static int
generate_RSA_keypair(unsigned char** private_key_der, size_t *private_key_len,
unsigned char** public_key_der, size_t *public_key_len)
{
RSA *private_key;
private_key = RSA_generate_key(1024, 65537, NULL, NULL);
unsigned char *priv, *pub;
//DER encode / pkcs#1
*private_key_len = i2d_RSAPrivateKey(private_key, 0);
*public_key_len = i2d_RSAPublicKey(private_key, 0);
*private_key_der = priv = (unsigned char*) calloc(*private_key_len, 1);
*public_key_der = pub = (unsigned char*) calloc(*public_key_len, 1);
i2d_RSAPrivateKey(private_key, &priv);
i2d_RSAPublicKey(private_key, &pub);
RSA_free(private_key);
/*
// Check that all is well, DER decode
fprintf(stderr, "decoded:\n");
RSA *public_key_rsa, *private_key_rsa;
public_key_rsa = d2i_RSAPublicKey(0, (const unsigned char**) &public_key_der, public_key_len);
private_key_rsa = d2i_RSAPrivateKey(0, (const unsigned char**) &private_key_der, private_key_len);
PEM_write_RSAPrivateKey(stderr, private_key_rsa, NULL, NULL, 0, NULL, NULL);
PEM_write_RSAPublicKey(stderr, private_key_rsa);
*/
return(0);
}
int
ca_key_serialize(EVP_PKEY *key, struct iked_id *id)
{
int len;
u_int8_t *d;
RSA *rsa;
switch (key->type) {
case EVP_PKEY_RSA:
id->id_type = 0;
id->id_offset = 0;
ibuf_release(id->id_buf);
if ((rsa = EVP_PKEY_get1_RSA(key)) == NULL)
return (-1);
if ((len = i2d_RSAPrivateKey(rsa, NULL)) <= 0)
return (-1);
if ((id->id_buf = ibuf_new(NULL, len)) == NULL)
return (-1);
d = ibuf_data(id->id_buf);
if (i2d_RSAPrivateKey(rsa, &d) != len) {
ibuf_release(id->id_buf);
return (-1);
}
id->id_type = IKEV2_CERT_RSA_KEY;
break;
default:
log_debug("%s: unsupported key type %d", __func__, key->type);
return (-1);
}
return (0);
}
static void keystore_save_rsakey(gpointer key, gpointer value,
gpointer user_data)
{
const int key_index = GPOINTER_TO_INT(key);
const struct rsa_key_t *rsa_key = (const struct rsa_key_t *)value;
GKeyFile *key_file = (GKeyFile *)user_data;
g_assert(rsa_key != NULL);
g_assert(key_file != NULL);
gchar *index = g_strdup_printf("%d", key_index);
int pkcs_len = i2d_RSAPrivateKey(rsa_key->rsa, NULL);
unsigned char *pkcs_buf = malloc(pkcs_len);
unsigned char *tmp = pkcs_buf;
i2d_RSAPrivateKey(rsa_key->rsa, &tmp);
const gchar *const list[] =
{
g_strdup_printf("%d", rsa_key->keylen),
g_base64_encode(pkcs_buf, pkcs_len),
};
g_key_file_set_string_list(key_file, "rsa", index, list, 2);
g_free(index);
free(pkcs_buf);
g_free((gpointer)list[0]);
g_free((gpointer)list[1]);
}
static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
unsigned char *rk = NULL;
int rklen;
ASN1_STRING *str;
int strtype;
if (!rsa_param_encode(pkey, &str, &strtype))
return 0;
rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
if (rklen <= 0) {
RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
ASN1_STRING_free(str);
return 0;
}
if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(pkey->ameth->pkey_id), 0,
strtype, str, rk, rklen)) {
RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
ASN1_STRING_free(str);
return 0;
}
return 1;
}
PyObject *
get_key_der_private(struct ccn_pkey *private_key_ccn)
{
PyObject *result;
RSA *private_key_rsa;
unsigned long err;
unsigned char *private_key_der = NULL;
int der_len;
assert(private_key_ccn);
private_key_rsa = EVP_PKEY_get1_RSA((EVP_PKEY *) private_key_ccn);
JUMP_IF_NULL(private_key_rsa, openssl_error);
der_len = i2d_RSAPrivateKey(private_key_rsa, &private_key_der);
JUMP_IF_NEG(der_len, openssl_error);
result = PyBytes_FromStringAndSize((char *) private_key_der, der_len);
RSA_free(private_key_rsa);
private_key_rsa = NULL;
JUMP_IF_NULL(result, error);
return result;
openssl_error:
err = ERR_get_error();
PyErr_Format(g_PyExc_CCNKeyError, "Unable to write Private Key: %s",
ERR_reason_error_string(err));
error:
RSA_free(private_key_rsa);
return NULL;
}
int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
{
#ifndef OPENSSL_NO_RSA
if (a->type == EVP_PKEY_RSA)
{
return(i2d_RSAPrivateKey(a->pkey.rsa,pp));
}
else
#endif
#ifndef OPENSSL_NO_DSA
if (a->type == EVP_PKEY_DSA)
{
return(i2d_DSAPrivateKey(a->pkey.dsa,pp));
}
#endif
#ifndef OPENSSL_NO_EC
if (a->type == EVP_PKEY_EC)
{
return(i2d_ECPrivateKey(a->pkey.ec, pp));
}
#endif
ASN1err(ASN1_F_I2D_PRIVATEKEY,ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
return(-1);
}
void RSAKey::cache()
{
unsigned char buffer[8192];
unsigned char* buf = buffer;
int len = i2d_RSAPublicKey(d_rsa.get(), &buf);
EXCEPTION_ASSERT_WITH_LOG(len >= 0, OpenSSLException, "Invalid RSA context: cannot retrieve public key");
d_public_key.clear();
d_public_key.insert(d_public_key.end(), buffer, buffer + len);
if (hasPrivateCompound())
{
buf = buffer;
len = i2d_RSAPrivateKey(d_rsa.get(), &buf);
EXCEPTION_ASSERT_WITH_LOG(len >= 0, OpenSSLException, "Invalid RSA context: cannot retrieve private key");
d_private_key.clear();
d_private_key.insert(d_private_key.end(), buffer, buffer + len);
}
else
{
d_private_key.clear();
}
}
std::unique_ptr<RSA_PrivateKey>
make_openssl_rsa_private_key(RandomNumberGenerator& rng, size_t rsa_bits)
{
if (rsa_bits > INT_MAX)
throw Internal_Error("rsa_bits overflow");
secure_vector<uint8_t> seed(BOTAN_SYSTEM_RNG_POLL_REQUEST);
rng.randomize(seed.data(), seed.size());
RAND_seed(seed.data(), seed.size());
std::unique_ptr<BIGNUM, std::function<void (BIGNUM*)>> bn(BN_new(), BN_free);
if(!bn)
throw OpenSSL_Error("BN_new");
if(!BN_set_word(bn.get(), RSA_F4))
throw OpenSSL_Error("BN_set_word");
std::unique_ptr<RSA, std::function<void (RSA*)>> rsa(RSA_new(), RSA_free);
if(!rsa)
throw OpenSSL_Error("RSA_new");
if(!RSA_generate_key_ex(rsa.get(), rsa_bits, bn.get(), nullptr))
throw OpenSSL_Error("RSA_generate_key_ex");
uint8_t* der = nullptr;
int bytes = i2d_RSAPrivateKey(rsa.get(), &der);
if(bytes < 0)
throw OpenSSL_Error("i2d_RSAPrivateKey");
const secure_vector<uint8_t> keydata(der, der + bytes);
memset(der, 0, bytes);
free(der);
return std::unique_ptr<Botan::RSA_PrivateKey>
(new RSA_PrivateKey(AlgorithmIdentifier(), keydata));
}
SEXP PKI_extract_key(SEXP sKey, SEXP sPriv) {
SEXP res;
EVP_PKEY *key;
RSA *rsa;
int get_priv = asInteger(sPriv), len;
if (!inherits(sKey, "public.key") && !inherits(sKey, "private.key"))
Rf_error("invalid key object");
if (get_priv == NA_INTEGER)
get_priv = inherits(sKey, "private.key");
if (get_priv && !inherits(sKey, "private.key"))
return R_NilValue;
key = (EVP_PKEY*) R_ExternalPtrAddr(sKey);
if (!key)
Rf_error("NULL key");
PKI_init();
if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA)
Rf_error("Sorry only RSA keys are supported at this point");
rsa = EVP_PKEY_get1_RSA(key);
if (get_priv) {
unsigned char *ptr;
len = i2d_RSAPrivateKey(rsa, 0);
if (len < 1)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
res = allocVector(RAWSXP, len);
ptr = (unsigned char*) RAW(res);
len = i2d_RSAPrivateKey(rsa, &ptr);
if (len < 1)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
PROTECT(res);
setAttrib(res, R_ClassSymbol, mkString("private.key.DER"));
UNPROTECT(1);
} else {
unsigned char *ptr;
len = i2d_RSA_PUBKEY(rsa, 0);
if (len < 1)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
res = allocVector(RAWSXP, len);
ptr = (unsigned char*) RAW(res);
len = i2d_RSA_PUBKEY(rsa, &ptr);
if (len < 1)
Rf_error("%s", ERR_error_string(ERR_get_error(), NULL));
PROTECT(res);
setAttrib(res, R_ClassSymbol, mkString("public.key.DER"));
UNPROTECT(1);
}
return res;
}
/*============================================================================
* OpcUa_P_OpenSSL_RSA_GenerateKeys
*===========================================================================*/
OpcUa_StatusCode OpcUa_P_OpenSSL_RSA_GenerateKeys(
OpcUa_CryptoProvider* a_pProvider,
OpcUa_UInt32 a_bits,
OpcUa_Key* a_pPublicKey,
OpcUa_Key* a_pPrivateKey)
{
RSA* pRsa;
unsigned char* pData;
OpcUa_InitializeStatus(OpcUa_Module_P_OpenSSL, "RSA_GenerateKeys");
OpcUa_ReturnErrorIfArgumentNull(a_pProvider);
OpcUa_ReturnErrorIfArgumentNull(a_pPublicKey);
OpcUa_ReturnErrorIfArgumentNull(a_pPrivateKey);
OpcUa_ReferenceParameter(a_pProvider);
/* Just 1024 or 2048 bits should be allowed for compatibility reasons */
if ((a_bits != 1024) && (a_bits != 2048) && (a_bits != 3072) && (a_bits != 4096))
{
uStatus = OpcUa_BadInvalidArgument;
OpcUa_GotoErrorIfBad(uStatus);
}
if(a_pPublicKey->Key.Data == OpcUa_Null)
{
a_pPublicKey->Key.Length = a_bits;
OpcUa_ReturnStatusCode;
}
if(a_pPrivateKey->Key.Data == OpcUa_Null)
{
a_pPrivateKey->Key.Length = a_bits;
OpcUa_ReturnStatusCode;
}
pRsa = RSA_generate_key(a_bits, RSA_F4, NULL, OpcUa_Null);
pData = a_pPublicKey->Key.Data;
a_pPublicKey->Key.Length = i2d_RSAPublicKey(pRsa, &pData);
pData = a_pPrivateKey->Key.Data;
a_pPrivateKey->Key.Length = i2d_RSAPrivateKey(pRsa, &pData);
/* clean up */
if(pRsa != OpcUa_Null)
{
RSA_free(pRsa);
}
a_pPublicKey->Type = OpcUa_Crypto_Rsa_Alg_Id;
a_pPrivateKey->Type = OpcUa_Crypto_Rsa_Alg_Id;
OpcUa_ReturnStatusCode;
OpcUa_BeginErrorHandling;
OpcUa_FinishErrorHandling;
}
int
ca_privkey_serialize(EVP_PKEY *key, struct iked_id *id)
{
RSA *rsa = NULL;
uint8_t *d;
int len = 0;
int ret = -1;
switch (key->type) {
case EVP_PKEY_RSA:
id->id_type = 0;
id->id_offset = 0;
ibuf_release(id->id_buf);
if ((rsa = EVP_PKEY_get1_RSA(key)) == NULL)
goto done;
if ((len = i2d_RSAPrivateKey(rsa, NULL)) <= 0)
goto done;
if ((id->id_buf = ibuf_new(NULL, len)) == NULL)
goto done;
d = ibuf_data(id->id_buf);
if (i2d_RSAPrivateKey(rsa, &d) != len) {
ibuf_release(id->id_buf);
goto done;
}
id->id_type = IKEV2_CERT_RSA_KEY;
break;
default:
log_debug("%s: unsupported key type %d", __func__, key->type);
return (-1);
}
log_debug("%s: type %s length %d", __func__,
print_map(id->id_type, ikev2_cert_map), len);
ret = 0;
done:
if (rsa != NULL)
RSA_free(rsa);
return (ret);
}
ndn_Error
ndn_RsaPrivateKey_encodePrivateKey
(const struct ndn_RsaPrivateKey *self, uint8_t *encoding,
size_t *encodingLength)
{
int result = i2d_RSAPrivateKey(self->privateKey, encoding ? &encoding : 0);
if (result < 0)
return NDN_ERROR_Error_encoding_key;
*encodingLength = result;
return NDN_ERROR_success;
}
sqbind::CSqBinary COsslKey::getPrivateKeyRaw()
{_STT();
if ( !m_pkey )
return sqbind::CSqBinary();
// How big is the key?
int nSize = i2d_RSAPrivateKey( m_pkey->pkey.rsa, oexNULL );
if ( 0 >= nSize )
return sqbind::CSqBinary();
// Allocate space
sqbind::CSqBinary bin;
if ( !bin.Allocate( nSize ) )
return bin;
// Get the key data
unsigned char *p = (unsigned char*)bin._Ptr();
bin.setUsed( i2d_RSAPrivateKey( m_pkey->pkey.rsa, &p ) );
return bin;
}
/*----------------------------------------------*
* Loads the Private Key *
*----------------------------------------------*/
static int loadPemPrivateKey(unsigned char *FileName, unsigned char *buffer, int *len)
{
int length = 0;
unsigned char *temp;
BIO *bioIn = NULL;
RSA *pKey = NULL;
int retVal = OSPC_ERR_NO_ERROR;
temp = buffer;
bioIn = BIO_new_file((const char*)FileName,"r");
if (bioIn == NULL)
{
cw_log(LOG_WARNING,"Failed to find the File - %s \n",FileName);
return -1;
}
else
{
pKey = PEM_read_bio_RSAPrivateKey(bioIn,NULL,NULL,NULL);
if (pKey == NULL)
{
cw_log(LOG_WARNING,"Failed to parse the Private Key from the File - %s \n",FileName);
return -1;
}
else
{
length = i2d_RSAPrivateKey(pKey,&temp);
if (length == 0)
{
cw_log(LOG_WARNING,"Failed to parse the Private Key from the File - %s, Length=0 \n",FileName);
return -1;
}
else
{
*len = length;
}
}
}
if (bioIn != NULL)
{
BIO_free(bioIn);
}
if (pKey != NULL)
{
RSA_free(pKey);
}
return retVal;
}
SEXP R_rsa_key_build(SEXP e, SEXP n, SEXP p, SEXP q, SEXP d, SEXP dp, SEXP dq, SEXP qi){
RSA *rsa = RSA_new();
MY_RSA_set0_key(rsa, new_bignum_from_r(n), new_bignum_from_r(e), new_bignum_from_r(d));
MY_RSA_set0_factors(rsa, new_bignum_from_r(p), new_bignum_from_r(q));
MY_RSA_set0_crt_params(rsa, new_bignum_from_r(dp), new_bignum_from_r(dq), new_bignum_from_r(qi));
bail(RSA_check_key(rsa));
unsigned char *buf = NULL;
int len = i2d_RSAPrivateKey(rsa, &buf);
bail(len);
RSA_free(rsa);
SEXP res = allocVector(RAWSXP, len);
memcpy(RAW(res), buf, len);
OPENSSL_free(buf);
return res;
}
//rsa密钥对产生
bool CRsaDesManager::GenRsaKeypairs(void)
{
RSA *rsa = NULL;
FILE *fKeyFile = NULL;
fKeyFile = fopen("raskeys.key", "wb");
if(fKeyFile == NULL)
{
return false;
}
int i = 0;
//把密钥对写入文件,以后从文件里读取
unsigned char ucPubKey[RSA_KEY_LEN] = {0}, ucPriKey[RSA_KEY_LEN] = {0};
for(i = 0; i < RSA_KEY_PAIR_NUM; ++i)
{
//生成RSA密钥对:
rsa = RSA_new();
rsa = RSA_generate_key(RSA_KEY_LEN, RSA_F4, NULL, NULL);
unsigned char* pt = ucPubKey;
ui32 len = i2d_RSAPublicKey(rsa, &pt);
if(!GetPubKey(ucPubKey, len, &m_pPubRSA[i]))
break;
fwrite((unsigned char*)&len, 1, sizeof(ui32), fKeyFile);
fwrite(ucPubKey, 1, len, fKeyFile);
m_strPubKeys[i].clear();
m_strPubKeys[i].append((char*)ucPubKey, len);
unsigned char* pt2 = ucPriKey;
len = i2d_RSAPrivateKey(rsa,&pt2);
if(!GetPriKey(ucPriKey, len, &m_pPriRSA[i]))
break;
fwrite((unsigned char*)&len, 1, sizeof(ui32), fKeyFile);
fwrite(ucPriKey, 1, len, fKeyFile);
if(rsa != NULL)
{
RSA_free(rsa);
rsa = NULL;
}
}
fclose(fKeyFile);
if(i < RSA_KEY_PAIR_NUM)
return false;
return true;
}
int tgw_marshal_pb_rsareq(RsaRemoteReq *req, RSA *rsa, const uint8_t *from, int flen, int padding, int type)
{
req->id = 18;
req->has_id = 1;
req->version = 2;
req->has_version = 1;
req->from_len = flen;
req->has_from_len = 1;
req->padding = padding;
req->has_padding = 1;
unsigned char *key_buf = NULL;
printf("hi, file:%s line:%d\n", __FILE__, __LINE__);
int key_len = i2d_RSAPrivateKey(rsa, (uint8_t **) &key_buf);
printf("hi, file:%s line:%d\n", __FILE__, __LINE__);
req->private_key.data = (uint8_t *) malloc(key_len);
if (req->private_key.data == NULL) {
printf("fail to malloc for private key\n");
return -1;
}
req->private_key.len = key_len;
req->msg.data = (uint8_t *)malloc(flen);
if (req->msg.data == NULL) {
printf("fail to malloc for msg\n");
return -1;
}
req->msg.len = flen;
req->has_msg = 1;
memcpy(req->private_key.data, key_buf, key_len);
memcpy(req->msg.data, from, flen);
printf("memcpy to req->private_key, key_len:%d\n", key_len);
printf("i2d_rsaprivatekey len:%d padding:%d id:%d\n", key_len, req->padding, req->id);
printf("key buf:\n");
req->private_key_len = key_len;
req->has_private_key_len = 1;
print_hex(key_buf, key_len);
printf("private key\n");
print_hex(req->private_key.data, key_len);
req->has_private_key = 1;
printf("hi, private key len:%d file:%s line:%d\n", req->private_key_len, __FILE__, __LINE__);
printf("encrypt txt:\n");
print_hex(req->msg.data, flen);
return 0;
}
static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
{
unsigned char *rk = NULL;
int rklen;
rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
if (rklen <= 0) {
RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
return 0;
}
if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
V_ASN1_NULL, NULL, rk, rklen)) {
RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE);
return 0;
}
return 1;
}
main4()
{
FILE *in;
unsigned char buf[10240],buf2[10240],*p;
int num,i;
RSA *nx=NULL,*mx=NULL;
in=fopen("rsa.der","r");
if (in == NULL)
{
perror("rsa.der");
exit(1);
}
num=fread(buf,1,10240,in);
fclose(in);
p=buf;
if (d2i_RSAPrivateKey(&nx,&p,num) == NULL) goto err;
printf("num=%d p-buf=%d\n",num,p-buf);
p=buf2;
num=i2d_RSAPrivateKey(nx,&p);
printf("num=%d p-buf=%d\n",num,p-buf2);
if (memcmp(buf,buf2,num) != 0)
{
fprintf(stderr,"data difference\n");
for (i=0; i<num; i++)
fprintf(stderr,"%c%03d <%02X-%02X>\n",
(buf[i] == buf2[i])?' ':'*',i,
buf[i],buf2[i]);
fprintf(stderr,"\n");
exit(1);
}
return(1);
err:
ERR_load_crypto_strings();
ERR_print_errors(stderr);
return(0);
}
static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) {
uint8_t *rk = NULL;
int rklen;
rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
if (rklen <= 0) {
OPENSSL_PUT_ERROR(EVP, rsa_priv_encode, ERR_R_MALLOC_FAILURE);
return 0;
}
/* TODO(fork): const correctness in next line. */
if (!PKCS8_pkey_set0(p8, (ASN1_OBJECT *)OBJ_nid2obj(NID_rsaEncryption), 0,
V_ASN1_NULL, NULL, rk, rklen)) {
OPENSSL_PUT_ERROR(EVP, rsa_priv_encode, ERR_R_MALLOC_FAILURE);
return 0;
}
return 1;
}
wi_data_t * wi_rsa_private_key(wi_rsa_t *rsa) {
unsigned char *buffer;
int length;
if(!rsa->private_key) {
buffer = NULL;
length = i2d_RSAPrivateKey(rsa->rsa, &buffer);
if(length <= 0) {
wi_error_set_openssl_error();
return NULL;
}
rsa->private_key = wi_data_init_with_bytes(wi_data_alloc(), buffer, length);
OPENSSL_free(buffer);
}
return rsa->private_key;
}
/*
* genrsa: generates a new rsa key pair and returns the private key in the RSA
* format. If `pub' is not null, it stores in it the pointer to a newly
* allocated dump of the public key that is `*pub_len' bytes. The same is for
* `priv' and `priv_len'.
* On error null is returned.
*/
RSA *genrsa(int key_bits, u_char **pub, u_int *pub_len, u_char **priv, u_int *priv_len)
{
RSA *rsa=0;
int len;
rsa=RSA_generate_key(key_bits, RSA_F4, NULL, NULL);
if (!rsa) {
debug(DBG_SOFT, "RSA key generation failed");
goto error;
}
if(priv) {
*priv=0;
len=i2d_RSAPrivateKey(rsa, priv);
if(priv_len)
*priv_len=len;
if(len <= 0) {
debug(DBG_SOFT, "Cannot dump RSA public key: %s", ssl_strerr());
goto error;
}
}
if(pub) {
*pub=0;
len=i2d_RSAPublicKey(rsa, pub);
if(pub_len)
*pub_len=len;
if(len <= 0) {
debug(DBG_SOFT, "Cannot dump RSA public key: %s", ssl_strerr());
goto error;
}
}
return rsa;
error:
if(rsa)
RSA_free(rsa);
return 0;
}
QSslKey SafetPKCS12::keyFromEVP( EVP_PKEY * evp )
{
EVP_PKEY *key = (EVP_PKEY*)evp;
unsigned char *data = NULL;
int len = 0;
QSsl::KeyAlgorithm alg;
QSsl::KeyType type;
switch( EVP_PKEY_type( key->type ) )
{
case EVP_PKEY_RSA:
{
RSA *rsa = EVP_PKEY_get1_RSA( key );
alg = QSsl::Rsa;
type = rsa->d ? QSsl::PrivateKey : QSsl::PublicKey;
len = rsa->d ? i2d_RSAPrivateKey( rsa, &data ) : i2d_RSAPublicKey( rsa, &data );
RSA_free( rsa );
break;
}
case EVP_PKEY_DSA:
{
DSA *dsa = EVP_PKEY_get1_DSA( key );
alg = QSsl::Dsa;
type = dsa->priv_key ? QSsl::PrivateKey : QSsl::PublicKey;
len = dsa->priv_key ? i2d_DSAPrivateKey( dsa, &data ) : i2d_DSAPublicKey( dsa, &data );
DSA_free( dsa );
break;
}
default: break;
}
QSslKey k;
if( len > 0 )
k = QSslKey( QByteArray( (char*)data, len ), alg, QSsl::Der, type );
OPENSSL_free( data );
return k;
}
/* Write a private key to a file in .vbprivk format. */
int PrivateKeyWrite(const char* filename, const VbPrivateKey* key) {
uint8_t *outbuf = 0;
int buflen;
FILE *f;
buflen = i2d_RSAPrivateKey(key->rsa_private_key, &outbuf);
if (buflen <= 0) {
VbExError("Unable to write private key buffer\n");
return 1;
}
f = fopen(filename, "wb");
if (!f) {
VbExError("Unable to open file %s\n", filename);
free(outbuf);
return 1;
}
if (1 != fwrite(&key->algorithm, sizeof(key->algorithm), 1, f)) {
VbExError("Unable to write to file %s\n", filename);
fclose(f);
free(outbuf);
unlink(filename); /* Delete any partial file */
}
if (1 != fwrite(outbuf, buflen, 1, f)) {
VbExError("Unable to write to file %s\n", filename);
fclose(f);
unlink(filename); /* Delete any partial file */
free(outbuf);
}
fclose(f);
free(outbuf);
return 0;
}
main(){
RSA *rsa;
int i,len,en_len;
unsigned char buf[2048],*p,*key_p;
rsa=RSA_generate_key(1024,RSA_F4,NULL,NULL);
p=buf;
len=i2d_RSAPublicKey(rsa,&p);
len+=i2d_RSAPrivateKey(rsa,&p);
RSA_free(rsa);
key_p = (unsigned char*)malloc(len);
memcpy(key_p,buf,len);
p = buf;
base64_encode(key_p,len,p,&en_len);
printf("%s\n",buf);
free(key_p);
}
/*
* ASCII-encode a key.
*/
char *
kn_encode_key(struct keynote_deckey *dc, int iencoding,
int encoding, int keytype)
{
char *foo, *ptr;
DSA *dsa;
RSA *rsa;
int i;
struct keynote_binary *bn;
char *s;
keynote_errno = 0;
if (dc == NULL || dc->dec_key == NULL)
{
keynote_errno = ERROR_NOTFOUND;
return NULL;
}
/* DSA keys */
if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_DSA) &&
(iencoding == INTERNAL_ENC_ASN1) &&
((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
{
dsa = (DSA *) dc->dec_key;
if (keytype == KEYNOTE_PUBLIC_KEY)
i = i2d_DSAPublicKey(dsa, NULL);
else
i = i2d_DSAPrivateKey(dsa, NULL);
if (i <= 0)
{
keynote_errno = ERROR_SYNTAX;
return NULL;
}
ptr = foo = calloc(i, sizeof(char));
if (foo == NULL)
{
keynote_errno = ERROR_MEMORY;
return NULL;
}
dsa->write_params = 1;
if (keytype == KEYNOTE_PUBLIC_KEY)
i2d_DSAPublicKey(dsa, (unsigned char **) &foo);
else
i2d_DSAPrivateKey(dsa, (unsigned char **) &foo);
if (encoding == ENCODING_HEX)
{
if (kn_encode_hex(ptr, &s, i) != 0)
{
free(ptr);
return NULL;
}
free(ptr);
return s;
}
else
if (encoding == ENCODING_BASE64)
{
s = calloc(2 * i, sizeof(char));
if (s == NULL)
{
free(ptr);
keynote_errno = ERROR_MEMORY;
return NULL;
}
if (kn_encode_base64(ptr, i, s, 2 * i) == -1)
{
free(s);
free(ptr);
return NULL;
}
free(ptr);
return s;
}
}
/* RSA keys */
if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_RSA) &&
(iencoding == INTERNAL_ENC_PKCS1) &&
((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
{
rsa = (RSA *) dc->dec_key;
if (keytype == KEYNOTE_PUBLIC_KEY)
i = i2d_RSAPublicKey(rsa, NULL);
else
i = i2d_RSAPrivateKey(rsa, NULL);
if (i <= 0)
{
keynote_errno = ERROR_SYNTAX;
return NULL;
}
ptr = foo = calloc(i, sizeof(char));
if (foo == NULL)
{
keynote_errno = ERROR_MEMORY;
return NULL;
}
if (keytype == KEYNOTE_PUBLIC_KEY)
i2d_RSAPublicKey(rsa, (unsigned char **) &foo);
else
i2d_RSAPrivateKey(rsa, (unsigned char **) &foo);
if (encoding == ENCODING_HEX)
{
if (kn_encode_hex(ptr, &s, i) != 0)
{
free(ptr);
return NULL;
}
free(ptr);
return s;
}
else
if (encoding == ENCODING_BASE64)
{
s = calloc(2 * i, sizeof(char));
if (s == NULL)
{
free(ptr);
keynote_errno = ERROR_MEMORY;
return NULL;
}
if (kn_encode_base64(ptr, i, s, 2 * i) == -1)
{
free(s);
free(ptr);
return NULL;
}
free(ptr);
return s;
}
}
/* BINARY keys */
if ((dc->dec_algorithm == KEYNOTE_ALGORITHM_BINARY) &&
(iencoding == INTERNAL_ENC_NONE) &&
((encoding == ENCODING_HEX) || (encoding == ENCODING_BASE64)))
{
bn = (struct keynote_binary *) dc->dec_key;
if (encoding == ENCODING_HEX)
{
if (kn_encode_hex(bn->bn_key, &s, bn->bn_len) != 0)
return NULL;
return s;
}
else
if (encoding == ENCODING_BASE64)
{
s = calloc(2 * bn->bn_len, sizeof(char));
if (s == NULL)
{
keynote_errno = ERROR_MEMORY;
return NULL;
}
if (kn_encode_base64(bn->bn_key, bn->bn_len, s,
2 * bn->bn_len) == -1)
{
free(s);
return NULL;
}
return s;
}
}
keynote_errno = ERROR_NOTFOUND;
return NULL;
}
/*
* Store the given private key (key) and certificate (cert)
* into the Kerberos 5 credentials cache. The "lifetime"
* of the certificate is also given in notBefore, and notAfter.
*/
int store_in_cc(RSA *key,
BYTE *cert,
DWORD cert_length,
char *realm,
ASN1_UTCTIME *notBefore,
ASN1_UTCTIME *notAfter,
#if defined(KX509_LIB)
char *tkt_cache_name,
#endif
char **err_msg)
{
krb5_context k5_context;
krb5_ccache cc;
krb5_creds fake_creds;
DWORD key_length;
krb5_error_code k5_rc = 0;
int retcode = KX509_STATUS_GOOD;
BYTE *ptr = NULL;
BYTE *memptr = NULL;
/*
* Use fake_creds.ticket for private key and
* fake_creds.second_ticket for certificate
*/
memset(&fake_creds, '\0', sizeof(fake_creds));
if (k5_rc = krb5_init_context(&k5_context))
{
log_printf("store_in_cc: unable to initialize Kerberos 5 context (%d)\n", k5_rc);
*err_msg = "Error initializing kerberos 5 environment.";
return KX509_STATUS_CLNT_FIX;
}
#if 0 /* DON'T NEED THIS, and it is a private function anyway... */
if (k5_rc = krb5_set_default_realm(k5_context, realm))
{
log_printf("store_in_cc: failed to malloc space for k5 default_realm\n");
*err_msg = "Try re-authenticating. "
"Hopefully temporary client-side problem";
return KX509_STATUS_CLNT_FIX;
}
#endif
#if defined(KX509_LIB)
if (k5_rc = krb5_cc_resolve(k5_context, tkt_cache_name, &cc))
{
log_printf("store_in_cc: failed to resolve credential cache (%d)\n", k5_rc);
*err_msg = "Try re-authenticating. "
"Could not resolve your credential cache name.";
return KX509_STATUS_CLNT_FIX;
}
#else
if (k5_rc = krb5_cc_default(k5_context, &cc))
{
log_printf("store_in_cc: failed to resolve credential cache (%d)\n", k5_rc);
*err_msg = "Try re-authenticating. "
"Could not resolve your credential cache name.";
return KX509_STATUS_CLNT_FIX;
}
#endif
#if defined(HAVE_HEIMDAL)
if (k5_rc = krb5_make_principal(k5_context, &fake_creds.server,
realm,
KX509_CC_PRINCIPAL,
KX509_CC_INSTANCE,
NULL))
#else
if (k5_rc = krb5_sname_to_principal(k5_context, KX509_CC_INSTANCE,
KX509_CC_PRINCIPAL,
KRB5_NT_UNKNOWN,
&fake_creds.server))
#endif
{
log_printf("store_in_cc: unable to create server principal from sname (%d)\n",
k5_rc);
*err_msg = "Internal error with kerberos while creating fake server principal.";
retcode = KX509_STATUS_CLNT_FIX;
goto close_and_return;
}
#if defined(CC_REMOVE_IMPLEMENTED)
/*
* We really want to clear out any old private key/certificate entries
* from the credentials cache. However, the function to do that is
* not defined...
*/
if (k5_rc = kx509_clear_old_certificates(k5_context, cc, fake_creds))
{
log_printf("store_in_cc: couldn't clear out old certificate "
"from cred cache (%d)\n", k5_rc);
*err_msg = "Error removing old certificate from your kerberos credentials cache.";
retcode = KX509_STATUS_CLNT_FIX;
goto close_and_return;
}
#endif /* CC_REMOVE_IMPLEMENTED */
if (k5_rc = krb5_cc_get_principal(k5_context, cc, &fake_creds.client))
{
log_printf("store_in_cc: unable to create client principal from sname (%d)\n",
k5_rc);
*err_msg = "Internal error with kerberos while creating fake client principal.";
retcode = KX509_STATUS_CLNT_FIX;
goto close_and_return;
}
/*
* Get the DER-encoded length of the private key.
* Allocate storage to hold the private key and certificate.
*/
key_length = i2d_RSAPrivateKey(key, NULL); /* Get DER-encoded len of Private Key */
if (key_length <= 0)
{
log_printf("store_in_cc: unable to determine length of "
"encoded private key (%d)\n", key_length);
*err_msg = "Error determining encoded length of private key.";
retcode = KX509_STATUS_CLNT_FIX;
goto close_and_return;
}
ptr = Malloc(key_length + cert_length);
if (!ptr)
{
log_printf("store_in_cc: error allocating %d bytes for "
"private key (%d) and certificate (%d)\n",
key_length+cert_length, key_length, cert_length);
*err_msg = "Error allocating storage for private key and certificate.";
retcode = KX509_STATUS_CLNT_FIX;
goto close_and_return;
}
memptr = ptr; /* Save a ptr to the allocated area for later when we free it */
fake_creds.ticket.data = (char *)ptr;
fake_creds.ticket.length = i2d_RSAPrivateKey(key, &ptr);
/* Note that i2d_RSAPrivateKey() updates ptr!!! */
memcpy(ptr, cert, cert_length);
fake_creds.second_ticket.data = (char *)ptr;
fake_creds.second_ticket.length = cert_length;
/* Set up the ticket lifetime according to the certificate lifetime */
fake_creds.times.starttime = utc2unix(notBefore, NULL);
fake_creds.times.endtime = utc2unix(notAfter, NULL);
/*
* Store the fake ticket (containing the private key
* and certificate) into the credentials cache.
*/
#if defined(WRITE_CERT)
/* Write the key-pair and certificate to file (code lifted from kxlist -p) */
if (k5_rc = materialize_cert(k5_context, cc, &fake_creds))
#else /* WRITE_CERT */
/* Store the key-pair and certificate into the K5 credentials cache as a mock ticket */
if (k5_rc = krb5_cc_store_cred(k5_context, cc, &fake_creds))
#endif /* WRITE_CERT */
{
log_printf("store_in_cc: krb5_cc_store_cred returned %0d\n", k5_rc);
*err_msg = "Try re-authenticating. "
"Currently unable to write your Kerberos credentials cache.";
retcode = KX509_STATUS_CLNT_FIX;
goto close_and_return;
}
close_and_return:
if (memptr)
{
Free(memptr);
memptr = NULL;
}
krb5_cc_close(k5_context, cc); /* ignore return code from close */
return(retcode);
}
static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
{
return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
}
void keyGenerator(int fileIndex, int keyLength)
{
int err=0;
int size = 0;
char * buffer = 0;
char * buffer2 = 0;
FILE * publicKeyFile = NULL;
FILE * privateKeyFile = NULL;
char fileName[256];
char publicKeyFileName[512];
char privateKeyFileName[512];
for(int i = 0; i< 1000; i++)
{
if( i < 10)
{
sprintf(publicKeyFileName, "%d00%d-PublicKey", fileIndex, i);
sprintf(privateKeyFileName, "%d00%d-PrivateKey", fileIndex,i);
}
else if(i >= 10 && i < 100)
{
sprintf(publicKeyFileName, "%d0%d-PublicKey", fileIndex, i);
sprintf(privateKeyFileName, "%d0%d-PrivateKey", fileIndex,i);
}
else
{
sprintf(publicKeyFileName, "%d%d-PublicKey", fileIndex, i);
sprintf(privateKeyFileName, "%d%d-PrivateKey", fileIndex,i);
}
RSA * rsa;
rsa = RSA_generate_key(keyLength, RSA_F4, NULL, (char*)stdout);
int lenE = 0;
unsigned char * tmp = new unsigned char[keyLength];
unsigned char *p;
//public key
p = tmp;
lenE=i2d_RSAPublicKey(rsa,&p);
buffer = new char[lenE];
memcpy(buffer, tmp, lenE);
publicKeyFile = fopen(publicKeyFileName, "wb");
if (publicKeyFile == NULL)
perror("publicKey");
fwrite(buffer, sizeof(char), lenE, publicKeyFile);
fclose(publicKeyFile);
//private key
p = tmp;
int lenD=i2d_RSAPrivateKey(rsa,&p);
buffer2 = new char[lenD];
memcpy(buffer2, tmp, lenD);
privateKeyFile = fopen(privateKeyFileName, "wb");
if (privateKeyFile == NULL)
perror("PrivateKey");
fwrite(buffer2, sizeof(char), lenD, privateKeyFile);
fclose(privateKeyFile);
RSA_free(rsa);
delete [] buffer;
delete [] buffer2;
delete [] tmp;
}
}
/*============================================================================
* OpcUa_P_OpenSSL_RSA_LoadPrivateKeyFromFile
*===========================================================================*/
OpcUa_StatusCode OpcUa_P_OpenSSL_RSA_LoadPrivateKeyFromFile(
OpcUa_StringA a_privateKeyFile,
OpcUa_P_FileFormat a_fileFormat,
OpcUa_StringA a_password, /* optional: just needed encrypted PEM */
OpcUa_ByteString* a_pPrivateKey)
{
BIO* pPrivateKeyFile = OpcUa_Null;
RSA* pRsaPrivateKey = OpcUa_Null;
EVP_PKEY* pEvpKey = OpcUa_Null;
unsigned char* pData;
OpcUa_InitializeStatus(OpcUa_Module_P_OpenSSL, "RSA_LoadPrivateKeyFromFile");
/* check parameters */
OpcUa_ReturnErrorIfArgumentNull(a_privateKeyFile);
OpcUa_ReturnErrorIfArgumentNull(a_pPrivateKey);
if(a_fileFormat == OpcUa_Crypto_Encoding_Invalid)
{
return OpcUa_BadInvalidArgument;
}
OpcUa_ReferenceParameter(a_password);
/* open file */
pPrivateKeyFile = BIO_new_file((const char*)a_privateKeyFile, "rb");
OpcUa_ReturnErrorIfArgumentNull(pPrivateKeyFile);
/* read and convert file */
switch(a_fileFormat)
{
case OpcUa_Crypto_Encoding_PEM:
{
/* read from file */
pEvpKey = PEM_read_bio_PrivateKey( pPrivateKeyFile, /* file */
NULL, /* key struct */
0, /* password callback */
a_password); /* default passphrase or arbitrary handle */
OpcUa_GotoErrorIfNull(pEvpKey, OpcUa_Bad);
break;
}
case OpcUa_Crypto_Encoding_PKCS12:
{
int iResult = 0;
/* read from file. */
PKCS12* pPkcs12 = d2i_PKCS12_bio(pPrivateKeyFile, NULL);
if (pPkcs12 == 0)
{
OpcUa_GotoErrorWithStatus(OpcUa_BadEncodingError);
}
/* parse the certificate. */
iResult = PKCS12_parse(pPkcs12, a_password, &pEvpKey, NULL, NULL);
if (iResult == 0)
{
OpcUa_GotoErrorWithStatus(OpcUa_BadEncodingError);
}
/* free certificate. */
PKCS12_free(pPkcs12);
pPkcs12 = NULL;
break;
}
case OpcUa_Crypto_Encoding_DER:
default:
{
uStatus = OpcUa_BadNotSupported;
OpcUa_GotoError;
}
}
/* convert to intermediary openssl struct */
pRsaPrivateKey = EVP_PKEY_get1_RSA(pEvpKey);
EVP_PKEY_free(pEvpKey);
OpcUa_GotoErrorIfNull(pRsaPrivateKey, OpcUa_Bad);
/* get required length */
a_pPrivateKey->Length = i2d_RSAPrivateKey(pRsaPrivateKey, OpcUa_Null);
OpcUa_GotoErrorIfTrue((a_pPrivateKey->Length <= 0), OpcUa_Bad);
/* allocate target buffer */
a_pPrivateKey->Data = (OpcUa_Byte*)OpcUa_P_Memory_Alloc(a_pPrivateKey->Length);
OpcUa_GotoErrorIfAllocFailed(a_pPrivateKey->Data);
/* do real conversion */
pData = a_pPrivateKey->Data;
a_pPrivateKey->Length = i2d_RSAPrivateKey(pRsaPrivateKey, &pData);
OpcUa_GotoErrorIfTrue((a_pPrivateKey->Length <= 0), OpcUa_Bad);
RSA_free(pRsaPrivateKey);
BIO_free(pPrivateKeyFile);
OpcUa_ReturnStatusCode;
OpcUa_BeginErrorHandling;
if(pEvpKey)
{
EVP_PKEY_free(pEvpKey);
}
if(a_pPrivateKey != OpcUa_Null)
{
if(a_pPrivateKey->Data != OpcUa_Null)
{
OpcUa_P_Memory_Free(a_pPrivateKey->Data);
a_pPrivateKey->Data = OpcUa_Null;
a_pPrivateKey->Length = -1;
}
}
if(pPrivateKeyFile != NULL)
{
BIO_free(pPrivateKeyFile);
}
if(pRsaPrivateKey != NULL)
{
RSA_free(pRsaPrivateKey);
}
OpcUa_FinishErrorHandling;
}
