1*1c9681d1Schristos /* $NetBSD: test_rsa.c,v 1.2 2017/01/28 21:31:47 christos Exp $ */
2f59d82ffSelric
3f59d82ffSelric /*
4f59d82ffSelric * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
5f59d82ffSelric * (Royal Institute of Technology, Stockholm, Sweden).
6f59d82ffSelric * All rights reserved.
7f59d82ffSelric *
8f59d82ffSelric * Redistribution and use in source and binary forms, with or without
9f59d82ffSelric * modification, are permitted provided that the following conditions
10f59d82ffSelric * are met:
11f59d82ffSelric *
12f59d82ffSelric * 1. Redistributions of source code must retain the above copyright
13f59d82ffSelric * notice, this list of conditions and the following disclaimer.
14f59d82ffSelric *
15f59d82ffSelric * 2. Redistributions in binary form must reproduce the above copyright
16f59d82ffSelric * notice, this list of conditions and the following disclaimer in the
17f59d82ffSelric * documentation and/or other materials provided with the distribution.
18f59d82ffSelric *
19f59d82ffSelric * 3. Neither the name of the Institute nor the names of its contributors
20f59d82ffSelric * may be used to endorse or promote products derived from this software
21f59d82ffSelric * without specific prior written permission.
22f59d82ffSelric *
23f59d82ffSelric * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24f59d82ffSelric * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25f59d82ffSelric * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26f59d82ffSelric * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27f59d82ffSelric * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28f59d82ffSelric * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29f59d82ffSelric * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30f59d82ffSelric * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31f59d82ffSelric * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32f59d82ffSelric * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33f59d82ffSelric * SUCH DAMAGE.
34f59d82ffSelric */
35f59d82ffSelric
36f59d82ffSelric #include <config.h>
37f59d82ffSelric #include <krb5/roken.h>
38f59d82ffSelric #include <krb5/getarg.h>
39f59d82ffSelric
40f59d82ffSelric #include <engine.h>
41f59d82ffSelric #include <evp.h>
42f59d82ffSelric
43f59d82ffSelric /*
44f59d82ffSelric *
45f59d82ffSelric */
46f59d82ffSelric
47f59d82ffSelric static int version_flag;
48f59d82ffSelric static int help_flag;
49f59d82ffSelric static int time_keygen;
50f59d82ffSelric static char *time_key;
51f59d82ffSelric static int key_blinding = 1;
52f59d82ffSelric static char *rsa_key;
53f59d82ffSelric static char *id_flag;
54f59d82ffSelric static int loops = 1;
55f59d82ffSelric
56f59d82ffSelric static struct getargs args[] = {
57f59d82ffSelric { "loops", 0, arg_integer, &loops,
58f59d82ffSelric "number of loops", "loops" },
59f59d82ffSelric { "id", 0, arg_string, &id_flag,
60f59d82ffSelric "selects the engine id", "engine-id" },
61f59d82ffSelric { "time-keygen", 0, arg_flag, &time_keygen,
62f59d82ffSelric "time rsa generation", NULL },
63f59d82ffSelric { "time-key", 0, arg_string, &time_key,
64f59d82ffSelric "rsa key file", NULL },
65f59d82ffSelric { "key-blinding", 0, arg_negative_flag, &key_blinding,
66f59d82ffSelric "key blinding", NULL },
67f59d82ffSelric { "key", 0, arg_string, &rsa_key,
68f59d82ffSelric "rsa key file", NULL },
69f59d82ffSelric { "version", 0, arg_flag, &version_flag,
70f59d82ffSelric "print version", NULL },
71f59d82ffSelric { "help", 0, arg_flag, &help_flag,
72f59d82ffSelric NULL, NULL }
73f59d82ffSelric };
74f59d82ffSelric
75f59d82ffSelric /*
76f59d82ffSelric *
77f59d82ffSelric */
78f59d82ffSelric
79f59d82ffSelric static void
check_rsa(const unsigned char * in,size_t len,RSA * rsa,int padding)80f59d82ffSelric check_rsa(const unsigned char *in, size_t len, RSA *rsa, int padding)
81f59d82ffSelric {
82f59d82ffSelric unsigned char *res, *res2;
83f59d82ffSelric unsigned int len2;
84f59d82ffSelric int keylen;
85f59d82ffSelric
86f59d82ffSelric res = malloc(RSA_size(rsa));
87f59d82ffSelric if (res == NULL)
88f59d82ffSelric errx(1, "res: ENOMEM");
89f59d82ffSelric
90f59d82ffSelric res2 = malloc(RSA_size(rsa));
91f59d82ffSelric if (res2 == NULL)
92f59d82ffSelric errx(1, "res2: ENOMEM");
93f59d82ffSelric
94f59d82ffSelric /* signing */
95f59d82ffSelric
96f59d82ffSelric keylen = RSA_private_encrypt(len, in, res, rsa, padding);
97f59d82ffSelric if (keylen <= 0)
98f59d82ffSelric errx(1, "failed to private encrypt: %d %d", (int)len, (int)keylen);
99f59d82ffSelric
100f59d82ffSelric if (keylen > RSA_size(rsa))
101f59d82ffSelric errx(1, "keylen > RSA_size(rsa)");
102f59d82ffSelric
103f59d82ffSelric keylen = RSA_public_decrypt(keylen, res, res2, rsa, padding);
104f59d82ffSelric if (keylen <= 0)
105f59d82ffSelric errx(1, "failed to public decrypt: %d", (int)keylen);
106f59d82ffSelric
107f59d82ffSelric if (keylen != len)
108f59d82ffSelric errx(1, "output buffer not same length: %d", (int)keylen);
109f59d82ffSelric
110f59d82ffSelric if (memcmp(res2, in, len) != 0)
111f59d82ffSelric errx(1, "string not the same after decryption");
112f59d82ffSelric
113f59d82ffSelric /* encryption */
114f59d82ffSelric
115f59d82ffSelric keylen = RSA_public_encrypt(len, in, res, rsa, padding);
116f59d82ffSelric if (keylen <= 0)
117f59d82ffSelric errx(1, "failed to public encrypt: %d", (int)keylen);
118f59d82ffSelric
119f59d82ffSelric if (keylen > RSA_size(rsa))
120f59d82ffSelric errx(1, "keylen > RSA_size(rsa)");
121f59d82ffSelric
122f59d82ffSelric keylen = RSA_private_decrypt(keylen, res, res2, rsa, padding);
123f59d82ffSelric if (keylen <= 0)
124f59d82ffSelric errx(1, "failed to private decrypt: %d", (int)keylen);
125f59d82ffSelric
126f59d82ffSelric if (keylen != len)
127f59d82ffSelric errx(1, "output buffer not same length: %d", (int)keylen);
128f59d82ffSelric
129f59d82ffSelric if (memcmp(res2, in, len) != 0)
130f59d82ffSelric errx(1, "string not the same after decryption");
131f59d82ffSelric
132f59d82ffSelric len2 = keylen;
133f59d82ffSelric
134f59d82ffSelric if (RSA_sign(NID_sha1, in, len, res, &len2, rsa) != 1)
135f59d82ffSelric errx(1, "RSA_sign failed");
136f59d82ffSelric
137f59d82ffSelric if (RSA_verify(NID_sha1, in, len, res, len2, rsa) != 1)
138f59d82ffSelric errx(1, "RSA_verify failed");
139f59d82ffSelric
140f59d82ffSelric free(res);
141f59d82ffSelric free(res2);
142f59d82ffSelric }
143f59d82ffSelric
144f59d82ffSelric static int
cb_func(int a,int b,BN_GENCB * c)145f59d82ffSelric cb_func(int a, int b, BN_GENCB *c)
146f59d82ffSelric {
147f59d82ffSelric return 1;
148f59d82ffSelric }
149f59d82ffSelric
150f59d82ffSelric static RSA *
read_key(ENGINE * engine,const char * keyfile)151e0895134Schristos read_key(ENGINE *engine, const char *keyfile)
152f59d82ffSelric {
153f59d82ffSelric unsigned char buf[1024 * 4];
154f59d82ffSelric const unsigned char *p;
155f59d82ffSelric size_t size;
156f59d82ffSelric RSA *rsa;
157f59d82ffSelric FILE *f;
158f59d82ffSelric
159e0895134Schristos f = fopen(keyfile, "rb");
160f59d82ffSelric if (f == NULL)
161e0895134Schristos err(1, "could not open file %s", keyfile);
162f59d82ffSelric rk_cloexec_file(f);
163f59d82ffSelric
164f59d82ffSelric size = fread(buf, 1, sizeof(buf), f);
165f59d82ffSelric fclose(f);
166f59d82ffSelric if (size == 0)
167e0895134Schristos err(1, "failed to read file %s", keyfile);
168f59d82ffSelric if (size == sizeof(buf))
169e0895134Schristos err(1, "key too long in file %s!", keyfile);
170f59d82ffSelric
171f59d82ffSelric p = buf;
172f59d82ffSelric rsa = d2i_RSAPrivateKey(NULL, &p, size);
173f59d82ffSelric if (rsa == NULL)
174e0895134Schristos err(1, "failed to parse key in file %s", keyfile);
175f59d82ffSelric
176f59d82ffSelric RSA_set_method(rsa, ENGINE_get_RSA(engine));
177f59d82ffSelric
178f59d82ffSelric if (!key_blinding)
179f59d82ffSelric rsa->flags |= RSA_FLAG_NO_BLINDING;
180f59d82ffSelric
181f59d82ffSelric return rsa;
182f59d82ffSelric }
183f59d82ffSelric
184f59d82ffSelric /*
185f59d82ffSelric *
186f59d82ffSelric */
187f59d82ffSelric
188f59d82ffSelric static void
usage(int ret)189f59d82ffSelric usage (int ret)
190f59d82ffSelric {
191f59d82ffSelric arg_printusage (args,
192f59d82ffSelric sizeof(args)/sizeof(*args),
193f59d82ffSelric NULL,
194f59d82ffSelric "filename.so");
195f59d82ffSelric exit (ret);
196f59d82ffSelric }
197f59d82ffSelric
198f59d82ffSelric int
main(int argc,char ** argv)199f59d82ffSelric main(int argc, char **argv)
200f59d82ffSelric {
201f59d82ffSelric ENGINE *engine = NULL;
202f59d82ffSelric int i, j, idx = 0;
203f59d82ffSelric RSA *rsa;
204f59d82ffSelric
205f59d82ffSelric setprogname(argv[0]);
206f59d82ffSelric
207f59d82ffSelric if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &idx))
208f59d82ffSelric usage(1);
209f59d82ffSelric
210f59d82ffSelric if (help_flag)
211f59d82ffSelric usage(0);
212f59d82ffSelric
213f59d82ffSelric if(version_flag){
214f59d82ffSelric print_version(NULL);
215f59d82ffSelric exit(0);
216f59d82ffSelric }
217f59d82ffSelric
218f59d82ffSelric argc -= idx;
219f59d82ffSelric argv += idx;
220f59d82ffSelric
221f59d82ffSelric OpenSSL_add_all_algorithms();
222f59d82ffSelric #ifdef OPENSSL
223f59d82ffSelric ENGINE_load_openssl();
224f59d82ffSelric #endif
225f59d82ffSelric ENGINE_load_builtin_engines();
226f59d82ffSelric
227f59d82ffSelric if (argc == 0) {
228f59d82ffSelric engine = ENGINE_by_id("builtin");
229f59d82ffSelric } else {
230f59d82ffSelric engine = ENGINE_by_id(argv[0]);
231f59d82ffSelric if (engine == NULL)
232f59d82ffSelric engine = ENGINE_by_dso(argv[0], id_flag);
233f59d82ffSelric }
234f59d82ffSelric if (engine == NULL)
235f59d82ffSelric errx(1, "ENGINE_by_dso failed");
236f59d82ffSelric
237f59d82ffSelric if (ENGINE_get_RSA(engine) == NULL)
238f59d82ffSelric return 77;
239f59d82ffSelric
240f59d82ffSelric printf("rsa %s\n", ENGINE_get_RSA(engine)->name);
241f59d82ffSelric
242f59d82ffSelric if (RAND_status() != 1)
243f59d82ffSelric errx(77, "no functional random device, refusing to run tests");
244f59d82ffSelric
245f59d82ffSelric if (time_keygen) {
246f59d82ffSelric struct timeval tv1, tv2;
247f59d82ffSelric BIGNUM *e;
248f59d82ffSelric
249f59d82ffSelric rsa = RSA_new_method(engine);
250f59d82ffSelric if (!key_blinding)
251f59d82ffSelric rsa->flags |= RSA_FLAG_NO_BLINDING;
252f59d82ffSelric
253f59d82ffSelric e = BN_new();
254f59d82ffSelric BN_set_word(e, 0x10001);
255f59d82ffSelric
256f59d82ffSelric printf("running keygen with %d loops\n", loops);
257f59d82ffSelric
258f59d82ffSelric gettimeofday(&tv1, NULL);
259f59d82ffSelric
260f59d82ffSelric for (i = 0; i < loops; i++) {
261f59d82ffSelric rsa = RSA_new_method(engine);
262f59d82ffSelric if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1)
263f59d82ffSelric errx(1, "RSA_generate_key_ex");
264f59d82ffSelric RSA_free(rsa);
265f59d82ffSelric }
266f59d82ffSelric
267f59d82ffSelric gettimeofday(&tv2, NULL);
268f59d82ffSelric timevalsub(&tv2, &tv1);
269f59d82ffSelric
270f59d82ffSelric printf("time %lu.%06lu\n",
271f59d82ffSelric (unsigned long)tv2.tv_sec,
272f59d82ffSelric (unsigned long)tv2.tv_usec);
273f59d82ffSelric
274f59d82ffSelric BN_free(e);
275f59d82ffSelric ENGINE_finish(engine);
276f59d82ffSelric
277f59d82ffSelric return 0;
278f59d82ffSelric }
279f59d82ffSelric
280f59d82ffSelric if (time_key) {
281f59d82ffSelric const int size = 20;
282f59d82ffSelric struct timeval tv1, tv2;
283f59d82ffSelric unsigned char *p;
284f59d82ffSelric
285f59d82ffSelric if (strcmp(time_key, "generate") == 0) {
286f59d82ffSelric BIGNUM *e;
287f59d82ffSelric
288f59d82ffSelric rsa = RSA_new_method(engine);
289f59d82ffSelric if (!key_blinding)
290f59d82ffSelric rsa->flags |= RSA_FLAG_NO_BLINDING;
291f59d82ffSelric
292f59d82ffSelric e = BN_new();
293f59d82ffSelric BN_set_word(e, 0x10001);
294f59d82ffSelric
295f59d82ffSelric if (RSA_generate_key_ex(rsa, 1024, e, NULL) != 1)
296f59d82ffSelric errx(1, "RSA_generate_key_ex");
297f59d82ffSelric } else {
298f59d82ffSelric rsa = read_key(engine, time_key);
299f59d82ffSelric }
300f59d82ffSelric
301f59d82ffSelric p = emalloc(loops * size);
302f59d82ffSelric
303f59d82ffSelric RAND_bytes(p, loops * size);
304f59d82ffSelric
305f59d82ffSelric gettimeofday(&tv1, NULL);
306f59d82ffSelric for (i = 0; i < loops; i++)
307f59d82ffSelric check_rsa(p + (i * size), size, rsa, RSA_PKCS1_PADDING);
308f59d82ffSelric gettimeofday(&tv2, NULL);
309f59d82ffSelric
310f59d82ffSelric timevalsub(&tv2, &tv1);
311f59d82ffSelric
312f59d82ffSelric printf("time %lu.%06lu\n",
313f59d82ffSelric (unsigned long)tv2.tv_sec,
314f59d82ffSelric (unsigned long)tv2.tv_usec);
315f59d82ffSelric
316f59d82ffSelric RSA_free(rsa);
317f59d82ffSelric ENGINE_finish(engine);
318f59d82ffSelric
319f59d82ffSelric return 0;
320f59d82ffSelric }
321f59d82ffSelric
322f59d82ffSelric if (rsa_key) {
323f59d82ffSelric rsa = read_key(engine, rsa_key);
324f59d82ffSelric
325f59d82ffSelric /*
326f59d82ffSelric * Assuming that you use the RSA key in the distribution, this
327f59d82ffSelric * test will generate a signature have a starting zero and thus
328f59d82ffSelric * will generate a checksum that is 127 byte instead of the
329f59d82ffSelric * checksum that is 128 byte (like the key).
330f59d82ffSelric */
331f59d82ffSelric {
332f59d82ffSelric const unsigned char sha1[20] = {
333f59d82ffSelric 0x6d, 0x33, 0xf9, 0x40, 0x75, 0x5b, 0x4e, 0xc5, 0x90, 0x35,
334f59d82ffSelric 0x48, 0xab, 0x75, 0x02, 0x09, 0x76, 0x9a, 0xb4, 0x7d, 0x6b
335f59d82ffSelric };
336f59d82ffSelric
337f59d82ffSelric check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
338f59d82ffSelric }
339f59d82ffSelric
340f59d82ffSelric for (i = 0; i < 128; i++) {
341f59d82ffSelric unsigned char sha1[20];
342f59d82ffSelric
343f59d82ffSelric RAND_bytes(sha1, sizeof(sha1));
344f59d82ffSelric check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
345f59d82ffSelric }
346f59d82ffSelric for (i = 0; i < 128; i++) {
347f59d82ffSelric unsigned char des3[21];
348f59d82ffSelric
349f59d82ffSelric RAND_bytes(des3, sizeof(des3));
350f59d82ffSelric check_rsa(des3, sizeof(des3), rsa, RSA_PKCS1_PADDING);
351f59d82ffSelric }
352f59d82ffSelric for (i = 0; i < 128; i++) {
353f59d82ffSelric unsigned char aes[32];
354f59d82ffSelric
355f59d82ffSelric RAND_bytes(aes, sizeof(aes));
356f59d82ffSelric check_rsa(aes, sizeof(aes), rsa, RSA_PKCS1_PADDING);
357f59d82ffSelric }
358f59d82ffSelric
359f59d82ffSelric RSA_free(rsa);
360f59d82ffSelric }
361f59d82ffSelric
362f59d82ffSelric for (i = 0; i < loops; i++) {
363f59d82ffSelric BN_GENCB cb;
364f59d82ffSelric BIGNUM *e;
365f59d82ffSelric unsigned int n;
366f59d82ffSelric
367f59d82ffSelric rsa = RSA_new_method(engine);
368f59d82ffSelric if (!key_blinding)
369f59d82ffSelric rsa->flags |= RSA_FLAG_NO_BLINDING;
370f59d82ffSelric
371f59d82ffSelric e = BN_new();
372f59d82ffSelric BN_set_word(e, 0x10001);
373f59d82ffSelric
374f59d82ffSelric BN_GENCB_set(&cb, cb_func, NULL);
375f59d82ffSelric
376f59d82ffSelric RAND_bytes(&n, sizeof(n));
377f59d82ffSelric n &= 0x1ff;
378f59d82ffSelric n += 1024;
379f59d82ffSelric
380f59d82ffSelric if (RSA_generate_key_ex(rsa, n, e, &cb) != 1)
381f59d82ffSelric errx(1, "RSA_generate_key_ex");
382f59d82ffSelric
383f59d82ffSelric BN_free(e);
384f59d82ffSelric
385f59d82ffSelric for (j = 0; j < 8; j++) {
386f59d82ffSelric unsigned char sha1[20];
387f59d82ffSelric RAND_bytes(sha1, sizeof(sha1));
388f59d82ffSelric check_rsa(sha1, sizeof(sha1), rsa, RSA_PKCS1_PADDING);
389f59d82ffSelric }
390f59d82ffSelric
391f59d82ffSelric RSA_free(rsa);
392f59d82ffSelric }
393f59d82ffSelric
394f59d82ffSelric ENGINE_finish(engine);
395f59d82ffSelric
396f59d82ffSelric return 0;
397f59d82ffSelric }
398