1/* $NetBSD: bigkey.c,v 1.2.2.2 2012/12/15 05:39:44 riz Exp $ */ 2 3/* 4 * Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") 5 * 6 * Permission to use, copy, modify, and/or distribute this software for any 7 * purpose with or without fee is hereby granted, provided that the above 8 * copyright notice and this permission notice appear in all copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 11 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 12 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 13 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 14 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 15 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19/* Id */ 20 21#ifdef OPENSSL 22#include <config.h> 23 24#include <stdio.h> 25#include <stdlib.h> 26 27#include <isc/buffer.h> 28#include <isc/entropy.h> 29#include <isc/mem.h> 30#include <isc/region.h> 31#include <isc/stdio.h> 32#include <isc/string.h> 33#include <isc/util.h> 34 35#define DST_KEY_INTERNAL 36 37#include <dns/dnssec.h> 38#include <dns/fixedname.h> 39#include <dns/keyvalues.h> 40#include <dns/log.h> 41#include <dns/name.h> 42#include <dns/rdataclass.h> 43#include <dns/result.h> 44#include <dns/secalg.h> 45 46#include <dst/dst.h> 47#include <dst/result.h> 48 49#include <openssl/opensslv.h> 50#if OPENSSL_VERSION_NUMBER <= 0x00908000L 51 52/* 53 * Use a fixed key file pair if OpenSSL doesn't support > 32 bit exponents. 54 */ 55 56int 57main(int argc, char **argv) { 58 FILE *fp; 59 60 UNUSED(argc); 61 UNUSED(argv); 62 63 fp = fopen("Kexample.+005+10264.private", "w"); 64 if (fp == NULL) { 65 perror("fopen(Kexample.+005+10264.private)"); 66 exit(1); 67 } 68 69 fputs("Private-key-format: v1.3\n", fp); 70 fputs("Algorithm: 5 (RSASHA1)\n", fp); 71 fputs("Modulus: yhNbLRPA7VpLCXcgMvBwsfe7taVaTvLPY3AI+YolKwqD6" 72 "/3nLlCcz4kBOTOkQBf9bmO98WnKuOWoxuEOgudoDvQOzXNl9RJtt61" 73 "IRMscAlsVtTIfAjPLhcGy32l2s5VYWWVXx/qkcf+i/JC38YXIuVdiA" 74 "MtbgQV40ffM4lAbZ7M=\n", fp); 75 fputs("PublicExponent: AQAAAAAAAQ==\n", fp); 76 fputs("PrivateExponent: gfXvioazoFIJp3/H2kJncrRZaqjIf9+21CL1i" 77 "XecBOof03er8ym5AKopZQM8ie+qxvhDkIJ8YDrB7UbDxmFpPceHWYM" 78 "X0vDWQCIiEiKzRfCsBOjgJu6HS15G/oZDqDwKat+yegtzxhg48BCPq" 79 "zfHLXXUvBTA/HK/u8L1LwggqHk=\n", fp); 80 fputs("Prime1: 7xAPHsNnS0w7CoEnIQiu+SrmHsy86HKJOEm9FiQybRVCwf" 81 "h4ZRQl+Z9mUbb9skjPvkM6ZeuzXTFkOjdck2y1NQ==\n", fp); 82 fputs("Prime2: 2GRzzqyRR2gfITPug8Rddxt647/2DrAuKricX/AXyGcuHM" 83 "vTZ+v+mfgJn6TFqSn4SBF2zHJ876lWbQ+12aNORw==\n", fp); 84 fputs("Exponent1: PnGTwxiT59N/Rq/FSAwcwoAudiF/X3iK0X09j9Dl8cY" 85 "DYAJ0bhB9es1LIaSsgLSER2b1kHbCp+FQXGVHJeZ07Q==\n", fp); 86 fputs("Exponent2: Ui+zxA/zbnUSYnz+wdbrfBD2aTeKytZG4ASI3oPDZag" 87 "V9YC0eZRPjI82KQcFXoj1b/fV/HzT9/9rhU4mvCGjLw==\n", fp); 88 fputs("Coefficient: sdCL6AdOaCr9c+RO8NCA492MOT9w7K9d/HauC+fif" 89 "2iWN36dA+BCKaeldS/+6ZTnV2ZVyVFQTeLJM8hplxDBwQ==\n", fp); 90 91 if (fclose(fp) != 0) { 92 perror("fclose(Kexample.+005+10264.private)"); 93 exit(1); 94 } 95 96 fp = fopen("Kexample.+005+10264.key", "w"); 97 if (fp == NULL) { 98 perror("fopen(Kexample.+005+10264.key)"); 99 exit(1); 100 } 101 102 fputs("; This is a zone-signing key, keyid 10264, for example.\n", fp); 103 fputs("example. IN DNSKEY 256 3 5 BwEAAAAAAAHKE1stE8DtWksJdyA" 104 "y8HCx97u1pVpO8s9jcAj5iiUrCoPr /ecuUJzPiQE5M6RAF/1uY73x" 105 "acq45ajG4Q6C52gO9A7Nc2X1Em23rUhE yxwCWxW1Mh8CM8uFwbLfaX" 106 "azlVhZZVfH+qRx/6L8kLfxhci5V2IAy1uB BXjR98ziUBtnsw==\n", fp); 107 108 if (fclose(fp) != 0) { 109 perror("close(Kexample.+005+10264.key)"); 110 exit(1); 111 } 112 113 exit(0); 114} 115#else 116#include <openssl/err.h> 117#include <openssl/objects.h> 118#include <openssl/rsa.h> 119#include <openssl/bn.h> 120#include <openssl/evp.h> 121 122dst_key_t *key; 123dns_fixedname_t fname; 124dns_name_t *name; 125unsigned int bits = 1024U; 126isc_entropy_t *ectx; 127isc_entropysource_t *source; 128isc_mem_t *mctx; 129isc_log_t *log_; 130isc_logconfig_t *logconfig; 131int level = ISC_LOG_WARNING; 132isc_logdestination_t destination; 133char filename[255]; 134isc_result_t result; 135isc_buffer_t buf; 136RSA *rsa; 137BIGNUM *e; 138EVP_PKEY *pkey; 139 140#define CHECK(op, msg) \ 141do { result = (op); \ 142 if (result != ISC_R_SUCCESS) { \ 143 fprintf(stderr, \ 144 "fatal error: %s returns %s at file %s line %d\n", \ 145 msg, isc_result_totext(result), __FILE__, __LINE__); \ 146 exit(1); \ 147 } \ 148} while (/*CONSTCOND*/0) 149 150int 151main(int argc, char **argv) { 152 UNUSED(argc); 153 UNUSED(argv); 154 155 rsa = RSA_new(); 156 e = BN_new(); 157 pkey = EVP_PKEY_new(); 158 159 if ((rsa == NULL) || (e == NULL) || (pkey == NULL) || 160 !EVP_PKEY_set1_RSA(pkey, rsa)) { 161 fprintf(stderr, "fatal error: basic OpenSSL failure\n"); 162 exit(1); 163 } 164 165 /* e = 0x1000000000001 */ 166 BN_set_bit(e, 0); 167 BN_set_bit(e, 48); 168 169 if (RSA_generate_key_ex(rsa, bits, e, NULL)) { 170 BN_free(e); 171 RSA_free(rsa); 172 } else { 173 fprintf(stderr, 174 "fatal error: RSA_generate_key_ex() fails " 175 "at file %s line %d\n", 176 __FILE__, __LINE__); 177 exit(1); 178 } 179 180 dns_result_register(); 181 182 CHECK(isc_mem_create(0, 0, &mctx), "isc_mem_create()"); 183 CHECK(isc_entropy_create(mctx, &ectx), "isc_entropy_create()"); 184 CHECK(isc_entropy_usebestsource(ectx, &source, 185 "random.data", ISC_ENTROPY_KEYBOARDNO), 186 "isc_entropy_usebestsource(\"random.data\")"); 187 CHECK(dst_lib_init2(mctx, ectx, NULL, 0), "dst_lib_init2()"); 188 CHECK(isc_log_create(mctx, &log_, &logconfig), "isc_log_create()"); 189 isc_log_setcontext(log_); 190 dns_log_init(log_); 191 dns_log_setcontext(log_); 192 CHECK(isc_log_settag(logconfig, "bigkey"), "isc_log_settag()"); 193 destination.file.stream = stderr; 194 destination.file.name = NULL; 195 destination.file.versions = ISC_LOG_ROLLNEVER; 196 destination.file.maximum_size = 0; 197 CHECK(isc_log_createchannel(logconfig, "stderr", 198 ISC_LOG_TOFILEDESC, 199 level, 200 &destination, 201 ISC_LOG_PRINTTAG | ISC_LOG_PRINTLEVEL), 202 "isc_log_createchannel()"); 203 CHECK(isc_log_usechannel(logconfig, "stderr", NULL, NULL), 204 "isc_log_usechannel()"); 205 dns_fixedname_init(&fname); 206 name = dns_fixedname_name(&fname); 207 isc_buffer_init(&buf, "example.", strlen("example.")); 208 isc_buffer_add(&buf, strlen("example.")); 209 CHECK(dns_name_fromtext(name, &buf, dns_rootname, 0, NULL), 210 "dns_name_fromtext(\"example.\")"); 211 212 CHECK(dst_key_buildinternal(name, DNS_KEYALG_RSASHA1, 213 bits, DNS_KEYOWNER_ZONE, 214 DNS_KEYPROTO_DNSSEC, dns_rdataclass_in, 215 pkey, mctx, &key), 216 "dst_key_buildinternal(...)"); 217 218 CHECK(dst_key_tofile(key, DST_TYPE_PRIVATE | DST_TYPE_PUBLIC, NULL), 219 "dst_key_tofile()"); 220 isc_buffer_init(&buf, filename, sizeof(filename) - 1); 221 isc_buffer_clear(&buf); 222 CHECK(dst_key_buildfilename(key, 0, NULL, &buf), 223 "dst_key_buildfilename()"); 224 printf("%s\n", filename); 225 dst_key_free(&key); 226 227 isc_log_destroy(&log_); 228 isc_log_setcontext(NULL); 229 dns_log_setcontext(NULL); 230 if (source != NULL) 231 isc_entropy_destroysource(&source); 232 isc_entropy_detach(&ectx); 233 dst_lib_destroy(); 234 dns_name_destroy(); 235 isc_mem_destroy(&mctx); 236 return (0); 237} 238#endif 239 240#else /* OPENSSL */ 241 242#include <stdio.h> 243#include <stdlib.h> 244 245int 246main(int argc, char **argv) { 247 fprintf(stderr, "Compiled without OpenSSL\n"); 248 exit(1); 249} 250 251#endif /* OPENSSL */ 252/*! \file */ 253