I'm trying to do my own implementation of NSEC3 as part of my dynamic DNSSEC server (in order to do NSEC3 lies for NXDOMAIN, since you can't do such a lie with NSEC, NSEC lies only allow "0 answer noerror" which is unfortunately NOT the same)
But I appear to be doing something stupid, and am not operating the hash right: Looking at com, the NSEC3 for "com" is: CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - ... (Algorithm 1 -> SHA-1, flag = 1, iterations = 0, salt = None, fetched by "dig +dnssec MX com @a.gtld-servers.net") Reading RFC5155, the calculation of the hash is: > The hash calculation uses three of the NSEC3 RDATA fields: Hash > Algorithm, Salt, and Iterations. > > Define H(x) to be the hash of x using the Hash Algorithm selected by > the NSEC3 RR, k to be the number of Iterations, and || to indicate > concatenation. Then define: > > IH(salt, x, 0) = H(x || salt), and > > IH(salt, x, k) = H(IH(salt, x, k-1) || salt), if k > 0 > > Then the calculated hash of an owner name is > > IH(salt, owner name, iterations), > > where the owner name is in the canonical form, defined as: > > The wire format of the owner name where: > > 1. The owner name is fully expanded (no DNS name compression) and > fully qualified; > > 2. All uppercase US-ASCII letters are replaced by the corresponding > lowercase US-ASCII letters; > > 3. If the owner name is a wildcard name, the owner name is in its > original unexpanded form, including the "*" label (no wildcard > substitution); So it should be the base32 encoding of the SHA1 hash of the wire format for "com" (since there is no salt), which in python is: "\x03com\x00", (3 characters, the string "com", and 0 as a terminator in wire format. This matches the wire format I get from my name packer in my DNS server) Yet when I try to calculate the SHA1 hash in python's library, I get: >>> m = hashlib.sha1() >>> m.update("\x03com\x00") # There is no salt and 0 additional iterations >>> base64.b32encode(m.digest()) 'MUAZYTWQIHEVT3OPHOPXIEDA27S5IL4W' >>> m.hexdigest() '65019c4ed041c959edcf3b9f741060d7e5d42f96' But at the same time, this matches the sha1sum for a file containing just the string "\x03com\x00", so the hash is correct for sha1. So the conclusion is I'm not putting in the right input into the hash function. Thoughts on what I'm doing wrong? -- Nicholas Weaver it is a tale, told by an idiot, nwea...@icsi.berkeley.edu full of sound and fury, 510-666-2903 .signifying nothing PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop