mirror of
https://github.com/isc-projects/bind9.git
synced 2026-05-27 20:25:55 -04:00
[9.18] new: dev: Add digest methods for SIG and RRSIG
ZONEMD digests RRSIG records and potentially digests SIG record. Add digests methods for both record types. Closes #5219 Backport of MR !10217 Merge branch 'backport-5219-add-digest-methods-for-sig-and-rrsig-9.18' into 'bind-9.18' See merge request isc-projects/bind9!10219
This commit is contained in:
Mark Andrews
commit
7f4023fe7d
2 changed files with 76 additions and 49 deletions
|
|
@ -361,6 +361,9 @@ static int
|
|||
compare_rrsig(ARGS_COMPARE) {
|
||||
isc_region_t r1;
|
||||
isc_region_t r2;
|
||||
dns_name_t name1;
|
||||
dns_name_t name2;
|
||||
int order;
|
||||
|
||||
REQUIRE(rdata1->type == rdata2->type);
|
||||
REQUIRE(rdata1->rdclass == rdata2->rdclass);
|
||||
|
|
@ -370,6 +373,32 @@ compare_rrsig(ARGS_COMPARE) {
|
|||
|
||||
dns_rdata_toregion(rdata1, &r1);
|
||||
dns_rdata_toregion(rdata2, &r2);
|
||||
|
||||
INSIST(r1.length > 18);
|
||||
INSIST(r2.length > 18);
|
||||
r1.length = 18;
|
||||
r2.length = 18;
|
||||
order = isc_region_compare(&r1, &r2);
|
||||
if (order != 0) {
|
||||
return order;
|
||||
}
|
||||
|
||||
dns_name_init(&name1, NULL);
|
||||
dns_name_init(&name2, NULL);
|
||||
dns_rdata_toregion(rdata1, &r1);
|
||||
dns_rdata_toregion(rdata2, &r2);
|
||||
isc_region_consume(&r1, 18);
|
||||
isc_region_consume(&r2, 18);
|
||||
dns_name_fromregion(&name1, &r1);
|
||||
dns_name_fromregion(&name2, &r2);
|
||||
order = dns_name_rdatacompare(&name1, &name2);
|
||||
if (order != 0) {
|
||||
return order;
|
||||
}
|
||||
|
||||
isc_region_consume(&r1, name_length(&name1));
|
||||
isc_region_consume(&r2, name_length(&name2));
|
||||
|
||||
return isc_region_compare(&r1, &r2);
|
||||
}
|
||||
|
||||
|
|
@ -547,13 +576,32 @@ additionaldata_rrsig(ARGS_ADDLDATA) {
|
|||
|
||||
static isc_result_t
|
||||
digest_rrsig(ARGS_DIGEST) {
|
||||
isc_region_t r1, r2;
|
||||
dns_name_t name;
|
||||
|
||||
REQUIRE(rdata->type == dns_rdatatype_rrsig);
|
||||
|
||||
UNUSED(rdata);
|
||||
UNUSED(digest);
|
||||
UNUSED(arg);
|
||||
dns_rdata_toregion(rdata, &r1);
|
||||
r2 = r1;
|
||||
|
||||
return ISC_R_NOTIMPLEMENTED;
|
||||
/*
|
||||
* Type covered (2) + Algorithm (1) +
|
||||
* Labels (1) + Original TTL (4) +
|
||||
* Expire time (4) + Time signed (4) +
|
||||
* Key ID (2).
|
||||
*/
|
||||
isc_region_consume(&r2, 18);
|
||||
r1.length = 18;
|
||||
RETERR((digest)(arg, &r1));
|
||||
|
||||
/* Signer */
|
||||
dns_name_init(&name, NULL);
|
||||
dns_name_fromregion(&name, &r2);
|
||||
RETERR(dns_name_digest(&name, digest, arg));
|
||||
isc_region_consume(&r2, name_length(&name));
|
||||
|
||||
/* Signature */
|
||||
return (digest)(arg, &r2);
|
||||
}
|
||||
|
||||
static dns_rdatatype_t
|
||||
|
|
@ -594,47 +642,7 @@ checknames_rrsig(ARGS_CHECKNAMES) {
|
|||
|
||||
static int
|
||||
casecompare_rrsig(ARGS_COMPARE) {
|
||||
isc_region_t r1;
|
||||
isc_region_t r2;
|
||||
dns_name_t name1;
|
||||
dns_name_t name2;
|
||||
int order;
|
||||
|
||||
REQUIRE(rdata1->type == rdata2->type);
|
||||
REQUIRE(rdata1->rdclass == rdata2->rdclass);
|
||||
REQUIRE(rdata1->type == dns_rdatatype_rrsig);
|
||||
REQUIRE(rdata1->length != 0);
|
||||
REQUIRE(rdata2->length != 0);
|
||||
|
||||
dns_rdata_toregion(rdata1, &r1);
|
||||
dns_rdata_toregion(rdata2, &r2);
|
||||
|
||||
INSIST(r1.length > 18);
|
||||
INSIST(r2.length > 18);
|
||||
r1.length = 18;
|
||||
r2.length = 18;
|
||||
order = isc_region_compare(&r1, &r2);
|
||||
if (order != 0) {
|
||||
return order;
|
||||
}
|
||||
|
||||
dns_name_init(&name1, NULL);
|
||||
dns_name_init(&name2, NULL);
|
||||
dns_rdata_toregion(rdata1, &r1);
|
||||
dns_rdata_toregion(rdata2, &r2);
|
||||
isc_region_consume(&r1, 18);
|
||||
isc_region_consume(&r2, 18);
|
||||
dns_name_fromregion(&name1, &r1);
|
||||
dns_name_fromregion(&name2, &r2);
|
||||
order = dns_name_rdatacompare(&name1, &name2);
|
||||
if (order != 0) {
|
||||
return order;
|
||||
}
|
||||
|
||||
isc_region_consume(&r1, name_length(&name1));
|
||||
isc_region_consume(&r2, name_length(&name2));
|
||||
|
||||
return isc_region_compare(&r1, &r2);
|
||||
return compare_rrsig(rdata1, rdata2);
|
||||
}
|
||||
|
||||
#endif /* RDATA_GENERIC_RRSIG_46_C */
|
||||
|
|
|
|||
|
|
@ -539,13 +539,32 @@ additionaldata_sig(ARGS_ADDLDATA) {
|
|||
|
||||
static isc_result_t
|
||||
digest_sig(ARGS_DIGEST) {
|
||||
isc_region_t r1, r2;
|
||||
dns_name_t name;
|
||||
|
||||
REQUIRE(rdata->type == dns_rdatatype_sig);
|
||||
|
||||
UNUSED(rdata);
|
||||
UNUSED(digest);
|
||||
UNUSED(arg);
|
||||
dns_rdata_toregion(rdata, &r1);
|
||||
r2 = r1;
|
||||
|
||||
return ISC_R_NOTIMPLEMENTED;
|
||||
/*
|
||||
* Type covered (2) + Algorithm (1) +
|
||||
* Labels (1) + Original TTL (4) +
|
||||
* Expire time (4) + Time signed (4) +
|
||||
* Key ID (2).
|
||||
*/
|
||||
isc_region_consume(&r2, 18);
|
||||
r1.length = 18;
|
||||
RETERR((digest)(arg, &r1));
|
||||
|
||||
/* Signer */
|
||||
dns_name_init(&name, NULL);
|
||||
dns_name_fromregion(&name, &r2);
|
||||
RETERR(dns_name_digest(&name, digest, arg));
|
||||
isc_region_consume(&r2, name_length(&name));
|
||||
|
||||
/* Signature */
|
||||
return (digest)(arg, &r2);
|
||||
}
|
||||
|
||||
static dns_rdatatype_t
|
||||
|
|
|
|||
Loading…
Reference in a new issue