diff options
| author | qrort <qrort@yandex-team.com> | 2022-11-30 23:47:12 +0300 |
|---|---|---|
| committer | qrort <qrort@yandex-team.com> | 2022-11-30 23:47:12 +0300 |
| commit | 22f8ae0e3f5d68b92aecccdf96c1d841a0334311 (patch) | |
| tree | bffa27765faf54126ad44bcafa89fadecb7a73d7 /library/cpp/tvmauth/src/rw | |
| parent | 332b99e2173f0425444abb759eebcb2fafaa9209 (diff) | |
| download | ydb-22f8ae0e3f5d68b92aecccdf96c1d841a0334311.tar.gz | |
validate canons without yatest_common
Diffstat (limited to 'library/cpp/tvmauth/src/rw')
| -rw-r--r-- | library/cpp/tvmauth/src/rw/keys.cpp | 138 | ||||
| -rw-r--r-- | library/cpp/tvmauth/src/rw/keys.h | 65 | ||||
| -rw-r--r-- | library/cpp/tvmauth/src/rw/rw.h | 86 | ||||
| -rw-r--r-- | library/cpp/tvmauth/src/rw/rw_asn1.c | 81 | ||||
| -rw-r--r-- | library/cpp/tvmauth/src/rw/rw_key.c | 135 | ||||
| -rw-r--r-- | library/cpp/tvmauth/src/rw/rw_lib.c | 77 | ||||
| -rw-r--r-- | library/cpp/tvmauth/src/rw/rw_ossl.c | 481 | ||||
| -rw-r--r-- | library/cpp/tvmauth/src/rw/rw_pss.c | 328 | ||||
| -rw-r--r-- | library/cpp/tvmauth/src/rw/rw_pss_sign.c | 211 | ||||
| -rw-r--r-- | library/cpp/tvmauth/src/rw/rw_sign.c | 46 | ||||
| -rw-r--r-- | library/cpp/tvmauth/src/rw/ut/rw_ut.cpp | 200 | ||||
| -rw-r--r-- | library/cpp/tvmauth/src/rw/ut_large/gen/main.cpp | 32 | ||||
| -rw-r--r-- | library/cpp/tvmauth/src/rw/ut_large/test.py | 35 |
13 files changed, 1915 insertions, 0 deletions
diff --git a/library/cpp/tvmauth/src/rw/keys.cpp b/library/cpp/tvmauth/src/rw/keys.cpp new file mode 100644 index 0000000000..5fba7b9232 --- /dev/null +++ b/library/cpp/tvmauth/src/rw/keys.cpp @@ -0,0 +1,138 @@ +#include "keys.h" + +#include "rw.h" + +#include <library/cpp/openssl/init/init.h> + +#include <openssl/evp.h> + +#include <util/generic/strbuf.h> +#include <util/generic/yexception.h> + +namespace { + struct TInit { + TInit() { + InitOpenSSL(); + } + } INIT; +} + +namespace NTvmAuth { + namespace NRw { + namespace NPrivate { + void TRwDestroyer::Destroy(TRwInternal* o) { + RwFree(o); + } + + class TArrayDestroyer { + public: + static void Destroy(unsigned char* o) { + free(o); + } + }; + } + + static TString SerializeRW(TRwKey* rw, int (*func)(const TRwKey*, unsigned char**)) { + unsigned char* buf = nullptr; + int size = func(rw, &buf); + THolder<unsigned char, NPrivate::TArrayDestroyer> guard(buf); + return TString((char*)buf, size); + } + + TKeyPair GenKeyPair(size_t size) { + TRw rw(RwNew()); + RwGenerateKey(rw.Get(), size); + + TRw skey(RwPrivateKeyDup(rw.Get())); + TRw vkey(RwPublicKeyDup(rw.Get())); + + TKeyPair res; + res.Private = SerializeRW(skey.Get(), &i2d_RWPrivateKey); + res.Public = SerializeRW(vkey.Get(), &i2d_RWPublicKey); + + TRwPrivateKey prKey(res.Private, 0); + TRwPublicKey pubKey(res.Public); + + const TStringBuf msg = "Test test test test test"; + + Y_ENSURE(pubKey.CheckSign(msg, prKey.SignTicket(msg)), "Failed to gen keys"); + + return res; + } + + TRwPrivateKey::TRwPrivateKey(TStringBuf body, TKeyId id) + : Id_(id) + , Rw_(Deserialize(body)) + , SignLen_(RwModSize(Rw_.Get())) + { + Y_ENSURE(SignLen_ > 0, "Private key has bad len: " << SignLen_); + } + + TKeyId TRwPrivateKey::GetId() const { + return Id_; + } + + TString TRwPrivateKey::SignTicket(TStringBuf ticket) const { + TString res(SignLen_, 0x00); + + int len = RwPssrSignMsg(ticket.size(), + (const unsigned char*)ticket.data(), + (unsigned char*)res.data(), + Rw_.Get(), + (EVP_MD*)EVP_sha256()); + + Y_ENSURE(len > 0 && len <= SignLen_, "Signing failed. len: " << len); + + res.resize(len); + return res; + } + + TRw TRwPrivateKey::Deserialize(TStringBuf key) { + TRwKey* rw = nullptr; + auto data = reinterpret_cast<const unsigned char*>(key.data()); + if (!d2i_RWPrivateKey(&rw, &data, key.size())) { + ythrow yexception() << "Private key is malformed"; + } + return TRw(rw); + } + + TRwPublicKey::TRwPublicKey(TStringBuf body) + : Rw_(Deserialize(body)) + { + } + + bool TRwPublicKey::CheckSign(TStringBuf ticket, TStringBuf sign) const { + int result = RwPssrVerifyMsg(ticket.size(), + (const unsigned char*)ticket.data(), + (unsigned char*)sign.data(), + sign.size(), + Rw_.Get(), + (EVP_MD*)EVP_sha256()); + + Y_ENSURE(result >= 0, "Failed to check sign: " << result); + return result; + } + + TRw TRwPublicKey::Deserialize(TStringBuf key) { + TRwKey* rw = nullptr; + auto data = reinterpret_cast<const unsigned char*>(key.data()); + auto status = d2i_RWPublicKey(&rw, &data, key.size()); + + TRw res(rw); + Y_ENSURE(status, "Public key is malformed: " << key); + return res; + } + + TSecureHeap::TSecureHeap(size_t totalSize, int minChunkSize) { + CRYPTO_secure_malloc_init(totalSize, minChunkSize); + } + + TSecureHeap::~TSecureHeap() { + CRYPTO_secure_malloc_done(); + } + + void TSecureHeap::Init(size_t totalSize, int minChunkSize) { + Singleton<TSecureHeap>(totalSize, minChunkSize); + } + } +} diff --git a/library/cpp/tvmauth/src/rw/keys.h b/library/cpp/tvmauth/src/rw/keys.h new file mode 100644 index 0000000000..e02b7e72a1 --- /dev/null +++ b/library/cpp/tvmauth/src/rw/keys.h @@ -0,0 +1,65 @@ +#pragma once + +#include <util/generic/ptr.h> +#include <util/generic/string.h> + +#include <unordered_map> + +struct TRwInternal; + +namespace NTvmAuth { + namespace NRw { + namespace NPrivate { + class TRwDestroyer { + public: + static void Destroy(TRwInternal* o); + }; + } + + using TRw = THolder<TRwInternal, NPrivate::TRwDestroyer>; + using TKeyId = ui32; + + struct TKeyPair { + TString Private; + TString Public; + }; + TKeyPair GenKeyPair(size_t size); + + class TRwPrivateKey { + public: + TRwPrivateKey(TStringBuf body, TKeyId id); + + TKeyId GetId() const; + TString SignTicket(TStringBuf ticket) const; + + private: + static TRw Deserialize(TStringBuf key); + + TKeyId Id_; + TRw Rw_; + int SignLen_; + }; + + class TRwPublicKey { + public: + TRwPublicKey(TStringBuf body); + + bool CheckSign(TStringBuf ticket, TStringBuf sign) const; + + private: + static TRw Deserialize(TStringBuf key); + + TRw Rw_; + }; + + using TPublicKeys = std::unordered_map<TKeyId, TRwPublicKey>; + + class TSecureHeap { + public: + TSecureHeap(size_t totalSize, int minChunkSize); + ~TSecureHeap(); + + static void Init(size_t totalSize = 16 * 1024 * 1024, int minChunkSize = 16); + }; + } +} diff --git a/library/cpp/tvmauth/src/rw/rw.h b/library/cpp/tvmauth/src/rw/rw.h new file mode 100644 index 0000000000..aee49148eb --- /dev/null +++ b/library/cpp/tvmauth/src/rw/rw.h @@ -0,0 +1,86 @@ +#pragma once + +#include <openssl/bn.h> +#include <openssl/crypto.h> + +#ifdef __cplusplus +extern "C" { +#endif + + typedef struct { + BIGNUM* S; + } TRwSignature; + + /*Rabin–Williams*/ + typedef struct TRwInternal TRwKey; + + typedef struct { + TRwSignature* (*RwSign)(const unsigned char* dgst, const int dlen, TRwKey* rw); + int (*RwVerify)(const unsigned char* dgst, int dgst_len, TRwSignature* sig, const TRwKey* rw); + int (*RwApply)(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw); + } TRwMethod; + + struct TRwInternal { + /* first private multiplier */ + BIGNUM* P; + /* second private multiplier */ + BIGNUM* Q; + /* n = p*q - RW modulus */ + BIGNUM* N; + /* precomputed 2^((3q-5)/8) mod q */ + BIGNUM* Twomq; + /* precomputed 2^((9p-11)/8) mod p*/ + BIGNUM* Twomp; + /* precomputed q^(p-2) == q^(-1) mod p */ + BIGNUM* Iqmp; + /* (q+1) / 8 */ + BIGNUM* Dq; + /* (p-3) / 8 */ + BIGNUM* Dp; + /* functions for working with RW */ + const TRwMethod* Meth; + }; + + TRwSignature* RwSignatureNew(void); + void RwSignatureFree(TRwSignature* a); + + /* RW signing functions */ + /* the function can put some tmp values to rw */ + int RwPssrSignHash(const unsigned char* from, unsigned char* to, TRwKey* rw, const EVP_MD* md); + int RwPssrSignMsg(const int msgLen, const unsigned char* msg, unsigned char* to, TRwKey* rw, const EVP_MD* md); + + /* RW-PSS verification functions */ + int RwPssrVerifyHash(const unsigned char* from, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md); + int RwPssrVerifyMsg(const int msgLen, const unsigned char* msg, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md); + + /* internal functions, use them only if you know what you're doing */ + int RwNoPaddingSign(int flen, const unsigned char* from, unsigned char* to, TRwKey* rw); + int RwApply(const int flen, const unsigned char* from, unsigned char* to, const TRwKey* rw); + + const TRwMethod* RwDefaultMethods(void); + + TRwKey* RwNew(void); + void RwFree(TRwKey* r); + int RwSize(const TRwKey* rw); + int RwModSize(const TRwKey* rw); + + TRwKey* RwPublicKeyDup(TRwKey* rw); + TRwKey* RwPrivateKeyDup(TRwKey* rw); + + // NOLINTNEXTLINE(readability-identifier-naming) + TRwKey* d2i_RWPublicKey(TRwKey** a, const unsigned char** pp, long length); + // NOLINTNEXTLINE(readability-identifier-naming) + TRwKey* d2i_RWPrivateKey(TRwKey** a, const unsigned char** pp, long length); + + int RwGenerateKey(TRwKey* a, int bits); + // NOLINTNEXTLINE(readability-identifier-naming) + int i2d_RWPublicKey(const TRwKey* a, unsigned char** pp); + // NOLINTNEXTLINE(readability-identifier-naming) + int i2d_RWPrivateKey(const TRwKey* a, unsigned char** pp); + + int RwPaddingAddPssr(const TRwKey* rw, unsigned char* EM, const unsigned char* mHash, const EVP_MD* Hash, int sLen); + int RwVerifyPssr(const TRwKey* rw, const unsigned char* mHash, const EVP_MD* Hash, const unsigned char* EM, int sLen); + +#ifdef __cplusplus +} +#endif diff --git a/library/cpp/tvmauth/src/rw/rw_asn1.c b/library/cpp/tvmauth/src/rw/rw_asn1.c new file mode 100644 index 0000000000..f9dfe3996d --- /dev/null +++ b/library/cpp/tvmauth/src/rw/rw_asn1.c @@ -0,0 +1,81 @@ +#include "rw.h" + +#include <openssl/asn1.h> +#include <openssl/asn1t.h> +#include <openssl/rand.h> + +#include <stdio.h> + +/* Override the default new methods */ +/* This callback is used by OpenSSL's ASN.1 parser */ +static int SignatureCallback(int operation, ASN1_VALUE** pval, const ASN1_ITEM* it, void* exarg) { + (void)it; + (void)exarg; + + if (operation == ASN1_OP_NEW_PRE) { + TRwSignature* sig; + sig = OPENSSL_malloc(sizeof(TRwSignature)); + if (!sig) + return 0; + sig->S = NULL; + *pval = (ASN1_VALUE*)sig; + return 2; + } + return 1; +} + +/* ASN.1 structure representing RW signature value */ +ASN1_SEQUENCE_cb(TRwSignature, SignatureCallback) = { + ASN1_SIMPLE(TRwSignature, S, BIGNUM), +} ASN1_SEQUENCE_END_cb(TRwSignature, TRwSignature) + + /* i2d_ and d2i functions implementation for RW */ + IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(TRwSignature, TRwSignature, TRwSignature) + + /* Override the default free and new methods */ + static int RwCallback(int operation, ASN1_VALUE** pval, const ASN1_ITEM* it, void* exarg) { + (void)it; + (void)exarg; + + if (operation == ASN1_OP_NEW_PRE) { + *pval = (ASN1_VALUE*)RwNew(); + if (*pval) + return 2; + return 0; + } else if (operation == ASN1_OP_FREE_PRE) { + RwFree((TRwKey*)*pval); + *pval = NULL; + return 2; + } + return 1; +} + +/* ASN.1 representation of RW's private key */ +ASN1_SEQUENCE_cb(RWPrivateKey, RwCallback) = { + ASN1_SIMPLE(TRwKey, N, BIGNUM), + ASN1_SIMPLE(TRwKey, P, CBIGNUM), + ASN1_SIMPLE(TRwKey, Q, CBIGNUM), + ASN1_SIMPLE(TRwKey, Iqmp, CBIGNUM), + ASN1_SIMPLE(TRwKey, Dq, CBIGNUM), + ASN1_SIMPLE(TRwKey, Dp, CBIGNUM), + ASN1_SIMPLE(TRwKey, Twomp, CBIGNUM), + ASN1_SIMPLE(TRwKey, Twomq, CBIGNUM)} ASN1_SEQUENCE_END_cb(TRwKey, RWPrivateKey); + +/* i2d_ and d2i_ functions for RW's private key */ +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(TRwKey, RWPrivateKey, RWPrivateKey); + +/* ASN.1 representation of RW public key */ +ASN1_SEQUENCE_cb(RWPublicKey, RwCallback) = { + ASN1_SIMPLE(TRwKey, N, BIGNUM), +} ASN1_SEQUENCE_END_cb(TRwKey, RWPublicKey); + +/* i2d_ and d2i functions for RW public key */ +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(TRwKey, RWPublicKey, RWPublicKey); + +TRwKey* RwPublicKeyDup(TRwKey* rw) { + return ASN1_item_dup(ASN1_ITEM_rptr(RWPublicKey), rw); +} + +TRwKey* RwPrivateKeyDup(TRwKey* rw) { + return ASN1_item_dup(ASN1_ITEM_rptr(RWPrivateKey), rw); +} diff --git a/library/cpp/tvmauth/src/rw/rw_key.c b/library/cpp/tvmauth/src/rw/rw_key.c new file mode 100644 index 0000000000..78baaf4dd9 --- /dev/null +++ b/library/cpp/tvmauth/src/rw/rw_key.c @@ -0,0 +1,135 @@ +#include "rw.h" + +#include <openssl/rand.h> + +int RwGenerateKey(TRwKey* rw, int bits) { + int ok = 0; + + BN_CTX* ctx = NULL; + BIGNUM *rem3 = NULL, *rem7 = NULL, *mod8 = NULL, *rem5 = NULL; + BIGNUM *nmod = NULL, *twomqexp = NULL, *twompexp = NULL, *two = NULL; + + int bitsp = (bits + 1) / 2; + int bitsq = bits - bitsp; + + /* make sure that all components are not null */ + if ((ctx = BN_CTX_secure_new()) == NULL) + goto err; + if (!rw) + goto err; + if (!rw->N && ((rw->N = BN_new()) == NULL)) + goto err; + if (!rw->P && ((rw->P = BN_new()) == NULL)) + goto err; + if (!rw->Q && ((rw->Q = BN_new()) == NULL)) + goto err; + if (!rw->Iqmp && ((rw->Iqmp = BN_new()) == NULL)) + goto err; + if (!rw->Twomq && ((rw->Twomq = BN_new()) == NULL)) + goto err; + if (!rw->Twomp && ((rw->Twomp = BN_new()) == NULL)) + goto err; + if (!rw->Dq && ((rw->Dq = BN_new()) == NULL)) + goto err; + if (!rw->Dp && ((rw->Dp = BN_new()) == NULL)) + goto err; + + BN_CTX_start(ctx); + + rem3 = BN_CTX_get(ctx); + rem7 = BN_CTX_get(ctx); + rem5 = BN_CTX_get(ctx); + mod8 = BN_CTX_get(ctx); + nmod = BN_CTX_get(ctx); + twomqexp = BN_CTX_get(ctx); + twompexp = BN_CTX_get(ctx); + two = BN_CTX_get(ctx); + + if (!BN_set_word(mod8, 8)) + goto err; + if (!BN_set_word(rem3, 3)) + goto err; + if (!BN_set_word(rem7, 7)) + goto err; + if (!BN_set_word(rem5, 5)) + goto err; + if (!BN_set_word(two, 2)) + goto err; + + /* generate p */ + /* add == 8 */ + /* rem == 3 */ + /* safe == 0 as we don't need (p-1)/2 to be also prime */ + if (!BN_generate_prime_ex(rw->P, bitsp, 0, mod8, rem3, NULL)) + goto err; + + /* generate q */ + /* add == 8 */ + /* rem == 7 */ + /* safe == 0 */ + if (!BN_generate_prime_ex(rw->Q, bitsq, 0, mod8, rem7, NULL)) + goto err; + + /* n == p*q */ + if (!BN_mul(rw->N, rw->P, rw->Q, ctx)) + goto err; + + /* n == 5 mod 8 ? */ + if (!BN_nnmod(nmod, rw->N, mod8, ctx)) + goto err; + if (BN_ucmp(rem5, nmod) != 0) + goto err; + + /* q^(-1) mod p */ + if (!BN_mod_inverse(rw->Iqmp, rw->Q, rw->P, ctx)) + goto err; + + /* twomqexp = (3q-5)/8 */ + if (!BN_copy(twomqexp, rw->Q)) + goto err; + if (!BN_mul_word(twomqexp, 3)) + goto err; + if (!BN_sub_word(twomqexp, 5)) + goto err; + if (!BN_rshift(twomqexp, twomqexp, 3)) + goto err; + if (!BN_mod_exp(rw->Twomq, two, twomqexp, rw->Q, ctx)) + goto err; + + /* twompexp = (9p-11)/8 */ + if (!BN_copy(twompexp, rw->P)) + goto err; + if (!BN_mul_word(twompexp, 9)) + goto err; + if (!BN_sub_word(twompexp, 11)) + goto err; + if (!BN_rshift(twompexp, twompexp, 3)) + goto err; + if (!BN_mod_exp(rw->Twomp, two, twompexp, rw->P, ctx)) + goto err; + + /* dp = (p-3) / 8 */ + if (!BN_copy(rw->Dp, rw->P)) + goto err; + if (!BN_sub_word(rw->Dp, 3)) + goto err; + if (!BN_rshift(rw->Dp, rw->Dp, 3)) + goto err; + + /* dq = (q+1) / 8 */ + if (!BN_copy(rw->Dq, rw->Q)) + goto err; + if (!BN_add_word(rw->Dq, 1)) + goto err; + if (!BN_rshift(rw->Dq, rw->Dq, 3)) + goto err; + + ok = 1; + +err: + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return ok; +} diff --git a/library/cpp/tvmauth/src/rw/rw_lib.c b/library/cpp/tvmauth/src/rw/rw_lib.c new file mode 100644 index 0000000000..afd73da38b --- /dev/null +++ b/library/cpp/tvmauth/src/rw/rw_lib.c @@ -0,0 +1,77 @@ +#include "rw.h" + +#include <openssl/asn1.h> + +#include <stdio.h> + +TRwKey* RwNew(void) { + TRwKey* ret = NULL; + + ret = (TRwKey*)malloc(sizeof(TRwKey)); + if (ret == NULL) { + return (NULL); + } + ret->Meth = RwDefaultMethods(); + + ret->P = NULL; + ret->Q = NULL; + ret->N = NULL; + ret->Iqmp = NULL; + ret->Twomq = NULL; + ret->Twomp = NULL; + ret->Dp = NULL; + ret->Dq = NULL; + + return ret; +} + +void RwFree(TRwKey* r) { + if (r == NULL) + return; + + if (r->P != NULL) + BN_clear_free(r->P); + if (r->Q != NULL) + BN_clear_free(r->Q); + if (r->N != NULL) + BN_clear_free(r->N); + if (r->Iqmp != NULL) + BN_clear_free(r->Iqmp); + if (r->Dp != NULL) + BN_clear_free(r->Dp); + if (r->Dq != NULL) + BN_clear_free(r->Dq); + if (r->Twomp != NULL) + BN_clear_free(r->Twomp); + if (r->Twomq != NULL) + BN_clear_free(r->Twomq); + + free(r); +} + +int RwSize(const TRwKey* r) { + int ret = 0, i = 0; + ASN1_INTEGER bs; + unsigned char buf[4]; /* 4 bytes looks really small. + However, i2d_ASN1_INTEGER() will not look + beyond the first byte, as long as the second + parameter is NULL. */ + + i = BN_num_bits(r->N); + bs.length = (i + 7) / 8; + bs.data = buf; + bs.type = V_ASN1_INTEGER; + /* If the top bit is set the asn1 encoding is 1 larger. */ + buf[0] = 0xff; + + i = i2d_ASN1_INTEGER(&bs, NULL); + + ret = ASN1_object_size(1, i, V_ASN1_SEQUENCE); + return ret; +} + +int RwModSize(const TRwKey* rw) { + if (rw == NULL || rw->N == NULL) + return 0; + return BN_num_bytes(rw->N); +} diff --git a/library/cpp/tvmauth/src/rw/rw_ossl.c b/library/cpp/tvmauth/src/rw/rw_ossl.c new file mode 100644 index 0000000000..85bcb802e9 --- /dev/null +++ b/library/cpp/tvmauth/src/rw/rw_ossl.c @@ -0,0 +1,481 @@ +#include "rw.h" + +#include <openssl/rand.h> + +//#define RW_PRINT_DEBUG +//#define AVOID_IF +//#define FAULT_TOLERANCE_CHECK + +#ifdef RW_PRINT_DEBUG + #include <stdio.h> +#endif + +static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw); +static int RwDoVerify(const unsigned char* dgst, int dgst_len, TRwSignature* sig, const TRwKey* rw); +static int RwDoApply(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw); + +static TRwMethod rw_default_meth = { + RwDoSign, + RwDoVerify, + RwDoApply}; + +const TRwMethod* RwDefaultMethods(void) { + return &rw_default_meth; +} + +#ifdef RW_PRINT_DEBUG + +static void print_bn(char* name, BIGNUM* value) { + char* str_repr; + str_repr = BN_bn2dec(value); + printf("Name: %s\n", name); + printf("Value: %s\n", str_repr); + OPENSSL_free(str_repr); +} + + #define DEBUG_PRINT_BN(s, x) \ + do { \ + print_bn((s), (x)); \ + } while (0); + #define DEBUG_PRINT_RW(r) \ + do { \ + DEBUG_PRINT_BN("rw->p", (r)->p); \ + DEBUG_PRINT_BN("rw->q", (r)->q); \ + DEBUG_PRINT_BN("rw->n", (r)->n); \ + DEBUG_PRINT_BN("rw->iqmp", (r)->iqmp); \ + DEBUG_PRINT_BN("rw->twomp", (r)->twomp); \ + DEBUG_PRINT_BN("rw->twomq", (r)->twomq); \ + DEBUG_PRINT_BN("rw->dp", (r)->dp); \ + DEBUG_PRINT_BN("rw->dq", (r)->dq); \ + } while (0); + #define DEBUG_PRINTF(s, v) \ + do { \ + printf((s), (v)); \ + } while (0); +#else + #define DEBUG_PRINT_BN(s, x) + #define DEBUG_PRINT_RW(r) + #define DEBUG_PRINTF(s, v) +#endif + +/* + * The algorithms was taken from + * https://cr.yp.to/sigs/rwsota-20080131.pdf + * Section 6 -> "Avoiding Jacobi symbols" + * '^' means power + * 1. Compute U = h ^ ((q+1) / 8) mod q + * 2. If U ^ 4 - h mod q == 0, set e = 1 otherwise set e = -1 + * 3. Compute V = (eh) ^ ((p-3)/8) mod p + * 4. If (V^4 * (eh)^2 - eh) mod p = 0; set f = 1; otherwise set f = 2 + * 5. Precompute 2^((3q-5) / 8) mod q; Compute W = f^((3*q - 5) / 8) * U mod q + * 6. Precompute 2^((9p-11) / 8) mod p; Compute X = f^((9p-11) / 8) * V^3 * eh mod p + * 7. Precompute q^(p-2) mod p; Compute Y = W + q(q^(p-2) * (X - W) mod p) + * 8. Compute s = Y^2 mod pq + * 9. Fault tolerance: if efs^2 mod pq != h start over + */ +static TRwSignature* RwDoSign(const unsigned char* dgst, int dlen, TRwKey* rw) { + BIGNUM *m, *U, *V, *tmp, *m_q, *m_p, *tmp2; + /* additional variables to avoid "if" statements */ + BIGNUM* tmp_mp; + TRwSignature* ret = NULL; + BN_CTX* ctx = NULL; + int ok = 0, e = 0, f = 0; + +#ifdef AVOID_IF + /* additional variables to avoid "if" statements */ + BIGNUM *tmp_U, *tmp_V; +#endif + + if (!rw || !rw->P || !rw->Q || !rw->N || !rw->Iqmp || !rw->Dp || !rw->Dq || !rw->Twomp || !rw->Twomq) + goto err; + + if ((ctx = BN_CTX_secure_new()) == NULL) + goto err; + BN_CTX_start(ctx); + + m = BN_CTX_get(ctx); + U = BN_CTX_get(ctx); + V = BN_CTX_get(ctx); + tmp = BN_CTX_get(ctx); + tmp2 = BN_CTX_get(ctx); + m_q = BN_CTX_get(ctx); + m_p = BN_CTX_get(ctx); + tmp_mp = BN_CTX_get(ctx); + +#ifdef AVOID_IF + tmp_U = BN_CTX_get(ctx); + tmp_V = BN_CTX_get(ctx); +#endif + + DEBUG_PRINT_RW(rw) + + /* if (!BN_set_word(four, 4)) goto err; */ + + if (!BN_bin2bn(dgst, dlen, m)) + goto err; + if (BN_ucmp(m, rw->N) >= 0) + goto err; + + /* check if m % 16 == 12 */ + if (BN_mod_word(m, 16) != 12) + goto err; + DEBUG_PRINT_BN("m", m) + + /* TODO: optimization to avoid memory allocation? */ + if ((ret = RwSignatureNew()) == NULL) + goto err; + /* memory allocation */ + if ((ret->S = BN_new()) == NULL) + goto err; + + /* m_q = m mod q */ + if (!BN_nnmod(m_q, m, rw->Q, ctx)) + goto err; + /* m_p = m mod p */ + if (!BN_nnmod(m_p, m, rw->P, ctx)) + goto err; + + DEBUG_PRINT_BN("m_p", m_p) + DEBUG_PRINT_BN("m_q", m_q) + + /* U = h ** ((q+1)/8) mod q */ + if (!BN_mod_exp(U, m_q, rw->Dq, rw->Q, ctx)) + goto err; + DEBUG_PRINT_BN("U", U) + + /* tmp = U^4 - h mod q */ + if (!BN_mod_sqr(tmp, U, rw->Q, ctx)) + goto err; + if (!BN_mod_sqr(tmp, tmp, rw->Q, ctx)) + goto err; + DEBUG_PRINT_BN("U**4 mod q", tmp) + + /* e = 1 if tmp == 0 else -1 */ + e = 2 * (BN_ucmp(tmp, m_q) == 0) - 1; + DEBUG_PRINTF("e == %i\n", e) + + /* + to avoid "if" branch + if e == -1: m_p = tmp_mp + if e == 1: m_p = m_p + */ + if (!BN_sub(tmp_mp, rw->P, m_p)) + goto err; + m_p = (BIGNUM*)((1 - ((1 + e) >> 1)) * (BN_ULONG)tmp_mp + ((1 + e) >> 1) * (BN_ULONG)m_p); + DEBUG_PRINT_BN("eh mod p", m_p) + + /* V = (eh) ** ((p-3)/8) */ + if (!BN_mod_exp(V, m_p, rw->Dp, rw->P, ctx)) + goto err; + DEBUG_PRINT_BN("V == ((eh) ** ((p-3)/8))", V) + + /* (eh) ** 2 */ + if (!BN_mod_sqr(tmp2, m_p, rw->P, ctx)) + goto err; + DEBUG_PRINT_BN("(eh)**2", tmp2) + + /* V ** 4 */ + if (!BN_mod_sqr(tmp, V, rw->P, ctx)) + goto err; + if (!BN_mod_sqr(tmp, tmp, rw->P, ctx)) + goto err; + DEBUG_PRINT_BN("V**4", tmp) + + /* V**4 * (eh)**2 */ + if (!BN_mod_mul(tmp, tmp, tmp2, rw->P, ctx)) + goto err; + DEBUG_PRINT_BN("tmp = (V**4 * (eh)**2) mod p", tmp) + + /* tmp = tmp - eh mod p */ + if (!BN_mod_sub(tmp, tmp, m_p, rw->P, ctx)) + goto err; + + /* f = 1 if zero else 2 */ + f = 2 - BN_is_zero(tmp); + /* f = 2 - (constant_time_is_zero(BN_ucmp(tmp, m_p)) & 1); */ + DEBUG_PRINTF("f == %i\n", f) + +#ifdef AVOID_IF + if (!BN_mod_mul(tmp_U, U, rw->twomq, rw->q, ctx)) + goto err; + + /* + to avoid "if" branch we use tiny additional computation + */ + U = (BIGNUM*)((2 - f) * (BN_ULONG)U + (1 - (2 - f)) * (BN_ULONG)tmp_U); +#else + + if (f == 2) { + if (!BN_mod_mul(U, U, rw->Twomq, rw->Q, ctx)) + goto err; + } + +#endif + + DEBUG_PRINT_BN("W", U) + + /* V ** 3 */ + if (!BN_mod_sqr(tmp, V, rw->P, ctx)) + goto err; + if (!BN_mod_mul(V, V, tmp, rw->P, ctx)) + goto err; + DEBUG_PRINT_BN("V**3", V) + + /* *(eh) */ + if (!BN_mod_mul(V, V, m_p, rw->P, ctx)) + goto err; + DEBUG_PRINT_BN("V**3 * (eh) mod p", V) + +#ifdef AVOID_IF + + /* to avoid "if" statement we use simple computation */ + if (!BN_mod_mul(tmp_V, V, rw->twomp, rw->p, ctx)) + goto err; + V = (BIGNUM*)((2 - f) * (BN_ULONG)V + (1 - (2 - f)) * (BN_ULONG)tmp_V); + +#else + + if (f == 2) { + if (!BN_mod_mul(V, V, rw->Twomp, rw->P, ctx)) + goto err; + } + +#endif + + DEBUG_PRINT_BN("X", V) + + /* W = U, X = V */ + if (!BN_mod_sub(V, V, U, rw->P, ctx)) + goto err; + DEBUG_PRINT_BN("X - W mod p", V) + + if (!BN_mod_mul(V, V, rw->Iqmp, rw->P, ctx)) + goto err; + DEBUG_PRINT_BN("q**(p-2) * (X-W) mod p", V) + + if (!BN_mul(V, V, rw->Q, ctx)) + goto err; + DEBUG_PRINT_BN("q * prev mod p", V) + + if (!BN_mod_add(V, U, V, rw->N, ctx)) + goto err; + DEBUG_PRINT_BN("Y", V) + + /* now V = Y */ + if (!BN_mod_sqr(V, V, rw->N, ctx)) + goto err; + DEBUG_PRINT_BN("s", V) + +#ifdef FAULT_TOLERANCE_CHECK + + /* now V = s - principal square root */ + /* fault tolerance check */ + if (!BN_mod_sqr(tmp, V, rw->n, ctx)) + goto err; + DEBUG_PRINT_BN("s**2", tmp) + + if (!BN_mul_word(tmp, f)) + goto err; + DEBUG_PRINT_BN("f * s**2", tmp) + + if (!BN_nnmod(tmp, tmp, rw->n, ctx)) + goto err; + DEBUG_PRINT_BN("s**2 * f mod n", tmp) + + /* to avoid "if" statement */ + if (!BN_sub(tmp2, rw->n, tmp)) + goto err; + tmp = (BIGNUM*)(((1 + e) >> 1) * (BN_ULONG)tmp + (1 - ((1 + e) >> 1)) * (BN_ULONG)tmp2); + DEBUG_PRINT_BN("ef(s**2)", tmp) + DEBUG_PRINT_BN("(tmp == original m)", tmp) + + if (BN_ucmp(tmp, m) != 0) + goto err; + +#endif + + /* making the "principal square root" to be "|principal| square root" */ + if (!BN_sub(tmp, rw->N, V)) + goto err; + + /* if tmp = MIN(V, rw->n - V) */ + tmp = BN_ucmp(tmp, V) >= 0 ? V : tmp; + + if (!BN_copy(ret->S, tmp)) + goto err; + + ok = 1; + +err: + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + if (!ok) { + RwSignatureFree(ret); + ret = NULL; + } + + return ret; +} + +static int RwDoVerify(const unsigned char* dgst, int dgst_len, TRwSignature* sig, const TRwKey* rw) { + BIGNUM *m = NULL, *x = NULL, *t1 = NULL, *t2 = NULL, *t1d = NULL, *t2d = NULL; + BN_CTX* ctx = NULL; + BN_ULONG rest1 = 0, rest2 = 0; + int retval = 0; + + if (!rw || !rw->N || !sig || !sig->S) + goto err; + + if ((ctx = BN_CTX_secure_new()) == NULL) + goto err; + BN_CTX_start(ctx); + + m = BN_CTX_get(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + t1d = BN_CTX_get(ctx); + t2d = BN_CTX_get(ctx); + + if (!BN_bin2bn(dgst, dgst_len, m)) + goto err; + /* dgst too big */ + if (!BN_copy(t1, rw->N)) + goto err; + if (!BN_sub_word(t1, 1)) + goto err; + if (!BN_rshift(t1, t1, 1)) + goto err; + + /* check m and rw->n relation */ + if (BN_ucmp(m, rw->N) >= 0) + goto err; + rest1 = BN_mod_word(m, 16); + if (rest1 != 12) + goto err; + + if (BN_ucmp(t1, sig->S) < 0) + goto err; + if (BN_is_negative(sig->S)) + goto err; + + if (!BN_mod_sqr(t1, sig->S, rw->N, ctx)) + goto err; + if (!BN_sub(t2, rw->N, t1)) + goto err; + if (!BN_lshift1(t1d, t1)) + goto err; + if (!BN_lshift1(t2d, t2)) + goto err; + + rest1 = BN_mod_word(t1, 16); + rest2 = BN_mod_word(t2, 16); + + /* mod 16 */ + if (rest1 == 12) { + x = t1; + } + /* mod 8 */ + else if ((rest1 & 0x07) == 6) { + x = t1d; + } + /* mod 16 */ + else if (rest2 == 12) { + x = t2; + } + /* mod 8 */ + else if ((rest2 & 0x07) == 6) { + x = t2d; + } else + goto err; + + DEBUG_PRINT_BN("m", m) + DEBUG_PRINT_BN("x", x) + + /* check signature value */ + retval = BN_ucmp(m, x) == 0; + +err: + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return retval; +} + +static int RwDoApply(BIGNUM* r, BIGNUM* x, BN_CTX* ctx, const TRwKey* rw) { + BIGNUM *t1 = NULL, *t2 = NULL, *t1d = NULL, *t2d = NULL, *rs = NULL; + BN_ULONG rest1 = 0, rest2 = 0; + int retval = 0; + + if (!rw || !rw->N || !x || !ctx || !r) + goto err; + + DEBUG_PRINT_BN("Signature = x = ", x) + DEBUG_PRINT_BN("n", rw->n) + + BN_CTX_start(ctx); + + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + t1d = BN_CTX_get(ctx); + t2d = BN_CTX_get(ctx); + + if (!BN_copy(t1, rw->N)) + goto err; + if (!BN_sub_word(t1, 1)) + goto err; + if (!BN_rshift(t1, t1, 1)) + goto err; + + /* check m and rw->n relation */ + if (BN_ucmp(x, rw->N) >= 0) + goto err; + + if (BN_ucmp(t1, x) < 0) + goto err; + if (BN_is_negative(x)) + goto err; + + if (!BN_mod_sqr(t1, x, rw->N, ctx)) + goto err; + DEBUG_PRINT_BN("x**2 mod n", t1) + + if (!BN_sub(t2, rw->N, t1)) + goto err; + DEBUG_PRINT_BN("n - x**2", t2) + + if (!BN_lshift1(t1d, t1)) + goto err; + if (!BN_lshift1(t2d, t2)) + goto err; + + rest1 = BN_mod_word(t1, 16); + rest2 = BN_mod_word(t2, 16); + + /* mod 16 */ + if (rest1 == 12) { + rs = t1; + } + /* mod 8 */ + else if ((rest1 & 0x07) == 6) { + rs = t1d; + } + /* mod 16 */ + else if (rest2 == 12) { + rs = t2; + } + /* mod 8 */ + else if ((rest2 & 0x07) == 6) { + rs = t2d; + } else + goto err; + + DEBUG_PRINT_BN("Squaring and shifting result (rs)", rs) + retval = BN_copy(r, rs) != NULL; + +err: + BN_CTX_end(ctx); + return retval; +} diff --git a/library/cpp/tvmauth/src/rw/rw_pss.c b/library/cpp/tvmauth/src/rw/rw_pss.c new file mode 100644 index 0000000000..1e040a55eb --- /dev/null +++ b/library/cpp/tvmauth/src/rw/rw_pss.c @@ -0,0 +1,328 @@ +/* + * This code was taken from the OpenSSL's RSA implementation + * and added to the RW project with some changes + * + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2005. + * + */ +/* ==================================================================== + * Copyright (c) 2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "rw.h" + +#include <openssl/bn.h> +#include <openssl/evp.h> +#include <openssl/rand.h> +#include <openssl/sha.h> + +#include <stdio.h> +#include <string.h> + +static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 }; + +static int PkcS1MgF1(unsigned char *mask, const int len, const unsigned char *seed, const int seedlen, const EVP_MD *dgst) { + int i, outlen = 0; + unsigned char cnt[4]; + EVP_MD_CTX* c = EVP_MD_CTX_create(); + unsigned char md[EVP_MAX_MD_SIZE]; + int mdlen; + int rv = -1; + + if (!c) { + return rv; + } + + mdlen = EVP_MD_size(dgst); + + if (mdlen < 0 || seedlen < 0) + goto err; + + for (i = 0; outlen < len; i++) { + cnt[0] = (unsigned char)((i >> 24) & 255); + cnt[1] = (unsigned char)((i >> 16) & 255); + cnt[2] = (unsigned char)((i >> 8)) & 255; + cnt[3] = (unsigned char)(i & 255); + + if (!EVP_DigestInit_ex(c,dgst, NULL) || !EVP_DigestUpdate(c, seed, seedlen) || !EVP_DigestUpdate(c, cnt, 4)) + goto err; + + if (outlen + mdlen <= len) { + if (!EVP_DigestFinal_ex(c, mask + outlen, NULL)) + goto err; + outlen += mdlen; + } else { + if (!EVP_DigestFinal_ex(c, md, NULL)) + goto err; + memcpy(mask + outlen, md, len - outlen); + outlen = len; + } + } + rv = 0; + +err: + EVP_MD_CTX_destroy(c); + return rv; +} + +int RwVerifyPssr(const TRwKey *rw, const unsigned char *mHash, const EVP_MD *Hash, const unsigned char *EM, int sLen) { + int i = 0, ret = 0, hLen = 0, maskedDBLen = 0, MSBits = 0, emLen = 0; + const unsigned char *H = NULL; + unsigned char *DB = NULL; + EVP_MD_CTX* ctx = NULL; + unsigned char H_[EVP_MAX_MD_SIZE]; + const EVP_MD *mgf1Hash = Hash; + + ctx = EVP_MD_CTX_create(); + if (!ctx) { + return ret; + } + hLen = EVP_MD_size(Hash); + + if (hLen < 0) + goto err; + /* + * Negative sLen has special meanings: + * -1 sLen == hLen + * -2 salt length is autorecovered from signature + * -N reserved + */ + if (sLen == -1) + sLen = hLen; + else if (sLen < -2) + goto err; + + { + int bits = BN_num_bits(rw->N); + if (bits <= 0) + goto err; + + MSBits = (bits - 1) & 0x7; + } + emLen = RwModSize(rw); + + if (EM[0] & (0xFF << MSBits)) { + goto err; + } + + if (MSBits == 0) { + EM++; + emLen--; + } + + if (emLen < (hLen + sLen + 2)) /* sLen can be small negative */ + goto err; + + if (emLen < 1) + goto err; + + if (EM[emLen - 1] != 0xbc) + goto err; + + maskedDBLen = emLen - hLen - 1; + if (maskedDBLen <= 0) + goto err; + + H = EM + maskedDBLen; + DB = malloc(maskedDBLen); + + if (!DB) + goto err; + + if (PkcS1MgF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0) + goto err; + + for (i = 0; i < maskedDBLen; i++) + DB[i] ^= EM[i]; + + if (MSBits) + DB[0] &= 0xFF >> (8 - MSBits); + + for (i = 0; DB[i] == 0 && i < (maskedDBLen-1); i++) ; + + if (DB[i++] != 0x1) + goto err; + + if (sLen >= 0 && (maskedDBLen - i) != sLen) + goto err; + + if (!EVP_DigestInit_ex(ctx, Hash, NULL) || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) || !EVP_DigestUpdate(ctx, mHash, hLen)) + goto err; + + if (maskedDBLen - i) { + if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i)) + goto err; + } + + if (!EVP_DigestFinal_ex(ctx, H_, NULL)) + goto err; + + ret = memcmp(H, H_, hLen) ? 0 : 1; + +err: + if (DB) + free(DB); + + EVP_MD_CTX_destroy(ctx); + + return ret; +} + +/* + rw - public key + EM - buffer to write padding value + mHash - hash value + Hash - EVP_MD() that will be used to pad + sLen - random salt len (usually == hashLen) + */ +int RwPaddingAddPssr(const TRwKey *rw, unsigned char *EM, const unsigned char *mHash, const EVP_MD *Hash, int sLen) { + int i = 0, ret = 0, hLen = 0, maskedDBLen = 0, MSBits = 0, emLen = 0; + unsigned char *H = NULL, *salt = NULL, *p = NULL; + const EVP_MD *mgf1Hash = Hash; + EVP_MD_CTX* ctx = EVP_MD_CTX_create(); + if (!ctx) { + return ret; + } + + hLen = EVP_MD_size(Hash); + if (hLen < 0) + goto err; + /* + * Negative sLen has special meanings: + * -1 sLen == hLen + * -2 salt length is maximized + * -N reserved + */ + if (sLen == -1) + sLen = hLen; + else if (sLen < -2) + goto err; + + { + int bits = BN_num_bits(rw->N); + if (bits <= 0) + goto err; + MSBits = (bits - 1) & 0x7; + } + emLen = RwModSize(rw); + if (emLen <= 0) + goto err; + + if (MSBits == 0) { + *EM++ = 0; + emLen--; + fprintf(stderr, "MSBits == 0\n"); + } + + if (sLen == -2) { + sLen = emLen - hLen - 2; + } + else if (emLen < (hLen + sLen + 2)) + goto err; + + if (sLen > 0) { + salt = malloc(sLen); + if (!salt) goto err; + if (RAND_bytes(salt, sLen) <= 0) + goto err; + } + + maskedDBLen = emLen - hLen - 1; + if (maskedDBLen < 0) + goto err; + H = EM + maskedDBLen; + + if (!EVP_DigestInit_ex(ctx, Hash, NULL) || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes) || !EVP_DigestUpdate(ctx, mHash, hLen)) + goto err; + + if (sLen && !EVP_DigestUpdate(ctx, salt, sLen)) + goto err; + + if (!EVP_DigestFinal_ex(ctx, H, NULL)) + goto err; + + /* Generate dbMask in place then perform XOR on it */ + if (PkcS1MgF1(EM, maskedDBLen, H, hLen, mgf1Hash)) + goto err; + + p = EM; + + /* Initial PS XORs with all zeroes which is a NOP so just update + * pointer. Note from a test above this value is guaranteed to + * be non-negative. + */ + p += emLen - sLen - hLen - 2; + *p++ ^= 0x1; + + if (sLen > 0) { + for (i = 0; i < sLen; i++) + *p++ ^= salt[i]; + } + + if (MSBits) + EM[0] &= 0xFF >> (8 - MSBits); + + /* H is already in place so just set final 0xbc */ + EM[emLen - 1] = 0xbc; + + ret = 1; + +err: + EVP_MD_CTX_destroy(ctx); + + if (salt) + free(salt); + + return ret; +} diff --git a/library/cpp/tvmauth/src/rw/rw_pss_sign.c b/library/cpp/tvmauth/src/rw/rw_pss_sign.c new file mode 100644 index 0000000000..683514ad6d --- /dev/null +++ b/library/cpp/tvmauth/src/rw/rw_pss_sign.c @@ -0,0 +1,211 @@ +#include "rw.h" + +#include <openssl/evp.h> + +//#define DBG_FUZZING + +int RwApply(const int flen, const unsigned char* from, unsigned char* to, const TRwKey* rw) { + int i, j, num, k, r = -1; + BN_CTX* ctx = NULL; + BIGNUM *f = NULL, *ret = NULL; + + if ((ctx = BN_CTX_secure_new()) == NULL) + goto err; + BN_CTX_start(ctx); + + f = BN_CTX_get(ctx); + ret = BN_CTX_get(ctx); + + num = BN_num_bytes(rw->N); + + if (num <= 0) + goto err; + + if (!f || !ret) + goto err; + + if (BN_bin2bn(from, flen, f) == NULL) + goto err; + if (BN_ucmp(f, rw->N) >= 0) + goto err; + + if (!rw->Meth->RwApply(ret, f, ctx, rw)) + goto err; + + j = BN_num_bytes(ret); + if (num < j || j < 0) + goto err; + + i = BN_bn2bin(ret, to + num - j); + if (i < 0 || i > num) + goto err; + + for (k = 0; k < (num - i); k++) + to[k] = 0; + r = num; + +err: + if (ctx != NULL) { + BN_CTX_end(ctx); + BN_CTX_free(ctx); + } + return r; +} + +int RwPssrSignHash(const unsigned char* from, unsigned char* to, TRwKey* rw, const EVP_MD* md) { + unsigned char* padding = NULL; + int result = 0; + + if (from == NULL || to == NULL || rw == NULL || md == NULL) + return 0; + + int digest_size = EVP_MD_size(md); + int sig_size = RwModSize(rw); + + if (digest_size <= 0 || sig_size <= 0) + return 0; + + int tries = 50; + do { + if (padding != NULL) { + free(padding); +#ifdef DBG_FUZZING + fprintf(stderr, "Padding regenerating required\n"); +#endif + } + + padding = malloc(sig_size); + if (padding == NULL) + return 0; + + if (!RwPaddingAddPssr(rw, padding, from, md, digest_size)) + goto err; + } while (padding[0] == 0x00 && tries-- > 0); + + result = RwNoPaddingSign(sig_size, padding, to, rw); + +err: + if (padding != NULL) + free(padding); + + return result; +} + +int RwPssrSignMsg(const int msgLen, const unsigned char* msg, unsigned char* to, TRwKey* rw, const EVP_MD* md) { + EVP_MD_CTX* mdctx = NULL; + unsigned char* digest = NULL; + unsigned int digestLen; + int result = 0; + + if (msg == NULL || to == NULL || rw == NULL || md == NULL) + goto err; + + if (rw->P == NULL || rw->Q == NULL) + goto err; + + if ((mdctx = EVP_MD_CTX_create()) == NULL) + goto err; + + if (1 != EVP_DigestInit_ex(mdctx, md, NULL)) + goto err; + + if (1 != EVP_DigestUpdate(mdctx, msg, msgLen)) + goto err; + + if ((digest = (unsigned char*)malloc(EVP_MD_size(md))) == NULL) + goto err; + + if (1 != EVP_DigestFinal_ex(mdctx, digest, &digestLen)) + goto err; + + result = RwPssrSignHash(digest, to, rw, md); + +err: + if (mdctx != NULL) + EVP_MD_CTX_destroy(mdctx); + if (digest != NULL) + free(digest); + + return result; +} + +int RwPssrVerifyHash(const unsigned char* from, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md) { + unsigned char* buffer = NULL; + int buffer_len; + int salt_size; + int result = 0; + + if (from == NULL || sig == NULL || rw == NULL || md == NULL) + return 0; + + if (rw->N == NULL || rw->Meth == NULL) + return 0; + + salt_size = EVP_MD_size(md); + if (salt_size <= 0) + return 0; + + buffer_len = RwModSize(rw); + if (buffer_len <= 0) + return 0; + + buffer = (unsigned char*)malloc(buffer_len); + if (buffer == NULL) + return 0; + + if (RwApply(sig_len, sig, buffer, rw) <= 0) + goto err; + + if (RwVerifyPssr(rw, from, md, buffer, salt_size) <= 0) + goto err; + + result = 1; + +err: + if (buffer != NULL) + free(buffer); + + return result; +} + +int RwPssrVerifyMsg(const int msgLen, const unsigned char* msg, const unsigned char* sig, const int sig_len, const TRwKey* rw, const EVP_MD* md) { + EVP_MD_CTX* mdctx = NULL; + unsigned char* digest = NULL; + unsigned int digestLen = 0; + int result = 0; + + if (msg == NULL || msgLen == 0 || sig == NULL || rw == NULL || md == NULL) + goto err; + + if (rw->N == NULL) + goto err; + + if ((mdctx = EVP_MD_CTX_create()) == NULL) + goto err; + + if (1 != EVP_DigestInit_ex(mdctx, md, NULL)) + goto err; + + int size_to_alloc = EVP_MD_size(md); + if (size_to_alloc <= 0) + goto err; + + if ((digest = (unsigned char*)malloc(size_to_alloc)) == NULL) + goto err; + + if (1 != EVP_DigestUpdate(mdctx, msg, msgLen)) + goto err; + + if (1 != EVP_DigestFinal_ex(mdctx, digest, &digestLen)) + goto err; + + result = RwPssrVerifyHash(digest, sig, sig_len, rw, md); + +err: + if (mdctx != NULL) + EVP_MD_CTX_destroy(mdctx); + if (digest != NULL) + free(digest); + + return result; +} diff --git a/library/cpp/tvmauth/src/rw/rw_sign.c b/library/cpp/tvmauth/src/rw/rw_sign.c new file mode 100644 index 0000000000..e320808dd3 --- /dev/null +++ b/library/cpp/tvmauth/src/rw/rw_sign.c @@ -0,0 +1,46 @@ +#include "rw.h" + +TRwSignature* RwSignatureNew(void) { + TRwSignature* sig = NULL; + sig = malloc(sizeof(TRwSignature)); + if (!sig) + return NULL; + sig->S = NULL; + return sig; +} + +void RwSignatureFree(TRwSignature* sig) { + if (sig) { + if (sig->S) + BN_free(sig->S); + free(sig); + } +} + +int RwNoPaddingSign(int flen, const unsigned char* from, unsigned char* to, TRwKey* rw) { + int i = 0, r = 0, num = -1; + TRwSignature* sig = NULL; + + if (!rw || !rw->N || !rw->Meth || !rw->Meth->RwSign || !from || !to) + goto err; + + if ((sig = rw->Meth->RwSign(from, flen, rw)) == NULL) + goto err; + num = BN_num_bytes(rw->N); + + r = BN_bn2bin(sig->S, to); + if (r < 0) + goto err; + + /* put zeroes to the rest of the 'to' buffer */ + for (i = r; i < num; i++) { + to[i] = 0x00; + } + +err: + if (sig != NULL) { + RwSignatureFree(sig); + } + + return r; +} diff --git a/library/cpp/tvmauth/src/rw/ut/rw_ut.cpp b/library/cpp/tvmauth/src/rw/ut/rw_ut.cpp new file mode 100644 index 0000000000..9467d5d7c4 --- /dev/null +++ b/library/cpp/tvmauth/src/rw/ut/rw_ut.cpp @@ -0,0 +1,200 @@ +#include <library/cpp/tvmauth/src/rw/keys.h> +#include <library/cpp/tvmauth/src/rw/rw.h> + +#include <library/cpp/string_utils/base64/base64.h> +#include <library/cpp/testing/unittest/registar.h> + +#include <openssl/bn.h> +#include <openssl/evp.h> + +namespace NTvmAuth { + /* + returns 0 in case of error + */ + int MakeKeysRw(TRwKey** skey, TRwKey** vkey) { + int result = 0; + + TRwKey* rw = RwNew(); + + do { + RwGenerateKey(rw, 2048); + + if (rw == nullptr) { + printf("RwGenerateKey failed\n"); + break; /* failed */ + } + + printf("RW key bits: %d\n", BN_num_bits(rw->N)); + + /* Set signing key */ + *skey = RwPrivateKeyDup(rw); + if (*skey == nullptr) { + printf("RwPrivateKeyDup failed\n"); + break; + } + + /* Set verifier key */ + *vkey = RwPublicKeyDup(rw); + if (*vkey == nullptr) { + printf("RwPublicKeyDup failed\n"); + break; + } + + result = 1; + + } while (0); + + if (rw) { + RwFree(rw); + rw = nullptr; + } + + return result; + } + + static void PrintIt(const char* label, const unsigned char* buff, size_t len) { + if (!buff || !len) + return; + + if (label) + printf("%s: ", label); + + for (size_t i = 0; i < len; ++i) + printf("%02X", buff[i]); + + printf("\n"); + } + + int TestSignVerify() { + TRwKey *skey = nullptr, *vkey = nullptr; + const char* msg = "Test test test test test"; + unsigned int msg_len = 0; + int res = 0; + + msg_len = (unsigned int)strlen(msg); + if (MakeKeysRw(&skey, &vkey)) { + unsigned char* sign = new unsigned char[RwModSize(skey) + 10]; + int sign_len; + printf("RwModSize(skey) returned %d\n", RwModSize(skey)); + memset(sign, 0x00, RwModSize(skey) + 10); + + printf("--- Signing call ---\n"); + if ((sign_len = RwPssrSignMsg(msg_len, (unsigned char*)msg, sign, skey, (EVP_MD*)EVP_sha256())) != 0) { +#ifdef RW_PRINT_DEBUG + BIGNUM* s = BN_new(); +#endif + printf("\n"); + PrintIt("Signature", sign, RwModSize(skey)); + +#ifdef RW_PRINT_DEBUG + BN_bin2bn(sign, RW_mod_size(skey), s); + + print_bn("Signature BN", s); + + BN_free(s); +#endif + + printf("--- Verification call ---\n"); + if (RwPssrVerifyMsg(msg_len, (unsigned char*)msg, sign, sign_len, vkey, (EVP_MD*)EVP_sha256())) { + printf("Verification: success!\n"); + res = 1; + } else { + printf("Verification: failed!\n"); + printf("RwPssrVerifyMsg failed!\n"); + return 1; + } + } else { + printf("RwPssrSignMsg failed!\n"); + return 1; + } + + if (sign != nullptr) + delete[] sign; + + } else { + printf("MakeKeysRw failed!\n"); + return 1; + } + + if (skey != nullptr) { + RwFree(skey); + } + if (vkey != nullptr) + RwFree(vkey); + + return res; + } +} + +using namespace NTvmAuth; +Y_UNIT_TEST_SUITE(Rw) { + Y_UNIT_TEST(SignVerify) { + for (int i = 1; i < 10; ++i) { + UNIT_ASSERT_VALUES_EQUAL(1, TestSignVerify()); + } + } + + Y_UNIT_TEST(TKeysPriv) { + NRw::TRwPrivateKey priv(Base64Decode("MIIEmwKCAQBwsRd4frsVARIVSfj_vCdfvA3Q9SsGhSybdBDhbm8L6rPqxdoSNLCdNXzDWj7Ppf0o8uWHMxC-5Lfw0I18ri68nhm9-ndixcnbn6ti1uetgkc28eiEP6Q8ILD_JmkynbUl1aKDNAa5XsK2vFSEX402uydRomsTn46kRY23hfqcIi0ohh5VxIrpclRsRZus0JFu-RJzhqTbKYV4y4dglWPGHh5BuTv9k_Oh0_Ra8Xp5Rith5vjaKZUQ5Hyh9UtBYTkNWdvXP9OpmbiLVeRLuMzBm4HEFHDwMZ1h6LSVP-wB_spJPaMLTn3Q3JIHe-wGBYRWzU51RRYDqv4O_H12w5C1AoGBALAwCQ7fdAPG1lGclL7iWFjUofwPCFwPyDjicDT_MRRu6_Ta4GjqOGO9zuOp0o_ePgvR-7nA0fbaspM4LZNrPZwmoYBCJMtKXetg68ylu2DO-RRSN2SSh1AIZSA_8UTABk69bPzNL31j4PyZWxrgZ3zP9uZvzggveuKt5ZhCMoB7AoGBAKO9oC2AZjLdh2RaEFotTL_dY6lVcm38VA6PnigB8gB_TMuSrd4xtRw5BxvHpOCnBcUAJE0dN4_DDe5mrotKYMD2_3_lcq9PaLZadrPDCSDL89wtoVxNQNAJTqFjBFXYNu4Ze63lrsqg45TF5XmVRemyBHzXw3erd0pJaeoUDaSPAoGAJhGoHx_nVw8sDoLzeRkOJ1_6-uh_wVmVr6407_LPjrrySEq-GiYu43M3-QDp8J_J9e3S1Rpm4nQX2bEf5Gx9n4wKz7Hp0cwkOqBOWhvrAu6YLpv59wslEtkx0LYcJy6yQk5mpU8l29rPO7b50NyLnfnE2za-9DyK038FKlr5VgICgYAUd7QFsAzGW7Dsi0ILRamX-6x1Kq5Nv4qB0fPFAD5AD-mZclW7xjajhyDjePScFOC4oASJo6bx-GG9zNXRaUwYHt_v_K5V6e0Wy07WeGEkGX57hbQriagaASnULGCKuwbdwy91vLXZVBxymLyvMqi9NkCPmvhu9W7pSS09QoG0kgKBgBYGASHb7oB42sozkpfcSwsalD-B4QuB-QccTgaf5iKN3X6bXA0dRwx3udx1OlH7x8F6P3c4Gj7bVlJnBbJtZ7OE1DAIRJlpS71sHXmUt2wZ3yKKRuySUOoBDKQH_iiYAMnXrZ-Zpe-sfB-TK2NcDO-Z_tzN-cEF71xVvLMIRlAPAoGAdeikZPh1O57RxnVY72asiMRZheMBhK-9uSNPyYEZv3bUnIjg4XdMYStF2yTHNu014XvkDSQTe-drv2BDs9ExKplM4xFOtDtPQQ3mMB3GoK1qVhM_9n1QEElreurMicahkalnPo6tU4Z6PFL7PTpjRnCN67lJp0J0fxNDL13YSagCgYBA9VJrMtPjzcAx5ZCIYJjrYUPqEG_ttQN2RJIHN3MVpdpLAMIgX3tnlfyLwQFVKK45D1JgFa_1HHcxTWGtdIX4nsIjPWt-cWCCCkkw9rM5_Iqcb-YLSood6IP2OK0w0XLD1STnFRy_BRwdjPbGOYmp6YrJDZAlajDkFSdRvsz9Vg=="), + 0); + NRw::TRwPrivateKey priv2(Base64Decode("MIIEnAKCAQEA4RATOfumLD1n6ICrW5biaAl9VldinczmkNPjpUWwc3gs8PnkCrtdnPFmpBwW3gjHdSNU1OuEg5A6K1o1xiGv9sU-jd88zQBOdK6E2zwnJnkK6bNusKE2H2CLqg3aMWCmTa9JbzSy1uO7wa-xCqqNUuCko-2lyv12HhL1ICIH951SHDa4qO1U5xZhhlUAnqWi9R4tYDeMiF41WdOjwT2fg8UkbusThmxa3yjCXjD7OyjshPtukN8Tl3UyGtV_s2CLnE3f28VAi-AVW8FtgL22xbGhuyEplXRrtF1E5oV7NSqxH1FS0SYROA8ffYQGV5tfx5WDFHiXDEP6BzoVfeBDRQKBgQDzidelKZNFMWar_yj-r_cniMkZXNaNVEQbMg1A401blGjkU1r-ufGH5mkdNx4IgEoCEYBTM834Z88fYV1lOVfdT0OqtiVoC9NkLu3xhQ1r9_r6RMaAenwsV7leH8jWMOKvhkB0KNI49oznTGDqLp0AbDbtP66xdNH4dr3rw3WFywKBgQDslDdv4sdnRKN27h2drhn4Pp_Lgw2U-6MfHiyjp6BKR8Qtlld3hdb-ZjU9F0h38DqECmFIEe35_flKfd7X21CBQs9EuKR8EdaF3OAgzA-TRWeQhyHmaV7Fas1RlNqZHm8lckaZT8dX9Ygsxn0I_vUbm9pkFivwGvQnnwNQ7Te5LwKBgCVMYOzLHW911l6EbCZE6XU2HUrTKEd1bdqWCgtxPEmDl3BZcXpnyKpqSHmlH1F7s65WBfejxDM2hjin3OnXSog_x35ql_-Azu93-79QAzbQc6Z13BuWPpQxV8iw4ijqRRhzjD2pcvXlIxgebp5-H0eDt-Md2Y8rkrzyhm8EH7mwAoGAHZKG7fxY7OiUbt3Ds7XDPwfT-XBhsp90Y-PFlHT0CUj4hbLK7vC638zGp6LpDv4HUIFMKQI9vz-_KU-72vtqEChZ6JcUj4I60LucBBmB8mis8hDkPM0r2K1ZqjKbUyPN5K5I0yn46v6xBZjPoR_eo3N7TILFfgNehPPgah2m9yYCgYAecTr0pTJopizVf-Uf1f7k8RkjK5rRqoiDZkGoHGmrco0cimtf1z4w_M0jpuPBEAlAQjAKZnm_DPnj7Cuspyr7qeh1VsStAXpshd2-MKGtfv9fSJjQD0-Fivcrw_kaxhxV8MgOhRpHHtGc6YwdRdOgDYbdp_XWLpo_Dte9eG6wuQKBgDzo0e8d8pTyvCP23825rVzvrSHBZkliGkCEu0iggDnfKOreejFhQN9JeBo8sYdQFCRBptEU6k4b5O6J3NQ1Sspiez15ddqmFMD4uhJY6VsV-JFnL9YhLqVd355xZCyU4b07mReU9-LuqK2m2chjxH_HDAgUoEvO_yzR9EDYqHbNAoGAf529Ah9HIT5aG6IGTlwQdk-M7guy63U4vj4uC7z98qgvFEsV6cr4miT6RE8Aw5yAeN5pW59rZNjBNr9i-8n8kouasho2xNMTPKP8YuSNg2PNNS5T1Ou56mgsBCY5i10TIHKNIm2RVSUgzJ97BMEOZY6jQRytFfwgYkvnFzbuA9c="), + 0); + NRw::TRwPrivateKey priv3(Base64Decode("MIICVAKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NAkEAg1xBDL_UkHy347HwioMscJFP-6eKeim3LoG9rd1EvOycxkoStZ4299OdyzzEXC9cjLdq401BXe-LairiMUgZawJBALn5ziBCc2ycMaYjZDon2EN55jBEe0tJdUy4mOi0ozTV9OLcBANds0nMYPjZFOY3QymzU0LcOa_An3JknI0C2ucCQGxtwTb3h7ux5Ld8jkeRYzkNoB2Y6Is5fqCYVRIJZmz0IcQFb2iW0EX92U7_BpgVuKlvSDTP9LuaxuPfmY6WXEECQBc_OcQITm2ThjTEbIdE-whvPMYIj2lpLqmXEx0WlGaavpxbgIBrtmk5jB8bIpzG6GU2amhbhzX4E-5Mk5GgW10CQBBriCGX-pIPlvx2PhFQZY4SKf908U9FNuXQN7W7qJedk5jJQlazxt76c7lnmIuF65GW7VxpqCu98W1FXEYpAy0CQG-lpihdvxaZ8SkHqNFZGnXhELT2YesLs7GehZSTwuUwx1iTpVm88PVROLYBDZqoGM316s9aZEJBALe5zEpxQTQCQQCDMszX1cQlbBCP08isuMQ2ac3S-qNd0mfRXDCRfMm4s7iuJ5MeHU3uPUVlA_MR4ULRbg1d97TGio912z4KPgjE"), + 0); + + UNIT_ASSERT_EXCEPTION(NRw::TRwPrivateKey("asdzxcv", 0), yexception); + UNIT_ASSERT_EXCEPTION(NRw::TRwPrivateKey(Base64Decode("AKBgF9t2YJGAJkRRFq6fWhi3m1TFW1UOE0f6ZrfYhHAkpqGlKlh0QVfeTNPpeJhi75xXzCe6oReRUm-0DbqDNhTShC7uGUv1INYnRBQWH6E-5Fc5XrbDFSuGQw2EYjNfHy_HefHJXxQKAqPvxBDKMKkHgV58WtM6rC8jRi9sdX_ig2NAkEAg1xBDL_UkHy347HwioMscJFP-6eKeim3LoG9rd1EvOycxkoStZ4299OdyzzEXC9cjLdq401BXe-LairiMUgZawJBALn5ziBCc2ycMaYjZDon2EN55jBEe0tJdUy4mOi0ozTV9OLcBANds0nMYPjZFOY3QymzU0LcOa_An3JknI0C2ucCQGxtwTb3h7ux5Ld8jkeRYzkNoB2Y6Is5fqCYVRIJZmz0IcQFb2iW0EX92U7_BpgVuKlvSDTP9LuaxuPfmY6WXEECQBc_OcQITm2ThjTEbIdE-whvPMYIj2lpLqmXEx0WlGaavpxbgIBrtmk5jB8bIpzG6GU2amhbhzX4E-5Mk5GgW10CQBBriCGX-pIPlvx2PhFQZY4SKf908U9FNuXQN7W7qJedk5jJQlazxt76c7lnmIuF65GW7VxpqCu98W1FXEYpAy0CQG-lpihdvxaZ8SkHqNFZGnXhELT2YesLs7GehZSTwuUwx1iTpVm88PVROLYBDZqoGM316s9aZEJBALe5zEpxQTQCQQCDMszX1cQlbBCP08isuMQ2ac3S-qNd0mfRXDCRfMm4s7iuJ5MeHU3uPUVlA_MR4ULRbg1d97TGio912z4KP"), + 0), + yexception); + + UNIT_ASSERT(!priv.SignTicket("").empty()); + } + + Y_UNIT_TEST(TKeysPub) { + NRw::TRwPublicKey pub(Base64Decode("MIIBBAKCAQBwsRd4frsVARIVSfj_vCdfvA3Q9SsGhSybdBDhbm8L6rPqxdoSNLCdNXzDWj7Ppf0o8uWHMxC-5Lfw0I18ri68nhm9-ndixcnbn6ti1uetgkc28eiEP6Q8ILD_JmkynbUl1aKDNAa5XsK2vFSEX402uydRomsTn46kRY23hfqcIi0ohh5VxIrpclRsRZus0JFu-RJzhqTbKYV4y4dglWPGHh5BuTv9k_Oh0_Ra8Xp5Rith5vjaKZUQ5Hyh9UtBYTkNWdvXP9OpmbiLVeRLuMzBm4HEFHDwMZ1h6LSVP-wB_spJPaMLTn3Q3JIHe-wGBYRWzU51RRYDqv4O_H12w5C1")); + NRw::TRwPublicKey pub2(Base64Decode("MIIBBQKCAQEA4RATOfumLD1n6ICrW5biaAl9VldinczmkNPjpUWwc3gs8PnkCrtdnPFmpBwW3gjHdSNU1OuEg5A6K1o1xiGv9sU-jd88zQBOdK6E2zwnJnkK6bNusKE2H2CLqg3aMWCmTa9JbzSy1uO7wa-xCqqNUuCko-2lyv12HhL1ICIH951SHDa4qO1U5xZhhlUAnqWi9R4tYDeMiF41WdOjwT2fg8UkbusThmxa3yjCXjD7OyjshPtukN8Tl3UyGtV_s2CLnE3f28VAi-AVW8FtgL22xbGhuyEplXRrtF1E5oV7NSqxH1FS0SYROA8ffYQGV5tfx5WDFHiXDEP6BzoVfeBDRQ==")); + NRw::TRwPublicKey pub3(Base64Decode("MIGDAoGAX23ZgkYAmRFEWrp9aGLebVMVbVQ4TR_pmt9iEcCSmoaUqWHRBV95M0-l4mGLvnFfMJ7qhF5FSb7QNuoM2FNKELu4ZS_Ug1idEFBYfoT7kVzletsMVK4ZDDYRiM18fL8d58clfFAoCo-_EEMowqQeBXnxa0zqsLyNGL2x1f-KDY0=")); + + UNIT_ASSERT_EXCEPTION(NRw::TRwPublicKey("asdzxcv"), yexception); + UNIT_ASSERT_EXCEPTION(NRw::TRwPublicKey(Base64Decode("AoGAX23ZgkYAmRFEWrp9aGLebVMVbVQ4TR_pmt9iEcCSmoaUqWHRBV95M0-l4mGLvnFfMJ7qhF5FSb7QNuoM2FNKELu4ZS_Ug1idEFBYfoT7kVzletsMVK40")), yexception); + + UNIT_ASSERT(!pub.CheckSign("~~~", "~~~")); + } + + Y_UNIT_TEST(TKeys) { + NRw::TRwPrivateKey priv(Base64Decode("MIIEmwKCAQBwsRd4frsVARIVSfj_vCdfvA3Q9SsGhSybdBDhbm8L6rPqxdoSNLCdNXzDWj7Ppf0o8uWHMxC-5Lfw0I18ri68nhm9-ndixcnbn6ti1uetgkc28eiEP6Q8ILD_JmkynbUl1aKDNAa5XsK2vFSEX402uydRomsTn46kRY23hfqcIi0ohh5VxIrpclRsRZus0JFu-RJzhqTbKYV4y4dglWPGHh5BuTv9k_Oh0_Ra8Xp5Rith5vjaKZUQ5Hyh9UtBYTkNWdvXP9OpmbiLVeRLuMzBm4HEFHDwMZ1h6LSVP-wB_spJPaMLTn3Q3JIHe-wGBYRWzU51RRYDqv4O_H12w5C1AoGBALAwCQ7fdAPG1lGclL7iWFjUofwPCFwPyDjicDT_MRRu6_Ta4GjqOGO9zuOp0o_ePgvR-7nA0fbaspM4LZNrPZwmoYBCJMtKXetg68ylu2DO-RRSN2SSh1AIZSA_8UTABk69bPzNL31j4PyZWxrgZ3zP9uZvzggveuKt5ZhCMoB7AoGBAKO9oC2AZjLdh2RaEFotTL_dY6lVcm38VA6PnigB8gB_TMuSrd4xtRw5BxvHpOCnBcUAJE0dN4_DDe5mrotKYMD2_3_lcq9PaLZadrPDCSDL89wtoVxNQNAJTqFjBFXYNu4Ze63lrsqg45TF5XmVRemyBHzXw3erd0pJaeoUDaSPAoGAJhGoHx_nVw8sDoLzeRkOJ1_6-uh_wVmVr6407_LPjrrySEq-GiYu43M3-QDp8J_J9e3S1Rpm4nQX2bEf5Gx9n4wKz7Hp0cwkOqBOWhvrAu6YLpv59wslEtkx0LYcJy6yQk5mpU8l29rPO7b50NyLnfnE2za-9DyK038FKlr5VgICgYAUd7QFsAzGW7Dsi0ILRamX-6x1Kq5Nv4qB0fPFAD5AD-mZclW7xjajhyDjePScFOC4oASJo6bx-GG9zNXRaUwYHt_v_K5V6e0Wy07WeGEkGX57hbQriagaASnULGCKuwbdwy91vLXZVBxymLyvMqi9NkCPmvhu9W7pSS09QoG0kgKBgBYGASHb7oB42sozkpfcSwsalD-B4QuB-QccTgaf5iKN3X6bXA0dRwx3udx1OlH7x8F6P3c4Gj7bVlJnBbJtZ7OE1DAIRJlpS71sHXmUt2wZ3yKKRuySUOoBDKQH_iiYAMnXrZ-Zpe-sfB-TK2NcDO-Z_tzN-cEF71xVvLMIRlAPAoGAdeikZPh1O57RxnVY72asiMRZheMBhK-9uSNPyYEZv3bUnIjg4XdMYStF2yTHNu014XvkDSQTe-drv2BDs9ExKplM4xFOtDtPQQ3mMB3GoK1qVhM_9n1QEElreurMicahkalnPo6tU4Z6PFL7PTpjRnCN67lJp0J0fxNDL13YSagCgYBA9VJrMtPjzcAx5ZCIYJjrYUPqEG_ttQN2RJIHN3MVpdpLAMIgX3tnlfyLwQFVKK45D1JgFa_1HHcxTWGtdIX4nsIjPWt-cWCCCkkw9rM5_Iqcb-YLSood6IP2OK0w0XLD1STnFRy_BRwdjPbGOYmp6YrJDZAlajDkFSdRvsz9Vg=="), + 0); + NRw::TRwPublicKey pub(Base64Decode("MIIBBAKCAQBwsRd4frsVARIVSfj_vCdfvA3Q9SsGhSybdBDhbm8L6rPqxdoSNLCdNXzDWj7Ppf0o8uWHMxC-5Lfw0I18ri68nhm9-ndixcnbn6ti1uetgkc28eiEP6Q8ILD_JmkynbUl1aKDNAa5XsK2vFSEX402uydRomsTn46kRY23hfqcIi0ohh5VxIrpclRsRZus0JFu-RJzhqTbKYV4y4dglWPGHh5BuTv9k_Oh0_Ra8Xp5Rith5vjaKZUQ5Hyh9UtBYTkNWdvXP9OpmbiLVeRLuMzBm4HEFHDwMZ1h6LSVP-wB_spJPaMLTn3Q3JIHe-wGBYRWzU51RRYDqv4O_H12w5C1")); + + const TString data = "my magic data"; + + UNIT_ASSERT(pub.CheckSign(data, priv.SignTicket(data))); + UNIT_ASSERT(!pub.CheckSign("~~~~" + data, priv.SignTicket(data))); + UNIT_ASSERT(!pub.CheckSign(data, "~~~~" + priv.SignTicket(data))); + + UNIT_ASSERT(pub.CheckSign(data, + Base64Decode("EC5hZunmK3hOJZeov_XlNIXcwj5EsgX94lMd-tQJTNUO4NR6bCO7qQkKjEeFJmI2QFYXGY-iSf9WeMJ_brECAMyYAix-L8sZqcMPXD945QgkPsNQKyC0DX9FkgfSh6ZKkA-UvFSHrkn3QbeE9omk3-yXpqR-M8DlVqmp3mwdYlYRq0NdfTaD3AMXVA4aZTbW3OmhJoLJ8AxJ3w1oG5q_lk8dpW9vvqfIzsfPABme6sY5XyPmsjYaRDf9z4ZJgR-wTkG06_N_YzIklS5T2s_4FUKLz5gLMhsnVlNUpgZyRN9sXTAn9-zMJnCwAC8WRgykWnljPGDDJCjk-Xwsg7AOLQ=="))); + UNIT_ASSERT(pub.CheckSign(data, + Base64Decode("JbHSn1QEQeOEvzyt-LpawbQv4vPEEE05bWhjB2-MkoV-tyq9FykSqGqhP3ZFc1_FPrqguwEYrHibI2l5w3q8wnI1fcyRUoNuJxmBSzf2f_Uzn9ZoUSc7D9pTGSvK_hhZoL4YMc_VfbdEdnDuvHZNlZyaDPH9EbmUqyXjnXTEwRoK0fAU1rhlHvSZvnp0ctVBWSkaQsaU8dJTKDBtIQVP1D5Py2pKB2NBF_Ytz2thWt7iLjbTyjtis6DC-JKwjFBqv6nQf42sKalHQqWFuIvBCIfNUswEw4_sGfwWVSBBmFplf7FmD7sN8znUahYUPGCe1uFNly6WwpPJsm8VtiU80g=="))); + UNIT_ASSERT(pub.CheckSign(data, + Base64Decode("FeMZtDP-yuoNqK2HYw3JxTV9v7p8IoQEuRMtuHddafh4bq1ZOeEqg7g7Su6M3iq_kN9DZ_fVhuhuVcbZmNYPIvJ8oL5DE80KI3d1Qbs9mS8_X4Oq2TJpZgNfFG-z_LPRZSNRP9Q8sQhlAoSZHOSZkBFcYj1EuqEp6nSSSbX8Ji4Se-TfhIh3YFQkr-Ivk_3NmSXhDXUaW7CHo2rVm58QJ2cgSEuxzBH-Q8E8tGDCEmk4p3_iot9XY8RRN-_j0yi15etmXCUIKFbpDogtHdT8CyAEVHMYvsLqkLux9pzy3RdvNQmoPjol3wIm-H0wMtF_pMw4G2QLNev6he6xWeckxw=="))); + } + + Y_UNIT_TEST(Keygen) { + for (size_t idx = 0; idx < 100; ++idx) { + NRw::TKeyPair pair = NRw::GenKeyPair(1024); + NRw::TRwPrivateKey priv(pair.Private, 0); + NRw::TRwPublicKey pub(pair.Public); + + const TString data = "my magic data"; + TStringStream s; + s << "data='" << data << "'."; + s << "private='" << Base64Encode(pair.Private) << "'."; + s << "public='" << Base64Encode(pair.Public) << "'."; + TString sign; + UNIT_ASSERT_NO_EXCEPTION_C(sign = priv.SignTicket(data), s.Str()); + s << "sign='" << Base64Encode(sign) << "'."; + UNIT_ASSERT_C(pub.CheckSign(data, sign), s.Str()); + } + } +} diff --git a/library/cpp/tvmauth/src/rw/ut_large/gen/main.cpp b/library/cpp/tvmauth/src/rw/ut_large/gen/main.cpp new file mode 100644 index 0000000000..31a599c996 --- /dev/null +++ b/library/cpp/tvmauth/src/rw/ut_large/gen/main.cpp @@ -0,0 +1,32 @@ +#include <library/cpp/tvmauth/src/rw/keys.h> + +#include <library/cpp/string_utils/base64/base64.h> + +#include <util/generic/yexception.h> + +using namespace NTvmAuth; + +const TString DATA = "my magic data"; + +int main(int, char**) { + const NRw::TKeyPair pair = NRw::GenKeyPair(1024); + const NRw::TRwPrivateKey priv(pair.Private, 0); + const NRw::TRwPublicKey pub(pair.Public); + + Cout << "data='" << DATA << "'." + << "private='" << Base64Encode(pair.Private) << "'." + << "public='" << Base64Encode(pair.Public) << "'."; + + TString sign; + try { + sign = priv.SignTicket(DATA); + Cout << "sign='" << Base64Encode(sign) << "'."; + Y_ENSURE(pub.CheckSign(DATA, sign)); + } catch (const std::exception& e) { + Cout << "what='" << e.what() << "'" << Endl; + return 1; + } + Cout << Endl; + + return 0; +} diff --git a/library/cpp/tvmauth/src/rw/ut_large/test.py b/library/cpp/tvmauth/src/rw/ut_large/test.py new file mode 100644 index 0000000000..0cf95d9848 --- /dev/null +++ b/library/cpp/tvmauth/src/rw/ut_large/test.py @@ -0,0 +1,35 @@ +from __future__ import print_function + +import os +import subprocess +import sys + +import yatest.common as yc + + +def test_fuzzing(): + errfile = './errfile' + outfile = './outfile' + env = os.environ.copy() + + for number in range(25000): + with open(errfile, 'w') as fe: + with open(outfile, 'w') as fo: + p = subprocess.Popen( + [ + yc.build_path('library/cpp/tvmauth/src/rw/ut_large/gen/gen'), + ], + env=env, + stdout=fo, + stderr=fe, + ) + code = p.wait() + + with open(errfile) as fe: + all = fe.read() + if all != '': + with open(outfile) as fo: + print(fo.read(), file=sys.stderr) + assert all == '' + + assert code == 0 |