OpenDNSSEC-libhsm  1.4.10
hsmtest.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 Nominet UK.
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  * notice, this list of conditions and the following disclaimer in the
12  * documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  */
26 
27 #include "config.h"
28 
29 #include <stdio.h>
30 #include <string.h>
31 #include <stdlib.h>
32 #include <unistd.h>
33 
34 #include <libhsm.h>
35 #include <libhsmdns.h>
36 #include "hsmtest.h"
37 
38 static int
39 hsm_test_sign (hsm_ctx_t *ctx, hsm_key_t *key, ldns_algorithm alg)
40 {
41  int result;
42  ldns_rr_list *rrset;
43  ldns_rr *rr, *sig, *dnskey_rr;
44  ldns_status status;
45  hsm_sign_params_t *sign_params;
46 
47  rrset = ldns_rr_list_new();
48 
49  status = ldns_rr_new_frm_str(&rr, "example.com. IN A 192.168.0.1", 0, NULL, NULL);
50  if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
51 
52  status = ldns_rr_new_frm_str(&rr, "example.com. IN A 192.168.0.2", 0, NULL, NULL);
53  if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
54 
55  sign_params = hsm_sign_params_new();
56  sign_params->algorithm = alg;
57  sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "example.com.");
58  dnskey_rr = hsm_get_dnskey(ctx, key, sign_params);
59  sign_params->keytag = ldns_calc_keytag(dnskey_rr);
60 
61  sig = hsm_sign_rrset(ctx, rrset, key, sign_params);
62  if (sig) {
63  result = 0;
64  ldns_rr_free(sig);
65  } else {
66  result = 1;
67  }
68 
69  ldns_rr_list_deep_free(rrset);
70  hsm_sign_params_free(sign_params);
71  ldns_rr_free(dnskey_rr);
72 
73  return result;
74 }
75 
76 static int
77 hsm_test_random()
78 {
79  hsm_ctx_t *ctx = NULL;
80 
81  int result;
82  unsigned char rnd_buf[1024];
83  uint32_t r32;
84  uint64_t r64;
85 
86  printf("Generating %lu bytes of random data... ",
87  (unsigned long) sizeof(rnd_buf));
88  result = hsm_random_buffer(ctx, rnd_buf, sizeof(rnd_buf));
89  if (result) {
90  printf("Failed, error: %d\n", result);
91  hsm_print_error(ctx);
92  return 1;
93  } else {
94  printf("OK\n");
95  }
96 
97  printf("Generating 32-bit random data... ");
98  r32 = hsm_random32(ctx);
99  printf("%u\n", r32);
100 
101  printf("Generating 64-bit random data... ");
102  r64 = hsm_random64(ctx);
103  printf("%llu\n", (long long unsigned int)r64);
104 
105  return 0;
106 }
107 
108 int
109 hsm_test (hsm_ctx_t *ctx, const char *repository)
110 {
111  int result;
112  const unsigned int rsa_keysizes[] = { 512, 768, 1024, 1536, 2048, 4096 };
113  const unsigned int dsa_keysizes[] = { 512, 768, 1024 };
114  unsigned int keysize;
115 
116  hsm_key_t *key = NULL;
117  char *id;
118  int errors = 0;
119  unsigned int i = 0;
120 
121  /* Check for repository before starting any tests */
122  if (hsm_token_attached(ctx, repository) == 0) {
123  hsm_print_error(ctx);
124  return 1;
125  }
126 
127  /*
128  * Test key generation, signing and deletion for a number of key size
129  */
130  for (i=0; i<(sizeof(rsa_keysizes)/sizeof(unsigned int)); i++) {
131  keysize = rsa_keysizes[i];
132 
133  printf("Generating %d-bit RSA key... ", keysize);
134  key = hsm_generate_rsa_key(ctx, repository, keysize);
135  if (!key) {
136  errors++;
137  printf("Failed\n");
138  hsm_print_error(ctx);
139  printf("\n");
140  continue;
141  } else {
142  printf("OK\n");
143  }
144 
145  printf("Extracting key identifier... ");
146  id = hsm_get_key_id(ctx, key);
147  if (!id) {
148  errors++;
149  printf("Failed\n");
150  hsm_print_error(ctx);
151  printf("\n");
152  } else {
153  printf("OK, %s\n", id);
154  }
155  free(id);
156 
157  printf("Signing (RSA/SHA1) with key... ");
158  result = hsm_test_sign(ctx, key, LDNS_RSASHA1);
159  if (result) {
160  errors++;
161  printf("Failed, error: %d\n", result);
162  hsm_print_error(ctx);
163  } else {
164  printf("OK\n");
165  }
166 
167  printf("Signing (RSA/SHA256) with key... ");
168  result = hsm_test_sign(ctx, key, LDNS_RSASHA256);
169  if (result) {
170  errors++;
171  printf("Failed, error: %d\n", result);
172  hsm_print_error(ctx);
173  } else {
174  printf("OK\n");
175  }
176 
177  if ( keysize >= 1024) {
178  printf("Signing (RSA/SHA512) with key... ");
179  result = hsm_test_sign(ctx, key, LDNS_RSASHA512);
180  if (result) {
181  errors++;
182  printf("Failed, error: %d\n", result);
183  hsm_print_error(ctx);
184  } else {
185  printf("OK\n");
186  }
187  }
188 
189  printf("Deleting key... ");
190  result = hsm_remove_key(ctx, key);
191  if (result) {
192  errors++;
193  printf("Failed: error: %d\n", result);
194  hsm_print_error(ctx);
195  } else {
196  printf("OK\n");
197  }
198 
199  free(key);
200 
201  printf("\n");
202  }
203 
204  /*
205  * Test key generation, signing and deletion for a number of key size
206  */
207  for (i=0; i<(sizeof(dsa_keysizes)/sizeof(unsigned int)); i++) {
208  keysize = dsa_keysizes[i];
209 
210  printf("Generating %d-bit DSA key... ", keysize);
211  key = hsm_generate_dsa_key(ctx, repository, keysize);
212  if (!key) {
213  errors++;
214  printf("Failed\n");
215  hsm_print_error(ctx);
216  printf("\n");
217  continue;
218  } else {
219  printf("OK\n");
220  }
221 
222  printf("Extracting key identifier... ");
223  id = hsm_get_key_id(ctx, key);
224  if (!id) {
225  errors++;
226  printf("Failed\n");
227  hsm_print_error(ctx);
228  printf("\n");
229  } else {
230  printf("OK, %s\n", id);
231  }
232  free(id);
233 
234  printf("Signing (DSA/SHA1) with key... ");
235  result = hsm_test_sign(ctx, key, LDNS_DSA);
236  if (result) {
237  errors++;
238  printf("Failed, error: %d\n", result);
239  hsm_print_error(ctx);
240  } else {
241  printf("OK\n");
242  }
243 
244  printf("Deleting key... ");
245  result = hsm_remove_key(ctx, key);
246  if (result) {
247  errors++;
248  printf("Failed: error: %d\n", result);
249  hsm_print_error(ctx);
250  } else {
251  printf("OK\n");
252  }
253 
254  free(key);
255 
256  printf("\n");
257  }
258 
259  /*
260  * Test key generation, signing and deletion for a number of key size
261  */
262  for (i=0; i<1; i++) {
263  printf("Generating 512-bit GOST key... ");
264  key = hsm_generate_gost_key(ctx, repository);
265  if (!key) {
266  errors++;
267  printf("Failed\n");
268  hsm_print_error(ctx);
269  printf("\n");
270  continue;
271  } else {
272  printf("OK\n");
273  }
274 
275  printf("Extracting key identifier... ");
276  id = hsm_get_key_id(ctx, key);
277  if (!id) {
278  errors++;
279  printf("Failed\n");
280  hsm_print_error(ctx);
281  printf("\n");
282  } else {
283  printf("OK, %s\n", id);
284  }
285  free(id);
286 
287  printf("Signing (GOST) with key... ");
288  result = hsm_test_sign(ctx, key, LDNS_ECC_GOST);
289  if (result) {
290  errors++;
291  printf("Failed, error: %d\n", result);
292  hsm_print_error(ctx);
293  } else {
294  printf("OK\n");
295  }
296 
297  printf("Deleting key... ");
298  result = hsm_remove_key(ctx, key);
299  if (result) {
300  errors++;
301  printf("Failed: error: %d\n", result);
302  hsm_print_error(ctx);
303  } else {
304  printf("OK\n");
305  }
306 
307  free(key);
308 
309  printf("\n");
310  }
311 
312  if (hsm_test_random()) {
313  errors++;
314  }
315 
316  return errors;
317 }
char * hsm_get_key_id(hsm_ctx_t *ctx, const hsm_key_t *key)
Definition: libhsm.c:2723
void hsm_sign_params_free(hsm_sign_params_t *params)
Definition: libhsm.c:2253
uint32_t hsm_random32(hsm_ctx_t *ctx)
Definition: libhsm.c:3106
int hsm_test(hsm_ctx_t *ctx, const char *repository)
Definition: hsmtest.c:109
ldns_rdf * owner
Definition: libhsmdns.h:47
hsm_key_t * hsm_generate_dsa_key(hsm_ctx_t *ctx, const char *repository, unsigned long keysize)
Definition: libhsm.c:2448
ldns_rr * hsm_get_dnskey(hsm_ctx_t *ctx, const hsm_key_t *key, const hsm_sign_params_t *sign_params)
Definition: libhsm.c:3033
int hsm_token_attached(hsm_ctx_t *ctx, const char *repository)
Definition: libhsm.c:3187
uint16_t keytag
Definition: libhsmdns.h:45
hsm_sign_params_t * hsm_sign_params_new()
Definition: libhsm.c:2236
ldns_algorithm algorithm
Definition: libhsmdns.h:37
hsm_key_t * hsm_generate_gost_key(hsm_ctx_t *ctx, const char *repository)
Definition: libhsm.c:2578
hsm_ctx_t * ctx
Definition: hsmutil.c:43
uint64_t hsm_random64(hsm_ctx_t *ctx)
Definition: libhsm.c:3121
int hsm_remove_key(hsm_ctx_t *ctx, hsm_key_t *key)
Definition: libhsm.c:2675
int hsm_random_buffer(hsm_ctx_t *ctx, unsigned char *buffer, unsigned long length)
Definition: libhsm.c:3079
hsm_key_t * hsm_generate_rsa_key(hsm_ctx_t *ctx, const char *repository, unsigned long keysize)
Definition: libhsm.c:2356
void hsm_print_error(hsm_ctx_t *gctx)
Definition: libhsm.c:3300
ldns_rr * hsm_sign_rrset(hsm_ctx_t *ctx, const ldns_rr_list *rrset, const hsm_key_t *key, const hsm_sign_params_t *sign_params)
Definition: libhsm.c:2813