search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix -Wshadow
[heimdal.git] / lib / hcrypto / test_rsa.c
blob43bb6d4db559ad730f30e3df425b498984b5556a
1 /*
2 * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #include <config.h>
35
36 #include <stdio.h>
37
38 #include <roken.h>
39 #include <getarg.h>
40
41 #include <engine.h>
42 #include <evp.h>
43
44 /*
45 *
46 */
47
48 static int version_flag;
49 static int help_flag;
50 static int time_keygen;
51 static char *time_key;
52 static int key_blinding = 1;
53 static char *rsa_key;
54 static char *id_flag;
55 static int loops = 1;
56
57 static struct getargs args[] = {
58 { "loops", 0, arg_integer, &loops,
59 "number of loops", "loops" },
60 { "id", 0, arg_string, &id_flag,
61 "selects the engine id", "engine-id" },
62 { "time-keygen", 0, arg_flag, &time_keygen,
63 "time rsa generation", NULL },
64 { "time-key", 0, arg_string, &time_key,
65 "rsa key file", NULL },
66 { "key-blinding", 0, arg_negative_flag, &key_blinding,
67 "key blinding", NULL },
68 { "key", 0, arg_string, &rsa_key,
69 "rsa key file", NULL },
70 { "version", 0, arg_flag, &version_flag,
71 "print version", NULL },
72 { "help", 0, arg_flag, &help_flag,
73 NULL, NULL }
74 };
75
76 /*
77 *
78 */
79
80 static void
81 check_rsa(const unsigned char *in, size_t len, RSA *rsa, int padding)
82 {
83 unsigned char *res, *res2;
84 unsigned int len2;
85 int keylen;
86
87 res = malloc(RSA_size(rsa));
88 if (res == NULL)
89 errx(1, "res: ENOMEM");
90
91 res2 = malloc(RSA_size(rsa));
92 if (res2 == NULL)
93 errx(1, "res2: ENOMEM");
94
95 /* signing */
96
97 keylen = RSA_private_encrypt(len, in, res, rsa, padding);
98 if (keylen <= 0)
99 errx(1, "failed to private encrypt: %d %d", (int)len, (int)keylen);
100
101 if (keylen > RSA_size(rsa))
102 errx(1, "keylen > RSA_size(rsa)");
103
104 keylen = RSA_public_decrypt(keylen, res, res2, rsa, padding);
105 if (keylen <= 0)
106 errx(1, "failed to public decrypt: %d", (int)keylen);
107
108 if (keylen != len)
109 errx(1, "output buffer not same length: %d", (int)keylen);
110
111 if (memcmp(res2, in, len) != 0)
112 errx(1, "string not the same after decryption");
113
114 /* encryption */
115
116 keylen = RSA_public_encrypt(len, in, res, rsa, padding);
117 if (keylen <= 0)
118 errx(1, "failed to public encrypt: %d", (int)keylen);
119
120 if (keylen > RSA_size(rsa))
121 errx(1, "keylen > RSA_size(rsa)");
122
123 keylen = RSA_private_decrypt(keylen, res, res2, rsa, padding);
124 if (keylen <= 0)
125 errx(1, "failed to private decrypt: %d", (int)keylen);
126
127 if (keylen != len)
128 errx(1, "output buffer not same length: %d", (int)keylen);
129
130 if (memcmp(res2, in, len) != 0)
131 errx(1, "string not the same after decryption");
132
133 len2 = keylen;
134
135 if (RSA_sign(NID_sha1, in, len, res, &len2, rsa) != 1)
136 errx(1, "RSA_sign failed");
137
138 if (RSA_verify(NID_sha1, in, len, res, len2, rsa) != 1)
139 errx(1, "RSA_verify failed");
140
141 free(res);
142 free(res2);
143 }
144
145 static int
146 cb_func(int a, int b, BN_GENCB *c)
147 {
148 return 1;
149 }
150
151 static RSA *
152 read_key(ENGINE *engine, const char *keyfile)
153 {
154 unsigned char buf[1024 * 4];
155 const unsigned char *p;
156 size_t size;
157 RSA *rsa;
158 FILE *f;
159
160 f = fopen(keyfile, "rb");
161 if (f == NULL)
162 err(1, "could not open file %s", keyfile);
163 rk_cloexec_file(f);
164
165 size = fread(buf, 1, sizeof(buf), f);
166 fclose(f);
167 if (size == 0)
168 err(1, "failed to read file %s", keyfile);
169 if (size == sizeof(buf))
170 err(1, "key too long in file %s!", keyfile);
171
172 p = buf;
173 rsa = d2i_RSAPrivateKey(NULL, &p, size);
174 if (rsa == NULL)
175 err(1, "failed to parse key in file %s", keyfile);
176
177 RSA_set_method(rsa, ENGINE_get_RSA(engine));
178
179 if (!key_blinding)
180 rsa->flags |= RSA_FLAG_NO_BLINDING;
181
182 return rsa;
183 }
184
185 /*
186 *
187 */
188
189 static void
190 usage (int ret)
191 {
192 arg_printusage (args,
193 sizeof(args)/sizeof(*args),
194 NULL,
195 "filename.so");
196 exit (ret);
197 }
198
199 int
200 main(int argc, char **argv)
201 {
202 ENGINE *engine = NULL;
203 int i, j, idx = 0;
204 RSA *rsa;
205
206 setprogname(argv[0]);
207
208 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx))
209 usage(1);
210
211 if (help_flag)
212 usage(0);
213
214 if(version_flag){
215 print_version(NULL);
216 exit(0);
217 }
218
219 argc -= idx;
220 argv += idx;
221
222 OpenSSL_add_all_algorithms();
223 #ifdef OPENSSL
224 ENGINE_load_openssl();
225 #endif
226 ENGINE_load_builtin_engines();
227
228 if (argc == 0) {
229 engine = ENGINE_by_id("builtin");
230 } else {
231 engine = ENGINE_by_id(argv[0]);
232 if (engine == NULL)
233 engine = ENGINE_by_dso(argv[0], id_flag);
234 }
235 if (engine == NULL)
236 errx(1, "ENGINE_by_dso failed");
237
238 if (ENGINE_get_RSA(engine) == NULL)
239 return 77;
240
241 printf("rsa %s\n", ENGINE_get_RSA(engine)->name);
242
243 if (RAND_status() != 1)
244 errx(77, "no functional random device, refusing to run tests");
245
246 if (time_keygen) {
247 struct timeval tv1, tv2;
248 BIGNUM *e;
249
250 rsa = RSA_new_method(engine);
251 if (!key_blinding)
252 rsa->flags |= RSA_FLAG_NO_BLINDING;
253
254 e = BN_new();
255 BN_set_word(e, 0x10001);
256
257 printf("running keygen with %d loops\n", loops);
258
259 gettimeofday(&tv1, NULL);
260
261 for (i = 0; i < loops; i++) {
262 rsa = RSA_new_method(engine);
263 if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1)
264 errx(1, "RSA_generate_key_ex");
265 RSA_free(rsa);
266 }
267
268 gettimeofday(&tv2, NULL);
269 timevalsub(&tv2, &tv1);
270
271 printf("time %lu.%06lu\n",
272 (unsigned long)tv2.tv_sec,
273 (unsigned long)tv2.tv_usec);
274
275 BN_free(e);
276 ENGINE_finish(engine);
277
278 return 0;
279 }
280
281 if (time_key) {
282 const int size = 20;
283 struct timeval tv1, tv2;
284 unsigned char *p;
285
286 if (strcmp(time_key, "generate") == 0) {
287 BIGNUM *e;
288
289 rsa = RSA_new_method(engine);
290 if (!key_blinding)
291 rsa->flags |= RSA_FLAG_NO_BLINDING;
292
293 e = BN_new();
294 BN_set_word(e, 0x10001);
295
296 if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1)
297 errx(1, "RSA_generate_key_ex");
298 } else {
299 rsa = read_key(engine, time_key);
300 }
301
302 p = emalloc(loops * size);
303
304 RAND_bytes(p, loops * size);
305
306 gettimeofday(&tv1, NULL);
307 for (i = 0; i < loops; i++)
308 check_rsa(p + (i * size), size, rsa, RSA_PKCS1_PADDING);
309 gettimeofday(&tv2, NULL);
310
311 timevalsub(&tv2, &tv1);
312
313 printf("time %lu.%06lu\n",
314 (unsigned long)tv2.tv_sec,
315 (unsigned long)tv2.tv_usec);
316
317 RSA_free(rsa);
318 ENGINE_finish(engine);
319
320 return 0;
321 }
322
323 if (rsa_key) {
324 rsa = read_key(engine, rsa_key);
325
326 /*
327 * Assuming that you use the RSA key in the distribution, this
328 * test will generate a signature have a starting zero and thus
329 * will generate a checksum that is 127 byte instead of the
330 * checksum that is 128 byte (like the key).
331 */
332 {
333 const unsigned char sha1[20] = {
334 0x6d, 0x33, 0xf9, 0x40, 0x75, 0x5b, 0x4e, 0xc5, 0x90, 0x35,
335 0x48, 0xab, 0x75, 0x02, 0x09, 0x76, 0x9a, 0xb4, 0x7d, 0x6b
336 };
337
338 check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
339 }
340
341 for (i = 0; i < 128; i++) {
342 unsigned char sha1[20];
343
344 RAND_bytes(sha1, sizeof(sha1));
345 check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
346 }
347 for (i = 0; i < 128; i++) {
348 unsigned char des3[21];
349
350 RAND_bytes(des3, sizeof(des3));
351 check_rsa(des3, sizeof(des3), rsa, RSA_PKCS1_PADDING);
352 }
353 for (i = 0; i < 128; i++) {
354 unsigned char aes[32];
355
356 RAND_bytes(aes, sizeof(aes));
357 check_rsa(aes, sizeof(aes), rsa, RSA_PKCS1_PADDING);
358 }
359
360 RSA_free(rsa);
361 }
362
363 for (i = 0; i < loops; i++) {
364 BN_GENCB cb;
365 BIGNUM *e;
366 unsigned int n;
367
368 rsa = RSA_new_method(engine);
369 if (!key_blinding)
370 rsa->flags |= RSA_FLAG_NO_BLINDING;
371
372 e = BN_new();
373 BN_set_word(e, 0x10001);
374
375 BN_GENCB_set(&cb, cb_func, NULL);
376
377 RAND_bytes(&n, sizeof(n));
378 n &= 0x1ff;
379 n += 1024;
380
381 if (RSA_generate_key_ex(rsa, n, e, &cb) != 1)
382 errx(1, "RSA_generate_key_ex");
383
384 BN_free(e);
385
386 for (j = 0; j < 8; j++) {
387 unsigned char sha1[20];
388 RAND_bytes(sha1, sizeof(sha1));
389 check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
390 }
391
392 RSA_free(rsa);
393 }
394
395 ENGINE_finish(engine);
396
397 return 0;
398 }
Heimdal