int main(
int argc,
char **argv)
{
CRYPT_CONTEXT privKeyContext;
CRYPT_KEYSET cryptKeyset;
int ksize;
if (argc < 3)
{
fprintf(stderr, "Usage: %s filename keysize\n", argv[0]);
return 1;
}
if (sscanf(argv[2], "%d", &ksize) != 1)
{
fprintf(stderr, "Invalid key size\n");
return 1;
}
if (ksize != STANDARD_KEY_SIZE)
{
fprintf(stderr, "Warning: key size %d is not the standard size (%d)\n",
ksize, STANDARD_KEY_SIZE);
}
printf("Making %s with key size %d bits \n", argv[1], ksize);
if (cryptInit() != CRYPT_OK)
{
fprintf(stderr, "Can't open Cryptlib\n");
return 1;
}
if (cryptCreateContext(&privKeyContext, CRYPT_UNUSED, CRYPT_ALGO_RSA) != CRYPT_OK)
{
fprintf(stderr, "Can't create cryptlib private key context\n");
return 1;
}
cryptSetAttributeString(privKeyContext, CRYPT_CTXINFO_LABEL, "label", 5);
cryptSetAttribute(privKeyContext, CRYPT_CTXINFO_KEYSIZE, ksize / 8);
if (cryptGenerateKey(privKeyContext) != CRYPT_OK)
{
fprintf(stderr, "Can't generate key\n");
return 1;
}
if (cryptKeysetOpen(&cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
argv[1], CRYPT_KEYOPT_CREATE) != CRYPT_OK)
{
fprintf(stderr, "Can't open keyset\n");
return 1;
}
if (cryptAddPrivateKey(cryptKeyset, privKeyContext, "password") != CRYPT_OK)
{
fprintf(stderr, "Can't add key to keyset\n");
return 1;
}
cryptKeysetClose(cryptKeyset);
cryptDestroyContext(privKeyContext);
cryptEnd();
return 0;
}
static int save_ca_keypair_and_cert_to_file(CRYPT_CONTEXT ctx, CRYPT_CERTIFICATE cert, const char *filename, const char *password) {
int status;
CRYPT_KEYSET keyset;
status = cryptKeysetOpen( &keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, filename, CRYPT_KEYOPT_CREATE );
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while creating ca privkey keyset file %s\n", status, filename);
return status;
}
status = cryptAddPrivateKey( keyset, ctx, password );
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while adding CA privkey to keyset\n", status);
goto err_keyset_exit;
}
status = cryptAddPublicKey( keyset, cert );
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while adding CA cert to keyset\n", status);
goto err_keyset_exit;
}
#if 0
status = cryptAddPublicKey( keyset, ctx );
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while adding CA pubkey to keyset\n", status);
goto err_keyset_exit;
}
#endif
status = cryptKeysetClose( keyset );
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while closing CA privkey keyset\n", status);
return status; /* what do we do now, close it again? */
}
return CRYPT_OK;
err_keyset_exit:
cryptKeysetClose( keyset ); return status;
}
/*
* int fatal(char *msg) { if (msg && *msg) fprintf(stderr, "%s\n", msg);
* exit(0); }
*/
int main(
int argc,
char **argv)
{
CRYPT_CONTEXT privKeyContext;
CRYPT_KEYSET cryptKeyset;
if (argc < 2)
{
fprintf(stderr, "Usage: Filename\n");
return 1;
}
printf("Making %s\n", argv[1]);
#define CRYPT_CALL(f) \
do \
{ \
if ((f) != CRYPT_OK) \
{ \
fprintf(stderr, "Error calling %s\n", #f); \
exit(EXIT_FAILURE); \
} \
} while (false)
CRYPT_CALL(cryptInit());
CRYPT_CALL(cryptCreateContext(&privKeyContext, CRYPT_UNUSED, CRYPT_ALGO_RSA));
CRYPT_CALL(cryptSetAttributeString(privKeyContext, CRYPT_CTXINFO_LABEL, "label", 5));
CRYPT_CALL(cryptSetAttribute(privKeyContext, CRYPT_CTXINFO_KEYSIZE, 1024 / 8));
CRYPT_CALL(cryptGenerateKey(privKeyContext));
CRYPT_CALL(cryptKeysetOpen(&cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
argv[1], CRYPT_KEYOPT_CREATE));
CRYPT_CALL(cryptAddPrivateKey(cryptKeyset, privKeyContext, "password"));
CRYPT_CALL(cryptKeysetClose(cryptKeyset));
CRYPT_CALL(cryptDestroyContext(privKeyContext));
CRYPT_CALL(cryptEnd());
#undef CRYPT_CALL
return 0;
}
int main( int argc, char *argv[] )
{
int n;
FILE *f;
char *buf[8];
char *outFile;
char *keyFile;
char *certFile;
char *certData;
char *label;
char *secret;
struct stat st;
int usage;
RSA *key;
EVP_PKEY *evp;
CRYPT_KEYSET keyset;
CRYPT_CONTEXT pKey;
CRYPT_PKCINFO_RSA rsa;
CRYPT_CERTIFICATE cert;
CRYPT_KEYOPT_TYPE opt;
if ( argc != 6 ) {
fprintf( stderr,
"Syntax: %s <key> <cert> <out> <label> <secret>\n",
argv[0] );
exit( -1 );
}
keyFile = argv[1];
certFile = argv[2];
outFile = argv[3];
label = argv[4];
secret = argv[5];
if ( ( f = fopen( keyFile, "r" ) ) == NULL ||
( evp = PEM_read_PrivateKey( f, NULL, NULL, NULL ) ) == NULL ||
( key = EVP_PKEY_get1_RSA( evp ) ) == NULL )
{
fprintf( stderr, "Couldn't load private key from '%s'\n", keyFile );
if ( f ) {
ERR_print_errors_fp( stderr );
fclose( f );
}
if ( evp )
EVP_PKEY_free( evp );
exit( -1 );
}
if ( ( f = fopen( certFile, "r" ) ) == NULL ||
fstat( fileno( f ), &st ) < 0 ||
( certData = malloc( st.st_size ) ) == NULL ||
fread( certData, 1, st.st_size, f ) < st.st_size )
{
fprintf( stderr, "Couldn't load certificate from '%s'\n", certFile );
if ( f )
fclose( f );
free( certData );
exit( -1 );
}
/* Should we create a keyset, or append to an existing one? */
opt = CRYPT_KEYOPT_CREATE;
f = fopen( outFile, "r" );
if ( f != NULL ) {
opt = CRYPT_KEYOPT_NONE;
fclose( f );
}
cryptInit();
cryptInitComponents( &rsa, CRYPT_KEYTYPE_PRIVATE );
if ( ( buf[0] = malloc( BN_num_bytes( key->n ) ) ) != NULL &&
( buf[1] = malloc( BN_num_bytes( key->e ) ) ) != NULL &&
( buf[2] = malloc( BN_num_bytes( key->d ) ) ) != NULL &&
( buf[3] = malloc( BN_num_bytes( key->p ) ) ) != NULL &&
( buf[4] = malloc( BN_num_bytes( key->q ) ) ) != NULL &&
( buf[5] = malloc( BN_num_bytes( key->iqmp ) ) ) != NULL &&
( buf[6] = malloc( BN_num_bytes( key->dmp1 ) ) ) != NULL &&
( buf[7] = malloc( BN_num_bytes( key->dmq1 ) ) ) != NULL )
{
int i;
BN_bn2bin( key->n, buf[0] );
BN_bn2bin( key->e, buf[1] );
BN_bn2bin( key->d, buf[2] );
BN_bn2bin( key->p, buf[3] );
BN_bn2bin( key->q, buf[4] );
BN_bn2bin( key->iqmp, buf[5] );
BN_bn2bin( key->dmp1, buf[6] );
BN_bn2bin( key->dmq1, buf[7] );
cryptSetComponent( (&rsa)->n, buf[0], BN_num_bits( key->n ) );
cryptSetComponent( (&rsa)->e, buf[1], BN_num_bits( key->e ) );
cryptSetComponent( (&rsa)->d, buf[2], BN_num_bits( key->d ) );
cryptSetComponent( (&rsa)->p, buf[3], BN_num_bits( key->p ) );
cryptSetComponent( (&rsa)->q, buf[4], BN_num_bits( key->q ) );
cryptSetComponent( (&rsa)->u, buf[5], BN_num_bits( key->iqmp ) );
cryptSetComponent( (&rsa)->e1, buf[6], BN_num_bits( key->dmp1 ) );
cryptSetComponent( (&rsa)->e2, buf[7], BN_num_bits( key->dmq1 ) );
i = 0;
while ( i < 8 )
free( buf[i++] );
}
else {
fprintf( stderr, "Couldn't initialise PKCINFO_RSA data.\n" );
exit( -1 );
}
n = cryptCreateContext( &pKey, CRYPT_UNUSED, CRYPT_ALGO_RSA );
check( n, pKey, "cryptCreateContext" );
n = cryptSetAttributeString( pKey, CRYPT_CTXINFO_LABEL,
label, strlen( label ) );
check( n, pKey, "cryptSetAttributeString(LABEL)" );
n = cryptSetAttributeString( pKey, CRYPT_CTXINFO_KEY_COMPONENTS,
&rsa, sizeof( CRYPT_PKCINFO_RSA ) );
check( n, pKey, "cryptSetAttributeString(KEY_COMPONENTS)" );
n = cryptImportCert( certData, st.st_size, CRYPT_UNUSED, &cert );
check( n, cert, "cryptImportCert" );
n = cryptGetAttribute( cert, CRYPT_CERTINFO_KEYUSAGE, &usage );
if ( n != CRYPT_OK ) {
fprintf( stderr, "Warning: The certificate specifies no KEYUSAGE.\n"
"Cryptlib may not permit its use. See "
"<http://toroid.org/ams/pemtrans>.\n" );
}
n = cryptKeysetOpen( &keyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
outFile, opt );
check( n, keyset, "cryptKeysetOpen" );
n = cryptAddPrivateKey( keyset, pKey, secret );
check( n, keyset, "cryptAddPrivateKey" );
n = cryptAddPublicKey( keyset, cert );
check( n, keyset, "cryptAddPublicKey" );
cryptKeysetClose( keyset );
cryptDestroyComponents( &rsa );
cryptDestroyContext( pKey );
cryptDestroyCert( cert );
exit( 0 );
}
static int exec_cmpcli_init(int argc, char **argv) {
CRYPT_SESSION session;
CRYPT_CERTIFICATE cert, cacert, req;
CRYPT_CONTEXT keypair;
CRYPT_KEYSET privkeys;
const char *cmd, *uid, *ipwd, *crtfilename, *cacrtfilename, *kpfilename;
void *crtdata;
int status, data_len;
if (argc != 6) { fprintf(stderr, "cmpcli argv!=6\n"); return 1; }
cmd = argv[0]; uid = argv[1]; ipwd = argv[2]; crtfilename=argv[3]; cacrtfilename=argv[4]; kpfilename = argv[5];
fprintf(stderr, "uid=\"%s\" ipwd=\"%s\"\n", uid, ipwd);
#if 0
crtdata = read_full_file(crtfilename, &data_len);
if (!crtdata) return 1;
status = cryptImportCert(crtdata, data_len, CRYPT_UNUSED, &cert);
WARN_AND_RETURN_IF(status);
free(crtdata);
#endif
crtdata = read_full_file(cacrtfilename, &data_len);
if (!crtdata) return 1;
status = cryptImportCert(crtdata, data_len, CRYPT_UNUSED, &cacert);
WARN_AND_RETURN_IF(status);
free(crtdata);
status = create_keypair(&keypair, DEFAULT_PRIVKEY_LABEL);
WARN_AND_RETURN_IF(status);
status = cryptKeysetOpen(&privkeys, CRYPT_UNUSED, CRYPT_KEYSET_FILE, kpfilename, CRYPT_KEYOPT_CREATE);
WARN_AND_RETURN_IF(status);
status = cryptAddPrivateKey(privkeys, keypair, DEFAULT_PASSWORD);
WARN_AND_RETURN_IF(status);
status = cryptCreateCert(&req, CRYPT_UNUSED, CRYPT_CERTTYPE_REQUEST_CERT);
WARN_AND_RETURN_IF(status);
status = cryptSetAttribute(req, CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, keypair);
WARN_AND_RETURN_IF(status);
status = cryptSignCert(req, keypair);
WARN_AND_RETURN_IF(status);
status = cryptCreateSession(&session, CRYPT_UNUSED, CRYPT_SESSION_CMP);
WARN_AND_RETURN_IF(status);
status = cryptSetAttribute(session, CRYPT_SESSINFO_CMP_REQUESTTYPE, CRYPT_REQUESTTYPE_INITIALIZATION);
WARN_AND_RETURN_IF(status);
status = cryptSetAttribute(session, CRYPT_SESSINFO_CACERTIFICATE, cacert);
WARN_AND_RETURN_IF(status);
status = cryptSetAttribute(session, CRYPT_SESSINFO_REQUEST, req);
WARN_AND_RETURN_IF(status);
status = cryptSetAttributeString(session, CRYPT_SESSINFO_USERNAME, uid, strlen(uid));
WARN_AND_RETURN_IF(status);
status = cryptSetAttributeString(session, CRYPT_SESSINFO_PASSWORD, ipwd, strlen(ipwd));
WARN_AND_RETURN_IF(status);
status = cryptSetAttributeString(session, CRYPT_SESSINFO_SERVER_NAME, "127.0.0.1", 9);
WARN_AND_RETURN_IF(status);
status = cryptSetAttribute(session, CRYPT_SESSINFO_SERVER_PORT, 65000);
WARN_AND_RETURN_IF(status);
status = cryptSetAttribute(session, CRYPT_SESSINFO_ACTIVE, 1);
WARN_AND_RETURN_IF(status);
status = cryptGetAttribute(session, CRYPT_SESSINFO_RESPONSE, &cert);
WARN_AND_RETURN_IF(status);
status = export_cert(cert, crtfilename);
WARN_AND_RETURN_IF(status);
status = cryptAddPublicKey(privkeys, cert);
WARN_AND_RETURN_IF(status);
status = cryptKeysetClose(privkeys);
WARN_AND_RETURN_IF(status);
status = cryptDestroySession(session);
WARN_AND_RETURN_IF(status);
status = cryptDestroyCert(cacert);
WARN_AND_RETURN_IF(status);
status = cryptDestroyCert(cert);
WARN_AND_RETURN_IF(status);
status = cryptDestroyCert(req);
WARN_AND_RETURN_IF(status);
status = cryptDestroyContext(keypair);
return 0;
}
int main(int argc, char **argv) {
int status;
CRYPT_CONTEXT cryptContext;
CRYPT_KEYSET cryptKeyset;
printf("Initializing cryptlib\n");
status = cryptInit();
if (status != CRYPT_OK) {
fprintf(stderr, "Error initializing cryptlib\n");
return 1;
}
/* Create an RSA public/private key context, set a label for it, and
generate a key into it */
status = cryptCreateContext( &cryptContext, CRYPT_UNUSED, CRYPT_ALGO_RSA );
if (status != CRYPT_OK) {
fprintf(stderr, "Error creating crypt_context\n");
return 1;
}
status = cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_LABEL, "Private key", 11 );
if (status != CRYPT_OK) {
fprintf(stderr, "Error setting key label\n");
return 1;
}
fprintf(stderr, "Generating RSA key\n");
status = cryptGenerateKey( cryptContext );
if (status != CRYPT_OK) {
fprintf(stderr, "Error generating key\n");
return 1;
}
fprintf(stderr, "done!\n");
/* Save the generated public/private key pair to a keyset */
status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, KEY_FILENAME, CRYPT_KEYOPT_CREATE );
if (status != CRYPT_OK) {
fprintf(stderr, "Error opening keyset\n");
return 1;
}
status = cryptAddPrivateKey( cryptKeyset, cryptContext, PASSWORD );
if (status != CRYPT_OK) {
fprintf(stderr, "Error adding key to keyset\n");
return 1;
}
status = cryptKeysetClose( cryptKeyset );
if (status != CRYPT_OK) {
fprintf(stderr, "Error closing keyset\n");
return 1;
}
/* Create CSR */
createCSR(cryptContext);
/* Create CA cert */
createCACert(cryptContext);
/* Clean up */
status = cryptDestroyContext( cryptContext );
if (status != CRYPT_OK) {
fprintf(stderr, "Error destroying context\n");
return 1;
}
printf("Deinitializing cryptlib\n");
status = cryptEnd();
if (status != CRYPT_OK) {
fprintf(stderr, "Error deinitializing cryptlib\n");
return 1;
}
return 0;
}
static int generateKey( const int keyBits, const char *certRequestFileName )
{
CRYPT_KEYSET cryptKeyset;
CRYPT_CERTIFICATE cryptCertRequest;
CRYPT_CONTEXT cryptKey;
FILE *filePtr;
BYTE certBuffer[ BUFFER_SIZE ];
char filenameBuffer[ FILENAME_BUFFER_SIZE ];
void *fileNamePtr = filenameBuffer;
int length, count, status;
/* Generate a key to certify. We can't just reuse the built-in test key
because this has already been used as the CA key and the keyset code
won't allow it to be added to a keyset as both a CA key and user key,
so we have to generate a new one */
status = cryptCreateContext( &cryptKey, CRYPT_UNUSED, CRYPT_ALGO_ECDSA );
if( cryptStatusOK( status ) )
status = cryptSetAttribute( cryptKey, CRYPT_CTXINFO_KEYSIZE,
keyBits >> 3 );
if( cryptStatusOK( status ) )
{
status = cryptSetAttributeString( cryptKey, CRYPT_CTXINFO_LABEL,
USER_PRIVKEY_LABEL,
paramStrlen( USER_PRIVKEY_LABEL ) );
}
if( cryptStatusOK( status ) )
status = cryptGenerateKey( cryptKey );
if( cryptStatusError( status ) )
{
printf( "Key generation failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Create the certificate request for the new key */
status = cryptCreateCert( &cryptCertRequest, CRYPT_UNUSED,
CRYPT_CERTTYPE_CERTREQUEST );
if( cryptStatusOK( status ) )
status = cryptSetAttribute( cryptCertRequest,
CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, cryptKey );
if( cryptStatusOK( status ) && \
!addCertFields( cryptCertRequest, certRequestData, __LINE__ ) )
return( FALSE );
if( cryptStatusOK( status ) )
status = cryptSignCert( cryptCertRequest, cryptKey );
if( cryptStatusOK( status ) )
{
status = cryptExportCert( certBuffer, BUFFER_SIZE, &length,
CRYPT_CERTFORMAT_CERTIFICATE,
cryptCertRequest );
cryptDestroyCert( cryptCertRequest );
}
if( cryptStatusError( status ) )
{
printf( "Certificate request creation failed with error code %d, "
"line %d.\n", status, __LINE__ );
return( FALSE );
}
if( ( filePtr = fopen( certRequestFileName, "wb" ) ) != NULL )
{
count = fwrite( certBuffer, 1, length, filePtr );
fclose( filePtr );
}
if( filePtr == NULL || count < length )
{
printf( "Couldn't write certificate request to disk, line %d.\n",
__LINE__ );
return( FALSE );
}
/* Create the keyset and add the private key to it */
filenameFromTemplate( filenameBuffer, SERVER_ECPRIVKEY_FILE_TEMPLATE,
keyBits );
status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
fileNamePtr, CRYPT_KEYOPT_CREATE );
if( cryptStatusError( status ) )
{
printf( "cryptKeysetOpen() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
status = cryptAddPrivateKey( cryptKeyset, cryptKey,
TEST_PRIVKEY_PASSWORD );
if( cryptStatusError( status ) )
{
printExtError( cryptKeyset, "cryptAddPrivateKey()", status,
__LINE__ );
return( FALSE );
}
cryptDestroyContext( cryptKey );
cryptKeysetClose( cryptKeyset );
return( TRUE );
}
