From 0bcdd97c38f467001fa3723d9de22f8f135a2d5a Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Tue, 31 Jul 2012 07:37:22 +0000 Subject: -tlsa rr added to namestore --- src/gns/gns_records.h | 161 ---------------------------------- src/gns/gnunet-service-gns_resolver.c | 2 +- src/gns/test_gns_simple_srv_lookup.c | 2 +- src/include/gns_protocol.h | 161 ++++++++++++++++++++++++++++++++++ src/include/gnunet_dnsparser_lib.h | 1 + src/include/gnunet_gns_service.h | 4 - src/namestore/namestore_common.c | 60 ++++++++++--- 7 files changed, 210 insertions(+), 181 deletions(-) delete mode 100644 src/gns/gns_records.h create mode 100644 src/include/gns_protocol.h diff --git a/src/gns/gns_records.h b/src/gns/gns_records.h deleted file mode 100644 index b5e6f33e1..000000000 --- a/src/gns/gns_records.h +++ /dev/null @@ -1,161 +0,0 @@ -/* - This file is part of GNUnet - (C) 2012 Christian Grothoff (and other contributing authors) - - GNUnet is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 2, or (at your - option) any later version. - - GNUnet is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with GNUnet; see the file COPYING. If not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. - */ - -/** - * @file gns/gns_records.h - * @brief Resource Record definitions - * @author Martin Schanzenbach - */ -#ifndef GNS_RECORDS_H -#define GNS_RECORDS_H - -GNUNET_NETWORK_STRUCT_BEGIN - -/** - * Payload of DNS SOA record (header). - */ -struct soa_data -{ - /** - * The version number of the original copy of the zone. (NBO) - */ - uint32_t serial GNUNET_PACKED; - - /** - * Time interval before the zone should be refreshed. (NBO) - */ - uint32_t refresh GNUNET_PACKED; - - /** - * Time interval that should elapse before a failed refresh should - * be retried. (NBO) - */ - uint32_t retry GNUNET_PACKED; - - /** - * Time value that specifies the upper limit on the time interval - * that can elapse before the zone is no longer authoritative. (NBO) - */ - uint32_t expire GNUNET_PACKED; - - /** - * The bit minimum TTL field that should be exported with any RR - * from this zone. (NBO) - */ - uint32_t minimum GNUNET_PACKED; -}; - - -/** - * Payload of DNS SRV record (header). - */ -struct srv_data -{ - - /** - * Preference for this entry (lower value is higher preference). Clients - * will contact hosts from the lowest-priority group first and fall back - * to higher priorities if the low-priority entries are unavailable. (NBO) - */ - uint16_t prio GNUNET_PACKED; - - /** - * Relative weight for records with the same priority. Clients will use - * the hosts of the same (lowest) priority with a probability proportional - * to the weight given. (NBO) - */ - uint16_t weight GNUNET_PACKED; - - /** - * TCP or UDP port of the service. (NBO) - */ - uint16_t port GNUNET_PACKED; - - /* followed by 'target' name */ -}; - - -/** - * Payload of DNSSEC TLSA record. - * http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/ - */ -struct tlsa_data -{ - - /** - * Certificate usage - * 0: CA cert - * 1: Entity cert - * 2: Trust anchor - * 3: domain-issued cert - */ - uint8_t usage; - - /** - * Selector - * What part will be matched against the cert - * presented by server - * 0: Full cert (in binary) - * 1: Full cert (in DER) - */ - uint8_t selector; - - /** - * Matching type (of selected content) - * 0: exact match - * 1: SHA-256 hash - * 2: SHA-512 hash - */ - uint8_t matching_type; - - /** - * followed by certificate association data - * The "certificate association data" to be matched. - * These bytes are either raw data (that is, the full certificate or - * its SubjectPublicKeyInfo, depending on the selector) for matching - * type 0, or the hash of the raw data for matching types 1 and 2. - * The data refers to the certificate in the association, not to the - * TLS ASN.1 Certificate object. - * - * The data is represented as a string of hex chars - */ -}; - -/** - * Payload of GNS VPN record - */ -struct vpn_data -{ - /** - * The protocol to use - */ - uint16_t proto; - - /** - * The peer to contact - */ - struct GNUNET_HashCode peer; - - /* followed by the servicename */ -}; - -GNUNET_NETWORK_STRUCT_END - -#endif diff --git a/src/gns/gnunet-service-gns_resolver.c b/src/gns/gnunet-service-gns_resolver.c index 89aa4a06e..6a07f6d94 100644 --- a/src/gns/gnunet-service-gns_resolver.c +++ b/src/gns/gnunet-service-gns_resolver.c @@ -33,7 +33,7 @@ #include "gnunet_dns_service.h" #include "gnunet_resolver_service.h" #include "gnunet_dnsparser_lib.h" -#include "gns_records.h" +#include "gns_protocol.h" #include "gnunet_gns_service.h" #include "block_gns.h" #include "gns.h" diff --git a/src/gns/test_gns_simple_srv_lookup.c b/src/gns/test_gns_simple_srv_lookup.c index 259d32e53..c9676e874 100644 --- a/src/gns/test_gns_simple_srv_lookup.c +++ b/src/gns/test_gns_simple_srv_lookup.c @@ -30,7 +30,7 @@ #include "gnunet_namestore_service.h" #include "../namestore/namestore.h" #include "gnunet_dnsparser_lib.h" -#include "gns_records.h" +#include "gns_protocol.h" #include "gnunet_gns_service.h" /* DEFINES */ diff --git a/src/include/gns_protocol.h b/src/include/gns_protocol.h new file mode 100644 index 000000000..b5e6f33e1 --- /dev/null +++ b/src/include/gns_protocol.h @@ -0,0 +1,161 @@ +/* + This file is part of GNUnet + (C) 2012 Christian Grothoff (and other contributing authors) + + GNUnet is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published + by the Free Software Foundation; either version 2, or (at your + option) any later version. + + GNUnet is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with GNUnet; see the file COPYING. If not, write to the + Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. + */ + +/** + * @file gns/gns_records.h + * @brief Resource Record definitions + * @author Martin Schanzenbach + */ +#ifndef GNS_RECORDS_H +#define GNS_RECORDS_H + +GNUNET_NETWORK_STRUCT_BEGIN + +/** + * Payload of DNS SOA record (header). + */ +struct soa_data +{ + /** + * The version number of the original copy of the zone. (NBO) + */ + uint32_t serial GNUNET_PACKED; + + /** + * Time interval before the zone should be refreshed. (NBO) + */ + uint32_t refresh GNUNET_PACKED; + + /** + * Time interval that should elapse before a failed refresh should + * be retried. (NBO) + */ + uint32_t retry GNUNET_PACKED; + + /** + * Time value that specifies the upper limit on the time interval + * that can elapse before the zone is no longer authoritative. (NBO) + */ + uint32_t expire GNUNET_PACKED; + + /** + * The bit minimum TTL field that should be exported with any RR + * from this zone. (NBO) + */ + uint32_t minimum GNUNET_PACKED; +}; + + +/** + * Payload of DNS SRV record (header). + */ +struct srv_data +{ + + /** + * Preference for this entry (lower value is higher preference). Clients + * will contact hosts from the lowest-priority group first and fall back + * to higher priorities if the low-priority entries are unavailable. (NBO) + */ + uint16_t prio GNUNET_PACKED; + + /** + * Relative weight for records with the same priority. Clients will use + * the hosts of the same (lowest) priority with a probability proportional + * to the weight given. (NBO) + */ + uint16_t weight GNUNET_PACKED; + + /** + * TCP or UDP port of the service. (NBO) + */ + uint16_t port GNUNET_PACKED; + + /* followed by 'target' name */ +}; + + +/** + * Payload of DNSSEC TLSA record. + * http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/ + */ +struct tlsa_data +{ + + /** + * Certificate usage + * 0: CA cert + * 1: Entity cert + * 2: Trust anchor + * 3: domain-issued cert + */ + uint8_t usage; + + /** + * Selector + * What part will be matched against the cert + * presented by server + * 0: Full cert (in binary) + * 1: Full cert (in DER) + */ + uint8_t selector; + + /** + * Matching type (of selected content) + * 0: exact match + * 1: SHA-256 hash + * 2: SHA-512 hash + */ + uint8_t matching_type; + + /** + * followed by certificate association data + * The "certificate association data" to be matched. + * These bytes are either raw data (that is, the full certificate or + * its SubjectPublicKeyInfo, depending on the selector) for matching + * type 0, or the hash of the raw data for matching types 1 and 2. + * The data refers to the certificate in the association, not to the + * TLS ASN.1 Certificate object. + * + * The data is represented as a string of hex chars + */ +}; + +/** + * Payload of GNS VPN record + */ +struct vpn_data +{ + /** + * The protocol to use + */ + uint16_t proto; + + /** + * The peer to contact + */ + struct GNUNET_HashCode peer; + + /* followed by the servicename */ +}; + +GNUNET_NETWORK_STRUCT_END + +#endif diff --git a/src/include/gnunet_dnsparser_lib.h b/src/include/gnunet_dnsparser_lib.h index 4cc8fc8d2..328a2286a 100644 --- a/src/include/gnunet_dnsparser_lib.h +++ b/src/include/gnunet_dnsparser_lib.h @@ -42,6 +42,7 @@ #define GNUNET_DNSPARSER_TYPE_TXT 16 #define GNUNET_DNSPARSER_TYPE_AAAA 28 #define GNUNET_DNSPARSER_TYPE_SRV 33 +#define GNUNET_DNSPARSER_TYPE_TLSA 52 /** * A few common DNS classes (ok, only one is common, but I list a diff --git a/src/include/gnunet_gns_service.h b/src/include/gnunet_gns_service.h index 47c743ea2..fcb71fa6f 100644 --- a/src/include/gnunet_gns_service.h +++ b/src/include/gnunet_gns_service.h @@ -23,10 +23,6 @@ * @brief API to the GNS service * @author Martin Schanzenbach * - * TODO: - * - decide what goes into storage API and what into GNS-service API - * - decide where to pass/expose/check keys / signatures - * - are GNS private keys per peer or per user? */ diff --git a/src/namestore/namestore_common.c b/src/namestore/namestore_common.c index 8b095eb26..f5c039c3b 100644 --- a/src/namestore/namestore_common.c +++ b/src/namestore/namestore_common.c @@ -32,7 +32,7 @@ #include "gnunet_arm_service.h" #include "gnunet_namestore_service.h" #include "gnunet_dnsparser_lib.h" -#include "../dns/dnsparser.h" +#include "gns_protocol.h" #include "namestore.h" @@ -348,19 +348,20 @@ GNUNET_NAMESTORE_value_to_string (uint32_t type, const void *data, size_t data_size) { - char tmp[INET6_ADDRSTRLEN]; - struct GNUNET_CRYPTO_ShortHashAsciiEncoded enc; uint16_t mx_pref; - char* result; - char* soa_rname; - char* soa_mname; struct soa_data *soa; - struct vpn_data *vpn; + struct srv_data *srv; + struct tlsa_data *tlsa; + struct GNUNET_CRYPTO_ShortHashAsciiEncoded enc; + struct GNUNET_CRYPTO_HashAsciiEncoded s_peer; char* vpn_str; char* srv_str; - struct GNUNET_CRYPTO_HashAsciiEncoded s_peer; - struct srv_data *srv; + char* tlsa_str; + char* result; + char* soa_rname; + char* soa_mname; + char tmp[INET6_ADDRSTRLEN]; switch (type) { @@ -434,6 +435,16 @@ GNUNET_NAMESTORE_value_to_string (uint32_t type, (char*)&srv[1])) return NULL; return srv_str; + case GNUNET_DNSPARSER_TYPE_TLSA: + tlsa = (struct tlsa_data*)data; + + if (GNUNET_OK != GNUNET_asprintf (&tlsa_str, "%c %c %c %s", + tlsa->usage, + tlsa->selector, + tlsa->matching_type, + tlsa[1])) + return NULL; + return tlsa_str; default: GNUNET_break (0); } @@ -461,20 +472,21 @@ GNUNET_NAMESTORE_string_to_value (uint32_t type, struct in_addr value_a; struct in6_addr value_aaaa; struct GNUNET_CRYPTO_ShortHashCode pkey; - uint16_t mx_pref; - uint16_t mx_pref_n; struct soa_data *soa; + struct vpn_data *vpn; + struct tlsa_data *tlsa; char result[253]; char soa_rname[63]; char soa_mname[63]; + char s_peer[104]; + char s_serv[253]; uint32_t soa_serial; uint32_t soa_refresh; uint32_t soa_retry; uint32_t soa_expire; uint32_t soa_min; - char s_peer[104]; - char s_serv[253]; - struct vpn_data* vpn; + uint16_t mx_pref; + uint16_t mx_pref_n; uint16_t proto; int ret; @@ -581,6 +593,26 @@ GNUNET_NAMESTORE_string_to_value (uint32_t type, vpn->proto = htons (proto); strcpy ((char*)&vpn[1], s_serv); + return GNUNET_OK; + case GNUNET_DNSPARSER_TYPE_TLSA: + tlsa = (struct tlsa_data*)*data; + *data_size = sizeof (struct tlsa_data) + strlen (s) - 6; + tlsa = GNUNET_malloc (*data_size); + ret = SSCANF (s, "%c %c %c %s", + &tlsa->usage, + &tlsa->selector, + &tlsa->matching_type, + (char*)&tlsa[1]); + + if (4 != ret) + { + GNUNET_log (GNUNET_ERROR_TYPE_ERROR, + "Unable to parse TLSA record string %s\n", s); + *data_size = 0; + GNUNET_free (tlsa); + return GNUNET_SYSERR; + } + return GNUNET_OK; default: GNUNET_break (0); -- cgit v1.2.3