dnssec-signkey.c revision 3de75141d2e042a1db4c58b397ea4fc905cecf6e
72d6be2c1101df11c05360f78d47197027d419c3Automatic Updater * Copyright (C) 1999, 2000 Internet Software Consortium.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * Permission to use, copy, modify, and distribute this software for any
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater * purpose with or without fee is hereby granted, provided that the above
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley * copyright notice and this permission notice appear in all copies.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
f754fa97bc698cc251d227173a95e4d39a88ac01Mark Andrewsstatic inline void
ee80f4506479e189ca1320eb87ac89188c5a7848Mark Andrewsstatic inline void
ee80f4506479e189ca1320eb87ac89188c5a7848Mark Andrewscheck_result(isc_result_t result, char *message) {
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington fprintf(stderr, "%s: %s: %s\n", PROGRAM, message,
5d98cf67b32d785aca1a72ea1dc4d559fab39208Mark Andrews fprintf(stderr, "\tkeysigner [options] keyset keys\n");
5d98cf67b32d785aca1a72ea1dc4d559fab39208Mark Andrews fprintf(stderr, "Options: (default value in parenthesis) \n");
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington fprintf(stderr, "\tfile name of key set to be signed\n");
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington fprintf(stderr, "\tkeyfile (Kname+alg+id)\n");
5d98cf67b32d785aca1a72ea1dc4d559fab39208Mark Andrewsloadkeys(dns_name_t *name, dns_rdataset_t *rdataset) {
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington for (; result == ISC_R_SUCCESS; result = dns_rdataset_next(rdataset)) {
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington result = dns_dnssec_keyfromrdata(name, &rdata, mctx, &key);
0415ca35ada2cac6a86127eaca64f3a997aea121Evan Hunt fatal("signature generated by non-zone or missing key");
d1e4b08844175357a925ddd6dcfa750cccd2b116Brian Wellington unsigned char *data;
d1e4b08844175357a925ddd6dcfa750cccd2b116Brian Wellington dns_rdataset_t rdataset, sigrdataset, newsigrdataset;
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley while ((ch = isc_commandline_parse(argc, argv, "v:")) != -1)
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley verbose = strtol(isc_commandline_argument, &endp, 0);
dc2a0aa7aaa8b85398ae183c7274c0eeec5009afMark Andrews RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig)
0415ca35ada2cac6a86127eaca64f3a997aea121Evan Hunt RUNTIME_CHECK(isc_log_usechannel(logconfig, "default_stderr",
88674be66567d3c7db91e717cd5972655e2e2488Mark Andrews strcmp(argv[0] + strlen(argv[0]) - 7, ".keyset") != 0)
88674be66567d3c7db91e717cd5972655e2e2488Mark Andrews isc_buffer_init(&b, argv[0], strlen(argv[0]) - 7);
88674be66567d3c7db91e717cd5972655e2e2488Mark Andrews result = dns_name_fromtext(domain, &b, dns_rootname, ISC_FALSE, NULL);
88674be66567d3c7db91e717cd5972655e2e2488Mark Andrews isc_buffer_init(&b, tdomain, sizeof(tdomain) - 1);
88674be66567d3c7db91e717cd5972655e2e2488Mark Andrews result = dns_name_totext(domain, ISC_FALSE, &b);
0415ca35ada2cac6a86127eaca64f3a997aea121Evan Hunt check_result(ISC_R_FAILURE, "isc_mem_allocate()");
0415ca35ada2cac6a86127eaca64f3a997aea121Evan Hunt result = dns_db_create(mctx, "rbt", domain, ISC_FALSE,
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley result = dns_db_findnode(db, domain, ISC_FALSE, &node);
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley result = dns_db_findrdataset(db, node, version, dns_rdatatype_key, 0,
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley result = dns_rdata_tostruct(&sigrdata, &sig, mctx);
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellington result = dns_dnssec_verify(domain, &rdataset, key,
71954c957132c35ddf5f9e4dcc98c057b265b6d8Brian Wellington fatal("Not all zone keys self signed the key set");
71954c957132c35ddf5f9e4dcc98c057b265b6d8Brian Wellington check_result(result, "dns_rdataset_first()");
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington dns_rdataset_current(&sigrdataset, &sigrdata);
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington result = dns_rdata_tostruct(&sigrdata, &sig, mctx);
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington check_result(result, "dns_rdata_tostruct()");
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley for (i = 0; i < argc; i++) {
0415ca35ada2cac6a86127eaca64f3a997aea121Evan Hunt result = dst_key_parsefilename(&b, mctx, &namestr, &id, &alg,
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein result = dst_key_fromfile(namestr, id, alg, DST_TYPE_PRIVATE,
8fd925169f3d690f6c50c17d711adc9695407528Mark Andrews result = dns_dnssec_sign(domain, &rdataset, key,
8fd925169f3d690f6c50c17d711adc9695407528Mark Andrews ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link);
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley result = dns_rdatalist_tordataset(&sigrdatalist, &newsigrdataset);
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellington check_result (result, "dns_rdatalist_tordataset()");
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley dns_db_addrdataset(db, node, version, 0, &newsigrdataset, 0, NULL);