Changed to use polarssl HMAC for SHA

diff --git a/modules/tinydnsbackend/data.cdb b/modules/tinydnsbackend/data.cdb
index 5e8a046ebd001047093d59f041b888425c181ac1..fee3161d3cdda7c33250dfa61be5c75a54ebe16d 100644 (file)
Binary files a/modules/tinydnsbackend/data.cdb and b/modules/tinydnsbackend/data.cdb differ

diff --git a/modules/tinydnsbackend/generate-data.sh b/modules/tinydnsbackend/generate-data.sh
index 74310c53232cf12978cf4e3d4e3528cdce2edfae..a677fa70181e2a267e2e1befd6cbcb4554c31fb0 100755 (executable)
--- a/modules/tinydnsbackend/generate-data.sh
+++ b/modules/tinydnsbackend/generate-data.sh
@@ -47,6 +47,7 @@ do
        cat $zone.out >> data
        rm $zone.out
 done
-$tinydnsdata
 
-kill $(cat ../../regression-tests/pdns.pid)
\ No newline at end of file
+$tinydnsdata  
+
+kill $(cat ../../regression-tests/pdns.pid)

diff --git a/pdns/dnssecinfra.cc b/pdns/dnssecinfra.cc
index 2c4bd1cb8d737655cb08883e3f41cfc84dcafbc7..86b99e0c49b32fbd134a592142aabaa3be0bc517 100644 (file)
--- a/pdns/dnssecinfra.cc
+++ b/pdns/dnssecinfra.cc
@@ -452,72 +452,51 @@ string calculateMD5HMAC(const std::string& key_, const std::string& text)
   return md5_2.get();
 }
 
-string calculateSHAHMAC(const std::string& key_, const std::string& text, TSIGHashEnum hasher)
+string calculateSHAHMAC(const std::string& key, const std::string& text, TSIGHashEnum hasher)
 {
-  unsigned char key[64] = {0};
-  key_.copy((char*)key,64); 
-  unsigned char keyIpad[64];
-  unsigned char keyOpad[64];
+  std::string res;
+  unsigned char hash[64];
 
-  //~ cerr<<"Key: "<<makeHexDump(key_)<<endl;
-  //~ cerr<<"txt: "<<makeHexDump(text)<<endl;
-
-  for(unsigned int n=0; n < 64; ++n) {
-    if(n < key_.length()) {
-      keyIpad[n] = (unsigned char)(key[n] ^ 0x36);
-      keyOpad[n] = (unsigned char)(key[n] ^ 0x5c);
-    }
-    else  {
-      keyIpad[n]=0x36;
-      keyOpad[n]=0x5c;
-    }
-  }
-  
   switch(hasher) {
   case TSIG_SHA1:
   {
-      SHA1Summer s1,s2;
-      s1.feed((const char*)keyIpad, 64);
-      s1.feed(text);
-      s2.feed((const char*)keyOpad, 64);
-      s2.feed(s1.get());
-      return s2.get();
+      sha1_context ctx;
+      sha1_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size());
+      sha1_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+      sha1_hmac_finish(&ctx, hash);
+      res.assign(reinterpret_cast<const char*>(hash), 20);
   };
   case TSIG_SHA224:
   {
-      SHA224Summer s1,s2;
-      s1.feed((const char*)keyIpad, 64);
-      s1.feed(text);
-      s2.feed((const char*)keyOpad, 64);
-      s2.feed(s1.get());
-      return s2.get();
+      sha2_context ctx;
+      sha2_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), 1);
+      sha2_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+      sha2_hmac_finish(&ctx, hash);
+      res.assign(reinterpret_cast<const char*>(hash), 32);
   };
   case TSIG_SHA256:
   {
-      SHA256Summer s1,s2;
-      s1.feed((const char*)keyIpad, 64);
-      s1.feed(text);
-      s2.feed((const char*)keyOpad, 64);
-      s2.feed(s1.get());
-      return s2.get();
+      sha2_context ctx;
+      sha2_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), 0);
+      sha2_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+      sha2_hmac_finish(&ctx, hash);
+      res.assign(reinterpret_cast<const char*>(hash), 32);
   };
   case TSIG_SHA384:
   {
-      SHA384Summer s1,s2;
-      s1.feed((const char*)keyIpad, 64);
-      s1.feed(text);
-      s2.feed((const char*)keyOpad, 64);
-      s2.feed(s1.get());
-      return s2.get();
+      sha4_context ctx;
+      sha4_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), 1);
+      sha4_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+      sha4_hmac_finish(&ctx, hash);
+      res.assign(reinterpret_cast<const char*>(hash), 64);
   };
   case TSIG_SHA512:
   {
-      SHA512Summer s1,s2;
-      s1.feed((const char*)keyIpad, 64);
-      s1.feed(text);
-      s2.feed((const char*)keyOpad, 64);
-      s2.feed(s1.get());
-      return s2.get();
+      sha4_context ctx;
+      sha4_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), 0);
+      sha4_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+      sha4_hmac_finish(&ctx, hash);
+      res.assign(reinterpret_cast<const char*>(hash), 64);
   };
   default:
     throw new PDNSException("Unknown hash algorithm requested for SHA");

diff --git a/regression-tests.nobackend/tinydns-data-check/expected_result b/regression-tests.nobackend/tinydns-data-check/expected_result
index ffbc6cfc7f1d150b1f61f3d418f472a7af693043..523cbce9476c3515678fabd1e843de167b0a963a 100644 (file)
--- a/regression-tests.nobackend/tinydns-data-check/expected_result
+++ b/regression-tests.nobackend/tinydns-data-check/expected_result
@@ -6,5 +6,5 @@ a2dd754820cb88fdd3d80b54a212a270  ../regression-tests/test.com
 42dd3a56c7d268e75836371878819ec4  ../regression-tests/delegated.dnssec-parent.com
 a63dc120391d9df0003f2ec4f461a6af  ../regression-tests/secure-delegated.dnssec-parent.com
 24514dc104b22206daeb973ff9303545  ../regression-tests/minimal.com
-f77817aafda5cd6a8e3d4ac998be6fff  ../modules/tinydnsbackend/data.cdb
 0b20d7a0250576451135483b863750bf  ../regression-tests/tsig.com
+3dfdde25a811ab2d769b6e0838280e61  ../modules/tinydnsbackend/data.cdb