generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add OAEP.

Browse Source
This commit is contained in:
Ben Laurie 1999-02-17 21:11:08 +00:00
parent d08d8da432
commit a49498969e
10 changed files with 469 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CHANGES
View File

@ -5,6 +5,15 @@
Changes between 0.9.1c and 0.9.2 Changes between 0.9.1c and 0.9.2
*) Add OAEP encryption for the OpenSSL crypto library. OAEP is the improved
padding method for RSA, which is recommended for new applications in PKCS
#1 v2.0 (RFC 2437, October 1998).
OAEP (Optimal Asymmetric Encryption Padding) has better theoretical
foundations than the ad-hoc padding used in PKCS #1 v1.5. It is secure
against Bleichbacher's attack on RSA.
[Ulf Moeller <ulf@fitug.de>, reformatted, corrected and integrated by
Ben Laurie]
*) Updates to the new SSL compression code *) Updates to the new SSL compression code
[Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)] [Eric A. Young, (from changes to C2Net SSLeay, integrated by Mark Cox)]

5
crypto/des/ede_cbcm_enc.c
View File

@ -61,6 +61,11 @@
This is an implementation of Triple DES Cipher Block Chaining with Output This is an implementation of Triple DES Cipher Block Chaining with Output
Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom). Feedback Masking, by Coppersmith, Johnson and Matyas, (IBM and Certicom).
Note that there is a known attack on this by Biham and Knudsen but it takes
a lot of work:
http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz
*/ */
#include "des_locl.h" #include "des_locl.h"

6
crypto/rsa/Makefile.ssl
View File

@ -18,14 +18,14 @@ CFLAGS= $(INCLUDES) $(CFLAG)
ERR=rsa ERR=rsa
ERRC=rsa_err ERRC=rsa_err
GENERAL=Makefile GENERAL=Makefile
TEST= TEST=rsa_oaep_test.c
APPS= APPS=
LIB=$(TOP)/libcrypto.a LIB=$(TOP)/libcrypto.a
LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c \ LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c \
rsa_pk1.c rsa_ssl.c rsa_none.c rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c
LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o \ LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o \
rsa_pk1.o rsa_ssl.o rsa_none.o rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o
SRC= $(LIBSRC) SRC= $(LIBSRC)

4
crypto/rsa/rsa.err
View File

@ -9,10 +9,12 @@
#define RSA_F_RSA_GENERATE_KEY 105 #define RSA_F_RSA_GENERATE_KEY 105
#define RSA_F_RSA_NEW_METHOD 106 #define RSA_F_RSA_NEW_METHOD 106
#define RSA_F_RSA_PADDING_ADD_NONE 107 #define RSA_F_RSA_PADDING_ADD_NONE 107
#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
#define RSA_F_RSA_PADDING_ADD_SSLV23 110 #define RSA_F_RSA_PADDING_ADD_SSLV23 110
#define RSA_F_RSA_PADDING_CHECK_NONE 111 #define RSA_F_RSA_PADDING_CHECK_NONE 111
#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122
#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 #define RSA_F_RSA_PADDING_CHECK_SSLV23 114
@ -37,7 +39,9 @@
#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110
#define RSA_R_DATA_TOO_SMALL 111 #define RSA_R_DATA_TOO_SMALL 111
#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112
#define RSA_R_KEY_SIZE_TOO_SMALL 120
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
#define RSA_R_OAEP_DECODING_ERROR 121
#define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_PADDING_CHECK_FAILED 114
#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 #define RSA_R_SSLV3_ROLLBACK_ATTACK 115
#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116

11
crypto/rsa/rsa.h
View File

@ -143,6 +143,7 @@ struct rsa_st
#define RSA_PKCS1_PADDING 1 #define RSA_PKCS1_PADDING 1
#define RSA_SSLV23_PADDING 2 #define RSA_SSLV23_PADDING 2
#define RSA_NO_PADDING 3 #define RSA_NO_PADDING 3
#define RSA_PKCS1_OAEP_PADDING 4
#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,(char *)arg) #define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,(char *)arg)
#define RSA_get_app_data(s) RSA_get_ex_data(s,0) #define RSA_get_app_data(s) RSA_get_ex_data(s,0)
@ -222,6 +223,12 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
unsigned char *f,int fl); unsigned char *f,int fl);
int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
unsigned char *f,int fl,int rsa_len); unsigned char *f,int fl,int rsa_len);
int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
unsigned char *f,int fl,unsigned char *p,
int pl);
int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,
unsigned char *f,int fl,int rsa_len,
unsigned char *p,int pl);
int RSA_padding_add_SSLv23(unsigned char *to,int tlen, int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
unsigned char *f,int fl); unsigned char *f,int fl);
int RSA_padding_check_SSLv23(unsigned char *to,int tlen, int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
@ -307,10 +314,12 @@ char *RSA_get_ex_data();
#define RSA_F_RSA_GENERATE_KEY 105 #define RSA_F_RSA_GENERATE_KEY 105
#define RSA_F_RSA_NEW_METHOD 106 #define RSA_F_RSA_NEW_METHOD 106
#define RSA_F_RSA_PADDING_ADD_NONE 107 #define RSA_F_RSA_PADDING_ADD_NONE 107
#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
#define RSA_F_RSA_PADDING_ADD_SSLV23 110 #define RSA_F_RSA_PADDING_ADD_SSLV23 110
#define RSA_F_RSA_PADDING_CHECK_NONE 111 #define RSA_F_RSA_PADDING_CHECK_NONE 111
#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122
#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 #define RSA_F_RSA_PADDING_CHECK_SSLV23 114
@ -335,7 +344,9 @@ char *RSA_get_ex_data();
#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110
#define RSA_R_DATA_TOO_SMALL 111 #define RSA_R_DATA_TOO_SMALL 111
#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112
#define RSA_R_KEY_SIZE_TOO_SMALL 120
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
#define RSA_R_OAEP_DECODING_ERROR 121
#define RSA_R_PADDING_CHECK_FAILED 114 #define RSA_R_PADDING_CHECK_FAILED 114
#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 #define RSA_R_SSLV3_ROLLBACK_ATTACK 115
#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116

8
crypto/rsa/rsa_eay.c
View File

@ -130,6 +130,9 @@ int padding;
case RSA_PKCS1_PADDING: case RSA_PKCS1_PADDING:
i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen); i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
break; break;
case RSA_PKCS1_OAEP_PADDING:
i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
break;
case RSA_SSLV23_PADDING: case RSA_SSLV23_PADDING:
i=RSA_padding_add_SSLv23(buf,num,from,flen); i=RSA_padding_add_SSLv23(buf,num,from,flen);
break; break;
@ -319,7 +322,10 @@ int padding;
case RSA_PKCS1_PADDING: case RSA_PKCS1_PADDING:
r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num); r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
break; break;
case RSA_SSLV23_PADDING: case RSA_PKCS1_OAEP_PADDING:
r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
break;
case RSA_SSLV23_PADDING:
r=RSA_padding_check_SSLv23(to,num,buf,j,num); r=RSA_padding_check_SSLv23(to,num,buf,j,num);
break; break;
case RSA_NO_PADDING: case RSA_NO_PADDING:

4
crypto/rsa/rsa_err.c
View File

@ -71,10 +71,12 @@ static ERR_STRING_DATA RSA_str_functs[]=
{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"}, {ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"},
{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"}, {ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"},
{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"}, {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"},
{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0), "RSA_PADDING_ADD_PKCS1_OAEP"},
{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"}, {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"},
{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"}, {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"},
{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"}, {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"},
{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"}, {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"},
{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,0), "RSA_PADDING_CHECK_PKCS1_OAEP"},
{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"}, {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"},
{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"}, {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"},
{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"}, {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"},
@ -102,7 +104,9 @@ static ERR_STRING_DATA RSA_str_reasons[]=
{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
{RSA_R_DATA_TOO_SMALL ,"data too small"}, {RSA_R_DATA_TOO_SMALL ,"data too small"},
{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"},
{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"},
{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, {RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"},
{RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"},
{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"}, {RSA_R_PADDING_CHECK_FAILED ,"padding check failed"},
{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, {RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"},
{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, {RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},

168
crypto/rsa/rsa_oaep.c Normal file
View File

@ -0,0 +1,168 @@
/* crypto/rsa/rsa_oaep.c */
/* Written by Ulf Moeller. This software is distributed on an "AS IS"
basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
/* EME_OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
#include <stdio.h>
#include "cryptlib.h"
#include "bn.h"
#include "rsa.h"
#include "sha.h"
#include "rand.h"
int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen);
int RSA_padding_add_PKCS1_OAEP(to, tlen, from, flen, param, plen)
unsigned char *to;
int tlen;
unsigned char *from;
int flen;
unsigned char *param;
int plen;
{
int i, emlen = tlen - 1;
unsigned char *db, *seed;
unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return (0);
}
if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
return (0);
}
dbmask = Malloc(emlen - SHA_DIGEST_LENGTH);
if (dbmask == NULL)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
return (0);
}
to[0] = 0;
seed = to + 1;
db = to + SHA_DIGEST_LENGTH + 1;
SHA1(param, plen, db);
memset(db + SHA_DIGEST_LENGTH, 0,
emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
RAND_bytes(seed, SHA_DIGEST_LENGTH);
#ifdef PKCS_TESTVECT
memcpy(seed,
"\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
20);
#endif
MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
db[i] ^= dbmask[i];
MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
for (i = 0; i < SHA_DIGEST_LENGTH; i++)
seed[i] ^= seedmask[i];
Free(dbmask);
return (1);
}
int RSA_padding_check_PKCS1_OAEP(to, tlen, from, flen, num, param, plen)
unsigned char *to;
int tlen;
unsigned char *from;
int flen;
int num;
unsigned char *param;
int plen;
{
int i, dblen, mlen = -1;
unsigned char *maskeddb;
unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
if (flen < 2 * SHA_DIGEST_LENGTH + 1)
{
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
return (-1);
}
dblen = flen - SHA_DIGEST_LENGTH;
db = Malloc(dblen);
if (db == NULL)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
return (-1);
}
maskeddb = from + SHA_DIGEST_LENGTH;
MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
for (i = 0; i < SHA_DIGEST_LENGTH; i++)
seed[i] ^= from[i];
MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
for (i = 0; i < dblen; i++)
db[i] ^= maskeddb[i];
SHA1(param, plen, phash);
if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
else
{
for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
if (db[i] != 0x00)
break;
if (db[i] != 0x01 || i++ >= dblen)
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,
RSA_R_OAEP_DECODING_ERROR);
else
{
mlen = dblen - i;
if (tlen < mlen)
{
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
mlen = -1;
}
else
memcpy(to, db + i, mlen);
}
}
Free(db);
return (mlen);
}
int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen)
{
long i, outlen = 0;
unsigned char cnt[4];
SHA_CTX c;
unsigned char md[SHA_DIGEST_LENGTH];
for (i = 0; outlen < len; i++)
{
cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255,
cnt[2] = (i >> 8) & 255, cnt[3] = i & 255;
SHA1_Init(&c);
SHA1_Update(&c, seed, seedlen);
SHA1_Update(&c, cnt, 4);
if (outlen + SHA_DIGEST_LENGTH <= len)
{
SHA1_Final(mask + outlen, &c);
outlen += SHA_DIGEST_LENGTH;
}
else
{
SHA1_Final(md, &c);
memcpy(mask + outlen, md, len - outlen);
outlen = len;
}
}
return (0);
}

250
crypto/rsa/rsa_oaep_test.c Normal file
View File

@ -0,0 +1,250 @@
/* test vectors from p1ovect1.txt */
#include <stdio.h>
#include <rsa.h>
#define SetKey \
key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
return (sizeof(ctext_ex) - 1);
int key1(RSA *key, unsigned char *c)
{
unsigned char n[] = "\
\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F\
\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5\
\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93\
\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1\
\xF5";
unsigned char e[] = "\x11";
unsigned char d[] = "\
\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44\
\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64\
\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9\
\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
unsigned char p[] = "\
\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5\
\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12\
\x0D";
unsigned char q[] = "\
\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9\
\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D\
\x89";
unsigned char dmp1[] = "\
\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF\
\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
unsigned char dmq1[] = "\
\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99\
\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D\
\x51";
unsigned char iqmp[] = "\
\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8\
\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
unsigned char ctext_ex[] ="\
\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89\
\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52\
\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44\
\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
SetKey;
}
int key2(RSA *key, unsigned char *c)
{
unsigned char n[] = "\
\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8\
\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26\
\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8\
\x34\x77\xCF";
unsigned char e[] = "\x3";
unsigned char d[] = "\
\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2\
\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41\
\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21\
\xE5\xEB";
unsigned char p[] = "\
\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\
\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
unsigned char q[] = "\
\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9\
\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
unsigned char dmp1[] = "\
\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61\
\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
unsigned char dmq1[] = "\
\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90\
\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
unsigned char iqmp[] = "\
\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13\
\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
unsigned char ctext_ex[] = "\
\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a\
\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4\
\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52\
\x62\x51";
SetKey;
}
int key3(RSA *key, unsigned char *c)
{
unsigned char n[] = "\
\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71\
\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5\
\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD\
\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80\
\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25\
\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39\
\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68\
\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD\
\xCB";
unsigned char e[] = "\x11";
unsigned char d[] = "\
\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD\
\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41\
\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69\
\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA\
\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94\
\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A\
\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94\
\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3\
\xC1";
unsigned char p[] = "\
\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60\
\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6\
\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A\
\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65\
\x99";
unsigned char q[] = "\
\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9\
\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D\
\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5\
\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15\
\x03";
unsigned char dmp1[] = "\
\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A\
\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E\
\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E\
\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
unsigned char dmq1[] = "\
\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9\
\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7\
\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D\
\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
unsigned char iqmp[] = "\
\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23\
\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11\
\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E\
\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39\
\xF7";
unsigned char ctext_ex[] = "\
\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7\
\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce\
\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3\
\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06\
\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86\
\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4\
\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a\
\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
SetKey;
}
int main()
{
int v;
RSA *key;
unsigned char ptext[256];
unsigned char ctext[256];
unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
unsigned char ctext_ex[256];
int plen;
int clen;
int num;
plen = sizeof(ptext_ex) - 1;
for (v = 0; v < 3; v++)
{
key = RSA_new();
switch (v) {
case 0:
clen = key1(key, ctext_ex);
break;
case 1:
clen = key2(key, ctext_ex);
break;
case 2:
clen = key3(key, ctext_ex);
break;
}
num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
RSA_PKCS1_OAEP_PADDING);
if (num != clen)
{
printf("Encryption failed!\n");
goto next;
}
num = RSA_private_decrypt(num, ctext, ptext, key,
RSA_PKCS1_OAEP_PADDING);
if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
{
printf("Decryption failed!\n");
goto next;
}
if (memcmp(ctext, ctext_ex, num) == 0)
{
printf("Vector %d passed!\n", v);
goto next;
}
/* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
Try decrypting ctext_ex */
num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
RSA_PKCS1_OAEP_PADDING);
if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
printf("Decryption failed!\n");
else
printf("Encyption/decryption successful!\n");
next:
RSA_free(key);
}
return (0);
}

11
test/Makefile.ssl
View File

@ -45,12 +45,13 @@ DHTEST= dhtest
DSATEST= dsatest DSATEST= dsatest
METHTEST= methtest METHTEST= methtest
SSLTEST= ssltest SSLTEST= ssltest
RSATEST= rsa_oaep_test
EXE= $(BNTEST) $(IDEATEST) $(MD2TEST) $(MD5TEST) $(HMACTEST) \ EXE= $(BNTEST) $(IDEATEST) $(MD2TEST) $(MD5TEST) $(HMACTEST) \
$(RC2TEST) $(RC4TEST) $(RC5TEST) \ $(RC2TEST) $(RC4TEST) $(RC5TEST) \
$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \ $(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
$(RANDTEST) $(DHTEST) \ $(RANDTEST) $(DHTEST) \
$(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST)
# $(METHTEST) # $(METHTEST)
@ -58,12 +59,12 @@ OBJ= $(BNTEST).o $(IDEATEST).o $(MD2TEST).o $(MD5TEST).o $(HMACTEST).o \
$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \ $(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \ $(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
$(RANDTEST).o $(DHTEST).o $(CASTTEST).o \ $(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
$(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(BFTEST).o $(SSLTEST).o $(DSATEST).o $(EXPTEST).o $(RSATEST).o
SRC= $(BNTEST).c $(IDEATEST).c $(MD2TEST).c $(MD5TEST).c $(HMACTEST).c \ SRC= $(BNTEST).c $(IDEATEST).c $(MD2TEST).c $(MD5TEST).c $(HMACTEST).c \
$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \ $(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \ $(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
$(RANDTEST).c $(DHTEST).c $(CASTTEST).c \ $(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
$(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(BFTEST).c $(SSLTEST).c $(DSATEST).c $(EXPTEST).c $(RSATEST).c
EXHEADER= EXHEADER=
HEADER= $(EXHEADER) HEADER= $(EXHEADER)
@ -157,6 +158,7 @@ test_x509:
test_rsa: test_rsa:
@sh ./trsa 2>/dev/null @sh ./trsa 2>/dev/null
./$(RSATEST)
test_crl: test_crl:
@sh ./tcrl 2>/dev/null @sh ./tcrl 2>/dev/null
@ -228,6 +230,9 @@ $(DLIBSSL):
$(DLIBCRYPTO): $(DLIBCRYPTO):
(cd ../crypto; $(MAKE)) (cd ../crypto; $(MAKE))
$(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
$(BNTEST): $(BNTEST).o $(DLIBCRYPTO) $(BNTEST): $(BNTEST).o $(DLIBCRYPTO)
$(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) $(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)