1 /* SPDX-License-Identifier: LGPL-2.1+ */
5 #include "alloc-util.h"
6 #include "dns-domain.h"
10 #include "memory-util.h"
11 #include "resolved-dns-dnssec.h"
12 #include "resolved-dns-packet.h"
13 #include "resolved-dns-rr.h"
14 #include "string-table.h"
15 #include "string-util.h"
17 #include "terminal-util.h"
19 DnsResourceKey
* dns_resource_key_new(uint16_t class, uint16_t type
, const char *name
) {
26 k
= malloc0(sizeof(DnsResourceKey
) + l
+ 1);
34 strcpy((char*) k
+ sizeof(DnsResourceKey
), name
);
39 DnsResourceKey
* dns_resource_key_new_redirect(const DnsResourceKey
*key
, const DnsResourceRecord
*cname
) {
45 assert(IN_SET(cname
->key
->type
, DNS_TYPE_CNAME
, DNS_TYPE_DNAME
));
47 if (cname
->key
->type
== DNS_TYPE_CNAME
)
48 return dns_resource_key_new(key
->class, key
->type
, cname
->cname
.name
);
51 char *destination
= NULL
;
53 r
= dns_name_change_suffix(dns_resource_key_name(key
), dns_resource_key_name(cname
->key
), cname
->dname
.name
, &destination
);
57 return dns_resource_key_ref((DnsResourceKey
*) key
);
59 k
= dns_resource_key_new_consume(key
->class, key
->type
, destination
);
61 return mfree(destination
);
67 int dns_resource_key_new_append_suffix(DnsResourceKey
**ret
, DnsResourceKey
*key
, char *name
) {
68 DnsResourceKey
*new_key
;
76 if (dns_name_is_root(name
)) {
77 *ret
= dns_resource_key_ref(key
);
81 r
= dns_name_concat(dns_resource_key_name(key
), name
, 0, &joined
);
85 new_key
= dns_resource_key_new_consume(key
->class, key
->type
, joined
);
95 DnsResourceKey
* dns_resource_key_new_consume(uint16_t class, uint16_t type
, char *name
) {
100 k
= new(DnsResourceKey
, 1);
104 *k
= (DnsResourceKey
) {
114 DnsResourceKey
* dns_resource_key_ref(DnsResourceKey
*k
) {
119 /* Static/const keys created with DNS_RESOURCE_KEY_CONST will
120 * set this to -1, they should not be reffed/unreffed */
121 assert(k
->n_ref
!= (unsigned) -1);
123 assert(k
->n_ref
> 0);
129 DnsResourceKey
* dns_resource_key_unref(DnsResourceKey
*k
) {
133 assert(k
->n_ref
!= (unsigned) -1);
134 assert(k
->n_ref
> 0);
145 const char* dns_resource_key_name(const DnsResourceKey
*key
) {
154 name
= (char*) key
+ sizeof(DnsResourceKey
);
156 if (dns_name_is_root(name
))
162 bool dns_resource_key_is_address(const DnsResourceKey
*key
) {
165 /* Check if this is an A or AAAA resource key */
167 return key
->class == DNS_CLASS_IN
&& IN_SET(key
->type
, DNS_TYPE_A
, DNS_TYPE_AAAA
);
170 bool dns_resource_key_is_dnssd_ptr(const DnsResourceKey
*key
) {
173 /* Check if this is a PTR resource key used in
174 Service Instance Enumeration as described in RFC6763 p4.1. */
176 if (key
->type
!= DNS_TYPE_PTR
)
179 return dns_name_endswith(dns_resource_key_name(key
), "_tcp.local") ||
180 dns_name_endswith(dns_resource_key_name(key
), "_udp.local");
183 int dns_resource_key_equal(const DnsResourceKey
*a
, const DnsResourceKey
*b
) {
189 r
= dns_name_equal(dns_resource_key_name(a
), dns_resource_key_name(b
));
193 if (a
->class != b
->class)
196 if (a
->type
!= b
->type
)
202 int dns_resource_key_match_rr(const DnsResourceKey
*key
, DnsResourceRecord
*rr
, const char *search_domain
) {
211 /* Checks if an rr matches the specified key. If a search
212 * domain is specified, it will also be checked if the key
213 * with the search domain suffixed might match the RR. */
215 if (rr
->key
->class != key
->class && key
->class != DNS_CLASS_ANY
)
218 if (rr
->key
->type
!= key
->type
&& key
->type
!= DNS_TYPE_ANY
)
221 r
= dns_name_equal(dns_resource_key_name(rr
->key
), dns_resource_key_name(key
));
226 _cleanup_free_
char *joined
= NULL
;
228 r
= dns_name_concat(dns_resource_key_name(key
), search_domain
, 0, &joined
);
232 return dns_name_equal(dns_resource_key_name(rr
->key
), joined
);
238 int dns_resource_key_match_cname_or_dname(const DnsResourceKey
*key
, const DnsResourceKey
*cname
, const char *search_domain
) {
244 if (cname
->class != key
->class && key
->class != DNS_CLASS_ANY
)
247 if (cname
->type
== DNS_TYPE_CNAME
)
248 r
= dns_name_equal(dns_resource_key_name(key
), dns_resource_key_name(cname
));
249 else if (cname
->type
== DNS_TYPE_DNAME
)
250 r
= dns_name_endswith(dns_resource_key_name(key
), dns_resource_key_name(cname
));
258 _cleanup_free_
char *joined
= NULL
;
260 r
= dns_name_concat(dns_resource_key_name(key
), search_domain
, 0, &joined
);
264 if (cname
->type
== DNS_TYPE_CNAME
)
265 return dns_name_equal(joined
, dns_resource_key_name(cname
));
266 else if (cname
->type
== DNS_TYPE_DNAME
)
267 return dns_name_endswith(joined
, dns_resource_key_name(cname
));
273 int dns_resource_key_match_soa(const DnsResourceKey
*key
, const DnsResourceKey
*soa
) {
277 /* Checks whether 'soa' is a SOA record for the specified key. */
279 if (soa
->class != key
->class)
282 if (soa
->type
!= DNS_TYPE_SOA
)
285 return dns_name_endswith(dns_resource_key_name(key
), dns_resource_key_name(soa
));
288 static void dns_resource_key_hash_func(const DnsResourceKey
*k
, struct siphash
*state
) {
291 dns_name_hash_func(dns_resource_key_name(k
), state
);
292 siphash24_compress(&k
->class, sizeof(k
->class), state
);
293 siphash24_compress(&k
->type
, sizeof(k
->type
), state
);
296 static int dns_resource_key_compare_func(const DnsResourceKey
*x
, const DnsResourceKey
*y
) {
299 ret
= dns_name_compare_func(dns_resource_key_name(x
), dns_resource_key_name(y
));
303 ret
= CMP(x
->type
, y
->type
);
307 ret
= CMP(x
->class, y
->class);
314 DEFINE_HASH_OPS(dns_resource_key_hash_ops
, DnsResourceKey
, dns_resource_key_hash_func
, dns_resource_key_compare_func
);
316 char* dns_resource_key_to_string(const DnsResourceKey
*key
, char *buf
, size_t buf_size
) {
320 /* If we cannot convert the CLASS/TYPE into a known string,
321 use the format recommended by RFC 3597, Section 5. */
323 c
= dns_class_to_string(key
->class);
324 t
= dns_type_to_string(key
->type
);
326 snprintf(buf
, buf_size
, "%s %s%s%.0u %s%s%.0u",
327 dns_resource_key_name(key
),
328 strempty(c
), c
? "" : "CLASS", c
? 0 : key
->class,
329 strempty(t
), t
? "" : "TYPE", t
? 0 : key
->type
);
334 bool dns_resource_key_reduce(DnsResourceKey
**a
, DnsResourceKey
**b
) {
338 /* Try to replace one RR key by another if they are identical, thus saving a bit of memory. Note that we do
339 * this only for RR keys, not for RRs themselves, as they carry a lot of additional metadata (where they come
340 * from, validity data, and suchlike), and cannot be replaced so easily by other RRs that have the same
341 * superficial data. */
348 /* We refuse merging const keys */
349 if ((*a
)->n_ref
== (unsigned) -1)
351 if ((*b
)->n_ref
== (unsigned) -1)
354 /* Already the same? */
358 /* Are they really identical? */
359 if (dns_resource_key_equal(*a
, *b
) <= 0)
362 /* Keep the one which already has more references. */
363 if ((*a
)->n_ref
> (*b
)->n_ref
) {
364 dns_resource_key_unref(*b
);
365 *b
= dns_resource_key_ref(*a
);
367 dns_resource_key_unref(*a
);
368 *a
= dns_resource_key_ref(*b
);
374 DnsResourceRecord
* dns_resource_record_new(DnsResourceKey
*key
) {
375 DnsResourceRecord
*rr
;
377 rr
= new(DnsResourceRecord
, 1);
381 *rr
= (DnsResourceRecord
) {
383 .key
= dns_resource_key_ref(key
),
384 .expiry
= USEC_INFINITY
,
385 .n_skip_labels_signer
= (unsigned) -1,
386 .n_skip_labels_source
= (unsigned) -1,
392 DnsResourceRecord
* dns_resource_record_new_full(uint16_t class, uint16_t type
, const char *name
) {
393 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
395 key
= dns_resource_key_new(class, type
, name
);
399 return dns_resource_record_new(key
);
402 static DnsResourceRecord
* dns_resource_record_free(DnsResourceRecord
*rr
) {
406 switch(rr
->key
->type
) {
426 dns_txt_item_free_all(rr
->txt
.items
);
435 free(rr
->mx
.exchange
);
443 free(rr
->sshfp
.fingerprint
);
446 case DNS_TYPE_DNSKEY
:
447 free(rr
->dnskey
.key
);
451 free(rr
->rrsig
.signer
);
452 free(rr
->rrsig
.signature
);
456 free(rr
->nsec
.next_domain_name
);
457 bitmap_free(rr
->nsec
.types
);
461 free(rr
->nsec3
.next_hashed_name
);
462 free(rr
->nsec3
.salt
);
463 bitmap_free(rr
->nsec3
.types
);
480 case DNS_TYPE_OPENPGPKEY
:
483 free(rr
->generic
.data
);
487 free(rr
->generic
.data
);
489 free(rr
->wire_format
);
490 dns_resource_key_unref(rr
->key
);
497 DEFINE_TRIVIAL_REF_UNREF_FUNC(DnsResourceRecord
, dns_resource_record
, dns_resource_record_free
);
499 int dns_resource_record_new_reverse(DnsResourceRecord
**ret
, int family
, const union in_addr_union
*address
, const char *hostname
) {
500 _cleanup_(dns_resource_key_unrefp
) DnsResourceKey
*key
= NULL
;
501 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*rr
= NULL
;
502 _cleanup_free_
char *ptr
= NULL
;
509 r
= dns_name_reverse(family
, address
, &ptr
);
513 key
= dns_resource_key_new_consume(DNS_CLASS_IN
, DNS_TYPE_PTR
, ptr
);
519 rr
= dns_resource_record_new(key
);
523 rr
->ptr
.name
= strdup(hostname
);
532 int dns_resource_record_new_address(DnsResourceRecord
**ret
, int family
, const union in_addr_union
*address
, const char *name
) {
533 DnsResourceRecord
*rr
;
539 if (family
== AF_INET
) {
541 rr
= dns_resource_record_new_full(DNS_CLASS_IN
, DNS_TYPE_A
, name
);
545 rr
->a
.in_addr
= address
->in
;
547 } else if (family
== AF_INET6
) {
549 rr
= dns_resource_record_new_full(DNS_CLASS_IN
, DNS_TYPE_AAAA
, name
);
553 rr
->aaaa
.in6_addr
= address
->in6
;
555 return -EAFNOSUPPORT
;
562 #define FIELD_EQUAL(a, b, field) \
563 ((a).field ## _size == (b).field ## _size && \
564 memcmp_safe((a).field, (b).field, (a).field ## _size) == 0)
566 int dns_resource_record_payload_equal(const DnsResourceRecord
*a
, const DnsResourceRecord
*b
) {
569 /* Check if a and b are the same, but don't look at their keys */
571 if (a
->unparsable
!= b
->unparsable
)
574 switch (a
->unparsable
? _DNS_TYPE_INVALID
: a
->key
->type
) {
577 r
= dns_name_equal(a
->srv
.name
, b
->srv
.name
);
581 return a
->srv
.priority
== b
->srv
.priority
&&
582 a
->srv
.weight
== b
->srv
.weight
&&
583 a
->srv
.port
== b
->srv
.port
;
589 return dns_name_equal(a
->ptr
.name
, b
->ptr
.name
);
592 return strcaseeq(a
->hinfo
.cpu
, b
->hinfo
.cpu
) &&
593 strcaseeq(a
->hinfo
.os
, b
->hinfo
.os
);
595 case DNS_TYPE_SPF
: /* exactly the same as TXT */
597 return dns_txt_item_equal(a
->txt
.items
, b
->txt
.items
);
600 return memcmp(&a
->a
.in_addr
, &b
->a
.in_addr
, sizeof(struct in_addr
)) == 0;
603 return memcmp(&a
->aaaa
.in6_addr
, &b
->aaaa
.in6_addr
, sizeof(struct in6_addr
)) == 0;
606 r
= dns_name_equal(a
->soa
.mname
, b
->soa
.mname
);
609 r
= dns_name_equal(a
->soa
.rname
, b
->soa
.rname
);
613 return a
->soa
.serial
== b
->soa
.serial
&&
614 a
->soa
.refresh
== b
->soa
.refresh
&&
615 a
->soa
.retry
== b
->soa
.retry
&&
616 a
->soa
.expire
== b
->soa
.expire
&&
617 a
->soa
.minimum
== b
->soa
.minimum
;
620 if (a
->mx
.priority
!= b
->mx
.priority
)
623 return dns_name_equal(a
->mx
.exchange
, b
->mx
.exchange
);
626 assert(a
->loc
.version
== b
->loc
.version
);
628 return a
->loc
.size
== b
->loc
.size
&&
629 a
->loc
.horiz_pre
== b
->loc
.horiz_pre
&&
630 a
->loc
.vert_pre
== b
->loc
.vert_pre
&&
631 a
->loc
.latitude
== b
->loc
.latitude
&&
632 a
->loc
.longitude
== b
->loc
.longitude
&&
633 a
->loc
.altitude
== b
->loc
.altitude
;
636 return a
->ds
.key_tag
== b
->ds
.key_tag
&&
637 a
->ds
.algorithm
== b
->ds
.algorithm
&&
638 a
->ds
.digest_type
== b
->ds
.digest_type
&&
639 FIELD_EQUAL(a
->ds
, b
->ds
, digest
);
642 return a
->sshfp
.algorithm
== b
->sshfp
.algorithm
&&
643 a
->sshfp
.fptype
== b
->sshfp
.fptype
&&
644 FIELD_EQUAL(a
->sshfp
, b
->sshfp
, fingerprint
);
646 case DNS_TYPE_DNSKEY
:
647 return a
->dnskey
.flags
== b
->dnskey
.flags
&&
648 a
->dnskey
.protocol
== b
->dnskey
.protocol
&&
649 a
->dnskey
.algorithm
== b
->dnskey
.algorithm
&&
650 FIELD_EQUAL(a
->dnskey
, b
->dnskey
, key
);
653 /* do the fast comparisons first */
654 return a
->rrsig
.type_covered
== b
->rrsig
.type_covered
&&
655 a
->rrsig
.algorithm
== b
->rrsig
.algorithm
&&
656 a
->rrsig
.labels
== b
->rrsig
.labels
&&
657 a
->rrsig
.original_ttl
== b
->rrsig
.original_ttl
&&
658 a
->rrsig
.expiration
== b
->rrsig
.expiration
&&
659 a
->rrsig
.inception
== b
->rrsig
.inception
&&
660 a
->rrsig
.key_tag
== b
->rrsig
.key_tag
&&
661 FIELD_EQUAL(a
->rrsig
, b
->rrsig
, signature
) &&
662 dns_name_equal(a
->rrsig
.signer
, b
->rrsig
.signer
);
665 return dns_name_equal(a
->nsec
.next_domain_name
, b
->nsec
.next_domain_name
) &&
666 bitmap_equal(a
->nsec
.types
, b
->nsec
.types
);
669 return a
->nsec3
.algorithm
== b
->nsec3
.algorithm
&&
670 a
->nsec3
.flags
== b
->nsec3
.flags
&&
671 a
->nsec3
.iterations
== b
->nsec3
.iterations
&&
672 FIELD_EQUAL(a
->nsec3
, b
->nsec3
, salt
) &&
673 FIELD_EQUAL(a
->nsec3
, b
->nsec3
, next_hashed_name
) &&
674 bitmap_equal(a
->nsec3
.types
, b
->nsec3
.types
);
677 return a
->tlsa
.cert_usage
== b
->tlsa
.cert_usage
&&
678 a
->tlsa
.selector
== b
->tlsa
.selector
&&
679 a
->tlsa
.matching_type
== b
->tlsa
.matching_type
&&
680 FIELD_EQUAL(a
->tlsa
, b
->tlsa
, data
);
683 return a
->caa
.flags
== b
->caa
.flags
&&
684 streq(a
->caa
.tag
, b
->caa
.tag
) &&
685 FIELD_EQUAL(a
->caa
, b
->caa
, value
);
687 case DNS_TYPE_OPENPGPKEY
:
689 return FIELD_EQUAL(a
->generic
, b
->generic
, data
);
693 int dns_resource_record_equal(const DnsResourceRecord
*a
, const DnsResourceRecord
*b
) {
702 r
= dns_resource_key_equal(a
->key
, b
->key
);
706 return dns_resource_record_payload_equal(a
, b
);
709 static char* format_location(uint32_t latitude
, uint32_t longitude
, uint32_t altitude
,
710 uint8_t size
, uint8_t horiz_pre
, uint8_t vert_pre
) {
712 char NS
= latitude
>= 1U<<31 ? 'N' : 'S';
713 char EW
= longitude
>= 1U<<31 ? 'E' : 'W';
715 int lat
= latitude
>= 1U<<31 ? (int) (latitude
- (1U<<31)) : (int) ((1U<<31) - latitude
);
716 int lon
= longitude
>= 1U<<31 ? (int) (longitude
- (1U<<31)) : (int) ((1U<<31) - longitude
);
717 double alt
= altitude
>= 10000000u ? altitude
- 10000000u : -(double)(10000000u - altitude
);
718 double siz
= (size
>> 4) * exp10((double) (size
& 0xF));
719 double hor
= (horiz_pre
>> 4) * exp10((double) (horiz_pre
& 0xF));
720 double ver
= (vert_pre
>> 4) * exp10((double) (vert_pre
& 0xF));
722 if (asprintf(&s
, "%d %d %.3f %c %d %d %.3f %c %.2fm %.2fm %.2fm %.2fm",
725 (lat
% 60000) / 1000.,
729 (lon
% 60000) / 1000.,
740 static int format_timestamp_dns(char *buf
, size_t l
, time_t sec
) {
744 assert(l
> STRLEN("YYYYMMDDHHmmSS"));
746 if (!gmtime_r(&sec
, &tm
))
749 if (strftime(buf
, l
, "%Y%m%d%H%M%S", &tm
) <= 0)
755 static char *format_types(Bitmap
*types
) {
756 _cleanup_strv_free_
char **strv
= NULL
;
757 _cleanup_free_
char *str
= NULL
;
761 BITMAP_FOREACH(type
, types
) {
762 if (dns_type_to_string(type
)) {
763 r
= strv_extend(&strv
, dns_type_to_string(type
));
769 r
= asprintf(&t
, "TYPE%u", type
);
773 r
= strv_consume(&strv
, t
);
779 str
= strv_join(strv
, " ");
783 return strjoin("( ", str
, " )");
786 static char *format_txt(DnsTxtItem
*first
) {
791 LIST_FOREACH(items
, i
, first
)
792 c
+= i
->length
* 4 + 3;
794 p
= s
= new(char, c
);
798 LIST_FOREACH(items
, i
, first
) {
806 for (j
= 0; j
< i
->length
; j
++) {
807 if (i
->data
[j
] < ' ' || i
->data
[j
] == '"' || i
->data
[j
] >= 127) {
809 *(p
++) = '0' + (i
->data
[j
] / 100);
810 *(p
++) = '0' + ((i
->data
[j
] / 10) % 10);
811 *(p
++) = '0' + (i
->data
[j
] % 10);
823 const char *dns_resource_record_to_string(DnsResourceRecord
*rr
) {
824 _cleanup_free_
char *t
= NULL
;
825 char *s
, k
[DNS_RESOURCE_KEY_STRING_MAX
];
831 return rr
->to_string
;
833 dns_resource_key_to_string(rr
->key
, k
, sizeof(k
));
835 switch (rr
->unparsable
? _DNS_TYPE_INVALID
: rr
->key
->type
) {
838 r
= asprintf(&s
, "%s %u %u %u %s",
843 strna(rr
->srv
.name
));
852 s
= strjoin(k
, " ", rr
->ptr
.name
);
859 s
= strjoin(k
, " ", rr
->hinfo
.cpu
, " ", rr
->hinfo
.os
);
864 case DNS_TYPE_SPF
: /* exactly the same as TXT */
866 t
= format_txt(rr
->txt
.items
);
870 s
= strjoin(k
, " ", t
);
876 _cleanup_free_
char *x
= NULL
;
878 r
= in_addr_to_string(AF_INET
, (const union in_addr_union
*) &rr
->a
.in_addr
, &x
);
882 s
= strjoin(k
, " ", x
);
889 r
= in_addr_to_string(AF_INET6
, (const union in_addr_union
*) &rr
->aaaa
.in6_addr
, &t
);
893 s
= strjoin(k
, " ", t
);
899 r
= asprintf(&s
, "%s %s %s %u %u %u %u %u",
901 strna(rr
->soa
.mname
),
902 strna(rr
->soa
.rname
),
913 r
= asprintf(&s
, "%s %u %s",
922 assert(rr
->loc
.version
== 0);
924 t
= format_location(rr
->loc
.latitude
,
933 s
= strjoin(k
, " ", t
);
939 t
= hexmem(rr
->ds
.digest
, rr
->ds
.digest_size
);
943 r
= asprintf(&s
, "%s %u %u %u %s",
954 t
= hexmem(rr
->sshfp
.fingerprint
, rr
->sshfp
.fingerprint_size
);
958 r
= asprintf(&s
, "%s %u %u %s",
967 case DNS_TYPE_DNSKEY
: {
968 _cleanup_free_
char *alg
= NULL
;
972 key_tag
= dnssec_keytag(rr
, true);
974 r
= dnssec_algorithm_to_string_alloc(rr
->dnskey
.algorithm
, &alg
);
978 r
= asprintf(&s
, "%s %u %u %s",
986 r
= base64_append(&s
, r
,
987 rr
->dnskey
.key
, rr
->dnskey
.key_size
,
992 r
= asprintf(&ss
, "%s\n"
996 rr
->dnskey
.flags
& DNSKEY_FLAG_SEP
? " SEP" : "",
997 rr
->dnskey
.flags
& DNSKEY_FLAG_REVOKE
? " REVOKE" : "",
998 rr
->dnskey
.flags
& DNSKEY_FLAG_ZONE_KEY
? " ZONE_KEY" : "",
1008 case DNS_TYPE_RRSIG
: {
1009 _cleanup_free_
char *alg
= NULL
;
1010 char expiration
[STRLEN("YYYYMMDDHHmmSS") + 1], inception
[STRLEN("YYYYMMDDHHmmSS") + 1];
1013 type
= dns_type_to_string(rr
->rrsig
.type_covered
);
1015 r
= dnssec_algorithm_to_string_alloc(rr
->rrsig
.algorithm
, &alg
);
1019 r
= format_timestamp_dns(expiration
, sizeof(expiration
), rr
->rrsig
.expiration
);
1023 r
= format_timestamp_dns(inception
, sizeof(inception
), rr
->rrsig
.inception
);
1028 * http://tools.ietf.org/html/rfc3597#section-5 */
1030 r
= asprintf(&s
, "%s %s%.*u %s %u %u %s %s %u %s",
1033 type
? 0 : 1, type
? 0u : (unsigned) rr
->rrsig
.type_covered
,
1036 rr
->rrsig
.original_ttl
,
1044 r
= base64_append(&s
, r
,
1045 rr
->rrsig
.signature
, rr
->rrsig
.signature_size
,
1054 t
= format_types(rr
->nsec
.types
);
1058 r
= asprintf(&s
, "%s %s %s",
1060 rr
->nsec
.next_domain_name
,
1066 case DNS_TYPE_NSEC3
: {
1067 _cleanup_free_
char *salt
= NULL
, *hash
= NULL
;
1069 if (rr
->nsec3
.salt_size
> 0) {
1070 salt
= hexmem(rr
->nsec3
.salt
, rr
->nsec3
.salt_size
);
1075 hash
= base32hexmem(rr
->nsec3
.next_hashed_name
, rr
->nsec3
.next_hashed_name_size
, false);
1079 t
= format_types(rr
->nsec3
.types
);
1083 r
= asprintf(&s
, "%s %"PRIu8
" %"PRIu8
" %"PRIu16
" %s %s %s",
1085 rr
->nsec3
.algorithm
,
1087 rr
->nsec3
.iterations
,
1088 rr
->nsec3
.salt_size
> 0 ? salt
: "-",
1097 case DNS_TYPE_TLSA
: {
1098 const char *cert_usage
, *selector
, *matching_type
;
1100 cert_usage
= tlsa_cert_usage_to_string(rr
->tlsa
.cert_usage
);
1101 selector
= tlsa_selector_to_string(rr
->tlsa
.selector
);
1102 matching_type
= tlsa_matching_type_to_string(rr
->tlsa
.matching_type
);
1104 t
= hexmem(rr
->sshfp
.fingerprint
, rr
->sshfp
.fingerprint_size
);
1110 " -- Cert. usage: %s\n"
1111 " -- Selector: %s\n"
1112 " -- Matching type: %s",
1114 rr
->tlsa
.cert_usage
,
1116 rr
->tlsa
.matching_type
,
1127 case DNS_TYPE_CAA
: {
1128 _cleanup_free_
char *value
;
1130 value
= octescape(rr
->caa
.value
, rr
->caa
.value_size
);
1134 r
= asprintf(&s
, "%s %u %s \"%s\"%s%s%s%.0u",
1139 rr
->caa
.flags
? "\n -- Flags:" : "",
1140 rr
->caa
.flags
& CAA_FLAG_CRITICAL
? " critical" : "",
1141 rr
->caa
.flags
& ~CAA_FLAG_CRITICAL
? " " : "",
1142 rr
->caa
.flags
& ~CAA_FLAG_CRITICAL
);
1149 case DNS_TYPE_OPENPGPKEY
: {
1150 r
= asprintf(&s
, "%s", k
);
1154 r
= base64_append(&s
, r
,
1155 rr
->generic
.data
, rr
->generic
.data_size
,
1163 t
= hexmem(rr
->generic
.data
, rr
->generic
.data_size
);
1167 /* Format as documented in RFC 3597, Section 5 */
1168 r
= asprintf(&s
, "%s \\# %zu %s", k
, rr
->generic
.data_size
, t
);
1178 ssize_t
dns_resource_record_payload(DnsResourceRecord
*rr
, void **out
) {
1182 switch(rr
->unparsable
? _DNS_TYPE_INVALID
: rr
->key
->type
) {
1186 case DNS_TYPE_CNAME
:
1187 case DNS_TYPE_DNAME
:
1188 case DNS_TYPE_HINFO
:
1197 case DNS_TYPE_DNSKEY
:
1198 case DNS_TYPE_RRSIG
:
1200 case DNS_TYPE_NSEC3
:
1203 case DNS_TYPE_SSHFP
:
1204 *out
= rr
->sshfp
.fingerprint
;
1205 return rr
->sshfp
.fingerprint_size
;
1208 *out
= rr
->tlsa
.data
;
1209 return rr
->tlsa
.data_size
;
1211 case DNS_TYPE_OPENPGPKEY
:
1213 *out
= rr
->generic
.data
;
1214 return rr
->generic
.data_size
;
1218 int dns_resource_record_to_wire_format(DnsResourceRecord
*rr
, bool canonical
) {
1220 DnsPacket packet
= {
1222 .protocol
= DNS_PROTOCOL_DNS
,
1224 .refuse_compression
= true,
1225 .canonical_form
= canonical
,
1233 /* Generates the RR in wire-format, optionally in the
1234 * canonical form as discussed in the DNSSEC RFC 4034, Section
1235 * 6.2. We allocate a throw-away DnsPacket object on the stack
1236 * here, because we need some book-keeping for memory
1237 * management, and can reuse the DnsPacket serializer, that
1238 * can generate the canonical form, too, but also knows label
1239 * compression and suchlike. */
1241 if (rr
->wire_format
&& rr
->wire_format_canonical
== canonical
)
1244 r
= dns_packet_append_rr(&packet
, rr
, 0, &start
, &rds
);
1249 assert(packet
._data
);
1251 free(rr
->wire_format
);
1252 rr
->wire_format
= packet
._data
;
1253 rr
->wire_format_size
= packet
.size
;
1254 rr
->wire_format_rdata_offset
= rds
;
1255 rr
->wire_format_canonical
= canonical
;
1257 packet
._data
= NULL
;
1258 dns_packet_unref(&packet
);
1263 int dns_resource_record_signer(DnsResourceRecord
*rr
, const char **ret
) {
1270 /* Returns the RRset's signer, if it is known. */
1272 if (rr
->n_skip_labels_signer
== (unsigned) -1)
1275 n
= dns_resource_key_name(rr
->key
);
1276 r
= dns_name_skip(n
, rr
->n_skip_labels_signer
, &n
);
1286 int dns_resource_record_source(DnsResourceRecord
*rr
, const char **ret
) {
1293 /* Returns the RRset's synthesizing source, if it is known. */
1295 if (rr
->n_skip_labels_source
== (unsigned) -1)
1298 n
= dns_resource_key_name(rr
->key
);
1299 r
= dns_name_skip(n
, rr
->n_skip_labels_source
, &n
);
1309 int dns_resource_record_is_signer(DnsResourceRecord
*rr
, const char *zone
) {
1315 r
= dns_resource_record_signer(rr
, &signer
);
1319 return dns_name_equal(zone
, signer
);
1322 int dns_resource_record_is_synthetic(DnsResourceRecord
*rr
) {
1327 /* Returns > 0 if the RR is generated from a wildcard, and is not the asterisk name itself */
1329 if (rr
->n_skip_labels_source
== (unsigned) -1)
1332 if (rr
->n_skip_labels_source
== 0)
1335 if (rr
->n_skip_labels_source
> 1)
1338 r
= dns_name_startswith(dns_resource_key_name(rr
->key
), "*");
1345 void dns_resource_record_hash_func(const DnsResourceRecord
*rr
, struct siphash
*state
) {
1348 dns_resource_key_hash_func(rr
->key
, state
);
1350 switch (rr
->unparsable
? _DNS_TYPE_INVALID
: rr
->key
->type
) {
1353 siphash24_compress(&rr
->srv
.priority
, sizeof(rr
->srv
.priority
), state
);
1354 siphash24_compress(&rr
->srv
.weight
, sizeof(rr
->srv
.weight
), state
);
1355 siphash24_compress(&rr
->srv
.port
, sizeof(rr
->srv
.port
), state
);
1356 dns_name_hash_func(rr
->srv
.name
, state
);
1361 case DNS_TYPE_CNAME
:
1362 case DNS_TYPE_DNAME
:
1363 dns_name_hash_func(rr
->ptr
.name
, state
);
1366 case DNS_TYPE_HINFO
:
1367 string_hash_func(rr
->hinfo
.cpu
, state
);
1368 string_hash_func(rr
->hinfo
.os
, state
);
1372 case DNS_TYPE_SPF
: {
1375 LIST_FOREACH(items
, j
, rr
->txt
.items
) {
1376 siphash24_compress(j
->data
, j
->length
, state
);
1378 /* Add an extra NUL byte, so that "a" followed by "b" doesn't result in the same hash as "ab"
1379 * followed by "". */
1380 siphash24_compress_byte(0, state
);
1386 siphash24_compress(&rr
->a
.in_addr
, sizeof(rr
->a
.in_addr
), state
);
1390 siphash24_compress(&rr
->aaaa
.in6_addr
, sizeof(rr
->aaaa
.in6_addr
), state
);
1394 dns_name_hash_func(rr
->soa
.mname
, state
);
1395 dns_name_hash_func(rr
->soa
.rname
, state
);
1396 siphash24_compress(&rr
->soa
.serial
, sizeof(rr
->soa
.serial
), state
);
1397 siphash24_compress(&rr
->soa
.refresh
, sizeof(rr
->soa
.refresh
), state
);
1398 siphash24_compress(&rr
->soa
.retry
, sizeof(rr
->soa
.retry
), state
);
1399 siphash24_compress(&rr
->soa
.expire
, sizeof(rr
->soa
.expire
), state
);
1400 siphash24_compress(&rr
->soa
.minimum
, sizeof(rr
->soa
.minimum
), state
);
1404 siphash24_compress(&rr
->mx
.priority
, sizeof(rr
->mx
.priority
), state
);
1405 dns_name_hash_func(rr
->mx
.exchange
, state
);
1409 siphash24_compress(&rr
->loc
.version
, sizeof(rr
->loc
.version
), state
);
1410 siphash24_compress(&rr
->loc
.size
, sizeof(rr
->loc
.size
), state
);
1411 siphash24_compress(&rr
->loc
.horiz_pre
, sizeof(rr
->loc
.horiz_pre
), state
);
1412 siphash24_compress(&rr
->loc
.vert_pre
, sizeof(rr
->loc
.vert_pre
), state
);
1413 siphash24_compress(&rr
->loc
.latitude
, sizeof(rr
->loc
.latitude
), state
);
1414 siphash24_compress(&rr
->loc
.longitude
, sizeof(rr
->loc
.longitude
), state
);
1415 siphash24_compress(&rr
->loc
.altitude
, sizeof(rr
->loc
.altitude
), state
);
1418 case DNS_TYPE_SSHFP
:
1419 siphash24_compress(&rr
->sshfp
.algorithm
, sizeof(rr
->sshfp
.algorithm
), state
);
1420 siphash24_compress(&rr
->sshfp
.fptype
, sizeof(rr
->sshfp
.fptype
), state
);
1421 siphash24_compress(rr
->sshfp
.fingerprint
, rr
->sshfp
.fingerprint_size
, state
);
1424 case DNS_TYPE_DNSKEY
:
1425 siphash24_compress(&rr
->dnskey
.flags
, sizeof(rr
->dnskey
.flags
), state
);
1426 siphash24_compress(&rr
->dnskey
.protocol
, sizeof(rr
->dnskey
.protocol
), state
);
1427 siphash24_compress(&rr
->dnskey
.algorithm
, sizeof(rr
->dnskey
.algorithm
), state
);
1428 siphash24_compress(rr
->dnskey
.key
, rr
->dnskey
.key_size
, state
);
1431 case DNS_TYPE_RRSIG
:
1432 siphash24_compress(&rr
->rrsig
.type_covered
, sizeof(rr
->rrsig
.type_covered
), state
);
1433 siphash24_compress(&rr
->rrsig
.algorithm
, sizeof(rr
->rrsig
.algorithm
), state
);
1434 siphash24_compress(&rr
->rrsig
.labels
, sizeof(rr
->rrsig
.labels
), state
);
1435 siphash24_compress(&rr
->rrsig
.original_ttl
, sizeof(rr
->rrsig
.original_ttl
), state
);
1436 siphash24_compress(&rr
->rrsig
.expiration
, sizeof(rr
->rrsig
.expiration
), state
);
1437 siphash24_compress(&rr
->rrsig
.inception
, sizeof(rr
->rrsig
.inception
), state
);
1438 siphash24_compress(&rr
->rrsig
.key_tag
, sizeof(rr
->rrsig
.key_tag
), state
);
1439 dns_name_hash_func(rr
->rrsig
.signer
, state
);
1440 siphash24_compress(rr
->rrsig
.signature
, rr
->rrsig
.signature_size
, state
);
1444 dns_name_hash_func(rr
->nsec
.next_domain_name
, state
);
1445 /* FIXME: we leave out the type bitmap here. Hash
1446 * would be better if we'd take it into account
1451 siphash24_compress(&rr
->ds
.key_tag
, sizeof(rr
->ds
.key_tag
), state
);
1452 siphash24_compress(&rr
->ds
.algorithm
, sizeof(rr
->ds
.algorithm
), state
);
1453 siphash24_compress(&rr
->ds
.digest_type
, sizeof(rr
->ds
.digest_type
), state
);
1454 siphash24_compress(rr
->ds
.digest
, rr
->ds
.digest_size
, state
);
1457 case DNS_TYPE_NSEC3
:
1458 siphash24_compress(&rr
->nsec3
.algorithm
, sizeof(rr
->nsec3
.algorithm
), state
);
1459 siphash24_compress(&rr
->nsec3
.flags
, sizeof(rr
->nsec3
.flags
), state
);
1460 siphash24_compress(&rr
->nsec3
.iterations
, sizeof(rr
->nsec3
.iterations
), state
);
1461 siphash24_compress(rr
->nsec3
.salt
, rr
->nsec3
.salt_size
, state
);
1462 siphash24_compress(rr
->nsec3
.next_hashed_name
, rr
->nsec3
.next_hashed_name_size
, state
);
1463 /* FIXME: We leave the bitmaps out */
1467 siphash24_compress(&rr
->tlsa
.cert_usage
, sizeof(rr
->tlsa
.cert_usage
), state
);
1468 siphash24_compress(&rr
->tlsa
.selector
, sizeof(rr
->tlsa
.selector
), state
);
1469 siphash24_compress(&rr
->tlsa
.matching_type
, sizeof(rr
->tlsa
.matching_type
), state
);
1470 siphash24_compress(rr
->tlsa
.data
, rr
->tlsa
.data_size
, state
);
1474 siphash24_compress(&rr
->caa
.flags
, sizeof(rr
->caa
.flags
), state
);
1475 string_hash_func(rr
->caa
.tag
, state
);
1476 siphash24_compress(rr
->caa
.value
, rr
->caa
.value_size
, state
);
1479 case DNS_TYPE_OPENPGPKEY
:
1481 siphash24_compress(rr
->generic
.data
, rr
->generic
.data_size
, state
);
1486 static int dns_resource_record_compare_func(const DnsResourceRecord
*x
, const DnsResourceRecord
*y
) {
1489 r
= dns_resource_key_compare_func(x
->key
, y
->key
);
1493 if (dns_resource_record_equal(x
, y
))
1496 /* We still use CMP() here, even though don't implement proper
1497 * ordering, since the hashtable doesn't need ordering anyway. */
1501 DEFINE_HASH_OPS(dns_resource_record_hash_ops
, DnsResourceRecord
, dns_resource_record_hash_func
, dns_resource_record_compare_func
);
1503 DnsResourceRecord
*dns_resource_record_copy(DnsResourceRecord
*rr
) {
1504 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*copy
= NULL
;
1505 DnsResourceRecord
*t
;
1509 copy
= dns_resource_record_new(rr
->key
);
1513 copy
->ttl
= rr
->ttl
;
1514 copy
->expiry
= rr
->expiry
;
1515 copy
->n_skip_labels_signer
= rr
->n_skip_labels_signer
;
1516 copy
->n_skip_labels_source
= rr
->n_skip_labels_source
;
1517 copy
->unparsable
= rr
->unparsable
;
1519 switch (rr
->unparsable
? _DNS_TYPE_INVALID
: rr
->key
->type
) {
1522 copy
->srv
.priority
= rr
->srv
.priority
;
1523 copy
->srv
.weight
= rr
->srv
.weight
;
1524 copy
->srv
.port
= rr
->srv
.port
;
1525 copy
->srv
.name
= strdup(rr
->srv
.name
);
1526 if (!copy
->srv
.name
)
1532 case DNS_TYPE_CNAME
:
1533 case DNS_TYPE_DNAME
:
1534 copy
->ptr
.name
= strdup(rr
->ptr
.name
);
1535 if (!copy
->ptr
.name
)
1539 case DNS_TYPE_HINFO
:
1540 copy
->hinfo
.cpu
= strdup(rr
->hinfo
.cpu
);
1541 if (!copy
->hinfo
.cpu
)
1544 copy
->hinfo
.os
= strdup(rr
->hinfo
.os
);
1545 if (!copy
->hinfo
.os
)
1551 copy
->txt
.items
= dns_txt_item_copy(rr
->txt
.items
);
1552 if (!copy
->txt
.items
)
1561 copy
->aaaa
= rr
->aaaa
;
1565 copy
->soa
.mname
= strdup(rr
->soa
.mname
);
1566 if (!copy
->soa
.mname
)
1568 copy
->soa
.rname
= strdup(rr
->soa
.rname
);
1569 if (!copy
->soa
.rname
)
1571 copy
->soa
.serial
= rr
->soa
.serial
;
1572 copy
->soa
.refresh
= rr
->soa
.refresh
;
1573 copy
->soa
.retry
= rr
->soa
.retry
;
1574 copy
->soa
.expire
= rr
->soa
.expire
;
1575 copy
->soa
.minimum
= rr
->soa
.minimum
;
1579 copy
->mx
.priority
= rr
->mx
.priority
;
1580 copy
->mx
.exchange
= strdup(rr
->mx
.exchange
);
1581 if (!copy
->mx
.exchange
)
1586 copy
->loc
= rr
->loc
;
1589 case DNS_TYPE_SSHFP
:
1590 copy
->sshfp
.algorithm
= rr
->sshfp
.algorithm
;
1591 copy
->sshfp
.fptype
= rr
->sshfp
.fptype
;
1592 copy
->sshfp
.fingerprint
= memdup(rr
->sshfp
.fingerprint
, rr
->sshfp
.fingerprint_size
);
1593 if (!copy
->sshfp
.fingerprint
)
1595 copy
->sshfp
.fingerprint_size
= rr
->sshfp
.fingerprint_size
;
1598 case DNS_TYPE_DNSKEY
:
1599 copy
->dnskey
.flags
= rr
->dnskey
.flags
;
1600 copy
->dnskey
.protocol
= rr
->dnskey
.protocol
;
1601 copy
->dnskey
.algorithm
= rr
->dnskey
.algorithm
;
1602 copy
->dnskey
.key
= memdup(rr
->dnskey
.key
, rr
->dnskey
.key_size
);
1603 if (!copy
->dnskey
.key
)
1605 copy
->dnskey
.key_size
= rr
->dnskey
.key_size
;
1608 case DNS_TYPE_RRSIG
:
1609 copy
->rrsig
.type_covered
= rr
->rrsig
.type_covered
;
1610 copy
->rrsig
.algorithm
= rr
->rrsig
.algorithm
;
1611 copy
->rrsig
.labels
= rr
->rrsig
.labels
;
1612 copy
->rrsig
.original_ttl
= rr
->rrsig
.original_ttl
;
1613 copy
->rrsig
.expiration
= rr
->rrsig
.expiration
;
1614 copy
->rrsig
.inception
= rr
->rrsig
.inception
;
1615 copy
->rrsig
.key_tag
= rr
->rrsig
.key_tag
;
1616 copy
->rrsig
.signer
= strdup(rr
->rrsig
.signer
);
1617 if (!copy
->rrsig
.signer
)
1619 copy
->rrsig
.signature
= memdup(rr
->rrsig
.signature
, rr
->rrsig
.signature_size
);
1620 if (!copy
->rrsig
.signature
)
1622 copy
->rrsig
.signature_size
= rr
->rrsig
.signature_size
;
1626 copy
->nsec
.next_domain_name
= strdup(rr
->nsec
.next_domain_name
);
1627 if (!copy
->nsec
.next_domain_name
)
1629 copy
->nsec
.types
= bitmap_copy(rr
->nsec
.types
);
1630 if (!copy
->nsec
.types
)
1635 copy
->ds
.key_tag
= rr
->ds
.key_tag
;
1636 copy
->ds
.algorithm
= rr
->ds
.algorithm
;
1637 copy
->ds
.digest_type
= rr
->ds
.digest_type
;
1638 copy
->ds
.digest
= memdup(rr
->ds
.digest
, rr
->ds
.digest_size
);
1639 if (!copy
->ds
.digest
)
1641 copy
->ds
.digest_size
= rr
->ds
.digest_size
;
1644 case DNS_TYPE_NSEC3
:
1645 copy
->nsec3
.algorithm
= rr
->nsec3
.algorithm
;
1646 copy
->nsec3
.flags
= rr
->nsec3
.flags
;
1647 copy
->nsec3
.iterations
= rr
->nsec3
.iterations
;
1648 copy
->nsec3
.salt
= memdup(rr
->nsec3
.salt
, rr
->nsec3
.salt_size
);
1649 if (!copy
->nsec3
.salt
)
1651 copy
->nsec3
.salt_size
= rr
->nsec3
.salt_size
;
1652 copy
->nsec3
.next_hashed_name
= memdup(rr
->nsec3
.next_hashed_name
, rr
->nsec3
.next_hashed_name_size
);
1653 if (!copy
->nsec3
.next_hashed_name_size
)
1655 copy
->nsec3
.next_hashed_name_size
= rr
->nsec3
.next_hashed_name_size
;
1656 copy
->nsec3
.types
= bitmap_copy(rr
->nsec3
.types
);
1657 if (!copy
->nsec3
.types
)
1662 copy
->tlsa
.cert_usage
= rr
->tlsa
.cert_usage
;
1663 copy
->tlsa
.selector
= rr
->tlsa
.selector
;
1664 copy
->tlsa
.matching_type
= rr
->tlsa
.matching_type
;
1665 copy
->tlsa
.data
= memdup(rr
->tlsa
.data
, rr
->tlsa
.data_size
);
1666 if (!copy
->tlsa
.data
)
1668 copy
->tlsa
.data_size
= rr
->tlsa
.data_size
;
1672 copy
->caa
.flags
= rr
->caa
.flags
;
1673 copy
->caa
.tag
= strdup(rr
->caa
.tag
);
1676 copy
->caa
.value
= memdup(rr
->caa
.value
, rr
->caa
.value_size
);
1677 if (!copy
->caa
.value
)
1679 copy
->caa
.value_size
= rr
->caa
.value_size
;
1684 copy
->generic
.data
= memdup(rr
->generic
.data
, rr
->generic
.data_size
);
1685 if (!copy
->generic
.data
)
1687 copy
->generic
.data_size
= rr
->generic
.data_size
;
1696 int dns_resource_record_clamp_ttl(DnsResourceRecord
**rr
, uint32_t max_ttl
) {
1697 DnsResourceRecord
*old_rr
, *new_rr
;
1703 if (old_rr
->key
->type
== DNS_TYPE_OPT
)
1706 new_ttl
= MIN(old_rr
->ttl
, max_ttl
);
1707 if (new_ttl
== old_rr
->ttl
)
1710 if (old_rr
->n_ref
== 1) {
1711 /* Patch in place */
1712 old_rr
->ttl
= new_ttl
;
1716 new_rr
= dns_resource_record_copy(old_rr
);
1720 new_rr
->ttl
= new_ttl
;
1722 dns_resource_record_unref(*rr
);
1728 DnsTxtItem
*dns_txt_item_free_all(DnsTxtItem
*i
) {
1737 return dns_txt_item_free_all(n
);
1740 bool dns_txt_item_equal(DnsTxtItem
*a
, DnsTxtItem
*b
) {
1751 if (a
->length
!= b
->length
)
1754 if (memcmp(a
->data
, b
->data
, a
->length
) != 0)
1757 return dns_txt_item_equal(a
->items_next
, b
->items_next
);
1760 DnsTxtItem
*dns_txt_item_copy(DnsTxtItem
*first
) {
1761 DnsTxtItem
*i
, *copy
= NULL
, *end
= NULL
;
1763 LIST_FOREACH(items
, i
, first
) {
1766 j
= memdup(i
, offsetof(DnsTxtItem
, data
) + i
->length
+ 1);
1768 dns_txt_item_free_all(copy
);
1772 LIST_INSERT_AFTER(items
, copy
, end
, j
);
1779 int dns_txt_item_new_empty(DnsTxtItem
**ret
) {
1782 /* RFC 6763, section 6.1 suggests to treat
1783 * empty TXT RRs as equivalent to a TXT record
1784 * with a single empty string. */
1786 i
= malloc0(offsetof(DnsTxtItem
, data
) + 1); /* for safety reasons we add an extra NUL byte */
1795 static const char* const dnssec_algorithm_table
[_DNSSEC_ALGORITHM_MAX_DEFINED
] = {
1796 /* Mnemonics as listed on https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
1797 [DNSSEC_ALGORITHM_RSAMD5
] = "RSAMD5",
1798 [DNSSEC_ALGORITHM_DH
] = "DH",
1799 [DNSSEC_ALGORITHM_DSA
] = "DSA",
1800 [DNSSEC_ALGORITHM_ECC
] = "ECC",
1801 [DNSSEC_ALGORITHM_RSASHA1
] = "RSASHA1",
1802 [DNSSEC_ALGORITHM_DSA_NSEC3_SHA1
] = "DSA-NSEC3-SHA1",
1803 [DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1
] = "RSASHA1-NSEC3-SHA1",
1804 [DNSSEC_ALGORITHM_RSASHA256
] = "RSASHA256",
1805 [DNSSEC_ALGORITHM_RSASHA512
] = "RSASHA512",
1806 [DNSSEC_ALGORITHM_ECC_GOST
] = "ECC-GOST",
1807 [DNSSEC_ALGORITHM_ECDSAP256SHA256
] = "ECDSAP256SHA256",
1808 [DNSSEC_ALGORITHM_ECDSAP384SHA384
] = "ECDSAP384SHA384",
1809 [DNSSEC_ALGORITHM_ED25519
] = "ED25519",
1810 [DNSSEC_ALGORITHM_ED448
] = "ED448",
1811 [DNSSEC_ALGORITHM_INDIRECT
] = "INDIRECT",
1812 [DNSSEC_ALGORITHM_PRIVATEDNS
] = "PRIVATEDNS",
1813 [DNSSEC_ALGORITHM_PRIVATEOID
] = "PRIVATEOID",
1815 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(dnssec_algorithm
, int, 255);
1817 static const char* const dnssec_digest_table
[_DNSSEC_DIGEST_MAX_DEFINED
] = {
1818 /* Names as listed on https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
1819 [DNSSEC_DIGEST_SHA1
] = "SHA-1",
1820 [DNSSEC_DIGEST_SHA256
] = "SHA-256",
1821 [DNSSEC_DIGEST_GOST_R_34_11_94
] = "GOST_R_34.11-94",
1822 [DNSSEC_DIGEST_SHA384
] = "SHA-384",
1824 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(dnssec_digest
, int, 255);