Commit 2fe81095 authored by Davide Galassi's avatar Davide Galassi

Merge branch 'feature/rsa_keygen'

parents aaaa5998 1ed62628
Pipeline #52143974 failed with stages
in 1 minute and 19 seconds
......@@ -32,6 +32,9 @@ int cry_rsa_encrypt(cry_rsa_ctx *ctx, unsigned char **out, size_t *outlen,
int cry_rsa_decrypt(cry_rsa_ctx *ctx, unsigned char **out, size_t *outlen,
const unsigned char *in, size_t inlen);
int cry_rsa_keygen(cry_rsa_ctx *ctx, unsigned int bits);
#ifdef __cplusplus
}
#endif
......
......@@ -41,17 +41,13 @@ static int nozero_rand(unsigned char *dst, unsigned int n)
break;
}
}
if (k > 0) {
fprintf(stderr, "FIXED AFTER: %d\n", k);
}
if (dst[n] == 0) {
fprintf(stderr, "still 0... exiting\n");
exit(0);
return -1; /* No Way!!! Probability is ~0 */
res = -1; /* No Way!!! */
break;
}
}
}
return 0;
return res;
}
/*
......@@ -90,7 +86,7 @@ int cry_rsa_encrypt(cry_rsa_ctx *ctx, unsigned char **out, size_t *out_siz,
} else {
if ((res = nozero_rand(padded_block + 2,
mod_siz - block_siz - 3)) < 0)
return res;
break;
}
*out = realloc(*out, *out_siz);
......@@ -196,3 +192,51 @@ int cry_rsa_decrypt(cry_rsa_ctx *ctx, unsigned char **out, size_t *out_siz,
}
return res;
}
#define MAX_ITER 10000
int cry_rsa_keygen(cry_rsa_ctx *ctx, unsigned int bits)
{
int res;
cry_mpi phi, p, q, p1, q1, one;
cry_mpi_digit one_dig;
int hbits = bits >> 1;
unsigned int i;
if ((res = cry_mpi_init_list(&ctx->d, &ctx->e, &ctx->m, NULL)) != 0)
return res;
if ((res = cry_mpi_init_list(&p, &q, &p1, &q1, &phi, NULL)) != 0)
goto e;
i = MAX_ITER;
if ((res = cry_mpi_prime(&p, hbits, &i)) != 0)
goto e;
i = MAX_ITER;
if ((res = cry_mpi_prime(&q, hbits, &i)) != 0)
goto e;
if ((res = cry_mpi_mul(&ctx->m, &p, &q)) != 0)
goto e;
one.alloc = 1;
one.used = 1;
one.sign = 0;
one.data = &one_dig;
if ((res = cry_mpi_sub(&p1, &p, &one)) != 0)
goto e;
if ((res = cry_mpi_sub(&q1, &q, &one)) != 0)
goto e;
if ((res = cry_mpi_mul(&phi, &p1, &q1)) != 0)
goto e;
/* Find key */
for (i = 0; i < MAX_ITER; i++) {
cry_mpi_rand(&ctx->e, bits);
if ((res = cry_mpi_inv(&ctx->d, &ctx->e, &phi)) == 0)
break;
}
e: cry_mpi_clear_list(&p, &q, &p1, &q1, &phi, NULL);
if (res != 0)
cry_mpi_clear_list(&ctx->d, &ctx->e, &ctx->m, NULL);
return res;
}
......@@ -21,9 +21,9 @@ objs := \
crc_test.o \
hmac_test.o \
cmac_test.o \
rsa_test.o \
# md5_test.o \
sha256_test.o \
rsa_test.o \
rand_test.o \
dh_test.o \
dsa_test.o \
......
#include "test.h"
#include <cry/rsa.h>
#include <cry/prng.h>
/* Just for... coverage :-) */
#define KEYGEN_BITS 256
static void keygen(void)
{
cry_rsa_ctx rsa;
/* Seed the PRNG to make results predictable */
cry_prng_init((unsigned char *)RAND_SEED_RAW, RAND_SEED_SIZ);
ASSERT_OK(cry_rsa_keygen(&rsa, KEYGEN_BITS));
}
static const unsigned char modulus[] = {
0xC4, 0xF8, 0xE9, 0xE1, 0x5D, 0xCA, 0xDF, 0x2B,
......@@ -47,7 +61,7 @@ static const unsigned char cipher_text[] = {
#define PLAIN_LEN sizeof(plain_text)
#define CIPHER_LEN sizeof(cipher_text)
void rsa_test(void)
static void encrypt_decrypt(void)
{
cry_rsa_ctx rsa;
size_t outlen;
......@@ -58,57 +72,130 @@ void rsa_test(void)
cry_mpi_init_bin(&rsa.e, public, sizeof(public));
cry_mpi_init_bin(&rsa.d, private, sizeof(private));
TRACE("m-bits: %d\n", cry_mpi_count_bits(&rsa.m));
TRACE("e-bits: %d\n", cry_mpi_count_bits(&rsa.e));
TRACE("d-bits: %d\n", cry_mpi_count_bits(&rsa.d));
PRINT_MPI("m", &rsa.m, 16);
PRINT_MPI("e", &rsa.e, 16);
PRINT_MPI("d", &rsa.d, 16);
/*
* ES-PKCS1-v1.5
*/
rsa.flags = 0;
ASSERT_OK(cry_rsa_encrypt(&rsa, &cipher_buf, &outlen,
plain_text, PLAIN_LEN));
if (cipher_buf) {
PRINT_HEX("ciphertext", cipher_buf, outlen);
ASSERT_EQ(outlen, CIPHER_LEN);
ASSERT_OK(cry_rsa_decrypt(&rsa, &plain_buf, &outlen,
cipher_buf, outlen));
if (plain_buf) {
PRINT_HEX("plaintext ", plain_buf, outlen);
ASSERT_EQ(outlen, PLAIN_LEN);
ASSERT_EQ_BUF(plain_buf, plain_text, outlen);
free(plain_buf);
}
free(cipher_buf);
}
cry_mpi_clear_list(&rsa.m, &rsa.e, &rsa.d, NULL);
}
/*
* SSA-PKCS1-v1.5
*/
static void sign_verify(void)
{
cry_rsa_ctx rsa;
size_t outlen;
unsigned char *cipher_buf;
unsigned char *plain_buf;
cry_mpi_init_bin(&rsa.m, modulus, sizeof(modulus));
cry_mpi_init_bin(&rsa.e, public, sizeof(public));
cry_mpi_init_bin(&rsa.d, private, sizeof(private));
rsa.flags = CRY_RSA_FLAG_SIGN;
ASSERT_OK(cry_rsa_encrypt(&rsa, &cipher_buf, &outlen,
plain_text, PLAIN_LEN));
if (cipher_buf) {
PRINT_HEX("ciphertext", cipher_buf, outlen);
ASSERT_EQ(outlen, CIPHER_LEN);
ASSERT_EQ_BUF(cipher_buf, cipher_text, outlen);
ASSERT_OK(cry_rsa_decrypt(&rsa, &plain_buf, &outlen,
cipher_buf, outlen));
if (plain_buf) {
PRINT_HEX("plaintext ", plain_buf, outlen);
ASSERT_EQ(outlen, PLAIN_LEN);
ASSERT_EQ_BUF(plain_buf, plain_text, outlen);
free(plain_buf);
}
free(cipher_buf);
}
cry_mpi_clear_list(&rsa.m, &rsa.e, &rsa.d, NULL);
}
struct rsa_param {
unsigned int mlen;
unsigned int elen;
unsigned int clrlen;
unsigned int ciplen;
unsigned char *mraw;
unsigned char *eraw;
unsigned char *clrraw;
unsigned char *cipraw;
};
/*
* Params:
* p0 : M
* p1 : E
* p2 : cleartext
* p3 : ciphertext
*/
static void rsa_param_init(struct rsa_param *par, int argc, char *argv[])
{
memset(par, 0, sizeof(*par));
ASSERT(argc == 4);
par->mlen = strlen(argv[0]) >> 1;
par->elen = strlen(argv[1]) >> 1;
par->clrlen = strlen(argv[2]) >> 1;
par->ciplen = strlen(argv[3]) >> 1;
par->mraw = malloc(par->mlen + par->elen + par->clrlen + par->ciplen);
par->eraw = par->mraw + par->mlen;
par->clrraw = par->eraw + par->elen;
par->cipraw = par->clrraw + par->clrlen;
raw_init(par->mraw, par->mlen, argv[0]);
raw_init(par->eraw, par->elen, argv[1]);
raw_init(par->clrraw, par->clrlen, argv[2]);
raw_init(par->cipraw, par->ciplen, argv[3]);
}
static void rsa_pkcs1_encrypt(int argc, char *argv[])
{
struct rsa_param par;
cry_rsa_ctx rsa;
size_t outlen;
unsigned char *cipher_buf;
cry_prng_init(NULL, 0);
rsa_param_init(&par, argc, argv);
cry_mpi_init_bin(&rsa.m, par.mraw, par.mlen);
cry_mpi_init_bin(&rsa.e, par.eraw, par.elen);
rsa.flags = 0;
ASSERT_OK(cry_rsa_encrypt(&rsa, &cipher_buf, &outlen,
par.clrraw, par.clrlen));
}
static void dispatch(int argc, char *argv[])
{
char *test = *argv;
argv++;
argc--;
if (strcmp(test, "rsa_pkcs1_encrypt") == 0)
rsa_pkcs1_encrypt(argc, argv);
else
printf("Test '%s' not defined\n", test);
}
void rsa_test(void)
{
printf("* RSA Test\n");
run("Keygen 512", keygen, NULL, NULL);
run("Encrypt-Decrypt", encrypt_decrypt, NULL, NULL);
run("Sign-Verify", sign_verify, NULL, NULL);
func_test("rsa_test.data", dispatch);
printf("\n");
}
################################################################################
#
# RSA validation vectos
#
# Borrowed by MbedTLS library test data
#
################################################################################
################################################################################
# RSA-PKCS1 encrypt
# p0 : M
# p1 : E
# p2 : cleartext
# p3 : ciphertext
################################################################################
RSA PKCS1 Encrypt #1
rsa_pkcs1_encrypt
b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f
03
4E636AF98E40F3ADCFCCB698F4E80B9F
b0c0b193ba4a5b4502bfacd1a9c2697da5510f3e3ab7274cf404418afd2c62c89b98d83bbc21c8c1bf1afe6d8bf40425e053e9c03e03a3be0edbe1eda073fade1cc286cc0305a493d98fe795634c3cad7feb513edb742d66d910c87d07f6b0055c3488bb262b5fd1ce8747af64801fb39d2d3a3e57086ffe55ab8d0a2ca86975629a0f85767a4990c532a7c2dab1647997ebb234d0b28a0008bfebfc905e7ba5b30b60566a5e0190417465efdbf549934b8f0c5c9f36b7c5b6373a47ae553ced0608a161b1b70dfa509375cf7a3598223a6d7b7a1d1a06ac74d345a9bb7c0e44c8388858a4f1d8115f2bd769ffa69020385fa286302c80e950f9e2751308666c
\ No newline at end of file
This source diff could not be displayed because it is too large. You can view the blob instead.
......@@ -12,6 +12,7 @@ void affine_test(void);
void crc_test(void);
void hmac_test(void);
void cmac_test(void);
void rsa_test(void);
static int g_runs;
......@@ -40,15 +41,18 @@ struct sub_test g_tests[] = {
SUB_TEST(crc),
SUB_TEST(hmac),
SUB_TEST(cmac),
SUB_TEST(rsa),
#if 0
TEST_ELEM(md5),
TEST_ELEM(sha256),
TEST_ELEM(rsa),
TEST_ELEM(dh),
TEST_ELEM(dsa),
TEST_ELEM(ecp),
TEST_ELEM(ecdsa),
TEST_ELEM(ecdh),
TEST_ELEM(crc),
TEST_ELEM(md5),
TEST_ELEM(sha256),
TEST_ELEM(rand),
#endif
};
......
......@@ -80,5 +80,8 @@ void run(const char *name, void (* test)(void),
cry_mpi_print(mpi, rad); \
} while(0)
/* Constant seed to make "rand" results predictable */
#define RAND_SEED_RAW "RANDSEED"
#define RAND_SEED_SIZ (sizeof(RAND_SEED_RAW) - 1)
#endif /* _TEST_H_ */
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment