Permalink
Browse files

Changed to use polarssl HMAC for SHA

  • Loading branch information...
1 parent a56bc64 commit 910103513763b513acb20578a7c6e7db99d077bb @cmouse cmouse committed Sep 3, 2013
Binary file not shown.
@@ -47,6 +47,7 @@ do
cat $zone.out >> data
rm $zone.out
done
-$tinydnsdata
-kill $(cat ../../regression-tests/pdns.pid)
+$tinydnsdata
+
+kill $(cat ../../regression-tests/pdns.pid)
View
@@ -452,72 +452,51 @@ string calculateMD5HMAC(const std::string& key_, const std::string& text)
return md5_2.get();
}
-string calculateSHAHMAC(const std::string& key_, const std::string& text, TSIGHashEnum hasher)
+string calculateSHAHMAC(const std::string& key, const std::string& text, TSIGHashEnum hasher)
{
- unsigned char key[64] = {0};
- key_.copy((char*)key,64);
- unsigned char keyIpad[64];
- unsigned char keyOpad[64];
+ std::string res;
+ unsigned char hash[64];
- //~ cerr<<"Key: "<<makeHexDump(key_)<<endl;
- //~ cerr<<"txt: "<<makeHexDump(text)<<endl;
-
- for(unsigned int n=0; n < 64; ++n) {
- if(n < key_.length()) {
- keyIpad[n] = (unsigned char)(key[n] ^ 0x36);
- keyOpad[n] = (unsigned char)(key[n] ^ 0x5c);
- }
- else {
- keyIpad[n]=0x36;
- keyOpad[n]=0x5c;
- }
- }
-
switch(hasher) {
case TSIG_SHA1:
{
- SHA1Summer s1,s2;
- s1.feed((const char*)keyIpad, 64);
- s1.feed(text);
- s2.feed((const char*)keyOpad, 64);
- s2.feed(s1.get());
- return s2.get();
+ sha1_context ctx;
+ sha1_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size());
+ sha1_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+ sha1_hmac_finish(&ctx, hash);
+ res.assign(reinterpret_cast<const char*>(hash), 20);
};
case TSIG_SHA224:
{
- SHA224Summer s1,s2;
- s1.feed((const char*)keyIpad, 64);
- s1.feed(text);
- s2.feed((const char*)keyOpad, 64);
- s2.feed(s1.get());
- return s2.get();
+ sha2_context ctx;
+ sha2_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), 1);
+ sha2_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+ sha2_hmac_finish(&ctx, hash);
+ res.assign(reinterpret_cast<const char*>(hash), 32);
};
case TSIG_SHA256:
{
- SHA256Summer s1,s2;
- s1.feed((const char*)keyIpad, 64);
- s1.feed(text);
- s2.feed((const char*)keyOpad, 64);
- s2.feed(s1.get());
- return s2.get();
+ sha2_context ctx;
+ sha2_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), 0);
+ sha2_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+ sha2_hmac_finish(&ctx, hash);
+ res.assign(reinterpret_cast<const char*>(hash), 32);
};
case TSIG_SHA384:
{
- SHA384Summer s1,s2;
- s1.feed((const char*)keyIpad, 64);
- s1.feed(text);
- s2.feed((const char*)keyOpad, 64);
- s2.feed(s1.get());
- return s2.get();
+ sha4_context ctx;
+ sha4_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), 1);
+ sha4_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+ sha4_hmac_finish(&ctx, hash);
+ res.assign(reinterpret_cast<const char*>(hash), 64);
};
case TSIG_SHA512:
{
- SHA512Summer s1,s2;
- s1.feed((const char*)keyIpad, 64);
- s1.feed(text);
- s2.feed((const char*)keyOpad, 64);
- s2.feed(s1.get());
- return s2.get();
+ sha4_context ctx;
+ sha4_hmac_starts(&ctx, reinterpret_cast<const unsigned char*>(key.c_str()), key.size(), 0);
+ sha4_hmac_update(&ctx, reinterpret_cast<const unsigned char*>(text.c_str()), text.size());
+ sha4_hmac_finish(&ctx, hash);
+ res.assign(reinterpret_cast<const char*>(hash), 64);
};
default:
throw new PDNSException("Unknown hash algorithm requested for SHA");
@@ -6,5 +6,5 @@ a2dd754820cb88fdd3d80b54a212a270 ../regression-tests/test.com
42dd3a56c7d268e75836371878819ec4 ../regression-tests/delegated.dnssec-parent.com
a63dc120391d9df0003f2ec4f461a6af ../regression-tests/secure-delegated.dnssec-parent.com
24514dc104b22206daeb973ff9303545 ../regression-tests/minimal.com
-f77817aafda5cd6a8e3d4ac998be6fff ../modules/tinydnsbackend/data.cdb
0b20d7a0250576451135483b863750bf ../regression-tests/tsig.com
+3dfdde25a811ab2d769b6e0838280e61 ../modules/tinydnsbackend/data.cdb

0 comments on commit 9101035

Please sign in to comment.