Exemplo n.º 1
0
// Key is expected to be in PKCS #1 format
cc_size ccder_decode_rsa_pub_n(const uint8_t *der, const uint8_t *der_end) {
    cc_size n = ccn_nof(8192);
    cc_unit m[n];
    if((der = ccder_decode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, &der_end, der, der_end)) == NULL) return 0;
    if((der = ccder_decode_uint(n, m, der, der_end)) == NULL) return 0;
    return ccn_nof(ccn_bitlen(n, m));
}
Exemplo n.º 2
0
cc_size ccder_decode_rsa_priv_n(const uint8_t *der, const uint8_t *der_end) {
	cc_unit version_0[ccn_nof(1)] = {0x00};
    cc_size n = ccn_nof(8192);
    cc_unit m[n];
    if((der = ccder_decode_constructed_tl(CCDER_CONSTRUCTED_SEQUENCE, &der_end, der, der_end)) == NULL) return 0;
    if((der = ccder_decode_uint(1, version_0, der, der_end)) == NULL) return 0;
    if(version_0[0] != 0) return 0;
    if((der = ccder_decode_uint(n, m, der, der_end)) == NULL) return 0;
    return ccn_nof(ccn_bitlen(n, m));
}
Exemplo n.º 3
0
int cczp_random_prime(cc_size nbits, cczp_t zp, const cc_unit *e,
                       struct ccrng_state *rng) {
	cc_size lbits = nbits & (CCN_UNIT_BITS - 1);
    lbits = lbits == 0 ? CCN_UNIT_BITS : lbits;
    cc_unit msuMask = (~CC_UNIT_C(0)) >> (CCN_UNIT_BITS - lbits);
    cc_unit msBit = CC_UNIT_C(1) << (lbits - 1);
    cc_size n = ccn_nof(nbits);
    CCZP_N(zp) = n;
    for (;;) {
        /* Generate nbit wide random ccn. */
        if(ccn_random(n, CCZP_PRIME(zp), rng) != 0) return -1;
        /* Mask out unsued bit and set high bit. */
        CCZP_PRIME(zp)[n - 1] = (cczp_prime(zp)[n - 1] & msuMask) | msBit;
        ccn_set_bit(CCZP_PRIME(zp), nbits - 2, 1); /* Set second highest bit per X9.31 */
        ccn_set_bit(CCZP_PRIME(zp), 0U, 1);        /* Make it odd: set bit 0 to 1 */

		/* First ensure r - 1 and e are relatively prime */
        cc_unit tmp[n];
        ccn_sub1(n, tmp, cczp_prime(zp), 1);
        ccn_gcd(n, tmp, tmp, e);
        if (!ccn_is_one(n, tmp)) {
            //ccn_lprint(n, "gcd of r - 1 and e is ", tmp);
            continue;
        }

        if (cczp_rabin_miller(zp, CCRSA_PRIME_DEPTH))
            break;
    }
    return 0;
}
size_t ccder_encode_rsa_priv_size(const ccrsa_full_ctx_t key) {
    ccrsa_priv_ctx_t privk = ccrsa_ctx_private(key);
    cc_size n = ccrsa_ctx_n(key);
	cc_unit version_0[ccn_nof(1)] = {0x00};
	return ccder_sizeof(CCDER_CONSTRUCTED_SEQUENCE,
      ccder_sizeof_integer(ccn_nof(1), version_0) +
      ccder_sizeof_integer(n, ccrsa_ctx_m(key)) +
      ccder_sizeof_integer(n, ccrsa_ctx_e(key)) +
      ccder_sizeof_integer(n, ccrsa_ctx_d(key)) +
      ccder_sizeof_integer(cczp_n(ccrsa_ctx_private_zp(privk)), cczp_prime(ccrsa_ctx_private_zp(privk))) +
      ccder_sizeof_integer(cczp_n(ccrsa_ctx_private_zq(privk)), cczp_prime(ccrsa_ctx_private_zq(privk))) +
      ccder_sizeof_integer(cczp_n(ccrsa_ctx_private_zp(privk)), ccrsa_ctx_private_dp(privk)) +
      ccder_sizeof_integer(cczp_n(ccrsa_ctx_private_zq(privk)), ccrsa_ctx_private_dq(privk)) +
      ccder_sizeof_integer(cczp_n(ccrsa_ctx_private_zp(privk)), ccrsa_ctx_private_qinv(privk))
    );
}
Exemplo n.º 5
0
static CCRSACryptor *
ccMallocRSACryptor(size_t nbits, CCRSAKeyType keyType)
{
    CCRSACryptor *retval;
    cc_size n = ccn_nof(nbits);
    if((retval = CC_XMALLOC(sizeof(CCRSACryptor))) == NULL) return NULL;
    retval->keySize = nbits;
    ccrsa_ctx_n(retval->fk) = n;
    return retval;
}
Exemplo n.º 6
0
static void ccn_mod_384(cczp_const_t zp, cc_unit *r, const cc_unit *a, CC_UNUSED cc_ws_t ws) {
    cc_assert(cczp_n(zp) == CCN384_N);
    cc_unit s1[CCN384_N] = { ccn384_32(  Anil,  Anil,  Anil,  Anil,  Anil, A(23), A(22), A(21),  Anil,  Anil,  Anil,  Anil) };
    //cc_unit s2[CCN384_N] = { ccn384_32( A(23), A(22), A(21), A(20), A(19), A(18), A(17), A(16), A(15), A(14), A(13), A(12)) };
    cc_unit s3[CCN384_N] = { ccn384_32( A(20), A(19), A(18), A(17), A(16), A(15), A(14), A(13), A(12), A(23), A(22), A(21)) };
    cc_unit s4[CCN384_N] = { ccn384_32( A(19), A(18), A(17), A(16), A(15), A(14), A(13), A(12), A(20),  Anil, A(23),  Anil) };
    cc_unit s5[CCN384_N] = { ccn384_32(  Anil,  Anil,  Anil,  Anil, A(23), A(22), A(21), A(20),  Anil,  Anil,  Anil,  Anil) };
    cc_unit s6[CCN384_N] = { ccn384_32(  Anil,  Anil,  Anil,  Anil,  Anil,  Anil, A(23), A(22), A(21),  Anil,  Anil, A(20)) };
    cc_unit d1[CCN384_N] = { ccn384_32( A(22), A(21), A(20), A(19), A(18), A(17), A(16), A(15), A(14), A(13), A(12), A(23)) };
    cc_unit d2[CCN384_N] = { ccn384_32(  Anil,  Anil,  Anil,  Anil,  Anil,  Anil,  Anil, A(23), A(22), A(21), A(20),  Anil) };
    cc_unit d3[CCN384_N] = { ccn384_32(  Anil,  Anil,  Anil,  Anil,  Anil,  Anil,  Anil, A(23), A(23),  Anil,  Anil,  Anil) };
    cc_unit *select[2] __attribute__((aligned(16))) ={s1,s3};

    cc_unit carry,carry_mask;
    ccn_add(ccn_nof(160)+1, d2, d2, d3);  // smaller size and no carry possible
    ccn_add(ccn_nof(224)+1, s1, s1, s1);  // smaller size and no carry possible, alternatively cc_shiftl(s1, 1) but add is currently faster.
    ccn_add(ccn_nof(256)+1, s5, s5, s1);  // smaller size and no carry possible
    ccn_add(ccn_nof(256)+1, s5, s5, s6);  // smaller size and no carry possible

    carry = ccn_add(CCN384_N, r, a, &a[CCN384_N]);
    carry += ccn_add(CCN384_N, r, r, s3);
    carry += ccn_add(CCN384_N, r, r, s4);
    carry += ccn_add(CCN384_N, r, r, s5);
    carry -= ccn_sub(CCN384_N, d1, cczp_prime(zp), d1);
    carry += ccn_add(CCN384_N, r, r, d1);
    carry -= ccn_sub(CCN384_N, s3, r, d2);

    /* Reduce r mod p384 by subtraction of up to four multiples of p384. */
    carry_mask=CC_CARRY_3BITS(carry);
    carry -= (carry_mask & ccn_sub(CCN384_N,select[carry_mask],s3,cczp_prime(zp)));
    carry_mask=CC_CARRY_2BITS(carry);
    carry -= (carry_mask & ccn_sub(CCN384_N,select[carry_mask],s3,cczp_prime(zp)));
    carry_mask=CC_CARRY_2BITS(carry);
    carry -= (carry_mask & ccn_sub(CCN384_N,select[carry_mask],s3,cczp_prime(zp)));
    carry ^= ccn_sub(CCN384_N,s1,s3,cczp_prime(zp));

    ccn_set(CCN384_N,r,select[carry]);

    /* Sanity for debug */
    cc_assert(ccn_cmp(CCN384_N, r, cczp_prime(zp)) < 0);

}
Exemplo n.º 7
0
static OSStatus SecECPublicKeyInit(SecKeyRef key,
    const uint8_t *keyData, CFIndex keyDataLength, SecKeyEncoding encoding) {
    ccec_pub_ctx_t pubkey;
    pubkey.pub = key->key;
    OSStatus err = errSecParam;

    switch (encoding) {
    case kSecDERKeyEncoding:
    {
        const SecDERKey *derKey = (const SecDERKey *)keyData;
        if (keyDataLength != sizeof(SecDERKey)) {
            err = errSecDecode;
            break;
        }

        ccec_const_cp_t cp = getCPForPublicSize(derKey->keyLength);

        /* TODO: Parse and use real params from passed in derKey->algId.params */
        err = (ccec_import_pub(cp, derKey->keyLength, derKey->key, pubkey)
               ? errSecDecode : errSecSuccess);
        break;
    }
    case kSecKeyEncodingBytes:
    {
        ccec_const_cp_t cp = getCPForPublicSize(keyDataLength);
        err = (ccec_import_pub(cp, keyDataLength, keyData, pubkey)
               ? errSecDecode : errSecSuccess);
        break;
    }
    case kSecExtractPublicFromPrivate:
    {
        ccec_full_ctx_t fullKey;
        fullKey._full = (ccec_full_ctx *) keyData;

        cc_size fullKeyN = ccec_ctx_n(fullKey);
        require(fullKeyN <= ccn_nof(kMaximumECKeySize), errOut);
        memcpy(pubkey._pub, fullKey.pub, ccec_pub_ctx_size(ccn_sizeof_n(fullKeyN)));
        err = errSecSuccess;
        break;
    }
    case kSecKeyEncodingApplePkcs1:
    default:
        err = errSecParam;
        break;
    }

errOut:
    return err;
}
Exemplo n.º 8
0
int ccn_random_bits(cc_size nbits, cc_unit *r, struct ccrng_state *rng) {
    cc_size n = ccn_nof(nbits);
    
    int result = ccrng_generate(rng, ccn_sizeof_n(n), r);
	if (result)
	{
		return result;
	}
	cc_size lbits = nbits & (CCN_UNIT_BITS - 1);
    if (lbits) {
        cc_unit msuMask = (~CC_UNIT_C(0)) >> (CCN_UNIT_BITS - lbits);
        r[n - 1] &= msuMask;
    }
    return result;
}
Exemplo n.º 9
0
void ccz_lsl(ccz *r, const ccz *s, size_t k) {
    ccz_set_sign(r, ccz_sign(s));
    ccz_set_capacity(r, ccz_n(s) + ccn_nof(k));
    cc_size kn = k / CCN_UNIT_BITS;
    k &= (CCN_UNIT_BITS - 1);
    if (k) {
        r->u[kn + ccz_n(s)] = ccn_shift_left(ccz_n(s), r->u + kn, s->u, k);
        ccz_set_n(r, ccn_n(ccz_n(s) + kn + 1, r->u));
    } else if (kn || r != s) {
        /* Must copy in reverse due to potential overlap. */
        CC_MEMMOVE(r->u + kn, s->u, ccn_sizeof_n(ccz_n(s)));
        ccz_set_n(r, ccz_n(s) + kn);
    }
    ccn_zero(kn, r->u);
}
Exemplo n.º 10
0
static OSStatus SecRSAPublicKeyInit(SecKeyRef key,
    const uint8_t *keyData, CFIndex keyDataLength, SecKeyEncoding encoding) {

    OSStatus result = errSecParam;

    ccrsa_pub_ctx_t pubkey;
    pubkey.pub = key->key;

    // Set maximum size for parsers
    ccrsa_ctx_n(pubkey) = ccn_nof(kMaximumRSAKeyBits);

    switch (encoding) {
    case kSecKeyEncodingBytes: // Octets is PKCS1
    case kSecKeyEncodingPkcs1:
        result = ccrsa_pub_decode(pubkey, keyDataLength, keyData);
        break;
    case kSecKeyEncodingApplePkcs1:
        result = ccrsa_pub_decode_apple(pubkey, keyDataLength, keyData);
        break;
    case kSecKeyEncodingRSAPublicParams:
    {
        SecRSAPublicKeyParams *params = (SecRSAPublicKeyParams *)keyData;

        require_noerr(ccrsa_pub_init(pubkey,
                       params->modulusLength, params->modulus,
                       params->exponentLength, params->exponent), errOut);

        result = errSecSuccess;
        break;
    }
    case kSecExtractPublicFromPrivate:
    {
        ccrsa_full_ctx_t fullKey;
        fullKey.full = (ccrsa_full_ctx*) keyData;

        cc_size fullKeyN = ccrsa_ctx_n(fullKey);
        require(fullKeyN <= ccrsa_ctx_n(pubkey), errOut);
        memcpy(pubkey.pub, ccrsa_ctx_public(fullKey).pub, ccrsa_pub_ctx_size(ccn_sizeof_n(fullKeyN)));
        result = errSecSuccess;
        break;
    }
    default:
        break;
    }

errOut:
    return result;
}
Exemplo n.º 11
0
void ccz_lsr(ccz *r, const ccz *s, size_t k) {
    size_t l = ccn_bitlen(ccz_n(s), s->u);
    if (l <= k) {
        ccz_zero(r);
    } else {
        cc_size kn = k / CCN_UNIT_BITS;
        l -= k;
        k &= (CCN_UNIT_BITS - 1);
        ccz_set_sign(r, ccz_sign(s));
        ccz_set_capacity(r, ccz_n(s) - kn);
        if (k) {
            ccn_shift_right(ccz_n(s) - kn, r->u, s->u + kn, k);
        } else if (kn || r != s) {
            /* Forward copy, safe to use ccn_set(). */
            ccn_set(ccz_n(s) - kn, r->u, s->u + kn);
        }
        ccz_set_n(r, ccn_nof(l));
    }
}
Exemplo n.º 12
0
static OSStatus SecRSAPrivateKeyInit(SecKeyRef key,
    const uint8_t *keyData, CFIndex keyDataLength, SecKeyEncoding encoding) {
    OSStatus result = errSecParam;

    ccrsa_full_ctx_t fullkey;
    fullkey.full = key->key;

    // Set maximum size for parsers
    ccrsa_ctx_n(fullkey) = ccn_nof(kMaximumRSAKeyBits);

    switch (encoding) {
        case kSecKeyEncodingBytes: // Octets is PKCS1
        case kSecKeyEncodingPkcs1:
            result = ccrsa_full_decode(fullkey, keyDataLength, keyData);
            break;
        case kSecGenerateKey:
        {
            CFDictionaryRef parameters = (CFDictionaryRef) keyData;

            CFTypeRef ksize = CFDictionaryGetValue(parameters, kSecAttrKeySizeInBits);
            CFIndex keyLengthInBits = getIntValue(ksize);

            if (keyLengthInBits < 256 || keyLengthInBits > kMaximumRSAKeyBits) {
                secwarning("Invalid or missing key size in: %@", parameters);
                return errSecKeySizeNotAllowed;
            }

            /* TODO: Add support for kSecPublicExponent parameter. */
            static uint8_t e[] = { 0x01, 0x00, 0x01 }; // Default is 65537
            if (!ccrsa_generate_key(keyLengthInBits, fullkey.full, sizeof(e), e, ccrng_seckey))
                result = errSecSuccess;
            break;
        }
        default:
            break;
    }

    return result;
}
Exemplo n.º 13
0
static OSStatus ccrsa_full_decode(ccrsa_full_ctx_t fullkey, size_t pkcs1_size, const uint8_t* pkcs1)
{
    OSStatus result = errSecParam;

	DERItem keyItem = {(DERByte *)pkcs1, pkcs1_size};
    DERRSAKeyPair decodedKey;

	require_noerr_action(DERParseSequence(&keyItem,
                                          DERNumRSAKeyPairItemSpecs, DERRSAKeyPairItemSpecs,
                                          &decodedKey, sizeof(decodedKey)),
                         errOut, result = errSecDecode);

    require_noerr(ccrsa_pub_init(fullkey,
                                 decodedKey.n.length, decodedKey.n.data,
                                 decodedKey.e.length, decodedKey.e.data),
                  errOut);
    ccn_read_uint(ccrsa_ctx_n(fullkey), ccrsa_ctx_d(fullkey),
                  decodedKey.d.length, decodedKey.d.data);
    {
        ccrsa_priv_ctx_t privkey = ccrsa_ctx_private(fullkey);
        CCZP_N(ccrsa_ctx_private_zp(privkey)) = ccn_nof((ccn_bitsof_n(ccrsa_ctx_n(fullkey)) / 2) + 1);
        CCZP_N(ccrsa_ctx_private_zq(privkey)) = cczp_n(ccrsa_ctx_private_zp(privkey));

        // TODO: Actually remember decodedKey.d.

        require_noerr(ccrsa_priv_init(privkey,
                                     decodedKey.p.length, decodedKey.p.data,
                                      decodedKey.q.length, decodedKey.q.data,
                                      decodedKey.dp.length, decodedKey.dp.data,
                                      decodedKey.dq.length, decodedKey.dq.data,
                                      decodedKey.qInv.length, decodedKey.qInv.data),
                      errOut);
    }

    result = errSecSuccess;

errOut:
    return result;
}
Exemplo n.º 14
0
int ccrsa_test_verify_pkcs1v15_vector(const struct ccrsa_verify_vector *v)
{
    bool ok;
    int rc;
    const struct ccdigest_info *di = v->di;
    const cc_size n = ccn_nof(v->modlen);
    const size_t s = ccn_sizeof(v->modlen);
    unsigned char H[di->output_size];

    cc_unit exponent[n];
    cc_unit modulus[n];
    ccrsa_pub_ctx_decl(ccn_sizeof(v->modlen), key);
    ccrsa_ctx_n(key) = n;
    ccn_seti(n, exponent, v->exp);
    ccn_read_uint(n, modulus, s, v->mod);

    ccrsa_init_pub(key, modulus, exponent);
    ccdigest(di, v->msglen, v->msg, H);
    rc=ccrsa_verify_pkcs1v15(key, di->oid.oid, di->output_size, H, v->siglen, v->sig, &ok);

    return ((rc==0)
        && ((ok && v->valid) || (!ok && !v->valid)))?0:1;
}
Exemplo n.º 15
0
static int RSA_POST()
{
	int result = -1;
	uint32_t uintEValue = 3;

	// xp1 = 1384167f9844865eae22cb3672
	unsigned char* xp1Data = (unsigned char*)"\x13\x84\x16\x7f\x98\x44\x86\x5e\xae\x22\xcb\x36\x72";
	size_t xp1DataSize =  13;

	// xp2 = 1a085b0b737f842a8a1f32b662
	unsigned char* xp2Data = (unsigned char*)"\x1a\x08\x5b\x0b\x73\x7f\x84\x2a\x8a\x1f\x32\xb6\x62";
	size_t xp2DataSize = 13;

	// Xp = beef5ad133e9a3955097c8d8b03bd50662b5f82b8e9c3eab5c8d9d3311c337ef7ce8ddfe902bd2235293d2bdf69353f944de0b46417cb2090c1e099206af1b4
	unsigned char* xpData = (unsigned char*)"\xbe\xef\x5a\xd1\x33\xe9\xa3\x95\x50\x97\xc8\xd8\xb0\x3b\xd5\x06\x62\xb5\xf8\x2b\x8e\x9c\x3e\xab\x5c\x8d\x9d\x33\x11\xc3\x37\xef\x7c\xe8\xdd\xfe\x90\x2b\xd2\x23\x52\x93\xd2\xbd\xf6\x93\x53\xf9\x44\xde\x0b\x46\x41\x7c\xb2\x09\x0c\x1e\x09\x92\x06\xaf\x1b\x04";
	size_t xpDataSize = 64;

	// xq1 = 17fa0d7d2189c759b0b8eb1d18
	unsigned char* xq1Data = (unsigned char*)"\x17\xfa\x0d\x7d\x21\x89\xc7\x59\xb0\xb8\xeb\x1d\x18";
	size_t xq1DataSize = 13;

	// xq2 = 17c8e735fb8d58e13a412ae214
	unsigned char* xq2Data = (unsigned char*)"\x17\xc8\xe7\x35\xfb\x8d\x58\xe1\x3a\x41\x2a\xe2\x14";
	size_t xq2DataSize = 13;

	// Xq = f2d7b992fb914cd677876bb3702b1441716ebd2b447c3a0500a6e0e0449feb1cbdec1d7eee96a88230224ef3f7c2c7b858cd63f1c86df0432798de6ffd41a12a
	unsigned char* xqData = (unsigned char*)"\xf2\xd7\xb9\x92\xfb\x91\x4c\xd6\x77\x87\x6b\xb3\x70\x2b\x14\x41\x71\x6e\xbd\x2b\x44\x7c\x3a\x05\x00\xa6\xe0\xe0\x44\x9f\xeb\x1c\xbd\xec\x1d\x7e\xee\x96\xa8\x82\x30\x22\x4e\xf3\xf7\xc2\xc7\xb8\x58\xcd\x63\xf1\xc8\x6d\xf0\x43\x27\x98\xde\x6f\xfd\x41\xa1\x2a";
	size_t xqDataSize = 64;


    cc_unit x_p1[ccn_nof_size(xp1DataSize)];
    cc_unit x_p2[ccn_nof_size(xp2DataSize)];
    cc_unit x_p[ccn_nof_size(xpDataSize)];
    cc_unit x_q1[ccn_nof_size(xq1DataSize)];
    cc_unit x_q2[ccn_nof_size(xq2DataSize)];
    cc_unit x_q[ccn_nof_size(xqDataSize)];
	cc_unit e_value[1];

    size_t nbits = xpDataSize * 8 + xqDataSize * 8; // or we'll add this as a parameter.  This appears to be correct for FIPS
    cc_size n = ccn_nof(nbits);

    e_value[0] = (cc_unit)uintEValue;

    if (0 != ccn_read_uint(ccn_nof_size(xp1DataSize), x_p1, xp1DataSize, xp1Data))
	{
		return result;
	}

	if (0 != ccn_read_uint(ccn_nof_size(xp2DataSize), x_p2, xp2DataSize, xp2Data))
	{
		return result;
	}

	if (0 != ccn_read_uint(ccn_nof_size(xpDataSize), x_p, xpDataSize, xpData))
	{
		return result;
	}

	if (0 != ccn_read_uint(ccn_nof_size(xq1DataSize), x_q1, xq1DataSize, xq1Data))
	{
		return result;
	}

	if (0 != ccn_read_uint(ccn_nof_size(xq2DataSize), x_q2, xq2DataSize, xq2Data))
	{
		return result;
	}

	if (0 != ccn_read_uint(ccn_nof_size(xqDataSize), x_q, xqDataSize, xqData))
	{
		return result;
	};

    cc_size np = n;
    cc_size nq = n;
    cc_size nm = n;
    cc_size nd = n;
    cc_unit p[n];
    cc_unit q[n];
    cc_unit m[n];
    cc_unit d[n];

    ccrsa_full_ctx_decl(ccn_sizeof_n(n), full_key);
    ccrsa_ctx_n(full_key) = n;


    if (0 != ccrsa_make_931_key(nbits, 1, e_value,
                                ccn_nof_size(xp1DataSize), x_p1,
                                ccn_nof_size(xp2DataSize), x_p2,
                                ccn_nof_size(xpDataSize), x_p,
                                ccn_nof_size(xq1DataSize), x_q1,
                                ccn_nof_size(xq2DataSize), x_q2, 
                                ccn_nof_size(xqDataSize), x_q,
                                full_key,
                                &np, p,
                                &nq, q,
                                &nm, m,
                                &nd, d))
	{
        ccrsa_full_ctx_clear(ccn_sizeof(nbits), full_key);
		return result;
	}

	ccrsa_full_ctx *fk = full_key;
	ccrsa_pub_ctx_t pub_key = ccrsa_ctx_public(fk);


	unsigned char fake_digest[20];
	memcpy(fake_digest, "ABCEDFGHIJKLMNOPRSTU", 20);
	uint8_t sig[(nbits+7)/8];
    size_t siglen=sizeof(sig);

	if (0 != ccrsa_sign_pkcs1v15(full_key, ccoid_sha1, CCSHA1_OUTPUT_SIZE, fake_digest,  &siglen, sig))
	{
		ccrsa_full_ctx_clear(ccn_sizeof(nbits), full_key);
		return result;
	}

	bool ok;
	if (0 != ccrsa_verify_pkcs1v15(pub_key, ccoid_sha1, CCSHA1_OUTPUT_SIZE, fake_digest, siglen, sig, &ok) || !ok)
	{
		ccrsa_full_ctx_clear(ccn_sizeof(nbits), full_key);
		return result;
	}

	return 0;		
}
Exemplo n.º 16
0
 * enhancement requests can be made via https://bugreport.apple.com as described
 * here: https://developer.apple.com/bug-reporting/
 *
 * EA1350 
 * 10/5/15
 */


/* Autogenerated file - Use scheme ccdh_gen_gp */
#include <corecrypto/ccdh_priv.h>
#include <corecrypto/ccdh_gp.h>

static const ccdh_gp_decl_static(6144) _ccdh_gp_rfc3526group17 =
{
    .zp = {
        .n = ccn_nof(6144),
        .options = 0,
        .mod_prime = cczp_mod
    },
    .p = {
        /* prime */
        CCN64_C(ff,ff,ff,ff,ff,ff,ff,ff),CCN64_C(e6,94,f9,1e,6d,cc,40,24),
        CCN64_C(12,bf,2d,5b,0b,74,74,d6),CCN64_C(04,3e,8f,66,3f,48,60,ee),
        CCN64_C(38,7f,e8,d7,6e,3c,04,68),CCN64_C(da,56,c9,ec,2e,f2,96,32),
        CCN64_C(eb,19,cc,b1,a3,13,d5,5c),CCN64_C(f5,50,aa,3d,8a,1f,bf,f0),
        CCN64_C(06,a1,d5,8b,b7,c5,da,76),CCN64_C(a7,97,15,ee,f2,9b,e3,28),
        CCN64_C(14,cc,5e,d2,0f,80,37,e0),CCN64_C(cc,8f,6d,7e,bf,48,e1,d8),
        CCN64_C(4b,d4,07,b2,2b,41,54,aa),CCN64_C(0f,1d,45,b7,ff,58,5a,c5),
        CCN64_C(23,a9,7a,7e,36,cc,88,be),CCN64_C(59,e7,c9,7f,be,c7,e8,f3),
        CCN64_C(b5,a8,40,31,90,0b,1c,9e),CCN64_C(d5,5e,70,2f,46,98,0c,82),
        CCN64_C(f4,82,d7,ce,6e,74,fe,f6),CCN64_C(f0,32,ea,15,d1,72,1d,03),
Exemplo n.º 17
0
 * enhancement requests can be made via https://bugreport.apple.com as described
 * here: https://developer.apple.com/bug-reporting/
 *
 * EA1350
 * 10/5/15
 */


/* Autogenerated file - Use scheme ccdh_gen_gp */
#include <corecrypto/ccdh_priv.h>
#include <corecrypto/ccdh_gp.h>

static const ccdh_gp_decl_static(8192) _ccdh_gp_rfc3526group18 =
{
    .zp = {
        .n = ccn_nof(8192),
        .options = 0,
        .mod_prime = cczp_mod
    },
    .p = {
        /* prime */
        CCN64_C(ff,ff,ff,ff,ff,ff,ff,ff),CCN64_C(60,c9,80,dd,98,ed,d3,df),
        CCN64_C(c8,1f,56,e8,80,b9,6e,71),CCN64_C(9e,30,50,e2,76,56,94,df),
        CCN64_C(95,58,e4,47,56,77,e9,aa),CCN64_C(c9,19,0d,a6,fc,02,6e,47),
        CCN64_C(88,9a,00,2e,d5,ee,38,2b),CCN64_C(40,09,43,8b,48,1c,6c,d7),
        CCN64_C(35,90,46,f4,eb,87,9f,92),CCN64_C(fa,f3,6b,c3,1e,cf,a2,68),
        CCN64_C(b1,d5,10,bd,7e,e7,4d,73),CCN64_C(f9,ab,48,19,5d,ed,7e,a1),
        CCN64_C(64,f3,1c,c5,08,46,85,1d),CCN64_C(45,97,e8,99,a0,25,5d,c1),
        CCN64_C(df,31,0e,e0,74,ab,6a,36),CCN64_C(6d,2a,13,f8,3f,44,f8,2d),
        CCN64_C(06,2b,3c,f5,b3,a2,78,a6),CCN64_C(79,68,33,03,ed,5b,dd,3a),
        CCN64_C(fa,9d,4b,7f,a2,c0,87,e8),CCN64_C(4b,cb,c8,86,2f,83,85,dd),
Exemplo n.º 18
0
 * enhancement requests can be made via https://bugreport.apple.com as described
 * here: https://developer.apple.com/bug-reporting/
 *
 * EA1350 
 * 10/5/15
 */


/* Autogenerated file - Use scheme ccdh_gen_gp */
#include <corecrypto/ccdh_priv.h>
#include <corecrypto/ccdh_gp.h>

static const ccdh_gp_decl_static(1536) _ccdh_gp_rfc3526group05 =
{
    .zp = {
        .n = ccn_nof(1536),
        .options = 0,
        .mod_prime = cczp_mod
    },
    .p = {
        /* prime */
        CCN64_C(ff,ff,ff,ff,ff,ff,ff,ff),CCN64_C(f1,74,6c,08,ca,23,73,27),
        CCN64_C(67,0c,35,4e,4a,bc,98,04),CCN64_C(9e,d5,29,07,70,96,96,6d),
        CCN64_C(1c,62,f3,56,20,85,52,bb),CCN64_C(83,65,5d,23,dc,a3,ad,96),
        CCN64_C(69,16,3f,a8,fd,24,cf,5f),CCN64_C(98,da,48,36,1c,55,d3,9a),
        CCN64_C(c2,00,7c,b8,a1,63,bf,05),CCN64_C(49,28,66,51,ec,e4,5b,3d),
        CCN64_C(ae,9f,24,11,7c,4b,1f,e6),CCN64_C(ee,38,6b,fb,5a,89,9f,a5),
        CCN64_C(0b,ff,5c,b6,f4,06,b7,ed),CCN64_C(f4,4c,42,e9,a6,37,ed,6b),
        CCN64_C(e4,85,b5,76,62,5e,7e,c6),CCN64_C(4f,e1,35,6d,6d,51,c2,45),
        CCN64_C(30,2b,0a,6d,f2,5f,14,37),CCN64_C(ef,95,19,b3,cd,3a,43,1b),
        CCN64_C(51,4a,08,79,8e,34,04,dd),CCN64_C(02,0b,be,a6,3b,13,9b,22),
Exemplo n.º 19
0
int ccdh_test_compute_vector(const struct ccdh_compute_vector *v)
{
    int result,r1,r2;
    const cc_size n = ccn_nof(v->len);
    const size_t s = ccn_sizeof_n(n);
    unsigned char z[v->zLen];
    size_t zLen;
    unsigned char tmp[v->zLen]; // for negative testing
    uint32_t status=0;
    uint32_t nb_test=0;

    ccdh_gp_decl(s, gp);
    ccdh_full_ctx_decl(s, a);
    ccdh_full_ctx_decl(s, b);
    cc_unit p[n];
    cc_unit g[n];
    cc_unit r[n];
    cc_unit q[n];

    // Bail to errOut when unexpected error happens.
    // Try all usecases otherwise

    if((result=ccn_read_uint(n, p, v->pLen, v->p)))
        goto errOut;
    if((result=ccn_read_uint(n, g, v->gLen, v->g)))
        goto errOut;
    if((result=ccn_read_uint(n, q, v->qLen, v->q)))
        goto errOut;

    ccdh_init_gp_with_order(gp, n, p, g, q);

    ccdh_ctx_init(gp, a);
    ccdh_ctx_init(gp, b);

    if((result=ccn_read_uint(n, ccdh_ctx_x(a), v->xaLen, v->xa))) // private key
        goto errOut;
    if((result=ccn_read_uint(n, ccdh_ctx_y(a), v->yaLen, v->ya))) // public key
        goto errOut;
    if((result=ccn_read_uint(n, ccdh_ctx_x(b), v->xbLen, v->xb))) // private key
        goto errOut;
    if((result=ccn_read_uint(n, ccdh_ctx_y(b), v->ybLen, v->yb))) // public key
        goto errOut;

    /*
     * Main test
     */

    /* try one side */
    zLen = v->zLen;
    r1=ccdh_compute_key(a, b, r);
    ccn_write_uint_padded(n, r, zLen, z);
    r1|=memcmp(z, v->z, zLen);

    /* try the other side */
    zLen = v->zLen;
    r2=ccdh_compute_key(b, a, r);
    ccn_write_uint_padded(n, r, zLen, z);
    r2|=memcmp(z, v->z, zLen);

    if ((!(r1||r2) && v->valid)||((r1||r2) && !v->valid))
    {
        status|=1<<nb_test;
    }
    nb_test++;

    // We are done if the test is not valid
    if (!v->valid) goto doneOut;

    /*
     * Corner case / negative testing
     * Only applicable for valid tests
     */

    /* Output is 1 (use private key is (p-1)/2)*/
    if((result=ccn_read_uint(n, ccdh_ctx_x(a), v->pLen, v->p))) // private key
        goto errOut;
    ccn_sub1(n,ccdh_ctx_x(a),ccdh_ctx_x(a),1);
    ccn_shift_right(n,ccdh_ctx_x(a),ccdh_ctx_x(a),1);
    if ((result=ccdh_compute_key(a, b, r))!=0)
    {
        status|=1<<nb_test;
    }
    if((result=ccn_read_uint(n, ccdh_ctx_x(a), v->xaLen, v->xa))) // restore private key
        goto errOut;
    nb_test++;
    
    
    /* negative testing (1 < y < p-1)*/
    /* public y = 0 */
    zLen = v->zLen;
    cc_zero(sizeof(tmp),tmp);
    if((result=ccn_read_uint(n, ccdh_ctx_y(b), zLen, tmp)))
    {
        goto errOut;
    }
    if((result=ccdh_compute_key(a, b, r))!=0)
    {
        status|=1<<nb_test;
    }
    nb_test++;

    /* public y = 1 */
    zLen = v->zLen;
    cc_zero(sizeof(tmp),tmp);
    tmp[zLen-1]=1;
    if((result=ccn_read_uint(n, ccdh_ctx_y(b), zLen, tmp)))
    {
        goto errOut;
    }
    if((result=ccdh_compute_key(a, b, r))!=0)
    {
        status|=1<<nb_test;
    }
    nb_test++;

    /* public y = p */
    if((result=ccn_read_uint(n, ccdh_ctx_y(b), v->pLen, v->p)))
        goto errOut;

    if((result=ccdh_compute_key(a, b, r))!=0)
    {
        status|=1<<nb_test;
    }
    nb_test++;

    /* public y = p-1 */
    if((result=ccn_read_uint(n, ccdh_ctx_y(b), v->pLen, v->p)))
    {
        goto errOut;
    }
    ccn_sub1(n,ccdh_ctx_y(b),ccdh_ctx_y(b),1);

    if((result=ccdh_compute_key(a, b, r))!=0)
    {
        status|=1<<nb_test;
    }
    nb_test++;

    /* 
     * When the order is in defined in the group 
     *  check that the implementation check the order of the public value:
     *      public y = g+1 (for rfc5114 groups, g+1 is not of order q)
     */
    if (ccdh_gp_order_bitlen(gp))
    {
        if((result=ccn_read_uint(n, ccdh_ctx_y(b), v->gLen, v->g)))
        {
            goto errOut;
        }
        ccn_add1(n,ccdh_ctx_y(b),ccdh_ctx_y(b),1);

        if((result=ccdh_compute_key(a, b, r))!=0)
        {
            status|=1<<nb_test;
        }
        nb_test++;
    }


    /* positive testing at the boundaries of (1 < y < p-1)*/

    // Don't set the order in gp because 2 and p-2 are not of order q
    ccdh_init_gp(gp, n, p, g, 0);

    /* public y = 2 */
    zLen = v->zLen;
    cc_zero(sizeof(tmp),tmp);
    tmp[zLen-1]=2;
    if((result=ccn_read_uint(n, ccdh_ctx_y(b), zLen, tmp)))
    {
        goto errOut;
    }
    if((result=ccdh_compute_key(a, b, r))==0)
    {
        status|=1<<nb_test;
    }
    nb_test++;

    /* public y = p-2 */
    if((result=ccn_read_uint(n, ccdh_ctx_y(b), v->pLen, v->p)))
    {
        goto errOut;
    }
    ccn_sub1(n,ccdh_ctx_y(b),ccdh_ctx_y(b),2);

    if((result=ccdh_compute_key(a, b, r))==0)
    {
        status|=1<<nb_test;
    }
    nb_test++;

    /* Negative testing: p is even */
    if((result=ccn_read_uint(n, p, v->pLen, v->p)))
        goto errOut;
    ccn_set_bit(p,0,0); // Set LS bit to 0
    ccdh_init_gp(gp, n, p, g, 0);
    ccdh_ctx_init(gp, a);
    ccdh_ctx_init(gp, b);

    if((result=ccdh_compute_key(a, b, r))!=0)
    {
        status|=1<<nb_test;
    }
    nb_test++;


    /* Test aftermath */
doneOut:
    if ((nb_test==0) || (status!=((1<<nb_test)-1)))
    {
        result=1;
    }
    else
    {
        result=0; // Test is successful, Yeah!
    }

errOut:
    return result;
}
Exemplo n.º 20
0
 * enhancement requests can be made via https://bugreport.apple.com as described
 * here: https://developer.apple.com/bug-reporting/
 *
 * EA1350 
 * 10/5/15
 */


/* Autogenerated file - Use scheme ccdh_gen_gp */
#include <corecrypto/ccdh_priv.h>
#include <corecrypto/ccsrp_gp.h>

static const ccdh_gp_decl_static(2048) _ccsrp_gp_rfc5054_2048 =
{
    .zp = {
        .n = ccn_nof(2048),
        .options = 0,
        .mod_prime = cczp_mod
    },
    .p = {
        /* prime */
        CCN64_C(0f,a7,11,1f,9e,4a,ff,73),CCN64_C(9b,65,e3,72,fc,d6,8e,f2),
        CCN64_C(35,de,23,6d,52,5f,54,75),CCN64_C(94,b5,c8,03,d8,9f,7a,e4),
        CCN64_C(71,ae,35,f8,e9,db,fb,b6),CCN64_C(2a,56,98,f3,a8,d0,c3,82),
        CCN64_C(9c,cc,04,1c,7b,c3,08,d8),CCN64_C(af,87,4e,73,03,ce,53,29),
        CCN64_C(61,60,27,90,04,e5,7a,e6),CCN64_C(03,2c,fb,db,f5,2f,b3,78),
        CCN64_C(5e,a7,7a,27,75,d2,ec,fa),CCN64_C(54,45,23,b5,24,b0,d5,7d),
        CCN64_C(5b,9d,32,e6,88,f8,77,48),CCN64_C(f1,d2,b9,07,87,17,46,1a),
        CCN64_C(76,bd,20,7a,43,6c,64,81),CCN64_C(ca,97,b4,3a,23,fb,80,16),
        CCN64_C(1d,28,1e,44,6b,14,77,3b),CCN64_C(73,59,d0,41,d5,c3,3e,a7),
        CCN64_C(a8,0d,74,0a,db,f4,ff,74),CCN64_C(55,f9,79,93,ec,97,5e,ea),
Exemplo n.º 21
0
CCCryptorStatus 
CCRSACryptorCreatePairFromData(uint32_t e, 
    uint8_t *xp1, size_t xp1Length,
    uint8_t *xp2, size_t xp2Length,
    uint8_t *xp, size_t xpLength,
    uint8_t *xq1, size_t xq1Length,
    uint8_t *xq2, size_t xq2Length,
    uint8_t *xq, size_t xqLength,
    CCRSACryptorRef *publicKey, CCRSACryptorRef *privateKey,
    uint8_t *retp, size_t *retpLength,
    uint8_t *retq, size_t *retqLength,
    uint8_t *retm, size_t *retmLength,
    uint8_t *retd, size_t *retdLength)
{
    CCCryptorStatus retval;
    CCRSACryptor *privateCryptor = NULL;
    CCRSACryptor *publicCryptor = NULL;
    cc_unit x_p1[ccn_nof_size(xp1Length)];
    cc_unit x_p2[ccn_nof_size(xp2Length)];
    cc_unit x_p[ccn_nof_size(xpLength)];
    cc_unit x_q1[ccn_nof_size(xq1Length)];
    cc_unit x_q2[ccn_nof_size(xq2Length)];
    cc_unit x_q[ccn_nof_size(xqLength)];
    cc_unit e_value[1];
    size_t nbits = xpLength * 8 + xqLength * 8; // or we'll add this as a parameter.  This appears to be correct for FIPS
    cc_size n = ccn_nof(nbits);
    cc_unit p[n], q[n], m[n], d[n];
    cc_size np, nq, nm, nd;
    
    np = nq = nm = nd = n;
    
    CC_DEBUG_LOG(ASL_LEVEL_ERR, "Entering\n");
    e_value[0] = (cc_unit) e;

    __Require_Action((privateCryptor = ccMallocRSACryptor(nbits, ccRSAKeyPrivate)) != NULL, errOut, retval = kCCMemoryFailure);

    __Require_Action(ccn_read_uint(ccn_nof_size(xp1Length), x_p1, xp1Length, xp1) == 0, errOut, retval = kCCParamError);
    __Require_Action(ccn_read_uint(ccn_nof_size(xp2Length), x_p2, xp2Length, xp2)== 0, errOut, retval = kCCParamError);
    __Require_Action(ccn_read_uint(ccn_nof_size(xpLength), x_p, xpLength, xp) == 0, errOut, retval = kCCParamError);
    __Require_Action(ccn_read_uint(ccn_nof_size(xq1Length), x_q1, xq1Length, xq1) == 0, errOut, retval = kCCParamError);
    __Require_Action(ccn_read_uint(ccn_nof_size(xq2Length), x_q2, xq2Length, xq2) == 0, errOut, retval = kCCParamError);
    __Require_Action(ccn_read_uint(ccn_nof_size(xqLength), x_q, xqLength, xq) == 0, errOut, retval = kCCParamError);
    
	__Require_Action(ccrsa_make_931_key(nbits, 1, e_value, 
                                        ccn_nof_size(xp1Length), x_p1, ccn_nof_size(xp2Length), x_p2, ccn_nof_size(xpLength), x_p,
                                        ccn_nof_size(xq1Length), x_q1, ccn_nof_size(xq2Length), x_q2, ccn_nof_size(xqLength), x_q,
                                        privateCryptor->fk,
                                        &np, p,
                                        &nq, q,
                                        &nm, m,
                                        &nd, d) == 0, errOut, retval = kCCDecodeError);
    
    privateCryptor->keyType = ccRSAKeyPrivate;
    
    __Require_Action((publicCryptor = CCRSACryptorGetPublicKeyFromPrivateKey(privateCryptor)) != NULL, errOut, retval = kCCMemoryFailure);

    *publicKey = publicCryptor;
    *privateKey = privateCryptor;
    ccn_write_arg(np, p, retp, retpLength);
    ccn_write_arg(nq, q, retq, retqLength);
    ccn_write_arg(nm, m, retm, retmLength);
    ccn_write_arg(nd, d, retd, retdLength);
    
    return kCCSuccess;
    
errOut:
    if(privateCryptor) ccRSACryptorClear(privateCryptor);
    if(publicCryptor) ccRSACryptorClear(publicCryptor);
    // CLEAR the bits
    *publicKey = *privateKey = NULL;
    return retval;

}
Exemplo n.º 22
0
static double perf_ccn(unsigned long loops, unsigned long size, const void *arg)
{
    const struct ccn_perf_test *test=arg;
    cc_size count=ccn_nof(size);
    return test->func(loops, count);
}