« back to all changes in this revision
Viewing changes to tests/fipsdrv.c
- browse files at revision 18
- compare with another revision
- download diff
- download tarball
- view history from revision 18
- Committer: Bazaar Package Importer
- Author(s): Bhavani Shankar
- Date: 2009-05-16 20:13:32 UTC
- mfrom: (1.1.6 upstream) (2.1.3 squeeze)
- Revision ID: james.westby@ubuntu.com-20090516201332-czkobpu32w318i16
Tags: 1.4.4-2ubuntu1
* Merge from Debian unstable (LP: #364535), remaining changes:
- Add libgcrypt11-udeb for use by cryptsetup-udeb.
- Add clean-la.mk, and add a symlink for the .la
- Install to /lib.
- Add libgcrypt11-udeb for use by cryptsetup-udeb.
- Add clean-la.mk, and add a symlink for the .la
- Install to /lib.
- files added:
- cipher/hash-common.c
- random
- files removed:
- BUGS
- files modified:
- AUTHORS
added
removed
tests/fipsdrv.c
1
/* fipsdrv.c - A driver to help with FIPS CAVS tests.
2
Copyright (C) 2008 Free Software Foundation, Inc.
3
4
This file is part of Libgcrypt.
5
6
Libgcrypt is free software; you can redistribute it and/or modify
7
it under the terms of the GNU Lesser General Public License as
8
published by the Free Software Foundation; either version 2.1 of
9
the License, or (at your option) any later version.
10
11
Libgcrypt is distributed in the hope that it will be useful,
12
but WITHOUT ANY WARRANTY; without even the implied warranty of
13
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
GNU Lesser General Public License for more details.
15
16
You should have received a copy of the GNU Lesser General Public
17
License along with this program; if not, see <http://www.gnu.org/licenses/>.
18
*/
19
20
#ifdef HAVE_CONFIG_H
21
#include <config.h>
22
#endif
23
#include <stdio.h>
24
#include <stdlib.h>
25
#include <string.h>
26
#include <stdarg.h>
27
#include <errno.h>
28
#include <ctype.h>
29
#ifdef HAVE_W32_SYSTEM
30
# include <fcntl.h> /* We need setmode(). */
31
#else
32
# include <signal.h>
33
#endif
34
#include <assert.h>
35
#include <unistd.h>
36
37
#ifdef _GCRYPT_IN_LIBGCRYPT
38
# include "../src/gcrypt.h"
39
#else
40
# include <gcrypt.h>
41
# define PACKAGE_BUGREPORT "devnull@example.org"
42
# define PACKAGE_VERSION "[build on " __DATE__ " " __TIME__ "]"
43
#endif
44
45
46
#define PGM "fipsdrv"
47
48
#define my_isascii(c) (!((c) & 0x80))
49
#define digitp(p) (*(p) >= '0' && *(p) <= '9')
50
#define hexdigitp(a) (digitp (a) \
51
|| (*(a) >= 'A' && *(a) <= 'F') \
52
|| (*(a) >= 'a' && *(a) <= 'f'))
53
#define xtoi_1(p) (*(p) <= '9'? (*(p)- '0'): \
54
*(p) <= 'F'? (*(p)-'A'+10):(*(p)-'a'+10))
55
#define xtoi_2(p) ((xtoi_1(p) * 16) + xtoi_1((p)+1))
56
#define DIM(v) (sizeof(v)/sizeof((v)[0]))
57
#define DIMof(type,member) DIM(((type *)0)->member)
58
59
60
#define PRIV_CTL_INIT_EXTRNG_TEST 58
61
#define PRIV_CTL_RUN_EXTRNG_TEST 59
62
#define PRIV_CTL_DEINIT_EXTRNG_TEST 60
63
#define PRIV_CTL_DISABLE_WEAK_KEY 61
64
#define PRIV_CTL_GET_INPUT_VECTOR 62
65
66
67
/* Verbose mode flag. */
68
static int verbose;
69
70
/* Binary input flag. */
71
static int binary_input;
72
73
/* Binary output flag. */
74
static int binary_output;
75
76
/* Base64 output flag. */
77
static int base64_output;
78
79
/* We need to know whether we are in loop_mode. */
80
static int loop_mode;
81
82
/* If true some functions are modified to print the output in the CAVS
83
response file format. */
84
static int standalone_mode;
85
86
87
/* ASN.1 classes. */
88
enum
89
{
90
UNIVERSAL = 0,
91
APPLICATION = 1,
92
ASNCONTEXT = 2,
93
PRIVATE = 3
94
};
95
96
97
/* ASN.1 tags. */
98
enum
99
{
100
TAG_NONE = 0,
101
TAG_BOOLEAN = 1,
102
TAG_INTEGER = 2,
103
TAG_BIT_STRING = 3,
104
TAG_OCTET_STRING = 4,
105
TAG_NULL = 5,
106
TAG_OBJECT_ID = 6,
107
TAG_OBJECT_DESCRIPTOR = 7,
108
TAG_EXTERNAL = 8,
109
TAG_REAL = 9,
110
TAG_ENUMERATED = 10,
111
TAG_EMBEDDED_PDV = 11,
112
TAG_UTF8_STRING = 12,
113
TAG_REALTIVE_OID = 13,
114
TAG_SEQUENCE = 16,
115
TAG_SET = 17,
116
TAG_NUMERIC_STRING = 18,
117
TAG_PRINTABLE_STRING = 19,
118
TAG_TELETEX_STRING = 20,
119
TAG_VIDEOTEX_STRING = 21,
120
TAG_IA5_STRING = 22,
121
TAG_UTC_TIME = 23,
122
TAG_GENERALIZED_TIME = 24,
123
TAG_GRAPHIC_STRING = 25,
124
TAG_VISIBLE_STRING = 26,
125
TAG_GENERAL_STRING = 27,
126
TAG_UNIVERSAL_STRING = 28,
127
TAG_CHARACTER_STRING = 29,
128
TAG_BMP_STRING = 30
129
};
130
131
/* ASN.1 Parser object. */
132
struct tag_info
133
{
134
int class; /* Object class. */
135
unsigned long tag; /* The tag of the object. */
136
unsigned long length; /* Length of the values. */
137
int nhdr; /* Length of the header (TL). */
138
unsigned int ndef:1; /* The object has an indefinite length. */
139
unsigned int cons:1; /* This is a constructed object. */
140
};
141
142
143
144
/* Print a error message and exit the process with an error code. */
145
static void
146
die (const char *format, ...)
147
{
148
va_list arg_ptr;
149
150
va_start (arg_ptr, format);
151
fputs (PGM ": ", stderr);
152
vfprintf (stderr, format, arg_ptr);
153
va_end (arg_ptr);
154
exit (1);
155
}
156
157
158
static void
159
showhex (const char *prefix, const void *buffer, size_t length)
160
{
161
const unsigned char *p = buffer;
162
163
if (prefix)
164
fprintf (stderr, PGM ": %s: ", prefix);
165
while (length-- )
166
fprintf (stderr, "%02X", *p++);
167
if (prefix)
168
putc ('\n', stderr);
169
}
170
171
/* static void */
172
/* show_sexp (const char *prefix, gcry_sexp_t a) */
173
/* { */
174
/* char *buf; */
175
/* size_t size; */
176
177
/* if (prefix) */
178
/* fputs (prefix, stderr); */
179
/* size = gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, NULL, 0); */
180
/* buf = gcry_xmalloc (size); */
181
182
/* gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, buf, size); */
183
/* fprintf (stderr, "%.*s", (int)size, buf); */
184
/* gcry_free (buf); */
185
/* } */
186
187
188
/* Convert STRING consisting of hex characters into its binary
189
representation and store that at BUFFER. BUFFER needs to be of
190
LENGTH bytes. The function checks that the STRING will convert
191
exactly to LENGTH bytes. The string is delimited by either end of
192
string or a white space character. The function returns -1 on
193
error or the length of the parsed string. */
194
static int
195
hex2bin (const char *string, void *buffer, size_t length)
196
{
197
int i;
198
const char *s = string;
199
200
for (i=0; i < length; )
201
{
202
if (!hexdigitp (s) || !hexdigitp (s+1))
203
return -1; /* Invalid hex digits. */
204
((unsigned char*)buffer)[i++] = xtoi_2 (s);
205
s += 2;
206
}
207
if (*s && (!my_isascii (*s) || !isspace (*s)) )
208
return -1; /* Not followed by Nul or white space. */
209
if (i != length)
210
return -1; /* Not of expected length. */
211
if (*s)
212
s++; /* Skip the delimiter. */
213
return s - string;
214
}
215
216
217
/* Convert STRING consisting of hex characters into its binary
218
representation and return it as an allocated buffer. The valid
219
length of the buffer is returned at R_LENGTH. The string is
220
delimited by end of string. The function returns NULL on
221
error. */
222
static void *
223
hex2buffer (const char *string, size_t *r_length)
224
{
225
const char *s;
226
unsigned char *buffer;
227
size_t length;
228
229
buffer = gcry_xmalloc (strlen(string)/2+1);
230
length = 0;
231
for (s=string; *s; s +=2 )
232
{
233
if (!hexdigitp (s) || !hexdigitp (s+1))
234
return NULL; /* Invalid hex digits. */
235
((unsigned char*)buffer)[length++] = xtoi_2 (s);
236
}
237
*r_length = length;
238
return buffer;
239
}
240
241
242
static char *
243
read_textline (FILE *fp)
244
{
245
char line[256];
246
char *p;
247
int any = 0;
248
249
/* Read line but skip over initial empty lines. */
250
do
251
{
252
do
253
{
254
if (!fgets (line, sizeof line, fp))
255
{
256
if (feof (fp))
257
return NULL;
258
die ("error reading input line: %s\n", strerror (errno));
259
}
260
p = strchr (line, '\n');
261
if (p)
262
*p = 0;
263
p = line + (*line? (strlen (line)-1):0);
264
for ( ;p > line; p--)
265
if (my_isascii (*p) && isspace (*p))
266
*p = 0;
267
}
268
while (!any && !*line);
269
any = 1;
270
}
271
while (*line == '#'); /* Always skip comment lines. */
272
if (verbose > 1)
273
fprintf (stderr, PGM ": received line: %s\n", line);
274
return gcry_xstrdup (line);
275
}
276
277
static char *
278
read_hexline (FILE *fp, size_t *retlen)
279
{
280
char *line, *p;
281
282
line = read_textline (fp);
283
if (!line)
284
return NULL;
285
p = hex2buffer (line, retlen);
286
if (!p)
287
die ("error decoding hex string on input\n");
288
gcry_free (line);
289
return p;
290
}
291
292
static void
293
skip_to_empty_line (FILE *fp)
294
{
295
char line[256];
296
char *p;
297
298
do
299
{
300
if (!fgets (line, sizeof line, fp))
301
{
302
if (feof (fp))
303
return;
304
die ("error reading input line: %s\n", strerror (errno));
305
}
306
p = strchr (line, '\n');
307
if (p)
308
*p =0;
309
}
310
while (*line);
311
}
312
313
314
315
/* Read a file from stream FP into a newly allocated buffer and return
316
that buffer. The valid length of the buffer is stored at R_LENGTH.
317
Returns NULL on failure. If decode is set, the file is assumed to
318
be hex encoded and the decoded content is returned. */
319
static void *
320
read_file (FILE *fp, int decode, size_t *r_length)
321
{
322
char *buffer;
323
size_t buflen;
324
size_t nread, bufsize = 0;
325
326
*r_length = 0;
327
#define NCHUNK 8192
328
#ifdef HAVE_DOSISH_SYSTEM
329
setmode (fileno(fp), O_BINARY);
330
#endif
331
buffer = NULL;
332
buflen = 0;
333
do
334
{
335
bufsize += NCHUNK;
336
if (!buffer)
337
buffer = gcry_xmalloc (bufsize);
338
else
339
buffer = gcry_xrealloc (buffer, bufsize);
340
341
nread = fread (buffer + buflen, 1, NCHUNK, fp);
342
if (nread < NCHUNK && ferror (fp))
343
{
344
gcry_free (buffer);
345
return NULL;
346
}
347
buflen += nread;
348
}
349
while (nread == NCHUNK);
350
#undef NCHUNK
351
if (decode)
352
{
353
const char *s;
354
char *p;
355
356
for (s=buffer,p=buffer,nread=0; nread+1 < buflen; s += 2, nread +=2 )
357
{
358
if (!hexdigitp (s) || !hexdigitp (s+1))
359
{
360
gcry_free (buffer);
361
return NULL; /* Invalid hex digits. */
362
}
363
*(unsigned char*)p++ = xtoi_2 (s);
364
}
365
if (nread != buflen)
366
{
367
gcry_free (buffer);
368
return NULL; /* Odd number of hex digits. */
369
}
370
buflen = p - buffer;
371
}
372
373
*r_length = buflen;
374
return buffer;
375
}
376
377
/* Do in-place decoding of base-64 data of LENGTH in BUFFER. Returns
378
the new length of the buffer. Dies on error. */
379
static size_t
380
base64_decode (char *buffer, size_t length)
381
{
382
static unsigned char const asctobin[128] =
383
{
384
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
385
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
386
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
387
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
388
0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0xff, 0xff,
389
0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
390
0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12,
391
0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
392
0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24,
393
0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
394
0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff
395
};
396
397
int idx = 0;
398
unsigned char val = 0;
399
int c = 0;
400
char *d, *s;
401
int lfseen = 1;
402
403
/* Find BEGIN line. */
404
for (s=buffer; length; length--, s++)
405
{
406
if (lfseen && *s == '-' && length > 11 && !memcmp (s, "-----BEGIN ", 11))
407
{
408
for (; length && *s != '\n'; length--, s++)
409
;
410
break;
411
}
412
lfseen = (*s == '\n');
413
}
414
415
/* Decode until pad character or END line. */
416
for (d=buffer; length; length--, s++)
417
{
418
if (lfseen && *s == '-' && length > 9 && !memcmp (s, "-----END ", 9))
419
break;
420
if ((lfseen = (*s == '\n')) || *s == ' ' || *s == '\r' || *s == '\t')
421
continue;
422
if (*s == '=')
423
{
424
/* Pad character: stop */
425
if (idx == 1)
426
*d++ = val;
427
break;
428
}
429
430
if ( (*s & 0x80) || (c = asctobin[*(unsigned char *)s]) == 0xff)
431
die ("invalid base64 character %02X at pos %d detected\n",
432
*(unsigned char*)s, (int)(s-buffer));
433
434
switch (idx)
435
{
436
case 0:
437
val = c << 2;
438
break;
439
case 1:
440
val |= (c>>4)&3;
441
*d++ = val;
442
val = (c<<4)&0xf0;
443
break;
444
case 2:
445
val |= (c>>2)&15;
446
*d++ = val;
447
val = (c<<6)&0xc0;
448
break;
449
case 3:
450
val |= c&0x3f;
451
*d++ = val;
452
break;
453
}
454
idx = (idx+1) % 4;
455
}
456
457
return d - buffer;
458
}
459
460
461
/* Parse the buffer at the address BUFFER which consists of the number
462
of octets as stored at BUFLEN. Return the tag and the length part
463
from the TLV triplet. Update BUFFER and BUFLEN on success. Checks
464
that the encoded length does not exhaust the length of the provided
465
buffer. */
466
static int
467
parse_tag (unsigned char const **buffer, size_t *buflen, struct tag_info *ti)
468
{
469
int c;
470
unsigned long tag;
471
const unsigned char *buf = *buffer;
472
size_t length = *buflen;
473
474
ti->length = 0;
475
ti->ndef = 0;
476
ti->nhdr = 0;
477
478
/* Get the tag */
479
if (!length)
480
return -1; /* Premature EOF. */
481
c = *buf++; length--;
482
ti->nhdr++;
483
484
ti->class = (c & 0xc0) >> 6;
485
ti->cons = !!(c & 0x20);
486
tag = (c & 0x1f);
487
488
if (tag == 0x1f)
489
{
490
tag = 0;
491
do
492
{
493
tag <<= 7;
494
if (!length)
495
return -1; /* Premature EOF. */
496
c = *buf++; length--;
497
ti->nhdr++;
498
tag |= (c & 0x7f);
499
}
500
while ( (c & 0x80) );
501
}
502
ti->tag = tag;
503
504
/* Get the length */
505
if (!length)
506
return -1; /* Premature EOF. */
507
c = *buf++; length--;
508
ti->nhdr++;
509
510
if ( !(c & 0x80) )
511
ti->length = c;
512
else if (c == 0x80)
513
ti->ndef = 1;
514
else if (c == 0xff)
515
return -1; /* Forbidden length value. */
516
else
517
{
518
unsigned long len = 0;
519
int count = c & 0x7f;
520
521
for (; count; count--)
522
{
523
len <<= 8;
524
if (!length)
525
return -1; /* Premature EOF. */
526
c = *buf++; length--;
527
ti->nhdr++;
528
len |= (c & 0xff);
529
}
530
ti->length = len;
531
}
532
533
if (ti->class == UNIVERSAL && !ti->tag)
534
ti->length = 0;
535
536
if (ti->length > length)
537
return -1; /* Data larger than buffer. */
538
539
*buffer = buf;
540
*buflen = length;
541
return 0;
542
}
543
544
545
/* Read the file FNAME assuming it is a PEM encoded private key file
546
and return an S-expression. With SHOW set, the key parameters are
547
printed. */
548
static gcry_sexp_t
549
read_private_key_file (const char *fname, int show)
550
{
551
gcry_error_t err;
552
FILE *fp;
553
char *buffer;
554
size_t buflen;
555
const unsigned char *der;
556
size_t derlen;
557
struct tag_info ti;
558
gcry_mpi_t keyparms[8];
559
int n_keyparms = 8;
560
int idx;
561
gcry_sexp_t s_key;
562
563
fp = fopen (fname, binary_input?"rb":"r");
564
if (!fp)
565
die ("can't open `%s': %s\n", fname, strerror (errno));
566
buffer = read_file (fp, 0, &buflen);
567
if (!buffer)
568
die ("error reading `%s'\n", fname);
569
fclose (fp);
570
571
buflen = base64_decode (buffer, buflen);
572
573
/* Parse the ASN.1 structure. */
574
der = (const unsigned char*)buffer;
575
derlen = buflen;
576
if ( parse_tag (&der, &derlen, &ti)
577
|| ti.tag != TAG_SEQUENCE || ti.class || !ti.cons || ti.ndef)
578
goto bad_asn1;
579
if ( parse_tag (&der, &derlen, &ti)
580
|| ti.tag != TAG_INTEGER || ti.class || ti.cons || ti.ndef)
581
goto bad_asn1;
582
if (ti.length != 1 || *der)
583
goto bad_asn1; /* The value of the first integer is no 0. */
584
der += ti.length; derlen -= ti.length;
585
586
for (idx=0; idx < n_keyparms; idx++)
587
{
588
if ( parse_tag (&der, &derlen, &ti)
589
|| ti.tag != TAG_INTEGER || ti.class || ti.cons || ti.ndef)
590
goto bad_asn1;
591
if (show)
592
{
593
char prefix[2];
594
595
prefix[0] = idx < 8? "nedpq12u"[idx] : '?';
596
prefix[1] = 0;
597
showhex (prefix, der, ti.length);
598
}
599
err = gcry_mpi_scan (keyparms+idx, GCRYMPI_FMT_USG, der, ti.length,NULL);
600
if (err)
601
die ("error scanning RSA parameter %d: %s\n", idx, gpg_strerror (err));
602
der += ti.length; derlen -= ti.length;
603
}
604
if (idx != n_keyparms)
605
die ("not enough RSA key parameters\n");
606
607
gcry_free (buffer);
608
609
/* Convert from OpenSSL parameter ordering to the OpenPGP order. */
610
/* First check that p < q; if not swap p and q and recompute u. */
611
if (gcry_mpi_cmp (keyparms[3], keyparms[4]) > 0)
612
{
613
gcry_mpi_swap (keyparms[3], keyparms[4]);
614
gcry_mpi_invm (keyparms[7], keyparms[3], keyparms[4]);
615
}
616
617
/* Build the S-expression. */
618
err = gcry_sexp_build (&s_key, NULL,
619
"(private-key(rsa(n%m)(e%m)"
620
/**/ "(d%m)(p%m)(q%m)(u%m)))",
621
keyparms[0], keyparms[1], keyparms[2],
622
keyparms[3], keyparms[4], keyparms[7] );
623
if (err)
624
die ("error building S-expression: %s\n", gpg_strerror (err));
625
626
for (idx=0; idx < n_keyparms; idx++)
627
gcry_mpi_release (keyparms[idx]);
628
629
return s_key;
630
631
bad_asn1:
632
die ("invalid ASN.1 structure in `%s'\n", fname);
633
return NULL; /*NOTREACHED*/
634
}
635
636
637
/* Read the file FNAME assuming it is a PEM encoded public key file
638
and return an S-expression. With SHOW set, the key parameters are
639
printed. */
640
static gcry_sexp_t
641
read_public_key_file (const char *fname, int show)
642
{
643
gcry_error_t err;
644
FILE *fp;
645
char *buffer;
646
size_t buflen;
647
const unsigned char *der;
648
size_t derlen;
649
struct tag_info ti;
650
gcry_mpi_t keyparms[2];
651
int n_keyparms = 2;
652
int idx;
653
gcry_sexp_t s_key;
654
655
fp = fopen (fname, binary_input?"rb":"r");
656
if (!fp)
657
die ("can't open `%s': %s\n", fname, strerror (errno));
658
buffer = read_file (fp, 0, &buflen);
659
if (!buffer)
660
die ("error reading `%s'\n", fname);
661
fclose (fp);
662
663
buflen = base64_decode (buffer, buflen);
664
665
/* Parse the ASN.1 structure. */
666
der = (const unsigned char*)buffer;
667
derlen = buflen;
668
if ( parse_tag (&der, &derlen, &ti)
669
|| ti.tag != TAG_SEQUENCE || ti.class || !ti.cons || ti.ndef)
670
goto bad_asn1;
671
if ( parse_tag (&der, &derlen, &ti)
672
|| ti.tag != TAG_SEQUENCE || ti.class || !ti.cons || ti.ndef)
673
goto bad_asn1;
674
/* We skip the description of the key parameters and assume it is RSA. */
675
der += ti.length; derlen -= ti.length;
676
677
if ( parse_tag (&der, &derlen, &ti)
678
|| ti.tag != TAG_BIT_STRING || ti.class || ti.cons || ti.ndef)
679
goto bad_asn1;
680
if (ti.length < 1 || *der)
681
goto bad_asn1; /* The number of unused bits needs to be 0. */
682
der += 1; derlen -= 1;
683
684
/* Parse the BIT string. */
685
if ( parse_tag (&der, &derlen, &ti)
686
|| ti.tag != TAG_SEQUENCE || ti.class || !ti.cons || ti.ndef)
687
goto bad_asn1;
688
689
for (idx=0; idx < n_keyparms; idx++)
690
{
691
if ( parse_tag (&der, &derlen, &ti)
692
|| ti.tag != TAG_INTEGER || ti.class || ti.cons || ti.ndef)
693
goto bad_asn1;
694
if (show)
695
{
696
char prefix[2];
697
698
prefix[0] = idx < 2? "ne"[idx] : '?';
699
prefix[1] = 0;
700
showhex (prefix, der, ti.length);
701
}
702
err = gcry_mpi_scan (keyparms+idx, GCRYMPI_FMT_USG, der, ti.length,NULL);
703
if (err)
704
die ("error scanning RSA parameter %d: %s\n", idx, gpg_strerror (err));
705
der += ti.length; derlen -= ti.length;
706
}
707
if (idx != n_keyparms)
708
die ("not enough RSA key parameters\n");
709
710
gcry_free (buffer);
711
712
/* Build the S-expression. */
713
err = gcry_sexp_build (&s_key, NULL,
714
"(public-key(rsa(n%m)(e%m)))",
715
keyparms[0], keyparms[1] );
716
if (err)
717
die ("error building S-expression: %s\n", gpg_strerror (err));
718
719
for (idx=0; idx < n_keyparms; idx++)
720
gcry_mpi_release (keyparms[idx]);
721
722
return s_key;
723
724
bad_asn1:
725
die ("invalid ASN.1 structure in `%s'\n", fname);
726
return NULL; /*NOTREACHED*/
727
}
728
729
730
731
/* Read the file FNAME assuming it is a binary signature result and
732
return an an S-expression suitable for gcry_pk_verify. */
733
static gcry_sexp_t
734
read_sig_file (const char *fname)
735
{
736
gcry_error_t err;
737
FILE *fp;
738
char *buffer;
739
size_t buflen;
740
gcry_mpi_t tmpmpi;
741
gcry_sexp_t s_sig;
742
743
fp = fopen (fname, "rb");
744
if (!fp)
745
die ("can't open `%s': %s\n", fname, strerror (errno));
746
buffer = read_file (fp, 0, &buflen);
747
if (!buffer)
748
die ("error reading `%s'\n", fname);
749
fclose (fp);
750
751
err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, buffer, buflen, NULL);
752
if (!err)
753
err = gcry_sexp_build (&s_sig, NULL,
754
"(sig-val(rsa(s %m)))", tmpmpi);
755
if (err)
756
die ("error building S-expression: %s\n", gpg_strerror (err));
757
gcry_mpi_release (tmpmpi);
758
gcry_free (buffer);
759
760
return s_sig;
761
}
762
763
764
/* Read an S-expression from FNAME. */
765
static gcry_sexp_t
766
read_sexp_from_file (const char *fname)
767
{
768
gcry_error_t err;
769
FILE *fp;
770
char *buffer;
771
size_t buflen;
772
gcry_sexp_t sexp;
773
774
fp = fopen (fname, "rb");
775
if (!fp)
776
die ("can't open `%s': %s\n", fname, strerror (errno));
777
buffer = read_file (fp, 0, &buflen);
778
if (!buffer)
779
die ("error reading `%s'\n", fname);
780
fclose (fp);
781
if (!buflen)
782
die ("error: file `%s' is empty\n", fname);
783
784
err = gcry_sexp_create (&sexp, buffer, buflen, 1, gcry_free);
785
if (err)
786
die ("error parsing `%s': %s\n", fname, gpg_strerror (err));
787
788
return sexp;
789
}
790
791
792
static void
793
print_buffer (const void *buffer, size_t length)
794
{
795
int writerr = 0;
796
797
if (base64_output)
798
{
799
static const unsigned char bintoasc[64+1] =
800
("ABCDEFGHIJKLMNOPQRSTUVWXYZ"
801
"abcdefghijklmnopqrstuvwxyz"
802
"0123456789+/");
803
const unsigned char *p;
804
unsigned char inbuf[4];
805
char outbuf[4];
806
int idx, quads;
807
808
idx = quads = 0;
809
for (p = buffer; length; p++, length--)
810
{
811
inbuf[idx++] = *p;
812
if (idx > 2)
813
{
814
outbuf[0] = bintoasc[(*inbuf>>2)&077];
815
outbuf[1] = bintoasc[(((*inbuf<<4)&060)
816
|((inbuf[1] >> 4)&017))&077];
817
outbuf[2] = bintoasc[(((inbuf[1]<<2)&074)
818
|((inbuf[2]>>6)&03))&077];
819
outbuf[3] = bintoasc[inbuf[2]&077];
820
if (fwrite (outbuf, 4, 1, stdout) != 1)
821
writerr = 1;
822
idx = 0;
823
if (++quads >= (64/4))
824
{
825
if (fwrite ("\n", 1, 1, stdout) != 1)
826
writerr = 1;
827
quads = 0;
828
}
829
}
830
}
831
if (idx)
832
{
833
outbuf[0] = bintoasc[(*inbuf>>2)&077];
834
if (idx == 1)
835
{
836
outbuf[1] = bintoasc[((*inbuf<<4)&060)&077];
837
outbuf[2] = outbuf[3] = '=';
838
}
839
else
840
{
841
outbuf[1] = bintoasc[(((*inbuf<<4)&060)
842
|((inbuf[1]>>4)&017))&077];
843
outbuf[2] = bintoasc[((inbuf[1]<<2)&074)&077];
844
outbuf[3] = '=';
845
}
846
if (fwrite (outbuf, 4, 1, stdout) != 1)
847
writerr = 1;
848
quads++;
849
}
850
if (quads && fwrite ("\n", 1, 1, stdout) != 1)
851
writerr = 1;
852
}
853
else if (binary_output)
854
{
855
if (fwrite (buffer, length, 1, stdout) != 1)
856
writerr++;
857
}
858
else
859
{
860
const unsigned char *p = buffer;
861
862
if (verbose > 1)
863
showhex ("sent line", buffer, length);
864
while (length-- && !ferror (stdout) )
865
printf ("%02X", *p++);
866
if (ferror (stdout))
867
writerr++;
868
}
869
if (!writerr && fflush (stdout) == EOF)
870
writerr++;
871
if (writerr)
872
{
873
#ifndef HAVE_W32_SYSTEM
874
if (loop_mode && errno == EPIPE)
875
loop_mode = 0;
876
else
877
#endif
878
die ("writing output failed: %s\n", strerror (errno));
879
}
880
}
881
882
883
/* Print an MPI on a line. */
884
static void
885
print_mpi_line (gcry_mpi_t a, int no_lz)
886
{
887
unsigned char *buf, *p;
888
gcry_error_t err;
889
int writerr = 0;
890
891
err = gcry_mpi_aprint (GCRYMPI_FMT_HEX, &buf, NULL, a);
892
if (err)
893
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
894
895
p = buf;
896
if (no_lz && p[0] == '0' && p[1] == '0' && p[2])
897
p += 2;
898
899
printf ("%s\n", p);
900
if (ferror (stdout))
901
writerr++;
902
if (!writerr && fflush (stdout) == EOF)
903
writerr++;
904
if (writerr)
905
die ("writing output failed: %s\n", strerror (errno));
906
gcry_free (buf);
907
}
908
909
910
/* Print some data on hex format on a line. */
911
static void
912
print_data_line (const void *data, size_t datalen)
913
{
914
const unsigned char *p = data;
915
int writerr = 0;
916
917
while (data && datalen-- && !ferror (stdout) )
918
printf ("%02X", *p++);
919
putchar ('\n');
920
if (ferror (stdout))
921
writerr++;
922
if (!writerr && fflush (stdout) == EOF)
923
writerr++;
924
if (writerr)
925
die ("writing output failed: %s\n", strerror (errno));
926
}
927
928
/* Print the S-expression A to the stream FP. */
929
static void
930
print_sexp (gcry_sexp_t a, FILE *fp)
931
{
932
char *buf;
933
size_t size;
934
935
size = gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, NULL, 0);
936
buf = gcry_xmalloc (size);
937
gcry_sexp_sprint (a, GCRYSEXP_FMT_ADVANCED, buf, size);
938
if (fwrite (buf, size, 1, fp) != 1)
939
die ("error writing to stream: %s\n", strerror (errno));
940
gcry_free (buf);
941
}
942
943
944
945
946
static gcry_error_t
947
init_external_rng_test (void **r_context,
948
unsigned int flags,
949
const void *key, size_t keylen,
950
const void *seed, size_t seedlen,
951
const void *dt, size_t dtlen)
952
{
953
return gcry_control (PRIV_CTL_INIT_EXTRNG_TEST,
954
r_context, flags,
955
key, keylen,
956
seed, seedlen,
957
dt, dtlen);
958
}
959
960
static gcry_error_t
961
run_external_rng_test (void *context, void *buffer, size_t buflen)
962
{
963
return gcry_control (PRIV_CTL_RUN_EXTRNG_TEST, context, buffer, buflen);
964
}
965
966
static void
967
deinit_external_rng_test (void *context)
968
{
969
gcry_control (PRIV_CTL_DEINIT_EXTRNG_TEST, context);
970
}
971
972
973
/* Given an OpenSSL cipher name NAME, return the Libgcrypt algirithm
974
identified and store the libgcrypt mode at R_MODE. Returns 0 on
975
error. */
976
static int
977
map_openssl_cipher_name (const char *name, int *r_mode)
978
{
979
static struct {
980
const char *name;
981
int algo;
982
int mode;
983
} table[] =
984
{
985
{ "bf-cbc", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC },
986
{ "bf", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CBC },
987
{ "bf-cfb", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_CFB },
988
{ "bf-ecb", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_ECB },
989
{ "bf-ofb", GCRY_CIPHER_BLOWFISH, GCRY_CIPHER_MODE_OFB },
990
991
{ "cast-cbc", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CBC },
992
{ "cast", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CBC },
993
{ "cast5-cbc", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CBC },
994
{ "cast5-cfb", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_CFB },
995
{ "cast5-ecb", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_ECB },
996
{ "cast5-ofb", GCRY_CIPHER_CAST5, GCRY_CIPHER_MODE_OFB },
997
998
{ "des-cbc", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC },
999
{ "des", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CBC },
1000
{ "des-cfb", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_CFB },
1001
{ "des-ofb", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_OFB },
1002
{ "des-ecb", GCRY_CIPHER_DES, GCRY_CIPHER_MODE_ECB },
1003
1004
{ "des-ede3-cbc", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC },
1005
{ "des-ede3", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_ECB },
1006
{ "des3", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC },
1007
{ "des-ede3-cfb", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CFB },
1008
{ "des-ede3-ofb", GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_OFB },
1009
1010
{ "rc4", GCRY_CIPHER_ARCFOUR, GCRY_CIPHER_MODE_STREAM },
1011
1012
{ "aes-128-cbc", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC },
1013
{ "aes-128", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CBC },
1014
{ "aes-128-cfb", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_CFB },
1015
{ "aes-128-ecb", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_ECB },
1016
{ "aes-128-ofb", GCRY_CIPHER_AES128, GCRY_CIPHER_MODE_OFB },
1017
1018
{ "aes-192-cbc", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC },
1019
{ "aes-192", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CBC },
1020
{ "aes-192-cfb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_CFB },
1021
{ "aes-192-ecb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_ECB },
1022
{ "aes-192-ofb", GCRY_CIPHER_AES192, GCRY_CIPHER_MODE_OFB },
1023
1024
{ "aes-256-cbc", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC },
1025
{ "aes-256", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CBC },
1026
{ "aes-256-cfb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_CFB },
1027
{ "aes-256-ecb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_ECB },
1028
{ "aes-256-ofb", GCRY_CIPHER_AES256, GCRY_CIPHER_MODE_OFB },
1029
1030
{ NULL, 0 , 0 }
1031
};
1032
int idx;
1033
1034
for (idx=0; table[idx].name; idx++)
1035
if (!strcmp (name, table[idx].name))
1036
{
1037
*r_mode = table[idx].mode;
1038
return table[idx].algo;
1039
}
1040
*r_mode = 0;
1041
return 0;
1042
}
1043
1044
1045
1046
/* Run an encrypt or decryption operations. If DATA is NULL the
1047
function reads its input in chunks of size DATALEN from fp and
1048
processes it and writes it out until EOF. */
1049
static void
1050
run_encrypt_decrypt (int encrypt_mode,
1051
int cipher_algo, int cipher_mode,
1052
const void *iv_buffer, size_t iv_buflen,
1053
const void *key_buffer, size_t key_buflen,
1054
const void *data, size_t datalen, FILE *fp)
1055
{
1056
gpg_error_t err;
1057
gcry_cipher_hd_t hd;
1058
void *outbuf;
1059
size_t outbuflen;
1060
void *inbuf;
1061
size_t inbuflen;
1062
size_t blocklen;
1063
1064
err = gcry_cipher_open (&hd, cipher_algo, cipher_mode, 0);
1065
if (err)
1066
die ("gcry_cipher_open failed for algo %d, mode %d: %s\n",
1067
cipher_algo, cipher_mode, gpg_strerror (err));
1068
1069
blocklen = gcry_cipher_get_algo_blklen (cipher_algo);
1070
assert (blocklen);
1071
1072
gcry_cipher_ctl (hd, PRIV_CTL_DISABLE_WEAK_KEY, NULL, 0);
1073
1074
err = gcry_cipher_setkey (hd, key_buffer, key_buflen);
1075
if (err)
1076
die ("gcry_cipher_setkey failed with keylen %u: %s\n",
1077
(unsigned int)key_buflen, gpg_strerror (err));
1078
1079
if (iv_buffer)
1080
{
1081
err = gcry_cipher_setiv (hd, iv_buffer, iv_buflen);
1082
if (err)
1083
die ("gcry_cipher_setiv failed with ivlen %u: %s\n",
1084
(unsigned int)iv_buflen, gpg_strerror (err));
1085
}
1086
1087
inbuf = data? NULL : gcry_xmalloc (datalen);
1088
outbuflen = datalen;
1089
outbuf = gcry_xmalloc (outbuflen < blocklen? blocklen:outbuflen);
1090
1091
do
1092
{
1093
if (inbuf)
1094
{
1095
int nread = fread (inbuf, 1, datalen, fp);
1096
if (nread < (int)datalen && ferror (fp))
1097
die ("error reading input\n");
1098
data = inbuf;
1099
inbuflen = nread;
1100
}
1101
else
1102
inbuflen = datalen;
1103
1104
if (encrypt_mode)
1105
err = gcry_cipher_encrypt (hd, outbuf, outbuflen, data, inbuflen);
1106
else
1107
err = gcry_cipher_decrypt (hd, outbuf, outbuflen, data, inbuflen);
1108
if (err)
1109
die ("gcry_cipher_%scrypt failed: %s\n",
1110
encrypt_mode? "en":"de", gpg_strerror (err));
1111
1112
print_buffer (outbuf, outbuflen);
1113
}
1114
while (inbuf);
1115
1116
gcry_cipher_close (hd);
1117
gcry_free (outbuf);
1118
gcry_free (inbuf);
1119
}
1120
1121
1122
static void
1123
get_current_iv (gcry_cipher_hd_t hd, void *buffer, size_t buflen)
1124
{
1125
unsigned char tmp[17];
1126
1127
if (gcry_cipher_ctl (hd, PRIV_CTL_GET_INPUT_VECTOR, tmp, sizeof tmp))
1128
die ("error getting current input vector\n");
1129
if (buflen > *tmp)
1130
die ("buffer too short to store the current input vector\n");
1131
memcpy (buffer, tmp+1, *tmp);
1132
}
1133
1134
/* Run the inner loop of the CAVS monte carlo test. */
1135
static void
1136
run_cipher_mct_loop (int encrypt_mode, int cipher_algo, int cipher_mode,
1137
const void *iv_buffer, size_t iv_buflen,
1138
const void *key_buffer, size_t key_buflen,
1139
const void *data, size_t datalen, int iterations)
1140
{
1141
gpg_error_t err;
1142
gcry_cipher_hd_t hd;
1143
size_t blocklen;
1144
int count;
1145
char input[16];
1146
char output[16];
1147
char last_output[16];
1148
char last_last_output[16];
1149
char last_iv[16];
1150
1151
1152
err = gcry_cipher_open (&hd, cipher_algo, cipher_mode, 0);
1153
if (err)
1154
die ("gcry_cipher_open failed for algo %d, mode %d: %s\n",
1155
cipher_algo, cipher_mode, gpg_strerror (err));
1156
1157
blocklen = gcry_cipher_get_algo_blklen (cipher_algo);
1158
if (!blocklen || blocklen > sizeof output)
1159
die ("invalid block length %d\n", blocklen);
1160
1161
1162
gcry_cipher_ctl (hd, PRIV_CTL_DISABLE_WEAK_KEY, NULL, 0);
1163
1164
err = gcry_cipher_setkey (hd, key_buffer, key_buflen);
1165
if (err)
1166
die ("gcry_cipher_setkey failed with keylen %u: %s\n",
1167
(unsigned int)key_buflen, gpg_strerror (err));
1168
1169
if (iv_buffer)
1170
{
1171
err = gcry_cipher_setiv (hd, iv_buffer, iv_buflen);
1172
if (err)
1173
die ("gcry_cipher_setiv failed with ivlen %u: %s\n",
1174
(unsigned int)iv_buflen, gpg_strerror (err));
1175
}
1176
1177
if (datalen != blocklen)
1178
die ("length of input (%u) does not match block length (%u)\n",
1179
(unsigned int)datalen, (unsigned int)blocklen);
1180
memcpy (input, data, datalen);
1181
memset (output, 0, sizeof output);
1182
for (count=0; count < iterations; count++)
1183
{
1184
memcpy (last_last_output, last_output, sizeof last_output);
1185
memcpy (last_output, output, sizeof output);
1186
1187
get_current_iv (hd, last_iv, blocklen);
1188
1189
if (encrypt_mode)
1190
err = gcry_cipher_encrypt (hd, output, blocklen, input, blocklen);
1191
else
1192
err = gcry_cipher_decrypt (hd, output, blocklen, input, blocklen);
1193
if (err)
1194
die ("gcry_cipher_%scrypt failed: %s\n",
1195
encrypt_mode? "en":"de", gpg_strerror (err));
1196
1197
1198
if (encrypt_mode && (cipher_mode == GCRY_CIPHER_MODE_CFB
1199
|| cipher_mode == GCRY_CIPHER_MODE_CBC))
1200
memcpy (input, last_iv, blocklen);
1201
else if (cipher_mode == GCRY_CIPHER_MODE_OFB)
1202
memcpy (input, last_iv, blocklen);
1203
else if (!encrypt_mode && cipher_mode == GCRY_CIPHER_MODE_CFB)
1204
{
1205
/* Reconstruct the output vector. */
1206
int i;
1207
for (i=0; i < blocklen; i++)
1208
input[i] ^= output[i];
1209
}
1210
else
1211
memcpy (input, output, blocklen);
1212
}
1213
1214
print_buffer (output, blocklen);
1215
putchar ('\n');
1216
print_buffer (last_output, blocklen);
1217
putchar ('\n');
1218
print_buffer (last_last_output, blocklen);
1219
putchar ('\n');
1220
get_current_iv (hd, last_iv, blocklen);
1221
print_buffer (last_iv, blocklen); /* Last output vector. */
1222
putchar ('\n');
1223
print_buffer (input, blocklen); /* Next input text. */
1224
putchar ('\n');
1225
if (verbose > 1)
1226
showhex ("sent line", "", 0);
1227
putchar ('\n');
1228
fflush (stdout);
1229
1230
gcry_cipher_close (hd);
1231
}
1232
1233
1234
1235
/* Run a digest operation. */
1236
static void
1237
run_digest (int digest_algo, const void *data, size_t datalen)
1238
{
1239
gpg_error_t err;
1240
gcry_md_hd_t hd;
1241
const unsigned char *digest;
1242
unsigned int digestlen;
1243
1244
err = gcry_md_open (&hd, digest_algo, 0);
1245
if (err)
1246
die ("gcry_md_open failed for algo %d: %s\n",
1247
digest_algo, gpg_strerror (err));
1248
1249
gcry_md_write (hd, data, datalen);
1250
digest = gcry_md_read (hd, digest_algo);
1251
digestlen = gcry_md_get_algo_dlen (digest_algo);
1252
print_buffer (digest, digestlen);
1253
gcry_md_close (hd);
1254
}
1255
1256
1257
/* Run a HMAC operation. */
1258
static void
1259
run_hmac (int digest_algo, const void *key, size_t keylen,
1260
const void *data, size_t datalen)
1261
{
1262
gpg_error_t err;
1263
gcry_md_hd_t hd;
1264
const unsigned char *digest;
1265
unsigned int digestlen;
1266
1267
err = gcry_md_open (&hd, digest_algo, GCRY_MD_FLAG_HMAC);
1268
if (err)
1269
die ("gcry_md_open failed for HMAC algo %d: %s\n",
1270
digest_algo, gpg_strerror (err));
1271
1272
gcry_md_setkey (hd, key, keylen);
1273
if (err)
1274
die ("gcry_md_setkey failed for HMAC algo %d: %s\n",
1275
digest_algo, gpg_strerror (err));
1276
1277
gcry_md_write (hd, data, datalen);
1278
digest = gcry_md_read (hd, digest_algo);
1279
digestlen = gcry_md_get_algo_dlen (digest_algo);
1280
print_buffer (digest, digestlen);
1281
gcry_md_close (hd);
1282
}
1283
1284
1285
1286
/* Derive an RSA key using the S-expression in (DATA,DATALEN). This
1287
S-expression is used directly as input to gcry_pk_genkey. The
1288
result is printed to stdout with one parameter per line in hex
1289
format and in this order: p, q, n, d. */
1290
static void
1291
run_rsa_derive (const void *data, size_t datalen)
1292
{
1293
gpg_error_t err;
1294
gcry_sexp_t s_keyspec, s_key, s_top, l1;
1295
gcry_mpi_t mpi;
1296
const char *parmlist;
1297
int idx;
1298
1299
if (!datalen)
1300
err = gpg_error (GPG_ERR_NO_DATA);
1301
else
1302
err = gcry_sexp_new (&s_keyspec, data, datalen, 1);
1303
if (err)
1304
die ("gcry_sexp_new failed for RSA key derive: %s\n",
1305
gpg_strerror (err));
1306
1307
err = gcry_pk_genkey (&s_key, s_keyspec);
1308
if (err)
1309
die ("gcry_pk_genkey failed for RSA: %s\n", gpg_strerror (err));
1310
1311
gcry_sexp_release (s_keyspec);
1312
1313
/* P and Q might have been swapped but we need to to return them in
1314
the proper order. Build the parameter list accordingly. */
1315
parmlist = "pqnd";
1316
s_top = gcry_sexp_find_token (s_key, "misc-key-info", 0);
1317
if (s_top)
1318
{
1319
l1 = gcry_sexp_find_token (s_top, "p-q-swapped", 0);
1320
if (l1)
1321
parmlist = "qpnd";
1322
gcry_sexp_release (l1);
1323
gcry_sexp_release (s_top);
1324
}
1325
1326
/* Parse and print the parameters. */
1327
l1 = gcry_sexp_find_token (s_key, "private-key", 0);
1328
s_top = gcry_sexp_find_token (l1, "rsa", 0);
1329
gcry_sexp_release (l1);
1330
if (!s_top)
1331
die ("private-key part not found in result\n");
1332
1333
for (idx=0; parmlist[idx]; idx++)
1334
{
1335
l1 = gcry_sexp_find_token (s_top, parmlist+idx, 1);
1336
mpi = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
1337
gcry_sexp_release (l1);
1338
if (!mpi)
1339
die ("parameter %c missing in private-key\n", parmlist[idx]);
1340
print_mpi_line (mpi, 1);
1341
gcry_mpi_release (mpi);
1342
}
1343
1344
gcry_sexp_release (s_top);
1345
gcry_sexp_release (s_key);
1346
}
1347
1348
1349
1350
static size_t
1351
compute_tag_length (size_t n)
1352
{
1353
int needed = 0;
1354
1355
if (n < 128)
1356
needed += 2; /* Tag and one length byte. */
1357
else if (n < 256)
1358
needed += 3; /* Tag, number of length bytes, 1 length byte. */
1359
else if (n < 65536)
1360
needed += 4; /* Tag, number of length bytes, 2 length bytes. */
1361
else
1362
die ("DER object too long to encode\n");
1363
1364
return needed;
1365
}
1366
1367
static unsigned char *
1368
store_tag_length (unsigned char *p, int tag, size_t n)
1369
{
1370
if (tag == TAG_SEQUENCE)
1371
tag |= 0x20; /* constructed */
1372
1373
*p++ = tag;
1374
if (n < 128)
1375
*p++ = n;
1376
else if (n < 256)
1377
{
1378
*p++ = 0x81;
1379
*p++ = n;
1380
}
1381
else if (n < 65536)
1382
{
1383
*p++ = 0x82;
1384
*p++ = n >> 8;
1385
*p++ = n;
1386
}
1387
1388
return p;
1389
}
1390
1391
1392
/* Generate an RSA key of size KEYSIZE using the public exponent
1393
PUBEXP and print it to stdout in the OpenSSL format. The format
1394
is:
1395
1396
SEQUENCE {
1397
INTEGER (0) -- Unknown constant.
1398
INTEGER -- n
1399
INTEGER -- e
1400
INTEGER -- d
1401
INTEGER -- p
1402
INTEGER -- q (with p < q)
1403
INTEGER -- dmp1 = d mod (p-1)
1404
INTEGER -- dmq1 = d mod (q-1)
1405
INTEGER -- u = p^{-1} mod q
1406
}
1407
1408
*/
1409
static void
1410
run_rsa_gen (int keysize, int pubexp)
1411
{
1412
gpg_error_t err;
1413
gcry_sexp_t keyspec, key, l1;
1414
const char keyelems[] = "nedpq..u";
1415
gcry_mpi_t keyparms[8];
1416
size_t keyparmslen[8];
1417
int idx;
1418
size_t derlen, needed, n;
1419
unsigned char *derbuf, *der;
1420
1421
err = gcry_sexp_build (&keyspec, NULL,
1422
"(genkey (rsa (nbits %d)(rsa-use-e %d)))",
1423
keysize, pubexp);
1424
if (err)
1425
die ("gcry_sexp_build failed for RSA key generation: %s\n",
1426
gpg_strerror (err));
1427
1428
err = gcry_pk_genkey (&key, keyspec);
1429
if (err)
1430
die ("gcry_pk_genkey failed for RSA: %s\n", gpg_strerror (err));
1431
1432
gcry_sexp_release (keyspec);
1433
1434
l1 = gcry_sexp_find_token (key, "private-key", 0);
1435
if (!l1)
1436
die ("private key not found in genkey result\n");
1437
gcry_sexp_release (key);
1438
key = l1;
1439
1440
l1 = gcry_sexp_find_token (key, "rsa", 0);
1441
if (!l1)
1442
die ("returned private key not formed as expected\n");
1443
gcry_sexp_release (key);
1444
key = l1;
1445
1446
/* Extract the parameters from the S-expression and store them in a
1447
well defined order in KEYPARMS. */
1448
for (idx=0; idx < DIM(keyparms); idx++)
1449
{
1450
if (keyelems[idx] == '.')
1451
{
1452
keyparms[idx] = gcry_mpi_new (0);
1453
continue;
1454
}
1455
l1 = gcry_sexp_find_token (key, keyelems+idx, 1);
1456
if (!l1)
1457
die ("no %c parameter in returned private key\n", keyelems[idx]);
1458
keyparms[idx] = gcry_sexp_nth_mpi (l1, 1, GCRYMPI_FMT_USG);
1459
if (!keyparms[idx])
1460
die ("no value for %c parameter in returned private key\n",
1461
keyelems[idx]);
1462
gcry_sexp_release (l1);
1463
}
1464
1465
gcry_sexp_release (key);
1466
1467
/* Check that p < q; if not swap p and q and recompute u. */
1468
if (gcry_mpi_cmp (keyparms[3], keyparms[4]) > 0)
1469
{
1470
gcry_mpi_swap (keyparms[3], keyparms[4]);
1471
gcry_mpi_invm (keyparms[7], keyparms[3], keyparms[4]);
1472
}
1473
1474
/* Compute the additional parameters. */
1475
gcry_mpi_sub_ui (keyparms[5], keyparms[3], 1);
1476
gcry_mpi_mod (keyparms[5], keyparms[2], keyparms[5]);
1477
gcry_mpi_sub_ui (keyparms[6], keyparms[4], 1);
1478
gcry_mpi_mod (keyparms[6], keyparms[2], keyparms[6]);
1479
1480
/* Compute the length of the DER encoding. */
1481
needed = compute_tag_length (1) + 1;
1482
for (idx=0; idx < DIM(keyparms); idx++)
1483
{
1484
err = gcry_mpi_print (GCRYMPI_FMT_STD, NULL, 0, &n, keyparms[idx]);
1485
if (err)
1486
die ("error formatting parameter: %s\n", gpg_strerror (err));
1487
keyparmslen[idx] = n;
1488
needed += compute_tag_length (n) + n;
1489
}
1490
1491
/* Store the key parameters. */
1492
derlen = compute_tag_length (needed) + needed;
1493
der = derbuf = gcry_xmalloc (derlen);
1494
1495
der = store_tag_length (der, TAG_SEQUENCE, needed);
1496
der = store_tag_length (der, TAG_INTEGER, 1);
1497
*der++ = 0;
1498
for (idx=0; idx < DIM(keyparms); idx++)
1499
{
1500
der = store_tag_length (der, TAG_INTEGER, keyparmslen[idx]);
1501
err = gcry_mpi_print (GCRYMPI_FMT_STD, der,
1502
keyparmslen[idx], NULL, keyparms[idx]);
1503
if (err)
1504
die ("error formatting parameter: %s\n", gpg_strerror (err));
1505
der += keyparmslen[idx];
1506
}
1507
1508
/* Print the stuff. */
1509
for (idx=0; idx < DIM(keyparms); idx++)
1510
gcry_mpi_release (keyparms[idx]);
1511
1512
assert (der - derbuf == derlen);
1513
1514
if (base64_output)
1515
puts ("-----BEGIN RSA PRIVATE KEY-----");
1516
print_buffer (derbuf, derlen);
1517
if (base64_output)
1518
puts ("-----END RSA PRIVATE KEY-----");
1519
1520
gcry_free (derbuf);
1521
}
1522
1523
1524
1525
/* Sign DATA of length DATALEN using the key taken from the PEM
1526
encoded KEYFILE and the hash algorithm HASHALGO. */
1527
static void
1528
run_rsa_sign (const void *data, size_t datalen,
1529
int hashalgo, int pkcs1, const char *keyfile)
1530
1531
{
1532
gpg_error_t err;
1533
gcry_sexp_t s_data, s_key, s_sig, s_tmp;
1534
gcry_mpi_t sig_mpi = NULL;
1535
unsigned char *outbuf;
1536
size_t outlen;
1537
1538
/* showhex ("D", data, datalen); */
1539
if (pkcs1)
1540
{
1541
unsigned char hash[64];
1542
unsigned int hashsize;
1543
1544
hashsize = gcry_md_get_algo_dlen (hashalgo);
1545
if (!hashsize || hashsize > sizeof hash)
1546
die ("digest too long for buffer or unknown hash algorithm\n");
1547
gcry_md_hash_buffer (hashalgo, hash, data, datalen);
1548
err = gcry_sexp_build (&s_data, NULL,
1549
"(data (flags pkcs1)(hash %s %b))",
1550
gcry_md_algo_name (hashalgo),
1551
(int)hashsize, hash);
1552
}
1553
else
1554
{
1555
gcry_mpi_t tmp;
1556
1557
err = gcry_mpi_scan (&tmp, GCRYMPI_FMT_USG, data, datalen,NULL);
1558
if (!err)
1559
{
1560
err = gcry_sexp_build (&s_data, NULL,
1561
"(data (flags raw)(value %m))", tmp);
1562
gcry_mpi_release (tmp);
1563
}
1564
}
1565
if (err)
1566
die ("gcry_sexp_build failed for RSA data input: %s\n",
1567
gpg_strerror (err));
1568
1569
s_key = read_private_key_file (keyfile, 0);
1570
1571
err = gcry_pk_sign (&s_sig, s_data, s_key);
1572
if (err)
1573
{
1574
gcry_sexp_release (read_private_key_file (keyfile, 1));
1575
die ("gcry_pk_signed failed (datalen=%d,keyfile=%s): %s\n",
1576
(int)datalen, keyfile, gpg_strerror (err));
1577
}
1578
gcry_sexp_release (s_key);
1579
gcry_sexp_release (s_data);
1580
1581
s_tmp = gcry_sexp_find_token (s_sig, "sig-val", 0);
1582
if (s_tmp)
1583
{
1584
gcry_sexp_release (s_sig);
1585
s_sig = s_tmp;
1586
s_tmp = gcry_sexp_find_token (s_sig, "rsa", 0);
1587
if (s_tmp)
1588
{
1589
gcry_sexp_release (s_sig);
1590
s_sig = s_tmp;
1591
s_tmp = gcry_sexp_find_token (s_sig, "s", 0);
1592
if (s_tmp)
1593
{
1594
gcry_sexp_release (s_sig);
1595
s_sig = s_tmp;
1596
sig_mpi = gcry_sexp_nth_mpi (s_sig, 1, GCRYMPI_FMT_USG);
1597
}
1598
}
1599
}
1600
gcry_sexp_release (s_sig);
1601
1602
if (!sig_mpi)
1603
die ("no value in returned S-expression\n");
1604
err = gcry_mpi_aprint (GCRYMPI_FMT_STD, &outbuf, &outlen, sig_mpi);
1605
if (err)
1606
die ("gcry_mpi_aprint failed: %s\n", gpg_strerror (err));
1607
gcry_mpi_release (sig_mpi);
1608
1609
print_buffer (outbuf, outlen);
1610
gcry_free (outbuf);
1611
}
1612
1613
1614
1615
/* Verify DATA of length DATALEN using the public key taken from the
1616
PEM encoded KEYFILE and the hash algorithm HASHALGO against the
1617
binary signature in SIGFILE. */
1618
static void
1619
run_rsa_verify (const void *data, size_t datalen, int hashalgo, int pkcs1,
1620
const char *keyfile, const char *sigfile)
1621
1622
{
1623
gpg_error_t err;
1624
gcry_sexp_t s_data, s_key, s_sig;
1625
1626
if (pkcs1)
1627
{
1628
unsigned char hash[64];
1629
unsigned int hashsize;
1630
1631
hashsize = gcry_md_get_algo_dlen (hashalgo);
1632
if (!hashsize || hashsize > sizeof hash)
1633
die ("digest too long for buffer or unknown hash algorithm\n");
1634
gcry_md_hash_buffer (hashalgo, hash, data, datalen);
1635
err = gcry_sexp_build (&s_data, NULL,
1636
"(data (flags pkcs1)(hash %s %b))",
1637
gcry_md_algo_name (hashalgo),
1638
(int)hashsize, hash);
1639
}
1640
else
1641
{
1642
gcry_mpi_t tmp;
1643
1644
err = gcry_mpi_scan (&tmp, GCRYMPI_FMT_USG, data, datalen,NULL);
1645
if (!err)
1646
{
1647
err = gcry_sexp_build (&s_data, NULL,
1648
"(data (flags raw)(value %m))", tmp);
1649
gcry_mpi_release (tmp);
1650
}
1651
}
1652
if (err)
1653
die ("gcry_sexp_build failed for RSA data input: %s\n",
1654
gpg_strerror (err));
1655
1656
s_key = read_public_key_file (keyfile, 0);
1657
1658
s_sig = read_sig_file (sigfile);
1659
1660
err = gcry_pk_verify (s_sig, s_data, s_key);
1661
if (!err)
1662
puts ("GOOD signature");
1663
else if (gpg_err_code (err) == GPG_ERR_BAD_SIGNATURE)
1664
puts ("BAD signature");
1665
else
1666
printf ("ERROR (%s)\n", gpg_strerror (err));
1667
1668
gcry_sexp_release (s_sig);
1669
gcry_sexp_release (s_key);
1670
gcry_sexp_release (s_data);
1671
}
1672
1673
1674
1675
/* Generate a DSA key of size KEYSIZE and return the complete
1676
S-expression. */
1677
static gcry_sexp_t
1678
dsa_gen (int keysize)
1679
{
1680
gpg_error_t err;
1681
gcry_sexp_t keyspec, key;
1682
1683
err = gcry_sexp_build (&keyspec, NULL,
1684
"(genkey (dsa (nbits %d)(use-fips186-2)))",
1685
keysize);
1686
if (err)
1687
die ("gcry_sexp_build failed for DSA key generation: %s\n",
1688
gpg_strerror (err));
1689
1690
err = gcry_pk_genkey (&key, keyspec);
1691
if (err)
1692
die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
1693
1694
gcry_sexp_release (keyspec);
1695
1696
return key;
1697
}
1698
1699
1700
/* Generate a DSA key of size KEYSIZE and return the complete
1701
S-expression. */
1702
static gcry_sexp_t
1703
dsa_gen_with_seed (int keysize, const void *seed, size_t seedlen)
1704
{
1705
gpg_error_t err;
1706
gcry_sexp_t keyspec, key;
1707
1708
err = gcry_sexp_build (&keyspec, NULL,
1709
"(genkey"
1710
" (dsa"
1711
" (nbits %d)"
1712
" (use-fips186-2)"
1713
" (derive-parms"
1714
" (seed %b))))",
1715
keysize, (int)seedlen, seed);
1716
if (err)
1717
die ("gcry_sexp_build failed for DSA key generation: %s\n",
1718
gpg_strerror (err));
1719
1720
err = gcry_pk_genkey (&key, keyspec);
1721
if (err)
1722
die ("gcry_pk_genkey failed for DSA: %s\n", gpg_strerror (err));
1723
1724
gcry_sexp_release (keyspec);
1725
1726
return key;
1727
}
1728
1729
1730
/* Print the domain parameter as well as the derive information. KEY
1731
is the complete key as returned by dsa_gen. We print to stdout
1732
with one parameter per line in hex format using this order: p, q,
1733
g, seed, counter, h. */
1734
static void
1735
print_dsa_domain_parameters (gcry_sexp_t key)
1736
{
1737
gcry_sexp_t l1, l2;
1738
gcry_mpi_t mpi;
1739
int idx;
1740
const void *data;
1741
size_t datalen;
1742
char *string;
1743
1744
l1 = gcry_sexp_find_token (key, "public-key", 0);
1745
if (!l1)
1746
die ("public key not found in genkey result\n");
1747
1748
l2 = gcry_sexp_find_token (l1, "dsa", 0);
1749
if (!l2)
1750
die ("returned public key not formed as expected\n");
1751
gcry_sexp_release (l1);
1752
l1 = l2;
1753
1754
/* Extract the parameters from the S-expression and print them to stdout. */
1755
for (idx=0; "pqg"[idx]; idx++)
1756
{
1757
l2 = gcry_sexp_find_token (l1, "pqg"+idx, 1);
1758
if (!l2)
1759
die ("no %c parameter in returned public key\n", "pqg"[idx]);
1760
mpi = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
1761
if (!mpi)
1762
die ("no value for %c parameter in returned public key\n","pqg"[idx]);
1763
gcry_sexp_release (l2);
1764
if (standalone_mode)
1765
printf ("%c = ", "PQG"[idx]);
1766
print_mpi_line (mpi, 1);
1767
gcry_mpi_release (mpi);
1768
}
1769
gcry_sexp_release (l1);
1770
1771
/* Extract the seed values. */
1772
l1 = gcry_sexp_find_token (key, "misc-key-info", 0);
1773
if (!l1)
1774
die ("misc-key-info not found in genkey result\n");
1775
1776
l2 = gcry_sexp_find_token (l1, "seed-values", 0);
1777
if (!l2)
1778
die ("no seed-values in returned key\n");
1779
gcry_sexp_release (l1);
1780
l1 = l2;
1781
1782
l2 = gcry_sexp_find_token (l1, "seed", 0);
1783
if (!l2)
1784
die ("no seed value in returned key\n");
1785
data = gcry_sexp_nth_data (l2, 1, &datalen);
1786
if (!data)
1787
die ("no seed value in returned key\n");
1788
if (standalone_mode)
1789
printf ("Seed = ");
1790
print_data_line (data, datalen);
1791
gcry_sexp_release (l2);
1792
1793
l2 = gcry_sexp_find_token (l1, "counter", 0);
1794
if (!l2)
1795
die ("no counter value in returned key\n");
1796
string = gcry_sexp_nth_string (l2, 1);
1797
if (!string)
1798
die ("no counter value in returned key\n");
1799
if (standalone_mode)
1800
printf ("c = %ld\n", strtoul (string, NULL, 10));
1801
else
1802
printf ("%lX\n", strtoul (string, NULL, 10));
1803
gcry_free (string);
1804
gcry_sexp_release (l2);
1805
1806
l2 = gcry_sexp_find_token (l1, "h", 0);
1807
if (!l2)
1808
die ("no n value in returned key\n");
1809
mpi = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
1810
if (!mpi)
1811
die ("no h value in returned key\n");
1812
if (standalone_mode)
1813
printf ("H = ");
1814
print_mpi_line (mpi, 1);
1815
gcry_mpi_release (mpi);
1816
gcry_sexp_release (l2);
1817
1818
gcry_sexp_release (l1);
1819
}
1820
1821
1822
/* Generate DSA domain parameters for a modulus size of KEYSIZE. The
1823
result is printed to stdout with one parameter per line in hex
1824
format and in this order: p, q, g, seed, counter, h. If SEED is
1825
not NULL this seed value will be used for the generation. */
1826
static void
1827
run_dsa_pqg_gen (int keysize, const void *seed, size_t seedlen)
1828
{
1829
gcry_sexp_t key;
1830
1831
if (seed)
1832
key = dsa_gen_with_seed (keysize, seed, seedlen);
1833
else
1834
key = dsa_gen (keysize);
1835
print_dsa_domain_parameters (key);
1836
gcry_sexp_release (key);
1837
}
1838
1839
1840
/* Generate a DSA key of size of KEYSIZE and write the private key to
1841
FILENAME. Also write the parameters to stdout in the same way as
1842
run_dsa_pqg_gen. */
1843
static void
1844
run_dsa_gen (int keysize, const char *filename)
1845
{
1846
gcry_sexp_t key, private_key;
1847
FILE *fp;
1848
1849
key = dsa_gen (keysize);
1850
private_key = gcry_sexp_find_token (key, "private-key", 0);
1851
if (!private_key)
1852
die ("private key not found in genkey result\n");
1853
print_dsa_domain_parameters (key);
1854
1855
fp = fopen (filename, "wb");
1856
if (!fp)
1857
die ("can't create `%s': %s\n", filename, strerror (errno));
1858
print_sexp (private_key, fp);
1859
fclose (fp);
1860
1861
gcry_sexp_release (private_key);
1862
gcry_sexp_release (key);
1863
}
1864
1865
1866
1867
/* Sign DATA of length DATALEN using the key taken from the S-expression
1868
encoded KEYFILE. */
1869
static void
1870
run_dsa_sign (const void *data, size_t datalen, const char *keyfile)
1871
1872
{
1873
gpg_error_t err;
1874
gcry_sexp_t s_data, s_key, s_sig, s_tmp, s_tmp2;
1875
char hash[20];
1876
gcry_mpi_t tmpmpi;
1877
1878
gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen);
1879
err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash, 20, NULL);
1880
if (!err)
1881
{
1882
err = gcry_sexp_build (&s_data, NULL,
1883
"(data (flags raw)(value %m))", tmpmpi);
1884
gcry_mpi_release (tmpmpi);
1885
}
1886
if (err)
1887
die ("gcry_sexp_build failed for DSA data input: %s\n",
1888
gpg_strerror (err));
1889
1890
s_key = read_sexp_from_file (keyfile);
1891
1892
err = gcry_pk_sign (&s_sig, s_data, s_key);
1893
if (err)
1894
{
1895
gcry_sexp_release (read_private_key_file (keyfile, 1));
1896
die ("gcry_pk_signed failed (datalen=%d,keyfile=%s): %s\n",
1897
(int)datalen, keyfile, gpg_strerror (err));
1898
}
1899
gcry_sexp_release (s_data);
1900
1901
/* We need to return the Y parameter first. */
1902
s_tmp = gcry_sexp_find_token (s_key, "private-key", 0);
1903
if (!s_tmp)
1904
die ("private key part not found in provided key\n");
1905
1906
s_tmp2 = gcry_sexp_find_token (s_tmp, "dsa", 0);
1907
if (!s_tmp2)
1908
die ("private key part is not a DSA key\n");
1909
gcry_sexp_release (s_tmp);
1910
1911
s_tmp = gcry_sexp_find_token (s_tmp2, "y", 0);
1912
tmpmpi = gcry_sexp_nth_mpi (s_tmp, 1, GCRYMPI_FMT_USG);
1913
if (!tmpmpi)
1914
die ("no y parameter in DSA key\n");
1915
print_mpi_line (tmpmpi, 1);
1916
gcry_mpi_release (tmpmpi);
1917
gcry_sexp_release (s_tmp);
1918
1919
gcry_sexp_release (s_key);
1920
1921
1922
/* Now return the actual signature. */
1923
s_tmp = gcry_sexp_find_token (s_sig, "sig-val", 0);
1924
if (!s_tmp)
1925
die ("no sig-val element in returned S-expression\n");
1926
1927
gcry_sexp_release (s_sig);
1928
s_sig = s_tmp;
1929
s_tmp = gcry_sexp_find_token (s_sig, "dsa", 0);
1930
if (!s_tmp)
1931
die ("no dsa element in returned S-expression\n");
1932
1933
gcry_sexp_release (s_sig);
1934
s_sig = s_tmp;
1935
1936
s_tmp = gcry_sexp_find_token (s_sig, "r", 0);
1937
tmpmpi = gcry_sexp_nth_mpi (s_tmp, 1, GCRYMPI_FMT_USG);
1938
if (!tmpmpi)
1939
die ("no r parameter in returned S-expression\n");
1940
print_mpi_line (tmpmpi, 1);
1941
gcry_mpi_release (tmpmpi);
1942
gcry_sexp_release (s_tmp);
1943
1944
s_tmp = gcry_sexp_find_token (s_sig, "s", 0);
1945
tmpmpi = gcry_sexp_nth_mpi (s_tmp, 1, GCRYMPI_FMT_USG);
1946
if (!tmpmpi)
1947
die ("no s parameter in returned S-expression\n");
1948
print_mpi_line (tmpmpi, 1);
1949
gcry_mpi_release (tmpmpi);
1950
gcry_sexp_release (s_tmp);
1951
1952
gcry_sexp_release (s_sig);
1953
}
1954
1955
1956
1957
/* Verify DATA of length DATALEN using the public key taken from the
1958
S-expression in KEYFILE against the S-expression formatted
1959
signature in SIGFILE. */
1960
static void
1961
run_dsa_verify (const void *data, size_t datalen,
1962
const char *keyfile, const char *sigfile)
1963
1964
{
1965
gpg_error_t err;
1966
gcry_sexp_t s_data, s_key, s_sig;
1967
char hash[20];
1968
gcry_mpi_t tmpmpi;
1969
1970
gcry_md_hash_buffer (GCRY_MD_SHA1, hash, data, datalen);
1971
/* Note that we can't simply use %b with HASH to build the
1972
S-expression, because that might yield a negative value. */
1973
err = gcry_mpi_scan (&tmpmpi, GCRYMPI_FMT_USG, hash, 20, NULL);
1974
if (!err)
1975
{
1976
err = gcry_sexp_build (&s_data, NULL,
1977
"(data (flags raw)(value %m))", tmpmpi);
1978
gcry_mpi_release (tmpmpi);
1979
}
1980
if (err)
1981
die ("gcry_sexp_build failed for DSA data input: %s\n",
1982
gpg_strerror (err));
1983
1984
s_key = read_sexp_from_file (keyfile);
1985
s_sig = read_sexp_from_file (sigfile);
1986
1987
err = gcry_pk_verify (s_sig, s_data, s_key);
1988
if (!err)
1989
puts ("GOOD signature");
1990
else if (gpg_err_code (err) == GPG_ERR_BAD_SIGNATURE)
1991
puts ("BAD signature");
1992
else
1993
printf ("ERROR (%s)\n", gpg_strerror (err));
1994
1995
gcry_sexp_release (s_sig);
1996
gcry_sexp_release (s_key);
1997
gcry_sexp_release (s_data);
1998
}
1999
2000
2001
2002
2003
static void
2004
usage (int show_help)
2005
{
2006
if (!show_help)
2007
{
2008
fputs ("usage: " PGM
2009
" [OPTION] [FILE] (try --help for more information)\n", stderr);
2010
exit (2);
2011
}
2012
fputs
2013
("Usage: " PGM " [OPTIONS] MODE [FILE]\n"
2014
"Run a crypto operation using hex encoded input and output.\n"
2015
"MODE:\n"
2016
" encrypt, decrypt, digest, random, hmac-sha,\n"
2017
" rsa-{derive,gen,sign,verify}, dsa-{pqg-gen,gen,sign,verify}\n"
2018
"OPTIONS:\n"
2019
" --verbose Print additional information\n"
2020
" --binary Input and output is in binary form\n"
2021
" --no-fips Do not force FIPS mode\n"
2022
" --key KEY Use the hex encoded KEY\n"
2023
" --iv IV Use the hex encoded IV\n"
2024
" --dt DT Use the hex encoded DT for the RNG\n"
2025
" --algo NAME Use algorithm NAME\n"
2026
" --keysize N Use a keysize of N bits\n"
2027
" --signature NAME Take signature from file NAME\n"
2028
" --chunk N Read in chunks of N bytes (implies --binary)\n"
2029
" --pkcs1 Use PKCS#1 encoding\n"
2030
" --mct-server Run a monte carlo test server\n"
2031
" --loop Enable random loop mode\n"
2032
" --progress Print pogress indicators\n"
2033
" --help Print this text\n"
2034
"With no FILE, or when FILE is -, read standard input.\n"
2035
"Report bugs to " PACKAGE_BUGREPORT ".\n" , stdout);
2036
exit (0);
2037
}
2038
2039
int
2040
main (int argc, char **argv)
2041
{
2042
int last_argc = -1;
2043
gpg_error_t err;
2044
int no_fips = 0;
2045
int progress = 0;
2046
int use_pkcs1 = 0;
2047
const char *mode_string;
2048
const char *key_string = NULL;
2049
const char *iv_string = NULL;
2050
const char *dt_string = NULL;
2051
const char *algo_string = NULL;
2052
const char *keysize_string = NULL;
2053
const char *signature_string = NULL;
2054
FILE *input;
2055
void *data;
2056
size_t datalen;
2057
size_t chunksize = 0;
2058
int mct_server = 0;
2059
2060
2061
if (argc)
2062
{ argc--; argv++; }
2063
2064
while (argc && last_argc != argc )
2065
{
2066
last_argc = argc;
2067
if (!strcmp (*argv, "--"))
2068
{
2069
argc--; argv++;
2070
break;
2071
}
2072
else if (!strcmp (*argv, "--help"))
2073
{
2074
usage (1);
2075
}
2076
else if (!strcmp (*argv, "--version"))
2077
{
2078
fputs (PGM " (Libgcrypt) " PACKAGE_VERSION "\n", stdout);
2079
exit (0);
2080
}
2081
else if (!strcmp (*argv, "--verbose"))
2082
{
2083
verbose++;
2084
argc--; argv++;
2085
}
2086
else if (!strcmp (*argv, "--binary"))
2087
{
2088
binary_input = binary_output = 1;
2089
argc--; argv++;
2090
}
2091
else if (!strcmp (*argv, "--no-fips"))
2092
{
2093
no_fips++;
2094
argc--; argv++;
2095
}
2096
else if (!strcmp (*argv, "--loop"))
2097
{
2098
loop_mode = 1;
2099
argc--; argv++;
2100
}
2101
else if (!strcmp (*argv, "--progress"))
2102
{
2103
progress = 1;
2104
argc--; argv++;
2105
}
2106
else if (!strcmp (*argv, "--key"))
2107
{
2108
argc--; argv++;
2109
if (!argc)
2110
usage (0);
2111
key_string = *argv;
2112
argc--; argv++;
2113
}
2114
else if (!strcmp (*argv, "--iv"))
2115
{
2116
argc--; argv++;
2117
if (!argc)
2118
usage (0);
2119
iv_string = *argv;
2120
argc--; argv++;
2121
}
2122
else if (!strcmp (*argv, "--dt"))
2123
{
2124
argc--; argv++;
2125
if (!argc)
2126
usage (0);
2127
dt_string = *argv;
2128
argc--; argv++;
2129
}
2130
else if (!strcmp (*argv, "--algo"))
2131
{
2132
argc--; argv++;
2133
if (!argc)
2134
usage (0);
2135
algo_string = *argv;
2136
argc--; argv++;
2137
}
2138
else if (!strcmp (*argv, "--keysize"))
2139
{
2140
argc--; argv++;
2141
if (!argc)
2142
usage (0);
2143
keysize_string = *argv;
2144
argc--; argv++;
2145
}
2146
else if (!strcmp (*argv, "--signature"))
2147
{
2148
argc--; argv++;
2149
if (!argc)
2150
usage (0);
2151
signature_string = *argv;
2152
argc--; argv++;
2153
}
2154
else if (!strcmp (*argv, "--chunk"))
2155
{
2156
argc--; argv++;
2157
if (!argc)
2158
usage (0);
2159
chunksize = atoi (*argv);
2160
binary_input = binary_output = 1;
2161
argc--; argv++;
2162
}
2163
else if (!strcmp (*argv, "--pkcs1"))
2164
{
2165
use_pkcs1 = 1;
2166
argc--; argv++;
2167
}
2168
else if (!strcmp (*argv, "--mct-server"))
2169
{
2170
mct_server = 1;
2171
argc--; argv++;
2172
}
2173
else if (!strcmp (*argv, "--standalone"))
2174
{
2175
standalone_mode = 1;
2176
argc--; argv++;
2177
}
2178
}
2179
2180
if (!argc || argc > 2)
2181
usage (0);
2182
mode_string = *argv;
2183
2184
if (!strcmp (mode_string, "rsa-derive"))
2185
binary_input = 1;
2186
2187
if (argc == 2 && strcmp (argv[1], "-"))
2188
{
2189
input = fopen (argv[1], binary_input? "rb":"r");
2190
if (!input)
2191
die ("can't open `%s': %s\n", argv[1], strerror (errno));
2192
}
2193
else
2194
input = stdin;
2195
2196
#ifndef HAVE_W32_SYSTEM
2197
if (loop_mode)
2198
signal (SIGPIPE, SIG_IGN);
2199
#endif
2200
2201
if (verbose)
2202
fprintf (stderr, PGM ": started (mode=%s)\n", mode_string);
2203
2204
gcry_control (GCRYCTL_SET_VERBOSITY, (int)verbose);
2205
if (!no_fips)
2206
gcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
2207
if (!gcry_check_version ("1.4.3"))
2208
die ("Libgcrypt is not sufficient enough\n");
2209
if (verbose)
2210
fprintf (stderr, PGM ": using Libgcrypt %s\n", gcry_check_version (NULL));
2211
if (no_fips)
2212
gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
2213
gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
2214
2215
/* Most operations need some input data. */
2216
if (!chunksize
2217
&& !mct_server
2218
&& strcmp (mode_string, "random")
2219
&& strcmp (mode_string, "rsa-gen")
2220
&& strcmp (mode_string, "dsa-gen") )
2221
{
2222
data = read_file (input, !binary_input, &datalen);
2223
if (!data)
2224
die ("error reading%s input\n", binary_input?"":" and decoding");
2225
if (verbose)
2226
fprintf (stderr, PGM ": %u bytes of input data\n",
2227
(unsigned int)datalen);
2228
}
2229
else
2230
{
2231
data = NULL;
2232
datalen = 0;
2233
}
2234
2235
2236
if (!strcmp (mode_string, "encrypt") || !strcmp (mode_string, "decrypt"))
2237
{
2238
int cipher_algo, cipher_mode;
2239
void *iv_buffer = NULL;
2240
void *key_buffer = NULL;
2241
size_t iv_buflen, key_buflen;
2242
2243
if (!algo_string)
2244
die ("option --algo is required in this mode\n");
2245
cipher_algo = map_openssl_cipher_name (algo_string, &cipher_mode);
2246
if (!cipher_algo)
2247
die ("cipher algorithm `%s' is not supported\n", algo_string);
2248
if (mct_server)
2249
{
2250
int iterations;
2251
2252
for (;;)
2253
{
2254
gcry_free (key_buffer); key_buffer = NULL;
2255
gcry_free (iv_buffer); iv_buffer = NULL;
2256
gcry_free (data); data = NULL;
2257
if (!(key_buffer = read_textline (input)))
2258
{
2259
if (feof (input))
2260
break;
2261
die ("no version info in input\n");
2262
}
2263
if (atoi (key_buffer) != 1)
2264
die ("unsupported input version %s\n", key_buffer);
2265
gcry_free (key_buffer);
2266
if (!(key_buffer = read_textline (input)))
2267
die ("no iteration count in input\n");
2268
iterations = atoi (key_buffer);
2269
gcry_free (key_buffer);
2270
if (!(key_buffer = read_hexline (input, &key_buflen)))
2271
die ("no key in input\n");
2272
if (!(iv_buffer = read_hexline (input, &iv_buflen)))
2273
die ("no IV in input\n");
2274
if (!(data = read_hexline (input, &datalen)))
2275
die ("no data in input\n");
2276
skip_to_empty_line (input);
2277
2278
run_cipher_mct_loop ((*mode_string == 'e'),
2279
cipher_algo, cipher_mode,
2280
iv_buffer, iv_buflen,
2281
key_buffer, key_buflen,
2282
data, datalen, iterations);
2283
}
2284
}
2285
else
2286
{
2287
if (cipher_mode != GCRY_CIPHER_MODE_ECB)
2288
{
2289
if (!iv_string)
2290
die ("option --iv is required in this mode\n");
2291
iv_buffer = hex2buffer (iv_string, &iv_buflen);
2292
if (!iv_buffer)
2293
die ("invalid value for IV\n");
2294
}
2295
else
2296
{
2297
iv_buffer = NULL;
2298
iv_buflen = 0;
2299
}
2300
if (!key_string)
2301
die ("option --key is required in this mode\n");
2302
key_buffer = hex2buffer (key_string, &key_buflen);
2303
if (!key_buffer)
2304
die ("invalid value for KEY\n");
2305
2306
run_encrypt_decrypt ((*mode_string == 'e'),
2307
cipher_algo, cipher_mode,
2308
iv_buffer, iv_buflen,
2309
key_buffer, key_buflen,
2310
data, data? datalen:chunksize, input);
2311
}
2312
gcry_free (key_buffer);
2313
gcry_free (iv_buffer);
2314
}
2315
else if (!strcmp (mode_string, "digest"))
2316
{
2317
int algo;
2318
2319
if (!algo_string)
2320
die ("option --algo is required in this mode\n");
2321
algo = gcry_md_map_name (algo_string);
2322
if (!algo)
2323
die ("digest algorithm `%s' is not supported\n", algo_string);
2324
if (!data)
2325
die ("no data available (do not use --chunk)\n");
2326
2327
run_digest (algo, data, datalen);
2328
}
2329
else if (!strcmp (mode_string, "random"))
2330
{
2331
void *context;
2332
unsigned char key[16];
2333
unsigned char seed[16];
2334
unsigned char dt[16];
2335
unsigned char buffer[16];
2336
size_t count = 0;
2337
2338
if (hex2bin (key_string, key, 16) < 0 )
2339
die ("value for --key are not 32 hex digits\n");
2340
if (hex2bin (iv_string, seed, 16) < 0 )
2341
die ("value for --iv are not 32 hex digits\n");
2342
if (hex2bin (dt_string, dt, 16) < 0 )
2343
die ("value for --dt are not 32 hex digits\n");
2344
2345
/* The flag value 1 disables the dup check, so that the RNG
2346
returns all generated data. */
2347
err = init_external_rng_test (&context, 1, key, 16, seed, 16, dt, 16);
2348
if (err)
2349
die ("init external RNG test failed: %s\n", gpg_strerror (err));
2350
2351
do
2352
{
2353
err = run_external_rng_test (context, buffer, sizeof buffer);
2354
if (err)
2355
die ("running external RNG test failed: %s\n", gpg_strerror (err));
2356
print_buffer (buffer, sizeof buffer);
2357
if (progress)
2358
{
2359
if (!(++count % 1000))
2360
fprintf (stderr, PGM ": %lu random bytes so far\n",
2361
(unsigned long int)count * sizeof buffer);
2362
}
2363
}
2364
while (loop_mode);
2365
2366
if (progress)
2367
fprintf (stderr, PGM ": %lu random bytes\n",
2368
(unsigned long int)count * sizeof buffer);
2369
2370
deinit_external_rng_test (context);
2371
}
2372
else if (!strcmp (mode_string, "hmac-sha"))
2373
{
2374
int algo;
2375
void *key_buffer;
2376
size_t key_buflen;
2377
2378
if (!data)
2379
die ("no data available (do not use --chunk)\n");
2380
if (!algo_string)
2381
die ("option --algo is required in this mode\n");
2382
switch (atoi (algo_string))
2383
{
2384
case 1: algo = GCRY_MD_SHA1; break;
2385
case 224: algo = GCRY_MD_SHA224; break;
2386
case 256: algo = GCRY_MD_SHA256; break;
2387
case 384: algo = GCRY_MD_SHA384; break;
2388
case 512: algo = GCRY_MD_SHA512; break;
2389
default: algo = 0; break;
2390
}
2391
if (!algo)
2392
die ("no digest algorithm found for hmac type `%s'\n", algo_string);
2393
if (!key_string)
2394
die ("option --key is required in this mode\n");
2395
key_buffer = hex2buffer (key_string, &key_buflen);
2396
if (!key_buffer)
2397
die ("invalid value for KEY\n");
2398
2399
run_hmac (algo, key_buffer, key_buflen, data, datalen);
2400
2401
gcry_free (key_buffer);
2402
}
2403
else if (!strcmp (mode_string, "rsa-derive"))
2404
{
2405
if (!data)
2406
die ("no data available (do not use --chunk)\n");
2407
run_rsa_derive (data, datalen);
2408
}
2409
else if (!strcmp (mode_string, "rsa-gen"))
2410
{
2411
int keysize;
2412
2413
if (!binary_output)
2414
base64_output = 1;
2415
2416
keysize = keysize_string? atoi (keysize_string) : 0;
2417
if (keysize < 128 || keysize > 16384)
2418
die ("invalid keysize specified; needs to be 128 .. 16384\n");
2419
run_rsa_gen (keysize, 65537);
2420
}
2421
else if (!strcmp (mode_string, "rsa-sign"))
2422
{
2423
int algo;
2424
2425
if (!key_string)
2426
die ("option --key is required in this mode\n");
2427
if (access (key_string, R_OK))
2428
die ("option --key needs to specify an existing keyfile\n");
2429
if (!algo_string)
2430
die ("option --algo is required in this mode\n");
2431
algo = gcry_md_map_name (algo_string);
2432
if (!algo)
2433
die ("digest algorithm `%s' is not supported\n", algo_string);
2434
if (!data)
2435
die ("no data available (do not use --chunk)\n");
2436
2437
run_rsa_sign (data, datalen, algo, use_pkcs1, key_string);
2438
2439
}
2440
else if (!strcmp (mode_string, "rsa-verify"))
2441
{
2442
int algo;
2443
2444
if (!key_string)
2445
die ("option --key is required in this mode\n");
2446
if (access (key_string, R_OK))
2447
die ("option --key needs to specify an existing keyfile\n");
2448
if (!algo_string)
2449
die ("option --algo is required in this mode\n");
2450
algo = gcry_md_map_name (algo_string);
2451
if (!algo)
2452
die ("digest algorithm `%s' is not supported\n", algo_string);
2453
if (!data)
2454
die ("no data available (do not use --chunk)\n");
2455
if (!signature_string)
2456
die ("option --signature is required in this mode\n");
2457
if (access (signature_string, R_OK))
2458
die ("option --signature needs to specify an existing file\n");
2459
2460
run_rsa_verify (data, datalen, algo, use_pkcs1, key_string,
2461
signature_string);
2462
2463
}
2464
else if (!strcmp (mode_string, "dsa-pqg-gen"))
2465
{
2466
int keysize;
2467
2468
keysize = keysize_string? atoi (keysize_string) : 0;
2469
if (keysize < 1024 || keysize > 3072)
2470
die ("invalid keysize specified; needs to be 1024 .. 3072\n");
2471
run_dsa_pqg_gen (keysize, datalen? data:NULL, datalen);
2472
}
2473
else if (!strcmp (mode_string, "dsa-gen"))
2474
{
2475
int keysize;
2476
2477
keysize = keysize_string? atoi (keysize_string) : 0;
2478
if (keysize < 1024 || keysize > 3072)
2479
die ("invalid keysize specified; needs to be 1024 .. 3072\n");
2480
if (!key_string)
2481
die ("option --key is required in this mode\n");
2482
run_dsa_gen (keysize, key_string);
2483
}
2484
else if (!strcmp (mode_string, "dsa-sign"))
2485
{
2486
if (!key_string)
2487
die ("option --key is required in this mode\n");
2488
if (access (key_string, R_OK))
2489
die ("option --key needs to specify an existing keyfile\n");
2490
if (!data)
2491
die ("no data available (do not use --chunk)\n");
2492
2493
run_dsa_sign (data, datalen, key_string);
2494
}
2495
else if (!strcmp (mode_string, "dsa-verify"))
2496
{
2497
if (!key_string)
2498
die ("option --key is required in this mode\n");
2499
if (access (key_string, R_OK))
2500
die ("option --key needs to specify an existing keyfile\n");
2501
if (!data)
2502
die ("no data available (do not use --chunk)\n");
2503
if (!signature_string)
2504
die ("option --signature is required in this mode\n");
2505
if (access (signature_string, R_OK))
2506
die ("option --signature needs to specify an existing file\n");
2507
2508
run_dsa_verify (data, datalen, key_string, signature_string);
2509
}
2510
else
2511
usage (0);
2512
2513
gcry_free (data);
2514
2515
/* Because Libgcrypt does not enforce FIPS mode in all cases we let
2516
the process die if Libgcrypt is not anymore in FIPS mode after
2517
the actual operation. */
2518
if (!no_fips && !gcry_fips_mode_active ())
2519
die ("FIPS mode is not anymore active\n");
2520
2521
if (verbose)
2522
fputs (PGM ": ready\n", stderr);
2523
2524
return 0;
2525
}
2526
Loggerhead is a web-based interface for Breezy
Version: 2.0.1