diff --git a/src/dnssec/dnssec.rs b/src/dnssec/dnssec.rs index a25d22d0..899bf857 100644 --- a/src/dnssec/dnssec.rs +++ b/src/dnssec/dnssec.rs @@ -1,27 +1,10 @@ -use crate::client::ClientUDPConnection; -use crate::message::{DnsMessage, ResourceRecord}; +use crate::message::{DnsMessage, Rdata, ResourceRecord}; use crate::dnssec_message_processing::extract_dnssec_records; use crate::rrset_signature::{verify_rrsig, verify_ds}; -use crate::dnskey_rdata::DnskeyRdata; +use crate::message::rdata::DnskeyRdata; use crate::client::client_error::ClientError; -use std::net::IpAddr; -use tokio::time::Duration; -pub async fn fetch_dnskey_records(domain: &str, server_addr: IpAddr, timeout_duration: Duration) -> Result, ClientError> { - let conn = ClientUDPConnection::new(server_addr, timeout_duration); - - let dns_query = DnsMessage::new_query_message( - domain.into(), - Qtype::DNSKEY, - Qclass::IN, - 0, - false, - 1, - ); - - let response = conn.send(dns_query).await?; - - let dns_response = DnsMessage::from_bytes(&response)?; +pub async fn fetch_dnskey_records(dns_response: &DnsMessage) -> Result, ClientError> { let mut dnskey_records = Vec::new(); for record in dns_response.get_answer() { diff --git a/src/dnssec/rrset_signature.rs b/src/dnssec/rrset_signature.rs index ff13c55a..25cd1669 100644 --- a/src/dnssec/rrset_signature.rs +++ b/src/dnssec/rrset_signature.rs @@ -28,28 +28,18 @@ pub fn verify_rrsig(rrsig: &RrsigRdata, dnskey: &DnskeyRdata, rrset: &[ResourceR } let signature = rrsig.signature.clone(); - let mut hasher = Sha256::new(); - hasher.update(rrsig_data); - let hashed = hasher.finalize(); + let hashed = Sha256::digest(&rrsig_data); match dnskey.algorithm { - 3 => { - //DSA/SHA1 - let mut sha1 = Sha1::new(); - sha1.input(&rrsig_data); - let digest = sha1.result_str(); - Ok(digest == encode(&signature)) - }, - 5 => { - //RSA/SHA1 + 3 | 5 => { + // (DSA/RSA)/SHA1 let mut sha1 = Sha1::new(); sha1.input(&rrsig_data); let digest = sha1.result_str(); Ok(digest == encode(&signature)) }, 8 => { - //RSA/SHA256 - let hashed = Sha256::digest(&rrsig_data); + // RSA/SHA256 Ok(encode(&hashed) == encode(&signature)) }, _ => Err(ClientError::new("Unknown DNSKEY algorithm")),