OpenDNSSEC-libhsm  1.3.16
hsmtest.c
Go to the documentation of this file.
1 /*
2  * $Id: hsmtest.c 6123 2012-02-02 09:04:39Z rb $
3  *
4  * Copyright (c) 2009 Nominet UK.
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
22  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
24  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
25  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
26  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  */
28 
29 #include "config.h"
30 #include "hsmtest.h"
31 
32 #include <stdio.h>
33 #include <string.h>
34 #include <stdlib.h>
35 #include <unistd.h>
36 
37 #include <libhsm.h>
38 #include <libhsmdns.h>
39 
40 
41 static int
42 hsm_test_sign (hsm_ctx_t *ctx, hsm_key_t *key, ldns_algorithm alg)
43 {
44  int result;
45  ldns_rr_list *rrset;
46  ldns_rr *rr, *sig, *dnskey_rr;
47  ldns_status status;
48  hsm_sign_params_t *sign_params;
49 
50  rrset = ldns_rr_list_new();
51 
52  status = ldns_rr_new_frm_str(&rr, "example.com. IN A 192.168.0.1", 0, NULL, NULL);
53  if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
54 
55  status = ldns_rr_new_frm_str(&rr, "example.com. IN A 192.168.0.2", 0, NULL, NULL);
56  if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
57 
58  sign_params = hsm_sign_params_new();
59  sign_params->algorithm = alg;
60  sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "example.com.");
61  dnskey_rr = hsm_get_dnskey(ctx, key, sign_params);
62  sign_params->keytag = ldns_calc_keytag(dnskey_rr);
63 
64  sig = hsm_sign_rrset(ctx, rrset, key, sign_params);
65  if (sig) {
66  result = 0;
67  ldns_rr_free(sig);
68  } else {
69  result = 1;
70  }
71 
72  ldns_rr_list_deep_free(rrset);
73  hsm_sign_params_free(sign_params);
74  ldns_rr_free(dnskey_rr);
75 
76  return result;
77 }
78 
79 static int
80 hsm_test_random()
81 {
82  hsm_ctx_t *ctx = NULL;
83 
84  int result;
85  unsigned char rnd_buf[1024];
86  uint32_t r32;
87  uint64_t r64;
88 
89  printf("Generating %lu bytes of random data... ",
90  (unsigned long) sizeof(rnd_buf));
91  result = hsm_random_buffer(ctx, rnd_buf, sizeof(rnd_buf));
92  if (result) {
93  printf("Failed, error: %d\n", result);
94  hsm_print_error(ctx);
95  return 1;
96  } else {
97  printf("OK\n");
98  }
99 
100  printf("Generating 32-bit random data... ");
101  r32 = hsm_random32(ctx);
102  printf("%u\n", r32);
103 
104  printf("Generating 64-bit random data... ");
105  r64 = hsm_random64(ctx);
106  printf("%llu\n", (long long unsigned int)r64);
107 
108  return 0;
109 }
110 
111 int
112 hsm_test (const char *repository)
113 {
114  int result;
115  const unsigned int keysizes[] = { 512, 768, 1024, 1536, 2048, 4096 };
116  unsigned int keysize;
117 
118  hsm_ctx_t *ctx = NULL;
119  hsm_key_t *key = NULL;
120  char *id;
121  int errors = 0;
122  unsigned int i = 0;
123 
124  /* Check for repository before starting any tests */
125  if (hsm_token_attached(ctx, repository) == 0) {
126  hsm_print_error(ctx);
127  return 1;
128  }
129 
130  /*
131  * Test key generation, signing and deletion for a number of key size
132  */
133  for (i=0; i<(sizeof(keysizes)/sizeof(unsigned int)); i++) {
134  keysize = keysizes[i];
135 
136  printf("Generating %d-bit RSA key... ", keysize);
137  key = hsm_generate_rsa_key(ctx, repository, keysize);
138  if (!key) {
139  errors++;
140  printf("Failed\n");
141  hsm_print_error(ctx);
142  printf("\n");
143  continue;
144  } else {
145  printf("OK\n");
146  }
147 
148  printf("Extracting key identifier... ");
149  id = hsm_get_key_id(ctx, key);
150  if (!id) {
151  errors++;
152  printf("Failed\n");
153  hsm_print_error(ctx);
154  printf("\n");
155  } else {
156  printf("OK, %s\n", id);
157  }
158  free(id);
159 
160  printf("Signing (RSA/SHA1) with key... ");
161  result = hsm_test_sign(ctx, key, LDNS_RSASHA1);
162  if (result) {
163  errors++;
164  printf("Failed, error: %d\n", result);
165  hsm_print_error(ctx);
166  } else {
167  printf("OK\n");
168  }
169 
170  printf("Signing (RSA/SHA256) with key... ");
171  result = hsm_test_sign(ctx, key, LDNS_RSASHA256);
172  if (result) {
173  errors++;
174  printf("Failed, error: %d\n", result);
175  hsm_print_error(ctx);
176  } else {
177  printf("OK\n");
178  }
179 
180  if ( keysize >= 1024) {
181  printf("Signing (RSA/SHA512) with key... ");
182  result = hsm_test_sign(ctx, key, LDNS_RSASHA512);
183  if (result) {
184  errors++;
185  printf("Failed, error: %d\n", result);
186  hsm_print_error(ctx);
187  } else {
188  printf("OK\n");
189  }
190  }
191 
192  printf("Deleting key... ");
193  result = hsm_remove_key(ctx, key);
194  if (result) {
195  errors++;
196  printf("Failed: error: %d\n", result);
197  hsm_print_error(ctx);
198  } else {
199  printf("OK\n");
200  }
201 
202  free(key);
203 
204  printf("\n");
205  }
206 
207  if (hsm_test_random()) {
208  errors++;
209  }
210 
211  return errors;
212 }
char * hsm_get_key_id(hsm_ctx_t *ctx, const hsm_key_t *key)
Definition: libhsm.c:2197
void hsm_sign_params_free(hsm_sign_params_t *params)
Definition: libhsm.c:1961
uint32_t hsm_random32(hsm_ctx_t *ctx)
Definition: libhsm.c:2572
ldns_rdf * owner
Definition: libhsmdns.h:49
ldns_rr * hsm_get_dnskey(hsm_ctx_t *ctx, const hsm_key_t *key, const hsm_sign_params_t *sign_params)
Definition: libhsm.c:2497
int hsm_token_attached(hsm_ctx_t *ctx, const char *repository)
Definition: libhsm.c:2654
uint16_t keytag
Definition: libhsmdns.h:47
hsm_sign_params_t * hsm_sign_params_new()
Definition: libhsm.c:1944
ldns_algorithm algorithm
Definition: libhsmdns.h:39
int hsm_test(const char *repository)
Definition: hsmtest.c:112
uint64_t hsm_random64(hsm_ctx_t *ctx)
Definition: libhsm.c:2587
int hsm_remove_key(hsm_ctx_t *ctx, hsm_key_t *key)
Definition: libhsm.c:2149
int hsm_random_buffer(hsm_ctx_t *ctx, unsigned char *buffer, unsigned long length)
Definition: libhsm.c:2544
hsm_key_t * hsm_generate_rsa_key(hsm_ctx_t *ctx, const char *repository, unsigned long keysize)
Definition: libhsm.c:2063
void hsm_print_error(hsm_ctx_t *gctx)
Definition: libhsm.c:2773
ldns_rr * hsm_sign_rrset(hsm_ctx_t *ctx, const ldns_rr_list *rrset, const hsm_key_t *key, const hsm_sign_params_t *sign_params)
Definition: libhsm.c:2279