ * \note The function writes only the hash value. It does not write any nonce
+ * data prefixed before the actual hash value. Nonce data must be written
+ * by an external function into the server cookie.
*
- * \param input Data which to generate the cookie from.
- * \param sc_out Buffer to write the resulting client cookie data into.
- * \param sc_len On input set to cookie buffer size.
- * On successful return contains size of server cookie.
+ * \param[in] input Data which to generate the cookie from.
+ * \param[in] hash_out Buffer to write the resulting hash data into.
+ * \param[in,out] hash_len On input set to hash buffer size. On successful
+ * return contains size of written hash.
*
* \retval KNOT_EOK
* \retval KNOT_ESPACE
* \retval KNOT_EINVAL
*/
-typedef int (knot_sc_gen_t)(const struct knot_scookie_input *input,
- uint8_t *sc_out, uint16_t *sc_len);
+typedef int (knot_sc_hash_t)(const struct knot_sc_input *input,
+ uint8_t *hash_out, uint16_t *hash_len);
/*!
* \brief Holds description of the server cookie algorithm.
*/
struct knot_sc_alg {
- const uint16_t sc_size; /*!< Cookie size the algorithm operates with. */
- knot_sc_parse_t *parse_func; /*!< Cookie parser function. */
- knot_sc_gen_t *gen_func; /*!< Cookie generator function. */
+ const uint16_t hash_size; /*!< Hash size the algorithm operates with. */
+ knot_sc_hash_t *hash_func; /*!< Cookie generator function. */
};
/*!
* \brief Check whether supplied client and server cookies match.
*
+ * \param nonce_len Expected nonce data size.
* \param cookies Cookie data.
- * \param check_ctx Data known to the server needed for cookie validation.
+ * \param srvr_data Data known to the server needed for cookie validation.
* \param sc_alg Server cookie algorithm.
*
* \retval KNOT_EOK
* \retval KNOT_ESPACE
* \retval KNOT_EINVAL
*/
-int knot_scookie_check(const struct knot_dns_cookies *cookies,
- const struct knot_scookie_check_ctx *check_ctx,
- const struct knot_sc_alg *sc_alg);
+int knot_sc_check(uint16_t nonce_len, const struct knot_dns_cookies *cookies,
+ const struct knot_sc_private *srvr_data,
+ const struct knot_sc_alg *sc_alg);