int generate_rsa(void) { int iRet = EXIT_SUCCESS; EVP_PKEY* pPrivKey = NULL; EVP_PKEY* pPubKey = NULL; FILE* pFile = NULL; const EVP_CIPHER* pCipher = NULL; init_openssl(); pPrivKey = create_rsa_key(); pPubKey = create_rsa_key(); if(pPrivKey && pPubKey) {/* Save the keys */ if((pFile = fopen("privkey.pem","wt")) && (pCipher = EVP_aes_256_cbc())) { if(!PEM_write_PrivateKey(pFile,pPrivKey,pCipher, (unsigned char*)pcszPassphrase, (int)strlen(pcszPassphrase),NULL,NULL)) { fprintf(stderr,"PEM_write_PrivateKey failed.\n"); handle_openssl_error(); iRet = EXIT_FAILURE; } fclose(pFile); pFile = NULL; if(iRet == EXIT_SUCCESS) { if((pFile = fopen("pubkey.pem","wt")) && PEM_write_PUBKEY(pFile,pPubKey)) fprintf(stderr,"Both keys saved.\n"); else { handle_openssl_error(); iRet = EXIT_FAILURE; } if(pFile) { fclose(pFile); pFile = NULL; } } } else { fprintf(stderr,"Cannot create \"privkey.pem\".\n"); handle_openssl_error(); iRet = EXIT_FAILURE; if(pFile) { fclose(pFile); pFile = NULL; } } if(iRet == EXIT_SUCCESS) {/* Read the keys */ EVP_PKEY_free(pPrivKey); pPrivKey = NULL; EVP_PKEY_free(pPubKey); pPubKey = NULL; if((pFile = fopen("privkey.pem","rt")) && (pPrivKey = PEM_read_PrivateKey(pFile,NULL,passwd_callback,(void*)pcszPassphrase))) { fprintf(stderr,"Private key read.\n"); } else { fprintf(stderr,"Cannot read \"privkey.pem\".\n"); handle_openssl_error(); iRet = EXIT_FAILURE; } if(pFile) { fclose(pFile); pFile = NULL; } if((pFile = fopen("pubkey.pem","rt")) && (pPubKey = PEM_read_PUBKEY(pFile,NULL,NULL,NULL))) { fprintf(stderr,"Public key read.\n"); } else { fprintf(stderr,"Cannot read \"pubkey.pem\".\n"); handle_openssl_error(); iRet = EXIT_FAILURE; } char msg[2048/8]; // Get rid of the newline int session_seed = rand(); sprintf(msg, "%d", session_seed); // Encrypt the message } } if(pPrivKey) { EVP_PKEY_free(pPrivKey); pPrivKey = NULL; } if(pPubKey) { EVP_PKEY_free(pPubKey); pPubKey = NULL; } cleanup_openssl(); return iRet; }
/** * * \brief Main exchange-tls12 function. For help on arguments * see the usage() above. * * \param[in] argc - the number of arguments passed into the * command line * \param[in] argv - a pointer to the array of arguments * \return 0 for success */ int main(int argc, char *argv[]) { int err = 0; int cmd = -1; char ch; uint32_t is_server = 0; uint32_t is_client = 0; char *ca_path = NULL; char *chain_file = NULL; char *cert_file = NULL; char *key_file = NULL; char *engine_id = NULL; char *cipher_list = NULL; char *ip_address = "127.0.0.1"; uint16_t port_number = PORT_NUMBER_DEFAULT; char cwd[200]; char cmd_buffer[256]; int buf_len = 128; verify_depth = 0; if (getcwd(cwd, sizeof(cwd)) != NULL) { fprintf(stderr, "Current working dir: %s\n", cwd); } else { fprintf(stderr, "getcwd() error"); return 100; } snprintf(cmd_buffer, 256, "%s/certstore", cwd); while ((ch = getopt(argc, argv, "C:Ec:sp:b:f:k:e:d:I:P:vh?")) != (char)-1) { switch (ch) { case 'C': cmd = strtol(optarg, NULL, 0); break; case 'E': cmd = ECCX08_CMD_EXTRACT_ALL_CERTS; break; case 'c': is_client = 1; cipher_list = strdup(optarg); break; case 's': is_server = 1; break; case 'p': ca_path = strdup(optarg); break; case 'b': chain_file = strdup(optarg); break; case 'f': cert_file = strdup(optarg); break; case 'k': key_file = strdup(optarg); break; case 'e': engine_id = strdup(optarg); break; case 'd': verify_depth = strtol(optarg, NULL, 0); break; case 'I': ip_address = strdup(optarg); break; case 'P': port_number = strtol(optarg, NULL, 0); break; case 'v': printf("Exchange version = %s\n", EXCHANGE_VERSION); cmd = ECCX08_CMD_GET_VERSION; break; case 'h': case '?': default: usage(); break; } } if (cmd != -1) { if (!engine_id) { fprintf(stderr, "\nNo Engine specified - cannot run a command\n"); return (10); } init_openssl(); err = setup_engine(engine_id); if (err == 0) { err = 19; goto done; } err = run_engine_cmds(engine_id, cmd, cmd_buffer, buf_len); if (err == 0) { err = 20; goto done; } if ('\0' != cmd_buffer) { printf("%s\n", cmd_buffer); } err = 0; goto done; } if ((is_server || is_client) == 0) { fprintf(stderr, "\nMust specify -c or -s option"); usage(); } else if ((is_server && is_client) == 1) { fprintf(stderr, "\nCannot specify both -c or -s options"); usage(); } if (!ca_path) { fprintf(stderr, "\nMust specify CA path"); usage(); } if (!chain_file) { fprintf(stderr, "\nMust specify Chain File (certificate bundle)"); usage(); } if (!cert_file) { fprintf(stderr, "\nMust specify Certificate File"); usage(); } if (!key_file) { fprintf(stderr, "\nMust specify Private Key File"); usage(); } if (!engine_id) { fprintf(stderr, "\nNo Engine specified - using software crypto/ssl libraries\n"); } if (is_server) { err = connect_server(engine_id, ca_path, chain_file, cert_file, key_file, ip_address, port_number); } else { err = connect_client(engine_id, ca_path, chain_file, cert_file, key_file, cipher_list, ip_address, port_number); } sleep(2); return (err); done: sleep(2); cleanup_openssl(); return (err); }