bin/dnssec/dnssec-keygen.c

	dnssec-keygen.c revision cda383abe000119e7db0c71e2bfc7d30bfc56452
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews/*
a134177ed9f82189504191d90f3ed9e97c2b47cbTinderbox User * Portions Copyright (C) 2000, 2001  Internet Software Consortium.
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews *
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * Permission to use, copy, modify, and distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * purpose with or without fee is hereby granted, provided that the above
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * copyright notice and this permission notice appear in all copies.
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews *
28a8f5b0de57d269cf2845c69cb6abe18cbd3b3aMark Andrews * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * NETWORK ASSOCIATES DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
00b872e4f76587584a2359e9001e9cf08b195ccfMark Andrews * SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR NETWORK
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews * PERFORMANCE OF THIS SOFTWARE.
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews/* $Id: dnssec-keygen.c,v 1.48 2001/07/10 18:53:09 bwelling Exp $ */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman#include <config.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <stdlib.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <isc/buffer.h>
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews#include <isc/commandline.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <isc/entropy.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <isc/mem.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <isc/region.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <isc/string.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <isc/util.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <dns/fixedname.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <dns/keyvalues.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <dns/log.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <dns/name.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <dns/rdataclass.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <dns/result.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <dns/secalg.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <dst/dst.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include <dst/result.h>
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#include "dnssectool.h"
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews#define MAX_RSA 4096 /* should be long enough... */
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewsconst char *program = "dnssec-keygen";
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewsint verbose;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewsstatic isc_boolean_t
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewsdsa_size_ok(int size) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0));
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews}
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewsstatic void
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrewsusage(void) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "Usage:\n");
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman    fprintf(stderr, "    %s -a alg -b bits -n type [options] name\n\n",
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        program);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "Required options:\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "    -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5"
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        "\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "    -b key size, in bits:\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "        RSA:\t\t[512..%d]\n", MAX_RSA);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "        DH:\t\t[128..4096]\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "        DSA:\t\t[512..1024] and divisible by 64\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "        HMAC-MD5:\t[1..512]\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "    name: owner of the key\n");
ad1317338af79edad878c9c3e4361798503310baMark Andrews    fprintf(stderr, "Other options:\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "    -c class (default: IN)\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "    -e use large exponent (RSA only)\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "    -g use specified generator (DH only)\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "    -t type: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews           "(default: AUTHCONF)\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "    -p protocol value "
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews           "(default: 2 [email] for USER, 3 [dnssec] otherwise)\n");
ad1317338af79edad878c9c3e4361798503310baMark Andrews    fprintf(stderr, "    -s strength value this key signs DNS records "
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        "with (default: 0)\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "    -r randomdev (a file containing random data)\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "    -v verbose level\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "Output:\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    fprintf(stderr, "     K<name>+<alg>+<id>.key, "
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        "K<name>+<alg>+<id>.private\n");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    exit (-1);
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt}
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Huntint
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Huntmain(int argc, char **argv) {
9a859983d7059a6eb9c877c1d2ac6a3a5b7170f7Evan Hunt    char        *algname = NULL, *nametype = NULL, *type = NULL;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    char        *classname = NULL;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    char        *randomfile = NULL;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    char        *prog, *endp;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    dst_key_t   *key = NULL, *oldkey;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    dns_fixedname_t fname;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    dns_name_t  *name;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    isc_uint16_t    flags = 0;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    dns_secalg_t    alg;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    isc_boolean_t   conflict = ISC_FALSE, null_key = ISC_FALSE;
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman    isc_mem_t   *mctx = NULL;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    int     ch, rsa_exp = 0, generator = 0, param = 0;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    int     protocol = -1, size = -1, signatory = 0;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    isc_result_t    ret;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    isc_textregion_t r;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews    char        filename[255];
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    isc_buffer_t    buf;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    isc_log_t   *log = NULL;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    isc_entropy_t   *ectx = NULL;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    dns_rdataclass_t rdclass;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    if ((prog = strrchr(argv[0],'/')) == NULL)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        prog = isc_mem_strdup(mctx, argv[0]);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    else
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        prog = isc_mem_strdup(mctx, ++prog);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    if (prog == NULL)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        fatal("out of memory");
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    if (argc == 1)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        usage();
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    dns_result_register();
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    while ((ch = isc_commandline_parse(argc, argv,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews                       "a:b:c:eg:n:t:p:s:hr:v:")) != -1)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        switch (ch) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        case 'a':
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            algname = isc_commandline_argument;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            break;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        case 'b':
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            size = strtol(isc_commandline_argument, &endp, 10);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            if (*endp != '\0' || size < 0)
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman                fatal("-b requires a non-negative number");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            break;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        case 'c':
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            classname = isc_commandline_argument;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            break;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        case 'e':
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            rsa_exp = 1;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            break;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        case 'g':
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            generator = strtol(isc_commandline_argument,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews                       &endp, 10);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            if (*endp != '\0' || generator <= 0)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews                fatal("-g requires a positive number");
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman            break;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        case 'n':
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            nametype = isc_commandline_argument;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            if (nametype == NULL)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews                fatal("out of memory");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            break;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        case 't':
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            type = isc_commandline_argument;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            if (type == NULL)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews                fatal("out of memory");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            break;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        case 'p':
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            protocol = strtol(isc_commandline_argument, &endp, 10);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            if (*endp != '\0' || protocol < 0 || protocol > 255)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews                fatal("-p must be followed by a number "
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews                      "[0..255]");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            break;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        case 's':
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            signatory = strtol(isc_commandline_argument,
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman                       &endp, 10);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            if (*endp != '\0' || signatory < 0 || signatory > 15)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews                fatal("-s must be followed by a number "
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews                      "[0..15]");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            break;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        case 'r':
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            randomfile = isc_commandline_argument;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            break;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        case 'v':
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            endp = NULL;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            verbose = strtol(isc_commandline_argument, &endp, 0);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            if (*endp != '\0')
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews                fatal("-v must be followed by a number");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            break;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        case 'h':
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            usage();
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        default:
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            fprintf(stderr, "%s: invalid argument -%c\n",
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews                program, ch);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            usage();
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        }
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    }
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    setup_entropy(mctx, randomfile, &ectx);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    ret = dst_lib_init(mctx, ectx,
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews               ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    if (ret != ISC_R_SUCCESS)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        fatal("could not initialize dst");
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    setup_logging(verbose, mctx, &log);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    if (argc < isc_commandline_index + 1)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        fatal("the key name was not specified");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    if (argc > isc_commandline_index + 1)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        fatal("extraneous arguments");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    if (algname == NULL)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        fatal("no algorithm was specified");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    if (strcasecmp(algname, "RSA") == 0)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        alg = DNS_KEYALG_RSA;
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman    else if (strcasecmp(algname, "HMAC-MD5") == 0)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        alg = DST_ALG_HMACMD5;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    else {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        r.base = algname;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        r.length = strlen(algname);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        ret = dns_secalg_fromtext(&alg, &r);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        if (ret != ISC_R_SUCCESS)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            fatal("unknown algorithm %s", algname);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    }
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews    if (type != NULL) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        if (strcasecmp(type, "NOAUTH") == 0)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            flags |= DNS_KEYTYPE_NOAUTH;
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman        else if (strcasecmp(type, "NOCONF") == 0)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            flags |= DNS_KEYTYPE_NOCONF;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        else if (strcasecmp(type, "NOAUTHCONF") == 0) {
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            flags |= (DNS_KEYTYPE_NOAUTH | DNS_KEYTYPE_NOCONF);
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews            if (size < 0)
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews                size = 0;
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews        }
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews        else if (strcasecmp(type, "AUTHCONF") == 0)
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews            /* nothing */;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews        else
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman            fatal("invalid type %s", type);
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews    }
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews    if (size < 0)
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews        fatal("key size not specified (-b option)");
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews    switch (alg) {
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews    case DNS_KEYALG_RSA:
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews        if (size != 0 && (size < 512 || size > MAX_RSA))
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews            fatal("RSA key size %d out of range", size);
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews        break;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews    case DNS_KEYALG_DH:
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews        if (size != 0 && (size < 128 || size > 4096))
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman            fatal("DH key size %d out of range", size);
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews        break;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews    case DNS_KEYALG_DSA:
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews        if (size != 0 && !dsa_size_ok(size))
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews            fatal("Invalid DSS key size: %d", size);
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews        break;
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews    case DST_ALG_HMACMD5:
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews        if (size < 1 || size > 512)
2047977ce2dfcfe3a0fa2d638c3242841310fad3Mark Andrews            fatal("HMAC-MD5 key size %d out of range", size);
3d17a3ba61a303d5c4d9867068d0fbe9f24d2988Mark Andrews        break;
3d17a3ba61a303d5c4d9867068d0fbe9f24d2988Mark Andrews    }
3d17a3ba61a303d5c4d9867068d0fbe9f24d2988Mark Andrews
3d17a3ba61a303d5c4d9867068d0fbe9f24d2988Mark Andrews    if (alg != DNS_KEYALG_RSA && rsa_exp != 0)
3d17a3ba61a303d5c4d9867068d0fbe9f24d2988Mark Andrews        fatal("specified RSA exponent without RSA");
89639a5e13cace9166bf14931b9e1ce9dc8c47a3Mark Andrews
    if (alg != DNS_KEYALG_DH && generator != 0)
        fatal("specified DH generator without DH");

    if (nametype == NULL)
        fatal("no nametype specified");
    if (strcasecmp(nametype, "zone") == 0)
        flags |= DNS_KEYOWNER_ZONE;
    else if (strcasecmp(nametype, "host") == 0 ||
         strcasecmp(nametype, "entity") == 0)
        flags |= DNS_KEYOWNER_ENTITY;
    else if (strcasecmp(nametype, "user") == 0)
        flags |= DNS_KEYOWNER_USER;
    else
        fatal("invalid nametype %s", nametype);

    if (classname != NULL) {
        r.base = classname;
        r.length = strlen(classname);
        ret = dns_rdataclass_fromtext(&rdclass, &r);
        if (ret != ISC_R_SUCCESS)
            fatal("unknown class %s",classname);
    } else
        rdclass = dns_rdataclass_in;

    flags |= signatory;

    if (protocol == -1) {
        if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_USER)
            protocol = DNS_KEYPROTO_EMAIL;
        else
            protocol = DNS_KEYPROTO_DNSSEC;
    }

    if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
        if (size > 0)
            fatal("Specified null key with non-zero size");
        if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
            fatal("Specified null key with signing authority");
    }

    dns_fixedname_init(&fname);
    name = dns_fixedname_name(&fname);
    isc_buffer_init(&buf, argv[isc_commandline_index],
            strlen(argv[isc_commandline_index]));
    isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
    ret = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);
    if (ret != ISC_R_SUCCESS)
        fatal("Invalid key name %s: %s", argv[isc_commandline_index],
              isc_result_totext(ret));

    switch(alg) {
    case DNS_KEYALG_RSA:
        param = rsa_exp;
        break;
    case DNS_KEYALG_DH:
        param = generator;
        break;
    case DNS_KEYALG_DSA:
    case DST_ALG_HMACMD5:
        param = 0;
        break;
    }

    if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
        null_key = ISC_TRUE;

    isc_buffer_init(&buf, filename, sizeof(filename) - 1);

    do {
        conflict = ISC_FALSE;
        oldkey = NULL;

        /* generate the key */
        ret = dst_key_generate(name, alg, size, param, flags, protocol,
                       rdclass, mctx, &key);
        isc_entropy_stopcallbacksources(ectx);

        if (ret != ISC_R_SUCCESS) {
            char namestr[DNS_NAME_FORMATSIZE];
            char algstr[ALG_FORMATSIZE];
            dns_name_format(name, namestr, sizeof namestr);
            alg_format(alg, algstr, sizeof algstr);
            fatal("failed to generate key %s/%s: %s\n",
                  namestr, algstr, dst_result_totext(ret));
            exit(-1);
        }

        /*
         * Try to read a key with the same name, alg and id from disk.
         * If there is one we must continue generating a new one
         * unless we were asked to generate a null key, in which
         * case we return failure.
         */
        ret = dst_key_fromfile(name, dst_key_id(key), alg,
                       DST_TYPE_PRIVATE, NULL, mctx, &oldkey);
        /* do not overwrite an existing key  */
        if (ret == ISC_R_SUCCESS) {
            dst_key_free(&oldkey);
            conflict = ISC_TRUE;
            if (null_key)
                break;
        }
        if (conflict == ISC_TRUE) {
            if (verbose > 0) {
                isc_buffer_clear(&buf);
                ret = dst_key_buildfilename(key, 0, NULL, &buf);
                fprintf(stderr,
                    "%s: %s already exists, "
                    "generating a new key\n",
                    program, filename);
            }
            dst_key_free(&key);
        }

    } while (conflict == ISC_TRUE);

    if (conflict)
        fatal("cannot generate a null key when a key with id 0 "
              "already exists");

    ret = dst_key_tofile(key, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, NULL);
    if (ret != ISC_R_SUCCESS) {
        char keystr[KEY_FORMATSIZE];
        key_format(key, keystr, sizeof keystr);
        fatal("failed to write key %s: %s\n", keystr,
              isc_result_totext(ret));
    }

    isc_buffer_clear(&buf);
    ret = dst_key_buildfilename(key, 0, NULL, &buf);
    printf("%s\n", filename);
    isc_mem_free(mctx, prog);
    dst_key_free(&key);

    cleanup_logging(&log);
    cleanup_entropy(&ectx);
    dst_lib_destroy();
    if (verbose > 10)
        isc_mem_stats(mctx, stdout);
    isc_mem_destroy(&mctx);

    return (0);
}