OpenDNSSEC-libhsm  1.4.1
hsmcheck.c
Go to the documentation of this file.
1 /*
2  * $Id: hsmcheck.c 6560 2012-08-28 06:31:40Z rb $
3  *
4  * Copyright (c) 2009 Nominet UK.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
22  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
24  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
25  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
26  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 #include "config.h"
30 
31 #include <stdio.h>
32 #include <string.h>
33 #include <stdlib.h>
34 #include <unistd.h>
35 
36 #include <libhsm.h>
37 #include <libhsmdns.h>
38 
39 extern char *optarg;
40 char *progname = NULL;
41 
42 void
44 {
45  fprintf(stderr, "usage: %s [-c config] [-gsdr]\n", progname);
46 }
47 
48 int
49 main (int argc, char *argv[])
50 {
51  int result;
52  hsm_ctx_t *ctx;
53  hsm_key_t **keys;
54  hsm_key_t *key = NULL;
55  char *id;
56  size_t key_count = 0;
57  size_t i;
58  ldns_rr_list *rrset;
59  ldns_rr *rr, *sig, *dnskey_rr;
60  ldns_status status;
61  hsm_sign_params_t *sign_params;
62 
63  int do_generate = 0;
64  int do_sign = 0;
65  int do_delete = 0;
66  int do_random = 0;
67 
68  int res;
69  uint32_t r32;
70  uint64_t r64;
71 
72  char *config = NULL;
73  const char *repository = "default";
74 
75  int ch;
76 
77  progname = argv[0];
78 
79  while ((ch = getopt(argc, argv, "hgsdrc:")) != -1) {
80  switch (ch) {
81  case 'c':
82  config = strdup(optarg);
83  break;
84  case 'g':
85  do_generate = 1;
86  break;
87  case 'h':
88  usage();
89  exit(0);
90  break;
91  case 's':
92  do_sign = 1;
93  break;
94  case 'd':
95  do_delete = 1;
96  break;
97  case 'r':
98  do_random = 1;
99  break;
100  default:
101  usage();
102  exit(1);
103  }
104  }
105 
106  if (!config) {
107  usage();
108  exit(1);
109  }
110 
111  /*
112  * Open HSM library
113  */
114  fprintf(stdout, "Starting HSM lib test\n");
115  result = hsm_open(config, hsm_prompt_pin);
116  fprintf(stdout, "hsm_open result: %d\n", result);
117 
118  /*
119  * Create HSM context
120  */
121  ctx = hsm_create_context();
122  printf("global: ");
123  hsm_print_ctx(NULL);
124  printf("my: ");
125  hsm_print_ctx(ctx);
126 
127  /*
128  * Generate a new key OR find any key with an ID
129  */
130  if (do_generate) {
131  key = hsm_generate_rsa_key(ctx, repository, 1024);
132 
133  if (key) {
134  printf("\nCreated key!\n");
135  hsm_print_key(key);
136  printf("\n");
137  } else {
138  printf("Error creating key, bad token name?\n");
139  hsm_print_error(ctx);
140  exit(1);
141  }
142  } else if (do_sign || do_delete) {
143  keys = hsm_list_keys(ctx, &key_count);
144  printf("I have found %u keys\n", (unsigned int) key_count);
145 
146  /* let's just use the very first key we find and throw away the rest */
147  for (i = 0; i < key_count && !key; i++) {
148  printf("\nFound key!\n");
149  hsm_print_key(keys[i]);
150 
151  id = hsm_get_key_id(ctx, keys[i]);
152 
153  if (id) {
154  printf("Using key ID: %s\n", id);
155  if (key) hsm_key_free(key);
156  key = hsm_find_key_by_id(ctx, id);
157  printf("ptr: 0x%p\n", (void *) key);
158  free(id);
159  } else {
160  printf("Got no key ID (broken key?), skipped...\n");
161  }
162 
163  hsm_key_free(keys[i]);
164  }
165  free(keys);
166 
167  if (!key) {
168  printf("Failed to find useful key\n");
169  exit(1);
170  }
171  }
172 
173  /*
174  * Do some signing
175  */
176  if (do_sign) {
177  printf("\nSigning with:\n");
178  hsm_print_key(key);
179  printf("\n");
180 
181  rrset = ldns_rr_list_new();
182 
183  status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 123.123.123.123", 0, NULL, NULL);
184  if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
185  status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 124.124.124.124", 0, NULL, NULL);
186  if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
187 
188  sign_params = hsm_sign_params_new();
189  sign_params->algorithm = LDNS_RSASHA1;
190  sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "opendnssec.se.");
191  dnskey_rr = hsm_get_dnskey(ctx, key, sign_params);
192  sign_params->keytag = ldns_calc_keytag(dnskey_rr);
193 
194  sig = hsm_sign_rrset(ctx, rrset, key, sign_params);
195  if (sig) {
196  ldns_rr_list_print(stdout, rrset);
197  ldns_rr_print(stdout, sig);
198  ldns_rr_print(stdout, dnskey_rr);
199  ldns_rr_free(sig);
200  } else {
201  hsm_print_error(ctx);
202  exit(-1);
203  }
204 
205  /* cleanup */
206  ldns_rr_list_deep_free(rrset);
207  hsm_sign_params_free(sign_params);
208  ldns_rr_free(dnskey_rr);
209  }
210 
211  /*
212  * Delete key
213  */
214  if (do_delete) {
215  printf("\nDelete key:\n");
216  hsm_print_key(key);
217  /* res = hsm_remove_key(ctx, key); */
218  res = hsm_remove_key(ctx, key);
219  printf("Deleted key. Result: %d\n", res);
220  printf("\n");
221  }
222 
223  if (key) hsm_key_free(key);
224 
225  /*
226  * Test random{32,64} functions
227  */
228  if (do_random) {
229  r32 = hsm_random32(ctx);
230  printf("random 32: %u\n", r32);
231  r64 = hsm_random64(ctx);
232  printf("random 64: %llu\n", (long long unsigned int)r64);
233  }
234 
235  /*
236  * Destroy HSM context
237  */
238  if (ctx) {
239  hsm_destroy_context(ctx);
240  }
241 
242  /*
243  * Close HSM library
244  */
245  result = hsm_close();
246  fprintf(stdout, "all done! hsm_close result: %d\n", result);
247 
248  if (config) free(config);
249 
250  return 0;
251 }