DNSSEC: move keys before addresses

it was kinda stupid to keep the keys *after* the addresses
but have the addresses keep an index to the array of pubkeys anyway

Signed-off-by: Luca Fulchir <luca.fulchir@runesauth.com>
This commit is contained in:
Luca Fulchir 2023-06-09 19:09:41 +02:00
parent 5625bd95a4
commit a6fda8180d
Signed by: luca.fulchir
GPG Key ID: 8F6440603D13A78E
1 changed files with 43 additions and 44 deletions

View File

@ -13,6 +13,12 @@
//! * 1 byte: divided in half:
//! * half: number of ciphers
//! * half: nothing
//! [ # list of pubkeys (max: 16)
//! * 2 byte: pubkey id
//! * 1 byte: pubkey length
//! * 1 byte: pubkey type
//! * Y bytes: pubkey
//! ]
//! [ # list of addresses
//! * 1 byte: bitfield
//! * 0..1 ipv4/ipv6
@ -26,12 +32,6 @@
//! * [ 1 byte per handshake id ]
//! * X bytes: IP
//! ]
//! [ # list of pubkeys (max: 16)
//! * 2 byte: pubkey id
//! * 1 byte: pubkey length
//! * 1 byte: pubkey type
//! * Y bytes: pubkey
//! ]
//! [ # list of supported key exchanges
//! * 1 byte for each cipher
//! ]
@ -452,12 +452,6 @@ impl Record {
raw[2] = num_of_ciphers;
let mut written: usize = 3;
for address in self.addresses.iter() {
let len = address.len();
let written_next = written + len;
address.serialize_into(&mut raw[written..written_next]);
written = written_next;
}
for (public_key_id, public_key) in self.public_keys.iter() {
let key_id_bytes = public_key_id.0.to_le_bytes();
let written_next = written + KeyID::len();
@ -469,6 +463,12 @@ impl Record {
public_key.serialize_into(&mut raw[written..written_next]);
written = written_next;
}
for address in self.addresses.iter() {
let len = address.len();
let written_next = written + len;
address.serialize_into(&mut raw[written..written_next]);
written = written_next;
}
for k_x in self.key_exchanges.iter() {
raw[written] = *k_x as u8;
written = written + 1;
@ -506,23 +506,6 @@ impl Record {
ciphers: Vec::with_capacity(num_ciphers),
};
while num_addresses > 0 {
let (address, bytes) =
match Address::decode_raw(&raw[bytes_parsed..]) {
Ok(address) => address,
Err(Error::UnsupportedData(b)) => {
return Err(Error::UnsupportedData(bytes_parsed + b))
}
Err(Error::NotEnoughData(b)) => {
return Err(Error::NotEnoughData(bytes_parsed + b))
}
Err(e) => return Err(e),
};
bytes_parsed = bytes_parsed + bytes;
result.addresses.push(address);
num_addresses = num_addresses - 1;
}
while num_public_keys > 0 {
if bytes_parsed + 3 >= raw.len() {
return Err(Error::NotEnoughData(bytes_parsed));
@ -558,6 +541,37 @@ impl Record {
result.public_keys.push((id, public_key));
num_public_keys = num_public_keys - 1;
}
while num_addresses > 0 {
let (address, bytes) =
match Address::decode_raw(&raw[bytes_parsed..]) {
Ok(address) => address,
Err(Error::UnsupportedData(b)) => {
return Err(Error::UnsupportedData(bytes_parsed + b))
}
Err(Error::NotEnoughData(b)) => {
return Err(Error::NotEnoughData(bytes_parsed + b))
}
Err(e) => return Err(e),
};
bytes_parsed = bytes_parsed + bytes;
result.addresses.push(address);
num_addresses = num_addresses - 1;
}
for addr in result.addresses.iter() {
for idx in addr.public_key_idx.iter() {
if idx.0 as usize >= result.public_keys.len() {
return Err(Error::Max16PublicKeys);
}
if !result.public_keys[idx.0 as usize]
.1
.kind()
.capabilities()
.has_exchange()
{
return Err(Error::UnsupportedData(bytes_parsed));
}
}
}
if bytes_parsed + num_key_exchanges + num_hkdfs + num_ciphers
!= raw.len()
{
@ -618,21 +632,6 @@ impl Record {
result.ciphers.push(cipher);
num_ciphers = num_ciphers - 1;
}
for addr in result.addresses.iter() {
for idx in addr.public_key_idx.iter() {
if idx.0 as usize >= result.public_keys.len() {
return Err(Error::Max16PublicKeys);
}
if !result.public_keys[idx.0 as usize]
.1
.kind()
.capabilities()
.has_exchange()
{
return Err(Error::UnsupportedData(bytes_parsed));
}
}
}
if bytes_parsed != raw.len() {
Err(Error::UnknownData(bytes_parsed))
} else {