Commit 9c27a5a6 authored by Daniel Salzman's avatar Daniel Salzman
Browse files

Merge branch 'keymgr-dnskey' into 'master'

Added a dnskey command to keymgr

See merge request !773
parents acf89813 79a169c6
Pipeline #11301 passed with stages
in 15 minutes
......@@ -95,9 +95,13 @@ key tag or a prefix of key ID; \fIarguments\fP are like for \fBgenerate\fP, but
timing\-related ones.
.TP
\fBds\fP [\fIkey_spec\fP]
Generate DS record (all digest algorithms together) from specified key. \fIKey_spec\fP
Generate DS record (all digest algorithms together) for specified key. \fIKey_spec\fP
is like for \fBset\fP, if unspecified, all KSKs are used.
.TP
\fBdnskey\fP [\fIkey_spec\fP]
Generate DNSKEY record for specified key. \fIKey_spec\fP
is like for \fBds\fP, if unspecified, all KSKs are used.
.TP
\fBdelete\fP \fIkey_spec\fP
Remove the specified key from zone. If the key was not shared, it is also deleted from keystore.
.TP
......
......@@ -72,9 +72,13 @@ Commands
timing-related ones.
**ds** [*key_spec*]
Generate DS record (all digest algorithms together) from specified key. *Key_spec*
Generate DS record (all digest algorithms together) for specified key. *Key_spec*
is like for **set**, if unspecified, all KSKs are used.
**dnskey** [*key_spec*]
Generate DNSKEY record for specified key. *Key_spec*
is like for **ds**, if unspecified, all KSKs are used.
**delete** *key_spec*
Remove the specified key from zone. If the key was not shared, it is also deleted from keystore.
......
......@@ -30,6 +30,7 @@
#include "knot/dnssec/zone-keys.h"
#include "utils/keymgr/bind_privkey.h"
#include "zscanner/scanner.h"
#include "contrib/base64.h"
static time_t arg_timestamp(const char *arg)
{
......@@ -692,3 +693,34 @@ int keymgr_generate_ds(const knot_dname_t *dname, const knot_kasp_key_t *key)
return ret;
}
int keymgr_generate_dnskey(const knot_dname_t *dname, const knot_kasp_key_t *key)
{
const dnssec_key_t *dnskey = key->key;
char *name = knot_dname_to_str_alloc(dname);
if (!name) {
return KNOT_ENOMEM;
}
uint16_t flags = dnssec_key_get_flags(dnskey);
uint8_t algorithm = dnssec_key_get_algorithm(dnskey);
dnssec_binary_t pubkey = { 0 };
int ret = dnssec_key_get_pubkey(dnskey, &pubkey);
if (ret != DNSSEC_EOK) {
return knot_error_from_libdnssec(ret);
}
uint8_t *base64_output = NULL;
int len = base64_encode_alloc(pubkey.data, pubkey.size, &base64_output);
if (len < 0) {
return len;
}
printf("%s DNSKEY %u 3 %u %.*s\n", name, flags, algorithm, len, base64_output);
free(base64_output);
free(name);
return KNOT_EOK;
}
......@@ -34,3 +34,5 @@ int keymgr_set_timing(knot_kasp_key_t *key, int argc, char *argv[]);
int keymgr_list_keys(kdnssec_ctx_t *ctx);
int keymgr_generate_ds(const knot_dname_t *dname, const knot_kasp_key_t *key);
int keymgr_generate_dnskey(const knot_dname_t *dname, const knot_kasp_key_t *key);
......@@ -50,6 +50,8 @@ static void print_help(void)
" (syntax: import-pem <pem_file_path> <attribute_name>=<value>...)\n"
" ds Generate DS record(s) for specified key.\n"
" (syntax: ds <key_spec>)\n"
" dnskey Generate DNSKEY record for specified key.\n"
" (syntax: dnskey <key_spec>)\n"
" share Make an existing key of another zone to be shared with\n"
" the specified zone.\n"
" (syntax: share <full_key_ID>\n"
......@@ -133,18 +135,22 @@ static int key_command(int argc, char *argv[])
}
} else if (strcmp(argv[1], "list") == 0) {
ret = keymgr_list_keys(&kctx);
} else if (strcmp(argv[1], "ds") == 0) {
} else if (strcmp(argv[1], "ds") == 0 || strcmp(argv[1], "dnskey") == 0) {
int (*generate_rr)(const knot_dname_t *, const knot_kasp_key_t *) = keymgr_generate_dnskey;
if (strcmp(argv[1], "ds") == 0) {
generate_rr = keymgr_generate_ds;
}
if (argc < 3) {
for (int i = 0; i < kctx.zone->num_keys && ret == KNOT_EOK; i++) {
if (dnssec_key_get_flags(kctx.zone->keys[i].key) == DNSKEY_FLAGS_KSK) {
ret = keymgr_generate_ds(zone_name, &kctx.zone->keys[i]);
ret = generate_rr(zone_name, &kctx.zone->keys[i]);
}
}
} else {
knot_kasp_key_t *key2ds;
ret = keymgr_get_key(&kctx, argv[2], &key2ds);
knot_kasp_key_t *key2rr;
ret = keymgr_get_key(&kctx, argv[2], &key2rr);
if (ret == KNOT_EOK) {
ret = keymgr_generate_ds(zone_name, key2ds);
ret = generate_rr(zone_name, key2rr);
}
}
} else if (strcmp(argv[1], "share") == 0) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment