Add support for SSHFP.

Makefile

@@ -6,13 +6,15 @@ validns: main.o carp.o mempool.o textparse.o base64.o base32hex.o \
 	rr.o soa.o a.o cname.o mx.o ns.o \
 	rrsig.o nsec.o dnskey.o txt.o aaaa.o \
 	naptr.o srv.o nsec3param.o nsec3.o ds.o \
-	hinfo.o loc.o nsec3checks.o ptr.o
+	hinfo.o loc.o nsec3checks.o ptr.o \
+	sshfp.o
 	cc $(CFLAGS) $(OPTIMIZE) -o validns \
 	    main.o carp.o mempool.o textparse.o base64.o base32hex.o \
 	    rr.o soa.o a.o cname.o mx.o ns.o \
 	    rrsig.o nsec.o dnskey.o txt.o aaaa.o \
 	    naptr.o srv.o nsec3param.o nsec3.o ds.o \
 	    hinfo.o loc.o nsec3checks.o ptr.o \
+	    sshfp.o \
 	    -L/usr/local/lib -L/opt/local/lib -lJudy -lcrypto
 
 clean:
@@ -21,6 +23,7 @@ clean:
 	-rm rrsig.o nsec.o dnskey.o txt.o aaaa.o
 	-rm naptr.o srv.o nsec3param.o nsec3.o ds.o
 	-rm hinfo.o loc.o nsec3checks.o ptr.o
+	-rm sshfp.o
 	-rm validns.core core
 	@echo ':-)'
 
@@ -102,6 +105,9 @@ nsec3checks.o: nsec3checks.c common.h textparse.h mempool.h carp.h rr.h
 ptr.o: ptr.c common.h textparse.h mempool.h carp.h rr.h
 	cc $(CFLAGS) $(OPTIMIZE) -c -o ptr.o ptr.c $(INCPATH)
 
+sshfp.o: sshfp.c common.h textparse.h mempool.h carp.h rr.h
+	cc $(CFLAGS) $(OPTIMIZE) -c -o sshfp.o sshfp.c $(INCPATH)
+
 test: validns
 	perl -MTest::Harness -e 'runtests("t/test.pl")'
 

main.c

@@ -261,6 +261,7 @@ static void initialize_globals(void)
 	rr_methods[T_RRSIG]        =      rrsig_methods;
 	rr_methods[T_SOA]          =        soa_methods;
 	rr_methods[T_SRV]          =        srv_methods;
+	rr_methods[T_SSHFP]        =      sshfp_methods;
 	rr_methods[T_TXT]          =        txt_methods;
 }
 

rr.c

@@ -489,6 +489,8 @@ int str2rdtype(char *rdtype)
 			return T_SOA;
 		} else if (strcmp(rdtype, "srv") == 0) {
 			return T_SRV;
+		} else if (strcmp(rdtype, "sshfp") == 0) {
+			return T_SSHFP;
 		}
 		break;
 	case 't':

rr.h

@@ -22,6 +22,7 @@
 #define T_SRV	33
 #define T_NAPTR	35
 #define T_DS	43
+#define T_SSHFP	44
 #define T_RRSIG	46
 #define T_NSEC	47
 #define T_DNSKEY	48
@@ -307,6 +308,15 @@ struct rr_ptr
 };
 extern struct rr_methods ptr_methods;
 
+struct rr_sshfp
+{
+    struct rr rr;
+    uint8_t algorithm;
+	uint8_t fp_type;
+	struct binary_data fingerprint;
+};
+extern struct rr_methods sshfp_methods;
+
 extern struct rr_nsec3 *first_nsec3;
 extern struct rr_nsec3 *latest_nsec3;
 

sshfp.c

@@ -0,0 +1,76 @@
+/*
+ * Part of DNS zone file validator `validns`.
+ *
+ * Copyright 2011, Anton Berezin <tobez@tobez.org>
+ * Modified BSD license.
+ * (See LICENSE file in the distribution.)
+ *
+ */
+#include <sys/types.h>
+#include <stdio.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+
+#include "common.h"
+#include "textparse.h"
+#include "mempool.h"
+#include "carp.h"
+#include "rr.h"
+
+static struct rr* sshfp_parse(char *name, long ttl, int type, char *s)
+{
+	struct rr_sshfp *rr = getmem(sizeof(*rr));
+	int algorithm, fp_type;
+
+	algorithm = extract_integer(&s, "algorithm");
+	if (algorithm < 0)	return NULL;
+	if (algorithm != 1 && algorithm != 2)
+		return bitch("unsupported algorithm");
+	rr->algorithm = algorithm;
+
+	fp_type = extract_integer(&s, "fp type");
+	if (fp_type < 0)	return NULL;
+	if (fp_type != 1)
+		return bitch("unsupported fp_type");
+	rr->fp_type = fp_type;
+
+	rr->fingerprint = extract_hex_binary_data(&s, "fingerprint", EXTRACT_EAT_WHITESPACE);
+	if (rr->fingerprint.length < 0)	return NULL;
+	if (rr->fingerprint.length != 20) {
+		return bitch("wrong SHA-1 fingerprint length: %d bytes found, %d bytes expected",
+					 rr->fingerprint.length, 20);
+	}
+
+	if (*s) {
+		return bitch("garbage after valid SSHFP data");
+	}
+	return store_record(type, name, ttl, rr);
+}
+
+static char* sshfp_human(struct rr *rrv)
+{
+    struct rr_sshfp *rr = (struct rr_sshfp *)rrv;
+    char ss[4096];
+	char *s = ss;
+	int l;
+	int i;
+
+    l = snprintf(s, 4096, "%u %u ", rr->algorithm, rr->fp_type);
+	s += l;
+	for (i = 0; i < rr->fingerprint.length; i++) {
+		l = snprintf(s, 4096-(s-ss), "%02X", (unsigned char)rr->fingerprint.data[i]);
+		s += l;
+	}
+    return quickstrdup_temp(ss);
+}
+
+static struct binary_data sshfp_wirerdata(struct rr *rrv)
+{
+    struct rr_sshfp *rr = (struct rr_sshfp *)rrv;
+
+	return compose_binary_data("11d", 1,
+		rr->algorithm, rr->fp_type,
+		rr->fingerprint);
+}
+
+struct rr_methods sshfp_methods = { sshfp_parse, sshfp_human, sshfp_wirerdata, NULL, NULL };

t/test.pl

@@ -17,7 +17,7 @@
 run('./validns', 't/zones/galaxyplus.org');
 is(rc, 0, 'valid zone parses ok');
 
-run('./validns', '-t1305566931', 't/zones/example.sec.signed');
+run('./validns', '-t1315566931', 't/zones/example.sec.signed');
 is(rc, 0, 'valid signed zone parses ok');
 
 run('./validns', '-t1303720010', 't/zones/example.sec.signed');

t/zones/example.sec

@@ -26,3 +26,5 @@ public  HINFO "i386" "FreeBSD"
 		LOC 55 40 15.258 N 12 41 56.378 E 9.57m 10.00m 10000.00m 10.00m
 
 lets.introduce.some.empty.terminals CNAME example.sec.
+jumphost SSHFP 2 1 123456789abcdef67890123456789abcdef67890
+