int cache_public_key(VCRYPT_CTX *ctx, const char *username,
VCRYPT_PACKET *packet)
{
int ret;
// add dummy entry
if (!packet) {
rsa_context *pk = public_key_list_get(ctx->public_keys, username);
if (pk) {
ret = public_key_node_update(pk, NULL, NULL );
} else {
ret = public_key_list_add(&ctx->public_keys, username, NULL, NULL );
}
return ret ? ret : -ERR_NO_PUBKEY;
}
unsigned char *p = (unsigned char*) packet->payload;
unsigned char *end = p + packet->payload_len;
size_t len = 0;
mpi N, E;
if ((ret = asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE))
!= 0)
return -ERR_NO_PUBKEY;
if (p + len != end)
return -ERR_NO_PUBKEY;
mpi_init(&N);
mpi_init(&E);
if ((ret = asn1_get_mpi(&p, end, &N)) != 0
|| (ret = asn1_get_mpi(&p, end, &E)) != 0) {
mpi_free(&N);
mpi_free(&E);
return -ERR_NO_PUBKEY;
}
if (p != end) {
mpi_free(&N);
mpi_free(&E);
return -ERR_NO_PUBKEY;
}
rsa_context *pk = public_key_list_get(ctx->public_keys, username);
if (pk) {
ret = public_key_node_update(pk, &E, &N);
} else {
ret = public_key_list_add(&ctx->public_keys, username, &E, &N);
}
mpi_free(&N);
mpi_free(&E);
return ret;
}
/*
* Do an RSA private key operation
*/
int rsa_private( rsa_context *ctx,
const unsigned char *input,
unsigned char *output )
{
int ret;
size_t olen;
mpi T, T1, T2;
mpi_init( &T ); mpi_init( &T1 ); mpi_init( &T2 );
MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
{
mpi_free( &T );
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
}
#if defined(POLARSSL_RSA_NO_CRT)
MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
#else
/*
* faster decryption using the CRT
*
* T1 = input ^ dP mod P
* T2 = input ^ dQ mod Q
*/
MPI_CHK( mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) );
MPI_CHK( mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) );
/*
* T = (T1 - T2) * (Q^-1 mod P) mod P
*/
MPI_CHK( mpi_sub_mpi( &T, &T1, &T2 ) );
MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->QP ) );
MPI_CHK( mpi_mod_mpi( &T, &T1, &ctx->P ) );
/*
* output = T2 + T * Q
*/
MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
MPI_CHK( mpi_add_mpi( &T, &T2, &T1 ) );
#endif
olen = ctx->len;
MPI_CHK( mpi_write_binary( &T, output, olen ) );
cleanup:
mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 );
if( ret != 0 )
return( POLARSSL_ERR_RSA_PRIVATE_FAILED + ret );
return( 0 );
}
int to_public_key(lua_State* L, rsa_context* Prsa) {
int ret = 0;
int index;
if ( !Prsa)
return -1;
memset( Prsa, 0, sizeof( rsa_context ) );
index = lua_gettop(L);
ret = mpi_get_field(L, index, "N", &Prsa->N, 16);
ret = mpi_get_field(L, index, "E", &Prsa->E, 16);
mpi_init(&Prsa->D, NULL);
mpi_init(&Prsa->P, NULL);
mpi_init(&Prsa->Q, NULL);
mpi_init(&Prsa->DP, NULL);
mpi_init(&Prsa->DQ, NULL);
mpi_init(&Prsa->QP, NULL);
mpi_init(&Prsa->RN, NULL);
mpi_init(&Prsa->RP, NULL);
mpi_init(&Prsa->RQ, NULL);
if((ret = rsa_check_pubkey(Prsa))!=0)
printf("Erro na chave publica (%d)", ret);
return ret;
}
/*
* Check a private RSA key
*/
int rsa_check_privkey( const rsa_context *ctx )
{
int ret;
mpi PQ, DE, P1, Q1, H, I, G, G2, L1, L2;
if( ( ret = rsa_check_pubkey( ctx ) ) != 0 )
return( ret );
if( !ctx->P.p || !ctx->Q.p || !ctx->D.p )
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
mpi_init( &PQ ); mpi_init( &DE ); mpi_init( &P1 ); mpi_init( &Q1 );
mpi_init( &H ); mpi_init( &I ); mpi_init( &G ); mpi_init( &G2 );
mpi_init( &L1 ); mpi_init( &L2 );
MPI_CHK( mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
MPI_CHK( mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) );
MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
MPI_CHK( mpi_gcd( &G, &ctx->E, &H ) );
MPI_CHK( mpi_gcd( &G2, &P1, &Q1 ) );
MPI_CHK( mpi_div_mpi( &L1, &L2, &H, &G2 ) );
MPI_CHK( mpi_mod_mpi( &I, &DE, &L1 ) );
/*
* Check for a valid PKCS1v2 private key
*/
if( mpi_cmp_mpi( &PQ, &ctx->N ) != 0 ||
mpi_cmp_int( &L2, 0 ) != 0 ||
mpi_cmp_int( &I, 1 ) != 0 ||
mpi_cmp_int( &G, 1 ) != 0 )
{
ret = POLARSSL_ERR_RSA_KEY_CHECK_FAILED;
}
cleanup:
mpi_free( &PQ ); mpi_free( &DE ); mpi_free( &P1 ); mpi_free( &Q1 );
mpi_free( &H ); mpi_free( &I ); mpi_free( &G ); mpi_free( &G2 );
mpi_free( &L1 ); mpi_free( &L2 );
if( ret == POLARSSL_ERR_RSA_KEY_CHECK_FAILED )
return( ret );
if( ret != 0 )
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED + ret );
return( 0 );
}
/*
* Check if the private key is valid
*/
int rsa_check_privkey( rsa_context *ctx )
{
int ret = 0;
mpi TN, P1, Q1, H, G;
mpi_init( &TN, &P1, &Q1, &H, &G, NULL );
CHK( mpi_mul_mpi( &TN, &ctx->P, &ctx->Q ) );
CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
CHK( mpi_gcd( &G, &ctx->E, &H ) );
if( mpi_cmp_mpi( &TN, &ctx->N ) == 0 &&
mpi_cmp_int( &G, 1 ) == 0 )
{
mpi_free( &TN, &P1, &Q1, &H, &G, NULL );
return( 0 );
}
cleanup:
mpi_free( &TN, &P1, &Q1, &H, &G, NULL );
return( ERR_RSA_KEY_CHK_FAILED | ret );
}
/*
* Do an RSA public key operation
*/
int rsa_public( rsa_context *ctx,
unsigned char *input,
unsigned char *output )
{
int ret, olen;
mpi T;
mpi_init( &T, NULL );
MPI_CHK( mpi_read_binary( &T, input, ctx->len ) );
if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
{
mpi_free( &T, NULL );
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
}
olen = ctx->len;
MPI_CHK( mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
MPI_CHK( mpi_write_binary( &T, output, olen ) );
cleanup:
mpi_free( &T, NULL );
if( ret != 0 )
return( POLARSSL_ERR_RSA_PUBLIC_FAILED | ret );
return( 0 );
}
result_t X509Cert::get_serial(std::string &retVal)
{
x509_crt *crt = get_crt();
if (!crt)
return CHECK_ERROR(CALL_E_INVALID_CALL);
int ret;
mpi serial;
mpi_init(&serial);
ret = mpi_read_binary(&serial, crt->serial.p, crt->serial.len);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
retVal.resize(8192);
size_t sz = retVal.length();
ret = mpi_write_string(&serial, 10, &retVal[0], &sz);
mpi_free(&serial);
if (ret != 0)
return CHECK_ERROR(_ssl::setError(ret));
retVal.resize(sz - 1);
return 0;
}
/*
* Perform an RSA public key operation
*/
int rsa_public( rsa_context *ctx,
unsigned char *input, int ilen,
unsigned char *output, int *olen )
{
int ret;
mpi T;
// if( ilen != ctx->len || olen != ctx->len )
// return( ERR_RSA_BAD_INPUT_DATA );
mpi_init( &T, NULL );
CHK( mpi_import( &T, input, ilen ) );
if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
{
mpi_free( &T, NULL );
return( ERR_RSA_BAD_INPUT_DATA );
}
CHK( mpi_exp_mod( &T, &T, &ctx->E, &ctx->N, &ctx->RN ) );
CHK( mpi_export( &T, output, olen ) );
cleanup:
mpi_free( &T, NULL );
if( ret != 0 )
return( ERR_RSA_PUBLIC_FAILED | ret );
return( 0 );
}
char *
backend_x509_get_serial (openvpn_x509_cert_t *cert, struct gc_arena *gc)
{
char *buf = NULL;
size_t buflen = 0;
mpi serial_mpi = { 0 };
/* Transform asn1 integer serial into PolarSSL MPI */
mpi_init(&serial_mpi);
if (!polar_ok(mpi_read_binary(&serial_mpi, cert->serial.p, cert->serial.len)))
{
msg(M_WARN, "Failed to retrieve serial from certificate.");
return NULL;
}
/* Determine decimal representation length, allocate buffer */
mpi_write_string(&serial_mpi, 10, buf, &buflen);
buf = gc_malloc(buflen, true, gc);
/* Write MPI serial as decimal string into buffer */
if (!polar_ok(mpi_write_string(&serial_mpi, 10, buf, &buflen)))
{
msg(M_WARN, "Failed to write serial to string.");
return NULL;
}
return buf;
}
void x509write_crt_init( x509write_cert *ctx )
{
memset( ctx, 0, sizeof(x509write_cert) );
mpi_init( &ctx->serial );
ctx->version = X509_CRT_VERSION_3;
}
static int ctr_rsa_key_init(ctr_rsa_context* ctx )
{
int ret;
mpi P1, Q1;
mpi_init( &P1, &Q1, NULL );
MPI_CHK( mpi_sub_int( &P1, &ctx->rsa.P, 1 ) );
MPI_CHK( mpi_sub_int( &Q1, &ctx->rsa.Q, 1 ) );
/*
* DP = D mod (P - 1)
* DQ = D mod (Q - 1)
* QP = Q^-1 mod P
*/
MPI_CHK( mpi_mod_mpi( &ctx->rsa.DP, &ctx->rsa.D, &P1 ) );
MPI_CHK( mpi_mod_mpi( &ctx->rsa.DQ, &ctx->rsa.D, &Q1 ) );
MPI_CHK( mpi_inv_mod( &ctx->rsa.QP, &ctx->rsa.Q, &ctx->rsa.P ) );
cleanup:
mpi_free(&Q1, &P1, NULL );
if( ret != 0 )
{
rsa_free( &ctx->rsa );
return( POLARSSL_ERR_RSA_KEY_GEN_FAILED | ret );
}
return( 0 );
}
int main(int argc, char * argv[] ) {
time_t now = time(0);
int rank ,size;
SRAssembler* srassembler = NULL;
try {
mpi_init(argc,argv);
size=mpi_get_size();
rank=mpi_get_rank();
srassembler = SRAssembler::getInstance(rank);
int ret = srassembler->init(argc, argv, rank, size);
if (ret == -1) {
throw -1;
}
srassembler->do_preprocessing();
srassembler->do_walking();
} catch (int e) {
mpi_code code;
code.action = ACTION_EXIT;
code.value1 = 0;
code.value2 = 0;
mpi_bcast(get_mpi_code_value(code));
finalized();
return -1;
}
finalized();
if (rank == 0) {
string str = "Execution time: " + int2str(time(0) - now) + " seconds";
srassembler->get_logger()->info(str);
}
return 0;
}
/*
* Check a private RSA key
*/
int rsa_check_privkey( rsa_context *ctx )
{
int ret;
mpi PQ, DE, P1, Q1, H, I, G;
if( ( ret = rsa_check_pubkey( ctx ) ) != 0 )
return( ret );
if( !ctx->P.p || !ctx->Q.p || !ctx->D.p )
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
mpi_init( &PQ, &DE, &P1, &Q1, &H, &I, &G, NULL );
MPI_CHK( mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
MPI_CHK( mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) );
MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
MPI_CHK( mpi_mod_mpi( &I, &DE, &H ) );
MPI_CHK( mpi_gcd( &G, &ctx->E, &H ) );
if( mpi_cmp_mpi( &PQ, &ctx->N ) == 0 &&
mpi_cmp_int( &I, 1 ) == 0 &&
mpi_cmp_int( &G, 1 ) == 0 )
{
mpi_free( &G, &I, &H, &Q1, &P1, &DE, &PQ, NULL );
return( 0 );
}
cleanup:
mpi_free( &G, &I, &H, &Q1, &P1, &DE, &PQ, NULL );
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED | ret );
}
int main(int argc, char **argv)
{
#ifdef EFENCE
extern int EF_ALLOW_MALLOC_0;
EF_ALLOW_MALLOC_0 = 1;
#endif
mpi_init(&argc, &argv);
/* register handler for SIGINT */
signal(SIGINT, sigint_handler);
if (this_node == 0) {
/* master node */
#ifdef FORCE_CORE
/* core should be the last exit handler (process dies) */
atexit(core);
#endif
atexit(mpi_stop);
#ifdef TK
Tk_Main(argc, argv, appinit);
#else
Tcl_Main(argc, argv, appinit);
#endif
}
else {
/* slave node */
on_program_start(0);
mpi_loop();
}
return 0;
}
/*
* Generate an RSA keypair
*/
int rsa_gen_key( rsa_context *ctx, int nbits, int exponent,
ulong (*rng_fn)(void *), void *rng_st )
{
int ret;
mpi P1, Q1, H, G;
mpi_init( &P1, &Q1, &H, &G, NULL );
memset( ctx, 0, sizeof( rsa_context ) );
/*
* find primes P and Q with Q < P so that:
* GCD( E, (P-1)*(Q-1) ) == 1
*/
CHK( mpi_lset( &ctx->E, exponent ) );
nbits >>= 1;
do
{
CHK( mpi_gen_prime( &ctx->P, nbits, 0, rng_fn, rng_st ) );
CHK( mpi_gen_prime( &ctx->Q, nbits, 0, rng_fn, rng_st ) );
if( mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 )
mpi_swap( &ctx->P, &ctx->Q );
CHK( mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) );
CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
CHK( mpi_gcd( &G, &ctx->E, &H ) );
}
while( mpi_cmp_int( &G, 1 ) != 0 );
/*
* D = E^-1 mod ((P-1)*(Q-1))
* DP = D mod (P - 1)
* DQ = D mod (Q - 1)
* QP = Q^-1 mod P
*/
CHK( mpi_inv_mod( &ctx->D , &ctx->E, &H ) );
CHK( mpi_mod_mpi( &ctx->DP, &ctx->D, &P1 ) );
CHK( mpi_mod_mpi( &ctx->DQ, &ctx->D, &Q1 ) );
CHK( mpi_inv_mod( &ctx->QP, &ctx->Q, &ctx->P ) );
ctx->len = ( mpi_size( &ctx->N ) + 7 ) >> 3;
cleanup:
mpi_free( &P1, &Q1, &H, &G, NULL );
if( ret != 0 )
{
rsa_free( ctx );
return( ERR_RSA_KEYGEN_FAILED | ret );
}
return( 0 );
}
int main (int argc, char **argv)
{
int np,pid;
mpi_init(argc,argv,np,pid);
printf( "Hello world from process %d of %d\n", pid, np );
MPI_Finalize();
return 0;
}
/*
Generate an RSA keypair
*/
int rsa_gen_key(rsa_context *ctx, int nbits, int exponent)
{
mpi P1, Q1, H, G;
int ret;
if (ctx->f_rng == NULL || nbits < 128 || exponent < 3) {
return EST_ERR_RSA_BAD_INPUT_DATA;
}
mpi_init(&P1, &Q1, &H, &G, NULL);
/*
find primes P and Q with Q < P so that: GCD( E, (P-1)*(Q-1) ) == 1
*/
MPI_CHK(mpi_lset(&ctx->E, exponent));
do {
MPI_CHK(mpi_gen_prime(&ctx->P, (nbits + 1) >> 1, 0, ctx->f_rng, ctx->p_rng));
MPI_CHK(mpi_gen_prime(&ctx->Q, (nbits + 1) >> 1, 0, ctx->f_rng, ctx->p_rng));
if (mpi_cmp_mpi(&ctx->P, &ctx->Q) < 0) {
mpi_swap(&ctx->P, &ctx->Q);
}
if (mpi_cmp_mpi(&ctx->P, &ctx->Q) == 0) {
continue;
}
MPI_CHK(mpi_mul_mpi(&ctx->N, &ctx->P, &ctx->Q));
if (mpi_msb(&ctx->N) != nbits) {
continue;
}
MPI_CHK(mpi_sub_int(&P1, &ctx->P, 1));
MPI_CHK(mpi_sub_int(&Q1, &ctx->Q, 1));
MPI_CHK(mpi_mul_mpi(&H, &P1, &Q1));
MPI_CHK(mpi_gcd(&G, &ctx->E, &H));
} while (mpi_cmp_int(&G, 1) != 0);
/*
D = E^-1 mod ((P-1)*(Q-1))
DP = D mod (P - 1)
DQ = D mod (Q - 1)
QP = Q^-1 mod P
*/
MPI_CHK(mpi_inv_mod(&ctx->D, &ctx->E, &H));
MPI_CHK(mpi_mod_mpi(&ctx->DP, &ctx->D, &P1));
MPI_CHK(mpi_mod_mpi(&ctx->DQ, &ctx->D, &Q1));
MPI_CHK(mpi_inv_mod(&ctx->QP, &ctx->Q, &ctx->P));
ctx->len = (mpi_msb(&ctx->N) + 7) >> 3;
cleanup:
mpi_free(&G, &H, &Q1, &P1, NULL);
if (ret != 0) {
rsa_free(ctx);
return EST_ERR_RSA_KEY_GEN_FAILED | ret;
}
return 0;
}
/*
* Perform an RSA private key operation
*/
int rsa_private( rsa_context *ctx,
unsigned char *input, int ilen,
unsigned char *output, int *olen )
{
int ret;
mpi T, T1, T2;
//if( ilen != ctx->len || olen != ctx->len )
// return( ERR_RSA_BAD_INPUT_DATA );
mpi_init( &T, &T1, &T2, NULL );
CHK( mpi_import( &T, input, ilen ) );
if( mpi_cmp_mpi( &T, &ctx->N ) >= 0 )
{
mpi_free( &T, NULL );
return( ERR_RSA_BAD_INPUT_DATA );
}
#if 0
CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
#else
/*
* faster decryption using the CRT
*
* T1 = input ^ dP mod P
* T2 = input ^ dQ mod Q
*/
CHK( mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) );
CHK( mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) );
/*
* T = (T1 - T2) * (Q^-1 mod P) mod P
*/
CHK( mpi_sub_mpi( &T, &T1, &T2 ) );
CHK( mpi_mul_mpi( &T1, &T, &ctx->QP ) );
CHK( mpi_mod_mpi( &T, &T1, &ctx->P ) );
/*
* output = T2 + T * Q
*/
CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
CHK( mpi_add_mpi( &T, &T2, &T1 ) );
#endif
CHK( mpi_export( &T, output, olen ) );
cleanup:
mpi_free( &T, &T1, &T2, NULL );
if( ret != 0 )
return( ERR_RSA_PRIVATE_FAILED | ret );
return( 0 );
}
static mpi *Bnew(lua_State *L)
{
mpi **X = (mpi **) lua_newuserdata(L, sizeof(mpi));
mpi *x = malloc(sizeof(mpi));
*X = x;
mpi_init(x);
luaL_setmetatable(L, MYTYPE);
return x;
}
/*
* Verify sanity of parameter with regards to P
*
* Parameter should be: 2 <= public_param <= P - 2
*
* For more information on the attack, see:
* http://www.cl.cam.ac.uk/~rja14/Papers/psandqs.pdf
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2643
*/
static int dhm_check_range( const mpi *param, const mpi *P )
{
mpi L, U;
int ret = POLARSSL_ERR_DHM_BAD_INPUT_DATA;
mpi_init( &L ); mpi_init( &U );
mpi_lset( &L, 2 );
mpi_sub_int( &U, P, 2 );
if( mpi_cmp_mpi( param, &L ) >= 0 &&
mpi_cmp_mpi( param, &U ) <= 0 )
{
ret = 0;
}
mpi_free( &L ); mpi_free( &U );
return( ret );
}
/* Find multiplicative inverse B^-1 of B (mod M) such that B*B^-1 (mod M) = 1.
* If such an inverse exists, stores the inverse in INV and returns 1.
* Returns 0 otherwise. */
int
mpi_modinv(const mpi *m, const mpi *b, mpi *inv)
{
ASSERT(mpi_cmp(b, m) < 0);
mpi_t v, g;
mpi_init(v);
mpi_init(g);
mpi_gcdext(b, m, inv, v, g);
mpi_free(v);
int g_is_one = mpi_is_one(g);
mpi_free(g);
if (g_is_one) {
if (mpi_is_neg(inv))
mpi_add(inv, m, inv);
return 1;
} else {
return 0;
}
}
static int Bneg(lua_State *L)
{
mpi A;
mpi *a = &A;
mpi *b=Bget(L,1);
mpi *c=Bnew(L);
mpi_init(a);
mpi_sub_mpi(c, a, b);
mpi_free(a);
return 1;
}
int
rsa_decrypt (const uint8_t *input, uint8_t *output, int msg_len,
struct key_data *kd)
{
mpi P1, Q1, H;
int r;
int output_len;
DEBUG_INFO ("RSA decrypt:");
DEBUG_WORD ((uint32_t)&output_len);
mpi_init (&P1, &Q1, &H, NULL);
rsa_init (&rsa_ctx, RSA_PKCS_V15, 0);
rsa_ctx.len = msg_len;
DEBUG_WORD (msg_len);
mpi_lset (&rsa_ctx.E, 0x10001);
mpi_read_binary (&rsa_ctx.P, &kd->data[0], KEY_CONTENT_LEN / 2);
mpi_read_binary (&rsa_ctx.Q, &kd->data[KEY_CONTENT_LEN/2],
KEY_CONTENT_LEN / 2);
#if 0 /* Using CRT, we don't use N */
mpi_mul_mpi (&rsa_ctx.N, &rsa_ctx.P, &rsa_ctx.Q);
#endif
mpi_sub_int (&P1, &rsa_ctx.P, 1);
mpi_sub_int (&Q1, &rsa_ctx.Q, 1);
mpi_mul_mpi (&H, &P1, &Q1);
mpi_inv_mod (&rsa_ctx.D , &rsa_ctx.E, &H);
mpi_mod_mpi (&rsa_ctx.DP, &rsa_ctx.D, &P1);
mpi_mod_mpi (&rsa_ctx.DQ, &rsa_ctx.D, &Q1);
mpi_inv_mod (&rsa_ctx.QP, &rsa_ctx.Q, &rsa_ctx.P);
mpi_free (&P1, &Q1, &H, NULL);
DEBUG_INFO ("RSA decrypt ...");
r = rsa_pkcs1_decrypt (&rsa_ctx, RSA_PRIVATE, &output_len,
input, output, MAX_RES_APDU_DATA_SIZE);
rsa_free (&rsa_ctx);
if (r < 0)
{
DEBUG_INFO ("fail:");
DEBUG_SHORT (r);
return r;
}
else
{
res_APDU_size = output_len;
DEBUG_INFO ("done.\r\n");
GPG_SUCCESS ();
return 0;
}
}
int
mpi_crt_step(mpi_crt_ctx *ctx, const mpi *a_i, const mpi *m_i)
{
if (ctx->i == 0) {
mpi_init_mpi(ctx->x, a_i);
mpi_init_mpi(ctx->m, m_i);
} else {
mpi_t u, v, gcd;
mpi_init(u);
mpi_init(v);
mpi_init(gcd);
mpi_gcdext(ctx->m, m_i, u, v, gcd);
if (!mpi_is_one(gcd)) {
mpi_free(u);
mpi_free(v);
mpi_free(gcd);
mpi_free(ctx->x);
mpi_free(ctx->m);
ctx->i = 0;
return -1;
}
mpi_mul(u, ctx->m, u);
mpi_mul(u, a_i, u);
mpi_mul(v, m_i, v);
mpi_mul(v, ctx->x, v);
mpi_add(u, v, ctx->x);
mpi_mul(ctx->m, m_i, ctx->m);
mpi_mod(ctx->x, ctx->m, ctx->x);
mpi_free(u);
mpi_free(v);
mpi_free(gcd);
}
ctx->i++;
return 0;
}
static int Bpowmod(lua_State *L)
{
mpi *a=Bget(L,1);
mpi *b=Bget(L,2);
mpi *m=Bget(L,3);
mpi RR;
mpi *rr=&RR;
mpi_init(rr);
mpi *c=Bnew(L);
mpi_exp_mod(c,a,b,m,rr);
mpi_free(rr);
return 1;
}
void
mpi_init_mpi(mpi *p, const mpi *q)
{
ASSERT(p != NULL);
ASSERT(q != NULL);
if (q->size) {
p->digits = mp_dup(q->digits, q->size);
p->size = p->alloc = q->size;
p->sign = q->sign;
} else {
mpi_init(p);
}
}
static int Babs(lua_State *L)
{
mpi *b=Bget(L,1);
if (mpi_cmp_int(b,0)<0) {
mpi A;
mpi *a=&A;
mpi *c=Bnew(L);
mpi_init(a);
mpi_sub_mpi(c,a,b);
mpi_free(a);
}
else lua_settop(L,1);
return 1;
}
// func. to ECDSA sign the SPP sections
int sign_spp(u8* pInSpp)
{
u8 *r, *s = NULL;
u8 hash[20] = {0};
u64 sig_len = 0;
mpi r1;
mpi s1;
int retval = -1;
// validate input params
if (pInSpp == NULL)
goto exit;
// init the mpi
mpi_init(&r1);
mpi_init(&s1);
// setup the 'signature len'
sig_len = be64(pInSpp + 0x60);
r = pInSpp + sig_len;
s = r + 21;
// sha1 the hash
sha1(pInSpp, (size_t)sig_len, hash);
// ecdsa sign the hash
if ( ecdsa_sign(&ecdsa_ctx.grp, (mpi*)&r1, (mpi*)&s1, &ecdsa_ctx.d, hash, ECDSA_KEYSIZE_PRIV, get_random_char, NULL) == STATUS_SUCCESS ) {
mpi_write_binary(&r1, (unsigned char*)r, ECDSA_KEYSIZE_PRIV);
mpi_write_binary(&s1, (unsigned char*)s, ECDSA_KEYSIZE_PRIV);
// status success
retval = STATUS_SUCCESS;
}
exit:
return retval;
}
/*
Do an RSA private key operation
*/
int rsa_private(rsa_context *ctx, uchar *input, uchar *output)
{
int ret, olen;
mpi T, T1, T2;
mpi_init(&T, &T1, &T2, NULL);
MPI_CHK(mpi_read_binary(&T, input, ctx->len));
if (mpi_cmp_mpi(&T, &ctx->N) >= 0) {
mpi_free(&T, NULL);
return EST_ERR_RSA_BAD_INPUT_DATA;
}
// MOB - why ?
#if 0
MPI_CHK(mpi_exp_mod(&T, &T, &ctx->D, &ctx->N, &ctx->RN));
#else
/*
faster decryption using the CRT
T1 = input ^ dP mod P
T2 = input ^ dQ mod Q
*/
MPI_CHK(mpi_exp_mod(&T1, &T, &ctx->DP, &ctx->P, &ctx->RP));
MPI_CHK(mpi_exp_mod(&T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ));
/*
T = (T1 - T2) * (Q^-1 mod P) mod P
*/
MPI_CHK(mpi_sub_mpi(&T, &T1, &T2));
MPI_CHK(mpi_mul_mpi(&T1, &T, &ctx->QP));
MPI_CHK(mpi_mod_mpi(&T, &T1, &ctx->P));
/*
output = T2 + T * Q
*/
MPI_CHK(mpi_mul_mpi(&T1, &T, &ctx->Q));
MPI_CHK(mpi_add_mpi(&T, &T2, &T1));
#endif
olen = ctx->len;
MPI_CHK(mpi_write_binary(&T, output, olen));
cleanup:
mpi_free(&T, &T1, &T2, NULL);
if (ret != 0)
return EST_ERR_RSA_PRIVATE_FAILED | ret;
return 0;
}
int main( void )
{
mpi E, P, Q, N, H, D, X, Y, Z;
mpi_init( &E, &P, &Q, &N, &H,
&D, &X, &Y, &Z, NULL );
mpi_read_string( &P, 10, "2789" );
mpi_read_string( &Q, 10, "3203" );
mpi_read_string( &E, 10, "257" );
mpi_mul_mpi( &N, &P, &Q );
printf( "\n Public key:\n\n" );
mpi_write_file( " N = ", &N, 10, NULL );
mpi_write_file( " E = ", &E, 10, NULL );
printf( "\n Private key:\n\n" );
mpi_write_file( " P = ", &P, 10, NULL );
mpi_write_file( " Q = ", &Q, 10, NULL );
mpi_sub_int( &P, &P, 1 );
mpi_sub_int( &Q, &Q, 1 );
mpi_mul_mpi( &H, &P, &Q );
mpi_inv_mod( &D, &E, &H );
mpi_write_file( " D = E^-1 mod (P-1)*(Q-1) = ",
&D, 10, NULL );
mpi_read_string( &X, 10, "55555" );
mpi_exp_mod( &Y, &X, &E, &N, NULL );
mpi_exp_mod( &Z, &Y, &D, &N, NULL );
printf( "\n RSA operation:\n\n" );
mpi_write_file( " X (plaintext) = ", &X, 10, NULL );
mpi_write_file( " Y (ciphertext) = X^E mod N = ", &Y, 10, NULL );
mpi_write_file( " Z (decrypted) = Y^D mod N = ", &Z, 10, NULL );
printf( "\n" );
mpi_free( &Z, &Y, &X, &D, &H,
&N, &Q, &P, &E, NULL );
#ifdef WIN32
printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( 0 );
}
