DNSSEC: move keys before addresses
it was kinda stupid to keep the keys *after* the addresses but have the addresses keep an index to the array of pubkeys anyway Signed-off-by: Luca Fulchir <luca.fulchir@runesauth.com>
This commit is contained in:
parent
5625bd95a4
commit
a6fda8180d
|
@ -13,6 +13,12 @@
|
||||||
//! * 1 byte: divided in half:
|
//! * 1 byte: divided in half:
|
||||||
//! * half: number of ciphers
|
//! * half: number of ciphers
|
||||||
//! * half: nothing
|
//! * half: nothing
|
||||||
|
//! [ # list of pubkeys (max: 16)
|
||||||
|
//! * 2 byte: pubkey id
|
||||||
|
//! * 1 byte: pubkey length
|
||||||
|
//! * 1 byte: pubkey type
|
||||||
|
//! * Y bytes: pubkey
|
||||||
|
//! ]
|
||||||
//! [ # list of addresses
|
//! [ # list of addresses
|
||||||
//! * 1 byte: bitfield
|
//! * 1 byte: bitfield
|
||||||
//! * 0..1 ipv4/ipv6
|
//! * 0..1 ipv4/ipv6
|
||||||
|
@ -26,12 +32,6 @@
|
||||||
//! * [ 1 byte per handshake id ]
|
//! * [ 1 byte per handshake id ]
|
||||||
//! * X bytes: IP
|
//! * X bytes: IP
|
||||||
//! ]
|
//! ]
|
||||||
//! [ # list of pubkeys (max: 16)
|
|
||||||
//! * 2 byte: pubkey id
|
|
||||||
//! * 1 byte: pubkey length
|
|
||||||
//! * 1 byte: pubkey type
|
|
||||||
//! * Y bytes: pubkey
|
|
||||||
//! ]
|
|
||||||
//! [ # list of supported key exchanges
|
//! [ # list of supported key exchanges
|
||||||
//! * 1 byte for each cipher
|
//! * 1 byte for each cipher
|
||||||
//! ]
|
//! ]
|
||||||
|
@ -452,12 +452,6 @@ impl Record {
|
||||||
raw[2] = num_of_ciphers;
|
raw[2] = num_of_ciphers;
|
||||||
|
|
||||||
let mut written: usize = 3;
|
let mut written: usize = 3;
|
||||||
for address in self.addresses.iter() {
|
|
||||||
let len = address.len();
|
|
||||||
let written_next = written + len;
|
|
||||||
address.serialize_into(&mut raw[written..written_next]);
|
|
||||||
written = written_next;
|
|
||||||
}
|
|
||||||
for (public_key_id, public_key) in self.public_keys.iter() {
|
for (public_key_id, public_key) in self.public_keys.iter() {
|
||||||
let key_id_bytes = public_key_id.0.to_le_bytes();
|
let key_id_bytes = public_key_id.0.to_le_bytes();
|
||||||
let written_next = written + KeyID::len();
|
let written_next = written + KeyID::len();
|
||||||
|
@ -469,6 +463,12 @@ impl Record {
|
||||||
public_key.serialize_into(&mut raw[written..written_next]);
|
public_key.serialize_into(&mut raw[written..written_next]);
|
||||||
written = written_next;
|
written = written_next;
|
||||||
}
|
}
|
||||||
|
for address in self.addresses.iter() {
|
||||||
|
let len = address.len();
|
||||||
|
let written_next = written + len;
|
||||||
|
address.serialize_into(&mut raw[written..written_next]);
|
||||||
|
written = written_next;
|
||||||
|
}
|
||||||
for k_x in self.key_exchanges.iter() {
|
for k_x in self.key_exchanges.iter() {
|
||||||
raw[written] = *k_x as u8;
|
raw[written] = *k_x as u8;
|
||||||
written = written + 1;
|
written = written + 1;
|
||||||
|
@ -506,23 +506,6 @@ impl Record {
|
||||||
ciphers: Vec::with_capacity(num_ciphers),
|
ciphers: Vec::with_capacity(num_ciphers),
|
||||||
};
|
};
|
||||||
|
|
||||||
while num_addresses > 0 {
|
|
||||||
let (address, bytes) =
|
|
||||||
match Address::decode_raw(&raw[bytes_parsed..]) {
|
|
||||||
Ok(address) => address,
|
|
||||||
Err(Error::UnsupportedData(b)) => {
|
|
||||||
return Err(Error::UnsupportedData(bytes_parsed + b))
|
|
||||||
}
|
|
||||||
Err(Error::NotEnoughData(b)) => {
|
|
||||||
return Err(Error::NotEnoughData(bytes_parsed + b))
|
|
||||||
}
|
|
||||||
Err(e) => return Err(e),
|
|
||||||
};
|
|
||||||
bytes_parsed = bytes_parsed + bytes;
|
|
||||||
result.addresses.push(address);
|
|
||||||
num_addresses = num_addresses - 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
while num_public_keys > 0 {
|
while num_public_keys > 0 {
|
||||||
if bytes_parsed + 3 >= raw.len() {
|
if bytes_parsed + 3 >= raw.len() {
|
||||||
return Err(Error::NotEnoughData(bytes_parsed));
|
return Err(Error::NotEnoughData(bytes_parsed));
|
||||||
|
@ -558,6 +541,37 @@ impl Record {
|
||||||
result.public_keys.push((id, public_key));
|
result.public_keys.push((id, public_key));
|
||||||
num_public_keys = num_public_keys - 1;
|
num_public_keys = num_public_keys - 1;
|
||||||
}
|
}
|
||||||
|
while num_addresses > 0 {
|
||||||
|
let (address, bytes) =
|
||||||
|
match Address::decode_raw(&raw[bytes_parsed..]) {
|
||||||
|
Ok(address) => address,
|
||||||
|
Err(Error::UnsupportedData(b)) => {
|
||||||
|
return Err(Error::UnsupportedData(bytes_parsed + b))
|
||||||
|
}
|
||||||
|
Err(Error::NotEnoughData(b)) => {
|
||||||
|
return Err(Error::NotEnoughData(bytes_parsed + b))
|
||||||
|
}
|
||||||
|
Err(e) => return Err(e),
|
||||||
|
};
|
||||||
|
bytes_parsed = bytes_parsed + bytes;
|
||||||
|
result.addresses.push(address);
|
||||||
|
num_addresses = num_addresses - 1;
|
||||||
|
}
|
||||||
|
for addr in result.addresses.iter() {
|
||||||
|
for idx in addr.public_key_idx.iter() {
|
||||||
|
if idx.0 as usize >= result.public_keys.len() {
|
||||||
|
return Err(Error::Max16PublicKeys);
|
||||||
|
}
|
||||||
|
if !result.public_keys[idx.0 as usize]
|
||||||
|
.1
|
||||||
|
.kind()
|
||||||
|
.capabilities()
|
||||||
|
.has_exchange()
|
||||||
|
{
|
||||||
|
return Err(Error::UnsupportedData(bytes_parsed));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
if bytes_parsed + num_key_exchanges + num_hkdfs + num_ciphers
|
if bytes_parsed + num_key_exchanges + num_hkdfs + num_ciphers
|
||||||
!= raw.len()
|
!= raw.len()
|
||||||
{
|
{
|
||||||
|
@ -618,21 +632,6 @@ impl Record {
|
||||||
result.ciphers.push(cipher);
|
result.ciphers.push(cipher);
|
||||||
num_ciphers = num_ciphers - 1;
|
num_ciphers = num_ciphers - 1;
|
||||||
}
|
}
|
||||||
for addr in result.addresses.iter() {
|
|
||||||
for idx in addr.public_key_idx.iter() {
|
|
||||||
if idx.0 as usize >= result.public_keys.len() {
|
|
||||||
return Err(Error::Max16PublicKeys);
|
|
||||||
}
|
|
||||||
if !result.public_keys[idx.0 as usize]
|
|
||||||
.1
|
|
||||||
.kind()
|
|
||||||
.capabilities()
|
|
||||||
.has_exchange()
|
|
||||||
{
|
|
||||||
return Err(Error::UnsupportedData(bytes_parsed));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if bytes_parsed != raw.len() {
|
if bytes_parsed != raw.len() {
|
||||||
Err(Error::UnknownData(bytes_parsed))
|
Err(Error::UnknownData(bytes_parsed))
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in New Issue