1 /*------------------------------------------------------------------------------
2  *
3  * Copyright (c) 2011-2021, EURid vzw. All rights reserved.
4  * The YADIFA TM software product is provided under the BSD 3-clause license:
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  *        * Redistributions of source code must retain the above copyright
11  *          notice, this list of conditions and the following disclaimer.
12  *        * Redistributions in binary form must reproduce the above copyright
13  *          notice, this list of conditions and the following disclaimer in the
14  *          documentation and/or other materials provided with the distribution.
15  *        * Neither the name of EURid nor the names of its contributors may be
16  *          used to endorse or promote products derived from this software
17  *          without specific prior written permission.
18  *
19  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22  * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
23  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29  * POSSIBILITY OF SUCH DAMAGE.
30  *
31  *------------------------------------------------------------------------------
32  *
33  */
34 
35 /** @defgroup nsec3 NSEC3 functions
36  *  @ingroup dnsdbdnssec
37  *  @brief
38  *
39  *
40  *
41  * @{
42  */
43 /*------------------------------------------------------------------------------
44  *
45  * USE INCLUDES */
46 #include "dnscore/dnscore-config.h"
47 #include <stdio.h>
48 #include <stdlib.h>
49 
50 #include "dnscore/dnssec_errors.h"
51 #include "dnscore/nsec3-hash.h"
52 #include "dnscore/digest.h"
53 
54 /******************************************************************************
55  *
56  * Digest - related methods.
57  *
58  *****************************************************************************/
59 
60 static u8 WILDCARD_PREFIX[2] = {1, '*'};
61 
62 static ya_result
nsec3_hash_unsupported_function(const u8 * name,u32 name_len,const u8 * salt,u32 salt_len,u32 iterations,u8 * digest,bool wild)63 nsec3_hash_unsupported_function(const u8* name, u32 name_len, const u8* salt, u32 salt_len, u32 iterations, u8* digest, bool wild)
64 {
65     (void)name;
66     (void)name_len;
67     (void)salt;
68     (void)salt_len;
69     (void)iterations;
70     (void)digest;
71     (void)wild;
72 
73     return DNSSEC_ERROR_UNSUPPORTEDDIGESTALGORITHM;
74 }
75 
76 static ya_result
nsec3_hash_sha1_function(const u8 * name,u32 name_len,const u8 * salt,u32 salt_len,u32 iterations,u8 * digest,bool wild)77 nsec3_hash_sha1_function(const u8* name, u32 name_len, const u8* salt, u32 salt_len, u32 iterations, u8* digest, bool wild)
78 {
79     digest_s sha1;
80     digest_sha1_init(&sha1);
81 
82     if(wild)
83     {
84         digest_update(&sha1, WILDCARD_PREFIX, 2);
85     }
86 
87     digest_update(&sha1, name, name_len);
88     digest_update(&sha1, salt, salt_len);
89 
90     digest_final_copy_bytes(&sha1, digest, SHA_DIGEST_LENGTH); // generates NSEC3 hash : safe use
91 
92     for(; iterations > 0; iterations--)
93     {
94         digest_sha1_init(&sha1);
95         digest_update(&sha1, digest, SHA_DIGEST_LENGTH);
96         digest_update(&sha1, salt, salt_len);
97         digest_final_copy_bytes(&sha1, digest, SHA_DIGEST_LENGTH); // generates NSEC3 hash : safe use
98     }
99 
100     return SUCCESS;
101 }
102 
103 /**
104  *
105  * Returns the (NSEC3) hashing function for an algorithm
106  *
107  * If the algorithm is not supported, the returned function will
108  * always return DNSSEC_ERROR_UNSUPPORTEDDIGESTALGORITHM.
109  *
110  * A typical usage for this is :
111  *
112  * get_nsec3_hash_function(NSEC3_ZONE_ALGORITHM(n3))(name, ...... )
113  * |_______________________________________________||_____________|
114  *  Get the digest function pointer		    Call the returned function
115  *
116  * @param algorithm the algorithm id
117  * @return the hashing function
118  *
119  */
120 
121 nsec3_hash_function*
nsec3_hash_get_function(u8 algorithm)122 nsec3_hash_get_function(u8 algorithm)
123 {
124     switch(algorithm)
125     {
126         case 1:
127             return &nsec3_hash_sha1_function;
128 
129         default:
130             return &nsec3_hash_unsupported_function;
131     }
132 }
133 
134 
135 /**
136  * Returns the size in bytes of the hash computed by hashing function algorithm
137  *
138  * @param algorithm the algorithm id
139  * @return size in bytes of the computed hash or 0 if the function is not supported
140  */
141 
142 u8
nsec3_hash_len(u8 algorithm)143 nsec3_hash_len(u8 algorithm)
144 {
145     switch(algorithm)
146     {
147         case 1:
148             return SHA_DIGEST_LENGTH;
149         default:
150             return 0;
151     }
152 }
153 
154 /** @} */
155