"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "sig0.go" between
dns-1.1.46.tar.gz and dns-1.1.47.tar.gz

About: GO DNS implements a DNS library in Go.

sig0.go  (dns-1.1.46):sig0.go  (dns-1.1.47)
package dns package dns
import ( import (
"crypto" "crypto"
"crypto/ecdsa" "crypto/ecdsa"
"crypto/ed25519"
"crypto/rsa" "crypto/rsa"
"encoding/binary" "encoding/binary"
"math/big" "math/big"
"strings" "strings"
"time" "time"
) )
// Sign signs a dns.Msg. It fills the signature with the appropriate data. // Sign signs a dns.Msg. It fills the signature with the appropriate data.
// The SIG record should have the SignerName, KeyTag, Algorithm, Inception // The SIG record should have the SignerName, KeyTag, Algorithm, Inception
// and Expiration set. // and Expiration set.
skipping to change at line 41 skipping to change at line 42
} }
if &buf[0] != &mbuf[0] { if &buf[0] != &mbuf[0] {
return nil, ErrBuf return nil, ErrBuf
} }
off, err := PackRR(rr, buf, len(mbuf), nil, false) off, err := PackRR(rr, buf, len(mbuf), nil, false)
if err != nil { if err != nil {
return nil, err return nil, err
} }
buf = buf[:off:cap(buf)] buf = buf[:off:cap(buf)]
hash, ok := AlgorithmToHash[rr.Algorithm] h, cryptohash, err := hashFromAlgorithm(rr.Algorithm)
if !ok { if err != nil {
return nil, ErrAlg return nil, err
} }
hasher := hash.New()
// Write SIG rdata // Write SIG rdata
hasher.Write(buf[len(mbuf)+1+2+2+4+2:]) h.Write(buf[len(mbuf)+1+2+2+4+2:])
// Write message // Write message
hasher.Write(buf[:len(mbuf)]) h.Write(buf[:len(mbuf)])
signature, err := sign(k, hasher.Sum(nil), hash, rr.Algorithm) signature, err := sign(k, h.Sum(nil), cryptohash, rr.Algorithm)
if err != nil { if err != nil {
return nil, err return nil, err
} }
rr.Signature = toBase64(signature) rr.Signature = toBase64(signature)
buf = append(buf, signature...) buf = append(buf, signature...)
if len(buf) > int(^uint16(0)) { if len(buf) > int(^uint16(0)) {
return nil, ErrBuf return nil, ErrBuf
} }
skipping to change at line 85 skipping to change at line 85
// Verify validates the message buf using the key k. // Verify validates the message buf using the key k.
// It's assumed that buf is a valid message from which rr was unpacked. // It's assumed that buf is a valid message from which rr was unpacked.
func (rr *SIG) Verify(k *KEY, buf []byte) error { func (rr *SIG) Verify(k *KEY, buf []byte) error {
if k == nil { if k == nil {
return ErrKey return ErrKey
} }
if rr.KeyTag == 0 || rr.SignerName == "" || rr.Algorithm == 0 { if rr.KeyTag == 0 || rr.SignerName == "" || rr.Algorithm == 0 {
return ErrKey return ErrKey
} }
var hash crypto.Hash h, cryptohash, err := hashFromAlgorithm(rr.Algorithm)
switch rr.Algorithm { if err != nil {
case RSASHA1: return err
hash = crypto.SHA1
case RSASHA256, ECDSAP256SHA256:
hash = crypto.SHA256
case ECDSAP384SHA384:
hash = crypto.SHA384
case RSASHA512:
hash = crypto.SHA512
default:
return ErrAlg
} }
hasher := hash.New()
buflen := len(buf) buflen := len(buf)
qdc := binary.BigEndian.Uint16(buf[4:]) qdc := binary.BigEndian.Uint16(buf[4:])
anc := binary.BigEndian.Uint16(buf[6:]) anc := binary.BigEndian.Uint16(buf[6:])
auc := binary.BigEndian.Uint16(buf[8:]) auc := binary.BigEndian.Uint16(buf[8:])
adc := binary.BigEndian.Uint16(buf[10:]) adc := binary.BigEndian.Uint16(buf[10:])
offset := headerSize offset := headerSize
var err error
for i := uint16(0); i < qdc && offset < buflen; i++ { for i := uint16(0); i < qdc && offset < buflen; i++ {
_, offset, err = UnpackDomainName(buf, offset) _, offset, err = UnpackDomainName(buf, offset)
if err != nil { if err != nil {
return err return err
} }
// Skip past Type and Class // Skip past Type and Class
offset += 2 + 2 offset += 2 + 2
} }
for i := uint16(1); i < anc+auc+adc && offset < buflen; i++ { for i := uint16(1); i < anc+auc+adc && offset < buflen; i++ {
_, offset, err = UnpackDomainName(buf, offset) _, offset, err = UnpackDomainName(buf, offset)
skipping to change at line 169 skipping to change at line 158
signername, offset, err = UnpackDomainName(buf, offset) signername, offset, err = UnpackDomainName(buf, offset)
if err != nil { if err != nil {
return err return err
} }
// If key has come from the DNS name compression might // If key has come from the DNS name compression might
// have mangled the case of the name // have mangled the case of the name
if !strings.EqualFold(signername, k.Header().Name) { if !strings.EqualFold(signername, k.Header().Name) {
return &Error{err: "signer name doesn't match key name"} return &Error{err: "signer name doesn't match key name"}
} }
sigend := offset sigend := offset
hasher.Write(buf[sigstart:sigend]) h.Write(buf[sigstart:sigend])
hasher.Write(buf[:10]) h.Write(buf[:10])
hasher.Write([]byte{ h.Write([]byte{
byte((adc - 1) << 8), byte((adc - 1) << 8),
byte(adc - 1), byte(adc - 1),
}) })
hasher.Write(buf[12:bodyend]) h.Write(buf[12:bodyend])
hashed := hasher.Sum(nil) hashed := h.Sum(nil)
sig := buf[sigend:] sig := buf[sigend:]
switch k.Algorithm { switch k.Algorithm {
case RSASHA1, RSASHA256, RSASHA512: case RSASHA1, RSASHA256, RSASHA512:
pk := k.publicKeyRSA() pk := k.publicKeyRSA()
if pk != nil { if pk != nil {
return rsa.VerifyPKCS1v15(pk, hash, hashed, sig) return rsa.VerifyPKCS1v15(pk, cryptohash, hashed, sig)
} }
case ECDSAP256SHA256, ECDSAP384SHA384: case ECDSAP256SHA256, ECDSAP384SHA384:
pk := k.publicKeyECDSA() pk := k.publicKeyECDSA()
r := new(big.Int).SetBytes(sig[:len(sig)/2]) r := new(big.Int).SetBytes(sig[:len(sig)/2])
s := new(big.Int).SetBytes(sig[len(sig)/2:]) s := new(big.Int).SetBytes(sig[len(sig)/2:])
if pk != nil { if pk != nil {
if ecdsa.Verify(pk, hashed, r, s) { if ecdsa.Verify(pk, hashed, r, s) {
return nil return nil
} }
return ErrSig return ErrSig
} }
case ED25519:
pk := k.publicKeyED25519()
if pk != nil {
if ed25519.Verify(pk, hashed, sig) {
return nil
}
return ErrSig
}
} }
return ErrKeyAlg return ErrKeyAlg
} }
 End of changes. 14 change blocks. 
27 lines changed or deleted 24 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)