static struct rr* nsap_parse(char *name, long ttl, int type, char *s) { struct rr_nsap *rr = getmem(sizeof(*rr)); rr->data = extract_hex_binary_data(&s, "NSAP data", EXTRACT_EAT_WHITESPACE); if (rr->data.length < 0) return NULL; if (*s) { return bitch("garbage after valid NSAP data"); } return store_record(type, name, ttl, rr); }
static struct rr* dlv_parse(char *name, long ttl, int type, char *s) { struct rr_dlv *rr = getmem(sizeof(*rr)); int key_tag, algorithm, digest_type; key_tag = extract_integer(&s, "key tag", NULL); if (key_tag < 0) return NULL; rr->key_tag = key_tag; algorithm = extract_algorithm(&s, "algorithm"); if (algorithm == ALG_UNSUPPORTED) return NULL; rr->algorithm = algorithm; digest_type = extract_integer(&s, "digest type", NULL); if (digest_type < 0) return NULL; rr->digest_type = digest_type; rr->digest = extract_hex_binary_data(&s, "digest", EXTRACT_EAT_WHITESPACE); if (rr->digest.length < 0) return NULL; switch (digest_type) { case 1: if (rr->digest.length != SHA1_BYTES) { return bitch("wrong SHA-1 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA1_BYTES); } break; case 2: if (rr->digest.length != SHA256_BYTES) { return bitch("wrong SHA-256 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA256_BYTES); } break; case 3: if (rr->digest.length != GOST_BYTES) { return bitch("wrong GOST R 34.11-94 digest length: %d bytes found, %d bytes expected", rr->digest.length, GOST_BYTES); } break; case 4: if (rr->digest.length != SHA384_BYTES) { return bitch("wrong SHA-384 digest length: %d bytes found, %d bytes expected", rr->digest.length, SHA384_BYTES); } break; default: return bitch("bad or unsupported digest type %d", digest_type); } if (*s) { return bitch("garbage after valid DLV data"); } G.dnssec_active = 1; return store_record(type, name, ttl, rr); }
static struct rr* tlsa_smimea_parse(char *name, long ttl, int type, char *s) { struct rr_tlsa_smimea *rr = getmem(sizeof(*rr)); int cert_usage, selector, matching_type; cert_usage = extract_integer(&s, "certificate usage field", NULL); if (cert_usage < 0) return NULL; if (cert_usage > 3) return bitch("bad certificate usage field"); rr->cert_usage = cert_usage; selector = extract_integer(&s, "selector field", NULL); if (selector < 0) return NULL; if (selector > 1) return bitch("bad selector field"); rr->selector = selector; matching_type = extract_integer(&s, "matching type field", NULL); if (matching_type < 0) return NULL; if (matching_type > 2) return bitch("bad matching type field"); rr->matching_type = matching_type; rr->association_data = extract_hex_binary_data(&s, "certificate association data", EXTRACT_EAT_WHITESPACE); if (rr->association_data.length < 0) return NULL; switch (rr->matching_type) { case 1: if (rr->association_data.length != SHA256_BYTES) return bitch("bad SHA-256 hash length"); break; case 2: if (rr->association_data.length != SHA512_BYTES) return bitch("bad SHA-512 hash length"); break; } if (*s) { return bitch("garbage after valid %s data", type == T_TLSA ? "TLSA" : "SMIMEA"); } return store_record(type, name, ttl, rr); }
static struct rr* nsec3_parse(char *name, long ttl, int type, char *s) { struct rr_nsec3 *rr = getmem(sizeof(*rr)); struct rr *ret_rr; struct binary_data bitmap; int i; int opt_out = 0; char *str_type = NULL; int ltype; i = extract_integer(&s, "hash algorithm"); if (i < 0) return NULL; if (i > 255) return bitch("bad hash algorithm value"); if (i != 1) return bitch("unrecognized or unsupported hash algorithm"); rr->hash_algorithm = i; i = extract_integer(&s, "flags"); if (i < 0) return NULL; if (i > 255) return bitch("bad flags value"); if (!(i == 0 || i == 1)) return bitch("unsupported flags value"); if (i == 1) opt_out = 1; rr->flags = i; i = extract_integer(&s, "iterations"); if (i < 0) return NULL; if (i > 2500) return bitch("bad iterations value"); rr->iterations = i; /* TODO validate iteration count according to key size, * as per http://tools.ietf.org/html/rfc5155#section-10.3 */ if (*s == '-') { rr->salt.length = 0; rr->salt.data = NULL; s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') return bitch("salt is not valid"); s = skip_white_space(s); } else { rr->salt = extract_hex_binary_data(&s, "salt", EXTRACT_DONT_EAT_WHITESPACE); if (rr->salt.length <= 0) return NULL; if (rr->salt.length > 255) return bitch("salt is too long"); } rr->next_hashed_owner = extract_base32hex_binary_data(&s, "next hashed owner"); bitmap = new_set(); while (s && *s) { str_type = extract_label(&s, "type list", "temporary"); if (!str_type) return NULL; ltype = str2rdtype(str_type); add_bit_to_set(&bitmap, ltype); } if (!s) return NULL; rr->type_bitmap = compressed_set(&bitmap); ret_rr = store_record(type, name, ttl, rr); if (ret_rr) { G.nsec3_present = 1; if (opt_out) G.nsec3_opt_out_present = 1; } return ret_rr; }
static struct rr* nsec3param_parse(char *name, long ttl, int type, char *s) { struct rr_nsec3param *rr = getmem(sizeof(*rr)); struct rr *ret_rr; int i; i = extract_integer(&s, "hash algorithm"); if (i < 0) return NULL; if (i > 255) return bitch("bad hash algorithm value"); if (i != 1) return bitch("unrecognized or unsupported hash algorithm"); rr->hash_algorithm = i; i = extract_integer(&s, "flags"); if (i < 0) return NULL; if (i > 255) return bitch("bad flags value"); if (i != 0) return bitch("flags is supposed to be 0 for NSEC3PARAM"); rr->flags = i; i = extract_integer(&s, "iterations"); if (i < 0) return NULL; if (i > 2500) return bitch("bad iterations value"); rr->iterations = i; /* TODO validate iteration count according to key size, * as per http://tools.ietf.org/html/rfc5155#section-10.3 */ if (*s == '-') { rr->salt.length = 0; rr->salt.data = NULL; s++; if (*s && !isspace(*s) && *s != ';' && *s != ')') return bitch("salt is not valid"); s = skip_white_space(s); } else { rr->salt = extract_hex_binary_data(&s, "salt", EXTRACT_DONT_EAT_WHITESPACE); if (rr->salt.length <= 0) return NULL; if (rr->salt.length > 255) return bitch("salt is too long"); } if (*s) { return bitch("garbage after valid NSEC3PARAM data"); } G.dnssec_active = 1; ret_rr = store_record(type, name, ttl, rr); if (ret_rr && !nsec3param && (ret_rr->rr_set->named_rr->flags & NAME_FLAG_APEX)) nsec3param = ret_rr; if (G.opt.policy_checks[POLICY_NSEC3PARAM_NOT_APEX] && (ret_rr->rr_set->named_rr->flags & NAME_FLAG_APEX) == 0) { return bitch("NSEC3PARAM found not at zone apex"); } return ret_rr; }