OpenDNSSEC-libhsm 2.1.10
hsmcheck.c
Go to the documentation of this file.
1/*
2 * Copyright (c) 2009 Nominet UK.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27#include "config.h"
28
29#include <stdio.h>
30#include <string.h>
31#include <stdlib.h>
32#include <unistd.h>
33
34#include "libhsm.h"
35#include <libhsmdns.h>
36
37extern char *optarg;
38char *progname = NULL;
39
40extern hsm_repository_t* parse_conf_repositories(const char* cfgfile);
41
42
43static void
44usage ()
45{
46 fprintf(stderr, "usage: %s [-c config] [-gsdr]\n", progname);
47}
48
49int
50main (int argc, char *argv[])
51{
52 int result;
54 libhsm_key_t **keys;
55 libhsm_key_t *key = NULL;
56 char *id;
57 size_t key_count = 0;
58 size_t i;
59 ldns_rr_list *rrset;
60 ldns_rr *rr, *sig, *dnskey_rr;
61 ldns_status status;
62 hsm_sign_params_t *sign_params;
63
64 int do_generate = 0;
65 int do_sign = 0;
66 int do_delete = 0;
67 int do_random = 0;
68
69 int res;
70 uint32_t r32;
71 uint64_t r64;
72
73 char *config = NULL;
74 const char *repository = "default";
75
76 int ch;
77
78 progname = argv[0];
79
80 while ((ch = getopt(argc, argv, "hgsdrc:")) != -1) {
81 switch (ch) {
82 case 'c':
83 config = strdup(optarg);
84 break;
85 case 'g':
86 do_generate = 1;
87 break;
88 case 'h':
89 usage();
90 exit(0);
91 break;
92 case 's':
93 do_sign = 1;
94 break;
95 case 'd':
96 do_delete = 1;
97 break;
98 case 'r':
99 do_random = 1;
100 break;
101 default:
102 usage();
103 exit(1);
104 }
105 }
106
107 if (!config) {
108 usage();
109 exit(1);
110 }
111
112 /*
113 * Open HSM library
114 */
115 fprintf(stdout, "Starting HSM lib test\n");
117 if (result != HSM_OK) {
118 char* error = hsm_get_error(NULL);
119 if (error != NULL) {
120 fprintf(stderr,"%s\n", error);
121 free(error);
122 }
123 }
124 fprintf(stdout, "hsm_open result: %d\n", result);
125
126 /*
127 * Create HSM context
128 */
131
132 /*
133 * Generate a new key OR find any key with an ID
134 */
135 if (do_generate) {
136 key = hsm_generate_rsa_key(ctx, repository, 1024);
137
138 if (key) {
139 printf("\nCreated key!\n");
140 hsm_print_key(ctx,key);
141 printf("\n");
142 } else {
143 printf("Error creating key, bad token name?\n");
145 exit(1);
146 }
147 } else if (do_sign || do_delete) {
148 keys = hsm_list_keys(ctx, &key_count);
149 printf("Found %u keys\n", (unsigned int) key_count);
150
151 /* let's just use the very first key we find and throw away the rest */
152 for (i = 0; i < key_count && !key; i++) {
153 printf("\nFound key!\n");
154 hsm_print_key(ctx,keys[i]);
155
156 id = hsm_get_key_id(ctx, keys[i]);
157
158 if (id) {
159 printf("Using key ID: %s\n", id);
160 free(key);
161 key = hsm_find_key_by_id(ctx, id);
162 printf("ptr: 0x%p\n", (void *) key);
163 free(id);
164 } else {
165 printf("Got no key ID (broken key?), skipped...\n");
166 }
167
168 libhsm_key_free(keys[i]);
169 }
170 free(keys);
171
172 if (!key) {
173 printf("Failed to find useful key\n");
174 exit(1);
175 }
176 }
177
178 /*
179 * Do some signing
180 */
181 if (do_sign) {
182 printf("\nSigning with:\n");
183 hsm_print_key(ctx,key);
184 printf("\n");
185
186 rrset = ldns_rr_list_new();
187
188 status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 123.123.123.123", 0, NULL, NULL);
189 if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
190 status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 124.124.124.124", 0, NULL, NULL);
191 if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
192
193 sign_params = hsm_sign_params_new();
194 sign_params->algorithm = LDNS_RSASHA1;
195 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "opendnssec.se.");
196 dnskey_rr = hsm_get_dnskey(ctx, key, sign_params);
197 sign_params->keytag = ldns_calc_keytag(dnskey_rr);
198
199 sig = hsm_sign_rrset(ctx, rrset, key, sign_params);
200 if (sig) {
201 ldns_rr_list_print(stdout, rrset);
202 ldns_rr_print(stdout, sig);
203 ldns_rr_print(stdout, dnskey_rr);
204 ldns_rr_free(sig);
205 } else {
207 exit(-1);
208 }
209
210 /* cleanup */
211 ldns_rr_list_deep_free(rrset);
212 hsm_sign_params_free(sign_params);
213 ldns_rr_free(dnskey_rr);
214 }
215
216 /*
217 * Delete key
218 */
219 if (do_delete) {
220 printf("\nDelete key:\n");
221 hsm_print_key(ctx, key);
222 /* res = hsm_remove_key(ctx, key); */
223 res = hsm_remove_key(ctx, key);
224 printf("Deleted key. Result: %d\n", res);
225 printf("\n");
226 }
227
228 free(key);
229
230 /*
231 * Test random{32,64} functions
232 */
233 if (do_random) {
234 r32 = hsm_random32(ctx);
235 printf("random 32: %u\n", r32);
236 r64 = hsm_random64(ctx);
237 printf("random 64: %llu\n", (long long unsigned int)r64);
238 }
239
240 /*
241 * Destroy HSM context
242 */
244
245 /*
246 * Close HSM library
247 */
248 hsm_close();
249 fprintf(stdout, "all done! hsm_close result: %d\n", 0);
250
251 if (config) free(config);
252
253 return 0;
254}
int main(int argc, char *argv[])
Definition: hsmcheck.c:50
hsm_repository_t * parse_conf_repositories(const char *cfgfile)
Definition: confparser.c:51
char * progname
Definition: hsmcheck.c:38
char * optarg
hsm_ctx_t * ctx
Definition: hsmutil.c:48
ldns_rr * hsm_sign_rrset(hsm_ctx_t *ctx, const ldns_rr_list *rrset, const libhsm_key_t *key, const hsm_sign_params_t *sign_params)
Definition: libhsm.c:3252
uint64_t hsm_random64(hsm_ctx_t *ctx)
Definition: libhsm.c:3453
char * hsm_get_error(hsm_ctx_t *gctx)
Definition: libhsm.c:3512
uint32_t hsm_random32(hsm_ctx_t *ctx)
Definition: libhsm.c:3438
void hsm_print_error(hsm_ctx_t *gctx)
Definition: libhsm.c:3595
libhsm_key_t * hsm_find_key_by_id(hsm_ctx_t *ctx, const char *id)
Definition: libhsm.c:2615
libhsm_key_t * hsm_generate_rsa_key(hsm_ctx_t *ctx, const char *repository, unsigned long keysize)
Definition: libhsm.c:2644
void hsm_print_key(hsm_ctx_t *ctx, libhsm_key_t *key)
Definition: libhsm.c:3569
hsm_sign_params_t * hsm_sign_params_new()
Definition: libhsm.c:2539
void hsm_print_ctx(hsm_ctx_t *ctx)
Definition: libhsm.c:3558
char * hsm_get_key_id(hsm_ctx_t *ctx, const libhsm_key_t *key)
Definition: libhsm.c:3157
int hsm_open2(hsm_repository_t *rlist, char *(pin_callback)(unsigned int, const char *, unsigned int))
Definition: libhsm.c:2388
ldns_rr * hsm_get_dnskey(hsm_ctx_t *ctx, const libhsm_key_t *key, const hsm_sign_params_t *sign_params)
Definition: libhsm.c:3365
void hsm_close()
Definition: libhsm.c:2455
int hsm_remove_key(hsm_ctx_t *ctx, libhsm_key_t *key)
Definition: libhsm.c:3118
void hsm_destroy_context(hsm_ctx_t *ctx)
Definition: libhsm.c:2530
libhsm_key_t ** hsm_list_keys(hsm_ctx_t *ctx, size_t *count)
Definition: libhsm.c:2572
void libhsm_key_free(libhsm_key_t *key)
Definition: libhsm.c:2565
void hsm_sign_params_free(hsm_sign_params_t *params)
Definition: libhsm.c:2556
hsm_ctx_t * hsm_create_context()
Definition: libhsm.c:2465
char * hsm_prompt_pin(unsigned int id, const char *repository, unsigned int mode)
Definition: pin.c:228
#define HSM_OK
Definition: libhsm.h:65
ldns_algorithm algorithm
Definition: libhsmdns.h:36
ldns_rdf * owner
Definition: libhsmdns.h:46
uint16_t keytag
Definition: libhsmdns.h:44