--- /dev/null
+/*
+ * genKeyPair.cpp - create a key pair, store in specified keychain
+ */
+#include <stdlib.h>
+#include <stdio.h>
+#include <time.h>
+#include <string.h>
+#include <unistd.h>
+#include <Security/Security.h>
+#include "cspwrap.h"
+#include "common.h"
+
+static void usage(char **argv)
+{
+ printf("usage: %s keychain [options]\n", argv[0]);
+ printf("Options:\n");
+ printf(" -l label -- no default\n");
+ printf(" -a r|f|d -- algorithm RSA/FEE/DSA, default = RSA\n");
+ printf(" -k bits -- key size in bits, default is 1024/128/512 for RSA/FEE/DSA\n");
+ exit(1);
+}
+
+/*
+ * Generate key pair of arbitrary algorithm.
+ * FEE keys will have random private data.
+ * Like the cspGenKeyPair() in cspwrap.c except this provides a DLDB handle.
+ */
+static CSSM_RETURN genKeyPair(CSSM_CSP_HANDLE cspHand,
+ CSSM_DL_DB_HANDLE dlDbHand,
+ uint32 algorithm,
+ const char *keyLabel,
+ unsigned keyLabelLen,
+ uint32 keySize, // in bits
+ CSSM_KEY_PTR pubKey, // mallocd by caller
+ uint32 pubKeyUsage, // CSSM_KEYUSE_ENCRYPT, etc.
+ CSSM_KEY_PTR privKey, // mallocd by caller
+ uint32 privKeyUsage) // CSSM_KEYUSE_DECRYPT, etc.
+{
+ CSSM_RETURN crtn;
+ CSSM_CC_HANDLE ccHand;
+ CSSM_DATA keyLabelData;
+ uint32 pubAttr;
+ uint32 privAttr;
+ CSSM_RETURN ocrtn = CSSM_OK;
+
+ /* pre-context-create algorithm-specific stuff */
+ switch(algorithm) {
+ case CSSM_ALGID_FEE:
+ if(keySize == CSP_KEY_SIZE_DEFAULT) {
+ keySize = CSP_FEE_KEY_SIZE_DEFAULT;
+ }
+ break;
+ case CSSM_ALGID_RSA:
+ if(keySize == CSP_KEY_SIZE_DEFAULT) {
+ keySize = CSP_RSA_KEY_SIZE_DEFAULT;
+ }
+ break;
+ case CSSM_ALGID_DSA:
+ if(keySize == CSP_KEY_SIZE_DEFAULT) {
+ keySize = CSP_DSA_KEY_SIZE_DEFAULT;
+ }
+ break;
+ default:
+ printf("cspGenKeyPair: Unknown algorithm\n");
+ break;
+ }
+ keyLabelData.Data = (uint8 *)keyLabel,
+ keyLabelData.Length = keyLabelLen;
+ memset(pubKey, 0, sizeof(CSSM_KEY));
+ memset(privKey, 0, sizeof(CSSM_KEY));
+
+ crtn = CSSM_CSP_CreateKeyGenContext(cspHand,
+ algorithm,
+ keySize,
+ NULL, // Seed
+ NULL, // Salt
+ NULL, // StartDate
+ NULL, // EndDate
+ NULL, // Params
+ &ccHand);
+ if(crtn) {
+ printError("CSSM_CSP_CreateKeyGenContext", crtn);
+ ocrtn = crtn;
+ goto abort;
+ }
+ /* cook up attribute bits */
+ pubAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT;
+ privAttr = CSSM_KEYATTR_RETURN_REF | CSSM_KEYATTR_EXTRACTABLE | CSSM_KEYATTR_PERMANENT;
+
+ /* post-context-create algorithm-specific stuff */
+ switch(algorithm) {
+ case CSSM_ALGID_DSA:
+ /*
+ * extra step - generate params - this just adds some
+ * info to the context
+ */
+ {
+ CSSM_DATA dummy = {0, NULL};
+ crtn = CSSM_GenerateAlgorithmParams(ccHand,
+ keySize, &dummy);
+ if(crtn) {
+ printError("CSSM_GenerateAlgorithmParams", crtn);
+ return crtn;
+ }
+ appFreeCssmData(&dummy, CSSM_FALSE);
+ }
+ break;
+ default:
+ break;
+ }
+
+ /* add in DL/DB to context */
+ crtn = cspAddDlDbToContext(ccHand, dlDbHand.DLHandle, dlDbHand.DBHandle);
+ if(crtn) {
+ ocrtn = crtn;
+ goto abort;
+ }
+
+ crtn = CSSM_GenerateKeyPair(ccHand,
+ pubKeyUsage,
+ pubAttr,
+ &keyLabelData,
+ pubKey,
+ privKeyUsage,
+ privAttr,
+ &keyLabelData, // same labels
+ NULL, // CredAndAclEntry
+ privKey);
+ if(crtn) {
+ printError("CSSM_GenerateKeyPair", crtn);
+ ocrtn = crtn;
+ goto abort;
+ }
+abort:
+ if(ccHand != 0) {
+ crtn = CSSM_DeleteContext(ccHand);
+ if(crtn) {
+ printError("CSSM_DeleteContext", crtn);
+ ocrtn = CSSM_ERRCODE_INTERNAL_ERROR;
+ }
+ }
+ return ocrtn;
+}
+
+int main(int argc, char **argv)
+{
+ char *kcName = NULL;
+ char *label = NULL;
+ CSSM_ALGORITHMS keyAlg = CSSM_ALGID_RSA;
+ unsigned keySizeInBits = CSP_KEY_SIZE_DEFAULT;
+
+ if(argc < 2) {
+ usage(argv);
+ }
+ kcName = argv[1];
+
+ extern char *optarg;
+ extern int optind;
+
+ optind = 2;
+ int arg;
+ while ((arg = getopt(argc, argv, "l:a:k:h")) != -1) {
+ switch (arg) {
+ case 'l':
+ label = optarg;
+ break;
+ case 'a':
+ switch(optarg[0]) {
+ case 'r':
+ keyAlg = CSSM_ALGID_RSA;
+ break;
+ case 'f':
+ keyAlg = CSSM_ALGID_FEE;
+ break;
+ case 'd':
+ keyAlg = CSSM_ALGID_DSA;
+ break;
+ default:
+ usage(argv);
+ }
+ break;
+ case 'k':
+ keySizeInBits = atoi(optarg);
+ break;
+ default:
+ usage(argv);
+ }
+ }
+ if(optind != argc) {
+ usage(argv);
+ }
+
+ SecKeychainRef kcRef = nil;
+ OSStatus ortn;
+
+ ortn = SecKeychainOpen(kcName, &kcRef);
+ if(ortn) {
+ cssmPerror("SecKeychainOpen", ortn);
+ exit(1);
+ }
+
+ CSSM_CSP_HANDLE cspHand = 0;
+ CSSM_DL_DB_HANDLE dlDbHand = {0, 0};
+ ortn = SecKeychainGetCSPHandle(kcRef, &cspHand);
+ if(ortn) {
+ cssmPerror("SecKeychainGetCSPHandle", ortn);
+ exit(1);
+ }
+ ortn = SecKeychainGetDLDBHandle(kcRef, &dlDbHand);
+ if(ortn) {
+ cssmPerror("SecKeychainGetDLDBHandle", ortn);
+ exit(1);
+ }
+
+ CSSM_KEY privKey;
+ CSSM_KEY pubKey;
+ CSSM_RETURN crtn;
+
+ crtn = genKeyPair(cspHand, dlDbHand,
+ keyAlg,
+ label, (label ? strlen(label) : 0),
+ keySizeInBits,
+ &pubKey,
+ CSSM_KEYUSE_ANY, // may want to parameterize
+ &privKey,
+ CSSM_KEYUSE_ANY); // may want to parameterize
+ if(crtn) {
+ printf("**Error creating key pair.\n");
+ }
+ else {
+ printf("...key pair created in keychain %s.\n", kcName);
+ }
+
+ cspFreeKey(cspHand, &privKey);
+ cspFreeKey(cspHand, &pubKey);
+ CFRelease(kcRef);
+ return 0;
+}
projects / apple / security.git / blobdiff