From: Jelte Jansen <jeltejan@NLnetLabs.nl>
Date: Wed, 31 Aug 2005 09:57:16 +0000 (+0000)
Subject: keygen now outputs to files (and also creates DS record)
X-Git-Tag: release-1.0.0~222
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d7beda415e3e4bc2d565e2c4d8089fde92199db1;p=thirdparty%2Fldns.git

keygen now outputs to files (and also creates DS record)
added some KSK code to _sign
---

diff --git a/dnssec.c b/dnssec.c
index 0c7293bc..4abe2c63 100644
--- a/dnssec.c
+++ b/dnssec.c
@@ -1524,7 +1524,18 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list, ldns_key_list *key_sign
 		cur_rrset_type = ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0));
 		cur_dname = ldns_rr_owner(ldns_rr_list_rr(cur_rrset, 0));
 
-		if (cur_rrset_type != LDNS_RR_TYPE_RRSIG &&
+		/* if we have KSKs, use them for DNSKEYS, otherwise
+		   make them selfsigned (?) */
+		if (cur_rrset_type == LDNS_RR_TYPE_DNSKEY) {
+			if (key_signing_key_list) {
+				cur_rrsigs = ldns_sign_public(cur_rrset, key_signing_key_list);
+			} else {
+				cur_rrsigs = ldns_sign_public(cur_rrset, key_list);
+			}
+			ldns_zone_push_rr_list(signed_zone, cur_rrset);
+			ldns_zone_push_rr_list(signed_zone, cur_rrsigs);
+			ldns_rr_list_free(cur_rrsigs);
+		} else if (cur_rrset_type != LDNS_RR_TYPE_RRSIG &&
 		    (ldns_dname_is_subdomain(cur_dname, ldns_rr_owner(ldns_zone_soa(zone))) ||
 		     ldns_rdf_compare(cur_dname, ldns_rr_owner(ldns_zone_soa(zone))) == 0
 		    )
diff --git a/host2str.c b/host2str.c
index 9e2e469f..8b4ccaa2 100644
--- a/host2str.c
+++ b/host2str.c
@@ -429,6 +429,8 @@ ldns_rdf2buffer_str_wks(ldns_buffer *output, ldns_rdf *rdf)
 		ldns_buffer_printf(output, "%u ", protocol_nr);
 	}
 
+	endprotoent();
+	
 	for (current_service = 0; 
 	     current_service < ldns_rdf_size(rdf) * 7;
 	     current_service++) {
@@ -442,6 +444,7 @@ ldns_rdf2buffer_str_wks(ldns_buffer *output, ldns_rdf *rdf)
 				ldns_buffer_printf(output, "%u ",
 				                   current_service);
 			}
+			endservent();
 		}
 	}
 	return ldns_buffer_status(output);
@@ -1125,6 +1128,62 @@ ldns_key2buffer_str(ldns_buffer *output, ldns_key *k)
 				ldns_buffer_printf(output, "\n"); 
 				break;
 			case LDNS_SIGN_DSA:
+				ldns_buffer_printf(output,"Private-key-format: v1.2\n");
+				ldns_buffer_printf(output,"Algorithm: 3 (DSA)\n");
+
+				/* print to buf, convert to bin, convert to b64,
+				 * print to buf */
+				ldns_buffer_printf(output, "Prime(p): "); 
+				i = (uint16_t)BN_bn2bin(ldns_key_dsa_key(k)->p, bignum);
+				if (i > LDNS_MAX_KEYLEN) {
+					goto error;
+				}
+				b64_bignum =  ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+				if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+					goto error;
+				}
+				ldns_buffer_printf(output, "\n"); 
+				ldns_buffer_printf(output, "Subprime(q): "); 
+				i = (uint16_t)BN_bn2bin(ldns_key_dsa_key(k)->q, bignum);
+				if (i > LDNS_MAX_KEYLEN) {
+					goto error;
+				}
+				b64_bignum =  ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+				if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+					goto error;
+				}
+				ldns_buffer_printf(output, "\n"); 
+				ldns_buffer_printf(output, "Base(g): "); 
+				i = (uint16_t)BN_bn2bin(ldns_key_dsa_key(k)->g, bignum);
+				if (i > LDNS_MAX_KEYLEN) {
+					goto error;
+				}
+				b64_bignum =  ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+				if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+					goto error;
+				}
+				ldns_buffer_printf(output, "\n"); 
+				ldns_buffer_printf(output, "Private_value(x): "); 
+				i = (uint16_t)BN_bn2bin(ldns_key_dsa_key(k)->priv_key, bignum);
+				if (i > LDNS_MAX_KEYLEN) {
+					goto error;
+				}
+				b64_bignum =  ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+				if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+					goto error;
+				}
+				ldns_buffer_printf(output, "\n"); 
+				ldns_buffer_printf(output, "Public_value(y): "); 
+				i = (uint16_t)BN_bn2bin(ldns_key_dsa_key(k)->pub_key, bignum);
+				if (i > LDNS_MAX_KEYLEN) {
+					goto error;
+				}
+				b64_bignum =  ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+				if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+					goto error;
+				}
+				ldns_buffer_printf(output, "\n"); 
+				break;
 			case LDNS_SIGN_HMACMD5:
 				/* as always; todo code */
 				goto error;
diff --git a/keygen.c b/keygen.c
index fe1dfd62..219c668b 100644
--- a/keygen.c
+++ b/keygen.c
@@ -9,6 +9,8 @@
 
 #include <ldns/dns.h>
 
+#include <errno.h>
+
 void
 usage(FILE *fp, char *prog) {
 	fprintf(fp, "%s keygen [-D|-R] -b bits domain\n", prog);
@@ -17,8 +19,15 @@ usage(FILE *fp, char *prog) {
 	fprintf(fp, "  -R\tgenerate a RSA key\n");
 	fprintf(fp, "  -k\tset the flags to 257; key signing key\n");
 	fprintf(fp, "  -b <bits>\tspecify the keylength\n");
+	fprintf(fp, "  The following files will be created:\n");
+	fprintf(fp, "    K<name>+<alg>+<id>.key\tPublic key in RR format\n");
+	fprintf(fp, "    K<name>+<alg>+<id>.private\tPrivate key in key format\n");
+	fprintf(fp, "    K<name>+<alg>+<id>.ds\tDS in RR format\n");
+	
+/*
 	fprintf(fp, "  The public key is printed to stdout\n");
 	fprintf(fp, "  The private key is printed to stderr\n");
+*/
 	fprintf(fp, "\nWARNING, WARNING, this program does NOT use a good random source for the key generation.\nUse at your OWN RISK\n\n");
 }
 
@@ -33,10 +42,15 @@ main(int argc, char *argv[])
 	uint16_t bits = def_bits;
 	bool ksk;
 
+	FILE *file;
+	char *filename;
+	char *owner;
+
 	ldns_signing_algorithm algorithm;
 	ldns_rdf *domain;
 	ldns_rr *pubkey;
 	ldns_key *key;
+	ldns_rr *ds;
 
 	prog = strdup(argv[0]);
 	algorithm = 0;
@@ -90,7 +104,7 @@ main(int argc, char *argv[])
 
 	/* generate a new key */
 	key = ldns_key_new_frm_algorithm(algorithm, bits);
-
+	
 	/* set the owner name in the key - this is a /seperate/ step */
 	ldns_key_set_pubkey_owner(key, domain);
 
@@ -101,11 +115,55 @@ main(int argc, char *argv[])
 
 	/* create the public from the ldns_key */
 	pubkey = ldns_key2rr(key);
+	owner = ldns_rdf2str(ldns_rr_owner(pubkey));
 	
-	/* print it to stdout */
-	ldns_rr_print(stdout, pubkey);
+	/* calculate and set the keytag */
+	ldns_key_set_keytag(key, ldns_calc_keytag(pubkey));
 
+	/* build the DS record */
+	ds = ldns_key_rr2ds(pubkey);
+
+	/* print the public key RR to .key */
+	filename = LDNS_XMALLOC(char, strlen(owner) + 17);
+	snprintf(filename, strlen(owner) + 16, "K%s+%03u+%05u.key", owner, algorithm, ldns_key_keytag(key));
+	file = fopen(filename, "w");
+	if (!file) {
+		fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
+		fprintf(stderr, "Aborting\n");
+		exit(EXIT_FAILURE);
+	} else {
+		ldns_rr_print(file, pubkey);
+		fclose(file);
+		LDNS_FREE(filename);
+	}
+	
 	/* print the priv key to stderr */
-	ldns_key_print(stderr, key);
+	filename = LDNS_XMALLOC(char, strlen(owner) + 21);
+	snprintf(filename, strlen(owner) + 20, "K%s+%03u+%05u.private", owner, algorithm, ldns_key_keytag(key));
+	file = fopen(filename, "w");
+	if (!file) {
+		fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
+		fprintf(stderr, "Aborting\n");
+		exit(EXIT_FAILURE);
+	} else {
+		ldns_key_print(file, key);
+		fclose(file);
+		LDNS_FREE(filename);
+	}
+	
+	/* print the DS to .ds */
+	filename = LDNS_XMALLOC(char, strlen(owner) + 16);
+	snprintf(filename, strlen(owner) + 15, "K%s+%03u+%05u.ds", owner, algorithm, ldns_key_keytag(key));
+	file = fopen(filename, "w");
+	if (!file) {
+		fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
+		fprintf(stderr, "Aborting\n");
+		exit(EXIT_FAILURE);
+	} else {
+		ldns_rr_print(file, ds);
+		fclose(file);
+		LDNS_FREE(filename);
+	}
+	
         exit(EXIT_SUCCESS);
 }
diff --git a/keys.c b/keys.c
index 33f22eb3..77024eb7 100644
--- a/keys.c
+++ b/keys.c
@@ -47,7 +47,7 @@ ldns_key_new()
 		return NULL;
 	} else {
 		/* some defaults - not sure wether to do this */
-		ldns_key_set_flags(newkey, 256);
+		ldns_key_set_flags(newkey, LDNS_KEY_ZONE_KEY_FLAG);
 		ldns_key_set_origttl(newkey, 0);
 		ldns_key_set_keytag(newkey, 0);
 		ldns_key_set_inception(newkey, 0);
diff --git a/ldns/keys.h b/ldns/keys.h
index f20009cd..ed7f047a 100644
--- a/ldns/keys.h
+++ b/ldns/keys.h
@@ -20,6 +20,9 @@
 
 extern ldns_lookup_table ldns_signing_algorithms[];
 
+#define LDNS_KEY_ZONE_KEY_FLAG 0x0100
+#define LDNS_KEY_SEP_KEY_FLAG 0x0001
+
 /**
  * algorithms used in dns
  */
diff --git a/signzone.c b/signzone.c
index 8f0907d9..b69801cb 100644
--- a/signzone.c
+++ b/signzone.c
@@ -186,6 +186,7 @@ main(int argc, char *argv[])
 					ldns_key_set_inception(key, inception);
 				}
 
+				ldns_key_set_flags(key, ldns_key_flags(key) | LDNS_KEY_ZONE_KEY_FLAG);
 				ldns_key_list_push_key(keys, key);
 				
 			} else {
@@ -225,6 +226,7 @@ main(int argc, char *argv[])
 					ldns_key_set_inception(key, inception);
 				}
 
+				ldns_key_set_flags(key, ldns_key_flags(key) | LDNS_KEY_ZONE_KEY_FLAG | LDNS_KEY_SEP_KEY_FLAG);
 				ldns_key_list_push_key(key_signing_keys, key);
 			} else {
 				fprintf(stderr, "Error reading KSK from %s\n", argv[argi]);
diff --git a/str2host.c b/str2host.c
index 6774e298..975a5f2e 100644
--- a/str2host.c
+++ b/str2host.c
@@ -830,6 +830,8 @@ ldns_str2rdf_wks(ldns_rdf **rd, const char *str)
 	LDNS_FREE(bitmap);
 	LDNS_FREE(data);
 	free(proto_str);
+	endservent();
+	endprotoent();
 	
 	return LDNS_STATUS_OK;
 }