// Use exactly
// 2 * ccn_sizeof(ccec_cp_order_bitlen(cp)) bytes of random in total.
// Half of the random for the actual generation, the other for the consistency check
// The consistency check may require more random, therefore a DRBG is set to cover
// this case.
int
ccec_generate_key_legacy(ccec_const_cp_t cp, struct ccrng_state *rng, ccec_full_ctx_t key)
{
int result;
if((result = ccec_generate_key_internal_legacy(cp, rng, key))) return result;
{
// Create an rng using a drbg.
// Signature may use a non deterministic amount of random
// while input rng may be limited (this is the case for PBKDF2).
// Agnostic of DRBG
struct ccrng_drbg_state rng_drbg;
struct ccdrbg_info info;
uint8_t drbg_init_salt[ccn_sizeof(ccec_cp_order_bitlen(cp))];
cc_require((result = ccrng_generate(rng, sizeof(drbg_init_salt), drbg_init_salt))==0,errOut);
// Set DRBG - NIST HMAC
struct ccdrbg_nisthmac_custom custom = {
.di = ccsha256_di(),
.strictFIPS = 0,
};
ccdrbg_factory_nisthmac(&info, &custom);
// Init the rng drbg
uint8_t state[info.size];
result = ccrng_drbg_init(&rng_drbg, &info, (struct ccdrbg_state *)state, sizeof(drbg_init_salt), drbg_init_salt);
if(result == 0) {
result = ccec_pairwise_consistency_check(key, (struct ccrng_state *)&rng_drbg) ? 0 : -1;
}
// Close the rng drbg
ccrng_drbg_done(&rng_drbg);
}
errOut:
return result;
}
int ccrsa_test_verify_pkcs1v15_vector(const struct ccrsa_verify_vector *v)
{
bool ok;
int rc;
const struct ccdigest_info *di = v->di;
const cc_size n = ccn_nof(v->modlen);
const size_t s = ccn_sizeof(v->modlen);
unsigned char H[di->output_size];
cc_unit exponent[n];
cc_unit modulus[n];
ccrsa_pub_ctx_decl(ccn_sizeof(v->modlen), key);
ccrsa_ctx_n(key) = n;
ccn_seti(n, exponent, v->exp);
ccn_read_uint(n, modulus, s, v->mod);
ccrsa_init_pub(key, modulus, exponent);
ccdigest(di, v->msglen, v->msg, H);
rc=ccrsa_verify_pkcs1v15(key, di->oid.oid, di->output_size, H, v->siglen, v->sig, &ok);
return ((rc==0)
&& ((ok && v->valid) || (!ok && !v->valid)))?0:1;
}
keyDescription = CFStringCreateWithFormat(kCFAllocatorDefault,NULL,CFSTR( "<SecKeyRef curve type: %s, algorithm id: %lu, key type: %s, version: %d, block size: %zu bits, y: %@, x: %@, addr: %p>"), curve, (long)SecKeyGetAlgorithmID(key), key->key_class->name, key->key_class->version, (8*SecKeyGetBlockSize(key)), yString, xString, key);
fail:
CFReleaseSafe(xString);
CFReleaseSafe(yString);
if(!keyDescription)
keyDescription = CFStringCreateWithFormat(kCFAllocatorDefault,NULL,CFSTR("<SecKeyRef curve type: %s, algorithm id: %lu, key type: %s, version: %d, block size: %zu bits, addr: %p>"), curve,(long)SecKeyGetAlgorithmID(key), key->key_class->name, key->key_class->version, (8*SecKeyGetBlockSize(key)), key);
return keyDescription;
}
SecKeyDescriptor kSecECPublicKeyDescriptor = {
kSecKeyDescriptorVersion,
"ECPublicKey",
ccec_pub_ctx_size(ccn_sizeof(kMaximumECKeySize)), /* extraBytes */
SecECPublicKeyInit,
SecECPublicKeyDestroy,
NULL, /* SecKeyRawSignMethod */
SecECPublicKeyRawVerify,
SecECPublicKeyRawEncrypt,
NULL, /* SecKeyDecryptMethod */
NULL, /* SecKeyComputeMethod */
SecECPublicKeyBlockSize,
SecECPublicKeyCopyAttributeDictionary,
SecECPublicKeyCopyKeyDescription,
SecECKeyGetAlgorithmID,
SecECPublicKeyCopyPublicOctets,
};
/* Public Key API functions. */
static int RSA_POST()
{
int result = -1;
uint32_t uintEValue = 3;
// xp1 = 1384167f9844865eae22cb3672
unsigned char* xp1Data = (unsigned char*)"\x13\x84\x16\x7f\x98\x44\x86\x5e\xae\x22\xcb\x36\x72";
size_t xp1DataSize = 13;
// xp2 = 1a085b0b737f842a8a1f32b662
unsigned char* xp2Data = (unsigned char*)"\x1a\x08\x5b\x0b\x73\x7f\x84\x2a\x8a\x1f\x32\xb6\x62";
size_t xp2DataSize = 13;
// Xp = beef5ad133e9a3955097c8d8b03bd50662b5f82b8e9c3eab5c8d9d3311c337ef7ce8ddfe902bd2235293d2bdf69353f944de0b46417cb2090c1e099206af1b4
unsigned char* xpData = (unsigned char*)"\xbe\xef\x5a\xd1\x33\xe9\xa3\x95\x50\x97\xc8\xd8\xb0\x3b\xd5\x06\x62\xb5\xf8\x2b\x8e\x9c\x3e\xab\x5c\x8d\x9d\x33\x11\xc3\x37\xef\x7c\xe8\xdd\xfe\x90\x2b\xd2\x23\x52\x93\xd2\xbd\xf6\x93\x53\xf9\x44\xde\x0b\x46\x41\x7c\xb2\x09\x0c\x1e\x09\x92\x06\xaf\x1b\x04";
size_t xpDataSize = 64;
// xq1 = 17fa0d7d2189c759b0b8eb1d18
unsigned char* xq1Data = (unsigned char*)"\x17\xfa\x0d\x7d\x21\x89\xc7\x59\xb0\xb8\xeb\x1d\x18";
size_t xq1DataSize = 13;
// xq2 = 17c8e735fb8d58e13a412ae214
unsigned char* xq2Data = (unsigned char*)"\x17\xc8\xe7\x35\xfb\x8d\x58\xe1\x3a\x41\x2a\xe2\x14";
size_t xq2DataSize = 13;
// Xq = f2d7b992fb914cd677876bb3702b1441716ebd2b447c3a0500a6e0e0449feb1cbdec1d7eee96a88230224ef3f7c2c7b858cd63f1c86df0432798de6ffd41a12a
unsigned char* xqData = (unsigned char*)"\xf2\xd7\xb9\x92\xfb\x91\x4c\xd6\x77\x87\x6b\xb3\x70\x2b\x14\x41\x71\x6e\xbd\x2b\x44\x7c\x3a\x05\x00\xa6\xe0\xe0\x44\x9f\xeb\x1c\xbd\xec\x1d\x7e\xee\x96\xa8\x82\x30\x22\x4e\xf3\xf7\xc2\xc7\xb8\x58\xcd\x63\xf1\xc8\x6d\xf0\x43\x27\x98\xde\x6f\xfd\x41\xa1\x2a";
size_t xqDataSize = 64;
cc_unit x_p1[ccn_nof_size(xp1DataSize)];
cc_unit x_p2[ccn_nof_size(xp2DataSize)];
cc_unit x_p[ccn_nof_size(xpDataSize)];
cc_unit x_q1[ccn_nof_size(xq1DataSize)];
cc_unit x_q2[ccn_nof_size(xq2DataSize)];
cc_unit x_q[ccn_nof_size(xqDataSize)];
cc_unit e_value[1];
size_t nbits = xpDataSize * 8 + xqDataSize * 8; // or we'll add this as a parameter. This appears to be correct for FIPS
cc_size n = ccn_nof(nbits);
e_value[0] = (cc_unit)uintEValue;
if (0 != ccn_read_uint(ccn_nof_size(xp1DataSize), x_p1, xp1DataSize, xp1Data))
{
return result;
}
if (0 != ccn_read_uint(ccn_nof_size(xp2DataSize), x_p2, xp2DataSize, xp2Data))
{
return result;
}
if (0 != ccn_read_uint(ccn_nof_size(xpDataSize), x_p, xpDataSize, xpData))
{
return result;
}
if (0 != ccn_read_uint(ccn_nof_size(xq1DataSize), x_q1, xq1DataSize, xq1Data))
{
return result;
}
if (0 != ccn_read_uint(ccn_nof_size(xq2DataSize), x_q2, xq2DataSize, xq2Data))
{
return result;
}
if (0 != ccn_read_uint(ccn_nof_size(xqDataSize), x_q, xqDataSize, xqData))
{
return result;
};
cc_size np = n;
cc_size nq = n;
cc_size nm = n;
cc_size nd = n;
cc_unit p[n];
cc_unit q[n];
cc_unit m[n];
cc_unit d[n];
ccrsa_full_ctx_decl(ccn_sizeof_n(n), full_key);
ccrsa_ctx_n(full_key) = n;
if (0 != ccrsa_make_931_key(nbits, 1, e_value,
ccn_nof_size(xp1DataSize), x_p1,
ccn_nof_size(xp2DataSize), x_p2,
ccn_nof_size(xpDataSize), x_p,
ccn_nof_size(xq1DataSize), x_q1,
ccn_nof_size(xq2DataSize), x_q2,
ccn_nof_size(xqDataSize), x_q,
full_key,
&np, p,
&nq, q,
&nm, m,
&nd, d))
{
ccrsa_full_ctx_clear(ccn_sizeof(nbits), full_key);
return result;
}
ccrsa_full_ctx *fk = full_key;
ccrsa_pub_ctx_t pub_key = ccrsa_ctx_public(fk);
unsigned char fake_digest[20];
memcpy(fake_digest, "ABCEDFGHIJKLMNOPRSTU", 20);
uint8_t sig[(nbits+7)/8];
size_t siglen=sizeof(sig);
if (0 != ccrsa_sign_pkcs1v15(full_key, ccoid_sha1, CCSHA1_OUTPUT_SIZE, fake_digest, &siglen, sig))
{
ccrsa_full_ctx_clear(ccn_sizeof(nbits), full_key);
return result;
}
bool ok;
if (0 != ccrsa_verify_pkcs1v15(pub_key, ccoid_sha1, CCSHA1_OUTPUT_SIZE, fake_digest, siglen, sig, &ok) || !ok)
{
ccrsa_full_ctx_clear(ccn_sizeof(nbits), full_key);
return result;
}
return 0;
}