Commit 92573f98 authored by Jan Včelák's avatar Jan Včelák 🚀

comment the new tsig_ctx_t

parent fff23454
......@@ -31,9 +31,6 @@ void tsig_init(tsig_ctx_t *ctx, const knot_tsig_key_t *key)
memset(ctx, 0, sizeof(*ctx));
ctx->key = key;
}
int tsig_sign_packet(tsig_ctx_t *ctx, knot_pkt_t *packet)
......@@ -76,7 +73,7 @@ static int update_ctx_after_verify(tsig_ctx_t *ctx, knot_rrset_t *tsig_rr)
}
memcpy(ctx->digest, tsig_rdata_mac(tsig_rr), ctx->digest_size);
ctx->last_signed = tsig_rdata_time_signed(tsig_rr);
ctx->prev_signed_time = tsig_rdata_time_signed(tsig_rr);
ctx->unsigned_count = 0;
return KNOT_EOK;
......@@ -98,7 +95,7 @@ int tsig_verify_packet(tsig_ctx_t *ctx, knot_pkt_t *packet)
}
int ret = KNOT_ERROR;
if (ctx->last_signed == 0) {
if (ctx->prev_signed_time == 0) {
ret = knot_tsig_client_check(packet->tsig_rr, packet->wire,
packet->size, ctx->digest,
ctx->digest_size, ctx->key, 0);
......@@ -106,7 +103,7 @@ int tsig_verify_packet(tsig_ctx_t *ctx, knot_pkt_t *packet)
ret = knot_tsig_client_check_next(packet->tsig_rr, packet->wire,
packet->size, ctx->digest,
ctx->digest_size, ctx->key,
ctx->last_signed);
ctx->prev_signed_time);
}
if (ret != KNOT_EOK) {
......
......@@ -25,22 +25,58 @@
#define TSIG_MAX_DIGEST_SIZE 64
/*!
\brief TSIG context.
*/
typedef struct tsig_ctx {
const knot_tsig_key_t *key;
uint8_t digest[TSIG_MAX_DIGEST_SIZE];
size_t digest_size;
uint64_t last_signed;
uint64_t prev_signed_time;
unsigned unsigned_count;
} tsig_ctx_t;
/*!
* \brief Initialize TSIG context.
*
* \param ctx TSIG context to be initialized.
* \param key Key to be used for signing. If NULL, all performed operations
* will do nothing and always successful.
*/
void tsig_init(tsig_ctx_t *ctx, const knot_tsig_key_t *key);
/*!
* \brief Sign outgoing packet.
*
* \param ctx TSIG signing context.
* \param packet Packet to be signed.
*
* \return Error code, KNOT_EOK if successful.
*/
int tsig_sign_packet(tsig_ctx_t *ctx, knot_pkt_t *packet);
/*!
* \brief Verify incoming packet.
*
* If the packet is not signed, the function will succeed, but an internal
* counter of unsigned packets is increased. When a packet is signed, the
* same counter is reset to zero.
*
* \see tsig_unsigned_count
*
* \param ctx TSIG signing context.
* \param packet Packet to be verified.
*
* \return Error code, KNOT_EOK if successful.
*/
int tsig_verify_packet(tsig_ctx_t *ctx, knot_pkt_t *packet);
/*!
* \brief Get number of unsigned packets since the last signed one.
*
* \param ctx TSIG signing context.
*
* \return Number of unsigned packets since the last signed one.
*/
unsigned tsig_unsigned_count(tsig_ctx_t *ctx);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment