From: Aki Tuomi <cmouse@desteem.org>
Date: Tue, 3 Sep 2013 12:06:38 +0000 (+0300)
Subject: Changed to use polarssl HMAC for SHA
X-Git-Tag: rec-3.6.0-rc1~468^2~2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=910103513763b513acb20578a7c6e7db99d077bb;p=thirdparty%2Fpdns.git

Changed to use polarssl HMAC for SHA
---

diff --git a/modules/tinydnsbackend/data.cdb b/modules/tinydnsbackend/data.cdb
index 5e8a046ebd..fee3161d3c 100644
Binary files a/modules/tinydnsbackend/data.cdb and b/modules/tinydnsbackend/data.cdb differ
diff --git a/modules/tinydnsbackend/generate-data.sh b/modules/tinydnsbackend/generate-data.sh
index 74310c5323..a677fa7018 100755
--- a/modules/tinydnsbackend/generate-data.sh
+++ b/modules/tinydnsbackend/generate-data.sh
@@ -47,6 +47,7 @@ do
 	cat $zone.out >> data
 	rm $zone.out
 done
-$tinydnsdata
 
-kill $(cat ../../regression-tests/pdns.pid)
\ No newline at end of file
+$tinydnsdata  
+
+kill $(cat ../../regression-tests/pdns.pid)
diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc
index 2c4bd1cb8d..86b99e0c49 100644
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -452,72 +452,51 @@ string calculateMD5HMAC(const std::string& key_, const std::string& text)
   return md5_2.get();
 }
 
-string calculateSHAHMAC(const std::string& key_, const std::string& text, TSIGHashEnum hasher)
+string calculateSHAHMAC(const std::string& key, const std::string& text, TSIGHashEnum hasher)
 {
-  unsigned char key[64] = {0};
-  key_.copy((char*)key,64); 
-  unsigned char keyIpad[64];
-  unsigned char keyOpad[64];
+  std::string res;
+  unsigned char hash[64];
 
-  //~ cerr<<"Key: "<<makeHexDump(key_)<<endl;
-  //~ cerr<<"txt: "<<makeHexDump(text)<<endl;
-
-  for(unsigned int n=0; n < 64; ++n) {
-    if(n < key_.length()) {
-      keyIpad[n] = (unsigned char)(key[n] ^ 0x36);
-      keyOpad[n] = (unsigned char)(key[n] ^ 0x5c);
-    }
-    else  {
-      keyIpad[n]=0x36;
-      keyOpad[n]=0x5c;
-    }
-  }
-  
   switch(hasher) {
   case TSIG_SHA1:
   {
-      SHA1Summer s1,s2;
-      s1.feed((const char*)keyIpad, 64);
-      s1.feed(text);
-      s2.feed((const char*)keyOpad, 64);
-      s2.feed(s1.get());
-      return s2.get();
+      sha1_context ctx;
+      sha1_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size());
+      sha1_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+      sha1_hmac_finish(&ctx, hash);
+      res.assign(reinterpret_cast<const char*>(hash), 20);
   };
   case TSIG_SHA224:
   {
-      SHA224Summer s1,s2;
-      s1.feed((const char*)keyIpad, 64);
-      s1.feed(text);
-      s2.feed((const char*)keyOpad, 64);
-      s2.feed(s1.get());
-      return s2.get();
+      sha2_context ctx;
+      sha2_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), 1);
+      sha2_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+      sha2_hmac_finish(&ctx, hash);
+      res.assign(reinterpret_cast<const char*>(hash), 32);
   };
   case TSIG_SHA256:
   {
-      SHA256Summer s1,s2;
-      s1.feed((const char*)keyIpad, 64);
-      s1.feed(text);
-      s2.feed((const char*)keyOpad, 64);
-      s2.feed(s1.get());
-      return s2.get();
+      sha2_context ctx;
+      sha2_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), 0);
+      sha2_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+      sha2_hmac_finish(&ctx, hash);
+      res.assign(reinterpret_cast<const char*>(hash), 32);
   };
   case TSIG_SHA384:
   {
-      SHA384Summer s1,s2;
-      s1.feed((const char*)keyIpad, 64);
-      s1.feed(text);
-      s2.feed((const char*)keyOpad, 64);
-      s2.feed(s1.get());
-      return s2.get();
+      sha4_context ctx;
+      sha4_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), 1);
+      sha4_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+      sha4_hmac_finish(&ctx, hash);
+      res.assign(reinterpret_cast<const char*>(hash), 64);
   };
   case TSIG_SHA512:
   {
-      SHA512Summer s1,s2;
-      s1.feed((const char*)keyIpad, 64);
-      s1.feed(text);
-      s2.feed((const char*)keyOpad, 64);
-      s2.feed(s1.get());
-      return s2.get();
+      sha4_context ctx;
+      sha4_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), 0);
+      sha4_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+      sha4_hmac_finish(&ctx, hash);
+      res.assign(reinterpret_cast<const char*>(hash), 64);
   };
   default:
     throw new PDNSException("Unknown hash algorithm requested for SHA");
diff --git a/regression-tests.nobackend/tinydns-data-check/expected_result b/regression-tests.nobackend/tinydns-data-check/expected_result
index ffbc6cfc7f..523cbce947 100644
--- a/regression-tests.nobackend/tinydns-data-check/expected_result
+++ b/regression-tests.nobackend/tinydns-data-check/expected_result
@@ -6,5 +6,5 @@ a2dd754820cb88fdd3d80b54a212a270  ../regression-tests/test.com
 42dd3a56c7d268e75836371878819ec4  ../regression-tests/delegated.dnssec-parent.com
 a63dc120391d9df0003f2ec4f461a6af  ../regression-tests/secure-delegated.dnssec-parent.com
 24514dc104b22206daeb973ff9303545  ../regression-tests/minimal.com
-f77817aafda5cd6a8e3d4ac998be6fff  ../modules/tinydnsbackend/data.cdb
 0b20d7a0250576451135483b863750bf  ../regression-tests/tsig.com
+3dfdde25a811ab2d769b6e0838280e61  ../modules/tinydnsbackend/data.cdb