- xfr-tsig, create util/tsig.c and util/tsig.h.

2024-09-21 06:37:08 +00:00 · 2023-04-14 14:05:15 +02:00 · 2023-04-14 14:05:15 +02:00 · e6573fc337
commit e6573fc337
parent e11d206a82
3 changed files with 164 additions and 2 deletions
--- a/Makefile.in
+++ b/Makefile.in
@ -130,7 +130,7 @@ util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \
 util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \
 util/rtt.c util/edns.c util/storage/dnstree.c util/storage/lookup3.c \
 util/storage/lruhash.c util/storage/slabhash.c util/tcp_conn_limit.c \
-util/timehist.c util/tube.c util/proxy_protocol.c \
+util/timehist.c util/tsig.c util/tube.c util/proxy_protocol.c \
 util/ub_event.c util/ub_event_pluggable.c util/winsock_event.c \
 validator/autotrust.c validator/val_anchor.c validator/validator.c \
 validator/val_kcache.c validator/val_kentry.c validator/val_neg.c \
@ -147,7 +147,7 @@ iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo view.lo \
 outbound_list.lo alloc.lo config_file.lo configlexer.lo configparser.lo \
 fptr_wlist.lo edns.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \
 random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \
-slabhash.lo tcp_conn_limit.lo timehist.lo tube.lo winsock_event.lo \
+slabhash.lo tcp_conn_limit.lo timehist.lo tsig.lo tube.lo winsock_event.lo \
 autotrust.lo val_anchor.lo rpz.lo proxy_protocol.lo \
 validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
 val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo $(CACHEDB_OBJ) authzone.lo \
@ -700,6 +700,7 @@ depend:

 # build rules
 ipset.lo ipset.o: $(srcdir)/ipset/ipset.c
+tsig.lo tsig.o: $(srcdir)/util/tsig.c config.h $(srcdir)/util/tsig.h

 # Dependencies
 dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
--- a/util/tsig.c
+++ b/util/tsig.c
@ -0,0 +1,43 @@
+/*
+ * util/tsig.c - handle TSIG signatures.
+ *
+ * Copyright (c) 2023, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * \file
+ *
+ * This file contains functions for dealing with TSIG records and signatures.
+ */
+
+#include "config.h"
+#include "util/tsig.h"
--- a/util/tsig.h
+++ b/util/tsig.h
@ -0,0 +1,118 @@
+/*
+ * util/tsig.h - handle TSIG signatures.
+ *
+ * Copyright (c) 2023, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+ * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+ * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+ * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * \file
+ *
+ * This file contains functions for dealing with TSIG records and signatures.
+ */
+
+#ifndef UTIL_TSIG_H
+#define UTIL_TSIG_H
+
+/**
+ * TSIG record, the RR that is in the packet.
+ * The RR Type is TSIG and the RR class is CLASS_ANY. The TTL is 0.
+ */
+struct tsig_record {
+	/** domain name of the RR, the key name. */
+	uint8_t* key_name;
+	/** length of the key_name */
+	size_t key_name_len;
+	/** the algorithm name, as a domain name. */
+	uint8_t* algorithm_name;
+	/** length of the algorithm_name */
+	size_t algorithm_name_len;
+	/** the signed time, high part */
+	uint16_t signed_time_high;
+	/** the signed time, low part */
+	uint32_t signed_time_low;
+	/** the fudge time */
+	uint16_t fudge_time;
+	/** the mac size, uint16_t on the wire */
+	size_t mac_size;
+	/** the mac data */
+	uint8_t* mac_data;
+	/** the original query id */
+	uint16_t original_query_id;
+	/** the tsig error code */
+	uint16_t error_code;
+	/** length of the other data, uint16_t on the wire */
+	size_t other_size;
+	/** the other data */
+	uint8_t* other_data;
+};
+
+/**
+ * TSIG algorithm. This is the HMAC algorithm used for the TSIG mac.
+ */
+struct tsig_algorithm {
+	/** Short name of the algorithm, like "hmac-md5" */
+	char* short_name;
+	/**
+	 * Full wireformat name of the algorith, such as
+	 * "hmac-md5.sig-alg.reg.int."
+	 */
+	uint8_t* wireformat_name;
+	/** length of the wireformat_name */
+	size_t wireformat_name_len;
+};
+
+/**
+ * TSIG key. This is used to sign and verify packets.
+ */
+struct tsig_key {
+	/** name of the key as string */
+	char* name_str;
+	/** algorithm string */
+	char* algo_str;
+	/** the algorithm structure */
+	struct tsig_algorithm* algo;
+	/**
+	 * Name of the key, in wireformat.
+	 * The key name has to be transferred as a domain name, of the TSIG
+	 * RR and thus the key name has to be a wireformat domain name.
+	 */
+	uint8_t* name;
+	/** length of name */
+	size_t name_len;
+	/** the data, with the secret portion of the key. decoded from the
+	 * base64 string with the secret. */
+	uint8_t* data;
+	/** the size of the data */
+	size_t data_len;
+};
+
+#endif /* UTIL_TSIG_H */