diff options
author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-07-14 11:58:29 +0200 |
---|---|---|
committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2010-07-14 11:58:29 +0200 |
commit | 0201edca222dbfe408690b6b7fd0e9c34e6a02d9 (patch) | |
tree | 9370842c7c736519191ec580f4d30129b348ac96 /examples | |
parent | 7e36c5726d7ab6b41ff186fae315f039cd4a97be (diff) | |
download | kernel-crypto-0201edca222dbfe408690b6b7fd0e9c34e6a02d9.tar.gz kernel-crypto-0201edca222dbfe408690b6b7fd0e9c34e6a02d9.tar.xz kernel-crypto-0201edca222dbfe408690b6b7fd0e9c34e6a02d9.zip |
Corrected RSA signature generation/verification.
Added Test for RSA and DSA signature generation and verification.
Diffstat (limited to 'examples')
-rw-r--r-- | examples/ncr.c | 4 | ||||
-rw-r--r-- | examples/pk.c | 300 |
2 files changed, 299 insertions, 5 deletions
diff --git a/examples/ncr.c b/examples/ncr.c index bb3d00626b9..69e699abd23 100644 --- a/examples/ncr.c +++ b/examples/ncr.c @@ -1116,8 +1116,8 @@ test_ncr_hash(int cfd) if (hash_vectors[i].key != NULL) nop.init.params.key = key; nop.init.op = hash_vectors[i].op; - nop.op.data.digest.text = dd; - nop.op.data.digest.output = dd2; + nop.op.data.sign.text = dd; + nop.op.data.sign.output = dd2; if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); diff --git a/examples/pk.c b/examples/pk.c index 1513d62a6b8..d35f3834561 100644 --- a/examples/pk.c +++ b/examples/pk.c @@ -204,8 +204,166 @@ int pubkey_info(void* data, int data_size) return 0; } -static int -test_ncr_rsa(int cfd) +static int rsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey, int pss) +{ + struct ncr_data_init_st dinit; + ncr_data_t datad; + ncr_data_t signd; + struct ncr_session_once_op_st nop; + uint8_t data[DATA_SIZE]; + + fprintf(stdout, "Tests on RSA (%s) key signature:", (pss!=0)?"PSS":"PKCS V1.5"); + fflush(stdout); + + memset(data, 0x3, sizeof(data)); + + /* data to sign */ + memset(&dinit, 0, sizeof(dinit)); + dinit.max_object_size = DATA_SIZE; + dinit.flags = NCR_DATA_FLAG_EXPORTABLE; + dinit.initial_data = data; + dinit.initial_data_size = sizeof(data); + + if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_DATA_INIT)"); + return 1; + } + + datad = dinit.desc; + + memset(&dinit, 0, sizeof(dinit)); + dinit.max_object_size = DATA_SIZE; + dinit.flags = NCR_DATA_FLAG_EXPORTABLE; + + if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_DATA_INIT)"); + return 1; + } + + signd = dinit.desc; + + /* sign datad */ + memset(&nop, 0, sizeof(nop)); + nop.init.algorithm = NCR_ALG_RSA; + nop.init.params.key = privkey; + nop.init.params.params.pk.type = (pss!=0)?RSA_PKCS1_PSS:RSA_PKCS1_V1_5; + nop.init.params.params.pk.sign_hash = NCR_ALG_SHA1; + + nop.init.op = NCR_OP_SIGN; + nop.op.data.sign.text = datad; + nop.op.data.sign.output = signd; + + if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_SESSION_ONCE)"); + return 1; + } + + /* verify signature */ + memset(&nop, 0, sizeof(nop)); + nop.init.algorithm = NCR_ALG_RSA; + nop.init.params.key = pubkey; + nop.init.params.params.pk.type = (pss!=0)?RSA_PKCS1_PSS:RSA_PKCS1_V1_5; + nop.init.params.params.pk.sign_hash = NCR_ALG_SHA1; + + nop.init.op = NCR_OP_VERIFY; + nop.op.data.verify.text = datad; + nop.op.data.verify.signature = signd; + + if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_SESSION_ONCE)"); + return 1; + } + + fprintf(stdout, " Success\n"); + + return 0; + +} + +static int dsa_key_sign_verify(int cfd, ncr_key_t privkey, ncr_key_t pubkey) +{ + struct ncr_data_init_st dinit; + ncr_data_t datad; + ncr_data_t signd; + struct ncr_session_once_op_st nop; + uint8_t data[DATA_SIZE]; + + fprintf(stdout, "Tests on DSA key signature:"); + fflush(stdout); + + memset(data, 0x3, sizeof(data)); + + /* data to sign */ + memset(&dinit, 0, sizeof(dinit)); + dinit.max_object_size = DATA_SIZE; + dinit.flags = NCR_DATA_FLAG_EXPORTABLE; + dinit.initial_data = data; + dinit.initial_data_size = sizeof(data); + + if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_DATA_INIT)"); + return 1; + } + + datad = dinit.desc; + + memset(&dinit, 0, sizeof(dinit)); + dinit.max_object_size = DATA_SIZE; + dinit.flags = NCR_DATA_FLAG_EXPORTABLE; + + if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_DATA_INIT)"); + return 1; + } + + signd = dinit.desc; + + /* sign datad */ + memset(&nop, 0, sizeof(nop)); + nop.init.algorithm = NCR_ALG_DSA; + nop.init.params.key = privkey; + nop.init.params.params.pk.sign_hash = NCR_ALG_SHA1; + + nop.init.op = NCR_OP_SIGN; + nop.op.data.sign.text = datad; + nop.op.data.sign.output = signd; + + if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_SESSION_ONCE)"); + return 1; + } + + /* verify signature */ + memset(&nop, 0, sizeof(nop)); + nop.init.algorithm = NCR_ALG_DSA; + nop.init.params.key = pubkey; + nop.init.params.params.pk.sign_hash = NCR_ALG_SHA1; + + nop.init.op = NCR_OP_VERIFY; + nop.op.data.verify.text = datad; + nop.op.data.verify.signature = signd; + + if (ioctl(cfd, NCRIO_SESSION_ONCE, &nop)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_SESSION_ONCE)"); + return 1; + } + + fprintf(stdout, " Success\n"); + + return 0; + +} + + +static int test_ncr_rsa(int cfd) { int ret; struct ncr_data_init_st dinit; @@ -215,7 +373,7 @@ test_ncr_rsa(int cfd) struct ncr_data_st kdata; uint8_t data[DATA_SIZE]; - fprintf(stdout, "Tests on RSA key generation:\n"); + fprintf(stdout, "\n\nTests on RSA key generation:\n"); /* convert it to key */ if (ioctl(cfd, NCRIO_KEY_INIT, &privkey)) { @@ -285,8 +443,135 @@ test_ncr_rsa(int cfd) return 1; } + /* export the public key */ + + memset(&keydata, 0, sizeof(keydata)); + keydata.key = pubkey; + keydata.data = dinit.desc; + + if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_IMPORT)"); + return 1; + } + + /* now read data */ + memset(data, 0, sizeof(data)); + + kdata.desc = dinit.desc; + kdata.data = data; + kdata.data_size = sizeof(data); + kdata.append_flag = 0; + + if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_DATA_GET)"); + return 1; + } + + ret = pubkey_info(kdata.data, kdata.data_size); + if (ret < 0) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + return 1; + } + + ret = rsa_key_sign_verify(cfd, privkey, pubkey, 0); + if (ret != 0) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + return 1; + } + + ret = rsa_key_sign_verify(cfd, privkey, pubkey, 1); + if (ret != 0) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + return 1; + } + + return 0; + +} + +static int test_ncr_dsa(int cfd) +{ + int ret; + struct ncr_data_init_st dinit; + struct ncr_key_generate_st kgen; + ncr_key_t pubkey, privkey; + struct ncr_key_data_st keydata; + struct ncr_data_st kdata; + uint8_t data[DATA_SIZE]; + + fprintf(stdout, "\n\nTests on DSA key generation:\n"); + + /* convert it to key */ + if (ioctl(cfd, NCRIO_KEY_INIT, &privkey)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_INIT)"); + return 1; + } + + if (ioctl(cfd, NCRIO_KEY_INIT, &pubkey)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_INIT)"); + return 1; + } + + memset(&kgen, 0, sizeof(kgen)); + kgen.desc = privkey; + kgen.desc2 = pubkey; + kgen.params.algorithm = NCR_ALG_DSA; + kgen.params.keyflags = NCR_KEY_FLAG_EXPORTABLE|NCR_KEY_FLAG_WRAPPABLE; + kgen.params.params.dsa.q_bits = 160; + kgen.params.params.dsa.p_bits = 1024; + + if (ioctl(cfd, NCRIO_KEY_GENERATE_PAIR, &kgen)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_GENERATE_PAIR)"); + return 1; + } + + /* export the private key */ + dinit.max_object_size = DATA_SIZE; + dinit.flags = NCR_DATA_FLAG_EXPORTABLE; + dinit.initial_data = NULL; + dinit.initial_data_size = 0; + + if (ioctl(cfd, NCRIO_DATA_INIT, &dinit)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_DATA_INIT)"); + return 1; + } + memset(&keydata, 0, sizeof(keydata)); + keydata.key = privkey; + keydata.data = dinit.desc; + if (ioctl(cfd, NCRIO_KEY_EXPORT, &keydata)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_KEY_EXPORT)"); + return 1; + } + + /* now read data */ + memset(data, 0, sizeof(data)); + + kdata.desc = dinit.desc; + kdata.data = data; + kdata.data_size = sizeof(data); + kdata.append_flag = 0; + + if (ioctl(cfd, NCRIO_DATA_GET, &kdata)) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + perror("ioctl(NCRIO_DATA_GET)"); + return 1; + } + + ret = privkey_info(kdata.data, kdata.data_size); + if (ret != 0) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + return 1; + } + /* export the public key */ memset(&keydata, 0, sizeof(keydata)); @@ -319,6 +604,12 @@ test_ncr_rsa(int cfd) return 1; } + ret = dsa_key_sign_verify(cfd, privkey, pubkey); + if (ret != 0) { + fprintf(stderr, "Error: %s:%d\n", __func__, __LINE__); + return 1; + } + return 0; } @@ -340,6 +631,9 @@ main() return 1; } + if (test_ncr_dsa(fd)) + return 1; + if (test_ncr_rsa(fd)) return 1; |