upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-23 23:28:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

3317. [func] Add ECDSA support (RFC 6605). [RT #21918]

Browse source
This commit is contained in:
Mark Andrews 2012-05-02 23:20:17 +10:00
parent c604bc89f3
commit aaaf8d4f48
41 changed files with 1588 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
CHANGES
View file

@ -1,3 +1,5 @@
3317. [func] Add ECDSA support (RFC 6605). [RT #21918]
3316. [tuning] Improved locking performance when recursing.
[RT #28836]

3
acconfig.h
View file

@ -138,6 +138,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if OpenSSL includes DSA support */
#undef HAVE_OPENSSL_DSA
/* Define if OpenSSL includes ECDSA support */
#undef HAVE_OPENSSL_ECDSA
/* Define to the length type used by the socket API (socklen_t, size_t, int). */
#undef ISC_SOCKADDR_LEN_T

2
bin/dnssec/dnssec-dsfromkey.8
View file

@ -55,7 +55,7 @@ Use SHA\-256 as the digest algorithm.
.RS 4
Select the digest algorithm. The value of
\fBalgorithm\fR
must be one of SHA\-1 (SHA1), SHA\-256 (SHA256) or GOST. These values are case insensitive.
must be one of SHA\-1 (SHA1), SHA\-256 (SHA256), GOST or SHA\-384 (SHA384). These values are case insensitive.
.RE
.PP
\-T \fITTL\fR

5
bin/dnssec/dnssec-dsfromkey.c
View file

@ -327,7 +327,7 @@ usage(void) {
fprintf(stderr, " -K <directory>: directory in which to find "
"key file or keyset file\n");
fprintf(stderr, " -a algorithm: digest algorithm "
"(SHA-1, SHA-256 or GOST)\n");
"(SHA-1, SHA-256, GOST or SHA-384)\n");
fprintf(stderr, " -1: use SHA-1\n");
fprintf(stderr, " -2: use SHA-256\n");
fprintf(stderr, " -l: add lookaside zone and print DLV records\n");
@ -450,6 +450,9 @@ main(int argc, char **argv) {
else if (strcasecmp(algname, "GOST") == 0)
dtype = DNS_DSDIGEST_GOST;
#endif
else if (strcasecmp(algname, "SHA384") == 0 ||
strcasecmp(algname, "SHA-384") == 0)
dtype = DNS_DSDIGEST_SHA384;
else
fatal("unknown algorithm %s", algname);
}

3
bin/dnssec/dnssec-dsfromkey.docbook
View file

@ -110,7 +110,8 @@
<para>
Select the digest algorithm. The value of
<option>algorithm</option> must be one of SHA-1 (SHA1),
SHA-256 (SHA256) or GOST. These values are case insensitive.
SHA-256 (SHA256), GOST or SHA-384 (SHA384).
These values are case insensitive.
</para>
</listitem>
</varlistentry>

3
bin/dnssec/dnssec-dsfromkey.html
View file

@ -54,7 +54,8 @@
<dd><p>
Select the digest algorithm. The value of
<code class="option">algorithm</code> must be one of SHA-1 (SHA1),
SHA-256 (SHA256) or GOST. These values are case insensitive.
SHA-256 (SHA256), GOST or SHA-384 (SHA384).
These values are case insensitive.
</p></dd>
<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
<dd><p>

2
bin/dnssec/dnssec-keyfromlabel.8
View file

@ -47,7 +47,7 @@ of the key is specified on the command line. This must match the name of the zon
.RS 4
Selects the cryptographic algorithm. The value of
\fBalgorithm\fR
must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST. These values are case insensitive.
must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 or ECDSAP384SHA384. These values are case insensitive.
.sp
If no algorithm is specified, then RSASHA1 will be used by default, unless the
\fB\-3\fR

6
bin/dnssec/dnssec-keyfromlabel.c
View file

@ -55,7 +55,8 @@ int verbose;
static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 |"
" NSEC3DSA | NSEC3RSASHA1 |"
" RSASHA256 | RSASHA512 | ECCGOST";
" RSASHA256 | RSASHA512 | ECCGOST |"
" ECDSAP256SHA256 | ECDSAP384SHA384";
ISC_PLATFORM_NORETURN_PRE static void
usage(void) ISC_PLATFORM_NORETURN_POST;
@ -378,7 +379,8 @@ main(int argc, char **argv) {
if (use_nsec3 &&
alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512 &&
alg != DST_ALG_ECCGOST) {
alg != DST_ALG_ECCGOST &&
alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384) {
fatal("%s is incompatible with NSEC3; "
"do not use the -3 option", algname);
}

3
bin/dnssec/dnssec-keyfromlabel.docbook
View file

@ -95,7 +95,8 @@
<para>
Selects the cryptographic algorithm. The value of
<option>algorithm</option> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
ECDSAP256SHA256 or ECDSAP384SHA384.
These values are case insensitive.
</para>
<para>

3
bin/dnssec/dnssec-keyfromlabel.html
View file

@ -51,7 +51,8 @@
<p>
Selects the cryptographic algorithm. The value of
<code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
ECDSAP256SHA256 or ECDSAP384SHA384.
These values are case insensitive.
</p>
<p>

6
bin/dnssec/dnssec-keygen.8
View file

@ -48,7 +48,7 @@ of the key is specified on the command line. For DNSSEC keys, this must match th
.RS 4
Selects the cryptographic algorithm. For DNSSEC keys, the value of
\fBalgorithm\fR
must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 or ECDSAP384SHA384. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
.sp
If no algorithm is specified, then RSASHA1 will be used by default, unless the
\fB\-3\fR
@ -63,7 +63,7 @@ Note 2: DH, HMAC\-MD5, and HMAC\-SHA1 through HMAC\-SHA512 automatically set the
.PP
\-b \fIkeysize\fR
.RS 4
Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits.
Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits. Elliptic curve algorithms don't need this parameter.
.sp
The key size does not need to be specified if using a default algorithm. The default key size is 1024 bits for zone signing keys (ZSK's) and 2048 bits for key signing keys (KSK's, generated with
\fB\-f KSK\fR). However, if an algorithm is explicitly specified with the
@ -81,7 +81,7 @@ must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a
.PP
\-3
.RS 4
Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms are NSEC3\-capable.
Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default. Note that RSASHA256, RSASHA512, ECCGOST, ECDSAP256SHA256 and ECDSAP384SHA384 algorithms are NSEC3\-capable.
.RE
.PP
\-C

21
bin/dnssec/dnssec-keygen.c
View file

@ -85,6 +85,7 @@ usage(void) {
fprintf(stderr, " RSA | RSAMD5 | DSA | RSASHA1 | NSEC3RSASHA1"
" | NSEC3DSA |\n");
fprintf(stderr, " RSASHA256 | RSASHA512 | ECCGOST |\n");
fprintf(stderr, " ECDSAP256SHA256 | ECDSAP384SHA384 |\n");
fprintf(stderr, " DH | HMAC-MD5 | HMAC-SHA1 | HMAC-SHA224 | "
"HMAC-SHA256 | \n");
fprintf(stderr, " HMAC-SHA384 | HMAC-SHA512\n");
@ -102,6 +103,8 @@ usage(void) {
fprintf(stderr, " NSEC3DSA:\t[512..1024] and divisible "
"by 64\n");
fprintf(stderr, " ECCGOST:\tignored\n");
fprintf(stderr, " ECDSAP256SHA256:\tignored\n");
fprintf(stderr, " ECDSAP384SHA384:\tignored\n");
fprintf(stderr, " HMAC-MD5:\t[1..512]\n");
fprintf(stderr, " HMAC-SHA1:\t[1..160]\n");
fprintf(stderr, " HMAC-SHA224:\t[1..224]\n");
@ -557,7 +560,8 @@ main(int argc, char **argv) {
if (use_nsec3 &&
alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
alg != DST_ALG_RSASHA256 && alg!= DST_ALG_RSASHA512 &&
alg != DST_ALG_ECCGOST) {
alg != DST_ALG_ECCGOST &&
alg != DST_ALG_ECDSA256 && alg != DST_ALG_ECDSA384) {
fatal("%s is incompatible with NSEC3; "
"do not use the -3 option", algname);
}
@ -587,9 +591,11 @@ main(int argc, char **argv) {
size = 1024;
if (verbose > 0)
fprintf(stderr, "key size not "
"specified; defaulting "
"to %d\n", size);
} else if (alg != DST_ALG_ECCGOST)
"specified; defaulting"
" to %d\n", size);
} else if (alg != DST_ALG_ECCGOST &&
alg != DST_ALG_ECDSA256 &&
alg != DST_ALG_ECDSA384)
fatal("key size not specified (-b option)");
}
@ -718,6 +724,8 @@ main(int argc, char **argv) {
fatal("invalid DSS key size: %d", size);
break;
case DST_ALG_ECCGOST:
case DST_ALG_ECDSA256:
case DST_ALG_ECDSA384:
break;
case DST_ALG_HMACMD5:
options |= DST_TYPE_KEY;
@ -783,7 +791,8 @@ main(int argc, char **argv) {
if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1 ||
alg == DNS_KEYALG_NSEC3RSASHA1 || alg == DNS_KEYALG_RSASHA256 ||
alg == DNS_KEYALG_RSASHA512 || alg == DST_ALG_ECCGOST) &&
alg == DNS_KEYALG_RSASHA512 || alg == DST_ALG_ECCGOST ||
alg == DST_ALG_ECDSA256 || alg == DST_ALG_ECDSA384) &&
rsa_exp != 0)
fatal("specified RSA exponent for a non-RSA key");
@ -857,6 +866,8 @@ main(int argc, char **argv) {
case DNS_KEYALG_DSA:
case DNS_KEYALG_NSEC3DSA:
case DST_ALG_ECCGOST:
case DST_ALG_ECDSA256:
case DST_ALG_ECDSA384:
show_progress = ISC_TRUE;
/* fall through */

9
bin/dnssec/dnssec-keygen.docbook
View file

@ -116,7 +116,8 @@
<para>
Selects the cryptographic algorithm. For DNSSEC keys, the value
of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
ECDSAP256SHA256 or ECDSAP384SHA384.
For TSIG/TKEY, the value must
be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512. These values are
@ -150,7 +151,8 @@
between 512 and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
bits and an exact multiple of 64. HMAC keys must be
between 1 and 512 bits.
between 1 and 512 bits. Elliptic curve algorithms don't need
this parameter.
</para>
<para>
The key size does not need to be specified if using a default
@ -186,7 +188,8 @@
Use an NSEC3-capable algorithm to generate a DNSSEC key.
If this option is used and no algorithm is explicitly
set on the command line, NSEC3RSASHA1 will be used by
default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms
default. Note that RSASHA256, RSASHA512, ECCGOST,
ECDSAP256SHA256 and ECDSAP384SHA384 algorithms
are NSEC3-capable.
</para>
</listitem>

9
bin/dnssec/dnssec-keygen.html
View file

@ -53,7 +53,8 @@
<p>
Selects the cryptographic algorithm. For DNSSEC keys, the value
of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
ECDSAP256SHA256 or ECDSAP384SHA384.
For TSIG/TKEY, the value must
be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512. These values are
@ -84,7 +85,8 @@
between 512 and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
bits and an exact multiple of 64. HMAC keys must be
between 1 and 512 bits.
between 1 and 512 bits. Elliptic curve algorithms don't need
this parameter.
</p>
<p>
The key size does not need to be specified if using a default
@ -111,7 +113,8 @@
Use an NSEC3-capable algorithm to generate a DNSSEC key.
If this option is used and no algorithm is explicitly
set on the command line, NSEC3RSASHA1 will be used by
default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms
default. Note that RSASHA256, RSASHA512, ECCGOST,
ECDSAP256SHA256 and ECDSAP384SHA384 algorithms
are NSEC3-capable.
</p></dd>
<dt><span class="term">-C</span></dt>

25
bin/tests/system/ecdsa/clean.sh Normal file
View file

@ -0,0 +1,25 @@
#!/bin/sh
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id$
rm -f */K* */dsset-* */*.signed */trusted.conf
rm -f ns1/root.db
rm -f ns1/signer.err
rm -f dig.out*
rm -f random.data
rm -f */named.run
rm -f */named.memstats

42
bin/tests/system/ecdsa/ns1/named.conf Normal file
View file

@ -0,0 +1,42 @@
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id$ */
// NS1
controls { /* empty */ };
options {
query-source address 10.53.0.1;
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.1; };
listen-on-v6 { none; };
recursion no;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
zone "." {
type master;
file "root.db.signed";
};
include "trusted.conf";

26
bin/tests/system/ecdsa/ns1/root.db.in Normal file
View file

@ -0,0 +1,26 @@
; Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id$
$TTL 300
. IN SOA fdupont.isc.org. a.root.servers.nil. (
2012040600 ; serial
600 ; refresh
600 ; retry
1200 ; expire
600 ; minimum
)
. NS a.root-servers.nil.
a.root-servers.nil. A 10.53.0.1

47
bin/tests/system/ecdsa/ns1/sign.sh Normal file
View file

@ -0,0 +1,47 @@
#!/bin/sh -e
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id$
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
RANDFILE=../random.data
zone=.
infile=root.db.in
zonefile=root.db
key1=`$KEYGEN -q -r $RANDFILE -a ECDSAP256SHA256 -n zone $zone`
key2=`$KEYGEN -q -r $RANDFILE -a ECDSAP384SHA384 -n zone -f KSK $zone`
$DSFROMKEY -a sha-384 $key2.key > dsset-384
cat $infile $key1.key $key2.key > $zonefile
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
# Configure the resolving server with a trusted key.
cat $key1.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
trusted-keys {
"$dn" $flags $proto $alg "$key";
};
EOF
' > trusted.conf
cp trusted.conf ../ns2/trusted.conf

42
bin/tests/system/ecdsa/ns2/named.conf Normal file
View file

@ -0,0 +1,42 @@
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id$ */
// NS2
controls { /* empty */ };
options {
query-source address 10.53.0.2;
notify-source 10.53.0.2;
transfer-source 10.53.0.2;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
recursion yes;
notify yes;
dnssec-enable yes;
dnssec-validation yes;
};
zone "." {
type hint;
file "../../common/root.hint";
};
include "trusted.conf";

24
bin/tests/system/ecdsa/prereq.sh.in Normal file
View file

@ -0,0 +1,24 @@
#!/bin/sh -e
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id$
OPENSSL_ECDSA="@OPENSSL_ECDSA@"
if test -z "$OPENSSL_ECDSA"
then
echo "I:This test requires a openssl version with ecdsa support." >&2
exit 255
fi

21
bin/tests/system/ecdsa/setup.sh Normal file
View file

@ -0,0 +1,21 @@
#!/bin/sh -e
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id$
../../../tools/genrandom 400 random.data
cd ns1 && sh sign.sh

42
bin/tests/system/ecdsa/tests.sh Normal file
View file

@ -0,0 +1,42 @@
#!/bin/sh
#
# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id$
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
status=0
n=0
rm -f dig.out.*
DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
# Check the example. domain
echo "I:checking that positive validation works works ($n)"
ret=0
$DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1
$DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status"
exit $status

1
bin/tests/system/gost/clean.sh
View file

@ -18,6 +18,7 @@
rm -f */K* */dsset-* */*.signed */trusted.conf
rm -f ns1/root.db
rm -f ns1/signer.err
rm -f dig.out*
rm -f random.data
rm -f */named.run

2
bin/tests/system/gost/ns1/sign.sh
View file

@ -31,7 +31,7 @@ $DSFROMKEY -a gost $key2.key > dsset-gost
cat $infile $key1.key $key2.key > $zonefile
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err
# Configure the resolving server with a trusted key.

8
config.h.in
View file

@ -16,7 +16,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.h.in,v 1.153 2012/01/30 07:11:47 marka Exp $ */
/* $Id: acconfig.h,v 1.53 2008/12/01 23:47:44 tbox Exp $ */
/*! \file */
@ -138,6 +138,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define if OpenSSL includes DSA support */
#undef HAVE_OPENSSL_DSA
/* Define if OpenSSL includes ECDSA support */
#undef HAVE_OPENSSL_ECDSA
/* Define to the length type used by the socket API (socklen_t, size_t, int). */
#undef ISC_SOCKADDR_LEN_T
@ -202,6 +205,9 @@ int sigwait(const unsigned int *set, int *sig);
/* Define to 1 if you have the `EVP_sha256' function. */
#undef HAVE_EVP_SHA256
/* Define to 1 if you have the `EVP_sha384' function. */
#undef HAVE_EVP_SHA384
/* Define to 1 if you have the `EVP_sha512' function. */
#undef HAVE_EVP_SHA512

107
configure vendored
View file

@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
#
# $Id: configure,v 1.518 2012/01/30 07:11:47 marka Exp $
# $Id: COPYRIGHT,v 1.19 2012/01/03 23:46:59 tbox Exp $
#
# Portions of this code release fall under one or more of the
# following Copyright notices. Please see individual source
@ -1431,6 +1431,7 @@ USE_PKCS11
ISC_OPENSSL_INC
ISC_PLATFORM_OPENSSLHASH
OPENSSL_GOST
OPENSSL_ECDSA
OPENSSLLINKSRCS
OPENSSLLINKOBJS
DST_OPENSSL_INC
@ -5171,7 +5172,7 @@ ia64-*-hpux*)
;;
*-*-irix6*)
# Find out which ABI we are using.
echo '#line 5174 "configure"' > conftest.$ac_ext
echo '#line 5175 "configure"' > conftest.$ac_ext
if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
(eval $ac_compile) 2>&5
ac_status=$?
@ -7465,11 +7466,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:7468: $lt_compile\"" >&5)
(eval echo "\"\$as_me:7469: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:7472: \$? = $ac_status" >&5
echo "$as_me:7473: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@ -7755,11 +7756,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:7758: $lt_compile\"" >&5)
(eval echo "\"\$as_me:7759: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:7762: \$? = $ac_status" >&5
echo "$as_me:7763: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@ -7859,11 +7860,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:7862: $lt_compile\"" >&5)
(eval echo "\"\$as_me:7863: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
echo "$as_me:7866: \$? = $ac_status" >&5
echo "$as_me:7867: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@ -9884,7 +9885,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
#line 9887 "configure"
#line 9888 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@ -9984,7 +9985,7 @@ else
lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
lt_status=$lt_dlunknown
cat > conftest.$ac_ext <<EOF
#line 9987 "configure"
#line 9988 "configure"
#include "confdefs.h"
#if HAVE_DLFCN_H
@ -12329,11 +12330,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:12332: $lt_compile\"" >&5)
(eval echo "\"\$as_me:12333: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:12336: \$? = $ac_status" >&5
echo "$as_me:12337: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@ -12433,11 +12434,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:12436: $lt_compile\"" >&5)
(eval echo "\"\$as_me:12437: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
echo "$as_me:12440: \$? = $ac_status" >&5
echo "$as_me:12441: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@ -14016,11 +14017,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:14019: $lt_compile\"" >&5)
(eval echo "\"\$as_me:14020: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:14023: \$? = $ac_status" >&5
echo "$as_me:14024: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@ -14120,11 +14121,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:14123: $lt_compile\"" >&5)
(eval echo "\"\$as_me:14124: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
echo "$as_me:14127: \$? = $ac_status" >&5
echo "$as_me:14128: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@ -16285,11 +16286,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:16288: $lt_compile\"" >&5)
(eval echo "\"\$as_me:16289: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:16292: \$? = $ac_status" >&5
echo "$as_me:16293: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@ -16575,11 +16576,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:16578: $lt_compile\"" >&5)
(eval echo "\"\$as_me:16579: $lt_compile\"" >&5)
(eval "$lt_compile" 2>conftest.err)
ac_status=$?
cat conftest.err >&5
echo "$as_me:16582: \$? = $ac_status" >&5
echo "$as_me:16583: \$? = $ac_status" >&5
if (exit $ac_status) && test -s "$ac_outfile"; then
# The compiler can only warn and ignore the option if not recognized
# So say no if there are warnings other than the usual output.
@ -16679,11 +16680,11 @@ else
-e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
-e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
-e 's:$: $lt_compiler_flag:'`
(eval echo "\"\$as_me:16682: $lt_compile\"" >&5)
(eval echo "\"\$as_me:16683: $lt_compile\"" >&5)
(eval "$lt_compile" 2>out/conftest.err)
ac_status=$?
cat out/conftest.err >&5
echo "$as_me:16686: \$? = $ac_status" >&5
echo "$as_me:16687: \$? = $ac_status" >&5
if (exit $ac_status) && test -s out/conftest2.$ac_objext
then
# The compiler can only warn and ignore the option if not recognized
@ -21369,6 +21370,7 @@ then
fi
done
fi
OPENSSL_ECDSA=""
OPENSSL_GOST=""
case "$use_openssl" in
no)
@ -21594,7 +21596,8 @@ $as_echo "yes" >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
for ac_func in EVP_sha256 EVP_sha512
for ac_func in EVP_sha256 EVP_sha384 EVP_sha512
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@ -21607,6 +21610,58 @@ fi
done
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL ECDSA support" >&5
$as_echo_n "checking for OpenSSL ECDSA support... " >&6; }
have_ecdsa=""
if test "$cross_compiling" = yes; then :
{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
as_fn_error $? "cannot run test program while cross compiling
See \`config.log' for more details" "$LINENO" 5; }
else
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
#include <stdio.h>
#include <openssl/ecdsa.h>
#include <openssl/objects.h>
int main() {
EC_KEY *ec256, *ec384;
#if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA384)
return (1);
#endif
ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
ec384 = EC_KEY_new_by_curve_name(NID_secp384r1);
if (ec256 == NULL || ec384 == NULL)
return (2);
return (0);
}
_ACEOF
if ac_fn_c_try_run "$LINENO"; then :
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
have_ecdsa="yes"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
have_ecdsa="no"
fi
rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
conftest.$ac_objext conftest.beam conftest.$ac_ext
fi
case $have_ecdsa in
yes)
OPENSSL_ECDSA="yes"
$as_echo "#define HAVE_OPENSSL_ECDSA 1" >>confdefs.h
;;
*)
;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenSSL GOST support" >&5
$as_echo_n "checking for OpenSSL GOST support... " >&6; }
have_gost=""
@ -21704,6 +21759,8 @@ esac
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DNS_OPENSSL_LIBS"
#

38
configure.in
View file

@ -543,6 +543,7 @@ then
fi
done
fi
OPENSSL_ECDSA=""
OPENSSL_GOST=""
case "$use_openssl" in
no)
@ -698,7 +699,40 @@ esac
else
AC_MSG_RESULT(no)
fi
AC_CHECK_FUNCS(EVP_sha256 EVP_sha512)
AC_CHECK_FUNCS(EVP_sha256 EVP_sha384 EVP_sha512)
AC_MSG_CHECKING(for OpenSSL ECDSA support)
have_ecdsa=""
AC_TRY_RUN([
#include <stdio.h>
#include <openssl/ecdsa.h>
#include <openssl/objects.h>
int main() {
EC_KEY *ec256, *ec384;
#if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA384)
return (1);
#endif
ec256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
ec384 = EC_KEY_new_by_curve_name(NID_secp384r1);
if (ec256 == NULL || ec384 == NULL)
return (2);
return (0);
}
],
[AC_MSG_RESULT(yes)
have_ecdsa="yes"],
[AC_MSG_RESULT(no)
have_ecdsa="no"])
case $have_ecdsa in
yes)
OPENSSL_ECDSA="yes"
AC_DEFINE(HAVE_OPENSSL_ECDSA)
;;
*)
;;
esac
AC_MSG_CHECKING(for OpenSSL GOST support)
have_gost=""
@ -772,7 +806,9 @@ AC_SUBST(USE_OPENSSL)
AC_SUBST(DST_OPENSSL_INC)
AC_SUBST(OPENSSLLINKOBJS)
AC_SUBST(OPENSSLLINKSRCS)
AC_SUBST(OPENSSL_ECDSA)
AC_SUBST(OPENSSL_GOST)
DNS_CRYPTO_LIBS="$DNS_CRYPTO_LIBS $DNS_OPENSSL_LIBS"
#

451
doc/rfc/rfc6605.txt Normal file
View file

@ -0,0 +1,451 @@
Internet Engineering Task Force (IETF) P. Hoffman
Request for Comments: 6605 VPN Consortium
Category: Standards Track W.C.A. Wijngaards
ISSN: 2070-1721 NLnet Labs
April 2012
Elliptic Curve Digital Signature Algorithm (DSA) for DNSSEC
Abstract
This document describes how to specify Elliptic Curve Digital
Signature Algorithm (DSA) keys and signatures in DNS Security
(DNSSEC). It lists curves of different sizes and uses the SHA-2
family of hashes for signatures.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6605.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Hoffman & Wijngaards Standards Track [Page 1]
RFC 6605 ECDSA for DNSSEC April 2012
1. Introduction
DNSSEC, which is broadly defined in RFCs 4033, 4034, and 4035
([RFC4033], [RFC4034], and [RFC4035]), uses cryptographic keys and
digital signatures to provide authentication of DNS data. Currently,
the most popular signature algorithm is RSA with SHA-1, using keys
that are 1024 or 2048 bits long.
This document defines the DNSKEY and RRSIG resource records (RRs) of
two new signing algorithms: ECDSA (Elliptic Curve DSA) with curve
P-256 and SHA-256, and ECDSA with curve P-384 and SHA-384. (A
description of ECDSA can be found in [FIPS-186-3].) This document
also defines the DS RR for the SHA-384 one-way hash algorithm; the
associated DS RR for SHA-256 is already defined in RFC 4509
[RFC4509]. [RFC6090] provides a good introduction to implementing
ECDSA.
Current estimates are that ECDSA with curve P-256 has an approximate
equivalent strength to RSA with 3072-bit keys. Using ECDSA with
curve P-256 in DNSSEC has some advantages and disadvantages relative
to using RSA with SHA-256 and with 3072-bit keys. ECDSA keys are
much shorter than RSA keys; at this size, the difference is 256
versus 3072 bits. Similarly, ECDSA signatures are much shorter than
RSA signatures. This is relevant because DNSSEC stores and transmits
both keys and signatures.
In the two signing algorithms defined in this document, the size of
the key for the elliptic curve is matched with the size of the output
of the hash algorithm. This design is based on the widespread belief
that the equivalent strength of P-256 and P-384 is half the length of
the key, and also that the equivalent strength of SHA-256 and SHA-384
is half the length of the key. Using matched strengths prevents an
attacker from choosing the weaker half of a signature algorithm. For
example, in a signature that uses RSA with 2048-bit keys and SHA-256,
the signing portion is significantly weaker than the hash portion,
whereas the two algorithms here are balanced.
Signing with ECDSA is significantly faster than with RSA (over 20
times in some implementations). However, validating RSA signatures
is significantly faster than validating ECDSA signatures (about 5
times faster in some implementations).
Some of the material in this document is copied liberally from RFC
6460 [RFC6460].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
Hoffman & Wijngaards Standards Track [Page 2]
RFC 6605 ECDSA for DNSSEC April 2012
2. SHA-384 DS Records
SHA-384 is defined in FIPS 180-3 [FIPS-180-3] and RFC 6234 [RFC6234],
and is similar to SHA-256 in many ways. The implementation of SHA-
384 in DNSSEC follows the implementation of SHA-256 as specified in
RFC 4509 except that the underlying algorithm is SHA-384, the digest
value is 48 bytes long, and the digest type code is 4.
3. ECDSA Parameters
Verifying ECDSA signatures requires agreement between the signer and
the verifier of the parameters used. FIPS 186-3 [FIPS-186-3] lists
some NIST-recommended elliptic curves. (Other documents give more
detail on ECDSA than is given in FIPS 186-3.) These are the same
curves listed in RFC 5114 [RFC5114]. The curves used in this
document are:
FIPS 186-3 RFC 5114
------------------------------------------------------------------
P-256 (Section D.1.2.3) 256-bit Random ECP Group (Section 2.6)
P-384 (Section D.1.2.4) 384-bit Random ECP Group (Section 2.7)
4. DNSKEY and RRSIG Resource Records for ECDSA
ECDSA public keys consist of a single value, called "Q" in FIPS
186-3. In DNSSEC keys, Q is a simple bit string that represents the
uncompressed form of a curve point, "x | y".
The ECDSA signature is the combination of two non-negative integers,
called "r" and "s" in FIPS 186-3. The two integers, each of which is
formatted as a simple octet string, are combined into a single longer
octet string for DNSSEC as the concatenation "r | s". (Conversion of
the integers to bit strings is described in Section C.2 of FIPS
186-3.) For P-256, each integer MUST be encoded as 32 octets; for
P-384, each integer MUST be encoded as 48 octets.
The algorithm numbers associated with the DNSKEY and RRSIG resource
records are fully defined in the IANA Considerations section. They
are:
o DNSKEY and RRSIG RRs signifying ECDSA with the P-256 curve and
SHA-256 use the algorithm number 13.
o DNSKEY and RRSIG RRs signifying ECDSA with the P-384 curve and
SHA-384 use the algorithm number 14.
Hoffman & Wijngaards Standards Track [Page 3]
RFC 6605 ECDSA for DNSSEC April 2012
Conformant implementations that create records to be put into the DNS
MUST implement signing and verification for both of the above
algorithms. Conformant DNSSEC verifiers MUST implement verification
for both of the above algorithms.
5. Support for NSEC3 Denial of Existence
RFC 5155 [RFC5155] defines new algorithm identifiers for existing
signing algorithms to indicate that zones signed with these algorithm
identifiers can use NSEC3 as well as NSEC records to provide denial
of existence. That mechanism was chosen to protect implementations
predating RFC 5155 from encountering resource records they could not
know about. This document does not define such algorithm aliases.
A DNSSEC validator that implements the signing algorithms defined in
this document MUST be able to validate negative answers in the form
of both NSEC and NSEC3 with hash algorithm 1, as defined in RFC 5155.
An authoritative server that does not implement NSEC3 MAY still serve
zones that use the signing algorithms defined in this document with
NSEC denial of existence.
6. Examples
The following are some examples of ECDSA keys and signatures in DNS
format.
6.1. P-256 Example
Private-key-format: v1.2
Algorithm: 13 (ECDSAP256SHA256)
PrivateKey: GU6SnQ/Ou+xC5RumuIUIuJZteXT2z0O/ok1s38Et6mQ=
example.net. 3600 IN DNSKEY 257 3 13 (
GojIhhXUN/u4v54ZQqGSnyhWJwaubCvTmeexv7bR6edb
krSqQpF64cYbcB7wNcP+e+MAnLr+Wi9xMWyQLc8NAA== )
example.net. 3600 IN DS 55648 13 2 (
b4c8c1fe2e7477127b27115656ad6256f424625bf5c1
e2770ce6d6e37df61d17 )
www.example.net. 3600 IN A 192.0.2.1
www.example.net. 3600 IN RRSIG A 13 3 3600 (
20100909100439 20100812100439 55648 example.net.
qx6wLYqmh+l9oCKTN6qIc+bw6ya+KJ8oMz0YP107epXA
yGmt+3SNruPFKG7tZoLBLlUzGGus7ZwmwWep666VCw== )
Hoffman & Wijngaards Standards Track [Page 4]
RFC 6605 ECDSA for DNSSEC April 2012
6.2. P-384 Example
Private-key-format: v1.2
Algorithm: 14 (ECDSAP384SHA384)
PrivateKey: WURgWHCcYIYUPWgeLmiPY2DJJk02vgrmTfitxgqcL4vw
W7BOrbawVmVe0d9V94SR
example.net. 3600 IN DNSKEY 257 3 14 (
xKYaNhWdGOfJ+nPrL8/arkwf2EY3MDJ+SErKivBVSum1
w/egsXvSADtNJhyem5RCOpgQ6K8X1DRSEkrbYQ+OB+v8
/uX45NBwY8rp65F6Glur8I/mlVNgF6W/qTI37m40 )
example.net. 3600 IN DS 10771 14 4 (
72d7b62976ce06438e9c0bf319013cf801f09ecc84b8
d7e9495f27e305c6a9b0563a9b5f4d288405c3008a94
6df983d6 )
www.example.net. 3600 IN A 192.0.2.1
www.example.net. 3600 IN RRSIG A 14 3 3600 (
20100909102025 20100812102025 10771 example.net.
/L5hDKIvGDyI1fcARX3z65qrmPsVz73QD1Mr5CEqOiLP
95hxQouuroGCeZOvzFaxsT8Glr74hbavRKayJNuydCuz
WTSSPdz7wnqXL5bdcJzusdnI0RSMROxxwGipWcJm )
Hoffman & Wijngaards Standards Track [Page 5]
RFC 6605 ECDSA for DNSSEC April 2012
7. IANA Considerations
This document updates the IANA registry for digest types in DS
records, currently called "Delegation Signer (DS) Resource Record
(RR) Type Digest Algorithms". The following entry has been added:
Value 4
Digest Type SHA-384
Status OPTIONAL
This document updates the IANA registry "Domain Name System Security
(DNSSEC) Algorithm Numbers". The following two entries have been
added to the registry:
Number 13
Description ECDSA Curve P-256 with SHA-256
Mnemonic ECDSAP256SHA256
Zone Signing Y
Trans. Sec. *
Reference This document
Number 14
Description ECDSA Curve P-384 with SHA-384
Mnemonic ECDSAP384SHA384
Zone Signing Y
Trans. Sec. *
Reference This document
* There has been no determination of standardization of the
use of this algorithm with Transaction Security.
8. Security Considerations
The cryptographic work factor of ECDSA with curve P-256 or P-384 is
generally considered to be equivalent to half the size of the key, or
128 bits and 192 bits, respectively. Such an assessment could, of
course, change in the future if new attacks that work better than the
ones known today are found.
The security considerations listed in RFC 4509 apply here as well.
Hoffman & Wijngaards Standards Track [Page 6]
RFC 6605 ECDSA for DNSSEC April 2012
9. References
9.1. Normative References
[FIPS-180-3] National Institute of Standards and Technology, U.S.
Department of Commerce, "Secure Hash Standard (SHS)",
FIPS 180-3, October 2008.
[FIPS-186-3] National Institute of Standards and Technology, U.S.
Department of Commerce, "Digital Signature Standard",
FIPS 186-3, June 2009.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements",
RFC 4033, March 2005.
[RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Resource Records for the DNS Security
Extensions", RFC 4034, March 2005.
[RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "Protocol Modifications for the DNS Security
Extensions", RFC 4035, March 2005.
[RFC4509] Hardaker, W., "Use of SHA-256 in DNSSEC Delegation
Signer (DS) Resource Records (RRs)", RFC 4509,
May 2006.
[RFC5114] Lepinski, M. and S. Kent, "Additional Diffie-Hellman
Groups for Use with IETF Standards", RFC 5114,
January 2008.
[RFC5155] Laurie, B., Sisson, G., Arends, R., and D. Blacka, "DNS
Security (DNSSEC) Hashed Authenticated Denial of
Existence", RFC 5155, March 2008.
9.2. Informative References
[RFC6090] McGrew, D., Igoe, K., and M. Salter, "Fundamental
Elliptic Curve Cryptography Algorithms", RFC 6090,
February 2011.
[RFC6234] Eastlake 3rd, D. and T. Hansen, "US Secure Hash
Algorithms (SHA and SHA-based HMAC and HKDF)", RFC
6234, May 2011.
Hoffman & Wijngaards Standards Track [Page 7]
RFC 6605 ECDSA for DNSSEC April 2012
[RFC6460] Salter, M. and R. Housley, "Suite B Profile for
Transport Layer Security (TLS)", RFC 6460,
January 2012.
Authors' Addresses
Paul Hoffman
VPN Consortium
EMail: paul.hoffman@vpnc.org
Wouter C.A. Wijngaards
NLnet Labs
EMail: wouter@nlnetlabs.nl
Hoffman & Wijngaards Standards Track [Page 8]

5
lib/dns/Makefile.in
View file

@ -47,7 +47,8 @@ LIBS = @LIBS@
# Alphabetically
OPENSSLLINKOBJS = openssl_link.@O@ openssldh_link.@O@ openssldsa_link.@O@ \
opensslgost_link.@O@ opensslrsa_link.@O@
opensslecdsa_link.@O@ opensslgost_link.@O@ \
opensslrsa_link.@O@
DSTOBJS = @DST_EXTRA_OBJS@ @OPENSSLLINKOBJS@ \
dst_api.@O@ dst_lib.@O@ dst_parse.@O@ dst_result.@O@ \
@ -76,7 +77,7 @@ OBJS= ${DNSOBJS} ${OTHEROBJS} ${DSTOBJS}
# Alphabetically
OPENSSLLINKSRCS = openssl_link.c openssldh_link.c openssldsa_link.c \
opensslgost_link.c opensslrsa_link.c
opensslecdsa_link.c opensslgost_link.c opensslrsa_link.c
DSTSRCS = @DST_EXTRA_SRCS@ @OPENSSLLINKSRCS@ \
dst_api.c dst_lib.c dst_parse.c \

29
lib/dns/ds.c
View file

@ -52,12 +52,13 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
{
dns_fixedname_t fname;
dns_name_t *name;
unsigned char digest[ISC_SHA256_DIGESTLENGTH];
unsigned char digest[ISC_SHA384_DIGESTLENGTH];
isc_region_t r;
isc_buffer_t b;
dns_rdata_ds_t ds;
isc_sha1_t sha1;
isc_sha256_t sha256;
isc_sha384_t sha384;
#ifdef HAVE_OPENSSL_GOST
EVP_MD_CTX ctx;
const EVP_MD *md;
@ -86,6 +87,7 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
isc_sha1_update(&sha1, r.base, r.length);
isc_sha1_final(&sha1, digest);
break;
#ifdef HAVE_OPENSSL_GOST
#define CHECK(x) \
if ((x) != 1) { \
@ -111,6 +113,18 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
CHECK(EVP_DigestFinal(&ctx, digest, NULL));
break;
#endif
case DNS_DSDIGEST_SHA384:
isc_sha384_init(&sha384);
dns_name_toregion(name, &r);
isc_sha384_update(&sha384, r.base, r.length);
dns_rdata_toregion(key, &r);
INSIST(r.length >= 4);
isc_sha384_update(&sha384, r.base, r.length);
isc_sha384_final(digest, &sha384);
break;
case DNS_DSDIGEST_SHA256:
default:
isc_sha256_init(&sha256);
dns_name_toregion(name, &r);
@ -132,11 +146,18 @@ dns_ds_buildrdata(dns_name_t *owner, dns_rdata_t *key,
case DNS_DSDIGEST_SHA1:
ds.length = ISC_SHA1_DIGESTLENGTH;
break;
#ifdef HAVE_OPENSSL_GOST
case DNS_DSDIGEST_GOST:
ds.length = ISC_GOST_DIGESTLENGTH;
break;
#endif
case DNS_DSDIGEST_SHA384:
ds.length = ISC_SHA384_DIGESTLENGTH;
break;
case DNS_DSDIGEST_SHA256:
default:
ds.length = ISC_SHA256_DIGESTLENGTH;
break;
@ -152,9 +173,11 @@ dns_ds_digest_supported(unsigned int digest_type) {
#ifdef HAVE_OPENSSL_GOST
return (ISC_TF(digest_type == DNS_DSDIGEST_SHA1 ||
digest_type == DNS_DSDIGEST_SHA256 ||
digest_type == DNS_DSDIGEST_GOST));
digest_type == DNS_DSDIGEST_GOST ||
digest_type == DNS_DSDIGEST_SHA384));
#else
return (ISC_TF(digest_type == DNS_DSDIGEST_SHA1 ||
digest_type == DNS_DSDIGEST_SHA256));
digest_type == DNS_DSDIGEST_SHA256 ||
digest_type == DNS_DSDIGEST_SHA384));
#endif
}

15
lib/dns/dst_api.c
View file

@ -227,6 +227,10 @@ dst_lib_init2(isc_mem_t *mctx, isc_entropy_t *ectx,
#ifdef HAVE_OPENSSL_GOST
RETERR(dst__opensslgost_init(&dst_t_func[DST_ALG_ECCGOST]));
#endif
#ifdef HAVE_OPENSSL_ECDSA
RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA256]));
RETERR(dst__opensslecdsa_init(&dst_t_func[DST_ALG_ECDSA384]));
#endif
#endif /* OPENSSL */
#ifdef GSSAPI
RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
@ -1112,6 +1116,12 @@ dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
case DST_ALG_ECCGOST:
*n = DNS_SIG_GOSTSIGSIZE;
break;
case DST_ALG_ECDSA256:
*n = DNS_SIG_ECDSA256SIZE;
break;
case DST_ALG_ECDSA384:
*n = DNS_SIG_ECDSA384SIZE;
break;
case DST_ALG_HMACMD5:
*n = 16;
break;
@ -1420,6 +1430,8 @@ issymmetric(const dst_key_t *key) {
case DST_ALG_NSEC3DSA:
case DST_ALG_DH:
case DST_ALG_ECCGOST:
case DST_ALG_ECDSA256:
case DST_ALG_ECDSA384:
return (ISC_FALSE);
case DST_ALG_HMACMD5:
case DST_ALG_GSSAPI:
@ -1698,7 +1710,8 @@ algorithm_status(unsigned int alg) {
alg == DST_ALG_HMACMD5 || alg == DST_ALG_NSEC3DSA ||
alg == DST_ALG_NSEC3RSASHA1 ||
alg == DST_ALG_RSASHA256 || alg == DST_ALG_RSASHA512 ||
alg == DST_ALG_ECCGOST)
alg == DST_ALG_ECCGOST ||
alg = DST_ALG_ECDSA256 || alg= DST_ALG_ECDSA384)
return (DST_R_NOCRYPTO);
#endif
return (DST_R_UNSUPPORTEDALG);

3
lib/dns/dst_internal.h
View file

@ -218,6 +218,9 @@ isc_result_t dst__gssapi_init(struct dst_func **funcp);
#ifdef HAVE_OPENSSL_GOST
isc_result_t dst__opensslgost_init(struct dst_func **funcp);
#endif
#ifdef HAVE_OPENSSL_ECDSA
isc_result_t dst__opensslecdsa_init(struct dst_func **funcp);
#endif
/*%
* Destructors

19
lib/dns/dst_parse.c
View file

@ -106,6 +106,8 @@ static struct parse_map map[] = {
{TAG_GOST_PRIVASN1, "GostAsn1:"},
{TAG_ECDSA_PRIVATEKEY, "PrivateKey:"},
{TAG_HMACMD5_KEY, "Key:"},
{TAG_HMACMD5_BITS, "Bits:"},
@ -250,6 +252,15 @@ check_gost(const dst_private_t *priv) {
return (0);
}
static int
check_ecdsa(const dst_private_t *priv) {
if (priv->nelements != ECDSA_NTAGS)
return (-1);
if (priv->elements[0].tag != TAG(DST_ALG_ECDSA256, 0))
return (-1);
return (0);
}
static int
check_hmac_md5(const dst_private_t *priv, isc_boolean_t old) {
int i, j;
@ -309,6 +320,8 @@ check_data(const dst_private_t *priv, const unsigned int alg,
return (check_dsa(priv));
case DST_ALG_ECCGOST:
return (check_gost(priv));
case DST_ALG_ECDSA256:
return (check_ecdsa(priv));
case DST_ALG_HMACMD5:
return (check_hmac_md5(priv, old));
case DST_ALG_HMACSHA1:
@ -603,6 +616,12 @@ dst__privstruct_writefile(const dst_key_t *key, const dst_private_t *priv,
case DST_ALG_ECCGOST:
fprintf(fp, "(ECC-GOST)\n");
break;
case DST_ALG_ECDSA256:
fprintf(fp, "(ECDSAP256SHA256)\n");
break;
case DST_ALG_ECDSA384:
fprintf(fp, "(ECDSAP384SHA384)\n");
break;
case DST_ALG_HMACMD5:
fprintf(fp, "(HMAC_MD5)\n");
break;

3
lib/dns/dst_parse.h
View file

@ -81,6 +81,9 @@
#define GOST_NTAGS 1
#define TAG_GOST_PRIVASN1 ((DST_ALG_ECCGOST << TAG_SHIFT) + 0)
#define ECDSA_NTAGS 1
#define TAG_ECDSA_PRIVATEKEY ((DST_ALG_ECDSA256 << TAG_SHIFT) + 0)
#define OLD_HMACMD5_NTAGS 1
#define HMACMD5_NTAGS 2
#define TAG_HMACMD5_KEY ((DST_ALG_HMACMD5 << TAG_SHIFT) + 0)

5
lib/dns/include/dns/ds.h
View file

@ -27,15 +27,16 @@
#define DNS_DSDIGEST_SHA1 (1)
#define DNS_DSDIGEST_SHA256 (2)
#define DNS_DSDIGEST_GOST (3)
#define DNS_DSDIGEST_SHA384 (4)
/* should not be here... */
#define ISC_GOST_DIGESTLENGTH 32U
/*
* Assuming SHA-256 digest type.
* Assuming SHA-384 digest type.
*/
#define DNS_DS_BUFFERSIZE (36)
#define DNS_DS_BUFFERSIZE (52)
ISC_LANG_BEGINDECLS

8
lib/dns/include/dns/keyvalues.h
View file

@ -71,6 +71,8 @@
#define DNS_KEYALG_RSASHA256 8
#define DNS_KEYALG_RSASHA512 10
#define DNS_KEYALG_ECCGOST 12
#define DNS_KEYALG_ECDSA256 13
#define DNS_KEYALG_ECDSA384 14
#define DNS_KEYALG_INDIRECT 252
#define DNS_KEYALG_PRIVATEDNS 253
#define DNS_KEYALG_PRIVATEOID 254 /*%< Key begins with OID giving alg */
@ -101,4 +103,10 @@
#define DNS_SIG_GOSTSIGSIZE 64
#define DNS_SIG_ECDSA256SIZE 64
#define DNS_SIG_ECDSA384SIZE 96
#define DNS_KEY_ECDSA256SIZE 64
#define DNS_KEY_ECDSA384SIZE 96
#endif /* DNS_KEYVALUES_H */

2
lib/dns/include/dst/dst.h
View file

@ -59,6 +59,8 @@ typedef struct dst_context dst_context_t;
#define DST_ALG_RSASHA256 8
#define DST_ALG_RSASHA512 10
#define DST_ALG_ECCGOST 12
#define DST_ALG_ECDSA256 13
#define DST_ALG_ECDSA384 14
#define DST_ALG_HMACMD5 157
#define DST_ALG_GSSAPI 160
#define DST_ALG_HMACSHA1 161 /* XXXMPA */

581
lib/dns/opensslecdsa_link.c Normal file
View file

@ -0,0 +1,581 @@
/*
* Copyright (C) 2010-2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
* FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
*/
/* $Id$ */
#include <config.h>
#ifdef HAVE_OPENSSL_ECDSA
#if !defined(HAVE_EVP_SHA256) || !defined(HAVE_EVP_SHA384)
#error "ECDSA without EVP for SHA2?"
#endif
#include <isc/entropy.h>
#include <isc/mem.h>
#include <isc/sha2.h>
#include <isc/string.h>
#include <isc/util.h>
#include <dns/keyvalues.h>
#include <dst/result.h>
#include "dst_internal.h"
#include "dst_openssl.h"
#include "dst_parse.h"
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/ecdsa.h>
#include <openssl/bn.h>
#ifndef NID_X9_62_prime256v1
#error "P-256 group is not known (NID_X9_62_prime256v1)"
#endif
#ifndef NID_secp384r1
#error "P-384 group is not known (NID_secp384r1)"
#endif
#define DST_RET(a) {ret = a; goto err;}
static isc_result_t opensslecdsa_todns(const dst_key_t *key,
isc_buffer_t *data);
static isc_result_t
opensslecdsa_createctx(dst_key_t *key, dst_context_t *dctx) {
EVP_MD_CTX *evp_md_ctx;
const EVP_MD *type = NULL;
UNUSED(key);
REQUIRE(dctx->key->key_alg == DST_ALG_ECDSA256 ||
dctx->key->key_alg == DST_ALG_ECDSA384);
evp_md_ctx = EVP_MD_CTX_create();
if (evp_md_ctx == NULL)
return (ISC_R_NOMEMORY);
if (dctx->key->key_alg == DST_ALG_ECDSA256)
type = EVP_sha256();
else
type = EVP_sha384();
if (!EVP_DigestInit_ex(evp_md_ctx, type, NULL)) {
EVP_MD_CTX_destroy(evp_md_ctx);
return (ISC_R_FAILURE);
}
dctx->ctxdata.evp_md_ctx = evp_md_ctx;
return (ISC_R_SUCCESS);
}
static void
opensslecdsa_destroyctx(dst_context_t *dctx) {
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
REQUIRE(dctx->key->key_alg == DST_ALG_ECDSA256 ||
dctx->key->key_alg == DST_ALG_ECDSA384);
if (evp_md_ctx != NULL) {
EVP_MD_CTX_destroy(evp_md_ctx);
dctx->ctxdata.evp_md_ctx = NULL;
}
}
static isc_result_t
opensslecdsa_adddata(dst_context_t *dctx, const isc_region_t *data) {
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
REQUIRE(dctx->key->key_alg == DST_ALG_ECDSA256 ||
dctx->key->key_alg == DST_ALG_ECDSA384);
if (!EVP_DigestUpdate(evp_md_ctx, data->base, data->length))
return (ISC_R_FAILURE);
return (ISC_R_SUCCESS);
}
static int
BN_bn2bin_fixed(BIGNUM *bn, unsigned char *buf, int size) {
int bytes = size - BN_num_bytes(bn);
while (bytes-- > 0)
*buf++ = 0;
BN_bn2bin(bn, buf);
return (size);
}
static isc_result_t
opensslecdsa_sign(dst_context_t *dctx, isc_buffer_t *sig) {
isc_result_t ret;
dst_key_t *key = dctx->key;
isc_region_t r;
ECDSA_SIG *ecdsasig;
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
EVP_PKEY *pkey = key->keydata.pkey;
EC_KEY *eckey = EVP_PKEY_get1_EC_KEY(pkey);
unsigned int dgstlen, siglen;
unsigned char digest[EVP_MAX_MD_SIZE];
REQUIRE(key->key_alg == DST_ALG_ECDSA256 ||
key->key_alg == DST_ALG_ECDSA384);
if (eckey == NULL)
return (ISC_R_FAILURE);
if (key->key_alg == DST_ALG_ECDSA256)
siglen = DNS_SIG_ECDSA256SIZE;
else
siglen = DNS_SIG_ECDSA384SIZE;
isc_buffer_availableregion(sig, &r);
if (r.length < siglen)
DST_RET(ISC_R_NOSPACE);
if (!EVP_DigestFinal(evp_md_ctx, digest, &dgstlen))
DST_RET(ISC_R_FAILURE);
ecdsasig = ECDSA_do_sign(digest, dgstlen, eckey);
if (ecdsasig == NULL)
DST_RET(dst__openssl_toresult(DST_R_SIGNFAILURE));
BN_bn2bin_fixed(ecdsasig->r, r.base, siglen / 2);
r.base += siglen / 2;
BN_bn2bin_fixed(ecdsasig->s, r.base, siglen / 2);
r.base += siglen / 2;
ECDSA_SIG_free(ecdsasig);
isc_buffer_add(sig, siglen);
ret = ISC_R_SUCCESS;
err:
if (eckey != NULL)
EC_KEY_free(eckey);
return (ret);
}
static isc_result_t
opensslecdsa_verify(dst_context_t *dctx, const isc_region_t *sig) {
isc_result_t ret;
dst_key_t *key = dctx->key;
int status;
unsigned char *cp = sig->base;
ECDSA_SIG *ecdsasig = NULL;
EVP_MD_CTX *evp_md_ctx = dctx->ctxdata.evp_md_ctx;
EVP_PKEY *pkey = key->keydata.pkey;
EC_KEY *eckey = EVP_PKEY_get1_EC_KEY(pkey);
unsigned int dgstlen, siglen;
unsigned char digest[EVP_MAX_MD_SIZE];
REQUIRE(key->key_alg == DST_ALG_ECDSA256 ||
key->key_alg == DST_ALG_ECDSA384);
if (eckey == NULL)
return (ISC_R_FAILURE);
if (key->key_alg == DST_ALG_ECDSA256)
siglen = DNS_SIG_ECDSA256SIZE;
else
siglen = DNS_SIG_ECDSA384SIZE;
if (sig->length != siglen)
return (DST_R_VERIFYFAILURE);
if (!EVP_DigestFinal_ex(evp_md_ctx, digest, &dgstlen))
DST_RET (ISC_R_FAILURE);
ecdsasig = ECDSA_SIG_new();
if (ecdsasig == NULL)
DST_RET (ISC_R_NOMEMORY);
ecdsasig->r = BN_bin2bn(cp, siglen / 2, NULL);
cp += siglen / 2;
ecdsasig->s = BN_bin2bn(cp, siglen / 2, NULL);
cp += siglen / 2;
status = ECDSA_do_verify(digest, dgstlen, ecdsasig, eckey);
if (status != 1)
DST_RET (dst__openssl_toresult(DST_R_VERIFYFAILURE));
ret = ISC_R_SUCCESS;
err:
if (ecdsasig != NULL)
ECDSA_SIG_free(ecdsasig);
if (eckey != NULL)
EC_KEY_free(eckey);
return (ret);
}
static isc_boolean_t
opensslecdsa_compare(const dst_key_t *key1, const dst_key_t *key2) {
isc_boolean_t ret;
int status;
EVP_PKEY *pkey1 = key1->keydata.pkey;
EVP_PKEY *pkey2 = key2->keydata.pkey;
EC_KEY *eckey1 = NULL;
EC_KEY *eckey2 = NULL;
const BIGNUM *priv1, *priv2;
if (pkey1 == NULL && pkey2 == NULL)
return (ISC_TRUE);
else if (pkey1 == NULL || pkey2 == NULL)
return (ISC_FALSE);
eckey1 = EVP_PKEY_get1_EC_KEY(pkey1);
eckey2 = EVP_PKEY_get1_EC_KEY(pkey2);
if (eckey1 == NULL && eckey2 == NULL) {
DST_RET (ISC_TRUE);
} else if (eckey1 == NULL || eckey2 == NULL)
DST_RET (ISC_FALSE);
status = EVP_PKEY_cmp(pkey1, pkey2);
if (status != 1)
DST_RET (ISC_FALSE);
priv1 = EC_KEY_get0_private_key(eckey1);
priv2 = EC_KEY_get0_private_key(eckey2);
if (priv1 != NULL || priv2 != NULL) {
if (priv1 == NULL || priv2 == NULL)
DST_RET (ISC_FALSE);
if (BN_cmp(priv1, priv2) != 0)
DST_RET (ISC_FALSE);
}
ret = ISC_TRUE;
err:
if (eckey1 != NULL)
EC_KEY_free(eckey1);
if (eckey2 != NULL)
EC_KEY_free(eckey2);
return (ret);
}
static isc_result_t
opensslecdsa_generate(dst_key_t *key, int unused, void (*callback)(int)) {
isc_result_t ret;
EVP_PKEY *pkey;
EC_KEY *eckey = NULL;
int group_nid;
REQUIRE(key->key_alg == DST_ALG_ECDSA256 ||
key->key_alg == DST_ALG_ECDSA384);
UNUSED(unused);
UNUSED(callback);
if (key->key_alg == DST_ALG_ECDSA256)
group_nid = NID_X9_62_prime256v1;
else
group_nid = NID_secp384r1;
eckey = EC_KEY_new_by_curve_name(group_nid);
if (eckey == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
if (EC_KEY_generate_key(eckey) != 1)
DST_RET (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
pkey = EVP_PKEY_new();
if (pkey == NULL)
DST_RET (ISC_R_NOMEMORY);
if (!EVP_PKEY_set1_EC_KEY(pkey, eckey)) {
EVP_PKEY_free(pkey);
DST_RET (ISC_R_FAILURE);
}
key->keydata.pkey = pkey;
ret = ISC_R_SUCCESS;
err:
if (eckey != NULL)
EC_KEY_free(eckey);
return (ret);
}
static isc_boolean_t
opensslecdsa_isprivate(const dst_key_t *key) {
isc_boolean_t ret;
EVP_PKEY *pkey = key->keydata.pkey;
EC_KEY *eckey = EVP_PKEY_get1_EC_KEY(pkey);
ret = ISC_TF(eckey != NULL && EC_KEY_get0_private_key(eckey) != NULL);
if (eckey != NULL)
EC_KEY_free(eckey);
return (ret);
}
static void
opensslecdsa_destroy(dst_key_t *key) {
EVP_PKEY *pkey = key->keydata.pkey;
EVP_PKEY_free(pkey);
key->keydata.pkey = NULL;
}
static isc_result_t
opensslecdsa_todns(const dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
EVP_PKEY *pkey;
EC_KEY *eckey = NULL;
isc_region_t r;
int len;
unsigned char *cp;
unsigned char buf[DNS_KEY_ECDSA384SIZE + 1];
REQUIRE(key->keydata.pkey != NULL);
pkey = key->keydata.pkey;
eckey = EVP_PKEY_get1_EC_KEY(pkey);
if (eckey == NULL)
return (ISC_R_FAILURE);
len = i2o_ECPublicKey(eckey, NULL);
/* skip form */
len--;
isc_buffer_availableregion(data, &r);
if (r.length < (unsigned int) len)
DST_RET (ISC_R_NOSPACE);
cp = buf;
if (!i2o_ECPublicKey(eckey, &cp))
DST_RET (ISC_R_FAILURE);
memcpy(r.base, buf + 1, len);
isc_buffer_add(data, len);
ret = ISC_R_SUCCESS;
err:
if (eckey != NULL)
EC_KEY_free(eckey);
return (ret);
}
static isc_result_t
opensslecdsa_fromdns(dst_key_t *key, isc_buffer_t *data) {
isc_result_t ret;
EVP_PKEY *pkey;
EC_KEY *eckey = NULL;
isc_region_t r;
int group_nid;
unsigned int len;
const unsigned char *cp;
unsigned char buf[DNS_KEY_ECDSA384SIZE + 1];
REQUIRE(key->key_alg == DST_ALG_ECDSA256 ||
key->key_alg == DST_ALG_ECDSA384);
if (key->key_alg == DST_ALG_ECDSA256) {
len = DNS_KEY_ECDSA256SIZE;
group_nid = NID_X9_62_prime256v1;
} else {
len = DNS_KEY_ECDSA384SIZE;
group_nid = NID_secp384r1;
}
isc_buffer_remainingregion(data, &r);
if (r.length == 0)
return (ISC_R_SUCCESS);
if (r.length < len)
return (DST_R_INVALIDPUBLICKEY);
eckey = EC_KEY_new_by_curve_name(group_nid);
if (eckey == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
buf[0] = POINT_CONVERSION_UNCOMPRESSED;
memcpy(buf + 1, r.base, len);
cp = buf;
if (o2i_ECPublicKey(&eckey,
(const unsigned char **) &cp,
(long) len + 1) == NULL)
DST_RET (DST_R_INVALIDPUBLICKEY);
if (EC_KEY_check_key(eckey) != 1)
DST_RET (DST_R_INVALIDPUBLICKEY);
pkey = EVP_PKEY_new();
if (pkey == NULL)
DST_RET (ISC_R_NOMEMORY);
if (!EVP_PKEY_set1_EC_KEY(pkey, eckey)) {
EVP_PKEY_free(pkey);
DST_RET (ISC_R_FAILURE);
}
isc_buffer_forward(data, len);
key->keydata.pkey = pkey;
ret = ISC_R_SUCCESS;
err:
if (eckey != NULL)
EC_KEY_free(eckey);
return (ret);
}
static isc_result_t
opensslecdsa_tofile(const dst_key_t *key, const char *directory) {
isc_result_t ret;
EVP_PKEY *pkey;
EC_KEY *eckey = NULL;
const BIGNUM *privkey;
dst_private_t priv;
unsigned char *buf = NULL;
if (key->keydata.pkey == NULL)
return (DST_R_NULLKEY);
pkey = key->keydata.pkey;
eckey = EVP_PKEY_get1_EC_KEY(pkey);
if (eckey == NULL)
return (ISC_R_FAILURE);
privkey = EC_KEY_get0_private_key(eckey);
if (privkey == NULL)
DST_RET (ISC_R_FAILURE);
buf = isc_mem_get(key->mctx, BN_num_bytes(privkey));
if (buf == NULL)
DST_RET (ISC_R_NOMEMORY);
priv.elements[0].tag = TAG_ECDSA_PRIVATEKEY;
priv.elements[0].length = BN_num_bytes(privkey);
BN_bn2bin(privkey, buf);
priv.elements[0].data = buf;
priv.nelements = ECDSA_NTAGS;
ret = dst__privstruct_writefile(key, &priv, directory);
err:
if (eckey != NULL)
EC_KEY_free(eckey);
if (buf != NULL)
isc_mem_put(key->mctx, buf, BN_num_bytes(privkey));
return (ret);
}
static isc_result_t
ecdsa_check(EC_KEY *eckey, dst_key_t *pub)
{
isc_result_t ret = ISC_R_FAILURE;
EVP_PKEY *pkey;
EC_KEY *pubeckey = NULL;
const EC_POINT *pubkey;
if (pub == NULL)
return (ISC_R_SUCCESS);
pkey = pub->keydata.pkey;
if (pkey == NULL)
return (ISC_R_SUCCESS);
pubeckey = EVP_PKEY_get1_EC_KEY(pkey);
if (pubeckey == NULL)
return (ISC_R_SUCCESS);
pubkey = EC_KEY_get0_public_key(pubeckey);
if (pubkey == NULL)
DST_RET (ISC_R_SUCCESS);
if (EC_KEY_set_public_key(eckey, pubkey) != 1)
DST_RET (ISC_R_SUCCESS);
if (EC_KEY_check_key(eckey) == 1)
DST_RET (ISC_R_SUCCESS);
err:
if (pubeckey != NULL)
EC_KEY_free(pubeckey);
return (ret);
}
static isc_result_t
opensslecdsa_parse(dst_key_t *key, isc_lex_t *lexer, dst_key_t *pub) {
dst_private_t priv;
isc_result_t ret;
EVP_PKEY *pkey;
EC_KEY *eckey = NULL;
BIGNUM *privkey;
int group_nid;
isc_mem_t *mctx = key->mctx;
REQUIRE(key->key_alg == DST_ALG_ECDSA256 ||
key->key_alg == DST_ALG_ECDSA384);
if (key->key_alg == DST_ALG_ECDSA256)
group_nid = NID_X9_62_prime256v1;
else
group_nid = NID_secp384r1;
eckey = EC_KEY_new_by_curve_name(group_nid);
if (eckey == NULL)
return (dst__openssl_toresult(DST_R_OPENSSLFAILURE));
/* read private key file */
ret = dst__privstruct_parse(key, DST_ALG_ECDSA256, lexer, mctx, &priv);
if (ret != ISC_R_SUCCESS)
DST_RET (ret);
privkey = BN_bin2bn(priv.elements[0].data,
priv.elements[0].length, NULL);
if (privkey == NULL)
DST_RET(ISC_R_NOMEMORY);
if (!EC_KEY_set_private_key(eckey, privkey))
DST_RET(ISC_R_NOMEMORY);
if (ecdsa_check(eckey, pub) != ISC_R_SUCCESS)
DST_RET(DST_R_INVALIDPRIVATEKEY);
dst__privstruct_free(&priv, mctx);
memset(&priv, 0, sizeof(priv));
pkey = EVP_PKEY_new();
if (pkey == NULL)
DST_RET (ISC_R_NOMEMORY);
if (!EVP_PKEY_set1_EC_KEY(pkey, eckey)) {
EVP_PKEY_free(pkey);
DST_RET (ISC_R_FAILURE);
}
key->keydata.pkey = pkey;
ret = ISC_R_SUCCESS;
err:
if (eckey != NULL)
EC_KEY_free(eckey);
dst__privstruct_free(&priv, mctx);
memset(&priv, 0, sizeof(priv));
return (ret);
}
static dst_func_t opensslecdsa_functions = {
opensslecdsa_createctx,
opensslecdsa_destroyctx,
opensslecdsa_adddata,
opensslecdsa_sign,
opensslecdsa_verify,
NULL, /*%< computesecret */
opensslecdsa_compare,
NULL, /*%< paramcompare */
opensslecdsa_generate,
opensslecdsa_isprivate,
opensslecdsa_destroy,
opensslecdsa_todns,
opensslecdsa_fromdns,
opensslecdsa_tofile,
opensslecdsa_parse,
NULL, /*%< cleanup */
NULL, /*%< fromlabel */
NULL, /*%< dump */
NULL, /*%< restore */
};
isc_result_t
dst__opensslecdsa_init(dst_func_t **funcp) {
REQUIRE(funcp != NULL);
if (*funcp == NULL)
*funcp = &opensslecdsa_functions;
return (ISC_R_SUCCESS);
}
#else /* HAVE_OPENSSL_ECDSA */
#include <isc/util.h>
EMPTY_TRANSLATION_UNIT
#endif /* HAVE_OPENSSL_ECDSA */
/*! \file */

2
lib/dns/rcode.c
View file

@ -108,6 +108,8 @@
{ DNS_KEYALG_RSASHA256, "RSASHA256", 0 }, \
{ DNS_KEYALG_RSASHA512, "RSASHA512", 0 }, \
{ DNS_KEYALG_ECCGOST, "ECCGOST", 0 }, \
{ DNS_KEYALG_ECDSA256, "ECDSAP256SHA256", 0 }, \
{ DNS_KEYALG_ECDSA384, "ECDSAP384SHA384", 0 }, \
{ DNS_KEYALG_INDIRECT, "INDIRECT", 0 }, \
{ DNS_KEYALG_PRIVATEDNS, "PRIVATEDNS", 0 }, \
{ DNS_KEYALG_PRIVATEOID, "PRIVATEOID", 0 }, \

12
lib/dns/rdata/generic/dlv_32769.c
View file

@ -84,6 +84,9 @@ fromtext_dlv(ARGS_FROMTEXT) {
case DNS_DSDIGEST_GOST:
length = ISC_GOST_DIGESTLENGTH;
break;
case DNS_DSDIGEST_SHA384:
length = ISC_SHA384_DIGESTLENGTH;
break;
default:
length = -1;
break;
@ -166,7 +169,9 @@ fromwire_dlv(ARGS_FROMWIRE) {
(sr.base[3] == DNS_DSDIGEST_SHA256 &&
sr.length < 4 + ISC_SHA256_DIGESTLENGTH) ||
(sr.base[3] == DNS_DSDIGEST_GOST &&
sr.length < 4 + ISC_GOST_DIGESTLENGTH))
sr.length < 4 + ISC_GOST_DIGESTLENGTH) ||
(sr.base[3] == DNS_DSDIGEST_SHA384 &&
sr.length < 4 + ISC_SHA384_DIGESTLENGTH))
return (ISC_R_UNEXPECTEDEND);
/*
@ -180,6 +185,8 @@ fromwire_dlv(ARGS_FROMWIRE) {
sr.length = 4 + ISC_SHA256_DIGESTLENGTH;
else if (sr.base[3] == DNS_DSDIGEST_GOST)
sr.length = 4 + ISC_GOST_DIGESTLENGTH;
else if (sr.base[3] == DNS_DSDIGEST_SHA384)
sr.length = 4 + ISC_SHA384_DIGESTLENGTH;
isc_buffer_forward(source, sr.length);
return (mem_tobuffer(target, sr.base, sr.length));
@ -232,6 +239,9 @@ fromstruct_dlv(ARGS_FROMSTRUCT) {
case DNS_DSDIGEST_GOST:
REQUIRE(dlv->length == ISC_GOST_DIGESTLENGTH);
break;
case DNS_DSDIGEST_SHA384:
REQUIRE(dlv->length == ISC_SHA384_DIGESTLENGTH);
break;
}
UNUSED(type);

12
lib/dns/rdata/generic/ds_43.c
View file

@ -84,6 +84,9 @@ fromtext_ds(ARGS_FROMTEXT) {
case DNS_DSDIGEST_GOST:
length = ISC_GOST_DIGESTLENGTH;
break;
case DNS_DSDIGEST_SHA384:
length = ISC_SHA384_DIGESTLENGTH;
break;
default:
length = -1;
break;
@ -166,7 +169,9 @@ fromwire_ds(ARGS_FROMWIRE) {
(sr.base[3] == DNS_DSDIGEST_SHA256 &&
sr.length < 4 + ISC_SHA256_DIGESTLENGTH) ||
(sr.base[3] == DNS_DSDIGEST_GOST &&
sr.length < 4 + ISC_GOST_DIGESTLENGTH))
sr.length < 4 + ISC_GOST_DIGESTLENGTH) ||
(sr.base[3] == DNS_DSDIGEST_SHA384 &&
sr.length < 4 + ISC_SHA384_DIGESTLENGTH))
return (ISC_R_UNEXPECTEDEND);
/*
@ -180,6 +185,8 @@ fromwire_ds(ARGS_FROMWIRE) {
sr.length = 4 + ISC_SHA256_DIGESTLENGTH;
else if (sr.base[3] == DNS_DSDIGEST_GOST)
sr.length = 4 + ISC_GOST_DIGESTLENGTH;
else if (sr.base[3] == DNS_DSDIGEST_SHA384)
sr.length = 4 + ISC_SHA384_DIGESTLENGTH;
isc_buffer_forward(source, sr.length);
return (mem_tobuffer(target, sr.base, sr.length));
@ -232,6 +239,9 @@ fromstruct_ds(ARGS_FROMSTRUCT) {
case DNS_DSDIGEST_GOST:
REQUIRE(ds->length == ISC_GOST_DIGESTLENGTH);
break;
case DNS_DSDIGEST_SHA384:
REQUIRE(ds->length == ISC_SHA384_DIGESTLENGTH);
break;
}
UNUSED(type);