diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/Makefile.am | 5 | ||||
| -rw-r--r-- | scripts/Makefile.in | 54 | ||||
| -rw-r--r-- | scripts/crypt_burn.c | 4 | ||||
| -rw-r--r-- | scripts/dnssec.c | 125 | ||||
| -rw-r--r-- | scripts/tls_test.c | 59 |
5 files changed, 227 insertions, 20 deletions
diff --git a/scripts/Makefile.am b/scripts/Makefile.am index ea399e84c..f7ecd9ef6 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -3,7 +3,8 @@ AM_CFLAGS = \ -DPLUGINS="\"${scripts_plugins}\"" noinst_PROGRAMS = bin2array bin2sql id2sql key2keyid keyid2sql oid2der \ - thread_analysis dh_speed pubkey_speed crypt_burn hash_burn fetch + thread_analysis dh_speed pubkey_speed crypt_burn hash_burn fetch \ + dnssec if USE_TLS noinst_PROGRAMS += tls_test @@ -24,6 +25,7 @@ pubkey_speed_SOURCES = pubkey_speed.c crypt_burn_SOURCES = crypt_burn.c hash_burn_SOURCES = hash_burn.c fetch_SOURCES = fetch.c +dnssec_SOURCES = dnssec.c id2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la key2keyid_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la keyid2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la @@ -33,6 +35,7 @@ pubkey_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt crypt_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la hash_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la fetch_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +dnssec_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la key2keyid.o : $(top_builddir)/config.status diff --git a/scripts/Makefile.in b/scripts/Makefile.in index bb95cdf43..1aa9c2e60 100644 --- a/scripts/Makefile.in +++ b/scripts/Makefile.in @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.11.3 from Makefile.am. +# Makefile.in generated by automake 1.11.6 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, @@ -16,6 +16,23 @@ @SET_MAKE@ VPATH = @srcdir@ +am__make_dryrun = \ + { \ + am__dry=no; \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \ + | grep '^AM OK$$' >/dev/null || am__dry=yes;; \ + *) \ + for am__flg in $$MAKEFLAGS; do \ + case $$am__flg in \ + *=*|--*) ;; \ + *n*) am__dry=yes; break;; \ + esac; \ + done;; \ + esac; \ + test $$am__dry = yes; \ + } pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ @@ -38,7 +55,7 @@ noinst_PROGRAMS = bin2array$(EXEEXT) bin2sql$(EXEEXT) id2sql$(EXEEXT) \ key2keyid$(EXEEXT) keyid2sql$(EXEEXT) oid2der$(EXEEXT) \ thread_analysis$(EXEEXT) dh_speed$(EXEEXT) \ pubkey_speed$(EXEEXT) crypt_burn$(EXEEXT) hash_burn$(EXEEXT) \ - fetch$(EXEEXT) $(am__EXEEXT_1) + fetch$(EXEEXT) dnssec$(EXEEXT) $(am__EXEEXT_1) @USE_TLS_TRUE@am__append_1 = tls_test subdir = scripts DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in @@ -74,6 +91,10 @@ am_dh_speed_OBJECTS = dh_speed.$(OBJEXT) dh_speed_OBJECTS = $(am_dh_speed_OBJECTS) dh_speed_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la +am_dnssec_OBJECTS = dnssec.$(OBJEXT) +dnssec_OBJECTS = $(am_dnssec_OBJECTS) +dnssec_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la am_fetch_OBJECTS = fetch.$(OBJEXT) fetch_OBJECTS = $(am_fetch_OBJECTS) fetch_DEPENDENCIES = \ @@ -124,17 +145,22 @@ LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ SOURCES = $(bin2array_SOURCES) $(bin2sql_SOURCES) \ - $(crypt_burn_SOURCES) $(dh_speed_SOURCES) $(fetch_SOURCES) \ - $(hash_burn_SOURCES) $(id2sql_SOURCES) $(key2keyid_SOURCES) \ - $(keyid2sql_SOURCES) $(oid2der_SOURCES) \ + $(crypt_burn_SOURCES) $(dh_speed_SOURCES) $(dnssec_SOURCES) \ + $(fetch_SOURCES) $(hash_burn_SOURCES) $(id2sql_SOURCES) \ + $(key2keyid_SOURCES) $(keyid2sql_SOURCES) $(oid2der_SOURCES) \ $(pubkey_speed_SOURCES) $(thread_analysis_SOURCES) \ $(tls_test_SOURCES) DIST_SOURCES = $(bin2array_SOURCES) $(bin2sql_SOURCES) \ - $(crypt_burn_SOURCES) $(dh_speed_SOURCES) $(fetch_SOURCES) \ - $(hash_burn_SOURCES) $(id2sql_SOURCES) $(key2keyid_SOURCES) \ - $(keyid2sql_SOURCES) $(oid2der_SOURCES) \ + $(crypt_burn_SOURCES) $(dh_speed_SOURCES) $(dnssec_SOURCES) \ + $(fetch_SOURCES) $(hash_burn_SOURCES) $(id2sql_SOURCES) \ + $(key2keyid_SOURCES) $(keyid2sql_SOURCES) $(oid2der_SOURCES) \ $(pubkey_speed_SOURCES) $(thread_analysis_SOURCES) \ $(am__tls_test_SOURCES_DIST) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -151,6 +177,8 @@ BTLIB = @BTLIB@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CHECK_CFLAGS = @CHECK_CFLAGS@ +CHECK_LIBS = @CHECK_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ @@ -167,6 +195,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ GREP = @GREP@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -235,8 +264,6 @@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ attest_plugins = @attest_plugins@ -axis2c_CFLAGS = @axis2c_CFLAGS@ -axis2c_LIBS = @axis2c_LIBS@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ @@ -292,7 +319,6 @@ nm_ca_dir = @nm_ca_dir@ nm_plugins = @nm_plugins@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ -p_plugins = @p_plugins@ pcsclite_CFLAGS = @pcsclite_CFLAGS@ pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ @@ -346,6 +372,7 @@ pubkey_speed_SOURCES = pubkey_speed.c crypt_burn_SOURCES = crypt_burn.c hash_burn_SOURCES = hash_burn.c fetch_SOURCES = fetch.c +dnssec_SOURCES = dnssec.c id2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la key2keyid_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la keyid2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la @@ -355,6 +382,7 @@ pubkey_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt crypt_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la hash_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la fetch_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +dnssec_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la all: all-am .SUFFIXES: @@ -410,6 +438,9 @@ crypt_burn$(EXEEXT): $(crypt_burn_OBJECTS) $(crypt_burn_DEPENDENCIES) $(EXTRA_cr dh_speed$(EXEEXT): $(dh_speed_OBJECTS) $(dh_speed_DEPENDENCIES) $(EXTRA_dh_speed_DEPENDENCIES) @rm -f dh_speed$(EXEEXT) $(LINK) $(dh_speed_OBJECTS) $(dh_speed_LDADD) $(LIBS) +dnssec$(EXEEXT): $(dnssec_OBJECTS) $(dnssec_DEPENDENCIES) $(EXTRA_dnssec_DEPENDENCIES) + @rm -f dnssec$(EXEEXT) + $(LINK) $(dnssec_OBJECTS) $(dnssec_LDADD) $(LIBS) fetch$(EXEEXT): $(fetch_OBJECTS) $(fetch_DEPENDENCIES) $(EXTRA_fetch_DEPENDENCIES) @rm -f fetch$(EXEEXT) $(LINK) $(fetch_OBJECTS) $(fetch_LDADD) $(LIBS) @@ -448,6 +479,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bin2sql.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/crypt_burn.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dh_speed.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnssec.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fetch.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hash_burn.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/id2sql.Po@am__quote@ diff --git a/scripts/crypt_burn.c b/scripts/crypt_burn.c index 449364a1a..9633568cd 100644 --- a/scripts/crypt_burn.c +++ b/scripts/crypt_burn.c @@ -89,6 +89,7 @@ int main(int argc, char *argv[]) break; } } + aead->destroy(aead); } else { @@ -101,7 +102,7 @@ int main(int argc, char *argv[]) } bs = crypter->get_block_size(crypter); - while (i--) + while (TRUE) { if (!crypter->encrypt(crypter, chunk_create(buffer, sizeof(buffer) / bs * bs), @@ -120,6 +121,7 @@ int main(int argc, char *argv[]) break; } } + crypter->destroy(crypter); } return 0; } diff --git a/scripts/dnssec.c b/scripts/dnssec.c new file mode 100644 index 000000000..89ea56ea6 --- /dev/null +++ b/scripts/dnssec.c @@ -0,0 +1,125 @@ +/* + * Copyright (C) 2011-2012 Reto Guadagnini + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <stdio.h> + +#include <library.h> + +int main(int argc, char *argv[]) +{ + resolver_t *resolver; + resolver_response_t *response; + enumerator_t *enumerator; + rr_set_t *rrset; + rr_t *rr; + chunk_t chunk; + + library_init(NULL); + atexit(library_deinit); + if (!lib->plugins->load(lib->plugins, NULL, PLUGINS)) + { + return 1; + } + if (argc != 2) + { + fprintf(stderr, "usage: %s <name>\n", argv[0]); + return 1; + } + + resolver = lib->resolver->create(lib->resolver); + if (!resolver) + { + printf("failed to create a resolver!\n"); + return 1; + } + + response = resolver->query(resolver, argv[1], RR_CLASS_IN, RR_TYPE_A); + if (!response) + { + printf("no response received!\n"); + resolver->destroy(resolver); + return 1; + } + + printf("DNS response:\n"); + if (!response->has_data(response) || !response->query_name_exist(response)) + { + if (!response->has_data(response)) + { + printf(" no data in the response\n"); + } + if (!response->query_name_exist(response)) + { + printf(" query name does not exist\n"); + } + response->destroy(response); + resolver->destroy(resolver); + return 1; + } + + printf(" RRs in the response:\n"); + rrset = response->get_rr_set(response); + if (!rrset) + { + printf(" response contains no RRset!\n"); + response->destroy(response); + resolver->destroy(resolver); + return 1; + } + + enumerator = rrset->create_rr_enumerator(rrset); + while (enumerator->enumerate(enumerator, &rr)) + { + printf(" name: "); + printf(rr->get_name(rr)); + printf("\n"); + } + + enumerator = rrset->create_rrsig_enumerator(rrset); + if (enumerator) + { + printf(" RRSIGs for the RRset:\n"); + while (enumerator->enumerate(enumerator, &rr)) + { + printf(" name: "); + printf(rr->get_name(rr)); + printf("\n RDATA: "); + chunk = rr->get_rdata(rr); + chunk = chunk_to_hex(chunk, NULL, TRUE); + printf(chunk.ptr); + printf("\n"); + } + } + + printf(" security status of the response: "); + switch (response->get_security_state(response)) + { + case SECURE: + printf("SECURE\n\n"); + break; + case INSECURE: + printf("INSECURE\n\n"); + break; + case BOGUS: + printf("BOGUS\n\n"); + break; + case INDETERMINATE: + printf("INDETERMINATE\n\n"); + break; + } + response->destroy(response); + resolver->destroy(resolver); + return 0; +} diff --git a/scripts/tls_test.c b/scripts/tls_test.c index d0d259e60..332f13d89 100644 --- a/scripts/tls_test.c +++ b/scripts/tls_test.c @@ -33,15 +33,59 @@ static void usage(FILE *out, char *cmd) { fprintf(out, "usage:\n"); - fprintf(out, " %s --connect <address> --port <port> [--cert <file>]+ [--times <n>]\n", cmd); + fprintf(out, " %s --connect <address> --port <port> [--key <key] [--cert <file>]+ [--times <n>]\n", cmd); fprintf(out, " %s --listen <address> --port <port> --key <key> [--cert <file>]+ [--times <n>]\n", cmd); } /** + * Check, as client, if we have a client certificate with private key + */ +static identification_t *find_client_id() +{ + identification_t *client = NULL, *keyid; + enumerator_t *enumerator; + certificate_t *cert; + public_key_t *pubkey; + private_key_t *privkey; + chunk_t chunk; + + enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr, + CERT_X509, KEY_ANY, NULL, FALSE); + while (enumerator->enumerate(enumerator, &cert)) + { + pubkey = cert->get_public_key(cert); + if (pubkey) + { + if (pubkey->get_fingerprint(pubkey, KEYID_PUBKEY_SHA1, &chunk)) + { + keyid = identification_create_from_encoding(ID_KEY_ID, chunk); + privkey = lib->credmgr->get_private(lib->credmgr, + pubkey->get_type(pubkey), keyid, NULL); + keyid->destroy(keyid); + if (privkey) + { + client = cert->get_subject(cert); + client = client->clone(client); + privkey->destroy(privkey); + } + } + pubkey->destroy(pubkey); + } + if (client) + { + break; + } + } + enumerator->destroy(enumerator); + + return client; +} + +/** * Client routine */ -static int client(host_t *host, identification_t *server, - int times, tls_cache_t *cache) +static int run_client(host_t *host, identification_t *server, + identification_t *client, int times, tls_cache_t *cache) { tls_socket_t *tls; int fd, res; @@ -61,7 +105,7 @@ static int client(host_t *host, identification_t *server, close(fd); return 1; } - tls = tls_socket_create(FALSE, server, NULL, fd, cache); + tls = tls_socket_create(FALSE, server, client, fd, cache); if (!tls) { close(fd); @@ -224,7 +268,7 @@ int main(int argc, char *argv[]) char *address = NULL; bool listen = FALSE; int port = 0, times = -1, res; - identification_t *server; + identification_t *server, *client; tls_cache_t *cache; host_t *host; @@ -307,11 +351,12 @@ int main(int argc, char *argv[]) } else { - res = client(host, server, times, cache); + client = find_client_id(); + res = run_client(host, server, client, times, cache); + DESTROY_IF(client); } cache->destroy(cache); host->destroy(host); server->destroy(server); return res; } - |