Exemplo n.º 1
0
static void
check_generated_ecc_key (gcry_sexp_t key)
{
    gcry_sexp_t skey, pkey;

    pkey = gcry_sexp_find_token (key, "public-key", 0);
    if (!pkey)
        fail ("public part missing in return value\n");
    else
    {
        /* Fixme: Check more stuff.  */
        gcry_sexp_release (pkey);
    }

    skey = gcry_sexp_find_token (key, "private-key", 0);
    if (!skey)
        fail ("private part missing in return value\n");
    else
    {
        int rc = gcry_pk_testkey (skey);
        if (rc)
            fail ("gcry_pk_testkey failed: %s\n", gpg_strerror (rc));
        gcry_sexp_release (skey);
    }

    /* Finally check that gcry_pk_testkey also works on the entire
       S-expression.  */
    {
        int rc = gcry_pk_testkey (key);
        if (rc)
            fail ("gcry_pk_testkey failed on key pair: %s\n", gpg_strerror (rc));
    }
}
Exemplo n.º 2
0
/**
 * Decode the private key from the data-format back
 * to the "normal", internal format.
 *
 * @param buf the buffer where the private key data is stored
 * @param len the length of the data in @a buf
 * @return NULL on error
 */
struct GNUNET_CRYPTO_rsa_PrivateKey *
GNUNET_CRYPTO_rsa_private_key_decode (const char *buf,
                                      size_t len)
{
  struct GNUNET_CRYPTO_rsa_PrivateKey *key;
  key = GNUNET_new (struct GNUNET_CRYPTO_rsa_PrivateKey);
  if (0 !=
      gcry_sexp_new (&key->sexp,
                     buf,
                     len,
                     0))
  {
    LOG (GNUNET_ERROR_TYPE_WARNING,
         "Decoded private key is not valid\n");
    GNUNET_free (key);
    return NULL;
  }
  if (0 != gcry_pk_testkey (key->sexp))
  {
    LOG (GNUNET_ERROR_TYPE_WARNING,
         "Decoded private key is not valid\n");
    GNUNET_CRYPTO_rsa_private_key_free (key);
    return NULL;
  }
  return key;
}
Exemplo n.º 3
0
int p2p_convert_private_key(RSA *key, gcry_sexp_t *r_key) {
    size_t err;
    char *buf;
    
    gcry_mpi_t n_mpi, e_mpi, d_mpi, p_mpi, q_mpi, u_mpi;
    
    buf = BN_bn2hex(key->n);
    gcry_mpi_scan(&n_mpi, GCRYMPI_FMT_HEX, buf, 0, &err);
    OPENSSL_free(buf);
    
    buf = BN_bn2hex(key->e);
    gcry_mpi_scan(&e_mpi, GCRYMPI_FMT_HEX, buf, 0, &err);
    OPENSSL_free(buf);
    
    buf = BN_bn2hex(key->d);
    gcry_mpi_scan(&d_mpi, GCRYMPI_FMT_HEX, buf, 0, &err);
    OPENSSL_free(buf);
    
    buf = BN_bn2hex(key->p);
    gcry_mpi_scan(&p_mpi, GCRYMPI_FMT_HEX, buf, 0, &err);
    OPENSSL_free(buf);
    
    buf = BN_bn2hex(key->q);
    gcry_mpi_scan(&q_mpi, GCRYMPI_FMT_HEX, buf, 0, &err);
    OPENSSL_free(buf);
    
    buf = BN_bn2hex(key->iqmp);
    gcry_mpi_scan(&u_mpi, GCRYMPI_FMT_HEX, buf, 0, &err);
    OPENSSL_free(buf);
    
    if(gcry_mpi_cmp(p_mpi, q_mpi) > 0) {
        gcry_mpi_swap(p_mpi, q_mpi);
        gcry_mpi_invm(u_mpi, p_mpi, q_mpi);
    }
    
    gcry_sexp_build(r_key, &err, "(private-key (rsa (n %m) (e %m) (d %m) (p %m) (q %m) (u %m)))", n_mpi, e_mpi, d_mpi, p_mpi, q_mpi, u_mpi);
    
    gcry_mpi_release(n_mpi);
    gcry_mpi_release(e_mpi);
    gcry_mpi_release(d_mpi);
    gcry_mpi_release(p_mpi);
    gcry_mpi_release(q_mpi);
    gcry_mpi_release(u_mpi);
    
    gcry_error_t sane = gcry_pk_testkey(*r_key);
    if(sane) {
        return -1;
    }
    
    return 0;
}
Exemplo n.º 4
0
/**
 * Create a new private key. Caller must free return value.
 *
 * @return fresh private key
 */
static struct GNUNET_CRYPTO_RsaPrivateKey *
rsa_key_create ()
{
  struct GNUNET_CRYPTO_RsaPrivateKey *ret;
  gcry_sexp_t s_key;
  gcry_sexp_t s_keyparam;

  GNUNET_assert (0 ==
                 gcry_sexp_build (&s_keyparam, NULL,
                                  "(genkey(rsa(nbits %d)(rsa-use-e 3:257)))",
                                  2048));
  GNUNET_assert (0 == gcry_pk_genkey (&s_key, s_keyparam));
  gcry_sexp_release (s_keyparam);
#if EXTRA_CHECKS
  GNUNET_assert (0 == gcry_pk_testkey (s_key));
#endif
  ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey));
  ret->sexp = s_key;
  return ret;
}
Exemplo n.º 5
0
static void
check_generated_rsa_key (gcry_sexp_t key, unsigned long expected_e)
{
    gcry_sexp_t skey, pkey, list;

    pkey = gcry_sexp_find_token (key, "public-key", 0);
    if (!pkey)
        fail ("public part missing in return value\n");
    else
    {
        gcry_mpi_t e = NULL;

        list = gcry_sexp_find_token (pkey, "e", 0);
        if (!list || !(e=gcry_sexp_nth_mpi (list, 1, 0)) )
            fail ("public exponent not found\n");
        else if (!expected_e)
        {
            if (verbose)
                show_mpi ("public exponent: ", e);
        }
        else if ( gcry_mpi_cmp_ui (e, expected_e))
        {
            show_mpi ("public exponent: ", e);
            fail ("public exponent is not %lu\n", expected_e);
        }
        gcry_sexp_release (list);
        gcry_mpi_release (e);
        gcry_sexp_release (pkey);
    }

    skey = gcry_sexp_find_token (key, "private-key", 0);
    if (!skey)
        fail ("private part missing in return value\n");
    else
    {
        int rc = gcry_pk_testkey (skey);
        if (rc)
            fail ("gcry_pk_testkey failed: %s\n", gpg_strerror (rc));
        gcry_sexp_release (skey);
    }
}
Exemplo n.º 6
0
/**
 * Create a new private key. Caller must free return value.
 *
 * @param len length of the key in bits (i.e. 2048)
 * @return fresh private key
 */
struct GNUNET_CRYPTO_rsa_PrivateKey *
GNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
{
  struct GNUNET_CRYPTO_rsa_PrivateKey *ret;
  gcry_sexp_t s_key;
  gcry_sexp_t s_keyparam;

  GNUNET_assert (0 ==
                 gcry_sexp_build (&s_keyparam,
                                  NULL,
                                  "(genkey(rsa(nbits %d)))",
                                  len));
  GNUNET_assert (0 ==
                 gcry_pk_genkey (&s_key,
                                 s_keyparam));
  gcry_sexp_release (s_keyparam);
#if EXTRA_CHECKS
  GNUNET_assert (0 ==
                 gcry_pk_testkey (s_key));
#endif
  ret = GNUNET_new (struct GNUNET_CRYPTO_rsa_PrivateKey);
  ret->sexp = s_key;
  return ret;
}
Exemplo n.º 7
0
static libspectrum_error
create_key( gcry_sexp_t *s_key, libspectrum_rzx_dsa_key *key,
	    int secret_key )
{
  gcry_error_t error;
  size_t i;
  gcry_mpi_t mpis[MPI_COUNT];
  const char *format;

  for( i=0; i<MPI_COUNT; i++ ) mpis[i] = NULL;

    error = gcry_mpi_scan( &mpis[0], GCRYMPI_FMT_HEX, (unsigned char*)key->p,
			   0, NULL );
  if( !error ) 
    error = gcry_mpi_scan( &mpis[1], GCRYMPI_FMT_HEX, (unsigned char*)key->q,
			   0, NULL );
  if( !error )
    error = gcry_mpi_scan( &mpis[2], GCRYMPI_FMT_HEX, (unsigned char*)key->g,
			   0, NULL );
  if( !error )
    error = gcry_mpi_scan( &mpis[3], GCRYMPI_FMT_HEX, (unsigned char*)key->y,
			   0, NULL );
  if( !error && secret_key )
    error = gcry_mpi_scan( &mpis[4], GCRYMPI_FMT_HEX, (unsigned char*)key->x,
			   0, NULL );

  if( error ) {
    libspectrum_print_error( LIBSPECTRUM_ERROR_LOGIC,
			     "create_key: error creating MPIs: %s",
			     gcry_strerror( error ) );
    free_mpis( mpis, MPI_COUNT );
    return LIBSPECTRUM_ERROR_LOGIC;
  }

  format = secret_key ? private_key_format : public_key_format;
  
  error = gcry_sexp_build( s_key, NULL, format,
			   mpis[0], mpis[1], mpis[2], mpis[3], mpis[4] );
  if( error ) {
    libspectrum_print_error( LIBSPECTRUM_ERROR_LOGIC,
			     "create_key: error creating key: %s",
			     gcry_strerror( error ) );
    free_mpis( mpis, MPI_COUNT );
    return LIBSPECTRUM_ERROR_LOGIC;
  }

  free_mpis( mpis, MPI_COUNT );

  /* FIXME: Test public keys as well once gcry_pk_testkey acquires this
     functionality */
  if( secret_key ) {
    error = gcry_pk_testkey( *s_key );
    if( error ) {
      libspectrum_print_error( LIBSPECTRUM_ERROR_LOGIC,
			       "create_key: key is not sane: %s",
			       gcry_strerror( error ) );
      return LIBSPECTRUM_ERROR_LOGIC;
    }
  }

  return LIBSPECTRUM_ERROR_NONE;
}
Exemplo n.º 8
0
static void
check_run (void)
{
  gpg_error_t err;
  gcry_sexp_t pkey, skey;
  int variant;

  for (variant=0; variant < 3; variant++)
    {
      if (verbose)
        fprintf (stderr, "Checking sample key (%d).\n", variant);
      get_keys_sample (&pkey, &skey, variant);
      /* Check gcry_pk_testkey which requires all elements.  */
      err = gcry_pk_testkey (skey);
      if ((variant == 0 && err)
          || (variant > 0 && gpg_err_code (err) != GPG_ERR_NO_OBJ))
          die ("gcry_pk_testkey failed: %s\n", gpg_strerror (err));
      /* Run the usual check but expect an error from variant 2.  */
      check_keys (pkey, skey, 800, variant == 2? GPG_ERR_NO_OBJ : 0);
      gcry_sexp_release (pkey);
      gcry_sexp_release (skey);
    }

  if (verbose)
    fprintf (stderr, "Checking generated RSA key.\n");
  get_keys_new (&pkey, &skey);
  check_keys (pkey, skey, 800, 0);
  gcry_sexp_release (pkey);
  gcry_sexp_release (skey);

  if (verbose)
    fprintf (stderr, "Checking generated RSA key (X9.31).\n");
  get_keys_x931_new (&pkey, &skey);
  check_keys (pkey, skey, 800, 0);
  gcry_sexp_release (pkey);
  gcry_sexp_release (skey);

  if (verbose)
    fprintf (stderr, "Checking generated Elgamal key.\n");
  get_elg_key_new (&pkey, &skey, 0);
  check_keys (pkey, skey, 400, 0);
  gcry_sexp_release (pkey);
  gcry_sexp_release (skey);

  if (verbose)
    fprintf (stderr, "Checking passphrase generated Elgamal key.\n");
  get_elg_key_new (&pkey, &skey, 1);
  check_keys (pkey, skey, 800, 0);
  gcry_sexp_release (pkey);
  gcry_sexp_release (skey);

  if (verbose)
    fprintf (stderr, "Generating DSA key.\n");
  get_dsa_key_new (&pkey, &skey, 0);
  /* Fixme:  Add a check function for DSA keys.  */
  gcry_sexp_release (pkey);
  gcry_sexp_release (skey);

  if (!gcry_fips_mode_active ())
    {
      if (verbose)
        fprintf (stderr, "Generating transient DSA key.\n");
      get_dsa_key_new (&pkey, &skey, 1);
      /* Fixme:  Add a check function for DSA keys.  */
      gcry_sexp_release (pkey);
      gcry_sexp_release (skey);
    }

  if (verbose)
    fprintf (stderr, "Generating DSA key (FIPS 186).\n");
  get_dsa_key_fips186_new (&pkey, &skey);
  /* Fixme:  Add a check function for DSA keys.  */
  gcry_sexp_release (pkey);
  gcry_sexp_release (skey);

  if (verbose)
    fprintf (stderr, "Generating DSA key with given domain.\n");
  get_dsa_key_with_domain_new (&pkey, &skey);
  /* Fixme:  Add a check function for DSA keys.  */
  gcry_sexp_release (pkey);
  gcry_sexp_release (skey);

  if (verbose)
    fprintf (stderr, "Generating DSA key with given domain (FIPS 186).\n");
  get_dsa_key_fips186_with_domain_new (&pkey, &skey);
  /* Fixme:  Add a check function for DSA keys.  */
  gcry_sexp_release (pkey);
  gcry_sexp_release (skey);

  if (verbose)
    fprintf (stderr, "Generating DSA key with given seed (FIPS 186).\n");
  get_dsa_key_fips186_with_seed_new (&pkey, &skey);
  /* Fixme:  Add a check function for DSA keys.  */
  gcry_sexp_release (pkey);
  gcry_sexp_release (skey);
}