static struct rr* nsap_parse(char *name, long ttl, int type, char *s)
{
struct rr_nsap *rr = getmem(sizeof(*rr));
rr->data = extract_hex_binary_data(&s, "NSAP data", EXTRACT_EAT_WHITESPACE);
if (rr->data.length < 0) return NULL;
if (*s) {
return bitch("garbage after valid NSAP data");
}
return store_record(type, name, ttl, rr);
}
static struct rr* dlv_parse(char *name, long ttl, int type, char *s)
{
struct rr_dlv *rr = getmem(sizeof(*rr));
int key_tag, algorithm, digest_type;
key_tag = extract_integer(&s, "key tag", NULL);
if (key_tag < 0) return NULL;
rr->key_tag = key_tag;
algorithm = extract_algorithm(&s, "algorithm");
if (algorithm == ALG_UNSUPPORTED) return NULL;
rr->algorithm = algorithm;
digest_type = extract_integer(&s, "digest type", NULL);
if (digest_type < 0) return NULL;
rr->digest_type = digest_type;
rr->digest = extract_hex_binary_data(&s, "digest", EXTRACT_EAT_WHITESPACE);
if (rr->digest.length < 0) return NULL;
switch (digest_type) {
case 1:
if (rr->digest.length != SHA1_BYTES) {
return bitch("wrong SHA-1 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA1_BYTES);
}
break;
case 2:
if (rr->digest.length != SHA256_BYTES) {
return bitch("wrong SHA-256 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA256_BYTES);
}
break;
case 3:
if (rr->digest.length != GOST_BYTES) {
return bitch("wrong GOST R 34.11-94 digest length: %d bytes found, %d bytes expected", rr->digest.length, GOST_BYTES);
}
break;
case 4:
if (rr->digest.length != SHA384_BYTES) {
return bitch("wrong SHA-384 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA384_BYTES);
}
break;
default:
return bitch("bad or unsupported digest type %d", digest_type);
}
if (*s) {
return bitch("garbage after valid DLV data");
}
G.dnssec_active = 1;
return store_record(type, name, ttl, rr);
}
static struct rr* tlsa_smimea_parse(char *name, long ttl, int type, char *s)
{
struct rr_tlsa_smimea *rr = getmem(sizeof(*rr));
int cert_usage, selector, matching_type;
cert_usage = extract_integer(&s, "certificate usage field", NULL);
if (cert_usage < 0) return NULL;
if (cert_usage > 3)
return bitch("bad certificate usage field");
rr->cert_usage = cert_usage;
selector = extract_integer(&s, "selector field", NULL);
if (selector < 0) return NULL;
if (selector > 1)
return bitch("bad selector field");
rr->selector = selector;
matching_type = extract_integer(&s, "matching type field", NULL);
if (matching_type < 0) return NULL;
if (matching_type > 2)
return bitch("bad matching type field");
rr->matching_type = matching_type;
rr->association_data = extract_hex_binary_data(&s, "certificate association data", EXTRACT_EAT_WHITESPACE);
if (rr->association_data.length < 0) return NULL;
switch (rr->matching_type) {
case 1:
if (rr->association_data.length != SHA256_BYTES)
return bitch("bad SHA-256 hash length");
break;
case 2:
if (rr->association_data.length != SHA512_BYTES)
return bitch("bad SHA-512 hash length");
break;
}
if (*s) {
return bitch("garbage after valid %s data", type == T_TLSA ? "TLSA" : "SMIMEA");
}
return store_record(type, name, ttl, rr);
}
static struct rr* nsec3_parse(char *name, long ttl, int type, char *s)
{
struct rr_nsec3 *rr = getmem(sizeof(*rr));
struct rr *ret_rr;
struct binary_data bitmap;
int i;
int opt_out = 0;
char *str_type = NULL;
int ltype;
i = extract_integer(&s, "hash algorithm");
if (i < 0)
return NULL;
if (i > 255)
return bitch("bad hash algorithm value");
if (i != 1)
return bitch("unrecognized or unsupported hash algorithm");
rr->hash_algorithm = i;
i = extract_integer(&s, "flags");
if (i < 0)
return NULL;
if (i > 255)
return bitch("bad flags value");
if (!(i == 0 || i == 1))
return bitch("unsupported flags value");
if (i == 1)
opt_out = 1;
rr->flags = i;
i = extract_integer(&s, "iterations");
if (i < 0)
return NULL;
if (i > 2500)
return bitch("bad iterations value");
rr->iterations = i;
/* TODO validate iteration count according to key size,
* as per http://tools.ietf.org/html/rfc5155#section-10.3 */
if (*s == '-') {
rr->salt.length = 0;
rr->salt.data = NULL;
s++;
if (*s && !isspace(*s) && *s != ';' && *s != ')')
return bitch("salt is not valid");
s = skip_white_space(s);
} else {
rr->salt = extract_hex_binary_data(&s, "salt", EXTRACT_DONT_EAT_WHITESPACE);
if (rr->salt.length <= 0)
return NULL;
if (rr->salt.length > 255)
return bitch("salt is too long");
}
rr->next_hashed_owner = extract_base32hex_binary_data(&s, "next hashed owner");
bitmap = new_set();
while (s && *s) {
str_type = extract_label(&s, "type list", "temporary");
if (!str_type) return NULL;
ltype = str2rdtype(str_type);
add_bit_to_set(&bitmap, ltype);
}
if (!s)
return NULL;
rr->type_bitmap = compressed_set(&bitmap);
ret_rr = store_record(type, name, ttl, rr);
if (ret_rr) {
G.nsec3_present = 1;
if (opt_out)
G.nsec3_opt_out_present = 1;
}
return ret_rr;
}
static struct rr* nsec3param_parse(char *name, long ttl, int type, char *s)
{
struct rr_nsec3param *rr = getmem(sizeof(*rr));
struct rr *ret_rr;
int i;
i = extract_integer(&s, "hash algorithm");
if (i < 0)
return NULL;
if (i > 255)
return bitch("bad hash algorithm value");
if (i != 1)
return bitch("unrecognized or unsupported hash algorithm");
rr->hash_algorithm = i;
i = extract_integer(&s, "flags");
if (i < 0)
return NULL;
if (i > 255)
return bitch("bad flags value");
if (i != 0)
return bitch("flags is supposed to be 0 for NSEC3PARAM");
rr->flags = i;
i = extract_integer(&s, "iterations");
if (i < 0)
return NULL;
if (i > 2500)
return bitch("bad iterations value");
rr->iterations = i;
/* TODO validate iteration count according to key size,
* as per http://tools.ietf.org/html/rfc5155#section-10.3 */
if (*s == '-') {
rr->salt.length = 0;
rr->salt.data = NULL;
s++;
if (*s && !isspace(*s) && *s != ';' && *s != ')')
return bitch("salt is not valid");
s = skip_white_space(s);
} else {
rr->salt = extract_hex_binary_data(&s, "salt", EXTRACT_DONT_EAT_WHITESPACE);
if (rr->salt.length <= 0)
return NULL;
if (rr->salt.length > 255)
return bitch("salt is too long");
}
if (*s) {
return bitch("garbage after valid NSEC3PARAM data");
}
G.dnssec_active = 1;
ret_rr = store_record(type, name, ttl, rr);
if (ret_rr && !nsec3param && (ret_rr->rr_set->named_rr->flags & NAME_FLAG_APEX))
nsec3param = ret_rr;
if (G.opt.policy_checks[POLICY_NSEC3PARAM_NOT_APEX] &&
(ret_rr->rr_set->named_rr->flags & NAME_FLAG_APEX) == 0)
{
return bitch("NSEC3PARAM found not at zone apex");
}
return ret_rr;
}
