1*00b67f09SDavid van MoolenbroekCopyright (C) 2014 Internet Systems Consortium, Inc. ("ISC") 2*00b67f09SDavid van MoolenbroekSee COPYRIGHT in the source root or http://isc.org/copyright.html for terms. 3*00b67f09SDavid van Moolenbroek 4*00b67f09SDavid van Moolenbroek Source Identity Token 5*00b67f09SDavid van Moolenbroek 6*00b67f09SDavid van MoolenbroekSource Identity Token (SIT) is based in Donald Eastlake 3rd's DNS Cookies[1]. 7*00b67f09SDavid van Moolenbroek 8*00b67f09SDavid van MoolenbroekThe main differences are that the error code has been dropped and 9*00b67f09SDavid van Moolenbroekthat the server cookie doesn't have a fixed length and may be 10*00b67f09SDavid van Moolenbroekmissing. 11*00b67f09SDavid van Moolenbroek 12*00b67f09SDavid van MoolenbroekThe error code has been dropped because it served no useful purpose 13*00b67f09SDavid van Moolenbroekfor us. If it was to be restored it should be the first element 14*00b67f09SDavid van Moolenbroekof the option. 15*00b67f09SDavid van Moolenbroek 16*00b67f09SDavid van MoolenbroekWe extended the server cookie to transmit server time and to include 17*00b67f09SDavid van Moolenbroeka server generated nonce. The purpose of these is to provide a 18*00b67f09SDavid van Moolenbroekshort window of time (1 hour with a 5 minutes of clock skew for 19*00b67f09SDavid van Moolenbroekcluster time) where a previous cookie can be used for and to not 20*00b67f09SDavid van Moolenbroekrequire the server secret to be updated when it is shared by a 21*00b67f09SDavid van Moolenbroekcluster of servers. In particular the time of generation needed 22*00b67f09SDavid van Moolenbroekto be passed between servers via the client so that old cookie can 23*00b67f09SDavid van Moolenbroekbe rejected. 24*00b67f09SDavid van Moolenbroek 25*00b67f09SDavid van MoolenbroekThe option structure is: 26*00b67f09SDavid van Moolenbroek 27*00b67f09SDavid van Moolenbroek client cookie (64 bits) 28*00b67f09SDavid van Moolenbroek server cookie (128 bits) broken up into: 29*00b67f09SDavid van Moolenbroek - nonce (32 bits) 30*00b67f09SDavid van Moolenbroek - time (32 bits) 31*00b67f09SDavid van Moolenbroek - hash (64 bits) 32*00b67f09SDavid van Moolenbroek 33*00b67f09SDavid van MoolenbroekThe initial requests just sends the client cookie. If the response 34*00b67f09SDavid van Moolenbroekcontains a matching client cookie the entire response is saved and 35*00b67f09SDavid van Moolenbroeksent on the next transaction. A new server cookie is generated for 36*00b67f09SDavid van Moolenbroekevery response. 37*00b67f09SDavid van Moolenbroek 38*00b67f09SDavid van MoolenbroekWe are currently using EDNS Experimental code point 65001. This is 39*00b67f09SDavid van Moolenbroeksubject to change. 40*00b67f09SDavid van Moolenbroek 41*00b67f09SDavid van MoolenbroekWe have three supported hash method. AES, HMAC SHA 1 and HMAC SHA 256. 42*00b67f09SDavid van MoolenbroekA cluster of servers needs to choose one of them. 43*00b67f09SDavid van Moolenbroek 44*00b67f09SDavid van MoolenbroekAES 45*00b67f09SDavid van Moolenbroek memset(input, 0, sizeof(input)); 46*00b67f09SDavid van Moolenbroek cp = isc_buffer_used(buf); 47*00b67f09SDavid van Moolenbroek isc_buffer_putmem(buf, client->cookie, 8); 48*00b67f09SDavid van Moolenbroek isc_buffer_putuint32(buf, nonce); 49*00b67f09SDavid van Moolenbroek isc_buffer_putuint32(buf, when); 50*00b67f09SDavid van Moolenbroek memmove(input, cp, 16); 51*00b67f09SDavid van Moolenbroek isc_aes128_crypt(ns_g_server->secret, input, digest); 52*00b67f09SDavid van Moolenbroek for (i = 0; i < 8; i++) 53*00b67f09SDavid van Moolenbroek input[i] = digest[i] ^ digest[i + 8]; 54*00b67f09SDavid van Moolenbroek isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr); 55*00b67f09SDavid van Moolenbroek switch (netaddr.family) { 56*00b67f09SDavid van Moolenbroek case AF_INET: 57*00b67f09SDavid van Moolenbroek memmove(input + 8, (unsigned char *)&netaddr.type.in, 4); 58*00b67f09SDavid van Moolenbroek memset(input + 12, 0, 4); 59*00b67f09SDavid van Moolenbroek isc_aes128_crypt(ns_g_server->secret, input, digest); 60*00b67f09SDavid van Moolenbroek break; 61*00b67f09SDavid van Moolenbroek case AF_INET6: 62*00b67f09SDavid van Moolenbroek memmove(input + 8, (unsigned char *)&netaddr.type.in6, 16); 63*00b67f09SDavid van Moolenbroek isc_aes128_crypt(ns_g_server->secret, input, digest); 64*00b67f09SDavid van Moolenbroek for (i = 0; i < 8; i++) 65*00b67f09SDavid van Moolenbroek input[i + 8] = digest[i] ^ digest[i + 8]; 66*00b67f09SDavid van Moolenbroek isc_aes128_crypt(ns_g_server->secret, input + 8, digest); 67*00b67f09SDavid van Moolenbroek break; 68*00b67f09SDavid van Moolenbroek } 69*00b67f09SDavid van Moolenbroek for (i = 0; i < 8; i++) 70*00b67f09SDavid van Moolenbroek digest[i] ^= digest[i + 8]; 71*00b67f09SDavid van Moolenbroek isc_buffer_putmem(buf, digest, 8); 72*00b67f09SDavid van Moolenbroek 73*00b67f09SDavid van MoolenbroekHMAC SHA1 74*00b67f09SDavid van Moolenbroek 75*00b67f09SDavid van Moolenbroek hash = trunc(hmacsha1(secret, client|nonce|when|address), 8); 76*00b67f09SDavid van Moolenbroek 77*00b67f09SDavid van MoolenbroekHMAC SHA256 78*00b67f09SDavid van Moolenbroek 79*00b67f09SDavid van Moolenbroek hash = trunc(hmacsha256(secret, client|nonce|when|address), 8); 80*00b67f09SDavid van Moolenbroek 81*00b67f09SDavid van Moolenbroek[1] 82*00b67f09SDavid van MoolenbroekINTERNET-DRAFT Donald Eastlake 83*00b67f09SDavid van MoolenbroekIntended Status: Proposed Standard Huawei 84*00b67f09SDavid van MoolenbroekExpires: July 21, 2014 January 22, 2014 85*00b67f09SDavid van Moolenbroek 86*00b67f09SDavid van Moolenbroek 87*00b67f09SDavid van Moolenbroek Domain Name System (DNS) Cookies 88*00b67f09SDavid van Moolenbroek <draft-eastlake-dnsext-cookies-04.txt> 89*00b67f09SDavid van Moolenbroek 90