1 /*------------------------------------------------------------------------------
2 *
3 * Copyright (c) 2011-2021, EURid vzw. All rights reserved.
4 * The YADIFA TM software product is provided under the BSD 3-clause license:
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * * Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * * Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * * Neither the name of EURid nor the names of its contributors may be
16 * used to endorse or promote products derived from this software
17 * without specific prior written permission.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
23 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 * POSSIBILITY OF SUCH DAMAGE.
30 *
31 *------------------------------------------------------------------------------
32 *
33 */
34
35 /** @defgroup nsec3 NSEC3 functions
36 * @ingroup dnsdbdnssec
37 * @brief
38 *
39 *
40 *
41 * @{
42 */
43 /*------------------------------------------------------------------------------
44 *
45 * USE INCLUDES */
46 #include "dnscore/dnscore-config.h"
47 #include <stdio.h>
48 #include <stdlib.h>
49
50 #include "dnscore/dnssec_errors.h"
51 #include "dnscore/nsec3-hash.h"
52 #include "dnscore/digest.h"
53
54 /******************************************************************************
55 *
56 * Digest - related methods.
57 *
58 *****************************************************************************/
59
60 static u8 WILDCARD_PREFIX[2] = {1, '*'};
61
62 static ya_result
nsec3_hash_unsupported_function(const u8 * name,u32 name_len,const u8 * salt,u32 salt_len,u32 iterations,u8 * digest,bool wild)63 nsec3_hash_unsupported_function(const u8* name, u32 name_len, const u8* salt, u32 salt_len, u32 iterations, u8* digest, bool wild)
64 {
65 (void)name;
66 (void)name_len;
67 (void)salt;
68 (void)salt_len;
69 (void)iterations;
70 (void)digest;
71 (void)wild;
72
73 return DNSSEC_ERROR_UNSUPPORTEDDIGESTALGORITHM;
74 }
75
76 static ya_result
nsec3_hash_sha1_function(const u8 * name,u32 name_len,const u8 * salt,u32 salt_len,u32 iterations,u8 * digest,bool wild)77 nsec3_hash_sha1_function(const u8* name, u32 name_len, const u8* salt, u32 salt_len, u32 iterations, u8* digest, bool wild)
78 {
79 digest_s sha1;
80 digest_sha1_init(&sha1);
81
82 if(wild)
83 {
84 digest_update(&sha1, WILDCARD_PREFIX, 2);
85 }
86
87 digest_update(&sha1, name, name_len);
88 digest_update(&sha1, salt, salt_len);
89
90 digest_final_copy_bytes(&sha1, digest, SHA_DIGEST_LENGTH); // generates NSEC3 hash : safe use
91
92 for(; iterations > 0; iterations--)
93 {
94 digest_sha1_init(&sha1);
95 digest_update(&sha1, digest, SHA_DIGEST_LENGTH);
96 digest_update(&sha1, salt, salt_len);
97 digest_final_copy_bytes(&sha1, digest, SHA_DIGEST_LENGTH); // generates NSEC3 hash : safe use
98 }
99
100 return SUCCESS;
101 }
102
103 /**
104 *
105 * Returns the (NSEC3) hashing function for an algorithm
106 *
107 * If the algorithm is not supported, the returned function will
108 * always return DNSSEC_ERROR_UNSUPPORTEDDIGESTALGORITHM.
109 *
110 * A typical usage for this is :
111 *
112 * get_nsec3_hash_function(NSEC3_ZONE_ALGORITHM(n3))(name, ...... )
113 * |_______________________________________________||_____________|
114 * Get the digest function pointer Call the returned function
115 *
116 * @param algorithm the algorithm id
117 * @return the hashing function
118 *
119 */
120
121 nsec3_hash_function*
nsec3_hash_get_function(u8 algorithm)122 nsec3_hash_get_function(u8 algorithm)
123 {
124 switch(algorithm)
125 {
126 case 1:
127 return &nsec3_hash_sha1_function;
128
129 default:
130 return &nsec3_hash_unsupported_function;
131 }
132 }
133
134
135 /**
136 * Returns the size in bytes of the hash computed by hashing function algorithm
137 *
138 * @param algorithm the algorithm id
139 * @return size in bytes of the computed hash or 0 if the function is not supported
140 */
141
142 u8
nsec3_hash_len(u8 algorithm)143 nsec3_hash_len(u8 algorithm)
144 {
145 switch(algorithm)
146 {
147 case 1:
148 return SHA_DIGEST_LENGTH;
149 default:
150 return 0;
151 }
152 }
153
154 /** @} */
155