resolve: add converters for sshfp key types and algs

With the data center move in the Fedora project, the ssh keys have changed.
The list with numerical values is hard to read…

$ resolvectl -t sshfp query pkgs.fedoraproject.org
Old:
pkgs.fedoraproject.org IN SSHFP 1 1 18270c9131ef9664861f5aa675a981146573cce0 -- link: wlp0s20f3
pkgs.fedoraproject.org IN SSHFP 1 2 b067e6eb4c3e2d0e8bb37d6799493b762131816fe979940bbe660470abe6efbb -- link: wlp0s20f3
pkgs.fedoraproject.org IN SSHFP 3 1 a1ad871a5eabe3027728d498a89895fb5bf5b290 -- link: wlp0s20f3
pkgs.fedoraproject.org IN SSHFP 3 2 c3dc523f99bb5155ec87f40fd1aa198c68f349d75beeccf60e87b44c9b461907 -- link: wlp0s20f3
pkgs.fedoraproject.org IN SSHFP 4 1 e1265f46012ee40967127e06cf5533b270568428 -- link: wlp0s20f3
pkgs.fedoraproject.org IN SSHFP 4 2 acaa1ee6292d01f1ae7881fdf03aaf7d7b0814e34e94c3558a25e4d1aaab8f94 -- link: wlp0s20f3
New:
pkgs.fedoraproject.org IN SSHFP RSA     SHA-1   18270c9131ef9664861f5aa675a981146573cce0 -- link: wlp0s20f3
pkgs.fedoraproject.org IN SSHFP RSA     SHA-256 b067e6eb4c3e2d0e8bb37d6799493b762131816fe979940bbe660470abe6efbb -- link: wlp0s20f3
pkgs.fedoraproject.org IN SSHFP ECDSA   SHA-1   a1ad871a5eabe3027728d498a89895fb5bf5b290 -- link: wlp0s20f3
pkgs.fedoraproject.org IN SSHFP ECDSA   SHA-256 c3dc523f99bb5155ec87f40fd1aa198c68f349d75beeccf60e87b44c9b461907 -- link: wlp0s20f3
pkgs.fedoraproject.org IN SSHFP Ed25519 SHA-1   e1265f46012ee40967127e06cf5533b270568428 -- link: wlp0s20f3
pkgs.fedoraproject.org IN SSHFP Ed25519 SHA-256 acaa1ee6292d01f1ae7881fdf03aaf7d7b0814e34e94c3558a25e4d1aaab8f94 -- link: wlp0s20f3

diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c
index 339f9433d291524c867aa644e2194cd34b944ca8..16dda0e97998cdf84292eb4ea597d89b5b6781a6 100644 (file)
--- a/src/resolve/resolved-dns-rr.c
+++ b/src/resolve/resolved-dns-rr.c
@@ -1104,19 +1104,27 @@ const char* dns_resource_record_to_string(DnsResourceRecord *rr) {
                         return NULL;
                 break;
 
-        case DNS_TYPE_SSHFP:
+        case DNS_TYPE_SSHFP: {
+                _cleanup_free_ char *alg = NULL, *key_type = NULL;
+
                 t = hexmem(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size);
                 if (!t)
                         return NULL;
 
-                r = asprintf(&s, "%s %u %u %s",
-                             k,
-                             rr->sshfp.algorithm,
-                             rr->sshfp.fptype,
-                             t);
+                r = sshfp_algorithm_to_string_alloc(rr->sshfp.algorithm, &alg);
+                if (r < 0)
+                        return NULL;
+
+                r = sshfp_key_type_to_string_alloc(rr->sshfp.fptype, &key_type);
+                if (r < 0)
+                        return NULL;
+
+                r = asprintf(&s, "%s "SSHFP_ALGORITHM_FMT" "SSHFP_KEY_TYPE_FMT" %s",
+                             k, alg, key_type, t);
                 if (r < 0)
                         return NULL;
                 break;
+        }
 
         case DNS_TYPE_DNSKEY: {
                 _cleanup_free_ char *alg = NULL;
@@ -2517,3 +2525,18 @@ static const char* const dnssec_digest_table[_DNSSEC_DIGEST_MAX_DEFINED] = {
         [DNSSEC_DIGEST_SHA384]          = "SHA-384",
 };
 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(dnssec_digest, int, 255);
+
+static const char* const sshfp_algorithm_table[_SSHFP_ALGORITHM_MAX_DEFINED] = {
+        [SSHFP_ALGORITHM_RSA]     = "RSA",     /* RFC 4255 */
+        [SSHFP_ALGORITHM_DSA]     = "DSA",     /* RFC 4255 */
+        [SSHFP_ALGORITHM_ECDSA]   = "ECDSA",   /* RFC 6594 */
+        [SSHFP_ALGORITHM_ED25519] = "Ed25519", /* RFC 7479 */
+        [SSHFP_ALGORITHM_ED448]   = "Ed448",   /* RFC 8709 */
+};
+DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sshfp_algorithm, int, 255);
+
+static const char* const sshfp_key_type_table[_SSHFP_KEY_TYPE_MAX_DEFINED] = {
+        [SSHFP_KEY_TYPE_SHA1]     = "SHA-1",     /* RFC 4255 */
+        [SSHFP_KEY_TYPE_SHA256]   = "SHA-256",   /* RFC 4255 */
+};
+DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sshfp_key_type, int, 255);

diff --git a/src/resolve/resolved-dns-rr.h b/src/resolve/resolved-dns-rr.h
index 4129cddccd2585b10533c8ea159ebb142a2093ad..8c7c257026adee2331d50f32b939a2f6a68e583b 100644 (file)
--- a/src/resolve/resolved-dns-rr.h
+++ b/src/resolve/resolved-dns-rr.h
@@ -57,6 +57,30 @@ enum {
         _NSEC3_ALGORITHM_MAX_DEFINED
 };
 
+/* SSHFP algorithm identifiers, see
+ * https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml */
+enum {
+        SSHFP_ALGORITHM_RSA     = 1,   /* RFC 4255 */
+        SSHFP_ALGORITHM_DSA     = 2,   /* RFC 4255 */
+        SSHFP_ALGORITHM_ECDSA   = 3,   /* RFC 6594 */
+        SSHFP_ALGORITHM_ED25519 = 4,   /* RFC 7479 */
+        /* unassigned */
+        SSHFP_ALGORITHM_ED448   = 6,   /* RFC 8709 */
+        _SSHFP_ALGORITHM_MAX_DEFINED
+};
+/* A helper to align printed output */
+#define SSHFP_ALGORITHM_FMT "%-7s"
+
+/* SSHFP key-type identifiers, see
+ * https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml */
+enum {
+        SSHFP_KEY_TYPE_SHA1     = 1,   /* RFC 4255 */
+        SSHFP_KEY_TYPE_SHA256   = 2,   /* RFC 4255 */
+        _SSHFP_KEY_TYPE_MAX_DEFINED
+};
+/* A helper to align printed output */
+#define SSHFP_KEY_TYPE_FMT "%-7s"
+
 typedef struct DnsResourceKey {
         unsigned n_ref; /* (unsigned -1) for const keys, see below */
         uint16_t class, type;
@@ -412,3 +436,9 @@ int dnssec_algorithm_from_string(const char *s) _pure_;
 
 int dnssec_digest_to_string_alloc(int i, char **ret);
 int dnssec_digest_from_string(const char *s) _pure_;
+
+int sshfp_algorithm_to_string_alloc(int i, char **ret);
+int sshfp_algorithm_from_string(const char *s) _pure_;
+
+int sshfp_key_type_to_string_alloc(int i, char **ret);
+int sshfp_key_type_from_string(const char *s) _pure_;