From: Miek Gieben <miekg@NLnetLabs.nl>
Date: Tue, 7 Feb 2006 11:38:49 +0000 (+0000)
Subject: sha-256 implement, without actually calling the openssl lib
X-Git-Tag: release-1.1.0~369
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f4b02429ce0edaea247ab9233ebb48fcd5ac2c66;p=thirdparty%2Fldns.git

sha-256 implement, without actually calling the openssl lib
---

diff --git a/Changelog b/Changelog
index f4fe917b..f9192461 100644
--- a/Changelog
+++ b/Changelog
@@ -42,6 +42,8 @@ XX Jan 2006: 1.1.0: ldns-team
 	  Which also get an extra variable
 	* tsig.h: internal used functions are now static:
 	  ldns_digest_name and ldns_tsig_mac_new
+	* ldns_key_rr2ds has an extra argument to specify the hash to
+	  use.
 	New:
 	* ldns_resolver_searchlist_count: return the searchlist counter
 	* ldns_zone_sort: Sort a zone
diff --git a/dnssec.c b/dnssec.c
index fdfda9dd..ead78bc7 100644
--- a/dnssec.c
+++ b/dnssec.c
@@ -645,7 +645,7 @@ ldns_key_buf2rsa(ldns_buffer *key)
 }
 
 ldns_rr *
-ldns_key_rr2ds(const ldns_rr *key)
+ldns_key_rr2ds(const ldns_rr *key, ldns_hash h)
 {
         ldns_rdf *tmp;
         ldns_rr *ds;
@@ -668,10 +668,17 @@ ldns_key_rr2ds(const ldns_rr *key)
 	ldns_rr_set_ttl(ds, ldns_rr_ttl(key));
 	ldns_rr_set_class(ds, ldns_rr_get_class(key));
 
-        digest = LDNS_XMALLOC(uint8_t, SHA_DIGEST_LENGTH);
-        if (!digest) {
-                return NULL;
-        }
+	switch(h) {
+		case LDNS_SHA1:
+			digest = LDNS_XMALLOC(uint8_t, SHA_DIGEST_LENGTH);
+			if (!digest) {
+				return NULL;
+			}
+		break;
+		case LDNS_SHA256:
+			return NULL; /* not implemented */
+		break;
+	}
 
         data_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
         if (!data_buf) {
@@ -685,10 +692,10 @@ ldns_key_rr2ds(const ldns_rr *key)
 
         /* copy the algorithm field */
         ldns_rr_push_rdf(ds, ldns_rdf_clone(
-                                ldns_rr_rdf(key, 2)));
+                                ldns_rr_rdf(key, 2))); /* second rfd */
 
-        /* digest type, only SHA1 is supported */
-        sha1hash = 1;
+        /* digest hash type */
+        sha1hash = (uint8_t)h;
         tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, sizeof(uint8_t), &sha1hash);
         ldns_rr_push_rdf(ds, tmp);
 
@@ -704,17 +711,30 @@ ldns_key_rr2ds(const ldns_rr *key)
 			LDNS_STATUS_OK) { 
 		return NULL;
 	}
+	switch(h) {
+		case LDNS_SHA1:
+		(void) SHA1((unsigned char *) ldns_buffer_begin(data_buf),
+			    ldns_buffer_position(data_buf),
+			    (unsigned char*) digest);
 
-        /* sha1 it */
-        (void) SHA1((unsigned char *) ldns_buffer_begin(data_buf),
-                    ldns_buffer_position(data_buf),
-                    (unsigned char*) digest);
+		tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, SHA_DIGEST_LENGTH,
+				digest);
+		ldns_rr_push_rdf(ds, tmp);
 
-        tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, SHA_DIGEST_LENGTH,
-                        digest);
-        ldns_rr_push_rdf(ds, tmp);
+		break;
+		case LDNS_SHA256:
+		/* XXX to SHA265 
+		(void) SHA1((unsigned char *) ldns_buffer_begin(data_buf),
+			    ldns_buffer_position(data_buf),
+			    (unsigned char*) digest);
+
+		tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, SHA_DIGEST_LENGTH,
+				digest);
+		ldns_rr_push_rdf(ds, tmp);
+		*/
+		break;
+	}
 
-	LDNS_FREE(digest);
         return ds;
 }
 
diff --git a/examples/ldns-key2ds.c b/examples/ldns-key2ds.c
index 0e704275..a56303f7 100644
--- a/examples/ldns-key2ds.c
+++ b/examples/ldns-key2ds.c
@@ -13,11 +13,14 @@
 
 void
 usage(FILE *fp, char *prog) {
-	fprintf(fp, "%s keyfile\n", prog);
-	fprintf(fp, "  generate a ds record\n");
+	fprintf(fp, "%s [-1|-2] keyfile\n", prog);
+	fprintf(fp, "  Generate a DS RR from the key\n");
 	fprintf(fp, "  The following file will be created: ");
 	fprintf(fp, "K<name>+<alg>+<id>.ds\n");
 	fprintf(fp, "  The base name (K<name>+<alg>+<id> will be printed to stdout\n");
+	fprintf(fp, "Options:\n");
+	fprintf(fp, "  -1 (default): use SHA1 for the DS hash\n");
+	fprintf(fp, "  -2: use SHA256 for the DS hash\n");
 }
 
 int
@@ -30,14 +33,28 @@ main(int argc, char *argv[])
 	char *owner;
 	ldns_rr *k, *ds;
 	ldns_signing_algorithm alg;
+	ldns_hash h;
 	
 	alg = 0;
 	prog = strdup(argv[0]);
-	if (argc != 2) {
+	h = LDNS_SHA1;
+
+	argv++, argc--;
+	while (argc && argv[0][0] == '-') {
+		if (strcmp(argv[0], "-1") == 0) {
+			h = LDNS_SHA1;
+		} 
+		if (strcmp(argv[0], "-2") == 0) {
+			h = LDNS_SHA256;
+		} 
+		argv++, argc--;
+	}
+
+	if (argc != 1) {
 		usage(stderr, prog);
 		exit(EXIT_FAILURE);
 	}
-	keyname = strdup(argv[1]);
+	keyname = strdup(argv[0]);
 
 	keyfp = fopen(keyname, "r");
 	if (!keyfp) {
@@ -56,7 +73,7 @@ main(int argc, char *argv[])
 	owner = ldns_rdf2str(ldns_rr_owner(k));
 	alg = ldns_rdf2native_int8(ldns_rr_dnskey_algorithm(k));
 
-	ds = ldns_key_rr2ds(k);
+	ds = ldns_key_rr2ds(k, LDNS_SHA1);
 	if (!ds) {
 		fprintf(stderr, "Conversion to a DS RR failed\n");
 		exit(EXIT_FAILURE);
diff --git a/examples/ldns-keygen.c b/examples/ldns-keygen.c
index e4402be6..bade0f96 100644
--- a/examples/ldns-keygen.c
+++ b/examples/ldns-keygen.c
@@ -135,7 +135,7 @@ main(int argc, char *argv[])
 	ldns_key_set_keytag(key, ldns_calc_keytag(pubkey));
 
 	/* build the DS record */
-	ds = ldns_key_rr2ds(pubkey);
+	ds = ldns_key_rr2ds(pubkey, LDNS_SHA1);
 
 	/* print the public key RR to .key */
 	filename = LDNS_XMALLOC(char, strlen(owner) + 17);
diff --git a/ldns/dnssec.h b/ldns/dnssec.h
index 3406f159..b076a83e 100644
--- a/ldns/dnssec.h
+++ b/ldns/dnssec.h
@@ -114,9 +114,10 @@ RSA *ldns_key_buf2rsa(ldns_buffer *key);
  * returns a new DS rr that represents the given key rr.
  *
  * \param[in] *key the key to convert
+ * \param[in] h the hash to use LDNS_SHA1/LDNS_SHA256
  * \return ldns_rr* a new rr pointer to a DS
  */
-ldns_rr *ldns_key_rr2ds(const ldns_rr *key);
+ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h);
 
 /* sign functions */
 
diff --git a/libdns.vim b/libdns.vim
index 896382a8..6ff7669a 100644
--- a/libdns.vim
+++ b/libdns.vim
@@ -305,6 +305,7 @@ syn keyword  ldnsConstant LDNS_APL_IP6
 syn keyword  ldnsType   ldns_key
 syn keyword  ldnsType   ldns_key_list
 syn keyword  ldnsType   ldns_signing_algorithm
+syn keyword  ldnsType   ldns_hash
 
 " ldns/dnssec.h
 syn keyword  ldnsConstant	LDNS_MAX_KEYLEN
diff --git a/rr.c b/rr.c
index 0c7a9c33..3ea8b22d 100644
--- a/rr.c
+++ b/rr.c
@@ -1210,12 +1210,12 @@ ldns_rr_compare_ds(const ldns_rr *orr1, const ldns_rr *orr2)
 #ifdef HAVE_SSL
 	if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DS &&
 	    ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DNSKEY) {
-	    	ds_repr = ldns_key_rr2ds(rr2);
+	    	ds_repr = ldns_key_rr2ds(rr2, LDNS_SHA1);
 	    	result = (ldns_rr_compare(rr1, ds_repr) == 0);
 	    	ldns_rr_free(ds_repr);
 	} else if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DNSKEY &&
 	    ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DS) {
-	    	ds_repr = ldns_key_rr2ds(rr1);
+	    	ds_repr = ldns_key_rr2ds(rr1, LDNS_SHA1);
 	    	result = (ldns_rr_compare(rr2, ds_repr) == 0);
 	    	ldns_rr_free(ds_repr);
 	} else {