From 0587b59de96bc1302104995154fd6bcd64dcc8e9 Mon Sep 17 00:00:00 2001
From: Valentin Samir <valentin.samir@crans.org>
Date: Sun, 19 Jan 2014 00:59:36 +0100
Subject: [PATCH] [dns/SSHFP] Ajout des clef ecdsa et de l'algorithm de hash
 sha256 pour SSHFP (cf rfc6594)

---
 gestion/config/config.py                     | 5 +++++
 gestion/gen_confs/bind.py                    | 6 ++++--
 gestion/gen_confs/populate_sshFingerprint.py | 7 +++++--
 3 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/gestion/config/config.py b/gestion/config/config.py
index 3c9d44c8..6fec9028 100644
--- a/gestion/config/config.py
+++ b/gestion/config/config.py
@@ -114,12 +114,17 @@ ISCSI_MAP_FILE = "/usr/scripts/var/iscsi_names.py"
 sshfp_algo = {
         "rsa" : (1, "ssh-rsa"),
         "dsa" : (2, "ssh-dss"),
+        "ecdsa-256" : (3, "ecdsa-sha2-nistp256"),
+        "ecdsa-384" : (3, "ecdsa-sha2-nistp384"),
+        "ecdsa-521" : (3, "ecdsa-sha2-nistp521"),
+        "ecdsa"     : (3, "ecdsa-sha2-nistp521"),
     }
 
 sshkey_max_age=2*(365.25*24*3600)
 sshkey_size = {
     'rsa':4096,
     'dsa':1024,
+    'ecdsa':521,
 }
 
 #: Nombre de jours après le passage en chambre ???? où on supprime les machines
diff --git a/gestion/gen_confs/bind.py b/gestion/gen_confs/bind.py
index 9032e205..d3be53dd 100755
--- a/gestion/gen_confs/bind.py
+++ b/gestion/gen_confs/bind.py
@@ -379,8 +379,10 @@ zone "%(NOM_zone)s" {
                                 break
                         if not algo: 
                             raise ValueError("Invalid Algorithms %s" % algo_txt)
-                        key=hashlib.sha1(base64.b64decode(key)).hexdigest()
-                        ligne +="%s\tIN\tSSHFP\t%s\t1\t%s\n" % (nom,algo,key)
+                        key1=hashlib.sha1(base64.b64decode(key)).hexdigest()
+                        key2=hashlib.sha256(base64.b64decode(key)).hexdigest()
+                        ligne +="%s\tIN\tSSHFP\t%s\t1\t%s\n" % (nom,algo,key1)
+                        ligne +="%s\tIN\tSSHFP\t%s\t2\t%s\n" % (nom,algo,key2)
                     except(ValueError,TypeError): pass
                 direct[zone] = direct.get(zone, "") + ligne
                 if isinstance(machine,ldap_crans.BorneWifi):
diff --git a/gestion/gen_confs/populate_sshFingerprint.py b/gestion/gen_confs/populate_sshFingerprint.py
index 7ebe2d14..ac146504 100755
--- a/gestion/gen_confs/populate_sshFingerprint.py
+++ b/gestion/gen_confs/populate_sshFingerprint.py
@@ -31,8 +31,11 @@ def ip4_addresses():
 def ssh_keyscan(host,algo):
     p=subprocess.Popen(["/usr/bin/ssh-keyscan", "-t",  "%s" %  algo,"%s" % host],stdout=subprocess.PIPE,stderr=subprocess.PIPE)
     ret=p.communicate()[0].split()
-    key=ret[2]
-    return key
+    if len(ret)>2:
+        key=ret[2]
+        return key
+    else:
+        sys.stderr.write("No key for algo %s used by host %s\n" % (algo, host))
 
 def ssh_md5_hash(path):
     key=base64.b64decode(open(path).read().split()[1])