dnssec-keygen.c revision dafcb997e390efa4423883dafd100c975c4095d6
/*
* Portions Copyright (C) 2004 Internet System Consortium, Inc. ("ISC")
* Portions Copyright (C) 2000-2003 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
* FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-keygen.c,v 1.64 2004/03/05 04:57:40 marka Exp $ */
#include <config.h>
#include <stdlib.h>
#include <isc/commandline.h>
#include <dns/fixedname.h>
#include <dns/keyvalues.h>
#include <dns/rdataclass.h>
#include "dnssectool.h"
const char *program = "dnssec-keygen";
int verbose;
static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5";
static isc_boolean_t
dsa_size_ok(int size) {
}
static void
usage(void) {
program);
"(DH only)\n");
"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
"(default: AUTHCONF)\n");
"default: 3 [dnssec]\n");
"records with (default: 0)\n");
"K<name>+<alg>+<id>.private\n");
exit (-1);
}
int
char *endp;
isc_uint16_t flags = 0;
char filename[255];
if (argc == 1)
usage();
"a:b:c:ef:g:n:t:p:s:r:v:h")) != -1)
{
switch (ch) {
case 'a':
break;
case 'b':
fatal("-b requires a non-negative number");
break;
case 'c':
break;
case 'e':
rsa_exp = 1;
break;
case 'f':
flags |= DNS_KEYFLAG_KSK;
else
fatal("unknown flag '%s'",
break;
case 'g':
&endp, 10);
fatal("-g requires a positive number");
break;
case 'n':
break;
case 't':
break;
case 'p':
fatal("-p must be followed by a number "
"[0..255]");
break;
case 's':
&endp, 10);
fatal("-s must be followed by a number "
"[0..15]");
break;
case 'r':
break;
case 'v':
if (*endp != '\0')
fatal("-v must be followed by a number");
break;
case 'h':
usage();
default:
usage();
}
}
if (ret != ISC_R_SUCCESS)
fatal("could not initialize dst");
fatal("the key name was not specified");
fatal("extraneous arguments");
fatal("no algorithm was specified");
else {
if (ret != ISC_R_SUCCESS)
}
if (size < 0)
size = 0;
}
/* nothing */;
else
}
if (size < 0)
fatal("key size not specified (-b option)");
switch (alg) {
case DNS_KEYALG_RSAMD5:
case DNS_KEYALG_RSASHA1:
break;
case DNS_KEYALG_DH:
break;
case DNS_KEYALG_DSA:
break;
case DST_ALG_HMACMD5:
break;
}
rsa_exp != 0)
fatal("specified RSA exponent for a non-RSA key");
fatal("specified DH generator for a non-DH key");
fatal("no nametype specified");
else
if (protocol == -1)
if (size > 0)
fatal("specified null key with non-zero size");
if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
fatal("specified null key with signing authority");
}
fatal("a key with algorithm '%s' cannot be a zone key",
algname);
if (ret != ISC_R_SUCCESS)
switch(alg) {
case DNS_KEYALG_RSAMD5:
case DNS_KEYALG_RSASHA1:
break;
case DNS_KEYALG_DH:
break;
case DNS_KEYALG_DSA:
case DST_ALG_HMACMD5:
param = 0;
break;
}
do {
/* generate the key */
if (ret != ISC_R_SUCCESS) {
char namestr[DNS_NAME_FORMATSIZE];
char algstr[ALG_FORMATSIZE];
fatal("failed to generate key %s/%s: %s\n",
exit(-1);
}
/*
* Try to read a key with the same name, alg and id from disk.
* If there is one we must continue generating a new one
* unless we were asked to generate a null key, in which
* case we return failure.
*/
/* do not overwrite an existing key */
if (ret == ISC_R_SUCCESS) {
if (null_key)
break;
}
if (verbose > 0) {
"%s: %s already exists, "
"generating a new key\n",
}
dst_key_free(&key);
}
if (conflict)
fatal("cannot generate a null key when a key with id 0 "
"already exists");
if (ret != ISC_R_SUCCESS) {
char keystr[KEY_FORMATSIZE];
}
dst_key_free(&key);
if (verbose > 10)
return (0);
}