improved support for mnemonics in DNSSEC RR types

2026-06-08 19:52:07 -04:00 · 1999-09-17 09:25:21 +00:00 · 1999-09-17 09:25:21 +00:00 · 3ddd92da66
commit 3ddd92da66
parent 5f0e2c8913
10 changed files with 352 additions and 130 deletions
--- a/lib/dns/include/dns/cert.h
+++ b/lib/dns/include/dns/cert.h
@ -27,6 +27,7 @@ ISC_LANG_BEGINDECLS
 dns_result_t dns_cert_fromtext(dns_cert_t *certp, isc_textregion_t *source);
 /*
 * Convert the text 'source' refers to into a certificate type.
+ * The text may contain either a mnemonic type name or a decimal type number.
 *
 * Requires:
 *	'certp' is a valid pointer.
@ -35,7 +36,8 @@ dns_result_t dns_cert_fromtext(dns_cert_t *certp, isc_textregion_t *source);
 *
 * Returns:
 *	DNS_R_SUCCESS			on success
- *	DNS_R_UNKNOWN			type is unknown
+ *	DNS_R_UNKNOWN			mnemonic type is unknown
+ *	DNS_R_RANGE			numeric type is out of range
 */

 dns_result_t dns_cert_totext(dns_cert_t cert, isc_buffer_t *target);
--- a/lib/dns/include/dns/keyflags.h
+++ b/lib/dns/include/dns/keyflags.h
@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 1999  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef DNS_KEYFLAGS_H
+#define DNS_KEYFLAGS_H 1
+
+#include <isc/lang.h>
+
+#include <dns/types.h>
+
+ISC_LANG_BEGINDECLS
+
+dns_result_t dns_keyflags_fromtext(dns_keyflags_t *flagsp,
+				   isc_textregion_t *source);
+/*
+ * Convert the text 'source' refers to into a DNSSEC KEY flags value.
+ * The text may contain either a set of flag mnemonics separated by
+ * vertical bars or a decimal flags value.  For compatibility with
+ * older versions of BIND and the DNSSEC signer, octal values 
+ * prefixed with a zero and hexadecimal values prefixed with "0x"
+ * are also accepted.
+ *
+ * Requires:
+ *	'flagsp' is a valid pointer.
+ *
+ *	'source' is a valid text region.
+ *
+ * Returns:
+ *	DNS_R_SUCCESS			on success
+ *	DNS_R_UNKNOWN			mnemonic flag is unknown
+ *	DNS_R_RANGE			numeric flag value is out of range
+ */
+
+ISC_LANG_ENDDECLS
+
+#endif /* DNS_KEYFLAGS_H */
--- a/lib/dns/include/dns/secalg.h
+++ b/lib/dns/include/dns/secalg.h
@ -28,6 +28,8 @@ dns_result_t dns_secalg_fromtext(dns_secalg_t *secalgp,
 				 isc_textregion_t *source);
 /*
 * Convert the text 'source' refers to into a DNSSEC security algorithm value.
+ * The text may contain either a mnemonic algorithm name or a decimal algorithm
+ * number.
 *
 * Requires:
 *	'secalgp' is a valid pointer.
@ -36,7 +38,8 @@ dns_result_t dns_secalg_fromtext(dns_secalg_t *secalgp,
 *
 * Returns:
 *	DNS_R_SUCCESS			on success
- *	DNS_R_UNKNOWN			type is unknown
+ *	DNS_R_UNKNOWN			mnemonic type is unknown
+ *	DNS_R_RANGE			numeric type is out of range
 */

 dns_result_t dns_secalg_totext(dns_secalg_t secalg, isc_buffer_t *target);
--- a/lib/dns/include/dns/secproto.h
+++ b/lib/dns/include/dns/secproto.h
@ -0,0 +1,66 @@
+/*
+ * Copyright (C) 1999  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#ifndef DNS_SECPROTO_H
+#define DNS_SECPROTO_H 1
+
+#include <isc/lang.h>
+
+#include <dns/types.h>
+
+ISC_LANG_BEGINDECLS
+
+dns_result_t dns_secproto_fromtext(dns_secproto_t *secprotop,
+				   isc_textregion_t *source);
+/*
+ * Convert the text 'source' refers to into a DNSSEC security protocol value.
+ * The text may contain either a mnemonic protocol name or a decimal protocol
+ * number.
+ *
+ * Requires:
+ *	'secprotop' is a valid pointer.
+ *
+ *	'source' is a valid text region.
+ *
+ * Returns:
+ *	DNS_R_SUCCESS			on success
+ *	DNS_R_UNKNOWN			mnemonic type is unknown
+ *	DNS_R_RANGE			numeric type is out of range
+ */
+
+dns_result_t dns_secproto_totext(dns_secproto_t secproto, isc_buffer_t *target);
+/*
+ * Put a textual representation of the DNSSEC security protocol 'secproto'
+ * into 'target'.
+ *
+ * Requires:
+ *	'secproto' is a valid secproto.
+ *
+ *	'target' is a valid text buffer.
+ *
+ * Ensures:
+ *	If the result is success:
+ *		The used space in 'target' is updated.
+ *
+ * Returns:
+ *	DNS_R_SUCCESS			on success
+ *	DNS_R_NOSPACE			target buffer is too small
+ */
+
+ISC_LANG_ENDDECLS
+
+#endif /* DNS_SECPROTO_H */
--- a/lib/dns/include/dns/types.h
+++ b/lib/dns/include/dns/types.h
@ -47,6 +47,8 @@ typedef unsigned char				dns_offsets_t[128];
 typedef struct dns_compress			dns_compress_t;
 typedef struct dns_decompress			dns_decompress_t;
 typedef isc_uint8_t				dns_secalg_t;
+typedef isc_uint8_t				dns_secproto_t;
+typedef isc_uint16_t				dns_keyflags_t;
 typedef isc_uint16_t				dns_rdataclass_t;
 typedef isc_uint16_t				dns_rdatatype_t;
 typedef isc_uint16_t				dns_rcode_t;
--- a/lib/dns/rdata.c
+++ b/lib/dns/rdata.c
@ -15,7 +15,7 @@
 * SOFTWARE.
 */

- /* $Id: rdata.c,v 1.61 1999/09/15 23:03:25 explorer Exp $ */
+ /* $Id: rdata.c,v 1.62 1999/09/17 09:22:39 gson Exp $ */

 #include <config.h>

@ -37,6 +37,8 @@
 #include <dns/rcode.h>
 #include <dns/cert.h>
 #include <dns/secalg.h>
+#include <dns/secproto.h>
+#include <dns/keyflags.h>
 #include <dns/fixedname.h>
 #include <dns/rdatastruct.h>
 #include <dns/time.h>
@ -168,7 +170,7 @@ static const char octdigits[] = "01234567";
 	{ 254, "OID", 0}, \
 	{ 0, NULL, 0}

-/* draft-ietf-dnssec-secext2-07.txt section 7 */
+/* RFC2535 section 7 */

 #define SECALGNAMES \
 	{ 1, "RSAMD5", 0 }, \
@ -180,6 +182,16 @@ static const char octdigits[] = "01234567";
 	{ 254, "PRIVATEOID", 0 }, \
 	{ 0, NULL, 0}

+/* RFC2535 section 7.1 */
+
+#define SECPROTONAMES \
+	{   0,    "NONE", 0 }, \
+	{   1,    "TLS", 0 }, \
+	{   2,    "EMAIL", 0 }, \
+	{   3,    "DNSSEC", 0 }, \
+	{   4,    "IPSEC", 0 }, \
+	{ 255,    "ALL", 0 }, \
+	{ 0, NULL, 0}

 static struct tbl {
 	unsigned int	value;
@ -189,7 +201,47 @@ static struct tbl {
 classes[] = { METACLASSES CLASSNAMES EMPTYCLASSES { 0, NULL, 0} },
 rcodes[] = { RCODENAMES },
 certs[] = { CERTNAMES },
-secalgs[] = { SECALGNAMES };
+secalgs[] = { SECALGNAMES },
+secprotos[] = { SECPROTONAMES };
+
+static struct keyflag {
+	char *name;
+	unsigned int value;
+	unsigned int mask;
+} keyflags[] = {
+	{ "NOCONF", 0x4000, 0xC000 },
+	{ "NOAUTH", 0x8000, 0xC000 },
+	{ "NOKEY",  0xC000, 0xC000 },
+	{ "FLAG2",  0x2000, 0x2000 },
+	{ "EXTEND", 0x1000, 0x1000 },
+	{ "FLAG4",  0x0800, 0x0800 },
+	{ "FLAG5",  0x0400, 0x0400 },
+	{ "USER",   0x0000, 0x0300 },
+	{ "ZONE",   0x0100, 0x0300 },
+	{ "HOST",   0x0200, 0x0300 },
+	{ "NTYP3",  0x0300, 0x0300 },
+	{ "FLAG8",  0x0080, 0x0080 },
+	{ "FLAG9",  0x0040, 0x0040 },
+	{ "FLAG10", 0x0020, 0x0020 },
+	{ "FLAG11", 0x0010, 0x0010 },
+	{ "SIG0",   0x0000, 0x000F },
+	{ "SIG1",   0x0001, 0x000F },
+	{ "SIG2",   0x0002, 0x000F },
+	{ "SIG3",   0x0003, 0x000F },
+	{ "SIG4",   0x0004, 0x000F },
+	{ "SIG5",   0x0005, 0x000F },
+	{ "SIG6",   0x0006, 0x000F },
+	{ "SIG7",   0x0007, 0x000F },
+	{ "SIG8",   0x0008, 0x000F },
+	{ "SIG9",   0x0009, 0x000F },
+	{ "SIG10",  0x000A, 0x000F },
+	{ "SIG11",  0x000B, 0x000F },
+	{ "SIG12",  0x000C, 0x000F },
+	{ "SIG13",  0x000D, 0x000F },
+	{ "SIG14",  0x000E, 0x000F },
+	{ "SIG15",  0x000F, 0x000F },
+	{ NULL,     0, 0 } 
+};

 /***
 *** Initialization
@ -587,6 +639,64 @@ dns_rdata_digest(dns_rdata_t *rdata, dns_digestfunc_t digest, void *arg) {
 	return (result);
 }

+#define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */ 
+
+static dns_result_t
+dns_mnemonic_fromtext(unsigned int *valuep, isc_textregion_t *source,
+		      struct tbl *table, unsigned int max)
+{
+	int i;
+
+	if (isdigit(source->base[0]) && source->length <= NUMBERSIZE - 1) {
+		unsigned int n;
+		char *e;
+		char buffer[NUMBERSIZE];
+		/*
+		 * We have a potential number.  Try to parse it with strtoul().
+		 * strtoul() requires null termination, so we must make
+		 * a copy.
+		 */
+		strncpy(buffer, source->base, NUMBERSIZE);
+		INSIST(buffer[source->length] == '\0');
+		
+		n = strtoul(buffer, &e, 10);
+		if (*e == 0) {
+			if (n > max)
+				return (DNS_R_RANGE);
+			*valuep = n;
+			return (DNS_R_SUCCESS);
+		}
+		/* It was not a number after all; fall through. */
+	}
+	
+	for (i = 0; table[i].name != NULL; i++) {
+		unsigned int n;		
+		n = strlen(table[i].name);
+		if (n == source->length &&
+		    strncasecmp(source->base, table[i].name, n) == 0) {
+			*valuep = table[i].value;
+			return (DNS_R_SUCCESS);
+		}
+	}
+	return (DNS_R_UNKNOWN);
+}
+
+static dns_result_t
+dns_mnemonic_totext(unsigned int value, isc_buffer_t *target,
+		    struct tbl *table)
+{
+	int i = 0;
+	char buf[sizeof "4294967296"];
+	while (table[i].name != NULL) {
+		if (table[i].value == value) {
+			return (str_totext(table[i].name, target));
+		}
+		i++;
+	}
+	sprintf(buf, "%u", value);
+	return (str_totext(buf, target));
+}
+
 dns_result_t
 dns_rdataclass_fromtext(dns_rdataclass_t *classp, isc_textregion_t *source) {
 	int i = 0;
@ -610,17 +720,7 @@ dns_rdataclass_fromtext(dns_rdataclass_t *classp, isc_textregion_t *source) {

 dns_result_t
 dns_rdataclass_totext(dns_rdataclass_t rdclass, isc_buffer_t *target) {
-	int i = 0;
-	char buf[sizeof "65000"];
-
-	while (classes[i].name != NULL) {
-		if (classes[i].value == rdclass) {
-			return (str_totext(classes[i].name, target));
-		}
-		i++;
-	}
-	sprintf(buf, "%u", rdclass);
-	return (str_totext(buf, target));
+	return (dns_mnemonic_totext(rdclass, target, classes));	
 }

 /* XXXRTH  Should we use a hash table here? */
@ -648,17 +748,7 @@ dns_rdatatype_fromtext(dns_rdatatype_t *typep, isc_textregion_t *source) {

 dns_result_t
 dns_rdatatype_totext(dns_rdatatype_t type, isc_buffer_t *target) {
-	int i = 0;
-	char buf[sizeof "65000"];
-
-	while (types[i].name != NULL) {
-		if (types[i].value == type) {
-			return (str_totext(types[i].name, target));
-		}
-		i++;
-	}
-	sprintf(buf, "%u", type);
-	return (str_totext(buf, target));
+	return (dns_mnemonic_totext(type, target, types));
 }

 /* XXXRTH  Should we use a hash table here? */
@ -682,84 +772,109 @@ dns_rcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source) {

 dns_result_t
 dns_rcode_totext(dns_rcode_t rcode, isc_buffer_t *target) {
-	int i = 0;
-	char buf[sizeof "65000"];
-
-	while (rcodes[i].name != NULL) {
-		if (rcodes[i].value == rcode) {
-			return (str_totext(rcodes[i].name, target));
-		}
-		i++;
-	}
-	sprintf(buf, "%u", rcode);
-	return (str_totext(buf, target));
+	return (dns_mnemonic_totext(rcode, target, rcodes));	
 }

 dns_result_t
 dns_cert_fromtext(dns_cert_t *certp, isc_textregion_t *source) {
-	int i = 0;
-	unsigned int n;
-
-	while (certs[i].name != NULL) {
-		n = strlen(certs[i].name);
-		if (n == source->length &&
-		    strncasecmp(source->base, certs[i].name, n) == 0) {
-			*certp = certs[i].value;
-			return (DNS_R_SUCCESS);
-		}
-		i++;
-	}
-	return (DNS_R_UNKNOWN);
-}
+	unsigned int value;
+	RETERR(dns_mnemonic_fromtext(&value, source, certs, 0xffff));
+	*certp = value;
+	return (DNS_R_SUCCESS);
+}	

 dns_result_t
 dns_cert_totext(dns_cert_t cert, isc_buffer_t *target) {
-	int i = 0;
-	char buf[sizeof "65000"];
-
-	while (certs[i].name != NULL) {
-		if (certs[i].value == cert) {
-			return (str_totext(certs[i].name, target));
-		}
-		i++;
-	}
-	sprintf(buf, "%u", cert);
-	return (str_totext(buf, target));
+	return (dns_mnemonic_totext(cert, target, certs));	
 }

 dns_result_t
 dns_secalg_fromtext(dns_secalg_t *secalgp, isc_textregion_t *source) {
-	int i = 0;
-	unsigned int n;
-
-	while (secalgs[i].name != NULL) {
-		n = strlen(secalgs[i].name);
-		if (n == source->length &&
-		    strncasecmp(source->base, secalgs[i].name, n) == 0) {
-			*secalgp = secalgs[i].value;
-			return (DNS_R_SUCCESS);
-		}
-		i++;
-	}
-	return (DNS_R_UNKNOWN);
+	unsigned int value;
+	RETERR(dns_mnemonic_fromtext(&value, source, secalgs, 0xff));
+	*secalgp = value;
+	return (DNS_R_SUCCESS);
 }

 dns_result_t
 dns_secalg_totext(dns_secalg_t secalg, isc_buffer_t *target) {
-	int i = 0;
-	char buf[sizeof "65000"];
-
-	while (secalgs[i].name != NULL) {
-		if (secalgs[i].value == secalg) {
-			return (str_totext(secalgs[i].name, target));
-		}
-		i++;
-	}
-	sprintf(buf, "%u", secalg);
-	return (str_totext(buf, target));
+	return (dns_mnemonic_totext(secalg, target, secalgs));
 }

- /* Private function */
+dns_result_t
+dns_secproto_fromtext(dns_secproto_t *secprotop, isc_textregion_t *source) {
+	unsigned int value;
+	RETERR(dns_mnemonic_fromtext(&value, source, secprotos, 0xff));
+	*secprotop = value;
+	return (DNS_R_SUCCESS);
+}
+
+dns_result_t
+dns_secproto_totext(dns_secproto_t secproto, isc_buffer_t *target) {
+	return (dns_mnemonic_totext(secproto, target, secprotos));
+}
+
+dns_result_t
+dns_keyflags_fromtext(dns_keyflags_t *flagsp, isc_textregion_t *source)
+{
+	char *text, *end;
+	unsigned int value, mask;
+
+	if (isdigit(source->base[0]) && source->length <= NUMBERSIZE - 1) {
+		unsigned int n;
+		char *e;
+		char buffer[NUMBERSIZE];
+		/*
+		 * We have a potential number.  Try to parse it with strtoul().
+		 * strtoul() requires null termination, so we must make
+		 * a copy.
+		 */
+		strncpy(buffer, source->base, NUMBERSIZE);
+		INSIST(buffer[source->length] == '\0');
+		
+		n = strtoul(buffer, &e, 0); /* Allow hex/octal. */
+		if (*e == 0) {
+			if (n > 0xffff)
+				return (DNS_R_RANGE);
+			*flagsp = n;
+			return (DNS_R_SUCCESS);
+		}
+		/* It was not a number after all; fall through. */
+	}
+
+	text = source->base;	
+	end = source->base + source->length;
+	value = mask = 0;
+	
+	while (text < end) {
+		struct keyflag *p;
+		unsigned int len;
+		char *delim = memchr(text, '|', end - text);
+		if (delim != NULL)
+			len = delim - text;
+		else
+			len = end - text;
+		for (p = keyflags; p->name != NULL; p++) {
+			if (strncasecmp(p->name, text, len) == 0)
+				break;
+		}
+		if (p->name == NULL)
+			return (DNS_R_UNKNOWN);
+		value |= p->value;
+#ifdef notyet
+		if ((mask & p->mask) != 0)
+			warn("overlapping key flags");
+#endif
+		mask |= p->mask;		
+		text += len;
+		if (delim != NULL)
+			text++;	/* Skip "|" */
+	}
+	*flagsp = value;
+	return (DNS_R_SUCCESS);
+}
+
+/* Private function */

 static unsigned int
 name_length(dns_name_t *name) {
--- a/lib/dns/rdata/generic/cert_37.c
+++ b/lib/dns/rdata/generic/cert_37.c
@ -15,7 +15,7 @@
 * SOFTWARE.
 */

- /* $Id: cert_37.c,v 1.14 1999/09/15 23:03:27 explorer Exp $ */
+ /* $Id: cert_37.c,v 1.15 1999/09/17 09:22:40 gson Exp $ */

 /* draft-ietf-dnssec-certs-04.txt */

@ -35,20 +35,14 @@ fromtext_cert(dns_rdataclass_t rdclass, dns_rdatatype_t type,

 	REQUIRE(type == 37);

-	rdclass = rdclass;		/*unused*/
+	rdclass = rdclass;	/*unused*/
 	origin = origin;	/*unused*/
 	downcase = downcase;	/*unused*/

 	/* cert type */
 	RETERR(gettoken(lexer, &token, isc_tokentype_string, ISC_FALSE));
 	n = strtol(token.value.as_pointer, &e, 10);
-	if (*e != 0) {
-		RETERR(dns_cert_fromtext(&cert, &token.value.as_textregion));
-	} else {
-		if (n < 0 || n > 0xffff)
-			return (DNS_R_RANGE);
-		cert = n;
-	}
+	RETERR(dns_cert_fromtext(&cert, &token.value.as_textregion));
 	RETERR(uint16_tobuffer(cert, target));
 	
 	/* key tag */
@ -59,15 +53,7 @@ fromtext_cert(dns_rdataclass_t rdclass, dns_rdatatype_t type,

 	/* algorithm */
 	RETERR(gettoken(lexer, &token, isc_tokentype_string, ISC_FALSE));
-	n = strtol(token.value.as_pointer, &e, 10);
-	if (*e != 0) {
-		RETERR(dns_secalg_fromtext(&secalg,
-					   &token.value.as_textregion));
-	} else {
-		if (n < 0 || n > 0xff)
-			return (DNS_R_RANGE);
-		secalg = n;
-	}
+	RETERR(dns_secalg_fromtext(&secalg, &token.value.as_textregion));
 	RETERR(mem_tobuffer(target, &secalg, 1));

 	return (isc_base64_tobuffer(lexer, target, -1));
--- a/lib/dns/rdata/generic/key_25.c
+++ b/lib/dns/rdata/generic/key_25.c
@ -15,7 +15,7 @@
 * SOFTWARE.
 */

- /* $Id: key_25.c,v 1.12 1999/09/15 23:03:29 explorer Exp $ */
+ /* $Id: key_25.c,v 1.13 1999/09/17 09:22:40 gson Exp $ */

 /* RFC 2065 */

@ -28,32 +28,30 @@ fromtext_key(dns_rdataclass_t rdclass, dns_rdatatype_t type,
 	     isc_boolean_t downcase, isc_buffer_t *target)
 {
 	isc_token_t token;
-	unsigned char c; 
-	unsigned int flags;
+	dns_secalg_t alg;
+	dns_secproto_t proto;
+	dns_keyflags_t flags;

 	REQUIRE(type == 25);

-	rdclass = rdclass;		/*unused*/
+	rdclass = rdclass;	/*unused*/
 	origin = origin;	/*unused*/
 	downcase = downcase;	/*unused*/

-	RETERR(gettoken(lexer, &token, isc_tokentype_number, ISC_FALSE));
-	if (token.value.as_ulong > 0xffff)
-		return (DNS_R_RANGE);
-	RETERR(uint16_tobuffer(token.value.as_ulong, target));
-	flags = token.value.as_ulong;
+	/* flags */
+	RETERR(gettoken(lexer, &token, isc_tokentype_string, ISC_FALSE));
+	RETERR(dns_keyflags_fromtext(&flags, &token.value.as_textregion));
+	RETERR(uint16_tobuffer(flags, target));

-	RETERR(gettoken(lexer, &token, isc_tokentype_number, ISC_FALSE));
-	if (token.value.as_ulong > 0xff)
-		return (DNS_R_RANGE);
-	c = token.value.as_ulong;
-	RETERR(mem_tobuffer(target, &c, 1));
+	/* protocol */
+	RETERR(gettoken(lexer, &token, isc_tokentype_string, ISC_FALSE));
+	RETERR(dns_secproto_fromtext(&proto, &token.value.as_textregion));
+	RETERR(mem_tobuffer(target, &proto, 1));

-	RETERR(gettoken(lexer, &token, isc_tokentype_number, ISC_FALSE));
-	if (token.value.as_ulong > 0xff)
-		return (DNS_R_RANGE);
-	c = token.value.as_ulong;
-	RETERR(mem_tobuffer(target, &c, 1));
+	/* algorithm */	
+	RETERR(gettoken(lexer, &token, isc_tokentype_string, ISC_FALSE));
+	RETERR(dns_secalg_fromtext(&alg, &token.value.as_textregion));
+	RETERR(mem_tobuffer(target, &alg, 1));
 	
 	/* No Key? */
 	if ((flags & 0xc000) == 0xc000)
--- a/lib/dns/rdata/generic/sig_24.c
+++ b/lib/dns/rdata/generic/sig_24.c
@ -15,7 +15,7 @@
 * SOFTWARE.
 */

- /* $Id: sig_24.c,v 1.21 1999/09/15 23:03:32 explorer Exp $ */
+ /* $Id: sig_24.c,v 1.22 1999/09/17 09:22:40 gson Exp $ */

 /* RFC 2065 */

@ -55,10 +55,8 @@ fromtext_sig(dns_rdataclass_t rdclass, dns_rdatatype_t type,
 	RETERR(uint16_tobuffer(covered, target));

 	/* algorithm */
-	RETERR(gettoken(lexer, &token, isc_tokentype_number, ISC_FALSE));
-	if (token.value.as_ulong > 0xff)
-		return (DNS_R_RANGE);
-	c = token.value.as_ulong;
+	RETERR(gettoken(lexer, &token, isc_tokentype_string, ISC_FALSE));
+	RETERR(dns_secalg_fromtext(&c, &token.value.as_textregion));
 	RETERR(mem_tobuffer(target, &c, 1));

 	/* labels */
--- a/util/copyrights
+++ b/util/copyrights
@ -322,6 +322,8 @@
 ./lib/dns/include/dns/resolver.h		C	1999
 ./lib/dns/include/dns/result.h			C	1998,1999
 ./lib/dns/include/dns/secalg.h			C	1999
+./lib/dns/include/dns/secproto.h		C	1999
+./lib/dns/include/dns/keyflags.h		C	1999
 ./lib/dns/include/dns/tcpmsg.h			C	1999
 ./lib/dns/include/dns/time.h			C	1999
 ./lib/dns/include/dns/tsig.h			C	1999