Add TLSA support (#92)

* add tlsa record support * add test for tlsa and update readme
2023-04-18 03:52:51 -07:00 · 2023-04-18 03:52:51 -07:00 · f14f4838a8
commit f14f4838a8
parent ec4d317696
3 changed files with 76 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -374,6 +374,17 @@ The options `PADDING`, `CLIENT_SUBNET`, `TCP_KEEPALIVE` and `KEY_TAG` support en
 }
 ```

+#### `TLSA`
+
+``` js
+{
+  usage: 3,
+  selector: 1,
+  matchingType: 1,
+  certificate: Buffer
+}
+```
+
 #### `TXT`

 ``` js
--- a/index.js
+++ b/index.js
@ -1409,6 +1409,60 @@ rnaptr.encodingLength = function (data) {
    name.encodingLength(data.replacement) + 6
 }

+const rtlsa = exports.tlsa = {}
+
+rtlsa.encode = function (cert, buf, offset) {
+  if (!buf) buf = Buffer.alloc(rtlsa.encodingLength(cert))
+  if (!offset) offset = 0
+  const oldOffset = offset
+
+  const certdata = cert.certificate
+  if (!Buffer.isBuffer(certdata)) {
+    throw new Error('Certificate must be a Buffer')
+  }
+
+  offset += 2 // Leave space for length
+  buf.writeUInt8(cert.usage, offset)
+  offset += 1
+  buf.writeUInt8(cert.selector, offset)
+  offset += 1
+  buf.writeUInt8(cert.matchingType, offset)
+  offset += 1
+  certdata.copy(buf, offset, 0, certdata.length)
+  offset += certdata.length
+
+  rtlsa.encode.bytes = offset - oldOffset
+  buf.writeUInt16BE(rtlsa.encode.bytes - 2, oldOffset)
+  return buf
+}
+
+rtlsa.encode.bytes = 0
+
+rtlsa.decode = function (buf, offset) {
+  if (!offset) offset = 0
+  const oldOffset = offset
+
+  const cert = {}
+  const length = buf.readUInt16BE(offset)
+  offset += 2
+  cert.usage = buf.readUInt8(offset)
+  offset += 1
+  cert.selector = buf.readUInt8(offset)
+  offset += 1
+  cert.matchingType = buf.readUInt8(offset)
+  offset += 1
+  cert.certificate = buf.slice(offset, oldOffset + length + 2)
+  offset += cert.certificate.length
+  rtlsa.decode.bytes = offset - oldOffset
+  return cert
+}
+
+rtlsa.decode.bytes = 0
+
+rtlsa.encodingLength = function (cert) {
+  return 5 + Buffer.byteLength(cert.certificate)
+}
+
 const renc = exports.record = function (type) {
  switch (type.toUpperCase()) {
    case 'A': return ra
@ -1433,6 +1487,7 @@ const renc = exports.record = function (type) {
    case 'SSHFP': return rsshfp
    case 'DS': return rds
    case 'NAPTR': return rnaptr
+    case 'TLSA': return rtlsa
  }
  return runknown
 }
--- a/test.js
+++ b/test.js
@ -568,6 +568,16 @@ tape('naptr', function (t) {
  t.end()
 })

+tape('tlsa', function (t) {
+  testEncoder(t, packet.tlsa, {
+    usage: 3,
+    selector: 1,
+    matchingType: 1,
+    certificate: Buffer.from([0, 1, 2, 3, 4, 5])
+  })
+  t.end()
+})
+
 tape('unpack', function (t) {
  const buf = Buffer.from([
    0x00, 0x79,