Re: [DNSOP] Any suggestion on what I'm doing that is stupid here on NSEC3?

Shumon Huque <shuque@upenn.edu> Wed, 12 February 2014 15:57 UTC

Return-Path: <shuque@upenn.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 67D3E1A09BD for <dnsop@ietfa.amsl.com>; Wed, 12 Feb 2014 07:57:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.989
X-Spam-Level:
X-Spam-Status: No, score=-2.989 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, GB_I_LETTER=-2, HOST_MISMATCH_COM=0.311, J_CHICKENPOX_24=0.6] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wBDQAN_F9sPo for <dnsop@ietfa.amsl.com>; Wed, 12 Feb 2014 07:57:11 -0800 (PST)
Received: from mopeypopo.net.isc.upenn.edu (www.huque.com [IPv6:2607:f470:2:1::a:2]) by ietfa.amsl.com (Postfix) with ESMTP id 1ADE41A0601 for <dnsop@ietf.org>; Wed, 12 Feb 2014 07:57:11 -0800 (PST)
Received: by mopeypopo.net.isc.upenn.edu (Postfix, from userid 500) id 0B0C6A01A1; Wed, 12 Feb 2014 10:57:10 -0500 (EST)
Date: Wed, 12 Feb 2014 10:57:09 -0500
From: Shumon Huque <shuque@upenn.edu>
To: Nicholas Weaver <nweaver@icsi.berkeley.edu>
Message-ID: <20140212155709.GA15950@upenn.edu>
References: <390BFAA1-3108-4922-A6C0-E666C0BD25A9@icsi.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <390BFAA1-3108-4922-A6C0-E666C0BD25A9@icsi.berkeley.edu>
Organization: University of Pennsylvania
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: dnsop WG <dnsop@ietf.org>
Subject: Re: [DNSOP] Any suggestion on what I'm doing that is stupid here on NSEC3?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Feb 2014 15:57:13 -0000

It might be because NSEC3 uses base32 with extended hex alphabet.
Looks like you're using plain base32.

See http://tools.ietf.org/html/rfc4648#section-7

--Shumon.

On Wed, Feb 12, 2014 at 07:35:47AM -0800, Nicholas Weaver wrote:
> I'm trying to do my own implementation of NSEC3 as part of my dynamic DNSSEC server (in order to do NSEC3 lies for NXDOMAIN, since you can't do such a lie with NSEC, NSEC lies only allow "0 answer noerror" which is unfortunately NOT the same)
> 
> But I appear to be doing something stupid, and am not operating the hash right:
> 
> 
> 
> Looking at com, the NSEC3 for "com" is:
> CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - ...
> 
> (Algorithm 1 -> SHA-1, flag = 1, iterations = 0, salt = None, fetched by "dig +dnssec MX com @a.gtld-servers.net")
> 
> Reading RFC5155, the calculation of the hash is:
> 
> >    The hash calculation uses three of the NSEC3 RDATA fields: Hash
> >    Algorithm, Salt, and Iterations.
> > 
> >    Define H(x) to be the hash of x using the Hash Algorithm selected by
> >    the NSEC3 RR, k to be the number of Iterations, and || to indicate
> >    concatenation.  Then define:
> > 
> >       IH(salt, x, 0) = H(x || salt), and
> > 
> >       IH(salt, x, k) = H(IH(salt, x, k-1) || salt), if k > 0
> > 
> >    Then the calculated hash of an owner name is
> > 
> >       IH(salt, owner name, iterations),
> > 
> >    where the owner name is in the canonical form, defined as:
> > 
> >    The wire format of the owner name where:
> > 
> >    1.  The owner name is fully expanded (no DNS name compression) and
> >        fully qualified;
> > 
> >    2.  All uppercase US-ASCII letters are replaced by the corresponding
> >        lowercase US-ASCII letters;
> > 
> >    3.  If the owner name is a wildcard name, the owner name is in its
> >        original unexpanded form, including the "*" label (no wildcard
> >        substitution);
> 
> So it should be the base32 encoding of the SHA1 hash of the wire format for "com" (since there is no salt), which in python is:
> 
> "\x03com\x00", (3 characters, the string "com", and 0 as a terminator in wire format.  This matches the wire format I get from my name packer in my DNS server)
> 
> Yet when I try to calculate the SHA1 hash in python's library, I get:
> >>> m = hashlib.sha1() 
> >>> m.update("\x03com\x00") # There is no salt and 0 additional iterations
> >>> base64.b32encode(m.digest()) 
> 'MUAZYTWQIHEVT3OPHOPXIEDA27S5IL4W'
> >>> m.hexdigest()
> '65019c4ed041c959edcf3b9f741060d7e5d42f96'
> 
> But at the same time, this matches the sha1sum for a file containing just the string "\x03com\x00", so the hash is correct for sha1.
> 
> 
> So the conclusion is I'm not putting in the right input into the hash function.  Thoughts on what I'm doing wrong?
> 
> --
> Nicholas Weaver                  it is a tale, told by an idiot,
> nweaver@icsi.berkeley.edu                full of sound and fury,
> 510-666-2903                                 .signifying nothing
> PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc
> 



> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop


-- 
Shumon Huque
University of Pennsylvania.