/*
===============
SV_RSAGenMsg
Generate an encrypted RSA message
===============
*/
int SV_RSAGenMsg( const char *pubkey, char *cleartext, char *encrypted ) {
struct rsa_public_key public_key;
mpz_t message;
unsigned char buffer[ RSA_KEY_LENGTH / 8 - 11 ];
int retval;
Com_RandomBytes( buffer, RSA_KEY_LENGTH / 8 - 11 );
nettle_mpz_init_set_str_256_u( message, RSA_KEY_LENGTH / 8 - 11, buffer );
mpz_get_str( cleartext, 16, message );
rsa_public_key_init( &public_key );
mpz_set_ui( public_key.e, RSA_PUBLIC_EXPONENT );
retval = mpz_set_str( public_key.n, pubkey, 16 ) + 1;
if ( retval ) {
rsa_public_key_prepare( &public_key );
retval = rsa_encrypt( &public_key, NULL, qnettle_random, RSA_KEY_LENGTH / 8 - 11, buffer, message );
}
rsa_public_key_clear( &public_key );
mpz_get_str( encrypted, 16, message );
mpz_clear( message );
return retval;
}
static int
convert_rsa_private_key(struct nettle_buffer *buffer, unsigned length, const uint8_t *data)
{
struct rsa_public_key pub;
struct rsa_private_key priv;
int res;
rsa_public_key_init(&pub);
rsa_private_key_init(&priv);
if (rsa_keypair_from_der(&pub, &priv, 0,
length, data))
{
/* Reuses the buffer */
nettle_buffer_reset(buffer);
res = rsa_keypair_to_sexp(buffer, NULL, &pub, &priv);
}
else
{
werror("Invalid PKCS#1 private key.\n");
res = 0;
}
rsa_public_key_clear(&pub);
rsa_private_key_clear(&priv);
return res;
}
static void
bench_rsa_clear (void *p)
{
struct rsa_ctx *ctx = p;
rsa_public_key_clear (&ctx->pub);
rsa_private_key_clear (&ctx->key);
mpz_clear (ctx->s);
free (ctx->digest);
free (ctx);
}
int
main(int argc, char **argv)
{
struct rsa_public_key key;
struct sha1_ctx hash;
mpz_t s;
if (argc != 3)
{
werror("Usage: rsa-verify PUBLIC-KEY SIGNATURE-FILE < FILE\n");
return EXIT_FAILURE;
}
rsa_public_key_init(&key);
if (!read_rsa_key(argv[1], &key, NULL))
{
werror("Invalid key\n");
return EXIT_FAILURE;
}
mpz_init(s);
if (!read_signature(argv[2], s))
{
werror("Failed to read signature file `%s'\n",
argv[2]);
return EXIT_FAILURE;
}
sha1_init(&hash);
if (!hash_file(&nettle_sha1, &hash, stdin))
{
werror("Failed reading stdin: %s\n",
strerror(errno));
return 0;
}
if (!rsa_sha1_verify(&key, &hash, s))
{
werror("Invalid signature!\n");
return EXIT_FAILURE;
}
mpz_clear(s);
rsa_public_key_clear(&key);
return EXIT_SUCCESS;
}
void
test_main(void)
{
struct rsa_public_key pub;
struct rsa_private_key priv;
const struct tstring *sexp;
rsa_public_key_init(&pub);
rsa_private_key_init(&priv);
sexp = SHEX("2831313a707269766174652d6b657928"
"333a72736128313a6e36333a085c3408"
"989acae4faec3cbbad91c90d34c1d259"
"cd74121a36f38b0b51424a9b2be514a0"
"4377113a6cdafe79dd7d5f2ecc8b5e96"
"61189b86a7b22239907c252928313a65"
"343a36ad4b1d2928313a6436333a06ee"
"6d4ff3c239e408150daf8117abfa36a4"
"0ad4455d9059a86d52f33a2de07418a0"
"a699594588c64810248c9412d554f74a"
"f947c73c32007e87c92f0937ed292831"
"3a7033323a03259879b24315e9cf1425"
"4824c7935d807cdb6990f414a0f65e60"
"65130a611f2928313a7133323a02a81b"
"a73bad45fc73b36deffce52d1b73e074"
"7f4d8a82648cecd310448ea63b292831"
"3a6133323a026cbdad5dd0046e093f06"
"0ecd5b4ac918e098b0278bb752b7cadd"
"6a8944f0b92928313a6233323a014875"
"1e622d6d58e3bb094afd6edacf737035"
"1d068e2ce9f565c5528c4a7473292831"
"3a6333323a00f8a458ea73a018dc6fa5"
"6863e3bc6de405f364f77dee6f096267"
"9ea1a8282e292929");
ASSERT(rsa_keypair_from_sexp
(&pub, &priv, 0, sexp->length, sexp->data));
test_rsa_key(&pub, &priv);
rsa_public_key_clear(&pub);
rsa_private_key_clear(&priv);
}
int
test_main(void)
{
struct rsa_public_key pub;
struct rsa_private_key key;
mpz_t expected;
mpz_init(expected);
rsa_private_key_init(&key);
rsa_public_key_init(&pub);
test_rsa_set_key_1(&pub, &key);
/* Test md5 signatures */
mpz_set_str(expected,
"53bf517009fa956e" "3daa6adc95e8663d" "3759002f488bbbad"
"e49f62792d85dbcc" "293f68e2b68ef89a" "c5bd42d98f845325"
"3e6c1b76fc337db5" "e0053f255c55faf3" "eb6cc568ad7f5013"
"5b269a64acb9eaa7" "b7f09d9bd90310e6" "4c58f6dbe673ada2"
"67c97a9d99e19f9d" "87960d9ce3f0d5ce" "84f401fe7e10fa24"
"28b9bffcf9", 16);
test_rsa_md5(&pub, &key, expected);
/* Test sha1 signature */
mpz_set_str(expected,
"129b405ed85db88c" "55d35344c4b52854" "496516b4d63d8211"
"80a0c24d6ced9047" "33065a564bbd33d0" "a5cdfd204b9c6d15"
"78337207c2f1662d" "c73906c7a0f2bf5c" "af92cef9121957b1"
"dcb111ff47b92389" "888e384d0cfd1b1e" "e5d7003a8feff3fd"
"dd6a71d242a79272" "25234d67ba369441" "c12ae555c697754e"
"a17f93fa92", 16);
test_rsa_sha1(&pub, &key, expected);
mpz_set_str(expected,
"13f9e43f7a401a73" "0a74985c01520d76" "bf5f2e2dff91e93b"
"9267d8c388d6937b" "d4bc6f1fa31618a9" "b5e3a1a875af72f5"
"0e805dbfebdf4348" "7d49763f0b365e78" "d2c0ea8fb3785897"
"782289a58f998907" "248c9cdf2c643d7e" "6ba6b55026227773"
"6f19caa69c4fc6d7" "7e2e5d4cd6b7a82b" "900d201ffd000448"
"685e5a4f3e", 16);
test_rsa_sha256(&pub, &key, expected);
/* 777-bit key, generated by
*
* lsh-keygen -a rsa -l 777 -f advanced-hex
*
* Interesting because the size of n doesn't equal the sum of the
* sizes of p and q.
*
* (private-key (rsa-pkcs1
* (n #013b04440e3eef25 d51c738d508a7fa8 b3445180c342af0f
* 4cb5a789047300e2 cfc5c5450974cfc2 448aeaaa7f43c374
* c9a3b038b181f2d1 0f1a2327fd2c087b a49bf1086969fd2c
* d1df3fd69f81fa4b 162cc8bbb363fc95 b7b24b9c53d0c67e
* f52b#)
* (e #3f1a012d#)
* (d #f9bae89dacca6cca c21e0412b4df8355 6fe7c5322bbae8ad
* 3f11494fd12bc076 d4a7da3050fe109d 2074db09cc6a93b4
* 745479522558379e a0ddfa74f86c9e9e a22c3b0e93d51447
* 0feb38105dd35395 63b91ee32776f40c 67b2a175690f7abb
* 25#)
* (p #0b73c990eeda0a2a 2c26416052c85560 0c5c0f5ce86a8326
* 166acea91786237a 7ff884e66dbfdd3a ab9d9801414c1506
* 8b#)
* (q #1b81c19a62802a41 9c99283331b0badb 08eb0c25ffce0fbf
* 50017850036f32f3 2132a845b91a5236 61f7b451d587383f
* e1#)
* (a #0a912fc93a6cca6b 3521725a3065b3be 3c9745e29c93303d
* 7d29316c6cafa4a2 89945f964fcdea59 1f9d248b0b6734be
* c9#)
* (b #1658eca933251813 1eb19c77aba13d73 e0b8f4ce986d7615
* 764c6b0b03c18146 46b7f332c43e05c5 351e09006979ca5b
* 05#)
* (c #0114720dace7b27f 2bf2850c1804869f 79a0aad0ec02e6b4
* 05e1831619db2f10 bb9b6a8fd5c95df2 eb78f303ea0c0cc8
* 06#)))
*/
mpz_set_str(pub.n,
"013b04440e3eef25" "d51c738d508a7fa8" "b3445180c342af0f"
"4cb5a789047300e2" "cfc5c5450974cfc2" "448aeaaa7f43c374"
"c9a3b038b181f2d1" "0f1a2327fd2c087b" "a49bf1086969fd2c"
"d1df3fd69f81fa4b" "162cc8bbb363fc95" "b7b24b9c53d0c67e"
"f52b", 16);
mpz_set_str(pub.e, "3f1a012d", 16);
if (!rsa_public_key_prepare(&pub))
FAIL();
#if 0
mpz_set_str(key.d,
"f9bae89dacca6cca" "c21e0412b4df8355" "6fe7c5322bbae8ad"
"3f11494fd12bc076" "d4a7da3050fe109d" "2074db09cc6a93b4"
"745479522558379e" "a0ddfa74f86c9e9e" "a22c3b0e93d51447"
"0feb38105dd35395" "63b91ee32776f40c" "67b2a175690f7abb"
"25", 16);
#endif
mpz_set_str(key.p,
"0b73c990eeda0a2a" "2c26416052c85560" "0c5c0f5ce86a8326"
"166acea91786237a" "7ff884e66dbfdd3a" "ab9d9801414c1506"
"8b", 16);
mpz_set_str(key.q,
"1b81c19a62802a41" "9c99283331b0badb" "08eb0c25ffce0fbf"
"50017850036f32f3" "2132a845b91a5236" "61f7b451d587383f"
"e1", 16);
mpz_set_str(key.a,
"0a912fc93a6cca6b" "3521725a3065b3be" "3c9745e29c93303d"
"7d29316c6cafa4a2" "89945f964fcdea59" "1f9d248b0b6734be"
"c9", 16);
mpz_set_str(key.b,
"1658eca933251813" "1eb19c77aba13d73" "e0b8f4ce986d7615"
"764c6b0b03c18146" "46b7f332c43e05c5" "351e09006979ca5b"
"05", 16);
mpz_set_str(key.c,
"0114720dace7b27f" "2bf2850c1804869f" "79a0aad0ec02e6b4"
"05e1831619db2f10" "bb9b6a8fd5c95df2" "eb78f303ea0c0cc8"
"06", 16);
if (!rsa_private_key_prepare(&key))
FAIL();
if (pub.size != key.size)
FAIL();
/* Test md5 signatures */
mpz_set_str(expected,
"011b939f6fbacf7f" "7d3217b022d07477" "e582e34d4bbddd4c"
"31520647417fc8a6" "18b2e196d799cedd" "d8f5c062fd796b0f"
"72ab46db2ac6ec74" "39d856be3f746cc4" "3e0a15429954736a"
"60a8b3c6ea93d2cb" "c69085c307d72517" "07d43bf97a3b51eb"
"9e89", 16);
test_rsa_md5(&pub, &key, expected);
/* Test sha1 signature */
mpz_set_str(expected,
"648c49e0ed045547" "08381d0bcd03b7bd" "b0f80a0e9030525d"
"234327a1c96b8660" "f1c01c6f15ae76d0" "4f53a53806b7e4db"
"1f789e6e89b538f6" "88fcbd2caa6abef0" "5432d52f3de463a4"
"a9e6de94f1b7bb68" "3c07edf0924fc93f" "56e1a0dba8f7491c"
"5c", 16);
test_rsa_sha1(&pub, &key, expected);
mpz_set_str(expected,
"d759bb28b4d249a2" "f8b67bdbb1ab7f50" "c88712fbcabc2956"
"1ec6ca3f8fdafe7a" "38433d7da287b8f7" "87857274c1640b2b"
"e652cd89c501d570" "3980a0af5c6bb60c" "f84feab25b099d06"
"e2519accb73dac43" "fb8bdad28835f3bd" "84c43678fe2ef41f"
"af", 16);
test_rsa_sha256(&pub, &key, expected);
rsa_private_key_clear(&key);
rsa_public_key_clear(&pub);
mpz_clear(expected);
SUCCESS();
}
int
main(int argc, char **argv)
{
struct rsa_session ctx;
struct rsa_session_info info;
struct rsa_public_key key;
mpz_t x;
int c;
const char *random_name = NULL;
enum { OPT_HELP = 300 };
static const struct option options[] =
{
/* Name, args, flag, val */
{ "help", no_argument, NULL, OPT_HELP },
{ "random", required_argument, NULL, 'r' },
{ NULL, 0, NULL, 0}
};
while ( (c = getopt_long(argc, argv, "o:r:", options, NULL)) != -1)
switch (c)
{
case 'r':
random_name = optarg;
break;
case '?':
return EXIT_FAILURE;
case OPT_HELP:
usage(stdout);
return EXIT_SUCCESS;
default:
abort();
}
argv += optind;
argc -= optind;
if (argc != 1)
{
usage (stderr);
return EXIT_FAILURE;
}
rsa_public_key_init(&key);
if (!read_rsa_key(argv[0], &key, NULL))
{
werror("Invalid key\n");
return EXIT_FAILURE;
}
/* NOTE: No sources */
yarrow256_init(&ctx.yarrow, 0, NULL);
/* Read some data to seed the generator */
if (!simple_random(&ctx.yarrow, random_name))
{
werror("Initialization of randomness generator failed.\n");
return EXIT_FAILURE;
}
WRITE_UINT32(SESSION_VERSION(&info), RSA_VERSION);
yarrow256_random(&ctx.yarrow, sizeof(info.key) - 4, info.key + 4);
rsa_session_set_encrypt_key(&ctx, &info);
#ifdef WIN32
_setmode(0, O_BINARY);
_setmode(1, O_BINARY);
#endif
write_version(stdout);
mpz_init(x);
if (!rsa_encrypt(&key,
&ctx.yarrow, (nettle_random_func *) yarrow256_random,
sizeof(info.key), info.key,
x))
{
werror("RSA encryption failed.\n");
return EXIT_FAILURE;
}
write_bignum(stdout, x);
mpz_clear (x);
if (!process_file(&ctx,
stdin, stdout))
return EXIT_FAILURE;
rsa_public_key_clear(&key);
return EXIT_SUCCESS;
}
static int
wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo,
unsigned int level /*bits */ ,
gnutls_pk_params_st * params)
{
int ret;
unsigned int i, q_bits;
memset(params, 0, sizeof(*params));
switch (algo)
{
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
struct dsa_private_key priv;
dsa_public_key_init (&pub);
dsa_private_key_init (&priv);
/* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
* but we do NIST DSA here */
if (level <= 1024)
q_bits = 160;
else
q_bits = 256;
ret =
dsa_generate_keypair (&pub, &priv, NULL,
rnd_func, NULL, NULL, level, q_bits);
if (ret != 1)
{
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto dsa_fail;
}
params->params_nr = 0;
for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
{
params->params[i] = _gnutls_mpi_alloc_like (&pub.p);
if (params->params[i] == NULL)
{
ret = GNUTLS_E_MEMORY_ERROR;
goto dsa_fail;
}
params->params_nr++;
}
ret = 0;
_gnutls_mpi_set (params->params[0], pub.p);
_gnutls_mpi_set (params->params[1], pub.q);
_gnutls_mpi_set (params->params[2], pub.g);
_gnutls_mpi_set (params->params[3], pub.y);
_gnutls_mpi_set (params->params[4], priv.x);
dsa_fail:
dsa_private_key_clear (&priv);
dsa_public_key_clear (&pub);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_RSA:
{
struct rsa_public_key pub;
struct rsa_private_key priv;
rsa_public_key_init (&pub);
rsa_private_key_init (&priv);
_gnutls_mpi_set_ui (&pub.e, 65537);
ret =
rsa_generate_keypair (&pub, &priv, NULL,
rnd_func, NULL, NULL, level, 0);
if (ret != 1)
{
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto rsa_fail;
}
params->params_nr = 0;
for (i = 0; i < RSA_PRIVATE_PARAMS; i++)
{
params->params[i] = _gnutls_mpi_alloc_like (&pub.n);
if (params->params[i] == NULL)
{
ret = GNUTLS_E_MEMORY_ERROR;
goto rsa_fail;
}
params->params_nr++;
}
ret = 0;
_gnutls_mpi_set (params->params[0], pub.n);
_gnutls_mpi_set (params->params[1], pub.e);
_gnutls_mpi_set (params->params[2], priv.d);
_gnutls_mpi_set (params->params[3], priv.p);
_gnutls_mpi_set (params->params[4], priv.q);
_gnutls_mpi_set (params->params[5], priv.c);
_gnutls_mpi_set (params->params[6], priv.a);
_gnutls_mpi_set (params->params[7], priv.b);
rsa_fail:
rsa_private_key_clear (&priv);
rsa_public_key_clear (&pub);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_EC:
{
ecc_key key;
ecc_set_type tls_ecc_set;
const gnutls_ecc_curve_entry_st *st;
st = _gnutls_ecc_curve_get_params(level);
if (st == NULL)
return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
tls_ecc_set.size = st->size;
tls_ecc_set.prime = st->prime;
tls_ecc_set.order = st->order;
tls_ecc_set.Gx = st->Gx;
tls_ecc_set.Gy = st->Gy;
tls_ecc_set.A = st->A;
tls_ecc_set.B = st->B;
ret = ecc_make_key(NULL, rnd_func, &key, &tls_ecc_set, st->id);
if (ret != 0)
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
params->params_nr = 0;
for (i = 0; i < ECC_PRIVATE_PARAMS; i++)
{
params->params[i] = _gnutls_mpi_alloc_like(&key.prime);
if (params->params[i] == NULL)
{
ret = GNUTLS_E_MEMORY_ERROR;
goto ecc_fail;
}
params->params_nr++;
}
params->flags = level;
mpz_set(TOMPZ(params->params[ECC_PRIME]), key.prime);
mpz_set(TOMPZ(params->params[ECC_ORDER]), key.order);
mpz_set(TOMPZ(params->params[ECC_A]), key.A);
mpz_set(TOMPZ(params->params[ECC_B]), key.B);
mpz_set(TOMPZ(params->params[ECC_GX]), key.Gx);
mpz_set(TOMPZ(params->params[ECC_GY]), key.Gy);
mpz_set(TOMPZ(params->params[ECC_X]), key.pubkey.x);
mpz_set(TOMPZ(params->params[ECC_Y]), key.pubkey.y);
mpz_set(TOMPZ(params->params[ECC_K]), key.k);
ecc_fail:
ecc_free(&key);
if (ret < 0)
goto fail;
break;
}
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
return 0;
fail:
for (i = 0; i < params->params_nr; i++)
{
_gnutls_mpi_release (¶ms->params[i]);
}
params->params_nr = 0;
return ret;
}
void
test_main(void)
{
struct rsa_public_key pub;
struct rsa_private_key key;
struct knuth_lfib_ctx lfib;
/* FIXME: How is this spelled? */
const uint8_t *msg = "Squemish ossifrage";
size_t msg_length;
uint8_t *decrypted;
size_t decrypted_length;
uint8_t after;
mpz_t gibberish;
rsa_private_key_init(&key);
rsa_public_key_init(&pub);
mpz_init(gibberish);
knuth_lfib_init(&lfib, 17);
test_rsa_set_key_1(&pub, &key);
msg_length = strlen(msg);
if (verbose)
fprintf(stderr, "msg: `%s', length = %d\n", msg, (int) msg_length);
ASSERT(rsa_encrypt(&pub,
&lfib, (nettle_random_func *) knuth_lfib_random,
msg_length, msg,
gibberish));
if (verbose)
{
fprintf(stderr, "encrypted: ");
mpz_out_str(stderr, 10, gibberish);
}
decrypted = xalloc(msg_length + 1);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length - 1;
ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
decrypted_length = msg_length;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = key.size;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length;
ASSERT(rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
/* Test invalid key. */
mpz_add_ui (key.q, key.q, 2);
decrypted_length = key.size;
ASSERT(!rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
rsa_private_key_clear(&key);
rsa_public_key_clear(&pub);
mpz_clear(gibberish);
free(decrypted);
}
static int
wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
unsigned int level /*bits */ ,
gnutls_pk_params_st * params)
{
int ret;
unsigned int i, q_bits;
memset(params, 0, sizeof(*params));
switch (algo) {
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
struct dsa_private_key priv;
dsa_public_key_init(&pub);
dsa_private_key_init(&priv);
/* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
* but we do NIST DSA here */
if (level <= 1024)
q_bits = 160;
else
q_bits = 256;
ret =
dsa_generate_keypair(&pub, &priv, NULL,
rnd_func, NULL, NULL,
level, q_bits);
if (ret != 1) {
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
goto dsa_fail;
}
params->params_nr = 0;
for (i = 0; i < DSA_PRIVATE_PARAMS; i++) {
params->params[i] =
_gnutls_mpi_alloc_like(&pub.p);
if (params->params[i] == NULL) {
ret = GNUTLS_E_MEMORY_ERROR;
goto dsa_fail;
}
params->params_nr++;
}
ret = 0;
_gnutls_mpi_set(params->params[0], pub.p);
_gnutls_mpi_set(params->params[1], pub.q);
_gnutls_mpi_set(params->params[2], pub.g);
_gnutls_mpi_set(params->params[3], pub.y);
_gnutls_mpi_set(params->params[4], priv.x);
dsa_fail:
dsa_private_key_clear(&priv);
dsa_public_key_clear(&pub);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_RSA:
{
struct rsa_public_key pub;
struct rsa_private_key priv;
rsa_public_key_init(&pub);
rsa_private_key_init(&priv);
_gnutls_mpi_set_ui(&pub.e, 65537);
ret =
rsa_generate_keypair(&pub, &priv, NULL,
rnd_func, NULL, NULL,
level, 0);
if (ret != 1) {
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
goto rsa_fail;
}
params->params_nr = 0;
for (i = 0; i < RSA_PRIVATE_PARAMS; i++) {
params->params[i] =
_gnutls_mpi_alloc_like(&pub.n);
if (params->params[i] == NULL) {
ret = GNUTLS_E_MEMORY_ERROR;
goto rsa_fail;
}
params->params_nr++;
}
ret = 0;
_gnutls_mpi_set(params->params[0], pub.n);
_gnutls_mpi_set(params->params[1], pub.e);
_gnutls_mpi_set(params->params[2], priv.d);
_gnutls_mpi_set(params->params[3], priv.p);
_gnutls_mpi_set(params->params[4], priv.q);
_gnutls_mpi_set(params->params[5], priv.c);
_gnutls_mpi_set(params->params[6], priv.a);
_gnutls_mpi_set(params->params[7], priv.b);
rsa_fail:
rsa_private_key_clear(&priv);
rsa_public_key_clear(&pub);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_EC:
{
struct ecc_scalar key;
struct ecc_point pub;
const struct ecc_curve *curve;
curve = get_supported_curve(level);
if (curve == NULL)
return
gnutls_assert_val
(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
ecc_scalar_init(&key, curve);
ecc_point_init(&pub, curve);
ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);
params->params[ECC_X] = _gnutls_mpi_new(0);
params->params[ECC_Y] = _gnutls_mpi_new(0);
params->params[ECC_K] = _gnutls_mpi_new(0);
if (params->params[ECC_X] == NULL
|| params->params[ECC_Y] == NULL
|| params->params[ECC_K] == NULL) {
_gnutls_mpi_release(¶ms->
params[ECC_X]);
_gnutls_mpi_release(¶ms->
params[ECC_Y]);
_gnutls_mpi_release(¶ms->
params[ECC_K]);
goto ecc_cleanup;
}
params->flags = level;
params->params_nr = ECC_PRIVATE_PARAMS;
ecc_point_get(&pub, TOMPZ(params->params[ECC_X]),
TOMPZ(params->params[ECC_Y]));
ecc_scalar_get(&key, TOMPZ(params->params[ECC_K]));
ecc_cleanup:
ecc_point_clear(&pub);
ecc_scalar_clear(&key);
break;
}
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
return 0;
fail:
for (i = 0; i < params->params_nr; i++) {
_gnutls_mpi_release(¶ms->params[i]);
}
params->params_nr = 0;
return ret;
}
/* To generate a DH key either q must be set in the params or
* level should be set to the number of required bits.
*/
static int
wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
unsigned int level /*bits */ ,
gnutls_pk_params_st * params)
{
int ret;
unsigned int i;
switch (algo) {
case GNUTLS_PK_DSA:
#ifdef ENABLE_FIPS140
{
struct dsa_public_key pub;
struct dsa_private_key priv;
if (params->params[DSA_Q] == NULL)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
_dsa_params_to_pubkey(params, &pub);
dsa_private_key_init(&priv);
mpz_init(pub.y);
ret =
dsa_generate_dss_keypair(&pub, &priv,
NULL, rnd_func,
NULL, NULL);
if (ret != 1) {
gnutls_assert();
ret = GNUTLS_E_PK_GENERATION_ERROR;
goto dsa_fail;
}
ret = _gnutls_mpi_init_multi(¶ms->params[DSA_Y], ¶ms->params[DSA_X], NULL);
if (ret < 0) {
gnutls_assert();
goto dsa_fail;
}
mpz_set(TOMPZ(params->params[DSA_Y]), pub.y);
mpz_set(TOMPZ(params->params[DSA_X]), priv.x);
params->params_nr += 2;
dsa_fail:
dsa_private_key_clear(&priv);
mpz_clear(pub.y);
if (ret < 0)
goto fail;
break;
}
#endif
case GNUTLS_PK_DH:
{
struct dsa_public_key pub;
mpz_t r;
mpz_t x, y;
int max_tries;
unsigned have_q = 0;
if (algo != params->algo)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
_dsa_params_to_pubkey(params, &pub);
if (params->params[DSA_Q] != NULL)
have_q = 1;
/* This check is for the case !ENABLE_FIPS140 */
if (algo == GNUTLS_PK_DSA && have_q == 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
mpz_init(r);
mpz_init(x);
mpz_init(y);
max_tries = 3;
do {
if (have_q) {
mpz_set(r, pub.q);
mpz_sub_ui(r, r, 2);
nettle_mpz_random(x, NULL, rnd_func, r);
mpz_add_ui(x, x, 1);
} else {
unsigned size = mpz_sizeinbase(pub.p, 2);
if (level == 0)
level = MIN(size, DH_EXPONENT_SIZE(size));
nettle_mpz_random_size(x, NULL, rnd_func, level);
if (level >= size)
mpz_mod(x, x, pub.p);
}
mpz_powm(y, pub.g, x, pub.p);
max_tries--;
if (max_tries <= 0) {
gnutls_assert();
ret = GNUTLS_E_RANDOM_FAILED;
goto dh_fail;
}
} while(mpz_cmp_ui(y, 1) == 0);
ret = _gnutls_mpi_init_multi(¶ms->params[DSA_Y], ¶ms->params[DSA_X], NULL);
if (ret < 0) {
gnutls_assert();
goto dh_fail;
}
mpz_set(TOMPZ(params->params[DSA_Y]), y);
mpz_set(TOMPZ(params->params[DSA_X]), x);
params->params_nr += 2;
ret = 0;
dh_fail:
mpz_clear(r);
mpz_clear(x);
mpz_clear(y);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_RSA:
{
struct rsa_public_key pub;
struct rsa_private_key priv;
rsa_public_key_init(&pub);
rsa_private_key_init(&priv);
mpz_set_ui(pub.e, 65537);
#ifdef ENABLE_FIPS140
ret =
rsa_generate_fips186_4_keypair(&pub, &priv, NULL,
rnd_func, NULL, NULL,
level);
#else
ret =
rsa_generate_keypair(&pub, &priv, NULL,
rnd_func, NULL, NULL,
level, 0);
#endif
if (ret != 1) {
gnutls_assert();
ret = GNUTLS_E_PK_GENERATION_ERROR;
goto rsa_fail;
}
params->params_nr = 0;
for (i = 0; i < RSA_PRIVATE_PARAMS; i++) {
ret = _gnutls_mpi_init(¶ms->params[i]);
if (ret < 0) {
gnutls_assert();
goto rsa_fail;
}
params->params_nr++;
}
mpz_set(TOMPZ(params->params[0]), pub.n);
mpz_set(TOMPZ(params->params[1]), pub.e);
mpz_set(TOMPZ(params->params[2]), priv.d);
mpz_set(TOMPZ(params->params[3]), priv.p);
mpz_set(TOMPZ(params->params[4]), priv.q);
mpz_set(TOMPZ(params->params[5]), priv.c);
mpz_set(TOMPZ(params->params[6]), priv.a);
mpz_set(TOMPZ(params->params[7]), priv.b);
ret = 0;
rsa_fail:
rsa_private_key_clear(&priv);
rsa_public_key_clear(&pub);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_EC:
{
struct ecc_scalar key;
struct ecc_point pub;
const struct ecc_curve *curve;
curve = get_supported_curve(level);
if (curve == NULL)
return
gnutls_assert_val
(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
ecc_scalar_init(&key, curve);
ecc_point_init(&pub, curve);
ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);
ret = _gnutls_mpi_init_multi(¶ms->params[ECC_X], ¶ms->params[ECC_Y],
¶ms->params[ECC_K], NULL);
if (ret < 0) {
gnutls_assert();
goto ecc_fail;
}
params->flags = level;
params->params_nr = ECC_PRIVATE_PARAMS;
ecc_point_get(&pub, TOMPZ(params->params[ECC_X]),
TOMPZ(params->params[ECC_Y]));
ecc_scalar_get(&key, TOMPZ(params->params[ECC_K]));
ret = 0;
ecc_fail:
ecc_point_clear(&pub);
ecc_scalar_clear(&key);
if (ret < 0)
goto fail;
break;
}
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
FAIL_IF_LIB_ERROR;
return 0;
fail:
for (i = 0; i < params->params_nr; i++) {
_gnutls_mpi_release(¶ms->params[i]);
}
params->params_nr = 0;
FAIL_IF_LIB_ERROR;
return ret;
}
int
test_main(void)
{
struct rsa_public_key pub;
struct rsa_private_key priv;
struct nettle_buffer buffer;
rsa_public_key_init(&pub);
rsa_private_key_init(&priv);
mpz_set_str(pub.n,
"085c3408989acae4faec3cbbad91c90d34c1d259cd74121a"
"36f38b0b51424a9b2be514a04377113a6cdafe79dd7d5f2e"
"cc8b5e9661189b86a7b22239907c25", 16);
mpz_set_str(pub.e, "36ad4b1d", 16);
ASSERT(rsa_public_key_prepare(&pub));
mpz_set_str(priv.d,
"06ee6d4ff3c239e408150daf8117abfa36a40ad4455d9059"
"a86d52f33a2de07418a0a699594588c64810248c9412d554"
"f74af947c73c32007e87c92f0937ed", 16);
mpz_set_str(priv.p,
"03259879b24315e9cf14254824c7935d807cdb6990f414a0"
"f65e6065130a611f", 16);
mpz_set_str(priv.q,
"02a81ba73bad45fc73b36deffce52d1b73e0747f4d8a8264"
"8cecd310448ea63b", 16);
mpz_set_str(priv.a,
"026cbdad5dd0046e093f060ecd5b4ac918e098b0278bb752"
"b7cadd6a8944f0b9", 16);
mpz_set_str(priv.b,
"0148751e622d6d58e3bb094afd6edacf7370351d068e2ce9"
"f565c5528c4a7473", 16);
mpz_set_str(priv.c,
"f8a458ea73a018dc6fa56863e3bc6de405f364f77dee6f09"
"62679ea1a8282e", 16);
ASSERT(rsa_private_key_prepare(&priv));
nettle_buffer_init(&buffer);
ASSERT(rsa_keypair_to_sexp(&buffer, "rsa", &pub, &priv));
if (verbose)
{
printf("private:");
print_hex(buffer.size, buffer.contents);
}
ASSERT(MEMEQH(buffer.size, buffer.contents,
"2831313a707269766174652d6b657928"
"333a72736128313a6e36333a085c3408"
"989acae4faec3cbbad91c90d34c1d259"
"cd74121a36f38b0b51424a9b2be514a0"
"4377113a6cdafe79dd7d5f2ecc8b5e96"
"61189b86a7b22239907c252928313a65"
"343a36ad4b1d2928313a6436333a06ee"
"6d4ff3c239e408150daf8117abfa36a4"
"0ad4455d9059a86d52f33a2de07418a0"
"a699594588c64810248c9412d554f74a"
"f947c73c32007e87c92f0937ed292831"
"3a7033323a03259879b24315e9cf1425"
"4824c7935d807cdb6990f414a0f65e60"
"65130a611f2928313a7133323a02a81b"
"a73bad45fc73b36deffce52d1b73e074"
"7f4d8a82648cecd310448ea63b292831"
"3a6133323a026cbdad5dd0046e093f06"
"0ecd5b4ac918e098b0278bb752b7cadd"
"6a8944f0b92928313a6233323a014875"
"1e622d6d58e3bb094afd6edacf737035"
"1d068e2ce9f565c5528c4a7473292831"
"3a6333323a00f8a458ea73a018dc6fa5"
"6863e3bc6de405f364f77dee6f096267"
"9ea1a8282e292929"));
nettle_buffer_clear(&buffer);
ASSERT(rsa_keypair_to_sexp(&buffer, NULL, &pub, NULL));
if (verbose)
{
printf("public:");
print_hex(buffer.size, buffer.contents);
}
ASSERT(MEMEQH(buffer.size, buffer.contents,
"2831303a7075626c69632d6b65792839"
"3a7273612d706b63733128313a6e3633"
"3a085c3408989acae4faec3cbbad91c9"
"0d34c1d259cd74121a36f38b0b51424a"
"9b2be514a04377113a6cdafe79dd7d5f"
"2ecc8b5e9661189b86a7b22239907c25"
"2928313a65343a36ad4b1d292929"));
rsa_public_key_clear(&pub);
rsa_private_key_clear(&priv);
SUCCESS();
}