uint8_t *rsa_apply(uint8_t *input, int inlen, int *outlen, int mode) {
rsa_context trsa;
const char *pers = "rsa_encrypt";
int rc;
entropy_context entropy;
ctr_drbg_context ctr_drbg;
entropy_init(&entropy);
if ((rc = ctr_drbg_init(&ctr_drbg, entropy_func, &entropy, (const unsigned char *)pers,
strlen(pers))) != 0)
debug(1, "ctr_drbg_init returned %d\n", rc);
rsa_init(&trsa, RSA_PKCS_V21, POLARSSL_MD_SHA1); // padding and hash id get overwritten
// BTW, this seems to reset a lot of parameters in the rsa_context
rc = x509parse_key(&trsa, (unsigned char *)super_secret_key, strlen(super_secret_key), NULL, 0);
if (rc != 0)
debug(1, "Error %d reading the private key.");
uint8_t *out = NULL;
switch (mode) {
case RSA_MODE_AUTH:
trsa.padding = RSA_PKCS_V15;
trsa.hash_id = POLARSSL_MD_NONE;
debug(2, "rsa_apply encrypt");
out = malloc(trsa.len);
rc = rsa_pkcs1_encrypt(&trsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, inlen, input, out);
if (rc != 0)
debug(1, "rsa_pkcs1_encrypt error %d.", rc);
*outlen = trsa.len;
break;
case RSA_MODE_KEY:
debug(2, "rsa_apply decrypt");
trsa.padding = RSA_PKCS_V21;
trsa.hash_id = POLARSSL_MD_SHA1;
out = malloc(trsa.len);
#if POLARSSL_VERSION_NUMBER >= 0x01020900
rc = rsa_pkcs1_decrypt(&trsa, ctr_drbg_random, &ctr_drbg, RSA_PRIVATE, (size_t *)outlen, input,
out, trsa.len);
#else
rc = rsa_pkcs1_decrypt(&trsa, RSA_PRIVATE, outlen, input, out, trsa.len);
#endif
if (rc != 0)
debug(1, "decrypt error %d.", rc);
break;
default:
die("bad rsa mode");
}
rsa_free(&trsa);
debug(2, "rsa_apply exit");
return out;
}
int cRSAPrivateKey::Decrypt(const Byte * a_EncryptedData, size_t a_EncryptedLength, Byte * a_DecryptedData, size_t a_DecryptedMaxLength)
{
if (a_EncryptedLength < m_Rsa.len)
{
LOGD("%s: Invalid a_EncryptedLength: got %u, exp at least %u",
__FUNCTION__, (unsigned)a_EncryptedLength, (unsigned)(m_Rsa.len)
);
ASSERT(!"Invalid a_DecryptedMaxLength!");
return -1;
}
if (a_DecryptedMaxLength < m_Rsa.len)
{
LOGD("%s: Invalid a_DecryptedMaxLength: got %u, exp at least %u",
__FUNCTION__, (unsigned)a_EncryptedLength, (unsigned)(m_Rsa.len)
);
ASSERT(!"Invalid a_DecryptedMaxLength!");
return -1;
}
size_t DecryptedLength;
int res = rsa_pkcs1_decrypt(
&m_Rsa, ctr_drbg_random, &m_Ctr_drbg, RSA_PRIVATE, &DecryptedLength,
a_EncryptedData, a_DecryptedData, a_DecryptedMaxLength
);
if (res != 0)
{
return -1;
}
return (int)DecryptedLength;
}
/**
* Decrypts a string and removes the padding using either private or public key.
* (depending on mode).
* @param ciphertext: binary string to be decrypted.
* @param key: table containing either the public or the private key, as generated by gen_key.
* @return The original message (if everything works ok).
* @see rsa_genkey
*/
static int luarsa_pkcs1_decrypt (lua_State *L) {
int res = 0;
int mode;
size_t lmsg, lresult;
rsa_context rsa;
char *message = (char*)luaL_checklstring(L, 1, &lmsg); /* ciphertext */
char result[KEY_SIZE];
rsa_init( &rsa, RSA_PKCS_V15, 0, NULL, NULL );
mode = processKey(L, 2, &rsa); /* keytable */
rsa.len = lmsg;
memset(result, 0, KEY_SIZE);
printf("\nMode==%s\n", mode==RSA_PUBLIC ? "RSA_PUBLIC" : "RSA_PRIVATE" );
printf("Size==%d\n", lmsg );
printf("Crypt.Size==%d\n", rsa.len );
printf("ver: %d\n", rsa.ver);
printf("len: %d\n", rsa.len);
printf("padding: %d\n", rsa.padding);
printf("hash_id: %d\n", rsa.hash_id);
mpi_print("N:%s\n", &rsa.N);
mpi_print("E:%s\n", &rsa.E);
if(mode!=RSA_PUBLIC) {
mpi_print("D:%s\n", &rsa.D);
mpi_print("P:%s\n", &rsa.P);
mpi_print("Q:%s\n", &rsa.Q);
mpi_print("DP:%s\n", &rsa.DP);
mpi_print("DQ:%s\n", &rsa.DQ);
mpi_print("QP:%s\n", &rsa.QP);
//mpi_print("RN:%s\n", &rsa.RN);
//mpi_print("RP:%s\n", &rsa.RP);
//mpi_print("RQ:%s\n", &rsa.RQ);
}
// pass rsa context and ciphertext to decryption engine
res = rsa_pkcs1_decrypt(&rsa, RSA_PRIVATE, &lmsg, message, result);
printf("Orig.Size==%d\n", lmsg );
if(res) {
luaL_error(L, "Error during cipher (%d)", res);
}
// push encrypted result buffer
lua_pushlstring(L, result, lmsg); /* ciphertext */
rsa_free( &rsa );
return 1;
}
static int rsa_decrypt_wrap( void *ctx,
const unsigned char *input, size_t ilen,
unsigned char *output, size_t *olen, size_t osize,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
if( ilen != ((rsa_context *) ctx)->len )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
return( rsa_pkcs1_decrypt( (rsa_context *) ctx, f_rng, p_rng,
RSA_PRIVATE, olen, input, output, osize ) );
}
int
rsa_decrypt (const uint8_t *input, uint8_t *output, int msg_len,
struct key_data *kd)
{
mpi P1, Q1, H;
int r;
int output_len;
DEBUG_INFO ("RSA decrypt:");
DEBUG_WORD ((uint32_t)&output_len);
mpi_init (&P1, &Q1, &H, NULL);
rsa_init (&rsa_ctx, RSA_PKCS_V15, 0);
rsa_ctx.len = msg_len;
DEBUG_WORD (msg_len);
mpi_lset (&rsa_ctx.E, 0x10001);
mpi_read_binary (&rsa_ctx.P, &kd->data[0], KEY_CONTENT_LEN / 2);
mpi_read_binary (&rsa_ctx.Q, &kd->data[KEY_CONTENT_LEN/2],
KEY_CONTENT_LEN / 2);
#if 0 /* Using CRT, we don't use N */
mpi_mul_mpi (&rsa_ctx.N, &rsa_ctx.P, &rsa_ctx.Q);
#endif
mpi_sub_int (&P1, &rsa_ctx.P, 1);
mpi_sub_int (&Q1, &rsa_ctx.Q, 1);
mpi_mul_mpi (&H, &P1, &Q1);
mpi_inv_mod (&rsa_ctx.D , &rsa_ctx.E, &H);
mpi_mod_mpi (&rsa_ctx.DP, &rsa_ctx.D, &P1);
mpi_mod_mpi (&rsa_ctx.DQ, &rsa_ctx.D, &Q1);
mpi_inv_mod (&rsa_ctx.QP, &rsa_ctx.Q, &rsa_ctx.P);
mpi_free (&P1, &Q1, &H, NULL);
DEBUG_INFO ("RSA decrypt ...");
r = rsa_pkcs1_decrypt (&rsa_ctx, RSA_PRIVATE, &output_len,
input, output, MAX_RES_APDU_DATA_SIZE);
rsa_free (&rsa_ctx);
if (r < 0)
{
DEBUG_INFO ("fail:");
DEBUG_SHORT (r);
return r;
}
else
{
res_APDU_size = output_len;
DEBUG_INFO ("done.\r\n");
GPG_SUCCESS ();
return 0;
}
}
int decipher_aes_credentials(const unsigned char *private_key,
const unsigned char *ciphertext,
unsigned char *aes_credentials)
{
rsa_context rsa;
init_rsa_context_with_private_key(&rsa, private_key);
int len = 128;
int ret = rsa_pkcs1_decrypt(&rsa, RSA_PRIVATE, &len, ciphertext,
aes_credentials, 40);
rsa_free(&rsa);
return ret;
}
int decipher_aes_credentials(const unsigned char *private_key,
const unsigned char *ciphertext,
unsigned char *aes_credentials)
{
rsa_context rsa;
init_rsa_context_with_private_key(&rsa, private_key);
#ifdef USE_MBEDTLS
size_t len = 128;
int ret = mbedtls_rsa_pkcs1_decrypt(&rsa, mbedtls_default_rng, nullptr, MBEDTLS_RSA_PRIVATE, &len, ciphertext,
aes_credentials, 40);
#else
# if PLATFORM_ID == 6 || PLATFORM_ID == 8
int32_t len = 128;
# else
int len = 128;
# endif
int ret = rsa_pkcs1_decrypt(&rsa, RSA_PRIVATE, &len, ciphertext,
aes_credentials, 40);
#endif
rsa_free(&rsa);
return ret;
}
/*
* Checkup routine
*/
int rsa_self_test( int verbose )
{
int len;
rsa_context rsa;
unsigned char sha1sum[20];
unsigned char rsa_plaintext[PT_LEN];
unsigned char rsa_decrypted[PT_LEN];
unsigned char rsa_ciphertext[KEY_LEN];
memset( &rsa, 0, sizeof( rsa_context ) );
rsa.len = KEY_LEN;
mpi_read_string( &rsa.N , 16, RSA_N );
mpi_read_string( &rsa.E , 16, RSA_E );
mpi_read_string( &rsa.D , 16, RSA_D );
mpi_read_string( &rsa.P , 16, RSA_P );
mpi_read_string( &rsa.Q , 16, RSA_Q );
mpi_read_string( &rsa.DP, 16, RSA_DP );
mpi_read_string( &rsa.DQ, 16, RSA_DQ );
mpi_read_string( &rsa.QP, 16, RSA_QP );
if( verbose != 0 )
printf( " RSA key validation: " );
if( rsa_check_pubkey( &rsa ) != 0 ||
rsa_check_privkey( &rsa ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n PKCS#1 encryption : " );
memcpy( rsa_plaintext, RSA_PT, PT_LEN );
if( rsa_pkcs1_encrypt( &rsa, RSA_PUBLIC, PT_LEN,
rsa_plaintext, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n PKCS#1 decryption : " );
if( rsa_pkcs1_decrypt( &rsa, RSA_PRIVATE, &len,
rsa_ciphertext, rsa_decrypted,
sizeof(rsa_decrypted) ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n PKCS#1 data sign : " );
sha1( rsa_plaintext, PT_LEN, sha1sum );
if( rsa_pkcs1_sign( &rsa, RSA_PRIVATE, SIG_RSA_SHA1, 20,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n PKCS#1 sig. verify: " );
if( rsa_pkcs1_verify( &rsa, RSA_PUBLIC, SIG_RSA_SHA1, 20,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
printf( "passed\n\n" );
rsa_free( &rsa );
return( 0 );
}
int decipher_buffer(unsigned char **output, int *output_len,
unsigned char *input, int input_len,
char *priv_key_file)
{
int offset, ret;
size_t key_len;
unsigned char s_key[32] = {0};
aes_context aes_ctx;
rsa_context rsa_ctx;
FILE *f;
unsigned char iv[16] = {
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};
/* *** Init *** */
ret = 1;
offset = 0;
key_len = 0;
f = NULL;
/* *** Get private key *** */
f = fopen(priv_key_file, "rb");
if (f == NULL) {
fprintf(stderr, "error : unable to open %s\n", priv_key_file);
ret = 1;
goto cleanup;
}
rsa_init(&rsa_ctx, RSA_PKCS_V15, 0 );
if (mpi_read_file(&rsa_ctx.N, 16, f) != 0
|| mpi_read_file(&rsa_ctx.E, 16, f) != 0
|| mpi_read_file(&rsa_ctx.D, 16, f) != 0
|| mpi_read_file(&rsa_ctx.P, 16, f) != 0
|| mpi_read_file(&rsa_ctx.Q, 16, f) != 0
|| mpi_read_file(&rsa_ctx.DP, 16, f) != 0
|| mpi_read_file(&rsa_ctx.DQ, 16, f) != 0
|| mpi_read_file(&rsa_ctx.QP, 16, f) != 0) {
fprintf(stderr, "error : unable to read private key\n");
ret = 1;
goto cleanup;
}
rsa_ctx.len = (mpi_msb(&rsa_ctx.N ) + 7 ) >> 3;
/* *** Decipher *** */
ret = rsa_pkcs1_decrypt(&rsa_ctx, RSA_PRIVATE, &key_len,
input, s_key, 16);
if (ret != 0) {
fprintf(stderr, "error : rsa_pkcs1_decrypt failed\n");
ret = 1;
goto cleanup;
}
ret = aes_setkey_dec(&aes_ctx, s_key, 256);
if (ret != 0) {
fprintf(stderr, "error : aes_setkey_dec failed\n");
ret = 1;
goto cleanup;
}
/* *** Plain text *** */
*output = (unsigned char *) malloc((input_len - 128) *
sizeof(unsigned char));
memset(*output, 0, input_len - 128);
ret = aes_crypt_cbc(&aes_ctx, AES_DECRYPT, input_len - 128 , iv,
input + 128, *output);
if (ret != 0) {
fprintf(stderr, "error : aes_crypt_cbc failed\n");
ret = 1;
goto cleanup;
}
/* *** Padding *** */
for (offset = input_len - 128 - 1; offset >= 0; offset--) {
if((*output)[offset] == 0x80) {
*output_len = offset;
(*output)[offset] = 0x00;
break;
}
}
cleanup:
if(f != NULL)
fclose(f);
rsa_free(&rsa_ctx);
return ret;
}
/*
* Checkup routine
*/
int main ( void )
{
int len;
rsa_context rsa;
unsigned char md5sum[16];
unsigned char rsa_plaintext[PTLEN];
unsigned char rsa_decrypted[PTLEN];
unsigned char rsa_ciphertext[CTLEN];
memset( &rsa, 0, sizeof( rsa ) );
rsa.len = 128;
mpi_read( &rsa.N , "9292758453063D803DD603D5E777D788" \
"8ED1D5BF35786190FA2F23EBC0848AEA" \
"DDA92CA6C3D80B32C4D109BE0F36D6AE" \
"7130B9CED7ACDF54CFC7555AC14EEBAB" \
"93A89813FBF3C4F8066D2D800F7C38A8" \
"1AE31942917403FF4946B0A83D3D3E05" \
"EE57C6F5F5606FB5D4BC6CD34EE0801A" \
"5E94BB77B07507233A0BC7BAC8F90F79", 16 );
mpi_read( &rsa.E , "10001", 16 );
mpi_read( &rsa.D , "24BF6185468786FDD303083D25E64EFC" \
"66CA472BC44D253102F8B4A9D3BFA750" \
"91386C0077937FE33FA3252D28855837" \
"AE1B484A8A9A45F7EE8C0C634F99E8CD" \
"DF79C5CE07EE72C7F123142198164234" \
"CABB724CF78B8173B9F880FC86322407" \
"AF1FEDFDDE2BEB674CA15F3E81A1521E" \
"071513A1E85B5DFA031F21ECAE91A34D", 16 );
mpi_read( &rsa.P , "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
"2C01CAD19EA484A87EA4377637E75500" \
"FCB2005C5C7DD6EC4AC023CDA285D796" \
"C3D9E75E1EFC42488BB4F1D13AC30A57", 16 );
mpi_read( &rsa.Q , "C000DF51A7C77AE8D7C7370C1FF55B69" \
"E211C2B9E5DB1ED0BF61D0D9899620F4" \
"910E4168387E3C30AA1E00C339A79508" \
"8452DD96A9A5EA5D9DCA68DA636032AF", 16 );
mpi_read( &rsa.DP, "C1ACF567564274FB07A0BBAD5D26E298" \
"3C94D22288ACD763FD8E5600ED4A702D" \
"F84198A5F06C2E72236AE490C93F07F8" \
"3CC559CD27BC2D1CA488811730BB5725", 16 );
mpi_read( &rsa.DQ, "4959CBF6F8FEF750AEE6977C155579C7" \
"D8AAEA56749EA28623272E4F7D0592AF" \
"7C1F1313CAC9471B5C523BFE592F517B" \
"407A1BD76C164B93DA2D32A383E58357", 16 );
mpi_read( &rsa.QP, "9AE7FBC99546432DF71896FC239EADAE" \
"F38D18D2B2F0E2DD275AA977E2BF4411" \
"F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
"A74206CEC169D74BF5A8C50D6F48EA08", 16 );
printf( " RSA key validation: " );
if( rsa_check_pubkey( &rsa ) != 0 ||
rsa_check_privkey( &rsa ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n PKCS#1 encryption : " );
memcpy( rsa_plaintext,
"\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \
"\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD", PTLEN );
len = CTLEN;
if( rsa_pkcs1_encrypt( &rsa, rsa_plaintext, PTLEN,
rsa_ciphertext, &len ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n PKCS#1 decryption : " );
len = sizeof( rsa_decrypted );
if( rsa_pkcs1_decrypt( &rsa, rsa_ciphertext, CTLEN,
rsa_decrypted, &len ) != 0 ||
memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n" );
#if 0
md5_csum( rsa_plaintext, PTLEN, md5sum );
if( rsa_pkcs1_sign( &rsa, RSA_MD5, md5sum, 16,
rsa_ciphertext, CTLEN ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n PKCS#1 sig. verify: " );
if( rsa_pkcs1_verify( &rsa, RSA_MD5, md5sum, 16,
rsa_ciphertext, CTLEN ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n\n" );
#endif
rsa_free( &rsa );
return( 0 );
}
/*
* Checkup routine
*/
int rsa_self_test( int verbose )
{
int ret = 0;
#if defined(POLARSSL_PKCS1_V15)
size_t len;
rsa_context rsa;
unsigned char rsa_plaintext[PT_LEN];
unsigned char rsa_decrypted[PT_LEN];
unsigned char rsa_ciphertext[KEY_LEN];
#if defined(POLARSSL_SHA1_C)
unsigned char sha1sum[20];
#endif
rsa_init( &rsa, RSA_PKCS_V15, 0 );
rsa.len = KEY_LEN;
MPI_CHK( mpi_read_string( &rsa.N , 16, RSA_N ) );
MPI_CHK( mpi_read_string( &rsa.E , 16, RSA_E ) );
MPI_CHK( mpi_read_string( &rsa.D , 16, RSA_D ) );
MPI_CHK( mpi_read_string( &rsa.P , 16, RSA_P ) );
MPI_CHK( mpi_read_string( &rsa.Q , 16, RSA_Q ) );
MPI_CHK( mpi_read_string( &rsa.DP, 16, RSA_DP ) );
MPI_CHK( mpi_read_string( &rsa.DQ, 16, RSA_DQ ) );
MPI_CHK( mpi_read_string( &rsa.QP, 16, RSA_QP ) );
if( verbose != 0 )
polarssl_printf( " RSA key validation: " );
if( rsa_check_pubkey( &rsa ) != 0 ||
rsa_check_privkey( &rsa ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
polarssl_printf( "passed\n PKCS#1 encryption : " );
memcpy( rsa_plaintext, RSA_PT, PT_LEN );
if( rsa_pkcs1_encrypt( &rsa, myrand, NULL, RSA_PUBLIC, PT_LEN,
rsa_plaintext, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
polarssl_printf( "passed\n PKCS#1 decryption : " );
if( rsa_pkcs1_decrypt( &rsa, myrand, NULL, RSA_PRIVATE, &len,
rsa_ciphertext, rsa_decrypted,
sizeof(rsa_decrypted) ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
if( memcmp( rsa_decrypted, rsa_plaintext, len ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
#if defined(POLARSSL_SHA1_C)
if( verbose != 0 )
polarssl_printf( "passed\n PKCS#1 data sign : " );
sha1( rsa_plaintext, PT_LEN, sha1sum );
if( rsa_pkcs1_sign( &rsa, myrand, NULL, RSA_PRIVATE, POLARSSL_MD_SHA1, 0,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
polarssl_printf( "passed\n PKCS#1 sig. verify: " );
if( rsa_pkcs1_verify( &rsa, NULL, NULL, RSA_PUBLIC, POLARSSL_MD_SHA1, 0,
sha1sum, rsa_ciphertext ) != 0 )
{
if( verbose != 0 )
polarssl_printf( "failed\n" );
return( 1 );
}
if( verbose != 0 )
polarssl_printf( "passed\n\n" );
#endif /* POLARSSL_SHA1_C */
cleanup:
rsa_free( &rsa );
#else /* POLARSSL_PKCS1_V15 */
((void) verbose);
#endif /* POLARSSL_PKCS1_V15 */
return( ret );
}
int main( int argc, char *argv[] )
{
FILE *f;
int ret, c;
size_t i;
rsa_context rsa;
entropy_context entropy;
ctr_drbg_context ctr_drbg;
unsigned char result[1024];
unsigned char buf[512];
const char *pers = "rsa_decrypt";
((void) argv);
memset(result, 0, sizeof( result ) );
ret = 1;
if( argc != 1 )
{
polarssl_printf( "usage: rsa_decrypt\n" );
#if defined(_WIN32)
polarssl_printf( "\n" );
#endif
goto exit;
}
polarssl_printf( "\n . Seeding the random number generator..." );
fflush( stdout );
entropy_init( &entropy );
if( ( ret = ctr_drbg_init( &ctr_drbg, entropy_func, &entropy,
(const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
polarssl_printf( " failed\n ! ctr_drbg_init returned %d\n", ret );
goto exit;
}
polarssl_printf( "\n . Reading private key from rsa_priv.txt" );
fflush( stdout );
if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
{
polarssl_printf( " failed\n ! Could not open rsa_priv.txt\n" \
" ! Please run rsa_genkey first\n\n" );
goto exit;
}
rsa_init( &rsa, RSA_PKCS_V15, 0 );
if( ( ret = mpi_read_file( &rsa.N , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.E , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.D , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.P , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.Q , 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.DP, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.DQ, 16, f ) ) != 0 ||
( ret = mpi_read_file( &rsa.QP, 16, f ) ) != 0 )
{
polarssl_printf( " failed\n ! mpi_read_file returned %d\n\n", ret );
goto exit;
}
rsa.len = ( mpi_msb( &rsa.N ) + 7 ) >> 3;
fclose( f );
/*
* Extract the RSA encrypted value from the text file
*/
ret = 1;
if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
{
polarssl_printf( "\n ! Could not open %s\n\n", "result-enc.txt" );
goto exit;
}
i = 0;
while( fscanf( f, "%02X", &c ) > 0 &&
i < (int) sizeof( buf ) )
buf[i++] = (unsigned char) c;
fclose( f );
if( i != rsa.len )
{
polarssl_printf( "\n ! Invalid RSA signature format\n\n" );
goto exit;
}
/*
* Decrypt the encrypted RSA data and print the result.
*/
polarssl_printf( "\n . Decrypting the encrypted data" );
fflush( stdout );
if( ( ret = rsa_pkcs1_decrypt( &rsa, ctr_drbg_random, &ctr_drbg,
RSA_PRIVATE, &i, buf, result,
1024 ) ) != 0 )
{
polarssl_printf( " failed\n ! rsa_pkcs1_decrypt returned %d\n\n", ret );
goto exit;
}
polarssl_printf( "\n . OK\n\n" );
polarssl_printf( "The decrypted result is: '%s'\n\n", result );
ret = 0;
exit:
ctr_drbg_free( &ctr_drbg );
entropy_free( &entropy );
#if defined(_WIN32)
polarssl_printf( " + Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
return( ret );
}
/*
* Checkup routine
*/
int rsa_self_test( void )
{
int len;
rsa_context rsa;
uchar md5sum[16];
uchar decrypted[PTLEN];
uchar ciphertext[CTLEN];
memset( &rsa, 0, sizeof( rsa ) );
rsa.len = 128;
#if 0
mpi_read( &rsa.N , "9292758453063D803DD603D5E777D788" \
"8ED1D5BF35786190FA2F23EBC0848AEA" \
"DDA92CA6C3D80B32C4D109BE0F36D6AE" \
"7130B9CED7ACDF54CFC7555AC14EEBAB" \
"93A89813FBF3C4F8066D2D800F7C38A8" \
"1AE31942917403FF4946B0A83D3D3E05" \
"EE57C6F5F5606FB5D4BC6CD34EE0801A" \
"5E94BB77B07507233A0BC7BAC8F90F79", 16 );
mpi_read( &rsa.E , "10001", 16 );
mpi_read( &rsa.D , "24BF6185468786FDD303083D25E64EFC" \
"66CA472BC44D253102F8B4A9D3BFA750" \
"91386C0077937FE33FA3252D28855837" \
"AE1B484A8A9A45F7EE8C0C634F99E8CD" \
"DF79C5CE07EE72C7F123142198164234" \
"CABB724CF78B8173B9F880FC86322407" \
"AF1FEDFDDE2BEB674CA15F3E81A1521E" \
"071513A1E85B5DFA031F21ECAE91A34D", 16 );
mpi_read( &rsa.P , "C36D0EB7FCD285223CFB5AABA5BDA3D8" \
"2C01CAD19EA484A87EA4377637E75500" \
"FCB2005C5C7DD6EC4AC023CDA285D796" \
"C3D9E75E1EFC42488BB4F1D13AC30A57", 16 );
mpi_read( &rsa.Q , "C000DF51A7C77AE8D7C7370C1FF55B69" \
"E211C2B9E5DB1ED0BF61D0D9899620F4" \
"910E4168387E3C30AA1E00C339A79508" \
"8452DD96A9A5EA5D9DCA68DA636032AF", 16 );
mpi_read( &rsa.DP, "C1ACF567564274FB07A0BBAD5D26E298" \
"3C94D22288ACD763FD8E5600ED4A702D" \
"F84198A5F06C2E72236AE490C93F07F8" \
"3CC559CD27BC2D1CA488811730BB5725", 16 );
mpi_read( &rsa.DQ, "4959CBF6F8FEF750AEE6977C155579C7" \
"D8AAEA56749EA28623272E4F7D0592AF" \
"7C1F1313CAC9471B5C523BFE592F517B" \
"407A1BD76C164B93DA2D32A383E58357", 16 );
mpi_read( &rsa.QP, "9AE7FBC99546432DF71896FC239EADAE" \
"F38D18D2B2F0E2DD275AA977E2BF4411" \
"F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \
"A74206CEC169D74BF5A8C50D6F48EA08", 16 );
#else
mpi_read( &rsa.N , "EEF43DF231F4FEFDA3FF0576F864912B" \
"F5D51D627C5911F4794F54C8BE178C66" \
"FD9C447BE512735818E93CF88AB1696C" \
"1C634A898DBFCE384F74CD347B715419" \
"EAE05016842B752F127CC224535C4708" \
"8DE7566D50F0CFC013B2592BAB1E042A" \
"76239E5262D931B84BDAB640028AFE7C" \
"39E2B75A353EABF827854EE249C6EA45", 16 );
mpi_read( &rsa.E , "010001", 16 );
mpi_read( &rsa.D , "B6F6044861BFF94E34379BF3901550A2" \
"9C44658F772EABF4C8BDD9692B43D499" \
"372E63B189A02AF91579E0D95D38A243" \
"C928AD75CD3743AB120B98E3CA70E7B6" \
"C5B3C1EA2065EF5A6347F80B247044D4" \
"775C4379C2286F8724E0DFE859F808E8" \
"BFBE3D257EF84E3A455C5BC452F5600E" \
"5CDD62818D7E937C7D4C9819C1FAF331", 16 );
mpi_read( &rsa.P , "FBD24AF8F6132E9E1D07B73CFD6D0ECE" \
"6E49DD602EF0F4D6FE6DF66493F016EA" \
"C19FF290749194145C3229D0CC57B31F" \
"199AE2819572271CFE40279063B5BEAB", 16 );
mpi_read( &rsa.Q , "F2EB4A3E41438F2690EC2DED0198E4BD" \
"7ABA01D374A27C92BDAEA3803FF8584C" \
"2B923C95868B4C53DCEEA3A750D7B702" \
"748522C8BF781CCED4E76B52A9DD3ACF", 16 );
mpi_read( &rsa.DP, "3947752C39F4D506BBFDB44D582BC551" \
"693EBDEF11DE5722CC0EC11BD196ABEF" \
"CC0910C890EB482E756627A2C9C82D03" \
"26F4D70EB8AA9580FFC821F7B2E6752F", 16 );
mpi_read( &rsa.DQ, "5A71D28DC55CF322A7D8D7ECA3A89A9A" \
"15E4C5A3468CED16F1BAE133721DF43A" \
"400ACDB5DA8768DEDCA69996455A5BD0" \
"7533D0D4AFBD77F4667ED78DCAA30D2F", 16 );
mpi_read( &rsa.QP, "81267EDB140CE8F07CA92F508FEA134B" \
"23C871D428C6EF870F08FFF2AD46D210" \
"8FCD67E28FF95E8E332B5EEE16EB8784" \
"AB3D1E59B078CB93EF5C6E0F12419439", 16 );
#endif
printf( " RSA key validation: " );
if( rsa_check_pubkey( &rsa ) != 0 ||
rsa_check_privkey( &rsa ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n PKCS#1 encryption : " );
if( rsa_pkcs1_encrypt( &rsa, plaintext, PTLEN,
ciphertext, CTLEN ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n PKCS#1 decryption : " );
len = sizeof( decrypted );
if( rsa_pkcs1_decrypt( &rsa, ciphertext, CTLEN,
decrypted, &len ) != 0 ||
memcmp( decrypted, plaintext, len ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n PKCS#1 data sign : " );
md5_csum( plaintext, PTLEN, md5sum );
if( rsa_pkcs1_sign( &rsa, RSA_MD5, md5sum, 16,
ciphertext, CTLEN ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n PKCS#1 sig. verify: " );
if( rsa_pkcs1_verify( &rsa, RSA_MD5, md5sum, 16,
ciphertext, CTLEN ) != 0 )
{
printf( "failed\n" );
return( 1 );
}
printf( "passed\n\n" );
rsa_free( &rsa );
return( 0 );
}
int message_rsa_decrypt(VCRYPT_CTX *ctx, rsa_context *public_rsa,
uint8_t *ciphertext, size_t len, char **decrypted)
{
int ret = 0;
int ret_len = 0;
if (len < 5)
return -ERR_DECRYPTION_ERROR;
if (*ciphertext++ != VCRYPT_PROTOCOL_VERSION)
return -ERR_DECRYPTION_ERROR;
uint16_t encr_key_len = *((uint16_t*) ciphertext);
ciphertext += 2;
uint16_t sig_key_len = *((uint16_t*) ciphertext);
ciphertext += 2;
if (encr_key_len != ctx->ssl_req.rsa.len)
return -ERR_DECRYPTION_ERROR;
if ((len - 5 - sig_key_len) % encr_key_len)
return -ERR_DECRYPTION_ERROR;
int ciphertext_chunks = (len - 5 - sig_key_len) / encr_key_len;
// maximum possible plaintext length
int plain_len = ciphertext_chunks * ctx->ssl_req.rsa.len;
if (ciphertext_chunks < 1)
return -ERR_DECRYPTION_ERROR; // we need the signature too
*decrypted = malloc(plain_len + 1); // 1 char for the null terminator
if (!*decrypted)
return -ERR_MALLOC;
int chunk;
size_t decrypted_len = 0;
uint8_t *in = ciphertext, *out = (uint8_t*) *decrypted;
for (chunk = 0; chunk < ciphertext_chunks;
chunk++, out += decrypted_len, in += ctx->ssl_req.rsa.len) {
if ((ret = rsa_pkcs1_decrypt(&ctx->ssl_req.rsa, RSA_PRIVATE,
&decrypted_len, in, out, ctx->ssl_req.rsa.len)) != 0) {
char err[256];
error_strerror(ret, err, sizeof err);
dolog(0,
" failed\n ! rsa_pkcs1_decrypt returned %d: %s (chunk: %d)\n",
ret, err, chunk);
free(*decrypted);
return -ERR_DECRYPTION_ERROR;
}
ret_len += decrypted_len;
}
*out = 0;
if (!public_rsa || !public_rsa->len) {
return -ERR_SIGN_VERIFY_ERROR;
}
unsigned char hash[64];
sha4_context sha_ctx;
sha4_starts(&sha_ctx, 1);
sha4_update(&sha_ctx, (uint8_t*) *decrypted, ret_len);
sha4_finish(&sha_ctx, hash);
if ((ret = rsa_pkcs1_verify(public_rsa, RSA_PUBLIC, public_rsa->hash_id,
sizeof hash, hash, in)) != 0) {
char err[256];
error_strerror(ret, err, sizeof err);
dolog(0,
" failed\n ! rsa_pkcs1_verify returned %d: %s\nmessage was: %s\n",
ret, err, *decrypted);
return -ERR_SIGN_VERIFY_ERROR;
}
return ret_len;
}
