/*
* Given keyFileBase and key type, init a CSSM_KEY from contents of
* keyFileBase.
*/
static int rt_readKey(
CSSM_CSP_HANDLE cspHandle,
const char *keyFileBase,
CSSM_BOOL isPub,
CSSM_ALGORITHMS alg,
CSSM_KEY_PTR key)
{
char fileName[KEY_FILE_NAME_MAX_LEN];
int irtn;
CSSM_DATA_PTR keyData = &key->KeyData;
CSSM_KEYHEADER_PTR hdr = &key->KeyHeader;
CSSM_RETURN crtn;
CSSM_KEY_SIZE keySize;
memset(key, 0, sizeof(CSSM_KEY));
rtKeyFileName(keyFileBase, isPub, fileName);
irtn = readFile(fileName, &keyData->Data, (unsigned *)&keyData->Length);
if(irtn) {
printf("***error %d reading key file %s\n", irtn, fileName);
return irtn;
}
hdr->HeaderVersion = CSSM_KEYHEADER_VERSION;
hdr->BlobType = CSSM_KEYBLOB_RAW;
/* Infer format from algorithm and key class */
switch(alg) {
case CSSM_ALGID_RSA:
if(isPub) {
hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS1;
}
else {
hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_PKCS8;
}
break;
case CSSM_ALGID_DSA:
hdr->Format = CSSM_KEYBLOB_RAW_FORMAT_FIPS186;
break;
default:
printf("rt_readKey needs work\n");
exit(1);
}
hdr->AlgorithmId = alg;
hdr->KeyClass =
isPub ? CSSM_KEYCLASS_PUBLIC_KEY : CSSM_KEYCLASS_PRIVATE_KEY;
hdr->KeyAttr = CSSM_KEYATTR_EXTRACTABLE;
hdr->KeyUsage = CSSM_KEYUSE_ANY;
/* ask the CSP for key size */
crtn = CSSM_QueryKeySizeInBits(cspHandle, NULL, key, &keySize);
if(crtn) {
cssmPerror("CSSM_QueryKeySizeInBits", crtn);
return 1;
}
hdr->LogicalKeySizeInBits = keySize.LogicalKeySizeInBits;
return 0;
}
static int rt_generate(opParams *op)
{
CSSM_RETURN crtn;
CSSM_KEY pubKey;
CSSM_KEY privKey;
char fileName[KEY_FILE_NAME_MAX_LEN];
int irtn;
if(op->keyFileName == NULL) {
printf("***Need a keyFileName to generate key pair.\n");
return 1;
}
crtn = cdsaGenerateKeyPair(op->cspHandle,
op->keyAlg,
op->keySizeInBits,
&pubKey,
&privKey);
if(crtn) {
return 1;
}
/* write the blobs */
rtKeyFileName(op->keyFileName, CSSM_TRUE, fileName);
irtn = writeFile(fileName, pubKey.KeyData.Data, pubKey.KeyData.Length);
if(irtn) {
printf("***Error %d writing to %s\n", irtn, fileName);
return irtn;
}
printf("...wrote %u bytes to %s\n",
(unsigned)pubKey.KeyData.Length, fileName);
rtKeyFileName(op->keyFileName, CSSM_FALSE, fileName);
irtn = writeFile(fileName, privKey.KeyData.Data, privKey.KeyData.Length);
if(irtn) {
printf("***Error %d writing to %s\n", irtn, fileName);
return irtn;
}
printf("...wrote %u bytes to %s\n",
(unsigned)privKey.KeyData.Length, fileName);
cdsaFreeKey(op->cspHandle, &pubKey);
cdsaFreeKey(op->cspHandle, &privKey);
return 0;
}
static int rt_convertPubKey(opParams *op)
{
CSSM_RETURN crtn;
int irtn;
CSSM_KEY pubKeyIn;
CSSM_KEY pubKeyOut;
CSSM_KEY refKey;
char fileName[KEY_FILE_NAME_MAX_LEN];
if((op->keyFileName == NULL) || (op->outKeyFileName == NULL)) {
printf("***I need input and output key file names for public key concersion.\n");
return 1;
}
irtn = rt_readKey(op->cspHand, op->keyFileName, CSSM_TRUE, op->alg,
op->pubKeyFormat, &pubKeyIn);
if(irtn) {
return irtn;
}
crtn = cspRawKeyToRef(op->cspHand, &pubKeyIn, &refKey);
if(crtn) {
printf("***Error on NULL unwrap of %s\n", op->keyFileName);
return -1;
}
crtn = nullWrapKey(op->cspHand, &refKey, op->outPubKeyFormat, &pubKeyOut);
if(crtn) {
printf("***Error on NULL wrap\n");
return 1;
}
/* write the blobs */
rtKeyFileName(op->outKeyFileName, CSSM_TRUE, fileName);
irtn = writeFile(fileName, pubKeyOut.KeyData.Data, pubKeyOut.KeyData.Length);
if(irtn) {
printf("***Error %d writing to %s\n", irtn, fileName);
return irtn;
}
if(!op->quiet) {
printf("...wrote %lu bytes to %s\n", pubKeyOut.KeyData.Length, fileName);
}
cspFreeKey(op->cspHand, &pubKeyOut);
free(pubKeyIn.KeyData.Data);
cspFreeKey(op->cspHand, &refKey);
return 0;
}
/*
* Given keyFileBase and key type, init a CSSM_KEY.
*/
static int rt_readKey(
CSSM_CSP_HANDLE cspHand,
const char *keyFileBase,
CSSM_BOOL isPub,
CSSM_ALGORITHMS alg,
CSSM_KEYBLOB_FORMAT format, // FORMAT_NONE ==> default
CSSM_KEY_PTR key)
{
char fileName[KEY_FILE_NAME_MAX_LEN];
int irtn;
CSSM_DATA_PTR keyData = &key->KeyData;
CSSM_KEYHEADER_PTR hdr = &key->KeyHeader;
CSSM_RETURN crtn;
CSSM_KEY_SIZE keySize;
unsigned len;
memset(key, 0, sizeof(CSSM_KEY));
rtKeyFileName(keyFileBase, isPub, fileName);
irtn = readFile(fileName, &keyData->Data, &len);
if(irtn) {
printf("***error %d reading key file %s\n", irtn, fileName);
return irtn;
}
keyData->Length = len;
hdr->HeaderVersion = CSSM_KEYHEADER_VERSION;
hdr->BlobType = CSSM_KEYBLOB_RAW;
hdr->Format = format;
hdr->AlgorithmId = alg;
hdr->KeyClass = isPub ? CSSM_KEYCLASS_PUBLIC_KEY :
CSSM_KEYCLASS_PRIVATE_KEY;
hdr->KeyAttr = CSSM_KEYATTR_EXTRACTABLE;
hdr->KeyUsage = CSSM_KEYUSE_ANY;
/* ask the CSP for key size */
crtn = CSSM_QueryKeySizeInBits(cspHand, 0, key, &keySize);
if(crtn) {
printError("CSSM_QueryKeySizeInBits", crtn);
return 1;
}
hdr->LogicalKeySizeInBits = keySize.LogicalKeySizeInBits;
return 0;
}
static int rt_generate(opParams *op)
{
CSSM_RETURN crtn;
CSSM_KEY pubKey;
CSSM_KEY privKey;
char fileName[KEY_FILE_NAME_MAX_LEN];
int irtn;
CSSM_DATA paramIn = {0, NULL};
CSSM_DATA paramOut = {0, NULL};
CSSM_DATA_PTR paramInPtr = NULL;
CSSM_DATA_PTR paramOutPtr = NULL;
if(op->keyFileName == NULL) {
printf("***Need a keyFileName to generate key pair.\n");
return 1;
}
memset(&pubKey, 0, sizeof(CSSM_KEY));
memset(&privKey, 0, sizeof(CSSM_KEY));
if(op->alg == CSSM_ALGID_DSA) {
/* must specify either inParams or outParams, not both */
if(op->dsaParamFileIn && op->dsaParamFileOut) {
printf("***DSA key generation requires one parameter file spec.\n");
return 1;
}
if(!op->dsaParamFileIn && !op->dsaParamFileOut) {
printf("***DSA key generation requires one parameter file spec.\n");
return 1;
}
if(op->dsaParamFileIn) {
/* caller-specified params */
unsigned len;
irtn = readFile(op->dsaParamFileIn, ¶mIn.Data, &len);
if(irtn) {
printf("***Error reading DSA params from %s. Aborting.\n",
op->dsaParamFileIn);
}
paramIn.Length = len;
paramInPtr = ¶mIn;
}
else {
/* generate params --> paramOut */
paramOutPtr = ¶mOut;
}
crtn = genDsaKeyPair(op->cspHand,
USAGE_NAME,
USAGE_NAME_LEN,
op->keySizeInBits,
&pubKey,
CSSM_FALSE, // not ref
CSSM_KEYUSE_VERIFY, // not really important
op->pubKeyFormat,
&privKey,
CSSM_FALSE, // not ref
CSSM_KEYUSE_SIGN,
op->privKeyFormat,
paramInPtr,
paramOutPtr);
if(crtn) {
return 1;
}
if(paramOutPtr) {
irtn = writeFile(op->dsaParamFileOut, paramOut.Data, paramOut.Length);
if(irtn) {
printf("***Error writing DSA params to %s. Aborting.\n",
op->dsaParamFileOut);
return 1;
}
if(!op->quiet) {
printf("...wrote %lu bytes to %s\n", paramOut.Length,
op->dsaParamFileOut);
}
CSSM_FREE(paramOut.Data);
}
else {
/* mallocd by readFile() */
free(paramIn.Data);
}
}
else {
/* RSA, ECDSA */
crtn = cspGenKeyPair(op->cspHand,
op->alg,
USAGE_NAME,
USAGE_NAME_LEN,
op->keySizeInBits,
&pubKey,
CSSM_FALSE, // not ref
CSSM_KEYUSE_VERIFY, // not really important
op->pubKeyFormat,
&privKey,
CSSM_FALSE, // not ref
CSSM_KEYUSE_SIGN,
op->privKeyFormat,
CSSM_FALSE); // genSeed, not used here
if(crtn) {
return 1;
}
}
/* write the blobs */
rtKeyFileName(op->keyFileName, CSSM_TRUE, fileName);
irtn = writeFile(fileName, pubKey.KeyData.Data, pubKey.KeyData.Length);
if(irtn) {
printf("***Error %d writing to %s\n", irtn, fileName);
return irtn;
}
if(!op->quiet) {
printf("...wrote %lu bytes to %s\n", pubKey.KeyData.Length, fileName);
}
rtKeyFileName(op->keyFileName, CSSM_FALSE, fileName);
irtn = writeFile(fileName, privKey.KeyData.Data, privKey.KeyData.Length);
if(irtn) {
printf("***Error %d writing to %s\n", irtn, fileName);
return irtn;
}
if(!op->quiet) {
printf("...wrote %lu bytes to %s\n", privKey.KeyData.Length, fileName);
}
cspFreeKey(op->cspHand, &pubKey);
cspFreeKey(op->cspHand, &privKey);
return 0;
}