[master] remove HMAC support from dnssec-keygen

4868.	[func]		dnssec-keygen can no longer generate HMAC keys.
			Use tsig-keygen instead. [RT #46404]

CHANGES

+4868.	[func]		dnssec-keygen can no longer generate HMAC keys.
+			Use tsig-keygen instead. [RT #46404]
+
 4867.	[cleanup]	Normalize rndc on/off commands (validation,
 			querylog, serve-stale) so they all accept the
 			same synonyms for on/off (yes/no, true/false,

bin/dnssec/dnssec-keygen.c

@@ -79,10 +79,7 @@ usage(void) {
 				" | NSEC3DSA |\n");
 	fprintf(stderr, "        RSASHA256 | RSASHA512 | ECCGOST |\n");
 	fprintf(stderr, "        ECDSAP256SHA256 | ECDSAP384SHA384 |\n");
-	fprintf(stderr, "        ED25519 | ED448 | DH |\n");
-	fprintf(stderr, "        HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | "
-				"HMAC-SHA256 | \n");
-	fprintf(stderr, "        HMAC-SHA384 | HMAC-SHA512\n");
+	fprintf(stderr, "        ED25519 | ED448 | DH\n");
 	fprintf(stderr, "    -3: use NSEC3-capable algorithm\n");
 	fprintf(stderr, "    -b <key size in bits>:\n");
 	fprintf(stderr, "        RSAMD5:\t[1024..%d]\n", MAX_RSA);
@@ -99,12 +96,6 @@ usage(void) {
 	fprintf(stderr, "        ECDSAP384SHA384:\tignored\n");
 	fprintf(stderr, "        ED25519:\tignored\n");
 	fprintf(stderr, "        ED448:\tignored\n");
-	fprintf(stderr, "        HMAC-MD5:\t[1..512]\n");
-	fprintf(stderr, "        HMAC-SHA1:\t[1..160]\n");
-	fprintf(stderr, "        HMAC-SHA224:\t[1..224]\n");
-	fprintf(stderr, "        HMAC-SHA256:\t[1..256]\n");
-	fprintf(stderr, "        HMAC-SHA384:\t[1..384]\n");
-	fprintf(stderr, "        HMAC-SHA512:\t[1..512]\n");
 	fprintf(stderr, "        (key size defaults are set according to\n"
 			"        algorithm and usage (ZSK or KSK)\n");
 	fprintf(stderr, "    -n <nametype>: ZONE | HOST | ENTITY | "
@@ -542,8 +533,6 @@ main(int argc, char **argv) {
 					"\"-a RSAMD5\"\n");
 			INSIST(freeit == NULL);
 			return (1);
-		} else if (strcasecmp(algname, "HMAC-MD5") == 0) {
-			alg = DST_ALG_HMACMD5;
 #else
 			fprintf(stderr,
 				"The use of RSA (RSAMD5) was disabled\n");
@@ -553,47 +542,26 @@ main(int argc, char **argv) {
 			fprintf(stderr, "The use of RSAMD5 was disabled\n");
 			INSIST(freeit == NULL);
 			return (1);
-		} else if (strcasecmp(algname, "HMAC-MD5") == 0) {
-			fprintf(stderr,
-				"The use of HMAC-MD5 was disabled\n");
-			return (1);
 #endif
-		} else if (strcasecmp(algname, "HMAC-SHA1") == 0)
-			alg = DST_ALG_HMACSHA1;
-		else if (strcasecmp(algname, "HMAC-SHA224") == 0)
-			alg = DST_ALG_HMACSHA224;
-		else if (strcasecmp(algname, "HMAC-SHA256") == 0)
-			alg = DST_ALG_HMACSHA256;
-		else if (strcasecmp(algname, "HMAC-SHA384") == 0)
-			alg = DST_ALG_HMACSHA384;
-		else if (strcasecmp(algname, "HMAC-SHA512") == 0)
-			alg = DST_ALG_HMACSHA512;
-		else {
+		} else {
 			r.base = algname;
 			r.length = strlen(algname);
 			ret = dns_secalg_fromtext(&alg, &r);
-			if (ret != ISC_R_SUCCESS)
+			if (ret != ISC_R_SUCCESS) {
 				fatal("unknown algorithm %s", algname);
-			if (alg == DST_ALG_DH)
+			}
+			if (alg == DST_ALG_DH) {
 				options |= DST_TYPE_KEY;
+			}
 		}
 
 #ifdef PK11_MD5_DISABLE
-		INSIST((alg != DNS_KEYALG_RSAMD5) && (alg != DST_ALG_HMACMD5));
+		INSIST((alg != DNS_KEYALG_RSAMD5));
 #endif
 
-
-		if (alg == DST_ALG_HMACMD5 || alg == DST_ALG_HMACSHA1 ||
-		    alg == DST_ALG_HMACSHA224 || alg == DST_ALG_HMACSHA256 ||
-		    alg == DST_ALG_HMACSHA384 || alg == DST_ALG_HMACSHA512)
-		{
-			fprintf(stderr,
-				"Use of dnssec-keygen for HMAC keys is "
-				"deprecated: use tsig-keygen\n");
-		}
-
-		if (!dst_algorithm_supported(alg))
+		if (!dst_algorithm_supported(alg)) {
 			fatal("unsupported algorithm: %d", alg);
+		}
 
 		if (use_nsec3) {
 			switch (alg) {
@@ -620,20 +588,20 @@ main(int argc, char **argv) {
 		}
 
 		if (type != NULL && (options & DST_TYPE_KEY) != 0) {
-			if (strcasecmp(type, "NOAUTH") == 0)
+			if (strcasecmp(type, "NOAUTH") == 0) {
 				flags |= DNS_KEYTYPE_NOAUTH;
-			else if (strcasecmp(type, "NOCONF") == 0)
+			} else if (strcasecmp(type, "NOCONF") == 0) {
 				flags |= DNS_KEYTYPE_NOCONF;
-			else if (strcasecmp(type, "NOAUTHCONF") == 0) {
+			} else if (strcasecmp(type, "NOAUTHCONF") == 0) {
 				flags |= (DNS_KEYTYPE_NOAUTH |
 					  DNS_KEYTYPE_NOCONF);
 				if (size < 0)
 					size = 0;
-			}
-			else if (strcasecmp(type, "AUTHCONF") == 0)
+			} else if (strcasecmp(type, "AUTHCONF") == 0) {
 				/* nothing */;
-			else
+			} else {
 				fatal("invalid type %s", type);
+			}
 		}
 
 		if (size < 0) {
@@ -803,78 +771,18 @@ main(int argc, char **argv) {
 	case DST_ALG_ED448:
 		size = 456;
 		break;
-	case DST_ALG_HMACMD5:
-		options |= DST_TYPE_KEY;
-		if (size < 1 || size > 512)
-			fatal("HMAC-MD5 key size %d out of range", size);
-		if (dbits != 0 && (dbits < 80 || dbits > 128))
-			fatal("HMAC-MD5 digest bits %d out of range", dbits);
-		if ((dbits % 8) != 0)
-			fatal("HMAC-MD5 digest bits %d not divisible by 8",
-			      dbits);
-		break;
-	case DST_ALG_HMACSHA1:
-		options |= DST_TYPE_KEY;
-		if (size < 1 || size > 160)
-			fatal("HMAC-SHA1 key size %d out of range", size);
-		if (dbits != 0 && (dbits < 80 || dbits > 160))
-			fatal("HMAC-SHA1 digest bits %d out of range", dbits);
-		if ((dbits % 8) != 0)
-			fatal("HMAC-SHA1 digest bits %d not divisible by 8",
-			      dbits);
-		break;
-	case DST_ALG_HMACSHA224:
-		options |= DST_TYPE_KEY;
-		if (size < 1 || size > 224)
-			fatal("HMAC-SHA224 key size %d out of range", size);
-		if (dbits != 0 && (dbits < 112 || dbits > 224))
-			fatal("HMAC-SHA224 digest bits %d out of range", dbits);
-		if ((dbits % 8) != 0)
-			fatal("HMAC-SHA224 digest bits %d not divisible by 8",
-			      dbits);
-		break;
-	case DST_ALG_HMACSHA256:
-		options |= DST_TYPE_KEY;
-		if (size < 1 || size > 256)
-			fatal("HMAC-SHA256 key size %d out of range", size);
-		if (dbits != 0 && (dbits < 128 || dbits > 256))
-			fatal("HMAC-SHA256 digest bits %d out of range", dbits);
-		if ((dbits % 8) != 0)
-			fatal("HMAC-SHA256 digest bits %d not divisible by 8",
-			      dbits);
-		break;
-	case DST_ALG_HMACSHA384:
-		options |= DST_TYPE_KEY;
-		if (size < 1 || size > 384)
-			fatal("HMAC-384 key size %d out of range", size);
-		if (dbits != 0 && (dbits < 192 || dbits > 384))
-			fatal("HMAC-SHA384 digest bits %d out of range", dbits);
-		if ((dbits % 8) != 0)
-			fatal("HMAC-SHA384 digest bits %d not divisible by 8",
-			      dbits);
-		break;
-	case DST_ALG_HMACSHA512:
-		options |= DST_TYPE_KEY;
-		if (size < 1 || size > 512)
-			fatal("HMAC-SHA512 key size %d out of range", size);
-		if (dbits != 0 && (dbits < 256 || dbits > 512))
-			fatal("HMAC-SHA512 digest bits %d out of range", dbits);
-		if ((dbits % 8) != 0)
-			fatal("HMAC-SHA512 digest bits %d not divisible by 8",
-			      dbits);
-		break;
 	}
 
 	if (alg != DNS_KEYALG_DH && generator != 0)
 		fatal("specified DH generator for a non-DH key");
 
 	if (nametype == NULL) {
-		if ((options & DST_TYPE_KEY) != 0) /* KEY / HMAC */
+		if ((options & DST_TYPE_KEY) != 0) /* KEY */
 			fatal("no nametype specified");
 		flags |= DNS_KEYOWNER_ZONE;	/* DNSKEY */
 	} else if (strcasecmp(nametype, "zone") == 0)
 		flags |= DNS_KEYOWNER_ZONE;
-	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY / HMAC */
+	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY */
 		if (strcasecmp(nametype, "host") == 0 ||
 			 strcasecmp(nametype, "entity") == 0)
 			flags |= DNS_KEYOWNER_ENTITY;
@@ -890,7 +798,7 @@ main(int argc, char **argv) {
 	if (directory == NULL)
 		directory = ".";
 
-	if ((options & DST_TYPE_KEY) != 0)  /* KEY / HMAC */
+	if ((options & DST_TYPE_KEY) != 0)  /* KEY */
 		flags |= signatory;
 	else if ((flags & DNS_KEYOWNER_ZONE) != 0) { /* DNSKEY */
 		flags |= kskflag;
@@ -911,12 +819,11 @@ main(int argc, char **argv) {
 	}
 
 	if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE &&
-	    (alg == DNS_KEYALG_DH || alg == DST_ALG_HMACMD5 ||
-	     alg == DST_ALG_HMACSHA1 || alg == DST_ALG_HMACSHA224 ||
-	     alg == DST_ALG_HMACSHA256 || alg == DST_ALG_HMACSHA384 ||
-	     alg == DST_ALG_HMACSHA512))
+	    alg == DNS_KEYALG_DH)
+	{
 		fatal("a key with algorithm '%s' cannot be a zone key",
 		      algname);
+	}
 
 	switch(alg) {
 	case DNS_KEYALG_RSAMD5:
@@ -939,15 +846,6 @@ main(int argc, char **argv) {
 	case DST_ALG_ED25519:
 	case DST_ALG_ED448:
 		show_progress = ISC_TRUE;
-		/* fall through */
-
-	case DST_ALG_HMACMD5:
-	case DST_ALG_HMACSHA1:
-	case DST_ALG_HMACSHA224:
-	case DST_ALG_HMACSHA256:
-	case DST_ALG_HMACSHA384:
-	case DST_ALG_HMACSHA512:
-		param = 0;
 		break;
 	}
 

bin/dnssec/dnssec-keygen.docbook

@@ -126,16 +126,6 @@
 	    his value will automatically set the <option>-T KEY</option>
 	    option as well.
 	  </para>
-	  <para>
-	    TSIG keys can also be generated by setting the value to
-	    one of HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
-	    HMAC-SHA384, or HMAC-SHA512.  As with DH, specifying these
-	    values will automatically set <option>-T KEY</option>. Note,
-	    however, that <command>tsig-keygen</command> produces TSIG keys
-	    in a more useful format. These algorithms have been deprecated
-	    in <command>dnssec-keygen</command>, and will be removed in a
-	    future release.
-	  </para>
 	  <para>
 	    These values are case insensitive. In some cases, abbreviations
 	    are supported, such as ECDSA256 for ECDSAP256SHA256 and
@@ -144,10 +134,15 @@
 	    or NSEC3DSA will be used instead.
 	  </para>
 	  <para>
-	    As of BIND 9.12.0, this option is mandatory except when using
-	    the <option>-S</option> option, which copies the algorithm from
-	    the predecessor key.  Previously, the default for newly
-	    generated keys was RSASHA1.
+	    This parameter <emphasis>must</emphasis> be specified except
+	    when using the <option>-S</option> option, which copies the
+	    algorithm from the predecessor key.
+	  </para>
+	  <para>
+	    In prior releases, HMAC algorithms could be generated for
+	    use as TSIG keys, but that feature has been removed as of
+	    BIND 9.13.0. Use <command>tsig-keygen</command> to generate
+	    TSIG keys.
 	  </para>
 	</listitem>
       </varlistentry>

bin/dnssec/dnssectool.c

@@ -510,19 +510,11 @@ key_collision(dst_key_t *dstkey, dns_name_t *name, const char *dir,
 	alg = dst_key_alg(dstkey);
 
 	/*
-	 * For HMAC and Diffie Hellman just check if there is a
-	 * direct collision as they can't be revoked.  Additionally
-	 * dns_dnssec_findmatchingkeys only handles DNSKEY which is
-	 * not used for HMAC.
+	 * For Diffie Hellman just check if there is a direct collision as
+	 * they can't be revoked.  Additionally dns_dnssec_findmatchingkeys
+	 * only handles DNSKEY which is not used for HMAC.
 	 */
-	switch (alg) {
-	case DST_ALG_HMACMD5:
-	case DST_ALG_HMACSHA1:
-	case DST_ALG_HMACSHA224:
-	case DST_ALG_HMACSHA256:
-	case DST_ALG_HMACSHA384:
-	case DST_ALG_HMACSHA512:
-	case DST_ALG_DH:
+	if (alg == DST_ALG_DH) {
 		isc_buffer_init(&fileb, filename, sizeof(filename));
 		result = dst_key_buildfilename(dstkey, DST_TYPE_PRIVATE,
 					       dir, &fileb);

bin/tests/system/conf.sh.in

@@ -240,4 +240,5 @@ export SAMPLEUPDATE
 export SIGNER
 export SUBDIRS
 export TESTSOCK6
+export TSIGKEYGEN
 export WIRETEST

bin/tests/system/tsig/clean.sh

@@ -6,8 +6,6 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-# $Id: clean.sh,v 1.6 2007/09/26 03:22:44 marka Exp $
-
 #
 # Clean up after tsig tests.
 #
@@ -16,5 +14,5 @@ rm -f dig.out.*
 rm -f */named.memstats
 rm -f */named.run
 rm -f ns*/named.lock
-rm -f Kexample.net.+163+*
+rm -f Kexample.net.*
 rm -f keygen.out?

bin/tests/system/tsig/tests.sh

@@ -228,13 +228,18 @@ fi
 
 echo "I:check that multiple dnssec-keygen calls don't emit dns_dnssec_findmatchingkeys warning"
 ret=0
-$KEYGEN -r $RANDFILE -a hmac-sha256 -b 128 -n host example.net > keygen.out1 2>&1 || ret=1
+$KEYGEN -r $RANDFILE -a dh -b 128 -n host example.net > keygen.out1 2>&1 || ret=1
 grep dns_dnssec_findmatchingkeys keygen.out1 > /dev/null && ret=1
-$KEYGEN -r $RANDFILE -a hmac-sha256 -b 128 -n host example.net > keygen.out2 2>&1 || ret=1
+$KEYGEN -r $RANDFILE -a dh -b 128 -n host example.net > keygen.out2 2>&1 || ret=1
 grep dns_dnssec_findmatchingkeys keygen.out2 > /dev/null && ret=1
 if [ $ret -eq 1 ] ; then
 	echo "I: failed"; status=1
 fi
 
+echo "I:check that dnssec-keygen won't generate TSIG keys"
+ret=0
+$KEYGEN -r $RANDFILE -a hmac-sha256 -b 128 -n host example.net > keygen.out3 2>&1 && ret=1
+grep "unknown algorithm" keygen.out3 > /dev/null || ret=1
+
 echo "I:exit status: $status"
 [ $status -eq 0 ] || exit 1

doc/arm/notes.xml

@@ -60,6 +60,18 @@
     </itemizedlist>
   </section>
 
+  <section xml:id="relnotes_removed"><info><title>Removed Features</title></info>
+    <itemizedlist>
+      <listitem>
+	<para>
+	  <command>dnssec-keygen</command> can no longer generate HMAC
+	  keys for TSIG authentication. Use <command>tsig-keygen</command>
+	  to generate these keys. [RT #46404]
+	</para>
+      </listitem>
+    </itemizedlist>
+  </section>
+
   <section xml:id="relnotes_changes"><info><title>Feature Changes</title></info>
     <itemizedlist>
       <listitem>