Package org.xbill.DNS.utils

Examples of org.xbill.DNS.utils.HMAC

175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
  if (error != Rcode.BADTIME)
    timeSigned = new Date();
  else
    timeSigned = old.getTimeSigned();
  int fudge;
  HMAC hmac = null;
  if (error == Rcode.NOERROR || error == Rcode.BADTIME)
    hmac = new HMAC(digest, key);

  fudge = Options.intValue("tsigfudge");
  if (fudge < 0 || fudge > 0x7FFF)
    fudge = FUDGE;

  if (old != null) {
    DNSOutput out = new DNSOutput();
    out.writeU16(old.getSignature().length);
    if (hmac != null) {
      hmac.update(out.toByteArray());
      hmac.update(old.getSignature());
    }
  }

  /* Digest the message */
  if (hmac != null)
    hmac.update(b);

  DNSOutput out = new DNSOutput();
  name.toWireCanonical(out);
  out.writeU16(DClass.ANY)/* class */
  out.writeU32(0);    /* ttl */
  alg.toWireCanonical(out);
  long time = timeSigned.getTime() / 1000;
  int timeHigh = (int) (time >> 32);
  long timeLow = (time & 0xFFFFFFFFL);
  out.writeU16(timeHigh);
  out.writeU32(timeLow);
  out.writeU16(fudge);

  out.writeU16(error);
  out.writeU16(0); /* No other data */

  if (hmac != null)
    hmac.update(out.toByteArray());

  byte [] signature;
  if (hmac != null)
    signature = hmac.sign();
  else
    signature = new byte[0];

  byte [] other = null;
  if (error == Rcode.BADTIME) {
View Full Code Here
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
    apply(m, old);
    return;
  }
  Date timeSigned = new Date();
  int fudge;
  HMAC hmac = new HMAC(digest, key);

  fudge = Options.intValue("tsigfudge");
  if (fudge < 0 || fudge > 0x7FFF)
    fudge = FUDGE;

  DNSOutput out = new DNSOutput();
  out.writeU16(old.getSignature().length);
  hmac.update(out.toByteArray());
  hmac.update(old.getSignature());

  /* Digest the message */
  hmac.update(m.toWire());

  out = new DNSOutput();
  long time = timeSigned.getTime() / 1000;
  int timeHigh = (int) (time >> 32);
  long timeLow = (time & 0xFFFFFFFFL);
  out.writeU16(timeHigh);
  out.writeU32(timeLow);
  out.writeU16(fudge);

  hmac.update(out.toByteArray());

  byte [] signature = hmac.sign();
  byte [] other = null;

  Record r = new TSIGRecord(name, DClass.ANY, 0, alg, timeSigned, fudge,
          signature, m.getHeader().getID(),
          Rcode.NOERROR, other);
View Full Code Here
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
*/
public byte
verify(Message m, byte [] b, int length, TSIGRecord old) {
  m.tsigState = Message.TSIG_FAILED;
  TSIGRecord tsig = m.getTSIG();
  HMAC hmac = new HMAC(digest, key);
  if (tsig == null)
    return Rcode.FORMERR;

  if (!tsig.getName().equals(name) || !tsig.getAlgorithm().equals(alg)) {
    if (Options.check("verbose"))
      System.err.println("BADKEY failure");
    return Rcode.BADKEY;
  }
  long now = System.currentTimeMillis();
  long then = tsig.getTimeSigned().getTime();
  long fudge = tsig.getFudge();
  if (Math.abs(now - then) > fudge * 1000) {
    if (Options.check("verbose"))
      System.err.println("BADTIME failure");
    return Rcode.BADTIME;
  }

  if (old != null && tsig.getError() != Rcode.BADKEY &&
      tsig.getError() != Rcode.BADSIG)
  {
    DNSOutput out = new DNSOutput();
    out.writeU16(old.getSignature().length);
    hmac.update(out.toByteArray());
    hmac.update(old.getSignature());
  }
  m.getHeader().decCount(Section.ADDITIONAL);
  byte [] header = m.getHeader().toWire();
  m.getHeader().incCount(Section.ADDITIONAL);
  hmac.update(header);

  int len = m.tsigstart - header.length; 
  hmac.update(b, header.length, len);

  DNSOutput out = new DNSOutput();
  tsig.getName().toWireCanonical(out);
  out.writeU16(tsig.dclass);
  out.writeU32(tsig.ttl);
  tsig.getAlgorithm().toWireCanonical(out);
  long time = tsig.getTimeSigned().getTime() / 1000;
  int timeHigh = (int) (time >> 32);
  long timeLow = (time & 0xFFFFFFFFL);
  out.writeU16(timeHigh);
  out.writeU32(timeLow);
  out.writeU16(tsig.getFudge());
  out.writeU16(tsig.getError());
  if (tsig.getOther() != null) {
    out.writeU16(tsig.getOther().length);
    out.writeByteArray(tsig.getOther());
  } else {
    out.writeU16(0);
  }

  hmac.update(out.toByteArray());

  if (hmac.verify(tsig.getSignature())) {
    m.tsigState = Message.TSIG_VERIFIED;
    return Rcode.NOERROR;
  } else {
    if (Options.check("verbose"))
      System.err.println("BADSIG failure");
View Full Code Here
436
437
438
439
440
441
442
443
444
  /** Creates an object to verify a multiple message response */
  public
  StreamVerifier(TSIG tsig, TSIGRecord old) {
    key = tsig;
    verifier = new HMAC(key.digest, key.key);
    nresponses = 0;
    lastTSIG = old;
  }
View Full Code Here
TOP

Related Classes of org.xbill.DNS.utils.HMAC

  • org.xbill.DNS.TSIG
  • org.xbill.DNS.TSIG$StreamVerifier
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.