Beispiel #1
0
int
cmd_generate (int argc, char *argv[])
{
    char *repository = NULL;
    char *algorithm = NULL;
    unsigned int keysize = 1024;

    hsm_key_t *key = NULL;
    hsm_ctx_t *ctx = NULL;

    if (argc < 2 || argc > 3) {
        usage();
        return -1;
    }

    repository = strdup(argv[0]);

    /* Check for repository before starting using it */
    if (hsm_token_attached(ctx, repository) == 0) {
       hsm_print_error(ctx);
       return 1;
    }

    algorithm = strdup(argv[1]);
    if (argc == 3) {
        keysize = atoi(argv[2]);
    }

    if (!strcasecmp(algorithm, "rsa")) {
        printf("Generating %d bit RSA key in repository: %s\n",
            keysize, repository);

        key = hsm_generate_rsa_key(NULL, repository, keysize);
    } else if (!strcasecmp(algorithm, "dsa")) {
        printf("Generating %d bit DSA key in repository: %s\n",
            keysize, repository);

        key = hsm_generate_dsa_key(NULL, repository, keysize);
    } else if (!strcasecmp(algorithm, "gost")) {
        printf("Generating 512 bit GOST key in repository: %s\n",
            repository);

        key = hsm_generate_gost_key(NULL, repository);
    } else if (!strcasecmp(algorithm, "ecdsa")) {
        if (keysize == 256) {
            printf("Generating a P-256 ECDSA key in repository: %s\n",
                repository);

            key = hsm_generate_ecdsa_key(NULL, repository, "P-256");
        } else if (keysize == 384) {
            printf("Generating a P-384 ECDSA key in repository: %s\n",
                repository);

            key = hsm_generate_ecdsa_key(NULL, repository, "P-384");
        } else {
            printf("Invalid ECDSA key size: %d\n", keysize);
            printf("Expecting 256 or 384.\n");
            return -1;
        }
    } else {
        printf("Unknown algorithm: %s\n", algorithm);
        return -1;
    }

    if (key) {
        hsm_key_info_t *key_info;

        key_info = hsm_get_key_info(NULL, key);
        printf("Key generation successful: %s\n",
            key_info ? key_info->id : "NULL");
        hsm_key_info_free(key_info);
        if (verbose) hsm_print_key(key);
        hsm_key_free(key);
    } else {
        printf("Key generation failed.\n");
        return -1;
    }

    return 0;
}
Beispiel #2
0
int
hsm_test (const char *repository)
{
    int result;
    const unsigned int rsa_keysizes[] = { 512, 768, 1024, 1536, 2048, 4096 };
    const unsigned int dsa_keysizes[] = { 512, 768, 1024 };
    unsigned int keysize;

    hsm_ctx_t *ctx = NULL;
    hsm_key_t *key = NULL;
    char *id;
    int errors = 0;
    unsigned int i = 0;

    /* Check for repository before starting any tests */
    if (hsm_token_attached(ctx, repository) == 0) {
        hsm_print_error(ctx);
        return 1;
    }

    /*
     * Test key generation, signing and deletion for a number of key size
     */
    for (i=0; i<(sizeof(rsa_keysizes)/sizeof(unsigned int)); i++) {
        keysize = rsa_keysizes[i];

        printf("Generating %d-bit RSA key... ", keysize);
        key = hsm_generate_rsa_key(ctx, repository, keysize);
        if (!key) {
            errors++;
            printf("Failed\n");
            hsm_print_error(ctx);
            printf("\n");
            continue;
        } else {
            printf("OK\n");
        }

        printf("Extracting key identifier... ");
        id = hsm_get_key_id(ctx, key);
        if (!id) {
            errors++;
            printf("Failed\n");
            hsm_print_error(ctx);
            printf("\n");
        } else {
            printf("OK, %s\n", id);
        }
        free(id);

        printf("Signing (RSA/SHA1) with key... ");
        result = hsm_test_sign(ctx, key, LDNS_RSASHA1);
        if (result) {
            errors++;
            printf("Failed, error: %d\n", result);
            hsm_print_error(ctx);
        } else {
            printf("OK\n");
        }

        printf("Signing (RSA/SHA256) with key... ");
        result = hsm_test_sign(ctx, key, LDNS_RSASHA256);
        if (result) {
            errors++;
            printf("Failed, error: %d\n", result);
            hsm_print_error(ctx);
        } else {
            printf("OK\n");
        }

        if ( keysize >= 1024) {
            printf("Signing (RSA/SHA512) with key... ");
            result = hsm_test_sign(ctx, key, LDNS_RSASHA512);
            if (result) {
                errors++;
                printf("Failed, error: %d\n", result);
                hsm_print_error(ctx);
            } else {
                printf("OK\n");
            }
        }

        printf("Deleting key... ");
        result = hsm_remove_key(ctx, key);
        if (result) {
            errors++;
            printf("Failed: error: %d\n", result);
            hsm_print_error(ctx);
        } else {
            printf("OK\n");
        }

        free(key);

        printf("\n");
    }

    /*
     * Test key generation, signing and deletion for a number of key size
     */
    for (i=0; i<(sizeof(dsa_keysizes)/sizeof(unsigned int)); i++) {
        keysize = dsa_keysizes[i];

        printf("Generating %d-bit DSA key... ", keysize);
        key = hsm_generate_dsa_key(ctx, repository, keysize);
        if (!key) {
            errors++;
            printf("Failed\n");
            hsm_print_error(ctx);
            printf("\n");
            continue;
        } else {
            printf("OK\n");
        }

        printf("Extracting key identifier... ");
        id = hsm_get_key_id(ctx, key);
        if (!id) {
            errors++;
            printf("Failed\n");
            hsm_print_error(ctx);
            printf("\n");
        } else {
            printf("OK, %s\n", id);
        }
        free(id);

        printf("Signing (DSA/SHA1) with key... ");
        result = hsm_test_sign(ctx, key, LDNS_DSA);
        if (result) {
            errors++;
            printf("Failed, error: %d\n", result);
            hsm_print_error(ctx);
        } else {
            printf("OK\n");
        }

        printf("Deleting key... ");
        result = hsm_remove_key(ctx, key);
        if (result) {
            errors++;
            printf("Failed: error: %d\n", result);
            hsm_print_error(ctx);
        } else {
            printf("OK\n");
        }

        free(key);

        printf("\n");
    }

    /*
     * Test key generation, signing and deletion for a number of key size
     */
    for (i=0; i<1; i++) {
        printf("Generating 512-bit GOST key... ");
        key = hsm_generate_gost_key(ctx, repository);
        if (!key) {
            errors++;
            printf("Failed\n");
            hsm_print_error(ctx);
            printf("\n");
            continue;
        } else {
            printf("OK\n");
        }

        printf("Extracting key identifier... ");
        id = hsm_get_key_id(ctx, key);
        if (!id) {
            errors++;
            printf("Failed\n");
            hsm_print_error(ctx);
            printf("\n");
        } else {
            printf("OK, %s\n", id);
        }
        free(id);

        printf("Signing (GOST) with key... ");
        result = hsm_test_sign(ctx, key, LDNS_ECC_GOST);
        if (result) {
            errors++;
            printf("Failed, error: %d\n", result);
            hsm_print_error(ctx);
        } else {
            printf("OK\n");
        }

        printf("Deleting key... ");
        result = hsm_remove_key(ctx, key);
        if (result) {
            errors++;
            printf("Failed: error: %d\n", result);
            hsm_print_error(ctx);
        } else {
            printf("OK\n");
        }

        free(key);

        printf("\n");
    }

    if (hsm_test_random()) {
        errors++;
    }

    return errors;
}