/**************************************************************************
* RSA tests
*
* Use the results from openssl to verify PKCS1 etc
**************************************************************************/
static int RSA_test(void)
{
int res = 1;
const char *plaintext = /* 128 byte hex number */
"1234567890abbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2"
"1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012";
uint8_t enc_data[128], dec_data[128];
RSA_CTX *rsa_ctx = NULL;
BI_CTX *bi_ctx;
bigint *plaintext_bi;
bigint *enc_data_bi, *dec_data_bi;
uint8_t enc_data2[128], dec_data2[128];
int len;
uint8_t *buf;
/* extract the private key elements */
len = get_file("./axTLS.key_1024", &buf);
if (asn1_get_private_key(buf, len, &rsa_ctx) < 0)
{
goto end;
}
free(buf);
dump_frame("original data",(char *)plaintext, strlen(plaintext));
bi_ctx = rsa_ctx->bi_ctx;
plaintext_bi = bi_import(bi_ctx,
(const uint8_t *)plaintext, strlen(plaintext));
/* basic rsa encrypt */
enc_data_bi = RSA_public(rsa_ctx, plaintext_bi);
bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data));
dump_frame("encrypt data",(char *)enc_data, sizeof(enc_data));
/* basic rsa decrypt */
dec_data_bi = RSA_private(rsa_ctx, enc_data_bi);
bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data));
dump_frame("decrypt data",(char *)dec_data, sizeof(dec_data));
if (memcmp(dec_data, plaintext, strlen(plaintext)))
{
printf("Error: DECRYPT #1 failed\n");
goto end;
}
RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0);
RSA_decrypt(rsa_ctx, enc_data2, dec_data2, 1);
if (memcmp("abc", dec_data2, 3))
{
printf("Error: ENCRYPT/DECRYPT #2 failed\n");
goto end;
}
RSA_free(rsa_ctx);
res = 0;
printf("All RSA tests passed\n");
end:
return res;
}
/*
* Take the unencrypted pkcs8 and turn it into a private key
*/
static int p8_add_key(SSL_CTX *ssl_ctx, uint8_t *priv_key)
{
uint8_t *buf = priv_key;
int len, offset = 0;
int ret = SSL_NOT_OK;
/* Skip the preamble and go straight to the private key.
We only support rsaEncryption (1.2.840.113549.1.1.1) */
if (asn1_next_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
asn1_skip_obj(buf, &offset, ASN1_INTEGER) < 0 ||
asn1_skip_obj(buf, &offset, ASN1_SEQUENCE) < 0 ||
(len = asn1_next_obj(buf, &offset, ASN1_OCTET_STRING)) < 0)
goto error;
ret = asn1_get_private_key(&buf[offset], len, &ssl_ctx->rsa_ctx);
error:
return ret;
}
int main(int argc, char *argv[])
{
#ifdef CONFIG_SSL_CERT_VERIFICATION
RSA_CTX *rsa_ctx = NULL;
BI_CTX *ctx;
bigint *bi_data, *bi_res;
float diff;
int res = 1;
struct timeval tv_old, tv_new;
const char *plaintext;
uint8_t compare[MAX_KEY_BYTE_SIZE];
int i, max_biggie = 10; /* really crank performance */
int len;
uint8_t *buf;
/**
* 512 bit key
*/
plaintext = /* 64 byte number */
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
len = get_file("../ssl/test/axTLS.key_512", &buf);
asn1_get_private_key(buf, len, &rsa_ctx);
ctx = rsa_ctx->bi_ctx;
bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
bi_res = RSA_public(rsa_ctx, bi_data);
bi_data = bi_res; /* reuse again */
gettimeofday(&tv_old, NULL);
for (i = 0; i < max_biggie; i++)
{
bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
if (i < max_biggie-1)
{
bi_free(ctx, bi_res);
}
}
gettimeofday(&tv_new, NULL);
bi_free(ctx, bi_data);
diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
(tv_new.tv_usec-tv_old.tv_usec)/1000;
printf("512 bit decrypt time: %.2fms\n", diff/max_biggie);
TTY_FLUSH();
bi_export(ctx, bi_res, compare, 64);
RSA_free(rsa_ctx);
free(buf);
if (memcmp(plaintext, compare, 64) != 0)
goto end;
/**
* 1024 bit key
*/
plaintext = /* 128 byte number */
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
len = get_file("../ssl/test/axTLS.key_1024", &buf);
rsa_ctx = NULL;
asn1_get_private_key(buf, len, &rsa_ctx);
ctx = rsa_ctx->bi_ctx;
bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
bi_res = RSA_public(rsa_ctx, bi_data);
bi_data = bi_res; /* reuse again */
gettimeofday(&tv_old, NULL);
for (i = 0; i < max_biggie; i++)
{
bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
if (i < max_biggie-1)
{
bi_free(ctx, bi_res);
}
}
gettimeofday(&tv_new, NULL);
bi_free(ctx, bi_data);
diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
(tv_new.tv_usec-tv_old.tv_usec)/1000;
printf("1024 bit decrypt time: %.2fms\n", diff/max_biggie);
TTY_FLUSH();
bi_export(ctx, bi_res, compare, 128);
RSA_free(rsa_ctx);
free(buf);
if (memcmp(plaintext, compare, 128) != 0)
goto end;
/**
* 2048 bit key
*/
plaintext = /* 256 byte number */
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
len = get_file("../ssl/test/axTLS.key_2048", &buf);
rsa_ctx = NULL;
asn1_get_private_key(buf, len, &rsa_ctx);
ctx = rsa_ctx->bi_ctx;
bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
bi_res = RSA_public(rsa_ctx, bi_data);
bi_data = bi_res; /* reuse again */
gettimeofday(&tv_old, NULL);
for (i = 0; i < max_biggie; i++)
{
bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
if (i < max_biggie-1)
{
bi_free(ctx, bi_res);
}
}
gettimeofday(&tv_new, NULL);
bi_free(ctx, bi_data);
diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
(tv_new.tv_usec-tv_old.tv_usec)/1000;
printf("2048 bit decrypt time: %.2fms\n", diff/max_biggie);
TTY_FLUSH();
bi_export(ctx, bi_res, compare, 256);
RSA_free(rsa_ctx);
free(buf);
if (memcmp(plaintext, compare, 256) != 0)
goto end;
/**
* 4096 bit key
*/
plaintext = /* 512 byte number */
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^";
len = get_file("../ssl/test/axTLS.key_4096", &buf);
rsa_ctx = NULL;
asn1_get_private_key(buf, len, &rsa_ctx);
ctx = rsa_ctx->bi_ctx;
bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext));
gettimeofday(&tv_old, NULL);
bi_res = RSA_public(rsa_ctx, bi_data);
gettimeofday(&tv_new, NULL);
diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
(tv_new.tv_usec-tv_old.tv_usec)/1000;
printf("4096 bit encrypt time: %.2fms\n", diff);
TTY_FLUSH();
bi_data = bi_res; /* reuse again */
gettimeofday(&tv_old, NULL);
for (i = 0; i < max_biggie; i++)
{
bi_res = RSA_private(rsa_ctx, bi_copy(bi_data));
if (i < max_biggie-1)
{
bi_free(ctx, bi_res);
}
}
gettimeofday(&tv_new, NULL);
bi_free(ctx, bi_data);
diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 +
(tv_new.tv_usec-tv_old.tv_usec)/1000;
printf("4096 bit decrypt time: %.2fms\n", diff/max_biggie);
TTY_FLUSH();
bi_export(ctx, bi_res, compare, 512);
RSA_free(rsa_ctx);
free(buf);
if (memcmp(plaintext, compare, 512) != 0)
goto end;
/* done */
printf("Bigint performance testing complete\n");
res = 0;
end:
return res;
#else
return 0;
#endif
}
