|
OpenDNSSEC-libhsm
1.3.4
|
00001 /* 00002 * $Id: hsmcheck.c 4665 2011-03-28 09:16:48Z rb $ 00003 * 00004 * Copyright (c) 2009 Nominet UK. 00005 * All rights reserved. 00006 * 00007 * Redistribution and use in source and binary forms, with or without 00008 * modification, are permitted provided that the following conditions 00009 * are met: 00010 * 1. Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * 2. Redistributions in binary form must reproduce the above copyright 00013 * notice, this list of conditions and the following disclaimer in the 00014 * documentation and/or other materials provided with the distribution. 00015 * 00016 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 00017 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 00018 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 00019 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 00020 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 00021 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 00022 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 00023 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 00024 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 00025 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 00026 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 00027 */ 00028 00029 #include "config.h" 00030 00031 #include <stdio.h> 00032 #include <string.h> 00033 #include <stdlib.h> 00034 #include <unistd.h> 00035 00036 #include <libhsm.h> 00037 #include <libhsmdns.h> 00038 00039 extern char *optarg; 00040 char *progname = NULL; 00041 00042 void 00043 usage () 00044 { 00045 fprintf(stderr, "usage: %s [-c config] [-gsdr]\n", progname); 00046 } 00047 00048 int 00049 main (int argc, char *argv[]) 00050 { 00051 int result; 00052 hsm_ctx_t *ctx; 00053 hsm_key_t **keys; 00054 hsm_key_t *key = NULL; 00055 char *id; 00056 size_t key_count = 0; 00057 size_t i; 00058 ldns_rr_list *rrset; 00059 ldns_rr *rr, *sig, *dnskey_rr; 00060 ldns_status status; 00061 hsm_sign_params_t *sign_params; 00062 00063 int do_generate = 0; 00064 int do_sign = 0; 00065 int do_delete = 0; 00066 int do_random = 0; 00067 00068 int res; 00069 uint32_t r32; 00070 uint64_t r64; 00071 00072 char *config = NULL; 00073 const char *repository = "default"; 00074 00075 int ch; 00076 00077 progname = argv[0]; 00078 00079 while ((ch = getopt(argc, argv, "hgsdrc:")) != -1) { 00080 switch (ch) { 00081 case 'c': 00082 config = strdup(optarg); 00083 break; 00084 case 'g': 00085 do_generate = 1; 00086 break; 00087 case 'h': 00088 usage(); 00089 exit(0); 00090 break; 00091 case 's': 00092 do_sign = 1; 00093 break; 00094 case 'd': 00095 do_delete = 1; 00096 break; 00097 case 'r': 00098 do_random = 1; 00099 break; 00100 default: 00101 usage(); 00102 exit(1); 00103 } 00104 } 00105 00106 if (!config) { 00107 usage(); 00108 exit(1); 00109 } 00110 00111 /* 00112 * Open HSM library 00113 */ 00114 fprintf(stdout, "Starting HSM lib test\n"); 00115 result = hsm_open(config, hsm_prompt_pin, NULL); 00116 fprintf(stdout, "hsm_open result: %d\n", result); 00117 00118 /* 00119 * Create HSM context 00120 */ 00121 ctx = hsm_create_context(); 00122 printf("global: "); 00123 hsm_print_ctx(NULL); 00124 printf("my: "); 00125 hsm_print_ctx(ctx); 00126 00127 /* 00128 * Generate a new key OR find any key with an ID 00129 */ 00130 if (do_generate) { 00131 key = hsm_generate_rsa_key(ctx, repository, 1024); 00132 00133 if (key) { 00134 printf("\nCreated key!\n"); 00135 hsm_print_key(key); 00136 printf("\n"); 00137 } else { 00138 printf("Error creating key, bad token name?\n"); 00139 hsm_print_error(ctx); 00140 exit(1); 00141 } 00142 } else if (do_sign || do_delete) { 00143 keys = hsm_list_keys(ctx, &key_count); 00144 printf("I have found %u keys\n", (unsigned int) key_count); 00145 00146 /* let's just use the very first key we find and throw away the rest */ 00147 for (i = 0; i < key_count && !key; i++) { 00148 printf("\nFound key!\n"); 00149 hsm_print_key(keys[i]); 00150 00151 id = hsm_get_key_id(ctx, keys[i]); 00152 00153 if (id) { 00154 printf("Using key ID: %s\n", id); 00155 if (key) hsm_key_free(key); 00156 key = hsm_find_key_by_id(ctx, id); 00157 printf("ptr: 0x%p\n", (void *) key); 00158 free(id); 00159 } else { 00160 printf("Got no key ID (broken key?), skipped...\n"); 00161 } 00162 00163 hsm_key_free(keys[i]); 00164 } 00165 free(keys); 00166 00167 if (!key) { 00168 printf("Failed to find useful key\n"); 00169 exit(1); 00170 } 00171 } 00172 00173 /* 00174 * Do some signing 00175 */ 00176 if (do_sign) { 00177 printf("\nSigning with:\n"); 00178 hsm_print_key(key); 00179 printf("\n"); 00180 00181 rrset = ldns_rr_list_new(); 00182 00183 status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 123.123.123.123", 0, NULL, NULL); 00184 if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr); 00185 status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 124.124.124.124", 0, NULL, NULL); 00186 if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr); 00187 00188 sign_params = hsm_sign_params_new(); 00189 sign_params->algorithm = LDNS_RSASHA1; 00190 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "opendnssec.se."); 00191 dnskey_rr = hsm_get_dnskey(ctx, key, sign_params); 00192 sign_params->keytag = ldns_calc_keytag(dnskey_rr); 00193 00194 sig = hsm_sign_rrset(ctx, rrset, key, sign_params); 00195 if (sig) { 00196 ldns_rr_list_print(stdout, rrset); 00197 ldns_rr_print(stdout, sig); 00198 ldns_rr_print(stdout, dnskey_rr); 00199 ldns_rr_free(sig); 00200 } else { 00201 hsm_print_error(ctx); 00202 exit(-1); 00203 } 00204 00205 /* cleanup */ 00206 ldns_rr_list_deep_free(rrset); 00207 hsm_sign_params_free(sign_params); 00208 ldns_rr_free(dnskey_rr); 00209 } 00210 00211 /* 00212 * Delete key 00213 */ 00214 if (do_delete) { 00215 printf("\nDelete key:\n"); 00216 hsm_print_key(key); 00217 /* res = hsm_remove_key(ctx, key); */ 00218 res = hsm_remove_key(ctx, key); 00219 printf("Deleted key. Result: %d\n", res); 00220 printf("\n"); 00221 } 00222 00223 if (key) hsm_key_free(key); 00224 00225 /* 00226 * Test random{32,64} functions 00227 */ 00228 if (do_random) { 00229 r32 = hsm_random32(ctx); 00230 printf("random 32: %u\n", r32); 00231 r64 = hsm_random64(ctx); 00232 printf("random 64: %llu\n", r64); 00233 } 00234 00235 /* 00236 * Destroy HSM context 00237 */ 00238 if (ctx) { 00239 hsm_destroy_context(ctx); 00240 } 00241 00242 /* 00243 * Close HSM library 00244 */ 00245 result = hsm_close(); 00246 fprintf(stdout, "all done! hsm_close result: %d\n", result); 00247 00248 if (config) free(config); 00249 00250 return 0; 00251 }
1.7.6.1