From: W.C.A. Wijngaards Date: Fri, 14 Apr 2023 12:05:15 +0000 (+0200) Subject: - xfr-tsig, create util/tsig.c and util/tsig.h. X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=e6573fc33797517c2f6fab5bb8e730c73b7f4aef;p=thirdparty%2Funbound.git - xfr-tsig, create util/tsig.c and util/tsig.h. --- diff --git a/Makefile.in b/Makefile.in index bc021aa1e..1b5bc12ee 100644 --- a/Makefile.in +++ b/Makefile.in @@ -130,7 +130,7 @@ util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \ util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \ util/rtt.c util/edns.c util/storage/dnstree.c util/storage/lookup3.c \ util/storage/lruhash.c util/storage/slabhash.c util/tcp_conn_limit.c \ -util/timehist.c util/tube.c util/proxy_protocol.c \ +util/timehist.c util/tsig.c util/tube.c util/proxy_protocol.c \ util/ub_event.c util/ub_event_pluggable.c util/winsock_event.c \ validator/autotrust.c validator/val_anchor.c validator/validator.c \ validator/val_kcache.c validator/val_kentry.c validator/val_neg.c \ @@ -147,7 +147,7 @@ iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo view.lo \ outbound_list.lo alloc.lo config_file.lo configlexer.lo configparser.lo \ fptr_wlist.lo edns.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \ random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \ -slabhash.lo tcp_conn_limit.lo timehist.lo tube.lo winsock_event.lo \ +slabhash.lo tcp_conn_limit.lo timehist.lo tsig.lo tube.lo winsock_event.lo \ autotrust.lo val_anchor.lo rpz.lo proxy_protocol.lo \ validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \ val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo $(CACHEDB_OBJ) authzone.lo \ @@ -700,6 +700,7 @@ depend: # build rules ipset.lo ipset.o: $(srcdir)/ipset/ipset.c +tsig.lo tsig.o: $(srcdir)/util/tsig.c config.h $(srcdir)/util/tsig.h # Dependencies dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \ diff --git a/util/tsig.c b/util/tsig.c new file mode 100644 index 000000000..d8cafacba --- /dev/null +++ b/util/tsig.c @@ -0,0 +1,43 @@ +/* + * util/tsig.c - handle TSIG signatures. + * + * Copyright (c) 2023, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains functions for dealing with TSIG records and signatures. + */ + +#include "config.h" +#include "util/tsig.h" diff --git a/util/tsig.h b/util/tsig.h new file mode 100644 index 000000000..e4613badd --- /dev/null +++ b/util/tsig.h @@ -0,0 +1,118 @@ +/* + * util/tsig.h - handle TSIG signatures. + * + * Copyright (c) 2023, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/** + * \file + * + * This file contains functions for dealing with TSIG records and signatures. + */ + +#ifndef UTIL_TSIG_H +#define UTIL_TSIG_H + +/** + * TSIG record, the RR that is in the packet. + * The RR Type is TSIG and the RR class is CLASS_ANY. The TTL is 0. + */ +struct tsig_record { + /** domain name of the RR, the key name. */ + uint8_t* key_name; + /** length of the key_name */ + size_t key_name_len; + /** the algorithm name, as a domain name. */ + uint8_t* algorithm_name; + /** length of the algorithm_name */ + size_t algorithm_name_len; + /** the signed time, high part */ + uint16_t signed_time_high; + /** the signed time, low part */ + uint32_t signed_time_low; + /** the fudge time */ + uint16_t fudge_time; + /** the mac size, uint16_t on the wire */ + size_t mac_size; + /** the mac data */ + uint8_t* mac_data; + /** the original query id */ + uint16_t original_query_id; + /** the tsig error code */ + uint16_t error_code; + /** length of the other data, uint16_t on the wire */ + size_t other_size; + /** the other data */ + uint8_t* other_data; +}; + +/** + * TSIG algorithm. This is the HMAC algorithm used for the TSIG mac. + */ +struct tsig_algorithm { + /** Short name of the algorithm, like "hmac-md5" */ + char* short_name; + /** + * Full wireformat name of the algorith, such as + * "hmac-md5.sig-alg.reg.int." + */ + uint8_t* wireformat_name; + /** length of the wireformat_name */ + size_t wireformat_name_len; +}; + +/** + * TSIG key. This is used to sign and verify packets. + */ +struct tsig_key { + /** name of the key as string */ + char* name_str; + /** algorithm string */ + char* algo_str; + /** the algorithm structure */ + struct tsig_algorithm* algo; + /** + * Name of the key, in wireformat. + * The key name has to be transferred as a domain name, of the TSIG + * RR and thus the key name has to be a wireformat domain name. + */ + uint8_t* name; + /** length of name */ + size_t name_len; + /** the data, with the secret portion of the key. decoded from the + * base64 string with the secret. */ + uint8_t* data; + /** the size of the data */ + size_t data_len; +}; + +#endif /* UTIL_TSIG_H */