__attribute__((visibility("default"))) int openssl_generate_keypair(
const keymaster0_device_t*, const keymaster_keypair_t key_type, const void* key_params,
uint8_t** keyBlob, size_t* keyBlobLength) {
Unique_EVP_PKEY pkey(EVP_PKEY_new());
if (pkey.get() == NULL) {
logOpenSSLError("openssl_generate_keypair");
return -1;
}
if (key_params == NULL) {
ALOGW("key_params == null");
return -1;
} else if (key_type == TYPE_DSA) {
const keymaster_dsa_keygen_params_t* dsa_params =
(const keymaster_dsa_keygen_params_t*)key_params;
generate_dsa_keypair(pkey.get(), dsa_params);
} else if (key_type == TYPE_EC) {
const keymaster_ec_keygen_params_t* ec_params =
(const keymaster_ec_keygen_params_t*)key_params;
generate_ec_keypair(pkey.get(), ec_params);
} else if (key_type == TYPE_RSA) {
const keymaster_rsa_keygen_params_t* rsa_params =
(const keymaster_rsa_keygen_params_t*)key_params;
generate_rsa_keypair(pkey.get(), rsa_params);
} else {
ALOGW("Unsupported key type %d", key_type);
return -1;
}
if (wrap_key(pkey.get(), EVP_PKEY_type(pkey->type), keyBlob, keyBlobLength)) {
return -1;
}
return 0;
}
int main(int argc, const char * argv[])
{
//expect 4 args : email, user name, plain password (10 to 20 chars), days. String controls have been made before calling this program.
if (argc != 5) exit(EXIT_FAILURE);
newUser_t *user;
char *local;
char *rsapriv;
char rsapriv_key[33];
size_t pwd_size;
user = malloc(sizeof(newUser_t));
user->email = strdup(argv[1]);
user->name = strdup(argv[2]);
user->days = strdup(argv[4]);
//passphrase & aeskey
pwd_size = strlen(argv[3]);
if ( pwd_size < 10 || pwd_size > 20 ) {
fprintf(stderr, "incorrect password length : %zu chars.", pwd_size);
exit(EXIT_FAILURE);
}
user->passphrase = random_string(32);
memcpy(rsapriv_key, argv[3], pwd_size);
memcpy(rsapriv_key + pwd_size, user->passphrase + pwd_size, 32 - pwd_size);
rsapriv_key[32] = '\0';
libgcrypt_initialize();
//rsa keys
generate_rsa_keypair( &user->rsapub, &rsapriv);
cipher_key(rsapriv, rsapriv_key, &user->rsapriv_crypt);
//hash password
char *settings;
settings = crypt_gensalt_ra("$2a$", 7, random_string(16), 16);
user->pwd = string_new();
string_ajout(user->pwd, "{BLF-CRYPT}");
string_ajout(user->pwd, crypt(argv[3], settings));
//build maildir string
user->maildir = string_new();
string_ajout(user->maildir, "/");
local = strtok(strdup(argv[1]), "@");
string_ajout(user->maildir, strtok(NULL, "@"));
string_ajout(user->maildir, "/");
string_ajout(user->maildir, local);
string_ajout(user->maildir, "/");
//insert user in 2 tables : users & aliases
if (pg_creer_utilisateur(user) != -1) {
printf("OK 1/2 : Utilisateur ajouté dans la table users.\n");
if (pg_creer_alias(user->email) != -1) {
printf("OK 2/2 : Alias créé.\n");
} else {
fprintf(stderr, "Erreur lors de la création de l'alias.");
exit(EXIT_FAILURE);
}
} else {
fprintf(stderr, "Erreur lors de l'insertion de l'utilisateur dans la base users.");
exit(EXIT_FAILURE);
}
exit(EXIT_SUCCESS);
}
