45 ldns_rr *rr, *sig, *dnskey_rr;
49 rrset = ldns_rr_list_new();
51 status = ldns_rr_new_frm_str(&rr,
"example.com. IN A 192.168.0.1", 0, NULL, NULL);
52 if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
54 status = ldns_rr_new_frm_str(&rr,
"example.com. IN A 192.168.0.2", 0, NULL, NULL);
55 if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
59 sign_params->
owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME,
"example.com.");
61 sign_params->
keytag = ldns_calc_keytag(dnskey_rr);
71 ldns_rr_list_deep_free(rrset);
73 ldns_rr_free(dnskey_rr);
82 unsigned char rnd_buf[1024];
86 printf(
"Generating %lu bytes of random data... ",
87 (
unsigned long)
sizeof(rnd_buf));
90 printf(
"Failed, error: %d\n", result);
97 printf(
"Generating 32-bit random data... ");
101 printf(
"Generating 64-bit random data... ");
103 printf(
"%llu\n", (
long long unsigned int)r64);
112 const unsigned int rsa_keysizes[] = { 512, 768, 1024, 1536, 2048, 4096 };
113 const unsigned int dsa_keysizes[] = { 512, 768, 1024 };
114 unsigned int keysize;
115 const ldns_algorithm ec_curves[] = {
116 LDNS_ECDSAP256SHA256,
119#if (LDNS_REVISION >= ((1<<16)|(7<<8)|(0)))
120 const ldns_algorithm ed_curves[] = {
125 ldns_algorithm curve;
141 for (i=0; i<(
sizeof(rsa_keysizes)/
sizeof(
unsigned int)); i++) {
142 keysize = rsa_keysizes[i];
144 printf(
"Generating %u-bit RSA key... ", keysize);
156 printf(
"Extracting key identifier... ");
164 printf(
"OK, %s\n",
id);
168 printf(
"Signing (RSA/SHA1) with key... ");
169 result = hsm_test_sign(
ctx, key, LDNS_RSASHA1);
172 printf(
"Failed, error: %d\n", result);
178 printf(
"Signing (RSA/SHA256) with key... ");
179 result = hsm_test_sign(
ctx, key, LDNS_RSASHA256);
182 printf(
"Failed, error: %d\n", result);
188 if ( keysize >= 1024) {
189 printf(
"Signing (RSA/SHA512) with key... ");
190 result = hsm_test_sign(
ctx, key, LDNS_RSASHA512);
193 printf(
"Failed, error: %d\n", result);
200 printf(
"Deleting key... ");
204 printf(
"Failed: error: %d\n", result);
218 for (i=0; i<(
sizeof(dsa_keysizes)/
sizeof(
unsigned int)); i++) {
219 keysize = dsa_keysizes[i];
221 printf(
"Generating %u-bit DSA key... ", keysize);
233 printf(
"Extracting key identifier... ");
241 printf(
"OK, %s\n",
id);
245 printf(
"Signing (DSA/SHA1) with key... ");
246 result = hsm_test_sign(
ctx, key, LDNS_DSA);
249 printf(
"Failed, error: %d\n", result);
255 printf(
"Deleting key... ");
259 printf(
"Failed: error: %d\n", result);
273 for (i=0; i<1; i++) {
274 printf(
"Generating 512-bit GOST key... ");
286 printf(
"Extracting key identifier... ");
294 printf(
"OK, %s\n",
id);
298 printf(
"Signing (GOST) with key... ");
299 result = hsm_test_sign(
ctx, key, LDNS_ECC_GOST);
302 printf(
"Failed, error: %d\n", result);
308 printf(
"Deleting key... ");
312 printf(
"Failed: error: %d\n", result);
326 for (i=0; i<(
sizeof(ec_curves)/
sizeof(ldns_algorithm)); i++) {
327 curve = ec_curves[i];
329 if (curve == LDNS_ECDSAP256SHA256) {
330 printf(
"Generating ECDSA Curve P-256 key... ");
332 }
else if (curve == LDNS_ECDSAP384SHA384) {
333 printf(
"Generating ECDSA Curve P-384 key... ");
336 printf(
"Failed: Unknown ECDSA curve\n");
349 printf(
"Extracting key identifier... ");
357 printf(
"OK, %s\n",
id);
361 if (curve == LDNS_ECDSAP256SHA256) {
362 printf(
"Signing (ECDSA/SHA256) with key... ");
363 }
else if (curve == LDNS_ECDSAP384SHA384) {
364 printf(
"Signing (ECDSA/SHA384) with key... ");
366 printf(
"Signing with key... ");
370#if (LDNS_REVISION >= ((1<<16)|(7<<8)|(0)))
371 for (i=0; i<(
sizeof(ed_curves)/
sizeof(ldns_algorithm)); i++) {
372 curve = ed_curves[i];
376 printf(
"Generating ED25519 key... ");
380 printf(
"Generating ED448 key... ");
396 printf(
"Extracting key identifier... ");
404 printf(
"OK, %s\n",
id);
408 printf(
"Signing with key... ");
409 result = hsm_test_sign(
ctx, key, curve);
412 printf(
"Failed, error: %d\n", result);
418 printf(
"Deleting key... ");
422 printf(
"Failed: error: %d\n", result);
434 if (hsm_test_random(
ctx)) {
int hsm_test(const char *repository, hsm_ctx_t *ctx)
ldns_rr * hsm_sign_rrset(hsm_ctx_t *ctx, const ldns_rr_list *rrset, const libhsm_key_t *key, const hsm_sign_params_t *sign_params)
uint64_t hsm_random64(hsm_ctx_t *ctx)
uint32_t hsm_random32(hsm_ctx_t *ctx)
void hsm_print_error(hsm_ctx_t *gctx)
int hsm_token_attached(hsm_ctx_t *ctx, const char *repository)
libhsm_key_t * hsm_generate_rsa_key(hsm_ctx_t *ctx, const char *repository, unsigned long keysize)
libhsm_key_t * hsm_generate_gost_key(hsm_ctx_t *ctx, const char *repository)
hsm_sign_params_t * hsm_sign_params_new()
char * hsm_get_key_id(hsm_ctx_t *ctx, const libhsm_key_t *key)
int hsm_random_buffer(hsm_ctx_t *ctx, unsigned char *buffer, unsigned long length)
ldns_rr * hsm_get_dnskey(hsm_ctx_t *ctx, const libhsm_key_t *key, const hsm_sign_params_t *sign_params)
libhsm_key_t * hsm_generate_dsa_key(hsm_ctx_t *ctx, const char *repository, unsigned long keysize)
libhsm_key_t * hsm_generate_eddsa_key(hsm_ctx_t *ctx, const char *repository, const char *curve)
libhsm_key_t * hsm_generate_ecdsa_key(hsm_ctx_t *ctx, const char *repository, const char *curve)
int hsm_remove_key(hsm_ctx_t *ctx, libhsm_key_t *key)
void libhsm_key_free(libhsm_key_t *key)
void hsm_sign_params_free(hsm_sign_params_t *params)