rsakgimpl.c

IBE是一种非对称密码技术

    /* Store the generated values in the buffers in the rsaGenCtx.
     */
    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->MpIntToOctetString (
      prime1, &sign, rsaGenCtx->prime1.data, rsaGenCtx->prime1.len,
      &(rsaGenCtx->prime1.len));
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->MpIntToOctetString (
      prime2, &sign, rsaGenCtx->prime2.data, rsaGenCtx->prime2.len,
      &(rsaGenCtx->prime2.len));
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->MpIntToOctetString (
      expo1, &sign, rsaGenCtx->expo1.data, rsaGenCtx->expo1.len,
      &(rsaGenCtx->expo1.len));
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->MpIntToOctetString (
      expo2, &sign, rsaGenCtx->expo2.data, rsaGenCtx->expo2.len,
      &(rsaGenCtx->expo2.len));
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->MpIntToOctetString (
      coeff, &sign, rsaGenCtx->coeff.data, rsaGenCtx->coeff.len,
      &(rsaGenCtx->coeff.len));
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->MpIntToOctetString (
      modulus, &sign, rsaGenCtx->modulus.data, rsaGenCtx->modulus.len,
      &(rsaGenCtx->modulus.len));
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = mpCtx->MpIntToOctetString (
      priExpo, &sign, rsaGenCtx->priExpo.data, rsaGenCtx->priExpo.len,
      &(rsaGenCtx->priExpo.len));
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = SetRSAPubKeyObject (libCtx, rsaGenCtx, pubKey);
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = SetRSAPriKeyObject (libCtx, rsaGenCtx, priKey);
    if (status != 0)
      break;

    VOLT_SET_FNCT_LINE (fnctLine)
    status = VoltTestRsaKeyPair (
      libCtx, surrCtx, rsaGenCtx->usageFlag, pubKey, priKey, randomToUse);

    /* If we're building this for the FIPS shared library, we want to set
     * the FIPS error.
     */
#if VOLT_BUILD == VOLT_BUILD_FIPS_SHARED
    if (status == VT_ERROR_UNMATCHED_KEY_PAIR)
    {
      VoltSetFipsError (VT_ERROR_FIPS_RSA_PAIR_GEN);
      status = VT_ERROR_FIPS_RSA_PAIR_GEN;
    }
#endif  /* VOLT_BUILD == VOLT_BUILD_FIPS_SHARED */
    if (status != 0)
      break;

    VOLT_CALL_SURRENDER (surrCtx, VT_SURRENDER_FNCT_RSA_KEY_GEN, 0, 0)

  } while (0);

  mpCtx->DestroyMpInt (&coeff);
  mpCtx->DestroyMpInt (&expo1);
  mpCtx->DestroyMpInt (&expo2);
  mpCtx->DestroyMpInt (&lambda);
  mpCtx->DestroyMpInt (&modulus);
  mpCtx->DestroyMpInt (&priExpo);
  mpCtx->DestroyMpInt (&pubExpo);
  mpCtx->DestroyMpInt (&prime1);
  mpCtx->DestroyMpInt (&prime2);

  VOLT_LOG_ERROR_INFO_COMPARE (
    status, 0, priKey, status, 0, errorType,
    (char *)0, "RSAGenerateKeyPair", fnctLine, (char *)0)

  return (status);
}

static int SetRSAPubKeyObject (
   VoltLibCtx *libCtx,
   VoltRsaKeyGenCtx *rsaGenCtx,
   VtKeyObject pubKey
   )
{
  int status;
  VtRSAPubKeyInfo keyInfo;
  VOLT_DECLARE_FNCT_LINE (fnctLine)

  VOLT_SET_FNCT_LINE (fnctLine)
  keyInfo.modulus = rsaGenCtx->modulus;
  keyInfo.pubExpo = rsaGenCtx->pubExpo;
  if (rsaGenCtx->usageFlag == VT_RSA_KEY_USAGE_SIGN_VERIFY)
    status = VtSetKeyParam (
      pubKey, VtKeyParamRSAPublicVerify, (Pointer)&keyInfo);
  else
    status = VtSetKeyParam (
      pubKey, VtKeyParamRSAPublicEncrypt, (Pointer)&keyInfo);

  VOLT_LOG_ERROR_INFO_COMPARE (
    status, libCtx, 0, status, 0, 0,
    (char *)0, "SetRSAPubKeyObject", fnctLine, (char *)0)

  return (status);
}

static int SetRSAPriKeyObject (
   VoltLibCtx *libCtx,
   VoltRsaKeyGenCtx *rsaGenCtx,
   VtKeyObject priKey
   )
{
  int status;
  VtRSAPriKeyInfo keyInfo;
  VOLT_DECLARE_FNCT_LINE (fnctLine)

  VOLT_SET_FNCT_LINE (fnctLine)
  keyInfo.modulus = rsaGenCtx->modulus;
  keyInfo.pubExpo = rsaGenCtx->pubExpo;
  keyInfo.priExpo = rsaGenCtx->priExpo;
  keyInfo.prime1 = rsaGenCtx->prime1;
  keyInfo.prime2 = rsaGenCtx->prime2;
  keyInfo.exponent1 = rsaGenCtx->expo1;
  keyInfo.exponent2 = rsaGenCtx->expo2;
  keyInfo.coefficient = rsaGenCtx->coeff;
  if (rsaGenCtx->usageFlag == VT_RSA_KEY_USAGE_SIGN_VERIFY)
    status = VtSetKeyParam (
      priKey, VtKeyParamRSAPrivateSign, (Pointer)&keyInfo);
  else
    status = VtSetKeyParam (
      priKey, VtKeyParamRSAPrivateDecrypt, (Pointer)&keyInfo);

  VOLT_LOG_ERROR_INFO_COMPARE (
    status, libCtx, 0, status, 0, 0,
    (char *)0, "SetRSAPriKeyObject", fnctLine, (char *)0)

  return (status);
}

int VoltTestRsaKeyPair (
   VoltLibCtx *libCtx,
   VoltSurrenderCtx *surrCtx,
   unsigned int usageFlag,
   VtKeyObject pubKey,
   VtKeyObject priKey,
   VtRandomObject random
   )
{
  int status;
  unsigned int modLen, offsetE, offsetD;
  unsigned int encryptedDataLen, decryptedDataLen, verifyResult;
  unsigned char *buffer = (unsigned char *)0;
  VtAlgorithmObject algObj = (VtAlgorithmObject)0;
  VtRSAPubKeyInfo *pubKeyInfo;
  VtRSAInfo rsaInfo;
  VOLT_DECLARE_ERROR_TYPE (errorType)
  VOLT_DECLARE_FNCT_LINE (fnctLine)

  do
  {
    /* How big is the modulus? We'll need input of that length and two
     * output buffers that size.
     */
    VOLT_SET_ERROR_TYPE (errorType, 0)
    VOLT_SET_FNCT_LINE (fnctLine)
    if (usageFlag == VT_RSA_KEY_USAGE_SIGN_VERIFY)
    {
      status = VtGetKeyParam (
        pubKey, VtKeyParamRSAPublicVerify, (Pointer *)&pubKeyInfo);
    }
    else
    {
      status = VtGetKeyParam (
        pubKey, VtKeyParamRSAPublicEncrypt, (Pointer *)&pubKeyInfo);
    }
    if (status != 0)
      break;

    modLen = pubKeyInfo->modulus.len;

    VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
    VOLT_SET_FNCT_LINE (fnctLine)
    status = VT_ERROR_MEMORY;
    buffer = (unsigned char *)Z2Malloc (
      (2 * modLen) + 20, VOLT_MEMORY_SENSITIVE);
    if (buffer == (unsigned char *)0)
      break;

    offsetE = 20;
    offsetD = 20 + modLen;

    /* Generate "random" data to encrypt or sign.
     */
    VOLT_SET_ERROR_TYPE (errorType, 0)
    VOLT_SET_FNCT_LINE (fnctLine)
    status = VtGenerateRandomBytes (random, buffer, 20);
    if (status != 0)
      break;

    if (usageFlag == VT_RSA_KEY_USAGE_ENCRYPT_DECRYPT)
    {
      /* Encrypt that data using the pubKey.
       */
      rsaInfo.padding = VtPaddingPkcs1Type2;
      rsaInfo.paddingInfo = (Pointer)0;
      VOLT_SET_FNCT_LINE (fnctLine)
      status = VtCreateAlgorithmObject (
        (VtLibCtx)libCtx, VtAlgorithmImplRSAEncrypt, (Pointer)&rsaInfo,
        &algObj);
      if (status != 0)
        break;

      /* Set the encryption object with the surrender ctx.
       */
      VOLT_SET_FNCT_LINE (fnctLine)
      status = VoltSetObjectSurrenderCtx ((VoltObject *)algObj, surrCtx);
      if (status != 0)
        break;

      VOLT_SET_FNCT_LINE (fnctLine)
      status = VtEncryptInit (algObj, pubKey);
      if (status != 0)
        break;

      VOLT_SET_FNCT_LINE (fnctLine)
      status = VtEncryptFinal (
        algObj, random, buffer, 20,
        buffer + offsetE, modLen, &encryptedDataLen);
      if (status != 0)
        break;

      /* Now decrypt the data.
       */
      VOLT_SET_FNCT_LINE (fnctLine)
      status = VtDecryptInit (algObj, priKey);
      if (status != 0)
        break;

      VOLT_SET_FNCT_LINE (fnctLine)
      status = VtDecryptFinal (
        algObj, (VtRandomObject)0, buffer + offsetE, encryptedDataLen,
        buffer + offsetD, modLen, &decryptedDataLen);
      if (status != 0)
        break;

      /* If the length and data are the same, the keys are partners.
       */
      VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
      VOLT_SET_FNCT_LINE (fnctLine)
      status = VT_ERROR_UNMATCHED_KEY_PAIR;
      if (decryptedDataLen != 20)
        break;

      VOLT_SET_FNCT_LINE (fnctLine)
      if (Z2Memcmp (buffer, buffer + offsetD, decryptedDataLen) != 0)
        break;
    }
    else
    {
      /* Sign using the private key.
       */
      rsaInfo.padding = VtPaddingPkcs1Type1;
      rsaInfo.paddingInfo = (Pointer)0;
      VOLT_SET_FNCT_LINE (fnctLine)
      status = VtCreateAlgorithmObject (
        (VtLibCtx)libCtx, VtAlgorithmImplRSASignVerify, (Pointer)&rsaInfo,
        &algObj);
      if (status != 0)
        break;

      /* Set the encryption object with the surrender ctx.
       */
      VOLT_SET_FNCT_LINE (fnctLine)
      status = VoltSetObjectSurrenderCtx ((VoltObject *)algObj, surrCtx);
      if (status != 0)
        break;

      VOLT_SET_FNCT_LINE (fnctLine)
      status = VtSign (
        algObj, priKey, random, VT_DIGEST_ALG_SHA1,
        buffer, 20, buffer + offsetE, modLen, &encryptedDataLen);
      if (status != 0)
        break;

      /* Try to verify
       */
      VOLT_SET_FNCT_LINE (fnctLine)
      status = VtVerifySignature (
        algObj, pubKey, random, VT_DIGEST_ALG_SHA1,
        buffer, 20, buffer + offsetE, encryptedDataLen, &verifyResult);
      if (status != 0)
        break;

      /* If the signature verifies, the keys are partners, if not, return
       * an error.
       */
      VOLT_SET_ERROR_TYPE (errorType, VT_ERROR_TYPE_PRIMARY)
      VOLT_SET_FNCT_LINE (fnctLine)
      status = VT_ERROR_UNMATCHED_KEY_PAIR;
      if (verifyResult == 0)
        break;
    }

    status = 0;

  } while (0);

  if (buffer != (unsigned char *)0)
    Z2Free (buffer);

  VtDestroyAlgorithmObject (&algObj);

  VOLT_LOG_ERROR_INFO_COMPARE (
    status, libCtx, 0, status, 0, errorType,
    (char *)0, "VoltTestRsaKeyPair", fnctLine, (char *)0)

  return (status);
}