Update repub branch u/fanf2/patch to rebasing branch u/fanf2/rebasing revision v9_13_...
[ipreg/bind9.git] / bin / dnssec / dnssectool.c
CommitLineData
b1d234eb 1/*
843d3896 2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
40f53fa8 3 *
0c27b3fe
MA
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
843d3896
OS
7 *
8 * See the COPYRIGHT file distributed with this work for additional
9 * information regarding copyright ownership.
b1d234eb
BW
10 */
11
ab023a65
RA
12/*! \file */
13
14/*%
15 * DNSSEC Support Routines.
16 */
9c3531d7 17
cb6a185c 18#include <inttypes.h>
994e6569 19#include <stdbool.h>
b1d234eb
BW
20#include <stdlib.h>
21
358dfaee
WK
22#ifdef _WIN32
23#include <Winsock2.h>
24#endif
25
ad127d83 26#include <isc/base32.h>
b1d234eb 27#include <isc/buffer.h>
e939674d 28#include <isc/commandline.h>
8f0502e9 29#include <isc/dir.h>
5ac42705 30#include <isc/file.h>
ad127d83 31#include <isc/heap.h>
3f543c37
BW
32#include <isc/list.h>
33#include <isc/mem.h>
586e65ea 34#include <isc/platform.h>
e939674d 35#include <isc/print.h>
b1d234eb 36#include <isc/string.h>
49d233a0 37#include <isc/time.h>
b1d234eb
BW
38#include <isc/util.h>
39
ad127d83
MA
40#include <dns/db.h>
41#include <dns/dbiterator.h>
8a198fa7 42#include <dns/dnssec.h>
ad127d83 43#include <dns/fixedname.h>
8a198fa7 44#include <dns/keyvalues.h>
b1d234eb
BW
45#include <dns/log.h>
46#include <dns/name.h>
ad127d83
MA
47#include <dns/nsec.h>
48#include <dns/nsec3.h>
565d0dc2 49#include <dns/rdatastruct.h>
39504d45 50#include <dns/rdataclass.h>
ad127d83
MA
51#include <dns/rdataset.h>
52#include <dns/rdatasetiter.h>
b1d234eb
BW
53#include <dns/rdatatype.h>
54#include <dns/result.h>
55#include <dns/secalg.h>
42848e71 56#include <dns/time.h>
b1d234eb
BW
57
58#include "dnssectool.h"
59
60extern int verbose;
7efc8c3f 61extern const char *program;
b1d234eb 62
c9c630ee 63static fatalcallback_t *fatalcallback = NULL;
49d233a0 64
b1d234eb 65void
7efc8c3f 66fatal(const char *format, ...) {
b1d234eb
BW
67 va_list args;
68
2534a73a 69 fprintf(stderr, "%s: fatal: ", program);
b1d234eb
BW
70 va_start(args, format);
71 vfprintf(stderr, format, args);
72 va_end(args);
73 fprintf(stderr, "\n");
c9c630ee
BW
74 if (fatalcallback != NULL)
75 (*fatalcallback)();
b1d234eb
BW
76 exit(1);
77}
78
c9c630ee
BW
79void
80setfatalcallback(fatalcallback_t *callback) {
81 fatalcallback = callback;
82}
83
b1d234eb 84void
7efc8c3f 85check_result(isc_result_t result, const char *message) {
8771fbe4
BW
86 if (result != ISC_R_SUCCESS)
87 fatal("%s: %s", message, isc_result_totext(result));
b1d234eb
BW
88}
89
90void
91vbprintf(int level, const char *fmt, ...) {
92 va_list ap;
93 if (level > verbose)
94 return;
95 va_start(ap, fmt);
96 fprintf(stderr, "%s: ", program);
97 vfprintf(stderr, fmt, ap);
98 va_end(ap);
99}
100
42782931 101void
11463c0a
EH
102version(const char *name) {
103 fprintf(stderr, "%s %s\n", name, VERSION);
42782931
MS
104 exit(0);
105}
106
4fc4813e 107void
93d6dfaf 108sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size) {
4fc4813e
BW
109 char namestr[DNS_NAME_FORMATSIZE];
110 char algstr[DNS_NAME_FORMATSIZE];
565d0dc2 111
2f734e0a 112 dns_name_format(&sig->signer, namestr, sizeof(namestr));
77b8f88f 113 dns_secalg_format(sig->algorithm, algstr, sizeof(algstr));
4fc4813e
BW
114 snprintf(cp, size, "%s/%s/%d", namestr, algstr, sig->keyid);
115}
565d0dc2 116
b1d234eb 117void
11463c0a 118setup_logging(isc_mem_t *mctx, isc_log_t **logp) {
b1d234eb
BW
119 isc_result_t result;
120 isc_logdestination_t destination;
3955d85b
AG
121 isc_logconfig_t *logconfig = NULL;
122 isc_log_t *log = NULL;
b1d234eb
BW
123 int level;
124
7c386b0c
MA
125 if (verbose < 0)
126 verbose = 0;
b1d234eb 127 switch (verbose) {
78838d3e
BW
128 case 0:
129 /*
b1d234eb
BW
130 * We want to see warnings about things like out-of-zone
131 * data in the master file even when not verbose.
132 */
133 level = ISC_LOG_WARNING;
134 break;
135 case 1:
136 level = ISC_LOG_INFO;
137 break;
138 default:
139 level = ISC_LOG_DEBUG(verbose - 2 + 1);
140 break;
141 }
40f53fa8 142
b1d234eb
BW
143 RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);
144 isc_log_setcontext(log);
145 dns_log_init(log);
146 dns_log_setcontext(log);
147
7efc8c3f
DL
148 RUNTIME_CHECK(isc_log_settag(logconfig, program) == ISC_R_SUCCESS);
149
b1d234eb
BW
150 /*
151 * Set up a channel similar to default_stderr except:
152 * - the logging level is passed in
153 * - the program name and logging level are printed
154 * - no time stamp is printed
155 */
156 destination.file.stream = stderr;
157 destination.file.name = NULL;
158 destination.file.versions = ISC_LOG_ROLLNEVER;
159 destination.file.maximum_size = 0;
160 result = isc_log_createchannel(logconfig, "stderr",
161 ISC_LOG_TOFILEDESC,
162 level,
163 &destination,
164 ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL);
165 check_result(result, "isc_log_createchannel()");
40f53fa8 166
b1d234eb
BW
167 RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr",
168 NULL, NULL) == ISC_R_SUCCESS);
169
170 *logp = log;
171}
172
db503b6d
BW
173void
174cleanup_logging(isc_log_t **logp) {
175 isc_log_t *log;
176
177 REQUIRE(logp != NULL);
178
179 log = *logp;
89ff72be
MA
180 *logp = NULL;
181
db503b6d
BW
182 if (log == NULL)
183 return;
89ff72be 184
db503b6d
BW
185 isc_log_destroy(&log);
186 isc_log_setcontext(NULL);
187 dns_log_setcontext(NULL);
db503b6d
BW
188}
189
26d8ffe7 190static isc_stdtime_t
eab9975b
EH
191time_units(isc_stdtime_t offset, char *suffix, const char *str) {
192 switch (suffix[0]) {
553ead32
EH
193 case 'Y': case 'y':
194 return (offset * (365 * 24 * 3600));
195 case 'M': case 'm':
eab9975b
EH
196 switch (suffix[1]) {
197 case 'O': case 'o':
198 return (offset * (30 * 24 * 3600));
199 case 'I': case 'i':
200 return (offset * 60);
201 case '\0':
202 fatal("'%s' ambiguous: use 'mi' for minutes "
203 "or 'mo' for months", str);
204 default:
205 fatal("time value %s is invalid", str);
206 }
12107993 207 /* NOTREACHED */
eab9975b 208 break;
553ead32
EH
209 case 'W': case 'w':
210 return (offset * (7 * 24 * 3600));
211 case 'D': case 'd':
212 return (offset * (24 * 3600));
213 case 'H': case 'h':
214 return (offset * 3600);
215 case 'S': case 's': case '\0':
216 return (offset);
217 default:
218 fatal("time value %s is invalid", str);
219 }
12107993 220 /* NOTREACHED */
553ead32
EH
221 return(0); /* silence compiler warning */
222}
223
994e6569 224static inline bool
a165a17a 225isnone(const char *str) {
994e6569
OS
226 return ((strcasecmp(str, "none") == 0) ||
227 (strcasecmp(str, "never") == 0));
a165a17a
EH
228}
229
eab9975b
EH
230dns_ttl_t
231strtottl(const char *str) {
232 const char *orig = str;
233 dns_ttl_t ttl;
234 char *endp;
235
a165a17a
EH
236 if (isnone(str))
237 return ((dns_ttl_t) 0);
238
eab9975b 239 ttl = strtol(str, &endp, 0);
d7201de0
AU
240 if (ttl == 0 && endp == str)
241 fatal("TTL must be numeric");
eab9975b
EH
242 ttl = time_units(ttl, endp, orig);
243 return (ttl);
244}
245
42848e71 246isc_stdtime_t
cb6a185c 247strtotime(const char *str, int64_t now, int64_t base,
994e6569 248 bool *setp)
a165a17a 249{
cb6a185c 250 int64_t val, offset;
42848e71 251 isc_result_t result;
553ead32 252 const char *orig = str;
42848e71 253 char *endp;
dbb01276 254 size_t n;
42848e71 255
a165a17a
EH
256 if (isnone(str)) {
257 if (setp != NULL)
994e6569 258 *setp = false;
a165a17a
EH
259 return ((isc_stdtime_t) 0);
260 }
261
262 if (setp != NULL)
994e6569 263 *setp = true;
a165a17a 264
50eab6c2 265 if ((str[0] == '0' || str[0] == '-') && str[1] == '\0')
553ead32
EH
266 return ((isc_stdtime_t) 0);
267
7ace3277
MA
268 /*
269 * We accept times in the following formats:
270 * now([+-]offset)
271 * YYYYMMDD([+-]offset)
272 * YYYYMMDDhhmmss([+-]offset)
273 * [+-]offset
274 */
275 n = strspn(str, "0123456789");
5deedd70 276 if ((n == 8u || n == 14u) &&
7ace3277
MA
277 (str[n] == '\0' || str[n] == '-' || str[n] == '+'))
278 {
279 char timestr[15];
280
281 strlcpy(timestr, str, sizeof(timestr));
282 timestr[n] = 0;
5deedd70 283 if (n == 8u)
7ace3277
MA
284 strlcat(timestr, "000000", sizeof(timestr));
285 result = dns_time64_fromtext(timestr, &val);
286 if (result != ISC_R_SUCCESS)
287 fatal("time value %s is invalid: %s", orig,
288 isc_result_totext(result));
289 base = val;
290 str += n;
291 } else if (strncmp(str, "now", 3) == 0) {
553ead32
EH
292 base = now;
293 str += 3;
294 }
295
296 if (str[0] == '\0')
297 return ((isc_stdtime_t) base);
298 else if (str[0] == '+') {
42848e71 299 offset = strtol(str + 1, &endp, 0);
9f8d002a 300 offset = time_units((isc_stdtime_t) offset, endp, orig);
42848e71 301 val = base + offset;
553ead32
EH
302 } else if (str[0] == '-') {
303 offset = strtol(str + 1, &endp, 0);
9f8d002a 304 offset = time_units((isc_stdtime_t) offset, endp, orig);
553ead32 305 val = base - offset;
7cd9d53c
MA
306 } else
307 fatal("time value %s is invalid", orig);
42848e71
BW
308
309 return ((isc_stdtime_t) val);
310}
39504d45
BW
311
312dns_rdataclass_t
313strtoclass(const char *str) {
daa73eae 314 isc_textregion_t r;
39504d45
BW
315 dns_rdataclass_t rdclass;
316 isc_result_t ret;
317
318 if (str == NULL)
319 return dns_rdataclass_in;
daa73eae 320 DE_CONST(str, r.base);
39504d45 321 r.length = strlen(str);
daa73eae 322 ret = dns_rdataclass_fromtext(&rdclass, &r);
39504d45
BW
323 if (ret != ISC_R_SUCCESS)
324 fatal("unknown class %s", str);
325 return (rdclass);
326}
8f0502e9 327
ba37674d
EH
328unsigned int
329strtodsdigest(const char *algname) {
330 if (strcasecmp(algname, "SHA1") == 0 ||
331 strcasecmp(algname, "SHA-1") == 0)
332 {
333 return (DNS_DSDIGEST_SHA1);
334 } else if (strcasecmp(algname, "SHA256") == 0 ||
335 strcasecmp(algname, "SHA-256") == 0)
336 {
337 return (DNS_DSDIGEST_SHA256);
ba37674d
EH
338 } else if (strcasecmp(algname, "SHA384") == 0 ||
339 strcasecmp(algname, "SHA-384") == 0)
340 {
341 return (DNS_DSDIGEST_SHA384);
342 } else {
343 fatal("unknown algorithm %s", algname);
344 }
345}
346
8f0502e9
EH
347isc_result_t
348try_dir(const char *dirname) {
349 isc_result_t result;
350 isc_dir_t d;
351
352 isc_dir_init(&d);
353 result = isc_dir_open(&d, dirname);
354 if (result == ISC_R_SUCCESS) {
355 isc_dir_close(&d);
356 }
357 return (result);
358}
c0214996
EH
359
360/*
361 * Check private key version compatibility.
362 */
363void
364check_keyversion(dst_key_t *key, char *keystr) {
365 int major, minor;
366 dst_key_getprivateformat(key, &major, &minor);
5f744ebb 367 INSIST(major <= DST_MAJOR_VERSION); /* invalid private key */
c0214996 368
5f744ebb 369 if (major < DST_MAJOR_VERSION || minor < DST_MINOR_VERSION)
c0214996
EH
370 fatal("Key %s has incompatible format version %d.%d, "
371 "use -f to force upgrade to new version.",
372 keystr, major, minor);
373 if (minor > DST_MINOR_VERSION)
374 fatal("Key %s has incompatible format version %d.%d, "
375 "use -f to force downgrade to current version.",
376 keystr, major, minor);
377}
378
379void
380set_keyversion(dst_key_t *key) {
381 int major, minor;
382 dst_key_getprivateformat(key, &major, &minor);
5f744ebb 383 INSIST(major <= DST_MAJOR_VERSION);
c0214996
EH
384
385 if (major != DST_MAJOR_VERSION || minor != DST_MINOR_VERSION)
386 dst_key_setprivateformat(key, DST_MAJOR_VERSION,
387 DST_MINOR_VERSION);
388
389 /*
390 * If the key is from a version older than 1.3, set
391 * set the creation date
392 */
393 if (major < 1 || (major == 1 && minor <= 2)) {
394 isc_stdtime_t now;
395 isc_stdtime_get(&now);
396 dst_key_settime(key, DST_TIME_CREATED, now);
397 }
398}
8a198fa7 399
994e6569 400bool
1946c596 401key_collision(dst_key_t *dstkey, dns_name_t *name, const char *dir,
994e6569 402 isc_mem_t *mctx, bool *exact)
8a198fa7
EH
403{
404 isc_result_t result;
994e6569 405 bool conflict = false;
8a198fa7
EH
406 dns_dnsseckeylist_t matchkeys;
407 dns_dnsseckey_t *key = NULL;
cb6a185c
OS
408 uint16_t id, oldid;
409 uint32_t rid, roldid;
1946c596 410 dns_secalg_t alg;
f0f71420 411 char filename[NAME_MAX];
5ac42705 412 isc_buffer_t fileb;
25cd3168 413 isc_stdtime_t now;
8a198fa7
EH
414
415 if (exact != NULL)
994e6569 416 *exact = false;
dfc015bc 417
1946c596
MA
418 id = dst_key_id(dstkey);
419 rid = dst_key_rid(dstkey);
420 alg = dst_key_alg(dstkey);
8a198fa7 421
5ac42705 422 /*
80788e72
EH
423 * For Diffie Hellman just check if there is a direct collision as
424 * they can't be revoked. Additionally dns_dnssec_findmatchingkeys
425 * only handles DNSKEY which is not used for HMAC.
5ac42705 426 */
80788e72 427 if (alg == DST_ALG_DH) {
5ac42705
MA
428 isc_buffer_init(&fileb, filename, sizeof(filename));
429 result = dst_key_buildfilename(dstkey, DST_TYPE_PRIVATE,
430 dir, &fileb);
431 if (result != ISC_R_SUCCESS)
994e6569 432 return (true);
5ac42705
MA
433 return (isc_file_exists(filename));
434 }
435
8a198fa7 436 ISC_LIST_INIT(matchkeys);
25cd3168
WK
437 isc_stdtime_get(&now);
438 result = dns_dnssec_findmatchingkeys(name, dir, now, mctx, &matchkeys);
8a198fa7 439 if (result == ISC_R_NOTFOUND)
994e6569 440 return (false);
8a198fa7
EH
441
442 while (!ISC_LIST_EMPTY(matchkeys) && !conflict) {
443 key = ISC_LIST_HEAD(matchkeys);
444 if (dst_key_alg(key->key) != alg)
445 goto next;
446
447 oldid = dst_key_id(key->key);
1946c596
MA
448 roldid = dst_key_rid(key->key);
449
450 if (oldid == rid || roldid == id || id == oldid) {
994e6569 451 conflict = true;
1946c596 452 if (id != oldid) {
8a198fa7 453 if (verbose > 1)
ca4e44eb 454 fprintf(stderr, "Key ID %d could "
8a198fa7
EH
455 "collide with %d\n",
456 id, oldid);
457 } else {
458 if (exact != NULL)
994e6569 459 *exact = true;
8a198fa7 460 if (verbose > 1)
ca4e44eb 461 fprintf(stderr, "Key ID %d exists\n",
8a198fa7 462 id);
ca4e44eb 463 }
8a198fa7
EH
464 }
465
466 next:
467 ISC_LIST_UNLINK(matchkeys, key, link);
468 dns_dnsseckey_destroy(mctx, &key);
469 }
470
ca4e44eb 471 /* Finish freeing the list */
8a198fa7
EH
472 while (!ISC_LIST_EMPTY(matchkeys)) {
473 key = ISC_LIST_HEAD(matchkeys);
474 ISC_LIST_UNLINK(matchkeys, key, link);
475 dns_dnsseckey_destroy(mctx, &key);
476 }
477
478 return (conflict);
479}
ad127d83 480
994e6569 481bool
e939674d
MA
482isoptarg(const char *arg, char **argv, void(*usage)(void)) {
483 if (!strcasecmp(isc_commandline_argument, arg)) {
484 if (argv[isc_commandline_index] == NULL) {
485 fprintf(stderr, "%s: missing argument -%c %s\n",
486 program, isc_commandline_option,
487 isc_commandline_argument);
488 usage();
489 }
490 isc_commandline_argument = argv[isc_commandline_index];
491 /* skip to next arguement */
492 isc_commandline_index++;
994e6569 493 return (true);
e939674d 494 }
994e6569 495 return (false);
e939674d 496}
358dfaee
WK
497
498#ifdef _WIN32
499void
500InitSockets(void) {
501 WORD wVersionRequested;
502 WSADATA wsaData;
503 int err;
504
505 wVersionRequested = MAKEWORD(2, 0);
506
507 err = WSAStartup( wVersionRequested, &wsaData );
508 if (err != 0) {
509 fprintf(stderr, "WSAStartup() failed: %d\n", err);
510 exit(1);
511 }
512}
513
514void
515DestroySockets(void) {
516 WSACleanup();
517}
518#endif