ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

moving DNSSEC tools from bin/tests

Browse Source
This commit is contained in:
Andreas Gustafsson
2000-05-18 21:15:40 +00:00
parent 232fd751ed
commit 5b5039637d
6 changed files with 1 additions and 2846 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
bin/tests/.cvsignore
View File

@@ -13,9 +13,6 @@ gxba_test
gxbn_test
headerdep_test.sh
inter_test
keygen
keysettool
keysigner
lex_test
lfsr_test
log_test
@@ -37,7 +34,6 @@ rwlock_test
sdig
serial_test
shutdown_test
signer
sock_test
sym_test
t_journal

22
bin/tests/Makefile.in
View File

@@ -40,7 +40,7 @@ LIBS = @LIBS@
SUBDIRS = db dst master mem names rbt sockaddr tasks timers
# Alphabetically
TARGETS = keygen keysettool keysigner signer
TARGETS =
XTARGETS = adb_test \
byaddr_test \
@@ -90,9 +90,6 @@ SRCS = adb_test.c \
gxba_test.c \
gxbn_test.c \
inter_test.c \
keygen.c \
keysettool.c \
keysigner.c \
lex_test.c \
lfsr_test.c \
log_test.c \
@@ -113,7 +110,6 @@ SRCS = adb_test.c \
sdig.c \
serial_test.c \
shutdown_test.c \
signer.c \
sock_test.c \
sym_test.c \
task_test.c \
@@ -139,22 +135,6 @@ nxtify: nxtify.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
${LIBTOOL} ${CC} ${CFLAGS} -o $@ nxtify.@O@ \
${DNSLIBS} ${ISCLIBS} ${LIBS}
signer: signer.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
${LIBTOOL} ${CC} ${CFLAGS} -o $@ signer.@O@ \
${DNSLIBS} ${ISCLIBS} ${LIBS}
keygen: keygen.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
${LIBTOOL} ${CC} ${CFLAGS} -o $@ keygen.@O@ \
${DNSLIBS} ${ISCLIBS} ${LIBS}
keysettool: keysettool.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
${LIBTOOL} ${CC} ${CFLAGS} -o $@ keysettool.@O@ \
${DNSLIBS} ${ISCLIBS} ${LIBS}
keysigner: keysigner.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
${LIBTOOL} ${CC} ${CFLAGS} -o $@ keysigner.@O@ \
${DNSLIBS} ${ISCLIBS} ${LIBS}
byaddr_test: byaddr_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
${LIBTOOL} ${CC} ${CFLAGS} -o $@ byaddr_test.@O@ \
${DNSLIBS} ${ISCLIBS} ${LIBS}

383
bin/tests/keygen.c
View File

@@ -1,383 +0,0 @@
/*
* Portions Copyright (c) 1995-2000 by Network Associates, Inc.
*
* Permission to use, copy modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND NETWORK ASSOCIATES
* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
* TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
* WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
*/
/* $Id: keygen.c,v 1.20 2000/05/17 22:47:56 bwelling Exp $ */
#include <config.h>
#include <stdlib.h>
#include <isc/buffer.h>
#include <isc/commandline.h>
#include <isc/mem.h>
#include <isc/region.h>
#include <isc/string.h>
#include <isc/util.h>
#include <dns/keyvalues.h>
#include <dns/secalg.h>
#include <dst/dst.h>
#include <dst/result.h>
#define PROGRAM "keygen"
#define MAX_RSA 2048 /* XXX ogud update this when rsa library is updated */
static int verbose;
static inline void
fatal(char *format, ...) {
va_list args;
fprintf(stderr, "%s: ", PROGRAM);
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
fprintf(stderr, "\n");
exit(1);
}
static inline void
check_result(isc_result_t result, char *message) {
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "%s: %s: %s\n", PROGRAM, message,
isc_result_totext(result));
exit(1);
}
}
/* Not thread-safe! */
static char *
algtostr(const dns_secalg_t alg) {
isc_buffer_t b;
isc_region_t r;
isc_result_t result;
static char data[10];
isc_buffer_init(&b, data, sizeof(data));
result = dns_secalg_totext(alg, &b);
check_result(result, "dns_secalg_totext()");
isc_buffer_usedregion(&b, &r);
r.base[r.length] = 0;
return (char *) r.base;
}
static isc_boolean_t
dsa_size_ok(int size) {
return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0));
}
static void
usage(char *prog) {
printf("Usage:\n");
printf(" %s [options] name\n\n", prog);
printf("Required options:\n");
printf(" -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5\n");
printf(" -b key size, in bits:\n");
printf(" RSA:\t\t[512..%d]\n", MAX_RSA);
printf(" DH:\t\t[128..4096]\n");
printf(" DSA:\t\t[512..1024] and dividable by 64\n");
printf(" HMAC-MD5:\t[1..512]\n");
printf(" -n nametype: ZONE | HOST | ENTITY | USER\n");
printf(" name: owner of the key\n");
printf("Other options:\n");
printf(" -e use large exponent (RSA only)\n");
printf(" -g use specified generator (DH only)\n");
printf(" -t type: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF\n");
printf(" default: AUTHCONF\n");
printf(" -p protocol value\n");
printf(" default: 2 (email) for User keys, "
"3 (dnssec) for all others\n");
printf(" -s strength value this key signs DNS records with\n");
printf(" default: 0\n");
printf(" -v verbose level\n");
exit (-1);
}
int
main(int argc, char **argv) {
char *algname = NULL, *nametype = NULL, *type = NULL;
char *prog, *endp;
dst_key_t *key, *oldkey;
char *name = NULL;
isc_uint16_t flags = 0;
dns_secalg_t alg;
isc_boolean_t conflict = ISC_FALSE, null_key = ISC_FALSE;
isc_mem_t *mctx = NULL;
int ch, rsa_exp = 0, generator = 0, param = 0;
int protocol = -1, size = -1, signatory = 0;
isc_result_t ret;
isc_textregion_t r;
char filename[255];
isc_buffer_t buf;
RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
if ((prog = strrchr(argv[0],'/')) == NULL)
prog = isc_mem_strdup(mctx, argv[0]);
else
prog = isc_mem_strdup(mctx, ++prog);
if (prog == NULL)
fatal("out of memory");
if (argc == 1)
usage(prog);
while ((ch = isc_commandline_parse(argc, argv,
"a:b:eg:n:t:p:s:hv:")) != -1)
{
switch (ch) {
case 'a':
algname = isc_mem_strdup(mctx,
isc_commandline_argument);
if (algname == NULL)
fatal("out of memory");
break;
case 'b':
size = strtol(isc_commandline_argument, &endp, 10);
if (*endp != '\0' || size < 0)
fatal("-b requires a non-negative number");
break;
case 'e':
rsa_exp = 1;
break;
case 'g':
generator = strtol(isc_commandline_argument, &endp, 10);
if (*endp != '\0' || generator <= 0)
fatal("-g requires a positive number");
break;
case 'n':
nametype = isc_mem_strdup(mctx,
isc_commandline_argument);
if (nametype == NULL)
fatal("out of memory");
break;
case 't':
type = isc_mem_strdup(mctx, isc_commandline_argument);
if (type == NULL)
fatal("out of memory");
break;
case 'p':
protocol = strtol(isc_commandline_argument, &endp, 10);
if (*endp != '\0' || protocol < 0 || protocol > 255)
fatal("-p must be followed by a number "
"[0..255]");
break;
case 's':
signatory = strtol(isc_commandline_argument,
&endp, 10);
if (*endp != '\0' || signatory < 0 || signatory > 15)
fatal("-s must be followed by a number "
"[0..15]");
break;
case 'v':
endp = NULL;
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
fatal("-v must be followed by a number");
break;
case 'h':
usage(prog);
default:
fprintf(stderr, "keygen: invalid argument -%c\n", ch);
usage(prog);
}
}
if (argc < isc_commandline_index + 1)
fatal("the key name was not specified");
if (argc > isc_commandline_index + 1)
fatal("extraneous arguments");
if (algname == NULL)
fatal("no algorithm was specified");
if (strcasecmp(algname, "RSA") == 0)
alg = DNS_KEYALG_RSA;
else if (strcasecmp(algname, "HMAC-MD5") == 0)
alg = DST_ALG_HMACMD5;
else {
r.base = algname;
r.length = strlen(algname);
ret = dns_secalg_fromtext(&alg, &r);
if (ret != ISC_R_SUCCESS)
fatal("unknown algorithm %s", algname);
}
if (dst_algorithm_supported(alg) == ISC_FALSE)
fatal("unsupported algorithm %s", algname);
if (type != NULL) {
if (strcasecmp(type, "NOAUTH") == 0)
flags |= DNS_KEYTYPE_NOAUTH;
else if (strcasecmp(type, "NOCONF") == 0)
flags |= DNS_KEYTYPE_NOCONF;
else if (strcasecmp(type, "NOAUTHCONF") == 0) {
flags |= (DNS_KEYTYPE_NOAUTH | DNS_KEYTYPE_NOCONF);
if (size < 0)
size = 0;
}
else if (strcasecmp(type, "AUTHCONF") == 0)
/* nothing */;
else
fatal("invalid type %s", type);
}
if (size < 0)
fatal("key size not specified (-b option)");
switch (alg) {
case DNS_KEYALG_RSA:
if (size != 0 && (size < 512 || size > MAX_RSA))
fatal("RSA key size %d out of range", size);
break;
case DNS_KEYALG_DH:
if (size != 0 && (size < 128 || size > 4096))
fatal("DH key size %d out of range", size);
break;
case DNS_KEYALG_DSA:
if (size != 0 && !dsa_size_ok(size))
fatal("Invalid DSS key size: %d", size);
break;
case DST_ALG_HMACMD5:
if (size < 1 || size > 512)
fatal("HMAC-MD5 key size %d out of range", size);
break;
}
if (alg != DNS_KEYALG_RSA && rsa_exp != 0)
fatal("specified RSA exponent without RSA");
if (alg != DNS_KEYALG_DH && generator != 0)
fatal("specified DH generator without DH");
if (nametype == NULL)
fatal("no nametype specified");
if (strcasecmp(nametype, "zone") == 0)
flags |= DNS_KEYOWNER_ZONE;
else if (strcasecmp(nametype, "host") == 0 ||
strcasecmp(nametype, "entity") == 0)
flags |= DNS_KEYOWNER_ENTITY;
else if (strcasecmp(nametype, "user") == 0)
flags |= DNS_KEYOWNER_USER;
else
fatal("invalid nametype %s", nametype);
flags |= signatory;
if (protocol == -1) {
if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_USER)
protocol = DNS_KEYPROTO_EMAIL;
else
protocol = DNS_KEYPROTO_DNSSEC;
}
if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
if (size > 0)
fatal("Specified null key with non-zero size");
if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
fatal("Specified null key with signing authority");
}
name = isc_mem_allocate(mctx, strlen(argv[isc_commandline_index]) + 2);
if (name == NULL)
fatal("out of memory");
strcpy(name, argv[isc_commandline_index]);
if (name[strlen(name) - 1] != '.') {
strcat(name, ".");
fprintf(stderr,
"keygen: added a trailing dot to fully qualify "
"the name\n");
}
switch(alg) {
case DNS_KEYALG_RSA:
param = rsa_exp;
break;
case DNS_KEYALG_DH:
param = generator;
break;
case DNS_KEYALG_DSA:
case DST_ALG_HMACMD5:
param = 0;
break;
}
if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
null_key = ISC_TRUE;
isc_buffer_init(&buf, filename, sizeof(filename) - 1);
dst_result_register();
do {
conflict = ISC_FALSE;
oldkey = NULL;
/* generate the key */
ret = dst_key_generate(name, alg, size, param, flags, protocol,
mctx, &key);
if (ret != ISC_R_SUCCESS) {
fatal("failed to generate key %s/%d: %s\n", name, alg,
dst_result_totext(ret));
exit(-1);
}
/*
* Try to read a key with the same name, alg and id from disk.
* If there is one we must continue generating a new one
* unless we were asked to generate a null key, in which
* case we return failure.
*/
ret = dst_key_fromfile(name, dst_key_id(key), alg,
DST_TYPE_PRIVATE, mctx, &oldkey);
/* do not overwrite an existing key */
if (ret == ISC_R_SUCCESS) {
dst_key_free(oldkey);
conflict = ISC_TRUE;
if (null_key)
break;
}
if (conflict == ISC_TRUE)
dst_key_free(key);
} while (conflict == ISC_TRUE);
if (conflict)
fatal("cannot generate a null key when a key with id 0 "
"already exists");
ret = dst_key_tofile(key, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE);
if (ret != ISC_R_SUCCESS)
fatal("failed to write key %s/%s/%d: %s\n", name,
dst_key_id(key), algtostr(alg), isc_result_totext(ret));
isc_buffer_clear(&buf);
ret = dst_key_buildfilename(key, 0, &buf);
filename[isc_buffer_usedlength(&buf)] = 0;
printf("%s\n", filename);
isc_mem_free(mctx, name);
isc_mem_free(mctx, algname);
isc_mem_free(mctx, nametype);
isc_mem_free(mctx, prog);
if (type != NULL)
isc_mem_free(mctx, type);
dst_key_free(key);
isc_mem_destroy(&mctx);
return (0);
}

453
bin/tests/keysettool.c
View File

@@ -1,453 +0,0 @@
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#include <config.h>
#include <stdlib.h>
#include <isc/commandline.h>
#include <isc/mem.h>
#include <isc/string.h>
#include <isc/util.h>
#include <dns/db.h>
#include <dns/dnssec.h>
#include <dns/fixedname.h>
#include <dns/log.h>
#include <dns/rdata.h>
#include <dns/rdatalist.h>
#include <dns/rdataset.h>
#include <dns/result.h>
#include <dns/secalg.h>
#include <dns/time.h>
#define PROGRAM "keysettool"
#define BUFSIZE 2048
typedef struct keynode keynode_t;
struct keynode {
dst_key_t *key;
ISC_LINK(keynode_t) link;
};
typedef ISC_LIST(keynode_t) keylist_t;
static isc_stdtime_t starttime = 0, endtime = 0, now;
static int ttl = -1;
static int verbose;
static isc_mem_t *mctx = NULL;
static keylist_t keylist;
static inline void
fatal(char *format, ...) {
va_list args;
fprintf(stderr, "%s: ", PROGRAM);
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
fprintf(stderr, "\n");
exit(1);
}
static inline void
check_result(isc_result_t result, char *message) {
if (result != ISC_R_SUCCESS) {
fatal("%s: %s\n", message, isc_result_totext(result));
exit(1);
}
}
/* Not thread-safe! */
static char *
nametostr(dns_name_t *name) {
isc_buffer_t b;
isc_region_t r;
isc_result_t result;
static char data[1025];
isc_buffer_init(&b, data, sizeof(data));
result = dns_name_totext(name, ISC_FALSE, &b);
check_result(result, "dns_name_totext()");
isc_buffer_usedregion(&b, &r);
r.base[r.length] = 0;
return (char *) r.base;
}
/* Not thread-safe! */
static char *
algtostr(const dns_secalg_t alg) {
isc_buffer_t b;
isc_region_t r;
isc_result_t result;
static char data[10];
isc_buffer_init(&b, data, sizeof(data));
result = dns_secalg_totext(alg, &b);
check_result(result, "dns_secalg_totext()");
isc_buffer_usedregion(&b, &r);
r.base[r.length] = 0;
return (char *) r.base;
}
static isc_stdtime_t
strtotime(char *str, isc_int64_t now, isc_int64_t base) {
isc_int64_t val, offset;
isc_result_t result;
char *endp = "";
if (str[0] == '+') {
offset = strtol(str + 1, &endp, 0);
val = base + offset;
}
else if (strncmp(str, "now+", 4) == 0) {
offset = strtol(str + 4, &endp, 0);
val = now + offset;
}
else {
result = dns_time64_fromtext(str, &val);
if (result != ISC_R_SUCCESS)
fatal("time %s must be numeric", str);
}
if (*endp != '\0')
fatal("time value %s is invalid", str);
return ((isc_stdtime_t) val);
}
static void
usage() {
fprintf(stderr, "Usage:\n");
fprintf(stderr, "\tkeysettool [options] keys\n");
fprintf(stderr, "\n");
fprintf(stderr, "Options: (default value in parenthesis) \n");
fprintf(stderr, "\t-s YYYYMMDDHHMMSS|+offset:\n");
fprintf(stderr, "\t\tSIG start time - absolute|offset (now)\n");
fprintf(stderr, "\t-e YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
fprintf(stderr, "\t\tSIG end time - "
"absolute|from start|from now (now + 30 days)\n");
fprintf(stderr, "\t-t ttl\n");
fprintf(stderr, "\t-v level:\n");
fprintf(stderr, "\t\tverbose level (0)\n");
fprintf(stderr, "\n");
fprintf(stderr, "keys:\n");
fprintf(stderr, "\tkeyfile (Kname+alg+id)\n");
exit(0);
}
int
main(int argc, char *argv[]) {
int i, ch;
char *startstr = NULL, *endstr = NULL;
dns_fixedname_t fdomain;
dns_name_t *domain = NULL;
char *output = NULL;
char *endp;
unsigned char *data;
dns_db_t *db;
dns_dbnode_t *node;
dns_dbversion_t *version;
dst_key_t *key = NULL;
dns_rdata_t *rdata;
dns_rdatalist_t rdatalist, sigrdatalist;
dns_rdataset_t rdataset, sigrdataset;
isc_result_t result;
isc_buffer_t b;
isc_region_t r;
isc_log_t *log = NULL;
isc_logconfig_t *logconfig;
keynode_t *keynode;
char *savedname = NULL;
dns_result_register();
result = isc_mem_create(0, 0, &mctx);
if (result != ISC_R_SUCCESS)
fatal("failed to create memory context: %s",
isc_result_totext(result));
while ((ch = isc_commandline_parse(argc, argv, "s:e:t:v:")) != -1)
{
switch (ch) {
case 's':
startstr = isc_mem_strdup(mctx,
isc_commandline_argument);
if (startstr == NULL)
fatal("out of memory");
break;
case 'e':
endstr = isc_mem_strdup(mctx,
isc_commandline_argument);
if (endstr == NULL)
fatal("out of memory");
break;
case 't':
endp = NULL;
ttl = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
fatal("TTL must be numeric");
break;
case 'v':
endp = NULL;
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
fatal("verbose level must be numeric");
break;
default:
usage();
}
}
argc -= isc_commandline_index;
argv += isc_commandline_index;
if (argc < 1)
usage();
isc_stdtime_get(&now);
if (startstr != NULL) {
starttime = strtotime(startstr, now, now);
isc_mem_free(mctx, startstr);
}
else
starttime = now;
if (endstr != NULL) {
endtime = strtotime(endstr, now, starttime);
isc_mem_free(mctx, endstr);
}
else
endtime = starttime + (30 * 24 * 60 * 60);
if (ttl == -1) {
ttl = 3600;
fprintf(stderr, "%s: TTL not specified, assuming 3600\n",
PROGRAM);
}
if (verbose > 0) {
RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig)
== ISC_R_SUCCESS);
isc_log_setcontext(log);
dns_log_init(log);
dns_log_setcontext(log);
RUNTIME_CHECK(isc_log_usechannel(logconfig, "default_stderr",
NULL, NULL) == ISC_R_SUCCESS);
}
dns_rdatalist_init(&rdatalist);
rdatalist.rdclass = dns_rdataclass_in;
rdatalist.type = dns_rdatatype_key;
rdatalist.covers = 0;
rdatalist.ttl = ttl;
ISC_LIST_INIT(keylist);
for (i = 0; i < argc; i++) {
isc_uint16_t id;
int alg;
char *namestr = NULL;
isc_buffer_init(&b, argv[i], strlen(argv[i]));
isc_buffer_add(&b, strlen(argv[i]));
result = dst_key_parsefilename(&b, mctx, &namestr, &id, &alg,
NULL);
if (result != ISC_R_SUCCESS)
fatal("%s is not a valid key filename", argv[i]);
if (savedname == NULL) {
savedname = isc_mem_strdup(mctx, namestr);
if (savedname == NULL)
fatal("out of memory");
}
else {
if (strcmp(savedname, namestr) != 0)
fatal("all keys must have the same owner - %s "
"and %s do not match",
savedname, namestr);
}
if (output == NULL) {
output = isc_mem_allocate(mctx,
strlen(namestr) +
strlen("keyset") + 1);
if (output == NULL)
fatal("out of memory");
strcpy(output, namestr);
strcat(output, "keyset");
}
if (domain == NULL) {
dns_fixedname_init(&fdomain);
domain = dns_fixedname_name(&fdomain);
isc_buffer_init(&b, namestr, strlen(namestr));
isc_buffer_add(&b, strlen(namestr));
result = dns_name_fromtext(domain, &b, dns_rootname,
ISC_FALSE, NULL);
if (result != ISC_R_SUCCESS)
fatal("%s is not a valid name: %s",
namestr, isc_result_totext(result));
}
key = NULL;
result = dst_key_fromfile(namestr, id, alg, DST_TYPE_PUBLIC,
mctx, &key);
check_result(result, "dst_key_fromfile");
if (dst_key_iszonekey(key)) {
dst_key_t *zonekey = NULL;
result = dst_key_fromfile(namestr, id, alg,
DST_TYPE_PRIVATE, mctx,
&zonekey);
if (result != ISC_R_SUCCESS)
fatal("failed to read key %s/%s/%d: %s",
namestr, id, algtostr(alg),
isc_result_totext(result));
keynode = isc_mem_get(mctx, sizeof (keynode_t));
if (keynode == NULL)
fatal("out of memory");
keynode->key = zonekey;
ISC_LINK_INIT(keynode, link);
ISC_LIST_APPEND(keylist, keynode, link);
}
rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
if (rdata == NULL)
fatal("out of memory");
data = isc_mem_get(mctx, BUFSIZE);
if (data == NULL)
fatal("out of memory");
isc_buffer_init(&b, data, BUFSIZE);
result = dst_key_todns(key, &b);
if (result != ISC_R_SUCCESS)
fatal("failed to convert key %s/%s/%d to a DNS KEY: %s",
namestr, id, algtostr(alg),
isc_result_totext(result));
isc_buffer_usedregion(&b, &r);
dns_rdata_fromregion(rdata, dns_rdataclass_in,
dns_rdatatype_key, &r);
ISC_LIST_APPEND(rdatalist.rdata, rdata, link);
isc_mem_put(mctx, namestr, strlen(namestr) + 1);
dst_key_free(key);
}
isc_mem_free(mctx, savedname);
dns_rdataset_init(&rdataset);
result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
check_result(result, "dns_rdatalist_tordataset()");
dns_rdatalist_init(&sigrdatalist);
sigrdatalist.rdclass = dns_rdataclass_in;
sigrdatalist.type = dns_rdatatype_sig;
sigrdatalist.covers = dns_rdatatype_key;
sigrdatalist.ttl = ttl;
if (ISC_LIST_EMPTY(keylist))
fprintf(stderr,
"%s: no private zone key found; not self-signing\n",
PROGRAM);
for (keynode = ISC_LIST_HEAD(keylist);
keynode != NULL;
keynode = ISC_LIST_NEXT(keynode, link))
{
rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
if (rdata == NULL)
fatal("out of memory");
data = isc_mem_get(mctx, BUFSIZE);
if (data == NULL)
fatal("out of memory");
isc_buffer_init(&b, data, BUFSIZE);
result = dns_dnssec_sign(domain, &rdataset, keynode->key,
&starttime, &endtime, mctx, &b,
rdata);
if (result != ISC_R_SUCCESS)
fatal("failed to sign keyset with key %s/%s/%d: %s",
dst_key_name(keynode->key),
algtostr(dst_key_alg(keynode->key)),
dst_key_id(keynode->key),
isc_result_totext(result));
ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link);
dns_rdataset_init(&sigrdataset);
result = dns_rdatalist_tordataset(&sigrdatalist, &sigrdataset);
check_result(result, "dns_rdatalist_tordataset()");
}
db = NULL;
result = dns_db_create(mctx, "rbt", domain, ISC_FALSE,
dns_rdataclass_in, 0, NULL, &db);
if (result != ISC_R_SUCCESS)
fatal("failed to create a database for %s", nametostr(domain));
version = NULL;
dns_db_newversion(db, &version);
node = NULL;
result = dns_db_findnode(db, domain, ISC_TRUE, &node);
check_result(result, "dns_db_findnode()");
dns_db_addrdataset(db, node, version, 0, &rdataset, 0, NULL);
if (!ISC_LIST_EMPTY(keylist))
dns_db_addrdataset(db, node, version, 0, &sigrdataset, 0,
NULL);
dns_db_detachnode(db, &node);
dns_db_closeversion(db, &version, ISC_TRUE);
result = dns_db_dump(db, version, output);
if (result != ISC_R_SUCCESS)
fatal("failed to write database for %s to %s",
nametostr(domain), output);
dns_db_detach(&db);
dns_rdataset_disassociate(&rdataset);
while (!ISC_LIST_EMPTY(rdatalist.rdata)) {
rdata = ISC_LIST_HEAD(rdatalist.rdata);
ISC_LIST_UNLINK(rdatalist.rdata, rdata, link);
isc_mem_put(mctx, rdata->data, BUFSIZE);
isc_mem_put(mctx, rdata, sizeof *rdata);
}
while (!ISC_LIST_EMPTY(sigrdatalist.rdata)) {
rdata = ISC_LIST_HEAD(sigrdatalist.rdata);
ISC_LIST_UNLINK(sigrdatalist.rdata, rdata, link);
isc_mem_put(mctx, rdata->data, BUFSIZE);
isc_mem_put(mctx, rdata, sizeof *rdata);
}
while (!ISC_LIST_EMPTY(keylist)) {
keynode = ISC_LIST_HEAD(keylist);
ISC_LIST_UNLINK(keylist, keynode, link);
dst_key_free(keynode->key);
isc_mem_put(mctx, keynode, sizeof(keynode_t));
}
if (log != NULL)
isc_log_destroy(&log);
isc_mem_free(mctx, output);
isc_mem_destroy(&mctx);
return (0);
}

415
bin/tests/keysigner.c
View File

@@ -1,415 +0,0 @@
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#include <config.h>
#include <stdlib.h>
#include <isc/string.h>
#include <isc/commandline.h>
#include <isc/mem.h>
#include <isc/util.h>
#include <dns/db.h>
#include <dns/dnssec.h>
#include <dns/log.h>
#include <dns/rdata.h>
#include <dns/rdatalist.h>
#include <dns/rdataset.h>
#include <dns/rdatastruct.h>
#include <dns/result.h>
#include <dns/secalg.h>
#define PROGRAM "keysigner"
#define BUFSIZE 2048
typedef struct keynode keynode_t;
struct keynode {
dst_key_t *key;
isc_boolean_t verified;
ISC_LINK(keynode_t) link;
};
typedef ISC_LIST(keynode_t) keylist_t;
static isc_stdtime_t now;
static int verbose;
static isc_mem_t *mctx = NULL;
static keylist_t keylist;
static inline void
fatal(char *format, ...) {
va_list args;
fprintf(stderr, "%s: ", PROGRAM);
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
fprintf(stderr, "\n");
exit(1);
}
static inline void
check_result(isc_result_t result, char *message) {
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "%s: %s: %s\n", PROGRAM, message,
isc_result_totext(result));
exit(1);
}
}
/* Not thread-safe! */
static char *
nametostr(dns_name_t *name) {
isc_buffer_t b;
isc_region_t r;
isc_result_t result;
static char data[1025];
isc_buffer_init(&b, data, sizeof(data));
result = dns_name_totext(name, ISC_FALSE, &b);
check_result(result, "dns_name_totext()");
isc_buffer_usedregion(&b, &r);
r.base[r.length] = 0;
return (char *) r.base;
}
/* Not thread-safe! */
static char *
algtostr(const dns_secalg_t alg) {
isc_buffer_t b;
isc_region_t r;
isc_result_t result;
static char data[10];
isc_buffer_init(&b, data, sizeof(data));
result = dns_secalg_totext(alg, &b);
check_result(result, "dns_secalg_totext()");
isc_buffer_usedregion(&b, &r);
r.base[r.length] = 0;
return (char *) r.base;
}
static void
usage() {
fprintf(stderr, "Usage:\n");
fprintf(stderr, "\tkeysigner [options] keyset keys\n");
fprintf(stderr, "\n");
fprintf(stderr, "Options: (default value in parenthesis) \n");
fprintf(stderr, "\t-v level:\n");
fprintf(stderr, "\t\tverbose level (0)\n");
fprintf(stderr, "\n");
fprintf(stderr, "keyset:\n");
fprintf(stderr, "\tfile name of key set to be signed\n");
fprintf(stderr, "keys:\n");
fprintf(stderr, "\tkeyfile (Kname+alg+id)\n");
exit(0);
}
static void
loadkeys(dns_name_t *name, dns_rdataset_t *rdataset) {
dst_key_t *key;
dns_rdata_t rdata;
keynode_t *keynode;
isc_result_t result;
ISC_LIST_INIT(keylist);
result = dns_rdataset_first(rdataset);
check_result(result, "dns_rdataset_first");
for (; result == ISC_R_SUCCESS; result = dns_rdataset_next(rdataset)) {
dns_rdataset_current(rdataset, &rdata);
key = NULL;
result = dns_dnssec_keyfromrdata(name, &rdata, mctx, &key);
if (result != ISC_R_SUCCESS)
continue;
if (!dst_key_iszonekey(key))
continue;
keynode = isc_mem_get(mctx, sizeof (keynode_t));
if (keynode == NULL)
fatal("out of memory");
keynode->key = key;
keynode->verified = ISC_FALSE;
ISC_LINK_INIT(keynode, link);
ISC_LIST_APPEND(keylist, keynode, link);
}
if (result != ISC_R_NOMORE)
fatal("failure traversing key list");
}
static dst_key_t *
findkey(dns_rdata_sig_t *sig) {
keynode_t *keynode;
for (keynode = ISC_LIST_HEAD(keylist);
keynode != NULL;
keynode = ISC_LIST_NEXT(keynode, link))
{
if (dst_key_id(keynode->key) == sig->keyid &&
dst_key_alg(keynode->key) == sig->algorithm) {
keynode->verified = ISC_TRUE;
return (keynode->key);
}
}
fatal("signature generated by non-zone or missing key");
return (NULL);
}
int
main(int argc, char *argv[]) {
int i, ch;
char tdomain[1025];
dns_fixedname_t fdomain;
dns_name_t *domain;
char *output = NULL;
char *endp;
unsigned char *data;
dns_db_t *db;
dns_dbnode_t *node;
dns_dbversion_t *version;
dst_key_t *key = NULL;
dns_rdata_t *rdata, sigrdata;
dns_rdatalist_t sigrdatalist;
dns_rdataset_t rdataset, sigrdataset, newsigrdataset;
dns_rdata_sig_t sig;
isc_result_t result;
isc_buffer_t b;
isc_region_t r;
isc_log_t *log = NULL;
isc_logconfig_t *logconfig;
keynode_t *keynode;
dns_result_register();
result = isc_mem_create(0, 0, &mctx);
check_result(result, "isc_mem_create()");
while ((ch = isc_commandline_parse(argc, argv, "v:")) != -1)
{
switch (ch) {
case 'v':
endp = NULL;
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
fatal("verbose level must be numeric");
break;
default:
usage();
}
}
argc -= isc_commandline_index;
argv += isc_commandline_index;
if (argc < 2)
usage();
isc_stdtime_get(&now);
if (verbose > 0) {
RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig)
== ISC_R_SUCCESS);
isc_log_setcontext(log);
dns_log_init(log);
dns_log_setcontext(log);
RUNTIME_CHECK(isc_log_usechannel(logconfig, "default_stderr",
NULL, NULL) == ISC_R_SUCCESS);
}
if (strlen(argv[0]) < 8 ||
strcmp(argv[0] + strlen(argv[0]) - 7, ".keyset") != 0)
fatal("keyset file must end in .keyset");
dns_fixedname_init(&fdomain);
domain = dns_fixedname_name(&fdomain);
isc_buffer_init(&b, argv[0], strlen(argv[0]) - 7);
isc_buffer_add(&b, strlen(argv[0]) - 7);
result = dns_name_fromtext(domain, &b, dns_rootname, ISC_FALSE, NULL);
if (result != ISC_R_SUCCESS)
fatal("'%s' does not contain a valid domain name", argv[0]);
isc_buffer_init(&b, tdomain, sizeof(tdomain) - 1);
result = dns_name_totext(domain, ISC_FALSE, &b);
check_result(result, "dns_name_totext()");
isc_buffer_usedregion(&b, &r);
tdomain[r.length] = 0;
output = isc_mem_allocate(mctx,
strlen(tdomain) + strlen("signedkey") + 1);
if (output == NULL)
fatal("out of memory");
strcpy(output, tdomain);
strcat(output, "signedkey");
db = NULL;
result = dns_db_create(mctx, "rbt", domain, ISC_FALSE,
dns_rdataclass_in, 0, NULL, &db);
check_result(result, "dns_db_create()");
result = dns_db_load(db, argv[0]);
if (result != ISC_R_SUCCESS)
fatal("failed to load database from '%s': %s", argv[0],
isc_result_totext(result));
version = NULL;
dns_db_newversion(db, &version);
node = NULL;
result = dns_db_findnode(db, domain, ISC_FALSE, &node);
if (result != ISC_R_SUCCESS)
fatal("failed to find database node '%s': %s",
nametostr(domain), isc_result_totext(result));
dns_rdataset_init(&rdataset);
dns_rdataset_init(&sigrdataset);
result = dns_db_findrdataset(db, node, version, dns_rdatatype_key, 0,
0, &rdataset, &sigrdataset);
if (result != ISC_R_SUCCESS)
fatal("failed to find rdataset '%s KEY': %s",
nametostr(domain), isc_result_totext(result));
loadkeys(domain, &rdataset);
if (!dns_rdataset_isassociated(&sigrdataset))
fatal("no SIG KEY set present");
result = dns_rdataset_first(&sigrdataset);
check_result(result, "dns_rdataset_first()");
do {
dns_rdataset_current(&sigrdataset, &sigrdata);
result = dns_rdata_tostruct(&sigrdata, &sig, mctx);
check_result(result, "dns_rdata_tostruct()");
key = findkey(&sig);
result = dns_dnssec_verify(domain, &rdataset, key,
ISC_TRUE, mctx, &sigrdata);
if (result != ISC_R_SUCCESS)
fatal("signature by key '%s/%s/%d' did not verify: %s",
dst_key_name(key), algtostr(dst_key_alg(key)),
dst_key_id(key), isc_result_totext(result));
dns_rdata_freestruct(&sig);
result = dns_rdataset_next(&sigrdataset);
} while (result == ISC_R_SUCCESS);
for (keynode = ISC_LIST_HEAD(keylist);
keynode != NULL;
keynode = ISC_LIST_NEXT(keynode, link))
if (!keynode->verified)
fatal("Not all zone keys self signed the key set");
result = dns_rdataset_first(&sigrdataset);
check_result(result, "dns_rdataset_first()");
dns_rdataset_current(&sigrdataset, &sigrdata);
result = dns_rdata_tostruct(&sigrdata, &sig, mctx);
check_result(result, "dns_rdata_tostruct()");
dns_rdataset_disassociate(&sigrdataset);
argc -= 1;
argv += 1;
dns_rdatalist_init(&sigrdatalist);
sigrdatalist.rdclass = rdataset.rdclass;
sigrdatalist.type = dns_rdatatype_sig;
sigrdatalist.covers = dns_rdatatype_key;
sigrdatalist.ttl = rdataset.ttl;
for (i = 0; i < argc; i++) {
isc_uint16_t id;
int alg;
char *namestr = NULL;
isc_buffer_init(&b, argv[i], strlen(argv[i]));
isc_buffer_add(&b, strlen(argv[i]));
result = dst_key_parsefilename(&b, mctx, &namestr, &id, &alg,
NULL);
if (result != ISC_R_SUCCESS)
usage();
key = NULL;
result = dst_key_fromfile(namestr, id, alg, DST_TYPE_PRIVATE,
mctx, &key);
if (result != ISC_R_SUCCESS)
fatal("failed to read key %s/%s/%d from disk: %s",
dst_key_name(key), algtostr(dst_key_alg(key)),
dst_key_id(key), isc_result_totext(result));
isc_mem_put(mctx, namestr, strlen(namestr) + 1);
rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
if (rdata == NULL)
fatal("out of memory");
data = isc_mem_get(mctx, BUFSIZE);
if (data == NULL)
fatal("out of memory");
isc_buffer_init(&b, data, BUFSIZE);
result = dns_dnssec_sign(domain, &rdataset, key,
&sig.timesigned, &sig.timeexpire,
mctx, &b, rdata);
if (result != ISC_R_SUCCESS)
fatal("key '%s/%s/%d' failed to sign data: %s",
dst_key_name(key), algtostr(dst_key_alg(key)),
dst_key_id(key), isc_result_totext(result));
ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link);
dst_key_free(key);
}
dns_rdataset_init(&newsigrdataset);
result = dns_rdatalist_tordataset(&sigrdatalist, &newsigrdataset);
check_result (result, "dns_rdatalist_tordataset()");
dns_db_addrdataset(db, node, version, 0, &newsigrdataset, 0, NULL);
check_result (result, "dns_db_addrdataset()");
dns_db_detachnode(db, &node);
dns_db_closeversion(db, &version, ISC_TRUE);
result = dns_db_dump(db, version, output);
if (result != ISC_R_SUCCESS)
fatal("failed to write database to '%s': %s",
output, isc_result_totext(result));
dns_rdataset_disassociate(&rdataset);
dns_rdataset_disassociate(&newsigrdataset);
dns_rdata_freestruct(&sig);
while (!ISC_LIST_EMPTY(sigrdatalist.rdata)) {
rdata = ISC_LIST_HEAD(sigrdatalist.rdata);
ISC_LIST_UNLINK(sigrdatalist.rdata, rdata, link);
isc_mem_put(mctx, rdata->data, BUFSIZE);
isc_mem_put(mctx, rdata, sizeof *rdata);
}
dns_db_detach(&db);
while (!ISC_LIST_EMPTY(keylist)) {
keynode = ISC_LIST_HEAD(keylist);
ISC_LIST_UNLINK(keylist, keynode, link);
dst_key_free(keynode->key);
isc_mem_put(mctx, keynode, sizeof(keynode_t));
}
if (log != NULL)
isc_log_destroy(&log);
isc_mem_free(mctx, output);
isc_mem_destroy(&mctx);
return (0);
}

1570
bin/tests/signer.c
View File

File diff suppressed because it is too large Load Diff