From: Matt Corallo Date: Wed, 3 Apr 2024 08:21:37 +0000 (+0000) Subject: Add support back for SHA-384 DS records X-Git-Tag: v0.5.4~34 X-Git-Url: http://git.bitcoin.ninja/?a=commitdiff_plain;h=9974cddc11a2d958780f056e4e154c7700f0b2e2;p=dnssec-prover Add support back for SHA-384 DS records While these are relatively unused, support for SHA-384 was recently added in `bitcoin_hashes`, which we use here for DS validation. --- diff --git a/Cargo.toml b/Cargo.toml index 93a9d80..7f8d352 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -22,7 +22,7 @@ build_server = ["tokio", "tokio_crate/rt-multi-thread", "tokio_crate/macros"] [dependencies] ring = { version = "0.17", default-features = false, features = ["alloc"], optional = true } -bitcoin_hashes = { version = "0.13", default-features = false, optional = true } +bitcoin_hashes = { version = "0.14", default-features = false, optional = true } hex_lit = { version = "0.1", default-features = false, features = ["rust_v_1_46"], optional = true } tokio_crate = { package = "tokio", version = "1.0", default-features = false, optional = true } diff --git a/src/crypto/hash.rs b/src/crypto/hash.rs index 8b913de..2f86c89 100644 --- a/src/crypto/hash.rs +++ b/src/crypto/hash.rs @@ -5,11 +5,13 @@ use bitcoin_hashes::Hash; use bitcoin_hashes::HashEngine as _; use bitcoin_hashes::sha1::Hash as Sha1; use bitcoin_hashes::sha256::Hash as Sha256; +use bitcoin_hashes::sha384::Hash as Sha384; use bitcoin_hashes::sha512::Hash as Sha512; pub(crate) enum Hasher { Sha1(::Engine), Sha256(::Engine), + Sha384(::Engine), #[allow(unused)] Sha512(::Engine), } @@ -17,6 +19,7 @@ pub(crate) enum Hasher { pub(crate) enum HashResult { Sha1(Sha1), Sha256(Sha256), + Sha384(Sha384), Sha512(Sha512), } @@ -25,6 +28,7 @@ impl AsRef<[u8]> for HashResult { match self { HashResult::Sha1(hash) => hash.as_ref(), HashResult::Sha256(hash) => hash.as_ref(), + HashResult::Sha384(hash) => hash.as_ref(), HashResult::Sha512(hash) => hash.as_ref(), } } @@ -33,6 +37,7 @@ impl AsRef<[u8]> for HashResult { impl Hasher { pub(crate) fn sha1() -> Hasher { Hasher::Sha1(Sha1::engine()) } pub(crate) fn sha256() -> Hasher { Hasher::Sha256(Sha256::engine()) } + pub(crate) fn sha384() -> Hasher { Hasher::Sha384(Sha384::engine()) } #[allow(unused)] pub(crate) fn sha512() -> Hasher { Hasher::Sha512(Sha512::engine()) } @@ -40,6 +45,7 @@ impl Hasher { match self { Hasher::Sha1(hasher) => hasher.input(buf), Hasher::Sha256(hasher) => hasher.input(buf), + Hasher::Sha384(hasher) => hasher.input(buf), Hasher::Sha512(hasher) => hasher.input(buf), } } @@ -48,6 +54,7 @@ impl Hasher { match self { Hasher::Sha1(hasher) => HashResult::Sha1(Sha1::from_engine(hasher)), Hasher::Sha256(hasher) => HashResult::Sha256(Sha256::from_engine(hasher)), + Hasher::Sha384(hasher) => HashResult::Sha384(Sha384::from_engine(hasher)), Hasher::Sha512(hasher) => HashResult::Sha512(Sha512::from_engine(hasher)), } } diff --git a/src/validation.rs b/src/validation.rs index c7f0450..e6b585f 100644 --- a/src/validation.rs +++ b/src/validation.rs @@ -202,7 +202,7 @@ where RI: IntoIterator, R: Iterator, let mut ctx = match ds.digest_type { 1 if trust_sha1 => crypto::hash::Hasher::sha1(), 2 => crypto::hash::Hasher::sha256(), - // TODO: 4 => crypto::hash::Hasher::sha384(), + 4 => crypto::hash::Hasher::sha384(), _ => continue, }; write_name(&mut ctx, &dnskey.name);