📄 keytest.c
字号:
/*____________________________________________________________________________
Keytest.c
Copyright (C) 2003, 2004 PGP Corporation
All rights reserved.
Keytest.c - This file contains functions which are used to
Run pair-wise consistancy self test for Keys Certificates
$Id: Keytest.c 48493 2006-10-12 21:19:56Z vinnie $
____________________________________________________________________________*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>
#include "pgpEncode.h"
#include "pgpErrors.h"
#include "pgpKeys.h"
#include "pgpPublicKey.h"
#include "pgpHash.h"
#include "pgpUtilities.h"
#include "optest.h"
/*
* Run pair-wise consistancy self test for Keys Certificates
*/
PGPError TestKeyCertificate(
PGPContextRef context,
PGPKeyDBObjRef theKey,
const PGPByte * pass,
const PGPByte * encodeData,
const PGPSize encodeDataLen,
const PGPByte * signData,
const PGPSize signDataLen,
const PGPByte * katSigData,
const PGPSize katSigDataLen )
{
PGPError err = kPGPError_NoErr;
PGPKeyDBObjRef useKey = kInvalidPGPKeyDBObjRef;
PGPPrivateKeyContextRef privKey = kInvalidPGPPrivateKeyContextRef;
PGPPublicKeyContextRef pubKey = kInvalidPGPPublicKeyContextRef;
PGPHashContextRef hashref = kInvalidPGPHashContextRef;
PGPHashContextRef hashref1 = kInvalidPGPHashContextRef;
PGPHashContextRef hashref2 = kInvalidPGPHashContextRef;
PGPSize sigBufSize, decodeBufSize, encodeBufSize;
PGPInt32 algorithm = 0;
PGPInt32 version = 0;
PGPInt32 bits = 0;
PGPByte * sigBuf = NULL;
PGPByte * encodeBuf = NULL;
PGPByte * decodeBuf = NULL;
/* Get Key properties */
PGPBoolean canEncrypt = canKeyEncrypt(theKey);
PGPBoolean canDecrypt = canKeyDecrypt(theKey);
PGPBoolean canSign = canKeySignMessages(theKey);
PGPBoolean canVerify = canKeyVerify(theKey);
OPTESTPrintF("Test ");
/*
* Perform Sign/Verify Test
*/
if(canSign && canVerify)
{
PGPSize hashSize;
PGPByte hashBuf[20];
/* Get Signing Key */
err = PGPGetKeyForUsage( theKey, kPGPKeyPropertyFlags_UsageSignMessages,
&useKey); CKERR;
err = PGPGetKeyDBObjNumericProperty(useKey, kPGPKeyProperty_AlgorithmID, &algorithm);CKERR;
err = PGPGetKeyDBObjNumericProperty(useKey, kPGPKeyProperty_Version, &version);CKERR;
err = PGPGetKeyDBObjNumericProperty(useKey, kPGPKeyProperty_Bits, &bits);CKERR;
OPTESTPrintF("Sign/Verify %s %d",key_algor_table(algorithm), bits);
fflush(stdout);
/* create a SHA-1 hash context */
err = PGPNewHashContext( context, kPGPHashAlgorithm_SHA, &hashref); CKERR;
err = PGPGetHashSize(hashref, &hashSize); CKERR;
/* calculate the hash.. */
err = PGPContinueHash( hashref, signData, signDataLen); CKERR;
/* save for later */
err = PGPCopyHashContext(hashref,&hashref1); CKERR;
err = PGPCopyHashContext(hashref,&hashref2); CKERR;
/* output the hash */
err = PGPFinalizeHash(hashref, &hashBuf); CKERR;
/* create a private key context for the signing key */
err = PGPNewPrivateKeyContext(
useKey,
kPGPPublicKeyMessageFormat_PKCS1,
&privKey,
PGPOPassphrase( context, (PGPChar8*) pass),
PGPOLastOption( context )); CKERR;
/* get some key parameters such as buffer sizes */
err = PGPGetPrivateKeyOperationSizes(privKey, &decodeBufSize,
&encodeBufSize, &sigBufSize); CKERR;
/* allocate buffers. */
sigBuf = PGPNewData( PGPGetDefaultMemoryMgr(), sigBufSize, kPGPMemoryMgrFlags_None);
if(!sigBuf)
{
err = kPGPError_OutOfMemory;
goto done;
}
/* create a public key context */
err = PGPNewPublicKeyContext(
useKey,
kPGPPublicKeyMessageFormat_PKCS1,
&pubKey); CKERR;
/* sign with private key */
err = PGPPrivateKeySignRaw( privKey, hashBuf, hashSize, sigBuf, &sigBufSize); CKERR;
/* check signature against know answer */
if(katSigData)
{
err = (( katSigDataLen == sigBufSize ) && pgpMemoryEqual(sigBuf, katSigData, sigBufSize))
? kPGPError_NoErr : kPGPError_SelfTestFailed; CKERR;
}
/* verify with public key */
err = PGPPublicKeyVerifyRaw( pubKey, hashBuf, hashSize, sigBuf, sigBufSize); CKERR;
/* can olny do these with DSA key */
if(!katSigData)
{
err = PGPPrivateKeySign(privKey, hashref1, sigBuf, &sigBufSize);
hashref1 = kInvalidPGPHashContextRef; /* note that this consumes the hash ref */
CKERR;
err = PGPPublicKeyVerifySignature(pubKey, hashref2,sigBuf, sigBufSize);
hashref2 = kInvalidPGPHashContextRef; /* note that this consumes the hash ref */
CKERR;
}
// close up these key contexts
PGPFreePublicKeyContext(pubKey);
PGPFreePrivateKeyContext(privKey);
privKey = kInvalidPGPPrivateKeyContextRef;
pubKey = kInvalidPGPPublicKeyContextRef;
PGPFreeData(sigBuf); sigBuf= NULL;
}
/*
* Perform Pair-wise consistency test for encryption.
*/
if(canEncrypt && canDecrypt)
{
/* Get encryption Key */
err = PGPGetKeyForUsage( theKey, kPGPKeyPropertyFlags_UsageEncryptCommunications,
&useKey); CKERR;
err = PGPGetKeyDBObjNumericProperty(useKey, kPGPKeyProperty_AlgorithmID, &algorithm);CKERR;
err = PGPGetKeyDBObjNumericProperty(useKey, kPGPKeyProperty_Version, &version);CKERR;
err = PGPGetKeyDBObjNumericProperty(useKey, kPGPKeyProperty_Bits, &bits);CKERR;
OPTESTPrintF("%sEncrypt/Decrypt %s %d ", canSign && canVerify?", ":"", key_algor_table(algorithm), bits);
fflush(stdout);
/* create a private key context for the encryption key */
err = PGPNewPrivateKeyContext( useKey, kPGPPublicKeyMessageFormat_PGP, &privKey,
PGPOPassphrase( context, (PGPChar8*) pass),
PGPOLastOption( context )); CKERR;
/* get some key parameters such as buffer sizes */
err = PGPGetPrivateKeyOperationSizes(privKey, &decodeBufSize,
&encodeBufSize, &sigBufSize); CKERR;
/* allocate buffers. */
encodeBuf = PGPNewData( PGPGetDefaultMemoryMgr(), encodeBufSize, kPGPMemoryMgrFlags_None);
decodeBuf = PGPNewData( PGPGetDefaultMemoryMgr(), decodeBufSize, kPGPMemoryMgrFlags_None);
if( !encodeBuf || !decodeBuf)
{
err = kPGPError_OutOfMemory;
goto done;
}
/* create a public key context */
err = PGPNewPublicKeyContext( useKey, kPGPPublicKeyMessageFormat_PGP, &pubKey); CKERR;
/* Encrypt with private key using OpenPGP format. */
err = PGPPublicKeyEncrypt( pubKey, encodeData, encodeDataLen,
encodeBuf, &encodeBufSize); CKERR;
/* Decrypt with private key using OpenPGP format */
err = PGPPrivateKeyDecrypt( privKey, encodeBuf, encodeBufSize, decodeBuf, &decodeBufSize); CKERR;
/* check result against known original message */
err = (( encodeDataLen == decodeBufSize ) && pgpMemoryEqual(decodeBuf, encodeData, decodeBufSize))
? kPGPError_NoErr : kPGPError_SelfTestFailed; CKERR;
}
OPTESTPrintF("\n");
done:
if( sigBuf) PGPFreeData(sigBuf);
if( encodeBuf) PGPFreeData(encodeBuf);
if( decodeBuf) PGPFreeData(decodeBuf);
if( PGPPublicKeyContextRefIsValid( pubKey ) )
PGPFreePublicKeyContext(pubKey);
if( PGPPrivateKeyContextRefIsValid( privKey ) )
PGPFreePrivateKeyContext(privKey);
if( PGPHashContextRefIsValid( hashref2 ) )
PGPFreeHashContext(hashref2);
if( PGPHashContextRefIsValid( hashref1 ) )
PGPFreeHashContext(hashref1);
if( PGPHashContextRefIsValid( hashref ) )
PGPFreeHashContext(hashref);
return( err );
}
/*
Run Key Certificate test
*/
PGPError TestKeys(PGPContextRef context)
{
PGPError err = kPGPError_NoErr;
/* Plain-text test message */
PGPByte testData[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff,
0x55, 0xaa, 0x55, 0xaa, 0x55, 0xaa, 0x55, 0xaa,
0xaa, 0x55, 0xaa, 0x55, 0xaa, 0x55, 0xaa, 0x55
};
/* Known answer for RSA sig of sigData using rsaTestKey */
PGPByte katRSASigData[] = {
0xA4, 0x12, 0xA8, 0x41, 0xAE, 0xCF, 0x64, 0xC1,
0xFC, 0xCD, 0x36, 0xCE, 0x2D, 0x63, 0x05, 0x51,
0xED, 0x57, 0x0D, 0xDE, 0xAC, 0x0B, 0x7D, 0x39,
0x3B, 0xB9, 0xEC, 0xB9, 0xB6, 0x05, 0x59, 0x1B,
0x56, 0x4A, 0xD9, 0x17, 0x66, 0x66, 0x67, 0x72,
0x77, 0x4C, 0xA4, 0x36, 0xEB, 0x17, 0xB9, 0x10,
0x54, 0xFB, 0x3E, 0xFE, 0x30, 0x7C, 0x56, 0x72,
0x83, 0xA1, 0xA1, 0x7E, 0x00, 0xB8, 0xA0, 0xB9,
0xA4, 0x77, 0xA3, 0x48, 0x5A, 0xAF, 0x2B, 0x95,
0x7E, 0x5F, 0xD4, 0x70, 0x80, 0x59, 0x9A, 0xA9,
0x55, 0x7F, 0x3B, 0x10, 0xA8, 0x13, 0x80, 0xB1,
0xE1, 0xD7, 0xED, 0xC7, 0x2C, 0x34, 0x26, 0xD9,
0x74, 0xC8, 0x84, 0xD9, 0x4A, 0x06, 0x5D, 0x20,
0xC8, 0x3F, 0xCA, 0x76, 0x75, 0x0F, 0x94, 0x9B,
0xE5, 0x98, 0xA4, 0xE2, 0x59, 0xB7, 0xD3, 0xE5,
0x62, 0x89, 0x84, 0x35, 0x4F, 0x06, 0x1A, 0x12,
0x65, 0x19, 0xD1, 0xED, 0x35, 0x19, 0x44, 0x45,
0xD9, 0xF0, 0xBB, 0xEC, 0xA6, 0x54, 0x13, 0x5D,
0x8E, 0x7B, 0xFB, 0x8D, 0x1E, 0x08, 0x08, 0x58,
0xAB, 0xD6, 0x2B, 0x09, 0x59, 0x67, 0x96, 0x1F,
0x7F, 0x36, 0x6F, 0x9C, 0x23, 0xDF, 0x70, 0x14,
0x46, 0xE5, 0xA4, 0xB1, 0x82, 0x6B, 0x90, 0x63,
0x94, 0x38, 0xB1, 0xCA, 0x5A, 0x71, 0xAF, 0x04,
0x59, 0x0D, 0x2A, 0x19, 0x48, 0xD6, 0xC4, 0x1A,
0x4D, 0xDF, 0x8D, 0x09, 0xAF, 0xBF, 0x49, 0x50,
0x12, 0x8F, 0x07, 0xE8, 0x5D, 0x3C, 0x77, 0x3E,
0xE4, 0xE5, 0x7C, 0x62, 0x90, 0x1D, 0x08, 0x4A,
0xAA, 0x66, 0x97, 0x9B, 0x1A, 0xBA, 0xFC, 0xBE,
0xAF, 0x12, 0xA4, 0xAD, 0x07, 0x61, 0x7E, 0xCC,
0x78, 0xBC, 0xBC, 0xBD, 0x17, 0x80, 0xEB, 0xD5,
0x90, 0xB3, 0x1A, 0x3F, 0xF3, 0xCA, 0x5E, 0x7C,
0x00, 0xCF, 0x11, 0x15, 0xE8, 0xB4, 0x2B, 0xF9
};
PGPKeyDBRef keyDB = kInvalidPGPKeyDBRef;
PGPKeyID rsaKeyID, dssKeyID;
PGPKeyDBObjRef rsaKey = kInvalidPGPKeyDBObjRef;
PGPKeyDBObjRef dssKey = kInvalidPGPKeyDBObjRef;
/* read in sample keys from file */
err = importKeys(context,gTestKeysPath, kPGPInputFormat_PGP, &keyDB); CKERR;
/* find some well known Key ID's */
err = PGPNewKeyIDFromString(kDSSTestKeyIDString, kPGPPublicKeyAlgorithm_DSA, &dssKeyID); CKERR;
err = PGPNewKeyIDFromString(kRSATestKeyIDString, kPGPPublicKeyAlgorithm_RSA, &rsaKeyID); CKERR;
err = PGPFindKeyByKeyID(keyDB, &rsaKeyID, &rsaKey); CKERR;
err = PGPFindKeyByKeyID(keyDB, &dssKeyID, &dssKey); CKERR;
OPTESTPrintF("\t");
err = TestKeyCertificate(context, rsaKey, (PGPByte *) kRSATestKeyPassPhrase,
testData, sizeof(testData),
testData, sizeof(testData),
katRSASigData, sizeof(katRSASigData) ); CKERR;
OPTESTPrintF("\t");
err = TestKeyCertificate(context, dssKey, (PGPByte *) kDSSTestKeyPassPhrase,
testData, sizeof(testData),
testData, sizeof(testData),
NULL, 0 ); CKERR;
done:
if( PGPKeyDBRefIsValid( keyDB ) )
PGPFreeKeyDB( keyDB );
return( err );
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -