xref: /minix/external/bsd/bind/dist/doc/misc/SIT (revision 00b67f09) 
1Copyright (C) 2014  Internet Systems Consortium, Inc. ("ISC")
2See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
3
4		Source Identity Token
5
6Source Identity Token (SIT) is based in Donald Eastlake 3rd's DNS Cookies[1].
7
8The main differences are that the error code has been dropped and
9that the server cookie doesn't have a fixed length and may be
10missing.
11
12The error code has been dropped because it served no useful purpose
13for us.  If it was to be restored it should be the first element
14of the option.
15
16We extended the server cookie to transmit server time and to include
17a server generated nonce.  The purpose of these is to provide a
18short window of time (1 hour with a 5 minutes of clock skew for
19cluster time) where a previous cookie can be used for and to not
20require the server secret to be updated when it is shared by a
21cluster of servers.  In particular the time of generation needed
22to be passed between servers via the client so that old cookie can
23be rejected.
24
25The option structure is:
26
27	client cookie (64 bits)
28	server cookie (128 bits) broken up into:
29		- nonce (32 bits)
30		- time (32 bits)
31		- hash (64 bits)
32
33The initial requests just sends the client cookie.  If the response
34contains a matching client cookie the entire response is saved and
35sent on the next transaction.  A new server cookie is generated for
36every response.
37
38We are currently using EDNS Experimental code point 65001.  This is
39subject to change.
40
41We have three supported hash method.  AES, HMAC SHA 1 and HMAC SHA 256.
42A cluster of servers needs to choose one of them.
43
44AES
45	memset(input, 0, sizeof(input));
46        cp = isc_buffer_used(buf);
47        isc_buffer_putmem(buf, client->cookie, 8);
48        isc_buffer_putuint32(buf, nonce);
49        isc_buffer_putuint32(buf, when);
50        memmove(input, cp, 16);
51        isc_aes128_crypt(ns_g_server->secret, input, digest);
52        for (i = 0; i < 8; i++)
53                input[i] = digest[i] ^ digest[i + 8];
54        isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
55        switch (netaddr.family) {
56        case AF_INET:
57                memmove(input + 8, (unsigned char *)&netaddr.type.in, 4);
58                memset(input + 12, 0, 4);
59                isc_aes128_crypt(ns_g_server->secret, input, digest);
60                break;
61        case AF_INET6:
62                memmove(input + 8, (unsigned char *)&netaddr.type.in6, 16);
63                isc_aes128_crypt(ns_g_server->secret, input, digest);
64                for (i = 0; i < 8; i++)
65                        input[i + 8] = digest[i] ^ digest[i + 8];
66                isc_aes128_crypt(ns_g_server->secret, input + 8, digest);
67                break;
68        }
69        for (i = 0; i < 8; i++)
70                digest[i] ^= digest[i + 8];
71        isc_buffer_putmem(buf, digest, 8);
72
73HMAC SHA1
74
75	hash = trunc(hmacsha1(secret, client|nonce|when|address), 8);
76
77HMAC SHA256
78
79	hash = trunc(hmacsha256(secret, client|nonce|when|address), 8);
80
81[1]
82INTERNET-DRAFT                                           Donald Eastlake
83Intended Status: Proposed Standard                                Huawei
84Expires: July 21, 2014                                  January 22, 2014
85
86
87                    Domain Name System (DNS) Cookies
88                 <draft-eastlake-dnsext-cookies-04.txt>
89
90