mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
- xfr-tsig, create util/tsig.c and util/tsig.h.
This commit is contained in:
parent
e11d206a82
commit
e6573fc337
@ -130,7 +130,7 @@ util/fptr_wlist.c util/locks.c util/log.c util/mini_event.c util/module.c \
|
||||
util/netevent.c util/net_help.c util/random.c util/rbtree.c util/regional.c \
|
||||
util/rtt.c util/edns.c util/storage/dnstree.c util/storage/lookup3.c \
|
||||
util/storage/lruhash.c util/storage/slabhash.c util/tcp_conn_limit.c \
|
||||
util/timehist.c util/tube.c util/proxy_protocol.c \
|
||||
util/timehist.c util/tsig.c util/tube.c util/proxy_protocol.c \
|
||||
util/ub_event.c util/ub_event_pluggable.c util/winsock_event.c \
|
||||
validator/autotrust.c validator/val_anchor.c validator/validator.c \
|
||||
validator/val_kcache.c validator/val_kentry.c validator/val_neg.c \
|
||||
@ -147,7 +147,7 @@ iter_scrub.lo iter_utils.lo localzone.lo mesh.lo modstack.lo view.lo \
|
||||
outbound_list.lo alloc.lo config_file.lo configlexer.lo configparser.lo \
|
||||
fptr_wlist.lo edns.lo locks.lo log.lo mini_event.lo module.lo net_help.lo \
|
||||
random.lo rbtree.lo regional.lo rtt.lo dnstree.lo lookup3.lo lruhash.lo \
|
||||
slabhash.lo tcp_conn_limit.lo timehist.lo tube.lo winsock_event.lo \
|
||||
slabhash.lo tcp_conn_limit.lo timehist.lo tsig.lo tube.lo winsock_event.lo \
|
||||
autotrust.lo val_anchor.lo rpz.lo proxy_protocol.lo \
|
||||
validator.lo val_kcache.lo val_kentry.lo val_neg.lo val_nsec3.lo val_nsec.lo \
|
||||
val_secalgo.lo val_sigcrypt.lo val_utils.lo dns64.lo $(CACHEDB_OBJ) authzone.lo \
|
||||
@ -700,6 +700,7 @@ depend:
|
||||
|
||||
# build rules
|
||||
ipset.lo ipset.o: $(srcdir)/ipset/ipset.c
|
||||
tsig.lo tsig.o: $(srcdir)/util/tsig.c config.h $(srcdir)/util/tsig.h
|
||||
|
||||
# Dependencies
|
||||
dns.lo dns.o: $(srcdir)/services/cache/dns.c config.h $(srcdir)/iterator/iter_delegpt.h $(srcdir)/util/log.h \
|
||||
|
43
util/tsig.c
Normal file
43
util/tsig.c
Normal file
@ -0,0 +1,43 @@
|
||||
/*
|
||||
* util/tsig.c - handle TSIG signatures.
|
||||
*
|
||||
* Copyright (c) 2023, NLnet Labs. All rights reserved.
|
||||
*
|
||||
* This software is open source.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
*
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
*
|
||||
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* \file
|
||||
*
|
||||
* This file contains functions for dealing with TSIG records and signatures.
|
||||
*/
|
||||
|
||||
#include "config.h"
|
||||
#include "util/tsig.h"
|
118
util/tsig.h
Normal file
118
util/tsig.h
Normal file
@ -0,0 +1,118 @@
|
||||
/*
|
||||
* util/tsig.h - handle TSIG signatures.
|
||||
*
|
||||
* Copyright (c) 2023, NLnet Labs. All rights reserved.
|
||||
*
|
||||
* This software is open source.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* Redistributions of source code must retain the above copyright notice,
|
||||
* this list of conditions and the following disclaimer.
|
||||
*
|
||||
* Redistributions in binary form must reproduce the above copyright notice,
|
||||
* this list of conditions and the following disclaimer in the documentation
|
||||
* and/or other materials provided with the distribution.
|
||||
*
|
||||
* Neither the name of the NLNET LABS nor the names of its contributors may
|
||||
* be used to endorse or promote products derived from this software without
|
||||
* specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
||||
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
||||
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
||||
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
||||
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
||||
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
||||
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
||||
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
||||
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/**
|
||||
* \file
|
||||
*
|
||||
* This file contains functions for dealing with TSIG records and signatures.
|
||||
*/
|
||||
|
||||
#ifndef UTIL_TSIG_H
|
||||
#define UTIL_TSIG_H
|
||||
|
||||
/**
|
||||
* TSIG record, the RR that is in the packet.
|
||||
* The RR Type is TSIG and the RR class is CLASS_ANY. The TTL is 0.
|
||||
*/
|
||||
struct tsig_record {
|
||||
/** domain name of the RR, the key name. */
|
||||
uint8_t* key_name;
|
||||
/** length of the key_name */
|
||||
size_t key_name_len;
|
||||
/** the algorithm name, as a domain name. */
|
||||
uint8_t* algorithm_name;
|
||||
/** length of the algorithm_name */
|
||||
size_t algorithm_name_len;
|
||||
/** the signed time, high part */
|
||||
uint16_t signed_time_high;
|
||||
/** the signed time, low part */
|
||||
uint32_t signed_time_low;
|
||||
/** the fudge time */
|
||||
uint16_t fudge_time;
|
||||
/** the mac size, uint16_t on the wire */
|
||||
size_t mac_size;
|
||||
/** the mac data */
|
||||
uint8_t* mac_data;
|
||||
/** the original query id */
|
||||
uint16_t original_query_id;
|
||||
/** the tsig error code */
|
||||
uint16_t error_code;
|
||||
/** length of the other data, uint16_t on the wire */
|
||||
size_t other_size;
|
||||
/** the other data */
|
||||
uint8_t* other_data;
|
||||
};
|
||||
|
||||
/**
|
||||
* TSIG algorithm. This is the HMAC algorithm used for the TSIG mac.
|
||||
*/
|
||||
struct tsig_algorithm {
|
||||
/** Short name of the algorithm, like "hmac-md5" */
|
||||
char* short_name;
|
||||
/**
|
||||
* Full wireformat name of the algorith, such as
|
||||
* "hmac-md5.sig-alg.reg.int."
|
||||
*/
|
||||
uint8_t* wireformat_name;
|
||||
/** length of the wireformat_name */
|
||||
size_t wireformat_name_len;
|
||||
};
|
||||
|
||||
/**
|
||||
* TSIG key. This is used to sign and verify packets.
|
||||
*/
|
||||
struct tsig_key {
|
||||
/** name of the key as string */
|
||||
char* name_str;
|
||||
/** algorithm string */
|
||||
char* algo_str;
|
||||
/** the algorithm structure */
|
||||
struct tsig_algorithm* algo;
|
||||
/**
|
||||
* Name of the key, in wireformat.
|
||||
* The key name has to be transferred as a domain name, of the TSIG
|
||||
* RR and thus the key name has to be a wireformat domain name.
|
||||
*/
|
||||
uint8_t* name;
|
||||
/** length of name */
|
||||
size_t name_len;
|
||||
/** the data, with the secret portion of the key. decoded from the
|
||||
* base64 string with the secret. */
|
||||
uint8_t* data;
|
||||
/** the size of the data */
|
||||
size_t data_len;
|
||||
};
|
||||
|
||||
#endif /* UTIL_TSIG_H */
|
Loading…
Reference in New Issue
Block a user