int dldp_pInit(dldp_p* dp)
{
mpbzero(&dp->p);
mpbzero(&dp->q);
mpnzero(&dp->g);
mpnzero(&dp->r);
mpbzero(&dp->n);
return 0;
}
int decode_function_m31(char *publicKey1, char *publicKey2, char *encryptStr, int encryptStrLen, char *source)
{
mpnumber pubKey1, cipher, decipher;
mpbarrett mpbar;
unsigned char encryptStrHex[256+1];
char publicKey1Hex[256+1];
char temp[256+1];
unsigned char buff[1024];
memset(encryptStrHex, 0, 256+1);
Str2Hex__((unsigned char*)encryptStr, 128, encryptStrHex);
memset(publicKey1Hex, 0, 256+1);
Str2Hex__((unsigned char*)publicKey1, 128, publicKey1Hex);
mpnzero(&pubKey1);
mpnzero(&cipher);
mpnzero(&decipher);
mpbzero(&mpbar);
mpnsethex(&pubKey1, publicKey2);
mpnsethex(&cipher, encryptStrHex);
mpbsethex(&mpbar, publicKey1Hex);
if( rsapub( &mpbar ,&pubKey1 , &cipher, &decipher) )
return -1;
memset(temp, 0, 256+1);
getHexFromMPW(decipher.size, decipher.data, temp);
memset(buff, 0, 1024);
Hex2Str__((unsigned char*)temp, 256, buff);
memcpy(source, buff, 128);
return 1;
}
int dldp_pgoqMakeSafe(dldp_p* dp, randomGeneratorContext* rgc, size_t bits)
{
/*
* Generate parameters with a safe prime; p = 2q+1 i.e. r=2
*
*/
register size_t size = MP_BITS_TO_WORDS(bits + MP_WBITS - 1);
register mpw* temp = (mpw*) malloc((8*size+2) * sizeof(mpw));
if (temp)
{
/* generate p */
mpprndsafe_w(&dp->p, rgc, bits, mpptrials(bits), temp);
/* set q */
mpcopy(size, temp, dp->p.modl);
mpdivtwo(size, temp);
mpbset(&dp->q, size, temp);
/* set r = 2 */
mpnsetw(&dp->r, 2);
/* clear n */
mpbzero(&dp->n);
dldp_pgoqGenerator_w(dp, rgc, temp);
free(temp);
return 0;
}
return -1;
}
int dldp_pgoqMake(dldp_p* dp, randomGeneratorContext* rgc, size_t pbits, size_t qbits, int cofactor)
{
/*
* Generate parameters as described by IEEE P1363, A.16.1
*/
register size_t psize = MP_BITS_TO_WORDS(pbits + MP_WBITS - 1);
register mpw* temp = (mpw*) malloc((8*psize+2) * sizeof(mpw));
if (temp)
{
/* first generate q */
mpprnd_w(&dp->q, rgc, qbits, mpptrials(qbits), (const mpnumber*) 0, temp);
/* generate p with the appropriate congruences */
mpprndconone_w(&dp->p, rgc, pbits, mpptrials(pbits), &dp->q, (const mpnumber*) 0, &dp->r, cofactor, temp);
/* clear n */
mpbzero(&dp->n);
/* clear g */
mpnzero(&dp->g);
dldp_pgoqGenerator_w(dp, rgc, temp);
free(temp);
return 0;
}
return -1;
}
void mpprndsafe_w(mpbarrett* p, randomGeneratorContext* rc, size_t bits, int t, mpw* wksp)
{
/*
* Initialize with a probable safe prime of 'size' words, with probability factor t
*
* A safe prime p has the property that p = 2q+1, where q is also prime
* Use for ElGamal type schemes, where a generator of order (p-1) is required
*/
size_t size = MP_BITS_TO_WORDS(bits + MP_WBITS - 1);
mpbinit(p, size);
if (p->modl != (mpw*) 0)
{
mpbarrett q;
mpbzero(&q);
mpbinit(&q, size);
while (1)
{
/*
* Generate a random appropriate candidate prime, and test
* it with small prime divisor test BEFORE computing mu
*/
mpprndbits(p, bits, 2, (mpnumber*) 0, (mpnumber*) 0, rc, wksp);
mpcopy(size, q.modl, p->modl);
mpdivtwo(size, q.modl);
/* do a small prime product trial division on q */
if (!mppsppdiv_w(&q, wksp))
continue;
/* do a small prime product trial division on p */
if (!mppsppdiv_w(p, wksp))
continue;
/* candidate prime has passed small prime division test for p and q */
mpbmu_w(&q, wksp);
if (!mppmilrab_w(&q, rc, t, wksp))
continue;
mpbmu_w(p, wksp);
if (!mppmilrab_w(p, rc, t, wksp))
continue;
mpbfree(&q);
return;
}
}
}
int
main(int argc, char *argv[])
{
poptContext optCon = poptGetContext(argv[0], argc, argv, optionsTable, 0);
mpbarrett q;
mpnumber s;
size_t qsize;
mpw* qtemp;
mpw* qwksp;
int rc;
int i;
while ((rc = poptGetNextOpt(optCon)) > 0) {
switch (rc) {
default:
/*@switchbreak@*/ break;
}
}
mpbzero(&q); mpbsethex(&q, dsa_q);
qsize = q.size;
qtemp = malloc((13*qsize+13) * sizeof(*qtemp));
qwksp = qtemp+2*qsize;
for (i = 0; i < 9; i++) {
if (dsa_s[i] == NULL) break;
fprintf(stderr, "================================================== %d\n", i);
fprintf(stderr, " s: %s\n", dsa_s[i]);
mpnzero(&s); mpnsethex(&s, dsa_s[i]);
fprintf(stderr, "-------------------------------------------------- %d\n", i);
rc = Xmpbinv_w(&q, s.size, s.data, qtemp, qwksp);
fprintf(stderr, "BeeCrypt: "); mpfprintln(stderr, qsize, qtemp);
fprintf(stderr, "-------------------------------------------------- %d\n", i);
rc = Ympbinv_w(&q, s.size, s.data, qtemp, qwksp);
fprintf(stderr, " Knuth: "); mpfprintln(stderr, qsize, qtemp);
fprintf(stderr, "-------------------------------------------------- %d\n", i);
rc = Zmpbinv_w(&q, s.size, s.data, qtemp, qwksp);
fprintf(stderr, " Brent: "); mpfprintln(stderr, qsize, qtemp);
fprintf(stderr, "-------------------------------------------------- %d\n", i);
fprintf(stderr, " q: %s\n", dsa_q);
fprintf(stderr, " s: %s\n", dsa_s[i]);
fprintf(stderr, " GOOD: %s\n", dsa_w_good[i]);
fprintf(stderr, " BAD: %s\n", dsa_w_bad[i]);
}
return 0;
}
/*
* needs workspace of (8*size+2) words
*/
void mpprndconone_w(mpbarrett* p, randomGeneratorContext* rc, size_t bits, int t, const mpbarrett* q, const mpnumber* f, mpnumber* r, int cofactor, mpw* wksp)
{
/*
* Generate a prime p with n bits such that p mod q = 1, and p = qr+1 where r = 2s
*
* Conditions: q > 2 and size(q) < size(p) and size(f) <= size(p)
*
* Conditions: r must be chosen so that r is even, otherwise p will be even!
*
* if cofactor == 0, then s will be chosen randomly
* if cofactor == 1, then make sure that q does not divide r, i.e.:
* q cannot be equal to r, since r is even, and q > 2; hence if q <= r make sure that GCD(q,r) == 1
* if cofactor == 2, then make sure that s is prime
*
* Optional input f: if f is not null, then search p so that GCD(p-1,f) = 1
*/
mpbinit(p, MP_BITS_TO_WORDS(bits + MP_WBITS - 1));
if (p->modl != (mpw*) 0)
{
size_t sbits = bits - mpbits(q->size, q->modl) - 1;
mpbarrett s;
mpbzero(&s);
mpbinit(&s, MP_BITS_TO_WORDS(sbits + MP_WBITS - 1));
while (1)
{
mpprndbits(&s, sbits, 0, (mpnumber*) 0, (mpnumber*) 0, rc, wksp);
if (cofactor == 1)
{
mpsetlsb(s.size, s.modl);
/* if (q <= s) check if GCD(q,s) != 1 */
if (mplex(q->size, q->modl, s.size, s.modl))
{
/* we can find adequate storage for computing the gcd in s->wksp */
mpsetx(s.size, wksp, q->size, q->modl);
mpgcd_w(s.size, s.modl, wksp, wksp+s.size, wksp+2*s.size);
if (!mpisone(s.size, wksp+s.size))
continue;
}
}
else if (cofactor == 2)
{
mpsetlsb(s.size, s.modl);
}
if (cofactor == 2)
{
/* do a small prime product trial division test on r */
if (!mppsppdiv_w(&s, wksp))
continue;
}
/* multiply q*s */
mpmul(wksp, s.size, s.modl, q->size, q->modl);
/* s.size + q.size may be greater than p.size by 1, but the product will fit exactly into p */
mpsetx(p->size, p->modl, s.size+q->size, wksp);
/* multiply by two and add 1 */
mpmultwo(p->size, p->modl);
mpaddw(p->size, p->modl, 1);
/* test if the product actually contains enough bits */
if (mpbits(p->size, p->modl) < bits)
continue;
/* do a small prime product trial division test on p */
if (!mppsppdiv_w(p, wksp))
continue;
/* if we have an f, do the congruence test */
if (f != (mpnumber*) 0)
{
mpcopy(p->size, wksp, p->modl);
mpsubw(p->size, wksp, 1);
mpsetx(p->size, wksp, f->size, f->data);
mpgcd_w(p->size, wksp, wksp+p->size, wksp+2*p->size, wksp+3*p->size);
if (!mpisone(p->size, wksp+2*p->size))
continue;
}
/* if cofactor is two, test if s is prime */
if (cofactor == 2)
{
mpbmu_w(&s, wksp);
if (!mppmilrab_w(&s, rc, mpptrials(sbits), wksp))
continue;
}
/* candidate has passed so far, now we do the probabilistic test on p */
mpbmu_w(p, wksp);
if (!mppmilrab_w(p, rc, t, wksp))
continue;
mpnset(r, s.size, s.modl);
mpmultwo(r->size, r->data);
mpbfree(&s);
return;
}
}
}
int main( int argc, char **argv ) {
FILE *secblock;
unsigned char packetType;
unsigned short packetLen;
unsigned char buffer[4096];
unsigned char hexrep[8192];
// for CRT computation
mpbarrett psubone, qsubone;
// for testing
mpnumber m, cipher, decipher, holder;
rsakp keypair;
size_t bits = 2048;
size_t pbits = (bits+1) >> 1;
size_t qbits = (bits - pbits);
size_t psize = MP_BITS_TO_WORDS(pbits+MP_WBITS-1);
size_t qsize = MP_BITS_TO_WORDS(qbits+MP_WBITS-1);
size_t pqsize = psize+qsize;
mpw* temp = (mpw*) malloc((16*pqsize+6)*sizeof(mpw));
if( argc < 2 ) {
printf( "usage: %s <secblock>\n", argv[0] );
exit( 1 );
}
mpbzero(&psubone);
mpbzero(&qsubone);
secblock = fopen(argv[1], "rb");
if( secblock == NULL ) {
printf( "Can't open %s\n", argv[1] );
exit(0);
}
packetType = fgetc(secblock);
packetLen = 0;
//big endianness...
big16read(&packetLen, secblock);
printf( "Packet type: 0x%02X\n", packetType );
printf( "Packet length: %04d\n", (int) packetLen );
// skip ahead six bytes, this includes key generation time and other attributes
fread( buffer, 6, 1, secblock);
rsakpInit(&keypair);
big16read(&packetLen, secblock);
printf( "n Packet length: %02d bits, %02d bytes\n", (int) packetLen, (int) bytesFromMpn(packetLen) );
printf( "offset: %x\n", ftell( secblock ) );
fread( buffer, bytesFromMpn(packetLen), 1, secblock );
mpbsetbin(&keypair.n, buffer, bytesFromMpn(packetLen));
mpprintln(packetLen/32, keypair.n.modl);
big16read(&packetLen, secblock);
printf( "e Packet length: %02d bits, %02d bytes\n", (int) packetLen, (int) bytesFromMpn(packetLen) );
printf( "offset: %x\n", ftell( secblock ) );
fread( buffer, bytesFromMpn(packetLen), 1, secblock );
mpnsetbin(&keypair.e, buffer, bytesFromMpn(packetLen));
mpprintln(keypair.e.size, keypair.e.data);
packetType = fgetc(secblock);
if( packetType == 0 ) {
printf( "secret data is plaintext\n" );
} else {
printf( "secret data is encrypted\n" );
}
big16read(&packetLen, secblock);
printf( "d Packet length: %02d bits, %02d bytes\n", (int) packetLen, (int) bytesFromMpn(packetLen) );
printf( "offset: %x\n", ftell( secblock ) );
fread( buffer, bytesFromMpn(packetLen), 1, secblock );
mpnsetbin(&keypair.d, buffer, bytesFromMpn(packetLen));
mpprintln(keypair.d.size, keypair.d.data);
big16read(&packetLen, secblock);
printf( "p Packet length: %02d bits, %02d bytes\n", (int) packetLen, (int) bytesFromMpn(packetLen) );
printf( "offset: %x\n", ftell( secblock ) );
fread( buffer, bytesFromMpn(packetLen), 1, secblock );
mpbsetbin(&keypair.p, buffer, bytesFromMpn(packetLen));
mpprintln(packetLen/32, keypair.p.modl);
big16read(&packetLen, secblock);
printf( "q Packet length: %02d bits, %02d bytes\n", (int) packetLen, (int) bytesFromMpn(packetLen) );
printf( "offset: %x\n", ftell( secblock ) );
fread( buffer, bytesFromMpn(packetLen), 1, secblock );
mpbsetbin(&keypair.q, buffer, bytesFromMpn(packetLen));
mpprintln(packetLen/32, keypair.q.modl);
big16read(&packetLen, secblock);
printf( "mystery packet length: %02d bits, %02d bytes\n", (int) packetLen, (int) bytesFromMpn(packetLen) );
printf( "offset: %x\n", ftell( secblock ) );
fread( buffer, bytesFromMpn(packetLen), 1, secblock );
mpnzero(&holder);
mpnsetbin(&holder, buffer, bytesFromMpn(packetLen));
mpprintln(holder.size, holder.data);
fread( buffer, 4, 1, secblock ); // advance by two bytes
printf( "offset: %x\n", ftell( secblock ) );
fread( buffer, bytesFromMpn(packetLen), 1, secblock );
printf( "%s\n", buffer );
#ifdef USE_CRT
// compute CRT elements
/* compute p-1 */
mpbsubone(&keypair.p, temp);
mpbset(&psubone, psize, temp);
/* compute q-1 */
mpbsubone(&keypair.q, temp);
mpbset(&qsubone, qsize, temp);
/* compute dp = d mod (p-1) */
mpnsize(&keypair.dp, psize);
mpbmod_w(&psubone, keypair.d.data, keypair.dp.data, temp);
/* compute dq = d mod (q-1) */
mpnsize(&keypair.dq, qsize);
mpbmod_w(&qsubone, keypair.d.data, keypair.dq.data, temp);
/* compute qi = inv(q) mod p */
mpninv(&keypair.qi, (mpnumber*) &keypair.q, (mpnumber*) &keypair.p);
#endif
// now test
mpnzero(&m);
mpnzero(&cipher);
mpnzero(&decipher);
mpnsethex(&m, "d436e99569fd32a7c8a05bbc90d32c49");
printf( "Original: " );
mpprintln(m.size, m.data);
rsapub(&keypair.n, &keypair.e, &m, &cipher);
printf( "Encrypted: " );
mpprintln(cipher.size, cipher.data);
#ifdef USE_CRT
rsapricrt(&keypair.n, &keypair.p, &keypair.q, &keypair.dp, &keypair.dq, &keypair.qi, &cipher, &decipher);
#else
rsapri(&keypair.n, &keypair.d, &cipher, &decipher);
#endif
printf( "Recovered: " );
mpprintln(decipher.size, decipher.data);
if (mpnex(m.size, m.data, decipher.size, decipher.data))
printf ( "results don't match\n" );
else
printf ( "before and after encyrption sizes match\n" );
printf( "special test routine for STM32 validation\n" );
mpnzero(&cipher);
mpnzero(&decipher);
mpnsethex(&cipher, "6fa1bf55e15b47f4662f86e8fc7fadf0dc02c603c20c1090096fdbeafbd56897794ee106d0fcd8a58392ee7e14fd4e15b49c4adb02f0eebeb9587e9823e9e11048c1754c5e6ba273a08c35dd68f72bf4758b8c31dee196f683298cdbd259c28976c1459058c37be29b52589f3919dcb41cf57fd0c64796a056702be8c1f7574a005cad8b0aedb8f833d1fcfe5383b6d6695d766cc1a9a3413f7609fa18b0a1214486f8fec17febd3f4cbc177dd6f26568b715249853280c570e2ef8519f51fe78fb1978061a48fcc6730fb24e365120b54e6f4e2c3815997176167456b2a2b8f1a13b66967765fc42d4aeec2b4f8211e54ba9cbbbbfdd8ac7b2f20af8d44cd68" );
printf( "Decrypting: " );
mpprintln(cipher.size, cipher.data);
rsapub(&keypair.n, &keypair.e, &cipher, &decipher);
printf( "Recovered: " );
mpprintln(decipher.size, decipher.data);
free(temp);
return 0;
}
int
main(int argc, char *argv[])
{
pgpImplVecs_t * testImplVecs = &rpmnssImplVecs;
pgpDig dig;
pgpDigParams pubp;
rpmbc bc;
int printing = -1;
int rc;
pgpImplVecs = &rpmbcImplVecs;
dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pubp = pgpGetPubkey(dig);
bc = dig->impl;
mpbzero(&bc->p); mpbsethex(&bc->p, fips_p);
mpbzero(&bc->q); mpbsethex(&bc->q, fips_q);
mpnzero(&bc->g); mpnsethex(&bc->g, fips_g);
mpnzero(&bc->y); mpnsethex(&bc->y, fips_y);
mpnzero(&bc->r); mpnsethex(&bc->r, fips_r);
mpnzero(&bc->s); mpnsethex(&bc->s, fips_s);
mpnzero(&bc->hm); mpnsethex(&bc->hm, fips_hm);
pubp->pubkey_algo = PGPPUBKEYALGO_DSA; /* XXX assert? */
rc = pgpImplVerify(dig);
fprintf(stderr, "=============================== DSA FIPS-186-1: rc %d\n", rc);
dig = pgpDigFree(dig);
pgpImplVecs = testImplVecs;
dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pubp = pgpGetPubkey(dig);
_pgp_debug = 1;
_pgp_print = 1;
fprintf(stderr, "=============================== DSA Public Key\n");
if ((rc = doit(DSApub, dig, printing)) != 0)
fprintf(stderr, "==> FAILED: rc %d\n", rc);
fprintf(stderr, "=============================== DSA Signature of \"%s\"\n", str);
if ((rc = doit(DSAsig, dig, printing)) != 0)
fprintf(stderr, "==> FAILED: rc %d\n", rc);
{ DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
pgpDigParams dsig = pgpGetSignature(dig);
rpmDigestUpdate(ctx, str, strlen(str));
rpmDigestUpdate(ctx, dsig->hash, dsig->hashlen);
(void) pgpImplSetDSA(ctx, dig, dsig);
}
pubp->pubkey_algo = PGPPUBKEYALGO_DSA; /* XXX assert? */
rc = pgpImplVerify(dig);
fprintf(stderr, "=============================== DSA verify: rc %d\n", rc);
dig = pgpDigFree(dig);
pgpImplVecs = testImplVecs;
dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pubp = pgpGetPubkey(dig);
_pgp_debug = 1;
_pgp_print = 1;
fprintf(stderr, "=============================== RSA Public Key\n");
if ((rc = doit(RSApub, dig, printing)) != 0)
fprintf(stderr, "==> FAILED: rc %d\n", rc);
fprintf(stderr, "=============================== RSA Signature of \"%s\"\n", str);
if ((rc = doit(RSAsig, dig, printing)) != 0)
fprintf(stderr, "==> FAILED: rc %d\n", rc);
{ DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
pgpDigParams dsig = pgpGetSignature(dig);
rpmDigestUpdate(ctx, str, strlen(str));
rpmDigestUpdate(ctx, dsig->hash, dsig->hashlen);
(void) pgpImplSetRSA(ctx, dig, dsig);
}
pubp->pubkey_algo = PGPPUBKEYALGO_RSA; /* XXX assert? */
rc = pgpImplVerify(dig);
fprintf(stderr, "=============================== RSA verify: rc %d\n", rc);
dig = pgpDigFree(dig);
pgpImplVecs = testImplVecs;
dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pubp = pgpGetPubkey(dig);
_pgp_debug = 1;
_pgp_print = 1;
fprintf(stderr, "=============================== ECDSA Public Key\n");
if ((rc = doit(ECDSApub, dig, printing)) != 0)
fprintf(stderr, "==> FAILED: rc %d\n", rc);
fprintf(stderr, "=============================== ECDSA Signature of \"%s\"\n", str);
if ((rc = doit(ECDSAsig, dig, printing)) != 0)
fprintf(stderr, "==> FAILED: rc %d\n", rc);
{ DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA256, RPMDIGEST_NONE);
pgpDigParams dsig = pgpGetSignature(dig);
rpmDigestUpdate(ctx, str, strlen(str));
rpmDigestUpdate(ctx, dsig->hash, dsig->hashlen);
(void) pgpImplSetECDSA(ctx, dig, dsig);
}
pubp->pubkey_algo = PGPPUBKEYALGO_ECDSA; /* XXX assert? */
rc = pgpImplVerify(dig);
fprintf(stderr, "=============================== ECDSA verify: rc %d\n", rc);
dig = pgpDigFree(dig);
if (pgpImplVecs == &rpmsslImplVecs)
NSS_Shutdown();
return rc;
}
