int
main(int argc, char *argv[]) {
isc_result_t result;
CK_RV rv;
CK_SLOT_ID slot = 0;
CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
CK_ULONG len;
CK_ULONG slen;
CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE;
CK_OBJECT_CLASS kClass = CKO_PUBLIC_KEY;
CK_KEY_TYPE kType = CKK_RSA;
CK_ATTRIBUTE kTemplate[] =
{
{ CKA_CLASS, &kClass, (CK_ULONG) sizeof(kClass) },
{ CKA_KEY_TYPE, &kType, (CK_ULONG) sizeof(kType) },
{ CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
{ CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
{ CKA_VERIFY, &truevalue, (CK_ULONG) sizeof(truevalue) },
{ CKA_MODULUS, modulus, (CK_ULONG) sizeof(modulus) },
{ CKA_PUBLIC_EXPONENT, exponent, (CK_ULONG) sizeof(exponent) }
};
CK_MECHANISM mech = { CKM_SHA1_RSA_PKCS, NULL, 0 };
pk11_context_t pctx;
pk11_optype_t op_type = OP_RSA;
char *lib_name = NULL;
char *pin = NULL;
int error = 0;
int c, errflg = 0;
int ontoken = 0;
unsigned int count = 1000;
unsigned int i;
struct timespec starttime;
struct timespec endtime;
while ((c = isc_commandline_parse(argc, argv, ":m:s:p:tn:")) != -1) {
switch (c) {
case 'm':
lib_name = isc_commandline_argument;
break;
case 's':
slot = atoi(isc_commandline_argument);
op_type = OP_ANY;
break;
case 'p':
pin = isc_commandline_argument;
break;
case 't':
ontoken = 1;
break;
case 'n':
count = atoi(isc_commandline_argument);
break;
case ':':
fprintf(stderr,
"Option -%c requires an operand\n",
isc_commandline_option);
errflg++;
break;
case '?':
default:
fprintf(stderr, "Unrecognised option: -%c\n",
isc_commandline_option);
errflg++;
}
}
if (errflg) {
fprintf(stderr, "Usage:\n");
fprintf(stderr,
"\tverify [-m module] [-s slot] [-p pin] "
"[-t] [-n count]\n");
exit(1);
}
pk11_result_register();
/* Initialize the CRYPTOKI library */
if (lib_name != NULL)
pk11_set_lib_name(lib_name);
if (pin == NULL)
pin = getpassphrase("Enter Pin: ");
result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
ISC_TRUE, (const char *) pin, slot);
if ((result != ISC_R_SUCCESS) &&
(result != PK11_R_NORANDOMSERVICE) &&
(result != PK11_R_NODIGESTSERVICE) &&
(result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
exit(1);
}
if (pin != NULL)
memset(pin, 0, strlen((char *)pin));
hSession = pctx.session;
/* Create the private RSA key */
if (ontoken)
kTemplate[2].pValue = &truevalue;
rv = pkcs_C_CreateObject(hSession, kTemplate, 7, &hKey);
if (rv != CKR_OK) {
fprintf(stderr, "C_CreateObject: Error = 0x%.8lX\n", rv);
error = 1;
goto exit_key;
}
/* Randomize the buffer */
len = (CK_ULONG) sizeof(buf);
rv = pkcs_C_GenerateRandom(hSession, buf, len);
if (rv != CKR_OK) {
fprintf(stderr, "C_GenerateRandom: Error = 0x%.8lX\n", rv);
goto exit_key;
}
if (clock_gettime(CLOCK_REALTIME, &starttime) < 0) {
perror("clock_gettime(start)");
goto exit_key;
}
for (i = 0; i < count; i++) {
/* Initialize Verify */
rv = pkcs_C_VerifyInit(hSession, &mech, hKey);
if (rv != CKR_OK) {
fprintf(stderr,
"C_VerifyInit[%u]: Error = 0x%.8lX\n",
i, rv);
error = 1;
break;
}
/* Perform Verify */
slen = (CK_ULONG) sizeof(sig);
rv = pkcs_C_Verify(hSession, buf, len, sig, slen);
if ((rv != CKR_OK) && (rv != CKR_SIGNATURE_INVALID)) {
fprintf(stderr,
"C_Verify[%u]: Error = 0x%.8lX\n",
i, rv);
error = 1;
break;
}
}
if (clock_gettime(CLOCK_REALTIME, &endtime) < 0) {
perror("clock_gettime(end)");
goto exit_key;
}
endtime.tv_sec -= starttime.tv_sec;
endtime.tv_nsec -= starttime.tv_nsec;
while (endtime.tv_nsec < 0) {
endtime.tv_sec -= 1;
endtime.tv_nsec += 1000000000;
}
printf("%u RSA verify in %ld.%09lds\n", i,
endtime.tv_sec, endtime.tv_nsec);
if (i > 0)
printf("%g RSA verify/s\n",
1024 * i / ((double) endtime.tv_sec +
(double) endtime.tv_nsec / 1000000000.));
exit_key:
if (hKey != CK_INVALID_HANDLE) {
rv = pkcs_C_DestroyObject(hSession, hKey);
if (rv != CKR_OK) {
fprintf(stderr,
"C_DestroyObject: Error = 0x%.8lX\n",
rv);
errflg = 1;
}
}
pk11_return_session(&pctx);
(void) pk11_finalize();
exit(error);
}
int
main(int argc, char *argv[]) {
isc_result_t result;
#ifdef HAVE_LIBSCF
char *instance = NULL;
#endif
#ifdef HAVE_GPERFTOOLS_PROFILER
(void) ProfilerStart(NULL);
#endif
/*
* Record version in core image.
* strings named.core | grep "named version:"
*/
strlcat(version,
#if defined(NO_VERSION_DATE) || !defined(__DATE__)
"named version: BIND " VERSION " <" SRCID ">",
#else
"named version: BIND " VERSION " <" SRCID "> (" __DATE__ ")",
#endif
sizeof(version));
result = isc_file_progname(*argv, program_name, sizeof(program_name));
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("program name too long");
if (strcmp(program_name, "lwresd") == 0)
ns_g_lwresdonly = ISC_TRUE;
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("failed to build internal symbol table");
isc_assertion_setcallback(assertion_failed);
isc_error_setfatal(library_fatal_error);
isc_error_setunexpected(library_unexpected_error);
ns_os_init(program_name);
dns_result_register();
dst_result_register();
isccc_result_register();
#ifdef PKCS11CRYPTO
pk11_result_register();
#endif
parse_command_line(argc, argv);
pfilter_open();
/*
* Warn about common configuration error.
*/
if (ns_g_chrootdir != NULL) {
int len = strlen(ns_g_chrootdir);
if (strncmp(ns_g_chrootdir, ns_g_conffile, len) == 0 &&
(ns_g_conffile[len] == '/' || ns_g_conffile[len] == '\\'))
ns_main_earlywarning("config filename (-c %s) contains "
"chroot path (-t %s)",
ns_g_conffile, ns_g_chrootdir);
}
result = isc_mem_create(0, 0, &ns_g_mctx);
if (result != ISC_R_SUCCESS)
ns_main_earlyfatal("isc_mem_create() failed: %s",
isc_result_totext(result));
isc_mem_setname(ns_g_mctx, "main", NULL);
setup();
/*
* Start things running and then wait for a shutdown request
* or reload.
*/
do {
result = isc_app_run();
if (result == ISC_R_RELOAD) {
ns_server_reloadwanted(ns_g_server);
} else if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"isc_app_run(): %s",
isc_result_totext(result));
/*
* Force exit.
*/
result = ISC_R_SUCCESS;
}
} while (result != ISC_R_SUCCESS);
#ifdef HAVE_LIBSCF
if (ns_smf_want_disable == 1) {
result = ns_smf_get_instance(&instance, 1, ns_g_mctx);
if (result == ISC_R_SUCCESS && instance != NULL) {
if (smf_disable_instance(instance, 0) != 0)
UNEXPECTED_ERROR(__FILE__, __LINE__,
"smf_disable_instance() "
"failed for %s : %s",
instance,
scf_strerror(scf_error()));
}
if (instance != NULL)
isc_mem_free(ns_g_mctx, instance);
}
#endif /* HAVE_LIBSCF */
cleanup();
if (want_stats) {
isc_mem_stats(ns_g_mctx, stdout);
isc_mutex_stats(stdout);
}
if (ns_g_memstatistics && memstats != NULL) {
FILE *fp = NULL;
result = isc_stdio_open(memstats, "w", &fp);
if (result == ISC_R_SUCCESS) {
isc_mem_stats(ns_g_mctx, fp);
isc_mutex_stats(fp);
isc_stdio_close(fp);
}
}
isc_mem_destroy(&ns_g_mctx);
isc_mem_checkdestroyed(stderr);
ns_main_setmemstats(NULL);
isc_app_finish();
ns_os_closedevnull();
ns_os_shutdown();
#ifdef HAVE_GPERFTOOLS_PROFILER
ProfilerStop();
#endif
return (0);
}
int
main(int argc, char *argv[]) {
isc_result_t result;
CK_RV rv;
CK_SLOT_ID slot = 0;
CK_SESSION_HANDLE hSession;
CK_MECHANISM mech = { CKM_MD5, NULL, 0 };
CK_ULONG len;
pk11_context_t pctx;
pk11_optype_t op_type = OP_DIGEST;
char *lib_name = NULL;
char *pin = NULL;
int error = 0;
isc_boolean_t logon = ISC_TRUE;
int c, errflg = 0;
size_t sum = 0;
unsigned int i;
while ((c = isc_commandline_parse(argc, argv, ":m:s:np:")) != -1) {
switch (c) {
case 'm':
lib_name = isc_commandline_argument;
break;
case 's':
slot = atoi(isc_commandline_argument);
op_type = OP_ANY;
break;
case 'n':
logon = ISC_FALSE;
break;
case 'p':
pin = isc_commandline_argument;
break;
case ':':
fprintf(stderr,
"Option -%c requires an operand\n",
isc_commandline_option);
errflg++;
break;
case '?':
default:
fprintf(stderr, "Unrecognised option: -%c\n",
isc_commandline_option);
errflg++;
}
}
if (errflg) {
fprintf(stderr, "Usage:\n");
fprintf(stderr,
"\tpkcs11-md5sum [-m module] [-s slot] [-n|-p pin]\n");
exit(1);
}
pk11_result_register();
/* Initialize the CRYPTOKI library */
if (lib_name != NULL)
pk11_set_lib_name(lib_name);
if (logon && pin == NULL)
pin = getpassphrase("Enter Pin: ");
result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE, logon,
(const char *) pin, slot);
if ((result != ISC_R_SUCCESS) &&
(result != PK11_R_NORANDOMSERVICE) &&
(result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
exit(1);
}
if (pin != NULL)
memset(pin, 0, strlen((char *)pin));
hSession = pctx.session;
rv = pkcs_C_DigestInit(hSession, &mech);
if (rv != CKR_OK) {
fprintf(stderr, "C_DigestInit: Error = 0x%.8lX\n", rv);
error = 1;
goto exit_session;
}
for (;;) {
size_t n;
for (;;) {
n = fread(buffer + sum, 1, BLOCKSIZE - sum, stdin);
sum += n;
if (sum == BLOCKSIZE)
break;
if (n == 0) {
if (ferror(stdin)) {
fprintf(stderr, "fread failed\n");
error = 1;
goto exit_session;
}
goto partial_block;
}
if (feof(stdin))
goto partial_block;
}
rv = pkcs_C_DigestUpdate(hSession, (CK_BYTE_PTR) buffer,
(CK_ULONG) BLOCKSIZE);
if (rv != CKR_OK) {
fprintf(stderr,
"C_DigestUpdate: Error = 0x%.8lX\n",
rv);
error = 1;
goto exit_session;
}
}
partial_block:
if (sum > 0) {
rv = pkcs_C_DigestUpdate(hSession, (CK_BYTE_PTR) buffer,
(CK_ULONG) sum);
if (rv != CKR_OK) {
fprintf(stderr,
"C_DigestUpdate: Error = 0x%.8lX\n",
rv);
error = 1;
goto exit_session;
}
}
len = 16;
rv = pkcs_C_DigestFinal(hSession, (CK_BYTE_PTR) digest, &len);
if (rv != CKR_OK) {
fprintf(stderr, "C_DigestFinal: Error = 0x%.8lX\n", rv);
error = 1;
goto exit_session;
}
if (len != 16) {
fprintf(stderr, "C_DigestFinal: bad length = %lu\n", len);
error = 1;
}
for (i = 0; i < 16; i++)
printf("%02x", digest[i] & 0xff);
printf("\n");
exit_session:
pk11_return_session(&pctx);
(void) pk11_finalize();
exit(error);
}
int
main(int argc, char **argv) {
isc_result_t result;
#ifdef USE_PKCS11
const char *engine = PKCS11_ENGINE;
#else
const char *engine = NULL;
#endif
char const *filename = NULL;
char *dir = NULL;
char newname[1024], oldname[1024];
char keystr[DST_KEY_FORMATSIZE];
char *endp;
int ch;
isc_entropy_t *ectx = NULL;
dst_key_t *key = NULL;
isc_uint32_t flags;
isc_buffer_t buf;
isc_boolean_t force = ISC_FALSE;
isc_boolean_t removefile = ISC_FALSE;
isc_boolean_t id = ISC_FALSE;
if (argc == 1)
usage();
result = isc_mem_create(0, 0, &mctx);
if (result != ISC_R_SUCCESS)
fatal("Out of memory");
#ifdef PKCS11CRYPTO
pk11_result_register();
#endif
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv, "E:fK:rRhv:V")) != -1) {
switch (ch) {
case 'E':
engine = isc_commandline_argument;
break;
case 'f':
force = ISC_TRUE;
break;
case 'K':
/*
* We don't have to copy it here, but do it to
* simplify cleanup later
*/
dir = isc_mem_strdup(mctx, isc_commandline_argument);
if (dir == NULL) {
fatal("Failed to allocate memory for "
"directory");
}
break;
case 'r':
removefile = ISC_TRUE;
break;
case 'R':
id = ISC_TRUE;
break;
case 'v':
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
fatal("-v must be followed by a number");
break;
case '?':
if (isc_commandline_option != '?')
fprintf(stderr, "%s: invalid argument -%c\n",
program, isc_commandline_option);
/* Falls into */
case 'h':
/* Does not return. */
usage();
case 'V':
/* Does not return. */
version(program);
default:
fprintf(stderr, "%s: unhandled option -%c\n",
program, isc_commandline_option);
exit(1);
}
}
if (argc < isc_commandline_index + 1 ||
argv[isc_commandline_index] == NULL)
fatal("The key file name was not specified");
if (argc > isc_commandline_index + 1)
fatal("Extraneous arguments");
if (dir != NULL) {
filename = argv[isc_commandline_index];
} else {
result = isc_file_splitpath(mctx, argv[isc_commandline_index],
&dir, &filename);
if (result != ISC_R_SUCCESS)
fatal("cannot process filename %s: %s",
argv[isc_commandline_index],
isc_result_totext(result));
if (strcmp(dir, ".") == 0) {
isc_mem_free(mctx, dir);
dir = NULL;
}
}
if (ectx == NULL)
setup_entropy(mctx, NULL, &ectx);
result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
if (result != ISC_R_SUCCESS)
fatal("Could not initialize hash");
result = dst_lib_init2(mctx, ectx, engine,
ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
if (result != ISC_R_SUCCESS)
fatal("Could not initialize dst: %s",
isc_result_totext(result));
isc_entropy_stopcallbacksources(ectx);
result = dst_key_fromnamedfile(filename, dir,
DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
mctx, &key);
if (result != ISC_R_SUCCESS)
fatal("Invalid keyfile name %s: %s",
filename, isc_result_totext(result));
if (id) {
fprintf(stdout, "%u\n", dst_key_rid(key));
goto cleanup;
}
dst_key_format(key, keystr, sizeof(keystr));
if (verbose > 2)
fprintf(stderr, "%s: %s\n", program, keystr);
if (force)
set_keyversion(key);
else
check_keyversion(key, keystr);
flags = dst_key_flags(key);
if ((flags & DNS_KEYFLAG_REVOKE) == 0) {
isc_stdtime_t now;
if ((flags & DNS_KEYFLAG_KSK) == 0)
fprintf(stderr, "%s: warning: Key is not flagged "
"as a KSK. Revoking a ZSK is "
"legal, but undefined.\n",
program);
isc_stdtime_get(&now);
dst_key_settime(key, DST_TIME_REVOKE, now);
dst_key_setflags(key, flags | DNS_KEYFLAG_REVOKE);
isc_buffer_init(&buf, newname, sizeof(newname));
dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf);
if (access(newname, F_OK) == 0 && !force) {
fatal("Key file %s already exists; "
"use -f to force overwrite", newname);
}
result = dst_key_tofile(key, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
dir);
if (result != ISC_R_SUCCESS) {
dst_key_format(key, keystr, sizeof(keystr));
fatal("Failed to write key %s: %s", keystr,
isc_result_totext(result));
}
isc_buffer_clear(&buf);
dst_key_buildfilename(key, 0, dir, &buf);
printf("%s\n", newname);
/*
* Remove old key file, if told to (and if
* it isn't the same as the new file)
*/
if (removefile && dst_key_alg(key) != DST_ALG_RSAMD5) {
isc_buffer_init(&buf, oldname, sizeof(oldname));
dst_key_setflags(key, flags & ~DNS_KEYFLAG_REVOKE);
dst_key_buildfilename(key, DST_TYPE_PRIVATE, dir, &buf);
if (strcmp(oldname, newname) == 0)
goto cleanup;
(void)unlink(oldname);
isc_buffer_clear(&buf);
dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf);
(void)unlink(oldname);
}
} else {
dst_key_format(key, keystr, sizeof(keystr));
fatal("Key %s is already revoked", keystr);
}
cleanup:
dst_key_free(&key);
dst_lib_destroy();
isc_hash_destroy();
cleanup_entropy(&ectx);
if (verbose > 10)
isc_mem_stats(mctx, stdout);
if (dir != NULL)
isc_mem_free(mctx, dir);
isc_mem_destroy(&mctx);
return (0);
}
int
main(int argc, char **argv) {
char *algname = NULL, *classname = NULL;
char *filename = NULL, *dir = NULL, *namestr;
char *lookaside = NULL;
char *endp;
int ch;
unsigned int dtype = DNS_DSDIGEST_SHA1;
isc_boolean_t both = ISC_TRUE;
isc_boolean_t usekeyset = ISC_FALSE;
isc_boolean_t showall = ISC_FALSE;
isc_result_t result;
isc_log_t *log = NULL;
isc_entropy_t *ectx = NULL;
dns_rdataset_t rdataset;
dns_rdata_t rdata;
dns_rdata_init(&rdata);
if (argc == 1)
usage();
result = isc_mem_create(0, 0, &mctx);
if (result != ISC_R_SUCCESS)
fatal("out of memory");
#ifdef PKCS11CRYPTO
pk11_result_register();
#endif
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv,
"12Aa:c:d:Ff:K:l:sT:v:hV")) != -1) {
switch (ch) {
case '1':
dtype = DNS_DSDIGEST_SHA1;
both = ISC_FALSE;
break;
case '2':
dtype = DNS_DSDIGEST_SHA256;
both = ISC_FALSE;
break;
case 'A':
showall = ISC_TRUE;
break;
case 'a':
algname = isc_commandline_argument;
both = ISC_FALSE;
break;
case 'c':
classname = isc_commandline_argument;
break;
case 'd':
fprintf(stderr, "%s: the -d option is deprecated; "
"use -K\n", program);
/* fall through */
case 'K':
dir = isc_commandline_argument;
if (strlen(dir) == 0U)
fatal("directory must be non-empty string");
break;
case 'f':
filename = isc_commandline_argument;
break;
case 'l':
lookaside = isc_commandline_argument;
if (strlen(lookaside) == 0U)
fatal("lookaside must be a non-empty string");
break;
case 's':
usekeyset = ISC_TRUE;
break;
case 'T':
emitttl = ISC_TRUE;
ttl = atol(isc_commandline_argument);
break;
case 'v':
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
fatal("-v must be followed by a number");
break;
case 'F':
/* Reserved for FIPS mode */
/* FALLTHROUGH */
case '?':
if (isc_commandline_option != '?')
fprintf(stderr, "%s: invalid argument -%c\n",
program, isc_commandline_option);
/* FALLTHROUGH */
case 'h':
/* Does not return. */
usage();
case 'V':
/* Does not return. */
version(program);
default:
fprintf(stderr, "%s: unhandled option -%c\n",
program, isc_commandline_option);
exit(1);
}
}
if (algname != NULL) {
if (strcasecmp(algname, "SHA1") == 0 ||
strcasecmp(algname, "SHA-1") == 0)
dtype = DNS_DSDIGEST_SHA1;
else if (strcasecmp(algname, "SHA256") == 0 ||
strcasecmp(algname, "SHA-256") == 0)
dtype = DNS_DSDIGEST_SHA256;
#if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST)
else if (strcasecmp(algname, "GOST") == 0)
dtype = DNS_DSDIGEST_GOST;
#endif
else if (strcasecmp(algname, "SHA384") == 0 ||
strcasecmp(algname, "SHA-384") == 0)
dtype = DNS_DSDIGEST_SHA384;
else
fatal("unknown algorithm %s", algname);
}
rdclass = strtoclass(classname);
if (usekeyset && filename != NULL)
fatal("cannot use both -s and -f");
/* When not using -f, -A is implicit */
if (filename == NULL)
showall = ISC_TRUE;
if (argc < isc_commandline_index + 1 && filename == NULL)
fatal("the key file name was not specified");
if (argc > isc_commandline_index + 1)
fatal("extraneous arguments");
if (ectx == NULL)
setup_entropy(mctx, NULL, &ectx);
result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
if (result != ISC_R_SUCCESS)
fatal("could not initialize hash");
result = dst_lib_init(mctx, ectx,
ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
if (result != ISC_R_SUCCESS)
fatal("could not initialize dst: %s",
isc_result_totext(result));
isc_entropy_stopcallbacksources(ectx);
setup_logging(mctx, &log);
dns_rdataset_init(&rdataset);
if (usekeyset || filename != NULL) {
if (argc < isc_commandline_index + 1 && filename != NULL) {
/* using zone name as the zone file name */
namestr = filename;
} else
namestr = argv[isc_commandline_index];
result = initname(namestr);
if (result != ISC_R_SUCCESS)
fatal("could not initialize name %s", namestr);
if (usekeyset)
result = loadkeyset(dir, &rdataset);
else
result = loadset(filename, &rdataset);
if (result != ISC_R_SUCCESS)
fatal("could not load DNSKEY set: %s\n",
isc_result_totext(result));
for (result = dns_rdataset_first(&rdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset)) {
dns_rdata_init(&rdata);
dns_rdataset_current(&rdataset, &rdata);
if (verbose > 2)
logkey(&rdata);
if (both) {
emit(DNS_DSDIGEST_SHA1, showall, lookaside,
&rdata);
emit(DNS_DSDIGEST_SHA256, showall, lookaside,
&rdata);
} else
emit(dtype, showall, lookaside, &rdata);
}
} else {
unsigned char key_buf[DST_KEY_MAXSIZE];
loadkey(argv[isc_commandline_index], key_buf,
DST_KEY_MAXSIZE, &rdata);
if (both) {
emit(DNS_DSDIGEST_SHA1, showall, lookaside, &rdata);
emit(DNS_DSDIGEST_SHA256, showall, lookaside, &rdata);
} else
emit(dtype, showall, lookaside, &rdata);
}
if (dns_rdataset_isassociated(&rdataset))
dns_rdataset_disassociate(&rdataset);
cleanup_logging(&log);
dst_lib_destroy();
isc_hash_destroy();
cleanup_entropy(&ectx);
dns_name_destroy();
if (verbose > 10)
isc_mem_stats(mctx, stdout);
isc_mem_destroy(&mctx);
fflush(stdout);
if (ferror(stdout)) {
fprintf(stderr, "write error\n");
return (1);
} else
return (0);
}
int
main(int argc, char *argv[]) {
isc_result_t result;
CK_RV rv;
CK_SLOT_ID slot = 0;
CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
CK_ULONG len = sizeof(buf);
pk11_context_t pctx;
pk11_optype_t op_type = OP_RAND;
char *lib_name = NULL;
int error = 0;
int c, errflg = 0;
unsigned int count = 1000;
unsigned int i;
struct timespec starttime;
struct timespec endtime;
while ((c = isc_commandline_parse(argc, argv, ":m:s:n:")) != -1) {
switch (c) {
case 'm':
lib_name = isc_commandline_argument;
break;
case 's':
slot = atoi(isc_commandline_argument);
op_type = OP_ANY;
break;
case 'n':
count = atoi(isc_commandline_argument);
break;
case ':':
fprintf(stderr,
"Option -%c requires an operand\n",
isc_commandline_option);
errflg++;
break;
case '?':
default:
fprintf(stderr, "Unrecognised option: -%c\n",
isc_commandline_option);
errflg++;
}
}
if (errflg) {
fprintf(stderr, "Usage:\n");
fprintf(stderr,
"\trandom [-m module] [-s slot] [-n count]\n");
exit(1);
}
pk11_result_register();
/* Initialize the CRYPTOKI library */
if (lib_name != NULL)
pk11_set_lib_name(lib_name);
result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE,
ISC_FALSE, NULL, slot);
if ((result != ISC_R_SUCCESS) &&
(result != PK11_R_NODIGESTSERVICE) &&
(result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
exit(1);
}
hSession = pctx.session;
if (clock_gettime(CLOCK_REALTIME, &starttime) < 0) {
perror("clock_gettime(start)");
goto exit_session;
}
for (i = 0; i < count; i++) {
/* Get random bytes */
rv = pkcs_C_GenerateRandom(hSession, buf, len);
if (rv != CKR_OK) {
fprintf(stderr,
"C_GenerateRandom[%u]: Error = 0x%.8lX\n",
i, rv);
error = 1;
break;
}
}
if (clock_gettime(CLOCK_REALTIME, &endtime) < 0) {
perror("clock_gettime(end)");
goto exit_session;
}
endtime.tv_sec -= starttime.tv_sec;
endtime.tv_nsec -= starttime.tv_nsec;
while (endtime.tv_nsec < 0) {
endtime.tv_sec -= 1;
endtime.tv_nsec += 1000000000;
}
printf("%uK random bytes in %ld.%09lds\n", i,
endtime.tv_sec, endtime.tv_nsec);
if (i > 0)
printf("%g random bytes/s\n",
1024 * i / ((double) endtime.tv_sec +
(double) endtime.tv_nsec / 1000000000.));
exit_session:
pk11_return_session(&pctx);
(void) pk11_finalize();
exit(error);
}
int
main(int argc, char *argv[]) {
isc_result_t result;
CK_RV rv;
CK_SLOT_ID slot = 0;
CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE;
CK_OBJECT_HANDLE *hKey;
CK_OBJECT_CLASS kClass = CKO_PRIVATE_KEY;
CK_KEY_TYPE kType = CKK_RSA;
CK_ATTRIBUTE kTemplate[] =
{
{ CKA_CLASS, &kClass, (CK_ULONG) sizeof(kClass) },
{ CKA_KEY_TYPE, &kType, (CK_ULONG) sizeof(kType) },
{ CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) },
{ CKA_PRIVATE, &truevalue, (CK_ULONG) sizeof(truevalue) },
{ CKA_LABEL, (CK_BYTE_PTR) label, (CK_ULONG) sizeof(label) },
{ CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) },
{ CKA_MODULUS, modulus, (CK_ULONG) sizeof(modulus) },
{ CKA_PUBLIC_EXPONENT, pubexp, (CK_ULONG) sizeof(pubexp) },
{ CKA_PRIVATE_EXPONENT, privexp, (CK_ULONG) sizeof(privexp) },
{ CKA_PRIME_1, prime1, (CK_ULONG) sizeof(prime1) },
{ CKA_PRIME_2, prime2, (CK_ULONG) sizeof(prime2) },
{ CKA_EXPONENT_1, exp_1, (CK_ULONG) sizeof(exp_1) },
{ CKA_EXPONENT_2, exp_2, (CK_ULONG) sizeof(exp_2) },
{ CKA_COEFFICIENT, coeff, (CK_ULONG) sizeof(coeff) }
};
pk11_context_t pctx;
pk11_optype_t op_type = OP_RSA;
char *lib_name = NULL;
char *pin = NULL;
int error = 0;
int c, errflg = 0;
int ontoken = 0;
unsigned int count = 1000;
unsigned int i;
struct timespec starttime;
struct timespec endtime;
while ((c = isc_commandline_parse(argc, argv, ":m:s:p:tn:")) != -1) {
switch (c) {
case 'm':
lib_name = isc_commandline_argument;
break;
case 's':
slot = atoi(isc_commandline_argument);
op_type = OP_ANY;
break;
case 'p':
pin = isc_commandline_argument;
break;
case 't':
ontoken = 1;
break;
case 'n':
count = atoi(isc_commandline_argument);
break;
case ':':
fprintf(stderr,
"Option -%c requires an operand\n",
isc_commandline_option);
errflg++;
break;
case '?':
default:
fprintf(stderr, "Unrecognised option: -%c\n",
isc_commandline_option);
errflg++;
}
}
if (errflg) {
fprintf(stderr, "Usage:\n");
fprintf(stderr,
"\tprivrsa [-m module] [-s slot] [-p pin] "
"[-t] [-n count]\n");
exit(1);
}
pk11_result_register();
/* Allocate hanles */
hKey = (CK_SESSION_HANDLE *)
malloc(count * sizeof(CK_SESSION_HANDLE));
if (hKey == NULL) {
perror("malloc");
exit(1);
}
for (i = 0; i < count; i++)
hKey[i] = CK_INVALID_HANDLE;
/* Initialize the CRYPTOKI library */
if (lib_name != NULL)
pk11_set_lib_name(lib_name);
if (pin == NULL)
pin = getpassphrase("Enter Pin: ");
result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE,
ISC_TRUE, (const char *) pin, slot);
if ((result != ISC_R_SUCCESS) &&
(result != PK11_R_NORANDOMSERVICE) &&
(result != PK11_R_NODIGESTSERVICE) &&
(result != PK11_R_NOAESSERVICE)) {
fprintf(stderr, "Error initializing PKCS#11: %s\n",
isc_result_totext(result));
free(hKey);
exit(1);
}
if (pin != NULL)
memset(pin, 0, strlen((char *)pin));
hSession = pctx.session;
if (ontoken)
kTemplate[2].pValue = &truevalue;
if (clock_gettime(CLOCK_REALTIME, &starttime) < 0) {
perror("clock_gettime(start)");
goto exit_objects;
}
for (i = 0; i < count; i++) {
(void) snprintf(label, sizeof(label), "obj%u", i);
kTemplate[4].ulValueLen = strlen(label);
rv = pkcs_C_CreateObject(hSession, kTemplate, 14, &hKey[i]);
if (rv != CKR_OK) {
fprintf(stderr,
"C_CreateObject[%u]: Error = 0x%.8lX\n",
i, rv);
error = 1;
if (i == 0)
goto exit_objects;
break;
}
}
if (clock_gettime(CLOCK_REALTIME, &endtime) < 0) {
perror("clock_gettime(end)");
goto exit_objects;
}
endtime.tv_sec -= starttime.tv_sec;
endtime.tv_nsec -= starttime.tv_nsec;
while (endtime.tv_nsec < 0) {
endtime.tv_sec -= 1;
endtime.tv_nsec += 1000000000;
}
printf("%u private RSA keys in %ld.%09lds\n", i,
endtime.tv_sec, endtime.tv_nsec);
if (i > 0)
printf("%g private RSA keys/s\n",
1024 * i / ((double) endtime.tv_sec +
(double) endtime.tv_nsec / 1000000000.));
exit_objects:
for (i = 0; i < count; i++) {
/* Destroy objects */
if (hKey[i] == CK_INVALID_HANDLE)
continue;
rv = pkcs_C_DestroyObject(hSession, hKey[i]);
if ((rv != CKR_OK) && !errflg) {
fprintf(stderr,
"C_DestroyObject[%u]: Error = 0x%.8lX\n",
i, rv);
errflg = 1;
}
}
free(hKey);
pk11_return_session(&pctx);
(void) pk11_finalize();
exit(error);
}
int
main(int argc, char *argv[]) {
char *origin = NULL, *file = NULL;
char *inputformatstr = NULL;
isc_result_t result;
isc_log_t *log = NULL;
#ifdef USE_PKCS11
const char *engine = PKCS11_ENGINE;
#else
const char *engine = NULL;
#endif
char *classname = NULL;
dns_rdataclass_t rdclass;
char *endp;
int ch;
#define CMDLINE_FLAGS \
"hm:o:I:c:E:v:Vxz"
/*
* Process memory debugging argument first.
*/
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case 'm':
if (strcasecmp(isc_commandline_argument, "record") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
if (strcasecmp(isc_commandline_argument, "trace") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
if (strcasecmp(isc_commandline_argument, "usage") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
if (strcasecmp(isc_commandline_argument, "size") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGSIZE;
if (strcasecmp(isc_commandline_argument, "mctx") == 0)
isc_mem_debugging |= ISC_MEM_DEBUGCTX;
break;
default:
break;
}
}
isc_commandline_reset = ISC_TRUE;
check_result(isc_app_start(), "isc_app_start");
result = isc_mem_create(0, 0, &mctx);
if (result != ISC_R_SUCCESS)
fatal("out of memory");
#ifdef PKCS11CRYPTO
pk11_result_register();
#endif
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case 'c':
classname = isc_commandline_argument;
break;
case 'E':
engine = isc_commandline_argument;
break;
case 'I':
inputformatstr = isc_commandline_argument;
break;
case 'm':
break;
case 'o':
origin = isc_commandline_argument;
break;
case 'v':
endp = NULL;
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
fatal("verbose level must be numeric");
break;
case 'x':
keyset_kskonly = ISC_TRUE;
break;
case 'z':
ignore_kskflag = ISC_TRUE;
break;
case '?':
if (isc_commandline_option != '?')
fprintf(stderr, "%s: invalid argument -%c\n",
program, isc_commandline_option);
/* FALLTHROUGH */
case 'h':
/* Does not return. */
usage();
case 'V':
/* Does not return. */
version(program);
default:
fprintf(stderr, "%s: unhandled option -%c\n",
program, isc_commandline_option);
exit(1);
}
}
if (ectx == NULL)
setup_entropy(mctx, NULL, &ectx);
result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
if (result != ISC_R_SUCCESS)
fatal("could not create hash context");
result = dst_lib_init2(mctx, ectx, engine, ISC_ENTROPY_BLOCKING);
if (result != ISC_R_SUCCESS)
fatal("could not initialize dst: %s",
isc_result_totext(result));
isc_stdtime_get(&now);
rdclass = strtoclass(classname);
setup_logging(mctx, &log);
argc -= isc_commandline_index;
argv += isc_commandline_index;
if (argc < 1)
usage();
file = argv[0];
argc -= 1;
argv += 1;
POST(argc);
POST(argv);
if (origin == NULL)
origin = file;
if (inputformatstr != NULL) {
if (strcasecmp(inputformatstr, "text") == 0)
inputformat = dns_masterformat_text;
else if (strcasecmp(inputformatstr, "raw") == 0)
inputformat = dns_masterformat_raw;
else
fatal("unknown file format: %s\n", inputformatstr);
}
gdb = NULL;
fprintf(stderr, "Loading zone '%s' from file '%s'\n", origin, file);
loadzone(file, origin, rdclass, &gdb);
gorigin = dns_db_origin(gdb);
gclass = dns_db_class(gdb);
gversion = NULL;
result = dns_db_newversion(gdb, &gversion);
check_result(result, "dns_db_newversion()");
verifyzone(gdb, gversion, gorigin, mctx,
ignore_kskflag, keyset_kskonly);
dns_db_closeversion(gdb, &gversion, ISC_FALSE);
dns_db_detach(&gdb);
cleanup_logging(&log);
dst_lib_destroy();
isc_hash_destroy();
cleanup_entropy(&ectx);
dns_name_destroy();
if (verbose > 10)
isc_mem_stats(mctx, stdout);
isc_mem_destroy(&mctx);
(void) isc_app_finish();
return (0);
}
