int rsa_encrypt (const char *const private_key_name, void *input, int ilen, void **output, int *olen) {
vkprintf (3, "rsa_encrypt (private_key_name = %s, ilen = %d)\n", private_key_name, ilen);
int err = 0;
RSA *privKey = NULL;
*output = NULL;
*olen = -1;
FILE *f = fopen (private_key_name, "rb");
if (f == NULL) {
kprintf ("Couldn't open private key file: %s\n", private_key_name);
return -1;
}
privKey = PEM_read_RSAPrivateKey (f, NULL, NULL, NULL);
if (privKey == NULL) {
kprintf ("PEM_read_RSAPrivateKey returns NULL.\n");
err = -2;
goto clean;
}
fclose (f);
f = NULL;
unsigned char key[32], iv[32];
generate_aes_key (key, iv);
const int rsa_size = RSA_size (privKey);
*olen = 4 + rsa_size + 32 + ilen + AES_BLOCK_SIZE;
unsigned char *b = *output = malloc (*olen);
memcpy (b, &rsa_size, 4);
if (!RSA_private_encrypt (32, key, b + 4, privKey, RSA_PKCS1_PADDING)) {
kprintf ("RSA_private_encrypt fail.\n");
err = -3;
goto clean;
}
memcpy (b + 4 + rsa_size, iv, 32);
EVP_CIPHER_CTX e;
EVP_CIPHER_CTX_init (&e);
EVP_EncryptInit_ex (&e, EVP_aes_256_cbc(), NULL, key, iv);
int c_len, f_len;
EVP_EncryptUpdate (&e, b + 4 + rsa_size + 32, &c_len, input, ilen);
EVP_EncryptFinal_ex (&e, b + 4 + rsa_size + 32 + c_len, &f_len);
EVP_CIPHER_CTX_cleanup (&e);
int r = 4 + rsa_size + 32 + c_len + f_len;
vkprintf (3, "c_len = %d, f_len = %d\n", c_len, f_len);
assert (r <= *olen);
*olen = r;
clean:
if (f != NULL) {
fclose (f);
}
if (privKey) {
RSA_free (privKey);
}
return err;
}
/**
* Callback function to handle the sipc reg response.
*/
static gboolean
sipc_reg_cb(gint sk, gpointer user_data)
{
gchar buf[BUF_LENGTH];
gchar *digest;
gchar *nonce, *key, *aeskey;
gchar *response;
gint n;
fetion_account *ac = (fetion_account*)user_data;
if ((n = recv(sk, buf, sizeof(buf), 0)) == -1) {
hybrid_account_error_reason(ac->account, _("sipc reg error."));
return FALSE;
}
buf[n] = '\0';
hybrid_debug_info("fetion", "recv:\n%s", buf);
/* parse response, we need the key and nouce */
digest = sip_header_get_attr(buf, "W");
if (parse_sipc_reg_response(digest, &nonce, &key) != HYBRID_OK) {
g_free(digest);
return FALSE;
}
aeskey = generate_aes_key();
response = generate_response(nonce, ac->userid, ac->password, key, aeskey);
/* fill verify_data for pic confirm */
strncpy(verify_data.response, response, sizeof(verify_data.response));
/* now we start to handle the pushed messages */
ac->source = hybrid_event_add(sk, HYBRID_EVENT_READ, hybrid_push_cb, ac);
/* start sipc authencation action. */
sipc_aut_action(sk, ac, response);
g_free(digest);
g_free(nonce);
g_free(key);
g_free(aeskey);
g_free(response);
return FALSE;
}
static int rsa_test()
{
static unsigned char encrypted_buf[130];
static unsigned char decrypted_buf[34];
static unsigned char *msg;
int i=0;
for(; i<3; i++) {
msg = generate_aes_key();
log_debug(LOG_VERB, "i = %d", i);
log_debug(LOG_VERB, "AES key : %s \n", base64_encode(msg, 32));
dyn_rsa_encrypt(msg, encrypted_buf);
dyn_rsa_decrypt(encrypted_buf, decrypted_buf);
log_debug(LOG_VERB, "Decrypted message : %s \n", base64_encode(decrypted_buf, 32));
}
return 0;
}
int main() {
RSA *rsa_key = generate_rsa_keys();
unsigned char *rsa_pubkey_pem;
unsigned int pub_pem_size = rsa_publickey_to_pem(rsa_key, &rsa_pubkey_pem);
printf ("%s\n", rsa_pubkey_pem);
unsigned char *rsa_privkey_pem;
unsigned int priv_pem_size = rsa_privatekey_to_pem(rsa_key, &rsa_privkey_pem, NULL);
printf ("%s\n", rsa_privkey_pem);
printf ("RSA keys generated\n");
unsigned char *plaintext = (unsigned char *)"Hello World!";
unsigned int plaintext_length = 12;
unsigned char *encrypted_message = (unsigned char *)malloc(kBits);
printf ("beginning rsa encryption\n");
RSA *rsa_pubkey = rsa_pem_to_publickey(rsa_pubkey_pem);
unsigned int encrypted_length = rsa_encrypt_message(plaintext, plaintext_length, rsa_pubkey, &encrypted_message);
printf ("\'Hello World!\' encrypted is:\n");
printf ("%s\n", encrypted_message);
unsigned char *decrypted_message = (unsigned char *)malloc(plaintext_length*sizeof(unsigned char));
printf ("beginning rsa decryption\n");
RSA *rsa_privkey = rsa_pem_to_privatekey(rsa_privkey_pem, rsa_key);
rsa_decrypt_message(encrypted_message, encrypted_length, rsa_privkey, &decrypted_message);
printf ("The decrypted message is:\n");
printf ("%s\n", decrypted_message);
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms();
OPENSSL_config(NULL);
unsigned char *aes_key = generate_aes_key();
unsigned char *aes_iv = generate_aes_iv();
printf ("AES key and iv generated\n");
unsigned char *aes_encrypted_message = (unsigned char *)malloc(plaintext_length*(unsigned char) + AES_BLOCK_SIZE);
printf ("beginning aes encryption\n");
unsigned int aes_encrypted_length = aes_encrypt_message(plaintext, plaintext_length, aes_key, aes_iv, &aes_encrypted_message);
printf ("\'Hello World encrypted is:\n");
printf ("%s\n", aes_encrypted_message);
printf ("%u\n", aes_encrypted_length);
unsigned char *aes_decrypted_message = (unsigned char *)malloc(plaintext_length*(unsigned char) + AES_BLOCK_SIZE);
unsigned int aes_decrypted_length = aes_decrypt_message(aes_encrypted_message, aes_encrypted_length, aes_key, aes_iv, &aes_decrypted_message);
printf ("The decrypted message is:\n");
printf ("%s\n", aes_decrypted_message);
exit(EXIT_SUCCESS);
}
FX_RET_CODE fx_generate_response( __in char* sz_key, __in char* sz_nonce, \
__in char* sz_user_id, __in char* sz_password, \
__out char** sz_response )
{
FX_RET_CODE ret = FX_ERROR_OK;
int n_ret = 0, n_user_id = 0, n_total_len = 0, n_nonce_len = strlen( sz_nonce );
byte* hex_step1 = NULL, *hex_step2 = NULL, *hex_aes_key = NULL, *hex_in = NULL;
char* sz_aes_key = NULL;
if ( sz_key == NULL || sz_nonce == NULL || sz_user_id == NULL || \
sz_password == NULL )
{
return FX_ERROR_UNKOWN;
}
/*
* step 1: sha1( domain:password )
*/
ret = fx_ssi_get_v4digest_1( (byte*)FX_SHA1_DOMAIN, strlen( FX_SHA1_DOMAIN ), \
(byte*)sz_password, strlen( sz_password ), &hex_step1 );
if ( FX_ERROR_OK != ret )
{
return ret;
}
/*
* step 2: sha1( hex(user_id) + $(step 1) )
*/
n_user_id = atoi( sz_user_id );
ret = fx_ssi_get_v4digest_1( (byte*)&n_user_id, sizeof( int ), \
hex_step1, SHA1_DIGESTSIZE, &hex_step2 );
if ( FX_ERROR_OK != ret )
{
free( hex_step1 );
return ret;
}
free( hex_step1 );
/*
* step 3: rsa( nonce + $(hex_step2) + hex(sz_ase_key) )
*/
generate_aes_key( &sz_aes_key );
n_ret = hex_str_2_byte( sz_aes_key, &hex_aes_key );
if ( n_ret <= 0 )
{
free( hex_step2 );
return FX_ERROR_UNKOWN;
}
n_total_len = n_nonce_len + SHA1_DIGESTSIZE + n_ret;
hex_in = (byte*)malloc( n_total_len );
memset( hex_in, 0, n_total_len );
memcpy( hex_in, sz_nonce, n_nonce_len );
memcpy( hex_in + n_nonce_len, hex_step2, SHA1_DIGESTSIZE );
memcpy( hex_in + n_nonce_len + SHA1_DIGESTSIZE, hex_aes_key, n_ret );
n_ret = do_hash_padding( sz_key, hex_in, n_total_len, sz_response );
if ( n_ret <= 0 )
{
free( hex_step2 );
return FX_ERROR_UNKOWN;
}
free( hex_step2 );
free( sz_aes_key );
return FX_ERROR_OK;
}
