makepqg.c 10.2 KB
Newer Older
1 2 3
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 5 6 7 8

#include "prtypes.h"
#include "prtime.h"
#include "prlong.h"

9
#include "nss.h"
10 11 12
#include "secutil.h"
#include "secitem.h"
#include "pk11func.h"
13
#include "pk11pqg.h"
14 15 16 17 18 19 20 21 22

#if defined(XP_UNIX)
#include <unistd.h>
#endif

#include "plgetopt.h"

#define BPB 8 /* bits per byte. */

23
char *progName;
24

25 26
const SEC_ASN1Template seckey_PQGParamsTemplate[] = {
    { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) },
27 28 29
    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, prime) },
    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, subPrime) },
    { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams, base) },
30
    { 0 }
31 32
};

33 34 35 36
void
Usage(void)
{
    fprintf(stderr, "Usage:  %s\n", progName);
37 38 39 40 41 42 43 44
    fprintf(stderr,
            "-a   Output DER-encoded PQG params, BTOA encoded.\n"
            "-b   Output DER-encoded PQG params in binary\n"
            "-r   Output P, Q and G in ASCII hexadecimal. \n"
            "  -l prime-length       Length of prime in bits (1024 is default)\n"
            "  -n subprime-length    Length of subprime in bits\n"
            "  -o file               Output to this file (default is stdout)\n"
            "  -g bits               Generate SEED this many bits long.\n");
45 46 47
    exit(-1);
}

48
SECStatus
49 50
outputPQGParams(PQGParams *pqgParams, PRBool output_binary, PRBool output_raw,
                FILE *outFile)
51
{
52 53 54 55 56 57
    PLArenaPool *arena = NULL;
    char *PQG;
    SECItem *pItem;
    int cc;
    SECStatus rv;
    SECItem encodedParams;
58 59

    if (output_raw) {
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87
        SECItem item;

        rv = PK11_PQG_GetPrimeFromParams(pqgParams, &item);
        if (rv) {
            SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
            return rv;
        }
        SECU_PrintInteger(outFile, &item, "Prime", 1);
        SECITEM_FreeItem(&item, PR_FALSE);

        rv = PK11_PQG_GetSubPrimeFromParams(pqgParams, &item);
        if (rv) {
            SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
            return rv;
        }
        SECU_PrintInteger(outFile, &item, "Subprime", 1);
        SECITEM_FreeItem(&item, PR_FALSE);

        rv = PK11_PQG_GetBaseFromParams(pqgParams, &item);
        if (rv) {
            SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
            return rv;
        }
        SECU_PrintInteger(outFile, &item, "Base", 1);
        SECITEM_FreeItem(&item, PR_FALSE);

        fprintf(outFile, "\n");
        return SECSuccess;
88 89 90
    }

    encodedParams.data = NULL;
91
    encodedParams.len = 0;
92
    arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
93
    if (!arena) {
94 95
        SECU_PrintError(progName, "PORT_NewArena");
        return SECFailure;
96 97
    }
    pItem = SEC_ASN1EncodeItem(arena, &encodedParams, pqgParams,
98
                               seckey_PQGParamsTemplate);
99
    if (!pItem) {
100 101 102
        SECU_PrintError(progName, "SEC_ASN1EncodeItem");
        PORT_FreeArena(arena, PR_FALSE);
        return SECFailure;
103
    }
104
    if (output_binary) {
105 106 107 108 109 110 111 112
        size_t len;
        len = fwrite(encodedParams.data, 1, encodedParams.len, outFile);
        PORT_FreeArena(arena, PR_FALSE);
        if (len != encodedParams.len) {
            fprintf(stderr, "%s: fwrite failed\n", progName);
            return SECFailure;
        }
        return SECSuccess;
113 114 115
    }

    /* must be output ASCII */
116
    PQG = BTOA_DataToAscii(encodedParams.data, encodedParams.len);
117 118
    PORT_FreeArena(arena, PR_FALSE);
    if (!PQG) {
119 120
        SECU_PrintError(progName, "BTOA_DataToAscii");
        return SECFailure;
121
    }
122

123
    cc = fprintf(outFile, "%s\n", PQG);
124 125
    PORT_Free(PQG);
    if (cc <= 0) {
126 127
        fprintf(stderr, "%s: fprintf failed\n", progName);
        return SECFailure;
128 129
    }
    return SECSuccess;
130 131
}

132
SECStatus
133 134
outputPQGVerify(PQGVerify *pqgVerify, PRBool output_binary, PRBool output_raw,
                FILE *outFile)
135
{
136
    SECStatus rv = SECSuccess;
137
    if (output_raw) {
138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160
        SECItem item;
        unsigned int counter;

        rv = PK11_PQG_GetHFromVerify(pqgVerify, &item);
        if (rv) {
            SECU_PrintError(progName, "PK11_PQG_GetHFromVerify");
            return rv;
        }
        SECU_PrintInteger(outFile, &item, "h", 1);
        SECITEM_FreeItem(&item, PR_FALSE);

        rv = PK11_PQG_GetSeedFromVerify(pqgVerify, &item);
        if (rv) {
            SECU_PrintError(progName, "PK11_PQG_GetSeedFromVerify");
            return rv;
        }
        SECU_PrintInteger(outFile, &item, "SEED", 1);
        fprintf(outFile, "    g:       %d\n", item.len * BPB);
        SECITEM_FreeItem(&item, PR_FALSE);

        counter = PK11_PQG_GetCounterFromVerify(pqgVerify);
        fprintf(outFile, "    counter: %d\n", counter);
        fprintf(outFile, "\n");
161
    }
162
    return rv;
163 164 165 166 167
}

int
main(int argc, char **argv)
{
168 169 170 171 172 173 174 175 176 177 178 179 180 181
    FILE *outFile = NULL;
    char *outFileName = NULL;
    PQGParams *pqgParams = NULL;
    PQGVerify *pqgVerify = NULL;
    int keySizeInBits = 1024;
    int j = 8;
    int g = 0;
    int gMax = 0;
    int qSizeInBits = 0;
    SECStatus rv = 0;
    SECStatus passed = 0;
    PRBool output_ascii = PR_FALSE;
    PRBool output_binary = PR_FALSE;
    PRBool output_raw = PR_FALSE;
182 183 184 185 186
    PLOptState *optstate;
    PLOptStatus status;

    progName = strrchr(argv[0], '/');
    if (!progName)
187 188
        progName = strrchr(argv[0], '\\');
    progName = progName ? progName + 1 : argv[0];
189 190

    /* Parse command line arguments */
191
    optstate = PL_CreateOptState(argc, argv, "?abg:l:n:o:r");
192
    while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233
        switch (optstate->option) {

            case 'l':
                keySizeInBits = atoi(optstate->value);
                break;

            case 'n':
                qSizeInBits = atoi(optstate->value);
                break;

            case 'a':
                output_ascii = PR_TRUE;
                break;

            case 'b':
                output_binary = PR_TRUE;
                break;

            case 'r':
                output_raw = PR_TRUE;
                break;

            case 'o':
                if (outFileName) {
                    PORT_Free(outFileName);
                }
                outFileName = PORT_Strdup(optstate->value);
                if (!outFileName) {
                    rv = -1;
                }
                break;

            case 'g':
                g = atoi(optstate->value);
                break;

            default:
            case '?':
                Usage();
                break;
        }
234
    }
235
    PL_DestroyOptState(optstate);
236

237 238
    if (status == PL_OPT_BAD) {
        Usage();
239 240 241
    }

    /* exactly 1 of these options must be set. */
242 243 244 245
    if (1 != ((output_ascii != PR_FALSE) +
              (output_binary != PR_FALSE) +
              (output_raw != PR_FALSE))) {
        Usage();
246 247
    }

248
    gMax = 2 * keySizeInBits;
249
    if (keySizeInBits < 1024) {
250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265
        j = PQG_PBITS_TO_INDEX(keySizeInBits);
        if (j < 0) {
            fprintf(stderr, "%s: Illegal prime length, \n"
                            "\tacceptable values are between 512 and 1024,\n"
                            "\tand divisible by 64, or 2048 or 3072\n",
                    progName);
            return 2;
        }
        gMax = 2048;
        if ((qSizeInBits != 0) && (qSizeInBits != 160)) {
            fprintf(stderr, "%s: Illegal subprime length, \n"
                            "\tonly 160 is acceptible for primes <= 1024\n",
                    progName);
            return 2;
        }
        /* this forces keysizes less than 1024 into the DSA1 generation
266 267 268
	 * code. Whether 1024 uses DSA2 or not is triggered by qSizeInBits
	 * being non-zero. All larger keysizes will use DSA2.
	 */
269 270
        qSizeInBits = 0;
    }
271
    if (g != 0 && (g < 160 || g >= gMax || g % 8 != 0)) {
272 273 274 275 276
        fprintf(stderr, "%s: Illegal g bits, \n"
                        "\tacceptable values are between 160 and %d,\n"
                        "\tand divisible by 8\n",
                progName, gMax);
        return 3;
277 278 279
    }

    if (!rv && outFileName) {
280 281 282 283 284 285
        outFile = fopen(outFileName, output_binary ? "wb" : "w");
        if (!outFile) {
            fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
                    progName, outFileName);
            rv = -1;
        }
286 287
    }
    if (outFileName) {
288
        PORT_Free(outFileName);
289 290
    }
    if (rv != 0) {
291
        return 1;
292 293 294
    }

    if (outFile == NULL) {
295
        outFile = stdout;
296 297
    }

298 299
    NSS_NoDB_Init(NULL);

300
    if (keySizeInBits > 1024 || qSizeInBits != 0) {
301 302 303 304
        rv = PK11_PQG_ParamGenV2((unsigned)keySizeInBits,
                                 (unsigned)qSizeInBits, (unsigned)(g /
                                                                   8),
                                 &pqgParams, &pqgVerify);
305
    } else if (g) {
306 307 308 309
        rv = PK11_PQG_ParamGenSeedLen((unsigned)j, (unsigned)(g / 8),
                                      &pqgParams, &pqgVerify);
    } else {
        rv = PK11_PQG_ParamGen((unsigned)j, &pqgParams, &pqgVerify);
310
    }
311
    /* below here, must go to loser */
312

313
    if (rv != SECSuccess || pqgParams == NULL || pqgVerify == NULL) {
314 315 316
        SECU_PrintError(progName, "PQG parameter generation failed.\n");
        goto loser;
    }
317 318
    fprintf(stderr, "%s: PQG parameter generation completed.\n", progName);

319 320
    rv = outputPQGParams(pqgParams, output_binary, output_raw, outFile);
    if (rv) {
321 322
        fprintf(stderr, "%s: failed to output PQG params.\n", progName);
        goto loser;
323 324 325
    }
    rv = outputPQGVerify(pqgVerify, output_binary, output_raw, outFile);
    if (rv) {
326 327
        fprintf(stderr, "%s: failed to output PQG Verify.\n", progName);
        goto loser;
328
    }
329

330
    rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &passed);
331
    if (rv != SECSuccess) {
332 333
        fprintf(stderr, "%s: PQG parameter verification aborted.\n", progName);
        goto loser;
334 335
    }
    if (passed != SECSuccess) {
336 337 338
        fprintf(stderr, "%s: PQG parameters failed verification.\n", progName);
        goto loser;
    }
339 340
    fprintf(stderr, "%s: PQG parameters passed verification.\n", progName);

341 342
    PK11_PQG_DestroyParams(pqgParams);
    PK11_PQG_DestroyVerify(pqgVerify);
343 344 345
    return 0;

loser:
346 347
    PK11_PQG_DestroyParams(pqgParams);
    PK11_PQG_DestroyVerify(pqgVerify);
348 349
    return 1;
}