1
/* genkey - pkcs11 rsa key generator
3
* create RSASHA1 key in the keystore of an SCA6000
4
* The calculation of key tag is left to the script
5
* that converts the key into a DNSKEY RR and inserts
9
* genkey [-P] [-s slot] -b keysize -l label [-p pin]
19
#include <sys/types.h>
21
#include <security/cryptoki.h>
22
#include <security/pkcs11.h>
24
#include <opencryptoki/pkcs11.h>
27
/* Define static key template values */
28
static CK_BBOOL truevalue = TRUE;
29
static CK_BBOOL falsevalue = FALSE;
32
main(int argc, char *argv[])
37
CK_SESSION_HANDLE hSession;
38
CK_UTF8CHAR *pin = NULL;
39
CK_ULONG modulusbits = 0;
40
CK_CHAR *label = NULL;
41
CK_OBJECT_HANDLE privatekey, publickey;
42
CK_BYTE public_exponent[3];
47
CK_ULONG ulObjectCount;
48
/* Set search template */
49
CK_ATTRIBUTE search_template[] = {
50
{CKA_LABEL, NULL_PTR, 0}
52
CK_ATTRIBUTE publickey_template[] = {
53
{CKA_LABEL, NULL_PTR, 0},
54
{CKA_VERIFY, &truevalue, sizeof (truevalue)},
55
{CKA_TOKEN, &truevalue, sizeof (truevalue)},
56
{CKA_MODULUS_BITS, &modulusbits, sizeof (modulusbits)},
57
{CKA_PUBLIC_EXPONENT, &public_exponent, sizeof (public_exponent)}
59
CK_ATTRIBUTE privatekey_template[] = {
60
{CKA_LABEL, NULL_PTR, 0},
61
{CKA_SIGN, &truevalue, sizeof (truevalue)},
62
{CKA_TOKEN, &truevalue, sizeof (truevalue)},
63
{CKA_PRIVATE, &truevalue, sizeof (truevalue)},
64
{CKA_SENSITIVE, &truevalue, sizeof (truevalue)},
65
{CKA_EXTRACTABLE, &falsevalue, sizeof (falsevalue)}
70
while ((c = getopt(argc, argv, ":Ps:b:i:l:p:")) != -1) {
79
modulusbits = atoi(optarg);
82
label = (CK_CHAR *)optarg;
85
pin = (CK_UTF8CHAR *)optarg;
88
fprintf(stderr, "Option -%c requires an operand\n", optopt);
93
fprintf(stderr, "Unrecognised option: -%c\n", optopt);
97
if ((errflg) || (!modulusbits) || (!label)) {
99
"usage: genkey [-P] [-s slot] -b keysize -l label [-p pin]\n");
103
search_template[0].pValue = label;
104
search_template[0].ulValueLen = strlen((char *)label);
105
publickey_template[0].pValue = label;
106
publickey_template[0].ulValueLen = strlen((char *)label);
107
privatekey_template[0].pValue = label;
108
privatekey_template[0].ulValueLen = strlen((char *)label);
110
/* Set public exponent to 65537 */
111
public_exponent[0] = 0x01;
112
public_exponent[1] = 0x00;
113
public_exponent[2] = 0x01;
115
/* Set up mechanism for generating key pair */
116
genmech.mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
117
genmech.pParameter = NULL_PTR;
118
genmech.ulParameterLen = 0;
120
/* Initialize the CRYPTOKI library */
121
rv = C_Initialize(NULL_PTR);
124
fprintf(stderr, "C_Initialize: Error = 0x%.8X\n", rv);
128
/* Open a session on the slot found */
129
rv = C_OpenSession(slot, CKF_RW_SESSION+CKF_SERIAL_SESSION,
130
NULL_PTR, NULL_PTR, &hSession);
133
fprintf(stderr, "C_OpenSession: Error = 0x%.8X\n", rv);
138
/* Login to the Token (Keystore) */
141
pin = (CK_UTF8CHAR *)getpassphrase("Enter Pin: ");
143
pin = (CK_UTF8CHAR *)getpass("Enter Pin: ");
145
rv = C_Login(hSession, CKU_USER, pin, strlen((char *)pin));
146
memset(pin, 0, strlen((char *)pin));
148
fprintf(stderr, "C_Login: Error = 0x%.8X\n", rv);
153
/* check if a key with the same id already exists */
154
rv = C_FindObjectsInit(hSession, search_template, 1);
156
fprintf(stderr, "C_FindObjectsInit: Error = 0x%.8X\n", rv);
160
rv = C_FindObjects(hSession, &privatekey, 1, &ulObjectCount);
162
fprintf(stderr, "C_FindObjects: Error = 0x%.8X\n", rv);
166
if (ulObjectCount != 0) {
167
fprintf(stderr, "Key already exists.\n");
172
/* Set attributes if the key is not to be hidden */
174
privatekey_template[4].pValue = &falsevalue;
175
privatekey_template[5].pValue = &truevalue;
178
/* Generate Key pair for signing/verifying */
179
rv = C_GenerateKeyPair(hSession, &genmech, publickey_template,
180
(sizeof (publickey_template) /
181
sizeof (CK_ATTRIBUTE)),
183
(sizeof (privatekey_template) /
184
sizeof (CK_ATTRIBUTE)),
185
&publickey, &privatekey);
188
fprintf(stderr, "C_GenerateKeyPair: Error = 0x%.8X\n", rv);
193
rv = C_FindObjectsFinal(hSession);
195
fprintf(stderr, "C_FindObjectsFinal: Error = 0x%.8X\n", rv);
200
(void) C_CloseSession(hSession);
203
(void) C_Finalize(NULL_PTR);