mirror of
https://github.com/monero-project/monero.git
synced 2024-12-11 20:34:24 -05:00
a85b5759f3
These files were pulled from the 1.6.3 release tarball. This new version builds against OpenSSL version 1.1 which will be the default in the new Debian Stable which is due to be released RealSoonNow (tm).
285 lines
7.4 KiB
C
285 lines
7.4 KiB
C
/*
|
|
* testcode/signit.c - debug tool to sign rrsets with given keys.
|
|
*
|
|
* Copyright (c) 2007, NLnet Labs. All rights reserved.
|
|
*
|
|
* This software is open source.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
*
|
|
* Redistributions of source code must retain the above copyright notice,
|
|
* this list of conditions and the following disclaimer.
|
|
*
|
|
* Redistributions in binary form must reproduce the above copyright notice,
|
|
* this list of conditions and the following disclaimer in the documentation
|
|
* and/or other materials provided with the distribution.
|
|
*
|
|
* Neither the name of the NLNET LABS nor the names of its contributors may
|
|
* be used to endorse or promote products derived from this software without
|
|
* specific prior written permission.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
|
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
/**
|
|
* \file
|
|
*
|
|
* This program signs rrsets with the given keys. It can be used to
|
|
* construct input to test the validator with.
|
|
*/
|
|
#include "config.h"
|
|
#include <ldns/ldns.h>
|
|
#include <assert.h>
|
|
|
|
#define DNSKEY_BIT_ZSK 0x0100
|
|
|
|
/**
|
|
* Key settings
|
|
*/
|
|
struct keysets {
|
|
/** signature inception */
|
|
uint32_t incep;
|
|
/** signature expiration */
|
|
uint32_t expi;
|
|
/** owner name */
|
|
char* owner;
|
|
/** keytag */
|
|
uint16_t keytag;
|
|
/** DNSKEY flags */
|
|
uint16_t flags;
|
|
};
|
|
|
|
/** print usage and exit */
|
|
static void
|
|
usage(void)
|
|
{
|
|
printf("usage: signit expi ince keytag owner keyfile\n");
|
|
printf("present rrset data on stdin.\n");
|
|
printf("signed data is printed to stdout.\n");
|
|
printf("\n");
|
|
printf("Or use: signit NSEC3PARAM hash flags iter salt\n");
|
|
printf("present names on stdin, hashed names are printed to stdout.\n");
|
|
exit(1);
|
|
}
|
|
|
|
static time_t
|
|
convert_timeval(const char* str)
|
|
{
|
|
time_t t;
|
|
struct tm tm;
|
|
memset(&tm, 0, sizeof(tm));
|
|
if(strlen(str) < 14)
|
|
return 0;
|
|
if(sscanf(str, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon,
|
|
&tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6)
|
|
return 0;
|
|
tm.tm_year -= 1900;
|
|
tm.tm_mon--;
|
|
/* Check values */
|
|
if (tm.tm_year < 70) return 0;
|
|
if (tm.tm_mon < 0 || tm.tm_mon > 11) return 0;
|
|
if (tm.tm_mday < 1 || tm.tm_mday > 31) return 0;
|
|
if (tm.tm_hour < 0 || tm.tm_hour > 23) return 0;
|
|
if (tm.tm_min < 0 || tm.tm_min > 59) return 0;
|
|
if (tm.tm_sec < 0 || tm.tm_sec > 59) return 0;
|
|
/* call ldns conversion function */
|
|
t = ldns_mktime_from_utc(&tm);
|
|
return t;
|
|
}
|
|
|
|
static void fatal_exit(const char* format, ...)
|
|
{
|
|
va_list args;
|
|
va_start(args, format);
|
|
printf("fatal exit: ");
|
|
vprintf(format, args);
|
|
va_end(args);
|
|
exit(1);
|
|
}
|
|
|
|
/** read expi ince keytag owner from cmdline */
|
|
static void
|
|
parse_cmdline(char *argv[], struct keysets* s)
|
|
{
|
|
s->expi = convert_timeval(argv[1]);
|
|
s->incep = convert_timeval(argv[2]);
|
|
s->keytag = (uint16_t)atoi(argv[3]);
|
|
s->owner = argv[4];
|
|
s->flags = DNSKEY_BIT_ZSK; /* to enforce signing */
|
|
}
|
|
|
|
/** read all key files, exit on error */
|
|
static ldns_key_list*
|
|
read_keys(int num, char* names[], struct keysets* set)
|
|
{
|
|
int i;
|
|
ldns_key_list* keys = ldns_key_list_new();
|
|
ldns_key* k;
|
|
ldns_rdf* rdf;
|
|
ldns_status s;
|
|
int b;
|
|
FILE* in;
|
|
|
|
if(!keys) fatal_exit("alloc failure");
|
|
for(i=0; i<num; i++) {
|
|
printf("read keyfile %s\n", names[i]);
|
|
in = fopen(names[i], "r");
|
|
if(!in) fatal_exit("could not open %s: %s", names[i],
|
|
strerror(errno));
|
|
s = ldns_key_new_frm_fp(&k, in);
|
|
fclose(in);
|
|
if(s != LDNS_STATUS_OK)
|
|
fatal_exit("bad keyfile %s: %s", names[i],
|
|
ldns_get_errorstr_by_id(s));
|
|
ldns_key_set_expiration(k, set->expi);
|
|
ldns_key_set_inception(k, set->incep);
|
|
s = ldns_str2rdf_dname(&rdf, set->owner);
|
|
if(s != LDNS_STATUS_OK)
|
|
fatal_exit("bad owner name %s: %s", set->owner,
|
|
ldns_get_errorstr_by_id(s));
|
|
ldns_key_set_pubkey_owner(k, rdf);
|
|
ldns_key_set_flags(k, set->flags);
|
|
ldns_key_set_keytag(k, set->keytag);
|
|
b = ldns_key_list_push_key(keys, k);
|
|
assert(b);
|
|
}
|
|
return keys;
|
|
}
|
|
|
|
/** read list of rrs from the file */
|
|
static ldns_rr_list*
|
|
read_rrs(FILE* in)
|
|
{
|
|
uint32_t my_ttl = 3600;
|
|
ldns_rdf *my_origin = NULL;
|
|
ldns_rdf *my_prev = NULL;
|
|
ldns_status s;
|
|
int line_nr = 1;
|
|
int b;
|
|
|
|
ldns_rr_list* list;
|
|
ldns_rr *rr;
|
|
|
|
list = ldns_rr_list_new();
|
|
if(!list) fatal_exit("alloc error");
|
|
|
|
while(!feof(in)) {
|
|
s = ldns_rr_new_frm_fp_l(&rr, in, &my_ttl, &my_origin,
|
|
&my_prev, &line_nr);
|
|
if(s == LDNS_STATUS_SYNTAX_TTL ||
|
|
s == LDNS_STATUS_SYNTAX_ORIGIN ||
|
|
s == LDNS_STATUS_SYNTAX_EMPTY)
|
|
continue;
|
|
else if(s != LDNS_STATUS_OK)
|
|
fatal_exit("parse error in line %d: %s", line_nr,
|
|
ldns_get_errorstr_by_id(s));
|
|
b = ldns_rr_list_push_rr(list, rr);
|
|
assert(b);
|
|
}
|
|
printf("read %d lines\n", line_nr);
|
|
|
|
return list;
|
|
}
|
|
|
|
/** sign the rrs with the keys */
|
|
static void
|
|
signit(ldns_rr_list* rrs, ldns_key_list* keys)
|
|
{
|
|
ldns_rr_list* rrset;
|
|
ldns_rr_list* sigs;
|
|
|
|
while(ldns_rr_list_rr_count(rrs) > 0) {
|
|
rrset = ldns_rr_list_pop_rrset(rrs);
|
|
if(!rrset) fatal_exit("copy alloc failure");
|
|
sigs = ldns_sign_public(rrset, keys);
|
|
if(!sigs) fatal_exit("failed to sign");
|
|
ldns_rr_list_print(stdout, rrset);
|
|
ldns_rr_list_print(stdout, sigs);
|
|
printf("\n");
|
|
ldns_rr_list_free(rrset);
|
|
ldns_rr_list_free(sigs);
|
|
}
|
|
}
|
|
|
|
/** process keys and signit */
|
|
static void
|
|
process_keys(int argc, char* argv[])
|
|
{
|
|
ldns_rr_list* rrs;
|
|
ldns_key_list* keys;
|
|
struct keysets settings;
|
|
assert(argc == 6);
|
|
|
|
parse_cmdline(argv, &settings);
|
|
keys = read_keys(1, argv+5, &settings);
|
|
rrs = read_rrs(stdin);
|
|
signit(rrs, keys);
|
|
|
|
ldns_rr_list_deep_free(rrs);
|
|
ldns_key_list_free(keys);
|
|
}
|
|
|
|
/** process nsec3 params and perform hashing */
|
|
static void
|
|
process_nsec3(int argc, char* argv[])
|
|
{
|
|
char line[10240];
|
|
ldns_rdf* salt;
|
|
ldns_rdf* in, *out;
|
|
ldns_status status;
|
|
status = ldns_str2rdf_nsec3_salt(&salt, argv[5]);
|
|
if(status != LDNS_STATUS_OK)
|
|
fatal_exit("Could not parse salt %s: %s", argv[5],
|
|
ldns_get_errorstr_by_id(status));
|
|
assert(argc == 6);
|
|
while(fgets(line, (int)sizeof(line), stdin)) {
|
|
if(strlen(line) > 0)
|
|
line[strlen(line)-1] = 0; /* remove trailing newline */
|
|
if(line[0]==0)
|
|
continue;
|
|
status = ldns_str2rdf_dname(&in, line);
|
|
if(status != LDNS_STATUS_OK)
|
|
fatal_exit("Could not parse name %s: %s", line,
|
|
ldns_get_errorstr_by_id(status));
|
|
ldns_rdf_print(stdout, in);
|
|
printf(" -> ");
|
|
/* arg 3 is flags, unused */
|
|
out = ldns_nsec3_hash_name(in, (uint8_t)atoi(argv[2]),
|
|
(uint16_t)atoi(argv[4]),
|
|
ldns_rdf_data(salt)[0], ldns_rdf_data(salt)+1);
|
|
if(!out)
|
|
fatal_exit("Could not hash %s", line);
|
|
ldns_rdf_print(stdout, out);
|
|
printf("\n");
|
|
ldns_rdf_deep_free(in);
|
|
ldns_rdf_deep_free(out);
|
|
}
|
|
ldns_rdf_deep_free(salt);
|
|
}
|
|
|
|
/** main program */
|
|
int main(int argc, char* argv[])
|
|
{
|
|
if(argc != 6) {
|
|
usage();
|
|
}
|
|
if(strcmp(argv[1], "NSEC3PARAM") == 0) {
|
|
process_nsec3(argc, argv);
|
|
return 0;
|
|
}
|
|
process_keys(argc, argv);
|
|
return 0;
|
|
}
|