static int desDecrypt( TestParams *testParams, B_KEY_OBJ desKey, uint8 *initVector, CSSM_DATA *ctext, CSSM_DATA *ptext) { ITEM iv; B_BLK_CIPHER_W_FEEDBACK_PARAMS spec; B_ALGORITHM_OBJ alg = NULL; int brtn; unsigned actLen; unsigned remPtext = ptext->Length; iv.data = initVector; iv.len = DES_BLOCK_SIZE; brtn = desEncDecSetup(&iv, &spec, &alg); if(brtn) { return brtn; } brtn = B_DecryptInit(alg, desKey, BSAFE_ALGORITHM_CHOOSER, (A_SURRENDER_CTX *)NULL_PTR); if(brtn) { printf("***B_DecryptInit error (%d)\n", brtn); return brtn; } brtn = B_DecryptUpdate(alg, ptext->Data, &actLen, remPtext, ctext->Data, ctext->Length, (B_ALGORITHM_OBJ)NULL_PTR, (A_SURRENDER_CTX *)NULL_PTR); if(brtn) { printf("***B_DecryptUpdate error (%d)\n", brtn); return brtn; } remPtext -= actLen; ptext->Length = actLen; brtn = B_DecryptFinal(alg, ptext->Data + actLen, &actLen, remPtext, (B_ALGORITHM_OBJ)NULL_PTR, (A_SURRENDER_CTX *)NULL_PTR); if(brtn) { printf("***B_DecryptFinal error (%d)\n", brtn); return brtn; } ptext->Length += actLen; B_DestroyAlgorithmObject (&alg); return 0; }
int read_priv_key (FILE * privring, PRIVATE_KEY * privkey, unsigned char *newID) { unsigned char line[1024]; int i, err, len, length; unsigned char iv[20]; unsigned char *temp, *temp2; byte digest[16], *byteptr; byte des3key[24]; BUFFER *buff; #ifdef USE_RSAREF R_DIGEST_CTX digest_context; DES3_CBC_CTX context; #else B_ALGORITHM_OBJ digest_obj; B_ALGORITHM_OBJ des_obj; B_KEY_OBJ key_obj; A_PKCS_RSA_PRIVATE_KEY keyinfo; #endif buff = new_buffer (); /* read in the length */ if ((temp = getline (line, sizeof (line), privring)) == NULL) return -1; sscanf (line, "%d", &length); /* Read in iv */ if (((temp = getline (line, sizeof (line), privring)) == NULL) || (decode_block (iv, &len, line, strlen (line)))) return -1; if ((temp = getline (line, sizeof (line), privring)) == NULL) return -1; while (temp != NULL && !streq (line, end_key)) { add_to_buffer (buff, line, strlen (line)); temp = getline (line, sizeof (line), privring); } temp = malloc (buff->length); temp2 = malloc (buff->length); if (decode_block (temp, &len, buff->message, buff->length) != 0) return -1; if (len < length) { fprintf (errlog, "Error: recovered key is too small!\n"); return (-2); } /* decrypt key */ #ifdef USE_RSAREF R_DigestInit (&digest_context, DA_MD5); R_DigestUpdate (&digest_context, PASSPHRASE, strlen (PASSPHRASE)); R_DigestFinal (&digest_context, digest, &i); memcpy (des3key, digest, 16); /* set first 2 keys */ memcpy (des3key + 16, digest, 8); /* third key = first key */ DES3_CBCInit (&context, des3key, iv, 0); while (len % 8 != 0) len++; /* align on block boundry */ err = DES3_CBCUpdate (&context, temp2, temp, len); #else B_CreateAlgorithmObject (&digest_obj); B_SetAlgorithmInfo (digest_obj, AI_MD5, NULL); B_DigestInit (digest_obj, NULL, CHOOSER, NULL); B_DigestUpdate (digest_obj, PASSPHRASE, strlen (PASSPHRASE), NULL); B_DigestFinal (digest_obj, digest, &i, 16, NULL); B_DestroyAlgorithmObject (&digest_obj); memcpy (des3key, digest, 16); /* set first 2 keys */ memcpy (des3key + 16, digest, 8); /* third key = first key */ B_CreateAlgorithmObject (&des_obj); B_SetAlgorithmInfo (des_obj, AI_DES_EDE3_CBC_IV8, iv); B_CreateKeyObject (&key_obj); err = B_SetKeyInfo (key_obj, KI_DES24Strong, des3key); B_DecryptInit (des_obj, key_obj, CHOOSER, NULL); err = B_DecryptUpdate (des_obj, temp2, &i, len, temp, len, random_obj, NULL); B_DecryptFinal (des_obj, temp2 + i, &i, len - i, random_obj, NULL); B_DestroyKeyObject (&key_obj); B_DestroyAlgorithmObject (&des_obj); #endif if (err) { printf ("Error: Problem decrypting key %x\n", err); return (-1); } memset ((void *) digest, 0, 16); /* zero password */ free (temp); /* Rebuild privkey */ byteptr = temp2; i = *byteptr++; i += (*byteptr++ * 256); #ifdef USE_RSAREF (*privkey).bits = i; for (i = 0; i < MAX_RSA_MODULUS_LEN; i++) (*privkey).modulus[i] = *byteptr++; for (i = 0; i < MAX_RSA_MODULUS_LEN; i++) (*privkey).publicExponent[i] = *byteptr++; for (i = 0; i < MAX_RSA_MODULUS_LEN; i++) (*privkey).exponent[i] = *byteptr++; for (i = 0; i < MAX_RSA_PRIME_LEN; i++) (*privkey).prime[0][i] = *byteptr++; for (i = 0; i < MAX_RSA_PRIME_LEN; i++) (*privkey).prime[1][i] = *byteptr++; for (i = 0; i < MAX_RSA_PRIME_LEN; i++) (*privkey).primeExponent[0][i] = *byteptr++; for (i = 0; i < MAX_RSA_PRIME_LEN; i++) (*privkey).primeExponent[1][i] = *byteptr++; for (i = 0; i < MAX_RSA_PRIME_LEN; i++) (*privkey).coefficient[i] = *byteptr++; free (temp2); /* Make Key ID */ R_DigestInit (&digest_context, DA_MD5); R_DigestUpdate (&digest_context, privkey->modulus, MAX_RSA_MODULUS_LEN); R_DigestUpdate (&digest_context, privkey->publicExponent, MAX_RSA_MODULUS_LEN); R_DigestFinal (&digest_context, newID, &i); #else i = (i + 7) / 8; if (i < MAX_RSA_MODULUS_LEN) i = MAX_RSA_MODULUS_LEN; keyinfo.modulus.len = i; keyinfo.publicExponent.len = i; keyinfo.privateExponent.len = i; keyinfo.prime[0].len = (i + 1) / 2; keyinfo.prime[1].len = (i + 1) / 2; keyinfo.primeExponent[0].len = (i + 1) / 2; keyinfo.primeExponent[1].len = (i + 1) / 2; keyinfo.coefficient.len = (i + 1) / 2; keyinfo.modulus.data = malloc (keyinfo.modulus.len); memcpy (keyinfo.modulus.data, byteptr, keyinfo.modulus.len); byteptr += keyinfo.modulus.len; keyinfo.publicExponent.data = malloc (keyinfo.publicExponent.len); memcpy (keyinfo.publicExponent.data, byteptr, keyinfo.publicExponent.len); byteptr += keyinfo.publicExponent.len; keyinfo.privateExponent.data = malloc (keyinfo.privateExponent.len); memcpy (keyinfo.privateExponent.data, byteptr, keyinfo.privateExponent.len); byteptr += keyinfo.privateExponent.len; keyinfo.prime[0].data = malloc (keyinfo.prime[0].len); memcpy (keyinfo.prime[0].data, byteptr, keyinfo.prime[0].len); byteptr += keyinfo.prime[0].len; keyinfo.prime[1].data = malloc (keyinfo.prime[1].len); memcpy (keyinfo.prime[1].data, byteptr, keyinfo.prime[1].len); byteptr += keyinfo.prime[1].len; keyinfo.primeExponent[0].data = malloc (keyinfo.primeExponent[0].len); memcpy (keyinfo.primeExponent[0].data, byteptr, keyinfo.primeExponent[0].len); byteptr += keyinfo.primeExponent[0].len; keyinfo.primeExponent[1].data = malloc (keyinfo.primeExponent[1].len); memcpy (keyinfo.primeExponent[1].data, byteptr, keyinfo.primeExponent[1].len); byteptr += keyinfo.primeExponent[1].len; keyinfo.coefficient.data = malloc (keyinfo.coefficient.len); memcpy (keyinfo.coefficient.data, byteptr, keyinfo.coefficient.len); B_CreateKeyObject (privkey); B_SetKeyInfo (*privkey, KI_PKCS_RSAPrivate, (POINTER) & keyinfo); /* Make Key ID */ B_CreateAlgorithmObject (&digest_obj); B_SetAlgorithmInfo (digest_obj, AI_MD5, NULL); B_DigestInit (digest_obj, NULL, CHOOSER, NULL); B_DigestUpdate (digest_obj, keyinfo.modulus.data, keyinfo.modulus.len, NULL); B_DigestUpdate (digest_obj, keyinfo.publicExponent.data, keyinfo.publicExponent.len, NULL); B_DigestFinal (digest_obj, newID, &i, 16, NULL); B_DestroyAlgorithmObject (&digest_obj); free (keyinfo.modulus.data); free (keyinfo.publicExponent.data); free (keyinfo.privateExponent.data); free (keyinfo.prime[0].data); free (keyinfo.prime[1].data); free (keyinfo.primeExponent[0].data); free (keyinfo.primeExponent[1].data); free (keyinfo.coefficient.data); free (temp2); #endif return 0; }
int main(int argc, char *argv[]) { int status; int keySize = argv[1] ? atoi(argv[1]) : 512; printf("Key size = %d bits\n", keySize); B_ALGORITHM_OBJ pGen = NULL; check(B_CreateAlgorithmObject(&pGen)); B_DSA_PARAM_GEN_PARAMS gParams; gParams.primeBits = keySize; check(B_SetAlgorithmInfo(pGen, AI_DSAParamGen, POINTER(&gParams))); B_ALGORITHM_OBJ random = NULL; check(B_CreateAlgorithmObject(&random)); check(B_SetAlgorithmInfo(random, AI_X962Random_V0, NULL)); check(B_RandomInit(random, chooser, NULL)); check(B_RandomUpdate(random, seed, sizeof(seed), NULL)); check(B_GenerateInit(pGen, chooser, NULL)); B_ALGORITHM_OBJ result = NULL; check(B_CreateAlgorithmObject(&result)); printf("Generating DSA parameters\n"); check(B_GenerateParameters(pGen, result, random, NULL)); printf("DSA generate complete, writing...\n"); A_DSA_PARAMS *dParams; memset(&dParams, 0, sizeof(dParams)); check(B_GetAlgorithmInfo((POINTER *)&dParams, result, AI_DSAKeyGen)); dumpItem(dParams->prime, "prime"); dumpItem(dParams->subPrime, "subprime"); dumpItem(dParams->base, "base"); #if 0 B_KEY_OBJ pubKey = NULL; check(B_CreateKeyObject(&pubKey)); B_KEY_OBJ privKey = NULL; check(B_CreateKeyObject(&privKey)); B_ALGORITHM_OBJ gen = NULL; check(B_CreateAlgorithmObject(&gen)); A_RSA_KEY_GEN_PARAMS args; args.modulusBits = keySize; args.publicExponent.data = exponent; args.publicExponent.len = sizeof(exponent); check(B_SetAlgorithmInfo(gen, AI_RSAStrongKeyGen, POINTER(&args))); check(B_GenerateInit(gen, chooser, NULL)); check(B_GenerateKeypair(gen, pubKey, privKey, random, NULL)); B_ALGORITHM_OBJ enc = NULL; check(B_CreateAlgorithmObject(&enc)); check(B_SetAlgorithmInfo(enc, AI_PKCS_RSAPublic, NULL)); check(B_EncryptInit(enc, pubKey, chooser, NULL)); unsigned int inLen; check(B_EncryptUpdate(enc, crypt, &inLen, sizeof(crypt), POINTER(in), sizeof(in), random, NULL)); printf("EncryptUpdate output = %u\n", inLen); check(B_EncryptFinal(enc, crypt, &inLen, sizeof(crypt), random, NULL)); printf("EncryptFinal output=%u\n", inLen); B_ALGORITHM_OBJ dec = NULL; check(B_CreateAlgorithmObject(&dec)); check(B_SetAlgorithmInfo(dec, AI_PKCS_RSAPrivate, NULL)); check(B_DecryptInit(dec, privKey, chooser, NULL)); unsigned int outLen, outLen2; check(B_DecryptUpdate(dec, out, &outLen, sizeof(out), crypt, inLen, random, NULL)); printf("DecryptUpdate output = %u\n", outLen); check(B_DecryptFinal(dec, out2, &outLen2, sizeof(out2), random, NULL)); printf("DecryptFinal output=%u %s\n", outLen2, (char*)out2); B_DestroyKeyObject(&pubKey); B_DestroyKeyObject(&privKey); #endif exit(0); }
static int dst_bsafe_verify(const int mode, DST_KEY *dkey, void **context, const u_char *data, const int len, const u_char *signature, const int sig_len) { B_ALGORITHM_OBJ *md5_ctx = NULL; u_char digest[DST_HASH_SIZE]; u_char work_area[DST_HASH_SIZE + sizeof(pkcs1)]; int status = 0, w_bytes = 0; u_int u_bytes = 0; if (mode & SIG_MODE_INIT) { md5_ctx = (B_ALGORITHM_OBJ *) malloc(sizeof(B_ALGORITHM_OBJ)); if ((status = B_CreateAlgorithmObject(md5_ctx))) return (-1); if ((status = B_SetAlgorithmInfo(*md5_ctx, AI_MD5, NULL))) return (-1); } else if (context) md5_ctx = (B_ALGORITHM_OBJ *) *context; if (md5_ctx == NULL) return (-1); w_bytes = dst_bsafe_md5digest(mode, md5_ctx, data, len, digest, sizeof(digest)); if (w_bytes < 0 || (mode & SIG_MODE_FINAL)) { B_DestroyAlgorithmObject(md5_ctx); SAFE_FREE(md5_ctx); if (w_bytes < 0) return (-1); } if (mode & SIG_MODE_FINAL) { RSA_Key *key; int ret = 0; B_ALGORITHM_OBJ rsaEncryptor = (B_ALGORITHM_OBJ) NULL_PTR; if (dkey == NULL || dkey->dk_KEY_struct == NULL) return (-1); key = (RSA_Key *) dkey->dk_KEY_struct; if (key->rk_Public_Key == NULL) return (-2); if (rsaEncryptor == NULL_PTR) { if ((status = B_CreateAlgorithmObject(&rsaEncryptor))) ret = SIGN_FINAL_FAILURE; if (ret == 0 && (status = B_SetAlgorithmInfo(rsaEncryptor, AI_PKCS_RSAPublic, NULL_PTR))) ret = VERIFY_FINAL_FAILURE; } if (ret == 0 && (status = B_DecryptInit(rsaEncryptor, key->rk_Public_Key, CHOOSER, NULL_SURRENDER))) ret = VERIFY_FINAL_FAILURE; if (ret == 0 && (status = B_DecryptUpdate(rsaEncryptor, work_area, &u_bytes, 0, (const u_char *) signature, sig_len, NULL_PTR, NULL_SURRENDER))) ret = VERIFY_FINAL_FAILURE; if (ret == 0 && (status = B_DecryptFinal(rsaEncryptor, work_area + u_bytes, &u_bytes, sizeof(work_area) - u_bytes, NULL_PTR, NULL_SURRENDER))) ret = VERIFY_FINAL_FAILURE; B_DestroyAlgorithmObject(&rsaEncryptor); /* skip PKCS#1 header in output from Decrypt function */ if (ret) return (ret); ret = memcmp(digest, &work_area[sizeof(pkcs1)], w_bytes); if (ret == 0) return(0); else return(VERIFY_FINAL_FAILURE); } else { if (context == NULL) return (-1); *context = (void *) md5_ctx; } return (0); }
/* * Performs an RSA decryption. Returns a prefix of the unwrapped * data in the given buf. Returns the length of the untruncated * data, which may exceed "len". Returns <0 on error. */ int rsaPrivateDecrypt(PGPByte *outbuf, unsigned len, BigNum *bn, RSAsec const *sec) { unsigned bytes = bnBytes(&sec->n); PGPByte *buf = NULL; B_ALGORITHM_OBJ bobj = NULL; B_KEY_OBJ rprivk = NULL; unsigned int bufoutlen; PGPMemoryMgrRef mgr = bn->mgr; int err; buf = PGPNewSecureData (mgr, bytes, 0); if (buf == NULL) { err = kPGPError_OutOfMemory; goto error; } bnExtractBigBytes (bn, buf, 0, bytes); /* Initialize BSafe private key structure */ err = B_CreateAlgorithmObject (&bobj); CHKERR(err); err = B_SetAlgorithmInfo (bobj, AI_RSAPrivate, NULL); CHKERR(err); err = B_CreateKeyObject (&rprivk); CHKERR(err); err = rprivk_init(rprivk, sec, mgr); CHKERR(err); err = B_DecryptInit (bobj, rprivk, RSA_CHOOSER, (A_SURRENDER_CTX *)0); CHKERR(err); /* Do an RSA decryption to recover PKCS-1 padded key */ err = B_DecryptUpdate (bobj, buf, &bufoutlen, bytes, buf, bytes, (B_ALGORITHM_OBJ)NULL, (A_SURRENDER_CTX *)NULL); CHKERR(err); err = B_DecryptFinal (bobj, buf+bufoutlen, &bufoutlen, bytes-bufoutlen, (B_ALGORITHM_OBJ)NULL, (A_SURRENDER_CTX *)NULL); CHKERR(err); B_DestroyKeyObject (&rprivk); rprivk = NULL; B_DestroyAlgorithmObject (&bobj); bobj = NULL; /* Return to bn format */ bnSetQ (bn, 0); bnInsertBigBytes (bn, buf, 0, bytes); pgpClearMemory (buf, bytes); PGPFreeData (buf); buf = NULL; err = pgpPKCSUnpack(outbuf, len, bn, PKCS_PAD_ENCRYPTED, bytes); error: if (buf) { pgpClearMemory (buf, bytes); PGPFreeData (buf); } if (rprivk) B_DestroyKeyObject (&rprivk); if (bobj) B_DestroyAlgorithmObject (&bobj); return err; }