static void check_generated_ecc_key (gcry_sexp_t key) { gcry_sexp_t skey, pkey; pkey = gcry_sexp_find_token (key, "public-key", 0); if (!pkey) fail ("public part missing in return value\n"); else { /* Fixme: Check more stuff. */ gcry_sexp_release (pkey); } skey = gcry_sexp_find_token (key, "private-key", 0); if (!skey) fail ("private part missing in return value\n"); else { int rc = gcry_pk_testkey (skey); if (rc) fail ("gcry_pk_testkey failed: %s\n", gpg_strerror (rc)); gcry_sexp_release (skey); } /* Finally check that gcry_pk_testkey also works on the entire S-expression. */ { int rc = gcry_pk_testkey (key); if (rc) fail ("gcry_pk_testkey failed on key pair: %s\n", gpg_strerror (rc)); } }
/** * Decode the private key from the data-format back * to the "normal", internal format. * * @param buf the buffer where the private key data is stored * @param len the length of the data in @a buf * @return NULL on error */ struct GNUNET_CRYPTO_rsa_PrivateKey * GNUNET_CRYPTO_rsa_private_key_decode (const char *buf, size_t len) { struct GNUNET_CRYPTO_rsa_PrivateKey *key; key = GNUNET_new (struct GNUNET_CRYPTO_rsa_PrivateKey); if (0 != gcry_sexp_new (&key->sexp, buf, len, 0)) { LOG (GNUNET_ERROR_TYPE_WARNING, "Decoded private key is not valid\n"); GNUNET_free (key); return NULL; } if (0 != gcry_pk_testkey (key->sexp)) { LOG (GNUNET_ERROR_TYPE_WARNING, "Decoded private key is not valid\n"); GNUNET_CRYPTO_rsa_private_key_free (key); return NULL; } return key; }
int p2p_convert_private_key(RSA *key, gcry_sexp_t *r_key) { size_t err; char *buf; gcry_mpi_t n_mpi, e_mpi, d_mpi, p_mpi, q_mpi, u_mpi; buf = BN_bn2hex(key->n); gcry_mpi_scan(&n_mpi, GCRYMPI_FMT_HEX, buf, 0, &err); OPENSSL_free(buf); buf = BN_bn2hex(key->e); gcry_mpi_scan(&e_mpi, GCRYMPI_FMT_HEX, buf, 0, &err); OPENSSL_free(buf); buf = BN_bn2hex(key->d); gcry_mpi_scan(&d_mpi, GCRYMPI_FMT_HEX, buf, 0, &err); OPENSSL_free(buf); buf = BN_bn2hex(key->p); gcry_mpi_scan(&p_mpi, GCRYMPI_FMT_HEX, buf, 0, &err); OPENSSL_free(buf); buf = BN_bn2hex(key->q); gcry_mpi_scan(&q_mpi, GCRYMPI_FMT_HEX, buf, 0, &err); OPENSSL_free(buf); buf = BN_bn2hex(key->iqmp); gcry_mpi_scan(&u_mpi, GCRYMPI_FMT_HEX, buf, 0, &err); OPENSSL_free(buf); if(gcry_mpi_cmp(p_mpi, q_mpi) > 0) { gcry_mpi_swap(p_mpi, q_mpi); gcry_mpi_invm(u_mpi, p_mpi, q_mpi); } gcry_sexp_build(r_key, &err, "(private-key (rsa (n %m) (e %m) (d %m) (p %m) (q %m) (u %m)))", n_mpi, e_mpi, d_mpi, p_mpi, q_mpi, u_mpi); gcry_mpi_release(n_mpi); gcry_mpi_release(e_mpi); gcry_mpi_release(d_mpi); gcry_mpi_release(p_mpi); gcry_mpi_release(q_mpi); gcry_mpi_release(u_mpi); gcry_error_t sane = gcry_pk_testkey(*r_key); if(sane) { return -1; } return 0; }
/** * Create a new private key. Caller must free return value. * * @return fresh private key */ static struct GNUNET_CRYPTO_RsaPrivateKey * rsa_key_create () { struct GNUNET_CRYPTO_RsaPrivateKey *ret; gcry_sexp_t s_key; gcry_sexp_t s_keyparam; GNUNET_assert (0 == gcry_sexp_build (&s_keyparam, NULL, "(genkey(rsa(nbits %d)(rsa-use-e 3:257)))", 2048)); GNUNET_assert (0 == gcry_pk_genkey (&s_key, s_keyparam)); gcry_sexp_release (s_keyparam); #if EXTRA_CHECKS GNUNET_assert (0 == gcry_pk_testkey (s_key)); #endif ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey)); ret->sexp = s_key; return ret; }
static void check_generated_rsa_key (gcry_sexp_t key, unsigned long expected_e) { gcry_sexp_t skey, pkey, list; pkey = gcry_sexp_find_token (key, "public-key", 0); if (!pkey) fail ("public part missing in return value\n"); else { gcry_mpi_t e = NULL; list = gcry_sexp_find_token (pkey, "e", 0); if (!list || !(e=gcry_sexp_nth_mpi (list, 1, 0)) ) fail ("public exponent not found\n"); else if (!expected_e) { if (verbose) show_mpi ("public exponent: ", e); } else if ( gcry_mpi_cmp_ui (e, expected_e)) { show_mpi ("public exponent: ", e); fail ("public exponent is not %lu\n", expected_e); } gcry_sexp_release (list); gcry_mpi_release (e); gcry_sexp_release (pkey); } skey = gcry_sexp_find_token (key, "private-key", 0); if (!skey) fail ("private part missing in return value\n"); else { int rc = gcry_pk_testkey (skey); if (rc) fail ("gcry_pk_testkey failed: %s\n", gpg_strerror (rc)); gcry_sexp_release (skey); } }
/** * Create a new private key. Caller must free return value. * * @param len length of the key in bits (i.e. 2048) * @return fresh private key */ struct GNUNET_CRYPTO_rsa_PrivateKey * GNUNET_CRYPTO_rsa_private_key_create (unsigned int len) { struct GNUNET_CRYPTO_rsa_PrivateKey *ret; gcry_sexp_t s_key; gcry_sexp_t s_keyparam; GNUNET_assert (0 == gcry_sexp_build (&s_keyparam, NULL, "(genkey(rsa(nbits %d)))", len)); GNUNET_assert (0 == gcry_pk_genkey (&s_key, s_keyparam)); gcry_sexp_release (s_keyparam); #if EXTRA_CHECKS GNUNET_assert (0 == gcry_pk_testkey (s_key)); #endif ret = GNUNET_new (struct GNUNET_CRYPTO_rsa_PrivateKey); ret->sexp = s_key; return ret; }
static libspectrum_error create_key( gcry_sexp_t *s_key, libspectrum_rzx_dsa_key *key, int secret_key ) { gcry_error_t error; size_t i; gcry_mpi_t mpis[MPI_COUNT]; const char *format; for( i=0; i<MPI_COUNT; i++ ) mpis[i] = NULL; error = gcry_mpi_scan( &mpis[0], GCRYMPI_FMT_HEX, (unsigned char*)key->p, 0, NULL ); if( !error ) error = gcry_mpi_scan( &mpis[1], GCRYMPI_FMT_HEX, (unsigned char*)key->q, 0, NULL ); if( !error ) error = gcry_mpi_scan( &mpis[2], GCRYMPI_FMT_HEX, (unsigned char*)key->g, 0, NULL ); if( !error ) error = gcry_mpi_scan( &mpis[3], GCRYMPI_FMT_HEX, (unsigned char*)key->y, 0, NULL ); if( !error && secret_key ) error = gcry_mpi_scan( &mpis[4], GCRYMPI_FMT_HEX, (unsigned char*)key->x, 0, NULL ); if( error ) { libspectrum_print_error( LIBSPECTRUM_ERROR_LOGIC, "create_key: error creating MPIs: %s", gcry_strerror( error ) ); free_mpis( mpis, MPI_COUNT ); return LIBSPECTRUM_ERROR_LOGIC; } format = secret_key ? private_key_format : public_key_format; error = gcry_sexp_build( s_key, NULL, format, mpis[0], mpis[1], mpis[2], mpis[3], mpis[4] ); if( error ) { libspectrum_print_error( LIBSPECTRUM_ERROR_LOGIC, "create_key: error creating key: %s", gcry_strerror( error ) ); free_mpis( mpis, MPI_COUNT ); return LIBSPECTRUM_ERROR_LOGIC; } free_mpis( mpis, MPI_COUNT ); /* FIXME: Test public keys as well once gcry_pk_testkey acquires this functionality */ if( secret_key ) { error = gcry_pk_testkey( *s_key ); if( error ) { libspectrum_print_error( LIBSPECTRUM_ERROR_LOGIC, "create_key: key is not sane: %s", gcry_strerror( error ) ); return LIBSPECTRUM_ERROR_LOGIC; } } return LIBSPECTRUM_ERROR_NONE; }
static void check_run (void) { gpg_error_t err; gcry_sexp_t pkey, skey; int variant; for (variant=0; variant < 3; variant++) { if (verbose) fprintf (stderr, "Checking sample key (%d).\n", variant); get_keys_sample (&pkey, &skey, variant); /* Check gcry_pk_testkey which requires all elements. */ err = gcry_pk_testkey (skey); if ((variant == 0 && err) || (variant > 0 && gpg_err_code (err) != GPG_ERR_NO_OBJ)) die ("gcry_pk_testkey failed: %s\n", gpg_strerror (err)); /* Run the usual check but expect an error from variant 2. */ check_keys (pkey, skey, 800, variant == 2? GPG_ERR_NO_OBJ : 0); gcry_sexp_release (pkey); gcry_sexp_release (skey); } if (verbose) fprintf (stderr, "Checking generated RSA key.\n"); get_keys_new (&pkey, &skey); check_keys (pkey, skey, 800, 0); gcry_sexp_release (pkey); gcry_sexp_release (skey); if (verbose) fprintf (stderr, "Checking generated RSA key (X9.31).\n"); get_keys_x931_new (&pkey, &skey); check_keys (pkey, skey, 800, 0); gcry_sexp_release (pkey); gcry_sexp_release (skey); if (verbose) fprintf (stderr, "Checking generated Elgamal key.\n"); get_elg_key_new (&pkey, &skey, 0); check_keys (pkey, skey, 400, 0); gcry_sexp_release (pkey); gcry_sexp_release (skey); if (verbose) fprintf (stderr, "Checking passphrase generated Elgamal key.\n"); get_elg_key_new (&pkey, &skey, 1); check_keys (pkey, skey, 800, 0); gcry_sexp_release (pkey); gcry_sexp_release (skey); if (verbose) fprintf (stderr, "Generating DSA key.\n"); get_dsa_key_new (&pkey, &skey, 0); /* Fixme: Add a check function for DSA keys. */ gcry_sexp_release (pkey); gcry_sexp_release (skey); if (!gcry_fips_mode_active ()) { if (verbose) fprintf (stderr, "Generating transient DSA key.\n"); get_dsa_key_new (&pkey, &skey, 1); /* Fixme: Add a check function for DSA keys. */ gcry_sexp_release (pkey); gcry_sexp_release (skey); } if (verbose) fprintf (stderr, "Generating DSA key (FIPS 186).\n"); get_dsa_key_fips186_new (&pkey, &skey); /* Fixme: Add a check function for DSA keys. */ gcry_sexp_release (pkey); gcry_sexp_release (skey); if (verbose) fprintf (stderr, "Generating DSA key with given domain.\n"); get_dsa_key_with_domain_new (&pkey, &skey); /* Fixme: Add a check function for DSA keys. */ gcry_sexp_release (pkey); gcry_sexp_release (skey); if (verbose) fprintf (stderr, "Generating DSA key with given domain (FIPS 186).\n"); get_dsa_key_fips186_with_domain_new (&pkey, &skey); /* Fixme: Add a check function for DSA keys. */ gcry_sexp_release (pkey); gcry_sexp_release (skey); if (verbose) fprintf (stderr, "Generating DSA key with given seed (FIPS 186).\n"); get_dsa_key_fips186_with_seed_new (&pkey, &skey); /* Fixme: Add a check function for DSA keys. */ gcry_sexp_release (pkey); gcry_sexp_release (skey); }