]> git.bitcoin.ninja Git - dnssec-prover/log
dnssec-prover
6 days agoFix issues verifying proofs built from 9.9.9.9
Matt Corallo [Mon, 18 Nov 2024 14:49:36 +0000 (14:49 +0000)]
Fix issues verifying proofs built from 9.9.9.9

Sometimes proofs built from 9.9.9.9 include duplicate NSEC3
records, which we have to filter out before signature verification
or we'll get spurious signature verification errors.

6 days agoManually implement Debug for `NSecTypeMask` so its readable
Matt Corallo [Mon, 18 Nov 2024 14:23:21 +0000 (14:23 +0000)]
Manually implement Debug for `NSecTypeMask` so its readable

6 days agoUpdate trust anchors to add the new 2024 key
Matt Corallo [Mon, 18 Nov 2024 13:40:52 +0000 (13:40 +0000)]
Update trust anchors to add the new 2024 key

3 months agoBump version to 0.6.5 for new less-code-size feature v0.6.5
Matt Corallo [Thu, 1 Aug 2024 22:36:41 +0000 (22:36 +0000)]
Bump version to 0.6.5 for new less-code-size feature

3 months agoUse Karatsuba mul less when built with `slower_smaller_binary` smaller-bin
Matt Corallo [Thu, 1 Aug 2024 21:36:35 +0000 (21:36 +0000)]
Use Karatsuba mul less when built with `slower_smaller_binary`

This is a less than 5% reduction in performance and reduces code
size for the crypto module from 26.7KiB to 26.5KiB.

3 months agoDrop 384-bit multiplication impl with `slower_smaller_binary`
Matt Corallo [Thu, 1 Aug 2024 21:35:03 +0000 (21:35 +0000)]
Drop 384-bit multiplication impl with `slower_smaller_binary`

...instead using the 512-bit multiplication impl and dropping the
resulting high bytes. This is much slower, but very few zones
actually use secp384r1 so in practice this shouldn't really matter.

This is a less than 5% reduction in performance and reduces code
size for the crypto module from 27.4KiB to 26.7KiB.

3 months agoSkip squaring implementations when `slower_smaller_binary` is set
Matt Corallo [Thu, 1 Aug 2024 21:33:37 +0000 (21:33 +0000)]
Skip squaring implementations when `slower_smaller_binary` is set

...instead just using the normal multiplication code.

This is less than a 5% reduction in performance and reduces code
size for the crypto module from 30.8KiB to 27.4KiB.

3 months agoAdd a feature to slow things down for a smaller binary
Matt Corallo [Thu, 1 Aug 2024 21:32:47 +0000 (21:32 +0000)]
Add a feature to slow things down for a smaller binary

3 months agoVery marginally reduce branching in Karatsuba multiplication
Matt Corallo [Thu, 1 Aug 2024 21:36:16 +0000 (21:36 +0000)]
Very marginally reduce branching in Karatsuba multiplication

3 months agoBump version to 0.6.4 for fixed MSRV, errors, and perf improvements v0.6.4
Matt Corallo [Thu, 1 Aug 2024 03:15:05 +0000 (03:15 +0000)]
Bump version to 0.6.4 for fixed MSRV, errors, and perf improvements

Technically this violates SemVer, but the only SemVer-breaking
change was changing some return types from `Result<T, ()>` to
`Result<T, ErrEnum>`. While someone could have been unwrap'ing the
error and storing the `()`, its sufficiently unlikely that it seems
fine to just bump the patch version to ship all the improvements
without a minor version bump.

3 months agoOptimize U256/384 `times_three` methods substantially
Matt Corallo [Wed, 31 Jul 2024 21:29:10 +0000 (21:29 +0000)]
Optimize U256/384 `times_three` methods substantially

...for a total ~7% performance gain in EC verification

3 months agoUse gradeschool multiplication for `mul_3/4` rather than Karatsuba
Matt Corallo [Wed, 31 Jul 2024 19:47:44 +0000 (19:47 +0000)]
Use gradeschool multiplication for `mul_3/4` rather than Karatsuba

This is about a 15% performance improvement for all signature
verification, plus about 500B less total code

3 months agoUse a single const-generic `sub` method rather than macro-izing
Matt Corallo [Tue, 30 Jul 2024 13:55:14 +0000 (13:55 +0000)]
Use a single const-generic `sub` method rather than macro-izing

3 months agoUse a single const generic `add` method rather than macro-izing
Matt Corallo [Mon, 29 Jul 2024 21:36:28 +0000 (21:36 +0000)]
Use a single const generic `add` method rather than macro-izing

3 months agoMake multiplication take array references rather than slices
Matt Corallo [Mon, 29 Jul 2024 20:24:20 +0000 (20:24 +0000)]
Make multiplication take array references rather than slices

This seems to reduce binary size marginally by avoiding slice
bounds checking.

3 months agoMake subtraction take array references rather than slices
Matt Corallo [Mon, 29 Jul 2024 20:14:46 +0000 (20:14 +0000)]
Make subtraction take array references rather than slices

This seems to reduce binary size marginally by avoiding slice
bounds checking.

3 months agoMake addition take array references rather than slices
Matt Corallo [Mon, 29 Jul 2024 20:01:15 +0000 (20:01 +0000)]
Make addition take array references rather than slices

This seems to reduce binary size marginally by avoiding slice
bounds checking.

3 months agoMove mont reduction impls out of generic'd struct impl
Matt Corallo [Mon, 29 Jul 2024 19:44:36 +0000 (19:44 +0000)]
Move mont reduction impls out of generic'd struct impl

This reduces binary size by ~600B due to the monomorphizer failing.

3 months agoAdd a dummy binary to test code size with `cargo bloat`
Matt Corallo [Mon, 29 Jul 2024 20:47:17 +0000 (20:47 +0000)]
Add a dummy binary to test code size with `cargo bloat`

3 months agoPrint info about which test failed when a test panics
Matt Corallo [Fri, 26 Jul 2024 14:52:13 +0000 (14:52 +0000)]
Print info about which test failed when a test panics

4 months agoMerge remote-tracking branch 'github/pull/2'
Matt Corallo [Mon, 22 Jul 2024 14:51:36 +0000 (14:51 +0000)]
Merge remote-tracking branch 'github/pull/2'

4 months agoCorrect the MSRV tag as we use several 1.61-stable const features
Matt Corallo [Mon, 22 Jul 2024 14:45:56 +0000 (14:45 +0000)]
Correct the MSRV tag as we use several 1.61-stable const features

4 months agoAdd a `RUST_VERSION` env argument to `test.sh` to enable MSRV tests
Matt Corallo [Mon, 22 Jul 2024 14:41:00 +0000 (14:41 +0000)]
Add a `RUST_VERSION` env argument to `test.sh` to enable MSRV tests

4 months agoFix outdated docs
Elias Rohrer [Mon, 22 Jul 2024 14:16:41 +0000 (16:16 +0200)]
Fix outdated docs

4 months agoProvide readable errors when we fail to build proofs
Matt Corallo [Fri, 12 Jul 2024 02:57:44 +0000 (02:57 +0000)]
Provide readable errors when we fail to build proofs

This should make proof building much easier to deal with for
humans.

4 months agoAdd a simple README
Matt Corallo [Thu, 11 Jul 2024 19:34:53 +0000 (19:34 +0000)]
Add a simple README

4 months agoBump patch version for new `Hash` impls v0.6.3
Matt Corallo [Wed, 10 Jul 2024 15:07:10 +0000 (15:07 +0000)]
Bump patch version for new `Hash` impls

4 months agoImplement `Hash` for all Resource Records and `Name`
Matt Corallo [Wed, 10 Jul 2024 15:06:48 +0000 (15:06 +0000)]
Implement `Hash` for all Resource Records and `Name`

4 months agoBump patch version for new MSRV v0.6.2
Matt Corallo [Wed, 10 Jul 2024 14:12:34 +0000 (14:12 +0000)]
Bump patch version for new MSRV

4 months agoDrop MSRV to 1.63 w/o `RUSTC_BOOTSTRAP` hacks with a bad assumption
Matt Corallo [Wed, 10 Jul 2024 14:09:47 +0000 (14:09 +0000)]
Drop MSRV to 1.63 w/o `RUSTC_BOOTSTRAP` hacks with a bad assumption

While the Rust language reference says "you should not rely on
this", in practice slices are laid out in memory as a two-tuple of
`(pointer, length)`. Here we rely on that assumption to replace
`alloc::slice::from_raw_parts` with a `core::mem::transmute`.

4 months agoBump patch version for `TxtBytes` iteration behavior v0.6.1
Matt Corallo [Tue, 9 Jul 2024 21:30:12 +0000 (21:30 +0000)]
Bump patch version for `TxtBytes` iteration behavior

4 months agoCorrect `TxtBytes` iteration behavior, fixing `Txt::json()`
Matt Corallo [Tue, 9 Jul 2024 21:28:25 +0000 (21:28 +0000)]
Correct `TxtBytes` iteration behavior, fixing `Txt::json()`

4 months agoBump minor version for corrected strange `Txt` signature validation v0.6.0
Matt Corallo [Tue, 9 Jul 2024 21:12:23 +0000 (21:12 +0000)]
Bump minor version for corrected strange `Txt` signature validation

4 months agoAdd a new query test hosted on an OVH DNS server
Matt Corallo [Tue, 9 Jul 2024 20:55:56 +0000 (20:55 +0000)]
Add a new query test hosted on an OVH DNS server

4 months agoKeep encoding information in `Txt` `RR`s
Matt Corallo [Tue, 9 Jul 2024 20:54:26 +0000 (20:54 +0000)]
Keep encoding information in `Txt` `RR`s

Sadly `TXT` records can be encoded in many ways (as they're
chunked, and chunks can be any size), and are signed in the way in
which we receive them on the wire. Thus, we must keep the encoding
information we receive on the wire around in `Txt`s to ensure we
can validate their signatures.

Here we do so, creating a pile of new machinery to store `Txt` data
as a series of up-to-255-byte chunks.

4 months agoBump patch version for length check and extra `RRSig` ignoring v0.5.5
Matt Corallo [Tue, 9 Jul 2024 21:11:37 +0000 (21:11 +0000)]
Bump patch version for length check and extra `RRSig` ignoring

4 months agoCorrect length check in `read_nsec_typtes_bitmap`
Matt Corallo [Tue, 9 Jul 2024 21:10:22 +0000 (21:10 +0000)]
Correct length check in `read_nsec_typtes_bitmap`

This fixes a reachable panic when deserializing certain `RR`s,
found by the fuzzer.

4 months agoRm debug assertions that `read_wire_packet_name` empties its buffer
Matt Corallo [Tue, 9 Jul 2024 21:08:19 +0000 (21:08 +0000)]
Rm debug assertions that `read_wire_packet_name` empties its buffer

These assertions are spurious and reachable when fuzzing, and thus
are simply removed.

4 months agoFix fuzz test build
Matt Corallo [Tue, 9 Jul 2024 21:01:36 +0000 (21:01 +0000)]
Fix fuzz test build

4 months agoCall `RR.json()` when deserializing RRs in fuzzing
Matt Corallo [Tue, 9 Jul 2024 20:32:39 +0000 (20:32 +0000)]
Call `RR.json()` when deserializing RRs in fuzzing

To improve coverage

4 months agoIgnore spurious `RRSig`s which sign `DNSKEY`s with a ZSK
Matt Corallo [Tue, 9 Jul 2024 20:33:37 +0000 (20:33 +0000)]
Ignore spurious `RRSig`s which sign `DNSKEY`s with a ZSK

There's no reason to include an `RRSig` signing `DNSKEY`s with a
ZSK - validators only care about the KSK signing `DNSKEY`s, hence
*Key*-Signing Key. However, OVH appears to include such signatures
anyway, which we must ignore.

Here we do so by pre-filtering the `RRSig`s we try to validate by
key tag before calling `verify_rrsig`. This causes us to calculate
the key tag a few extra times, but that's not a huge deal.

6 months agoAvoid overriding $RUSTFLAGS when needed for rustc 1.63
Matt Corallo [Tue, 21 May 2024 16:33:49 +0000 (16:33 +0000)]
Avoid overriding $RUSTFLAGS when needed for rustc 1.63

6 months agoBump minor version for crypto speedup and validation step limit v0.5.4
Matt Corallo [Tue, 21 May 2024 16:28:10 +0000 (16:28 +0000)]
Bump minor version for crypto speedup and validation step limit

6 months agoLimit the number of validation steps we'll take
Matt Corallo [Tue, 21 May 2024 16:17:37 +0000 (16:17 +0000)]
Limit the number of validation steps we'll take

While proofs should be rather computation-time-limited through
limits on their size, its still nice to limit proof validation time
more directly through the same constant we already do to limit
proof construction complexity.

6 months agoProvide sources for the EC math and use a faster double algorithm
Matt Corallo [Tue, 7 May 2024 21:05:36 +0000 (21:05 +0000)]
Provide sources for the EC math and use a faster double algorithm

6 months agoAdd some comments about mont reduction to make it a bit clearer
Matt Corallo [Tue, 7 May 2024 20:26:31 +0000 (20:26 +0000)]
Add some comments about mont reduction to make it a bit clearer

6 months agoCheck the assumption that P-N is tiny
Matt Corallo [Tue, 7 May 2024 20:14:29 +0000 (20:14 +0000)]
Check the assumption that P-N is tiny

6 months agoWrite out "Point at Infinity"
Matt Corallo [Tue, 7 May 2024 19:38:38 +0000 (19:38 +0000)]
Write out "Point at Infinity"

6 months agoRename `IntModP`/`IntModN` to `CurveField`/`ScalarField`
Matt Corallo [Tue, 7 May 2024 19:38:17 +0000 (19:38 +0000)]
Rename `IntModP`/`IntModN` to `CurveField`/`ScalarField`

which improves readability greatly

6 months agoAdd a dummy `http.rs` main to make default rust builds work
Matt Corallo [Tue, 7 May 2024 17:29:55 +0000 (17:29 +0000)]
Add a dummy `http.rs` main to make default rust builds work

6 months agoAddress further clippy lints
Matt Corallo [Tue, 7 May 2024 17:28:16 +0000 (17:28 +0000)]
Address further clippy lints

6 months agoMake crypto/ clippy-clean, mostly by telling clippy to shut up
Matt Corallo [Tue, 7 May 2024 17:10:45 +0000 (17:10 +0000)]
Make crypto/ clippy-clean, mostly by telling clippy to shut up

6 months agoBetter support rustc 1.64+ by not requiring `RUSTC_BOOTSTRAP`
Matt Corallo [Tue, 7 May 2024 17:04:40 +0000 (17:04 +0000)]
Better support rustc 1.64+ by not requiring `RUSTC_BOOTSTRAP`

6 months agoAddress new rustc warnings around unused variables
Matt Corallo [Tue, 7 May 2024 17:00:47 +0000 (17:00 +0000)]
Address new rustc warnings around unused variables

6 months agoFix const build error in the previous commits
Matt Corallo [Tue, 7 May 2024 17:00:38 +0000 (17:00 +0000)]
Fix const build error in the previous commits

6 months agoClean up and better comment math somewhat further
Matt Corallo [Fri, 3 May 2024 18:41:46 +0000 (18:41 +0000)]
Clean up and better comment math somewhat further

6 months agoClean up carry/debug assertions in multiplies/squaring
Matt Corallo [Fri, 3 May 2024 16:41:54 +0000 (16:41 +0000)]
Clean up carry/debug assertions in multiplies/squaring

6 months agoClean up + test add/sub/negate, fixing a debug assert in negate
Matt Corallo [Fri, 3 May 2024 16:30:28 +0000 (16:30 +0000)]
Clean up + test add/sub/negate, fixing a debug assert in negate

6 months agoSwap `add_one!(_)` for `add_u64!(_, 1)`
Matt Corallo [Fri, 3 May 2024 16:24:18 +0000 (16:24 +0000)]
Swap `add_one!(_)` for `add_u64!(_, 1)`

7 months agoSet default-features = false on uniffi, not that it does much
Matt Corallo [Sun, 14 Apr 2024 17:46:36 +0000 (17:46 +0000)]
Set default-features = false on uniffi, not that it does much

7 months agoAdd the standard uniffi-bindgen bin target
Matt Corallo [Sun, 14 Apr 2024 17:41:26 +0000 (17:41 +0000)]
Add the standard uniffi-bindgen bin target

7 months agoExpose uniffi bindings for building and verifying proofs
Matt Corallo [Sun, 14 Apr 2024 17:21:52 +0000 (17:21 +0000)]
Expose uniffi bindings for building and verifying proofs

7 months agoBump crate version for new `Clone` impl
Matt Corallo [Sun, 14 Apr 2024 17:17:25 +0000 (17:17 +0000)]
Bump crate version for new `Clone` impl

7 months agoDerive `Clone` for `ProofBuilder`
Matt Corallo [Sun, 14 Apr 2024 17:17:04 +0000 (17:17 +0000)]
Derive `Clone` for `ProofBuilder`

7 months agoFilter using `VerifiedRRStream::resolve_name` in wasm
Matt Corallo [Sun, 14 Apr 2024 16:41:54 +0000 (16:41 +0000)]
Filter using `VerifiedRRStream::resolve_name` in wasm

When resolving a name in WASM we should let `resolve_name` handle
C/DNAMEs, which we do here.

7 months agoBump version to 0.5.2 for dropping ring dep
Matt Corallo [Wed, 3 Apr 2024 09:29:17 +0000 (09:29 +0000)]
Bump version to 0.5.2 for dropping ring dep

7 months agoIteratively hash rather than building a vec then hashing
Matt Corallo [Wed, 21 Feb 2024 07:08:20 +0000 (07:08 +0000)]
Iteratively hash rather than building a vec then hashing

... in signature checking.

Now that we control the signature checking API, we don't have to
pass a full buffer and can build our own hashes, avoiding the
allocation.

7 months agoMake `write_u16_len_prefixed_data` generic over the type of output
Matt Corallo [Wed, 21 Feb 2024 07:14:20 +0000 (07:14 +0000)]
Make `write_u16_len_prefixed_data` generic over the type of output

In the next commit this will be used to write RRs directly into
hashers when validating signatures, rather than serializing them
into `Vec`s then hashing.

7 months agoAdd the wycheproof test cases for our crypto implementation
Matt Corallo [Mon, 4 Mar 2024 18:38:39 +0000 (18:38 +0000)]
Add the wycheproof test cases for our crypto implementation

7 months agoSwap `ring` for our own in-crate ECDSA validator
Matt Corallo [Mon, 4 Mar 2024 03:22:08 +0000 (03:22 +0000)]
Swap `ring` for our own in-crate ECDSA validator

While `ring` is great, it struggles with platform support and has a
fairly involved dependency tree due to its reliance on C backends.

Further, while the `RustCrypto` org tries to stick to Rust, in
doing so it takes on more (unnecessary) dependencies and has a
particularly unusable MSRV policy. Finally, its contributor base
has historically not been particularly friendly.

Thus, sadly, there's not really a good option for doing ECDSA (non-
secp256k1) validation using a third-party crate.

Instead, we go our own way here, adding an in-crate ECDSA
validator over secp{256,384}r1.

This also adds a new bench, showing our secp256r1 validation is,
sadly, something like 50x slower than OpenSSL.

7 months agoAdd U256/U384 and mod-const-prime wrapper utilities of both.
Matt Corallo [Mon, 4 Mar 2024 18:43:52 +0000 (18:43 +0000)]
Add U256/U384 and mod-const-prime wrapper utilities of both.

In the next commit we'll add support for secp256r1 and secp384r1
validation, which require 256-bit and 384-bit integers. To make
their implementation simple, we also add wrapper structs around
the new integers which are modulo a const-prime, storing and
handling the values in montgommery representation.

7 months agoAdd a simple benchmark of 2048-bit RSA validation
Matt Corallo [Sat, 2 Mar 2024 20:20:11 +0000 (20:20 +0000)]
Add a simple benchmark of 2048-bit RSA validation

This shows our RSA is only roughly 3.5x slower than OpenSSL.

7 months agoSwap `ring` for our own in-crate RSA validator
Matt Corallo [Sun, 3 Mar 2024 15:05:08 +0000 (15:05 +0000)]
Swap `ring` for our own in-crate RSA validator

While `ring` is great, it struggles with platform support and has a
fairly involved dependency tree due to its reliance on C backends.

Further, while the `RustCrypto` org tries to stick to Rust, in
doing so it takes on more (unnecessary) dependencies and has a
particularly unusable MSRV policy. Finally, its contributor base
has historically not been particularly friendly.

Thus, sadly, there's not really a good option for doing RSA
validation using a third-party crate.

Instead, we go our own way here, adding an in-crate RSA validator.

7 months agoAdd a relatively simple mostly-const-fn bigint math implementation
Matt Corallo [Sun, 3 Mar 2024 14:23:39 +0000 (14:23 +0000)]
Add a relatively simple mostly-const-fn bigint math implementation

While `ring` is great, it struggles with platform support and has a
fairly involved dependency tree due to its reliance on C backends.

Further, while the `RustCrypto` org tries to stick to Rust, in
doing so it takes on more (unnecessary) dependencies and has a
particularly unusable MSRV policy. Finally, its contributor base
has historically not been particularly friendly.

Thus, sadly, there's not really a good option for doing RSA
validation using a third-party crate.

Instead, in the next commit we'll go our own way and add an
in-crate RSA validator. This takes the first step, adding a bigint
implementation that works up to 4096 bits (the longest allowed RSA
keys in the DNS).

Sadly, once we get to EC math we'll really want most of our math
operations to be const fns, which provides some additional limits.
Absent a better way to do subslicing on rustc 1.63, this commit
introduces a dependency on the `const_slice_from_raw_parts`
feature, which appears to work fine on 1.63 with
`RUSTC_BOOTSTRAP=1` set, and was stabilized in 1.64.

7 months agoEnable (minimal) optimization in tests
Matt Corallo [Wed, 21 Feb 2024 07:17:01 +0000 (07:17 +0000)]
Enable (minimal) optimization in tests

As of the next commit, our tests now have to do in-crate crypto, so
even minimal optimization provide a huge speedup.

7 months agoTest fuzzers build and release build in test.sh
Matt Corallo [Mon, 4 Mar 2024 02:30:11 +0000 (02:30 +0000)]
Test fuzzers build and release build in test.sh

7 months agoAdd support back for SHA-384 DS records
Matt Corallo [Wed, 3 Apr 2024 08:21:37 +0000 (08:21 +0000)]
Add support back for SHA-384 DS records

While these are relatively unused, support for SHA-384 was recently
added in `bitcoin_hashes`, which we use here for DS validation.

8 months agoMove RRSig loop to after DS loop to be more mindful of KeyTrap
Matt Corallo [Wed, 20 Mar 2024 22:03:20 +0000 (22:03 +0000)]
Move RRSig loop to after DS loop to be more mindful of KeyTrap

In general we were mostly fine regarding KeyTrap, as we largely
fail after any invalid signature and only loop if a signature or
key required an unknown algorithm. Thus, addressing KeyTrap is
mostly an exercise in adding comments.

However, we did verify all DS hashes every time we went to verify
a single DNSKey RRSig, which is potentially some work, which we
fix here, leading to a nice simplification in `verify_rr_stream`.

8 months agoBump version for NSEC/3 validation
Matt Corallo [Sat, 2 Mar 2024 16:41:54 +0000 (16:41 +0000)]
Bump version for NSEC/3 validation

8 months agoAdd new tests to test NSEC validation behavior
Matt Corallo [Sat, 2 Mar 2024 15:55:15 +0000 (15:55 +0000)]
Add new tests to test NSEC validation behavior

8 months agoDrop NSEC/3 records from `VerifiedRRStream::verified_rrs`
Matt Corallo [Sat, 2 Mar 2024 15:56:39 +0000 (15:56 +0000)]
Drop NSEC/3 records from `VerifiedRRStream::verified_rrs`

`verified_rrs` is intended to include only the records a user may
want, not signatures and proof records. Thus, like we remove
RRSIG/DS records, here we also remove NSEC/3 records.

8 months agoValidate NSec/3 records prove non-existence when handling C/DNAMEs
Matt Corallo [Mon, 26 Feb 2024 03:06:02 +0000 (03:06 +0000)]
Validate NSec/3 records prove non-existence when handling C/DNAMEs

When handling C/DNAME RRs we're required to validate that NSEC/3
records exist proving non-existence of the sought record itself. We
do this here.

8 months agoRefresh existing test data and add NSEC/3 records
Matt Corallo [Wed, 28 Feb 2024 02:25:00 +0000 (02:25 +0000)]
Refresh existing test data and add NSEC/3 records

This refreshes all our existing test vectors to use new timestamps,
as well as including the newly-required NSEC/3 records.

8 months agoAdd base32 parser which is needed for NSEC3 validation
Matt Corallo [Mon, 26 Feb 2024 20:10:49 +0000 (20:10 +0000)]
Add base32 parser which is needed for NSEC3 validation

8 months agoCorrect `NSecTypeMask::contains_type` and add `from_types` builder
Matt Corallo [Wed, 28 Feb 2024 02:23:52 +0000 (02:23 +0000)]
Correct `NSecTypeMask::contains_type` and add `from_types` builder

The low-bit-masking in `NSecTypeMask::contains_type` was incorrect,
leading to spuriously looking at the wrong bit position within the
correct byte.

While we're at it, we also add a new constructor which allows for
bits to be set.

8 months agoUse `bitcoin_hashes` rather than `ring` for hashing
Matt Corallo [Wed, 21 Feb 2024 02:21:26 +0000 (02:21 +0000)]
Use `bitcoin_hashes` rather than `ring` for hashing

While `ring` is great, it struggles with platform support and has a
fairly involved dependency tree due to its reliance on C backends.

Further, while the `RustCrypto` org tries to stick to Rust, in
doing so it takes on more (unnecessary) dependencies and has a
particularly unusable MSRV policy. Finally, its contributor base
has historically not been particularly friendly.

Thus, for the best platform support, we'd like to avoid both. Here
we take the first of several steps towards that goal, using
`bitcoin_hashes` for our SHA-1/SHA-2 operations instead.

8 months agoBump version for NSEC/3 record type additions and proof inclusion
Matt Corallo [Mon, 26 Feb 2024 20:51:00 +0000 (20:51 +0000)]
Bump version for NSEC/3 record type additions and proof inclusion

8 months agoInclude any relevant NSec/NSec3 records in generated proofs
Matt Corallo [Mon, 26 Feb 2024 03:05:23 +0000 (03:05 +0000)]
Include any relevant NSec/NSec3 records in generated proofs

8 months agoAdd de/serialization and structs for NSec and NSec3 records
Matt Corallo [Mon, 26 Feb 2024 03:04:52 +0000 (03:04 +0000)]
Add de/serialization and structs for NSec and NSec3 records

8 months agoDefine a util method to convert a type value to the type's name
Matt Corallo [Mon, 26 Feb 2024 20:44:08 +0000 (20:44 +0000)]
Define a util method to convert a type value to the type's name

8 months agoAdd debug checks that we don't leave data behind after an RR
Matt Corallo [Mon, 26 Feb 2024 03:04:12 +0000 (03:04 +0000)]
Add debug checks that we don't leave data behind after an RR

8 months agoRefuse to include \s in the JSON output of a TXT record
Matt Corallo [Mon, 26 Feb 2024 03:02:21 +0000 (03:02 +0000)]
Refuse to include \s in the JSON output of a TXT record

8 months agoForce all names to lowercase ASCII as it is the canonical form
Matt Corallo [Mon, 26 Feb 2024 04:41:58 +0000 (04:41 +0000)]
Force all names to lowercase ASCII as it is the canonical form

8 months agoAdd trivial helper method to get the label count in a `Name`
Matt Corallo [Mon, 26 Feb 2024 03:01:59 +0000 (03:01 +0000)]
Add trivial helper method to get the label count in a `Name`

9 months agoBump version number for DNAME support
Matt Corallo [Mon, 12 Feb 2024 05:08:06 +0000 (05:08 +0000)]
Bump version number for DNAME support

9 months agoSwap test domain to something more sustainable
Matt Corallo [Mon, 12 Feb 2024 05:07:37 +0000 (05:07 +0000)]
Swap test domain to something more sustainable

9 months agoAdd support for DNAME resolution
Matt Corallo [Mon, 12 Feb 2024 04:21:45 +0000 (04:21 +0000)]
Add support for DNAME resolution

9 months agoAdd note about DoH proof building usage.
Matt Corallo [Mon, 12 Feb 2024 03:34:00 +0000 (03:34 +0000)]
Add note about DoH proof building usage.

9 months agoBump version for bug fixes and new query APIs
Matt Corallo [Mon, 12 Feb 2024 03:05:26 +0000 (03:05 +0000)]
Bump version for bug fixes and new query APIs

9 months agoAdd WASM/JS support for doing full lookups using DoH
Matt Corallo [Mon, 12 Feb 2024 03:04:51 +0000 (03:04 +0000)]
Add WASM/JS support for doing full lookups using DoH