/** Sign the given message with an RSA key */
bool
RsaSha256::sign (
std::string const& key,
Slice message)
{
// This ugly const_cast/reinterpret_cast is needed
// on some machines. Although the documentation
// suggests that the function accepts a void const*
// argument, apparently some platforms have OpenSSL
// libraries that are up-to-date but accept void*.
auto bio = BIO_new_mem_buf(
const_cast<void*>(static_cast<void const*>(key.data())),
key.size());
if (!bio)
return false;
detail::RsaKey rsa (PEM_read_bio_RSAPrivateKey(
bio, NULL, NULL, NULL));
BIO_free(bio);
if (!rsa)
return false;
if (detail::signHelper (rsa.get(), message, modulus_, signature_))
return true;
modulus_.clear();
signature_.clear();
return false;
}
/**
* Signs the provided digest using the private key that matches the X.509 certificate.
*
* @param digest digest, which is being signed.
* @param signature memory for the signature that is created. Struct parameter <code>length</code>
* is set to the actual signature length.
* @throws SignException throws exception if the signing operation failed or not enough memory
* allocated for the signature.
*/
void digidoc::RSASigner::sign(const Digest& digest, Signature& signature) throw(SignException)
{
DEBUG("RSASigner::sign(digest = {type=%s,digest=%p,length=%d}, signature={signature=%p,length=%d})",
OBJ_nid2sn(digest.type), digest.digest, digest.length, signature.signature, signature.length);
try
{
// Sign the digest.
RSACrypt rsa(privateKey);
std::vector<unsigned char> sign = rsa.sign(digest);
// Check that enough memory is allocated for the signature.
if(sign.size() > signature.length)
{
THROW_SIGNEXCEPTION("Not enough memory for signature allocated, needs %d bytes, allocated %d bytes.",
sign.size(), signature.length);
}
// Copy the signature to the buffer.
memcpy(signature.signature, &sign[0], sign.size());
signature.length = (unsigned int)sign.size();
}
catch(const IOException& e)
{
THROW_SIGNEXCEPTION_CAUSE(e, "Failed to sign digest.");
}
}
int main()
{
char msg[100];
printf("enter the message to be encrypted\n");
scanf("%s",msg);
rsa(msg);
}
/**
* Validate signature value.
*
* @throws throws exception if signature value did not match.
*/
void digidoc::SignatureBES::checkSignatureValue() const throw(SignatureException)
{
DEBUG("SignatureBES::checkSignatureValue()");
try
{
// Initialize RSA crypter.
X509* cert = getSigningCertificate().getX509();
X509_scope certScope(&cert);
RSACrypt rsa(cert);
// Calculate SHA1 digest of the Signature->SignedInfo node.
std::auto_ptr<Digest> calc = Digest::create(NID_sha1);
std::vector<unsigned char> sha1 = calcDigestOnNode(calc.get(), DSIG_NAMESPACE, "SignedInfo");
DEBUGMEM("Digest", &sha1[0], sha1.size());
// Get signature value.
std::vector<unsigned char> signatureSha1Rsa = getSignatureValue();
// Verify signature value with public RSA key.
bool valid = rsa.verify(calc->getMethod(), sha1, signatureSha1Rsa);
// Check that signature matched.
if(!valid)
{
THROW_SIGNATUREEXCEPTION("Signature is not valid.");
}
}
catch(const IOException& e)
{
THROW_SIGNATUREEXCEPTION_CAUSE(e, "Failed to validate signature.");
}
}
void encrype(int e,int n){
pre_treat();
FILE *fp_worked;
FILE *fp_result;
fp_worked=Sfopen("worked.txt");
fp_result=fopen("result.txt","w");
int code,rsa_code;
for(int i=0;i<Total_Number;i=i+configuration.BITWIDTH){
int temp = 0;
for(int j=0;j<configuration.BITWIDTH;j++){
fscanf(fp_worked,"%d",&code);
temp = temp + code * pow(10,2*(configuration.BITWIDTH-j-1));
}
rsa_code = rsa(temp,e,n);
fprintf(fp_result,"%d\n",rsa_code);
}
fclose(fp_result);
fclose(fp_worked);
system("rm -f worked.txt");
}
static int sign_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params, const uint8_t* data,
const size_t dataLength, uint8_t** signedData, size_t* signedDataLength) {
if (sign_params->digest_type != DIGEST_NONE) {
ALOGW("Cannot handle digest type %d", sign_params->digest_type);
return -1;
} else if (sign_params->padding_type != PADDING_NONE) {
ALOGW("Cannot handle padding type %d", sign_params->padding_type);
return -1;
}
Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
if (rsa.get() == NULL) {
logOpenSSLError("openssl_sign_rsa");
return -1;
}
UniquePtr<uint8_t, Malloc_Free> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dataLength)));
if (signedDataPtr.get() == NULL) {
logOpenSSLError("openssl_sign_rsa");
return -1;
}
unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
if (RSA_private_encrypt(dataLength, data, tmp, rsa.get(), RSA_NO_PADDING) <= 0) {
logOpenSSLError("openssl_sign_rsa");
return -1;
}
*signedDataLength = dataLength;
*signedData = signedDataPtr.release();
return 0;
}
std::unique_ptr<RSA_PrivateKey>
make_openssl_rsa_private_key(RandomNumberGenerator& rng, size_t rsa_bits)
{
if (rsa_bits > INT_MAX)
throw Internal_Error("rsa_bits overflow");
secure_vector<uint8_t> seed(BOTAN_SYSTEM_RNG_POLL_REQUEST);
rng.randomize(seed.data(), seed.size());
RAND_seed(seed.data(), seed.size());
std::unique_ptr<BIGNUM, std::function<void (BIGNUM*)>> bn(BN_new(), BN_free);
if(!bn)
throw OpenSSL_Error("BN_new");
if(!BN_set_word(bn.get(), RSA_F4))
throw OpenSSL_Error("BN_set_word");
std::unique_ptr<RSA, std::function<void (RSA*)>> rsa(RSA_new(), RSA_free);
if(!rsa)
throw OpenSSL_Error("RSA_new");
if(!RSA_generate_key_ex(rsa.get(), rsa_bits, bn.get(), nullptr))
throw OpenSSL_Error("RSA_generate_key_ex");
uint8_t* der = nullptr;
int bytes = i2d_RSAPrivateKey(rsa.get(), &der);
if(bytes < 0)
throw OpenSSL_Error("i2d_RSAPrivateKey");
const secure_vector<uint8_t> keydata(der, der + bytes);
memset(der, 0, bytes);
free(der);
return std::unique_ptr<Botan::RSA_PrivateKey>
(new RSA_PrivateKey(AlgorithmIdentifier(), keydata));
}
static int generate_rsa_keypair(EVP_PKEY* pkey, const keymaster_rsa_keygen_params_t* rsa_params) {
Unique_BIGNUM bn(BN_new());
if (bn.get() == NULL) {
logOpenSSLError("generate_rsa_keypair");
return -1;
}
if (BN_set_word(bn.get(), rsa_params->public_exponent) == 0) {
logOpenSSLError("generate_rsa_keypair");
return -1;
}
/* initialize RSA */
Unique_RSA rsa(RSA_new());
if (rsa.get() == NULL) {
logOpenSSLError("generate_rsa_keypair");
return -1;
}
if (!RSA_generate_key_ex(rsa.get(), rsa_params->modulus_size, bn.get(), NULL) ||
RSA_check_key(rsa.get()) < 0) {
logOpenSSLError("generate_rsa_keypair");
return -1;
}
if (EVP_PKEY_assign_RSA(pkey, rsa.get()) == 0) {
logOpenSSLError("generate_rsa_keypair");
return -1;
}
release_because_ownership_transferred(rsa);
return 0;
}
static int openssl_sign_data(const keymaster_device_t* dev,
const void* params,
const uint8_t* keyBlob, const size_t keyBlobLength,
const uint8_t* data, const size_t dataLength,
uint8_t** signedData, size_t* signedDataLength) {
int result = -1;
EVP_MD_CTX ctx;
size_t maxSize;
if (data == NULL) {
ALOGW("input data to sign == NULL");
return -1;
} else if (signedData == NULL || signedDataLength == NULL) {
ALOGW("output signature buffer == NULL");
return -1;
}
Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
if (pkey.get() == NULL) {
return -1;
}
if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) {
ALOGW("Cannot handle non-RSA keys yet");
return -1;
}
keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params;
if (sign_params->digest_type != DIGEST_NONE) {
ALOGW("Cannot handle digest type %d", sign_params->digest_type);
return -1;
} else if (sign_params->padding_type != PADDING_NONE) {
ALOGW("Cannot handle padding type %d", sign_params->padding_type);
return -1;
}
Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey.get()));
if (rsa.get() == NULL) {
logOpenSSLError("openssl_sign_data");
return -1;
}
UniquePtr<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(dataLength)));
if (signedDataPtr.get() == NULL) {
logOpenSSLError("openssl_sign_data");
return -1;
}
unsigned char* tmp = reinterpret_cast<unsigned char*>(signedDataPtr.get());
if (RSA_private_encrypt(dataLength, data, tmp, rsa.get(), RSA_NO_PADDING) <= 0) {
logOpenSSLError("openssl_sign_data");
return -1;
}
*signedDataLength = dataLength;
*signedData = signedDataPtr.release();
return 0;
}
static int openssl_generate_keypair(const keymaster_device_t* dev,
const keymaster_keypair_t key_type, const void* key_params,
uint8_t** keyBlob, size_t* keyBlobLength) {
ssize_t privateLen, publicLen;
if (key_type != TYPE_RSA) {
ALOGW("Unsupported key type %d", key_type);
return -1;
} else if (key_params == NULL) {
ALOGW("key_params == null");
return -1;
}
keymaster_rsa_keygen_params_t* rsa_params = (keymaster_rsa_keygen_params_t*) key_params;
Unique_BIGNUM bn(BN_new());
if (bn.get() == NULL) {
logOpenSSLError("openssl_generate_keypair");
return -1;
}
if (BN_set_word(bn.get(), rsa_params->public_exponent) == 0) {
logOpenSSLError("openssl_generate_keypair");
return -1;
}
/* initialize RSA */
Unique_RSA rsa(RSA_new());
if (rsa.get() == NULL) {
logOpenSSLError("openssl_generate_keypair");
return -1;
}
if (!RSA_generate_key_ex(rsa.get(), rsa_params->modulus_size, bn.get(), NULL)
|| RSA_check_key(rsa.get()) < 0) {
logOpenSSLError("openssl_generate_keypair");
return -1;
}
/* assign to EVP */
Unique_EVP_PKEY pkey(EVP_PKEY_new());
if (pkey.get() == NULL) {
logOpenSSLError("openssl_generate_keypair");
return -1;
}
if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) == 0) {
logOpenSSLError("openssl_generate_keypair");
return -1;
}
OWNERSHIP_TRANSFERRED(rsa);
if (wrap_key(pkey.get(), EVP_PKEY_RSA, keyBlob, keyBlobLength)) {
return -1;
}
return 0;
}
static int openssl_verify_data(const keymaster_device_t* dev,
const void* params,
const uint8_t* keyBlob, const size_t keyBlobLength,
const uint8_t* signedData, const size_t signedDataLength,
const uint8_t* signature, const size_t signatureLength) {
if (signedData == NULL || signature == NULL) {
ALOGW("data or signature buffers == NULL");
return -1;
}
Unique_EVP_PKEY pkey(unwrap_key(keyBlob, keyBlobLength));
if (pkey.get() == NULL) {
return -1;
}
if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) {
ALOGW("Cannot handle non-RSA keys yet");
return -1;
}
keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params;
if (sign_params->digest_type != DIGEST_NONE) {
ALOGW("Cannot handle digest type %d", sign_params->digest_type);
return -1;
} else if (sign_params->padding_type != PADDING_NONE) {
ALOGW("Cannot handle padding type %d", sign_params->padding_type);
return -1;
} else if (signatureLength != signedDataLength) {
ALOGW("signed data length must be signature length");
return -1;
}
Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey.get()));
if (rsa.get() == NULL) {
logOpenSSLError("openssl_verify_data");
return -1;
}
UniquePtr<uint8_t> dataPtr(reinterpret_cast<uint8_t*>(malloc(signedDataLength)));
if (dataPtr.get() == NULL) {
logOpenSSLError("openssl_verify_data");
return -1;
}
unsigned char* tmp = reinterpret_cast<unsigned char*>(dataPtr.get());
if (!RSA_public_decrypt(signatureLength, signature, tmp, rsa.get(), RSA_NO_PADDING)) {
logOpenSSLError("openssl_verify_data");
return -1;
}
int result = 0;
for (size_t i = 0; i < signedDataLength; i++) {
result |= tmp[i] ^ signedData[i];
}
return result == 0 ? 0 : -1;
}
void MainWindow::on_pushGenKey_clicked()
{
if(selectedAsymmAlgo() == Scrambler::ElGamalCypher)
{
if(ui->editKeySeed->text() == "")
{
QMessageBox::critical(this, "Ошибка", "Строка генерации не должна быть пустой.", QMessageBox::Ok);
return;
}
QStringList seed = ui->editKeySeed->text().split(" ", QString::SkipEmptyParts);
if(seed.length() < 3)
{
QMessageBox::critical(this, "Ошибка", "Строка генерации должна содержать три положительных целых числа.", QMessageBox::Ok);
return;
}
try
{
Scrambler::ElGamal el(seed[0], seed[1], seed[2]);
ui->editAsymmPubKey->setText(el.ok.toQString());
ui->editAsymmPrivateKey->setText(el.getSecretKeyStr());
}
catch(Scrambler::ElGamal::Exception e)
{
QMessageBox::critical(this, "Ошибка", "Первое число должно быть простым.", QMessageBox::Ok);
return;
}
}
else if(selectedAsymmAlgo() == Scrambler::Rsa)
{
if(ui->editKeySeed->text() == "")
{
QMessageBox::critical(this, "Ошибка", "Строка генерации не должна быть пустой.", QMessageBox::Ok);
return;
}
try
{
QStringList seed = ui->editKeySeed->text().split(" ", QString::SkipEmptyParts);
if(seed.length() < 2)
{
QMessageBox::critical(this, "Ошибка", "Строка генерации должна содержать два положительных целых числа.", QMessageBox::Ok);
return;
}
Scrambler::RSA rsa(seed[0], seed[1]);
ui->editAsymmPrivateKey->setText(rsa.ck.toQString());
ui->editAsymmPubKey->setText(rsa.ok.toQString());
}
catch(Scrambler::RSA::Exception e)
{
QMessageBox::critical(this, "Ошибка", "Что-то пошло не так.", QMessageBox::Ok);
return;
}
}
}
static bool generate_keys(ScopedEVP_PKEY &private_key_out,
ScopedEVP_PKEY &public_key_out)
{
ScopedEVP_PKEY private_key(EVP_PKEY_new(), EVP_PKEY_free);
ScopedEVP_PKEY public_key(EVP_PKEY_new(), EVP_PKEY_free);
ScopedRSA rsa(RSA_new(), RSA_free);
ScopedBIGNUM e(BN_new(), BN_free);
if (!private_key) {
LOGE("Failed to allocate private key");
openssl_log_errors();
return false;
}
if (!public_key) {
LOGE("Failed to allocate public key");
openssl_log_errors();
return false;
}
if (!rsa) {
LOGE("Failed to allocate RSA");
openssl_log_errors();
return false;
}
if (!e) {
LOGE("Failed to allocate BIGNUM");
openssl_log_errors();
return false;
}
BN_set_word(e.get(), RSA_F4);
if (RSA_generate_key_ex(rsa.get(), 2048, e.get(), nullptr) < 0) {
LOGE("RSA_generate_key_ex() failed");
openssl_log_errors();
return false;
}
if (!EVP_PKEY_assign_RSA(private_key.get(), RSAPrivateKey_dup(rsa.get()))) {
LOGE("EVP_PKEY_assign_RSA() failed for private key");
openssl_log_errors();
return false;
}
if (!EVP_PKEY_assign_RSA(public_key.get(), RSAPublicKey_dup(rsa.get()))) {
LOGE("EVP_PKEY_assign_RSA() failed for public key");
openssl_log_errors();
return false;
}
private_key_out = std::move(private_key);
public_key_out = std::move(public_key);
return true;
}
std::string JWA::to_pem() const {
switch (kty()) {
case KeyType::RSA:
return rsa().to_pem();
case KeyType::EC:
return ec().to_pem();
default:
return std::string{};
}
}
RSAKey EVPPKey::rsaKey() const
{
if (type() == EVP_PKEY_RSA)
{
boost::shared_ptr<RSA> rsa(EVP_PKEY_get1_RSA(d_pkey.get()), RSA_free);
return RSAKey(rsa, d_has_private_compound);
}
throw Exception::bad_function_call("Key type is not RSA");
}
void decode(int d,int n){
FILE *fp_result;
FILE *fp_worked;
int n_result,c_work;
fp_result=fopen("result.txt","r");
fp_worked=fopen("worked.txt","w");
while(fscanf(fp_result,"%d",&n_result)>0){
c_work=rsa(n_result,d,n);
fprintf(fp_worked,"%d\n",c_work);
}
fclose(fp_result);
fclose(fp_worked);
fp_result=NULL;
fp_worked=NULL;
aft_treat();
}
RSAKey RSAKey::createRandom()
{
unsigned char data;
if (RAND_bytes(&data, 1) != 1)
{
THROW_EXCEPTION_WITH_LOG(logicalaccess::LibLogicalAccessException, "Cannot retrieve cryptographically strong bytes");
}
RSAKey rsa(std::shared_ptr<RSA>(RSA_generate_key(1024, data | 1, NULL, NULL), RSA_free), true);
EXCEPTION_ASSERT_WITH_LOG(rsa.d_rsa, OpenSSLException, "Cannot generate RSA key pair");
rsa.cache();
return rsa;
}
bool
RsaSha256::validate (Slice data) const
{
if (!ok())
return false;
detail::RsaKey rsa (RSA_new());
rsa->n = BN_new();
BN_bin2bn(modulus_.data(), modulus_.size(), rsa->n);
rsa->e = BN_new();
BN_set_word (rsa->e, 65537);
return detail::validateHelper (rsa.get(), data, signature_);
}
static EVP_PKEY* keystore_loadkey(ENGINE* e, const char* key_id, UI_METHOD *ui_method,
void *callback_data) {
ALOGV("keystore_loadkey(%p, \"%s\", %p, %p)", e, key_id, ui_method, callback_data);
Keystore_Reply reply;
if (keystore_cmd(CommandCodes[GET_PUBKEY], &reply, 1, strlen(key_id), key_id) != NO_ERROR) {
ALOGV("Cannot get public key for %s", key_id);
return NULL;
}
const unsigned char* tmp = reinterpret_cast<const unsigned char*>(reply.get());
Unique_EVP_PKEY pkey(d2i_PUBKEY(NULL, &tmp, reply.length()));
if (pkey.get() == NULL) {
ALOGW("Cannot convert pubkey");
return NULL;
}
switch (EVP_PKEY_type(pkey->type)) {
case EVP_PKEY_RSA: {
Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey.get()));
if (!RSA_set_ex_data(rsa.get(), rsa_key_handle, reinterpret_cast<void*>(strdup(key_id)))) {
ALOGW("Could not set ex_data for loaded RSA key");
return NULL;
}
RSA_set_method(rsa.get(), &keystore_rsa_meth);
RSA_blinding_off(rsa.get());
/*
* This should probably be an OpenSSL API, but EVP_PKEY_free calls
* ENGINE_finish(), so we need to call ENGINE_init() here.
*/
ENGINE_init(e);
rsa->engine = e;
rsa->flags |= RSA_FLAG_EXT_PKEY;
break;
}
default:
ALOGE("Unsupported key type %d", EVP_PKEY_type(pkey->type));
return NULL;
}
return pkey.release();
}
void test_rsa_mp_cert(unsigned num_stream)
{
device_context dev_ctx;
dev_ctx.init(10485760, num_stream);
printf("------------------------------------------\n");
printf("RSA1024, GPU (MP), server.key\n");
printf("------------------------------------------\n");
rsa_context_mp rsa("../../server.key", "anlab");
rsa.set_device_context(&dev_ctx);
//rsa.dump();
if (num_stream == 0) {
test_latency(&rsa);
test_correctness(&rsa, 20);
}
else {
for (unsigned int i = 1; i <= 16; i++)
test_latency_stream(&rsa, &dev_ctx, i);
}
}
void
CryptoKey::GetAlgorithm(JSContext* cx, JS::MutableHandle<JSObject*> aRetVal,
ErrorResult& aRv) const
{
bool converted = false;
JS::RootedValue val(cx);
switch (mAlgorithm.mType) {
case KeyAlgorithmProxy::AES:
converted = ToJSValue(cx, mAlgorithm.mAes, &val);
break;
case KeyAlgorithmProxy::HMAC:
converted = ToJSValue(cx, mAlgorithm.mHmac, &val);
break;
case KeyAlgorithmProxy::RSA: {
RootedDictionary<RsaHashedKeyAlgorithm> rsa(cx);
converted = mAlgorithm.mRsa.ToKeyAlgorithm(cx, rsa);
if (converted) {
converted = ToJSValue(cx, rsa, &val);
}
break;
}
case KeyAlgorithmProxy::EC:
converted = ToJSValue(cx, mAlgorithm.mEc, &val);
break;
case KeyAlgorithmProxy::DH: {
RootedDictionary<DhKeyAlgorithm> dh(cx);
converted = mAlgorithm.mDh.ToKeyAlgorithm(cx, dh);
if (converted) {
converted = ToJSValue(cx, dh, &val);
}
break;
}
}
if (!converted) {
aRv.Throw(NS_ERROR_DOM_OPERATION_ERR);
return;
}
aRetVal.set(&val.toObject());
}
static int verify_rsa(EVP_PKEY* pkey, keymaster_rsa_sign_params_t* sign_params,
const uint8_t* signedData, const size_t signedDataLength,
const uint8_t* signature, const size_t signatureLength) {
if (sign_params->digest_type != DIGEST_NONE) {
ALOGW("Cannot handle digest type %d", sign_params->digest_type);
return -1;
} else if (sign_params->padding_type != PADDING_NONE) {
ALOGW("Cannot handle padding type %d", sign_params->padding_type);
return -1;
} else if (signatureLength != signedDataLength) {
ALOGW("signed data length must be signature length");
return -1;
}
Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey));
if (rsa.get() == NULL) {
logOpenSSLError("openssl_verify_data");
return -1;
}
UniquePtr<uint8_t[]> dataPtr(new uint8_t[signedDataLength]);
if (dataPtr.get() == NULL) {
logOpenSSLError("openssl_verify_data");
return -1;
}
unsigned char* tmp = reinterpret_cast<unsigned char*>(dataPtr.get());
if (!RSA_public_decrypt(signatureLength, signature, tmp, rsa.get(), RSA_NO_PADDING)) {
logOpenSSLError("openssl_verify_data");
return -1;
}
int result = 0;
for (size_t i = 0; i < signedDataLength; i++) {
result |= tmp[i] ^ signedData[i];
}
return result == 0 ? 0 : -1;
}
void SecureServer::generateRSAKey (const int& bits, const std::string& publicFilename, const std::string &privateFilename, const std::string &password) throw (boost::system::system_error) {
const unsigned long e = RSA_F4;
//Generate RSA key
std::unique_ptr<BIGNUM,void (*)(BIGNUM*)> bignum(BN_new(), &BN_free);
int ret;
if((ret = BN_set_word(bignum.get(), e)) != 1){
throw_system_error_ssl("Could not set BIGNUM word");
}
std::unique_ptr<RSA,void (*)(RSA*)> rsa(RSA_new(), &RSA_free);
if(RSA_generate_key_ex(rsa.get(), bits, bignum.get(), nullptr) != 1){
throw_system_error_ssl("Could not generate RSA key");
}
//Save public key
std::unique_ptr<BIO,void (*)(BIO*)> publicBIO(BIO_new_file(publicFilename.c_str(), "w"), &BIO_free_all);
if(!publicBIO){
throw_system_error_ssl("Could not open "+publicFilename+" for writing");
}
if(PEM_write_bio_RSAPublicKey(publicBIO.get(), rsa.get()) != 1){
throw_system_error_ssl("Could not write RSA public key");
}
//Save private key
std::unique_ptr<BIO,void (*)(BIO*)> privateBIO(BIO_new_file(privateFilename.c_str(), "w"), &BIO_free_all);
if(!privateBIO){
throw_system_error_ssl("Could not open "+privateFilename+" for writing");
}
if(password.empty()){
if(PEM_write_bio_RSAPrivateKey(privateBIO.get(), rsa.get(), nullptr, nullptr, 0, nullptr, nullptr) != 1){
throw_system_error_ssl("Could not write RSA private key");
}
}else{
if(PEM_write_bio_RSAPrivateKey(privateBIO.get(), rsa.get(), EVP_des_ede3_cbc(), (unsigned char *)password.data(), password.size(), nullptr, nullptr) != 1){
throw_system_error_ssl("Could not write RSA private key");
}
}
}
void SecureServer::generateCertificate(const std::string& publicKey, const std::string& privateKey, const std::string& password,
const long& secsValid, const std::vector<std::pair<std::string,std::string> >& x509Entries,
const std::string& x509Filename) throw (boost::system::system_error) {
std::cerr << "generating certificate" << std::endl;
std::unique_ptr<X509,void (*)(X509*)> x509(X509_new(), &X509_free);
if(ASN1_INTEGER_set(X509_get_serialNumber(x509.get()), std::time(nullptr)) != 1){
throw_system_error_ssl("Could not set X509 parameters");
}
X509_gmtime_adj(X509_get_notBefore(x509.get()), 0);
X509_gmtime_adj(X509_get_notAfter(x509.get()), secsValid);
std::unique_ptr<EVP_PKEY,void(*)(EVP_PKEY*)> privKey(EVP_PKEY_new(), &EVP_PKEY_free);
std::unique_ptr<EVP_PKEY,void(*)(EVP_PKEY*)> pubKey(EVP_PKEY_new(), &EVP_PKEY_free);
std::unique_ptr<BIO,void (*)(BIO*)> privateBIO(BIO_new_file(privateKey.c_str(), "r"), &BIO_free_all);
if(!privateBIO){
throw_system_error_ssl("Could not open "+privateKey+" for reading");
}
pem_password_cb* password_cb(nullptr);
void *password_u(nullptr);
if(!password.empty()){
password_cb = &pemPasswordCBFromString;
password_u = (void*)&password;
}
std::unique_ptr<RSA,void(*)(RSA*)> rsa(PEM_read_bio_RSAPrivateKey(privateBIO.get(), nullptr, password_cb, password_u),&RSA_free);
if(!rsa){
throw_system_error_ssl("Could not read PEM RSA private key from "+privateKey);
}
std::cerr << "read " << privateKey << std::endl;
if(EVP_PKEY_set1_RSA(privKey.get(), rsa.get()) != 1){
throw_system_error_ssl("Could not assign EVP_PKEY from RSA private key");
}
std::cerr << "assigned EVP_PKEY" << std::endl;
std::unique_ptr<BIO,void (*)(BIO*)> publicBIO(BIO_new_file(publicKey.c_str(), "r"), &BIO_free_all);
if(!publicBIO){
throw_system_error_ssl("Could not open "+publicKey+" for reading");
}
RSA *ptr = rsa.get();
if(PEM_read_bio_RSAPublicKey(publicBIO.get(),&ptr,nullptr,nullptr) == nullptr){
throw_system_error_ssl("Could not read PEM RSA public key from "+publicKey);
}
std::cerr << "read " << publicKey << std::endl;
if(EVP_PKEY_set1_RSA(pubKey.get(), rsa.get()) != 1){
throw_system_error_ssl("Could not assign EVP_PKEY from RSA public key");
}
if(X509_set_pubkey(x509.get(), pubKey.get()) != 1){
throw_system_error_ssl("Could nost assign X509 public key from EVP_PKEY");
}
X509_NAME *name = X509_get_subject_name(x509.get());
std::cerr << "got subject name" << std::endl;
for(const std::pair<std::string,std::string>& entry : x509Entries){
if(X509_NAME_add_entry_by_txt(name, entry.first.c_str(), MBSTRING_ASC, (const unsigned char*)entry.second.c_str(), entry.second.length(), -1, 0) != 1){
throw_system_error_ssl("Could not add X509 entry /"+entry.first+"/ = \""+entry.second+'"');
}
std::cerr << "added entry /" << entry.first << "/ = \"" << entry.second << '"' << std::endl;
}
if(X509_set_issuer_name(x509.get(),name) != 1){
throw_system_error_ssl("Could not set X509 issuer name");
}
std::cerr << "set issuer name" << std::endl;
std::unique_ptr<EVP_MD_CTX,void(*)(EVP_MD_CTX*)> mctx(EVP_MD_CTX_create(),&EVP_MD_CTX_destroy);
// EVP_PKEY_CTX *pkctx(nullptr);
if(EVP_DigestSignInit(mctx.get(),nullptr,EVP_sha256(),nullptr,privKey.get()) != 1){
throw_system_error_ssl("Could not init EVP Digest Sign");
}
std::cerr << "initialized EVP MD CTX" << std::endl;
if(X509_sign_ctx(x509.get(),mctx.get()) <= 0){
throw_system_error_ssl("Could not sign certificate");
}
std::cerr << "signed" << std::endl;
std::unique_ptr<BIO,void(*)(BIO*)> x509BIO(BIO_new_file(x509Filename.c_str(),"w"),&BIO_free_all);
if(PEM_write_bio_X509(x509BIO.get(),x509.get()) != 1){
throw_system_error_ssl("Could not write X509 certificate");
}
std::cerr << "written to " << x509Filename << std::endl;
}
static int qcom_km_get_keypair_public(const keymaster_device* dev,
const uint8_t* keyBlob, const size_t keyBlobLength,
uint8_t** x509_data, size_t* x509_data_length) {
struct qcom_km_key_blob * keyblob_ptr = (struct qcom_km_key_blob *)keyBlob;
if (x509_data == NULL || x509_data_length == NULL) {
ALOGE("Output public key buffer == NULL");
return -1;
}
if (keyBlob == NULL) {
ALOGE("Supplied key blob was NULL");
return -1;
}
// Should be large enough for keyblob data:
if (keyBlobLength < (sizeof(qcom_km_key_blob_t))) {
ALOGE("key blob appears to be truncated");
return -1;
}
if (keyblob_ptr->magic_num != KM_MAGIC_NUM) {
ALOGE("Cannot read key; it was not made by this keymaster");
return -1;
}
if (keyblob_ptr->public_exponent_size == 0 ) {
ALOGE("Key blob appears to have incorrect exponent length");
return -1;
}
if (keyblob_ptr->modulus_size == 0 ) {
ALOGE("Key blob appears to have incorrect modulus length");
return -1;
}
Unique_RSA rsa(RSA_new());
if (rsa.get() == NULL) {
ALOGE("Could not allocate RSA structure");
return -1;
}
rsa->n = BN_bin2bn(reinterpret_cast<const unsigned char*>(keyblob_ptr->modulus),
keyblob_ptr->modulus_size, NULL);
if (rsa->n == NULL) {
ALOGE("Failed to initialize modulus");
return -1;
}
rsa->e = BN_bin2bn(reinterpret_cast<const unsigned char*>(&keyblob_ptr->public_exponent),
keyblob_ptr->public_exponent_size, NULL);
if (rsa->e == NULL) {
ALOGE("Failed to initialize public exponent");
return -1;
}
Unique_EVP_PKEY pkey(EVP_PKEY_new());
if (pkey.get() == NULL) {
ALOGE("Could not allocate EVP_PKEY structure");
return -1;
}
if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) != 1) {
ALOGE("Failed to assign rsa parameters \n");
return -1;
}
OWNERSHIP_TRANSFERRED(rsa);
int len = i2d_PUBKEY(pkey.get(), NULL);
if (len <= 0) {
ALOGE("Len returned is < 0 len = %d", len);
return -1;
}
UniquePtr<uint8_t> key(static_cast<uint8_t*>(malloc(len)));
if (key.get() == NULL) {
ALOGE("Could not allocate memory for public key data");
return -1;
}
unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get());
if (i2d_PUBKEY(pkey.get(), &tmp) != len) {
ALOGE("Len 2 returned is < 0 len = %d", len);
return -1;
}
*x509_data_length = len;
*x509_data = key.release();
return 0;
}
int main(int argc, char* argv[])
{
//char* strTestItem = NULL;
int iTestItem = 0xFF;
ShowTitle();
bool bRunOneTime = false;
for(;;)
{
if(1 == argc)
{
printf("\n\n\n");
printf("===============================================\n\n");
printf("1: DES 2: DES3 3: RC2 4:RC4 5:RSA 6:AES\n");
printf("0: Exit\n");
printf("-----------------------------------------------\n");
printf("Please select a item to test: ");
scanf("%d", &iTestItem);
}
else
{
bRunOneTime = true;
if(0==lstrcmpi(argv[1], "-DES"))
iTestItem = 1;
else if(0==lstrcmpi(argv[1], "-DES3"))
iTestItem = 2;
else if(0==lstrcmpi(argv[1], "-RC2"))
iTestItem = 3;
else if(0==lstrcmpi(argv[1], "-RC4"))
iTestItem = 4;
else if(0==lstrcmpi(argv[1], "-RSA"))
iTestItem = 5;
else
iTestItem = 0;
}
switch(iTestItem)
{
case 1:
{
DesTest test(PKCS11_LIB_NAME);
test.Test();
}
break;
case 2:
{
Des3Test test(PKCS11_LIB_NAME);
test.Test();
}
break;
case 3:
{
RC2Test test(PKCS11_LIB_NAME);
test.Test();
}
break;
case 4:
{
RC4Test test(PKCS11_LIB_NAME);
test.Test();
}
break;
case 5:
{
RSATest rsa(PKCS11_LIB_NAME);
rsa.Test();
}
break;
case 6:
{
AESTest test(PKCS11_LIB_NAME);
test.Test();
}
break;
case 0:
return 0;
default:
break;
}
if(bRunOneTime)
break;
}
printf("\n\nTest finished.\n\nPress any key to exit ...\n");
getch();
return 0;
}
