Refactor: use wire-formatted byte arrays to represent names internally, no more strings #90
Commits on Sep 28, 2022
-
-
dns: refactor name_parse(): read wire format and keep in wire format
This function used to convert wire-formatted byte arrays to strings. We are no longer using strings for names internally so this function got much simpler. All it really needs to do now is un-compress a name from a DNS message packet. Because this function is the main entry point for all names in the program, it is also critical to verify label and name size rules. Once names are ingested by name_parse() and stored in structs, we can for the most part assume they are valid.
-
dns: refactor name_serialize(): read and keep in wire format
This function used to convert names from strings to wire-formatted byte arrays. We are no longer using strings for names internally so this function got much simpler. All it really needs to do now is compress a name into a DNS message by adding label pointers where necessary. Because this function is the main output point for names it is critical to verify label and name lengths when we write.
-
dns: use dns-name-based hash map for label compression in serialize()
hsk_dns_name_serialize() takes an argument hsk_dns_cmp_t which includes a generic map object hsk_map_t. This map is used to track names and labels as a message is being written, so compression pointers can be applied. Since names are byte arrays now and not strings this map needs to be reimplemented with corrected hash and equality functions.
-
dns: implement to/from string (DNS presentation format) for names
Internally, hnsd keeps all names in wire-formatted byte arrays. There are only a few places where the name must be converted to a printable string, which requires "presentation format" e.g. //DDD for unprintable characters, etc. To string: - Log messages that print names being resolved - libunbound's recursive resolver API From string: - Only needed for testing (hnsd doesn't accept strings as input nor use them internally)
-
dns: repurpose name_verify() to match hsd rules.verifyName()
In addition to procesisng byte arrays instead of strings, repurpose this function to check a single label for validity as a Handshake TLD. The most important time to use it is when receiving a user's request. TLDs need to be valid before hashing and requesting Urkel proofs from full nodes.
-
dns: refactor label split/from/get for byte array instead of string
These label utilities used to process strings but now we represent all names as byte arrays. For consistency, these functions always output in DNS wire format, even single labels. That means output always begins with a length byte and ends with a 0x00 terminator (aka ".")
-
ns: fix synth parsing in onrecv() and refactor for byte arrays
In addition to refactoring hsk_ns_onrecv() to deal with names as byte arrays instead of strings, this fixes a bug where the root server wasn't properly handling requests for _synth by itself. Since a request for `_synth` has only one label, we should not request label with index -2 using hsk_dns_label_from()
-
-
pool: rename "name" to "tld" and update HNS namehash for byte arrays
Update the name_hash function (which is used when requesting proofs from full nodes) since names are not strings any more. In addition, try to be consistent with variable naming. "name" could be multiple labels, "tld" is always one label and, in the context of pool, important for requesting and verifying Urkel proofs.
-
-
-
-
-
-
-
-
-
-
-
dns: remove label compression from some record types data
https://www.rfc-editor.org/rfc/rfc3597#section-4 > To avoid such corruption, servers MUST NOT compress domain names > embedded in the RDATA of types that are class-specific or not well- > known. This requirement was stated in [RFC1123] without defining > the term "well-known"; it is hereby specified that only the RR types > defined in [RFC1035] are to be considered "well-known"." This commit was checked against pdns: https://github.com/PowerDNS/pdns/blob/master/pdns/dnsrecords.cc
-
dns: prevent memory leak when reading invalid record data
Before this commmit, if record data was invalid and ..._read() failed, we would `goto fail` which would call hsk_dns_rrs_uninit(). However, uninit() only frees rr objects if the rrset has a size > 0 and only frees that many rr objects. By calling hsk_dns_rrs_push() BEFORE ..._read() we increment that size value and that ensures that if there is a failure, the rr will be freed. The rr is already allocated and pushing its pointer into the rrset before we write its data doesn't affect anything else.
-
-
-
dns: read domain names from tld.h as bytes, not strings
Also updates the hard-coded root zone, see handshake-org/hs-names#12
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.