diff options
Diffstat (limited to 'security/nss/cmd/certutil/keystuff.c')
-rw-r--r-- | security/nss/cmd/certutil/keystuff.c | 377 |
1 files changed, 0 insertions, 377 deletions
diff --git a/security/nss/cmd/certutil/keystuff.c b/security/nss/cmd/certutil/keystuff.c deleted file mode 100644 index 2926f8f1b..000000000 --- a/security/nss/cmd/certutil/keystuff.c +++ /dev/null @@ -1,377 +0,0 @@ -/* - * The contents of this file are subject to the Mozilla Public - * License Version 1.1 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.mozilla.org/MPL/ - * - * Software distributed under the License is distributed on an "AS - * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or - * implied. See the License for the specific language governing - * rights and limitations under the License. - * - * The Original Code is the Netscape security libraries. - * - * The Initial Developer of the Original Code is Netscape - * Communications Corporation. Portions created by Netscape are - * Copyright (C) 1994-2000 Netscape Communications Corporation. All - * Rights Reserved. - * - * Contributor(s): - * - * Alternatively, the contents of this file may be used under the - * terms of the GNU General Public License Version 2 or later (the - * "GPL"), in which case the provisions of the GPL are applicable - * instead of those above. If you wish to allow use of your - * version of this file only under the terms of the GPL and not to - * allow others to use your version of this file under the MPL, - * indicate your decision by deleting the provisions above and - * replace them with the notice and other provisions required by - * the GPL. If you do not delete the provisions above, a recipient - * may use your version of this file under either the MPL or the - * GPL. - */ - -#include <stdio.h> -#include <string.h> -#include "secutil.h" - -#if defined(XP_UNIX) -#include <unistd.h> -#include <sys/time.h> -#include <termios.h> -#endif - -#if defined(XP_WIN) || defined (XP_PC) -#include <time.h> -#include <conio.h> -#endif - -#if defined(__sun) && !defined(SVR4) -extern int fclose(FILE*); -extern int fprintf(FILE *, char *, ...); -extern int isatty(int); -extern char *sys_errlist[]; -#define strerror(errno) sys_errlist[errno] -#endif - -#include "nspr.h" -#include "prtypes.h" -#include "prtime.h" -#include "prlong.h" - -#include "pk11func.h" -#include "secrng.h" -#include "pqgutil.h" - -#define NUM_KEYSTROKES 120 -#define RAND_BUF_SIZE 60 - -#define ERROR_BREAK rv = SECFailure;break; - -/* returns 0 for success, -1 for failure (EOF encountered) */ -static int -UpdateRNG(void) -{ - char * randbuf; - int fd, i, count; - int c; - int rv = 0; -#ifdef XP_UNIX - cc_t orig_cc_min; - cc_t orig_cc_time; - tcflag_t orig_lflag; - struct termios tio; -#endif - -#define FPS fprintf(stderr, - FPS "\n"); - FPS "A random seed must be generated that will be used in the\n"); - FPS "creation of your key. One of the easiest ways to create a\n"); - FPS "random seed is to use the timing of keystrokes on a keyboard.\n"); - FPS "\n"); - FPS "To begin, type keys on the keyboard until this progress meter\n"); - FPS "is full. DO NOT USE THE AUTOREPEAT FUNCTION ON YOUR KEYBOARD!\n"); - FPS "\n"); - FPS "\n"); - FPS "Continue typing until the progress meter is full:\n\n"); - FPS "| |\r"); - - /* turn off echo on stdin & return on 1 char instead of NL */ - fd = fileno(stdin); - -#if defined(XP_UNIX) && !defined(VMS) - tcgetattr(fd, &tio); - orig_lflag = tio.c_lflag; - orig_cc_min = tio.c_cc[VMIN]; - orig_cc_time = tio.c_cc[VTIME]; - tio.c_lflag &= ~ECHO; - tio.c_lflag &= ~ICANON; - tio.c_cc[VMIN] = 1; - tio.c_cc[VTIME] = 0; - tcsetattr(fd, TCSAFLUSH, &tio); -#endif - - /* Get random noise from keyboard strokes */ - randbuf = (char *) PORT_Alloc(RAND_BUF_SIZE); - count = 0; - while (count < NUM_KEYSTROKES+1) { -#ifdef VMS - c = GENERIC_GETCHAR_NOECHO(); -#elif XP_UNIX - c = getc(stdin); -#else - c = getch(); -#endif - if (c == EOF) { - rv = -1; - break; - } - RNG_GetNoise(&randbuf[1], sizeof(randbuf)-1); - RNG_RandomUpdate(randbuf, sizeof(randbuf)); - if (c != randbuf[0]) { - randbuf[0] = c; - FPS "\r|"); - for (i=0; i<count/(NUM_KEYSTROKES/RAND_BUF_SIZE); i++) { - FPS "*"); - } - if (count%(NUM_KEYSTROKES/RAND_BUF_SIZE) == 1) - FPS "/"); - count++; - } - } - free(randbuf); - - FPS "\n\n"); - FPS "Finished. Press enter to continue: "); -#if defined(VMS) - while((c = GENERIC_GETCHAR_NO_ECHO()) != '\r' && c != EOF) - ; -#else - while ((c = getc(stdin)) != '\n' && c != EOF) - ; -#endif - if (c == EOF) - rv = -1; - FPS "\n"); - -#undef FPS - -#if defined(XP_UNIX) && !defined(VMS) - /* set back termio the way it was */ - tio.c_lflag = orig_lflag; - tio.c_cc[VMIN] = orig_cc_min; - tio.c_cc[VTIME] = orig_cc_time; - tcsetattr(fd, TCSAFLUSH, &tio); -#endif - return rv; -} - - -static unsigned char P[] = { 0x00, 0x8d, 0xf2, 0xa4, 0x94, 0x49, 0x22, 0x76, - 0xaa, 0x3d, 0x25, 0x75, 0x9b, 0xb0, 0x68, 0x69, - 0xcb, 0xea, 0xc0, 0xd8, 0x3a, 0xfb, 0x8d, 0x0c, - 0xf7, 0xcb, 0xb8, 0x32, 0x4f, 0x0d, 0x78, 0x82, - 0xe5, 0xd0, 0x76, 0x2f, 0xc5, 0xb7, 0x21, 0x0e, - 0xaf, 0xc2, 0xe9, 0xad, 0xac, 0x32, 0xab, 0x7a, - 0xac, 0x49, 0x69, 0x3d, 0xfb, 0xf8, 0x37, 0x24, - 0xc2, 0xec, 0x07, 0x36, 0xee, 0x31, 0xc8, 0x02, - 0x91 }; -static unsigned char Q[] = { 0x00, 0xc7, 0x73, 0x21, 0x8c, 0x73, 0x7e, 0xc8, - 0xee, 0x99, 0x3b, 0x4f, 0x2d, 0xed, 0x30, 0xf4, - 0x8e, 0xda, 0xce, 0x91, 0x5f }; -static unsigned char G[] = { 0x00, 0x62, 0x6d, 0x02, 0x78, 0x39, 0xea, 0x0a, - 0x13, 0x41, 0x31, 0x63, 0xa5, 0x5b, 0x4c, 0xb5, - 0x00, 0x29, 0x9d, 0x55, 0x22, 0x95, 0x6c, 0xef, - 0xcb, 0x3b, 0xff, 0x10, 0xf3, 0x99, 0xce, 0x2c, - 0x2e, 0x71, 0xcb, 0x9d, 0xe5, 0xfa, 0x24, 0xba, - 0xbf, 0x58, 0xe5, 0xb7, 0x95, 0x21, 0x92, 0x5c, - 0x9c, 0xc4, 0x2e, 0x9f, 0x6f, 0x46, 0x4b, 0x08, - 0x8c, 0xc5, 0x72, 0xaf, 0x53, 0xe6, 0xd7, 0x88, - 0x02 }; - -static PQGParams default_pqg_params = { - NULL, - { 0, P, sizeof(P) }, - { 0, Q, sizeof(Q) }, - { 0, G, sizeof(G) } -}; - -static PQGParams * -decode_pqg_params(char *str) -{ - char *buf; - unsigned int len; - PRArenaPool *arena; - PQGParams *params; - SECStatus status; - - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) - return NULL; - - params = PORT_ArenaZAlloc(arena, sizeof(PQGParams)); - if (params == NULL) - goto loser; - params->arena = arena; - - buf = (char *)ATOB_AsciiToData(str, &len); - if ((buf == NULL) || (len == 0)) - goto loser; - - status = SEC_ASN1Decode(arena, params, SECKEY_PQGParamsTemplate, buf, len); - if (status != SECSuccess) - goto loser; - - return params; - -loser: - if (arena != NULL) - PORT_FreeArena(arena, PR_FALSE); - return NULL; -} - -static int -pqg_prime_bits(char *str) -{ - PQGParams *params = NULL; - int primeBits = 0, i; - - params = decode_pqg_params(str); - if (params == NULL) - goto done; /* lose */ - - for (i = 0; params->prime.data[i] == 0; i++) - /* empty */; - primeBits = (params->prime.len - i) * 8; - -done: - if (params != NULL) - PQG_DestroyParams(params); - return primeBits; -} - -static char * -SECU_GetpqgString(char *filename) -{ - char phrase[400]; - FILE *fh; - char *rv; - - fh = fopen(filename,"r"); - rv = fgets (phrase, sizeof(phrase), fh); - - fclose(fh); - if (phrase[strlen(phrase)-1] == '\n') - phrase[strlen(phrase)-1] = '\0'; - if (rv) { - return (char*) PORT_Strdup(phrase); - } - fprintf(stderr,"pqg file contain no data\n"); - return NULL; -} - -PQGParams* -getpqgfromfile(int keyBits, char *pqgFile) -{ - char *end, *str, *pqgString; - int primeBits; - - pqgString = SECU_GetpqgString(pqgFile); - if (pqgString) - str = PORT_Strdup(pqgString); - else - return NULL; - - do { - end = PORT_Strchr(str, ','); - if (end) - *end = '\0'; - primeBits = pqg_prime_bits(str); - if (keyBits == primeBits) - goto found_match; - str = end + 1; - } while (end); - - PORT_Free(pqgString); - PORT_Free(str); - return NULL; - -found_match: - PORT_Free(pqgString); - PORT_Free(str); - return decode_pqg_params(str); -} - -SECKEYPrivateKey * -CERTUTIL_GeneratePrivateKey(KeyType keytype, PK11SlotInfo *slot, int size, - int publicExponent, char *noise, - SECKEYPublicKey **pubkeyp, char *pqgFile, - secuPWData *pwdata) -{ - CK_MECHANISM_TYPE mechanism; - SECOidTag algtag; - PK11RSAGenParams rsaparams; - PQGParams *dsaparams = NULL; - void *params; - PRArenaPool *dsaparena; - - /* - * Do some random-number initialization. - */ - RNG_SystemInfoForRNG(); - - if (noise) { - RNG_FileForRNG(noise); - } else { - int rv = UpdateRNG(); - if (rv) { - PORT_SetError(PR_END_OF_FILE_ERROR); - return NULL; - } - } - - switch (keytype) { - case rsaKey: - rsaparams.keySizeInBits = size; - rsaparams.pe = publicExponent; - mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN; - algtag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION; - params = &rsaparams; - break; - case dsaKey: - mechanism = CKM_DSA_KEY_PAIR_GEN; - algtag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; - if (pqgFile) { - dsaparams = getpqgfromfile(size, pqgFile); - } else { - dsaparena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (dsaparena == NULL) return NULL; - dsaparams = PORT_ArenaZAlloc(dsaparena, sizeof(PQGParams)); - if (dsaparams == NULL) return NULL; - dsaparams->arena = dsaparena; - SECITEM_AllocItem(dsaparena, &dsaparams->prime, sizeof P); - SECITEM_AllocItem(dsaparena, &dsaparams->subPrime, sizeof Q); - SECITEM_AllocItem(dsaparena, &dsaparams->base, sizeof G); - PORT_Memcpy(dsaparams->prime.data, P, dsaparams->prime.len); - PORT_Memcpy(dsaparams->subPrime.data, Q, dsaparams->subPrime.len); - PORT_Memcpy(dsaparams->base.data, G, dsaparams->base.len); - } - params = dsaparams; - break; - default: - return NULL; - } - - if (slot == NULL) - return NULL; - - if (PK11_Authenticate(slot, PR_TRUE, pwdata) != SECSuccess) - return NULL; - - fprintf(stderr, "\n\n"); - fprintf(stderr, "Generating key. This may take a few moments...\n\n"); - - return PK11_GenerateKeyPair(slot, mechanism, params, pubkeyp, - PR_TRUE /*isPerm*/, PR_TRUE /*isSensitive*/, - pwdata /*wincx*/); -} |