1999-09-10 19:52:56 +00:00
|
|
|
/*
|
2000-05-10 17:57:53 +00:00
|
|
|
* Portions Copyright (c) 1995-2000 by Network Associates, Inc.
|
1999-09-10 19:52:56 +00:00
|
|
|
*
|
|
|
|
|
* Permission to use, copy modify, and distribute this software for any
|
|
|
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
|
|
|
* copyright notice and this permission notice appear in all copies.
|
|
|
|
|
*
|
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND NETWORK ASSOCIATES
|
|
|
|
|
* DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
|
|
|
|
|
* TRUSTED INFORMATION SYSTEMS BE LIABLE FOR ANY SPECIAL, DIRECT,
|
|
|
|
|
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
|
|
|
|
|
* FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
|
|
|
|
|
* NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
|
|
|
|
|
* WITH THE USE OR PERFORMANCE OF THE SOFTWARE.
|
|
|
|
|
*/
|
|
|
|
|
|
2000-05-19 00:20:59 +00:00
|
|
|
/* $Id: dnssec-keygen.c,v 1.23 2000/05/19 00:20:39 bwelling Exp $ */
|
1999-09-10 19:52:56 +00:00
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
|
2000-05-15 21:06:41 +00:00
|
|
|
#include <isc/buffer.h>
|
1999-10-06 20:07:25 +00:00
|
|
|
#include <isc/commandline.h>
|
1999-09-10 19:52:56 +00:00
|
|
|
#include <isc/mem.h>
|
2000-05-08 14:38:29 +00:00
|
|
|
#include <isc/region.h>
|
|
|
|
|
#include <isc/string.h>
|
2000-04-28 01:12:23 +00:00
|
|
|
#include <isc/util.h>
|
|
|
|
|
|
1999-09-10 19:52:56 +00:00
|
|
|
#include <dns/keyvalues.h>
|
2000-04-25 17:57:10 +00:00
|
|
|
#include <dns/secalg.h>
|
1999-09-10 19:52:56 +00:00
|
|
|
#include <dst/dst.h>
|
|
|
|
|
#include <dst/result.h>
|
|
|
|
|
|
2000-05-18 22:04:02 +00:00
|
|
|
#define PROGRAM "dnssec-keygen"
|
1999-09-10 19:52:56 +00:00
|
|
|
|
2000-05-10 17:57:53 +00:00
|
|
|
#define MAX_RSA 2048 /* XXX ogud update this when rsa library is updated */
|
2000-04-27 18:24:26 +00:00
|
|
|
|
2000-05-16 18:41:00 +00:00
|
|
|
static int verbose;
|
|
|
|
|
|
2000-05-18 23:28:30 +00:00
|
|
|
static void
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal(char *format, ...) {
|
|
|
|
|
va_list args;
|
|
|
|
|
|
|
|
|
|
fprintf(stderr, "%s: ", PROGRAM);
|
|
|
|
|
va_start(args, format);
|
|
|
|
|
vfprintf(stderr, format, args);
|
|
|
|
|
va_end(args);
|
|
|
|
|
fprintf(stderr, "\n");
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline void
|
|
|
|
|
check_result(isc_result_t result, char *message) {
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
fprintf(stderr, "%s: %s: %s\n", PROGRAM, message,
|
|
|
|
|
isc_result_totext(result));
|
|
|
|
|
exit(1);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Not thread-safe! */
|
|
|
|
|
static char *
|
|
|
|
|
algtostr(const dns_secalg_t alg) {
|
|
|
|
|
isc_buffer_t b;
|
|
|
|
|
isc_region_t r;
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
static char data[10];
|
|
|
|
|
|
|
|
|
|
isc_buffer_init(&b, data, sizeof(data));
|
|
|
|
|
result = dns_secalg_totext(alg, &b);
|
|
|
|
|
check_result(result, "dns_secalg_totext()");
|
|
|
|
|
isc_buffer_usedregion(&b, &r);
|
|
|
|
|
r.base[r.length] = 0;
|
|
|
|
|
return (char *) r.base;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static isc_boolean_t
|
|
|
|
|
dsa_size_ok(int size) {
|
|
|
|
|
return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2000-05-18 22:04:02 +00:00
|
|
|
usage() {
|
2000-05-16 18:41:00 +00:00
|
|
|
printf("Usage:\n");
|
2000-05-18 22:04:02 +00:00
|
|
|
printf(" %s [options] name\n\n", PROGRAM);
|
2000-05-16 18:41:00 +00:00
|
|
|
printf("Required options:\n");
|
|
|
|
|
printf(" -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5\n");
|
|
|
|
|
printf(" -b key size, in bits:\n");
|
|
|
|
|
printf(" RSA:\t\t[512..%d]\n", MAX_RSA);
|
|
|
|
|
printf(" DH:\t\t[128..4096]\n");
|
|
|
|
|
printf(" DSA:\t\t[512..1024] and dividable by 64\n");
|
|
|
|
|
printf(" HMAC-MD5:\t[1..512]\n");
|
|
|
|
|
printf(" -n nametype: ZONE | HOST | ENTITY | USER\n");
|
|
|
|
|
printf(" name: owner of the key\n");
|
|
|
|
|
printf("Other options:\n");
|
|
|
|
|
printf(" -e use large exponent (RSA only)\n");
|
|
|
|
|
printf(" -g use specified generator (DH only)\n");
|
|
|
|
|
printf(" -t type: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF\n");
|
|
|
|
|
printf(" default: AUTHCONF\n");
|
|
|
|
|
printf(" -p protocol value\n");
|
|
|
|
|
printf(" default: 2 (email) for User keys, "
|
|
|
|
|
"3 (dnssec) for all others\n");
|
|
|
|
|
printf(" -s strength value this key signs DNS records with\n");
|
|
|
|
|
printf(" default: 0\n");
|
|
|
|
|
printf(" -v verbose level\n");
|
|
|
|
|
|
|
|
|
|
exit (-1);
|
|
|
|
|
}
|
|
|
|
|
|
1999-09-10 19:52:56 +00:00
|
|
|
int
|
|
|
|
|
main(int argc, char **argv) {
|
2000-05-08 14:38:29 +00:00
|
|
|
char *algname = NULL, *nametype = NULL, *type = NULL;
|
|
|
|
|
char *prog, *endp;
|
2000-05-19 00:20:59 +00:00
|
|
|
dst_key_t *key = NULL, *oldkey;
|
2000-05-08 14:38:29 +00:00
|
|
|
char *name = NULL;
|
|
|
|
|
isc_uint16_t flags = 0;
|
|
|
|
|
dns_secalg_t alg;
|
2000-05-10 17:57:53 +00:00
|
|
|
isc_boolean_t conflict = ISC_FALSE, null_key = ISC_FALSE;
|
2000-05-08 14:38:29 +00:00
|
|
|
isc_mem_t *mctx = NULL;
|
|
|
|
|
int ch, rsa_exp = 0, generator = 0, param = 0;
|
|
|
|
|
int protocol = -1, size = -1, signatory = 0;
|
|
|
|
|
isc_result_t ret;
|
|
|
|
|
isc_textregion_t r;
|
2000-05-15 21:06:41 +00:00
|
|
|
char filename[255];
|
|
|
|
|
isc_buffer_t buf;
|
1999-09-10 19:52:56 +00:00
|
|
|
|
|
|
|
|
RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
|
|
|
|
|
|
|
|
|
|
if ((prog = strrchr(argv[0],'/')) == NULL)
|
2000-04-25 17:57:10 +00:00
|
|
|
prog = isc_mem_strdup(mctx, argv[0]);
|
1999-09-10 19:52:56 +00:00
|
|
|
else
|
2000-04-25 17:57:10 +00:00
|
|
|
prog = isc_mem_strdup(mctx, ++prog);
|
|
|
|
|
if (prog == NULL)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("out of memory");
|
2000-04-25 17:57:10 +00:00
|
|
|
|
|
|
|
|
if (argc == 1)
|
2000-05-18 22:04:02 +00:00
|
|
|
usage();
|
1999-09-10 19:52:56 +00:00
|
|
|
|
1999-10-06 20:07:25 +00:00
|
|
|
while ((ch = isc_commandline_parse(argc, argv,
|
2000-04-27 18:24:26 +00:00
|
|
|
"a:b:eg:n:t:p:s:hv:")) != -1)
|
2000-04-25 17:57:10 +00:00
|
|
|
{
|
1999-09-10 19:52:56 +00:00
|
|
|
switch (ch) {
|
|
|
|
|
case 'a':
|
2000-04-25 17:57:10 +00:00
|
|
|
algname = isc_mem_strdup(mctx,
|
|
|
|
|
isc_commandline_argument);
|
|
|
|
|
if (algname == NULL)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("out of memory");
|
1999-09-10 19:52:56 +00:00
|
|
|
break;
|
2000-04-25 17:57:10 +00:00
|
|
|
case 'b':
|
|
|
|
|
size = strtol(isc_commandline_argument, &endp, 10);
|
|
|
|
|
if (*endp != '\0' || size < 0)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("-b requires a non-negative number");
|
1999-09-10 19:52:56 +00:00
|
|
|
break;
|
2000-04-25 17:57:10 +00:00
|
|
|
case 'e':
|
|
|
|
|
rsa_exp = 1;
|
1999-09-10 19:52:56 +00:00
|
|
|
break;
|
1999-09-27 17:11:41 +00:00
|
|
|
case 'g':
|
2000-04-25 17:57:10 +00:00
|
|
|
generator = strtol(isc_commandline_argument, &endp, 10);
|
|
|
|
|
if (*endp != '\0' || generator <= 0)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("-g requires a positive number");
|
2000-04-25 17:57:10 +00:00
|
|
|
break;
|
|
|
|
|
case 'n':
|
|
|
|
|
nametype = isc_mem_strdup(mctx,
|
|
|
|
|
isc_commandline_argument);
|
|
|
|
|
if (nametype == NULL)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("out of memory");
|
2000-04-25 17:57:10 +00:00
|
|
|
break;
|
|
|
|
|
case 't':
|
|
|
|
|
type = isc_mem_strdup(mctx, isc_commandline_argument);
|
|
|
|
|
if (type == NULL)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("out of memory");
|
1999-09-27 17:11:41 +00:00
|
|
|
break;
|
1999-09-10 19:52:56 +00:00
|
|
|
case 'p':
|
2000-04-25 17:57:10 +00:00
|
|
|
protocol = strtol(isc_commandline_argument, &endp, 10);
|
|
|
|
|
if (*endp != '\0' || protocol < 0 || protocol > 255)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("-p must be followed by a number "
|
|
|
|
|
"[0..255]");
|
1999-09-10 19:52:56 +00:00
|
|
|
break;
|
|
|
|
|
case 's':
|
2000-05-08 14:38:29 +00:00
|
|
|
signatory = strtol(isc_commandline_argument,
|
|
|
|
|
&endp, 10);
|
2000-04-25 17:57:10 +00:00
|
|
|
if (*endp != '\0' || signatory < 0 || signatory > 15)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("-s must be followed by a number "
|
|
|
|
|
"[0..15]");
|
1999-09-10 19:52:56 +00:00
|
|
|
break;
|
2000-04-27 18:24:26 +00:00
|
|
|
case 'v':
|
|
|
|
|
endp = NULL;
|
|
|
|
|
verbose = strtol(isc_commandline_argument, &endp, 0);
|
|
|
|
|
if (*endp != '\0')
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("-v must be followed by a number");
|
2000-04-27 18:24:26 +00:00
|
|
|
break;
|
|
|
|
|
|
1999-09-10 19:52:56 +00:00
|
|
|
case 'h':
|
2000-05-18 22:04:02 +00:00
|
|
|
usage();
|
1999-09-10 19:52:56 +00:00
|
|
|
default:
|
2000-05-18 22:04:02 +00:00
|
|
|
fprintf(stderr, "%s: invalid argument -%c\n",
|
|
|
|
|
PROGRAM, ch);
|
|
|
|
|
usage();
|
1999-09-10 19:52:56 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2000-05-05 19:55:56 +00:00
|
|
|
if (argc < isc_commandline_index + 1)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("the key name was not specified");
|
2000-05-05 19:55:56 +00:00
|
|
|
if (argc > isc_commandline_index + 1)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("extraneous arguments");
|
1999-09-10 19:52:56 +00:00
|
|
|
|
2000-04-25 17:57:10 +00:00
|
|
|
if (algname == NULL)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("no algorithm was specified");
|
2000-04-25 17:57:10 +00:00
|
|
|
if (strcasecmp(algname, "RSA") == 0)
|
|
|
|
|
alg = DNS_KEYALG_RSA;
|
|
|
|
|
else if (strcasecmp(algname, "HMAC-MD5") == 0)
|
|
|
|
|
alg = DST_ALG_HMACMD5;
|
|
|
|
|
else {
|
|
|
|
|
r.base = algname;
|
|
|
|
|
r.length = strlen(algname);
|
|
|
|
|
ret = dns_secalg_fromtext(&alg, &r);
|
|
|
|
|
if (ret != ISC_R_SUCCESS)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("unknown algorithm %s", algname);
|
2000-04-25 17:57:10 +00:00
|
|
|
}
|
2000-05-17 22:48:10 +00:00
|
|
|
if (dst_algorithm_supported(alg) == ISC_FALSE)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("unsupported algorithm %s", algname);
|
1999-09-10 19:52:56 +00:00
|
|
|
|
2000-04-25 17:57:10 +00:00
|
|
|
if (type != NULL) {
|
|
|
|
|
if (strcasecmp(type, "NOAUTH") == 0)
|
|
|
|
|
flags |= DNS_KEYTYPE_NOAUTH;
|
|
|
|
|
else if (strcasecmp(type, "NOCONF") == 0)
|
|
|
|
|
flags |= DNS_KEYTYPE_NOCONF;
|
2000-05-10 17:57:53 +00:00
|
|
|
else if (strcasecmp(type, "NOAUTHCONF") == 0) {
|
2000-04-25 17:57:10 +00:00
|
|
|
flags |= (DNS_KEYTYPE_NOAUTH | DNS_KEYTYPE_NOCONF);
|
2000-05-10 17:57:53 +00:00
|
|
|
if (size < 0)
|
|
|
|
|
size = 0;
|
|
|
|
|
}
|
2000-04-25 17:57:10 +00:00
|
|
|
else if (strcasecmp(type, "AUTHCONF") == 0)
|
|
|
|
|
/* nothing */;
|
|
|
|
|
else
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("invalid type %s", type);
|
2000-04-25 17:57:10 +00:00
|
|
|
}
|
|
|
|
|
|
2000-05-10 17:57:53 +00:00
|
|
|
if (size < 0)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("key size not specified (-b option)");
|
2000-05-10 17:57:53 +00:00
|
|
|
|
2000-04-25 17:57:10 +00:00
|
|
|
switch (alg) {
|
|
|
|
|
case DNS_KEYALG_RSA:
|
2000-05-10 17:57:53 +00:00
|
|
|
if (size != 0 && (size < 512 || size > MAX_RSA))
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("RSA key size %d out of range", size);
|
2000-04-25 17:57:10 +00:00
|
|
|
break;
|
|
|
|
|
case DNS_KEYALG_DH:
|
|
|
|
|
if (size != 0 && (size < 128 || size > 4096))
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("DH key size %d out of range", size);
|
2000-04-25 17:57:10 +00:00
|
|
|
break;
|
|
|
|
|
case DNS_KEYALG_DSA:
|
2000-05-10 17:57:53 +00:00
|
|
|
if (size != 0 && !dsa_size_ok(size))
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("Invalid DSS key size: %d", size);
|
2000-04-25 17:57:10 +00:00
|
|
|
break;
|
|
|
|
|
case DST_ALG_HMACMD5:
|
|
|
|
|
if (size < 1 || size > 512)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("HMAC-MD5 key size %d out of range", size);
|
2000-04-25 17:57:10 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (alg != DNS_KEYALG_RSA && rsa_exp != 0)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("specified RSA exponent without RSA");
|
2000-04-25 17:57:10 +00:00
|
|
|
|
|
|
|
|
if (alg != DNS_KEYALG_DH && generator != 0)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("specified DH generator without DH");
|
2000-04-25 17:57:10 +00:00
|
|
|
|
|
|
|
|
if (nametype == NULL)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("no nametype specified");
|
2000-04-25 17:57:10 +00:00
|
|
|
if (strcasecmp(nametype, "zone") == 0)
|
|
|
|
|
flags |= DNS_KEYOWNER_ZONE;
|
|
|
|
|
else if (strcasecmp(nametype, "host") == 0 ||
|
|
|
|
|
strcasecmp(nametype, "entity") == 0)
|
|
|
|
|
flags |= DNS_KEYOWNER_ENTITY;
|
|
|
|
|
else if (strcasecmp(nametype, "user") == 0)
|
|
|
|
|
flags |= DNS_KEYOWNER_USER;
|
|
|
|
|
else
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("invalid nametype %s", nametype);
|
2000-04-25 17:57:10 +00:00
|
|
|
|
|
|
|
|
flags |= signatory;
|
|
|
|
|
|
1999-09-10 19:52:56 +00:00
|
|
|
if (protocol == -1) {
|
|
|
|
|
if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_USER)
|
|
|
|
|
protocol = DNS_KEYPROTO_EMAIL;
|
|
|
|
|
else
|
|
|
|
|
protocol = DNS_KEYPROTO_DNSSEC;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
|
|
|
|
|
if (size > 0)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("Specified null key with non-zero size");
|
1999-09-10 19:52:56 +00:00
|
|
|
if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("Specified null key with signing authority");
|
1999-09-10 19:52:56 +00:00
|
|
|
}
|
2000-04-25 17:57:10 +00:00
|
|
|
|
|
|
|
|
name = isc_mem_allocate(mctx, strlen(argv[isc_commandline_index]) + 2);
|
|
|
|
|
if (name == NULL)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("out of memory");
|
2000-04-25 17:57:10 +00:00
|
|
|
strcpy(name, argv[isc_commandline_index]);
|
|
|
|
|
if (name[strlen(name) - 1] != '.') {
|
|
|
|
|
strcat(name, ".");
|
2000-05-15 21:06:41 +00:00
|
|
|
fprintf(stderr,
|
2000-05-18 22:04:02 +00:00
|
|
|
"%s: added a trailing dot to fully qualify the name\n",
|
|
|
|
|
PROGRAM);
|
1999-09-10 19:52:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch(alg) {
|
2000-04-25 17:57:10 +00:00
|
|
|
case DNS_KEYALG_RSA:
|
|
|
|
|
param = rsa_exp;
|
|
|
|
|
break;
|
|
|
|
|
case DNS_KEYALG_DH:
|
|
|
|
|
param = generator;
|
|
|
|
|
break;
|
|
|
|
|
case DNS_KEYALG_DSA:
|
|
|
|
|
case DST_ALG_HMACMD5:
|
|
|
|
|
param = 0;
|
|
|
|
|
break;
|
1999-09-10 19:52:56 +00:00
|
|
|
}
|
|
|
|
|
|
2000-05-15 21:06:41 +00:00
|
|
|
if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
|
|
|
|
|
null_key = ISC_TRUE;
|
|
|
|
|
|
|
|
|
|
isc_buffer_init(&buf, filename, sizeof(filename) - 1);
|
2000-03-06 20:04:15 +00:00
|
|
|
dst_result_register();
|
2000-05-15 21:06:41 +00:00
|
|
|
|
2000-05-10 17:57:53 +00:00
|
|
|
do {
|
|
|
|
|
conflict = ISC_FALSE;
|
2000-05-15 21:06:41 +00:00
|
|
|
oldkey = NULL;
|
2000-05-10 17:57:53 +00:00
|
|
|
|
|
|
|
|
/* generate the key */
|
|
|
|
|
ret = dst_key_generate(name, alg, size, param, flags, protocol,
|
|
|
|
|
mctx, &key);
|
|
|
|
|
|
|
|
|
|
if (ret != ISC_R_SUCCESS) {
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("failed to generate key %s/%d: %s\n", name, alg,
|
2000-05-15 21:06:41 +00:00
|
|
|
dst_result_totext(ret));
|
2000-05-10 17:57:53 +00:00
|
|
|
exit(-1);
|
|
|
|
|
}
|
|
|
|
|
|
2000-05-15 21:06:41 +00:00
|
|
|
/*
|
|
|
|
|
* Try to read a key with the same name, alg and id from disk.
|
|
|
|
|
* If there is one we must continue generating a new one
|
|
|
|
|
* unless we were asked to generate a null key, in which
|
|
|
|
|
* case we return failure.
|
2000-05-10 17:57:53 +00:00
|
|
|
*/
|
2000-05-15 21:06:41 +00:00
|
|
|
ret = dst_key_fromfile(name, dst_key_id(key), alg,
|
|
|
|
|
DST_TYPE_PRIVATE, mctx, &oldkey);
|
|
|
|
|
/* do not overwrite an existing key */
|
|
|
|
|
if (ret == ISC_R_SUCCESS) {
|
2000-05-19 00:20:59 +00:00
|
|
|
dst_key_free(&oldkey);
|
2000-05-10 17:57:53 +00:00
|
|
|
conflict = ISC_TRUE;
|
2000-05-15 21:06:41 +00:00
|
|
|
if (null_key)
|
|
|
|
|
break;
|
2000-05-10 17:57:53 +00:00
|
|
|
}
|
2000-05-15 21:06:41 +00:00
|
|
|
if (conflict == ISC_TRUE)
|
2000-05-19 00:20:59 +00:00
|
|
|
dst_key_free(&key);
|
2000-05-10 17:57:53 +00:00
|
|
|
|
2000-05-15 21:06:41 +00:00
|
|
|
} while (conflict == ISC_TRUE);
|
2000-05-10 17:57:53 +00:00
|
|
|
|
2000-05-15 21:06:41 +00:00
|
|
|
if (conflict)
|
2000-05-16 18:41:00 +00:00
|
|
|
fatal("cannot generate a null key when a key with id 0 "
|
|
|
|
|
"already exists");
|
2000-05-10 17:57:53 +00:00
|
|
|
|
2000-05-15 21:06:41 +00:00
|
|
|
ret = dst_key_tofile(key, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE);
|
2000-05-16 18:41:00 +00:00
|
|
|
if (ret != ISC_R_SUCCESS)
|
|
|
|
|
fatal("failed to write key %s/%s/%d: %s\n", name,
|
|
|
|
|
dst_key_id(key), algtostr(alg), isc_result_totext(ret));
|
2000-05-15 21:06:41 +00:00
|
|
|
|
|
|
|
|
isc_buffer_clear(&buf);
|
|
|
|
|
ret = dst_key_buildfilename(key, 0, &buf);
|
|
|
|
|
filename[isc_buffer_usedlength(&buf)] = 0;
|
|
|
|
|
printf("%s\n", filename);
|
2000-04-25 17:57:10 +00:00
|
|
|
isc_mem_free(mctx, name);
|
|
|
|
|
isc_mem_free(mctx, algname);
|
|
|
|
|
isc_mem_free(mctx, nametype);
|
|
|
|
|
isc_mem_free(mctx, prog);
|
|
|
|
|
if (type != NULL)
|
|
|
|
|
isc_mem_free(mctx, type);
|
2000-05-19 00:20:59 +00:00
|
|
|
dst_key_free(&key);
|
2000-04-25 17:57:10 +00:00
|
|
|
isc_mem_destroy(&mctx);
|
2000-05-08 20:12:46 +00:00
|
|
|
|
|
|
|
|
return (0);
|
1999-09-10 19:52:56 +00:00
|
|
|
}
|
