284
336
die ("error generating Elgamal key: %s\n", gcry_strerror (rc));
286
pub_key = gcry_sexp_find_token (key, "public-key", 0);
288
die ("public part missing in key\n");
290
sec_key = gcry_sexp_find_token (key, "private-key", 0);
292
die ("private part missing in key\n");
294
gcry_sexp_release (key);
339
show_sexp ("generated ELG key:\n", key);
341
pub_key = gcry_sexp_find_token (key, "public-key", 0);
343
die ("public part missing in key\n");
345
sec_key = gcry_sexp_find_token (key, "private-key", 0);
347
die ("private part missing in key\n");
349
gcry_sexp_release (key);
356
get_dsa_key_new (gcry_sexp_t *pkey, gcry_sexp_t *skey, int transient_key)
358
gcry_sexp_t key_spec, key, pub_key, sec_key;
361
rc = gcry_sexp_new (&key_spec,
363
? "(genkey (dsa (nbits 4:1024)(transient-key)))"
364
: "(genkey (dsa (nbits 4:1024)))",
367
die ("error creating S-expression: %s\n", gcry_strerror (rc));
368
rc = gcry_pk_genkey (&key, key_spec);
369
gcry_sexp_release (key_spec);
371
die ("error generating DSA key: %s\n", gcry_strerror (rc));
374
show_sexp ("generated DSA key:\n", key);
376
pub_key = gcry_sexp_find_token (key, "public-key", 0);
378
die ("public part missing in key\n");
380
sec_key = gcry_sexp_find_token (key, "private-key", 0);
382
die ("private part missing in key\n");
384
gcry_sexp_release (key);
391
get_dsa_key_fips186_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
393
gcry_sexp_t key_spec, key, pub_key, sec_key;
397
(&key_spec, "(genkey (dsa (nbits 4:1024)(use-fips186)))", 0, 1);
399
die ("error creating S-expression: %s\n", gcry_strerror (rc));
400
rc = gcry_pk_genkey (&key, key_spec);
401
gcry_sexp_release (key_spec);
403
die ("error generating DSA key: %s\n", gcry_strerror (rc));
406
show_sexp ("generated DSA key (fips 186):\n", key);
408
pub_key = gcry_sexp_find_token (key, "public-key", 0);
410
die ("public part missing in key\n");
412
sec_key = gcry_sexp_find_token (key, "private-key", 0);
414
die ("private part missing in key\n");
416
gcry_sexp_release (key);
423
get_dsa_key_with_domain_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
425
gcry_sexp_t key_spec, key, pub_key, sec_key;
430
"(genkey (dsa (transient-key)(domain"
431
"(p #d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921"
432
"4adeb9146a6ec3f43520f0fd8e3125dd8bbc5d87405d1ac5f82073cd762a3f8d7"
433
"74322657c9da88a7d2f0e1a9ceb84a39cb40876179e6a76e400498de4bb9379b0"
434
"5f5feb7b91eb8fea97ee17a955a0a8a37587a272c4719d6feb6b54ba4ab69#)"
435
"(q #9c916d121de9a03f71fb21bc2e1c0d116f065a4f#)"
436
"(g #8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab"
437
"0250d3409063ad99efae48b10c6ab2bba3ea9a67b12b911a372a2bba260176fad"
438
"b4b93247d9712aad13aa70216c55da9858f7a298deb670a403eb1e7c91b847f1e"
439
"ccfbd14bd806fd42cf45dbb69cd6d6b43add2a78f7d16928eaa04458dea44#)"
442
die ("error creating S-expression: %s\n", gcry_strerror (rc));
443
rc = gcry_pk_genkey (&key, key_spec);
444
gcry_sexp_release (key_spec);
446
die ("error generating DSA key: %s\n", gcry_strerror (rc));
449
show_sexp ("generated DSA key:\n", key);
451
pub_key = gcry_sexp_find_token (key, "public-key", 0);
453
die ("public part missing in key\n");
455
sec_key = gcry_sexp_find_token (key, "private-key", 0);
457
die ("private part missing in key\n");
459
gcry_sexp_release (key);
465
get_dsa_key_fips186_with_domain_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
467
gcry_sexp_t key_spec, key, pub_key, sec_key;
472
"(genkey (dsa (transient-key)(use-fips186)(domain"
473
"(p #d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921"
474
"4adeb9146a6ec3f43520f0fd8e3125dd8bbc5d87405d1ac5f82073cd762a3f8d7"
475
"74322657c9da88a7d2f0e1a9ceb84a39cb40876179e6a76e400498de4bb9379b0"
476
"5f5feb7b91eb8fea97ee17a955a0a8a37587a272c4719d6feb6b54ba4ab69#)"
477
"(q #9c916d121de9a03f71fb21bc2e1c0d116f065a4f#)"
478
"(g #8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab"
479
"0250d3409063ad99efae48b10c6ab2bba3ea9a67b12b911a372a2bba260176fad"
480
"b4b93247d9712aad13aa70216c55da9858f7a298deb670a403eb1e7c91b847f1e"
481
"ccfbd14bd806fd42cf45dbb69cd6d6b43add2a78f7d16928eaa04458dea44#)"
484
die ("error creating S-expression: %s\n", gcry_strerror (rc));
485
rc = gcry_pk_genkey (&key, key_spec);
486
gcry_sexp_release (key_spec);
488
die ("error generating DSA key: %s\n", gcry_strerror (rc));
491
show_sexp ("generated DSA key:\n", key);
493
pub_key = gcry_sexp_find_token (key, "public-key", 0);
495
die ("public part missing in key\n");
497
sec_key = gcry_sexp_find_token (key, "private-key", 0);
499
die ("private part missing in key\n");
501
gcry_sexp_release (key);
508
get_dsa_key_fips186_with_seed_new (gcry_sexp_t *pkey, gcry_sexp_t *skey)
510
gcry_sexp_t key_spec, key, pub_key, sec_key;
521
" (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
524
die ("error creating S-expression: %s\n", gcry_strerror (rc));
525
rc = gcry_pk_genkey (&key, key_spec);
526
gcry_sexp_release (key_spec);
528
die ("error generating DSA key: %s\n", gcry_strerror (rc));
531
show_sexp ("generated DSA key (fips 186 with seed):\n", key);
533
pub_key = gcry_sexp_find_token (key, "public-key", 0);
535
die ("public part missing in key\n");
537
sec_key = gcry_sexp_find_token (key, "private-key", 0);
539
die ("private part missing in key\n");
541
gcry_sexp_release (key);
339
594
check_keys (pkey, skey, 800, 0);
340
595
gcry_sexp_release (pkey);
341
596
gcry_sexp_release (skey);
599
fprintf (stderr, "Generating DSA key.\n");
600
get_dsa_key_new (&pkey, &skey, 0);
601
/* Fixme: Add a check function for DSA keys. */
602
gcry_sexp_release (pkey);
603
gcry_sexp_release (skey);
605
if (!gcry_fips_mode_active ())
608
fprintf (stderr, "Generating transient DSA key.\n");
609
get_dsa_key_new (&pkey, &skey, 1);
610
/* Fixme: Add a check function for DSA keys. */
611
gcry_sexp_release (pkey);
612
gcry_sexp_release (skey);
616
fprintf (stderr, "Generating DSA key (FIPS 186).\n");
617
get_dsa_key_fips186_new (&pkey, &skey);
618
/* Fixme: Add a check function for DSA keys. */
619
gcry_sexp_release (pkey);
620
gcry_sexp_release (skey);
623
fprintf (stderr, "Generating DSA key with given domain.\n");
624
get_dsa_key_with_domain_new (&pkey, &skey);
625
/* Fixme: Add a check function for DSA keys. */
626
gcry_sexp_release (pkey);
627
gcry_sexp_release (skey);
630
fprintf (stderr, "Generating DSA key with given domain (FIPS 186).\n");
631
get_dsa_key_fips186_with_domain_new (&pkey, &skey);
632
/* Fixme: Add a check function for DSA keys. */
633
gcry_sexp_release (pkey);
634
gcry_sexp_release (skey);
637
fprintf (stderr, "Generating DSA key with given seed (FIPS 186).\n");
638
get_dsa_key_fips186_with_seed_new (&pkey, &skey);
639
/* Fixme: Add a check function for DSA keys. */
640
gcry_sexp_release (pkey);
641
gcry_sexp_release (skey);
647
key_param_from_sexp (gcry_sexp_t sexp, const char *topname, const char *name)
652
l1 = gcry_sexp_find_token (sexp, topname, 0);
656
l2 = gcry_sexp_find_token (l1, name, 0);
659
gcry_sexp_release (l1);
663
result = gcry_sexp_nth_mpi (l2, 1, GCRYMPI_FMT_USG);
664
gcry_sexp_release (l2);
665
gcry_sexp_release (l1);
671
check_x931_derived_key (int what)
675
const char *expected_d;
677
{ /* First example from X9.31 (D.1.1). */
683
" (Xp1 #1A1916DDB29B4EB7EB6732E128#)\n"
684
" (Xp2 #192E8AAC41C576C822D93EA433#)\n"
685
" (Xp #D8CD81F035EC57EFE822955149D3BFF70C53520D\n"
686
" 769D6D76646C7A792E16EBD89FE6FC5B605A6493\n"
687
" 39DFC925A86A4C6D150B71B9EEA02D68885F5009\n"
689
" (Xq1 #1A5CF72EE770DE50CB09ACCEA9#)\n"
690
" (Xq2 #134E4CAA16D2350A21D775C404#)\n"
691
" (Xq #CC1092495D867E64065DEE3E7955F2EBC7D47A2D\n"
692
" 7C9953388F97DDDC3E1CA19C35CA659EDC2FC325\n"
693
" 6D29C2627479C086A699A49C4C9CEE7EF7BD1B34\n"
695
"1CCDA20BCFFB8D517EE9666866621B11822C7950D55F4BB5BEE37989A7D173"
696
"12E326718BE0D79546EAAE87A56623B919B1715FFBD7F16028FC4007741961"
697
"C88C5D7B4DAAAC8D36A98C9EFBB26C8A4A0E6BC15B358E528A1AC9D0F042BE"
698
"B93BCA16B541B33F80C933A3B769285C462ED5677BFE89DF07BED5C127FD13"
702
{ /* Second example from X9.31 (D.2.1). */
708
" (Xp1 #18272558B61316348297EACA74#)\n"
709
" (Xp2 #1E970E8C6C97CEF91F05B0FA80#)\n"
710
" (Xp #F7E943C7EF2169E930DCF23FE389EF7507EE8265\n"
711
" 0D42F4A0D3A3CEFABE367999BB30EE680B2FE064\n"
712
" 60F707F46005F8AA7CBFCDDC4814BBE7F0F8BC09\n"
713
" 318C8E51A48D134296E40D0BBDD282DCCBDDEE1D\n"
714
" EC86F0B1C96EAFF5CDA70F9AEB6EE31E#)\n"
715
" (Xq1 #11FDDA6E8128DC1629F75192BA#)\n"
716
" (Xq2 #18AB178ECA907D72472F65E480#)\n"
717
" (Xq #C47560011412D6E13E3E7D007B5C05DBF5FF0D0F\n"
718
" CFF1FA2070D16C7ABA93EDFB35D8700567E5913D\n"
719
" B734E3FBD15862EBC59FA0425DFA131E549136E8\n"
720
" E52397A8ABE4705EC4877D4F82C4AAC651B33DA6\n"
721
" EA14B9D5F2A263DC65626E4D6CEAC767#))))\n",
722
"1FB56069985F18C4519694FB71055721A01F14422DC901C35B03A64D4A5BD1"
723
"259D573305F5B056AC931B82EDB084E39A0FD1D1A86CC5B147A264F7EF4EB2"
724
"0ED1E7FAAE5CAE4C30D5328B7F74C3CAA72C88B70DED8EDE207B8629DA2383"
725
"B78C3CE1CA3F9F218D78C938B35763AF2A8714664CC57F5CECE2413841F5E9"
726
"EDEC43B728E25A41BF3E1EF8D9EEE163286C9F8BF0F219D3B322C3E4B0389C"
727
"2E8BB28DC04C47DA2BF38823731266D2CF6CC3FC181738157624EF051874D0"
729
/* Note that this example in X9.31 gives this value for D:
731
"7ED581A6617C6311465A53EDC4155C86807C5108B724070D6C0E9935296F44"
732
"96755CCC17D6C15AB24C6E0BB6C2138E683F4746A1B316C51E8993DFBD3AC8"
733
"3B479FEAB972B930C354CA2DFDD30F2A9CB222DC37B63B7881EE18A7688E0E"
734
"DE30F38728FE7C8635E324E2CD5D8EBCAA1C51993315FD73B38904E107D7A7"
735
"B7B10EDCA3896906FCF87BE367BB858CA1B27E2FC3C8674ECC8B0F92C0E270"
736
"BA2ECA3701311F68AFCE208DCC499B4B3DB30FF0605CE055D893BC1461D342"
739
This is a bug in X9.31, obviously introduced by using
741
d = e^{-1} mod (p-1)(q-1)
743
instead of using the universal exponent as required by 4.1.3:
745
d = e^{-1} mod lcm(p-1,q-1)
747
The examples in X9.31 seem to be pretty buggy, see
748
cipher/primegen.c for another bug. Not only that I had to
749
spend 100 USD for the 66 pages of the document, it also took
750
me several hours to figure out that the bugs are in the
751
document and not in my code.
755
{ /* First example from NIST RSAVS (B.1.1). */
761
" (Xp1 #1ed3d6368e101dab9124c92ac8#)\n"
762
" (Xp2 #16e5457b8844967ce83cab8c11#)\n"
763
" (Xp #b79f2c2493b4b76f329903d7555b7f5f06aaa5ea\n"
764
" ab262da1dcda8194720672a4e02229a0c71f60ae\n"
765
" c4f0d2ed8d49ef583ca7d5eeea907c10801c302a\n"
767
" (Xq1 #1a5d9e3fa34fb479bedea412f6#)\n"
768
" (Xq2 #1f9cca85f185341516d92e82fd#)\n"
769
" (Xq #c8387fd38fa33ddcea6a9de1b2d55410663502db\n"
770
" c225655a9310cceac9f4cf1bce653ec916d45788\n"
771
" f8113c46bc0fa42bf5e8d0c41120c1612e2ea8bb\n"
773
"17ef7ad4fd96011b62d76dfb2261b4b3270ca8e07bc501be954f8719ef586b"
774
"f237e8f693dd16c23e7adecc40279dc6877c62ab541df5849883a5254fccfd"
775
"4072a657b7f4663953930346febd6bbd82f9a499038402cbf97fd5f068083a"
776
"c81ad0335c4aab0da19cfebe060a1bac7482738efafea078e21df785e56ea0"
780
{ /* Second example from NIST RSAVS (B.1.1). */
786
" (Xp1 #1e64c1af460dff8842c22b64d0#)\n"
787
" (Xp2 #1e948edcedba84039c81f2ac0c#)\n"
788
" (Xp #c8c67df894c882045ede26a9008ab09ea0672077\n"
789
" d7bc71d412511cd93981ddde8f91b967da404056\n"
790
" c39f105f7f239abdaff92923859920f6299e82b9\n"
791
" 5bd5b8c959948f4a034d81613d6235a3953b49ce\n"
792
" 26974eb7bb1f14843841281b363b9cdb#)\n"
793
" (Xq1 #1f3df0f017ddd05611a97b6adb#)\n"
794
" (Xq2 #143edd7b22d828913abf24ca4d#)\n"
795
" (Xq #f15147d0e7c04a1e3f37adde802cdc610999bf7a\n"
796
" b0088434aaeda0c0ab3910b14d2ce56cb66bffd9\n"
797
" 7552195fae8b061077e03920814d8b9cfb5a3958\n"
798
" b3a82c2a7fc97e55db543948d3396289245336ec\n"
799
" 9e3cb308cc655aebd766340da8921383#))))\n",
800
"1f8b19f3f5f2ac9fc599f110cad403dcd9bdf5f7f00fb2790e78e820398184"
801
"1f3fb3dd230fb223d898f45719d9b2d3525587ff2b8bcc7425e40550a5b536"
802
"1c8e9c1d26e83fbd9c33c64029c0e878b829d55def12912b73d94fd758c461"
803
"0f473e230c41b5e4c86e27c5a5029d82c811c88525d0269b95bd2ff272994a"
804
"dbd80f2c2ecf69065feb8abd8b445b9c6d306b1585d7d3d7576d49842bc7e2"
805
"8b4a2f88f4a47e71c3edd35fdf83f547ea5c2b532975c551ed5268f748b2c4"
810
gcry_sexp_t key_spec, key, pub_key, sec_key;
811
gcry_mpi_t d_expected, d_have;
813
if (what < 0 && what >= sizeof testtable)
814
die ("invalid WHAT value\n");
816
err = gcry_sexp_new (&key_spec, testtable[what].param, 0, 1);
818
die ("error creating S-expression [%d]: %s\n", what, gpg_strerror (err));
820
err = gcry_pk_genkey (&key, key_spec);
821
gcry_sexp_release (key_spec);
823
die ("error generating RSA key [%d]: %s\n", what, gpg_strerror (err));
825
pub_key = gcry_sexp_find_token (key, "public-key", 0);
827
die ("public part missing in key [%d]\n", what);
829
sec_key = gcry_sexp_find_token (key, "private-key", 0);
831
die ("private part missing in key [%d]\n", what);
834
(&d_expected, GCRYMPI_FMT_HEX, testtable[what].expected_d, 0, NULL);
836
die ("error converting string [%d]\n", what);
839
show_sexp ("generated key:\n", key);
841
d_have = key_param_from_sexp (sec_key, "rsa", "d");
843
die ("parameter d not found in RSA secret key [%d]\n", what);
844
if (gcry_mpi_cmp (d_expected, d_have))
846
show_sexp (NULL, sec_key);
847
die ("parameter d does match expected value [%d]\n", what);
849
gcry_mpi_release (d_expected);
850
gcry_mpi_release (d_have);
852
gcry_sexp_release (key);
853
gcry_sexp_release (pub_key);
854
gcry_sexp_release (sec_key);