int cmd_generate (int argc, char *argv[]) { char *repository = NULL; char *algorithm = NULL; unsigned int keysize = 1024; hsm_key_t *key = NULL; hsm_ctx_t *ctx = NULL; if (argc < 2 || argc > 3) { usage(); return -1; } repository = strdup(argv[0]); /* Check for repository before starting using it */ if (hsm_token_attached(ctx, repository) == 0) { hsm_print_error(ctx); return 1; } algorithm = strdup(argv[1]); if (argc == 3) { keysize = atoi(argv[2]); } if (!strcasecmp(algorithm, "rsa")) { printf("Generating %d bit RSA key in repository: %s\n", keysize, repository); key = hsm_generate_rsa_key(NULL, repository, keysize); } else if (!strcasecmp(algorithm, "dsa")) { printf("Generating %d bit DSA key in repository: %s\n", keysize, repository); key = hsm_generate_dsa_key(NULL, repository, keysize); } else if (!strcasecmp(algorithm, "gost")) { printf("Generating 512 bit GOST key in repository: %s\n", repository); key = hsm_generate_gost_key(NULL, repository); } else if (!strcasecmp(algorithm, "ecdsa")) { if (keysize == 256) { printf("Generating a P-256 ECDSA key in repository: %s\n", repository); key = hsm_generate_ecdsa_key(NULL, repository, "P-256"); } else if (keysize == 384) { printf("Generating a P-384 ECDSA key in repository: %s\n", repository); key = hsm_generate_ecdsa_key(NULL, repository, "P-384"); } else { printf("Invalid ECDSA key size: %d\n", keysize); printf("Expecting 256 or 384.\n"); return -1; } } else { printf("Unknown algorithm: %s\n", algorithm); return -1; } if (key) { hsm_key_info_t *key_info; key_info = hsm_get_key_info(NULL, key); printf("Key generation successful: %s\n", key_info ? key_info->id : "NULL"); hsm_key_info_free(key_info); if (verbose) hsm_print_key(key); hsm_key_free(key); } else { printf("Key generation failed.\n"); return -1; } return 0; }
int hsm_test (const char *repository) { int result; const unsigned int rsa_keysizes[] = { 512, 768, 1024, 1536, 2048, 4096 }; const unsigned int dsa_keysizes[] = { 512, 768, 1024 }; unsigned int keysize; hsm_ctx_t *ctx = NULL; hsm_key_t *key = NULL; char *id; int errors = 0; unsigned int i = 0; /* Check for repository before starting any tests */ if (hsm_token_attached(ctx, repository) == 0) { hsm_print_error(ctx); return 1; } /* * Test key generation, signing and deletion for a number of key size */ for (i=0; i<(sizeof(rsa_keysizes)/sizeof(unsigned int)); i++) { keysize = rsa_keysizes[i]; printf("Generating %d-bit RSA key... ", keysize); key = hsm_generate_rsa_key(ctx, repository, keysize); if (!key) { errors++; printf("Failed\n"); hsm_print_error(ctx); printf("\n"); continue; } else { printf("OK\n"); } printf("Extracting key identifier... "); id = hsm_get_key_id(ctx, key); if (!id) { errors++; printf("Failed\n"); hsm_print_error(ctx); printf("\n"); } else { printf("OK, %s\n", id); } free(id); printf("Signing (RSA/SHA1) with key... "); result = hsm_test_sign(ctx, key, LDNS_RSASHA1); if (result) { errors++; printf("Failed, error: %d\n", result); hsm_print_error(ctx); } else { printf("OK\n"); } printf("Signing (RSA/SHA256) with key... "); result = hsm_test_sign(ctx, key, LDNS_RSASHA256); if (result) { errors++; printf("Failed, error: %d\n", result); hsm_print_error(ctx); } else { printf("OK\n"); } if ( keysize >= 1024) { printf("Signing (RSA/SHA512) with key... "); result = hsm_test_sign(ctx, key, LDNS_RSASHA512); if (result) { errors++; printf("Failed, error: %d\n", result); hsm_print_error(ctx); } else { printf("OK\n"); } } printf("Deleting key... "); result = hsm_remove_key(ctx, key); if (result) { errors++; printf("Failed: error: %d\n", result); hsm_print_error(ctx); } else { printf("OK\n"); } free(key); printf("\n"); } /* * Test key generation, signing and deletion for a number of key size */ for (i=0; i<(sizeof(dsa_keysizes)/sizeof(unsigned int)); i++) { keysize = dsa_keysizes[i]; printf("Generating %d-bit DSA key... ", keysize); key = hsm_generate_dsa_key(ctx, repository, keysize); if (!key) { errors++; printf("Failed\n"); hsm_print_error(ctx); printf("\n"); continue; } else { printf("OK\n"); } printf("Extracting key identifier... "); id = hsm_get_key_id(ctx, key); if (!id) { errors++; printf("Failed\n"); hsm_print_error(ctx); printf("\n"); } else { printf("OK, %s\n", id); } free(id); printf("Signing (DSA/SHA1) with key... "); result = hsm_test_sign(ctx, key, LDNS_DSA); if (result) { errors++; printf("Failed, error: %d\n", result); hsm_print_error(ctx); } else { printf("OK\n"); } printf("Deleting key... "); result = hsm_remove_key(ctx, key); if (result) { errors++; printf("Failed: error: %d\n", result); hsm_print_error(ctx); } else { printf("OK\n"); } free(key); printf("\n"); } /* * Test key generation, signing and deletion for a number of key size */ for (i=0; i<1; i++) { printf("Generating 512-bit GOST key... "); key = hsm_generate_gost_key(ctx, repository); if (!key) { errors++; printf("Failed\n"); hsm_print_error(ctx); printf("\n"); continue; } else { printf("OK\n"); } printf("Extracting key identifier... "); id = hsm_get_key_id(ctx, key); if (!id) { errors++; printf("Failed\n"); hsm_print_error(ctx); printf("\n"); } else { printf("OK, %s\n", id); } free(id); printf("Signing (GOST) with key... "); result = hsm_test_sign(ctx, key, LDNS_ECC_GOST); if (result) { errors++; printf("Failed, error: %d\n", result); hsm_print_error(ctx); } else { printf("OK\n"); } printf("Deleting key... "); result = hsm_remove_key(ctx, key); if (result) { errors++; printf("Failed: error: %d\n", result); hsm_print_error(ctx); } else { printf("OK\n"); } free(key); printf("\n"); } if (hsm_test_random()) { errors++; } return errors; }