-adding CERT record support to dnsparser

author: Christian Grothoff <christian@grothoff.org> 2013-12-06 21:57:50 +0000
committer: Christian Grothoff <christian@grothoff.org> 2013-12-06 21:57:50 +0000
commit: 7918527acf021ad8753ead08334d6a6ac71084c4 (patch)
tree: 5157211fc30fce830fd9b1e96e7f83681b351b70 /src
parent: 6332c8ffbc8f63a8006a3283b95f3e3abae1e8db (diff)
download: gnunet-7918527acf021ad8753ead08334d6a6ac71084c4.tar.gz
gnunet-7918527acf021ad8753ead08334d6a6ac71084c4.zip
3 files changed, 354 insertions, 10 deletions
diff --git a/src/dns/dnsparser.c b/src/dns/dnsparser.c
index 2f9fba0a6..d4306c374 100644
--- a/src/dns/dnsparser.c
+++ b/src/dns/dnsparser.c
@@ -118,6 +118,21 @@ GNUNET_DNSPARSER_free_soa (struct GNUNET_DNSPARSER_SoaRecord *soa)
 /**
+ * Free CERT information record.
+ *
+ * @param cert record to free
+ */
+void
+GNUNET_DNSPARSER_free_cert (struct GNUNET_DNSPARSER_CertRecord *cert)
+{
+  if (NULL == cert)
+    return;
+  GNUNET_free_non_null (cert->certificate_data);
+  GNUNET_free (cert);
+}
+/**
 * Free SRV information record.
 *
 * @param srv record to free
@@ -170,6 +185,9 @@ GNUNET_DNSPARSER_free_record (struct GNUNET_DNSPARSER_Record *r)
  case GNUNET_DNSPARSER_TYPE_SRV:
    GNUNET_DNSPARSER_free_srv (r->data.srv);
    break;
+  case GNUNET_DNSPARSER_TYPE_CERT:
+    GNUNET_DNSPARSER_free_cert (r->data.cert);
+    break;
  case GNUNET_DNSPARSER_TYPE_NS:
  case GNUNET_DNSPARSER_TYPE_CNAME:
  case GNUNET_DNSPARSER_TYPE_PTR:
@@ -545,6 +563,44 @@ GNUNET_DNSPARSER_parse_srv (const char *r_name,
 /**
+ * Parse a DNS CERT record.
+ *
+ * @param udp_payload reference to UDP packet
+ * @param udp_payload_length length of @a udp_payload
+ * @param off pointer to the offset of the query to parse in the CERT record (to be
+ *                    incremented by the size of the record), unchanged on error
+ * @return the parsed CERT record, NULL on error
+ */
+struct GNUNET_DNSPARSER_CertRecord *
+GNUNET_DNSPARSER_parse_cert (const char *udp_payload,
+                             size_t udp_payload_length,
+                             size_t *off)
+{
+  struct GNUNET_DNSPARSER_CertRecord *cert;
+  struct GNUNET_TUN_DnsCertRecord dcert;
+  if (*off + sizeof (struct GNUNET_TUN_DnsCertRecord) >= udp_payload_length)
+  {
+    GNUNET_break_op (0);
+    return NULL;
+  }
+  memcpy (&dcert, &udp_payload[*off], sizeof (struct GNUNET_TUN_DnsCertRecord));
+  (*off) += sizeof (sizeof (struct GNUNET_TUN_DnsCertRecord));
+  cert = GNUNET_new (struct GNUNET_DNSPARSER_CertRecord);
+  cert->cert_type = ntohs (dcert.cert_type);
+  cert->cert_tag = ntohs (dcert.cert_tag);
+  cert->algorithm = dcert.algorithm;
+  cert->certificate_size = udp_payload_length - (*off);
+  cert->certificate_data = GNUNET_malloc (cert->certificate_size);
+  memcpy (cert->certificate_data,
+          &udp_payload[*off],
+          cert->certificate_size);
+  (*off) += cert->certificate_size;
+  return cert;
+}
+/**
 * Parse a DNS record entry.
 *
 * @param udp_payload entire UDP payload
@@ -905,6 +961,46 @@ GNUNET_DNSPARSER_builder_add_mx (char *dst,
 /**
+ * Add a CERT record to the UDP packet at the given location.
+ *
+ * @param dst where to write the CERT record
+ * @param dst_len number of bytes in @a dst
+ * @param off pointer to offset where to write the CERT information (increment by bytes used);
+ *            can also change if there was an error
+ * @param cert CERT information to write
+ * @return #GNUNET_SYSERR if @a cert is invalid
+ *         #GNUNET_NO if @a cert did not fit
+ *         #GNUNET_OK if @a cert was added to @a dst
+ */
+int
+GNUNET_DNSPARSER_builder_add_cert (char *dst,
+                                   size_t dst_len,
+                                   size_t *off,
+                                   const struct GNUNET_DNSPARSER_CertRecord *cert)
+{
+  struct GNUNET_TUN_DnsCertRecord dcert;
+  if ( (cert->cert_type > UINT16_MAX) ||
+       (cert->cert_tag > UINT16_MAX) ||
+       (cert->algorithm > UINT8_MAX) )
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  if (*off + sizeof (struct GNUNET_TUN_DnsCertRecord) + cert->certificate_size > dst_len)
+    return GNUNET_NO;
+  dcert.cert_type = htons ((uint16_t) cert->cert_type);
+  dcert.cert_tag = htons ((uint16_t) cert->cert_tag);
+  dcert.algorithm = (uint8_t) cert->algorithm;
+  memcpy (&dst[*off], &dcert, sizeof (dcert));
+  (*off) += sizeof (dcert);
+  memcpy (&dst[*off], cert->certificate_data, cert->certificate_size);
+  (*off) += cert->certificate_size;
+  return GNUNET_OK;
+}
+/**
 * Add an SOA record to the UDP packet at the given location.
 *
 * @param dst where to write the SOA record
@@ -926,13 +1022,13 @@ GNUNET_DNSPARSER_builder_add_soa (char *dst,
  int ret;
  if ( (GNUNET_OK != (ret = GNUNET_DNSPARSER_builder_add_name (dst,
-                                      dst_len,
+                                                               dst_len,
-                                      off,
+                                                               off,
-                                      soa->mname))) ||
+                                                               soa->mname))) ||
       (GNUNET_OK != (ret = GNUNET_DNSPARSER_builder_add_name (dst,
-                                      dst_len,
+                                                               dst_len,
-                                      off,
+                                                               off,
-                                      soa->rname)) ) )
+                                                               soa->rname)) ) )
    return ret;
  if (*off + sizeof (struct GNUNET_TUN_DnsSoaRecord) > dst_len)
    return GNUNET_NO;
@@ -1032,6 +1128,9 @@ add_record (char *dst,
  case GNUNET_DNSPARSER_TYPE_MX:
    ret = GNUNET_DNSPARSER_builder_add_mx (dst, dst_len, &pos, record->data.mx);
    break;
+  case GNUNET_DNSPARSER_TYPE_CERT:
+    ret = GNUNET_DNSPARSER_builder_add_cert (dst, dst_len, &pos, record->data.cert);
+    break;
  case GNUNET_DNSPARSER_TYPE_SOA:
    ret = GNUNET_DNSPARSER_builder_add_soa (dst, dst_len, &pos, record->data.soa);
    break;
diff --git a/src/include/gnunet_dnsparser_lib.h b/src/include/gnunet_dnsparser_lib.h
index b6b9bcea9..68d0a5ebd 100644
--- a/src/include/gnunet_dnsparser_lib.h
+++ b/src/include/gnunet_dnsparser_lib.h
@@ -53,6 +53,7 @@
 #define GNUNET_DNSPARSER_TYPE_TXT 16
 #define GNUNET_DNSPARSER_TYPE_AAAA 28
 #define GNUNET_DNSPARSER_TYPE_SRV 33
+#define GNUNET_DNSPARSER_TYPE_CERT 37
 #define GNUNET_DNSPARSER_TYPE_TLSA 52
@@ -178,6 +179,171 @@ struct GNUNET_DNSPARSER_SrvRecord
 /**
+ * DNS CERT types as defined in RFC 4398.
+ */
+enum GNUNET_DNSPARSER_CertType
+{
+  /**
+   *  Reserved value
+   */
+  GNUNET_DNSPARSER_CERTTYPE_RESERVED = 0,
+  /**
+   * An x509 PKIX certificate
+   */
+  GNUNET_DNSPARSER_CERTTYPE_PKIX = 1,
+  /**
+   * A SKPI certificate
+   */
+  GNUNET_DNSPARSER_CERTTYPE_SKPI = 2,
+  /**
+   * A PGP certificate
+   */
+  GNUNET_DNSPARSER_CERTTYPE_PGP = 3,
+  /**
+   * An x509 PKIX cert URL
+   */
+  GNUNET_DNSPARSER_CERTTYPE_IPKIX = 4,
+  /**
+   * A SKPI cert URL
+   */
+  GNUNET_DNSPARSER_CERTTYPE_ISKPI = 5,
+  /**
+   * A PGP cert fingerprint and URL
+   */
+  GNUNET_DNSPARSER_CERTTYPE_IPGP = 6,
+  /**
+   * An attribute Certificate
+   */
+  GNUNET_DNSPARSER_CERTTYPE_ACPKIX = 7,
+  /**
+   * An attribute cert URL
+   */
+  GNUNET_DNSPARSER_CERTTYPE_IACKPIX = 8
+};
+/**
+ * DNSCERT algorithms as defined in http://www.iana.org/assignments/
+ *  dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml#dns-sec-alg-numbers-1
+ */
+enum GNUNET_DNSPARSER_CertAlgorithm
+{
+  /**
+   * No defined
+   */
+  GNUNET_DNSPARSER_CERTALGO_UNDEFINED = 0,
+  /**
+   * RSA/MD5
+   */
+  GNUNET_DNSPARSER_CERTALGO_RSAMD5 = 1,
+  /**
+   * Diffie-Hellman
+   */
+  GNUNET_DNSPARSER_CERTALGO_DH = 2,
+  /**
+   * DSA/SHA1
+   */
+  GNUNET_DNSPARSER_CERTALGO_DSASHA = 3,
+  /**
+   * Reserved
+   */
+  GNUNET_DNSPARSER_CERTALGO_RSRVD4 = 4,
+  /**
+   * RSA/SHA1
+   */
+  GNUNET_DNSPARSER_CERTALGO_RSASHA = 5,
+  /**
+   * DSA/NSEC3/SHA
+   */
+  GNUNET_DNSPARSER_CERTALGO_DSANSEC3 = 6,
+  /**
+   * RSA/NSEC3/SHA
+   */
+  GNUNET_DNSPARSER_CERTALGO_RSANSEC3 = 7,
+  /**
+   * RSA/SHA256
+   */
+  GNUNET_DNSPARSER_CERTALGO_RSASHA256 = 8,
+  /**
+   * Reserved
+   */
+  GNUNET_DNSPARSER_CERTALGO_RSRVD9 = 9,
+  /**
+   * RSA/SHA512
+   */
+  GNUNET_DNSPARSER_CERTALGO_RSASHA512 = 10,
+  /**
+   * GOST R 34.10-2001
+   */
+  GNUNET_DNSPARSER_CERTALGO_GOST_R34 = 12,
+  /**
+   * ECDSA Curve P-256/SHA256
+   */
+  GNUNET_DNSPARSER_CERTALGO_ECDSA_P256SHA256 = 13,
+  /**
+   * ECDSA Curve P-384/SHA384
+   */
+  GNUNET_DNSPARSER_CERTALGO_ECDSA_P384SHA384 = 14
+};
+/**
+ * Information from CERT records (RFC 4034).
+ */
+struct GNUNET_DNSPARSER_CertRecord
+{
+  /**
+   * Certificate type
+   */
+  enum GNUNET_DNSPARSER_CertType cert_type;
+  /**
+   * Certificate KeyTag
+   */
+  uint16_t cert_tag;
+  /**
+   * Algorithm
+   */
+  enum GNUNET_DNSPARSER_CertAlgorithm algorithm;
+  /**
+   * Number of bytes in @e certificate_data
+   */
+  size_t certificate_size;
+  /**
+   * Data of the certificate.
+   */
+  char *certificate_data;
+};
+/**
 * Information from SOA records (RFC 1035).
 */
 struct GNUNET_DNSPARSER_SoaRecord
@@ -288,6 +454,11 @@ struct GNUNET_DNSPARSER_Record
    struct GNUNET_DNSPARSER_SoaRecord *soa;
    /**
+     * CERT data for CERT records.
+     */
+    struct GNUNET_DNSPARSER_CertRecord *cert;
+    /**
     * MX data for MX records.
     */
    struct GNUNET_DNSPARSER_MxRecord *mx;
@@ -528,6 +699,25 @@ GNUNET_DNSPARSER_builder_add_soa (char *dst,
 /**
+ * Add CERT record to the UDP packet at the given location.
+ *
+ * @param dst where to write the CERT record
+ * @param dst_len number of bytes in @a dst
+ * @param off pointer to offset where to write the CERT information (increment by bytes used)
+ *            can also change if there was an error
+ * @param cert CERT information to write
+ * @return #GNUNET_SYSERR if @a soa is invalid
+ *         #GNUNET_NO if @a soa did not fit
+ *         #GNUNET_OK if @a soa was added to @a dst
+ */
+int
+GNUNET_DNSPARSER_builder_add_cert (char *dst,
+                                   size_t dst_len,
+                                   size_t *off,
+                                   const struct GNUNET_DNSPARSER_CertRecord *cert);
+/**
 * Add an SRV record to the UDP packet at the given location.
 *
 * @param dst where to write the SRV record
@@ -595,6 +785,7 @@ GNUNET_DNSPARSER_parse_query (const char *udp_payload,
                              size_t *off,
                              struct GNUNET_DNSPARSER_Query *q);
 /**
 * Parse a DNS SOA record.
 *
@@ -611,6 +802,21 @@ GNUNET_DNSPARSER_parse_soa (const char *udp_payload,
 /**
+ * Parse a DNS CERT record.
+ *
+ * @param udp_payload reference to UDP packet
+ * @param udp_payload_length length of @a udp_payload
+ * @param off pointer to the offset of the query to parse in the CERT record (to be
+ *                    incremented by the size of the record), unchanged on error
+ * @return the parsed CERT record, NULL on error
+ */
+struct GNUNET_DNSPARSER_CertRecord *
+GNUNET_DNSPARSER_parse_cert (const char *udp_payload,
+                             size_t udp_payload_length,
+                             size_t *off);
+/**
 * Parse a DNS MX record.
 *
 * @param udp_payload reference to UDP packet
@@ -679,4 +885,13 @@ void
 GNUNET_DNSPARSER_free_soa (struct GNUNET_DNSPARSER_SoaRecord *soa);
+/**
+ * Free CERT information record.
+ *
+ * @param cert record to free
+ */
+void
+GNUNET_DNSPARSER_free_cert (struct GNUNET_DNSPARSER_CertRecord *cert);
 #endif
diff --git a/src/include/gnunet_tun_lib.h b/src/include/gnunet_tun_lib.h
index efadc4d14..87b60a479 100644
--- a/src/include/gnunet_tun_lib.h
+++ b/src/include/gnunet_tun_lib.h
@@ -530,6 +530,31 @@ struct GNUNET_TUN_DnsSrvRecord
 /**
+ * Payload of DNS CERT record.
+ */
+struct GNUNET_TUN_DnsCertRecord
+{
+  /**
+   * Certificate type
+   */
+  uint16_t cert_type;
+  /**
+   * Certificate KeyTag
+   */
+  uint16_t cert_tag;
+  /**
+   * Algorithm
+   */
+  uint8_t algorithm;
+  /* Followed by the certificate */
+};
+/**
 * Payload of DNSSEC TLSA record.
 * http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/
 */
@@ -594,6 +619,7 @@ struct GNUNET_TUN_GnsVpnRecord
  /* followed by the servicename */
 };
 /**
 * DNS query prefix.
 */
@@ -658,16 +684,19 @@ struct GNUNET_TUN_DnsRecordLine
 /**
 * ICMP header.
 */
-struct GNUNET_TUN_IcmpHeader {
+struct GNUNET_TUN_IcmpHeader
+{
  uint8_t type;
  uint8_t code;
  uint16_t crc GNUNET_PACKED;
-  union {
+  union
+  {
    /**
     * ICMP Echo (request/reply)
     */
-    struct {
+    struct
+    {
      uint16_t  identifier GNUNET_PACKED;
      uint16_t  sequence_number GNUNET_PACKED;
    } echo;
@@ -675,7 +704,8 @@ struct GNUNET_TUN_IcmpHeader {
    /**
     * ICMP Destination Unreachable (RFC 1191)
     */
-    struct ih_pmtu {
+    struct ih_pmtu
+    {
      uint16_t empty GNUNET_PACKED;
      uint16_t next_hop_mtu GNUNET_PACKED;
      /* followed by original IP header + first 8 bytes of original IP datagram */
author	Christian Grothoff <christian@grothoff.org>	2013-12-06 21:57:50 +0000
committer	Christian Grothoff <christian@grothoff.org>	2013-12-06 21:57:50 +0000
commit	7918527acf021ad8753ead08334d6a6ac71084c4 (patch)
tree	5157211fc30fce830fd9b1e96e7f83681b351b70 /src
parent	6332c8ffbc8f63a8006a3283b95f3e3abae1e8db (diff)
download	gnunet-7918527acf021ad8753ead08334d6a6ac71084c4.tar.gz gnunet-7918527acf021ad8753ead08334d6a6ac71084c4.zip

diff --git a/src/dns/dnsparser.c b/src/dns/dnsparser.c index 2f9fba0a6..d4306c374 100644 --- a/src/dns/dnsparser.c +++ b/src/dns/dnsparser.c
@@ -118,6 +118,21 @@ GNUNET_DNSPARSER_free_soa (struct GNUNET_DNSPARSER_SoaRecord *soa)
118		118
119		119
120	/**	120	/**
		121	* Free CERT information record.
		122	*
		123	* @param cert record to free
		124	*/
		125	void
		126	GNUNET_DNSPARSER_free_cert (struct GNUNET_DNSPARSER_CertRecord *cert)
		127	{
		128	if (NULL == cert)
		129	return;
		130	GNUNET_free_non_null (cert->certificate_data);
		131	GNUNET_free (cert);
		132	}
		133
		134
		135	/**
121	* Free SRV information record.	136	* Free SRV information record.
122	*	137	*
123	* @param srv record to free	138	* @param srv record to free
@@ -170,6 +185,9 @@ GNUNET_DNSPARSER_free_record (struct GNUNET_DNSPARSER_Record *r)
170	case GNUNET_DNSPARSER_TYPE_SRV:	185	case GNUNET_DNSPARSER_TYPE_SRV:
171	GNUNET_DNSPARSER_free_srv (r->data.srv);	186	GNUNET_DNSPARSER_free_srv (r->data.srv);
172	break;	187	break;
		188	case GNUNET_DNSPARSER_TYPE_CERT:
		189	GNUNET_DNSPARSER_free_cert (r->data.cert);
		190	break;
173	case GNUNET_DNSPARSER_TYPE_NS:	191	case GNUNET_DNSPARSER_TYPE_NS:
174	case GNUNET_DNSPARSER_TYPE_CNAME:	192	case GNUNET_DNSPARSER_TYPE_CNAME:
175	case GNUNET_DNSPARSER_TYPE_PTR:	193	case GNUNET_DNSPARSER_TYPE_PTR:
@@ -545,6 +563,44 @@ GNUNET_DNSPARSER_parse_srv (const char *r_name,
545		563
546		564
547	/**	565	/**
		566	* Parse a DNS CERT record.
		567	*
		568	* @param udp_payload reference to UDP packet
		569	* @param udp_payload_length length of @a udp_payload
		570	* @param off pointer to the offset of the query to parse in the CERT record (to be
		571	* incremented by the size of the record), unchanged on error
		572	* @return the parsed CERT record, NULL on error
		573	*/
		574	struct GNUNET_DNSPARSER_CertRecord *
		575	GNUNET_DNSPARSER_parse_cert (const char *udp_payload,
		576	size_t udp_payload_length,
		577	size_t *off)
		578	{
		579	struct GNUNET_DNSPARSER_CertRecord *cert;
		580	struct GNUNET_TUN_DnsCertRecord dcert;
		581
		582	if (*off + sizeof (struct GNUNET_TUN_DnsCertRecord) >= udp_payload_length)
		583	{
		584	GNUNET_break_op (0);
		585	return NULL;
		586	}
		587	memcpy (&dcert, &udp_payload[*off], sizeof (struct GNUNET_TUN_DnsCertRecord));
		588	(*off) += sizeof (sizeof (struct GNUNET_TUN_DnsCertRecord));
		589	cert = GNUNET_new (struct GNUNET_DNSPARSER_CertRecord);
		590	cert->cert_type = ntohs (dcert.cert_type);
		591	cert->cert_tag = ntohs (dcert.cert_tag);
		592	cert->algorithm = dcert.algorithm;
		593	cert->certificate_size = udp_payload_length - (*off);
		594	cert->certificate_data = GNUNET_malloc (cert->certificate_size);
		595	memcpy (cert->certificate_data,
		596	&udp_payload[*off],
		597	cert->certificate_size);
		598	(*off) += cert->certificate_size;
		599	return cert;
		600	}
		601
		602
		603	/**
548	* Parse a DNS record entry.	604	* Parse a DNS record entry.
549	*	605	*
550	* @param udp_payload entire UDP payload	606	* @param udp_payload entire UDP payload
@@ -905,6 +961,46 @@ GNUNET_DNSPARSER_builder_add_mx (char *dst,
905		961
906		962
907	/**	963	/**
		964	* Add a CERT record to the UDP packet at the given location.
		965	*
		966	* @param dst where to write the CERT record
		967	* @param dst_len number of bytes in @a dst
		968	* @param off pointer to offset where to write the CERT information (increment by bytes used);
		969	* can also change if there was an error
		970	* @param cert CERT information to write
		971	* @return #GNUNET_SYSERR if @a cert is invalid
		972	* #GNUNET_NO if @a cert did not fit
		973	* #GNUNET_OK if @a cert was added to @a dst
		974	*/
		975	int
		976	GNUNET_DNSPARSER_builder_add_cert (char *dst,
		977	size_t dst_len,
		978	size_t *off,
		979	const struct GNUNET_DNSPARSER_CertRecord *cert)
		980	{
		981	struct GNUNET_TUN_DnsCertRecord dcert;
		982
		983	if ( (cert->cert_type > UINT16_MAX) \|\|
		984	(cert->cert_tag > UINT16_MAX) \|\|
		985	(cert->algorithm > UINT8_MAX) )
		986	{
		987	GNUNET_break (0);
		988	return GNUNET_SYSERR;
		989	}
		990	if (*off + sizeof (struct GNUNET_TUN_DnsCertRecord) + cert->certificate_size > dst_len)
		991	return GNUNET_NO;
		992	dcert.cert_type = htons ((uint16_t) cert->cert_type);
		993	dcert.cert_tag = htons ((uint16_t) cert->cert_tag);
		994	dcert.algorithm = (uint8_t) cert->algorithm;
		995	memcpy (&dst[*off], &dcert, sizeof (dcert));
		996	(*off) += sizeof (dcert);
		997	memcpy (&dst[*off], cert->certificate_data, cert->certificate_size);
		998	(*off) += cert->certificate_size;
		999	return GNUNET_OK;
		1000	}
		1001
		1002
		1003	/**
908	* Add an SOA record to the UDP packet at the given location.	1004	* Add an SOA record to the UDP packet at the given location.
909	*	1005	*
910	* @param dst where to write the SOA record	1006	* @param dst where to write the SOA record
@@ -926,13 +1022,13 @@ GNUNET_DNSPARSER_builder_add_soa (char *dst,
926	int ret;	1022	int ret;
927		1023
928	if ( (GNUNET_OK != (ret = GNUNET_DNSPARSER_builder_add_name (dst,	1024	if ( (GNUNET_OK != (ret = GNUNET_DNSPARSER_builder_add_name (dst,
929	dst_len,	1025	dst_len,
930	off,	1026	off,
931	soa->mname))) \|\|	1027	soa->mname))) \|\|
932	(GNUNET_OK != (ret = GNUNET_DNSPARSER_builder_add_name (dst,	1028	(GNUNET_OK != (ret = GNUNET_DNSPARSER_builder_add_name (dst,
933	dst_len,	1029	dst_len,
934	off,	1030	off,
935	soa->rname)) ) )	1031	soa->rname)) ) )
936	return ret;	1032	return ret;
937	if (*off + sizeof (struct GNUNET_TUN_DnsSoaRecord) > dst_len)	1033	if (*off + sizeof (struct GNUNET_TUN_DnsSoaRecord) > dst_len)
938	return GNUNET_NO;	1034	return GNUNET_NO;
@@ -1032,6 +1128,9 @@ add_record (char *dst,
1032	case GNUNET_DNSPARSER_TYPE_MX:	1128	case GNUNET_DNSPARSER_TYPE_MX:
1033	ret = GNUNET_DNSPARSER_builder_add_mx (dst, dst_len, &pos, record->data.mx);	1129	ret = GNUNET_DNSPARSER_builder_add_mx (dst, dst_len, &pos, record->data.mx);
1034	break;	1130	break;
		1131	case GNUNET_DNSPARSER_TYPE_CERT:
		1132	ret = GNUNET_DNSPARSER_builder_add_cert (dst, dst_len, &pos, record->data.cert);
		1133	break;
1035	case GNUNET_DNSPARSER_TYPE_SOA:	1134	case GNUNET_DNSPARSER_TYPE_SOA:
1036	ret = GNUNET_DNSPARSER_builder_add_soa (dst, dst_len, &pos, record->data.soa);	1135	ret = GNUNET_DNSPARSER_builder_add_soa (dst, dst_len, &pos, record->data.soa);
1037	break;	1136	break;


diff --git a/src/include/gnunet_dnsparser_lib.h b/src/include/gnunet_dnsparser_lib.h index b6b9bcea9..68d0a5ebd 100644 --- a/src/include/gnunet_dnsparser_lib.h +++ b/src/include/gnunet_dnsparser_lib.h
@@ -53,6 +53,7 @@
53	#define GNUNET_DNSPARSER_TYPE_TXT 16	53	#define GNUNET_DNSPARSER_TYPE_TXT 16
54	#define GNUNET_DNSPARSER_TYPE_AAAA 28	54	#define GNUNET_DNSPARSER_TYPE_AAAA 28
55	#define GNUNET_DNSPARSER_TYPE_SRV 33	55	#define GNUNET_DNSPARSER_TYPE_SRV 33
		56	#define GNUNET_DNSPARSER_TYPE_CERT 37
56	#define GNUNET_DNSPARSER_TYPE_TLSA 52	57	#define GNUNET_DNSPARSER_TYPE_TLSA 52
57		58
58		59
@@ -178,6 +179,171 @@ struct GNUNET_DNSPARSER_SrvRecord
178		179
179		180
180	/**	181	/**
		182	* DNS CERT types as defined in RFC 4398.
		183	*/
		184	enum GNUNET_DNSPARSER_CertType
		185	{
		186	/**
		187	* Reserved value
		188	*/
		189	GNUNET_DNSPARSER_CERTTYPE_RESERVED = 0,
		190
		191	/**
		192	* An x509 PKIX certificate
		193	*/
		194	GNUNET_DNSPARSER_CERTTYPE_PKIX = 1,
		195
		196	/**
		197	* A SKPI certificate
		198	*/
		199	GNUNET_DNSPARSER_CERTTYPE_SKPI = 2,
		200
		201	/**
		202	* A PGP certificate
		203	*/
		204	GNUNET_DNSPARSER_CERTTYPE_PGP = 3,
		205
		206	/**
		207	* An x509 PKIX cert URL
		208	*/
		209	GNUNET_DNSPARSER_CERTTYPE_IPKIX = 4,
		210
		211	/**
		212	* A SKPI cert URL
		213	*/
		214	GNUNET_DNSPARSER_CERTTYPE_ISKPI = 5,
		215
		216	/**
		217	* A PGP cert fingerprint and URL
		218	*/
		219	GNUNET_DNSPARSER_CERTTYPE_IPGP = 6,
		220
		221	/**
		222	* An attribute Certificate
		223	*/
		224	GNUNET_DNSPARSER_CERTTYPE_ACPKIX = 7,
		225
		226	/**
		227	* An attribute cert URL
		228	*/
		229	GNUNET_DNSPARSER_CERTTYPE_IACKPIX = 8
		230	};
		231
		232
		233	/**
		234	* DNSCERT algorithms as defined in http://www.iana.org/assignments/
		235	* dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml#dns-sec-alg-numbers-1
		236	*/
		237	enum GNUNET_DNSPARSER_CertAlgorithm
		238	{
		239	/**
		240	* No defined
		241	*/
		242	GNUNET_DNSPARSER_CERTALGO_UNDEFINED = 0,
		243
		244	/**
		245	* RSA/MD5
		246	*/
		247	GNUNET_DNSPARSER_CERTALGO_RSAMD5 = 1,
		248
		249	/**
		250	* Diffie-Hellman
		251	*/
		252	GNUNET_DNSPARSER_CERTALGO_DH = 2,
		253
		254	/**
		255	* DSA/SHA1
		256	*/
		257	GNUNET_DNSPARSER_CERTALGO_DSASHA = 3,
		258
		259	/**
		260	* Reserved
		261	*/
		262	GNUNET_DNSPARSER_CERTALGO_RSRVD4 = 4,
		263
		264	/**
		265	* RSA/SHA1
		266	*/
		267	GNUNET_DNSPARSER_CERTALGO_RSASHA = 5,
		268
		269	/**
		270	* DSA/NSEC3/SHA
		271	*/
		272	GNUNET_DNSPARSER_CERTALGO_DSANSEC3 = 6,
		273
		274	/**
		275	* RSA/NSEC3/SHA
		276	*/
		277	GNUNET_DNSPARSER_CERTALGO_RSANSEC3 = 7,
		278
		279	/**
		280	* RSA/SHA256
		281	*/
		282	GNUNET_DNSPARSER_CERTALGO_RSASHA256 = 8,
		283
		284	/**
		285	* Reserved
		286	*/
		287	GNUNET_DNSPARSER_CERTALGO_RSRVD9 = 9,
		288
		289	/**
		290	* RSA/SHA512
		291	*/
		292	GNUNET_DNSPARSER_CERTALGO_RSASHA512 = 10,
		293
		294	/**
		295	* GOST R 34.10-2001
		296	*/
		297	GNUNET_DNSPARSER_CERTALGO_GOST_R34 = 12,
		298
		299	/**
		300	* ECDSA Curve P-256/SHA256
		301	*/
		302	GNUNET_DNSPARSER_CERTALGO_ECDSA_P256SHA256 = 13,
		303
		304	/**
		305	* ECDSA Curve P-384/SHA384
		306	*/
		307	GNUNET_DNSPARSER_CERTALGO_ECDSA_P384SHA384 = 14
		308
		309	};
		310
		311
		312	/**
		313	* Information from CERT records (RFC 4034).
		314	*/
		315	struct GNUNET_DNSPARSER_CertRecord
		316	{
		317
		318	/**
		319	* Certificate type
		320	*/
		321	enum GNUNET_DNSPARSER_CertType cert_type;
		322
		323	/**
		324	* Certificate KeyTag
		325	*/
		326	uint16_t cert_tag;
		327
		328	/**
		329	* Algorithm
		330	*/
		331	enum GNUNET_DNSPARSER_CertAlgorithm algorithm;
		332
		333	/**
		334	* Number of bytes in @e certificate_data
		335	*/
		336	size_t certificate_size;
		337
		338	/**
		339	* Data of the certificate.
		340	*/
		341	char *certificate_data;
		342
		343	};
		344
		345
		346	/**
181	* Information from SOA records (RFC 1035).	347	* Information from SOA records (RFC 1035).
182	*/	348	*/
183	struct GNUNET_DNSPARSER_SoaRecord	349	struct GNUNET_DNSPARSER_SoaRecord
@@ -288,6 +454,11 @@ struct GNUNET_DNSPARSER_Record
288	struct GNUNET_DNSPARSER_SoaRecord *soa;	454	struct GNUNET_DNSPARSER_SoaRecord *soa;
289		455
290	/**	456	/**
		457	* CERT data for CERT records.
		458	*/
		459	struct GNUNET_DNSPARSER_CertRecord *cert;
		460
		461	/**
291	* MX data for MX records.	462	* MX data for MX records.
292	*/	463	*/
293	struct GNUNET_DNSPARSER_MxRecord *mx;	464	struct GNUNET_DNSPARSER_MxRecord *mx;
@@ -528,6 +699,25 @@ GNUNET_DNSPARSER_builder_add_soa (char *dst,
528		699
529		700
530	/**	701	/**
		702	* Add CERT record to the UDP packet at the given location.
		703	*
		704	* @param dst where to write the CERT record
		705	* @param dst_len number of bytes in @a dst
		706	* @param off pointer to offset where to write the CERT information (increment by bytes used)
		707	* can also change if there was an error
		708	* @param cert CERT information to write
		709	* @return #GNUNET_SYSERR if @a soa is invalid
		710	* #GNUNET_NO if @a soa did not fit
		711	* #GNUNET_OK if @a soa was added to @a dst
		712	*/
		713	int
		714	GNUNET_DNSPARSER_builder_add_cert (char *dst,
		715	size_t dst_len,
		716	size_t *off,
		717	const struct GNUNET_DNSPARSER_CertRecord *cert);
		718
		719
		720	/**
531	* Add an SRV record to the UDP packet at the given location.	721	* Add an SRV record to the UDP packet at the given location.
532	*	722	*
533	* @param dst where to write the SRV record	723	* @param dst where to write the SRV record
@@ -595,6 +785,7 @@ GNUNET_DNSPARSER_parse_query (const char *udp_payload,
595	size_t *off,	785	size_t *off,
596	struct GNUNET_DNSPARSER_Query *q);	786	struct GNUNET_DNSPARSER_Query *q);
597		787
		788
598	/**	789	/**
599	* Parse a DNS SOA record.	790	* Parse a DNS SOA record.
600	*	791	*
@@ -611,6 +802,21 @@ GNUNET_DNSPARSER_parse_soa (const char *udp_payload,
611		802
612		803
613	/**	804	/**
		805	* Parse a DNS CERT record.
		806	*
		807	* @param udp_payload reference to UDP packet
		808	* @param udp_payload_length length of @a udp_payload
		809	* @param off pointer to the offset of the query to parse in the CERT record (to be
		810	* incremented by the size of the record), unchanged on error
		811	* @return the parsed CERT record, NULL on error
		812	*/
		813	struct GNUNET_DNSPARSER_CertRecord *
		814	GNUNET_DNSPARSER_parse_cert (const char *udp_payload,
		815	size_t udp_payload_length,
		816	size_t *off);
		817
		818
		819	/**
614	* Parse a DNS MX record.	820	* Parse a DNS MX record.
615	*	821	*
616	* @param udp_payload reference to UDP packet	822	* @param udp_payload reference to UDP packet
@@ -679,4 +885,13 @@ void
679	GNUNET_DNSPARSER_free_soa (struct GNUNET_DNSPARSER_SoaRecord *soa);	885	GNUNET_DNSPARSER_free_soa (struct GNUNET_DNSPARSER_SoaRecord *soa);
680		886
681		887
		888	/**
		889	* Free CERT information record.
		890	*
		891	* @param cert record to free
		892	*/
		893	void
		894	GNUNET_DNSPARSER_free_cert (struct GNUNET_DNSPARSER_CertRecord *cert);
		895
		896
682	#endif	897	#endif


diff --git a/src/include/gnunet_tun_lib.h b/src/include/gnunet_tun_lib.h index efadc4d14..87b60a479 100644 --- a/src/include/gnunet_tun_lib.h +++ b/src/include/gnunet_tun_lib.h
@@ -530,6 +530,31 @@ struct GNUNET_TUN_DnsSrvRecord
530		530
531		531
532	/**	532	/**
		533	* Payload of DNS CERT record.
		534	*/
		535	struct GNUNET_TUN_DnsCertRecord
		536	{
		537
		538	/**
		539	* Certificate type
		540	*/
		541	uint16_t cert_type;
		542
		543	/**
		544	* Certificate KeyTag
		545	*/
		546	uint16_t cert_tag;
		547
		548	/**
		549	* Algorithm
		550	*/
		551	uint8_t algorithm;
		552
		553	/* Followed by the certificate */
		554	};
		555
		556
		557	/**
533	* Payload of DNSSEC TLSA record.	558	* Payload of DNSSEC TLSA record.
534	* http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/	559	* http://datatracker.ietf.org/doc/draft-ietf-dane-protocol/
535	*/	560	*/
@@ -594,6 +619,7 @@ struct GNUNET_TUN_GnsVpnRecord
594	/* followed by the servicename */	619	/* followed by the servicename */
595	};	620	};
596		621
		622
597	/**	623	/**
598	* DNS query prefix.	624	* DNS query prefix.
599	*/	625	*/
@@ -658,16 +684,19 @@ struct GNUNET_TUN_DnsRecordLine
658	/**	684	/**
659	* ICMP header.	685	* ICMP header.
660	*/	686	*/
661	struct GNUNET_TUN_IcmpHeader {	687	struct GNUNET_TUN_IcmpHeader
		688	{
662	uint8_t type;	689	uint8_t type;
663	uint8_t code;	690	uint8_t code;
664	uint16_t crc GNUNET_PACKED;	691	uint16_t crc GNUNET_PACKED;
665		692
666	union {	693	union
		694	{
667	/**	695	/**
668	* ICMP Echo (request/reply)	696	* ICMP Echo (request/reply)
669	*/	697	*/
670	struct {	698	struct
		699	{
671	uint16_t identifier GNUNET_PACKED;	700	uint16_t identifier GNUNET_PACKED;
672	uint16_t sequence_number GNUNET_PACKED;	701	uint16_t sequence_number GNUNET_PACKED;
673	} echo;	702	} echo;
@@ -675,7 +704,8 @@ struct GNUNET_TUN_IcmpHeader {
675	/**	704	/**
676	* ICMP Destination Unreachable (RFC 1191)	705	* ICMP Destination Unreachable (RFC 1191)
677	*/	706	*/
678	struct ih_pmtu {	707	struct ih_pmtu
		708	{
679	uint16_t empty GNUNET_PACKED;	709	uint16_t empty GNUNET_PACKED;
680	uint16_t next_hop_mtu GNUNET_PACKED;	710	uint16_t next_hop_mtu GNUNET_PACKED;
681	/* followed by original IP header + first 8 bytes of original IP datagram */	711	/* followed by original IP header + first 8 bytes of original IP datagram */