static int create_keypair(CRYPT_CONTEXT *pCtx, const char *label) {
int status;
CRYPT_CONTEXT local_context;
/* create the RSA context */
status = cryptCreateContext( &local_context, CRYPT_UNUSED, CRYPT_ALGO_RSA );
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while creating keypair context\n", status);
return status;
}
/* set key label -- TODO make label parameter */
status = cryptSetAttributeString( local_context, CRYPT_CTXINFO_LABEL, label, strlen(label));
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while setting privkey label\n", status);
goto err_ctx_exit;
}
/* generate key */
status = cryptGenerateKey( local_context );
if (!cryptStatusOK(status)) {
fprintf(stderr, "cryptlib error %d while generating CA keypair\n", status);
goto err_ctx_exit;
}
/* normal (OK) exit */
*pCtx = local_context; return CRYPT_OK;
err_ctx_exit:
cryptDestroyContext(local_context); return status;
}
int main(
int argc,
char **argv)
{
CRYPT_CONTEXT privKeyContext;
CRYPT_KEYSET cryptKeyset;
int ksize;
if (argc < 3)
{
fprintf(stderr, "Usage: %s filename keysize\n", argv[0]);
return 1;
}
if (sscanf(argv[2], "%d", &ksize) != 1)
{
fprintf(stderr, "Invalid key size\n");
return 1;
}
if (ksize != STANDARD_KEY_SIZE)
{
fprintf(stderr, "Warning: key size %d is not the standard size (%d)\n",
ksize, STANDARD_KEY_SIZE);
}
printf("Making %s with key size %d bits \n", argv[1], ksize);
if (cryptInit() != CRYPT_OK)
{
fprintf(stderr, "Can't open Cryptlib\n");
return 1;
}
if (cryptCreateContext(&privKeyContext, CRYPT_UNUSED, CRYPT_ALGO_RSA) != CRYPT_OK)
{
fprintf(stderr, "Can't create cryptlib private key context\n");
return 1;
}
cryptSetAttributeString(privKeyContext, CRYPT_CTXINFO_LABEL, "label", 5);
cryptSetAttribute(privKeyContext, CRYPT_CTXINFO_KEYSIZE, ksize / 8);
if (cryptGenerateKey(privKeyContext) != CRYPT_OK)
{
fprintf(stderr, "Can't generate key\n");
return 1;
}
if (cryptKeysetOpen(&cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
argv[1], CRYPT_KEYOPT_CREATE) != CRYPT_OK)
{
fprintf(stderr, "Can't open keyset\n");
return 1;
}
if (cryptAddPrivateKey(cryptKeyset, privKeyContext, "password") != CRYPT_OK)
{
fprintf(stderr, "Can't add key to keyset\n");
return 1;
}
cryptKeysetClose(cryptKeyset);
cryptDestroyContext(privKeyContext);
cryptEnd();
return 0;
}
/*
* int fatal(char *msg) { if (msg && *msg) fprintf(stderr, "%s\n", msg);
* exit(0); }
*/
int main(
int argc,
char **argv)
{
CRYPT_CONTEXT privKeyContext;
CRYPT_KEYSET cryptKeyset;
if (argc < 2)
{
fprintf(stderr, "Usage: Filename\n");
return 1;
}
printf("Making %s\n", argv[1]);
#define CRYPT_CALL(f) \
do \
{ \
if ((f) != CRYPT_OK) \
{ \
fprintf(stderr, "Error calling %s\n", #f); \
exit(EXIT_FAILURE); \
} \
} while (false)
CRYPT_CALL(cryptInit());
CRYPT_CALL(cryptCreateContext(&privKeyContext, CRYPT_UNUSED, CRYPT_ALGO_RSA));
CRYPT_CALL(cryptSetAttributeString(privKeyContext, CRYPT_CTXINFO_LABEL, "label", 5));
CRYPT_CALL(cryptSetAttribute(privKeyContext, CRYPT_CTXINFO_KEYSIZE, 1024 / 8));
CRYPT_CALL(cryptGenerateKey(privKeyContext));
CRYPT_CALL(cryptKeysetOpen(&cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
argv[1], CRYPT_KEYOPT_CREATE));
CRYPT_CALL(cryptAddPrivateKey(cryptKeyset, privKeyContext, "password"));
CRYPT_CALL(cryptKeysetClose(cryptKeyset));
CRYPT_CALL(cryptDestroyContext(privKeyContext));
CRYPT_CALL(cryptEnd());
#undef CRYPT_CALL
return 0;
}
int main(int argc, char **argv) {
int status;
CRYPT_CONTEXT cryptContext;
CRYPT_KEYSET cryptKeyset;
printf("Initializing cryptlib\n");
status = cryptInit();
if (status != CRYPT_OK) {
fprintf(stderr, "Error initializing cryptlib\n");
return 1;
}
/* Create an RSA public/private key context, set a label for it, and
generate a key into it */
status = cryptCreateContext( &cryptContext, CRYPT_UNUSED, CRYPT_ALGO_RSA );
if (status != CRYPT_OK) {
fprintf(stderr, "Error creating crypt_context\n");
return 1;
}
status = cryptSetAttributeString( cryptContext, CRYPT_CTXINFO_LABEL, "Private key", 11 );
if (status != CRYPT_OK) {
fprintf(stderr, "Error setting key label\n");
return 1;
}
fprintf(stderr, "Generating RSA key\n");
status = cryptGenerateKey( cryptContext );
if (status != CRYPT_OK) {
fprintf(stderr, "Error generating key\n");
return 1;
}
fprintf(stderr, "done!\n");
/* Save the generated public/private key pair to a keyset */
status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE, KEY_FILENAME, CRYPT_KEYOPT_CREATE );
if (status != CRYPT_OK) {
fprintf(stderr, "Error opening keyset\n");
return 1;
}
status = cryptAddPrivateKey( cryptKeyset, cryptContext, PASSWORD );
if (status != CRYPT_OK) {
fprintf(stderr, "Error adding key to keyset\n");
return 1;
}
status = cryptKeysetClose( cryptKeyset );
if (status != CRYPT_OK) {
fprintf(stderr, "Error closing keyset\n");
return 1;
}
/* Create CSR */
createCSR(cryptContext);
/* Create CA cert */
createCACert(cryptContext);
/* Clean up */
status = cryptDestroyContext( cryptContext );
if (status != CRYPT_OK) {
fprintf(stderr, "Error destroying context\n");
return 1;
}
printf("Deinitializing cryptlib\n");
status = cryptEnd();
if (status != CRYPT_OK) {
fprintf(stderr, "Error deinitializing cryptlib\n");
return 1;
}
return 0;
}
static int generateKey( const int keyBits, const char *certRequestFileName )
{
CRYPT_KEYSET cryptKeyset;
CRYPT_CERTIFICATE cryptCertRequest;
CRYPT_CONTEXT cryptKey;
FILE *filePtr;
BYTE certBuffer[ BUFFER_SIZE ];
char filenameBuffer[ FILENAME_BUFFER_SIZE ];
void *fileNamePtr = filenameBuffer;
int length, count, status;
/* Generate a key to certify. We can't just reuse the built-in test key
because this has already been used as the CA key and the keyset code
won't allow it to be added to a keyset as both a CA key and user key,
so we have to generate a new one */
status = cryptCreateContext( &cryptKey, CRYPT_UNUSED, CRYPT_ALGO_ECDSA );
if( cryptStatusOK( status ) )
status = cryptSetAttribute( cryptKey, CRYPT_CTXINFO_KEYSIZE,
keyBits >> 3 );
if( cryptStatusOK( status ) )
{
status = cryptSetAttributeString( cryptKey, CRYPT_CTXINFO_LABEL,
USER_PRIVKEY_LABEL,
paramStrlen( USER_PRIVKEY_LABEL ) );
}
if( cryptStatusOK( status ) )
status = cryptGenerateKey( cryptKey );
if( cryptStatusError( status ) )
{
printf( "Key generation failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
/* Create the certificate request for the new key */
status = cryptCreateCert( &cryptCertRequest, CRYPT_UNUSED,
CRYPT_CERTTYPE_CERTREQUEST );
if( cryptStatusOK( status ) )
status = cryptSetAttribute( cryptCertRequest,
CRYPT_CERTINFO_SUBJECTPUBLICKEYINFO, cryptKey );
if( cryptStatusOK( status ) && \
!addCertFields( cryptCertRequest, certRequestData, __LINE__ ) )
return( FALSE );
if( cryptStatusOK( status ) )
status = cryptSignCert( cryptCertRequest, cryptKey );
if( cryptStatusOK( status ) )
{
status = cryptExportCert( certBuffer, BUFFER_SIZE, &length,
CRYPT_CERTFORMAT_CERTIFICATE,
cryptCertRequest );
cryptDestroyCert( cryptCertRequest );
}
if( cryptStatusError( status ) )
{
printf( "Certificate request creation failed with error code %d, "
"line %d.\n", status, __LINE__ );
return( FALSE );
}
if( ( filePtr = fopen( certRequestFileName, "wb" ) ) != NULL )
{
count = fwrite( certBuffer, 1, length, filePtr );
fclose( filePtr );
}
if( filePtr == NULL || count < length )
{
printf( "Couldn't write certificate request to disk, line %d.\n",
__LINE__ );
return( FALSE );
}
/* Create the keyset and add the private key to it */
filenameFromTemplate( filenameBuffer, SERVER_ECPRIVKEY_FILE_TEMPLATE,
keyBits );
status = cryptKeysetOpen( &cryptKeyset, CRYPT_UNUSED, CRYPT_KEYSET_FILE,
fileNamePtr, CRYPT_KEYOPT_CREATE );
if( cryptStatusError( status ) )
{
printf( "cryptKeysetOpen() failed with error code %d, line %d.\n",
status, __LINE__ );
return( FALSE );
}
status = cryptAddPrivateKey( cryptKeyset, cryptKey,
TEST_PRIVKEY_PASSWORD );
if( cryptStatusError( status ) )
{
printExtError( cryptKeyset, "cryptAddPrivateKey()", status,
__LINE__ );
return( FALSE );
}
cryptDestroyContext( cryptKey );
cryptKeysetClose( cryptKeyset );
return( TRUE );
}
