- added a unit test for Nsec3Param.getHash()

- fixed a bug in the NSEC3 hashing algorithm


git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1158 e5f2f494-b856-4b98-b285-d166d9295462

src/lib/auth/TODO

@@ -1,4 +1,6 @@
 - change filenames so we don't have everything starting with "data_source_"?
-- clean up SQL data source code
 - store rdata in the database as binary blobs instead of text
-- correct NSEC3 logic
+- correct NSEC3 logic:
+  - closest encloser proof is incorrect; need to send covering NSEC3
+    for the "next closest" name, not necessarily for the name itself
+  - need to check for duplication in the resulting NSEC3's

src/lib/auth/data_source.cc

@@ -821,20 +821,25 @@ Nsec3Param::Nsec3Param(uint8_t a, uint8_t f, uint16_t i,
 string
 Nsec3Param::getHash(const Name& name) const {
     OutputBuffer buf(0);
-
     name.toWire(buf);
-    buf.writeData(&salt_[0], salt_.size());
-    uint8_t* in = (uint8_t*) buf.getData();
-    size_t inlength = buf.getLength();
+
     uint8_t digest[SHA1_HASHSIZE];
-    int n = 0;
+    uint8_t* input = (uint8_t*) buf.getData();
+    size_t inlength = buf.getLength();
+    uint8_t saltlen = salt_.size();
+    uint8_t salt[saltlen];
+    for (int i = 0; i < saltlen; ++i) {
+        salt[i] = salt_[i];
+    }
 
+    int n = 0;
     SHA1Context sha;
     do {
         SHA1Reset(&sha);
-        SHA1Input(&sha, in, inlength);
+        SHA1Input(&sha, input, inlength);
+        SHA1Input(&sha, salt, saltlen);
         SHA1Result(&sha, digest);
-        in = digest;
+        input = digest;
         inlength = SHA1_HASHSIZE;
     } while (n++ < iterations_);
 

src/lib/auth/datasrc_unittest.cc

@@ -478,5 +478,16 @@ TEST_F(DataSrcTest, CNAMELoop) {
     //                    RRType::A());
 }
 
+TEST_F(DataSrcTest, Nsec3Hash) {
+    vector<uint8_t> salt;
+    salt.push_back(0xfe);
+    salt.push_back(0xed);
+    salt.push_back(0xab);
+    salt.push_back(0xee);
+    Nsec3Param nsec3(1, 0, 10, salt);
+    EXPECT_EQ("VIR9KJAPN2FHRLS6EP0JBQ89MBLUE296", nsec3.getHash(Name("test1")));
+    EXPECT_EQ("FHA27EURONFH5640SFJQ8MJAKMCVB7UJ", nsec3.getHash(Name("test2")));
+    EXPECT_EQ("A4M93LR7A60IDDQMO6TCVUPCC60CU38A", nsec3.getHash(Name("test3")));
+}
 }