/*
===============
SV_RSAGenMsg
Generate an encrypted RSA message
===============
*/
int SV_RSAGenMsg( const char *pubkey, char *cleartext, char *encrypted ) {
struct rsa_public_key public_key;
mpz_t message;
unsigned char buffer[ RSA_KEY_LENGTH / 8 - 11 ];
int retval;
Com_RandomBytes( buffer, RSA_KEY_LENGTH / 8 - 11 );
nettle_mpz_init_set_str_256_u( message, RSA_KEY_LENGTH / 8 - 11, buffer );
mpz_get_str( cleartext, 16, message );
rsa_public_key_init( &public_key );
mpz_set_ui( public_key.e, RSA_PUBLIC_EXPONENT );
retval = mpz_set_str( public_key.n, pubkey, 16 ) + 1;
if ( retval ) {
rsa_public_key_prepare( &public_key );
retval = rsa_encrypt( &public_key, NULL, qnettle_random, RSA_KEY_LENGTH / 8 - 11, buffer, message );
}
rsa_public_key_clear( &public_key );
mpz_get_str( encrypted, 16, message );
mpz_clear( message );
return retval;
}
/* Allocate and generate keys */
void
init_rsa_array(struct rsa_public_key **pub,struct rsa_private_key **priv)
{
int i = 0;
struct yarrow256_ctx yarrow;
const char *random_name = NULL;
for(i=0; i < aspathlen; i++) {
yarrow256_init(&yarrow, 0, NULL);
/* Read some data to seed the generator */
if (!test_simple_random(&yarrow, random_name)) {
die("init_rsa_array :: Initialization of randomness generator failed.\n");
}
pub[i] = (struct rsa_public_key * ) malloc (sizeof(struct rsa_public_key));
priv[i] = (struct rsa_private_key *) malloc (sizeof(struct rsa_private_key));
if(!priv[i] || !pub[i])
die("init_rsa_array :: i = %d %s\n",strerror(errno));
rsa_public_key_init(pub[i]);
rsa_private_key_init(priv[i]);
if (!rsa_generate_keypair (pub[i], priv[i],
(void *) &yarrow, (nettle_random_func *) yarrow256_random,
NULL, progress,KEYSIZE, ESIZE)) {
die("Key generation failed.\n");
}
}
return ;
}
static int
convert_rsa_private_key(struct nettle_buffer *buffer, unsigned length, const uint8_t *data)
{
struct rsa_public_key pub;
struct rsa_private_key priv;
int res;
rsa_public_key_init(&pub);
rsa_private_key_init(&priv);
if (rsa_keypair_from_der(&pub, &priv, 0,
length, data))
{
/* Reuses the buffer */
nettle_buffer_reset(buffer);
res = rsa_keypair_to_sexp(buffer, NULL, &pub, &priv);
}
else
{
werror("Invalid PKCS#1 private key.\n");
res = 0;
}
rsa_public_key_clear(&pub);
rsa_private_key_clear(&priv);
return res;
}
int
main(int argc, char **argv)
{
struct rsa_public_key key;
struct sha1_ctx hash;
mpz_t s;
if (argc != 3)
{
werror("Usage: rsa-verify PUBLIC-KEY SIGNATURE-FILE < FILE\n");
return EXIT_FAILURE;
}
rsa_public_key_init(&key);
if (!read_rsa_key(argv[1], &key, NULL))
{
werror("Invalid key\n");
return EXIT_FAILURE;
}
mpz_init(s);
if (!read_signature(argv[2], s))
{
werror("Failed to read signature file `%s'\n",
argv[2]);
return EXIT_FAILURE;
}
sha1_init(&hash);
if (!hash_file(&nettle_sha1, &hash, stdin))
{
werror("Failed reading stdin: %s\n",
strerror(errno));
return 0;
}
if (!rsa_sha1_verify(&key, &hash, s))
{
werror("Invalid signature!\n");
return EXIT_FAILURE;
}
mpz_clear(s);
rsa_public_key_clear(&key);
return EXIT_SUCCESS;
}
int rsa_sha1_verify_fd(libsign_public_key *pub_ctx, libsign_signature *sig_ctx,
int fd)
{
/* hash the data from the given fd and verify the result */
int ret = -EINVAL;
int num = 0;
uint8_t buffer[512];
struct sha1_ctx hash;
struct rsa_public_key key;
rsa_public_key_init(&key);
mpz_set(key.n, pub_ctx->n);
mpz_set(key.e, pub_ctx->e);
rsa_public_key_prepare(&key);
/* hash the data */
sha1_init(&hash);
while((num = read(fd, buffer, 512)) > 0)
sha1_update(&hash, num, buffer);
if(num < 0)
goto exit;
/* hash the hashed data from the signature */
sha1_update(&hash, sig_ctx->hashed_data_len,
sig_ctx->hashed_data);
/* then hash the trailer */
if(sig_ctx->version == PGP_SIG_VER4) {
uint8_t trailer[6];
/* version */
trailer[0] = 0x04;
trailer[1] = 0xff;
/* big-endian length of the hashed data from
the signature */
trailer[5] = sig_ctx->hashed_data_len;
trailer[4] = sig_ctx->hashed_data_len >> 8;
trailer[3] = sig_ctx->hashed_data_len >> 16;
trailer[2] = sig_ctx->hashed_data_len >> 24;
sha1_update(&hash, 6, trailer);
}
void
test_main(void)
{
struct rsa_public_key pub;
struct rsa_private_key priv;
const struct tstring *sexp;
rsa_public_key_init(&pub);
rsa_private_key_init(&priv);
sexp = SHEX("2831313a707269766174652d6b657928"
"333a72736128313a6e36333a085c3408"
"989acae4faec3cbbad91c90d34c1d259"
"cd74121a36f38b0b51424a9b2be514a0"
"4377113a6cdafe79dd7d5f2ecc8b5e96"
"61189b86a7b22239907c252928313a65"
"343a36ad4b1d2928313a6436333a06ee"
"6d4ff3c239e408150daf8117abfa36a4"
"0ad4455d9059a86d52f33a2de07418a0"
"a699594588c64810248c9412d554f74a"
"f947c73c32007e87c92f0937ed292831"
"3a7033323a03259879b24315e9cf1425"
"4824c7935d807cdb6990f414a0f65e60"
"65130a611f2928313a7133323a02a81b"
"a73bad45fc73b36deffce52d1b73e074"
"7f4d8a82648cecd310448ea63b292831"
"3a6133323a026cbdad5dd0046e093f06"
"0ecd5b4ac918e098b0278bb752b7cadd"
"6a8944f0b92928313a6233323a014875"
"1e622d6d58e3bb094afd6edacf737035"
"1d068e2ce9f565c5528c4a7473292831"
"3a6333323a00f8a458ea73a018dc6fa5"
"6863e3bc6de405f364f77dee6f096267"
"9ea1a8282e292929");
ASSERT(rsa_keypair_from_sexp
(&pub, &priv, 0, sexp->length, sexp->data));
test_rsa_key(&pub, &priv);
rsa_public_key_clear(&pub);
rsa_private_key_clear(&priv);
}
/* Returns 1 on success, 0 on error, and -1 for unsupported algorithms. */
static int
convert_public_key(struct nettle_buffer *buffer, unsigned length, const uint8_t *data)
{
/* SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING
}
AlgorithmIdentifier ::= SEQUENCE {
algorithm OBJECT IDENTIFIER,
parameters OPTIONAL
}
*/
struct asn1_der_iterator i;
struct asn1_der_iterator j;
int res = 0;
if (asn1_der_iterator_first(&i, length, data) == ASN1_ITERATOR_CONSTRUCTED
&& i.type == ASN1_SEQUENCE
&& asn1_der_decode_constructed_last(&i) == ASN1_ITERATOR_CONSTRUCTED
&& i.type == ASN1_SEQUENCE
/* Use the j iterator to parse the algorithm identifier */
&& asn1_der_decode_constructed(&i, &j) == ASN1_ITERATOR_PRIMITIVE
&& j.type == ASN1_IDENTIFIER
&& asn1_der_iterator_next(&i) == ASN1_ITERATOR_PRIMITIVE
&& i.type == ASN1_BITSTRING
/* Use i to parse the object wrapped in the bit string.*/
&& asn1_der_decode_bitstring_last(&i))
{
/* pkcs-1 {
iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
modules(0) pkcs-1(1)
}
--
-- When rsaEncryption is used in an AlgorithmIdentifier the
-- parameters MUST be present and MUST be NULL.
--
rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 }
*/
static const uint8_t id_rsaEncryption[9] =
{ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01 };
/*
--
-- When dsa is used in an AlgorithmIdentifier the
-- parameters MUST be present and MUST NOT be NULL.
--
dsa OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
*/
static const uint8_t id_dsa[7] =
{ 0x2A, 0x86, 0x48, 0xCE, 0x38, 0x04, 0x01 };
switch (j.length)
{
unknown:
default:
werror("SubjectPublicKeyInfo: Unsupported algorithm.\n");
res = -1;
break;
case 7:
if (memcmp(j.data, id_dsa, 7) == 0)
{
if (asn1_der_iterator_next(&j) == ASN1_ITERATOR_CONSTRUCTED
&& asn1_der_decode_constructed_last(&j) == ASN1_ITERATOR_PRIMITIVE)
{
struct dsa_public_key pub;
dsa_public_key_init(&pub);
if (dsa_params_from_der_iterator(&pub, 0, &i)
&& dsa_public_key_from_der_iterator(&pub, 0, &j))
{
nettle_buffer_reset(buffer);
res = dsa_keypair_to_sexp(buffer, NULL, &pub, NULL) > 0;
}
}
if (!res)
werror("SubjectPublicKeyInfo: Invalid DSA key.\n");
break;
}
else goto unknown;
case 9:
if (memcmp(j.data, id_rsaEncryption, 9) == 0)
{
if (asn1_der_iterator_next(&j) == ASN1_ITERATOR_PRIMITIVE
&& j.type == ASN1_NULL
&& j.length == 0
&& asn1_der_iterator_next(&j) == ASN1_ITERATOR_END)
{
struct rsa_public_key pub;
rsa_public_key_init(&pub);
if (rsa_public_key_from_der_iterator(&pub, 0, &i))
{
nettle_buffer_reset(buffer);
res = rsa_keypair_to_sexp(buffer, NULL, &pub, NULL) > 0;
}
}
if (!res)
werror("SubjectPublicKeyInfo: Invalid RSA key.\n");
break;
}
else goto unknown;
}
}
else
werror("SubjectPublicKeyInfo: Invalid object.\n");
return res;
}
int
test_main(void)
{
struct rsa_public_key pub;
struct rsa_private_key key;
mpz_t expected;
mpz_init(expected);
rsa_private_key_init(&key);
rsa_public_key_init(&pub);
test_rsa_set_key_1(&pub, &key);
/* Test md5 signatures */
mpz_set_str(expected,
"53bf517009fa956e" "3daa6adc95e8663d" "3759002f488bbbad"
"e49f62792d85dbcc" "293f68e2b68ef89a" "c5bd42d98f845325"
"3e6c1b76fc337db5" "e0053f255c55faf3" "eb6cc568ad7f5013"
"5b269a64acb9eaa7" "b7f09d9bd90310e6" "4c58f6dbe673ada2"
"67c97a9d99e19f9d" "87960d9ce3f0d5ce" "84f401fe7e10fa24"
"28b9bffcf9", 16);
test_rsa_md5(&pub, &key, expected);
/* Test sha1 signature */
mpz_set_str(expected,
"129b405ed85db88c" "55d35344c4b52854" "496516b4d63d8211"
"80a0c24d6ced9047" "33065a564bbd33d0" "a5cdfd204b9c6d15"
"78337207c2f1662d" "c73906c7a0f2bf5c" "af92cef9121957b1"
"dcb111ff47b92389" "888e384d0cfd1b1e" "e5d7003a8feff3fd"
"dd6a71d242a79272" "25234d67ba369441" "c12ae555c697754e"
"a17f93fa92", 16);
test_rsa_sha1(&pub, &key, expected);
mpz_set_str(expected,
"13f9e43f7a401a73" "0a74985c01520d76" "bf5f2e2dff91e93b"
"9267d8c388d6937b" "d4bc6f1fa31618a9" "b5e3a1a875af72f5"
"0e805dbfebdf4348" "7d49763f0b365e78" "d2c0ea8fb3785897"
"782289a58f998907" "248c9cdf2c643d7e" "6ba6b55026227773"
"6f19caa69c4fc6d7" "7e2e5d4cd6b7a82b" "900d201ffd000448"
"685e5a4f3e", 16);
test_rsa_sha256(&pub, &key, expected);
/* 777-bit key, generated by
*
* lsh-keygen -a rsa -l 777 -f advanced-hex
*
* Interesting because the size of n doesn't equal the sum of the
* sizes of p and q.
*
* (private-key (rsa-pkcs1
* (n #013b04440e3eef25 d51c738d508a7fa8 b3445180c342af0f
* 4cb5a789047300e2 cfc5c5450974cfc2 448aeaaa7f43c374
* c9a3b038b181f2d1 0f1a2327fd2c087b a49bf1086969fd2c
* d1df3fd69f81fa4b 162cc8bbb363fc95 b7b24b9c53d0c67e
* f52b#)
* (e #3f1a012d#)
* (d #f9bae89dacca6cca c21e0412b4df8355 6fe7c5322bbae8ad
* 3f11494fd12bc076 d4a7da3050fe109d 2074db09cc6a93b4
* 745479522558379e a0ddfa74f86c9e9e a22c3b0e93d51447
* 0feb38105dd35395 63b91ee32776f40c 67b2a175690f7abb
* 25#)
* (p #0b73c990eeda0a2a 2c26416052c85560 0c5c0f5ce86a8326
* 166acea91786237a 7ff884e66dbfdd3a ab9d9801414c1506
* 8b#)
* (q #1b81c19a62802a41 9c99283331b0badb 08eb0c25ffce0fbf
* 50017850036f32f3 2132a845b91a5236 61f7b451d587383f
* e1#)
* (a #0a912fc93a6cca6b 3521725a3065b3be 3c9745e29c93303d
* 7d29316c6cafa4a2 89945f964fcdea59 1f9d248b0b6734be
* c9#)
* (b #1658eca933251813 1eb19c77aba13d73 e0b8f4ce986d7615
* 764c6b0b03c18146 46b7f332c43e05c5 351e09006979ca5b
* 05#)
* (c #0114720dace7b27f 2bf2850c1804869f 79a0aad0ec02e6b4
* 05e1831619db2f10 bb9b6a8fd5c95df2 eb78f303ea0c0cc8
* 06#)))
*/
mpz_set_str(pub.n,
"013b04440e3eef25" "d51c738d508a7fa8" "b3445180c342af0f"
"4cb5a789047300e2" "cfc5c5450974cfc2" "448aeaaa7f43c374"
"c9a3b038b181f2d1" "0f1a2327fd2c087b" "a49bf1086969fd2c"
"d1df3fd69f81fa4b" "162cc8bbb363fc95" "b7b24b9c53d0c67e"
"f52b", 16);
mpz_set_str(pub.e, "3f1a012d", 16);
if (!rsa_public_key_prepare(&pub))
FAIL();
#if 0
mpz_set_str(key.d,
"f9bae89dacca6cca" "c21e0412b4df8355" "6fe7c5322bbae8ad"
"3f11494fd12bc076" "d4a7da3050fe109d" "2074db09cc6a93b4"
"745479522558379e" "a0ddfa74f86c9e9e" "a22c3b0e93d51447"
"0feb38105dd35395" "63b91ee32776f40c" "67b2a175690f7abb"
"25", 16);
#endif
mpz_set_str(key.p,
"0b73c990eeda0a2a" "2c26416052c85560" "0c5c0f5ce86a8326"
"166acea91786237a" "7ff884e66dbfdd3a" "ab9d9801414c1506"
"8b", 16);
mpz_set_str(key.q,
"1b81c19a62802a41" "9c99283331b0badb" "08eb0c25ffce0fbf"
"50017850036f32f3" "2132a845b91a5236" "61f7b451d587383f"
"e1", 16);
mpz_set_str(key.a,
"0a912fc93a6cca6b" "3521725a3065b3be" "3c9745e29c93303d"
"7d29316c6cafa4a2" "89945f964fcdea59" "1f9d248b0b6734be"
"c9", 16);
mpz_set_str(key.b,
"1658eca933251813" "1eb19c77aba13d73" "e0b8f4ce986d7615"
"764c6b0b03c18146" "46b7f332c43e05c5" "351e09006979ca5b"
"05", 16);
mpz_set_str(key.c,
"0114720dace7b27f" "2bf2850c1804869f" "79a0aad0ec02e6b4"
"05e1831619db2f10" "bb9b6a8fd5c95df2" "eb78f303ea0c0cc8"
"06", 16);
if (!rsa_private_key_prepare(&key))
FAIL();
if (pub.size != key.size)
FAIL();
/* Test md5 signatures */
mpz_set_str(expected,
"011b939f6fbacf7f" "7d3217b022d07477" "e582e34d4bbddd4c"
"31520647417fc8a6" "18b2e196d799cedd" "d8f5c062fd796b0f"
"72ab46db2ac6ec74" "39d856be3f746cc4" "3e0a15429954736a"
"60a8b3c6ea93d2cb" "c69085c307d72517" "07d43bf97a3b51eb"
"9e89", 16);
test_rsa_md5(&pub, &key, expected);
/* Test sha1 signature */
mpz_set_str(expected,
"648c49e0ed045547" "08381d0bcd03b7bd" "b0f80a0e9030525d"
"234327a1c96b8660" "f1c01c6f15ae76d0" "4f53a53806b7e4db"
"1f789e6e89b538f6" "88fcbd2caa6abef0" "5432d52f3de463a4"
"a9e6de94f1b7bb68" "3c07edf0924fc93f" "56e1a0dba8f7491c"
"5c", 16);
test_rsa_sha1(&pub, &key, expected);
mpz_set_str(expected,
"d759bb28b4d249a2" "f8b67bdbb1ab7f50" "c88712fbcabc2956"
"1ec6ca3f8fdafe7a" "38433d7da287b8f7" "87857274c1640b2b"
"e652cd89c501d570" "3980a0af5c6bb60c" "f84feab25b099d06"
"e2519accb73dac43" "fb8bdad28835f3bd" "84c43678fe2ef41f"
"af", 16);
test_rsa_sha256(&pub, &key, expected);
rsa_private_key_clear(&key);
rsa_public_key_clear(&pub);
mpz_clear(expected);
SUCCESS();
}
static void *
bench_rsa_init (unsigned size)
{
unsigned char rsa1024[] =
"{KDExOnByaXZhdGUta2V5KDE0OnJzYS1wa2NzMS1zaGExKDE6bjEyOToA90+K5EmjbFJBeJD"
" xP2KD2Df+0Twc9425uB+vhqTrVijtd2PnwEQDfR2VoducgkKcXJzYYyCNILQJbFAi2Km/sD"
" jImERBqDtaI217Ze+tOKEmImexYTAgFuqEptp2F3M4DqgRQ7s/3nJQ/bPE5Hfi1OZhJSShu"
" I80ATTU4fUgrPspKDE6ZTM6AQABKSgxOmQxMjk6APAhKckzvxxkWfHJOpXDACWnaSKcbbvo"
" vtWK3pGr/F2ya7CrLtE+uOx5F1sLs9G+/7flCy5k4uNILIYg4VTirZ1zQ8fNKPrjK1VMRls"
" JiRRU/0VAs9d7HdncJfs6rbvRQbCRSRYURo4hWir3Lq8V3UUQVBprc4dO+uWmplvwQ5qxKS"
" gxOnA2NToA+8aIVkdbk8Jg8dJOuzc7m/hZnwkKSs6eVDw4N/2T0CJKGJYT+B3Ct+fPkxhUR"
" ggd2DQ9OpkTra7SXHTNkzdPVSkoMTpxNjU6APt11P8vXNnGYF0OC/cPsR8zhSYuFmtRuX6G"
" ES+DdG0VCU07UeNQkok1UoW5sXqY0IGr1jkJq8AMSgKoNbLQ6w8pKDE6YTY0Ohzkxsan/8F"
" wQDHgQbrIduXKVXaj0fONzKu8EXOTfUAYf0pdBsOlnq/+QVsPIrS6v7oNHK253YFEG84SdX"
" kcktUpKDE6YjY1OgCR+cRtY3RWY+f6/TWK9gwPndv03xpasLWrMm71ky1aSbT9pasS9+opR"
" tAiGzthfSbFsBiLQgb3VOr+AeIybT+XKSgxOmM2NDojigqARWN5u1CVDVuD2L2ManpoGiM6"
" kQ6FaJjqRjxeRRKFrQxGJa9tM1hqStxokC1oJidgaOLGnn60iwzToug9KSkp}";
unsigned char rsa2048[] =
"{KDExOnByaXZhdGUta2V5KDE0OnJzYS1wa2NzMS1zaGExKDE6bjI1NzoAtxWXiglIdunDK48"
" 8I0vW0wTqnh/riW9pLk8n1F8MUPBFdhvkkl0bDQqSJPUvSHy+w4fLVwcEzeI4qFyo3b2Avz"
" JK20MFbt/WfHD1TbxuK8rNqXyqmqjJ9vgjtV9nPzAz7CM9ogs3/RJHpcfZPQF15ifizleUZ"
" aQT0GAXHZL7cePj10yGI2u3hgTkokVzdNC/1T34guKYpErg0pt0B/KejWpsFTb84z3tkR+B"
" YVx07p/OoByZwoABgncS/uALl31fRS8jyJ2JqUiZOqe7XoO9hkDHYNCWUGUfNGQ7ZgVp9+e"
" NQpracSjrp6Jnrj7r/oxJUx5ZDVNi18AzQadE/oKOrSkoMTplMzoBAAEpKDE6ZDI1NjogBT"
" C5vaHk2kF+LtDvw2XRBj0aZq7FHK0ioklvBSicR0l+vKYfSxVeFIk22YLphJfAjtFraRjYA"
" Uaze3E1Rt1rkxoweupKV++lWAQvElOaaR/LErirz/Vysjdck1D1ZjLOi+NNofSq2DWbsvY1"
" iznZhQRP3lVf6XBls0iXrYs4gb0pBZqXLQW+j9Ihx6eantf1/6ZMKPgCkzcAZ0ABsCfaFSg"
" ouNCzilblsgFEspEbb8QqrNQoStS3F/gMwWgDsr3+vQzBqt+7ykWoCJ9wctbYy9kEPq+hX3"
" GP0hG6HdS81r9E8pgdf3wloNNMzYUHwn7poXGpOi8tG0pmR56TqD/BKSgxOnAxMjk6AN4AJ"
" TiGPm9We2ga3Y0jpTfA3mWpUbhYgaXYLWA1/riniwq16fqxRIkWQT/O2KKpBVe6WSvNYq9u"
" lM8N6bdPtDytJs6AOXy0X5vtJ953ZYVMhHbhmUxhIL9I+s0O1+LxMF8b9U4CrFyaTxd8Un/"
" FXP1BvYJRrkoup6HYvOlGx36lKSgxOnExMjk6ANMfrfH6z/3o7K56aW6kSiloDDbKZQ0+W5"
" 8LzP2ZOBLf6LX6jLhN3olU1Z0KGTM0S/1AxvwGjuRqhu+LcOJ7oUCUH3uusR5c5nSnArYPq"
" +0wbco4BQngot/HmGN7U0EDsIWqPt/qoa/b8bCk+TOwJlknNq/PnZU26SPj48XS05lpKSgx"
" OmExMjk6AJM2n3gLNW3ZeH5BindkktQU9qWNkV5geqDCaNyrEZ3bpI1WsrEGSj9p3Zz1ipz"
" a3msdbLJqQS26c72WKUzg8tFltR0s1HJInjolGtIgdNbfNdwrn9+RbQjL2VyPokOg0wXO4W"
" 14wlmqDhax33dRJmfe50964MvaglkGA8fhorrtKSgxOmIxMjk6AKMe+vrX2xRHf3dfxU5jS"
" ZmsdqNuxZzx7UB5kazvUU/kCJ1yNH/CSoq5LULkpovVgFDwV84qEwWQ+SjkCBg1hWWsDJc3"
" ZkobZUQENigM+72LiYiQt/PlyHI2eRuEEdNN0nm0DFhdpQeHXLoq/RBerYJ8tdgpBYxgnMn"
" KLhaOykbhKSgxOmMxMjg6MVlKj2bjb7qFQVkLO1OPg28jSrtRpnQCR+qegN4ZmNam/qbest"
" 8yn0JQ6gxX7PvP382+jx7uHHWHYYqPq/Flf8gqtOOcjqS5TJgVHz3F3xHWquo1ZofGtCMro"
" Dd2c0xjRjIVGvLV6Ngs+HRdljRav40vRpTyEoEdlzHBQiILesopKSk=}";
struct rsa_ctx *ctx;
struct sexp_iterator i;
int res;
ctx = xalloc(sizeof(*ctx));
rsa_public_key_init (&ctx->pub);
rsa_private_key_init (&ctx->key);
mpz_init (ctx->s);
knuth_lfib_init (&ctx->lfib, 1);
/* NOTE: Base64-decodes the strings in-place */
if (size == 1024)
res = sexp_transport_iterator_first (&i, sizeof(rsa1024) - 1, rsa1024);
else if (size == 2048)
res = sexp_transport_iterator_first (&i, sizeof(rsa2048) - 1, rsa2048);
else
die ("Internal error.\n");
if (! (res
&& sexp_iterator_check_type (&i, "private-key")
&& sexp_iterator_check_type (&i, "rsa-pkcs1-sha1")
&& rsa_keypair_from_sexp_alist (&ctx->pub, &ctx->key, 0, &i)))
die ("Internal error.\n");
ctx->digest = hash_string (&nettle_sha256, "foo");
rsa_sha256_sign_digest (&ctx->key, ctx->digest, ctx->s);
return ctx;
}
int
main(int argc, char **argv)
{
struct rsa_session ctx;
struct rsa_session_info info;
struct rsa_public_key key;
mpz_t x;
int c;
const char *random_name = NULL;
enum { OPT_HELP = 300 };
static const struct option options[] =
{
/* Name, args, flag, val */
{ "help", no_argument, NULL, OPT_HELP },
{ "random", required_argument, NULL, 'r' },
{ NULL, 0, NULL, 0}
};
while ( (c = getopt_long(argc, argv, "o:r:", options, NULL)) != -1)
switch (c)
{
case 'r':
random_name = optarg;
break;
case '?':
return EXIT_FAILURE;
case OPT_HELP:
usage(stdout);
return EXIT_SUCCESS;
default:
abort();
}
argv += optind;
argc -= optind;
if (argc != 1)
{
usage (stderr);
return EXIT_FAILURE;
}
rsa_public_key_init(&key);
if (!read_rsa_key(argv[0], &key, NULL))
{
werror("Invalid key\n");
return EXIT_FAILURE;
}
/* NOTE: No sources */
yarrow256_init(&ctx.yarrow, 0, NULL);
/* Read some data to seed the generator */
if (!simple_random(&ctx.yarrow, random_name))
{
werror("Initialization of randomness generator failed.\n");
return EXIT_FAILURE;
}
WRITE_UINT32(SESSION_VERSION(&info), RSA_VERSION);
yarrow256_random(&ctx.yarrow, sizeof(info.key) - 4, info.key + 4);
rsa_session_set_encrypt_key(&ctx, &info);
#ifdef WIN32
_setmode(0, O_BINARY);
_setmode(1, O_BINARY);
#endif
write_version(stdout);
mpz_init(x);
if (!rsa_encrypt(&key,
&ctx.yarrow, (nettle_random_func *) yarrow256_random,
sizeof(info.key), info.key,
x))
{
werror("RSA encryption failed.\n");
return EXIT_FAILURE;
}
write_bignum(stdout, x);
mpz_clear (x);
if (!process_file(&ctx,
stdin, stdout))
return EXIT_FAILURE;
rsa_public_key_clear(&key);
return EXIT_SUCCESS;
}
static int
wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo,
unsigned int level /*bits */ ,
gnutls_pk_params_st * params)
{
int ret;
unsigned int i, q_bits;
memset(params, 0, sizeof(*params));
switch (algo)
{
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
struct dsa_private_key priv;
dsa_public_key_init (&pub);
dsa_private_key_init (&priv);
/* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
* but we do NIST DSA here */
if (level <= 1024)
q_bits = 160;
else
q_bits = 256;
ret =
dsa_generate_keypair (&pub, &priv, NULL,
rnd_func, NULL, NULL, level, q_bits);
if (ret != 1)
{
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto dsa_fail;
}
params->params_nr = 0;
for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
{
params->params[i] = _gnutls_mpi_alloc_like (&pub.p);
if (params->params[i] == NULL)
{
ret = GNUTLS_E_MEMORY_ERROR;
goto dsa_fail;
}
params->params_nr++;
}
ret = 0;
_gnutls_mpi_set (params->params[0], pub.p);
_gnutls_mpi_set (params->params[1], pub.q);
_gnutls_mpi_set (params->params[2], pub.g);
_gnutls_mpi_set (params->params[3], pub.y);
_gnutls_mpi_set (params->params[4], priv.x);
dsa_fail:
dsa_private_key_clear (&priv);
dsa_public_key_clear (&pub);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_RSA:
{
struct rsa_public_key pub;
struct rsa_private_key priv;
rsa_public_key_init (&pub);
rsa_private_key_init (&priv);
_gnutls_mpi_set_ui (&pub.e, 65537);
ret =
rsa_generate_keypair (&pub, &priv, NULL,
rnd_func, NULL, NULL, level, 0);
if (ret != 1)
{
gnutls_assert ();
ret = GNUTLS_E_INTERNAL_ERROR;
goto rsa_fail;
}
params->params_nr = 0;
for (i = 0; i < RSA_PRIVATE_PARAMS; i++)
{
params->params[i] = _gnutls_mpi_alloc_like (&pub.n);
if (params->params[i] == NULL)
{
ret = GNUTLS_E_MEMORY_ERROR;
goto rsa_fail;
}
params->params_nr++;
}
ret = 0;
_gnutls_mpi_set (params->params[0], pub.n);
_gnutls_mpi_set (params->params[1], pub.e);
_gnutls_mpi_set (params->params[2], priv.d);
_gnutls_mpi_set (params->params[3], priv.p);
_gnutls_mpi_set (params->params[4], priv.q);
_gnutls_mpi_set (params->params[5], priv.c);
_gnutls_mpi_set (params->params[6], priv.a);
_gnutls_mpi_set (params->params[7], priv.b);
rsa_fail:
rsa_private_key_clear (&priv);
rsa_public_key_clear (&pub);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_EC:
{
ecc_key key;
ecc_set_type tls_ecc_set;
const gnutls_ecc_curve_entry_st *st;
st = _gnutls_ecc_curve_get_params(level);
if (st == NULL)
return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
tls_ecc_set.size = st->size;
tls_ecc_set.prime = st->prime;
tls_ecc_set.order = st->order;
tls_ecc_set.Gx = st->Gx;
tls_ecc_set.Gy = st->Gy;
tls_ecc_set.A = st->A;
tls_ecc_set.B = st->B;
ret = ecc_make_key(NULL, rnd_func, &key, &tls_ecc_set, st->id);
if (ret != 0)
return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);
params->params_nr = 0;
for (i = 0; i < ECC_PRIVATE_PARAMS; i++)
{
params->params[i] = _gnutls_mpi_alloc_like(&key.prime);
if (params->params[i] == NULL)
{
ret = GNUTLS_E_MEMORY_ERROR;
goto ecc_fail;
}
params->params_nr++;
}
params->flags = level;
mpz_set(TOMPZ(params->params[ECC_PRIME]), key.prime);
mpz_set(TOMPZ(params->params[ECC_ORDER]), key.order);
mpz_set(TOMPZ(params->params[ECC_A]), key.A);
mpz_set(TOMPZ(params->params[ECC_B]), key.B);
mpz_set(TOMPZ(params->params[ECC_GX]), key.Gx);
mpz_set(TOMPZ(params->params[ECC_GY]), key.Gy);
mpz_set(TOMPZ(params->params[ECC_X]), key.pubkey.x);
mpz_set(TOMPZ(params->params[ECC_Y]), key.pubkey.y);
mpz_set(TOMPZ(params->params[ECC_K]), key.k);
ecc_fail:
ecc_free(&key);
if (ret < 0)
goto fail;
break;
}
default:
gnutls_assert ();
return GNUTLS_E_INVALID_REQUEST;
}
return 0;
fail:
for (i = 0; i < params->params_nr; i++)
{
_gnutls_mpi_release (¶ms->params[i]);
}
params->params_nr = 0;
return ret;
}
void
test_main(void)
{
struct rsa_public_key pub;
struct rsa_private_key key;
struct knuth_lfib_ctx lfib;
/* FIXME: How is this spelled? */
const uint8_t *msg = "Squemish ossifrage";
size_t msg_length;
uint8_t *decrypted;
size_t decrypted_length;
uint8_t after;
mpz_t gibberish;
rsa_private_key_init(&key);
rsa_public_key_init(&pub);
mpz_init(gibberish);
knuth_lfib_init(&lfib, 17);
test_rsa_set_key_1(&pub, &key);
msg_length = strlen(msg);
if (verbose)
fprintf(stderr, "msg: `%s', length = %d\n", msg, (int) msg_length);
ASSERT(rsa_encrypt(&pub,
&lfib, (nettle_random_func *) knuth_lfib_random,
msg_length, msg,
gibberish));
if (verbose)
{
fprintf(stderr, "encrypted: ");
mpz_out_str(stderr, 10, gibberish);
}
decrypted = xalloc(msg_length + 1);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length - 1;
ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
decrypted_length = msg_length;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = key.size;
ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
knuth_lfib_random (&lfib, msg_length + 1, decrypted);
after = decrypted[msg_length];
decrypted_length = msg_length;
ASSERT(rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
ASSERT(decrypted_length == msg_length);
ASSERT(MEMEQ(msg_length, msg, decrypted));
ASSERT(decrypted[msg_length] == after);
/* Test invalid key. */
mpz_add_ui (key.q, key.q, 2);
decrypted_length = key.size;
ASSERT(!rsa_decrypt_tr(&pub, &key,
&lfib, (nettle_random_func *) knuth_lfib_random,
&decrypted_length, decrypted, gibberish));
rsa_private_key_clear(&key);
rsa_public_key_clear(&pub);
mpz_clear(gibberish);
free(decrypted);
}
static int
wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
unsigned int level /*bits */ ,
gnutls_pk_params_st * params)
{
int ret;
unsigned int i, q_bits;
memset(params, 0, sizeof(*params));
switch (algo) {
case GNUTLS_PK_DSA:
{
struct dsa_public_key pub;
struct dsa_private_key priv;
dsa_public_key_init(&pub);
dsa_private_key_init(&priv);
/* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
* but we do NIST DSA here */
if (level <= 1024)
q_bits = 160;
else
q_bits = 256;
ret =
dsa_generate_keypair(&pub, &priv, NULL,
rnd_func, NULL, NULL,
level, q_bits);
if (ret != 1) {
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
goto dsa_fail;
}
params->params_nr = 0;
for (i = 0; i < DSA_PRIVATE_PARAMS; i++) {
params->params[i] =
_gnutls_mpi_alloc_like(&pub.p);
if (params->params[i] == NULL) {
ret = GNUTLS_E_MEMORY_ERROR;
goto dsa_fail;
}
params->params_nr++;
}
ret = 0;
_gnutls_mpi_set(params->params[0], pub.p);
_gnutls_mpi_set(params->params[1], pub.q);
_gnutls_mpi_set(params->params[2], pub.g);
_gnutls_mpi_set(params->params[3], pub.y);
_gnutls_mpi_set(params->params[4], priv.x);
dsa_fail:
dsa_private_key_clear(&priv);
dsa_public_key_clear(&pub);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_RSA:
{
struct rsa_public_key pub;
struct rsa_private_key priv;
rsa_public_key_init(&pub);
rsa_private_key_init(&priv);
_gnutls_mpi_set_ui(&pub.e, 65537);
ret =
rsa_generate_keypair(&pub, &priv, NULL,
rnd_func, NULL, NULL,
level, 0);
if (ret != 1) {
gnutls_assert();
ret = GNUTLS_E_INTERNAL_ERROR;
goto rsa_fail;
}
params->params_nr = 0;
for (i = 0; i < RSA_PRIVATE_PARAMS; i++) {
params->params[i] =
_gnutls_mpi_alloc_like(&pub.n);
if (params->params[i] == NULL) {
ret = GNUTLS_E_MEMORY_ERROR;
goto rsa_fail;
}
params->params_nr++;
}
ret = 0;
_gnutls_mpi_set(params->params[0], pub.n);
_gnutls_mpi_set(params->params[1], pub.e);
_gnutls_mpi_set(params->params[2], priv.d);
_gnutls_mpi_set(params->params[3], priv.p);
_gnutls_mpi_set(params->params[4], priv.q);
_gnutls_mpi_set(params->params[5], priv.c);
_gnutls_mpi_set(params->params[6], priv.a);
_gnutls_mpi_set(params->params[7], priv.b);
rsa_fail:
rsa_private_key_clear(&priv);
rsa_public_key_clear(&pub);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_EC:
{
struct ecc_scalar key;
struct ecc_point pub;
const struct ecc_curve *curve;
curve = get_supported_curve(level);
if (curve == NULL)
return
gnutls_assert_val
(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
ecc_scalar_init(&key, curve);
ecc_point_init(&pub, curve);
ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);
params->params[ECC_X] = _gnutls_mpi_new(0);
params->params[ECC_Y] = _gnutls_mpi_new(0);
params->params[ECC_K] = _gnutls_mpi_new(0);
if (params->params[ECC_X] == NULL
|| params->params[ECC_Y] == NULL
|| params->params[ECC_K] == NULL) {
_gnutls_mpi_release(¶ms->
params[ECC_X]);
_gnutls_mpi_release(¶ms->
params[ECC_Y]);
_gnutls_mpi_release(¶ms->
params[ECC_K]);
goto ecc_cleanup;
}
params->flags = level;
params->params_nr = ECC_PRIVATE_PARAMS;
ecc_point_get(&pub, TOMPZ(params->params[ECC_X]),
TOMPZ(params->params[ECC_Y]));
ecc_scalar_get(&key, TOMPZ(params->params[ECC_K]));
ecc_cleanup:
ecc_point_clear(&pub);
ecc_scalar_clear(&key);
break;
}
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
return 0;
fail:
for (i = 0; i < params->params_nr; i++) {
_gnutls_mpi_release(¶ms->params[i]);
}
params->params_nr = 0;
return ret;
}
/* To generate a DH key either q must be set in the params or
* level should be set to the number of required bits.
*/
static int
wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
unsigned int level /*bits */ ,
gnutls_pk_params_st * params)
{
int ret;
unsigned int i;
switch (algo) {
case GNUTLS_PK_DSA:
#ifdef ENABLE_FIPS140
{
struct dsa_public_key pub;
struct dsa_private_key priv;
if (params->params[DSA_Q] == NULL)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
_dsa_params_to_pubkey(params, &pub);
dsa_private_key_init(&priv);
mpz_init(pub.y);
ret =
dsa_generate_dss_keypair(&pub, &priv,
NULL, rnd_func,
NULL, NULL);
if (ret != 1) {
gnutls_assert();
ret = GNUTLS_E_PK_GENERATION_ERROR;
goto dsa_fail;
}
ret = _gnutls_mpi_init_multi(¶ms->params[DSA_Y], ¶ms->params[DSA_X], NULL);
if (ret < 0) {
gnutls_assert();
goto dsa_fail;
}
mpz_set(TOMPZ(params->params[DSA_Y]), pub.y);
mpz_set(TOMPZ(params->params[DSA_X]), priv.x);
params->params_nr += 2;
dsa_fail:
dsa_private_key_clear(&priv);
mpz_clear(pub.y);
if (ret < 0)
goto fail;
break;
}
#endif
case GNUTLS_PK_DH:
{
struct dsa_public_key pub;
mpz_t r;
mpz_t x, y;
int max_tries;
unsigned have_q = 0;
if (algo != params->algo)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
_dsa_params_to_pubkey(params, &pub);
if (params->params[DSA_Q] != NULL)
have_q = 1;
/* This check is for the case !ENABLE_FIPS140 */
if (algo == GNUTLS_PK_DSA && have_q == 0)
return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
mpz_init(r);
mpz_init(x);
mpz_init(y);
max_tries = 3;
do {
if (have_q) {
mpz_set(r, pub.q);
mpz_sub_ui(r, r, 2);
nettle_mpz_random(x, NULL, rnd_func, r);
mpz_add_ui(x, x, 1);
} else {
unsigned size = mpz_sizeinbase(pub.p, 2);
if (level == 0)
level = MIN(size, DH_EXPONENT_SIZE(size));
nettle_mpz_random_size(x, NULL, rnd_func, level);
if (level >= size)
mpz_mod(x, x, pub.p);
}
mpz_powm(y, pub.g, x, pub.p);
max_tries--;
if (max_tries <= 0) {
gnutls_assert();
ret = GNUTLS_E_RANDOM_FAILED;
goto dh_fail;
}
} while(mpz_cmp_ui(y, 1) == 0);
ret = _gnutls_mpi_init_multi(¶ms->params[DSA_Y], ¶ms->params[DSA_X], NULL);
if (ret < 0) {
gnutls_assert();
goto dh_fail;
}
mpz_set(TOMPZ(params->params[DSA_Y]), y);
mpz_set(TOMPZ(params->params[DSA_X]), x);
params->params_nr += 2;
ret = 0;
dh_fail:
mpz_clear(r);
mpz_clear(x);
mpz_clear(y);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_RSA:
{
struct rsa_public_key pub;
struct rsa_private_key priv;
rsa_public_key_init(&pub);
rsa_private_key_init(&priv);
mpz_set_ui(pub.e, 65537);
#ifdef ENABLE_FIPS140
ret =
rsa_generate_fips186_4_keypair(&pub, &priv, NULL,
rnd_func, NULL, NULL,
level);
#else
ret =
rsa_generate_keypair(&pub, &priv, NULL,
rnd_func, NULL, NULL,
level, 0);
#endif
if (ret != 1) {
gnutls_assert();
ret = GNUTLS_E_PK_GENERATION_ERROR;
goto rsa_fail;
}
params->params_nr = 0;
for (i = 0; i < RSA_PRIVATE_PARAMS; i++) {
ret = _gnutls_mpi_init(¶ms->params[i]);
if (ret < 0) {
gnutls_assert();
goto rsa_fail;
}
params->params_nr++;
}
mpz_set(TOMPZ(params->params[0]), pub.n);
mpz_set(TOMPZ(params->params[1]), pub.e);
mpz_set(TOMPZ(params->params[2]), priv.d);
mpz_set(TOMPZ(params->params[3]), priv.p);
mpz_set(TOMPZ(params->params[4]), priv.q);
mpz_set(TOMPZ(params->params[5]), priv.c);
mpz_set(TOMPZ(params->params[6]), priv.a);
mpz_set(TOMPZ(params->params[7]), priv.b);
ret = 0;
rsa_fail:
rsa_private_key_clear(&priv);
rsa_public_key_clear(&pub);
if (ret < 0)
goto fail;
break;
}
case GNUTLS_PK_EC:
{
struct ecc_scalar key;
struct ecc_point pub;
const struct ecc_curve *curve;
curve = get_supported_curve(level);
if (curve == NULL)
return
gnutls_assert_val
(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
ecc_scalar_init(&key, curve);
ecc_point_init(&pub, curve);
ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);
ret = _gnutls_mpi_init_multi(¶ms->params[ECC_X], ¶ms->params[ECC_Y],
¶ms->params[ECC_K], NULL);
if (ret < 0) {
gnutls_assert();
goto ecc_fail;
}
params->flags = level;
params->params_nr = ECC_PRIVATE_PARAMS;
ecc_point_get(&pub, TOMPZ(params->params[ECC_X]),
TOMPZ(params->params[ECC_Y]));
ecc_scalar_get(&key, TOMPZ(params->params[ECC_K]));
ret = 0;
ecc_fail:
ecc_point_clear(&pub);
ecc_scalar_clear(&key);
if (ret < 0)
goto fail;
break;
}
default:
gnutls_assert();
return GNUTLS_E_INVALID_REQUEST;
}
FAIL_IF_LIB_ERROR;
return 0;
fail:
for (i = 0; i < params->params_nr; i++) {
_gnutls_mpi_release(¶ms->params[i]);
}
params->params_nr = 0;
FAIL_IF_LIB_ERROR;
return ret;
}
int main(int argc, char **argv)
{
FILE *input = stdin;
RSA *openssl_key = NULL;
struct rsa_private_key *nettle_key = NULL;
struct rsa_public_key *nettle_pub_key = NULL;
struct nettle_buffer *sexp_buffer = NULL;
OpenSSL_add_all_algorithms();
openssl_key = PEM_read_RSAPrivateKey(input, NULL, NULL, NULL);
if(!openssl_key)
{
fprintf(stderr, "OpenSSL failed to read key: %s\n", ERR_error_string(ERR_get_error(), NULL));
return 1;
}
# ifdef DEBUG
fprintf(stderr, "OpenSSL RSA private key:\n");
fprintf(stderr, "\tPrivate Exponent: %s\n", BN_bn2hex(openssl_key->d)); // d
fprintf(stderr, "\tPrime 1: %s\n", BN_bn2hex(openssl_key->p)); // p
fprintf(stderr, "\tPrime 2: %s\n", BN_bn2hex(openssl_key->q)); // q
fprintf(stderr, "\tExponent 1: %s\n", BN_bn2hex(openssl_key->dmp1)); // a
fprintf(stderr, "\tExponent 2: %s\n", BN_bn2hex(openssl_key->dmq1)); // b
fprintf(stderr, "\tCoefficient: %s\n", BN_bn2hex(openssl_key->iqmp)); // c
# endif
nettle_key = (struct rsa_private_key*)malloc(sizeof(struct rsa_private_key));
if(!nettle_key)
{
fprintf(stderr, "Failed to malloc %zu bytes\n", sizeof(struct rsa_private_key));
return 4;
}
rsa_private_key_init(nettle_key);
mpz_set_str(nettle_key->d, BN_bn2hex(openssl_key->d), 16);
mpz_set_str(nettle_key->p, BN_bn2hex(openssl_key->p), 16);
mpz_set_str(nettle_key->q, BN_bn2hex(openssl_key->q), 16);
mpz_set_str(nettle_key->a, BN_bn2hex(openssl_key->dmp1), 16);
mpz_set_str(nettle_key->b, BN_bn2hex(openssl_key->dmq1), 16);
mpz_set_str(nettle_key->c, BN_bn2hex(openssl_key->iqmp), 16);
if(rsa_private_key_prepare(nettle_key) != 1)
{
fprintf(stderr, "Nettle failed to prepare key\n");
return 2;
}
# ifdef DEBUG
fprintf(stderr, "\tPrivate Exponent: %s\n", mpz_get_str(NULL, 16, nettle_key->d)); // d
fprintf(stderr, "\tPrime 1: %s\n", mpz_get_str(NULL, 16, nettle_key->p)); // p
fprintf(stderr, "\tPrime 2: %s\n", mpz_get_str(NULL, 16, nettle_key->q)); // q
fprintf(stderr, "\tExponent 1: %s\n", mpz_get_str(NULL, 16, nettle_key->a)); // a
fprintf(stderr, "\tExponent 2: %s\n", mpz_get_str(NULL, 16, nettle_key->b)); // b
fprintf(stderr, "\tCoefficient: %s\n", mpz_get_str(NULL, 16, nettle_key->c)); // c
# endif
nettle_pub_key = (struct rsa_public_key*)malloc(sizeof(struct rsa_public_key));
if(!nettle_pub_key)
{
fprintf(stderr, "Failed to malloc %zu bytes\n", sizeof(struct rsa_public_key));
return 4;
}
rsa_public_key_init(nettle_pub_key);
mpz_set_str(nettle_pub_key->n, BN_bn2hex(openssl_key->n), 16);
mpz_set_str(nettle_pub_key->e, BN_bn2hex(openssl_key->e), 16);
if(rsa_public_key_prepare(nettle_pub_key) != 1)
{
fprintf(stderr, "Nettle failed to prepare public key\n");
return 2;
}
sexp_buffer = (struct nettle_buffer*)malloc(sizeof(struct nettle_buffer));
if(!sexp_buffer)
{
fprintf(stderr, "Failed to malloc %zu bytes\n", sizeof(struct nettle_buffer));
return 4;
}
nettle_buffer_init(sexp_buffer);
if(rsa_keypair_to_sexp(sexp_buffer, NULL, nettle_pub_key, nettle_key) == 0)
{
fprintf(stderr, "Nettle failed to export key to sexp\n");
return 3;
}
size_t bytes_written = fwrite(sexp_buffer->contents, 1, sexp_buffer->size, stdout);
if(bytes_written < sexp_buffer->size)
{
fprintf(stderr, "Failed to write sexp to stdout\n");
return 5;
}
return 0;
}
int
test_main(void)
{
struct rsa_public_key pub;
struct rsa_private_key priv;
struct nettle_buffer buffer;
rsa_public_key_init(&pub);
rsa_private_key_init(&priv);
mpz_set_str(pub.n,
"085c3408989acae4faec3cbbad91c90d34c1d259cd74121a"
"36f38b0b51424a9b2be514a04377113a6cdafe79dd7d5f2e"
"cc8b5e9661189b86a7b22239907c25", 16);
mpz_set_str(pub.e, "36ad4b1d", 16);
ASSERT(rsa_public_key_prepare(&pub));
mpz_set_str(priv.d,
"06ee6d4ff3c239e408150daf8117abfa36a40ad4455d9059"
"a86d52f33a2de07418a0a699594588c64810248c9412d554"
"f74af947c73c32007e87c92f0937ed", 16);
mpz_set_str(priv.p,
"03259879b24315e9cf14254824c7935d807cdb6990f414a0"
"f65e6065130a611f", 16);
mpz_set_str(priv.q,
"02a81ba73bad45fc73b36deffce52d1b73e0747f4d8a8264"
"8cecd310448ea63b", 16);
mpz_set_str(priv.a,
"026cbdad5dd0046e093f060ecd5b4ac918e098b0278bb752"
"b7cadd6a8944f0b9", 16);
mpz_set_str(priv.b,
"0148751e622d6d58e3bb094afd6edacf7370351d068e2ce9"
"f565c5528c4a7473", 16);
mpz_set_str(priv.c,
"f8a458ea73a018dc6fa56863e3bc6de405f364f77dee6f09"
"62679ea1a8282e", 16);
ASSERT(rsa_private_key_prepare(&priv));
nettle_buffer_init(&buffer);
ASSERT(rsa_keypair_to_sexp(&buffer, "rsa", &pub, &priv));
if (verbose)
{
printf("private:");
print_hex(buffer.size, buffer.contents);
}
ASSERT(MEMEQH(buffer.size, buffer.contents,
"2831313a707269766174652d6b657928"
"333a72736128313a6e36333a085c3408"
"989acae4faec3cbbad91c90d34c1d259"
"cd74121a36f38b0b51424a9b2be514a0"
"4377113a6cdafe79dd7d5f2ecc8b5e96"
"61189b86a7b22239907c252928313a65"
"343a36ad4b1d2928313a6436333a06ee"
"6d4ff3c239e408150daf8117abfa36a4"
"0ad4455d9059a86d52f33a2de07418a0"
"a699594588c64810248c9412d554f74a"
"f947c73c32007e87c92f0937ed292831"
"3a7033323a03259879b24315e9cf1425"
"4824c7935d807cdb6990f414a0f65e60"
"65130a611f2928313a7133323a02a81b"
"a73bad45fc73b36deffce52d1b73e074"
"7f4d8a82648cecd310448ea63b292831"
"3a6133323a026cbdad5dd0046e093f06"
"0ecd5b4ac918e098b0278bb752b7cadd"
"6a8944f0b92928313a6233323a014875"
"1e622d6d58e3bb094afd6edacf737035"
"1d068e2ce9f565c5528c4a7473292831"
"3a6333323a00f8a458ea73a018dc6fa5"
"6863e3bc6de405f364f77dee6f096267"
"9ea1a8282e292929"));
nettle_buffer_clear(&buffer);
ASSERT(rsa_keypair_to_sexp(&buffer, NULL, &pub, NULL));
if (verbose)
{
printf("public:");
print_hex(buffer.size, buffer.contents);
}
ASSERT(MEMEQH(buffer.size, buffer.contents,
"2831303a7075626c69632d6b65792839"
"3a7273612d706b63733128313a6e3633"
"3a085c3408989acae4faec3cbbad91c9"
"0d34c1d259cd74121a36f38b0b51424a"
"9b2be514a04377113a6cdafe79dd7d5f"
"2ecc8b5e9661189b86a7b22239907c25"
"2928313a65343a36ad4b1d292929"));
rsa_public_key_clear(&pub);
rsa_private_key_clear(&priv);
SUCCESS();
}
