L<<Logger::Error<<"Packet for domain '"<<q->qdomain<<"' denied: can't find TSIG key with name '"<<*keyname<<"' and algorithm '"<<trc->d_algoName<<"'"<<endl;
return false;
}
-
- if (trc->d_algoName == "hmac-md5")
- trc->d_algoName += ".sig-alg.reg.int.";
-
- if (trc->d_algoName != "hmac-md5.sig-alg.reg.int.") {
- L<<Logger::Error<<"Unsupported TSIG HMAC algorithm " << trc->d_algoName << endl;
+ if (trc->d_algoName == "hmac-md5")
+ trc->d_algoName += ".sig-alg.reg.int.";
+
+ bool result;
+ if (trc->d_algoName == "hmac-md5.sig-alg.reg.int.")
+ {
+ B64Decode(secret64, *secret);
+ result=calculateMD5HMAC(*secret, message) == trc->d_mac;
+ }
+ else
+ {
+ L<<Logger::Error<<"Do not know how to handle TSIG algorithm " << trc->d_algoName << endl;
return false;
}
- B64Decode(secret64, *secret);
- bool result=calculateMD5HMAC(*secret, message) == trc->d_mac;
if(!result) {
L<<Logger::Error<<"Packet for domain '"<<q->qdomain<<"' denied: TSIG signature mismatch using '"<<*keyname<<"' and algorithm '"<<trc->d_algoName<<"'"<<endl;
}
#include <boost/assign/list_inserter.hpp>
#include "base64.hh"
#include "md5.hh"
+#include "sha.hh"
#include "namespaces.hh"
using namespace boost::assign;
return md5_2.get();
}
+string calculateSHAHMAC(const std::string& key_, const std::string& text, TSIGHashEnum hasher)
+{
+ const unsigned char* key=(const unsigned char*)key_.c_str();
+ unsigned char keyIpad[64];
+ unsigned char keyOpad[64];
+
+ //~ cerr<<"Key: "<<makeHexDump(key_)<<endl;
+ //~ cerr<<"txt: "<<makeHexDump(text)<<endl;
+
+ for(unsigned int n=0; n < 64; ++n) {
+ if(n < key_.length()) {
+ keyIpad[n] = (unsigned char)(key[n] ^ 0x36);
+ keyOpad[n] = (unsigned char)(key[n] ^ 0x5c);
+ }
+ else {
+ keyIpad[n]=0x36;
+ keyOpad[n]=0x5c;
+ }
+ }
+
+ switch(hasher) {
+ case TSIG_SHA1:
+ {
+ SHA1Summer s1,s2;
+ s1.feed((const char*)keyIpad, 64);
+ s1.feed(text);
+ s2.feed((const char*)keyOpad, 64);
+ s2.feed(s1.get());
+ return s2.get();
+ };
+ case TSIG_SHA224:
+ {
+ SHA224Summer s1,s2;
+ s1.feed((const char*)keyIpad, 64);
+ s1.feed(text);
+ s2.feed((const char*)keyOpad, 64);
+ s2.feed(s1.get());
+ return s2.get();
+ };
+ case TSIG_SHA256:
+ {
+ SHA256Summer s1,s2;
+ s1.feed((const char*)keyIpad, 64);
+ s1.feed(text);
+ s2.feed((const char*)keyOpad, 64);
+ s2.feed(s1.get());
+ return s2.get();
+ };
+ case TSIG_SHA384:
+ {
+ SHA384Summer s1,s2;
+ s1.feed((const char*)keyIpad, 64);
+ s1.feed(text);
+ s2.feed((const char*)keyOpad, 64);
+ s2.feed(s1.get());
+ return s2.get();
+ };
+ case TSIG_SHA512:
+ {
+ SHA512Summer s1,s2;
+ s1.feed((const char*)keyIpad, 64);
+ s1.feed(text);
+ s2.feed((const char*)keyOpad, 64);
+ s2.feed(s1.get());
+ return s2.get();
+ };
+ default:
+ throw new AhuException("Unknown hash algorithm requested for SHA");
+ };
+
+ return std::string("");
+}
+
+string calculateHMAC(const std::string& key_, const std::string& text, TSIGHashEnum hash) {
+ if (hash == TSIG_MD5) return calculateMD5HMAC(key_, text);
+
+ // add other algorithms here
+
+ return calculateSHAHMAC(key_, text, hash);
+}
+
string makeTSIGMessageFromTSIGPacket(const string& opacket, unsigned int tsigOffset, const string& keyname, const TSIGRecordContent& trc, const string& previous, bool timersonly, unsigned int dnsHeaderOffset)
{
string message;
class DNSPacket;
void addRRSigs(DNSSECKeeper& dk, DNSBackend& db, const std::set<string, CIStringCompare>& authMap, vector<DNSResourceRecord>& rrs);
+typedef enum { TSIG_MD5, TSIG_SHA1, TSIG_SHA224, TSIG_SHA256, TSIG_SHA384, TSIG_SHA512 } TSIGHashEnum;
+
string calculateMD5HMAC(const std::string& key_, const std::string& text);
+string calculateSHAHMAC(const std::string& key_, const std::string& text, TSIGHashEnum hash);
+string calculateHMAC(const std::string& key_, const std::string& text, TSIGHashEnum hash);
+
string makeTSIGMessageFromTSIGPacket(const string& opacket, unsigned int tsigoffset, const string& keyname, const TSIGRecordContent& trc, const string& previous, bool timersonly, unsigned int dnsHeaderOffset=0);
void addTSIG(DNSPacketWriter& pw, TSIGRecordContent* trc, const string& tsigkeyname, const string& tsigsecret, const string& tsigprevious, bool timersonly);
--- /dev/null
+#define BOOST_TEST_DYN_LINK
+#define BOOST_TEST_NO_MAIN
+#include <boost/test/unit_test.hpp>
+#include <boost/assign/list_of.hpp>
+#include <boost/foreach.hpp>
+#include <boost/tuple/tuple.hpp>
+
+#include "sha.hh"
+#include "misc.hh"
+
+using namespace boost;
+using namespace boost::assign;
+
+BOOST_AUTO_TEST_SUITE(test_sha_hh)
+
+// input, output
+typedef boost::tuple<const std::string, const std::string> case_t;
+typedef std::vector<case_t> cases_t;
+
+BOOST_AUTO_TEST_CASE(test_sha1summer) {
+ cases_t cases = list_of
+ (case_t("abc", "a9 99 3e 36 47 06 81 6a ba 3e 25 71 78 50 c2 6c 9c d0 d8 9d "))
+ (case_t("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "84 98 3e 44 1c 3b d2 6e ba ae 4a a1 f9 51 29 e5 e5 46 70 f1 "));
+
+ BOOST_FOREACH(case_t& val, cases) {
+ SHA1Summer s;
+ s.feed(val.get<0>());
+ BOOST_CHECK_EQUAL(makeHexDump(s.get()), val.get<1>());
+ }
+}
+
+BOOST_AUTO_TEST_CASE(test_sha224summer) {
+ cases_t cases = list_of
+ (case_t("abc", "23 09 7d 22 34 05 d8 22 86 42 a4 77 bd a2 55 b3 2a ad bc e4 bd a0 b3 f7 e3 6c 9d a7 "))
+ (case_t("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "75 38 8b 16 51 27 76 cc 5d ba 5d a1 fd 89 01 50 b0 c6 45 5c b4 f5 8b 19 52 52 25 25 "));
+
+ BOOST_FOREACH(case_t& val, cases) {
+ SHA224Summer s;
+ s.feed(val.get<0>());
+ BOOST_CHECK_EQUAL(makeHexDump(s.get()), val.get<1>());
+ }
+}
+
+BOOST_AUTO_TEST_CASE(test_sha256summer) {
+ cases_t cases = list_of
+ (case_t("abc", "ba 78 16 bf 8f 01 cf ea 41 41 40 de 5d ae 22 23 b0 03 61 a3 96 17 7a 9c b4 10 ff 61 f2 00 15 ad "))
+ (case_t("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "24 8d 6a 61 d2 06 38 b8 e5 c0 26 93 0c 3e 60 39 a3 3c e4 59 64 ff 21 67 f6 ec ed d4 19 db 06 c1 "));
+
+ BOOST_FOREACH(case_t& val, cases) {
+ SHA256Summer s;
+ s.feed(val.get<0>());
+ BOOST_CHECK_EQUAL(makeHexDump(s.get()), val.get<1>());
+ }
+}
+
+BOOST_AUTO_TEST_CASE(test_sha384summer) {
+ cases_t cases = list_of
+ (case_t("abc", "cb 00 75 3f 45 a3 5e 8b b5 a0 3d 69 9a c6 50 07 27 2c 32 ab 0e de d1 63 1a 8b 60 5a 43 ff 5b ed 80 86 07 2b a1 e7 cc 23 58 ba ec a1 34 c8 25 a7 "))
+ (case_t("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "33 91 fd dd fc 8d c7 39 37 07 a6 5b 1b 47 09 39 7c f8 b1 d1 62 af 05 ab fe 8f 45 0d e5 f3 6b c6 b0 45 5a 85 20 bc 4e 6f 5f e9 5b 1f e3 c8 45 2b "));
+
+ BOOST_FOREACH(case_t& val, cases) {
+ SHA384Summer s;
+ s.feed(val.get<0>());
+ BOOST_CHECK_EQUAL(makeHexDump(s.get()), val.get<1>());
+ }
+}
+
+BOOST_AUTO_TEST_CASE(test_sha512summer) {
+ cases_t cases = list_of
+ (case_t("abc", "dd af 35 a1 93 61 7a ba cc 41 73 49 ae 20 41 31 12 e6 fa 4e 89 a9 7e a2 0a 9e ee e6 4b 55 d3 9a 21 92 99 2a 27 4f c1 a8 36 ba 3c 23 a3 fe eb bd 45 4d 44 23 64 3c e8 0e 2a 9a c9 4f a5 4c a4 9f "))
+ (case_t("abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq", "20 4a 8f c6 dd a8 2f 0a 0c ed 7b eb 8e 08 a4 16 57 c1 6e f4 68 b2 28 a8 27 9b e3 31 a7 03 c3 35 96 fd 15 c1 3b 1b 07 f9 aa 1d 3b ea 57 78 9c a0 31 ad 85 c7 a7 1d d7 03 54 ec 63 12 38 ca 34 45 "));
+
+ BOOST_FOREACH(case_t& val, cases) {
+ SHA512Summer s;
+ s.feed(val.get<0>());
+ BOOST_CHECK_EQUAL(makeHexDump(s.get()), val.get<1>());
+ }
+}
+
+BOOST_AUTO_TEST_SUITE_END()
projects / thirdparty / pdns.git / commitdiff
