1 /* $NetBSD: bigkey.c,v 1.6 2014/12/10 04:37:54 christos Exp $ */ 2 3 /* 4 * Copyright (C) 2012, 2014 Internet Systems Consortium, Inc. ("ISC") 5 * 6 * Permission to use, copy, modify, and/or distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 11 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 12 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 13 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 14 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 15 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /* Id */ 20 21 #include <config.h> 22 23 #if defined(OPENSSL) || defined(PKCS11CRYPTO) 24 25 #include <stdio.h> 26 #include <stdlib.h> 27 28 #include <isc/buffer.h> 29 #include <isc/entropy.h> 30 #include <isc/mem.h> 31 #include <isc/region.h> 32 #include <isc/stdio.h> 33 #include <isc/string.h> 34 #include <isc/util.h> 35 36 #define DST_KEY_INTERNAL 37 38 #include <dns/dnssec.h> 39 #include <dns/fixedname.h> 40 #include <dns/keyvalues.h> 41 #include <dns/log.h> 42 #include <dns/name.h> 43 #include <dns/rdataclass.h> 44 #include <dns/result.h> 45 #include <dns/secalg.h> 46 47 #include <dst/dst.h> 48 #include <dst/result.h> 49 50 #ifdef OPENSSL 51 #include <openssl/opensslv.h> 52 #if OPENSSL_VERSION_NUMBER <= 0x00908000L 53 #define USE_FIX_KEY_FILES 54 #endif 55 #else 56 #define USE_FIX_KEY_FILES 57 #endif 58 59 #ifdef USE_FIX_KEY_FILES 60 61 /* 62 * Use a fixed key file pair if OpenSSL doesn't support > 32 bit exponents. 63 */ 64 65 int 66 main(int argc, char **argv) { 67 FILE *fp; 68 69 UNUSED(argc); 70 UNUSED(argv); 71 72 fp = fopen("Kexample.+005+10264.private", "w"); 73 if (fp == NULL) { 74 perror("fopen(Kexample.+005+10264.private)"); 75 exit(1); 76 } 77 78 fputs("Private-key-format: v1.3\n", fp); 79 fputs("Algorithm: 5 (RSASHA1)\n", fp); 80 fputs("Modulus: yhNbLRPA7VpLCXcgMvBwsfe7taVaTvLPY3AI+YolKwqD6" 81 "/3nLlCcz4kBOTOkQBf9bmO98WnKuOWoxuEOgudoDvQOzXNl9RJtt61" 82 "IRMscAlsVtTIfAjPLhcGy32l2s5VYWWVXx/qkcf+i/JC38YXIuVdiA" 83 "MtbgQV40ffM4lAbZ7M=\n", fp); 84 fputs("PublicExponent: AQAAAAAAAQ==\n", fp); 85 fputs("PrivateExponent: gfXvioazoFIJp3/H2kJncrRZaqjIf9+21CL1i" 86 "XecBOof03er8ym5AKopZQM8ie+qxvhDkIJ8YDrB7UbDxmFpPceHWYM" 87 "X0vDWQCIiEiKzRfCsBOjgJu6HS15G/oZDqDwKat+yegtzxhg48BCPq" 88 "zfHLXXUvBTA/HK/u8L1LwggqHk=\n", fp); 89 fputs("Prime1: 7xAPHsNnS0w7CoEnIQiu+SrmHsy86HKJOEm9FiQybRVCwf" 90 "h4ZRQl+Z9mUbb9skjPvkM6ZeuzXTFkOjdck2y1NQ==\n", fp); 91 fputs("Prime2: 2GRzzqyRR2gfITPug8Rddxt647/2DrAuKricX/AXyGcuHM" 92 "vTZ+v+mfgJn6TFqSn4SBF2zHJ876lWbQ+12aNORw==\n", fp); 93 fputs("Exponent1: PnGTwxiT59N/Rq/FSAwcwoAudiF/X3iK0X09j9Dl8cY" 94 "DYAJ0bhB9es1LIaSsgLSER2b1kHbCp+FQXGVHJeZ07Q==\n", fp); 95 fputs("Exponent2: Ui+zxA/zbnUSYnz+wdbrfBD2aTeKytZG4ASI3oPDZag" 96 "V9YC0eZRPjI82KQcFXoj1b/fV/HzT9/9rhU4mvCGjLw==\n", fp); 97 fputs("Coefficient: sdCL6AdOaCr9c+RO8NCA492MOT9w7K9d/HauC+fif" 98 "2iWN36dA+BCKaeldS/+6ZTnV2ZVyVFQTeLJM8hplxDBwQ==\n", fp); 99 100 if (fclose(fp) != 0) { 101 perror("fclose(Kexample.+005+10264.private)"); 102 exit(1); 103 } 104 105 fp = fopen("Kexample.+005+10264.key", "w"); 106 if (fp == NULL) { 107 perror("fopen(Kexample.+005+10264.key)"); 108 exit(1); 109 } 110 111 fputs("; This is a zone-signing key, keyid 10264, for example.\n", fp); 112 fputs("example. IN DNSKEY 256 3 5 BwEAAAAAAAHKE1stE8DtWksJdyA" 113 "y8HCx97u1pVpO8s9jcAj5iiUrCoPr /ecuUJzPiQE5M6RAF/1uY73x" 114 "acq45ajG4Q6C52gO9A7Nc2X1Em23rUhE yxwCWxW1Mh8CM8uFwbLfaX" 115 "azlVhZZVfH+qRx/6L8kLfxhci5V2IAy1uB BXjR98ziUBtnsw==\n", fp); 116 117 if (fclose(fp) != 0) { 118 perror("close(Kexample.+005+10264.key)"); 119 exit(1); 120 } 121 122 return(0); 123 } 124 #else 125 #include <openssl/err.h> 126 #include <openssl/objects.h> 127 #include <openssl/rsa.h> 128 #include <openssl/bn.h> 129 #include <openssl/evp.h> 130 131 dst_key_t *key; 132 dns_fixedname_t fname; 133 dns_name_t *name; 134 unsigned int bits = 1024U; 135 isc_entropy_t *ectx; 136 isc_entropysource_t *source; 137 isc_mem_t *mctx; 138 isc_log_t *log_; 139 isc_logconfig_t *logconfig; 140 int level = ISC_LOG_WARNING; 141 isc_logdestination_t destination; 142 char filename[255]; 143 isc_result_t result; 144 isc_buffer_t buf; 145 RSA *rsa; 146 BIGNUM *e; 147 EVP_PKEY *pkey; 148 149 #define CHECK(op, msg) \ 150 do { result = (op); \ 151 if (result != ISC_R_SUCCESS) { \ 152 fprintf(stderr, \ 153 "fatal error: %s returns %s at file %s line %d\n", \ 154 msg, isc_result_totext(result), __FILE__, __LINE__); \ 155 exit(1); \ 156 } \ 157 } while (/*CONSTCOND*/0) 158 159 int 160 main(int argc, char **argv) { 161 UNUSED(argc); 162 UNUSED(argv); 163 164 rsa = RSA_new(); 165 e = BN_new(); 166 pkey = EVP_PKEY_new(); 167 168 if ((rsa == NULL) || (e == NULL) || (pkey == NULL) || 169 !EVP_PKEY_set1_RSA(pkey, rsa)) { 170 fprintf(stderr, "fatal error: basic OpenSSL failure\n"); 171 exit(1); 172 } 173 174 /* e = 0x1000000000001 */ 175 BN_set_bit(e, 0); 176 BN_set_bit(e, 48); 177 178 if (RSA_generate_key_ex(rsa, bits, e, NULL)) { 179 BN_free(e); 180 RSA_free(rsa); 181 } else { 182 fprintf(stderr, 183 "fatal error: RSA_generate_key_ex() fails " 184 "at file %s line %d\n", 185 __FILE__, __LINE__); 186 exit(1); 187 } 188 189 dns_result_register(); 190 191 CHECK(isc_mem_create(0, 0, &mctx), "isc_mem_create()"); 192 CHECK(isc_entropy_create(mctx, &ectx), "isc_entropy_create()"); 193 CHECK(isc_entropy_usebestsource(ectx, &source, 194 "../random.data", 195 ISC_ENTROPY_KEYBOARDNO), 196 "isc_entropy_usebestsource(\"../random.data\")"); 197 CHECK(dst_lib_init2(mctx, ectx, NULL, 0), "dst_lib_init2()"); 198 CHECK(isc_log_create(mctx, &log_, &logconfig), "isc_log_create()"); 199 isc_log_setcontext(log_); 200 dns_log_init(log_); 201 dns_log_setcontext(log_); 202 CHECK(isc_log_settag(logconfig, "bigkey"), "isc_log_settag()"); 203 destination.file.stream = stderr; 204 destination.file.name = NULL; 205 destination.file.versions = ISC_LOG_ROLLNEVER; 206 destination.file.maximum_size = 0; 207 CHECK(isc_log_createchannel(logconfig, "stderr", 208 ISC_LOG_TOFILEDESC, 209 level, 210 &destination, 211 ISC_LOG_PRINTTAG | ISC_LOG_PRINTLEVEL), 212 "isc_log_createchannel()"); 213 CHECK(isc_log_usechannel(logconfig, "stderr", NULL, NULL), 214 "isc_log_usechannel()"); 215 dns_fixedname_init(&fname); 216 name = dns_fixedname_name(&fname); 217 isc_buffer_constinit(&buf, "example.", strlen("example.")); 218 isc_buffer_add(&buf, strlen("example.")); 219 CHECK(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL), 220 "dns_name_fromtext(\"example.\")"); 221 222 CHECK(dst_key_buildinternal(name, DNS_KEYALG_RSASHA1, 223 bits, DNS_KEYOWNER_ZONE, 224 DNS_KEYPROTO_DNSSEC, dns_rdataclass_in, 225 pkey, mctx, &key), 226 "dst_key_buildinternal(...)"); 227 228 CHECK(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL), 229 "dst_key_tofile()"); 230 isc_buffer_init(&buf, filename, sizeof(filename) - 1); 231 isc_buffer_clear(&buf); 232 CHECK(dst_key_buildfilename(key, 0, NULL, &buf), 233 "dst_key_buildfilename()"); 234 printf("%s\n", filename); 235 dst_key_free(&key); 236 237 isc_log_destroy(&log_); 238 isc_log_setcontext(NULL); 239 dns_log_setcontext(NULL); 240 if (source != NULL) 241 isc_entropy_destroysource(&source); 242 isc_entropy_detach(&ectx); 243 dst_lib_destroy(); 244 dns_name_destroy(); 245 isc_mem_destroy(&mctx); 246 return (0); 247 } 248 #endif 249 250 #else /* OPENSSL || PKCS11CRYPTO */ 251 252 #include <stdio.h> 253 #include <stdlib.h> 254 255 #include <isc/util.h> 256 257 int 258 main(int argc, char **argv) { 259 UNUSED(argc); 260 UNUSED(argv); 261 fprintf(stderr, "Compiled without Crypto\n"); 262 exit(1); 263 } 264 265 #endif /* OPENSSL || PKCS11CRYPTO */ 266 /*! \file */ 267