genkeypair.c revision 6b35cb3cf158584a9408d44b9b6796564e8e1882
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * CDDL HEADER START
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * The contents of this file are subject to the terms of the
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * Common Development and Distribution License (the "License").
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * You may not use this file except in compliance with the License.
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * or http://www.opensolaris.org/os/licensing.
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * See the License for the specific language governing permissions
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * and limitations under the License.
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * When distributing Covered Code, include this CDDL HEADER in each
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * If applicable, add the following below this CDDL HEADER, with the
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * fields enclosed by brackets "[]" replaced with your own identifying
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * information: Portions Copyright [yyyy] [name of copyright owner]
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * CDDL HEADER END
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll * Use is subject to license terms.
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll char *token, char *keylabel, KMF_KEY_ALG keyAlg,
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll int keylen, KMF_CREDENTIAL *tokencred, KMF_OID *curveoid,
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll KMF_KEY_HANDLE *outPriKey, KMF_KEY_HANDLE *outPubKey)
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_PK11TOKEN;
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll /* Select a PKCS11 token */
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll kmfrv = select_token(kmfhandle, token, FALSE);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (tokencred != NULL && tokencred->cred != NULL) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (keytype == KMF_ECDSA && curveoid != NULL) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll kmfrv = kmf_create_keypair(kmfhandle, numattr, attrlist);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll KMF_KEY_ALG keyAlg, int keylen, KMF_ENCODE_FORMAT fmt,
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll KMF_KEY_HANDLE *outPriKey, KMF_KEY_HANDLE *outPubKey)
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_OPENSSL;
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll gettext("No output file was specified for "
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll "the key\n"));
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll gettext("Cannot write the indicated output "
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll kmfrv = kmf_create_keypair(kmfhandle, numattr, attrlist);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll KMF_KEY_HANDLE *outPriKey, KMF_KEY_HANDLE *outPubKey)
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll KMF_KEYSTORE_TYPE kstype = KMF_KEYSTORE_NSS;
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll kmfrv = configure_nss(kmfhandle, dir, prefix);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (tokencred != NULL && tokencred->cred != NULL) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (keytype == KMF_ECDSA && curveoid != NULL) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll kmfrv = kmf_create_keypair(kmfhandle, numattr, attrlist);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll "k:(keystore)s:(subject)n:(nickname)"
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll "T:(token)d:(dir)p:(prefix)t:(keytype)y:(keylen)"
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll "l:(label)K:(outkey)F:(format)C:(curve)"
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (opt != 'i' && opt != 'E' && EMPTYSTRING(optarg_av))
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll "a numeric value (%s)\n"),
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll "Unrecognized ECC curve.\n"));
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll /* No additional args allowed. */
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if ((rv = kmf_initialize(&kmfhandle, NULL, NULL)) != KMF_OK) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll cryptoerror(LOG_STDERR, gettext("Error initializing KMF\n"));
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll /* Assume keystore = PKCS#11 if not specified. */
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (format && (fmt = Str2Format(format)) == KMF_FORMAT_UNDEF) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll gettext("Error parsing format string (%s).\n"),
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (Str2KeyType(keytype, NULL, &keyAlg, &sigAlg) != 0) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll cryptoerror(LOG_STDERR, gettext("Unrecognized keytype (%s).\n"),
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (curveoid != NULL && keyAlg != KMF_ECDSA) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll cryptoerror(LOG_STDERR, gettext("EC curves are only "
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll "valid for EC keytypes.\n"));
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (keyAlg == KMF_ECDSA && curveoid == NULL) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll cryptoerror(LOG_STDERR, gettext("A curve must be "
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll "specifed when using EC keys.\n"));
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (keyAlg == KMF_ECDSA && kstype == KMF_KEYSTORE_OPENSSL) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll (void) fprintf(stderr, gettext("ECC certificates are"
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll "only supported with the pkcs11 and nss keystores\n"));
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll /* Adjust default keylength for NSS and DSA */
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (keyAlg == KMF_DSA && kstype == KMF_KEYSTORE_NSS) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll /* NSS only allows for 512-1024 bit DSA keys */
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll /* If nothing was given, default to 1024 */
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll (void) fprintf(stderr, gettext("NSS keystore only "
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll "supports DSA keylengths of 512 - 1024 bits\n"));
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (kstype == KMF_KEYSTORE_NSS || kstype == KMF_KEYSTORE_PK11TOKEN) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll if (tokenname == NULL || !strlen(tokenname)) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll (void) get_token_password(kstype, tokenname, &tokencred);
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll tokenname, label, dir, prefix, keyAlg, keylen,
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll } else if (kstype == KMF_KEYSTORE_PK11TOKEN) {
e65e5c2d2f32a99e8c5f740cabae9075dab03ce7Wyllys Ingersoll } else if (kstype == KMF_KEYSTORE_OPENSSL) {