BIND 10 master, updated. fe7ae0a7b3eca38b81779b9cad22161e4bcf1d26 Merge branch 'trac1894'
BIND 10 source code commits
bind10-changes at lists.isc.org
Fri Feb 14 07:22:22 UTC 2014
The branch, master has been updated
via fe7ae0a7b3eca38b81779b9cad22161e4bcf1d26 (commit)
via 7c1e2ec6c98e82f0f14fbe479cb2e4f68117f8d0 (commit)
via f2ce3de4f881befc57c6328ceffb549a1a0c76af (commit)
via 498b511dccc63bc88c0fad6a9ef0821ba8ad1cf6 (commit)
via aff22ac34cd7bc2b4e1c9cde1967d995cf2ce4c4 (commit)
via 4aef41d3641bb940f6e57aeeef9735255b11495f (commit)
via e29050c245ee56989b0249c55a1e5a0c05f9c2a1 (commit)
from 3ccbb10693264fa527ce7fe82da1b6a4a569e7c8 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit fe7ae0a7b3eca38b81779b9cad22161e4bcf1d26
Merge: 3ccbb10 7c1e2ec
Author: Mukund Sivaraman <muks at isc.org>
Date: Fri Feb 14 12:40:57 2014 +0530
Merge branch 'trac1894'
Conflicts:
src/lib/datasrc/database.cc
-----------------------------------------------------------------------
Summary of changes:
src/bin/auth/tests/query_unittest.cc | 8 +++++
src/lib/datasrc/database.cc | 11 ++++---
src/lib/datasrc/memory/zone_finder.cc | 10 +++---
src/lib/datasrc/tests/faked_nsec3.cc | 8 +++++
src/lib/dns/nsec3hash.cc | 52 ++++++++++++++++++++++++++-----
src/lib/dns/nsec3hash.h | 19 +++++++++--
src/lib/dns/tests/nsec3hash_unittest.cc | 33 +++++++++++++++++++-
7 files changed, 122 insertions(+), 19 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/bin/auth/tests/query_unittest.cc b/src/bin/auth/tests/query_unittest.cc
index 193fb91..c01bd8e 100644
--- a/src/bin/auth/tests/query_unittest.cc
+++ b/src/bin/auth/tests/query_unittest.cc
@@ -22,6 +22,7 @@
#include <dns/message.h>
#include <dns/master_loader.h>
#include <dns/name.h>
+#include <dns/labelsequence.h>
#include <dns/nsec3hash.h>
#include <dns/opcode.h>
#include <dns/rcode.h>
@@ -245,6 +246,13 @@ public:
isc_throw(isc::Unexpected, "unexpected name for NSEC3 test: "
<< name);
}
+ virtual string calculate(const LabelSequence& ls) const {
+ assert(ls.isAbsolute());
+ // This is not very optimal, but it's only going to be used in
+ // tests.
+ const Name name(ls.toText());
+ return (calculate(name));
+ }
virtual bool match(const rdata::generic::NSEC3PARAM&) const {
return (true);
}
diff --git a/src/lib/datasrc/database.cc b/src/lib/datasrc/database.cc
index b6a3f3c..bb929f4 100644
--- a/src/lib/datasrc/database.cc
+++ b/src/lib/datasrc/database.cc
@@ -23,6 +23,7 @@
#include <exceptions/exceptions.h>
#include <dns/name.h>
+#include <dns/labelsequence.h>
#include <dns/rrclass.h>
#include <dns/rrttl.h>
#include <dns/rrset.h>
@@ -1108,12 +1109,14 @@ DatabaseClient::Finder::findNSEC3(const Name& name, bool recursive) {
// This will be set to the one covering the query name
ConstRRsetPtr covering_proof;
+ LabelSequence name_ls(name);
// We keep stripping the leftmost label until we find something.
// In case it is recursive, we'll exit the loop at the first iteration.
- for (unsigned labels = qlabels; labels >= olabels; --labels) {
- const string hash(calculator->calculate(labels == qlabels ? name :
- name.split(qlabels - labels,
- labels)));
+ for (unsigned int labels = qlabels; labels >= olabels;
+ --labels, name_ls.stripLeft(1))
+ {
+ const std::string hash = calculator->calculate(name_ls);
+
// Get the exact match for the name.
LOG_DEBUG(logger, DBG_TRACE_BASIC, DATASRC_DATABASE_FINDNSEC3_TRYHASH).
arg(name).arg(labels).arg(hash);
diff --git a/src/lib/datasrc/memory/zone_finder.cc b/src/lib/datasrc/memory/zone_finder.cc
index bf0ec4e..87d9976 100644
--- a/src/lib/datasrc/memory/zone_finder.cc
+++ b/src/lib/datasrc/memory/zone_finder.cc
@@ -903,7 +903,7 @@ InMemoryZoneFinder::findNSEC3(const isc::dns::Name& name, bool recursive) {
uint8_t labels_buf[LabelSequence::MAX_SERIALIZED_LENGTH];
const LabelSequence origin_ls(zone_data_.getOriginNode()->
getAbsoluteLabels(labels_buf));
- const LabelSequence name_ls(name);
+ LabelSequence name_ls(name);
if (!zone_data_.isNSEC3Signed()) {
isc_throw(DataSourceError,
@@ -959,10 +959,10 @@ InMemoryZoneFinder::findNSEC3(const isc::dns::Name& name, bool recursive) {
// Examine all names from the query name to the origin name, stripping
// the deepest label one by one, until we find a name that has a matching
// NSEC3 hash.
- for (unsigned int labels = qlabels; labels >= olabels; --labels) {
- const Name& hname = (labels == qlabels ?
- name : name.split(qlabels - labels, labels));
- const std::string hlabel = hash->calculate(hname);
+ for (unsigned int labels = qlabels; labels >= olabels;
+ --labels, name_ls.stripLeft(1))
+ {
+ const std::string hlabel = hash->calculate(name_ls);
LOG_DEBUG(logger, DBG_TRACE_BASIC, DATASRC_MEMORY_FINDNSEC3_TRYHASH).
arg(name).arg(labels).arg(hlabel);
diff --git a/src/lib/datasrc/tests/faked_nsec3.cc b/src/lib/datasrc/tests/faked_nsec3.cc
index f53fbd7..24d4f3c 100644
--- a/src/lib/datasrc/tests/faked_nsec3.cc
+++ b/src/lib/datasrc/tests/faked_nsec3.cc
@@ -15,6 +15,7 @@
#include "faked_nsec3.h"
#include <dns/name.h>
+#include <dns/labelsequence.h>
#include <testutils/dnsmessage_test.h>
#include <map>
@@ -87,6 +88,13 @@ public:
isc_throw(isc::Unexpected, "unexpected name for NSEC3 test: "
<< name);
}
+ virtual string calculate(const LabelSequence& ls) const {
+ assert(ls.isAbsolute());
+ // This is not very optimal, but it's only going to be used in
+ // tests.
+ const Name name(ls.toText());
+ return (calculate(name));
+ }
virtual bool match(const rdata::generic::NSEC3PARAM&) const {
return (true);
}
diff --git a/src/lib/dns/nsec3hash.cc b/src/lib/dns/nsec3hash.cc
index 0e03798..4e6fea1 100644
--- a/src/lib/dns/nsec3hash.cc
+++ b/src/lib/dns/nsec3hash.cc
@@ -29,8 +29,10 @@
#include <util/hash/sha1.h>
#include <dns/name.h>
+#include <dns/labelsequence.h>
#include <dns/nsec3hash.h>
#include <dns/rdataclass.h>
+#include <dns/name_internal.h>
using namespace std;
using namespace isc::util;
@@ -84,6 +86,7 @@ public:
}
virtual std::string calculate(const Name& name) const;
+ virtual std::string calculate(const LabelSequence& ls) const;
virtual bool match(const generic::NSEC3& nsec3) const;
virtual bool match(const generic::NSEC3PARAM& nsec3param) const;
@@ -91,6 +94,8 @@ public:
const vector<uint8_t>& salt) const;
private:
+ std::string calculateForWiredata(const uint8_t* data, size_t length) const;
+
const uint8_t algorithm_;
const uint16_t iterations_;
uint8_t* salt_data_;
@@ -116,19 +121,33 @@ iterateSHA1(SHA1Context* ctx, const uint8_t* input, size_t inlength,
}
string
-NSEC3HashRFC5155::calculate(const Name& name) const {
+NSEC3HashRFC5155::calculateForWiredata(const uint8_t* data,
+ size_t length) const
+{
// We first need to normalize the name by converting all upper case
// characters in the labels to lower ones.
- obuf_.clear();
- Name name_copy(name);
- name_copy.downcase();
- name_copy.toWire(obuf_);
+
+ uint8_t name_buf[256];
+ assert(length < sizeof (name_buf));
+
+ const uint8_t *p1 = data;
+ uint8_t *p2 = name_buf;
+ while (*p1 != 0) {
+ char len = *p1;
+
+ *p2++ = *p1++;
+ while (len--) {
+ *p2++ = isc::dns::name::internal::maptolower[*p1++];
+ }
+ }
+
+ *p2 = *p1;
uint8_t* const digest = &digest_[0];
assert(digest_.size() == SHA1_HASHSIZE);
- iterateSHA1(&sha1_ctx_, static_cast<const uint8_t*>(obuf_.getData()),
- obuf_.getLength(), salt_data_, salt_length_, digest);
+ iterateSHA1(&sha1_ctx_, name_buf, length,
+ salt_data_, salt_length_, digest);
for (unsigned int n = 0; n < iterations_; ++n) {
iterateSHA1(&sha1_ctx_, digest, SHA1_HASHSIZE,
salt_data_, salt_length_, digest);
@@ -137,6 +156,25 @@ NSEC3HashRFC5155::calculate(const Name& name) const {
return (encodeBase32Hex(digest_));
}
+string
+NSEC3HashRFC5155::calculate(const Name& name) const {
+ obuf_.clear();
+ name.toWire(obuf_);
+
+ return (calculateForWiredata(static_cast<const uint8_t*>(obuf_.getData()),
+ obuf_.getLength()));
+}
+
+string
+NSEC3HashRFC5155::calculate(const LabelSequence& ls) const {
+ assert(ls.isAbsolute());
+
+ size_t length;
+ const uint8_t* data = ls.getData(&length);
+
+ return (calculateForWiredata(data, length));
+}
+
bool
NSEC3HashRFC5155::match(uint8_t algorithm, uint16_t iterations,
const vector<uint8_t>& salt) const
diff --git a/src/lib/dns/nsec3hash.h b/src/lib/dns/nsec3hash.h
index 42b5117..b58f0c9 100644
--- a/src/lib/dns/nsec3hash.h
+++ b/src/lib/dns/nsec3hash.h
@@ -23,6 +23,7 @@
namespace isc {
namespace dns {
class Name;
+class LabelSequence;
namespace rdata {
namespace generic {
@@ -129,19 +130,33 @@ public:
/// \brief The destructor.
virtual ~NSEC3Hash() {}
- /// \brief Calculate the NSEC3 hash.
+ /// \brief Calculate the NSEC3 hash (Name variant).
///
/// This method calculates the NSEC3 hash value for the given \c name
/// with the hash parameters (algorithm, iterations and salt) given at
/// construction, and returns the value as a base32hex-encoded string
/// (without containing any white spaces). All US-ASCII letters in the
- /// string will be upper cased.
+ /// string will be lower cased.
///
/// \param name The domain name for which the hash value is to be
/// calculated.
/// \return Base32hex-encoded string of the hash value.
virtual std::string calculate(const Name& name) const = 0;
+ /// \brief Calculate the NSEC3 hash (LabelSequence variant).
+ ///
+ /// This method calculates the NSEC3 hash value for the given
+ /// absolute LabelSequence \c ls with the hash parameters
+ /// (algorithm, iterations and salt) given at construction, and
+ /// returns the value as a base32hex-encoded string (without
+ /// containing any white spaces). All US-ASCII letters in the
+ /// string will be lower cased.
+ ///
+ /// \param ls The absolute label sequence for which the hash value
+ /// is to be calculated.
+ /// \return Base32hex-encoded string of the hash value.
+ virtual std::string calculate(const LabelSequence& ls) const = 0;
+
/// \brief Match given NSEC3 parameters with that of the hash.
///
/// This method compares NSEC3 parameters used for hash calculation
diff --git a/src/lib/dns/tests/nsec3hash_unittest.cc b/src/lib/dns/tests/nsec3hash_unittest.cc
index 4ef0c7b..44f8096 100644
--- a/src/lib/dns/tests/nsec3hash_unittest.cc
+++ b/src/lib/dns/tests/nsec3hash_unittest.cc
@@ -19,6 +19,7 @@
#include <boost/scoped_ptr.hpp>
#include <dns/nsec3hash.h>
+#include <dns/labelsequence.h>
#include <dns/rdataclass.h>
#include <util/encode/hex.h>
@@ -92,6 +93,18 @@ calculateCheck(NSEC3Hash& hash) {
// Check case-insensitiveness
EXPECT_EQ("0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM",
hash.calculate(Name("EXAMPLE")));
+
+ // Repeat for the LabelSequence variant.
+
+ // A couple of normal cases from the RFC5155 example.
+ EXPECT_EQ("0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM",
+ hash.calculate(LabelSequence(Name("example"))));
+ EXPECT_EQ("35MTHGPGCU1QG68FAB165KLNSNK3DPVL",
+ hash.calculate(LabelSequence(Name("a.example"))));
+
+ // Check case-insensitiveness
+ EXPECT_EQ("0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM",
+ hash.calculate(LabelSequence(Name("EXAMPLE"))));
}
TEST_F(NSEC3HashTest, calculate) {
@@ -113,13 +126,16 @@ TEST_F(NSEC3HashTest, calculate) {
EXPECT_EQ("CK0POJMG874LJREF7EFN8430QVIT8BSM",
NSEC3HashPtr(NSEC3Hash::create(generic::NSEC3PARAM("1 0 0 -")))
->calculate(Name("com")));
+ EXPECT_EQ("CK0POJMG874LJREF7EFN8430QVIT8BSM",
+ NSEC3HashPtr(NSEC3Hash::create(generic::NSEC3PARAM("1 0 0 -")))
+ ->calculate(LabelSequence(Name("com"))));
// Using unusually large iterations, something larger than the 8-bit range.
// (expected hash value generated by BIND 9's dnssec-signzone)
EXPECT_EQ("COG6A52MJ96MNMV3QUCAGGCO0RHCC2Q3",
NSEC3HashPtr(NSEC3Hash::create(
generic::NSEC3PARAM("1 0 256 AABBCCDD")))
- ->calculate(Name("example.org")));
+ ->calculate(LabelSequence(Name("example.org"))));
}
// Common checks for match cases
@@ -169,6 +185,9 @@ class TestNSEC3Hash : public NSEC3Hash {
virtual string calculate(const Name&) const {
return ("00000000000000000000000000000000");
}
+ virtual string calculate(const LabelSequence&) const {
+ return ("00000000000000000000000000000000");
+ }
virtual bool match(const generic::NSEC3PARAM&) const {
return (true);
}
@@ -207,6 +226,8 @@ TEST_F(NSEC3HashTest, setCreator) {
// Re-check an existing case using the default creator/hash implementation
EXPECT_EQ("0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM",
test_hash->calculate(Name("example")));
+ EXPECT_EQ("0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM",
+ test_hash->calculate(LabelSequence(Name("example"))));
// Replace the creator, and confirm the hash values are faked
TestNSEC3HashCreator test_creator;
@@ -215,12 +236,16 @@ TEST_F(NSEC3HashTest, setCreator) {
test_hash.reset(NSEC3Hash::create(generic::NSEC3PARAM("1 0 12 aabbccdd")));
EXPECT_EQ("00000000000000000000000000000000",
test_hash->calculate(Name("example")));
+ EXPECT_EQ("00000000000000000000000000000000",
+ test_hash->calculate(LabelSequence(Name("example"))));
// Same for hash from NSEC3 RDATA
test_hash.reset(NSEC3Hash::create(generic::NSEC3
("1 0 12 aabbccdd " +
string(nsec3_common))));
EXPECT_EQ("00000000000000000000000000000000",
test_hash->calculate(Name("example")));
+ EXPECT_EQ("00000000000000000000000000000000",
+ test_hash->calculate(LabelSequence(Name("example"))));
// If we set a special flag big (0x80) on creation, it will act like the
// default creator.
@@ -228,17 +253,23 @@ TEST_F(NSEC3HashTest, setCreator) {
"1 128 12 aabbccdd")));
EXPECT_EQ("0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM",
test_hash->calculate(Name("example")));
+ EXPECT_EQ("0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM",
+ test_hash->calculate(LabelSequence(Name("example"))));
test_hash.reset(NSEC3Hash::create(generic::NSEC3
("1 128 12 aabbccdd " +
string(nsec3_common))));
EXPECT_EQ("0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM",
test_hash->calculate(Name("example")));
+ EXPECT_EQ("0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM",
+ test_hash->calculate(LabelSequence(Name("example"))));
// Reset the creator to default, and confirm that
setNSEC3HashCreator(NULL);
test_hash.reset(NSEC3Hash::create(generic::NSEC3PARAM("1 0 12 aabbccdd")));
EXPECT_EQ("0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM",
test_hash->calculate(Name("example")));
+ EXPECT_EQ("0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM",
+ test_hash->calculate(LabelSequence(Name("example"))));
}
} // end namespace
More information about the bind10-changes
mailing list