43 ldns_rr *rr, *sig, *dnskey_rr;
47 rrset = ldns_rr_list_new();
49 status = ldns_rr_new_frm_str(&rr,
"example.com. IN A 192.168.0.1", 0, NULL, NULL);
50 if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
52 status = ldns_rr_new_frm_str(&rr,
"example.com. IN A 192.168.0.2", 0, NULL, NULL);
53 if (status == LDNS_STATUS_OK) ldns_rr_list_push_rr(rrset, rr);
57 sign_params->
owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME,
"example.com.");
59 sign_params->
keytag = ldns_calc_keytag(dnskey_rr);
69 ldns_rr_list_deep_free(rrset);
71 ldns_rr_free(dnskey_rr);
80 unsigned char rnd_buf[1024];
84 printf(
"Generating %lu bytes of random data... ",
85 (
unsigned long)
sizeof(rnd_buf));
88 printf(
"Failed, error: %d\n", result);
95 printf(
"Generating 32-bit random data... ");
99 printf(
"Generating 64-bit random data... ");
101 printf(
"%llu\n", (
long long unsigned int)r64);
110 const unsigned int rsa_keysizes[] = { 512, 768, 1024, 1536, 2048, 4096 };
111 const unsigned int dsa_keysizes[] = { 512, 768, 1024 };
112 unsigned int keysize;
113 const ldns_algorithm ec_curves[] = {
114 LDNS_ECDSAP256SHA256,
117#if (LDNS_REVISION >= ((1<<16)|(7<<8)|(0)))
118 const ldns_algorithm ed_curves[] = {
123 ldns_algorithm curve;
139 for (i=0; i<(
sizeof(rsa_keysizes)/
sizeof(
unsigned int)); i++) {
140 keysize = rsa_keysizes[i];
142 printf(
"Generating %u-bit RSA key... ", keysize);
154 printf(
"Extracting key identifier... ");
162 printf(
"OK, %s\n",
id);
166 printf(
"Signing (RSA/SHA1) with key... ");
167 result = hsm_test_sign(
ctx, key, LDNS_RSASHA1);
170 printf(
"Failed, error: %d\n", result);
176 printf(
"Signing (RSA/SHA256) with key... ");
177 result = hsm_test_sign(
ctx, key, LDNS_RSASHA256);
180 printf(
"Failed, error: %d\n", result);
186 if ( keysize >= 1024) {
187 printf(
"Signing (RSA/SHA512) with key... ");
188 result = hsm_test_sign(
ctx, key, LDNS_RSASHA512);
191 printf(
"Failed, error: %d\n", result);
198 printf(
"Deleting key... ");
202 printf(
"Failed: error: %d\n", result);
216 for (i=0; i<(
sizeof(dsa_keysizes)/
sizeof(
unsigned int)); i++) {
217 keysize = dsa_keysizes[i];
219 printf(
"Generating %u-bit DSA key... ", keysize);
231 printf(
"Extracting key identifier... ");
239 printf(
"OK, %s\n",
id);
243 printf(
"Signing (DSA/SHA1) with key... ");
244 result = hsm_test_sign(
ctx, key, LDNS_DSA);
247 printf(
"Failed, error: %d\n", result);
253 printf(
"Deleting key... ");
257 printf(
"Failed: error: %d\n", result);
271 for (i=0; i<1; i++) {
272 printf(
"Generating 512-bit GOST key... ");
284 printf(
"Extracting key identifier... ");
292 printf(
"OK, %s\n",
id);
296 printf(
"Signing (GOST) with key... ");
297 result = hsm_test_sign(
ctx, key, LDNS_ECC_GOST);
300 printf(
"Failed, error: %d\n", result);
306 printf(
"Deleting key... ");
310 printf(
"Failed: error: %d\n", result);
324 for (i=0; i<(
sizeof(ec_curves)/
sizeof(ldns_algorithm)); i++) {
325 curve = ec_curves[i];
327 if (curve == LDNS_ECDSAP256SHA256) {
328 printf(
"Generating ECDSA Curve P-256 key... ");
330 }
else if (curve == LDNS_ECDSAP384SHA384) {
331 printf(
"Generating ECDSA Curve P-384 key... ");
334 printf(
"Failed: Unknown ECDSA curve\n");
347 printf(
"Extracting key identifier... ");
355 printf(
"OK, %s\n",
id);
359 if (curve == LDNS_ECDSAP256SHA256) {
360 printf(
"Signing (ECDSA/SHA256) with key... ");
361 }
else if (curve == LDNS_ECDSAP384SHA384) {
362 printf(
"Signing (ECDSA/SHA384) with key... ");
364 printf(
"Signing with key... ");
368#if (LDNS_REVISION >= ((1<<16)|(7<<8)|(0)))
369 for (i=0; i<(
sizeof(ed_curves)/
sizeof(ldns_algorithm)); i++) {
370 curve = ed_curves[i];
374 printf(
"Generating ED25519 key... ");
378 printf(
"Generating ED448 key... ");
394 printf(
"Extracting key identifier... ");
402 printf(
"OK, %s\n",
id);
406 printf(
"Signing with key... ");
407 result = hsm_test_sign(
ctx, key, curve);
410 printf(
"Failed, error: %d\n", result);
416 printf(
"Deleting key... ");
420 printf(
"Failed: error: %d\n", result);
432 if (hsm_test_random(
ctx)) {
int hsm_test(const char *repository, hsm_ctx_t *ctx)
ldns_rr * hsm_sign_rrset(hsm_ctx_t *ctx, const ldns_rr_list *rrset, const libhsm_key_t *key, const hsm_sign_params_t *sign_params)
uint64_t hsm_random64(hsm_ctx_t *ctx)
uint32_t hsm_random32(hsm_ctx_t *ctx)
void hsm_print_error(hsm_ctx_t *gctx)
int hsm_token_attached(hsm_ctx_t *ctx, const char *repository)
libhsm_key_t * hsm_generate_rsa_key(hsm_ctx_t *ctx, const char *repository, unsigned long keysize)
libhsm_key_t * hsm_generate_gost_key(hsm_ctx_t *ctx, const char *repository)
hsm_sign_params_t * hsm_sign_params_new()
char * hsm_get_key_id(hsm_ctx_t *ctx, const libhsm_key_t *key)
int hsm_random_buffer(hsm_ctx_t *ctx, unsigned char *buffer, unsigned long length)
ldns_rr * hsm_get_dnskey(hsm_ctx_t *ctx, const libhsm_key_t *key, const hsm_sign_params_t *sign_params)
libhsm_key_t * hsm_generate_dsa_key(hsm_ctx_t *ctx, const char *repository, unsigned long keysize)
libhsm_key_t * hsm_generate_eddsa_key(hsm_ctx_t *ctx, const char *repository, const char *curve)
libhsm_key_t * hsm_generate_ecdsa_key(hsm_ctx_t *ctx, const char *repository, const char *curve)
int hsm_remove_key(hsm_ctx_t *ctx, libhsm_key_t *key)
void libhsm_key_free(libhsm_key_t *key)
void hsm_sign_params_free(hsm_sign_params_t *params)