OpenDNSSEC-libhsm  2.1.3
hsmcheck.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 Nominet UK.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  * notice, this list of conditions and the following disclaimer in the
12  * documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  */
26 
27 #include "config.h"
28 
29 #include <stdio.h>
30 #include <string.h>
31 #include <stdlib.h>
32 #include <unistd.h>
33 
34 #include "libhsm.h"
35 #include <libhsmdns.h>
36 
37 extern char *optarg;
38 char *progname = NULL;
39 
40 extern hsm_repository_t* parse_conf_repositories(const char* cfgfile);
41 
42 
43 static void
44 usage ()
45 {
46  fprintf(stderr, "usage: %s [-c config] [-gsdr]\n", progname);
47 }
48 
49 int
50 main (int argc, char *argv[])
51 {
52  int result;
53  hsm_ctx_t *ctx;
54  libhsm_key_t **keys;
55  libhsm_key_t *key = NULL;
56  char *id;
57  size_t key_count = 0;
58  size_t i;
59  ldns_rr_list *rrset;
60  ldns_rr *rr, *sig, *dnskey_rr;
61  ldns_status status;
62  hsm_sign_params_t *sign_params;
63 
64  int do_generate = 0;
65  int do_sign = 0;
66  int do_delete = 0;
67  int do_random = 0;
68 
69  int res;
70  uint32_t r32;
71  uint64_t r64;
72 
73  char *config = NULL;
74  const char *repository = "default";
75 
76  int ch;
77 
78  progname = argv[0];
79 
80  while ((ch = getopt(argc, argv, "hgsdrc:")) != -1) {
81  switch (ch) {
82  case 'c':
83  config = strdup(optarg);
84  break;
85  case 'g':
86  do_generate = 1;
87  break;
88  case 'h':
89  usage();
90  exit(0);
91  break;
92  case 's':
93  do_sign = 1;
94  break;
95  case 'd':
96  do_delete = 1;
97  break;
98  case 'r':
99  do_random = 1;
100  break;
101  default:
102  usage();
103  exit(1);
104  }
105  }
106 
107  if (!config) {
108  usage();
109  exit(1);
110  }
111 
112  /*
113  * Open HSM library
114  */
115  fprintf(stdout, "Starting HSM lib test\n");
117  if (result != HSM_OK) {
118  char* error = hsm_get_error(NULL);
119  if (error != NULL) {
120  fprintf(stderr,"%s\n", error);
121  free(error);
122  }
123  }
124  fprintf(stdout, "hsm_open result: %d\n", result);
125 
126  /*
127  * Create HSM context
128  */
129  ctx = hsm_create_context();
130  hsm_print_ctx(ctx);
131 
132  /*
133  * Generate a new key OR find any key with an ID
134  */
135  if (do_generate) {
136  key = hsm_generate_rsa_key(ctx, repository, 1024);
137 
138  if (key) {
139  printf("\nCreated key!\n");
140  hsm_print_key(ctx,key);
141  printf("\n");
142  } else {
143  printf("Error creating key, bad token name?\n");
144  hsm_print_error(ctx);
145  exit(1);
146  }
147  } else if (do_sign || do_delete) {
148  keys = hsm_list_keys(ctx, &key_count);
149  printf("Found %u keys\n", (unsigned int) key_count);
150 
151  /* let's just use the very first key we find and throw away the rest */
152  for (i = 0; i < key_count && !key; i++) {
153  printf("\nFound key!\n");
154  hsm_print_key(ctx,keys[i]);
155 
156  id = hsm_get_key_id(ctx, keys[i]);
157 
158  if (id) {
159  printf("Using key ID: %s\n", id);
160  free(key);
161  key = hsm_find_key_by_id(ctx, id);
162  printf("ptr: 0x%p\n", (void *) key);
163  free(id);
164  } else {
165  printf("Got no key ID (broken key?), skipped...\n");
166  }
167 
168  libhsm_key_free(keys[i]);
169  }
170  free(keys);
171 
172  if (!key) {
173  printf("Failed to find useful key\n");
174  exit(1);
175  }
176  }
177 
178  /*
179  * Do some signing
180  */
181  if (do_sign) {
182  printf("\nSigning with:\n");
183  hsm_print_key(ctx,key);
184  printf("\n");
185 
186  rrset = ldns_rr_list_new();
187 
188  status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 123.123.123.123", 0, NULL, NULL);
189  if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
190  status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 124.124.124.124", 0, NULL, NULL);
191  if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
192 
193  sign_params = hsm_sign_params_new();
194  sign_params->algorithm = LDNS_RSASHA1;
195  sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "opendnssec.se.");
196  dnskey_rr = hsm_get_dnskey(ctx, key, sign_params);
197  sign_params->keytag = ldns_calc_keytag(dnskey_rr);
198 
199  sig = hsm_sign_rrset(ctx, rrset, key, sign_params);
200  if (sig) {
201  ldns_rr_list_print(stdout, rrset);
202  ldns_rr_print(stdout, sig);
203  ldns_rr_print(stdout, dnskey_rr);
204  ldns_rr_free(sig);
205  } else {
206  hsm_print_error(ctx);
207  exit(-1);
208  }
209 
210  /* cleanup */
211  ldns_rr_list_deep_free(rrset);
212  hsm_sign_params_free(sign_params);
213  ldns_rr_free(dnskey_rr);
214  }
215 
216  /*
217  * Delete key
218  */
219  if (do_delete) {
220  printf("\nDelete key:\n");
221  hsm_print_key(ctx, key);
222  /* res = hsm_remove_key(ctx, key); */
223  res = hsm_remove_key(ctx, key);
224  printf("Deleted key. Result: %d\n", res);
225  printf("\n");
226  }
227 
228  free(key);
229 
230  /*
231  * Test random{32,64} functions
232  */
233  if (do_random) {
234  r32 = hsm_random32(ctx);
235  printf("random 32: %u\n", r32);
236  r64 = hsm_random64(ctx);
237  printf("random 64: %llu\n", (long long unsigned int)r64);
238  }
239 
240  /*
241  * Destroy HSM context
242  */
243  hsm_destroy_context(ctx);
244 
245  /*
246  * Close HSM library
247  */
248  hsm_close();
249  fprintf(stdout, "all done! hsm_close result: %d\n", 0);
250 
251  if (config) free(config);
252 
253  return 0;
254 }
char * hsm_get_error(hsm_ctx_t *gctx)
Definition: libhsm.c:3217
char * progname
Definition: hsmcheck.c:38
ldns_rr * hsm_sign_rrset(hsm_ctx_t *ctx, const ldns_rr_list *rrset, const libhsm_key_t *key, const hsm_sign_params_t *sign_params)
Definition: libhsm.c:2957
hsm_repository_t * parse_conf_repositories(const char *cfgfile)
Definition: confparser.c:51
void hsm_sign_params_free(hsm_sign_params_t *params)
Definition: libhsm.c:2360
void libhsm_key_free(libhsm_key_t *key)
Definition: libhsm.c:2369
uint32_t hsm_random32(hsm_ctx_t *ctx)
Definition: libhsm.c:3143
ldns_rdf * owner
Definition: libhsmdns.h:46
libhsm_key_t * hsm_find_key_by_id(hsm_ctx_t *ctx, const char *id)
Definition: libhsm.c:2419
libhsm_key_t * hsm_generate_rsa_key(hsm_ctx_t *ctx, const char *repository, unsigned long keysize)
Definition: libhsm.c:2448
void hsm_destroy_context(hsm_ctx_t *ctx)
Definition: libhsm.c:2334
ldns_rr * hsm_get_dnskey(hsm_ctx_t *ctx, const libhsm_key_t *key, const hsm_sign_params_t *sign_params)
Definition: libhsm.c:3070
char * optarg
int hsm_open2(hsm_repository_t *rlist, char *(pin_callback)(unsigned int, const char *, unsigned int))
Definition: libhsm.c:2192
uint16_t keytag
Definition: libhsmdns.h:44
int main(int argc, char *argv[])
Definition: hsmcheck.c:50
hsm_sign_params_t * hsm_sign_params_new()
Definition: libhsm.c:2343
void hsm_print_key(hsm_ctx_t *ctx, libhsm_key_t *key)
Definition: libhsm.c:3269
ldns_algorithm algorithm
Definition: libhsmdns.h:36
libhsm_key_t ** hsm_list_keys(hsm_ctx_t *ctx, size_t *count)
Definition: libhsm.c:2376
int hsm_remove_key(hsm_ctx_t *ctx, libhsm_key_t *key)
Definition: libhsm.c:2826
char * hsm_get_key_id(hsm_ctx_t *ctx, const libhsm_key_t *key)
Definition: libhsm.c:2865
hsm_ctx_t * ctx
Definition: hsmutil.c:46
uint64_t hsm_random64(hsm_ctx_t *ctx)
Definition: libhsm.c:3158
hsm_ctx_t * hsm_create_context()
Definition: libhsm.c:2269
#define HSM_OK
Definition: libhsm.h:65
void hsm_print_ctx(hsm_ctx_t *ctx)
Definition: libhsm.c:3258
void hsm_close()
Definition: libhsm.c:2259
char * hsm_prompt_pin(unsigned int id, const char *repository, unsigned int mode)
Definition: pin.c:228
void hsm_print_error(hsm_ctx_t *gctx)
Definition: libhsm.c:3295