dnssec-signkey.c revision af5073d03288a53b646ec3b807ac25ced64d7879
/*
* Portions Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC")
* Portions Copyright (C) 2000-2003 Internet Software Consortium.
* Portions Copyright (C) 1995-2000 by Network Associates, Inc.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
* FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
* IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-signkey.c,v 1.62 2004/03/05 05:48:19 marka Exp $ */
#include <config.h>
#include <stdlib.h>
#include <isc/commandline.h>
#include <dns/dbiterator.h>
#include <dns/fixedname.h>
#include <dns/rdataclass.h>
#include <dns/rdataset.h>
#include <dns/rdatasetiter.h>
#include <dns/rdatastruct.h>
#include "dnssectool.h"
const char *program = "dnssec-signkey";
int verbose;
struct keynode {
};
static void
usage(void) {
"(from keyset)\n");
exit(0);
}
static void
if (result != ISC_R_SUCCESS)
continue;
if (!dst_key_iszonekey(key)) {
dst_key_free(&key);
continue;
}
fatal("out of memory");
}
if (result != ISC_R_NOMORE)
fatal("failure traversing key list");
}
static dst_key_t *
{
}
}
fatal("signature generated by non-zone or missing key");
return (NULL);
}
int
int i, ch;
char tdomain[1025];
char *endp;
unsigned char data[65536];
isc_buffer_t b;
unsigned int eflags;
{
switch (ch) {
case 'a':
break;
case 'c':
break;
case 's':
break;
case 'e':
break;
case 'p':
break;
case 'r':
break;
case 'v':
if (*endp != '\0')
fatal("verbose level must be numeric");
break;
case 'h':
default:
usage();
}
}
if (argc < 2)
usage();
if (!pseudorandom)
if (result != ISC_R_SUCCESS)
fatal("could not initialize dst: %s",
fatal("if -s or -e is specified, both must be");
}
while (result == ISC_R_SUCCESS) {
if (result == ISC_R_SUCCESS)
break;
}
if (result != ISC_R_SUCCESS)
fatal("failed to find data in keyset file");
isc_buffer_putuint8(&b, 0);
fatal("out of memory");
0, &rdataset, &sigrdataset);
if (result != ISC_R_SUCCESS) {
char domainstr[DNS_NAME_FORMATSIZE];
fatal("failed to find rdataset '%s KEY': %s",
}
if (!dns_rdataset_isassociated(&sigrdataset))
fatal("no SIG KEY set present");
do {
if (result != ISC_R_SUCCESS) {
char keystr[KEY_FORMATSIZE];
fatal("signature by key '%s' did not verify: %s",
}
if (!settime) {
}
} while (result == ISC_R_SUCCESS);
fatal("not all zone keys self signed the key set");
argc -= 1;
argv += 1;
for (i = 0; i < argc; i++) {
if (result != ISC_R_SUCCESS)
fatal("failed to read key %s from disk: %s",
if (result != ISC_R_SUCCESS) {
char keystr[KEY_FORMATSIZE];
fatal("key '%s' failed to sign data: %s",
}
if (tryverify) {
if (result != ISC_R_SUCCESS) {
char keystr[KEY_FORMATSIZE];
fatal("signature from key '%s' failed to "
"verify: %s",
}
}
dst_key_free(&key);
}
if (result != ISC_R_SUCCESS)
fatal("failed to write database to '%s': %s",
dns_db_detach(&db);
while (!ISC_LIST_EMPTY(keylist)) {
}
if (verbose > 10)
return (0);
}