1193141Sdougb/* 2245163Serwin * Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC") 3193141Sdougb * 4193141Sdougb * Permission to use, copy, modify, and/or distribute this software for any 5193141Sdougb * purpose with or without fee is hereby granted, provided that the above 6193141Sdougb * copyright notice and this permission notice appear in all copies. 7193141Sdougb * 8193141Sdougb * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 9193141Sdougb * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 10193141Sdougb * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 11193141Sdougb * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 12193141Sdougb * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 13193141Sdougb * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 14193141Sdougb * PERFORMANCE OF THIS SOFTWARE. 15193141Sdougb */ 16193141Sdougb 17254897Serwin/* $Id: dnssec-dsfromkey.c,v 1.24 2011/10/25 01:54:18 marka Exp $ */ 18193141Sdougb 19193141Sdougb/*! \file */ 20193141Sdougb 21193141Sdougb#include <config.h> 22193141Sdougb 23193141Sdougb#include <stdlib.h> 24193141Sdougb 25193141Sdougb#include <isc/buffer.h> 26193141Sdougb#include <isc/commandline.h> 27193141Sdougb#include <isc/entropy.h> 28193141Sdougb#include <isc/hash.h> 29193141Sdougb#include <isc/mem.h> 30193141Sdougb#include <isc/print.h> 31193141Sdougb#include <isc/string.h> 32193141Sdougb#include <isc/util.h> 33193141Sdougb 34254897Serwin#include <dns/callbacks.h> 35193141Sdougb#include <dns/db.h> 36193141Sdougb#include <dns/dbiterator.h> 37193141Sdougb#include <dns/ds.h> 38193141Sdougb#include <dns/fixedname.h> 39254897Serwin#include <dns/keyvalues.h> 40193141Sdougb#include <dns/log.h> 41224092Sdougb#include <dns/master.h> 42193141Sdougb#include <dns/name.h> 43193141Sdougb#include <dns/rdata.h> 44193141Sdougb#include <dns/rdataclass.h> 45193141Sdougb#include <dns/rdataset.h> 46193141Sdougb#include <dns/rdatasetiter.h> 47193141Sdougb#include <dns/rdatatype.h> 48193141Sdougb#include <dns/result.h> 49193141Sdougb 50193141Sdougb#include <dst/dst.h> 51193141Sdougb 52193141Sdougb#include "dnssectool.h" 53193141Sdougb 54224092Sdougb#ifndef PATH_MAX 55224092Sdougb#define PATH_MAX 1024 /* AIX, WIN32, and others don't define this. */ 56224092Sdougb#endif 57224092Sdougb 58193141Sdougbconst char *program = "dnssec-dsfromkey"; 59193141Sdougbint verbose; 60193141Sdougb 61193141Sdougbstatic dns_rdataclass_t rdclass; 62224092Sdougbstatic dns_fixedname_t fixed; 63224092Sdougbstatic dns_name_t *name = NULL; 64224092Sdougbstatic isc_mem_t *mctx = NULL; 65254897Serwinstatic isc_uint32_t ttl; 66193141Sdougb 67224092Sdougbstatic isc_result_t 68224092Sdougbinitname(char *setname) { 69224092Sdougb isc_result_t result; 70224092Sdougb isc_buffer_t buf; 71193141Sdougb 72193141Sdougb dns_fixedname_init(&fixed); 73193141Sdougb name = dns_fixedname_name(&fixed); 74193141Sdougb 75193141Sdougb isc_buffer_init(&buf, setname, strlen(setname)); 76193141Sdougb isc_buffer_add(&buf, strlen(setname)); 77224092Sdougb result = dns_name_fromtext(name, &buf, dns_rootname, 0, NULL); 78224092Sdougb return (result); 79224092Sdougb} 80193141Sdougb 81254897Serwinstatic void 82254897Serwindb_load_from_stream(dns_db_t *db, FILE *fp) { 83254897Serwin isc_result_t result; 84254897Serwin dns_rdatacallbacks_t callbacks; 85254897Serwin 86254897Serwin dns_rdatacallbacks_init(&callbacks); 87254897Serwin result = dns_db_beginload(db, &callbacks.add, &callbacks.add_private); 88254897Serwin if (result != ISC_R_SUCCESS) 89254897Serwin fatal("dns_db_beginload failed: %s", isc_result_totext(result)); 90254897Serwin 91254897Serwin result = dns_master_loadstream(fp, name, name, rdclass, 0, 92254897Serwin &callbacks, mctx); 93254897Serwin if (result != ISC_R_SUCCESS) 94254897Serwin fatal("can't load from input: %s", isc_result_totext(result)); 95254897Serwin 96254897Serwin result = dns_db_endload(db, &callbacks.add_private); 97254897Serwin if (result != ISC_R_SUCCESS) 98254897Serwin fatal("dns_db_endload failed: %s", isc_result_totext(result)); 99254897Serwin} 100254897Serwin 101224092Sdougbstatic isc_result_t 102254897Serwinloadset(const char *filename, dns_rdataset_t *rdataset) { 103224092Sdougb isc_result_t result; 104224092Sdougb dns_db_t *db = NULL; 105224092Sdougb dns_dbnode_t *node = NULL; 106224092Sdougb char setname[DNS_NAME_FORMATSIZE]; 107204619Sdougb 108224092Sdougb dns_name_format(name, setname, sizeof(setname)); 109193141Sdougb 110193141Sdougb result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone, 111193141Sdougb rdclass, 0, NULL, &db); 112193141Sdougb if (result != ISC_R_SUCCESS) 113193141Sdougb fatal("can't create database"); 114193141Sdougb 115254897Serwin if (strcmp(filename, "-") == 0) { 116254897Serwin db_load_from_stream(db, stdin); 117254897Serwin filename = "input"; 118254897Serwin } else { 119254897Serwin result = dns_db_load(db, filename); 120254897Serwin if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) 121254897Serwin fatal("can't load %s: %s", filename, 122254897Serwin isc_result_totext(result)); 123254897Serwin } 124193141Sdougb 125193141Sdougb result = dns_db_findnode(db, name, ISC_FALSE, &node); 126193141Sdougb if (result != ISC_R_SUCCESS) 127193141Sdougb fatal("can't find %s node in %s", setname, filename); 128193141Sdougb 129193141Sdougb result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey, 130224092Sdougb 0, 0, rdataset, NULL); 131224092Sdougb 132193141Sdougb if (result == ISC_R_NOTFOUND) 133193141Sdougb fatal("no DNSKEY RR for %s in %s", setname, filename); 134193141Sdougb else if (result != ISC_R_SUCCESS) 135193141Sdougb fatal("dns_db_findrdataset"); 136224092Sdougb 137224092Sdougb if (node != NULL) 138224092Sdougb dns_db_detachnode(db, &node); 139224092Sdougb if (db != NULL) 140224092Sdougb dns_db_detach(&db); 141224092Sdougb return (result); 142193141Sdougb} 143193141Sdougb 144224092Sdougbstatic isc_result_t 145224092Sdougbloadkeyset(char *dirname, dns_rdataset_t *rdataset) { 146224092Sdougb isc_result_t result; 147224092Sdougb char filename[PATH_MAX + 1]; 148224092Sdougb isc_buffer_t buf; 149224092Sdougb 150224092Sdougb dns_rdataset_init(rdataset); 151224092Sdougb 152224092Sdougb isc_buffer_init(&buf, filename, sizeof(filename)); 153224092Sdougb if (dirname != NULL) { 154224092Sdougb /* allow room for a trailing slash */ 155224092Sdougb if (strlen(dirname) >= isc_buffer_availablelength(&buf)) 156224092Sdougb return (ISC_R_NOSPACE); 157224092Sdougb isc_buffer_putstr(&buf, dirname); 158224092Sdougb if (dirname[strlen(dirname) - 1] != '/') 159224092Sdougb isc_buffer_putstr(&buf, "/"); 160224092Sdougb } 161224092Sdougb 162224092Sdougb if (isc_buffer_availablelength(&buf) < 7) 163224092Sdougb return (ISC_R_NOSPACE); 164224092Sdougb isc_buffer_putstr(&buf, "keyset-"); 165224092Sdougb 166224092Sdougb result = dns_name_tofilenametext(name, ISC_FALSE, &buf); 167224092Sdougb check_result(result, "dns_name_tofilenametext()"); 168224092Sdougb if (isc_buffer_availablelength(&buf) == 0) 169224092Sdougb return (ISC_R_NOSPACE); 170224092Sdougb isc_buffer_putuint8(&buf, 0); 171224092Sdougb 172254897Serwin return (loadset(filename, rdataset)); 173224092Sdougb} 174224092Sdougb 175193141Sdougbstatic void 176193141Sdougbloadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size, 177193141Sdougb dns_rdata_t *rdata) 178193141Sdougb{ 179193141Sdougb isc_result_t result; 180193141Sdougb dst_key_t *key = NULL; 181193141Sdougb isc_buffer_t keyb; 182193141Sdougb isc_region_t r; 183193141Sdougb 184193141Sdougb dns_rdata_init(rdata); 185193141Sdougb 186193141Sdougb isc_buffer_init(&keyb, key_buf, key_buf_size); 187193141Sdougb 188224092Sdougb result = dst_key_fromnamedfile(filename, NULL, DST_TYPE_PUBLIC, 189224092Sdougb mctx, &key); 190193141Sdougb if (result != ISC_R_SUCCESS) 191193141Sdougb fatal("invalid keyfile name %s: %s", 192193141Sdougb filename, isc_result_totext(result)); 193193141Sdougb 194193141Sdougb if (verbose > 2) { 195224092Sdougb char keystr[DST_KEY_FORMATSIZE]; 196193141Sdougb 197224092Sdougb dst_key_format(key, keystr, sizeof(keystr)); 198193141Sdougb fprintf(stderr, "%s: %s\n", program, keystr); 199193141Sdougb } 200193141Sdougb 201193141Sdougb result = dst_key_todns(key, &keyb); 202193141Sdougb if (result != ISC_R_SUCCESS) 203193141Sdougb fatal("can't decode key"); 204193141Sdougb 205193141Sdougb isc_buffer_usedregion(&keyb, &r); 206193141Sdougb dns_rdata_fromregion(rdata, dst_key_class(key), 207193141Sdougb dns_rdatatype_dnskey, &r); 208193141Sdougb 209193141Sdougb rdclass = dst_key_class(key); 210193141Sdougb 211193141Sdougb dns_fixedname_init(&fixed); 212193141Sdougb name = dns_fixedname_name(&fixed); 213193141Sdougb result = dns_name_copy(dst_key_name(key), name, NULL); 214193141Sdougb if (result != ISC_R_SUCCESS) 215193141Sdougb fatal("can't copy name"); 216193141Sdougb 217193141Sdougb dst_key_free(&key); 218193141Sdougb} 219193141Sdougb 220193141Sdougbstatic void 221193141Sdougblogkey(dns_rdata_t *rdata) 222193141Sdougb{ 223193141Sdougb isc_result_t result; 224193141Sdougb dst_key_t *key = NULL; 225193141Sdougb isc_buffer_t buf; 226224092Sdougb char keystr[DST_KEY_FORMATSIZE]; 227193141Sdougb 228193141Sdougb isc_buffer_init(&buf, rdata->data, rdata->length); 229193141Sdougb isc_buffer_add(&buf, rdata->length); 230193141Sdougb result = dst_key_fromdns(name, rdclass, &buf, mctx, &key); 231193141Sdougb if (result != ISC_R_SUCCESS) 232193141Sdougb return; 233193141Sdougb 234224092Sdougb dst_key_format(key, keystr, sizeof(keystr)); 235193141Sdougb fprintf(stderr, "%s: %s\n", program, keystr); 236193141Sdougb 237193141Sdougb dst_key_free(&key); 238193141Sdougb} 239193141Sdougb 240193141Sdougbstatic void 241224092Sdougbemit(unsigned int dtype, isc_boolean_t showall, char *lookaside, 242224092Sdougb dns_rdata_t *rdata) 243193141Sdougb{ 244224092Sdougb isc_result_t result; 245224092Sdougb unsigned char buf[DNS_DS_BUFFERSIZE]; 246224092Sdougb char text_buf[DST_KEY_MAXTEXTSIZE]; 247224092Sdougb char name_buf[DNS_NAME_MAXWIRE]; 248224092Sdougb char class_buf[10]; 249224092Sdougb isc_buffer_t textb, nameb, classb; 250224092Sdougb isc_region_t r; 251224092Sdougb dns_rdata_t ds; 252224092Sdougb dns_rdata_dnskey_t dnskey; 253193141Sdougb 254193141Sdougb isc_buffer_init(&textb, text_buf, sizeof(text_buf)); 255224092Sdougb isc_buffer_init(&nameb, name_buf, sizeof(name_buf)); 256193141Sdougb isc_buffer_init(&classb, class_buf, sizeof(class_buf)); 257193141Sdougb 258193141Sdougb dns_rdata_init(&ds); 259193141Sdougb 260224092Sdougb result = dns_rdata_tostruct(rdata, &dnskey, NULL); 261224092Sdougb if (result != ISC_R_SUCCESS) 262224092Sdougb fatal("can't convert DNSKEY"); 263224092Sdougb 264224092Sdougb if ((dnskey.flags & DNS_KEYFLAG_KSK) == 0 && !showall) 265224092Sdougb return; 266224092Sdougb 267193141Sdougb result = dns_ds_buildrdata(name, rdata, dtype, buf, &ds); 268193141Sdougb if (result != ISC_R_SUCCESS) 269224092Sdougb fatal("can't build record"); 270193141Sdougb 271224092Sdougb result = dns_name_totext(name, ISC_FALSE, &nameb); 272224092Sdougb if (result != ISC_R_SUCCESS) 273224092Sdougb fatal("can't print name"); 274224092Sdougb 275224092Sdougb /* Add lookaside origin, if set */ 276224092Sdougb if (lookaside != NULL) { 277224092Sdougb if (isc_buffer_availablelength(&nameb) < strlen(lookaside)) 278224092Sdougb fatal("DLV origin '%s' is too long", lookaside); 279224092Sdougb isc_buffer_putstr(&nameb, lookaside); 280224092Sdougb if (lookaside[strlen(lookaside) - 1] != '.') { 281224092Sdougb if (isc_buffer_availablelength(&nameb) < 1) 282224092Sdougb fatal("DLV origin '%s' is too long", lookaside); 283224092Sdougb isc_buffer_putstr(&nameb, "."); 284224092Sdougb } 285224092Sdougb } 286224092Sdougb 287254897Serwin result = dns_rdata_tofmttext(&ds, (dns_name_t *) NULL, 0, 0, 0, "", 288254897Serwin &textb); 289254897Serwin 290193141Sdougb if (result != ISC_R_SUCCESS) 291224092Sdougb fatal("can't print rdata"); 292193141Sdougb 293193141Sdougb result = dns_rdataclass_totext(rdclass, &classb); 294193141Sdougb if (result != ISC_R_SUCCESS) 295224092Sdougb fatal("can't print class"); 296193141Sdougb 297224092Sdougb isc_buffer_usedregion(&nameb, &r); 298234010Sdougb printf("%.*s ", (int)r.length, r.base); 299193141Sdougb 300254897Serwin if (ttl != 0U) 301254897Serwin printf("%u ", ttl); 302254897Serwin 303193141Sdougb isc_buffer_usedregion(&classb, &r); 304234010Sdougb printf("%.*s", (int)r.length, r.base); 305193141Sdougb 306224092Sdougb if (lookaside == NULL) 307224092Sdougb printf(" DS "); 308224092Sdougb else 309224092Sdougb printf(" DLV "); 310193141Sdougb 311193141Sdougb isc_buffer_usedregion(&textb, &r); 312234010Sdougb printf("%.*s\n", (int)r.length, r.base); 313193141Sdougb} 314193141Sdougb 315224092SdougbISC_PLATFORM_NORETURN_PRE static void 316224092Sdougbusage(void) ISC_PLATFORM_NORETURN_POST; 317224092Sdougb 318193141Sdougbstatic void 319193141Sdougbusage(void) { 320193141Sdougb fprintf(stderr, "Usage:\n"); 321224092Sdougb fprintf(stderr, " %s options [-K dir] keyfile\n\n", program); 322224092Sdougb fprintf(stderr, " %s options [-K dir] [-c class] -s dnsname\n\n", 323193141Sdougb program); 324224092Sdougb fprintf(stderr, " %s options -f zonefile (as zone name)\n\n", program); 325224092Sdougb fprintf(stderr, " %s options -f zonefile zonename\n\n", program); 326193141Sdougb fprintf(stderr, "Version: %s\n", VERSION); 327193141Sdougb fprintf(stderr, "Options:\n"); 328193141Sdougb fprintf(stderr, " -v <verbose level>\n"); 329224092Sdougb fprintf(stderr, " -K <directory>: directory in which to find " 330224092Sdougb "key file or keyset file\n"); 331224092Sdougb fprintf(stderr, " -a algorithm: digest algorithm " 332245163Serwin "(SHA-1, SHA-256, GOST or SHA-384)\n"); 333193141Sdougb fprintf(stderr, " -1: use SHA-1\n"); 334193141Sdougb fprintf(stderr, " -2: use SHA-256\n"); 335224092Sdougb fprintf(stderr, " -l: add lookaside zone and print DLV records\n"); 336224092Sdougb fprintf(stderr, " -s: read keyset from keyset-<dnsname> file\n"); 337224092Sdougb fprintf(stderr, " -c class: rdata class for DS set (default: IN)\n"); 338254897Serwin fprintf(stderr, " -T TTL\n"); 339224092Sdougb fprintf(stderr, " -f file: read keyset from zone file\n"); 340224092Sdougb fprintf(stderr, " -A: when used with -f, " 341224092Sdougb "include all keys in DS set, not just KSKs\n"); 342224092Sdougb fprintf(stderr, "Output: DS or DLV RRs\n"); 343193141Sdougb 344193141Sdougb exit (-1); 345193141Sdougb} 346193141Sdougb 347193141Sdougbint 348193141Sdougbmain(int argc, char **argv) { 349224092Sdougb char *algname = NULL, *classname = NULL; 350224092Sdougb char *filename = NULL, *dir = NULL, *namestr; 351224092Sdougb char *lookaside = NULL; 352224092Sdougb char *endp; 353224092Sdougb int ch; 354224092Sdougb unsigned int dtype = DNS_DSDIGEST_SHA1; 355224092Sdougb isc_boolean_t both = ISC_TRUE; 356224092Sdougb isc_boolean_t usekeyset = ISC_FALSE; 357224092Sdougb isc_boolean_t showall = ISC_FALSE; 358224092Sdougb isc_result_t result; 359224092Sdougb isc_log_t *log = NULL; 360224092Sdougb isc_entropy_t *ectx = NULL; 361224092Sdougb dns_rdataset_t rdataset; 362224092Sdougb dns_rdata_t rdata; 363193141Sdougb 364193141Sdougb dns_rdata_init(&rdata); 365193141Sdougb 366193141Sdougb if (argc == 1) 367193141Sdougb usage(); 368193141Sdougb 369193141Sdougb result = isc_mem_create(0, 0, &mctx); 370193141Sdougb if (result != ISC_R_SUCCESS) 371193141Sdougb fatal("out of memory"); 372193141Sdougb 373193141Sdougb dns_result_register(); 374193141Sdougb 375193141Sdougb isc_commandline_errprint = ISC_FALSE; 376193141Sdougb 377193141Sdougb while ((ch = isc_commandline_parse(argc, argv, 378254897Serwin "12Aa:c:d:Ff:K:l:sT:v:h")) != -1) { 379193141Sdougb switch (ch) { 380193141Sdougb case '1': 381193141Sdougb dtype = DNS_DSDIGEST_SHA1; 382193141Sdougb both = ISC_FALSE; 383193141Sdougb break; 384193141Sdougb case '2': 385193141Sdougb dtype = DNS_DSDIGEST_SHA256; 386193141Sdougb both = ISC_FALSE; 387193141Sdougb break; 388224092Sdougb case 'A': 389224092Sdougb showall = ISC_TRUE; 390224092Sdougb break; 391193141Sdougb case 'a': 392193141Sdougb algname = isc_commandline_argument; 393193141Sdougb both = ISC_FALSE; 394193141Sdougb break; 395193141Sdougb case 'c': 396193141Sdougb classname = isc_commandline_argument; 397193141Sdougb break; 398193141Sdougb case 'd': 399224092Sdougb fprintf(stderr, "%s: the -d option is deprecated; " 400224092Sdougb "use -K\n", program); 401224092Sdougb /* fall through */ 402224092Sdougb case 'K': 403224092Sdougb dir = isc_commandline_argument; 404224092Sdougb if (strlen(dir) == 0U) 405224092Sdougb fatal("directory must be non-empty string"); 406193141Sdougb break; 407224092Sdougb case 'f': 408224092Sdougb filename = isc_commandline_argument; 409224092Sdougb break; 410224092Sdougb case 'l': 411224092Sdougb lookaside = isc_commandline_argument; 412224092Sdougb if (strlen(lookaside) == 0U) 413224092Sdougb fatal("lookaside must be a non-empty string"); 414224092Sdougb break; 415193141Sdougb case 's': 416193141Sdougb usekeyset = ISC_TRUE; 417193141Sdougb break; 418254897Serwin case 'T': 419254897Serwin ttl = atol(isc_commandline_argument); 420254897Serwin break; 421193141Sdougb case 'v': 422193141Sdougb verbose = strtol(isc_commandline_argument, &endp, 0); 423193141Sdougb if (*endp != '\0') 424193141Sdougb fatal("-v must be followed by a number"); 425193141Sdougb break; 426224092Sdougb case 'F': 427224092Sdougb /* Reserved for FIPS mode */ 428224092Sdougb /* FALLTHROUGH */ 429193141Sdougb case '?': 430193141Sdougb if (isc_commandline_option != '?') 431193141Sdougb fprintf(stderr, "%s: invalid argument -%c\n", 432193141Sdougb program, isc_commandline_option); 433224092Sdougb /* FALLTHROUGH */ 434193141Sdougb case 'h': 435193141Sdougb usage(); 436193141Sdougb 437193141Sdougb default: 438193141Sdougb fprintf(stderr, "%s: unhandled option -%c\n", 439193141Sdougb program, isc_commandline_option); 440193141Sdougb exit(1); 441193141Sdougb } 442193141Sdougb } 443193141Sdougb 444193141Sdougb if (algname != NULL) { 445193141Sdougb if (strcasecmp(algname, "SHA1") == 0 || 446193141Sdougb strcasecmp(algname, "SHA-1") == 0) 447193141Sdougb dtype = DNS_DSDIGEST_SHA1; 448193141Sdougb else if (strcasecmp(algname, "SHA256") == 0 || 449193141Sdougb strcasecmp(algname, "SHA-256") == 0) 450193141Sdougb dtype = DNS_DSDIGEST_SHA256; 451224092Sdougb#ifdef HAVE_OPENSSL_GOST 452224092Sdougb else if (strcasecmp(algname, "GOST") == 0) 453224092Sdougb dtype = DNS_DSDIGEST_GOST; 454224092Sdougb#endif 455245163Serwin else if (strcasecmp(algname, "SHA384") == 0 || 456245163Serwin strcasecmp(algname, "SHA-384") == 0) 457245163Serwin dtype = DNS_DSDIGEST_SHA384; 458193141Sdougb else 459193141Sdougb fatal("unknown algorithm %s", algname); 460193141Sdougb } 461193141Sdougb 462193141Sdougb rdclass = strtoclass(classname); 463193141Sdougb 464224092Sdougb if (usekeyset && filename != NULL) 465224092Sdougb fatal("cannot use both -s and -f"); 466224092Sdougb 467224092Sdougb /* When not using -f, -A is implicit */ 468224092Sdougb if (filename == NULL) 469224092Sdougb showall = ISC_TRUE; 470224092Sdougb 471224092Sdougb if (argc < isc_commandline_index + 1 && filename == NULL) 472193141Sdougb fatal("the key file name was not specified"); 473193141Sdougb if (argc > isc_commandline_index + 1) 474193141Sdougb fatal("extraneous arguments"); 475193141Sdougb 476193141Sdougb if (ectx == NULL) 477193141Sdougb setup_entropy(mctx, NULL, &ectx); 478193141Sdougb result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE); 479193141Sdougb if (result != ISC_R_SUCCESS) 480193141Sdougb fatal("could not initialize hash"); 481193141Sdougb result = dst_lib_init(mctx, ectx, 482193141Sdougb ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY); 483193141Sdougb if (result != ISC_R_SUCCESS) 484224092Sdougb fatal("could not initialize dst: %s", 485224092Sdougb isc_result_totext(result)); 486193141Sdougb isc_entropy_stopcallbacksources(ectx); 487193141Sdougb 488193141Sdougb setup_logging(verbose, mctx, &log); 489193141Sdougb 490224092Sdougb dns_rdataset_init(&rdataset); 491193141Sdougb 492224092Sdougb if (usekeyset || filename != NULL) { 493224092Sdougb if (argc < isc_commandline_index + 1 && filename != NULL) { 494224092Sdougb /* using zone name as the zone file name */ 495224092Sdougb namestr = filename; 496224092Sdougb } else 497224092Sdougb namestr = argv[isc_commandline_index]; 498224092Sdougb 499224092Sdougb result = initname(namestr); 500224092Sdougb if (result != ISC_R_SUCCESS) 501224092Sdougb fatal("could not initialize name %s", namestr); 502224092Sdougb 503224092Sdougb if (usekeyset) 504224092Sdougb result = loadkeyset(dir, &rdataset); 505224092Sdougb else 506254897Serwin result = loadset(filename, &rdataset); 507224092Sdougb 508224092Sdougb if (result != ISC_R_SUCCESS) 509224092Sdougb fatal("could not load DNSKEY set: %s\n", 510224092Sdougb isc_result_totext(result)); 511224092Sdougb 512224092Sdougb for (result = dns_rdataset_first(&rdataset); 513193141Sdougb result == ISC_R_SUCCESS; 514224092Sdougb result = dns_rdataset_next(&rdataset)) { 515193141Sdougb dns_rdata_init(&rdata); 516224092Sdougb dns_rdataset_current(&rdataset, &rdata); 517193141Sdougb 518193141Sdougb if (verbose > 2) 519193141Sdougb logkey(&rdata); 520193141Sdougb 521193141Sdougb if (both) { 522224092Sdougb emit(DNS_DSDIGEST_SHA1, showall, lookaside, 523224092Sdougb &rdata); 524224092Sdougb emit(DNS_DSDIGEST_SHA256, showall, lookaside, 525224092Sdougb &rdata); 526193141Sdougb } else 527224092Sdougb emit(dtype, showall, lookaside, &rdata); 528193141Sdougb } 529193141Sdougb } else { 530193141Sdougb unsigned char key_buf[DST_KEY_MAXSIZE]; 531193141Sdougb 532193141Sdougb loadkey(argv[isc_commandline_index], key_buf, 533193141Sdougb DST_KEY_MAXSIZE, &rdata); 534193141Sdougb 535193141Sdougb if (both) { 536224092Sdougb emit(DNS_DSDIGEST_SHA1, showall, lookaside, &rdata); 537224092Sdougb emit(DNS_DSDIGEST_SHA256, showall, lookaside, &rdata); 538193141Sdougb } else 539224092Sdougb emit(dtype, showall, lookaside, &rdata); 540193141Sdougb } 541193141Sdougb 542224092Sdougb if (dns_rdataset_isassociated(&rdataset)) 543224092Sdougb dns_rdataset_disassociate(&rdataset); 544193141Sdougb cleanup_logging(&log); 545193141Sdougb dst_lib_destroy(); 546193141Sdougb isc_hash_destroy(); 547193141Sdougb cleanup_entropy(&ectx); 548193141Sdougb dns_name_destroy(); 549193141Sdougb if (verbose > 10) 550193141Sdougb isc_mem_stats(mctx, stdout); 551193141Sdougb isc_mem_destroy(&mctx); 552193141Sdougb 553193141Sdougb fflush(stdout); 554193141Sdougb if (ferror(stdout)) { 555193141Sdougb fprintf(stderr, "write error\n"); 556193141Sdougb return (1); 557193141Sdougb } else 558193141Sdougb return (0); 559193141Sdougb} 560