OpenDNSSEC-libhsm  1.4.6
hsmtest.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 Nominet UK.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  * notice, this list of conditions and the following disclaimer in the
12  * documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  */
26 
27 #include "config.h"
28 #include "hsmtest.h"
29 
30 #include <stdio.h>
31 #include <string.h>
32 #include <stdlib.h>
33 #include <unistd.h>
34 
35 #include <libhsm.h>
36 #include <libhsmdns.h>
37 
38 
39 static int
40 hsm_test_sign (hsm_ctx_t *ctx, hsm_key_t *key, ldns_algorithm alg)
41 {
42  int result;
43  ldns_rr_list *rrset;
44  ldns_rr *rr, *sig, *dnskey_rr;
45  ldns_status status;
46  hsm_sign_params_t *sign_params;
47 
48  rrset = ldns_rr_list_new();
49 
50  status = ldns_rr_new_frm_str(&rr, "example.com. IN A 192.168.0.1", 0, NULL, NULL);
51  if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
52 
53  status = ldns_rr_new_frm_str(&rr, "example.com. IN A 192.168.0.2", 0, NULL, NULL);
54  if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
55 
56  sign_params = hsm_sign_params_new();
57  sign_params->algorithm = alg;
58  sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "example.com.");
59  dnskey_rr = hsm_get_dnskey(ctx, key, sign_params);
60  sign_params->keytag = ldns_calc_keytag(dnskey_rr);
61 
62  sig = hsm_sign_rrset(ctx, rrset, key, sign_params);
63  if (sig) {
64  result = 0;
65  ldns_rr_free(sig);
66  } else {
67  result = 1;
68  }
69 
70  ldns_rr_list_deep_free(rrset);
71  hsm_sign_params_free(sign_params);
72  ldns_rr_free(dnskey_rr);
73 
74  return result;
75 }
76 
77 static int
78 hsm_test_random()
79 {
80  hsm_ctx_t *ctx = NULL;
81 
82  int result;
83  unsigned char rnd_buf[1024];
84  uint32_t r32;
85  uint64_t r64;
86 
87  printf("Generating %lu bytes of random data... ",
88  (unsigned long) sizeof(rnd_buf));
89  result = hsm_random_buffer(ctx, rnd_buf, sizeof(rnd_buf));
90  if (result) {
91  printf("Failed, error: %d\n", result);
92  hsm_print_error(ctx);
93  return 1;
94  } else {
95  printf("OK\n");
96  }
97 
98  printf("Generating 32-bit random data... ");
99  r32 = hsm_random32(ctx);
100  printf("%u\n", r32);
101 
102  printf("Generating 64-bit random data... ");
103  r64 = hsm_random64(ctx);
104  printf("%llu\n", (long long unsigned int)r64);
105 
106  return 0;
107 }
108 
109 int
110 hsm_test (const char *repository)
111 {
112  int result;
113  const unsigned int rsa_keysizes[] = { 512, 768, 1024, 1536, 2048, 4096 };
114  const unsigned int dsa_keysizes[] = { 512, 768, 1024 };
115  unsigned int keysize;
116 
117  hsm_ctx_t *ctx = NULL;
118  hsm_key_t *key = NULL;
119  char *id;
120  int errors = 0;
121  unsigned int i = 0;
122 
123  /* Check for repository before starting any tests */
124  if (hsm_token_attached(ctx, repository) == 0) {
125  hsm_print_error(ctx);
126  return 1;
127  }
128 
129  /*
130  * Test key generation, signing and deletion for a number of key size
131  */
132  for (i=0; i<(sizeof(rsa_keysizes)/sizeof(unsigned int)); i++) {
133  keysize = rsa_keysizes[i];
134 
135  printf("Generating %d-bit RSA key... ", keysize);
136  key = hsm_generate_rsa_key(ctx, repository, keysize);
137  if (!key) {
138  errors++;
139  printf("Failed\n");
140  hsm_print_error(ctx);
141  printf("\n");
142  continue;
143  } else {
144  printf("OK\n");
145  }
146 
147  printf("Extracting key identifier... ");
148  id = hsm_get_key_id(ctx, key);
149  if (!id) {
150  errors++;
151  printf("Failed\n");
152  hsm_print_error(ctx);
153  printf("\n");
154  } else {
155  printf("OK, %s\n", id);
156  }
157  free(id);
158 
159  printf("Signing (RSA/SHA1) with key... ");
160  result = hsm_test_sign(ctx, key, LDNS_RSASHA1);
161  if (result) {
162  errors++;
163  printf("Failed, error: %d\n", result);
164  hsm_print_error(ctx);
165  } else {
166  printf("OK\n");
167  }
168 
169  printf("Signing (RSA/SHA256) with key... ");
170  result = hsm_test_sign(ctx, key, LDNS_RSASHA256);
171  if (result) {
172  errors++;
173  printf("Failed, error: %d\n", result);
174  hsm_print_error(ctx);
175  } else {
176  printf("OK\n");
177  }
178 
179  if ( keysize >= 1024) {
180  printf("Signing (RSA/SHA512) with key... ");
181  result = hsm_test_sign(ctx, key, LDNS_RSASHA512);
182  if (result) {
183  errors++;
184  printf("Failed, error: %d\n", result);
185  hsm_print_error(ctx);
186  } else {
187  printf("OK\n");
188  }
189  }
190 
191  printf("Deleting key... ");
192  result = hsm_remove_key(ctx, key);
193  if (result) {
194  errors++;
195  printf("Failed: error: %d\n", result);
196  hsm_print_error(ctx);
197  } else {
198  printf("OK\n");
199  }
200 
201  free(key);
202 
203  printf("\n");
204  }
205 
206  /*
207  * Test key generation, signing and deletion for a number of key size
208  */
209  for (i=0; i<(sizeof(dsa_keysizes)/sizeof(unsigned int)); i++) {
210  keysize = dsa_keysizes[i];
211 
212  printf("Generating %d-bit DSA key... ", keysize);
213  key = hsm_generate_dsa_key(ctx, repository, keysize);
214  if (!key) {
215  errors++;
216  printf("Failed\n");
217  hsm_print_error(ctx);
218  printf("\n");
219  continue;
220  } else {
221  printf("OK\n");
222  }
223 
224  printf("Extracting key identifier... ");
225  id = hsm_get_key_id(ctx, key);
226  if (!id) {
227  errors++;
228  printf("Failed\n");
229  hsm_print_error(ctx);
230  printf("\n");
231  } else {
232  printf("OK, %s\n", id);
233  }
234  free(id);
235 
236  printf("Signing (DSA/SHA1) with key... ");
237  result = hsm_test_sign(ctx, key, LDNS_DSA);
238  if (result) {
239  errors++;
240  printf("Failed, error: %d\n", result);
241  hsm_print_error(ctx);
242  } else {
243  printf("OK\n");
244  }
245 
246  printf("Deleting key... ");
247  result = hsm_remove_key(ctx, key);
248  if (result) {
249  errors++;
250  printf("Failed: error: %d\n", result);
251  hsm_print_error(ctx);
252  } else {
253  printf("OK\n");
254  }
255 
256  free(key);
257 
258  printf("\n");
259  }
260 
261  /*
262  * Test key generation, signing and deletion for a number of key size
263  */
264  for (i=0; i<1; i++) {
265  printf("Generating 512-bit GOST key... ");
266  key = hsm_generate_gost_key(ctx, repository);
267  if (!key) {
268  errors++;
269  printf("Failed\n");
270  hsm_print_error(ctx);
271  printf("\n");
272  continue;
273  } else {
274  printf("OK\n");
275  }
276 
277  printf("Extracting key identifier... ");
278  id = hsm_get_key_id(ctx, key);
279  if (!id) {
280  errors++;
281  printf("Failed\n");
282  hsm_print_error(ctx);
283  printf("\n");
284  } else {
285  printf("OK, %s\n", id);
286  }
287  free(id);
288 
289  printf("Signing (GOST) with key... ");
290  result = hsm_test_sign(ctx, key, LDNS_ECC_GOST);
291  if (result) {
292  errors++;
293  printf("Failed, error: %d\n", result);
294  hsm_print_error(ctx);
295  } else {
296  printf("OK\n");
297  }
298 
299  printf("Deleting key... ");
300  result = hsm_remove_key(ctx, key);
301  if (result) {
302  errors++;
303  printf("Failed: error: %d\n", result);
304  hsm_print_error(ctx);
305  } else {
306  printf("OK\n");
307  }
308 
309  free(key);
310 
311  printf("\n");
312  }
313 
314  if (hsm_test_random()) {
315  errors++;
316  }
317 
318  return errors;
319 }
char * hsm_get_key_id(hsm_ctx_t *ctx, const hsm_key_t *key)
Definition: libhsm.c:2657
void hsm_sign_params_free(hsm_sign_params_t *params)
Definition: libhsm.c:2222
uint32_t hsm_random32(hsm_ctx_t *ctx)
Definition: libhsm.c:3045
ldns_rdf * owner
Definition: libhsmdns.h:47
hsm_key_t * hsm_generate_dsa_key(hsm_ctx_t *ctx, const char *repository, unsigned long keysize)
Definition: libhsm.c:2413
ldns_rr * hsm_get_dnskey(hsm_ctx_t *ctx, const hsm_key_t *key, const hsm_sign_params_t *sign_params)
Definition: libhsm.c:2970
int hsm_token_attached(hsm_ctx_t *ctx, const char *repository)
Definition: libhsm.c:3127
uint16_t keytag
Definition: libhsmdns.h:45
hsm_sign_params_t * hsm_sign_params_new()
Definition: libhsm.c:2205
ldns_algorithm algorithm
Definition: libhsmdns.h:37
int hsm_test(const char *repository)
Definition: hsmtest.c:110
hsm_key_t * hsm_generate_gost_key(hsm_ctx_t *ctx, const char *repository)
Definition: libhsm.c:2527
uint64_t hsm_random64(hsm_ctx_t *ctx)
Definition: libhsm.c:3060
int hsm_remove_key(hsm_ctx_t *ctx, hsm_key_t *key)
Definition: libhsm.c:2609
int hsm_random_buffer(hsm_ctx_t *ctx, unsigned char *buffer, unsigned long length)
Definition: libhsm.c:3017
hsm_key_t * hsm_generate_rsa_key(hsm_ctx_t *ctx, const char *repository, unsigned long keysize)
Definition: libhsm.c:2324
void hsm_print_error(hsm_ctx_t *gctx)
Definition: libhsm.c:3253
ldns_rr * hsm_sign_rrset(hsm_ctx_t *ctx, const ldns_rr_list *rrset, const hsm_key_t *key, const hsm_sign_params_t *sign_params)
Definition: libhsm.c:2749