2011-01-28 01:52:58 +11:00
|
|
|
package dns
|
|
|
|
|
2011-03-08 07:56:36 +11:00
|
|
|
import (
|
2011-12-10 07:45:57 +11:00
|
|
|
"crypto/sha1"
|
2011-03-08 08:47:20 +11:00
|
|
|
"hash"
|
2011-12-17 01:08:44 +11:00
|
|
|
"io"
|
2011-03-08 08:47:20 +11:00
|
|
|
"strings"
|
2011-03-08 07:56:36 +11:00
|
|
|
)
|
|
|
|
|
2011-03-08 08:47:20 +11:00
|
|
|
type saltWireFmt struct {
|
|
|
|
Salt string "size-hex"
|
|
|
|
}
|
2011-01-28 01:52:58 +11:00
|
|
|
|
2011-09-09 03:41:26 +10:00
|
|
|
// HashName hashes a string or label according to RFC5155. It returns
|
|
|
|
// the hashed string.
|
|
|
|
func HashName(label string, ha int, iterations int, salt string) string {
|
2011-03-08 08:47:20 +11:00
|
|
|
saltwire := new(saltWireFmt)
|
|
|
|
saltwire.Salt = salt
|
|
|
|
wire := make([]byte, DefaultMsgSize)
|
|
|
|
n, ok := packStruct(saltwire, wire, 0)
|
|
|
|
if !ok {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
wire = wire[:n]
|
2011-03-10 00:27:41 +11:00
|
|
|
name := make([]byte, 255)
|
2011-10-07 05:16:23 +11:00
|
|
|
off, ok1 := PackDomainName(strings.ToLower(label), name, 0)
|
2011-03-08 08:47:20 +11:00
|
|
|
if !ok1 {
|
|
|
|
return ""
|
|
|
|
}
|
2011-03-10 00:27:41 +11:00
|
|
|
name = name[:off]
|
2011-03-08 08:47:20 +11:00
|
|
|
var s hash.Hash
|
|
|
|
switch ha {
|
2011-07-09 01:27:44 +10:00
|
|
|
case SHA1:
|
2011-03-08 08:47:20 +11:00
|
|
|
s = sha1.New()
|
2011-03-24 19:24:49 +11:00
|
|
|
default:
|
|
|
|
return ""
|
2011-03-08 08:47:20 +11:00
|
|
|
}
|
|
|
|
|
|
|
|
// k = 0
|
2011-03-10 00:27:41 +11:00
|
|
|
name = append(name, wire...)
|
2011-12-17 01:08:44 +11:00
|
|
|
io.WriteString(s, string(name))
|
|
|
|
nsec3 := s.Sum(nil)
|
2011-03-24 19:24:49 +11:00
|
|
|
// k > 0
|
|
|
|
for k := 0; k < iterations; k++ {
|
|
|
|
s.Reset()
|
|
|
|
nsec3 = append(nsec3, wire...)
|
2011-12-09 21:16:49 +11:00
|
|
|
nsec3 = s.Sum(nsec3)
|
2011-03-24 19:24:49 +11:00
|
|
|
}
|
2011-03-08 08:47:20 +11:00
|
|
|
return unpackBase32(nsec3)
|
2011-03-08 07:56:36 +11:00
|
|
|
}
|
2011-03-10 04:54:55 +11:00
|
|
|
|
2011-03-31 00:44:28 +11:00
|
|
|
// Hash the ownername and the next owner name in an NSEC3 record according
|
|
|
|
// to RFC 5155.
|
|
|
|
// Use the parameters from the NSEC3 itself.
|
2011-03-10 04:54:55 +11:00
|
|
|
func (nsec3 *RR_NSEC3) HashNames() {
|
2011-09-09 05:54:48 +10:00
|
|
|
nsec3.Header().Name = HashName(nsec3.Header().Name, int(nsec3.Hash), int(nsec3.Iterations), nsec3.Salt)
|
|
|
|
nsec3.NextDomain = HashName(nsec3.NextDomain, int(nsec3.Hash), int(nsec3.Iterations), nsec3.Salt)
|
2011-03-10 04:54:55 +11:00
|
|
|
}
|
2011-09-16 04:13:21 +10:00
|
|
|
|
|
|
|
// NsecVerify verifies the negative response (NXDOMAIN/NODATA) in
|
|
|
|
// the message m.
|
|
|
|
// NsecVerify returns nil when the NSECs in the message contain
|
|
|
|
// the correct proof. This function does not validates the NSECs
|
2011-11-03 09:06:54 +11:00
|
|
|
func (m *Msg) NsecVerify(q Question) error {
|
2011-09-16 04:13:21 +10:00
|
|
|
|
2011-11-03 09:06:54 +11:00
|
|
|
return nil
|
2011-09-16 04:13:21 +10:00
|
|
|
}
|
|
|
|
|
|
|
|
// Nsec3Verify verifies ...
|
2011-11-03 09:06:54 +11:00
|
|
|
func (m *Msg) Nsec3Verify(q Question) error {
|
2011-09-16 04:13:21 +10:00
|
|
|
|
2011-11-03 09:06:54 +11:00
|
|
|
return nil
|
2011-09-16 04:13:21 +10:00
|
|
|
}
|