version 1.32, 2014/12/21 22:27:56 |
version 1.33, 2015/01/15 09:40:00 |
|
|
#include <stdlib.h> |
#include <stdlib.h> |
|
|
#include "xmalloc.h" |
#include "xmalloc.h" |
#include "key.h" |
#include "sshkey.h" |
|
#include "ssherr.h" |
#include "dns.h" |
#include "dns.h" |
#include "log.h" |
#include "log.h" |
#include "digest.h" |
#include "digest.h" |
|
|
*/ |
*/ |
static int |
static int |
dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, |
dns_read_key(u_int8_t *algorithm, u_int8_t *digest_type, |
u_char **digest, u_int *digest_len, Key *key) |
u_char **digest, size_t *digest_len, struct sshkey *key) |
{ |
{ |
int success = 0; |
int r, success = 0; |
int fp_alg = -1; |
int fp_alg = -1; |
|
|
switch (key->type) { |
switch (key->type) { |
|
|
} |
} |
|
|
if (*algorithm && *digest_type) { |
if (*algorithm && *digest_type) { |
*digest = key_fingerprint_raw(key, fp_alg, digest_len); |
if ((r = sshkey_fingerprint_raw(key, fp_alg, digest, |
if (*digest == NULL) |
digest_len)) != 0) |
fatal("dns_read_key: null from key_fingerprint_raw()"); |
fatal("%s: sshkey_fingerprint_raw: %s", __func__, |
|
ssh_err(r)); |
success = 1; |
success = 1; |
} else { |
} else { |
*digest = NULL; |
*digest = NULL; |
|
|
*/ |
*/ |
static int |
static int |
dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type, |
dns_read_rdata(u_int8_t *algorithm, u_int8_t *digest_type, |
u_char **digest, u_int *digest_len, u_char *rdata, int rdata_len) |
u_char **digest, size_t *digest_len, u_char *rdata, int rdata_len) |
{ |
{ |
int success = 0; |
int success = 0; |
|
|
|
|
*/ |
*/ |
int |
int |
verify_host_key_dns(const char *hostname, struct sockaddr *address, |
verify_host_key_dns(const char *hostname, struct sockaddr *address, |
Key *hostkey, int *flags) |
struct sshkey *hostkey, int *flags) |
{ |
{ |
u_int counter; |
u_int counter; |
int result; |
int result; |
|
|
u_int8_t hostkey_algorithm; |
u_int8_t hostkey_algorithm; |
u_int8_t hostkey_digest_type = SSHFP_HASH_RESERVED; |
u_int8_t hostkey_digest_type = SSHFP_HASH_RESERVED; |
u_char *hostkey_digest; |
u_char *hostkey_digest; |
u_int hostkey_digest_len; |
size_t hostkey_digest_len; |
|
|
u_int8_t dnskey_algorithm; |
u_int8_t dnskey_algorithm; |
u_int8_t dnskey_digest_type; |
u_int8_t dnskey_digest_type; |
u_char *dnskey_digest; |
u_char *dnskey_digest; |
u_int dnskey_digest_len; |
size_t dnskey_digest_len; |
|
|
*flags = 0; |
*flags = 0; |
|
|
|
|
* Export the fingerprint of a key as a DNS resource record |
* Export the fingerprint of a key as a DNS resource record |
*/ |
*/ |
int |
int |
export_dns_rr(const char *hostname, Key *key, FILE *f, int generic) |
export_dns_rr(const char *hostname, struct sshkey *key, FILE *f, int generic) |
{ |
{ |
u_int8_t rdata_pubkey_algorithm = 0; |
u_int8_t rdata_pubkey_algorithm = 0; |
u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED; |
u_int8_t rdata_digest_type = SSHFP_HASH_RESERVED; |
u_int8_t dtype; |
u_int8_t dtype; |
u_char *rdata_digest; |
u_char *rdata_digest; |
u_int i, rdata_digest_len; |
size_t i, rdata_digest_len; |
int success = 0; |
int success = 0; |
|
|
for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) { |
for (dtype = SSHFP_HASH_SHA1; dtype < SSHFP_HASH_MAX; dtype++) { |
|
|
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, |
if (dns_read_key(&rdata_pubkey_algorithm, &rdata_digest_type, |
&rdata_digest, &rdata_digest_len, key)) { |
&rdata_digest, &rdata_digest_len, key)) { |
if (generic) { |
if (generic) { |
fprintf(f, "%s IN TYPE%d \\# %d %02x %02x ", |
fprintf(f, "%s IN TYPE%d \\# %zu %02x %02x ", |
hostname, DNS_RDATATYPE_SSHFP, |
hostname, DNS_RDATATYPE_SSHFP, |
2 + rdata_digest_len, |
2 + rdata_digest_len, |
rdata_pubkey_algorithm, rdata_digest_type); |
rdata_pubkey_algorithm, rdata_digest_type); |