diff --git a/bin/tests/system/genzone.sh b/bin/tests/system/genzone.sh index 22767736eb..fa34db2065 100644 --- a/bin/tests/system/genzone.sh +++ b/bin/tests/system/genzone.sh @@ -368,7 +368,14 @@ openpgpkey OPENPGPKEY ( AQMFD5raczCJHViKtLYhWGz8hMY csync01 CSYNC 0 0 A NS AAAA csync02 CSYNC 0 0 -; type 63 -- 98 (unassigned) +;type 63 +zonemd01 ZONEMD 2019020700 1 0 ( + C220B8A6ED5728A971902F7E3D4FD93A + DEEA88B0453C2E8E8C863D465AB06CF3 + 4EB95B266398C98B59124FA239CB7EEB + ) + +; type 64 -- 98 (unassigned) ; type 99 spf01 SPF "v=spf1 -all" diff --git a/bin/tests/system/rrchecker/typelist.good b/bin/tests/system/rrchecker/typelist.good index 9f95412b3f..1d395c92f2 100644 --- a/bin/tests/system/rrchecker/typelist.good +++ b/bin/tests/system/rrchecker/typelist.good @@ -58,6 +58,7 @@ CDS CDNSKEY OPENPGPKEY CSYNC +ZONEMD SPF UINFO UID diff --git a/bin/tests/system/xfer/dig1.good b/bin/tests/system/xfer/dig1.good index 7e7974b0cf..ececd53144 100644 --- a/bin/tests/system/xfer/dig1.good +++ b/bin/tests/system/xfer/dig1.good @@ -165,6 +165,7 @@ wks01.example. 3600 IN WKS 10.0.0.1 6 0 1 2 21 23 wks02.example. 3600 IN WKS 10.0.0.1 17 0 1 2 53 wks03.example. 3600 IN WKS 10.0.0.2 6 65535 x2501.example. 3600 IN X25 "123456789" +zonemd01.example. 3600 IN ZONEMD 2019020700 1 0 C220B8A6ED5728A971902F7E3D4FD93ADEEA88B0453C2E8E8C863D46 5AB06CF34EB95B266398C98B59124FA239CB7EEB 8f1tmio9avcom2k0frp92lgcumak0cad.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C 8FPNS2UCT7FBS643THP2B77PEQ77K6IU A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM kcd3juae64f9c5csl1kif1htaui7un0g.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C KD5MN2M20340DGO0BL7NTSB8JP4BSC7E mr5ukvsk1l37btu4q7b1dfevft4hkqdk.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C MT38J6VG7S0SN5G17MCUF6IQIKFUAJ05 A AAAA RRSIG diff --git a/bin/tests/system/xfer/dig2.good b/bin/tests/system/xfer/dig2.good index 54bce9855c..88791d1bf5 100644 --- a/bin/tests/system/xfer/dig2.good +++ b/bin/tests/system/xfer/dig2.good @@ -165,6 +165,7 @@ wks01.example. 3600 IN WKS 10.0.0.1 6 0 1 2 21 23 wks02.example. 3600 IN WKS 10.0.0.1 17 0 1 2 53 wks03.example. 3600 IN WKS 10.0.0.2 6 65535 x2501.example. 3600 IN X25 "123456789" +zonemd01.example. 3600 IN ZONEMD 2019020700 1 0 C220B8A6ED5728A971902F7E3D4FD93ADEEA88B0453C2E8E8C863D46 5AB06CF34EB95B266398C98B59124FA239CB7EEB 8f1tmio9avcom2k0frp92lgcumak0cad.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C 8FPNS2UCT7FBS643THP2B77PEQ77K6IU A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM kcd3juae64f9c5csl1kif1htaui7un0g.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C KD5MN2M20340DGO0BL7NTSB8JP4BSC7E mr5ukvsk1l37btu4q7b1dfevft4hkqdk.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C MT38J6VG7S0SN5G17MCUF6IQIKFUAJ05 A AAAA RRSIG diff --git a/lib/dns/rdata/generic/zonemd_63.c b/lib/dns/rdata/generic/zonemd_63.c new file mode 100644 index 0000000000..8148593a85 --- /dev/null +++ b/lib/dns/rdata/generic/zonemd_63.c @@ -0,0 +1,313 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +/* draft-wessels-zone-digest-05 */ + +#ifndef RDATA_GENERIC_ZONEMD_63_C +#define RDATA_GENERIC_ZONEMD_63_C + +#define RRTYPE_ZONEMD_ATTRIBUTES 0 + +static inline isc_result_t +fromtext_zonemd(ARGS_FROMTEXT) { + isc_token_t token; + int digest_type, length; + + UNUSED(type); + UNUSED(rdclass); + UNUSED(origin); + UNUSED(options); + UNUSED(callbacks); + + /* + * Serial. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + false)); + RETERR(uint32_tobuffer(token.value.as_ulong, target)); + + /* + * Digest type. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + false)); + digest_type = token.value.as_ulong; + RETERR(uint8_tobuffer(digest_type, target)); + + /* + * Reserved. + */ + RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number, + false)); + RETERR(uint8_tobuffer(token.value.as_ulong, target)); + + /* + * Digest. + */ + switch (digest_type) { + case DNS_ZONEMD_DIGEST_SHA384: + length = ISC_SHA384_DIGESTLENGTH; + break; + default: + length = -2; + break; + } + + return (isc_hex_tobuffer(lexer, target, length)); +} + +static inline isc_result_t +totext_zonemd(ARGS_TOTEXT) { + isc_region_t sr; + char buf[sizeof("0123456789")]; + unsigned long num; + + REQUIRE(rdata->length != 0); + + UNUSED(tctx); + + dns_rdata_toregion(rdata, &sr); + + /* + * Serial. + */ + num = uint32_fromregion(&sr); + isc_region_consume(&sr, 4); + snprintf(buf, sizeof(buf), "%lu", num); + RETERR(str_totext(buf, target)); + + RETERR(str_totext(" ", target)); + + /* + * Digest type. + */ + num = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + snprintf(buf, sizeof(buf), "%lu", num); + RETERR(str_totext(buf, target)); + + RETERR(str_totext(" ", target)); + /* + * Reserved. + */ + num = uint8_fromregion(&sr); + isc_region_consume(&sr, 1); + snprintf(buf, sizeof(buf), "%lu", num); + RETERR(str_totext(buf, target)); + + /* + * Digest. + */ + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) + RETERR(str_totext(" (", target)); + RETERR(str_totext(tctx->linebreak, target)); + if ((tctx->flags & DNS_STYLEFLAG_NOCRYPTO) == 0) { + if (tctx->width == 0) /* No splitting */ + RETERR(isc_hex_totext(&sr, 0, "", target)); + else + RETERR(isc_hex_totext(&sr, tctx->width - 2, + tctx->linebreak, target)); + } else { + RETERR(str_totext("[omitted]", target)); + } + if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0) { + RETERR(str_totext(" )", target)); + } + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +fromwire_zonemd(ARGS_FROMWIRE) { + isc_region_t sr; + + UNUSED(type); + UNUSED(rdclass); + UNUSED(dctx); + UNUSED(options); + + isc_buffer_activeregion(source, &sr); + + /* + * Check digest lengths if we know them. + */ + if (sr.length < 6 || + (sr.base[4] == DNS_ZONEMD_DIGEST_SHA384 && + sr.length < 6 + ISC_SHA384_DIGESTLENGTH)) + { + return (ISC_R_UNEXPECTEDEND); + } + + /* + * Only copy digest lengths if we know them. + * If there is extra data dns_rdata_fromwire() will + * detect that. + */ + if (sr.base[4] == DNS_ZONEMD_DIGEST_SHA384) { + sr.length = 6 + ISC_SHA384_DIGESTLENGTH; + } + + isc_buffer_forward(source, sr.length); + return (mem_tobuffer(target, sr.base, sr.length)); +} + +static inline isc_result_t +towire_zonemd(ARGS_TOWIRE) { + isc_region_t sr; + + REQUIRE(rdata->type == dns_rdatatype_zonemd); + REQUIRE(rdata->length != 0); + + UNUSED(cctx); + + dns_rdata_toregion(rdata, &sr); + return (mem_tobuffer(target, sr.base, sr.length)); +} + +static inline int +compare_zonemd(ARGS_COMPARE) { + isc_region_t r1; + isc_region_t r2; + + REQUIRE(rdata1->type == rdata2->type); + REQUIRE(rdata1->rdclass == rdata2->rdclass); + REQUIRE(rdata1->type == dns_rdatatype_zonemd); + REQUIRE(rdata1->length != 0); + REQUIRE(rdata2->length != 0); + + dns_rdata_toregion(rdata1, &r1); + dns_rdata_toregion(rdata2, &r2); + return (isc_region_compare(&r1, &r2)); +} + +static inline isc_result_t +fromstruct_zonemd(ARGS_FROMSTRUCT) { + dns_rdata_zonemd_t *zonemd = source; + + REQUIRE(source != NULL); + REQUIRE(zonemd->common.rdtype == type); + REQUIRE(zonemd->common.rdclass == rdclass); + + UNUSED(type); + UNUSED(rdclass); + + switch (zonemd->digest_type) { + case DNS_ZONEMD_DIGEST_SHA384: + REQUIRE(zonemd->length == ISC_SHA384_DIGESTLENGTH); + break; + } + + RETERR(uint32_tobuffer(zonemd->serial, target)); + RETERR(uint8_tobuffer(zonemd->digest_type, target)); + RETERR(uint8_tobuffer(zonemd->reserved, target)); + + return (mem_tobuffer(target, zonemd->digest, zonemd->length)); +} + +static inline isc_result_t +tostruct_zonemd(ARGS_TOSTRUCT) { + dns_rdata_zonemd_t *zonemd = target; + isc_region_t region; + + REQUIRE(rdata->type == dns_rdatatype_zonemd); + REQUIRE(target != NULL); + REQUIRE(rdata->length != 0); + + zonemd->common.rdclass = rdata->rdclass; + zonemd->common.rdtype = rdata->type; + ISC_LINK_INIT(&zonemd->common, link); + + dns_rdata_toregion(rdata, ®ion); + + zonemd->serial = uint32_fromregion(®ion); + isc_region_consume(®ion, 4); + zonemd->digest_type = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + zonemd->reserved = uint8_fromregion(®ion); + isc_region_consume(®ion, 1); + zonemd->length = region.length; + + zonemd->digest = mem_maybedup(mctx, region.base, region.length); + if (zonemd->digest == NULL) { + return (ISC_R_NOMEMORY); + } + + zonemd->mctx = mctx; + return (ISC_R_SUCCESS); +} + +static inline void +freestruct_zonemd(ARGS_FREESTRUCT) { + dns_rdata_zonemd_t *zonemd = source; + + REQUIRE(zonemd != NULL); + REQUIRE(zonemd->common.rdtype == dns_rdatatype_zonemd); + + if (zonemd->mctx == NULL) { + return; + } + + if (zonemd->digest != NULL) { + isc_mem_free(zonemd->mctx, zonemd->digest); + } + zonemd->mctx = NULL; +} + +static inline isc_result_t +additionaldata_zonemd(ARGS_ADDLDATA) { + REQUIRE(rdata->type == dns_rdatatype_zonemd); + + UNUSED(rdata); + UNUSED(add); + UNUSED(arg); + + return (ISC_R_SUCCESS); +} + +static inline isc_result_t +digest_zonemd(ARGS_DIGEST) { + isc_region_t r; + + REQUIRE(rdata->type == dns_rdatatype_zonemd); + + dns_rdata_toregion(rdata, &r); + + return ((digest)(arg, &r)); +} + +static inline bool +checkowner_zonemd(ARGS_CHECKOWNER) { + REQUIRE(type == dns_rdatatype_zonemd); + + UNUSED(name); + UNUSED(type); + UNUSED(rdclass); + UNUSED(wildcard); + + return (true); +} + +static inline bool +checknames_zonemd(ARGS_CHECKNAMES) { + REQUIRE(rdata->type == dns_rdatatype_zonemd); + + UNUSED(rdata); + UNUSED(owner); + UNUSED(bad); + + return (true); +} + +static inline int +casecompare_zonemd(ARGS_COMPARE) { + return (compare_zonemd(rdata1, rdata2)); +} + +#endif /* RDATA_GENERIC_ZONEMD_63_C */ diff --git a/lib/dns/rdata/generic/zonemd_63.h b/lib/dns/rdata/generic/zonemd_63.h new file mode 100644 index 0000000000..4eb6c614f5 --- /dev/null +++ b/lib/dns/rdata/generic/zonemd_63.h @@ -0,0 +1,31 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +#ifndef GENERIC_ZONEMD_63_H +#define GENERIC_ZONEMD_63_H 1 + +/* Digest type(s). Currently only SHA-384 is defined. */ +#define DNS_ZONEMD_DIGEST_SHA384 (1) + +/* + * \brief per draft-wessels-zone-digest-05 + */ +typedef struct dns_rdata_zonemd { + dns_rdatacommon_t common; + isc_mem_t *mctx; + uint32_t serial; + uint8_t digest_type; + uint8_t reserved; + unsigned char *digest; + uint16_t length; +} dns_rdata_zonemd_t; + +#endif /* GENERIC_ZONEMD_63_H */ diff --git a/lib/dns/tests/rdata_test.c b/lib/dns/tests/rdata_test.c index 15a52776a4..2a8e5dd4c7 100644 --- a/lib/dns/tests/rdata_test.c +++ b/lib/dns/tests/rdata_test.c @@ -1593,6 +1593,129 @@ wks(void **state) { dns_rdatatype_wks, sizeof(dns_rdata_in_wks_t)); } +/* + * ZONEMD tests. + * + * Excerpted from draft-wessels-dns-zone-digest: + * + * The ZONEMD RDATA wire format is encoded as follows: + * + * 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Serial | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Digest Type | Reserved | | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | + * | Digest | + * / / + * / / + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * + * 2.1.1. The Serial Field + * + * The Serial field is a 32-bit unsigned integer in network order. It + * is equal to the serial number from the zone's SOA record + * + * 2.1.2. The Digest Type Field + * + * The Digest Type field is an 8-bit unsigned integer that identifies + * the algorithm used to construct the digest. + * + * At the time of this writing, SHA384, with value 1, is the only Digest + * Type defined for ZONEMD records. + * + * 2.1.3. The Reserved Field + * + * The Reserved field is an 8-bit unsigned integer, which is always set + * to zero. + * + * 2.1.4. The Digest Field + * + * The Digest field is a variable-length sequence of octets containing + * the message digest. + */ + +static void +zonemd(void **state) { + text_ok_t text_ok[] = { + TEXT_INVALID(""), + TEXT_INVALID("0"), + TEXT_INVALID("0 0"), + TEXT_INVALID("0 0 0"), + TEXT_INVALID("99999999 0 0"), + TEXT_INVALID("2019020700 0 0 "), + TEXT_INVALID("2019020700 1 0 DEADBEEF"), + TEXT_VALID("2019020700 2 0 DEADBEEF"), + TEXT_VALID("2019020700 1 0 7162D2BB75C047A53DE98767C9192BEB" + "14DB01E7E2267135DAF0230A 19BA4A31" + "6AF6BF64AA5C7BAE24B2992850300509"), + TEXT_SENTINEL() + }; + wire_ok_t wire_ok[] = { + /* + * Short. + */ + WIRE_INVALID(0x00), + /* + * Short. + */ + WIRE_INVALID(0x00, 0x00), + /* + * Short. + */ + WIRE_INVALID(0x00, 0x00, 0x00), + /* + * Short. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00), + /* + * Short. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00), + /* + * Serial + type + reserved only - digest type + * undefined, so we accept the missing digest. + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00), + /* + * SHA-384 is defined, so we insist there be a digest. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00), + /* + * Four octets, too short for SHA-384. + */ + WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, + 0xde, 0xad, 0xbe, 0xef), + /* + * Digest type undefined, so accept the short digest. + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0xff, 0x00, + 0xde, 0xad, 0xbe, 0xef), + /* + * 48 octets, valid for SHA-384. + */ + WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, + 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce), + /* + * Sentinel. + */ + WIRE_SENTINEL() + }; + + UNUSED(state); + + check_rdata(text_ok, wire_ok, NULL, false, dns_rdataclass_in, + dns_rdatatype_zonemd, sizeof(dns_rdata_zonemd_t)); +} + static void atcname(void **state) { unsigned int i; @@ -1695,6 +1818,7 @@ main(void) { cmocka_unit_test_setup_teardown(nsec3, _setup, _teardown), cmocka_unit_test_setup_teardown(nxt, _setup, _teardown), cmocka_unit_test_setup_teardown(wks, _setup, _teardown), + cmocka_unit_test_setup_teardown(zonemd, _setup, _teardown), cmocka_unit_test_setup_teardown(atcname, NULL, NULL), cmocka_unit_test_setup_teardown(atparent, NULL, NULL), cmocka_unit_test_setup_teardown(iszonecutauth, NULL, NULL), diff --git a/util/copyrights b/util/copyrights index 9124954a79..9038aa70d4 100644 --- a/util/copyrights +++ b/util/copyrights @@ -1949,6 +1949,8 @@ ./lib/dns/rdata/generic/uri_256.h C 2011,2012,2016,2018,2019 ./lib/dns/rdata/generic/x25_19.c C 1999,2000,2001,2002,2004,2005,2007,2009,2014,2015,2016,2018,2019 ./lib/dns/rdata/generic/x25_19.h C 1999,2000,2001,2004,2005,2007,2016,2018,2019 +./lib/dns/rdata/generic/zonemd_63.c C 2019 +./lib/dns/rdata/generic/zonemd_63.h C 2019 ./lib/dns/rdata/hs_4/a_1.c C 1999,2000,2001,2002,2004,2007,2009,2014,2015,2016,2018,2019 ./lib/dns/rdata/hs_4/a_1.h C 1999,2000,2001,2004,2005,2007,2016,2018,2019 ./lib/dns/rdata/in_1/a6_38.c C 1999,2000,2001,2002,2003,2004,2007,2009,2014,2015,2016,2017,2018,2019