Skip to content
Snippets Groups Projects
Select Git revision
  • clean-cached-cflags
  • base64-is-not-hexdump
  • fine-grained-mtime
  • use-source-date-epoch-for-docs
  • http-to-https
  • doc-cleanup
  • default-padding-policy
  • master default
  • journal2
  • mod-stats
  • libuv-tcp
  • 2.3
  • oldkeyremoval
  • journal
  • olddnssec
  • kntimers
  • yp_dynamic_schema
  • dnssec-cds
  • tests-faketime
  • module-geoip
  • v2.3.2
  • v2.3.1
  • v1.6.8
  • v2.3.0
  • v2.2.1
  • v2.2.0
  • v2.1.1
  • v1.6.7
  • v2.1.1-test
  • v2.1.0
  • v2.1.0-rc1
  • v1.6.6
  • v2.0.2
  • v2.0.1
  • v1.6.5-rosedb
  • v1.6.5
  • v2.0.0
  • v1.6.4-rosedb
  • v1.6.4
  • v2.0.0-rc1
40 results
Blame History Permalink
Forked from Knot projects / Knot DNS
11134 commits behind the upstream repository.
dnssec_nsec3.c 3.04 KiB 
/*  Copyright (C) 2013 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

#include <config.h>
#include <stdlib.h>
#include <string.h>
#include <tap/basic.h>

#include "common/descriptor.h"
#include "common/errcode.h"
#include "libknot/dname.h"
#include "libknot/consts.h"
#include "libknot/dnssec/nsec3.h"
#include "libknot/rrset.h"

int main(int argc, char *argv[])
{
	plan(10);

	int result = KNOT_EOK;

	// lengths of different hashes

	is_int(20, knot_nsec3_hash_length(1),
	   "raw hash length for SHA1");
	is_int(0, knot_nsec3_hash_length(42),
	   "raw hash length for unknown algorithm");
	is_int(32, knot_nsec3_hash_b32_length(1),
	   "B32 hash length for SHA1");
	is_int(0, knot_nsec3_hash_b32_length(42),
	   "B32 hash length for unknown algorithm");

	//  parsing NSEC3PARAMs from wire

	knot_nsec3_params_t params = { 0 };
	knot_rrset_t *rrset = NULL;
	uint8_t rdata[] = {
		0x01,                  // hash algorithm
		0x00,                  // flags
		0x00, 0x0a,            // iterations
		0x04,                  // salt length
		'a', 'b', 'c', 'd'     // salt
	};

	rrset = knot_rrset_new(NULL, KNOT_RRTYPE_NSEC3PARAM, KNOT_CLASS_IN, NULL);
	result = knot_rrset_add_rr(rrset, rdata, sizeof(rdata), 0, NULL);
	if (result == KNOT_EOK) {
		result = knot_nsec3_params_from_wire(&params, rrset);
	}

	is_int(1, params.algorithm, "parse algorithm from wire");
	is_int(0, params.flags, "parse flags from wire");
	is_int(10, params.iterations, "parse iterations from wire");
	is_int(4, params.salt_length, "parse salt length from wire");
	is_int(0, memcmp(params.salt, "abcd", 4), "parse salt from wire");

	knot_rrset_free(&rrset, NULL);
	knot_nsec3_params_free(&params);

	// hash computation

	params.algorithm = 1;
	params.flags = 0;
	params.iterations = 7;
	params.salt_length = 14;
	params.salt = (uint8_t *)strdup("happywithnsec3");

	const char *dname_str = "knot-dns.cz.";
	knot_dname_t *dname = knot_dname_from_str(dname_str);

	size_t digest_size = 0;
	uint8_t *digest = NULL;
	result = knot_nsec3_hash(&params, dname, knot_dname_size(dname),
	                         &digest, &digest_size);

	uint8_t expected[] = {
		0x72, 0x40, 0x55, 0x83, 0x92, 0x93, 0x95, 0x28, 0xee, 0xa2,
		0xcc, 0xe1, 0x13, 0xbe, 0xcd, 0x41, 0xee, 0x8a, 0x71, 0xfd
	};

	ok(result == KNOT_EOK && digest_size == sizeof(expected) &&
	   memcmp(digest, expected, sizeof(expected)) == 0, "compute hash");

	free(digest);
	free(params.salt);
	knot_dname_free(&dname);

	return 0;
}