static void
get_keys_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
{
gcry_sexp_t key_spec, key, pub_key, sec_key;
int rc;
rc = gcry_sexp_new (&key_spec,
"(genkey (rsa (nbits 4:1024)))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, key_spec);
gcry_sexp_release (key_spec);
if (rc)
die ("error generating RSA key: %s\n", gpg_strerror (rc));
pub_key = gcry_sexp_find_token (key, "public-key", 0);
if (! pub_key)
die ("public part missing in key\n");
sec_key = gcry_sexp_find_token (key, "private-key", 0);
if (! sec_key)
die ("private part missing in key\n");
gcry_sexp_release (key);
*pkey = pub_key;
*skey = sec_key;
}
static void
genkey (int algo)
{
gcry_sexp_t s_key = NULL, s_param = NULL;
gsti_error_t err;
gsti_key_t key;
const char * s;
int nbits = 1024;
algo = SSH_PK_RSA; /* XXX */
switch (algo)
{
case SSH_PK_DSS: s = "(genkey(dsa(nbits %d)))"; break;
case SSH_PK_RSA: s = "(genkey(rsa(nbits %d)))"; break;
default: printf ("invalid pk algo '%d'\n", algo); return;
}
err = gcry_sexp_build (&s_param, NULL, s, nbits);
if (!err)
err = gcry_pk_genkey (&s_key, s_param);
if (err)
printf ("genkey: %s\n", gsti_strerror (err));
gcry_sexp_release (s_param);
gcry_sexp_dump (s_key);
gsti_key_from_sexp (s_key, &key);
gcry_sexp_release (s_key);
gsti_key_save (RSA_PUBKEY, 0, key);
gsti_key_save (RSA_SECKEY, 1, key);
gsti_key_free (key);
}
static void
get_dsa_key_fips186_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
{
gcry_sexp_t key_spec, key, pub_key, sec_key;
int rc;
rc = gcry_sexp_new
(&key_spec, "(genkey (dsa (nbits 4:1024)(use-fips186)))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
rc = gcry_pk_genkey (&key, key_spec);
gcry_sexp_release (key_spec);
if (rc)
die ("error generating DSA key: %s\n", gcry_strerror (rc));
if (verbose > 1)
show_sexp ("generated DSA key (fips 186):\n", key);
pub_key = gcry_sexp_find_token (key, "public-key", 0);
if (!pub_key)
die ("public part missing in key\n");
sec_key = gcry_sexp_find_token (key, "private-key", 0);
if (!sec_key)
die ("private part missing in key\n");
gcry_sexp_release (key);
*pkey = pub_key;
*skey = sec_key;
}
static int
generate_subkey( cdk_keygen_ctx_t hd )
{
gcry_sexp_t s_params = NULL, s_key;
size_t n = hd->key[1].len;
int rc;
if( !hd )
return CDK_Inv_Value;
if( is_DSA( hd->key[1].algo) )
rc = gcry_sexp_build( &s_params, NULL, "(genkey(dsa(nbits %d)))", n );
else if( is_ELG( hd->key[1].algo) )
rc = gcry_sexp_build( &s_params, NULL, "(genkey(elg(nbits %d)))", n );
else if( is_RSA( hd->key[1].algo) )
rc = gcry_sexp_build( &s_params, NULL, "(genkey(rsa(nbits %d)))", n );
else
rc = CDK_Inv_Algo;
if( !rc )
rc = gcry_pk_genkey( &s_key, s_params );
gcry_sexp_release( s_params );
if( !rc ) {
if( is_DSA( hd->key[1].algo) )
rc = read_dsa_key( s_key, hd->key[1].resarr );
else if( is_ELG( hd->key[1].algo) )
rc = read_elg_key( s_key, hd->key[1].resarr );
else if( is_RSA( hd->key[1].algo) )
rc = read_rsa_key( s_key, hd->key[1].resarr );
}
hd->key[1].n = cdk_pk_get_npkey( hd->key[1].algo );
gcry_sexp_release( s_key );
return rc;
}
static int tagcrypt_key_gen (gcry_sexp_t *key_pair, int size)
{
gcry_sexp_t param;
gcry_error_t err;
err = gcry_sexp_build (¶m, NULL, "(6:genkey(3:rsa(5:nbits%d)))", size);
if (err) {
GCRY_CRITICAL (gcry_strerror (err));
goto ERR;
}
err = gcry_pk_genkey (key_pair, param);
if (err) {
GCRY_CRITICAL (gcry_strerror (err));
goto ERR;
}
gcry_sexp_release(param);
return 0;
ERR:
if (param) gcry_sexp_release (param);
return -1;
}
static void
get_elg_key_new (gcry_sexp_t *pkey, gcry_sexp_t *skey, int fixed_x)
{
gcry_sexp_t key_spec, key, pub_key, sec_key;
int rc;
rc = gcry_sexp_new
(&key_spec,
(fixed_x
? "(genkey (elg (nbits 4:1024)(xvalue my.not-so-secret.key)))"
: "(genkey (elg (nbits 3:512)))"),
0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
rc = gcry_pk_genkey (&key, key_spec);
gcry_sexp_release (key_spec);
if (rc)
die ("error generating Elgamal key: %s\n", gcry_strerror (rc));
if (verbose > 1)
show_sexp ("generated ELG key:\n", key);
pub_key = gcry_sexp_find_token (key, "public-key", 0);
if (!pub_key)
die ("public part missing in key\n");
sec_key = gcry_sexp_find_token (key, "private-key", 0);
if (!sec_key)
die ("private part missing in key\n");
gcry_sexp_release (key);
*pkey = pub_key;
*skey = sec_key;
}
static void
check_dsa_keys (void)
{
gcry_sexp_t keyparm, key;
int rc;
int i;
/* Check that DSA generation works and that it can grok the qbits
argument. */
if (verbose)
show ("creating 5 1024 bit DSA keys\n");
for (i=0; i < 5; i++)
{
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (dsa\n"
" (nbits 4:1024)\n"
" ))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
gcry_sexp_release (keyparm);
if (rc)
die ("error generating DSA key: %s\n", gpg_strerror (rc));
if (!i && verbose > 1)
show_sexp ("1024 bit DSA key:\n", key);
gcry_sexp_release (key);
}
if (verbose)
show ("creating 1536 bit DSA key\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (dsa\n"
" (nbits 4:1536)\n"
" (qbits 3:224)\n"
" ))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
gcry_sexp_release (keyparm);
if (rc)
die ("error generating DSA key: %s\n", gpg_strerror (rc));
if (verbose > 1)
show_sexp ("1536 bit DSA key:\n", key);
gcry_sexp_release (key);
}
void
test_genkey ( int argc, char **argv )
{
int rc, nbits = 1024;
gcry_sexp_t s_parms, s_key;
gcry_control( GCRYCTL_INIT_SECMEM, 16384, 0 );
rc = gcry_sexp_build ( &s_parms, NULL, "(genkey(dsa(nbits %d)))", nbits );
rc = gcry_pk_genkey( &s_key, s_parms );
if ( rc ) {
fprintf ( stderr, "genkey failed: %s\n", gpg_strerror (rc) );
return;
}
gcry_sexp_release( s_parms );
gcry_sexp_dump ( s_key );
gcry_sexp_release( s_key );
}
/**
* cdk_keygen_start: kick off the key generation
* @hd: the keygen object
*
**/
cdk_error_t
cdk_keygen_start( cdk_keygen_ctx_t hd )
{
gcry_sexp_t s_params = NULL, s_key = NULL;
size_t n;
int rc = 0;
if( !hd || !hd->user_id )
return CDK_Inv_Value;
if( is_ELG( hd->key[0].algo ) )
return CDK_Inv_Mode;
if( !hd->key[0].len )
hd->key[0].len = 1024;
n = hd->key[0].len;
if( !hd->sym_prefs )
cdk_keygen_set_prefs( hd, CDK_PREFTYPE_SYM, NULL, 0 );
if( !hd->hash_prefs )
cdk_keygen_set_prefs( hd, CDK_PREFTYPE_HASH, NULL, 0 );
if( !hd->zip_prefs )
cdk_keygen_set_prefs( hd, CDK_PREFTYPE_ZIP, NULL, 0 );
if( is_DSA( hd->key[0].algo ) )
rc = gcry_sexp_build( &s_params, NULL, "(genkey(dsa(nbits %d)))", n );
else if( is_RSA( hd->key[0].algo ) )
rc = gcry_sexp_build( &s_params, NULL, "(genkey(rsa(nbits %d)))", n );
else
rc = CDK_Inv_Algo;
if( !rc )
rc = gcry_pk_genkey( &s_key, s_params );
gcry_sexp_release( s_params );
if( !rc ) {
if( is_DSA( hd->key[0].algo ) )
rc = read_dsa_key( s_key, hd->key[0].resarr );
else if( is_RSA( hd->key[0].algo ) )
rc = read_rsa_key( s_key, hd->key[0].resarr );
hd->key[0].n = cdk_pk_get_npkey( hd->key[0].algo );
}
gcry_sexp_release( s_key );
if( !rc ) {
if( hd->key[1].algo && hd->key[1].len )
rc = generate_subkey( hd );
}
return rc;
}
/* Generate a private DSA key for a given account, storing it into a
* FILE*, and loading it into the given OtrlUserState. Overwrite any
* previously generated keys for that account in that OtrlUserState.
* The FILE* must be open for reading and writing. */
gcry_error_t otrl_privkey_generate_FILEp(OtrlUserState us, FILE *privf,
const char *accountname, const char *protocol)
{
gcry_error_t err;
gcry_sexp_t key, parms, privkey;
static const char *parmstr = "(genkey (dsa (nbits 4:1024)))";
OtrlPrivKey *p;
if (!privf) return gcry_error(GPG_ERR_NO_ERROR);
/* Create a DSA key */
err = gcry_sexp_new(&parms, parmstr, strlen(parmstr), 0);
if (err) {
return err;
}
err = gcry_pk_genkey(&key, parms);
gcry_sexp_release(parms);
if (err) {
return err;
}
/* Extract the privkey */
privkey = gcry_sexp_find_token(key, "private-key", 0);
gcry_sexp_release(key);
/* Output the other keys we know */
fprintf(privf, "(privkeys\n");
for (p=us->privkey_root; p; p=p->next) {
/* Skip this one if our new key replaces it */
if (!strcmp(p->accountname, accountname) &&
!strcmp(p->protocol, protocol)) {
continue;
}
account_write(privf, p->accountname, p->protocol, p->privkey);
}
account_write(privf, accountname, protocol, privkey);
gcry_sexp_release(privkey);
fprintf(privf, ")\n");
fseek(privf, 0, SEEK_SET);
return otrl_privkey_read_FILEp(us, privf);
}
static int
jwk_create (tc_argsd_t *arguments)
{
int rc;
gcry_sexp_t keyparm, key;
json_t *jwk;
rc = gcry_sexp_build (&keyparm, NULL,
"(genkey\n"
" (ecc\n"
" (curve \"NIST P-256\")\n"
" (flags param)"
"))");
if (rc) return rc;
rc = gcry_pk_genkey (&key, keyparm);
if (rc) return rc;
if (arguments->verbose)
show_sexp ("Gen key:\n", key);
gcry_sexp_release (keyparm);
jwk = gcry_pubkey2jwk (&key);
char *d = gcry_prikey2jwk (&key);
assert (NULL != d);
assert (0 == json_object_set (jwk, "d", json_string (d)));
json_dumpf(jwk, stdout, JSON_INDENT(2));
printf("\n");
return rc;
}
/**
* Create a new private key. Caller must free return value.
*
* @return fresh private key
*/
static struct GNUNET_CRYPTO_RsaPrivateKey *
rsa_key_create ()
{
struct GNUNET_CRYPTO_RsaPrivateKey *ret;
gcry_sexp_t s_key;
gcry_sexp_t s_keyparam;
GNUNET_assert (0 ==
gcry_sexp_build (&s_keyparam, NULL,
"(genkey(rsa(nbits %d)(rsa-use-e 3:257)))",
2048));
GNUNET_assert (0 == gcry_pk_genkey (&s_key, s_keyparam));
gcry_sexp_release (s_keyparam);
#if EXTRA_CHECKS
GNUNET_assert (0 == gcry_pk_testkey (s_key));
#endif
ret = GNUNET_malloc (sizeof (struct GNUNET_CRYPTO_RsaPrivateKey));
ret->sexp = s_key;
return ret;
}
static void
get_dsa_key_fips186_with_domain_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
{
gcry_sexp_t key_spec, key, pub_key, sec_key;
int rc;
rc = gcry_sexp_new
(&key_spec,
"(genkey (dsa (transient-key)(use-fips186)(domain"
"(p #d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921"
"4adeb9146a6ec3f43520f0fd8e3125dd8bbc5d87405d1ac5f82073cd762a3f8d7"
"74322657c9da88a7d2f0e1a9ceb84a39cb40876179e6a76e400498de4bb9379b0"
"5f5feb7b91eb8fea97ee17a955a0a8a37587a272c4719d6feb6b54ba4ab69#)"
"(q #9c916d121de9a03f71fb21bc2e1c0d116f065a4f#)"
"(g #8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab"
"0250d3409063ad99efae48b10c6ab2bba3ea9a67b12b911a372a2bba260176fad"
"b4b93247d9712aad13aa70216c55da9858f7a298deb670a403eb1e7c91b847f1e"
"ccfbd14bd806fd42cf45dbb69cd6d6b43add2a78f7d16928eaa04458dea44#)"
")))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
rc = gcry_pk_genkey (&key, key_spec);
gcry_sexp_release (key_spec);
if (rc)
die ("error generating DSA key: %s\n", gcry_strerror (rc));
if (verbose > 1)
show_sexp ("generated DSA key:\n", key);
pub_key = gcry_sexp_find_token (key, "public-key", 0);
if (!pub_key)
die ("public part missing in key\n");
sec_key = gcry_sexp_find_token (key, "private-key", 0);
if (!sec_key)
die ("private part missing in key\n");
gcry_sexp_release (key);
*pkey = pub_key;
*skey = sec_key;
}
static void
get_dsa_key_fips186_with_seed_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
{
gcry_sexp_t key_spec, key, pub_key, sec_key;
int rc;
rc = gcry_sexp_new
(&key_spec,
"(genkey"
" (dsa"
" (nbits 4:1024)"
" (use-fips186)"
" (transient-key)"
" (derive-parms"
" (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
0, 1);
if (rc)
die ("error creating S-expression: %s\n", gcry_strerror (rc));
rc = gcry_pk_genkey (&key, key_spec);
gcry_sexp_release (key_spec);
if (rc)
die ("error generating DSA key: %s\n", gcry_strerror (rc));
if (verbose > 1)
show_sexp ("generated DSA key (fips 186 with seed):\n", key);
pub_key = gcry_sexp_find_token (key, "public-key", 0);
if (!pub_key)
die ("public part missing in key\n");
sec_key = gcry_sexp_find_token (key, "private-key", 0);
if (!sec_key)
die ("private part missing in key\n");
gcry_sexp_release (key);
*pkey = pub_key;
*skey = sec_key;
}
static void
check_elg_keys (void)
{
gcry_sexp_t keyparm, key;
int rc;
if (verbose)
show ("creating 1024 bit Elgamal key\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (elg\n"
" (nbits 4:1024)\n"
" ))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
gcry_sexp_release (keyparm);
if (rc)
die ("error generating Elgamal key: %s\n", gpg_strerror (rc));
if (verbose > 1)
show_sexp ("1024 bit Elgamal key:\n", key);
gcry_sexp_release (key);
}
void generate_key(rsa_packet * packet, char **public_key, char **private_key) {
gcry_error_t error;
int i;
// Generate a reduced strength (to save time) RSA key, 1024 bits long
// gcry_sexp_t params = sexp_new( "(genkey (rsa (transient-key) (nbits 3:512)))" );
gcry_sexp_t params = sexp_new( "(genkey (rsa (transient-key) (nbits 4:1024)))" );
gcry_sexp_t r_key;
if ((error = gcry_pk_genkey(&r_key, params))) {
printf("Error in gcry_pk_genkey(): %s\nSource: %s\n", gcry_strerror(error), gcry_strsource(error));
exit(1);
}
// Parse the S expression strings
gcry_sexp_t public_sexp = gcry_sexp_nth(r_key, 1);
gcry_sexp_t private_sexp = gcry_sexp_nth(r_key, 2);
gcry_sexp_t mod_sexp = gcry_sexp_cdr(gcry_sexp_find_token(private_sexp, "n", 1));
gcry_sexp_t priv_exp_sexp = gcry_sexp_cdr(gcry_sexp_find_token(private_sexp, "d", 1));
gcry_sexp_t pub_exp_sexp = gcry_sexp_cdr(gcry_sexp_find_token(public_sexp, "e", 1));
// Extract the raw data in MPI format
gcry_mpi_t mod_mpi, pubexp_mpi, privexp_mpi;
mod_mpi = gcry_sexp_nth_mpi(mod_sexp, 0, GCRYMPI_FMT_USG);
privexp_mpi = gcry_sexp_nth_mpi(priv_exp_sexp, 0, GCRYMPI_FMT_USG);
pubexp_mpi = gcry_sexp_nth_mpi(pub_exp_sexp, 0, GCRYMPI_FMT_USG);
//gcry_mpi_aprint(GCRYMPI_FMT_HEX, public_key, NULL, mod_mpi);
// Now pack it into unsigned char
gcry_mpi_print(GCRYMPI_FMT_USG, packet->mod, 256, &packet->mod_len, mod_mpi);
gcry_mpi_print(GCRYMPI_FMT_USG, packet->priv_exp, 256, &packet->priv_len, privexp_mpi);
gcry_mpi_print(GCRYMPI_FMT_USG, packet->pub_exp, 256, &packet->pub_len, pubexp_mpi);
// printf ("fmt: %i: %.*s\n", (int)len, (int) len, );
*public_key = sexp_string(public_sexp);
*private_key = sexp_string(private_sexp);
}
/**
* Create a new private key. Caller must free return value.
*
* @param len length of the key in bits (i.e. 2048)
* @return fresh private key
*/
struct GNUNET_CRYPTO_rsa_PrivateKey *
GNUNET_CRYPTO_rsa_private_key_create (unsigned int len)
{
struct GNUNET_CRYPTO_rsa_PrivateKey *ret;
gcry_sexp_t s_key;
gcry_sexp_t s_keyparam;
GNUNET_assert (0 ==
gcry_sexp_build (&s_keyparam,
NULL,
"(genkey(rsa(nbits %d)))",
len));
GNUNET_assert (0 ==
gcry_pk_genkey (&s_key,
s_keyparam));
gcry_sexp_release (s_keyparam);
#if EXTRA_CHECKS
GNUNET_assert (0 ==
gcry_pk_testkey (s_key));
#endif
ret = GNUNET_new (struct GNUNET_CRYPTO_rsa_PrivateKey);
ret->sexp = s_key;
return ret;
}
/* resarr will contain: p(0), q(1), g(2), y(3), x(4).
*/
int
_gnutls_dsa_generate_params (mpi_t * resarr, int *resarr_len, int bits)
{
int ret;
gcry_sexp_t parms, key, list;
if (bits < 512 || bits > 1024)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
ret = gcry_sexp_build (&parms, NULL, "(genkey(dsa(nbits %d)))", bits);
if (ret != 0)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
/* generate the DSA key
*/
ret = gcry_pk_genkey (&key, parms);
gcry_sexp_release (parms);
if (ret != 0)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
list = gcry_sexp_find_token (key, "p", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "q", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[1] = gcry_sexp_nth_mpi (list, 1, 0);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "g", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[2] = gcry_sexp_nth_mpi (list, 1, 0);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "y", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[3] = gcry_sexp_nth_mpi (list, 1, 0);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "x", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[4] = gcry_sexp_nth_mpi (list, 1, 0);
gcry_sexp_release (list);
gcry_sexp_release (key);
_gnutls_dump_mpi ("p: ", resarr[0]);
_gnutls_dump_mpi ("q: ", resarr[1]);
_gnutls_dump_mpi ("g: ", resarr[2]);
_gnutls_dump_mpi ("y: ", resarr[3]);
_gnutls_dump_mpi ("x: ", resarr[4]);
*resarr_len = 5;
return 0;
}
static void
check_rsa_keys (void)
{
gcry_sexp_t keyparm, key;
int rc;
if (verbose)
show ("creating 1024 bit RSA key\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
" (nbits 4:1024)\n"
" ))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
gcry_sexp_release (keyparm);
if (rc)
die ("error generating RSA key: %s\n", gpg_strerror (rc));
if (verbose > 1)
show_sexp ("1024 bit RSA key:\n", key);
check_generated_rsa_key (key, 65537);
gcry_sexp_release (key);
if (verbose)
show ("creating 512 bit RSA key with e=257\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
" (nbits 3:512)\n"
" (rsa-use-e 3:257)\n"
" ))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
gcry_sexp_release (keyparm);
if (rc)
die ("error generating RSA key: %s\n", gpg_strerror (rc));
check_generated_rsa_key (key, 257);
gcry_sexp_release (key);
if (verbose)
show ("creating 512 bit RSA key with default e\n");
rc = gcry_sexp_new (&keyparm,
"(genkey\n"
" (rsa\n"
" (nbits 3:512)\n"
" (rsa-use-e 1:0)\n"
" ))", 0, 1);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
gcry_sexp_release (keyparm);
if (rc)
die ("error generating RSA key: %s\n", gpg_strerror (rc));
check_generated_rsa_key (key, 0); /* We don't expect a constant exponent. */
gcry_sexp_release (key);
}
static void
check_x931_derived_key (int what)
{
static struct {
const char *param;
const char *expected_d;
} testtable[] = {
{ /* First example from X9.31 (D.1.1). */
"(genkey\n"
" (rsa\n"
" (nbits 4:1024)\n"
" (rsa-use-e 1:3)\n"
" (derive-parms\n"
" (Xp1 #1A1916DDB29B4EB7EB6732E128#)\n"
" (Xp2 #192E8AAC41C576C822D93EA433#)\n"
" (Xp #D8CD81F035EC57EFE822955149D3BFF70C53520D\n"
" 769D6D76646C7A792E16EBD89FE6FC5B605A6493\n"
" 39DFC925A86A4C6D150B71B9EEA02D68885F5009\n"
" B98BD984#)\n"
" (Xq1 #1A5CF72EE770DE50CB09ACCEA9#)\n"
" (Xq2 #134E4CAA16D2350A21D775C404#)\n"
" (Xq #CC1092495D867E64065DEE3E7955F2EBC7D47A2D\n"
" 7C9953388F97DDDC3E1CA19C35CA659EDC2FC325\n"
" 6D29C2627479C086A699A49C4C9CEE7EF7BD1B34\n"
" 321DE34A#))))\n",
"1CCDA20BCFFB8D517EE9666866621B11822C7950D55F4BB5BEE37989A7D173"
"12E326718BE0D79546EAAE87A56623B919B1715FFBD7F16028FC4007741961"
"C88C5D7B4DAAAC8D36A98C9EFBB26C8A4A0E6BC15B358E528A1AC9D0F042BE"
"B93BCA16B541B33F80C933A3B769285C462ED5677BFE89DF07BED5C127FD13"
"241D3C4B"
},
{ /* Second example from X9.31 (D.2.1). */
"(genkey\n"
" (rsa\n"
" (nbits 4:1536)\n"
" (rsa-use-e 1:3)\n"
" (derive-parms\n"
" (Xp1 #18272558B61316348297EACA74#)\n"
" (Xp2 #1E970E8C6C97CEF91F05B0FA80#)\n"
" (Xp #F7E943C7EF2169E930DCF23FE389EF7507EE8265\n"
" 0D42F4A0D3A3CEFABE367999BB30EE680B2FE064\n"
" 60F707F46005F8AA7CBFCDDC4814BBE7F0F8BC09\n"
" 318C8E51A48D134296E40D0BBDD282DCCBDDEE1D\n"
" EC86F0B1C96EAFF5CDA70F9AEB6EE31E#)\n"
" (Xq1 #11FDDA6E8128DC1629F75192BA#)\n"
" (Xq2 #18AB178ECA907D72472F65E480#)\n"
" (Xq #C47560011412D6E13E3E7D007B5C05DBF5FF0D0F\n"
" CFF1FA2070D16C7ABA93EDFB35D8700567E5913D\n"
" B734E3FBD15862EBC59FA0425DFA131E549136E8\n"
" E52397A8ABE4705EC4877D4F82C4AAC651B33DA6\n"
" EA14B9D5F2A263DC65626E4D6CEAC767#))))\n",
"1FB56069985F18C4519694FB71055721A01F14422DC901C35B03A64D4A5BD1"
"259D573305F5B056AC931B82EDB084E39A0FD1D1A86CC5B147A264F7EF4EB2"
"0ED1E7FAAE5CAE4C30D5328B7F74C3CAA72C88B70DED8EDE207B8629DA2383"
"B78C3CE1CA3F9F218D78C938B35763AF2A8714664CC57F5CECE2413841F5E9"
"EDEC43B728E25A41BF3E1EF8D9EEE163286C9F8BF0F219D3B322C3E4B0389C"
"2E8BB28DC04C47DA2BF38823731266D2CF6CC3FC181738157624EF051874D0"
"BBCCB9F65C83"
/* Note that this example in X9.31 gives this value for D:
"7ED581A6617C6311465A53EDC4155C86807C5108B724070D6C0E9935296F44"
"96755CCC17D6C15AB24C6E0BB6C2138E683F4746A1B316C51E8993DFBD3AC8"
"3B479FEAB972B930C354CA2DFDD30F2A9CB222DC37B63B7881EE18A7688E0E"
"DE30F38728FE7C8635E324E2CD5D8EBCAA1C51993315FD73B38904E107D7A7"
"B7B10EDCA3896906FCF87BE367BB858CA1B27E2FC3C8674ECC8B0F92C0E270"
"BA2ECA3701311F68AFCE208DCC499B4B3DB30FF0605CE055D893BC1461D342"
"EF32E7D9720B"
This is a bug in X9.31, obviously introduced by using
d = e^{-1} mod (p-1)(q-1)
instead of using the universal exponent as required by 4.1.3:
d = e^{-1} mod lcm(p-1,q-1)
The examples in X9.31 seem to be pretty buggy, see
cipher/primegen.c for another bug. Not only that I had to
spend 100 USD for the 66 pages of the document, it also took
me several hours to figure out that the bugs are in the
document and not in my code.
*/
},
{ /* First example from NIST RSAVS (B.1.1). */
"(genkey\n"
" (rsa\n"
" (nbits 4:1024)\n"
" (rsa-use-e 1:3)\n"
" (derive-parms\n"
" (Xp1 #1ed3d6368e101dab9124c92ac8#)\n"
" (Xp2 #16e5457b8844967ce83cab8c11#)\n"
" (Xp #b79f2c2493b4b76f329903d7555b7f5f06aaa5ea\n"
" ab262da1dcda8194720672a4e02229a0c71f60ae\n"
" c4f0d2ed8d49ef583ca7d5eeea907c10801c302a\n"
" cab44595#)\n"
" (Xq1 #1a5d9e3fa34fb479bedea412f6#)\n"
" (Xq2 #1f9cca85f185341516d92e82fd#)\n"
" (Xq #c8387fd38fa33ddcea6a9de1b2d55410663502db\n"
" c225655a9310cceac9f4cf1bce653ec916d45788\n"
" f8113c46bc0fa42bf5e8d0c41120c1612e2ea8bb\n"
" 2f389eda#))))\n",
"17ef7ad4fd96011b62d76dfb2261b4b3270ca8e07bc501be954f8719ef586b"
"f237e8f693dd16c23e7adecc40279dc6877c62ab541df5849883a5254fccfd"
"4072a657b7f4663953930346febd6bbd82f9a499038402cbf97fd5f068083a"
"c81ad0335c4aab0da19cfebe060a1bac7482738efafea078e21df785e56ea0"
"dc7e8feb"
},
{ /* Second example from NIST RSAVS (B.1.1). */
"(genkey\n"
" (rsa\n"
" (nbits 4:1536)\n"
" (rsa-use-e 1:3)\n"
" (derive-parms\n"
" (Xp1 #1e64c1af460dff8842c22b64d0#)\n"
" (Xp2 #1e948edcedba84039c81f2ac0c#)\n"
" (Xp #c8c67df894c882045ede26a9008ab09ea0672077\n"
" d7bc71d412511cd93981ddde8f91b967da404056\n"
" c39f105f7f239abdaff92923859920f6299e82b9\n"
" 5bd5b8c959948f4a034d81613d6235a3953b49ce\n"
" 26974eb7bb1f14843841281b363b9cdb#)\n"
" (Xq1 #1f3df0f017ddd05611a97b6adb#)\n"
" (Xq2 #143edd7b22d828913abf24ca4d#)\n"
" (Xq #f15147d0e7c04a1e3f37adde802cdc610999bf7a\n"
" b0088434aaeda0c0ab3910b14d2ce56cb66bffd9\n"
" 7552195fae8b061077e03920814d8b9cfb5a3958\n"
" b3a82c2a7fc97e55db543948d3396289245336ec\n"
" 9e3cb308cc655aebd766340da8921383#))))\n",
"1f8b19f3f5f2ac9fc599f110cad403dcd9bdf5f7f00fb2790e78e820398184"
"1f3fb3dd230fb223d898f45719d9b2d3525587ff2b8bcc7425e40550a5b536"
"1c8e9c1d26e83fbd9c33c64029c0e878b829d55def12912b73d94fd758c461"
"0f473e230c41b5e4c86e27c5a5029d82c811c88525d0269b95bd2ff272994a"
"dbd80f2c2ecf69065feb8abd8b445b9c6d306b1585d7d3d7576d49842bc7e2"
"8b4a2f88f4a47e71c3edd35fdf83f547ea5c2b532975c551ed5268f748b2c4"
"2ccf8a84835b"
}
};
gpg_error_t err;
gcry_sexp_t key_spec, key, pub_key, sec_key;
gcry_mpi_t d_expected, d_have;
if (what < 0 && what >= sizeof testtable)
die ("invalid WHAT value\n");
err = gcry_sexp_new (&key_spec, testtable[what].param, 0, 1);
if (err)
die ("error creating S-expression [%d]: %s\n", what, gpg_strerror (err));
err = gcry_pk_genkey (&key, key_spec);
gcry_sexp_release (key_spec);
if (err)
die ("error generating RSA key [%d]: %s\n", what, gpg_strerror (err));
pub_key = gcry_sexp_find_token (key, "public-key", 0);
if (!pub_key)
die ("public part missing in key [%d]\n", what);
sec_key = gcry_sexp_find_token (key, "private-key", 0);
if (!sec_key)
die ("private part missing in key [%d]\n", what);
err = gcry_mpi_scan
(&d_expected, GCRYMPI_FMT_HEX, testtable[what].expected_d, 0, NULL);
if (err)
die ("error converting string [%d]\n", what);
if (verbose > 1)
show_sexp ("generated key:\n", key);
d_have = key_param_from_sexp (sec_key, "rsa", "d");
if (!d_have)
die ("parameter d not found in RSA secret key [%d]\n", what);
if (gcry_mpi_cmp (d_expected, d_have))
{
show_sexp (NULL, sec_key);
die ("parameter d does match expected value [%d]\n", what);
}
gcry_mpi_release (d_expected);
gcry_mpi_release (d_have);
gcry_sexp_release (key);
gcry_sexp_release (pub_key);
gcry_sexp_release (sec_key);
}
static int
_rsa_generate_params (bigint_t * resarr, int *resarr_len, int bits)
{
int ret, i;
gcry_sexp_t parms, key, list;
bigint_t tmp;
if (*resarr_len < RSA_PRIVATE_PARAMS)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
ret = gcry_sexp_build (&parms, NULL, "(genkey(rsa(nbits %d)))", bits);
if (ret != 0)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
/* generate the RSA key */
ret = gcry_pk_genkey (&key, parms);
gcry_sexp_release (parms);
if (ret != 0)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
list = gcry_sexp_find_token (key, "n", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[0] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "e", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[1] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "d", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[2] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "p", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[3] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "q", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[4] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "u", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[5] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
gcry_sexp_release (key);
_gnutls_mpi_log ("n: ", resarr[0]);
_gnutls_mpi_log ("e: ", resarr[1]);
_gnutls_mpi_log ("d: ", resarr[2]);
_gnutls_mpi_log ("p: ", resarr[3]);
_gnutls_mpi_log ("q: ", resarr[4]);
_gnutls_mpi_log ("u: ", resarr[5]);
/* generate e1 and e2 */
*resarr_len = 6;
tmp = _gnutls_mpi_alloc_like (resarr[0]);
if (tmp == NULL)
{
gnutls_assert ();
ret = GNUTLS_E_MEMORY_ERROR;
goto cleanup;
}
ret = _gnutls_calc_rsa_exp (resarr, 2 + *resarr_len);
if (ret < 0)
{
gnutls_assert ();
ret = GNUTLS_E_MEMORY_ERROR;
goto cleanup;
}
(*resarr_len) += 2;
return 0;
cleanup:
for (i = 0; i < *resarr_len; i++)
_gnutls_mpi_release (&resarr[i]);
return ret;
}
static int
_dsa_generate_params (bigint_t * resarr, int *resarr_len, int bits)
{
int ret;
gcry_sexp_t parms, key, list;
/* FIXME: Remove me once we depend on 1.3.1 */
if (bits > 1024 && gcry_check_version ("1.3.1") == NULL)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
if (bits < 512)
{
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
ret = gcry_sexp_build (&parms, NULL, "(genkey(dsa(nbits %d)))", bits);
if (ret != 0)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
/* generate the DSA key
*/
ret = gcry_pk_genkey (&key, parms);
gcry_sexp_release (parms);
if (ret != 0)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
list = gcry_sexp_find_token (key, "p", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[0] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "q", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[1] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "g", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[2] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "y", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[3] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "x", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[4] = gcry_sexp_nth_mpi (list, 1, GCRYMPI_FMT_USG);
gcry_sexp_release (list);
gcry_sexp_release (key);
_gnutls_mpi_log ("p: ", resarr[0]);
_gnutls_mpi_log ("q: ", resarr[1]);
_gnutls_mpi_log ("g: ", resarr[2]);
_gnutls_mpi_log ("y: ", resarr[3]);
_gnutls_mpi_log ("x: ", resarr[4]);
*resarr_len = 5;
return 0;
}
static void
check_dsa_gen_186_2 (void)
{
static struct {
int nbits;
const char *p, *q, *g;
const char *seed;
int counter;
const char *h;
} tbl[] = {
/* These tests are from FIPS 186-2, B.3.1. */
{
1024,
"d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921"
"4adeb9146a6ec3f43520f0fd8e3125dd8bbc5d87405d1ac5f82073cd762a3f8d7"
"74322657c9da88a7d2f0e1a9ceb84a39cb40876179e6a76e400498de4bb9379b0"
"5f5feb7b91eb8fea97ee17a955a0a8a37587a272c4719d6feb6b54ba4ab69",
"9c916d121de9a03f71fb21bc2e1c0d116f065a4f",
"8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab"
"0250d3409063ad99efae48b10c6ab2bba3ea9a67b12b911a372a2bba260176fad"
"b4b93247d9712aad13aa70216c55da9858f7a298deb670a403eb1e7c91b847f1e"
"ccfbd14bd806fd42cf45dbb69cd6d6b43add2a78f7d16928eaa04458dea44",
"0cb1990c1fd3626055d7a0096f8fa99807399871",
98,
"00000000000000000000000000000000000000000000000000000000000000000"
"00000000000000000000000000000000000000000000000000000000000000000"
"00000000000000000000000000000000000000000000000000000000000000000"
"0000000000000000000000000000000000000000000000000000000000002"
},
{
1024,
"f5c73304080353357de1b5967597c27d65f70aa2fe9b6aed1d0afc2b499adf22f"
"8e37937096d88548ac36c4a067f8353c7fed73f96f0d688b19b0624aedbae5dbb"
"0ee8835a4c269288c0e1d69479e701ee266bb767af39d748fe7d6afc73fdf44be"
"3eb6e661e599670061203e75fc8b3dbd59e40b54f358d0097013a0f3867f9",
"f8751166cf4f6f3b07c081fd2a9071f23ca1988d",
"1e288a442e02461c418ed67a66d24cacbeb8936fbde62ff995f5fd569dee6be62"
"4e4f0f9f8c8093f5d192ab3b3f9ae3f2665d95d27fb10e382f45cd356e7f4eb7a"
"665db432113ed06478f93b7cf188ec7a1ee97aec8f91ea7bfceaf8b6e7e5a349c"
"4ad3225362ef440c57cbc6e69df15b6699caac85f733555075f04781b2b33",
"34b3520d45d240a8861b82c8b61ffa16e67b5cce",
622,
"00000000000000000000000000000000000000000000000000000000000000000"
"00000000000000000000000000000000000000000000000000000000000000000"
"00000000000000000000000000000000000000000000000000000000000000000"
"0000000000000000000000000000000000000000000000000000000000002",
},
{
1024,
"c6c6f4f4eed927fb1c3b0c81010967e530658e6f9698ebe058b4f47b2dc8fcbc7"
"b69296b9e8b6cf55681181fe72492668061b262b0046a0d409902e269b0cb69a4"
"55ed1a086caf41927f5912bf0e0cbc45ee81a4f98bf6146f6168a228aec80e9cc"
"1162d6f6aa412efe82d4f18b95e34ab790daac5bd7aef0b22fa08ba5dbaad",
"d32b29f065c1394a30490b6fcbf812a32a8634ab",
"06f973c879e2e89345d0ac04f9c34ad69b9eff1680f18d1c8f3e1596c2e8fa8e1"
"ecef6830409e9012d4788bef6ec7414d09c981b47c941b77f39dfc49caff5e714"
"c97abe25a7a8b5d1fe88700bb96eff91cca64d53700a28b1146d81bad1212d231"
"80154c95a01f5aeebb553a8365c38a5ebe05539b51734233776ce9aff98b2",
"b6ec750da2f824cb42c5f7e28c81350d97f75125",
185,
"00000000000000000000000000000000000000000000000000000000000000000"
"00000000000000000000000000000000000000000000000000000000000000000"
"00000000000000000000000000000000000000000000000000000000000000000"
"0000000000000000000000000000000000000000000000000000000000002",
},
{
1024,
"b827a9dc9221a6ed1bec7b64d61232aacb2812f888b0a0b3a95033d7a22e77d0b"
"ff23bfeed0fb1281b21b8ff7421f0c727d1fb8aa2b843d6885f067e763f83d41f"
"d800ab15a7e2b12f71ec2058ee7bd62cd72c26989b272e519785da57bfa1f974b"
"c652e1a2d6cfb68477de5635fd019b37add656cff0b802558b31b6d2851e5",
"de822c03445b77cec4ad3a6fb0ca39ff97059ddf",
"65a9e2d43a378d7063813104586868cacf2fccd51aec1e0b6af8ba3e66dee6371"
"681254c3fb5e3929d65e3c4bcd20abd4ddc7cf815623e17b9fc92f02b8d44278b"
"848480ffd193104cf5612639511e45bd247708ff6028bd3824f8844c263b46c69"
"1f2076f8cd13c5d0be95f1f2a1a17ab1f7e5bc73500bac27d57b473ba9748",
"cd2221dd73815a75224e9fde7faf52829b81ac7a",
62,
"00000000000000000000000000000000000000000000000000000000000000000"
"00000000000000000000000000000000000000000000000000000000000000000"
"00000000000000000000000000000000000000000000000000000000000000000"
"0000000000000000000000000000000000000000000000000000000000002",
},
{
1024,
"898a8d93e295c8ef2ffd46976225a1543640640d155a576fafa0be32136165803"
"ba2eff2782a2be75cc9ec65db6bd3238cca695b3a5a14726a2a314775c377d891"
"354b3de6c89e714a05599ca04132c987f889f72c4fe298ccb31f711c03b07e1d9"
"8d72af590754cf3847398b60cecd55a4611692b308809560a83880404c227",
"c6d786643d2acfc6b8d576863fda8cfbfbd5e03f",
"2fd38b8d21c58e8fb5315a177b8d5dc4c450d574e69348b7b9da367c26e72438d"
"af8372e7f0bee84ef5dcbbc3727194a2228431192f1779be24837f22a0e14d10d"
"5344da1b8b403df9f9b2655095b3d0f67418ed6cd989f35aa4232e4b7001764fb"
"e85d6b2c716980f13272fc4271ac1e234f7e24c023cfc2d2dc0aa1e9af2fb",
"73483e697599871af983a281e3afa22e0ed86b68",
272,
"00000000000000000000000000000000000000000000000000000000000000000"
"00000000000000000000000000000000000000000000000000000000000000000"
"00000000000000000000000000000000000000000000000000000000000000000"
"0000000000000000000000000000000000000000000000000000000000002",
},
/* These tests are generated by the OpenSSL FIPS version. */
{
1024,
"A404363903FDCE86839BCFD953AAD2DA2B0E70CAED3B5FF5D68F15A1C4BB0A793C"
"A9D58FC956804C5901DE0AF99F345ED1A8617C687864BAC044B7C3C3E732A2B255"
"EC986AA76EA8CB0E0815B3E0E605650AF7D8058EE7E8EBCDEFFDAB8100D3FC1033"
"11BA3AB232EF06BB74BA9A949EC0C7ED324C19B202F4AB725BBB4080C9",
"C643946CEA8748E12D430C48DB038F9165814389",
"59B7E7BA0033CCE8E6837173420FBB382A784D4154A3C166043F5A68CB92945D16"
"892D4CC5585F2D28C780E75A6C20A379E2B58304C1E5FC0D8C15E4E89C4498C8BC"
"B90FB36ED8DC0489B9D0BC09EC4411FB0BFADF25485EEAB6700BE0ACF5C44A6ED7"
"44A015382FF9B8DA7EAA00DEA135FADC59212DBBFFC1537336FA4B7225",
"02708ab36e3f0bfd67ec3b8bd8829d03b84f56bd",
50,
"02"
},
{
1024,
"9C664033DB8B203D826F896D2293C62EF9351D5CFD0F4C0AD7EFDA4DDC7F15987"
"6A3C68CAB2586B44FD1BD4DEF7A17905D88D321DD77C4E1720D848CA21D79F9B3"
"D8F537338E09B44E9F481E8DA3C56569F63146596A050EF8FAEE8ACA32C666450"
"04F675C8806EB4025B0A5ECC39CE89983EA40A183A7CF5208BA958045ABD5",
"AD0D8CBA369AF6CD0D2BAC0B4CFCAF0A1F9BCDF7",
"74D717F7092A2AF725FDD6C2561D1DBE5AEE40203C638BA8B9F49003857873701"
"95A44E515C4E8B344F5CDC7F4A6D38097CD57675E7643AB9700692C69F0A99B0E"
"039FDDDFCA8CEB607BDB4ADF2834DE1690F5823FC8199FB8F6F29E5A583B6786A"
"C14C7E67106C3B30568CBB9383F89287D578159778EB18216799D16D46498",
"6481a12a50384888ee84b61024f7c9c685d6ac96",
289,
"02"
},
{
1024,
"B0DFB602EB8462B1DC8C2214A52B587D3E6842CCF1C38D0F7C7F967ED30CF6828"
"1E2675B3BAB594755FB1634E66B4C23936F0725A358F8DFF3C307E2601FD66D63"
"5B17270450C50BD2BEC29E0E9A471DF1C15B0191517952268A2763D4BD28B8503"
"B3399686272B76B11227F693D7833105EF70C2289C3194CF4527024B272DF",
"EA649C04911FAB5A41440287A517EF752A40354B",
"88C5A4563ECB949763E0B696CD04B21321360F54C0EE7B23E2CEDC30E9E486162"
"01BFB1619E7C54B653D1F890C50E04B29205F5E3E2F93A13B0751AF25491C5194"
"93C09DDF6B9C173B3846DFB0E7A5C870BBFC78419260C90E20315410691C8326C"
"858D7063E7921F3F601158E912C7EE487FF259202BEEB10F6D9E99190F696",
"5bf9d17bc62fbbf3d569c92bd4505586b2e5ef1a",
626,
"02"
},
{
1024,
"F783C08D7F9463E48BA87893805C4B34B63C85DF7EBDD9EBEE94DB4AF4E4A415C"
"F0F3793AE55096BA1199598798FA8403B28DED7F7C7AFD54FD535861A0150EF4D"
"5871465B13837CCF46BEB0A22F8D38DC7D6AE0E14A3845FD0C027CFA97791B977"
"CE2808BAD9B43CE69390C0F40016056722D82C0D7B1B27413D026A39D7DAD",
"A40D9EE456AED4C8A653FDB47B6629C0B843FE8F",
"DF876263E21F263AE6DA57409BD517DCEADB9216048F066D6B58867F8E59A5EEE"
"700283A946C1455534618979BE6C227673C1B803910262BD93BC94D5089850614"
"F3E29AB64E8C989A7E3E28FE670FFA3EE21DEEEC1AB0B60E1D8E2AA39663BADD7"
"2C9F957D7F3D4F17D9FDAD050EB373A6DEFD09F5DA752EAFE046836E14B67",
"8a9a57706f69f4f566252cdf6d5cbfdf2020150b",
397,
"02"
},
{
1024,
"D40E4F6461E145859CCF60FD57962840BD75FFF12C22F76626F566842252AD068"
"29745F0147056354F6C016CF12762B0E331787925B8128CF5AF81F9B176A51934"
"96D792430FF83C7B79BD595BDA10787B34600787FA552EFE3662F37B99AAD3F3A"
"093732680A01345192A19BECCE6BF5D498E44ED6BED5B0BA72AAD49E8276B",
"D12F1BD0AA78B99247FD9F18EAFEE5C136686EA5",
"468EBD20C99449C1E440E6F8E452C6A6BC7551C555FE5E94996E20CFD4DA3B9CC"
"58499D6CC2374CCF9C392715A537DE10CFCA8A6A37AFBD187CF6B88D26881E5F5"
"7521D9D2C9BBA51E7B87B070BBE73F5C5FE31E752CAF88183516D8503BAAC1159"
"928EF50DEE52D96F396B93FB4138D786464C315401A853E57C9A0F9D25839",
"30b3599944a914a330a3f49d11ec88f555422aef",
678,
"02"
}
};
gpg_error_t err;
int tno;
gcry_sexp_t key_spec, key, pub_key, sec_key, seed_values;
gcry_sexp_t l1;
for (tno = 0; tno < DIM (tbl); tno++)
{
if (verbose)
info ("generating FIPS 186-2 test key %d\n", tno);
{
void *data;
size_t datalen;
data = data_from_hex (tbl[tno].seed, &datalen);
err = gcry_sexp_build (&key_spec, NULL,
"(genkey (dsa (nbits %d)(use-fips186-2)"
"(derive-parms(seed %b))))",
tbl[tno].nbits, (int)datalen, data);
gcry_free (data);
}
if (err)
die ("error creating S-expression %d: %s\n", tno, gpg_strerror (err));
err = gcry_pk_genkey (&key, key_spec);
gcry_sexp_release (key_spec);
if (err)
{
fail ("error generating key %d: %s\n", tno, gpg_strerror (err));
continue;
}
if (verbose > 1)
show_sexp ("generated key:\n", key);
pub_key = gcry_sexp_find_token (key, "public-key", 0);
if (!pub_key)
fail ("public part missing in key %d\n", tno);
sec_key = gcry_sexp_find_token (key, "private-key", 0);
if (!sec_key)
fail ("private part missing in key %d\n", tno);
l1 = gcry_sexp_find_token (key, "misc-key-info", 0);
if (!l1)
fail ("misc_key_info part missing in key %d\n", tno);
seed_values = gcry_sexp_find_token (l1, "seed-values", 0);
if (!seed_values)
fail ("seed-values part missing in key %d\n", tno);
gcry_sexp_release (l1);
extract_cmp_mpi (sec_key, "p", tbl[tno].p);
extract_cmp_mpi (sec_key, "q", tbl[tno].q);
extract_cmp_mpi (sec_key, "g", tbl[tno].g);
extract_cmp_data (seed_values, "seed", tbl[tno].seed);
extract_cmp_int (seed_values, "counter", tbl[tno].counter);
extract_cmp_mpi (seed_values, "h", tbl[tno].h);
gcry_sexp_release (seed_values);
gcry_sexp_release (sec_key);
gcry_sexp_release (pub_key);
gcry_sexp_release (key);
}
}
static void
ecc_bench (int iterations, int print_header)
{
#if USE_ECC
gpg_error_t err;
int p_sizes[] = { 192, 224, 256, 384, 521 };
int testno;
if (print_header)
printf ("Algorithm generate %4d*sign %4d*verify\n"
"------------------------------------------------\n",
iterations, iterations );
for (testno=0; testno < DIM (p_sizes); testno++)
{
gcry_sexp_t key_spec, key_pair, pub_key, sec_key;
gcry_mpi_t x;
gcry_sexp_t data;
gcry_sexp_t sig = NULL;
int count;
printf ("ECDSA %3d bit ", p_sizes[testno]);
fflush (stdout);
err = gcry_sexp_build (&key_spec, NULL,
"(genkey (ECDSA (nbits %d)))", p_sizes[testno]);
if (err)
die ("creating S-expression failed: %s\n", gcry_strerror (err));
start_timer ();
err = gcry_pk_genkey (&key_pair, key_spec);
if (err)
die ("creating %d bit ECC key failed: %s\n",
p_sizes[testno], gcry_strerror (err));
pub_key = gcry_sexp_find_token (key_pair, "public-key", 0);
if (! pub_key)
die ("public part missing in key\n");
sec_key = gcry_sexp_find_token (key_pair, "private-key", 0);
if (! sec_key)
die ("private part missing in key\n");
gcry_sexp_release (key_pair);
gcry_sexp_release (key_spec);
stop_timer ();
printf (" %s", elapsed_time ());
fflush (stdout);
x = gcry_mpi_new (p_sizes[testno]);
gcry_mpi_randomize (x, p_sizes[testno], GCRY_WEAK_RANDOM);
err = gcry_sexp_build (&data, NULL, "(data (flags raw) (value %m))", x);
gcry_mpi_release (x);
if (err)
die ("converting data failed: %s\n", gcry_strerror (err));
start_timer ();
for (count=0; count < iterations; count++)
{
gcry_sexp_release (sig);
err = gcry_pk_sign (&sig, data, sec_key);
if (err)
die ("signing failed: %s\n", gpg_strerror (err));
}
stop_timer ();
printf (" %s", elapsed_time ());
fflush (stdout);
start_timer ();
for (count=0; count < iterations; count++)
{
err = gcry_pk_verify (sig, data, pub_key);
if (err)
{
putchar ('\n');
show_sexp ("seckey:\n", sec_key);
show_sexp ("data:\n", data);
show_sexp ("sig:\n", sig);
die ("verify failed: %s\n", gpg_strerror (err));
}
}
stop_timer ();
printf (" %s\n", elapsed_time ());
fflush (stdout);
gcry_sexp_release (sig);
gcry_sexp_release (data);
gcry_sexp_release (sec_key);
gcry_sexp_release (pub_key);
}
#endif /*USE_ECC*/
}
static void
rsa_bench (int iterations, int print_header, int no_blinding)
{
gpg_error_t err;
int p_sizes[] = { 1024, 2048, 3072, 4096 };
int testno;
if (print_header)
printf ("Algorithm generate %4d*sign %4d*verify\n"
"------------------------------------------------\n",
iterations, iterations );
for (testno=0; testno < DIM (p_sizes); testno++)
{
gcry_sexp_t key_spec, key_pair, pub_key, sec_key;
gcry_mpi_t x;
gcry_sexp_t data;
gcry_sexp_t sig = NULL;
int count;
printf ("RSA %3d bit ", p_sizes[testno]);
fflush (stdout);
err = gcry_sexp_build (&key_spec, NULL,
gcry_fips_mode_active ()
? "(genkey (RSA (nbits %d)))"
: "(genkey (RSA (nbits %d)(transient-key)))",
p_sizes[testno]);
if (err)
die ("creating S-expression failed: %s\n", gcry_strerror (err));
start_timer ();
err = gcry_pk_genkey (&key_pair, key_spec);
if (err)
die ("creating %d bit RSA key failed: %s\n",
p_sizes[testno], gcry_strerror (err));
pub_key = gcry_sexp_find_token (key_pair, "public-key", 0);
if (! pub_key)
die ("public part missing in key\n");
sec_key = gcry_sexp_find_token (key_pair, "private-key", 0);
if (! sec_key)
die ("private part missing in key\n");
gcry_sexp_release (key_pair);
gcry_sexp_release (key_spec);
stop_timer ();
printf (" %s", elapsed_time ());
fflush (stdout);
x = gcry_mpi_new (p_sizes[testno]);
gcry_mpi_randomize (x, p_sizes[testno]-8, GCRY_WEAK_RANDOM);
err = gcry_sexp_build (&data, NULL,
"(data (flags raw) (value %m))", x);
gcry_mpi_release (x);
if (err)
die ("converting data failed: %s\n", gcry_strerror (err));
start_timer ();
for (count=0; count < iterations; count++)
{
gcry_sexp_release (sig);
err = gcry_pk_sign (&sig, data, sec_key);
if (err)
die ("signing failed (%d): %s\n", count, gpg_strerror (err));
}
stop_timer ();
printf (" %s", elapsed_time ());
fflush (stdout);
start_timer ();
for (count=0; count < iterations; count++)
{
err = gcry_pk_verify (sig, data, pub_key);
if (err)
{
putchar ('\n');
show_sexp ("seckey:\n", sec_key);
show_sexp ("data:\n", data);
show_sexp ("sig:\n", sig);
die ("verify failed (%d): %s\n", count, gpg_strerror (err));
}
}
stop_timer ();
printf (" %s", elapsed_time ());
if (no_blinding)
{
fflush (stdout);
x = gcry_mpi_new (p_sizes[testno]);
gcry_mpi_randomize (x, p_sizes[testno]-8, GCRY_WEAK_RANDOM);
err = gcry_sexp_build (&data, NULL,
"(data (flags no-blinding) (value %m))", x);
gcry_mpi_release (x);
if (err)
die ("converting data failed: %s\n", gcry_strerror (err));
start_timer ();
for (count=0; count < iterations; count++)
{
gcry_sexp_release (sig);
err = gcry_pk_sign (&sig, data, sec_key);
if (err)
die ("signing failed (%d): %s\n", count, gpg_strerror (err));
}
stop_timer ();
printf (" %s", elapsed_time ());
fflush (stdout);
}
putchar ('\n');
fflush (stdout);
gcry_sexp_release (sig);
gcry_sexp_release (data);
gcry_sexp_release (sec_key);
gcry_sexp_release (pub_key);
}
}
static void
check_ecc_keys (void)
{
const char *curves[] = { "NIST P-521", "NIST P-384", "NIST P-256",
"Ed25519", NULL
};
int testno;
gcry_sexp_t keyparm, key;
int rc;
for (testno=0; curves[testno]; testno++)
{
if (verbose)
show ("creating ECC key using curve %s\n", curves[testno]);
if (!strcmp (curves[testno], "Ed25519"))
rc = gcry_sexp_build (&keyparm, NULL,
"(genkey(ecc(curve %s)(flags param eddsa)))",
curves[testno]);
else
rc = gcry_sexp_build (&keyparm, NULL,
"(genkey(ecc(curve %s)(flags param)))",
curves[testno]);
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
gcry_sexp_release (keyparm);
if (rc)
die ("error generating ECC key using curve %s: %s\n",
curves[testno], gpg_strerror (rc));
if (verbose > 1)
show_sexp ("ECC key:\n", key);
check_generated_ecc_key (key);
gcry_sexp_release (key);
}
if (verbose)
show ("creating ECC key using curve Ed25519 for ECDSA\n");
rc = gcry_sexp_build (&keyparm, NULL, "(genkey(ecc(curve Ed25519)))");
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
gcry_sexp_release (keyparm);
if (rc)
die ("error generating ECC key using curve Ed25519 for ECDSA: %s\n",
gpg_strerror (rc));
if (verbose > 1)
show_sexp ("ECC key:\n", key);
check_generated_ecc_key (key);
gcry_sexp_release (key);
if (verbose)
show ("creating ECC key using curve Ed25519 for ECDSA (nocomp)\n");
rc = gcry_sexp_build (&keyparm, NULL,
"(genkey(ecc(curve Ed25519)(flags nocomp)))");
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
gcry_sexp_release (keyparm);
if (rc)
die ("error generating ECC key using curve Ed25519 for ECDSA"
" (nocomp): %s\n",
gpg_strerror (rc));
if (verbose > 1)
show_sexp ("ECC key:\n", key);
check_generated_ecc_key (key);
gcry_sexp_release (key);
if (verbose)
show ("creating ECC key using curve Ed25519 for ECDSA (transient-key)\n");
rc = gcry_sexp_build (&keyparm, NULL,
"(genkey(ecc(curve Ed25519)(flags transient-key)))");
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
gcry_sexp_release (keyparm);
if (rc)
die ("error generating ECC key using curve Ed25519 for ECDSA"
" (transient-key): %s\n",
gpg_strerror (rc));
if (verbose > 1)
show_sexp ("ECC key:\n", key);
check_generated_ecc_key (key);
gcry_sexp_release (key);
if (verbose)
show ("creating ECC key using curve Ed25519 for ECDSA "
"(transient-key no-keytest)\n");
rc = gcry_sexp_build (&keyparm, NULL,
"(genkey(ecc(curve Ed25519)"
"(flags transient-key no-keytest)))");
if (rc)
die ("error creating S-expression: %s\n", gpg_strerror (rc));
rc = gcry_pk_genkey (&key, keyparm);
gcry_sexp_release (keyparm);
if (rc)
die ("error generating ECC key using curve Ed25519 for ECDSA"
" (transient-key no-keytest): %s\n",
gpg_strerror (rc));
if (verbose > 1)
show_sexp ("ECC key:\n", key);
check_generated_ecc_key (key);
gcry_sexp_release (key);
}
/* resarr will contain: modulus(0), public exponent(1), private exponent(2),
* prime1 - p (3), prime2 - q(4), u (5).
*/
int
_gnutls_rsa_generate_params (mpi_t * resarr, int *resarr_len, int bits)
{
int ret;
gcry_sexp_t parms, key, list;
ret = gcry_sexp_build (&parms, NULL, "(genkey(rsa(nbits %d)))", bits);
if (ret != 0)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
/* generate the RSA key */
ret = gcry_pk_genkey (&key, parms);
gcry_sexp_release (parms);
if (ret != 0)
{
gnutls_assert ();
return GNUTLS_E_INTERNAL_ERROR;
}
list = gcry_sexp_find_token (key, "n", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[0] = gcry_sexp_nth_mpi (list, 1, 0);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "e", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[1] = gcry_sexp_nth_mpi (list, 1, 0);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "d", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[2] = gcry_sexp_nth_mpi (list, 1, 0);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "p", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[3] = gcry_sexp_nth_mpi (list, 1, 0);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "q", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[4] = gcry_sexp_nth_mpi (list, 1, 0);
gcry_sexp_release (list);
list = gcry_sexp_find_token (key, "u", 0);
if (list == NULL)
{
gnutls_assert ();
gcry_sexp_release (key);
return GNUTLS_E_INTERNAL_ERROR;
}
resarr[5] = gcry_sexp_nth_mpi (list, 1, 0);
gcry_sexp_release (list);
gcry_sexp_release (key);
_gnutls_dump_mpi ("n: ", resarr[0]);
_gnutls_dump_mpi ("e: ", resarr[1]);
_gnutls_dump_mpi ("d: ", resarr[2]);
_gnutls_dump_mpi ("p: ", resarr[3]);
_gnutls_dump_mpi ("q: ", resarr[4]);
_gnutls_dump_mpi ("u: ", resarr[5]);
*resarr_len = 6;
return 0;
}