static int desDecrypt(
TestParams *testParams,
B_KEY_OBJ desKey,
uint8 *initVector,
CSSM_DATA *ctext,
CSSM_DATA *ptext)
{
ITEM iv;
B_BLK_CIPHER_W_FEEDBACK_PARAMS spec;
B_ALGORITHM_OBJ alg = NULL;
int brtn;
unsigned actLen;
unsigned remPtext = ptext->Length;
iv.data = initVector;
iv.len = DES_BLOCK_SIZE;
brtn = desEncDecSetup(&iv, &spec, &alg);
if(brtn) {
return brtn;
}
brtn = B_DecryptInit(alg,
desKey,
BSAFE_ALGORITHM_CHOOSER,
(A_SURRENDER_CTX *)NULL_PTR);
if(brtn) {
printf("***B_DecryptInit error (%d)\n", brtn);
return brtn;
}
brtn = B_DecryptUpdate(alg,
ptext->Data,
&actLen,
remPtext,
ctext->Data,
ctext->Length,
(B_ALGORITHM_OBJ)NULL_PTR,
(A_SURRENDER_CTX *)NULL_PTR);
if(brtn) {
printf("***B_DecryptUpdate error (%d)\n", brtn);
return brtn;
}
remPtext -= actLen;
ptext->Length = actLen;
brtn = B_DecryptFinal(alg,
ptext->Data + actLen,
&actLen,
remPtext,
(B_ALGORITHM_OBJ)NULL_PTR,
(A_SURRENDER_CTX *)NULL_PTR);
if(brtn) {
printf("***B_DecryptFinal error (%d)\n", brtn);
return brtn;
}
ptext->Length += actLen;
B_DestroyAlgorithmObject (&alg);
return 0;
}
int
read_priv_key (FILE * privring, PRIVATE_KEY * privkey,
unsigned char *newID)
{
unsigned char line[1024];
int i, err, len, length;
unsigned char iv[20];
unsigned char *temp, *temp2;
byte digest[16], *byteptr;
byte des3key[24];
BUFFER *buff;
#ifdef USE_RSAREF
R_DIGEST_CTX digest_context;
DES3_CBC_CTX context;
#else
B_ALGORITHM_OBJ digest_obj;
B_ALGORITHM_OBJ des_obj;
B_KEY_OBJ key_obj;
A_PKCS_RSA_PRIVATE_KEY keyinfo;
#endif
buff = new_buffer ();
/* read in the length */
if ((temp = getline (line, sizeof (line), privring)) == NULL)
return -1;
sscanf (line, "%d", &length);
/* Read in iv */
if (((temp = getline (line, sizeof (line), privring)) == NULL)
|| (decode_block (iv, &len, line, strlen (line))))
return -1;
if ((temp = getline (line, sizeof (line), privring)) == NULL)
return -1;
while (temp != NULL && !streq (line, end_key))
{
add_to_buffer (buff, line, strlen (line));
temp = getline (line, sizeof (line), privring);
}
temp = malloc (buff->length);
temp2 = malloc (buff->length);
if (decode_block (temp, &len, buff->message, buff->length) != 0)
return -1;
if (len < length)
{
fprintf (errlog, "Error: recovered key is too small!\n");
return (-2);
}
/* decrypt key */
#ifdef USE_RSAREF
R_DigestInit (&digest_context, DA_MD5);
R_DigestUpdate (&digest_context, PASSPHRASE, strlen (PASSPHRASE));
R_DigestFinal (&digest_context, digest, &i);
memcpy (des3key, digest, 16); /* set first 2 keys */
memcpy (des3key + 16, digest, 8); /* third key = first key */
DES3_CBCInit (&context, des3key, iv, 0);
while (len % 8 != 0)
len++; /* align on block boundry */
err = DES3_CBCUpdate (&context, temp2, temp, len);
#else
B_CreateAlgorithmObject (&digest_obj);
B_SetAlgorithmInfo (digest_obj, AI_MD5, NULL);
B_DigestInit (digest_obj, NULL, CHOOSER, NULL);
B_DigestUpdate (digest_obj, PASSPHRASE, strlen (PASSPHRASE), NULL);
B_DigestFinal (digest_obj, digest, &i, 16, NULL);
B_DestroyAlgorithmObject (&digest_obj);
memcpy (des3key, digest, 16); /* set first 2 keys */
memcpy (des3key + 16, digest, 8); /* third key = first key */
B_CreateAlgorithmObject (&des_obj);
B_SetAlgorithmInfo (des_obj, AI_DES_EDE3_CBC_IV8, iv);
B_CreateKeyObject (&key_obj);
err = B_SetKeyInfo (key_obj, KI_DES24Strong, des3key);
B_DecryptInit (des_obj, key_obj, CHOOSER, NULL);
err = B_DecryptUpdate (des_obj, temp2, &i, len, temp, len, random_obj,
NULL);
B_DecryptFinal (des_obj, temp2 + i, &i, len - i, random_obj, NULL);
B_DestroyKeyObject (&key_obj);
B_DestroyAlgorithmObject (&des_obj);
#endif
if (err)
{
printf ("Error: Problem decrypting key %x\n", err);
return (-1);
}
memset ((void *) digest, 0, 16); /* zero password */
free (temp);
/* Rebuild privkey */
byteptr = temp2;
i = *byteptr++;
i += (*byteptr++ * 256);
#ifdef USE_RSAREF
(*privkey).bits = i;
for (i = 0; i < MAX_RSA_MODULUS_LEN; i++)
(*privkey).modulus[i] = *byteptr++;
for (i = 0; i < MAX_RSA_MODULUS_LEN; i++)
(*privkey).publicExponent[i] = *byteptr++;
for (i = 0; i < MAX_RSA_MODULUS_LEN; i++)
(*privkey).exponent[i] = *byteptr++;
for (i = 0; i < MAX_RSA_PRIME_LEN; i++)
(*privkey).prime[0][i] = *byteptr++;
for (i = 0; i < MAX_RSA_PRIME_LEN; i++)
(*privkey).prime[1][i] = *byteptr++;
for (i = 0; i < MAX_RSA_PRIME_LEN; i++)
(*privkey).primeExponent[0][i] = *byteptr++;
for (i = 0; i < MAX_RSA_PRIME_LEN; i++)
(*privkey).primeExponent[1][i] = *byteptr++;
for (i = 0; i < MAX_RSA_PRIME_LEN; i++)
(*privkey).coefficient[i] = *byteptr++;
free (temp2);
/* Make Key ID */
R_DigestInit (&digest_context, DA_MD5);
R_DigestUpdate (&digest_context, privkey->modulus, MAX_RSA_MODULUS_LEN);
R_DigestUpdate (&digest_context, privkey->publicExponent, MAX_RSA_MODULUS_LEN);
R_DigestFinal (&digest_context, newID, &i);
#else
i = (i + 7) / 8;
if (i < MAX_RSA_MODULUS_LEN)
i = MAX_RSA_MODULUS_LEN;
keyinfo.modulus.len = i;
keyinfo.publicExponent.len = i;
keyinfo.privateExponent.len = i;
keyinfo.prime[0].len = (i + 1) / 2;
keyinfo.prime[1].len = (i + 1) / 2;
keyinfo.primeExponent[0].len = (i + 1) / 2;
keyinfo.primeExponent[1].len = (i + 1) / 2;
keyinfo.coefficient.len = (i + 1) / 2;
keyinfo.modulus.data = malloc (keyinfo.modulus.len);
memcpy (keyinfo.modulus.data, byteptr, keyinfo.modulus.len);
byteptr += keyinfo.modulus.len;
keyinfo.publicExponent.data = malloc (keyinfo.publicExponent.len);
memcpy (keyinfo.publicExponent.data, byteptr, keyinfo.publicExponent.len);
byteptr += keyinfo.publicExponent.len;
keyinfo.privateExponent.data = malloc (keyinfo.privateExponent.len);
memcpy (keyinfo.privateExponent.data, byteptr, keyinfo.privateExponent.len);
byteptr += keyinfo.privateExponent.len;
keyinfo.prime[0].data = malloc (keyinfo.prime[0].len);
memcpy (keyinfo.prime[0].data, byteptr, keyinfo.prime[0].len);
byteptr += keyinfo.prime[0].len;
keyinfo.prime[1].data = malloc (keyinfo.prime[1].len);
memcpy (keyinfo.prime[1].data, byteptr, keyinfo.prime[1].len);
byteptr += keyinfo.prime[1].len;
keyinfo.primeExponent[0].data = malloc (keyinfo.primeExponent[0].len);
memcpy (keyinfo.primeExponent[0].data, byteptr,
keyinfo.primeExponent[0].len);
byteptr += keyinfo.primeExponent[0].len;
keyinfo.primeExponent[1].data = malloc (keyinfo.primeExponent[1].len);
memcpy (keyinfo.primeExponent[1].data, byteptr,
keyinfo.primeExponent[1].len);
byteptr += keyinfo.primeExponent[1].len;
keyinfo.coefficient.data = malloc (keyinfo.coefficient.len);
memcpy (keyinfo.coefficient.data, byteptr, keyinfo.coefficient.len);
B_CreateKeyObject (privkey);
B_SetKeyInfo (*privkey, KI_PKCS_RSAPrivate, (POINTER) & keyinfo);
/* Make Key ID */
B_CreateAlgorithmObject (&digest_obj);
B_SetAlgorithmInfo (digest_obj, AI_MD5, NULL);
B_DigestInit (digest_obj, NULL, CHOOSER, NULL);
B_DigestUpdate (digest_obj, keyinfo.modulus.data, keyinfo.modulus.len, NULL);
B_DigestUpdate (digest_obj, keyinfo.publicExponent.data,
keyinfo.publicExponent.len, NULL);
B_DigestFinal (digest_obj, newID, &i, 16, NULL);
B_DestroyAlgorithmObject (&digest_obj);
free (keyinfo.modulus.data);
free (keyinfo.publicExponent.data);
free (keyinfo.privateExponent.data);
free (keyinfo.prime[0].data);
free (keyinfo.prime[1].data);
free (keyinfo.primeExponent[0].data);
free (keyinfo.primeExponent[1].data);
free (keyinfo.coefficient.data);
free (temp2);
#endif
return 0;
}
int main(int argc, char *argv[])
{
int status;
int keySize = argv[1] ? atoi(argv[1]) : 512;
printf("Key size = %d bits\n", keySize);
B_ALGORITHM_OBJ pGen = NULL;
check(B_CreateAlgorithmObject(&pGen));
B_DSA_PARAM_GEN_PARAMS gParams;
gParams.primeBits = keySize;
check(B_SetAlgorithmInfo(pGen, AI_DSAParamGen, POINTER(&gParams)));
B_ALGORITHM_OBJ random = NULL;
check(B_CreateAlgorithmObject(&random));
check(B_SetAlgorithmInfo(random, AI_X962Random_V0, NULL));
check(B_RandomInit(random, chooser, NULL));
check(B_RandomUpdate(random, seed, sizeof(seed), NULL));
check(B_GenerateInit(pGen, chooser, NULL));
B_ALGORITHM_OBJ result = NULL;
check(B_CreateAlgorithmObject(&result));
printf("Generating DSA parameters\n");
check(B_GenerateParameters(pGen, result, random, NULL));
printf("DSA generate complete, writing...\n");
A_DSA_PARAMS *dParams;
memset(&dParams, 0, sizeof(dParams));
check(B_GetAlgorithmInfo((POINTER *)&dParams, result, AI_DSAKeyGen));
dumpItem(dParams->prime, "prime");
dumpItem(dParams->subPrime, "subprime");
dumpItem(dParams->base, "base");
#if 0
B_KEY_OBJ pubKey = NULL;
check(B_CreateKeyObject(&pubKey));
B_KEY_OBJ privKey = NULL;
check(B_CreateKeyObject(&privKey));
B_ALGORITHM_OBJ gen = NULL;
check(B_CreateAlgorithmObject(&gen));
A_RSA_KEY_GEN_PARAMS args;
args.modulusBits = keySize;
args.publicExponent.data = exponent;
args.publicExponent.len = sizeof(exponent);
check(B_SetAlgorithmInfo(gen, AI_RSAStrongKeyGen, POINTER(&args)));
check(B_GenerateInit(gen, chooser, NULL));
check(B_GenerateKeypair(gen, pubKey, privKey, random, NULL));
B_ALGORITHM_OBJ enc = NULL;
check(B_CreateAlgorithmObject(&enc));
check(B_SetAlgorithmInfo(enc, AI_PKCS_RSAPublic, NULL));
check(B_EncryptInit(enc, pubKey, chooser, NULL));
unsigned int inLen;
check(B_EncryptUpdate(enc, crypt, &inLen, sizeof(crypt),
POINTER(in), sizeof(in), random, NULL));
printf("EncryptUpdate output = %u\n", inLen);
check(B_EncryptFinal(enc, crypt, &inLen, sizeof(crypt), random, NULL));
printf("EncryptFinal output=%u\n", inLen);
B_ALGORITHM_OBJ dec = NULL;
check(B_CreateAlgorithmObject(&dec));
check(B_SetAlgorithmInfo(dec, AI_PKCS_RSAPrivate, NULL));
check(B_DecryptInit(dec, privKey, chooser, NULL));
unsigned int outLen, outLen2;
check(B_DecryptUpdate(dec, out, &outLen, sizeof(out),
crypt, inLen, random, NULL));
printf("DecryptUpdate output = %u\n", outLen);
check(B_DecryptFinal(dec, out2, &outLen2, sizeof(out2), random, NULL));
printf("DecryptFinal output=%u %s\n", outLen2, (char*)out2);
B_DestroyKeyObject(&pubKey);
B_DestroyKeyObject(&privKey);
#endif
exit(0);
}
static int
dst_bsafe_verify(const int mode, DST_KEY *dkey, void **context,
const u_char *data, const int len,
const u_char *signature, const int sig_len)
{
B_ALGORITHM_OBJ *md5_ctx = NULL;
u_char digest[DST_HASH_SIZE];
u_char work_area[DST_HASH_SIZE + sizeof(pkcs1)];
int status = 0, w_bytes = 0;
u_int u_bytes = 0;
if (mode & SIG_MODE_INIT) {
md5_ctx = (B_ALGORITHM_OBJ *) malloc(sizeof(B_ALGORITHM_OBJ));
if ((status = B_CreateAlgorithmObject(md5_ctx)))
return (-1);
if ((status = B_SetAlgorithmInfo(*md5_ctx, AI_MD5, NULL)))
return (-1);
}
else if (context)
md5_ctx = (B_ALGORITHM_OBJ *) *context;
if (md5_ctx == NULL)
return (-1);
w_bytes = dst_bsafe_md5digest(mode, md5_ctx, data, len,
digest, sizeof(digest));
if (w_bytes < 0 || (mode & SIG_MODE_FINAL)) {
B_DestroyAlgorithmObject(md5_ctx);
SAFE_FREE(md5_ctx);
if (w_bytes < 0)
return (-1);
}
if (mode & SIG_MODE_FINAL) {
RSA_Key *key;
int ret = 0;
B_ALGORITHM_OBJ rsaEncryptor = (B_ALGORITHM_OBJ) NULL_PTR;
if (dkey == NULL || dkey->dk_KEY_struct == NULL)
return (-1);
key = (RSA_Key *) dkey->dk_KEY_struct;
if (key->rk_Public_Key == NULL)
return (-2);
if (rsaEncryptor == NULL_PTR) {
if ((status = B_CreateAlgorithmObject(&rsaEncryptor)))
ret = SIGN_FINAL_FAILURE;
if (ret == 0 &&
(status = B_SetAlgorithmInfo(rsaEncryptor,
AI_PKCS_RSAPublic,
NULL_PTR)))
ret = VERIFY_FINAL_FAILURE;
}
if (ret == 0 &&
(status = B_DecryptInit(rsaEncryptor, key->rk_Public_Key,
CHOOSER, NULL_SURRENDER)))
ret = VERIFY_FINAL_FAILURE;
if (ret == 0 &&
(status = B_DecryptUpdate(rsaEncryptor, work_area,
&u_bytes, 0,
(const u_char *) signature,
sig_len,
NULL_PTR, NULL_SURRENDER)))
ret = VERIFY_FINAL_FAILURE;
if (ret == 0 &&
(status = B_DecryptFinal(rsaEncryptor, work_area + u_bytes,
&u_bytes,
sizeof(work_area) - u_bytes,
NULL_PTR, NULL_SURRENDER)))
ret = VERIFY_FINAL_FAILURE;
B_DestroyAlgorithmObject(&rsaEncryptor);
/* skip PKCS#1 header in output from Decrypt function */
if (ret)
return (ret);
ret = memcmp(digest, &work_area[sizeof(pkcs1)], w_bytes);
if (ret == 0)
return(0);
else
return(VERIFY_FINAL_FAILURE);
}
else {
if (context == NULL)
return (-1);
*context = (void *) md5_ctx;
}
return (0);
}
/*
* Performs an RSA decryption. Returns a prefix of the unwrapped
* data in the given buf. Returns the length of the untruncated
* data, which may exceed "len". Returns <0 on error.
*/
int
rsaPrivateDecrypt(PGPByte *outbuf, unsigned len, BigNum *bn,
RSAsec const *sec)
{
unsigned bytes = bnBytes(&sec->n);
PGPByte *buf = NULL;
B_ALGORITHM_OBJ bobj = NULL;
B_KEY_OBJ rprivk = NULL;
unsigned int bufoutlen;
PGPMemoryMgrRef mgr = bn->mgr;
int err;
buf = PGPNewSecureData (mgr, bytes, 0);
if (buf == NULL) {
err = kPGPError_OutOfMemory;
goto error;
}
bnExtractBigBytes (bn, buf, 0, bytes);
/* Initialize BSafe private key structure */
err = B_CreateAlgorithmObject (&bobj);
CHKERR(err);
err = B_SetAlgorithmInfo (bobj, AI_RSAPrivate, NULL);
CHKERR(err);
err = B_CreateKeyObject (&rprivk);
CHKERR(err);
err = rprivk_init(rprivk, sec, mgr);
CHKERR(err);
err = B_DecryptInit (bobj, rprivk, RSA_CHOOSER, (A_SURRENDER_CTX *)0);
CHKERR(err);
/* Do an RSA decryption to recover PKCS-1 padded key */
err = B_DecryptUpdate (bobj, buf, &bufoutlen, bytes, buf, bytes,
(B_ALGORITHM_OBJ)NULL, (A_SURRENDER_CTX *)NULL);
CHKERR(err);
err = B_DecryptFinal (bobj, buf+bufoutlen, &bufoutlen, bytes-bufoutlen,
(B_ALGORITHM_OBJ)NULL, (A_SURRENDER_CTX *)NULL);
CHKERR(err);
B_DestroyKeyObject (&rprivk);
rprivk = NULL;
B_DestroyAlgorithmObject (&bobj);
bobj = NULL;
/* Return to bn format */
bnSetQ (bn, 0);
bnInsertBigBytes (bn, buf, 0, bytes);
pgpClearMemory (buf, bytes);
PGPFreeData (buf);
buf = NULL;
err = pgpPKCSUnpack(outbuf, len, bn, PKCS_PAD_ENCRYPTED, bytes);
error:
if (buf) {
pgpClearMemory (buf, bytes);
PGPFreeData (buf);
}
if (rprivk)
B_DestroyKeyObject (&rprivk);
if (bobj)
B_DestroyAlgorithmObject (&bobj);
return err;
}
