/security/nss/cmd/makepqg/makepqg.c
C | 363 lines | 274 code | 50 blank | 39 comment | 56 complexity | 413d153500c0e79f3f8845a4cbf362c6 MD5 | raw file
1/* ***** BEGIN LICENSE BLOCK ***** 2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 3 * 4 * The contents of this file are subject to the Mozilla Public License Version 5 * 1.1 (the "License"); you may not use this file except in compliance with 6 * the License. You may obtain a copy of the License at 7 * http://www.mozilla.org/MPL/ 8 * 9 * Software distributed under the License is distributed on an "AS IS" basis, 10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License 11 * for the specific language governing rights and limitations under the 12 * License. 13 * 14 * The Original Code is the Netscape security libraries. 15 * 16 * The Initial Developer of the Original Code is 17 * Netscape Communications Corporation. 18 * Portions created by the Initial Developer are Copyright (C) 1994-2000 19 * the Initial Developer. All Rights Reserved. 20 * 21 * Contributor(s): 22 * 23 * Alternatively, the contents of this file may be used under the terms of 24 * either the GNU General Public License Version 2 or later (the "GPL"), or 25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), 26 * in which case the provisions of the GPL or the LGPL are applicable instead 27 * of those above. If you wish to allow use of your version of this file only 28 * under the terms of either the GPL or the LGPL, and not to allow others to 29 * use your version of this file under the terms of the MPL, indicate your 30 * decision by deleting the provisions above and replace them with the notice 31 * and other provisions required by the GPL or the LGPL. If you do not delete 32 * the provisions above, a recipient may use your version of this file under 33 * the terms of any one of the MPL, the GPL or the LGPL. 34 * 35 * ***** END LICENSE BLOCK ***** */ 36 37#include "prtypes.h" 38#include "prtime.h" 39#include "prlong.h" 40 41#include "nss.h" 42#include "secutil.h" 43#include "secitem.h" 44#include "pk11func.h" 45#include "pk11pqg.h" 46 47#if defined(XP_UNIX) 48#include <unistd.h> 49#endif 50 51#include "plgetopt.h" 52 53#define BPB 8 /* bits per byte. */ 54 55char *progName; 56 57 58const SEC_ASN1Template seckey_PQGParamsTemplate[] = { 59 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) }, 60 { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) }, 61 { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) }, 62 { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) }, 63 { 0, } 64}; 65 66 67 68void 69Usage(void) 70{ 71 fprintf(stderr, "Usage: %s\n", progName); 72 fprintf(stderr, 73"-a Output DER-encoded PQG params, BTOA encoded.\n" 74" -l prime-length Length of prime in bits (1024 is default)\n" 75" -o file Output to this file (default is stdout)\n" 76"-b Output DER-encoded PQG params in binary\n" 77" -l prime-length Length of prime in bits (1024 is default)\n" 78" -o file Output to this file (default is stdout)\n" 79"-r Output P, Q and G in ASCII hexadecimal. \n" 80" -l prime-length Length of prime in bits (1024 is default)\n" 81" -o file Output to this file (default is stdout)\n" 82"-g bits Generate SEED this many bits long.\n" 83); 84 exit(-1); 85 86} 87 88SECStatus 89outputPQGParams(PQGParams * pqgParams, PRBool output_binary, PRBool output_raw, 90 FILE * outFile) 91{ 92 PRArenaPool * arena = NULL; 93 char * PQG; 94 SECItem * pItem; 95 int cc; 96 SECStatus rv; 97 SECItem encodedParams; 98 99 if (output_raw) { 100 SECItem item; 101 102 rv = PK11_PQG_GetPrimeFromParams(pqgParams, &item); 103 if (rv) { 104 SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams"); 105 return rv; 106 } 107 SECU_PrintInteger(outFile, &item, "Prime", 1); 108 SECITEM_FreeItem(&item, PR_FALSE); 109 110 rv = PK11_PQG_GetSubPrimeFromParams(pqgParams, &item); 111 if (rv) { 112 SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams"); 113 return rv; 114 } 115 SECU_PrintInteger(outFile, &item, "Subprime", 1); 116 SECITEM_FreeItem(&item, PR_FALSE); 117 118 rv = PK11_PQG_GetBaseFromParams(pqgParams, &item); 119 if (rv) { 120 SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams"); 121 return rv; 122 } 123 SECU_PrintInteger(outFile, &item, "Base", 1); 124 SECITEM_FreeItem(&item, PR_FALSE); 125 126 fprintf(outFile, "\n"); 127 return SECSuccess; 128 } 129 130 encodedParams.data = NULL; 131 encodedParams.len = 0; 132 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); 133 if (!arena) { 134 SECU_PrintError(progName, "PORT_NewArena"); 135 return SECFailure; 136 } 137 pItem = SEC_ASN1EncodeItem(arena, &encodedParams, pqgParams, 138 seckey_PQGParamsTemplate); 139 if (!pItem) { 140 SECU_PrintError(progName, "SEC_ASN1EncodeItem"); 141 PORT_FreeArena(arena, PR_FALSE); 142 return SECFailure; 143 } 144 if (output_binary) { 145 size_t len; 146 len = fwrite(encodedParams.data, 1, encodedParams.len, outFile); 147 PORT_FreeArena(arena, PR_FALSE); 148 if (len != encodedParams.len) { 149 fprintf(stderr, "%s: fwrite failed\n", progName); 150 return SECFailure; 151 } 152 return SECSuccess; 153 } 154 155 /* must be output ASCII */ 156 PQG = BTOA_DataToAscii(encodedParams.data, encodedParams.len); 157 PORT_FreeArena(arena, PR_FALSE); 158 if (!PQG) { 159 SECU_PrintError(progName, "BTOA_DataToAscii"); 160 return SECFailure; 161 } 162 163 cc = fprintf(outFile,"%s\n",PQG); 164 PORT_Free(PQG); 165 if (cc <= 0) { 166 fprintf(stderr, "%s: fprintf failed\n", progName); 167 return SECFailure; 168 } 169 return SECSuccess; 170} 171 172SECStatus 173outputPQGVerify(PQGVerify * pqgVerify, PRBool output_binary, PRBool output_raw, 174 FILE * outFile) 175{ 176 SECStatus rv = SECSuccess; 177 if (output_raw) { 178 SECItem item; 179 unsigned int counter; 180 181 rv = PK11_PQG_GetHFromVerify(pqgVerify, &item); 182 if (rv) { 183 SECU_PrintError(progName, "PK11_PQG_GetHFromVerify"); 184 return rv; 185 } 186 SECU_PrintInteger(outFile, &item, "h", 1); 187 SECITEM_FreeItem(&item, PR_FALSE); 188 189 rv = PK11_PQG_GetSeedFromVerify(pqgVerify, &item); 190 if (rv) { 191 SECU_PrintError(progName, "PK11_PQG_GetSeedFromVerify"); 192 return rv; 193 } 194 SECU_PrintInteger(outFile, &item, "SEED", 1); 195 fprintf(outFile, " g: %d\n", item.len * BPB); 196 SECITEM_FreeItem(&item, PR_FALSE); 197 198 counter = PK11_PQG_GetCounterFromVerify(pqgVerify); 199 fprintf(outFile, " counter: %d\n", counter); 200 fprintf(outFile, "\n"); 201 } 202 return rv; 203} 204 205int 206main(int argc, char **argv) 207{ 208 FILE * outFile = NULL; 209 char * outFileName = NULL; 210 PQGParams * pqgParams = NULL; 211 PQGVerify * pqgVerify = NULL; 212 int keySizeInBits = 1024; 213 int j; 214 int g = 0; 215 SECStatus rv = 0; 216 SECStatus passed = 0; 217 PRBool output_ascii = PR_FALSE; 218 PRBool output_binary = PR_FALSE; 219 PRBool output_raw = PR_FALSE; 220 PLOptState *optstate; 221 PLOptStatus status; 222 223 224 progName = strrchr(argv[0], '/'); 225 if (!progName) 226 progName = strrchr(argv[0], '\\'); 227 progName = progName ? progName+1 : argv[0]; 228 229 /* Parse command line arguments */ 230 optstate = PL_CreateOptState(argc, argv, "?abg:l:o:r" ); 231 while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) { 232 switch (optstate->option) { 233 234 case 'l': 235 keySizeInBits = atoi(optstate->value); 236 break; 237 238 case 'a': 239 output_ascii = PR_TRUE; 240 break; 241 242 case 'b': 243 output_binary = PR_TRUE; 244 break; 245 246 case 'r': 247 output_raw = PR_TRUE; 248 break; 249 250 case 'o': 251 if (outFileName) { 252 PORT_Free(outFileName); 253 } 254 outFileName = PORT_Strdup(optstate->value); 255 if (!outFileName) { 256 rv = -1; 257 } 258 break; 259 260 case 'g': 261 g = atoi(optstate->value); 262 break; 263 264 default: 265 case '?': 266 Usage(); 267 break; 268 269 } 270 } 271 PL_DestroyOptState(optstate); 272 273 if (status == PL_OPT_BAD) { 274 Usage(); 275 } 276 277 /* exactly 1 of these options must be set. */ 278 if (1 != ((output_ascii != PR_FALSE) + 279 (output_binary != PR_FALSE) + 280 (output_raw != PR_FALSE))) { 281 Usage(); 282 } 283 284 j = PQG_PBITS_TO_INDEX(keySizeInBits); 285 if (j < 0) { 286 fprintf(stderr, "%s: Illegal prime length, \n" 287 "\tacceptable values are between 512 and 1024,\n" 288 "\tand divisible by 64\n", progName); 289 return 2; 290 } 291 if (g != 0 && (g < 160 || g >= 2048 || g % 8 != 0)) { 292 fprintf(stderr, "%s: Illegal g bits, \n" 293 "\tacceptable values are between 160 and 2040,\n" 294 "\tand divisible by 8\n", progName); 295 return 3; 296 } 297 298 if (!rv && outFileName) { 299 outFile = fopen(outFileName, output_binary ? "wb" : "w"); 300 if (!outFile) { 301 fprintf(stderr, "%s: unable to open \"%s\" for writing\n", 302 progName, outFileName); 303 rv = -1; 304 } 305 } 306 if (outFileName) { 307 PORT_Free(outFileName); 308 } 309 if (rv != 0) { 310 return 1; 311 } 312 313 if (outFile == NULL) { 314 outFile = stdout; 315 } 316 317 318 NSS_NoDB_Init(NULL); 319 320 if (g) 321 rv = PK11_PQG_ParamGenSeedLen((unsigned)j, (unsigned)(g/8), 322 &pqgParams, &pqgVerify); 323 else 324 rv = PK11_PQG_ParamGen((unsigned)j, &pqgParams, &pqgVerify); 325 /* below here, must go to loser */ 326 327 if (rv != SECSuccess || pqgParams == NULL || pqgVerify == NULL) { 328 SECU_PrintError(progName, "PQG parameter generation failed.\n"); 329 goto loser; 330 } 331 fprintf(stderr, "%s: PQG parameter generation completed.\n", progName); 332 333 rv = outputPQGParams(pqgParams, output_binary, output_raw, outFile); 334 if (rv) { 335 fprintf(stderr, "%s: failed to output PQG params.\n", progName); 336 goto loser; 337 } 338 rv = outputPQGVerify(pqgVerify, output_binary, output_raw, outFile); 339 if (rv) { 340 fprintf(stderr, "%s: failed to output PQG Verify.\n", progName); 341 goto loser; 342 } 343 344 rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &passed); 345 if (rv != SECSuccess) { 346 fprintf(stderr, "%s: PQG parameter verification aborted.\n", progName); 347 goto loser; 348 } 349 if (passed != SECSuccess) { 350 fprintf(stderr, "%s: PQG parameters failed verification.\n", progName); 351 goto loser; 352 } 353 fprintf(stderr, "%s: PQG parameters passed verification.\n", progName); 354 355 PK11_PQG_DestroyParams(pqgParams); 356 PK11_PQG_DestroyVerify(pqgVerify); 357 return 0; 358 359loser: 360 PK11_PQG_DestroyParams(pqgParams); 361 PK11_PQG_DestroyVerify(pqgVerify); 362 return 1; 363}