keygen.c revision 1a69a1a78cfaa86f3b68bbc965232b7876d4da2a
/*
* Portions Copyright (c) 1995-1999 by TISLabs at Network Associates, Inc.
*
* Permission to use, copy modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND NETWORK ASSOCIATES
* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
* TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
* WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
*/
/* $Id: keygen.c,v 1.15 2000/05/08 14:33:32 tale Exp $ */
#include <config.h>
#include <stdlib.h>
#include <isc/commandline.h>
#include <dns/keyvalues.h>
static int verbose;
int
isc_uint16_t flags = 0;
else
die("strdup failure");
if (argc == 1)
"a:b:eg:n:t:p:s:hv:")) != -1)
{
switch (ch) {
case 'a':
die("strdup failure");
break;
case 'b':
die("-b requires a non-negative number");
break;
case 'e':
rsa_exp = 1;
break;
case 'g':
die("-g requires a positive number");
break;
case 'n':
die("strdup failure");
break;
case 't':
die("strdup failure");
break;
case 'p':
die("-p must be followed by "
"a number [0..255]");
break;
case 's':
&endp, 10);
die("-s must be followed by a number [0..15]");
break;
case 'v':
if (*endp != '\0')
die("-v must be followed by a number");
break;
case 'h':
default:
}
}
die("Must specify a domain name");
die("Extraneous arguments");
die("No algorithm specified");
else {
if (ret != ISC_R_SUCCESS)
die("Unknown algorithm");
}
die("Unsupported algorithm");
if (size < 0)
die("Must specify key size (-b option)");
/* nothing */;
else
die("Invalid type");
}
switch (alg) {
case DNS_KEYALG_RSA:
die("RSA key size out of range");
break;
case DNS_KEYALG_DH:
die("DH key size out of range");
break;
case DNS_KEYALG_DSA:
if (!dsa_size_ok(size))
die("Invalid DSS key size");
break;
case DST_ALG_HMACMD5:
die("Invalid HMAC-MD5 key size");
break;
}
die("Cannot specify RSA exponent without RSA");
die("Cannot specify DH generator without DH");
die("No nametype specified");
else
die("Invalid nametype");
if (protocol == -1) {
else
}
if (size > 0)
die("Specified null key with non-zero size");
if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
die("Specified null key with signing authority");
}
die("strdup failure");
printf("** Added a trailing dot to fully qualify the name\n");
}
switch(alg) {
case DNS_KEYALG_RSA:
break;
case DNS_KEYALG_DH:
break;
case DNS_KEYALG_DSA:
case DST_ALG_HMACMD5:
param = 0;
break;
}
&key);
if (ret != ISC_R_SUCCESS) {
exit(-1);
}
if (ret != ISC_R_SUCCESS) {
exit(-1);
}
exit(0);
}
static isc_boolean_t
dsa_size_ok(int size) {
}
static void
exit(-1);
}
static void
printf("Usage:\n");
printf("Required options:\n");
printf(" -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5\n");
printf(" -b key size, in bits:\n");
printf(" RSA:\t\t[512..1024]\n");
printf(" DH:\t\t[128..4096]\n");
printf(" DSA:\t\t[512..1024] and a multiple of 64\n");
printf(" HMAC-MD5:\t[1..512]\n");
printf(" -n nametype: ZONE | HOST | ENTITY | USER\n");
printf(" name: owner of the key\n");
printf("Other options:\n");
printf(" -e use large exponent (RSA only)\n");
printf(" -g use specified generator (DH only)\n");
printf(" -t type: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF\n");
printf(" default: AUTHCONF\n");
printf(" -p protocol value\n");
printf(" default: 2 (email) for User keys, "
"3 (dnssec) for all others\n");
printf(" -s strength value this key signs DNS records with\n");
printf(" default: 0\n");
printf(" -v verbose level\n");
exit (-1);
}