1 /* $NetBSD: bigkey.c,v 1.6 2014/12/10 04:37:54 christos Exp $ */
2
3 /*
4 * Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
5 *
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 * PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 /* Id */
20
21 #include <config.h>
22
23 #if defined(OPENSSL) || defined(PKCS11CRYPTO)
24
25 #include <stdio.h>
26 #include <stdlib.h>
27
28 #include <isc/buffer.h>
29 #include <isc/entropy.h>
30 #include <isc/mem.h>
31 #include <isc/region.h>
32 #include <isc/stdio.h>
33 #include <isc/string.h>
34 #include <isc/util.h>
35
36 #define DST_KEY_INTERNAL
37
38 #include <dns/dnssec.h>
39 #include <dns/fixedname.h>
40 #include <dns/keyvalues.h>
41 #include <dns/log.h>
42 #include <dns/name.h>
43 #include <dns/rdataclass.h>
44 #include <dns/result.h>
45 #include <dns/secalg.h>
46
47 #include <dst/dst.h>
48 #include <dst/result.h>
49
50 #ifdef OPENSSL
51 #include <openssl/opensslv.h>
52 #if OPENSSL_VERSION_NUMBER <= 0x00908000L
53 #define USE_FIX_KEY_FILES
54 #endif
55 #else
56 #define USE_FIX_KEY_FILES
57 #endif
58
59 #ifdef USE_FIX_KEY_FILES
60
61 /*
62 * Use a fixed key file pair if OpenSSL doesn't support > 32 bit exponents.
63 */
64
65 int
main(int argc,char ** argv)66 main(int argc, char **argv) {
67 FILE *fp;
68
69 UNUSED(argc);
70 UNUSED(argv);
71
72 fp = fopen("Kexample.+005+10264.private", "w");
73 if (fp == NULL) {
74 perror("fopen(Kexample.+005+10264.private)");
75 exit(1);
76 }
77
78 fputs("Private-key-format: v1.3\n", fp);
79 fputs("Algorithm: 5 (RSASHA1)\n", fp);
80 fputs("Modulus: yhNbLRPA7VpLCXcgMvBwsfe7taVaTvLPY3AI+YolKwqD6"
81 "/3nLlCcz4kBOTOkQBf9bmO98WnKuOWoxuEOgudoDvQOzXNl9RJtt61"
82 "IRMscAlsVtTIfAjPLhcGy32l2s5VYWWVXx/qkcf+i/JC38YXIuVdiA"
83 "MtbgQV40ffM4lAbZ7M=\n", fp);
84 fputs("PublicExponent: AQAAAAAAAQ==\n", fp);
85 fputs("PrivateExponent: gfXvioazoFIJp3/H2kJncrRZaqjIf9+21CL1i"
86 "XecBOof03er8ym5AKopZQM8ie+qxvhDkIJ8YDrB7UbDxmFpPceHWYM"
87 "X0vDWQCIiEiKzRfCsBOjgJu6HS15G/oZDqDwKat+yegtzxhg48BCPq"
88 "zfHLXXUvBTA/HK/u8L1LwggqHk=\n", fp);
89 fputs("Prime1: 7xAPHsNnS0w7CoEnIQiu+SrmHsy86HKJOEm9FiQybRVCwf"
90 "h4ZRQl+Z9mUbb9skjPvkM6ZeuzXTFkOjdck2y1NQ==\n", fp);
91 fputs("Prime2: 2GRzzqyRR2gfITPug8Rddxt647/2DrAuKricX/AXyGcuHM"
92 "vTZ+v+mfgJn6TFqSn4SBF2zHJ876lWbQ+12aNORw==\n", fp);
93 fputs("Exponent1: PnGTwxiT59N/Rq/FSAwcwoAudiF/X3iK0X09j9Dl8cY"
94 "DYAJ0bhB9es1LIaSsgLSER2b1kHbCp+FQXGVHJeZ07Q==\n", fp);
95 fputs("Exponent2: Ui+zxA/zbnUSYnz+wdbrfBD2aTeKytZG4ASI3oPDZag"
96 "V9YC0eZRPjI82KQcFXoj1b/fV/HzT9/9rhU4mvCGjLw==\n", fp);
97 fputs("Coefficient: sdCL6AdOaCr9c+RO8NCA492MOT9w7K9d/HauC+fif"
98 "2iWN36dA+BCKaeldS/+6ZTnV2ZVyVFQTeLJM8hplxDBwQ==\n", fp);
99
100 if (fclose(fp) != 0) {
101 perror("fclose(Kexample.+005+10264.private)");
102 exit(1);
103 }
104
105 fp = fopen("Kexample.+005+10264.key", "w");
106 if (fp == NULL) {
107 perror("fopen(Kexample.+005+10264.key)");
108 exit(1);
109 }
110
111 fputs("; This is a zone-signing key, keyid 10264, for example.\n", fp);
112 fputs("example. IN DNSKEY 256 3 5 BwEAAAAAAAHKE1stE8DtWksJdyA"
113 "y8HCx97u1pVpO8s9jcAj5iiUrCoPr /ecuUJzPiQE5M6RAF/1uY73x"
114 "acq45ajG4Q6C52gO9A7Nc2X1Em23rUhE yxwCWxW1Mh8CM8uFwbLfaX"
115 "azlVhZZVfH+qRx/6L8kLfxhci5V2IAy1uB BXjR98ziUBtnsw==\n", fp);
116
117 if (fclose(fp) != 0) {
118 perror("close(Kexample.+005+10264.key)");
119 exit(1);
120 }
121
122 return(0);
123 }
124 #else
125 #include <openssl/err.h>
126 #include <openssl/objects.h>
127 #include <openssl/rsa.h>
128 #include <openssl/bn.h>
129 #include <openssl/evp.h>
130
131 dst_key_t *key;
132 dns_fixedname_t fname;
133 dns_name_t *name;
134 unsigned int bits = 1024U;
135 isc_entropy_t *ectx;
136 isc_entropysource_t *source;
137 isc_mem_t *mctx;
138 isc_log_t *log_;
139 isc_logconfig_t *logconfig;
140 int level = ISC_LOG_WARNING;
141 isc_logdestination_t destination;
142 char filename[255];
143 isc_result_t result;
144 isc_buffer_t buf;
145 RSA *rsa;
146 BIGNUM *e;
147 EVP_PKEY *pkey;
148
149 #define CHECK(op, msg) \
150 do { result = (op); \
151 if (result != ISC_R_SUCCESS) { \
152 fprintf(stderr, \
153 "fatal error: %s returns %s at file %s line %d\n", \
154 msg, isc_result_totext(result), __FILE__, __LINE__); \
155 exit(1); \
156 } \
157 } while (/*CONSTCOND*/0)
158
159 int
main(int argc,char ** argv)160 main(int argc, char **argv) {
161 UNUSED(argc);
162 UNUSED(argv);
163
164 rsa = RSA_new();
165 e = BN_new();
166 pkey = EVP_PKEY_new();
167
168 if ((rsa == NULL) || (e == NULL) || (pkey == NULL) ||
169 !EVP_PKEY_set1_RSA(pkey, rsa)) {
170 fprintf(stderr, "fatal error: basic OpenSSL failure\n");
171 exit(1);
172 }
173
174 /* e = 0x1000000000001 */
175 BN_set_bit(e, 0);
176 BN_set_bit(e, 48);
177
178 if (RSA_generate_key_ex(rsa, bits, e, NULL)) {
179 BN_free(e);
180 RSA_free(rsa);
181 } else {
182 fprintf(stderr,
183 "fatal error: RSA_generate_key_ex() fails "
184 "at file %s line %d\n",
185 __FILE__, __LINE__);
186 exit(1);
187 }
188
189 dns_result_register();
190
191 CHECK(isc_mem_create(0, 0, &mctx), "isc_mem_create()");
192 CHECK(isc_entropy_create(mctx, &ectx), "isc_entropy_create()");
193 CHECK(isc_entropy_usebestsource(ectx, &source,
194 "../random.data",
195 ISC_ENTROPY_KEYBOARDNO),
196 "isc_entropy_usebestsource(\"../random.data\")");
197 CHECK(dst_lib_init2(mctx, ectx, NULL, 0), "dst_lib_init2()");
198 CHECK(isc_log_create(mctx, &log_, &logconfig), "isc_log_create()");
199 isc_log_setcontext(log_);
200 dns_log_init(log_);
201 dns_log_setcontext(log_);
202 CHECK(isc_log_settag(logconfig, "bigkey"), "isc_log_settag()");
203 destination.file.stream = stderr;
204 destination.file.name = NULL;
205 destination.file.versions = ISC_LOG_ROLLNEVER;
206 destination.file.maximum_size = 0;
207 CHECK(isc_log_createchannel(logconfig, "stderr",
208 ISC_LOG_TOFILEDESC,
209 level,
210 &destination,
211 ISC_LOG_PRINTTAG | ISC_LOG_PRINTLEVEL),
212 "isc_log_createchannel()");
213 CHECK(isc_log_usechannel(logconfig, "stderr", NULL, NULL),
214 "isc_log_usechannel()");
215 dns_fixedname_init(&fname);
216 name = dns_fixedname_name(&fname);
217 isc_buffer_constinit(&buf, "example.", strlen("example."));
218 isc_buffer_add(&buf, strlen("example."));
219 CHECK(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL),
220 "dns_name_fromtext(\"example.\")");
221
222 CHECK(dst_key_buildinternal(name, DNS_KEYALG_RSASHA1,
223 bits, DNS_KEYOWNER_ZONE,
224 DNS_KEYPROTO_DNSSEC, dns_rdataclass_in,
225 pkey, mctx, &key),
226 "dst_key_buildinternal(...)");
227
228 CHECK(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL),
229 "dst_key_tofile()");
230 isc_buffer_init(&buf, filename, sizeof(filename) - 1);
231 isc_buffer_clear(&buf);
232 CHECK(dst_key_buildfilename(key, 0, NULL, &buf),
233 "dst_key_buildfilename()");
234 printf("%s\n", filename);
235 dst_key_free(&key);
236
237 isc_log_destroy(&log_);
238 isc_log_setcontext(NULL);
239 dns_log_setcontext(NULL);
240 if (source != NULL)
241 isc_entropy_destroysource(&source);
242 isc_entropy_detach(&ectx);
243 dst_lib_destroy();
244 dns_name_destroy();
245 isc_mem_destroy(&mctx);
246 return (0);
247 }
248 #endif
249
250 #else /* OPENSSL || PKCS11CRYPTO */
251
252 #include <stdio.h>
253 #include <stdlib.h>
254
255 #include <isc/util.h>
256
257 int
main(int argc,char ** argv)258 main(int argc, char **argv) {
259 UNUSED(argc);
260 UNUSED(argv);
261 fprintf(stderr, "Compiled without Crypto\n");
262 exit(1);
263 }
264
265 #endif /* OPENSSL || PKCS11CRYPTO */
266 /*! \file */
267