예제 #1
0
// Use exactly
// 2 * ccn_sizeof(ccec_cp_order_bitlen(cp)) bytes of random in total.
// Half of the random for the actual generation, the other for the consistency check
// The consistency check may require more random, therefore a DRBG is set to cover
// this case.
int
ccec_generate_key_legacy(ccec_const_cp_t cp,  struct ccrng_state *rng, ccec_full_ctx_t key)
{
    int result;
    if((result = ccec_generate_key_internal_legacy(cp,  rng, key))) return result;
    {
        // Create an rng using a drbg.
        // Signature may use a non deterministic amount of random
        // while input rng may be limited (this is the case for PBKDF2).

        // Agnostic of DRBG
        struct ccrng_drbg_state rng_drbg;
        struct ccdrbg_info info;
        uint8_t drbg_init_salt[ccn_sizeof(ccec_cp_order_bitlen(cp))];
        cc_require((result = ccrng_generate(rng, sizeof(drbg_init_salt), drbg_init_salt))==0,errOut);

        // Set DRBG - NIST HMAC
        struct ccdrbg_nisthmac_custom custom = {
            .di = ccsha256_di(),
            .strictFIPS = 0,
        };
        ccdrbg_factory_nisthmac(&info, &custom);

        // Init the rng drbg
        uint8_t state[info.size];
        result = ccrng_drbg_init(&rng_drbg, &info, (struct ccdrbg_state *)state, sizeof(drbg_init_salt), drbg_init_salt);
        if(result == 0) {
            result = ccec_pairwise_consistency_check(key, (struct ccrng_state *)&rng_drbg) ? 0 : -1;
        }
        // Close the rng drbg
        ccrng_drbg_done(&rng_drbg);
    }
errOut:
    return result;
}
예제 #2
0
int ccrsa_test_verify_pkcs1v15_vector(const struct ccrsa_verify_vector *v)
{
    bool ok;
    int rc;
    const struct ccdigest_info *di = v->di;
    const cc_size n = ccn_nof(v->modlen);
    const size_t s = ccn_sizeof(v->modlen);
    unsigned char H[di->output_size];

    cc_unit exponent[n];
    cc_unit modulus[n];
    ccrsa_pub_ctx_decl(ccn_sizeof(v->modlen), key);
    ccrsa_ctx_n(key) = n;
    ccn_seti(n, exponent, v->exp);
    ccn_read_uint(n, modulus, s, v->mod);

    ccrsa_init_pub(key, modulus, exponent);
    ccdigest(di, v->msglen, v->msg, H);
    rc=ccrsa_verify_pkcs1v15(key, di->oid.oid, di->output_size, H, v->siglen, v->sig, &ok);

    return ((rc==0)
        && ((ok && v->valid) || (!ok && !v->valid)))?0:1;
}
예제 #3
0
    
    keyDescription = CFStringCreateWithFormat(kCFAllocatorDefault,NULL,CFSTR( "<SecKeyRef curve type: %s, algorithm id: %lu, key type: %s, version: %d, block size: %zu bits, y: %@, x: %@, addr: %p>"), curve, (long)SecKeyGetAlgorithmID(key), key->key_class->name, key->key_class->version, (8*SecKeyGetBlockSize(key)), yString, xString, key);
    
fail:
	CFReleaseSafe(xString);
	CFReleaseSafe(yString);
	if(!keyDescription)
		keyDescription = CFStringCreateWithFormat(kCFAllocatorDefault,NULL,CFSTR("<SecKeyRef curve type: %s, algorithm id: %lu, key type: %s, version: %d, block size: %zu bits, addr: %p>"), curve,(long)SecKeyGetAlgorithmID(key), key->key_class->name, key->key_class->version, (8*SecKeyGetBlockSize(key)), key);
    
	return keyDescription;
}

SecKeyDescriptor kSecECPublicKeyDescriptor = {
    kSecKeyDescriptorVersion,
    "ECPublicKey",
    ccec_pub_ctx_size(ccn_sizeof(kMaximumECKeySize)), /* extraBytes */
    SecECPublicKeyInit,
    SecECPublicKeyDestroy,
    NULL, /* SecKeyRawSignMethod */
    SecECPublicKeyRawVerify,
    SecECPublicKeyRawEncrypt,
    NULL, /* SecKeyDecryptMethod */
    NULL, /* SecKeyComputeMethod */
    SecECPublicKeyBlockSize,
	SecECPublicKeyCopyAttributeDictionary,
    SecECPublicKeyCopyKeyDescription,
    SecECKeyGetAlgorithmID,
    SecECPublicKeyCopyPublicOctets,
};

/* Public Key API functions. */
예제 #4
0
static int RSA_POST()
{
	int result = -1;
	uint32_t uintEValue = 3;

	// xp1 = 1384167f9844865eae22cb3672
	unsigned char* xp1Data = (unsigned char*)"\x13\x84\x16\x7f\x98\x44\x86\x5e\xae\x22\xcb\x36\x72";
	size_t xp1DataSize =  13;

	// xp2 = 1a085b0b737f842a8a1f32b662
	unsigned char* xp2Data = (unsigned char*)"\x1a\x08\x5b\x0b\x73\x7f\x84\x2a\x8a\x1f\x32\xb6\x62";
	size_t xp2DataSize = 13;

	// Xp = beef5ad133e9a3955097c8d8b03bd50662b5f82b8e9c3eab5c8d9d3311c337ef7ce8ddfe902bd2235293d2bdf69353f944de0b46417cb2090c1e099206af1b4
	unsigned char* xpData = (unsigned char*)"\xbe\xef\x5a\xd1\x33\xe9\xa3\x95\x50\x97\xc8\xd8\xb0\x3b\xd5\x06\x62\xb5\xf8\x2b\x8e\x9c\x3e\xab\x5c\x8d\x9d\x33\x11\xc3\x37\xef\x7c\xe8\xdd\xfe\x90\x2b\xd2\x23\x52\x93\xd2\xbd\xf6\x93\x53\xf9\x44\xde\x0b\x46\x41\x7c\xb2\x09\x0c\x1e\x09\x92\x06\xaf\x1b\x04";
	size_t xpDataSize = 64;

	// xq1 = 17fa0d7d2189c759b0b8eb1d18
	unsigned char* xq1Data = (unsigned char*)"\x17\xfa\x0d\x7d\x21\x89\xc7\x59\xb0\xb8\xeb\x1d\x18";
	size_t xq1DataSize = 13;

	// xq2 = 17c8e735fb8d58e13a412ae214
	unsigned char* xq2Data = (unsigned char*)"\x17\xc8\xe7\x35\xfb\x8d\x58\xe1\x3a\x41\x2a\xe2\x14";
	size_t xq2DataSize = 13;

	// Xq = f2d7b992fb914cd677876bb3702b1441716ebd2b447c3a0500a6e0e0449feb1cbdec1d7eee96a88230224ef3f7c2c7b858cd63f1c86df0432798de6ffd41a12a
	unsigned char* xqData = (unsigned char*)"\xf2\xd7\xb9\x92\xfb\x91\x4c\xd6\x77\x87\x6b\xb3\x70\x2b\x14\x41\x71\x6e\xbd\x2b\x44\x7c\x3a\x05\x00\xa6\xe0\xe0\x44\x9f\xeb\x1c\xbd\xec\x1d\x7e\xee\x96\xa8\x82\x30\x22\x4e\xf3\xf7\xc2\xc7\xb8\x58\xcd\x63\xf1\xc8\x6d\xf0\x43\x27\x98\xde\x6f\xfd\x41\xa1\x2a";
	size_t xqDataSize = 64;


    cc_unit x_p1[ccn_nof_size(xp1DataSize)];
    cc_unit x_p2[ccn_nof_size(xp2DataSize)];
    cc_unit x_p[ccn_nof_size(xpDataSize)];
    cc_unit x_q1[ccn_nof_size(xq1DataSize)];
    cc_unit x_q2[ccn_nof_size(xq2DataSize)];
    cc_unit x_q[ccn_nof_size(xqDataSize)];
	cc_unit e_value[1];

    size_t nbits = xpDataSize * 8 + xqDataSize * 8; // or we'll add this as a parameter.  This appears to be correct for FIPS
    cc_size n = ccn_nof(nbits);

    e_value[0] = (cc_unit)uintEValue;

    if (0 != ccn_read_uint(ccn_nof_size(xp1DataSize), x_p1, xp1DataSize, xp1Data))
	{
		return result;
	}

	if (0 != ccn_read_uint(ccn_nof_size(xp2DataSize), x_p2, xp2DataSize, xp2Data))
	{
		return result;
	}

	if (0 != ccn_read_uint(ccn_nof_size(xpDataSize), x_p, xpDataSize, xpData))
	{
		return result;
	}

	if (0 != ccn_read_uint(ccn_nof_size(xq1DataSize), x_q1, xq1DataSize, xq1Data))
	{
		return result;
	}

	if (0 != ccn_read_uint(ccn_nof_size(xq2DataSize), x_q2, xq2DataSize, xq2Data))
	{
		return result;
	}

	if (0 != ccn_read_uint(ccn_nof_size(xqDataSize), x_q, xqDataSize, xqData))
	{
		return result;
	};

    cc_size np = n;
    cc_size nq = n;
    cc_size nm = n;
    cc_size nd = n;
    cc_unit p[n];
    cc_unit q[n];
    cc_unit m[n];
    cc_unit d[n];

    ccrsa_full_ctx_decl(ccn_sizeof_n(n), full_key);
    ccrsa_ctx_n(full_key) = n;


    if (0 != ccrsa_make_931_key(nbits, 1, e_value,
                                ccn_nof_size(xp1DataSize), x_p1,
                                ccn_nof_size(xp2DataSize), x_p2,
                                ccn_nof_size(xpDataSize), x_p,
                                ccn_nof_size(xq1DataSize), x_q1,
                                ccn_nof_size(xq2DataSize), x_q2, 
                                ccn_nof_size(xqDataSize), x_q,
                                full_key,
                                &np, p,
                                &nq, q,
                                &nm, m,
                                &nd, d))
	{
        ccrsa_full_ctx_clear(ccn_sizeof(nbits), full_key);
		return result;
	}

	ccrsa_full_ctx *fk = full_key;
	ccrsa_pub_ctx_t pub_key = ccrsa_ctx_public(fk);


	unsigned char fake_digest[20];
	memcpy(fake_digest, "ABCEDFGHIJKLMNOPRSTU", 20);
	uint8_t sig[(nbits+7)/8];
    size_t siglen=sizeof(sig);

	if (0 != ccrsa_sign_pkcs1v15(full_key, ccoid_sha1, CCSHA1_OUTPUT_SIZE, fake_digest,  &siglen, sig))
	{
		ccrsa_full_ctx_clear(ccn_sizeof(nbits), full_key);
		return result;
	}

	bool ok;
	if (0 != ccrsa_verify_pkcs1v15(pub_key, ccoid_sha1, CCSHA1_OUTPUT_SIZE, fake_digest, siglen, sig, &ok) || !ok)
	{
		ccrsa_full_ctx_clear(ccn_sizeof(nbits), full_key);
		return result;
	}

	return 0;		
}