cur_rrset_type = ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0));
cur_dname = ldns_rr_owner(ldns_rr_list_rr(cur_rrset, 0));
- if (cur_rrset_type != LDNS_RR_TYPE_RRSIG &&
+ /* if we have KSKs, use them for DNSKEYS, otherwise
+ make them selfsigned (?) */
+ if (cur_rrset_type == LDNS_RR_TYPE_DNSKEY) {
+ if (key_signing_key_list) {
+ cur_rrsigs = ldns_sign_public(cur_rrset, key_signing_key_list);
+ } else {
+ cur_rrsigs = ldns_sign_public(cur_rrset, key_list);
+ }
+ ldns_zone_push_rr_list(signed_zone, cur_rrset);
+ ldns_zone_push_rr_list(signed_zone, cur_rrsigs);
+ ldns_rr_list_free(cur_rrsigs);
+ } else if (cur_rrset_type != LDNS_RR_TYPE_RRSIG &&
(ldns_dname_is_subdomain(cur_dname, ldns_rr_owner(ldns_zone_soa(zone))) ||
ldns_rdf_compare(cur_dname, ldns_rr_owner(ldns_zone_soa(zone))) == 0
)
ldns_buffer_printf(output, "%u ", protocol_nr);
}
+ endprotoent();
+
for (current_service = 0;
current_service < ldns_rdf_size(rdf) * 7;
current_service++) {
ldns_buffer_printf(output, "%u ",
current_service);
}
+ endservent();
}
}
return ldns_buffer_status(output);
ldns_buffer_printf(output, "\n");
break;
case LDNS_SIGN_DSA:
+ ldns_buffer_printf(output,"Private-key-format: v1.2\n");
+ ldns_buffer_printf(output,"Algorithm: 3 (DSA)\n");
+
+ /* print to buf, convert to bin, convert to b64,
+ * print to buf */
+ ldns_buffer_printf(output, "Prime(p): ");
+ i = (uint16_t)BN_bn2bin(ldns_key_dsa_key(k)->p, bignum);
+ if (i > LDNS_MAX_KEYLEN) {
+ goto error;
+ }
+ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+ goto error;
+ }
+ ldns_buffer_printf(output, "\n");
+ ldns_buffer_printf(output, "Subprime(q): ");
+ i = (uint16_t)BN_bn2bin(ldns_key_dsa_key(k)->q, bignum);
+ if (i > LDNS_MAX_KEYLEN) {
+ goto error;
+ }
+ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+ goto error;
+ }
+ ldns_buffer_printf(output, "\n");
+ ldns_buffer_printf(output, "Base(g): ");
+ i = (uint16_t)BN_bn2bin(ldns_key_dsa_key(k)->g, bignum);
+ if (i > LDNS_MAX_KEYLEN) {
+ goto error;
+ }
+ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+ goto error;
+ }
+ ldns_buffer_printf(output, "\n");
+ ldns_buffer_printf(output, "Private_value(x): ");
+ i = (uint16_t)BN_bn2bin(ldns_key_dsa_key(k)->priv_key, bignum);
+ if (i > LDNS_MAX_KEYLEN) {
+ goto error;
+ }
+ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+ goto error;
+ }
+ ldns_buffer_printf(output, "\n");
+ ldns_buffer_printf(output, "Public_value(y): ");
+ i = (uint16_t)BN_bn2bin(ldns_key_dsa_key(k)->pub_key, bignum);
+ if (i > LDNS_MAX_KEYLEN) {
+ goto error;
+ }
+ b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
+ if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
+ goto error;
+ }
+ ldns_buffer_printf(output, "\n");
+ break;
case LDNS_SIGN_HMACMD5:
/* as always; todo code */
goto error;
#include <ldns/dns.h>
+#include <errno.h>
+
void
usage(FILE *fp, char *prog) {
fprintf(fp, "%s keygen [-D|-R] -b bits domain\n", prog);
fprintf(fp, " -R\tgenerate a RSA key\n");
fprintf(fp, " -k\tset the flags to 257; key signing key\n");
fprintf(fp, " -b <bits>\tspecify the keylength\n");
+ fprintf(fp, " The following files will be created:\n");
+ fprintf(fp, " K<name>+<alg>+<id>.key\tPublic key in RR format\n");
+ fprintf(fp, " K<name>+<alg>+<id>.private\tPrivate key in key format\n");
+ fprintf(fp, " K<name>+<alg>+<id>.ds\tDS in RR format\n");
+
+/*
fprintf(fp, " The public key is printed to stdout\n");
fprintf(fp, " The private key is printed to stderr\n");
+*/
fprintf(fp, "\nWARNING, WARNING, this program does NOT use a good random source for the key generation.\nUse at your OWN RISK\n\n");
}
uint16_t bits = def_bits;
bool ksk;
+ FILE *file;
+ char *filename;
+ char *owner;
+
ldns_signing_algorithm algorithm;
ldns_rdf *domain;
ldns_rr *pubkey;
ldns_key *key;
+ ldns_rr *ds;
prog = strdup(argv[0]);
algorithm = 0;
/* generate a new key */
key = ldns_key_new_frm_algorithm(algorithm, bits);
-
+
/* set the owner name in the key - this is a /seperate/ step */
ldns_key_set_pubkey_owner(key, domain);
/* create the public from the ldns_key */
pubkey = ldns_key2rr(key);
+ owner = ldns_rdf2str(ldns_rr_owner(pubkey));
- /* print it to stdout */
- ldns_rr_print(stdout, pubkey);
+ /* calculate and set the keytag */
+ ldns_key_set_keytag(key, ldns_calc_keytag(pubkey));
+ /* build the DS record */
+ ds = ldns_key_rr2ds(pubkey);
+
+ /* print the public key RR to .key */
+ filename = LDNS_XMALLOC(char, strlen(owner) + 17);
+ snprintf(filename, strlen(owner) + 16, "K%s+%03u+%05u.key", owner, algorithm, ldns_key_keytag(key));
+ file = fopen(filename, "w");
+ if (!file) {
+ fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
+ fprintf(stderr, "Aborting\n");
+ exit(EXIT_FAILURE);
+ } else {
+ ldns_rr_print(file, pubkey);
+ fclose(file);
+ LDNS_FREE(filename);
+ }
+
/* print the priv key to stderr */
- ldns_key_print(stderr, key);
+ filename = LDNS_XMALLOC(char, strlen(owner) + 21);
+ snprintf(filename, strlen(owner) + 20, "K%s+%03u+%05u.private", owner, algorithm, ldns_key_keytag(key));
+ file = fopen(filename, "w");
+ if (!file) {
+ fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
+ fprintf(stderr, "Aborting\n");
+ exit(EXIT_FAILURE);
+ } else {
+ ldns_key_print(file, key);
+ fclose(file);
+ LDNS_FREE(filename);
+ }
+
+ /* print the DS to .ds */
+ filename = LDNS_XMALLOC(char, strlen(owner) + 16);
+ snprintf(filename, strlen(owner) + 15, "K%s+%03u+%05u.ds", owner, algorithm, ldns_key_keytag(key));
+ file = fopen(filename, "w");
+ if (!file) {
+ fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno));
+ fprintf(stderr, "Aborting\n");
+ exit(EXIT_FAILURE);
+ } else {
+ ldns_rr_print(file, ds);
+ fclose(file);
+ LDNS_FREE(filename);
+ }
+
exit(EXIT_SUCCESS);
}
return NULL;
} else {
/* some defaults - not sure wether to do this */
- ldns_key_set_flags(newkey, 256);
+ ldns_key_set_flags(newkey, LDNS_KEY_ZONE_KEY_FLAG);
ldns_key_set_origttl(newkey, 0);
ldns_key_set_keytag(newkey, 0);
ldns_key_set_inception(newkey, 0);
extern ldns_lookup_table ldns_signing_algorithms[];
+#define LDNS_KEY_ZONE_KEY_FLAG 0x0100
+#define LDNS_KEY_SEP_KEY_FLAG 0x0001
+
/**
* algorithms used in dns
*/
ldns_key_set_inception(key, inception);
}
+ ldns_key_set_flags(key, ldns_key_flags(key) | LDNS_KEY_ZONE_KEY_FLAG);
ldns_key_list_push_key(keys, key);
} else {
ldns_key_set_inception(key, inception);
}
+ ldns_key_set_flags(key, ldns_key_flags(key) | LDNS_KEY_ZONE_KEY_FLAG | LDNS_KEY_SEP_KEY_FLAG);
ldns_key_list_push_key(key_signing_keys, key);
} else {
fprintf(stderr, "Error reading KSK from %s\n", argv[argi]);
LDNS_FREE(bitmap);
LDNS_FREE(data);
free(proto_str);
+ endservent();
+ endprotoent();
return LDNS_STATUS_OK;
}
projects / thirdparty / ldns.git / commitdiff
