dsa160_key::dsa160_key(int bits) { if (bits == 0) { bits = 2048; } // Choose an appropriate set of DSA parameters for the new key. if (bits <= 1024) { dsa_ = get_dsa1024(); } else if (bits <= 2048) { dsa_ = get_dsa2048(); } else if (bits <= 3072) { dsa_ = get_dsa3072(); } else { logger::fatal() << "Can't currently produce DSA keys with more than 3072 bits"; } assert(dsa_); // Generate a new DSA key given those parameters int rc = DSA_generate_key(dsa_); assert(rc == 1); assert(dsa_->priv_key != nullptr); if (rc != 1 or dsa_->priv_key == nullptr) { throw std::runtime_error("Cannot generate DSA private key"); } set_type(public_and_private); }
static isc_result_t openssldsa_generate(dst_key_t *key, int unused, void (*callback)(int)) { DSA *dsa; unsigned char rand_array[ISC_SHA1_DIGESTLENGTH]; isc_result_t result; #if OPENSSL_VERSION_NUMBER > 0x00908000L BN_GENCB cb; union { void *dptr; void (*fptr)(int); } u; #else UNUSED(callback); #endif UNUSED(unused); result = dst__entropy_getdata(rand_array, sizeof(rand_array), ISC_FALSE); if (result != ISC_R_SUCCESS) return (result); #if OPENSSL_VERSION_NUMBER > 0x00908000L dsa = DSA_new(); if (dsa == NULL) return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); if (callback == NULL) { BN_GENCB_set_old(&cb, NULL, NULL); } else { u.fptr = callback; BN_GENCB_set(&cb, &progress_cb, u.dptr); } if (!DSA_generate_parameters_ex(dsa, key->key_size, rand_array, ISC_SHA1_DIGESTLENGTH, NULL, NULL, &cb)) { DSA_free(dsa); return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); } #else dsa = DSA_generate_parameters(key->key_size, rand_array, ISC_SHA1_DIGESTLENGTH, NULL, NULL, NULL, NULL); if (dsa == NULL) return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); #endif if (DSA_generate_key(dsa) == 0) { DSA_free(dsa); return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); } dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; key->keydata.dsa = dsa; return (ISC_R_SUCCESS); }
int crypto_sign_keypair(unsigned char *pk,unsigned char *sk) { DSA *x; int len; x = DSA_new(); if (!x) return -1; memset(sk,0,SECRETKEY_BYTES); memset(pk,0,PUBLICKEY_BYTES); x->p = BN_new(); if (!x->p) goto error; x->q = BN_new(); if (!x->q) goto error; x->g = BN_new(); if (!x->g) goto error; if (!BN_bin2bn(prime,sizeof prime,x->p)) goto error; if (!BN_bin2bn(prime_q,sizeof prime_q,x->q)) goto error; if (!BN_bin2bn(prime_g,sizeof prime_g,x->g)) goto error; if (!DSA_generate_key(x)) goto error; len = BN_num_bytes(x->pub_key); if (len > PUBLICKEY_BYTES) goto error; BN_bn2bin(x->pub_key,pk + PUBLICKEY_BYTES - len); BN_bn2bin(x->pub_key,sk + PUBLICKEY_BYTES - len); len = BN_num_bytes(x->priv_key); if (len > SECRETKEY_BYTES - PUBLICKEY_BYTES) goto error; BN_bn2bin(x->priv_key,sk + SECRETKEY_BYTES - len); DSA_free(x); return 0; error: DSA_free(x); return -1; }
void openssl_dsa_crypt() { DSA *d; unsigned int size, len; unsigned char inputs[COMM_LEN] = "dsa crypt"; unsigned char outputs[MAX1_LEN] = { 0 }; printf("\nDSA generate key:\n"); d = DSA_new(); DSA_generate_parameters_ex(d, LINE_LEN, NULL, 0, NULL, NULL, NULL); DSA_generate_key(d); DSA_print_fp(stdout, d, 0); DSA_sign(NID_md5_sha1, inputs, 20, outputs, &len, d); printf("DSA_sign(%s) = ", inputs); for (size = 0; size < len; size++) printf("%.02x", outputs[size]); printf("\n"); DSA_verify(NID_md5_sha1, inputs, 20, outputs, len, d); printf("DSA_verify("); for (size = 0; size < len; size++) printf("%.02x", outputs[size]); printf(") = %s\n", inputs); DSA_free(d); }
void keypair() { char buf[1024]; int nmod=0; while(fgets(buf,sizeof buf,stdin) != NULL) { if(!strncmp(buf,"[mod = ",7)) nmod=atoi(buf+7); else if(!strncmp(buf,"N = ",4)) { DSA *dsa; int n=atoi(buf+4); printf("[mod = %d]\n\n",nmod); dsa=DSA_generate_parameters(nmod,NULL,0,NULL,NULL,NULL,NULL); pbn("P",dsa->p); pbn("Q",dsa->q); pbn("G",dsa->g); putc('\n',stdout); while(n--) { DSA_generate_key(dsa); pbn("X",dsa->priv_key); pbn("Y",dsa->pub_key); putc('\n',stdout); } } } }
static EP_STAT generate_dsa_key(EP_CRYPTO_KEY *key, int keylen) { DSA *dsakey; // generate new parameter block dsakey = DSA_new(); if (DSA_generate_parameters_ex(dsakey, keylen, NULL, 0, NULL, NULL, NULL) != 1) { _ep_crypto_error("cannot initialize DSA parameters"); goto fail0; } if (DSA_generate_key(dsakey) != 1) { _ep_crypto_error("cannot generate DSA key"); goto fail0; } if (EVP_PKEY_assign_DSA(key, dsakey) != 1) { _ep_crypto_error("cannot save DSA key"); goto fail0; } return EP_STAT_OK; fail0: return EP_STAT_CRYPTO_KEYCREATE; }
static void keypair(FILE *in, FILE *out) { char buf[1024]; char lbuf[1024]; char *keyword, *value; int dsa2, L, N; while(fgets(buf,sizeof buf,in) != NULL) { if (!parse_line(&keyword, &value, lbuf, buf)) { continue; } if(!strcmp(keyword,"[mod")) { if (!parse_mod(value, &dsa2, &L, &N, NULL)) { fprintf(stderr, "Mod Parse Error\n"); exit (1); } fputs(buf,out); } else if(!strcmp(keyword,"N")) { DSA *dsa; int n=atoi(value); dsa = FIPS_dsa_new(); if (!dsa2 && !dsa_builtin_paramgen(dsa, L, N, NULL, NULL, 0, NULL, NULL, NULL, NULL)) { fprintf(stderr, "Parameter Generation error\n"); exit(1); } if (dsa2 && dsa_builtin_paramgen2(dsa, L, N, NULL, NULL, 0, -1, NULL, NULL, NULL, NULL) <= 0) { fprintf(stderr, "Parameter Generation error\n"); exit(1); } do_bn_print_name(out, "P",dsa->p); do_bn_print_name(out, "Q",dsa->q); do_bn_print_name(out, "G",dsa->g); fputs(RESP_EOL, out); while(n--) { if (!DSA_generate_key(dsa)) exit(1); do_bn_print_name(out, "X",dsa->priv_key); do_bn_print_name(out, "Y",dsa->pub_key); fputs(RESP_EOL, out); } if (dsa) FIPS_dsa_free(dsa); } } }
// Key factory bool OSSLDSA::generateKeyPair(AsymmetricKeyPair** ppKeyPair, AsymmetricParameters* parameters, RNG* /*rng = NULL */) { // Check parameters if ((ppKeyPair == NULL) || (parameters == NULL)) { return false; } if (!parameters->areOfType(DSAParameters::type)) { ERROR_MSG("Invalid parameters supplied for DSA key generation"); return false; } DSAParameters* params = (DSAParameters*) parameters; // Generate the key-pair DSA* dsa = DSA_new(); if (dsa == NULL) { ERROR_MSG("Failed to instantiate OpenSSL DSA object"); return false; } // Use the OpenSSL implementation and not any engine DSA_set_method(dsa, DSA_get_default_method()); dsa->p = OSSL::byteString2bn(params->getP()); dsa->q = OSSL::byteString2bn(params->getQ()); dsa->g = OSSL::byteString2bn(params->getG()); if (DSA_generate_key(dsa) != 1) { ERROR_MSG("DSA key generation failed (0x%08X)", ERR_get_error()); DSA_free(dsa); return false; } // Create an asymmetric key-pair object to return OSSLDSAKeyPair* kp = new OSSLDSAKeyPair(); ((OSSLDSAPublicKey*) kp->getPublicKey())->setFromOSSL(dsa); ((OSSLDSAPrivateKey*) kp->getPrivateKey())->setFromOSSL(dsa); *ppKeyPair = kp; // Release the key DSA_free(dsa); return true; }
static int genkeys(void) { if (!TEST_ptr(dsakey = load_dsa_params())) return 0; if (!TEST_int_eq(DSA_generate_key(dsakey), 1)) return 0; return 1; }
int main(int argc, char **argv) { DSA *dsa; unsigned char* input_string; unsigned char* sign_string; unsigned int sig_len; unsigned int i; if ( argc != 2 ) { fprintf(stderr, "%s <plain text>\n", argv[0]); exit(-1); } input_string = (unsigned char*)calloc(strlen(argv[1]) + 1, sizeof(unsigned char)); if ( input_string == NULL ) { fprintf(stderr, "Unable to allocate memory for input_string\n"); exit(-1); } strncpy((char *)input_string, argv[1], strlen(argv[1])); dsa = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL); DSA_generate_key(dsa); sign_string = (unsigned char *)calloc(DSA_size(dsa), sizeof(unsigned char)); if ( sign_string == NULL ) { fprintf(stderr, "Unable to allocate memory for sign_string\n"); exit(-1); } if ( DSA_sign(0, input_string, strlen((char *)input_string), sign_string, &sig_len, dsa) == 0 ) { fprintf(stderr, "Sign error\n"); exit(-1); } int is_valid_signature = DSA_verify(0, input_string, strlen((char*)input_string), sign_string, sig_len, dsa); DSAparams_print_fp(stdout, dsa); printf("input_string = %s\n", input_string); printf("signed string = "); for ( i = 0; i < sig_len; i++ ) printf("%x%x", (sign_string[i] >> 4) & 0xf, sign_string[i] & 0xf); printf("\n"); printf("is_valid_signature? = %d\n", is_valid_signature); return 0; }
int main() { DSA *key; FILE *fp1, *fp2; unsigned char digest[8] = "1234567"; int siglen; unsigned char signature[1000]; int retcode; key = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL); if (key == NULL) { printf("\nFailed to generate parameters\n"); exit(1); } fp1 = fopen("params.dat", "w"); DSAparams_print_fp(fp1, key); fclose(fp1); DSA_generate_key(key); if (key == NULL) { printf("\nFailed to generate key\n"); exit(1); } fp2 = fopen("key.dat", "w"); DSA_print_fp(fp2, key, 0); fclose(fp2); retcode = DSA_sign(0, digest, 8, signature, &siglen, key); if (retcode == 0) { printf("\n *** Error in signing ***\n\n"); exit(1); } printf("\n%s\n",signature); retcode = DSA_verify(0, digest, 8, signature, siglen, key); if (retcode == 1) printf("\n *** Valid signature ***\n\n"); if (retcode == 0) printf("\n *** Incorrect signature ***\n\n"); if (retcode == -1) printf("\n *** Error in verifying ***\n\n"); DSA_free(key); return 0; }
static int dsa_test(void) { BN_GENCB *cb; DSA *dsa = NULL; int counter, ret = 0, i, j; unsigned char buf[256]; unsigned long h; unsigned char sig[256]; unsigned int siglen; const BIGNUM *p = NULL, *q = NULL, *g = NULL; if (!TEST_ptr(cb = BN_GENCB_new())) goto end; BN_GENCB_set(cb, dsa_cb, NULL); if (!TEST_ptr(dsa = DSA_new()) || !TEST_true(DSA_generate_parameters_ex(dsa, 512, seed, 20, &counter, &h, cb))) goto end; if (!TEST_int_eq(counter, 105)) goto end; if (!TEST_int_eq(h, 2)) goto end; DSA_get0_pqg(dsa, &p, &q, &g); i = BN_bn2bin(q, buf); j = sizeof(out_q); if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_q, i)) goto end; i = BN_bn2bin(p, buf); j = sizeof(out_p); if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_p, i)) goto end; i = BN_bn2bin(g, buf); j = sizeof(out_g); if (!TEST_int_eq(i, j) || !TEST_mem_eq(buf, i, out_g, i)) goto end; DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (TEST_true(DSA_verify(0, str1, 20, sig, siglen, dsa))) ret = 1; end: DSA_free(dsa); BN_GENCB_free(cb); return ret; }
void pki_evp::generate(int bits, int type, QProgressBar *progress, int curve_nid) { RSA *rsakey; DSA *dsakey; EC_KEY *eckey; progress->setMinimum(0); progress->setMaximum(100); progress->setValue(50); switch (type) { case EVP_PKEY_RSA: rsakey = RSA_generate_key(bits, 0x10001, inc_progress_bar, progress); if (rsakey) EVP_PKEY_assign_RSA(key, rsakey); break; case EVP_PKEY_DSA: progress->setMaximum(500); dsakey = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, inc_progress_bar, progress); DSA_generate_key(dsakey); if (dsakey) EVP_PKEY_assign_DSA(key, dsakey); break; case EVP_PKEY_EC: EC_GROUP *group = EC_GROUP_new_by_curve_name(curve_nid); if (!group) break; eckey = EC_KEY_new(); if (eckey == NULL) { EC_GROUP_free(group); break; } EC_GROUP_set_asn1_flag(group, 1); if (EC_KEY_set_group(eckey, group)) { if (EC_KEY_generate_key(eckey)) { EVP_PKEY_assign_EC_KEY(key, eckey); EC_GROUP_free(group); break; } } EC_KEY_free(eckey); EC_GROUP_free(group); break; } pki_openssl_error(); encryptKey(); }
static int generate_dsa_keypair(EVP_PKEY* pkey, const keymaster_dsa_keygen_params_t* dsa_params) { if (dsa_params->key_size < 512) { ALOGI("Requested DSA key size is too small (<512)"); return -1; } Unique_DSA dsa(DSA_new()); if (dsa_params->generator_len == 0 || dsa_params->prime_p_len == 0 || dsa_params->prime_q_len == 0 || dsa_params->generator == NULL || dsa_params->prime_p == NULL || dsa_params->prime_q == NULL) { if (DSA_generate_parameters_ex(dsa.get(), dsa_params->key_size, NULL, 0, NULL, NULL, NULL) != 1) { logOpenSSLError("generate_dsa_keypair"); return -1; } } else { dsa->g = BN_bin2bn(dsa_params->generator, dsa_params->generator_len, NULL); if (dsa->g == NULL) { logOpenSSLError("generate_dsa_keypair"); return -1; } dsa->p = BN_bin2bn(dsa_params->prime_p, dsa_params->prime_p_len, NULL); if (dsa->p == NULL) { logOpenSSLError("generate_dsa_keypair"); return -1; } dsa->q = BN_bin2bn(dsa_params->prime_q, dsa_params->prime_q_len, NULL); if (dsa->q == NULL) { logOpenSSLError("generate_dsa_keypair"); return -1; } } if (DSA_generate_key(dsa.get()) != 1) { logOpenSSLError("generate_dsa_keypair"); return -1; } if (EVP_PKEY_assign_DSA(pkey, dsa.get()) == 0) { logOpenSSLError("generate_dsa_keypair"); return -1; } release_because_ownership_transferred(dsa); return 0; }
static isc_result_t openssldsa_generate(dst_key_t *key, int unused) { #if OPENSSL_VERSION_NUMBER > 0x00908000L BN_GENCB cb; #endif DSA *dsa; unsigned char rand_array[ISC_SHA1_DIGESTLENGTH]; isc_result_t result; UNUSED(unused); result = dst__entropy_getdata(rand_array, sizeof(rand_array), ISC_FALSE); if (result != ISC_R_SUCCESS) return (result); #if OPENSSL_VERSION_NUMBER > 0x00908000L dsa = DSA_new(); if (dsa == NULL) return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); BN_GENCB_set_old(&cb, NULL, NULL); if (!DSA_generate_parameters_ex(dsa, key->key_size, rand_array, ISC_SHA1_DIGESTLENGTH, NULL, NULL, &cb)) { DSA_free(dsa); return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); } #else dsa = DSA_generate_parameters(key->key_size, rand_array, ISC_SHA1_DIGESTLENGTH, NULL, NULL, NULL, NULL); if (dsa == NULL) return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); #endif if (DSA_generate_key(dsa) == 0) { DSA_free(dsa); return (dst__openssl_toresult(DST_R_OPENSSLFAILURE)); } dsa->flags &= ~DSA_FLAG_CACHE_MONT_P; key->opaque = dsa; return (ISC_R_SUCCESS); }
static int pkey_dsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { DSA *dsa = NULL; if (ctx->pkey == NULL) { DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_NO_PARAMETERS_SET); return 0; } dsa = DSA_new(); if (dsa == NULL) return 0; EVP_PKEY_assign_DSA(pkey, dsa); /* Note: if error return, pkey is freed by parent routine */ if (!EVP_PKEY_copy_parameters(pkey, ctx->pkey)) return 0; return DSA_generate_key(pkey->pkey.dsa); }
/* * DSA: generate keys and sign, verify input plaintext. */ static int FIPS_dsa_test(int bad) { DSA *dsa = NULL; EVP_PKEY pk; unsigned char dgst[] = "etaonrishdlc"; unsigned char buf[60]; unsigned int slen; int r = 0; EVP_MD_CTX mctx; ERR_clear_error(); EVP_MD_CTX_init(&mctx); dsa = DSA_new(); if (!dsa) goto end; if (!DSA_generate_parameters_ex(dsa, 1024, NULL, 0, NULL, NULL, NULL)) goto end; if (!DSA_generate_key(dsa)) goto end; if (bad) BN_add_word(dsa->pub_key, 1); pk.type = EVP_PKEY_DSA; pk.pkey.dsa = dsa; if (!EVP_SignInit_ex(&mctx, EVP_dss1(), NULL)) goto end; if (!EVP_SignUpdate(&mctx, dgst, sizeof(dgst) - 1)) goto end; if (!EVP_SignFinal(&mctx, buf, &slen, &pk)) goto end; if (!EVP_VerifyInit_ex(&mctx, EVP_dss1(), NULL)) goto end; if (!EVP_VerifyUpdate(&mctx, dgst, sizeof(dgst) - 1)) goto end; r = EVP_VerifyFinal(&mctx, buf, slen, &pk); end: EVP_MD_CTX_cleanup(&mctx); if (dsa) DSA_free(dsa); if (r != 1) return 0; return 1; }
int32_t CryptoNative_DsaGenerateKey(DSA** dsa, int32_t bits) { *dsa = DSA_new(); if (!dsa) { assert(false); return 0; } if (!DSA_generate_parameters_ex(*dsa, bits, NULL, 0, NULL, NULL, NULL) || !DSA_generate_key(*dsa)) { DSA_free(*dsa); *dsa = NULL; return 0; } return 1; }
/* * DSA: generate keys and sign, verify input plaintext. */ static int FIPS_dsa_test(int bad) { DSA *dsa = NULL; unsigned char dgst[] = "etaonrishdlc"; int r = 0; EVP_MD_CTX mctx; DSA_SIG *sig = NULL; ERR_clear_error(); FIPS_md_ctx_init(&mctx); dsa = FIPS_dsa_new(); if (!dsa) goto end; if (!DSA_generate_parameters_ex(dsa, 1024,NULL,0,NULL,NULL,NULL)) goto end; if (!DSA_generate_key(dsa)) goto end; if (bad) BN_add_word(dsa->pub_key, 1); if (!FIPS_digestinit(&mctx, EVP_sha256())) goto end; if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1)) goto end; sig = FIPS_dsa_sign_ctx(dsa, &mctx); if (!sig) goto end; if (!FIPS_digestinit(&mctx, EVP_sha256())) goto end; if (!FIPS_digestupdate(&mctx, dgst, sizeof(dgst) - 1)) goto end; r = FIPS_dsa_verify_ctx(dsa, &mctx, sig); end: if (sig) FIPS_dsa_sig_free(sig); FIPS_md_ctx_cleanup(&mctx); if (dsa) FIPS_dsa_free(dsa); if (r != 1) return 0; return 1; }
/** load_probekeys Loads public and private keys for the probe. If it cannot load them, it generates and saves them. Returns 0 if we get actual keys and -1 if no keys could be loaded or generated. */ static int load_probekeys() { int r; char *pubfn, *privfn; pubfn = fm_abs(FM_KEY_PROBE_PUBLIC); privfn = fm_abs(FM_KEY_PROBE_PRIVATE); r = load_keys(pubfn, privfn, &probe); if(r == -1 && DSA_generate_key(probe)) { save_keys(pubfn, privfn, probe); r = 0; } free(pubfn); free(privfn); return r; }
static void keypair() { char buf[1024]; char lbuf[1024]; char *keyword, *value; int nmod = 0; while (fgets(buf, sizeof buf, stdin) != NULL) { if (!parse_line(&keyword, &value, lbuf, buf)) { fputs(buf, stdout); continue; } if (!strcmp(keyword, "[mod")) nmod = atoi(value); else if (!strcmp(keyword, "N")) { DSA *dsa; int n = atoi(value); printf("[mod = %d]\n\n", nmod); dsa = FIPS_dsa_new(); if (!DSA_generate_parameters_ex (dsa, nmod, NULL, 0, NULL, NULL, NULL)) { do_print_errors(); exit(1); } pbn("P", dsa->p); pbn("Q", dsa->q); pbn("G", dsa->g); putc('\n', stdout); while (n--) { if (!DSA_generate_key(dsa)) { do_print_errors(); exit(1); } pbn("X", dsa->priv_key); pbn("Y", dsa->pub_key); putc('\n', stdout); } } } }
/* DSA: generate key and sign a known digest, then verify the signature * against the digest */ static int FIPS_dsa_test() { DSA *dsa = NULL; unsigned char dgst[] = "etaonrishdlc"; unsigned char sig[256]; unsigned int siglen; ERR_clear_error(); dsa = DSA_generate_parameters(512,NULL,0,NULL,NULL,NULL,NULL); if (!dsa) return 0; if (!DSA_generate_key(dsa)) return 0; if ( DSA_sign(0,dgst,sizeof(dgst) - 1,sig,&siglen,dsa) != 1 ) return 0; if ( DSA_verify(0,dgst,sizeof(dgst) - 1,sig,siglen,dsa) != 1 ) return 0; DSA_free(dsa); return 1; }
void siggen() { char buf[1024]; int nmod=0; DSA *dsa=NULL; while(fgets(buf,sizeof buf,stdin) != NULL) { if(!strncmp(buf,"[mod = ",7)) { nmod=atoi(buf+7); printf("[mod = %d]\n\n",nmod); dsa=DSA_generate_parameters(nmod,NULL,0,NULL,NULL,NULL,NULL); pbn("P",dsa->p); pbn("Q",dsa->q); pbn("G",dsa->g); putc('\n',stdout); } else if(!strncmp(buf,"Msg = ",6)) { unsigned char msg[1024]; unsigned char hash[20]; int n; DSA_SIG *sig; n=hex2bin(buf+6,msg); pv("Msg",msg,n); DSA_generate_key(dsa); pbn("Y",dsa->pub_key); SHA1(msg,n,hash); sig=DSA_do_sign(hash,sizeof hash,dsa); pbn("R",sig->r); pbn("S",sig->s); putc('\n',stdout); } } }
/* * DSA key generation */ EVP_PKEY * isns_dsa_generate_key(void) { EVP_PKEY *pkey; DSA *dsa = NULL; if (!(dsa = isns_dsa_load_params(isns_config.ic_dsa.param_file))) goto failed; if (!DSA_generate_key(dsa)) { isns_dsasig_report_errors("Failed to generate DSA key", isns_error); goto failed; } pkey = EVP_PKEY_new(); EVP_PKEY_assign_DSA(pkey, dsa); return pkey; failed: if (dsa) DSA_free(dsa); return NULL; }
int MAIN(int argc, char **argv) { #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif DSA *dsa=NULL; int ret=1; char *outfile=NULL; char *inrand=NULL,*dsaparams=NULL; char *passargout = NULL, *passout = NULL; BIO *out=NULL,*in=NULL; const EVP_CIPHER *enc=NULL; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; argv++; argc--; for (;;) { if (argc <= 0) break; if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } else if (strcmp(*argv,"-passout") == 0) { if (--argc < 1) goto bad; passargout= *(++argv); } #ifndef OPENSSL_NO_ENGINE else if (strcmp(*argv,"-engine") == 0) { if (--argc < 1) goto bad; engine= *(++argv); } #endif else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; inrand= *(++argv); } else if (strcmp(*argv,"-") == 0) goto bad; #ifndef OPENSSL_NO_DES else if (strcmp(*argv,"-des") == 0) enc=EVP_des_cbc(); else if (strcmp(*argv,"-des3") == 0) enc=EVP_des_ede3_cbc(); #endif #ifndef OPENSSL_NO_IDEA else if (strcmp(*argv,"-idea") == 0) enc=EVP_idea_cbc(); #endif #ifndef OPENSSL_NO_SEED else if (strcmp(*argv,"-seed") == 0) enc=EVP_seed_cbc(); #endif #ifndef OPENSSL_NO_AES else if (strcmp(*argv,"-aes128") == 0) enc=EVP_aes_128_cbc(); else if (strcmp(*argv,"-aes192") == 0) enc=EVP_aes_192_cbc(); else if (strcmp(*argv,"-aes256") == 0) enc=EVP_aes_256_cbc(); #endif #ifndef OPENSSL_NO_CAMELLIA else if (strcmp(*argv,"-camellia128") == 0) enc=EVP_camellia_128_cbc(); else if (strcmp(*argv,"-camellia192") == 0) enc=EVP_camellia_192_cbc(); else if (strcmp(*argv,"-camellia256") == 0) enc=EVP_camellia_256_cbc(); #endif else if (**argv != '-' && dsaparams == NULL) { dsaparams = *argv; } else goto bad; argv++; argc--; } if (dsaparams == NULL) { bad: BIO_printf(bio_err,"usage: gendsa [args] dsaparam-file\n"); BIO_printf(bio_err," -out file - output the key to 'file'\n"); #ifndef OPENSSL_NO_DES BIO_printf(bio_err," -des - encrypt the generated key with DES in cbc mode\n"); BIO_printf(bio_err," -des3 - encrypt the generated key with DES in ede cbc mode (168 bit key)\n"); #endif #ifndef OPENSSL_NO_IDEA BIO_printf(bio_err," -idea - encrypt the generated key with IDEA in cbc mode\n"); #endif #ifndef OPENSSL_NO_SEED BIO_printf(bio_err," -seed\n"); BIO_printf(bio_err," encrypt PEM output with cbc seed\n"); #endif #ifndef OPENSSL_NO_AES BIO_printf(bio_err," -aes128, -aes192, -aes256\n"); BIO_printf(bio_err," encrypt PEM output with cbc aes\n"); #endif #ifndef OPENSSL_NO_CAMELLIA BIO_printf(bio_err," -camellia128, -camellia192, -camellia256\n"); BIO_printf(bio_err," encrypt PEM output with cbc camellia\n"); #endif #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n"); #endif BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR); BIO_printf(bio_err," - load the file (or the files in the directory) into\n"); BIO_printf(bio_err," the random number generator\n"); BIO_printf(bio_err," dsaparam-file\n"); BIO_printf(bio_err," - a DSA parameter file as generated by the dsaparam command\n"); goto end; } #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } in=BIO_new(BIO_s_file()); if (!(BIO_read_filename(in,dsaparams))) { perror(dsaparams); goto end; } if ((dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL)) == NULL) { BIO_printf(bio_err,"unable to load DSA parameter file\n"); goto end; } BIO_free(in); in = NULL; out=BIO_new(BIO_s_file()); if (out == NULL) goto end; if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL) { BIO_printf(bio_err,"warning, not much extra random data, consider using the -rand option\n"); } if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); BIO_printf(bio_err,"Generating DSA key, %d bits\n", BN_num_bits(dsa->p)); if (!DSA_generate_key(dsa)) goto end; app_RAND_write_file(NULL, bio_err); if (!PEM_write_bio_DSAPrivateKey(out,dsa,enc,NULL,0,NULL, passout)) goto end; ret=0; end: if (ret != 0) ERR_print_errors(bio_err); if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); if(passout) OPENSSL_free(passout); apps_shutdown(); OPENSSL_EXIT(ret); }
int main() { FILE *fp; int len, i; MD5_CTX ctx; unsigned char buf[1000]; unsigned char md5sum[16]; MD5_Init(&ctx); if(!( fp = fopen("input.dat", "rb"))) { printf("\nFailed to open file\n"); return (1); } while((len = fread( buf, 1, sizeof(buf), fp ) ) > 0 ) { MD5_Update(&ctx, buf, len); } MD5_Final(md5sum, &ctx); printf("MD5(input.dat) = "); for( i = 0; i < 16; i++ ) { printf("%02x", md5sum[i]); } printf("\n"); DSA *key; FILE *fp1, *fp2; /*unsigned char digest[8] = "1234567";*/ int siglen; unsigned char signature[1000]; int retcode; key = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, NULL, NULL); if (key == NULL) { printf("\nFailed to generate parameters\n"); exit(1); } fp1 = fopen("params.dat", "w"); DSAparams_print_fp(fp1, key); fclose(fp1); DSA_generate_key(key); if (key == NULL) { printf("\nFailed to generate key\n"); exit(1); } fp2 = fopen("key.dat", "w"); DSA_print_fp(fp2, key, 0); fclose(fp2); retcode = DSA_sign(0, md5sum, 8, signature, &siglen, key); if (retcode == 0) { printf("\n *** Error in signing ***\n\n"); exit(1); } FILE *fp3; fp3 = fopen("signature.dat", "w"); fputs(signature, fp3); fclose(fp3); printf("\nSignature of the hash = "); printf("%s\n",signature); retcode = DSA_verify(0, md5sum, 8, signature, siglen, key); if (retcode == 1) printf("\n *** Valid signature ***\n\n"); if (retcode == 0) printf("\n *** Incorrect signature ***\n\n"); if (retcode == -1) printf("\n *** Error in verifying ***\n\n"); DSA_free(key); return 0; }
int MAIN(int argc, char **argv) { #ifndef OPENSSL_NO_ENGINE ENGINE *e = NULL; #endif DSA *dsa=NULL; int i,badops=0,text=0; BIO *in=NULL,*out=NULL; int informat,outformat,noout=0,C=0,ret=1; char *infile,*outfile,*prog,*inrand=NULL; int numbits= -1,num,genkey=0; int need_rand=0; #ifndef OPENSSL_NO_ENGINE char *engine=NULL; #endif #ifdef GENCB_TEST int timebomb=0; #endif apps_startup(); if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); if (!load_config(bio_err, NULL)) goto end; infile=NULL; outfile=NULL; informat=FORMAT_PEM; outformat=FORMAT_PEM; prog=argv[0]; argc--; argv++; while (argc >= 1) { if (strcmp(*argv,"-inform") == 0) { if (--argc < 1) goto bad; informat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-outform") == 0) { if (--argc < 1) goto bad; outformat=str2fmt(*(++argv)); } else if (strcmp(*argv,"-in") == 0) { if (--argc < 1) goto bad; infile= *(++argv); } else if (strcmp(*argv,"-out") == 0) { if (--argc < 1) goto bad; outfile= *(++argv); } #ifndef OPENSSL_NO_ENGINE else if(strcmp(*argv, "-engine") == 0) { if (--argc < 1) goto bad; engine = *(++argv); } #endif #ifdef GENCB_TEST else if(strcmp(*argv, "-timebomb") == 0) { if (--argc < 1) goto bad; timebomb = atoi(*(++argv)); } #endif else if (strcmp(*argv,"-text") == 0) text=1; else if (strcmp(*argv,"-C") == 0) C=1; else if (strcmp(*argv,"-genkey") == 0) { genkey=1; need_rand=1; } else if (strcmp(*argv,"-rand") == 0) { if (--argc < 1) goto bad; inrand= *(++argv); need_rand=1; } else if (strcmp(*argv,"-noout") == 0) noout=1; else if (sscanf(*argv,"%d",&num) == 1) { /* generate a key */ numbits=num; need_rand=1; } else { BIO_printf(bio_err,"unknown option %s\n",*argv); badops=1; break; } argc--; argv++; } if (badops) { bad: BIO_printf(bio_err,"%s [options] [bits] <infile >outfile\n",prog); BIO_printf(bio_err,"where options are\n"); BIO_printf(bio_err," -inform arg input format - DER or PEM\n"); BIO_printf(bio_err," -outform arg output format - DER or PEM\n"); BIO_printf(bio_err," -in arg input file\n"); BIO_printf(bio_err," -out arg output file\n"); BIO_printf(bio_err," -text print as text\n"); BIO_printf(bio_err," -C Output C code\n"); BIO_printf(bio_err," -noout no output\n"); BIO_printf(bio_err," -genkey generate a DSA key\n"); BIO_printf(bio_err," -rand files to use for random number input\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err," -engine e use engine e, possibly a hardware device.\n"); #endif #ifdef GENCB_TEST BIO_printf(bio_err," -timebomb n interrupt keygen after <n> seconds\n"); #endif BIO_printf(bio_err," number number of bits to use for generating private key\n"); goto end; } ERR_load_crypto_strings(); in=BIO_new(BIO_s_file()); out=BIO_new(BIO_s_file()); if ((in == NULL) || (out == NULL)) { ERR_print_errors(bio_err); goto end; } if (infile == NULL) BIO_set_fp(in,stdin,BIO_NOCLOSE); else { if (BIO_read_filename(in,infile) <= 0) { perror(infile); goto end; } } if (outfile == NULL) { BIO_set_fp(out,stdout,BIO_NOCLOSE); #ifdef OPENSSL_SYS_VMS { BIO *tmpbio = BIO_new(BIO_f_linebuffer()); out = BIO_push(tmpbio, out); } #endif } else { if (BIO_write_filename(out,outfile) <= 0) { perror(outfile); goto end; } } #ifndef OPENSSL_NO_ENGINE e = setup_engine(bio_err, engine, 0); #endif if (need_rand) { app_RAND_load_file(NULL, bio_err, (inrand != NULL)); if (inrand != NULL) BIO_printf(bio_err,"%ld semi-random bytes loaded\n", app_RAND_load_files(inrand)); } if (numbits > 0) { BN_GENCB cb; BN_GENCB_set(&cb, dsa_cb, bio_err); assert(need_rand); dsa = DSA_new(); if(!dsa) { BIO_printf(bio_err,"Error allocating DSA object\n"); goto end; } BIO_printf(bio_err,"Generating DSA parameters, %d bit long prime\n",num); BIO_printf(bio_err,"This could take some time\n"); #ifdef GENCB_TEST if(timebomb > 0) { struct sigaction act; act.sa_handler = timebomb_sigalarm; act.sa_flags = 0; BIO_printf(bio_err,"(though I'll stop it if not done within %d secs)\n", timebomb); if(sigaction(SIGALRM, &act, NULL) != 0) { BIO_printf(bio_err,"Error, couldn't set SIGALRM handler\n"); goto end; } alarm(timebomb); } #endif if(!DSA_generate_parameters_ex(dsa,num,NULL,0,NULL,NULL, &cb)) { #ifdef GENCB_TEST if(stop_keygen_flag) { BIO_printf(bio_err,"DSA key generation time-stopped\n"); /* This is an asked-for behaviour! */ ret = 0; goto end; } #endif BIO_printf(bio_err,"Error, DSA key generation failed\n"); goto end; } } else if (informat == FORMAT_ASN1) dsa=d2i_DSAparams_bio(in,NULL); else if (informat == FORMAT_PEM) dsa=PEM_read_bio_DSAparams(in,NULL,NULL,NULL); else { BIO_printf(bio_err,"bad input format specified\n"); goto end; } if (dsa == NULL) { BIO_printf(bio_err,"unable to load DSA parameters\n"); ERR_print_errors(bio_err); goto end; } if (text) { DSAparams_print(out,dsa); } if (C) { unsigned char *data; int l,len,bits_p,bits_q,bits_g; len=BN_num_bytes(dsa->p); bits_p=BN_num_bits(dsa->p); bits_q=BN_num_bits(dsa->q); bits_g=BN_num_bits(dsa->g); data=(unsigned char *)OPENSSL_malloc(len+20); if (data == NULL) { perror("OPENSSL_malloc"); goto end; } l=BN_bn2bin(dsa->p,data); printf("static unsigned char dsa%d_p[]={",bits_p); for (i=0; i<l; i++) { if ((i%12) == 0) printf("\n\t"); printf("0x%02X,",data[i]); } printf("\n\t};\n"); l=BN_bn2bin(dsa->q,data); printf("static unsigned char dsa%d_q[]={",bits_p); for (i=0; i<l; i++) { if ((i%12) == 0) printf("\n\t"); printf("0x%02X,",data[i]); } printf("\n\t};\n"); l=BN_bn2bin(dsa->g,data); printf("static unsigned char dsa%d_g[]={",bits_p); for (i=0; i<l; i++) { if ((i%12) == 0) printf("\n\t"); printf("0x%02X,",data[i]); } printf("\n\t};\n\n"); printf("DSA *get_dsa%d()\n\t{\n",bits_p); printf("\tDSA *dsa;\n\n"); printf("\tif ((dsa=DSA_new()) == NULL) return(NULL);\n"); printf("\tdsa->p=BN_bin2bn(dsa%d_p,sizeof(dsa%d_p),NULL);\n", bits_p,bits_p); printf("\tdsa->q=BN_bin2bn(dsa%d_q,sizeof(dsa%d_q),NULL);\n", bits_p,bits_p); printf("\tdsa->g=BN_bin2bn(dsa%d_g,sizeof(dsa%d_g),NULL);\n", bits_p,bits_p); printf("\tif ((dsa->p == NULL) || (dsa->q == NULL) || (dsa->g == NULL))\n"); printf("\t\t{ DSA_free(dsa); return(NULL); }\n"); printf("\treturn(dsa);\n\t}\n"); } if (!noout) { if (outformat == FORMAT_ASN1) i=i2d_DSAparams_bio(out,dsa); else if (outformat == FORMAT_PEM) i=PEM_write_bio_DSAparams(out,dsa); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } if (!i) { BIO_printf(bio_err,"unable to write DSA parameters\n"); ERR_print_errors(bio_err); goto end; } } if (genkey) { DSA *dsakey; assert(need_rand); if ((dsakey=DSAparams_dup(dsa)) == NULL) goto end; if (!DSA_generate_key(dsakey)) goto end; if (outformat == FORMAT_ASN1) i=i2d_DSAPrivateKey_bio(out,dsakey); else if (outformat == FORMAT_PEM) i=PEM_write_bio_DSAPrivateKey(out,dsakey,NULL,NULL,0,NULL,NULL); else { BIO_printf(bio_err,"bad output format specified for outfile\n"); goto end; } DSA_free(dsakey); } if (need_rand) app_RAND_write_file(NULL, bio_err); ret=0; end: if (in != NULL) BIO_free(in); if (out != NULL) BIO_free_all(out); if (dsa != NULL) DSA_free(dsa); apps_shutdown(); OPENSSL_EXIT(ret); }
int ssl_test_dsa(int argc, char **argv) { BN_GENCB cb; DSA *dsa=NULL; int counter,ret=0,i,j; unsigned char buf[256]; unsigned long h; unsigned char sig[256]; unsigned int siglen; #ifndef OPENSSL_SYS_WINDOWS bio_err = BIO_new(BIO_s_mem()); if (bio_err == NULL) return(1); #else if (bio_err == NULL) bio_err=BIO_new_fp(OPENSSL_TYPE__FILE_STDERR,BIO_NOCLOSE); #endif CRYPTO_malloc_debug_init(); CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); ERR_load_crypto_strings(); RAND_seed(rnd_seed, sizeof rnd_seed); TINYCLR_SSL_PRINTF("test generation of DSA parameters\n"); BN_GENCB_set(&cb, dsa_cb, bio_err); if(((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, seed, 20, &counter, &h, &cb)) goto end; TINYCLR_SSL_PRINTF("seed\n"); for (i=0; i<20; i+=4) { TINYCLR_SSL_PRINTF("%02X%02X%02X%02X ", seed[i],seed[i+1],seed[i+2],seed[i+3]); } TINYCLR_SSL_PRINTF("\ncounter=%d h=%ld\n",counter,h); DSA_print(bio_err,dsa,0); if (counter != 105) { TINYCLR_SSL_PRINTF("counter should be 105\n"); goto end; } if (h != 2) { TINYCLR_SSL_PRINTF("h should be 2\n"); goto end; } i=BN_bn2bin(dsa->q,buf); j=sizeof(out_q); if ((i != j) || (TINYCLR_SSL_MEMCMP(buf,out_q,i) != 0)) { TINYCLR_SSL_PRINTF("q value is wrong\n"); goto end; } i=BN_bn2bin(dsa->p,buf); j=sizeof(out_p); if ((i != j) || (TINYCLR_SSL_MEMCMP(buf,out_p,i) != 0)) { TINYCLR_SSL_PRINTF("p value is wrong\n"); goto end; } i=BN_bn2bin(dsa->g,buf); j=sizeof(out_g); if ((i != j) || (TINYCLR_SSL_MEMCMP(buf,out_g,i) != 0)) { TINYCLR_SSL_PRINTF("g value is wrong\n"); goto end; } dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME; DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) ret=1; dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME; DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) ret=1; end: if (!ret) ERR_print_errors(bio_err); if (dsa != NULL) DSA_free(dsa); CRYPTO_cleanup_all_ex_data(); ERR_remove_thread_state(NULL); ERR_free_strings(); CRYPTO_mem_leaks(bio_err); if (bio_err != NULL) { BIO_free(bio_err); bio_err = NULL; } #ifdef OPENSSL_SYS_NETWARE if (!ret) TINYCLR_SSL_PRINTF("ERROR\n"); #endif return(0); }
int main(int argc, char **argv) { BN_GENCB *cb; DSA *dsa = NULL; int counter, ret = 0, i, j; unsigned char buf[256]; unsigned long h; unsigned char sig[256]; unsigned int siglen; BIGNUM *p = NULL, *q = NULL, *g = NULL; if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); CRYPTO_set_mem_debug(1); CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); RAND_seed(rnd_seed, sizeof rnd_seed); BIO_printf(bio_err, "test generation of DSA parameters\n"); cb = BN_GENCB_new(); if (!cb) goto end; BN_GENCB_set(cb, dsa_cb, bio_err); if (((dsa = DSA_new()) == NULL) || !DSA_generate_parameters_ex(dsa, 512, seed, 20, &counter, &h, cb)) goto end; BIO_printf(bio_err, "seed\n"); for (i = 0; i < 20; i += 4) { BIO_printf(bio_err, "%02X%02X%02X%02X ", seed[i], seed[i + 1], seed[i + 2], seed[i + 3]); } BIO_printf(bio_err, "\ncounter=%d h=%ld\n", counter, h); DSA_print(bio_err, dsa, 0); if (counter != 105) { BIO_printf(bio_err, "counter should be 105\n"); goto end; } if (h != 2) { BIO_printf(bio_err, "h should be 2\n"); goto end; } DSA_get0_pqg(dsa, &p, &q, &g); i = BN_bn2bin(q, buf); j = sizeof(out_q); if ((i != j) || (memcmp(buf, out_q, i) != 0)) { BIO_printf(bio_err, "q value is wrong\n"); goto end; } i = BN_bn2bin(p, buf); j = sizeof(out_p); if ((i != j) || (memcmp(buf, out_p, i) != 0)) { BIO_printf(bio_err, "p value is wrong\n"); goto end; } i = BN_bn2bin(g, buf); j = sizeof(out_g); if ((i != j) || (memcmp(buf, out_g, i) != 0)) { BIO_printf(bio_err, "g value is wrong\n"); goto end; } DSA_set_flags(dsa, DSA_FLAG_NO_EXP_CONSTTIME); DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) ret = 1; DSA_clear_flags(dsa, DSA_FLAG_NO_EXP_CONSTTIME); DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) ret = 1; end: if (!ret) ERR_print_errors(bio_err); DSA_free(dsa); BN_GENCB_free(cb); #ifndef OPENSSL_NO_CRYPTO_MDEBUG if (CRYPTO_mem_leaks(bio_err) <= 0) ret = 0; #endif BIO_free(bio_err); bio_err = NULL; EXIT(!ret); }
DVT_STATUS CERTIFICATE_CLASS::generateFiles(LOG_CLASS* logger_ptr, const char* signerCredentialsFile_ptr, const char* credentialsPassword_ptr, const char* keyPassword_ptr, const char* keyFile_ptr, const char* certificateFile_ptr) // DESCRIPTION : Generate a certificate and key files from this class. // PRECONDITIONS : // POSTCONDITIONS : // EXCEPTIONS : // NOTES : If signerCredentialsFile_ptr is NULL, a self signed // : certificate will be generated. // : // : Returns: MSG_OK, MSG_LIB_NOT_EXIST, MSG_FILE_NOT_EXIST, // : MSG_ERROR, MSG_INVALID_PASSWORD //<<=========================================================================== { DVT_STATUS ret = MSG_ERROR; unsigned long err; OPENSSL_CLASS* openSsl_ptr; BIO* caBio_ptr = NULL; EVP_PKEY* caPrivateKey_ptr = NULL; X509* caCertificate_ptr = NULL; EVP_PKEY* key_ptr = NULL; X509* cert_ptr = NULL; X509_NAME* name_ptr; time_t effectiveTime; time_t expirationTime; EVP_PKEY* tmpKey_ptr; const EVP_MD *digest_ptr; BIO* pkBio_ptr = NULL; const EVP_CIPHER *cipher_ptr; BIO* certBio_ptr = NULL; // check for the existence of the OpenSSL DLLs openSsl_ptr = OPENSSL_CLASS::getInstance(); if (openSsl_ptr == NULL) { return MSG_LIB_NOT_EXIST; } // clear the error queue ERR_clear_error(); if (signerCredentialsFile_ptr != NULL) { // open the credentials file caBio_ptr = BIO_new(BIO_s_file_internal()); if (caBio_ptr == NULL) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "setting up to read CA credentials file"); goto end; } if (BIO_read_filename(caBio_ptr, signerCredentialsFile_ptr) <= 0) { err = ERR_peek_error(); if ((ERR_GET_LIB(err) == ERR_LIB_SYS) && (ERR_GET_REASON(err) == ERROR_FILE_NOT_FOUND)) { // file does not exist ERR_clear_error(); // eat any errors ret = MSG_FILE_NOT_EXIST; } else { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "opening CA credentials file for reading"); } goto end; } // read the certificate authority's private key caPrivateKey_ptr = PEM_read_bio_PrivateKey(caBio_ptr, NULL, NULL, (void*)credentialsPassword_ptr); if (caPrivateKey_ptr == NULL) { err = ERR_peek_error(); if ((ERR_GET_LIB(err) == ERR_LIB_EVP) && (ERR_GET_REASON(err) == EVP_R_BAD_DECRYPT)) { // bad password ERR_clear_error(); // eat any errors ret = MSG_INVALID_PASSWORD; } else { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "reading private key from CA credentials file"); } goto end; } // read the certificate authority's certificate caCertificate_ptr = PEM_read_bio_X509(caBio_ptr, NULL, NULL, (void*)credentialsPassword_ptr); if (caCertificate_ptr == NULL) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "reading CA certificate from CA credentials file"); goto end; } } // generate the new private/public key pair if (signatureAlgorithmM.compare("RSA") == 0) { // RSA key RSA* rsa_key; rsa_key = RSA_generate_key(signatureKeyLengthM, RSA_3, NULL, 0); if (rsa_key == NULL) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "generating RSA key"); goto end; } key_ptr = EVP_PKEY_new(); if (key_ptr == NULL) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "creating RSA key"); RSA_free(rsa_key); goto end; } EVP_PKEY_assign_RSA(key_ptr, rsa_key); } else { // DSA key DSA* dsa_key; dsa_key = DSA_generate_parameters(signatureKeyLengthM, NULL, 0, NULL, NULL, NULL, 0); if (dsa_key == NULL) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "generating DSA parameters"); goto end; } if (DSA_generate_key(dsa_key) == 0) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "generating DSA key"); DSA_free(dsa_key); goto end; } key_ptr = EVP_PKEY_new(); if (key_ptr == NULL) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "creating DSA key"); DSA_free(dsa_key); goto end; } EVP_PKEY_assign_DSA(key_ptr, dsa_key); } // create the certificate cert_ptr = X509_new(); if (cert_ptr == NULL) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "creating certificate object"); goto end; } // version if (X509_set_version(cert_ptr, (versionM - 1)) != 1) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "setting certificate version"); goto end; } // subject name_ptr = openSsl_ptr->onelineName2Name(subjectM.c_str()); if (name_ptr == NULL) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "parsing owner name"); goto end; } if (X509_set_subject_name(cert_ptr, name_ptr) != 1) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "setting owner name in certificate"); goto end; } // issuer if (signerCredentialsFile_ptr != NULL) { // CA signed name_ptr = X509_get_subject_name(caCertificate_ptr); if (name_ptr == NULL) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "getting name from CA certificate"); goto end; } if (X509_set_issuer_name(cert_ptr, name_ptr) != 1) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "setting issuer name in certificate"); goto end; } } else { // self signed name_ptr = X509_NAME_dup(name_ptr); // duplicate the name so it can be used again if (name_ptr == NULL) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "duplicating owner name"); goto end; } if (X509_set_issuer_name(cert_ptr, name_ptr) != 1) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "setting issuer name in certificate"); goto end; } } // public key if (X509_set_pubkey(cert_ptr, key_ptr) != 1) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "setting public key in certificate"); goto end; } // valid dates effectiveTime = mktime(&effectiveDateM); expirationTime = mktime(&expirationDateM); if ((X509_time_adj(X509_get_notBefore(cert_ptr), 0, &effectiveTime) == NULL) || (X509_time_adj(X509_get_notAfter(cert_ptr), 0, &expirationTime) == NULL)) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "setting valid dates in certificate"); goto end; } // serial number, use the current time_t ASN1_INTEGER_set(X509_get_serialNumber(cert_ptr), (unsigned)time(NULL)); // sign the certificate if (signerCredentialsFile_ptr != NULL) { // CA signed tmpKey_ptr = caPrivateKey_ptr; } else { // self signed tmpKey_ptr = key_ptr; } if (EVP_PKEY_type(tmpKey_ptr->type) == EVP_PKEY_RSA) { digest_ptr = EVP_sha1(); } else if (EVP_PKEY_type(tmpKey_ptr->type) == EVP_PKEY_DSA) { digest_ptr = EVP_dss1(); } else { if (logger_ptr) { logger_ptr->text(LOG_ERROR, 1, "Unsupported key type in CA private key"); } goto end; } if (!X509_sign(cert_ptr, tmpKey_ptr, digest_ptr)) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "signing certificate"); goto end; } // write out the private key // open the private key file pkBio_ptr = BIO_new(BIO_s_file_internal()); if (pkBio_ptr == NULL) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "setting up to write private key file"); goto end; } if (BIO_write_filename(pkBio_ptr, (void *)keyFile_ptr) <= 0) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "opening to write private key file"); goto end; } if ((keyPassword_ptr != NULL) && (strlen(keyPassword_ptr) > 0)) { // we have a password, use 3DES to encrypt the key cipher_ptr = EVP_des_ede3_cbc(); } else { // there is no password, don't encrypt the key cipher_ptr = NULL; } // write out the private key if (PEM_write_bio_PKCS8PrivateKey(pkBio_ptr, key_ptr, cipher_ptr, NULL, 0, NULL, (void *)keyPassword_ptr) != 1) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "writing private key"); goto end; } // write the certificate file // open the certificate file certBio_ptr = BIO_new(BIO_s_file_internal()); if (certBio_ptr == NULL) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "setting up to write certificate file"); goto end; } if (BIO_write_filename(certBio_ptr, (void *)certificateFile_ptr) <= 0) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "opening to write certificate file"); goto end; } // write the new certificate if (PEM_write_bio_X509(certBio_ptr, cert_ptr) != 1) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "writing certificate"); goto end; } // write the new certificate into the credential file if (PEM_write_bio_X509(pkBio_ptr, cert_ptr) != 1) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "writing certificate"); goto end; } if (signerCredentialsFile_ptr != NULL) { // write the CA certificate if (PEM_write_bio_X509(certBio_ptr, caCertificate_ptr) != 1) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "writing CA certificate"); goto end; } // loop reading certificates from the CA credentials file and writing them to the certificate file X509_free(caCertificate_ptr); while ((caCertificate_ptr = PEM_read_bio_X509(caBio_ptr, NULL, NULL, (void*)credentialsPassword_ptr)) != NULL) { // write the certificate if (PEM_write_bio_X509(certBio_ptr, caCertificate_ptr) != 1) { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "writing certificate chain"); goto end; } X509_free(caCertificate_ptr); } // check the error err = ERR_peek_error(); if ((ERR_GET_LIB(err) == ERR_LIB_PEM) && (ERR_GET_REASON(err) == PEM_R_NO_START_LINE)) { // end of data - this is normal ERR_clear_error(); } else { openSsl_ptr->printError(logger_ptr, LOG_ERROR, "reading certificates from CA credentials file"); goto end; } } ret = MSG_OK; end: if (certBio_ptr != NULL) BIO_free(certBio_ptr); if (pkBio_ptr != NULL) BIO_free(pkBio_ptr); if (cert_ptr != NULL) X509_free(cert_ptr); if (key_ptr != NULL) EVP_PKEY_free(key_ptr); if (caCertificate_ptr != NULL) X509_free(caCertificate_ptr); if (caPrivateKey_ptr != NULL) EVP_PKEY_free(caPrivateKey_ptr); if (caBio_ptr != NULL) BIO_free(caBio_ptr); return ret; }