diff options
Diffstat (limited to 'examples/ldns-nsec3-hash.c')
-rw-r--r-- | examples/ldns-nsec3-hash.c | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/examples/ldns-nsec3-hash.c b/examples/ldns-nsec3-hash.c new file mode 100644 index 0000000..0ba2e68 --- /dev/null +++ b/examples/ldns-nsec3-hash.c @@ -0,0 +1,127 @@ +/* + * ldns-signzone signs a zone file + * + * (c) NLnet Labs, 2005 - 2008 + * See the file LICENSE for the license + */ + +#include "config.h" +#include <stdlib.h> +#include <unistd.h> + +#include <errno.h> + +#include <time.h> + +#include <ldns/ldns.h> +#include <ldns/keys.h> + +#ifdef HAVE_SSL +#include <openssl/conf.h> +#include <openssl/engine.h> +#endif /* HAVE_SSL */ + +#define MAX_FILENAME_LEN 250 +int verbosity = 1; + +static void +usage(FILE *fp, const char *prog) { + fprintf(fp, "%s [OPTIONS] <domain name>\n", prog); + fprintf(fp, " prints the NSEC3 hash of the given domain name\n"); + fprintf(fp, "-a [algorithm] hashing algorithm\n"); + fprintf(fp, "-t [number] number of hash iterations\n"); + fprintf(fp, "-s [string] salt\n"); +} + +int +main(int argc, char *argv[]) +{ + ldns_rdf *dname, *hashed_dname; + uint8_t nsec3_algorithm = 1; + size_t nsec3_iterations_cmd = 1; + uint16_t nsec3_iterations = 1; + uint8_t nsec3_salt_length = 0; + uint8_t *nsec3_salt = NULL; + + char *prog = strdup(argv[0]); + + int c; + while ((c = getopt(argc, argv, "a:s:t:")) != -1) { + switch (c) { + case 'a': + nsec3_algorithm = (uint8_t) atoi(optarg); + break; + case 's': + if (strlen(optarg) % 2 != 0) { + fprintf(stderr, "Salt value is not valid hex data, not a multiple of 2 characters\n"); + exit(EXIT_FAILURE); + } + if (strlen(optarg) > 512) { + fprintf(stderr, "Salt too long\n"); + exit(EXIT_FAILURE); + } + nsec3_salt_length = (uint8_t) (strlen(optarg) / 2); + nsec3_salt = LDNS_XMALLOC(uint8_t, nsec3_salt_length); + for (c = 0; c < (int) strlen(optarg); c += 2) { + if (isxdigit((int) optarg[c]) && isxdigit((int) optarg[c+1])) { + nsec3_salt[c/2] = (uint8_t) ldns_hexdigit_to_int(optarg[c]) * 16 + + ldns_hexdigit_to_int(optarg[c+1]); + } else { + fprintf(stderr, "Salt value is not valid hex data.\n"); + exit(EXIT_FAILURE); + } + } + + break; + case 't': + nsec3_iterations_cmd = (size_t) atol(optarg); + if (nsec3_iterations_cmd > LDNS_NSEC3_MAX_ITERATIONS) { + fprintf(stderr, "Iterations count can not exceed %u, quitting\n", LDNS_NSEC3_MAX_ITERATIONS); + exit(EXIT_FAILURE); + } + nsec3_iterations = (uint16_t) nsec3_iterations_cmd; + break; + default: + usage(stderr, prog); + exit(EXIT_SUCCESS); + } + } + + argc -= optind; + argv += optind; + + if (argc < 1) { + printf("Error: not enough arguments\n"); + usage(stdout, prog); + exit(EXIT_FAILURE); + } else { + dname = ldns_dname_new_frm_str(argv[0]); + if (!dname) { + fprintf(stderr, + "Error: unable to parse domain name\n"); + return EXIT_FAILURE; + } + hashed_dname = ldns_nsec3_hash_name(dname, + nsec3_algorithm, + nsec3_iterations, + nsec3_salt_length, + nsec3_salt); + if (!hashed_dname) { + fprintf(stderr, + "Error creating NSEC3 hash\n"); + return EXIT_FAILURE; + } + ldns_rdf_print(stdout, hashed_dname); + printf("\n"); + ldns_rdf_deep_free(dname); + ldns_rdf_deep_free(hashed_dname); + } + + if (nsec3_salt) { + free(nsec3_salt); + } + + free(prog); + + return EXIT_SUCCESS; +} |