Update ZONEMD to match RFC 8976

* The location of the digest type field has changed to where the reserved field was. * The reserved field is now called scheme and is where the digest type field was. * Digest type 2 has been defined (SHA256). (cherry picked from commit 8510ccaa54)
2026-02-11 14:53:11 -05:00 · 2021-04-28 12:05:02 +10:00 · 2021-04-28 12:05:02 +10:00 · e4e4ff0e10
commit e4e4ff0e10
parent 4aaddec8d9
8 changed files with 247 additions and 92 deletions
--- a/2
+++ b/2
@ -1,3 +1,5 @@
+5631.	[bug]		Update ZONEMD to match RFC 8976. [GL #2658]
+
 5629.	[func]		Reduce the supported maximum number of iterations
 			that can be configured in an NSEC3 zone to 150.
 			[GL #2642]
--- a/bin/tests/system/genzone.sh
+++ b/bin/tests/system/genzone.sh
@ -369,11 +369,17 @@ csync01			CSYNC	0 0 A NS AAAA
 csync02			CSYNC	0 0

 ;type	63
-zonemd01		ZONEMD	2019020700 1 0 (
+zonemd01		ZONEMD	2019020700 1 1 (
                                C220B8A6ED5728A971902F7E3D4FD93A
                                DEEA88B0453C2E8E8C863D465AB06CF3
                                4EB95B266398C98B59124FA239CB7EEB
 				)
+zonemd02		ZONEMD	2019020700 1 2 (
+				08CFA1115C7B948C4163A901270395EA
+			        226A930CD2CBCF2FA9A5E6EB85F37C8A
+                                4E114D884E66F176EAB121CB02DB7D65
+                                2E0CC4827E7A3204F166B47E5613FD27
+				)

 ; type 64 -- 98 (unassigned)

--- a/bin/tests/system/xfer/dig1.good
+++ b/bin/tests/system/xfer/dig1.good
@ -166,7 +166,8 @@ wks01.example.		3600	IN	WKS	10.0.0.1 6 0 1 2 21 23
 wks02.example.		3600	IN	WKS	10.0.0.1 17 0 1 2 53
 wks03.example.		3600	IN	WKS	10.0.0.2 6 65535
 x2501.example.		3600	IN	X25	"123456789"
-zonemd01.example.	3600    IN	ZONEMD	2019020700 1 0 C220B8A6ED5728A971902F7E3D4FD93ADEEA88B0453C2E8E8C863D46 5AB06CF34EB95B266398C98B59124FA239CB7EEB
+zonemd01.example.	3600    IN	ZONEMD	2019020700 1 1 C220B8A6ED5728A971902F7E3D4FD93ADEEA88B0453C2E8E8C863D46 5AB06CF34EB95B266398C98B59124FA239CB7EEB
+zonemd02.example.	3600	IN	ZONEMD	2019020700 1 2 08CFA1115C7B948C4163A901270395EA226A930CD2CBCF2FA9A5E6EB 85F37C8A4E114D884E66F176EAB121CB02DB7D652E0CC4827E7A3204 F166B47E5613FD27
 8f1tmio9avcom2k0frp92lgcumak0cad.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C 8FPNS2UCT7FBS643THP2B77PEQ77K6IU A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM
 kcd3juae64f9c5csl1kif1htaui7un0g.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C KD5MN2M20340DGO0BL7NTSB8JP4BSC7E
 mr5ukvsk1l37btu4q7b1dfevft4hkqdk.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C MT38J6VG7S0SN5G17MCUF6IQIKFUAJ05 A AAAA RRSIG
--- a/bin/tests/system/xfer/dig2.good
+++ b/bin/tests/system/xfer/dig2.good
@ -166,7 +166,8 @@ wks01.example.		3600	IN	WKS	10.0.0.1 6 0 1 2 21 23
 wks02.example.		3600	IN	WKS	10.0.0.1 17 0 1 2 53
 wks03.example.		3600	IN	WKS	10.0.0.2 6 65535
 x2501.example.		3600	IN	X25	"123456789"
-zonemd01.example.	3600    IN	ZONEMD	2019020700 1 0 C220B8A6ED5728A971902F7E3D4FD93ADEEA88B0453C2E8E8C863D46 5AB06CF34EB95B266398C98B59124FA239CB7EEB
+zonemd01.example.	3600    IN	ZONEMD	2019020700 1 1 C220B8A6ED5728A971902F7E3D4FD93ADEEA88B0453C2E8E8C863D46 5AB06CF34EB95B266398C98B59124FA239CB7EEB
+zonemd02.example.	3600	IN	ZONEMD	2019020700 1 2 08CFA1115C7B948C4163A901270395EA226A930CD2CBCF2FA9A5E6EB 85F37C8A4E114D884E66F176EAB121CB02DB7D652E0CC4827E7A3204 F166B47E5613FD27
 8f1tmio9avcom2k0frp92lgcumak0cad.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C 8FPNS2UCT7FBS643THP2B77PEQ77K6IU A NS SOA MX AAAA RRSIG DNSKEY NSEC3PARAM
 kcd3juae64f9c5csl1kif1htaui7un0g.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C KD5MN2M20340DGO0BL7NTSB8JP4BSC7E
 mr5ukvsk1l37btu4q7b1dfevft4hkqdk.example. 3600 IN NSEC3 1 0 10 D2CF0294C020CE6C MT38J6VG7S0SN5G17MCUF6IQIKFUAJ05 A AAAA RRSIG
--- a/doc/arm/notes-9.11.32.xml
+++ b/doc/arm/notes-9.11.32.xml
@ -66,7 +66,7 @@
    <itemizedlist>
      <listitem>
        <para>
-          None.
+          Update ZONEMD to match RFC 8976. [GL #2658]
        </para>
      </listitem>
    </itemizedlist>
--- a/lib/dns/rdata/generic/zonemd_63.c
+++ b/lib/dns/rdata/generic/zonemd_63.c
@ -9,7 +9,7 @@
 * information regarding copyright ownership.
 */

-/* draft-wessels-zone-digest-05 */
+/* RFC 8976 */

 #ifndef RDATA_GENERIC_ZONEMD_63_C
 #define RDATA_GENERIC_ZONEMD_63_C
@ -20,6 +20,8 @@ static inline isc_result_t
 fromtext_zonemd(ARGS_FROMTEXT) {
 	isc_token_t token;
 	int digest_type, length;
+	isc_buffer_t save;
+	isc_result_t result;

 	UNUSED(type);
 	UNUSED(rdclass);
@ -28,27 +30,27 @@ fromtext_zonemd(ARGS_FROMTEXT) {
 	UNUSED(callbacks);

 	/*
-	 * Serial.
+	 * Zone Serial.
 	 */
 	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
 				      false));
 	RETERR(uint32_tobuffer(token.value.as_ulong, target));

 	/*
-	 * Digest type.
+	 * Digest Scheme.
+	 */
+	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
+				      false));
+	RETERR(uint8_tobuffer(token.value.as_ulong, target));
+
+	/*
+	 * Digest Type.
 	 */
 	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
 				      false));
 	digest_type = token.value.as_ulong;
 	RETERR(uint8_tobuffer(digest_type, target));

-	/*
-	 * Reserved.
-	 */
-	RETERR(isc_lex_getmastertoken(lexer, &token, isc_tokentype_number,
-				      false));
-	RETERR(uint8_tobuffer(token.value.as_ulong, target));
-
 	/*
 	 * Digest.
 	 */
@ -56,12 +58,21 @@ fromtext_zonemd(ARGS_FROMTEXT) {
 	case DNS_ZONEMD_DIGEST_SHA384:
 		length = ISC_SHA384_DIGESTLENGTH;
 		break;
+	case DNS_ZONEMD_DIGEST_SHA512:
+		length = ISC_SHA512_DIGESTLENGTH;
+		break;
 	default:
 		length = -2;
 		break;
 	}

-	return (isc_hex_tobuffer(lexer, target, length));
+	save = *target;
+	result = isc_hex_tobuffer(lexer, target, length);
+	/* Minimum length of digest is 12 octets. */
+	if (isc_buffer_usedlength(target) - isc_buffer_usedlength(&save) < 12) {
+		return (ISC_R_UNEXPECTEDEND);
+	}
+	return (result);
 }

 static inline isc_result_t
@ -77,7 +88,7 @@ totext_zonemd(ARGS_TOTEXT) {
 	dns_rdata_toregion(rdata, &sr);

 	/*
-	 * Serial.
+	 * Zone Serial.
 	 */
 	num = uint32_fromregion(&sr);
 	isc_region_consume(&sr, 4);
@ -87,7 +98,7 @@ totext_zonemd(ARGS_TOTEXT) {
 	RETERR(str_totext(" ", target));

 	/*
-	 * Digest type.
+	 * Digest scheme.
 	 */
 	num = uint8_fromregion(&sr);
 	isc_region_consume(&sr, 1);
@ -95,8 +106,9 @@ totext_zonemd(ARGS_TOTEXT) {
 	RETERR(str_totext(buf, target));

 	RETERR(str_totext(" ", target));
+
 	/*
-	 * Reserved.
+	 * Digest type.
 	 */
 	num = uint8_fromregion(&sr);
 	isc_region_consume(&sr, 1);
@ -127,6 +139,7 @@ totext_zonemd(ARGS_TOTEXT) {
 static inline isc_result_t
 fromwire_zonemd(ARGS_FROMWIRE) {
 	isc_region_t sr;
+	size_t digestlen = 0;

 	UNUSED(type);
 	UNUSED(rdclass);
@ -136,16 +149,28 @@ fromwire_zonemd(ARGS_FROMWIRE) {
 	isc_buffer_activeregion(source, &sr);

 	/*
-	 * If we do not recognize the digest type, only ensure that the digest
-	 * is present at all.
+	 * If we do not recognize the digest type, ensure that the digest
+	 * meets minimum length (12).
 	 *
 	 * If we do recognize the digest type, ensure that the digest is of the
 	 * correct length.
 	 */
-	if (sr.length < 7 ||
-	    (sr.base[4] == DNS_ZONEMD_DIGEST_SHA384 &&
-	     sr.length < 6 + ISC_SHA384_DIGESTLENGTH))
-	{
+	if (sr.length < 18) {
+		return (ISC_R_UNEXPECTEDEND);
+	}
+
+	switch (sr.base[5]) {
+	case DNS_ZONEMD_DIGEST_SHA384:
+		digestlen = ISC_SHA384_DIGESTLENGTH;
+		break;
+	case DNS_ZONEMD_DIGEST_SHA512:
+		digestlen = ISC_SHA512_DIGESTLENGTH;
+		break;
+	default:
+		break;
+	}
+
+	if (digestlen != 0 && sr.length < 6 + digestlen) {
 		return (ISC_R_UNEXPECTEDEND);
 	}

@ -155,8 +180,8 @@ fromwire_zonemd(ARGS_FROMWIRE) {
 	 *
 	 * If there is extra data, dns_rdata_fromwire() will detect that.
 	 */
-	if (sr.base[4] == DNS_ZONEMD_DIGEST_SHA384) {
-		sr.length = 6 + ISC_SHA384_DIGESTLENGTH;
+	if (digestlen != 0) {
+		sr.length = 6 + digestlen;
 	}

 	isc_buffer_forward(source, sr.length);
@ -209,11 +234,14 @@ fromstruct_zonemd(ARGS_FROMSTRUCT) {
 	case DNS_ZONEMD_DIGEST_SHA384:
 		REQUIRE(zonemd->length == ISC_SHA384_DIGESTLENGTH);
 		break;
+	case DNS_ZONEMD_DIGEST_SHA512:
+		REQUIRE(zonemd->length == ISC_SHA512_DIGESTLENGTH);
+		break;
 	}

 	RETERR(uint32_tobuffer(zonemd->serial, target));
+	RETERR(uint8_tobuffer(zonemd->scheme, target));
 	RETERR(uint8_tobuffer(zonemd->digest_type, target));
-	RETERR(uint8_tobuffer(zonemd->reserved, target));

 	return (mem_tobuffer(target, zonemd->digest, zonemd->length));
 }
@ -237,9 +265,9 @@ tostruct_zonemd(ARGS_TOSTRUCT) {

 	zonemd->serial = uint32_fromregion(&region);
 	isc_region_consume(&region, 4);
-	zonemd->digest_type = uint8_fromregion(&region);
+	zonemd->scheme = uint8_fromregion(&region);
 	isc_region_consume(&region, 1);
-	zonemd->reserved = uint8_fromregion(&region);
+	zonemd->digest_type = uint8_fromregion(&region);
 	isc_region_consume(&region, 1);
 	zonemd->length = region.length;

--- a/lib/dns/rdata/generic/zonemd_63.h
+++ b/lib/dns/rdata/generic/zonemd_63.h
@ -12,20 +12,21 @@
 #ifndef GENERIC_ZONEMD_63_H
 #define GENERIC_ZONEMD_63_H 1

-/* Digest type(s). Currently only SHA-384 is defined. */
+/* Known digest type(s). */
 #define DNS_ZONEMD_DIGEST_SHA384 (1)
+#define DNS_ZONEMD_DIGEST_SHA512 (2)

 /*
- *  \brief per draft-wessels-zone-digest-05
+ *  \brief per RFC 8976
 */
 typedef struct dns_rdata_zonemd {
-	dns_rdatacommon_t	common;
-	isc_mem_t		*mctx;
-	uint32_t		serial;
-	uint8_t			digest_type;
-	uint8_t			reserved;
-	unsigned char		*digest;
-	uint16_t		length;
+	dns_rdatacommon_t common;
+	isc_mem_t *mctx;
+	uint32_t serial;
+	uint8_t scheme;
+	uint8_t digest_type;
+	unsigned char *digest;
+	uint16_t length;
 } dns_rdata_zonemd_t;

 #endif /* GENERIC_ZONEMD_63_H */
--- a/lib/dns/tests/rdata_test.c
+++ b/lib/dns/tests/rdata_test.c
@ -626,6 +626,10 @@ check_wire_ok(const wire_ok_t *wire_ok, bool empty_ok, dns_rdataclass_t rdclass,
 	 * Check all entries in the supplied array.
 	 */
 	for (i = 0; wire_ok[i].len != 0; i++) {
+		if (debug) {
+			fprintf(stderr, "calling check_wire_ok_single on %zu\n",
+				i);
+		}
 		check_wire_ok_single(&wire_ok[i], rdclass, type, structsize);
 	}

@ -2501,7 +2505,7 @@ wks(void **state) {
 /*
 * ZONEMD tests.
 *
- * Excerpted from draft-wessels-dns-zone-digest:
+ * Excerpted from RFC 8976:
 *
 * The ZONEMD RDATA wire format is encoded as follows:
 *
@ -2510,55 +2514,129 @@ wks(void **state) {
 *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 *    |                             Serial                            |
 *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
- *    |  Digest Type  |   Reserved    |                               |
+ *    |    Scheme     |Hash Algorithm |                               |
 *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+                               |
 *    |                             Digest                            |
 *    /                                                               /
 *    /                                                               /
 *    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
 *
- * 2.1.1.  The Serial Field
+ * 2.2.1.  The Serial Field
 *
- *    The Serial field is a 32-bit unsigned integer in network order.  It
- *    is equal to the serial number from the zone's SOA record
+ *    The Serial field is a 32-bit unsigned integer in network byte order.
+ *    It is the serial number from the zone's SOA record ([RFC1035],
+ *    Section 3.3.13) for which the zone digest was generated.
 *
- * 2.1.2.  The Digest Type Field
+ *    It is included here to clearly bind the ZONEMD RR to a particular
+ *    version of the zone's content.  Without the serial number, a stand-
+ *    alone ZONEMD digest has no obvious association to any particular
+ *    instance of a zone.
 *
- *    The Digest Type field is an 8-bit unsigned integer that identifies
- *    the algorithm used to construct the digest.
+ * 2.2.2.  The Scheme Field
 *
- *    At the time of this writing, SHA384, with value 1, is the only Digest
- *    Type defined for ZONEMD records.
+ *    The Scheme field is an 8-bit unsigned integer that identifies the
+ *    methods by which data is collated and presented as input to the
+ *    hashing function.
 *
- * 2.1.3.  The Reserved Field
+ *    Herein, SIMPLE, with Scheme value 1, is the only standardized Scheme
+ *    defined for ZONEMD records and it MUST be supported by
+ *    implementations.  The "ZONEMD Schemes" registry is further described
+ *    in Section 5.
 *
- *    The Reserved field is an 8-bit unsigned integer, which is always set
- *    to zero.
+ *    Scheme values 240-254 are allocated for Private Use.
 *
- * 2.1.4.  The Digest Field
+ * 2.2.3.  The Hash Algorithm Field
+ *
+ *    The Hash Algorithm field is an 8-bit unsigned integer that identifies
+ *    the cryptographic hash algorithm used to construct the digest.
+ *
+ *    Herein, SHA384 ([RFC6234]), with Hash Algorithm value 1, is the only
+ *    standardized Hash Algorithm defined for ZONEMD records that MUST be
+ *    supported by implementations.  When SHA384 is used, the size of the
+ *    Digest field is 48 octets.  The result of the SHA384 digest algorithm
+ *    MUST NOT be truncated, and the entire 48-octet digest is published in
+ *    the ZONEMD record.
+ *
+ *    SHA512 ([RFC6234]), with Hash Algorithm value 2, is also defined for
+ *    ZONEMD records and SHOULD be supported by implementations.  When
+ *    SHA512 is used, the size of the Digest field is 64 octets.  The
+ *    result of the SHA512 digest algorithm MUST NOT be truncated, and the
+ *    entire 64-octet digest is published in the ZONEMD record.
+ *
+ *    Hash Algorithm values 240-254 are allocated for Private Use.
+ *
+ *    The "ZONEMD Hash Algorithms" registry is further described in
+ *    Section 5.
+ *
+ * 2.2.4.  The Digest Field
 *
 *    The Digest field is a variable-length sequence of octets containing
- *    the message digest.
+ *    the output of the hash algorithm.  The length of the Digest field is
+ *    determined by deducting the fixed size of the Serial, Scheme, and
+ *    Hash Algorithm fields from the RDATA size in the ZONEMD RR header.
+ *
+ *    The Digest field MUST NOT be shorter than 12 octets.  Digests for the
+ *    SHA384 and SHA512 hash algorithms specified herein are never
+ *    truncated.  Digests for future hash algorithms MAY be truncated but
+ *    MUST NOT be truncated to a length that results in less than 96 bits
+ *    (12 octets) of equivalent strength.
+ *
+ *    Section 3 describes how to calculate the digest for a zone.
+ *    Section 4 describes how to use the digest to verify the contents of a
+ *    zone.
+ *
 */

 static void
 zonemd(void **state) {
 	text_ok_t text_ok[] = {
 		TEXT_INVALID(""),
+		/* No digest scheme or digest type*/
 		TEXT_INVALID("0"),
+		/* No digest type */
 		TEXT_INVALID("0 0"),
+		/* No digest */
 		TEXT_INVALID("0 0 0"),
+		/* No digest */
 		TEXT_INVALID("99999999 0 0"),
+		/* No digest */
 		TEXT_INVALID("2019020700 0 0"),
-		TEXT_INVALID("2019020700 1 0 DEADBEEF"),
-		TEXT_VALID("2019020700 2 0 DEADBEEF"),
-		TEXT_VALID("2019020700 255 0 DEADBEEF"),
-		TEXT_INVALID("2019020700 256 0 DEADBEEF"),
-		TEXT_VALID("2019020700 2 255 DEADBEEF"),
-		TEXT_INVALID("2019020700 2 256 DEADBEEF"),
-		TEXT_VALID("2019020700 1 0 7162D2BB75C047A53DE98767C9192BEB"
-					  "14DB01E7E2267135DAF0230A 19BA4A31"
-					  "6AF6BF64AA5C7BAE24B2992850300509"),
+		/* Digest too short */
+		TEXT_INVALID("2019020700 1 1 DEADBEEF"),
+		/* Digest too short */
+		TEXT_INVALID("2019020700 1 2 DEADBEEF"),
+		/* Digest too short */
+		TEXT_INVALID("2019020700 1 3 DEADBEEFDEADBEEFDEADBE"),
+		/* Digest type unknown */
+		TEXT_VALID("2019020700 1 3 DEADBEEFDEADBEEFDEADBEEF"),
+		/* Digest type max */
+		TEXT_VALID("2019020700 1 255 DEADBEEFDEADBEEFDEADBEEF"),
+		/* Digest type too big */
+		TEXT_INVALID("2019020700 0 256 DEADBEEFDEADBEEFDEADBEEF"),
+		/* Scheme max */
+		TEXT_VALID("2019020700 255 3 DEADBEEFDEADBEEFDEADBEEF"),
+		/* Scheme too big */
+		TEXT_INVALID("2019020700 256 3 DEADBEEFDEADBEEFDEADBEEF"),
+		/* SHA384 */
+		TEXT_VALID("2019020700 1 1 "
+			   "7162D2BB75C047A53DE98767C9192BEB"
+			   "14DB01E7E2267135DAF0230A 19BA4A31"
+			   "6AF6BF64AA5C7BAE24B2992850300509"),
+		/* SHA512 */
+		TEXT_VALID("2019020700 1 2 "
+			   "08CFA1115C7B948C4163A901270395EA"
+			   "226A930CD2CBCF2FA9A5E6EB 85F37C8A"
+			   "4E114D884E66F176EAB121CB02DB7D65"
+			   "2E0CC4827E7A3204 F166B47E5613FD27"),
+		/* SHA384 too short and with private scheme */
+		TEXT_INVALID("2021042801 0 1 "
+			     "7162D2BB75C047A53DE98767C9192BEB"
+			     "6AF6BF64AA5C7BAE24B2992850300509"),
+		/* SHA512 too short and with private scheme */
+		TEXT_INVALID("2021042802 5 2 "
+			     "A897B40072ECAE9E4CA3F1F227DE8F5E"
+			     "480CDEBB16DFC64C1C349A7B5F6C71AB"
+			     "E8A88B76EF0BA1604EC25752E946BF98"),
 		TEXT_SENTINEL()
 	};
 	wire_ok_t wire_ok[] = {
@ -2587,51 +2665,89 @@ zonemd(void **state) {
 		 */
 		WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
 		/*
-		 * Minimal, one-octet hash for an undefined digest type.
+		 * Short 11-octet digest.
 		 */
-		WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00),
+		WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			     0x00),
+		/*
+		 * Minimal, 12-octet hash for an undefined digest type.
+		 */
+		WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			   0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			   0x00),
 		/*
 		 * SHA-384 is defined, so we insist there be a digest of
 		 * the expected length.
 		 */
-		WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00),
+		WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00,
+			     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+			     0x00, 0x00),
 		/*
 		 * 48-octet digest, valid for SHA-384.
 		 */
-		WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce),
+		WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0xde, 0xad, 0xbe,
+			   0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe,
+			   0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe,
+			   0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa,
+			   0xce),
 		/*
 		 * 56-octet digest, too long for SHA-384.
 		 */
-		WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00,
-			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+		WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0xde, 0xad,
+			     0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+			     0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad,
+			     0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+			     0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad,
+			     0xbe, 0xef, 0xfa, 0xce),
+		/*
+		 * 56-octet digest, too short for SHA-512
+		 */
+		WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad,
+			     0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+			     0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad,
+			     0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+			     0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad,
+			     0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad),
+		/*
+		 * 64-octet digest, just right for SHA-512
+		 */
+		WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad, 0xbe,
+			   0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe,
+			   0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe,
+			   0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe,
+			   0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef),
+		/*
+		 * 72-octet digest, too long for SHA-512
+		 */
+		WIRE_INVALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0xde, 0xad,
+			     0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+			     0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad,
+			     0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+			     0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad,
+			     0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+			     0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
 			     0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce),
 		/*
 		 * 56-octet digest, valid for an undefined digest type.
 		 */
-		WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
-			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+		WIRE_VALID(0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0xde, 0xad, 0xbe,
+			   0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe,
+			   0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
+			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe,
+			   0xef, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce,
 			   0xde, 0xad, 0xbe, 0xef, 0xfa, 0xce),
 		/*
 		 * Sentinel.