/*
* Check a private RSA key
*/
int rsa_check_privkey( rsa_context *ctx )
{
int ret;
mpi PQ, DE, P1, Q1, H, I, G;
if( ( ret = rsa_check_pubkey( ctx ) ) != 0 )
return( ret );
if( !ctx->P.p || !ctx->Q.p || !ctx->D.p )
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
mpi_init( &PQ, &DE, &P1, &Q1, &H, &I, &G, NULL );
MPI_CHK( mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
MPI_CHK( mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) );
MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
MPI_CHK( mpi_mod_mpi( &I, &DE, &H ) );
MPI_CHK( mpi_gcd( &G, &ctx->E, &H ) );
if( mpi_cmp_mpi( &PQ, &ctx->N ) == 0 &&
mpi_cmp_int( &I, 1 ) == 0 &&
mpi_cmp_int( &G, 1 ) == 0 )
{
mpi_free( &G, &I, &H, &Q1, &P1, &DE, &PQ, NULL );
return( 0 );
}
cleanup:
mpi_free( &G, &I, &H, &Q1, &P1, &DE, &PQ, NULL );
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED | ret );
}
int to_public_key(lua_State* L, rsa_context* Prsa) {
int ret = 0;
int index;
if ( !Prsa)
return -1;
memset( Prsa, 0, sizeof( rsa_context ) );
index = lua_gettop(L);
ret = mpi_get_field(L, index, "N", &Prsa->N, 16);
ret = mpi_get_field(L, index, "E", &Prsa->E, 16);
mpi_init(&Prsa->D, NULL);
mpi_init(&Prsa->P, NULL);
mpi_init(&Prsa->Q, NULL);
mpi_init(&Prsa->DP, NULL);
mpi_init(&Prsa->DQ, NULL);
mpi_init(&Prsa->QP, NULL);
mpi_init(&Prsa->RN, NULL);
mpi_init(&Prsa->RP, NULL);
mpi_init(&Prsa->RQ, NULL);
if((ret = rsa_check_pubkey(Prsa))!=0)
printf("Erro na chave publica (%d)", ret);
return ret;
}
int rsa_get_public_key_fingerprint(rsa_context *rsa, uint64_t *fingerprint,
char fingerprint_ascii[FLETCHER_SIZE_STR])
{
int ret;
if ((ret = rsa_check_pubkey(rsa)) != 0) {
char err[128];
error_strerror(ret, err, sizeof err);
dolog(D_ENC, "ERROR verifying public key: %s\n", err);
return -ERR_NO_PUBKEY;
}
uint8_t pk[2048]; // public key is not bigger than this
int pk_len = asn1_encode_public_key_der(pk, sizeof pk, rsa);
if (pk_len <= 0) {
return -ERR_UNKNOWN(901);
}
uint64_t fp;
if (fingerprint == NULL ) {
fingerprint = &fp;
}
*fingerprint = fletcher64(pk, pk_len);
if (fingerprint_ascii)
fletcher64_to_str(fingerprint_ascii, fingerprint);
return 0;
}
/*
* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER -- e
* }
*/
static int pk_get_rsapubkey( unsigned char **p,
const unsigned char *end,
rsa_context *rsa )
{
int ret;
size_t len;
if( ( ret = asn1_get_tag( p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
if( *p + len != end )
return( POLARSSL_ERR_PK_INVALID_PUBKEY +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
if( ( ret = asn1_get_mpi( p, end, &rsa->N ) ) != 0 ||
( ret = asn1_get_mpi( p, end, &rsa->E ) ) != 0 )
return( POLARSSL_ERR_PK_INVALID_PUBKEY + ret );
if( *p != end )
return( POLARSSL_ERR_PK_INVALID_PUBKEY +
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
if( ( ret = rsa_check_pubkey( rsa ) ) != 0 )
return( POLARSSL_ERR_PK_INVALID_PUBKEY );
rsa->len = mpi_size( &rsa->N );
return( 0 );
}
/*
* Check a private RSA key
*/
int rsa_check_privkey( const rsa_context *ctx )
{
int ret;
mpi PQ, DE, P1, Q1, H, I, G, G2, L1, L2, DP, DQ, QP;
if( ( ret = rsa_check_pubkey( ctx ) ) != 0 )
return( ret );
if( !ctx->P.p || !ctx->Q.p || !ctx->D.p )
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
mpi_init( &PQ ); mpi_init( &DE ); mpi_init( &P1 ); mpi_init( &Q1 );
mpi_init( &H ); mpi_init( &I ); mpi_init( &G ); mpi_init( &G2 );
mpi_init( &L1 ); mpi_init( &L2 ); mpi_init( &DP ); mpi_init( &DQ );
mpi_init( &QP );
MPI_CHK( mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
MPI_CHK( mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) );
MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
MPI_CHK( mpi_gcd( &G, &ctx->E, &H ) );
MPI_CHK( mpi_gcd( &G2, &P1, &Q1 ) );
MPI_CHK( mpi_div_mpi( &L1, &L2, &H, &G2 ) );
MPI_CHK( mpi_mod_mpi( &I, &DE, &L1 ) );
MPI_CHK( mpi_mod_mpi( &DP, &ctx->D, &P1 ) );
MPI_CHK( mpi_mod_mpi( &DQ, &ctx->D, &Q1 ) );
MPI_CHK( mpi_inv_mod( &QP, &ctx->Q, &ctx->P ) );
/*
* Check for a valid PKCS1v2 private key
*/
if( mpi_cmp_mpi( &PQ, &ctx->N ) != 0 ||
mpi_cmp_mpi( &DP, &ctx->DP ) != 0 ||
mpi_cmp_mpi( &DQ, &ctx->DQ ) != 0 ||
mpi_cmp_mpi( &QP, &ctx->QP ) != 0 ||
mpi_cmp_int( &L2, 0 ) != 0 ||
mpi_cmp_int( &I, 1 ) != 0 ||
mpi_cmp_int( &G, 1 ) != 0 )
{
ret = POLARSSL_ERR_RSA_KEY_CHECK_FAILED;
}
cleanup:
mpi_free( &PQ ); mpi_free( &DE ); mpi_free( &P1 ); mpi_free( &Q1 );
mpi_free( &H ); mpi_free( &I ); mpi_free( &G ); mpi_free( &G2 );
mpi_free( &L1 ); mpi_free( &L2 ); mpi_free( &DP ); mpi_free( &DQ );
mpi_free( &QP );
if( ret == POLARSSL_ERR_RSA_KEY_CHECK_FAILED )
return( ret );
if( ret != 0 )
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED + ret );
return( 0 );
}
/*
* Check if contexts holding a public and private key match
*/
int rsa_check_pub_priv( const rsa_context *pub, const rsa_context *prv )
{
if( rsa_check_pubkey( pub ) != 0 ||
rsa_check_privkey( prv ) != 0 )
{
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
}
if( mpi_cmp_mpi( &pub->N, &prv->N ) != 0 ||
mpi_cmp_mpi( &pub->E, &prv->E ) != 0 )
{
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
}
return( 0 );
}
/*
* Check a private RSA key
*/
int rsa_check_privkey( const rsa_context *ctx )
{
int ret;
mpi PQ, DE, P1, Q1, H, I, G, G2, L1, L2;
if( ( ret = rsa_check_pubkey( ctx ) ) != 0 )
return( ret );
if( !ctx->P.p || !ctx->Q.p || !ctx->D.p )
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
mpi_init( &PQ, &DE, &P1, &Q1, &H, &I, &G, &G2, &L1, &L2, NULL );
MPI_CHK( mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) );
MPI_CHK( mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) );
MPI_CHK( mpi_sub_int( &P1, &ctx->P, 1 ) );
MPI_CHK( mpi_sub_int( &Q1, &ctx->Q, 1 ) );
MPI_CHK( mpi_mul_mpi( &H, &P1, &Q1 ) );
MPI_CHK( mpi_gcd( &G, &ctx->E, &H ) );
MPI_CHK( mpi_gcd( &G2, &P1, &Q1 ) );
MPI_CHK( mpi_div_mpi( &L1, &L2, &H, &G2 ) );
MPI_CHK( mpi_mod_mpi( &I, &DE, &L1 ) );
/*
* Check for a valid PKCS1v2 private key
*/
if( mpi_cmp_mpi( &PQ, &ctx->N ) == 0 &&
mpi_cmp_int( &L2, 0 ) == 0 &&
mpi_cmp_int( &I, 1 ) == 0 &&
mpi_cmp_int( &G, 1 ) == 0 )
{
mpi_free( &G, &I, &H, &Q1, &P1, &DE, &PQ, &G2, &L1, &L2, NULL );
return( 0 );
}
cleanup:
mpi_free( &G, &I, &H, &Q1, &P1, &DE, &PQ, &G2, &L1, &L2, NULL );
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED | ret );
}
void
crypto_rsa_encrypt(int len, uint8 * in, uint8 * out, uint32 modulus_size, uint8 * modulus, uint8 * exponent)
{
rsa_context ctx;
rsa_init(&ctx, 0, 0);
ctx.len = modulus_size;
mpi_init(&ctx.N, &ctx.E, NULL);
mpi_read_binary(&ctx.N, modulus, modulus_size);
mpi_read_binary(&ctx.E, exponent, SEC_EXPONENT_SIZE);
ASSERT(!rsa_check_pubkey( &ctx ));
ASSERT(modulus_size <= SEC_MAX_MODULUS_SIZE);
uint8 in2[SEC_MAX_MODULUS_SIZE];
memset(in2, 0, modulus_size - len);
memcpy(in2 + modulus_size - len, in, len);
int err = rsa_public(&ctx, in2, out);
ASSERT(!err);
mpi_free(&ctx.N, &ctx.E, NULL);
rsa_free(&ctx);
}
kal_bool che_sw_rsa(STCHE* che_context, CHE_ACTION act, kal_uint8* data_src, kal_uint8* data_dst, kal_int32 length, kal_bool last_block){
rsa_context rsa;
memset( &rsa, 0, sizeof( rsa ) );
rsa.len = length;
mpi_read( &rsa.N , che_context->modulusN, 16, che_context->modulusNLen );
mpi_read( &rsa.E , che_context->pubExp, 16, che_context->pubExpLen );
mpi_read( &rsa.D , che_context->privExpD, 16, che_context->privExpDLen );
mpi_read( &rsa.P , che_context->primeP, 16, che_context->primePLen );
mpi_read( &rsa.Q , che_context->primeQ, 16,che_context->primeQLen );
mpi_read( &rsa.DP, che_context->dModPm1, 16,che_context->dModPm1Len );
mpi_read( &rsa.DQ, che_context->dModQm1, 16,che_context->dModQm1Len );
mpi_read( &rsa.QP, che_context->qInvModP, 16,che_context->qInvModPLen );
if( rsa_check_pubkey( &rsa ) != 0 || rsa_check_privkey( &rsa ) != 0 ){
ASSERT(0);
}
switch (act){
case RSA_PUBLIC_ENC:
if( rsa_public_encrypt( &rsa, data_src, length, data_dst, length ) != 0 ){
ASSERT(0);
}
break;
case RSA_PUBLIC_DEC:
if( rsa_public_decrypt( &rsa, data_src, length, data_dst, length ) != 0 ){
ASSERT(0);
}
break;
case RSA_PRIVATE_ENC:
if( rsa_private_encrypt( &rsa, data_src, length, data_dst, length ) != 0 ){
ASSERT(0);
}
break;
case RSA_PRIVATE_DEC:
if( rsa_private_decrypt( &rsa, data_src, length, data_dst, length ) != 0 ){
ASSERT(0);
}
break;
default:
return KAL_FALSE;
}
return KAL_TRUE;
}
int upload_public_key(VCRYPT_CTX *ctx)
{
// checking the public key first
int ret;
if ((ret = rsa_check_pubkey(&ctx->ssl_req.rsa)) != 0) {
return -ERR_RSA_NO_KEYS;
}
VCRYPT_PACKET *packet = packet_new(DEST_SERVER, NULL, REQ_PUBKEY_UPLOAD,
1024);
if (packet == NULL )
goto err;
int pk_len = asn1_encode_public_key_der((uint8_t*) packet->payload + 8,
packet->payload_len - 8, &ctx->ssl_req.rsa);
if (pk_len <= 0)
goto err;
uint64_t fp = fletcher64(packet->payload + 8, pk_len);
// consistency check
assert(ctx->public_key_fp_local == fp);
memcpy(packet->payload, &fp, 8);
packet->payload_len = pk_len + 8;
return vqueue_add_packet(&ctx->packet_queue, packet, VCRYPT_TIMEOUT_SERVER,
1);
err: //
if (packet)
packet_free(packet);
return -ERR_UNKNOWN(908);
}
int ctr_rsa_init(ctr_rsa_context* ctx, rsakey2048* key)
{
rsa_init(&ctx->rsa, RSA_PKCS_V15, 0);
ctx->rsa.len = 0x100;
if (key->keytype == RSAKEY_INVALID)
goto clean;
if (mpi_read_binary(&ctx->rsa.N, key->n, sizeof(key->n)))
goto clean;
if (mpi_read_binary(&ctx->rsa.E, key->e, sizeof(key->e)))
goto clean;
if (rsa_check_pubkey(&ctx->rsa))
goto clean;
if (key->keytype == RSAKEY_PRIV)
{
if (mpi_read_binary(&ctx->rsa.D, key->d, sizeof(key->d)))
goto clean;
if (mpi_read_binary(&ctx->rsa.P, key->p, sizeof(key->p)))
goto clean;
if (mpi_read_binary(&ctx->rsa.Q, key->q, sizeof(key->q)))
goto clean;
if (mpi_read_binary(&ctx->rsa.DP, key->dp, sizeof(key->dp)))
goto clean;
if (mpi_read_binary(&ctx->rsa.DQ, key->dq, sizeof(key->dq)))
goto clean;
if (mpi_read_binary(&ctx->rsa.QP, key->qp, sizeof(key->qp)))
goto clean;
if (rsa_check_privkey(&ctx->rsa))
goto clean;
}
return 1;
clean:
return 0;
}
int main(int argc, char** argv) {
int ret;
FILE* fp;
// Assumes no private key password
ret = x509parse_keyfile(&privrsa, (char*)PRIVATEKEYFILE, NULL);
if (ret != 0) {
printf(" ! x509parse_keyfile returned %d\n\n", ret);
return -1;
}
if (rsa_check_pubkey(&privrsa) != 0 || rsa_check_privkey(&privrsa) != 0) {
printf("public/private key validation failed.\n");
return -2;
}
printf("Private/Public key loaded. Encrypting message.\n");
if (rsa_pkcs1_encrypt(&privrsa, RSA_PUBLIC, strlen(MESSAGE),
(unsigned char*)MESSAGE, rsa_ciphertext) != 0) {
printf("Encryption of message failed\n");
return -3;
}
printf("Encryption complete. Output in message.crypt\n");
fp = fopen("message.crypt", "wb");
if (!fp) {
printf("Error opening message.crypt\n");
return -4;
}
fwrite(rsa_ciphertext, 128, 1, fp);
fclose(fp);
memset(&rsa_ciphertext, 0, sizeof(rsa_ciphertext));
// Now sign the message.
sha1((unsigned char*)MESSAGE, strlen(MESSAGE), hash);
// for (int i = 0; i < 20; i++)
// printf("%02X%s", hash[i], (i + 1) % 16 == 0 ? "\r\n" : " ");
// if (rsa_pkcs1_sign(&privrsa, RSA_PRIVATE, RSA_SHA1, 20, hash, rsa_ciphertext) != 0) {
if (rsa_pkcs1_sign(&privrsa, RSA_PRIVATE, RSA_SHA1, 20, hash, rsa_ciphertext) != 0) {
printf("Signature failed.\n");
return -5;
}
printf("Signing complete. Output in message.sig\n");
fp = fopen("message.sig", "wb");
if (!fp) {
printf("Error opening message.sig\n");
return -4;
}
fwrite(rsa_ciphertext, 128, 1, fp);
fclose(fp);
return 0;
}
/*
* Parse one or more certificates and add them to the chain
*/
int x509_add_certs( x509_cert *chain, unsigned char *buf, int buflen )
{
int ret, len;
unsigned char *s1, *s2;
unsigned char *p, *end;
x509_cert *crt;
crt = chain;
while( crt->version != 0 )
crt = crt->next;
/*
* check if the certificate is encoded in base64
*/
s1 = (unsigned char *) strstr( (char *) buf,
"-----BEGIN CERTIFICATE-----" );
if( s1 != NULL )
{
s2 = (unsigned char *) strstr( (char *) buf,
"-----END CERTIFICATE-----" );
if( s2 == NULL || s2 <= s1 )
return( ERR_X509_CERT_INVALID_PEM );
s1 += 27;
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
else return( ERR_X509_CERT_INVALID_PEM );
/*
* get the DER data length and decode the buffer
*/
len = 0;
ret = base64_decode( NULL, &len, s1, s2 - s1 );
if( ret == ERR_BASE64_INVALID_CHARACTER )
return( ERR_X509_CERT_INVALID_PEM | ret );
if( ( p = (unsigned char *) malloc( len ) ) == NULL )
return( 1 );
if( ( ret = base64_decode( p, &len, s1, s2 - s1 ) ) != 0 )
{
free( p );
return( ERR_X509_CERT_INVALID_PEM | ret );
}
/*
* update the buffer size and offset
*/
s2 += 25;
if( *s2 == '\r' ) s2++;
if( *s2 == '\n' ) s2++;
else return( ERR_X509_CERT_INVALID_PEM );
buflen -= s2 - buf;
buf = s2;
}
else
{
/*
* nope, copy the raw DER data
*/
p = (unsigned char *) malloc( len = buflen );
if( p == NULL )
return( 1 );
memcpy( p, buf, buflen );
buflen = 0;
}
crt->raw.p = p;
crt->raw.len = len;
end = p + len;
/*
* Certificate ::= SEQUENCE {
* tbsCertificate TBSCertificate,
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING }
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
x509_free_cert( crt );
return( ERR_X509_CERT_INVALID_FORMAT );
}
if( len != (int) ( end - p ) )
{
x509_free_cert( crt );
return( ERR_X509_CERT_INVALID_FORMAT |
ERR_ASN1_LENGTH_MISMATCH );
}
/*
* TBSCertificate ::= SEQUENCE {
*/
crt->tbs.p = p;
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
x509_free_cert( crt );
return( ERR_X509_CERT_INVALID_FORMAT | ret );
}
end = p + len;
crt->tbs.len = end - crt->tbs.p;
/*
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
*
* CertificateSerialNumber ::= INTEGER
*
* signature AlgorithmIdentifier
*/
if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
( ret = x509_get_alg( &p, end, &crt->sig_oid1 ) ) != 0 )
{
x509_free_cert( crt );
return( ret );
}
crt->version++;
if( crt->version > 3 )
{
x509_free_cert( crt );
return( ERR_X509_CERT_UNKNOWN_VERSION );
}
if( crt->sig_oid1.len != 9 ||
memcmp( crt->sig_oid1.p, OID_PKCS1, 8 ) != 0 )
{
x509_free_cert( crt );
return( ERR_X509_CERT_UNKNOWN_SIG_ALG );
}
if( crt->sig_oid1.p[8] < 2 ||
crt->sig_oid1.p[8] > 5 )
{
x509_free_cert( crt );
return( ERR_X509_CERT_UNKNOWN_SIG_ALG );
}
/*
* issuer Name
*/
crt->issuer_raw.p = p;
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
x509_free_cert( crt );
return( ERR_X509_CERT_INVALID_FORMAT | ret );
}
if( ( ret = x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
{
x509_free_cert( crt );
return( ret );
}
crt->issuer_raw.len = p - crt->issuer_raw.p;
/*
* Validity ::= SEQUENCE {
* notBefore Time,
* notAfter Time }
*
*/
if( ( ret = x509_get_dates( &p, end, &crt->valid_from,
&crt->valid_to ) ) != 0 )
{
x509_free_cert( crt );
return( ret );
}
/*
* subject Name
*/
crt->subject_raw.p = p;
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
x509_free_cert( crt );
return( ERR_X509_CERT_INVALID_FORMAT | ret );
}
if( ( ret = x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
{
x509_free_cert( crt );
return( ret );
}
crt->subject_raw.len = p - crt->subject_raw.p;
/*
* SubjectPublicKeyInfo ::= SEQUENCE
* algorithm AlgorithmIdentifier,
* subjectPublicKey BIT STRING }
*/
if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{
x509_free_cert( crt );
return( ERR_X509_CERT_INVALID_FORMAT | ret );
}
if( ( ret = x509_get_pubkey( &p, p + len, &crt->pk_oid,
&crt->rsa.N, &crt->rsa.E ) ) != 0 )
{
x509_free_cert( crt );
return( ret );
}
if( ( ret = rsa_check_pubkey( &crt->rsa ) ) != 0 )
{
x509_free_cert( crt );
return( ret );
}
crt->rsa.len = ( mpi_size( &crt->rsa.N ) + 7 ) >> 3;
/*
* issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
* -- If present, version shall be v2 or v3
* subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
* -- If present, version shall be v2 or v3
* extensions [3] EXPLICIT Extensions OPTIONAL
* -- If present, version shall be v3
*/
if( crt->version == 2 || crt->version == 3 )
{
ret = x509_get_uid( &p, end, &crt->issuer_id, 1 );
if( ret != 0 )
{
x509_free_cert( crt );
return( ret );
}
}
if( crt->version == 2 || crt->version == 3 )
{
ret = x509_get_uid( &p, end, &crt->subject_id, 2 );
if( ret != 0 )
{
x509_free_cert( crt );
return( ret );
}
}
if( crt->version == 3 )
{
ret = x509_get_ext( &p, end, &crt->v3_ext,
&crt->ca_istrue, &crt->max_pathlen );
if( ret != 0 )
{
x509_free_cert( crt );
return( ret );
}
}
if( p != end )
{
x509_free_cert( crt );
return( ERR_X509_CERT_INVALID_FORMAT |
ERR_ASN1_LENGTH_MISMATCH );
}
end = crt->raw.p + crt->raw.len;
/*
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING
*/
if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2 ) ) != 0 )
{
x509_free_cert( crt );
return( ret );
}
if( memcmp( crt->sig_oid1.p, crt->sig_oid2.p, 9 ) != 0 )
{
x509_free_cert( crt );
return( ERR_X509_CERT_SIG_MISMATCH );
}
if( ( ret = x509_get_sig( &p, end, &crt->sig ) ) != 0 )
{
x509_free_cert( crt );
return( ret );
}
if( p != end )
{
x509_free_cert( crt );
return( ERR_X509_CERT_INVALID_FORMAT |
ERR_ASN1_LENGTH_MISMATCH );
}
crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
if( crt->next == NULL )
{
x509_free_cert( crt );
return( 1 );
}
crt = crt->next;
memset( crt, 0, sizeof( x509_cert ) );
if( buflen > 0 )
return( x509_add_certs( crt, buf, buflen ) );
return( 0 );
}
/*
* Checkup routine
*/
int rsa_self_test( int verbose )
{
int ret = 0;
#if defined(POLARSSL_PKCS1_V15)
size_t len;
rsa_context rsa;
unsigned char rsa_plaintext[PT_LEN];
unsigned char rsa_decrypted[PT_LEN];
unsigned char rsa_ciphertext[KEY_LEN];
#if defined(POLARSSL_SHA1_C)
unsigned char sha1sum[20];
#endif
rsa_init( &rsa, RSA_PKCS_V15, 0 );
rsa.len = KEY_LEN;
MPI_CHK( mpi_read_string( &rsa.N , 16, RSA_N ) );
MPI_CHK( mpi_read_string( &rsa.E , 16, RSA_E ) );
MPI_CHK( mpi_read_string( &rsa.D , 16, RSA_D ) );
MPI_CHK( mpi_read_string( &rsa.P , 16, RSA_P ) );
MPI_CHK( mpi_read_string( &rsa.Q , 16, RSA_Q ) );
MPI_CHK( mpi_read_string( &rsa.DP, 16, RSA_DP ) );
MPI_CHK( mpi_read_string( &rsa.DQ, 16, RSA_DQ ) );
MPI_CHK( mpi_read_string( &rsa.QP, 16, RSA_QP ) );
if( verbose != 0 )
polarssl_printf( " RSA key validation: " );
if( rsa_check_pubkey( &rsa ) != 0 ||
rsa_check_privkey( &rsa ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
polarssl_printf( "passed\n PKCS#1 encryption : " );
memcpy( rsa_plaintext, RSA_PT, PT_LEN );
if( rsa_pkcs1_encrypt( &rsa, myrand, NULL, RSA_PUBLIC, PT_LEN,
rsa_plaintext, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
polarssl_printf( "passed\n PKCS#1 decryption : " );
if( rsa_pkcs1_decrypt( &rsa, myrand, NULL, RSA_PRIVATE, &len,
rsa_ciphertext, rsa_decrypted,
sizeof(rsa_decrypted) ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
#if defined(POLARSSL_SHA1_C)
if( verbose != 0 )
polarssl_printf( "passed\n PKCS#1 data sign : " );
sha1( rsa_plaintext, PT_LEN, sha1sum );
if( rsa_pkcs1_sign( &rsa, myrand, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1, 0,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
polarssl_printf( "passed\n PKCS#1 sig. verify: " );
if( rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC, POLARSSL_MD_SHA1, 0,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
polarssl_printf( "passed\n\n" );
#endif /* POLARSSL_SHA1_C */
cleanup:
rsa_free( &rsa );
#else /* POLARSSL_PKCS1_V15 */
((void) verbose);
#endif /* POLARSSL_PKCS1_V15 */
return( ret );
}
/*
* Checkup routine
*/
int rsa_self_test( void )
{
int len;
rsa_context rsa;
uchar md5sum[16];
uchar decrypted[PTLEN];
uchar ciphertext[CTLEN];
memset( &rsa, 0, sizeof( rsa ) );
rsa.len = 128;
#if 0
mpi_read( &rsa.N , "9292758453063D803DD603D5E777D788" \
"8ED1D5BF35786190FA2F23EBC0848AEA" \
"DDA92CA6C3D80B32C4D109BE0F36D6AE" \
"7130B9CED7ACDF54CFC7555AC14EEBAB" \
"93A89813FBF3C4F8066D2D800F7C38A8" \
"1AE31942917403FF4946B0A83D3D3E05" \
"EE57C6F5F5606FB5D4BC6CD34EE0801A" \
"5E94BB77B07507233A0BC7BAC8F90F79", 16 );
mpi_read( &rsa.E , "10001", 16 );
mpi_read( &rsa.D , "24BF6185468786FDD303083D25E64EFC" \
"66CA472BC44D253102F8B4A9D3BFA750" \
"91386C0077937FE33FA3252D28855837" \
"AE1B484A8A9A45F7EE8C0C634F99E8CD" \
"DF79C5CE07EE72C7F123142198164234" \
"CABB724CF78B8173B9F880FC86322407" \
"AF1FEDFDDE2BEB674CA15F3E81A1521E" \
"071513A1E85B5DFA031F21ECAE91A34D", 16 );
mpi_read( &rsa.P , "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
"2C01CAD19EA484A87EA4377637E75500" \
"FCB2005C5C7DD6EC4AC023CDA285D796" \
"C3D9E75E1EFC42488BB4F1D13AC30A57", 16 );
mpi_read( &rsa.Q , "C000DF51A7C77AE8D7C7370C1FF55B69" \
"E211C2B9E5DB1ED0BF61D0D9899620F4" \
"910E4168387E3C30AA1E00C339A79508" \
"8452DD96A9A5EA5D9DCA68DA636032AF", 16 );
mpi_read( &rsa.DP, "C1ACF567564274FB07A0BBAD5D26E298" \
"3C94D22288ACD763FD8E5600ED4A702D" \
"F84198A5F06C2E72236AE490C93F07F8" \
"3CC559CD27BC2D1CA488811730BB5725", 16 );
mpi_read( &rsa.DQ, "4959CBF6F8FEF750AEE6977C155579C7" \
"D8AAEA56749EA28623272E4F7D0592AF" \
"7C1F1313CAC9471B5C523BFE592F517B" \
"407A1BD76C164B93DA2D32A383E58357", 16 );
mpi_read( &rsa.QP, "9AE7FBC99546432DF71896FC239EADAE" \
"F38D18D2B2F0E2DD275AA977E2BF4411" \
"F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
"A74206CEC169D74BF5A8C50D6F48EA08", 16 );
#else
mpi_read( &rsa.N , "EEF43DF231F4FEFDA3FF0576F864912B" \
"F5D51D627C5911F4794F54C8BE178C66" \
"FD9C447BE512735818E93CF88AB1696C" \
"1C634A898DBFCE384F74CD347B715419" \
"EAE05016842B752F127CC224535C4708" \
"8DE7566D50F0CFC013B2592BAB1E042A" \
"76239E5262D931B84BDAB640028AFE7C" \
"39E2B75A353EABF827854EE249C6EA45", 16 );
mpi_read( &rsa.E , "010001", 16 );
mpi_read( &rsa.D , "B6F6044861BFF94E34379BF3901550A2" \
"9C44658F772EABF4C8BDD9692B43D499" \
"372E63B189A02AF91579E0D95D38A243" \
"C928AD75CD3743AB120B98E3CA70E7B6" \
"C5B3C1EA2065EF5A6347F80B247044D4" \
"775C4379C2286F8724E0DFE859F808E8" \
"BFBE3D257EF84E3A455C5BC452F5600E" \
"5CDD62818D7E937C7D4C9819C1FAF331", 16 );
mpi_read( &rsa.P , "FBD24AF8F6132E9E1D07B73CFD6D0ECE" \
"6E49DD602EF0F4D6FE6DF66493F016EA" \
"C19FF290749194145C3229D0CC57B31F" \
"199AE2819572271CFE40279063B5BEAB", 16 );
mpi_read( &rsa.Q , "F2EB4A3E41438F2690EC2DED0198E4BD" \
"7ABA01D374A27C92BDAEA3803FF8584C" \
"2B923C95868B4C53DCEEA3A750D7B702" \
"748522C8BF781CCED4E76B52A9DD3ACF", 16 );
mpi_read( &rsa.DP, "3947752C39F4D506BBFDB44D582BC551" \
"693EBDEF11DE5722CC0EC11BD196ABEF" \
"CC0910C890EB482E756627A2C9C82D03" \
"26F4D70EB8AA9580FFC821F7B2E6752F", 16 );
mpi_read( &rsa.DQ, "5A71D28DC55CF322A7D8D7ECA3A89A9A" \
"15E4C5A3468CED16F1BAE133721DF43A" \
"400ACDB5DA8768DEDCA69996455A5BD0" \
"7533D0D4AFBD77F4667ED78DCAA30D2F", 16 );
mpi_read( &rsa.QP, "81267EDB140CE8F07CA92F508FEA134B" \
"23C871D428C6EF870F08FFF2AD46D210" \
"8FCD67E28FF95E8E332B5EEE16EB8784" \
"AB3D1E59B078CB93EF5C6E0F12419439", 16 );
#endif
printf( " RSA key validation: " );
if( rsa_check_pubkey( &rsa ) != 0 ||
rsa_check_privkey( &rsa ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n PKCS#1 encryption : " );
if( rsa_pkcs1_encrypt( &rsa, plaintext, PTLEN,
ciphertext, CTLEN ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n PKCS#1 decryption : " );
len = sizeof( decrypted );
if( rsa_pkcs1_decrypt( &rsa, ciphertext, CTLEN,
decrypted, &len ) != 0 ||
memcmp( decrypted, plaintext, len ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n PKCS#1 data sign : " );
md5_csum( plaintext, PTLEN, md5sum );
if( rsa_pkcs1_sign( &rsa, RSA_MD5, md5sum, 16,
ciphertext, CTLEN ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n PKCS#1 sig. verify: " );
if( rsa_pkcs1_verify( &rsa, RSA_MD5, md5sum, 16,
ciphertext, CTLEN ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n\n" );
rsa_free( &rsa );
return( 0 );
}
/*
* Checkup routine
*/
int rsa_self_test( int verbose )
{
int len;
rsa_context rsa;
unsigned char sha1sum[20];
unsigned char rsa_plaintext[PT_LEN];
unsigned char rsa_decrypted[PT_LEN];
unsigned char rsa_ciphertext[KEY_LEN];
memset( &rsa, 0, sizeof( rsa_context ) );
rsa.len = KEY_LEN;
mpi_read_string( &rsa.N , 16, RSA_N );
mpi_read_string( &rsa.E , 16, RSA_E );
mpi_read_string( &rsa.D , 16, RSA_D );
mpi_read_string( &rsa.P , 16, RSA_P );
mpi_read_string( &rsa.Q , 16, RSA_Q );
mpi_read_string( &rsa.DP, 16, RSA_DP );
mpi_read_string( &rsa.DQ, 16, RSA_DQ );
mpi_read_string( &rsa.QP, 16, RSA_QP );
if( verbose != 0 )
printf( " RSA key validation: " );
if( rsa_check_pubkey( &rsa ) != 0 ||
rsa_check_privkey( &rsa ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n PKCS#1 encryption : " );
memcpy( rsa_plaintext, RSA_PT, PT_LEN );
if( rsa_pkcs1_encrypt( &rsa, RSA_PUBLIC, PT_LEN,
rsa_plaintext, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n PKCS#1 decryption : " );
if( rsa_pkcs1_decrypt( &rsa, RSA_PRIVATE, &len,
rsa_ciphertext, rsa_decrypted,
sizeof(rsa_decrypted) ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n PKCS#1 data sign : " );
sha1( rsa_plaintext, PT_LEN, sha1sum );
if( rsa_pkcs1_sign( &rsa, RSA_PRIVATE, SIG_RSA_SHA1, 20,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n PKCS#1 sig. verify: " );
if( rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1, 20,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n\n" );
rsa_free( &rsa );
return( 0 );
}
TEST_FIXTURE(HandshakeFixture, FixturePublicKeyIsValid)
{
rsa_context rsa;
init_rsa_context_with_public_key(&rsa, pubkey);
CHECK_EQUAL(0, rsa_check_pubkey(&rsa));
}
/*
* Checkup routine
*/
int main ( void )
{
int len;
rsa_context rsa;
unsigned char md5sum[16];
unsigned char rsa_plaintext[PTLEN];
unsigned char rsa_decrypted[PTLEN];
unsigned char rsa_ciphertext[CTLEN];
memset( &rsa, 0, sizeof( rsa ) );
rsa.len = 128;
mpi_read( &rsa.N , "9292758453063D803DD603D5E777D788" \
"8ED1D5BF35786190FA2F23EBC0848AEA" \
"DDA92CA6C3D80B32C4D109BE0F36D6AE" \
"7130B9CED7ACDF54CFC7555AC14EEBAB" \
"93A89813FBF3C4F8066D2D800F7C38A8" \
"1AE31942917403FF4946B0A83D3D3E05" \
"EE57C6F5F5606FB5D4BC6CD34EE0801A" \
"5E94BB77B07507233A0BC7BAC8F90F79", 16 );
mpi_read( &rsa.E , "10001", 16 );
mpi_read( &rsa.D , "24BF6185468786FDD303083D25E64EFC" \
"66CA472BC44D253102F8B4A9D3BFA750" \
"91386C0077937FE33FA3252D28855837" \
"AE1B484A8A9A45F7EE8C0C634F99E8CD" \
"DF79C5CE07EE72C7F123142198164234" \
"CABB724CF78B8173B9F880FC86322407" \
"AF1FEDFDDE2BEB674CA15F3E81A1521E" \
"071513A1E85B5DFA031F21ECAE91A34D", 16 );
mpi_read( &rsa.P , "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
"2C01CAD19EA484A87EA4377637E75500" \
"FCB2005C5C7DD6EC4AC023CDA285D796" \
"C3D9E75E1EFC42488BB4F1D13AC30A57", 16 );
mpi_read( &rsa.Q , "C000DF51A7C77AE8D7C7370C1FF55B69" \
"E211C2B9E5DB1ED0BF61D0D9899620F4" \
"910E4168387E3C30AA1E00C339A79508" \
"8452DD96A9A5EA5D9DCA68DA636032AF", 16 );
mpi_read( &rsa.DP, "C1ACF567564274FB07A0BBAD5D26E298" \
"3C94D22288ACD763FD8E5600ED4A702D" \
"F84198A5F06C2E72236AE490C93F07F8" \
"3CC559CD27BC2D1CA488811730BB5725", 16 );
mpi_read( &rsa.DQ, "4959CBF6F8FEF750AEE6977C155579C7" \
"D8AAEA56749EA28623272E4F7D0592AF" \
"7C1F1313CAC9471B5C523BFE592F517B" \
"407A1BD76C164B93DA2D32A383E58357", 16 );
mpi_read( &rsa.QP, "9AE7FBC99546432DF71896FC239EADAE" \
"F38D18D2B2F0E2DD275AA977E2BF4411" \
"F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
"A74206CEC169D74BF5A8C50D6F48EA08", 16 );
printf( " RSA key validation: " );
if( rsa_check_pubkey( &rsa ) != 0 ||
rsa_check_privkey( &rsa ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n PKCS#1 encryption : " );
memcpy( rsa_plaintext,
"\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
"\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD", PTLEN );
len = CTLEN;
if( rsa_pkcs1_encrypt( &rsa, rsa_plaintext, PTLEN,
rsa_ciphertext, &len ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n PKCS#1 decryption : " );
len = sizeof( rsa_decrypted );
if( rsa_pkcs1_decrypt( &rsa, rsa_ciphertext, CTLEN,
rsa_decrypted, &len ) != 0 ||
memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n" );
#if 0
md5_csum( rsa_plaintext, PTLEN, md5sum );
if( rsa_pkcs1_sign( &rsa, RSA_MD5, md5sum, 16,
rsa_ciphertext, CTLEN ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n PKCS#1 sig. verify: " );
if( rsa_pkcs1_verify( &rsa, RSA_MD5, md5sum, 16,
rsa_ciphertext, CTLEN ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n\n" );
#endif
rsa_free( &rsa );
return( 0 );
}
