OpenDNSSEC-libhsm 2.1.12
hsmtest.c
Go to the documentation of this file.
1/*
2 * Copyright (c) 2009 Nominet UK.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27#include "config.h"
28
29#include <stdio.h>
30#include <string.h>
31#include <stdlib.h>
32#include <unistd.h>
33#include <ldns/ldns.h>
34#include <ldns/util.h>
35
36#include "libhsm.h"
37#include <libhsmdns.h>
38#include "hsmtest.h"
39
40static int
41hsm_test_sign (hsm_ctx_t *ctx, libhsm_key_t *key, ldns_algorithm alg)
42{
43 int result;
44 ldns_rr_list *rrset;
45 ldns_rr *rr, *sig, *dnskey_rr;
46 ldns_status status;
47 hsm_sign_params_t *sign_params;
48
49 rrset = ldns_rr_list_new();
50
51 status = ldns_rr_new_frm_str(&rr, "example.com. IN A 192.168.0.1", 0, NULL, NULL);
52 if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
53
54 status = ldns_rr_new_frm_str(&rr, "example.com. IN A 192.168.0.2", 0, NULL, NULL);
55 if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
56
57 sign_params = hsm_sign_params_new();
58 sign_params->algorithm = alg;
59 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "example.com.");
60 dnskey_rr = hsm_get_dnskey(ctx, key, sign_params);
61 sign_params->keytag = ldns_calc_keytag(dnskey_rr);
62
63 sig = hsm_sign_rrset(ctx, rrset, key, sign_params);
64 if (sig) {
65 result = 0;
66 ldns_rr_free(sig);
67 } else {
68 result = 1;
69 }
70
71 ldns_rr_list_deep_free(rrset);
72 hsm_sign_params_free(sign_params);
73 ldns_rr_free(dnskey_rr);
74
75 return result;
76}
77
78static int
79hsm_test_random(hsm_ctx_t *ctx)
80{
81 int result;
82 unsigned char rnd_buf[1024];
83 uint32_t r32;
84 uint64_t r64;
85
86 printf("Generating %lu bytes of random data... ",
87 (unsigned long) sizeof(rnd_buf));
88 result = hsm_random_buffer(ctx, rnd_buf, sizeof(rnd_buf));
89 if (result) {
90 printf("Failed, error: %d\n", result);
92 return 1;
93 } else {
94 printf("OK\n");
95 }
96
97 printf("Generating 32-bit random data... ");
98 r32 = hsm_random32(ctx);
99 printf("%u\n", r32);
100
101 printf("Generating 64-bit random data... ");
102 r64 = hsm_random64(ctx);
103 printf("%llu\n", (long long unsigned int)r64);
104
105 return 0;
106}
107
108int
109hsm_test (const char *repository, hsm_ctx_t* ctx)
110{
111 int result;
112 const unsigned int rsa_keysizes[] = { 512, 768, 1024, 1536, 2048, 4096 };
113 const unsigned int dsa_keysizes[] = { 512, 768, 1024 };
114 unsigned int keysize;
115 const ldns_algorithm ec_curves[] = {
116 LDNS_ECDSAP256SHA256,
117 LDNS_ECDSAP384SHA384
118 };
119#if (LDNS_REVISION >= ((1<<16)|(7<<8)|(0)))
120 const ldns_algorithm ed_curves[] = {
121 LDNS_ED25519,
122 LDNS_ED448,
123 };
124#endif
125 ldns_algorithm curve;
126
127 libhsm_key_t *key = NULL;
128 char *id;
129 int errors = 0;
130 unsigned int i = 0;
131
132 /* Check for repository before starting any tests */
133 if (hsm_token_attached(ctx, repository) == 0) {
135 return 1;
136 }
137
138 /*
139 * Test key generation, signing and deletion for a number of key size
140 */
141 for (i=0; i<(sizeof(rsa_keysizes)/sizeof(unsigned int)); i++) {
142 keysize = rsa_keysizes[i];
143
144 printf("Generating %u-bit RSA key... ", keysize);
145 key = hsm_generate_rsa_key(ctx, repository, keysize);
146 if (!key) {
147 errors++;
148 printf("Failed\n");
150 printf("\n");
151 continue;
152 } else {
153 printf("OK\n");
154 }
155
156 printf("Extracting key identifier... ");
157 id = hsm_get_key_id(ctx, key);
158 if (!id) {
159 errors++;
160 printf("Failed\n");
162 printf("\n");
163 } else {
164 printf("OK, %s\n", id);
165 }
166 free(id);
167
168 printf("Signing (RSA/SHA1) with key... ");
169 result = hsm_test_sign(ctx, key, LDNS_RSASHA1);
170 if (result) {
171 errors++;
172 printf("Failed, error: %d\n", result);
174 } else {
175 printf("OK\n");
176 }
177
178 printf("Signing (RSA/SHA256) with key... ");
179 result = hsm_test_sign(ctx, key, LDNS_RSASHA256);
180 if (result) {
181 errors++;
182 printf("Failed, error: %d\n", result);
184 } else {
185 printf("OK\n");
186 }
187
188 if ( keysize >= 1024) {
189 printf("Signing (RSA/SHA512) with key... ");
190 result = hsm_test_sign(ctx, key, LDNS_RSASHA512);
191 if (result) {
192 errors++;
193 printf("Failed, error: %d\n", result);
195 } else {
196 printf("OK\n");
197 }
198 }
199
200 printf("Deleting key... ");
201 result = hsm_remove_key(ctx, key);
202 if (result) {
203 errors++;
204 printf("Failed: error: %d\n", result);
206 } else {
207 printf("OK\n");
208 }
209
210 libhsm_key_free(key);
211
212 printf("\n");
213 }
214
215 /*
216 * Test key generation, signing and deletion for a number of key size
217 */
218 for (i=0; i<(sizeof(dsa_keysizes)/sizeof(unsigned int)); i++) {
219 keysize = dsa_keysizes[i];
220
221 printf("Generating %u-bit DSA key... ", keysize);
222 key = hsm_generate_dsa_key(ctx, repository, keysize);
223 if (!key) {
224 errors++;
225 printf("Failed\n");
227 printf("\n");
228 continue;
229 } else {
230 printf("OK\n");
231 }
232
233 printf("Extracting key identifier... ");
234 id = hsm_get_key_id(ctx, key);
235 if (!id) {
236 errors++;
237 printf("Failed\n");
239 printf("\n");
240 } else {
241 printf("OK, %s\n", id);
242 }
243 free(id);
244
245 printf("Signing (DSA/SHA1) with key... ");
246 result = hsm_test_sign(ctx, key, LDNS_DSA);
247 if (result) {
248 errors++;
249 printf("Failed, error: %d\n", result);
251 } else {
252 printf("OK\n");
253 }
254
255 printf("Deleting key... ");
256 result = hsm_remove_key(ctx, key);
257 if (result) {
258 errors++;
259 printf("Failed: error: %d\n", result);
261 } else {
262 printf("OK\n");
263 }
264
265 libhsm_key_free(key);
266
267 printf("\n");
268 }
269
270 /*
271 * Test key generation, signing and deletion for a number of key size
272 */
273 for (i=0; i<1; i++) {
274 printf("Generating 512-bit GOST key... ");
275 key = hsm_generate_gost_key(ctx, repository);
276 if (!key) {
277 errors++;
278 printf("Failed\n");
280 printf("\n");
281 continue;
282 } else {
283 printf("OK\n");
284 }
285
286 printf("Extracting key identifier... ");
287 id = hsm_get_key_id(ctx, key);
288 if (!id) {
289 errors++;
290 printf("Failed\n");
292 printf("\n");
293 } else {
294 printf("OK, %s\n", id);
295 }
296 free(id);
297
298 printf("Signing (GOST) with key... ");
299 result = hsm_test_sign(ctx, key, LDNS_ECC_GOST);
300 if (result) {
301 errors++;
302 printf("Failed, error: %d\n", result);
304 } else {
305 printf("OK\n");
306 }
307
308 printf("Deleting key... ");
309 result = hsm_remove_key(ctx, key);
310 if (result) {
311 errors++;
312 printf("Failed: error: %d\n", result);
314 } else {
315 printf("OK\n");
316 }
317
318 libhsm_key_free(key);
319
320 printf("\n");
321 }
322
323 /*
324 * Test key generation, signing and deletion for a number of key size
325 */
326 for (i=0; i<(sizeof(ec_curves)/sizeof(ldns_algorithm)); i++) {
327 curve = ec_curves[i];
328
329 if (curve == LDNS_ECDSAP256SHA256) {
330 printf("Generating ECDSA Curve P-256 key... ");
331 key = hsm_generate_ecdsa_key(ctx, repository, "P-256");
332 } else if (curve == LDNS_ECDSAP384SHA384) {
333 printf("Generating ECDSA Curve P-384 key... ");
334 key = hsm_generate_ecdsa_key(ctx, repository, "P-384");
335 } else {
336 printf("Failed: Unknown ECDSA curve\n");
337 continue;
338 }
339 if (!key) {
340 errors++;
341 printf("Failed\n");
343 printf("\n");
344 continue;
345 } else {
346 printf("OK\n");
347 }
348
349 printf("Extracting key identifier... ");
350 id = hsm_get_key_id(ctx, key);
351 if (!id) {
352 errors++;
353 printf("Failed\n");
355 printf("\n");
356 } else {
357 printf("OK, %s\n", id);
358 }
359 free(id);
360
361 if (curve == LDNS_ECDSAP256SHA256) {
362 printf("Signing (ECDSA/SHA256) with key... ");
363 } else if (curve == LDNS_ECDSAP384SHA384) {
364 printf("Signing (ECDSA/SHA384) with key... ");
365 } else {
366 printf("Signing with key... ");
367 }
368 }
369
370#if (LDNS_REVISION >= ((1<<16)|(7<<8)|(0)))
371 for (i=0; i<(sizeof(ed_curves)/sizeof(ldns_algorithm)); i++) {
372 curve = ed_curves[i];
373
374 switch(curve) {
375 case LDNS_ED25519:
376 printf("Generating ED25519 key... ");
377 key = hsm_generate_eddsa_key(ctx, repository, "edwards25519");
378 break;
379 case LDNS_ED448:
380 printf("Generating ED448 key... ");
381 key = hsm_generate_eddsa_key(ctx, repository, "edwards448");
382 break;
383 default:
384 continue;
385 }
386 if (!key) {
387 errors++;
388 printf("Failed\n");
390 printf("\n");
391 continue;
392 } else {
393 printf("OK\n");
394 }
395
396 printf("Extracting key identifier... ");
397 id = hsm_get_key_id(ctx, key);
398 if (!id) {
399 errors++;
400 printf("Failed\n");
402 printf("\n");
403 } else {
404 printf("OK, %s\n", id);
405 }
406 free(id);
407
408 printf("Signing with key... ");
409 result = hsm_test_sign(ctx, key, curve);
410 if (result) {
411 errors++;
412 printf("Failed, error: %d\n", result);
414 } else {
415 printf("OK\n");
416 }
417
418 printf("Deleting key... ");
419 result = hsm_remove_key(ctx, key);
420 if (result) {
421 errors++;
422 printf("Failed: error: %d\n", result);
424 } else {
425 printf("OK\n");
426 }
427
428 libhsm_key_free(key);
429
430 printf("\n");
431 }
432#endif
433
434 if (hsm_test_random(ctx)) {
435 errors++;
436 }
437
438 return errors;
439}
int hsm_test(const char *repository, hsm_ctx_t *ctx)
Definition: hsmtest.c:109
hsm_ctx_t * ctx
Definition: hsmutil.c:48
ldns_rr * hsm_sign_rrset(hsm_ctx_t *ctx, const ldns_rr_list *rrset, const libhsm_key_t *key, const hsm_sign_params_t *sign_params)
Definition: libhsm.c:3252
uint64_t hsm_random64(hsm_ctx_t *ctx)
Definition: libhsm.c:3453
uint32_t hsm_random32(hsm_ctx_t *ctx)
Definition: libhsm.c:3438
void hsm_print_error(hsm_ctx_t *gctx)
Definition: libhsm.c:3595
int hsm_token_attached(hsm_ctx_t *ctx, const char *repository)
Definition: libhsm.c:3495
libhsm_key_t * hsm_generate_rsa_key(hsm_ctx_t *ctx, const char *repository, unsigned long keysize)
Definition: libhsm.c:2644
libhsm_key_t * hsm_generate_gost_key(hsm_ctx_t *ctx, const char *repository)
Definition: libhsm.c:2846
hsm_sign_params_t * hsm_sign_params_new()
Definition: libhsm.c:2539
char * hsm_get_key_id(hsm_ctx_t *ctx, const libhsm_key_t *key)
Definition: libhsm.c:3157
int hsm_random_buffer(hsm_ctx_t *ctx, unsigned char *buffer, unsigned long length)
Definition: libhsm.c:3411
ldns_rr * hsm_get_dnskey(hsm_ctx_t *ctx, const libhsm_key_t *key, const hsm_sign_params_t *sign_params)
Definition: libhsm.c:3365
libhsm_key_t * hsm_generate_dsa_key(hsm_ctx_t *ctx, const char *repository, unsigned long keysize)
Definition: libhsm.c:2732
libhsm_key_t * hsm_generate_eddsa_key(hsm_ctx_t *ctx, const char *repository, const char *curve)
Definition: libhsm.c:3022
libhsm_key_t * hsm_generate_ecdsa_key(hsm_ctx_t *ctx, const char *repository, const char *curve)
Definition: libhsm.c:2926
int hsm_remove_key(hsm_ctx_t *ctx, libhsm_key_t *key)
Definition: libhsm.c:3118
void libhsm_key_free(libhsm_key_t *key)
Definition: libhsm.c:2565
void hsm_sign_params_free(hsm_sign_params_t *params)
Definition: libhsm.c:2556
ldns_algorithm algorithm
Definition: libhsmdns.h:36
ldns_rdf * owner
Definition: libhsmdns.h:46
uint16_t keytag
Definition: libhsmdns.h:44