// Berkeley Open Infrastructure for Network Computing // http://boinc.berkeley.edu // Copyright (C) 2005 University of California // // This is free software; you can redistribute it and/or // modify it under the terms of the GNU Lesser General Public // License as published by the Free Software Foundation; // either version 2.1 of the License, or (at your option) any later version. // // This software is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // See the GNU Lesser General Public License for more details. // // To view the GNU Lesser General Public License visit // http://www.gnu.org/copyleft/lesser.html // or write to the Free Software Foundation, Inc., // 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // utility program for encryption. // // -genkey n private_keyfile public_keyfile // create a key pair with n bits (512 <= n <= 1024) // write it in hex notation // -sign file private_keyfile // create a signature for a given file // write it in hex notation // -verify file signature_file public_keyfile // verify a signature // -test_crypt private_keyfile public_keyfile // test encrypt/decrypt #include #include #include #include "crypt.h" void die(const char* p) { fprintf(stderr, "Error: %s\n", p); exit(1); } #ifdef USE_RSAEURO void better_random_create(R_RANDOM_STRUCT* r) { #ifdef __WINDOWS__ // in case we ever need this on Win try { HCRYPTPROV hCryptProv; if(! CryptAcquireContext(&hCryptProv, NULL, NULL, PROV_RSA_FULL, 0)) { throw except("cannot acquire crypt context"); } if(! CryptGenRandom(hCryptProv, (DWORD) size, (BYTE *) buf_ptr)) { CryptReleaseContext(hCryptProv, 0); throw except("cannot generate random data"); } CryptReleaseContext(hCryptProv, 0); } catch (except &e) { throw except(e, "cannot get random data"); } #endif FILE* f = fopen("/dev/random", "r"); if (!f) { fprintf(stderr, "can't open /dev/random\n"); exit(1); } fread(r->state, 16, 1, f); fread(r->output, 16, 1, f); fclose(f); r->bytesNeeded = 0; r->outputAvailable = 16; } #endif unsigned int random_int() { unsigned int n; FILE* f = fopen("/dev/random", "r"); if (!f) { fprintf(stderr, "can't open /dev/random\n"); exit(1); } fread(&n, sizeof(n), 1, f); return n; } int main(int argc, char** argv) { R_RSA_PUBLIC_KEY public_key; R_RSA_PRIVATE_KEY private_key; #ifdef USE_RSAEURO R_RANDOM_STRUCT randomStruct; R_RSA_PROTO_KEY protoKey; #endif int n, retval; bool is_valid; DATA_BLOCK signature, in, out; unsigned char signature_buf[256], buf[256], buf2[256]; FILE *f, *fpriv, *fpub; if (argc == 1) { printf("missing command\n"); exit(1); } if (!strcmp(argv[1], "-genkey")) { if (argc < 5) { fprintf(stderr, "missing cmdline args\n"); exit(1); } printf("creating keys in %s and %s\n", argv[3], argv[4]); n = atoi(argv[2]); #ifdef USE_RSAEURO better_random_create(&randomStruct); protoKey.bits = n; protoKey.useFermat4 = 1; retval = R_GeneratePEMKeys( &public_key, &private_key, &protoKey, &randomStruct ); if (retval) die("R_GeneratePEMKeys\n"); #endif #ifdef USE_OPENSSL srand(random_int()); RSA* rp = RSA_generate_key(n, 65537, 0, 0); openssl_to_keys(rp, n, private_key, public_key); #endif fpriv = fopen(argv[3], "w"); if (!fpriv) die("fopen"); fpub = fopen(argv[4], "w"); if (!fpub) die("fopen"); print_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); print_key_hex(fpub, (KEY*)&public_key, sizeof(public_key)); } else if (!strcmp(argv[1], "-sign")) { fpriv = fopen(argv[3], "r"); if (!fpriv) die("fopen"); retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); if (retval) die("scan_key_hex\n"); signature.data = signature_buf; signature.len = 256; retval = sign_file(argv[2], private_key, signature); print_hex_data(stdout, signature); } else if (!strcmp(argv[1], "-verify")) { fpub = fopen(argv[4], "r"); if (!fpub) die("fopen"); retval = scan_key_hex(fpub, (KEY*)&public_key, sizeof(public_key)); if (retval) die("read_public_key"); f = fopen(argv[3], "r"); signature.data = signature_buf; signature.len = 256; retval = scan_hex_data(f, signature); if (retval) die("scan_hex_data"); retval = verify_file(argv[2], public_key, signature, is_valid); if (retval) die("verify_file"); printf("file is %s\n", is_valid?"valid":"invalid"); } else if (!strcmp(argv[1], "-test_crypt")) { fpriv = fopen(argv[2], "r"); if (!fpriv) die("fopen"); retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key)); if (retval) die("scan_key_hex\n"); fpub = fopen(argv[3], "r"); if (!fpub) die("fopen"); retval = scan_key_hex(fpub, (KEY*)&public_key, sizeof(public_key)); if (retval) die("read_public_key"); strcpy((char*)buf2, "foobar"); in.data = buf2; in.len = strlen((char*)in.data); out.data = buf; encrypt_private(private_key, in, out); in = out; out.data = buf2; decrypt_public(public_key, in, out); printf("out: %s\n", out.data); } else { printf("unrecognized command\n"); } return 0; } const char *BOINC_RCSID_6633b596b9 = "$Id$";