[net-dns-users] DS with Digest::GOST, patch proposal

Wed Jan 16 10:24:34 UTC 2013

Hi!

As you may be know in Russia we use vodka for drinking, bear and balalaika for 
entertainment and GOST for encryption.

There is RFC 5933 which defines using of GOST digest for DS record.

Also in CPAN there is proper Digest::GOST module that provides GOST digest 
with proper CryptoPro presets.

For our purposes I've created a modification of Net::DNS::Sec That implements 
Digest type 3. A patch for Net::DNS::SEC 0.16 is in attachment.

Would you like to apply this patch to future release? 
I can do some modifications if necessary (may be you would like to do Digest 3 
optional and do not use Digest::GOST right at the beginning of the module or 
something)
Also I can provide proper .t modification

Here in attachment there is also a test that I use in our installation, it is 
based on RFC 5933 example and works well for me.

There would be great to have this patch right into cpan package and get rid of 
manual modifications...
-------------- next part --------------
diff -ur orig/Net/DNS/RR/DS.pm mod/Net/DNS/RR/DS.pm

--- orig/Net/DNS/RR/DS.pm       2010-03-12 16:13:42.000000000 +0300
+++ mod/Net/DNS/RR/DS.pm        2013-01-16 14:01:13.000000000 +0400
@@ -10,6 +10,7 @@
 use Carp;

 use Digest::SHA  qw(sha1 sha1_hex sha256 sha256_hex );
+use Digest::GOST::CryptoPro qw(gost gost_hex);

 BEGIN {

@@ -167,6 +168,7 @@

     if ($args{"digtype"}){
        $self->{"digtype"}=2 if Net::DNS::SEC->digtype($args{"digtype"})==2;
+       $self->{"digtype"}=3 if Net::DNS::SEC->digtype($args{"digtype"})==3;
     }

     $self->{"name"}=$keyrr->name;  # Label is per definition the same as
@@ -217,7 +219,10 @@
     }elsif($self->{"digtype"}==2){
        $self->{"digestbin"}=  sha256($data);
        $self->{"digest"}= uc(sha256_hex($data));
-    }else{
+    } elsif ($self->{"digtype"}==3){
+       $self->{"digestbin"}=  gost ($data);
+       $self->{"digest"}= uc(gost_hex($data));
+    } else {
        return undef;
     }

diff -ur orig/Net/DNS/SEC.pm mod/Net/DNS/SEC.pm
--- orig/Net/DNS/SEC.pm 2010-03-12 16:14:33.000000000 +0300
+++ mod/Net/DNS/SEC.pm  2012-09-25 19:13:14.000000000 +0400
@@ -286,6 +286,7 @@
     my %digestbyname= (
                        "SHA1"             => 1,
                        "SHA256"           => 2,
+                       "GOST"             => 3,
                        );


-------------- next part --------------
#!/usr/bin/perl
use strict;
use warnings;

use Test::More tests => 4;

use_ok('Net::DNS::RR::DS');

=pod
??????. RFC 5933
      example.net. 86400   DNSKEY  257 3 12 (
                                   LMgXRHzSbIJGn6i16K+sDjaDf/k1o9DbxScO
                                   gEYqYS/rlh2Mf+BRAY3QHPbwoPh2fkDKBroF
                                   SRGR7ZYcx+YIQw==
                                   ) ; key id = 40692

   The DS RR will be

      example.net. 3600 IN DS 40692 12 3 (
                22261A8B0E0D799183E35E24E2AD6BB58533CBA7E3B14D659E9CA09B
                2071398F )
=cut


my $record_as_string =
"      example.net. 86400   DNSKEY  257 3 12 (
                                   LMgXRHzSbIJGn6i16K+sDjaDf/k1o9DbxScO
                                   gEYqYS/rlh2Mf+BRAY3QHPbwoPh2fkDKBroF
                                   SRGR7ZYcx+YIQw==
                                   ) ; key id = 40692
";


ok my $dnskey_rr = Net::DNS::RR->new_from_string($record_as_string);
ok my $dsrr = create Net::DNS::RR::DS($dnskey_rr, digtype => 3);

is $dsrr->digest, '22261A8B0E0D799183E35E24E2AD6BB58533CBA7E3B14D659E9CA09B2071398F';
