The Tor Browser / annotate

security/nss/cmd/makepqg/makepqg.c@141e0f1194b1 (annotated)

security/nss/cmd/makepqg/makepqg.c

Wed, 31 Dec 2014 07:16:47 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 07:16:47 +0100
branch
TOR_BUG_9701
changeset 3
141e0f1194b1
permissions
-rw-r--r--

Revert simplistic fix pending revisit of Mozilla integration attempt.

michael@0 1 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 4
michael@0 5 #include "prtypes.h"
michael@0 6 #include "prtime.h"
michael@0 7 #include "prlong.h"
michael@0 8
michael@0 9 #include "nss.h"
michael@0 10 #include "secutil.h"
michael@0 11 #include "secitem.h"
michael@0 12 #include "pk11func.h"
michael@0 13 #include "pk11pqg.h"
michael@0 14
michael@0 15 #if defined(XP_UNIX)
michael@0 16 #include <unistd.h>
michael@0 17 #endif
michael@0 18
michael@0 19 #include "plgetopt.h"
michael@0 20
michael@0 21 #define BPB 8 /* bits per byte. */
michael@0 22
michael@0 23 char *progName;
michael@0 24
michael@0 25
michael@0 26 const SEC_ASN1Template seckey_PQGParamsTemplate[] = {
michael@0 27 { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) },
michael@0 28 { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) },
michael@0 29 { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) },
michael@0 30 { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) },
michael@0 31 { 0, }
michael@0 32 };
michael@0 33
michael@0 34
michael@0 35
michael@0 36 void
michael@0 37 Usage(void)
michael@0 38 {
michael@0 39 fprintf(stderr, "Usage: %s\n", progName);
michael@0 40 fprintf(stderr,
michael@0 41 "-a Output DER-encoded PQG params, BTOA encoded.\n"
michael@0 42 "-b Output DER-encoded PQG params in binary\n"
michael@0 43 "-r Output P, Q and G in ASCII hexadecimal. \n"
michael@0 44 " -l prime-length Length of prime in bits (1024 is default)\n"
michael@0 45 " -n subprime-length Length of subprime in bits\n"
michael@0 46 " -o file Output to this file (default is stdout)\n"
michael@0 47 " -g bits Generate SEED this many bits long.\n"
michael@0 48 );
michael@0 49 exit(-1);
michael@0 50
michael@0 51 }
michael@0 52
michael@0 53 SECStatus
michael@0 54 outputPQGParams(PQGParams * pqgParams, PRBool output_binary, PRBool output_raw,
michael@0 55 FILE * outFile)
michael@0 56 {
michael@0 57 PLArenaPool * arena = NULL;
michael@0 58 char * PQG;
michael@0 59 SECItem * pItem;
michael@0 60 int cc;
michael@0 61 SECStatus rv;
michael@0 62 SECItem encodedParams;
michael@0 63
michael@0 64 if (output_raw) {
michael@0 65 SECItem item;
michael@0 66
michael@0 67 rv = PK11_PQG_GetPrimeFromParams(pqgParams, &item);
michael@0 68 if (rv) {
michael@0 69 SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
michael@0 70 return rv;
michael@0 71 }
michael@0 72 SECU_PrintInteger(outFile, &item, "Prime", 1);
michael@0 73 SECITEM_FreeItem(&item, PR_FALSE);
michael@0 74
michael@0 75 rv = PK11_PQG_GetSubPrimeFromParams(pqgParams, &item);
michael@0 76 if (rv) {
michael@0 77 SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
michael@0 78 return rv;
michael@0 79 }
michael@0 80 SECU_PrintInteger(outFile, &item, "Subprime", 1);
michael@0 81 SECITEM_FreeItem(&item, PR_FALSE);
michael@0 82
michael@0 83 rv = PK11_PQG_GetBaseFromParams(pqgParams, &item);
michael@0 84 if (rv) {
michael@0 85 SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
michael@0 86 return rv;
michael@0 87 }
michael@0 88 SECU_PrintInteger(outFile, &item, "Base", 1);
michael@0 89 SECITEM_FreeItem(&item, PR_FALSE);
michael@0 90
michael@0 91 fprintf(outFile, "\n");
michael@0 92 return SECSuccess;
michael@0 93 }
michael@0 94
michael@0 95 encodedParams.data = NULL;
michael@0 96 encodedParams.len = 0;
michael@0 97 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
michael@0 98 if (!arena) {
michael@0 99 SECU_PrintError(progName, "PORT_NewArena");
michael@0 100 return SECFailure;
michael@0 101 }
michael@0 102 pItem = SEC_ASN1EncodeItem(arena, &encodedParams, pqgParams,
michael@0 103 seckey_PQGParamsTemplate);
michael@0 104 if (!pItem) {
michael@0 105 SECU_PrintError(progName, "SEC_ASN1EncodeItem");
michael@0 106 PORT_FreeArena(arena, PR_FALSE);
michael@0 107 return SECFailure;
michael@0 108 }
michael@0 109 if (output_binary) {
michael@0 110 size_t len;
michael@0 111 len = fwrite(encodedParams.data, 1, encodedParams.len, outFile);
michael@0 112 PORT_FreeArena(arena, PR_FALSE);
michael@0 113 if (len != encodedParams.len) {
michael@0 114 fprintf(stderr, "%s: fwrite failed\n", progName);
michael@0 115 return SECFailure;
michael@0 116 }
michael@0 117 return SECSuccess;
michael@0 118 }
michael@0 119
michael@0 120 /* must be output ASCII */
michael@0 121 PQG = BTOA_DataToAscii(encodedParams.data, encodedParams.len);
michael@0 122 PORT_FreeArena(arena, PR_FALSE);
michael@0 123 if (!PQG) {
michael@0 124 SECU_PrintError(progName, "BTOA_DataToAscii");
michael@0 125 return SECFailure;
michael@0 126 }
michael@0 127
michael@0 128 cc = fprintf(outFile,"%s\n",PQG);
michael@0 129 PORT_Free(PQG);
michael@0 130 if (cc <= 0) {
michael@0 131 fprintf(stderr, "%s: fprintf failed\n", progName);
michael@0 132 return SECFailure;
michael@0 133 }
michael@0 134 return SECSuccess;
michael@0 135 }
michael@0 136
michael@0 137 SECStatus
michael@0 138 outputPQGVerify(PQGVerify * pqgVerify, PRBool output_binary, PRBool output_raw,
michael@0 139 FILE * outFile)
michael@0 140 {
michael@0 141 SECStatus rv = SECSuccess;
michael@0 142 if (output_raw) {
michael@0 143 SECItem item;
michael@0 144 unsigned int counter;
michael@0 145
michael@0 146 rv = PK11_PQG_GetHFromVerify(pqgVerify, &item);
michael@0 147 if (rv) {
michael@0 148 SECU_PrintError(progName, "PK11_PQG_GetHFromVerify");
michael@0 149 return rv;
michael@0 150 }
michael@0 151 SECU_PrintInteger(outFile, &item, "h", 1);
michael@0 152 SECITEM_FreeItem(&item, PR_FALSE);
michael@0 153
michael@0 154 rv = PK11_PQG_GetSeedFromVerify(pqgVerify, &item);
michael@0 155 if (rv) {
michael@0 156 SECU_PrintError(progName, "PK11_PQG_GetSeedFromVerify");
michael@0 157 return rv;
michael@0 158 }
michael@0 159 SECU_PrintInteger(outFile, &item, "SEED", 1);
michael@0 160 fprintf(outFile, " g: %d\n", item.len * BPB);
michael@0 161 SECITEM_FreeItem(&item, PR_FALSE);
michael@0 162
michael@0 163 counter = PK11_PQG_GetCounterFromVerify(pqgVerify);
michael@0 164 fprintf(outFile, " counter: %d\n", counter);
michael@0 165 fprintf(outFile, "\n");
michael@0 166 }
michael@0 167 return rv;
michael@0 168 }
michael@0 169
michael@0 170 int
michael@0 171 main(int argc, char **argv)
michael@0 172 {
michael@0 173 FILE * outFile = NULL;
michael@0 174 char * outFileName = NULL;
michael@0 175 PQGParams * pqgParams = NULL;
michael@0 176 PQGVerify * pqgVerify = NULL;
michael@0 177 int keySizeInBits = 1024;
michael@0 178 int j = 8;
michael@0 179 int g = 0;
michael@0 180 int gMax = 0;
michael@0 181 int qSizeInBits = 0;
michael@0 182 SECStatus rv = 0;
michael@0 183 SECStatus passed = 0;
michael@0 184 PRBool output_ascii = PR_FALSE;
michael@0 185 PRBool output_binary = PR_FALSE;
michael@0 186 PRBool output_raw = PR_FALSE;
michael@0 187 PLOptState *optstate;
michael@0 188 PLOptStatus status;
michael@0 189
michael@0 190
michael@0 191 progName = strrchr(argv[0], '/');
michael@0 192 if (!progName)
michael@0 193 progName = strrchr(argv[0], '\\');
michael@0 194 progName = progName ? progName+1 : argv[0];
michael@0 195
michael@0 196 /* Parse command line arguments */
michael@0 197 optstate = PL_CreateOptState(argc, argv, "?abg:l:n:o:r" );
michael@0 198 while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
michael@0 199 switch (optstate->option) {
michael@0 200
michael@0 201 case 'l':
michael@0 202 keySizeInBits = atoi(optstate->value);
michael@0 203 break;
michael@0 204
michael@0 205 case 'n':
michael@0 206 qSizeInBits = atoi(optstate->value);
michael@0 207 break;
michael@0 208
michael@0 209 case 'a':
michael@0 210 output_ascii = PR_TRUE;
michael@0 211 break;
michael@0 212
michael@0 213 case 'b':
michael@0 214 output_binary = PR_TRUE;
michael@0 215 break;
michael@0 216
michael@0 217 case 'r':
michael@0 218 output_raw = PR_TRUE;
michael@0 219 break;
michael@0 220
michael@0 221 case 'o':
michael@0 222 if (outFileName) {
michael@0 223 PORT_Free(outFileName);
michael@0 224 }
michael@0 225 outFileName = PORT_Strdup(optstate->value);
michael@0 226 if (!outFileName) {
michael@0 227 rv = -1;
michael@0 228 }
michael@0 229 break;
michael@0 230
michael@0 231 case 'g':
michael@0 232 g = atoi(optstate->value);
michael@0 233 break;
michael@0 234
michael@0 235
michael@0 236 default:
michael@0 237 case '?':
michael@0 238 Usage();
michael@0 239 break;
michael@0 240
michael@0 241 }
michael@0 242 }
michael@0 243 PL_DestroyOptState(optstate);
michael@0 244
michael@0 245 if (status == PL_OPT_BAD) {
michael@0 246 Usage();
michael@0 247 }
michael@0 248
michael@0 249 /* exactly 1 of these options must be set. */
michael@0 250 if (1 != ((output_ascii != PR_FALSE) +
michael@0 251 (output_binary != PR_FALSE) +
michael@0 252 (output_raw != PR_FALSE))) {
michael@0 253 Usage();
michael@0 254 }
michael@0 255
michael@0 256 gMax = 2*keySizeInBits;
michael@0 257 if (keySizeInBits < 1024) {
michael@0 258 j = PQG_PBITS_TO_INDEX(keySizeInBits);
michael@0 259 if (j < 0) {
michael@0 260 fprintf(stderr, "%s: Illegal prime length, \n"
michael@0 261 "\tacceptable values are between 512 and 1024,\n"
michael@0 262 "\tand divisible by 64, or 2048 or 3072\n",
michael@0 263 progName);
michael@0 264 return 2;
michael@0 265 }
michael@0 266 gMax =2048;
michael@0 267 if ((qSizeInBits != 0) && (qSizeInBits != 160)) {
michael@0 268 fprintf(stderr, "%s: Illegal subprime length, \n"
michael@0 269 "\tonly 160 is acceptible for primes <= 1024\n",
michael@0 270 progName);
michael@0 271 return 2;
michael@0 272 }
michael@0 273 /* this forces keysizes less than 1024 into the DSA1 generation
michael@0 274 * code. Whether 1024 uses DSA2 or not is triggered by qSizeInBits
michael@0 275 * being non-zero. All larger keysizes will use DSA2.
michael@0 276 */
michael@0 277 qSizeInBits = 0;
michael@0 278 }
michael@0 279 if (g != 0 && (g < 160 || g >= gMax || g % 8 != 0)) {
michael@0 280 fprintf(stderr, "%s: Illegal g bits, \n"
michael@0 281 "\tacceptable values are between 160 and %d,\n"
michael@0 282 "\tand divisible by 8\n", progName, gMax);
michael@0 283 return 3;
michael@0 284 }
michael@0 285
michael@0 286 if (!rv && outFileName) {
michael@0 287 outFile = fopen(outFileName, output_binary ? "wb" : "w");
michael@0 288 if (!outFile) {
michael@0 289 fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
michael@0 290 progName, outFileName);
michael@0 291 rv = -1;
michael@0 292 }
michael@0 293 }
michael@0 294 if (outFileName) {
michael@0 295 PORT_Free(outFileName);
michael@0 296 }
michael@0 297 if (rv != 0) {
michael@0 298 return 1;
michael@0 299 }
michael@0 300
michael@0 301 if (outFile == NULL) {
michael@0 302 outFile = stdout;
michael@0 303 }
michael@0 304
michael@0 305
michael@0 306 NSS_NoDB_Init(NULL);
michael@0 307
michael@0 308 if (keySizeInBits > 1024 || qSizeInBits != 0) {
michael@0 309 rv = PK11_PQG_ParamGenV2((unsigned)keySizeInBits,
michael@0 310 (unsigned) qSizeInBits, (unsigned)(g/8), &pqgParams, &pqgVerify);
michael@0 311 } else if (g) {
michael@0 312 rv = PK11_PQG_ParamGenSeedLen((unsigned)j, (unsigned)(g/8),
michael@0 313 &pqgParams, &pqgVerify);
michael@0 314 } else {
michael@0 315 rv = PK11_PQG_ParamGen((unsigned)j, &pqgParams, &pqgVerify);
michael@0 316 }
michael@0 317 /* below here, must go to loser */
michael@0 318
michael@0 319 if (rv != SECSuccess || pqgParams == NULL || pqgVerify == NULL) {
michael@0 320 SECU_PrintError(progName, "PQG parameter generation failed.\n");
michael@0 321 goto loser;
michael@0 322 }
michael@0 323 fprintf(stderr, "%s: PQG parameter generation completed.\n", progName);
michael@0 324
michael@0 325 rv = outputPQGParams(pqgParams, output_binary, output_raw, outFile);
michael@0 326 if (rv) {
michael@0 327 fprintf(stderr, "%s: failed to output PQG params.\n", progName);
michael@0 328 goto loser;
michael@0 329 }
michael@0 330 rv = outputPQGVerify(pqgVerify, output_binary, output_raw, outFile);
michael@0 331 if (rv) {
michael@0 332 fprintf(stderr, "%s: failed to output PQG Verify.\n", progName);
michael@0 333 goto loser;
michael@0 334 }
michael@0 335
michael@0 336 rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &passed);
michael@0 337 if (rv != SECSuccess) {
michael@0 338 fprintf(stderr, "%s: PQG parameter verification aborted.\n", progName);
michael@0 339 goto loser;
michael@0 340 }
michael@0 341 if (passed != SECSuccess) {
michael@0 342 fprintf(stderr, "%s: PQG parameters failed verification.\n", progName);
michael@0 343 goto loser;
michael@0 344 }
michael@0 345 fprintf(stderr, "%s: PQG parameters passed verification.\n", progName);
michael@0 346
michael@0 347 PK11_PQG_DestroyParams(pqgParams);
michael@0 348 PK11_PQG_DestroyVerify(pqgVerify);
michael@0 349 return 0;
michael@0 350
michael@0 351 loser:
michael@0 352 PK11_PQG_DestroyParams(pqgParams);
michael@0 353 PK11_PQG_DestroyVerify(pqgVerify);
michael@0 354 return 1;
michael@0 355 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial