1 /*
2 * Copyright (c) 2018, [Ribose Inc](https://www.ribose.com).
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without modification,
6 * are permitted provided that the following conditions are met:
7 *
8 * 1. Redistributions of source code must retain the above copyright notice,
9 * this list of conditions and the following disclaimer.
10 *
11 * 2. Redistributions in binary form must reproduce the above copyright notice,
12 * this list of conditions and the following disclaimer in the documentation
13 * and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
22 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
23 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25 */
26
27 #include <string.h>
28 #include <rnp/rnp.h>
29
30 #define RNP_SUCCESS 0
31
32 /* RSA key JSON description. 31536000 = 1 year expiration, 15768000 = half year */
33 const char *RSA_KEY_DESC = "{\
34 'primary': {\
35 'type': 'RSA',\
36 'length': 2048,\
37 'userid': 'rsa@key',\
38 'expiration': 31536000,\
39 'usage': ['sign'],\
40 'protection': {\
41 'cipher': 'AES256',\
42 'hash': 'SHA256'\
43 }\
44 },\
45 'sub': {\
46 'type': 'RSA',\
47 'length': 2048,\
48 'expiration': 15768000,\
49 'usage': ['encrypt'],\
50 'protection': {\
51 'cipher': 'AES256',\
52 'hash': 'SHA256'\
53 }\
54 }\
55 }";
56
57 const char *CURVE_25519_KEY_DESC = "{\
58 'primary': {\
59 'type': 'EDDSA',\
60 'userid': '25519@key',\
61 'expiration': 0,\
62 'usage': ['sign'],\
63 'protection': {\
64 'cipher': 'AES256',\
65 'hash': 'SHA256'\
66 }\
67 },\
68 'sub': {\
69 'type': 'ECDH',\
70 'curve': 'Curve25519',\
71 'expiration': 15768000,\
72 'usage': ['encrypt'],\
73 'protection': {\
74 'cipher': 'AES256',\
75 'hash': 'SHA256'\
76 }\
77 }\
78 }";
79
80 /* basic pass provider implementation, which always return 'password' for key protection.
81 You may ask for password via stdin, or choose password based on key properties, whatever else
82 */
83 static bool
example_pass_provider(rnp_ffi_t ffi,void * app_ctx,rnp_key_handle_t key,const char * pgp_context,char buf[],size_t buf_len)84 example_pass_provider(rnp_ffi_t ffi,
85 void * app_ctx,
86 rnp_key_handle_t key,
87 const char * pgp_context,
88 char buf[],
89 size_t buf_len)
90 {
91 if (strcmp(pgp_context, "protect")) {
92 return false;
93 }
94
95 strncpy(buf, "password", buf_len);
96 return true;
97 }
98
99 /* this simple helper function just prints armored key, searched by userid, to stdout */
100 static bool
ffi_print_key(rnp_ffi_t ffi,const char * uid,bool secret)101 ffi_print_key(rnp_ffi_t ffi, const char *uid, bool secret)
102 {
103 rnp_output_t keydata = NULL;
104 rnp_key_handle_t key = NULL;
105 uint32_t flags = RNP_KEY_EXPORT_ARMORED | RNP_KEY_EXPORT_SUBKEYS;
106 uint8_t * buf = NULL;
107 size_t buf_len = 0;
108 bool result = false;
109
110 /* you may search for the key via userid, keyid, fingerprint, grip */
111 if (rnp_locate_key(ffi, "userid", uid, &key) != RNP_SUCCESS) {
112 return false;
113 }
114
115 if (!key) {
116 return false;
117 }
118
119 /* create in-memory output structure to later use buffer */
120 if (rnp_output_to_memory(&keydata, 0) != RNP_SUCCESS) {
121 goto finish;
122 }
123
124 flags = flags | (secret ? RNP_KEY_EXPORT_SECRET : RNP_KEY_EXPORT_PUBLIC);
125 if (rnp_key_export(key, keydata, flags) != RNP_SUCCESS) {
126 goto finish;
127 }
128
129 /* get key's contents from the output structure */
130 if (rnp_output_memory_get_buf(keydata, &buf, &buf_len, false) != RNP_SUCCESS) {
131 goto finish;
132 }
133 fprintf(stdout, "%.*s", (int) buf_len, buf);
134
135 result = true;
136 finish:
137 rnp_key_handle_destroy(key);
138 rnp_output_destroy(keydata);
139 return result;
140 }
141
142 static bool
ffi_export_key(rnp_ffi_t ffi,const char * uid,bool secret)143 ffi_export_key(rnp_ffi_t ffi, const char *uid, bool secret)
144 {
145 rnp_output_t keyfile = NULL;
146 rnp_key_handle_t key = NULL;
147 uint32_t flags = RNP_KEY_EXPORT_ARMORED | RNP_KEY_EXPORT_SUBKEYS;
148 char filename[32] = {0};
149 char * keyid = NULL;
150 bool result = false;
151
152 /* you may search for the key via userid, keyid, fingerprint, grip */
153 if (rnp_locate_key(ffi, "userid", uid, &key) != RNP_SUCCESS) {
154 return false;
155 }
156
157 if (!key) {
158 return false;
159 }
160
161 /* get key's id and build filename */
162 if (rnp_key_get_keyid(key, &keyid) != RNP_SUCCESS) {
163 goto finish;
164 }
165 snprintf(filename, sizeof(filename), "key-%s-%s.asc", keyid, secret ? "sec" : "pub");
166 rnp_buffer_destroy(keyid);
167
168 /* create file output structure */
169 if (rnp_output_to_path(&keyfile, filename) != RNP_SUCCESS) {
170 goto finish;
171 }
172
173 flags = flags | (secret ? RNP_KEY_EXPORT_SECRET : RNP_KEY_EXPORT_PUBLIC);
174 if (rnp_key_export(key, keyfile, flags) != RNP_SUCCESS) {
175 goto finish;
176 }
177
178 result = true;
179 finish:
180 rnp_key_handle_destroy(key);
181 rnp_output_destroy(keyfile);
182 return result;
183 }
184
185 /* this example function generates RSA/RSA and Eddsa/X25519 keypairs */
186 static int
ffi_generate_keys()187 ffi_generate_keys()
188 {
189 rnp_ffi_t ffi = NULL;
190 rnp_output_t keyfile = NULL;
191 char * key_grips = NULL;
192 int result = 1;
193
194 /* initialize FFI object */
195 if (rnp_ffi_create(&ffi, "GPG", "GPG") != RNP_SUCCESS) {
196 return result;
197 }
198
199 /* set password provider */
200 if (rnp_ffi_set_pass_provider(ffi, example_pass_provider, NULL)) {
201 goto finish;
202 }
203
204 /* generate EDDSA/X25519 keypair */
205 if (rnp_generate_key_json(ffi, CURVE_25519_KEY_DESC, &key_grips) != RNP_SUCCESS) {
206 fprintf(stdout, "failed to generate eddsa key\n");
207 goto finish;
208 }
209
210 fprintf(stdout, "Generated 25519 key/subkey:\n%s\n", key_grips);
211 /* destroying key_grips buffer is our obligation */
212 rnp_buffer_destroy(key_grips);
213 key_grips = NULL;
214
215 /* generate RSA keypair */
216 if (rnp_generate_key_json(ffi, RSA_KEY_DESC, &key_grips) != RNP_SUCCESS) {
217 fprintf(stdout, "failed to generate rsa key\n");
218 goto finish;
219 }
220
221 fprintf(stdout, "Generated RSA key/subkey:\n%s\n", key_grips);
222 rnp_buffer_destroy(key_grips);
223 key_grips = NULL;
224
225 /* create file output object and save public keyring with generated keys, overwriting
226 * previous file if any. You may use rnp_output_to_memory() here as well. */
227 if (rnp_output_to_path(&keyfile, "pubring.pgp") != RNP_SUCCESS) {
228 fprintf(stdout, "failed to initialize pubring.pgp writing\n");
229 goto finish;
230 }
231
232 if (rnp_save_keys(ffi, "GPG", keyfile, RNP_LOAD_SAVE_PUBLIC_KEYS) != RNP_SUCCESS) {
233 fprintf(stdout, "failed to save pubring\n");
234 goto finish;
235 }
236
237 rnp_output_destroy(keyfile);
238 keyfile = NULL;
239
240 /* create file output object and save secret keyring with generated keys */
241 if (rnp_output_to_path(&keyfile, "secring.pgp") != RNP_SUCCESS) {
242 fprintf(stdout, "failed to initialize secring.pgp writing\n");
243 goto finish;
244 }
245
246 if (rnp_save_keys(ffi, "GPG", keyfile, RNP_LOAD_SAVE_SECRET_KEYS) != RNP_SUCCESS) {
247 fprintf(stdout, "failed to save secring\n");
248 goto finish;
249 }
250
251 rnp_output_destroy(keyfile);
252 keyfile = NULL;
253
254 result = 0;
255 finish:
256 rnp_buffer_destroy(key_grips);
257 rnp_output_destroy(keyfile);
258 rnp_ffi_destroy(ffi);
259 return result;
260 }
261
262 static int
ffi_output_keys()263 ffi_output_keys()
264 {
265 rnp_ffi_t ffi = NULL;
266 rnp_input_t keyfile = NULL;
267 int result = 2;
268
269 /* initialize FFI object */
270 if (rnp_ffi_create(&ffi, "GPG", "GPG") != RNP_SUCCESS) {
271 return result;
272 }
273
274 /* load keyrings */
275 if (rnp_input_from_path(&keyfile, "pubring.pgp") != RNP_SUCCESS) {
276 fprintf(stdout, "failed to open pubring.pgp\n");
277 goto finish;
278 }
279
280 /* actually, we may use 0 instead of RNP_LOAD_SAVE_PUBLIC_KEYS, to not check key types */
281 if (rnp_load_keys(ffi, "GPG", keyfile, RNP_LOAD_SAVE_PUBLIC_KEYS) != RNP_SUCCESS) {
282 fprintf(stdout, "failed to read pubring.pgp\n");
283 goto finish;
284 }
285 rnp_input_destroy(keyfile);
286 keyfile = NULL;
287
288 if (rnp_input_from_path(&keyfile, "secring.pgp") != RNP_SUCCESS) {
289 fprintf(stdout, "failed to open secring.pgp\n");
290 goto finish;
291 }
292
293 if (rnp_load_keys(ffi, "GPG", keyfile, RNP_LOAD_SAVE_SECRET_KEYS) != RNP_SUCCESS) {
294 fprintf(stdout, "failed to read secring.pgp\n");
295 goto finish;
296 }
297 rnp_input_destroy(keyfile);
298 keyfile = NULL;
299
300 /* print armored keys to the stdout */
301 if (!ffi_print_key(ffi, "rsa@key", false) || !ffi_print_key(ffi, "rsa@key", true) ||
302 !ffi_print_key(ffi, "25519@key", false) || !ffi_print_key(ffi, "25519@key", true)) {
303 fprintf(stdout, "failed to print armored key(s)\n");
304 goto finish;
305 }
306
307 /* write armored keys to the files, named key-<keyid>-pub.asc/named key-<keyid>-sec.asc */
308 if (!ffi_export_key(ffi, "rsa@key", false) || !ffi_export_key(ffi, "rsa@key", true) ||
309 !ffi_export_key(ffi, "25519@key", false) || !ffi_export_key(ffi, "25519@key", true)) {
310 fprintf(stdout, "failed to write armored key(s) to file\n");
311 goto finish;
312 }
313
314 result = 0;
315 finish:
316 rnp_input_destroy(keyfile);
317 rnp_ffi_destroy(ffi);
318 return result;
319 }
320
321 int
main(int argc,char ** argv)322 main(int argc, char **argv)
323 {
324 int res = ffi_generate_keys();
325 if (res) {
326 return res;
327 }
328 res = ffi_output_keys();
329 return res;
330 }
331