DNS: Support for ZONEMD RR (RFC8976)

Adding support for RFC 8976 Message Digest for DNS Zones (ZONEMD RR)
2021-02-10 22:02:42 +01:00 · 2021-02-10 22:02:42 +01:00 · 156bc6ca91
parent 2c6b9e83f1
commit 156bc6ca91
1 changed files with 62 additions and 1 deletions
--- a/epan/dissectors/packet-dns.c
+++ b/epan/dissectors/packet-dns.c
@ -246,6 +246,10 @@ static int hf_dns_csync_flags = -1;
 static int hf_dns_csync_flags_immediate = -1;
 static int hf_dns_csync_flags_soaminimum = -1;
 static int hf_dns_csync_type_bitmap = -1;
+static int hf_dns_zonemd_serial = -1;
+static int hf_dns_zonemd_scheme = -1;
+static int hf_dns_zonemd_hash_algo = -1;
+static int hf_dns_zonemd_digest = -1;
 static int hf_dns_svcb_priority = -1;
 static int hf_dns_svcb_target = -1;
 static int hf_dns_svcb_param_key = -1;
@ -624,6 +628,7 @@ typedef struct _dns_conv_info_t {
 #define T_CDNSKEY       60              /* DNSKEY(s) the Child wants reflected in DS ( [RFC7344])*/
 #define T_OPENPGPKEY    61              /* OPENPGPKEY draft-ietf-dane-openpgpkey-00 */
 #define T_CSYNC         62              /* Child To Parent Synchronization (RFC7477) */
+#define T_ZONEMD        63              /* Message Digest for DNS Zones (RFC8976) */
 #define T_SVCB          64              /* draft-ietf-dnsop-svcb-https-01 */
 #define T_HTTPS         65              /* draft-ietf-dnsop-svcb-https-01 */
 #define T_SPF           99              /* SPF RR (RFC 4408) section 3 */
@ -993,7 +998,8 @@ static const value_string dns_types_vals[] = {
  { T_CDS,        "CDS"        }, /* RFC 7344 */
  { T_CDNSKEY,    "CDNSKEY"    }, /* RFC 7344*/
  { T_OPENPGPKEY, "OPENPGPKEY" }, /* draft-ietf-dane-openpgpkey */
-  { T_CSYNC,      "CSYNC "     }, /* RFC 7477 */
+  { T_CSYNC,      "CSYNC"      }, /* RFC 7477 */
+  { T_ZONEMD,     "ZONEMD"     }, /* RFC 8976 */
  { T_SVCB,       "SVCB"       }, /* draft-ietf-dnsop-svcb-https-01 */
  { T_HTTPS,      "HTTPS"      }, /* draft-ietf-dnsop-svcb-https-01 */
  { T_SPF,        "SPF"        }, /* RFC 4408 */
@ -1090,6 +1096,7 @@ static const value_string dns_types_description_vals[] = {
  { T_CDNSKEY,    "CDNSKEY (DNSKEY(s) the Child wants reflected in DS)" }, /* RFC 7344 */
  { T_OPENPGPKEY, "OPENPGPKEY (OpenPGP Key)" }, /* draft-ietf-dane-openpgpkey */
  { T_CSYNC,      "CSYNC (Child-to-Parent Synchronization)" }, /* RFC 7477 */
+  { T_ZONEMD,     "ZONEMD" }, /* RFC 8976 */
  { T_SVCB,       "SVCB (General Purpose Service Endpoints)" }, /*  draft-ietf-dnsop-svcb-https*/
  { T_HTTPS,      "HTTPS (HTTPS Specific Service Endpoints)" }, /*  draft-ietf-dnsop-svcb-https*/
  { T_SPF,        "SPF" }, /* RFC 4408 */
@ -1267,6 +1274,28 @@ static int * const dns_csync_flags[] = {
    NULL
 };

+#define DNS_ZONEMD_SCHEME_SIMPLE  1
+
+static const range_string dns_zonemd_scheme[] = {
+  {                        0,                         0, "Reserved"     },
+  { DNS_ZONEMD_SCHEME_SIMPLE,  DNS_ZONEMD_SCHEME_SIMPLE, "SIMPLE"       },
+  {                        2,                       239, "Unassigned"   },
+  {                      240,                       254, "Private Use"  },
+  {                      255,                       255, "Reserved"     },
+  {                        0,                         0, NULL           } };
+
+#define DNS_ZONEMD_HASH_SHA384  1
+#define DNS_ZONEMD_HASH_SHA512  2
+
+static const range_string dns_zonemd_hash_algo[] = {
+  {                      0,                       0, "Reserved"     },
+  { DNS_ZONEMD_HASH_SHA384,  DNS_ZONEMD_HASH_SHA384, "SHA-384"      },
+  { DNS_ZONEMD_HASH_SHA512,  DNS_ZONEMD_HASH_SHA512, "SHA-512"      },
+  {                      3,                     239, "Unassigned"   },
+  {                    240,                     254, "Private Use"  },
+  {                    255,                     255, "Reserved"     },
+  {                      0,                       0, NULL           } };
+
 static const range_string dns_ext_err_info_code[] = {
  {     0,     0, "Other Error"        },
  {     1,     1, "Unsupported DNSKEY Algorithm" },
@ -3450,6 +3479,18 @@ dissect_dns_answer(tvbuff_t *tvb, int offsetx, int dns_data_offset,
    }
    break;

+    case T_ZONEMD: /* Message Digest for DNS Zones (63) */
+    {
+      proto_tree_add_item(rr_tree, hf_dns_zonemd_serial, tvb, cur_offset, 4, ENC_BIG_ENDIAN);
+      cur_offset += 4;
+      proto_tree_add_item(rr_tree, hf_dns_zonemd_scheme, tvb, cur_offset, 1, ENC_NA);
+      cur_offset += 1;
+      proto_tree_add_item(rr_tree, hf_dns_zonemd_hash_algo, tvb, cur_offset, 1, ENC_NA);
+      cur_offset += 1;
+      proto_tree_add_item(rr_tree, hf_dns_zonemd_digest, tvb, cur_offset, data_len - 6 , ENC_NA);
+    }
+    break;
+
    case T_SVCB: /* Service binding and parameter specification (64) */
    case T_HTTPS: /* Service binding and parameter specification (65) */
    {
@ -5138,6 +5179,26 @@ proto_register_dns(void)
        FT_BYTES, BASE_NONE, NULL, 0x0,
        NULL, HFILL }},

+    { &hf_dns_zonemd_serial,
+      { "Serial", "dns.zonemd.serial",
+        FT_UINT32, BASE_DEC, NULL, 0x0,
+        NULL, HFILL }},
+
+    { &hf_dns_zonemd_scheme,
+      { "Scheme", "dns.zonemd.scheme",
+        FT_UINT8, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_zonemd_scheme), 0x0,
+        NULL, HFILL }},
+
+    { &hf_dns_zonemd_hash_algo,
+      { "Hash Algorithm", "dns.zonemd.hash_algo",
+        FT_UINT8, BASE_DEC | BASE_RANGE_STRING, RVALS(dns_zonemd_hash_algo), 0x0,
+        NULL, HFILL }},
+
+    { &hf_dns_zonemd_digest,
+      { "Digest", "dns.zonemd.digest",
+        FT_BYTES, BASE_NONE, NULL, 0x0,
+        NULL, HFILL }},
+
    { &hf_dns_svcb_priority,
      { "SvcPriority", "dns.svcb.svcpriority",
        FT_UINT16, BASE_DEC, NULL, 0x0,