1 /* $NetBSD: keycreate.c,v 1.7 2014/12/10 04:37:54 christos Exp $ */ 2 3 /* 4 * Copyright (C) 2004, 2005, 2007, 2009, 2011, 2012, 2014 Internet Systems Consortium, Inc. ("ISC") 5 * Copyright (C) 2001 Internet Software Consortium. 6 * 7 * Permission to use, copy, modify, and/or distribute this software for any 8 * purpose with or without fee is hereby granted, provided that the above 9 * copyright notice and this permission notice appear in all copies. 10 * 11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 * PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* Id: keycreate.c,v 1.20 2011/01/11 23:47:13 tbox Exp */ 21 22 #include <config.h> 23 24 #include <stdlib.h> 25 #include <string.h> 26 27 #include <isc/app.h> 28 #include <isc/base64.h> 29 #include <isc/entropy.h> 30 #include <isc/hash.h> 31 #include <isc/log.h> 32 #include <isc/mem.h> 33 #include <isc/sockaddr.h> 34 #include <isc/socket.h> 35 #include <isc/task.h> 36 #include <isc/timer.h> 37 #include <isc/util.h> 38 39 #include <dns/dispatch.h> 40 #include <dns/fixedname.h> 41 #include <dns/keyvalues.h> 42 #include <dns/message.h> 43 #include <dns/name.h> 44 #include <dns/request.h> 45 #include <dns/result.h> 46 #include <dns/tkey.h> 47 #include <dns/tsig.h> 48 #include <dns/view.h> 49 50 #include <dst/result.h> 51 52 #define CHECK(str, x) { \ 53 if ((x) != ISC_R_SUCCESS) { \ 54 fprintf(stderr, "I:%s: %s\n", (str), isc_result_totext(x)); \ 55 exit(-1); \ 56 } \ 57 } 58 59 #define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS) 60 61 #define PORT 5300 62 #define TIMEOUT 30 63 64 static dst_key_t *ourkey; 65 static isc_mem_t *mctx; 66 static dns_tsigkey_t *tsigkey, *initialkey; 67 static dns_tsig_keyring_t *ring; 68 static unsigned char noncedata[16]; 69 static isc_buffer_t nonce; 70 static dns_requestmgr_t *requestmgr; 71 static const char *ownername_str = "."; 72 73 static void 74 recvquery(isc_task_t *task, isc_event_t *event) { 75 dns_requestevent_t *reqev = (dns_requestevent_t *)event; 76 isc_result_t result; 77 dns_message_t *query, *response; 78 char keyname[256]; 79 isc_buffer_t keynamebuf; 80 int type; 81 82 UNUSED(task); 83 84 REQUIRE(reqev != NULL); 85 86 if (reqev->result != ISC_R_SUCCESS) { 87 fprintf(stderr, "I:request event result: %s\n", 88 isc_result_totext(reqev->result)); 89 exit(-1); 90 } 91 92 query = reqev->ev_arg; 93 94 response = NULL; 95 result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response); 96 CHECK("dns_message_create", result); 97 98 result = dns_request_getresponse(reqev->request, response, 99 DNS_MESSAGEPARSE_PRESERVEORDER); 100 CHECK("dns_request_getresponse", result); 101 102 if (response->rcode != dns_rcode_noerror) { 103 result = ISC_RESULTCLASS_DNSRCODE + response->rcode; 104 fprintf(stderr, "I:response rcode: %s\n", 105 isc_result_totext(result)); 106 exit(-1); 107 } 108 109 result = dns_tkey_processdhresponse(query, response, ourkey, &nonce, 110 &tsigkey, ring); 111 CHECK("dns_tkey_processdhresponse", result); 112 113 /* 114 * Yes, this is a hack. 115 */ 116 isc_buffer_init(&keynamebuf, keyname, sizeof(keyname)); 117 result = dst_key_buildfilename(tsigkey->key, 0, "", &keynamebuf); 118 CHECK("dst_key_buildfilename", result); 119 printf("%.*s\n", (int)isc_buffer_usedlength(&keynamebuf), 120 (char *)isc_buffer_base(&keynamebuf)); 121 type = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_KEY; 122 result = dst_key_tofile(tsigkey->key, type, ""); 123 CHECK("dst_key_tofile", result); 124 125 dns_message_destroy(&query); 126 dns_message_destroy(&response); 127 dns_request_destroy(&reqev->request); 128 isc_event_free(&event); 129 isc_app_shutdown(); 130 return; 131 } 132 133 static void 134 sendquery(isc_task_t *task, isc_event_t *event) { 135 struct in_addr inaddr; 136 isc_sockaddr_t address; 137 isc_region_t r; 138 isc_result_t result; 139 dns_fixedname_t keyname; 140 dns_fixedname_t ownername; 141 isc_buffer_t namestr, keybuf; 142 unsigned char keydata[9]; 143 dns_message_t *query; 144 dns_request_t *request; 145 static char keystr[] = "0123456789ab"; 146 147 isc_event_free(&event); 148 149 result = ISC_R_FAILURE; 150 if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) 151 CHECK("inet_pton", result); 152 isc_sockaddr_fromin(&address, &inaddr, PORT); 153 154 dns_fixedname_init(&keyname); 155 isc_buffer_constinit(&namestr, "tkeytest.", 9); 156 isc_buffer_add(&namestr, 9); 157 result = dns_name_fromtext(dns_fixedname_name(&keyname), &namestr, 158 NULL, 0, NULL); 159 CHECK("dns_name_fromtext", result); 160 161 dns_fixedname_init(&ownername); 162 isc_buffer_constinit(&namestr, ownername_str, strlen(ownername_str)); 163 isc_buffer_add(&namestr, strlen(ownername_str)); 164 result = dns_name_fromtext(dns_fixedname_name(&ownername), &namestr, 165 NULL, 0, NULL); 166 CHECK("dns_name_fromtext", result); 167 168 isc_buffer_init(&keybuf, keydata, 9); 169 result = isc_base64_decodestring(keystr, &keybuf); 170 CHECK("isc_base64_decodestring", result); 171 172 isc_buffer_usedregion(&keybuf, &r); 173 174 initialkey = NULL; 175 result = dns_tsigkey_create(dns_fixedname_name(&keyname), 176 DNS_TSIG_HMACMD5_NAME, 177 isc_buffer_base(&keybuf), 178 isc_buffer_usedlength(&keybuf), 179 ISC_FALSE, NULL, 0, 0, mctx, ring, 180 &initialkey); 181 CHECK("dns_tsigkey_create", result); 182 183 query = NULL; 184 result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query); 185 CHECK("dns_message_create", result); 186 187 result = dns_tkey_builddhquery(query, ourkey, 188 dns_fixedname_name(&ownername), 189 DNS_TSIG_HMACMD5_NAME, &nonce, 3600); 190 CHECK("dns_tkey_builddhquery", result); 191 192 request = NULL; 193 result = dns_request_create(requestmgr, query, &address, 194 DNS_REQUESTOPT_TCP, initialkey, 195 TIMEOUT, task, recvquery, query, 196 &request); 197 CHECK("dns_request_create", result); 198 } 199 200 int 201 main(int argc, char *argv[]) { 202 char *ourkeyname; 203 isc_taskmgr_t *taskmgr; 204 isc_timermgr_t *timermgr; 205 isc_socketmgr_t *socketmgr; 206 isc_socket_t *sock; 207 unsigned int attrs, attrmask; 208 isc_sockaddr_t bind_any; 209 dns_dispatchmgr_t *dispatchmgr; 210 dns_dispatch_t *dispatchv4; 211 dns_view_t *view; 212 isc_entropy_t *ectx; 213 dns_tkeyctx_t *tctx; 214 isc_log_t *log; 215 isc_logconfig_t *logconfig; 216 isc_task_t *task; 217 isc_result_t result; 218 int type; 219 220 RUNCHECK(isc_app_start()); 221 222 if (argc < 2) { 223 fprintf(stderr, "I:no DH key provided\n"); 224 exit(-1); 225 } 226 ourkeyname = argv[1]; 227 228 if (argc >= 3) 229 ownername_str = argv[2]; 230 231 dns_result_register(); 232 233 mctx = NULL; 234 isc_mem_debugging = ISC_MEM_DEBUGRECORD; 235 RUNCHECK(isc_mem_create(0, 0, &mctx)); 236 237 ectx = NULL; 238 RUNCHECK(isc_entropy_create(mctx, &ectx)); 239 RUNCHECK(isc_entropy_createfilesource(ectx, "../random.data")); 240 RUNCHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)); 241 242 log = NULL; 243 logconfig = NULL; 244 RUNCHECK(isc_log_create(mctx, &log, &logconfig)); 245 246 RUNCHECK(dst_lib_init(mctx, ectx, ISC_ENTROPY_GOODONLY)); 247 248 taskmgr = NULL; 249 RUNCHECK(isc_taskmgr_create(mctx, 1, 0, &taskmgr)); 250 task = NULL; 251 RUNCHECK(isc_task_create(taskmgr, 0, &task)); 252 timermgr = NULL; 253 RUNCHECK(isc_timermgr_create(mctx, &timermgr)); 254 socketmgr = NULL; 255 RUNCHECK(isc_socketmgr_create(mctx, &socketmgr)); 256 dispatchmgr = NULL; 257 RUNCHECK(dns_dispatchmgr_create(mctx, NULL, &dispatchmgr)); 258 isc_sockaddr_any(&bind_any); 259 attrs = DNS_DISPATCHATTR_UDP | 260 DNS_DISPATCHATTR_MAKEQUERY | 261 DNS_DISPATCHATTR_IPV4; 262 attrmask = DNS_DISPATCHATTR_UDP | 263 DNS_DISPATCHATTR_TCP | 264 DNS_DISPATCHATTR_IPV4 | 265 DNS_DISPATCHATTR_IPV6; 266 dispatchv4 = NULL; 267 RUNCHECK(dns_dispatch_getudp(dispatchmgr, socketmgr, taskmgr, 268 &bind_any, 4096, 4, 2, 3, 5, 269 attrs, attrmask, &dispatchv4)); 270 requestmgr = NULL; 271 RUNCHECK(dns_requestmgr_create(mctx, timermgr, socketmgr, taskmgr, 272 dispatchmgr, dispatchv4, NULL, 273 &requestmgr)); 274 275 ring = NULL; 276 RUNCHECK(dns_tsigkeyring_create(mctx, &ring)); 277 tctx = NULL; 278 RUNCHECK(dns_tkeyctx_create(mctx, ectx, &tctx)); 279 280 view = NULL; 281 RUNCHECK(dns_view_create(mctx, 0, "_test", &view)); 282 dns_view_setkeyring(view, ring); 283 dns_tsigkeyring_detach(&ring); 284 285 sock = NULL; 286 RUNCHECK(isc_socket_create(socketmgr, PF_INET, isc_sockettype_udp, 287 &sock)); 288 289 RUNCHECK(isc_app_onrun(mctx, task, sendquery, NULL)); 290 291 ourkey = NULL; 292 type = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY; 293 result = dst_key_fromnamedfile(ourkeyname, NULL, type, mctx, &ourkey); 294 CHECK("dst_key_fromnamedfile", result); 295 296 isc_buffer_init(&nonce, noncedata, sizeof(noncedata)); 297 result = isc_entropy_getdata(ectx, noncedata, sizeof(noncedata), 298 NULL, ISC_ENTROPY_BLOCKING); 299 CHECK("isc_entropy_getdata", result); 300 isc_buffer_add(&nonce, sizeof(noncedata)); 301 302 (void)isc_app_run(); 303 304 dns_requestmgr_shutdown(requestmgr); 305 dns_requestmgr_detach(&requestmgr); 306 dns_dispatch_detach(&dispatchv4); 307 dns_dispatchmgr_destroy(&dispatchmgr); 308 isc_task_shutdown(task); 309 isc_task_detach(&task); 310 isc_taskmgr_destroy(&taskmgr); 311 isc_socket_detach(&sock); 312 isc_socketmgr_destroy(&socketmgr); 313 isc_timermgr_destroy(&timermgr); 314 315 dst_key_free(&ourkey); 316 dns_tsigkey_detach(&initialkey); 317 dns_tsigkey_detach(&tsigkey); 318 319 dns_tkeyctx_destroy(&tctx); 320 321 dns_view_detach(&view); 322 323 isc_log_destroy(&log); 324 325 dst_lib_destroy(); 326 isc_hash_destroy(); 327 isc_entropy_detach(&ectx); 328 329 isc_mem_destroy(&mctx); 330 331 isc_app_finish(); 332 333 return (0); 334 } 335