int sha1Digest(sha1Param* sp, byte* data)
{
sha1Finish(sp);
#if WORDS_BIGENDIAN
memcpy(data, sp->h, 20);
#else
/* encode 5 integers big-endian style */
data[ 0] = (byte)(sp->h[0] >> 24);
data[ 1] = (byte)(sp->h[0] >> 16);
data[ 2] = (byte)(sp->h[0] >> 8);
data[ 3] = (byte)(sp->h[0] >> 0);
data[ 4] = (byte)(sp->h[1] >> 24);
data[ 5] = (byte)(sp->h[1] >> 16);
data[ 6] = (byte)(sp->h[1] >> 8);
data[ 7] = (byte)(sp->h[1] >> 0);
data[ 8] = (byte)(sp->h[2] >> 24);
data[ 9] = (byte)(sp->h[2] >> 16);
data[10] = (byte)(sp->h[2] >> 8);
data[11] = (byte)(sp->h[2] >> 0);
data[12] = (byte)(sp->h[3] >> 24);
data[13] = (byte)(sp->h[3] >> 16);
data[14] = (byte)(sp->h[3] >> 8);
data[15] = (byte)(sp->h[3] >> 0);
data[16] = (byte)(sp->h[4] >> 24);
data[17] = (byte)(sp->h[4] >> 16);
data[18] = (byte)(sp->h[4] >> 8);
data[19] = (byte)(sp->h[4] >> 0);
#endif
sha1Reset(sp);
return 0;
}
int main() {
FILE *rng;
unsigned long rnum;
int i, j;
randomGeneratorContext rngc;
byte keyTest[32];
char keyHex[80];
rsakp keypair;
unsigned char mac[6];
byte digest[20];
char digestHex[41];
sha1Param sha1param;
randomGeneratorContextInit(&rngc, randomGeneratorDefault());
rsakpInit(&keypair);
fscanf( stdin, "%02X:%02X:%02X:%02X:%02X:%02X", &(mac[0]),&(mac[1]),&(mac[2]),&(mac[3]),&(mac[4]),&(mac[5]) );
sha1Reset( &sha1param );
sha1Update( &sha1param, mac, 6 ); // put the MAC into the SHA-1
rngc.rng->next(rngc.param, (byte*) keyTest, 16);
sha1Update( &sha1param, keyTest, 16 ); // then add some random numbers for good measure
sha1Digest( &sha1param, digest );
toHex(digest, digestHex, 16); // and there you have our putative ID
// just in case we are a bit too deterministic, we push around
// the RNG some amount that is linked to the MAC...not really a permanent
// solution, but it should help avoid collisions.
for( i = 0; i < digest[0]; i++ ) {
rngc.rng->next(rngc.param, (byte*) keyTest, 16);
}
for( i = 0; i < digest[12]; i++ ) {
rngc.rng->next(rngc.param, (byte*) keyTest, 16);
}
for( i = 0; i < digest[7]; i++ ) {
rngc.rng->next(rngc.param, (byte*) keyTest, 16);
}
for( i = 0; i < digest[17]; i++ ) {
rngc.rng->next(rngc.param, (byte*) keyTest, 16);
}
fprintf(stdout, "# Indeed, these are crypto keys. The overall system is designed to tolerate people finding these keys. Please note that modifying or copying these keys may cause us to be unable to recover your account information.\n" );
for( i = 0; i < MAX_KEY_INDEX; i++ ) {
rngc.rng->next(rngc.param, (byte*) keyTest, 16);
toHex(keyTest, keyHex, 16);
fprintf(stdout, "AES:%d:", i );
fprintf(stdout, "%s\n", keyHex );
fflush(stdout);
}
fprintf( stderr, "Generating 2048-bit RSA key pair..." );
rsakpMake(&keypair, &rngc, 2048);
fprintf( stderr, "Done.\n" );
fflush( stderr );
for( j = 0; j < MAX_KEY_INDEX; j++ ) {
// create the putative index
//rngc.rng->next(rngc.param, (byte*) keyTest, 16);
//toHex(keyTest, keyHex, 16);
fprintf(stdout, "PKI_I:%d:", j );
// fprintf(stdout, "%s", keyHex );
fprintf(stdout, "%s", digestHex );
// save the public key
fprintf(stdout, "\nPKI_N:%d:", j );
for( i = 0; i < keypair.n.size; i++ )
fprintf(stdout, "%08X", keypair.n.modl[i] );
fprintf(stdout, "\nPKI_E:%d:", j );
for( i = 0; i < keypair.e.size; i++ )
fprintf(stdout, "%08X", keypair.e.data[i]);
// now save the private key components used in the CRT
fprintf(stdout, "\nPKI_P:%d:", j );
for( i = 0; i < keypair.p.size; i++ )
fprintf(stdout, "%08X", keypair.p.modl[i] );
fprintf(stdout, "\nPKI_Q:%d:", j );
for( i = 0; i < keypair.q.size; i++ )
fprintf(stdout, "%08X", keypair.q.modl[i] );
fprintf(stdout, "\nPKI_DP:%d:", j );
for( i = 0; i < keypair.dp.size; i++ )
fprintf(stdout, "%08X", keypair.dp.data[i]);
fprintf(stdout, "\nPKI_DQ:%d:", j );
for( i = 0; i < keypair.dq.size; i++ )
fprintf(stdout, "%08X", keypair.dq.data[i]);
fprintf(stdout, "\nPKI_QI:%d:", j );
for( i = 0; i < keypair.qi.size; i++ )
fprintf(stdout, "%08X", keypair.qi.data[i]);
fprintf(stdout, "\n" );
}
return 0;
}
void doInteraction() {
char *cmd;
// i/o
opRec oprec;
unsigned char dataStr[256];
// aes
aesParam aesparam;
byte aesSrc[16];
byte aesDst[16];
// rsa
rsakp keypair;
mpnumber m, cipher, signature;
// sha1
byte digest[20];
char digestHex[41];
sha1Param sha1param;
int i;
oprec.data = dataStr;
oprec.dataLen = MAXDATLEN;
while(1) {
// reset the data string
for( i = 0; i < MAXDATLEN; i++ ) {
oprec.data[i] = '0';
}
oprec.dataLen = MAXDATLEN;
// grab the string and parse it
cmd = getString();
if(parseString(cmd, &oprec) != 1) {
oprec.dataLen = MAXDATLEN;
continue;
}
switch(oprec.cipherType) {
case CH_AES:
for( i = 0; i < 16; i++ ) {
aesSrc[i] = 0;
}
if(aesSetup(&aesparam, AESkeyTable[oprec.keyIndex].key, 128, oprec.opType == CH_ENCRYPT ? ENCRYPT : DECRYPT ))
continue;
fromhex(aesSrc, oprec.data);
if( oprec.opType == CH_ENCRYPT ) {
if( aesEncrypt(&aesparam, (uint32_t *)aesDst, (uint32_t *)aesSrc) )
continue;
} else {
if( aesDecrypt(&aesparam, (uint32_t *)aesDst, (uint32_t *)aesSrc) )
continue;
}
for( i = 0; i < 16; i++ ) {
printf("%02X", aesDst[i] );
}
printf( "\n" );
break;
case CH_SGN:
// init sha1
if( sha1Reset( &sha1param ) )
continue;
if( sha1Update( &sha1param, oprec.data, oprec.dataLen ))
continue;
if( sha1Digest( &sha1param, digest ) )
continue;
// digest now contains the 160-bit message we want to sign
toHex(digest, digestHex, 20);
// digestHex now has the correct large number representation of the message
#if TESTING
fprintf( stderr, "sha1 of message: %s\n", digestHex );
#endif
// init rsa
rsakpInit(&keypair);
mpbsethex(&keypair.n, RSAkeyTable[oprec.keyIndex].rsa_n);
mpnsethex(&keypair.e, RSAkeyTable[oprec.keyIndex].rsa_e);
mpbsethex(&keypair.p, RSAkeyTable[oprec.keyIndex].rsa_p);
mpbsethex(&keypair.q, RSAkeyTable[oprec.keyIndex].rsa_q);
mpnsethex(&keypair.dp, RSAkeyTable[oprec.keyIndex].rsa_dp);
mpnsethex(&keypair.dq, RSAkeyTable[oprec.keyIndex].rsa_dq);
mpnsethex(&keypair.qi, RSAkeyTable[oprec.keyIndex].rsa_qi);
mpnzero(&m);
mpnzero(&cipher);
mpnzero(&signature);
mpnsethex(&m, digestHex);
// we are now all set to do the signing
// need to:
// write signing alg here
// make test case
// this link is very helpful in writing this code:
// http://tools.ietf.org/html/rfc3447#page-12
rsapricrt(&keypair.n, &keypair.p, &keypair.q, &keypair.dp, &keypair.dq, &keypair.qi, &m, &signature);
for( i = 0; i < signature.size; i++ ) {
printf("%08X", signature.data[i] );
}
printf( "\n" );
#if TESTING
mpnfree(&m);
mpnzero(&m);
rsapub(&keypair.n, &keypair.e, &signature, &m);
for( i = 0; i < m.size; i++ ) {
printf("%08X", m.data[i] );
}
printf( "\n" );
#endif
rsakpFree(&keypair);
break;
case CH_VRF:
rsakpInit(&keypair);
mpbsethex(&keypair.n, RSAkeyTable[oprec.keyIndex].rsa_n);
mpnsethex(&keypair.e, RSAkeyTable[oprec.keyIndex].rsa_e);
mpbsethex(&keypair.p, RSAkeyTable[oprec.keyIndex].rsa_p);
mpbsethex(&keypair.q, RSAkeyTable[oprec.keyIndex].rsa_q);
mpnsethex(&keypair.dp, RSAkeyTable[oprec.keyIndex].rsa_dp);
mpnsethex(&keypair.dq, RSAkeyTable[oprec.keyIndex].rsa_dq);
mpnsethex(&keypair.qi, RSAkeyTable[oprec.keyIndex].rsa_qi);
mpnzero(&m);
mpnzero(&cipher);
mpnzero(&signature);
mpnsethex(&m, oprec.data);
rsapub(&keypair.n, &keypair.e, &m, &cipher);
for( i = 0; i < cipher.size; i++ )
printf("%08X", cipher.data[i]);
printf( "\n" );
break;
case CH_SHA:
// init sha1
if( sha1Reset( &sha1param ) )
continue;
if( sha1Update( &sha1param, oprec.data, oprec.dataLen ))
continue;
if( sha1Digest( &sha1param, digest ) )
continue;
// digest now contains the 160-bit message we want to sign
toHex(digest, digestHex, 20);
printf( "%s\n", digestHex );
break;
default:
fprintf( stderr, "unknown cipher type caught.\n" );
} // switch
// prevent the leak!
#if (TESTING == 0)
if( cmd != NULL )
free(cmd);
#endif
} // while
}
