From a6fda8180d2f63cb13690ff8a49b50e6fa7b6ed9 Mon Sep 17 00:00:00 2001
From: Luca Fulchir <luca.fulchir@runesauth.com>
Date: Fri, 9 Jun 2023 19:09:41 +0200
Subject: [PATCH] DNSSEC: move keys before addresses

it was kinda stupid to keep the keys *after* the addresses
but have the addresses keep an index to the array of pubkeys anyway

Signed-off-by: Luca Fulchir <luca.fulchir@runesauth.com>
---
 src/dnssec/record.rs | 87 ++++++++++++++++++++++----------------------
 1 file changed, 43 insertions(+), 44 deletions(-)

diff --git a/src/dnssec/record.rs b/src/dnssec/record.rs
index b3fdbec..6a49a3a 100644
--- a/src/dnssec/record.rs
+++ b/src/dnssec/record.rs
@@ -13,6 +13,12 @@
 //! * 1 byte: divided in half:
 //!   * half: number of ciphers
 //!   * half: nothing
+//! [ # list of pubkeys (max: 16)
+//!   * 2 byte: pubkey id
+//!   * 1 byte: pubkey length
+//!   * 1 byte: pubkey type
+//!   * Y bytes: pubkey
+//! ]
 //! [ # list of addresses
 //!   * 1 byte: bitfield
 //!     * 0..1 ipv4/ipv6
@@ -26,12 +32,6 @@
 //!   * [ 1 byte per handshake id ]
 //!   * X bytes: IP
 //! ]
-//! [ # list of pubkeys (max: 16)
-//!   * 2 byte: pubkey id
-//!   * 1 byte: pubkey length
-//!   * 1 byte: pubkey type
-//!   * Y bytes: pubkey
-//! ]
 //! [ # list of supported key exchanges
 //!   * 1 byte for each cipher
 //! ]
@@ -452,12 +452,6 @@ impl Record {
         raw[2] = num_of_ciphers;
 
         let mut written: usize = 3;
-        for address in self.addresses.iter() {
-            let len = address.len();
-            let written_next = written + len;
-            address.serialize_into(&mut raw[written..written_next]);
-            written = written_next;
-        }
         for (public_key_id, public_key) in self.public_keys.iter() {
             let key_id_bytes = public_key_id.0.to_le_bytes();
             let written_next = written + KeyID::len();
@@ -469,6 +463,12 @@ impl Record {
             public_key.serialize_into(&mut raw[written..written_next]);
             written = written_next;
         }
+        for address in self.addresses.iter() {
+            let len = address.len();
+            let written_next = written + len;
+            address.serialize_into(&mut raw[written..written_next]);
+            written = written_next;
+        }
         for k_x in self.key_exchanges.iter() {
             raw[written] = *k_x as u8;
             written = written + 1;
@@ -506,23 +506,6 @@ impl Record {
             ciphers: Vec::with_capacity(num_ciphers),
         };
 
-        while num_addresses > 0 {
-            let (address, bytes) =
-                match Address::decode_raw(&raw[bytes_parsed..]) {
-                    Ok(address) => address,
-                    Err(Error::UnsupportedData(b)) => {
-                        return Err(Error::UnsupportedData(bytes_parsed + b))
-                    }
-                    Err(Error::NotEnoughData(b)) => {
-                        return Err(Error::NotEnoughData(bytes_parsed + b))
-                    }
-                    Err(e) => return Err(e),
-                };
-            bytes_parsed = bytes_parsed + bytes;
-            result.addresses.push(address);
-            num_addresses = num_addresses - 1;
-        }
-
         while num_public_keys > 0 {
             if bytes_parsed + 3 >= raw.len() {
                 return Err(Error::NotEnoughData(bytes_parsed));
@@ -558,6 +541,37 @@ impl Record {
             result.public_keys.push((id, public_key));
             num_public_keys = num_public_keys - 1;
         }
+        while num_addresses > 0 {
+            let (address, bytes) =
+                match Address::decode_raw(&raw[bytes_parsed..]) {
+                    Ok(address) => address,
+                    Err(Error::UnsupportedData(b)) => {
+                        return Err(Error::UnsupportedData(bytes_parsed + b))
+                    }
+                    Err(Error::NotEnoughData(b)) => {
+                        return Err(Error::NotEnoughData(bytes_parsed + b))
+                    }
+                    Err(e) => return Err(e),
+                };
+            bytes_parsed = bytes_parsed + bytes;
+            result.addresses.push(address);
+            num_addresses = num_addresses - 1;
+        }
+        for addr in result.addresses.iter() {
+            for idx in addr.public_key_idx.iter() {
+                if idx.0 as usize >= result.public_keys.len() {
+                    return Err(Error::Max16PublicKeys);
+                }
+                if !result.public_keys[idx.0 as usize]
+                    .1
+                    .kind()
+                    .capabilities()
+                    .has_exchange()
+                {
+                    return Err(Error::UnsupportedData(bytes_parsed));
+                }
+            }
+        }
         if bytes_parsed + num_key_exchanges + num_hkdfs + num_ciphers
             != raw.len()
         {
@@ -618,21 +632,6 @@ impl Record {
             result.ciphers.push(cipher);
             num_ciphers = num_ciphers - 1;
         }
-        for addr in result.addresses.iter() {
-            for idx in addr.public_key_idx.iter() {
-                if idx.0 as usize >= result.public_keys.len() {
-                    return Err(Error::Max16PublicKeys);
-                }
-                if !result.public_keys[idx.0 as usize]
-                    .1
-                    .kind()
-                    .capabilities()
-                    .has_exchange()
-                {
-                    return Err(Error::UnsupportedData(bytes_parsed));
-                }
-            }
-        }
         if bytes_parsed != raw.len() {
             Err(Error::UnknownData(bytes_parsed))
         } else {