| ntp-keygen.c (302408) | ntp-keygen.c (309007) |
|---|---|
| 1/* 2 * Program to generate cryptographic keys for ntp clients and servers 3 * 4 * This program generates password encrypted data files for use with the 5 * Autokey security protocol and Network Time Protocol Version 4. Files 6 * are prefixed with a header giving the name and date of creation 7 * followed by a type-specific descriptive label and PEM-encoded data 8 * structure compatible with programs of the OpenSSL library. --- 91 unchanged lines hidden (view full) --- 100#ifdef OPENSSL 101#include "openssl/bn.h" 102#include "openssl/evp.h" 103#include "openssl/err.h" 104#include "openssl/rand.h" 105#include "openssl/pem.h" 106#include "openssl/x509v3.h" 107#include <openssl/objects.h> | 1/* 2 * Program to generate cryptographic keys for ntp clients and servers 3 * 4 * This program generates password encrypted data files for use with the 5 * Autokey security protocol and Network Time Protocol Version 4. Files 6 * are prefixed with a header giving the name and date of creation 7 * followed by a type-specific descriptive label and PEM-encoded data 8 * structure compatible with programs of the OpenSSL library. --- 91 unchanged lines hidden (view full) --- 100#ifdef OPENSSL 101#include "openssl/bn.h" 102#include "openssl/evp.h" 103#include "openssl/err.h" 104#include "openssl/rand.h" 105#include "openssl/pem.h" 106#include "openssl/x509v3.h" 107#include <openssl/objects.h> |
| 108#include "libssl_compat.h" |
|
| 108#endif /* OPENSSL */ 109#include <ssl_applink.c> 110 111#define _UC(str) ((char *)(intptr_t)(str)) 112/* 113 * Cryptodefines 114 */ 115#define MD5KEYS 10 /* number of keys generated of each type */ --- 27 unchanged lines hidden (view full) --- 143void gen_mvserv (char *, EVP_PKEY **); 144int x509 (EVP_PKEY *, const EVP_MD *, char *, const char *, 145 char *); 146void cb (int, int, void *); 147EVP_PKEY *genkey (const char *, const char *); 148EVP_PKEY *readkey (char *, char *, u_int *, EVP_PKEY **); 149void writekey (char *, char *, u_int *, EVP_PKEY **); 150u_long asn2ntp (ASN1_TIME *); | 109#endif /* OPENSSL */ 110#include <ssl_applink.c> 111 112#define _UC(str) ((char *)(intptr_t)(str)) 113/* 114 * Cryptodefines 115 */ 116#define MD5KEYS 10 /* number of keys generated of each type */ --- 27 unchanged lines hidden (view full) --- 144void gen_mvserv (char *, EVP_PKEY **); 145int x509 (EVP_PKEY *, const EVP_MD *, char *, const char *, 146 char *); 147void cb (int, int, void *); 148EVP_PKEY *genkey (const char *, const char *); 149EVP_PKEY *readkey (char *, char *, u_int *, EVP_PKEY **); 150void writekey (char *, char *, u_int *, EVP_PKEY **); 151u_long asn2ntp (ASN1_TIME *); |
| 152 153static DSA* genDsaParams(int, char*); 154static RSA* genRsaKeyPair(int, char*); 155 |
|
| 151#endif /* AUTOKEY */ 152 153/* 154 * Program variables 155 */ 156extern char *optarg; /* command line argument */ 157char const *progname; 158u_int lifetime = DAYSPERYEAR; /* certificate lifetime (days) */ --- 130 unchanged lines hidden (view full) --- 289 char **argv 290 ) 291{ 292 struct timeval tv; /* initialization vector */ 293 int md5key = 0; /* generate MD5 keys */ 294 int optct; /* option count */ 295#ifdef AUTOKEY 296 X509 *cert = NULL; /* X509 certificate */ | 156#endif /* AUTOKEY */ 157 158/* 159 * Program variables 160 */ 161extern char *optarg; /* command line argument */ 162char const *progname; 163u_int lifetime = DAYSPERYEAR; /* certificate lifetime (days) */ --- 130 unchanged lines hidden (view full) --- 294 char **argv 295 ) 296{ 297 struct timeval tv; /* initialization vector */ 298 int md5key = 0; /* generate MD5 keys */ 299 int optct; /* option count */ 300#ifdef AUTOKEY 301 X509 *cert = NULL; /* X509 certificate */ |
| 297 X509_EXTENSION *ext; /* X509v3 extension */ | |
| 298 EVP_PKEY *pkey_host = NULL; /* host key */ 299 EVP_PKEY *pkey_sign = NULL; /* sign key */ 300 EVP_PKEY *pkey_iffkey = NULL; /* IFF sever keys */ 301 EVP_PKEY *pkey_gqkey = NULL; /* GQ server keys */ 302 EVP_PKEY *pkey_mvkey = NULL; /* MV trusted agen keys */ 303 EVP_PKEY *pkey_mvpar[MVMAX]; /* MV cleient keys */ 304 int hostkey = 0; /* generate RSA keys */ 305 int iffkey = 0; /* generate IFF keys */ --- 200 unchanged lines hidden (view full) --- 506 */ 507 X509_NAME_oneline(X509_get_subject_name(cert), groupbuf, 508 MAXFILENAME); 509 510 /* 511 * Extract digest/signature scheme. 512 */ 513 if (scheme == NULL) { | 302 EVP_PKEY *pkey_host = NULL; /* host key */ 303 EVP_PKEY *pkey_sign = NULL; /* sign key */ 304 EVP_PKEY *pkey_iffkey = NULL; /* IFF sever keys */ 305 EVP_PKEY *pkey_gqkey = NULL; /* GQ server keys */ 306 EVP_PKEY *pkey_mvkey = NULL; /* MV trusted agen keys */ 307 EVP_PKEY *pkey_mvpar[MVMAX]; /* MV cleient keys */ 308 int hostkey = 0; /* generate RSA keys */ 309 int iffkey = 0; /* generate IFF keys */ --- 200 unchanged lines hidden (view full) --- 510 */ 511 X509_NAME_oneline(X509_get_subject_name(cert), groupbuf, 512 MAXFILENAME); 513 514 /* 515 * Extract digest/signature scheme. 516 */ 517 if (scheme == NULL) { |
| 514 nid = OBJ_obj2nid(cert->cert_info-> 515 signature->algorithm); | 518 nid = X509_get_signature_nid(cert); |
| 516 scheme = OBJ_nid2sn(nid); 517 } 518 519 /* 520 * If a key_usage extension field is present, determine 521 * whether this is a trusted or private certificate. 522 */ 523 if (exten == NULL) { 524 ptr = strstr(groupbuf, "CN="); 525 cnt = X509_get_ext_count(cert); 526 for (i = 0; i < cnt; i++) { | 519 scheme = OBJ_nid2sn(nid); 520 } 521 522 /* 523 * If a key_usage extension field is present, determine 524 * whether this is a trusted or private certificate. 525 */ 526 if (exten == NULL) { 527 ptr = strstr(groupbuf, "CN="); 528 cnt = X509_get_ext_count(cert); 529 for (i = 0; i < cnt; i++) { |
| 530 X509_EXTENSION *ext; 531 ASN1_OBJECT *obj; 532 |
|
| 527 ext = X509_get_ext(cert, i); | 533 ext = X509_get_ext(cert, i); |
| 528 if (OBJ_obj2nid(ext->object) == | 534 obj = X509_EXTENSION_get_object(ext); 535 536 if (OBJ_obj2nid(obj) == |
| 529 NID_ext_key_usage) { 530 bp = BIO_new(BIO_s_mem()); 531 X509V3_EXT_print(bp, ext, 0, 0); 532 BIO_gets(bp, pathbuf, 533 MAXFILENAME); 534 BIO_free(bp); 535 if (strcmp(pathbuf, 536 "Trust Root") == 0) --- 75 unchanged lines hidden (view full) --- 612 groupname); 613 pkey_gqkey = readkey(filename, passwd1, &fstamp, NULL); 614 if (pkey_gqkey != NULL) { 615 followlink(filename, sizeof(filename)); 616 fprintf(stderr, "Using GQ parameters %s\n", 617 filename); 618 } 619 } | 537 NID_ext_key_usage) { 538 bp = BIO_new(BIO_s_mem()); 539 X509V3_EXT_print(bp, ext, 0, 0); 540 BIO_gets(bp, pathbuf, 541 MAXFILENAME); 542 BIO_free(bp); 543 if (strcmp(pathbuf, 544 "Trust Root") == 0) --- 75 unchanged lines hidden (view full) --- 620 groupname); 621 pkey_gqkey = readkey(filename, passwd1, &fstamp, NULL); 622 if (pkey_gqkey != NULL) { 623 followlink(filename, sizeof(filename)); 624 fprintf(stderr, "Using GQ parameters %s\n", 625 filename); 626 } 627 } |
| 620 if (pkey_gqkey != NULL) 621 grpkey = BN_bn2hex(pkey_gqkey->pkey.rsa->q); | 628 if (pkey_gqkey != NULL) { 629 RSA *rsa; 630 const BIGNUM *q; |
| 622 | 631 |
| 632 rsa = EVP_PKEY_get0_RSA(pkey_gqkey); 633 RSA_get0_factors(rsa, NULL, &q); 634 grpkey = BN_bn2hex(q); 635 } 636 |
|
| 623 /* 624 * Write the nonencrypted GQ client parameters to the stdout 625 * stream. The parameter file is the server key file with the 626 * private key obscured. 627 */ 628 if (pkey_gqkey != NULL && HAVE_OPT(ID_KEY)) { 629 RSA *rsa; 630 631 snprintf(filename, sizeof(filename), 632 "ntpkey_gqpar_%s.%u", groupname, fstamp); 633 fprintf(stderr, "Writing GQ parameters %s to stdout\n", 634 filename); 635 fprintf(stdout, "# %s\n# %s\n", filename, 636 ctime(&epoch)); | 637 /* 638 * Write the nonencrypted GQ client parameters to the stdout 639 * stream. The parameter file is the server key file with the 640 * private key obscured. 641 */ 642 if (pkey_gqkey != NULL && HAVE_OPT(ID_KEY)) { 643 RSA *rsa; 644 645 snprintf(filename, sizeof(filename), 646 "ntpkey_gqpar_%s.%u", groupname, fstamp); 647 fprintf(stderr, "Writing GQ parameters %s to stdout\n", 648 filename); 649 fprintf(stdout, "# %s\n# %s\n", filename, 650 ctime(&epoch)); |
| 637 rsa = pkey_gqkey->pkey.rsa; 638 BN_copy(rsa->p, BN_value_one()); 639 BN_copy(rsa->q, BN_value_one()); | 651 /* XXX: This modifies the private key and should probably use a 652 * copy of it instead. */ 653 rsa = EVP_PKEY_get0_RSA(pkey_gqkey); 654 RSA_set0_factors(rsa, BN_dup(BN_value_one()), BN_dup(BN_value_one())); |
| 640 pkey = EVP_PKEY_new(); 641 EVP_PKEY_assign_RSA(pkey, rsa); 642 PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, 643 NULL, NULL); 644 fflush(stdout); 645 if (debug) 646 RSA_print_fp(stderr, rsa, 0); 647 } --- 5 unchanged lines hidden (view full) --- 653 RSA *rsa; 654 655 snprintf(filename, sizeof(filename), 656 "ntpkey_gqkey_%s.%u", groupname, fstamp); 657 fprintf(stderr, "Writing GQ keys %s to stdout\n", 658 filename); 659 fprintf(stdout, "# %s\n# %s\n", filename, 660 ctime(&epoch)); | 655 pkey = EVP_PKEY_new(); 656 EVP_PKEY_assign_RSA(pkey, rsa); 657 PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, 658 NULL, NULL); 659 fflush(stdout); 660 if (debug) 661 RSA_print_fp(stderr, rsa, 0); 662 } --- 5 unchanged lines hidden (view full) --- 668 RSA *rsa; 669 670 snprintf(filename, sizeof(filename), 671 "ntpkey_gqkey_%s.%u", groupname, fstamp); 672 fprintf(stderr, "Writing GQ keys %s to stdout\n", 673 filename); 674 fprintf(stdout, "# %s\n# %s\n", filename, 675 ctime(&epoch)); |
| 661 rsa = pkey_gqkey->pkey.rsa; | 676 rsa = EVP_PKEY_get0_RSA(pkey_gqkey); |
| 662 pkey = EVP_PKEY_new(); 663 EVP_PKEY_assign_RSA(pkey, rsa); 664 PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, 665 NULL, passwd2); 666 fflush(stdout); 667 if (debug) 668 RSA_print_fp(stderr, rsa, 0); 669 } --- 24 unchanged lines hidden (view full) --- 694 DSA *dsa; 695 696 snprintf(filename, sizeof(filename), 697 "ntpkey_iffpar_%s.%u", groupname, fstamp); 698 fprintf(stderr, "Writing IFF parameters %s to stdout\n", 699 filename); 700 fprintf(stdout, "# %s\n# %s\n", filename, 701 ctime(&epoch)); | 677 pkey = EVP_PKEY_new(); 678 EVP_PKEY_assign_RSA(pkey, rsa); 679 PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, 680 NULL, passwd2); 681 fflush(stdout); 682 if (debug) 683 RSA_print_fp(stderr, rsa, 0); 684 } --- 24 unchanged lines hidden (view full) --- 709 DSA *dsa; 710 711 snprintf(filename, sizeof(filename), 712 "ntpkey_iffpar_%s.%u", groupname, fstamp); 713 fprintf(stderr, "Writing IFF parameters %s to stdout\n", 714 filename); 715 fprintf(stdout, "# %s\n# %s\n", filename, 716 ctime(&epoch)); |
| 702 dsa = pkey_iffkey->pkey.dsa; 703 BN_copy(dsa->priv_key, BN_value_one()); | 717 /* XXX: This modifies the private key and should probably use a 718 * copy of it instead. */ 719 dsa = EVP_PKEY_get0_DSA(pkey_iffkey); 720 DSA_set0_key(dsa, NULL, BN_dup(BN_value_one())); |
| 704 pkey = EVP_PKEY_new(); 705 EVP_PKEY_assign_DSA(pkey, dsa); 706 PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, 707 NULL, NULL); 708 fflush(stdout); 709 if (debug) 710 DSA_print_fp(stderr, dsa, 0); 711 } --- 5 unchanged lines hidden (view full) --- 717 DSA *dsa; 718 719 snprintf(filename, sizeof(filename), 720 "ntpkey_iffkey_%s.%u", groupname, fstamp); 721 fprintf(stderr, "Writing IFF keys %s to stdout\n", 722 filename); 723 fprintf(stdout, "# %s\n# %s\n", filename, 724 ctime(&epoch)); | 721 pkey = EVP_PKEY_new(); 722 EVP_PKEY_assign_DSA(pkey, dsa); 723 PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, 724 NULL, NULL); 725 fflush(stdout); 726 if (debug) 727 DSA_print_fp(stderr, dsa, 0); 728 } --- 5 unchanged lines hidden (view full) --- 734 DSA *dsa; 735 736 snprintf(filename, sizeof(filename), 737 "ntpkey_iffkey_%s.%u", groupname, fstamp); 738 fprintf(stderr, "Writing IFF keys %s to stdout\n", 739 filename); 740 fprintf(stdout, "# %s\n# %s\n", filename, 741 ctime(&epoch)); |
| 725 dsa = pkey_iffkey->pkey.dsa; | 742 dsa = EVP_PKEY_get0_DSA(pkey_iffkey); |
| 726 pkey = EVP_PKEY_new(); 727 EVP_PKEY_assign_DSA(pkey, dsa); 728 PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, 729 NULL, passwd2); 730 fflush(stdout); 731 if (debug) 732 DSA_print_fp(stderr, dsa, 0); 733 } --- 28 unchanged lines hidden (view full) --- 762 filename); 763 fprintf(stdout, "# %s\n# %s\n", filename, 764 ctime(&epoch)); 765 pkey = pkey_mvpar[2]; 766 PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, 767 NULL, NULL); 768 fflush(stdout); 769 if (debug) | 743 pkey = EVP_PKEY_new(); 744 EVP_PKEY_assign_DSA(pkey, dsa); 745 PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, 746 NULL, passwd2); 747 fflush(stdout); 748 if (debug) 749 DSA_print_fp(stderr, dsa, 0); 750 } --- 28 unchanged lines hidden (view full) --- 779 filename); 780 fprintf(stdout, "# %s\n# %s\n", filename, 781 ctime(&epoch)); 782 pkey = pkey_mvpar[2]; 783 PEM_write_PKCS8PrivateKey(stdout, pkey, NULL, NULL, 0, 784 NULL, NULL); 785 fflush(stdout); 786 if (debug) |
| 770 DSA_print_fp(stderr, pkey->pkey.dsa, 0); | 787 DSA_print_fp(stderr, EVP_PKEY_get0_DSA(pkey), 0); |
| 771 } 772 773 /* 774 * Write the encrypted MV server keys to the stdout stream. 775 */ 776 if (pkey_mvkey != NULL && passwd2 != NULL) { 777 snprintf(filename, sizeof(filename), 778 "ntpkey_mvkey_%s.%u", groupname, fstamp); 779 fprintf(stderr, "Writing MV keys %s to stdout\n", 780 filename); 781 fprintf(stdout, "# %s\n# %s\n", filename, 782 ctime(&epoch)); 783 pkey = pkey_mvpar[1]; 784 PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, 785 NULL, passwd2); 786 fflush(stdout); 787 if (debug) | 788 } 789 790 /* 791 * Write the encrypted MV server keys to the stdout stream. 792 */ 793 if (pkey_mvkey != NULL && passwd2 != NULL) { 794 snprintf(filename, sizeof(filename), 795 "ntpkey_mvkey_%s.%u", groupname, fstamp); 796 fprintf(stderr, "Writing MV keys %s to stdout\n", 797 filename); 798 fprintf(stdout, "# %s\n# %s\n", filename, 799 ctime(&epoch)); 800 pkey = pkey_mvpar[1]; 801 PEM_write_PKCS8PrivateKey(stdout, pkey, cipher, NULL, 0, 802 NULL, passwd2); 803 fflush(stdout); 804 if (debug) |
| 788 DSA_print_fp(stderr, pkey->pkey.dsa, 0); | 805 DSA_print_fp(stderr, EVP_PKEY_get0_DSA(pkey), 0); |
| 789 } 790 791 /* 792 * Decode the digest/signature scheme and create the 793 * certificate. Do this every time we run the program. 794 */ 795 ectx = EVP_get_digestbyname(scheme); 796 if (ectx == NULL) { --- 132 unchanged lines hidden (view full) --- 929 evpars[i] = NULL; 930 } 931 if (parkey == NULL) 932 break; 933 934 if (pkey == NULL) 935 pkey = parkey; 936 if (debug) { | 806 } 807 808 /* 809 * Decode the digest/signature scheme and create the 810 * certificate. Do this every time we run the program. 811 */ 812 ectx = EVP_get_digestbyname(scheme); 813 if (ectx == NULL) { --- 132 unchanged lines hidden (view full) --- 946 evpars[i] = NULL; 947 } 948 if (parkey == NULL) 949 break; 950 951 if (pkey == NULL) 952 pkey = parkey; 953 if (debug) { |
| 937 if (parkey->type == EVP_PKEY_DSA) 938 DSA_print_fp(stderr, parkey->pkey.dsa, | 954 if (EVP_PKEY_base_id(parkey) == EVP_PKEY_DSA) 955 DSA_print_fp(stderr, EVP_PKEY_get0_DSA(parkey), |
| 939 0); | 956 0); |
| 940 else if (parkey->type == EVP_PKEY_RSA) 941 RSA_print_fp(stderr, parkey->pkey.rsa, | 957 else if (EVP_PKEY_base_id(parkey) == EVP_PKEY_RSA) 958 RSA_print_fp(stderr, EVP_PKEY_get0_RSA(parkey), |
| 942 0); 943 } 944 } 945 fclose(str); 946 if (pkey == NULL) { 947 fprintf(stderr, "Corrupt file %s or wrong key %s\n%s\n", 948 cp, passwd, ERR_error_string(ERR_get_error(), 949 NULL)); --- 12 unchanged lines hidden (view full) --- 962 const char *id /* file name id */ 963 ) 964{ 965 EVP_PKEY *pkey; /* private key */ 966 RSA *rsa; /* RSA parameters and key pair */ 967 FILE *str; 968 969 fprintf(stderr, "Generating RSA keys (%d bits)...\n", modulus); | 959 0); 960 } 961 } 962 fclose(str); 963 if (pkey == NULL) { 964 fprintf(stderr, "Corrupt file %s or wrong key %s\n%s\n", 965 cp, passwd, ERR_error_string(ERR_get_error(), 966 NULL)); --- 12 unchanged lines hidden (view full) --- 979 const char *id /* file name id */ 980 ) 981{ 982 EVP_PKEY *pkey; /* private key */ 983 RSA *rsa; /* RSA parameters and key pair */ 984 FILE *str; 985 986 fprintf(stderr, "Generating RSA keys (%d bits)...\n", modulus); |
| 970 rsa = RSA_generate_key(modulus, 65537, cb, _UC("RSA")); | 987 rsa = genRsaKeyPair(modulus, _UC("RSA")); |
| 971 fprintf(stderr, "\n"); 972 if (rsa == NULL) { 973 fprintf(stderr, "RSA generate keys fails\n%s\n", 974 ERR_error_string(ERR_get_error(), NULL)); 975 return (NULL); 976 } 977 978 /* --- 22 unchanged lines hidden (view full) --- 1001 PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL, 1002 passwd1); 1003 fclose(str); 1004 if (debug) 1005 RSA_print_fp(stderr, rsa, 0); 1006 return (pkey); 1007} 1008 | 988 fprintf(stderr, "\n"); 989 if (rsa == NULL) { 990 fprintf(stderr, "RSA generate keys fails\n%s\n", 991 ERR_error_string(ERR_get_error(), NULL)); 992 return (NULL); 993 } 994 995 /* --- 22 unchanged lines hidden (view full) --- 1018 PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL, 1019 passwd1); 1020 fclose(str); 1021 if (debug) 1022 RSA_print_fp(stderr, rsa, 0); 1023 return (pkey); 1024} 1025 |
| 1009 | 1026 |
| 1010/* 1011 * Generate DSA public/private key pair 1012 */ 1013EVP_PKEY * /* public/private key pair */ 1014gen_dsa( 1015 const char *id /* file name id */ 1016 ) 1017{ 1018 EVP_PKEY *pkey; /* private key */ 1019 DSA *dsa; /* DSA parameters */ | 1027/* 1028 * Generate DSA public/private key pair 1029 */ 1030EVP_PKEY * /* public/private key pair */ 1031gen_dsa( 1032 const char *id /* file name id */ 1033 ) 1034{ 1035 EVP_PKEY *pkey; /* private key */ 1036 DSA *dsa; /* DSA parameters */ |
| 1020 u_char seed[20]; /* seed for parameters */ | |
| 1021 FILE *str; 1022 1023 /* 1024 * Generate DSA parameters. 1025 */ 1026 fprintf(stderr, 1027 "Generating DSA parameters (%d bits)...\n", modulus); | 1037 FILE *str; 1038 1039 /* 1040 * Generate DSA parameters. 1041 */ 1042 fprintf(stderr, 1043 "Generating DSA parameters (%d bits)...\n", modulus); |
| 1028 RAND_bytes(seed, sizeof(seed)); 1029 dsa = DSA_generate_parameters(modulus, seed, sizeof(seed), NULL, 1030 NULL, cb, _UC("DSA")); | 1044 dsa = genDsaParams(modulus, _UC("DSA")); |
| 1031 fprintf(stderr, "\n"); 1032 if (dsa == NULL) { 1033 fprintf(stderr, "DSA generate parameters fails\n%s\n", 1034 ERR_error_string(ERR_get_error(), NULL)); 1035 return (NULL); 1036 } 1037 1038 /* --- 75 unchanged lines hidden (view full) --- 1114 */ 1115EVP_PKEY * /* DSA cuckoo nest */ 1116gen_iffkey( 1117 const char *id /* file name id */ 1118 ) 1119{ 1120 EVP_PKEY *pkey; /* private key */ 1121 DSA *dsa; /* DSA parameters */ | 1045 fprintf(stderr, "\n"); 1046 if (dsa == NULL) { 1047 fprintf(stderr, "DSA generate parameters fails\n%s\n", 1048 ERR_error_string(ERR_get_error(), NULL)); 1049 return (NULL); 1050 } 1051 1052 /* --- 75 unchanged lines hidden (view full) --- 1128 */ 1129EVP_PKEY * /* DSA cuckoo nest */ 1130gen_iffkey( 1131 const char *id /* file name id */ 1132 ) 1133{ 1134 EVP_PKEY *pkey; /* private key */ 1135 DSA *dsa; /* DSA parameters */ |
| 1122 u_char seed[20]; /* seed for parameters */ | |
| 1123 BN_CTX *ctx; /* BN working space */ 1124 BIGNUM *b, *r, *k, *u, *v, *w; /* BN temp */ 1125 FILE *str; 1126 u_int temp; | 1136 BN_CTX *ctx; /* BN working space */ 1137 BIGNUM *b, *r, *k, *u, *v, *w; /* BN temp */ 1138 FILE *str; 1139 u_int temp; |
| 1127 | 1140 const BIGNUM *p, *q, *g; 1141 BIGNUM *pub_key, *priv_key; 1142 |
| 1128 /* 1129 * Generate DSA parameters for use as IFF parameters. 1130 */ 1131 fprintf(stderr, "Generating IFF keys (%d bits)...\n", 1132 modulus2); | 1143 /* 1144 * Generate DSA parameters for use as IFF parameters. 1145 */ 1146 fprintf(stderr, "Generating IFF keys (%d bits)...\n", 1147 modulus2); |
| 1133 RAND_bytes(seed, sizeof(seed)); 1134 dsa = DSA_generate_parameters(modulus2, seed, sizeof(seed), NULL, 1135 NULL, cb, _UC("IFF")); | 1148 dsa = genDsaParams(modulus2, _UC("IFF")); |
| 1136 fprintf(stderr, "\n"); 1137 if (dsa == NULL) { 1138 fprintf(stderr, "DSA generate parameters fails\n%s\n", 1139 ERR_error_string(ERR_get_error(), NULL)); | 1149 fprintf(stderr, "\n"); 1150 if (dsa == NULL) { 1151 fprintf(stderr, "DSA generate parameters fails\n%s\n", 1152 ERR_error_string(ERR_get_error(), NULL)); |
| 1140 return (NULL);; | 1153 return (NULL); |
| 1141 } | 1154 } |
| 1155 DSA_get0_pqg(dsa, &p, &q, &g); |
|
| 1142 1143 /* 1144 * Generate the private and public keys. The DSA parameters and 1145 * private key are distributed to the servers, while all except 1146 * the private key are distributed to the clients. 1147 */ 1148 b = BN_new(); r = BN_new(); k = BN_new(); 1149 u = BN_new(); v = BN_new(); w = BN_new(); ctx = BN_CTX_new(); | 1156 1157 /* 1158 * Generate the private and public keys. The DSA parameters and 1159 * private key are distributed to the servers, while all except 1160 * the private key are distributed to the clients. 1161 */ 1162 b = BN_new(); r = BN_new(); k = BN_new(); 1163 u = BN_new(); v = BN_new(); w = BN_new(); ctx = BN_CTX_new(); |
| 1150 BN_rand(b, BN_num_bits(dsa->q), -1, 0); /* a */ 1151 BN_mod(b, b, dsa->q, ctx); 1152 BN_sub(v, dsa->q, b); 1153 BN_mod_exp(v, dsa->g, v, dsa->p, ctx); /* g^(q - b) mod p */ 1154 BN_mod_exp(u, dsa->g, b, dsa->p, ctx); /* g^b mod p */ 1155 BN_mod_mul(u, u, v, dsa->p, ctx); | 1164 BN_rand(b, BN_num_bits(q), -1, 0); /* a */ 1165 BN_mod(b, b, q, ctx); 1166 BN_sub(v, q, b); 1167 BN_mod_exp(v, g, v, p, ctx); /* g^(q - b) mod p */ 1168 BN_mod_exp(u, g, b, p, ctx); /* g^b mod p */ 1169 BN_mod_mul(u, u, v, p, ctx); |
| 1156 temp = BN_is_one(u); 1157 fprintf(stderr, 1158 "Confirm g^(q - b) g^b = 1 mod p: %s\n", temp == 1 ? 1159 "yes" : "no"); 1160 if (!temp) { 1161 BN_free(b); BN_free(r); BN_free(k); 1162 BN_free(u); BN_free(v); BN_free(w); BN_CTX_free(ctx); 1163 return (NULL); 1164 } | 1170 temp = BN_is_one(u); 1171 fprintf(stderr, 1172 "Confirm g^(q - b) g^b = 1 mod p: %s\n", temp == 1 ? 1173 "yes" : "no"); 1174 if (!temp) { 1175 BN_free(b); BN_free(r); BN_free(k); 1176 BN_free(u); BN_free(v); BN_free(w); BN_CTX_free(ctx); 1177 return (NULL); 1178 } |
| 1165 dsa->priv_key = BN_dup(b); /* private key */ 1166 dsa->pub_key = BN_dup(v); /* public key */ | 1179 pub_key = BN_dup(v); 1180 priv_key = BN_dup(b); 1181 DSA_set0_key(dsa, pub_key, priv_key); |
| 1167 1168 /* 1169 * Here is a trial round of the protocol. First, Alice rolls 1170 * random nonce r mod q and sends it to Bob. She needs only 1171 * q from parameters. 1172 */ | 1182 1183 /* 1184 * Here is a trial round of the protocol. First, Alice rolls 1185 * random nonce r mod q and sends it to Bob. She needs only 1186 * q from parameters. 1187 */ |
| 1173 BN_rand(r, BN_num_bits(dsa->q), -1, 0); /* r */ 1174 BN_mod(r, r, dsa->q, ctx); | 1188 BN_rand(r, BN_num_bits(q), -1, 0); /* r */ 1189 BN_mod(r, r, q, ctx); |
| 1175 1176 /* 1177 * Bob rolls random nonce k mod q, computes y = k + b r mod q 1178 * and x = g^k mod p, then sends (y, x) to Alice. He needs 1179 * p, q and b from parameters and r from Alice. 1180 */ | 1190 1191 /* 1192 * Bob rolls random nonce k mod q, computes y = k + b r mod q 1193 * and x = g^k mod p, then sends (y, x) to Alice. He needs 1194 * p, q and b from parameters and r from Alice. 1195 */ |
| 1181 BN_rand(k, BN_num_bits(dsa->q), -1, 0); /* k, 0 < k < q */ 1182 BN_mod(k, k, dsa->q, ctx); 1183 BN_mod_mul(v, dsa->priv_key, r, dsa->q, ctx); /* b r mod q */ | 1196 BN_rand(k, BN_num_bits(q), -1, 0); /* k, 0 < k < q */ 1197 BN_mod(k, k, q, ctx); 1198 BN_mod_mul(v, priv_key, r, q, ctx); /* b r mod q */ |
| 1184 BN_add(v, v, k); | 1199 BN_add(v, v, k); |
| 1185 BN_mod(v, v, dsa->q, ctx); /* y = k + b r mod q */ 1186 BN_mod_exp(u, dsa->g, k, dsa->p, ctx); /* x = g^k mod p */ | 1200 BN_mod(v, v, q, ctx); /* y = k + b r mod q */ 1201 BN_mod_exp(u, g, k, p, ctx); /* x = g^k mod p */ |
| 1187 1188 /* 1189 * Alice verifies x = g^y v^r to confirm that Bob has group key 1190 * b. She needs p, q, g from parameters, (y, x) from Bob and the 1191 * original r. We omit the detail here thatt only the hash of y 1192 * is sent. 1193 */ | 1202 1203 /* 1204 * Alice verifies x = g^y v^r to confirm that Bob has group key 1205 * b. She needs p, q, g from parameters, (y, x) from Bob and the 1206 * original r. We omit the detail here thatt only the hash of y 1207 * is sent. 1208 */ |
| 1194 BN_mod_exp(v, dsa->g, v, dsa->p, ctx); /* g^y mod p */ 1195 BN_mod_exp(w, dsa->pub_key, r, dsa->p, ctx); /* v^r */ 1196 BN_mod_mul(v, w, v, dsa->p, ctx); /* product mod p */ | 1209 BN_mod_exp(v, g, v, p, ctx); /* g^y mod p */ 1210 BN_mod_exp(w, pub_key, r, p, ctx); /* v^r */ 1211 BN_mod_mul(v, w, v, p, ctx); /* product mod p */ |
| 1197 temp = BN_cmp(u, v); 1198 fprintf(stderr, 1199 "Confirm g^k = g^(k + b r) g^(q - b) r: %s\n", temp == 1200 0 ? "yes" : "no"); 1201 BN_free(b); BN_free(r); BN_free(k); 1202 BN_free(u); BN_free(v); BN_free(w); BN_CTX_free(ctx); 1203 if (temp != 0) { 1204 DSA_free(dsa); --- 91 unchanged lines hidden (view full) --- 1296 ) 1297{ 1298 EVP_PKEY *pkey; /* private key */ 1299 RSA *rsa; /* RSA parameters */ 1300 BN_CTX *ctx; /* BN working space */ 1301 BIGNUM *u, *v, *g, *k, *r, *y; /* BN temps */ 1302 FILE *str; 1303 u_int temp; | 1212 temp = BN_cmp(u, v); 1213 fprintf(stderr, 1214 "Confirm g^k = g^(k + b r) g^(q - b) r: %s\n", temp == 1215 0 ? "yes" : "no"); 1216 BN_free(b); BN_free(r); BN_free(k); 1217 BN_free(u); BN_free(v); BN_free(w); BN_CTX_free(ctx); 1218 if (temp != 0) { 1219 DSA_free(dsa); --- 91 unchanged lines hidden (view full) --- 1311 ) 1312{ 1313 EVP_PKEY *pkey; /* private key */ 1314 RSA *rsa; /* RSA parameters */ 1315 BN_CTX *ctx; /* BN working space */ 1316 BIGNUM *u, *v, *g, *k, *r, *y; /* BN temps */ 1317 FILE *str; 1318 u_int temp; |
| 1304 | 1319 BIGNUM *b; 1320 const BIGNUM *n; 1321 |
| 1305 /* 1306 * Generate RSA parameters for use as GQ parameters. 1307 */ 1308 fprintf(stderr, 1309 "Generating GQ parameters (%d bits)...\n", 1310 modulus2); | 1322 /* 1323 * Generate RSA parameters for use as GQ parameters. 1324 */ 1325 fprintf(stderr, 1326 "Generating GQ parameters (%d bits)...\n", 1327 modulus2); |
| 1311 rsa = RSA_generate_key(modulus2, 65537, cb, _UC("GQ")); | 1328 rsa = genRsaKeyPair(modulus2, _UC("GQ")); |
| 1312 fprintf(stderr, "\n"); 1313 if (rsa == NULL) { 1314 fprintf(stderr, "RSA generate keys fails\n%s\n", 1315 ERR_error_string(ERR_get_error(), NULL)); 1316 return (NULL); 1317 } | 1329 fprintf(stderr, "\n"); 1330 if (rsa == NULL) { 1331 fprintf(stderr, "RSA generate keys fails\n%s\n", 1332 ERR_error_string(ERR_get_error(), NULL)); 1333 return (NULL); 1334 } |
| 1335 RSA_get0_key(rsa, &n, NULL, NULL); |
|
| 1318 u = BN_new(); v = BN_new(); g = BN_new(); 1319 k = BN_new(); r = BN_new(); y = BN_new(); | 1336 u = BN_new(); v = BN_new(); g = BN_new(); 1337 k = BN_new(); r = BN_new(); y = BN_new(); |
| 1338 b = BN_new(); |
|
| 1320 1321 /* 1322 * Generate the group key b, which is saved in the e member of 1323 * the RSA structure. The group key is transmitted to each group 1324 * member encrypted by the member private key. 1325 */ 1326 ctx = BN_CTX_new(); | 1339 1340 /* 1341 * Generate the group key b, which is saved in the e member of 1342 * the RSA structure. The group key is transmitted to each group 1343 * member encrypted by the member private key. 1344 */ 1345 ctx = BN_CTX_new(); |
| 1327 BN_rand(rsa->e, BN_num_bits(rsa->n), -1, 0); /* b */ 1328 BN_mod(rsa->e, rsa->e, rsa->n, ctx); | 1346 BN_rand(b, BN_num_bits(n), -1, 0); /* b */ 1347 BN_mod(b, b, n, ctx); |
| 1329 1330 /* 1331 * When generating his certificate, Bob rolls random private key 1332 * u, then computes inverse v = u^-1. 1333 */ | 1348 1349 /* 1350 * When generating his certificate, Bob rolls random private key 1351 * u, then computes inverse v = u^-1. 1352 */ |
| 1334 BN_rand(u, BN_num_bits(rsa->n), -1, 0); /* u */ 1335 BN_mod(u, u, rsa->n, ctx); 1336 BN_mod_inverse(v, u, rsa->n, ctx); /* u^-1 mod n */ 1337 BN_mod_mul(k, v, u, rsa->n, ctx); | 1353 BN_rand(u, BN_num_bits(n), -1, 0); /* u */ 1354 BN_mod(u, u, n, ctx); 1355 BN_mod_inverse(v, u, n, ctx); /* u^-1 mod n */ 1356 BN_mod_mul(k, v, u, n, ctx); |
| 1338 1339 /* 1340 * Bob computes public key v = (u^-1)^b, which is saved in an 1341 * extension field on his certificate. We check that u^b v = 1342 * 1 mod n. 1343 */ | 1357 1358 /* 1359 * Bob computes public key v = (u^-1)^b, which is saved in an 1360 * extension field on his certificate. We check that u^b v = 1361 * 1 mod n. 1362 */ |
| 1344 BN_mod_exp(v, v, rsa->e, rsa->n, ctx); 1345 BN_mod_exp(g, u, rsa->e, rsa->n, ctx); /* u^b */ 1346 BN_mod_mul(g, g, v, rsa->n, ctx); /* u^b (u^-1)^b */ | 1363 BN_mod_exp(v, v, b, n, ctx); 1364 BN_mod_exp(g, u, b, n, ctx); /* u^b */ 1365 BN_mod_mul(g, g, v, n, ctx); /* u^b (u^-1)^b */ |
| 1347 temp = BN_is_one(g); 1348 fprintf(stderr, 1349 "Confirm u^b (u^-1)^b = 1 mod n: %s\n", temp ? "yes" : 1350 "no"); 1351 if (!temp) { 1352 BN_free(u); BN_free(v); 1353 BN_free(g); BN_free(k); BN_free(r); BN_free(y); 1354 BN_CTX_free(ctx); 1355 RSA_free(rsa); 1356 return (NULL); 1357 } | 1366 temp = BN_is_one(g); 1367 fprintf(stderr, 1368 "Confirm u^b (u^-1)^b = 1 mod n: %s\n", temp ? "yes" : 1369 "no"); 1370 if (!temp) { 1371 BN_free(u); BN_free(v); 1372 BN_free(g); BN_free(k); BN_free(r); BN_free(y); 1373 BN_CTX_free(ctx); 1374 RSA_free(rsa); 1375 return (NULL); 1376 } |
| 1358 BN_copy(rsa->p, u); /* private key */ 1359 BN_copy(rsa->q, v); /* public key */ | 1377 /* setting 'u' and 'v' into a RSA object takes over ownership. 1378 * Since we use these values again, we have to pass in dupes, 1379 * or we'll corrupt the program! 1380 */ 1381 RSA_set0_factors(rsa, BN_dup(u), BN_dup(v)); |
| 1360 1361 /* 1362 * Here is a trial run of the protocol. First, Alice rolls 1363 * random nonce r mod n and sends it to Bob. She needs only n 1364 * from parameters. 1365 */ | 1382 1383 /* 1384 * Here is a trial run of the protocol. First, Alice rolls 1385 * random nonce r mod n and sends it to Bob. She needs only n 1386 * from parameters. 1387 */ |
| 1366 BN_rand(r, BN_num_bits(rsa->n), -1, 0); /* r */ 1367 BN_mod(r, r, rsa->n, ctx); | 1388 BN_rand(r, BN_num_bits(n), -1, 0); /* r */ 1389 BN_mod(r, r, n, ctx); |
| 1368 1369 /* 1370 * Bob rolls random nonce k mod n, computes y = k u^r mod n and 1371 * g = k^b mod n, then sends (y, g) to Alice. He needs n, u, b 1372 * from parameters and r from Alice. 1373 */ | 1390 1391 /* 1392 * Bob rolls random nonce k mod n, computes y = k u^r mod n and 1393 * g = k^b mod n, then sends (y, g) to Alice. He needs n, u, b 1394 * from parameters and r from Alice. 1395 */ |
| 1374 BN_rand(k, BN_num_bits(rsa->n), -1, 0); /* k */ 1375 BN_mod(k, k, rsa->n, ctx); 1376 BN_mod_exp(y, rsa->p, r, rsa->n, ctx); /* u^r mod n */ 1377 BN_mod_mul(y, k, y, rsa->n, ctx); /* y = k u^r mod n */ 1378 BN_mod_exp(g, k, rsa->e, rsa->n, ctx); /* g = k^b mod n */ | 1396 BN_rand(k, BN_num_bits(n), -1, 0); /* k */ 1397 BN_mod(k, k, n, ctx); 1398 BN_mod_exp(y, u, r, n, ctx); /* u^r mod n */ 1399 BN_mod_mul(y, k, y, n, ctx); /* y = k u^r mod n */ 1400 BN_mod_exp(g, k, b, n, ctx); /* g = k^b mod n */ |
| 1379 1380 /* 1381 * Alice verifies g = v^r y^b mod n to confirm that Bob has 1382 * private key u. She needs n, g from parameters, public key v = 1383 * (u^-1)^b from the certificate, (y, g) from Bob and the 1384 * original r. We omit the detaul here that only the hash of g 1385 * is sent. 1386 */ | 1401 1402 /* 1403 * Alice verifies g = v^r y^b mod n to confirm that Bob has 1404 * private key u. She needs n, g from parameters, public key v = 1405 * (u^-1)^b from the certificate, (y, g) from Bob and the 1406 * original r. We omit the detaul here that only the hash of g 1407 * is sent. 1408 */ |
| 1387 BN_mod_exp(v, rsa->q, r, rsa->n, ctx); /* v^r mod n */ 1388 BN_mod_exp(y, y, rsa->e, rsa->n, ctx); /* y^b mod n */ 1389 BN_mod_mul(y, v, y, rsa->n, ctx); /* v^r y^b mod n */ | 1409 BN_mod_exp(v, v, r, n, ctx); /* v^r mod n */ 1410 BN_mod_exp(y, y, b, n, ctx); /* y^b mod n */ 1411 BN_mod_mul(y, v, y, n, ctx); /* v^r y^b mod n */ |
| 1390 temp = BN_cmp(y, g); 1391 fprintf(stderr, "Confirm g^k = v^r y^b mod n: %s\n", temp == 0 ? 1392 "yes" : "no"); 1393 BN_CTX_free(ctx); BN_free(u); BN_free(v); 1394 BN_free(g); BN_free(k); BN_free(r); BN_free(y); 1395 if (temp != 0) { 1396 RSA_free(rsa); 1397 return (NULL); --- 7 unchanged lines hidden (view full) --- 1405 * e group key b 1406 * d not used 1407 * p private key u 1408 * q public key (u^-1)^b 1409 * dmp1 not used 1410 * dmq1 not used 1411 * iqmp not used 1412 */ | 1412 temp = BN_cmp(y, g); 1413 fprintf(stderr, "Confirm g^k = v^r y^b mod n: %s\n", temp == 0 ? 1414 "yes" : "no"); 1415 BN_CTX_free(ctx); BN_free(u); BN_free(v); 1416 BN_free(g); BN_free(k); BN_free(r); BN_free(y); 1417 if (temp != 0) { 1418 RSA_free(rsa); 1419 return (NULL); --- 7 unchanged lines hidden (view full) --- 1427 * e group key b 1428 * d not used 1429 * p private key u 1430 * q public key (u^-1)^b 1431 * dmp1 not used 1432 * dmq1 not used 1433 * iqmp not used 1434 */ |
| 1413 BN_copy(rsa->d, BN_value_one()); 1414 BN_copy(rsa->dmp1, BN_value_one()); 1415 BN_copy(rsa->dmq1, BN_value_one()); 1416 BN_copy(rsa->iqmp, BN_value_one()); | 1435 RSA_set0_key(rsa, NULL, b, BN_dup(BN_value_one())); 1436 RSA_set0_crt_params(rsa, BN_dup(BN_value_one()), BN_dup(BN_value_one()), 1437 BN_dup(BN_value_one())); |
| 1417 str = fheader("GQkey", id, groupname); 1418 pkey = EVP_PKEY_new(); 1419 EVP_PKEY_assign_RSA(pkey, rsa); 1420 PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL, 1421 passwd1); 1422 fclose(str); 1423 if (debug) 1424 RSA_print_fp(stderr, rsa, 0); --- 79 unchanged lines hidden (view full) --- 1504 const char *id, /* file name id */ 1505 EVP_PKEY **evpars /* parameter list pointer */ 1506 ) 1507{ 1508 EVP_PKEY *pkey, *pkey1; /* private keys */ 1509 DSA *dsa, *dsa2, *sdsa; /* DSA parameters */ 1510 BN_CTX *ctx; /* BN working space */ 1511 BIGNUM *a[MVMAX]; /* polynomial coefficient vector */ | 1438 str = fheader("GQkey", id, groupname); 1439 pkey = EVP_PKEY_new(); 1440 EVP_PKEY_assign_RSA(pkey, rsa); 1441 PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL, 1442 passwd1); 1443 fclose(str); 1444 if (debug) 1445 RSA_print_fp(stderr, rsa, 0); --- 79 unchanged lines hidden (view full) --- 1525 const char *id, /* file name id */ 1526 EVP_PKEY **evpars /* parameter list pointer */ 1527 ) 1528{ 1529 EVP_PKEY *pkey, *pkey1; /* private keys */ 1530 DSA *dsa, *dsa2, *sdsa; /* DSA parameters */ 1531 BN_CTX *ctx; /* BN working space */ 1532 BIGNUM *a[MVMAX]; /* polynomial coefficient vector */ |
| 1512 BIGNUM *g[MVMAX]; /* public key vector */ | 1533 BIGNUM *gs[MVMAX]; /* public key vector */ |
| 1513 BIGNUM *s1[MVMAX]; /* private enabling keys */ 1514 BIGNUM *x[MVMAX]; /* polynomial zeros vector */ 1515 BIGNUM *xbar[MVMAX], *xhat[MVMAX]; /* private keys vector */ 1516 BIGNUM *b; /* group key */ 1517 BIGNUM *b1; /* inverse group key */ 1518 BIGNUM *s; /* enabling key */ 1519 BIGNUM *biga; /* master encryption key */ 1520 BIGNUM *bige; /* session encryption key */ 1521 BIGNUM *gbar, *ghat; /* public key */ 1522 BIGNUM *u, *v, *w; /* BN scratch */ | 1534 BIGNUM *s1[MVMAX]; /* private enabling keys */ 1535 BIGNUM *x[MVMAX]; /* polynomial zeros vector */ 1536 BIGNUM *xbar[MVMAX], *xhat[MVMAX]; /* private keys vector */ 1537 BIGNUM *b; /* group key */ 1538 BIGNUM *b1; /* inverse group key */ 1539 BIGNUM *s; /* enabling key */ 1540 BIGNUM *biga; /* master encryption key */ 1541 BIGNUM *bige; /* session encryption key */ 1542 BIGNUM *gbar, *ghat; /* public key */ 1543 BIGNUM *u, *v, *w; /* BN scratch */ |
| 1544 BIGNUM *p, *q, *g, *priv_key, *pub_key; |
|
| 1523 int i, j, n; 1524 FILE *str; 1525 u_int temp; 1526 1527 /* 1528 * Generate MV parameters. 1529 * 1530 * The object is to generate a multiplicative group Zp* modulo a --- 8 unchanged lines hidden (view full) --- 1539 */ 1540 n = nkeys; 1541 fprintf(stderr, 1542 "Generating MV parameters for %d keys (%d bits)...\n", n, 1543 modulus2 / n); 1544 ctx = BN_CTX_new(); u = BN_new(); v = BN_new(); w = BN_new(); 1545 b = BN_new(); b1 = BN_new(); 1546 dsa = DSA_new(); | 1545 int i, j, n; 1546 FILE *str; 1547 u_int temp; 1548 1549 /* 1550 * Generate MV parameters. 1551 * 1552 * The object is to generate a multiplicative group Zp* modulo a --- 8 unchanged lines hidden (view full) --- 1561 */ 1562 n = nkeys; 1563 fprintf(stderr, 1564 "Generating MV parameters for %d keys (%d bits)...\n", n, 1565 modulus2 / n); 1566 ctx = BN_CTX_new(); u = BN_new(); v = BN_new(); w = BN_new(); 1567 b = BN_new(); b1 = BN_new(); 1568 dsa = DSA_new(); |
| 1547 dsa->p = BN_new(); dsa->q = BN_new(); dsa->g = BN_new(); 1548 dsa->priv_key = BN_new(); dsa->pub_key = BN_new(); | 1569 p = BN_new(); q = BN_new(); g = BN_new(); 1570 priv_key = BN_new(); pub_key = BN_new(); |
| 1549 temp = 0; 1550 for (j = 1; j <= n; j++) { 1551 s1[j] = BN_new(); 1552 while (1) { | 1571 temp = 0; 1572 for (j = 1; j <= n; j++) { 1573 s1[j] = BN_new(); 1574 while (1) { |
| 1553 BN_generate_prime(s1[j], modulus2 / n, 0, NULL, 1554 NULL, NULL, NULL); | 1575 BN_generate_prime_ex(s1[j], modulus2 / n, 0, 1576 NULL, NULL, NULL); |
| 1555 for (i = 1; i < j; i++) { 1556 if (BN_cmp(s1[i], s1[j]) == 0) 1557 break; 1558 } 1559 if (i == j) 1560 break; 1561 temp++; 1562 } --- 9 unchanged lines hidden (view full) --- 1572 * factoring q to find the primes should be adequately hard, as 1573 * this is the same problem considered hard in RSA. Question: is 1574 * it as hard to find n small prime factors totalling n bits as 1575 * it is to find two large prime factors totalling n bits? 1576 * Remember, the bad guy doesn't know n. 1577 */ 1578 temp = 0; 1579 while (1) { | 1577 for (i = 1; i < j; i++) { 1578 if (BN_cmp(s1[i], s1[j]) == 0) 1579 break; 1580 } 1581 if (i == j) 1582 break; 1583 temp++; 1584 } --- 9 unchanged lines hidden (view full) --- 1594 * factoring q to find the primes should be adequately hard, as 1595 * this is the same problem considered hard in RSA. Question: is 1596 * it as hard to find n small prime factors totalling n bits as 1597 * it is to find two large prime factors totalling n bits? 1598 * Remember, the bad guy doesn't know n. 1599 */ 1600 temp = 0; 1601 while (1) { |
| 1580 BN_one(dsa->q); | 1602 BN_one(q); |
| 1581 for (j = 1; j <= n; j++) | 1603 for (j = 1; j <= n; j++) |
| 1582 BN_mul(dsa->q, dsa->q, s1[j], ctx); 1583 BN_copy(dsa->p, dsa->q); 1584 BN_add(dsa->p, dsa->p, dsa->p); 1585 BN_add_word(dsa->p, 1); 1586 if (BN_is_prime(dsa->p, BN_prime_checks, NULL, ctx, 1587 NULL)) | 1604 BN_mul(q, q, s1[j], ctx); 1605 BN_copy(p, q); 1606 BN_add(p, p, p); 1607 BN_add_word(p, 1); 1608 if (BN_is_prime_ex(p, BN_prime_checks, ctx, NULL)) |
| 1588 break; 1589 1590 temp++; 1591 j = temp % n + 1; 1592 while (1) { | 1609 break; 1610 1611 temp++; 1612 j = temp % n + 1; 1613 while (1) { |
| 1593 BN_generate_prime(u, modulus2 / n, 0, 0, NULL, 1594 NULL, NULL); | 1614 BN_generate_prime_ex(u, modulus2 / n, 0, 1615 NULL, NULL, NULL); |
| 1595 for (i = 1; i <= n; i++) { 1596 if (BN_cmp(u, s1[i]) == 0) 1597 break; 1598 } 1599 if (i > n) 1600 break; 1601 } 1602 BN_copy(s1[j], u); 1603 } 1604 fprintf(stderr, "Defective keys regenerated %d\n", temp); 1605 1606 /* 1607 * Compute the generator g using a random roll such that 1608 * gcd(g, p - 1) = 1 and g^q = 1. This is a generator of p, not 1609 * q. This may take several iterations. 1610 */ | 1616 for (i = 1; i <= n; i++) { 1617 if (BN_cmp(u, s1[i]) == 0) 1618 break; 1619 } 1620 if (i > n) 1621 break; 1622 } 1623 BN_copy(s1[j], u); 1624 } 1625 fprintf(stderr, "Defective keys regenerated %d\n", temp); 1626 1627 /* 1628 * Compute the generator g using a random roll such that 1629 * gcd(g, p - 1) = 1 and g^q = 1. This is a generator of p, not 1630 * q. This may take several iterations. 1631 */ |
| 1611 BN_copy(v, dsa->p); | 1632 BN_copy(v, p); |
| 1612 BN_sub_word(v, 1); 1613 while (1) { | 1633 BN_sub_word(v, 1); 1634 while (1) { |
| 1614 BN_rand(dsa->g, BN_num_bits(dsa->p) - 1, 0, 0); 1615 BN_mod(dsa->g, dsa->g, dsa->p, ctx); 1616 BN_gcd(u, dsa->g, v, ctx); | 1635 BN_rand(g, BN_num_bits(p) - 1, 0, 0); 1636 BN_mod(g, g, p, ctx); 1637 BN_gcd(u, g, v, ctx); |
| 1617 if (!BN_is_one(u)) 1618 continue; 1619 | 1638 if (!BN_is_one(u)) 1639 continue; 1640 |
| 1620 BN_mod_exp(u, dsa->g, dsa->q, dsa->p, ctx); | 1641 BN_mod_exp(u, g, q, p, ctx); |
| 1621 if (BN_is_one(u)) 1622 break; 1623 } 1624 | 1642 if (BN_is_one(u)) 1643 break; 1644 } 1645 |
| 1646 DSA_set0_pqg(dsa, p, q, g); 1647 |
|
| 1625 /* 1626 * Setup is now complete. Roll random polynomial roots x[j] 1627 * (j = 1...n) for all j. While it may not be strictly 1628 * necessary, Make sure each root has no factors in common with 1629 * q. 1630 */ 1631 fprintf(stderr, 1632 "Generating polynomial coefficients for %d roots (%d bits)\n", | 1648 /* 1649 * Setup is now complete. Roll random polynomial roots x[j] 1650 * (j = 1...n) for all j. While it may not be strictly 1651 * necessary, Make sure each root has no factors in common with 1652 * q. 1653 */ 1654 fprintf(stderr, 1655 "Generating polynomial coefficients for %d roots (%d bits)\n", |
| 1633 n, BN_num_bits(dsa->q)); | 1656 n, BN_num_bits(q)); |
| 1634 for (j = 1; j <= n; j++) { 1635 x[j] = BN_new(); 1636 1637 while (1) { | 1657 for (j = 1; j <= n; j++) { 1658 x[j] = BN_new(); 1659 1660 while (1) { |
| 1638 BN_rand(x[j], BN_num_bits(dsa->q), 0, 0); 1639 BN_mod(x[j], x[j], dsa->q, ctx); 1640 BN_gcd(u, x[j], dsa->q, ctx); | 1661 BN_rand(x[j], BN_num_bits(q), 0, 0); 1662 BN_mod(x[j], x[j], q, ctx); 1663 BN_gcd(u, x[j], q, ctx); |
| 1641 if (BN_is_one(u)) 1642 break; 1643 } 1644 } 1645 1646 /* 1647 * Generate polynomial coefficients a[i] (i = 0...n) from the 1648 * expansion of root products (x - x[j]) mod q for all j. The 1649 * method is a present from Charlie Boncelet. 1650 */ 1651 for (i = 0; i <= n; i++) { 1652 a[i] = BN_new(); 1653 BN_one(a[i]); 1654 } 1655 for (j = 1; j <= n; j++) { 1656 BN_zero(w); 1657 for (i = 0; i < j; i++) { | 1664 if (BN_is_one(u)) 1665 break; 1666 } 1667 } 1668 1669 /* 1670 * Generate polynomial coefficients a[i] (i = 0...n) from the 1671 * expansion of root products (x - x[j]) mod q for all j. The 1672 * method is a present from Charlie Boncelet. 1673 */ 1674 for (i = 0; i <= n; i++) { 1675 a[i] = BN_new(); 1676 BN_one(a[i]); 1677 } 1678 for (j = 1; j <= n; j++) { 1679 BN_zero(w); 1680 for (i = 0; i < j; i++) { |
| 1658 BN_copy(u, dsa->q); 1659 BN_mod_mul(v, a[i], x[j], dsa->q, ctx); | 1681 BN_copy(u, q); 1682 BN_mod_mul(v, a[i], x[j], q, ctx); |
| 1660 BN_sub(u, u, v); 1661 BN_add(u, u, w); 1662 BN_copy(w, a[i]); | 1683 BN_sub(u, u, v); 1684 BN_add(u, u, w); 1685 BN_copy(w, a[i]); |
| 1663 BN_mod(a[i], u, dsa->q, ctx); | 1686 BN_mod(a[i], u, q, ctx); |
| 1664 } 1665 } 1666 1667 /* | 1687 } 1688 } 1689 1690 /* |
| 1668 * Generate g[i] = g^a[i] mod p for all i and the generator g. | 1691 * Generate gs[i] = g^a[i] mod p for all i and the generator g. |
| 1669 */ 1670 for (i = 0; i <= n; i++) { | 1692 */ 1693 for (i = 0; i <= n; i++) { |
| 1671 g[i] = BN_new(); 1672 BN_mod_exp(g[i], dsa->g, a[i], dsa->p, ctx); | 1694 gs[i] = BN_new(); 1695 BN_mod_exp(gs[i], g, a[i], p, ctx); |
| 1673 } 1674 1675 /* | 1696 } 1697 1698 /* |
| 1676 * Verify prod(g[i]^(a[i] x[j]^i)) = 1 for all i, j. Note the 1677 * a[i] x[j]^i exponent is computed mod q, but the g[i] is | 1699 * Verify prod(gs[i]^(a[i] x[j]^i)) = 1 for all i, j. Note the 1700 * a[i] x[j]^i exponent is computed mod q, but the gs[i] is |
| 1678 * computed mod p. also note the expression given in the paper 1679 * is incorrect. 1680 */ 1681 temp = 1; 1682 for (j = 1; j <= n; j++) { 1683 BN_one(u); 1684 for (i = 0; i <= n; i++) { 1685 BN_set_word(v, i); | 1701 * computed mod p. also note the expression given in the paper 1702 * is incorrect. 1703 */ 1704 temp = 1; 1705 for (j = 1; j <= n; j++) { 1706 BN_one(u); 1707 for (i = 0; i <= n; i++) { 1708 BN_set_word(v, i); |
| 1686 BN_mod_exp(v, x[j], v, dsa->q, ctx); 1687 BN_mod_mul(v, v, a[i], dsa->q, ctx); 1688 BN_mod_exp(v, dsa->g, v, dsa->p, ctx); 1689 BN_mod_mul(u, u, v, dsa->p, ctx); | 1709 BN_mod_exp(v, x[j], v, q, ctx); 1710 BN_mod_mul(v, v, a[i], q, ctx); 1711 BN_mod_exp(v, g, v, p, ctx); 1712 BN_mod_mul(u, u, v, p, ctx); |
| 1690 } 1691 if (!BN_is_one(u)) 1692 temp = 0; 1693 } 1694 fprintf(stderr, | 1713 } 1714 if (!BN_is_one(u)) 1715 temp = 0; 1716 } 1717 fprintf(stderr, |
| 1695 "Confirm prod(g[i]^(x[j]^i)) = 1 for all i, j: %s\n", temp ? | 1718 "Confirm prod(gs[i]^(x[j]^i)) = 1 for all i, j: %s\n", temp ? |
| 1696 "yes" : "no"); 1697 if (!temp) { 1698 return (NULL); 1699 } 1700 1701 /* 1702 * Make private encryption key A. Keep it around for awhile, 1703 * since it is expensive to compute. 1704 */ 1705 biga = BN_new(); 1706 1707 BN_one(biga); 1708 for (j = 1; j <= n; j++) { 1709 for (i = 0; i < n; i++) { 1710 BN_set_word(v, i); | 1719 "yes" : "no"); 1720 if (!temp) { 1721 return (NULL); 1722 } 1723 1724 /* 1725 * Make private encryption key A. Keep it around for awhile, 1726 * since it is expensive to compute. 1727 */ 1728 biga = BN_new(); 1729 1730 BN_one(biga); 1731 for (j = 1; j <= n; j++) { 1732 for (i = 0; i < n; i++) { 1733 BN_set_word(v, i); |
| 1711 BN_mod_exp(v, x[j], v, dsa->q, ctx); 1712 BN_mod_exp(v, g[i], v, dsa->p, ctx); 1713 BN_mod_mul(biga, biga, v, dsa->p, ctx); | 1734 BN_mod_exp(v, x[j], v, q, ctx); 1735 BN_mod_exp(v, gs[i], v, p, ctx); 1736 BN_mod_mul(biga, biga, v, p, ctx); |
| 1714 } 1715 } 1716 1717 /* 1718 * Roll private random group key b mod q (0 < b < q), where 1719 * gcd(b, q) = 1 to guarantee b^-1 exists, then compute b^-1 1720 * mod q. If b is changed, the client keys must be recomputed. 1721 */ 1722 while (1) { | 1737 } 1738 } 1739 1740 /* 1741 * Roll private random group key b mod q (0 < b < q), where 1742 * gcd(b, q) = 1 to guarantee b^-1 exists, then compute b^-1 1743 * mod q. If b is changed, the client keys must be recomputed. 1744 */ 1745 while (1) { |
| 1723 BN_rand(b, BN_num_bits(dsa->q), 0, 0); 1724 BN_mod(b, b, dsa->q, ctx); 1725 BN_gcd(u, b, dsa->q, ctx); | 1746 BN_rand(b, BN_num_bits(q), 0, 0); 1747 BN_mod(b, b, q, ctx); 1748 BN_gcd(u, b, q, ctx); |
| 1726 if (BN_is_one(u)) 1727 break; 1728 } | 1749 if (BN_is_one(u)) 1750 break; 1751 } |
| 1729 BN_mod_inverse(b1, b, dsa->q, ctx); | 1752 BN_mod_inverse(b1, b, q, ctx); |
| 1730 1731 /* 1732 * Make private client keys (xbar[j], xhat[j]) for all j. Note 1733 * that the keys for the jth client do not s1[j] or the product 1734 * s1[j]) (j = 1...n) which is q by construction. 1735 * 1736 * Compute the factor w such that w s1[j] = s1[j] for all j. The 1737 * easy way to do this is to compute (q + s1[j]) / s1[j]. 1738 * Exercise for the student: prove the remainder is always zero. 1739 */ 1740 for (j = 1; j <= n; j++) { 1741 xbar[j] = BN_new(); xhat[j] = BN_new(); 1742 | 1753 1754 /* 1755 * Make private client keys (xbar[j], xhat[j]) for all j. Note 1756 * that the keys for the jth client do not s1[j] or the product 1757 * s1[j]) (j = 1...n) which is q by construction. 1758 * 1759 * Compute the factor w such that w s1[j] = s1[j] for all j. The 1760 * easy way to do this is to compute (q + s1[j]) / s1[j]. 1761 * Exercise for the student: prove the remainder is always zero. 1762 */ 1763 for (j = 1; j <= n; j++) { 1764 xbar[j] = BN_new(); xhat[j] = BN_new(); 1765 |
| 1743 BN_add(w, dsa->q, s1[j]); | 1766 BN_add(w, q, s1[j]); |
| 1744 BN_div(w, u, w, s1[j], ctx); 1745 BN_zero(xbar[j]); 1746 BN_set_word(v, n); 1747 for (i = 1; i <= n; i++) { 1748 if (i == j) 1749 continue; 1750 | 1767 BN_div(w, u, w, s1[j], ctx); 1768 BN_zero(xbar[j]); 1769 BN_set_word(v, n); 1770 for (i = 1; i <= n; i++) { 1771 if (i == j) 1772 continue; 1773 |
| 1751 BN_mod_exp(u, x[i], v, dsa->q, ctx); | 1774 BN_mod_exp(u, x[i], v, q, ctx); |
| 1752 BN_add(xbar[j], xbar[j], u); 1753 } | 1775 BN_add(xbar[j], xbar[j], u); 1776 } |
| 1754 BN_mod_mul(xbar[j], xbar[j], b1, dsa->q, ctx); 1755 BN_mod_exp(xhat[j], x[j], v, dsa->q, ctx); 1756 BN_mod_mul(xhat[j], xhat[j], w, dsa->q, ctx); | 1777 BN_mod_mul(xbar[j], xbar[j], b1, q, ctx); 1778 BN_mod_exp(xhat[j], x[j], v, q, ctx); 1779 BN_mod_mul(xhat[j], xhat[j], w, q, ctx); |
| 1757 } 1758 1759 /* 1760 * We revoke client j by dividing q by s1[j]. The quotient 1761 * becomes the enabling key s. Note we always have to revoke 1762 * one key; otherwise, the plaintext and cryptotext would be 1763 * identical. For the present there are no provisions to revoke 1764 * additional keys, so we sail on with only token revocations. 1765 */ 1766 s = BN_new(); | 1780 } 1781 1782 /* 1783 * We revoke client j by dividing q by s1[j]. The quotient 1784 * becomes the enabling key s. Note we always have to revoke 1785 * one key; otherwise, the plaintext and cryptotext would be 1786 * identical. For the present there are no provisions to revoke 1787 * additional keys, so we sail on with only token revocations. 1788 */ 1789 s = BN_new(); |
| 1767 BN_copy(s, dsa->q); | 1790 BN_copy(s, q); |
| 1768 BN_div(s, u, s, s1[n], ctx); 1769 1770 /* 1771 * For each combination of clients to be revoked, make private 1772 * encryption key E = A^s and partial decryption keys gbar = g^s 1773 * and ghat = g^(s b), all mod p. The servers use these keys to 1774 * compute the session encryption key and partial decryption 1775 * keys. These values must be regenerated if the enabling key is 1776 * changed. 1777 */ 1778 bige = BN_new(); gbar = BN_new(); ghat = BN_new(); | 1791 BN_div(s, u, s, s1[n], ctx); 1792 1793 /* 1794 * For each combination of clients to be revoked, make private 1795 * encryption key E = A^s and partial decryption keys gbar = g^s 1796 * and ghat = g^(s b), all mod p. The servers use these keys to 1797 * compute the session encryption key and partial decryption 1798 * keys. These values must be regenerated if the enabling key is 1799 * changed. 1800 */ 1801 bige = BN_new(); gbar = BN_new(); ghat = BN_new(); |
| 1779 BN_mod_exp(bige, biga, s, dsa->p, ctx); 1780 BN_mod_exp(gbar, dsa->g, s, dsa->p, ctx); 1781 BN_mod_mul(v, s, b, dsa->q, ctx); 1782 BN_mod_exp(ghat, dsa->g, v, dsa->p, ctx); | 1802 BN_mod_exp(bige, biga, s, p, ctx); 1803 BN_mod_exp(gbar, g, s, p, ctx); 1804 BN_mod_mul(v, s, b, q, ctx); 1805 BN_mod_exp(ghat, g, v, p, ctx); |
| 1783 1784 /* 1785 * Notes: We produce the key media in three steps. The first 1786 * step is to generate the system parameters p, q, g, b, A and 1787 * the enabling keys s1[j]. Associated with each s1[j] are 1788 * parameters xbar[j] and xhat[j]. All of these parameters are 1789 * retained in a data structure protecteted by the trusted-agent 1790 * password. The p, xbar[j] and xhat[j] paremeters are --- 19 unchanged lines hidden (view full) --- 1810 * g generator g 1811 * priv_key A mod p 1812 * pub_key b mod q 1813 * (remaining values are not used) 1814 */ 1815 i = 0; 1816 str = fheader("MVta", "mvta", groupname); 1817 fprintf(stderr, "Generating MV trusted-authority keys\n"); | 1806 1807 /* 1808 * Notes: We produce the key media in three steps. The first 1809 * step is to generate the system parameters p, q, g, b, A and 1810 * the enabling keys s1[j]. Associated with each s1[j] are 1811 * parameters xbar[j] and xhat[j]. All of these parameters are 1812 * retained in a data structure protecteted by the trusted-agent 1813 * password. The p, xbar[j] and xhat[j] paremeters are --- 19 unchanged lines hidden (view full) --- 1833 * g generator g 1834 * priv_key A mod p 1835 * pub_key b mod q 1836 * (remaining values are not used) 1837 */ 1838 i = 0; 1839 str = fheader("MVta", "mvta", groupname); 1840 fprintf(stderr, "Generating MV trusted-authority keys\n"); |
| 1818 BN_copy(dsa->priv_key, biga); 1819 BN_copy(dsa->pub_key, b); | 1841 BN_copy(priv_key, biga); 1842 BN_copy(pub_key, b); 1843 DSA_set0_key(dsa, pub_key, priv_key); |
| 1820 pkey = EVP_PKEY_new(); 1821 EVP_PKEY_assign_DSA(pkey, dsa); 1822 PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL, 1823 passwd1); 1824 evpars[i++] = pkey; 1825 if (debug) 1826 DSA_print_fp(stderr, dsa, 0); 1827 --- 5 unchanged lines hidden (view full) --- 1833 * q modulus q (used only when generating k) 1834 * g bige 1835 * priv_key gbar 1836 * pub_key ghat 1837 * (remaining values are not used) 1838 */ 1839 fprintf(stderr, "Generating MV server keys\n"); 1840 dsa2 = DSA_new(); | 1844 pkey = EVP_PKEY_new(); 1845 EVP_PKEY_assign_DSA(pkey, dsa); 1846 PEM_write_PKCS8PrivateKey(str, pkey, cipher, NULL, 0, NULL, 1847 passwd1); 1848 evpars[i++] = pkey; 1849 if (debug) 1850 DSA_print_fp(stderr, dsa, 0); 1851 --- 5 unchanged lines hidden (view full) --- 1857 * q modulus q (used only when generating k) 1858 * g bige 1859 * priv_key gbar 1860 * pub_key ghat 1861 * (remaining values are not used) 1862 */ 1863 fprintf(stderr, "Generating MV server keys\n"); 1864 dsa2 = DSA_new(); |
| 1841 dsa2->p = BN_dup(dsa->p); 1842 dsa2->q = BN_dup(dsa->q); 1843 dsa2->g = BN_dup(bige); 1844 dsa2->priv_key = BN_dup(gbar); 1845 dsa2->pub_key = BN_dup(ghat); | 1865 DSA_set0_pqg(dsa2, BN_dup(p), BN_dup(q), BN_dup(bige)); 1866 DSA_set0_key(dsa2, BN_dup(ghat), BN_dup(gbar)); |
| 1846 pkey1 = EVP_PKEY_new(); 1847 EVP_PKEY_assign_DSA(pkey1, dsa2); 1848 PEM_write_PKCS8PrivateKey(str, pkey1, cipher, NULL, 0, NULL, 1849 passwd1); 1850 evpars[i++] = pkey1; 1851 if (debug) 1852 DSA_print_fp(stderr, dsa2, 0); 1853 --- 4 unchanged lines hidden (view full) --- 1858 * p modulus p 1859 * priv_key xbar[j] mod q 1860 * pub_key xhat[j] mod q 1861 * (remaining values are not used) 1862 */ 1863 fprintf(stderr, "Generating %d MV client keys\n", n); 1864 for (j = 1; j <= n; j++) { 1865 sdsa = DSA_new(); | 1867 pkey1 = EVP_PKEY_new(); 1868 EVP_PKEY_assign_DSA(pkey1, dsa2); 1869 PEM_write_PKCS8PrivateKey(str, pkey1, cipher, NULL, 0, NULL, 1870 passwd1); 1871 evpars[i++] = pkey1; 1872 if (debug) 1873 DSA_print_fp(stderr, dsa2, 0); 1874 --- 4 unchanged lines hidden (view full) --- 1879 * p modulus p 1880 * priv_key xbar[j] mod q 1881 * pub_key xhat[j] mod q 1882 * (remaining values are not used) 1883 */ 1884 fprintf(stderr, "Generating %d MV client keys\n", n); 1885 for (j = 1; j <= n; j++) { 1886 sdsa = DSA_new(); |
| 1866 sdsa->p = BN_dup(dsa->p); 1867 sdsa->q = BN_dup(BN_value_one()); 1868 sdsa->g = BN_dup(BN_value_one()); 1869 sdsa->priv_key = BN_dup(xbar[j]); 1870 sdsa->pub_key = BN_dup(xhat[j]); | 1887 DSA_set0_pqg(sdsa, BN_dup(p), BN_dup(BN_value_one()), 1888 BN_dup(BN_value_one())); 1889 DSA_set0_key(sdsa, BN_dup(xhat[j]), BN_dup(xbar[j])); |
| 1871 pkey1 = EVP_PKEY_new(); 1872 EVP_PKEY_set1_DSA(pkey1, sdsa); 1873 PEM_write_PKCS8PrivateKey(str, pkey1, cipher, NULL, 0, 1874 NULL, passwd1); 1875 evpars[i++] = pkey1; 1876 if (debug) 1877 DSA_print_fp(stderr, sdsa, 0); 1878 1879 /* | 1890 pkey1 = EVP_PKEY_new(); 1891 EVP_PKEY_set1_DSA(pkey1, sdsa); 1892 PEM_write_PKCS8PrivateKey(str, pkey1, cipher, NULL, 0, 1893 NULL, passwd1); 1894 evpars[i++] = pkey1; 1895 if (debug) 1896 DSA_print_fp(stderr, sdsa, 0); 1897 1898 /* |
| 1880 * The product gbar^k)^xbar[j] (ghat^k)^xhat[j] and E | 1899 * The product (gbar^k)^xbar[j] (ghat^k)^xhat[j] and E |
| 1881 * are inverses of each other. We check that the product 1882 * is one for each client except the ones that have been 1883 * revoked. 1884 */ | 1900 * are inverses of each other. We check that the product 1901 * is one for each client except the ones that have been 1902 * revoked. 1903 */ |
| 1885 BN_mod_exp(v, dsa2->priv_key, sdsa->pub_key, dsa->p, 1886 ctx); 1887 BN_mod_exp(u, dsa2->pub_key, sdsa->priv_key, dsa->p, 1888 ctx); 1889 BN_mod_mul(u, u, v, dsa->p, ctx); 1890 BN_mod_mul(u, u, bige, dsa->p, ctx); | 1904 BN_mod_exp(v, gbar, xhat[j], p, ctx); 1905 BN_mod_exp(u, ghat, xbar[j], p, ctx); 1906 BN_mod_mul(u, u, v, p, ctx); 1907 BN_mod_mul(u, u, bige, p, ctx); |
| 1891 if (!BN_is_one(u)) { 1892 fprintf(stderr, "Revoke key %d\n", j); 1893 continue; 1894 } 1895 } 1896 evpars[i++] = NULL; 1897 fclose(str); 1898 1899 /* 1900 * Free the countries. 1901 */ 1902 for (i = 0; i <= n; i++) { | 1908 if (!BN_is_one(u)) { 1909 fprintf(stderr, "Revoke key %d\n", j); 1910 continue; 1911 } 1912 } 1913 evpars[i++] = NULL; 1914 fclose(str); 1915 1916 /* 1917 * Free the countries. 1918 */ 1919 for (i = 0; i <= n; i++) { |
| 1903 BN_free(a[i]); BN_free(g[i]); | 1920 BN_free(a[i]); BN_free(gs[i]); |
| 1904 } 1905 for (j = 1; j <= n; j++) { 1906 BN_free(x[j]); BN_free(xbar[j]); BN_free(xhat[j]); 1907 BN_free(s1[j]); 1908 } 1909 return (pkey); 1910} 1911 --- 28 unchanged lines hidden (view full) --- 1940 1941 /* 1942 * Generate X509 self-signed certificate. 1943 * 1944 * Set the certificate serial to the NTP seconds for grins. Set 1945 * the version to 3. Set the initial validity to the current 1946 * time and the finalvalidity one year hence. 1947 */ | 1921 } 1922 for (j = 1; j <= n; j++) { 1923 BN_free(x[j]); BN_free(xbar[j]); BN_free(xhat[j]); 1924 BN_free(s1[j]); 1925 } 1926 return (pkey); 1927} 1928 --- 28 unchanged lines hidden (view full) --- 1957 1958 /* 1959 * Generate X509 self-signed certificate. 1960 * 1961 * Set the certificate serial to the NTP seconds for grins. Set 1962 * the version to 3. Set the initial validity to the current 1963 * time and the finalvalidity one year hence. 1964 */ |
| 1948 id = OBJ_nid2sn(md->pkey_type); | 1965 id = OBJ_nid2sn(EVP_MD_pkey_type(md)); |
| 1949 fprintf(stderr, "Generating new certificate %s %s\n", name, id); 1950 cert = X509_new(); 1951 X509_set_version(cert, 2L); 1952 serial = ASN1_INTEGER_new(); 1953 ASN1_INTEGER_set(serial, (long)epoch + JAN_1970); 1954 X509_set_serialNumber(cert, serial); 1955 ASN1_INTEGER_free(serial); 1956 X509_time_adj(X509_get_notBefore(cert), 0L, &epoch); --- 192 unchanged lines hidden (view full) --- 2149 return (gen_rsa(id)); 2150 2151 else if (strcmp(type, "DSA") == 0) 2152 return (gen_dsa(id)); 2153 2154 fprintf(stderr, "Invalid %s key type %s\n", id, type); 2155 return (NULL); 2156} | 1966 fprintf(stderr, "Generating new certificate %s %s\n", name, id); 1967 cert = X509_new(); 1968 X509_set_version(cert, 2L); 1969 serial = ASN1_INTEGER_new(); 1970 ASN1_INTEGER_set(serial, (long)epoch + JAN_1970); 1971 X509_set_serialNumber(cert, serial); 1972 ASN1_INTEGER_free(serial); 1973 X509_time_adj(X509_get_notBefore(cert), 0L, &epoch); --- 192 unchanged lines hidden (view full) --- 2166 return (gen_rsa(id)); 2167 2168 else if (strcmp(type, "DSA") == 0) 2169 return (gen_dsa(id)); 2170 2171 fprintf(stderr, "Invalid %s key type %s\n", id, type); 2172 return (NULL); 2173} |
| 2174 2175static RSA* 2176genRsaKeyPair( 2177 int bits, 2178 char * what 2179 ) 2180{ 2181 RSA * rsa = RSA_new(); 2182 BN_GENCB * gcb = BN_GENCB_new(); 2183 BIGNUM * bne = BN_new(); 2184 2185 if (gcb) 2186 BN_GENCB_set_old(gcb, cb, what); 2187 if (bne) 2188 BN_set_word(bne, 65537); 2189 if (!(rsa && gcb && bne && RSA_generate_key_ex( 2190 rsa, bits, bne, gcb))) 2191 { 2192 RSA_free(rsa); 2193 rsa = NULL; 2194 } 2195 BN_GENCB_free(gcb); 2196 BN_free(bne); 2197 return rsa; 2198} 2199 2200static DSA* 2201genDsaParams( 2202 int bits, 2203 char * what 2204 ) 2205{ 2206 2207 DSA * dsa = DSA_new(); 2208 BN_GENCB * gcb = BN_GENCB_new(); 2209 u_char seed[20]; 2210 2211 if (gcb) 2212 BN_GENCB_set_old(gcb, cb, what); 2213 RAND_bytes(seed, sizeof(seed)); 2214 if (!(dsa && gcb && DSA_generate_parameters_ex( 2215 dsa, bits, seed, sizeof(seed), NULL, NULL, gcb))) 2216 { 2217 DSA_free(dsa); 2218 dsa = NULL; 2219 } 2220 BN_GENCB_free(gcb); 2221 return dsa; 2222} 2223 |
|
| 2157#endif /* AUTOKEY */ 2158 2159 2160/* 2161 * Generate file header and link 2162 */ 2163FILE * 2164fheader ( --- 40 unchanged lines hidden --- | 2224#endif /* AUTOKEY */ 2225 2226 2227/* 2228 * Generate file header and link 2229 */ 2230FILE * 2231fheader ( --- 40 unchanged lines hidden --- |