diff options
Diffstat (limited to 'mozilla/security/nss/cmd/makepqg/makepqg.c')
| -rw-r--r-- | mozilla/security/nss/cmd/makepqg/makepqg.c | 363 |
1 files changed, 363 insertions, 0 deletions
diff --git a/mozilla/security/nss/cmd/makepqg/makepqg.c b/mozilla/security/nss/cmd/makepqg/makepqg.c new file mode 100644 index 0000000..5a172d6 --- /dev/null +++ b/mozilla/security/nss/cmd/makepqg/makepqg.c @@ -0,0 +1,363 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#include "prtypes.h" +#include "prtime.h" +#include "prlong.h" + +#include "nss.h" +#include "secutil.h" +#include "secitem.h" +#include "pk11func.h" +#include "pk11pqg.h" + +#if defined(XP_UNIX) +#include <unistd.h> +#endif + +#include "plgetopt.h" + +#define BPB 8 /* bits per byte. */ + +char *progName; + + +const SEC_ASN1Template seckey_PQGParamsTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) }, + { 0, } +}; + + + +void +Usage(void) +{ + fprintf(stderr, "Usage: %s\n", progName); + fprintf(stderr, +"-a Output DER-encoded PQG params, BTOA encoded.\n" +" -l prime-length Length of prime in bits (1024 is default)\n" +" -o file Output to this file (default is stdout)\n" +"-b Output DER-encoded PQG params in binary\n" +" -l prime-length Length of prime in bits (1024 is default)\n" +" -o file Output to this file (default is stdout)\n" +"-r Output P, Q and G in ASCII hexadecimal. \n" +" -l prime-length Length of prime in bits (1024 is default)\n" +" -o file Output to this file (default is stdout)\n" +"-g bits Generate SEED this many bits long.\n" +); + exit(-1); + +} + +SECStatus +outputPQGParams(PQGParams * pqgParams, PRBool output_binary, PRBool output_raw, + FILE * outFile) +{ + PRArenaPool * arena = NULL; + char * PQG; + SECItem * pItem; + int cc; + SECStatus rv; + SECItem encodedParams; + + if (output_raw) { + SECItem item; + + rv = PK11_PQG_GetPrimeFromParams(pqgParams, &item); + if (rv) { + SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams"); + return rv; + } + SECU_PrintInteger(outFile, &item, "Prime", 1); + SECITEM_FreeItem(&item, PR_FALSE); + + rv = PK11_PQG_GetSubPrimeFromParams(pqgParams, &item); + if (rv) { + SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams"); + return rv; + } + SECU_PrintInteger(outFile, &item, "Subprime", 1); + SECITEM_FreeItem(&item, PR_FALSE); + + rv = PK11_PQG_GetBaseFromParams(pqgParams, &item); + if (rv) { + SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams"); + return rv; + } + SECU_PrintInteger(outFile, &item, "Base", 1); + SECITEM_FreeItem(&item, PR_FALSE); + + fprintf(outFile, "\n"); + return SECSuccess; + } + + encodedParams.data = NULL; + encodedParams.len = 0; + arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); + if (!arena) { + SECU_PrintError(progName, "PORT_NewArena"); + return SECFailure; + } + pItem = SEC_ASN1EncodeItem(arena, &encodedParams, pqgParams, + seckey_PQGParamsTemplate); + if (!pItem) { + SECU_PrintError(progName, "SEC_ASN1EncodeItem"); + PORT_FreeArena(arena, PR_FALSE); + return SECFailure; + } + if (output_binary) { + size_t len; + len = fwrite(encodedParams.data, 1, encodedParams.len, outFile); + PORT_FreeArena(arena, PR_FALSE); + if (len != encodedParams.len) { + fprintf(stderr, "%s: fwrite failed\n", progName); + return SECFailure; + } + return SECSuccess; + } + + /* must be output ASCII */ + PQG = BTOA_DataToAscii(encodedParams.data, encodedParams.len); + PORT_FreeArena(arena, PR_FALSE); + if (!PQG) { + SECU_PrintError(progName, "BTOA_DataToAscii"); + return SECFailure; + } + + cc = fprintf(outFile,"%s\n",PQG); + PORT_Free(PQG); + if (cc <= 0) { + fprintf(stderr, "%s: fprintf failed\n", progName); + return SECFailure; + } + return SECSuccess; +} + +SECStatus +outputPQGVerify(PQGVerify * pqgVerify, PRBool output_binary, PRBool output_raw, + FILE * outFile) +{ + SECStatus rv = SECSuccess; + if (output_raw) { + SECItem item; + unsigned int counter; + + rv = PK11_PQG_GetHFromVerify(pqgVerify, &item); + if (rv) { + SECU_PrintError(progName, "PK11_PQG_GetHFromVerify"); + return rv; + } + SECU_PrintInteger(outFile, &item, "h", 1); + SECITEM_FreeItem(&item, PR_FALSE); + + rv = PK11_PQG_GetSeedFromVerify(pqgVerify, &item); + if (rv) { + SECU_PrintError(progName, "PK11_PQG_GetSeedFromVerify"); + return rv; + } + SECU_PrintInteger(outFile, &item, "SEED", 1); + fprintf(outFile, " g: %d\n", item.len * BPB); + SECITEM_FreeItem(&item, PR_FALSE); + + counter = PK11_PQG_GetCounterFromVerify(pqgVerify); + fprintf(outFile, " counter: %d\n", counter); + fprintf(outFile, "\n"); + } + return rv; +} + +int +main(int argc, char **argv) +{ + FILE * outFile = NULL; + char * outFileName = NULL; + PQGParams * pqgParams = NULL; + PQGVerify * pqgVerify = NULL; + int keySizeInBits = 1024; + int j; + int g = 0; + SECStatus rv = 0; + SECStatus passed = 0; + PRBool output_ascii = PR_FALSE; + PRBool output_binary = PR_FALSE; + PRBool output_raw = PR_FALSE; + PLOptState *optstate; + PLOptStatus status; + + + progName = strrchr(argv[0], '/'); + if (!progName) + progName = strrchr(argv[0], '\\'); + progName = progName ? progName+1 : argv[0]; + + /* Parse command line arguments */ + optstate = PL_CreateOptState(argc, argv, "?abg:l:o:r" ); + while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { + switch (optstate->option) { + + case 'l': + keySizeInBits = atoi(optstate->value); + break; + + case 'a': + output_ascii = PR_TRUE; + break; + + case 'b': + output_binary = PR_TRUE; + break; + + case 'r': + output_raw = PR_TRUE; + break; + + case 'o': + if (outFileName) { + PORT_Free(outFileName); + } + outFileName = PORT_Strdup(optstate->value); + if (!outFileName) { + rv = -1; + } + break; + + case 'g': + g = atoi(optstate->value); + break; + + default: + case '?': + Usage(); + break; + + } + } + PL_DestroyOptState(optstate); + + if (status == PL_OPT_BAD) { + Usage(); + } + + /* exactly 1 of these options must be set. */ + if (1 != ((output_ascii != PR_FALSE) + + (output_binary != PR_FALSE) + + (output_raw != PR_FALSE))) { + Usage(); + } + + j = PQG_PBITS_TO_INDEX(keySizeInBits); + if (j < 0) { + fprintf(stderr, "%s: Illegal prime length, \n" + "\tacceptable values are between 512 and 1024,\n" + "\tand divisible by 64\n", progName); + return 2; + } + if (g != 0 && (g < 160 || g >= 2048 || g % 8 != 0)) { + fprintf(stderr, "%s: Illegal g bits, \n" + "\tacceptable values are between 160 and 2040,\n" + "\tand divisible by 8\n", progName); + return 3; + } + + if (!rv && outFileName) { + outFile = fopen(outFileName, output_binary ? "wb" : "w"); + if (!outFile) { + fprintf(stderr, "%s: unable to open \"%s\" for writing\n", + progName, outFileName); + rv = -1; + } + } + if (outFileName) { + PORT_Free(outFileName); + } + if (rv != 0) { + return 1; + } + + if (outFile == NULL) { + outFile = stdout; + } + + + NSS_NoDB_Init(NULL); + + if (g) + rv = PK11_PQG_ParamGenSeedLen((unsigned)j, (unsigned)(g/8), + &pqgParams, &pqgVerify); + else + rv = PK11_PQG_ParamGen((unsigned)j, &pqgParams, &pqgVerify); + /* below here, must go to loser */ + + if (rv != SECSuccess || pqgParams == NULL || pqgVerify == NULL) { + SECU_PrintError(progName, "PQG parameter generation failed.\n"); + goto loser; + } + fprintf(stderr, "%s: PQG parameter generation completed.\n", progName); + + rv = outputPQGParams(pqgParams, output_binary, output_raw, outFile); + if (rv) { + fprintf(stderr, "%s: failed to output PQG params.\n", progName); + goto loser; + } + rv = outputPQGVerify(pqgVerify, output_binary, output_raw, outFile); + if (rv) { + fprintf(stderr, "%s: failed to output PQG Verify.\n", progName); + goto loser; + } + + rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &passed); + if (rv != SECSuccess) { + fprintf(stderr, "%s: PQG parameter verification aborted.\n", progName); + goto loser; + } + if (passed != SECSuccess) { + fprintf(stderr, "%s: PQG parameters failed verification.\n", progName); + goto loser; + } + fprintf(stderr, "%s: PQG parameters passed verification.\n", progName); + + PK11_PQG_DestroyParams(pqgParams); + PK11_PQG_DestroyVerify(pqgVerify); + return 0; + +loser: + PK11_PQG_DestroyParams(pqgParams); + PK11_PQG_DestroyVerify(pqgVerify); + return 1; +} |