diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index 339f9433d2..16dda0e979 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -1104,19 +1104,27 @@ const char* dns_resource_record_to_string(DnsResourceRecord *rr) { return NULL; break; - case DNS_TYPE_SSHFP: + case DNS_TYPE_SSHFP: { + _cleanup_free_ char *alg = NULL, *key_type = NULL; + t = hexmem(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size); if (!t) return NULL; - r = asprintf(&s, "%s %u %u %s", - k, - rr->sshfp.algorithm, - rr->sshfp.fptype, - t); + r = sshfp_algorithm_to_string_alloc(rr->sshfp.algorithm, &alg); + if (r < 0) + return NULL; + + r = sshfp_key_type_to_string_alloc(rr->sshfp.fptype, &key_type); + if (r < 0) + return NULL; + + r = asprintf(&s, "%s "SSHFP_ALGORITHM_FMT" "SSHFP_KEY_TYPE_FMT" %s", + k, alg, key_type, t); if (r < 0) return NULL; break; + } case DNS_TYPE_DNSKEY: { _cleanup_free_ char *alg = NULL; @@ -2517,3 +2525,18 @@ static const char* const dnssec_digest_table[_DNSSEC_DIGEST_MAX_DEFINED] = { [DNSSEC_DIGEST_SHA384] = "SHA-384", }; DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(dnssec_digest, int, 255); + +static const char* const sshfp_algorithm_table[_SSHFP_ALGORITHM_MAX_DEFINED] = { + [SSHFP_ALGORITHM_RSA] = "RSA", /* RFC 4255 */ + [SSHFP_ALGORITHM_DSA] = "DSA", /* RFC 4255 */ + [SSHFP_ALGORITHM_ECDSA] = "ECDSA", /* RFC 6594 */ + [SSHFP_ALGORITHM_ED25519] = "Ed25519", /* RFC 7479 */ + [SSHFP_ALGORITHM_ED448] = "Ed448", /* RFC 8709 */ +}; +DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sshfp_algorithm, int, 255); + +static const char* const sshfp_key_type_table[_SSHFP_KEY_TYPE_MAX_DEFINED] = { + [SSHFP_KEY_TYPE_SHA1] = "SHA-1", /* RFC 4255 */ + [SSHFP_KEY_TYPE_SHA256] = "SHA-256", /* RFC 4255 */ +}; +DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sshfp_key_type, int, 255); diff --git a/src/resolve/resolved-dns-rr.h b/src/resolve/resolved-dns-rr.h index 4129cddccd..8c7c257026 100644 --- a/src/resolve/resolved-dns-rr.h +++ b/src/resolve/resolved-dns-rr.h @@ -57,6 +57,30 @@ enum { _NSEC3_ALGORITHM_MAX_DEFINED }; +/* SSHFP algorithm identifiers, see + * https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml */ +enum { + SSHFP_ALGORITHM_RSA = 1, /* RFC 4255 */ + SSHFP_ALGORITHM_DSA = 2, /* RFC 4255 */ + SSHFP_ALGORITHM_ECDSA = 3, /* RFC 6594 */ + SSHFP_ALGORITHM_ED25519 = 4, /* RFC 7479 */ + /* unassigned */ + SSHFP_ALGORITHM_ED448 = 6, /* RFC 8709 */ + _SSHFP_ALGORITHM_MAX_DEFINED +}; +/* A helper to align printed output */ +#define SSHFP_ALGORITHM_FMT "%-7s" + +/* SSHFP key-type identifiers, see + * https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml */ +enum { + SSHFP_KEY_TYPE_SHA1 = 1, /* RFC 4255 */ + SSHFP_KEY_TYPE_SHA256 = 2, /* RFC 4255 */ + _SSHFP_KEY_TYPE_MAX_DEFINED +}; +/* A helper to align printed output */ +#define SSHFP_KEY_TYPE_FMT "%-7s" + typedef struct DnsResourceKey { unsigned n_ref; /* (unsigned -1) for const keys, see below */ uint16_t class, type; @@ -412,3 +436,9 @@ int dnssec_algorithm_from_string(const char *s) _pure_; int dnssec_digest_to_string_alloc(int i, char **ret); int dnssec_digest_from_string(const char *s) _pure_; + +int sshfp_algorithm_to_string_alloc(int i, char **ret); +int sshfp_algorithm_from_string(const char *s) _pure_; + +int sshfp_key_type_to_string_alloc(int i, char **ret); +int sshfp_key_type_from_string(const char *s) _pure_;