void endecryptFor1024bitKeyTest()
{
MPInteger encryptExponent("00010001");
MPInteger modulus(
"7ef57a896736682c97adea5669df5ce8764c05e3f00f5e5b882d1"
"1955e68ba46d61e65f97fac21df965e933157f269139a7a38078c"
"3c2e595a7ee17fa23cb562c00b9336dbea41555dc8a577d193106"
"4d4eff76e93dc5bdd4c531ac0603125d61cd7d91017adb97fc777"
"741f7680206e65a648875a3e93ff12ad26781d0e56d1");
MPInteger decryptExponent(
"0cae5448f928340b9032ecdf28c008b5a76b3c8361ed070db9725"
"6f9466ecb7c5bd2b978cc49d3305402aa4d196dbb151c2eecfdc4"
"0216d711f4ee6d23355120a1e59074a2408f457b216b8d90dd809"
"1947684d57ebff65c55bc2af13d7d84396de565c40513f02dce13"
"5e075a26835acc0f367dd2e58c5e2f9e370584e02481");
MPInteger plaintext = "abffe123f875b1f45da2b2ca";
PublicKey pubkey(encryptExponent, modulus);
PrivateKey privkey(decryptExponent, modulus);
RSA cipher(pubkey);
MPInteger ciphertext = cipher.encrypt(plaintext);
CPPUNIT_ASSERT(plaintext != ciphertext);
RSA decrypter(privkey);
MPInteger decrypttext = decrypter.decrypt(ciphertext);
CPPUNIT_ASSERT(plaintext == decrypttext);
}
/** \brief compare 2 router_lident_t and return value ala strcmp/memcmp
*/
int router_lident_t::compare(const router_lident_t &other) const throw()
{
// handle the null case
if( is_null() && !other.is_null() ) return -1;
if( !is_null() && other.is_null() ) return +1;
if( is_null() && other.is_null() ) return 0;
// handle the peerid
if( peerid() < other.peerid() ) return -1;
if( peerid() > other.peerid() ) return +1;
// handle the privkey
if( privkey() < other.privkey() ) return -1;
if( privkey() > other.privkey() ) return +1;
// handle the cert
if( cert() < other.cert() ) return -1;
if( cert() > other.cert() ) return +1;
// handle the name_db
if( dnsname() < other.dnsname() ) return -1;
if( dnsname() > other.dnsname() ) return +1;
// here both are considered equal
return 0;
}
/** \brief Convert the object to a canonical string
*/
std::string router_lident_t::to_canonical_string() const throw()
{
std::ostringstream oss;
bytearray_t buffer;
// handle the null case
if( is_null() ) return "null";
// put the router_peerid_t
oss << peerid();
// put the private key
oss << " " << base64_t::encode(privkey().to_der_datum());
// put the certificate
oss << " " << base64_t::encode(cert().to_der_datum());
// put the dnsname
oss << " " << dnsname();
// return the just built string
return oss.str();
}
static void do_recover_privkey(int keypos) {
std::vector<unsigned char> privkey(32);
std::vector<unsigned char> gen_pubkey(64);
if(buffill - keypos < 32) {
fprintf(stderr, "Not enough data in buffer to recover key!\n");
return;
}
memcpy(&privkey[0], buf+keypos, 32);
keymap_iter iter = privkey_map.find(privkey);
if(iter != privkey_map.end()) {
//printf("Duplicate potential private key, skipping\n");
num_dups++;
show_progress();
return;
} else {
CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA1>::PrivateKey privateKey;
CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA1>::PublicKey publicKey;
CryptoPP::Integer pkey_i(&privkey[0], 32);
privateKey.Initialize( CryptoPP::ASN1::secp256k1(), pkey_i );
privateKey.MakePublicKey(publicKey);
const CryptoPP::ECP::Point& q = publicKey.GetPublicElement();
q.x.Encode(&gen_pubkey[0], 32); q.y.Encode(&gen_pubkey[32], 32);
key_info* kinfo;
iter = pubkey_map.find(gen_pubkey);
if(iter != pubkey_map.end()) {
kinfo = iter->second;
} else {
kinfo = new key_info();
kinfo->pubkey = gen_pubkey;
kinfo->found_pub = 0;
pubkey_map[gen_pubkey] = kinfo;
}
kinfo->found_priv = 1;
kinfo->privkey = privkey;
privkey_map[privkey] = kinfo;
num_pend_priv++;
//printf("Found potential privkey: ");
//dump_hex(&privkey[0], 32);
try_recover_key(kinfo);
}
}
/** \brief Return true if the router_lident_t is_sane() false otherwise
*/
bool router_lident_t::is_sane() const throw()
{
// sanity check - the router_lident_t MUST be either selfsigned/authsigned/nonesigned
DBG_ASSERT( is_selfsigned() || is_authsigned() || is_nonesigned() );
// sanity check - the router_peerid_t MUST NOT be null
DBG_ASSERT( !peerid().is_null() );
// sanity check - the x509_privkey_t MUST NOT be null
DBG_ASSERT( !privkey().is_null() );
// sanity check - the x509_cert_t MUST NOT be null
DBG_ASSERT( !cert().is_null() );
// sanity check - m_dnsname MUST be either is_host_only() or is_fully_qualified()
DBG_ASSERT( dnsname().is_host_only() || dnsname().is_fully_qualified() );
// sanity check - if the dnsname() is_selfsigned_ok
if( dnsname().is_selfsigned_ok() ){
// sanity check - the subject_name MUST be the peerid canonical string
DBG_ASSERT( peerid() == router_peerid_t::from_canonical_string(cert().subject_name()) );
// sanity check - the cert MUST be selfsigned
DBG_ASSERT( cert().subject_name() == cert().issuer_name() );
}
// sanity check - if dnsname() is_authsigned_ok
if( dnsname().is_authsigned_ok() ){
// sanity check - peerid MUST be directly derived from the dnsname
DBG_ASSERT( peerid() == dnsname().to_string() );
// sanity check - the cert MUST NOT be selfsigned
DBG_ASSERT( cert().subject_name() != cert().issuer_name() );
}
// sanity check - if dnsname() is_nonesigned_ok
if( dnsname().is_nonesigned_ok() ){
// sanity check - peerid MUST be directly derived from router_name_t::host()
DBG_ASSERT( peerid() == router_peerid_t::from_canonical_string(dnsname().host()) );
// sanity check - the cert MUST be selfsigned
DBG_ASSERT( cert().subject_name() == cert().issuer_name() );
}
// if all tests passed, it is considered sane, so return true
return true;
}
