/** * Use PKCS1.5 for encryption/signing. * see http://www.rsasecurity.com/rsalabs/node.asp?id=2125 */ int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, uint8_t *out_data, int is_signing) { int byte_size = ctx->num_octets; int num_pads_needed = byte_size - in_len - 3; bigint *dat_bi, *encrypt_bi; /* note: in_len+11 must be > byte_size */ out_data[0] = 0; /* ensure encryption block is < modulus */ if (is_signing) { out_data[1] = 1; /* PKCS1.5 signing pads with "0xff"'s */ memset(&out_data[2], 0xff, num_pads_needed); } else /* randomize the encryption padding with non-zero bytes */ { out_data[1] = 2; if (get_random_nonzero(&out_data[2], num_pads_needed) < 0) return -1; } out_data[2 + num_pads_needed] = 0; memcpy(&out_data[3 + num_pads_needed], in_data, in_len); /* now encrypt it */ dat_bi = bi_import(ctx->bi_ctx, out_data, byte_size); encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi); bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size); /* save a few bytes of memory */ bi_clear_cache(ctx->bi_ctx); return byte_size; }
/** * @brief Use PKCS1.5 for decryption/verification. * @param ctx [in] The context * @param in_data [in] The data to decrypt (must be < modulus size-11) * @param out_data [out] The decrypted data. * @param out_len [int] The size of the decrypted buffer in bytes * @param is_decryption [in] Decryption or verify operation. * @return The number of bytes that were originally encrypted. -1 on error. * @see http://www.rsasecurity.com/rsalabs/node.asp?id=2125 */ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data, int out_len, int is_decryption) { const int byte_size = ctx->num_octets; int i = 0, size; bigint *decrypted_bi, *dat_bi; uint8_t *block = (uint8_t *)SSL_MALLOC(byte_size); int pad_count = 0; if (out_len < byte_size) /* check output has enough size */ return -1; memset(out_data, 0, out_len); /* initialise */ /* decrypt */ dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size); #ifdef CONFIG_SSL_CERT_VERIFICATION decrypted_bi = is_decryption ? /* decrypt or verify? */ RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi); #else /* always a decryption */ decrypted_bi = RSA_private(ctx, dat_bi); #endif /* convert to a normal block */ bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size); if (block[i++] != 0) /* leading 0? */ return -1; #ifdef CONFIG_SSL_CERT_VERIFICATION if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */ { if (block[i++] != 0x01) /* BT correct? */ return -1; while (block[i++] == 0xff && i < byte_size) pad_count++; } else /* PKCS1.5 encryption padding is random */ #endif { if (block[i++] != 0x02) /* BT correct? */ return -1; while (block[i++] && i < byte_size) pad_count++; } /* check separator byte 0x00 - and padding must be 8 or more bytes */ if (i == byte_size || pad_count < 8) return -1; size = byte_size - i; /* get only the bit we want */ if (size > 0) memcpy(out_data, &block[i], size); SSL_FREE(block); return size ? size : -1; }
/************************************************************************** * RSA tests * * Use the results from openssl to verify PKCS1 etc **************************************************************************/ static int RSA_test(void) { int res = 1; const char *plaintext = /* 128 byte hex number */ "1234567890abbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeeee2" "1aaaaaaaaaabbbbbbbbbbbbbbbccccccccccccccdddddddddddddeeeeeeeee2\012"; uint8_t enc_data[128], dec_data[128]; RSA_CTX *rsa_ctx = NULL; BI_CTX *bi_ctx; bigint *plaintext_bi; bigint *enc_data_bi, *dec_data_bi; uint8_t enc_data2[128], dec_data2[128]; int len; uint8_t *buf; /* extract the private key elements */ len = get_file("./axTLS.key_1024", &buf); if (asn1_get_private_key(buf, len, &rsa_ctx) < 0) { goto end; } free(buf); dump_frame("original data",(char *)plaintext, strlen(plaintext)); bi_ctx = rsa_ctx->bi_ctx; plaintext_bi = bi_import(bi_ctx, (const uint8_t *)plaintext, strlen(plaintext)); /* basic rsa encrypt */ enc_data_bi = RSA_public(rsa_ctx, plaintext_bi); bi_export(bi_ctx, bi_copy(enc_data_bi), enc_data, sizeof(enc_data)); dump_frame("encrypt data",(char *)enc_data, sizeof(enc_data)); /* basic rsa decrypt */ dec_data_bi = RSA_private(rsa_ctx, enc_data_bi); bi_export(bi_ctx, dec_data_bi, dec_data, sizeof(dec_data)); dump_frame("decrypt data",(char *)dec_data, sizeof(dec_data)); if (memcmp(dec_data, plaintext, strlen(plaintext))) { printf("Error: DECRYPT #1 failed\n"); goto end; } RSA_encrypt(rsa_ctx, (const uint8_t *)"abc", 3, enc_data2, 0); RSA_decrypt(rsa_ctx, enc_data2, dec_data2, 1); if (memcmp("abc", dec_data2, 3)) { printf("Error: ENCRYPT/DECRYPT #2 failed\n"); goto end; } RSA_free(rsa_ctx); res = 0; printf("All RSA tests passed\n"); end: return res; }
/** * @brief Use PKCS1.5 for decryption/verification. * @param ctx [in] The context * @param in_data [in] The data to encrypt (must be < modulus size-11) * @param out_data [out] The encrypted data. * @param is_decryption [in] Decryption or verify operation. * @return The number of bytes that were originally encrypted. -1 on error. * @see http://www.rsasecurity.com/rsalabs/node.asp?id=2125 */ int RSA_decrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint8_t *out_data, int is_decryption) { int byte_size = ctx->num_octets; uint8_t *block; int i, size; bigint *decrypted_bi,*dat_bi; memset(out_data, 0, byte_size); /* initialise */ /* decrypt */ dat_bi = bi_import(ctx->bi_ctx, in_data, byte_size); #ifdef CONFIG_SSL_CERT_VERIFICATION decrypted_bi = is_decryption ? /* decrypt or verify? */ RSA_private(ctx, dat_bi): RSA_public(ctx, dat_bi); #else /* always a decryption */ decrypted_bi = RSA_private(ctx, dat_bi); #endif /* convert to a normal block */ block = (uint8_t *)malloc(byte_size); bi_export(ctx->bi_ctx, decrypted_bi, block, byte_size); int o=0; for(o;o<byte_size;o++){ printf("block[%d]:0x%02x ",o,block[o]); } printf("\n"); i = 10; /* start at the first possible non-padded byte */ #ifdef CONFIG_SSL_CERT_VERIFICATION if (is_decryption == 0) /* PKCS1.5 signing pads with "0xff"s */ { while (block[i++] == 0xff && i < byte_size); if (block[i-2] != 0xff) i = byte_size; /*ensure size is 0 */ } else /* PKCS1.5 encryption padding is random */ #endif { while (block[i++] && i < byte_size); } size = byte_size - i; /* get only the bit we want */ if (size > 0) memcpy(out_data, &block[i], size); free(block); printf("size:%d\n",size); return size ? size : -1; }
/** * Use PKCS1.5 for encryption/signing. * see http://www.rsasecurity.com/rsalabs/node.asp?id=2125 */ int RSA_encrypt(const RSA_CTX *ctx, const uint8_t *in_data, uint16_t in_len, uint8_t *out_data, int is_signing) { int byte_size = ctx->num_octets;printf("byte_size:%d\n",byte_size); int num_pads_needed = byte_size-in_len-3;printf("num_pads_needed:%d\n",num_pads_needed); bigint *dat_bi, *encrypt_bi; /* note: in_len+11 must be > byte_size */ out_data[0] = 0; /* ensure encryption block is < modulus */ if (is_signing) { out_data[1] = 1; /* PKCS1.5 signing pads with "0xff"'s */ memset(&out_data[2], 0xff, num_pads_needed); } else /* randomize the encryption padding with non-zero bytes */ { out_data[1] = 2; get_random_NZ(num_pads_needed, &out_data[2]); } out_data[2+num_pads_needed] = 0; memcpy(&out_data[3+num_pads_needed], in_data, in_len); /* now encrypt it */ dat_bi = bi_import(ctx->bi_ctx, out_data, byte_size); bi_print("pre_dispose_data",dat_bi); encrypt_bi = is_signing ? RSA_private(ctx, dat_bi) : RSA_public(ctx, dat_bi); bi_export(ctx->bi_ctx, encrypt_bi, out_data, byte_size); int i=0; printf("encrypted message in uint8_t:"); for (i;i<byte_size;i++) printf("0x%02x ",out_data[i]); printf("\n\n"); return byte_size; }
int main(int argc, char *argv[]) { #ifdef CONFIG_SSL_CERT_VERIFICATION RSA_CTX *rsa_ctx = NULL; BI_CTX *ctx; bigint *bi_data, *bi_res; float diff; int res = 1; struct timeval tv_old, tv_new; const char *plaintext; uint8_t compare[MAX_KEY_BYTE_SIZE]; int i, max_biggie = 10; /* really crank performance */ int len; uint8_t *buf; /** * 512 bit key */ plaintext = /* 64 byte number */ "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"; len = get_file("../ssl/test/axTLS.key_512", &buf); asn1_get_private_key(buf, len, &rsa_ctx); ctx = rsa_ctx->bi_ctx; bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext)); bi_res = RSA_public(rsa_ctx, bi_data); bi_data = bi_res; /* reuse again */ gettimeofday(&tv_old, NULL); for (i = 0; i < max_biggie; i++) { bi_res = RSA_private(rsa_ctx, bi_copy(bi_data)); if (i < max_biggie-1) { bi_free(ctx, bi_res); } } gettimeofday(&tv_new, NULL); bi_free(ctx, bi_data); diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 + (tv_new.tv_usec-tv_old.tv_usec)/1000; printf("512 bit decrypt time: %.2fms\n", diff/max_biggie); TTY_FLUSH(); bi_export(ctx, bi_res, compare, 64); RSA_free(rsa_ctx); free(buf); if (memcmp(plaintext, compare, 64) != 0) goto end; /** * 1024 bit key */ plaintext = /* 128 byte number */ "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"; len = get_file("../ssl/test/axTLS.key_1024", &buf); rsa_ctx = NULL; asn1_get_private_key(buf, len, &rsa_ctx); ctx = rsa_ctx->bi_ctx; bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext)); bi_res = RSA_public(rsa_ctx, bi_data); bi_data = bi_res; /* reuse again */ gettimeofday(&tv_old, NULL); for (i = 0; i < max_biggie; i++) { bi_res = RSA_private(rsa_ctx, bi_copy(bi_data)); if (i < max_biggie-1) { bi_free(ctx, bi_res); } } gettimeofday(&tv_new, NULL); bi_free(ctx, bi_data); diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 + (tv_new.tv_usec-tv_old.tv_usec)/1000; printf("1024 bit decrypt time: %.2fms\n", diff/max_biggie); TTY_FLUSH(); bi_export(ctx, bi_res, compare, 128); RSA_free(rsa_ctx); free(buf); if (memcmp(plaintext, compare, 128) != 0) goto end; /** * 2048 bit key */ plaintext = /* 256 byte number */ "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"; len = get_file("../ssl/test/axTLS.key_2048", &buf); rsa_ctx = NULL; asn1_get_private_key(buf, len, &rsa_ctx); ctx = rsa_ctx->bi_ctx; bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext)); bi_res = RSA_public(rsa_ctx, bi_data); bi_data = bi_res; /* reuse again */ gettimeofday(&tv_old, NULL); for (i = 0; i < max_biggie; i++) { bi_res = RSA_private(rsa_ctx, bi_copy(bi_data)); if (i < max_biggie-1) { bi_free(ctx, bi_res); } } gettimeofday(&tv_new, NULL); bi_free(ctx, bi_data); diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 + (tv_new.tv_usec-tv_old.tv_usec)/1000; printf("2048 bit decrypt time: %.2fms\n", diff/max_biggie); TTY_FLUSH(); bi_export(ctx, bi_res, compare, 256); RSA_free(rsa_ctx); free(buf); if (memcmp(plaintext, compare, 256) != 0) goto end; /** * 4096 bit key */ plaintext = /* 512 byte number */ "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^" "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*^"; len = get_file("../ssl/test/axTLS.key_4096", &buf); rsa_ctx = NULL; asn1_get_private_key(buf, len, &rsa_ctx); ctx = rsa_ctx->bi_ctx; bi_data = bi_import(ctx, (uint8_t *)plaintext, strlen(plaintext)); gettimeofday(&tv_old, NULL); bi_res = RSA_public(rsa_ctx, bi_data); gettimeofday(&tv_new, NULL); diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 + (tv_new.tv_usec-tv_old.tv_usec)/1000; printf("4096 bit encrypt time: %.2fms\n", diff); TTY_FLUSH(); bi_data = bi_res; /* reuse again */ gettimeofday(&tv_old, NULL); for (i = 0; i < max_biggie; i++) { bi_res = RSA_private(rsa_ctx, bi_copy(bi_data)); if (i < max_biggie-1) { bi_free(ctx, bi_res); } } gettimeofday(&tv_new, NULL); bi_free(ctx, bi_data); diff = (tv_new.tv_sec-tv_old.tv_sec)*1000 + (tv_new.tv_usec-tv_old.tv_usec)/1000; printf("4096 bit decrypt time: %.2fms\n", diff/max_biggie); TTY_FLUSH(); bi_export(ctx, bi_res, compare, 512); RSA_free(rsa_ctx); free(buf); if (memcmp(plaintext, compare, 512) != 0) goto end; /* done */ printf("Bigint performance testing complete\n"); res = 0; end: return res; #else return 0; #endif }