upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-04-15 22:09:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add -a (verify generated signatures) option to signkey and makekeyset

Browse source
This commit is contained in:
Brian Wellington 2000-11-09 18:55:17 +00:00
parent b585f0373c
commit 9dc3c7213b
2 changed files with 39 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
bin/dnssec/dnssec-makekeyset.c
View file

@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-makekeyset.c,v 1.43 2000/10/31 20:09:13 bwelling Exp $ */
/* $Id: dnssec-makekeyset.c,v 1.44 2000/11/09 18:55:16 bwelling Exp $ */
#include <config.h>
@ -72,6 +72,8 @@ usage(void) {
fprintf(stderr, "\n");
fprintf(stderr, "Options: (default value in parenthesis) \n");
fprintf(stderr, "\t-a\n");
fprintf(stderr, "\t\tverify generated signatures\n");
fprintf(stderr, "\t-s YYYYMMDDHHMMSS|+offset:\n");
fprintf(stderr, "\t\tSIG start time - absolute|offset (now)\n");
fprintf(stderr, "\t-e YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
@ -122,6 +124,7 @@ main(int argc, char *argv[]) {
dns_name_t *savedname = NULL;
unsigned int eflags;
isc_boolean_t pseudorandom = ISC_FALSE;
isc_boolean_t tryverify = ISC_FALSE;
result = isc_mem_create(0, 0, &mctx);
if (result != ISC_R_SUCCESS)
@ -130,9 +133,12 @@ main(int argc, char *argv[]) {
dns_result_register();
while ((ch = isc_commandline_parse(argc, argv, "s:e:t:r:v:ph")) != -1)
while ((ch = isc_commandline_parse(argc, argv, "as:e:t:r:v:ph")) != -1)
{
switch (ch) {
case 'a':
tryverify = ISC_TRUE;
break;
case 's':
startstr = isc_commandline_argument;
break;
@ -337,6 +343,18 @@ main(int argc, char *argv[]) {
fatal("failed to sign keyset with key %s: %s",
keystr, isc_result_totext(result));
}
if (tryverify) {
result = dns_dnssec_verify(domain, &rdataset,
keynode->key, ISC_TRUE,
mctx, rdata);
if (result != ISC_R_SUCCESS) {
char keystr[KEY_FORMATSIZE];
key_format(keynode->key, keystr, sizeof keystr);
fatal("signature from key '%s' failed to "
"verify: %s",
keystr, isc_result_totext(result));
}
}
ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link);
dns_rdataset_init(&sigrdataset);
result = dns_rdatalist_tordataset(&sigrdatalist, &sigrdataset);

21
bin/dnssec/dnssec-signkey.c
View file

@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dnssec-signkey.c,v 1.42 2000/10/31 20:09:14 bwelling Exp $ */
/* $Id: dnssec-signkey.c,v 1.43 2000/11/09 18:55:17 bwelling Exp $ */
#include <config.h>
@ -72,6 +72,8 @@ usage(void) {
fprintf(stderr, "\n");
fprintf(stderr, "Options: (default value in parenthesis) \n");
fprintf(stderr, "\t-a\n");
fprintf(stderr, "\t\tverify generated signatures\n");
fprintf(stderr, "\t-c class (IN)\n");
fprintf(stderr, "\t-s YYYYMMDDHHMMSS|+offset:\n");
fprintf(stderr, "\t\tSIG start time - absolute|offset (from keyset)\n");
@ -174,15 +176,19 @@ main(int argc, char *argv[]) {
isc_boolean_t pseudorandom = ISC_FALSE;
unsigned int eflags;
dns_rdataclass_t rdclass;
static isc_boolean_t tryverify = ISC_FALSE;
result = isc_mem_create(0, 0, &mctx);
check_result(result, "isc_mem_create()");
dns_result_register();
while ((ch = isc_commandline_parse(argc, argv, "c:s:e:pr:v:h")) != -1)
while ((ch = isc_commandline_parse(argc, argv, "ac:s:e:pr:v:h")) != -1)
{
switch (ch) {
case 'a':
tryverify = ISC_TRUE;
break;
case 'c':
classname = isc_commandline_argument;
break;
@ -388,6 +394,17 @@ main(int argc, char *argv[]) {
fatal("key '%s' failed to sign data: %s",
keystr, isc_result_totext(result));
}
if (tryverify) {
result = dns_dnssec_verify(domain, &rdataset, key,
ISC_TRUE, mctx, rdata);
if (result != ISC_R_SUCCESS) {
char keystr[KEY_FORMATSIZE];
key_format(key, keystr, sizeof keystr);
fatal("signature from key '%s' failed to "
"verify: %s",
keystr, isc_result_totext(result));
}
}
ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link);
dst_key_free(&key);
}