Wireshark-bugs: [Wireshark-bugs] [Bug 3783] New: Support for DLV RR (RFC 4431) and SHA-256 Diges
Date: Tue, 28 Jul 2009 18:40:31 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3783

           Summary: Support for DLV RR (RFC 4431) and SHA-256 Digest for DS
                    RR (RFC 4509)
           Product: Wireshark
           Version: 1.2.1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: ivan_jr@xxxxxxxxx



Ivan Sy <ivan_jr@xxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #3423|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=3423)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3423)
Support for DLV RR (RFC 4431) and SHA-256 Digest for DS RR (RFC 4509)

Build Information:
wireshark 1.2.1

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.1, with GLib 2.20.1, with libpcap 1.0.0, with libz
1.2.3, without POSIX capabilities, with libpcre 7.8, with SMI 0.4.7, without
c-ares, with ADNS, without Lua, with GnuTLS 2.6.4, with Gcrypt 1.4.4, without
Kerberos, with GeoIP, with PortAudio <= V18, without AirPcap.

Running on FreeBSD 7.2-RELEASE-p1, with libpcap version 1.0.0, GnuTLS 2.6.4,
Gcrypt 1.4.4.

Built using gcc 4.2.1 20070719  [FreeBSD].
--
Support for DLV RR (RFC 4431) and SHA-256 Digest for DS RR (RFC 4509)
===========
Support for DLV RR will exactly be the same with DS RR, from RFC 4431 section 2

   The DLV resource record has exactly the same wire and presentation
   formats as the DS resource record, defined in RFC 4034, Section 5.
   It uses the same IANA-assigned values in the algorithm and digest
   type fields as the DS record.  (Those IANA registries are known as
   the "DNS Security Algorithm Numbers" and "DS RR Type Algorithm
   Numbers" registries.)

   The DLV record is a normal DNS record type without any special
   processing requirements.  In particular, the DLV record does not
   inherit any of the special processing or handling requirements of the
   DS record type (described in Section 3.1.4.1 of RFC 4035).  Unlike
   the DS record, the DLV record may not appear on the parent's side of
   a zone cut.  A DLV record may, however, appear at the apex of a zone.


Support for "Use of SHA-256 in DNSSEC Delegation Signer (DS) Resource Records
(RRs)", RFC 4509

2.2. DS Record with SHA-256 Wire Format


   The resulting on-the-wire format for the resulting DS record will be
   as follows:

                          1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
      0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     |           Key Tag             |  Algorithm    | DigestType=2  |
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     /                                                               /
     /            Digest  (length for SHA-256 is 32 bytes)           /
     /                                                               /
     +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-|


Please see attached packet capture of a DNS query for a DLV and DNS response of
a DLV with SHA-256 digest. This also applies for DS RR.

Please see attached patch
done with fuzz.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.