int main()
{
int i,bytes,res;
unsigned long ran;
char m[RFS],ml[RFS],c[RFS],e[RFS],raw[100];
rsa_public_key pub;
rsa_private_key priv;
csprng RNG;
octet M={0,sizeof(m),m};
octet ML={0,sizeof(ml),ml};
octet C={0,sizeof(c),c};
octet E={0,sizeof(e),e};
octet RAW={0,sizeof(raw),raw};
time((time_t *)&ran);
RAW.len=100; /* fake random seed source */
RAW.val[0]=ran;
RAW.val[1]=ran>>8;
RAW.val[2]=ran>>16;
RAW.val[3]=ran>>24;
for (i=4;i<100;i++) RAW.val[i]=i;
CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
printf("Generating public/private key pair\n");
RSA_KEY_PAIR(&RNG,65537,&priv,&pub);
printf("Encrypting test string\n");
OCT_jstring(&M,(char *)"Hello World\n");
OAEP_ENCODE(&M,&RNG,NULL,&E); /* OAEP encode message m to e */
RSA_ENCRYPT(&pub,&E,&C); /* encrypt encoded message */
printf("Ciphertext= "); OCT_output(&C);
printf("Decrypting test string\n");
RSA_DECRYPT(&priv,&C,&ML); /* ... and then decrypt it */
OAEP_DECODE(NULL,&ML); /* decode it */
OCT_output_string(&ML);
if (!OCT_comp(&M,&ML))
{
printf("FAILURE RSA Encryption failed");
return 1;
}
OCT_clear(&M); OCT_clear(&ML); /* clean up afterwards */
OCT_clear(&C); OCT_clear(&RAW); OCT_clear(&E);
KILL_CSPRNG(&RNG);
RSA_PRIVATE_KEY_KILL(&priv);
printf("SUCCESS\n");
return 0;
}
int test_utils()
{
printf("test_utils() started\n");
int i,otp;
char x[32];
octet X= {sizeof(x),sizeof(x),x};
char vector[32];
octet VECTOR= {sizeof(vector),sizeof(vector),vector};
char seed[32] = {0};
octet SEED = {0,sizeof(seed),seed};
csprng RNG;
/* unrandom seed value! */
SEED.len=32;
for (i=0; i<32; i++)
SEED.val[i]=i+1;
/* initialise random number generator */
CREATE_CSPRNG(&RNG,&SEED);
for (i=0; i<nIter; i++)
{
otp = generateOTP(&RNG);
if (otp != V1[i])
{
printf("test_utils() FAILURE generateOTP failure\n");
return 1;
}
}
for (i=0; i<nIter; i++)
{
generateRandom(&RNG,&X);
OCT_fromHex(&VECTOR,V2[i]);
if (!OCT_comp(&X,&VECTOR))
{
printf("test_utils() FAILURE generateRandom failure\n");
return 1;
}
}
for (i=0; i<nIter; i++)
{
amcl_hex2bin(V2[i], bintemp, 64);
amcl_bin2hex(bintemp, temp, 32);
if (strncmp(V2[i], temp, 64))
{
printf("test_utils() FAILURE conversion hex/bin\n");
return 1;
}
}
printf("test_utils() SUCCESS\n");
return 0;
}
int X509_find_entity_property(octet *c,octet *SOID,int start,int *flen)
{
int i,j,k,fin,len,tlen;
char foid[50]; /*****/
octet FOID= {0,sizeof(foid),foid};
j=start;
tlen=getalen(SEQ,c->val,j);
if (tlen<0) return 0;
j+=skip(tlen);
for (k=j; j<k+tlen;)
{
// search for Owner OID
len=getalen(SET,c->val,j);
if (len<0) return 0;
j+=skip(len);
len=getalen(SEQ,c->val,j);
if (len<0) return 0;
j+=skip(len);
len=getalen(OID,c->val,j);
if (len<0) return 0;
j+=skip(len);
fin=j+len; // extract OID
FOID.len=len;
for (i=0; j<fin; j++)
FOID.val[i++]= c->val[j];
len=getalen(ANY,c->val,j); // get text, could be any type
if (len<0) return 0;
j+=skip(len);
if (OCT_comp(&FOID,SOID))
{
// if its the right one return
*flen=len;
return j;
}
j+=len; // skip over it
}
*flen=0; /*****/
return 0;
}
int test_octet_consistency()
{
int i,j,len=100;
int len64 = ((len/3) + 2)*4+1, lenHex = 28*len;
char raw[256], bytes[len+1], bytes64[len64+1], bytesHex[lenHex+1], v[len], w[len];
octet V= {0,sizeof(v),v}, W= {0,sizeof(w),w};
csprng rng;
/* Fake random source */
RAND_clean(&rng);
for (i=0; i<256; i++) raw[i]=(char)i;
RAND_seed(&rng,256,raw);
/* test comparison */
for (len = 1; len <= 101; len=len+10)
{
OCT_rand(&W,&rng,len);
OCT_copy(&V,&W);
if(!OCT_comp(&V,&W))
{
printf("ERROR comparing two equal octet, OCTET\n");
exit(EXIT_FAILURE);
}
for (i = 0; i < len; ++i)
{
if(!OCT_ncomp(&V,&W,i))
{
printf("ERROR comparing two equal octet, OCTET\n");
exit(EXIT_FAILURE);
}
}
OCT_rand(&V,&rng,len);
if(OCT_comp(&V,&W))
{
printf("ERROR comparing two different octet, OCTET\n");
exit(EXIT_FAILURE);
}
}
OCT_rand(&W,&rng,0);
OCT_copy(&V,&W);
if(!OCT_comp(&V,&W))
{
printf("ERROR comparing two equal octet, OCTET\n");
exit(EXIT_FAILURE);
}
for (len = 100; len > 0; len=len-10)
{
W.max = len;
V.max = len;
/* test conversion to and from base64 */
for (j = 0; j < 10; ++j)
{
OCT_rand(&W,&rng,len);
OCT_copy(&V,&W);
OCT_tobase64(bytes64,&W);
OCT_frombase64(&W,bytes64);
if(!OCT_comp(&V,&W))
{
printf("ERROR converting to and from base64 OCTET\n");
exit(EXIT_FAILURE);
}
}
/* test conversion to and from hex */
for (i = 0; i < 10; ++i)
{
OCT_rand(&W,&rng,len);
OCT_copy(&V,&W);
OCT_toHex(&W,bytesHex);
OCT_fromHex(&W,bytesHex);
if(!OCT_comp(&V,&W))
{
printf("ERROR converting to and from Hex OCTET\n");
exit(EXIT_FAILURE);
}
}
/* test conversion to and from string */
for (i = 0; i < 10; ++i)
{
OCT_rand(&W,&rng,len);
OCT_copy(&V,&W);
OCT_toStr(&W,bytes);
OCT_jstring(&W,bytes);
if(!OCT_comp(&V,&W))
{
printf("ERROR converting to and from string, OCTET\n");
exit(EXIT_FAILURE);
}
}
}
printf("SUCCESS\n");
return 0;
}
int main()
{
int res,len,sha;
int c,ic;
rsa_public_key_2048 PK;
pktype st,ca,pt;
printf("First check signature on self-signed cert and extract CA public key\n");
OCT_frombase64(&IO,ca_b64);
printf("CA Self-Signed Cert= \n");
OCT_output(&IO);
printf("\n");
st=X509_extract_cert_sig(&IO,&SIG); // returns signature type
if (st.type==0)
{
printf("Unable to extract cert signature\n");
return 0;
}
if (st.type==ECC)
{
OCT_chop(&SIG,&S,SIG.len/2);
OCT_copy(&R,&SIG);
printf("ECC SIG= \n");
OCT_output(&R);
OCT_output(&S);
printf("\n");
}
if (st.type==RSA)
{
printf("RSA SIG= \n");
OCT_output(&SIG);
printf("\n");
}
if (st.hash==H256) printf("Hashed with SHA256\n");
if (st.hash==H384) printf("Hashed with SHA384\n");
if (st.hash==H512) printf("Hashed with SHA512\n");
// Extract Cert from signed Cert
c=X509_extract_cert(&IO,&H);
printf("\nCert= \n");
OCT_output(&H);
printf("\n");
// show some details
printf("Issuer Details\n");
ic=X509_find_issuer(&H);
c=X509_find_entity_property(&H,&ON,ic,&len);
print_out("owner=",&H,c,len);
c=X509_find_entity_property(&H,&CN,ic,&len);
print_out("country=",&H,c,len);
c=X509_find_entity_property(&H,&EN,ic,&len);
print_out("email=",&H,c,len);
printf("\n");
ca=X509_extract_public_key(&H,&CAKEY);
if (ca.type==0)
{
printf("Not supported by library\n");
return 0;
}
if (ca.type!=st.type)
{
printf("Not self-signed\n");
}
if (ca.type==ECC)
{
printf("EXTRACTED ECC PUBLIC KEY= \n");
OCT_output(&CAKEY);
}
if (ca.type==RSA)
{
printf("EXTRACTED RSA PUBLIC KEY= \n");
OCT_output(&CAKEY);
}
printf("\n");
// Cert is self-signed - so check signature
printf("Checking Self-Signed Signature\n");
if (ca.type==ECC)
{
if (ca.curve!=CHOICE)
{
printf("Curve is not supported\n");
return 0;
}
res=ECP_NIST256_PUBLIC_KEY_VALIDATE(1,&CAKEY);
if (res!=0)
{
printf("ECP Public Key is invalid!\n");
return 0;
}
else printf("ECP Public Key is Valid\n");
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("Hash Function not supported\n");
return 0;
}
if (ECP_NIST256_VP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
{
printf("***ECDSA Verification Failed\n");
return 0;
}
else
printf("ECDSA Signature/Verification succeeded \n");
}
if (ca.type==RSA)
{
if (ca.curve!=2048)
{
printf("RSA bit size is not supported\n");
return 0;
}
PK.e=65537; // assuming this!
RSA_2048_fromOctet(PK.n,&CAKEY);
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("Hash Function not supported\n");
return 0;
}
PKCS15(sha,&H,&HP);
RSA_2048_ENCRYPT(&PK,&SIG,&HH);
if (OCT_comp(&HP,&HH))
printf("RSA Signature/Verification succeeded \n");
else
{
printf("***RSA Verification Failed\n");
return 0;
}
}
printf("\nNext check CA signature on cert, and extract public key\n");
OCT_frombase64(&IO,cert_b64);
printf("Example Cert= \n");
OCT_output(&IO);
printf("\n");
st=X509_extract_cert_sig(&IO,&SIG);
if (st.type==0)
{
printf("Unable to check cert signature\n");
return 0;
}
if (st.type==ECC)
{
OCT_chop(&SIG,&S,SIG.len/2);
OCT_copy(&R,&SIG);
printf("SIG= \n");
OCT_output(&R);
OCT_output(&S);
printf("\n");
}
if (st.type==RSA)
{
printf("SIG= \n");
OCT_output(&SIG);
printf("\n");
}
c=X509_extract_cert(&IO,&H);
printf("Cert= \n");
OCT_output(&H);
printf("\n");
printf("Subject Details\n");
ic=X509_find_subject(&H);
c=X509_find_entity_property(&H,&ON,ic,&len);
print_out("owner=",&H,c,len);
c=X509_find_entity_property(&H,&CN,ic,&len);
print_out("country=",&H,c,len);
c=X509_find_entity_property(&H,&EN,ic,&len);
print_out("email=",&H,c,len);
printf("\n");
ic=X509_find_validity(&H);
c=X509_find_start_date(&H,ic);
print_date("start date= ",&H,c);
c=X509_find_expiry_date(&H,ic);
print_date("expiry date=",&H,c);
printf("\n");
pt=X509_extract_public_key(&H,&CERTKEY);
if (pt.type==0)
{
printf("Not supported by library\n");
return 0;
}
if (pt.type==ECC)
{
printf("EXTRACTED ECC PUBLIC KEY= \n");
OCT_output(&CERTKEY);
}
if (pt.type==RSA)
{
printf("EXTRACTED RSA PUBLIC KEY= \n");
OCT_output(&CERTKEY);
}
printf("\n");
/* Check CA signature */
if (ca.type==ECC)
{
printf("Checking CA's ECC Signature on Cert\n");
res=ECP_NIST256_PUBLIC_KEY_VALIDATE(1,&CAKEY);
if (res!=0)
printf("ECP Public Key is invalid!\n");
else printf("ECP Public Key is Valid\n");
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("Hash Function not supported\n");
return 0;
}
if (ECP_NIST256_VP_DSA(sha,&CAKEY,&H,&R,&S)!=0)
printf("***ECDSA Verification Failed\n");
else
printf("ECDSA Signature/Verification succeeded \n");
}
if (ca.type==RSA)
{
printf("Checking CA's RSA Signature on Cert\n");
PK.e=65537; // assuming this!
RSA_2048_fromOctet(PK.n,&CAKEY);
sha=0;
if (st.hash==H256) sha=SHA256;
if (st.hash==H384) sha=SHA384;
if (st.hash==H512) sha=SHA512;
if (st.hash==0)
{
printf("Hash Function not supported\n");
return 0;
}
PKCS15(sha,&H,&HP);
RSA_2048_ENCRYPT(&PK,&SIG,&HH);
if (OCT_comp(&HP,&HH))
printf("RSA Signature/Verification succeeded \n");
else
printf("***RSA Verification Failed\n");
}
return 0;
}
// Extract Public Key from inside Certificate
pktype X509_extract_public_key(octet *c,octet *key)
{
int i,j,fin,len,sj;
char koid[12]; /*****/
octet KOID= {0,sizeof(koid),koid};
pktype ret;
ret.type=ret.hash=0;
ret.curve=-1;
j=0;
len=getalen(SEQ,c->val,j);
if (len<0) return ret;
j+=skip(len);
if (len+j!=c->len) return ret;
len=getalen(0,c->val,j);
if (len<0) return ret;
j+=skip(len)+len; //jump over version clause
len=getalen(INT,c->val,j);
if (len>0) j+=skip(len)+len; // jump over serial number clause (if there is one)
len=getalen(SEQ,c->val,j);
if (len<0) return ret;
j+=skip(len)+len; // jump over signature algorithm
len=getalen(SEQ,c->val,j);
if (len<0) return ret;
j+=skip(len)+len; // skip issuer
len=getalen(SEQ,c->val,j);
if (len<0) return ret;
j+=skip(len)+len; // skip validity
len=getalen(SEQ,c->val,j);
if (len<0) return ret;
j+=skip(len)+len; // skip subject
len=getalen(SEQ,c->val,j);
if (len<0) return ret;
j+=skip(len); //
len=getalen(SEQ,c->val,j);
if (len<0) return ret;
j+=skip(len);
// ** Maybe dive in and check Public Key OIDs here?
// ecpublicKey & prime256v1, secp384r1 or secp521r1 for ECC
// rsapublicKey for RSA
sj=j+len;
len=getalen(OID,c->val,j);
if (len<0) return ret;
j+=skip(len);
fin=j+len;
KOID.len=len;
for (i=0; j<fin; j++)
KOID.val[i++]= c->val[j];
ret.type=0;
if (OCT_comp(&ECPK,&KOID)) ret.type=ECC;
if (OCT_comp(&RSAPK,&KOID)) ret.type=RSA;
if (ret.type==0) return ret;
if (ret.type==ECC)
{
// which elliptic curve?
len=getalen(OID,c->val,j);
if (len<0)
{
ret.type=0;
return ret;
}
j+=skip(len);
fin=j+len;
KOID.len=len;
for (i=0; j<fin; j++)
KOID.val[i++]= c->val[j];
if (OCT_comp(&PRIME25519,&KOID)) ret.curve=C25519; /*****/
if (OCT_comp(&PRIME256V1,&KOID)) ret.curve=NIST256;
if (OCT_comp(&SECP384R1,&KOID)) ret.curve=NIST384;
if (OCT_comp(&SECP521R1,&KOID)) ret.curve=NIST521;
}
j=sj; // skip to actual Public Key
len=getalen(BIT,c->val,j);
if (len<0)
{
ret.type=0;
return ret;
}
j+=skip(len); //
j++;
len--; // skip bit shift (hopefully 0!)
// extract key
if (ret.type==ECC)
{
key->len=len;
fin=j+len;
for (i=0; j<fin; j++)
key->val[i++]= c->val[j];
}
if (ret.type==RSA)
{
// Key is (modulus,exponent) - assume exponent is 65537
len=getalen(SEQ,c->val,j);
if (len<0)
{
ret.type=0;
return ret;
}
j+=skip(len); //
len=getalen(INT,c->val,j); // get modulus
if (len<0)
{
ret.type=0;
return ret;
}
j+=skip(len); //
if (c->val[j]==0)
{
j++;
len--; // remove leading zero
}
key->len=len;
fin=j+len;
for (i=0; j<fin; j++)
key->val[i++]= c->val[j];
ret.curve=8*len;
}
return ret;
}
pktype X509_extract_cert_sig(octet *sc,octet *sig)
{
int i,j,k,fin,len,rlen,sj,ex;
char soid[9];
octet SOID= {0,sizeof(soid),soid};
pktype ret;
ret.type=0;
ret.hash=0;
j=0;
len=getalen(SEQ,sc->val,j); // Check for expected SEQ clause, and get length
if (len<0) return ret; // if not a SEQ clause, there is a problem, exit
j+=skip(len); // skip over length to clause contents. Add len to skip clause
if (len+j!=sc->len) return ret;
len=getalen(SEQ,sc->val,j);
if (len<0) return ret;
j+=skip(len)+len; // jump over cert to signature OID
len=getalen(SEQ,sc->val,j);
if (len<0) return ret;
j+=skip(len);
sj=j+len; // Needed to jump over signature OID
// dive in to extract OID
len=getalen(OID,sc->val,j);
if (len<0) return ret;
j+=skip(len);
fin=j+len;
SOID.len=len;
for (i=0; j<fin; j++)
SOID.val[i++]= sc->val[j];
// check OID here..
if (OCT_comp(&ECCSHA256,&SOID))
{
ret.type=ECC;
ret.hash=H256;
}
if (OCT_comp(&ECCSHA384,&SOID))
{
ret.type=ECC;
ret.hash=H384;
}
if (OCT_comp(&ECCSHA512,&SOID))
{
ret.type=ECC;
ret.hash=H512;
}
if (OCT_comp(&RSASHA256,&SOID))
{
ret.type=RSA;
ret.hash=H256;
}
if (OCT_comp(&RSASHA384,&SOID))
{
ret.type=RSA;
ret.hash=H384;
}
if (OCT_comp(&RSASHA512,&SOID))
{
ret.type=RSA;
ret.hash=H512;
}
if (ret.type==0) return ret; // unsupported type
j=sj; // jump out to signature
len=getalen(BIT,sc->val,j);
if (len<0)
{
ret.type=0;
return ret;
}
j+=skip(len);
j++;
len--; // skip bit shift (hopefully 0!)
if (ret.type==ECC)
{
// signature in the form (r,s)
len=getalen(SEQ,sc->val,j);
if (len<0)
{
ret.type=0;
return ret;
}
j+=skip(len);
// pick up r part of signature
len=getalen(INT,sc->val,j);
if (len<0)
{
ret.type=0;
return ret;
}
j+=skip(len);
if (sc->val[j]==0)
{
// skip leading zero
j++;
len--;
}
rlen=bround(len);
ex=rlen-len;
sig->len=2*rlen;
i=0;
for (k=0; k<ex; k++)
sig->val[i++]=0;
fin=j+len;
for (; j<fin; j++)
sig->val[i++]= sc->val[j];
// pick up s part of signature
len=getalen(INT,sc->val,j);
if (len<0)
{
ret.type=0;
return ret;
}
j+=skip(len);
if (sc->val[j]==0)
{
// skip leading zeros
j++;
len--;
}
rlen=bround(len);
ex=rlen-len;
for (k=0; k<ex; k++)
sig->val[i++]=0;
fin=j+len;
for (; j<fin; j++)
sig->val[i++]= sc->val[j];
}
if (ret.type==RSA)
{
rlen=bround(len);
ex=rlen-len;
sig->len=rlen;
i=0;
for (k=0; k<ex; k++)
sig->val[i++]=0;
fin=j+len;
for (; j<fin; j++)
sig->val[i++]= sc->val[j];
}
if (ret.hash==H256) ret.curve=NIST256;
if (ret.hash==H384) ret.curve=NIST384;
if (ret.hash==H512) ret.curve=NIST521;
return ret;
}
int main()
{
int i,j=0,res;
int result;
unsigned long ran;
char *pp="M0ng00se";
/* These octets are automatically protected against buffer overflow attacks */
/* Note salt must be big enough to include an appended word */
/* Note ECIES ciphertext C must be big enough to include at least 1 appended block */
/* Recall EFS is field size in bytes. So EFS=32 for 256-bit curve */
char s0[EGS],s1[EGS],w0[2*EFS+1],w1[2*EFS+1],z0[EFS],z1[EFS],raw[100],key[EAS],salt[32],pw[20],p1[30],p2[30],v[2*EFS+1],m[32],c[64],t[32],cs[EGS],ds[EGS];
octet S0={0,sizeof(s0),s0};
octet S1={0,sizeof(s1),s1};
octet W0={0,sizeof(w0),w0};
octet W1={0,sizeof(w1),w1};
octet Z0={0,sizeof(z0),z0};
octet Z1={0,sizeof(z1),z1};
octet RAW={0,sizeof(raw),raw};
octet KEY={0,sizeof(key),key};
octet SALT={0,sizeof(salt),salt};
octet PW={0,sizeof(pw),pw};
octet P1={0,sizeof(p1),p1};
octet P2={0,sizeof(p2),p2};
octet V={0,sizeof(v),v};
octet M={0,sizeof(m),m};
octet C={0,sizeof(c),c};
octet T={0,sizeof(t),t};
octet CS={0,sizeof(cs),cs};
octet DS={0,sizeof(ds),ds};
/* Crypto Strong RNG */
csprng RNG;
time((time_t *)&ran);
/* fake random seed source */
RAW.len=100;
RAW.val[0]=ran;
RAW.val[1]=ran>>8;
RAW.val[2]=ran>>16;
RAW.val[3]=ran>>24;
for (i=0;i<100;i++) RAW.val[i]=i;
/* initialise strong RNG */
CREATE_CSPRNG(&RNG,&RAW);
SALT.len=8;
for (i=0;i<8;i++) SALT.val[i]=i+1; // set Salt
printf("Alice's Passphrase= %s\n",pp);
OCT_empty(&PW);
OCT_jstring(&PW,pp); // set Password from string
/* private key S0 of size EGS bytes derived from Password and Salt */
PBKDF2(&PW,&SALT,1000,EGS,&S0);
printf("Alices private key= 0x"); OCT_output(&S0);
/* Generate Key pair S/W */
ECP_KEY_PAIR_GENERATE(NULL,&S0,&W0);
res=ECP_PUBLIC_KEY_VALIDATE(1,&W0);
if (res!=0)
{
printf("ECP Public Key is invalid!\n");
return 1;
}
printf("Alice's public key= 0x"); OCT_output(&W0);
/* Random private key for other party */
ECP_KEY_PAIR_GENERATE(&RNG,&S1,&W1);
res=ECP_PUBLIC_KEY_VALIDATE(1,&W1);
if (res!=0)
{
printf("ECP Public Key is invalid!\n");
return 1;
}
printf("Servers private key= 0x"); OCT_output(&S1);
printf("Servers public key= 0x"); OCT_output(&W1);
/* Calculate common key using DH - IEEE 1363 method */
ECPSVDP_DH(&S0,&W1,&Z0);
ECPSVDP_DH(&S1,&W0,&Z1);
if (!OCT_comp(&Z0,&Z1))
{
printf("*** ECPSVDP-DH Failed\n");
return 0;
}
KDF2(&Z0,NULL,EAS,&KEY);
printf("Alice's DH Key= 0x"); OCT_output(&KEY);
printf("Servers DH Key= 0x"); OCT_output(&KEY);
printf("Testing ECIES\n");
P1.len=3; P1.val[0]=0x0; P1.val[1]=0x1; P1.val[2]=0x2;
P2.len=4; P2.val[0]=0x0; P2.val[1]=0x1; P2.val[2]=0x2; P2.val[3]=0x3;
M.len=17;
for (i=0;i<=16;i++) M.val[i]=i;
ECP_ECIES_ENCRYPT(&P1,&P2,&RNG,&W1,&M,12,&V,&C,&T);
printf("Ciphertext= \n");
printf("V= 0x"); OCT_output(&V);
printf("C= 0x"); OCT_output(&C);
printf("T= 0x"); OCT_output(&T);
if (!ECP_ECIES_DECRYPT(&P1,&P2,&V,&C,&T,&S1,&M))
{
printf("*** ECIES Decryption Failed\n");
return 1;
}
else printf("Decryption succeeded\n");
printf("Message is 0x"); OCT_output(&M);
printf("Testing ECDSA\n");
if (ECPSP_DSA(&RNG,&S0,&M,&CS,&DS)!=0)
{
printf("***ECDSA Signature Failed\n");
return 1;
}
printf("Signature C = 0x"); OCT_output(&CS);
printf("Signature D = 0x"); OCT_output(&DS);
if (ECPVP_DSA(&W0,&M,&CS,&DS)!=0)
{
printf("***ECDSA Verification Failed\n");
return 1;
}
else printf("ECDSA Signature/Verification succeeded %d\n",j);
KILL_CSPRNG(&RNG);
printf("SUCCESS\n");
return 0;
}
int test_ecdsa_keypair(int argc, char** argv)
{
if (argc != 2)
{
printf("usage: ./test_ecdsa_sign [path to test vector file]\n");
exit(EXIT_FAILURE);
}
int rc;
FILE * fp = NULL;
char line[LINE_LEN];
char * linePtr = NULL;
int l1=0;
int l2=0;
char * d = NULL;
const char* dStr = "d = ";
octet dOct;
char Qx[EGS];
const char* QxStr = "Qx = ";
octet QxOct = {EGS,EGS,Qx};
char Qy[EGS];
const char* QyStr = "Qy = ";
octet QyOct = {EGS,EGS,Qy};
char q2[2*EFS+1];
octet Q2Oct= {0,sizeof(q2),q2};
fp = fopen(argv[1], "r");
if (fp == NULL)
{
printf("ERROR opening test vector file\n");
exit(EXIT_FAILURE);
}
bool readLine = false;
int i=0;
while (fgets(line, LINE_LEN, fp) != NULL)
{
i++;
readLine = true;
if (!strncmp(line, dStr, strlen(dStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
// Find hex value in string
linePtr = line + strlen(dStr);
// Allocate memory
l1 = strlen(linePtr)-1;
l2 = l1/2;
d = (char*) malloc (l2);
if (d==NULL)
exit(EXIT_FAILURE);
// d binary value
amcl_hex2bin(linePtr, d, l1);
dOct.len=l2;
dOct.max=l2;
dOct.val=d;
}
if (!strncmp(line, QxStr, strlen(QxStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
// Find hex value in string
linePtr = line + strlen(QxStr);
// Allocate data
l1 = strlen(linePtr)-1;
// Qx binary value
amcl_hex2bin(linePtr, Qx, l1);
}
if (!strncmp(line, QyStr, strlen(QyStr)))
{
#ifdef DEBUG
printf("line %d %s\n", i,line);
#endif
// Find hex value in string
linePtr = line + strlen(QyStr);
// Allocate data
l1 = strlen(linePtr)-1;
// Qy binary value
amcl_hex2bin(linePtr, Qy, l1);
// Assign Public Key
BIG qx, qy;
char q[2*EFS+1];
BIG_fromBytes(qx,QxOct.val);
BIG_fromBytes(qy,QyOct.val);
octet QOct= {sizeof(q),sizeof(q),q};
QOct.val[0]=4;
BIG_toBytes(&(QOct.val[1]),qx);
BIG_toBytes(&(QOct.val[EFS+1]),qy);
// Generate Key pair
ECP_KEY_PAIR_GENERATE(NULL,&dOct,&Q2Oct);
#ifdef DEBUG
printf("QOct: ");
OCT_output(&QOct);
printf("\r\n");
printf("Q2Oct: ");
OCT_output(&Q2Oct);
printf("\r\n");
#endif
rc = OCT_comp(&QOct,&Q2Oct);
if (!rc)
{
printf("TEST ECDSA KEYPAIR FAILED LINE %d\n",i);
exit(EXIT_FAILURE);
}
free(d);
d = NULL;
}
}
fclose(fp);
if (!readLine)
{
printf("ERROR Empty test vector file\n");
exit(EXIT_FAILURE);
}
printf("SUCCESS TEST ECDSA KEYPAIR PASSED\n");
exit(EXIT_SUCCESS);
}
int main()
{
char* KT="feffe9928665731c6d6a8f9467308308";
char* MT="d9313225f88406e5a55909c5aff5269a86a7a9531534f7da2e4c303d8a318a721c3c0c95956809532fcf0e2449a6b525b16aedf5aa0de657ba637b39";
char* HT="feedfacedeadbeeffeedfacedeadbeefabaddad2";
char* NT="9313225df88406e555909c5aff5269aa6a7a9538534f7da1e4c303d2a318a728c3c0c95156809539fcf0e2429a6b525416aedbf5a0de6a57a637b39b";
// Tag should be 619cc5aefffe0bfa462af43c1699d050
int lenM=strlen(MT)/2;
int lenH=strlen(HT)/2;
int lenK=strlen(KT)/2;
int lenIV=strlen(NT)/2;
char t1[16]; // Tag
char t2[16]; // Tag
char k[16]; // AES Key
char h[64]; // Header - to be included in Authentication, but not encrypted
char iv[100]; // IV - Initialisation vector
char m[100]; // Plaintext to be encrypted/authenticated
char c[100]; // Ciphertext
char p[100]; // Recovered Plaintext
octet T1= {sizeof(t1),sizeof(t1),t1};
octet T2= {sizeof(t2),sizeof(t2),t2};
octet K= {0,sizeof(k),k};
octet H= {0,sizeof(h),h};
octet IV= {0,sizeof(iv),iv};
octet M= {0,sizeof(m),m};
octet C= {0,sizeof(c),c};
octet P= {0,sizeof(p),p};
M.len=lenM;
K.len=lenK;
H.len=lenH;
IV.len=lenIV;
hex2bytes(MT, m);
hex2bytes(HT, h);
hex2bytes(NT, iv);
hex2bytes(KT, k);
printf("Plaintext: ");
OCT_output(&M);
printf("\n");
AES_GCM_ENCRYPT(&K, &IV, &H, &M, &C, &T1);
printf("Ciphertext: ");
OCT_output(&C);
printf("\n");
printf("Encryption Tag: ");
OCT_output(&T1);
printf("\n");
AES_GCM_DECRYPT(&K, &IV, &H, &C, &P, &T2);
printf("Plaintext: ");
OCT_output(&P);
printf("\n");
printf("Decryption Tag: ");
OCT_output(&T2);
printf("\n");
if (!OCT_comp(&M,&P))
{
printf("FAILURE Decryption\n");
return 1;
}
if (!OCT_comp(&T1,&T2))
{
printf("FAILURE TAG mismatch\n");
return 1;
}
printf("SUCCESS\n");
return 0;
}
int main()
{
int i,j=0,res;
int result;
unsigned long ran;
char *pp="M0ng00se";
/* These octets are automatically protected against buffer overflow attacks */
/* Note salt must be big enough to include an appended word */
/* Note ECIES ciphertext C must be big enough to include at least 1 appended block */
/* Recall EFS is field size in bytes. So EFS=32 for 256-bit curve */
char s0[EGS],s1[EGS],w0[2*EFS+1],w1[2*EFS+1],z0[EFS],z1[EFS],raw[100],key[EAS],salt[32],pw[20];
octet S0={0,sizeof(s0),s0};
octet S1={0,sizeof(s1),s1};
octet W0={0,sizeof(w0),w0};
octet W1={0,sizeof(w1),w1};
octet Z0={0,sizeof(z0),z0};
octet Z1={0,sizeof(z1),z1};
octet RAW={0,sizeof(raw),raw};
octet KEY={0,sizeof(key),key};
octet SALT={0,sizeof(salt),salt};
octet PW={0,sizeof(pw),pw};
/* Crypto Strong RNG */
csprng RNG;
time((time_t *)&ran);
/* fake random seed source */
RAW.len=100;
RAW.val[0]=ran;
RAW.val[1]=ran>>8;
RAW.val[2]=ran>>16;
RAW.val[3]=ran>>24;
for (i=4;i<100;i++) RAW.val[i]=i;
CREATE_CSPRNG(&RNG,&RAW); /* initialise strong RNG */
SALT.len=8;
for (i=0;i<8;i++) SALT.val[i]=i+1; // set Salt
printf("Alice's Passphrase= %s\n",pp);
OCT_clear(&PW);
OCT_jstring(&PW,pp); // set Password from string
/* private key S0 of size EGS bytes derived from Password and Salt */
PBKDF2(&PW,&SALT,1000,EGS,&S0);
printf("Alices private key= 0x"); OCT_output(&S0);
/* Generate Key pair S/W */
ECP_KEY_PAIR_GENERATE(NULL,&S0,&W0);
res=ECP_PUBLIC_KEY_VALIDATE(1,&W0);
if (res!=0)
{
printf("Alice's ECP Public Key is invalid!\n");
return 1;
}
printf("Alice's public key= 0x"); OCT_output(&W0);
/* Random private key for other party */
ECP_KEY_PAIR_GENERATE(&RNG,&S1,&W1);
printf("Servers private key= 0x"); OCT_output(&S1);
printf("Servers public key= 0x"); OCT_output(&W1);
res=ECP_PUBLIC_KEY_VALIDATE(1,&W1);
if (res!=0)
{
printf("Server's ECP Public Key is invalid!\n");
return 1;
}
/* Calculate common key using DH - IEEE 1363 method */
ECPSVDP_DH(&S0,&W1,&Z0);
ECPSVDP_DH(&S1,&W0,&Z1);
if (!OCT_comp(&Z0,&Z1))
{
printf("*** ECPSVDP-DH Failed\n");
return 1;
}
KDF2(&Z0,NULL,EAS,&KEY);
printf("Alice's DH Key= 0x"); OCT_output(&KEY);
printf("Servers DH Key= 0x"); OCT_output(&KEY);
printf("SUCCESS\n");
return 0;
}
