int rsa_test() { byte tmp[1024], tmp2[2048]; size_t bytes, bytes2; RsaKey key; RNG rng; word32 idx = 0; int ret; byte in[] = "Everyone gets Friday off."; word32 inLen = (word32)strlen((char*)in); byte out[64]; byte plain[64]; DecodedCert cert; FILE* file = fopen(clientKey, "rb"), * file2; if (!file) return -40; bytes = fread(tmp, 1, 1024, file); InitRsaKey(&key, 0); ret = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); if (ret != 0) return -41; ret = InitRng(&rng); if (ret != 0) return -42; ret = RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng); ret = RsaPrivateDecrypt(out, 64, plain, sizeof(plain), &key); if (memcmp(plain, in, inLen)) return -45; ret = RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng); memset(plain, 0, sizeof(plain)); ret = RsaSSL_Verify(out, 64, plain, sizeof(plain), &key); if (memcmp(plain, in, ret)) return -46; file2 = fopen(clientCert, "rb"); if (!file2) return -47; bytes2 = fread(tmp2, 1, 2048, file2); InitDecodedCert(&cert, (byte*)&tmp2, 0); ret = ParseCert(&cert, (word32)bytes2, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) return -48; FreeDecodedCert(&cert); FreeRsaKey(&key); fclose(file2); fclose(file); return 0; }
/* RSA Public Encrypt */ int CRYPT_RSA_PublicEncrypt(CRYPT_RSA_CTX* rsa, unsigned char* out, unsigned int outSz, const unsigned char* in, unsigned int inSz, CRYPT_RNG_CTX* rng) { if (rsa == NULL || in == NULL || out == NULL || rng == NULL) return BAD_FUNC_ARG; return RsaPublicEncrypt(in, inSz, out, outSz, (RsaKey*)rsa->holder, (WC_RNG*)rng); }
void bench_rsa(void) { int i; byte tmp[3072]; size_t bytes; word32 idx = 0; byte message[] = "Everyone gets Friday off."; byte enc[512]; /* for up to 4096 bit */ byte* output; const int len = (int)strlen((char*)message); double start, total, each, milliEach; RsaKey rsaKey; FILE* file = fopen("./certs/rsa2048.der", "rb"); if (!file) { printf("can't find ./certs/rsa2048.der, " "Please run from CyaSSL home dir\n"); return; } InitRng(&rng); bytes = fread(tmp, 1, sizeof(tmp), file); InitRsaKey(&rsaKey, 0); bytes = RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes); start = current_time(); for (i = 0; i < times; i++) bytes = RsaPublicEncrypt(message,len,enc,sizeof(enc), &rsaKey, &rng); total = current_time() - start; each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ printf("RSA 2048 encryption took %6.2f milliseconds, avg over %d" " iterations\n", milliEach, times); start = current_time(); for (i = 0; i < times; i++) RsaPrivateDecryptInline(enc, (word32)bytes, &output, &rsaKey); total = current_time() - start; each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ printf("RSA 2048 decryption took %6.2f milliseconds, avg over %d" " iterations\n", milliEach, times); fclose(file); FreeRsaKey(&rsaKey); }
void bench_rsa() { int i; byte tmp[1024]; size_t bytes; word32 idx = 0; byte message[] = "Everyone gets Friday off."; byte cipher[128]; /* for 1024 bit */ byte plain[128]; /* for 1024 bit */ const int len = (int)strlen((char*)message); double start, total, each, milliEach; RsaKey key; FILE* file = fopen("./rsa1024.der", "rb"); if (!file) { printf("can't find ./rsa1024.der\n"); return; } bytes = fread(tmp, 1, 1024, file); InitRsaKey(&key, 0); bytes = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); start = current_time(); for (i = 0; i < times; i++) RsaPublicEncrypt(message, len, cipher, sizeof(cipher), &key, &rng); total = current_time() - start; each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ printf("RSA 1024 encryption took %6.2f milliseconds, avg over %d" " iterations\n", milliEach, times); start = current_time(); for (i = 0; i < times; i++) RsaPrivateDecrypt(cipher, 128, plain, sizeof(plain), &key); total = current_time() - start; each = total / times; /* per second */ milliEach = each * 1000; /* milliseconds */ printf("RSA 1024 decryption took %6.2f milliseconds, avg over %d" " iterations\n", milliEach, times); fclose(file); FreeRsaKey(&key); }
/* check mcapi rsa */ static int check_rsa(void) { CRYPT_RSA_CTX mcRsa; RsaKey defRsa; int ret; int ret2; unsigned int keySz = (unsigned int)sizeof(client_key_der_1024); unsigned int idx = 0; byte out1[256]; byte out2[256]; InitRsaKey(&defRsa, NULL); ret = CRYPT_RSA_Initialize(&mcRsa); if (ret != 0) { printf("mcapi rsa init failed\n"); return -1; } ret = CRYPT_RSA_PrivateKeyDecode(&mcRsa, client_key_der_1024, keySz); if (ret != 0) { printf("mcapi rsa private key decode failed\n"); return -1; } ret = RsaPrivateKeyDecode(client_key_der_1024, &idx, &defRsa, keySz); if (ret != 0) { printf("default rsa private key decode failed\n"); return -1; } ret = CRYPT_RSA_PublicEncrypt(&mcRsa, out1, sizeof(out1), ourData, RSA_TEST_SIZE, &mcRng); if (ret < 0) { printf("mcapi rsa public encrypt failed\n"); return -1; } ret2 = RsaPublicEncrypt(ourData, RSA_TEST_SIZE, out2, sizeof(out2), &defRsa, &defRng); if (ret2 < 0) { printf("default rsa public encrypt failed\n"); return -1; } if (ret != ret2) { printf("default rsa public encrypt sz != mcapi sz\n"); return -1; } if (ret != CRYPT_RSA_EncryptSizeGet(&mcRsa)) { printf("mcapi encrypt sz get != mcapi sz\n"); return -1; } ret = CRYPT_RSA_PrivateDecrypt(&mcRsa, out2, sizeof(out2), out1, ret); if (ret < 0) { printf("mcapi rsa private derypt failed\n"); return -1; } if (ret != RSA_TEST_SIZE) { printf("mcapi rsa private derypt plain size wrong\n"); return -1; } if (memcmp(out2, ourData, ret) != 0) { printf("mcapi rsa private derypt plain text bad\n"); return -1; } FreeRsaKey(&defRsa); ret = CRYPT_RSA_Free(&mcRsa); if (ret != 0) { printf("mcapi rsa free failed\n"); return -1; } printf("rsa mcapi test passed\n"); return 0; }
void bench_rsa(void) { int i; int ret; byte tmp[3072]; size_t bytes; word32 idx = 0; byte message[] = "Everyone gets Friday off."; byte enc[512]; /* for up to 4096 bit */ const int len = (int)strlen((char*)message); double start, total, each, milliEach; RsaKey rsaKey; int rsaKeySz = 2048; /* used in printf */ #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(tmp, rsa_key_der_1024, sizeof_rsa_key_der_1024); bytes = sizeof_rsa_key_der_1024; rsaKeySz = 1024; #elif defined(USE_CERT_BUFFERS_2048) XMEMCPY(tmp, rsa_key_der_2048, sizeof_rsa_key_der_2048); bytes = sizeof_rsa_key_der_2048; #else FILE* file = fopen(certRSAname, "rb"); if (!file) { printf("can't find %s, Please run from CyaSSL home dir\n", certRSAname); return; } bytes = fread(tmp, 1, sizeof(tmp), file); fclose(file); #endif /* USE_CERT_BUFFERS */ #ifdef HAVE_CAVIUM if (RsaInitCavium(&rsaKey, CAVIUM_DEV_ID) != 0) printf("RSA init cavium failed\n"); #endif ret = InitRng(&rng); if (ret < 0) { printf("InitRNG failed\n"); return; } ret = InitRsaKey(&rsaKey, 0); if (ret < 0) { printf("InitRsaKey failed\n"); return; } ret = RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes); start = current_time(1); for (i = 0; i < ntimes; i++) ret = RsaPublicEncrypt(message,len,enc,sizeof(enc), &rsaKey, &rng); total = current_time(0) - start; each = total / ntimes; /* per second */ milliEach = each * 1000; /* milliseconds */ printf("RSA %d encryption took %6.3f milliseconds, avg over %d" " iterations\n", rsaKeySz, milliEach, ntimes); if (ret < 0) { printf("Rsa Public Encrypt failed\n"); return; } start = current_time(1); for (i = 0; i < ntimes; i++) { byte out[512]; /* for up to 4096 bit */ RsaPrivateDecrypt(enc, (word32)ret, out, sizeof(out), &rsaKey); } total = current_time(0) - start; each = total / ntimes; /* per second */ milliEach = each * 1000; /* milliseconds */ printf("RSA %d decryption took %6.3f milliseconds, avg over %d" " iterations\n", rsaKeySz, milliEach, ntimes); FreeRsaKey(&rsaKey); #ifdef HAVE_CAVIUM RsaFreeCavium(&rsaKey); #endif }
int rsa_test() { byte tmp[1024], tmp2[2048]; size_t bytes, bytes2; RsaKey key; RNG rng; word32 idx = 0; int ret; byte in[] = "Everyone gets Friday off."; word32 inLen = (word32)strlen((char*)in); byte out[64]; byte plain[64]; DecodedCert cert; FILE* file = fopen(clientKey, "rb"), * file2; if (!file) return -40; bytes = fread(tmp, 1, 1024, file); InitRsaKey(&key, 0); ret = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); if (ret != 0) return -41; ret = InitRng(&rng); if (ret != 0) return -42; ret = RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng); ret = RsaPrivateDecrypt(out, 64, plain, sizeof(plain), &key); if (memcmp(plain, in, inLen)) return -45; ret = RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng); memset(plain, 0, sizeof(plain)); ret = RsaSSL_Verify(out, 64, plain, sizeof(plain), &key); if (memcmp(plain, in, ret)) return -46; file2 = fopen(clientCert, "rb"); if (!file2) return -47; bytes2 = fread(tmp2, 1, 2048, file2); InitDecodedCert(&cert, (byte*)&tmp2, 0); ret = ParseCert(&cert, (word32)bytes2, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) return -48; FreeDecodedCert(&cert); fclose(file2); fclose(file); #ifdef CYASSL_KEY_GEN { byte der[4096]; byte pem[4096]; word32 derSz = 0; word32 pemSz = 0; RsaKey derIn; RsaKey genKey; FILE* keyFile; FILE* pemFile; InitRsaKey(&genKey, 0); ret = MakeRsaKey(&genKey, 1024, 65537, &rng); if (ret != 0) return -301; derSz = RsaKeyToDer(&genKey, der, sizeof(der)); if (derSz < 0) return -302; keyFile = fopen("./ker.der", "wb"); if (!keyFile) return -303; ret = fwrite(der, derSz, 1, keyFile); fclose(keyFile); pemSz = DerToPem(der, derSz, pem, sizeof(pem), PRIVATEKEY_TYPE); if (pemSz < 0) return -304; pemFile = fopen("./key.pem", "wb"); if (!pemFile) return -305; ret = fwrite(pem, pemSz, 1, pemFile); fclose(pemFile); InitRsaKey(&derIn, 0); idx = 0; ret = RsaPrivateKeyDecode(der, &idx, &derIn, derSz); if (ret != 0) return -306; } #endif /* CYASSL_KEY_GEN */ #ifdef CYASSL_CERT_GEN { Cert myCert; byte derCert[4096]; byte pem[4096]; DecodedCert decode; FILE* derFile; FILE* pemFile; int certSz; int pemSz; InitCert(&myCert); strncpy(myCert.subject.country, "US", NAME_SIZE); strncpy(myCert.subject.state, "OR", NAME_SIZE); strncpy(myCert.subject.locality, "Portland", NAME_SIZE); strncpy(myCert.subject.org, "yaSSL", NAME_SIZE); strncpy(myCert.subject.unit, "Development", NAME_SIZE); strncpy(myCert.subject.commonName, "www.yassl.com", NAME_SIZE); strncpy(myCert.subject.email, "*****@*****.**", NAME_SIZE); certSz = MakeCert(&myCert, derCert, sizeof(derCert), &key, &rng); if (certSz < 0) return -401; InitDecodedCert(&decode, derCert, 0); ret = ParseCert(&decode, certSz, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) return -402; derFile = fopen("./cert.der", "wb"); if (!derFile) return -403; ret = fwrite(derCert, certSz, 1, derFile); fclose(derFile); pemSz = DerToPem(derCert, certSz, pem, sizeof(pem), CERT_TYPE); if (pemSz < 0) return -404; pemFile = fopen("./cert.pem", "wb"); if (!pemFile) return -405; ret = fwrite(pem, pemSz, 1, pemFile); fclose(pemFile); FreeDecodedCert(&decode); } #endif /* CYASSL_CERT_GEN */ FreeRsaKey(&key); return 0; }
/* create ASN.1 fomatted RecipientInfo structure, returns sequence size */ CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz, int keyEncAlgo, int blockKeySz, RNG* rng, byte* contentKeyPlain, byte* contentKeyEnc, int* keyEncSz, byte* out, word32 outSz) { word32 idx = 0; int ret = 0, totalSz = 0; int verSz, issuerSz, snSz, keyEncAlgSz; int issuerSeqSz, recipSeqSz, issuerSerialSeqSz; int encKeyOctetStrSz; byte ver[MAX_VERSION_SZ]; byte serial[MAX_SN_SZ]; byte issuerSerialSeq[MAX_SEQ_SZ]; byte recipSeq[MAX_SEQ_SZ]; byte issuerSeq[MAX_SEQ_SZ]; byte keyAlgArray[MAX_ALGO_SZ]; byte encKeyOctetStr[MAX_OCTET_STR_SZ]; RsaKey pubKey; DecodedCert decoded; InitDecodedCert(&decoded, (byte*)cert, certSz, 0); ret = ParseCert(&decoded, CA_TYPE, NO_VERIFY, 0); if (ret < 0) { FreeDecodedCert(&decoded); return ret; } /* version */ verSz = SetMyVersion(0, ver, 0); /* IssuerAndSerialNumber */ if (decoded.issuerRaw == NULL || decoded.issuerRawLen == 0) { CYASSL_MSG("DecodedCert lacks raw issuer pointer and length"); FreeDecodedCert(&decoded); return -1; } issuerSz = decoded.issuerRawLen; issuerSeqSz = SetSequence(issuerSz, issuerSeq); if (decoded.serial == NULL || decoded.serialSz == 0) { CYASSL_MSG("DecodedCert missing serial number"); FreeDecodedCert(&decoded); return -1; } snSz = SetSerialNumber(decoded.serial, decoded.serialSz, serial); issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz, issuerSerialSeq); /* KeyEncryptionAlgorithmIdentifier, only support RSA now */ if (keyEncAlgo != RSAk) return ALGO_ID_E; keyEncAlgSz = SetAlgoID(keyEncAlgo, keyAlgArray, keyType, 0); if (keyEncAlgSz == 0) return BAD_FUNC_ARG; /* EncryptedKey */ ret = InitRsaKey(&pubKey, 0); if (ret != 0) return ret; if (RsaPublicKeyDecode(decoded.publicKey, &idx, &pubKey, decoded.pubKeySize) < 0) { CYASSL_MSG("ASN RSA key decode error"); return PUBLIC_KEY_E; } *keyEncSz = RsaPublicEncrypt(contentKeyPlain, blockKeySz, contentKeyEnc, MAX_ENCRYPTED_KEY_SZ, &pubKey, rng); FreeRsaKey(&pubKey); if (*keyEncSz < 0) { CYASSL_MSG("RSA Public Encrypt failed"); return *keyEncSz; } encKeyOctetStrSz = SetOctetString(*keyEncSz, encKeyOctetStr); /* RecipientInfo */ recipSeqSz = SetSequence(verSz + issuerSerialSeqSz + issuerSeqSz + issuerSz + snSz + keyEncAlgSz + encKeyOctetStrSz + *keyEncSz, recipSeq); if (recipSeqSz + verSz + issuerSerialSeqSz + issuerSeqSz + snSz + keyEncAlgSz + encKeyOctetStrSz + *keyEncSz > (int)outSz) { CYASSL_MSG("RecipientInfo output buffer too small"); return BUFFER_E; } XMEMCPY(out + totalSz, recipSeq, recipSeqSz); totalSz += recipSeqSz; XMEMCPY(out + totalSz, ver, verSz); totalSz += verSz; XMEMCPY(out + totalSz, issuerSerialSeq, issuerSerialSeqSz); totalSz += issuerSerialSeqSz; XMEMCPY(out + totalSz, issuerSeq, issuerSeqSz); totalSz += issuerSeqSz; XMEMCPY(out + totalSz, decoded.issuerRaw, issuerSz); totalSz += issuerSz; XMEMCPY(out + totalSz, serial, snSz); totalSz += snSz; XMEMCPY(out + totalSz, keyAlgArray, keyEncAlgSz); totalSz += keyEncAlgSz; XMEMCPY(out + totalSz, encKeyOctetStr, encKeyOctetStrSz); totalSz += encKeyOctetStrSz; XMEMCPY(out + totalSz, contentKeyEnc, *keyEncSz); totalSz += *keyEncSz; FreeDecodedCert(&decoded); return totalSz; }