dnssec-keygen.c

来自「非常好的dns解析软件」· C语言代码 · 共 513 行 · 第 1/2 页
513 行
/* * Portions Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC") * Portions Copyright (C) 1999-2003  Internet Software Consortium. * Portions Copyright (C) 1995-2000 by Network Associates, Inc. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. *//* $Id: dnssec-keygen.c,v 1.66.18.9 2007/01/18 00:06:11 marka Exp $ *//*! \file */#include <config.h>#include <stdlib.h>#include <isc/buffer.h>#include <isc/commandline.h>#include <isc/entropy.h>#include <isc/mem.h>#include <isc/region.h>#include <isc/string.h>#include <isc/util.h>#include <dns/fixedname.h>#include <dns/keyvalues.h>#include <dns/log.h>#include <dns/name.h>#include <dns/rdataclass.h>#include <dns/result.h>#include <dns/secalg.h>#include <dst/dst.h>#include "dnssectool.h"#define MAX_RSA 4096 /* should be long enough... */const char *program = "dnssec-keygen";int verbose;static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5 |"			  " HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 | "			  " HMAC-SHA384 | HMAC-SHA512";static isc_boolean_tdsa_size_ok(int size) {	return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0));}static voidusage(void) {	fprintf(stderr, "Usage:\n");	fprintf(stderr, "    %s -a alg -b bits -n type [options] name\n\n",		program);	fprintf(stderr, "Version: %s\n", VERSION);	fprintf(stderr, "Required options:\n");	fprintf(stderr, "    -a algorithm: %s\n", algs);	fprintf(stderr, "    -b key size, in bits:\n");	fprintf(stderr, "        RSAMD5:\t\t[512..%d]\n", MAX_RSA);	fprintf(stderr, "        RSASHA1:\t\t[512..%d]\n", MAX_RSA);	fprintf(stderr, "        DH:\t\t[128..4096]\n");	fprintf(stderr, "        DSA:\t\t[512..1024] and divisible by 64\n");	fprintf(stderr, "        HMAC-MD5:\t[1..512]\n");	fprintf(stderr, "        HMAC-SHA1:\t[1..160]\n");	fprintf(stderr, "        HMAC-SHA224:\t[1..224]\n");	fprintf(stderr, "        HMAC-SHA256:\t[1..256]\n");	fprintf(stderr, "        HMAC-SHA384:\t[1..384]\n");	fprintf(stderr, "        HMAC-SHA512:\t[1..512]\n");	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");	fprintf(stderr, "    name: owner of the key\n");	fprintf(stderr, "Other options:\n");	fprintf(stderr, "    -c <class> (default: IN)\n");	fprintf(stderr, "    -d <digest bits> (0 => max, default)\n");	fprintf(stderr, "    -e use large exponent (RSAMD5/RSASHA1 only)\n");	fprintf(stderr, "    -f keyflag: KSK\n");	fprintf(stderr, "    -g <generator> use specified generator "		"(DH only)\n");	fprintf(stderr, "    -t <type>: "		"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "		"(default: AUTHCONF)\n");	fprintf(stderr, "    -p <protocol>: "	       "default: 3 [dnssec]\n");	fprintf(stderr, "    -s <strength> strength value this key signs DNS "		"records with (default: 0)\n");	fprintf(stderr, "    -r <randomdev>: a file containing random data\n");	fprintf(stderr, "    -v <verbose level>\n");	fprintf(stderr, "    -k : generate a TYPE=KEY key\n");	fprintf(stderr, "Output:\n");	fprintf(stderr, "     K<name>+<alg>+<id>.key, "		"K<name>+<alg>+<id>.private\n");	exit (-1);}intmain(int argc, char **argv) {	char		*algname = NULL, *nametype = NULL, *type = NULL;	char		*classname = NULL;	char		*endp;	dst_key_t	*key = NULL, *oldkey;	dns_fixedname_t	fname;	dns_name_t	*name;	isc_uint16_t	flags = 0, ksk = 0;	dns_secalg_t	alg;	isc_boolean_t	conflict = ISC_FALSE, null_key = ISC_FALSE;	isc_mem_t	*mctx = NULL;	int		ch, rsa_exp = 0, generator = 0, param = 0;	int		protocol = -1, size = -1, signatory = 0;	isc_result_t	ret;	isc_textregion_t r;	char		filename[255];	isc_buffer_t	buf;	isc_log_t	*log = NULL;	isc_entropy_t	*ectx = NULL;	dns_rdataclass_t rdclass;	int		options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;	int		dbits = 0;	if (argc == 1)		usage();	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);	dns_result_register();	while ((ch = isc_commandline_parse(argc, argv,					   "a:b:c:d:ef:g:kn:t:p:s:r:v:h")) != -1)	{	    switch (ch) {		case 'a':			algname = isc_commandline_argument;			break;		case 'b':			size = strtol(isc_commandline_argument, &endp, 10);			if (*endp != '\0' || size < 0)				fatal("-b requires a non-negative number");			break;		case 'c':			classname = isc_commandline_argument;			break;		case 'd':			dbits = strtol(isc_commandline_argument, &endp, 10);			if (*endp != '\0' || dbits < 0)				fatal("-d requires a non-negative number");			break;		case 'e':			rsa_exp = 1;			break;		case 'f':			if (strcasecmp(isc_commandline_argument, "KSK") == 0)				ksk = DNS_KEYFLAG_KSK;			else				fatal("unknown flag '%s'",				      isc_commandline_argument);			break;		case 'g':			generator = strtol(isc_commandline_argument,					   &endp, 10);			if (*endp != '\0' || generator <= 0)				fatal("-g requires a positive number");			break;		case 'k':			options |= DST_TYPE_KEY;			break;		case 'n':			nametype = isc_commandline_argument;			break;		case 't':			type = isc_commandline_argument;			break;		case 'p':			protocol = strtol(isc_commandline_argument, &endp, 10);			if (*endp != '\0' || protocol < 0 || protocol > 255)				fatal("-p must be followed by a number "				      "[0..255]");			break;		case 's':			signatory = strtol(isc_commandline_argument,					   &endp, 10);			if (*endp != '\0' || signatory < 0 || signatory > 15)				fatal("-s must be followed by a number "				      "[0..15]");			break;		case 'r':			setup_entropy(mctx, isc_commandline_argument, &ectx);			break;		case 'v':			endp = NULL;			verbose = strtol(isc_commandline_argument, &endp, 0);			if (*endp != '\0')				fatal("-v must be followed by a number");			break;		case 'h':			usage();		default:			fprintf(stderr, "%s: invalid argument -%c\n",				program, ch);			usage();		}	}	if (ectx == NULL)		setup_entropy(mctx, NULL, &ectx);	ret = dst_lib_init(mctx, ectx,			   ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);	if (ret != ISC_R_SUCCESS)		fatal("could not initialize dst");	setup_logging(verbose, mctx, &log);	if (argc < isc_commandline_index + 1)		fatal("the key name was not specified");	if (argc > isc_commandline_index + 1)		fatal("extraneous arguments");	if (algname == NULL)		fatal("no algorithm was specified");	if (strcasecmp(algname, "RSA") == 0) {		fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"				"If you still wish to use RSA (RSAMD5) please "				"specify \"-a RSAMD5\"\n");		return (1);	} else if (strcasecmp(algname, "HMAC-MD5") == 0) {		options |= DST_TYPE_KEY;		alg = DST_ALG_HMACMD5;	} else if (strcasecmp(algname, "HMAC-SHA1") == 0) {		options |= DST_TYPE_KEY;		alg = DST_ALG_HMACSHA1;	} else if (strcasecmp(algname, "HMAC-SHA224") == 0) {		options |= DST_TYPE_KEY;		alg = DST_ALG_HMACSHA224;	} else if (strcasecmp(algname, "HMAC-SHA256") == 0) {		options |= DST_TYPE_KEY;		alg = DST_ALG_HMACSHA256;	} else if (strcasecmp(algname, "HMAC-SHA384") == 0) {		options |= DST_TYPE_KEY;		alg = DST_ALG_HMACSHA384;	} else if (strcasecmp(algname, "HMAC-SHA512") == 0) {		options |= DST_TYPE_KEY;		alg = DST_ALG_HMACSHA512;	} else {		r.base = algname;		r.length = strlen(algname);		ret = dns_secalg_fromtext(&alg, &r);		if (ret != ISC_R_SUCCESS)
dnssec-keygen.c - 源码说明

本页面展示了「非常好的dns解析软件」中的 dnssec-keygen.c 源码文件，采用 C语言编程语言编写，共 513 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。
虫虫下载站收录了大量与dns相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。
⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?