bns
Advanced tools
Comparing version 0.1.5 to 0.1.6
@@ -514,3 +514,3 @@ /*! | ||
DSA: 3, | ||
// _: 4, | ||
ECC: 4, | ||
RSASHA1: 5, | ||
@@ -542,8 +542,9 @@ DSANSEC3SHA1: 6, | ||
[algs.DSA]: 'DSA', | ||
[algs.ECC]: 'ECC', | ||
[algs.RSASHA1]: 'RSASHA1', | ||
[algs.DSANSEC3SHA1]: 'DSA-NSEC3-SHA1', | ||
[algs.RSASHA1NSEC3SHA1]: 'RSASHA1-NSEC3-SHA1', | ||
[algs.DSANSEC3SHA1]: 'DSANSEC3SHA1', | ||
[algs.RSASHA1NSEC3SHA1]: 'RSASHA1NSEC3SHA1', | ||
[algs.RSASHA256]: 'RSASHA256', | ||
[algs.RSASHA512]: 'RSASHA512', | ||
[algs.ECCGOST]: 'ECC-GOST', | ||
[algs.ECCGOST]: 'ECCGOST', | ||
[algs.ECDSAP256SHA256]: 'ECDSAP256SHA256', | ||
@@ -960,2 +961,20 @@ [algs.ECDSAP384SHA384]: 'ECDSAP384SHA384', | ||
/** | ||
* ICANN Root Trust Anchor (2010). | ||
* @const {String} | ||
* @see https://data.iana.org/root-anchors/root-anchors.xml | ||
*/ | ||
const KSK_2010 = '. 172800 IN DS 19036 8 2' | ||
+ ' 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5'; | ||
/** | ||
* ICANN Root Trust Anchor (2017). | ||
* @const {String} | ||
* @see https://data.iana.org/root-anchors/root-anchors.xml | ||
*/ | ||
const KSK_2017 = '. 172800 IN DS 20326 8 2' | ||
+ ' E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D'; | ||
/* | ||
@@ -1173,2 +1192,4 @@ * Helpers | ||
exports.DEFAULT_TTL = DEFAULT_TTL; | ||
exports.KSK_2010 = KSK_2010; | ||
exports.KSK_2017 = KSK_2017; | ||
@@ -1175,0 +1196,0 @@ exports.opcodeToString = opcodeToString; |
@@ -46,5 +46,16 @@ /*! | ||
// Failed parsing. | ||
if (!pub) | ||
return false; | ||
// Basic sanity checks. | ||
if (!pub.verify()) | ||
return false; | ||
// Limited to 4096: | ||
// https://tools.ietf.org/html/rfc3110#section-2 | ||
// https://www.imperialviolet.org/2012/03/17/rsados.html | ||
if (pub.bits() > 4096) | ||
return false; | ||
return rsa.verifyKey(hash, msg, sig, pub); | ||
@@ -107,40 +118,33 @@ }; | ||
function toRSAKey(buf) { | ||
assert(Buffer.isBuffer(buf)); | ||
exports.rsaBits = function rsaBits(raw) { | ||
const pub = toRSAKey(raw); | ||
if (buf.length === 0) | ||
return null; | ||
if (!pub) | ||
return 0; | ||
let explen = buf[0]; | ||
let keyoff = 1; | ||
return pub.bits(); | ||
}; | ||
if (explen === 0) { | ||
if (buf.length < 3) | ||
return null; | ||
explen = (buf[1] << 8) | buf[2]; | ||
keyoff = 3; | ||
} | ||
/* | ||
* Helpers | ||
*/ | ||
if (buf.length < keyoff + explen) | ||
function toRSAKey(raw) { | ||
assert(Buffer.isBuffer(raw)); | ||
try { | ||
return RSAPublicKey.fromDNS(raw); | ||
} catch (e) { | ||
return null; | ||
const e = buf.slice(keyoff, keyoff + explen); | ||
const n = buf.slice(keyoff + explen); | ||
const pub = new RSAPublicKey(); | ||
pub.n = n; | ||
pub.e = e; | ||
return pub; | ||
} | ||
} | ||
function toECKey(buf) { | ||
assert(Buffer.isBuffer(buf)); | ||
function toECKey(raw) { | ||
assert(Buffer.isBuffer(raw)); | ||
const key = Buffer.allocUnsafe(1 + buf.length); | ||
const key = Buffer.allocUnsafe(1 + raw.length); | ||
key[0] = 0x04; | ||
buf.copy(key, 1); | ||
raw.copy(key, 1); | ||
return key; | ||
} |
@@ -118,42 +118,2 @@ /*! | ||
dnssec.signMessage = function signMessage(msg, name, key, priv, lifespan) { | ||
assert(msg instanceof Message); | ||
for (const section of msg.sections()) { | ||
const sigs = dnssec.signSection(section, name, key, priv, lifespan); | ||
for (const sig of sigs) | ||
section.push(sig); | ||
} | ||
return msg; | ||
}; | ||
dnssec.signSection = function signSection(section, name, key, priv, lifespan) { | ||
assert(Array.isArray(section)); | ||
const set = new Set(); | ||
const sigs = []; | ||
for (const rr of section) | ||
set.add(rr.type); | ||
for (const type of set) { | ||
if (type === types.OPT | ||
|| type === types.RRSIG | ||
|| type === types.SIG) { | ||
continue; | ||
} | ||
const rrset = extractSet(section, name, type); | ||
if (rrset.length === 0) | ||
continue; | ||
const sig = dnssec.rrsign(key, priv, rrset, lifespan); | ||
sigs.push(sig); | ||
} | ||
return sigs; | ||
}; | ||
dnssec.signType = function signType(section, type, key, priv, lifespan) { | ||
@@ -296,3 +256,3 @@ assert(Array.isArray(section)); | ||
if (s.signerName.toLowerCase() !== key.name.toLowerCase()) | ||
if (!util.equal(s.signerName, key.name)) | ||
return false; // Name mismatch | ||
@@ -473,2 +433,5 @@ | ||
if (ds.data.algorithm !== rd.algorithm) | ||
return null; // Mismatching algorithm. | ||
valid.set(rd.keyTag, dnskey); | ||
@@ -604,2 +567,6 @@ | ||
const s = rr.data; | ||
if (!set.has(s.typeCovered)) | ||
continue; // Useless | ||
const dnskey = zskMap.get(s.keyTag); | ||
@@ -676,4 +643,4 @@ | ||
function compare(a, b) { | ||
const [ao] = readName(a, 0); | ||
const [bo] = readName(b, 0); | ||
const [ao] = readName(a, 0, true); | ||
const [bo] = readName(b, 0, true); | ||
const ab = a.slice(ao + 10); | ||
@@ -680,0 +647,0 @@ const bb = b.slice(bo + 10); |
@@ -207,5 +207,9 @@ /*! | ||
encoding.readName = function readName(data, off) { | ||
encoding.readName = function readName(data, off, cmp) { | ||
if (cmp == null) | ||
cmp = true; | ||
assert(Buffer.isBuffer(data)); | ||
assert((off >>> 0) === off); | ||
assert(typeof cmp === 'boolean'); | ||
@@ -251,2 +255,4 @@ let name = ''; | ||
case 0x5c /*\\*/: { | ||
if (!cmp) | ||
throw new EncodingError(off, 'Unexpected character'); | ||
name += '\\' + ASCII[b]; | ||
@@ -258,2 +264,4 @@ max += 1; | ||
if (b < 0x20 || b > 0x7e) { | ||
if (!cmp) | ||
throw new EncodingError(off, 'Unexpected character'); | ||
name += '\\' + toDDD(b); | ||
@@ -276,2 +284,5 @@ max += 3; | ||
case 0xc0: { | ||
if (!cmp) | ||
throw new EncodingError(off, 'Unexpected compression byte'); | ||
if (off >= data.length) | ||
@@ -323,6 +334,12 @@ throw new EncodingError(off, 'EOF'); | ||
encoding.readNameBR = function readNameBR(br) { | ||
encoding.readNameBR = function readNameBR(br, cmp) { | ||
if (cmp == null) | ||
cmp = true; | ||
assert(br); | ||
const [off, name] = encoding.readName(br.data, br.offset); | ||
const [off, name] = encoding.readName(br.data, br.offset, cmp); | ||
br.offset = off; | ||
return name; | ||
@@ -339,3 +356,3 @@ }; | ||
encoding.unpackName = function unpackName(data) { | ||
const [, name] = encoding.readName(data, 0); | ||
const [, name] = encoding.readName(data, 0, true); | ||
return name; | ||
@@ -468,3 +485,3 @@ }; | ||
return encoding.readName(data, 0)[1]; | ||
return encoding.readName(data, 0, true)[1]; | ||
}; | ||
@@ -471,0 +488,0 @@ |
@@ -52,2 +52,3 @@ /*! | ||
this.rd = false; | ||
this.cd = false; | ||
this.edns = false; | ||
@@ -428,2 +429,3 @@ this.ednsSize = MAX_EDNS_SIZE; | ||
req.rd = this.rd; | ||
req.cd = this.cd; | ||
req.question.push(qs); | ||
@@ -504,3 +506,3 @@ | ||
if (typeof addr === 'string') { | ||
if (typeof server === 'string') { | ||
addr = IP.fromHost(server, DNS_PORT); | ||
@@ -507,0 +509,0 @@ } else { |
@@ -37,2 +37,3 @@ /*! | ||
this.rd = true; | ||
this.cd = false; | ||
this.conf = new ResolvConf(); | ||
@@ -56,4 +57,8 @@ this.hosts = new Hosts(); | ||
if (options.hosts != null) { | ||
assert(options.hosts instanceof Hosts); | ||
this.hosts = options.hosts; | ||
if (Array.isArray(options.hosts)) { | ||
this.hosts.setHosts(options.hosts); | ||
} else { | ||
assert(options.hosts instanceof Hosts); | ||
this.hosts = options.hosts; | ||
} | ||
} | ||
@@ -66,2 +71,12 @@ | ||
if (options.cd != null) { | ||
assert(typeof options.cd === 'boolean'); | ||
this.cd = options.cd; | ||
} | ||
if (options.servers != null) { | ||
assert(Array.isArray(options.servers)); | ||
this.conf.setServers(options.servers); | ||
} | ||
return this; | ||
@@ -68,0 +83,0 @@ } |
@@ -160,3 +160,2 @@ /*! | ||
this.ub.setOption('root-hints', null); | ||
// this.ub.setOption('do-not-query-localhost', false); | ||
this.ub.setStub('.', `${ip}@${port}`, false); | ||
@@ -213,3 +212,2 @@ this.ub.addTrustAnchor(ds.toString()); | ||
this.ub.setOption('do-ip6', this.inet6); | ||
// this.ub.setOption('prefer-ip6', false); | ||
this.ub.setOption('do-udp', !this.forceTCP); | ||
@@ -251,3 +249,3 @@ this.ub.setOption('do-tcp', this.tcp); | ||
if (result.secure && !result.bogus) | ||
msg.ad = result.secure; | ||
msg.ad = true; | ||
else | ||
@@ -254,0 +252,0 @@ msg.ad = false; |
{ | ||
"name": "bns", | ||
"version": "0.1.5", | ||
"version": "0.1.6", | ||
"description": "DNS bike-shed", | ||
@@ -39,3 +39,3 @@ "keywords": [ | ||
"dependencies": { | ||
"bcrypto": "~0.3.5", | ||
"bcrypto": "~0.3.7", | ||
"bfile": "~0.1.0", | ||
@@ -50,3 +50,3 @@ "bheep": "~0.1.0", | ||
"optionalDependencies": { | ||
"unbound": "~0.0.2" | ||
"unbound": "~0.0.4" | ||
}, | ||
@@ -53,0 +53,0 @@ "devDependencies": { |
@@ -333,4 +333,4 @@ # bns | ||
- Copyright (c) 2017, Christopher Jeffrey (MIT License). | ||
- Copyright (c) 2017-2018, Christopher Jeffrey (MIT License). | ||
See LICENSE for more info. |
Sorry, the diff of this file is too big to display
622519
69
24243
Updatedbcrypto@~0.3.7