示例#1
0
/*
===============
SV_RSAGenMsg

Generate an encrypted RSA message
===============
*/
int SV_RSAGenMsg( const char *pubkey, char *cleartext, char *encrypted ) {
	struct        rsa_public_key public_key;
	mpz_t         message;
	unsigned char buffer[ RSA_KEY_LENGTH / 8 - 11 ];
	int           retval;

	Com_RandomBytes( buffer, RSA_KEY_LENGTH / 8 - 11 );

	nettle_mpz_init_set_str_256_u( message, RSA_KEY_LENGTH / 8 - 11, buffer );
	mpz_get_str( cleartext, 16, message );
	rsa_public_key_init( &public_key );
	mpz_set_ui( public_key.e, RSA_PUBLIC_EXPONENT );
	retval = mpz_set_str( public_key.n, pubkey, 16 ) + 1;
	
	if ( retval ) {
		rsa_public_key_prepare( &public_key );
		retval = rsa_encrypt( &public_key, NULL, qnettle_random, RSA_KEY_LENGTH / 8 - 11, buffer, message );
	}

	rsa_public_key_clear( &public_key );
	mpz_get_str( encrypted, 16, message );
	mpz_clear( message );

	return retval;
}
示例#2
0
/* Allocate and generate keys */
void
init_rsa_array(struct rsa_public_key **pub,struct rsa_private_key **priv)
{
      int i = 0;
      struct yarrow256_ctx yarrow;
      const char *random_name = NULL;


      for(i=0; i < aspathlen; i++) {
            yarrow256_init(&yarrow, 0, NULL);

            /* Read some data to seed the generator */
            if (!test_simple_random(&yarrow, random_name)) {
                  die("init_rsa_array :: Initialization of randomness generator failed.\n");
            }

            pub[i] = (struct rsa_public_key * ) malloc (sizeof(struct rsa_public_key));
            priv[i] = (struct rsa_private_key *) malloc (sizeof(struct rsa_private_key));
            if(!priv[i] || !pub[i])
                  die("init_rsa_array :: i = %d %s\n",strerror(errno));

            rsa_public_key_init(pub[i]);
            rsa_private_key_init(priv[i]);

            if (!rsa_generate_keypair (pub[i], priv[i],
             (void *) &yarrow, (nettle_random_func *) yarrow256_random,
             NULL, progress,KEYSIZE, ESIZE)) {
                  die("Key generation failed.\n");
            }
      }
     
      return ;      
}
static int
convert_rsa_private_key(struct nettle_buffer *buffer, unsigned length, const uint8_t *data)
{
  struct rsa_public_key pub;
  struct rsa_private_key priv;
  int res;
  
  rsa_public_key_init(&pub);
  rsa_private_key_init(&priv);

  if (rsa_keypair_from_der(&pub, &priv, 0,
			   length, data))
    {
      /* Reuses the buffer */
      nettle_buffer_reset(buffer);
      res = rsa_keypair_to_sexp(buffer, NULL, &pub, &priv);
    }
  else
    {
      werror("Invalid PKCS#1 private key.\n");
      res = 0;
    }
  rsa_public_key_clear(&pub);
  rsa_private_key_clear(&priv);

  return res;
}
示例#4
0
int
main(int argc, char **argv)
{
  struct rsa_public_key key;
  struct sha1_ctx hash;
  mpz_t s;
  
  if (argc != 3)
    {
      werror("Usage: rsa-verify PUBLIC-KEY SIGNATURE-FILE < FILE\n");
      return EXIT_FAILURE;
    }

  rsa_public_key_init(&key);
  
  if (!read_rsa_key(argv[1], &key, NULL))
    {
      werror("Invalid key\n");
      return EXIT_FAILURE;
    }

  mpz_init(s);

  if (!read_signature(argv[2], s))
    {
      werror("Failed to read signature file `%s'\n",
	      argv[2]);
      return EXIT_FAILURE;
    }
  
  sha1_init(&hash);
  if (!hash_file(&nettle_sha1, &hash, stdin))
    {
      werror("Failed reading stdin: %s\n",
	      strerror(errno));
      return 0;
    }

  if (!rsa_sha1_verify(&key, &hash, s))
    {
      werror("Invalid signature!\n");
      return EXIT_FAILURE;
    }
    
  mpz_clear(s);
  rsa_public_key_clear(&key);

  return EXIT_SUCCESS;
}
示例#5
0
int rsa_sha1_verify_fd(libsign_public_key *pub_ctx, libsign_signature *sig_ctx,
                       int fd)
{
    /* hash the data from the given fd and verify the result */
    int ret = -EINVAL;
    int num = 0;
    uint8_t buffer[512];
    struct sha1_ctx hash;
    struct rsa_public_key key;

    rsa_public_key_init(&key);

    mpz_set(key.n, pub_ctx->n);
    mpz_set(key.e, pub_ctx->e);

    rsa_public_key_prepare(&key);

    /* hash the data */
    sha1_init(&hash);
    while((num = read(fd, buffer, 512)) > 0)
        sha1_update(&hash, num, buffer);

    if(num < 0)
        goto exit;

    /* hash the hashed data from the signature */
    sha1_update(&hash, sig_ctx->hashed_data_len,
                sig_ctx->hashed_data);

    /* then hash the trailer */
    if(sig_ctx->version == PGP_SIG_VER4) {
        uint8_t trailer[6];
        /* version */
        trailer[0] = 0x04;

        trailer[1] = 0xff;

        /* big-endian length of the hashed data from
           the signature */
        trailer[5] = sig_ctx->hashed_data_len;
        trailer[4] = sig_ctx->hashed_data_len >> 8;
        trailer[3] = sig_ctx->hashed_data_len >> 16;
        trailer[2] = sig_ctx->hashed_data_len >> 24;

        sha1_update(&hash, 6, trailer);
    }
示例#6
0
void
test_main(void)
{
  struct rsa_public_key pub;
  struct rsa_private_key priv;
  const struct tstring *sexp;

  rsa_public_key_init(&pub);
  rsa_private_key_init(&priv);

  sexp = SHEX("2831313a707269766174652d6b657928"
		"333a72736128313a6e36333a085c3408"
		"989acae4faec3cbbad91c90d34c1d259"
		"cd74121a36f38b0b51424a9b2be514a0"
		"4377113a6cdafe79dd7d5f2ecc8b5e96"
		"61189b86a7b22239907c252928313a65"
		"343a36ad4b1d2928313a6436333a06ee"
		"6d4ff3c239e408150daf8117abfa36a4"
		"0ad4455d9059a86d52f33a2de07418a0"
		"a699594588c64810248c9412d554f74a"
		"f947c73c32007e87c92f0937ed292831"
		"3a7033323a03259879b24315e9cf1425"
		"4824c7935d807cdb6990f414a0f65e60"
		"65130a611f2928313a7133323a02a81b"
		"a73bad45fc73b36deffce52d1b73e074"
		"7f4d8a82648cecd310448ea63b292831"
		"3a6133323a026cbdad5dd0046e093f06"
		"0ecd5b4ac918e098b0278bb752b7cadd"
		"6a8944f0b92928313a6233323a014875"
		"1e622d6d58e3bb094afd6edacf737035"
		"1d068e2ce9f565c5528c4a7473292831"
		"3a6333323a00f8a458ea73a018dc6fa5"
		"6863e3bc6de405f364f77dee6f096267"
	      "9ea1a8282e292929");
  ASSERT(rsa_keypair_from_sexp
	 (&pub, &priv, 0, sexp->length, sexp->data));

  test_rsa_key(&pub, &priv);

  rsa_public_key_clear(&pub);
  rsa_private_key_clear(&priv);
}
/* Returns 1 on success, 0 on error, and -1 for unsupported algorithms. */
static int
convert_public_key(struct nettle_buffer *buffer, unsigned length, const uint8_t *data)
{
  /* SubjectPublicKeyInfo ::= SEQUENCE {
         algorithm		AlgorithmIdentifier,
	 subjectPublicKey 	BIT STRING
     }

     AlgorithmIdentifier ::= SEQUENCE {
         algorithm  	OBJECT IDENTIFIER,
	 parameters 	OPTIONAL
     }
  */
  struct asn1_der_iterator i;
  struct asn1_der_iterator j;
  int res = 0;

  if (asn1_der_iterator_first(&i, length, data) == ASN1_ITERATOR_CONSTRUCTED
      && i.type == ASN1_SEQUENCE
      && asn1_der_decode_constructed_last(&i) == ASN1_ITERATOR_CONSTRUCTED
      && i.type == ASN1_SEQUENCE

      /* Use the j iterator to parse the algorithm identifier */
      && asn1_der_decode_constructed(&i, &j) == ASN1_ITERATOR_PRIMITIVE
      && j.type == ASN1_IDENTIFIER
      && asn1_der_iterator_next(&i) == ASN1_ITERATOR_PRIMITIVE
      && i.type == ASN1_BITSTRING

      /* Use i to parse the object wrapped in the bit string.*/
      && asn1_der_decode_bitstring_last(&i))
    {
      /* pkcs-1 {
	     iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1)
	     modules(0) pkcs-1(1)
	 }

	 --
	 -- When rsaEncryption is used in an AlgorithmIdentifier the
	 -- parameters MUST be present and MUST be NULL.
	 --
	 rsaEncryption    OBJECT IDENTIFIER ::= { pkcs-1 1 }
      */
      static const uint8_t id_rsaEncryption[9] =
	{ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01 };
      /*
	 --
	 -- When dsa is used in an AlgorithmIdentifier the
	 -- parameters MUST be present and MUST NOT be NULL.
	 --
	 dsa    OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 }
      */
      static const uint8_t id_dsa[7] =
	{ 0x2A, 0x86, 0x48, 0xCE, 0x38, 0x04, 0x01 };

      switch (j.length)
	{
	unknown:
	default:
	  werror("SubjectPublicKeyInfo: Unsupported algorithm.\n");
	  res = -1;
	  break;
	  
	case 7:
	  if (memcmp(j.data, id_dsa, 7) == 0)
	    {
	      if (asn1_der_iterator_next(&j) == ASN1_ITERATOR_CONSTRUCTED
		  && asn1_der_decode_constructed_last(&j) == ASN1_ITERATOR_PRIMITIVE)
		{
		  struct dsa_public_key pub;

		  dsa_public_key_init(&pub);

		  if (dsa_params_from_der_iterator(&pub, 0, &i)
		      && dsa_public_key_from_der_iterator(&pub, 0, &j))
		    {
		      nettle_buffer_reset(buffer);
		      res = dsa_keypair_to_sexp(buffer, NULL, &pub, NULL) > 0;
		    }
		}
	      if (!res)
		werror("SubjectPublicKeyInfo: Invalid DSA key.\n");
	      break;
	    }
	  else goto unknown;
	case 9:
	  if (memcmp(j.data, id_rsaEncryption, 9) == 0)
	    {
	      if (asn1_der_iterator_next(&j) == ASN1_ITERATOR_PRIMITIVE
		  && j.type == ASN1_NULL
		  && j.length == 0
		  && asn1_der_iterator_next(&j) == ASN1_ITERATOR_END)
		{
		  struct rsa_public_key pub;

		  rsa_public_key_init(&pub);

		  if (rsa_public_key_from_der_iterator(&pub, 0, &i))
		    {
		      nettle_buffer_reset(buffer);
		      res = rsa_keypair_to_sexp(buffer, NULL, &pub, NULL) > 0;
		    }
		}
	      if (!res)
		werror("SubjectPublicKeyInfo: Invalid RSA key.\n");
	      break;
	    }
	  else goto unknown;
	}
    }
  else
    werror("SubjectPublicKeyInfo: Invalid object.\n");
  
  return res;
}
示例#8
0
int
test_main(void)
{
  struct rsa_public_key pub;
  struct rsa_private_key key;

  mpz_t expected;
  
  mpz_init(expected);
  
  rsa_private_key_init(&key);
  rsa_public_key_init(&pub);

  test_rsa_set_key_1(&pub, &key);
  
  /* Test md5 signatures */
  mpz_set_str(expected,
	      "53bf517009fa956e" "3daa6adc95e8663d" "3759002f488bbbad"
	      "e49f62792d85dbcc" "293f68e2b68ef89a" "c5bd42d98f845325"
	      "3e6c1b76fc337db5" "e0053f255c55faf3" "eb6cc568ad7f5013"
	      "5b269a64acb9eaa7" "b7f09d9bd90310e6" "4c58f6dbe673ada2"
	      "67c97a9d99e19f9d" "87960d9ce3f0d5ce" "84f401fe7e10fa24"
	      "28b9bffcf9", 16);

  test_rsa_md5(&pub, &key, expected);

  /* Test sha1 signature */
  mpz_set_str(expected,
	      "129b405ed85db88c" "55d35344c4b52854" "496516b4d63d8211"
	      "80a0c24d6ced9047" "33065a564bbd33d0" "a5cdfd204b9c6d15"
	      "78337207c2f1662d" "c73906c7a0f2bf5c" "af92cef9121957b1"
	      "dcb111ff47b92389" "888e384d0cfd1b1e" "e5d7003a8feff3fd"
	      "dd6a71d242a79272" "25234d67ba369441" "c12ae555c697754e"
	      "a17f93fa92", 16);

  test_rsa_sha1(&pub, &key, expected);

  mpz_set_str(expected,
	      "13f9e43f7a401a73" "0a74985c01520d76" "bf5f2e2dff91e93b"
	      "9267d8c388d6937b" "d4bc6f1fa31618a9" "b5e3a1a875af72f5"
	      "0e805dbfebdf4348" "7d49763f0b365e78" "d2c0ea8fb3785897"
	      "782289a58f998907" "248c9cdf2c643d7e" "6ba6b55026227773"
	      "6f19caa69c4fc6d7" "7e2e5d4cd6b7a82b" "900d201ffd000448"
	      "685e5a4f3e", 16);

  test_rsa_sha256(&pub, &key, expected);
  
  /* 777-bit key, generated by
   *
   *   lsh-keygen -a rsa -l 777 -f advanced-hex
   *
   * Interesting because the size of n doesn't equal the sum of the
   * sizes of p and q. 
   *
   * (private-key (rsa-pkcs1
   *        (n #013b04440e3eef25 d51c738d508a7fa8 b3445180c342af0f
   *            4cb5a789047300e2 cfc5c5450974cfc2 448aeaaa7f43c374
   *            c9a3b038b181f2d1 0f1a2327fd2c087b a49bf1086969fd2c
   *            d1df3fd69f81fa4b 162cc8bbb363fc95 b7b24b9c53d0c67e
   *            f52b#)
   *        (e #3f1a012d#)
   *        (d #f9bae89dacca6cca c21e0412b4df8355 6fe7c5322bbae8ad
   *            3f11494fd12bc076 d4a7da3050fe109d 2074db09cc6a93b4
   *            745479522558379e a0ddfa74f86c9e9e a22c3b0e93d51447
   *            0feb38105dd35395 63b91ee32776f40c 67b2a175690f7abb
   *            25#)
   *        (p #0b73c990eeda0a2a 2c26416052c85560 0c5c0f5ce86a8326
   *            166acea91786237a 7ff884e66dbfdd3a ab9d9801414c1506
   *            8b#)
   *        (q #1b81c19a62802a41 9c99283331b0badb 08eb0c25ffce0fbf
   *            50017850036f32f3 2132a845b91a5236 61f7b451d587383f
   *            e1#)
   *        (a #0a912fc93a6cca6b 3521725a3065b3be 3c9745e29c93303d
   *            7d29316c6cafa4a2 89945f964fcdea59 1f9d248b0b6734be
   *            c9#)
   *        (b #1658eca933251813 1eb19c77aba13d73 e0b8f4ce986d7615
   *            764c6b0b03c18146 46b7f332c43e05c5 351e09006979ca5b
   *            05#)
   *        (c #0114720dace7b27f 2bf2850c1804869f 79a0aad0ec02e6b4
   *            05e1831619db2f10 bb9b6a8fd5c95df2 eb78f303ea0c0cc8
   *            06#)))
   */
  
  mpz_set_str(pub.n,
	      "013b04440e3eef25" "d51c738d508a7fa8" "b3445180c342af0f"
	      "4cb5a789047300e2" "cfc5c5450974cfc2" "448aeaaa7f43c374"
	      "c9a3b038b181f2d1" "0f1a2327fd2c087b" "a49bf1086969fd2c"
	      "d1df3fd69f81fa4b" "162cc8bbb363fc95" "b7b24b9c53d0c67e"
	      "f52b", 16);
  
  mpz_set_str(pub.e, "3f1a012d", 16);

  if (!rsa_public_key_prepare(&pub))
    FAIL();

#if 0  
  mpz_set_str(key.d,
	      "f9bae89dacca6cca" "c21e0412b4df8355" "6fe7c5322bbae8ad"
	      "3f11494fd12bc076" "d4a7da3050fe109d" "2074db09cc6a93b4"
	      "745479522558379e" "a0ddfa74f86c9e9e" "a22c3b0e93d51447"
	      "0feb38105dd35395" "63b91ee32776f40c" "67b2a175690f7abb"
	      "25", 16);
#endif
  
  mpz_set_str(key.p,
	      "0b73c990eeda0a2a" "2c26416052c85560" "0c5c0f5ce86a8326"
	      "166acea91786237a" "7ff884e66dbfdd3a" "ab9d9801414c1506"
	      "8b", 16);
  
  mpz_set_str(key.q,
	      "1b81c19a62802a41" "9c99283331b0badb" "08eb0c25ffce0fbf"
	      "50017850036f32f3" "2132a845b91a5236" "61f7b451d587383f"
	      "e1", 16);
  
  mpz_set_str(key.a,
	      "0a912fc93a6cca6b" "3521725a3065b3be" "3c9745e29c93303d"
	      "7d29316c6cafa4a2" "89945f964fcdea59" "1f9d248b0b6734be"
	      "c9", 16);
  
  mpz_set_str(key.b,
	      "1658eca933251813" "1eb19c77aba13d73" "e0b8f4ce986d7615"
	      "764c6b0b03c18146" "46b7f332c43e05c5" "351e09006979ca5b"
	      "05", 16);
  
  mpz_set_str(key.c,
	      "0114720dace7b27f" "2bf2850c1804869f" "79a0aad0ec02e6b4"
	      "05e1831619db2f10" "bb9b6a8fd5c95df2" "eb78f303ea0c0cc8"
	      "06", 16);

  if (!rsa_private_key_prepare(&key))
    FAIL();

  if (pub.size != key.size)
    FAIL();

  /* Test md5 signatures */
  mpz_set_str(expected,
	      "011b939f6fbacf7f" "7d3217b022d07477" "e582e34d4bbddd4c"
	      "31520647417fc8a6" "18b2e196d799cedd" "d8f5c062fd796b0f"
	      "72ab46db2ac6ec74" "39d856be3f746cc4" "3e0a15429954736a"
	      "60a8b3c6ea93d2cb" "c69085c307d72517" "07d43bf97a3b51eb"
	      "9e89", 16);

  test_rsa_md5(&pub, &key, expected);

  /* Test sha1 signature */
  mpz_set_str(expected,
	      "648c49e0ed045547" "08381d0bcd03b7bd" "b0f80a0e9030525d"
	      "234327a1c96b8660" "f1c01c6f15ae76d0" "4f53a53806b7e4db"
	      "1f789e6e89b538f6" "88fcbd2caa6abef0" "5432d52f3de463a4"
	      "a9e6de94f1b7bb68" "3c07edf0924fc93f" "56e1a0dba8f7491c"
	      "5c", 16);

  test_rsa_sha1(&pub, &key, expected);

  mpz_set_str(expected,
	      "d759bb28b4d249a2" "f8b67bdbb1ab7f50" "c88712fbcabc2956"
	      "1ec6ca3f8fdafe7a" "38433d7da287b8f7" "87857274c1640b2b"
	      "e652cd89c501d570" "3980a0af5c6bb60c" "f84feab25b099d06"
	      "e2519accb73dac43" "fb8bdad28835f3bd" "84c43678fe2ef41f"
	      "af", 16);

  test_rsa_sha256(&pub, &key, expected);

  rsa_private_key_clear(&key);
  rsa_public_key_clear(&pub);
  mpz_clear(expected);

  SUCCESS();
}
示例#9
0
static void *
bench_rsa_init (unsigned size)
{
  unsigned char rsa1024[] =
    "{KDExOnByaXZhdGUta2V5KDE0OnJzYS1wa2NzMS1zaGExKDE6bjEyOToA90+K5EmjbFJBeJD"
    " xP2KD2Df+0Twc9425uB+vhqTrVijtd2PnwEQDfR2VoducgkKcXJzYYyCNILQJbFAi2Km/sD"
    " jImERBqDtaI217Ze+tOKEmImexYTAgFuqEptp2F3M4DqgRQ7s/3nJQ/bPE5Hfi1OZhJSShu"
    " I80ATTU4fUgrPspKDE6ZTM6AQABKSgxOmQxMjk6APAhKckzvxxkWfHJOpXDACWnaSKcbbvo"
    " vtWK3pGr/F2ya7CrLtE+uOx5F1sLs9G+/7flCy5k4uNILIYg4VTirZ1zQ8fNKPrjK1VMRls"
    " JiRRU/0VAs9d7HdncJfs6rbvRQbCRSRYURo4hWir3Lq8V3UUQVBprc4dO+uWmplvwQ5qxKS"
    " gxOnA2NToA+8aIVkdbk8Jg8dJOuzc7m/hZnwkKSs6eVDw4N/2T0CJKGJYT+B3Ct+fPkxhUR"
    " ggd2DQ9OpkTra7SXHTNkzdPVSkoMTpxNjU6APt11P8vXNnGYF0OC/cPsR8zhSYuFmtRuX6G"
    " ES+DdG0VCU07UeNQkok1UoW5sXqY0IGr1jkJq8AMSgKoNbLQ6w8pKDE6YTY0Ohzkxsan/8F"
    " wQDHgQbrIduXKVXaj0fONzKu8EXOTfUAYf0pdBsOlnq/+QVsPIrS6v7oNHK253YFEG84SdX"
    " kcktUpKDE6YjY1OgCR+cRtY3RWY+f6/TWK9gwPndv03xpasLWrMm71ky1aSbT9pasS9+opR"
    " tAiGzthfSbFsBiLQgb3VOr+AeIybT+XKSgxOmM2NDojigqARWN5u1CVDVuD2L2ManpoGiM6"
    " kQ6FaJjqRjxeRRKFrQxGJa9tM1hqStxokC1oJidgaOLGnn60iwzToug9KSkp}";
    
  unsigned char rsa2048[] =
    "{KDExOnByaXZhdGUta2V5KDE0OnJzYS1wa2NzMS1zaGExKDE6bjI1NzoAtxWXiglIdunDK48"
    " 8I0vW0wTqnh/riW9pLk8n1F8MUPBFdhvkkl0bDQqSJPUvSHy+w4fLVwcEzeI4qFyo3b2Avz"
    " JK20MFbt/WfHD1TbxuK8rNqXyqmqjJ9vgjtV9nPzAz7CM9ogs3/RJHpcfZPQF15ifizleUZ"
    " aQT0GAXHZL7cePj10yGI2u3hgTkokVzdNC/1T34guKYpErg0pt0B/KejWpsFTb84z3tkR+B"
    " YVx07p/OoByZwoABgncS/uALl31fRS8jyJ2JqUiZOqe7XoO9hkDHYNCWUGUfNGQ7ZgVp9+e"
    " NQpracSjrp6Jnrj7r/oxJUx5ZDVNi18AzQadE/oKOrSkoMTplMzoBAAEpKDE6ZDI1NjogBT"
    " C5vaHk2kF+LtDvw2XRBj0aZq7FHK0ioklvBSicR0l+vKYfSxVeFIk22YLphJfAjtFraRjYA"
    " Uaze3E1Rt1rkxoweupKV++lWAQvElOaaR/LErirz/Vysjdck1D1ZjLOi+NNofSq2DWbsvY1"
    " iznZhQRP3lVf6XBls0iXrYs4gb0pBZqXLQW+j9Ihx6eantf1/6ZMKPgCkzcAZ0ABsCfaFSg"
    " ouNCzilblsgFEspEbb8QqrNQoStS3F/gMwWgDsr3+vQzBqt+7ykWoCJ9wctbYy9kEPq+hX3"
    " GP0hG6HdS81r9E8pgdf3wloNNMzYUHwn7poXGpOi8tG0pmR56TqD/BKSgxOnAxMjk6AN4AJ"
    " TiGPm9We2ga3Y0jpTfA3mWpUbhYgaXYLWA1/riniwq16fqxRIkWQT/O2KKpBVe6WSvNYq9u"
    " lM8N6bdPtDytJs6AOXy0X5vtJ953ZYVMhHbhmUxhIL9I+s0O1+LxMF8b9U4CrFyaTxd8Un/"
    " FXP1BvYJRrkoup6HYvOlGx36lKSgxOnExMjk6ANMfrfH6z/3o7K56aW6kSiloDDbKZQ0+W5"
    " 8LzP2ZOBLf6LX6jLhN3olU1Z0KGTM0S/1AxvwGjuRqhu+LcOJ7oUCUH3uusR5c5nSnArYPq"
    " +0wbco4BQngot/HmGN7U0EDsIWqPt/qoa/b8bCk+TOwJlknNq/PnZU26SPj48XS05lpKSgx"
    " OmExMjk6AJM2n3gLNW3ZeH5BindkktQU9qWNkV5geqDCaNyrEZ3bpI1WsrEGSj9p3Zz1ipz"
    " a3msdbLJqQS26c72WKUzg8tFltR0s1HJInjolGtIgdNbfNdwrn9+RbQjL2VyPokOg0wXO4W"
    " 14wlmqDhax33dRJmfe50964MvaglkGA8fhorrtKSgxOmIxMjk6AKMe+vrX2xRHf3dfxU5jS"
    " ZmsdqNuxZzx7UB5kazvUU/kCJ1yNH/CSoq5LULkpovVgFDwV84qEwWQ+SjkCBg1hWWsDJc3"
    " ZkobZUQENigM+72LiYiQt/PlyHI2eRuEEdNN0nm0DFhdpQeHXLoq/RBerYJ8tdgpBYxgnMn"
    " KLhaOykbhKSgxOmMxMjg6MVlKj2bjb7qFQVkLO1OPg28jSrtRpnQCR+qegN4ZmNam/qbest"
    " 8yn0JQ6gxX7PvP382+jx7uHHWHYYqPq/Flf8gqtOOcjqS5TJgVHz3F3xHWquo1ZofGtCMro"
    " Dd2c0xjRjIVGvLV6Ngs+HRdljRav40vRpTyEoEdlzHBQiILesopKSk=}";

  struct rsa_ctx *ctx;
  struct sexp_iterator i;

  int res;

  ctx = xalloc(sizeof(*ctx));

  rsa_public_key_init (&ctx->pub);
  rsa_private_key_init (&ctx->key);
  mpz_init (ctx->s);
  knuth_lfib_init (&ctx->lfib, 1);

  /* NOTE: Base64-decodes the strings in-place */
  if (size == 1024)
    res = sexp_transport_iterator_first (&i, sizeof(rsa1024) - 1, rsa1024);
  else if (size == 2048)
    res = sexp_transport_iterator_first (&i, sizeof(rsa2048) - 1, rsa2048);
  else
    die ("Internal error.\n");

  if (! (res
	 && sexp_iterator_check_type (&i, "private-key")
	 && sexp_iterator_check_type (&i, "rsa-pkcs1-sha1")
	 && rsa_keypair_from_sexp_alist (&ctx->pub, &ctx->key, 0, &i)))
    die ("Internal error.\n");

  ctx->digest = hash_string (&nettle_sha256, "foo");

  rsa_sha256_sign_digest (&ctx->key, ctx->digest, ctx->s);
  
  return ctx;
}
示例#10
0
int
main(int argc, char **argv)
{
  struct rsa_session ctx;
  struct rsa_session_info info;
  
  struct rsa_public_key key;
  mpz_t x;
  
  int c;
  const char *random_name = NULL;

  enum { OPT_HELP = 300 };
  
  static const struct option options[] =
    {
      /* Name, args, flag, val */
      { "help", no_argument, NULL, OPT_HELP },
      { "random", required_argument, NULL, 'r' },
      { NULL, 0, NULL, 0}
    };
  
  while ( (c = getopt_long(argc, argv, "o:r:", options, NULL)) != -1)
    switch (c)
      {
      case 'r':
	random_name = optarg;
	break;
	
      case '?':
	return EXIT_FAILURE;

      case OPT_HELP:
	usage(stdout);
	return EXIT_SUCCESS;
      default:
	abort();
      }

  argv += optind;
  argc -= optind;

  if (argc != 1)
    {
      usage (stderr);
      return EXIT_FAILURE;
    }

  rsa_public_key_init(&key);
  
  if (!read_rsa_key(argv[0], &key, NULL))
    {
      werror("Invalid key\n");
      return EXIT_FAILURE;
    }

  /* NOTE: No sources */
  yarrow256_init(&ctx.yarrow, 0, NULL);
  
  /* Read some data to seed the generator */
  if (!simple_random(&ctx.yarrow, random_name))
    {
      werror("Initialization of randomness generator failed.\n");
      return EXIT_FAILURE;
    }

  WRITE_UINT32(SESSION_VERSION(&info), RSA_VERSION);
  
  yarrow256_random(&ctx.yarrow, sizeof(info.key) - 4, info.key + 4);

  rsa_session_set_encrypt_key(&ctx, &info);
  
#ifdef WIN32
  _setmode(0, O_BINARY);
  _setmode(1, O_BINARY);
#endif

  write_version(stdout);
  
  mpz_init(x);

  if (!rsa_encrypt(&key,
		   &ctx.yarrow, (nettle_random_func *) yarrow256_random,
		   sizeof(info.key), info.key, 
		   x))
    {
      werror("RSA encryption failed.\n");
      return EXIT_FAILURE;
    }

  write_bignum(stdout, x);

  mpz_clear (x);

  if (!process_file(&ctx,
		    stdin, stdout))
    return EXIT_FAILURE;

  rsa_public_key_clear(&key);

  return EXIT_SUCCESS;
}
示例#11
0
文件: pk.c 项目: intgr/gnutls
static int
wrap_nettle_pk_generate_params (gnutls_pk_algorithm_t algo,
                                unsigned int level /*bits */ ,
                                gnutls_pk_params_st * params)
{
  int ret;
  unsigned int i, q_bits;

  memset(params, 0, sizeof(*params));

  switch (algo)
    {

    case GNUTLS_PK_DSA:
      {
        struct dsa_public_key pub;
        struct dsa_private_key priv;

        dsa_public_key_init (&pub);
        dsa_private_key_init (&priv);

        /* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
         * but we do NIST DSA here */
        if (level <= 1024)
          q_bits = 160;
        else
          q_bits = 256;

        ret =
          dsa_generate_keypair (&pub, &priv, NULL,
                                rnd_func, NULL, NULL, level, q_bits);
        if (ret != 1)
          {
            gnutls_assert ();
            ret = GNUTLS_E_INTERNAL_ERROR;
            goto dsa_fail;
          }

        params->params_nr = 0;
        for (i = 0; i < DSA_PRIVATE_PARAMS; i++)
          {
            params->params[i] = _gnutls_mpi_alloc_like (&pub.p);
            if (params->params[i] == NULL)
              {
                ret = GNUTLS_E_MEMORY_ERROR;
                goto dsa_fail;
              }
            params->params_nr++;
          }

        ret = 0;
        _gnutls_mpi_set (params->params[0], pub.p);
        _gnutls_mpi_set (params->params[1], pub.q);
        _gnutls_mpi_set (params->params[2], pub.g);
        _gnutls_mpi_set (params->params[3], pub.y);
        _gnutls_mpi_set (params->params[4], priv.x);

dsa_fail:
        dsa_private_key_clear (&priv);
        dsa_public_key_clear (&pub);

        if (ret < 0)
          goto fail;

        break;
      }
    case GNUTLS_PK_RSA:
      {
        struct rsa_public_key pub;
        struct rsa_private_key priv;

        rsa_public_key_init (&pub);
        rsa_private_key_init (&priv);

        _gnutls_mpi_set_ui (&pub.e, 65537);

        ret =
          rsa_generate_keypair (&pub, &priv, NULL,
                                rnd_func, NULL, NULL, level, 0);
        if (ret != 1)
          {
            gnutls_assert ();
            ret = GNUTLS_E_INTERNAL_ERROR;
            goto rsa_fail;
          }

        params->params_nr = 0;
        for (i = 0; i < RSA_PRIVATE_PARAMS; i++)
          {
            params->params[i] = _gnutls_mpi_alloc_like (&pub.n);
            if (params->params[i] == NULL)
              {
                ret = GNUTLS_E_MEMORY_ERROR;
                goto rsa_fail;
              }
            params->params_nr++;

          }
          
        ret = 0;

        _gnutls_mpi_set (params->params[0], pub.n);
        _gnutls_mpi_set (params->params[1], pub.e);
        _gnutls_mpi_set (params->params[2], priv.d);
        _gnutls_mpi_set (params->params[3], priv.p);
        _gnutls_mpi_set (params->params[4], priv.q);
        _gnutls_mpi_set (params->params[5], priv.c);
        _gnutls_mpi_set (params->params[6], priv.a);
        _gnutls_mpi_set (params->params[7], priv.b);

rsa_fail:
        rsa_private_key_clear (&priv);
        rsa_public_key_clear (&pub);

        if (ret < 0)
          goto fail;

        break;
      }
    case GNUTLS_PK_EC:
      {
        ecc_key key;
        ecc_set_type tls_ecc_set;
        const gnutls_ecc_curve_entry_st *st;

        st = _gnutls_ecc_curve_get_params(level);
        if (st == NULL)
          return gnutls_assert_val(GNUTLS_E_ECC_UNSUPPORTED_CURVE);
        
        tls_ecc_set.size = st->size;
        tls_ecc_set.prime = st->prime;
        tls_ecc_set.order = st->order;
        tls_ecc_set.Gx = st->Gx;
        tls_ecc_set.Gy = st->Gy;
        tls_ecc_set.A = st->A;
        tls_ecc_set.B = st->B;

        ret = ecc_make_key(NULL, rnd_func, &key, &tls_ecc_set, st->id);
        if (ret != 0)
          return gnutls_assert_val(GNUTLS_E_INTERNAL_ERROR);

        params->params_nr = 0;
        for (i = 0; i < ECC_PRIVATE_PARAMS; i++)
          {
            params->params[i] = _gnutls_mpi_alloc_like(&key.prime);
            if (params->params[i] == NULL)
              {
                ret = GNUTLS_E_MEMORY_ERROR;
                goto ecc_fail;
              }
            params->params_nr++;
          }
        params->flags = level;

        mpz_set(TOMPZ(params->params[ECC_PRIME]), key.prime);
        mpz_set(TOMPZ(params->params[ECC_ORDER]), key.order);
        mpz_set(TOMPZ(params->params[ECC_A]), key.A);
        mpz_set(TOMPZ(params->params[ECC_B]), key.B);
        mpz_set(TOMPZ(params->params[ECC_GX]), key.Gx);
        mpz_set(TOMPZ(params->params[ECC_GY]), key.Gy);
        mpz_set(TOMPZ(params->params[ECC_X]), key.pubkey.x);
        mpz_set(TOMPZ(params->params[ECC_Y]), key.pubkey.y);
        mpz_set(TOMPZ(params->params[ECC_K]), key.k);
        
ecc_fail:
        ecc_free(&key);
        
        if (ret < 0)
          goto fail;

        break;
      }
    default:
      gnutls_assert ();
      return GNUTLS_E_INVALID_REQUEST;
    }

  return 0;

fail:

  for (i = 0; i < params->params_nr; i++)
    {
      _gnutls_mpi_release (&params->params[i]);
    }
  params->params_nr = 0;

  return ret;
}
示例#12
0
void
test_main(void)
{
  struct rsa_public_key pub;
  struct rsa_private_key key;
  struct knuth_lfib_ctx lfib;

  /* FIXME: How is this spelled? */
  const uint8_t *msg = "Squemish ossifrage";
  size_t msg_length;

  uint8_t *decrypted;
  size_t decrypted_length;
  uint8_t after;

  mpz_t gibberish;

  rsa_private_key_init(&key);
  rsa_public_key_init(&pub);
  mpz_init(gibberish);

  knuth_lfib_init(&lfib, 17);
  
  test_rsa_set_key_1(&pub, &key);
  msg_length = strlen(msg);

  if (verbose)
    fprintf(stderr, "msg: `%s', length = %d\n", msg, (int) msg_length);
  
  ASSERT(rsa_encrypt(&pub,
		     &lfib, (nettle_random_func *) knuth_lfib_random,
		     msg_length, msg,
		     gibberish));

  if (verbose)
    {
      fprintf(stderr, "encrypted: ");
      mpz_out_str(stderr, 10, gibberish);
    }
  
  decrypted = xalloc(msg_length + 1);

  knuth_lfib_random (&lfib, msg_length + 1, decrypted);
  after = decrypted[msg_length];
  
  decrypted_length = msg_length - 1;
  ASSERT(!rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));

  decrypted_length = msg_length;
  ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
  ASSERT(decrypted_length == msg_length);
  ASSERT(MEMEQ(msg_length, msg, decrypted));
  ASSERT(decrypted[msg_length] == after);

  knuth_lfib_random (&lfib, msg_length + 1, decrypted);
  after = decrypted[msg_length];

  decrypted_length = key.size;
  ASSERT(rsa_decrypt(&key, &decrypted_length, decrypted, gibberish));
  ASSERT(decrypted_length == msg_length);
  ASSERT(MEMEQ(msg_length, msg, decrypted));
  ASSERT(decrypted[msg_length] == after);
  
  knuth_lfib_random (&lfib, msg_length + 1, decrypted);
  after = decrypted[msg_length];

  decrypted_length = msg_length;
  ASSERT(rsa_decrypt_tr(&pub, &key,
			&lfib, (nettle_random_func *) knuth_lfib_random,
			&decrypted_length, decrypted, gibberish));
  ASSERT(decrypted_length == msg_length);
  ASSERT(MEMEQ(msg_length, msg, decrypted));
  ASSERT(decrypted[msg_length] == after);

  /* Test invalid key. */
  mpz_add_ui (key.q, key.q, 2);
  decrypted_length = key.size;
  ASSERT(!rsa_decrypt_tr(&pub, &key,
			 &lfib, (nettle_random_func *) knuth_lfib_random,
			 &decrypted_length, decrypted, gibberish));

  rsa_private_key_clear(&key);
  rsa_public_key_clear(&pub);
  mpz_clear(gibberish);
  free(decrypted);
}
示例#13
0
文件: pk.c 项目: randombit/hacrypto
static int
wrap_nettle_pk_generate_params(gnutls_pk_algorithm_t algo,
			       unsigned int level /*bits */ ,
			       gnutls_pk_params_st * params)
{
	int ret;
	unsigned int i, q_bits;

	memset(params, 0, sizeof(*params));

	switch (algo) {

	case GNUTLS_PK_DSA:
		{
			struct dsa_public_key pub;
			struct dsa_private_key priv;

			dsa_public_key_init(&pub);
			dsa_private_key_init(&priv);

			/* the best would be to use _gnutls_pk_bits_to_subgroup_bits()
			 * but we do NIST DSA here */
			if (level <= 1024)
				q_bits = 160;
			else
				q_bits = 256;

			ret =
			    dsa_generate_keypair(&pub, &priv, NULL,
						 rnd_func, NULL, NULL,
						 level, q_bits);
			if (ret != 1) {
				gnutls_assert();
				ret = GNUTLS_E_INTERNAL_ERROR;
				goto dsa_fail;
			}

			params->params_nr = 0;
			for (i = 0; i < DSA_PRIVATE_PARAMS; i++) {
				params->params[i] =
				    _gnutls_mpi_alloc_like(&pub.p);
				if (params->params[i] == NULL) {
					ret = GNUTLS_E_MEMORY_ERROR;
					goto dsa_fail;
				}
				params->params_nr++;
			}

			ret = 0;
			_gnutls_mpi_set(params->params[0], pub.p);
			_gnutls_mpi_set(params->params[1], pub.q);
			_gnutls_mpi_set(params->params[2], pub.g);
			_gnutls_mpi_set(params->params[3], pub.y);
			_gnutls_mpi_set(params->params[4], priv.x);

		      dsa_fail:
			dsa_private_key_clear(&priv);
			dsa_public_key_clear(&pub);

			if (ret < 0)
				goto fail;

			break;
		}
	case GNUTLS_PK_RSA:
		{
			struct rsa_public_key pub;
			struct rsa_private_key priv;

			rsa_public_key_init(&pub);
			rsa_private_key_init(&priv);

			_gnutls_mpi_set_ui(&pub.e, 65537);

			ret =
			    rsa_generate_keypair(&pub, &priv, NULL,
						 rnd_func, NULL, NULL,
						 level, 0);
			if (ret != 1) {
				gnutls_assert();
				ret = GNUTLS_E_INTERNAL_ERROR;
				goto rsa_fail;
			}

			params->params_nr = 0;
			for (i = 0; i < RSA_PRIVATE_PARAMS; i++) {
				params->params[i] =
				    _gnutls_mpi_alloc_like(&pub.n);
				if (params->params[i] == NULL) {
					ret = GNUTLS_E_MEMORY_ERROR;
					goto rsa_fail;
				}
				params->params_nr++;

			}

			ret = 0;

			_gnutls_mpi_set(params->params[0], pub.n);
			_gnutls_mpi_set(params->params[1], pub.e);
			_gnutls_mpi_set(params->params[2], priv.d);
			_gnutls_mpi_set(params->params[3], priv.p);
			_gnutls_mpi_set(params->params[4], priv.q);
			_gnutls_mpi_set(params->params[5], priv.c);
			_gnutls_mpi_set(params->params[6], priv.a);
			_gnutls_mpi_set(params->params[7], priv.b);

		      rsa_fail:
			rsa_private_key_clear(&priv);
			rsa_public_key_clear(&pub);

			if (ret < 0)
				goto fail;

			break;
		}
	case GNUTLS_PK_EC:
		{
			struct ecc_scalar key;
			struct ecc_point pub;
			const struct ecc_curve *curve;

			curve = get_supported_curve(level);
			if (curve == NULL)
				return
				    gnutls_assert_val
				    (GNUTLS_E_ECC_UNSUPPORTED_CURVE);

			ecc_scalar_init(&key, curve);
			ecc_point_init(&pub, curve);

			ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);

			params->params[ECC_X] = _gnutls_mpi_new(0);
			params->params[ECC_Y] = _gnutls_mpi_new(0);
			params->params[ECC_K] = _gnutls_mpi_new(0);

			if (params->params[ECC_X] == NULL
			    || params->params[ECC_Y] == NULL
			    || params->params[ECC_K] == NULL) {
				_gnutls_mpi_release(&params->
						    params[ECC_X]);
				_gnutls_mpi_release(&params->
						    params[ECC_Y]);
				_gnutls_mpi_release(&params->
						    params[ECC_K]);
				goto ecc_cleanup;
			}

			params->flags = level;
			params->params_nr = ECC_PRIVATE_PARAMS;

			ecc_point_get(&pub, TOMPZ(params->params[ECC_X]),
				      TOMPZ(params->params[ECC_Y]));
			ecc_scalar_get(&key, TOMPZ(params->params[ECC_K]));

		      ecc_cleanup:
			ecc_point_clear(&pub);
			ecc_scalar_clear(&key);

			break;
		}
	default:
		gnutls_assert();
		return GNUTLS_E_INVALID_REQUEST;
	}

	return 0;

      fail:

	for (i = 0; i < params->params_nr; i++) {
		_gnutls_mpi_release(&params->params[i]);
	}
	params->params_nr = 0;

	return ret;
}
示例#14
0
/* To generate a DH key either q must be set in the params or
 * level should be set to the number of required bits.
 */
static int
wrap_nettle_pk_generate_keys(gnutls_pk_algorithm_t algo,
			       unsigned int level /*bits */ ,
			       gnutls_pk_params_st * params)
{
	int ret;
	unsigned int i;

	switch (algo) {
	case GNUTLS_PK_DSA:
#ifdef ENABLE_FIPS140
		{
			struct dsa_public_key pub;
			struct dsa_private_key priv;

			if (params->params[DSA_Q] == NULL)
				return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);

			_dsa_params_to_pubkey(params, &pub);

			dsa_private_key_init(&priv);
			mpz_init(pub.y);

			ret =
			    dsa_generate_dss_keypair(&pub, &priv, 
						 NULL, rnd_func, 
						 NULL, NULL);
			if (ret != 1) {
				gnutls_assert();
				ret = GNUTLS_E_PK_GENERATION_ERROR;
				goto dsa_fail;
			}

			ret = _gnutls_mpi_init_multi(&params->params[DSA_Y], &params->params[DSA_X], NULL);
			if (ret < 0) {
				gnutls_assert();
				goto dsa_fail;
			}

			mpz_set(TOMPZ(params->params[DSA_Y]), pub.y);
			mpz_set(TOMPZ(params->params[DSA_X]), priv.x);
			params->params_nr += 2;

		      dsa_fail:
			dsa_private_key_clear(&priv);
			mpz_clear(pub.y);

			if (ret < 0)
				goto fail;

			break;
		}
#endif
	case GNUTLS_PK_DH:
		{
			struct dsa_public_key pub;
			mpz_t r;
			mpz_t x, y;
			int max_tries;
			unsigned have_q = 0;

			if (algo != params->algo)
				return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);

			_dsa_params_to_pubkey(params, &pub);

			if (params->params[DSA_Q] != NULL)
				have_q = 1;

			/* This check is for the case !ENABLE_FIPS140 */
			if (algo == GNUTLS_PK_DSA && have_q == 0)
				return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);

			mpz_init(r);
			mpz_init(x);
			mpz_init(y);

			max_tries = 3;
			do {
				if (have_q) {
					mpz_set(r, pub.q);
					mpz_sub_ui(r, r, 2);
					nettle_mpz_random(x, NULL, rnd_func, r);
					mpz_add_ui(x, x, 1);
				} else {
					unsigned size = mpz_sizeinbase(pub.p, 2);
					if (level == 0)
						level = MIN(size, DH_EXPONENT_SIZE(size));
					nettle_mpz_random_size(x, NULL, rnd_func, level);

					if (level >= size)
						mpz_mod(x, x, pub.p);
				}

				mpz_powm(y, pub.g, x, pub.p);

				max_tries--;
				if (max_tries <= 0) {
					gnutls_assert();
					ret = GNUTLS_E_RANDOM_FAILED;
					goto dh_fail;
				}
			} while(mpz_cmp_ui(y, 1) == 0);

			ret = _gnutls_mpi_init_multi(&params->params[DSA_Y], &params->params[DSA_X], NULL);
			if (ret < 0) {
				gnutls_assert();
				goto dh_fail;
			}

			mpz_set(TOMPZ(params->params[DSA_Y]), y);
			mpz_set(TOMPZ(params->params[DSA_X]), x);
			params->params_nr += 2;

			ret = 0;

		      dh_fail:
			mpz_clear(r);
			mpz_clear(x);
			mpz_clear(y);

			if (ret < 0)
				goto fail;

			break;
		}
	case GNUTLS_PK_RSA:
		{
			struct rsa_public_key pub;
			struct rsa_private_key priv;

			rsa_public_key_init(&pub);
			rsa_private_key_init(&priv);

			mpz_set_ui(pub.e, 65537);
#ifdef ENABLE_FIPS140
			ret =
			    rsa_generate_fips186_4_keypair(&pub, &priv, NULL,
						 rnd_func, NULL, NULL,
						 level);
#else
			ret =
			    rsa_generate_keypair(&pub, &priv, NULL,
						 rnd_func, NULL, NULL,
						 level, 0);
#endif
			if (ret != 1) {
				gnutls_assert();
				ret = GNUTLS_E_PK_GENERATION_ERROR;
				goto rsa_fail;
			}

			params->params_nr = 0;
			for (i = 0; i < RSA_PRIVATE_PARAMS; i++) {
				ret = _gnutls_mpi_init(&params->params[i]);
				if (ret < 0) {
					gnutls_assert();
					goto rsa_fail;
				}
				params->params_nr++;
			}

			mpz_set(TOMPZ(params->params[0]), pub.n);
			mpz_set(TOMPZ(params->params[1]), pub.e);
			mpz_set(TOMPZ(params->params[2]), priv.d);
			mpz_set(TOMPZ(params->params[3]), priv.p);
			mpz_set(TOMPZ(params->params[4]), priv.q);
			mpz_set(TOMPZ(params->params[5]), priv.c);
			mpz_set(TOMPZ(params->params[6]), priv.a);
			mpz_set(TOMPZ(params->params[7]), priv.b);

			ret = 0;

		      rsa_fail:
			rsa_private_key_clear(&priv);
			rsa_public_key_clear(&pub);

			if (ret < 0)
				goto fail;

			break;
		}
	case GNUTLS_PK_EC:
		{
			struct ecc_scalar key;
			struct ecc_point pub;
			const struct ecc_curve *curve;

			curve = get_supported_curve(level);
			if (curve == NULL)
				return
				    gnutls_assert_val
				    (GNUTLS_E_ECC_UNSUPPORTED_CURVE);

			ecc_scalar_init(&key, curve);
			ecc_point_init(&pub, curve);

			ecdsa_generate_keypair(&pub, &key, NULL, rnd_func);

			ret = _gnutls_mpi_init_multi(&params->params[ECC_X], &params->params[ECC_Y], 
					&params->params[ECC_K], NULL);
			if (ret < 0) {
				gnutls_assert();
				goto ecc_fail;
			}

			params->flags = level;
			params->params_nr = ECC_PRIVATE_PARAMS;

			ecc_point_get(&pub, TOMPZ(params->params[ECC_X]),
				      TOMPZ(params->params[ECC_Y]));
			ecc_scalar_get(&key, TOMPZ(params->params[ECC_K]));

			ret = 0;

		      ecc_fail:
			ecc_point_clear(&pub);
			ecc_scalar_clear(&key);

			if (ret < 0)
				goto fail;

			break;
		}
	default:
		gnutls_assert();
		return GNUTLS_E_INVALID_REQUEST;
	}

	FAIL_IF_LIB_ERROR;
	return 0;

      fail:

	for (i = 0; i < params->params_nr; i++) {
		_gnutls_mpi_release(&params->params[i]);
	}
	params->params_nr = 0;

	FAIL_IF_LIB_ERROR;
	return ret;
}
int main(int argc, char **argv)
{
	FILE *input = stdin;

	RSA *openssl_key = NULL;
	struct rsa_private_key *nettle_key = NULL;
	struct rsa_public_key *nettle_pub_key = NULL;
	struct nettle_buffer *sexp_buffer = NULL;

	OpenSSL_add_all_algorithms();
	
	openssl_key = PEM_read_RSAPrivateKey(input, NULL, NULL, NULL);

	if(!openssl_key)
	{
		fprintf(stderr, "OpenSSL failed to read key: %s\n", ERR_error_string(ERR_get_error(), NULL));
		return 1;
	}

# ifdef DEBUG
	fprintf(stderr, "OpenSSL RSA private key:\n");
	fprintf(stderr, "\tPrivate Exponent: %s\n", BN_bn2hex(openssl_key->d)); // d
	fprintf(stderr, "\tPrime 1: %s\n", BN_bn2hex(openssl_key->p));          // p
	fprintf(stderr, "\tPrime 2: %s\n", BN_bn2hex(openssl_key->q));          // q
	fprintf(stderr, "\tExponent 1: %s\n", BN_bn2hex(openssl_key->dmp1));    // a
	fprintf(stderr, "\tExponent 2: %s\n", BN_bn2hex(openssl_key->dmq1));    // b
	fprintf(stderr, "\tCoefficient: %s\n", BN_bn2hex(openssl_key->iqmp));   // c
# endif

	nettle_key = (struct rsa_private_key*)malloc(sizeof(struct rsa_private_key));
	if(!nettle_key)
	{
		fprintf(stderr, "Failed to malloc %zu bytes\n", sizeof(struct rsa_private_key));
		return 4;
	}
	rsa_private_key_init(nettle_key);
	mpz_set_str(nettle_key->d, BN_bn2hex(openssl_key->d), 16);
	mpz_set_str(nettle_key->p, BN_bn2hex(openssl_key->p), 16);
	mpz_set_str(nettle_key->q, BN_bn2hex(openssl_key->q), 16);
	mpz_set_str(nettle_key->a, BN_bn2hex(openssl_key->dmp1), 16);
	mpz_set_str(nettle_key->b, BN_bn2hex(openssl_key->dmq1), 16);
	mpz_set_str(nettle_key->c, BN_bn2hex(openssl_key->iqmp), 16);

	if(rsa_private_key_prepare(nettle_key) != 1)
	{
		fprintf(stderr, "Nettle failed to prepare key\n");
		return 2;
	}

# ifdef DEBUG
	fprintf(stderr, "\tPrivate Exponent: %s\n", mpz_get_str(NULL, 16, nettle_key->d)); // d
	fprintf(stderr, "\tPrime 1: %s\n", mpz_get_str(NULL, 16, nettle_key->p));          // p
	fprintf(stderr, "\tPrime 2: %s\n", mpz_get_str(NULL, 16, nettle_key->q));          // q
	fprintf(stderr, "\tExponent 1: %s\n", mpz_get_str(NULL, 16, nettle_key->a));    // a
	fprintf(stderr, "\tExponent 2: %s\n", mpz_get_str(NULL, 16, nettle_key->b));    // b
	fprintf(stderr, "\tCoefficient: %s\n", mpz_get_str(NULL, 16, nettle_key->c));   // c
# endif

	nettle_pub_key = (struct rsa_public_key*)malloc(sizeof(struct rsa_public_key));
	if(!nettle_pub_key)
	{
		fprintf(stderr, "Failed to malloc %zu bytes\n", sizeof(struct rsa_public_key));
		return 4;
	}
	rsa_public_key_init(nettle_pub_key);
	mpz_set_str(nettle_pub_key->n, BN_bn2hex(openssl_key->n), 16);
	mpz_set_str(nettle_pub_key->e, BN_bn2hex(openssl_key->e), 16);
	
	if(rsa_public_key_prepare(nettle_pub_key) != 1)
	{
		fprintf(stderr, "Nettle failed to prepare public key\n");
		return 2;
	}

	sexp_buffer = (struct nettle_buffer*)malloc(sizeof(struct nettle_buffer));
	if(!sexp_buffer)
	{
		fprintf(stderr, "Failed to malloc %zu bytes\n", sizeof(struct nettle_buffer));
		return 4;
	}
	nettle_buffer_init(sexp_buffer);

	if(rsa_keypair_to_sexp(sexp_buffer, NULL, nettle_pub_key, nettle_key) == 0)
	{
		fprintf(stderr, "Nettle failed to export key to sexp\n");
		return 3;
	}

	size_t bytes_written = fwrite(sexp_buffer->contents, 1, sexp_buffer->size, stdout);
	if(bytes_written < sexp_buffer->size)
	{
		fprintf(stderr, "Failed to write sexp to stdout\n");
		return 5;
	}

	return 0;
}
int
test_main(void)
{
  struct rsa_public_key pub;
  struct rsa_private_key priv;

  struct nettle_buffer buffer;
  
  rsa_public_key_init(&pub);
  rsa_private_key_init(&priv);

  mpz_set_str(pub.n,
	      "085c3408989acae4faec3cbbad91c90d34c1d259cd74121a"
	      "36f38b0b51424a9b2be514a04377113a6cdafe79dd7d5f2e"
	      "cc8b5e9661189b86a7b22239907c25", 16);
  mpz_set_str(pub.e, "36ad4b1d", 16);

  ASSERT(rsa_public_key_prepare(&pub));
  
  mpz_set_str(priv.d,
	      "06ee6d4ff3c239e408150daf8117abfa36a40ad4455d9059"
	      "a86d52f33a2de07418a0a699594588c64810248c9412d554"
	      "f74af947c73c32007e87c92f0937ed", 16);

  mpz_set_str(priv.p,
	      "03259879b24315e9cf14254824c7935d807cdb6990f414a0"
	      "f65e6065130a611f", 16);

  mpz_set_str(priv.q,
	      "02a81ba73bad45fc73b36deffce52d1b73e0747f4d8a8264"
	      "8cecd310448ea63b", 16);

  mpz_set_str(priv.a,
	      "026cbdad5dd0046e093f060ecd5b4ac918e098b0278bb752"
	      "b7cadd6a8944f0b9", 16);

  mpz_set_str(priv.b,
	      "0148751e622d6d58e3bb094afd6edacf7370351d068e2ce9"
	      "f565c5528c4a7473", 16);

  mpz_set_str(priv.c,
	      "f8a458ea73a018dc6fa56863e3bc6de405f364f77dee6f09"
	      "62679ea1a8282e", 16);

  ASSERT(rsa_private_key_prepare(&priv));
  
  nettle_buffer_init(&buffer);
  ASSERT(rsa_keypair_to_sexp(&buffer, "rsa", &pub, &priv));

  if (verbose)
    {
      printf("private:");
      print_hex(buffer.size, buffer.contents);  
    }
  
  ASSERT(MEMEQH(buffer.size, buffer.contents,
		"2831313a707269766174652d6b657928"
		"333a72736128313a6e36333a085c3408"
		"989acae4faec3cbbad91c90d34c1d259"
		"cd74121a36f38b0b51424a9b2be514a0"
		"4377113a6cdafe79dd7d5f2ecc8b5e96"
		"61189b86a7b22239907c252928313a65"
		"343a36ad4b1d2928313a6436333a06ee"
		"6d4ff3c239e408150daf8117abfa36a4"
		"0ad4455d9059a86d52f33a2de07418a0"
		"a699594588c64810248c9412d554f74a"
		"f947c73c32007e87c92f0937ed292831"
		"3a7033323a03259879b24315e9cf1425"
		"4824c7935d807cdb6990f414a0f65e60"
		"65130a611f2928313a7133323a02a81b"
		"a73bad45fc73b36deffce52d1b73e074"
		"7f4d8a82648cecd310448ea63b292831"
		"3a6133323a026cbdad5dd0046e093f06"
		"0ecd5b4ac918e098b0278bb752b7cadd"
		"6a8944f0b92928313a6233323a014875"
		"1e622d6d58e3bb094afd6edacf737035"
		"1d068e2ce9f565c5528c4a7473292831"
		"3a6333323a00f8a458ea73a018dc6fa5"
		"6863e3bc6de405f364f77dee6f096267"
		"9ea1a8282e292929"));

  nettle_buffer_clear(&buffer);
  ASSERT(rsa_keypair_to_sexp(&buffer, NULL, &pub, NULL));

  if (verbose)
    {
      printf("public:");
      print_hex(buffer.size, buffer.contents);  
    }
  ASSERT(MEMEQH(buffer.size, buffer.contents,
		"2831303a7075626c69632d6b65792839"
		"3a7273612d706b63733128313a6e3633"
		"3a085c3408989acae4faec3cbbad91c9"
		"0d34c1d259cd74121a36f38b0b51424a"
		"9b2be514a04377113a6cdafe79dd7d5f"
		"2ecc8b5e9661189b86a7b22239907c25"
		"2928313a65343a36ad4b1d292929"));

  rsa_public_key_clear(&pub);
  rsa_private_key_clear(&priv);
  
  SUCCESS();
}