int create_principal(struct keypair** keypair) /*@ requires world(?pub, ?key_clsfy) &*& pointer(keypair, _) &*& principals_created(?count); @*/ /*@ ensures world(pub, key_clsfy) &*& principals_created(result) &*& result == count + 1 &*& principal(result, 1) &*& pointer(keypair, ?p_keypair) &*& keypair(p_keypair, result, 1, 0, pub); @*/ { //@ open principals_created(count); //@ principal_create(); if (counter >= INT_MAX - 1) { abort_crypto_lib("To many principals generated"); } counter++; //@ close keypair_request(count + 1, 0); struct keypair *k = create_keypair(counter); *keypair = k; struct item *key = keypair_get_public_key(k); register_public_key(counter, key); item_free(key); return counter; //@ close principals_created(count + 1); }
static int main_keygen(char *home) { create_curvedir(home); write_username(home); create_keypair(home); check_config_keypair_or_die(home); return 0; }
static int exec_cmpcli_init(int argc, char **argv) { CRYPT_SESSION session; CRYPT_CERTIFICATE cert, cacert, req; CRYPT_CONTEXT keypair; CRYPT_KEYSET privkeys; const char *cmd, *uid, *ipwd, *crtfilename, *cacrtfilename, *kpfilename; void *crtdata; int status, data_len; if (argc != 6) { fprintf(stderr, "cmpcli argv!=6\n"); return 1; } cmd = argv[0]; uid = argv[1]; ipwd = argv[2]; crtfilename=argv[3]; cacrtfilename=argv[4]; kpfilename = argv[5]; fprintf(stderr, "uid=\"%s\" ipwd=\"%s\"\n", uid, ipwd); #if 0 crtdata = read_full_file(crtfilename, &data_len); if (!crtdata) return 1; status = cryptImportCert(crtdata, data_len, CRYPT_UNUSED, &cert); WARN_AND_RETURN_IF(status); free(crtdata); #endif crtdata = read_full_file(cacrtfilename, &data_len); if (!crtdata) return 1; status = cryptImportCert(crtdata, data_len, CRYPT_UNUSED, &cacert); WARN_AND_RETURN_IF(status); free(crtdata); status = create_keypair(&keypair, DEFAULT_PRIVKEY_LABEL); WARN_AND_RETURN_IF(status); status = cryptKeysetOpen(&privkeys, CRYPT_UNUSED, CRYPT_KEYSET_FILE, kpfilename, CRYPT_KEYOPT_CREATE); WARN_AND_RETURN_IF(status); status = cryptAddPrivateKey(privkeys, keypair, DEFAULT_PASSWORD); WARN_AND_RETURN_IF(status); status = cryptCreateCert(&req, CRYPT_UNUSED, CRYPT_CERTTYPE_REQUEST_CERT); WARN_AND_RETURN_IF(status); status = cryptSetAttribute(req, CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, keypair); WARN_AND_RETURN_IF(status); status = cryptSignCert(req, keypair); WARN_AND_RETURN_IF(status); status = cryptCreateSession(&session, CRYPT_UNUSED, CRYPT_SESSION_CMP); WARN_AND_RETURN_IF(status); status = cryptSetAttribute(session, CRYPT_SESSINFO_CMP_REQUESTTYPE, CRYPT_REQUESTTYPE_INITIALIZATION); WARN_AND_RETURN_IF(status); status = cryptSetAttribute(session, CRYPT_SESSINFO_CACERTIFICATE, cacert); WARN_AND_RETURN_IF(status); status = cryptSetAttribute(session, CRYPT_SESSINFO_REQUEST, req); WARN_AND_RETURN_IF(status); status = cryptSetAttributeString(session, CRYPT_SESSINFO_USERNAME, uid, strlen(uid)); WARN_AND_RETURN_IF(status); status = cryptSetAttributeString(session, CRYPT_SESSINFO_PASSWORD, ipwd, strlen(ipwd)); WARN_AND_RETURN_IF(status); status = cryptSetAttributeString(session, CRYPT_SESSINFO_SERVER_NAME, "127.0.0.1", 9); WARN_AND_RETURN_IF(status); status = cryptSetAttribute(session, CRYPT_SESSINFO_SERVER_PORT, 65000); WARN_AND_RETURN_IF(status); status = cryptSetAttribute(session, CRYPT_SESSINFO_ACTIVE, 1); WARN_AND_RETURN_IF(status); status = cryptGetAttribute(session, CRYPT_SESSINFO_RESPONSE, &cert); WARN_AND_RETURN_IF(status); status = export_cert(cert, crtfilename); WARN_AND_RETURN_IF(status); status = cryptAddPublicKey(privkeys, cert); WARN_AND_RETURN_IF(status); status = cryptKeysetClose(privkeys); WARN_AND_RETURN_IF(status); status = cryptDestroySession(session); WARN_AND_RETURN_IF(status); status = cryptDestroyCert(cacert); WARN_AND_RETURN_IF(status); status = cryptDestroyCert(cert); WARN_AND_RETURN_IF(status); status = cryptDestroyCert(req); WARN_AND_RETURN_IF(status); status = cryptDestroyContext(keypair); return 0; }
static int exec_create(int argc, char **argv) { CRYPT_KEYSET keyset; CRYPT_CERTIFICATE cert; CRYPT_CONTEXT context; int status; const char *filename = argv[0]; char keyfilename[4096]; /* PATH_MAX */ char certfilename[4096]; /* PATH_MAX */ /* create the tables using cryptlib */ status = cryptKeysetOpen(&keyset, CRYPT_UNUSED, CRYPT_KEYSET_DATABASE_STORE, filename, CRYPT_KEYOPT_CREATE); if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while opening keyset\n", status); return 1; } status = cryptKeysetClose(keyset); if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while closing keyset\n", status); return 1; } if (opt_verbose) fprintf(stdout, "file %s created OK as cert keyset store\n", filename); /* the database has been created, but there is still no CA key * and CA cert -- now we generate it and put the CA key in a file * and import the public key & cert into the db. */ status = create_keypair(&context, DEFAULT_CA_PRIVKEY_LABEL); if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while generating CA keypair\n", status); return 1; } /* generate cert */ status = create_selfsigned_cert(context, DEFAULT_DN, &cert); if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while generating CA cert\n", status); goto err_ctx_exit; } snprintf(keyfilename, 4095, "%s.keys", filename); status = save_ca_keypair_and_cert_to_file(context, cert, keyfilename, DEFAULT_PASSWORD); /* TODO password */ if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while saving CA keypair to %s\n", status, keyfilename); goto err_ctx_exit; } if (opt_verbose) fprintf(stdout, "CA keys saved to file keyset %s\n", filename); /* save it */ snprintf(certfilename, 4095, "%s.ca.crt", filename); status = export_cert(cert, certfilename); if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while saving CA cert\n", status); goto err_cert_exit; } #if 0 /* add to store */ status = cryptKeysetOpen(&keyset, CRYPT_UNUSED, CRYPT_KEYSET_DATABASE_STORE, filename, CRYPT_KEYOPT_NONE); if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while opening CA cert store to save CA cert\n", status); goto err_cert_exit; } status = add_ca_cert_to_store(keyset, DEFAULT_DN, cert); /* status = cryptCAAddItem(keyset, cert); */ if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while saving CA cert to CA cert store\n", status); cryptKeysetClose(keyset); goto err_cert_exit; } status = cryptKeysetClose(keyset); if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while closing CA cert store\n", status); goto err_cert_exit; } if (opt_verbose) fprintf(stdout, "CA certs for %s saved to %s\n", DEFAULT_DN, filename); #endif /* cleanup */ status = cryptDestroyCert(cert); if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while destroying CA cert\n", status); goto err_ctx_exit; } status = cryptDestroyContext(context); if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while destroying CA keypair context\n", status); /* NO ERROR CASE */ return 1; } return 0; err_cert_exit: cryptDestroyCert(cert); err_ctx_exit: cryptDestroyContext(context); return 1; }