Fix NSEC3 calculation
This commit is contained in:
parent
27150f3e0a
commit
32a0b4a6f2
16
nsec3.go
16
nsec3.go
|
@ -11,8 +11,7 @@ type saltWireFmt struct {
|
||||||
Salt string "size-hex"
|
Salt string "size-hex"
|
||||||
}
|
}
|
||||||
|
|
||||||
// HashName hashes a string or label according to RFC5155. It returns
|
// HashName hashes a string or label according to RFC5155. It returns the hashed string.
|
||||||
// the hashed string.
|
|
||||||
func HashName(label string, ha, iter int, salt string) string {
|
func HashName(label string, ha, iter int, salt string) string {
|
||||||
saltwire := new(saltWireFmt)
|
saltwire := new(saltWireFmt)
|
||||||
saltwire.Salt = salt
|
saltwire.Salt = salt
|
||||||
|
@ -50,16 +49,15 @@ func HashName(label string, ha, iter int, salt string) string {
|
||||||
return unpackBase32(nsec3)
|
return unpackBase32(nsec3)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Hash the ownername and the next owner name in an NSEC3 record according
|
// HashNames hashes the ownername and the next owner name in an NSEC3 record according to RFC 5155.
|
||||||
// to RFC 5155.
|
// It uses the paramaters as set in the NSEC3 record. The string zone is appended to the hashed
|
||||||
// Use the parameters from the NSEC3 itself.
|
// ownername.
|
||||||
func (nsec3 *RR_NSEC3) HashNames() {
|
func (nsec3 *RR_NSEC3) HashNames(zone string) {
|
||||||
nsec3.Header().Name = HashName(nsec3.Header().Name, int(nsec3.Hash), int(nsec3.Iterations), nsec3.Salt)
|
nsec3.Header().Name = strings.ToLower(HashName(nsec3.Header().Name, int(nsec3.Hash), int(nsec3.Iterations), nsec3.Salt)) + "." + zone
|
||||||
nsec3.NextDomain = HashName(nsec3.NextDomain, int(nsec3.Hash), int(nsec3.Iterations), nsec3.Salt)
|
nsec3.NextDomain = HashName(nsec3.NextDomain, int(nsec3.Hash), int(nsec3.Iterations), nsec3.Salt)
|
||||||
}
|
}
|
||||||
|
|
||||||
// NsecVerify verifies the negative response (NXDOMAIN/NODATA) in
|
// NsecVerify verifies the negative response (NXDOMAIN/NODATA) in the message m.
|
||||||
// the message m.
|
|
||||||
// NsecVerify returns nil when the NSECs in the message contain
|
// NsecVerify returns nil when the NSECs in the message contain
|
||||||
// the correct proof. This function does not validates the NSECs
|
// the correct proof. This function does not validates the NSECs
|
||||||
func (m *Msg) NsecVerify(q Question) error {
|
func (m *Msg) NsecVerify(q Question) error {
|
||||||
|
|
Loading…
Reference in New Issue