From 00a5212d99e244d21dfa8141f855b8f410df0900 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 20 Jun 2017 12:28:40 +0200 Subject: [PATCH 01/38] use ltc_pk_part in rsa_import_radix() --- src/headers/tomcrypt_pk.h | 11 ++++++++++- src/pk/rsa/rsa_import_radix.c | 34 +++++++++++++++++++++++----------- tests/rsa_test.c | 12 ++++++------ 3 files changed, 39 insertions(+), 18 deletions(-) diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 392268b..9674ef0 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -41,6 +41,15 @@ typedef struct Oid { int pk_get_oid(int pk, oid_st *st); #endif /* LTC_SOURCE */ +typedef struct { + void* p; + unsigned long len; + int radix; +} ltc_pk_part; + +#define PK_PART_HEX(s) &((ltc_pk_part){s, 0, 16}) +#define PK_PART_DEC(s) &((ltc_pk_part){s, 0, 10}) + /* ---- RSA ---- */ #ifdef LTC_MRSA @@ -126,7 +135,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key); int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, const void *passwd, unsigned long passwdlen, rsa_key *key); -int rsa_import_radix(int radix, char *N, char *e, char *d, char *p, char *q, char *dP, char *dQ, char *qP, rsa_key *key); +int rsa_import_radix(ltc_pk_part *N, ltc_pk_part *e, ltc_pk_part *d, ltc_pk_part *p, ltc_pk_part *q, ltc_pk_part *dP, ltc_pk_part *dQ, ltc_pk_part *qP, rsa_key *key); #endif /* ---- Katja ---- */ diff --git a/src/pk/rsa/rsa_import_radix.c b/src/pk/rsa/rsa_import_radix.c index 71ab3ea..73eda64 100755 --- a/src/pk/rsa/rsa_import_radix.c +++ b/src/pk/rsa/rsa_import_radix.c @@ -25,7 +25,19 @@ #ifdef LTC_MRSA -int rsa_import_radix(int radix, char *N, char *e, char *d, char *p, char *q, char *dP, char *dQ, char *qP, rsa_key *key) +static int _rsa_read_pk_part(void* mpi, ltc_pk_part *p) +{ + int err; + if(p->radix == 256) { + if (p->len != 0) err = mp_read_unsigned_bin(mpi, p->p, p->len); + else err = CRYPT_PK_INVALID_SIZE; + } else { + err = mp_read_radix(mpi, p->p , p->radix); + } + return err; +} + +int rsa_import_radix(ltc_pk_part *N, ltc_pk_part *e, ltc_pk_part *d, ltc_pk_part *p, ltc_pk_part *q, ltc_pk_part *dP, ltc_pk_part *dQ, ltc_pk_part *qP, rsa_key *key) { int err; @@ -37,16 +49,16 @@ int rsa_import_radix(int radix, char *N, char *e, char *d, char *p, char *q, cha err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL); if (err != CRYPT_OK) return err; - if ((err = mp_read_radix(key->N , N , radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->e , e , radix)) != CRYPT_OK) { goto LBL_ERR; } - if (d && p && q && dP && dQ && qP && strlen(d)>0 && strlen(p)>0 && - strlen(q)>0 && strlen(dP)>0 && strlen(dQ)>0 && strlen(qP)>0) { - if ((err = mp_read_radix(key->d , d , radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->p , p , radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->q , q , radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->dP, dP, radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->dQ, dQ, radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->qP, qP, radix)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = _rsa_read_pk_part(key->N , N)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = _rsa_read_pk_part(key->e , e)) != CRYPT_OK) { goto LBL_ERR; } + if (d && p && q && dP && dQ && qP && strlen(d->p)>0 && strlen(p->p)>0 && + strlen(q->p)>0 && strlen(dP->p)>0 && strlen(dQ->p)>0 && strlen(qP->p)>0) { + if ((err = _rsa_read_pk_part(key->d , d)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = _rsa_read_pk_part(key->p , p)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = _rsa_read_pk_part(key->q , q)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = _rsa_read_pk_part(key->dP, dP)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = _rsa_read_pk_part(key->dQ, dQ)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = _rsa_read_pk_part(key->qP, qP)) != CRYPT_OK) { goto LBL_ERR; } key->type = PK_PRIVATE; } else { diff --git a/tests/rsa_test.c b/tests/rsa_test.c index c2081f4..efa5afc 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -112,7 +112,7 @@ static const unsigned char pkcs8_private_rsa[] = { 0xf1, 0x4a, 0x21, 0x56, 0x67, 0xfd, 0xcc, 0x20, 0xa3, 0x8f, 0x78, 0x18, 0x5a, 0x79, 0x3d, 0x2e, 0x8e, 0x7e, 0x86, 0x0a, 0xe6, 0xa8, 0x33, 0xc1, 0x04, 0x17, 0x4a, 0x9f }; -/* private keay - hexadecimal */ +/* private key - hexadecimal */ static char *hex_d = "C862B9EADE44531D5697D9979E1ACF301E0A8845862930A34D9F616573E0D6878FB6F306A382DC7CACFE9B289AAEFDFBFE2F0ED89704E3BB1FD1EC0DBAA3497F47AC8A44047E86B739423FAD1EB70EA551F440631EFDBDEA9F419FA8901D6F0A5A9513110D80AF5F64988A2C786865B02B8BA25387CAF16404ABF27BDB83C881"; static char *hex_dP = "6DEBC32D2EF05EA488310529008AD195299B83CF75DB31E37A27DE3A74300C764CD4502A402D39D99963A95D80AE53CA943F05231EF80504E1B835F217B3A089"; static char *hex_dQ = "AB9088FA600829509A438BA050CCD85AFE976463717422A320025ACFEBC6169554D1CBAB8D1AC600FA08929C71D552523596714B8B920CD0E9BFAD630BA5E9B1"; @@ -122,7 +122,7 @@ static char *hex_p = "F7BE5E23C3323FBF8B8E3AEEFCFCCBE5F7F10BBC4282AED57A3ECAF7D static char *hex_q = "D6860E85420B0408842160F00E0D88FD1E3610654F1E53B40872805C3F596617E698F2E96C7A064CAC763DED8CA1CEAD1BBDB47D28BCE30E388D99D805B5A371"; static char *hex_qP = "DCCC27C8E4DC6248D59BAFF5AB60F621FD53E2B75D09C91AA104A9FC612C5D04583A5A39F14A215667FDCC20A38F78185A793D2E8E7E860AE6A833C104174A9F"; -/* private keay - decimal */ +/* private key - decimal */ static char *dec_d = "140715588362011445903700789698620706303856890313846506579552319155852306603445626455616876267358538338151320072087950597426668358843246116141391746806252390039505422193715556188330352166601762210959618868365359433828069868584168017348772565936127608284367789455480066115411950431014508224203325089671253575809"; static char *dec_dP = "5757027123463051531073361217943880203685183318942602176865989327630429772398553254013771630974725523559703665512845231173916766336576994271809362147385481"; static char *dec_dQ = "8985566687080619280443708121716583572314829758991088624433980393739288226842152842353421251125477168722728289150354056572727675764519591179919295246625201"; @@ -250,7 +250,7 @@ static int rsa_compat_test(void) rsa_free(&key); /* try import private key from raw hexadecimal numbers */ - DO(rsa_import_radix(16, hex_N, hex_e, hex_d, hex_p, hex_q, hex_dP, hex_dQ, hex_qP, &key)); + DO(rsa_import_radix(PK_PART_HEX(hex_N), PK_PART_HEX(hex_e), PK_PART_HEX(hex_d), PK_PART_HEX(hex_p), PK_PART_HEX(hex_q), PK_PART_HEX(hex_dP), PK_PART_HEX(hex_dQ), PK_PART_HEX(hex_qP), &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); if (len != sizeof(openssl_private_rsa) || memcmp(buf, openssl_private_rsa, len)) { @@ -260,7 +260,7 @@ static int rsa_compat_test(void) rsa_free(&key); /* try import private key from raw decimal numbers */ - DO(rsa_import_radix(10, dec_N, dec_e, dec_d, dec_p, dec_q, dec_dP, dec_dQ, dec_qP, &key)); + DO(rsa_import_radix(PK_PART_DEC(dec_N), PK_PART_DEC(dec_e), PK_PART_DEC(dec_d), PK_PART_DEC(dec_p), PK_PART_DEC(dec_q), PK_PART_DEC(dec_dP), PK_PART_DEC(dec_dQ), PK_PART_DEC(dec_qP), &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); if (len != sizeof(openssl_private_rsa) || memcmp(buf, openssl_private_rsa, len)) { @@ -270,7 +270,7 @@ static int rsa_compat_test(void) rsa_free(&key); /* try import public key from raw hexadecimal numbers */ - DO(rsa_import_radix(16, hex_N, hex_e, NULL, NULL, NULL, NULL, NULL, NULL, &key)); + DO(rsa_import_radix(PK_PART_HEX(hex_N), PK_PART_HEX(hex_e), NULL, NULL, NULL, NULL, NULL, NULL, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); if (len != sizeof(openssl_public_rsa_stripped) || memcmp(buf, openssl_public_rsa_stripped, len)) { @@ -280,7 +280,7 @@ static int rsa_compat_test(void) rsa_free(&key); /* try import public key from raw decimal numbers */ - DO(rsa_import_radix(10, dec_N, dec_e, NULL, NULL, NULL, NULL, NULL, NULL, &key)); + DO(rsa_import_radix(PK_PART_DEC(dec_N), PK_PART_DEC(dec_e), NULL, NULL, NULL, NULL, NULL, NULL, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); if (len != sizeof(openssl_public_rsa_stripped) || memcmp(buf, openssl_public_rsa_stripped, len)) { From bfae92e4abd72970a0d46c89c5e6ca1b9fb76dbf Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 20 Jun 2017 12:52:10 +0200 Subject: [PATCH 02/38] use compare_testvector() in rsa_test() --- tests/rsa_test.c | 27 +++++++++------------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/tests/rsa_test.c b/tests/rsa_test.c index efa5afc..41a88df 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -206,15 +206,13 @@ static int rsa_compat_test(void) /* now try to export private/public and compare */ len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); - if (len != sizeof(openssl_private_rsa) || memcmp(buf, openssl_private_rsa, len)) { - fprintf(stderr, "RSA private export failed to match OpenSSL output, %lu, %lu\n", len, (unsigned long)sizeof(openssl_private_rsa)); + if (compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from OpenSSL)", 0)) { return 1; } len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); - if (len != sizeof(openssl_public_rsa_stripped) || memcmp(buf, openssl_public_rsa_stripped, len)) { - fprintf(stderr, "RSA(private) public export failed to match OpenSSL output\n"); + if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from OpenSSL private key)", 0)) { return 1; } rsa_free(&key); @@ -223,8 +221,7 @@ static int rsa_compat_test(void) DO(rsa_import(openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); - if (len != sizeof(openssl_public_rsa_stripped) || memcmp(buf, openssl_public_rsa_stripped, len)) { - fprintf(stderr, "RSA(public) stripped public import failed to match OpenSSL output\n"); + if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from stripped OpenSSL)", 0)) { return 1; } rsa_free(&key); @@ -233,8 +230,7 @@ static int rsa_compat_test(void) DO(rsa_import(openssl_public_rsa, sizeof(openssl_public_rsa), &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); - if (len != sizeof(openssl_public_rsa_stripped) || memcmp(buf, openssl_public_rsa_stripped, len)) { - fprintf(stderr, "RSA(public) SSL public import failed to match OpenSSL output\n"); + if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from OpenSSL)", 0)) { return 1; } rsa_free(&key); @@ -243,8 +239,7 @@ static int rsa_compat_test(void) DO(rsa_import_pkcs8(pkcs8_private_rsa, sizeof(pkcs8_private_rsa), NULL, 0, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); - if (len != sizeof(openssl_private_rsa) || memcmp(buf, openssl_private_rsa, len)) { - fprintf(stderr, "RSA private export failed to match rsa_import_pkcs8\n"); + if (compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from PKCS#8)", 0)) { return 1; } rsa_free(&key); @@ -253,8 +248,7 @@ static int rsa_compat_test(void) DO(rsa_import_radix(PK_PART_HEX(hex_N), PK_PART_HEX(hex_e), PK_PART_HEX(hex_d), PK_PART_HEX(hex_p), PK_PART_HEX(hex_q), PK_PART_HEX(hex_dP), PK_PART_HEX(hex_dQ), PK_PART_HEX(hex_qP), &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); - if (len != sizeof(openssl_private_rsa) || memcmp(buf, openssl_private_rsa, len)) { - fprintf(stderr, "RSA private export failed to match rsa_import_radix(16, ..)\n"); + if (compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from hex)", 0)) { return 1; } rsa_free(&key); @@ -263,8 +257,7 @@ static int rsa_compat_test(void) DO(rsa_import_radix(PK_PART_DEC(dec_N), PK_PART_DEC(dec_e), PK_PART_DEC(dec_d), PK_PART_DEC(dec_p), PK_PART_DEC(dec_q), PK_PART_DEC(dec_dP), PK_PART_DEC(dec_dQ), PK_PART_DEC(dec_qP), &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); - if (len != sizeof(openssl_private_rsa) || memcmp(buf, openssl_private_rsa, len)) { - fprintf(stderr, "RSA private export failed to match rsa_import_radix(10, ..)\n"); + if (compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from dec)", 0)) { return 1; } rsa_free(&key); @@ -273,8 +266,7 @@ static int rsa_compat_test(void) DO(rsa_import_radix(PK_PART_HEX(hex_N), PK_PART_HEX(hex_e), NULL, NULL, NULL, NULL, NULL, NULL, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); - if (len != sizeof(openssl_public_rsa_stripped) || memcmp(buf, openssl_public_rsa_stripped, len)) { - fprintf(stderr, "RSA public export failed to match rsa_import_radix(16, ..)\n"); + if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from hex)", 0)) { return 1; } rsa_free(&key); @@ -283,8 +275,7 @@ static int rsa_compat_test(void) DO(rsa_import_radix(PK_PART_DEC(dec_N), PK_PART_DEC(dec_e), NULL, NULL, NULL, NULL, NULL, NULL, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); - if (len != sizeof(openssl_public_rsa_stripped) || memcmp(buf, openssl_public_rsa_stripped, len)) { - fprintf(stderr, "RSA public export failed to match rsa_import_radix(10, ..)\n"); + if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from dec)", 0)) { return 1; } rsa_free(&key); From 4afc024f6a9366fc7fc34b026b8190eafaf65547 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 20 Jun 2017 12:52:31 +0200 Subject: [PATCH 03/38] also test binary import --- src/headers/tomcrypt_pk.h | 5 +++-- tests/rsa_test.c | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 9674ef0..58bbefd 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -47,8 +47,9 @@ typedef struct { int radix; } ltc_pk_part; -#define PK_PART_HEX(s) &((ltc_pk_part){s, 0, 16}) -#define PK_PART_DEC(s) &((ltc_pk_part){s, 0, 10}) +#define PK_PART_HEX(s) &((ltc_pk_part){s, 0, 16}) +#define PK_PART_DEC(d) &((ltc_pk_part){d, 0, 10}) +#define PK_PART_BIN(b, l) &((ltc_pk_part){b, l, 256}) /* ---- RSA ---- */ #ifdef LTC_MRSA diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 41a88df..25828d4 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -181,6 +181,7 @@ static int rsa_compat_test(void) { rsa_key key, pubkey; int stat; + void* mpi; unsigned char buf[1024]; unsigned long len; @@ -280,6 +281,20 @@ static int rsa_compat_test(void) } rsa_free(&key); + /* try import public key from mixed numbers */ + DO(mp_init(&mpi)); + DO(mp_read_radix(mpi, dec_N, 10)); + DO(mp_to_unsigned_bin(mpi, buf)); + len = mp_unsigned_bin_size(mpi); + DO(rsa_import_radix(PK_PART_BIN(buf, len), PK_PART_DEC(dec_e), NULL, NULL, NULL, NULL, NULL, NULL, &key)); + mp_clear(mpi); + len = sizeof(buf); + DO(rsa_export(buf, &len, PK_PUBLIC, &key)); + if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from mixed)", 0)) { + return 1; + } + rsa_free(&key); + /* try export in SubjectPublicKeyInfo format of the public key */ DO(rsa_import(openssl_public_rsa, sizeof(openssl_public_rsa), &key)); len = sizeof(buf); From 083e8af78bbb6b05949825d6f0a46913966529ab Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 27 Jun 2017 16:30:02 +0200 Subject: [PATCH 04/38] Revert "also test binary import" This reverts commit 8b6f8c8cce325fa1ce3b61805aa80cdabc1826b4. --- src/headers/tomcrypt_pk.h | 5 ++--- tests/rsa_test.c | 15 --------------- 2 files changed, 2 insertions(+), 18 deletions(-) diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 58bbefd..9674ef0 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -47,9 +47,8 @@ typedef struct { int radix; } ltc_pk_part; -#define PK_PART_HEX(s) &((ltc_pk_part){s, 0, 16}) -#define PK_PART_DEC(d) &((ltc_pk_part){d, 0, 10}) -#define PK_PART_BIN(b, l) &((ltc_pk_part){b, l, 256}) +#define PK_PART_HEX(s) &((ltc_pk_part){s, 0, 16}) +#define PK_PART_DEC(s) &((ltc_pk_part){s, 0, 10}) /* ---- RSA ---- */ #ifdef LTC_MRSA diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 25828d4..41a88df 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -181,7 +181,6 @@ static int rsa_compat_test(void) { rsa_key key, pubkey; int stat; - void* mpi; unsigned char buf[1024]; unsigned long len; @@ -281,20 +280,6 @@ static int rsa_compat_test(void) } rsa_free(&key); - /* try import public key from mixed numbers */ - DO(mp_init(&mpi)); - DO(mp_read_radix(mpi, dec_N, 10)); - DO(mp_to_unsigned_bin(mpi, buf)); - len = mp_unsigned_bin_size(mpi); - DO(rsa_import_radix(PK_PART_BIN(buf, len), PK_PART_DEC(dec_e), NULL, NULL, NULL, NULL, NULL, NULL, &key)); - mp_clear(mpi); - len = sizeof(buf); - DO(rsa_export(buf, &len, PK_PUBLIC, &key)); - if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from mixed)", 0)) { - return 1; - } - rsa_free(&key); - /* try export in SubjectPublicKeyInfo format of the public key */ DO(rsa_import(openssl_public_rsa, sizeof(openssl_public_rsa), &key)); len = sizeof(buf); From 05e9f0ee798623e1cc79b835fe026066e10d5dff Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 27 Jun 2017 16:30:05 +0200 Subject: [PATCH 05/38] Revert "use ltc_pk_part in rsa_import_radix()" This reverts commit 023e4a2c23641d852cf47000948fa29a53249457. --- src/headers/tomcrypt_pk.h | 11 +---------- src/pk/rsa/rsa_import_radix.c | 34 +++++++++++----------------------- tests/rsa_test.c | 12 ++++++------ 3 files changed, 18 insertions(+), 39 deletions(-) diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 9674ef0..392268b 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -41,15 +41,6 @@ typedef struct Oid { int pk_get_oid(int pk, oid_st *st); #endif /* LTC_SOURCE */ -typedef struct { - void* p; - unsigned long len; - int radix; -} ltc_pk_part; - -#define PK_PART_HEX(s) &((ltc_pk_part){s, 0, 16}) -#define PK_PART_DEC(s) &((ltc_pk_part){s, 0, 10}) - /* ---- RSA ---- */ #ifdef LTC_MRSA @@ -135,7 +126,7 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key); int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, const void *passwd, unsigned long passwdlen, rsa_key *key); -int rsa_import_radix(ltc_pk_part *N, ltc_pk_part *e, ltc_pk_part *d, ltc_pk_part *p, ltc_pk_part *q, ltc_pk_part *dP, ltc_pk_part *dQ, ltc_pk_part *qP, rsa_key *key); +int rsa_import_radix(int radix, char *N, char *e, char *d, char *p, char *q, char *dP, char *dQ, char *qP, rsa_key *key); #endif /* ---- Katja ---- */ diff --git a/src/pk/rsa/rsa_import_radix.c b/src/pk/rsa/rsa_import_radix.c index 73eda64..71ab3ea 100755 --- a/src/pk/rsa/rsa_import_radix.c +++ b/src/pk/rsa/rsa_import_radix.c @@ -25,19 +25,7 @@ #ifdef LTC_MRSA -static int _rsa_read_pk_part(void* mpi, ltc_pk_part *p) -{ - int err; - if(p->radix == 256) { - if (p->len != 0) err = mp_read_unsigned_bin(mpi, p->p, p->len); - else err = CRYPT_PK_INVALID_SIZE; - } else { - err = mp_read_radix(mpi, p->p , p->radix); - } - return err; -} - -int rsa_import_radix(ltc_pk_part *N, ltc_pk_part *e, ltc_pk_part *d, ltc_pk_part *p, ltc_pk_part *q, ltc_pk_part *dP, ltc_pk_part *dQ, ltc_pk_part *qP, rsa_key *key) +int rsa_import_radix(int radix, char *N, char *e, char *d, char *p, char *q, char *dP, char *dQ, char *qP, rsa_key *key) { int err; @@ -49,16 +37,16 @@ int rsa_import_radix(ltc_pk_part *N, ltc_pk_part *e, ltc_pk_part *d, ltc_pk_part err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL); if (err != CRYPT_OK) return err; - if ((err = _rsa_read_pk_part(key->N , N)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = _rsa_read_pk_part(key->e , e)) != CRYPT_OK) { goto LBL_ERR; } - if (d && p && q && dP && dQ && qP && strlen(d->p)>0 && strlen(p->p)>0 && - strlen(q->p)>0 && strlen(dP->p)>0 && strlen(dQ->p)>0 && strlen(qP->p)>0) { - if ((err = _rsa_read_pk_part(key->d , d)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = _rsa_read_pk_part(key->p , p)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = _rsa_read_pk_part(key->q , q)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = _rsa_read_pk_part(key->dP, dP)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = _rsa_read_pk_part(key->dQ, dQ)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = _rsa_read_pk_part(key->qP, qP)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_radix(key->N , N , radix)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_radix(key->e , e , radix)) != CRYPT_OK) { goto LBL_ERR; } + if (d && p && q && dP && dQ && qP && strlen(d)>0 && strlen(p)>0 && + strlen(q)>0 && strlen(dP)>0 && strlen(dQ)>0 && strlen(qP)>0) { + if ((err = mp_read_radix(key->d , d , radix)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_radix(key->p , p , radix)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_radix(key->q , q , radix)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_radix(key->dP, dP, radix)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_radix(key->dQ, dQ, radix)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_radix(key->qP, qP, radix)) != CRYPT_OK) { goto LBL_ERR; } key->type = PK_PRIVATE; } else { diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 41a88df..72d9935 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -112,7 +112,7 @@ static const unsigned char pkcs8_private_rsa[] = { 0xf1, 0x4a, 0x21, 0x56, 0x67, 0xfd, 0xcc, 0x20, 0xa3, 0x8f, 0x78, 0x18, 0x5a, 0x79, 0x3d, 0x2e, 0x8e, 0x7e, 0x86, 0x0a, 0xe6, 0xa8, 0x33, 0xc1, 0x04, 0x17, 0x4a, 0x9f }; -/* private key - hexadecimal */ +/* private keay - hexadecimal */ static char *hex_d = "C862B9EADE44531D5697D9979E1ACF301E0A8845862930A34D9F616573E0D6878FB6F306A382DC7CACFE9B289AAEFDFBFE2F0ED89704E3BB1FD1EC0DBAA3497F47AC8A44047E86B739423FAD1EB70EA551F440631EFDBDEA9F419FA8901D6F0A5A9513110D80AF5F64988A2C786865B02B8BA25387CAF16404ABF27BDB83C881"; static char *hex_dP = "6DEBC32D2EF05EA488310529008AD195299B83CF75DB31E37A27DE3A74300C764CD4502A402D39D99963A95D80AE53CA943F05231EF80504E1B835F217B3A089"; static char *hex_dQ = "AB9088FA600829509A438BA050CCD85AFE976463717422A320025ACFEBC6169554D1CBAB8D1AC600FA08929C71D552523596714B8B920CD0E9BFAD630BA5E9B1"; @@ -122,7 +122,7 @@ static char *hex_p = "F7BE5E23C3323FBF8B8E3AEEFCFCCBE5F7F10BBC4282AED57A3ECAF7D static char *hex_q = "D6860E85420B0408842160F00E0D88FD1E3610654F1E53B40872805C3F596617E698F2E96C7A064CAC763DED8CA1CEAD1BBDB47D28BCE30E388D99D805B5A371"; static char *hex_qP = "DCCC27C8E4DC6248D59BAFF5AB60F621FD53E2B75D09C91AA104A9FC612C5D04583A5A39F14A215667FDCC20A38F78185A793D2E8E7E860AE6A833C104174A9F"; -/* private key - decimal */ +/* private keay - decimal */ static char *dec_d = "140715588362011445903700789698620706303856890313846506579552319155852306603445626455616876267358538338151320072087950597426668358843246116141391746806252390039505422193715556188330352166601762210959618868365359433828069868584168017348772565936127608284367789455480066115411950431014508224203325089671253575809"; static char *dec_dP = "5757027123463051531073361217943880203685183318942602176865989327630429772398553254013771630974725523559703665512845231173916766336576994271809362147385481"; static char *dec_dQ = "8985566687080619280443708121716583572314829758991088624433980393739288226842152842353421251125477168722728289150354056572727675764519591179919295246625201"; @@ -245,7 +245,7 @@ static int rsa_compat_test(void) rsa_free(&key); /* try import private key from raw hexadecimal numbers */ - DO(rsa_import_radix(PK_PART_HEX(hex_N), PK_PART_HEX(hex_e), PK_PART_HEX(hex_d), PK_PART_HEX(hex_p), PK_PART_HEX(hex_q), PK_PART_HEX(hex_dP), PK_PART_HEX(hex_dQ), PK_PART_HEX(hex_qP), &key)); + DO(rsa_import_radix(16, hex_N, hex_e, hex_d, hex_p, hex_q, hex_dP, hex_dQ, hex_qP, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); if (compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from hex)", 0)) { @@ -254,7 +254,7 @@ static int rsa_compat_test(void) rsa_free(&key); /* try import private key from raw decimal numbers */ - DO(rsa_import_radix(PK_PART_DEC(dec_N), PK_PART_DEC(dec_e), PK_PART_DEC(dec_d), PK_PART_DEC(dec_p), PK_PART_DEC(dec_q), PK_PART_DEC(dec_dP), PK_PART_DEC(dec_dQ), PK_PART_DEC(dec_qP), &key)); + DO(rsa_import_radix(10, dec_N, dec_e, dec_d, dec_p, dec_q, dec_dP, dec_dQ, dec_qP, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); if (compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from dec)", 0)) { @@ -263,7 +263,7 @@ static int rsa_compat_test(void) rsa_free(&key); /* try import public key from raw hexadecimal numbers */ - DO(rsa_import_radix(PK_PART_HEX(hex_N), PK_PART_HEX(hex_e), NULL, NULL, NULL, NULL, NULL, NULL, &key)); + DO(rsa_import_radix(16, hex_N, hex_e, NULL, NULL, NULL, NULL, NULL, NULL, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from hex)", 0)) { @@ -272,7 +272,7 @@ static int rsa_compat_test(void) rsa_free(&key); /* try import public key from raw decimal numbers */ - DO(rsa_import_radix(PK_PART_DEC(dec_N), PK_PART_DEC(dec_e), NULL, NULL, NULL, NULL, NULL, NULL, &key)); + DO(rsa_import_radix(10, dec_N, dec_e, NULL, NULL, NULL, NULL, NULL, NULL, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from dec)", 0)) { From 6b798ca6a6175773df08ccd54241d0e4d5c4719b Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 27 Jun 2017 17:44:19 +0200 Subject: [PATCH 06/38] replace rsa_import_radix() by rsa_set_{key,factors,crt_params}() --- src/headers/tomcrypt_pk.h | 13 +++- src/pk/rsa/rsa_import_radix.c | 66 ----------------- src/pk/rsa/rsa_set.c | 134 ++++++++++++++++++++++++++++++++++ 3 files changed, 146 insertions(+), 67 deletions(-) delete mode 100755 src/pk/rsa/rsa_import_radix.c create mode 100755 src/pk/rsa/rsa_set.c diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 392268b..9adb389 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -126,7 +126,18 @@ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key); int rsa_import_x509(const unsigned char *in, unsigned long inlen, rsa_key *key); int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, const void *passwd, unsigned long passwdlen, rsa_key *key); -int rsa_import_radix(int radix, char *N, char *e, char *d, char *p, char *q, char *dP, char *dQ, char *qP, rsa_key *key); + +int rsa_set_key(const unsigned char *N, unsigned long Nlen, + const unsigned char *e, unsigned long elen, + const unsigned char *d, unsigned long dlen, /* is NULL for public keys */ + rsa_key *key); +int rsa_set_factors(const unsigned char *p, unsigned long plen, + const unsigned char *q, unsigned long qlen, + rsa_key *key); +int rsa_set_crt_params(const unsigned char *dP, unsigned long dPlen, + const unsigned char *dQ, unsigned long dQlen, + const unsigned char *qP, unsigned long qPlen, + rsa_key *key); #endif /* ---- Katja ---- */ diff --git a/src/pk/rsa/rsa_import_radix.c b/src/pk/rsa/rsa_import_radix.c deleted file mode 100755 index 71ab3ea..0000000 --- a/src/pk/rsa/rsa_import_radix.c +++ /dev/null @@ -1,66 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - Import RSA public or private key from raw numbers - @param radix the radix the numbers are represented in (2-64, 16 = hexadecimal) - @param N RSA's N in radix representation - @param e RSA's e in radix representation - @param d RSA's d in radix representation (only private key, NULL for public key) - @param p RSA's p in radix representation (only private key, NULL for public key) - @param q RSA's q in radix representation (only private key, NULL for public key) - @param dP RSA's dP in radix representation (only private key, NULL for public key) - @param dQ RSA's dQ in radix representation (only private key, NULL for public key) - @param qP RSA's qP in radix representation (only private key, NULL for public key) - @param key [out] the destination for the imported key - @return CRYPT_OK if successful, upon error allocated memory is freed -*/ - -#ifdef LTC_MRSA - -int rsa_import_radix(int radix, char *N, char *e, char *d, char *p, char *q, char *dP, char *dQ, char *qP, rsa_key *key) -{ - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(N != NULL); - LTC_ARGCHK(e != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL); - if (err != CRYPT_OK) return err; - - if ((err = mp_read_radix(key->N , N , radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->e , e , radix)) != CRYPT_OK) { goto LBL_ERR; } - if (d && p && q && dP && dQ && qP && strlen(d)>0 && strlen(p)>0 && - strlen(q)>0 && strlen(dP)>0 && strlen(dQ)>0 && strlen(qP)>0) { - if ((err = mp_read_radix(key->d , d , radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->p , p , radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->q , q , radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->dP, dP, radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->dQ, dQ, radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->qP, qP, radix)) != CRYPT_OK) { goto LBL_ERR; } - key->type = PK_PRIVATE; - } - else { - key->type = PK_PUBLIC; - } - return CRYPT_OK; - -LBL_ERR: - mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); - return err; -} - -#endif /* LTC_MRSA */ - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/src/pk/rsa/rsa_set.c b/src/pk/rsa/rsa_set.c new file mode 100755 index 0000000..c454320 --- /dev/null +++ b/src/pk/rsa/rsa_set.c @@ -0,0 +1,134 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ +#include "tomcrypt.h" + + +#ifdef LTC_MRSA + +/** + Import RSA key from raw numbers + + @param N RSA's N + @param Nlen RSA's N's length + @param e RSA's e + @param elen RSA's e's length + @param d RSA's d (only private key, NULL for public key) + @param dlen RSA's d's length + @param key [out] the destination for the imported key + @return CRYPT_OK if successful +*/ +int rsa_set_key(const unsigned char *N, unsigned long Nlen, + const unsigned char *e, unsigned long elen, + const unsigned char *d, unsigned long dlen, /* is NULL for public keys */ + rsa_key *key) +{ + int err; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(N != NULL); + LTC_ARGCHK(e != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL); + if (err != CRYPT_OK) return err; + + if ((err = mp_read_unsigned_bin(key->N , (unsigned char *)N , Nlen)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_unsigned_bin(key->e , (unsigned char *)e , elen)) != CRYPT_OK) { goto LBL_ERR; } + if (d && dlen) { + if ((err = mp_read_unsigned_bin(key->d , (unsigned char *)d , dlen)) != CRYPT_OK) { goto LBL_ERR; } + key->type = PK_PRIVATE; + } + else { + key->type = PK_PUBLIC; + } + return CRYPT_OK; + +LBL_ERR: + rsa_free(key); + return err; +} + +/** + Import factors of an RSA key from raw numbers + + Only for private keys. + + @param p RSA's p + @param plen RSA's p's length + @param q RSA's q + @param qlen RSA's q's length + @param key [out] the destination for the imported key + @return CRYPT_OK if successful +*/ +int rsa_set_factors(const unsigned char *p, unsigned long plen, + const unsigned char *q, unsigned long qlen, + rsa_key *key) +{ + int err; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(p != NULL); + LTC_ARGCHK(q != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + if (key->type != PK_PRIVATE) return CRYPT_PK_TYPE_MISMATCH; + + if ((err = mp_read_unsigned_bin(key->p , (unsigned char *)p , plen)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_unsigned_bin(key->q , (unsigned char *)q , qlen)) != CRYPT_OK) { goto LBL_ERR; } + return CRYPT_OK; + +LBL_ERR: + rsa_free(key); + return err; +} + +/** + Import CRT parameters of an RSA key from raw numbers + + Only for private keys. + + @param dP RSA's dP + @param dPlen RSA's dP's length + @param dQ RSA's dQ + @param dQlen RSA's dQ's length + @param qP RSA's qP + @param qPlen RSA's qP's length + @param key [out] the destination for the imported key + @return CRYPT_OK if successful +*/ +int rsa_set_crt_params(const unsigned char *dP, unsigned long dPlen, + const unsigned char *dQ, unsigned long dQlen, + const unsigned char *qP, unsigned long qPlen, + rsa_key *key) +{ + int err; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(dP != NULL); + LTC_ARGCHK(dQ != NULL); + LTC_ARGCHK(qP != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + if (key->type != PK_PRIVATE) return CRYPT_PK_TYPE_MISMATCH; + + if ((err = mp_read_unsigned_bin(key->dP, (unsigned char *)dP, dPlen)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_unsigned_bin(key->dQ, (unsigned char *)dQ, dQlen)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_unsigned_bin(key->qP, (unsigned char *)qP, qPlen)) != CRYPT_OK) { goto LBL_ERR; } + return CRYPT_OK; + +LBL_ERR: + rsa_free(key); + return err; +} + +#endif /* LTC_MRSA */ + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ From 627f6696cb0cae453e89355aba96b03f94c240c7 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 27 Jun 2017 17:44:33 +0200 Subject: [PATCH 07/38] add radix_to_bin() --- src/headers/tomcrypt_math.h | 2 ++ src/math/radix_to_bin.c | 55 +++++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+) create mode 100644 src/math/radix_to_bin.c diff --git a/src/headers/tomcrypt_math.h b/src/headers/tomcrypt_math.h index 4332e5b..3fa74f2 100644 --- a/src/headers/tomcrypt_math.h +++ b/src/headers/tomcrypt_math.h @@ -30,6 +30,8 @@ #define LTC_MILLER_RABIN_REPS 35 #endif +int radix_to_bin(const void *in, int radix, void *out, size_t* len); + /** math descriptor */ typedef struct { /** Name of the math provider */ diff --git a/src/math/radix_to_bin.c b/src/math/radix_to_bin.c new file mode 100644 index 0000000..7486919 --- /dev/null +++ b/src/math/radix_to_bin.c @@ -0,0 +1,55 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ +#include "tomcrypt.h" + +/** + @file radix_to_bin.c + Convert an MPI from a specific radix to binary data. + Steffen Jaeckel +*/ + +/** + Convert an MPI from a specific radix to binary data + + @param in The input + @param radix The radix of the input + @param out The output buffer + @param len [in/out] The length of the output buffer + + @return CRYPT_OK on success. +*/ +int radix_to_bin(const void *in, int radix, void *out, size_t* len) +{ + size_t l; + void* mpi; + int err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(len != NULL); + + if ((err = mp_init(&mpi)) != CRYPT_OK) return err; + if ((err = mp_read_radix(mpi, in, radix)) != CRYPT_OK) goto LBL_ERR; + + if ((l = mp_unsigned_bin_size(mpi)) > *len) { + *len = l; + err = CRYPT_BUFFER_OVERFLOW; + goto LBL_ERR; + } + *len = l; + + if ((err = mp_to_unsigned_bin(mpi, out)) != CRYPT_OK) goto LBL_ERR; + +LBL_ERR: + mp_clear(mpi); + return err; +} + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ From ae7d4d294747ee17f24684cb87a4dae1206f179a Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 27 Jun 2017 17:52:30 +0200 Subject: [PATCH 08/38] re-factor rsa_test() to new rsa_set_X() API --- tests/rsa_test.c | 99 ++++++++++++++++++++++++++++++------------------ 1 file changed, 63 insertions(+), 36 deletions(-) diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 72d9935..57d9457 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -112,25 +112,37 @@ static const unsigned char pkcs8_private_rsa[] = { 0xf1, 0x4a, 0x21, 0x56, 0x67, 0xfd, 0xcc, 0x20, 0xa3, 0x8f, 0x78, 0x18, 0x5a, 0x79, 0x3d, 0x2e, 0x8e, 0x7e, 0x86, 0x0a, 0xe6, 0xa8, 0x33, 0xc1, 0x04, 0x17, 0x4a, 0x9f }; -/* private keay - hexadecimal */ -static char *hex_d = "C862B9EADE44531D5697D9979E1ACF301E0A8845862930A34D9F616573E0D6878FB6F306A382DC7CACFE9B289AAEFDFBFE2F0ED89704E3BB1FD1EC0DBAA3497F47AC8A44047E86B739423FAD1EB70EA551F440631EFDBDEA9F419FA8901D6F0A5A9513110D80AF5F64988A2C786865B02B8BA25387CAF16404ABF27BDB83C881"; -static char *hex_dP = "6DEBC32D2EF05EA488310529008AD195299B83CF75DB31E37A27DE3A74300C764CD4502A402D39D99963A95D80AE53CA943F05231EF80504E1B835F217B3A089"; -static char *hex_dQ = "AB9088FA600829509A438BA050CCD85AFE976463717422A320025ACFEBC6169554D1CBAB8D1AC600FA08929C71D552523596714B8B920CD0E9BFAD630BA5E9B1"; -static char *hex_e = "010001"; -static char *hex_N = "CF9ADE648ADAC83320A9D783311954B29A85A7A1B77533B6A9AC8424B3DEDB7D852D9665E53F7295249F2868CA4FDB441C3E60128ADD26A5EBFF0B5ED48838492A6E5BBF123747BD056BBCDBF3EEE4118E41687C6113D742C880BE368FDC088B4FACA4E2760CC9636C495893EDCCAADC253B0A603F8B543AC34D31E794A444FD"; -static char *hex_p = "F7BE5E23C3323FBF8B8E3AEEFCFCCBE5F7F10BBC4282AED57A3ECAF7D5693F6425A21FB77575059242EBB8F1F30A05E394D1557835A036A09B7C92846CDDDC4D"; -static char *hex_q = "D6860E85420B0408842160F00E0D88FD1E3610654F1E53B40872805C3F596617E698F2E96C7A064CAC763DED8CA1CEAD1BBDB47D28BCE30E388D99D805B5A371"; -static char *hex_qP = "DCCC27C8E4DC6248D59BAFF5AB60F621FD53E2B75D09C91AA104A9FC612C5D04583A5A39F14A215667FDCC20A38F78185A793D2E8E7E860AE6A833C104174A9F"; +/* private key - hexadecimal */ +enum { + pk_d , + pk_dP, + pk_dQ, + pk_e , + pk_N , + pk_p , + pk_q , + pk_qP, +}; +static const char *hex_key[] = { + "C862B9EADE44531D5697D9979E1ACF301E0A8845862930A34D9F616573E0D6878FB6F306A382DC7CACFE9B289AAEFDFBFE2F0ED89704E3BB1FD1EC0DBAA3497F47AC8A44047E86B739423FAD1EB70EA551F440631EFDBDEA9F419FA8901D6F0A5A9513110D80AF5F64988A2C786865B02B8BA25387CAF16404ABF27BDB83C881", + "6DEBC32D2EF05EA488310529008AD195299B83CF75DB31E37A27DE3A74300C764CD4502A402D39D99963A95D80AE53CA943F05231EF80504E1B835F217B3A089", + "AB9088FA600829509A438BA050CCD85AFE976463717422A320025ACFEBC6169554D1CBAB8D1AC600FA08929C71D552523596714B8B920CD0E9BFAD630BA5E9B1", + "010001", + "CF9ADE648ADAC83320A9D783311954B29A85A7A1B77533B6A9AC8424B3DEDB7D852D9665E53F7295249F2868CA4FDB441C3E60128ADD26A5EBFF0B5ED48838492A6E5BBF123747BD056BBCDBF3EEE4118E41687C6113D742C880BE368FDC088B4FACA4E2760CC9636C495893EDCCAADC253B0A603F8B543AC34D31E794A444FD", + "F7BE5E23C3323FBF8B8E3AEEFCFCCBE5F7F10BBC4282AED57A3ECAF7D5693F6425A21FB77575059242EBB8F1F30A05E394D1557835A036A09B7C92846CDDDC4D", + "D6860E85420B0408842160F00E0D88FD1E3610654F1E53B40872805C3F596617E698F2E96C7A064CAC763DED8CA1CEAD1BBDB47D28BCE30E388D99D805B5A371", + "DCCC27C8E4DC6248D59BAFF5AB60F621FD53E2B75D09C91AA104A9FC612C5D04583A5A39F14A215667FDCC20A38F78185A793D2E8E7E860AE6A833C104174A9F" }; -/* private keay - decimal */ -static char *dec_d = "140715588362011445903700789698620706303856890313846506579552319155852306603445626455616876267358538338151320072087950597426668358843246116141391746806252390039505422193715556188330352166601762210959618868365359433828069868584168017348772565936127608284367789455480066115411950431014508224203325089671253575809"; -static char *dec_dP = "5757027123463051531073361217943880203685183318942602176865989327630429772398553254013771630974725523559703665512845231173916766336576994271809362147385481"; -static char *dec_dQ = "8985566687080619280443708121716583572314829758991088624433980393739288226842152842353421251125477168722728289150354056572727675764519591179919295246625201"; -static char *dec_e = "65537"; -static char *dec_N = "145785157837445763858971808379627955816432214431353481009581718367907499729204464589803079767521523397316119124291441688063985017444589154155338311524887989148444674974298105211582428885045820631376256167593861203305479546421254276833052913791538765775697977909548553897629170045372476652935456198173974086909"; -static char *dec_p = "12975386429272921390465467849934248466500992474501042673679976015025637113752114471707151502138750486193421113099777767227628554763059580218432153760685133"; -static char *dec_q = "11235515692122231999359687466333538198133993435121038200055897831921312127192760781281669977582095991578071163376390471936482431583372835883432943212143473"; -static char *dec_qP = "11564102464723136702427739477324729528451027211272900753079601723449664482225846595388433622640284454614991112736446376964904474099700895632145077333609119"; +/* private key - decimal */ +static const char *dec_key[] = { + "140715588362011445903700789698620706303856890313846506579552319155852306603445626455616876267358538338151320072087950597426668358843246116141391746806252390039505422193715556188330352166601762210959618868365359433828069868584168017348772565936127608284367789455480066115411950431014508224203325089671253575809", + "5757027123463051531073361217943880203685183318942602176865989327630429772398553254013771630974725523559703665512845231173916766336576994271809362147385481", + "8985566687080619280443708121716583572314829758991088624433980393739288226842152842353421251125477168722728289150354056572727675764519591179919295246625201", + "65537", + "145785157837445763858971808379627955816432214431353481009581718367907499729204464589803079767521523397316119124291441688063985017444589154155338311524887989148444674974298105211582428885045820631376256167593861203305479546421254276833052913791538765775697977909548553897629170045372476652935456198173974086909", + "12975386429272921390465467849934248466500992474501042673679976015025637113752114471707151502138750486193421113099777767227628554763059580218432153760685133", + "11235515692122231999359687466333538198133993435121038200055897831921312127192760781281669977582095991578071163376390471936482431583372835883432943212143473", + "11564102464723136702427739477324729528451027211272900753079601723449664482225846595388433622640284454614991112736446376964904474099700895632145077333609119" }; /*** openssl public RSA key in DER format */ static const unsigned char openssl_public_rsa[] = { @@ -180,9 +192,9 @@ extern const unsigned long _der_tests_cacert_root_cert_size; static int rsa_compat_test(void) { rsa_key key, pubkey; - int stat; - unsigned char buf[1024]; - unsigned long len; + int stat, i; + unsigned char buf[1024], key_parts[8][128]; + unsigned long len, key_lens[8]; /* try reading the key */ DO(rsa_import(openssl_private_rsa, sizeof(openssl_private_rsa), &key)); @@ -244,8 +256,15 @@ static int rsa_compat_test(void) } rsa_free(&key); - /* try import private key from raw hexadecimal numbers */ - DO(rsa_import_radix(16, hex_N, hex_e, hex_d, hex_p, hex_q, hex_dP, hex_dQ, hex_qP, &key)); + /* convert raw hexadecimal numbers to binary */ + for (i = 0; i < 8; ++i) { + key_lens[i] = sizeof(key_parts[i]); + DO(radix_to_bin(hex_key[i], 16, key_parts[i], &key_lens[i])); + } + /* try import private key from converted raw hexadecimal numbers */ + DO(rsa_set_key(key_parts[pk_N], key_lens[pk_N], key_parts[pk_e], key_lens[pk_e], key_parts[pk_d], key_lens[pk_d], &key)); + DO(rsa_set_factors(key_parts[pk_p], key_lens[pk_p], key_parts[pk_q], key_lens[pk_q], &key)); + DO(rsa_set_crt_params(key_parts[pk_dP], key_lens[pk_dP], key_parts[pk_dQ], key_lens[pk_dQ], key_parts[pk_qP], key_lens[pk_qP], &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PRIVATE, &key)); if (compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from hex)", 0)) { @@ -253,17 +272,8 @@ static int rsa_compat_test(void) } rsa_free(&key); - /* try import private key from raw decimal numbers */ - DO(rsa_import_radix(10, dec_N, dec_e, dec_d, dec_p, dec_q, dec_dP, dec_dQ, dec_qP, &key)); - len = sizeof(buf); - DO(rsa_export(buf, &len, PK_PRIVATE, &key)); - if (compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from dec)", 0)) { - return 1; - } - rsa_free(&key); - - /* try import public key from raw hexadecimal numbers */ - DO(rsa_import_radix(16, hex_N, hex_e, NULL, NULL, NULL, NULL, NULL, NULL, &key)); + /* try import public key from converted raw hexadecimal numbers */ + DO(rsa_set_key(key_parts[pk_N], key_lens[pk_N], key_parts[pk_e], key_lens[pk_e], NULL, 0, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from hex)", 0)) { @@ -271,8 +281,25 @@ static int rsa_compat_test(void) } rsa_free(&key); - /* try import public key from raw decimal numbers */ - DO(rsa_import_radix(10, dec_N, dec_e, NULL, NULL, NULL, NULL, NULL, NULL, &key)); + + /* convert raw decimal numbers to binary */ + for (i = 0; i < 8; ++i) { + key_lens[i] = sizeof(key_parts[i]); + DO(radix_to_bin(dec_key[i], 10, key_parts[i], &key_lens[i])); + } + /* try import private key from converted raw decimal numbers */ + DO(rsa_set_key(key_parts[pk_N], key_lens[pk_N], key_parts[pk_e], key_lens[pk_e], key_parts[pk_d], key_lens[pk_d], &key)); + DO(rsa_set_factors(key_parts[pk_p], key_lens[pk_p], key_parts[pk_q], key_lens[pk_q], &key)); + DO(rsa_set_crt_params(key_parts[pk_dP], key_lens[pk_dP], key_parts[pk_dQ], key_lens[pk_dQ], key_parts[pk_qP], key_lens[pk_qP], &key)); + len = sizeof(buf); + DO(rsa_export(buf, &len, PK_PRIVATE, &key)); + if (compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from dec)", 0)) { + return 1; + } + rsa_free(&key); + + /* try import public key from raw converted decimal numbers */ + DO(rsa_set_key(key_parts[pk_N], key_lens[pk_N], key_parts[pk_e], key_lens[pk_e], NULL, 0, &key)); len = sizeof(buf); DO(rsa_export(buf, &len, PK_PUBLIC, &key)); if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from dec)", 0)) { From a42f467ff18693898ff8d7e2d9e5b97c338ca633 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 27 Jun 2017 17:52:51 +0200 Subject: [PATCH 09/38] Update makefiles --- libtomcrypt_VS2008.vcproj | 12 ++++++++---- makefile.mingw | 6 +++--- makefile.msvc | 6 +++--- makefile.unix | 6 +++--- makefile_include.mk | 6 +++--- 5 files changed, 20 insertions(+), 16 deletions(-) diff --git a/libtomcrypt_VS2008.vcproj b/libtomcrypt_VS2008.vcproj index 2516240..831cd06 100644 --- a/libtomcrypt_VS2008.vcproj +++ b/libtomcrypt_VS2008.vcproj @@ -1311,6 +1311,10 @@ RelativePath="src\math\multi.c" > + + @@ -2326,10 +2330,6 @@ RelativePath="src\pk\rsa\rsa_import_pkcs8.c" > - - @@ -2338,6 +2338,10 @@ RelativePath="src\pk\rsa\rsa_make_key.c" > + + diff --git a/makefile.mingw b/makefile.mingw index 04ad30b..bf6537c 100644 --- a/makefile.mingw +++ b/makefile.mingw @@ -90,7 +90,7 @@ src/mac/poly1305/poly1305_memory_multi.o src/mac/poly1305/poly1305_test.o src/ma src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \ src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \ src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \ -src/math/rand_bn.o src/math/rand_prime.o src/math/tfm_desc.o src/misc/adler32.o \ +src/math/radix_to_bin.o src/math/rand_bn.o src/math/rand_prime.o src/math/tfm_desc.o src/misc/adler32.o \ src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o src/misc/burn_stack.o \ src/misc/compare_testvector.o src/misc/crc32.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \ src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \ @@ -179,8 +179,8 @@ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1 src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \ src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \ src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \ -src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_radix.o \ -src/pk/rsa/rsa_import_x509.o src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \ +src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o \ +src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \ src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o \ src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \ src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \ diff --git a/makefile.msvc b/makefile.msvc index 804c858..673f102 100644 --- a/makefile.msvc +++ b/makefile.msvc @@ -83,7 +83,7 @@ src/mac/poly1305/poly1305_memory_multi.obj src/mac/poly1305/poly1305_test.obj sr src/mac/xcbc/xcbc_file.obj src/mac/xcbc/xcbc_init.obj src/mac/xcbc/xcbc_memory.obj \ src/mac/xcbc/xcbc_memory_multi.obj src/mac/xcbc/xcbc_process.obj src/mac/xcbc/xcbc_test.obj \ src/math/fp/ltc_ecc_fp_mulmod.obj src/math/gmp_desc.obj src/math/ltm_desc.obj src/math/multi.obj \ -src/math/rand_bn.obj src/math/rand_prime.obj src/math/tfm_desc.obj src/misc/adler32.obj \ +src/math/radix_to_bin.obj src/math/rand_bn.obj src/math/rand_prime.obj src/math/tfm_desc.obj src/misc/adler32.obj \ src/misc/base64/base64_decode.obj src/misc/base64/base64_encode.obj src/misc/burn_stack.obj \ src/misc/compare_testvector.obj src/misc/crc32.obj src/misc/crypt/crypt.obj src/misc/crypt/crypt_argchk.obj \ src/misc/crypt/crypt_cipher_descriptor.obj src/misc/crypt/crypt_cipher_is_valid.obj \ @@ -172,8 +172,8 @@ src/pk/pkcs1/pkcs_1_oaep_decode.obj src/pk/pkcs1/pkcs_1_oaep_encode.obj src/pk/p src/pk/pkcs1/pkcs_1_pss_decode.obj src/pk/pkcs1/pkcs_1_pss_encode.obj src/pk/pkcs1/pkcs_1_v1_5_decode.obj \ src/pk/pkcs1/pkcs_1_v1_5_encode.obj src/pk/rsa/rsa_decrypt_key.obj src/pk/rsa/rsa_encrypt_key.obj \ src/pk/rsa/rsa_export.obj src/pk/rsa/rsa_exptmod.obj src/pk/rsa/rsa_free.obj src/pk/rsa/rsa_get_size.obj \ -src/pk/rsa/rsa_import.obj src/pk/rsa/rsa_import_pkcs8.obj src/pk/rsa/rsa_import_radix.obj \ -src/pk/rsa/rsa_import_x509.obj src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_sign_hash.obj \ +src/pk/rsa/rsa_import.obj src/pk/rsa/rsa_import_pkcs8.obj src/pk/rsa/rsa_import_x509.obj \ +src/pk/rsa/rsa_make_key.obj src/pk/rsa/rsa_set.obj src/pk/rsa/rsa_sign_hash.obj \ src/pk/rsa/rsa_sign_saltlen_get.obj src/pk/rsa/rsa_verify_hash.obj src/prngs/chacha20.obj src/prngs/fortuna.obj \ src/prngs/rc4.obj src/prngs/rng_get_bytes.obj src/prngs/rng_make_prng.obj src/prngs/sober128.obj \ src/prngs/sprng.obj src/prngs/yarrow.obj src/stream/chacha/chacha_crypt.obj src/stream/chacha/chacha_done.obj \ diff --git a/makefile.unix b/makefile.unix index 9aab93b..617e181 100644 --- a/makefile.unix +++ b/makefile.unix @@ -100,7 +100,7 @@ src/mac/poly1305/poly1305_memory_multi.o src/mac/poly1305/poly1305_test.o src/ma src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \ src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \ src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \ -src/math/rand_bn.o src/math/rand_prime.o src/math/tfm_desc.o src/misc/adler32.o \ +src/math/radix_to_bin.o src/math/rand_bn.o src/math/rand_prime.o src/math/tfm_desc.o src/misc/adler32.o \ src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o src/misc/burn_stack.o \ src/misc/compare_testvector.o src/misc/crc32.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \ src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \ @@ -189,8 +189,8 @@ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1 src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \ src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \ src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \ -src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_radix.o \ -src/pk/rsa/rsa_import_x509.o src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \ +src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o \ +src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \ src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o \ src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \ src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \ diff --git a/makefile_include.mk b/makefile_include.mk index 4fe3fd2..35c974b 100644 --- a/makefile_include.mk +++ b/makefile_include.mk @@ -206,7 +206,7 @@ src/mac/poly1305/poly1305_memory_multi.o src/mac/poly1305/poly1305_test.o src/ma src/mac/xcbc/xcbc_file.o src/mac/xcbc/xcbc_init.o src/mac/xcbc/xcbc_memory.o \ src/mac/xcbc/xcbc_memory_multi.o src/mac/xcbc/xcbc_process.o src/mac/xcbc/xcbc_test.o \ src/math/fp/ltc_ecc_fp_mulmod.o src/math/gmp_desc.o src/math/ltm_desc.o src/math/multi.o \ -src/math/rand_bn.o src/math/rand_prime.o src/math/tfm_desc.o src/misc/adler32.o \ +src/math/radix_to_bin.o src/math/rand_bn.o src/math/rand_prime.o src/math/tfm_desc.o src/misc/adler32.o \ src/misc/base64/base64_decode.o src/misc/base64/base64_encode.o src/misc/burn_stack.o \ src/misc/compare_testvector.o src/misc/crc32.o src/misc/crypt/crypt.o src/misc/crypt/crypt_argchk.o \ src/misc/crypt/crypt_cipher_descriptor.o src/misc/crypt/crypt_cipher_is_valid.o \ @@ -295,8 +295,8 @@ src/pk/pkcs1/pkcs_1_oaep_decode.o src/pk/pkcs1/pkcs_1_oaep_encode.o src/pk/pkcs1 src/pk/pkcs1/pkcs_1_pss_decode.o src/pk/pkcs1/pkcs_1_pss_encode.o src/pk/pkcs1/pkcs_1_v1_5_decode.o \ src/pk/pkcs1/pkcs_1_v1_5_encode.o src/pk/rsa/rsa_decrypt_key.o src/pk/rsa/rsa_encrypt_key.o \ src/pk/rsa/rsa_export.o src/pk/rsa/rsa_exptmod.o src/pk/rsa/rsa_free.o src/pk/rsa/rsa_get_size.o \ -src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_radix.o \ -src/pk/rsa/rsa_import_x509.o src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_sign_hash.o \ +src/pk/rsa/rsa_import.o src/pk/rsa/rsa_import_pkcs8.o src/pk/rsa/rsa_import_x509.o \ +src/pk/rsa/rsa_make_key.o src/pk/rsa/rsa_set.o src/pk/rsa/rsa_sign_hash.o \ src/pk/rsa/rsa_sign_saltlen_get.o src/pk/rsa/rsa_verify_hash.o src/prngs/chacha20.o src/prngs/fortuna.o \ src/prngs/rc4.o src/prngs/rng_get_bytes.o src/prngs/rng_make_prng.o src/prngs/sober128.o \ src/prngs/sprng.o src/prngs/yarrow.o src/stream/chacha/chacha_crypt.o src/stream/chacha/chacha_done.o \ From f60e2902ed3a523d880a1d405459effd290d5f23 Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Thu, 22 Jun 2017 10:21:32 +0200 Subject: [PATCH 10/38] dh_make_key_ex dh_export_radix dh_import_radix --- src/headers/tomcrypt_pk.h | 13 ++ src/pk/dh/dh_export_radix.c | 68 ++++++++++ src/pk/dh/dh_import_radix.c | 90 +++++++++++++ src/pk/dh/dh_make_key.c | 52 +++++-- tests/dh_test.c | 261 ++++++++++++++++++++++++++++++++++++ 5 files changed, 474 insertions(+), 10 deletions(-) create mode 100644 src/pk/dh/dh_export_radix.c create mode 100644 src/pk/dh/dh_import_radix.c diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 9adb389..cfa9508 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -216,12 +216,25 @@ typedef struct { int dh_get_groupsize(dh_key *key); int dh_make_key(prng_state *prng, int wprng, int groupsize, dh_key *key); +int dh_make_key_ex(prng_state *prng, int wprng, int radix, + void *prime, unsigned long primelen, + void *base, unsigned long baselen, + dh_key *key); int dh_make_key_dhparam(prng_state *prng, int wprng, unsigned char *dhparam, unsigned long dhparamlen, dh_key *key); void dh_free(dh_key *key); int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key); int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key); +int dh_export_radix(int radix, + void *out, unsigned long *outlen, + int type, dh_key *key); +int dh_import_radix(int radix, + void *in, unsigned long inlen, + void *prime, unsigned long primelen, + void *base, unsigned long baselen, + int type, dh_key *key); + int dh_shared_secret(dh_key *private_key, dh_key *public_key, unsigned char *out, unsigned long *outlen); diff --git a/src/pk/dh/dh_export_radix.c b/src/pk/dh/dh_export_radix.c new file mode 100644 index 0000000..301fd7f --- /dev/null +++ b/src/pk/dh/dh_export_radix.c @@ -0,0 +1,68 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + +#include "tomcrypt.h" + +#ifdef LTC_MDH + +static unsigned long _count_digits(int radix, void *num) +{ + void *r, *t; + unsigned long digits = 0; + + if (mp_iszero(num) == LTC_MP_YES) return 1; + if (mp_init_multi(&t, &r, NULL) != CRYPT_OK) return 0; + mp_copy(num, t); + mp_set_int(r, radix); + while (mp_iszero(t) == LTC_MP_NO) { + if (mp_div(t, r, t, NULL) != CRYPT_OK) { + mp_clear_multi(t, r, NULL); + return 0; + } + digits++; + } + mp_clear_multi(t, r, NULL); + return digits; +} + +/** + Export a DH key to a binary packet + @param out [out] The destination for the key + @param outlen [in/out] The max size and resulting size of the DH key + @param type Which type of key (PK_PRIVATE or PK_PUBLIC) + @param key The key you wish to export + @return CRYPT_OK if successful +*/ +int dh_export_radix(int radix, void *out, unsigned long *outlen, int type, dh_key *key) +{ + unsigned long len; + void *k; + + LTC_ARGCHK(out != NULL); + LTC_ARGCHK(outlen != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK((radix >= 2 && radix <= 64) || radix == 256); + + k = (type == PK_PRIVATE) ? key->x : key->y; + len = (radix == 256) ? mp_unsigned_bin_size(k) : _count_digits(radix, k) + 1; + + if (*outlen < len) { + *outlen = len; + return CRYPT_BUFFER_OVERFLOW; + } + *outlen = len; + + return (radix == 256) ? mp_to_unsigned_bin(k, out) : mp_toradix(k, out, radix); +} + +#endif /* LTC_MDH */ + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/src/pk/dh/dh_import_radix.c b/src/pk/dh/dh_import_radix.c new file mode 100644 index 0000000..cbd6c41 --- /dev/null +++ b/src/pk/dh/dh_import_radix.c @@ -0,0 +1,90 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + +#include "tomcrypt.h" + +#ifdef LTC_MDH + +/** + Import a DH key from a binary string + @param in The string to read + @param inlen The length of the input packet + @param type The type of key (PK_PRIVATE or PK_PUBLIC) + @param base The base (generator) in hex string + @param prime The prime in hex string + @param key [out] Where to import the key to + @return CRYPT_OK if successful, on error all allocated memory is freed automatically +*/ +int dh_import_radix(int radix, + void *in, unsigned long inlen, + void *prime, unsigned long primelen, + void *base, unsigned long baselen, + int type, dh_key *key) +{ + int err; + + LTC_ARGCHK(in != NULL); + LTC_ARGCHK(base != NULL); + LTC_ARGCHK(prime != NULL); + LTC_ARGCHK(key != NULL); + + if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) { + goto error; + } + if (radix == 256) { + if ((err = mp_read_unsigned_bin(key->base, base, baselen)) != CRYPT_OK) { goto error; } + if ((err = mp_read_unsigned_bin(key->prime, prime, primelen)) != CRYPT_OK) { goto error; } + } + else { + if ((err = mp_read_radix(key->base, base, radix)) != CRYPT_OK) { goto error; } + if ((err = mp_read_radix(key->prime, prime, radix)) != CRYPT_OK) { goto error; } + } + + if (type == PK_PRIVATE) { + /* load the x value */ + if (radix == 256) { + if ((err = mp_read_unsigned_bin(key->x, in, inlen)) != CRYPT_OK) { goto error; } + } + else { + if ((err = mp_read_radix(key->x, in, radix)) != CRYPT_OK) { goto error; } + } + /* compute y value */ + if ((err = mp_exptmod(key->base, key->x, key->prime, key->y)) != CRYPT_OK) { goto error; } + key->type = PK_PRIVATE; + } + else { + /* load the y value */ + if (radix == 256) { + if ((err = mp_read_unsigned_bin(key->y, in, inlen)) != CRYPT_OK) { goto error; } + } + else { + if ((err = mp_read_radix(key->y, in, radix)) != CRYPT_OK) { goto error; } + } + key->type = PK_PUBLIC; + mp_clear(key->x); + key->x = NULL; + } + + /* check public key */ + if ((err = dh_check_pubkey(key)) != CRYPT_OK) { + goto error; + } + + return CRYPT_OK; + +error: + mp_clear_multi(key->prime, key->base, key->y, key->x, NULL); + return err; +} + +#endif /* LTC_MDH */ + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/src/pk/dh/dh_make_key.c b/src/pk/dh/dh_make_key.c index cbaea88..96bd364 100644 --- a/src/pk/dh/dh_make_key.c +++ b/src/pk/dh/dh_make_key.c @@ -106,6 +106,43 @@ freemp: return err; } +/** + Make a DH key (custom DH group) [private key pair] + @param prng An active PRNG state + @param wprng The index for the PRNG you desire to use + @param prime_hex The prime p (hexadecimal string) + @param base_hex The base g (hexadecimal string) + @param key [out] Where the newly created DH key will be stored + @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically. +*/ +int dh_make_key_ex(prng_state *prng, int wprng, int radix, + void *prime, unsigned long primelen, + void *base, unsigned long baselen, + dh_key *key) +{ + void *p, *b; + int err; + + LTC_ARGCHK(prime != NULL); + LTC_ARGCHK(base != NULL); + LTC_ARGCHK((radix >= 2 && radix <= 64) || radix == 256); + + if ((err = mp_init_multi(&p, &b, NULL)) != CRYPT_OK) { return err; } + if (radix == 256) { + if ((err = mp_read_unsigned_bin(b, base, baselen)) != CRYPT_OK) { goto error; } + if ((err = mp_read_unsigned_bin(p, prime, primelen)) != CRYPT_OK) { goto error; } + } + else { + if ((err = mp_read_radix(b, base, radix)) != CRYPT_OK) { goto error; } + if ((err = mp_read_radix(p, prime, radix)) != CRYPT_OK) { goto error; } + } + err = _dh_make_key(prng, wprng, p, b, key); + +error: + mp_clear_multi(p, b, NULL); + return err; +} + /** Make a DH key (use built-in DH groups) [private key pair] @param prng An active PRNG state @@ -116,22 +153,17 @@ freemp: */ int dh_make_key(prng_state *prng, int wprng, int groupsize, dh_key *key) { - void *p, *b; - int i, err; + int i; LTC_ARGCHK(groupsize > 0); for (i = 0; (groupsize > ltc_dh_sets[i].size) && (ltc_dh_sets[i].size != 0); i++); if (ltc_dh_sets[i].size == 0) return CRYPT_INVALID_KEYSIZE; - if ((err = mp_init_multi(&p, &b, NULL)) != CRYPT_OK) { return err; } - if ((err = mp_read_radix(b, ltc_dh_sets[i].base, 16)) != CRYPT_OK) { goto error; } - if ((err = mp_read_radix(p, ltc_dh_sets[i].prime, 16)) != CRYPT_OK) { goto error; } - err = _dh_make_key(prng, wprng, p, b, key); - -error: - mp_clear_multi(p, b, NULL); - return err; + return dh_make_key_ex(prng, wprng, 16, + ltc_dh_sets[i].prime, strlen(ltc_dh_sets[i].prime) + 1, + ltc_dh_sets[i].base, strlen(ltc_dh_sets[i].base) + 1, + key); } /** diff --git a/tests/dh_test.c b/tests/dh_test.c index 3374c80..5f48ca9 100644 --- a/tests/dh_test.c +++ b/tests/dh_test.c @@ -147,6 +147,261 @@ static int _dhparam_test(void) return CRYPT_OK; } +static int _radix_test(void) +{ + dh_key k1, k2, k3; + unsigned char buf[DH_BUF_SIZE]; + unsigned long len; + int i; + /* RADIX 16 */ + char *ghex = "2"; + char *phex = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22" + "514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6" + "F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB" + "9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E8603" + "9B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA0510" + "15728E5A8AACAA68FFFFFFFFFFFFFFFF"; + char *xhex = "A6681ADC386CE944C3DED9A7301DCC9C518250E3EDB62F959198F8DC0057DD6FB57ABAFD788198B1"; + char *yhex = "39046632C834418DFA07B3091538B614D1FB5DBB785C0FBEA3B98B295BC0CD076A88D9452141A269" + "E8BAEB1DD654EBA03A5705318D129754CDF4003A8C399240FBB8F162490F6F0DC70E414B6FEE8808" + "6AFAA48E9F3A248EDC093452663D34E0E809D4F6BADBB36F80B6813EBF7C3281B862209E5604BDEA" + "8B8F5F7BFDC3EEB7ADB73048289BCEA0F5A5CDEE7DF91CD1F0BA632F06DBE9BA7EF014B84B02D497" + "CA7D0C60F734752A649DA496946B4E531B30D9F82EDD855636C0B0F2AE232E4186454E8887BB423E" + "32A5A2495EACBA99620ACD03A38345EBB6735E62330A8EE9AA6C8370410F5CD45AF37EE90A0DA95B" + "E96FC939E88FE0BD2CD09FC8F524208C"; + /* RADIX 47 */ + char *gr47 = "2"; + char *pr47 = "F27Mg1SadOFIRbDOJ5dHgHiVF02Z1LHHQ6G5SLG2U8aTdfH1ETk4GARRE7WW99dBUBLb9e2OHFIaSM1A" + "ag2LNNjgYa9I9CjQGJihL3J7A2SGQe8j5Ch8EHMj5jVbAYDiQKhhPhM6Hc56fKS40GUfJkGO7KJ6EXZQ" + "VgbSa2AkPC65F91g0PaYie8AGNVaFKaV9HOQf3ia1iW4i6eCOB9CcBbH7TbQij8AEgjZ0VRBcLKc6UYO" + "1Zc3I2Jc0h1H2HBEH8ONI3OYBbaPV6XhAd8WCc60D0RDBU3H9U7cWL28a0c90XNO0dh5RXEFBbUCE2ZG" + "gh9XQSVIHkVbFIS5F5IGVOkiWAVc9i8BHB2V0UbGW6UdRTZVV"; + char *xr47 = "6bhO7O9NWFRgEMjdU0Y5POj3c1JP15MYEdIg3FO1PEjUY2aGYNSXcaF01R"; + char *yr47 = "3GNPNWEYfKML1cIbI7Cc1Z0O7aQLJgB734dO2i56LLYDdI4gHYk2GAbQH2WI97hNeC7dj3fPEH8I9gV9" + "U323AXj1AJXbFPFIHGOTdC29QUUeH2SSc6NWhfQDDXd5Q5iXCKEAUGX3SKcNFIfVOYJgZCLjfHYQdgOQ" + "GCjKNgbEV7Hj34MU3b79iANX2DbMYfb9iGi78BWH2HYAd7IAhk7U0OYGHKJX1bIUUj1KBLhAUg46GaER" + "G9W3ARMfBCj6kSdDF9TdkWAjWTDj722IeVJERC4bKU2VDFG20kDhCMF985efD1SS8DfXcdCHF1kDUkSA" + "884FHYiFEPkaagQOBQaN9BNaEHNbbd002DCIIX5eMP4HgPJPF"; + /* RADIX 64 */ + char *gr64 = "2"; + char *pr64 = "3//////////yaFsg8XQC8qnCPYYu3S7D4f0au8YcVCT08BlgOx4viYKKe8UOuq1DtlbHcppJf36p0h2c" + "toNnGtJ+4rRMrHmaNaXRLsObv+nlHCGkccD+rh2/zSjlG6j+tkE6lxMecVfQwV915yIn/cIIXcKUpaMp" + "t207oueME/1PZQI3OSLTEQQHO/gFqapr+3PLqZtAEjbXnYyrOWXLAxdjKf1t2Mbcrd33LEIhoO1F5qR0" + "ZA625yCf1UHYuspZlZddSi60w60vidWwBi1wAFjSLTy6zCKidUAylsbLWN63cLINpgbMhb5T8c69Zw1H" + "0LSevQYgogQF//////////"; + char *xr64 = "2cQ1hSE6pfHCFUsQSm7SoSKO9Gu+ssBvMHcFZS05VTRxLwklruWPYn"; + char *yr64 = "v16Ooo3H1ZVe7imaLEBOKqVjTktXS3xwZkOifMy3D1sg8sKKXGQ9fwBhh7TPKww0wLmKnZHANLCtq03g" + "CEP90+xZnOaaFRmt73a5BR+w826hwf8wVEYIEt0aqKcOzDE3e2TJskjkpRu2sWJw/V3A1k68WdbO4lUg" + "BZrzx/SFkjwstC4WecywWzQNDxdtv7D7mkcCl1jlfkdxm5BXB0jINodqCOFSqTIfadQIMb6jEKnimsVW" + "ktOLMDi2myguZBa66HKw8Xxj2FZAbeabUhBgPOWhD0wE3HUksSrvYCmgEwQfiWt113rpKMlD+wGeDgLl" + "fRyavw8/WlIpGdyZr922C"; + /* RADIX 256 */ + unsigned char gbin[] = { 0x02 }; + unsigned char pbin[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, + 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, + 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, + 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, + 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, + 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, + 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, + 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, + 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF + }; + unsigned char xbin[] = { + 0xA6, 0x68, 0x1A, 0xDC, 0x38, 0x6C, 0xE9, 0x44, 0xC3, 0xDE, 0xD9, 0xA7, 0x30, 0x1D, 0xCC, 0x9C, + 0x51, 0x82, 0x50, 0xE3, 0xED, 0xB6, 0x2F, 0x95, 0x91, 0x98, 0xF8, 0xDC, 0x00, 0x57, 0xDD, 0x6F, + 0xB5, 0x7A, 0xBA, 0xFD, 0x78, 0x81, 0x98, 0xB1 + }; + unsigned char ybin[] = { + 0x39, 0x04, 0x66, 0x32, 0xC8, 0x34, 0x41, 0x8D, 0xFA, 0x07, 0xB3, 0x09, 0x15, 0x38, 0xB6, 0x14, + 0xD1, 0xFB, 0x5D, 0xBB, 0x78, 0x5C, 0x0F, 0xBE, 0xA3, 0xB9, 0x8B, 0x29, 0x5B, 0xC0, 0xCD, 0x07, + 0x6A, 0x88, 0xD9, 0x45, 0x21, 0x41, 0xA2, 0x69, 0xE8, 0xBA, 0xEB, 0x1D, 0xD6, 0x54, 0xEB, 0xA0, + 0x3A, 0x57, 0x05, 0x31, 0x8D, 0x12, 0x97, 0x54, 0xCD, 0xF4, 0x00, 0x3A, 0x8C, 0x39, 0x92, 0x40, + 0xFB, 0xB8, 0xF1, 0x62, 0x49, 0x0F, 0x6F, 0x0D, 0xC7, 0x0E, 0x41, 0x4B, 0x6F, 0xEE, 0x88, 0x08, + 0x6A, 0xFA, 0xA4, 0x8E, 0x9F, 0x3A, 0x24, 0x8E, 0xDC, 0x09, 0x34, 0x52, 0x66, 0x3D, 0x34, 0xE0, + 0xE8, 0x09, 0xD4, 0xF6, 0xBA, 0xDB, 0xB3, 0x6F, 0x80, 0xB6, 0x81, 0x3E, 0xBF, 0x7C, 0x32, 0x81, + 0xB8, 0x62, 0x20, 0x9E, 0x56, 0x04, 0xBD, 0xEA, 0x8B, 0x8F, 0x5F, 0x7B, 0xFD, 0xC3, 0xEE, 0xB7, + 0xAD, 0xB7, 0x30, 0x48, 0x28, 0x9B, 0xCE, 0xA0, 0xF5, 0xA5, 0xCD, 0xEE, 0x7D, 0xF9, 0x1C, 0xD1, + 0xF0, 0xBA, 0x63, 0x2F, 0x06, 0xDB, 0xE9, 0xBA, 0x7E, 0xF0, 0x14, 0xB8, 0x4B, 0x02, 0xD4, 0x97, + 0xCA, 0x7D, 0x0C, 0x60, 0xF7, 0x34, 0x75, 0x2A, 0x64, 0x9D, 0xA4, 0x96, 0x94, 0x6B, 0x4E, 0x53, + 0x1B, 0x30, 0xD9, 0xF8, 0x2E, 0xDD, 0x85, 0x56, 0x36, 0xC0, 0xB0, 0xF2, 0xAE, 0x23, 0x2E, 0x41, + 0x86, 0x45, 0x4E, 0x88, 0x87, 0xBB, 0x42, 0x3E, 0x32, 0xA5, 0xA2, 0x49, 0x5E, 0xAC, 0xBA, 0x99, + 0x62, 0x0A, 0xCD, 0x03, 0xA3, 0x83, 0x45, 0xEB, 0xB6, 0x73, 0x5E, 0x62, 0x33, 0x0A, 0x8E, 0xE9, + 0xAA, 0x6C, 0x83, 0x70, 0x41, 0x0F, 0x5C, 0xD4, 0x5A, 0xF3, 0x7E, 0xE9, 0x0A, 0x0D, 0xA9, 0x5B, + 0xE9, 0x6F, 0xC9, 0x39, 0xE8, 0x8F, 0xE0, 0xBD, 0x2C, 0xD0, 0x9F, 0xC8, 0xF5, 0x24, 0x20, 0x8C + }; + + struct { + int radix; + void* g; int glen; + void* p; int plen; + void* x; int xlen; + void* y; int ylen; + } test[4] = { + { 16, ghex, strlen(ghex)+1, phex, strlen(phex)+1, xhex, strlen(xhex)+1, yhex, strlen(yhex)+1 }, + { 47, gr47, strlen(gr47)+1, pr47, strlen(pr47)+1, xr47, strlen(xr47)+1, yr47, strlen(yr47)+1 }, + { 64, gr64, strlen(gr64)+1, pr64, strlen(pr64)+1, xr64, strlen(xr64)+1, yr64, strlen(yr64)+1 }, + { 256, gbin, sizeof(gbin), pbin, sizeof(pbin), xbin, sizeof(xbin), ybin, sizeof(ybin) } + }; + + unsigned char export_private[] = { + 0x30, 0x82, 0x01, 0x3A, 0x02, 0x01, 0x00, 0x03, 0x02, 0x07, 0x80, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, + 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, + 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, + 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, + 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, + 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, + 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, + 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, + 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0x02, 0x01, 0x02, 0x02, 0x29, 0x00, 0xA6, 0x68, 0x1A, 0xDC, 0x38, 0x6C, 0xE9, 0x44, 0xC3, 0xDE, + 0xD9, 0xA7, 0x30, 0x1D, 0xCC, 0x9C, 0x51, 0x82, 0x50, 0xE3, 0xED, 0xB6, 0x2F, 0x95, 0x91, 0x98, + 0xF8, 0xDC, 0x00, 0x57, 0xDD, 0x6F, 0xB5, 0x7A, 0xBA, 0xFD, 0x78, 0x81, 0x98, 0xB1 + }; + unsigned char export_public[] = { + 0x30, 0x82, 0x02, 0x13, 0x02, 0x01, 0x00, 0x03, 0x02, 0x07, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, + 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, + 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, + 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, + 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, + 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, + 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, + 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, + 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0x02, 0x01, 0x02, 0x02, 0x82, 0x01, 0x00, 0x39, 0x04, 0x66, 0x32, 0xC8, 0x34, 0x41, 0x8D, 0xFA, + 0x07, 0xB3, 0x09, 0x15, 0x38, 0xB6, 0x14, 0xD1, 0xFB, 0x5D, 0xBB, 0x78, 0x5C, 0x0F, 0xBE, 0xA3, + 0xB9, 0x8B, 0x29, 0x5B, 0xC0, 0xCD, 0x07, 0x6A, 0x88, 0xD9, 0x45, 0x21, 0x41, 0xA2, 0x69, 0xE8, + 0xBA, 0xEB, 0x1D, 0xD6, 0x54, 0xEB, 0xA0, 0x3A, 0x57, 0x05, 0x31, 0x8D, 0x12, 0x97, 0x54, 0xCD, + 0xF4, 0x00, 0x3A, 0x8C, 0x39, 0x92, 0x40, 0xFB, 0xB8, 0xF1, 0x62, 0x49, 0x0F, 0x6F, 0x0D, 0xC7, + 0x0E, 0x41, 0x4B, 0x6F, 0xEE, 0x88, 0x08, 0x6A, 0xFA, 0xA4, 0x8E, 0x9F, 0x3A, 0x24, 0x8E, 0xDC, + 0x09, 0x34, 0x52, 0x66, 0x3D, 0x34, 0xE0, 0xE8, 0x09, 0xD4, 0xF6, 0xBA, 0xDB, 0xB3, 0x6F, 0x80, + 0xB6, 0x81, 0x3E, 0xBF, 0x7C, 0x32, 0x81, 0xB8, 0x62, 0x20, 0x9E, 0x56, 0x04, 0xBD, 0xEA, 0x8B, + 0x8F, 0x5F, 0x7B, 0xFD, 0xC3, 0xEE, 0xB7, 0xAD, 0xB7, 0x30, 0x48, 0x28, 0x9B, 0xCE, 0xA0, 0xF5, + 0xA5, 0xCD, 0xEE, 0x7D, 0xF9, 0x1C, 0xD1, 0xF0, 0xBA, 0x63, 0x2F, 0x06, 0xDB, 0xE9, 0xBA, 0x7E, + 0xF0, 0x14, 0xB8, 0x4B, 0x02, 0xD4, 0x97, 0xCA, 0x7D, 0x0C, 0x60, 0xF7, 0x34, 0x75, 0x2A, 0x64, + 0x9D, 0xA4, 0x96, 0x94, 0x6B, 0x4E, 0x53, 0x1B, 0x30, 0xD9, 0xF8, 0x2E, 0xDD, 0x85, 0x56, 0x36, + 0xC0, 0xB0, 0xF2, 0xAE, 0x23, 0x2E, 0x41, 0x86, 0x45, 0x4E, 0x88, 0x87, 0xBB, 0x42, 0x3E, 0x32, + 0xA5, 0xA2, 0x49, 0x5E, 0xAC, 0xBA, 0x99, 0x62, 0x0A, 0xCD, 0x03, 0xA3, 0x83, 0x45, 0xEB, 0xB6, + 0x73, 0x5E, 0x62, 0x33, 0x0A, 0x8E, 0xE9, 0xAA, 0x6C, 0x83, 0x70, 0x41, 0x0F, 0x5C, 0xD4, 0x5A, + 0xF3, 0x7E, 0xE9, 0x0A, 0x0D, 0xA9, 0x5B, 0xE9, 0x6F, 0xC9, 0x39, 0xE8, 0x8F, 0xE0, 0xBD, 0x2C, + 0xD0, 0x9F, 0xC8, 0xF5, 0x24, 0x20, 0x8C + }; + + if (register_prng(&yarrow_desc) == -1) { + printf("Error registering yarrow PRNG\n"); + return CRYPT_ERROR; + } + + for (i = 0; i < 4; i++) { + DO(dh_import_radix(test[i].radix, test[i].x, test[i].xlen, test[i].p, test[i].plen, test[i].g, test[i].glen, PK_PRIVATE, &k1)); + len = sizeof(buf); + DO(dh_export(buf, &len, PK_PRIVATE, &k1)); + if (compare_testvector(buf, len, export_private, sizeof(export_private), "radix_test", i*10 + 0)) { + printf("radix_test: dh_export+PK_PRIVATE mismatch\n"); + dh_free(&k1); + return CRYPT_ERROR; + } + len = sizeof(buf); + DO(dh_export(buf, &len, PK_PUBLIC, &k1)); + if (compare_testvector(buf, len, export_public, sizeof(export_public), "radix_test", i*10 + 1)) { + printf("radix_test: dh_export+PK_PUBLIC mismatch\n"); + dh_free(&k1); + return CRYPT_ERROR; + } + len = sizeof(buf); + DO(dh_export_radix(256, buf, &len, PK_PRIVATE, &k1)); + if (compare_testvector(buf, len, xbin, sizeof(xbin), "radix_test", i*10 + 2)) { + printf("radix_test: dh_export+PK_PRIVATE mismatch\n"); + dh_free(&k1); + return CRYPT_ERROR; + } + len = sizeof(buf); + DO(dh_export_radix(256, buf, &len, PK_PUBLIC, &k1)); + if (compare_testvector(buf, len, ybin, sizeof(ybin), "radix_test", i*10 + 3)) { + printf("radix_test: dh_export+PK_PUBLIC mismatch\n"); + dh_free(&k1); + return CRYPT_ERROR; + } + len = sizeof(buf); + DO(dh_export_radix(47, buf, &len, PK_PRIVATE, &k1)); + if (compare_testvector(buf, len, xr47, strlen(xr47)+1, "radix_test", i*10 + 4)) { + printf("radix_test: dh_export+PK_PRIVATE mismatch\n"); + dh_free(&k1); + return CRYPT_ERROR; + } + len = sizeof(buf); + DO(dh_export_radix(47, buf, &len, PK_PUBLIC, &k1)); + if (compare_testvector(buf, len, yr47, strlen(yr47)+1, "radix_test", i*10 + 5)) { + printf("radix_test: dh_export+PK_PUBLIC mismatch\n"); + dh_free(&k1); + return CRYPT_ERROR; + } + dh_free(&k1); + + DO(dh_import_radix(test[i].radix, test[i].y, test[i].ylen, test[i].p, test[i].plen, test[i].g, test[i].glen, PK_PUBLIC, &k2)); + len = sizeof(buf); + DO(dh_export(buf, &len, PK_PUBLIC, &k2)); + if (compare_testvector(buf, len, export_public, sizeof(export_public), "radix_test", i*10 + 6)) { + printf("radix_test: dh_export+PK_PUBLIC mismatch\n"); + dh_free(&k2); + return CRYPT_ERROR; + } + len = sizeof(buf); + DO(dh_export_radix(256, buf, &len, PK_PUBLIC, &k2)); + if (compare_testvector(buf, len, ybin, sizeof(ybin), "radix_test", i*10 + 7)) { + printf("radix_test: dh_export+PK_PUBLIC mismatch\n"); + dh_free(&k2); + return CRYPT_ERROR; + } + dh_free(&k2); + + DO(dh_make_key_ex(&yarrow_prng, find_prng("yarrow"), test[i].radix, + test[i].p, test[i].plen, test[i].g, test[i].glen, &k3)); + len = mp_unsigned_bin_size(k3.prime); + DO(mp_to_unsigned_bin(k3.prime, buf)); + if (compare_testvector(buf, len, pbin, sizeof(pbin), "radix_test", i*10 + 8)) { + printf("radix_test: dh_make_key_ex prime mismatch\n"); + dh_free(&k3); + return CRYPT_ERROR; + } + len = mp_unsigned_bin_size(k3.base); + DO(mp_to_unsigned_bin(k3.base, buf)); + if (compare_testvector(buf, len, gbin, sizeof(gbin), "radix_test", i*10 + 9)) { + printf("radix_test: dh_make_key_ex base mismatch\n"); + dh_free(&k3); + return CRYPT_ERROR; + } + dh_free(&k3); + } + + return CRYPT_OK; +} + static int _basic_test(void) { unsigned char buf[3][4096]; @@ -216,6 +471,11 @@ static int _basic_test(void) fprintf(stderr, "dh_groupsize mismatch %d %d\n", size, ltc_dh_sets[x].size); return CRYPT_ERROR; } + DO(dh_make_key_ex(&yarrow_prng, find_prng ("yarrow"), 16, + ltc_dh_sets[x].prime, strlen(ltc_dh_sets[x].prime) + 1, + ltc_dh_sets[x].base, strlen(ltc_dh_sets[x].base) + 1, + &usera)); + dh_free(&usera); } return CRYPT_OK; @@ -227,6 +487,7 @@ int dh_test(void) if (_prime_test() != CRYPT_OK) fails++; if (_basic_test() != CRYPT_OK) fails++; if (_dhparam_test() != CRYPT_OK) fails++; + if (_radix_test() != CRYPT_OK) fails++; return fails > 0 ? CRYPT_FAIL_TESTVECTOR : CRYPT_OK; } From b3e535f933bd679a209adcd12d7a134fed5ed88c Mon Sep 17 00:00:00 2001 From: Karel Miko Date: Thu, 22 Jun 2017 10:21:41 +0200 Subject: [PATCH 11/38] update makefiles --- libtomcrypt_VS2008.vcproj | 8 ++++++++ makefile.mingw | 11 ++++++----- makefile.msvc | 11 ++++++----- makefile.unix | 11 ++++++----- makefile_include.mk | 11 ++++++----- 5 files changed, 32 insertions(+), 20 deletions(-) diff --git a/libtomcrypt_VS2008.vcproj b/libtomcrypt_VS2008.vcproj index 831cd06..8e1bc17 100644 --- a/libtomcrypt_VS2008.vcproj +++ b/libtomcrypt_VS2008.vcproj @@ -2062,6 +2062,10 @@ RelativePath="src\pk\dh\dh_export.c" > + + @@ -2070,6 +2074,10 @@ RelativePath="src\pk\dh\dh_import.c" > + + diff --git a/makefile.mingw b/makefile.mingw index bf6537c..1b06823 100644 --- a/makefile.mingw +++ b/makefile.mingw @@ -160,11 +160,12 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.o \ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \ src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \ src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \ -src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_free.o \ -src/pk/dh/dh_import.o src/pk/dh/dh_make_key.o src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o \ -src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o \ -src/pk/dsa/dsa_import_radix.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o \ -src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \ +src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_export_radix.o \ +src/pk/dh/dh_free.o src/pk/dh/dh_import.o src/pk/dh/dh_import_radix.o src/pk/dh/dh_make_key.o \ +src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o \ +src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_import_radix.o \ +src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o \ +src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \ src/pk/ecc/ecc_ansi_x963_export.o src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o \ src/pk/ecc/ecc_encrypt_key.o src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o \ src/pk/ecc/ecc_import.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o \ diff --git a/makefile.msvc b/makefile.msvc index 673f102..b707225 100644 --- a/makefile.msvc +++ b/makefile.msvc @@ -153,11 +153,12 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.obj \ src/pk/asn1/der/utctime/der_decode_utctime.obj src/pk/asn1/der/utctime/der_encode_utctime.obj \ src/pk/asn1/der/utctime/der_length_utctime.obj src/pk/asn1/der/utf8/der_decode_utf8_string.obj \ src/pk/asn1/der/utf8/der_encode_utf8_string.obj src/pk/asn1/der/utf8/der_length_utf8_string.obj \ -src/pk/dh/dh.obj src/pk/dh/dh_check_pubkey.obj src/pk/dh/dh_export.obj src/pk/dh/dh_free.obj \ -src/pk/dh/dh_import.obj src/pk/dh/dh_make_key.obj src/pk/dh/dh_shared_secret.obj src/pk/dsa/dsa_decrypt_key.obj \ -src/pk/dsa/dsa_encrypt_key.obj src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj src/pk/dsa/dsa_import.obj \ -src/pk/dsa/dsa_import_radix.obj src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_shared_secret.obj \ -src/pk/dsa/dsa_sign_hash.obj src/pk/dsa/dsa_verify_hash.obj src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj \ +src/pk/dh/dh.obj src/pk/dh/dh_check_pubkey.obj src/pk/dh/dh_export.obj src/pk/dh/dh_export_radix.obj \ +src/pk/dh/dh_free.obj src/pk/dh/dh_import.obj src/pk/dh/dh_import_radix.obj src/pk/dh/dh_make_key.obj \ +src/pk/dh/dh_shared_secret.obj src/pk/dsa/dsa_decrypt_key.obj src/pk/dsa/dsa_encrypt_key.obj \ +src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj src/pk/dsa/dsa_import.obj src/pk/dsa/dsa_import_radix.obj \ +src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_shared_secret.obj src/pk/dsa/dsa_sign_hash.obj \ +src/pk/dsa/dsa_verify_hash.obj src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj \ src/pk/ecc/ecc_ansi_x963_export.obj src/pk/ecc/ecc_ansi_x963_import.obj src/pk/ecc/ecc_decrypt_key.obj \ src/pk/ecc/ecc_encrypt_key.obj src/pk/ecc/ecc_export.obj src/pk/ecc/ecc_free.obj src/pk/ecc/ecc_get_size.obj \ src/pk/ecc/ecc_import.obj src/pk/ecc/ecc_make_key.obj src/pk/ecc/ecc_shared_secret.obj \ diff --git a/makefile.unix b/makefile.unix index 617e181..3948507 100644 --- a/makefile.unix +++ b/makefile.unix @@ -170,11 +170,12 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.o \ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \ src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \ src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \ -src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_free.o \ -src/pk/dh/dh_import.o src/pk/dh/dh_make_key.o src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o \ -src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o \ -src/pk/dsa/dsa_import_radix.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o \ -src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \ +src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_export_radix.o \ +src/pk/dh/dh_free.o src/pk/dh/dh_import.o src/pk/dh/dh_import_radix.o src/pk/dh/dh_make_key.o \ +src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o \ +src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_import_radix.o \ +src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o \ +src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \ src/pk/ecc/ecc_ansi_x963_export.o src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o \ src/pk/ecc/ecc_encrypt_key.o src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o \ src/pk/ecc/ecc_import.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o \ diff --git a/makefile_include.mk b/makefile_include.mk index 35c974b..b194ba3 100644 --- a/makefile_include.mk +++ b/makefile_include.mk @@ -276,11 +276,12 @@ src/pk/asn1/der/teletex_string/der_length_teletex_string.o \ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_utctime.o \ src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \ src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \ -src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_free.o \ -src/pk/dh/dh_import.o src/pk/dh/dh_make_key.o src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o \ -src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o \ -src/pk/dsa/dsa_import_radix.o src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o \ -src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \ +src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_export_radix.o \ +src/pk/dh/dh_free.o src/pk/dh/dh_import.o src/pk/dh/dh_import_radix.o src/pk/dh/dh_make_key.o \ +src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o \ +src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_import.o src/pk/dsa/dsa_import_radix.o \ +src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o \ +src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \ src/pk/ecc/ecc_ansi_x963_export.o src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o \ src/pk/ecc/ecc_encrypt_key.o src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o \ src/pk/ecc/ecc_import.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o \ From fbc54756c1f86c7b93074a324cc0d0b208e3e058 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 27 Jun 2017 21:53:02 +0200 Subject: [PATCH 12/38] replace dh_import_radix() by dh_set_{pg,key} --- src/headers/tomcrypt_pk.h | 15 +++-- src/pk/dh/dh_import_radix.c | 90 ----------------------------- src/pk/dh/dh_set.c | 110 ++++++++++++++++++++++++++++++++++++ tests/dh_test.c | 38 +++++++++++-- 4 files changed, 153 insertions(+), 100 deletions(-) delete mode 100644 src/pk/dh/dh_import_radix.c create mode 100644 src/pk/dh/dh_set.c diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index cfa9508..1996cd6 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -213,6 +213,8 @@ typedef struct { void *prime; } dh_key; +#define LTC_DH_KEY_INITIALIZER { PK_PUBLIC, NULL, NULL, NULL, NULL } + int dh_get_groupsize(dh_key *key); int dh_make_key(prng_state *prng, int wprng, int groupsize, dh_key *key); @@ -226,14 +228,17 @@ void dh_free(dh_key *key); int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key); int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key); +int dh_set_pg(const unsigned char *p, unsigned long plen, + const unsigned char *g, unsigned long glen, + dh_key *key); +/* here we can support either one or both */ +int dh_set_key(const unsigned char *pub, unsigned long publen, + const unsigned char *priv, unsigned long privlen, + dh_key *key); + int dh_export_radix(int radix, void *out, unsigned long *outlen, int type, dh_key *key); -int dh_import_radix(int radix, - void *in, unsigned long inlen, - void *prime, unsigned long primelen, - void *base, unsigned long baselen, - int type, dh_key *key); int dh_shared_secret(dh_key *private_key, dh_key *public_key, unsigned char *out, unsigned long *outlen); diff --git a/src/pk/dh/dh_import_radix.c b/src/pk/dh/dh_import_radix.c deleted file mode 100644 index cbd6c41..0000000 --- a/src/pk/dh/dh_import_radix.c +++ /dev/null @@ -1,90 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ - -#include "tomcrypt.h" - -#ifdef LTC_MDH - -/** - Import a DH key from a binary string - @param in The string to read - @param inlen The length of the input packet - @param type The type of key (PK_PRIVATE or PK_PUBLIC) - @param base The base (generator) in hex string - @param prime The prime in hex string - @param key [out] Where to import the key to - @return CRYPT_OK if successful, on error all allocated memory is freed automatically -*/ -int dh_import_radix(int radix, - void *in, unsigned long inlen, - void *prime, unsigned long primelen, - void *base, unsigned long baselen, - int type, dh_key *key) -{ - int err; - - LTC_ARGCHK(in != NULL); - LTC_ARGCHK(base != NULL); - LTC_ARGCHK(prime != NULL); - LTC_ARGCHK(key != NULL); - - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) { - goto error; - } - if (radix == 256) { - if ((err = mp_read_unsigned_bin(key->base, base, baselen)) != CRYPT_OK) { goto error; } - if ((err = mp_read_unsigned_bin(key->prime, prime, primelen)) != CRYPT_OK) { goto error; } - } - else { - if ((err = mp_read_radix(key->base, base, radix)) != CRYPT_OK) { goto error; } - if ((err = mp_read_radix(key->prime, prime, radix)) != CRYPT_OK) { goto error; } - } - - if (type == PK_PRIVATE) { - /* load the x value */ - if (radix == 256) { - if ((err = mp_read_unsigned_bin(key->x, in, inlen)) != CRYPT_OK) { goto error; } - } - else { - if ((err = mp_read_radix(key->x, in, radix)) != CRYPT_OK) { goto error; } - } - /* compute y value */ - if ((err = mp_exptmod(key->base, key->x, key->prime, key->y)) != CRYPT_OK) { goto error; } - key->type = PK_PRIVATE; - } - else { - /* load the y value */ - if (radix == 256) { - if ((err = mp_read_unsigned_bin(key->y, in, inlen)) != CRYPT_OK) { goto error; } - } - else { - if ((err = mp_read_radix(key->y, in, radix)) != CRYPT_OK) { goto error; } - } - key->type = PK_PUBLIC; - mp_clear(key->x); - key->x = NULL; - } - - /* check public key */ - if ((err = dh_check_pubkey(key)) != CRYPT_OK) { - goto error; - } - - return CRYPT_OK; - -error: - mp_clear_multi(key->prime, key->base, key->y, key->x, NULL); - return err; -} - -#endif /* LTC_MDH */ - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/src/pk/dh/dh_set.c b/src/pk/dh/dh_set.c new file mode 100644 index 0000000..6ca61d0 --- /dev/null +++ b/src/pk/dh/dh_set.c @@ -0,0 +1,110 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + +#include "tomcrypt.h" + +#ifdef LTC_MDH + +/** + Import DH key parts p and g from raw numbers + + @param p DH's p (prime) + @param plen DH's p's length + @param g DH's g (group) + @param glen DH's g's length + @param key [out] the destination for the imported key + @return CRYPT_OK if successful +*/ +int dh_set_pg(const unsigned char *p, unsigned long plen, + const unsigned char *g, unsigned long glen, + dh_key *key) +{ + int err; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(key->x == NULL); + LTC_ARGCHK(key->y == NULL); + LTC_ARGCHK(key->base == NULL); + LTC_ARGCHK(key->prime == NULL); + LTC_ARGCHK(p != NULL); + LTC_ARGCHK(g != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) { + return err; + } + + if ((err = mp_read_unsigned_bin(key->base, (unsigned char*)g, glen)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_unsigned_bin(key->prime, (unsigned char*)p, plen)) != CRYPT_OK) { goto LBL_ERR; } + + return CRYPT_OK; + +LBL_ERR: + dh_free(key); + return err; +} + +/** + Import DH key parts pub and priv from raw numbers + + @param pub DH's pub (public key) (can be NULL if priv is valid) + @param publen DH's pub's length + @param priv DH's priv (private key) (can be NULL if pub is valid) + @param privlen DH's priv's length + @param key [out] the destination for the imported key + @return CRYPT_OK if successful +*/ +int dh_set_key(const unsigned char *pub, unsigned long publen, + const unsigned char *priv, unsigned long privlen, + dh_key *key) +{ + int err; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(key->x != NULL); + LTC_ARGCHK(key->y != NULL); + LTC_ARGCHK(key->base != NULL); + LTC_ARGCHK(key->prime != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + if(priv == NULL) { + if ((err = mp_read_unsigned_bin(key->y, (unsigned char*)pub, publen)) != CRYPT_OK) { goto LBL_ERR; } + key->type = PK_PUBLIC; + mp_clear(key->x); + key->x = NULL; + } + else { + if ((err = mp_read_unsigned_bin(key->x, (unsigned char*)priv, privlen)) != CRYPT_OK) { goto LBL_ERR; } + if (pub != NULL) { + if ((err = mp_read_unsigned_bin(key->y, (unsigned char*)pub, publen)) != CRYPT_OK) { goto LBL_ERR; } + } + else { + /* compute y value */ + if ((err = mp_exptmod(key->base, key->x, key->prime, key->y)) != CRYPT_OK) { goto LBL_ERR; } + } + key->type = PK_PRIVATE; + } + + /* check public key */ + if ((err = dh_check_pubkey(key)) != CRYPT_OK) { + goto LBL_ERR; + } + + return CRYPT_OK; + +LBL_ERR: + dh_free(key); + return err; +} + +#endif /* LTC_MDH */ + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/tests/dh_test.c b/tests/dh_test.c index 5f48ca9..dae366d 100644 --- a/tests/dh_test.c +++ b/tests/dh_test.c @@ -149,10 +149,12 @@ static int _dhparam_test(void) static int _radix_test(void) { - dh_key k1, k2, k3; - unsigned char buf[DH_BUF_SIZE]; + dh_key k1 = LTC_DH_KEY_INITIALIZER; + dh_key k2 = LTC_DH_KEY_INITIALIZER; + dh_key k3 = LTC_DH_KEY_INITIALIZER; + unsigned char buf[4096]; unsigned long len; - int i; + int i, j; /* RADIX 16 */ char *ghex = "2"; char *phex = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22" @@ -311,6 +313,8 @@ static int _radix_test(void) 0xF3, 0x7E, 0xE9, 0x0A, 0x0D, 0xA9, 0x5B, 0xE9, 0x6F, 0xC9, 0x39, 0xE8, 0x8F, 0xE0, 0xBD, 0x2C, 0xD0, 0x9F, 0xC8, 0xF5, 0x24, 0x20, 0x8C }; + unsigned char key_parts[4][512]; + unsigned long key_lens[4]; if (register_prng(&yarrow_desc) == -1) { printf("Error registering yarrow PRNG\n"); @@ -318,7 +322,23 @@ static int _radix_test(void) } for (i = 0; i < 4; i++) { - DO(dh_import_radix(test[i].radix, test[i].x, test[i].xlen, test[i].p, test[i].plen, test[i].g, test[i].glen, PK_PRIVATE, &k1)); + for (j = 0; j < 4; ++j) { + key_lens[j] = sizeof(key_parts[j]); + } + if(test[i].radix != 256) { + DO(radix_to_bin(test[i].x, test[i].radix, key_parts[0], &key_lens[0])); + DO(radix_to_bin(test[i].y, test[i].radix, key_parts[1], &key_lens[1])); + DO(radix_to_bin(test[i].p, test[i].radix, key_parts[2], &key_lens[2])); + DO(radix_to_bin(test[i].g, test[i].radix, key_parts[3], &key_lens[3])); + + DO(dh_set_pg(key_parts[2], key_lens[2], key_parts[3], key_lens[3], &k1)); + DO(dh_set_key(NULL, 0, key_parts[0], key_lens[0], &k1)); + } + else { + DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k1)); + DO(dh_set_key(NULL, 0, test[i].x, test[i].xlen, &k1)); + } + len = sizeof(buf); DO(dh_export(buf, &len, PK_PRIVATE, &k1)); if (compare_testvector(buf, len, export_private, sizeof(export_private), "radix_test", i*10 + 0)) { @@ -363,7 +383,15 @@ static int _radix_test(void) } dh_free(&k1); - DO(dh_import_radix(test[i].radix, test[i].y, test[i].ylen, test[i].p, test[i].plen, test[i].g, test[i].glen, PK_PUBLIC, &k2)); + if(test[i].radix != 256) { + DO(dh_set_pg(key_parts[2], key_lens[2], key_parts[3], key_lens[3], &k2)); + DO(dh_set_key(key_parts[1], key_lens[1], NULL, 0, &k2)); + } + else { + DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k2)); + DO(dh_set_key(test[i].y, test[i].ylen, NULL, 0, &k2)); + } + len = sizeof(buf); DO(dh_export(buf, &len, PK_PUBLIC, &k2)); if (compare_testvector(buf, len, export_public, sizeof(export_public), "radix_test", i*10 + 6)) { From 9d6689fc086df22cd51fa3d98f9b6f56e77419d0 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 27 Jun 2017 21:54:16 +0200 Subject: [PATCH 13/38] re-factor dh_make_key() and variants --- demos/timing.c | 9 ++- src/headers/tomcrypt_pk.h | 21 +++---- src/pk/dh/dh_make_key.c | 116 +++----------------------------------- src/pk/dh/dh_set.c | 76 +++++++++++++++++++++++++ tests/dh_test.c | 45 +++++++-------- 5 files changed, 119 insertions(+), 148 deletions(-) diff --git a/demos/timing.c b/demos/timing.c index aa7c9a5..cb249a5 100644 --- a/demos/timing.c +++ b/demos/timing.c @@ -889,7 +889,7 @@ static void time_katja(void) { fprintf(stderr, "NO Katja\n"); } /* time various DH operations */ static void time_dh(void) { - dh_key key; + dh_key key = LTC_DH_KEY_INITIALIZER; ulong64 t1, t2; unsigned long i, x, y; int err; @@ -898,9 +898,14 @@ static void time_dh(void) for (x = sizes[i=0]; x < 100000; x = sizes[++i]) { t2 = 0; for (y = 0; y < 16; y++) { + if((err = dh_set_pg_groupsize(x, &key)) != CRYPT_OK) { + fprintf(stderr, "\n\ndh_set_pg_groupsize says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK)); + exit(EXIT_FAILURE); + } + t_start(); t1 = t_read(); - if ((err = dh_make_key(&yarrow_prng, find_prng("yarrow"), x, &key)) != CRYPT_OK) { + if ((err = dh_make_key(&yarrow_prng, find_prng("yarrow"), &key)) != CRYPT_OK) { fprintf(stderr, "\n\ndh_make_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK)); exit(EXIT_FAILURE); } diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 1996cd6..fcb74da 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -217,32 +217,29 @@ typedef struct { int dh_get_groupsize(dh_key *key); -int dh_make_key(prng_state *prng, int wprng, int groupsize, dh_key *key); -int dh_make_key_ex(prng_state *prng, int wprng, int radix, - void *prime, unsigned long primelen, - void *base, unsigned long baselen, - dh_key *key); -int dh_make_key_dhparam(prng_state *prng, int wprng, unsigned char *dhparam, unsigned long dhparamlen, dh_key *key); -void dh_free(dh_key *key); - int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key); int dh_import(const unsigned char *in, unsigned long inlen, dh_key *key); int dh_set_pg(const unsigned char *p, unsigned long plen, const unsigned char *g, unsigned long glen, dh_key *key); -/* here we can support either one or both */ +int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh_key *key); +int dh_set_pg_groupsize(int groupsize, dh_key *key); + int dh_set_key(const unsigned char *pub, unsigned long publen, const unsigned char *priv, unsigned long privlen, dh_key *key); +int dh_make_key(prng_state *prng, int wprng, dh_key *key); + +int dh_shared_secret(dh_key *private_key, dh_key *public_key, + unsigned char *out, unsigned long *outlen); + +void dh_free(dh_key *key); int dh_export_radix(int radix, void *out, unsigned long *outlen, int type, dh_key *key); -int dh_shared_secret(dh_key *private_key, dh_key *public_key, - unsigned char *out, unsigned long *outlen); - #ifdef LTC_SOURCE /* internal helper functions */ int dh_check_pubkey(dh_key *key); diff --git a/src/pk/dh/dh_make_key.c b/src/pk/dh/dh_make_key.c index 96bd364..69eaf3c 100644 --- a/src/pk/dh/dh_make_key.c +++ b/src/pk/dh/dh_make_key.c @@ -42,31 +42,25 @@ static int _dh_groupsize_to_keysize(int groupsize) } } -static int _dh_make_key(prng_state *prng, int wprng, void *prime, void *base, dh_key *key) +int dh_make_key(prng_state *prng, int wprng, dh_key *key) { unsigned char *buf; unsigned long keysize; int err, max_iterations = PK_MAX_RETRIES; - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(prng != NULL); - LTC_ARGCHK(prime != NULL); - LTC_ARGCHK(base != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(key->x != NULL); + LTC_ARGCHK(key->y != NULL); + LTC_ARGCHK(key->base != NULL); + LTC_ARGCHK(key->prime != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + LTC_ARGCHK(prng != NULL); /* good prng? */ if ((err = prng_is_valid(wprng)) != CRYPT_OK) { return err; } - /* init big numbers */ - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) { - return err; - } - - /* load the prime and the base */ - if ((err = mp_copy(base, key->base)) != CRYPT_OK) { goto freemp; } - if ((err = mp_copy(prime, key->prime)) != CRYPT_OK) { goto freemp; } - keysize = _dh_groupsize_to_keysize(mp_unsigned_bin_size(key->prime)); if (keysize == 0) { err = CRYPT_INVALID_KEYSIZE; @@ -106,100 +100,6 @@ freemp: return err; } -/** - Make a DH key (custom DH group) [private key pair] - @param prng An active PRNG state - @param wprng The index for the PRNG you desire to use - @param prime_hex The prime p (hexadecimal string) - @param base_hex The base g (hexadecimal string) - @param key [out] Where the newly created DH key will be stored - @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically. -*/ -int dh_make_key_ex(prng_state *prng, int wprng, int radix, - void *prime, unsigned long primelen, - void *base, unsigned long baselen, - dh_key *key) -{ - void *p, *b; - int err; - - LTC_ARGCHK(prime != NULL); - LTC_ARGCHK(base != NULL); - LTC_ARGCHK((radix >= 2 && radix <= 64) || radix == 256); - - if ((err = mp_init_multi(&p, &b, NULL)) != CRYPT_OK) { return err; } - if (radix == 256) { - if ((err = mp_read_unsigned_bin(b, base, baselen)) != CRYPT_OK) { goto error; } - if ((err = mp_read_unsigned_bin(p, prime, primelen)) != CRYPT_OK) { goto error; } - } - else { - if ((err = mp_read_radix(b, base, radix)) != CRYPT_OK) { goto error; } - if ((err = mp_read_radix(p, prime, radix)) != CRYPT_OK) { goto error; } - } - err = _dh_make_key(prng, wprng, p, b, key); - -error: - mp_clear_multi(p, b, NULL); - return err; -} - -/** - Make a DH key (use built-in DH groups) [private key pair] - @param prng An active PRNG state - @param wprng The index for the PRNG you desire to use - @param groupsize The size (octets) of used DH group - @param key [out] Where the newly created DH key will be stored - @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically. -*/ -int dh_make_key(prng_state *prng, int wprng, int groupsize, dh_key *key) -{ - int i; - - LTC_ARGCHK(groupsize > 0); - - for (i = 0; (groupsize > ltc_dh_sets[i].size) && (ltc_dh_sets[i].size != 0); i++); - if (ltc_dh_sets[i].size == 0) return CRYPT_INVALID_KEYSIZE; - - return dh_make_key_ex(prng, wprng, 16, - ltc_dh_sets[i].prime, strlen(ltc_dh_sets[i].prime) + 1, - ltc_dh_sets[i].base, strlen(ltc_dh_sets[i].base) + 1, - key); -} - -/** - Make a DH key (dhparam data: openssl dhparam -outform DER -out dhparam.der 2048) - @param prng An active PRNG state - @param wprng The index for the PRNG you desire to use - @param dhparam The DH param DER encoded data - @param dhparamlen The length of dhparam data - @param key [out] Where the newly created DH key will be stored - @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically. -*/ -int dh_make_key_dhparam(prng_state *prng, int wprng, unsigned char *dhparam, unsigned long dhparamlen, dh_key *key) -{ - void *prime, *base; - int err; - - LTC_ARGCHK(dhparam != NULL); - LTC_ARGCHK(dhparamlen > 0); - - if ((err = mp_init_multi(&prime, &base, NULL)) != CRYPT_OK) { - return err; - } - if ((err = der_decode_sequence_multi(dhparam, dhparamlen, - LTC_ASN1_INTEGER, 1UL, prime, - LTC_ASN1_INTEGER, 1UL, base, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto error; - } - err = _dh_make_key(prng, wprng, prime, base, key); - -error: - mp_clear_multi(prime, base, NULL); - return err; -} - - #endif /* LTC_MDH */ /* ref: $Format:%D$ */ diff --git a/src/pk/dh/dh_set.c b/src/pk/dh/dh_set.c index 6ca61d0..820ca22 100644 --- a/src/pk/dh/dh_set.c +++ b/src/pk/dh/dh_set.c @@ -50,6 +50,82 @@ LBL_ERR: return err; } +/** + Import DH key parts p and g from dhparam + + dhparam data: openssl dhparam -outform DER -out dhparam.der 2048 + + @param dhparam The DH param DER encoded data + @param dhparamlen The length of dhparam data + @param key [out] Where the newly created DH key will be stored + @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically. +*/ +int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh_key *key) +{ + int err; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(key->x == NULL); + LTC_ARGCHK(key->y == NULL); + LTC_ARGCHK(key->base == NULL); + LTC_ARGCHK(key->prime == NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + LTC_ARGCHK(dhparam != NULL); + LTC_ARGCHK(dhparamlen > 0); + + if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) { + return err; + } + if ((err = der_decode_sequence_multi(dhparam, dhparamlen, + LTC_ASN1_INTEGER, 1UL, key->prime, + LTC_ASN1_INTEGER, 1UL, key->base, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + goto LBL_ERR; + } + + return CRYPT_OK; + +LBL_ERR: + dh_free(key); + return err; +} + +/** + Import DH key parts p and g from built-in DH groups + + @param dhparam The DH param DER encoded data + @param dhparamlen The length of dhparam data + @param key [out] Where the newly created DH key will be stored + @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically. +*/ +int dh_set_pg_groupsize(int groupsize, dh_key *key) +{ + int err, i; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(key->x == NULL); + LTC_ARGCHK(key->y == NULL); + LTC_ARGCHK(key->base == NULL); + LTC_ARGCHK(key->prime == NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + LTC_ARGCHK(groupsize > 0); + + for (i = 0; (groupsize > ltc_dh_sets[i].size) && (ltc_dh_sets[i].size != 0); i++); + if (ltc_dh_sets[i].size == 0) return CRYPT_INVALID_KEYSIZE; + + if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) { + return err; + } + if ((err = mp_read_radix(key->base, ltc_dh_sets[i].base, 16)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_radix(key->prime, ltc_dh_sets[i].prime, 16)) != CRYPT_OK) { goto LBL_ERR; } + + return CRYPT_OK; + +LBL_ERR: + dh_free(key); + return err; +} + /** Import DH key parts pub and priv from raw numbers diff --git a/tests/dh_test.c b/tests/dh_test.c index dae366d..077157c 100644 --- a/tests/dh_test.c +++ b/tests/dh_test.c @@ -60,7 +60,7 @@ done: static int _dhparam_test(void) { - dh_key k; + dh_key k = LTC_DH_KEY_INITIALIZER; unsigned char buf[1024]; /* generated by: openssl dhparam -outform der -out dhparam.der 2048 */ unsigned char dhparam_der[] = { @@ -126,7 +126,8 @@ static int _dhparam_test(void) 0x98, 0xcb }; - DO(dh_make_key_dhparam(&yarrow_prng, find_prng ("yarrow"), dhparam_der, sizeof(dhparam_der), &k)); + DO(dh_set_pg_dhparam(dhparam_der, sizeof(dhparam_der), &k)); + DO(dh_make_key(&yarrow_prng, find_prng ("yarrow"), &k)); if (mp_unsigned_bin_size(k.prime) > sizeof(buf)) { printf("dhparam_test: short buf\n"); dh_free(&k); @@ -316,11 +317,6 @@ static int _radix_test(void) unsigned char key_parts[4][512]; unsigned long key_lens[4]; - if (register_prng(&yarrow_desc) == -1) { - printf("Error registering yarrow PRNG\n"); - return CRYPT_ERROR; - } - for (i = 0; i < 4; i++) { for (j = 0; j < 4; ++j) { key_lens[j] = sizeof(key_parts[j]); @@ -408,8 +404,14 @@ static int _radix_test(void) } dh_free(&k2); - DO(dh_make_key_ex(&yarrow_prng, find_prng("yarrow"), test[i].radix, - test[i].p, test[i].plen, test[i].g, test[i].glen, &k3)); + if(test[i].radix != 256) { + DO(dh_set_pg(key_parts[2], key_lens[2], key_parts[3], key_lens[3], &k3)); + } + else { + DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k3)); + } + + DO(dh_make_key(&yarrow_prng, find_prng("yarrow"), &k3)); len = mp_unsigned_bin_size(k3.prime); DO(mp_to_unsigned_bin(k3.prime, buf)); if (compare_testvector(buf, len, pbin, sizeof(pbin), "radix_test", i*10 + 8)) { @@ -435,20 +437,14 @@ static int _basic_test(void) unsigned char buf[3][4096]; unsigned long x, y, z; int size; - dh_key usera, userb; - - if (register_prng(&yarrow_desc) == -1) { - printf("Error registering yarrow PRNG\n"); - return CRYPT_ERROR; - } - if (register_hash(&md5_desc) == -1) { - printf("Error registering md5 hash\n"); - return CRYPT_ERROR; - } + dh_key usera = LTC_DH_KEY_INITIALIZER; + dh_key userb = LTC_DH_KEY_INITIALIZER; /* make up two keys */ - DO(dh_make_key (&yarrow_prng, find_prng ("yarrow"), KEYSIZE/8, &usera)); - DO(dh_make_key (&yarrow_prng, find_prng ("yarrow"), KEYSIZE/8, &userb)); + DO(dh_set_pg_groupsize(KEYSIZE/8, &usera)); + DO(dh_make_key(&yarrow_prng, find_prng ("yarrow"), &usera)); + DO(dh_set_pg_groupsize(KEYSIZE/8, &userb)); + DO(dh_make_key(&yarrow_prng, find_prng ("yarrow"), &userb)); /* make the shared secret */ x = KEYSIZE; @@ -492,17 +488,14 @@ static int _basic_test(void) } for (x = 0; ltc_dh_sets[x].size != 0; x++) { - DO(dh_make_key(&yarrow_prng, find_prng ("yarrow"), ltc_dh_sets[x].size, &usera)); + DO(dh_set_pg_groupsize(ltc_dh_sets[x].size, &usera)); + DO(dh_make_key(&yarrow_prng, find_prng ("yarrow"), &usera)); size = dh_get_groupsize(&usera); dh_free(&usera); if (size != ltc_dh_sets[x].size) { fprintf(stderr, "dh_groupsize mismatch %d %d\n", size, ltc_dh_sets[x].size); return CRYPT_ERROR; } - DO(dh_make_key_ex(&yarrow_prng, find_prng ("yarrow"), 16, - ltc_dh_sets[x].prime, strlen(ltc_dh_sets[x].prime) + 1, - ltc_dh_sets[x].base, strlen(ltc_dh_sets[x].base) + 1, - &usera)); dh_free(&usera); } From f226efc9a9a8ac71dc04f1adcfd4fc9c81f1598b Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 27 Jun 2017 21:54:21 +0200 Subject: [PATCH 14/38] Update makefiles --- libtomcrypt_VS2008.vcproj | 4 ++-- makefile.mingw | 2 +- makefile.msvc | 2 +- makefile.unix | 2 +- makefile_include.mk | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/libtomcrypt_VS2008.vcproj b/libtomcrypt_VS2008.vcproj index 8e1bc17..0ef4013 100644 --- a/libtomcrypt_VS2008.vcproj +++ b/libtomcrypt_VS2008.vcproj @@ -2075,11 +2075,11 @@ > Date: Tue, 27 Jun 2017 22:09:21 +0200 Subject: [PATCH 15/38] re-factor dh_export_radix() to dh_export_key() --- src/headers/tomcrypt_pk.h | 5 ++--- src/pk/dh/dh_export_radix.c | 29 ++++------------------------- tests/dh_test.c | 20 +++----------------- 3 files changed, 9 insertions(+), 45 deletions(-) diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index fcb74da..b73b8c0 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -236,9 +236,8 @@ int dh_shared_secret(dh_key *private_key, dh_key *public_key, void dh_free(dh_key *key); -int dh_export_radix(int radix, - void *out, unsigned long *outlen, - int type, dh_key *key); +int dh_export_key(void *out, unsigned long *outlen, + int type, dh_key *key); #ifdef LTC_SOURCE /* internal helper functions */ diff --git a/src/pk/dh/dh_export_radix.c b/src/pk/dh/dh_export_radix.c index 301fd7f..d48c011 100644 --- a/src/pk/dh/dh_export_radix.c +++ b/src/pk/dh/dh_export_radix.c @@ -11,35 +11,15 @@ #ifdef LTC_MDH -static unsigned long _count_digits(int radix, void *num) -{ - void *r, *t; - unsigned long digits = 0; - - if (mp_iszero(num) == LTC_MP_YES) return 1; - if (mp_init_multi(&t, &r, NULL) != CRYPT_OK) return 0; - mp_copy(num, t); - mp_set_int(r, radix); - while (mp_iszero(t) == LTC_MP_NO) { - if (mp_div(t, r, t, NULL) != CRYPT_OK) { - mp_clear_multi(t, r, NULL); - return 0; - } - digits++; - } - mp_clear_multi(t, r, NULL); - return digits; -} - /** - Export a DH key to a binary packet + Binary export a DH key to a buffer @param out [out] The destination for the key @param outlen [in/out] The max size and resulting size of the DH key @param type Which type of key (PK_PRIVATE or PK_PUBLIC) @param key The key you wish to export @return CRYPT_OK if successful */ -int dh_export_radix(int radix, void *out, unsigned long *outlen, int type, dh_key *key) +int dh_export_key(void *out, unsigned long *outlen, int type, dh_key *key) { unsigned long len; void *k; @@ -47,10 +27,9 @@ int dh_export_radix(int radix, void *out, unsigned long *outlen, int type, dh_ke LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); LTC_ARGCHK(key != NULL); - LTC_ARGCHK((radix >= 2 && radix <= 64) || radix == 256); k = (type == PK_PRIVATE) ? key->x : key->y; - len = (radix == 256) ? mp_unsigned_bin_size(k) : _count_digits(radix, k) + 1; + len = mp_unsigned_bin_size(k); if (*outlen < len) { *outlen = len; @@ -58,7 +37,7 @@ int dh_export_radix(int radix, void *out, unsigned long *outlen, int type, dh_ke } *outlen = len; - return (radix == 256) ? mp_to_unsigned_bin(k, out) : mp_toradix(k, out, radix); + return mp_to_unsigned_bin(k, out); } #endif /* LTC_MDH */ diff --git a/tests/dh_test.c b/tests/dh_test.c index 077157c..1cf6c22 100644 --- a/tests/dh_test.c +++ b/tests/dh_test.c @@ -350,33 +350,19 @@ static int _radix_test(void) return CRYPT_ERROR; } len = sizeof(buf); - DO(dh_export_radix(256, buf, &len, PK_PRIVATE, &k1)); + DO(dh_export_key(buf, &len, PK_PRIVATE, &k1)); if (compare_testvector(buf, len, xbin, sizeof(xbin), "radix_test", i*10 + 2)) { printf("radix_test: dh_export+PK_PRIVATE mismatch\n"); dh_free(&k1); return CRYPT_ERROR; } len = sizeof(buf); - DO(dh_export_radix(256, buf, &len, PK_PUBLIC, &k1)); + DO(dh_export_key(buf, &len, PK_PUBLIC, &k1)); if (compare_testvector(buf, len, ybin, sizeof(ybin), "radix_test", i*10 + 3)) { printf("radix_test: dh_export+PK_PUBLIC mismatch\n"); dh_free(&k1); return CRYPT_ERROR; } - len = sizeof(buf); - DO(dh_export_radix(47, buf, &len, PK_PRIVATE, &k1)); - if (compare_testvector(buf, len, xr47, strlen(xr47)+1, "radix_test", i*10 + 4)) { - printf("radix_test: dh_export+PK_PRIVATE mismatch\n"); - dh_free(&k1); - return CRYPT_ERROR; - } - len = sizeof(buf); - DO(dh_export_radix(47, buf, &len, PK_PUBLIC, &k1)); - if (compare_testvector(buf, len, yr47, strlen(yr47)+1, "radix_test", i*10 + 5)) { - printf("radix_test: dh_export+PK_PUBLIC mismatch\n"); - dh_free(&k1); - return CRYPT_ERROR; - } dh_free(&k1); if(test[i].radix != 256) { @@ -396,7 +382,7 @@ static int _radix_test(void) return CRYPT_ERROR; } len = sizeof(buf); - DO(dh_export_radix(256, buf, &len, PK_PUBLIC, &k2)); + DO(dh_export_key(buf, &len, PK_PUBLIC, &k2)); if (compare_testvector(buf, len, ybin, sizeof(ybin), "radix_test", i*10 + 7)) { printf("radix_test: dh_export+PK_PUBLIC mismatch\n"); dh_free(&k2); From f2f113880bc66ac5d264a9c1c1862a04954e407e Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 27 Jun 2017 22:10:07 +0200 Subject: [PATCH 16/38] also rename file --- src/pk/dh/{dh_export_radix.c => dh_export_key.c} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename src/pk/dh/{dh_export_radix.c => dh_export_key.c} (100%) diff --git a/src/pk/dh/dh_export_radix.c b/src/pk/dh/dh_export_key.c similarity index 100% rename from src/pk/dh/dh_export_radix.c rename to src/pk/dh/dh_export_key.c From 37ce78fdc8bd95b6809c0142511f8c261655aa76 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 27 Jun 2017 22:10:10 +0200 Subject: [PATCH 17/38] Update makefiles --- libtomcrypt_VS2008.vcproj | 2 +- makefile.mingw | 2 +- makefile.msvc | 2 +- makefile.unix | 2 +- makefile_include.mk | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/libtomcrypt_VS2008.vcproj b/libtomcrypt_VS2008.vcproj index 0ef4013..2efe0f5 100644 --- a/libtomcrypt_VS2008.vcproj +++ b/libtomcrypt_VS2008.vcproj @@ -2063,7 +2063,7 @@ > Date: Wed, 28 Jun 2017 13:27:10 +0200 Subject: [PATCH 18/38] introduce mp_cleanup_multi() --- src/headers/tomcrypt_math.h | 2 ++ src/math/multi.c | 17 +++++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/src/headers/tomcrypt_math.h b/src/headers/tomcrypt_math.h index 3fa74f2..a52fb9d 100644 --- a/src/headers/tomcrypt_math.h +++ b/src/headers/tomcrypt_math.h @@ -493,6 +493,7 @@ extern ltc_math_descriptor ltc_mp; int ltc_init_multi(void **a, ...); void ltc_deinit_multi(void *a, ...); +void ltc_cleanup_multi(void **a, ...); #ifdef LTM_DESC extern const ltc_math_descriptor ltm_desc; @@ -515,6 +516,7 @@ extern const ltc_math_descriptor gmp_desc; #define mp_init_multi ltc_init_multi #define mp_clear(a) ltc_mp.deinit(a) #define mp_clear_multi ltc_deinit_multi +#define mp_cleanup_multi ltc_cleanup_multi #define mp_init_copy(a, b) ltc_mp.init_copy(a, b) #define mp_neg(a, b) ltc_mp.neg(a, b) diff --git a/src/math/multi.c b/src/math/multi.c index bfed3ce..da5bb60 100644 --- a/src/math/multi.c +++ b/src/math/multi.c @@ -53,6 +53,23 @@ void ltc_deinit_multi(void *a, ...) va_end(args); } +void ltc_cleanup_multi(void **a, ...) +{ + void **cur = a; + va_list args; + + va_start(args, a); + while (cur != NULL) { + if (*cur != NULL) { + mp_clear(*cur); + *cur = NULL; + } + cur = va_arg(args, void**); + } + va_end(args); + return; +} + #endif /* ref: $Format:%D$ */ From ed149c9396a9109db50085d85c8c6e435730d1ae Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 28 Jun 2017 14:02:25 +0200 Subject: [PATCH 19/38] add tests for radix_to_bin() --- tests/mpi_test.c | 147 ++++++++++++++++++++++++++++++++++++++++++ tests/test.c | 1 + tests/tomcrypt_test.h | 1 + 3 files changed, 149 insertions(+) create mode 100644 tests/mpi_test.c diff --git a/tests/mpi_test.c b/tests/mpi_test.c new file mode 100644 index 0000000..a5e2161 --- /dev/null +++ b/tests/mpi_test.c @@ -0,0 +1,147 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ +#include + +#ifdef LTC_MPI +static int _radix_to_bin_test(void) +{ + /* RADIX 16 */ + char *ghex = "2"; + char *phex = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22" + "514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6" + "F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" + "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB" + "9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E8603" + "9B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA0510" + "15728E5A8AACAA68FFFFFFFFFFFFFFFF"; + char *xhex = "A6681ADC386CE944C3DED9A7301DCC9C518250E3EDB62F959198F8DC0057DD6FB57ABAFD788198B1"; + char *yhex = "39046632C834418DFA07B3091538B614D1FB5DBB785C0FBEA3B98B295BC0CD076A88D9452141A269" + "E8BAEB1DD654EBA03A5705318D129754CDF4003A8C399240FBB8F162490F6F0DC70E414B6FEE8808" + "6AFAA48E9F3A248EDC093452663D34E0E809D4F6BADBB36F80B6813EBF7C3281B862209E5604BDEA" + "8B8F5F7BFDC3EEB7ADB73048289BCEA0F5A5CDEE7DF91CD1F0BA632F06DBE9BA7EF014B84B02D497" + "CA7D0C60F734752A649DA496946B4E531B30D9F82EDD855636C0B0F2AE232E4186454E8887BB423E" + "32A5A2495EACBA99620ACD03A38345EBB6735E62330A8EE9AA6C8370410F5CD45AF37EE90A0DA95B" + "E96FC939E88FE0BD2CD09FC8F524208C"; + /* RADIX 47 */ + char *gr47 = "2"; + char *pr47 = "F27Mg1SadOFIRbDOJ5dHgHiVF02Z1LHHQ6G5SLG2U8aTdfH1ETk4GARRE7WW99dBUBLb9e2OHFIaSM1A" + "ag2LNNjgYa9I9CjQGJihL3J7A2SGQe8j5Ch8EHMj5jVbAYDiQKhhPhM6Hc56fKS40GUfJkGO7KJ6EXZQ" + "VgbSa2AkPC65F91g0PaYie8AGNVaFKaV9HOQf3ia1iW4i6eCOB9CcBbH7TbQij8AEgjZ0VRBcLKc6UYO" + "1Zc3I2Jc0h1H2HBEH8ONI3OYBbaPV6XhAd8WCc60D0RDBU3H9U7cWL28a0c90XNO0dh5RXEFBbUCE2ZG" + "gh9XQSVIHkVbFIS5F5IGVOkiWAVc9i8BHB2V0UbGW6UdRTZVV"; + char *xr47 = "6bhO7O9NWFRgEMjdU0Y5POj3c1JP15MYEdIg3FO1PEjUY2aGYNSXcaF01R"; + char *yr47 = "3GNPNWEYfKML1cIbI7Cc1Z0O7aQLJgB734dO2i56LLYDdI4gHYk2GAbQH2WI97hNeC7dj3fPEH8I9gV9" + "U323AXj1AJXbFPFIHGOTdC29QUUeH2SSc6NWhfQDDXd5Q5iXCKEAUGX3SKcNFIfVOYJgZCLjfHYQdgOQ" + "GCjKNgbEV7Hj34MU3b79iANX2DbMYfb9iGi78BWH2HYAd7IAhk7U0OYGHKJX1bIUUj1KBLhAUg46GaER" + "G9W3ARMfBCj6kSdDF9TdkWAjWTDj722IeVJERC4bKU2VDFG20kDhCMF985efD1SS8DfXcdCHF1kDUkSA" + "884FHYiFEPkaagQOBQaN9BNaEHNbbd002DCIIX5eMP4HgPJPF"; + /* RADIX 64 */ + char *gr64 = "2"; + char *pr64 = "3//////////yaFsg8XQC8qnCPYYu3S7D4f0au8YcVCT08BlgOx4viYKKe8UOuq1DtlbHcppJf36p0h2c" + "toNnGtJ+4rRMrHmaNaXRLsObv+nlHCGkccD+rh2/zSjlG6j+tkE6lxMecVfQwV915yIn/cIIXcKUpaMp" + "t207oueME/1PZQI3OSLTEQQHO/gFqapr+3PLqZtAEjbXnYyrOWXLAxdjKf1t2Mbcrd33LEIhoO1F5qR0" + "ZA625yCf1UHYuspZlZddSi60w60vidWwBi1wAFjSLTy6zCKidUAylsbLWN63cLINpgbMhb5T8c69Zw1H" + "0LSevQYgogQF//////////"; + char *xr64 = "2cQ1hSE6pfHCFUsQSm7SoSKO9Gu+ssBvMHcFZS05VTRxLwklruWPYn"; + char *yr64 = "v16Ooo3H1ZVe7imaLEBOKqVjTktXS3xwZkOifMy3D1sg8sKKXGQ9fwBhh7TPKww0wLmKnZHANLCtq03g" + "CEP90+xZnOaaFRmt73a5BR+w826hwf8wVEYIEt0aqKcOzDE3e2TJskjkpRu2sWJw/V3A1k68WdbO4lUg" + "BZrzx/SFkjwstC4WecywWzQNDxdtv7D7mkcCl1jlfkdxm5BXB0jINodqCOFSqTIfadQIMb6jEKnimsVW" + "ktOLMDi2myguZBa66HKw8Xxj2FZAbeabUhBgPOWhD0wE3HUksSrvYCmgEwQfiWt113rpKMlD+wGeDgLl" + "fRyavw8/WlIpGdyZr922C"; + /* RADIX 256 */ + unsigned char gbin[] = { 0x02 }; + unsigned char pbin[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, + 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, + 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, + 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, + 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, + 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, + 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, + 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, + 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF + }; + unsigned char xbin[] = { + 0xA6, 0x68, 0x1A, 0xDC, 0x38, 0x6C, 0xE9, 0x44, 0xC3, 0xDE, 0xD9, 0xA7, 0x30, 0x1D, 0xCC, 0x9C, + 0x51, 0x82, 0x50, 0xE3, 0xED, 0xB6, 0x2F, 0x95, 0x91, 0x98, 0xF8, 0xDC, 0x00, 0x57, 0xDD, 0x6F, + 0xB5, 0x7A, 0xBA, 0xFD, 0x78, 0x81, 0x98, 0xB1 + }; + unsigned char ybin[] = { + 0x39, 0x04, 0x66, 0x32, 0xC8, 0x34, 0x41, 0x8D, 0xFA, 0x07, 0xB3, 0x09, 0x15, 0x38, 0xB6, 0x14, + 0xD1, 0xFB, 0x5D, 0xBB, 0x78, 0x5C, 0x0F, 0xBE, 0xA3, 0xB9, 0x8B, 0x29, 0x5B, 0xC0, 0xCD, 0x07, + 0x6A, 0x88, 0xD9, 0x45, 0x21, 0x41, 0xA2, 0x69, 0xE8, 0xBA, 0xEB, 0x1D, 0xD6, 0x54, 0xEB, 0xA0, + 0x3A, 0x57, 0x05, 0x31, 0x8D, 0x12, 0x97, 0x54, 0xCD, 0xF4, 0x00, 0x3A, 0x8C, 0x39, 0x92, 0x40, + 0xFB, 0xB8, 0xF1, 0x62, 0x49, 0x0F, 0x6F, 0x0D, 0xC7, 0x0E, 0x41, 0x4B, 0x6F, 0xEE, 0x88, 0x08, + 0x6A, 0xFA, 0xA4, 0x8E, 0x9F, 0x3A, 0x24, 0x8E, 0xDC, 0x09, 0x34, 0x52, 0x66, 0x3D, 0x34, 0xE0, + 0xE8, 0x09, 0xD4, 0xF6, 0xBA, 0xDB, 0xB3, 0x6F, 0x80, 0xB6, 0x81, 0x3E, 0xBF, 0x7C, 0x32, 0x81, + 0xB8, 0x62, 0x20, 0x9E, 0x56, 0x04, 0xBD, 0xEA, 0x8B, 0x8F, 0x5F, 0x7B, 0xFD, 0xC3, 0xEE, 0xB7, + 0xAD, 0xB7, 0x30, 0x48, 0x28, 0x9B, 0xCE, 0xA0, 0xF5, 0xA5, 0xCD, 0xEE, 0x7D, 0xF9, 0x1C, 0xD1, + 0xF0, 0xBA, 0x63, 0x2F, 0x06, 0xDB, 0xE9, 0xBA, 0x7E, 0xF0, 0x14, 0xB8, 0x4B, 0x02, 0xD4, 0x97, + 0xCA, 0x7D, 0x0C, 0x60, 0xF7, 0x34, 0x75, 0x2A, 0x64, 0x9D, 0xA4, 0x96, 0x94, 0x6B, 0x4E, 0x53, + 0x1B, 0x30, 0xD9, 0xF8, 0x2E, 0xDD, 0x85, 0x56, 0x36, 0xC0, 0xB0, 0xF2, 0xAE, 0x23, 0x2E, 0x41, + 0x86, 0x45, 0x4E, 0x88, 0x87, 0xBB, 0x42, 0x3E, 0x32, 0xA5, 0xA2, 0x49, 0x5E, 0xAC, 0xBA, 0x99, + 0x62, 0x0A, 0xCD, 0x03, 0xA3, 0x83, 0x45, 0xEB, 0xB6, 0x73, 0x5E, 0x62, 0x33, 0x0A, 0x8E, 0xE9, + 0xAA, 0x6C, 0x83, 0x70, 0x41, 0x0F, 0x5C, 0xD4, 0x5A, 0xF3, 0x7E, 0xE9, 0x0A, 0x0D, 0xA9, 0x5B, + 0xE9, 0x6F, 0xC9, 0x39, 0xE8, 0x8F, 0xE0, 0xBD, 0x2C, 0xD0, 0x9F, 0xC8, 0xF5, 0x24, 0x20, 0x8C + }; + + struct { + int radix; + void* g; int glen; + void* p; int plen; + void* x; int xlen; + void* y; int ylen; + } test[4] = { + { 256, gbin, sizeof(gbin), pbin, sizeof(pbin), xbin, sizeof(xbin), ybin, sizeof(ybin) }, + { 16, ghex, strlen(ghex)+1, phex, strlen(phex)+1, xhex, strlen(xhex)+1, yhex, strlen(yhex)+1 }, + { 47, gr47, strlen(gr47)+1, pr47, strlen(pr47)+1, xr47, strlen(xr47)+1, yr47, strlen(yr47)+1 }, + { 64, gr64, strlen(gr64)+1, pr64, strlen(pr64)+1, xr64, strlen(xr64)+1, yr64, strlen(yr64)+1 }, + }; + int i, j; + unsigned char key_parts[4][256]; + unsigned long key_lens[4]; + + for (i = 1; i < 4; i++) { + for (j = 0; j < 4; ++j) { + key_lens[j] = sizeof(key_parts[j]); + } + DO(radix_to_bin(test[i].x, test[i].radix, key_parts[0], &key_lens[0])); + DO(radix_to_bin(test[i].y, test[i].radix, key_parts[1], &key_lens[1])); + DO(radix_to_bin(test[i].p, test[i].radix, key_parts[2], &key_lens[2])); + DO(radix_to_bin(test[i].g, test[i].radix, key_parts[3], &key_lens[3])); + + if (compare_testvector(key_parts[0], key_lens[0], test[0].x, test[0].xlen, "radix_to_bin(x)", i)) return CRYPT_FAIL_TESTVECTOR; + if (compare_testvector(key_parts[1], key_lens[1], test[0].y, test[0].ylen, "radix_to_bin(y)", i)) return CRYPT_FAIL_TESTVECTOR; + if (compare_testvector(key_parts[2], key_lens[2], test[0].p, test[0].plen, "radix_to_bin(p)", i)) return CRYPT_FAIL_TESTVECTOR; + if (compare_testvector(key_parts[3], key_lens[3], test[0].g, test[0].glen, "radix_to_bin(g)", i)) return CRYPT_FAIL_TESTVECTOR; + } + return CRYPT_OK; +} + +int mpi_test(void) +{ + return _radix_to_bin_test(); +} +#else +int mpi_test(void) +{ + return CRYPT_NOP; +} +#endif + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/tests/test.c b/tests/test.c index 785617b..990404c 100644 --- a/tests/test.c +++ b/tests/test.c @@ -24,6 +24,7 @@ static const test_function test_functions[] = LTC_TEST_FN(store_test), LTC_TEST_FN(rotate_test), LTC_TEST_FN(misc_test), + LTC_TEST_FN(mpi_test), LTC_TEST_FN(cipher_hash_test), LTC_TEST_FN(mac_test), LTC_TEST_FN(modes_test), diff --git a/tests/tomcrypt_test.h b/tests/tomcrypt_test.h index 440180c..c2e4646 100644 --- a/tests/tomcrypt_test.h +++ b/tests/tomcrypt_test.h @@ -60,6 +60,7 @@ int base64_test(void); int file_test(void); int multi_test(void); int prng_test(void); +int mpi_test(void); #ifdef LTC_PKCS_1 struct ltc_prng_descriptor* no_prng_desc_get(void); From 24946d08b7496cf4dd126354ad0dbb768a8de446 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 28 Jun 2017 14:19:12 +0200 Subject: [PATCH 20/38] use mp_cleanup_multi() --- src/pk/dh/dh_free.c | 17 +---------------- src/pk/dsa/dsa_free.c | 3 ++- src/pk/rsa/rsa_free.c | 2 +- 3 files changed, 4 insertions(+), 18 deletions(-) diff --git a/src/pk/dh/dh_free.c b/src/pk/dh/dh_free.c index 8ca1f65..965ff24 100644 --- a/src/pk/dh/dh_free.c +++ b/src/pk/dh/dh_free.c @@ -18,22 +18,7 @@ void dh_free(dh_key *key) { LTC_ARGCHKVD(key != NULL); - if ( key->base ) { - mp_clear( key->base ); - key->base = NULL; - } - if ( key->prime ) { - mp_clear( key->prime ); - key->prime = NULL; - } - if ( key->x ) { - mp_clear( key->x ); - key->x = NULL; - } - if ( key->y ) { - mp_clear( key->y ); - key->y = NULL; - } + mp_cleanup_multi(&key->base, &key->prime, &key->x, &key->y, NULL); } #endif /* LTC_MDH */ diff --git a/src/pk/dsa/dsa_free.c b/src/pk/dsa/dsa_free.c index 89b5c66..812464e 100644 --- a/src/pk/dsa/dsa_free.c +++ b/src/pk/dsa/dsa_free.c @@ -22,7 +22,8 @@ void dsa_free(dsa_key *key) { LTC_ARGCHKVD(key != NULL); - mp_clear_multi(key->g, key->q, key->p, key->x, key->y, NULL); + mp_cleanup_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL); + key->type = key->qord = 0; } #endif diff --git a/src/pk/rsa/rsa_free.c b/src/pk/rsa/rsa_free.c index 48039e4..1e62f09 100644 --- a/src/pk/rsa/rsa_free.c +++ b/src/pk/rsa/rsa_free.c @@ -22,7 +22,7 @@ void rsa_free(rsa_key *key) { LTC_ARGCHKVD(key != NULL); - mp_clear_multi(key->q, key->p, key->qP, key->dP, key->dQ, key->N, key->d, key->e, NULL); + mp_cleanup_multi(&key->q, &key->p, &key->qP, &key->dP, &key->dQ, &key->N, &key->d, &key->e, NULL); } #endif From cfff656e258187d3d6bc934d6589463675369d7a Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 28 Jun 2017 14:35:57 +0200 Subject: [PATCH 21/38] re-factor dsa_make_key() etc. --- demos/timing.c | 8 +- src/headers/tomcrypt_pk.h | 14 +- src/pk/dsa/dsa_generate_pqg.c | 248 ++++++++++++++++++++++++++++++++++ src/pk/dsa/dsa_import_radix.c | 69 ---------- src/pk/dsa/dsa_make_key.c | 248 +++------------------------------- src/pk/dsa/dsa_set.c | 105 ++++++++++++++ tests/dsa_test.c | 66 +++++---- 7 files changed, 425 insertions(+), 333 deletions(-) create mode 100644 src/pk/dsa/dsa_generate_pqg.c delete mode 100755 src/pk/dsa/dsa_import_radix.c create mode 100755 src/pk/dsa/dsa_set.c diff --git a/demos/timing.c b/demos/timing.c index cb249a5..d075958 100644 --- a/demos/timing.c +++ b/demos/timing.c @@ -646,7 +646,7 @@ static void time_prng(void) /* time various DSA operations */ static void time_dsa(void) { - dsa_key key; + dsa_key key = LTC_DSA_KEY_INITIALIZER; ulong64 t1, t2; unsigned long x, y; int err; @@ -665,7 +665,11 @@ static const struct { for (y = 0; y < 4; y++) { t_start(); t1 = t_read(); - if ((err = dsa_make_key(&yarrow_prng, find_prng("yarrow"), groups[x].group, groups[x].modulus, &key)) != CRYPT_OK) { + if ((err = dsa_generate_pqg(&yarrow_prng, find_prng("yarrow"), groups[x].group, groups[x].modulus, &key)) != CRYPT_OK) { + fprintf(stderr, "\n\ndsa_generate_pqg says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK)); + exit(EXIT_FAILURE); + } + if ((err = dsa_make_key_ex(&yarrow_prng, find_prng("yarrow"), &key)) != CRYPT_OK) { fprintf(stderr, "\n\ndsa_make_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK)); exit(EXIT_FAILURE); } diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index b73b8c0..963d0d1 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -442,9 +442,20 @@ typedef struct { void *y; } dsa_key; +#define LTC_DSA_KEY_INITIALIZER { PK_PUBLIC, 0, NULL, NULL, NULL, NULL, NULL } + int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key); -int dsa_make_key_ex(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key, char* p_hex, char* q_hex, char* g_hex); +int dsa_set_pqg(const unsigned char *p, unsigned long plen, + const unsigned char *q, unsigned long qlen, + const unsigned char *g, unsigned long glen, + dsa_key *key); +int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key); + +int dsa_set_key(const unsigned char *pub, unsigned long publen, + const unsigned char *priv, unsigned long privlen, + dsa_key *key); +int dsa_make_key_ex(prng_state *prng, int wprng, dsa_key *key); void dsa_free(dsa_key *key); @@ -473,7 +484,6 @@ int dsa_decrypt_key(const unsigned char *in, unsigned long inlen, unsigned char *out, unsigned long *outlen, dsa_key *key); -int dsa_import_radix(int radix, char *p, char *q, char *g, char *x, char *y, dsa_key *key); int dsa_import(const unsigned char *in, unsigned long inlen, dsa_key *key); int dsa_export(unsigned char *out, unsigned long *outlen, int type, dsa_key *key); int dsa_verify_key(dsa_key *key, int *stat); diff --git a/src/pk/dsa/dsa_generate_pqg.c b/src/pk/dsa/dsa_generate_pqg.c new file mode 100644 index 0000000..5d8c691 --- /dev/null +++ b/src/pk/dsa/dsa_generate_pqg.c @@ -0,0 +1,248 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ +#include "tomcrypt.h" + +/** + @file dsa_generate_pqg.c + DSA implementation - generate DSA parameters p, q & g +*/ + +#ifdef LTC_MDSA + +/** + Create DSA parameters (INTERNAL ONLY, not part of public API) + @param prng An active PRNG state + @param wprng The index of the PRNG desired + @param group_size Size of the multiplicative group (octets) + @param modulus_size Size of the modulus (octets) + @param p [out] bignum where generated 'p' is stored (must be initialized by caller) + @param q [out] bignum where generated 'q' is stored (must be initialized by caller) + @param g [out] bignum where generated 'g' is stored (must be initialized by caller) + @return CRYPT_OK if successful, upon error this function will free all allocated memory +*/ +static int _dsa_make_params(prng_state *prng, int wprng, int group_size, int modulus_size, void *p, void *q, void *g) +{ + unsigned long L, N, n, outbytes, seedbytes, counter, j, i; + int err, res, mr_tests_q, mr_tests_p, found_p, found_q, hash; + unsigned char *wbuf, *sbuf, digest[MAXBLOCKSIZE]; + void *t2L1, *t2N1, *t2q, *t2seedlen, *U, *W, *X, *c, *h, *e, *seedinc; + + /* check size */ + if (group_size >= LTC_MDSA_MAX_GROUP || group_size < 1 || group_size >= modulus_size) { + return CRYPT_INVALID_ARG; + } + + /* FIPS-186-4 A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function + * + * L = The desired length of the prime p (in bits e.g. L = 1024) + * N = The desired length of the prime q (in bits e.g. N = 160) + * seedlen = The desired bit length of the domain parameter seed; seedlen shallbe equal to or greater than N + * outlen = The bit length of Hash function + * + * 1. Check that the (L, N) + * 2. If (seedlen = 2^(L-1)) { + * Test whether or not p is prime as specified in Appendix C.3. + * If p is determined to be prime, then return VALID and the values of p, qand (optionally) the values of domain_parameter_seed and counter + * } + * offset = offset + n + 1 Comment: Increment offset + * } + */ + + seedbytes = group_size; + L = modulus_size * 8; + N = group_size * 8; + + /* XXX-TODO no Lucas test */ +#ifdef LTC_MPI_HAS_LUCAS_TEST + /* M-R tests (when followed by one Lucas test) according FIPS-186-4 - Appendix C.3 - table C.1 */ + mr_tests_p = (L <= 2048) ? 3 : 2; + if (N <= 160) { mr_tests_q = 19; } + else if (N <= 224) { mr_tests_q = 24; } + else { mr_tests_q = 27; } +#else + /* M-R tests (without Lucas test) according FIPS-186-4 - Appendix C.3 - table C.1 */ + if (L <= 1024) { mr_tests_p = 40; } + else if (L <= 2048) { mr_tests_p = 56; } + else { mr_tests_p = 64; } + + if (N <= 160) { mr_tests_q = 40; } + else if (N <= 224) { mr_tests_q = 56; } + else { mr_tests_q = 64; } +#endif + + if (N <= 256) { + hash = register_hash(&sha256_desc); + } + else if (N <= 384) { + hash = register_hash(&sha384_desc); + } + else if (N <= 512) { + hash = register_hash(&sha512_desc); + } + else { + return CRYPT_INVALID_ARG; /* group_size too big */ + } + + if ((err = hash_is_valid(hash)) != CRYPT_OK) { return err; } + outbytes = hash_descriptor[hash].hashsize; + + n = ((L + outbytes*8 - 1) / (outbytes*8)) - 1; + + if ((wbuf = XMALLOC((n+1)*outbytes)) == NULL) { err = CRYPT_MEM; goto cleanup3; } + if ((sbuf = XMALLOC(seedbytes)) == NULL) { err = CRYPT_MEM; goto cleanup2; } + + err = mp_init_multi(&t2L1, &t2N1, &t2q, &t2seedlen, &U, &W, &X, &c, &h, &e, &seedinc, NULL); + if (err != CRYPT_OK) { goto cleanup1; } + + if ((err = mp_2expt(t2L1, L-1)) != CRYPT_OK) { goto cleanup; } + /* t2L1 = 2^(L-1) */ + if ((err = mp_2expt(t2N1, N-1)) != CRYPT_OK) { goto cleanup; } + /* t2N1 = 2^(N-1) */ + if ((err = mp_2expt(t2seedlen, seedbytes*8)) != CRYPT_OK) { goto cleanup; } + /* t2seedlen = 2^seedlen */ + + for(found_p=0; !found_p;) { + /* q */ + for(found_q=0; !found_q;) { + if (prng_descriptor[wprng].read(sbuf, seedbytes, prng) != seedbytes) { err = CRYPT_ERROR_READPRNG; goto cleanup; } + i = outbytes; + if ((err = hash_memory(hash, sbuf, seedbytes, digest, &i)) != CRYPT_OK) { goto cleanup; } + if ((err = mp_read_unsigned_bin(U, digest, outbytes)) != CRYPT_OK) { goto cleanup; } + if ((err = mp_mod(U, t2N1, U)) != CRYPT_OK) { goto cleanup; } + if ((err = mp_add(t2N1, U, q)) != CRYPT_OK) { goto cleanup; } + if (!mp_isodd(q)) mp_add_d(q, 1, q); + if ((err = mp_prime_is_prime(q, mr_tests_q, &res)) != CRYPT_OK) { goto cleanup; } + if (res == LTC_MP_YES) found_q = 1; + } + + /* p */ + if ((err = mp_read_unsigned_bin(seedinc, sbuf, seedbytes)) != CRYPT_OK) { goto cleanup; } + if ((err = mp_add(q, q, t2q)) != CRYPT_OK) { goto cleanup; } + for(counter=0; counter < 4*L && !found_p; counter++) { + for(j=0; j<=n; j++) { + if ((err = mp_add_d(seedinc, 1, seedinc)) != CRYPT_OK) { goto cleanup; } + if ((err = mp_mod(seedinc, t2seedlen, seedinc)) != CRYPT_OK) { goto cleanup; } + /* seedinc = (seedinc+1) % 2^seed_bitlen */ + if ((i = mp_unsigned_bin_size(seedinc)) > seedbytes) { err = CRYPT_INVALID_ARG; goto cleanup; } + zeromem(sbuf, seedbytes); + if ((err = mp_to_unsigned_bin(seedinc, sbuf + seedbytes-i)) != CRYPT_OK) { goto cleanup; } + i = outbytes; + err = hash_memory(hash, sbuf, seedbytes, wbuf+(n-j)*outbytes, &i); + if (err != CRYPT_OK) { goto cleanup; } + } + if ((err = mp_read_unsigned_bin(W, wbuf, (n+1)*outbytes)) != CRYPT_OK) { goto cleanup; } + if ((err = mp_mod(W, t2L1, W)) != CRYPT_OK) { goto cleanup; } + if ((err = mp_add(W, t2L1, X)) != CRYPT_OK) { goto cleanup; } + if ((err = mp_mod(X, t2q, c)) != CRYPT_OK) { goto cleanup; } + if ((err = mp_sub_d(c, 1, p)) != CRYPT_OK) { goto cleanup; } + if ((err = mp_sub(X, p, p)) != CRYPT_OK) { goto cleanup; } + if (mp_cmp(p, t2L1) != LTC_MP_LT) { + /* p >= 2^(L-1) */ + if ((err = mp_prime_is_prime(p, mr_tests_p, &res)) != CRYPT_OK) { goto cleanup; } + if (res == LTC_MP_YES) { + found_p = 1; + } + } + } + } + + /* FIPS-186-4 A.2.1 Unverifiable Generation of the Generator g + * 1. e = (p - 1)/q + * 2. h = any integer satisfying: 1 < h < (p - 1) + * h could be obtained from a random number generator or from a counter that changes after each use + * 3. g = h^e mod p + * 4. if (g == 1), then go to step 2. + * + */ + + if ((err = mp_sub_d(p, 1, e)) != CRYPT_OK) { goto cleanup; } + if ((err = mp_div(e, q, e, c)) != CRYPT_OK) { goto cleanup; } + /* e = (p - 1)/q */ + i = mp_count_bits(p); + do { + do { + if ((err = rand_bn_bits(h, i, prng, wprng)) != CRYPT_OK) { goto cleanup; } + } while (mp_cmp(h, p) != LTC_MP_LT || mp_cmp_d(h, 2) != LTC_MP_GT); + if ((err = mp_sub_d(h, 1, h)) != CRYPT_OK) { goto cleanup; } + /* h is randon and 1 < h < (p-1) */ + if ((err = mp_exptmod(h, e, p, g)) != CRYPT_OK) { goto cleanup; } + } while (mp_cmp_d(g, 1) == LTC_MP_EQ); + + err = CRYPT_OK; +cleanup: + mp_clear_multi(t2L1, t2N1, t2q, t2seedlen, U, W, X, c, h, e, seedinc, NULL); +cleanup1: + XFREE(sbuf); +cleanup2: + XFREE(wbuf); +cleanup3: + return err; +} + +/** + Generate DSA parameters p, q & g + @param prng An active PRNG state + @param wprng The index of the PRNG desired + @param group_size Size of the multiplicative group (octets) + @param modulus_size Size of the modulus (octets) + @param key [out] Where to store the created key + @return CRYPT_OK if successful. +*/ +int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key) +{ + int err; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(key->x == NULL); + LTC_ARGCHK(key->y == NULL); + LTC_ARGCHK(key->p == NULL); + LTC_ARGCHK(key->g == NULL); + LTC_ARGCHK(key->q == NULL); + LTC_ARGCHK(key->qord == 0); + LTC_ARGCHK(ltc_mp.name != NULL); + + /* init mp_ints */ + if ((err = mp_init_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != CRYPT_OK) { + return err; + } + /* generate params */ + err = _dsa_make_params(prng, wprng, group_size, modulus_size, key->p, key->q, key->g); + if (err != CRYPT_OK) { goto cleanup; } + + key->qord = group_size; + + return CRYPT_OK; + +cleanup: + dsa_free(key); + return err; +} + +#endif + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/src/pk/dsa/dsa_import_radix.c b/src/pk/dsa/dsa_import_radix.c deleted file mode 100755 index 141030d..0000000 --- a/src/pk/dsa/dsa_import_radix.c +++ /dev/null @@ -1,69 +0,0 @@ -/* LibTomCrypt, modular cryptographic library -- Tom St Denis - * - * LibTomCrypt is a library that provides various cryptographic - * algorithms in a highly modular and flexible manner. - * - * The library is free for all purposes without any express - * guarantee it works. - */ -#include "tomcrypt.h" - -/** - Import DSA public or private key from raw numbers - @param radix the radix the numbers are represented in (2-64, 16 = hexadecimal) - @param p DSA's p in radix representation - @param q DSA's q in radix representation - @param g DSA's g in radix representation - @param x DSA's x in radix representation (only private key, NULL for public key) - @param y DSA's y in radix representation - @param key [out] the destination for the imported key - @return CRYPT_OK if successful, upon error allocated memory is freed -*/ - -#ifdef LTC_MDSA - -int dsa_import_radix(int radix, char *p, char *q, char *g, char *x, char *y, dsa_key *key) -{ - int err; - - LTC_ARGCHK(p != NULL); - LTC_ARGCHK(q != NULL); - LTC_ARGCHK(g != NULL); - LTC_ARGCHK(y != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* init key */ - err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); - if (err != CRYPT_OK) return err; - - if ((err = mp_read_radix(key->p , p , radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->q , q , radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->g , g , radix)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_radix(key->y , y , radix)) != CRYPT_OK) { goto LBL_ERR; } - if (x && strlen(x) > 0) { - key->type = PK_PRIVATE; - if ((err = mp_read_radix(key->x , x , radix)) != CRYPT_OK) { goto LBL_ERR; } - } - else { - key->type = PK_PUBLIC; - } - - key->qord = mp_unsigned_bin_size(key->q); - - if (key->qord >= LTC_MDSA_MAX_GROUP || key->qord <= 15 || - (unsigned long)key->qord >= mp_unsigned_bin_size(key->p) || (mp_unsigned_bin_size(key->p) - key->qord) >= LTC_MDSA_DELTA) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - return CRYPT_OK; - -LBL_ERR: - mp_clear_multi(key->p, key->g, key->q, key->x, key->y, NULL); - return err; -} - -#endif - -/* ref: $Format:%D$ */ -/* git commit: $Format:%H$ */ -/* commit time: $Format:%ai$ */ diff --git a/src/pk/dsa/dsa_make_key.c b/src/pk/dsa/dsa_make_key.c index bec09c9..ff61ca7 100644 --- a/src/pk/dsa/dsa_make_key.c +++ b/src/pk/dsa/dsa_make_key.c @@ -10,265 +10,61 @@ /** @file dsa_make_key.c - DSA implementation, generate a DSA key, Tom St Denis + DSA implementation, generate a DSA key */ #ifdef LTC_MDSA /** - Create DSA parameters (INTERNAL ONLY, not part of public API) + Create a DSA key @param prng An active PRNG state @param wprng The index of the PRNG desired - @param group_size Size of the multiplicative group (octets) - @param modulus_size Size of the modulus (octets) - @param p [out] bignum where generated 'p' is stored (must be initialized by caller) - @param q [out] bignum where generated 'q' is stored (must be initialized by caller) - @param g [out] bignum where generated 'g' is stored (must be initialized by caller) - @return CRYPT_OK if successful, upon error this function will free all allocated memory + @param key [in/out] Where to store the created key + @return CRYPT_OK if successful. */ -static int _dsa_make_params(prng_state *prng, int wprng, int group_size, int modulus_size, void *p, void *q, void *g) -{ - unsigned long L, N, n, outbytes, seedbytes, counter, j, i; - int err, res, mr_tests_q, mr_tests_p, found_p, found_q, hash; - unsigned char *wbuf, *sbuf, digest[MAXBLOCKSIZE]; - void *t2L1, *t2N1, *t2q, *t2seedlen, *U, *W, *X, *c, *h, *e, *seedinc; - - /* check size */ - if (group_size >= LTC_MDSA_MAX_GROUP || group_size < 1 || group_size >= modulus_size) { - return CRYPT_INVALID_ARG; - } - - /* FIPS-186-4 A.1.1.2 Generation of the Probable Primes p and q Using an Approved Hash Function - * - * L = The desired length of the prime p (in bits e.g. L = 1024) - * N = The desired length of the prime q (in bits e.g. N = 160) - * seedlen = The desired bit length of the domain parameter seed; seedlen shallbe equal to or greater than N - * outlen = The bit length of Hash function - * - * 1. Check that the (L, N) - * 2. If (seedlen = 2^(L-1)) { - * Test whether or not p is prime as specified in Appendix C.3. - * If p is determined to be prime, then return VALID and the values of p, qand (optionally) the values of domain_parameter_seed and counter - * } - * offset = offset + n + 1 Comment: Increment offset - * } - */ - - seedbytes = group_size; - L = modulus_size * 8; - N = group_size * 8; - - /* XXX-TODO no Lucas test */ -#ifdef LTC_MPI_HAS_LUCAS_TEST - /* M-R tests (when followed by one Lucas test) according FIPS-186-4 - Appendix C.3 - table C.1 */ - mr_tests_p = (L <= 2048) ? 3 : 2; - if (N <= 160) { mr_tests_q = 19; } - else if (N <= 224) { mr_tests_q = 24; } - else { mr_tests_q = 27; } -#else - /* M-R tests (without Lucas test) according FIPS-186-4 - Appendix C.3 - table C.1 */ - if (L <= 1024) { mr_tests_p = 40; } - else if (L <= 2048) { mr_tests_p = 56; } - else { mr_tests_p = 64; } - - if (N <= 160) { mr_tests_q = 40; } - else if (N <= 224) { mr_tests_q = 56; } - else { mr_tests_q = 64; } -#endif - - if (N <= 256) { - hash = register_hash(&sha256_desc); - } - else if (N <= 384) { - hash = register_hash(&sha384_desc); - } - else if (N <= 512) { - hash = register_hash(&sha512_desc); - } - else { - return CRYPT_INVALID_ARG; /* group_size too big */ - } - - if ((err = hash_is_valid(hash)) != CRYPT_OK) { return err; } - outbytes = hash_descriptor[hash].hashsize; - - n = ((L + outbytes*8 - 1) / (outbytes*8)) - 1; - - if ((wbuf = XMALLOC((n+1)*outbytes)) == NULL) { err = CRYPT_MEM; goto cleanup3; } - if ((sbuf = XMALLOC(seedbytes)) == NULL) { err = CRYPT_MEM; goto cleanup2; } - - err = mp_init_multi(&t2L1, &t2N1, &t2q, &t2seedlen, &U, &W, &X, &c, &h, &e, &seedinc, NULL); - if (err != CRYPT_OK) { goto cleanup1; } - - if ((err = mp_2expt(t2L1, L-1)) != CRYPT_OK) { goto cleanup; } - /* t2L1 = 2^(L-1) */ - if ((err = mp_2expt(t2N1, N-1)) != CRYPT_OK) { goto cleanup; } - /* t2N1 = 2^(N-1) */ - if ((err = mp_2expt(t2seedlen, seedbytes*8)) != CRYPT_OK) { goto cleanup; } - /* t2seedlen = 2^seedlen */ - - for(found_p=0; !found_p;) { - /* q */ - for(found_q=0; !found_q;) { - if (prng_descriptor[wprng].read(sbuf, seedbytes, prng) != seedbytes) { err = CRYPT_ERROR_READPRNG; goto cleanup; } - i = outbytes; - if ((err = hash_memory(hash, sbuf, seedbytes, digest, &i)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_read_unsigned_bin(U, digest, outbytes)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_mod(U, t2N1, U)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_add(t2N1, U, q)) != CRYPT_OK) { goto cleanup; } - if (!mp_isodd(q)) mp_add_d(q, 1, q); - if ((err = mp_prime_is_prime(q, mr_tests_q, &res)) != CRYPT_OK) { goto cleanup; } - if (res == LTC_MP_YES) found_q = 1; - } - - /* p */ - if ((err = mp_read_unsigned_bin(seedinc, sbuf, seedbytes)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_add(q, q, t2q)) != CRYPT_OK) { goto cleanup; } - for(counter=0; counter < 4*L && !found_p; counter++) { - for(j=0; j<=n; j++) { - if ((err = mp_add_d(seedinc, 1, seedinc)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_mod(seedinc, t2seedlen, seedinc)) != CRYPT_OK) { goto cleanup; } - /* seedinc = (seedinc+1) % 2^seed_bitlen */ - if ((i = mp_unsigned_bin_size(seedinc)) > seedbytes) { err = CRYPT_INVALID_ARG; goto cleanup; } - zeromem(sbuf, seedbytes); - if ((err = mp_to_unsigned_bin(seedinc, sbuf + seedbytes-i)) != CRYPT_OK) { goto cleanup; } - i = outbytes; - err = hash_memory(hash, sbuf, seedbytes, wbuf+(n-j)*outbytes, &i); - if (err != CRYPT_OK) { goto cleanup; } - } - if ((err = mp_read_unsigned_bin(W, wbuf, (n+1)*outbytes)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_mod(W, t2L1, W)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_add(W, t2L1, X)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_mod(X, t2q, c)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_sub_d(c, 1, p)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_sub(X, p, p)) != CRYPT_OK) { goto cleanup; } - if (mp_cmp(p, t2L1) != LTC_MP_LT) { - /* p >= 2^(L-1) */ - if ((err = mp_prime_is_prime(p, mr_tests_p, &res)) != CRYPT_OK) { goto cleanup; } - if (res == LTC_MP_YES) { - found_p = 1; - } - } - } - } - - /* FIPS-186-4 A.2.1 Unverifiable Generation of the Generator g - * 1. e = (p - 1)/q - * 2. h = any integer satisfying: 1 < h < (p - 1) - * h could be obtained from a random number generator or from a counter that changes after each use - * 3. g = h^e mod p - * 4. if (g == 1), then go to step 2. - * - */ - - if ((err = mp_sub_d(p, 1, e)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_div(e, q, e, c)) != CRYPT_OK) { goto cleanup; } - /* e = (p - 1)/q */ - i = mp_count_bits(p); - do { - do { - if ((err = rand_bn_bits(h, i, prng, wprng)) != CRYPT_OK) { goto cleanup; } - } while (mp_cmp(h, p) != LTC_MP_LT || mp_cmp_d(h, 2) != LTC_MP_GT); - if ((err = mp_sub_d(h, 1, h)) != CRYPT_OK) { goto cleanup; } - /* h is randon and 1 < h < (p-1) */ - if ((err = mp_exptmod(h, e, p, g)) != CRYPT_OK) { goto cleanup; } - } while (mp_cmp_d(g, 1) == LTC_MP_EQ); - - err = CRYPT_OK; -cleanup: - mp_clear_multi(t2L1, t2N1, t2q, t2seedlen, U, W, X, c, h, e, seedinc, NULL); -cleanup1: - XFREE(sbuf); -cleanup2: - XFREE(wbuf); -cleanup3: - return err; -} - -/** - Create a DSA key (with given params) - @param prng An active PRNG state - @param wprng The index of the PRNG desired - @param group_size Size of the multiplicative group (octets) - @param modulus_size Size of the modulus (octets) - @param key [out] Where to store the created key - @param p_hex Hexadecimal string 'p' - @param q_hex Hexadecimal string 'q' - @param g_hex Hexadecimal string 'g' - @return CRYPT_OK if successful, upon error this function will free all allocated memory -*/ -int dsa_make_key_ex(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key, char* p_hex, char* q_hex, char* g_hex) +int dsa_make_key_ex(prng_state *prng, int wprng, dsa_key *key) { int err, qbits; - LTC_ARGCHK(key != NULL); - - /* init mp_ints */ - if ((err = mp_init_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != CRYPT_OK) { - return err; - } - - if (p_hex == NULL || q_hex == NULL || g_hex == NULL) { - /* generate params */ - err = _dsa_make_params(prng, wprng, group_size, modulus_size, key->p, key->q, key->g); - if (err != CRYPT_OK) { goto cleanup; } - } - else { - /* read params */ - if ((err = mp_read_radix(key->p, p_hex, 16)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_read_radix(key->q, q_hex, 16)) != CRYPT_OK) { goto cleanup; } - if ((err = mp_read_radix(key->g, g_hex, 16)) != CRYPT_OK) { goto cleanup; } - /* XXX-TODO maybe do some validity check for p, q, g */ - } + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(key->x != NULL); + LTC_ARGCHK(key->y != NULL); + LTC_ARGCHK(key->p != NULL); + LTC_ARGCHK(key->g != NULL); + LTC_ARGCHK(key->q != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); /* so now we have our DH structure, generator g, order q, modulus p Now we need a random exponent [mod q] and it's power g^x mod p */ qbits = mp_count_bits(key->q); do { - if ((err = rand_bn_bits(key->x, qbits, prng, wprng)) != CRYPT_OK) { goto cleanup; } + if ((err = rand_bn_bits(key->x, qbits, prng, wprng)) != CRYPT_OK) { return err; } /* private key x should be from range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2) */ } while (mp_cmp_d(key->x, 0) != LTC_MP_GT || mp_cmp(key->x, key->q) != LTC_MP_LT); - if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { goto cleanup; } + if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { return err; } key->type = PK_PRIVATE; - key->qord = group_size; return CRYPT_OK; - -cleanup: - mp_clear_multi(key->g, key->q, key->p, key->x, key->y, NULL); - return err; } /** - Create a DSA key + Old-style creation of a DSA key @param prng An active PRNG state @param wprng The index of the PRNG desired @param group_size Size of the multiplicative group (octets) @param modulus_size Size of the modulus (octets) @param key [out] Where to store the created key - @return CRYPT_OK if successful, upon error this function will free all allocated memory + @return CRYPT_OK if successful. */ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key) { - return dsa_make_key_ex(prng, wprng, group_size, modulus_size, key, NULL, NULL, NULL); + int err; + + if ((err = dsa_generate_pqg(prng, wprng, group_size, modulus_size, key)) != CRYPT_OK) { return err; } + if ((err = dsa_make_key_ex(prng, wprng, key)) != CRYPT_OK) { return err; } + + return CRYPT_OK; } #endif diff --git a/src/pk/dsa/dsa_set.c b/src/pk/dsa/dsa_set.c new file mode 100755 index 0000000..32e5d3b --- /dev/null +++ b/src/pk/dsa/dsa_set.c @@ -0,0 +1,105 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ +#include "tomcrypt.h" + + +#ifdef LTC_MDSA + +/** + Import DSA public or private key from raw numbers + @param p DSA's p in binary representation + @param q DSA's q in binary representation + @param g DSA's g in binary representation + @param key [out] the destination for the imported key + @return CRYPT_OK if successful, upon error allocated memory is freed +*/ +int dsa_set_pqg(const unsigned char *p, unsigned long plen, + const unsigned char *q, unsigned long qlen, + const unsigned char *g, unsigned long glen, + dsa_key *key) +{ + int err; + + LTC_ARGCHK(p != NULL); + LTC_ARGCHK(q != NULL); + LTC_ARGCHK(g != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(key->x == NULL); + LTC_ARGCHK(key->y == NULL); + LTC_ARGCHK(key->p == NULL); + LTC_ARGCHK(key->g == NULL); + LTC_ARGCHK(key->q == NULL); + LTC_ARGCHK(key->qord == 0); + LTC_ARGCHK(ltc_mp.name != NULL); + + /* init key */ + err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); + if (err != CRYPT_OK) return err; + + if ((err = mp_read_unsigned_bin(key->p , (unsigned char *)p , plen)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_unsigned_bin(key->g , (unsigned char *)g , glen)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_unsigned_bin(key->q , (unsigned char *)q , qlen)) != CRYPT_OK) { goto LBL_ERR; } + + key->qord = mp_unsigned_bin_size(key->q); + + if (key->qord >= LTC_MDSA_MAX_GROUP || key->qord <= 15 || + (unsigned long)key->qord >= mp_unsigned_bin_size(key->p) || (mp_unsigned_bin_size(key->p) - key->qord) >= LTC_MDSA_DELTA) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + return CRYPT_OK; + +LBL_ERR: + dsa_free(key); + return err; +} + + +/** + Import DSA public or private key from raw numbers + @param x DSA's x in binary representation (only private key, NULL for public key) + @param y DSA's y in binary representation + @param key [out] the destination for the imported key + @return CRYPT_OK if successful, upon error allocated memory is freed +*/ +int dsa_set_key(const unsigned char *pub, unsigned long publen, + const unsigned char *priv, unsigned long privlen, + dsa_key *key) +{ + int err; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(key->x != NULL); + LTC_ARGCHK(key->y != NULL); + LTC_ARGCHK(key->p != NULL); + LTC_ARGCHK(key->g != NULL); + LTC_ARGCHK(key->q != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + if ((err = mp_read_unsigned_bin(key->y , (unsigned char *)pub , publen)) != CRYPT_OK) { goto LBL_ERR; } + if (priv != NULL) { + key->type = PK_PRIVATE; + if ((err = mp_read_unsigned_bin(key->x , (unsigned char *)priv , privlen)) != CRYPT_OK) { goto LBL_ERR; } + } + else { + key->type = PK_PUBLIC; + } + + return CRYPT_OK; + +LBL_ERR: + dsa_free(key); + return err; +} + +#endif + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/tests/dsa_test.c b/tests/dsa_test.c index c62c380..9cee7af 100644 --- a/tests/dsa_test.c +++ b/tests/dsa_test.c @@ -59,13 +59,6 @@ static char *hex_q = "AA5BD7F4E5062413E58835CA00C7A635716194C5"; static char *hex_x = "9936E5E4E9FB28BE91F5065FE8C935B3F5D81FC5"; static char *hex_y = "5316B0FBBF598A5E5595C14FAC43B80853E6CF0D9223FAB184595239BFCBF22D383ADD935205497E2B12C46173E36F54BD96E5A7AAA95A58A4B767D2C0BDC81EB13A124F98C005EF395D6ABAB70B3BD8B795DD796EA2D28473470388B464D9B9B84FF1C934BBF97366F57C2E11FEC331E60838596781EB6D4127D70D74AFA035"; -/* private key - raw decimal numbers */ -static char *dec_g = "41834149751984197912953436480983170533071735026506895442815002322147255782590882063707309354781506433716654796985480894012184326029507913813728323760888731712844346877576824916725534905000120412305763983626878322597033839508975868744887842375259196379140567488975525420966465471602331600963525846901216912348"; -static char *dec_p = "138366127874251453574215823372867983172559870428080754538874699342292548213873551009389476481395012375639515165022292709776266658812209612126692196557051247870332681145778007636026326219557730049370214260237710845864302921876857532769906463917243319959886290876544710558897185626634470575981605420411381006287"; -static char *dec_q = "972576611327916959546542817054443329226761409733"; -static char *dec_x = "874699854785640347852049895863914110365034094533"; -static char *dec_y = "58346825863862115220306694056113472976936045407556113559931032566376300411053620606958863235131122432665794570437845128216268156672161823000705623178942581094085367656740608001229642983928728905397237964247962716781137229394844332774819193277135681825866994604976120931444766148118918668354923664000689348661"; - /* The public part of test_dsa.key in SubjectPublicKeyInfo format */ static const unsigned char openssl_pub_dsa[] = { 0x30, 0x82, 0x01, 0xb6, 0x30, 0x82, 0x01, 0x2b, 0x06, 0x07, 0x2a, 0x86, @@ -107,11 +100,13 @@ static const unsigned char openssl_pub_dsa[] = { 0xeb, 0x6d, 0x41, 0x27, 0xd7, 0x0d, 0x74, 0xaf, 0xa0, 0x35 }; -static int dsa_compat_test(void) +static int _dsa_compat_test(void) { - dsa_key key; + dsa_key key = LTC_DSA_KEY_INITIALIZER; unsigned char tmp[1024], buf[1024]; unsigned long x, len; + unsigned char key_parts[5][256]; + unsigned long key_lens[5]; DO(dsa_import(openssl_priv_dsa, sizeof(openssl_priv_dsa), &key)); @@ -135,7 +130,22 @@ static int dsa_compat_test(void) dsa_free(&key); /* try import private key from raw hexadecimal numbers */ - DO(dsa_import_radix(16, hex_p, hex_q, hex_g, hex_x, hex_y, &key)); + for (x = 0; x < 5; ++x) { + key_lens[x] = sizeof(key_parts[x]); + } + DO(radix_to_bin(hex_p, 16, key_parts[0], &key_lens[0])); + DO(radix_to_bin(hex_q, 16, key_parts[1], &key_lens[1])); + DO(radix_to_bin(hex_g, 16, key_parts[2], &key_lens[2])); + DO(radix_to_bin(hex_y, 16, key_parts[3], &key_lens[3])); + DO(radix_to_bin(hex_x, 16, key_parts[4], &key_lens[4])); + + DO(dsa_set_pqg(key_parts[0], key_lens[0], + key_parts[1], key_lens[1], + key_parts[2], key_lens[2], + &key)); + DO(dsa_set_key(key_parts[3], key_lens[3], + key_parts[4], key_lens[4], + &key)); len = sizeof(buf); DO(dsa_export(buf, &len, PK_PRIVATE | PK_STD, &key)); if (len != sizeof(openssl_priv_dsa) || memcmp(buf, openssl_priv_dsa, len)) { @@ -144,18 +154,14 @@ static int dsa_compat_test(void) } dsa_free(&key); - /* try import private key from raw decimal numbers */ - DO(dsa_import_radix(10, dec_p, dec_q, dec_g, dec_x, dec_y, &key)); - len = sizeof(buf); - DO(dsa_export(buf, &len, PK_PRIVATE | PK_STD, &key)); - if (len != sizeof(openssl_priv_dsa) || memcmp(buf, openssl_priv_dsa, len)) { - fprintf(stderr, "DSA private export failed to match dsa_import_radix(10, ..)\n"); - return 1; - } - dsa_free(&key); - /* try import public key from raw hexadecimal numbers */ - DO(dsa_import_radix(16, hex_p, hex_q, hex_g, NULL, hex_y, &key)); + DO(dsa_set_pqg(key_parts[0], key_lens[0], + key_parts[1], key_lens[1], + key_parts[2], key_lens[2], + &key)); + DO(dsa_set_key(key_parts[3], key_lens[3], + NULL, 0, + &key)); len = sizeof(buf); DO(dsa_export(buf, &len, PK_PUBLIC | PK_STD, &key)); if (len != sizeof(openssl_pub_dsa) || memcmp(buf, openssl_pub_dsa, len)) { @@ -164,16 +170,6 @@ static int dsa_compat_test(void) } dsa_free(&key); - /* try import public key from raw decimal numbers */ - DO(dsa_import_radix(10, dec_p, dec_q, dec_g, NULL, dec_y, &key)); - len = sizeof(buf); - DO(dsa_export(buf, &len, PK_PUBLIC | PK_STD, &key)); - if (len != sizeof(openssl_pub_dsa) || memcmp(buf, openssl_pub_dsa, len)) { - fprintf(stderr, "DSA public export failed to match dsa_import_radix(10, ..)\n"); - return 1; - } - dsa_free(&key); - return 0; } @@ -182,12 +178,14 @@ int dsa_test(void) unsigned char msg[16], out[1024], out2[1024], ch; unsigned long x, y; int stat1, stat2; - dsa_key key, key2; + dsa_key key = LTC_DSA_KEY_INITIALIZER; + dsa_key key2 = LTC_DSA_KEY_INITIALIZER; - dsa_compat_test(); + _dsa_compat_test(); /* make a random key */ - DO(dsa_make_key(&yarrow_prng, find_prng("yarrow"), 20, 128, &key)); + DO(dsa_generate_pqg(&yarrow_prng, find_prng("yarrow"), 20, 128, &key)); + DO(dsa_make_key_ex(&yarrow_prng, find_prng("yarrow"), &key)); /* verify it */ DO(dsa_verify_key(&key, &stat1)); From 0aad68c20de02adccc004d4db2d8dcb338838968 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 28 Jun 2017 14:39:27 +0200 Subject: [PATCH 22/38] clean-up some PK tests no need to test the same functionality multiple times these tests were multiplied for the XX_import_radix() functions which are gone now. --- tests/dh_test.c | 113 ++++++++++++----------------------------------- tests/rsa_test.c | 37 ---------------- 2 files changed, 29 insertions(+), 121 deletions(-) diff --git a/tests/dh_test.c b/tests/dh_test.c index 1cf6c22..d9ddfee 100644 --- a/tests/dh_test.c +++ b/tests/dh_test.c @@ -10,7 +10,7 @@ #ifdef LTC_MDH -#ifdef DH4096 +#ifdef LTC_DH4096 #define KEYSIZE 4096 #else #define KEYSIZE 2048 @@ -148,58 +148,14 @@ static int _dhparam_test(void) return CRYPT_OK; } -static int _radix_test(void) +static int _set_test(void) { dh_key k1 = LTC_DH_KEY_INITIALIZER; dh_key k2 = LTC_DH_KEY_INITIALIZER; dh_key k3 = LTC_DH_KEY_INITIALIZER; unsigned char buf[4096]; unsigned long len; - int i, j; - /* RADIX 16 */ - char *ghex = "2"; - char *phex = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22" - "514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6" - "F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D" - "C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB" - "9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E8603" - "9B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA0510" - "15728E5A8AACAA68FFFFFFFFFFFFFFFF"; - char *xhex = "A6681ADC386CE944C3DED9A7301DCC9C518250E3EDB62F959198F8DC0057DD6FB57ABAFD788198B1"; - char *yhex = "39046632C834418DFA07B3091538B614D1FB5DBB785C0FBEA3B98B295BC0CD076A88D9452141A269" - "E8BAEB1DD654EBA03A5705318D129754CDF4003A8C399240FBB8F162490F6F0DC70E414B6FEE8808" - "6AFAA48E9F3A248EDC093452663D34E0E809D4F6BADBB36F80B6813EBF7C3281B862209E5604BDEA" - "8B8F5F7BFDC3EEB7ADB73048289BCEA0F5A5CDEE7DF91CD1F0BA632F06DBE9BA7EF014B84B02D497" - "CA7D0C60F734752A649DA496946B4E531B30D9F82EDD855636C0B0F2AE232E4186454E8887BB423E" - "32A5A2495EACBA99620ACD03A38345EBB6735E62330A8EE9AA6C8370410F5CD45AF37EE90A0DA95B" - "E96FC939E88FE0BD2CD09FC8F524208C"; - /* RADIX 47 */ - char *gr47 = "2"; - char *pr47 = "F27Mg1SadOFIRbDOJ5dHgHiVF02Z1LHHQ6G5SLG2U8aTdfH1ETk4GARRE7WW99dBUBLb9e2OHFIaSM1A" - "ag2LNNjgYa9I9CjQGJihL3J7A2SGQe8j5Ch8EHMj5jVbAYDiQKhhPhM6Hc56fKS40GUfJkGO7KJ6EXZQ" - "VgbSa2AkPC65F91g0PaYie8AGNVaFKaV9HOQf3ia1iW4i6eCOB9CcBbH7TbQij8AEgjZ0VRBcLKc6UYO" - "1Zc3I2Jc0h1H2HBEH8ONI3OYBbaPV6XhAd8WCc60D0RDBU3H9U7cWL28a0c90XNO0dh5RXEFBbUCE2ZG" - "gh9XQSVIHkVbFIS5F5IGVOkiWAVc9i8BHB2V0UbGW6UdRTZVV"; - char *xr47 = "6bhO7O9NWFRgEMjdU0Y5POj3c1JP15MYEdIg3FO1PEjUY2aGYNSXcaF01R"; - char *yr47 = "3GNPNWEYfKML1cIbI7Cc1Z0O7aQLJgB734dO2i56LLYDdI4gHYk2GAbQH2WI97hNeC7dj3fPEH8I9gV9" - "U323AXj1AJXbFPFIHGOTdC29QUUeH2SSc6NWhfQDDXd5Q5iXCKEAUGX3SKcNFIfVOYJgZCLjfHYQdgOQ" - "GCjKNgbEV7Hj34MU3b79iANX2DbMYfb9iGi78BWH2HYAd7IAhk7U0OYGHKJX1bIUUj1KBLhAUg46GaER" - "G9W3ARMfBCj6kSdDF9TdkWAjWTDj722IeVJERC4bKU2VDFG20kDhCMF985efD1SS8DfXcdCHF1kDUkSA" - "884FHYiFEPkaagQOBQaN9BNaEHNbbd002DCIIX5eMP4HgPJPF"; - /* RADIX 64 */ - char *gr64 = "2"; - char *pr64 = "3//////////yaFsg8XQC8qnCPYYu3S7D4f0au8YcVCT08BlgOx4viYKKe8UOuq1DtlbHcppJf36p0h2c" - "toNnGtJ+4rRMrHmaNaXRLsObv+nlHCGkccD+rh2/zSjlG6j+tkE6lxMecVfQwV915yIn/cIIXcKUpaMp" - "t207oueME/1PZQI3OSLTEQQHO/gFqapr+3PLqZtAEjbXnYyrOWXLAxdjKf1t2Mbcrd33LEIhoO1F5qR0" - "ZA625yCf1UHYuspZlZddSi60w60vidWwBi1wAFjSLTy6zCKidUAylsbLWN63cLINpgbMhb5T8c69Zw1H" - "0LSevQYgogQF//////////"; - char *xr64 = "2cQ1hSE6pfHCFUsQSm7SoSKO9Gu+ssBvMHcFZS05VTRxLwklruWPYn"; - char *yr64 = "v16Ooo3H1ZVe7imaLEBOKqVjTktXS3xwZkOifMy3D1sg8sKKXGQ9fwBhh7TPKww0wLmKnZHANLCtq03g" - "CEP90+xZnOaaFRmt73a5BR+w826hwf8wVEYIEt0aqKcOzDE3e2TJskjkpRu2sWJw/V3A1k68WdbO4lUg" - "BZrzx/SFkjwstC4WecywWzQNDxdtv7D7mkcCl1jlfkdxm5BXB0jINodqCOFSqTIfadQIMb6jEKnimsVW" - "ktOLMDi2myguZBa66HKw8Xxj2FZAbeabUhBgPOWhD0wE3HUksSrvYCmgEwQfiWt113rpKMlD+wGeDgLl" - "fRyavw8/WlIpGdyZr922C"; - /* RADIX 256 */ + int i; unsigned char gbin[] = { 0x02 }; unsigned char pbin[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, @@ -249,10 +205,7 @@ static int _radix_test(void) void* p; int plen; void* x; int xlen; void* y; int ylen; - } test[4] = { - { 16, ghex, strlen(ghex)+1, phex, strlen(phex)+1, xhex, strlen(xhex)+1, yhex, strlen(yhex)+1 }, - { 47, gr47, strlen(gr47)+1, pr47, strlen(pr47)+1, xr47, strlen(xr47)+1, yr47, strlen(yr47)+1 }, - { 64, gr64, strlen(gr64)+1, pr64, strlen(pr64)+1, xr64, strlen(xr64)+1, yr64, strlen(yr64)+1 }, + } test[1] = { { 256, gbin, sizeof(gbin), pbin, sizeof(pbin), xbin, sizeof(xbin), ybin, sizeof(ybin) } }; @@ -314,26 +267,10 @@ static int _radix_test(void) 0xF3, 0x7E, 0xE9, 0x0A, 0x0D, 0xA9, 0x5B, 0xE9, 0x6F, 0xC9, 0x39, 0xE8, 0x8F, 0xE0, 0xBD, 0x2C, 0xD0, 0x9F, 0xC8, 0xF5, 0x24, 0x20, 0x8C }; - unsigned char key_parts[4][512]; - unsigned long key_lens[4]; - for (i = 0; i < 4; i++) { - for (j = 0; j < 4; ++j) { - key_lens[j] = sizeof(key_parts[j]); - } - if(test[i].radix != 256) { - DO(radix_to_bin(test[i].x, test[i].radix, key_parts[0], &key_lens[0])); - DO(radix_to_bin(test[i].y, test[i].radix, key_parts[1], &key_lens[1])); - DO(radix_to_bin(test[i].p, test[i].radix, key_parts[2], &key_lens[2])); - DO(radix_to_bin(test[i].g, test[i].radix, key_parts[3], &key_lens[3])); - - DO(dh_set_pg(key_parts[2], key_lens[2], key_parts[3], key_lens[3], &k1)); - DO(dh_set_key(NULL, 0, key_parts[0], key_lens[0], &k1)); - } - else { - DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k1)); - DO(dh_set_key(NULL, 0, test[i].x, test[i].xlen, &k1)); - } + for (i = 0; i < 1; i++) { + DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k1)); + DO(dh_set_key(NULL, 0, test[i].x, test[i].xlen, &k1)); len = sizeof(buf); DO(dh_export(buf, &len, PK_PRIVATE, &k1)); @@ -365,14 +302,27 @@ static int _radix_test(void) } dh_free(&k1); - if(test[i].radix != 256) { - DO(dh_set_pg(key_parts[2], key_lens[2], key_parts[3], key_lens[3], &k2)); - DO(dh_set_key(key_parts[1], key_lens[1], NULL, 0, &k2)); + DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k1)); + DO(dh_set_key(test[i].y, test[i].ylen, test[i].x, test[i].xlen, &k1)); + + len = sizeof(buf); + DO(dh_export(buf, &len, PK_PRIVATE, &k1)); + if (compare_testvector(buf, len, export_private, sizeof(export_private), "radix_test", i*10 + 4)) { + printf("radix_test: dh_export+PK_PRIVATE mismatch\n"); + dh_free(&k1); + return CRYPT_ERROR; } - else { - DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k2)); - DO(dh_set_key(test[i].y, test[i].ylen, NULL, 0, &k2)); + len = sizeof(buf); + DO(dh_export(buf, &len, PK_PUBLIC, &k1)); + if (compare_testvector(buf, len, export_public, sizeof(export_public), "radix_test", i*10 + 5)) { + printf("radix_test: dh_export+PK_PUBLIC mismatch\n"); + dh_free(&k1); + return CRYPT_ERROR; } + dh_free(&k1); + + DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k2)); + DO(dh_set_key(test[i].y, test[i].ylen, NULL, 0, &k2)); len = sizeof(buf); DO(dh_export(buf, &len, PK_PUBLIC, &k2)); @@ -390,14 +340,9 @@ static int _radix_test(void) } dh_free(&k2); - if(test[i].radix != 256) { - DO(dh_set_pg(key_parts[2], key_lens[2], key_parts[3], key_lens[3], &k3)); - } - else { - DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k3)); - } - + DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k3)); DO(dh_make_key(&yarrow_prng, find_prng("yarrow"), &k3)); + len = mp_unsigned_bin_size(k3.prime); DO(mp_to_unsigned_bin(k3.prime, buf)); if (compare_testvector(buf, len, pbin, sizeof(pbin), "radix_test", i*10 + 8)) { @@ -494,7 +439,7 @@ int dh_test(void) if (_prime_test() != CRYPT_OK) fails++; if (_basic_test() != CRYPT_OK) fails++; if (_dhparam_test() != CRYPT_OK) fails++; - if (_radix_test() != CRYPT_OK) fails++; + if (_set_test() != CRYPT_OK) fails++; return fails > 0 ? CRYPT_FAIL_TESTVECTOR : CRYPT_OK; } diff --git a/tests/rsa_test.c b/tests/rsa_test.c index 57d9457..998ec84 100644 --- a/tests/rsa_test.c +++ b/tests/rsa_test.c @@ -133,17 +133,6 @@ static const char *hex_key[] = { "D6860E85420B0408842160F00E0D88FD1E3610654F1E53B40872805C3F596617E698F2E96C7A064CAC763DED8CA1CEAD1BBDB47D28BCE30E388D99D805B5A371", "DCCC27C8E4DC6248D59BAFF5AB60F621FD53E2B75D09C91AA104A9FC612C5D04583A5A39F14A215667FDCC20A38F78185A793D2E8E7E860AE6A833C104174A9F" }; -/* private key - decimal */ -static const char *dec_key[] = { - "140715588362011445903700789698620706303856890313846506579552319155852306603445626455616876267358538338151320072087950597426668358843246116141391746806252390039505422193715556188330352166601762210959618868365359433828069868584168017348772565936127608284367789455480066115411950431014508224203325089671253575809", - "5757027123463051531073361217943880203685183318942602176865989327630429772398553254013771630974725523559703665512845231173916766336576994271809362147385481", - "8985566687080619280443708121716583572314829758991088624433980393739288226842152842353421251125477168722728289150354056572727675764519591179919295246625201", - "65537", - "145785157837445763858971808379627955816432214431353481009581718367907499729204464589803079767521523397316119124291441688063985017444589154155338311524887989148444674974298105211582428885045820631376256167593861203305479546421254276833052913791538765775697977909548553897629170045372476652935456198173974086909", - "12975386429272921390465467849934248466500992474501042673679976015025637113752114471707151502138750486193421113099777767227628554763059580218432153760685133", - "11235515692122231999359687466333538198133993435121038200055897831921312127192760781281669977582095991578071163376390471936482431583372835883432943212143473", - "11564102464723136702427739477324729528451027211272900753079601723449664482225846595388433622640284454614991112736446376964904474099700895632145077333609119" }; - /*** openssl public RSA key in DER format */ static const unsigned char openssl_public_rsa[] = { 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, @@ -281,32 +270,6 @@ static int rsa_compat_test(void) } rsa_free(&key); - - /* convert raw decimal numbers to binary */ - for (i = 0; i < 8; ++i) { - key_lens[i] = sizeof(key_parts[i]); - DO(radix_to_bin(dec_key[i], 10, key_parts[i], &key_lens[i])); - } - /* try import private key from converted raw decimal numbers */ - DO(rsa_set_key(key_parts[pk_N], key_lens[pk_N], key_parts[pk_e], key_lens[pk_e], key_parts[pk_d], key_lens[pk_d], &key)); - DO(rsa_set_factors(key_parts[pk_p], key_lens[pk_p], key_parts[pk_q], key_lens[pk_q], &key)); - DO(rsa_set_crt_params(key_parts[pk_dP], key_lens[pk_dP], key_parts[pk_dQ], key_lens[pk_dQ], key_parts[pk_qP], key_lens[pk_qP], &key)); - len = sizeof(buf); - DO(rsa_export(buf, &len, PK_PRIVATE, &key)); - if (compare_testvector(buf, len, openssl_private_rsa, sizeof(openssl_private_rsa), "RSA private export (from dec)", 0)) { - return 1; - } - rsa_free(&key); - - /* try import public key from raw converted decimal numbers */ - DO(rsa_set_key(key_parts[pk_N], key_lens[pk_N], key_parts[pk_e], key_lens[pk_e], NULL, 0, &key)); - len = sizeof(buf); - DO(rsa_export(buf, &len, PK_PUBLIC, &key)); - if (compare_testvector(buf, len, openssl_public_rsa_stripped, sizeof(openssl_public_rsa_stripped), "RSA public export (from dec)", 0)) { - return 1; - } - rsa_free(&key); - /* try export in SubjectPublicKeyInfo format of the public key */ DO(rsa_import(openssl_public_rsa, sizeof(openssl_public_rsa), &key)); len = sizeof(buf); From 1cce065676c476a291ef3aa50bd8d9c277cf984c Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 28 Jun 2017 14:40:45 +0200 Subject: [PATCH 23/38] Update makefiles --- libtomcrypt_VS2008.vcproj | 8 ++++++-- makefile.mingw | 12 ++++++------ makefile.msvc | 12 ++++++------ makefile.unix | 12 ++++++------ makefile_include.mk | 12 ++++++------ 5 files changed, 30 insertions(+), 26 deletions(-) diff --git a/libtomcrypt_VS2008.vcproj b/libtomcrypt_VS2008.vcproj index 2efe0f5..d7e4341 100644 --- a/libtomcrypt_VS2008.vcproj +++ b/libtomcrypt_VS2008.vcproj @@ -2106,16 +2106,20 @@ RelativePath="src\pk\dsa\dsa_free.c" > + + Date: Wed, 28 Jun 2017 16:07:32 +0200 Subject: [PATCH 24/38] clean-up a bit around DSA * comments * dsa_test() * order of alloc/free of key parts --- src/headers/tomcrypt_pk.h | 2 +- src/math/radix_to_bin.c | 6 +++--- src/pk/dsa/dsa_free.c | 2 +- src/pk/dsa/dsa_generate_pqg.c | 2 +- src/pk/dsa/dsa_import.c | 2 +- src/pk/dsa/dsa_set.c | 12 ++++++------ src/pk/rsa/rsa_set.c | 2 +- tests/dsa_test.c | 34 ++++++++++++++++++++-------------- 8 files changed, 34 insertions(+), 28 deletions(-) diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 963d0d1..6e263a0 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -129,7 +129,7 @@ int rsa_import_pkcs8(const unsigned char *in, unsigned long inlen, int rsa_set_key(const unsigned char *N, unsigned long Nlen, const unsigned char *e, unsigned long elen, - const unsigned char *d, unsigned long dlen, /* is NULL for public keys */ + const unsigned char *d, unsigned long dlen, rsa_key *key); int rsa_set_factors(const unsigned char *p, unsigned long plen, const unsigned char *q, unsigned long qlen, diff --git a/src/math/radix_to_bin.c b/src/math/radix_to_bin.c index 7486919..72742b5 100644 --- a/src/math/radix_to_bin.c +++ b/src/math/radix_to_bin.c @@ -10,15 +10,15 @@ /** @file radix_to_bin.c - Convert an MPI from a specific radix to binary data. + Convert data from a specific radix to binary. Steffen Jaeckel */ /** - Convert an MPI from a specific radix to binary data + Convert data from a specific radix to binary @param in The input - @param radix The radix of the input + @param radix The radix of the input 2..64 @param out The output buffer @param len [in/out] The length of the output buffer diff --git a/src/pk/dsa/dsa_free.c b/src/pk/dsa/dsa_free.c index 812464e..5cac656 100644 --- a/src/pk/dsa/dsa_free.c +++ b/src/pk/dsa/dsa_free.c @@ -22,7 +22,7 @@ void dsa_free(dsa_key *key) { LTC_ARGCHKVD(key != NULL); - mp_cleanup_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL); + mp_cleanup_multi(&key->y, &key->x, &key->q, &key->g, &key->p, NULL); key->type = key->qord = 0; } diff --git a/src/pk/dsa/dsa_generate_pqg.c b/src/pk/dsa/dsa_generate_pqg.c index 5d8c691..d6e3ac7 100644 --- a/src/pk/dsa/dsa_generate_pqg.c +++ b/src/pk/dsa/dsa_generate_pqg.c @@ -225,7 +225,7 @@ int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_si LTC_ARGCHK(ltc_mp.name != NULL); /* init mp_ints */ - if ((err = mp_init_multi(&key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != CRYPT_OK) { + if ((err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL)) != CRYPT_OK) { return err; } /* generate params */ diff --git a/src/pk/dsa/dsa_import.c b/src/pk/dsa/dsa_import.c index e1edaab..d71cdd5 100644 --- a/src/pk/dsa/dsa_import.c +++ b/src/pk/dsa/dsa_import.c @@ -125,7 +125,7 @@ LBL_OK: return CRYPT_OK; LBL_ERR: - mp_clear_multi(key->p, key->g, key->q, key->x, key->y, NULL); + dsa_free(key); return err; } diff --git a/src/pk/dsa/dsa_set.c b/src/pk/dsa/dsa_set.c index 32e5d3b..f7c6b5c 100755 --- a/src/pk/dsa/dsa_set.c +++ b/src/pk/dsa/dsa_set.c @@ -12,7 +12,7 @@ #ifdef LTC_MDSA /** - Import DSA public or private key from raw numbers + Import DSA's p, q & g from raw numbers @param p DSA's p in binary representation @param q DSA's q in binary representation @param g DSA's g in binary representation @@ -42,9 +42,9 @@ int dsa_set_pqg(const unsigned char *p, unsigned long plen, err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); if (err != CRYPT_OK) return err; - if ((err = mp_read_unsigned_bin(key->p , (unsigned char *)p , plen)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_unsigned_bin(key->g , (unsigned char *)g , glen)) != CRYPT_OK) { goto LBL_ERR; } - if ((err = mp_read_unsigned_bin(key->q , (unsigned char *)q , qlen)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_unsigned_bin(key->p, (unsigned char *)p , plen)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_unsigned_bin(key->g, (unsigned char *)g , glen)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_unsigned_bin(key->q, (unsigned char *)q , qlen)) != CRYPT_OK) { goto LBL_ERR; } key->qord = mp_unsigned_bin_size(key->q); @@ -82,10 +82,10 @@ int dsa_set_key(const unsigned char *pub, unsigned long publen, LTC_ARGCHK(key->q != NULL); LTC_ARGCHK(ltc_mp.name != NULL); - if ((err = mp_read_unsigned_bin(key->y , (unsigned char *)pub , publen)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_unsigned_bin(key->y, (unsigned char *)pub , publen)) != CRYPT_OK) { goto LBL_ERR; } if (priv != NULL) { key->type = PK_PRIVATE; - if ((err = mp_read_unsigned_bin(key->x , (unsigned char *)priv , privlen)) != CRYPT_OK) { goto LBL_ERR; } + if ((err = mp_read_unsigned_bin(key->x, (unsigned char *)priv , privlen)) != CRYPT_OK) { goto LBL_ERR; } } else { key->type = PK_PUBLIC; diff --git a/src/pk/rsa/rsa_set.c b/src/pk/rsa/rsa_set.c index c454320..0d540c4 100755 --- a/src/pk/rsa/rsa_set.c +++ b/src/pk/rsa/rsa_set.c @@ -25,7 +25,7 @@ */ int rsa_set_key(const unsigned char *N, unsigned long Nlen, const unsigned char *e, unsigned long elen, - const unsigned char *d, unsigned long dlen, /* is NULL for public keys */ + const unsigned char *d, unsigned long dlen, rsa_key *key) { int err; diff --git a/tests/dsa_test.c b/tests/dsa_test.c index 9cee7af..9dd14d7 100644 --- a/tests/dsa_test.c +++ b/tests/dsa_test.c @@ -112,21 +112,27 @@ static int _dsa_compat_test(void) x = sizeof(tmp); DO(dsa_export(tmp, &x, PK_PRIVATE | PK_STD, &key)); - DO((x == sizeof(openssl_priv_dsa))?CRYPT_OK:CRYPT_ERROR); - DO((memcmp(tmp, openssl_priv_dsa, sizeof(openssl_priv_dsa)) == 0)?CRYPT_OK:CRYPT_ERROR); + if (compare_testvector(tmp, x, openssl_priv_dsa, sizeof(openssl_priv_dsa), + "DSA private export failed from dsa_import(priv_key)\n", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } x = sizeof(tmp); DO(dsa_export(tmp, &x, PK_PUBLIC | PK_STD, &key)); - DO((x == sizeof(openssl_pub_dsa))?CRYPT_OK:CRYPT_ERROR); - DO((memcmp(tmp, openssl_pub_dsa, sizeof(openssl_pub_dsa)) == 0)?CRYPT_OK:CRYPT_ERROR); + if (compare_testvector(tmp, x, openssl_pub_dsa, sizeof(openssl_pub_dsa), + "DSA public export failed from dsa_import(priv_key)\n", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } dsa_free(&key); DO(dsa_import(openssl_pub_dsa, sizeof(openssl_pub_dsa), &key)); x = sizeof(tmp); DO(dsa_export(tmp, &x, PK_PUBLIC | PK_STD, &key)); - DO((x == sizeof(openssl_pub_dsa))?CRYPT_OK:CRYPT_ERROR); - DO((memcmp(tmp, openssl_pub_dsa, sizeof(openssl_pub_dsa)) == 0)?CRYPT_OK:CRYPT_ERROR); + if (compare_testvector(tmp, x, openssl_pub_dsa, sizeof(openssl_pub_dsa), + "DSA public export failed from dsa_import(pub_key)\n", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } dsa_free(&key); /* try import private key from raw hexadecimal numbers */ @@ -148,9 +154,9 @@ static int _dsa_compat_test(void) &key)); len = sizeof(buf); DO(dsa_export(buf, &len, PK_PRIVATE | PK_STD, &key)); - if (len != sizeof(openssl_priv_dsa) || memcmp(buf, openssl_priv_dsa, len)) { - fprintf(stderr, "DSA private export failed to match dsa_import_radix(16, ..)\n"); - return 1; + if (compare_testvector(buf, len, openssl_priv_dsa, sizeof(openssl_priv_dsa), + "DSA private export failed from dsa_set_pqg() & dsa_set_key()\n", 0)) { + return CRYPT_FAIL_TESTVECTOR; } dsa_free(&key); @@ -164,13 +170,13 @@ static int _dsa_compat_test(void) &key)); len = sizeof(buf); DO(dsa_export(buf, &len, PK_PUBLIC | PK_STD, &key)); - if (len != sizeof(openssl_pub_dsa) || memcmp(buf, openssl_pub_dsa, len)) { - fprintf(stderr, "DSA public export failed to match dsa_import_radix(16, ..)\n"); - return 1; + if (compare_testvector(buf, len, openssl_pub_dsa, sizeof(openssl_pub_dsa), + "DSA public export failed from dsa_set_pqg() & dsa_set_key()\n", 0)) { + return CRYPT_FAIL_TESTVECTOR; } dsa_free(&key); - return 0; + return CRYPT_OK; } int dsa_test(void) @@ -181,7 +187,7 @@ int dsa_test(void) dsa_key key = LTC_DSA_KEY_INITIALIZER; dsa_key key2 = LTC_DSA_KEY_INITIALIZER; - _dsa_compat_test(); + DO(_dsa_compat_test()); /* make a random key */ DO(dsa_generate_pqg(&yarrow_prng, find_prng("yarrow"), 20, 128, &key)); From d64880eeb1b2795e701161632cdfb605dee37c82 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 28 Jun 2017 16:07:54 +0200 Subject: [PATCH 25/38] add dsa_set_pqg_dsaparam() --- src/headers/tomcrypt_pk.h | 1 + src/pk/dsa/dsa_set.c | 50 +++++++++++++++++++++++++++++ tests/dsa_test.c | 67 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 118 insertions(+) diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 6e263a0..49a5c6b3 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -450,6 +450,7 @@ int dsa_set_pqg(const unsigned char *p, unsigned long plen, const unsigned char *q, unsigned long qlen, const unsigned char *g, unsigned long glen, dsa_key *key); +int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamlen, dsa_key *key); int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key); int dsa_set_key(const unsigned char *pub, unsigned long publen, diff --git a/src/pk/dsa/dsa_set.c b/src/pk/dsa/dsa_set.c index f7c6b5c..a1ca64f 100755 --- a/src/pk/dsa/dsa_set.c +++ b/src/pk/dsa/dsa_set.c @@ -60,6 +60,56 @@ LBL_ERR: return err; } +/** + Import DSA's p, q & g from dsaparam + + dsaparam data: openssl dsaparam -outform DER -out dsaparam.der 2048 + + @param dsaparam The DSA param DER encoded data + @param dsaparamlen The length of dhparam data + @param key [out] the destination for the imported key + @return CRYPT_OK if successful, upon error allocated memory is freed +*/ +int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamlen, + dsa_key *key) +{ + int err; + + LTC_ARGCHK(dsaparam != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(key->x == NULL); + LTC_ARGCHK(key->y == NULL); + LTC_ARGCHK(key->p == NULL); + LTC_ARGCHK(key->g == NULL); + LTC_ARGCHK(key->q == NULL); + LTC_ARGCHK(key->qord == 0); + LTC_ARGCHK(ltc_mp.name != NULL); + + /* init key */ + err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); + if (err != CRYPT_OK) return err; + + if ((err = der_decode_sequence_multi(dsaparam, dsaparamlen, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->g, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + goto LBL_ERR; + } + + key->qord = mp_unsigned_bin_size(key->q); + + if (key->qord >= LTC_MDSA_MAX_GROUP || key->qord <= 15 || + (unsigned long)key->qord >= mp_unsigned_bin_size(key->p) || (mp_unsigned_bin_size(key->p) - key->qord) >= LTC_MDSA_DELTA) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + return CRYPT_OK; + +LBL_ERR: + dsa_free(key); + return err; +} /** Import DSA public or private key from raw numbers diff --git a/tests/dsa_test.c b/tests/dsa_test.c index 9dd14d7..ef5f4ab 100644 --- a/tests/dsa_test.c +++ b/tests/dsa_test.c @@ -100,6 +100,35 @@ static const unsigned char openssl_pub_dsa[] = { 0xeb, 0x6d, 0x41, 0x27, 0xd7, 0x0d, 0x74, 0xaf, 0xa0, 0x35 }; +static unsigned char dsaparam_der[] = { + 0x30, 0x82, 0x01, 0x1e, 0x02, 0x81, 0x81, 0x00, 0xc5, 0x0a, 0x37, 0x51, + 0x5c, 0xab, 0xd6, 0x18, 0xd5, 0xa2, 0x70, 0xbd, 0x4a, 0x6f, 0x6b, 0x4a, + 0xf9, 0xe1, 0x39, 0x95, 0x0f, 0x2b, 0x99, 0x38, 0x7d, 0x9a, 0x64, 0xd6, + 0x4c, 0xb5, 0x96, 0x7a, 0xdc, 0xed, 0xac, 0xa8, 0xac, 0xc6, 0x1b, 0x65, + 0x5a, 0xde, 0xdb, 0x00, 0x61, 0x25, 0x1a, 0x18, 0x2c, 0xee, 0xa1, 0x07, + 0x90, 0x62, 0x5e, 0x4d, 0x12, 0x31, 0x90, 0xc7, 0x03, 0x21, 0xfa, 0x09, + 0xe7, 0xb1, 0x73, 0xd7, 0x8e, 0xaf, 0xdb, 0xfd, 0xbf, 0xb3, 0xef, 0xad, + 0xd1, 0xa1, 0x2a, 0x03, 0x6d, 0xe7, 0x06, 0x92, 0x4a, 0x85, 0x2a, 0xff, + 0x7a, 0x01, 0x66, 0x53, 0x1f, 0xea, 0xc6, 0x67, 0x41, 0x84, 0x5a, 0xc0, + 0x6c, 0xed, 0x62, 0xf9, 0xc2, 0x62, 0x62, 0x05, 0xa4, 0xfa, 0x48, 0xa0, + 0x66, 0xec, 0x35, 0xc9, 0xa8, 0x11, 0xfe, 0xb9, 0x81, 0xab, 0xee, 0xbe, + 0x31, 0xb6, 0xbf, 0xcf, 0x02, 0x15, 0x00, 0xaa, 0x5b, 0xd7, 0xf4, 0xe5, + 0x06, 0x24, 0x13, 0xe5, 0x88, 0x35, 0xca, 0x00, 0xc7, 0xa6, 0x35, 0x71, + 0x61, 0x94, 0xc5, 0x02, 0x81, 0x80, 0x3b, 0x92, 0xe4, 0xff, 0x59, 0x29, + 0x15, 0x0b, 0x08, 0x99, 0x5a, 0x7b, 0xf2, 0xad, 0x14, 0x40, 0x55, 0x6f, + 0xa0, 0x47, 0xff, 0x90, 0x99, 0xb3, 0x44, 0xb3, 0xd4, 0xfc, 0x45, 0x15, + 0x05, 0xae, 0x67, 0x22, 0x43, 0x9c, 0xba, 0x37, 0x10, 0xa5, 0x89, 0x47, + 0x37, 0xec, 0xcc, 0xf5, 0xae, 0xad, 0xa8, 0xb4, 0x7a, 0x35, 0xcb, 0x9d, + 0x93, 0x5c, 0xed, 0xe6, 0xb0, 0x7e, 0x96, 0x94, 0xc4, 0xa6, 0x0c, 0x7d, + 0xd6, 0x70, 0x8a, 0x09, 0x4f, 0x81, 0x4a, 0x0e, 0xc2, 0x13, 0xfb, 0xeb, + 0x16, 0xbf, 0xea, 0xa4, 0xf4, 0x56, 0xff, 0x72, 0x30, 0x05, 0xde, 0x8a, + 0x44, 0x3f, 0xbe, 0xc6, 0x85, 0x26, 0x55, 0xd6, 0x2d, 0x1d, 0x1e, 0xdb, + 0x15, 0xda, 0xa4, 0x45, 0x83, 0x3c, 0x17, 0x97, 0x98, 0x0b, 0x8d, 0x87, + 0xf3, 0x49, 0x0d, 0x90, 0xbd, 0xa9, 0xab, 0x67, 0x6e, 0x87, 0x68, 0x72, + 0x23, 0xdc + }; + + static int _dsa_compat_test(void) { dsa_key key = LTC_DSA_KEY_INITIALIZER; @@ -107,6 +136,7 @@ static int _dsa_compat_test(void) unsigned long x, len; unsigned char key_parts[5][256]; unsigned long key_lens[5]; + int stat; DO(dsa_import(openssl_priv_dsa, sizeof(openssl_priv_dsa), &key)); @@ -176,6 +206,43 @@ static int _dsa_compat_test(void) } dsa_free(&key); + /* try import dsaparam */ + DO(dsa_set_pqg_dsaparam(dsaparam_der, sizeof(dsaparam_der), &key)); + DO(dsa_make_key_ex(&yarrow_prng, find_prng("yarrow"), &key)); + /* verify it */ + DO(dsa_verify_key(&key, &stat)); + if (stat == 0) { + fprintf(stderr, "dsa_verify_key after dsa_set_pqg_dsaparam()"); + return CRYPT_FAIL_TESTVECTOR; + } + dsa_free(&key); + + /* try import dsaparam - our public key */ + DO(dsa_set_pqg_dsaparam(dsaparam_der, sizeof(dsaparam_der), &key)); + DO(dsa_set_key(key_parts[3], key_lens[3], + NULL, 0, + &key)); + len = sizeof(buf); + DO(dsa_export(buf, &len, PK_PUBLIC | PK_STD, &key)); + if (compare_testvector(buf, len, openssl_pub_dsa, sizeof(openssl_pub_dsa), + "DSA public export failed from dsa_set_pqg_dsaparam()\n", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } + dsa_free(&key); + + /* try import dsaparam - our private key */ + DO(dsa_set_pqg_dsaparam(dsaparam_der, sizeof(dsaparam_der), &key)); + DO(dsa_set_key(key_parts[3], key_lens[3], + key_parts[4], key_lens[4], + &key)); + len = sizeof(buf); + DO(dsa_export(buf, &len, PK_PRIVATE | PK_STD, &key)); + if (compare_testvector(buf, len, openssl_priv_dsa, sizeof(openssl_priv_dsa), + "DSA private export failed from dsa_set_pqg_dsaparam()\n", 0)) { + return CRYPT_FAIL_TESTVECTOR; + } + dsa_free(&key); + return CRYPT_OK; } From bdfecc5f3c20df325c5dcfc6d781bde0597838aa Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 28 Jun 2017 16:45:29 +0200 Subject: [PATCH 26/38] more doc updates --- src/pk/dh/dh_set.c | 3 +-- src/pk/dsa/dsa_set.c | 15 ++++++++++----- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/src/pk/dh/dh_set.c b/src/pk/dh/dh_set.c index 820ca22..aeac01e 100644 --- a/src/pk/dh/dh_set.c +++ b/src/pk/dh/dh_set.c @@ -93,8 +93,7 @@ LBL_ERR: /** Import DH key parts p and g from built-in DH groups - @param dhparam The DH param DER encoded data - @param dhparamlen The length of dhparam data + @param groupsize The size of the DH group to use @param key [out] Where the newly created DH key will be stored @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically. */ diff --git a/src/pk/dsa/dsa_set.c b/src/pk/dsa/dsa_set.c index a1ca64f..5203ed7 100755 --- a/src/pk/dsa/dsa_set.c +++ b/src/pk/dsa/dsa_set.c @@ -14,10 +14,13 @@ /** Import DSA's p, q & g from raw numbers @param p DSA's p in binary representation + @param plen The length of p @param q DSA's q in binary representation + @param qlen The length of q @param g DSA's g in binary representation + @param glen The length of g @param key [out] the destination for the imported key - @return CRYPT_OK if successful, upon error allocated memory is freed + @return CRYPT_OK if successful. */ int dsa_set_pqg(const unsigned char *p, unsigned long plen, const unsigned char *q, unsigned long qlen, @@ -68,7 +71,7 @@ LBL_ERR: @param dsaparam The DSA param DER encoded data @param dsaparamlen The length of dhparam data @param key [out] the destination for the imported key - @return CRYPT_OK if successful, upon error allocated memory is freed + @return CRYPT_OK if successful. */ int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamlen, dsa_key *key) @@ -113,10 +116,12 @@ LBL_ERR: /** Import DSA public or private key from raw numbers - @param x DSA's x in binary representation (only private key, NULL for public key) - @param y DSA's y in binary representation + @param pub DSA's y (public key) in binary representation + @param publen The length of pub + @param priv DSA's x (private key) in binary representation (can be NULL when importing public key) + @param privlen The length of priv @param key [out] the destination for the imported key - @return CRYPT_OK if successful, upon error allocated memory is freed + @return CRYPT_OK if successful. */ int dsa_set_key(const unsigned char *pub, unsigned long publen, const unsigned char *priv, unsigned long privlen, From d1ecd82a42f706a1e00501d4b3d0f31a8155a6c4 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 28 Jun 2017 20:50:21 +0200 Subject: [PATCH 27/38] use rand_bn_range() where possible --- src/math/rand_bn.c | 4 ++-- src/pk/dsa/dsa_encrypt_key.c | 16 +++++++--------- src/pk/dsa/dsa_make_key.c | 11 ++++------- 3 files changed, 13 insertions(+), 18 deletions(-) diff --git a/src/math/rand_bn.c b/src/math/rand_bn.c index 5cdd1d9..a85a965 100755 --- a/src/math/rand_bn.c +++ b/src/math/rand_bn.c @@ -51,7 +51,7 @@ cleanup: } /** - Generate a random number N in a range: 0 <= N < limit + Generate a random number N in a range: 1 <= N < limit */ int rand_bn_range(void *N, void *limit, prng_state *prng, int wprng) { @@ -63,7 +63,7 @@ int rand_bn_range(void *N, void *limit, prng_state *prng, int wprng) do { res = rand_bn_bits(N, mp_count_bits(limit), prng, wprng); if (res != CRYPT_OK) return res; - } while (mp_cmp(N, limit) != LTC_MP_LT); + } while (mp_cmp_d(N, 0) != LTC_MP_GT || mp_cmp(N, limit) != LTC_MP_LT); return CRYPT_OK; } diff --git a/src/pk/dsa/dsa_encrypt_key.c b/src/pk/dsa/dsa_encrypt_key.c index 896baa3..fcfbf89 100644 --- a/src/pk/dsa/dsa_encrypt_key.c +++ b/src/pk/dsa/dsa_encrypt_key.c @@ -35,7 +35,7 @@ int dsa_encrypt_key(const unsigned char *in, unsigned long inlen, unsigned char *expt, *skey; void *g_pub, *g_priv; unsigned long x, y; - int err, qbits; + int err; LTC_ARGCHK(in != NULL); LTC_ARGCHK(out != NULL); @@ -73,14 +73,12 @@ int dsa_encrypt_key(const unsigned char *in, unsigned long inlen, return CRYPT_MEM; } - /* make a random g_priv, g_pub = g^x pair */ - qbits = mp_count_bits(key->q); - do { - if ((err = rand_bn_bits(g_priv, qbits, prng, wprng)) != CRYPT_OK) { - goto LBL_ERR; - } - /* private key x should be from range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2) */ - } while (mp_cmp_d(g_priv, 0) != LTC_MP_GT || mp_cmp(g_priv, key->q) != LTC_MP_LT); + /* make a random g_priv, g_pub = g^x pair + private key x should be in range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2) + */ + if ((err = rand_bn_range(g_priv, key->q, prng, wprng)) != CRYPT_OK) { + goto LBL_ERR; + } /* compute y */ if ((err = mp_exptmod(key->g, g_priv, key->p, g_pub)) != CRYPT_OK) { diff --git a/src/pk/dsa/dsa_make_key.c b/src/pk/dsa/dsa_make_key.c index ff61ca7..b7ccdd5 100644 --- a/src/pk/dsa/dsa_make_key.c +++ b/src/pk/dsa/dsa_make_key.c @@ -24,7 +24,7 @@ */ int dsa_make_key_ex(prng_state *prng, int wprng, dsa_key *key) { - int err, qbits; + int err; LTC_ARGCHK(key != NULL); LTC_ARGCHK(key->x != NULL); @@ -37,12 +37,9 @@ int dsa_make_key_ex(prng_state *prng, int wprng, dsa_key *key) /* so now we have our DH structure, generator g, order q, modulus p Now we need a random exponent [mod q] and it's power g^x mod p */ - qbits = mp_count_bits(key->q); - do { - if ((err = rand_bn_bits(key->x, qbits, prng, wprng)) != CRYPT_OK) { return err; } - /* private key x should be from range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2) */ - } while (mp_cmp_d(key->x, 0) != LTC_MP_GT || mp_cmp(key->x, key->q) != LTC_MP_LT); - if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { return err; } + /* private key x should be from range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2) */ + if ((err = rand_bn_range(key->x, key->q, prng, wprng)) != CRYPT_OK) { return err; } + if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { return err; } key->type = PK_PRIVATE; return CRYPT_OK; From dbeaefd65b478505fb8c03d926a8e45a456194d2 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 4 Jul 2017 10:13:59 +0200 Subject: [PATCH 28/38] remove LTC_{DH,DSA}_KEY_INITIALIZER --- demos/timing.c | 4 ++-- src/headers/tomcrypt_pk.h | 4 ---- src/pk/dh/dh_check_pubkey.c | 3 --- src/pk/dh/dh_make_key.c | 4 ---- src/pk/dh/dh_set.c | 16 ---------------- src/pk/dsa/dsa_generate_pqg.c | 6 ------ src/pk/dsa/dsa_make_key.c | 5 ----- src/pk/dsa/dsa_set.c | 17 ----------------- tests/dh_test.c | 9 +++------ tests/dsa_test.c | 5 ++--- 10 files changed, 7 insertions(+), 66 deletions(-) diff --git a/demos/timing.c b/demos/timing.c index d075958..81e8f9c 100644 --- a/demos/timing.c +++ b/demos/timing.c @@ -646,7 +646,7 @@ static void time_prng(void) /* time various DSA operations */ static void time_dsa(void) { - dsa_key key = LTC_DSA_KEY_INITIALIZER; + dsa_key key; ulong64 t1, t2; unsigned long x, y; int err; @@ -893,7 +893,7 @@ static void time_katja(void) { fprintf(stderr, "NO Katja\n"); } /* time various DH operations */ static void time_dh(void) { - dh_key key = LTC_DH_KEY_INITIALIZER; + dh_key key; ulong64 t1, t2; unsigned long i, x, y; int err; diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 49a5c6b3..88c2cab 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -213,8 +213,6 @@ typedef struct { void *prime; } dh_key; -#define LTC_DH_KEY_INITIALIZER { PK_PUBLIC, NULL, NULL, NULL, NULL } - int dh_get_groupsize(dh_key *key); int dh_export(unsigned char *out, unsigned long *outlen, int type, dh_key *key); @@ -442,8 +440,6 @@ typedef struct { void *y; } dsa_key; -#define LTC_DSA_KEY_INITIALIZER { PK_PUBLIC, 0, NULL, NULL, NULL, NULL, NULL } - int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key); int dsa_set_pqg(const unsigned char *p, unsigned long plen, diff --git a/src/pk/dh/dh_check_pubkey.c b/src/pk/dh/dh_check_pubkey.c index c77e4bd..fb4f37b 100644 --- a/src/pk/dh/dh_check_pubkey.c +++ b/src/pk/dh/dh_check_pubkey.c @@ -23,9 +23,6 @@ int dh_check_pubkey(dh_key *key) int i, digit_count, bits_set = 0, err; LTC_ARGCHK(key != NULL); - LTC_ARGCHK(key->y != NULL); - LTC_ARGCHK(key->base != NULL); - LTC_ARGCHK(key->prime != NULL); if ((err = mp_init(&p_minus1)) != CRYPT_OK) { return err; diff --git a/src/pk/dh/dh_make_key.c b/src/pk/dh/dh_make_key.c index 69eaf3c..549a244 100644 --- a/src/pk/dh/dh_make_key.c +++ b/src/pk/dh/dh_make_key.c @@ -49,10 +49,6 @@ int dh_make_key(prng_state *prng, int wprng, dh_key *key) int err, max_iterations = PK_MAX_RETRIES; LTC_ARGCHK(key != NULL); - LTC_ARGCHK(key->x != NULL); - LTC_ARGCHK(key->y != NULL); - LTC_ARGCHK(key->base != NULL); - LTC_ARGCHK(key->prime != NULL); LTC_ARGCHK(ltc_mp.name != NULL); LTC_ARGCHK(prng != NULL); diff --git a/src/pk/dh/dh_set.c b/src/pk/dh/dh_set.c index aeac01e..4e0cf0b 100644 --- a/src/pk/dh/dh_set.c +++ b/src/pk/dh/dh_set.c @@ -28,10 +28,6 @@ int dh_set_pg(const unsigned char *p, unsigned long plen, int err; LTC_ARGCHK(key != NULL); - LTC_ARGCHK(key->x == NULL); - LTC_ARGCHK(key->y == NULL); - LTC_ARGCHK(key->base == NULL); - LTC_ARGCHK(key->prime == NULL); LTC_ARGCHK(p != NULL); LTC_ARGCHK(g != NULL); LTC_ARGCHK(ltc_mp.name != NULL); @@ -65,10 +61,6 @@ int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh int err; LTC_ARGCHK(key != NULL); - LTC_ARGCHK(key->x == NULL); - LTC_ARGCHK(key->y == NULL); - LTC_ARGCHK(key->base == NULL); - LTC_ARGCHK(key->prime == NULL); LTC_ARGCHK(ltc_mp.name != NULL); LTC_ARGCHK(dhparam != NULL); LTC_ARGCHK(dhparamlen > 0); @@ -102,10 +94,6 @@ int dh_set_pg_groupsize(int groupsize, dh_key *key) int err, i; LTC_ARGCHK(key != NULL); - LTC_ARGCHK(key->x == NULL); - LTC_ARGCHK(key->y == NULL); - LTC_ARGCHK(key->base == NULL); - LTC_ARGCHK(key->prime == NULL); LTC_ARGCHK(ltc_mp.name != NULL); LTC_ARGCHK(groupsize > 0); @@ -142,10 +130,6 @@ int dh_set_key(const unsigned char *pub, unsigned long publen, int err; LTC_ARGCHK(key != NULL); - LTC_ARGCHK(key->x != NULL); - LTC_ARGCHK(key->y != NULL); - LTC_ARGCHK(key->base != NULL); - LTC_ARGCHK(key->prime != NULL); LTC_ARGCHK(ltc_mp.name != NULL); if(priv == NULL) { diff --git a/src/pk/dsa/dsa_generate_pqg.c b/src/pk/dsa/dsa_generate_pqg.c index d6e3ac7..bcf9e34 100644 --- a/src/pk/dsa/dsa_generate_pqg.c +++ b/src/pk/dsa/dsa_generate_pqg.c @@ -216,12 +216,6 @@ int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_si int err; LTC_ARGCHK(key != NULL); - LTC_ARGCHK(key->x == NULL); - LTC_ARGCHK(key->y == NULL); - LTC_ARGCHK(key->p == NULL); - LTC_ARGCHK(key->g == NULL); - LTC_ARGCHK(key->q == NULL); - LTC_ARGCHK(key->qord == 0); LTC_ARGCHK(ltc_mp.name != NULL); /* init mp_ints */ diff --git a/src/pk/dsa/dsa_make_key.c b/src/pk/dsa/dsa_make_key.c index b7ccdd5..708eb08 100644 --- a/src/pk/dsa/dsa_make_key.c +++ b/src/pk/dsa/dsa_make_key.c @@ -27,11 +27,6 @@ int dsa_make_key_ex(prng_state *prng, int wprng, dsa_key *key) int err; LTC_ARGCHK(key != NULL); - LTC_ARGCHK(key->x != NULL); - LTC_ARGCHK(key->y != NULL); - LTC_ARGCHK(key->p != NULL); - LTC_ARGCHK(key->g != NULL); - LTC_ARGCHK(key->q != NULL); LTC_ARGCHK(ltc_mp.name != NULL); /* so now we have our DH structure, generator g, order q, modulus p diff --git a/src/pk/dsa/dsa_set.c b/src/pk/dsa/dsa_set.c index 5203ed7..3f28b56 100755 --- a/src/pk/dsa/dsa_set.c +++ b/src/pk/dsa/dsa_set.c @@ -33,12 +33,6 @@ int dsa_set_pqg(const unsigned char *p, unsigned long plen, LTC_ARGCHK(q != NULL); LTC_ARGCHK(g != NULL); LTC_ARGCHK(key != NULL); - LTC_ARGCHK(key->x == NULL); - LTC_ARGCHK(key->y == NULL); - LTC_ARGCHK(key->p == NULL); - LTC_ARGCHK(key->g == NULL); - LTC_ARGCHK(key->q == NULL); - LTC_ARGCHK(key->qord == 0); LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ @@ -80,12 +74,6 @@ int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamle LTC_ARGCHK(dsaparam != NULL); LTC_ARGCHK(key != NULL); - LTC_ARGCHK(key->x == NULL); - LTC_ARGCHK(key->y == NULL); - LTC_ARGCHK(key->p == NULL); - LTC_ARGCHK(key->g == NULL); - LTC_ARGCHK(key->q == NULL); - LTC_ARGCHK(key->qord == 0); LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ @@ -130,11 +118,6 @@ int dsa_set_key(const unsigned char *pub, unsigned long publen, int err; LTC_ARGCHK(key != NULL); - LTC_ARGCHK(key->x != NULL); - LTC_ARGCHK(key->y != NULL); - LTC_ARGCHK(key->p != NULL); - LTC_ARGCHK(key->g != NULL); - LTC_ARGCHK(key->q != NULL); LTC_ARGCHK(ltc_mp.name != NULL); if ((err = mp_read_unsigned_bin(key->y, (unsigned char *)pub , publen)) != CRYPT_OK) { goto LBL_ERR; } diff --git a/tests/dh_test.c b/tests/dh_test.c index d9ddfee..2558fc0 100644 --- a/tests/dh_test.c +++ b/tests/dh_test.c @@ -60,7 +60,7 @@ done: static int _dhparam_test(void) { - dh_key k = LTC_DH_KEY_INITIALIZER; + dh_key k; unsigned char buf[1024]; /* generated by: openssl dhparam -outform der -out dhparam.der 2048 */ unsigned char dhparam_der[] = { @@ -150,9 +150,7 @@ static int _dhparam_test(void) static int _set_test(void) { - dh_key k1 = LTC_DH_KEY_INITIALIZER; - dh_key k2 = LTC_DH_KEY_INITIALIZER; - dh_key k3 = LTC_DH_KEY_INITIALIZER; + dh_key k1, k2, k3; unsigned char buf[4096]; unsigned long len; int i; @@ -368,8 +366,7 @@ static int _basic_test(void) unsigned char buf[3][4096]; unsigned long x, y, z; int size; - dh_key usera = LTC_DH_KEY_INITIALIZER; - dh_key userb = LTC_DH_KEY_INITIALIZER; + dh_key usera, userb; /* make up two keys */ DO(dh_set_pg_groupsize(KEYSIZE/8, &usera)); diff --git a/tests/dsa_test.c b/tests/dsa_test.c index ef5f4ab..7c01ee7 100644 --- a/tests/dsa_test.c +++ b/tests/dsa_test.c @@ -131,7 +131,7 @@ static unsigned char dsaparam_der[] = { static int _dsa_compat_test(void) { - dsa_key key = LTC_DSA_KEY_INITIALIZER; + dsa_key key; unsigned char tmp[1024], buf[1024]; unsigned long x, len; unsigned char key_parts[5][256]; @@ -251,8 +251,7 @@ int dsa_test(void) unsigned char msg[16], out[1024], out2[1024], ch; unsigned long x, y; int stat1, stat2; - dsa_key key = LTC_DSA_KEY_INITIALIZER; - dsa_key key2 = LTC_DSA_KEY_INITIALIZER; + dsa_key key, key2; DO(_dsa_compat_test()); From 3c2e0d66868f81a5caa560c5b91097e0cce6ed36 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 4 Jul 2017 10:16:01 +0200 Subject: [PATCH 29/38] dsa_make_key_ex() is now dsa_generate_key() --- demos/timing.c | 2 +- src/headers/tomcrypt_pk.h | 2 +- src/pk/dsa/dsa_generate_key.c | 47 +++++++++++++++++++++++++++++++++++ src/pk/dsa/dsa_make_key.c | 27 +------------------- src/pk/dsa/dsa_set.c | 5 ++++ tests/dsa_test.c | 4 +-- 6 files changed, 57 insertions(+), 30 deletions(-) create mode 100644 src/pk/dsa/dsa_generate_key.c diff --git a/demos/timing.c b/demos/timing.c index 81e8f9c..d1a17e4 100644 --- a/demos/timing.c +++ b/demos/timing.c @@ -669,7 +669,7 @@ static const struct { fprintf(stderr, "\n\ndsa_generate_pqg says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK)); exit(EXIT_FAILURE); } - if ((err = dsa_make_key_ex(&yarrow_prng, find_prng("yarrow"), &key)) != CRYPT_OK) { + if ((err = dsa_generate_key(&yarrow_prng, find_prng("yarrow"), &key)) != CRYPT_OK) { fprintf(stderr, "\n\ndsa_make_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK)); exit(EXIT_FAILURE); } diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index 88c2cab..c24230a 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -452,7 +452,7 @@ int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_si int dsa_set_key(const unsigned char *pub, unsigned long publen, const unsigned char *priv, unsigned long privlen, dsa_key *key); -int dsa_make_key_ex(prng_state *prng, int wprng, dsa_key *key); +int dsa_generate_key(prng_state *prng, int wprng, dsa_key *key); void dsa_free(dsa_key *key); diff --git a/src/pk/dsa/dsa_generate_key.c b/src/pk/dsa/dsa_generate_key.c new file mode 100644 index 0000000..33f68c7 --- /dev/null +++ b/src/pk/dsa/dsa_generate_key.c @@ -0,0 +1,47 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ +#include "tomcrypt.h" + +/** + @file dsa_make_key.c + DSA implementation, generate a DSA key +*/ + +#ifdef LTC_MDSA + +/** + Create a DSA key + @param prng An active PRNG state + @param wprng The index of the PRNG desired + @param key [in/out] Where to store the created key + @return CRYPT_OK if successful. +*/ +int dsa_generate_key(prng_state *prng, int wprng, dsa_key *key) +{ + int err; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + /* so now we have our DH structure, generator g, order q, modulus p + Now we need a random exponent [mod q] and it's power g^x mod p + */ + /* private key x should be from range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2) */ + if ((err = rand_bn_range(key->x, key->q, prng, wprng)) != CRYPT_OK) { return err; } + if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { return err; } + key->type = PK_PRIVATE; + + return CRYPT_OK; +} + +#endif + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ diff --git a/src/pk/dsa/dsa_make_key.c b/src/pk/dsa/dsa_make_key.c index 708eb08..8ac08f8 100644 --- a/src/pk/dsa/dsa_make_key.c +++ b/src/pk/dsa/dsa_make_key.c @@ -15,31 +15,6 @@ #ifdef LTC_MDSA -/** - Create a DSA key - @param prng An active PRNG state - @param wprng The index of the PRNG desired - @param key [in/out] Where to store the created key - @return CRYPT_OK if successful. -*/ -int dsa_make_key_ex(prng_state *prng, int wprng, dsa_key *key) -{ - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* so now we have our DH structure, generator g, order q, modulus p - Now we need a random exponent [mod q] and it's power g^x mod p - */ - /* private key x should be from range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2) */ - if ((err = rand_bn_range(key->x, key->q, prng, wprng)) != CRYPT_OK) { return err; } - if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { return err; } - key->type = PK_PRIVATE; - - return CRYPT_OK; -} - /** Old-style creation of a DSA key @param prng An active PRNG state @@ -54,7 +29,7 @@ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, int err; if ((err = dsa_generate_pqg(prng, wprng, group_size, modulus_size, key)) != CRYPT_OK) { return err; } - if ((err = dsa_make_key_ex(prng, wprng, key)) != CRYPT_OK) { return err; } + if ((err = dsa_generate_key(prng, wprng, key)) != CRYPT_OK) { return err; } return CRYPT_OK; } diff --git a/src/pk/dsa/dsa_set.c b/src/pk/dsa/dsa_set.c index 3f28b56..5c1e029 100755 --- a/src/pk/dsa/dsa_set.c +++ b/src/pk/dsa/dsa_set.c @@ -118,6 +118,11 @@ int dsa_set_key(const unsigned char *pub, unsigned long publen, int err; LTC_ARGCHK(key != NULL); + LTC_ARGCHK(key->x != NULL); + LTC_ARGCHK(key->y != NULL); + LTC_ARGCHK(key->p != NULL); + LTC_ARGCHK(key->g != NULL); + LTC_ARGCHK(key->q != NULL); LTC_ARGCHK(ltc_mp.name != NULL); if ((err = mp_read_unsigned_bin(key->y, (unsigned char *)pub , publen)) != CRYPT_OK) { goto LBL_ERR; } diff --git a/tests/dsa_test.c b/tests/dsa_test.c index 7c01ee7..d871a29 100644 --- a/tests/dsa_test.c +++ b/tests/dsa_test.c @@ -208,7 +208,7 @@ static int _dsa_compat_test(void) /* try import dsaparam */ DO(dsa_set_pqg_dsaparam(dsaparam_der, sizeof(dsaparam_der), &key)); - DO(dsa_make_key_ex(&yarrow_prng, find_prng("yarrow"), &key)); + DO(dsa_generate_key(&yarrow_prng, find_prng("yarrow"), &key)); /* verify it */ DO(dsa_verify_key(&key, &stat)); if (stat == 0) { @@ -257,7 +257,7 @@ int dsa_test(void) /* make a random key */ DO(dsa_generate_pqg(&yarrow_prng, find_prng("yarrow"), 20, 128, &key)); - DO(dsa_make_key_ex(&yarrow_prng, find_prng("yarrow"), &key)); + DO(dsa_generate_key(&yarrow_prng, find_prng("yarrow"), &key)); /* verify it */ DO(dsa_verify_key(&key, &stat1)); From 5640f8afc7965964f3a4209a4eada5a4719fa702 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 4 Jul 2017 10:17:47 +0200 Subject: [PATCH 30/38] put dsa_set_pqg_dsaparam() in own c file --- src/pk/dsa/dsa_set.c | 45 ---------------------- src/pk/dsa/dsa_set_pqg_dsaparam.c | 63 +++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 45 deletions(-) create mode 100755 src/pk/dsa/dsa_set_pqg_dsaparam.c diff --git a/src/pk/dsa/dsa_set.c b/src/pk/dsa/dsa_set.c index 5c1e029..d25de01 100755 --- a/src/pk/dsa/dsa_set.c +++ b/src/pk/dsa/dsa_set.c @@ -57,51 +57,6 @@ LBL_ERR: return err; } -/** - Import DSA's p, q & g from dsaparam - - dsaparam data: openssl dsaparam -outform DER -out dsaparam.der 2048 - - @param dsaparam The DSA param DER encoded data - @param dsaparamlen The length of dhparam data - @param key [out] the destination for the imported key - @return CRYPT_OK if successful. -*/ -int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamlen, - dsa_key *key) -{ - int err; - - LTC_ARGCHK(dsaparam != NULL); - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - - /* init key */ - err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); - if (err != CRYPT_OK) return err; - - if ((err = der_decode_sequence_multi(dsaparam, dsaparamlen, - LTC_ASN1_INTEGER, 1UL, key->p, - LTC_ASN1_INTEGER, 1UL, key->q, - LTC_ASN1_INTEGER, 1UL, key->g, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - - key->qord = mp_unsigned_bin_size(key->q); - - if (key->qord >= LTC_MDSA_MAX_GROUP || key->qord <= 15 || - (unsigned long)key->qord >= mp_unsigned_bin_size(key->p) || (mp_unsigned_bin_size(key->p) - key->qord) >= LTC_MDSA_DELTA) { - err = CRYPT_INVALID_PACKET; - goto LBL_ERR; - } - return CRYPT_OK; - -LBL_ERR: - dsa_free(key); - return err; -} - /** Import DSA public or private key from raw numbers @param pub DSA's y (public key) in binary representation diff --git a/src/pk/dsa/dsa_set_pqg_dsaparam.c b/src/pk/dsa/dsa_set_pqg_dsaparam.c new file mode 100755 index 0000000..454a941 --- /dev/null +++ b/src/pk/dsa/dsa_set_pqg_dsaparam.c @@ -0,0 +1,63 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ +#include "tomcrypt.h" + + +#ifdef LTC_MDSA + +/** + Import DSA's p, q & g from dsaparam + + dsaparam data: openssl dsaparam -outform DER -out dsaparam.der 2048 + + @param dsaparam The DSA param DER encoded data + @param dsaparamlen The length of dhparam data + @param key [out] the destination for the imported key + @return CRYPT_OK if successful. +*/ +int dsa_set_pqg_dsaparam(const unsigned char *dsaparam, unsigned long dsaparamlen, + dsa_key *key) +{ + int err; + + LTC_ARGCHK(dsaparam != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + + /* init key */ + err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL); + if (err != CRYPT_OK) return err; + + if ((err = der_decode_sequence_multi(dsaparam, dsaparamlen, + LTC_ASN1_INTEGER, 1UL, key->p, + LTC_ASN1_INTEGER, 1UL, key->q, + LTC_ASN1_INTEGER, 1UL, key->g, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + goto LBL_ERR; + } + + key->qord = mp_unsigned_bin_size(key->q); + + if (key->qord >= LTC_MDSA_MAX_GROUP || key->qord <= 15 || + (unsigned long)key->qord >= mp_unsigned_bin_size(key->p) || (mp_unsigned_bin_size(key->p) - key->qord) >= LTC_MDSA_DELTA) { + err = CRYPT_INVALID_PACKET; + goto LBL_ERR; + } + return CRYPT_OK; + +LBL_ERR: + dsa_free(key); + return err; +} + +#endif + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ From a80abb1222ea0ae750008a3fa44910bdc52677f6 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 4 Jul 2017 10:18:04 +0200 Subject: [PATCH 31/38] put dh_set_pg_dhparam() in own c file --- src/pk/dh/dh_set.c | 36 ----------------------- src/pk/dh/dh_set_pg_dhparam.c | 54 +++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 36 deletions(-) create mode 100644 src/pk/dh/dh_set_pg_dhparam.c diff --git a/src/pk/dh/dh_set.c b/src/pk/dh/dh_set.c index 4e0cf0b..edd28bb 100644 --- a/src/pk/dh/dh_set.c +++ b/src/pk/dh/dh_set.c @@ -46,42 +46,6 @@ LBL_ERR: return err; } -/** - Import DH key parts p and g from dhparam - - dhparam data: openssl dhparam -outform DER -out dhparam.der 2048 - - @param dhparam The DH param DER encoded data - @param dhparamlen The length of dhparam data - @param key [out] Where the newly created DH key will be stored - @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically. -*/ -int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh_key *key) -{ - int err; - - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); - LTC_ARGCHK(dhparam != NULL); - LTC_ARGCHK(dhparamlen > 0); - - if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) { - return err; - } - if ((err = der_decode_sequence_multi(dhparam, dhparamlen, - LTC_ASN1_INTEGER, 1UL, key->prime, - LTC_ASN1_INTEGER, 1UL, key->base, - LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { - goto LBL_ERR; - } - - return CRYPT_OK; - -LBL_ERR: - dh_free(key); - return err; -} - /** Import DH key parts p and g from built-in DH groups diff --git a/src/pk/dh/dh_set_pg_dhparam.c b/src/pk/dh/dh_set_pg_dhparam.c new file mode 100644 index 0000000..7003011 --- /dev/null +++ b/src/pk/dh/dh_set_pg_dhparam.c @@ -0,0 +1,54 @@ +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + */ + +#include "tomcrypt.h" + +#ifdef LTC_MDH + +/** + Import DH key parts p and g from dhparam + + dhparam data: openssl dhparam -outform DER -out dhparam.der 2048 + + @param dhparam The DH param DER encoded data + @param dhparamlen The length of dhparam data + @param key [out] Where the newly created DH key will be stored + @return CRYPT_OK if successful, note: on error all allocated memory will be freed automatically. +*/ +int dh_set_pg_dhparam(const unsigned char *dhparam, unsigned long dhparamlen, dh_key *key) +{ + int err; + + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); + LTC_ARGCHK(dhparam != NULL); + LTC_ARGCHK(dhparamlen > 0); + + if ((err = mp_init_multi(&key->x, &key->y, &key->base, &key->prime, NULL)) != CRYPT_OK) { + return err; + } + if ((err = der_decode_sequence_multi(dhparam, dhparamlen, + LTC_ASN1_INTEGER, 1UL, key->prime, + LTC_ASN1_INTEGER, 1UL, key->base, + LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { + goto LBL_ERR; + } + + return CRYPT_OK; + +LBL_ERR: + dh_free(key); + return err; +} + +#endif /* LTC_MDH */ + +/* ref: $Format:%D$ */ +/* git commit: $Format:%H$ */ +/* commit time: $Format:%ai$ */ From a0f2abc5b5c462a85d05b28008c99e6875875b3d Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 4 Jul 2017 10:18:21 +0200 Subject: [PATCH 32/38] re-format --- src/pk/dsa/dsa_generate_pqg.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/src/pk/dsa/dsa_generate_pqg.c b/src/pk/dsa/dsa_generate_pqg.c index bcf9e34..91c7ef7 100644 --- a/src/pk/dsa/dsa_generate_pqg.c +++ b/src/pk/dsa/dsa_generate_pqg.c @@ -213,26 +213,28 @@ cleanup3: */ int dsa_generate_pqg(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key) { - int err; + int err; - LTC_ARGCHK(key != NULL); - LTC_ARGCHK(ltc_mp.name != NULL); + LTC_ARGCHK(key != NULL); + LTC_ARGCHK(ltc_mp.name != NULL); - /* init mp_ints */ - if ((err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL)) != CRYPT_OK) { - return err; - } - /* generate params */ - err = _dsa_make_params(prng, wprng, group_size, modulus_size, key->p, key->q, key->g); - if (err != CRYPT_OK) { goto cleanup; } + /* init mp_ints */ + if ((err = mp_init_multi(&key->p, &key->g, &key->q, &key->x, &key->y, NULL)) != CRYPT_OK) { + return err; + } + /* generate params */ + err = _dsa_make_params(prng, wprng, group_size, modulus_size, key->p, key->q, key->g); + if (err != CRYPT_OK) { + goto cleanup; + } - key->qord = group_size; + key->qord = group_size; - return CRYPT_OK; + return CRYPT_OK; cleanup: - dsa_free(key); - return err; + dsa_free(key); + return err; } #endif From e647f9a0e4242408b2dc3a02a65f1b6024cade9d Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 4 Jul 2017 10:20:56 +0200 Subject: [PATCH 33/38] not good to check that prng is non-NULL e.g. sprng() lives w/o context --- src/pk/dh/dh_make_key.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/pk/dh/dh_make_key.c b/src/pk/dh/dh_make_key.c index 549a244..f2f81ff 100644 --- a/src/pk/dh/dh_make_key.c +++ b/src/pk/dh/dh_make_key.c @@ -50,7 +50,6 @@ int dh_make_key(prng_state *prng, int wprng, dh_key *key) LTC_ARGCHK(key != NULL); LTC_ARGCHK(ltc_mp.name != NULL); - LTC_ARGCHK(prng != NULL); /* good prng? */ if ((err = prng_is_valid(wprng)) != CRYPT_OK) { From a6aef23438e96a4f233d9797afc2f5f3e348fd42 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 4 Jul 2017 10:30:01 +0200 Subject: [PATCH 34/38] dh_make_key() is now dh_generate_key() --- demos/timing.c | 2 +- src/headers/tomcrypt_pk.h | 2 +- src/pk/dh/{dh_make_key.c => dh_generate_key.c} | 2 +- tests/dh_test.c | 10 +++++----- 4 files changed, 8 insertions(+), 8 deletions(-) rename src/pk/dh/{dh_make_key.c => dh_generate_key.c} (97%) diff --git a/demos/timing.c b/demos/timing.c index d1a17e4..746055d 100644 --- a/demos/timing.c +++ b/demos/timing.c @@ -909,7 +909,7 @@ static void time_dh(void) t_start(); t1 = t_read(); - if ((err = dh_make_key(&yarrow_prng, find_prng("yarrow"), &key)) != CRYPT_OK) { + if ((err = dh_generate_key(&yarrow_prng, find_prng("yarrow"), &key)) != CRYPT_OK) { fprintf(stderr, "\n\ndh_make_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK)); exit(EXIT_FAILURE); } diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index c24230a..c374048 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -227,7 +227,7 @@ int dh_set_pg_groupsize(int groupsize, dh_key *key); int dh_set_key(const unsigned char *pub, unsigned long publen, const unsigned char *priv, unsigned long privlen, dh_key *key); -int dh_make_key(prng_state *prng, int wprng, dh_key *key); +int dh_generate_key(prng_state *prng, int wprng, dh_key *key); int dh_shared_secret(dh_key *private_key, dh_key *public_key, unsigned char *out, unsigned long *outlen); diff --git a/src/pk/dh/dh_make_key.c b/src/pk/dh/dh_generate_key.c similarity index 97% rename from src/pk/dh/dh_make_key.c rename to src/pk/dh/dh_generate_key.c index f2f81ff..04db294 100644 --- a/src/pk/dh/dh_make_key.c +++ b/src/pk/dh/dh_generate_key.c @@ -42,7 +42,7 @@ static int _dh_groupsize_to_keysize(int groupsize) } } -int dh_make_key(prng_state *prng, int wprng, dh_key *key) +int dh_generate_key(prng_state *prng, int wprng, dh_key *key) { unsigned char *buf; unsigned long keysize; diff --git a/tests/dh_test.c b/tests/dh_test.c index 2558fc0..e3111c6 100644 --- a/tests/dh_test.c +++ b/tests/dh_test.c @@ -127,7 +127,7 @@ static int _dhparam_test(void) }; DO(dh_set_pg_dhparam(dhparam_der, sizeof(dhparam_der), &k)); - DO(dh_make_key(&yarrow_prng, find_prng ("yarrow"), &k)); + DO(dh_generate_key(&yarrow_prng, find_prng ("yarrow"), &k)); if (mp_unsigned_bin_size(k.prime) > sizeof(buf)) { printf("dhparam_test: short buf\n"); dh_free(&k); @@ -339,7 +339,7 @@ static int _set_test(void) dh_free(&k2); DO(dh_set_pg(test[i].p, test[i].plen, test[i].g, test[i].glen, &k3)); - DO(dh_make_key(&yarrow_prng, find_prng("yarrow"), &k3)); + DO(dh_generate_key(&yarrow_prng, find_prng("yarrow"), &k3)); len = mp_unsigned_bin_size(k3.prime); DO(mp_to_unsigned_bin(k3.prime, buf)); @@ -370,9 +370,9 @@ static int _basic_test(void) /* make up two keys */ DO(dh_set_pg_groupsize(KEYSIZE/8, &usera)); - DO(dh_make_key(&yarrow_prng, find_prng ("yarrow"), &usera)); + DO(dh_generate_key(&yarrow_prng, find_prng ("yarrow"), &usera)); DO(dh_set_pg_groupsize(KEYSIZE/8, &userb)); - DO(dh_make_key(&yarrow_prng, find_prng ("yarrow"), &userb)); + DO(dh_generate_key(&yarrow_prng, find_prng ("yarrow"), &userb)); /* make the shared secret */ x = KEYSIZE; @@ -417,7 +417,7 @@ static int _basic_test(void) for (x = 0; ltc_dh_sets[x].size != 0; x++) { DO(dh_set_pg_groupsize(ltc_dh_sets[x].size, &usera)); - DO(dh_make_key(&yarrow_prng, find_prng ("yarrow"), &usera)); + DO(dh_generate_key(&yarrow_prng, find_prng ("yarrow"), &usera)); size = dh_get_groupsize(&usera); dh_free(&usera); if (size != ltc_dh_sets[x].size) { From 8167b4d1cceab960f11002229dd19b966262cdd1 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 4 Jul 2017 10:30:50 +0200 Subject: [PATCH 35/38] Update makefiles --- libtomcrypt_VS2008.vcproj | 16 ++++++++++++++-- makefile.mingw | 20 +++++++++++--------- makefile.msvc | 20 +++++++++++--------- makefile.unix | 20 +++++++++++--------- makefile_include.mk | 20 +++++++++++--------- 5 files changed, 58 insertions(+), 38 deletions(-) diff --git a/libtomcrypt_VS2008.vcproj b/libtomcrypt_VS2008.vcproj index d7e4341..7cc0d3c 100644 --- a/libtomcrypt_VS2008.vcproj +++ b/libtomcrypt_VS2008.vcproj @@ -2070,16 +2070,20 @@ RelativePath="src\pk\dh\dh_free.c" > + + + + @@ -2122,6 +2130,10 @@ RelativePath="src\pk\dsa\dsa_set.c" > + + diff --git a/makefile.mingw b/makefile.mingw index 1ea27d6..9a42b57 100644 --- a/makefile.mingw +++ b/makefile.mingw @@ -161,15 +161,17 @@ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_ src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \ src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \ src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o \ -src/pk/dh/dh_free.o src/pk/dh/dh_import.o src/pk/dh/dh_make_key.o src/pk/dh/dh_set.o \ -src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o \ -src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \ -src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_shared_secret.o \ -src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \ -src/pk/ecc/ecc_ansi_x963_export.o src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o \ -src/pk/ecc/ecc_encrypt_key.o src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o \ -src/pk/ecc/ecc_import.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o \ -src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \ +src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o src/pk/dh/dh_import.o src/pk/dh/dh_set.o \ +src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o \ +src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \ +src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \ +src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ +src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \ +src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/ecc/ecc_ansi_x963_export.o \ +src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o src/pk/ecc/ecc_encrypt_key.o \ +src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o src/pk/ecc/ecc_import.o \ +src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o src/pk/ecc/ecc_sign_hash.o \ +src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \ src/pk/ecc/ltc_ecc_is_valid_idx.o src/pk/ecc/ltc_ecc_map.o src/pk/ecc/ltc_ecc_mul2add.o \ src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o src/pk/ecc/ltc_ecc_points.o \ src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_point.o \ diff --git a/makefile.msvc b/makefile.msvc index 5c0c443..f847f7b 100644 --- a/makefile.msvc +++ b/makefile.msvc @@ -154,15 +154,17 @@ src/pk/asn1/der/utctime/der_decode_utctime.obj src/pk/asn1/der/utctime/der_encod src/pk/asn1/der/utctime/der_length_utctime.obj src/pk/asn1/der/utf8/der_decode_utf8_string.obj \ src/pk/asn1/der/utf8/der_encode_utf8_string.obj src/pk/asn1/der/utf8/der_length_utf8_string.obj \ src/pk/dh/dh.obj src/pk/dh/dh_check_pubkey.obj src/pk/dh/dh_export.obj src/pk/dh/dh_export_key.obj \ -src/pk/dh/dh_free.obj src/pk/dh/dh_import.obj src/pk/dh/dh_make_key.obj src/pk/dh/dh_set.obj \ -src/pk/dh/dh_shared_secret.obj src/pk/dsa/dsa_decrypt_key.obj src/pk/dsa/dsa_encrypt_key.obj \ -src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj src/pk/dsa/dsa_generate_pqg.obj src/pk/dsa/dsa_import.obj \ -src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_set.obj src/pk/dsa/dsa_shared_secret.obj \ -src/pk/dsa/dsa_sign_hash.obj src/pk/dsa/dsa_verify_hash.obj src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj \ -src/pk/ecc/ecc_ansi_x963_export.obj src/pk/ecc/ecc_ansi_x963_import.obj src/pk/ecc/ecc_decrypt_key.obj \ -src/pk/ecc/ecc_encrypt_key.obj src/pk/ecc/ecc_export.obj src/pk/ecc/ecc_free.obj src/pk/ecc/ecc_get_size.obj \ -src/pk/ecc/ecc_import.obj src/pk/ecc/ecc_make_key.obj src/pk/ecc/ecc_shared_secret.obj \ -src/pk/ecc/ecc_sign_hash.obj src/pk/ecc/ecc_sizes.obj src/pk/ecc/ecc_test.obj src/pk/ecc/ecc_verify_hash.obj \ +src/pk/dh/dh_free.obj src/pk/dh/dh_generate_key.obj src/pk/dh/dh_import.obj src/pk/dh/dh_set.obj \ +src/pk/dh/dh_set_pg_dhparam.obj src/pk/dh/dh_shared_secret.obj src/pk/dsa/dsa_decrypt_key.obj \ +src/pk/dsa/dsa_encrypt_key.obj src/pk/dsa/dsa_export.obj src/pk/dsa/dsa_free.obj \ +src/pk/dsa/dsa_generate_key.obj src/pk/dsa/dsa_generate_pqg.obj src/pk/dsa/dsa_import.obj \ +src/pk/dsa/dsa_make_key.obj src/pk/dsa/dsa_set.obj src/pk/dsa/dsa_set_pqg_dsaparam.obj \ +src/pk/dsa/dsa_shared_secret.obj src/pk/dsa/dsa_sign_hash.obj src/pk/dsa/dsa_verify_hash.obj \ +src/pk/dsa/dsa_verify_key.obj src/pk/ecc/ecc.obj src/pk/ecc/ecc_ansi_x963_export.obj \ +src/pk/ecc/ecc_ansi_x963_import.obj src/pk/ecc/ecc_decrypt_key.obj src/pk/ecc/ecc_encrypt_key.obj \ +src/pk/ecc/ecc_export.obj src/pk/ecc/ecc_free.obj src/pk/ecc/ecc_get_size.obj src/pk/ecc/ecc_import.obj \ +src/pk/ecc/ecc_make_key.obj src/pk/ecc/ecc_shared_secret.obj src/pk/ecc/ecc_sign_hash.obj \ +src/pk/ecc/ecc_sizes.obj src/pk/ecc/ecc_test.obj src/pk/ecc/ecc_verify_hash.obj \ src/pk/ecc/ltc_ecc_is_valid_idx.obj src/pk/ecc/ltc_ecc_map.obj src/pk/ecc/ltc_ecc_mul2add.obj \ src/pk/ecc/ltc_ecc_mulmod.obj src/pk/ecc/ltc_ecc_mulmod_timing.obj src/pk/ecc/ltc_ecc_points.obj \ src/pk/ecc/ltc_ecc_projective_add_point.obj src/pk/ecc/ltc_ecc_projective_dbl_point.obj \ diff --git a/makefile.unix b/makefile.unix index c3d2d3b..7b9b8ae 100644 --- a/makefile.unix +++ b/makefile.unix @@ -171,15 +171,17 @@ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_ src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \ src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \ src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o \ -src/pk/dh/dh_free.o src/pk/dh/dh_import.o src/pk/dh/dh_make_key.o src/pk/dh/dh_set.o \ -src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o \ -src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \ -src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_shared_secret.o \ -src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \ -src/pk/ecc/ecc_ansi_x963_export.o src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o \ -src/pk/ecc/ecc_encrypt_key.o src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o \ -src/pk/ecc/ecc_import.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o \ -src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \ +src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o src/pk/dh/dh_import.o src/pk/dh/dh_set.o \ +src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o \ +src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \ +src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \ +src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ +src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \ +src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/ecc/ecc_ansi_x963_export.o \ +src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o src/pk/ecc/ecc_encrypt_key.o \ +src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o src/pk/ecc/ecc_import.o \ +src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o src/pk/ecc/ecc_sign_hash.o \ +src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \ src/pk/ecc/ltc_ecc_is_valid_idx.o src/pk/ecc/ltc_ecc_map.o src/pk/ecc/ltc_ecc_mul2add.o \ src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o src/pk/ecc/ltc_ecc_points.o \ src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_point.o \ diff --git a/makefile_include.mk b/makefile_include.mk index 27fcc2b..78ec3c4 100644 --- a/makefile_include.mk +++ b/makefile_include.mk @@ -277,15 +277,17 @@ src/pk/asn1/der/utctime/der_decode_utctime.o src/pk/asn1/der/utctime/der_encode_ src/pk/asn1/der/utctime/der_length_utctime.o src/pk/asn1/der/utf8/der_decode_utf8_string.o \ src/pk/asn1/der/utf8/der_encode_utf8_string.o src/pk/asn1/der/utf8/der_length_utf8_string.o \ src/pk/dh/dh.o src/pk/dh/dh_check_pubkey.o src/pk/dh/dh_export.o src/pk/dh/dh_export_key.o \ -src/pk/dh/dh_free.o src/pk/dh/dh_import.o src/pk/dh/dh_make_key.o src/pk/dh/dh_set.o \ -src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o src/pk/dsa/dsa_encrypt_key.o \ -src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \ -src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_shared_secret.o \ -src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o \ -src/pk/ecc/ecc_ansi_x963_export.o src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o \ -src/pk/ecc/ecc_encrypt_key.o src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o \ -src/pk/ecc/ecc_import.o src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o \ -src/pk/ecc/ecc_sign_hash.o src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \ +src/pk/dh/dh_free.o src/pk/dh/dh_generate_key.o src/pk/dh/dh_import.o src/pk/dh/dh_set.o \ +src/pk/dh/dh_set_pg_dhparam.o src/pk/dh/dh_shared_secret.o src/pk/dsa/dsa_decrypt_key.o \ +src/pk/dsa/dsa_encrypt_key.o src/pk/dsa/dsa_export.o src/pk/dsa/dsa_free.o \ +src/pk/dsa/dsa_generate_key.o src/pk/dsa/dsa_generate_pqg.o src/pk/dsa/dsa_import.o \ +src/pk/dsa/dsa_make_key.o src/pk/dsa/dsa_set.o src/pk/dsa/dsa_set_pqg_dsaparam.o \ +src/pk/dsa/dsa_shared_secret.o src/pk/dsa/dsa_sign_hash.o src/pk/dsa/dsa_verify_hash.o \ +src/pk/dsa/dsa_verify_key.o src/pk/ecc/ecc.o src/pk/ecc/ecc_ansi_x963_export.o \ +src/pk/ecc/ecc_ansi_x963_import.o src/pk/ecc/ecc_decrypt_key.o src/pk/ecc/ecc_encrypt_key.o \ +src/pk/ecc/ecc_export.o src/pk/ecc/ecc_free.o src/pk/ecc/ecc_get_size.o src/pk/ecc/ecc_import.o \ +src/pk/ecc/ecc_make_key.o src/pk/ecc/ecc_shared_secret.o src/pk/ecc/ecc_sign_hash.o \ +src/pk/ecc/ecc_sizes.o src/pk/ecc/ecc_test.o src/pk/ecc/ecc_verify_hash.o \ src/pk/ecc/ltc_ecc_is_valid_idx.o src/pk/ecc/ltc_ecc_map.o src/pk/ecc/ltc_ecc_mul2add.o \ src/pk/ecc/ltc_ecc_mulmod.o src/pk/ecc/ltc_ecc_mulmod_timing.o src/pk/ecc/ltc_ecc_points.o \ src/pk/ecc/ltc_ecc_projective_add_point.o src/pk/ecc/ltc_ecc_projective_dbl_point.o \ From 22919cd4f2d4aaa80ace75ae92b682f5ff426ec8 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Tue, 4 Jul 2017 10:58:10 +0200 Subject: [PATCH 36/38] rand_bn_range(): count bits once --- src/math/rand_bn.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/math/rand_bn.c b/src/math/rand_bn.c index a85a965..3d4f10c 100755 --- a/src/math/rand_bn.c +++ b/src/math/rand_bn.c @@ -55,13 +55,14 @@ cleanup: */ int rand_bn_range(void *N, void *limit, prng_state *prng, int wprng) { - int res; + int res, bits; LTC_ARGCHK(N != NULL); LTC_ARGCHK(limit != NULL); + bits = mp_count_bits(limit); do { - res = rand_bn_bits(N, mp_count_bits(limit), prng, wprng); + res = rand_bn_bits(N, bits, prng, wprng); if (res != CRYPT_OK) return res; } while (mp_cmp_d(N, 0) != LTC_MP_GT || mp_cmp(N, limit) != LTC_MP_LT); From 4221c44fbc94328b883e6451506b98a5584eb109 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 5 Jul 2017 10:03:56 +0200 Subject: [PATCH 37/38] rename rand_bn_range() to rand_bn_upto() --- src/headers/tomcrypt_pk.h | 2 +- src/math/rand_bn.c | 2 +- src/pk/dsa/dsa_encrypt_key.c | 2 +- src/pk/dsa/dsa_generate_key.c | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/headers/tomcrypt_pk.h b/src/headers/tomcrypt_pk.h index c374048..44b8575 100644 --- a/src/headers/tomcrypt_pk.h +++ b/src/headers/tomcrypt_pk.h @@ -25,7 +25,7 @@ int rand_prime(void *N, long len, prng_state *prng, int wprng); #ifdef LTC_SOURCE /* internal helper functions */ int rand_bn_bits(void *N, int bits, prng_state *prng, int wprng); -int rand_bn_range(void *N, void *limit, prng_state *prng, int wprng); +int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng); enum public_key_algorithms { PKA_RSA, diff --git a/src/math/rand_bn.c b/src/math/rand_bn.c index 3d4f10c..a42ba64 100755 --- a/src/math/rand_bn.c +++ b/src/math/rand_bn.c @@ -53,7 +53,7 @@ cleanup: /** Generate a random number N in a range: 1 <= N < limit */ -int rand_bn_range(void *N, void *limit, prng_state *prng, int wprng) +int rand_bn_upto(void *N, void *limit, prng_state *prng, int wprng) { int res, bits; diff --git a/src/pk/dsa/dsa_encrypt_key.c b/src/pk/dsa/dsa_encrypt_key.c index fcfbf89..c854367 100644 --- a/src/pk/dsa/dsa_encrypt_key.c +++ b/src/pk/dsa/dsa_encrypt_key.c @@ -76,7 +76,7 @@ int dsa_encrypt_key(const unsigned char *in, unsigned long inlen, /* make a random g_priv, g_pub = g^x pair private key x should be in range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2) */ - if ((err = rand_bn_range(g_priv, key->q, prng, wprng)) != CRYPT_OK) { + if ((err = rand_bn_upto(g_priv, key->q, prng, wprng)) != CRYPT_OK) { goto LBL_ERR; } diff --git a/src/pk/dsa/dsa_generate_key.c b/src/pk/dsa/dsa_generate_key.c index 33f68c7..18b2df6 100644 --- a/src/pk/dsa/dsa_generate_key.c +++ b/src/pk/dsa/dsa_generate_key.c @@ -33,7 +33,7 @@ int dsa_generate_key(prng_state *prng, int wprng, dsa_key *key) Now we need a random exponent [mod q] and it's power g^x mod p */ /* private key x should be from range: 1 <= x <= q-1 (see FIPS 186-4 B.1.2) */ - if ((err = rand_bn_range(key->x, key->q, prng, wprng)) != CRYPT_OK) { return err; } + if ((err = rand_bn_upto(key->x, key->q, prng, wprng)) != CRYPT_OK) { return err; } if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { return err; } key->type = PK_PRIVATE; From c2f50459e284ba777c6e6add55ad1e275a3472a2 Mon Sep 17 00:00:00 2001 From: Steffen Jaeckel Date: Wed, 5 Jul 2017 10:25:01 +0200 Subject: [PATCH 38/38] better doc of radix_to_bin() --- src/math/radix_to_bin.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/math/radix_to_bin.c b/src/math/radix_to_bin.c index 72742b5..fef58ae 100644 --- a/src/math/radix_to_bin.c +++ b/src/math/radix_to_bin.c @@ -17,8 +17,15 @@ /** Convert data from a specific radix to binary + The default MPI descriptors #ltm_desc, #tfm_desc and #gmp_desc + have the following restrictions on parameters: + + \p in - NUL-terminated char buffer + + \p radix - 2..64 + @param in The input - @param radix The radix of the input 2..64 + @param radix The radix of the input @param out The output buffer @param len [in/out] The length of the output buffer