2 * Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
4 * Permission to use, copy, modify, and/or distribute this software for any
5 * purpose with or without fee is hereby granted, provided that the above
6 * copyright notice and this permission notice appear in all copies.
8 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 * PERFORMANCE OF THIS SOFTWARE.
17 /* $Id: dnssec-dsfromkey.c,v 1.2.14.6 2010/01/11 23:47:22 tbox Exp $ */
25 #include <isc/buffer.h>
26 #include <isc/commandline.h>
27 #include <isc/entropy.h>
30 #include <isc/print.h>
31 #include <isc/string.h>
35 #include <dns/dbiterator.h>
37 #include <dns/fixedname.h>
40 #include <dns/rdata.h>
41 #include <dns/rdataclass.h>
42 #include <dns/rdataset.h>
43 #include <dns/rdatasetiter.h>
44 #include <dns/rdatatype.h>
45 #include <dns/result.h>
49 #include "dnssectool.h"
51 const char *program = "dnssec-dsfromkey";
54 static dns_rdataclass_t rdclass;
55 static dns_fixedname_t fixed;
56 static dns_name_t *name = NULL;
57 static dns_db_t *db = NULL;
58 static dns_dbnode_t *node = NULL;
59 static dns_rdataset_t keyset;
60 static isc_mem_t *mctx = NULL;
63 loadkeys(char *dirname, char *setname)
69 dns_rdataset_init(&keyset);
70 dns_fixedname_init(&fixed);
71 name = dns_fixedname_name(&fixed);
73 isc_buffer_init(&buf, setname, strlen(setname));
74 isc_buffer_add(&buf, strlen(setname));
75 result = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);
76 if (result != ISC_R_SUCCESS)
77 fatal("can't convert DNS name %s", setname);
79 isc_buffer_init(&buf, filename, sizeof(filename));
80 if (dirname != NULL) {
81 if (isc_buffer_availablelength(&buf) < strlen(dirname))
82 fatal("directory name '%s' too long", dirname);
83 isc_buffer_putstr(&buf, dirname);
84 if (dirname[strlen(dirname) - 1] != '/') {
85 if (isc_buffer_availablelength(&buf) < 1)
86 fatal("directory name '%s' too long", dirname);
87 isc_buffer_putstr(&buf, "/");
91 if (isc_buffer_availablelength(&buf) < strlen("keyset-"))
92 fatal("directory name '%s' too long", dirname);
93 isc_buffer_putstr(&buf, "keyset-");
94 result = dns_name_tofilenametext(name, ISC_FALSE, &buf);
95 check_result(result, "dns_name_tofilenametext()");
96 if (isc_buffer_availablelength(&buf) == 0)
97 fatal("name %s too long", setname);
98 isc_buffer_putuint8(&buf, 0);
100 result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
101 rdclass, 0, NULL, &db);
102 if (result != ISC_R_SUCCESS)
103 fatal("can't create database");
105 result = dns_db_load(db, filename);
106 if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
107 fatal("can't load %s: %s", filename, isc_result_totext(result));
109 result = dns_db_findnode(db, name, ISC_FALSE, &node);
110 if (result != ISC_R_SUCCESS)
111 fatal("can't find %s node in %s", setname, filename);
113 result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey,
114 0, 0, &keyset, NULL);
115 if (result == ISC_R_NOTFOUND)
116 fatal("no DNSKEY RR for %s in %s", setname, filename);
117 else if (result != ISC_R_SUCCESS)
118 fatal("dns_db_findrdataset");
122 loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
126 dst_key_t *key = NULL;
130 dns_rdataset_init(&keyset);
131 dns_rdata_init(rdata);
133 isc_buffer_init(&keyb, key_buf, key_buf_size);
135 result = dst_key_fromnamedfile(filename, DST_TYPE_PUBLIC, mctx, &key);
136 if (result != ISC_R_SUCCESS)
137 fatal("invalid keyfile name %s: %s",
138 filename, isc_result_totext(result));
141 char keystr[KEY_FORMATSIZE];
143 key_format(key, keystr, sizeof(keystr));
144 fprintf(stderr, "%s: %s\n", program, keystr);
147 result = dst_key_todns(key, &keyb);
148 if (result != ISC_R_SUCCESS)
149 fatal("can't decode key");
151 isc_buffer_usedregion(&keyb, &r);
152 dns_rdata_fromregion(rdata, dst_key_class(key),
153 dns_rdatatype_dnskey, &r);
155 rdclass = dst_key_class(key);
157 dns_fixedname_init(&fixed);
158 name = dns_fixedname_name(&fixed);
159 result = dns_name_copy(dst_key_name(key), name, NULL);
160 if (result != ISC_R_SUCCESS)
161 fatal("can't copy name");
167 logkey(dns_rdata_t *rdata)
170 dst_key_t *key = NULL;
172 char keystr[KEY_FORMATSIZE];
174 isc_buffer_init(&buf, rdata->data, rdata->length);
175 isc_buffer_add(&buf, rdata->length);
176 result = dst_key_fromdns(name, rdclass, &buf, mctx, &key);
177 if (result != ISC_R_SUCCESS)
180 key_format(key, keystr, sizeof(keystr));
181 fprintf(stderr, "%s: %s\n", program, keystr);
187 emitds(unsigned int dtype, dns_rdata_t *rdata)
190 unsigned char buf[DNS_DS_BUFFERSIZE];
191 char text_buf[DST_KEY_MAXTEXTSIZE];
193 isc_buffer_t textb, classb;
197 isc_buffer_init(&textb, text_buf, sizeof(text_buf));
198 isc_buffer_init(&classb, class_buf, sizeof(class_buf));
202 result = dns_ds_buildrdata(name, rdata, dtype, buf, &ds);
203 if (result != ISC_R_SUCCESS)
204 fatal("can't build DS");
206 result = dns_rdata_totext(&ds, (dns_name_t *) NULL, &textb);
207 if (result != ISC_R_SUCCESS)
208 fatal("can't print DS rdata");
210 result = dns_rdataclass_totext(rdclass, &classb);
211 if (result != ISC_R_SUCCESS)
212 fatal("can't print DS class");
214 result = dns_name_print(name, stdout);
215 if (result != ISC_R_SUCCESS)
216 fatal("can't print DS name");
220 isc_buffer_usedregion(&classb, &r);
221 isc_util_fwrite(r.base, 1, r.length, stdout);
225 isc_buffer_usedregion(&textb, &r);
226 isc_util_fwrite(r.base, 1, r.length, stdout);
232 fprintf(stderr, "Usage:\n");
233 fprintf(stderr, " %s options keyfile\n\n", program);
234 fprintf(stderr, " %s options [-c class] [-d dir] -s dnsname\n\n",
236 fprintf(stderr, "Version: %s\n", VERSION);
237 fprintf(stderr, "Options:\n");
238 fprintf(stderr, " -v <verbose level>\n");
239 fprintf(stderr, " -1: use SHA-1\n");
240 fprintf(stderr, " -2: use SHA-256\n");
241 fprintf(stderr, " -a algorithm: use algorithm\n");
242 fprintf(stderr, "Keyset options:\n");
243 fprintf(stderr, " -s: keyset mode\n");
244 fprintf(stderr, " -c class\n");
245 fprintf(stderr, " -d directory\n");
246 fprintf(stderr, "Output: DS RRs\n");
252 main(int argc, char **argv) {
253 char *algname = NULL, *classname = NULL, *dirname = NULL;
256 unsigned int dtype = DNS_DSDIGEST_SHA1;
257 isc_boolean_t both = ISC_TRUE;
258 isc_boolean_t usekeyset = ISC_FALSE;
260 isc_log_t *log = NULL;
261 isc_entropy_t *ectx = NULL;
264 dns_rdata_init(&rdata);
269 result = isc_mem_create(0, 0, &mctx);
270 if (result != ISC_R_SUCCESS)
271 fatal("out of memory");
273 dns_result_register();
275 isc_commandline_errprint = ISC_FALSE;
277 while ((ch = isc_commandline_parse(argc, argv,
278 "12a:c:d:sv:h")) != -1) {
281 dtype = DNS_DSDIGEST_SHA1;
285 dtype = DNS_DSDIGEST_SHA256;
289 algname = isc_commandline_argument;
293 classname = isc_commandline_argument;
296 dirname = isc_commandline_argument;
299 usekeyset = ISC_TRUE;
302 verbose = strtol(isc_commandline_argument, &endp, 0);
304 fatal("-v must be followed by a number");
307 if (isc_commandline_option != '?')
308 fprintf(stderr, "%s: invalid argument -%c\n",
309 program, isc_commandline_option);
315 fprintf(stderr, "%s: unhandled option -%c\n",
316 program, isc_commandline_option);
321 if (algname != NULL) {
322 if (strcasecmp(algname, "SHA1") == 0 ||
323 strcasecmp(algname, "SHA-1") == 0)
324 dtype = DNS_DSDIGEST_SHA1;
325 else if (strcasecmp(algname, "SHA256") == 0 ||
326 strcasecmp(algname, "SHA-256") == 0)
327 dtype = DNS_DSDIGEST_SHA256;
329 fatal("unknown algorithm %s", algname);
332 rdclass = strtoclass(classname);
334 if (argc < isc_commandline_index + 1)
335 fatal("the key file name was not specified");
336 if (argc > isc_commandline_index + 1)
337 fatal("extraneous arguments");
340 setup_entropy(mctx, NULL, &ectx);
341 result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
342 if (result != ISC_R_SUCCESS)
343 fatal("could not initialize hash");
344 result = dst_lib_init(mctx, ectx,
345 ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
346 if (result != ISC_R_SUCCESS)
347 fatal("could not initialize dst");
348 isc_entropy_stopcallbacksources(ectx);
350 setup_logging(verbose, mctx, &log);
353 loadkeys(dirname, argv[isc_commandline_index]);
355 for (result = dns_rdataset_first(&keyset);
356 result == ISC_R_SUCCESS;
357 result = dns_rdataset_next(&keyset)) {
358 dns_rdata_init(&rdata);
359 dns_rdataset_current(&keyset, &rdata);
365 emitds(DNS_DSDIGEST_SHA1, &rdata);
366 emitds(DNS_DSDIGEST_SHA256, &rdata);
368 emitds(dtype, &rdata);
371 unsigned char key_buf[DST_KEY_MAXSIZE];
373 loadkey(argv[isc_commandline_index], key_buf,
374 DST_KEY_MAXSIZE, &rdata);
377 emitds(DNS_DSDIGEST_SHA1, &rdata);
378 emitds(DNS_DSDIGEST_SHA256, &rdata);
380 emitds(dtype, &rdata);
383 if (dns_rdataset_isassociated(&keyset))
384 dns_rdataset_disassociate(&keyset);
386 dns_db_detachnode(db, &node);
389 cleanup_logging(&log);
392 cleanup_entropy(&ectx);
395 isc_mem_stats(mctx, stdout);
396 isc_mem_destroy(&mctx);
399 if (ferror(stdout)) {
400 fprintf(stderr, "write error\n");