/**
\ingroup Core_Keys
\brief Add selfsigned User ID to key
\param keydata Key to which to add user ID
\param userid Self-signed User ID to add
\return 1 if OK; else 0
*/
unsigned
__ops_add_selfsigned_userid(__ops_key_t *key, uint8_t *userid)
{
__ops_create_sig_t *sig;
__ops_subpacket_t sigpacket;
__ops_memory_t *mem_userid = NULL;
__ops_output_t *useridoutput = NULL;
__ops_memory_t *mem_sig = NULL;
__ops_output_t *sigoutput = NULL;
/*
* create signature packet for this userid
*/
/* create userid pkt */
__ops_setup_memory_write(&useridoutput, &mem_userid, 128);
__ops_write_struct_userid(useridoutput, userid);
/* create sig for this pkt */
sig = __ops_create_sig_new();
__ops_sig_start_key_sig(sig, &key->key.seckey.pubkey, userid, OPS_CERT_POSITIVE);
__ops_add_time(sig, (int64_t)time(NULL), "birth");
__ops_add_issuer_keyid(sig, key->sigid);
__ops_add_primary_userid(sig, 1);
__ops_end_hashed_subpkts(sig);
__ops_setup_memory_write(&sigoutput, &mem_sig, 128);
__ops_write_sig(sigoutput, sig, &key->key.seckey.pubkey, &key->key.seckey);
/* add this packet to key */
sigpacket.length = __ops_mem_len(mem_sig);
sigpacket.raw = __ops_mem_data(mem_sig);
/* add userid to key */
(void) __ops_add_userid(key, userid);
(void) __ops_add_subpacket(key, &sigpacket);
/* cleanup */
__ops_create_sig_delete(sig);
__ops_output_delete(useridoutput);
__ops_output_delete(sigoutput);
__ops_memory_free(mem_userid);
__ops_memory_free(mem_sig);
return 1;
}
/* this interface isn't right - hook into callback for getting passphrase */
char *
__ops_export_key(__ops_io_t *io, const __ops_key_t *keydata, uint8_t *passphrase)
{
__ops_output_t *output;
__ops_memory_t *mem;
char *cp;
__OPS_USED(io);
__ops_setup_memory_write(&output, &mem, 128);
if (keydata->type == OPS_PTAG_CT_PUBLIC_KEY) {
__ops_write_xfer_pubkey(output, keydata, 1);
} else {
__ops_write_xfer_seckey(output, keydata, passphrase,
strlen((char *)passphrase), 1);
}
cp = netpgp_strdup(__ops_mem_data(mem));
__ops_teardown_memory_write(output, mem);
return cp;
}
/**
\ingroup HighLevel_KeyGenerate
\brief Generates an RSA keypair
\param numbits Modulus size
\param e Public Exponent
\param keydata Pointer to keydata struct to hold new key
\return 1 if key generated successfully; otherwise 0
\note It is the caller's responsibility to call __ops_keydata_free(keydata)
*/
static unsigned
rsa_generate_keypair(__ops_key_t *keydata,
const int numbits,
const unsigned long e,
const char *hashalg,
const char *cipher)
{
__ops_seckey_t *seckey;
RSA *rsa;
BN_CTX *ctx;
__ops_output_t *output;
__ops_memory_t *mem;
ctx = BN_CTX_new();
__ops_keydata_init(keydata, OPS_PTAG_CT_SECRET_KEY);
seckey = __ops_get_writable_seckey(keydata);
/* generate the key pair */
rsa = RSA_generate_key(numbits, e, NULL, NULL);
/* populate __ops key from ssl key */
seckey->pubkey.version = OPS_V4;
seckey->pubkey.birthtime = time(NULL);
seckey->pubkey.days_valid = 0;
seckey->pubkey.alg = OPS_PKA_RSA;
seckey->pubkey.key.rsa.n = BN_dup(rsa->n);
seckey->pubkey.key.rsa.e = BN_dup(rsa->e);
seckey->s2k_usage = OPS_S2KU_ENCRYPTED_AND_HASHED;
seckey->s2k_specifier = OPS_S2KS_SALTED;
/* seckey->s2k_specifier=OPS_S2KS_SIMPLE; */
if ((seckey->hash_alg = __ops_str_to_hash_alg(hashalg)) == OPS_HASH_UNKNOWN) {
seckey->hash_alg = OPS_HASH_SHA1;
}
seckey->alg = __ops_str_to_cipher(cipher);
seckey->octetc = 0;
seckey->checksum = 0;
seckey->key.rsa.d = BN_dup(rsa->d);
seckey->key.rsa.p = BN_dup(rsa->p);
seckey->key.rsa.q = BN_dup(rsa->q);
seckey->key.rsa.u = BN_mod_inverse(NULL, rsa->p, rsa->q, ctx);
if (seckey->key.rsa.u == NULL) {
(void) fprintf(stderr, "seckey->key.rsa.u is NULL\n");
return 0;
}
BN_CTX_free(ctx);
RSA_free(rsa);
__ops_keyid(keydata->sigid, OPS_KEY_ID_SIZE, &keydata->key.seckey.pubkey, seckey->hash_alg);
__ops_fingerprint(&keydata->sigfingerprint, &keydata->key.seckey.pubkey, seckey->hash_alg);
/* Generate checksum */
output = NULL;
mem = NULL;
__ops_setup_memory_write(&output, &mem, 128);
__ops_push_checksum_writer(output, seckey);
switch (seckey->pubkey.alg) {
case OPS_PKA_DSA:
return __ops_write_mpi(output, seckey->key.dsa.x);
case OPS_PKA_RSA:
case OPS_PKA_RSA_ENCRYPT_ONLY:
case OPS_PKA_RSA_SIGN_ONLY:
if (!__ops_write_mpi(output, seckey->key.rsa.d) ||
!__ops_write_mpi(output, seckey->key.rsa.p) ||
!__ops_write_mpi(output, seckey->key.rsa.q) ||
!__ops_write_mpi(output, seckey->key.rsa.u)) {
return 0;
}
break;
case OPS_PKA_ELGAMAL:
return __ops_write_mpi(output, seckey->key.elgamal.x);
default:
(void) fprintf(stderr, "Bad seckey->pubkey.alg\n");
return 0;
}
/* close rather than pop, since its the only one on the stack */
__ops_writer_close(output);
__ops_teardown_memory_write(output, mem);
/* should now have checksum in seckey struct */
/* test */
if (__ops_get_debug_level(__FILE__)) {
test_seckey(seckey);
}
return 1;
}
