Commit 37ad2d4d authored by Evan Hunt's avatar Evan Hunt Committed by Mark Andrews

Add support for ZONEMD

(cherry picked from commit 3183663d)
parent 060dd0a3
......@@ -368,7 +368,14 @@ openpgpkey OPENPGPKEY ( AQMFD5raczCJHViKtLYhWGz8hMY
csync01 CSYNC 0 0 A NS AAAA
csync02 CSYNC 0 0
; type 63 -- 98 (unassigned)
;type 63
zonemd01 ZONEMD 2019020700 1 0 (
C220B8A6ED5728A971902F7E3D4FD93A
DEEA88B0453C2E8E8C863D465AB06CF3
4EB95B266398C98B59124FA239CB7EEB
)
; type 64 -- 98 (unassigned)
; type 99
spf01 SPF "v=spf1 -all"
......
......@@ -58,6 +58,7 @@ CDS
CDNSKEY
OPENPGPKEY
CSYNC
ZONEMD
SPF
UINFO
UID
......
......@@ -165,6 +165,7 @@ wks01.example. 3600 IN WKS 10.0.0.1 6 0 1 2 21 23
wks02.example. 3600 IN WKS 10.0.0.1 17 0 1 2 53
wks03.example. 3600 IN WKS 10.0.0.2 6 65535
x2501.example. 3600 IN X25 "123456789"
zonemd01.example. 3600 IN ZONEMD 2019020700 1 0 C220B8A6ED5728A971902F7E3D4FD93ADEEA88B0453C2E8E8C863D46 5AB06CF34EB95B266398C98B59124FA239CB7EEB
8f1tmio9avcom2k0frp92lgcumak0cad.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C 8FPNS2UCT7FBS643THP2B77PEQ77K6IU A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM
kcd3juae64f9c5csl1kif1htaui7un0g.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C KD5MN2M20340DGO0BL7NTSB8JP4BSC7E
mr5ukvsk1l37btu4q7b1dfevft4hkqdk.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C MT38J6VG7S0SN5G17MCUF6IQIKFUAJ05 A AAAA RRSIG
......
......@@ -165,6 +165,7 @@ wks01.example. 3600 IN WKS 10.0.0.1 6 0 1 2 21 23
wks02.example. 3600 IN WKS 10.0.0.1 17 0 1 2 53
wks03.example. 3600 IN WKS 10.0.0.2 6 65535
x2501.example. 3600 IN X25 "123456789"
zonemd01.example. 3600 IN ZONEMD 2019020700 1 0 C220B8A6ED5728A971902F7E3D4FD93ADEEA88B0453C2E8E8C863D46 5AB06CF34EB95B266398C98B59124FA239CB7EEB
8f1tmio9avcom2k0frp92lgcumak0cad.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C 8FPNS2UCT7FBS643THP2B77PEQ77K6IU A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM
kcd3juae64f9c5csl1kif1htaui7un0g.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C KD5MN2M20340DGO0BL7NTSB8JP4BSC7E
mr5ukvsk1l37btu4q7b1dfevft4hkqdk.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C MT38J6VG7S0SN5G17MCUF6IQIKFUAJ05 A AAAA RRSIG
......
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/* draft-wessels-zone-digest-05 */
#ifndef RDATA_GENERIC_ZONEMD_63_C
#define RDATA_GENERIC_ZONEMD_63_C
#define RRTYPE_ZONEMD_ATTRIBUTES 0
static inline isc_result_t
fromtext_zonemd(ARGS_FROMTEXT) {
isc_token_t token;
int digest_type, length;
UNUSED(type);
UNUSED(rdclass);
UNUSED(origin);
UNUSED(options);
UNUSED(callbacks);
/*
* Serial.
*/
RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
false));
RETERR(uint32_tobuffer(token.value.as_ulong, target));
/*
* Digest type.
*/
RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
false));
digest_type = token.value.as_ulong;
RETERR(uint8_tobuffer(digest_type, target));
/*
* Reserved.
*/
RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
false));
RETERR(uint8_tobuffer(token.value.as_ulong, target));
/*
* Digest.
*/
switch (digest_type) {
case DNS_ZONEMD_DIGEST_SHA384:
length = ISC_SHA384_DIGESTLENGTH;
break;
default:
length = -2;
break;
}
return (isc_hex_tobuffer(lexer, target, length));
}
static inline isc_result_t
totext_zonemd(ARGS_TOTEXT) {
isc_region_t sr;
char buf[sizeof("0123456789")];
unsigned long num;
REQUIRE(rdata->length != 0);
UNUSED(tctx);
dns_rdata_toregion(rdata, &sr);
/*
* Serial.
*/
num = uint32_fromregion(&sr);
isc_region_consume(&sr, 4);
snprintf(buf, sizeof(buf), "%lu", num);
RETERR(str_totext(buf, target));
RETERR(str_totext(" ", target));
/*
* Digest type.
*/
num = uint8_fromregion(&sr);
isc_region_consume(&sr, 1);
snprintf(buf, sizeof(buf), "%lu", num);
RETERR(str_totext(buf, target));
RETERR(str_totext(" ", target));
/*
* Reserved.
*/
num = uint8_fromregion(&sr);
isc_region_consume(&sr, 1);
snprintf(buf, sizeof(buf), "%lu", num);
RETERR(str_totext(buf, target));
/*
* Digest.
*/
if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
RETERR(str_totext(" (", target));
RETERR(str_totext(tctx->linebreak, target));
if ((tctx->flags & DNS_STYLEFLAG_NOCRYPTO) == 0) {
if (tctx->width == 0) /* No splitting */
RETERR(isc_hex_totext(&sr, 0, "", target));
else
RETERR(isc_hex_totext(&sr, tctx->width - 2,
tctx->linebreak, target));
} else {
RETERR(str_totext("[omitted]", target));
}
if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) {
RETERR(str_totext(" )", target));
}
return (ISC_R_SUCCESS);
}
static inline isc_result_t
fromwire_zonemd(ARGS_FROMWIRE) {
isc_region_t sr;
UNUSED(type);
UNUSED(rdclass);
UNUSED(dctx);
UNUSED(options);
isc_buffer_activeregion(source, &sr);
/*
* Check digest lengths if we know them.
*/
if (sr.length < 6 ||
(sr.base[4] == DNS_ZONEMD_DIGEST_SHA384 &&
sr.length < 6 + ISC_SHA384_DIGESTLENGTH))
{
return (ISC_R_UNEXPECTEDEND);
}
/*
* Only copy digest lengths if we know them.
* If there is extra data dns_rdata_fromwire() will
* detect that.
*/
if (sr.base[4] == DNS_ZONEMD_DIGEST_SHA384) {
sr.length = 6 + ISC_SHA384_DIGESTLENGTH;
}
isc_buffer_forward(source, sr.length);
return (mem_tobuffer(target, sr.base, sr.length));
}
static inline isc_result_t
towire_zonemd(ARGS_TOWIRE) {
isc_region_t sr;
REQUIRE(rdata->type == dns_rdatatype_zonemd);
REQUIRE(rdata->length != 0);
UNUSED(cctx);
dns_rdata_toregion(rdata, &sr);
return (mem_tobuffer(target, sr.base, sr.length));
}
static inline int
compare_zonemd(ARGS_COMPARE) {
isc_region_t r1;
isc_region_t r2;
REQUIRE(rdata1->type == rdata2->type);
REQUIRE(rdata1->rdclass == rdata2->rdclass);
REQUIRE(rdata1->type == dns_rdatatype_zonemd);
REQUIRE(rdata1->length != 0);
REQUIRE(rdata2->length != 0);
dns_rdata_toregion(rdata1, &r1);
dns_rdata_toregion(rdata2, &r2);
return (isc_region_compare(&r1, &r2));
}
static inline isc_result_t
fromstruct_zonemd(ARGS_FROMSTRUCT) {
dns_rdata_zonemd_t *zonemd = source;
REQUIRE(source != NULL);
REQUIRE(zonemd->common.rdtype == type);
REQUIRE(zonemd->common.rdclass == rdclass);
UNUSED(type);
UNUSED(rdclass);
switch (zonemd->digest_type) {
case DNS_ZONEMD_DIGEST_SHA384:
REQUIRE(zonemd->length == ISC_SHA384_DIGESTLENGTH);
break;
}
RETERR(uint32_tobuffer(zonemd->serial, target));
RETERR(uint8_tobuffer(zonemd->digest_type, target));
RETERR(uint8_tobuffer(zonemd->reserved, target));
return (mem_tobuffer(target, zonemd->digest, zonemd->length));
}
static inline isc_result_t
tostruct_zonemd(ARGS_TOSTRUCT) {
dns_rdata_zonemd_t *zonemd = target;
isc_region_t region;
REQUIRE(rdata->type == dns_rdatatype_zonemd);
REQUIRE(target != NULL);
REQUIRE(rdata->length != 0);
zonemd->common.rdclass = rdata->rdclass;
zonemd->common.rdtype = rdata->type;
ISC_LINK_INIT(&zonemd->common, link);
dns_rdata_toregion(rdata, &region);
zonemd->serial = uint32_fromregion(&region);
isc_region_consume(&region, 4);
zonemd->digest_type = uint8_fromregion(&region);
isc_region_consume(&region, 1);
zonemd->reserved = uint8_fromregion(&region);
isc_region_consume(&region, 1);
zonemd->length = region.length;
zonemd->digest = mem_maybedup(mctx, region.base, region.length);
if (zonemd->digest == NULL) {
return (ISC_R_NOMEMORY);
}
zonemd->mctx = mctx;
return (ISC_R_SUCCESS);
}
static inline void
freestruct_zonemd(ARGS_FREESTRUCT) {
dns_rdata_zonemd_t *zonemd = source;
REQUIRE(zonemd != NULL);
REQUIRE(zonemd->common.rdtype == dns_rdatatype_zonemd);
if (zonemd->mctx == NULL) {
return;
}
if (zonemd->digest != NULL) {
isc_mem_free(zonemd->mctx, zonemd->digest);
}
zonemd->mctx = NULL;
}
static inline isc_result_t
additionaldata_zonemd(ARGS_ADDLDATA) {
REQUIRE(rdata->type == dns_rdatatype_zonemd);
UNUSED(rdata);
UNUSED(add);
UNUSED(arg);
return (ISC_R_SUCCESS);
}
static inline isc_result_t
digest_zonemd(ARGS_DIGEST) {
isc_region_t r;
REQUIRE(rdata->type == dns_rdatatype_zonemd);
dns_rdata_toregion(rdata, &r);
return ((digest)(arg, &r));
}
static inline bool
checkowner_zonemd(ARGS_CHECKOWNER) {
REQUIRE(type == dns_rdatatype_zonemd);
UNUSED(name);
UNUSED(type);
UNUSED(rdclass);
UNUSED(wildcard);
return (true);
}
static inline bool
checknames_zonemd(ARGS_CHECKNAMES) {
REQUIRE(rdata->type == dns_rdatatype_zonemd);
UNUSED(rdata);
UNUSED(owner);
UNUSED(bad);
return (true);
}
static inline int
casecompare_zonemd(ARGS_COMPARE) {
return (compare_zonemd(rdata1, rdata2));
}
#endif /* RDATA_GENERIC_ZONEMD_63_C */
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
#ifndef GENERIC_ZONEMD_63_H
#define GENERIC_ZONEMD_63_H 1
/* Digest type(s). Currently only SHA-384 is defined. */
#define DNS_ZONEMD_DIGEST_SHA384 (1)
/*
* \brief per draft-wessels-zone-digest-05
*/
typedef struct dns_rdata_zonemd {
dns_rdatacommon_t common;
isc_mem_t *mctx;
uint32_t serial;
uint8_t digest_type;
uint8_t reserved;
unsigned char *digest;
uint16_t length;
} dns_rdata_zonemd_t;
#endif /* GENERIC_ZONEMD_63_H */
......@@ -1579,6 +1579,129 @@ wks(void **state) {
dns_rdatatype_wks, sizeof(dns_rdata_in_wks_t));
}
/*
* ZONEMD tests.
*
* Excerpted from draft-wessels-dns-zone-digest:
*
* The ZONEMD RDATA wire format is encoded as follows:
*
* 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Serial |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Digest Type | Reserved | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |
* | Digest |
* / /
* / /
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*
* 2.1.1. The Serial Field
*
* The Serial field is a 32-bit unsigned integer in network order. It
* is equal to the serial number from the zone's SOA record
*
* 2.1.2. The Digest Type Field
*
* The Digest Type field is an 8-bit unsigned integer that identifies
* the algorithm used to construct the digest.
*
* At the time of this writing, SHA384, with value 1, is the only Digest
* Type defined for ZONEMD records.
*
* 2.1.3. The Reserved Field
*
* The Reserved field is an 8-bit unsigned integer, which is always set
* to zero.
*
* 2.1.4. The Digest Field
*
* The Digest field is a variable-length sequence of octets containing
* the message digest.
*/
static void
zonemd(void **state) {
text_ok_t text_ok[] = {
TEXT_INVALID(""),
TEXT_INVALID("0"),
TEXT_INVALID("0 0"),
TEXT_INVALID("0 0 0"),
TEXT_INVALID("99999999 0 0"),
TEXT_INVALID("2019020700 0 0 "),
TEXT_INVALID("2019020700 1 0 DEADBEEF"),
TEXT_VALID("2019020700 2 0 DEADBEEF"),
TEXT_VALID("2019020700 1 0 7162D2BB75C047A53DE98767C9192BEB"
"14DB01E7E2267135DAF0230A 19BA4A31"
"6AF6BF64AA5C7BAE24B2992850300509"),
TEXT_SENTINEL()
};
wire_ok_t wire_ok[] = {
/*
* Short.
*/
WIRE_INVALID(0x00),
/*
* Short.
*/
WIRE_INVALID(0x00, 0x00),
/*
* Short.
*/
WIRE_INVALID(0x00, 0x00, 0x00),
/*
* Short.
*/
WIRE_INVALID(0x00, 0x00, 0x00, 0x00),
/*
* Short.
*/
WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00),
/*
* Serial + type + reserved only - digest type
* undefined, so we accept the missing digest.
*/
WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
/*
* SHA-384 is defined, so we insist there be a digest.
*/
WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00),
/*
* Four octets, too short for SHA-384.
*/
WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
0xde, 0xad, 0xbe, 0xef),
/*
* Digest type undefined, so accept the short digest.
*/
WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0xff, 0x00,
0xde, 0xad, 0xbe, 0xef),
/*
* 48 octets, valid for SHA-384.
*/
WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce),
/*
* Sentinel.
*/
WIRE_SENTINEL()
};
UNUSED(state);
check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in,
dns_rdatatype_zonemd, sizeof(dns_rdata_zonemd_t));
}
static void
atcname(void **state) {
unsigned int i;
......@@ -1681,6 +1804,7 @@ main(void) {
cmocka_unit_test_setup_teardown(nsec3, _setup, _teardown),
cmocka_unit_test_setup_teardown(nxt, _setup, _teardown),
cmocka_unit_test_setup_teardown(wks, _setup, _teardown),
cmocka_unit_test_setup_teardown(zonemd, _setup, _teardown),
cmocka_unit_test_setup_teardown(atcname, NULL, NULL),
cmocka_unit_test_setup_teardown(atparent, NULL, NULL),
cmocka_unit_test_setup_teardown(iszonecutauth, NULL, NULL),
......
......@@ -3559,6 +3559,8 @@
./lib/dns/rdata/generic/uri_256.h C 2011,2012,2016,2018,2019
./lib/dns/rdata/generic/x25_19.c C 1999,2000,2001,2002,2004,2005,2007,2009,2014,2015,2016,2018,2019
./lib/dns/rdata/generic/x25_19.h C 1999,2000,2001,2004,2005,2007,2016,2018,2019
./lib/dns/rdata/generic/zonemd_63.c C 2019
./lib/dns/rdata/generic/zonemd_63.h C 2019
./lib/dns/rdata/hs_4/a_1.c C 1999,2000,2001,2002,2004,2007,2009,2014,2015,2016,2018,2019
./lib/dns/rdata/hs_4/a_1.h C 1999,2000,2001,2004,2005,2007,2016,2018,2019
./lib/dns/rdata/in_1/a6_38.c C 1999,2000,2001,2002,2003,2004,2007,2009,2014,2015,2016,2017,2018,2019
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment