3313. [protocol] Add TLSA record type. [RT #28989]

2012-04-26 12:22:49 +10:00
parent f2338476c8
commit 393fd55d91
8 changed files with 356 additions and 4 deletions
--- a/2
+++ b/2
@@ -1,3 +1,5 @@
+3313.	[protocol]	Add TLSA record type. [RT #28989]
+
 3312.	[bug]		named-checkconf didn't detect a bad dns64 clients acl.
 			[RT #27631]

--- a/bin/tests/system/genzone.sh
+++ b/bin/tests/system/genzone.sh
@@ -270,6 +270,11 @@ hip2			HIP	( 2 200100107B1A74DF365639CC39F1D578
                                AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQb1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D
 				rvs.example.com. )

+tlsa			TLSA	( 1 1 2 92003ba34942dc74152e2f2c408d29ec
+				a5a520e7f2e06bb944f4dca346baf63c
+				1b177615d466f6c4b71c216a50292bd5
+				8c9ebdd2f74e38fe51ffd48c43326cbc )
+
 ; type 255
 ; TSIG is a meta-type and should never occur in master files.

--- a/bin/tests/system/xfer/dig1.good
+++ b/bin/tests/system/xfer/dig1.good
@@ -63,6 +63,7 @@ rt02.example.		3600	IN	RT	65535 .
 rrsig01.example.		3600	IN	RRSIG	NSEC 1 3 3600 20000102030405 19961211100908 2143 foo.nil. MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
 srv01.example.		3600	IN	SRV	0 0 0 .
 srv02.example.		3600	IN	SRV	65535 65535 65535 old-slow-box.example.
+tlsa.example.		3600	IN	TLSA	1 1 2 92003BA34942DC74152E2F2C408D29ECA5A520E7F2E06BB944F4DCA3 46BAF63C1B177615D466F6C4B71C216A50292BD58C9EBDD2F74E38FE 51FFD48C43326CBC
 txt01.example.		3600	IN	TXT	"foo"
 txt02.example.		3600	IN	TXT	"foo" "bar"
 txt03.example.		3600	IN	TXT	"foo"
--- a/bin/tests/system/xfer/dig2.good
+++ b/bin/tests/system/xfer/dig2.good
@@ -63,6 +63,7 @@ rt02.example.		3600	IN	RT	65535 .
 rrsig01.example.	3600	IN	RRSIG	NSEC 1 3 3600 20000102030405 19961211100908 2143 foo.nil. MxFcby9k/yvedMfQgKzhH5er0Mu/vILz45IkskceFGgiWCn/GxHhai6V AuHAoNUz4YoU1tVfSCSqQYn6//11U6Nld80jEeC8aTrO+KKmCaY=
 srv01.example.		3600	IN	SRV	0 0 0 .
 srv02.example.		3600	IN	SRV	65535 65535 65535 old-slow-box.example.
+tlsa.example.		3600	IN	TLSA	1 1 2 92003BA34942DC74152E2F2C408D29ECA5A520E7F2E06BB944F4DCA3 46BAF63C1B177615D466F6C4B71C216A50292BD58C9EBDD2F74E38FE 51FFD48C43326CBC
 txt01.example.		3600	IN	TXT	"foo"
 txt02.example.		3600	IN	TXT	"foo" "bar"
 txt03.example.		3600	IN	TXT	"foo"
--- a/doc/draft/draft-ietf-dane-protocol-19.txt
+++ b/doc/draft/draft-ietf-dane-protocol-19.txt
@@ -0,0 +1,7 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+<html><head>
+<title>302 Found</title>
+</head><body>
+<h1>Found</h1>
+<p>The document has moved <a href="http://www.ietf.org/id/draft-ietf-dane-protocol-19.txt">here</a>.</p>
+</body></html>
--- a/doc/draft/update
+++ b/doc/draft/update
@@ -1,5 +1,15 @@
 #!/bin/sh
 commit=
+if type fetch >/dev/null 2>&1
+then
+	fetch=fetch
+elif type curl >/dev/null 2>&1
+then
+	fetch="curl -O"
+else
+	exit 1
+fi
+
 for i
 do
 	z=`expr "$i" : 'http://www.ietf.org/internet-drafts/\(.*\)'`
@@ -28,13 +38,13 @@ do
 			continue;
 		fi
 	fi
-	if fetch "http://www.ietf.org/internet-drafts/$i" 
+	if $fetch "http://www.ietf.org/internet-drafts/$i" 
 	then
-		cvs add "$i" 
+		git add "$i" 
 		if test "X$old" != "X$pat"
 		then
 			rm $old
-			cvs delete $old
+			git rm $old
 			commit="$commit $old"
 		fi
 		commit="$commit $i"
@@ -42,5 +52,6 @@ do
 done
 if test -n "$commit"
 then
-	cvs commit -m "new draft" $commit
+	git commit -m "new draft"
+	git push
 fi
--- a/lib/dns/rdata/generic/tlsa_52.c
+++ b/lib/dns/rdata/generic/tlsa_52.c
@@ -0,0 +1,290 @@
+/*
+ * Copyright (C) 2012  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+/* draft-ietf-dane-protocol-19.txt */
+
+#ifndef RDATA_GENERIC_TLSA_52_C
+#define RDATA_GENERIC_TLSA_52_C
+
+#define RRTYPE_TLSA_ATTRIBUTES 0
+
+static inline isc_result_t
+fromtext_tlsa(ARGS_FROMTEXT) {
+	isc_token_t token;
+
+	REQUIRE(type == 52);
+
+	UNUSED(type);
+	UNUSED(rdclass);
+	UNUSED(origin);
+	UNUSED(options);
+	UNUSED(callbacks);
+
+	/*
+	 * Certificate Usage.
+	 */
+	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+				      ISC_FALSE));
+	if (token.value.as_ulong > 0xffU)
+		RETTOK(ISC_R_RANGE);
+	RETERR(uint8_tobuffer(token.value.as_ulong, target));
+
+	/*
+	 * Selector.
+	 */
+	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+				      ISC_FALSE));
+	if (token.value.as_ulong > 0xffU)
+		RETTOK(ISC_R_RANGE);
+	RETERR(uint8_tobuffer(token.value.as_ulong, target));
+
+	/*
+	 * Matching type.
+	 */
+	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+				      ISC_FALSE));
+	if (token.value.as_ulong > 0xffU)
+		RETTOK(ISC_R_RANGE);
+	RETERR(uint8_tobuffer(token.value.as_ulong, target));
+
+	/*
+	 * Certificate Association Data.
+	 */
+	return (isc_hex_tobuffer(lexer, target, -1));
+}
+
+static inline isc_result_t
+totext_tlsa(ARGS_TOTEXT) {
+	isc_region_t sr;
+	char buf[sizeof("64000 ")];
+	unsigned int n;
+
+	REQUIRE(rdata->type == 52);
+	REQUIRE(rdata->length != 0);
+
+	UNUSED(tctx);
+
+	dns_rdata_toregion(rdata, &sr);
+
+	/*
+	 * Certificate Usage.
+	 */
+	n = uint8_fromregion(&sr);
+	isc_region_consume(&sr, 1);
+	sprintf(buf, "%u ", n);
+	RETERR(str_totext(buf, target));
+
+	/*
+	 * Selector.
+	 */
+	n = uint8_fromregion(&sr);
+	isc_region_consume(&sr, 1);
+	sprintf(buf, "%u ", n);
+	RETERR(str_totext(buf, target));
+
+	/*
+	 * Matching type.
+	 */
+	n = uint8_fromregion(&sr);
+	isc_region_consume(&sr, 1);
+	sprintf(buf, "%u", n);
+	RETERR(str_totext(buf, target));
+
+	/*
+	 * Certificate Association Data.
+	 */
+	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
+		RETERR(str_totext(" (", target));
+	RETERR(str_totext(tctx->linebreak, target));
+	if (tctx->width == 0) /* No splitting */
+		RETERR(isc_hex_totext(&sr, 0, "", target));
+	else
+		RETERR(isc_hex_totext(&sr, tctx->width - 2,
+				      tctx->linebreak, target));
+	if ((tctx->flags & DNS_STYLEFLAG_MULTILINE) != 0)
+		RETERR(str_totext(" )", target));
+	return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+fromwire_tlsa(ARGS_FROMWIRE) {
+	isc_region_t sr;
+
+	REQUIRE(type == 52);
+
+	UNUSED(type);
+	UNUSED(rdclass);
+	UNUSED(dctx);
+	UNUSED(options);
+
+	isc_buffer_activeregion(source, &sr);
+
+	if (sr.length < 3)
+		return (ISC_R_UNEXPECTEDEND);
+
+	isc_buffer_forward(source, sr.length);
+	return (mem_tobuffer(target, sr.base, sr.length));
+}
+
+static inline isc_result_t
+towire_tlsa(ARGS_TOWIRE) {
+	isc_region_t sr;
+
+	REQUIRE(rdata->type == 52);
+	REQUIRE(rdata->length != 0);
+
+	UNUSED(cctx);
+
+	dns_rdata_toregion(rdata, &sr);
+	return (mem_tobuffer(target, sr.base, sr.length));
+}
+
+static inline int
+compare_tlsa(ARGS_COMPARE) {
+	isc_region_t r1;
+	isc_region_t r2;
+
+	REQUIRE(rdata1->type == rdata2->type);
+	REQUIRE(rdata1->rdclass == rdata2->rdclass);
+	REQUIRE(rdata1->type == 52);
+	REQUIRE(rdata1->length != 0);
+	REQUIRE(rdata2->length != 0);
+
+	dns_rdata_toregion(rdata1, &r1);
+	dns_rdata_toregion(rdata2, &r2);
+	return (isc_region_compare(&r1, &r2));
+}
+
+static inline isc_result_t
+fromstruct_tlsa(ARGS_FROMSTRUCT) {
+	dns_rdata_tlsa_t *tlsa = source;
+
+	REQUIRE(type == 52);
+	REQUIRE(source != NULL);
+	REQUIRE(tlsa->common.rdtype == type);
+	REQUIRE(tlsa->common.rdclass == rdclass);
+
+	UNUSED(type);
+	UNUSED(rdclass);
+
+	RETERR(uint8_tobuffer(tlsa->usage, target));
+	RETERR(uint8_tobuffer(tlsa->selector, target));
+	RETERR(uint8_tobuffer(tlsa->match, target));
+
+	return (mem_tobuffer(target, tlsa->data, tlsa->length));
+}
+
+static inline isc_result_t
+tostruct_tlsa(ARGS_TOSTRUCT) {
+	dns_rdata_tlsa_t *tlsa = target;
+	isc_region_t region;
+
+	REQUIRE(rdata->type == 52);
+	REQUIRE(target != NULL);
+	REQUIRE(rdata->length != 0);
+
+	tlsa->common.rdclass = rdata->rdclass;
+	tlsa->common.rdtype = rdata->type;
+	ISC_LINK_INIT(&tlsa->common, link);
+
+	dns_rdata_toregion(rdata, &region);
+
+	tlsa->usage = uint8_fromregion(&region);
+	isc_region_consume(&region, 1);
+	tlsa->selector = uint8_fromregion(&region);
+	isc_region_consume(&region, 1);
+	tlsa->match = uint8_fromregion(&region);
+	isc_region_consume(&region, 1);
+	tlsa->length = region.length;
+
+	tlsa->data = mem_maybedup(mctx, region.base, region.length);
+	if (tlsa->data == NULL)
+		return (ISC_R_NOMEMORY);
+
+	tlsa->mctx = mctx;
+	return (ISC_R_SUCCESS);
+}
+
+static inline void
+freestruct_tlsa(ARGS_FREESTRUCT) {
+	dns_rdata_tlsa_t *tlsa = source;
+
+	REQUIRE(tlsa != NULL);
+	REQUIRE(tlsa->common.rdtype == 52);
+
+	if (tlsa->mctx == NULL)
+		return;
+
+	if (tlsa->data != NULL)
+		isc_mem_free(tlsa->mctx, tlsa->data);
+	tlsa->mctx = NULL;
+}
+
+static inline isc_result_t
+additionaldata_tlsa(ARGS_ADDLDATA) {
+	REQUIRE(rdata->type == 52);
+
+	UNUSED(rdata);
+	UNUSED(add);
+	UNUSED(arg);
+
+	return (ISC_R_SUCCESS);
+}
+
+static inline isc_result_t
+digest_tlsa(ARGS_DIGEST) {
+	isc_region_t r;
+
+	REQUIRE(rdata->type == 52);
+
+	dns_rdata_toregion(rdata, &r);
+
+	return ((digest)(arg, &r));
+}
+
+static inline isc_boolean_t
+checkowner_tlsa(ARGS_CHECKOWNER) {
+
+	REQUIRE(type == 52);
+
+	UNUSED(name);
+	UNUSED(type);
+	UNUSED(rdclass);
+	UNUSED(wildcard);
+
+	return (ISC_TRUE);
+}
+
+static inline isc_boolean_t
+checknames_tlsa(ARGS_CHECKNAMES) {
+
+	REQUIRE(rdata->type == 52);
+
+	UNUSED(rdata);
+	UNUSED(owner);
+	UNUSED(bad);
+
+	return (ISC_TRUE);
+}
+
+static inline int
+casecompare_tlsa(ARGS_COMPARE) {
+	return (compare_tlsa(rdata1, rdata2));
+}
+
+#endif	/* RDATA_GENERIC_TLSA_52_C */
--- a/lib/dns/rdata/generic/tlsa_52.h
+++ b/lib/dns/rdata/generic/tlsa_52.h
@@ -0,0 +1,35 @@
+/*
+ * Copyright (C) 2012  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id$ */
+
+#ifndef GENERIC_TLSA_52_H
+#define GENERIC_TLSA_52_H 1
+
+/*!
+ *  \brief per draft-ietf-dane-protocol-19.txt
+ */
+typedef struct dns_rdata_tlsa {
+	dns_rdatacommon_t	common;
+	isc_mem_t		*mctx;
+	isc_uint8_t		usage;
+	isc_uint8_t		selector;
+	isc_uint8_t		match;
+	isc_uint16_t		length;
+	unsigned char		*data;
+} dns_rdata_tlsa_t;
+
+#endif /* GENERIC_TLSA_52_H */