dnssec-keygen.c revision 499b34cea04a46823d003d4c0520c8b03e8513cb
/*
* Portions Copyright (C) 2000, 2001 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND
* NETWORK ASSOCIATES DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
* SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
* FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR NETWORK
* ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
* CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
* USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
* OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.46 2001/01/09 21:39:22 bwelling Exp $ */
#include <config.h>
#include <stdlib.h>
#include <isc/commandline.h>
#include <dns/fixedname.h>
#include <dns/keyvalues.h>
#include <dns/rdataclass.h>
#include "dnssectool.h"
const char *program = "dnssec-keygen";
int verbose;
static isc_boolean_t
dsa_size_ok(int size) {
}
static void
usage(void) {
printf("Usage:\n");
printf("Required options:\n");
printf(" -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5\n");
printf(" -b key size, in bits:\n");
printf(" DH:\t\t[128..4096]\n");
printf(" DSA:\t\t[512..1024] and divisible by 64\n");
printf(" HMAC-MD5:\t[1..512]\n");
printf(" -n nametype: ZONE | HOST | ENTITY | USER\n");
printf(" name: owner of the key\n");
printf("Other options:\n");
printf(" -c class (default: IN)\n");
printf(" -e use large exponent (RSA only)\n");
printf(" -g use specified generator (DH only)\n");
printf(" -t type: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
"(default: AUTHCONF)\n");
printf(" -p protocol value "
"(default: 2 [email] for USER, 3 [dnssec] otherwise)\n");
printf(" -s strength value this key signs DNS records with "
"(default: 0)\n");
printf(" -r randomdev (a file containing random data)\n");
printf(" -v verbose level\n");
printf("Output:\n");
printf(" K<name>+<alg>+<id>.key, K<name>+<alg>+<id>.private\n");
exit (-1);
}
int
char *randomfile = NULL;
isc_uint16_t flags = 0;
char filename[255];
else
fatal("out of memory");
if (argc == 1)
usage();
"a:b:c:eg:n:t:p:s:hr:v:")) != -1)
{
switch (ch) {
case 'a':
break;
case 'b':
fatal("-b requires a non-negative number");
break;
case 'c':
break;
case 'e':
rsa_exp = 1;
break;
case 'g':
&endp, 10);
fatal("-g requires a positive number");
break;
case 'n':
fatal("out of memory");
break;
case 't':
fatal("out of memory");
break;
case 'p':
fatal("-p must be followed by a number "
"[0..255]");
break;
case 's':
&endp, 10);
fatal("-s must be followed by a number "
"[0..15]");
break;
case 'r':
break;
case 'v':
if (*endp != '\0')
fatal("-v must be followed by a number");
break;
case 'h':
usage();
default:
usage();
}
}
if (ret != ISC_R_SUCCESS)
fatal("could not initialize dst");
fatal("the key name was not specified");
fatal("extraneous arguments");
fatal("no algorithm was specified");
else {
if (ret != ISC_R_SUCCESS)
}
if (size < 0)
size = 0;
}
/* nothing */;
else
}
if (size < 0)
fatal("key size not specified (-b option)");
switch (alg) {
case DNS_KEYALG_RSA:
break;
case DNS_KEYALG_DH:
break;
case DNS_KEYALG_DSA:
break;
case DST_ALG_HMACMD5:
break;
}
fatal("specified RSA exponent without RSA");
fatal("specified DH generator without DH");
fatal("no nametype specified");
else
if (ret != ISC_R_SUCCESS)
} else
if (protocol == -1) {
else
}
if (size > 0)
fatal("Specified null key with non-zero size");
if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
fatal("Specified null key with signing authority");
}
if (ret != ISC_R_SUCCESS)
switch(alg) {
case DNS_KEYALG_RSA:
break;
case DNS_KEYALG_DH:
break;
case DNS_KEYALG_DSA:
case DST_ALG_HMACMD5:
param = 0;
break;
}
do {
/* generate the key */
if (ret != ISC_R_SUCCESS) {
char namestr[DNS_NAME_FORMATSIZE];
char algstr[ALG_FORMATSIZE];
fatal("failed to generate key %s/%s: %s\n",
exit(-1);
}
/*
* Try to read a key with the same name, alg and id from disk.
* If there is one we must continue generating a new one
* unless we were asked to generate a null key, in which
* case we return failure.
*/
/* do not overwrite an existing key */
if (ret == ISC_R_SUCCESS) {
if (null_key)
break;
}
if (verbose > 0) {
"%s: %s already exists, "
"generating a new key\n",
}
dst_key_free(&key);
}
if (conflict)
fatal("cannot generate a null key when a key with id 0 "
"already exists");
if (ret != ISC_R_SUCCESS) {
char keystr[KEY_FORMATSIZE];
}
dst_key_free(&key);
if (verbose > 10)
return (0);
}