dns/nsec3.go

package dns

import (
	"hash"
	"strings"
	"crypto/sha1"
)

type saltWireFmt struct {
	Salt string "size-hex"
}

// HashName hashes a string or label according to RFC5155. It returns
// the hashed string.
func HashName(label string, ha int, iterations int, salt string) string {
	saltwire := new(saltWireFmt)
	saltwire.Salt = salt
	wire := make([]byte, DefaultMsgSize)
	n, ok := packStruct(saltwire, wire, 0)
	if !ok {
		return ""
	}
	wire = wire[:n]
	name := make([]byte, 255)
	off, ok1 := PackDomainName(strings.ToLower(label), name, 0)
	if !ok1 {
		return ""
	}
	name = name[:off]
	var s hash.Hash
	switch ha {
	case SHA1:
		s = sha1.New()
	default:
		return ""
	}

	// k = 0
	name = append(name, wire...)
	nsec3 := s.Sum(name)
	// k > 0
	for k := 0; k < iterations; k++ {
		s.Reset()
		nsec3 = append(nsec3, wire...)
		nsec3 = s.Sum(nsec3)
	}
	return unpackBase32(nsec3)
}

// Hash the ownername and the next owner name in an NSEC3 record according
// to RFC 5155.
// Use the parameters from the NSEC3 itself.
func (nsec3 *RR_NSEC3) HashNames() {
	nsec3.Header().Name = HashName(nsec3.Header().Name, int(nsec3.Hash), int(nsec3.Iterations), nsec3.Salt)
	nsec3.NextDomain = HashName(nsec3.NextDomain, int(nsec3.Hash), int(nsec3.Iterations), nsec3.Salt)
}

// NsecVerify verifies the negative response (NXDOMAIN/NODATA) in 
// the message m. 
// NsecVerify returns nil when the NSECs in the message contain
// the correct proof. This function does not validates the NSECs
func (m *Msg) NsecVerify(q Question) error {

	return nil
}

// Nsec3Verify verifies ...
func (m *Msg) Nsec3Verify(q Question) error {

	return nil
}
add start for nsec3 2011-01-27 14:52:58 +00:00			`package dns`

More NSEC3 stuff 2011-03-07 20:56:36 +00:00			`import (`
Add nsec3 hashing (non working atm) 2011-03-07 21:47:20 +00:00			`"hash"`
			`"strings"`
			`"crypto/sha1"`
More NSEC3 stuff 2011-03-07 20:56:36 +00:00			`)`

Add nsec3 hashing (non working atm) 2011-03-07 21:47:20 +00:00			`type saltWireFmt struct {`
			`Salt string "size-hex"`
			`}`
add start for nsec3 2011-01-27 14:52:58 +00:00
documentation 2011-09-08 17:41:26 +00:00			`// HashName hashes a string or label according to RFC5155. It returns`
			`// the hashed string.`
			`func HashName(label string, ha int, iterations int, salt string) string {`
Add nsec3 hashing (non working atm) 2011-03-07 21:47:20 +00:00			`saltwire := new(saltWireFmt)`
			`saltwire.Salt = salt`
			`wire := make([]byte, DefaultMsgSize)`
			`n, ok := packStruct(saltwire, wire, 0)`
			`if !ok {`
			`return ""`
			`}`
			`wire = wire[:n]`
implement nsec3 label hashing 2011-03-09 13:27:41 +00:00			`name := make([]byte, 255)`
export Unpack/PackDomainName 2011-10-06 18:16:23 +00:00			`off, ok1 := PackDomainName(strings.ToLower(label), name, 0)`
Add nsec3 hashing (non working atm) 2011-03-07 21:47:20 +00:00			`if !ok1 {`
			`return ""`
			`}`
implement nsec3 label hashing 2011-03-09 13:27:41 +00:00			`name = name[:off]`
Add nsec3 hashing (non working atm) 2011-03-07 21:47:20 +00:00			`var s hash.Hash`
			`switch ha {`
Drop the Alg and Hash prefixes 2011-07-08 15:27:44 +00:00			`case SHA1:`
Add nsec3 hashing (non working atm) 2011-03-07 21:47:20 +00:00			`s = sha1.New()`
Formatting 2011-03-24 08:24:49 +00:00			`default:`
			`return ""`
Add nsec3 hashing (non working atm) 2011-03-07 21:47:20 +00:00			`}`

			`// k = 0`
implement nsec3 label hashing 2011-03-09 13:27:41 +00:00			`name = append(name, wire...)`
Update to the latest weekly: weekly/weekly.2011-12-06 The new time API must still be used. But for now it compiles. All DNSSEC/TSIG timing is probably broken 2011-12-09 10:16:49 +00:00			`nsec3 := s.Sum(name)`
Formatting 2011-03-24 08:24:49 +00:00			`// k > 0`
			`for k := 0; k < iterations; k++ {`
			`s.Reset()`
			`nsec3 = append(nsec3, wire...)`
Update to the latest weekly: weekly/weekly.2011-12-06 The new time API must still be used. But for now it compiles. All DNSSEC/TSIG timing is probably broken 2011-12-09 10:16:49 +00:00			`nsec3 = s.Sum(nsec3)`
Formatting 2011-03-24 08:24:49 +00:00			`}`
Add nsec3 hashing (non working atm) 2011-03-07 21:47:20 +00:00			`return unpackBase32(nsec3)`
More NSEC3 stuff 2011-03-07 20:56:36 +00:00			`}`
add nsec3 hashnames method 2011-03-09 17:54:55 +00:00
documentation 2011-03-30 13:44:28 +00:00			`// Hash the ownername and the next owner name in an NSEC3 record according`
			`// to RFC 5155.`
			`// Use the parameters from the NSEC3 itself.`
add nsec3 hashnames method 2011-03-09 17:54:55 +00:00			`func (nsec3 *RR_NSEC3) HashNames() {`
Make nsec3.go compile 2011-09-08 19:54:48 +00:00			`nsec3.Header().Name = HashName(nsec3.Header().Name, int(nsec3.Hash), int(nsec3.Iterations), nsec3.Salt)`
			`nsec3.NextDomain = HashName(nsec3.NextDomain, int(nsec3.Hash), int(nsec3.Iterations), nsec3.Salt)`
add nsec3 hashnames method 2011-03-09 17:54:55 +00:00			`}`
start with nsec3 proving 2011-09-15 18:13:21 +00:00
			`// NsecVerify verifies the negative response (NXDOMAIN/NODATA) in`
			`// the message m.`
			`// NsecVerify returns nil when the NSECs in the message contain`
			`// the correct proof. This function does not validates the NSECs`
Fixes the latest weekly 2011-11-02 22:06:54 +00:00			`func (m *Msg) NsecVerify(q Question) error {`
start with nsec3 proving 2011-09-15 18:13:21 +00:00
Fixes the latest weekly 2011-11-02 22:06:54 +00:00			`return nil`
start with nsec3 proving 2011-09-15 18:13:21 +00:00			`}`

			`// Nsec3Verify verifies ...`
Fixes the latest weekly 2011-11-02 22:06:54 +00:00			`func (m *Msg) Nsec3Verify(q Question) error {`
start with nsec3 proving 2011-09-15 18:13:21 +00:00
Fixes the latest weekly 2011-11-02 22:06:54 +00:00			`return nil`
start with nsec3 proving 2011-09-15 18:13:21 +00:00			`}`