From 696792f08106e5bea4a8847e394401c1a68ecf9c Mon Sep 17 00:00:00 2001
From: manuel <manuel@mausz.at>
Date: Mon, 7 Aug 2023 16:33:27 +0200
Subject: add dns_tlsa(...) and dnstlsa utility

---
 dnstlsa.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 99 insertions(+)
 create mode 100644 dnstlsa.c

(limited to 'dnstlsa.c')

diff --git a/dnstlsa.c b/dnstlsa.c
new file mode 100644
index 0000000..6623cfd
--- /dev/null
+++ b/dnstlsa.c
@@ -0,0 +1,99 @@
+#include <stdint.h>
+#include "byte.h"
+#include "substdio.h"
+#include "subfd.h"
+#include "subgetopt.h"
+#include "stralloc.h"
+#include "dns.h"
+#include "dnsdoe.h"
+#include "exit.h"
+
+stralloc sa = {0};
+stralloc out = {0};
+
+static void die_nomem()
+{
+  substdio_putsflush(subfderr, "out of memory\n");
+  _exit(111);
+}
+
+ #include <stdio.h>
+void main(int argc, char **argv)
+{
+  char *port = "25";
+  char proto[7] = "._tcp.";
+  char *host = NULL;
+  int opt;
+  int verbose = 0;
+
+  while ((opt = sgopt(argc, argv, "vutp:")) != sgoptdone)
+  {
+    switch(opt)
+    {
+      case 'p': port = sgoptarg; break;
+      case 't': break;
+      case 'u': byte_copy(proto, 6, "._udp."); break;
+      case 'v': verbose = 1;
+    }
+  }
+
+  argv += sgoptind;
+  argc -= sgoptind;
+
+  if (!argv[0])
+  {
+    substdio_putsflush(subfderr, "dnstlsa [-v] [-p port] [-u(dp)|-t(cp)] host (tcp on port 25 is default)\n");
+    _exit(100);
+  }
+  host = argv[0];
+
+  if (!stralloc_copyb(&sa, "_", 1)) die_nomem;
+  if (!stralloc_cats(&sa, port)) die_nomem;
+  if (!stralloc_cats(&sa, proto)) die_nomem;
+  if (!stralloc_cats(&sa, host)) die_nomem;
+
+  if (verbose)
+  {
+    substdio_puts(subfdout, "checking for TLSA records: ");
+    substdio_put(subfdout, sa.s, sa.len);
+    substdio_putsflush(subfdout, "\n");
+  }
+
+  dns_init(0);
+  dnsdoe(dns_tlsa(&out, &sa));
+
+  int pos = 0;
+  unsigned char *response = (unsigned char *)out.s;
+  while(pos < out.len && out.len - pos > 2 + 4) // sizeof(rrlen) + min(rrdata)
+  {
+    unsigned short rrlen = (response[pos] << 8) + response[pos + 1];
+    pos += 2;
+    uint8_t usage = response[pos];
+    uint8_t sel   = response[pos + 1];
+    uint8_t type  = response[pos + 2];
+
+    if (usage == 0) substdio_puts(subfdout, "usage=0 ");
+    if (usage == 1) substdio_puts(subfdout, "usage=1 ");
+    if (usage == 2) substdio_puts(subfdout, "usage=2 ");
+    if (usage == 3) substdio_puts(subfdout, "usage=3 ");
+
+    if (sel == 0) substdio_puts(subfdout, "selector=0 ");
+    if (sel == 1) substdio_puts(subfdout, "selector=1 ");
+
+    if (type == 0) substdio_puts(subfdout, "type=0 "); // full cert
+    if (type == 1) substdio_puts(subfdout, "type=1 "); // sha256
+    if (type == 2) substdio_puts(subfdout, "type=2 "); // sha512
+
+    substdio_puts(subfdout, "data="); // sha512
+    for (int j = 3; j < rrlen; j++)
+    {
+      unsigned char ch = response[pos + j];
+      substdio_put(subfdout, "0123456789abcdef" + (ch >> 4), 1);
+      substdio_put(subfdout, "0123456789abcdef" + (ch & 0x0F), 1);
+    }
+    substdio_putsflush(subfdout, "\n");
+    pos += rrlen;
+  }
+
+  _exit(0);
+}
-- 
cgit v1.2.3