keygen.c

PGP SDK 包括大范围的标准加密、数字签名和编解码技术

/*____________________________________________________________________________
keygen.c

Copyright (C) 2003,2004 PGP Corporation
All rights reserved.

FIPS 140-2 Operational Test/ Key Generation

$Id: keygen.c 48493 2006-10-12 21:19:56Z vinnie $
____________________________________________________________________________*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
 
#include "pgpErrors.h"
#include "pgpKeys.h"
#include "pgpDump.h"
#include "pgpPublicKey.h"
#include "pgpEncode.h"
#include "pgpUtilities.h"
#include "pgpRandomPool.h"
#include "pgpMemoryMgr.h"

 
#include "optest.h"
 
PGPError genEventHandler(PGPContextRef context,
						struct PGPEvent *event,
						 PGPUserValue userValue)
{
	PGPError err = kPGPError_NoErr;

	(void)context;
	(void)userValue;

	switch(event->type)
	{
		case kPGPEvent_InitialEvent:
			OPTESTPrintF("     Start KeyGen\n");
			break;
			
		case kPGPEvent_FinalEvent:
			OPTESTPrintF("     End KeyGen\n");
			break;

		case kPGPEvent_KeyGenEvent:
			{
				PGPUInt32 state =  event->data.keyGenData.state;
				OPTESTPrintF("%c",state);
				fflush(stdout);
			}
			break;

		default:
			OPTESTPrintF("Event %d\n",event->type);
			break;
	}
	  
	return err;
	
}


PGPError TestKeyGen (PGPContextRef context )
{

	PGPError			err			= kPGPError_NoErr;
 	PGPKeyDBRef			keyDB	 	= kInvalidPGPKeyDBRef;
	PGPKeyDBObjRef		key 		= kInvalidPGPKeyDBObjRef;
	PGPKeyDBObjRef		signingSubKey 		= kInvalidPGPKeyDBObjRef;
	PGPKeyDBObjRef		encryptionSubKey 	= kInvalidPGPKeyDBObjRef;

	const PGPPublicKeyAlgorithm keyType		= kPGPPublicKeyAlgorithm_RSA;
	const PGPUInt32				keySize	 	= 1024;
	
	const PGPPublicKeyAlgorithm encryptionSubKeyType	= kPGPPublicKeyAlgorithm_ElGamal;
	const PGPUInt32				encryptionSubKeySize	 = 1024;

	const PGPPublicKeyAlgorithm signingSubKeyType		= kPGPPublicKeyAlgorithm_DSA;
	const PGPUInt32				signingSubKeySize		= 1024;
 
	const PGPBoolean			fastGen		= FALSE;
	const char 					keyName[] 	= "FIPS test key";
	const char 					keyPassPhrase[] = "the passphrase";
	const char 					keyPassPhrase2[] = "another passphrase";
	
	PGPHashAlgorithm			hashList[] = {	kPGPHashAlgorithm_SHA512, kPGPHashAlgorithm_SHA384, 
												kPGPHashAlgorithm_SHA256, kPGPHashAlgorithm_SHA };

	PGPCipherAlgorithm			cipherList[] = {	kPGPCipherAlgorithm_3DES, kPGPCipherAlgorithm_AES256, 
													kPGPCipherAlgorithm_AES192, kPGPCipherAlgorithm_AES128  };
	
	PGPCompressionAlgorithm		compressList[] = { kPGPCompressionAlgorithm_BZIP2, kPGPCompressionAlgorithm_ZIP};
	
	PGPPreferredEmailEncoding	emailList[] = { kPGPPreferredEmailEncoding_PGPMIME, kPGPPreferredEmailEncoding_Partitioned};

	PGPUInt32 	entropyNeeded;
	void*		exportBuf	= NULL;
	void*		outBuf		= NULL;
	void*		dumpBuf		= NULL;
 	PGPSize		bufSize		= 0;
 	PGPSize		dumpBufSize	= 0;
  	DecodeInfo	decodeInfo;
	
	InitDecodeInfo(&decodeInfo);
  
 	/* Create a new, in-memory temporary key DB */
	err = PGPNewKeyDB( context, &keyDB  ); CKERR;
 
	OPTESTPrintF("\tCheck for sufficient random bits\n ");
	/* Check for sufficient random bits */
	entropyNeeded = PGPGetKeyEntropyNeeded(context,
						PGPOKeyGenParams( context,keyType, keySize),
						PGPOKeyGenFast( context, fastGen ),
						PGPOLastOption( context ) )
		          + PGPGetKeyEntropyNeeded(context,
						PGPOKeyGenParams( context,encryptionSubKeyType, encryptionSubKeySize),
						PGPOKeyGenFast( context, fastGen ),
						PGPOLastOption( context ) )
					+ PGPGetKeyEntropyNeeded(context,
						PGPOKeyGenParams( context,signingSubKeyType, signingSubKeySize),
						PGPOKeyGenFast( context, fastGen ),
						PGPOLastOption( context ) );

	err = ConsoleAcquireEntropy(context, entropyNeeded/8, NULL, TRUE); CKERR;
  
/* TE03.14.02  - Generate a key  */
 	OPTESTPrintF("\tGenerate Main Key (Encrypt and Sign) \n");  
 	err = PGPGenerateKey( context, &key,
 						PGPOKeyGenParams( context,keyType, keySize),
						PGPOKeyGenName( context, keyName, strlen(keyName)),
 						PGPOKeyDBRef( context, keyDB ),
						PGPOPassphrase( context, keyPassPhrase ),
						
					/* the rest are optional args */
						PGPOKeyGenFast( context, fastGen ),
						PGPOExpiration(context, 1),
						PGPOKeyFlags( context, kPGPKeyPropertyFlags_UsageSignUserIDs | kPGPKeyPropertyFlags_UsageSignMessages | kPGPKeyPropertyFlags_UsageEncrypt ),
 						PGPOPreferredHashAlgorithms(context, hashList, sizeof(hashList)/sizeof(PGPHashAlgorithm)),
						PGPOPreferredAlgorithms(context, cipherList, sizeof(cipherList)/sizeof(PGPCipherAlgorithm)),
						PGPOPreferredCompressionAlgorithms(context, compressList, sizeof(compressList)/sizeof(PGPCompressionAlgorithm)),
						PGPOPreferredEmailEncoding(context, emailList, sizeof(emailList)/sizeof(PGPPreferredEmailEncoding)),
						PGPONotationData(context, "Some Tag",8,  "Some Value", 10, kPGPNotationFlags_UserReadable ),
	 					PGPOKeyFeatures(context,  kPGPKeyFeatures_ModificationDetection ),
						PGPOEventHandler( context, OptestEventHandler, &decodeInfo),
						
					/* must be terminated with this though */
						PGPOLastOption( context ) ); CKERR;
  if(gVerbose_flag) OPTESTPrintF("\n");
 
/* TE03.14.02  - Update key properties */
	/* Generate and add Encryption sub key */
  	OPTESTPrintF("\tGenerate Encryption Sub Key \n"); 
	err = PGPGenerateSubKey( context, &encryptionSubKey,
					   PGPOKeyGenMasterKey( context, key ),
					   PGPOKeyGenParams( context,encryptionSubKeyType, encryptionSubKeySize),
					   PGPOExpiration(context, 1),
					   PGPOPassphrase( context, keyPassPhrase ),
					   PGPOKeyGenFast( context, fastGen ),
					   PGPOKeyFlags( context, kPGPKeyPropertyFlags_UsageEncrypt ),
 					   PGPOEventHandler( context, OptestEventHandler, &decodeInfo),
					   PGPOLastOption( context ) ); CKERR;
	if(gVerbose_flag) OPTESTPrintF("\n");

	/* Generate and add Signing sub key */
  	OPTESTPrintF("\tGenerate Signing Sub Key \n"); 
	err = PGPGenerateSubKey( context, &signingSubKey,
					   PGPOKeyGenMasterKey( context, key ),
					   PGPOKeyGenParams( context,signingSubKeyType, signingSubKeySize),
					   PGPOExpiration(context, 1),
					   PGPOPassphrase( context, keyPassPhrase ),
					   PGPOKeyGenFast( context, fastGen ),
					   PGPOKeyFlags( context, kPGPKeyPropertyFlags_UsageSignMessages ),
 					   PGPOEventHandler( context, OptestEventHandler, &decodeInfo),
					   PGPOLastOption( context ) ); CKERR;
	if(gVerbose_flag) OPTESTPrintF("\n");

	/* Update top key property to be sign userID only  
	  Note that you don't really need to do this, but we are testing that it works... */
	OPTESTPrintF("\tUpdate top key's flags\n");
	err = PGPUpdateKeyOptions(key, 
					PGPOKeyFlags( context, kPGPKeyPropertyFlags_UsageSignUserIDs), 
					PGPOPassphrase( context, keyPassPhrase ),
					PGPOLastOption( context ) );  CKERR;

	OPTESTPrintF("\tDisplay Key Information\n");
	printKeyDetails("     ",gVerbose_flag, key);
  
  	
 	/* Test if  passphrase is correct */
 	OPTESTPrintF("\tTesting passphrase...");
	if(!PGPPassphraseIsValid(key,
						  PGPOPassphrase( context, keyPassPhrase ),
						  PGPOLastOption( context )))
	{
		err = kPGPError_BadPassphrase;
		goto done;
	}
	OPTESTPrintF("OK\n");

	
/* TE03.14.02  - Change key/subkey passphrase  */
/* note that you must change both passphrases... else all kinds of things break */
	
 	OPTESTPrintF("\tChanging passphrase...");
	err = PGPChangePassphrase(key,
						   PGPOPassphrase( context, keyPassPhrase),
						   PGPOPassphrase( context, keyPassPhrase2),
						   PGPOLastOption( context )); CKERR;
						   
   err = PGPChangePassphrase(encryptionSubKey,
							 PGPOPassphrase( context, keyPassPhrase),
							 PGPOPassphrase( context, keyPassPhrase2),
							 PGPOLastOption( context )); CKERR;

 err = PGPChangePassphrase(signingSubKey,
							 PGPOPassphrase( context, keyPassPhrase),
							 PGPOPassphrase( context, keyPassPhrase2),
							 PGPOLastOption( context )); CKERR;
   OPTESTPrintF("OK\n");
 
	
	/* Test if  passphrase is correct */
	OPTESTPrintF("\tTesting new passphrase...");
	if(!PGPPassphraseIsValid(key,
						  PGPOPassphrase( context, keyPassPhrase2 ),
						  PGPOLastOption( context )))
	{
		err = kPGPError_BadPassphrase;
		goto done;
	}
	OPTESTPrintF("OK\n");
	
	
	/*Note that User must perform PGPExport and PGPOExportPrivateKeys calls in order
	to get private key material */
 
/* TE03.14.02  - Export key(s) into key set  */
    OPTESTPrintF("\tCause the output of cryptographic key components\n");

	err = PGPExport(context,
				 PGPOExportKeyDBObj(context, key),
   	 			 PGPOExportPrivateKeys(context,TRUE),
 				 PGPOExportPrivateSubkeys(context,TRUE),
 				 PGPOArmorOutput(context, TRUE),
 				 PGPOCommentString(context,"FIPS Test Key"),
 				 PGPOAllocatedOutputBuffer( context, &exportBuf, MAX_PGPSize, &bufSize),
				 PGPOLastOption( context ) ); CKERR;

	OPTESTPrintF("\tExport key buffer: %d bytes\n\n",(int) bufSize);
 	OPTESTPrintF("%s",(char*) exportBuf);
	 
	if(gVerbose_flag)
	{
		OPTESTPrintF("\n\tDecoded OpenPGP Packet\n");
		err = PGPDump(context, 
			( kPGPDumpFlags_DumpIntegers	 
			| kPGPDumpFlags_DumpLiteralPackets	 
			| kPGPDumpFlags_DumpMarkerPackets 
			| kPGPDumpFlags_DumpPrivatePackets),
						PGPOInputBuffer( context, exportBuf , bufSize),
						PGPOAllocatedOutputBuffer( context, &dumpBuf, MAX_PGPSize, &dumpBufSize),
						PGPOLastOption( context ) ); CKERR;

		OPTESTPrintF("%s",(char*) dumpBuf);
	}

  
done:
	if(outBuf)
		FREE(outBuf);
 
	if( dumpBuf)
		PGPFreeData(dumpBuf);
 
	if( exportBuf)
		PGPFreeData(exportBuf);
	
 	if( PGPKeyDBRefIsValid( keyDB ) )
		PGPFreeKeyDB( keyDB );

 
    return err;
}