utils: move signing context into separate module

210cf5b4 · Jan Včelák · 0cd94559 · 210cf5b4 · 210cf5b4 · 210cf5b4
Commit 210cf5b4 authored May 25, 2015 by Jan Včelák 🚀
5 changed files
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -408,6 +408,8 @@ libknotus_la_SOURCES =				\
 	utils/common/params.h			\
 	utils/common/resolv.c			\
 	utils/common/resolv.h			\
+	utils/common/sign.c			\
+	utils/common/sign.h			\
 	utils/common/strtonum.h			\
 	utils/common/token.c			\
 	utils/common/token.h

--- a/src/utils/common/exec.c
+++ b/src/utils/common/exec.c
@@ -676,77 +676,3 @@ void print_packet(const knot_pkt_t *packet,
 		print_footer(size, 0, 0, net, elapsed, exec_time, incoming);
 	}
 }
-
-void free_sign_context(sign_context_t *ctx)
-{
-	if (ctx == NULL) {
-		DBG_NULL;
-		return;
-	}
-
-	if (ctx->tsig_key.name) {
-#warning leak
-//		knot_tsig_key_free(&ctx->tsig_key);
-	}
-
-	free(ctx->digest);
-
-	memset(ctx, '\0', sizeof(sign_context_t));
-}
-
-int sign_packet(knot_pkt_t            *pkt,
-                const knot_tsig_key_t *key)
-{
-#warning temporary
-	return KNOT_ENOTSUP;
-#if 0
-	int result;
-
-	if (pkt == NULL || sign_ctx == NULL) {
-		DBG_NULL;
-		return KNOT_EINVAL;
-	}
-
-	uint8_t *wire = pkt->wire;
-	size_t  *wire_size = &pkt->size;
-	size_t  max_size = pkt->max_size;
-
-	knot_tsig_key_t *key = &sign_ctx->tsig_key;
-
-	sign_ctx->digest_size = dnssec_tsig_algorithm_size(key->algorithm);
-	sign_ctx->digest = malloc(sign_ctx->digest_size);
-
-	knot_pkt_reserve(pkt, knot_tsig_wire_maxsize(key));
-
-	result = knot_tsig_sign(wire, wire_size, max_size, NULL, 0,
-				sign_ctx->digest, &sign_ctx->digest_size,
-				key, 0, 0);
-
-	return result;
-#endif
-}
-
-int verify_packet(const knot_pkt_t      *pkt,
-                  const knot_tsig_key_t *key)
-{
-#warning temporary
-	return KNOT_ENOTSUP;
-#if 0
-	if (pkt == NULL || sign_ctx == NULL) {
-		DBG_NULL;
-		return KNOT_EINVAL;
-	}
-
-	const uint8_t *wire = pkt->wire;
-	const size_t  *wire_size = &pkt->size;
-
-	if (pkt->tsig_rr == NULL) {
-		return KNOT_ENOTSIG;
-	}
-
-	return knot_tsig_client_check(pkt->tsig_rr, wire, *wire_size,
-	                              sign_ctx->digest,
-	                              sign_ctx->digest_size,
-	                              &sign_ctx->tsig_key, 0);
-#endif
-}
--- a/src/utils/common/exec.h
+++ b/src/utils/common/exec.h
@@ -31,14 +31,6 @@
 #include "utils/common/netio.h"
 #include "utils/common/params.h"
 #include "libknot/libknot.h"
-#include "libknot/tsig.h"
-
-/*! \brief Holds data required between signing and signature verification. */
-typedef struct {
-	knot_tsig_key_t   tsig_key;
-	uint8_t           *digest;
-	size_t            digest_size;
-} sign_context_t;

 /*!
 * \brief Allocates empty packet and sets packet size and random id.
@@ -104,35 +96,4 @@ void print_packet(const knot_pkt_t *packet,
                  const bool       incoming,
                  const style_t    *style);

-/*!
- * \brief Cleans up sign context.
- *
- * \param ctx	Sign context.
- */
-void free_sign_context(sign_context_t *ctx);
-
-/*!
- * \brief Signs outgoing DNS packet.
- *
- * \param pkt	Packet to sign.
- * \param key	TSIG key.
- *
- * \retval KNOT_EOK	if success.
- * \retval error code	if error.
- */
-int sign_packet(knot_pkt_t            *pkt,
-                const knot_tsig_key_t *key);
-
-/*!
- * \brief Verifies signature for incoming DNS packet.
- *
- * \param pkt	Packet verify sign.
- * \param key	TSIG key.
- *
- * \retval KNOT_EOK	if success.
- * \retval error code	if error.
- */
-int verify_packet(const knot_pkt_t      *pkt,
-                  const knot_tsig_key_t *key);
-
 /*! @} */
--- a/src/utils/common/sign.c
+++ b/src/utils/common/sign.c
+/*  Copyright (C) 2015 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <string.h>
+
+#include "utils/common/sign.h"
+#include "libknot/errcode.h"
+#include "libknot/tsig-op.h"
+
+int sign_context_init_tsig(sign_context_t *ctx, const knot_tsig_key_t *key)
+{
+	if (!ctx || !key) {
+		return KNOT_EINVAL;
+	}
+
+	size_t digest_size = dnssec_tsig_algorithm_size(key->algorithm);
+	if (digest_size == 0) {
+		return KNOT_EINVAL;
+	}
+
+	uint8_t *digest = calloc(1, digest_size);
+	if (!digest) {
+		return KNOT_ENOMEM;
+	}
+
+	ctx->digest_size = digest_size;
+	ctx->digest = digest;
+	ctx->tsig_key = key;
+
+	return KNOT_EOK;
+}
+
+void sign_context_deinit(sign_context_t *ctx)
+{
+	if (!ctx) {
+		return;
+	}
+
+	free(ctx->digest);
+
+	memset(ctx, 0, sizeof(*ctx));
+}
+
+int sign_packet(knot_pkt_t *pkt, sign_context_t *sign_ctx)
+{
+	if (pkt == NULL || sign_ctx == NULL || sign_ctx->digest == NULL) {
+		return KNOT_EINVAL;
+	}
+
+	uint8_t *wire = pkt->wire;
+	size_t  *wire_size = &pkt->size;
+	size_t  max_size = pkt->max_size;
+
+	knot_pkt_reserve(pkt, knot_tsig_wire_maxsize(sign_ctx->tsig_key));
+
+	return knot_tsig_sign(wire, wire_size, max_size, NULL, 0,
+	                      sign_ctx->digest, &sign_ctx->digest_size,
+	                      sign_ctx->tsig_key, 0, 0);
+}
+
+int verify_packet(const knot_pkt_t *pkt, const sign_context_t *sign_ctx)
+{
+	if (pkt == NULL || sign_ctx == NULL || sign_ctx->digest == NULL) {
+		return KNOT_EINVAL;
+	}
+
+	const uint8_t *wire = pkt->wire;
+	const size_t  *wire_size = &pkt->size;
+
+	if (pkt->tsig_rr == NULL) {
+		return KNOT_ENOTSIG;
+	}
+
+	return knot_tsig_client_check(pkt->tsig_rr, wire, *wire_size,
+	                              sign_ctx->digest, sign_ctx->digest_size,
+	                              sign_ctx->tsig_key, 0);
+}
--- a/src/utils/common/sign.h
+++ b/src/utils/common/sign.h
+/*  Copyright (C) 2015 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
+
+    This program is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#pragma once
+
+#include "libknot/packet/pkt.h"
+#include "libknot/tsig.h"
+
+/*!
+ * \brief Holds data required between signing and signature verification.
+ */
+struct sign_context {
+	size_t digest_size;
+	uint8_t *digest;
+	const knot_tsig_key_t *tsig_key;
+};
+
+typedef struct sign_context sign_context_t;
+
+/*!
+ * \brief Initialize signing context for TSIG.
+ */
+int sign_context_init_tsig(sign_context_t *ctx, const knot_tsig_key_t *key);
+
+/*!
+ * \brief Clean up signing context.
+ *
+ * \param ctx  Sign context.
+ */
+void sign_context_deinit(sign_context_t *ctx);
+
+/*!
+ * \brief Signs outgoing DNS packet.
+ *
+ * \param pkt       Packet to sign.
+ * \param sign_ctx  Signing context.
+ *
+ * \return Error code, KNOT_EOK if successful.
+ */
+int sign_packet(knot_pkt_t *pkt, sign_context_t *sign_ctx);
+
+/*!
+ * \brief Verifies signature for incoming DNS packet.
+ *
+ * \param pkt       Packet verify sign.
+ * \param sign_ctx  Signing context.
+ *
+ * \return Error code, KNOT_EOK if successful.
+ */
+int verify_packet(const knot_pkt_t *pkt, const sign_context_t *sign_ctx);