AuroraMiddleware/libtomcrypt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Remove katja

Browse Source
This commit is contained in:
Steffen Jaeckel 2018-06-03 17:43:05 +02:00
parent e31e757a86
commit d9215be060
16 changed files with 2 additions and 978 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
demos/timing.c
View File

@ -821,78 +821,6 @@ static void time_rsa(void)
static void time_rsa(void) { fprintf(stderr, "NO RSA\n"); }
#endif
#if defined(LTC_MKAT)
/* time various KAT operations */
static void time_katja(void)
{
katja_key key;
ulong64 t1, t2;
unsigned char buf[2][4096];
unsigned long x, y, z, zzz;
int err, zz;
if (ltc_mp.name == NULL) return;
for (x = 1024; x <= 2048; x += 256) {
t2 = 0;
for (y = 0; y < 4; y++) {
t_start();
t1 = t_read();
if ((err = katja_make_key(&yarrow_prng, find_prng("yarrow"), x/8, &key)) != CRYPT_OK) {
fprintf(stderr, "\n\nkatja_make_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK));
exit(EXIT_FAILURE);
}
t1 = t_read() - t1;
t2 += t1;
if (y < 3) {
katja_free(&key);
}
}
t2 >>= 2;
fprintf(stderr, "Katja-%lu make_key took %15"PRI64"u cycles\n", x, t2);
t2 = 0;
for (y = 0; y < 16; y++) {
t_start();
t1 = t_read();
z = sizeof(buf[1]);
if ((err = katja_encrypt_key(buf[0], 32, buf[1], &z, "testprog", 8, &yarrow_prng,
find_prng("yarrow"), find_hash("sha1"),
&key)) != CRYPT_OK) {
fprintf(stderr, "\n\nkatja_encrypt_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK));
exit(EXIT_FAILURE);
}
t1 = t_read() - t1;
t2 += t1;
}
t2 >>= 4;
fprintf(stderr, "Katja-%lu encrypt_key took %15"PRI64"u cycles\n", x, t2);
t2 = 0;
for (y = 0; y < 2048; y++) {
t_start();
t1 = t_read();
zzz = sizeof(buf[0]);
if ((err = katja_decrypt_key(buf[1], z, buf[0], &zzz, "testprog", 8, find_hash("sha1"),
&zz, &key)) != CRYPT_OK) {
fprintf(stderr, "\n\nkatja_decrypt_key says %s, wait...no it should say %s...damn you!\n", error_to_string(err), error_to_string(CRYPT_OK));
exit(EXIT_FAILURE);
}
t1 = t_read() - t1;
t2 += t1;
}
t2 >>= 11;
fprintf(stderr, "Katja-%lu decrypt_key took %15"PRI64"u cycles\n", x, t2);
katja_free(&key);
}
}
#else
static void time_katja(void) { fprintf(stderr, "NO Katja\n"); }
#endif
#if defined(LTC_MDH)
/* time various DH operations */
static void time_dh(void)
@ -1424,7 +1352,6 @@ const struct
LTC_TEST_FN(time_dsa),
LTC_TEST_FN(time_ecc),
LTC_TEST_FN(time_dh),
LTC_TEST_FN(time_katja)
};
char *single_test = NULL;
unsigned int i;

7
src/headers/tomcrypt_custom.h
View File

@ -425,9 +425,6 @@
#define LTC_DH8192
#endif
/* Include Katja (a Rabin variant like RSA) */
/* #define LTC_MKAT */
/* Digital Signature Algorithm */
#define LTC_MDSA
@ -548,7 +545,7 @@
#endif
#endif
#if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA) || defined(LTC_MKAT)
#if defined(LTC_MECC) || defined(LTC_MRSA) || defined(LTC_MDSA)
/* Include the MPI functionality? (required by the PK algorithms) */
#define LTC_MPI
@ -578,7 +575,7 @@
#error ASN.1 DER requires MPI functionality
#endif
#if (defined(LTC_MDSA) || defined(LTC_MRSA) || defined(LTC_MECC) || defined(LTC_MKAT)) && !defined(LTC_DER)
#if (defined(LTC_MDSA) || defined(LTC_MRSA) || defined(LTC_MECC)) && !defined(LTC_DER)
#error PK requires ASN.1 DER functionality, make sure LTC_DER is enabled
#endif

55
src/headers/tomcrypt_pk.h
View File

@ -126,61 +126,6 @@ int rsa_set_crt_params(const unsigned char *dP, unsigned long dPlen,
rsa_key *key);
#endif
/* ---- Katja ---- */
#ifdef LTC_MKAT
/* Min and Max KAT key sizes (in bits) */
#define MIN_KAT_SIZE 1024
#define MAX_KAT_SIZE 4096
/** Katja PKCS style key */
typedef struct KAT_key {
/** Type of key, PK_PRIVATE or PK_PUBLIC */
int type;
/** The private exponent */
void *d;
/** The modulus */
void *N;
/** The p factor of N */
void *p;
/** The q factor of N */
void *q;
/** The 1/q mod p CRT param */
void *qP;
/** The d mod (p - 1) CRT param */
void *dP;
/** The d mod (q - 1) CRT param */
void *dQ;
/** The pq param */
void *pq;
} katja_key;
int katja_make_key(prng_state *prng, int wprng, int size, katja_key *key);
int katja_exptmod(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen, int which,
katja_key *key);
void katja_free(katja_key *key);
/* These use PKCS #1 v2.0 padding */
int katja_encrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
const unsigned char *lparam, unsigned long lparamlen,
prng_state *prng, int prng_idx, int hash_idx, katja_key *key);
int katja_decrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
const unsigned char *lparam, unsigned long lparamlen,
int hash_idx, int *stat,
katja_key *key);
/* PKCS #1 import/export */
int katja_export(unsigned char *out, unsigned long *outlen, int type, katja_key *key);
int katja_import(const unsigned char *in, unsigned long inlen, katja_key *key);
#endif
/* ---- DH Routines ---- */
#ifdef LTC_MDH

3
src/misc/crypt/crypt.c
View File

@ -353,9 +353,6 @@ const char *crypt_build_settings =
#if defined(LTC_MDSA)
" DSA\n"
#endif
#if defined(LTC_MKAT)
" Katja\n"
#endif
#if defined(LTC_PK_MAX_RETRIES)
" "NAME_VALUE(LTC_PK_MAX_RETRIES)"\n"
#endif

8
src/misc/crypt/crypt_constants.c
View File

@ -96,14 +96,6 @@ static const crypt_constant _crypt_constants[] = {
{"LTC_MRSA", 0},
#endif
#ifdef LTC_MKAT
{"LTC_MKAT", 1},
_C_STRINGIFY(MIN_KAT_SIZE),
_C_STRINGIFY(MAX_KAT_SIZE),
#else
{"LTC_MKAT", 0},
#endif
#ifdef LTC_MECC
{"LTC_MECC", 1},
_C_STRINGIFY(ECC_BUF_SIZE),

3
src/misc/crypt/crypt_sizes.c
View File

@ -249,9 +249,6 @@ static const crypt_size _crypt_sizes[] = {
_SZ_STRINGIFY_T(ecc_point),
_SZ_STRINGIFY_T(ecc_key),
#endif
#ifdef LTC_MKAT
_SZ_STRINGIFY_T(katja_key),
#endif
/* DER handling */
#ifdef LTC_DER

103
src/pk/katja/katja_decrypt_key.c
View File

@ -1,103 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file katja_decrypt_key.c
Katja PKCS #1 OAEP Decryption, Tom St Denis
*/
#ifdef LTC_MKAT
/**
(PKCS #1 v2.0) decrypt then OAEP depad
@param in The ciphertext
@param inlen The length of the ciphertext (octets)
@param out [out] The plaintext
@param outlen [in/out] The max size and resulting size of the plaintext (octets)
@param lparam The system "lparam" value
@param lparamlen The length of the lparam value (octets)
@param hash_idx The index of the hash desired
@param stat [out] Result of the decryption, 1==valid, 0==invalid
@param key The corresponding private Katja key
@return CRYPT_OK if succcessul (even if invalid)
*/
int katja_decrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
const unsigned char *lparam, unsigned long lparamlen,
int hash_idx, int *stat,
katja_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
unsigned char *tmp;
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(stat != NULL);
/* default to invalid */
*stat = 0;
/* valid hash ? */
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
return err;
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits( (key->N));
/* payload is upto pq, so we know q is 1/3rd the size of N and therefore pq is 2/3th the size */
modulus_bitlen = ((modulus_bitlen << 1) / 3);
/* round down to next byte */
modulus_bitlen -= (modulus_bitlen & 7) + 8;
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size( (key->N));
if (modulus_bytelen != inlen) {
return CRYPT_INVALID_PACKET;
}
/* allocate ram */
tmp = XMALLOC(inlen);
if (tmp == NULL) {
return CRYPT_MEM;
}
/* rsa decode the packet */
x = inlen;
if ((err = katja_exptmod(in, inlen, tmp, &x, PK_PRIVATE, key)) != CRYPT_OK) {
XFREE(tmp);
return err;
}
/* shift right by modulus_bytelen - modulus_bitlen/8 bytes */
for (x = 0; x < (modulus_bitlen >> 3); x++) {
tmp[x] = tmp[x+(modulus_bytelen-(modulus_bitlen>>3))];
}
/* now OAEP decode the packet */
err = pkcs_1_oaep_decode(tmp, x, lparam, lparamlen, modulus_bitlen, hash_idx,
out, outlen, stat);
XFREE(tmp);
return err;
}
#endif /* LTC_MRSA */
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

85
src/pk/katja/katja_encrypt_key.c
View File

@ -1,85 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file katja_encrypt_key.c
Katja PKCS-style OAEP encryption, Tom St Denis
*/
#ifdef LTC_MKAT
/**
(PKCS #1 v2.0) OAEP pad then encrypt
@param in The plaintext
@param inlen The length of the plaintext (octets)
@param out [out] The ciphertext
@param outlen [in/out] The max size and resulting size of the ciphertext
@param lparam The system "lparam" for the encryption
@param lparamlen The length of lparam (octets)
@param prng An active PRNG
@param prng_idx The index of the desired prng
@param hash_idx The index of the desired hash
@param key The Katja key to encrypt to
@return CRYPT_OK if successful
*/
int katja_encrypt_key(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen,
const unsigned char *lparam, unsigned long lparamlen,
prng_state *prng, int prng_idx, int hash_idx, katja_key *key)
{
unsigned long modulus_bitlen, modulus_bytelen, x;
int err;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
/* valid prng and hash ? */
if ((err = prng_is_valid(prng_idx)) != CRYPT_OK) {
return err;
}
if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
return err;
}
/* get modulus len in bits */
modulus_bitlen = mp_count_bits((key->N));
/* payload is upto pq, so we know q is 1/3rd the size of N and therefore pq is 2/3th the size */
modulus_bitlen = ((modulus_bitlen << 1) / 3);
/* round down to next byte */
modulus_bitlen -= (modulus_bitlen & 7) + 8;
/* outlen must be at least the size of the modulus */
modulus_bytelen = mp_unsigned_bin_size((key->N));
if (modulus_bytelen > *outlen) {
*outlen = modulus_bytelen;
return CRYPT_BUFFER_OVERFLOW;
}
/* OAEP pad the key */
x = *outlen;
if ((err = pkcs_1_oaep_encode(in, inlen, lparam,
lparamlen, modulus_bitlen, prng, prng_idx, hash_idx,
out, &x)) != CRYPT_OK) {
return err;
}
/* Katja exptmod the OAEP pad */
return katja_exptmod(out, x, out, outlen, PK_PUBLIC, key);
}
#endif /* LTC_MRSA */
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

73
src/pk/katja/katja_export.c
View File

@ -1,73 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file katja_export.c
Export Katja PKCS-style keys, Tom St Denis
*/
#ifdef LTC_MKAT
/**
This will export either an KatjaPublicKey or KatjaPrivateKey
@param out [out] Destination of the packet
@param outlen [in/out] The max size and resulting size of the packet
@param type The type of exported key (PK_PRIVATE or PK_PUBLIC)
@param key The Katja key to export
@return CRYPT_OK if successful
*/
int katja_export(unsigned char *out, unsigned long *outlen, int type, katja_key *key)
{
int err;
unsigned long zero=0;
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
/* type valid? */
if (!(key->type == PK_PRIVATE) && (type == PK_PRIVATE)) {
return CRYPT_PK_INVALID_TYPE;
}
if (type == PK_PRIVATE) {
/* private key */
/* output is
Version, n, d, p, q, d mod (p-1), d mod (q - 1), 1/q mod p, pq
*/
if ((err = der_encode_sequence_multi(out, outlen,
LTC_ASN1_SHORT_INTEGER, 1UL, &zero,
LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_INTEGER, 1UL, key->d,
LTC_ASN1_INTEGER, 1UL, key->p,
LTC_ASN1_INTEGER, 1UL, key->q,
LTC_ASN1_INTEGER, 1UL, key->dP,
LTC_ASN1_INTEGER, 1UL, key->dQ,
LTC_ASN1_INTEGER, 1UL, key->qP,
LTC_ASN1_INTEGER, 1UL, key->pq,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
return err;
}
/* clear zero and return */
return CRYPT_OK;
} else {
/* public key */
return der_encode_sequence_multi(out, outlen,
LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_EOL, 0UL, NULL);
}
}
#endif /* LTC_MRSA */
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

113
src/pk/katja/katja_exptmod.c
View File

@ -1,113 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file katja_exptmod.c
Katja PKCS-style exptmod, Tom St Denis
*/
#ifdef LTC_MKAT
/**
Compute an RSA modular exponentiation
@param in The input data to send into RSA
@param inlen The length of the input (octets)
@param out [out] The destination
@param outlen [in/out] The max size and resulting size of the output
@param which Which exponent to use, e.g. PK_PRIVATE or PK_PUBLIC
@param key The RSA key to use
@return CRYPT_OK if successful
*/
int katja_exptmod(const unsigned char *in, unsigned long inlen,
unsigned char *out, unsigned long *outlen, int which,
katja_key *key)
{
void *tmp, *tmpa, *tmpb;
unsigned long x;
int err;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(out != NULL);
LTC_ARGCHK(outlen != NULL);
LTC_ARGCHK(key != NULL);
/* is the key of the right type for the operation? */
if (which == PK_PRIVATE && (key->type != PK_PRIVATE)) {
return CRYPT_PK_NOT_PRIVATE;
}
/* must be a private or public operation */
if (which != PK_PRIVATE && which != PK_PUBLIC) {
return CRYPT_PK_INVALID_TYPE;
}
/* init and copy into tmp */
if ((err = mp_init_multi(&tmp, &tmpa, &tmpb, NULL)) != CRYPT_OK) { return err; }
if ((err = mp_read_unsigned_bin(tmp, (unsigned char *)in, (int)inlen)) != CRYPT_OK) { goto error; }
/* sanity check on the input */
if (mp_cmp(key->N, tmp) == LTC_MP_LT) {
err = CRYPT_PK_INVALID_SIZE;
goto done;
}
/* are we using the private exponent and is the key optimized? */
if (which == PK_PRIVATE) {
/* tmpa = tmp^dP mod p */
if ((err = mp_exptmod(tmp, key->dP, key->p, tmpa)) != CRYPT_OK) { goto error; }
/* tmpb = tmp^dQ mod q */
if ((err = mp_exptmod(tmp, key->dQ, key->q, tmpb)) != CRYPT_OK) { goto error; }
/* tmp = (tmpa - tmpb) * qInv (mod p) */
if ((err = mp_sub(tmpa, tmpb, tmp)) != CRYPT_OK) { goto error; }
if ((err = mp_mulmod(tmp, key->qP, key->p, tmp)) != CRYPT_OK) { goto error; }
/* tmp = tmpb + q * tmp */
if ((err = mp_mul(tmp, key->q, tmp)) != CRYPT_OK) { goto error; }
if ((err = mp_add(tmp, tmpb, tmp)) != CRYPT_OK) { goto error; }
} else {
/* exptmod it */
if ((err = mp_exptmod(tmp, key->N, key->N, tmp)) != CRYPT_OK) { goto error; }
}
/* read it back */
x = (unsigned long)mp_unsigned_bin_size(key->N);
if (x > *outlen) {
*outlen = x;
err = CRYPT_BUFFER_OVERFLOW;
goto done;
}
/* this should never happen ... */
if (mp_unsigned_bin_size(tmp) > mp_unsigned_bin_size(key->N)) {
err = CRYPT_ERROR;
goto done;
}
*outlen = x;
/* convert it */
zeromem(out, x);
if ((err = mp_to_unsigned_bin(tmp, out+(x-mp_unsigned_bin_size(tmp)))) != CRYPT_OK) { goto error; }
/* clean up and return */
err = CRYPT_OK;
goto done;
error:
done:
mp_clear_multi(tmp, tmpa, tmpb, NULL);
return err;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

33
src/pk/katja/katja_free.c
View File

@ -1,33 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file katja_free.c
Free an Katja key, Tom St Denis
*/
#ifdef LTC_MKAT
/**
Free an Katja key from memory
@param key The RSA key to free
*/
void katja_free(katja_key *key)
{
LTC_ARGCHK(key != NULL);
mp_clear_multi( key->d, key->N, key->dQ, key->dP,
key->qP, key->p, key->q, key->pq, NULL);
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

79
src/pk/katja/katja_import.c
View File

@ -1,79 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file katja_import.c
Import a PKCS-style Katja key, Tom St Denis
*/
#ifdef LTC_MKAT
/**
Import an KatjaPublicKey or KatjaPrivateKey [two-prime only, only support >= 1024-bit keys, defined in PKCS #1 v2.1]
@param in The packet to import from
@param inlen It's length (octets)
@param key [out] Destination for newly imported key
@return CRYPT_OK if successful, upon error allocated memory is freed
*/
int katja_import(const unsigned char *in, unsigned long inlen, katja_key *key)
{
int err;
void *zero;
LTC_ARGCHK(in != NULL);
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
/* init key */
if ((err = mp_init_multi(&zero, &key->d, &key->N, &key->dQ,
&key->dP, &key->qP, &key->p, &key->q, &key->pq, NULL)) != CRYPT_OK) {
return err;
}
if ((err = der_decode_sequence_multi(in, inlen,
LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto LBL_ERR;
}
if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) {
/* it's a private key */
if ((err = der_decode_sequence_multi(in, inlen,
LTC_ASN1_INTEGER, 1UL, zero,
LTC_ASN1_INTEGER, 1UL, key->N,
LTC_ASN1_INTEGER, 1UL, key->d,
LTC_ASN1_INTEGER, 1UL, key->p,
LTC_ASN1_INTEGER, 1UL, key->q,
LTC_ASN1_INTEGER, 1UL, key->dP,
LTC_ASN1_INTEGER, 1UL, key->dQ,
LTC_ASN1_INTEGER, 1UL, key->qP,
LTC_ASN1_INTEGER, 1UL, key->pq,
LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) {
goto LBL_ERR;
}
key->type = PK_PRIVATE;
} else {
/* public we have N */
key->type = PK_PUBLIC;
}
mp_clear(zero);
return CRYPT_OK;
LBL_ERR:
mp_clear_multi(zero, key->d, key->N, key->dQ, key->dP,
key->qP, key->p, key->q, key->pq, NULL);
return err;
}
#endif /* LTC_MRSA */
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

99
src/pk/katja/katja_make_key.c
View File

@ -1,99 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include "tomcrypt_private.h"
/**
@file katja_make_key.c
Katja key generation, Tom St Denis
*/
#ifdef LTC_MKAT
/**
Create a Katja key
@param prng An active PRNG state
@param wprng The index of the PRNG desired
@param size The size of the modulus (key size) desired (octets)
@param key [out] Destination of a newly created private key pair
@return CRYPT_OK if successful, upon error all allocated ram is freed
*/
int katja_make_key(prng_state *prng, int wprng, int size, katja_key *key)
{
void *p, *q, *tmp1, *tmp2;
int err;
LTC_ARGCHK(key != NULL);
LTC_ARGCHK(ltc_mp.name != NULL);
if ((size < (MIN_KAT_SIZE/8)) || (size > (MAX_KAT_SIZE/8))) {
return CRYPT_INVALID_KEYSIZE;
}
if ((err = prng_is_valid(wprng)) != CRYPT_OK) {
return err;
}
if ((err = mp_init_multi(&p, &q, &tmp1, &tmp2, NULL)) != CRYPT_OK) {
return err;
}
/* divide size by three */
size = (((size << 3) / 3) + 7) >> 3;
/* make prime "q" (we negate size to make q == 3 mod 4) */
if ((err = rand_prime(q, -size, prng, wprng)) != CRYPT_OK) { goto done; }
if ((err = mp_sub_d(q, 1, tmp1)) != CRYPT_OK) { goto done; }
/* make prime "p" */
do {
if ((err = rand_prime(p, size+1, prng, wprng)) != CRYPT_OK) { goto done; }
if ((err = mp_gcd(p, tmp1, tmp2)) != CRYPT_OK) { goto done; }
} while (mp_cmp_d(tmp2, 1) != LTC_MP_EQ);
/* make key */
if ((err = mp_init_multi(&key->d, &key->N, &key->dQ, &key->dP,
&key->qP, &key->p, &key->q, &key->pq, NULL)) != CRYPT_OK) {
goto error;
}
/* n=p^2q and 1/n mod pq */
if ((err = mp_copy( p, key->p)) != CRYPT_OK) { goto error2; }
if ((err = mp_copy( q, key->q)) != CRYPT_OK) { goto error2; }
if ((err = mp_mul(key->p, key->q, key->pq)) != CRYPT_OK) { goto error2; } /* tmp1 = pq */
if ((err = mp_mul(key->pq, key->p, key->N)) != CRYPT_OK) { goto error2; } /* N = p^2q */
if ((err = mp_sub_d( p, 1, tmp1)) != CRYPT_OK) { goto error2; } /* tmp1 = q-1 */
if ((err = mp_sub_d( q, 1, tmp2)) != CRYPT_OK) { goto error2; } /* tmp2 = p-1 */
if ((err = mp_lcm(tmp1, tmp2, key->d)) != CRYPT_OK) { goto error2; } /* tmp1 = lcd(p-1,q-1) */
if ((err = mp_invmod( key->N, key->d, key->d)) != CRYPT_OK) { goto error2; } /* key->d = 1/N mod pq */
/* optimize for CRT now */
/* find d mod q-1 and d mod p-1 */
if ((err = mp_mod( key->d, tmp1, key->dP)) != CRYPT_OK) { goto error2; } /* dP = d mod p-1 */
if ((err = mp_mod( key->d, tmp2, key->dQ)) != CRYPT_OK) { goto error2; } /* dQ = d mod q-1 */
if ((err = mp_invmod( q, p, key->qP)) != CRYPT_OK) { goto error2; } /* qP = 1/q mod p */
/* set key type (in this case it's CRT optimized) */
key->type = PK_PRIVATE;
/* return ok and free temps */
err = CRYPT_OK;
goto done;
error2:
mp_clear_multi( key->d, key->N, key->dQ, key->dP, key->qP, key->p, key->q, key->pq, NULL);
error:
done:
mp_clear_multi( tmp2, tmp1, p, q, NULL);
return err;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

244
tests/katja_test.c
View File

@ -1,244 +0,0 @@
/* LibTomCrypt, modular cryptographic library -- Tom St Denis
*
* LibTomCrypt is a library that provides various cryptographic
* algorithms in a highly modular and flexible manner.
*
* The library is free for all purposes without any express
* guarantee it works.
*/
#include <tomcrypt_test.h>
#if defined(LTC_MKAT)
int katja_test(void)
{
unsigned char in[1024], out[1024], tmp[1024];
katja_key key, privKey, pubKey;
int hash_idx, prng_idx, stat, stat2, size;
unsigned long kat_msgsize, len, len2, cnt;
static unsigned char lparam[] = { 0x01, 0x02, 0x03, 0x04 };
if (ltc_mp.name == NULL) return CRYPT_NOP;
hash_idx = find_hash("sha1");
prng_idx = find_prng("yarrow");
if (hash_idx == -1 || prng_idx == -1) {
fprintf(stderr, "katja_test requires LTC_SHA1 and yarrow");
return 1;
}
for (size = 1024; size <= 2048; size += 256) {
/* make 10 random key */
for (cnt = 0; cnt < 10; cnt++) {
DO(katja_make_key(&yarrow_prng, prng_idx, size/8, &key));
if (mp_count_bits(key.N) < size - 7) {
fprintf(stderr, "katja_%d key modulus has %d bits\n", size, mp_count_bits(key.N));
len = mp_unsigned_bin_size(key.N);
mp_to_unsigned_bin(key.N, tmp);
fprintf(stderr, "N == \n");
for (cnt = 0; cnt < len; ) {
fprintf(stderr, "%02x ", tmp[cnt]);
if (!(++cnt & 15)) fprintf(stderr, "\n");
}
len = mp_unsigned_bin_size(key.p);
mp_to_unsigned_bin(key.p, tmp);
fprintf(stderr, "p == \n");
for (cnt = 0; cnt < len; ) {
fprintf(stderr, "%02x ", tmp[cnt]);
if (!(++cnt & 15)) fprintf(stderr, "\n");
}
len = mp_unsigned_bin_size(key.q);
mp_to_unsigned_bin(key.q, tmp);
fprintf(stderr, "\nq == \n");
for (cnt = 0; cnt < len; ) {
fprintf(stderr, "%02x ", tmp[cnt]);
if (!(++cnt & 15)) fprintf(stderr, "\n");
}
fprintf(stderr, "\n");
return 1;
}
if (cnt != 9) {
katja_free(&key);
}
}
/* encrypt the key (without lparam) */
for (cnt = 0; cnt < 4; cnt++) {
for (kat_msgsize = 1; kat_msgsize <= 42; kat_msgsize++) {
/* make a random key/msg */
yarrow_read(in, kat_msgsize, &yarrow_prng);
len = sizeof(out);
len2 = kat_msgsize;
DO(katja_encrypt_key(in, kat_msgsize, out, &len, NULL, 0, &yarrow_prng, prng_idx, hash_idx, &key));
/* change a byte */
out[8] ^= 1;
DO(katja_decrypt_key(out, len, tmp, &len2, NULL, 0, hash_idx, &stat2, &key));
/* change a byte back */
out[8] ^= 1;
if (len2 != kat_msgsize) {
fprintf(stderr, "\nkatja_decrypt_key mismatch len %lu (first decrypt)", len2);
return 1;
}
len2 = kat_msgsize;
DO(katja_decrypt_key(out, len, tmp, &len2, NULL, 0, hash_idx, &stat, &key));
if (!(stat == 1 && stat2 == 0)) {
fprintf(stderr, "katja_decrypt_key failed");
return 1;
}
if (len2 != kat_msgsize || memcmp(tmp, in, kat_msgsize)) {
unsigned long x;
fprintf(stderr, "\nkatja_decrypt_key mismatch, len %lu (second decrypt)\n", len2);
fprintf(stderr, "Original contents: \n");
for (x = 0; x < kat_msgsize; ) {
fprintf(stderr, "%02x ", in[x]);
if (!(++x % 16)) {
fprintf(stderr, "\n");
}
}
fprintf(stderr, "\n");
fprintf(stderr, "Output contents: \n");
for (x = 0; x < kat_msgsize; ) {
fprintf(stderr, "%02x ", out[x]);
if (!(++x % 16)) {
fprintf(stderr, "\n");
}
}
fprintf(stderr, "\n");
return 1;
}
}
}
/* encrypt the key (with lparam) */
for (kat_msgsize = 1; kat_msgsize <= 42; kat_msgsize++) {
len = sizeof(out);
len2 = kat_msgsize;
DO(katja_encrypt_key(in, kat_msgsize, out, &len, lparam, sizeof(lparam), &yarrow_prng, prng_idx, hash_idx, &key));
/* change a byte */
out[8] ^= 1;
DO(katja_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), hash_idx, &stat2, &key));
if (len2 != kat_msgsize) {
fprintf(stderr, "\nkatja_decrypt_key mismatch len %lu (first decrypt)", len2);
return 1;
}
/* change a byte back */
out[8] ^= 1;
len2 = kat_msgsize;
DO(katja_decrypt_key(out, len, tmp, &len2, lparam, sizeof(lparam), hash_idx, &stat, &key));
if (!(stat == 1 && stat2 == 0)) {
fprintf(stderr, "katja_decrypt_key failed");
return 1;
}
if (len2 != kat_msgsize || memcmp(tmp, in, kat_msgsize)) {
fprintf(stderr, "katja_decrypt_key mismatch len %lu", len2);
return 1;
}
}
#if 0
/* sign a message (unsalted, lower cholestorol and Atkins approved) now */
len = sizeof(out);
DO(katja_sign_hash(in, 20, out, &len, &yarrow_prng, prng_idx, hash_idx, 0, &key));
/* export key and import as both private and public */
len2 = sizeof(tmp);
DO(katja_export(tmp, &len2, PK_PRIVATE, &key));
DO(katja_import(tmp, len2, &privKey));
len2 = sizeof(tmp);
DO(katja_export(tmp, &len2, PK_PUBLIC, &key));
DO(katja_import(tmp, len2, &pubKey));
/* verify with original */
DO(katja_verify_hash(out, len, in, 20, hash_idx, 0, &stat, &key));
/* change a byte */
in[0] ^= 1;
DO(katja_verify_hash(out, len, in, 20, hash_idx, 0, &stat2, &key));
if (!(stat == 1 && stat2 == 0)) {
fprintf(stderr, "katja_verify_hash (unsalted, origKey) failed, %d, %d", stat, stat2);
katja_free(&key);
katja_free(&pubKey);
katja_free(&privKey);
return 1;
}
/* verify with privKey */
/* change a byte */
in[0] ^= 1;
DO(katja_verify_hash(out, len, in, 20, hash_idx, 0, &stat, &privKey));
/* change a byte */
in[0] ^= 1;
DO(katja_verify_hash(out, len, in, 20, hash_idx, 0, &stat2, &privKey));
if (!(stat == 1 && stat2 == 0)) {
fprintf(stderr, "katja_verify_hash (unsalted, privKey) failed, %d, %d", stat, stat2);
katja_free(&key);
katja_free(&pubKey);
katja_free(&privKey);
return 1;
}
/* verify with pubKey */
/* change a byte */
in[0] ^= 1;
DO(katja_verify_hash(out, len, in, 20, hash_idx, 0, &stat, &pubKey));
/* change a byte */
in[0] ^= 1;
DO(katja_verify_hash(out, len, in, 20, hash_idx, 0, &stat2, &pubKey));
if (!(stat == 1 && stat2 == 0)) {
fprintf(stderr, "katja_verify_hash (unsalted, pubkey) failed, %d, %d", stat, stat2);
katja_free(&key);
katja_free(&pubKey);
katja_free(&privKey);
return 1;
}
/* sign a message (salted) now (use privKey to make, pubKey to verify) */
len = sizeof(out);
DO(katja_sign_hash(in, 20, out, &len, &yarrow_prng, prng_idx, hash_idx, 8, &privKey));
DO(katja_verify_hash(out, len, in, 20, hash_idx, 8, &stat, &pubKey));
/* change a byte */
in[0] ^= 1;
DO(katja_verify_hash(out, len, in, 20, hash_idx, 8, &stat2, &pubKey));
if (!(stat == 1 && stat2 == 0)) {
fprintf(stderr, "katja_verify_hash (salted) failed, %d, %d", stat, stat2);
katja_free(&key);
katja_free(&pubKey);
katja_free(&privKey);
return 1;
}
#endif
katja_free(&key);
katja_free(&pubKey);
katja_free(&privKey);
}
/* free the key and return */
return 0;
}
#else
int katja_test(void)
{
return CRYPT_NOP;
}
#endif
/* ref: $Format:%D$ */
/* git commit: $Format:%H$ */
/* commit time: $Format:%ai$ */

1
tests/test.c
View File

@ -38,7 +38,6 @@ static const test_function test_functions[] =
LTC_TEST_FN(dh_test),
LTC_TEST_FN(ecc_tests),
LTC_TEST_FN(dsa_test),
LTC_TEST_FN(katja_test),
LTC_TEST_FN(file_test),
LTC_TEST_FN(multi_test),
/* keep the prng_test always at the end as

1
tests/tomcrypt_test.h
View File

@ -32,7 +32,6 @@ int store_test(void);
int rotate_test(void);
int rsa_test(void);
int dh_test(void);
int katja_test(void);
int ecc_tests(void);
int dsa_test(void);
int der_test(void);