void openssl_dsa_crypt()
{
DSA *d;
unsigned int size, len;
unsigned char inputs[COMM_LEN] = "dsa crypt";
unsigned char outputs[MAX1_LEN] = { 0 };
printf("\nDSA generate key:\n");
d = DSA_new();
DSA_generate_parameters_ex(d, LINE_LEN, NULL, 0, NULL, NULL, NULL);
DSA_generate_key(d);
DSA_print_fp(stdout, d, 0);
DSA_sign(NID_md5_sha1, inputs, 20, outputs, &len, d);
printf("DSA_sign(%s) = ", inputs);
for (size = 0; size < len; size++)
printf("%.02x", outputs[size]);
printf("\n");
DSA_verify(NID_md5_sha1, inputs, 20, outputs, len, d);
printf("DSA_verify(");
for (size = 0; size < len; size++)
printf("%.02x", outputs[size]);
printf(") = %s\n", inputs);
DSA_free(d);
}
Key *
key_load_private_pem(int fd, int type, const char *passphrase,
char **commentp)
{
FILE *fp;
EVP_PKEY *pk = NULL;
Key *prv = NULL;
char *name = "<no key>";
fp = fdopen(fd, "r");
if (fp == NULL) {
error("fdopen failed: %s", strerror(errno));
close(fd);
return NULL;
}
pk = PEM_read_PrivateKey(fp, NULL, NULL, (char *)passphrase);
if (pk == NULL) {
debug("PEM_read_PrivateKey failed");
(void)ERR_get_error();
} else if (pk->type == EVP_PKEY_RSA &&
(type == KEY_UNSPEC||type==KEY_RSA)) {
prv = key_new(KEY_UNSPEC);
prv->rsa = EVP_PKEY_get1_RSA(pk);
prv->type = KEY_RSA;
name = "rsa w/o comment";
#ifdef DEBUG_PK
RSA_print_fp(stderr, prv->rsa, 8);
#endif
if (RSA_blinding_on(prv->rsa, NULL) != 1) {
error("key_load_private_pem: RSA_blinding_on failed");
key_free(prv);
prv = NULL;
}
} else if (pk->type == EVP_PKEY_DSA &&
(type == KEY_UNSPEC||type==KEY_DSA)) {
prv = key_new(KEY_UNSPEC);
prv->dsa = EVP_PKEY_get1_DSA(pk);
prv->type = KEY_DSA;
name = "dsa w/o comment";
#ifdef DEBUG_PK
DSA_print_fp(stderr, prv->dsa, 8);
#endif
} else {
error("PEM_read_PrivateKey: mismatch or "
"unknown EVP_PKEY save_type %d", pk->save_type);
}
fclose(fp);
if (pk != NULL)
EVP_PKEY_free(pk);
if (prv != NULL && commentp)
*commentp = xstrdup(name);
debug("read PEM private key done: type %s",
prv ? key_type(prv) : "<unknown>");
return prv;
}
int main()
{
DSA *key;
FILE *fp1, *fp2;
unsigned char digest[8] = "1234567";
int siglen;
unsigned char signature[1000];
int retcode;
key = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL);
if (key == NULL)
{
printf("\nFailed to generate parameters\n");
exit(1);
}
fp1 = fopen("params.dat", "w");
DSAparams_print_fp(fp1, key);
fclose(fp1);
DSA_generate_key(key);
if (key == NULL)
{
printf("\nFailed to generate key\n");
exit(1);
}
fp2 = fopen("key.dat", "w");
DSA_print_fp(fp2, key, 0);
fclose(fp2);
retcode = DSA_sign(0, digest, 8, signature, &siglen, key);
if (retcode == 0)
{
printf("\n *** Error in signing ***\n\n");
exit(1);
}
printf("\n%s\n",signature);
retcode = DSA_verify(0, digest, 8, signature, siglen, key);
if (retcode == 1)
printf("\n *** Valid signature ***\n\n");
if (retcode == 0)
printf("\n *** Incorrect signature ***\n\n");
if (retcode == -1)
printf("\n *** Error in verifying ***\n\n");
DSA_free(key);
return 0;
}
int main()
{
FILE *fp;
int len, i;
MD5_CTX ctx;
unsigned char buf[1000];
unsigned char md5sum[16];
MD5_Init(&ctx);
if(!( fp = fopen("input.dat", "rb")))
{
printf("\nFailed to open file\n"); return (1);
}
while((len = fread( buf, 1, sizeof(buf), fp ) ) > 0 )
{
MD5_Update(&ctx, buf, len);
}
MD5_Final(md5sum, &ctx);
printf("MD5(input.dat) = ");
for( i = 0; i < 16; i++ )
{
printf("%02x", md5sum[i]);
}
printf("\n");
DSA *key;
FILE *fp1, *fp2;
/*unsigned char digest[8] = "1234567";*/
int siglen;
unsigned char signature[1000];
int retcode;
key = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL);
if (key == NULL)
{
printf("\nFailed to generate parameters\n");
exit(1);
}
fp1 = fopen("params.dat", "w");
DSAparams_print_fp(fp1, key);
fclose(fp1);
DSA_generate_key(key);
if (key == NULL)
{
printf("\nFailed to generate key\n");
exit(1);
}
fp2 = fopen("key.dat", "w");
DSA_print_fp(fp2, key, 0);
fclose(fp2);
retcode = DSA_sign(0, md5sum, 8, signature, &siglen, key);
if (retcode == 0)
{
printf("\n *** Error in signing ***\n\n");
exit(1);
}
FILE *fp3;
fp3 = fopen("signature.dat", "w");
fputs(signature, fp3);
fclose(fp3);
printf("\nSignature of the hash = ");
printf("%s\n",signature);
retcode = DSA_verify(0, md5sum, 8, signature, siglen, key);
if (retcode == 1)
printf("\n *** Valid signature ***\n\n");
if (retcode == 0)
printf("\n *** Incorrect signature ***\n\n");
if (retcode == -1)
printf("\n *** Error in verifying ***\n\n");
DSA_free(key);
return 0;
}
static int
sshkey_parse_private_pem(struct sshbuf *blob, int type, const char *passphrase,
struct sshkey **keyp, char **commentp)
{
EVP_PKEY *pk = NULL;
struct sshkey *prv = NULL;
char *name = "<no key>";
BIO *bio = NULL;
int r;
*keyp = NULL;
if (commentp != NULL)
*commentp = NULL;
if ((bio = BIO_new(BIO_s_mem())) == NULL || sshbuf_len(blob) > INT_MAX)
return SSH_ERR_ALLOC_FAIL;
if (BIO_write(bio, sshbuf_ptr(blob), sshbuf_len(blob)) !=
(int)sshbuf_len(blob)) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
if ((pk = PEM_read_bio_PrivateKey(bio, NULL, NULL,
(char *)passphrase)) == NULL) {
r = SSH_ERR_KEY_WRONG_PASSPHRASE;
goto out;
}
if (pk->type == EVP_PKEY_RSA &&
(type == KEY_UNSPEC || type == KEY_RSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
prv->rsa = EVP_PKEY_get1_RSA(pk);
prv->type = KEY_RSA;
name = "rsa w/o comment";
#ifdef DEBUG_PK
RSA_print_fp(stderr, prv->rsa, 8);
#endif
if (RSA_blinding_on(prv->rsa, NULL) != 1) {
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
} else if (pk->type == EVP_PKEY_DSA &&
(type == KEY_UNSPEC || type == KEY_DSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
prv->dsa = EVP_PKEY_get1_DSA(pk);
prv->type = KEY_DSA;
name = "dsa w/o comment";
#ifdef DEBUG_PK
DSA_print_fp(stderr, prv->dsa, 8);
#endif
} else if (pk->type == EVP_PKEY_EC &&
(type == KEY_UNSPEC || type == KEY_ECDSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
prv->ecdsa = EVP_PKEY_get1_EC_KEY(pk);
prv->type = KEY_ECDSA;
prv->ecdsa_nid = sshkey_ecdsa_key_to_nid(prv->ecdsa);
if (prv->ecdsa_nid == -1 ||
sshkey_curve_nid_to_name(prv->ecdsa_nid) == NULL ||
sshkey_ec_validate_public(EC_KEY_get0_group(prv->ecdsa),
EC_KEY_get0_public_key(prv->ecdsa)) != 0 ||
sshkey_ec_validate_private(prv->ecdsa) != 0) {
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
name = "ecdsa w/o comment";
#ifdef DEBUG_PK
if (prv != NULL && prv->ecdsa != NULL)
sshkey_dump_ec_key(prv->ecdsa);
#endif
} else {
r = SSH_ERR_INVALID_FORMAT;
goto out;
}
if (commentp != NULL &&
(*commentp = strdup(name)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
r = 0;
*keyp = prv;
prv = NULL;
out:
BIO_free(bio);
if (pk != NULL)
EVP_PKEY_free(pk);
if (prv != NULL)
sshkey_free(prv);
return r;
}
EAPI void
eet_identity_print(Eet_Key *key,
FILE *out)
{
#ifdef HAVE_SIGNATURE
# ifdef HAVE_GNUTLS
const char *names[6] = {
"Modulus",
"Public exponent",
"Private exponent",
"First prime",
"Second prime",
"Coefficient"
};
int err = 0;
gnutls_datum_t data = { NULL, 0 };
gnutls_datum_t rsa_raw[6];
size_t size = 128;
char *res = NULL;
char buf[33];
unsigned int i, j;
if (!key)
return;
if (!emile_cipher_init()) return ;
if (key->private_key)
{
if (gnutls_x509_privkey_export_rsa_raw(key->private_key,
rsa_raw + 0, /* Modulus */
rsa_raw + 1, /* Public exponent */
rsa_raw + 2, /* Private exponent */
rsa_raw + 3, /* First prime */
rsa_raw + 4, /* Second prime */
rsa_raw + 5)) /* Coefficient */
goto on_error;
if (!(res = malloc(size)))
goto on_error;
fprintf(out, "Private Key:\n");
buf[32] = '\0';
for (i = 0; i < 6; i++)
{
while ((err = gnutls_hex_encode(rsa_raw + i, res, &size)) ==
GNUTLS_E_SHORT_MEMORY_BUFFER)
{
char *temp;
size += 128;
if (!(temp = realloc(res, size)))
goto on_error;
res = temp;
}
if (err)
goto on_error;
fprintf(out, "\t%s:\n", names[i]);
for (j = 0; strlen(res) > j; j += 32)
{
snprintf(buf, 32, "%s", res + j);
fprintf(out, "\t\t%s\n", buf);
}
}
free(res);
res = NULL;
}
if (key->certificate)
{
fprintf(out, "Public certificate:\n");
if (gnutls_x509_crt_print(key->certificate, GNUTLS_X509_CRT_FULL,
&data))
goto on_error;
fprintf(out, "%s\n", data.data);
gnutls_free(data.data);
data.data = NULL;
}
on_error:
if (res)
free(res);
if (data.data)
gnutls_free(data.data);
return;
# else /* ifdef HAVE_GNUTLS */
RSA *rsa;
DSA *dsa;
DH *dh;
if (!key)
return;
if (!emile_cipher_init()) return ;
rsa = EVP_PKEY_get1_RSA(key->private_key);
if (rsa)
{
fprintf(out, "Private key (RSA):\n");
RSA_print_fp(out, rsa, 0);
}
dsa = EVP_PKEY_get1_DSA(key->private_key);
if (dsa)
{
fprintf(out, "Private key (DSA):\n");
DSA_print_fp(out, dsa, 0);
}
dh = EVP_PKEY_get1_DH(key->private_key);
if (dh)
{
fprintf(out, "Private key (DH):\n");
DHparams_print_fp(out, dh);
}
fprintf(out, "Public certificate:\n");
X509_print_fp(out, key->certificate);
# endif /* ifdef HAVE_GNUTLS */
#else /* ifdef HAVE_SIGNATURE */
key = NULL;
out = NULL;
ERR("You need to compile signature support in EET.");
#endif /* ifdef HAVE_SIGNATURE */
}
inline void dsa_key::print(file _file, int offset) const
{
error::throw_error_if_not(DSA_print_fp(_file.raw(), ptr().get(), offset) != 0);
}
