void endecryptFor1024bitKeyTest() { MPInteger encryptExponent("00010001"); MPInteger modulus( "7ef57a896736682c97adea5669df5ce8764c05e3f00f5e5b882d1" "1955e68ba46d61e65f97fac21df965e933157f269139a7a38078c" "3c2e595a7ee17fa23cb562c00b9336dbea41555dc8a577d193106" "4d4eff76e93dc5bdd4c531ac0603125d61cd7d91017adb97fc777" "741f7680206e65a648875a3e93ff12ad26781d0e56d1"); MPInteger decryptExponent( "0cae5448f928340b9032ecdf28c008b5a76b3c8361ed070db9725" "6f9466ecb7c5bd2b978cc49d3305402aa4d196dbb151c2eecfdc4" "0216d711f4ee6d23355120a1e59074a2408f457b216b8d90dd809" "1947684d57ebff65c55bc2af13d7d84396de565c40513f02dce13" "5e075a26835acc0f367dd2e58c5e2f9e370584e02481"); MPInteger plaintext = "abffe123f875b1f45da2b2ca"; PublicKey pubkey(encryptExponent, modulus); PrivateKey privkey(decryptExponent, modulus); RSA cipher(pubkey); MPInteger ciphertext = cipher.encrypt(plaintext); CPPUNIT_ASSERT(plaintext != ciphertext); RSA decrypter(privkey); MPInteger decrypttext = decrypter.decrypt(ciphertext); CPPUNIT_ASSERT(plaintext == decrypttext); }
/** \brief compare 2 router_lident_t and return value ala strcmp/memcmp */ int router_lident_t::compare(const router_lident_t &other) const throw() { // handle the null case if( is_null() && !other.is_null() ) return -1; if( !is_null() && other.is_null() ) return +1; if( is_null() && other.is_null() ) return 0; // handle the peerid if( peerid() < other.peerid() ) return -1; if( peerid() > other.peerid() ) return +1; // handle the privkey if( privkey() < other.privkey() ) return -1; if( privkey() > other.privkey() ) return +1; // handle the cert if( cert() < other.cert() ) return -1; if( cert() > other.cert() ) return +1; // handle the name_db if( dnsname() < other.dnsname() ) return -1; if( dnsname() > other.dnsname() ) return +1; // here both are considered equal return 0; }
/** \brief Convert the object to a canonical string */ std::string router_lident_t::to_canonical_string() const throw() { std::ostringstream oss; bytearray_t buffer; // handle the null case if( is_null() ) return "null"; // put the router_peerid_t oss << peerid(); // put the private key oss << " " << base64_t::encode(privkey().to_der_datum()); // put the certificate oss << " " << base64_t::encode(cert().to_der_datum()); // put the dnsname oss << " " << dnsname(); // return the just built string return oss.str(); }
static void do_recover_privkey(int keypos) { std::vector<unsigned char> privkey(32); std::vector<unsigned char> gen_pubkey(64); if(buffill - keypos < 32) { fprintf(stderr, "Not enough data in buffer to recover key!\n"); return; } memcpy(&privkey[0], buf+keypos, 32); keymap_iter iter = privkey_map.find(privkey); if(iter != privkey_map.end()) { //printf("Duplicate potential private key, skipping\n"); num_dups++; show_progress(); return; } else { CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA1>::PrivateKey privateKey; CryptoPP::ECDSA<CryptoPP::ECP, CryptoPP::SHA1>::PublicKey publicKey; CryptoPP::Integer pkey_i(&privkey[0], 32); privateKey.Initialize( CryptoPP::ASN1::secp256k1(), pkey_i ); privateKey.MakePublicKey(publicKey); const CryptoPP::ECP::Point& q = publicKey.GetPublicElement(); q.x.Encode(&gen_pubkey[0], 32); q.y.Encode(&gen_pubkey[32], 32); key_info* kinfo; iter = pubkey_map.find(gen_pubkey); if(iter != pubkey_map.end()) { kinfo = iter->second; } else { kinfo = new key_info(); kinfo->pubkey = gen_pubkey; kinfo->found_pub = 0; pubkey_map[gen_pubkey] = kinfo; } kinfo->found_priv = 1; kinfo->privkey = privkey; privkey_map[privkey] = kinfo; num_pend_priv++; //printf("Found potential privkey: "); //dump_hex(&privkey[0], 32); try_recover_key(kinfo); } }
/** \brief Return true if the router_lident_t is_sane() false otherwise */ bool router_lident_t::is_sane() const throw() { // sanity check - the router_lident_t MUST be either selfsigned/authsigned/nonesigned DBG_ASSERT( is_selfsigned() || is_authsigned() || is_nonesigned() ); // sanity check - the router_peerid_t MUST NOT be null DBG_ASSERT( !peerid().is_null() ); // sanity check - the x509_privkey_t MUST NOT be null DBG_ASSERT( !privkey().is_null() ); // sanity check - the x509_cert_t MUST NOT be null DBG_ASSERT( !cert().is_null() ); // sanity check - m_dnsname MUST be either is_host_only() or is_fully_qualified() DBG_ASSERT( dnsname().is_host_only() || dnsname().is_fully_qualified() ); // sanity check - if the dnsname() is_selfsigned_ok if( dnsname().is_selfsigned_ok() ){ // sanity check - the subject_name MUST be the peerid canonical string DBG_ASSERT( peerid() == router_peerid_t::from_canonical_string(cert().subject_name()) ); // sanity check - the cert MUST be selfsigned DBG_ASSERT( cert().subject_name() == cert().issuer_name() ); } // sanity check - if dnsname() is_authsigned_ok if( dnsname().is_authsigned_ok() ){ // sanity check - peerid MUST be directly derived from the dnsname DBG_ASSERT( peerid() == dnsname().to_string() ); // sanity check - the cert MUST NOT be selfsigned DBG_ASSERT( cert().subject_name() != cert().issuer_name() ); } // sanity check - if dnsname() is_nonesigned_ok if( dnsname().is_nonesigned_ok() ){ // sanity check - peerid MUST be directly derived from router_name_t::host() DBG_ASSERT( peerid() == router_peerid_t::from_canonical_string(dnsname().host()) ); // sanity check - the cert MUST be selfsigned DBG_ASSERT( cert().subject_name() == cert().issuer_name() ); } // if all tests passed, it is considered sane, so return true return true; }