/** * Open HSM. * */ int lhsm_open(const char* filename) { int result = hsm_open(filename, hsm_check_pin); if (result != HSM_OK) { char* error = hsm_get_error(NULL); if (error != NULL) { ods_log_error("[%s] %s", hsm_str, error); free(error); } else { ods_log_crit("[%s] error opening libhsm (errno %i)", hsm_str, result); } /* exit? */ } else { ods_log_info("[%s] libhsm connection opened succesfully", hsm_str); } return result; }
int main (int argc, char *argv[]) { int result; hsm_ctx_t *ctx; hsm_key_t **keys; hsm_key_t *key = NULL; char *id; size_t key_count = 0; size_t i; ldns_rr_list *rrset; ldns_rr *rr, *sig, *dnskey_rr; ldns_status status; hsm_sign_params_t *sign_params; int do_generate = 0; int do_sign = 0; int do_delete = 0; int do_random = 0; int res; uint32_t r32; uint64_t r64; char *config = NULL; const char *repository = "default"; int ch; progname = argv[0]; while ((ch = getopt(argc, argv, "hgsdrc:")) != -1) { switch (ch) { case 'c': config = strdup(optarg); break; case 'g': do_generate = 1; break; case 'h': usage(); exit(0); break; case 's': do_sign = 1; break; case 'd': do_delete = 1; break; case 'r': do_random = 1; break; default: usage(); exit(1); } } if (!config) { usage(); exit(1); } /* * Open HSM library */ fprintf(stdout, "Starting HSM lib test\n"); result = hsm_open(config, hsm_prompt_pin); fprintf(stdout, "hsm_open result: %d\n", result); /* * Create HSM context */ ctx = hsm_create_context(); printf("global: "); hsm_print_ctx(NULL); printf("my: "); hsm_print_ctx(ctx); /* * Generate a new key OR find any key with an ID */ if (do_generate) { key = hsm_generate_rsa_key(ctx, repository, 1024); if (key) { printf("\nCreated key!\n"); hsm_print_key(key); printf("\n"); } else { printf("Error creating key, bad token name?\n"); hsm_print_error(ctx); exit(1); } } else if (do_sign || do_delete) { keys = hsm_list_keys(ctx, &key_count); printf("I have found %u keys\n", (unsigned int) key_count); /* let's just use the very first key we find and throw away the rest */ for (i = 0; i < key_count && !key; i++) { printf("\nFound key!\n"); hsm_print_key(keys[i]); id = hsm_get_key_id(ctx, keys[i]); if (id) { printf("Using key ID: %s\n", id); if (key) hsm_key_free(key); key = hsm_find_key_by_id(ctx, id); printf("ptr: 0x%p\n", (void *) key); free(id); } else { printf("Got no key ID (broken key?), skipped...\n"); } hsm_key_free(keys[i]); } free(keys); if (!key) { printf("Failed to find useful key\n"); exit(1); } } /* * Do some signing */ if (do_sign) { printf("\nSigning with:\n"); hsm_print_key(key); printf("\n"); rrset = ldns_rr_list_new(); status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 123.123.123.123", 0, NULL, NULL); if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr); status = ldns_rr_new_frm_str(&rr, "regress.opendnssec.se. IN A 124.124.124.124", 0, NULL, NULL); if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr); sign_params = hsm_sign_params_new(); sign_params->algorithm = LDNS_RSASHA1; sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "opendnssec.se."); dnskey_rr = hsm_get_dnskey(ctx, key, sign_params); sign_params->keytag = ldns_calc_keytag(dnskey_rr); sig = hsm_sign_rrset(ctx, rrset, key, sign_params); if (sig) { ldns_rr_list_print(stdout, rrset); ldns_rr_print(stdout, sig); ldns_rr_print(stdout, dnskey_rr); ldns_rr_free(sig); } else { hsm_print_error(ctx); exit(-1); } /* cleanup */ ldns_rr_list_deep_free(rrset); hsm_sign_params_free(sign_params); ldns_rr_free(dnskey_rr); } /* * Delete key */ if (do_delete) { printf("\nDelete key:\n"); hsm_print_key(key); /* res = hsm_remove_key(ctx, key); */ res = hsm_remove_key(ctx, key); printf("Deleted key. Result: %d\n", res); printf("\n"); } if (key) hsm_key_free(key); /* * Test random{32,64} functions */ if (do_random) { r32 = hsm_random32(ctx); printf("random 32: %u\n", r32); r64 = hsm_random64(ctx); printf("random 64: %llu\n", (long long unsigned int)r64); } /* * Destroy HSM context */ if (ctx) { hsm_destroy_context(ctx); } /* * Close HSM library */ result = hsm_close(); fprintf(stdout, "all done! hsm_close result: %d\n", result); if (config) free(config); return 0; }
int main (int argc, char *argv[]) { int result; char *config = NULL; int ch; progname = argv[0]; while ((ch = getopt(argc, argv, "c:vVh")) != -1) { switch (ch) { case 'c': config = strdup(optarg); break; case 'v': verbose++; break; case 'V': version(); exit(0); break; case 'h': usage(); exit(0); break; default: usage(); exit(1); } } argc -= optind; argv += optind; if (!argc) { usage(); exit(1); } if (!strcasecmp(argv[0], "logout")) { if (config) free(config); exit(cmd_logout()); } result = hsm_open(config, hsm_prompt_pin); if (result) { hsm_print_error(NULL); exit(-1); } openlog("hsmutil", LOG_PID, LOG_USER); if (!strcasecmp(argv[0], "login")) { argc --; argv ++; result = cmd_login(); } else if (!strcasecmp(argv[0], "list")) { argc --; argv ++; result = cmd_list(argc, argv); } else if (!strcasecmp(argv[0], "generate")) { argc --; argv ++; result = cmd_generate(argc, argv); } else if (!strcasecmp(argv[0], "remove")) { argc --; argv ++; result = cmd_remove(argc, argv); } else if (!strcasecmp(argv[0], "purge")) { argc --; argv ++; result = cmd_purge(argc, argv); } else if (!strcasecmp(argv[0], "dnskey")) { argc --; argv ++; result = cmd_dnskey(argc, argv); } else if (!strcasecmp(argv[0], "test")) { argc --; argv ++; result = cmd_test(argc, argv); } else if (!strcasecmp(argv[0], "info")) { argc --; argv ++; result = cmd_info(); } else if (!strcasecmp(argv[0], "debug")) { argc --; argv ++; result = cmd_debug(); } else { usage(); result = -1; } (void) hsm_close(); if (config) free(config); closelog(); exit(result); }
/** * Set up engine and return the setup status. * */ static ods_status engine_setup_and_return_status(engine_type* engine) { struct sigaction action; int result = 0; int fd; ods_log_debug("[%s] enforcer setup", engine_str); if (!engine || !engine->config) { return ODS_STATUS_ASSERT_ERR; } /* create command handler (before chowning socket file) */ engine->cmdhandler = cmdhandler_create(engine->allocator, engine->config->clisock_filename); if (!engine->cmdhandler) { ods_log_error("[%s] create command handler to %s failed", engine_str, engine->config->clisock_filename); return ODS_STATUS_CMDHANDLER_ERR; } /* privdrop */ engine->uid = privuid(engine->config->username); engine->gid = privgid(engine->config->group); /* TODO: does piddir exists? */ /* remove the chown stuff: piddir? */ ods_chown(engine->config->pid_filename, engine->uid, engine->gid, 1); ods_chown(engine->config->clisock_filename, engine->uid, engine->gid, 0); ods_chown(engine->config->working_dir, engine->uid, engine->gid, 0); if (engine->config->log_filename && !engine->config->use_syslog) { ods_chown(engine->config->log_filename, engine->uid, engine->gid, 0); } if (engine->config->working_dir && chdir(engine->config->working_dir) != 0) { ods_log_error("[%s] chdir to %s failed: %s", engine_str, engine->config->working_dir, strerror(errno)); return ODS_STATUS_CHDIR_ERR; } if (engine_privdrop(engine) != ODS_STATUS_OK) { ods_log_error("[%s] unable to drop privileges", engine_str); return ODS_STATUS_PRIVDROP_ERR; } /* daemonize */ if (engine->daemonize) { switch ((engine->pid = fork())) { case -1: /* error */ ods_log_error("[%s] unable to fork daemon: %s", engine_str, strerror(errno)); return ODS_STATUS_FORK_ERR; case 0: /* child */ if ((fd = open("/dev/null", O_RDWR, 0)) != -1) { (void)dup2(fd, STDIN_FILENO); (void)dup2(fd, STDOUT_FILENO); (void)dup2(fd, STDERR_FILENO); if (fd > 2) (void)close(fd); } break; default: /* parent */ engine_cleanup(engine); engine = NULL; xmlCleanupParser(); xmlCleanupGlobals(); xmlCleanupThreads(); exit(0); } if (setsid() == -1) { ods_log_error("[%s] unable to setsid daemon (%s)", engine_str, strerror(errno)); return ODS_STATUS_SETSID_ERR; } } engine->pid = getpid(); ods_log_verbose("[%s] running as pid %lu", engine_str, (unsigned long) engine->pid); /* catch signals */ signal_set_engine(engine); action.sa_handler = signal_handler; sigfillset(&action.sa_mask); action.sa_flags = 0; sigaction(SIGHUP, &action, NULL); sigaction(SIGTERM, &action, NULL); /* set up hsm */ /* LEAK */ result = hsm_open(engine->config->cfg_filename, hsm_prompt_pin, NULL); if (result != HSM_OK) { ods_log_error("[%s] error initializing libhsm (errno %i)", engine_str, result); return ODS_STATUS_HSM_ERR; } /* create workers */ engine_create_workers(engine); engine_create_drudgers(engine); /* start command handler */ engine_start_cmdhandler(engine); /* write pidfile */ if (util_write_pidfile(engine->config->pid_filename, engine->pid) == -1) { hsm_close(); ods_log_error("[%s] unable to write pid file", engine_str); return ODS_STATUS_WRITE_PIDFILE_ERR; } return ODS_STATUS_OK; }
int main (int argc, char *argv[]) { int result; hsm_ctx_t *ctx = NULL; hsm_key_t *key = NULL; unsigned int keysize = 1024; unsigned int iterations = 1; unsigned int threads = 1; static struct timeval start,end; char *config = NULL; const char *repository = NULL; sign_arg_t sign_arg_array[PTHREAD_THREADS_MAX]; pthread_t thread_array[PTHREAD_THREADS_MAX]; pthread_attr_t thread_attr; void *thread_status; int ch; unsigned int n; double elapsed, speed; progname = argv[0]; while ((ch = getopt(argc, argv, "c:i:r:s:t:")) != -1) { switch (ch) { case 'c': config = strdup(optarg); break; case 'i': iterations = atoi(optarg); break; case 'r': repository = strdup(optarg); break; case 's': keysize = atoi(optarg); break; case 't': threads = atoi(optarg); break; default: usage(); exit(1); } } if (!repository) { usage(); exit(1); } #if 0 if (!config) { usage(); exit(1); } #endif /* Open HSM library */ fprintf(stderr, "Opening HSM Library...\n"); result = hsm_open(config, hsm_prompt_pin, NULL); if (result) { fprintf(stderr, "hsm_open() returned %d\n", result); exit(-1); } /* Create HSM context */ ctx = hsm_create_context(); if (! ctx) { fprintf(stderr, "hsm_create_context() returned error\n"); exit(-1); } /* Generate a temporary key */ fprintf(stderr, "Generating temporary key...\n"); key = hsm_generate_rsa_key(ctx, repository, keysize); if (key) { char *id = hsm_get_key_id(ctx, key); fprintf(stderr, "Temporary key created: %s\n", id); free(id); } else { fprintf(stderr, "Could not generate a key pair in repository \"%s\"\n", repository); exit(-1); } /* Prepare threads */ pthread_attr_init(&thread_attr); pthread_attr_setdetachstate(&thread_attr, PTHREAD_CREATE_JOINABLE); for (n=0; n<threads; n++) { sign_arg_array[n].id = n; sign_arg_array[n].ctx = hsm_create_context(); if (! sign_arg_array[n].ctx) { fprintf(stderr, "hsm_create_context() returned error\n"); exit(-1); } sign_arg_array[n].key = key; sign_arg_array[n].iterations = iterations; } fprintf(stderr, "Signing %d RRsets with %s using %d %s...\n", iterations, algoname, threads, (threads > 1 ? "threads" : "thread")); gettimeofday(&start, NULL); /* Create threads for signing */ for (n=0; n<threads; n++) { result = pthread_create(&thread_array[n], &thread_attr, sign, (void *) &sign_arg_array[n]); if (result) { fprintf(stderr, "pthread_create() returned %d\n", result); exit(EXIT_FAILURE); } } /* Wait for threads to finish */ for (n=0; n<threads; n++) { result = pthread_join(thread_array[n], &thread_status); if (result) { fprintf(stderr, "pthread_join() returned %d\n", result); exit(EXIT_FAILURE); } } gettimeofday(&end, NULL); fprintf(stderr, "Signing done.\n"); /* Report results */ end.tv_sec -= start.tv_sec; end.tv_usec-= start.tv_usec; elapsed =(double)(end.tv_sec)+(double)(end.tv_usec)*.000001; speed = iterations / elapsed * threads; printf("%d %s, %d signatures per thread, %.2f sig/s (RSA %d bits)\n", threads, (threads > 1 ? "threads" : "thread"), iterations, speed, keysize); /* Delete temporary key */ fprintf(stderr, "Deleting temporary key...\n"); result = hsm_remove_key(ctx, key); if (result) { fprintf(stderr, "hsm_remove_key() returned %d\n", result); exit(-1); } /* Clean up */ hsm_destroy_context(ctx); (void) hsm_close(); if (config) free(config); return 0; }