dnssec-keygen.c

来自「非常好的dns解析软件」· C语言 代码 · 共 513 行 · 第 1/2 页

C
513
字号
12
			fatal("unknown algorithm %s", algname);		if (alg == DST_ALG_DH)			options |= DST_TYPE_KEY;	}	if (type != NULL && (options & DST_TYPE_KEY) != 0) {		if (strcasecmp(type, "NOAUTH") == 0)			flags |= DNS_KEYTYPE_NOAUTH;		else if (strcasecmp(type, "NOCONF") == 0)			flags |= DNS_KEYTYPE_NOCONF;		else if (strcasecmp(type, "NOAUTHCONF") == 0) {			flags |= (DNS_KEYTYPE_NOAUTH | DNS_KEYTYPE_NOCONF);			if (size < 0)				size = 0;		}		else if (strcasecmp(type, "AUTHCONF") == 0)			/* nothing */;		else			fatal("invalid type %s", type);	}	if (size < 0)		fatal("key size not specified (-b option)");	switch (alg) {	case DNS_KEYALG_RSAMD5:	case DNS_KEYALG_RSASHA1:		if (size != 0 && (size < 512 || size > MAX_RSA))			fatal("RSA key size %d out of range", size);		break;	case DNS_KEYALG_DH:		if (size != 0 && (size < 128 || size > 4096))			fatal("DH key size %d out of range", size);		break;	case DNS_KEYALG_DSA:		if (size != 0 && !dsa_size_ok(size))			fatal("invalid DSS key size: %d", size);		break;	case DST_ALG_HMACMD5:		if (size < 1 || size > 512)			fatal("HMAC-MD5 key size %d out of range", size);		if (dbits != 0 && (dbits < 80 || dbits > 128))			fatal("HMAC-MD5 digest bits %d out of range", dbits);		if ((dbits % 8) != 0)			fatal("HMAC-MD5 digest bits %d not divisible by 8",			      dbits);		break;	case DST_ALG_HMACSHA1:		if (size < 1 || size > 160)			fatal("HMAC-SHA1 key size %d out of range", size);		if (dbits != 0 && (dbits < 80 || dbits > 160))			fatal("HMAC-SHA1 digest bits %d out of range", dbits);		if ((dbits % 8) != 0)			fatal("HMAC-SHA1 digest bits %d not divisible by 8",			      dbits);		break;	case DST_ALG_HMACSHA224:		if (size < 1 || size > 224)			fatal("HMAC-SHA224 key size %d out of range", size);		if (dbits != 0 && (dbits < 112 || dbits > 224))			fatal("HMAC-SHA224 digest bits %d out of range", dbits);		if ((dbits % 8) != 0)			fatal("HMAC-SHA224 digest bits %d not divisible by 8",			      dbits);		break;	case DST_ALG_HMACSHA256:		if (size < 1 || size > 256)			fatal("HMAC-SHA256 key size %d out of range", size);		if (dbits != 0 && (dbits < 128 || dbits > 256))			fatal("HMAC-SHA256 digest bits %d out of range", dbits);		if ((dbits % 8) != 0)			fatal("HMAC-SHA256 digest bits %d not divisible by 8",			      dbits);		break;	case DST_ALG_HMACSHA384:		if (size < 1 || size > 384)			fatal("HMAC-384 key size %d out of range", size);		if (dbits != 0 && (dbits < 192 || dbits > 384))			fatal("HMAC-SHA384 digest bits %d out of range", dbits);		if ((dbits % 8) != 0)			fatal("HMAC-SHA384 digest bits %d not divisible by 8",			      dbits);		break;	case DST_ALG_HMACSHA512:		if (size < 1 || size > 512)			fatal("HMAC-SHA512 key size %d out of range", size);		if (dbits != 0 && (dbits < 256 || dbits > 512))			fatal("HMAC-SHA512 digest bits %d out of range", dbits);		if ((dbits % 8) != 0)			fatal("HMAC-SHA512 digest bits %d not divisible by 8",			      dbits);		break;	}	if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1) &&	    rsa_exp != 0)		fatal("specified RSA exponent for a non-RSA key");	if (alg != DNS_KEYALG_DH && generator != 0)		fatal("specified DH generator for a non-DH key");	if (nametype == NULL)		fatal("no nametype specified");	if (strcasecmp(nametype, "zone") == 0)		flags |= DNS_KEYOWNER_ZONE;	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY */		if (strcasecmp(nametype, "host") == 0 ||			 strcasecmp(nametype, "entity") == 0)			flags |= DNS_KEYOWNER_ENTITY;		else if (strcasecmp(nametype, "user") == 0)			flags |= DNS_KEYOWNER_USER;		else			fatal("invalid KEY nametype %s", nametype);	} else if (strcasecmp(nametype, "other") != 0) /* DNSKEY */		fatal("invalid DNSKEY nametype %s", nametype);	rdclass = strtoclass(classname);	if ((options & DST_TYPE_KEY) != 0)  /* KEY */		flags |= signatory;	else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */		flags |= ksk;	if (protocol == -1)		protocol = DNS_KEYPROTO_DNSSEC;	else if ((options & DST_TYPE_KEY) == 0 &&		 protocol != DNS_KEYPROTO_DNSSEC)		fatal("invalid DNSKEY protocol: %d", protocol);	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {		if (size > 0)			fatal("specified null key with non-zero size");		if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)			fatal("specified null key with signing authority");	}	if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE &&	    (alg == DNS_KEYALG_DH || alg == DST_ALG_HMACMD5 ||	     alg == DST_ALG_HMACSHA1 || alg == DST_ALG_HMACSHA224 ||	     alg == DST_ALG_HMACSHA256 || alg == DST_ALG_HMACSHA384 ||	     alg == DST_ALG_HMACSHA512))		fatal("a key with algorithm '%s' cannot be a zone key",		      algname);	dns_fixedname_init(&fname);	name = dns_fixedname_name(&fname);	isc_buffer_init(&buf, argv[isc_commandline_index],			strlen(argv[isc_commandline_index]));	isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));	ret = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);	if (ret != ISC_R_SUCCESS)		fatal("invalid key name %s: %s", argv[isc_commandline_index],		      isc_result_totext(ret));	switch(alg) {	case DNS_KEYALG_RSAMD5:	case DNS_KEYALG_RSASHA1:		param = rsa_exp;		break;	case DNS_KEYALG_DH:		param = generator;		break;	case DNS_KEYALG_DSA:	case DST_ALG_HMACMD5:	case DST_ALG_HMACSHA1:	case DST_ALG_HMACSHA224:	case DST_ALG_HMACSHA256:	case DST_ALG_HMACSHA384:	case DST_ALG_HMACSHA512:		param = 0;		break;	}	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)		null_key = ISC_TRUE;	isc_buffer_init(&buf, filename, sizeof(filename) - 1);	do {		conflict = ISC_FALSE;		oldkey = NULL;		/* generate the key */		ret = dst_key_generate(name, alg, size, param, flags, protocol,				       rdclass, mctx, &key);		isc_entropy_stopcallbacksources(ectx);		if (ret != ISC_R_SUCCESS) {			char namestr[DNS_NAME_FORMATSIZE];			char algstr[ALG_FORMATSIZE];			dns_name_format(name, namestr, sizeof(namestr));			alg_format(alg, algstr, sizeof(algstr));			fatal("failed to generate key %s/%s: %s\n",			      namestr, algstr, isc_result_totext(ret));			exit(-1);		}		dst_key_setbits(key, dbits);		/*		 * Try to read a key with the same name, alg and id from disk.		 * If there is one we must continue generating a new one		 * unless we were asked to generate a null key, in which		 * case we return failure.		 */		ret = dst_key_fromfile(name, dst_key_id(key), alg,				       DST_TYPE_PRIVATE, NULL, mctx, &oldkey);		/* do not overwrite an existing key  */		if (ret == ISC_R_SUCCESS) {			dst_key_free(&oldkey);			conflict = ISC_TRUE;			if (null_key)				break;		}		if (conflict == ISC_TRUE) {			if (verbose > 0) {				isc_buffer_clear(&buf);				ret = dst_key_buildfilename(key, 0, NULL, &buf);				fprintf(stderr,					"%s: %s already exists, "					"generating a new key\n",					program, filename);			}			dst_key_free(&key);		}	} while (conflict == ISC_TRUE);	if (conflict)		fatal("cannot generate a null key when a key with id 0 "		      "already exists");	ret = dst_key_tofile(key, options, NULL);	if (ret != ISC_R_SUCCESS) {		char keystr[KEY_FORMATSIZE];		key_format(key, keystr, sizeof(keystr));		fatal("failed to write key %s: %s\n", keystr,		      isc_result_totext(ret));	}	isc_buffer_clear(&buf);	ret = dst_key_buildfilename(key, 0, NULL, &buf);	printf("%s\n", filename);	dst_key_free(&key);	cleanup_logging(&log);	cleanup_entropy(&ectx);	dst_lib_destroy();	dns_name_destroy();	if (verbose > 10)		isc_mem_stats(mctx, stdout);	isc_mem_destroy(&mctx);	return (0);}
12

dnssec-keygen.c - 源码说明

本页面展示了「非常好的dns解析软件」中的 dnssec-keygen.c 源码文件,采用 C语言 编程语言编写,共 513 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与dns相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?