int rsa_test()
{
byte tmp[1024], tmp2[2048];
size_t bytes, bytes2;
RsaKey key;
RNG rng;
word32 idx = 0;
int ret;
byte in[] = "Everyone gets Friday off.";
word32 inLen = (word32)strlen((char*)in);
byte out[64];
byte plain[64];
DecodedCert cert;
FILE* file = fopen(clientKey, "rb"), * file2;
if (!file)
return -40;
bytes = fread(tmp, 1, 1024, file);
InitRsaKey(&key, 0);
ret = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
if (ret != 0) return -41;
ret = InitRng(&rng);
if (ret != 0) return -42;
ret = RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng);
ret = RsaPrivateDecrypt(out, 64, plain, sizeof(plain), &key);
if (memcmp(plain, in, inLen)) return -45;
ret = RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
memset(plain, 0, sizeof(plain));
ret = RsaSSL_Verify(out, 64, plain, sizeof(plain), &key);
if (memcmp(plain, in, ret)) return -46;
file2 = fopen(clientCert, "rb");
if (!file2)
return -47;
bytes2 = fread(tmp2, 1, 2048, file2);
InitDecodedCert(&cert, (byte*)&tmp2, 0);
ret = ParseCert(&cert, (word32)bytes2, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) return -48;
FreeDecodedCert(&cert);
FreeRsaKey(&key);
fclose(file2);
fclose(file);
return 0;
}
/* RSA Public Encrypt */
int CRYPT_RSA_PublicEncrypt(CRYPT_RSA_CTX* rsa, unsigned char* out,
unsigned int outSz, const unsigned char* in,
unsigned int inSz, CRYPT_RNG_CTX* rng)
{
if (rsa == NULL || in == NULL || out == NULL || rng == NULL)
return BAD_FUNC_ARG;
return RsaPublicEncrypt(in, inSz, out, outSz, (RsaKey*)rsa->holder,
(WC_RNG*)rng);
}
void bench_rsa(void)
{
int i;
byte tmp[3072];
size_t bytes;
word32 idx = 0;
byte message[] = "Everyone gets Friday off.";
byte enc[512]; /* for up to 4096 bit */
byte* output;
const int len = (int)strlen((char*)message);
double start, total, each, milliEach;
RsaKey rsaKey;
FILE* file = fopen("./certs/rsa2048.der", "rb");
if (!file) {
printf("can't find ./certs/rsa2048.der, "
"Please run from CyaSSL home dir\n");
return;
}
InitRng(&rng);
bytes = fread(tmp, 1, sizeof(tmp), file);
InitRsaKey(&rsaKey, 0);
bytes = RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes);
start = current_time();
for (i = 0; i < times; i++)
bytes = RsaPublicEncrypt(message,len,enc,sizeof(enc), &rsaKey, &rng);
total = current_time() - start;
each = total / times; /* per second */
milliEach = each * 1000; /* milliseconds */
printf("RSA 2048 encryption took %6.2f milliseconds, avg over %d"
" iterations\n", milliEach, times);
start = current_time();
for (i = 0; i < times; i++)
RsaPrivateDecryptInline(enc, (word32)bytes, &output, &rsaKey);
total = current_time() - start;
each = total / times; /* per second */
milliEach = each * 1000; /* milliseconds */
printf("RSA 2048 decryption took %6.2f milliseconds, avg over %d"
" iterations\n", milliEach, times);
fclose(file);
FreeRsaKey(&rsaKey);
}
void bench_rsa()
{
int i;
byte tmp[1024];
size_t bytes;
word32 idx = 0;
byte message[] = "Everyone gets Friday off.";
byte cipher[128]; /* for 1024 bit */
byte plain[128]; /* for 1024 bit */
const int len = (int)strlen((char*)message);
double start, total, each, milliEach;
RsaKey key;
FILE* file = fopen("./rsa1024.der", "rb");
if (!file) {
printf("can't find ./rsa1024.der\n");
return;
}
bytes = fread(tmp, 1, 1024, file);
InitRsaKey(&key, 0);
bytes = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
start = current_time();
for (i = 0; i < times; i++)
RsaPublicEncrypt(message, len, cipher, sizeof(cipher), &key, &rng);
total = current_time() - start;
each = total / times; /* per second */
milliEach = each * 1000; /* milliseconds */
printf("RSA 1024 encryption took %6.2f milliseconds, avg over %d"
" iterations\n", milliEach, times);
start = current_time();
for (i = 0; i < times; i++)
RsaPrivateDecrypt(cipher, 128, plain, sizeof(plain), &key);
total = current_time() - start;
each = total / times; /* per second */
milliEach = each * 1000; /* milliseconds */
printf("RSA 1024 decryption took %6.2f milliseconds, avg over %d"
" iterations\n", milliEach, times);
fclose(file);
FreeRsaKey(&key);
}
/* check mcapi rsa */
static int check_rsa(void)
{
CRYPT_RSA_CTX mcRsa;
RsaKey defRsa;
int ret;
int ret2;
unsigned int keySz = (unsigned int)sizeof(client_key_der_1024);
unsigned int idx = 0;
byte out1[256];
byte out2[256];
InitRsaKey(&defRsa, NULL);
ret = CRYPT_RSA_Initialize(&mcRsa);
if (ret != 0) {
printf("mcapi rsa init failed\n");
return -1;
}
ret = CRYPT_RSA_PrivateKeyDecode(&mcRsa, client_key_der_1024, keySz);
if (ret != 0) {
printf("mcapi rsa private key decode failed\n");
return -1;
}
ret = RsaPrivateKeyDecode(client_key_der_1024, &idx, &defRsa, keySz);
if (ret != 0) {
printf("default rsa private key decode failed\n");
return -1;
}
ret = CRYPT_RSA_PublicEncrypt(&mcRsa, out1, sizeof(out1), ourData,
RSA_TEST_SIZE, &mcRng);
if (ret < 0) {
printf("mcapi rsa public encrypt failed\n");
return -1;
}
ret2 = RsaPublicEncrypt(ourData, RSA_TEST_SIZE, out2, sizeof(out2),
&defRsa, &defRng);
if (ret2 < 0) {
printf("default rsa public encrypt failed\n");
return -1;
}
if (ret != ret2) {
printf("default rsa public encrypt sz != mcapi sz\n");
return -1;
}
if (ret != CRYPT_RSA_EncryptSizeGet(&mcRsa)) {
printf("mcapi encrypt sz get != mcapi sz\n");
return -1;
}
ret = CRYPT_RSA_PrivateDecrypt(&mcRsa, out2, sizeof(out2), out1, ret);
if (ret < 0) {
printf("mcapi rsa private derypt failed\n");
return -1;
}
if (ret != RSA_TEST_SIZE) {
printf("mcapi rsa private derypt plain size wrong\n");
return -1;
}
if (memcmp(out2, ourData, ret) != 0) {
printf("mcapi rsa private derypt plain text bad\n");
return -1;
}
FreeRsaKey(&defRsa);
ret = CRYPT_RSA_Free(&mcRsa);
if (ret != 0) {
printf("mcapi rsa free failed\n");
return -1;
}
printf("rsa mcapi test passed\n");
return 0;
}
void bench_rsa(void)
{
int i;
int ret;
byte tmp[3072];
size_t bytes;
word32 idx = 0;
byte message[] = "Everyone gets Friday off.";
byte enc[512]; /* for up to 4096 bit */
const int len = (int)strlen((char*)message);
double start, total, each, milliEach;
RsaKey rsaKey;
int rsaKeySz = 2048; /* used in printf */
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, rsa_key_der_1024, sizeof_rsa_key_der_1024);
bytes = sizeof_rsa_key_der_1024;
rsaKeySz = 1024;
#elif defined(USE_CERT_BUFFERS_2048)
XMEMCPY(tmp, rsa_key_der_2048, sizeof_rsa_key_der_2048);
bytes = sizeof_rsa_key_der_2048;
#else
FILE* file = fopen(certRSAname, "rb");
if (!file) {
printf("can't find %s, Please run from CyaSSL home dir\n", certRSAname);
return;
}
bytes = fread(tmp, 1, sizeof(tmp), file);
fclose(file);
#endif /* USE_CERT_BUFFERS */
#ifdef HAVE_CAVIUM
if (RsaInitCavium(&rsaKey, CAVIUM_DEV_ID) != 0)
printf("RSA init cavium failed\n");
#endif
ret = InitRng(&rng);
if (ret < 0) {
printf("InitRNG failed\n");
return;
}
ret = InitRsaKey(&rsaKey, 0);
if (ret < 0) {
printf("InitRsaKey failed\n");
return;
}
ret = RsaPrivateKeyDecode(tmp, &idx, &rsaKey, (word32)bytes);
start = current_time(1);
for (i = 0; i < ntimes; i++)
ret = RsaPublicEncrypt(message,len,enc,sizeof(enc), &rsaKey, &rng);
total = current_time(0) - start;
each = total / ntimes; /* per second */
milliEach = each * 1000; /* milliseconds */
printf("RSA %d encryption took %6.3f milliseconds, avg over %d"
" iterations\n", rsaKeySz, milliEach, ntimes);
if (ret < 0) {
printf("Rsa Public Encrypt failed\n");
return;
}
start = current_time(1);
for (i = 0; i < ntimes; i++) {
byte out[512]; /* for up to 4096 bit */
RsaPrivateDecrypt(enc, (word32)ret, out, sizeof(out), &rsaKey);
}
total = current_time(0) - start;
each = total / ntimes; /* per second */
milliEach = each * 1000; /* milliseconds */
printf("RSA %d decryption took %6.3f milliseconds, avg over %d"
" iterations\n", rsaKeySz, milliEach, ntimes);
FreeRsaKey(&rsaKey);
#ifdef HAVE_CAVIUM
RsaFreeCavium(&rsaKey);
#endif
}
int rsa_test()
{
byte tmp[1024], tmp2[2048];
size_t bytes, bytes2;
RsaKey key;
RNG rng;
word32 idx = 0;
int ret;
byte in[] = "Everyone gets Friday off.";
word32 inLen = (word32)strlen((char*)in);
byte out[64];
byte plain[64];
DecodedCert cert;
FILE* file = fopen(clientKey, "rb"), * file2;
if (!file)
return -40;
bytes = fread(tmp, 1, 1024, file);
InitRsaKey(&key, 0);
ret = RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes);
if (ret != 0) return -41;
ret = InitRng(&rng);
if (ret != 0) return -42;
ret = RsaPublicEncrypt(in, inLen, out, sizeof(out), &key, &rng);
ret = RsaPrivateDecrypt(out, 64, plain, sizeof(plain), &key);
if (memcmp(plain, in, inLen)) return -45;
ret = RsaSSL_Sign(in, inLen, out, sizeof(out), &key, &rng);
memset(plain, 0, sizeof(plain));
ret = RsaSSL_Verify(out, 64, plain, sizeof(plain), &key);
if (memcmp(plain, in, ret)) return -46;
file2 = fopen(clientCert, "rb");
if (!file2)
return -47;
bytes2 = fread(tmp2, 1, 2048, file2);
InitDecodedCert(&cert, (byte*)&tmp2, 0);
ret = ParseCert(&cert, (word32)bytes2, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0) return -48;
FreeDecodedCert(&cert);
fclose(file2);
fclose(file);
#ifdef CYASSL_KEY_GEN
{
byte der[4096];
byte pem[4096];
word32 derSz = 0;
word32 pemSz = 0;
RsaKey derIn;
RsaKey genKey;
FILE* keyFile;
FILE* pemFile;
InitRsaKey(&genKey, 0);
ret = MakeRsaKey(&genKey, 1024, 65537, &rng);
if (ret != 0)
return -301;
derSz = RsaKeyToDer(&genKey, der, sizeof(der));
if (derSz < 0)
return -302;
keyFile = fopen("./ker.der", "wb");
if (!keyFile)
return -303;
ret = fwrite(der, derSz, 1, keyFile);
fclose(keyFile);
pemSz = DerToPem(der, derSz, pem, sizeof(pem), PRIVATEKEY_TYPE);
if (pemSz < 0)
return -304;
pemFile = fopen("./key.pem", "wb");
if (!pemFile)
return -305;
ret = fwrite(pem, pemSz, 1, pemFile);
fclose(pemFile);
InitRsaKey(&derIn, 0);
idx = 0;
ret = RsaPrivateKeyDecode(der, &idx, &derIn, derSz);
if (ret != 0)
return -306;
}
#endif /* CYASSL_KEY_GEN */
#ifdef CYASSL_CERT_GEN
{
Cert myCert;
byte derCert[4096];
byte pem[4096];
DecodedCert decode;
FILE* derFile;
FILE* pemFile;
int certSz;
int pemSz;
InitCert(&myCert);
strncpy(myCert.subject.country, "US", NAME_SIZE);
strncpy(myCert.subject.state, "OR", NAME_SIZE);
strncpy(myCert.subject.locality, "Portland", NAME_SIZE);
strncpy(myCert.subject.org, "yaSSL", NAME_SIZE);
strncpy(myCert.subject.unit, "Development", NAME_SIZE);
strncpy(myCert.subject.commonName, "www.yassl.com", NAME_SIZE);
strncpy(myCert.subject.email, "*****@*****.**", NAME_SIZE);
certSz = MakeCert(&myCert, derCert, sizeof(derCert), &key, &rng);
if (certSz < 0)
return -401;
InitDecodedCert(&decode, derCert, 0);
ret = ParseCert(&decode, certSz, CERT_TYPE, NO_VERIFY, 0);
if (ret != 0)
return -402;
derFile = fopen("./cert.der", "wb");
if (!derFile)
return -403;
ret = fwrite(derCert, certSz, 1, derFile);
fclose(derFile);
pemSz = DerToPem(derCert, certSz, pem, sizeof(pem), CERT_TYPE);
if (pemSz < 0)
return -404;
pemFile = fopen("./cert.pem", "wb");
if (!pemFile)
return -405;
ret = fwrite(pem, pemSz, 1, pemFile);
fclose(pemFile);
FreeDecodedCert(&decode);
}
#endif /* CYASSL_CERT_GEN */
FreeRsaKey(&key);
return 0;
}
/* create ASN.1 fomatted RecipientInfo structure, returns sequence size */
CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz,
int keyEncAlgo, int blockKeySz,
RNG* rng, byte* contentKeyPlain,
byte* contentKeyEnc,
int* keyEncSz, byte* out, word32 outSz)
{
word32 idx = 0;
int ret = 0, totalSz = 0;
int verSz, issuerSz, snSz, keyEncAlgSz;
int issuerSeqSz, recipSeqSz, issuerSerialSeqSz;
int encKeyOctetStrSz;
byte ver[MAX_VERSION_SZ];
byte serial[MAX_SN_SZ];
byte issuerSerialSeq[MAX_SEQ_SZ];
byte recipSeq[MAX_SEQ_SZ];
byte issuerSeq[MAX_SEQ_SZ];
byte keyAlgArray[MAX_ALGO_SZ];
byte encKeyOctetStr[MAX_OCTET_STR_SZ];
RsaKey pubKey;
DecodedCert decoded;
InitDecodedCert(&decoded, (byte*)cert, certSz, 0);
ret = ParseCert(&decoded, CA_TYPE, NO_VERIFY, 0);
if (ret < 0) {
FreeDecodedCert(&decoded);
return ret;
}
/* version */
verSz = SetMyVersion(0, ver, 0);
/* IssuerAndSerialNumber */
if (decoded.issuerRaw == NULL || decoded.issuerRawLen == 0) {
CYASSL_MSG("DecodedCert lacks raw issuer pointer and length");
FreeDecodedCert(&decoded);
return -1;
}
issuerSz = decoded.issuerRawLen;
issuerSeqSz = SetSequence(issuerSz, issuerSeq);
if (decoded.serial == NULL || decoded.serialSz == 0) {
CYASSL_MSG("DecodedCert missing serial number");
FreeDecodedCert(&decoded);
return -1;
}
snSz = SetSerialNumber(decoded.serial, decoded.serialSz, serial);
issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz,
issuerSerialSeq);
/* KeyEncryptionAlgorithmIdentifier, only support RSA now */
if (keyEncAlgo != RSAk)
return ALGO_ID_E;
keyEncAlgSz = SetAlgoID(keyEncAlgo, keyAlgArray, keyType, 0);
if (keyEncAlgSz == 0)
return BAD_FUNC_ARG;
/* EncryptedKey */
ret = InitRsaKey(&pubKey, 0);
if (ret != 0) return ret;
if (RsaPublicKeyDecode(decoded.publicKey, &idx, &pubKey,
decoded.pubKeySize) < 0) {
CYASSL_MSG("ASN RSA key decode error");
return PUBLIC_KEY_E;
}
*keyEncSz = RsaPublicEncrypt(contentKeyPlain, blockKeySz, contentKeyEnc,
MAX_ENCRYPTED_KEY_SZ, &pubKey, rng);
FreeRsaKey(&pubKey);
if (*keyEncSz < 0) {
CYASSL_MSG("RSA Public Encrypt failed");
return *keyEncSz;
}
encKeyOctetStrSz = SetOctetString(*keyEncSz, encKeyOctetStr);
/* RecipientInfo */
recipSeqSz = SetSequence(verSz + issuerSerialSeqSz + issuerSeqSz +
issuerSz + snSz + keyEncAlgSz + encKeyOctetStrSz +
*keyEncSz, recipSeq);
if (recipSeqSz + verSz + issuerSerialSeqSz + issuerSeqSz + snSz +
keyEncAlgSz + encKeyOctetStrSz + *keyEncSz > (int)outSz) {
CYASSL_MSG("RecipientInfo output buffer too small");
return BUFFER_E;
}
XMEMCPY(out + totalSz, recipSeq, recipSeqSz);
totalSz += recipSeqSz;
XMEMCPY(out + totalSz, ver, verSz);
totalSz += verSz;
XMEMCPY(out + totalSz, issuerSerialSeq, issuerSerialSeqSz);
totalSz += issuerSerialSeqSz;
XMEMCPY(out + totalSz, issuerSeq, issuerSeqSz);
totalSz += issuerSeqSz;
XMEMCPY(out + totalSz, decoded.issuerRaw, issuerSz);
totalSz += issuerSz;
XMEMCPY(out + totalSz, serial, snSz);
totalSz += snSz;
XMEMCPY(out + totalSz, keyAlgArray, keyEncAlgSz);
totalSz += keyEncAlgSz;
XMEMCPY(out + totalSz, encKeyOctetStr, encKeyOctetStrSz);
totalSz += encKeyOctetStrSz;
XMEMCPY(out + totalSz, contentKeyEnc, *keyEncSz);
totalSz += *keyEncSz;
FreeDecodedCert(&decoded);
return totalSz;
}
