./pdns/gettime.hh
./pdns/histog.hh
./pdns/inflighter.cc
-./pdns/ipcipher.cc
./pdns/iputils.cc
./pdns/iputils.hh
./pdns/ixfr.cc
./pdns/test-dnsrecordcontent.cc
./pdns/test-dnsrecords_cc.cc
./pdns/test-dnswriter_cc.cc
-./pdns/test-ipcrypt_cc.cc
./pdns/test-iputils_hh.cc
./pdns/test-ixfr_cc.cc
./pdns/test-lock_hh.cc
./pdns/test-tsig.cc
./pdns/test-ueberbackend_cc.cc
./pdns/test-zoneparser_tng_cc.cc
-./pdns/testrunner.cc
./pdns/threadname.cc
./pdns/tkey.cc
./pdns/trusted-notification-proxy.cc
*/
std::string makeIPCipherKey(const std::string& password)
{
- static const char salt[]="ipcipheripcipher";
+ static const char salt[] = "ipcipheripcipher";
unsigned char out[16];
- PKCS5_PBKDF2_HMAC_SHA1(password.c_str(), password.size(), (const unsigned char*)salt, sizeof(salt)-1, 50000, sizeof(out), out);
+ PKCS5_PBKDF2_HMAC_SHA1(password.c_str(), password.size(), (const unsigned char*)salt, sizeof(salt) - 1, 50000, sizeof(out), out);
return std::string((const char*)out, (const char*)out + sizeof(out));
}
-static ComboAddress encryptCA4(const ComboAddress& ca, const std::string &key)
+static ComboAddress encryptCA4(const ComboAddress& ca, const std::string& key)
{
- if(key.size() != 16)
+ if (key.size() != 16)
throw std::runtime_error("Need 128 bits of key for ipcrypt");
- ComboAddress ret=ca;
+ ComboAddress ret = ca;
// always returns 0, has no failure mode
- ipcrypt_encrypt( (unsigned char*)&ret.sin4.sin_addr.s_addr,
- (const unsigned char*) &ca.sin4.sin_addr.s_addr,
- (const unsigned char*)key.c_str());
+ ipcrypt_encrypt((unsigned char*)&ret.sin4.sin_addr.s_addr,
+ (const unsigned char*)&ca.sin4.sin_addr.s_addr,
+ (const unsigned char*)key.c_str());
+
return ret;
}
-static ComboAddress decryptCA4(const ComboAddress& ca, const std::string &key)
+static ComboAddress decryptCA4(const ComboAddress& ca, const std::string& key)
{
- if(key.size() != 16)
+ if (key.size() != 16)
throw std::runtime_error("Need 128 bits of key for ipcrypt");
- ComboAddress ret=ca;
+ ComboAddress ret = ca;
// always returns 0, has no failure mode
- ipcrypt_decrypt( (unsigned char*)&ret.sin4.sin_addr.s_addr,
- (const unsigned char*) &ca.sin4.sin_addr.s_addr,
- (const unsigned char*)key.c_str());
+ ipcrypt_decrypt((unsigned char*)&ret.sin4.sin_addr.s_addr,
+ (const unsigned char*)&ca.sin4.sin_addr.s_addr,
+ (const unsigned char*)key.c_str());
+
return ret;
}
-
-static ComboAddress encryptCA6(const ComboAddress& ca, const std::string &key)
+static ComboAddress encryptCA6(const ComboAddress& ca, const std::string& key)
{
- if(key.size() != 16)
+ if (key.size() != 16)
throw std::runtime_error("Need 128 bits of key for ipcrypt");
- ComboAddress ret=ca;
+ ComboAddress ret = ca;
AES_KEY wctx;
AES_set_encrypt_key((const unsigned char*)key.c_str(), 128, &wctx);
return ret;
}
-static ComboAddress decryptCA6(const ComboAddress& ca, const std::string &key)
+static ComboAddress decryptCA6(const ComboAddress& ca, const std::string& key)
{
- if(key.size() != 16)
+ if (key.size() != 16)
throw std::runtime_error("Need 128 bits of key for ipcrypt");
- ComboAddress ret=ca;
+ ComboAddress ret = ca;
AES_KEY wctx;
AES_set_decrypt_key((const unsigned char*)key.c_str(), 128, &wctx);
AES_decrypt((const unsigned char*)&ca.sin6.sin6_addr.s6_addr,
return ret;
}
-
ComboAddress encryptCA(const ComboAddress& ca, const std::string& key)
{
- if(ca.sin4.sin_family == AF_INET)
+ if (ca.sin4.sin_family == AF_INET)
return encryptCA4(ca, key);
- else if(ca.sin4.sin_family == AF_INET6)
+ else if (ca.sin4.sin_family == AF_INET6)
return encryptCA6(ca, key);
else
throw std::runtime_error("ipcrypt can't encrypt non-IP addresses");
ComboAddress decryptCA(const ComboAddress& ca, const std::string& key)
{
- if(ca.sin4.sin_family == AF_INET)
+ if (ca.sin4.sin_family == AF_INET)
return decryptCA4(ca, key);
- else if(ca.sin4.sin_family == AF_INET6)
+ else if (ca.sin4.sin_family == AF_INET6)
return decryptCA6(ca, key);
else
throw std::runtime_error("ipcrypt can't decrypt non-IP addresses");
-
}
#endif /* HAVE_IPCIPHER */
RAND_seed((const unsigned char*)entropy.c_str(), 1024);
}
-
class OpenSSLRSADNSCryptoKeyEngine : public DNSCryptoKeyEngine
{
public:
{
int ret = RAND_status();
if (ret != 1) {
- throw runtime_error(getName()+" insufficient entropy");
+ throw runtime_error(getName() + " insufficient entropy");
}
}
bool verify(const std::string& hash, const std::string& signature) const override;
std::string getPubKeyHash() const override;
std::string getPublicKeyString() const override;
- std::unique_ptr<BIGNUM, void(*)(BIGNUM*)>parse(std::map<std::string, std::string>& stormap, const std::string& key) const;
+ std::unique_ptr<BIGNUM, void (*)(BIGNUM*)> parse(std::map<std::string, std::string>& stormap, const std::string& key) const;
void fromISCMap(DNSKEYRecordContent& drc, std::map<std::string, std::string>& stormap) override;
void fromPublicKeyString(const std::string& content) override;
- bool checkKey(vector<string> *errorMessages) const override;
+ bool checkKey(vector<string>* errorMessages) const override;
static std::unique_ptr<DNSCryptoKeyEngine> maker(unsigned int algorithm)
{
private:
static int hashSizeToKind(size_t hashSize);
- std::unique_ptr<RSA, void(*)(RSA*)> d_key;
+ std::unique_ptr<RSA, void (*)(RSA*)> d_key;
};
-
void OpenSSLRSADNSCryptoKeyEngine::create(unsigned int bits)
{
// When changing the bitsizes, also edit them in ::checkKey
int OpenSSLRSADNSCryptoKeyEngine::hashSizeToKind(const size_t hashSize)
{
- switch(hashSize) {
- case SHA_DIGEST_LENGTH:
- return NID_sha1;
- case SHA256_DIGEST_LENGTH:
- return NID_sha256;
- case SHA384_DIGEST_LENGTH:
- return NID_sha384;
- case SHA512_DIGEST_LENGTH:
- return NID_sha512;
- default:
- throw runtime_error("OpenSSL RSA does not handle hash of size " + std::to_string(hashSize));
+ switch (hashSize) {
+ case SHA_DIGEST_LENGTH:
+ return NID_sha1;
+ case SHA256_DIGEST_LENGTH:
+ return NID_sha256;
+ case SHA384_DIGEST_LENGTH:
+ return NID_sha384;
+ case SHA512_DIGEST_LENGTH:
+ return NID_sha512;
+ default:
+ throw runtime_error("OpenSSL RSA does not handle hash of size " + std::to_string(hashSize));
}
}
class OpenSSLECDSADNSCryptoKeyEngine : public DNSCryptoKeyEngine
{
public:
- explicit OpenSSLECDSADNSCryptoKeyEngine(unsigned int algo) : DNSCryptoKeyEngine(algo), d_eckey(std::unique_ptr<EC_KEY, void(*)(EC_KEY*)>(EC_KEY_new(), EC_KEY_free)), d_ecgroup(std::unique_ptr<EC_GROUP, void(*)(EC_GROUP*)>(nullptr, EC_GROUP_clear_free))
+ explicit OpenSSLECDSADNSCryptoKeyEngine(unsigned int algo) :
+ DNSCryptoKeyEngine(algo), d_eckey(std::unique_ptr<EC_KEY, void (*)(EC_KEY*)>(EC_KEY_new(), EC_KEY_free)), d_ecgroup(std::unique_ptr<EC_GROUP, void (*)(EC_GROUP*)>(nullptr, EC_GROUP_clear_free))
{
-
int ret = RAND_status();
if (ret != 1) {
- throw runtime_error(getName()+" insufficient entropy");
+ throw runtime_error(getName() + " insufficient entropy");
}
if (!d_eckey) {
- throw runtime_error(getName()+" allocation of key structure failed");
+ throw runtime_error(getName() + " allocation of key structure failed");
}
- if(d_algorithm == 13) {
- d_ecgroup = std::unique_ptr<EC_GROUP, void(*)(EC_GROUP*)>(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1), EC_GROUP_clear_free);
+ if (d_algorithm == 13) {
+ d_ecgroup = std::unique_ptr<EC_GROUP, void (*)(EC_GROUP*)>(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1), EC_GROUP_clear_free);
d_len = 32;
- } else if (d_algorithm == 14) {
- d_ecgroup = std::unique_ptr<EC_GROUP, void(*)(EC_GROUP*)>(EC_GROUP_new_by_curve_name(NID_secp384r1), EC_GROUP_clear_free);
+ }
+ else if (d_algorithm == 14) {
+ d_ecgroup = std::unique_ptr<EC_GROUP, void (*)(EC_GROUP*)>(EC_GROUP_new_by_curve_name(NID_secp384r1), EC_GROUP_clear_free);
d_len = 48;
- } else {
- throw runtime_error(getName()+" unknown algorithm "+std::to_string(d_algorithm));
+ }
+ else {
+ throw runtime_error(getName() + " unknown algorithm " + std::to_string(d_algorithm));
}
if (!d_ecgroup) {
- throw runtime_error(getName()+" allocation of group structure failed");
+ throw runtime_error(getName() + " allocation of group structure failed");
}
ret = EC_KEY_set_group(d_eckey.get(), d_ecgroup.get());
if (ret != 1) {
- throw runtime_error(getName()+" setting key group failed");
+ throw runtime_error(getName() + " setting key group failed");
}
}
std::unique_ptr<EC_GROUP, void(*)(EC_GROUP*)> d_ecgroup;
};
-
void OpenSSLECDSADNSCryptoKeyEngine::create(unsigned int bits)
{
if (bits >> 3 != d_len) {
return (ret == 1);
}
-
std::string OpenSSLECDSADNSCryptoKeyEngine::getPubKeyHash() const
{
string pubKey = getPublicKeyString();
return string((char*) l_hash, sizeof(l_hash));
}
-
std::string OpenSSLECDSADNSCryptoKeyEngine::getPublicKeyString() const
{
std::string binaryPoint;
BOOST_AUTO_TEST_CASE(test_ipcrypt4)
{
- ComboAddress ca("127.0.0.1");
- std::string key="0123456789ABCDEF";
- auto encrypted = encryptCA(ca, key);
+ ComboAddress address("127.0.0.1");
+ std::string key = "0123456789ABCDEF";
+ auto encrypted = encryptCA(address, key);
auto decrypted = decryptCA(encrypted, key);
- BOOST_CHECK_EQUAL(ca.toString(), decrypted.toString());
+ BOOST_CHECK_EQUAL(address.toString(), decrypted.toString());
}
BOOST_AUTO_TEST_CASE(test_ipcrypt4_vector)
{
- vector<pair<string,string>> tests{ // test vector from https://github.com/veorq/ipcrypt
- {{"127.0.0.1"},{"114.62.227.59"}},
- {{"8.8.8.8"}, {"46.48.51.50"}},
- {{"1.2.3.4"}, {"171.238.15.199"}}};
+ // test vector from https://github.com/veorq/ipcrypt
+ vector<pair<string, string>> tests{{{"127.0.0.1"}, {"114.62.227.59"}},
+ {{"8.8.8.8"}, {"46.48.51.50"}},
+ {{"1.2.3.4"}, {"171.238.15.199"}}};
- std::string key="some 16-byte key";
+ std::string key = "some 16-byte key";
- for(const auto& p : tests) {
+ for (const auto& p : tests) {
auto encrypted = encryptCA(ComboAddress(p.first), key);
BOOST_CHECK_EQUAL(encrypted.toString(), p.second);
auto decrypted = decryptCA(encrypted, key);
}
// test from Frank Denis' test.cc
- ComboAddress ip("192.168.69.42"), out, dec;
+ ComboAddress address("192.168.69.42");
+ ComboAddress out;
+ ComboAddress dec;
string key2;
- for(int n=0; n<16; ++n)
- key2.append(1, (char)n+1);
+ for (int n = 0; n < 16; ++n) {
+ key2.append(1, (char)n + 1);
+ }
for (unsigned int i = 0; i < 100000000UL; i++) {
- out=encryptCA(ip, key2);
+ out = encryptCA(address, key2);
// dec=decryptCA(out, key2);
// BOOST_CHECK(ip==dec);
- ip=out;
+ address = out;
}
ComboAddress expected("93.155.197.186");
- BOOST_CHECK_EQUAL(ip.toString(), expected.toString());
+ BOOST_CHECK_EQUAL(address.toString(), expected.toString());
}
-
BOOST_AUTO_TEST_CASE(test_ipcrypt6)
{
- ComboAddress ca("::1");
- std::string key="0123456789ABCDEF";
- auto encrypted = encryptCA(ca, key);
+ ComboAddress address("::1");
+ std::string key = "0123456789ABCDEF";
+ auto encrypted = encryptCA(address, key);
auto decrypted = decryptCA(encrypted, key);
- BOOST_CHECK_EQUAL(ca.toString(), decrypted.toString());
+ BOOST_CHECK_EQUAL(address.toString(), decrypted.toString());
}
BOOST_AUTO_TEST_SUITE_END()
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
+
#include <boost/test/unit_test.hpp>
#include "arguments.hh"
#include "auth-packetcache.hh"
#include "auth-querycache.hh"
#include "auth-zonecache.hh"
#include "statbag.hh"
+
StatBag S;
AuthPacketCache PC;
AuthQueryCache QC;
AuthZoneCache g_zoneCache;
uint16_t g_maxNSEC3Iterations{0};
-ArgvMap &arg()
+ArgvMap& arg()
{
static ArgvMap theArg;
return theArg;
}
-
-static bool init_unit_test() {
+static bool init_unit_test()
+{
reportAllTypes();
return true;
}
int main(int argc, char* argv[])
{
S.d_allowRedeclare = true;
- return boost::unit_test::unit_test_main( &init_unit_test, argc, argv );
+ return boost::unit_test::unit_test_main(&init_unit_test, argc, argv);
}
projects / thirdparty / pdns.git / commitdiff
