int main(int argc, char *argv[]) { isc_result_t result; CK_RV rv; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE; CK_ULONG len; CK_ULONG slen; CK_OBJECT_HANDLE hKey = CK_INVALID_HANDLE; CK_OBJECT_CLASS kClass = CKO_PUBLIC_KEY; CK_KEY_TYPE kType = CKK_RSA; CK_ATTRIBUTE kTemplate[] = { { CKA_CLASS, &kClass, (CK_ULONG) sizeof(kClass) }, { CKA_KEY_TYPE, &kType, (CK_ULONG) sizeof(kType) }, { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, { CKA_PRIVATE, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, { CKA_VERIFY, &truevalue, (CK_ULONG) sizeof(truevalue) }, { CKA_MODULUS, modulus, (CK_ULONG) sizeof(modulus) }, { CKA_PUBLIC_EXPONENT, exponent, (CK_ULONG) sizeof(exponent) } }; CK_MECHANISM mech = { CKM_SHA1_RSA_PKCS, NULL, 0 }; pk11_context_t pctx; pk11_optype_t op_type = OP_RSA; char *lib_name = NULL; char *pin = NULL; int error = 0; int c, errflg = 0; int ontoken = 0; unsigned int count = 1000; unsigned int i; struct timespec starttime; struct timespec endtime; while ((c = isc_commandline_parse(argc, argv, ":m:s:p:tn:")) != -1) { switch (c) { case 'm': lib_name = isc_commandline_argument; break; case 's': slot = atoi(isc_commandline_argument); op_type = OP_ANY; break; case 'p': pin = isc_commandline_argument; break; case 't': ontoken = 1; break; case 'n': count = atoi(isc_commandline_argument); break; case ':': fprintf(stderr, "Option -%c requires an operand\n", isc_commandline_option); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", isc_commandline_option); errflg++; } } if (errflg) { fprintf(stderr, "Usage:\n"); fprintf(stderr, "\tverify [-m module] [-s slot] [-p pin] " "[-t] [-n count]\n"); exit(1); } pk11_result_register(); /* Initialize the CRYPTOKI library */ if (lib_name != NULL) pk11_set_lib_name(lib_name); if (pin == NULL) pin = getpassphrase("Enter Pin: "); result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE, ISC_TRUE, (const char *) pin, slot); if ((result != ISC_R_SUCCESS) && (result != PK11_R_NORANDOMSERVICE) && (result != PK11_R_NODIGESTSERVICE) && (result != PK11_R_NOAESSERVICE)) { fprintf(stderr, "Error initializing PKCS#11: %s\n", isc_result_totext(result)); exit(1); } if (pin != NULL) memset(pin, 0, strlen((char *)pin)); hSession = pctx.session; /* Create the private RSA key */ if (ontoken) kTemplate[2].pValue = &truevalue; rv = pkcs_C_CreateObject(hSession, kTemplate, 7, &hKey); if (rv != CKR_OK) { fprintf(stderr, "C_CreateObject: Error = 0x%.8lX\n", rv); error = 1; goto exit_key; } /* Randomize the buffer */ len = (CK_ULONG) sizeof(buf); rv = pkcs_C_GenerateRandom(hSession, buf, len); if (rv != CKR_OK) { fprintf(stderr, "C_GenerateRandom: Error = 0x%.8lX\n", rv); goto exit_key; } if (clock_gettime(CLOCK_REALTIME, &starttime) < 0) { perror("clock_gettime(start)"); goto exit_key; } for (i = 0; i < count; i++) { /* Initialize Verify */ rv = pkcs_C_VerifyInit(hSession, &mech, hKey); if (rv != CKR_OK) { fprintf(stderr, "C_VerifyInit[%u]: Error = 0x%.8lX\n", i, rv); error = 1; break; } /* Perform Verify */ slen = (CK_ULONG) sizeof(sig); rv = pkcs_C_Verify(hSession, buf, len, sig, slen); if ((rv != CKR_OK) && (rv != CKR_SIGNATURE_INVALID)) { fprintf(stderr, "C_Verify[%u]: Error = 0x%.8lX\n", i, rv); error = 1; break; } } if (clock_gettime(CLOCK_REALTIME, &endtime) < 0) { perror("clock_gettime(end)"); goto exit_key; } endtime.tv_sec -= starttime.tv_sec; endtime.tv_nsec -= starttime.tv_nsec; while (endtime.tv_nsec < 0) { endtime.tv_sec -= 1; endtime.tv_nsec += 1000000000; } printf("%u RSA verify in %ld.%09lds\n", i, endtime.tv_sec, endtime.tv_nsec); if (i > 0) printf("%g RSA verify/s\n", 1024 * i / ((double) endtime.tv_sec + (double) endtime.tv_nsec / 1000000000.)); exit_key: if (hKey != CK_INVALID_HANDLE) { rv = pkcs_C_DestroyObject(hSession, hKey); if (rv != CKR_OK) { fprintf(stderr, "C_DestroyObject: Error = 0x%.8lX\n", rv); errflg = 1; } } pk11_return_session(&pctx); (void) pk11_finalize(); exit(error); }
int main(int argc, char *argv[]) { isc_result_t result; #ifdef HAVE_LIBSCF char *instance = NULL; #endif #ifdef HAVE_GPERFTOOLS_PROFILER (void) ProfilerStart(NULL); #endif /* * Record version in core image. * strings named.core | grep "named version:" */ strlcat(version, #if defined(NO_VERSION_DATE) || !defined(__DATE__) "named version: BIND " VERSION " <" SRCID ">", #else "named version: BIND " VERSION " <" SRCID "> (" __DATE__ ")", #endif sizeof(version)); result = isc_file_progname(*argv, program_name, sizeof(program_name)); if (result != ISC_R_SUCCESS) ns_main_earlyfatal("program name too long"); if (strcmp(program_name, "lwresd") == 0) ns_g_lwresdonly = ISC_TRUE; if (result != ISC_R_SUCCESS) ns_main_earlyfatal("failed to build internal symbol table"); isc_assertion_setcallback(assertion_failed); isc_error_setfatal(library_fatal_error); isc_error_setunexpected(library_unexpected_error); ns_os_init(program_name); dns_result_register(); dst_result_register(); isccc_result_register(); #ifdef PKCS11CRYPTO pk11_result_register(); #endif parse_command_line(argc, argv); pfilter_open(); /* * Warn about common configuration error. */ if (ns_g_chrootdir != NULL) { int len = strlen(ns_g_chrootdir); if (strncmp(ns_g_chrootdir, ns_g_conffile, len) == 0 && (ns_g_conffile[len] == '/' || ns_g_conffile[len] == '\\')) ns_main_earlywarning("config filename (-c %s) contains " "chroot path (-t %s)", ns_g_conffile, ns_g_chrootdir); } result = isc_mem_create(0, 0, &ns_g_mctx); if (result != ISC_R_SUCCESS) ns_main_earlyfatal("isc_mem_create() failed: %s", isc_result_totext(result)); isc_mem_setname(ns_g_mctx, "main", NULL); setup(); /* * Start things running and then wait for a shutdown request * or reload. */ do { result = isc_app_run(); if (result == ISC_R_RELOAD) { ns_server_reloadwanted(ns_g_server); } else if (result != ISC_R_SUCCESS) { UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_app_run(): %s", isc_result_totext(result)); /* * Force exit. */ result = ISC_R_SUCCESS; } } while (result != ISC_R_SUCCESS); #ifdef HAVE_LIBSCF if (ns_smf_want_disable == 1) { result = ns_smf_get_instance(&instance, 1, ns_g_mctx); if (result == ISC_R_SUCCESS && instance != NULL) { if (smf_disable_instance(instance, 0) != 0) UNEXPECTED_ERROR(__FILE__, __LINE__, "smf_disable_instance() " "failed for %s : %s", instance, scf_strerror(scf_error())); } if (instance != NULL) isc_mem_free(ns_g_mctx, instance); } #endif /* HAVE_LIBSCF */ cleanup(); if (want_stats) { isc_mem_stats(ns_g_mctx, stdout); isc_mutex_stats(stdout); } if (ns_g_memstatistics && memstats != NULL) { FILE *fp = NULL; result = isc_stdio_open(memstats, "w", &fp); if (result == ISC_R_SUCCESS) { isc_mem_stats(ns_g_mctx, fp); isc_mutex_stats(fp); isc_stdio_close(fp); } } isc_mem_destroy(&ns_g_mctx); isc_mem_checkdestroyed(stderr); ns_main_setmemstats(NULL); isc_app_finish(); ns_os_closedevnull(); ns_os_shutdown(); #ifdef HAVE_GPERFTOOLS_PROFILER ProfilerStop(); #endif return (0); }
int main(int argc, char *argv[]) { isc_result_t result; CK_RV rv; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE hSession; CK_MECHANISM mech = { CKM_MD5, NULL, 0 }; CK_ULONG len; pk11_context_t pctx; pk11_optype_t op_type = OP_DIGEST; char *lib_name = NULL; char *pin = NULL; int error = 0; isc_boolean_t logon = ISC_TRUE; int c, errflg = 0; size_t sum = 0; unsigned int i; while ((c = isc_commandline_parse(argc, argv, ":m:s:np:")) != -1) { switch (c) { case 'm': lib_name = isc_commandline_argument; break; case 's': slot = atoi(isc_commandline_argument); op_type = OP_ANY; break; case 'n': logon = ISC_FALSE; break; case 'p': pin = isc_commandline_argument; break; case ':': fprintf(stderr, "Option -%c requires an operand\n", isc_commandline_option); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", isc_commandline_option); errflg++; } } if (errflg) { fprintf(stderr, "Usage:\n"); fprintf(stderr, "\tpkcs11-md5sum [-m module] [-s slot] [-n|-p pin]\n"); exit(1); } pk11_result_register(); /* Initialize the CRYPTOKI library */ if (lib_name != NULL) pk11_set_lib_name(lib_name); if (logon && pin == NULL) pin = getpassphrase("Enter Pin: "); result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE, logon, (const char *) pin, slot); if ((result != ISC_R_SUCCESS) && (result != PK11_R_NORANDOMSERVICE) && (result != PK11_R_NOAESSERVICE)) { fprintf(stderr, "Error initializing PKCS#11: %s\n", isc_result_totext(result)); exit(1); } if (pin != NULL) memset(pin, 0, strlen((char *)pin)); hSession = pctx.session; rv = pkcs_C_DigestInit(hSession, &mech); if (rv != CKR_OK) { fprintf(stderr, "C_DigestInit: Error = 0x%.8lX\n", rv); error = 1; goto exit_session; } for (;;) { size_t n; for (;;) { n = fread(buffer + sum, 1, BLOCKSIZE - sum, stdin); sum += n; if (sum == BLOCKSIZE) break; if (n == 0) { if (ferror(stdin)) { fprintf(stderr, "fread failed\n"); error = 1; goto exit_session; } goto partial_block; } if (feof(stdin)) goto partial_block; } rv = pkcs_C_DigestUpdate(hSession, (CK_BYTE_PTR) buffer, (CK_ULONG) BLOCKSIZE); if (rv != CKR_OK) { fprintf(stderr, "C_DigestUpdate: Error = 0x%.8lX\n", rv); error = 1; goto exit_session; } } partial_block: if (sum > 0) { rv = pkcs_C_DigestUpdate(hSession, (CK_BYTE_PTR) buffer, (CK_ULONG) sum); if (rv != CKR_OK) { fprintf(stderr, "C_DigestUpdate: Error = 0x%.8lX\n", rv); error = 1; goto exit_session; } } len = 16; rv = pkcs_C_DigestFinal(hSession, (CK_BYTE_PTR) digest, &len); if (rv != CKR_OK) { fprintf(stderr, "C_DigestFinal: Error = 0x%.8lX\n", rv); error = 1; goto exit_session; } if (len != 16) { fprintf(stderr, "C_DigestFinal: bad length = %lu\n", len); error = 1; } for (i = 0; i < 16; i++) printf("%02x", digest[i] & 0xff); printf("\n"); exit_session: pk11_return_session(&pctx); (void) pk11_finalize(); exit(error); }
int main(int argc, char **argv) { isc_result_t result; #ifdef USE_PKCS11 const char *engine = PKCS11_ENGINE; #else const char *engine = NULL; #endif char const *filename = NULL; char *dir = NULL; char newname[1024], oldname[1024]; char keystr[DST_KEY_FORMATSIZE]; char *endp; int ch; isc_entropy_t *ectx = NULL; dst_key_t *key = NULL; isc_uint32_t flags; isc_buffer_t buf; isc_boolean_t force = ISC_FALSE; isc_boolean_t removefile = ISC_FALSE; isc_boolean_t id = ISC_FALSE; if (argc == 1) usage(); result = isc_mem_create(0, 0, &mctx); if (result != ISC_R_SUCCESS) fatal("Out of memory"); #ifdef PKCS11CRYPTO pk11_result_register(); #endif dns_result_register(); isc_commandline_errprint = ISC_FALSE; while ((ch = isc_commandline_parse(argc, argv, "E:fK:rRhv:V")) != -1) { switch (ch) { case 'E': engine = isc_commandline_argument; break; case 'f': force = ISC_TRUE; break; case 'K': /* * We don't have to copy it here, but do it to * simplify cleanup later */ dir = isc_mem_strdup(mctx, isc_commandline_argument); if (dir == NULL) { fatal("Failed to allocate memory for " "directory"); } break; case 'r': removefile = ISC_TRUE; break; case 'R': id = ISC_TRUE; break; case 'v': verbose = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') fatal("-v must be followed by a number"); break; case '?': if (isc_commandline_option != '?') fprintf(stderr, "%s: invalid argument -%c\n", program, isc_commandline_option); /* Falls into */ case 'h': /* Does not return. */ usage(); case 'V': /* Does not return. */ version(program); default: fprintf(stderr, "%s: unhandled option -%c\n", program, isc_commandline_option); exit(1); } } if (argc < isc_commandline_index + 1 || argv[isc_commandline_index] == NULL) fatal("The key file name was not specified"); if (argc > isc_commandline_index + 1) fatal("Extraneous arguments"); if (dir != NULL) { filename = argv[isc_commandline_index]; } else { result = isc_file_splitpath(mctx, argv[isc_commandline_index], &dir, &filename); if (result != ISC_R_SUCCESS) fatal("cannot process filename %s: %s", argv[isc_commandline_index], isc_result_totext(result)); if (strcmp(dir, ".") == 0) { isc_mem_free(mctx, dir); dir = NULL; } } if (ectx == NULL) setup_entropy(mctx, NULL, &ectx); result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE); if (result != ISC_R_SUCCESS) fatal("Could not initialize hash"); result = dst_lib_init2(mctx, ectx, engine, ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY); if (result != ISC_R_SUCCESS) fatal("Could not initialize dst: %s", isc_result_totext(result)); isc_entropy_stopcallbacksources(ectx); result = dst_key_fromnamedfile(filename, dir, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE, mctx, &key); if (result != ISC_R_SUCCESS) fatal("Invalid keyfile name %s: %s", filename, isc_result_totext(result)); if (id) { fprintf(stdout, "%u\n", dst_key_rid(key)); goto cleanup; } dst_key_format(key, keystr, sizeof(keystr)); if (verbose > 2) fprintf(stderr, "%s: %s\n", program, keystr); if (force) set_keyversion(key); else check_keyversion(key, keystr); flags = dst_key_flags(key); if ((flags & DNS_KEYFLAG_REVOKE) == 0) { isc_stdtime_t now; if ((flags & DNS_KEYFLAG_KSK) == 0) fprintf(stderr, "%s: warning: Key is not flagged " "as a KSK. Revoking a ZSK is " "legal, but undefined.\n", program); isc_stdtime_get(&now); dst_key_settime(key, DST_TIME_REVOKE, now); dst_key_setflags(key, flags | DNS_KEYFLAG_REVOKE); isc_buffer_init(&buf, newname, sizeof(newname)); dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf); if (access(newname, F_OK) == 0 && !force) { fatal("Key file %s already exists; " "use -f to force overwrite", newname); } result = dst_key_tofile(key, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE, dir); if (result != ISC_R_SUCCESS) { dst_key_format(key, keystr, sizeof(keystr)); fatal("Failed to write key %s: %s", keystr, isc_result_totext(result)); } isc_buffer_clear(&buf); dst_key_buildfilename(key, 0, dir, &buf); printf("%s\n", newname); /* * Remove old key file, if told to (and if * it isn't the same as the new file) */ if (removefile && dst_key_alg(key) != DST_ALG_RSAMD5) { isc_buffer_init(&buf, oldname, sizeof(oldname)); dst_key_setflags(key, flags & ~DNS_KEYFLAG_REVOKE); dst_key_buildfilename(key, DST_TYPE_PRIVATE, dir, &buf); if (strcmp(oldname, newname) == 0) goto cleanup; (void)unlink(oldname); isc_buffer_clear(&buf); dst_key_buildfilename(key, DST_TYPE_PUBLIC, dir, &buf); (void)unlink(oldname); } } else { dst_key_format(key, keystr, sizeof(keystr)); fatal("Key %s is already revoked", keystr); } cleanup: dst_key_free(&key); dst_lib_destroy(); isc_hash_destroy(); cleanup_entropy(&ectx); if (verbose > 10) isc_mem_stats(mctx, stdout); if (dir != NULL) isc_mem_free(mctx, dir); isc_mem_destroy(&mctx); return (0); }
int main(int argc, char **argv) { char *algname = NULL, *classname = NULL; char *filename = NULL, *dir = NULL, *namestr; char *lookaside = NULL; char *endp; int ch; unsigned int dtype = DNS_DSDIGEST_SHA1; isc_boolean_t both = ISC_TRUE; isc_boolean_t usekeyset = ISC_FALSE; isc_boolean_t showall = ISC_FALSE; isc_result_t result; isc_log_t *log = NULL; isc_entropy_t *ectx = NULL; dns_rdataset_t rdataset; dns_rdata_t rdata; dns_rdata_init(&rdata); if (argc == 1) usage(); result = isc_mem_create(0, 0, &mctx); if (result != ISC_R_SUCCESS) fatal("out of memory"); #ifdef PKCS11CRYPTO pk11_result_register(); #endif dns_result_register(); isc_commandline_errprint = ISC_FALSE; while ((ch = isc_commandline_parse(argc, argv, "12Aa:c:d:Ff:K:l:sT:v:hV")) != -1) { switch (ch) { case '1': dtype = DNS_DSDIGEST_SHA1; both = ISC_FALSE; break; case '2': dtype = DNS_DSDIGEST_SHA256; both = ISC_FALSE; break; case 'A': showall = ISC_TRUE; break; case 'a': algname = isc_commandline_argument; both = ISC_FALSE; break; case 'c': classname = isc_commandline_argument; break; case 'd': fprintf(stderr, "%s: the -d option is deprecated; " "use -K\n", program); /* fall through */ case 'K': dir = isc_commandline_argument; if (strlen(dir) == 0U) fatal("directory must be non-empty string"); break; case 'f': filename = isc_commandline_argument; break; case 'l': lookaside = isc_commandline_argument; if (strlen(lookaside) == 0U) fatal("lookaside must be a non-empty string"); break; case 's': usekeyset = ISC_TRUE; break; case 'T': emitttl = ISC_TRUE; ttl = atol(isc_commandline_argument); break; case 'v': verbose = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') fatal("-v must be followed by a number"); break; case 'F': /* Reserved for FIPS mode */ /* FALLTHROUGH */ case '?': if (isc_commandline_option != '?') fprintf(stderr, "%s: invalid argument -%c\n", program, isc_commandline_option); /* FALLTHROUGH */ case 'h': /* Does not return. */ usage(); case 'V': /* Does not return. */ version(program); default: fprintf(stderr, "%s: unhandled option -%c\n", program, isc_commandline_option); exit(1); } } if (algname != NULL) { if (strcasecmp(algname, "SHA1") == 0 || strcasecmp(algname, "SHA-1") == 0) dtype = DNS_DSDIGEST_SHA1; else if (strcasecmp(algname, "SHA256") == 0 || strcasecmp(algname, "SHA-256") == 0) dtype = DNS_DSDIGEST_SHA256; #if defined(HAVE_OPENSSL_GOST) || defined(HAVE_PKCS11_GOST) else if (strcasecmp(algname, "GOST") == 0) dtype = DNS_DSDIGEST_GOST; #endif else if (strcasecmp(algname, "SHA384") == 0 || strcasecmp(algname, "SHA-384") == 0) dtype = DNS_DSDIGEST_SHA384; else fatal("unknown algorithm %s", algname); } rdclass = strtoclass(classname); if (usekeyset && filename != NULL) fatal("cannot use both -s and -f"); /* When not using -f, -A is implicit */ if (filename == NULL) showall = ISC_TRUE; if (argc < isc_commandline_index + 1 && filename == NULL) fatal("the key file name was not specified"); if (argc > isc_commandline_index + 1) fatal("extraneous arguments"); if (ectx == NULL) setup_entropy(mctx, NULL, &ectx); result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE); if (result != ISC_R_SUCCESS) fatal("could not initialize hash"); result = dst_lib_init(mctx, ectx, ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY); if (result != ISC_R_SUCCESS) fatal("could not initialize dst: %s", isc_result_totext(result)); isc_entropy_stopcallbacksources(ectx); setup_logging(mctx, &log); dns_rdataset_init(&rdataset); if (usekeyset || filename != NULL) { if (argc < isc_commandline_index + 1 && filename != NULL) { /* using zone name as the zone file name */ namestr = filename; } else namestr = argv[isc_commandline_index]; result = initname(namestr); if (result != ISC_R_SUCCESS) fatal("could not initialize name %s", namestr); if (usekeyset) result = loadkeyset(dir, &rdataset); else result = loadset(filename, &rdataset); if (result != ISC_R_SUCCESS) fatal("could not load DNSKEY set: %s\n", isc_result_totext(result)); for (result = dns_rdataset_first(&rdataset); result == ISC_R_SUCCESS; result = dns_rdataset_next(&rdataset)) { dns_rdata_init(&rdata); dns_rdataset_current(&rdataset, &rdata); if (verbose > 2) logkey(&rdata); if (both) { emit(DNS_DSDIGEST_SHA1, showall, lookaside, &rdata); emit(DNS_DSDIGEST_SHA256, showall, lookaside, &rdata); } else emit(dtype, showall, lookaside, &rdata); } } else { unsigned char key_buf[DST_KEY_MAXSIZE]; loadkey(argv[isc_commandline_index], key_buf, DST_KEY_MAXSIZE, &rdata); if (both) { emit(DNS_DSDIGEST_SHA1, showall, lookaside, &rdata); emit(DNS_DSDIGEST_SHA256, showall, lookaside, &rdata); } else emit(dtype, showall, lookaside, &rdata); } if (dns_rdataset_isassociated(&rdataset)) dns_rdataset_disassociate(&rdataset); cleanup_logging(&log); dst_lib_destroy(); isc_hash_destroy(); cleanup_entropy(&ectx); dns_name_destroy(); if (verbose > 10) isc_mem_stats(mctx, stdout); isc_mem_destroy(&mctx); fflush(stdout); if (ferror(stdout)) { fprintf(stderr, "write error\n"); return (1); } else return (0); }
int main(int argc, char *argv[]) { isc_result_t result; CK_RV rv; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE; CK_ULONG len = sizeof(buf); pk11_context_t pctx; pk11_optype_t op_type = OP_RAND; char *lib_name = NULL; int error = 0; int c, errflg = 0; unsigned int count = 1000; unsigned int i; struct timespec starttime; struct timespec endtime; while ((c = isc_commandline_parse(argc, argv, ":m:s:n:")) != -1) { switch (c) { case 'm': lib_name = isc_commandline_argument; break; case 's': slot = atoi(isc_commandline_argument); op_type = OP_ANY; break; case 'n': count = atoi(isc_commandline_argument); break; case ':': fprintf(stderr, "Option -%c requires an operand\n", isc_commandline_option); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", isc_commandline_option); errflg++; } } if (errflg) { fprintf(stderr, "Usage:\n"); fprintf(stderr, "\trandom [-m module] [-s slot] [-n count]\n"); exit(1); } pk11_result_register(); /* Initialize the CRYPTOKI library */ if (lib_name != NULL) pk11_set_lib_name(lib_name); result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_FALSE, ISC_FALSE, NULL, slot); if ((result != ISC_R_SUCCESS) && (result != PK11_R_NODIGESTSERVICE) && (result != PK11_R_NOAESSERVICE)) { fprintf(stderr, "Error initializing PKCS#11: %s\n", isc_result_totext(result)); exit(1); } hSession = pctx.session; if (clock_gettime(CLOCK_REALTIME, &starttime) < 0) { perror("clock_gettime(start)"); goto exit_session; } for (i = 0; i < count; i++) { /* Get random bytes */ rv = pkcs_C_GenerateRandom(hSession, buf, len); if (rv != CKR_OK) { fprintf(stderr, "C_GenerateRandom[%u]: Error = 0x%.8lX\n", i, rv); error = 1; break; } } if (clock_gettime(CLOCK_REALTIME, &endtime) < 0) { perror("clock_gettime(end)"); goto exit_session; } endtime.tv_sec -= starttime.tv_sec; endtime.tv_nsec -= starttime.tv_nsec; while (endtime.tv_nsec < 0) { endtime.tv_sec -= 1; endtime.tv_nsec += 1000000000; } printf("%uK random bytes in %ld.%09lds\n", i, endtime.tv_sec, endtime.tv_nsec); if (i > 0) printf("%g random bytes/s\n", 1024 * i / ((double) endtime.tv_sec + (double) endtime.tv_nsec / 1000000000.)); exit_session: pk11_return_session(&pctx); (void) pk11_finalize(); exit(error); }
int main(int argc, char *argv[]) { isc_result_t result; CK_RV rv; CK_SLOT_ID slot = 0; CK_SESSION_HANDLE hSession = CK_INVALID_HANDLE; CK_OBJECT_HANDLE *hKey; CK_OBJECT_CLASS kClass = CKO_PRIVATE_KEY; CK_KEY_TYPE kType = CKK_RSA; CK_ATTRIBUTE kTemplate[] = { { CKA_CLASS, &kClass, (CK_ULONG) sizeof(kClass) }, { CKA_KEY_TYPE, &kType, (CK_ULONG) sizeof(kType) }, { CKA_TOKEN, &falsevalue, (CK_ULONG) sizeof(falsevalue) }, { CKA_PRIVATE, &truevalue, (CK_ULONG) sizeof(truevalue) }, { CKA_LABEL, (CK_BYTE_PTR) label, (CK_ULONG) sizeof(label) }, { CKA_SIGN, &truevalue, (CK_ULONG) sizeof(truevalue) }, { CKA_MODULUS, modulus, (CK_ULONG) sizeof(modulus) }, { CKA_PUBLIC_EXPONENT, pubexp, (CK_ULONG) sizeof(pubexp) }, { CKA_PRIVATE_EXPONENT, privexp, (CK_ULONG) sizeof(privexp) }, { CKA_PRIME_1, prime1, (CK_ULONG) sizeof(prime1) }, { CKA_PRIME_2, prime2, (CK_ULONG) sizeof(prime2) }, { CKA_EXPONENT_1, exp_1, (CK_ULONG) sizeof(exp_1) }, { CKA_EXPONENT_2, exp_2, (CK_ULONG) sizeof(exp_2) }, { CKA_COEFFICIENT, coeff, (CK_ULONG) sizeof(coeff) } }; pk11_context_t pctx; pk11_optype_t op_type = OP_RSA; char *lib_name = NULL; char *pin = NULL; int error = 0; int c, errflg = 0; int ontoken = 0; unsigned int count = 1000; unsigned int i; struct timespec starttime; struct timespec endtime; while ((c = isc_commandline_parse(argc, argv, ":m:s:p:tn:")) != -1) { switch (c) { case 'm': lib_name = isc_commandline_argument; break; case 's': slot = atoi(isc_commandline_argument); op_type = OP_ANY; break; case 'p': pin = isc_commandline_argument; break; case 't': ontoken = 1; break; case 'n': count = atoi(isc_commandline_argument); break; case ':': fprintf(stderr, "Option -%c requires an operand\n", isc_commandline_option); errflg++; break; case '?': default: fprintf(stderr, "Unrecognised option: -%c\n", isc_commandline_option); errflg++; } } if (errflg) { fprintf(stderr, "Usage:\n"); fprintf(stderr, "\tprivrsa [-m module] [-s slot] [-p pin] " "[-t] [-n count]\n"); exit(1); } pk11_result_register(); /* Allocate hanles */ hKey = (CK_SESSION_HANDLE *) malloc(count * sizeof(CK_SESSION_HANDLE)); if (hKey == NULL) { perror("malloc"); exit(1); } for (i = 0; i < count; i++) hKey[i] = CK_INVALID_HANDLE; /* Initialize the CRYPTOKI library */ if (lib_name != NULL) pk11_set_lib_name(lib_name); if (pin == NULL) pin = getpassphrase("Enter Pin: "); result = pk11_get_session(&pctx, op_type, ISC_FALSE, ISC_TRUE, ISC_TRUE, (const char *) pin, slot); if ((result != ISC_R_SUCCESS) && (result != PK11_R_NORANDOMSERVICE) && (result != PK11_R_NODIGESTSERVICE) && (result != PK11_R_NOAESSERVICE)) { fprintf(stderr, "Error initializing PKCS#11: %s\n", isc_result_totext(result)); free(hKey); exit(1); } if (pin != NULL) memset(pin, 0, strlen((char *)pin)); hSession = pctx.session; if (ontoken) kTemplate[2].pValue = &truevalue; if (clock_gettime(CLOCK_REALTIME, &starttime) < 0) { perror("clock_gettime(start)"); goto exit_objects; } for (i = 0; i < count; i++) { (void) snprintf(label, sizeof(label), "obj%u", i); kTemplate[4].ulValueLen = strlen(label); rv = pkcs_C_CreateObject(hSession, kTemplate, 14, &hKey[i]); if (rv != CKR_OK) { fprintf(stderr, "C_CreateObject[%u]: Error = 0x%.8lX\n", i, rv); error = 1; if (i == 0) goto exit_objects; break; } } if (clock_gettime(CLOCK_REALTIME, &endtime) < 0) { perror("clock_gettime(end)"); goto exit_objects; } endtime.tv_sec -= starttime.tv_sec; endtime.tv_nsec -= starttime.tv_nsec; while (endtime.tv_nsec < 0) { endtime.tv_sec -= 1; endtime.tv_nsec += 1000000000; } printf("%u private RSA keys in %ld.%09lds\n", i, endtime.tv_sec, endtime.tv_nsec); if (i > 0) printf("%g private RSA keys/s\n", 1024 * i / ((double) endtime.tv_sec + (double) endtime.tv_nsec / 1000000000.)); exit_objects: for (i = 0; i < count; i++) { /* Destroy objects */ if (hKey[i] == CK_INVALID_HANDLE) continue; rv = pkcs_C_DestroyObject(hSession, hKey[i]); if ((rv != CKR_OK) && !errflg) { fprintf(stderr, "C_DestroyObject[%u]: Error = 0x%.8lX\n", i, rv); errflg = 1; } } free(hKey); pk11_return_session(&pctx); (void) pk11_finalize(); exit(error); }
int main(int argc, char *argv[]) { char *origin = NULL, *file = NULL; char *inputformatstr = NULL; isc_result_t result; isc_log_t *log = NULL; #ifdef USE_PKCS11 const char *engine = PKCS11_ENGINE; #else const char *engine = NULL; #endif char *classname = NULL; dns_rdataclass_t rdclass; char *endp; int ch; #define CMDLINE_FLAGS \ "hm:o:I:c:E:v:Vxz" /* * Process memory debugging argument first. */ while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) { switch (ch) { case 'm': if (strcasecmp(isc_commandline_argument, "record") == 0) isc_mem_debugging |= ISC_MEM_DEBUGRECORD; if (strcasecmp(isc_commandline_argument, "trace") == 0) isc_mem_debugging |= ISC_MEM_DEBUGTRACE; if (strcasecmp(isc_commandline_argument, "usage") == 0) isc_mem_debugging |= ISC_MEM_DEBUGUSAGE; if (strcasecmp(isc_commandline_argument, "size") == 0) isc_mem_debugging |= ISC_MEM_DEBUGSIZE; if (strcasecmp(isc_commandline_argument, "mctx") == 0) isc_mem_debugging |= ISC_MEM_DEBUGCTX; break; default: break; } } isc_commandline_reset = ISC_TRUE; check_result(isc_app_start(), "isc_app_start"); result = isc_mem_create(0, 0, &mctx); if (result != ISC_R_SUCCESS) fatal("out of memory"); #ifdef PKCS11CRYPTO pk11_result_register(); #endif dns_result_register(); isc_commandline_errprint = ISC_FALSE; while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) { switch (ch) { case 'c': classname = isc_commandline_argument; break; case 'E': engine = isc_commandline_argument; break; case 'I': inputformatstr = isc_commandline_argument; break; case 'm': break; case 'o': origin = isc_commandline_argument; break; case 'v': endp = NULL; verbose = strtol(isc_commandline_argument, &endp, 0); if (*endp != '\0') fatal("verbose level must be numeric"); break; case 'x': keyset_kskonly = ISC_TRUE; break; case 'z': ignore_kskflag = ISC_TRUE; break; case '?': if (isc_commandline_option != '?') fprintf(stderr, "%s: invalid argument -%c\n", program, isc_commandline_option); /* FALLTHROUGH */ case 'h': /* Does not return. */ usage(); case 'V': /* Does not return. */ version(program); default: fprintf(stderr, "%s: unhandled option -%c\n", program, isc_commandline_option); exit(1); } } if (ectx == NULL) setup_entropy(mctx, NULL, &ectx); result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE); if (result != ISC_R_SUCCESS) fatal("could not create hash context"); result = dst_lib_init2(mctx, ectx, engine, ISC_ENTROPY_BLOCKING); if (result != ISC_R_SUCCESS) fatal("could not initialize dst: %s", isc_result_totext(result)); isc_stdtime_get(&now); rdclass = strtoclass(classname); setup_logging(mctx, &log); argc -= isc_commandline_index; argv += isc_commandline_index; if (argc < 1) usage(); file = argv[0]; argc -= 1; argv += 1; POST(argc); POST(argv); if (origin == NULL) origin = file; if (inputformatstr != NULL) { if (strcasecmp(inputformatstr, "text") == 0) inputformat = dns_masterformat_text; else if (strcasecmp(inputformatstr, "raw") == 0) inputformat = dns_masterformat_raw; else fatal("unknown file format: %s\n", inputformatstr); } gdb = NULL; fprintf(stderr, "Loading zone '%s' from file '%s'\n", origin, file); loadzone(file, origin, rdclass, &gdb); gorigin = dns_db_origin(gdb); gclass = dns_db_class(gdb); gversion = NULL; result = dns_db_newversion(gdb, &gversion); check_result(result, "dns_db_newversion()"); verifyzone(gdb, gversion, gorigin, mctx, ignore_kskflag, keyset_kskonly); dns_db_closeversion(gdb, &gversion, ISC_FALSE); dns_db_detach(&gdb); cleanup_logging(&log); dst_lib_destroy(); isc_hash_destroy(); cleanup_entropy(&ectx); dns_name_destroy(); if (verbose > 10) isc_mem_stats(mctx, stdout); isc_mem_destroy(&mctx); (void) isc_app_finish(); return (0); }