#include <libknot/rrtype/nsec.h>
#include <libknot/rrtype/rrsig.h>
#include <libdnssec/error.h>
+#include <libdnssec/nsec.h>
#include "lib/defines.h"
#include "lib/dnssec/nsec.h"
-bool kr_nsec_bitmap_contains_type(const uint8_t *bm, uint16_t bm_size, uint16_t type)
-{
- if (!bm || bm_size == 0) {
- assert(bm);
- return false;
- }
-
- const uint8_t type_hi = (type >> 8);
- const uint8_t type_lo = (type & 0xff);
- const uint8_t bitmap_idx = (type_lo >> 3);
- const uint8_t bitmap_bit_mask = 1 << (7 - (type_lo & 0x07));
-
- size_t bm_pos = 0;
- while (bm_pos + 3 <= bm_size) {
- uint8_t win = bm[bm_pos++];
- uint8_t win_size = bm[bm_pos++];
- /* Check remaining window length. */
- if (win_size < 1 || bm_pos + win_size > bm_size)
- return false;
- /* Check that we have a correct window. */
- if (win == type_hi) {
- if (bitmap_idx < win_size) {
- return bm[bm_pos + bitmap_idx] & bitmap_bit_mask;
- }
- return false;
- } else {
- bm_pos += win_size;
- }
- }
-
- return false;
-}
int kr_nsec_children_in_zone_check(const uint8_t *bm, uint16_t bm_size)
{
return kr_error(EINVAL);
}
const bool parent_side =
- kr_nsec_bitmap_contains_type(bm, bm_size, KNOT_RRTYPE_DNAME)
- || (kr_nsec_bitmap_contains_type(bm, bm_size, KNOT_RRTYPE_NS)
- && !kr_nsec_bitmap_contains_type(bm, bm_size, KNOT_RRTYPE_SOA)
+ dnssec_nsec_bitmap_contains(bm, bm_size, KNOT_RRTYPE_DNAME)
+ || (dnssec_nsec_bitmap_contains(bm, bm_size, KNOT_RRTYPE_NS)
+ && !dnssec_nsec_bitmap_contains(bm, bm_size, KNOT_RRTYPE_SOA)
);
return parent_side ? abs(ENOENT) : kr_ok();
/* LATER: after refactoring, probably also check if signer name equals owner,
if (!bm || !owner) {
return kr_error(EINVAL);
}
- if (kr_nsec_bitmap_contains_type(bm, bm_size, type)) {
+ if (dnssec_nsec_bitmap_contains(bm, bm_size, type)) {
return NO_PROOF;
}
if (type != KNOT_RRTYPE_CNAME
- && kr_nsec_bitmap_contains_type(bm, bm_size, KNOT_RRTYPE_CNAME)) {
+ && dnssec_nsec_bitmap_contains(bm, bm_size, KNOT_RRTYPE_CNAME)) {
return NO_PROOF;
}
/* Special behavior around zone cuts. */
* See RFC4035 5.2, next-to-last paragraph.
* This doesn't apply for root DS as it doesn't exist in DNS hierarchy.
*/
- if (owner[0] != '\0' && kr_nsec_bitmap_contains_type(bm, bm_size, KNOT_RRTYPE_SOA)) {
+ if (owner[0] != '\0' && dnssec_nsec_bitmap_contains(bm, bm_size, KNOT_RRTYPE_SOA)) {
return NO_PROOF;
}
break;
default:
/* Parent-side delegation record isn't authoritative for non-DS;
* see RFC6840 4.1. */
- if (kr_nsec_bitmap_contains_type(bm, bm_size, KNOT_RRTYPE_NS)
- && !kr_nsec_bitmap_contains_type(bm, bm_size, KNOT_RRTYPE_SOA)) {
+ if (dnssec_nsec_bitmap_contains(bm, bm_size, KNOT_RRTYPE_NS)
+ && !dnssec_nsec_bitmap_contains(bm, bm_size, KNOT_RRTYPE_SOA)) {
return NO_PROOF;
}
/* LATER(opt): perhaps short-circuit test if we repeat it here. */
if (!bm) {
return kr_error(EINVAL);
}
- if (kr_nsec_bitmap_contains_type(bm, bm_size,
+ if (dnssec_nsec_bitmap_contains(bm, bm_size,
KNOT_RRTYPE_NS) &&
- !kr_nsec_bitmap_contains_type(bm, bm_size,
+ !dnssec_nsec_bitmap_contains(bm, bm_size,
KNOT_RRTYPE_DS) &&
- !kr_nsec_bitmap_contains_type(bm, bm_size,
+ !dnssec_nsec_bitmap_contains(bm, bm_size,
KNOT_RRTYPE_SOA)) {
/* rfc4035, 5.2 */
return kr_ok();
if (!bm) {
return kr_error(EINVAL);
}
- if (kr_nsec_bitmap_contains_type(bm, bm_size, type)) {
+ if (dnssec_nsec_bitmap_contains(bm, bm_size, type)) {
return kr_ok();
} else {
return kr_error(ENOENT);
if (!bm) {
return kr_error(EINVAL);
}
- if (kr_nsec_bitmap_contains_type(bm, bm_size,
+ if (dnssec_nsec_bitmap_contains(bm, bm_size,
KNOT_RRTYPE_NS) &&
- !kr_nsec_bitmap_contains_type(bm, bm_size,
+ !dnssec_nsec_bitmap_contains(bm, bm_size,
KNOT_RRTYPE_DS) &&
- !kr_nsec_bitmap_contains_type(bm, bm_size,
+ !dnssec_nsec_bitmap_contains(bm, bm_size,
KNOT_RRTYPE_SOA)) {
/* Satisfies rfc5155, 8.9. paragraph 2 */
return kr_ok();
if (!bm) {
return kr_error(EINVAL);
}
- if (kr_nsec_bitmap_contains_type(bm, bm_size, type)) {
+ if (dnssec_nsec_bitmap_contains(bm, bm_size, type)) {
return kr_ok();
} else {
return kr_error(ENOENT);
projects / thirdparty / knot-resolver.git / commitdiff
