Skip to content

Commit

Permalink
fix: rrset_signature
Browse files Browse the repository at this point in the history
  • Loading branch information
alonsovch committed Jul 14, 2024
1 parent 42e435b commit 51104d5
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 34 deletions.
23 changes: 3 additions & 20 deletions src/dnssec/dnssec.rs
Original file line number Diff line number Diff line change
@@ -1,27 +1,10 @@
use crate::client::ClientUDPConnection;
use crate::message::{DnsMessage, ResourceRecord};
use crate::message::{DnsMessage, Rdata, ResourceRecord};
use crate::dnssec_message_processing::extract_dnssec_records;
use crate::rrset_signature::{verify_rrsig, verify_ds};
use crate::dnskey_rdata::DnskeyRdata;
use crate::message::rdata::DnskeyRdata;
use crate::client::client_error::ClientError;
use std::net::IpAddr;
use tokio::time::Duration;

pub async fn fetch_dnskey_records(domain: &str, server_addr: IpAddr, timeout_duration: Duration) -> Result<Vec<DnskeyRdata>, ClientError> {
let conn = ClientUDPConnection::new(server_addr, timeout_duration);

let dns_query = DnsMessage::new_query_message(
domain.into(),
Qtype::DNSKEY,
Qclass::IN,
0,
false,
1,
);

let response = conn.send(dns_query).await?;

let dns_response = DnsMessage::from_bytes(&response)?;
pub async fn fetch_dnskey_records(dns_response: &DnsMessage) -> Result<Vec<DnskeyRdata>, ClientError> {
let mut dnskey_records = Vec::new();

for record in dns_response.get_answer() {
Expand Down
18 changes: 4 additions & 14 deletions src/dnssec/rrset_signature.rs
Original file line number Diff line number Diff line change
Expand Up @@ -28,28 +28,18 @@ pub fn verify_rrsig(rrsig: &RrsigRdata, dnskey: &DnskeyRdata, rrset: &[ResourceR
}

let signature = rrsig.signature.clone();
let mut hasher = Sha256::new();
hasher.update(rrsig_data);
let hashed = hasher.finalize();
let hashed = Sha256::digest(&rrsig_data);

match dnskey.algorithm {
3 => {
//DSA/SHA1
let mut sha1 = Sha1::new();
sha1.input(&rrsig_data);
let digest = sha1.result_str();
Ok(digest == encode(&signature))
},
5 => {
//RSA/SHA1
3 | 5 => {
// (DSA/RSA)/SHA1
let mut sha1 = Sha1::new();
sha1.input(&rrsig_data);
let digest = sha1.result_str();
Ok(digest == encode(&signature))
},
8 => {
//RSA/SHA256
let hashed = Sha256::digest(&rrsig_data);
// RSA/SHA256
Ok(encode(&hashed) == encode(&signature))
},
_ => Err(ClientError::new("Unknown DNSKEY algorithm")),
Expand Down

0 comments on commit 51104d5

Please sign in to comment.