- xfr-tsig, create util/tsig.c and util/tsig.h.

diff --git a/Makefile.in b/Makefile.in
index bc021aa1eb0077e7781dc6b7959248a6f53c1ac9..1b5bc12ee203955fa7cacb3c5bd523d0b1bab746 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -130,7 +130,7 @@ util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \
 util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \
 util/rtt.c util/edns.c util/storage/dnstree.c util/storage/lookup3.c \
 util/storage/lruhash.c util/storage/slabhash.c util/tcp_conn_limit.c \
-util/timehist.c util/tube.c util/proxy_protocol.c \
+util/timehist.c util/tsig.c util/tube.c util/proxy_protocol.c \
 util/ub_event.c util/ub_event_pluggable.c util/winsock_event.c \
 validator/autotrust.c validator/val_anchor.c validator/validator.c \
 validator/val_kcache.c validator/val_kentry.c validator/val_neg.c \
@@ -147,7 +147,7 @@ iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo view.lo \
 outbound_list.lo alloc.lo config_file.lo configlexer.lo configparser.lo \
 fptr_wlist.lo edns.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \
 random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \
-slabhash.lo tcp_conn_limit.lo timehist.lo tube.lo winsock_event.lo \
+slabhash.lo tcp_conn_limit.lo timehist.lo tsig.lo tube.lo winsock_event.lo \
 autotrust.lo val_anchor.lo rpz.lo proxy_protocol.lo \
 validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
 val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo $(CACHEDB_OBJ) authzone.lo \
@@ -700,6 +700,7 @@ depend:
 
 # build rules
 ipset.lo ipset.o: $(srcdir)/ipset/ipset.c
+tsig.lo tsig.o: $(srcdir)/util/tsig.c config.h $(srcdir)/util/tsig.h
 
 # Dependencies
 dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \

diff --git a/util/tsig.c b/util/tsig.c
new file mode 100644 (file)
index 0000000..d8cafac
--- /dev/null
+++ b/util/tsig.c
@@ -0,0 +1,43 @@
+/*
+ * util/tsig.c - handle TSIG signatures.
+ *
+ * Copyright (c) 2023, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * \file
+ *
+ * This file contains functions for dealing with TSIG records and signatures.
+ */
+
+#include "config.h"
+#include "util/tsig.h"

diff --git a/util/tsig.h b/util/tsig.h
new file mode 100644 (file)
index 0000000..e4613ba
--- /dev/null
+++ b/util/tsig.h
@@ -0,0 +1,118 @@
+/*
+ * util/tsig.h - handle TSIG signatures.
+ *
+ * Copyright (c) 2023, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * \file
+ *
+ * This file contains functions for dealing with TSIG records and signatures.
+ */
+
+#ifndef UTIL_TSIG_H
+#define UTIL_TSIG_H
+
+/**
+ * TSIG record, the RR that is in the packet.
+ * The RR Type is TSIG and the RR class is CLASS_ANY. The TTL is 0.
+ */
+struct tsig_record {
+       /** domain name of the RR, the key name. */
+       uint8_t* key_name;
+       /** length of the key_name */
+       size_t key_name_len;
+       /** the algorithm name, as a domain name. */
+       uint8_t* algorithm_name;
+       /** length of the algorithm_name */
+       size_t algorithm_name_len;
+       /** the signed time, high part */
+       uint16_t signed_time_high;
+       /** the signed time, low part */
+       uint32_t signed_time_low;
+       /** the fudge time */
+       uint16_t fudge_time;
+       /** the mac size, uint16_t on the wire */
+       size_t mac_size;
+       /** the mac data */
+       uint8_t* mac_data;
+       /** the original query id */
+       uint16_t original_query_id;
+       /** the tsig error code */
+       uint16_t error_code;
+       /** length of the other data, uint16_t on the wire */
+       size_t other_size;
+       /** the other data */
+       uint8_t* other_data;
+};
+
+/**
+ * TSIG algorithm. This is the HMAC algorithm used for the TSIG mac.
+ */
+struct tsig_algorithm {
+       /** Short name of the algorithm, like "hmac-md5" */
+       char* short_name;
+       /**
+        * Full wireformat name of the algorith, such as
+        * "hmac-md5.sig-alg.reg.int."
+        */
+       uint8_t* wireformat_name;
+       /** length of the wireformat_name */
+       size_t wireformat_name_len;
+};
+
+/**
+ * TSIG key. This is used to sign and verify packets.
+ */
+struct tsig_key {
+       /** name of the key as string */
+       char* name_str;
+       /** algorithm string */
+       char* algo_str;
+       /** the algorithm structure */
+       struct tsig_algorithm* algo;
+       /**
+        * Name of the key, in wireformat.
+        * The key name has to be transferred as a domain name, of the TSIG
+        * RR and thus the key name has to be a wireformat domain name.
+        */
+       uint8_t* name;
+       /** length of name */
+       size_t name_len;
+       /** the data, with the secret portion of the key. decoded from the
+        * base64 string with the secret. */
+       uint8_t* data;
+       /** the size of the data */
+       size_t data_len;
+};
+
+#endif /* UTIL_TSIG_H */