uint8_t *rsa_apply(uint8_t *input, int inlen, int *outlen, int mode) { rsa_context trsa; const char *pers = "rsa_encrypt"; int rc; entropy_context entropy; ctr_drbg_context ctr_drbg; entropy_init(&entropy); if ((rc = ctr_drbg_init(&ctr_drbg, entropy_func, &entropy, (const unsigned char *)pers, strlen(pers))) != 0) debug(1, "ctr_drbg_init returned %d\n", rc); rsa_init(&trsa, RSA_PKCS_V21, POLARSSL_MD_SHA1); // padding and hash id get overwritten // BTW, this seems to reset a lot of parameters in the rsa_context rc = x509parse_key(&trsa, (unsigned char *)super_secret_key, strlen(super_secret_key), NULL, 0); if (rc != 0) debug(1, "Error %d reading the private key."); uint8_t *out = NULL; switch (mode) { case RSA_MODE_AUTH: trsa.padding = RSA_PKCS_V15; trsa.hash_id = POLARSSL_MD_NONE; debug(2, "rsa_apply encrypt"); out = malloc(trsa.len); rc = rsa_pkcs1_encrypt(&trsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, inlen, input, out); if (rc != 0) debug(1, "rsa_pkcs1_encrypt error %d.", rc); *outlen = trsa.len; break; case RSA_MODE_KEY: debug(2, "rsa_apply decrypt"); trsa.padding = RSA_PKCS_V21; trsa.hash_id = POLARSSL_MD_SHA1; out = malloc(trsa.len); #if POLARSSL_VERSION_NUMBER >= 0x01020900 rc = rsa_pkcs1_decrypt(&trsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, (size_t *)outlen, input, out, trsa.len); #else rc = rsa_pkcs1_decrypt(&trsa, RSA_PRIVATE, outlen, input, out, trsa.len); #endif if (rc != 0) debug(1, "decrypt error %d.", rc); break; default: die("bad rsa mode"); } rsa_free(&trsa); debug(2, "rsa_apply exit"); return out; }
int cRSAPrivateKey::Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength) { if (a_EncryptedLength < m_Rsa.len) { LOGD("%s: Invalid a_EncryptedLength: got %u, exp at least %u", __FUNCTION__, (unsigned)a_EncryptedLength, (unsigned)(m_Rsa.len) ); ASSERT(!"Invalid a_DecryptedMaxLength!"); return -1; } if (a_DecryptedMaxLength < m_Rsa.len) { LOGD("%s: Invalid a_DecryptedMaxLength: got %u, exp at least %u", __FUNCTION__, (unsigned)a_EncryptedLength, (unsigned)(m_Rsa.len) ); ASSERT(!"Invalid a_DecryptedMaxLength!"); return -1; } size_t DecryptedLength; int res = rsa_pkcs1_decrypt( &m_Rsa, ctr_drbg_random, &m_Ctr_drbg, RSA_PRIVATE, &DecryptedLength, a_EncryptedData, a_DecryptedData, a_DecryptedMaxLength ); if (res != 0) { return -1; } return (int)DecryptedLength; }
/** * Decrypts a string and removes the padding using either private or public key. * (depending on mode). * @param ciphertext: binary string to be decrypted. * @param key: table containing either the public or the private key, as generated by gen_key. * @return The original message (if everything works ok). * @see rsa_genkey */ static int luarsa_pkcs1_decrypt (lua_State *L) { int res = 0; int mode; size_t lmsg, lresult; rsa_context rsa; char *message = (char*)luaL_checklstring(L, 1, &lmsg); /* ciphertext */ char result[KEY_SIZE]; rsa_init( &rsa, RSA_PKCS_V15, 0, NULL, NULL ); mode = processKey(L, 2, &rsa); /* keytable */ rsa.len = lmsg; memset(result, 0, KEY_SIZE); printf("\nMode==%s\n", mode==RSA_PUBLIC ? "RSA_PUBLIC" : "RSA_PRIVATE" ); printf("Size==%d\n", lmsg ); printf("Crypt.Size==%d\n", rsa.len ); printf("ver: %d\n", rsa.ver); printf("len: %d\n", rsa.len); printf("padding: %d\n", rsa.padding); printf("hash_id: %d\n", rsa.hash_id); mpi_print("N:%s\n", &rsa.N); mpi_print("E:%s\n", &rsa.E); if(mode!=RSA_PUBLIC) { mpi_print("D:%s\n", &rsa.D); mpi_print("P:%s\n", &rsa.P); mpi_print("Q:%s\n", &rsa.Q); mpi_print("DP:%s\n", &rsa.DP); mpi_print("DQ:%s\n", &rsa.DQ); mpi_print("QP:%s\n", &rsa.QP); //mpi_print("RN:%s\n", &rsa.RN); //mpi_print("RP:%s\n", &rsa.RP); //mpi_print("RQ:%s\n", &rsa.RQ); } // pass rsa context and ciphertext to decryption engine res = rsa_pkcs1_decrypt(&rsa, RSA_PRIVATE, &lmsg, message, result); printf("Orig.Size==%d\n", lmsg ); if(res) { luaL_error(L, "Error during cipher (%d)", res); } // push encrypted result buffer lua_pushlstring(L, result, lmsg); /* ciphertext */ rsa_free( &rsa ); return 1; }
static int rsa_decrypt_wrap( void *ctx, const unsigned char *input, size_t ilen, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { if( ilen != ((rsa_context *) ctx)->len ) return( POLARSSL_ERR_RSA_BAD_INPUT_DATA ); return( rsa_pkcs1_decrypt( (rsa_context *) ctx, f_rng, p_rng, RSA_PRIVATE, olen, input, output, osize ) ); }
int rsa_decrypt (const uint8_t *input, uint8_t *output, int msg_len, struct key_data *kd) { mpi P1, Q1, H; int r; int output_len; DEBUG_INFO ("RSA decrypt:"); DEBUG_WORD ((uint32_t)&output_len); mpi_init (&P1, &Q1, &H, NULL); rsa_init (&rsa_ctx, RSA_PKCS_V15, 0); rsa_ctx.len = msg_len; DEBUG_WORD (msg_len); mpi_lset (&rsa_ctx.E, 0x10001); mpi_read_binary (&rsa_ctx.P, &kd->data[0], KEY_CONTENT_LEN / 2); mpi_read_binary (&rsa_ctx.Q, &kd->data[KEY_CONTENT_LEN/2], KEY_CONTENT_LEN / 2); #if 0 /* Using CRT, we don't use N */ mpi_mul_mpi (&rsa_ctx.N, &rsa_ctx.P, &rsa_ctx.Q); #endif mpi_sub_int (&P1, &rsa_ctx.P, 1); mpi_sub_int (&Q1, &rsa_ctx.Q, 1); mpi_mul_mpi (&H, &P1, &Q1); mpi_inv_mod (&rsa_ctx.D , &rsa_ctx.E, &H); mpi_mod_mpi (&rsa_ctx.DP, &rsa_ctx.D, &P1); mpi_mod_mpi (&rsa_ctx.DQ, &rsa_ctx.D, &Q1); mpi_inv_mod (&rsa_ctx.QP, &rsa_ctx.Q, &rsa_ctx.P); mpi_free (&P1, &Q1, &H, NULL); DEBUG_INFO ("RSA decrypt ..."); r = rsa_pkcs1_decrypt (&rsa_ctx, RSA_PRIVATE, &output_len, input, output, MAX_RES_APDU_DATA_SIZE); rsa_free (&rsa_ctx); if (r < 0) { DEBUG_INFO ("fail:"); DEBUG_SHORT (r); return r; } else { res_APDU_size = output_len; DEBUG_INFO ("done.\r\n"); GPG_SUCCESS (); return 0; } }
int decipher_aes_credentials(const unsigned char *private_key, const unsigned char *ciphertext, unsigned char *aes_credentials) { rsa_context rsa; init_rsa_context_with_private_key(&rsa, private_key); int len = 128; int ret = rsa_pkcs1_decrypt(&rsa, RSA_PRIVATE, &len, ciphertext, aes_credentials, 40); rsa_free(&rsa); return ret; }
int decipher_aes_credentials(const unsigned char *private_key, const unsigned char *ciphertext, unsigned char *aes_credentials) { rsa_context rsa; init_rsa_context_with_private_key(&rsa, private_key); #ifdef USE_MBEDTLS size_t len = 128; int ret = mbedtls_rsa_pkcs1_decrypt(&rsa, mbedtls_default_rng, nullptr, MBEDTLS_RSA_PRIVATE, &len, ciphertext, aes_credentials, 40); #else # if PLATFORM_ID == 6 || PLATFORM_ID == 8 int32_t len = 128; # else int len = 128; # endif int ret = rsa_pkcs1_decrypt(&rsa, RSA_PRIVATE, &len, ciphertext, aes_credentials, 40); #endif rsa_free(&rsa); return ret; }
/* * Checkup routine */ int rsa_self_test( int verbose ) { int len; rsa_context rsa; unsigned char sha1sum[20]; unsigned char rsa_plaintext[PT_LEN]; unsigned char rsa_decrypted[PT_LEN]; unsigned char rsa_ciphertext[KEY_LEN]; memset( &rsa, 0, sizeof( rsa_context ) ); rsa.len = KEY_LEN; mpi_read_string( &rsa.N , 16, RSA_N ); mpi_read_string( &rsa.E , 16, RSA_E ); mpi_read_string( &rsa.D , 16, RSA_D ); mpi_read_string( &rsa.P , 16, RSA_P ); mpi_read_string( &rsa.Q , 16, RSA_Q ); mpi_read_string( &rsa.DP, 16, RSA_DP ); mpi_read_string( &rsa.DQ, 16, RSA_DQ ); mpi_read_string( &rsa.QP, 16, RSA_QP ); if( verbose != 0 ) printf( " RSA key validation: " ); if( rsa_check_pubkey( &rsa ) != 0 || rsa_check_privkey( &rsa ) != 0 ) { if( verbose != 0 ) printf( "failed\n" ); return( 1 ); } if( verbose != 0 ) printf( "passed\n PKCS#1 encryption : " ); memcpy( rsa_plaintext, RSA_PT, PT_LEN ); if( rsa_pkcs1_encrypt( &rsa, RSA_PUBLIC, PT_LEN, rsa_plaintext, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) printf( "failed\n" ); return( 1 ); } if( verbose != 0 ) printf( "passed\n PKCS#1 decryption : " ); if( rsa_pkcs1_decrypt( &rsa, RSA_PRIVATE, &len, rsa_ciphertext, rsa_decrypted, sizeof(rsa_decrypted) ) != 0 ) { if( verbose != 0 ) printf( "failed\n" ); return( 1 ); } if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 ) { if( verbose != 0 ) printf( "failed\n" ); return( 1 ); } if( verbose != 0 ) printf( "passed\n PKCS#1 data sign : " ); sha1( rsa_plaintext, PT_LEN, sha1sum ); if( rsa_pkcs1_sign( &rsa, RSA_PRIVATE, SIG_RSA_SHA1, 20, sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) printf( "failed\n" ); return( 1 ); } if( verbose != 0 ) printf( "passed\n PKCS#1 sig. verify: " ); if( rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1, 20, sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) printf( "failed\n" ); return( 1 ); } if( verbose != 0 ) printf( "passed\n\n" ); rsa_free( &rsa ); return( 0 ); }
int decipher_buffer(unsigned char **output, int *output_len, unsigned char *input, int input_len, char *priv_key_file) { int offset, ret; size_t key_len; unsigned char s_key[32] = {0}; aes_context aes_ctx; rsa_context rsa_ctx; FILE *f; unsigned char iv[16] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; /* *** Init *** */ ret = 1; offset = 0; key_len = 0; f = NULL; /* *** Get private key *** */ f = fopen(priv_key_file, "rb"); if (f == NULL) { fprintf(stderr, "error : unable to open %s\n", priv_key_file); ret = 1; goto cleanup; } rsa_init(&rsa_ctx, RSA_PKCS_V15, 0 ); if (mpi_read_file(&rsa_ctx.N, 16, f) != 0 || mpi_read_file(&rsa_ctx.E, 16, f) != 0 || mpi_read_file(&rsa_ctx.D, 16, f) != 0 || mpi_read_file(&rsa_ctx.P, 16, f) != 0 || mpi_read_file(&rsa_ctx.Q, 16, f) != 0 || mpi_read_file(&rsa_ctx.DP, 16, f) != 0 || mpi_read_file(&rsa_ctx.DQ, 16, f) != 0 || mpi_read_file(&rsa_ctx.QP, 16, f) != 0) { fprintf(stderr, "error : unable to read private key\n"); ret = 1; goto cleanup; } rsa_ctx.len = (mpi_msb(&rsa_ctx.N ) + 7 ) >> 3; /* *** Decipher *** */ ret = rsa_pkcs1_decrypt(&rsa_ctx, RSA_PRIVATE, &key_len, input, s_key, 16); if (ret != 0) { fprintf(stderr, "error : rsa_pkcs1_decrypt failed\n"); ret = 1; goto cleanup; } ret = aes_setkey_dec(&aes_ctx, s_key, 256); if (ret != 0) { fprintf(stderr, "error : aes_setkey_dec failed\n"); ret = 1; goto cleanup; } /* *** Plain text *** */ *output = (unsigned char *) malloc((input_len - 128) * sizeof(unsigned char)); memset(*output, 0, input_len - 128); ret = aes_crypt_cbc(&aes_ctx, AES_DECRYPT, input_len - 128 , iv, input + 128, *output); if (ret != 0) { fprintf(stderr, "error : aes_crypt_cbc failed\n"); ret = 1; goto cleanup; } /* *** Padding *** */ for (offset = input_len - 128 - 1; offset >= 0; offset--) { if((*output)[offset] == 0x80) { *output_len = offset; (*output)[offset] = 0x00; break; } } cleanup: if(f != NULL) fclose(f); rsa_free(&rsa_ctx); return ret; }
/* * Checkup routine */ int main ( void ) { int len; rsa_context rsa; unsigned char md5sum[16]; unsigned char rsa_plaintext[PTLEN]; unsigned char rsa_decrypted[PTLEN]; unsigned char rsa_ciphertext[CTLEN]; memset( &rsa, 0, sizeof( rsa ) ); rsa.len = 128; mpi_read( &rsa.N , "9292758453063D803DD603D5E777D788" \ "8ED1D5BF35786190FA2F23EBC0848AEA" \ "DDA92CA6C3D80B32C4D109BE0F36D6AE" \ "7130B9CED7ACDF54CFC7555AC14EEBAB" \ "93A89813FBF3C4F8066D2D800F7C38A8" \ "1AE31942917403FF4946B0A83D3D3E05" \ "EE57C6F5F5606FB5D4BC6CD34EE0801A" \ "5E94BB77B07507233A0BC7BAC8F90F79", 16 ); mpi_read( &rsa.E , "10001", 16 ); mpi_read( &rsa.D , "24BF6185468786FDD303083D25E64EFC" \ "66CA472BC44D253102F8B4A9D3BFA750" \ "91386C0077937FE33FA3252D28855837" \ "AE1B484A8A9A45F7EE8C0C634F99E8CD" \ "DF79C5CE07EE72C7F123142198164234" \ "CABB724CF78B8173B9F880FC86322407" \ "AF1FEDFDDE2BEB674CA15F3E81A1521E" \ "071513A1E85B5DFA031F21ECAE91A34D", 16 ); mpi_read( &rsa.P , "C36D0EB7FCD285223CFB5AABA5BDA3D8" \ "2C01CAD19EA484A87EA4377637E75500" \ "FCB2005C5C7DD6EC4AC023CDA285D796" \ "C3D9E75E1EFC42488BB4F1D13AC30A57", 16 ); mpi_read( &rsa.Q , "C000DF51A7C77AE8D7C7370C1FF55B69" \ "E211C2B9E5DB1ED0BF61D0D9899620F4" \ "910E4168387E3C30AA1E00C339A79508" \ "8452DD96A9A5EA5D9DCA68DA636032AF", 16 ); mpi_read( &rsa.DP, "C1ACF567564274FB07A0BBAD5D26E298" \ "3C94D22288ACD763FD8E5600ED4A702D" \ "F84198A5F06C2E72236AE490C93F07F8" \ "3CC559CD27BC2D1CA488811730BB5725", 16 ); mpi_read( &rsa.DQ, "4959CBF6F8FEF750AEE6977C155579C7" \ "D8AAEA56749EA28623272E4F7D0592AF" \ "7C1F1313CAC9471B5C523BFE592F517B" \ "407A1BD76C164B93DA2D32A383E58357", 16 ); mpi_read( &rsa.QP, "9AE7FBC99546432DF71896FC239EADAE" \ "F38D18D2B2F0E2DD275AA977E2BF4411" \ "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \ "A74206CEC169D74BF5A8C50D6F48EA08", 16 ); printf( " RSA key validation: " ); if( rsa_check_pubkey( &rsa ) != 0 || rsa_check_privkey( &rsa ) != 0 ) { printf( "failed\n" ); return( 1 ); } printf( "passed\n PKCS#1 encryption : " ); memcpy( rsa_plaintext, "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \ "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD", PTLEN ); len = CTLEN; if( rsa_pkcs1_encrypt( &rsa, rsa_plaintext, PTLEN, rsa_ciphertext, &len ) != 0 ) { printf( "failed\n" ); return( 1 ); } printf( "passed\n PKCS#1 decryption : " ); len = sizeof( rsa_decrypted ); if( rsa_pkcs1_decrypt( &rsa, rsa_ciphertext, CTLEN, rsa_decrypted, &len ) != 0 || memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 ) { printf( "failed\n" ); return( 1 ); } printf( "passed\n" ); #if 0 md5_csum( rsa_plaintext, PTLEN, md5sum ); if( rsa_pkcs1_sign( &rsa, RSA_MD5, md5sum, 16, rsa_ciphertext, CTLEN ) != 0 ) { printf( "failed\n" ); return( 1 ); } printf( "passed\n PKCS#1 sig. verify: " ); if( rsa_pkcs1_verify( &rsa, RSA_MD5, md5sum, 16, rsa_ciphertext, CTLEN ) != 0 ) { printf( "failed\n" ); return( 1 ); } printf( "passed\n\n" ); #endif rsa_free( &rsa ); return( 0 ); }
/* * Checkup routine */ int rsa_self_test( int verbose ) { int ret = 0; #if defined(POLARSSL_PKCS1_V15) size_t len; rsa_context rsa; unsigned char rsa_plaintext[PT_LEN]; unsigned char rsa_decrypted[PT_LEN]; unsigned char rsa_ciphertext[KEY_LEN]; #if defined(POLARSSL_SHA1_C) unsigned char sha1sum[20]; #endif rsa_init( &rsa, RSA_PKCS_V15, 0 ); rsa.len = KEY_LEN; MPI_CHK( mpi_read_string( &rsa.N , 16, RSA_N ) ); MPI_CHK( mpi_read_string( &rsa.E , 16, RSA_E ) ); MPI_CHK( mpi_read_string( &rsa.D , 16, RSA_D ) ); MPI_CHK( mpi_read_string( &rsa.P , 16, RSA_P ) ); MPI_CHK( mpi_read_string( &rsa.Q , 16, RSA_Q ) ); MPI_CHK( mpi_read_string( &rsa.DP, 16, RSA_DP ) ); MPI_CHK( mpi_read_string( &rsa.DQ, 16, RSA_DQ ) ); MPI_CHK( mpi_read_string( &rsa.QP, 16, RSA_QP ) ); if( verbose != 0 ) polarssl_printf( " RSA key validation: " ); if( rsa_check_pubkey( &rsa ) != 0 || rsa_check_privkey( &rsa ) != 0 ) { if( verbose != 0 ) polarssl_printf( "failed\n" ); return( 1 ); } if( verbose != 0 ) polarssl_printf( "passed\n PKCS#1 encryption : " ); memcpy( rsa_plaintext, RSA_PT, PT_LEN ); if( rsa_pkcs1_encrypt( &rsa, myrand, NULL, RSA_PUBLIC, PT_LEN, rsa_plaintext, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) polarssl_printf( "failed\n" ); return( 1 ); } if( verbose != 0 ) polarssl_printf( "passed\n PKCS#1 decryption : " ); if( rsa_pkcs1_decrypt( &rsa, myrand, NULL, RSA_PRIVATE, &len, rsa_ciphertext, rsa_decrypted, sizeof(rsa_decrypted) ) != 0 ) { if( verbose != 0 ) polarssl_printf( "failed\n" ); return( 1 ); } if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 ) { if( verbose != 0 ) polarssl_printf( "failed\n" ); return( 1 ); } #if defined(POLARSSL_SHA1_C) if( verbose != 0 ) polarssl_printf( "passed\n PKCS#1 data sign : " ); sha1( rsa_plaintext, PT_LEN, sha1sum ); if( rsa_pkcs1_sign( &rsa, myrand, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) polarssl_printf( "failed\n" ); return( 1 ); } if( verbose != 0 ) polarssl_printf( "passed\n PKCS#1 sig. verify: " ); if( rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC, POLARSSL_MD_SHA1, 0, sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) polarssl_printf( "failed\n" ); return( 1 ); } if( verbose != 0 ) polarssl_printf( "passed\n\n" ); #endif /* POLARSSL_SHA1_C */ cleanup: rsa_free( &rsa ); #else /* POLARSSL_PKCS1_V15 */ ((void) verbose); #endif /* POLARSSL_PKCS1_V15 */ return( ret ); }
int main( int argc, char *argv[] ) { FILE *f; int ret, c; size_t i; rsa_context rsa; entropy_context entropy; ctr_drbg_context ctr_drbg; unsigned char result[1024]; unsigned char buf[512]; const char *pers = "rsa_decrypt"; ((void) argv); memset(result, 0, sizeof( result ) ); ret = 1; if( argc != 1 ) { polarssl_printf( "usage: rsa_decrypt\n" ); #if defined(_WIN32) polarssl_printf( "\n" ); #endif goto exit; } polarssl_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); entropy_init( &entropy ); if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) ) != 0 ) { polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret ); goto exit; } polarssl_printf( "\n . Reading private key from rsa_priv.txt" ); fflush( stdout ); if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL ) { polarssl_printf( " failed\n ! Could not open rsa_priv.txt\n" \ " ! Please run rsa_genkey first\n\n" ); goto exit; } rsa_init( &rsa, RSA_PKCS_V15, 0 ); if( ( ret = mpi_read_file( &rsa.N , 16, f ) ) != 0 || ( ret = mpi_read_file( &rsa.E , 16, f ) ) != 0 || ( ret = mpi_read_file( &rsa.D , 16, f ) ) != 0 || ( ret = mpi_read_file( &rsa.P , 16, f ) ) != 0 || ( ret = mpi_read_file( &rsa.Q , 16, f ) ) != 0 || ( ret = mpi_read_file( &rsa.DP, 16, f ) ) != 0 || ( ret = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || ( ret = mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) { polarssl_printf( " failed\n ! mpi_read_file returned %d\n\n", ret ); goto exit; } rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3; fclose( f ); /* * Extract the RSA encrypted value from the text file */ ret = 1; if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL ) { polarssl_printf( "\n ! Could not open %s\n\n", "result-enc.txt" ); goto exit; } i = 0; while( fscanf( f, "%02X", &c ) > 0 && i < (int) sizeof( buf ) ) buf[i++] = (unsigned char) c; fclose( f ); if( i != rsa.len ) { polarssl_printf( "\n ! Invalid RSA signature format\n\n" ); goto exit; } /* * Decrypt the encrypted RSA data and print the result. */ polarssl_printf( "\n . Decrypting the encrypted data" ); fflush( stdout ); if( ( ret = rsa_pkcs1_decrypt( &rsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, &i, buf, result, 1024 ) ) != 0 ) { polarssl_printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", ret ); goto exit; } polarssl_printf( "\n . OK\n\n" ); polarssl_printf( "The decrypted result is: '%s'\n\n", result ); ret = 0; exit: ctr_drbg_free( &ctr_drbg ); entropy_free( &entropy ); #if defined(_WIN32) polarssl_printf( " + Press Enter to exit this program.\n" ); fflush( stdout ); getchar(); #endif return( ret ); }
/* * Checkup routine */ int rsa_self_test( void ) { int len; rsa_context rsa; uchar md5sum[16]; uchar decrypted[PTLEN]; uchar ciphertext[CTLEN]; memset( &rsa, 0, sizeof( rsa ) ); rsa.len = 128; #if 0 mpi_read( &rsa.N , "9292758453063D803DD603D5E777D788" \ "8ED1D5BF35786190FA2F23EBC0848AEA" \ "DDA92CA6C3D80B32C4D109BE0F36D6AE" \ "7130B9CED7ACDF54CFC7555AC14EEBAB" \ "93A89813FBF3C4F8066D2D800F7C38A8" \ "1AE31942917403FF4946B0A83D3D3E05" \ "EE57C6F5F5606FB5D4BC6CD34EE0801A" \ "5E94BB77B07507233A0BC7BAC8F90F79", 16 ); mpi_read( &rsa.E , "10001", 16 ); mpi_read( &rsa.D , "24BF6185468786FDD303083D25E64EFC" \ "66CA472BC44D253102F8B4A9D3BFA750" \ "91386C0077937FE33FA3252D28855837" \ "AE1B484A8A9A45F7EE8C0C634F99E8CD" \ "DF79C5CE07EE72C7F123142198164234" \ "CABB724CF78B8173B9F880FC86322407" \ "AF1FEDFDDE2BEB674CA15F3E81A1521E" \ "071513A1E85B5DFA031F21ECAE91A34D", 16 ); mpi_read( &rsa.P , "C36D0EB7FCD285223CFB5AABA5BDA3D8" \ "2C01CAD19EA484A87EA4377637E75500" \ "FCB2005C5C7DD6EC4AC023CDA285D796" \ "C3D9E75E1EFC42488BB4F1D13AC30A57", 16 ); mpi_read( &rsa.Q , "C000DF51A7C77AE8D7C7370C1FF55B69" \ "E211C2B9E5DB1ED0BF61D0D9899620F4" \ "910E4168387E3C30AA1E00C339A79508" \ "8452DD96A9A5EA5D9DCA68DA636032AF", 16 ); mpi_read( &rsa.DP, "C1ACF567564274FB07A0BBAD5D26E298" \ "3C94D22288ACD763FD8E5600ED4A702D" \ "F84198A5F06C2E72236AE490C93F07F8" \ "3CC559CD27BC2D1CA488811730BB5725", 16 ); mpi_read( &rsa.DQ, "4959CBF6F8FEF750AEE6977C155579C7" \ "D8AAEA56749EA28623272E4F7D0592AF" \ "7C1F1313CAC9471B5C523BFE592F517B" \ "407A1BD76C164B93DA2D32A383E58357", 16 ); mpi_read( &rsa.QP, "9AE7FBC99546432DF71896FC239EADAE" \ "F38D18D2B2F0E2DD275AA977E2BF4411" \ "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \ "A74206CEC169D74BF5A8C50D6F48EA08", 16 ); #else mpi_read( &rsa.N , "EEF43DF231F4FEFDA3FF0576F864912B" \ "F5D51D627C5911F4794F54C8BE178C66" \ "FD9C447BE512735818E93CF88AB1696C" \ "1C634A898DBFCE384F74CD347B715419" \ "EAE05016842B752F127CC224535C4708" \ "8DE7566D50F0CFC013B2592BAB1E042A" \ "76239E5262D931B84BDAB640028AFE7C" \ "39E2B75A353EABF827854EE249C6EA45", 16 ); mpi_read( &rsa.E , "010001", 16 ); mpi_read( &rsa.D , "B6F6044861BFF94E34379BF3901550A2" \ "9C44658F772EABF4C8BDD9692B43D499" \ "372E63B189A02AF91579E0D95D38A243" \ "C928AD75CD3743AB120B98E3CA70E7B6" \ "C5B3C1EA2065EF5A6347F80B247044D4" \ "775C4379C2286F8724E0DFE859F808E8" \ "BFBE3D257EF84E3A455C5BC452F5600E" \ "5CDD62818D7E937C7D4C9819C1FAF331", 16 ); mpi_read( &rsa.P , "FBD24AF8F6132E9E1D07B73CFD6D0ECE" \ "6E49DD602EF0F4D6FE6DF66493F016EA" \ "C19FF290749194145C3229D0CC57B31F" \ "199AE2819572271CFE40279063B5BEAB", 16 ); mpi_read( &rsa.Q , "F2EB4A3E41438F2690EC2DED0198E4BD" \ "7ABA01D374A27C92BDAEA3803FF8584C" \ "2B923C95868B4C53DCEEA3A750D7B702" \ "748522C8BF781CCED4E76B52A9DD3ACF", 16 ); mpi_read( &rsa.DP, "3947752C39F4D506BBFDB44D582BC551" \ "693EBDEF11DE5722CC0EC11BD196ABEF" \ "CC0910C890EB482E756627A2C9C82D03" \ "26F4D70EB8AA9580FFC821F7B2E6752F", 16 ); mpi_read( &rsa.DQ, "5A71D28DC55CF322A7D8D7ECA3A89A9A" \ "15E4C5A3468CED16F1BAE133721DF43A" \ "400ACDB5DA8768DEDCA69996455A5BD0" \ "7533D0D4AFBD77F4667ED78DCAA30D2F", 16 ); mpi_read( &rsa.QP, "81267EDB140CE8F07CA92F508FEA134B" \ "23C871D428C6EF870F08FFF2AD46D210" \ "8FCD67E28FF95E8E332B5EEE16EB8784" \ "AB3D1E59B078CB93EF5C6E0F12419439", 16 ); #endif printf( " RSA key validation: " ); if( rsa_check_pubkey( &rsa ) != 0 || rsa_check_privkey( &rsa ) != 0 ) { printf( "failed\n" ); return( 1 ); } printf( "passed\n PKCS#1 encryption : " ); if( rsa_pkcs1_encrypt( &rsa, plaintext, PTLEN, ciphertext, CTLEN ) != 0 ) { printf( "failed\n" ); return( 1 ); } printf( "passed\n PKCS#1 decryption : " ); len = sizeof( decrypted ); if( rsa_pkcs1_decrypt( &rsa, ciphertext, CTLEN, decrypted, &len ) != 0 || memcmp( decrypted, plaintext, len ) != 0 ) { printf( "failed\n" ); return( 1 ); } printf( "passed\n PKCS#1 data sign : " ); md5_csum( plaintext, PTLEN, md5sum ); if( rsa_pkcs1_sign( &rsa, RSA_MD5, md5sum, 16, ciphertext, CTLEN ) != 0 ) { printf( "failed\n" ); return( 1 ); } printf( "passed\n PKCS#1 sig. verify: " ); if( rsa_pkcs1_verify( &rsa, RSA_MD5, md5sum, 16, ciphertext, CTLEN ) != 0 ) { printf( "failed\n" ); return( 1 ); } printf( "passed\n\n" ); rsa_free( &rsa ); return( 0 ); }
int message_rsa_decrypt(VCRYPT_CTX *ctx, rsa_context *public_rsa, uint8_t *ciphertext, size_t len, char **decrypted) { int ret = 0; int ret_len = 0; if (len < 5) return -ERR_DECRYPTION_ERROR; if (*ciphertext++ != VCRYPT_PROTOCOL_VERSION) return -ERR_DECRYPTION_ERROR; uint16_t encr_key_len = *((uint16_t*) ciphertext); ciphertext += 2; uint16_t sig_key_len = *((uint16_t*) ciphertext); ciphertext += 2; if (encr_key_len != ctx->ssl_req.rsa.len) return -ERR_DECRYPTION_ERROR; if ((len - 5 - sig_key_len) % encr_key_len) return -ERR_DECRYPTION_ERROR; int ciphertext_chunks = (len - 5 - sig_key_len) / encr_key_len; // maximum possible plaintext length int plain_len = ciphertext_chunks * ctx->ssl_req.rsa.len; if (ciphertext_chunks < 1) return -ERR_DECRYPTION_ERROR; // we need the signature too *decrypted = malloc(plain_len + 1); // 1 char for the null terminator if (!*decrypted) return -ERR_MALLOC; int chunk; size_t decrypted_len = 0; uint8_t *in = ciphertext, *out = (uint8_t*) *decrypted; for (chunk = 0; chunk < ciphertext_chunks; chunk++, out += decrypted_len, in += ctx->ssl_req.rsa.len) { if ((ret = rsa_pkcs1_decrypt(&ctx->ssl_req.rsa, RSA_PRIVATE, &decrypted_len, in, out, ctx->ssl_req.rsa.len)) != 0) { char err[256]; error_strerror(ret, err, sizeof err); dolog(0, " failed\n ! rsa_pkcs1_decrypt returned %d: %s (chunk: %d)\n", ret, err, chunk); free(*decrypted); return -ERR_DECRYPTION_ERROR; } ret_len += decrypted_len; } *out = 0; if (!public_rsa || !public_rsa->len) { return -ERR_SIGN_VERIFY_ERROR; } unsigned char hash[64]; sha4_context sha_ctx; sha4_starts(&sha_ctx, 1); sha4_update(&sha_ctx, (uint8_t*) *decrypted, ret_len); sha4_finish(&sha_ctx, hash); if ((ret = rsa_pkcs1_verify(public_rsa, RSA_PUBLIC, public_rsa->hash_id, sizeof hash, hash, in)) != 0) { char err[256]; error_strerror(ret, err, sizeof err); dolog(0, " failed\n ! rsa_pkcs1_verify returned %d: %s\nmessage was: %s\n", ret, err, *decrypted); return -ERR_SIGN_VERIFY_ERROR; } return ret_len; }