internal override DnsResourceData CreateInstance(DnsDatagram dns, int offsetInDns, int length) { if (length < ConstantPartLength) { return(null); } DnsType typeCovered = (DnsType)dns.ReadUShort(offsetInDns + Offset.TypeCovered, Endianity.Big); DnsAlgorithm algorithm = (DnsAlgorithm)dns[offsetInDns + Offset.Algorithm]; byte labels = dns[offsetInDns + Offset.Labels]; uint originalTtl = dns.ReadUInt(offsetInDns + Offset.OriginalTtl, Endianity.Big); uint signatureExpiration = dns.ReadUInt(offsetInDns + Offset.SignatureExpiration, Endianity.Big); uint signatureInception = dns.ReadUInt(offsetInDns + Offset.SignatureInception, Endianity.Big); ushort keyTag = dns.ReadUShort(offsetInDns + Offset.KeyTag, Endianity.Big); offsetInDns += ConstantPartLength; length -= ConstantPartLength; DnsDomainName signersName; int signersNameLength; if (!DnsDomainName.TryParse(dns, offsetInDns, length, out signersName, out signersNameLength)) { return(null); } offsetInDns += signersNameLength; length -= signersNameLength; DataSegment signature = dns.Subsegment(offsetInDns, length); return(new DnsResourceDataSignature(typeCovered, algorithm, labels, originalTtl, signatureExpiration, signatureInception, keyTag, signersName, signature)); }
public DnsResourceDataDelegationSigner(ushort keyTag, DnsAlgorithm algorithm, DnsDigestType digestType, DataSegment digest) { if (digest == null) { throw new ArgumentNullException("digest"); } this.KeyTag = keyTag; this.Algorithm = algorithm; this.DigestType = digestType; int val2; switch (this.DigestType) { case DnsDigestType.Sha1: val2 = 20; break; case DnsDigestType.Sha256: val2 = 32; break; default: val2 = int.MaxValue; break; } this.Digest = digest.Subsegment(0, Math.Min(digest.Length, val2)); this.ExtraDigest = digest.Subsegment(this.Digest.Length, digest.Length - this.Digest.Length); }
/// <summary> /// Constructs an instance from the certificate type, key tag, algorithm and certificate fields. /// </summary> /// <param name="certificateType">The certificate type.</param> /// <param name="keyTag"> /// Value computed for the key embedded in the certificate, using the RRSIG Key Tag algorithm. /// This field is used as an efficiency measure to pick which CERT RRs may be applicable to a particular key. /// The key tag can be calculated for the key in question, and then only CERT RRs with the same key tag need to be examined. /// Note that two different keys can have the same key tag. /// However, the key must be transformed to the format it would have as the public key portion of a DNSKEY RR before the key tag is computed. /// This is only possible if the key is applicable to an algorithm and complies to limits (such as key size) defined for DNS security. /// If it is not, the algorithm field must be zero and the tag field is meaningless and should be zero. /// </param> /// <param name="algorithm"> /// Has the same meaning as the algorithm field in DNSKEY and RRSIG RRs, /// except that a zero algorithm field indicates that the algorithm is unknown to a secure DNS, /// which may simply be the result of the algorithm not having been standardized for DNSSEC. /// </param> /// <param name="certificate">The certificate data according to the type.</param> public DnsResourceDataCertificate(DnsCertificateType certificateType, ushort keyTag, DnsAlgorithm algorithm, DataSegment certificate) { CertificateType = certificateType; KeyTag = keyTag; Algorithm = algorithm; Certificate = certificate; }
public DnsResourceDataRKey(ushort flags, byte protocol, DnsAlgorithm algorithm, DataSegment publicKey) { this.Flags = flags; this.Protocol = protocol; this.Algorithm = algorithm; this.PublicKey = publicKey; }
internal override DnsResourceData CreateInstance(DnsDatagram dns, int offsetInDns, int length) { if (length < 18) { return((DnsResourceData)null); } DnsType typeCovered = (DnsType)dns.ReadUShort(offsetInDns, Endianity.Big); DnsAlgorithm algorithm = (DnsAlgorithm)dns[offsetInDns + 2]; byte labels = dns[offsetInDns + 3]; uint originalTtl = dns.ReadUInt(offsetInDns + 4, Endianity.Big); uint num1 = dns.ReadUInt(offsetInDns + 8, Endianity.Big); uint num2 = dns.ReadUInt(offsetInDns + 12, Endianity.Big); ushort keyTag = dns.ReadUShort(offsetInDns + 16, Endianity.Big); offsetInDns += 18; length -= 18; DnsDomainName domainName; int numBytesRead; if (!DnsDomainName.TryParse(dns, offsetInDns, length, out domainName, out numBytesRead)) { return((DnsResourceData)null); } offsetInDns += numBytesRead; length -= numBytesRead; DataSegment signature = dns.Subsegment(offsetInDns, length); return((DnsResourceData) new DnsResourceDataSignature(typeCovered, algorithm, labels, originalTtl, (SerialNumber32)num1, (SerialNumber32)num2, keyTag, domainName, signature)); }
/// <summary> /// Constructs an instance out of the key tag, algorithm, digest type and digest fields. /// </summary> /// <param name="keyTag"> /// Lists the key tag of the DNSKEY RR referred to by the DS record. /// The Key Tag used by the DS RR is identical to the Key Tag used by RRSIG RRs. /// Calculated as specified in RFC 2535. /// </param> /// <param name="algorithm">Algorithm must be allowed to sign DNS data.</param> /// <param name="digestType">An identifier for the digest algorithm used.</param> /// <param name="digest"> /// Calculated over the canonical name of the delegated domain name followed by the whole RDATA of the KEY record (all four fields). /// digest = hash(canonical FQDN on KEY RR | KEY_RR_rdata) /// KEY_RR_rdata = Flags | Protocol | Algorithm | Public Key /// The size of the digest may vary depending on the digest type. /// </param> public DnsResourceDataDelegationSigner(ushort keyTag, DnsAlgorithm algorithm, DnsDigestType digestType, DataSegment digest) { if (digest == null) { throw new ArgumentNullException("digest"); } KeyTag = keyTag; Algorithm = algorithm; DigestType = digestType; int maxDigestLength; switch (DigestType) { case DnsDigestType.Sha1: maxDigestLength = 20; break; case DnsDigestType.Sha256: maxDigestLength = 32; break; default: maxDigestLength = int.MaxValue; break; } Digest = digest.Subsegment(0, Math.Min(digest.Length, maxDigestLength)); ExtraDigest = digest.Subsegment(Digest.Length, digest.Length - Digest.Length); }
internal override DnsResourceData CreateInstance(DataSegment data) { if (data.Length < ConstantPartLength) { return(null); } bool authenticationProhibited = data.ReadBool(Offset.AuthenticationProhibited, Mask.AuthenticationProhibited); bool confidentialityProhibited = data.ReadBool(Offset.ConfidentialityProhibited, Mask.ConfidentialityProhibited); bool experimental = data.ReadBool(Offset.Experimental, Mask.Experimental); bool isFlagsExtension = data.ReadBool(Offset.IsFlagsExtension, Mask.IsFlagsExtension); bool userAssociated = data.ReadBool(Offset.UserAssociated, Mask.UserAssociated); bool ipSec = data.ReadBool(Offset.IpSec, Mask.IpSec); bool email = data.ReadBool(Offset.Email, Mask.Email); DnsKeyNameType nameType = (DnsKeyNameType)(data[Offset.NameType] & Mask.NameType); DnsKeySignatoryAttributes signatory = (DnsKeySignatoryAttributes)(data[Offset.Signatory] & Mask.Signatory); DnsKeyProtocol protocol = (DnsKeyProtocol)data[Offset.Protocol]; DnsAlgorithm algorithm = (DnsAlgorithm)data[Offset.Algorithm]; ushort? flagsExtension = (isFlagsExtension ? ((ushort?)data.ReadUShort(Offset.FlagsExtension, Endianity.Big)) : null); int publicKeyOffset = Offset.FlagsExtension + (isFlagsExtension ? sizeof(ushort) : 0); DataSegment publicKey = data.Subsegment(publicKeyOffset, data.Length - publicKeyOffset); return(new DnsResourceDataKey(authenticationProhibited, confidentialityProhibited, experimental, userAssociated, ipSec, email, nameType, signatory, protocol, algorithm, flagsExtension, publicKey)); }
/// <summary> /// Constructs an instance from the zone key, revoke, secure entry point, protocol, algorithm and public key fields. /// </summary> /// <param name="zoneKey"> /// If true, the DNSKEY record holds a DNS zone key, and the DNSKEY RR's owner name must be the name of a zone. /// If false, then the DNSKEY record holds some other type of DNS public key and must not be used to verify RRSIGs that cover RRsets. /// </param> /// <param name="revoke"> /// If true, and the resolver sees an RRSIG(DNSKEY) signed by the associated key, /// then the resolver must consider this key permanently invalid for all purposes except for validating the revocation. /// </param> /// <param name="secureEntryPoint"> /// RFC 3757. /// If true, then the DNSKEY record holds a key intended for use as a secure entry point. /// This flag is only intended to be a hint to zone signing or debugging software as to the intended use of this DNSKEY record; /// validators must not alter their behavior during the signature validation process in any way based on the setting of this bit. /// This also means that a DNSKEY RR with the SEP bit set would also need the Zone Key flag set in order to be able to generate signatures legally. /// A DNSKEY RR with the SEP set and the Zone Key flag not set MUST NOT be used to verify RRSIGs that cover RRsets. /// </param> /// <param name="protocol"> /// Must have value 3, and the DNSKEY RR MUST be treated as invalid during signature verification if it is found to be some value other than 3. /// </param> /// <param name="algorithm">Identifies the public key's cryptographic algorithm and determines the format of the Public Key field.</param> /// <param name="publicKey">The public key material. The format depends on the algorithm of the key being stored.</param> public DnsResourceDataDnsKey(bool zoneKey, bool revoke, bool secureEntryPoint, byte protocol, DnsAlgorithm algorithm, DataSegment publicKey) { ZoneKey = zoneKey; Revoke = revoke; SecureEntryPoint = secureEntryPoint; Protocol = protocol; Algorithm = algorithm; PublicKey = publicKey; }
internal override DnsResourceData CreateInstance(DataSegment data) { ushort keyTag = data.ReadUShort(Offset.KeyTag, Endianity.Big); DnsAlgorithm algorithm = (DnsAlgorithm)data[Offset.Algorithm]; DnsDigestType digestType = (DnsDigestType)data[Offset.DigestType]; DataSegment digest = data.Subsegment(Offset.Digest, data.Length - ConstPartLength); return(new DnsResourceDataDelegationSigner(keyTag, algorithm, digestType, digest)); }
public DnsResourceDataSignature(DnsType typeCovered, DnsAlgorithm algorithm, byte labels, uint originalTtl, SerialNumber32 signatureExpiration, SerialNumber32 signatureInception, ushort keyTag, DnsDomainName signersName, DataSegment signature) { this.TypeCovered = typeCovered; this.Algorithm = algorithm; this.Labels = labels; this.OriginalTtl = originalTtl; this.SignatureExpiration = signatureExpiration; this.SignatureInception = signatureInception; this.KeyTag = keyTag; this.SignersName = signersName; this.Signature = signature; }
internal override DnsResourceData CreateInstance(DataSegment data) { if (data.Length < ConstantPartLength) { return(null); } DnsCertificateType type = (DnsCertificateType)data.ReadUShort(Offset.Type, Endianity.Big); ushort keyTag = data.ReadUShort(Offset.KeyTag, Endianity.Big); DnsAlgorithm algorithm = (DnsAlgorithm)data[Offset.Algorithm]; DataSegment certificate = data.Subsegment(Offset.Certificate, data.Length - ConstantPartLength); return(new DnsResourceDataCertificate(type, keyTag, algorithm, certificate)); }
internal override DnsResourceData CreateInstance(DataSegment data) { if (data.Length < ConstantPartLength) { return(null); } ushort flags = data.ReadUShort(Offset.Flags, Endianity.Big); byte protocol = data[Offset.Protocol]; DnsAlgorithm algorithm = (DnsAlgorithm)data[Offset.Algorithm]; DataSegment publicKey = data.Subsegment(Offset.PublicKey, data.Length - ConstantPartLength); return(new DnsResourceDataRKey(flags, protocol, algorithm, publicKey)); }
internal override DnsResourceData CreateInstance(DataSegment data) { if (data.Length < ConstantPartLength) { return(null); } bool zoneKey = data.ReadBool(Offset.ZoneKey, Mask.ZoneKey); bool revoke = data.ReadBool(Offset.Revoke, Mask.Revoke); bool secureEntryPoint = data.ReadBool(Offset.SecureEntryPoint, Mask.SecureEntryPoint); byte protocol = data[Offset.Protocol]; DnsAlgorithm algorithm = (DnsAlgorithm)data[Offset.Algorithm]; DataSegment publicKey = data.Subsegment(Offset.PublicKey, data.Length - ConstantPartLength); return(new DnsResourceDataDnsKey(zoneKey, revoke, secureEntryPoint, protocol, algorithm, publicKey)); }
public DnsResourceDataKey(bool authenticationProhibited, bool confidentialityProhibited, bool experimental, bool userAssociated, bool ipSec, bool email, DnsKeyNameType nameType, DnsKeySignatoryAttributes signatory, DnsKeyProtocol protocol, DnsAlgorithm algorithm, ushort?flagsExtension, DataSegment publicKey) { AuthenticationProhibited = authenticationProhibited; ConfidentialityProhibited = confidentialityProhibited; Experimental = experimental; UserAssociated = userAssociated; IpSec = ipSec; Email = email; FlagsExtension = flagsExtension; NameType = nameType; Signatory = signatory; Protocol = protocol; Algorithm = algorithm; PublicKey = publicKey; }
internal override DnsResourceData CreateInstance(DataSegment data) { if (data.Length < 4) { return((DnsResourceData)null); } bool authenticationProhibited = data.ReadBool(0, (byte)sbyte.MinValue); bool confidentialityProhibited = data.ReadBool(0, (byte)64); bool experimental = data.ReadBool(0, (byte)32); bool flag = data.ReadBool(0, (byte)16); bool userAssociated = data.ReadBool(0, (byte)4); bool ipSec = data.ReadBool(1, (byte)sbyte.MinValue); bool email = data.ReadBool(1, (byte)64); DnsKeyNameType nameType = (DnsKeyNameType)((uint)data[0] & 3U); DnsKeySignatoryAttributes signatory = (DnsKeySignatoryAttributes)((uint)data[1] & 15U); DnsKeyProtocol protocol = (DnsKeyProtocol)data[2]; DnsAlgorithm algorithm = (DnsAlgorithm)data[3]; ushort? flagsExtension = flag ? new ushort?(data.ReadUShort(4, Endianity.Big)) : new ushort?(); int offset = 4 + (flag ? 2 : 0); DataSegment publicKey = data.Subsegment(offset, data.Length - offset); return((DnsResourceData) new DnsResourceDataKey(authenticationProhibited, confidentialityProhibited, experimental, userAssociated, ipSec, email, nameType, signatory, protocol, algorithm, flagsExtension, publicKey)); }
public DnsResourceDataDnsKey(bool zoneKey, bool revoke, bool secureEntryPoint, byte protocol, DnsAlgorithm algorithm, DataSegment publicKey) { this.ZoneKey = zoneKey; this.Revoke = revoke; this.SecureEntryPoint = secureEntryPoint; this.Protocol = protocol; this.Algorithm = algorithm; this.PublicKey = publicKey; }