+// utf-8 UTF-8 utf8 UTF8
#include <botan/botan.h>
#include <botan/ecdsa.h>
#include <botan/gost_3410.h>
+#include <botan/gost_3411.h>
+#include <botan/sha2_32.h>
+#include <botan/sha2_64.h>
#include <botan/pubkey.h>
#include <botan/look_pk.h>
#include "dnssecinfra.hh"
(Gosudarstvenny Gimn Rossiyskoy Federatsii)
"The National Anthem of the Russian Federation"
- ~ Rossiya - svyashchennaya nasha derzhava, ~
+ ~ Rossiya - svyashchennaya nasha derzhava, ~
~ Rossiya - lyubimaya nasha strana. ~
~ Moguchaya volya, velikaya slava - ~
~ Tvoyo dostoyanye na vse vremena! ~
std::string convertToISC(unsigned int algorithm) const;
std::string getPubKeyHash() const;
std::string sign(const std::string& hash) const;
+ std::string hash(const std::string& hash) const;
bool verify(const std::string& hash, const std::string& signature) const;
std::string getPublicKeyString() const;
int getBits() const;
return string((const char*)signature.begin(), (const char*) signature.end());
}
+std::string GOSTDNSPrivateKey::hash(const std::string& orig) const
+{
+ SecureVector<byte> result;
+
+ GOST_34_11 hasher;
+ result= hasher.process(orig);
+
+ return string((const char*)result.begin(), (const char*) result.end());
+}
+
bool GOSTDNSPrivateKey::verify(const std::string& hash, const std::string& signature) const
{
GOST_3410_Verification_Operation ops(*d_key);
std::string convertToISC(unsigned int algorithm) const;
std::string getPubKeyHash() const;
std::string sign(const std::string& hash) const;
+ std::string hash(const std::string& hash) const;
bool verify(const std::string& hash, const std::string& signature) const;
std::string getPublicKeyString() const;
int getBits() const;
return string((const char*)signature.begin(), (const char*) signature.end());
}
+std::string ECDSADNSPrivateKey::hash(const std::string& orig) const
+{
+ SecureVector<byte> result;
+ if(getBits() == 256) { // SHA256
+ SHA_256 hasher;
+ result= hasher.process(orig);
+ }
+ else { // SHA384
+ SHA_384 hasher;
+ result = hasher.process(orig);
+ }
+
+ return string((const char*)result.begin(), (const char*) result.end());
+}
+
+
bool ECDSADNSPrivateKey::verify(const std::string& hash, const std::string& signature) const
{
ECDSA_Verification_Operation ops(*d_key);
#include <boost/algorithm/string.hpp>
#include "dnssecinfra.hh"
#include "dnsseckeeper.hh"
-
-#include <polarssl/sha1.h>
-#include <polarssl/sha2.h>
-#include <polarssl/sha4.h>
+#include "polarssl/sha1.h"
#include <boost/assign/std/vector.hpp> // for 'operator+=()'
#include <boost/assign/list_inserter.hpp>
toHash.append(rdata);
}
- // algorithm 12 needs special GOST hash
-
- if(rrc.d_algorithm <= 7 ) { // RSASHA1
- unsigned char hash[20];
- sha1((unsigned char*)toHash.c_str(), toHash.length(), hash);
- return string((char*)hash, sizeof(hash));
- } else if(rrc.d_algorithm == 8 || rrc.d_algorithm == 13) { // RSASHA256 or ECDSAP256
- unsigned char hash[32];
- sha2((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
- return string((char*)hash, sizeof(hash));
- } else if(rrc.d_algorithm == 10) { // RSASHA512
- unsigned char hash[64];
- sha4((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
- return string((char*)hash, sizeof(hash));
- } else if(rrc.d_algorithm == 14) { // ECDSAP384
- unsigned char hash[48];
- sha4((unsigned char*)toHash.c_str(), toHash.length(), hash, 1); // == 384
- return string((char*)hash, sizeof(hash));
- }
- else {
- cerr<<"No idea how to hash for algorithm "<<(int)rrc.d_algorithm<<endl;
- exit(1);
- }
+ shared_ptr<DNSPrivateKey> dpk(DNSPrivateKey::make(rrc.d_algorithm));
+ return dpk->hash(toHash);
}
DSRecordContent makeDSFromDNSKey(const std::string& qname, const DNSKEYRecordContent& drc, int digest)
toHash.assign(toLower(simpleCompress(qname)));
toHash.append(const_cast<DNSKEYRecordContent&>(drc).serialize("", true, true));
- unsigned char hash[32];
- if(digest==1)
- sha1((unsigned char*)toHash.c_str(), toHash.length(), hash);
- else
- sha2((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
-
+
DSRecordContent dsrc;
+ if(digest==1) {
+ shared_ptr<DNSPrivateKey> dpk(DNSPrivateKey::make(5)); // gives us SHA1
+ dsrc.d_digest = dpk->hash(toHash);
+ }
+ else if(digest == 2) {
+ shared_ptr<DNSPrivateKey> dpk(DNSPrivateKey::make(8)); // gives us SHA256
+ dsrc.d_digest = dpk->hash(toHash);
+ }
+ else if(digest == 3) {
+ shared_ptr<DNSPrivateKey> dpk(DNSPrivateKey::make(12)); // gives us GOST
+ dsrc.d_digest = dpk->hash(toHash);
+ }
+
dsrc.d_algorithm= drc.d_algorithm;
dsrc.d_digesttype=digest;
dsrc.d_tag=const_cast<DNSKEYRecordContent&>(drc).getTag();
- dsrc.d_digest.assign((const char*)hash, digest == 1 ? 20 : 32);
return dsrc;
}
virtual std::string convertToISC(unsigned int algorithm) const =0;
virtual std::string getPubKeyHash()const =0;
virtual std::string sign(const std::string& hash) const =0;
+ virtual std::string hash(const std::string& hash) const =0;
virtual std::string getPublicKeyString()const =0;
virtual int getBits() const =0;
if(value.second.keyOrZone) {
cout<<"KSK DNSKEY = "<<zone<<" IN DNSKEY "<< value.first.getDNSKEY().getZoneRepresentation() << endl;
cout<<"DS = "<<zone<<" IN DS "<<makeDSFromDNSKey(zone, value.first.getDNSKEY(), 1).getZoneRepresentation() << endl;
- cout<<"DS = "<<zone<<" IN DS "<<makeDSFromDNSKey(zone, value.first.getDNSKEY(), 2).getZoneRepresentation() << endl << endl;
+ cout<<"DS = "<<zone<<" IN DS "<<makeDSFromDNSKey(zone, value.first.getDNSKEY(), 2).getZoneRepresentation() << endl;
+ cout<<"DS = "<<zone<<" IN DS "<<makeDSFromDNSKey(zone, value.first.getDNSKEY(), 3).getZoneRepresentation() << endl << endl;
}
}
}
#include <polarssl/base64.h>
#include <polarssl/sha1.h>
#include <polarssl/sha2.h>
+#include <polarssl/sha4.h>
#include <polarssl/havege.h>
#include <boost/assign/std/vector.hpp> // for 'operator+=()'
#include <boost/foreach.hpp>
class RSADNSPrivateKey : public DNSPrivateKey
{
public:
- RSADNSPrivateKey()
+ explicit RSADNSPrivateKey(unsigned int algorithm) : d_algorithm(algorithm)
{
memset(&d_context, 0, sizeof(d_context));
PDNSSEC_MI(N);
RSADNSPrivateKey(const RSADNSPrivateKey& orig)
{
+ d_algorithm = orig.d_algorithm;
+
d_context.ver = orig.d_context.ver;
d_context.len = orig.d_context.len;
RSADNSPrivateKey& operator=(const RSADNSPrivateKey& orig)
{
+ d_algorithm = orig.d_algorithm;
+
d_context.ver = orig.d_context.ver;
d_context.len = orig.d_context.len;
std::string convertToISC(unsigned int algorithm) const;
std::string getPubKeyHash() const;
std::string sign(const std::string& hash) const;
+ std::string hash(const std::string& hash) const;
std::string getPublicKeyString() const;
int getBits() const
{
void fromISCString(DNSKEYRecordContent& drc, const std::string& content);
void fromPEMString(DNSKEYRecordContent& drc, const std::string& raw);
- static DNSPrivateKey* maker(unsigned int)
+ static DNSPrivateKey* maker(unsigned int algorithm)
{
- return new RSADNSPrivateKey();
+ return new RSADNSPrivateKey(algorithm);
}
private:
rsa_context d_context;
+ unsigned int d_algorithm;
};
// see above
return string((char*) signature, sizeof(signature));
}
+std::string RSADNSPrivateKey::hash(const std::string& toHash) const
+{
+ if(d_algorithm <= 7 ) { // RSASHA1
+ unsigned char hash[20];
+ sha1((unsigned char*)toHash.c_str(), toHash.length(), hash);
+ return string((char*)hash, sizeof(hash));
+ }
+ else if(d_algorithm == 8) { // RSASHA256
+ unsigned char hash[32];
+ sha2((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
+ return string((char*)hash, sizeof(hash));
+ }
+ else if(d_algorithm == 10) { // RSASHA512
+ unsigned char hash[64];
+ sha4((unsigned char*)toHash.c_str(), toHash.length(), hash, 0);
+ return string((char*)hash, sizeof(hash));
+ }
+ throw runtime_error("PolarSSL hashing method can't hash algorithm "+lexical_cast<string>(d_algorithm));
+}
+
+
std::string RSADNSPrivateKey::convertToISC(unsigned int algorithm) const
{
string ret;
projects / thirdparty / pdns.git / commitdiff
