Annotation of embedaddon/dnsmasq/src/hash_questions.c, revision 1.1
1.1 ! misho 1: /* Copyright (c) 2012-2020 Simon Kelley
! 2:
! 3: This program is free software; you can redistribute it and/or modify
! 4: it under the terms of the GNU General Public License as published by
! 5: the Free Software Foundation; version 2 dated June, 1991, or
! 6: (at your option) version 3 dated 29 June, 2007.
! 7:
! 8: This program is distributed in the hope that it will be useful,
! 9: but WITHOUT ANY WARRANTY; without even the implied warranty of
! 10: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
! 11: GNU General Public License for more details.
! 12:
! 13: You should have received a copy of the GNU General Public License
! 14: along with this program. If not, see <http://www.gnu.org/licenses/>.
! 15: */
! 16:
! 17:
! 18: /* Hash the question section. This is used to safely detect query
! 19: retransmission and to detect answers to questions we didn't ask, which
! 20: might be poisoning attacks. Note that we decode the name rather
! 21: than CRC the raw bytes, since replies might be compressed differently.
! 22: We ignore case in the names for the same reason.
! 23:
! 24: The hash used is SHA-256. If we're building with DNSSEC support,
! 25: we use the Nettle cypto library. If not, we prefer not to
! 26: add a dependency on Nettle, and use a stand-alone implementaion.
! 27: */
! 28:
! 29: #include "dnsmasq.h"
! 30:
! 31: #if defined(HAVE_DNSSEC) || defined(HAVE_CRYPTOHASH)
! 32:
! 33: static const struct nettle_hash *hash;
! 34: static void *ctx;
! 35: static unsigned char *digest;
! 36:
! 37: void hash_questions_init(void)
! 38: {
! 39: if (!(hash = hash_find("sha256")))
! 40: die(_("Failed to create SHA-256 hash object"), NULL, EC_MISC);
! 41:
! 42: ctx = safe_malloc(hash->context_size);
! 43: digest = safe_malloc(hash->digest_size);
! 44: }
! 45:
! 46: unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name)
! 47: {
! 48: int q;
! 49: unsigned char *p = (unsigned char *)(header+1);
! 50:
! 51: hash->init(ctx);
! 52:
! 53: for (q = ntohs(header->qdcount); q != 0; q--)
! 54: {
! 55: char *cp, c;
! 56:
! 57: if (!extract_name(header, plen, &p, name, 1, 4))
! 58: break; /* bad packet */
! 59:
! 60: for (cp = name; (c = *cp); cp++)
! 61: if (c >= 'A' && c <= 'Z')
! 62: *cp += 'a' - 'A';
! 63:
! 64: hash->update(ctx, cp - name, (unsigned char *)name);
! 65: /* CRC the class and type as well */
! 66: hash->update(ctx, 4, p);
! 67:
! 68: p += 4;
! 69: if (!CHECK_LEN(header, p, plen, 0))
! 70: break; /* bad packet */
! 71: }
! 72:
! 73: hash->digest(ctx, hash->digest_size, digest);
! 74: return digest;
! 75: }
! 76:
! 77: #else /* HAVE_DNSSEC || HAVE_CRYPTOHASH */
! 78:
! 79: #define SHA256_BLOCK_SIZE 32 // SHA256 outputs a 32 byte digest
! 80: typedef unsigned char BYTE; // 8-bit byte
! 81: typedef unsigned int WORD; // 32-bit word, change to "long" for 16-bit machines
! 82:
! 83: typedef struct {
! 84: BYTE data[64];
! 85: WORD datalen;
! 86: unsigned long long bitlen;
! 87: WORD state[8];
! 88: } SHA256_CTX;
! 89:
! 90: static void sha256_init(SHA256_CTX *ctx);
! 91: static void sha256_update(SHA256_CTX *ctx, const BYTE data[], size_t len);
! 92: static void sha256_final(SHA256_CTX *ctx, BYTE hash[]);
! 93:
! 94: void hash_questions_init(void)
! 95: {
! 96: }
! 97:
! 98: unsigned char *hash_questions(struct dns_header *header, size_t plen, char *name)
! 99: {
! 100: int q;
! 101: unsigned char *p = (unsigned char *)(header+1);
! 102: SHA256_CTX ctx;
! 103: static BYTE digest[SHA256_BLOCK_SIZE];
! 104:
! 105: sha256_init(&ctx);
! 106:
! 107: for (q = ntohs(header->qdcount); q != 0; q--)
! 108: {
! 109: char *cp, c;
! 110:
! 111: if (!extract_name(header, plen, &p, name, 1, 4))
! 112: break; /* bad packet */
! 113:
! 114: for (cp = name; (c = *cp); cp++)
! 115: if (c >= 'A' && c <= 'Z')
! 116: *cp += 'a' - 'A';
! 117:
! 118: sha256_update(&ctx, (BYTE *)name, cp - name);
! 119: /* CRC the class and type as well */
! 120: sha256_update(&ctx, (BYTE *)p, 4);
! 121:
! 122: p += 4;
! 123: if (!CHECK_LEN(header, p, plen, 0))
! 124: break; /* bad packet */
! 125: }
! 126:
! 127: sha256_final(&ctx, digest);
! 128: return (unsigned char *)digest;
! 129: }
! 130:
! 131: /* Code from here onwards comes from https://github.com/B-Con/crypto-algorithms
! 132: and was written by Brad Conte (brad@bradconte.com), to whom all credit is given.
! 133:
! 134: This code is in the public domain, and the copyright notice at the head of this
! 135: file does not apply to it.
! 136: */
! 137:
! 138:
! 139: /****************************** MACROS ******************************/
! 140: #define ROTLEFT(a,b) (((a) << (b)) | ((a) >> (32-(b))))
! 141: #define ROTRIGHT(a,b) (((a) >> (b)) | ((a) << (32-(b))))
! 142:
! 143: #define CH(x,y,z) (((x) & (y)) ^ (~(x) & (z)))
! 144: #define MAJ(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z)))
! 145: #define EP0(x) (ROTRIGHT(x,2) ^ ROTRIGHT(x,13) ^ ROTRIGHT(x,22))
! 146: #define EP1(x) (ROTRIGHT(x,6) ^ ROTRIGHT(x,11) ^ ROTRIGHT(x,25))
! 147: #define SIG0(x) (ROTRIGHT(x,7) ^ ROTRIGHT(x,18) ^ ((x) >> 3))
! 148: #define SIG1(x) (ROTRIGHT(x,17) ^ ROTRIGHT(x,19) ^ ((x) >> 10))
! 149:
! 150: /**************************** VARIABLES *****************************/
! 151: static const WORD k[64] = {
! 152: 0x428a2f98,0x71374491,0xb5c0fbcf,0xe9b5dba5,0x3956c25b,0x59f111f1,0x923f82a4,0xab1c5ed5,
! 153: 0xd807aa98,0x12835b01,0x243185be,0x550c7dc3,0x72be5d74,0x80deb1fe,0x9bdc06a7,0xc19bf174,
! 154: 0xe49b69c1,0xefbe4786,0x0fc19dc6,0x240ca1cc,0x2de92c6f,0x4a7484aa,0x5cb0a9dc,0x76f988da,
! 155: 0x983e5152,0xa831c66d,0xb00327c8,0xbf597fc7,0xc6e00bf3,0xd5a79147,0x06ca6351,0x14292967,
! 156: 0x27b70a85,0x2e1b2138,0x4d2c6dfc,0x53380d13,0x650a7354,0x766a0abb,0x81c2c92e,0x92722c85,
! 157: 0xa2bfe8a1,0xa81a664b,0xc24b8b70,0xc76c51a3,0xd192e819,0xd6990624,0xf40e3585,0x106aa070,
! 158: 0x19a4c116,0x1e376c08,0x2748774c,0x34b0bcb5,0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3,
! 159: 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208,0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
! 160: };
! 161:
! 162: /*********************** FUNCTION DEFINITIONS ***********************/
! 163: static void sha256_transform(SHA256_CTX *ctx, const BYTE data[])
! 164: {
! 165: WORD a, b, c, d, e, f, g, h, i, j, t1, t2, m[64];
! 166:
! 167: for (i = 0, j = 0; i < 16; ++i, j += 4)
! 168: m[i] = (data[j] << 24) | (data[j + 1] << 16) | (data[j + 2] << 8) | (data[j + 3]);
! 169: for ( ; i < 64; ++i)
! 170: m[i] = SIG1(m[i - 2]) + m[i - 7] + SIG0(m[i - 15]) + m[i - 16];
! 171:
! 172: a = ctx->state[0];
! 173: b = ctx->state[1];
! 174: c = ctx->state[2];
! 175: d = ctx->state[3];
! 176: e = ctx->state[4];
! 177: f = ctx->state[5];
! 178: g = ctx->state[6];
! 179: h = ctx->state[7];
! 180:
! 181: for (i = 0; i < 64; ++i)
! 182: {
! 183: t1 = h + EP1(e) + CH(e,f,g) + k[i] + m[i];
! 184: t2 = EP0(a) + MAJ(a,b,c);
! 185: h = g;
! 186: g = f;
! 187: f = e;
! 188: e = d + t1;
! 189: d = c;
! 190: c = b;
! 191: b = a;
! 192: a = t1 + t2;
! 193: }
! 194:
! 195: ctx->state[0] += a;
! 196: ctx->state[1] += b;
! 197: ctx->state[2] += c;
! 198: ctx->state[3] += d;
! 199: ctx->state[4] += e;
! 200: ctx->state[5] += f;
! 201: ctx->state[6] += g;
! 202: ctx->state[7] += h;
! 203: }
! 204:
! 205: static void sha256_init(SHA256_CTX *ctx)
! 206: {
! 207: ctx->datalen = 0;
! 208: ctx->bitlen = 0;
! 209: ctx->state[0] = 0x6a09e667;
! 210: ctx->state[1] = 0xbb67ae85;
! 211: ctx->state[2] = 0x3c6ef372;
! 212: ctx->state[3] = 0xa54ff53a;
! 213: ctx->state[4] = 0x510e527f;
! 214: ctx->state[5] = 0x9b05688c;
! 215: ctx->state[6] = 0x1f83d9ab;
! 216: ctx->state[7] = 0x5be0cd19;
! 217: }
! 218:
! 219: static void sha256_update(SHA256_CTX *ctx, const BYTE data[], size_t len)
! 220: {
! 221: WORD i;
! 222:
! 223: for (i = 0; i < len; ++i)
! 224: {
! 225: ctx->data[ctx->datalen] = data[i];
! 226: ctx->datalen++;
! 227: if (ctx->datalen == 64) {
! 228: sha256_transform(ctx, ctx->data);
! 229: ctx->bitlen += 512;
! 230: ctx->datalen = 0;
! 231: }
! 232: }
! 233: }
! 234:
! 235: static void sha256_final(SHA256_CTX *ctx, BYTE hash[])
! 236: {
! 237: WORD i;
! 238:
! 239: i = ctx->datalen;
! 240:
! 241: // Pad whatever data is left in the buffer.
! 242: if (ctx->datalen < 56)
! 243: {
! 244: ctx->data[i++] = 0x80;
! 245: while (i < 56)
! 246: ctx->data[i++] = 0x00;
! 247: }
! 248: else
! 249: {
! 250: ctx->data[i++] = 0x80;
! 251: while (i < 64)
! 252: ctx->data[i++] = 0x00;
! 253: sha256_transform(ctx, ctx->data);
! 254: memset(ctx->data, 0, 56);
! 255: }
! 256:
! 257: // Append to the padding the total message's length in bits and transform.
! 258: ctx->bitlen += ctx->datalen * 8;
! 259: ctx->data[63] = ctx->bitlen;
! 260: ctx->data[62] = ctx->bitlen >> 8;
! 261: ctx->data[61] = ctx->bitlen >> 16;
! 262: ctx->data[60] = ctx->bitlen >> 24;
! 263: ctx->data[59] = ctx->bitlen >> 32;
! 264: ctx->data[58] = ctx->bitlen >> 40;
! 265: ctx->data[57] = ctx->bitlen >> 48;
! 266: ctx->data[56] = ctx->bitlen >> 56;
! 267: sha256_transform(ctx, ctx->data);
! 268:
! 269: // Since this implementation uses little endian byte ordering and SHA uses big endian,
! 270: // reverse all the bytes when copying the final state to the output hash.
! 271: for (i = 0; i < 4; ++i)
! 272: {
! 273: hash[i] = (ctx->state[0] >> (24 - i * 8)) & 0x000000ff;
! 274: hash[i + 4] = (ctx->state[1] >> (24 - i * 8)) & 0x000000ff;
! 275: hash[i + 8] = (ctx->state[2] >> (24 - i * 8)) & 0x000000ff;
! 276: hash[i + 12] = (ctx->state[3] >> (24 - i * 8)) & 0x000000ff;
! 277: hash[i + 16] = (ctx->state[4] >> (24 - i * 8)) & 0x000000ff;
! 278: hash[i + 20] = (ctx->state[5] >> (24 - i * 8)) & 0x000000ff;
! 279: hash[i + 24] = (ctx->state[6] >> (24 - i * 8)) & 0x000000ff;
! 280: hash[i + 28] = (ctx->state[7] >> (24 - i * 8)) & 0x000000ff;
! 281: }
! 282: }
! 283:
! 284: #endif
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to hash_questions.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq / src