security/nss/cmd/makepqg/makepqg.c

   1 /* ***** BEGIN LICENSE BLOCK *****
   2  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
   3  *
   4  * The contents of this file are subject to the Mozilla Public License Version
   5  * 1.1 (the "License"); you may not use this file except in compliance with
   6  * the License. You may obtain a copy of the License at
   7  * http://www.mozilla.org/MPL/
   8  *
   9  * Software distributed under the License is distributed on an "AS IS" basis,
  10  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
  11  * for the specific language governing rights and limitations under the
  12  * License.
  13  *
  14  * The Original Code is the Netscape security libraries.
  15  *
  16  * The Initial Developer of the Original Code is
  17  * Netscape Communications Corporation.
  18  * Portions created by the Initial Developer are Copyright (C) 1994-2000
  19  * the Initial Developer. All Rights Reserved.
  20  *
  21  * Contributor(s):
  22  *
  23  * Alternatively, the contents of this file may be used under the terms of
  24  * either the GNU General Public License Version 2 or later (the "GPL"), or
  25  * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
  26  * in which case the provisions of the GPL or the LGPL are applicable instead
  27  * of those above. If you wish to allow use of your version of this file only
  28  * under the terms of either the GPL or the LGPL, and not to allow others to
  29  * use your version of this file under the terms of the MPL, indicate your
  30  * decision by deleting the provisions above and replace them with the notice
  31  * and other provisions required by the GPL or the LGPL. If you do not delete
  32  * the provisions above, a recipient may use your version of this file under
  33  * the terms of any one of the MPL, the GPL or the LGPL.
  34  *
  35  * ***** END LICENSE BLOCK ***** */
  36
  37 #include "prtypes.h"
  38 #include "prtime.h"
  39 #include "prlong.h"
  40
  41 #include "nss.h"
  42 #include "secutil.h"
  43 #include "secitem.h"
  44 #include "pk11func.h"
  45 #include "pk11pqg.h"
  46
  47 #if defined(XP_UNIX)
  48 #include <unistd.h>
  49 #endif
  50
  51 #include "plgetopt.h"
  52
  53 #define BPB 8 /* bits per byte. */
  54
  55 char  *progName;
  56
  57
  58 const SEC_ASN1Template seckey_PQGParamsTemplate[] = {
  59     { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPQGParams) },
  60     { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,prime) },
  61     { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,subPrime) },
  62     { SEC_ASN1_INTEGER, offsetof(SECKEYPQGParams,base) },
  63     { 0, }
  64 };
  65
  66
  67
  68 void
  69 Usage(void)
  70 {
  71     fprintf(stderr, "Usage:  %s\n", progName);
  72     fprintf(stderr,
  73 "-a   Output DER-encoded PQG params, BTOA encoded.\n"
  74 "     -l prime-length       Length of prime in bits (1024 is default)\n"
  75 "     -o file               Output to this file (default is stdout)\n"
  76 "-b   Output DER-encoded PQG params in binary\n"
  77 "     -l prime-length       Length of prime in bits (1024 is default)\n"
  78 "     -o file               Output to this file (default is stdout)\n"
  79 "-r   Output P, Q and G in ASCII hexadecimal. \n"
  80 "     -l prime-length       Length of prime in bits (1024 is default)\n"
  81 "     -o file               Output to this file (default is stdout)\n"
  82 "-g bits       Generate SEED this many bits long.\n"
  83 );
  84     exit(-1);
  85
  86 }
  87
  88 SECStatus
  89 outputPQGParams(PQGParams * pqgParams, PRBool output_binary, PRBool output_raw,
  90                 FILE * outFile)
  91 {
  92     PRArenaPool   * arena               = NULL;
  93     char          * PQG;
  94     SECItem       * pItem;
  95     int             cc;
  96     SECStatus       rv;
  97     SECItem         encodedParams;
  98
  99     if (output_raw) {
 100         SECItem item;
 101
 102         rv = PK11_PQG_GetPrimeFromParams(pqgParams, &item);
 103         if (rv) {
 104             SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
 105             return rv;
 106         }
 107         SECU_PrintInteger(outFile, &item,    "Prime",    1);
 108         SECITEM_FreeItem(&item, PR_FALSE);
 109
 110         rv = PK11_PQG_GetSubPrimeFromParams(pqgParams, &item);
 111         if (rv) {
 112             SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
 113             return rv;
 114         }
 115         SECU_PrintInteger(outFile, &item, "Subprime", 1);
 116         SECITEM_FreeItem(&item, PR_FALSE);
 117
 118         rv = PK11_PQG_GetBaseFromParams(pqgParams, &item);
 119         if (rv) {
 120             SECU_PrintError(progName, "PK11_PQG_GetPrimeFromParams");
 121             return rv;
 122         }
 123         SECU_PrintInteger(outFile, &item,     "Base",     1);
 124         SECITEM_FreeItem(&item, PR_FALSE);
 125
 126         fprintf(outFile, "\n");
 127         return SECSuccess;
 128     }
 129
 130     encodedParams.data = NULL;
 131     encodedParams.len  = 0;
 132     arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
 133     if (!arena) {
 134         SECU_PrintError(progName, "PORT_NewArena");
 135         return SECFailure;
 136     }
 137     pItem = SEC_ASN1EncodeItem(arena, &encodedParams, pqgParams,
 138                                seckey_PQGParamsTemplate);
 139     if (!pItem) {
 140         SECU_PrintError(progName, "SEC_ASN1EncodeItem");
 141         PORT_FreeArena(arena, PR_FALSE);
 142         return SECFailure;
 143     }
 144     if (output_binary) {
 145         size_t len;
 146         len = fwrite(encodedParams.data, 1, encodedParams.len, outFile);
 147         PORT_FreeArena(arena, PR_FALSE);
 148         if (len != encodedParams.len) {
 149              fprintf(stderr, "%s: fwrite failed\n", progName);
 150              return SECFailure;
 151         }
 152         return SECSuccess;
 153     }
 154
 155     /* must be output ASCII */
 156     PQG = BTOA_DataToAscii(encodedParams.data, encodedParams.len);
 157     PORT_FreeArena(arena, PR_FALSE);
 158     if (!PQG) {
 159         SECU_PrintError(progName, "BTOA_DataToAscii");
 160         return SECFailure;
 161     }
 162
 163     cc = fprintf(outFile,"%s\n",PQG);
 164     PORT_Free(PQG);
 165     if (cc <= 0) {
 166          fprintf(stderr, "%s: fprintf failed\n", progName);
 167          return SECFailure;
 168     }
 169     return SECSuccess;
 170 }
 171
 172 SECStatus
 173 outputPQGVerify(PQGVerify * pqgVerify, PRBool output_binary, PRBool output_raw,
 174                 FILE * outFile)
 175 {
 176     SECStatus rv = SECSuccess;
 177     if (output_raw) {
 178         SECItem item;
 179         unsigned int counter;
 180
 181         rv = PK11_PQG_GetHFromVerify(pqgVerify, &item);
 182         if (rv) {
 183             SECU_PrintError(progName, "PK11_PQG_GetHFromVerify");
 184             return rv;
 185         }
 186         SECU_PrintInteger(outFile, &item,        "h",        1);
 187         SECITEM_FreeItem(&item, PR_FALSE);
 188
 189         rv = PK11_PQG_GetSeedFromVerify(pqgVerify, &item);
 190         if (rv) {
 191             SECU_PrintError(progName, "PK11_PQG_GetSeedFromVerify");
 192             return rv;
 193         }
 194         SECU_PrintInteger(outFile, &item,     "SEED",     1);
 195         fprintf(outFile, "    g:       %d\n", item.len * BPB);
 196         SECITEM_FreeItem(&item, PR_FALSE);
 197
 198         counter = PK11_PQG_GetCounterFromVerify(pqgVerify);
 199         fprintf(outFile, "    counter: %d\n", counter);
 200         fprintf(outFile, "\n");
 201     }
 202     return rv;
 203 }
 204
 205 int
 206 main(int argc, char **argv)
 207 {
 208     FILE          * outFile             = NULL;
 209     char          * outFileName         = NULL;
 210     PQGParams     * pqgParams           = NULL;
 211     PQGVerify     * pqgVerify           = NULL;
 212     int             keySizeInBits       = 1024;
 213     int             j;
 214     int             g                   = 0;
 215     SECStatus       rv                  = 0;
 216     SECStatus       passed              = 0;
 217     PRBool          output_ascii        = PR_FALSE;
 218     PRBool          output_binary       = PR_FALSE;
 219     PRBool          output_raw          = PR_FALSE;
 220     PLOptState *optstate;
 221     PLOptStatus status;
 222
 223
 224     progName = strrchr(argv[0], '/');
 225     if (!progName)
 226         progName = strrchr(argv[0], '\\');
 227     progName = progName ? progName+1 : argv[0];
 228
 229     /* Parse command line arguments */
 230     optstate = PL_CreateOptState(argc, argv, "?abg:l:o:r" );
 231     while ((status = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
 232         switch (optstate->option) {
 233
 234           case 'l':
 235             keySizeInBits = atoi(optstate->value);
 236             break;
 237
 238           case 'a':
 239             output_ascii = PR_TRUE;
 240             break;
 241
 242           case 'b':
 243             output_binary = PR_TRUE;
 244             break;
 245
 246           case 'r':
 247             output_raw = PR_TRUE;
 248             break;
 249
 250           case 'o':
 251             if (outFileName) {
 252                 PORT_Free(outFileName);
 253             }
 254             outFileName = PORT_Strdup(optstate->value);
 255             if (!outFileName) {
 256                 rv = -1;
 257             }
 258             break;
 259
 260           case 'g':
 261             g = atoi(optstate->value);
 262             break;
 263
 264           default:
 265           case '?':
 266             Usage();
 267             break;
 268
 269         }
 270     }
 271     PL_DestroyOptState(optstate);
 272
 273     if (status == PL_OPT_BAD) {
 274         Usage();
 275     }
 276
 277     /* exactly 1 of these options must be set. */
 278     if (1 != ((output_ascii  != PR_FALSE) +
 279               (output_binary != PR_FALSE) +
 280               (output_raw    != PR_FALSE))) {
 281         Usage();
 282     }
 283
 284     j = PQG_PBITS_TO_INDEX(keySizeInBits);
 285     if (j < 0) {
 286         fprintf(stderr, "%s: Illegal prime length, \n"
 287                         "\tacceptable values are between 512 and 1024,\n"
 288                         "\tand divisible by 64\n", progName);
 289         return 2;
 290     }
 291     if (g != 0 && (g < 160 || g >= 2048 || g % 8 != 0)) {
 292         fprintf(stderr, "%s: Illegal g bits, \n"
 293                         "\tacceptable values are between 160 and 2040,\n"
 294                         "\tand divisible by 8\n", progName);
 295         return 3;
 296     }
 297
 298     if (!rv && outFileName) {
 299         outFile = fopen(outFileName, output_binary ? "wb" : "w");
 300         if (!outFile) {
 301             fprintf(stderr, "%s: unable to open \"%s\" for writing\n",
 302                     progName, outFileName);
 303             rv = -1;
 304         }
 305     }
 306     if (outFileName) {
 307         PORT_Free(outFileName);
 308     }
 309     if (rv != 0) {
 310         return 1;
 311     }
 312
 313     if (outFile == NULL) {
 314         outFile = stdout;
 315     }
 316
 317
 318     NSS_NoDB_Init(NULL);
 319
 320     if (g)
 321         rv = PK11_PQG_ParamGenSeedLen((unsigned)j, (unsigned)(g/8),
 322                                  &pqgParams, &pqgVerify);
 323     else
 324         rv = PK11_PQG_ParamGen((unsigned)j, &pqgParams, &pqgVerify);
 325     /* below here, must go to loser */
 326
 327     if (rv != SECSuccess || pqgParams == NULL || pqgVerify == NULL) {
 328         SECU_PrintError(progName, "PQG parameter generation failed.\n");
 329         goto loser;
 330     }
 331     fprintf(stderr, "%s: PQG parameter generation completed.\n", progName);
 332
 333     rv = outputPQGParams(pqgParams, output_binary, output_raw, outFile);
 334     if (rv) {
 335         fprintf(stderr, "%s: failed to output PQG params.\n", progName);
 336         goto loser;
 337     }
 338     rv = outputPQGVerify(pqgVerify, output_binary, output_raw, outFile);
 339     if (rv) {
 340         fprintf(stderr, "%s: failed to output PQG Verify.\n", progName);
 341         goto loser;
 342     }
 343
 344     rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &passed);
 345     if (rv != SECSuccess) {
 346         fprintf(stderr, "%s: PQG parameter verification aborted.\n", progName);
 347         goto loser;
 348     }
 349     if (passed != SECSuccess) {
 350         fprintf(stderr, "%s: PQG parameters failed verification.\n", progName);
 351         goto loser;
 352     }
 353     fprintf(stderr, "%s: PQG parameters passed verification.\n", progName);
 354
 355     PK11_PQG_DestroyParams(pqgParams);
 356     PK11_PQG_DestroyVerify(pqgVerify);
 357     return 0;
 358
 359 loser:
 360     PK11_PQG_DestroyParams(pqgParams);
 361     PK11_PQG_DestroyVerify(pqgVerify);
 362     return 1;
 363 }