resolved: add identifiers for dnssec algorithms

2014-08-03 16:44:49 -04:00 · 2014-08-03 16:44:49 -04:00 · ff3d6560be
parent 8db0d2f5c3
commit ff3d6560be
4 changed files with 39 additions and 3 deletions
--- a/2
+++ b/2
@ -30,6 +30,8 @@ Features:

 * resolved:
  - DNSSEC
+        - use base64 for key presentation?
+        - add display of private key types (http://tools.ietf.org/html/rfc4034#appendix-A.1.1)?
  - LLMNR:
        - do not fail daemon startup if socket is already busy (container)
        - process incoming notification of conflict
--- a/src/resolve/resolved-dns-packet.c
+++ b/src/resolve/resolved-dns-packet.c
@ -1361,3 +1361,15 @@ static const char* const dns_protocol_table[_DNS_PROTOCOL_MAX] = {
        [DNS_PROTOCOL_LLMNR] = "llmnr",
 };
 DEFINE_STRING_TABLE_LOOKUP(dns_protocol, DnsProtocol);
+
+static const char* const dnssec_algorithm_table[_DNSSEC_ALGORITHM_MAX_DEFINED] = {
+        [DNSSEC_ALGORITHM_RSAMD5]     = "RSAMD5",
+        [DNSSEC_ALGORITHM_DH]         = "DH",
+        [DNSSEC_ALGORITHM_DSA]        = "DSA",
+        [DNSSEC_ALGORITHM_ECC]        = "ECC",
+        [DNSSEC_ALGORITHM_RSASHA1]    = "RSASHA1",
+        [DNSSEC_ALGORITHM_INDIRECT]   = "INDIRECT",
+        [DNSSEC_ALGORITHM_PRIVATEDNS] = "PRIVATEDNS",
+        [DNSSEC_ALGORITHM_PRIVATEOID] = "PRIVATEOID",
+};
+DEFINE_STRING_TABLE_LOOKUP(dnssec_algorithm, int);
--- a/src/resolve/resolved-dns-packet.h
+++ b/src/resolve/resolved-dns-packet.h
@ -200,3 +200,19 @@ static inline uint16_t dnskey_to_flags(const DnsResourceRecord *rr) {
        return (rr->dnskey.zone_key_flag * DNSKEY_FLAG_ZONE_KEY |
                rr->dnskey.sep_flag * DNSKEY_FLAG_SEP);
 }
+
+/* http://tools.ietf.org/html/rfc4034#appendix-A.1 */
+enum {
+        DNSSEC_ALGORITHM_RSAMD5 = 1,
+        DNSSEC_ALGORITHM_DH,
+        DNSSEC_ALGORITHM_DSA,
+        DNSSEC_ALGORITHM_ECC,
+        DNSSEC_ALGORITHM_RSASHA1,
+        DNSSEC_ALGORITHM_INDIRECT = 252,
+        DNSSEC_ALGORITHM_PRIVATEDNS,
+        DNSSEC_ALGORITHM_PRIVATEOID,
+        _DNSSEC_ALGORITHM_MAX_DEFINED
+};
+
+const char* dnssec_algorithm_to_string(int i) _const_;
+int dnssec_algorithm_from_string(const char *s) _pure_;
--- a/src/resolve/resolved-dns-rr.c
+++ b/src/resolve/resolved-dns-rr.c
@ -584,19 +584,25 @@ int dns_resource_record_to_string(const DnsResourceRecord *rr, char **ret) {
                        return -ENOMEM;
                break;

-        case DNS_TYPE_DNSKEY:
+        case DNS_TYPE_DNSKEY: {
+                const char *alg;
+
+                alg = dnssec_algorithm_to_string(rr->dnskey.algorithm);
+
                t = hexmem(rr->dnskey.key, rr->dnskey.key_size);
                if (!t)
                        return -ENOMEM;

-                r = asprintf(&s, "%s %u 3 %u %s",
+                r = asprintf(&s, "%s %u 3 %.*s%.*u %s",
                             k,
                             dnskey_to_flags(rr),
-                             rr->dnskey.algorithm,
+                             alg ? -1 : 0, alg,
+                             alg ? 0 : 1, alg ? 0u : (unsigned) rr->dnskey.algorithm,
                             t);
                if (r < 0)
                        return -ENOMEM;
                break;
+        }

        default:
                t = hexmem(rr->generic.data, rr->generic.size);