OpenDNSSEC-libhsm  1.4.5
hsmcheck.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 Nominet UK.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  * notice, this list of conditions and the following disclaimer in the
12  * documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  */
26 
27 #include "config.h"
28 
29 #include <stdio.h>
30 #include <string.h>
31 #include <stdlib.h>
32 #include <unistd.h>
33 
34 #include <libhsm.h>
35 #include <libhsmdns.h>
36 
37 extern char *optarg;
38 char *progname = NULL;
39 
40 void
42 {
43  fprintf(stderr, "usage: %s [-c config] [-gsdr]\n", progname);
44 }
45 
46 int
47 main (int argc, char *argv[])
48 {
49  int result;
50  hsm_ctx_t *ctx;
51  hsm_key_t **keys;
52  hsm_key_t *key = NULL;
53  char *id;
54  size_t key_count = 0;
55  size_t i;
56  ldns_rr_list *rrset;
57  ldns_rr *rr, *sig, *dnskey_rr;
58  ldns_status status;
59  hsm_sign_params_t *sign_params;
60 
61  int do_generate = 0;
62  int do_sign = 0;
63  int do_delete = 0;
64  int do_random = 0;
65 
66  int res;
67  uint32_t r32;
68  uint64_t r64;
69 
70  char *config = NULL;
71  const char *repository = "default";
72 
73  int ch;
74 
75  progname = argv[0];
76 
77  while ((ch = getopt(argc, argv, "hgsdrc:")) != -1) {
78  switch (ch) {
79  case 'c':
80  config = strdup(optarg);
81  break;
82  case 'g':
83  do_generate = 1;
84  break;
85  case 'h':
86  usage();
87  exit(0);
88  break;
89  case 's':
90  do_sign = 1;
91  break;
92  case 'd':
93  do_delete = 1;
94  break;
95  case 'r':
96  do_random = 1;
97  break;
98  default:
99  usage();
100  exit(1);
101  }
102  }
103 
104  if (!config) {
105  usage();
106  exit(1);
107  }
108 
109  /*
110  * Open HSM library
111  */
112  fprintf(stdout, "Starting HSM lib test\n");
113  result = hsm_open(config, hsm_prompt_pin);
114  fprintf(stdout, "hsm_open result: %d\n", result);
115 
116  /*
117  * Create HSM context
118  */
119  ctx = hsm_create_context();
120  printf("global: ");
121  hsm_print_ctx(NULL);
122  printf("my: ");
123  hsm_print_ctx(ctx);
124 
125  /*
126  * Generate a new key OR find any key with an ID
127  */
128  if (do_generate) {
129  key = hsm_generate_rsa_key(ctx, repository, 1024);
130 
131  if (key) {
132  printf("\nCreated key!\n");
133  hsm_print_key(key);
134  printf("\n");
135  } else {
136  printf("Error creating key, bad token name?\n");
137  hsm_print_error(ctx);
138  exit(1);
139  }
140  } else if (do_sign || do_delete) {
141  keys = hsm_list_keys(ctx, &key_count);
142  printf("I have found %u keys\n", (unsigned int) key_count);
143 
144  /* let's just use the very first key we find and throw away the rest */
145  for (i = 0; i < key_count && !key; i++) {
146  printf("\nFound key!\n");
147  hsm_print_key(keys[i]);
148 
149  id = hsm_get_key_id(ctx, keys[i]);
150 
151  if (id) {
152  printf("Using key ID: %s\n", id);
153  if (key) hsm_key_free(key);
154  key = hsm_find_key_by_id(ctx, id);
155  printf("ptr: 0x%p\n", (void *) key);
156  free(id);
157  } else {
158  printf("Got no key ID (broken key?), skipped...\n");
159  }
160 
161  hsm_key_free(keys[i]);
162  }
163  free(keys);
164 
165  if (!key) {
166  printf("Failed to find useful key\n");
167  exit(1);
168  }
169  }
170 
171  /*
172  * Do some signing
173  */
174  if (do_sign) {
175  printf("\nSigning with:\n");
176  hsm_print_key(key);
177  printf("\n");
178 
179  rrset = ldns_rr_list_new();
180 
181  status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 123.123.123.123", 0, NULL, NULL);
182  if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
183  status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 124.124.124.124", 0, NULL, NULL);
184  if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
185 
186  sign_params = hsm_sign_params_new();
187  sign_params->algorithm = LDNS_RSASHA1;
188  sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "opendnssec.se.");
189  dnskey_rr = hsm_get_dnskey(ctx, key, sign_params);
190  sign_params->keytag = ldns_calc_keytag(dnskey_rr);
191 
192  sig = hsm_sign_rrset(ctx, rrset, key, sign_params);
193  if (sig) {
194  ldns_rr_list_print(stdout, rrset);
195  ldns_rr_print(stdout, sig);
196  ldns_rr_print(stdout, dnskey_rr);
197  ldns_rr_free(sig);
198  } else {
199  hsm_print_error(ctx);
200  exit(-1);
201  }
202 
203  /* cleanup */
204  ldns_rr_list_deep_free(rrset);
205  hsm_sign_params_free(sign_params);
206  ldns_rr_free(dnskey_rr);
207  }
208 
209  /*
210  * Delete key
211  */
212  if (do_delete) {
213  printf("\nDelete key:\n");
214  hsm_print_key(key);
215  /* res = hsm_remove_key(ctx, key); */
216  res = hsm_remove_key(ctx, key);
217  printf("Deleted key. Result: %d\n", res);
218  printf("\n");
219  }
220 
221  if (key) hsm_key_free(key);
222 
223  /*
224  * Test random{32,64} functions
225  */
226  if (do_random) {
227  r32 = hsm_random32(ctx);
228  printf("random 32: %u\n", r32);
229  r64 = hsm_random64(ctx);
230  printf("random 64: %llu\n", (long long unsigned int)r64);
231  }
232 
233  /*
234  * Destroy HSM context
235  */
236  if (ctx) {
237  hsm_destroy_context(ctx);
238  }
239 
240  /*
241  * Close HSM library
242  */
243  result = hsm_close();
244  fprintf(stdout, "all done! hsm_close result: %d\n", result);
245 
246  if (config) free(config);
247 
248  return 0;
249 }