int create_principal(struct keypair** keypair)
/*@ requires world(?pub, ?key_clsfy) &*&
pointer(keypair, _) &*&
principals_created(?count); @*/
/*@ ensures world(pub, key_clsfy) &*&
principals_created(result) &*&
result == count + 1 &*&
principal(result, 1) &*&
pointer(keypair, ?p_keypair) &*&
keypair(p_keypair, result, 1, 0, pub); @*/
{
//@ open principals_created(count);
//@ principal_create();
if (counter >= INT_MAX - 1)
{
abort_crypto_lib("To many principals generated");
}
counter++;
//@ close keypair_request(count + 1, 0);
struct keypair *k = create_keypair(counter);
*keypair = k;
struct item *key = keypair_get_public_key(k);
register_public_key(counter, key);
item_free(key);
return counter;
//@ close principals_created(count + 1);
}
static int main_keygen(char *home)
{
create_curvedir(home);
write_username(home);
create_keypair(home);
check_config_keypair_or_die(home);
return 0;
}
static int exec_cmpcli_init(int argc, char **argv) {
CRYPT_SESSION session;
CRYPT_CERTIFICATE cert, cacert, req;
CRYPT_CONTEXT keypair;
CRYPT_KEYSET privkeys;
const char *cmd, *uid, *ipwd, *crtfilename, *cacrtfilename, *kpfilename;
void *crtdata;
int status, data_len;
if (argc != 6) { fprintf(stderr, "cmpcli argv!=6\n"); return 1; }
cmd = argv[0]; uid = argv[1]; ipwd = argv[2]; crtfilename=argv[3]; cacrtfilename=argv[4]; kpfilename = argv[5];
fprintf(stderr, "uid=\"%s\" ipwd=\"%s\"\n", uid, ipwd);
#if 0
crtdata = read_full_file(crtfilename, &data_len);
if (!crtdata) return 1;
status = cryptImportCert(crtdata, data_len, CRYPT_UNUSED, &cert);
WARN_AND_RETURN_IF(status);
free(crtdata);
#endif
crtdata = read_full_file(cacrtfilename, &data_len);
if (!crtdata) return 1;
status = cryptImportCert(crtdata, data_len, CRYPT_UNUSED, &cacert);
WARN_AND_RETURN_IF(status);
free(crtdata);
status = create_keypair(&keypair, DEFAULT_PRIVKEY_LABEL);
WARN_AND_RETURN_IF(status);
status = cryptKeysetOpen(&privkeys, CRYPT_UNUSED, CRYPT_KEYSET_FILE, kpfilename, CRYPT_KEYOPT_CREATE);
WARN_AND_RETURN_IF(status);
status = cryptAddPrivateKey(privkeys, keypair, DEFAULT_PASSWORD);
WARN_AND_RETURN_IF(status);
status = cryptCreateCert(&req, CRYPT_UNUSED, CRYPT_CERTTYPE_REQUEST_CERT);
WARN_AND_RETURN_IF(status);
status = cryptSetAttribute(req, CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, keypair);
WARN_AND_RETURN_IF(status);
status = cryptSignCert(req, keypair);
WARN_AND_RETURN_IF(status);
status = cryptCreateSession(&session, CRYPT_UNUSED, CRYPT_SESSION_CMP);
WARN_AND_RETURN_IF(status);
status = cryptSetAttribute(session, CRYPT_SESSINFO_CMP_REQUESTTYPE, CRYPT_REQUESTTYPE_INITIALIZATION);
WARN_AND_RETURN_IF(status);
status = cryptSetAttribute(session, CRYPT_SESSINFO_CACERTIFICATE, cacert);
WARN_AND_RETURN_IF(status);
status = cryptSetAttribute(session, CRYPT_SESSINFO_REQUEST, req);
WARN_AND_RETURN_IF(status);
status = cryptSetAttributeString(session, CRYPT_SESSINFO_USERNAME, uid, strlen(uid));
WARN_AND_RETURN_IF(status);
status = cryptSetAttributeString(session, CRYPT_SESSINFO_PASSWORD, ipwd, strlen(ipwd));
WARN_AND_RETURN_IF(status);
status = cryptSetAttributeString(session, CRYPT_SESSINFO_SERVER_NAME, "127.0.0.1", 9);
WARN_AND_RETURN_IF(status);
status = cryptSetAttribute(session, CRYPT_SESSINFO_SERVER_PORT, 65000);
WARN_AND_RETURN_IF(status);
status = cryptSetAttribute(session, CRYPT_SESSINFO_ACTIVE, 1);
WARN_AND_RETURN_IF(status);
status = cryptGetAttribute(session, CRYPT_SESSINFO_RESPONSE, &cert);
WARN_AND_RETURN_IF(status);
status = export_cert(cert, crtfilename);
WARN_AND_RETURN_IF(status);
status = cryptAddPublicKey(privkeys, cert);
WARN_AND_RETURN_IF(status);
status = cryptKeysetClose(privkeys);
WARN_AND_RETURN_IF(status);
status = cryptDestroySession(session);
WARN_AND_RETURN_IF(status);
status = cryptDestroyCert(cacert);
WARN_AND_RETURN_IF(status);
status = cryptDestroyCert(cert);
WARN_AND_RETURN_IF(status);
status = cryptDestroyCert(req);
WARN_AND_RETURN_IF(status);
status = cryptDestroyContext(keypair);
return 0;
}
static int exec_create(int argc, char **argv) {
CRYPT_KEYSET keyset;
CRYPT_CERTIFICATE cert;
CRYPT_CONTEXT context;
int status;
const char *filename = argv[0];
char keyfilename[4096]; /* PATH_MAX */
char certfilename[4096]; /* PATH_MAX */
/* create the tables using cryptlib */
status = cryptKeysetOpen(&keyset, CRYPT_UNUSED, CRYPT_KEYSET_DATABASE_STORE, filename, CRYPT_KEYOPT_CREATE);
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while opening keyset\n", status);
return 1;
}
status = cryptKeysetClose(keyset);
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while closing keyset\n", status);
return 1;
}
if (opt_verbose) fprintf(stdout, "file %s created OK as cert keyset store\n", filename);
/* the database has been created, but there is still no CA key
* and CA cert -- now we generate it and put the CA key in a file
* and import the public key & cert into the db.
*/
status = create_keypair(&context, DEFAULT_CA_PRIVKEY_LABEL);
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while generating CA keypair\n", status);
return 1;
}
/* generate cert */
status = create_selfsigned_cert(context, DEFAULT_DN, &cert);
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while generating CA cert\n", status);
goto err_ctx_exit;
}
snprintf(keyfilename, 4095, "%s.keys", filename);
status = save_ca_keypair_and_cert_to_file(context, cert, keyfilename, DEFAULT_PASSWORD); /* TODO password */
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while saving CA keypair to %s\n", status, keyfilename);
goto err_ctx_exit;
}
if (opt_verbose) fprintf(stdout, "CA keys saved to file keyset %s\n", filename);
/* save it */
snprintf(certfilename, 4095, "%s.ca.crt", filename);
status = export_cert(cert, certfilename);
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while saving CA cert\n", status);
goto err_cert_exit;
}
#if 0
/* add to store */
status = cryptKeysetOpen(&keyset, CRYPT_UNUSED, CRYPT_KEYSET_DATABASE_STORE, filename, CRYPT_KEYOPT_NONE);
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while opening CA cert store to save CA cert\n", status);
goto err_cert_exit;
}
status = add_ca_cert_to_store(keyset, DEFAULT_DN, cert);
/* status = cryptCAAddItem(keyset, cert); */
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while saving CA cert to CA cert store\n", status);
cryptKeysetClose(keyset);
goto err_cert_exit;
}
status = cryptKeysetClose(keyset);
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while closing CA cert store\n", status);
goto err_cert_exit;
}
if (opt_verbose) fprintf(stdout, "CA certs for %s saved to %s\n", DEFAULT_DN, filename);
#endif
/* cleanup */
status = cryptDestroyCert(cert);
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while destroying CA cert\n", status);
goto err_ctx_exit;
}
status = cryptDestroyContext(context);
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while destroying CA keypair context\n", status);
/* NO ERROR CASE */
return 1;
}
return 0;
err_cert_exit:
cryptDestroyCert(cert);
err_ctx_exit:
cryptDestroyContext(context);
return 1;
}
