• Configuration Files
• XML Parser
• Key Generation
• Signature Generation
• CGA Generation
• General Variables and Functions

Configuration Files

CGA-TSIG configuration files can be found in OpenDNSSEC/Conf/ . addyn.xml.in and addyn.rnc are two files that contain the required parameters for CGA-TSIG

XML Parser

In order to parse the xml configuration file, there are two other files that are needed to accomplish this task

• OpenDNSSEC/signer/src/adapter/addyn.(c,h)
• OpenDNSSEC/signer/src/parser/addynparser.(c,h)

Key Generation

CGA-TSIG uses the cache value stored by the Secure Neighbor Discovery Protocol (SeND) service, but it can also generate the key pair itself. This scenario is applicable with FQDN and other related DNS updates. It is not recommended for use in the authentication of resolver to client or the authentication of root DNS servers in recursive DNS servers.

• OpenDNSSEC/signer/src/cga-tsig/keygen.(c,h)
  keygeneration(KeyGen *key) : This function generates the key pairs and stores them in a PEM file.
  der2pem(RSA *key) : This function converts der to PEM format
  pem2der(RSA *key) : This function converts PEM to der format
  der2base64(const unsigned char * dercode, int length) : This function converts der to base64 encoding format. It allows to store the der format in a file

Signature Generation

The assumption made in this step is that the value that should be signed is available and that it receives this value as an input.

• OpenDNSSEC/signer/src/cga-tsig/signgen.(c,h)
  char * rsasigngen(char * data, char * keypath) : This function signs the data using the RSA private key. the return value from this function is a digest (signed data). The input value is the plain text data and the key location.

CGA Generation

CGA Generation is a series of functions that can be used to generate CGA in case the node does not support Secure Neighbor Discovery (SeND) and CGA.

• OpenDNSSEC/signer/src/cga-tsig/cgagen.(c,h)
  unsigned char * sha1GenU(unsigned char * data) : This function generates the SHA1 digest of the data. It gets the data as an input
  unsigned char * randGen(int number_of_bytes) : This function generates the a random number. The output of this function is array of bytes. The number of bytes is the input to this function. This function generates the 16 bytes random modifier for CGA algorithm.

General Variables and Functions

Some general functions and variables used in other part of the code.

• OpenDNSSEC/signer/src/cga-tsig/public_variable.(c,h)
  char * ObtainIP6(char * networkInterface) : This function obtains the IPv6 address of the node. The output of this function is the IPv6 array of bytes
  char * ObtainIP(char * networkInterface) : This function obtains the IPv4 address of the node. The output of this function is the IPv4 array of bytes
• OpenDNSSEC/signer/src/cga-tsig/readfile.(c,h)
  unsigned char * readfile(char * filepath) : This function obtains the path to the PEM file. The default path will be ~/key/prikey.pem    ~/key/pubkey.pem   where prikey is the node's private key and pubkey is the node's public key.
  void writefile(char * filepath, unsigned char * content) : This function stores the key pair contents to the hard disk. It is recommended that  the default file name and path be used as explained in readfile function.