From: Zbigniew Jędrzejewski-Szmek Date: Sun, 3 Aug 2014 20:44:49 +0000 (-0400) Subject: resolved: add identifiers for dnssec algorithms X-Git-Tag: v216~275 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=ff3d6560bead6879a2fed1bf99bfe8273b3723f1 resolved: add identifiers for dnssec algorithms --- diff --git a/TODO b/TODO index 1dbb9ff9e..3f13b913d 100644 --- a/TODO +++ b/TODO @@ -30,6 +30,8 @@ Features: * resolved: - DNSSEC + - use base64 for key presentation? + - add display of private key types (http://tools.ietf.org/html/rfc4034#appendix-A.1.1)? - LLMNR: - do not fail daemon startup if socket is already busy (container) - process incoming notification of conflict diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c index 951c79808..626b904d9 100644 --- a/src/resolve/resolved-dns-packet.c +++ b/src/resolve/resolved-dns-packet.c @@ -1361,3 +1361,15 @@ static const char* const dns_protocol_table[_DNS_PROTOCOL_MAX] = { [DNS_PROTOCOL_LLMNR] = "llmnr", }; DEFINE_STRING_TABLE_LOOKUP(dns_protocol, DnsProtocol); + +static const char* const dnssec_algorithm_table[_DNSSEC_ALGORITHM_MAX_DEFINED] = { + [DNSSEC_ALGORITHM_RSAMD5] = "RSAMD5", + [DNSSEC_ALGORITHM_DH] = "DH", + [DNSSEC_ALGORITHM_DSA] = "DSA", + [DNSSEC_ALGORITHM_ECC] = "ECC", + [DNSSEC_ALGORITHM_RSASHA1] = "RSASHA1", + [DNSSEC_ALGORITHM_INDIRECT] = "INDIRECT", + [DNSSEC_ALGORITHM_PRIVATEDNS] = "PRIVATEDNS", + [DNSSEC_ALGORITHM_PRIVATEOID] = "PRIVATEOID", +}; +DEFINE_STRING_TABLE_LOOKUP(dnssec_algorithm, int); diff --git a/src/resolve/resolved-dns-packet.h b/src/resolve/resolved-dns-packet.h index 4e3001911..f3b0f0c9e 100644 --- a/src/resolve/resolved-dns-packet.h +++ b/src/resolve/resolved-dns-packet.h @@ -200,3 +200,19 @@ static inline uint16_t dnskey_to_flags(const DnsResourceRecord *rr) { return (rr->dnskey.zone_key_flag * DNSKEY_FLAG_ZONE_KEY | rr->dnskey.sep_flag * DNSKEY_FLAG_SEP); } + +/* http://tools.ietf.org/html/rfc4034#appendix-A.1 */ +enum { + DNSSEC_ALGORITHM_RSAMD5 = 1, + DNSSEC_ALGORITHM_DH, + DNSSEC_ALGORITHM_DSA, + DNSSEC_ALGORITHM_ECC, + DNSSEC_ALGORITHM_RSASHA1, + DNSSEC_ALGORITHM_INDIRECT = 252, + DNSSEC_ALGORITHM_PRIVATEDNS, + DNSSEC_ALGORITHM_PRIVATEOID, + _DNSSEC_ALGORITHM_MAX_DEFINED +}; + +const char* dnssec_algorithm_to_string(int i) _const_; +int dnssec_algorithm_from_string(const char *s) _pure_; diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index ada7333a6..bc0cbef92 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -584,19 +584,25 @@ int dns_resource_record_to_string(const DnsResourceRecord *rr, char **ret) { return -ENOMEM; break; - case DNS_TYPE_DNSKEY: + case DNS_TYPE_DNSKEY: { + const char *alg; + + alg = dnssec_algorithm_to_string(rr->dnskey.algorithm); + t = hexmem(rr->dnskey.key, rr->dnskey.key_size); if (!t) return -ENOMEM; - r = asprintf(&s, "%s %u 3 %u %s", + r = asprintf(&s, "%s %u 3 %.*s%.*u %s", k, dnskey_to_flags(rr), - rr->dnskey.algorithm, + alg ? -1 : 0, alg, + alg ? 0 : 1, alg ? 0u : (unsigned) rr->dnskey.algorithm, t); if (r < 0) return -ENOMEM; break; + } default: t = hexmem(rr->generic.data, rr->generic.size);