Bug#700618: Net::DNS::TSIG: please support hmac-sha1 .. hmac-sha512

[Ivan Shmakov]

Package: libnet-dns-perl
Version: 0.66-2+b2

        Please add support for the hmac-sha1, hmac-sha224, hmac-sha256,
        hmac-sha384, hmac-sha512 algorithms (as per RFC 4635.)

        An example algorithm switcher (untested) is MIME'd.  Please
        note, however, that it relies on a patched version of
        Digest::HMAC, which allows passing an instantiated Digest object
        to the Digest::HMAC->new () constructor.

-- 
FSF associate member #7257      np. Rime of the Ancient Mariner — Iron Maiden

require Digest;
require Digest::HMAC;
require MIME::Base64;

## based on Net::DNS::RR::TSIG::sign_hmac
sub new_sign_hmac {
    my ($digest, $block_size) = @_;

    ## .
    sub {
        my ($key_s, $data) = @_;
        $key_s =~ s/\s//g;
        my $key
            = MIME::Base64::decode_base64 ($key_s);
        my $hmac
            = Digest::HMAC->new ($key, $digest, $block_size);
        $hmac->add ($data);

        ## .
        $hmac->digest ();
    }
}

## NB: a value is either a CODE reference, or [ "digest", block_size ]
our $rr_tsig_algo_info = {
    "HMAC-MD5.SIG-ALG.REG.INT"  => [ "MD5",  64 ],
    "hmac-sha1"     => [ "SHA-1",    64 ],
    "hmac-sha224"   => [ "SHA-224",  64 ],
    "hmac-sha256"   => [ "SHA-256",  64 ],
    "hmac-sha384"   => [ "SHA-384", 128 ],
    "hmac-sha512"   => [ "SHA-512", 128 ]
};

sub rr_tsig_algo {
    my ($tsig, $algo) = @_;
    my $hmac
        = $rr_tsig_algo_info->{$algo};

    ## .
    return undef
        unless (defined ($hmac));

    $tsig->{"sign_func"}
        = (ref ($hmac) eq "CODE"
           ? $hmac
           : new_sign_hmac (Digest->new ($hmac->[0]), $hmac->[1]));
    $tsig->{"algorithm"}
        = $algo;

    ## .
    $tsig;
}

# my $tsig
#     = Net::DNS::TSIG->new (...)
#     or die ();
# rr_tsig_algo ($tsig, "hmac-sha512")
#     or die ();