Further abstract API of verify crypto.

d322de06 · Giovanni Bajo · Simon Kelley · b98f7715 · d322de06 · d322de06
Commit d322de06 authored Apr 23, 2012 by Giovanni Bajo Committed by Simon Kelley Aug 20, 2013
Show whitespace changes
Inline Side-by-side

Showing with 72 additions and 48 deletions

src/dnssec-crypto.h src/dnssec-crypto.h +56 -0

src/dnssec.c src/dnssec.c +16 -48

No files found.
--- a/src/dnssec-crypto.h
+++ b/src/dnssec-crypto.h
+#ifndef DNSSEC_CRYPTO_H
+#define DNSSEC_CRYPTO_H
+/* 
+ * vtable for a signature verification algorithm.
+ *
+ * Each algorithm verifies that a certain signature over a (possibly non-contigous)
+ * array of data has been made with the specified key.
+ *
+ * Sample of usage:
+ *
+ *    // First, set the signature we need to check. Notice: data is not copied
+ *    // nor consumed, so the pointer must stay valid.
+ *    alg->set_signature(sig, 16);
+ *
+ *    // Second, push the data in; data is consumed immediately, so the buffer
+ *    // can be freed or modified.
+ *    alg->begin_data();
+ *    alg->add_data(buf1, 123);
+ *    alg->add_data(buf2, 45);
+ *    alg->add_data(buf3, 678);
+ *    alg->end_data();
+ *
+ *    // Third, verify if we got the correct key for this signature.
+ *    alg->verify(key1, 16);
+ *    alg->verify(key2, 16);
+ */ 
+typedef struct
+{
+  int (*set_signature)(unsigned char *data, unsigned len);
+  void (*begin_data)(void);
+  void (*add_data)(void *data, unsigned len);
+  void (*end_data)(void);
+  int (*verify)(unsigned char *key, unsigned key_len);
+} VerifyAlg;
+#define DEFINE_VALG(alg) \
+  void alg ## _set_signature(unsigned char *data, unsigned len); \
+  void alg ## _begin_data(void); \
+  void alg ## _add_data(void *data, unsigned len); \
+  void alg ## _end_data(void); \
+  int alg ## _verify(unsigned char *key, unsigned key_len) \
+  /**/
+#define VALG_VTABLE(alg) { \
+  alg ## _set_signature, \
+  alg ## _begin_data, \
+  alg ## _add_data, \
+  alg ## _end_data, \
+  alg ## _verify \
+  } /**/
+/* Algorithm 5: RSASHA1 */
+DEFINE_VALG(rsasha1);
+#endif /* DNSSEC_CRYPTO_H */
--- a/src/dnssec.c
+++ b/src/dnssec.c
 #include "dnsmasq.h"
+#include "dnssec-crypto.h"
 #include <assert.h>
 #define SERIAL_UNDEF  -100
@@ -10,39 +11,6 @@
 #define countof(x)      (long)(sizeof(x) / sizeof(x[0]))
 #define MIN(a,b)        ((a) < (b) ? (a) : (b))
-/* 
- * vtable for a signature verification algorithm.
- *
- * Each algorithm verifies that a certain signature over a (possibly non-contigous)
- * array of data has been made with the specified key.
- *
- * Sample of usage:
- *
- *    // First, set the signature we need to check. Notice: data is not copied
- *    // nor consumed, so the pointer must stay valid.
- *    alg->set_signature(sig, 16);
- *
- *    // Second, push the data in; data is consumed immediately, so the buffer
- *    // can be freed or modified.
- *    alg->begin_data();
- *    alg->add_data(buf1, 123);
- *    alg->add_data(buf2, 45);
- *    alg->add_data(buf3, 678);
- *    alg->end_data();
- *
- *    // Third, verify if we got the correct key for this signature.
- *    alg->verify(key1, 16);
- *    alg->verify(key2, 16);
- */ 
-typedef struct
-{
-  int (*set_signature)(unsigned char *data, unsigned len);
-  void (*begin_data)(void);
-  void (*add_data)(void *data, unsigned len);
-  void (*end_data)(void);
-  int (*verify)(unsigned char *key, unsigned key_len);
-} VerifyAlg;
 /* Updated registry that merges various RFCs:
   https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml */
 static const VerifyAlg valgs[] =
@@ -52,7 +20,7 @@ static const VerifyAlg valgs[] =
  {0,0,0,0,0},            /*  2: DH */
  {0,0,0,0,0},            /*  3: DSA */
  {0,0,0,0,0},            /*  4: ECC */
-  {0,0,0,0,0},   /*  5: RSASHA1 */
+  VALG_VTABLE(rsasha1),   /*  5: RSASHA1 */
  {0,0,0,0,0},            /*  6: DSA-NSEC3-SHA1 */
  {0,0,0,0,0},            /*  7: RSASHA1-NSEC3-SHA1 */
  {0,0,0,0,0},            /*  8: RSASHA256 */