int
cmd_generate (int argc, char *argv[])
{
char *repository = NULL;
char *algorithm = NULL;
unsigned int keysize = 1024;
hsm_key_t *key = NULL;
hsm_ctx_t *ctx = NULL;
if (argc < 2 || argc > 3) {
usage();
return -1;
}
repository = strdup(argv[0]);
/* Check for repository before starting using it */
if (hsm_token_attached(ctx, repository) == 0) {
hsm_print_error(ctx);
return 1;
}
algorithm = strdup(argv[1]);
if (argc == 3) {
keysize = atoi(argv[2]);
}
if (!strcasecmp(algorithm, "rsa")) {
printf("Generating %d bit RSA key in repository: %s\n",
keysize, repository);
key = hsm_generate_rsa_key(NULL, repository, keysize);
} else if (!strcasecmp(algorithm, "dsa")) {
printf("Generating %d bit DSA key in repository: %s\n",
keysize, repository);
key = hsm_generate_dsa_key(NULL, repository, keysize);
} else if (!strcasecmp(algorithm, "gost")) {
printf("Generating 512 bit GOST key in repository: %s\n",
repository);
key = hsm_generate_gost_key(NULL, repository);
} else if (!strcasecmp(algorithm, "ecdsa")) {
if (keysize == 256) {
printf("Generating a P-256 ECDSA key in repository: %s\n",
repository);
key = hsm_generate_ecdsa_key(NULL, repository, "P-256");
} else if (keysize == 384) {
printf("Generating a P-384 ECDSA key in repository: %s\n",
repository);
key = hsm_generate_ecdsa_key(NULL, repository, "P-384");
} else {
printf("Invalid ECDSA key size: %d\n", keysize);
printf("Expecting 256 or 384.\n");
return -1;
}
} else {
printf("Unknown algorithm: %s\n", algorithm);
return -1;
}
if (key) {
hsm_key_info_t *key_info;
key_info = hsm_get_key_info(NULL, key);
printf("Key generation successful: %s\n",
key_info ? key_info->id : "NULL");
hsm_key_info_free(key_info);
if (verbose) hsm_print_key(key);
hsm_key_free(key);
} else {
printf("Key generation failed.\n");
return -1;
}
return 0;
}
int
hsm_test (const char *repository)
{
int result;
const unsigned int rsa_keysizes[] = { 512, 768, 1024, 1536, 2048, 4096 };
const unsigned int dsa_keysizes[] = { 512, 768, 1024 };
unsigned int keysize;
hsm_ctx_t *ctx = NULL;
hsm_key_t *key = NULL;
char *id;
int errors = 0;
unsigned int i = 0;
/* Check for repository before starting any tests */
if (hsm_token_attached(ctx, repository) == 0) {
hsm_print_error(ctx);
return 1;
}
/*
* Test key generation, signing and deletion for a number of key size
*/
for (i=0; i<(sizeof(rsa_keysizes)/sizeof(unsigned int)); i++) {
keysize = rsa_keysizes[i];
printf("Generating %d-bit RSA key... ", keysize);
key = hsm_generate_rsa_key(ctx, repository, keysize);
if (!key) {
errors++;
printf("Failed\n");
hsm_print_error(ctx);
printf("\n");
continue;
} else {
printf("OK\n");
}
printf("Extracting key identifier... ");
id = hsm_get_key_id(ctx, key);
if (!id) {
errors++;
printf("Failed\n");
hsm_print_error(ctx);
printf("\n");
} else {
printf("OK, %s\n", id);
}
free(id);
printf("Signing (RSA/SHA1) with key... ");
result = hsm_test_sign(ctx, key, LDNS_RSASHA1);
if (result) {
errors++;
printf("Failed, error: %d\n", result);
hsm_print_error(ctx);
} else {
printf("OK\n");
}
printf("Signing (RSA/SHA256) with key... ");
result = hsm_test_sign(ctx, key, LDNS_RSASHA256);
if (result) {
errors++;
printf("Failed, error: %d\n", result);
hsm_print_error(ctx);
} else {
printf("OK\n");
}
if ( keysize >= 1024) {
printf("Signing (RSA/SHA512) with key... ");
result = hsm_test_sign(ctx, key, LDNS_RSASHA512);
if (result) {
errors++;
printf("Failed, error: %d\n", result);
hsm_print_error(ctx);
} else {
printf("OK\n");
}
}
printf("Deleting key... ");
result = hsm_remove_key(ctx, key);
if (result) {
errors++;
printf("Failed: error: %d\n", result);
hsm_print_error(ctx);
} else {
printf("OK\n");
}
free(key);
printf("\n");
}
/*
* Test key generation, signing and deletion for a number of key size
*/
for (i=0; i<(sizeof(dsa_keysizes)/sizeof(unsigned int)); i++) {
keysize = dsa_keysizes[i];
printf("Generating %d-bit DSA key... ", keysize);
key = hsm_generate_dsa_key(ctx, repository, keysize);
if (!key) {
errors++;
printf("Failed\n");
hsm_print_error(ctx);
printf("\n");
continue;
} else {
printf("OK\n");
}
printf("Extracting key identifier... ");
id = hsm_get_key_id(ctx, key);
if (!id) {
errors++;
printf("Failed\n");
hsm_print_error(ctx);
printf("\n");
} else {
printf("OK, %s\n", id);
}
free(id);
printf("Signing (DSA/SHA1) with key... ");
result = hsm_test_sign(ctx, key, LDNS_DSA);
if (result) {
errors++;
printf("Failed, error: %d\n", result);
hsm_print_error(ctx);
} else {
printf("OK\n");
}
printf("Deleting key... ");
result = hsm_remove_key(ctx, key);
if (result) {
errors++;
printf("Failed: error: %d\n", result);
hsm_print_error(ctx);
} else {
printf("OK\n");
}
free(key);
printf("\n");
}
/*
* Test key generation, signing and deletion for a number of key size
*/
for (i=0; i<1; i++) {
printf("Generating 512-bit GOST key... ");
key = hsm_generate_gost_key(ctx, repository);
if (!key) {
errors++;
printf("Failed\n");
hsm_print_error(ctx);
printf("\n");
continue;
} else {
printf("OK\n");
}
printf("Extracting key identifier... ");
id = hsm_get_key_id(ctx, key);
if (!id) {
errors++;
printf("Failed\n");
hsm_print_error(ctx);
printf("\n");
} else {
printf("OK, %s\n", id);
}
free(id);
printf("Signing (GOST) with key... ");
result = hsm_test_sign(ctx, key, LDNS_ECC_GOST);
if (result) {
errors++;
printf("Failed, error: %d\n", result);
hsm_print_error(ctx);
} else {
printf("OK\n");
}
printf("Deleting key... ");
result = hsm_remove_key(ctx, key);
if (result) {
errors++;
printf("Failed: error: %d\n", result);
hsm_print_error(ctx);
} else {
printf("OK\n");
}
free(key);
printf("\n");
}
if (hsm_test_random()) {
errors++;
}
return errors;
}