Merge remote-tracking branch 'origin/topic/awelzel/3453-dnssec-ed448-ed25519'

* origin/topic/awelzel/3453-dnssec-ed448-ed25519: DNS: Add Ed25519 and Ed448 enum values to parser (cherry picked from commit a5a79d3f3a)
2025-10-13 20:18:20 +00:00 · 2023-11-21 10:07:51 +01:00 · 2023-11-21 10:07:51 +01:00 · a2af53cbf9
commit a2af53cbf9
parent 2b5ac7ce19
7 changed files with 52 additions and 4 deletions
--- a/src/analyzer/protocol/dns/DNS.cc
+++ b/src/analyzer/protocol/dns/DNS.cc
@ -1031,6 +1031,10 @@ bool DNS_Interpreter::ParseRR_RRSIG(detail::DNS_MsgInfo* msg, const u_char*& dat
 			break;
 		case detail::ECDSA_curveP384withSHA384:
 			break;
+		case detail::Ed25519:
+			break;
+		case detail::Ed448:
+			break;
 		case detail::Indirect:
 			analyzer->Weird("DNSSEC_RRSIG_Indirect_ZoneSignAlgo", util::fmt("%d", algo));
 			break;
@ -1128,6 +1132,10 @@ bool DNS_Interpreter::ParseRR_DNSKEY(detail::DNS_MsgInfo* msg, const u_char*& da
 			break;
 		case detail::ECDSA_curveP384withSHA384:
 			break;
+		case detail::Ed25519:
+			break;
+		case detail::Ed448:
+			break;
 		case detail::Indirect:
 			analyzer->Weird("DNSSEC_DNSKEY_Indirect_ZoneSignAlgo", util::fmt("%d", dalgorithm));
 			break;
@ -1780,8 +1788,8 @@ void DNS_Interpreter::SendReplyOrRejectEvent(detail::DNS_MsgInfo* msg, EventHand

 DNS_MsgInfo::DNS_MsgInfo(DNS_RawMsgHdr* hdr, int arg_is_query)
 	{
-	//### Need to fix alignment if hdr is misaligned (not on a short
-	// boundary).
+	// ### Need to fix alignment if hdr is misaligned (not on a short
+	//  boundary).
 	unsigned short flags = ntohs(hdr->flags);

 	QR = (flags & 0x8000) != 0;
--- a/src/analyzer/protocol/dns/DNS.h
+++ b/src/analyzer/protocol/dns/DNS.h
@ -137,6 +137,8 @@ enum DNSSEC_Algo
 	GOST_R_34_10_2001 = 12,
 	ECDSA_curveP256withSHA256 = 13,
 	ECDSA_curveP384withSHA384 = 14,
+	Ed25519 = 15,
+	Ed448 = 16,
 	Indirect = 252, ///<
 	PrivateDNS = 253, ///<  OPTIONAL
 	PrivateOID = 254, ///<  OPTIONAL
@ -448,7 +450,10 @@ public:

 	void Flush(); ///< process any partially-received data

-	detail::TCP_DNS_state State() const { return state; }
+	detail::TCP_DNS_state State() const
+		{
+		return state;
+		}

 protected:
 	void DeliverStream(int len, const u_char* data, bool orig) override;
@ -479,7 +484,10 @@ public:
 	                      bool gen_event) override;
 	void ExpireTimer(double t);

-	static analyzer::Analyzer* Instantiate(Connection* conn) { return new DNS_Analyzer(conn); }
+	static analyzer::Analyzer* Instantiate(Connection* conn)
+		{
+		return new DNS_Analyzer(conn);
+		}

 protected:
 	detail::DNS_Interpreter* interp;
--- a/testing/btest/Baseline/scripts.base.protocols.dns.dnssec/dns.ed25519.log
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.dnssec/dns.ed25519.log
@ -0,0 +1,4 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+id.orig_h	id.resp_h	qtype_name	query	answers
+192.168.0.107	8.8.8.8	DNSKEY	ed25519.no	DNSKEY 15,Ed25519,DNSKEY 15,Ed25519
+192.168.0.107	8.8.8.8	A	ed25519.no	194.63.248.47,RRSIG 1 ed25519.no,Ed25519
--- a/testing/btest/Baseline/scripts.base.protocols.dns.dnssec/dns.ed448.log
+++ b/testing/btest/Baseline/scripts.base.protocols.dns.dnssec/dns.ed448.log
@ -0,0 +1,4 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+id.orig_h	id.resp_h		answers
+192.168.0.107	8.8.8.8		DNSKEY 16,Ed448,DNSKEY 16,Ed448
+192.168.0.107	8.8.8.8		194.63.248.47,RRSIG 1 ed448.no,Ed448
--- a/testing/btest/Traces/dnssec/ed25519.no.pcap
+++ b/testing/btest/Traces/dnssec/ed25519.no.pcap
--- a/testing/btest/Traces/dnssec/ed448.no.pcap
+++ b/testing/btest/Traces/dnssec/ed448.no.pcap
--- a/testing/btest/scripts/base/protocols/dns/dnssec.zeek
+++ b/testing/btest/scripts/base/protocols/dns/dnssec.zeek
@ -0,0 +1,24 @@
+# @TEST-DOC: Add the textual representation of the DNSSEC algorithm into answers and verify there's no weirds for the ed25519 and ed448 curves.
+#
+# @TEST-EXEC: zeek -b -r $TRACES/dnssec/ed25519.no.pcap %INPUT
+# @TEST-EXEC: test ! -f weird.log
+# @TEST-EXEC: zeek-cut -m id.orig_h id.resp_h qtype_name query answers < dns.log > dns.ed25519.log
+#
+# @TEST-EXEC: zeek -b -C -r $TRACES/dnssec/ed448.no.pcap %INPUT
+# @TEST-EXEC: test ! -f weird.log
+# @TEST-EXEC: zeek-cut -m id.orig_h id.resp_h questions answers < dns.log > dns.ed448.log
+#
+# @TEST-EXEC: btest-diff dns.ed25519.log
+# @TEST-EXEC: btest-diff dns.ed448.log
+
+@load base/protocols/dns
+
+event dns_RRSIG(c: connection, msg: dns_msg, ans: dns_answer, rrsig: dns_rrsig_rr) &priority=4
+	{
+	c$dns$answers += DNS::algorithms[rrsig$algorithm];
+	}
+
+event dns_DNSKEY(c: connection, msg: dns_msg, ans: dns_answer, dnskey: dns_dnskey_rr) &priority=4
+	{
+	c$dns$answers += DNS::algorithms[dnskey$algorithm];
+	}