Class Dnsruby::RR::DS
In: lib/Dnsruby/resource/DS.rb
Parent: RR
ResolvError EncodeError OtherResolvError ServFail FormErr DecodeError NXRRSet YXDomain NotImp NXDomain VerifyError NotAuth YXRRSet NotZone Refused TsigError Message Update CodeMapper Types MetaTypes QTypes Nsec3HashAlgorithms Algorithms OpCode Classes ExtendedRCode RCode Modes Comparable Name RRSet Resolver SingleResolver StandardError TimeoutError ResolvTimeout DNS Dnssec Hosts SelectThread\n[lib/Dnsruby/select_thread.rb\nlib/Dnsruby/select_thread.rb.michael.rb] Recursor IPv6 IPv4 ZoneTransfer MessageDecoder MessageEncoder Question Header TheLog RR\n[lib/Dnsruby/resource/A.rb\nlib/Dnsruby/resource/AAAA.rb\nlib/Dnsruby/resource/AFSDB.rb\nlib/Dnsruby/resource/CERT.rb\nlib/Dnsruby/resource/DLV.rb\nlib/Dnsruby/resource/DNSKEY.rb\nlib/Dnsruby/resource/DS.rb\nlib/Dnsruby/resource/HINFO.rb\nlib/Dnsruby/resource/IN.rb\nlib/Dnsruby/resource/ISDN.rb\nlib/Dnsruby/resource/LOC.rb\nlib/Dnsruby/resource/MINFO.rb\nlib/Dnsruby/resource/MX.rb\nlib/Dnsruby/resource/NAPTR.rb\nlib/Dnsruby/resource/NSAP.rb\nlib/Dnsruby/resource/NSEC.rb\nlib/Dnsruby/resource/NSEC3.rb\nlib/Dnsruby/resource/NSEC3PARAM.rb\nlib/Dnsruby/resource/OPT.rb\nlib/Dnsruby/resource/PX.rb\nlib/Dnsruby/resource/RP.rb\nlib/Dnsruby/resource/RRSIG.rb\nlib/Dnsruby/resource/RT.rb\nlib/Dnsruby/resource/SOA.rb\nlib/Dnsruby/resource/SPF.rb\nlib/Dnsruby/resource/SRV.rb\nlib/Dnsruby/resource/TKEY.rb\nlib/Dnsruby/resource/TSIG.rb\nlib/Dnsruby/resource/TXT.rb\nlib/Dnsruby/resource/X25.rb\nlib/Dnsruby/resource/domain_name.rb\nlib/Dnsruby/resource/generic.rb\nlib/Dnsruby/resource/resource.rb] ValidatorThread PacketSender ResolverRuby Config KeyCache Cache SingleVerifier Resolv Iana lib/Dnsruby/DNS.rb lib/Dnsruby/dnssec.rb lib/Dnsruby/Hosts.rb lib/Dnsruby/select_thread.rb.michael.rb lib/Dnsruby/Recursor.rb lib/Dnsruby/update.rb lib/Dnsruby/ipv6.rb lib/Dnsruby/ipv4.rb lib/Dnsruby/code_mapper.rb lib/Dnsruby/zone_transfer.rb lib/Dnsruby/message.rb lib/Dnsruby/TheLog.rb lib/Dnsruby/resource/resource.rb lib/Dnsruby/validator_thread.rb lib/Dnsruby/PacketSender.rb lib/Dnsruby/Resolver.rb lib/Dnsruby/Config.rb lib/Dnsruby/key_cache.rb lib/Dnsruby/Cache.rb lib/Dnsruby/single_verifier.rb lib/Dnsruby/SingleResolver.rb lib/Dnsruby/name.rb lib/dnsruby.rb lib/Dnsruby/resource/TKEY.rb lib/Dnsruby/iana_ports.rb Dnsruby dot/m_56_0.png

RFC4034, section 4 The DS Resource Record refers to a DNSKEY RR and is used in the DNS DNSKEY authentication process. A DS RR refers to a DNSKEY RR by storing the key tag, algorithm number, and a digest of the DNSKEY RR. Note that while the digest should be sufficient to identify the public key, storing the key tag and key algorithm helps make the identification process more efficient. By authenticating the DS record, a resolver can authenticate the DNSKEY RR to which the DS record points. The key authentication process is described in [RFC4035].

Methods

Classes and Modules

Class Dnsruby::RR::DS::DigestTypes

Constants

TypeValue = Types::DS #:nodoc: all

Attributes

algorithm  [R]  The algorithm used for this key See Dnsruby::Algorithms for permitted values
digest  [RW]  The DS record refers to a DNSKEY RR by including a digest of that DNSKEY RR.
digest_type  [R]  The DS RR refers to a DNSKEY RR by including a digest of that DNSKEY RR. The Digest Type field identifies the algorithm used to construct the digest.
digestbin  [RW] 
key_tag  [RW]  The Key Tag field lists the key tag of the DNSKEY RR referred to by the DS record, in network byte order.

Public Class methods

[Source]

     # File lib/Dnsruby/resource/DS.rb, line 149
149:       def DS.from_key(key, digest_type)
150: ## The key must not be a NULL key.

151: #    if ((key.flags & 0xc000 ) == 0xc000 )

152: #       puts "\nCreating a DS record for a NULL key is illegal"

153: #        return

154: #    end

155: #    

156: #    # Bit 0 must not be set.

157: #    if (key.flags & 0x8000)

158: #       puts "\nCreating a DS record for a key with flag bit 0 set " +

159: #           "to 0 is illegal"

160: #          return

161: #    end

162: #    

163:     # Bit 6 must be set to 0 bit 7 must be set to 1

164:     if (( key.flags & 0x300) != 0x100)
165:         puts "\nCreating a DS record for a key with flags 6 and 7 not set "+
166:             "0  and 1 respectively is illegal"
167:          return
168:     end
169: #    

170: #

171: #    if (key.protocol  != 3 )

172: #       puts "\nCreating a DS record for a non DNSSEC (protocol=3) " +

173: #           "key is illegal"

174: #          return

175: #    end

176: #    

177:         digest_type = get_digest_type(digest_type)
178:         # Create a new DS record from the specified key

179:         ds = RR.create(:name => key.name, :type => "DS", :ttl => key.ttl, 
180:                       :key_tag => key.key_tag,
181:                      :digest_type => digest_type, :algorithm => key.algorithm)
182:                    
183:         ds.digestbin = ds.digest_key(key, digest_type)
184:         ds.digest = ds.digestbin.unpack("H*")[0]
185:         return ds
186:       end

[Source]

    # File lib/Dnsruby/resource/DS.rb, line 79
79:       def DS.get_digest_type(d)
80:         if (d.instance_of?String)
81:           if (d.length == 1)
82:             d = d.to_i
83:           end
84:         end
85:         begin
86:           digest = DigestTypes.new(d)
87:           return digest
88:         rescue ArgumentError => e
89:           raise DecodeError.new(e)
90:         end        
91:       end

Public Instance methods

[Source]

     # File lib/Dnsruby/resource/DS.rb, line 93
 93:       def algorithm=(a)
 94:         if (a.instance_of?String)
 95:           if (a.length == 1)
 96:             a = a.to_i
 97:           end
 98:         end
 99:         begin
100:           alg = Algorithms.new(a)
101:           @algorithm = alg
102:         rescue ArgumentError => e
103:           raise DecodeError.new(e)
104:         end        
105:       end

Check if the key‘s digest is the same as that stored in the DS record

[Source]

     # File lib/Dnsruby/resource/DS.rb, line 133
133:       def check_key(key)
134:         if ((key.key_tag == @key_tag) && (key.algorithm == @algorithm))
135:           
136:           digestbin = digest_key(key)
137:           if (@digestbin == digestbin)
138:             if (!key.zone_key?)
139:             else
140:               return true
141:             end
142:           else
143:           end
144:         end
145:         return false
146:       end

Return the digest of the specified DNSKEY RR

[Source]

     # File lib/Dnsruby/resource/DS.rb, line 108
108:       def digest_key(*args) # key, digest_type)

109:         digest_type = @digest_type
110:         key = args[0]
111:         if (args.length == 2)
112:             digest_type = args[1]
113:         end
114:         
115:         
116:         data = MessageEncoder.new {|msg|
117:            msg.put_name(key.name, true)
118:            key.encode_rdata(msg, true)
119:         }.to_s
120: 
121:         
122:         if (digest_type.code == 1)
123:             digestbin = OpenSSL::Digest::SHA1.digest(data)
124:             return digestbin
125:         elsif (digest_type.code == 2) 
126:             digestbin = Digest::SHA256.digest(data)
127:             return digestbin
128:         end
129: 
130:       end

[Source]

    # File lib/Dnsruby/resource/DS.rb, line 74
74:       def digest_type=(d)
75:         dig = DS.get_digest_type(d)
76:         @digest_type = dig
77:       end

[Source]

     # File lib/Dnsruby/resource/DS.rb, line 197
197:       def from_string(input)
198:         if (input.length > 0)
199:           data = input.split(" ")
200:           self.key_tag=(data[0].to_i)
201:           self.algorithm=(data[1])
202:           self.digest_type=(data[2])
203: 
204:           buf = ""
205:           index = 3
206:           end_index = data.length - 1
207:           if (data[index]=="(")
208:             end_index = data.length - 2
209:             index = 4
210:           end
211:           (index..end_index).each {|i|
212:             if (comment_index = data[i].index(";"))
213:               buf += data[i].slice(0, comment_index)
214:               # @TODO@ We lose the comments here - we should really keep them for when we write back to string format?

215:               break
216:             else
217:               buf += data[i]
218:             end
219:           } 
220: #          self.digest=Base64.decode64(buf)

221:           buf.gsub!(/\n/, "")
222:           buf.gsub!(/ /, "")
223: #          self.digest=buf.unpack("m*")[0]

224:           self.digest=buf
225:           self.digestbin = [buf].pack("H*")
226:         end
227:       end

[Validate]