/** \ingroup Core_Keys \brief Add selfsigned User ID to key \param keydata Key to which to add user ID \param userid Self-signed User ID to add \return 1 if OK; else 0 */ unsigned __ops_add_selfsigned_userid(__ops_key_t *key, uint8_t *userid) { __ops_create_sig_t *sig; __ops_subpacket_t sigpacket; __ops_memory_t *mem_userid = NULL; __ops_output_t *useridoutput = NULL; __ops_memory_t *mem_sig = NULL; __ops_output_t *sigoutput = NULL; /* * create signature packet for this userid */ /* create userid pkt */ __ops_setup_memory_write(&useridoutput, &mem_userid, 128); __ops_write_struct_userid(useridoutput, userid); /* create sig for this pkt */ sig = __ops_create_sig_new(); __ops_sig_start_key_sig(sig, &key->key.seckey.pubkey, userid, OPS_CERT_POSITIVE); __ops_add_time(sig, (int64_t)time(NULL), "birth"); __ops_add_issuer_keyid(sig, key->sigid); __ops_add_primary_userid(sig, 1); __ops_end_hashed_subpkts(sig); __ops_setup_memory_write(&sigoutput, &mem_sig, 128); __ops_write_sig(sigoutput, sig, &key->key.seckey.pubkey, &key->key.seckey); /* add this packet to key */ sigpacket.length = __ops_mem_len(mem_sig); sigpacket.raw = __ops_mem_data(mem_sig); /* add userid to key */ (void) __ops_add_userid(key, userid); (void) __ops_add_subpacket(key, &sigpacket); /* cleanup */ __ops_create_sig_delete(sig); __ops_output_delete(useridoutput); __ops_output_delete(sigoutput); __ops_memory_free(mem_userid); __ops_memory_free(mem_sig); return 1; }
/* this interface isn't right - hook into callback for getting passphrase */ char * __ops_export_key(__ops_io_t *io, const __ops_key_t *keydata, uint8_t *passphrase) { __ops_output_t *output; __ops_memory_t *mem; char *cp; __OPS_USED(io); __ops_setup_memory_write(&output, &mem, 128); if (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) { __ops_write_xfer_pubkey(output, keydata, 1); } else { __ops_write_xfer_seckey(output, keydata, passphrase, strlen((char *)passphrase), 1); } cp = netpgp_strdup(__ops_mem_data(mem)); __ops_teardown_memory_write(output, mem); return cp; }
/** \ingroup HighLevel_KeyGenerate \brief Generates an RSA keypair \param numbits Modulus size \param e Public Exponent \param keydata Pointer to keydata struct to hold new key \return 1 if key generated successfully; otherwise 0 \note It is the caller's responsibility to call __ops_keydata_free(keydata) */ static unsigned rsa_generate_keypair(__ops_key_t *keydata, const int numbits, const unsigned long e, const char *hashalg, const char *cipher) { __ops_seckey_t *seckey; RSA *rsa; BN_CTX *ctx; __ops_output_t *output; __ops_memory_t *mem; ctx = BN_CTX_new(); __ops_keydata_init(keydata, OPS_PTAG_CT_SECRET_KEY); seckey = __ops_get_writable_seckey(keydata); /* generate the key pair */ rsa = RSA_generate_key(numbits, e, NULL, NULL); /* populate __ops key from ssl key */ seckey->pubkey.version = OPS_V4; seckey->pubkey.birthtime = time(NULL); seckey->pubkey.days_valid = 0; seckey->pubkey.alg = OPS_PKA_RSA; seckey->pubkey.key.rsa.n = BN_dup(rsa->n); seckey->pubkey.key.rsa.e = BN_dup(rsa->e); seckey->s2k_usage = OPS_S2KU_ENCRYPTED_AND_HASHED; seckey->s2k_specifier = OPS_S2KS_SALTED; /* seckey->s2k_specifier=OPS_S2KS_SIMPLE; */ if ((seckey->hash_alg = __ops_str_to_hash_alg(hashalg)) == OPS_HASH_UNKNOWN) { seckey->hash_alg = OPS_HASH_SHA1; } seckey->alg = __ops_str_to_cipher(cipher); seckey->octetc = 0; seckey->checksum = 0; seckey->key.rsa.d = BN_dup(rsa->d); seckey->key.rsa.p = BN_dup(rsa->p); seckey->key.rsa.q = BN_dup(rsa->q); seckey->key.rsa.u = BN_mod_inverse(NULL, rsa->p, rsa->q, ctx); if (seckey->key.rsa.u == NULL) { (void) fprintf(stderr, "seckey->key.rsa.u is NULL\n"); return 0; } BN_CTX_free(ctx); RSA_free(rsa); __ops_keyid(keydata->sigid, OPS_KEY_ID_SIZE, &keydata->key.seckey.pubkey, seckey->hash_alg); __ops_fingerprint(&keydata->sigfingerprint, &keydata->key.seckey.pubkey, seckey->hash_alg); /* Generate checksum */ output = NULL; mem = NULL; __ops_setup_memory_write(&output, &mem, 128); __ops_push_checksum_writer(output, seckey); switch (seckey->pubkey.alg) { case OPS_PKA_DSA: return __ops_write_mpi(output, seckey->key.dsa.x); case OPS_PKA_RSA: case OPS_PKA_RSA_ENCRYPT_ONLY: case OPS_PKA_RSA_SIGN_ONLY: if (!__ops_write_mpi(output, seckey->key.rsa.d) || !__ops_write_mpi(output, seckey->key.rsa.p) || !__ops_write_mpi(output, seckey->key.rsa.q) || !__ops_write_mpi(output, seckey->key.rsa.u)) { return 0; } break; case OPS_PKA_ELGAMAL: return __ops_write_mpi(output, seckey->key.elgamal.x); default: (void) fprintf(stderr, "Bad seckey->pubkey.alg\n"); return 0; } /* close rather than pop, since its the only one on the stack */ __ops_writer_close(output); __ops_teardown_memory_write(output, mem); /* should now have checksum in seckey struct */ /* test */ if (__ops_get_debug_level(__FILE__)) { test_seckey(seckey); } return 1; }