#include <stdio.h>
#include <stdlib.h>
#include <memory.h>
#include "cconsolestream.h"
static p6ISafeString *m_pStr = NULL;
static p6IRandom *m_pRandom = NULL;
static p6ICryptoKey *m_pKey = NULL;
static p6ISymmetricCrypto *m_pCrypto = NULL;
static P6WCHAR* m_pHostName = NULL;
static p6IKeystore *m_pKeystore = NULL;
static p6IKeystoreInit *m_pStoreInit = NULL;
static P6ERR getSafeString( p6ISafeString **ppStr )
{
printf("getSafeString [ OK ]\n");
else printf("getSafeString [ FAILED ] %x\n",err);
return err;
}
static P6ERR getRNG( p6IRandom **ppRandom )
{
p6IEntropySource *pSource = NULL;
p6IRandomInit *pInit = NULL;
{
if (
P6SUCCEEDED( err = pSource->lpVtbl->initialize( pSource, P6ENTROPY_HIGH )))
{
{
if (
P6SUCCEEDED( err = pInit->lpVtbl->initialize( pInit, P6RAND_NOFLAGS, pSource ))) {
err = pInit->lpVtbl->queryInterface( pInit, &IID_p6IRandom, (
P6VOID**)ppRandom );
}
}
}
}
if (NULL != pSource) pSource->lpVtbl->release( pSource );
if (NULL != pInit ) pInit->lpVtbl->release( pInit );
return err;
}
P6ERR getIGenKeys( p6IGenKeys **ppGenKeys )
{
p6IGenKeys *pTempKeys = NULL;
*ppGenKeys = NULL;
{
if (
P6FAILED( err = pTempKeys->lpVtbl->initialize( pTempKeys, P6GENKEY_NOFLAGS, m_pRandom ))) {
pTempKeys->lpVtbl->release( pTempKeys );
}
else {
*ppGenKeys = pTempKeys;
}
}
return err;
}
p6IKeystoreInit** ppInit,
p6IKeystore** ppKeystore
)
{
*ppInit = NULL;
*ppKeystore = NULL;
err = (*ppInit)->lpVtbl->queryInterface( (*ppInit), &IID_p6IKeystore, (
P6VOID**)ppKeystore );
if (
P6FAILED( err = (*ppInit)->lpVtbl->initialize( (*ppInit), P6KEYSTORE_NOFLAGS, m_pCrypto,
SH_SHA256, m_pKey )))
{
if (NULL != (*ppKeystore)) (*ppKeystore)->lpVtbl->release( (*ppKeystore) );
(*ppKeystore) = NULL;
(*ppInit)->lpVtbl->release( (*ppInit) );
(*ppInit) = NULL;
return err;
}
if (
P6FAILED( err = (*ppInit)->lpVtbl->openSigned( (*ppInit), NULL, pKeystoreName )))
{
if (NULL != (*ppKeystore)) (*ppKeystore)->lpVtbl->release( (*ppKeystore) );
(*ppKeystore) = NULL;
(*ppInit)->lpVtbl->release( (*ppInit) );
(*ppInit) = NULL;
return err;
}
return eOk;
}
P6ERR loadKeyFile(
const P6WCHAR *pKeyPath, p6ICryptoKey **ppNewKey )
{
p6ICryptoKeyInit *pKeyInit = NULL;
{
if (
P6SUCCEEDED( err = pKeyInit->lpVtbl->initialize( pKeyInit, P6CKF_NONE, m_pRandom )))
{
if (
P6SUCCEEDED( err = pKeyInit->lpVtbl->loadKey( pKeyInit, pKeyPath ))) {
err = pKeyInit->lpVtbl->queryInterface( pKeyInit, &IID_p6ICryptoKey, (
P6VOID**)ppNewKey );
}
}
}
return err;
}
{
if (NULL != m_pStr ) m_pStr->lpVtbl->release( m_pStr );
if (NULL != m_pRandom ) m_pRandom->lpVtbl->release( m_pRandom );
if (NULL != m_pKey ) m_pKey->lpVtbl->release( m_pKey );
if (NULL != m_pCrypto ) m_pCrypto->lpVtbl->release( m_pCrypto );
if (NULL != m_pStoreInit) m_pStoreInit->lpVtbl->release( m_pStoreInit );
if (NULL != m_pKeystore ) m_pKeystore->lpVtbl->release( m_pKeystore );
}
{
p6IDir* pDir = NULL;
if (
P6FAILED( err = getSafeString( &m_pStr )))
return err;
if (
P6FAILED( err = getRNG( &m_pRandom )))
return err;
m_port = 5696;
m_compatMask = 0;
if (
P6FAILED( err = m_pStr->lpVtbl->wstrdup( m_pStr, (
const P6WCHAR*)
P6TEXT(
"fqdn.com"), &m_pHostName )))
return err;
if (
P6FAILED( err = pDir->lpVtbl->initialize( pDir ))) {
pDir->lpVtbl->release( pDir );
return err;
}
keyPath[0] = '\0';
pDir->lpVtbl->release( pDir );
return err;
}
if (
P6FAILED( err = m_pStr->lpVtbl->wstrlcat( m_pStr, keyPath,
P6CNTOF(keyPath), (
const P6WCHAR*)
P6TEXT(
"/db/KMIP12_keystorekey.txt"), NULL ))) {
pDir->lpVtbl->release( pDir );
return err;
}
pDir->lpVtbl->release( pDir );
if (
P6FAILED( err = loadKeyFile( keyPath, &m_pKey )))
return err;
if (
P6SUCCEEDED( err )) err = m_pCrypto->lpVtbl->setKey( m_pCrypto, m_pKey );
return openExistingKeystore( (
const P6WCHAR*)
P6TEXT(
"KMIP12_keystore"), &m_pStoreInit, &m_pKeystore );
}
{
m_pStr->lpVtbl->setMem( m_pStr, pPrefs, 0, sizeof( P6KMIP_PREF ));
pPrefs->pVersion = "1.2"; pPrefs->pSubdirectory = pLogDir;
pPrefs->asynchronous = asynchronous; pPrefs->maxBufferSize = maxBufferSize;
pPrefs->connectTimeout = connectTimeout; pPrefs->sendTimeout = sendTimeout;
pPrefs->receiveTimeout = receiveTimeout; pPrefs->initialBufCount = initialBufCount;
pPrefs->growBufsBy = growBufsBy; pPrefs->privateKeyEncoding = privateKeyEncoding;
pPrefs->publicKeyEncoding = publicKeyEncoding; pPrefs->symmetricKeyEncoding = symmetricKeyEncoding;
pPrefs->compatibility1 = m_compatMask;
return eOk;
}
P6ERR createSession( p6IKMIPClient *pClient,
P6BOOL bWithCredentials )
{
P6KMIP_CREDENTIAL credential;
if (
P6FAILED( err = pClient->lpVtbl->setSSLOptions( pClient, NULL, (P6SSF_METHOD_TLS1 | P6SSF_SECURE_CLIENT | P6SSF_SECURE_CLIENT_AUTH | P6SSF_LOG_X509SUBJECTLOOKUPS | P6SSF_VRFY_DISABLEHOSTMATCH))))
return err;
m_pStr->lpVtbl->setMem( m_pStr, &credential, 0, sizeof( P6KMIP_CREDENTIAL ));
credential.type = 1;
credential.value.password.userName.pString = "Fred";
credential.value.password.userName.length = 4;
credential.value.password.password.pString = "password1";
credential.value.password.password.length = 9;
return pClient->lpVtbl->open( pClient, m_pHostName, m_port, (bWithCredentials ? &credential : NULL));
}
P6ERR extractUniqueId( p6IKMIPStr *pEnum, P6NCSTR *pUniqueId )
{
P6NCSTR buffer = { NULL, 0 };
pUniqueId->pString = NULL;
pUniqueId->length = 0;
err = pEnum->lpVtbl->reset( pEnum );
err = pEnum->lpVtbl->next( pEnum, &buffer );
if ( 0 < buffer.length )
{
if (NULL == (pGUID = (
P6CHAR*)malloc(
sizeof(
P6CHAR) * (buffer.length + 2) )))
return eNoMemory;
pGUID[0] = 0;
buffer.pString = pGUID;
buffer.length += 2;
if (
P6FAILED( err = pEnum->lpVtbl->next( pEnum, &buffer )))
return err;
pUniqueId->pString = buffer.pString;
pUniqueId->length = buffer.length;
}
else err = eFail;
return err;
}
P6ERR locateByName( p6IKMIPClient *pClient, P6NCSTR *pKeyId,
const P6CHAR *pName,
P6UINT32 nameLength )
{
P6KMIP_RESULT resultCodes;
P6KMIP_LOCATEPARAMS locateParams;
P6KMIP_ATTRIBUTE attributeList[5];
p6IKMIPStr *pUniqueId = NULL;
m_pStr->lpVtbl->setMem( m_pStr, &resultCodes, 0, sizeof( P6KMIP_RESULT ));
m_pStr->lpVtbl->setMem( m_pStr, &locateParams, 0, sizeof( P6KMIP_LOCATEPARAMS ));
attributeList[0].type = KMIP_ATTRIB_OBJECTTYPE;
attributeList[0].index = 0;
attributeList[0].value.objectType = KMIP_OBJECT_SYMMETRICKEY;
attributeList[1].type = KMIP_ATTRIB_NAME;
attributeList[1].index = 0;
attributeList[1].value.name.type = KMIP_NAME_TEXTSTR;
attributeList[1].value.name.value.pString = pName;
attributeList[1].value.name.value.length = nameLength;
locateParams.attribCount = 2;
locateParams.pAttributeList = attributeList;
if (
P6FAILED( err = pClient->lpVtbl->locateObject( pClient, locateParams, &pUniqueId, &resultCodes ))) {
printf("\nCall to locateObject by Name has failed %x\n", err );
}
else if (KMIP_RESULT_SUCCESS != resultCodes.resultStatus) {
printf("\nKMIP server returned an error when calling locateObject by Name [ %x]\n", resultCodes.resultReason);
err = eFail;
}
else
{
if (NULL != pUniqueId)
{
err = extractUniqueId( pUniqueId, pKeyId );
printf("\nExisting key found with Name attribute, has unique Id [%s]\n", pKeyId->pString );
pUniqueId->lpVtbl->release( pUniqueId );
}
}
return err;
}
{
P6KMIP_RESULT resultCodes;
P6KMIP_KEYPARAMS keyParams;
P6KMIP_NEWOBJECT newKey;
P6NCSTR keyId = {NULL, 0};
P6NCSTR reKeyId = {NULL, 0};
m_pStr->lpVtbl->setMem( m_pStr, &resultCodes, 0, sizeof( P6KMIP_RESULT ));
m_pStr->lpVtbl->setMem( m_pStr, &keyParams, 0, sizeof( P6KMIP_KEYPARAMS ));
m_pStr->lpVtbl->setMem( m_pStr, &newKey, 0, sizeof( P6KMIP_NEWOBJECT ));
if (
P6SUCCEEDED( err = locateByName( pClient, &keyId, pName, nameLength )))
{
keyParams.uniqueId = keyId;
if (
P6FAILED( err = pClient->lpVtbl->reKeyObject( pClient, keyParams, &newKey, &resultCodes ))) {
printf("\nCall to reKeyObject has failed %x\n", err );
}
else if (KMIP_RESULT_SUCCESS != resultCodes.resultStatus) {
printf("\nKMIP server returned an error when calling reKeyObject [%x]\n", resultCodes.resultReason);
err = eFail;
}
else
{
if (NULL != newKey.pUniqueId)
{
err = extractUniqueId( newKey.pUniqueId, &reKeyId );
printf("\nNew key generated replacing old key has unique Id [%s]\n", reKeyId.pString );
newKey.pUniqueId->lpVtbl->release( newKey.pUniqueId );
}
}
}
if (NULL != keyId.pString ) free( (
P6VOID*)keyId.pString );
if (NULL != reKeyId.pString) free( (
P6VOID*)reKeyId.pString );
return err;
}
P6ERR findReplacedKey( p6IKMIPClient *pClient,
const P6CHAR *pName,
P6UINT32 nameLength, P6BSTR* pReplacedObjId )
{
P6NCSTR attribNames[2];
P6KMIP_RESULT resultCodes;
P6KMIP_ATTRIBRESULT getResult;
P6KMIP_GETATTRIBPARAMS attribParams;
P6KMIP_OBJECT_ATTRIBUTE objAttribute;
P6NCSTR keyId = {NULL, 0};
if (
P6FAILED( err = locateByName( pClient, &keyId, pName, nameLength )))
return err;
m_pStr->lpVtbl->setMem( m_pStr, &resultCodes, 0, sizeof( P6KMIP_RESULT ));
m_pStr->lpVtbl->setMem( m_pStr, &getResult, 0, sizeof( P6KMIP_ATTRIBRESULT ));
m_pStr->lpVtbl->setMem( m_pStr, &attribParams, 0, sizeof( P6KMIP_GETATTRIBPARAMS ));
attribNames[0].pString = "Link";
attribNames[0].length = 4;
attribParams.uniqueId = keyId;
attribParams.attribCount = 1;
attribParams.pAttributeNames = attribNames;
if (
P6FAILED( err = pClient->lpVtbl->getAttributes( pClient, attribParams, &getResult, &resultCodes ))) {
printf("\nCall to getAttributes has failed %x\n", err );
}
else if (KMIP_RESULT_SUCCESS != resultCodes.resultStatus) {
printf("\nKMIP server returned an error when calling getAttributes [%x]\n", resultCodes.resultReason);
err = eFail;
}
if (NULL != keyId.pString) free( (
P6VOID*)keyId.pString );
return err;
}
if (NULL != getResult.pAttribute)
{
while(
P6SUCCEEDED( err = getResult.pAttribute->lpVtbl->next( getResult.pAttribute, &attribType )))
{
m_pStr->lpVtbl->setMem( m_pStr, &objAttribute, 0, sizeof( P6KMIP_OBJECT_ATTRIBUTE ));
if (KMIP_ATTRIB_LINK == attribType)
{
objAttribute.value.link.linkObjectId.pString = tempId;
objAttribute.value.link.linkObjectId.length = 100;
err = getResult.pAttribute->lpVtbl->getValue( getResult.pAttribute, &objAttribute );
if (
P6SUCCEEDED(err) && KMIP_LINK_REPLACED == objAttribute.value.link.linkType)
{
for( i=0; i < linkLength; i++ ) pReplacedObjId->pString[i] = tempId[i];
pReplacedObjId->length = linkLength;
break;
}
}
}
getResult.pAttribute->lpVtbl->release( getResult.pAttribute );
}
if (NULL != keyId.pString) free( (
P6VOID*)keyId.pString );
return (!bFound ? eNotFound : eOk);
}
P6ERR run( p6IDataStream *pStreamDebug )
{
P6KMIP_ATTRIBUTE attributeList[6];
P6KMIP_PREF preferences;
P6KMIP_RESULT resultCodes;
P6KMIP_NEWOBJECT newKey;
P6KMIP_KEYPARAMS keyParams;
P6KMIP_TEMPLATEATTRIBUTE attributes;
P6BSTR replacedKeyId = { uniqueId, 100 };
p6IKMIPClient *pClient = NULL;
setPreferences( &preferences,
P6CTEXT(
"Rekey_Symmetric"), 0, 0, 0, 0, 5000, 2000, 2000, 120000, 2, 2 );
if (
P6FAILED( err = pClient->lpVtbl->initialize( pClient, (P6KMIPFLG_TRACE_MSGS | P6KMIPFLG_TRACE_FORMATXML), m_pKeystore, preferences ))) {
pClient->lpVtbl->release( pClient );
return err;
}
pClient->lpVtbl->release( pClient );
return err;
}
m_pStr->lpVtbl->setMem( m_pStr, &resultCodes, 0, sizeof( P6KMIP_RESULT ));
m_pStr->lpVtbl->setMem( m_pStr, &newKey, 0, sizeof( P6KMIP_NEWOBJECT ));
m_pStr->lpVtbl->setMem( m_pStr, &keyParams, 0, sizeof( P6KMIP_KEYPARAMS ));
m_pStr->lpVtbl->setMem( m_pStr, &attributes, 0, sizeof( P6KMIP_TEMPLATEATTRIBUTE ));
attributeList[0].type = KMIP_ATTRIB_CRYPTOALGORITHM;
attributeList[0].index = 0;
attributeList[0].value.cryptoAlgorithm = KMIP_AES;
attributeList[1].type = KMIP_ATTRIB_CRYPTOLENGTH;
attributeList[1].index = 0;
attributeList[1].value.cryptoLength = 128;
attributeList[2].type = KMIP_ATTRIB_CRYPTOUSAGEMASK;
attributeList[2].index = 0;
attributeList[2].value.cryptoUsageMask = KMIP_USE_ENCRYPT | KMIP_USE_DECRYPT;
attributeList[3].type = KMIP_ATTRIB_NAME;
attributeList[3].index = 0;
attributeList[3].value.name.type = KMIP_NAME_TEXTSTR;
attributeList[3].value.name.value.pString = "Place-your-unique-name-here2";
attributeList[3].value.name.value.length = 28;
attributes.attribCount = 4;
attributes.pAttributeList = attributeList;
keyParams.pAttributes = &attributes;
if (
P6FAILED( err = pClient->lpVtbl->createKeyObject( pClient, keyParams, &newKey, &resultCodes ))) {
printf("\nCall to createKeyObject has failed %x\n", err );
}
else if (KMIP_RESULT_SUCCESS != resultCodes.resultStatus) {
printf("\nKMIP server returned an error when calling createKeyObject [%x]\n", resultCodes.resultReason);
err = eFail;
}
else
{ if (NULL != newKey.pUniqueId) newKey.pUniqueId->lpVtbl->release( newKey.pUniqueId );
}
if (
P6SUCCEEDED( err = reKey( pClient,
"Place-your-unique-name-here2", 28 )))
{
err = findReplacedKey( pClient, "Place-your-unique-name-here2", 28, &replacedKeyId );
}
err = pClient->lpVtbl->close( pClient );
pClient->lpVtbl->release( pClient );
return err;
}
P6VOID KMIP_ReKey_SymmetricKey( p6IDataStream *pDataStream )
{
P6ERR err = eNotInitialized;
err = run( pDataStream );
}
freeGlobals();
}
int main(int argc,char *argv[])
{
p6IDataStream *pDataStream = NULL;
if (
P6FAILED( err = createStream( &pDataStream ))) {
printf("ERROR: Failed to create a datastream [ %x ]\n", err );
return 1;
}
{
KMIP_ReKey_SymmetricKey( pDataStream );
}
else printf("ERROR: Failed to initialize the loader [ %x ]\n", err );
return 0;
}