keygen.c - pub/scm/linux/kernel/git/rafael/suspend-utils - Git at Google

 /*
  * keygen.c
  *
  * RSA key generator for the suspend and resume tools.
  *
  * Copyright (C) 2006 Rafael J. Wysocki <rjw@sisk.pl>
  *
  * This file is released under the GPLv2.
  *
  */

 #include "config.h"
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
 #include <errno.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
 #include <termios.h>

 #include "md5.h"
 #include "encrypt.h"

 #define MIN_KEY_BITS	1024
 #define MAX_KEY_BITS	4096
 #define MAX_OUT_SIZE	(sizeof(struct RSA_data))
 #define MAX_STR_LEN	256
 #define DEFAULT_FILE	"suspend.key"

 static char in_buffer[MAX_STR_LEN];
 static char pass_buf[MAX_STR_LEN];
 static struct RSA_data rsa;
 static unsigned char encrypt_buffer[RSA_DATA_SIZE];

 int main(int argc, char *argv[])
 {
 	gcry_ac_data_t rsa_data_set;
 	gcry_ac_handle_t rsa_hd;
 	gcry_ac_key_t rsa_priv;
 	gcry_ac_key_pair_t rsa_key_pair;
 	gcry_mpi_t mpi;
 	size_t offset;
 	int len = MIN_KEY_BITS, ret = EXIT_SUCCESS;
 	struct termios termios;
 	char *vrfy_buf;
 	struct md5_ctx ctx;
 	unsigned char key_buf[PK_KEY_SIZE];
 	gcry_cipher_hd_t sym_hd;
 	unsigned char ivec[PK_CIPHER_BLOCK];
 	unsigned short size;
 	int j, fd;

 	printf("libgcrypt version: %s\n", gcry_check_version(NULL));
 	gcry_control(GCRYCTL_INIT_SECMEM, 4096, 0);
 	ret = gcry_ac_open(&rsa_hd, GCRY_AC_RSA, 0);
 	if (ret)
 		return ret;

 	do {
 		printf("Key bits (between %d and %d inclusive) [%d]: ",
 			MIN_KEY_BITS, MAX_KEY_BITS, len);
 		fgets(in_buffer, MAX_STR_LEN, stdin);
 		if (strlen(in_buffer) && *in_buffer != '\n')
 			sscanf(in_buffer, "%d", &len);
 	} while (len < MIN_KEY_BITS || len > MAX_KEY_BITS);

 Retry:
 	printf("Generating %d-bit RSA keys.  Please wait.\n", len);
 	ret = gcry_ac_key_pair_generate(rsa_hd, len, NULL, &rsa_key_pair, NULL);
 	if (ret) {
 		fprintf(stderr, "Key generation failed: %s\n", gcry_strerror(ret));
 		ret = EXIT_FAILURE;
 		goto Close_RSA;
 	}
 	printf("Testing the private key.  Please wait.\n");
 	rsa_priv = gcry_ac_key_pair_extract(rsa_key_pair, GCRY_AC_KEY_SECRET);
 	ret = gcry_ac_key_test(rsa_hd, rsa_priv);
 	if (ret) {
 		printf("RSA key test failed.  Retrying.\n");
 		goto Retry;
 	}

 	rsa_data_set = gcry_ac_key_data_get(rsa_priv);
 	if (gcry_ac_data_length(rsa_data_set) != RSA_FIELDS) {
 		fprintf(stderr, "Wrong number of key fields\n");
 		ret = -EINVAL;
 		goto Free_RSA;
 	}

 	/* Copy the public key components to struct RSA_data */
 	offset = 0;
 	for (j = 0; j < RSA_FIELDS_PUB; j++) {
 		char *str;
 		size_t s;

 		gcry_ac_data_get_index(rsa_data_set, GCRY_AC_FLAG_COPY, j,
 					(const char **)&str, &mpi);
 		ret = gcry_mpi_print(GCRYMPI_FMT_USG, rsa.data + offset,
 					RSA_DATA_SIZE - offset, &s, mpi);
 		if (ret) {
 			fprintf(stderr, "RSA key components too big\n");
 			goto Free_RSA;
 		}

 		rsa.field[j][0] = str[0];
 		rsa.field[j][1] = '\0';
 		rsa.size[j] = s;
 		offset += s;
 		gcry_mpi_release(mpi);
 		gcry_free(str);
 	}

 	tcgetattr(0, &termios);
 	termios.c_lflag &= ~ECHO;
 	termios.c_lflag |= ICANON | ECHONL;
 	tcsetattr(0, TCSANOW, &termios);
 	vrfy_buf = (char *)encrypt_buffer;
 	do {
 		do {
 			printf("Passphrase please (must be non-empty): ");
 			fgets(pass_buf, MAX_STR_LEN, stdin);
 			len = strlen(pass_buf) - 1;
 		} while (len <= 0);
 		if (pass_buf[len] == '\n')
 			pass_buf[len] = '\0';
 		printf("Confirm passphrase: ");
 		fgets(vrfy_buf, MAX_STR_LEN, stdin);
 		if (vrfy_buf[len] == '\n')
 			vrfy_buf[len] = '\0';
 	} while (strncmp(pass_buf, vrfy_buf, MAX_STR_LEN));
 	termios.c_lflag |= ECHO;
 	tcsetattr(0, TCSANOW, &termios);

 	memset(ivec, 0, PK_CIPHER_BLOCK);
 	strncpy((char *)ivec, pass_buf, PK_CIPHER_BLOCK);
 	md5_init_ctx(&ctx);
 	md5_process_bytes(pass_buf, strlen(pass_buf), &ctx);
 	md5_finish_ctx(&ctx, key_buf);

 	/* First, we encrypt the key test */
 	ret = gcry_cipher_open(&sym_hd, PK_CIPHER, GCRY_CIPHER_MODE_CFB,
 				GCRY_CIPHER_SECURE);
 	if (ret)
 		goto Free_RSA;

 	ret = gcry_cipher_setkey(sym_hd, key_buf, PK_KEY_SIZE);
 	if (!ret)
 		ret = gcry_cipher_setiv(sym_hd, ivec, PK_CIPHER_BLOCK);

 	if (!ret)
 		ret = gcry_cipher_encrypt(sym_hd, rsa.key_test, KEY_TEST_SIZE,
 					KEY_TEST_DATA, KEY_TEST_SIZE);

 	gcry_cipher_close(sym_hd);
 	if (ret)
 		goto Free_RSA;

 	/* Now, we can encrypt the private RSA key */
 	ret = gcry_cipher_open(&sym_hd, PK_CIPHER, GCRY_CIPHER_MODE_CFB,
 				GCRY_CIPHER_SECURE);
 	if (ret)
 		goto Free_RSA;

 	ret = gcry_cipher_setkey(sym_hd, key_buf, PK_KEY_SIZE);
 	if (!ret)
 		ret = gcry_cipher_setiv(sym_hd, ivec, PK_CIPHER_BLOCK);

 	if (ret)
 		goto Free_sym;

 	/* Copy the private key components (encrypted) to struct RSA_data */
 	for (j = RSA_FIELDS_PUB; j < RSA_FIELDS; j++) {
 		char *str;
 		size_t s;

 		gcry_ac_data_get_index(rsa_data_set, GCRY_AC_FLAG_COPY, j,
 					(const char **)&str, &mpi);
 		ret = gcry_mpi_print(GCRYMPI_FMT_USG, rsa.data + offset,
 					RSA_DATA_SIZE - offset, &s, mpi);
 		if (ret) {
 			fprintf(stderr, "RSA key components too big\n");
 			goto Free_sym;
 		}

 		/* We encrypt the data in place */
 		ret = gcry_cipher_encrypt(sym_hd, rsa.data + offset, s, NULL, 0);
 		if (ret)
 			goto Free_sym;

 		rsa.field[j][0] = str[0];
 		rsa.field[j][1] = '\0';
 		rsa.size[j] = s;
 		offset += s;
 		gcry_mpi_release(mpi);
 		gcry_free(str);
 	}

 	size = offset + sizeof(struct RSA_data) - RSA_DATA_SIZE;

 	printf("File name [%s]: ", DEFAULT_FILE);
 	fgets(in_buffer, MAX_STR_LEN, stdin);
 	if (!strlen(in_buffer) || *in_buffer == '\n')
 		strcpy(in_buffer, DEFAULT_FILE);
 	else if (in_buffer[strlen(in_buffer)-1] == '\n')
 		in_buffer[strlen(in_buffer)-1] = '\0';
 	fd = open(in_buffer, O_RDWR | O_CREAT | O_TRUNC, 00600);
 	if (fd >= 0) {
 		write(fd, &rsa, size);
 		close(fd);
 	} else {
 		fprintf(stderr, "Could not open the file %s\n", in_buffer);
 		ret = EXIT_FAILURE;
 	}
 Free_sym:
 	gcry_cipher_close(sym_hd);
 Free_RSA:
 	gcry_ac_data_destroy(rsa_data_set);
 Close_RSA:
 	gcry_ac_close(rsa_hd);

 	return ret;
 }
	/*
	* keygen.c
	*
	* RSA key generator for the suspend and resume tools.
	*
	* Copyright (C) 2006 Rafael J. Wysocki <rjw@sisk.pl>
	*
	* This file is released under the GPLv2.
	*
	*/

	#include "config.h"
	#include <sys/types.h>
	#include <sys/stat.h>
	#include <fcntl.h>
	#include <unistd.h>
	#include <errno.h>
	#include <stdlib.h>
	#include <stdio.h>
	#include <string.h>
	#include <termios.h>

	#include "md5.h"
	#include "encrypt.h"

	#define MIN_KEY_BITS 1024
	#define MAX_KEY_BITS 4096
	#define MAX_OUT_SIZE (sizeof(struct RSA_data))
	#define MAX_STR_LEN 256
	#define DEFAULT_FILE "suspend.key"

	static char in_buffer[MAX_STR_LEN];
	static char pass_buf[MAX_STR_LEN];
	static struct RSA_data rsa;
	static unsigned char encrypt_buffer[RSA_DATA_SIZE];

	int main(int argc, char *argv[])
	{
	gcry_ac_data_t rsa_data_set;
	gcry_ac_handle_t rsa_hd;
	gcry_ac_key_t rsa_priv;
	gcry_ac_key_pair_t rsa_key_pair;
	gcry_mpi_t mpi;
	size_t offset;
	int len = MIN_KEY_BITS, ret = EXIT_SUCCESS;
	struct termios termios;
	char *vrfy_buf;
	struct md5_ctx ctx;
	unsigned char key_buf[PK_KEY_SIZE];
	gcry_cipher_hd_t sym_hd;
	unsigned char ivec[PK_CIPHER_BLOCK];
	unsigned short size;
	int j, fd;

	printf("libgcrypt version: %s\n", gcry_check_version(NULL));
	gcry_control(GCRYCTL_INIT_SECMEM, 4096, 0);
	ret = gcry_ac_open(&rsa_hd, GCRY_AC_RSA, 0);
	if (ret)
	return ret;

	do {
	printf("Key bits (between %d and %d inclusive) [%d]: ",
	MIN_KEY_BITS, MAX_KEY_BITS, len);
	fgets(in_buffer, MAX_STR_LEN, stdin);
	if (strlen(in_buffer) && *in_buffer != '\n')
	sscanf(in_buffer, "%d", &len);
	} while (len < MIN_KEY_BITS \|\| len > MAX_KEY_BITS);

	Retry:
	printf("Generating %d-bit RSA keys. Please wait.\n", len);
	ret = gcry_ac_key_pair_generate(rsa_hd, len, NULL, &rsa_key_pair, NULL);
	if (ret) {
	fprintf(stderr, "Key generation failed: %s\n", gcry_strerror(ret));
	ret = EXIT_FAILURE;
	goto Close_RSA;
	}
	printf("Testing the private key. Please wait.\n");
	rsa_priv = gcry_ac_key_pair_extract(rsa_key_pair, GCRY_AC_KEY_SECRET);
	ret = gcry_ac_key_test(rsa_hd, rsa_priv);
	if (ret) {
	printf("RSA key test failed. Retrying.\n");
	goto Retry;
	}

	rsa_data_set = gcry_ac_key_data_get(rsa_priv);
	if (gcry_ac_data_length(rsa_data_set) != RSA_FIELDS) {
	fprintf(stderr, "Wrong number of key fields\n");
	ret = -EINVAL;
	goto Free_RSA;
	}

	/* Copy the public key components to struct RSA_data */
	offset = 0;
	for (j = 0; j < RSA_FIELDS_PUB; j++) {
	char *str;
	size_t s;

	gcry_ac_data_get_index(rsa_data_set, GCRY_AC_FLAG_COPY, j,
	(const char **)&str, &mpi);
	ret = gcry_mpi_print(GCRYMPI_FMT_USG, rsa.data + offset,
	RSA_DATA_SIZE - offset, &s, mpi);
	if (ret) {
	fprintf(stderr, "RSA key components too big\n");
	goto Free_RSA;
	}

	rsa.field[j][0] = str[0];
	rsa.field[j][1] = '\0';
	rsa.size[j] = s;
	offset += s;
	gcry_mpi_release(mpi);
	gcry_free(str);
	}

	tcgetattr(0, &termios);
	termios.c_lflag &= ~ECHO;
	termios.c_lflag \|= ICANON \| ECHONL;
	tcsetattr(0, TCSANOW, &termios);
	vrfy_buf = (char *)encrypt_buffer;
	do {
	do {
	printf("Passphrase please (must be non-empty): ");
	fgets(pass_buf, MAX_STR_LEN, stdin);
	len = strlen(pass_buf) - 1;
	} while (len <= 0);
	if (pass_buf[len] == '\n')
	pass_buf[len] = '\0';
	printf("Confirm passphrase: ");
	fgets(vrfy_buf, MAX_STR_LEN, stdin);
	if (vrfy_buf[len] == '\n')
	vrfy_buf[len] = '\0';
	} while (strncmp(pass_buf, vrfy_buf, MAX_STR_LEN));
	termios.c_lflag \|= ECHO;
	tcsetattr(0, TCSANOW, &termios);

	memset(ivec, 0, PK_CIPHER_BLOCK);
	strncpy((char *)ivec, pass_buf, PK_CIPHER_BLOCK);
	md5_init_ctx(&ctx);
	md5_process_bytes(pass_buf, strlen(pass_buf), &ctx);
	md5_finish_ctx(&ctx, key_buf);

	/* First, we encrypt the key test */
	ret = gcry_cipher_open(&sym_hd, PK_CIPHER, GCRY_CIPHER_MODE_CFB,
	GCRY_CIPHER_SECURE);
	if (ret)
	goto Free_RSA;

	ret = gcry_cipher_setkey(sym_hd, key_buf, PK_KEY_SIZE);
	if (!ret)
	ret = gcry_cipher_setiv(sym_hd, ivec, PK_CIPHER_BLOCK);

	if (!ret)
	ret = gcry_cipher_encrypt(sym_hd, rsa.key_test, KEY_TEST_SIZE,
	KEY_TEST_DATA, KEY_TEST_SIZE);

	gcry_cipher_close(sym_hd);
	if (ret)
	goto Free_RSA;

	/* Now, we can encrypt the private RSA key */
	ret = gcry_cipher_open(&sym_hd, PK_CIPHER, GCRY_CIPHER_MODE_CFB,
	GCRY_CIPHER_SECURE);
	if (ret)
	goto Free_RSA;

	ret = gcry_cipher_setkey(sym_hd, key_buf, PK_KEY_SIZE);
	if (!ret)
	ret = gcry_cipher_setiv(sym_hd, ivec, PK_CIPHER_BLOCK);

	if (ret)
	goto Free_sym;

	/* Copy the private key components (encrypted) to struct RSA_data */
	for (j = RSA_FIELDS_PUB; j < RSA_FIELDS; j++) {
	char *str;
	size_t s;

	gcry_ac_data_get_index(rsa_data_set, GCRY_AC_FLAG_COPY, j,
	(const char **)&str, &mpi);
	ret = gcry_mpi_print(GCRYMPI_FMT_USG, rsa.data + offset,
	RSA_DATA_SIZE - offset, &s, mpi);
	if (ret) {
	fprintf(stderr, "RSA key components too big\n");
	goto Free_sym;
	}

	/* We encrypt the data in place */
	ret = gcry_cipher_encrypt(sym_hd, rsa.data + offset, s, NULL, 0);
	if (ret)
	goto Free_sym;

	rsa.field[j][0] = str[0];
	rsa.field[j][1] = '\0';
	rsa.size[j] = s;
	offset += s;
	gcry_mpi_release(mpi);
	gcry_free(str);
	}

	size = offset + sizeof(struct RSA_data) - RSA_DATA_SIZE;

	printf("File name [%s]: ", DEFAULT_FILE);
	fgets(in_buffer, MAX_STR_LEN, stdin);
	if (!strlen(in_buffer) \|\| *in_buffer == '\n')
	strcpy(in_buffer, DEFAULT_FILE);
	else if (in_buffer[strlen(in_buffer)-1] == '\n')
	in_buffer[strlen(in_buffer)-1] = '\0';
	fd = open(in_buffer, O_RDWR \| O_CREAT \| O_TRUNC, 00600);
	if (fd >= 0) {
	write(fd, &rsa, size);
	close(fd);
	} else {
	fprintf(stderr, "Could not open the file %s\n", in_buffer);
	ret = EXIT_FAILURE;
	}
	Free_sym:
	gcry_cipher_close(sym_hd);
	Free_RSA:
	gcry_ac_data_destroy(rsa_data_set);
	Close_RSA:
	gcry_ac_close(rsa_hd);

	return ret;
	}