int decode_function_m31(char *publicKey1, char *publicKey2, char *encryptStr, int encryptStrLen, char *source)
{
mpnumber pubKey1, cipher, decipher;
mpbarrett mpbar;
unsigned char encryptStrHex[256+1];
char publicKey1Hex[256+1];
char temp[256+1];
unsigned char buff[1024];
memset(encryptStrHex, 0, 256+1);
Str2Hex__((unsigned char*)encryptStr, 128, encryptStrHex);
memset(publicKey1Hex, 0, 256+1);
Str2Hex__((unsigned char*)publicKey1, 128, publicKey1Hex);
mpnzero(&pubKey1);
mpnzero(&cipher);
mpnzero(&decipher);
mpbzero(&mpbar);
mpnsethex(&pubKey1, publicKey2);
mpnsethex(&cipher, encryptStrHex);
mpbsethex(&mpbar, publicKey1Hex);
if( rsapub( &mpbar ,&pubKey1 , &cipher, &decipher) )
return -1;
memset(temp, 0, 256+1);
getHexFromMPW(decipher.size, decipher.data, temp);
memset(buff, 0, 1024);
Hex2Str__((unsigned char*)temp, 256, buff);
memcpy(source, buff, 128);
return 1;
}
int dlkp_pInit(dlkp_p* kp)
{
if (dldp_pInit(&kp->param) < 0)
return -1;
mpnzero(&kp->y);
mpnzero(&kp->x);
return 0;
}
int dldp_pInit(dldp_p* dp)
{
mpbzero(&dp->p);
mpbzero(&dp->q);
mpnzero(&dp->g);
mpnzero(&dp->r);
mpbzero(&dp->n);
return 0;
}
int dldp_pgoqMake(dldp_p* dp, randomGeneratorContext* rgc, size_t pbits, size_t qbits, int cofactor)
{
/*
* Generate parameters as described by IEEE P1363, A.16.1
*/
register size_t psize = MP_BITS_TO_WORDS(pbits + MP_WBITS - 1);
register mpw* temp = (mpw*) malloc((8*psize+2) * sizeof(mpw));
if (temp)
{
/* first generate q */
mpprnd_w(&dp->q, rgc, qbits, mpptrials(qbits), (const mpnumber*) 0, temp);
/* generate p with the appropriate congruences */
mpprndconone_w(&dp->p, rgc, pbits, mpptrials(pbits), &dp->q, (const mpnumber*) 0, &dp->r, cofactor, temp);
/* clear n */
mpbzero(&dp->n);
/* clear g */
mpnzero(&dp->g);
dldp_pgoqGenerator_w(dp, rgc, temp);
free(temp);
return 0;
}
return -1;
}
int main()
{
int i, failures = 0;
dlkp_p keypair;
mpnumber hm, r, s, k, e_r, e_s;
for (i = 0; i < NVECTORS; i++)
{
dlkp_pInit(&keypair);
mpbsethex(&keypair.param.p, table[i].p);
mpbsethex(&keypair.param.q, table[i].q);
mpnsethex(&keypair.param.g, table[i].g);
mpnsethex(&keypair.y, table[i].y);
mpnzero(&hm);
mpnsethex(&hm, table[i].m);
mpnzero(&e_r);
mpnzero(&e_s);
mpnsethex(&e_r, table[i].r);
mpnsethex(&e_s, table[i].s);
mpnzero(&r);
mpnzero(&s);
/* first test, verify the signature result from NIST FIPS 186-1 */
if (!dsavrfy(&keypair.param.p, &keypair.param.q, &keypair.param.g, &hm, &keypair.y, &e_r, &e_s))
failures++;
mpnfree(&s);
mpnfree(&r);
mpnfree(&hm);
mpnfree(&e_s);
mpnfree(&e_r);
dlkp_pFree(&keypair);
}
return failures;
}
int dlpk_pInit(dlpk_p* pk)
{
if (dldp_pInit(&pk->param) < 0)
return -1;
mpnzero(&pk->y);
return 0;
}
int main()
{
int i, failures = 0;
mpnumber m;
mpnumber k;
mpnumber inv_k;
mpnumber inv;
mpnzero(&m);
mpnzero(&k);
mpnzero(&inv_k);
mpnzero(&inv);
for (i = 0; i < NVECTORS; i++)
{
mpnsethex(&m, table[i].m);
mpnsethex(&k, table[i].k);
mpnsethex(&inv_k, table[i].inv_k);
if (mpninv(&inv, &k, &m))
{
if (mpnex(inv.size, inv.data, inv_k.size, inv_k.data))
{
printf("mpninv return unexpected result\n");
failures++;
}
}
else
{
printf("mpninv failed\n");
failures++;
}
}
mpnfree(&m);
mpnfree(&k);
mpnfree(&inv_k);
mpnfree(&inv);
return failures;
}
int
main(int argc, char *argv[])
{
poptContext optCon = poptGetContext(argv[0], argc, argv, optionsTable, 0);
mpbarrett q;
mpnumber s;
size_t qsize;
mpw* qtemp;
mpw* qwksp;
int rc;
int i;
while ((rc = poptGetNextOpt(optCon)) > 0) {
switch (rc) {
default:
/*@switchbreak@*/ break;
}
}
mpbzero(&q); mpbsethex(&q, dsa_q);
qsize = q.size;
qtemp = malloc((13*qsize+13) * sizeof(*qtemp));
qwksp = qtemp+2*qsize;
for (i = 0; i < 9; i++) {
if (dsa_s[i] == NULL) break;
fprintf(stderr, "================================================== %d\n", i);
fprintf(stderr, " s: %s\n", dsa_s[i]);
mpnzero(&s); mpnsethex(&s, dsa_s[i]);
fprintf(stderr, "-------------------------------------------------- %d\n", i);
rc = Xmpbinv_w(&q, s.size, s.data, qtemp, qwksp);
fprintf(stderr, "BeeCrypt: "); mpfprintln(stderr, qsize, qtemp);
fprintf(stderr, "-------------------------------------------------- %d\n", i);
rc = Ympbinv_w(&q, s.size, s.data, qtemp, qwksp);
fprintf(stderr, " Knuth: "); mpfprintln(stderr, qsize, qtemp);
fprintf(stderr, "-------------------------------------------------- %d\n", i);
rc = Zmpbinv_w(&q, s.size, s.data, qtemp, qwksp);
fprintf(stderr, " Brent: "); mpfprintln(stderr, qsize, qtemp);
fprintf(stderr, "-------------------------------------------------- %d\n", i);
fprintf(stderr, " q: %s\n", dsa_q);
fprintf(stderr, " s: %s\n", dsa_s[i]);
fprintf(stderr, " GOOD: %s\n", dsa_w_good[i]);
fprintf(stderr, " BAD: %s\n", dsa_w_bad[i]);
}
return 0;
}
int main()
{
dldp_p params;
mpnumber gq;
javalong start, now;
int iterations = 0;
dldp_pInit(¶ms);
mpbsethex(¶ms.p, hp);
mpbsethex(¶ms.q, hq);
mpnsethex(¶ms.g, hg);
mpnzero(&gq);
/* get starting time */
start = timestamp();
do
{
mpbnpowmod(¶ms.p, ¶ms.g, (mpnumber*) ¶ms.q, &gq);
now = timestamp();
iterations++;
} while (now < (start + (SECONDS * ONE_SECOND)));
mpnfree(&gq);
printf("(%d bits ^ %d bits) mod (%d bits): %d times in %d seconds\n",
(int) mpbits(params.g.size, params.g.data),
(int) mpbits(params.q.size, params.q.modl),
(int) mpbits(params.p.size, params.p.modl),
iterations,
SECONDS);
dldp_pFree(¶ms);
return 0;
}
int encode_function_beecrpt(V6_AUTHENTICATION_REQUEST_T in, V6_AUTHENTICATION_RESULT_T *out)
{
char rsa_m[256+1];
char temp[256+1];
char buff[1024];
char confirm[1024];
unsigned char un_buff[128+1];
int len=0, file_folder_offset=0;
int reserved_offset=0, i;
mpnumber m, cipher;
rsakp keypair;
randomGeneratorContext rngc;
if (randomGeneratorContextInit(&rngc, randomGeneratorDefault()) == 0) {
rsakpInit(&keypair);
rsakpMake(&keypair, &rngc, 1024);
//Set publicKey1
memset(temp, 0, 256+1);
getHexFromMPW(keypair.n.size, keypair.n.modl, temp);
printLog(HEAD_KEY, "(**)UUID(%.48s)PRODUCT_ID(%.18s) ==> PUBLIC_KEY1(%s)\n", in.uuid, in.product, temp);
memset(buff, 0, 1024);
Hex2Str__((unsigned char*)temp, 256, (unsigned char*)buff);
memcpy(out->decKey1, buff, 128);
//Set publicKey2
memcpy(out->decKey2, "10001", 5);
//Logging privateKey
memset(temp, 0, 256+1);
getHexFromMPW(keypair.d.size, keypair.d.data, temp);
printLog(HEAD_KEY, "(**)UUID(%.48s)PRODUCT_ID(%.18s) ==> PRIVATE_KEY(%s)\n", in.uuid, in.product, temp);
memset(un_buff, 0, 128+1); len = 0;
memcpy(&un_buff[len], in.uuid, UUID_SIZE-2); len += UUID_SIZE-2;
memcpy(&un_buff[len], in.device_type, DEVICE_TYPE_SIZE); len += DEVICE_TYPE_SIZE;
memcpy(&un_buff[len], in.register_version, REGISTER_VERSION_SIZE); len += REGISTER_VERSION_SIZE;
memcpy(&un_buff[len], in.app_version, APP_VERSION_SIZE); len += APP_VERSION_SIZE;
memcpy(&un_buff[len], in.app_build_num, APP_BUILD_NUM_SIZE); len += APP_BUILD_NUM_SIZE;
memcpy(&un_buff[len], in.map_version, MAP_VER_SIZE); len += MAP_VER_SIZE;
memcpy(&un_buff[len], in.os_version, OS_VER_SIZE_M31); len += OS_VER_SIZE_M31;
//in order not to alter m31-device's decoding function released at interface 3 protocol(0x15)
file_folder_offset = len; len += FILE_SIZE;
memcpy(&un_buff[len], in.expire_date, EXPIRE_DATE_SIZE); len += EXPIRE_DATE_SIZE;
reserved_offset = len;
for(i=0; i<in.reqEncCnt; i++) {
//Set changing part(file size, reserved)
memcpy(&un_buff[file_folder_offset], in.AuthFileInfo[i].file_size, FILE_SIZE);
memcpy(&un_buff[reserved_offset], in.AuthFileInfo[i].reserved, RESERVED_SIZE);
memset(rsa_m, 0, 256+1);
Str2Hex__(un_buff, 128, (unsigned char *)rsa_m);
mpnzero(&m);
mpnzero(&cipher);
mpnsethex(&m, rsa_m);
if( rsapri(&keypair.n, &keypair.d, &m, &cipher) != 0 )
return -1;
//Set encryptStr
memset(temp, 0, 256+1);
getHexFromMPW(cipher.size, cipher.data, temp);
printLog(HEAD_KEY, "(%.2d)UUID(%.48s)PRODUCT_ID(%.18s) ==> ENCRYPT_STR(%s)\n",i, in.uuid, in.product, temp);
memset(buff, 0, 1024);
Hex2Str__((unsigned char*)temp, 256, (unsigned char*)buff);
memcpy(out->AuthResultData[i].encStr, buff, 128);
// 검증용..
decode_function_m31(out->decKey1, out->decKey2, out->AuthResultData[i].encStr, confirm);
if(memcmp(un_buff, confirm, 128) != 0) {
printLog(HEAD, "ERR::ENCODINGINPUT(%s)OUTPUT(%s) not same\n", un_buff, confirm);
mpnfree(&cipher);
mpnfree(&m);
rsakpFree(&keypair);
randomGeneratorContextFree(&rngc);
out->resultCnt = 0;
return -1;
}
// free mpn objects
mpnfree(&cipher);
mpnfree(&m);
}
out->resultCnt = i;
// free rsakp object & random generator context
rsakpFree(&keypair);
randomGeneratorContextFree(&rngc);
return 1;
}
return -1;
}
int main(int argc, char * argv[])
{
int i = 0, failures = 0;
char buf[8192] = {0};
rsakp keypair;
mpnumber m, cipher, decipher;
randomGeneratorContext rngc;
if (randomGeneratorContextInit(&rngc, randomGeneratorDefault()) == 0)
{
/* First we do the fixed value verification */
rsakpInit(&keypair);
mpbsethex(&keypair.n, rsa_n);
mpnsethex(&keypair.e, rsa_e);
mpnsethex(&keypair.d, rsa_d);
mpnzero(&m);
mpnzero(&cipher);
mpnzero(&decipher);
if ( argv[1][0] == '-' && argv[1][1] == 'm') {
mpnsetbin(&m, (argv[1] + 2), strlen(argv[1]) - 2);
} else if ( argv[1][0] == '-' && argv[1][1] == 'h') {
_hex_snprintf(buf, strlen(argv[1]) - 2, argv[1] + 2, sizeof(char));
mpnsethex(&m, buf);
}
printf("message:%s\n", argv[1] + 2);
hex_dump((char *) m.data, m.size << 2);
printf("\npublic:%d\n", (int) * keypair.e.data);
hex_dump((char *) keypair.e.data, keypair.e.size << 2);
/* it's safe to cast the keypair to a public key */
if ( rsapub(&keypair.n, &keypair.e, &m, &cipher) ) {
failures++;
}
printf("\ncipher:\n");
hex_dump((char *) cipher.data, cipher.size << 2);
i = mpntobin(buf, &cipher, 0);
printf("\ncipher mpntobin:%d\n", i);
hex_dump(buf, i);
if ( rsapri(&keypair.n, &keypair.d, &cipher, &decipher) ) {
failures++;
}
printf("\ndecipher:%s\n", (char *) decipher.data);
hex_dump((char *) decipher.data, decipher.size << 2);
_hex_snprintf(buf, decipher.size * sizeof(mpw), (char *) decipher.data, sizeof(mpw));
printf("\n_snprintf (%dbytes):\n%s\n", decipher.size << 2, buf);
i = mpntobin(buf, &decipher, 0);
printf("\nmpntobin:%d\n", i);
hex_dump(buf, i);
i = mpntobin(buf, &decipher, (strlen(argv[1])-2));
printf("\nmpntobin intercept:%d\n%s\n", i, buf);
hex_dump(buf, i);
mpntohex(buf, & decipher);
printf("\nmpntohex:(%d)%s\n", decipher.size << 2, buf);
mpnfree(&decipher);
mpnfree(&cipher);
mpnfree(&m);
rsakpFree(&keypair);
randomGeneratorContextFree(&rngc);
}
return failures;
}
int main( int argc, char **argv ) {
FILE *secblock;
unsigned char packetType;
unsigned short packetLen;
unsigned char buffer[4096];
unsigned char hexrep[8192];
// for CRT computation
mpbarrett psubone, qsubone;
// for testing
mpnumber m, cipher, decipher, holder;
rsakp keypair;
size_t bits = 2048;
size_t pbits = (bits+1) >> 1;
size_t qbits = (bits - pbits);
size_t psize = MP_BITS_TO_WORDS(pbits+MP_WBITS-1);
size_t qsize = MP_BITS_TO_WORDS(qbits+MP_WBITS-1);
size_t pqsize = psize+qsize;
mpw* temp = (mpw*) malloc((16*pqsize+6)*sizeof(mpw));
if( argc < 2 ) {
printf( "usage: %s <secblock>\n", argv[0] );
exit( 1 );
}
mpbzero(&psubone);
mpbzero(&qsubone);
secblock = fopen(argv[1], "rb");
if( secblock == NULL ) {
printf( "Can't open %s\n", argv[1] );
exit(0);
}
packetType = fgetc(secblock);
packetLen = 0;
//big endianness...
big16read(&packetLen, secblock);
printf( "Packet type: 0x%02X\n", packetType );
printf( "Packet length: %04d\n", (int) packetLen );
// skip ahead six bytes, this includes key generation time and other attributes
fread( buffer, 6, 1, secblock);
rsakpInit(&keypair);
big16read(&packetLen, secblock);
printf( "n Packet length: %02d bits, %02d bytes\n", (int) packetLen, (int) bytesFromMpn(packetLen) );
printf( "offset: %x\n", ftell( secblock ) );
fread( buffer, bytesFromMpn(packetLen), 1, secblock );
mpbsetbin(&keypair.n, buffer, bytesFromMpn(packetLen));
mpprintln(packetLen/32, keypair.n.modl);
big16read(&packetLen, secblock);
printf( "e Packet length: %02d bits, %02d bytes\n", (int) packetLen, (int) bytesFromMpn(packetLen) );
printf( "offset: %x\n", ftell( secblock ) );
fread( buffer, bytesFromMpn(packetLen), 1, secblock );
mpnsetbin(&keypair.e, buffer, bytesFromMpn(packetLen));
mpprintln(keypair.e.size, keypair.e.data);
packetType = fgetc(secblock);
if( packetType == 0 ) {
printf( "secret data is plaintext\n" );
} else {
printf( "secret data is encrypted\n" );
}
big16read(&packetLen, secblock);
printf( "d Packet length: %02d bits, %02d bytes\n", (int) packetLen, (int) bytesFromMpn(packetLen) );
printf( "offset: %x\n", ftell( secblock ) );
fread( buffer, bytesFromMpn(packetLen), 1, secblock );
mpnsetbin(&keypair.d, buffer, bytesFromMpn(packetLen));
mpprintln(keypair.d.size, keypair.d.data);
big16read(&packetLen, secblock);
printf( "p Packet length: %02d bits, %02d bytes\n", (int) packetLen, (int) bytesFromMpn(packetLen) );
printf( "offset: %x\n", ftell( secblock ) );
fread( buffer, bytesFromMpn(packetLen), 1, secblock );
mpbsetbin(&keypair.p, buffer, bytesFromMpn(packetLen));
mpprintln(packetLen/32, keypair.p.modl);
big16read(&packetLen, secblock);
printf( "q Packet length: %02d bits, %02d bytes\n", (int) packetLen, (int) bytesFromMpn(packetLen) );
printf( "offset: %x\n", ftell( secblock ) );
fread( buffer, bytesFromMpn(packetLen), 1, secblock );
mpbsetbin(&keypair.q, buffer, bytesFromMpn(packetLen));
mpprintln(packetLen/32, keypair.q.modl);
big16read(&packetLen, secblock);
printf( "mystery packet length: %02d bits, %02d bytes\n", (int) packetLen, (int) bytesFromMpn(packetLen) );
printf( "offset: %x\n", ftell( secblock ) );
fread( buffer, bytesFromMpn(packetLen), 1, secblock );
mpnzero(&holder);
mpnsetbin(&holder, buffer, bytesFromMpn(packetLen));
mpprintln(holder.size, holder.data);
fread( buffer, 4, 1, secblock ); // advance by two bytes
printf( "offset: %x\n", ftell( secblock ) );
fread( buffer, bytesFromMpn(packetLen), 1, secblock );
printf( "%s\n", buffer );
#ifdef USE_CRT
// compute CRT elements
/* compute p-1 */
mpbsubone(&keypair.p, temp);
mpbset(&psubone, psize, temp);
/* compute q-1 */
mpbsubone(&keypair.q, temp);
mpbset(&qsubone, qsize, temp);
/* compute dp = d mod (p-1) */
mpnsize(&keypair.dp, psize);
mpbmod_w(&psubone, keypair.d.data, keypair.dp.data, temp);
/* compute dq = d mod (q-1) */
mpnsize(&keypair.dq, qsize);
mpbmod_w(&qsubone, keypair.d.data, keypair.dq.data, temp);
/* compute qi = inv(q) mod p */
mpninv(&keypair.qi, (mpnumber*) &keypair.q, (mpnumber*) &keypair.p);
#endif
// now test
mpnzero(&m);
mpnzero(&cipher);
mpnzero(&decipher);
mpnsethex(&m, "d436e99569fd32a7c8a05bbc90d32c49");
printf( "Original: " );
mpprintln(m.size, m.data);
rsapub(&keypair.n, &keypair.e, &m, &cipher);
printf( "Encrypted: " );
mpprintln(cipher.size, cipher.data);
#ifdef USE_CRT
rsapricrt(&keypair.n, &keypair.p, &keypair.q, &keypair.dp, &keypair.dq, &keypair.qi, &cipher, &decipher);
#else
rsapri(&keypair.n, &keypair.d, &cipher, &decipher);
#endif
printf( "Recovered: " );
mpprintln(decipher.size, decipher.data);
if (mpnex(m.size, m.data, decipher.size, decipher.data))
printf ( "results don't match\n" );
else
printf ( "before and after encyrption sizes match\n" );
printf( "special test routine for STM32 validation\n" );
mpnzero(&cipher);
mpnzero(&decipher);
mpnsethex(&cipher, "6fa1bf55e15b47f4662f86e8fc7fadf0dc02c603c20c1090096fdbeafbd56897794ee106d0fcd8a58392ee7e14fd4e15b49c4adb02f0eebeb9587e9823e9e11048c1754c5e6ba273a08c35dd68f72bf4758b8c31dee196f683298cdbd259c28976c1459058c37be29b52589f3919dcb41cf57fd0c64796a056702be8c1f7574a005cad8b0aedb8f833d1fcfe5383b6d6695d766cc1a9a3413f7609fa18b0a1214486f8fec17febd3f4cbc177dd6f26568b715249853280c570e2ef8519f51fe78fb1978061a48fcc6730fb24e365120b54e6f4e2c3815997176167456b2a2b8f1a13b66967765fc42d4aeec2b4f8211e54ba9cbbbbfdd8ac7b2f20af8d44cd68" );
printf( "Decrypting: " );
mpprintln(cipher.size, cipher.data);
rsapub(&keypair.n, &keypair.e, &cipher, &decipher);
printf( "Recovered: " );
mpprintln(decipher.size, decipher.data);
free(temp);
return 0;
}
void doInteraction() {
char *cmd;
// i/o
opRec oprec;
unsigned char dataStr[256];
// aes
aesParam aesparam;
byte aesSrc[16];
byte aesDst[16];
// rsa
rsakp keypair;
mpnumber m, cipher, signature;
// sha1
byte digest[20];
char digestHex[41];
sha1Param sha1param;
int i;
oprec.data = dataStr;
oprec.dataLen = MAXDATLEN;
while(1) {
// reset the data string
for( i = 0; i < MAXDATLEN; i++ ) {
oprec.data[i] = '0';
}
oprec.dataLen = MAXDATLEN;
// grab the string and parse it
cmd = getString();
if(parseString(cmd, &oprec) != 1) {
oprec.dataLen = MAXDATLEN;
continue;
}
switch(oprec.cipherType) {
case CH_AES:
for( i = 0; i < 16; i++ ) {
aesSrc[i] = 0;
}
if(aesSetup(&aesparam, AESkeyTable[oprec.keyIndex].key, 128, oprec.opType == CH_ENCRYPT ? ENCRYPT : DECRYPT ))
continue;
fromhex(aesSrc, oprec.data);
if( oprec.opType == CH_ENCRYPT ) {
if( aesEncrypt(&aesparam, (uint32_t *)aesDst, (uint32_t *)aesSrc) )
continue;
} else {
if( aesDecrypt(&aesparam, (uint32_t *)aesDst, (uint32_t *)aesSrc) )
continue;
}
for( i = 0; i < 16; i++ ) {
printf("%02X", aesDst[i] );
}
printf( "\n" );
break;
case CH_SGN:
// init sha1
if( sha1Reset( &sha1param ) )
continue;
if( sha1Update( &sha1param, oprec.data, oprec.dataLen ))
continue;
if( sha1Digest( &sha1param, digest ) )
continue;
// digest now contains the 160-bit message we want to sign
toHex(digest, digestHex, 20);
// digestHex now has the correct large number representation of the message
#if TESTING
fprintf( stderr, "sha1 of message: %s\n", digestHex );
#endif
// init rsa
rsakpInit(&keypair);
mpbsethex(&keypair.n, RSAkeyTable[oprec.keyIndex].rsa_n);
mpnsethex(&keypair.e, RSAkeyTable[oprec.keyIndex].rsa_e);
mpbsethex(&keypair.p, RSAkeyTable[oprec.keyIndex].rsa_p);
mpbsethex(&keypair.q, RSAkeyTable[oprec.keyIndex].rsa_q);
mpnsethex(&keypair.dp, RSAkeyTable[oprec.keyIndex].rsa_dp);
mpnsethex(&keypair.dq, RSAkeyTable[oprec.keyIndex].rsa_dq);
mpnsethex(&keypair.qi, RSAkeyTable[oprec.keyIndex].rsa_qi);
mpnzero(&m);
mpnzero(&cipher);
mpnzero(&signature);
mpnsethex(&m, digestHex);
// we are now all set to do the signing
// need to:
// write signing alg here
// make test case
// this link is very helpful in writing this code:
// http://tools.ietf.org/html/rfc3447#page-12
rsapricrt(&keypair.n, &keypair.p, &keypair.q, &keypair.dp, &keypair.dq, &keypair.qi, &m, &signature);
for( i = 0; i < signature.size; i++ ) {
printf("%08X", signature.data[i] );
}
printf( "\n" );
#if TESTING
mpnfree(&m);
mpnzero(&m);
rsapub(&keypair.n, &keypair.e, &signature, &m);
for( i = 0; i < m.size; i++ ) {
printf("%08X", m.data[i] );
}
printf( "\n" );
#endif
rsakpFree(&keypair);
break;
case CH_VRF:
rsakpInit(&keypair);
mpbsethex(&keypair.n, RSAkeyTable[oprec.keyIndex].rsa_n);
mpnsethex(&keypair.e, RSAkeyTable[oprec.keyIndex].rsa_e);
mpbsethex(&keypair.p, RSAkeyTable[oprec.keyIndex].rsa_p);
mpbsethex(&keypair.q, RSAkeyTable[oprec.keyIndex].rsa_q);
mpnsethex(&keypair.dp, RSAkeyTable[oprec.keyIndex].rsa_dp);
mpnsethex(&keypair.dq, RSAkeyTable[oprec.keyIndex].rsa_dq);
mpnsethex(&keypair.qi, RSAkeyTable[oprec.keyIndex].rsa_qi);
mpnzero(&m);
mpnzero(&cipher);
mpnzero(&signature);
mpnsethex(&m, oprec.data);
rsapub(&keypair.n, &keypair.e, &m, &cipher);
for( i = 0; i < cipher.size; i++ )
printf("%08X", cipher.data[i]);
printf( "\n" );
break;
case CH_SHA:
// init sha1
if( sha1Reset( &sha1param ) )
continue;
if( sha1Update( &sha1param, oprec.data, oprec.dataLen ))
continue;
if( sha1Digest( &sha1param, digest ) )
continue;
// digest now contains the 160-bit message we want to sign
toHex(digest, digestHex, 20);
printf( "%s\n", digestHex );
break;
default:
fprintf( stderr, "unknown cipher type caught.\n" );
} // switch
// prevent the leak!
#if (TESTING == 0)
if( cmd != NULL )
free(cmd);
#endif
} // while
}
int
main(int argc, char *argv[])
{
pgpImplVecs_t * testImplVecs = &rpmnssImplVecs;
pgpDig dig;
pgpDigParams pubp;
rpmbc bc;
int printing = -1;
int rc;
pgpImplVecs = &rpmbcImplVecs;
dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pubp = pgpGetPubkey(dig);
bc = dig->impl;
mpbzero(&bc->p); mpbsethex(&bc->p, fips_p);
mpbzero(&bc->q); mpbsethex(&bc->q, fips_q);
mpnzero(&bc->g); mpnsethex(&bc->g, fips_g);
mpnzero(&bc->y); mpnsethex(&bc->y, fips_y);
mpnzero(&bc->r); mpnsethex(&bc->r, fips_r);
mpnzero(&bc->s); mpnsethex(&bc->s, fips_s);
mpnzero(&bc->hm); mpnsethex(&bc->hm, fips_hm);
pubp->pubkey_algo = PGPPUBKEYALGO_DSA; /* XXX assert? */
rc = pgpImplVerify(dig);
fprintf(stderr, "=============================== DSA FIPS-186-1: rc %d\n", rc);
dig = pgpDigFree(dig);
pgpImplVecs = testImplVecs;
dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pubp = pgpGetPubkey(dig);
_pgp_debug = 1;
_pgp_print = 1;
fprintf(stderr, "=============================== DSA Public Key\n");
if ((rc = doit(DSApub, dig, printing)) != 0)
fprintf(stderr, "==> FAILED: rc %d\n", rc);
fprintf(stderr, "=============================== DSA Signature of \"%s\"\n", str);
if ((rc = doit(DSAsig, dig, printing)) != 0)
fprintf(stderr, "==> FAILED: rc %d\n", rc);
{ DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
pgpDigParams dsig = pgpGetSignature(dig);
rpmDigestUpdate(ctx, str, strlen(str));
rpmDigestUpdate(ctx, dsig->hash, dsig->hashlen);
(void) pgpImplSetDSA(ctx, dig, dsig);
}
pubp->pubkey_algo = PGPPUBKEYALGO_DSA; /* XXX assert? */
rc = pgpImplVerify(dig);
fprintf(stderr, "=============================== DSA verify: rc %d\n", rc);
dig = pgpDigFree(dig);
pgpImplVecs = testImplVecs;
dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pubp = pgpGetPubkey(dig);
_pgp_debug = 1;
_pgp_print = 1;
fprintf(stderr, "=============================== RSA Public Key\n");
if ((rc = doit(RSApub, dig, printing)) != 0)
fprintf(stderr, "==> FAILED: rc %d\n", rc);
fprintf(stderr, "=============================== RSA Signature of \"%s\"\n", str);
if ((rc = doit(RSAsig, dig, printing)) != 0)
fprintf(stderr, "==> FAILED: rc %d\n", rc);
{ DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA1, RPMDIGEST_NONE);
pgpDigParams dsig = pgpGetSignature(dig);
rpmDigestUpdate(ctx, str, strlen(str));
rpmDigestUpdate(ctx, dsig->hash, dsig->hashlen);
(void) pgpImplSetRSA(ctx, dig, dsig);
}
pubp->pubkey_algo = PGPPUBKEYALGO_RSA; /* XXX assert? */
rc = pgpImplVerify(dig);
fprintf(stderr, "=============================== RSA verify: rc %d\n", rc);
dig = pgpDigFree(dig);
pgpImplVecs = testImplVecs;
dig = pgpDigNew(RPMVSF_DEFAULT, 0);
pubp = pgpGetPubkey(dig);
_pgp_debug = 1;
_pgp_print = 1;
fprintf(stderr, "=============================== ECDSA Public Key\n");
if ((rc = doit(ECDSApub, dig, printing)) != 0)
fprintf(stderr, "==> FAILED: rc %d\n", rc);
fprintf(stderr, "=============================== ECDSA Signature of \"%s\"\n", str);
if ((rc = doit(ECDSAsig, dig, printing)) != 0)
fprintf(stderr, "==> FAILED: rc %d\n", rc);
{ DIGEST_CTX ctx = rpmDigestInit(PGPHASHALGO_SHA256, RPMDIGEST_NONE);
pgpDigParams dsig = pgpGetSignature(dig);
rpmDigestUpdate(ctx, str, strlen(str));
rpmDigestUpdate(ctx, dsig->hash, dsig->hashlen);
(void) pgpImplSetECDSA(ctx, dig, dsig);
}
pubp->pubkey_algo = PGPPUBKEYALGO_ECDSA; /* XXX assert? */
rc = pgpImplVerify(dig);
fprintf(stderr, "=============================== ECDSA verify: rc %d\n", rc);
dig = pgpDigFree(dig);
if (pgpImplVecs == &rpmsslImplVecs)
NSS_Shutdown();
return rc;
}
int main()
{
int failures = 0;
rsakp keypair;
mpnumber m, cipher, decipher;
randomGeneratorContext rngc;
if (randomGeneratorContextInit(&rngc, randomGeneratorDefault()) == 0)
{
/* First we do the fixed value verification */
rsakpInit(&keypair);
mpbsethex(&keypair.n, rsa_n);
mpnsethex(&keypair.e, rsa_e);
mpbsethex(&keypair.p, rsa_p);
mpbsethex(&keypair.q, rsa_q);
mpnsethex(&keypair.dp, rsa_d1);
mpnsethex(&keypair.dq, rsa_d2);
mpnsethex(&keypair.qi, rsa_c);
mpnzero(&m);
mpnzero(&cipher);
mpnzero(&decipher);
mpnsethex(&m, rsa_m);
/* it's safe to cast the keypair to a public key */
if (rsapub(&keypair.n, &keypair.e, &m, &cipher))
failures++;
if (rsapricrt(&keypair.n, &keypair.p, &keypair.q, &keypair.dp, &keypair.dq, &keypair.qi, &cipher, &decipher))
failures++;
if (mpnex(m.size, m.data, decipher.size, decipher.data))
failures++;
mpnfree(&decipher);
mpnfree(&cipher);
mpnfree(&m);
rsakpFree(&keypair);
mpnzero(&m);
mpnzero(&cipher);
mpnzero(&decipher);
/* Now we generate a keypair and do some tests on it */
rsakpMake(&keypair, &rngc, 512);
/* generate a random m in the range 0 < m < n */
mpbnrnd(&keypair.n, &rngc, &m);
/* it's safe to cast the keypair to a public key */
if (rsapub(&keypair.n, &keypair.e, &m, &cipher))
failures++;
if (rsapricrt(&keypair.n, &keypair.p, &keypair.q, &keypair.dp, &keypair.dq, &keypair.qi, &cipher, &decipher))
failures++;
if (mpnex(m.size, m.data, decipher.size, decipher.data))
failures++;
rsakpFree(&keypair);
}
return failures;
}
