Commit f45e3d12 authored by Jan Včelák's avatar Jan Včelák 🚀

utils: implement knsec3hash tool

parent a359023f
......@@ -56,6 +56,7 @@
/src/kdig
/src/khost
/src/knsupdate
/src/knsec3hash
/src/knot/conf/libknotd_la-cf-lex.c
/src/knot/conf/libknotd_la-cf-parse.c
/src/knot/conf/libknotd_la-cf-parse.h
......
......@@ -263,6 +263,7 @@ src/utils/dig/dig_params.h
src/utils/host/host_main.c
src/utils/host/host_params.c
src/utils/host/host_params.h
src/utils/nsec3hash/nsec3hash_main.c
src/utils/nsupdate/nsupdate_exec.c
src/utils/nsupdate/nsupdate_exec.h
src/utils/nsupdate/nsupdate_main.c
......
......@@ -2,7 +2,7 @@ ACLOCAL_AMFLAGS = -I $(top_srcdir)/m4
SUBDIRS = . tests
sbin_PROGRAMS = knotc knotd
bin_PROGRAMS = kdig khost knsupdate
bin_PROGRAMS = kdig khost knsupdate knsec3hash
noinst_PROGRAMS = zscanner-tool
noinst_LTLIBRARIES = libknot.la libknotd.la libknots.la libzscanner.la
......@@ -104,6 +104,9 @@ knsupdate_SOURCES = \
utils/nsupdate/nsupdate_exec.h \
utils/nsupdate/nsupdate_exec.c
knsec3hash_SOURCES = \
utils/nsec3hash/nsec3hash_main.c
libknot_la_SOURCES = \
libknot/common.h \
libknot/consts.h \
......@@ -312,6 +315,7 @@ knotc_LDADD = libknotd.la libknot.la libknots.la @LIBOBJS@
kdig_LDADD = libknotd.la libknot.la libknots.la @LIBOBJS@
khost_LDADD = libknotd.la libknot.la libknots.la @LIBOBJS@
knsupdate_LDADD = libknotd.la libknot.la libknots.la libzscanner.la @LIBOBJS@
knsec3hash_LDADD = libknot.la libknots.la @LIBOBJS@
zscanner_tool_LDADD = libknots.la libknot.la libknotd.la libzscanner.la @LIBOBJS@
# Create storage and run-time directories
......
/* Copyright (C) 2011 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <assert.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include "common/base32hex.h"
#include "common/errcode.h"
#include "common/hex.h"
#include "common/strtonum.h"
#include "libknot/nsec3.h"
#define PROGRAM_NAME "knsec3hash"
/*!
* \brief Print program usage (and example).
*/
static void usage(void)
{
fprintf(stderr, "usage: " PROGRAM_NAME " "
"<salt> <algorithm> <iterations> <domain-name>\n");
fprintf(stderr, "example: " PROGRAM_NAME " "
"c01dcafe 1 10 knot-dns.cz\n");
}
/*!
* \brief Parse NSEC3 parameters and fill structure with NSEC3 parameters.
*/
static bool parse_nsec3_params(knot_nsec3_params_t *params, const char *salt,
const char *algorithm, const char *iterations)
{
int result;
result = knot_str2uint8t(algorithm, &params->algorithm);
if (result != KNOT_EOK) {
fprintf(stderr, "Could not parse algorithm number.\n");
return false;
}
result = knot_str2uint16t(iterations, &params->iterations);
if (result != KNOT_EOK) {
fprintf(stderr, "Could not parse iteration count.\n");
return false;
}
size_t salt_length;
result = hex_decode(salt, &params->salt, &salt_length);
if (result != KNOT_EOK) {
fprintf(stderr, "Could not parse hex encoded salt.\n");
return false;
}
if (salt_length > UINT8_MAX) {
fprintf(stderr, "Decoded salt is longer than %d bytes.\n",
UINT8_MAX);
free(params->salt);
memset(params, '\0', sizeof(*params));
return false;
}
params->salt_length = (uint8_t)salt_length;
return true;
}
/*!
* \brief Entry point of 'knsec3hash'.
*/
int main(int argc, const char *argv[])
{
int exit_code = 1;
knot_nsec3_params_t nsec3_params = { 0 };
knot_dname_t *dname = NULL;
uint8_t *digest = NULL;
size_t digest_size = 0;
uint8_t *b32_digest = NULL;
uint32_t b32_length = 0;
int result = 0;
// knsec3hash <salt> <algorithm> <iterations> <domain>
if (argc != 5) {
usage();
goto fail;
}
if (!parse_nsec3_params(&nsec3_params, argv[1], argv[2], argv[3])) {
goto fail;
}
dname = knot_dname_new_from_nonfqdn_str(argv[4], strlen(argv[4]), NULL);
if (dname == NULL) {
fprintf(stderr, "Cannot parse domain name.\n");
goto fail;
}
result = knot_nsec3_hash(&nsec3_params, dname->name, dname->size,
&digest, &digest_size);
if (result != KNOT_EOK) {
fprintf(stderr, "Cannot compute hash: %s\n",
knot_strerror(result));
goto fail;
}
b32_length = base32hex_encode_alloc(digest, digest_size, &b32_digest);
if (b32_length < 0) {
fprintf(stderr, "Cannot encode computed hash: %s\n",
knot_strerror(b32_length));
goto fail;
}
exit_code = 0;
printf("%.*s (salt=%s, hash=%d, iterations=%d)\n", b32_length,
b32_digest, argv[1], nsec3_params.algorithm,
nsec3_params.iterations);
fail:
knot_nsec3_params_free(&nsec3_params);
knot_dname_free(&dname);
free(digest);
free(b32_digest);
return exit_code;
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment