OpenDNSSEC-libhsm  1.4.9
hsmutil.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 .SE (The Internet Infrastructure Foundation).
3  * Copyright (c) 2009 NLNet Labs.
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  */
27 
28 #include "config.h"
29 #include "hsmtest.h"
30 
31 #include <stdio.h>
32 #include <string.h>
33 #include <stdlib.h>
34 #include <syslog.h>
35 #include <unistd.h>
36 
37 #include <libhsm.h>
38 #include <libhsmdns.h>
39 
40 
41 extern char *optarg;
42 char *progname = NULL;
43 unsigned int verbose = 0;
44 
45 
46 void
48 {
49  fprintf(stderr, "%s (%s) version %s\n",
50  progname, PACKAGE_NAME, PACKAGE_VERSION);
51 }
52 
53 void
55 {
56  fprintf(stderr,
57  "usage: %s [-c config] [-vV] command [options]\n",
58  progname);
59 
60  fprintf(stderr," login\n");
61  fprintf(stderr," logout\n");
62  fprintf(stderr," list [repository]\n");
63  fprintf(stderr," generate <repository> rsa <keysize>\n");
64  fprintf(stderr," remove <id>\n");
65  fprintf(stderr," purge <repository>\n");
66  fprintf(stderr," dnskey <id> <name>\n");
67  fprintf(stderr," test <repository>\n");
68  fprintf(stderr," info\n");
69 #if 0
70  fprintf(stderr," debug\n");
71 #endif
72 }
73 
74 int
76 {
77  printf("The tokens are now logged in.\n");
78 
79  return 0;
80 }
81 
82 int
84 {
85  if (hsm_logout_pin() != HSM_OK) {
86  printf("Failed to erase the credentials.\n");
87  hsm_print_error(NULL);
88  return 1;
89  }
90 
91  printf("The credentials has been erased.\n");
92 
93  return 0;
94 }
95 
96 int
97 cmd_list (int argc, char *argv[])
98 {
99  size_t i;
100  char *repository = NULL;
101 
102  size_t key_count = 0;
103  size_t key_count_valid = 0;
104  hsm_key_t **keys;
105  hsm_ctx_t *ctx = NULL;
106 
107  const char *key_info_format = "%-20s %-32s %-10s\n";
108 
109 
110  if (argc) {
111  repository = strdup(argv[0]);
112  argc--;
113  argv++;
114 
115  /* Check for repository before starting using it */
116  if (hsm_token_attached(ctx, repository) == 0) {
117  hsm_print_error(ctx);
118  return 1;
119  }
120 
121  fprintf(stdout, "\nListing keys in repository: %s\n", repository);
122  keys = hsm_list_keys_repository(NULL, &key_count, repository);
123  } else {
124  fprintf(stdout, "\nListing keys in all repositories.\n");
125  keys = hsm_list_keys(NULL, &key_count);
126  }
127 
128  fprintf(stdout, "%u %s found.\n\n", (unsigned int) key_count,
129  (key_count > 1 || key_count == 0 ? "keys" : "key"));
130 
131  if (!keys) {
132  return -1;
133  }
134 
135  /* print fancy header */
136  fprintf(stdout, key_info_format, "Repository", "ID", "Type");
137  fprintf(stdout, key_info_format, "----------", "--", "----");
138 
139  for (i = 0; i < key_count; i++) {
140  hsm_key_info_t *key_info;
141  hsm_key_t *key = NULL;
142  char key_type[HSM_MAX_ALGONAME + 8];
143  char *key_id = NULL;
144 
145  key = keys[i];
146  if (key == NULL) {
147  /* Skip NULL key for now */
148  continue;
149  }
150 
151  key_count_valid++;
152 
153  key_info = hsm_get_key_info(NULL, key);
154 
155  if (key_info) {
156  snprintf(key_type, sizeof(key_type), "%s/%lu",
157  key_info->algorithm_name, key_info->keysize);
158  key_id = key_info->id;
159  } else {
160  snprintf(key_type, sizeof(key_type), "UNKNOWN");
161  key_id = "UNKNOWN";
162  }
163 
164  printf(key_info_format, key->module->name, key_id, key_type);
165 
166  hsm_key_info_free(key_info);
167  }
168  hsm_key_list_free(keys, key_count);
169 
170  if (key_count != key_count_valid) {
171  size_t invalid_keys;
172  invalid_keys = key_count - key_count_valid;
173  printf("\n");
174  fprintf(stderr, "Warning: %u %s not usable by OpenDNSSEC was found.\n",
175  (unsigned int) invalid_keys, invalid_keys > 1 ? "keys" : "key");
176  }
177 
178  return 0;
179 }
180 
181 int
182 cmd_generate (int argc, char *argv[])
183 {
184  char *repository = NULL;
185  char *algorithm = NULL;
186  unsigned int keysize = 1024;
187 
188  hsm_key_t *key = NULL;
189  hsm_ctx_t *ctx = NULL;
190 
191  if (argc != 3) {
192  usage();
193  return -1;
194  }
195 
196  repository = strdup(argv[0]);
197 
198  /* Check for repository before starting using it */
199  if (hsm_token_attached(ctx, repository) == 0) {
200  hsm_print_error(ctx);
201  return 1;
202  }
203 
204 
205  algorithm = argv[1];
206  keysize = atoi(argv[2]);
207 
208  if (!strcasecmp(algorithm, "rsa")) {
209  printf("Generating %d bit RSA key in repository: %s\n",
210  keysize, repository);
211 
212  key = hsm_generate_rsa_key(NULL, repository, keysize);
213 
214  if (key) {
215  hsm_key_info_t *key_info;
216 
217  key_info = hsm_get_key_info(NULL, key);
218  printf("Key generation successful: %s\n",
219  key_info ? key_info->id : "NULL");
220  hsm_key_info_free(key_info);
221  if (verbose) hsm_print_key(key);
222  hsm_key_free(key);
223  } else {
224  printf("Key generation failed.\n");
225  return -1;
226  }
227 
228  } else {
229  printf("Unknown algorithm: %s\n", algorithm);
230  return -1;
231  }
232 
233  return 0;
234 }
235 
236 int
237 cmd_remove (int argc, char *argv[])
238 {
239  char *id;
240  int result;
241 
242  hsm_key_t *key = NULL;
243 
244  if (argc != 1) {
245  usage();
246  return -1;
247  }
248 
249  id = strdup(argv[0]);
250 
251  key = hsm_find_key_by_id(NULL, id);
252 
253  if (!key) {
254  printf("Key not found: %s\n", id);
255  return -1;
256  }
257 
258  result = hsm_remove_key(NULL, key);
259 
260  if (!result) {
261  printf("Key remove successful.\n");
262  } else {
263  printf("Key remove failed.\n");
264  }
265 
266  hsm_key_free(key);
267 
268  return result;
269 }
270 
271 int
272 cmd_purge (int argc, char *argv[])
273 {
274  int result;
275  int final_result = 0;
276  char *fresult;
277 
278  size_t i;
279  char *repository = NULL;
280  char confirm[16];
281 
282  size_t key_count = 0;
283  hsm_key_t **keys;
284  hsm_ctx_t *ctx = NULL;
285 
286  if (argc != 1) {
287  usage();
288  return -1;
289  }
290 
291  repository = strdup(argv[0]);
292  argc--;
293  argv++;
294 
295  /* Check for repository before starting using it */
296  if (hsm_token_attached(ctx, repository) == 0) {
297  hsm_print_error(ctx);
298  return 1;
299  }
300 
301  printf("Purging all keys from repository: %s\n", repository);
302  keys = hsm_list_keys_repository(NULL, &key_count, repository);
303 
304  printf("%u %s found.\n\n", (unsigned int) key_count,
305  (key_count > 1 || key_count == 0 ? "keys" : "key"));
306 
307  if (!keys) {
308  return -1;
309  }
310 
311  if (key_count == 0) {
312  return -1;
313  }
314 
315  printf("Are you sure you want to remove ALL keys from repository %s ? (YES/NO) ", repository);
316  fresult = fgets(confirm, sizeof(confirm) - 1, stdin);
317  if (fresult == NULL || strncasecmp(confirm, "yes", 3) != 0) {
318  printf("\nPurge cancelled.\n");
319  hsm_key_list_free(keys, key_count);
320  return -1;
321  } else {
322  printf("\nStarting purge...\n");
323  }
324 
325  for (i = 0; i < key_count; i++) {
326  hsm_key_info_t *key_info;
327  hsm_key_t *key = keys[i];
328 
329  key_info = hsm_get_key_info(NULL, key);
330  result = hsm_remove_key(NULL, key);
331 
332  if (!result) {
333  printf("Key remove successful: %s\n",
334  key_info ? key_info->id : "NULL");
335  } else {
336  printf("Key remove failed: %s\n",
337  key_info ? key_info->id : "NULL");
338  final_result++;
339  }
340 
341  hsm_key_info_free(key_info);
342  }
343  hsm_key_list_free(keys, key_count);
344 
345  printf("Purge done.\n");
346 
347  return final_result;
348 }
349 
350 int
351 cmd_dnskey (int argc, char *argv[])
352 {
353  char *id;
354  char *name;
355 
356  hsm_key_t *key = NULL;
357  ldns_rr *dnskey_rr;
358  hsm_sign_params_t *sign_params;
359 
360  if (argc != 2) {
361  usage();
362  return -1;
363  }
364 
365  id = strdup(argv[0]);
366  name = strdup(argv[1]);
367 
368  key = hsm_find_key_by_id(NULL, id);
369 
370  if (!key) {
371  printf("Key not found: %s\n", id);
372  free(name);
373  free(id);
374  return -1;
375  }
376 
377  sign_params = hsm_sign_params_new();
378  sign_params->algorithm = LDNS_RSASHA1;
379  sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, name);
380  dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
381  sign_params->keytag = ldns_calc_keytag(dnskey_rr);
382 
383  ldns_rr_print(stdout, dnskey_rr);
384 
385  hsm_sign_params_free(sign_params);
386  ldns_rr_free(dnskey_rr);
387  hsm_key_free(key);
388  free(name);
389  free(id);
390 
391  return 0;
392 }
393 
394 int
395 cmd_test (int argc, char *argv[])
396 {
397  char *repository = NULL;
398 
399  if (argc) {
400  repository = strdup(argv[0]);
401  argc--;
402  argv++;
403 
404  printf("Testing repository: %s\n\n", repository);
405  return hsm_test(repository);
406  } else {
407  usage();
408  }
409 
410  return 0;
411 }
412 
413 int
415 {
416  hsm_print_tokeninfo(NULL);
417 
418  return 0;
419 }
420 
421 int
423 {
424  hsm_print_ctx(NULL);
425 
426  return 0;
427 }
428 
429 int
430 main (int argc, char *argv[])
431 {
432  int result;
433 
434  char *config = NULL;
435 
436  int ch;
437  progname = argv[0];
438 
439  while ((ch = getopt(argc, argv, "c:vVh")) != -1) {
440  switch (ch) {
441  case 'c':
442  config = strdup(optarg);
443  break;
444  case 'v':
445  verbose++;
446  break;
447  case 'V':
448  version();
449  exit(0);
450  break;
451  case 'h':
452  usage();
453  exit(0);
454  break;
455  default:
456  usage();
457  exit(1);
458  }
459  }
460  argc -= optind;
461  argv += optind;
462 
463  if (!argc) {
464  usage();
465  exit(1);
466  }
467 
468 
469  if (!strcasecmp(argv[0], "logout")) {
470  if (config) free(config);
471  exit(cmd_logout());
472  }
473 
474  result = hsm_open(config, hsm_prompt_pin);
475  if (result) {
476  hsm_print_error(NULL);
477  exit(-1);
478  }
479 
480  openlog("hsmutil", LOG_PID, LOG_USER);
481 
482  if (!strcasecmp(argv[0], "login")) {
483  argc --;
484  argv ++;
485  result = cmd_login();
486  } else if (!strcasecmp(argv[0], "list")) {
487  argc --;
488  argv ++;
489  result = cmd_list(argc, argv);
490  } else if (!strcasecmp(argv[0], "generate")) {
491  argc --;
492  argv ++;
493  result = cmd_generate(argc, argv);
494  } else if (!strcasecmp(argv[0], "remove")) {
495  argc --;
496  argv ++;
497  result = cmd_remove(argc, argv);
498  } else if (!strcasecmp(argv[0], "purge")) {
499  argc --;
500  argv ++;
501  result = cmd_purge(argc, argv);
502  } else if (!strcasecmp(argv[0], "dnskey")) {
503  argc --;
504  argv ++;
505  result = cmd_dnskey(argc, argv);
506  } else if (!strcasecmp(argv[0], "test")) {
507  argc --;
508  argv ++;
509  result = cmd_test(argc, argv);
510  } else if (!strcasecmp(argv[0], "info")) {
511  argc --;
512  argv ++;
513  result = cmd_info();
514  } else if (!strcasecmp(argv[0], "debug")) {
515  argc --;
516  argv ++;
517  result = cmd_debug();
518  } else {
519  usage();
520  result = -1;
521  }
522 
523  (void) hsm_close();
524  if (config) free(config);
525 
526  closelog();
527 
528  exit(result);
529 }
void hsm_key_free(hsm_key_t *key)
Definition: libhsm.c:2670
char * progname
Definition: hsmutil.c:42
int cmd_purge(int argc, char *argv[])
Definition: hsmutil.c:272
hsm_key_t * hsm_find_key_by_id(hsm_ctx_t *ctx, const char *id)
Definition: libhsm.c:2327
int cmd_generate(int argc, char *argv[])
Definition: hsmutil.c:182
hsm_key_info_t * hsm_get_key_info(hsm_ctx_t *ctx, const hsm_key_t *key)
Definition: libhsm.c:2719
void hsm_sign_params_free(hsm_sign_params_t *params)
Definition: libhsm.c:2235
int cmd_list(int argc, char *argv[])
Definition: hsmutil.c:97
int main(int argc, char *argv[])
Definition: hsmutil.c:430
char * name
Definition: libhsm.h:84
void hsm_print_ctx(hsm_ctx_t *gctx)
Definition: libhsm.c:3240
ldns_rdf * owner
Definition: libhsmdns.h:47
int hsm_close()
Definition: libhsm.c:2146
int cmd_remove(int argc, char *argv[])
Definition: hsmutil.c:237
void hsm_key_list_free(hsm_key_t **key_list, size_t count)
Definition: libhsm.c:2678
unsigned int verbose
Definition: hsmutil.c:43
ldns_rr * hsm_get_dnskey(hsm_ctx_t *ctx, const hsm_key_t *key, const hsm_sign_params_t *sign_params)
Definition: libhsm.c:3001
int hsm_open(const char *config, char *(pin_callback)(unsigned int, const char *, unsigned int))
Definition: libhsm.c:1990
hsm_key_t ** hsm_list_keys(hsm_ctx_t *ctx, size_t *count)
Definition: libhsm.c:2244
void hsm_key_info_free(hsm_key_info_t *key_info)
Definition: libhsm.c:2766
void hsm_print_key(hsm_key_t *key)
Definition: libhsm.c:3257
int cmd_test(int argc, char *argv[])
Definition: hsmutil.c:395
int cmd_debug()
Definition: hsmutil.c:422
int hsm_token_attached(hsm_ctx_t *ctx, const char *repository)
Definition: libhsm.c:3158
uint16_t keytag
Definition: libhsmdns.h:45
hsm_sign_params_t * hsm_sign_params_new()
Definition: libhsm.c:2218
ldns_algorithm algorithm
Definition: libhsmdns.h:37
int hsm_test(const char *repository)
Definition: hsmtest.c:110
int hsm_logout_pin()
Definition: pin.c:413
char * algorithm_name
Definition: libhsm.h:109
int cmd_login()
Definition: hsmutil.c:75
const hsm_module_t * module
Definition: libhsm.h:100
int cmd_dnskey(int argc, char *argv[])
Definition: hsmutil.c:351
int hsm_remove_key(hsm_ctx_t *ctx, hsm_key_t *key)
Definition: libhsm.c:2640
int cmd_logout()
Definition: hsmutil.c:83
ldns_algorithm algorithm
Definition: hsmspeed.c:41
hsm_key_t ** hsm_list_keys_repository(hsm_ctx_t *ctx, size_t *count, const char *repository)
Definition: libhsm.c:2280
#define HSM_OK
Definition: libhsm.h:61
unsigned long keysize
Definition: libhsm.h:110
char * id
Definition: libhsm.h:107
void usage()
Definition: hsmutil.c:54
void version()
Definition: hsmutil.c:47
hsm_key_t * hsm_generate_rsa_key(hsm_ctx_t *ctx, const char *repository, unsigned long keysize)
Definition: libhsm.c:2343
char * hsm_prompt_pin(unsigned int id, const char *repository, unsigned int mode)
Definition: pin.c:228
#define HSM_MAX_ALGONAME
Definition: libhsm.h:43
void hsm_print_error(hsm_ctx_t *gctx)
Definition: libhsm.c:3284
void hsm_print_tokeninfo(hsm_ctx_t *gctx)
Definition: libhsm.c:3299
char * optarg
int cmd_info()
Definition: hsmutil.c:414