int main( int argc, char **argv) { CRYPT_CONTEXT privKeyContext; CRYPT_KEYSET cryptKeyset; int ksize; if (argc < 3) { fprintf(stderr, "Usage: %s filename keysize\n", argv[0]); return 1; } if (sscanf(argv[2], "%d", &ksize) != 1) { fprintf(stderr, "Invalid key size\n"); return 1; } if (ksize != STANDARD_KEY_SIZE) { fprintf(stderr, "Warning: key size %d is not the standard size (%d)\n", ksize, STANDARD_KEY_SIZE); } printf("Making %s with key size %d bits \n", argv[1], ksize); if (cryptInit() != CRYPT_OK) { fprintf(stderr, "Can't open Cryptlib\n"); return 1; } if (cryptCreateContext(&privKeyContext, CRYPT_UNUSED, CRYPT_ALGO_RSA) != CRYPT_OK) { fprintf(stderr, "Can't create cryptlib private key context\n"); return 1; } cryptSetAttributeString(privKeyContext, CRYPT_CTXINFO_LABEL, "label", 5); cryptSetAttribute(privKeyContext, CRYPT_CTXINFO_KEYSIZE, ksize / 8); if (cryptGenerateKey(privKeyContext) != CRYPT_OK) { fprintf(stderr, "Can't generate key\n"); return 1; } if (cryptKeysetOpen(&cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, argv[1], CRYPT_KEYOPT_CREATE) != CRYPT_OK) { fprintf(stderr, "Can't open keyset\n"); return 1; } if (cryptAddPrivateKey(cryptKeyset, privKeyContext, "password") != CRYPT_OK) { fprintf(stderr, "Can't add key to keyset\n"); return 1; } cryptKeysetClose(cryptKeyset); cryptDestroyContext(privKeyContext); cryptEnd(); return 0; }
static int save_ca_keypair_and_cert_to_file(CRYPT_CONTEXT ctx, CRYPT_CERTIFICATE cert, const char *filename, const char *password) { int status; CRYPT_KEYSET keyset; status = cryptKeysetOpen( &keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, filename, CRYPT_KEYOPT_CREATE ); if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while creating ca privkey keyset file %s\n", status, filename); return status; } status = cryptAddPrivateKey( keyset, ctx, password ); if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while adding CA privkey to keyset\n", status); goto err_keyset_exit; } status = cryptAddPublicKey( keyset, cert ); if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while adding CA cert to keyset\n", status); goto err_keyset_exit; } #if 0 status = cryptAddPublicKey( keyset, ctx ); if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while adding CA pubkey to keyset\n", status); goto err_keyset_exit; } #endif status = cryptKeysetClose( keyset ); if (!cryptStatusOK(status)) { fprintf(stderr, "cryptlib error %d while closing CA privkey keyset\n", status); return status; /* what do we do now, close it again? */ } return CRYPT_OK; err_keyset_exit: cryptKeysetClose( keyset ); return status; }
/* * int fatal(char *msg) { if (msg && *msg) fprintf(stderr, "%s\n", msg); * exit(0); } */ int main( int argc, char **argv) { CRYPT_CONTEXT privKeyContext; CRYPT_KEYSET cryptKeyset; if (argc < 2) { fprintf(stderr, "Usage: Filename\n"); return 1; } printf("Making %s\n", argv[1]); #define CRYPT_CALL(f) \ do \ { \ if ((f) != CRYPT_OK) \ { \ fprintf(stderr, "Error calling %s\n", #f); \ exit(EXIT_FAILURE); \ } \ } while (false) CRYPT_CALL(cryptInit()); CRYPT_CALL(cryptCreateContext(&privKeyContext, CRYPT_UNUSED, CRYPT_ALGO_RSA)); CRYPT_CALL(cryptSetAttributeString(privKeyContext, CRYPT_CTXINFO_LABEL, "label", 5)); CRYPT_CALL(cryptSetAttribute(privKeyContext, CRYPT_CTXINFO_KEYSIZE, 1024 / 8)); CRYPT_CALL(cryptGenerateKey(privKeyContext)); CRYPT_CALL(cryptKeysetOpen(&cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, argv[1], CRYPT_KEYOPT_CREATE)); CRYPT_CALL(cryptAddPrivateKey(cryptKeyset, privKeyContext, "password")); CRYPT_CALL(cryptKeysetClose(cryptKeyset)); CRYPT_CALL(cryptDestroyContext(privKeyContext)); CRYPT_CALL(cryptEnd()); #undef CRYPT_CALL return 0; }
int main( int argc, char *argv[] ) { int n; FILE *f; char *buf[8]; char *outFile; char *keyFile; char *certFile; char *certData; char *label; char *secret; struct stat st; int usage; RSA *key; EVP_PKEY *evp; CRYPT_KEYSET keyset; CRYPT_CONTEXT pKey; CRYPT_PKCINFO_RSA rsa; CRYPT_CERTIFICATE cert; CRYPT_KEYOPT_TYPE opt; if ( argc != 6 ) { fprintf( stderr, "Syntax: %s <key> <cert> <out> <label> <secret>\n", argv[0] ); exit( -1 ); } keyFile = argv[1]; certFile = argv[2]; outFile = argv[3]; label = argv[4]; secret = argv[5]; if ( ( f = fopen( keyFile, "r" ) ) == NULL || ( evp = PEM_read_PrivateKey( f, NULL, NULL, NULL ) ) == NULL || ( key = EVP_PKEY_get1_RSA( evp ) ) == NULL ) { fprintf( stderr, "Couldn't load private key from '%s'\n", keyFile ); if ( f ) { ERR_print_errors_fp( stderr ); fclose( f ); } if ( evp ) EVP_PKEY_free( evp ); exit( -1 ); } if ( ( f = fopen( certFile, "r" ) ) == NULL || fstat( fileno( f ), &st ) < 0 || ( certData = malloc( st.st_size ) ) == NULL || fread( certData, 1, st.st_size, f ) < st.st_size ) { fprintf( stderr, "Couldn't load certificate from '%s'\n", certFile ); if ( f ) fclose( f ); free( certData ); exit( -1 ); } /* Should we create a keyset, or append to an existing one? */ opt = CRYPT_KEYOPT_CREATE; f = fopen( outFile, "r" ); if ( f != NULL ) { opt = CRYPT_KEYOPT_NONE; fclose( f ); } cryptInit(); cryptInitComponents( &rsa, CRYPT_KEYTYPE_PRIVATE ); if ( ( buf[0] = malloc( BN_num_bytes( key->n ) ) ) != NULL && ( buf[1] = malloc( BN_num_bytes( key->e ) ) ) != NULL && ( buf[2] = malloc( BN_num_bytes( key->d ) ) ) != NULL && ( buf[3] = malloc( BN_num_bytes( key->p ) ) ) != NULL && ( buf[4] = malloc( BN_num_bytes( key->q ) ) ) != NULL && ( buf[5] = malloc( BN_num_bytes( key->iqmp ) ) ) != NULL && ( buf[6] = malloc( BN_num_bytes( key->dmp1 ) ) ) != NULL && ( buf[7] = malloc( BN_num_bytes( key->dmq1 ) ) ) != NULL ) { int i; BN_bn2bin( key->n, buf[0] ); BN_bn2bin( key->e, buf[1] ); BN_bn2bin( key->d, buf[2] ); BN_bn2bin( key->p, buf[3] ); BN_bn2bin( key->q, buf[4] ); BN_bn2bin( key->iqmp, buf[5] ); BN_bn2bin( key->dmp1, buf[6] ); BN_bn2bin( key->dmq1, buf[7] ); cryptSetComponent( (&rsa)->n, buf[0], BN_num_bits( key->n ) ); cryptSetComponent( (&rsa)->e, buf[1], BN_num_bits( key->e ) ); cryptSetComponent( (&rsa)->d, buf[2], BN_num_bits( key->d ) ); cryptSetComponent( (&rsa)->p, buf[3], BN_num_bits( key->p ) ); cryptSetComponent( (&rsa)->q, buf[4], BN_num_bits( key->q ) ); cryptSetComponent( (&rsa)->u, buf[5], BN_num_bits( key->iqmp ) ); cryptSetComponent( (&rsa)->e1, buf[6], BN_num_bits( key->dmp1 ) ); cryptSetComponent( (&rsa)->e2, buf[7], BN_num_bits( key->dmq1 ) ); i = 0; while ( i < 8 ) free( buf[i++] ); } else { fprintf( stderr, "Couldn't initialise PKCINFO_RSA data.\n" ); exit( -1 ); } n = cryptCreateContext( &pKey, CRYPT_UNUSED, CRYPT_ALGO_RSA ); check( n, pKey, "cryptCreateContext" ); n = cryptSetAttributeString( pKey, CRYPT_CTXINFO_LABEL, label, strlen( label ) ); check( n, pKey, "cryptSetAttributeString(LABEL)" ); n = cryptSetAttributeString( pKey, CRYPT_CTXINFO_KEY_COMPONENTS, &rsa, sizeof( CRYPT_PKCINFO_RSA ) ); check( n, pKey, "cryptSetAttributeString(KEY_COMPONENTS)" ); n = cryptImportCert( certData, st.st_size, CRYPT_UNUSED, &cert ); check( n, cert, "cryptImportCert" ); n = cryptGetAttribute( cert, CRYPT_CERTINFO_KEYUSAGE, &usage ); if ( n != CRYPT_OK ) { fprintf( stderr, "Warning: The certificate specifies no KEYUSAGE.\n" "Cryptlib may not permit its use. See " "<http://toroid.org/ams/pemtrans>.\n" ); } n = cryptKeysetOpen( &keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, outFile, opt ); check( n, keyset, "cryptKeysetOpen" ); n = cryptAddPrivateKey( keyset, pKey, secret ); check( n, keyset, "cryptAddPrivateKey" ); n = cryptAddPublicKey( keyset, cert ); check( n, keyset, "cryptAddPublicKey" ); cryptKeysetClose( keyset ); cryptDestroyComponents( &rsa ); cryptDestroyContext( pKey ); cryptDestroyCert( cert ); exit( 0 ); }
static int exec_cmpcli_init(int argc, char **argv) { CRYPT_SESSION session; CRYPT_CERTIFICATE cert, cacert, req; CRYPT_CONTEXT keypair; CRYPT_KEYSET privkeys; const char *cmd, *uid, *ipwd, *crtfilename, *cacrtfilename, *kpfilename; void *crtdata; int status, data_len; if (argc != 6) { fprintf(stderr, "cmpcli argv!=6\n"); return 1; } cmd = argv[0]; uid = argv[1]; ipwd = argv[2]; crtfilename=argv[3]; cacrtfilename=argv[4]; kpfilename = argv[5]; fprintf(stderr, "uid=\"%s\" ipwd=\"%s\"\n", uid, ipwd); #if 0 crtdata = read_full_file(crtfilename, &data_len); if (!crtdata) return 1; status = cryptImportCert(crtdata, data_len, CRYPT_UNUSED, &cert); WARN_AND_RETURN_IF(status); free(crtdata); #endif crtdata = read_full_file(cacrtfilename, &data_len); if (!crtdata) return 1; status = cryptImportCert(crtdata, data_len, CRYPT_UNUSED, &cacert); WARN_AND_RETURN_IF(status); free(crtdata); status = create_keypair(&keypair, DEFAULT_PRIVKEY_LABEL); WARN_AND_RETURN_IF(status); status = cryptKeysetOpen(&privkeys, CRYPT_UNUSED, CRYPT_KEYSET_FILE, kpfilename, CRYPT_KEYOPT_CREATE); WARN_AND_RETURN_IF(status); status = cryptAddPrivateKey(privkeys, keypair, DEFAULT_PASSWORD); WARN_AND_RETURN_IF(status); status = cryptCreateCert(&req, CRYPT_UNUSED, CRYPT_CERTTYPE_REQUEST_CERT); WARN_AND_RETURN_IF(status); status = cryptSetAttribute(req, CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, keypair); WARN_AND_RETURN_IF(status); status = cryptSignCert(req, keypair); WARN_AND_RETURN_IF(status); status = cryptCreateSession(&session, CRYPT_UNUSED, CRYPT_SESSION_CMP); WARN_AND_RETURN_IF(status); status = cryptSetAttribute(session, CRYPT_SESSINFO_CMP_REQUESTTYPE, CRYPT_REQUESTTYPE_INITIALIZATION); WARN_AND_RETURN_IF(status); status = cryptSetAttribute(session, CRYPT_SESSINFO_CACERTIFICATE, cacert); WARN_AND_RETURN_IF(status); status = cryptSetAttribute(session, CRYPT_SESSINFO_REQUEST, req); WARN_AND_RETURN_IF(status); status = cryptSetAttributeString(session, CRYPT_SESSINFO_USERNAME, uid, strlen(uid)); WARN_AND_RETURN_IF(status); status = cryptSetAttributeString(session, CRYPT_SESSINFO_PASSWORD, ipwd, strlen(ipwd)); WARN_AND_RETURN_IF(status); status = cryptSetAttributeString(session, CRYPT_SESSINFO_SERVER_NAME, "127.0.0.1", 9); WARN_AND_RETURN_IF(status); status = cryptSetAttribute(session, CRYPT_SESSINFO_SERVER_PORT, 65000); WARN_AND_RETURN_IF(status); status = cryptSetAttribute(session, CRYPT_SESSINFO_ACTIVE, 1); WARN_AND_RETURN_IF(status); status = cryptGetAttribute(session, CRYPT_SESSINFO_RESPONSE, &cert); WARN_AND_RETURN_IF(status); status = export_cert(cert, crtfilename); WARN_AND_RETURN_IF(status); status = cryptAddPublicKey(privkeys, cert); WARN_AND_RETURN_IF(status); status = cryptKeysetClose(privkeys); WARN_AND_RETURN_IF(status); status = cryptDestroySession(session); WARN_AND_RETURN_IF(status); status = cryptDestroyCert(cacert); WARN_AND_RETURN_IF(status); status = cryptDestroyCert(cert); WARN_AND_RETURN_IF(status); status = cryptDestroyCert(req); WARN_AND_RETURN_IF(status); status = cryptDestroyContext(keypair); return 0; }
int main(int argc, char **argv) { int status; CRYPT_CONTEXT cryptContext; CRYPT_KEYSET cryptKeyset; printf("Initializing cryptlib\n"); status = cryptInit(); if (status != CRYPT_OK) { fprintf(stderr, "Error initializing cryptlib\n"); return 1; } /* Create an RSA public/private key context, set a label for it, and generate a key into it */ status = cryptCreateContext( &cryptContext, CRYPT_UNUSED, CRYPT_ALGO_RSA ); if (status != CRYPT_OK) { fprintf(stderr, "Error creating crypt_context\n"); return 1; } status = cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_LABEL, "Private key", 11 ); if (status != CRYPT_OK) { fprintf(stderr, "Error setting key label\n"); return 1; } fprintf(stderr, "Generating RSA key\n"); status = cryptGenerateKey( cryptContext ); if (status != CRYPT_OK) { fprintf(stderr, "Error generating key\n"); return 1; } fprintf(stderr, "done!\n"); /* Save the generated public/private key pair to a keyset */ status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, KEY_FILENAME, CRYPT_KEYOPT_CREATE ); if (status != CRYPT_OK) { fprintf(stderr, "Error opening keyset\n"); return 1; } status = cryptAddPrivateKey( cryptKeyset, cryptContext, PASSWORD ); if (status != CRYPT_OK) { fprintf(stderr, "Error adding key to keyset\n"); return 1; } status = cryptKeysetClose( cryptKeyset ); if (status != CRYPT_OK) { fprintf(stderr, "Error closing keyset\n"); return 1; } /* Create CSR */ createCSR(cryptContext); /* Create CA cert */ createCACert(cryptContext); /* Clean up */ status = cryptDestroyContext( cryptContext ); if (status != CRYPT_OK) { fprintf(stderr, "Error destroying context\n"); return 1; } printf("Deinitializing cryptlib\n"); status = cryptEnd(); if (status != CRYPT_OK) { fprintf(stderr, "Error deinitializing cryptlib\n"); return 1; } return 0; }
static int generateKey( const int keyBits, const char *certRequestFileName ) { CRYPT_KEYSET cryptKeyset; CRYPT_CERTIFICATE cryptCertRequest; CRYPT_CONTEXT cryptKey; FILE *filePtr; BYTE certBuffer[ BUFFER_SIZE ]; char filenameBuffer[ FILENAME_BUFFER_SIZE ]; void *fileNamePtr = filenameBuffer; int length, count, status; /* Generate a key to certify. We can't just reuse the built-in test key because this has already been used as the CA key and the keyset code won't allow it to be added to a keyset as both a CA key and user key, so we have to generate a new one */ status = cryptCreateContext( &cryptKey, CRYPT_UNUSED, CRYPT_ALGO_ECDSA ); if( cryptStatusOK( status ) ) status = cryptSetAttribute( cryptKey, CRYPT_CTXINFO_KEYSIZE, keyBits >> 3 ); if( cryptStatusOK( status ) ) { status = cryptSetAttributeString( cryptKey, CRYPT_CTXINFO_LABEL, USER_PRIVKEY_LABEL, paramStrlen( USER_PRIVKEY_LABEL ) ); } if( cryptStatusOK( status ) ) status = cryptGenerateKey( cryptKey ); if( cryptStatusError( status ) ) { printf( "Key generation failed with error code %d, line %d.\n", status, __LINE__ ); return( FALSE ); } /* Create the certificate request for the new key */ status = cryptCreateCert( &cryptCertRequest, CRYPT_UNUSED, CRYPT_CERTTYPE_CERTREQUEST ); if( cryptStatusOK( status ) ) status = cryptSetAttribute( cryptCertRequest, CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, cryptKey ); if( cryptStatusOK( status ) && \ !addCertFields( cryptCertRequest, certRequestData, __LINE__ ) ) return( FALSE ); if( cryptStatusOK( status ) ) status = cryptSignCert( cryptCertRequest, cryptKey ); if( cryptStatusOK( status ) ) { status = cryptExportCert( certBuffer, BUFFER_SIZE, &length, CRYPT_CERTFORMAT_CERTIFICATE, cryptCertRequest ); cryptDestroyCert( cryptCertRequest ); } if( cryptStatusError( status ) ) { printf( "Certificate request creation failed with error code %d, " "line %d.\n", status, __LINE__ ); return( FALSE ); } if( ( filePtr = fopen( certRequestFileName, "wb" ) ) != NULL ) { count = fwrite( certBuffer, 1, length, filePtr ); fclose( filePtr ); } if( filePtr == NULL || count < length ) { printf( "Couldn't write certificate request to disk, line %d.\n", __LINE__ ); return( FALSE ); } /* Create the keyset and add the private key to it */ filenameFromTemplate( filenameBuffer, SERVER_ECPRIVKEY_FILE_TEMPLATE, keyBits ); status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, fileNamePtr, CRYPT_KEYOPT_CREATE ); if( cryptStatusError( status ) ) { printf( "cryptKeysetOpen() failed with error code %d, line %d.\n", status, __LINE__ ); return( FALSE ); } status = cryptAddPrivateKey( cryptKeyset, cryptKey, TEST_PRIVKEY_PASSWORD ); if( cryptStatusError( status ) ) { printExtError( cryptKeyset, "cryptAddPrivateKey()", status, __LINE__ ); return( FALSE ); } cryptDestroyContext( cryptKey ); cryptKeysetClose( cryptKeyset ); return( TRUE ); }