1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/crypto/weakcrypto/test/tasymmetric/cryptopp/exponentiate.cpp Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,200 @@
1.4 +/*
1.5 +* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +*
1.19 +*/
1.20 +
1.21 +
1.22 +/**
1.23 + @file
1.24 +*/
1.25 +
1.26 +#include "modarith.h"
1.27 +#include "nbtheory.h"
1.28 +#include <iostream.h>
1.29 +
1.30 +USING_NAMESPACE(CryptoPP)
1.31 +
1.32 +void CheckEPOCDecrypt(Integer& e, Integer& p, Integer& q, Integer& cipher, Integer& expectedPlaintext);
1.33 +
1.34 +void TestRSASigning()
1.35 +{
1.36 + const Integer m("AA36ABCE88ACFDFF55523C7FC4523F90EFA00DF3774A259F2E62B4C5D99CB5ADB300A0285E5301930E0C70FB6876939CE616CE624A11E0086D341EBCACA0A1F5h");
1.37 + const Integer d("0A033748626487695F5F30BC38B98B44C2CD2DFF434098CD20D8A138D090BF64797C3FA7A2CDCB3CD1E0BDBA2654B4F9DF8E8AE59D733D9F33B301624AFD1D51h");
1.38 + const Integer e(17);
1.39 +
1.40 +// Take EPOC padded plain text, sign and verify
1.41 + const Integer plain("01FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0054859B342C49EA2Ah");
1.42 + const Integer expectedSig("786C08484F59280886A19919BECA53711819B2D2DD82D702E2F6DE991DC89CB968C01B1315A742B5BE783A781B5B1286F46DAFE29DE675C64A3BA4781DEF8F19h");
1.43 +
1.44 +// Private Encrypt (Sign) signedText = (digest ^ d) mod m
1.45 + Integer cipher_privateEncrypt = a_exp_b_mod_c(plain, d, m);
1.46 + assert(cipher_privateEncrypt==expectedSig);
1.47 +
1.48 +// Public Decrypt (Decrypt) = (signedText ^ e) mod m
1.49 + Integer verified = a_exp_b_mod_c(cipher_privateEncrypt, e, m);
1.50 + assert(verified==plain);
1.51 +
1.52 +// Now reverse operations (as in previous bugged asymmetric) and check results...
1.53 +// Do a private decrypt for bad signing
1.54 + Integer badSign = a_exp_b_mod_c(plain, d, m);
1.55 + assert(badSign==expectedSig);
1.56 +
1.57 +// And verify (public encryption)
1.58 + Integer badVerify = a_exp_b_mod_c(badSign, e, m);
1.59 + assert(badVerify==plain);
1.60 +
1.61 +}
1.62 +
1.63 +void TestRSADecryptValues()
1.64 +{
1.65 +// First test a good set
1.66 +/* <modulus>BBF82F090682CE9C2338AC2B9DA871F7368D07EED41043A440D6B6F07454F51FB8DFBAAF035C02AB61EA48CEEB6FCD4876ED520D60E1EC4619719D8A5B8B807FAFB8E0A3DFC737723EE6B4B7D93A2584EE6A649D060953748834B2454598394EE0AAB12D7B61A51F527A9A41F6C1687FE2537298CA2A8F5946F8E5FD091DBDCB</modulus>
1.67 + <P>EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599</P>
1.68 + <Q>C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503</Q>
1.69 + <dP>54494CA63EBA0337E4E24023FCD69A5AEB07DDDC0183A4D0AC9B54B051F2B13ED9490975EAB77414FF59C1F7692E9A2E202B38FC910A474174ADC93C1F67C981</dP>
1.70 + <dQ>471E0290FF0AF0750351B7F878864CA961ADBD3A8A7E991C5C0556A94C3146A7F9803F8F6F8AE342E931FD8AE47A220D1B99A495849807FE39F9245A9836DA3D</dQ>
1.71 + <qInv>B06C4FDABB6301198D265BDBAE9423B380F271F73453885093077FCD39E2119FC98632154F5883B167A967BF402B4E9E2E0F9656E698EA3666EDFB25798039F7</qInv>
1.72 + <plaintext>D436E99569FD32A7C8A05BBC90D32C49</plaintext>
1.73 + <ciphertext>4B9C35BC3CA99B3908EF91C91F4D661544B5462CB3079D7B7A610B90039602F080417B049B7F31BAF16A87B59986620EC1BBD791AD30774309C05F0AFA24B0BF1EA1FEAA3A8EFA2C24F5626B8A9C9A157C1018DA54D314E728E2DB75E84FB5E99082561D904139B95C4DA70A5AB6412527B97CEDA04C6FB00BE1E44537706FF2</ciphertext>
1.74 +*/
1.75 + Integer e1 = Integer(17);
1.76 + Integer p1 = Integer("EECFAE81B1B9B3C908810B10A1B5600199EB9F44AEF4FDA493B81A9E3D84F632124EF0236E5D1E3B7E28FAE7AA040A2D5B252176459D1F397541BA2A58FB6599h");
1.77 + Integer q1 = Integer("C97FB1F027F453F6341233EAAAD1D9353F6C42D08866B1D05A0F2035028B9D869840B41666B42E92EA0DA3B43204B5CFCE3352524D0416A5A441E700AF461503h");
1.78 + Integer cipher1 = Integer("4B9C35BC3CA99B3908EF91C91F4D661544B5462CB3079D7B7A610B90039602F080417B049B7F31BAF16A87B59986620EC1BBD791AD30774309C05F0AFA24B0BF1EA1FEAA3A8EFA2C24F5626B8A9C9A157C1018DA54D314E728E2DB75E84FB5E99082561D904139B95C4DA70A5AB6412527B97CEDA04C6FB00BE1E44537706FF2h");
1.79 + Integer ePlaintext1 = Integer("D436E99569FD32A7C8A05BBC90D32C49h");
1.80 +
1.81 + CheckEPOCDecrypt(e1, p1, q1, cipher1, ePlaintext1);
1.82 +
1.83 +// Now test a bad set
1.84 +/*
1.85 + <input>123456789ABCDEF123456789ABCDEF</input>
1.86 + <P>ED49CE92ABF0509006E412AC7F28EEA7626107C3F2456FA18E6513153D6F6003</P>
1.87 + <Q>ED12B5B118CBA1154DC24AE05AAB1E3A33B5E47A3715861697498824E5BCA331</Q>
1.88 + ----------- e -----------
1.89 +01 00 01
1.90 + ----------- P -----------
1.91 +ed 49 ce 92 ab f0 50 90 06 e4 12 ac 7f 28 ee a7 62 61 07 c3 f2 45 6f a1 8e 65 13 15 3d 6f 60 03
1.92 + ----------- Q -----------
1.93 +ed 12 b5 b1 18 cb a1 15 4d c2 4a e0 5a ab 1e 3a 33 b5 e4 7a 37 15 86 16 97 49 88 24 e5 bc a3 31
1.94 + ----------- DP -----------
1.95 +dc e0 33 15 7c 4e f9 ee d7 3b 3d d6 ab 97 22 6f 54 b8 15 4e 64 1a 16 4b 40 0c fd b2 6b b9 5c 99
1.96 + ----------- DQ -----------
1.97 +27 65 a3 92 11 a7 cd 56 27 fc f0 ca 85 e6 c7 f8 2e 1d bd 21 5e 44 12 6b 70 aa c4 98 35 21 7b 11
1.98 + ----------- QInv -----------
1.99 +76 2f 0a 8c fa 16 d8 a6 df 53 0b 1c fa 5f ff 4c 55 a4 4f 52 e1 b6 28 89 1f c9 c9 10 1c d9 73 2d
1.100 + ----------- N -----------
1.101 +db be ab d7 a5 8e c2 a8 83 17 83 86 9a 2e 07 12 03 1a 5c 0f 87 a8 4b d3 fe 3c 21 91 df 49 4e 2b e4 fa 8d a8 65 e5 c8 c7 49 4d fa c5 5c 6a d2 fc e6 96 2e 3b de 1b 38 28 94 93 04 47 dd a7 49 93
1.102 + ----------- ciphertext -----------
1.103 +69 3a 72 26 39 cc 70 9c 89 ac dc 24 8c 52 ef 01 dd f7 5a c3 8e bf f9 8d eb ed 25 5e 11 f0 d9 b1 43 de 14 97 d2 34 65 a6 2c 11 13 6e f8 c4 37 81 01 d5 8e 8d ea 0b 33 f2 9f e2 df 68 c4 c7 34 2c
1.104 +
1.105 +*/
1.106 +// Two primes: p, q
1.107 + Integer e2 = Integer(65537);
1.108 + Integer p2 = Integer("ED49CE92ABF0509006E412AC7F28EEA7626107C3F2456FA18E6513153D6F6003h");
1.109 + Integer q2 = Integer("ED12B5B118CBA1154DC24AE05AAB1E3A33B5E47A3715861697498824E5BCA331h");
1.110 + Integer cipher2 = Integer("693A722639CC709C89ACDC248C52EF01DDF75AC38EBFF98DEBED255E11F0D9B143DE1497D23465A62C11136EF8C4378101D58E8DEA0B33F29FE2DF68C4C7342Ch");
1.111 + Integer ePlaintext2 = Integer("123456789ABCDEF123456789ABCDEFh");
1.112 +
1.113 + CheckEPOCDecrypt(e2, p2, q2, cipher2, ePlaintext2);
1.114 +
1.115 +/*
1.116 +<modulus>EF6419DC54EC49B7D0524BA675727F6D895A66A9940F3C76B6220A5B9073357D70702C9FC2D6ECA41448356CE562F7FFAF1DA64BA947274BA0D372F5866B69CB</modulus>
1.117 +<P>FB4F79F4E8C816B816A817120901AED45D0FD72F3DC4BA6946F790776E8A5845</P>
1.118 +<Q>F3DBAF51B232E334964581AE27DE17BFF90A66AE84C2BE95574082880BFF82CF</Q>
1.119 +<dP>63D8A1C5B22EBD080AC861D2228DEE9E251344155ADF2C88E34F3CB096D49459</dP>
1.120 +<dQ>F145A87EC23B0B059AB08690132DF07DA61F9E5C894A4D5A610B989A9694658D</dQ>
1.121 +<qInv>4B8869676360EDC92F0B02F0B93580A570686E7EA3C7D39A5E572AB79314CCBD</qInv>
1.122 +<ciphertext>2EAEAE1F07AAD1D3A14C2178397DFECD91C92E963511BE5CDDE8BCA79B47ECEF68F8DD2F8240DE2E05E90E2A75FAA6495CE903DE413D332CFDD2DD83BC8244C5</ciphertext>
1.123 +<plaintext>123456789ABCDEF123456789ABCDEF123456789ABCDEF123456789ABCDEF</plaintext>
1.124 +*/
1.125 + Integer e3 = Integer(65537);
1.126 + Integer p3 = Integer("FB4F79F4E8C816B816A817120901AED45D0FD72F3DC4BA6946F790776E8A5845h");
1.127 + Integer q3 = Integer("F3DBAF51B232E334964581AE27DE17BFF90A66AE84C2BE95574082880BFF82CFh");
1.128 + Integer cipher3 = Integer("2EAEAE1F07AAD1D3A14C2178397DFECD91C92E963511BE5CDDE8BCA79B47ECEF68F8DD2F8240DE2E05E90E2A75FAA6495CE903DE413D332CFDD2DD83BC8244C5h");
1.129 + Integer ePlaintext3 = Integer("123456789ABCDEF123456789ABCDEF123456789ABCDEF123456789ABCDEFh");
1.130 +
1.131 + CheckEPOCDecrypt(e3, p3, q3, cipher3, ePlaintext3);
1.132 +}
1.133 +
1.134 +void CheckEPOCDecrypt(Integer& e, Integer& p, Integer& q, Integer& cipher, Integer& expectedPlaintext)
1.135 +{
1.136 +//////////////////////////////////
1.137 +// Key generation
1.138 +//////////////////////////////////
1.139 +
1.140 +// calculate n = p * q
1.141 + Integer n=p*q;
1.142 +
1.143 + Integer r1 = p;
1.144 + r1-=1; // r1 = p-1
1.145 +
1.146 + Integer r2=q;
1.147 + r2-=1; // r2 = q-1
1.148 +
1.149 + Integer r0=r1;
1.150 + r0*=r2; // r0 = (p-1)(q-1)
1.151 +
1.152 +// e * d = 1 mod ((p-1)(q-1))
1.153 +// d = e^(-1) mod ((p-1)(q-1))
1.154 +//! calculate multiplicative inverse of *this mod n
1.155 +// Integer InverseMod(const Integer &n) const;
1.156 + Integer d = e;
1.157 + d = d.InverseMod(r0);
1.158 +
1.159 +// calculate dP = d mod (p-1)
1.160 + Integer dP=d;
1.161 + dP%=r1;
1.162 +
1.163 +// calculate dQ = d mod (q-1)
1.164 + Integer dQ=d;
1.165 + dQ%=r2;
1.166 +
1.167 +// calculate inverse of qInv = q^(-1)mod(p)
1.168 + Integer qInv=q;
1.169 + qInv = qInv.InverseMod(p);
1.170 +
1.171 +
1.172 +//////////////////////////////////
1.173 +// Decryption
1.174 +//////////////////////////////////
1.175 +
1.176 +// m1 = c^(dP) mod(p)
1.177 + Integer m1 = ModularExponentiation((cipher % p), dP, p);
1.178 +
1.179 +// m2 = c^(dQ) mod(Q)
1.180 + Integer m2 = ModularExponentiation((cipher % q), dQ, q);
1.181 +
1.182 +// Calculate CRT
1.183 +// h = (m1-m2) qInv mod(p)
1.184 + Integer plainRes = m1 - m2;
1.185 + plainRes *= qInv;
1.186 + plainRes %= p;
1.187 +
1.188 +// output = m2 + q * plainRes
1.189 + plainRes *= q;
1.190 + plainRes += m2;
1.191 +
1.192 +// assert(expectedPlaintext==plainRes); // Not true because ciphertext includes
1.193 +} // padding and plaintext doesn't. Though
1.194 + // it's possible to compare the first chunk
1.195 + // of plainRes with expectedPlaintext
1.196 +
1.197 +int main(int argc, char** argv)
1.198 +{
1.199 +// TestRSASigning();
1.200 + TestRSADecryptValues();
1.201 + return 0;
1.202 +}
1.203 +